From bc4b9f699399884c1e546a6f7711b728e4a91406 Mon Sep 17 00:00:00 2001 From: Luke Hagar Date: Wed, 17 May 2023 08:47:20 -0500 Subject: [PATCH] Partial rewrite save, testing action --- .github/workflows/build.yaml | 75 + .npmrc | 1 + .vscode/settings.json | 1 + package.json | 13 +- pnpm-lock.yaml | 713 +- src/app.d.ts | 169 +- src/app.postcss | 4 + src/lib/BetaSpec.yaml | 161443 +++++++++++++++++ src/lib/Components/Clear.svelte | 28 + src/lib/Components/CurrentUser.svelte | 20 + src/lib/Components/HostingData.svelte | 25 + src/lib/Components/Resources.svelte | 54 + src/lib/Components/Search.svelte | 111 + src/lib/Components/StatusPage.svelte | 37 + src/lib/Components/Support.svelte | 26 + src/lib/Components/TenantData.svelte | 27 + src/lib/Components/TenantLinks.svelte | 50 + src/lib/Components/searchIcon.svelte | 17 + src/lib/V3Spec.yaml | 121060 +++++++++++++ src/lib/authentication.ts | 159 +- src/lib/settings.ts | 139 +- src/lib/utilities.ts | 1 + src/routes/+layout.svelte | 24 +- src/routes/+page.svelte | 41 +- src/routes/api-client/+page.svelte | 69 + src/routes/api-client/BetaSpec.json | 217521 +++++++++++++++++++++++ src/routes/api-client/CustomSpec.json | 12 + src/routes/api-client/V3Spec.json | 158903 +++++++++++++++++ src/routes/session/+page.svelte | 2 +- yq.exe | Bin 0 -> 9176576 bytes 30 files changed, 660593 insertions(+), 152 deletions(-) create mode 100644 .github/workflows/build.yaml create mode 100644 src/lib/BetaSpec.yaml create mode 100644 src/lib/Components/Clear.svelte create mode 100644 src/lib/Components/CurrentUser.svelte create mode 100644 src/lib/Components/HostingData.svelte create mode 100644 src/lib/Components/Resources.svelte create mode 100644 src/lib/Components/Search.svelte create mode 100644 src/lib/Components/StatusPage.svelte create mode 100644 src/lib/Components/Support.svelte create mode 100644 src/lib/Components/TenantData.svelte create mode 100644 src/lib/Components/TenantLinks.svelte create mode 100644 src/lib/Components/searchIcon.svelte create mode 100644 src/lib/V3Spec.yaml create mode 100644 src/lib/utilities.ts create mode 100644 src/routes/api-client/+page.svelte create mode 100644 src/routes/api-client/BetaSpec.json create mode 100644 src/routes/api-client/CustomSpec.json create mode 100644 src/routes/api-client/V3Spec.json create mode 100644 yq.exe diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..24331f4 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,75 @@ +name: Build and Upload Chrome Extension + +run-name: ${{ github.actor }} is Building and Uploading a new Anchor Version 🚀 +on: [push, workflow_dispatch] +jobs: + Build-And-Push: + runs-on: ubuntu-latest + steps: + # Checkout the main branch of this repo + - name: Checkout PR branch + uses: actions/checkout@v3 + with: + repository: lukehagar/anchor + path: anchor + ref: main + + # Checkout the main branch of api-specs + - name: Checkout API Specs Repo + uses: actions/checkout@v3 + with: + repository: sailpoint-oss/api-specs + path: api-specs + ref: main + + - name: Set up Node + uses: actions/setup-node@v3 + with: + node-version: '16' + + - name: Install swagger-cli + run: | + npm install -g swagger-cli + + - name: Dereference and Bundle Beta API Specification + id: buildBeta + run: | + swagger-cli bundle --dereference api-specs/idn/sailpoint-api.beta.yaml -t json -o anchor/src/routes/api-client/BetaSpec.json + + - name: Dereference and Bundle V3 API Specification + id: buildV3 + if: steps.buildBeta.outcome == 'success' + run: | + swagger-cli bundle --dereference api-specs/idn/sailpoint-api.v3.yaml -t json -o anchor/src/routes/api-client/V3Spec.json + + - name: Dereference and Bundle V2 API Specification + id: buildV2 + if: steps.buildV3.outcome == 'success' + run: | + swagger-cli bundle --dereference api-specs/idn/sailpoint-api.v2.yaml -t json -o anchor/src/routes/api-client/V2Spec.json + + - name: Dereference and Bundle CC API Specification + id: buildCC + if: steps.buildV2.outcome == 'success' + run: | + swagger-cli bundle --dereference api-specs/idn/sailpoint-api.cc.yaml -t json -o anchor/src/routes/api-client/CCSpec.json + + - name: Install Dependencies + id: installDeps + if: steps.buildCC.outcome == 'success' + run: | + cd anchor + pnpm install + + - name: Build Extension + id: buildExtension + if: steps.installDeps.outcome == 'success' + run: | + cd anchor + pnpm build + + - name: Archive chrome-extension artifact + uses: actions/upload-artifact@v2 + with: + name: anchor-${{ github.sha }} + path: anchor-${{ github.event.pull_request.head.sha }} diff --git a/.npmrc b/.npmrc index 0c05da4..dd6463c 100644 --- a/.npmrc +++ b/.npmrc @@ -1,2 +1,3 @@ engine-strict=true resolution-mode=highest +enable-pre-post-scripts=true \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json index dcfeb36..66ed506 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,7 @@ { "prettier.documentSelectors": ["**/*.svelte"], "tailwindCSS.classAttributes": [ + "classes", "class", "accent", "active", diff --git a/package.json b/package.json index e26006f..0610c8b 100644 --- a/package.json +++ b/package.json @@ -4,6 +4,7 @@ "private": true, "scripts": { "dev": "vite dev", + "prebuild": "curl https://raw.githubusercontent.com/sailpoint-oss/api-specs/main/dereferenced/deref-sailpoint-api.v3.yaml -o src/lib/V3Spec.yaml && curl https://raw.githubusercontent.com/sailpoint-oss/api-specs/main/dereferenced/deref-sailpoint-api.beta.yaml -o src/lib/BetaSpec.yaml && yq -o=json eval src/lib/V3Spec.yaml > src/routes/api-client/V3Spec.json && yq -o=json eval src/lib/BetaSpec.yaml > src/routes/api-client/BetaSpec.json", "build": "vite build", "preview": "vite preview", "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json", @@ -12,7 +13,9 @@ "format": "prettier --plugin-search-dir . --write ." }, "devDependencies": { - "@floating-ui/dom": "^1.2.7", + "@apidevtools/swagger-parser": "^10.1.0", + "@floating-ui/dom": "^1.2.8", + "@modyfi/vite-plugin-yaml": "^1.0.4", "@skeletonlabs/skeleton": "^1.5.1", "@sveltejs/adapter-auto": "^2.0.0", "@sveltejs/adapter-static": "^2.0.2", @@ -22,24 +25,28 @@ "@types/chrome": "^0.0.235", "@typescript-eslint/eslint-plugin": "^5.45.0", "@typescript-eslint/parser": "^5.45.0", + "algoliasearch": "^4.17.0", "autoprefixer": "^10.4.14", - "axios": "^1.4.0", "dayjs": "^1.11.7", "eslint": "^8.28.0", "eslint-config-prettier": "^8.5.0", "eslint-plugin-svelte": "^2.26.0", "highlight.js": "^11.8.0", + "openapi-types": "^12.1.0", "postcss": "^8.4.23", "prettier": "^2.8.0", "prettier-plugin-svelte": "^2.8.1", "sailpoint-api-client": "^1.0.4", "svelte": "^3.54.0", + "svelte-algolia-instantsearch": "^0.7.0", "svelte-check": "^3.0.1", + "svelte-jsoneditor": "^0.17.3", "sveltekit-adapter-chrome-extension": "^2.0.0", "tailwindcss": "^3.3.2", "tslib": "^2.4.1", "typescript": "^5.0.0", - "vite": "^4.3.0" + "vite": "^4.3.0", + "yaml": "^2.2.2" }, "type": "module" } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b574f74..4cdd81a 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1,9 +1,15 @@ lockfileVersion: '6.0' devDependencies: + '@apidevtools/swagger-parser': + specifier: ^10.1.0 + version: 10.1.0(openapi-types@12.1.0) '@floating-ui/dom': - specifier: ^1.2.7 + specifier: ^1.2.8 version: 1.2.8 + '@modyfi/vite-plugin-yaml': + specifier: ^1.0.4 + version: 1.0.4(vite@4.3.5) '@skeletonlabs/skeleton': specifier: ^1.5.1 version: 1.5.1 @@ -31,12 +37,12 @@ devDependencies: '@typescript-eslint/parser': specifier: ^5.45.0 version: 5.59.5(eslint@8.40.0)(typescript@5.0.4) + algoliasearch: + specifier: ^4.17.0 + version: 4.17.0 autoprefixer: specifier: ^10.4.14 version: 10.4.14(postcss@8.4.23) - axios: - specifier: ^1.4.0 - version: 1.4.0 dayjs: specifier: ^1.11.7 version: 1.11.7 @@ -52,6 +58,9 @@ devDependencies: highlight.js: specifier: ^11.8.0 version: 11.8.0 + openapi-types: + specifier: ^12.1.0 + version: 12.1.0 postcss: specifier: ^8.4.23 version: 8.4.23 @@ -67,9 +76,15 @@ devDependencies: svelte: specifier: ^3.54.0 version: 3.59.1 + svelte-algolia-instantsearch: + specifier: ^0.7.0 + version: 0.7.0(algoliasearch@4.17.0)(svelte@3.59.1) svelte-check: specifier: ^3.0.1 version: 3.3.2(postcss@8.4.23)(svelte@3.59.1) + svelte-jsoneditor: + specifier: ^0.17.3 + version: 0.17.3(@lezer/common@1.0.2) sveltekit-adapter-chrome-extension: specifier: ^2.0.0 version: 2.0.0(@sveltejs/adapter-static@2.0.2) @@ -85,14 +100,154 @@ devDependencies: vite: specifier: ^4.3.0 version: 4.3.5 + yaml: + specifier: ^2.2.2 + version: 2.2.2 packages: + /@algolia/cache-browser-local-storage@4.17.0: + resolution: {integrity: sha512-myRSRZDIMYB8uCkO+lb40YKiYHi0fjpWRtJpR/dgkaiBlSD0plRyB6lLOh1XIfmMcSeBOqDE7y9m8xZMrXYfyQ==} + dependencies: + '@algolia/cache-common': 4.17.0 + dev: true + + /@algolia/cache-common@4.17.0: + resolution: {integrity: sha512-g8mXzkrcUBIPZaulAuqE7xyHhLAYAcF2xSch7d9dABheybaU3U91LjBX6eJTEB7XVhEsgK4Smi27vWtAJRhIKQ==} + dev: true + + /@algolia/cache-in-memory@4.17.0: + resolution: {integrity: sha512-PT32ciC/xI8z919d0oknWVu3kMfTlhQn3MKxDln3pkn+yA7F7xrxSALysxquv+MhFfNAcrtQ/oVvQVBAQSHtdw==} + dependencies: + '@algolia/cache-common': 4.17.0 + dev: true + + /@algolia/client-account@4.17.0: + resolution: {integrity: sha512-sSEHx9GA6m7wrlsSMNBGfyzlIfDT2fkz2u7jqfCCd6JEEwmxt8emGmxAU/0qBfbhRSuGvzojoLJlr83BSZAKjA==} + dependencies: + '@algolia/client-common': 4.17.0 + '@algolia/client-search': 4.17.0 + '@algolia/transporter': 4.17.0 + dev: true + + /@algolia/client-analytics@4.17.0: + resolution: {integrity: sha512-84ooP8QA3mQ958hQ9wozk7hFUbAO+81CX1CjAuerxBqjKIInh1fOhXKTaku05O/GHBvcfExpPLIQuSuLYziBXQ==} + dependencies: + '@algolia/client-common': 4.17.0 + '@algolia/client-search': 4.17.0 + '@algolia/requester-common': 4.17.0 + '@algolia/transporter': 4.17.0 + dev: true + + /@algolia/client-common@4.17.0: + resolution: {integrity: sha512-jHMks0ZFicf8nRDn6ma8DNNsdwGgP/NKiAAL9z6rS7CymJ7L0+QqTJl3rYxRW7TmBhsUH40wqzmrG6aMIN/DrQ==} + dependencies: + '@algolia/requester-common': 4.17.0 + '@algolia/transporter': 4.17.0 + dev: true + + /@algolia/client-personalization@4.17.0: + resolution: {integrity: sha512-RMzN4dZLIta1YuwT7QC9o+OeGz2cU6eTOlGNE/6RcUBLOU3l9tkCOdln5dPE2jp8GZXPl2yk54b2nSs1+pAjqw==} + dependencies: + '@algolia/client-common': 4.17.0 + '@algolia/requester-common': 4.17.0 + '@algolia/transporter': 4.17.0 + dev: true + + /@algolia/client-search@4.17.0: + resolution: {integrity: sha512-x4P2wKrrRIXszT8gb7eWsMHNNHAJs0wE7/uqbufm4tZenAp+hwU/hq5KVsY50v+PfwM0LcDwwn/1DroujsTFoA==} + dependencies: + '@algolia/client-common': 4.17.0 + '@algolia/requester-common': 4.17.0 + '@algolia/transporter': 4.17.0 + dev: true + + /@algolia/events@4.0.1: + resolution: {integrity: sha512-FQzvOCgoFXAbf5Y6mYozw2aj5KCJoA3m4heImceldzPSMbdyS4atVjJzXKMsfX3wnZTFYwkkt8/z8UesLHlSBQ==} + dev: true + + /@algolia/logger-common@4.17.0: + resolution: {integrity: sha512-DGuoZqpTmIKJFDeyAJ7M8E/LOenIjWiOsg1XJ1OqAU/eofp49JfqXxbfgctlVZVmDABIyOz8LqEoJ6ZP4DTyvw==} + dev: true + + /@algolia/logger-console@4.17.0: + resolution: {integrity: sha512-zMPvugQV/gbXUvWBCzihw6m7oxIKp48w37QBIUu/XqQQfxhjoOE9xyfJr1KldUt5FrYOKZJVsJaEjTsu+bIgQg==} + dependencies: + '@algolia/logger-common': 4.17.0 + dev: true + + /@algolia/requester-browser-xhr@4.17.0: + resolution: {integrity: sha512-aSOX/smauyTkP21Pf52pJ1O2LmNFJ5iHRIzEeTh0mwBeADO4GdG94cAWDILFA9rNblq/nK3EDh3+UyHHjplZ1A==} + dependencies: + '@algolia/requester-common': 4.17.0 + dev: true + + /@algolia/requester-common@4.17.0: + resolution: {integrity: sha512-XJjmWFEUlHu0ijvcHBoixuXfEoiRUdyzQM6YwTuB8usJNIgShua8ouFlRWF8iCeag0vZZiUm4S2WCVBPkdxFgg==} + dev: true + + /@algolia/requester-node-http@4.17.0: + resolution: {integrity: sha512-bpb/wDA1aC6WxxM8v7TsFspB7yBN3nqCGs2H1OADolQR/hiAIjAxusbuMxVbRFOdaUvAIqioIIkWvZdpYNIn8w==} + dependencies: + '@algolia/requester-common': 4.17.0 + dev: true + + /@algolia/transporter@4.17.0: + resolution: {integrity: sha512-6xL6H6fe+Fi0AEP3ziSgC+G04RK37iRb4uUUqVAH9WPYFI8g+LYFq6iv5HS8Cbuc5TTut+Bwj6G+dh/asdb9uA==} + dependencies: + '@algolia/cache-common': 4.17.0 + '@algolia/logger-common': 4.17.0 + '@algolia/requester-common': 4.17.0 + dev: true + + /@algolia/ui-components-highlight-vdom@1.2.1: + resolution: {integrity: sha512-IlYgIaCUEkz9ezNbwugwKv991oOHhveyq6nzL0F1jDzg1p3q5Yj/vO4KpNG910r2dwGCG3nEm5GtChcLnarhFA==} + dependencies: + '@algolia/ui-components-shared': 1.2.1 + '@babel/runtime': 7.21.5 + dev: true + + /@algolia/ui-components-shared@1.2.1: + resolution: {integrity: sha512-a7mYHf/GVQfhAx/HRiMveKkFvHspQv/REdG+C/FIOosiSmNZxX7QebDwJkrGSmDWdXO12D0Qv1xn3AytFcEDlQ==} + dev: true + /@alloc/quick-lru@5.2.0: resolution: {integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==} engines: {node: '>=10'} dev: true + /@apidevtools/json-schema-ref-parser@9.0.6: + resolution: {integrity: sha512-M3YgsLjI0lZxvrpeGVk9Ap032W6TPQkH6pRAZz81Ac3WUNF79VQooAFnp8umjvVzUmD93NkogxEwbSce7qMsUg==} + dependencies: + '@jsdevtools/ono': 7.1.3 + call-me-maybe: 1.0.2 + js-yaml: 3.14.1 + dev: true + + /@apidevtools/openapi-schemas@2.1.0: + resolution: {integrity: sha512-Zc1AlqrJlX3SlpupFGpiLi2EbteyP7fXmUOGup6/DnkRgjP9bgMM/ag+n91rsv0U1Gpz0H3VILA/o3bW7Ua6BQ==} + engines: {node: '>=10'} + dev: true + + /@apidevtools/swagger-methods@3.0.2: + resolution: {integrity: sha512-QAkD5kK2b1WfjDS/UQn/qQkbwF31uqRjPTrsCs5ZG9BQGAkjwvqGFjjPqAuzac/IYzpPtRzjCP1WrTuAIjMrXg==} + dev: true + + /@apidevtools/swagger-parser@10.1.0(openapi-types@12.1.0): + resolution: {integrity: sha512-9Kt7EuS/7WbMAUv2gSziqjvxwDbFSg3Xeyfuj5laUODX8o/k/CpsAKiQ8W7/R88eXFTMbJYg6+7uAmOWNKmwnw==} + peerDependencies: + openapi-types: '>=7' + dependencies: + '@apidevtools/json-schema-ref-parser': 9.0.6 + '@apidevtools/openapi-schemas': 2.1.0 + '@apidevtools/swagger-methods': 3.0.2 + '@jsdevtools/ono': 7.1.3 + ajv: 8.12.0 + ajv-draft-04: 1.0.0(ajv@8.12.0) + call-me-maybe: 1.0.2 + openapi-types: 12.1.0 + dev: true + /@babel/runtime@7.21.5: resolution: {integrity: sha512-8jI69toZqqcsnqGGqwGS4Qb1VwLOEp4hz+CXPywcvjs60u3B4Pom/U/7rm4W8tMOYEB+E9wgD0mW1l3r8qlI9Q==} engines: {node: '>=6.9.0'} @@ -100,6 +255,75 @@ packages: regenerator-runtime: 0.13.11 dev: true + /@codemirror/autocomplete@6.7.1(@codemirror/language@6.6.0)(@codemirror/state@6.2.0)(@codemirror/view@6.11.2)(@lezer/common@1.0.2): + resolution: {integrity: sha512-hSxf9S0uB+GV+gBsjY1FZNo53e1FFdzPceRfCfD1gWOnV6o21GfB5J5Wg9G/4h76XZMPrF0A6OCK/Rz5+V1egg==} + peerDependencies: + '@codemirror/language': ^6.0.0 + '@codemirror/state': ^6.0.0 + '@codemirror/view': ^6.0.0 + '@lezer/common': ^1.0.0 + dependencies: + '@codemirror/language': 6.6.0 + '@codemirror/state': 6.2.0 + '@codemirror/view': 6.11.2 + '@lezer/common': 1.0.2 + dev: true + + /@codemirror/commands@6.2.4: + resolution: {integrity: sha512-42lmDqVH0ttfilLShReLXsDfASKLXzfyC36bzwcqzox9PlHulMcsUOfHXNo2X2aFMVNUoQ7j+d4q5bnfseYoOA==} + dependencies: + '@codemirror/language': 6.6.0 + '@codemirror/state': 6.2.0 + '@codemirror/view': 6.11.2 + '@lezer/common': 1.0.2 + dev: true + + /@codemirror/lang-json@6.0.1: + resolution: {integrity: sha512-+T1flHdgpqDDlJZ2Lkil/rLiRy684WMLc74xUnjJH48GQdfJo/pudlTRreZmKwzP8/tGdKf83wlbAdOCzlJOGQ==} + dependencies: + '@codemirror/language': 6.6.0 + '@lezer/json': 1.0.0 + dev: true + + /@codemirror/language@6.6.0: + resolution: {integrity: sha512-cwUd6lzt3MfNYOobdjf14ZkLbJcnv4WtndYaoBkbor/vF+rCNguMPK0IRtvZJG4dsWiaWPcK8x1VijhvSxnstg==} + dependencies: + '@codemirror/state': 6.2.0 + '@codemirror/view': 6.11.2 + '@lezer/common': 1.0.2 + '@lezer/highlight': 1.1.4 + '@lezer/lr': 1.3.4 + style-mod: 4.0.3 + dev: true + + /@codemirror/lint@6.2.1: + resolution: {integrity: sha512-y1muai5U/uUPAGRyHMx9mHuHLypPcHWxzlZGknp/U5Mdb5Ol8Q5ZLp67UqyTbNFJJ3unVxZ8iX3g1fMN79S1JQ==} + dependencies: + '@codemirror/state': 6.2.0 + '@codemirror/view': 6.11.2 + crelt: 1.0.5 + dev: true + + /@codemirror/search@6.4.0: + resolution: {integrity: sha512-zMDgaBXah+nMLK2dHz9GdCnGbQu+oaGRXS1qviqNZkvOCv/whp5XZFyoikLp/23PM9RBcbuKUUISUmQHM1eRHw==} + dependencies: + '@codemirror/state': 6.2.0 + '@codemirror/view': 6.11.2 + crelt: 1.0.5 + dev: true + + /@codemirror/state@6.2.0: + resolution: {integrity: sha512-69QXtcrsc3RYtOtd+GsvczJ319udtBf1PTrr2KbLWM/e2CXUPnh0Nz9AUo8WfhSQ7GeL8dPVNUmhQVgpmuaNGA==} + dev: true + + /@codemirror/view@6.11.2: + resolution: {integrity: sha512-AzxJ9Aub6ubBvoPBGvjcd4zITqcBBiLpJ89z0ZjnphOHncbvUvQcb9/WMVGpuwTT95+jW4knkH6gFIy0oLdaUQ==} + dependencies: + '@codemirror/state': 6.2.0 + style-mod: 4.0.3 + w3c-keyname: 2.2.6 + dev: true + /@esbuild/android-arm64@0.17.19: resolution: {integrity: sha512-KBMWvEZooR7+kzY0BtbTQn0OAYY7CsiydT63pVEaPtVYF0hXbUaOyZog37DKxK7NF3XacBJOpYT4adIJh+avxA==} engines: {node: '>=12'} @@ -345,6 +569,32 @@ packages: '@floating-ui/core': 1.2.6 dev: true + /@fontsource/fira-mono@4.5.10: + resolution: {integrity: sha512-bxUnRP8xptGRo8YXeY073DSpfK74XpSb0ZyRNpHV9WvLnJ7TwPOjZll8hTMin7zLC6iOp59pDZ8EQDj1gzgAQQ==} + dev: true + + /@fortawesome/fontawesome-common-types@6.4.0: + resolution: {integrity: sha512-HNii132xfomg5QVZw0HwXXpN22s7VBHQBv9CeOu9tfJnhsWQNd2lmTNi8CSrnw5B+5YOmzu1UoPAyxaXsJ6RgQ==} + engines: {node: '>=6'} + requiresBuild: true + dev: true + + /@fortawesome/free-regular-svg-icons@6.4.0: + resolution: {integrity: sha512-ZfycI7D0KWPZtf7wtMFnQxs8qjBXArRzczABuMQqecA/nXohquJ5J/RCR77PmY5qGWkxAZDxpnUFVXKwtY/jPw==} + engines: {node: '>=6'} + requiresBuild: true + dependencies: + '@fortawesome/fontawesome-common-types': 6.4.0 + dev: true + + /@fortawesome/free-solid-svg-icons@6.4.0: + resolution: {integrity: sha512-kutPeRGWm8V5dltFP1zGjQOEAzaLZj4StdQhWVZnfGFCvAPVvHh8qk5bRrU4KXnRRRNni5tKQI9PBAdI6MP8nQ==} + engines: {node: '>=6'} + requiresBuild: true + dependencies: + '@fortawesome/fontawesome-common-types': 6.4.0 + dev: true + /@humanwhocodes/config-array@0.11.8: resolution: {integrity: sha512-UybHIJzJnR5Qc/MsD9Kr+RpO2h+/P1GhOwdiLPXK5TWk5sgTdu88bTD9UP+CKbPPh5Rni1u0GjAdYQLemG8g+g==} engines: {node: '>=10.10.0'} @@ -399,6 +649,46 @@ packages: '@jridgewell/sourcemap-codec': 1.4.14 dev: true + /@jsdevtools/ono@7.1.3: + resolution: {integrity: sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==} + dev: true + + /@lezer/common@1.0.2: + resolution: {integrity: sha512-SVgiGtMnMnW3ActR8SXgsDhw7a0w0ChHSYAyAUxxrOiJ1OqYWEKk/xJd84tTSPo1mo6DXLObAJALNnd0Hrv7Ng==} + dev: true + + /@lezer/highlight@1.1.4: + resolution: {integrity: sha512-IECkFmw2l7sFcYXrV8iT9GeY4W0fU4CxX0WMwhmhMIVjoDdD1Hr6q3G2NqVtLg/yVe5n7i4menG3tJ2r4eCrPQ==} + dependencies: + '@lezer/common': 1.0.2 + dev: true + + /@lezer/json@1.0.0: + resolution: {integrity: sha512-zbAuUY09RBzCoCA3lJ1+ypKw5WSNvLqGMtasdW6HvVOqZoCpPr8eWrsGnOVWGKGn8Rh21FnrKRVlJXrGAVUqRw==} + dependencies: + '@lezer/highlight': 1.1.4 + '@lezer/lr': 1.3.4 + dev: true + + /@lezer/lr@1.3.4: + resolution: {integrity: sha512-7o+e4og/QoC/6btozDPJqnzBhUaD1fMfmvnEKQO1wRRiTse1WxaJ3OMEXZJnkgT6HCcTVOctSoXK9jGJw2oe9g==} + dependencies: + '@lezer/common': 1.0.2 + dev: true + + /@modyfi/vite-plugin-yaml@1.0.4(vite@4.3.5): + resolution: {integrity: sha512-qkT0KiR3AQQRfUvDzLv4+1rYAzXj+QmGhAbyUd0Ordf9xynK76i758lk5GiEfxuQxbvdqDaJ9oXkH/KacbSjQQ==} + peerDependencies: + vite: ^2.6.0 || ^3.0.0 || ^4.0.0 + dependencies: + '@rollup/pluginutils': 5.0.2 + js-yaml: 4.1.0 + tosource: 2.0.0-alpha.3 + vite: 4.3.5 + transitivePeerDependencies: + - rollup + dev: true + /@nodelib/fs.scandir@2.1.5: resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==} engines: {node: '>= 8'} @@ -424,6 +714,32 @@ packages: resolution: {integrity: sha512-a5Sab1C4/icpTZVzZc5Ghpz88yQtGOyNqYXcZgOssB2uuAr+wF/MvN6bgtW32q7HHrvBki+BsZ0OuNv6EV3K9g==} dev: true + /@replit/codemirror-indentation-markers@6.4.2(@codemirror/language@6.6.0)(@codemirror/state@6.2.0)(@codemirror/view@6.11.2): + resolution: {integrity: sha512-AoTzTGLkSg+B/6pKRYUa0gFoV8JjSC4AvnCzYlT/ueXwDU+cYbFeRCJtitNijwAbFgEsaFOlO9+WonZvwxfL2w==} + peerDependencies: + '@codemirror/language': ^6.0.0 + '@codemirror/state': ^6.0.0 + '@codemirror/view': ^6.0.0 + dependencies: + '@codemirror/language': 6.6.0 + '@codemirror/state': 6.2.0 + '@codemirror/view': 6.11.2 + dev: true + + /@rollup/pluginutils@5.0.2: + resolution: {integrity: sha512-pTd9rIsP92h+B6wWwFbW8RkZv4hiR/xKsqre4SIuAOaOEQRxi0lqLke9k2/7WegC85GgUs9pjmOjCUi3In4vwA==} + engines: {node: '>=14.0.0'} + peerDependencies: + rollup: ^1.20.0||^2.0.0||^3.0.0 + peerDependenciesMeta: + rollup: + optional: true + dependencies: + '@types/estree': 1.0.1 + estree-walker: 2.0.2 + picomatch: 2.3.1 + dev: true + /@skeletonlabs/skeleton@1.5.1: resolution: {integrity: sha512-b5D6vyUgE69XRbe9D3ImqJZHIRzEKwIa4HQik6LckjzgrfgUmTSeZXRdZeCuEVNI+6hdDcgTx4Brg9/8phcEeg==} dependencies: @@ -431,6 +747,10 @@ packages: svelte: 3.59.1 dev: true + /@sphinxxxx/color-conversion@2.2.2: + resolution: {integrity: sha512-XExJS3cLqgrmNBIP3bBw6+1oQ1ksGjFh0+oClDKFYpCCqx/hlqwWO5KO/S63fzUo67SxI9dMrF0y5T/Ey7h8Zw==} + dev: true + /@sveltejs/adapter-auto@2.0.1(@sveltejs/kit@1.16.3): resolution: {integrity: sha512-anxxYMcQy7HWSKxN4YNaVcgNzCHtNFwygq72EA1Xv7c+5gSECOJ1ez1PYoLciPiFa7A3XBvMDQXUFJ2eqLDtAA==} peerDependencies: @@ -527,6 +847,14 @@ packages: resolution: {integrity: sha512-COUnqfB2+ckwXXSFInsFdOAWQzCCx+a5hq2ruyj+Vjund94RJQd4LG2u9hnvJrTgunKAaax7ancBYlDrNYxA0g==} dev: true + /@types/dom-speech-recognition@0.0.1: + resolution: {integrity: sha512-udCxb8DvjcDKfk1WTBzDsxFbLgYxmQGKrE/ricoMqHRNjSlSUCcamVTA5lIQqzY10mY5qCY0QDwBfFEwhfoDPw==} + dev: true + + /@types/estree@1.0.1: + resolution: {integrity: sha512-LG4opVs2ANWZ1TJoKc937iMmNstM/d0ae1vNbnBvBhqCSezgVUOzcLCqbI5elV8Vy6WKwKjaqR+zO9VKirBBCA==} + dev: true + /@types/filesystem@0.0.32: resolution: {integrity: sha512-Yuf4jR5YYMR2DVgwuCiP11s0xuVRyPKmz8vo6HBY3CGdeMj8af93CFZX+T82+VD1+UqHOxTq31lO7MI7lepBtQ==} dependencies: @@ -537,10 +865,18 @@ packages: resolution: {integrity: sha512-BsPXH/irW0ht0Ji6iw/jJaK8Lj3FJemon2gvEqHKpCdDCeemHa+rI3WBGq5z7cDMZgoLjY40oninGxqk+8NzNQ==} dev: true + /@types/google.maps@3.53.1: + resolution: {integrity: sha512-+7JVpq+kFzTU3TweSz6huYuFedZ4s60WeABaXYU6rDZczdpfoQ5DuZNCDc/eAAcdFJpxMMDpzf3d9YTMNodBFg==} + dev: true + /@types/har-format@1.2.10: resolution: {integrity: sha512-o0J30wqycjF5miWDKYKKzzOU1ZTLuA42HZ4HE7/zqTOc/jTLdQ5NhYWvsRQo45Nfi1KHoRdNhteSI4BAxTF1Pg==} dev: true + /@types/hogan.js@3.0.1: + resolution: {integrity: sha512-D03i/2OY7kGyMq9wdQ7oD8roE49z/ZCZThe/nbahtvuqCNZY9T2MfedOWyeBdbEpY2W8Gnh/dyJLdFtUCOkYbg==} + dev: true + /@types/json-schema@7.0.11: resolution: {integrity: sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ==} dev: true @@ -549,6 +885,10 @@ packages: resolution: {integrity: sha512-SnHmG9wN1UVmagJOnyo/qkk0Z7gejYxOYYmaAwr5u2yFYfsupN3sg10kyzN8Hep/2zbHxCnsumxOoRIRMBwKCg==} dev: true + /@types/qs@6.9.7: + resolution: {integrity: sha512-FGa1F62FT09qcrueBA6qYTrJPVDzah9a+493+o2PCXsesWHIn27G98TsSMs3WPNbZIEj4+VJf6saSFpvD+3Zsw==} + dev: true + /@types/semver@7.5.0: resolution: {integrity: sha512-G8hZ6XJiHnuhQKR7ZmysCeJWE08o8T0AXtk5darsCaTVsYZhhgUrq53jizaR2FvsoeCwJhlmwTjkXBY5Pn/ZHw==} dev: true @@ -683,6 +1023,10 @@ packages: eslint-visitor-keys: 3.4.1 dev: true + /abbrev@1.1.1: + resolution: {integrity: sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==} + dev: true + /acorn-jsx@5.3.2(acorn@8.8.2): resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==} peerDependencies: @@ -697,6 +1041,17 @@ packages: hasBin: true dev: true + /ajv-draft-04@1.0.0(ajv@8.12.0): + resolution: {integrity: sha512-mv00Te6nmYbRp5DCwclxtt7yV/joXJPGS7nM+97GdxvuttCOfgI3K4U25zboyeX0O+myI8ERluxQe5wljMmVIw==} + peerDependencies: + ajv: ^8.5.0 + peerDependenciesMeta: + ajv: + optional: true + dependencies: + ajv: 8.12.0 + dev: true + /ajv@6.12.6: resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==} dependencies: @@ -706,6 +1061,43 @@ packages: uri-js: 4.4.1 dev: true + /ajv@8.12.0: + resolution: {integrity: sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==} + dependencies: + fast-deep-equal: 3.1.3 + json-schema-traverse: 1.0.0 + require-from-string: 2.0.2 + uri-js: 4.4.1 + dev: true + + /algoliasearch-helper@3.13.0(algoliasearch@4.17.0): + resolution: {integrity: sha512-kV3c1jMQCvkARtGsSDvAwuht4PAMSsQILqPiH4WFiARoa3jXJ/r1TQoBWAjWyWF48rsNYCv7kzxgB4LTxrvvuw==} + peerDependencies: + algoliasearch: '>= 3.1 < 6' + dependencies: + '@algolia/events': 4.0.1 + algoliasearch: 4.17.0 + dev: true + + /algoliasearch@4.17.0: + resolution: {integrity: sha512-JMRh2Mw6sEnVMiz6+APsi7lx9a2jiDFF+WUtANaUVCv6uSU9UOLdo5h9K3pdP6frRRybaM2fX8b1u0nqICS9aA==} + dependencies: + '@algolia/cache-browser-local-storage': 4.17.0 + '@algolia/cache-common': 4.17.0 + '@algolia/cache-in-memory': 4.17.0 + '@algolia/client-account': 4.17.0 + '@algolia/client-analytics': 4.17.0 + '@algolia/client-common': 4.17.0 + '@algolia/client-personalization': 4.17.0 + '@algolia/client-search': 4.17.0 + '@algolia/logger-common': 4.17.0 + '@algolia/logger-console': 4.17.0 + '@algolia/requester-browser-xhr': 4.17.0 + '@algolia/requester-common': 4.17.0 + '@algolia/requester-node-http': 4.17.0 + '@algolia/transporter': 4.17.0 + dev: true + /ansi-regex@5.0.1: resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==} engines: {node: '>=8'} @@ -734,6 +1126,12 @@ packages: resolution: {integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==} dev: true + /argparse@1.0.10: + resolution: {integrity: sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==} + dependencies: + sprintf-js: 1.0.3 + dev: true + /argparse@2.0.1: resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==} dev: true @@ -743,10 +1141,6 @@ packages: engines: {node: '>=8'} dev: true - /asynckit@0.4.0: - resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==} - dev: true - /autoprefixer@10.4.14(postcss@8.4.23): resolution: {integrity: sha512-FQzyfOsTlwVzjHxKEqRIAdJx9niO6VCBCoEwax/VLSoQF29ggECcPuBqUMZ+u8jCZOPSy8b8/8KnuFbp0SaFZQ==} engines: {node: ^10 || ^12 || >=14} @@ -778,16 +1172,6 @@ packages: - debug dev: true - /axios@1.4.0: - resolution: {integrity: sha512-S4XCWMEmzvo64T9GfvQDOXgYRDJ/wsSZc7Jvdgx5u1sd0JwsuPLqb3SYmusag+edF6ziyMensPVqLTSc1PiSEA==} - dependencies: - follow-redirects: 1.15.2 - form-data: 4.0.0 - proxy-from-env: 1.1.0 - transitivePeerDependencies: - - debug - dev: true - /balanced-match@1.0.2: resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} dev: true @@ -837,6 +1221,10 @@ packages: streamsearch: 1.1.0 dev: true + /call-me-maybe@1.0.2: + resolution: {integrity: sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ==} + dev: true + /callsites@3.1.0: resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==} engines: {node: '>=6'} @@ -898,6 +1286,20 @@ packages: fsevents: 2.3.2 dev: true + /codemirror@6.0.1(@lezer/common@1.0.2): + resolution: {integrity: sha512-J8j+nZ+CdWmIeFIGXEFbFPtpiYacFMDR8GlHK3IyHQJMCaVRfGx9NT+Hxivv1ckLWPvNdZqndbr/7lVhrf/Svg==} + dependencies: + '@codemirror/autocomplete': 6.7.1(@codemirror/language@6.6.0)(@codemirror/state@6.2.0)(@codemirror/view@6.11.2)(@lezer/common@1.0.2) + '@codemirror/commands': 6.2.4 + '@codemirror/language': 6.6.0 + '@codemirror/lint': 6.2.1 + '@codemirror/search': 6.4.0 + '@codemirror/state': 6.2.0 + '@codemirror/view': 6.11.2 + transitivePeerDependencies: + - '@lezer/common' + dev: true + /color-convert@2.0.1: resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==} engines: {node: '>=7.0.0'} @@ -909,13 +1311,6 @@ packages: resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==} dev: true - /combined-stream@1.0.8: - resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==} - engines: {node: '>= 0.8'} - dependencies: - delayed-stream: 1.0.0 - dev: true - /commander@4.1.1: resolution: {integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==} engines: {node: '>= 6'} @@ -930,6 +1325,10 @@ packages: engines: {node: '>= 0.6'} dev: true + /crelt@1.0.5: + resolution: {integrity: sha512-+BO9wPPi+DWTDcNYhr/W90myha8ptzftZT+LwcmUbbok0rcP/fequmFYCw8NMoH7pkAZQzU78b3kYrlua5a9eA==} + dev: true + /cross-spawn@7.0.3: resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==} engines: {node: '>= 8'} @@ -985,11 +1384,6 @@ packages: engines: {node: '>=0.10.0'} dev: true - /delayed-stream@1.0.0: - resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==} - engines: {node: '>=0.4.0'} - dev: true - /detect-indent@6.1.0: resolution: {integrity: sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==} engines: {node: '>=8'} @@ -1003,6 +1397,11 @@ packages: resolution: {integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==} dev: true + /diff-sequences@29.4.3: + resolution: {integrity: sha512-ofrBgwpPhCD85kMKtE9RYFFq6OC1A89oW2vvgWZNCwxrUpRUILopY7lsYyMDSjc8g6U6aiO0Qubg6r4Wgt5ZnA==} + engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} + dev: true + /dir-glob@3.0.1: resolution: {integrity: sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==} engines: {node: '>=8'} @@ -1219,6 +1618,12 @@ packages: eslint-visitor-keys: 3.4.1 dev: true + /esprima@4.0.1: + resolution: {integrity: sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==} + engines: {node: '>=4'} + hasBin: true + dev: true + /esquery@1.5.0: resolution: {integrity: sha512-YQLXUplAwJgCydQ78IMJywZCceoqk1oH01OERdSAJc/7U2AylwjhSCLDEtqwg811idIS/9fIU5GjG73IgjKMVg==} engines: {node: '>=0.10'} @@ -1243,6 +1648,10 @@ packages: engines: {node: '>=4.0'} dev: true + /estree-walker@2.0.2: + resolution: {integrity: sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==} + dev: true + /esutils@2.0.3: resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==} engines: {node: '>=0.10.0'} @@ -1321,15 +1730,6 @@ packages: optional: true dev: true - /form-data@4.0.0: - resolution: {integrity: sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==} - engines: {node: '>= 6'} - dependencies: - asynckit: 0.4.0 - combined-stream: 1.0.8 - mime-types: 2.1.35 - dev: true - /fraction.js@4.2.0: resolution: {integrity: sha512-MhLuK+2gUcnZe8ZHlaaINnQLl0xRIGRfcGk2yl8xoQAfHrSsL3rYu6FCmBdkdbhc9EPlwyGHewaRsvwRMJtAlA==} dev: true @@ -1438,6 +1838,18 @@ packages: engines: {node: '>=12.0.0'} dev: true + /hogan.js@3.0.2: + resolution: {integrity: sha512-RqGs4wavGYJWE07t35JQccByczmNUXQT0E12ZYV1VKYu5UiAU9lsos/yBAcf840+zrUQQxgVduCR5/B8nNtibg==} + hasBin: true + dependencies: + mkdirp: 0.3.0 + nopt: 1.0.10 + dev: true + + /htm@3.1.1: + resolution: {integrity: sha512-983Vyg8NwUE7JkZ6NmOqpCZ+sh1bKv2iYTlUkzlWmA5JD2acKoxd4KVxbMmxX/85mtfdnDmTFoNKcg5DGAvxNQ==} + dev: true + /htmlparser2@8.0.2: resolution: {integrity: sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==} dependencies: @@ -1452,6 +1864,14 @@ packages: engines: {node: '>= 4'} dev: true + /immutable-json-patch@5.1.2: + resolution: {integrity: sha512-t2Y6T/6JcaCQlcgVglDmN2jDuXPuHfWq/oEIGae5YRXxPq4AEMoDIdkBsuGJT1wGrQDyqWulDMdPfZyz62cvew==} + dev: true + + /immutable@4.3.0: + resolution: {integrity: sha512-0AOCmOip+xgJwEVTQj1EfiDDOkPmuyllDuTuEX+DDXUgapLAsBIfkg3sxCYyCEA8mQqZrrxPUGjcOQ2JS3WLkg==} + dev: true + /import-fresh@3.3.0: resolution: {integrity: sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==} engines: {node: '>=6'} @@ -1480,6 +1900,27 @@ packages: resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} dev: true + /instantsearch.js@4.55.0(algoliasearch@4.17.0): + resolution: {integrity: sha512-jsxhPRgzL4C4cRjhkLm/AE9BO83o7bkL8GSHncSXu1sICBhy/6xxkv0x/bXI5PxYHhb9/PsEz5jblYn1lRwOLw==} + peerDependencies: + algoliasearch: '>= 3.1 < 6' + dependencies: + '@algolia/events': 4.0.1 + '@algolia/ui-components-highlight-vdom': 1.2.1 + '@algolia/ui-components-shared': 1.2.1 + '@types/dom-speech-recognition': 0.0.1 + '@types/google.maps': 3.53.1 + '@types/hogan.js': 3.0.1 + '@types/qs': 6.9.7 + algoliasearch: 4.17.0 + algoliasearch-helper: 3.13.0(algoliasearch@4.17.0) + hogan.js: 3.0.2 + htm: 3.1.1 + preact: 10.14.0 + qs: 6.9.7 + search-insights: 2.6.0 + dev: true + /is-binary-path@2.1.0: resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==} engines: {node: '>=8'} @@ -1529,10 +1970,23 @@ packages: hasBin: true dev: true + /jmespath@0.16.0: + resolution: {integrity: sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==} + engines: {node: '>= 0.6.0'} + dev: true + /js-sdsl@4.4.0: resolution: {integrity: sha512-FfVSdx6pJ41Oa+CF7RDaFmTnCaFhua+SNYQX74riGOpl96x+2jQCqEfQ2bnXu/5DPCqlRuiqyvTJM0Qjz26IVg==} dev: true + /js-yaml@3.14.1: + resolution: {integrity: sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==} + hasBin: true + dependencies: + argparse: 1.0.10 + esprima: 4.0.1 + dev: true + /js-yaml@4.1.0: resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==} hasBin: true @@ -1544,10 +1998,23 @@ packages: resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==} dev: true + /json-schema-traverse@1.0.0: + resolution: {integrity: sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==} + dev: true + + /json-source-map@0.6.1: + resolution: {integrity: sha512-1QoztHPsMQqhDq0hlXY5ZqcEdUzxQEIxgFkKl4WUp2pgShObl+9ovi4kRh2TfvAfxAoHOJ9vIMEqk3k4iex7tg==} + dev: true + /json-stable-stringify-without-jsonify@1.0.1: resolution: {integrity: sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==} dev: true + /jsonrepair@3.1.0: + resolution: {integrity: sha512-idqReg23J0PVRAADmZMc5xQM3xeOX5bTB6OTyMnzq33IXJXmn9iJuWIEvGmrN80rQf4d7uLTMEDwpzujNcI0Rg==} + hasBin: true + dev: true + /kleur@4.1.5: resolution: {integrity: sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==} engines: {node: '>=6'} @@ -1581,6 +2048,10 @@ packages: p-locate: 5.0.0 dev: true + /lodash-es@4.17.21: + resolution: {integrity: sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==} + dev: true + /lodash.castarray@4.4.0: resolution: {integrity: sha512-aVx8ztPv7/2ULbArGJ2Y42bG1mEQ5mGjpdvrbJcJFU3TbYybe+QlLS4pst9zV52ymy2in1KpFPiZnAOATxD4+Q==} dev: true @@ -1614,6 +2085,10 @@ packages: '@jridgewell/sourcemap-codec': 1.4.15 dev: true + /memoize-one@6.0.0: + resolution: {integrity: sha512-rkpe71W0N0c0Xz6QD0eJETuWAJGnJ9afsl1srmwPrI+yBCkge5EycXXbYRyvL29zZVUWQCY7InPRCv3GDXuZNw==} + dev: true + /merge2@1.4.1: resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==} engines: {node: '>= 8'} @@ -1627,18 +2102,6 @@ packages: picomatch: 2.3.1 dev: true - /mime-db@1.52.0: - resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==} - engines: {node: '>= 0.6'} - dev: true - - /mime-types@2.1.35: - resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==} - engines: {node: '>= 0.6'} - dependencies: - mime-db: 1.52.0 - dev: true - /mime@3.0.0: resolution: {integrity: sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==} engines: {node: '>=10.0.0'} @@ -1665,6 +2128,11 @@ packages: resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} dev: true + /mkdirp@0.3.0: + resolution: {integrity: sha512-OHsdUcVAQ6pOtg5JYWpCBo9W/GySVuwvP9hueRMW7UqshC0tbfzLv8wjySTPm3tfUZ/21CE9E1pJagOA91Pxew==} + deprecated: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) + dev: true + /mkdirp@0.5.6: resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} hasBin: true @@ -1712,6 +2180,13 @@ packages: resolution: {integrity: sha512-5GFldHPXVG/YZmFzJvKK2zDSzPKhEp0+ZR5SVaoSag9fsL5YgHbUHDfnG5494ISANDcK4KwPXAx2xqVEydmd7w==} dev: true + /nopt@1.0.10: + resolution: {integrity: sha512-NWmpvLSqUrgrAC9HCuxEvb+PSloHpqVu+FqcO4eeF2h5qYRhA7ev6KvelyQAKtegUbC6RypJnlEOhd8vloNKYg==} + hasBin: true + dependencies: + abbrev: 1.1.1 + dev: true + /normalize-path@3.0.0: resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==} engines: {node: '>=0.10.0'} @@ -1744,6 +2219,10 @@ packages: wrappy: 1.0.2 dev: true + /openapi-types@12.1.0: + resolution: {integrity: sha512-XpeCy01X6L5EpP+6Hc3jWN7rMZJ+/k1lwki/kTmWzbVhdPie3jd5O2ZtedEx8Yp58icJ0osVldLMrTB/zslQXA==} + dev: true + /optionator@0.9.1: resolution: {integrity: sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==} engines: {node: '>= 0.8.0'} @@ -1937,6 +2416,10 @@ packages: source-map-js: 1.0.2 dev: true + /preact@10.14.0: + resolution: {integrity: sha512-4oh2sf208mKAdL5AQtzXxE387iSGNWMX/YjwMjH6m/XROILKAmx5Pbs2FsXrW7ixoVGGjpfYSBB833vOwYxNxw==} + dev: true + /prelude-ls@1.2.1: resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==} engines: {node: '>= 0.8.0'} @@ -1958,15 +2441,16 @@ packages: hasBin: true dev: true - /proxy-from-env@1.1.0: - resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==} - dev: true - /punycode@2.3.0: resolution: {integrity: sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==} engines: {node: '>=6'} dev: true + /qs@6.9.7: + resolution: {integrity: sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==} + engines: {node: '>=0.6'} + dev: true + /queue-microtask@1.2.3: resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==} dev: true @@ -1988,6 +2472,11 @@ packages: resolution: {integrity: sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg==} dev: true + /require-from-string@2.0.2: + resolution: {integrity: sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==} + engines: {node: '>=0.10.0'} + dev: true + /resolve-from@4.0.0: resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==} engines: {node: '>=4'} @@ -2061,6 +2550,21 @@ packages: rimraf: 2.7.1 dev: true + /sass@1.62.1: + resolution: {integrity: sha512-NHpxIzN29MXvWiuswfc1W3I0N8SXBd8UR26WntmDlRYf0bSADnwnOjsyMZ3lMezSlArD33Vs3YFhp7dWvL770A==} + engines: {node: '>=14.0.0'} + hasBin: true + dependencies: + chokidar: 3.5.3 + immutable: 4.3.0 + source-map-js: 1.0.2 + dev: true + + /search-insights@2.6.0: + resolution: {integrity: sha512-vU2/fJ+h/Mkm/DJOe+EaM5cafJv/1rRTZpGJTuFPf/Q5LjzgMDsqPdSaZsAe+GAWHHsfsu+rQSAn6c8IGtBEVw==} + engines: {node: '>=8.16.0'} + dev: true + /semver@7.5.1: resolution: {integrity: sha512-Wvss5ivl8TMRZXXESstBA4uR5iXgEN/VC5/sOcuXdVLzcdkz4HWetIoRfG5gb5X+ij/G9rw9YoGn3QoQ8OCSpw==} engines: {node: '>=10'} @@ -2114,6 +2618,10 @@ packages: engines: {node: '>=0.10.0'} dev: true + /sprintf-js@1.0.3: + resolution: {integrity: sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==} + dev: true + /streamsearch@1.1.0: resolution: {integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==} engines: {node: '>=10.0.0'} @@ -2138,6 +2646,10 @@ packages: engines: {node: '>=8'} dev: true + /style-mod@4.0.3: + resolution: {integrity: sha512-78Jv8kYJdjbvRwwijtCevYADfsI0lGzYJe4mMFdceO8l75DFFDoqBhR1jVDicDRRaX4//g1u9wKeo+ztc2h1Rw==} + dev: true + /sucrase@3.32.0: resolution: {integrity: sha512-ydQOU34rpSyj2TGyz4D2p8rbktIOZ8QY9s+DGLvFU1i5pWJE8vkpruCjGCMHsdXwnD7JDcS+noSwM/a7zyNFDQ==} engines: {node: '>=8'} @@ -2164,6 +2676,26 @@ packages: engines: {node: '>= 0.4'} dev: true + /svelte-algolia-instantsearch@0.7.0(algoliasearch@4.17.0)(svelte@3.59.1): + resolution: {integrity: sha512-9yLPajLzK0k9tBEJc+BJc/srKI+0PU9wCW09Earslg4sQvbpDssH6nluyX0BYO0THqYtgyjDJ2kua6TVnOUguw==} + peerDependencies: + algoliasearch: '>= 3.1 < 5' + svelte: '>= 3' + dependencies: + algoliasearch: 4.17.0 + algoliasearch-helper: 3.13.0(algoliasearch@4.17.0) + instantsearch.js: 4.55.0(algoliasearch@4.17.0) + svelte: 3.59.1 + dev: true + + /svelte-awesome@3.2.0(svelte@3.59.1): + resolution: {integrity: sha512-A9gqgRDs/6EjUgMHIBHz88vJIiY4fVI7e2X9uu43O7J2EYqdVVSnHHH49TxMnNinbq6K9Z/1kMD9LCZhX7ysUQ==} + peerDependencies: + svelte: ^3.43.1 + dependencies: + svelte: 3.59.1 + dev: true + /svelte-check@3.3.2(postcss@8.4.23)(svelte@3.59.1): resolution: {integrity: sha512-67j3rI0LDc2DvL0ON/2pvCasVVD3nHDrTkZNr4eITNfo2oFXdw7SIyMOiFj4swu+pjmFQAigytBK1IWyik8dBw==} hasBin: true @@ -2206,6 +2738,13 @@ packages: svelte: 3.59.1 dev: true + /svelte-floating-ui@1.2.8: + resolution: {integrity: sha512-8Ifi5CD2Ui7FX7NjJRmutFtXjrB8T/FMNoS2H8P81t5LHK4I9G4NIs007rLWG/nRl7y+zJUXa3tWuTjYXw/O5A==} + dependencies: + '@floating-ui/core': 1.2.6 + '@floating-ui/dom': 1.2.8 + dev: true + /svelte-hmr@0.15.1(svelte@3.59.1): resolution: {integrity: sha512-BiKB4RZ8YSwRKCNVdNxK/GfY+r4Kjgp9jCLEy0DuqAKfmQtpL38cQK3afdpjw4sqSs4PLi3jIPJIFp259NkZtA==} engines: {node: ^12.20 || ^14.13.1 || >= 16} @@ -2215,6 +2754,40 @@ packages: svelte: 3.59.1 dev: true + /svelte-jsoneditor@0.17.3(@lezer/common@1.0.2): + resolution: {integrity: sha512-vXwQ0g11P4yMf75gqa7CoQiYiG7Y3LIbSCrEV5Od8+NXArRqoLBumnPr7gWeLlyAJjCD7DwMU21TQs6kIjYaaw==} + dependencies: + '@codemirror/commands': 6.2.4 + '@codemirror/lang-json': 6.0.1 + '@codemirror/language': 6.6.0 + '@codemirror/lint': 6.2.1 + '@codemirror/search': 6.4.0 + '@codemirror/state': 6.2.0 + '@codemirror/view': 6.11.2 + '@fontsource/fira-mono': 4.5.10 + '@fortawesome/free-regular-svg-icons': 6.4.0 + '@fortawesome/free-solid-svg-icons': 6.4.0 + '@replit/codemirror-indentation-markers': 6.4.2(@codemirror/language@6.6.0)(@codemirror/state@6.2.0)(@codemirror/view@6.11.2) + ajv: 8.12.0 + codemirror: 6.0.1(@lezer/common@1.0.2) + diff-sequences: 29.4.3 + immutable-json-patch: 5.1.2 + jmespath: 0.16.0 + json-source-map: 0.6.1 + jsonrepair: 3.1.0 + lodash-es: 4.17.21 + memoize-one: 6.0.0 + natural-compare-lite: 1.4.0 + sass: 1.62.1 + svelte: 3.59.1 + svelte-awesome: 3.2.0(svelte@3.59.1) + svelte-select: 5.6.1 + svelte-simple-modal: 1.5.2(svelte@3.59.1) + vanilla-picker: 2.12.1 + transitivePeerDependencies: + - '@lezer/common' + dev: true + /svelte-preprocess@5.0.3(postcss@8.4.23)(svelte@3.59.1)(typescript@5.0.4): resolution: {integrity: sha512-GrHF1rusdJVbOZOwgPWtpqmaexkydznKzy5qIC2FabgpFyKN57bjMUUUqPRfbBXK5igiEWn1uO/DXsa2vJ5VHA==} engines: {node: '>= 14.10.0'} @@ -2263,6 +2836,21 @@ packages: typescript: 5.0.4 dev: true + /svelte-select@5.6.1: + resolution: {integrity: sha512-Powj91VAWyaNMSSOQ0E29UMTw/ExWsHEsA83H7yQgfji2S2DhG6Rs5qZHslZ+ihbCPxXel5uEzwLsSqDABkQDw==} + dependencies: + '@floating-ui/dom': 1.2.8 + svelte-floating-ui: 1.2.8 + dev: true + + /svelte-simple-modal@1.5.2(svelte@3.59.1): + resolution: {integrity: sha512-kQ+9/bonxMMJe6dGTCPXBkYQQ4zF8rqqPp+PvTWOJB8QtB+Z0S/h7ZJRDZOAnkXTUClwd+Qmb2HHTIXVkjlSvA==} + peerDependencies: + svelte: ^3.31.2 + dependencies: + svelte: 3.59.1 + dev: true + /svelte@3.59.1: resolution: {integrity: sha512-pKj8fEBmqf6mq3/NfrB9SLtcJcUvjYSWyePlfCqN9gujLB25RitWK8PvFzlwim6hD/We35KbPlRteuA6rnPGcQ==} engines: {node: '>= 8'} @@ -2341,6 +2929,11 @@ packages: is-number: 7.0.0 dev: true + /tosource@2.0.0-alpha.3: + resolution: {integrity: sha512-KAB2lrSS48y91MzFPFuDg4hLbvDiyTjOVgaK7Erw+5AmZXNq4sFRVn8r6yxSLuNs15PaokrDRpS61ERY9uZOug==} + engines: {node: '>=10'} + dev: true + /totalist@3.0.1: resolution: {integrity: sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==} engines: {node: '>=6'} @@ -2414,6 +3007,12 @@ packages: resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==} dev: true + /vanilla-picker@2.12.1: + resolution: {integrity: sha512-2qrEP9VYylKXbyzXKsbu2dferBTvqnlsr29XjHwFE+/MEp0VNj6oEUESLDtKZ7DWzGdSv1x/+ujqFZF+KsO3cg==} + dependencies: + '@sphinxxxx/color-conversion': 2.2.2 + dev: true + /vite@4.3.5: resolution: {integrity: sha512-0gEnL9wiRFxgz40o/i/eTBwm+NEbpUeTWhzKrZDSdKm6nplj+z4lKz8ANDgildxHm47Vg8EUia0aicKbawUVVA==} engines: {node: ^14.18.0 || >=16.0.0} @@ -2457,6 +3056,10 @@ packages: vite: 4.3.5 dev: true + /w3c-keyname@2.2.6: + resolution: {integrity: sha512-f+fciywl1SJEniZHD6H+kUO8gOnwIr7f4ijKA6+ZvJFjeGi1r4PDLl53Ayud9O/rk64RqgoQine0feoeOU0kXg==} + dev: true + /which@2.0.2: resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==} engines: {node: '>= 8'} diff --git a/src/app.d.ts b/src/app.d.ts index 83a4c66..71deab9 100644 --- a/src/app.d.ts +++ b/src/app.d.ts @@ -8,20 +8,157 @@ declare namespace App { // interface Platform {} } -declare type IdnSession = { - tenant?: string; - authType?: string; - baseUrl?: string; - logoutUrl?: string; - accessToken?: string; - refreshIn?: number | string; - pollUrl?: string; - strongAuth?: boolean | string; - strongAuthUrl?: string; - csrfToken?: string; - expiration?: date; - org?: string; - region?: string; - pod?: string; - layer?: string; +declare type Status = { + page: Page; + status: Status2; +}; + +declare type Page = { + id: string; + name: string; + url: string; + time_zone: string; + updated_at: string; +}; + +declare type Status2 = { + indicator: string; + description: string; +}; + +declare type IdnSession = { + tenant: string; + authType: string; + baseUrl: string; + logoutUrl: string; + accessToken: string; + refreshIn: number; + pollUrl: string; + strongAuth: boolean; + strongAuthUrl: string; + csrfToken: string; + expiration: date; +}; + +declare type HostingData = { + org: string; + pod: string; + publicPod: string; + layer: string; + region: string; +}; + +declare type TenantData = { + id: string; + alias: string; + uid: string; + name: string; + displayName: string; + uuid: string; + encryptionKey: null; + encryptionCheck: null; + status: string; + pending: boolean; + passwordResetSinceLastLogin: boolean; + usageCertAttested: null; + userFlags: Meta; + enabled: boolean; + altAuthVia: string; + altAuthViaIntegrationData: null; + kbaAnswers: number; + disablePasswordReset: boolean; + ptaSourceId: null; + supportsPasswordPush: boolean; + attributes: Attributes; + externalId: string; + role: string[]; + phone: null; + email: string; + personalEmail: null; + employeeNumber: null; + riskScore: number; + featureFlags: { [key: string]: boolean }; + feature: string[]; + orgEncryptionKey: string; + orgEncryptionKeyId: string; + meta: any; + org: Org; + stepUpAuth: boolean; + bxInstallPrompted: boolean; + federatedLogin: boolean; + auth: Auth; + onNetwork: boolean; + onTrustedGeo: boolean; + loginUrl: string; +}; + +declare type Attributes = { + lastLoginTimestamp: number; + uid: string; + firstname: string; + cloudAuthoritativeSource: string; + cloudStatus: string; + displayName: string; + internalCloudStatus: string; + lastSyncDate: string; + workPhone: string; + email: string; + lastname: string; +}; + +declare type Auth = { + service: string; + encryption: string; +}; + +declare type Org = { + name: string; + scriptName: string; + mode: string; + numQuestions: number; + status: string; + maxRegisteredUsers: number; + pod: string; + pwdResetPersonalPhone: boolean; + pwdResetPersonalEmail: boolean; + pwdResetKba: boolean; + pwdResetEmail: boolean; + pwdResetDuo: boolean; + pwdResetPhoneMask: boolean; + authErrorText: null; + strongAuthKba: boolean; + strongAuthPersonalPhone: boolean; + strongAuthPersonalEmail: boolean; + integrations: any[]; + productName: string; + kbaReqForAuthn: number; + kbaReqAnswers: number; + lockoutAttemptThreshold: number; + lockoutTimeMinutes: number; + usageCertRequired: boolean; + adminStrongAuthRequired: boolean; + enableExternalPasswordChange: boolean; + enablePasswordReplay: boolean; + enableAutomaticPasswordReplay: boolean; + notifyAuthenticationSettingChange: boolean; + netmasks: null; + countryCodes: null; + whiteList: boolean; + usernameEmptyText: null; + usernameLabel: null; + enableAutomationGeneration: boolean; + emailTestMode: boolean; + emailTestAddress: string; + orgType: string; + passwordReplayState: string; + systemNotificationConfig: string; + maxClusterDebugHours: string; + brandName: string; + logo: null; + emailFromAddress: string; + standardLogoUrl: null; + narrowLogoUrl: null; + actionButtonColor: string; + activeLinkColor: string; + navigationColor: string; }; diff --git a/src/app.postcss b/src/app.postcss index c9cb1f2..c313f24 100644 --- a/src/app.postcss +++ b/src/app.postcss @@ -3,3 +3,7 @@ html, body { @apply h-[600px] w-[800px]; } + +.ais-Hits-list { + @apply flex flex-col gap-1; +} diff --git a/src/lib/BetaSpec.yaml b/src/lib/BetaSpec.yaml new file mode 100644 index 0000000..1a38396 --- /dev/null +++ b/src/lib/BetaSpec.yaml @@ -0,0 +1,161443 @@ +openapi: 3.0.1 +info: + title: IdentityNow Beta API + description: 'Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. These APIs are in beta and are subject to change. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.' + termsOfService: 'https://developer.sailpoint.com/discuss/tos' + contact: + name: Developer Relations + url: 'https://developer.sailpoint.com/discuss/api-help' + license: + name: MIT + url: 'https://opensource.org/licenses/MIT' + version: 3.1.0-beta +servers: + - url: 'https://{tenant}.api.identitynow.com/beta' + description: This is the beta API server. + variables: + tenant: + default: sailpoint + description: 'This is the name of your tenant, typically your company''s name.' +tags: + - name: Access Profiles + description: | + Use this API to implement and customize access profile functionality. + With this functionality in place, administrators can create access profiles and configure them for use throughout IdentityNow, enabling users to get the access they need quickly and securely. + + Access profiles group entitlements, which represent access rights on sources. + + For example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. + + An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. + + When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. + + When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. + + Access profiles are the most important units of access in IdentityNow. IdentityNow uses access profiles in many features, including the following: + + - Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles. + + - Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements. + + - Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile. + + - Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role. + + In IdentityNow, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones. + Administrators can enable and disable an access profile, and they can also make the following configurations: + + - Manage Entitlements: Manage the profile's access by adding and removing entitlements. + + - Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked. + Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile. + + - Multiple Account Options: Define the logic IdentityNow uses to provision access to an identity with multiple accounts on the source. + + Refer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles. + - name: Access Request Approvals + description: | + Use this API to implement and customize access request approval functionality. + With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles. + This enables more qualified users to review access requests and the others to spend their time on other tasks. + + In IdentityNow, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked. + For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked. + For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked. + If the administrator designates a governance group as the required approver, any governance group member can approve the requests. + + When a user submits an access request, IdentityNow sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration. + + In Approvals in IdentityNow, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval. + If the required approver approves the request and is the only reviewer required, IdentityNow grants or revokes access, based on the request. + If multiple reviewers are required, IdentityNow sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration. + The required approver can then view any completed access requests under the Reviewed tab. + + Refer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals. + - name: Access Requests + description: | + Use this API to implement and customize access request functionality. + With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked. + This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools. + + IdentityNow's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them. + + In the Request Center in IdentityNow, users can view available applications, roles, and entitlements and request access to them. + If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them. + + Users can use My Requests to track and/or cancel the requests. + + In My Team on the IdentityNow Home, managers can submit requests to revoke their team members' access. + They can use the My Requests tab under Request Center to track and/or cancel the requests. + + Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests. + - name: Account Activities + description: | + Use this API to implement account activity tracking functionality. + With this functionality in place, users can track source account activity in IdentityNow, which greatly improves traceability in the system. + + An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes that occur on an account throughout its life. + In IdentityNow's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient. + + Account activity includes most actions IdentityNow completes on source accounts. Users can search in IdentityNow for the following account action types: + + - Access Request: These include any access requests the source account is involved in. + + - Account Attribute Updates: These include updates to a single attribute on an account on a source. + + - Account State Update: These include locking or unlocking actions on an account on a source. + + - Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification. + + - Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state. + IdentityNow replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to. + + - Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action. + When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays. + Account Activity does not include attribute updates that occur as a result of aggregation. + + - Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates. + These also include refreshes that occur whenever IdentityNow assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source. + + - Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change. + + - Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state. + + - Password Change: These include password changes on sources. + + Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities. + - name: Account Aggregations + description: | + Use this API to implement account aggregation progress tracking functionality. + With this functionality in place, administrators can view in-progress account aggregations, their statuses, and their relevant details. + + An account aggregation refers to the process IdentityNow uses to gather and load account data from a source into IdentityNow. + + Whenever IdentityNow is in the process of aggregating a source, it adds an entry to the Aggregation Activity Log, along with its relevant details. + To view aggregation activity, administrators can select the Connections drop-down menu, select Sources, and select the relevant source, select its Import Data tab, and select Account Aggregation. + In Account Aggregation, administrators can view the account aggregations' statuses and details in the Account Activity Log. + + Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about account aggregations. + - name: Accounts + description: | + Use this API to implement and customize account functionality. + With this functionality in place, administrators can manage users' access across sources in IdentityNow. + + In IdentityNow, an account refers to a user's account on a supported source. + This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. IdentityNow loads accounts through the creation of sources in IdentityNow. + + Administrators can correlate users' identities with the users' accounts on the different sources they use. + This allows IdentityNow to govern the access of identities and all their correlated accounts securely and cohesively. + + To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab. + + To view and edit source account statuses for an identity in IdentityNow, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. + Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity. + + Accounts can have the following statuses: + + - Enabled: The account is enabled. The user can access it. + + - Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in IdentityNow. This can occur when an administrator disables the account or when the user's lifecycle state changes. + + - Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times. + + - Pending: The account is currently updating. This status typically lasts seconds. + + Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed. + + Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts. + - name: Certification Campaigns + description: | + Use this API to implement certification campaign functionality. + With this functionality in place, administrators can create, customize, and manage certification campaigns for their organizations' use. + Certification campaigns provide IdentityNow (IDN) users with an interactive review process they can use to identify and verify access to systems. + Campaigns help organizations reduce risk of inappropriate access and satisfy audit requirements. + + A certification refers to IDN's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. + These certifications serve as a way of showing that a user's access has been reviewed and approved. + Multiple certifications by different reviewers are often required to approve a user's access. + A set of multiple certifications is called a certification campaign. + + For example, an organization may use a Manager Certification campaign as a way of showing that a user's access has been reviewed and approved by multiple managers. + Once this campaign has been completed, IDN would provision all the access the user needs, nothing more. + + IDN provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns: + + You can create these types of campaigns without using any search queries in IDN: + + - ManagerCampaign: IDN provides this campaign type as a way to ensure that an identity's access is certified by their managers. + You only need to provide a name and description to create one. + + - Source Owner Campaign: IDN provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners. + You only need to provide a name and description to create one. + You can specify the sources whose owners you want involved or just run it across all sources. + + For more information about these campaign types, refer to [Starting a Manager or Source Owner Campaign](https://documentation.sailpoint.com/saas/help/certs/starting_campaign.html). + + One useful way to create certification campaigns in IDN is to use a specific search and then run a campaign on the results returned by that search. + This allows you to be much more specific about whom you are certifying in your campaigns and what access you are certifying in your campaigns. + For example, you can search for all identities who are managed by "Amanda.Ross" and also have the access to the "Accounting" role and then run a certification campaign based on that search to ensure that the returned identities are appropriately certified. + + You can use IDN search queries to create these types of campaigns: + + - Identities: Use this campaign type to review and revoke access items for specific identities. + You can either build a search query and create a campaign certifying all identities returned by that query, or you can search for individual identities and add those identities to the certification campaign. + + - Access Items: Use this campaign type to review and revoke a set of roles, access profiles, or entitlements from the identities that have them. + You can either build a search query and create a campaign certifying all access items returned by that query, or you can search for individual access items and add those items to the certification campaign. + + - Role Composition: Use this campaign type to review a role's composition, including its title, description, and membership criteria. + You can either build a search query and create a campaign certifying all roles returned by that query, or you can search for individual roles and add those roles to the certification campaign. + + - Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in IDN. + You can use this campaign type to view all the uncorrelated accounts for a source and certify them. + + For more information about search-based campaigns, refer to [Starting a Campaign from Search](https://documentation.sailpoint.com/saas/help/certs/starting_search_campaign.html). + + Once you have generated your campaign, it becomes available for preview. + An administrator can review the campaign and make changes, or if it's ready and accurate, activate it. + + Once the campaign is active, organization administrators or certification administrators can designate other IDN users as certification reviewers. + Those reviewers can view any of the certifications they either need to review (active) or have already reviewed (completed). + + When a certification campaign is in progress, certification reviewers see the listed active certifications whose involved identities they can review. + Reviewers can then make decisions to grant or revoke access, as well as reassign the ceritifcation to another reviewer. If the reviewer chooses this option, they must provide a reason for reassignment in the form of a comment. + + Once a reviewer has made decisions on all the certification's involved access items, he or she must "Sign Off" to complete the review process. + Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. + + Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. + In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation. + In this situation, the certification campaign completes once all the remediation requests are completed. + + The end of a certification campaign is determined by its deadline, its completion status, or by an administrator's decision. + + For more information about certifications and certification campaigns, refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html). + - name: Certifications + description: | + Use this API to implement certification functionality. + This API provides specific functionality that improves an organization's ability to manage its certification process. + + A certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. + These certifications serve as a way of showing that a user's access has been reviewed and approved. + Multiple certifications by different reviewers are often required to approve a user's access. + A set of multiple certifications is called a certification campaign. + + For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. + Once this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. + + This API enables administrators and reviewers to get useful information about certifications at a high level, such as the reviewers involved, and at a more granular level, such as the permissions affected by changes to entitlements within those certifications. + It also provides the useful ability to reassign identities and items within certifications to other reviewers, rather than [reassigning the entire certifications themselves](https://developer.sailpoint.com/idn/api/beta/reassign-identity-certs-async). + - name: Connector Rule Management + - name: Connectors + description: | + Use this API to implement connector functionality. + With this functionality in place, administrators can view available connectors. + + Connectors are the bridges IdentityNow uses to communicate with and aggregate data from sources. + For example, if it is necessary to set up a connection between IdentityNow and the Active Directory source, a connector can bridge the two and enable IdentityNow to synchronize data between the systems. + This ensures account entitlements and states are correct throughout the organization. + + In IdentityNow, administrators can use the Connections drop-down menu and select Sources to view the available source connectors. + + Refer to [IdentityNow Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about the connectors available in IdentityNow. + + Refer to [SaaS Connectivity](https://developer.sailpoint.com/idn/docs/saas-connectivity) for more information about the SaaS custom connectors that do not need VAs (virtual appliances) to communicate with their sources. + + Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about using connectors in IdentityNow. + - name: Custom Password Instructions + description: | + Use this API to implement custom password instruction functionality. + With this functionality in place, administrators can create custom password instructions to help users reset their passwords, change them, unlock their accounts, or recover their usernames. + This allows administrators to emphasize password policies or provide organization-specific instructions. + + Administrators must first use [Update Password Org Config](https://developer.sailpoint.com/idn/api/beta/update-password-org-config) to set `customInstructionsEnabled` to `true`. + + Once they have enabled custom instructions, they can use [Create Custom Password Instructions](https://developer.sailpoint.com/idn/api/beta/create-custom-password-instructions) to create custom page content for the specific pageId they select. + + For example, an administrator can use the pageId forget-username:user-email to set the custom text for the case when users forget their usernames and must enter their emails. + + Refer to [Creating Custom Instruction Text](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html#creating-custom-instruction-text) for more information about creating custom password instructions. + - name: Entitlements + description: | + Use this API to implement and customize entitlement functionality. + With this functionality in place, administrators can view entitlements and configure them for use throughout IdentityNow in certifications, access profiles, and roles. + Administrators in IdentityNow can then grant users access to the entitlements or configure them so users themselves can request access to the entitlements whenever they need them. + With a good approval process, this entitlement functionality allows users to gain the specific access they need on sources quickly and securely. + + Entitlements represent access rights on sources. + Entitlements are the most granular form of access in IdentityNow. + Entitlements are often grouped into access profiles, and access profiles themselves are often grouped into roles, the broadest form of access in IdentityNow. + + For example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. + + An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. + + An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source. + + When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. + + When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. + + When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. + + Administrators often use roles and access profiles within those roles to manage access so that users can gain access more quickly, but the hierarchy of access all starts with entitlements. + + Anywhere entitlements appear, you can select them to find more information about the following: + + - Cloud Access Details: These provide details about the cloud access entitlements on cloud-enabled sources. + + - Permissions: Permissions represent individual units of read/write/admin access to a system. + + - Relationships: These list each entitlement's parent and child relationships. + + - Type: This is the entitlement's type. Some sources support multiple types, each with a different attribute schema. + + IdentityNow uses entitlements in many features, including the following: + + - Certifications: Entitlements can be revoked from an identity that no longer needs them. + + - Roles: Roles can group access profiles which themselves group entitlements. You can grant and revoke access on a broad level with roles. Role membership criteria can grant roles to identities based on whether they have certain entitlements or attributes. + + - Access Profiles: Access profiles group entitlements. + They are the most important units of access in IdentityNow. + IdentityNow uses them in provisioning, certifications, and access requests, and administrators can configure them to grant very broad or very granular access. + + You cannot delete entitlements directly from IdentityNow. + Entitlements are deleted based on their inclusion in aggregations. + + Refer to [Deleting Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html#deleting-entitlements) more information about deleting entitlements. + + Refer to [Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html) for more information about entitlements. + - name: IAI Access Request Recommendations + - name: IAI Common Access + - name: IAI Outliers + - name: IAI Peer Group Strategies + - name: IAI Recommendations + - name: IAI Role Mining + - name: Identities + description: | + Use this API to implement identity functionality. + With this functionality in place, administrators can synchronize an identity's attributes with its various source attributes. + + IdentityNow uses identities as users' authoritative accounts. Identities can own other accounts, entitlements, and attributes. + + An identity has a variety of attributes, such as an account name, an email address, a job title, and more. + These identity attributes can be correlated with different attributes on different sources. + For example, the identity John.Smith can own an account in the GitHub source with the account name John-Smith-Org, and IdentityNow knows they are the same person with the same access and attributes. + + In IdentityNow, administrators often set up these synchronizations to get triggered automatically with a change or to run on a schedule. + To manually synchronize attributes for an identity, administrators can use the Identities drop-down menu and select Identity List to view the list of identities. + They can then select the identity they want to manually synchronize and use the hamburger menu to select 'Synchronize Attributes.' + Doing so immediately begins the attribute synchronization and analyzes all accounts for the selected identity. + + Refer to [Synchronizing Attributes](https://documentation.sailpoint.com/saas/help/provisioning/attr_sync.html) for more information about synchronizing attributes. + - name: Identity History + - name: Identity Profiles + description: | + Use this API to implement and customize identity profile functionality. + With this functionality in place, administrators can manage identity profiles and configure them for use by identities throughout IdentityNow. + + Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. + This allows administrators to save time by applying identity profiles to any number of similar identities rather than configuring each one individually. + + In IdentityNow, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. + This list shows some details about each identity profile, along with its status. They can select an identity profile to view and modify its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. + Administrators can also use this page to create new identity profiles or delete existing ones. + + Refer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles. + - name: Lifecycle States + description: | + Use this API to implement and customize lifecycle state functionality. + With this functionality in place, administrators can view and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have. + + A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with IdentityNow: 'Active' and 'Inactive.' + When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes. + The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored. + This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc. + + Administrators must define the criteria for being in each lifecycle state, and they must define how IdentityNow manages users' access to apps and sources for each lifecycle state. + + In IdentityNow, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to select the lifecycle state they want to modify. + + In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state: + + - Enable/disable the lifecycle state for the identity profile. + + - Enable/disable source accounts for the identity profile's lifecycle state. + + - Add existing access profiles to grant to the identity profiles in that lifecycle state. + + - Create a new access profile to grant to the identity profile in that lifecycle state. + + Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state. + To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. + For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states. + + During scheduled refreshes, IdentityNow evaluates lifecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. + If the identities are missing access, IdentityNow provisions that access. + + Administrators can also use the 'Provisioning' tab to configure email notifications for IdentityNow to send whenever an identity with that identity profile has a lifecycle state change. + Refer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so. + + An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.' + Refer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses. + + Refer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states. + - name: Managed Clients + description: Read and write operations for managing client data and statuses + - name: Managed Clusters + description: 'Operations for accessing and managing client Clusters, including Log Configuration' + - name: MFA Configuration + description: Configure and test multifactor authentication (MFA) methods + - name: Non-Employee Lifecycle Management + description: | + Use this API to implement non-employee lifecycle management functionality. + With this functionality in place, administrators can create non-employee records and configure them for use in their organizations. + This allows organizations to provide secure access to non-employees and control that access. + + The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee. + Organizations can track non-employees' access and activity in IdentityNow by creating and maintaining non-employee sources. + Organizations can have a maximum of 50 non-employee sources. + + By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following: + + - SailPoint is not responsible for storing sensitive data. + You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in IdentityNow. + + - You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts. + + To manage non-employees in IdentityNow, administrators must create a non-employee source and add accounts to the source. + + To create a non-employee source in IdentityNow, administrators must use the Admin panel to go to Connections > Sources. + They must then specify 'Non-Employee' in the 'Source Type' field. + Refer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources. + + To add accounts to a non-employee source in IdentityNow, administrators can select the non-employee source and add the accounts. + They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to. + + Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts. + To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file. + Refer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources. + + Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities. + + Refer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management. + - name: Notifications + - name: OAuth Clients + description: | + Use this API to implement OAuth client functionality. + With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the IdentityNow REST API. + Refer to [Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information about OAuth and how it works with the IdentityNow REST API. + - name: Org Config + description: Operations for managing org configuration settings (eg. time zone) + - name: Password Configuration + description: | + Use this API to implement organization password configuration functionality. + With this functionality in place, organization administrators can create organization-specific password configurations. + + These configurations include details like custom password instructions, as well as digit token length and duration. + + Refer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality. + - name: Password Dictionary + description: | + Use this API to implement password dictionary functionality. + With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords. + + A password dictionary is a list of words or characters that users are prevented from including in their passwords. + This can help protect users from themselves and force them to create passwords that are not easy to break. + + A password dictionary must meet the following requirements to for the API to handle them correctly: + + - It must be in .txt format. + + - All characters must be UTF-8 characters. + + - Each line must contain a single word or character with no spaces or whitespace characters. + + - It must contain at least one line other than the locale string. + + - Each line must not exceed 128 characters. + + - The file must not exceed 2500 lines. + + Administrators should also consider the following when they create their dictionaries: + + - Lines starting with a # represent comments. + + - All words in the password dictionary are case-insensitive. + For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord. + + - The dictionary uses substring matching. + For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring. + Users can then select 'Change Password' to update their passwords. + + Administrators must do the following to create a password dictionary: + + - Create the text file that will contain the prohibited password values. + + - If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode` + + The languageCode value refers to the language's 2-letter ISO 639-1 code. + The countryCode value refers to the country's 2-letter ISO 3166-1 code. + + Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes. + + - Upload the .txt file to IdentityNow with [Update Password Dictionary](https://developer.sailpoint.com/idn/api/beta/update-password-dictionary). Uploading a new file always overwrites the previous dictionary file. + + Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it. + + Refer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries. + - name: Password Management + description: | + Use this API to implement password management functionality. + With this functionality in place, users can manage their identity passwords for all their applications. + + In IdentityNow, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager. + Password Manager lists the user's identity's applications, possibly grouped to share passwords. + Users can then select 'Change Password' to update their passwords. + + Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually. + Password Manager may list the applications and sources in the following groups: + + - Password Group: This refers to a group of applications that share a password. + For example, a user can use the same password for Google Drive, Google Mail, and YouTube. + Updating the password for the password group updates the password for all its included applications. + + - Multi-Application Source: This refers to a source with multiple applications that share a password. + For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications. + Updating the password for the multi-application source updates the password for all its included applications. + + - Applications: These are applications that do not share passwords with other applications. + + An organization may require some authentication for users to update their passwords. + Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates. + + Refer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management. + - name: Password Sync Groups + description: | + Use this API to implement password sync group functionality. + With this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password. + This allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually. + + A password sync group is a group of applications that shares a password. + Administrators create these groups by grouping the applications' sources. + For example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password. + A user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually. + + The following are required for administrators to create a password sync group in IdentityNow: + + - At least two direct connect sources connected to IdentityNow and configured for Password Management. + + - Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources. + + - At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/policies.html) for more information about password policies. + + In the Admin panel in IdentityNow, administrators can use the Password Mgmt dropdown menu to select Sync Groups. + To create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group. + + Administrators can also delete sync groups in IdentityNow, but they should know the following before they do: + + - Passwords related to the associated sources will become independent, so changing one will not change the others anymore. + + - Passwords for the sources' connected applications will also become independent. + + - Password policies assigned to the sync group are then assigned directly to the associated sources. + To change the password policy for a source, administrators must edit it directly. + + Once the password sync group has been created, users can update the password for the group in Password Manager. + + Refer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups. + - name: Personal Access Tokens + description: | + Use this API to implement personal access token (PAT) functionality. + With this functionality in place, users can use PATs as an alternative to passwords for authentication in IdentityNow. + + PATs embed user information into the client ID and secret. + This replaces the API clients' need to store and provide a username and password to establish a connection, improving IdentityNow organizations' integration security. + + In IdentityNow, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens. + They must then provide a description about the token's purpose. + They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID. + + Refer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs. + - name: Public Identities Config + description: | + Use this API to implement public identity configuration functionality. + With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions. + This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. + + By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager. + However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc. + Administrators can use this API to make those necessary identity attributes public to non-administrators. + + For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department. + If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/idn/api/beta/update-public-identity-config) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information. + - name: Requestable Objects + description: | + Use this API to implement requestable object functionality. + With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/idn/api/beta/access-requests), along with their statuses. + This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available. + - name: Role Insights + - name: Roles + description: | + Use this API to implement and customize role functionality. + With this functionality in place, administrators can create roles and configure them for use throughout IdentityNow. + IdentityNow can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks. + + Entitlements represent the most granular level of access in IdentityNow. + Access profiles represent the next level and often group entitlements. + Roles represent the broadest level of access and often group access profiles. + + For example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. + + An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. + + An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source. + + When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. + + When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. + + When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. + + Roles often represent positions within organizations. + For example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role. + If the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need. + + In IdentityNow, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones. + Administrators can enable and disable the role, and they can also make the following configurations: + + - Manage Access: Manage the role's access by adding or removing access profiles. + + - Define Assignment: Define the criteria IdentityNow uses to assign the role to identities. + Use the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes. + Use the second, 'Identity List,' to specify the identities for assignment. + + - Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked. + Do not configure a role to be requestable without establishing a secure access request approval process for that role first. + + Refer to [Working with Roles](https://documentation.sailpoint.com/saas/help/provisioning/roles.html) for more information about roles. + - name: Search Attribute Configuration + - name: Segments + - name: Service Desk Integration + description: | + Use this API to build an integration between IdentityNow and a service desk ITSM (IT service management) solution. + Once an administrator builds this integration between IdentityNow and a service desk, users can use IdentityNow to raise and track tickets that are synchronized between IdentityNow and the service desk. + + In IdentityNow, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.' + + To create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page. + Refer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in IdentityNow. + + Administrators can create various service desk integrations, all with their own nuances. + The following service desk integrations are available: + + - [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html) + + - [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html) + + - [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html) + + - [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html) + + - [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) + + - [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html) + + - [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html) + - name: SOD Policy + description: Operations for Creating & Executing SOD (Seperation of Duties) policies + - name: SOD Violations + description: Operations for Predicting SOD (Seperation of Duties) violations + - name: Sources + description: | + Use this API to implement and customize source functionality. + With source functionality in place, organizations can use IdentityNow to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way. + + [Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the IdentityNow representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example. + Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. + Connecting these sources to IdentityNow makes it possible to manage user access across them all. + Then, if a new hire starts at an organization, IdentityNow can grant the new hire access to all the sources they need. + If an employee moves to a new department and needs access to new sources but no longer needs access to others, IdentityNow can grant the necessary access and revoke the unnecessary access for all the employee's various sources. + If an employee leaves the company, IdentityNow can revoke access to all the employee's various source accounts immediately. + These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure. + + In IdentityNow, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so. + They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups. + Admins go to Connections > Sources to see a list of the existing source representations in their organizations. + They can create new sources or select existing ones. + + To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type. + Refer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process. + + IdentityNow connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in. + Different sources use different connectors to share data with IdentityNow, and each connector's setup process is specific to that connector. + SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors. + Refer to [IdentityNow Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors. + Refer to the following links for more information about two useful connectors: + + - [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity). + + - [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services. + + Refer to [SaaS Connectivity](https://developer.sailpoint.com/idn/docs/saas-connectivity) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources. + + When admins select existing sources, they can view the following information about the source: + + - Associated connections (any associated identity profiles, apps, or references to the source in a transform). + + - Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources. + + - Associated entitlements (sets of access rights on sources). + + - Associated access profiles (groupings of entitlements). + + The user account data and the entitlements update with each data aggregation from the source. + Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their IdentityNow tenants so an access change on a source is detected quickly in IdentityNow. + Admins can view a history of these aggregations, and they can also run manual imports. + Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations. + + Admins can also make changes to determine which user account data IdentityNow collects from the source and how it correlates that account data with identity data. + To define which account attributes the source shares with IdentityNow, admins can edit the account schema on the source. + Refer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them. + To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. + Refer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities. + + Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform. + Refer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources. + + Well organized, mappped out connections between sources and IdentityNow are essential to achieving comprehensive identity access governance across all the source systems organizations need. + Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected. + - name: SP-Config + description: Import and export configuration for some objects between tenants. + - name: Tagged Objects + - name: Transforms + description: 'Operations for creating, managing, and deleting transforms' + - name: Triggers + description: | + Event Triggers provide real-time updates to changes in IdentityNow so you can take action as soon as an event occurs, rather than poll an API endpoint for updates. IdentityNow provides a user interface within the admin console to create and manage trigger subscriptions. These endpoints allow for programatically creating and managing trigger subscriptions. + + There are two types of event triggers: + * `FIRE_AND_FORGET`: This trigger type will send a payload to each subscriber without needing a response. Each trigger of this type has a limit of **50 subscriptions**. + * `REQUEST_RESPONSE`: This trigger type will send a payload to a subscriber and expect a response back. Each trigger of this type may only have **one subscription**. + + ## Available Event Triggers + Production ready event triggers that are available in all tenants. + + | Name | ID | Type | Trigger condition | Schema(s) | + |-|-|-|-|-| + | [Access Request Dynamic Approval](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/access-request-dynamic-approval) | idn:access-request-dynamic-approver | REQUEST_RESPONSE |After an access request is submitted. Expects the subscriber to respond with the ID of an identity or workgroup to add to the approval workflow. | [Input Schema](#section/Access-Request-Dynamic-Approver-Event-Trigger-Input) - [Output Schema](#section/Access-Request-Dynamic-Approver-Event-Trigger-Output) | + | [Access Request Postapproval](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/access-request-postapproval) | idn:access-request-post-approval | FIRE_AND_FORGET | After an access request is approved. |[Input Schema](#section/Access-Request-Post-Approval-Event-Trigger-Input)| + | [Access Request Preapproval](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/access-request-preapproval) | idn:access-request-pre-approval | REQUEST_RESPONSE | After an access request is submitted. Expects the subscriber to respond with an approval decision. | [Input Schema](#section/Access-Request-Pre-Approval-Event-Trigger-Input) - [Output Schema](#section/Access-Request-Pre-Approval-Event-Trigger-Output) | + | [Account Aggregation Completed](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/account-aggregation-completed) | idn:account-aggregation-completed | FIRE_AND_FORGET | After an account aggregation completed, terminated, failed. | [Input Schema](#section/Account-Aggregation-Completed-Event-Trigger-Input) | + | Account Attributes Changed | idn:account-attributes-changed | FIRE_AND_FORGET | After an account aggregation, and one or more account attributes have changed. | [Input Schema](#section/Account-Attributes-Changed-Event-Trigger-Input) | + | Account Correlated | idn:account-correlated | FIRE_AND_FORGET | After an account is added to an identity. | [Input Schema](#section/Account-Correlated-Event-Trigger-Input) | + | Accounts Collected for Aggregation | idn:aggregation-accounts-collected | FIRE_AND_FORGET | New, changed, and deleted accounts have been gathered during an aggregation and are being processed. | [Input Schema](#section/Accounts-Collected-for-Aggregation-Event-Trigger-Input) | + | Account Uncorrelated | idn:account-uncorrelated | FIRE_AND_FORGET | After an account is removed from an identity. | [Input Schema](#section/Account-Uncorrelated-Event-Trigger-Input) | + | Campaign Activated | idn:campaign-activated | FIRE_AND_FORGET | After a campaign is activated. | [Input Schema](#section/Campaign-Activated-Event-Trigger-Input) | + | Campaign Ended | idn:campaign-ended | FIRE_AND_FORGET | After a campaign ends. | [Input Schema](#section/Campaign-Ended-Event-Trigger-Input) | + | Campaign Generated | idn:campaign-generated | FIRE_AND_FORGET | After a campaign finishes generating. | [Input Schema](#section/Campaign-Generated-Event-Trigger-Input) | + | Certification Signed Off | idn:certification-signed-off | FIRE_AND_FORGET | After a certification is signed off by its reviewer. | [Input Schema](#section/Certification-Signed-Off-Event-Trigger-Input) | + | [Identity Attributes Changed](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/account-aggregation-completed) | idn:identity-attributes-changed | FIRE_AND_FORGET | After One or more identity attributes changed. | [Input Schema](#section/Identity-Attributes-Changed-Event-Trigger-Input) | + | [Identity Created](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/identity-created) | idn:identity-created | FIRE_AND_FORGET | After an identity is created. | [Input Schema](#section/Identity-Created-Event-Trigger-Input) | + | [Provisioning Action Completed](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/provisioning-action-completed) | idn:post-provisioning | FIRE_AND_FORGET | After a provisioning action completed on a source. | [Input Schema](#section/Provisioning-Completed-Event-Trigger-Input) | + | [Saved Search Complete](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/saved-search-completed) | idn:saved-search-complete | FIRE_AND_FORGET | After a scheduled search completed. | [Input Schema](#section/Saved-Search-Complete-Event-Trigger-Input) | + | [Source Created](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-created) | idn:source-created | FIRE_AND_FORGET | After a source is created. | [Input Schema](#section/Source-Created-Event-Trigger-Input) | + | [Source Deleted](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-deleted) | idn:source-deleted | FIRE_AND_FORGET | After a source is deleted. | [Input Schema](#section/Source-Deleted-Event-Trigger-Input) | + | [Source Updated](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-updated) | idn:source-updated | FIRE_AND_FORGET | After configuration changes have been made to a source. | [Input Schema](#section/Source-Updated-Event-Trigger-Input) | + | [VA Cluster Status Change](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/va-cluster-status-change) | idn:va-cluster-status-change | FIRE_AND_FORGET | After the status of a VA cluster has changed. | [Input Schema](#section/VA-Cluster-Status-Change-Event-Event-Trigger-Input) | + + ## Early Access Event Triggers + Triggers that are in-development and not ready for production use. Please contact support to enable these triggers in your tenant. + + | Name | ID | Type | Trigger condition | Schema(s) | + |-|-|-|-|-| + | [Identity Deleted](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/identity-deleted) | idn:identity-deleted | FIRE_AND_FORGET | After an identity is deleted. | [Input Schema](#section/Identity-Deleted-Event-Trigger-Input) | + | [Source Account Created](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-account-created) | idn:source-account-created | FIRE_AND_FORGET | After a source account is created. | [Input Schema](#section/Source-Account-Created-Event-Trigger-Input) | + | [Source Account Deleted](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-account-deleted) | idn:source-account-deleted | FIRE_AND_FORGET | After a source account is deleted. | [Input Schema](#section/Source-Account-Deleted-Event-Trigger-Input) | + | [Source Account Updated](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-account-updated) | idn:source-account-updated | FIRE_AND_FORGET | After a source account is changed. | [Input Schema](#section/Source-Account-Updated-Event-Trigger-Input) | + + Refer to [Event Triggers](https://developer.sailpoint.com/idn/docs/event-triggers/) for more information about event triggers. + - name: Work Items + description: | + Use this API to implement work item functionality. + With this functionality in place, users can manage their work items (tasks). + + Work items refer to the tasks users see in IdentityNow's Task Manager. + They can see the pending work items they need to complete, as well as the work items they have already completed. + Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created. + For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp. + Once the user completes the work item, the work item will be listed with his or her other completed work items. + + To complete work items, users can use their dashboards and select the 'My Tasks' widget. + The widget will list any work items they need to complete, and they can select the work item from the list to review its details. + When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items. + + Refer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete. + - name: Workflows + description: | + Workflows allow administrators to create custom automation scripts directly within IdentityNow. These automation scripts respond to [event triggers](https://developer.sailpoint.com/idn/docs/event-triggers#how-to-get-started-with-event-triggers) and perform a series of actions to perform tasks that are either too cumbersome or not available in the IdentityNow UI. Workflows can be configured via a graphical user interface within IdentityNow, or by creating and uploading a JSON formatted script to the Workflow service. The Workflows API collection provides the necessary functionality to create, manage, and test your workflows via REST. + + Refer to [Creating and Managing Workflows](https://documentation.sailpoint.com/saas/help/workflows/workflow-basics.html) for more information about how to build workflows in the visual builder in the IdentityNow UI. + - name: Event Trigger Models + x-displayName: Trigger Models + description: | + ## Access Request Dynamic Approver Event Trigger Input + + + ## Access Request Dynamic Approver Event Trigger Output + + + ## Access Request Post Approval Event Trigger Input + + + ## Access Request Pre Approval Event Trigger Input + + + ## Access Request Pre Approval Event Trigger Output + + + ## Account Aggregation Completed Event Trigger Input + + + ## Account Attributes Changed Event Trigger Input + + + ## Account Correlated Event Trigger Input + + + ## Accounts Collected for Aggregation Event Trigger Input + + + ## Account Uncorrelated Event Trigger Input + + + ## Campaign Activated Event Trigger Input + + + ## Campaign Ended Event Trigger Input + + + ## Campaign Generated Event Trigger Input + + + ## Certification Signed Off Event Trigger Input + + + ## Identity Attributes Changed Event Trigger Input + + + ## Identity Created Event Trigger Input + + + ## Identity Deleted Event Trigger Input + + + ## Provisioning Completed Event Trigger Input + + + ## Saved Search Complete Event Trigger Input + + + ## Source Account Created Event Trigger Input + + + ## Source Account Deleted Event Trigger Input + + + ## Source Account Updated Event Trigger Input + + + ## Source Created Event Trigger Input + + + ## Source Deleted Event Trigger Input + + + ## Source Updated Event Trigger Input + + + ## VA Cluster Status Change Event Event Trigger Input + +security: + - oauth2: [] +components: + securitySchemes: + oauth2: + type: oauth2 + description: | + OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information. + - Directions for generating a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) + - Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) + - Directions for using [authorization code flow](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) + + Which authentication method should I choose? See our [guide](https://developer.sailpoint.com/idn/api/authentication#which-oauth-20-grant-flow-should-i-use) + + Learn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/idn/api/authentication#find-your-tenants-oauth-details) + flows: + clientCredentials: + tokenUrl: 'https://tenant.api.identitynow.com/oauth/token' + scopes: + 'sp:scopes:default': default scope + 'sp:scopes:all': access to all scopes + authorizationCode: + authorizationUrl: 'https://tenant.identitynow.com/oauth/authorize' + tokenUrl: 'https://tenant.api.identitynow.com/oauth/token' + scopes: + 'sp:scopes:default': default scope + 'sp:scopes:all': access to all scopes + schemas: + AccountAggregation: + type: object + properties: + start: + type: string + format: date-time + example: '2021-01-31T14:30:05.104Z' + description: When the aggregation started. + status: + type: string + enum: + - STARTED + - ACCOUNTS_COLLECTED + - COMPLETED + - CANCELLED + - RETRIED + - TERMINATED + example: ACCOUNTS_COLLECTED + description: | + STARTED - Aggregation started, but source account iteration has not completed. + + ACCOUNTS_COLLECTED - Source account iteration completed, but all accounts have not yet been processed. + + COMPLETED - Aggregation completed (*possibly with errors*). + + CANCELLED - Aggregation cancelled by user. + + RETRIED - Aggregation retried because of connectivity issues with the Virtual Appliance. + + TERMINATED - Aggregation marked as failed after 3 tries after connectivity issues with the Virtual Appliance. + totalAccounts: + type: integer + example: 520 + description: 'The total number of *NEW, CHANGED and DELETED* accounts that need to be processed for this aggregation. This does not include accounts that were unchanged since the previous aggregation. This can be zero if there were no new, changed or deleted accounts since the previous aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*' + processedAccounts: + type: integer + example: 150 + description: 'The number of *NEW, CHANGED and DELETED* accounts that have been processed so far. This reflects the number of accounts that have been processed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*' + ApprovalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + slimcampaign: + type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + fullcampaign: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + IdentityProfile: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + required: + - authoritativeSource + properties: + description: + type: string + nullable: true + description: The description of the Identity Profile. + example: My custom flat file profile + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + description: The authoritative source for this Identity Profile. + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + properties: + enabled: + type: boolean + description: If the profile or mapping is enabled + example: true + default: true + attributeTransforms: + type: array + items: + type: object + properties: + identityAttributeName: + type: string + description: Name of the identity attribute + example: email + transformDefinition: + description: The seaspray transformation definition + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + nullable: true + additionalProperties: true + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result + example: 2c918086795cd09201795d5f7d7533df + reportName: + type: string + example: My annual report + description: The name of the report + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: true + example: true + ManagedClient: + description: Managed Client + type: object + required: + - clientId + - clusterId + - description + - type + properties: + id: + description: ManagedClient ID + readOnly: true + type: string + example: aClientId + alertKey: + description: ManagedClient alert key + readOnly: true + type: string + example: anAlertKey + apiGatewayBaseUrl: + description: ManagedClient gateway base url + readOnly: true + type: string + example: 'https://denali-xxx.api.cloud.sailpoint.com' + ccId: + description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!) + type: integer + format: int64 + example: 2248 + clientId: + description: The client ID used in API management + type: string + example: aClientApiId + clusterId: + description: Cluster ID that the ManagedClient is linked to + type: string + example: aClusterId + cookbook: + description: VA cookbook + readOnly: true + type: string + example: va-cookbook-info + description: + description: ManagedClient description + type: string + example: A short description of the ManagedClient + ipAddress: + description: The public IP address of the ManagedClient + readOnly: true + type: string + example: 123.456.78.90 + lastSeen: + description: When the ManagedClient was last seen by the server + readOnly: true + type: string + format: date-time + example: '2020-01-01T00:00:00.000000Z' + name: + description: ManagedClient name + type: string + example: aName + sinceLastSeen: + description: Milliseconds since the ManagedClient has polled the server + readOnly: true + type: string + example: 15000 + status: + description: Status of the ManagedClient + readOnly: true + allOf: + - type: string + enum: + - NORMAL + - UNDEFINED + - NOT_CONFIGURED + - CONFIGURING + - WARNING + - ERROR + - FAILED + type: + description: 'Type of the ManagedClient (VA, CCG)' + type: string + example: VA + vaDownloadUrl: + description: ManagedClient VA download URL + readOnly: true + type: string + example: aUrl + vaVersion: + description: Version that the ManagedClient's VA is running + readOnly: true + type: string + example: va-megapod-useast1-610-1621372012 + secret: + description: Client's apiKey + type: string + example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381 + ManagedClientStatus: + description: Managed Client Status + type: object + required: + - body + - status + - type + - timestamp + properties: + body: + description: ManagedClientStatus body information + type: object + example: + alertKey: '' + id: '5678' + clusterId: '1234' + ccg_etag: ccg_etag123xyz456 + ccg_pin: NONE + cookbook_etag: 20210420125956-20210511144538 + hostname: megapod-useast1-secret-hostname.sailpoint.com + internal_ip: 127.0.0.1 + lastSeen: '1620843964604' + sinceSeen: '14708' + sinceSeenMillis: '14708' + localDev: false + stacktrace: '' + state: null + status: NORMAL + uuid: null + product: idn + va_version: null + platform_version: '2' + os_version: 2345.3.1 + os_type: flatcar + hypervisor: unknown + status: + description: status of the Managed Client + type: string + enum: + - NORMAL + - UNDEFINED + - NOT_CONFIGURED + - CONFIGURING + - WARNING + - ERROR + - FAILED + type: + description: type of the Managed Client + type: string + example: CCG + nullable: true + enum: + - CCG + - VA + - INTERNAL + - null + timestamp: + description: timestamp on the Client Status update + type: string + format: date-time + example: '2020-01-01T00:00:00.000000Z' + MessageCatalogDto: + type: object + properties: + locale: + type: string + description: The language in which the messages are returned + example: en_US + messages: + type: array + items: + type: object + properties: + key: + type: string + description: The key of the message + example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_LOW + format: + type: string + description: The format of the message + example: '{0,,\"i18n hint: percentage\"}% of identities with the same {1,,\"i18n hint: name of category feature\"} have this access. This information had a low impact on the overall score.' + description: The list of message with their keys and formats + PeerGroupMember: + type: object + properties: + id: + type: string + description: A unique identifier for the peer group member. + type: + type: string + description: The type of the peer group member. + peer_group_id: + type: string + description: The ID of the peer group. + attributes: + type: object + additionalProperties: + type: object + description: 'Arbitrary key-value pairs, belonging to the peer group member.' + RecommendationRequestDto: + type: object + properties: + requests: + type: array + items: + description: List of requests to retrieve recommendations + type: object + properties: + identityId: + type: string + description: The identity ID + example: 2c938083633d259901633d25c68c00fa + item: + type: object + properties: + id: + type: string + description: The ID of the access item for which to retrieve the recommendation + example: 2c938083633d259901633d2623ec0375 + type: + type: string + example: ENTITLEMENT + description: The type of the access item. + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + excludeInterpretations: + type: boolean + description: Exclude interpretations in the response if "true". Return interpretations in the response if this attribute is not specified. + default: 'false' + example: 'false' + includeTranslationMessages: + type: boolean + description: 'When set to true, the calling system uses the translated messages for the specified language' + default: 'false' + example: 'false' + includeDebugInformation: + type: boolean + description: Returns the recommender calculations if set to true + default: 'false' + example: 'true' + prescribeMode: + type: boolean + description: 'When set to true, uses prescribedRulesRecommenderConfig to get identity attributes and peer group threshold instead of standard config.' + default: 'false' + example: 'false' + RecommendationResponseDto: + type: object + properties: + response: + type: array + items: + type: object + properties: + request: + type: object + properties: + identityId: + type: string + description: The identity ID + example: 2c938083633d259901633d25c68c00fa + item: + type: object + properties: + id: + type: string + description: The ID of the access item for which to retrieve the recommendation + example: 2c938083633d259901633d2623ec0375 + type: + type: string + example: ENTITLEMENT + description: The type of the access item. + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + recommendation: + type: string + example: 'YES' + description: 'The recommendation - YES if the access is recommended, NO if not recommended, MAYBE if there is not enough information to make a recommendation, NOT_FOUND if the identity is not found in the system' + enum: + - 'YES' + - 'NO' + - MAYBE + - NOT_FOUND + interpretations: + type: array + items: + type: string + description: 'The list of interpretations explaining the recommendation. The array is empty if includeInterpretations is false or not present in the request. e.g. - [ "Not approved in the last 6 months." ]. Interpretations will be translated using the client''s locale as found in the Accept-Language header. If a translation for the client''s locale cannot be found, the US English translation will be returned.' + example: + - 75% of identities with the same department have this access. This information had a high impact on the overall score. + - 67% of identities with the same peer group have this access. This information had a low impact on the overall score. + - 42% of identities with the same location have this access. This information had a low impact on the overall score. + translationMessages: + type: array + example: + - key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH + values: + - '75' + - department + items: + properties: + key: + type: string + description: The key of the translation message + example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH + values: + type: array + description: The values corresponding to the translation messages + items: + type: string + example: + - '75' + - department + description: 'The list of translation messages, if they have been requested.' + recommenderCalculations: + description: The calcuations performed behind the scenes that provide recommendations to the user. + properties: + identityId: + type: string + description: The ID of the identity + example: 2c91808457d8f3ab0157e3e62cb4213c + entitlementId: + type: string + description: The entitlement ID + example: 2c91809050db617d0150e0bf3215385e + recommendation: + type: string + description: The actual recommendation + example: 'YES' + overallWeightedScore: + type: number + description: The overall weighted score + featureWeightedScores: + type: object + description: The weighted score of each individual feature + additionalProperties: + type: number + threshold: + type: number + description: The configured value against which the overallWeightedScore is compared + identityAttributes: + type: object + description: The values for your configured features + additionalProperties: + type: object + properties: + value: + type: string + featureValues: + description: The feature details + type: object + properties: + feature: + type: string + description: The type of feature + example: department + numerator: + type: integer + format: int32 + example: 14 + description: The number of identities that have access to the feature + denominator: + type: integer + format: int32 + example: 14 + description: The number of identities with the corresponding feature + RemediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + SearchAttributeConfig: + type: object + properties: + name: + type: string + description: Name of the new attribute + example: newMailAttribute + displayName: + type: string + description: The display name of the new attribute + example: New Mail Attribute + applicationAttributes: + type: object + description: Map of application id and their associated attribute. + example: + 2c91808b79fd2422017a0b35d30f3968: employeeNumber + 2c91808b79fd2422017a0b36008f396b: employeeNumber + WorkItems: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + WorkItemsCount: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + WorkItemsSummary: + type: object + properties: + open: + type: integer + description: The count of open work items + example: 29 + completed: + type: integer + description: The count of completed work items + example: 1 + total: + type: integer + description: The count of total work items + example: 30 + Form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + FormItem: + type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + Section: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + Field: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + displayName: + type: string + description: Display name of the field + example: Field 1 + displayType: + type: string + description: Type of the field to display + example: checkbox + required: + type: boolean + description: True if the field is required + allowedValuesList: + type: array + items: + type: object + description: List of allowed values for the field + example: + - Val1Display: null + Val1Value: null + - Val2Display: null + Val2Value: null + value: + type: object + description: Value of the field + Trigger-Input-AccessRequestDynamicApprover: + title: Access Request Dynamic Approver + type: object + required: + - accessRequestId + - requestedFor + - requestedItems + - requestedBy + properties: + accessRequestId: + type: string + description: | + The unique ID of the access request object. Can be used with the [access request status endpoint](https://developer.sailpoint.com/idn/api/beta/list-access-request-status) to get the status of the request. + example: 4b4d982dddff4267ab12f0f1e72b5a6d + requestedFor: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity for whom the access is requested for. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requestedItems: + description: The access items that are being requested. + type: array + items: + type: object + required: + - id + - name + - type + - operation + properties: + id: + type: string + description: The unique ID of the access item. + example: 2c91808b6ef1d43e016efba0ce470904 + name: + type: string + description: Human friendly name of the access item. + example: Engineering Access + description: + nullable: true + type: string + description: Extended description of the access item. + example: Engineering Access + type: + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of access item being requested. + example: ACCESS_PROFILE + operation: + enum: + - Add + - Remove + description: Grant or revoke the access item + example: Add + comment: + nullable: true + type: string + description: A comment from the requestor on why the access is needed. + example: William needs this access for his day to day job activities. + requestedBy: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that initiated the access request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + Trigger-Input-AccessRequestPostApproval: + title: Access Request Post Approval + type: object + required: + - accessRequestId + - requestedFor + - requestedItemsStatus + - requestedBy + properties: + accessRequestId: + type: string + description: The unique ID of the access request. + example: 2c91808b6ef1d43e016efba0ce470904 + requestedFor: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity who the access request is for. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requestedItemsStatus: + description: Details on the outcome of each access item. + type: array + items: + type: object + required: + - id + - name + - type + - operation + - approvalInfo + properties: + id: + type: string + description: The unique ID of the access item being requested. + example: 2c91808b6ef1d43e016efba0ce470904 + name: + type: string + description: The human friendly name of the access item. + example: Engineering Access + description: + nullable: true + type: string + description: Detailed description of the access item. + example: Access to engineering database + type: + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of access item. + example: ACCESS_PROFILE + operation: + enum: + - Add + - Remove + description: The action to perform on the access item. + example: Add + comment: + nullable: true + type: string + description: A comment from the identity requesting the access. + example: William needs this access to do his job. + clientMetadata: + description: Additional customer defined metadata about the access item. + nullable: true + type: object + additionalProperties: true + example: + applicationName: My application + approvalInfo: + description: A list of one or more approvers for the access request. + type: array + items: + type: object + required: + - approvalDecision + - approverName + - approver + properties: + approvalComment: + nullable: true + type: string + description: A comment left by the approver. + example: This access looks good. Approved. + approvalDecision: + enum: + - APPROVED + - DENIED + description: The final decision of the approver. + example: APPROVED + approverName: + type: string + description: The name of the approver + example: Stephen.Austin + approver: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity of the approver. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requestedBy: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that initiated the access request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + Trigger-Input-AccessRequestPreApproval: + title: Access Request Pre Approval + type: object + required: + - accessRequestId + - requestedFor + - requestedItems + - requestedBy + properties: + accessRequestId: + type: string + description: The unique ID of the access request. + example: 2c91808b6ef1d43e016efba0ce470904 + requestedFor: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity who the access request is for. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requestedItems: + description: Details of the access items being requested. + type: array + items: + type: object + required: + - id + - name + - type + - operation + properties: + id: + type: string + description: The unique ID of the access item being requested. + example: 2c91808b6ef1d43e016efba0ce470904 + name: + type: string + description: The human friendly name of the access item. + example: Engineering Access + description: + nullable: true + type: string + description: Detailed description of the access item. + example: Access to engineering database + type: + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of access item. + example: ACCESS_PROFILE + operation: + enum: + - Add + - Remove + description: The action to perform on the access item. + example: Add + comment: + nullable: true + type: string + description: A comment from the identity requesting the access. + example: William needs this access to do his job. + requestedBy: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that initiated the access request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + Trigger-Input-AccountAggregationCompleted: + title: Account Aggregation Completed + type: object + required: + - source + - status + - started + - completed + - errors + - warnings + - stats + properties: + source: + required: + - type + - name + - id + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The source from which the accounts were aggregated. + properties: + type: + enum: + - SOURCE + description: The type of object that is referenced + example: SOURCE + status: + description: The overall status of the aggregation. + enum: + - Success + - Failed + - Terminated + example: Success + started: + type: string + format: date-time + description: The date and time when the account aggregation started. + example: '2020-06-29T22:01:50.474Z' + completed: + type: string + format: date-time + description: The date and time when the account aggregation finished. + example: '2020-06-29T22:02:04.090Z' + errors: + nullable: true + description: A list of errors that occurred during the aggregation. + type: array + items: + type: string + description: A descriptive error message. + example: Accounts unable to be aggregated. + warnings: + nullable: true + description: A list of warnings that occurred during the aggregation. + type: array + items: + type: string + description: A descriptive warning message. + example: Account Skipped + stats: + type: object + description: Overall statistics about the account aggregation. + required: + - scanned + - unchanged + - changed + - added + - removed + properties: + scanned: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: The number of accounts which were scanned / iterated over. + example: 200 + unchanged: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: 'The number of accounts which existed before, but had no changes.' + example: 190 + changed: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: 'The number of accounts which existed before, but had changes.' + example: 6 + added: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: The number of accounts which are new - have not existed before. + example: 4 + removed: + type: integer + minimum: 0 + maximum: 2147483647 + format: int32 + description: 'The number accounts which existed before, but no longer exist (thus getting removed).' + example: 3 + Trigger-Input-AccountAttributesChanged: + title: Account Attributes Changed + type: object + required: + - identity + - source + - account + - changes + properties: + identity: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity whose account attributes changed. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + source: + required: + - id + - type + - name + type: object + description: The source that contains the account. + properties: + id: + description: ID of the object to which this reference applies + type: string + example: 4e4d982dddff4267ab12f0f1e72b5a6d + type: + type: string + enum: + - SOURCE + example: SOURCE + description: The type of object that is referenced + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: Corporate Active Directory + account: + type: object + description: Details of the account where the attributes changed. + required: + - id + - uuid + - name + - nativeIdentity + - type + properties: + id: + type: string + description: SailPoint generated unique identifier. + example: 52170a74-ca89-11ea-87d0-0242ac130003 + uuid: + nullable: true + type: string + description: The source's unique identifier for the account. UUID is generated by the source system. + example: 1cb1f07d-3e5a-4431-becd-234fa4306108 + name: + type: string + description: Name of the account. + example: john.doe + nativeIdentity: + type: string + description: Unique ID of the account on the source. + example: 'cn=john.doe,ou=users,dc=acme,dc=com' + type: + enum: + - ACCOUNT + description: The type of the account + example: ACCOUNT + changes: + type: array + description: A list of attributes that changed. + items: + type: object + required: + - attribute + - oldValue + - newValue + properties: + attribute: + type: string + description: The name of the attribute. + example: sn + oldValue: + description: The previous value of the attribute. + nullable: true + oneOf: + - type: string + - type: boolean + - type: array + items: + nullable: true + type: string + example: doe + newValue: + description: The new value of the attribute. + nullable: true + oneOf: + - type: string + - type: boolean + - type: array + items: + nullable: true + type: string + example: ryans + Trigger-Input-AccountCorrelated: + title: Account Correlated + type: object + required: + - identity + - source + - account + - attributes + properties: + identity: + required: + - type + - name + - id + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that the account correlated with. + properties: + type: + enum: + - IDENTITY + description: The type of object that is referenced + example: IDENTITY + source: + required: + - id + - type + - name + type: object + description: The source from which the account came from. + properties: + id: + description: ID of the object to which this reference applies + type: string + example: 4e4d982dddff4267ab12f0f1e72b5a6d + type: + type: string + enum: + - SOURCE + example: SOURCE + description: The type of object that is referenced + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: Corporate Active Directory + account: + required: + - id + - name + - nativeIdentity + - type + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The account that was correlated. + properties: + type: + enum: + - ACCOUNT + description: The type of object that is referenced + example: ACCOUNT + nativeIdentity: + type: string + description: Unique ID of the account on the source. + example: 'cn=john.doe,ou=users,dc=acme,dc=com' + uuid: + nullable: true + type: string + description: The source's unique identifier for the account. UUID is generated by the source system. + example: 1cb1f07d-3e5a-4431-becd-234fa4306108 + attributes: + type: object + description: The attributes associated with the account. Attributes are unique per source. + additionalProperties: true + example: + sn: doe + givenName: john + memberOf: + - 'cn=g1,ou=groups,dc=acme,dc=com' + - 'cn=g2,ou=groups,dc=acme,dc=com' + - 'cn=g3,ou=groups,dc=acme,dc=com' + entitlementCount: + type: integer + format: int32 + description: The number of entitlements associated with this account. + example: 0 + Trigger-Input-AccountsCollectedForAggregation: + title: Accounts Collected for Aggregation + type: object + required: + - source + - status + - started + - completed + - errors + - warnings + - stats + properties: + source: + required: + - id + - type + - name + type: object + description: Reference to the source that has been aggregated. + properties: + id: + description: ID of the object to which this reference applies + type: string + example: 4e4d982dddff4267ab12f0f1e72b5a6d + type: + type: string + enum: + - SOURCE + example: SOURCE + description: The type of object that is referenced + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: Corporate Active Directory + status: + description: The overall status of the collection. + enum: + - Success + - Failed + - Terminated + example: Success + started: + type: string + format: date-time + description: The date and time when the account collection started. + example: '2020-06-29T22:01:50.474Z' + completed: + type: string + format: date-time + description: The date and time when the account collection finished. + example: '2020-06-29T22:02:04.090Z' + errors: + nullable: true + description: A list of errors that occurred during the collection. + type: array + items: + type: string + description: A descriptive error message. + example: Unable to collect accounts for aggregation. + warnings: + nullable: true + description: A list of warnings that occurred during the collection. + type: array + items: + type: string + description: A descriptive warning message. + example: Account Skipped + stats: + type: object + description: Overall statistics about the account collection. + required: + - scanned + - unchanged + - changed + - added + - removed + properties: + scanned: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: The number of accounts which were scanned / iterated over. + example: 200 + unchanged: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: 'The number of accounts which existed before, but had no changes.' + example: 190 + changed: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: 'The number of accounts which existed before, but had changes.' + example: 6 + added: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: The number of accounts which are new - have not existed before. + example: 4 + removed: + type: integer + minimum: 0 + maximum: 2147483647 + format: int32 + description: 'The number accounts which existed before, but no longer exist (thus getting removed).' + example: 3 + Trigger-Input-AccountUncorrelated: + title: Account Uncorrelated + type: object + required: + - identity + - source + - account + properties: + identity: + required: + - type + - name + - id + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that the account uncorrelated with. + properties: + type: + enum: + - IDENTITY + description: The type of object that is referenced + example: IDENTITY + source: + required: + - type + - name + - id + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The source from which the account came from. + properties: + type: + enum: + - SOURCE + description: The type of object that is referenced + example: SOURCE + account: + required: + - id + - name + - nativeIdentity + - type + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The account that was uncorrelated. + properties: + type: + enum: + - ACCOUNT + description: The type of object that is referenced + example: ACCOUNT + nativeIdentity: + type: string + description: Unique ID of the account on the source. + example: 'cn=john.doe,ou=users,dc=acme,dc=com' + uuid: + nullable: true + type: string + description: The source's unique identifier for the account. UUID is generated by the source system. + example: 1cb1f07d-3e5a-4431-becd-234fa4306108 + entitlementCount: + type: integer + format: int32 + description: The number of entitlements associated with this account. + example: 0 + Trigger-Input-CampaignActivated: + title: Campaign Activated + type: object + required: + - campaign + properties: + campaign: + type: object + description: Details about the certification campaign that was activated. + required: + - id + - name + - description + - created + - deadline + - type + - campaignOwner + - status + properties: + id: + type: string + description: Unique ID for the campaign. + example: 2c91808576f886190176f88cac5a0010 + name: + type: string + description: The human friendly name of the campaign. + example: Manager Access Campaign + description: + type: string + description: Extended description of the campaign. + example: Audit access for all employees. + created: + type: string + format: date-time + description: The date and time the campaign was created. + example: '2021-02-16T03:04:45.815Z' + modified: + nullable: true + type: string + format: date-time + description: The date and time the campaign was last modified. + example: '2021-02-16T03:06:45.815Z' + deadline: + type: string + format: date-time + description: The date and time the campaign is due. + example: '2021-03-16T03:04:45.815Z' + type: + description: The type of campaign. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + campaignOwner: + type: object + description: Details of the identity that owns the campaign. + required: + - id + - displayName + - email + properties: + id: + type: string + description: The unique ID of the identity. + example: 37f080867702c1910177031320c40n27 + displayName: + type: string + description: The human friendly name of the identity. + example: John Snow + email: + type: string + description: The primary email address of the identity. + example: john.snow@example.com + status: + enum: + - ACTIVE + description: The current status of the campaign. + example: ACTIVE + Trigger-Input-CampaignEnded: + title: Campaign Ended + type: object + required: + - campaign + properties: + campaign: + type: object + description: Details about the certification campaign that ended. + required: + - id + - name + - description + - created + - deadline + - type + - campaignOwner + - status + properties: + id: + type: string + description: Unique ID for the campaign. + example: 2c91808576f886190176f88cac5a0010 + name: + type: string + description: The human friendly name of the campaign. + example: Manager Access Campaign + description: + type: string + description: Extended description of the campaign. + example: Audit access for all employees. + created: + type: string + format: date-time + description: The date and time the campaign was created. + example: '2021-02-16T03:04:45.815Z' + modified: + nullable: true + type: string + format: date-time + description: The date and time the campaign was last modified. + example: '2021-03-16T03:06:45.815Z' + deadline: + type: string + format: date-time + description: The date and time the campaign is due. + example: '2021-03-16T03:04:45.815Z' + type: + description: The type of campaign. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + campaignOwner: + type: object + description: Details of the identity that owns the campaign. + required: + - id + - displayName + - email + properties: + id: + type: string + description: The unique ID of the identity. + example: 37f080867702c1910177031320c40n27 + displayName: + type: string + description: The human friendly name of the identity. + example: John Snow + email: + type: string + description: The primary email address of the identity. + example: john.snow@example.com + status: + enum: + - COMPLETED + description: The current status of the campaign. + example: COMPLETED + Trigger-Input-CampaignGenerated: + title: Campaign Generated + type: object + required: + - campaign + properties: + campaign: + description: Details about the campaign that was generated. + type: object + required: + - id + - name + - description + - created + - type + - campaignOwner + - status + properties: + id: + type: string + description: The unique ID of the campaign. + example: 2c91808576f886190176f88cac5a0010 + name: + type: string + description: Human friendly name of the campaign. + example: Manager Access Campaign + description: + type: string + description: Extended description of the campaign. + example: Audit access for all employees. + created: + type: string + format: date-time + description: The date and time the campaign was created. + example: '2021-02-16T03:04:45.815Z' + modified: + nullable: true + type: string + description: The date and time the campaign was last modified. + example: '2021-02-17T03:04:45.815Z' + deadline: + nullable: true + type: string + description: The date and time when the campaign must be finished by. + example: '2021-02-18T03:04:45.815Z' + type: + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + description: The type of campaign that was generated. + example: MANAGER + campaignOwner: + type: object + description: The identity that owns the campaign. + required: + - id + - displayName + - email + properties: + id: + type: string + description: The unique ID of the identity. + example: 37f080867702c1910177031320c40n27 + displayName: + type: string + description: The display name of the identity. + example: John Snow + email: + type: string + description: The primary email address of the identity. + example: john.snow@example.com + status: + enum: + - STAGED + - ACTIVATING + - ACTIVE + description: The current status of the campaign. + example: STAGED + Trigger-Input-CertificationSignedOff: + title: Certification Signed Off + type: object + required: + - certification + properties: + certification: + description: The certification campaign that was signed off on. + required: + - id + - name + - created + allOf: + - type: object + required: + - campaignRef + - completed + - decisionsMade + - decisionsTotal + - due + - signed + - reviewer + - campaignOwner + - hasErrors + - phase + - entitiesCompleted + - entitiesTotal + properties: + campaignRef: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + description: The date the reviewer signed off on the certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + description: A reference to the reviewer of the campaign. + type: object + required: + - type + - id + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object that the reviewer is. + enum: + - IDENTITY + - GOVERNANCE_GROUP + example: IDENTITY + email: + type: string + nullable: true + description: The email of the reviewing identity. Only applicable to `IDENTITY` + example: reviewer@test.com + reassignment: + nullable: true + description: A reference to a reviewer that this campaign has been reassigned to. + type: object + properties: + from: + description: The previous certification + type: object + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + reviewer: + description: Certification reviewer + type: object + required: + - type + - id + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object that the reviewer is. + enum: + - IDENTITY + - GOVERNANCE_GROUP + example: IDENTITY + email: + type: string + nullable: true + description: The email of the reviewing identity. Only applicable to `IDENTITY` + example: reviewer@test.com + properties: + type: + description: The type of object that the reviewer is. + enum: + - CERTIFICATION + example: CERTIFICATION + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + comment: + type: string + description: Comments from the previous reviewer. + example: Please review + hasErrors: + type: boolean + example: false + description: Indicates it the certification has any errors. + errorMessage: + type: string + nullable: true + example: The certification has an error + description: A message indicating what the error is. + completed: + type: boolean + description: Indicates if all certification decisions have been made. + example: false + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made by the reviewer. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions for the certification. + example: 40 + format: int32 + entitiesCompleted: + type: integer + description: 'The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete.' + example: 5 + format: int32 + entitiesTotal: + type: integer + format: int32 + description: 'The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete.' + example: 10 + properties: + id: + type: string + description: Unique ID of the certification. + example: 2c91808576f886190176f88caf0d0067 + name: + type: string + description: The name of the certification. + example: Manager Access Review for Alice Baker + created: + type: string + format: date-time + description: The date and time the certification was created. + example: '2020-02-16T03:04:45.815Z' + modified: + nullable: true + type: string + format: date-time + description: The date and time the certification was last modified. + example: '2020-02-16T03:06:45.815Z' + Trigger-Input-IdentityAttributesChanged: + title: Identity Attributes Changed + type: object + required: + - identity + - changes + properties: + identity: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity who's attributes changed. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + changes: + description: A list of one or more identity attributes that changed on the identity. + type: array + items: + type: object + required: + - attribute + properties: + attribute: + type: string + description: The name of the identity attribute that changed. + example: department + oldValue: + description: The value of the identity attribute before it changed. + nullable: true + example: sales + oneOf: + - type: string + - type: boolean + - type: array + items: + type: string + - type: object + nullable: true + additionalProperties: + oneOf: + - type: string + - type: number + - type: integer + - type: boolean + newValue: + description: The value of the identity attribute after it changed. + example: marketing + oneOf: + - type: string + - type: boolean + - type: array + items: + type: string + - type: object + nullable: true + additionalProperties: + oneOf: + - type: string + - type: number + - type: integer + - type: boolean + Trigger-Input-IdentityCreated: + title: Identity Created + type: object + required: + - identity + - attributes + properties: + identity: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that was created. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + attributes: + type: object + description: The attributes assigned to the identity. Attributes are determined by the identity profile. + additionalProperties: true + example: + firstname: John + Trigger-Input-IdentityDeleted: + title: Identity Deleted + type: object + required: + - identity + - attributes + properties: + identity: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that was deleted. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + attributes: + type: object + description: The attributes assigned to the identity. Attributes are determined by the identity profile. + additionalProperties: true + example: + firstname: John + Trigger-Input-ProvisioningCompleted: + title: Provisioning Completed + type: object + required: + - trackingNumber + - sources + - recipient + - accountRequests + properties: + trackingNumber: + type: string + description: The reference number of the provisioning request. Useful for tracking status in the Account Activity search interface. + example: 4b4d982dddff4267ab12f0f1e72b5a6d + sources: + type: string + description: One or more sources that the provisioning transaction(s) were done against. Sources are comma separated. + example: 'Corp AD, Corp LDAP, Corp Salesforce' + action: + nullable: true + type: string + description: Origin of where the provisioning request came from. + example: IdentityRefresh + errors: + nullable: true + description: A list of any accumulated error messages that occurred during provisioning. + type: array + items: + type: string + example: Connector AD Failed + warnings: + nullable: true + description: A list of any accumulated warning messages that occurred during provisioning. + type: array + items: + type: string + example: Notification Skipped due to invalid email + recipient: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity who is the target of the provisioning request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requester: + nullable: true + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity (if any) who submitted the provisioning request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + accountRequests: + type: array + description: A list of provisioning instructions to perform on an account-by-account basis. + items: + type: object + required: + - source + - accountOperation + - provisioningResult + - provisioningTarget + properties: + source: + required: + - id + - type + - name + type: object + description: Reference to the source being provisioned against. + properties: + id: + description: ID of the object to which this reference applies + type: string + example: 4e4d982dddff4267ab12f0f1e72b5a6d + type: + type: string + enum: + - SOURCE + example: SOURCE + description: The type of object that is referenced + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: Corporate Active Directory + accountId: + type: string + description: The unique idenfier of the account being provisioned. + example: 'CN=Chewy.Bacca,ou=hardcorefigter,ou=wookies,dc=starwars,dc=com' + accountOperation: + type: string + description: 'The provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete.' + example: Modify + provisioningResult: + description: 'The overall result of the provisioning transaction; this could be success, pending, failed, etc.' + enum: + - SUCCESS + - PENDING + - FAILED + example: SUCCESS + provisioningTarget: + type: string + description: 'The name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM).' + example: Corp AD + ticketId: + nullable: true + type: string + description: 'A reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM).' + example: '72619262' + attributeRequests: + nullable: true + description: A list of attributes as part of the provisioning transaction. + type: array + items: + type: object + required: + - attributeName + - operation + properties: + attributeName: + type: string + description: The name of the attribute being provisioned. + example: memberOf + attributeValue: + nullable: true + type: string + description: The value of the attribute being provisioned. + example: 'CN=jedi,DC=starwars,DC=com' + operation: + enum: + - Add + - Set + - Remove + description: The operation to handle the attribute. + example: Add + Trigger-Input-SavedSearchComplete: + title: Saved Search Complete + type: object + required: + - fileName + - ownerEmail + - ownerName + - query + - searchName + - searchResults + - signedS3Url + properties: + fileName: + type: string + description: A name for the report file. + example: Modified.zip + ownerEmail: + type: string + description: The email address of the identity that owns the saved search. + example: test@sailpoint.com + ownerName: + type: string + description: The name of the identity that owns the saved search. + example: Cloud Support + query: + type: string + description: The search query that was used to generate the report. + example: 'modified:[now-7y/d TO now]' + searchName: + type: string + description: The name of the saved search. + example: Modified Activity + searchResults: + type: object + description: 'A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type.' + properties: + Account: + description: A table of accounts that match the search criteria. + nullable: true + type: object + required: + - count + - noun + - preview + properties: + count: + type: string + description: The number of rows in the table. + example: 3 + noun: + type: string + description: The type of object represented in the table. + example: accounts + preview: + description: A sample of the data in the table. + type: array + items: + type: array + items: + type: string + example: Robert.Chase + example: [] + Entitlement: + description: A table of entitlements that match the search criteria. + nullable: true + type: object + required: + - count + - noun + - preview + properties: + count: + type: string + description: The number of rows in the table. + example: 2 + noun: + type: string + description: The type of object represented in the table. + example: entitlements + preview: + description: A sample of the data in the table. + type: array + items: + type: array + items: + type: string + example: Administrator + example: [] + Identity: + description: A table of identities that match the search criteria. + nullable: true + type: object + required: + - count + - noun + - preview + properties: + count: + type: string + description: The number of rows in the table. + example: 2 + noun: + type: string + description: The type of object represented in the table. + example: identities + preview: + description: A sample of the data in the table. + type: array + items: + type: array + items: + type: string + example: Carol Shelby + example: [] + signedS3Url: + type: string + description: The Amazon S3 URL to download the report from. + example: 'https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e732bb97a12a1fd8a215613e3c31fcdae8ba1fb6a25916843ab5b51d2ddefbc' + Trigger-Input-SourceAccountCreated: + type: object + required: + - id + - nativeIdentifier + - sourceId + - sourceName + - identityId + - identityName + - attributes + properties: + uuid: + type: string + description: Source unique identifier for the identity. UUID is generated by the source system. + example: b7264868-7201-415f-9118-b581d431c688 + id: + type: string + description: SailPoint generated unique identifier. + example: ee769173319b41d19ccec35ba52f237b + nativeIdentifier: + type: string + description: Unique ID of the account on the source. + example: E009 + sourceId: + type: string + description: The ID of the source. + example: 2c918082814e693601816e09471b29b6 + sourceName: + type: string + description: The name of the source. + example: Active Directory + identityId: + type: string + description: The ID of the identity that is corellated with this account. + example: ee769173319b41d19ccec6c235423237b + identityName: + type: string + description: The name of the identity that is corellated with this account. + example: john.doe + attributes: + type: object + additionalProperties: true + description: The attributes of the account. The contents of attributes depends on the account schema for the source. + example: + firstname: John + lastname: Doe + email: john.doe@gmail.com + department: Sales + displayName: John Doe + created: '2020-04-27T16:48:33.597Z' + employeeNumber: E009 + uid: E009 + inactive: 'true' + phone: null + identificationNumber: E009 + Trigger-Input-SourceAccountDeleted: + type: object + required: + - id + - nativeIdentifier + - sourceId + - sourceName + - identityId + - identityName + - attributes + properties: + uuid: + type: string + description: Source unique identifier for the identity. UUID is generated by the source system. + example: b7264868-7201-415f-9118-b581d431c688 + id: + type: string + description: SailPoint generated unique identifier. + example: ee769173319b41d19ccec35ba52f237b + nativeIdentifier: + type: string + description: Unique ID of the account on the source. + example: E009 + sourceId: + type: string + description: The ID of the source. + example: 2c918082814e693601816e09471b29b6 + sourceName: + type: string + description: The name of the source. + example: Active Directory + identityId: + type: string + description: The ID of the identity that is corellated with this account. + example: ee769173319b41d19ccec6c235423237b + identityName: + type: string + description: The name of the identity that is corellated with this account. + example: john.doe + attributes: + type: object + additionalProperties: true + description: The attributes of the account. The contents of attributes depends on the account schema for the source. + example: + firstname: John + lastname: Doe + email: john.doe@gmail.com + department: Sales + displayName: John Doe + created: '2020-04-27T16:48:33.597Z' + employeeNumber: E009 + uid: E009 + inactive: 'true' + phone: null + identificationNumber: E009 + Trigger-Input-SourceAccountUpdated: + type: object + required: + - id + - nativeIdentifier + - sourceId + - sourceName + - identityId + - identityName + - attributes + properties: + uuid: + type: string + description: Source unique identifier for the identity. UUID is generated by the source system. + example: b7264868-7201-415f-9118-b581d431c688 + id: + type: string + description: SailPoint generated unique identifier. + example: ee769173319b41d19ccec35ba52f237b + nativeIdentifier: + type: string + description: Unique ID of the account on the source. + example: E009 + sourceId: + type: string + description: The ID of the source. + example: 2c918082814e693601816e09471b29b6 + sourceName: + type: string + description: The name of the source. + example: Active Directory + identityId: + type: string + description: The ID of the identity that is corellated with this account. + example: ee769173319b41d19ccec6c235423237b + identityName: + type: string + description: The name of the identity that is corellated with this account. + example: john.doe + attributes: + type: object + additionalProperties: true + description: The attributes of the account. The contents of attributes depends on the account schema for the source. + example: + firstname: John + lastname: Doe + email: john.doe@gmail.com + department: Sales + displayName: John Doe + created: '2020-04-27T16:48:33.597Z' + employeeNumber: E009 + uid: E009 + inactive: 'true' + phone: null + identificationNumber: E009 + Trigger-Input-SourceCreated: + title: Source Created + type: object + required: + - id + - name + - type + - created + - connector + - actor + properties: + id: + type: string + description: The unique ID of the source. + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human friendly name of the source. + example: Test source + type: + type: string + description: The connection type. + example: DIRECT_CONNECT + created: + type: string + format: date-time + description: The date and time the source was created. + example: '2021-03-29T22:01:50.474Z' + connector: + type: string + description: The connector type used to connect to the source. + example: active-directory + actor: + required: + - id + - name + - type + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that created the source. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + Trigger-Input-SourceDeleted: + title: Source Deleted + type: object + required: + - id + - name + - type + - deleted + - connector + - actor + properties: + id: + type: string + description: The unique ID of the source. + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human friendly name of the source. + example: Test source + type: + type: string + description: The connection type. + example: DIRECT_CONNECT + deleted: + type: string + format: date-time + description: The date and time the source was deleted. + example: '2021-03-29T22:01:50.474Z' + connector: + type: string + description: The connector type used to connect to the source. + example: active-directory + actor: + required: + - id + - name + - type + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that deleted the source. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + Trigger-Input-SourceUpdated: + title: Source Updated + type: object + required: + - id + - name + - type + - modified + - connector + - actor + properties: + id: + type: string + description: The unique ID of the source. + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: The user friendly name of the source. + example: Corporate Active Directory + type: + type: string + description: The connection type of the source. + example: DIRECT_CONNECT + modified: + type: string + format: date-time + description: The date and time the source was modified. + example: '2021-03-29T22:01:50.474Z' + connector: + type: string + description: The connector type used to connect to the source. + example: active-directory + actor: + required: + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity or system that performed the update. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + Trigger-Input-VAClusterStatusChangeEvent: + title: VA Cluster Status Change Event + type: object + required: + - created + - type + - application + - healthCheckResult + - previousHealthCheckResult + properties: + created: + type: string + format: date-time + description: The date and time the status change occurred. + example: '2020-06-29T22:01:50.474Z' + type: + enum: + - SOURCE + - CLUSTER + description: The type of the object that initiated this event. + example: CLUSTER + application: + type: object + description: Details about the `CLUSTER` or `SOURCE` that initiated this event. + required: + - id + - name + - attributes + properties: + id: + type: string + description: The GUID of the application + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: The name of the application + example: Production VA Cluster + attributes: + type: object + description: Custom map of attributes for a source. This will only be populated if type is `SOURCE` and the source has a proxy. + additionalProperties: true + nullable: true + example: null + healthCheckResult: + type: object + description: The results of the most recent health check. + required: + - message + - resultType + - status + properties: + message: + type: string + description: Detailed message of the result of the health check. + example: Test Connection failed with exception. Error message - java.lang Exception + resultType: + type: string + description: The type of the health check result. + example: SOURCE_STATE_ERROR_CLUSTER + status: + enum: + - Succeeded + - Failed + description: The status of the health check. + example: Succeeded + previousHealthCheckResult: + type: object + description: The results of the last health check. + required: + - message + - resultType + - status + properties: + message: + type: string + description: Detailed message of the result of the health check. + example: Test Connection failed with exception. Error message - java.lang Exception + resultType: + type: string + description: The type of the health check result. + example: SOURCE_STATE_ERROR_CLUSTER + status: + enum: + - Succeeded + - Failed + description: The status of the health check. + example: Failed + Trigger-Output-AccessRequestDynamicApprover: + title: Access Request Dynamic Approver + type: object + nullable: true + required: + - id + - name + - type + properties: + id: + type: string + description: The unique ID of the identity to add to the approver list for the access request. + example: 2c91808b6ef1d43e016efba0ce470906 + name: + type: string + description: The name of the identity to add to the approver list for the access request. + example: Adam Adams + type: + enum: + - IDENTITY + - GOVERNANCE_GROUP + description: The type of object being referenced. + example: IDENTITY + Trigger-Output-AccessRequestPreApproval: + title: Access Request Pre Approval + type: object + required: + - approved + - comment + - approver + properties: + approved: + type: boolean + description: Whether or not to approve the access request. + example: false + comment: + type: string + description: A comment about the decision to approve or deny the request. + example: 'This access should be denied, because this will cause an SOD violation.' + approver: + type: string + description: The name of the entity that approved or denied the request. + example: AcmeCorpExternalIntegration +paths: + /access-profiles: + get: + operationId: listAccessProfiles + tags: + - Access Profiles + summary: List Access Profiles + description: |- + This API returns a list of Access Profiles. + + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: for-subadmin + schema: + type: string + description: |- + If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. + + A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin. + example: 8c190e6787aa4ed9a90bd9d5344523fb + required: false + - in: query + name: limit + description: |- + Note that for this API the maximum value for limit is 50. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 50 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 50 + default: 50 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, sw* + + **created, modified**: *gt, lt, ge, le* + + **owner.id**: *eq, in* + + **requestable**: *eq* + + **source.id**: *eq, in* + example: name eq "SailPoint Support" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name, created, modified** + example: 'name,-modified' + required: false + - in: query + name: for-segment-ids + schema: + type: string + format: comma-separated + description: |- + If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. + + If segmentation is currently unavailable, specifying this parameter results in an error. + example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d' + required: false + - in: query + name: include-unsegmented + schema: + type: boolean + default: true + description: 'Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.' + example: false + required: false + responses: + '200': + description: List of Access Profiles + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + - 'idn:access-profile:manage' + post: + operationId: createAccessProfile + tags: + - Access Profiles + summary: Create an Access Profile + description: |- + This API creates an Access Profile. + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + responses: + '201': + description: Access Profile created + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + '/access-profiles/{id}': + get: + operationId: getAccessProfile + tags: + - Access Profiles + summary: Get an Access Profile + description: |- + This API returns an Access Profile by its ID. + + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: ID of the Access Profile + example: 2c9180837ca6693d017ca8d097500149 + responses: + '200': + description: An AccessProfile + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + - 'idn:access-profile:manage' + patch: + operationId: patchAccessProfile + tags: + - Access Profiles + summary: Patch a specified Access Profile + description: |- + This API updates an existing Access Profile. The following fields are patchable: + **name**, **description**, **enabled**, **owner**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria** + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer. + > The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters. + + > You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source. + + > Patching the value of the **requestable** field is only supported for customers enabled with the new Request Center. Otherwise, attempting to modify this field results in a 400 error. + parameters: + - name: id + in: path + description: ID of the Access Profile to patch + required: true + schema: + type: string + example: 2c91808a7813090a017814121919ecca + requestBody: + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Add Entitlements: + description: Add one or more entitlements to the end of the list + value: + - op: add + path: /entitlements + value: + - id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Insert Entitlement: + description: Add an entitlement at the beginning of the entitlement list + value: + - op: add + path: /entitlements/0 + value: + id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Replace Entitlements: + description: Replace all entitlements with a new list of entitlements + value: + - op: replace + path: /entitlements + value: + - id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Remove Entitlement: + description: Remove the first entitlement in the list + value: + - op: remove + path: /entitlements/0 + required: true + responses: + '200': + description: Responds with the Access Profile as updated. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + delete: + operationId: deleteAccessProfile + tags: + - Access Profiles + summary: Delete the specified Access Profile + description: |- + This API deletes an existing Access Profile. + + The Access Profile must not be in use. If it is, a 400 error is returned. + + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a SOURCE_SUBADMIN token must be able to administer the Source associated with the Access Profile. + parameters: + - name: id + in: path + description: ID of the Access Profile to delete + required: true + schema: + type: string + example: 2c91808a7813090a017814121919ecca + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Returned when an access profile cannot be deleted as it's being used. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + 400.2.1.0 Object in use by another: + description: Returned when an access profile cannot be deleted as it's being used + value: + detailCode: 400.2.1.0 Object in use by another + trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The "testAccessProfile" access profile can't be deleted because it's in use. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + /access-profiles/bulk-delete: + post: + operationId: deleteAccessProfilesInBulk + summary: Delete Access Profile(s) + tags: + - Access Profiles + description: |- + This API initiates a bulk deletion of one or more Access Profiles. + + By default, if any of the indicated Access Profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated Access Profiles will be deleted. + + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to delete Access Profiles which are associated with Sources they are able to administer. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + accessProfileIds: + description: List of IDs of Access Profiles to be deleted. + type: array + items: + type: string + example: + - 2c9180847812e0b1017817051919ecca + - 2c9180887812e0b201781e129f151816 + bestEffortOnly: + description: 'If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use.' + type: boolean + example: true + example: + bestEffortOnly: true + accessProfileIds: + - 2c91808876438bb2017668b91919ecca + - 2c91808876438ba801766e129f151816 + responses: + '200': + description: 'Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.' + content: + application/json: + schema: + type: object + properties: + taskId: + type: string + description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status. + example: 2c9180867817ac4d017817c491119a20 + pending: + type: array + description: List of IDs of Access Profiles which are pending deletion. + items: + type: string + example: + - 2c91808876438bbb017668c21919ecca + - 2c91808876438bb201766e129f151816 + inUse: + type: array + description: List of usages of Access Profiles targeted for deletion. + items: + type: object + properties: + accessProfileId: + type: string + description: ID of the Access Profile that is in use + example: 2c91808876438bbb017668c21919ecca + usedBy: + type: array + description: List of references to objects which are using the indicated Access Profile + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + example: + pending: [] + inUse: + - accessProfileId: 2c91808876438ba801766e129f151816 + usages: + - type: Role + id: 2c9180887643764201766e9f6e121518 + '202': + description: Returned if at least one deletion will be performed. + content: + application/json: + schema: + type: object + properties: + taskId: + type: string + description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status. + example: 2c9180867817ac4d017817c491119a20 + pending: + type: array + description: List of IDs of Access Profiles which are pending deletion. + items: + type: string + example: + - 2c91808876438bbb017668c21919ecca + - 2c91808876438bb201766e129f151816 + inUse: + type: array + description: List of usages of Access Profiles targeted for deletion. + items: + type: object + properties: + accessProfileId: + type: string + description: ID of the Access Profile that is in use + example: 2c91808876438bbb017668c21919ecca + usedBy: + type: array + description: List of references to objects which are using the indicated Access Profile + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + example: + taskId: 2c91808a7813090a01781412a1119a20 + pending: + - 2c91808a7813090a017813fe1919ecca + inUse: + - accessProfileId: 2c91808876438ba801766e129f151816 + usages: + - type: Role + id: 2c9180887643764201766e9f6e121518 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + '/access-profiles/{id}/entitlements': + get: + operationId: getAccessProfileEntitlements + tags: + - Access Profiles + summary: List Access Profile's Entitlements + description: |- + This API lists the Entitlements associated with a given Access Profile + + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given Access Profile + parameters: + - name: id + in: path + description: ID of the containing Access Profile + required: true + schema: + type: string + example: 2c91808a7813090a017814121919ecca + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following Entitlement fields and operators: + **id**: *eq, in* + + **name**: *eq, sw* + + **attribute**: *eq, sw* + + **value**: *eq, sw* + + **created, modified**: *gt, lt, ge, le* + + **owner.id**: *eq, in* + + **source.id**: *eq, in* + example: attribute eq "memberOf" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name, attribute, value, created, modified** + example: 'name,-modified' + required: false + responses: + '200': + description: List of Entitlements + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + owner: + type: object + description: Simplified DTO for the owner object of the entitlement + properties: + id: + type: string + description: The owner id for the entitlement + example: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: + type: string + description: The owner name for the entitlement + example: identity 1 + type: + type: string + enum: + - IDENTITY + description: The type of the owner. Initially only type IDENTITY is supported + example: IDENTITY + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + - 'idn:access-profile:manage' + /access-requests: + post: + operationId: createAccessRequest + security: + - oauth2: + - 'idn:access-request:create' + summary: Submit an Access Request + tags: + - Access Requests + description: | + This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes. + + Access requests are processed asynchronously by IdentityNow. A success response from this endpoint means the request + has been submitted to IDN and is queued for processing. Because this endpoint is asynchronous, it will not return an error + if you submit duplicate access requests in quick succession, or you submit an access request for access that is already in progress, approved, or rejected. + It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can + be accomplished by using the [access request status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [pending access request approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) endpoints. You can also + use the [search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items that an identity has before submitting + an access request to ensure you are not requesting access that is already granted. + + There are two types of access request: + + __GRANT_ACCESS__ + * Can be requested for multiple identities in a single request. + * Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options. + * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. + * Roles, Access Profiles and Entitlements can be requested. + * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. + + __REVOKE_ACCESS__ + * Can only be requested for a single identity at a time. + * Does not support self request. Only manager can request to revoke access for their directly managed employees. + * If removeDate is specified, then the access will be removed on that date and time only for Roles and Access Profiles. Entitlements are currently unsupported for removeDate. + * Roles, Access Profiles, and Entitlements can be requested for revocation. + * Revoke requests for entitlements are limited to 1 entitlement per access request currently. + * [Roles, Access Profiles] RemoveData can be specified only if access don't have a sunset date. + * Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone. + + NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API. + + A token with API authority cannot be used to call this endpoint. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + requestedFor: + description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.' + type: array + items: + type: string + example: 2c918084660f45d6016617daa9210584 + requestType: + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. + example: GRANT_ACCESS + requestedItems: + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of the item being requested. + example: ACCESS_PROFILE + id: + type: string + description: 'ID of Role, Access Profile or Entitlement being requested.' + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: | + Comment provided by requester. + * Comment is required when the request is of type Revoke Access. + example: Requesting access profile for John Doe + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. + removeDate: + type: string + description: | + The date the role or access profile is no longer assigned to the specified identity. + * Specify a date in the future. + * The current SLA for the deprovisioning is 24 hours. + * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. + * Currently it is not supported for entitlements. + * If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements. + format: date-time + example: '2020-07-11T21:23:15.000Z' + required: + - id + - type + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. + required: + - requestedFor + - requestedItems + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-requests/cancel: + post: + operationId: cancelAccessRequest + tags: + - Access Requests + summary: Cancel Access Request + description: |- + This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step. + Any token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Request body payload for cancel access request endpoint. + required: + - accountActivityId + - comment + properties: + accountActivityId: + type: string + description: ID of the account activity object corresponding to the access request. + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: Reason for cancelling the pending access request. + example: I requested this role by mistake. + example: + accountActivityId: 2c91808568c529c60168cca6f90c1313 + comment: I requested this role by mistake. + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-requests/close: + post: + operationId: closeAccessRequest + tags: + - Access Requests + summary: Close Access Request + description: | + This endpoint closes access requests that are stuck in a pending state. It can be used throughout a request's lifecycle (even after the approval state, unlike Cancel Access Request). A token with ORG_ADMIN authority is required. + + To find pending access requests via the UI, navigate to Search and use this query: status: Pending AND "Access Request". Use the Column Chooser to select "Tracking Number," and the Download button to export a CSV containing the Tracking Numbers. + + To find pending access requests via the API, use List Account Activities. + + Input the ids from either source + + To track the status of endpoint requests, navigate to Search and use this query: name:"Close Identity Requests". Search will include "Close Identity Requests Started" audits when requests are initiated, and "Close Identity Requests Completed" audits when requests are completed. The completion audit will list the Identity Request IDs that finished in error. + + This API triggers the Provisioning Action Completed event trigger for each access request that is closed. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Request body payload for close access requests endpoint. + required: + - accessRequestIds + properties: + accessRequestIds: + type: array + description: Access Request IDs for the requests to be closed. Accepts 1-500 Identity Request IDs per request. + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + message: + type: string + description: Reason for closing the access request. Displayed under Warnings in IdentityNow. + default: The IdentityNow Administrator manually closed this request. + example: The IdentityNow Administrator manually closed this request. + executionStatus: + type: string + enum: + - Terminated + - Completed + description: The request's provisioning status. Displayed as Stage in IdentityNow. + default: Terminated + example: Terminated + completionStatus: + type: string + enum: + - Success + - Incomplete + - Failure + description: The request's overall status. Displayed as Status in IdentityNow. + default: Failure + example: Failure + example: + accessRequestIds: + - 2c90ad2a70ace7d50170acf22ca90010 + executionStatus: Terminated + completionStatus: Failure + message: The IdentityNow Administrator manually closed this request. + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-config: + get: + operationId: getAccessRequestConfig + summary: Get Access Request Configuration + tags: + - Access Requests + description: This endpoint returns the current access-request configuration. + responses: + '200': + description: Access Request Configuration Details. + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateAccessRequestConfig + summary: Update Access Request Configuration + tags: + - Access Requests + description: |- + This endpoint replaces the current access-request configuration. + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + responses: + '200': + description: Access Request Configuration Details. + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-status: + get: + operationId: listAccessRequestStatus + tags: + - Access Requests + summary: Access Request Status + description: |- + The Access Request Status API returns a list of access request statuses based on the specified query parameters. + Any token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users. + parameters: + - in: query + name: requested-for + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + - in: query + name: requested-by + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + - in: query + name: regarding-identity + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. + required: false + - in: query + name: count + description: If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + required: false + schema: + type: boolean + default: false + example: false + - in: query + name: limit + description: Max number of results to return. + required: false + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + example: 100 + - in: query + name: offset + description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified. + required: false + schema: + type: integer + format: int32 + minimum: 0 + example: 10 + - in: query + name: filters + schema: + type: string + example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **accountActivityItemId**: *eq, in* + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified, accountActivityItemId** + example: created + required: false + responses: + '200': + description: List of requested item status. + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: Human-readable display name of the item being requested. + example: AccessProfile1 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of requested object. + example: ACCESS_PROFILE + cancelledRequestDetails: + nullable: true + type: object + properties: + comment: + type: string + description: Comment made by the owner when cancelling the associated request. + example: Nisl quis ipsum quam quisque condimentum nunc ut dolor nunc. + owner: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Date comment was added by the owner when cancelling the associated request + example: '2019-12-20T09:17:12.192Z' + description: Provides additional details for a request that has been cancelled. + errorMessages: + type: array + nullable: true + items: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + description: 'List of list of localized error messages, if any, encountered during the approval/provisioning process.' + state: + type: string + enum: + - EXECUTING + - REQUEST_COMPLETED + - CANCELLED + - TERMINATED + - PROVISIONING_VERIFICATION_PENDING + - REJECTED + - PROVISIONING_FAILED + - NOT_ALL_ITEMS_PROVISIONED + - ERROR + description: |- + Indicates the state of an access request: + * EXECUTING: The request is executing, which indicates the system is doing some processing. + * REQUEST_COMPLETED: Indicates the request has been completed. + * CANCELLED: The request was cancelled with no user input. + * TERMINATED: The request has been terminated before it was able to complete. + * PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified. + * REJECTED: The request was rejected. + * PROVISIONING_FAILED: The request has failed to complete. + * NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes. + * ERROR: An error occurred during request processing. + example: EXECUTING + approvalDetails: + type: array + items: + type: object + properties: + forwarded: + type: boolean + description: True if the request for this item was forwarded from one owner to another. + example: false + originalOwner: + description: 'Base identity/workgroup reference object representing the original owner, if forwarded.' + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + currentOwner: + description: Base reference of approver that will make decision. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + reviewedBy: + description: The identity who has reviewed the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Time at which item was modified. + example: '2019-08-23T18:52:57.398Z' + status: + type: string + enum: + - PENDING + - APPROVED + - REJECTED + - EXPIRED + - CANCELLED + - ARCHIVED + description: |- + Indicates the state of the request processing for this item: + * PENDING: The request for this item is awaiting processing. + * APPROVED: The request for this item has been approved. + * REJECTED: The request for this item was rejected. + * EXPIRED: The request for this item expired with no action taken. + * CANCELLED: The request for this item was cancelled with no user action. + * ARCHIVED: The request for this item has been archived after completion. + example: PENDING + scheme: + type: string + enum: + - APP_OWNER + - SOURCE_OWNER + - MANAGER + - ROLE_OWNER + - ACCESS_PROFILE_OWNER + - ENTITLEMENT_OWNER + - GOVERNANCE_GROUP + description: Describes the individual or group that is responsible for an approval step. + example: MANAGER + errorMessages: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + description: 'If the request failed, includes any error messages that were generated.' + comment: + type: string + description: 'Comment, if any, provided by the approver.' + example: I approve this request + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + description: Approval details for each item. + manualWorkItemDetails: + type: array + nullable: true + items: + type: object + properties: + forwarded: + type: boolean + description: True if the request for this item was forwarded from one owner to another. + example: true + originalOwner: + description: 'Base identity/workgroup reference object representing the original owner, if forwarded.' + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + currentOwner: + description: Base reference of approver that will make decision. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Time at which item was modified. + example: '2019-08-23T18:52:57.398Z' + status: + type: string + enum: + - PENDING + - APPROVED + - REJECTED + - EXPIRED + - CANCELLED + - ARCHIVED + description: |- + Indicates the state of the request processing for this item: + * PENDING: The request for this item is awaiting processing. + * APPROVED: The request for this item has been approved. + * REJECTED: The request for this item was rejected. + * EXPIRED: The request for this item expired with no action taken. + * CANCELLED: The request for this item was cancelled with no user action. + * ARCHIVED: The request for this item has been archived after completion. + example: PENDING + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + description: Manual work items created for provisioning the item. + accountActivityItemId: + type: string + description: Id of associated account activity item. + example: 2c9180926cbfbddd016cbfc7c3b10010 + requestType: + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. + example: GRANT_ACCESS + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the Access Request Status is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requesterComment: + nullable: true + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + sodViolationContext: + nullable: true + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + provisioningDetails: + nullable: true + type: object + properties: + orderedSubPhaseReferences: + type: string + description: 'Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.' + example: manualWorkItemDetails + description: Provides additional details about provisioning for this request. + preApprovalTriggerDetails: + nullable: true + type: object + properties: + comment: + type: string + description: Comment left for the pre-approval decision + example: Access is Approved + reviewer: + type: string + description: The reviewer of the pre-approval decision + example: John Doe + decision: + type: string + enum: + - APPROVED + - REJECTED + description: The decision of the pre-approval trigger + example: APPROVED + description: Provides additional details about the pre-approval trigger for this request. + accessRequestPhases: + type: array + items: + type: object + properties: + started: + type: string + description: The time that this phase started. + format: date-time + example: '2020-07-11T00:00:00Z' + finished: + type: string + description: The time that this phase finished. + format: date-time + example: '2020-07-12T00:00:00Z' + name: + type: string + description: The name of this phase. + example: APPROVAL_PHASE + state: + type: string + enum: + - PENDING + - EXECUTING + - COMPLETED + - CANCELLED + description: The state of this phase. + example: COMPLETED + result: + type: string + enum: + - SUCCESSFUL + - FAILED + description: The state of this phase. + example: SUCCESSFUL + phaseReference: + type: string + description: 'A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.' + example: approvalDetails + description: Provides additional details about this access request phase. + description: 'A list of Phases that the Access Request has gone through in order, to help determine the status of the request.' + description: + type: string + description: Description associated to the requested object. + example: This is the Engineering role that engineers are granted. + removeDate: + type: string + format: date-time + nullable: true + description: When the role access is scheduled for removal. + example: '2019-10-23T00:00:00.000Z' + cancelable: + type: boolean + description: True if the request can be canceled. + example: true + accessRequestId: + type: string + format: string + description: This is the account activity id. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + key1: value1 + key2: value2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/pending: + get: + operationId: listPendingApprovals + summary: Pending Access Request Approvals List + tags: + - Access Request Approvals + description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info. + parameters: + - in: query + name: owner-id + schema: + type: string + description: |- + If present, the value returns only pending approvals for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used. + * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value. + required: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **requestedFor.id**: *eq, in* + + **modified**: *gt, lt, ge, le* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified** + responses: + '200': + description: List of Pending Approvals. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The approval id. + name: + type: string + example: Pending approval name + description: The name of the approval. + created: + type: string + format: date-time + description: When the approval was created. + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: When the approval was modified last time. + example: '2018-07-25T20:22:28.104Z' + requestCreated: + type: string + format: date-time + description: When the access-request was created. + example: '2017-07-11T18:45:35.098Z' + requestType: + description: If the access-request was for granting or revoking access. + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + example: GRANT_ACCESS + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the item is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + owner: + description: The owner or approver of the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedObject: + description: The requested access item. + type: object + properties: + id: + type: string + example: 2c938083633d259901633d25c68c00fa + description: Id of the object. + name: + type: string + example: Object Name + description: Name of the object. + description: + type: string + example: Object Description + description: Description of the object. + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of the object. + example: ROLE + requesterComment: + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + previousReviewersComments: + type: array + items: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + description: The history of the previous reviewers comments. + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + commentRequiredWhenRejected: + type: boolean + example: true + description: When true the rejector has to provide comments when rejecting + actionInProcess: + description: 'Action that is performed on this approval, and system has not finished performing that action yet.' + type: string + enum: + - APPROVED + - REJECTED + - FORWARDED + example: APPROVED + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + removeDateUpdateRequested: + type: boolean + example: true + description: 'If true, then the request is to change the remove date or sunset date.' + currentRemoveDate: + type: string + description: The remove date or sunset date that was assigned at the time of the request. + format: date-time + example: '2020-07-11T00:00:00Z' + sodViolationContext: + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + id: + type: string + description: the application ID + example: ff8081814d977c21014da056804a0af3 + name: + type: string + description: the application name + example: Github + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/completed: + get: + operationId: listCompletedApprovals + summary: Completed Access Request Approvals List + tags: + - Access Request Approvals + description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info. + parameters: + - in: query + name: owner-id + schema: + type: string + description: |- + If present, the value returns only completed approvals for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used. + * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value. + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **requestedFor.id**: *eq, in* + + **modified**: *gt, lt, ge, le* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified** + responses: + '200': + description: List of Completed Approvals. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + example: 2c938083633d259901633d25c68c00fa + description: The approval id. + name: + type: string + example: Approval Name + description: The name of the approval. + created: + type: string + format: date-time + description: When the approval was created. + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: When the approval was modified last time. + example: '2018-07-25T20:22:28.104Z' + requestCreated: + type: string + format: date-time + description: When the access-request was created. + example: '2017-07-11T18:45:35.098Z' + requestType: + description: If the access-request was for granting or revoking access. + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + example: GRANT_ACCESS + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the item is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + reviewedBy: + description: The identity who has reviewed the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + owner: + description: The owner or approver of the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedObject: + description: The requested access item. + type: object + properties: + id: + type: string + example: 2c938083633d259901633d25c68c00fa + description: Id of the object. + name: + type: string + example: Object Name + description: Name of the object. + description: + type: string + example: Object Description + description: Description of the object. + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of the object. + example: ROLE + requesterComment: + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + reviewerComment: + description: The approval's reviewer's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + previousReviewersComments: + type: array + items: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + description: The history of the previous reviewers comments. + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + commentRequiredWhenRejected: + type: boolean + example: true + description: When true the rejector has to provide comments when rejecting + state: + description: The final state of the approval + type: string + enum: + - APPROVED + - REJECTED + example: APPROVED + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + removeDateUpdateRequested: + type: boolean + example: true + description: 'If true, then the request was to change the remove date or sunset date.' + currentRemoveDate: + type: string + description: The remove date or sunset date that was assigned at the time of the request. + format: date-time + example: '2020-07-11T00:00:00Z' + sodViolationContext: + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + id: + type: string + description: the application ID + example: ff8081814d977c21014da056804a0af3 + name: + type: string + description: the application name + example: Github + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/approve': + post: + operationId: approveAccessRequest + summary: Approves an access request approval. + tags: + - Access Request Approvals + description: This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Reviewer's comment. + required: false + content: + application/json: + schema: + type: object + properties: + comment: + type: string + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/reject': + post: + operationId: rejectAccessRequest + summary: Rejects an access request approval. + tags: + - Access Request Approvals + description: This endpoint rejects an access request approval. Only the owner of the approval and admin users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Reviewer's comment. + required: false + content: + application/json: + schema: + type: object + properties: + comment: + type: string + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/forward': + post: + operationId: forwardAccessRequest + summary: Forwards an access request approval to a new owner. + tags: + - Access Request Approvals + description: This endpoint forwards an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Information about the forwarded approval. + required: true + content: + application/json: + schema: + type: object + required: + - newOwnerId + - comment + properties: + newOwnerId: + type: string + description: The Id of the new owner + minLength: 1 + maxLength: 255 + comment: + type: string + description: The comment provided by the forwarder + minLength: 1 + maxLength: 255 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/approval-summary: + get: + operationId: getAccessRequestApprovalSummary + summary: 'Get the number of pending, approved and rejected access requests approvals' + tags: + - Access Request Approvals + description: 'This endpoint returns the number of pending, approved and rejected access requests approvals. See "owner-id" query parameter below for authorization info.' + parameters: + - in: query + name: owner-id + schema: + type: string + description: |- + The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN user can also fetch all the approvals in the org, when owner-id is not used. + * Non ORG_ADMIN users can only specify *me* or pass their own identity ID value. + - in: query + name: from-date + schema: + type: string + description: |- + From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format + + example: from-date=2020-03-19T19:59:11Z + responses: + '200': + description: 'Number of pending, approved, rejected access request approvals.' + content: + application/json: + schema: + type: object + properties: + pending: + type: integer + description: The number of pending access requests approvals. + approved: + type: integer + description: The number of approved access requests approvals. + rejected: + type: integer + description: The number of rejected access requests approvals. + '400': + description: Client Error - Returned if the query parameter is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /ai-access-request-recommendations: + get: + operationId: getAccessRequestRecommendations + tags: + - IAI Access Request Recommendations + summary: Identity Access Request Recommendations + description: This API returns the access request recommendations for the specified identity. The default identity is *me* which indicates the current user. + parameters: + - in: query + name: identity-id + description: Get access request recommendations for an identityId. *me* indicates the current user. + schema: + type: string + default: me + required: false + example: 2c91808570313110017040b06f344ec9 + - in: query + name: limit + description: Max number of results to return. + required: false + schema: + type: integer + minimum: 0 + maximum: 15 + default: 15 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: include-translation-messages + description: If *true* it will populate a list of translation messages in the response. + schema: + type: boolean + default: false + required: false + example: false + - in: query + name: filters + schema: + type: string + description: |- + Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **access.name**: *co* + + **access.type**: *eq, in* + + **access.description**: *co* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **access.name, access.type** + + By default the recommendations are sorted by highest confidence first. + responses: + '200': + description: List of access request recommendations for the identityId + content: + application/json: + schema: + type: array + items: + type: object + properties: + identityId: + type: string + format: UUID + description: Identity ID for the recommendation + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + name: + type: string + description: Name of the access item + example: Employee-database-read-write + description: + type: string + description: Description of the access item + example: This item grants an employee read and write access to the database + ignored: + type: boolean + example: true + description: Whether or not the identity has already chosen to ignore this recommendation. + requested: + type: boolean + example: true + description: Whether or not the identity has already chosen to request this recommendation. + viewed: + type: boolean + example: true + description: Whether or not the identity reportedly viewed this recommendation. + messages: + type: array + items: + type: object + properties: + interpretation: + type: string + description: Information about why the access item was recommended. + example: 95% of your peers have this access. + translationMessages: + description: The list of translation messages + type: array + example: + - key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH + values: + - '75' + - department + items: + properties: + key: + type: string + description: The key of the translation message + example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH + values: + type: array + description: The values corresponding to the translation messages + items: + type: string + example: + - '75' + - department + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /ai-access-request-recommendations/ignored-items: + post: + operationId: addAccessRequestRecommendationsIgnoredItem + tags: + - IAI Access Request Recommendations + summary: Notification of Ignored Access Request Recommendations + description: 'This API ignores a recommended access request item. Once an item is ignored, it will be marked as ignored=true if it is still a recommended item. The consumer can decide to hide ignored recommendations.' + requestBody: + description: The recommended access item to ignore for an identity. + required: true + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + required: + - identityId + - access + responses: + '201': + description: Recommendation successfully stored as ignored. + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + timestamp: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: getAccessRequestRecommendationsIgnoredItems + tags: + - IAI Access Request Recommendations + summary: List of Ignored Access Request Recommendations + description: This API returns the list of ignored access request recommendations. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **access.id**: *eq, in* + + **access.type**: *eq, in* + + **identityId**: *eq, in* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp** + responses: + '200': + description: Returns list of ignored access request recommendations. + content: + application/json: + schema: + type: array + items: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + timestamp: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /ai-access-request-recommendations/requested-items: + post: + operationId: addAccessRequestRecommendationsRequestedItem + tags: + - IAI Access Request Recommendations + summary: Notification of Requested Access Request Recommendations + description: 'This API consumes a notification that a recommended access request item was requested. This API does not actually make the request, it is just a notification. This will help provide feedback in order to improve our recommendations.' + requestBody: + description: The recommended access item that was requested for an identity. + required: true + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + required: + - identityId + - access + responses: + '201': + description: Notification successfully acknowledged. + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + timestamp: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: getAccessRequestRecommendationsRequestedItems + tags: + - IAI Access Request Recommendations + summary: List of Requested Access Request Recommendations + description: This API returns a list of requested access request recommendations. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **access.id**: *eq, in* + + **access.type**: *eq, in* + + **identityId**: *eq, in* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp** + responses: + '200': + description: Returns the list of requested access request recommendations. + content: + application/json: + schema: + type: array + items: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + timestamp: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /ai-access-request-recommendations/viewed-items: + post: + operationId: addAccessRequestRecommendationsViewedItem + tags: + - IAI Access Request Recommendations + summary: Notification of Viewed Access Request Recommendations + description: This API consumes a notification that a recommended access request item was viewed. Future recommendations with this item will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations. + requestBody: + description: The recommended access that was viewed for an identity. + required: true + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + required: + - identityId + - access + responses: + '201': + description: Recommendation successfully stored as viewed. + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + timestamp: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: getAccessRequestRecommendationsViewedItems + tags: + - IAI Access Request Recommendations + summary: List of Viewed Access Request Recommendations + description: This API returns the list of viewed access request recommendations. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **access.id**: *eq, in* + + **access.type**: *eq, in* + + **identityId**: *eq, in* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp** + responses: + '200': + description: Returns list of viewed access request recommendations. + content: + application/json: + schema: + type: array + items: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + timestamp: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /ai-access-request-recommendations/viewed-items/bulk-create: + post: + operationId: addAccessRequestRecommendationsViewedItems + tags: + - IAI Access Request Recommendations + summary: Notification of Viewed Access Request Recommendations in Bulk + description: This API consumes a notification that a set of recommended access request item were viewed. Future recommendations with these items will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations. + requestBody: + description: The recommended access items that were viewed for an identity. + required: true + content: + application/json: + schema: + type: array + items: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + required: + - identityId + - access + responses: + '201': + description: Recommendations successfully stored as viewed. + content: + application/json: + schema: + type: array + items: + type: object + properties: + identityId: + type: string + format: UUID + description: The identity ID taking the action. + example: 2c91808570313110017040b06f344ec9 + access: + type: object + properties: + id: + type: string + format: UUID + description: ID of access item being recommended. + example: 2c9180835d2e5168015d32f890ca1581 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + description: The type of access item. + example: ACCESS_PROFILE + timestamp: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /accounts: + get: + operationId: listAccounts + tags: + - Accounts + summary: Accounts List + description: |- + This returns a list of accounts. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + - 'idn:accounts:manage' + parameters: + - in: query + name: detailLevel + schema: + type: string + enum: + - SLIM + - FULL + description: 'Determines whether Slim, or increased level of detail is provided for each account in the returned list. FULL is the default behavior.' + example: FULL + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: identityId eq "2c9180858082150f0180893dbaf44201" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **identityId**: *eq* + + **name**: *eq, in* + + **nativeIdentity**: *eq, in* + + **sourceId**: *eq, in* + + **uncorrelated**: *eq* + responses: + '200': + description: List of account objects + content: + application/json: + schema: + type: array + items: + oneOf: + - type: object + title: Slim Account + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + properties: + uuid: + type: string + format: uuid + description: Unique ID from the owning source + example: 2c9180857893f12901789445619b0366 + nullable: true + nativeIdentity: + type: string + description: The native identifier of the account + example: brandin.gray + description: + type: string + description: The description for the account + example: Brandin Gray the CEO of Silly Inc. + nullable: true + disabled: + type: boolean + description: Whether the account is disabled + example: false + locked: + type: boolean + description: Whether the account is locked + example: false + manuallyCorrelated: + type: boolean + description: Whether the account was manually correlated + example: false + hasEntitlements: + type: boolean + description: Whether the account has any entitlements associated with it + example: true + sourceId: + type: string + description: The ID of the source for which this account belongs + example: 2c9180835d2e5168015d32f890ca1581 + sourceName: + type: string + description: The name of the source + example: Large Source + identityId: + type: string + description: The ID of the identity for which this account is correlated to if not uncorrelated + example: 4b9163835d2e5168015d32f890ca5936 + attributes: + type: object + description: A map containing attributes associated with the account + additionalProperties: true + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + - type: object + title: Full Account + allOf: + - type: object + title: Slim Account + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + properties: + uuid: + type: string + format: uuid + description: Unique ID from the owning source + example: 2c9180857893f12901789445619b0366 + nullable: true + nativeIdentity: + type: string + description: The native identifier of the account + example: brandin.gray + description: + type: string + description: The description for the account + example: Brandin Gray the CEO of Silly Inc. + nullable: true + disabled: + type: boolean + description: Whether the account is disabled + example: false + locked: + type: boolean + description: Whether the account is locked + example: false + manuallyCorrelated: + type: boolean + description: Whether the account was manually correlated + example: false + hasEntitlements: + type: boolean + description: Whether the account has any entitlements associated with it + example: true + sourceId: + type: string + description: The ID of the source for which this account belongs + example: 2c9180835d2e5168015d32f890ca1581 + sourceName: + type: string + description: The name of the source + example: Large Source + identityId: + type: string + description: The ID of the identity for which this account is correlated to if not uncorrelated + example: 4b9163835d2e5168015d32f890ca5936 + attributes: + type: object + description: A map containing attributes associated with the account + additionalProperties: true + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + - type: object + properties: + authoritative: + type: boolean + description: Whether this account belongs to an authoritative source + example: false + systemAccount: + type: boolean + description: Whether this account is for the IdentityNow source + example: false + uncorrelated: + type: boolean + description: True if this account is not correlated to an identity + example: false + features: + type: string + description: A string list containing the owning source's features + example: ENABLE + examples: + SlimAccounts: + description: List of slim accounts that would result with *detailLevel = SLIM* + value: + - attributes: null + created: '2021-09-28T02:15:44.644Z' + description: null + disabled: false + features: 'PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE' + hasEntitlements: true + id: 2c9180867c184ff6017c2a2fbf031667 + identityId: 2c9180867c184ff6017c2a2fbf031666 + locked: false + manuallyCorrelated: false + modified: '2021-09-28T02:16:12.207Z' + name: Geovanni.0a7cad6df + nativeIdentity: 'CN=Geovanni 0a7cad6df,OU=hpun,OU=org-data-service,DC=TestAutomationAD,DC=local' + sourceId: 2c91808b7c28b350017c2a2ec5790aa1 + uuid: '{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}' + FullAccounts: + description: List of slim accounts that would result with *detailLevel = FULL* or not specifying it + value: + - attributes: null + authoritative: true + created: '2021-09-28T02:15:44.644Z' + description: null + disabled: false + features: 'PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE' + hasEntitlements: true + id: 2c9180867c184ff6017c2a2fbf031667 + identityId: 2c9180867c184ff6017c2a2fbf031666 + locked: false + manuallyCorrelated: false + modified: '2021-09-28T02:16:12.207Z' + name: Geovanni.0a7cad6df + nativeIdentity: 'CN=Geovanni 0a7cad6df,OU=hpun,OU=org-data-service,DC=TestAutomationAD,DC=local' + sourceId: 2c91808b7c28b350017c2a2ec5790aa1 + systemAccount: false + uncorrelated: false + uuid: '{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createAccount + tags: + - Accounts + summary: Create Account + description: |- + This API submits an account creation task and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - attributes + properties: + attributes: + description: The schema attribute values for the account + type: object + example: + city: Austin + displayName: John Doe + userName: jdoe + sAMAccountName: jDoe + mail: john.doe@sailpoint.com + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}': + get: + operationId: getAccount + tags: + - Accounts + summary: Account Details + description: |- + This API returns the details for a single account based on the ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An account object + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + required: + - sourceId + - sourceName + - attributes + - authoritative + - disabled + - locked + - nativeIdentity + - systemAccount + - uncorrelated + - manuallyCorrelated + - hasEntitlements + properties: + sourceId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The unique ID of the source this account belongs to + sourceName: + type: string + example: Employees + description: The display name of the source this account belongs to + identityId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The unique ID of the identity this account is correlated to + attributes: + type: object + additionalProperties: true + description: The account attributes that are aggregated + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + authoritative: + type: boolean + description: Indicates if this account is from an authoritative source + example: false + description: + type: string + description: A description of the account + nullable: true + example: null + disabled: + type: boolean + description: Indicates if the account is currently disabled + example: false + locked: + type: boolean + description: Indicates if the account is currently locked + example: false + nativeIdentity: + type: string + description: The unique ID of the account generated by the source system + example: '552775' + systemAccount: + type: boolean + example: false + description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.' + uncorrelated: + type: boolean + description: Indicates if this account is not correlated to an identity + example: false + uuid: + type: string + description: The unique ID of the account as determined by the account schema + example: slpt.support + nullable: true + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + hasEntitlements: + type: boolean + description: Indicates if the account has entitlements + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateAccount + tags: + - Accounts + summary: Update Account + description: |- + This updates account details. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + example: + - op: replace + path: /identityId + value: 2c9180845d1edece015d27a975983e21 + responses: + '202': + description: Accepted. Update request accepted and is in progress. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putAccount + tags: + - Accounts + summary: Update Account + description: |- + This API submits an account update task and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - attributes + properties: + attributes: + description: The schema attribute values for the account + type: object + example: + city: Austin + displayName: John Doe + userName: jdoe + sAMAccountName: jDoe + mail: john.doe@sailpoint.com + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteAccount + tags: + - Accounts + summary: Delete Account + description: |- + This API submits an account delete task and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/entitlements': + get: + operationId: getAccountEntitlements + tags: + - Accounts + summary: Account Entitlements + description: |- + This API returns entitlements of the account. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: An array of account entitlements + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + owner: + type: object + description: Simplified DTO for the owner object of the entitlement + properties: + id: + type: string + description: The owner id for the entitlement + example: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: + type: string + description: The owner name for the entitlement + example: identity 1 + type: + type: string + enum: + - IDENTITY + description: The type of the owner. Initially only type IDENTITY is supported + example: IDENTITY + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/reload': + post: + operationId: reloadAccount + tags: + - Accounts + summary: Reload Account + description: |- + This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/enable': + post: + operationId: enableAccount + tags: + - Accounts + summary: Enable Account + description: |- + This API submits a task to enable account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account enable/disable + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/disable': + post: + operationId: disableAccount + tags: + - Accounts + summary: Disable Account + description: |- + This API submits a task to disable the account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account enable/disable + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/unlock': + post: + operationId: unlockAccount + tags: + - Accounts + summary: Unlock Account + description: |- + This API submits a task to unlock an account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account unlock + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + unlockIDNAccount: + description: 'If set, the IDN account is unlocked after the workflow completes.' + type: boolean + example: false + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identities-accounts/{id}/enable': + post: + operationId: enableAccountForIdentity + tags: + - Accounts + summary: Enable IDN Account for Identity + description: This API submits a task to enable IDN account for a single identity. + externalDocs: + description: Learn more about enabling identities here + url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#enabling-user-identities' + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id. + example: 2c91808384203c2d018437e631158309 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identities-accounts/{id}/disable': + post: + operationId: disableAccountForIdentity + tags: + - Accounts + summary: Disable IDN Account for Identity + description: This API submits a task to disable IDN account for a single identity. + externalDocs: + description: Learn more about disabling identities here + url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#disabling-user-identities' + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id. + example: 2c91808384203c2d018437e631158309 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /identities-accounts/enable: + post: + operationId: enableAccountsForIdentities + tags: + - Accounts + summary: Enable IDN Accounts for Identities + description: This API submits tasks to enable IDN account for each identity provided in the request body. + externalDocs: + description: Learn more about enabling identities here + url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#enabling-user-identities' + security: + - oauth2: + - 'idn:accounts-state:manage' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + identityIds: + description: The ids of the identities for which enable/disable accounts. + type: array + items: + type: string + example: + - 2c91808384203c2d018437e631158308 + - 2c9180858082150f0180893dbaf553fe + responses: + '207': + description: Bulk response details. + content: + application/json: + schema: + type: array + items: + type: object + description: Bulk response object. + properties: + id: + type: string + description: Identifier of bulk request item. + example: 2c9180858082150f0180893dbaf553fe + statusCode: + type: integer + format: int32 + description: Response status value. + example: 404 + message: + type: string + description: Status containing additional context information about failures. + example: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found. + example: + - id: 2c9180858082150f0180893dbaf553fe + statusCode: 404 + message: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found. + - id: 2c91808384203c2d018437e631158308 + statusCode: 202 + message: null + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /identities-accounts/disable: + post: + operationId: disableAccountsForIdentities + tags: + - Accounts + summary: Disable IDN Accounts for Identities + description: This API submits tasks to disable IDN account for each identity provided in the request body. + externalDocs: + description: Learn more about disabling identities here + url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#disabling-user-identities' + security: + - oauth2: + - 'idn:accounts-state:manage' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + identityIds: + description: The ids of the identities for which enable/disable accounts. + type: array + items: + type: string + example: + - 2c91808384203c2d018437e631158308 + - 2c9180858082150f0180893dbaf553fe + responses: + '207': + description: Bulk response details. + content: + application/json: + schema: + type: array + items: + type: object + description: Bulk response object. + properties: + id: + type: string + description: Identifier of bulk request item. + example: 2c9180858082150f0180893dbaf553fe + statusCode: + type: integer + format: int32 + description: Response status value. + example: 404 + message: + type: string + description: Status containing additional context information about failures. + example: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found. + example: + - id: 2c9180858082150f0180893dbaf553fe + statusCode: 404 + message: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found. + - id: 2c91808384203c2d018437e631158308 + statusCode: 202 + message: null + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /accounts/search-attribute-config: + post: + operationId: createSearchAttributeConfig + tags: + - Search Attribute Configuration + summary: Configure/create extended search attributes in IdentityNow. + description: |- + This API accepts an attribute name, an attribute display name and a list of name/value pair associates of application IDs to attribute names. It will then validate the inputs and configure/create and attribute promotion configuration in the Link ObjectConfig. + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: Name of the new attribute + example: newMailAttribute + displayName: + type: string + description: The display name of the new attribute + example: New Mail Attribute + applicationAttributes: + type: object + description: Map of application id and their associated attribute. + example: + 2c91808b79fd2422017a0b35d30f3968: employeeNumber + 2c91808b79fd2422017a0b36008f396b: employeeNumber + example: + name: newMailAttribute + displayName: New Mail Attribute + applicationAttributes: + 2c9180866166b5b0016167c32ef31a66: mail + 2c9180866166b5b0016167c32ef31a67: mail + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: getSearchAttributeConfig + tags: + - Search Attribute Configuration + summary: Retrieve a list of extended search attributes in IdentityNow. + description: |- + This API retrieves a list of attribute/application associates currently configured in IdentityNow. + A token with ORG_ADMIN authority is required to call this API. + responses: + '200': + description: List of attribute configurations in IdentityNow. + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: Name of the new attribute + example: newMailAttribute + displayName: + type: string + description: The display name of the new attribute + example: New Mail Attribute + applicationAttributes: + type: object + description: Map of application id and their associated attribute. + example: + 2c91808b79fd2422017a0b35d30f3968: employeeNumber + 2c91808b79fd2422017a0b36008f396b: employeeNumber + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/search-attribute-config/{name}': + get: + operationId: getSingleSearchAttributeConfig + tags: + - Search Attribute Configuration + summary: Get the details of a specific extended search attribute in IdentityNow. + description: |- + This API accepts an extended attribute name and retrieves the corresponding extended attribute configuration. + A token with ORG_ADMIN authority is required to call this API. + parameters: + - name: name + in: path + description: Name of the extended search attribute configuration to delete. + required: true + schema: + type: string + example: newMailAttribute + responses: + '200': + description: Specific attribute configuration in IdentityNow. + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: Name of the new attribute + example: newMailAttribute + displayName: + type: string + description: The display name of the new attribute + example: New Mail Attribute + applicationAttributes: + type: object + description: Map of application id and their associated attribute. + example: + 2c91808b79fd2422017a0b35d30f3968: employeeNumber + 2c91808b79fd2422017a0b36008f396b: employeeNumber + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSearchAttributeConfig + tags: + - Search Attribute Configuration + summary: Delete an extended search attribute in IdentityNow. + description: |- + This API accepts an extended attribute name and deletes the corresponding extended attribute configuration. + A token with ORG_ADMIN authority is required to call this API. + parameters: + - name: name + in: path + description: Name of the extended search attribute configuration to delete. + required: true + schema: + type: string + example: newMailAttribute + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchSearchAttributeConfig + tags: + - Search Attribute Configuration + summary: Update the details of a specific extended search attribute in IdentityNow. + description: |- + This API updates an existing Search Attribute Configuration. The following fields are patchable: + **name**, **displayName**, **applicationAttributes** + A token with ORG_ADMIN authority is required to call this API. + parameters: + - name: name + in: path + description: Name of the Search Attribute Configuration to patch. + required: true + schema: + type: string + example: promotedMailAttribute + requestBody: + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: newAttributeName + - op: replace + path: /displayName + value: new attribute display name + - op: add + path: /applicationAttributes + value: + 2c91808b79fd2422017a0b35d30f3968: employeeNumber + required: true + responses: + '200': + description: Responds with the Search Attribute Configuration as updated. + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: Name of the new attribute + example: newMailAttribute + displayName: + type: string + description: The display name of the new attribute + example: New Mail Attribute + applicationAttributes: + type: object + description: Map of application id and their associated attribute. + example: + 2c91808b79fd2422017a0b35d30f3968: employeeNumber + 2c91808b79fd2422017a0b36008f396b: employeeNumber + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /account-activities: + get: + operationId: listAccountActivities + tags: + - Account Activities + summary: List Account Activities + description: This gets a collection of account activities that satisfy the given query parameters. + parameters: + - in: query + name: requested-for + schema: + type: string + description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + - in: query + name: requested-by + schema: + type: string + description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + - in: query + name: regarding-identity + schema: + type: string + description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. + required: false + - in: query + name: type + schema: + type: string + description: The type of account activity. + required: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **type**: *eq, in* + + **created**: *gt, lt, ge, le* + + **modified**: *gt, lt, ge, le* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **type, created, modified** + responses: + '200': + description: List of account activities + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the account activity itself + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + completionStatus: + nullable: true + type: string + description: The status after completion. + enum: + - SUCCESS + - FAILURE + - INCOMPLETE + - PENDING + example: SUCCESS + type: + type: string + example: appRequest + requesterIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + targetIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + errors: + type: array + items: + type: string + example: + - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' + warnings: + type: array + items: + type: string + example: null + items: + type: array + items: + type: object + properties: + id: + type: string + description: Item id + example: 48c545831b264409a81befcabb0e3c5a + name: + type: string + description: Human-readable display name of item + example: 48c545831b264409a81befcabb0e3c5a + requested: + type: string + format: date-time + description: Date and time item was requested + example: '2017-07-11T18:45:37.098Z' + approvalStatus: + nullable: true + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + provisioningStatus: + type: string + enum: + - PENDING + - FINISHED + - UNVERIFIABLE + - COMMITED + - FAILED + - RETRY + description: Provisioning state of an account activity item + example: PENDING + requesterComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + reviewerIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + reviewerComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + operation: + nullable: true + type: string + enum: + - ADD + - CREATE + - MODIFY + - DELETE + - DISABLE + - ENABLE + - UNLOCK + - LOCK + - REMOVE + description: Represents an operation in an account activity item + example: ADD + attribute: + type: string + description: Attribute to which account activity applies + nullable: true + example: detectedRoles + value: + type: string + description: Value of attribute + nullable: true + example: 'Treasury Analyst [AccessProfile-1529010191212]' + nativeIdentity: + nullable: true + type: string + description: Native identity in the target system to which the account activity applies + example: Sandie.Camero + sourceId: + type: string + description: Id of Source to which account activity applies + example: 2c91808363ef85290164000587130c0c + accountRequestInfo: + type: object + nullable: true + properties: + requestedObjectId: + type: string + description: Id of requested object + example: 2c91808563ef85690164001c31140c0c + requestedObjectName: + type: string + description: Human-readable name of requested object + example: Treasury Analyst + requestedObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + description: 'If an account activity item is associated with an access request, captures details of that request.' + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item' + example: + customKey1: custom value 1 + customKey2: custom value 2 + removeDate: + nullable: true + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + executionStatus: + type: string + description: The current state of execution. + enum: + - EXECUTING + - VERIFYING + - TERMINATED + - COMPLETED + example: COMPLETED + clientMetadata: + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + cancelable: + type: boolean + description: Whether the account activity can be canceled before completion + cancelComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/account-activities/{id}': + get: + operationId: getAccountActivity + tags: + - Account Activities + summary: Get Account Activity + description: This gets a single account activity by its id. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account activity id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An account activity object + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the account activity itself + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + completionStatus: + nullable: true + type: string + description: The status after completion. + enum: + - SUCCESS + - FAILURE + - INCOMPLETE + - PENDING + example: SUCCESS + type: + type: string + example: appRequest + requesterIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + targetIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + errors: + type: array + items: + type: string + example: + - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' + warnings: + type: array + items: + type: string + example: null + items: + type: array + items: + type: object + properties: + id: + type: string + description: Item id + example: 48c545831b264409a81befcabb0e3c5a + name: + type: string + description: Human-readable display name of item + example: 48c545831b264409a81befcabb0e3c5a + requested: + type: string + format: date-time + description: Date and time item was requested + example: '2017-07-11T18:45:37.098Z' + approvalStatus: + nullable: true + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + provisioningStatus: + type: string + enum: + - PENDING + - FINISHED + - UNVERIFIABLE + - COMMITED + - FAILED + - RETRY + description: Provisioning state of an account activity item + example: PENDING + requesterComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + reviewerIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + reviewerComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + operation: + nullable: true + type: string + enum: + - ADD + - CREATE + - MODIFY + - DELETE + - DISABLE + - ENABLE + - UNLOCK + - LOCK + - REMOVE + description: Represents an operation in an account activity item + example: ADD + attribute: + type: string + description: Attribute to which account activity applies + nullable: true + example: detectedRoles + value: + type: string + description: Value of attribute + nullable: true + example: 'Treasury Analyst [AccessProfile-1529010191212]' + nativeIdentity: + nullable: true + type: string + description: Native identity in the target system to which the account activity applies + example: Sandie.Camero + sourceId: + type: string + description: Id of Source to which account activity applies + example: 2c91808363ef85290164000587130c0c + accountRequestInfo: + type: object + nullable: true + properties: + requestedObjectId: + type: string + description: Id of requested object + example: 2c91808563ef85690164001c31140c0c + requestedObjectName: + type: string + description: Human-readable name of requested object + example: Treasury Analyst + requestedObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + description: 'If an account activity item is associated with an access request, captures details of that request.' + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item' + example: + customKey1: custom value 1 + customKey2: custom value 2 + removeDate: + nullable: true + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + executionStatus: + type: string + description: The current state of execution. + enum: + - EXECUTING + - VERIFYING + - TERMINATED + - COMPLETED + example: COMPLETED + clientMetadata: + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + cancelable: + type: boolean + description: Whether the account activity can be canceled before completion + cancelComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/account-aggregations/{id}/status': + get: + operationId: getAccountAggregationStatus + tags: + - Account Aggregations + summary: In-progress Account Aggregation status + description: |- + This API returns the status of an *in-progress* account aggregation, along with the total number of **NEW**, **CHANGED** and **DELETED** accounts found since the previous aggregation, and the number of those accounts that have been processed so far. + + Accounts that have not changed since the previous aggregation are not included in **totalAccounts** and **processedAccounts** counts returned by this API. This is distinct from **Accounts Scanned** shown in the Aggregation UI, which indicates total accounts scanned regardless of whether they changed or not. + + Since this endpoint reports on the status of an *in-progress* account aggregation, totalAccounts and processedAccounts may change between calls to this endpoint. + + *Only available up to an hour after the aggregation completes. May respond with *404 Not Found* after that.* + + A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN or DASHBOARD authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account aggregation id + example: 2c91808477a6b0c60177a81146b8110b + responses: + '200': + description: An account aggregation status object + content: + application/json: + schema: + type: object + properties: + start: + type: string + format: date-time + example: '2021-01-31T14:30:05.104Z' + description: When the aggregation started. + status: + type: string + enum: + - STARTED + - ACCOUNTS_COLLECTED + - COMPLETED + - CANCELLED + - RETRIED + - TERMINATED + example: ACCOUNTS_COLLECTED + description: | + STARTED - Aggregation started, but source account iteration has not completed. + + ACCOUNTS_COLLECTED - Source account iteration completed, but all accounts have not yet been processed. + + COMPLETED - Aggregation completed (*possibly with errors*). + + CANCELLED - Aggregation cancelled by user. + + RETRIED - Aggregation retried because of connectivity issues with the Virtual Appliance. + + TERMINATED - Aggregation marked as failed after 3 tries after connectivity issues with the Virtual Appliance. + totalAccounts: + type: integer + example: 520 + description: 'The total number of *NEW, CHANGED and DELETED* accounts that need to be processed for this aggregation. This does not include accounts that were unchanged since the previous aggregation. This can be zero if there were no new, changed or deleted accounts since the previous aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*' + processedAccounts: + type: integer + example: 150 + description: 'The number of *NEW, CHANGED and DELETED* accounts that have been processed so far. This reflects the number of accounts that have been processed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*' + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /campaigns: + get: + operationId: getActiveCampaigns + tags: + - Certification Campaigns + summary: List Campaigns + description: Gets campaigns and returns them in a list. Can provide increased level of detail for each campaign if provided the correct query. + parameters: + - in: query + name: detail + schema: + type: string + enum: + - SLIM + - FULL + required: false + description: 'Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.' + example: FULL + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + required: false + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, sw* + + **status**: *eq, in* + example: name eq "Manager Campaign" + - in: query + name: sorters + schema: + type: string + format: comma-separated + required: false + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + example: name + responses: + '200': + description: A list of campaign objects. + content: + application/json: + schema: + type: array + items: + oneOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + examples: + Slim Campaign: + description: List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM + value: + - id: 2c918086719eec070171a7e3355a360a + name: Manager Review + description: A review of everyone's access by their manager. + deadline: '2020-12-25T06:00:00.123Z' + type: MANAGER + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + - id: 7e1a731e3fb845cfbe58112ba4673ee4 + name: Search Campaign + description: Search Campaign Info + deadline: 2022-07-26T15:42:44.000Z + type: SEARCH + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + - id: 2c918086719eec070171a7e3355a412b + name: AD Source Review + description: A review of our AD source. + deadline: '2020-12-25T06:00:00.123Z' + type: SOURCE_OWNER + status: STAGED + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + - id: 3b2e2e5821e84127b6d693d41c40623b + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + Full Campaign: + description: List of Campaigns that would result from specifying *detail* as FULL + value: + - id: 078696a575e045c68d6722ccdb9f101d + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: ERROR + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-02T20:29:51.065Z + modified: 2022-08-02T20:29:51.331Z + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Role Composition Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: + - level: ERROR + localizations: + - locale: en + localeOrigin: DEFAULT + text: Composite criterion must have children non-composite criterion must not. + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + - id: 1be8fc1103914bf0a4e14e316b6a7b7c + name: Manager Review + description: A review of everyone's access by their manager. + deadline: 2020-12-25T06:00:00.468Z + type: MANAGER + status: STAGED + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-02T19:00:27.731Z + modified: 2022-08-02T19:00:34.391Z + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 5 + completedCertifications: 0 + sourcesWithOrphanEntitlements: [] + - id: 7e1a731e3fb845cfbe58112ba4673ee4 + name: Search Campaign + description: Search Campaign for Identities + deadline: 2022-07-26T15:42:44.000Z + type: SEARCH + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-07-25T15:42:18.276Z + modified: 2022-07-25T15:42:53.718Z + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: IDENTITY + description: Example of Search Campaign + reviewer: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: null + query: user + identityIds: null + accessConstraints: [] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 6 + completedCertifications: 0 + sourcesWithOrphanEntitlements: [] + - id: ad3cf3dd50394b1bad646de4bc51b999 + name: Source Owner Campaign + description: Example for Source Owner Campaign + deadline: 2022-08-10T17:09:02.000Z + type: SOURCE_OWNER + status: ACTIVE + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-07-27T17:04:19.027Z + modified: 2022-07-27T17:09:13.925Z + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: + sourceIds: + - 2c91808781fd5aea01821200dc88318e + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 2 + completedCertifications: 0 + sourcesWithOrphanEntitlements: [] + correlatedStatus: CORRELATED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createCampaign + tags: + - Certification Campaigns + summary: Create a campaign + description: Creates a new Certification Campaign with the information provided in the request body. + requestBody: + required: true + content: + application/json: + schema: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + examples: + Manager: + value: + name: Manager Review + description: A review of everyone's access by their manager. + deadline: 2020-12-25T06:00:00.468Z + type: MANAGER + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + filter: + type: CAMPAIGN_FILTER + id: 0c46fb26c6b20967a55517ee90d15b93 + Search: + value: + name: Search Campaign + description: Search Campaign + deadline: 2020-12-25T06:00:00.468Z + type: SEARCH + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + filter: + type: CAMPAIGN_FILTER + id: 0c46fb26c6b20967a55517ee90d15b93 + searchCampaignInfo: + type: ACCESS + query: user + Source Owner: + value: + name: Source Owner + description: Source Owner Info + deadline: 2020-12-25T06:00:00.468Z + type: SOURCE_OWNER + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + filter: + type: CAMPAIGN_FILTER + id: 0c46fb26c6b20967a55517ee90d15b93 + sourceOwnerCampaignInfo: + sourceIds: + - 612b31b1a0f04aaf83123bdb80e70db6 + correlatedStatus: CORRELATED + Role Composition: + value: + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + filter: + type: CAMPAIGN_FILTER + id: 0c46fb26c6b20967a55517ee90d15b93 + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + roleIds: + - b15d609fc5c8434b865fe552315fda8f + responses: + '200': + description: Indicates that the campaign requested was successfully created and returns its representation. + content: + application/json: + schema: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + examples: + Manager: + value: + id: 5594f43b76804a6980ece5fdccf74be7 + name: Manager Review + description: A review of everyone's access by their manager. + deadline: 2020-12-25T06:00:00.468Z + type: MANAGER + status: PENDING + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-02T20:21:18.421Z + modified: null + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + Search: + value: + id: ec041831cb2147778b594feb9d8db44a + name: Search Campaign + description: Search Campaign + deadline: 2020-12-25T06:00:00.468Z + type: SEARCH + status: PENDING + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-03T13:54:34.344Z + modified: null + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: ACCESS + description: user + reviewer: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: null + query: user + identityIds: null + accessConstraints: [] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + Source Owner: + value: + id: fd7b76ba4ea042de8a9414aa12fc977a + name: Source Owner + description: Source Owner Info + deadline: 2020-12-25T06:00:00.468Z + type: SOURCE_OWNER + status: PENDING + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-03T13:34:19.541Z + modified: null + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + sourceIds: + - 612b31b1a0f04aaf83123bdb80e70db6 + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + correlatedStatus: CORRELATED + Role Composition: + value: + id: 3b2e2e5821e84127b6d693d41c40623b + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: PENDING + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-02T20:30:46.083Z + modified: null + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Role Composition Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: null + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /campaigns/delete: + post: + operationId: deleteCampaigns + tags: + - Certification Campaigns + summary: Deletes Campaigns + description: Deletes campaigns whose Ids are specified in the provided list of campaign Ids. Authorized callers must be an ORG_ADMIN or a CERT_ADMIN. + requestBody: + description: The ids of the campaigns to delete. + required: true + content: + application/json: + schema: + type: object + properties: + ids: + description: The ids of the campaigns to delete + type: array + items: + type: string + example: + - 2c9180887335cee10173490db1776c26 + - 2c9180836a712436016a7125a90c0021 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}': + get: + operationId: getCampaign + tags: + - Certification Campaigns + summary: Get a campaign + description: 'Retrieves information for an existing campaign using the campaign''s ID. Authorized callers must be a reviewer for this campaign, an ORG_ADMIN, or a CERT_ADMIN.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign to be retrieved + example: 2c91808571bcfcf80171c23e4b4221fc + responses: + '200': + description: A campaign object + content: + application/json: + schema: + type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + examples: + Manager: + value: + id: 2c918086719eec070171a7e3355a360a + name: Manager Review + description: A review of everyone's access by their manager. + deadline: '2020-12-25T06:00:00.123Z' + type: MANAGER + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + Search: + value: + id: 7e1a731e3fb845cfbe58112ba4673ee4 + name: Search Campaign + description: Search Campaign Info + deadline: 2022-07-26T15:42:44.000Z + type: SEARCH + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + Source Owner: + value: + id: 2c918086719eec070171a7e3355a412b + name: AD Source Review + description: A review of our AD source. + deadline: '2020-12-25T06:00:00.123Z' + type: SOURCE_OWNER + status: STAGED + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + RoleComposition: + value: + id: 3b2e2e5821e84127b6d693d41c40623b + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateCampaign + tags: + - Certification Campaigns + summary: Update a Campaign + description: 'Allows updating individual fields on a campaign using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign template being modified. + example: 2c91808571bcfcf80171c23e4b4221fc + requestBody: + required: true + description: | + A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + The fields that can be patched differ based on the status of the campaign. + + In the *STAGED* status, the following fields can be patched: + * name + * description + * recommendationsEnabled + * deadline + * emailNotificationEnabled + * autoRevokeAllowed + + In the *ACTIVE* status, the following fields can be patched: + * deadline + content: + application/json-patch+json: + schema: + type: array + items: + type: object + example: + - op: replace + path: /name + value: This field has been updated! + - op: copy + from: /name + path: /description + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the campaign''s new representation.' + content: + application/json: + schema: + type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + examples: + Manager: + value: + id: 2c918086719eec070171a7e3355a360a + name: Manager Review + description: A review of everyone's access by their manager. + deadline: '2020-12-25T06:00:00.123Z' + type: MANAGER + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + Search: + value: + id: 7e1a731e3fb845cfbe58112ba4673ee4 + name: Search Campaign + description: Search Campaign Info + deadline: 2022-07-26T15:42:44.000Z + type: SEARCH + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + Source Owner: + value: + id: 2c918086719eec070171a7e3355a412b + name: AD Source Review + description: A review of our AD source. + deadline: '2020-12-25T06:00:00.123Z' + type: SOURCE_OWNER + status: STAGED + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + RoleComposition: + value: + id: 3b2e2e5821e84127b6d693d41c40623b + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}/activate': + post: + operationId: activateCampaign + tags: + - Certification Campaigns + summary: Activate a Campaign + description: |- + Submits a job to activate the campaign with the given Id. The campaign must be staged. + Requires roles of CERT_ADMIN and ORG_ADMIN + requestBody: + description: 'Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller''s timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format.' + required: false + content: + application/json: + schema: + type: object + properties: + timeZone: + type: string + description: 'The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as ''Z'') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh.' + default: Z + example: '-05:00' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The campaign id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}/complete': + post: + operationId: completeCampaign + tags: + - Certification Campaigns + summary: Complete a Campaign + description: | + :::caution + + This endpoint will run successfully for any campaigns that are **past due**. + + This endpoint will return a content error if the campaign is **not past due**. + + ::: + + Completes a certification campaign. This is provided to admins so that they + can complete a certification even if all items have not been completed. + + Requires roles of CERT_ADMIN and ORG_ADMIN + requestBody: + description: 'Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE' + required: false + content: + application/json: + schema: + type: object + properties: + autoCompleteAction: + description: Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion. + type: string + enum: + - APPROVE + - REVOKE + default: APPROVE + example: REVOKE + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The campaign id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}/run-remediation-scan': + post: + operationId: runCampaignRemediationScan + tags: + - Certification Campaigns + summary: Run Campaign Remediation Scan + description: |- + Kicks off remediation scan task for a certification campaign. + Requires roles of CERT_ADMIN and ORG_ADMIN + parameters: + - in: path + name: id + schema: + type: string + example: 2c91808571bcfcf80171c23e4b4221fc + required: true + description: The ID of the campaign for which remediation scan is being run. + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}/reassign': + post: + operationId: reassignCampaign + tags: + - Certification Campaigns + summary: Reassign Certifications + description: This API reassigns the specified certifications from one identity to another. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The certification campaign ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + certificationIds: + description: List of certification IDs to reassign + type: array + items: + type: string + minItems: 1 + maxItems: 250 + example: + - af3859464779471211bb8424a563abc1 + - af3859464779471211bb8424a563abc2 + - af3859464779471211bb8424a563abc3 + reassignTo: + type: object + properties: + id: + type: string + description: The identity ID to which the review is being assigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of the ID provided. + enum: + - IDENTITY + example: IDENTITY + reason: + type: string + description: Comment to explain why the certification was reassigned + example: reassigned for some reason + responses: + '202': + description: The reassign task that has been submitted. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the certification task. + example: 2c918086719eec070171a7e3355a360a + type: + type: string + description: The type of the certification task. More values may be added in the future. + enum: + - REASSIGN + - ADMIN_REASSIGN + - COMPLETE_CERTIFICATION + - FINISH_CERTIFICATION + - COMPLETE_CAMPAIGN + - ACTIVATE_CAMPAIGN + - CAMPAIGN_CREATE + - CAMPAIGN_DELETE + example: ADMIN_REASSIGN + targetType: + type: string + description: The type of item that is being operated on by this task whose ID is stored in the targetId field. + enum: + - CERTIFICATION + - CAMPAIGN + example: CAMPAIGN + targetId: + type: string + description: The ID of the item being operated on by this task. + example: 2c918086719eec070171a7e3355a834c + status: + type: string + description: The status of the task. + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + errors: + description: A list of errors that have been encountered by the task. + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + created: + type: string + description: The date and time on which this task was created. + format: date-time + example: '2020-09-24T18:10:47.693Z' + example: + id: 2c918086719eec070171a7e3355a360a + type: ADMIN_REASSIGN + targetType: CAMPAIGN + targetId: 2c918086719eec070171a7e3355a834c + status: QUEUED + errors: [] + created: '2020-09-24T18:10:47.693Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}/reports': + get: + operationId: getCampaignReports + tags: + - Certification Campaigns + summary: Get Campaign Reports + description: |- + Fetches all reports for a certification campaign by campaign ID. + Requires roles of CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN + parameters: + - in: path + name: id + schema: + type: string + example: 2c91808571bcfcf80171c23e4b4221fc + required: true + description: The ID of the campaign for which reports are being fetched. + responses: + '200': + description: Array of campaign report objects. + content: + application/json: + schema: + type: array + items: + type: object + title: Campaign Report + required: + - reportType + allOf: + - allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + - type: object + properties: + reportType: + type: string + enum: + - CAMPAIGN_COMPOSITION_REPORT + - CAMPAIGN_REMEDIATION_STATUS_REPORT + - CAMPAIGN_STATUS_REPORT + - CERTIFICATION_SIGNOFF_REPORT + lastRunAt: + type: string + readOnly: true + format: date-time + description: The most recent date and time this report was run + example: + type: REPORT_RESULT + id: 2c91808568c529c60168cca6f90c1313 + name: Campaign Composition Report + status: SUCCESS + reportType: CAMPAIGN_COMPOSITION_REPORT + lastRunAt: '2019-12-19T13:49:37.385Z' + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}/run-report/{type}': + post: + operationId: runCampaignReport + tags: + - Certification Campaigns + summary: Run Campaign Report + description: |- + Runs a report for a certification campaign. + Requires the following roles: CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + example: 2c91808571bcfcf80171c23e4b4221fc + required: true + description: The ID of the campaign for which report is being run. + - in: path + name: type + schema: + type: string + enum: + - CAMPAIGN_COMPOSITION_REPORT + - CAMPAIGN_REMEDIATION_STATUS_REPORT + - CAMPAIGN_STATUS_REPORT + - CERTIFICATION_SIGNOFF_REPORT + required: true + description: The type of the report to run. + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /campaigns/reports-configuration: + get: + operationId: getCampaignReportsConfig + tags: + - Certification Campaigns + summary: Get Campaign Reports Configuration + description: |- + Fetches configuration for campaign reports. Currently it includes only one element - identity attributes defined as custom report columns. + Requires roles of CERT_ADMIN and ORG_ADMIN. + responses: + '200': + description: Campaign Report Configuration + content: + application/json: + schema: + type: object + title: Campaign Reports Configuration + properties: + identityAttributeColumns: + type: array + items: + type: string + example: + - firstname + - lastname + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: setCampaignReportsConfig + tags: + - Certification Campaigns + summary: Set Campaign Reports Configuration + description: |- + Overwrites configuration for campaign reports. + Requires roles CERT_ADMIN and ORG_ADMIN. + requestBody: + required: true + description: Campaign Report Configuration + content: + application/json: + schema: + type: object + title: Campaign Reports Configuration + properties: + identityAttributeColumns: + type: array + items: + type: string + example: + - firstname + - lastname + responses: + '200': + description: The persisted Campaign Report Configuration + content: + application/json: + schema: + type: object + title: Campaign Reports Configuration + properties: + identityAttributeColumns: + type: array + items: + type: string + example: + - firstname + - lastname + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /campaign-templates: + get: + operationId: listCampaignTemplates + tags: + - Certification Campaigns + summary: List Campaign Templates + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name, created, modified** + - in: query + name: filters + schema: + type: string + format: comma-separated + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields: **name, id** + responses: + '200': + description: List of campaign template objects + content: + application/json: + schema: + type: array + items: + type: object + description: Campaign Template + properties: + id: + type: string + description: Id of the campaign template + example: 2c9079b270a266a60170a277bb960008 + name: + type: string + description: This template's name. Has no bearing on generated campaigns' names. + example: Manager Campaign Template + description: + type: string + description: This template's description. Has no bearing on generated campaigns' descriptions. + example: Template for the annual manager campaign. + created: + type: string + description: Creation date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:44:00.364Z' + modified: + type: string + description: Modification date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:52:09.969Z' + scheduled: + type: boolean + readOnly: true + description: Indicates if this campaign template has been scheduled. + example: false + ownerRef: + type: object + description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.' + properties: + id: + type: string + description: Id of the owner + example: 2c918086676d3e0601677611dbde220f + type: + type: string + enum: + - IDENTITY + description: Type of the owner + example: IDENTITY + name: + type: string + description: Name of the owner + example: Mister Manager + email: + type: string + description: Email of the owner + example: mr.manager@example.com + deadlineDuration: + type: string + description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).' + example: P2W + campaign: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + required: + - name + - description + - created + - modified + - campaign + example: + - id: e7dbec99d49349c8951bd84f58a05120 + name: Manager Review + created: 2022-08-02T19:16:42.632Z + modified: null + description: A review of everyone's access by their manager. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Manager Review + description: Review everyone's access. + deadline: null + type: MANAGER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + - id: b7e6459eed5247ac8b98a5fed81fe27f + name: Reporting Access Review + created: 2022-07-28T19:19:40.035Z + modified: null + description: A review of everyone's access to the reporting system. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: ACCESS + description: Identities with reporting abilities + reviewerId: null + reviewer: null + query: '@access(name: ("reporter"))' + identityIds: null + accessConstraints: [] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Search Campaign + description: Review everyone's access to the reporting system. + deadline: null + type: SEARCH + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + - id: b9f41bc69e7a4291b9de0630396d030d + name: Campaign With Admin Role + created: 2022-08-02T13:40:36.857Z + modified: null + description: Campaign With Admin Role + deadlineDuration: null + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: null + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Campaign With Admin Role + description: Campaign With Admin Role + deadline: null + type: ROLE_COMPOSITION + status: null + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + - id: b9f41bc69e7a4291b9de0630396d030d + name: AD Source Review + created: 2022-08-02T13:40:36.857Z + modified: null + description: A review of our AD source. + deadlineDuration: P1M + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: + sourceIds: + - 2c918084707deba501709d45ce4e5569 + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: AD Source Review + description: Review everyone's access. + deadline: null + type: SOURCE_OWNER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createCampaignTemplate + tags: + - Certification Campaigns + summary: Create a Campaign Template + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Campaign Template + properties: + id: + type: string + description: Id of the campaign template + example: 2c9079b270a266a60170a277bb960008 + name: + type: string + description: This template's name. Has no bearing on generated campaigns' names. + example: Manager Campaign Template + description: + type: string + description: This template's description. Has no bearing on generated campaigns' descriptions. + example: Template for the annual manager campaign. + created: + type: string + description: Creation date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:44:00.364Z' + modified: + type: string + description: Modification date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:52:09.969Z' + scheduled: + type: boolean + readOnly: true + description: Indicates if this campaign template has been scheduled. + example: false + ownerRef: + type: object + description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.' + properties: + id: + type: string + description: Id of the owner + example: 2c918086676d3e0601677611dbde220f + type: + type: string + enum: + - IDENTITY + description: Type of the owner + example: IDENTITY + name: + type: string + description: Name of the owner + example: Mister Manager + email: + type: string + description: Email of the owner + example: mr.manager@example.com + deadlineDuration: + type: string + description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).' + example: P2W + campaign: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + required: + - name + - description + - created + - modified + - campaign + examples: + Manager: + description: 'This creates a template that can be used to generate manager campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Manager Review" (e.g. "2020-03-16 Manager Review").' + value: + name: Manager Review + description: A review of everyone's access by their manager. + deadlineDuration: P2W + campaign: + name: Manager Review + description: Review everyone's access. + type: MANAGER + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + Search: + description: This creates a template that can be used to generate search access campaigns. The campaigns will cover the "reporter" access item for across all identities. + value: + name: Reporting Access Review + description: A review of everyone's access to the reporting system. + deadlineDuration: P2W + campaign: + name: Search Review + description: Review everyone's access to the reporting system. + type: SEARCH + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + searchCampaignInfo: + type: ACCESS + query: '@access(name: ("reporter"))' + description: Identities with reporting abilities + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + Source Owner: + description: 'This creates a template that can be used to generate source owner campaigns. The campaigns will have a due date that is one month after their creation date, and will review one source.' + value: + name: AD Source Review + description: A review of our AD source. + deadlineDuration: P1M + campaign: + name: Source Review + description: Review everyone's access. + type: SOURCE_OWNER + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + sourceOwnerCampaignInfo: + sourceIds: + - 2c918084707deba501709d45ce4e5569 + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + RoleComposition: + description: 'This creates a template that can be used to generate role composition campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Role Composition Review" (e.g. "2020-03-16 Role Composition Review").' + value: + name: Role Composition Review + description: 'A review of every role''s access items, by the specified reviewer.' + deadlineDuration: P2W + campaign: + name: Role Composition Review + description: Review all our roles. + type: ROLE_COMPOSITION + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 2c9180876ab2c053016ab6f65dfd5aaa + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + responses: + '200': + description: Created successfully. + content: + application/json: + schema: + type: object + description: Campaign Template + properties: + id: + type: string + description: Id of the campaign template + example: 2c9079b270a266a60170a277bb960008 + name: + type: string + description: This template's name. Has no bearing on generated campaigns' names. + example: Manager Campaign Template + description: + type: string + description: This template's description. Has no bearing on generated campaigns' descriptions. + example: Template for the annual manager campaign. + created: + type: string + description: Creation date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:44:00.364Z' + modified: + type: string + description: Modification date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:52:09.969Z' + scheduled: + type: boolean + readOnly: true + description: Indicates if this campaign template has been scheduled. + example: false + ownerRef: + type: object + description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.' + properties: + id: + type: string + description: Id of the owner + example: 2c918086676d3e0601677611dbde220f + type: + type: string + enum: + - IDENTITY + description: Type of the owner + example: IDENTITY + name: + type: string + description: Name of the owner + example: Mister Manager + email: + type: string + description: Email of the owner + example: mr.manager@example.com + deadlineDuration: + type: string + description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).' + example: P2W + campaign: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + required: + - name + - description + - created + - modified + - campaign + examples: + Manager: + value: + id: e7dbec99d49349c8951bd84f58a05120 + name: Manager Review + created: 2022-08-02T19:16:42.632Z + modified: null + description: A review of everyone's access by their manager. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Manager Review + description: Review everyone's access. + deadline: null + type: MANAGER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + Search: + value: + id: b7e6459eed5247ac8b98a5fed81fe27f + name: Reporting Access Review + created: 2022-07-28T19:19:40.035Z + modified: null + description: A review of everyone's access to the reporting system. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: ACCESS + description: Identities with reporting abilities + reviewerId: null + reviewer: null + query: '@access(name: ("reporter"))' + identityIds: null + accessConstraints: [] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Search Campaign Review + description: Review everyone's access to the reporting system. + deadline: null + type: SEARCH + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + Source Owner: + value: + id: b9f41bc69e7a4291b9de0630396d030d + name: AD Source Review + created: 2022-08-02T13:40:36.857Z + modified: null + description: A review of our AD source. + deadlineDuration: P1M + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: + sourceIds: + - 2c918084707deba501709d45ce4e5569 + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: AD Source Review + description: Review everyone's access. + deadline: null + type: SOURCE_OWNER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + RoleComposition: + value: + id: b9f41bc69e7a4291b9de0630396d030d + name: Campaign With Admin Role + created: 2022-08-02T13:40:36.857Z + modified: null + description: Campaign With Admin Role + deadlineDuration: null + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: null + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Campaign With Admin Role + description: Campaign With Admin Role + deadline: null + type: ROLE_COMPOSITION + status: null + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaign-templates/{id}': + get: + operationId: getCampaignTemplate + tags: + - Certification Campaigns + summary: Get a Campaign Template + description: Fetches a campaign template by ID. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The desired campaign template's ID. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: The data for the campaign matching the given ID. + content: + application/json: + schema: + type: object + description: Campaign Template + properties: + id: + type: string + description: Id of the campaign template + example: 2c9079b270a266a60170a277bb960008 + name: + type: string + description: This template's name. Has no bearing on generated campaigns' names. + example: Manager Campaign Template + description: + type: string + description: This template's description. Has no bearing on generated campaigns' descriptions. + example: Template for the annual manager campaign. + created: + type: string + description: Creation date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:44:00.364Z' + modified: + type: string + description: Modification date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:52:09.969Z' + scheduled: + type: boolean + readOnly: true + description: Indicates if this campaign template has been scheduled. + example: false + ownerRef: + type: object + description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.' + properties: + id: + type: string + description: Id of the owner + example: 2c918086676d3e0601677611dbde220f + type: + type: string + enum: + - IDENTITY + description: Type of the owner + example: IDENTITY + name: + type: string + description: Name of the owner + example: Mister Manager + email: + type: string + description: Email of the owner + example: mr.manager@example.com + deadlineDuration: + type: string + description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).' + example: P2W + campaign: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + required: + - name + - description + - created + - modified + - campaign + examples: + Manager: + value: + id: e7dbec99d49349c8951bd84f58a05120 + name: Manager Review + created: 2022-08-02T19:16:42.632Z + modified: null + description: A review of everyone's access by their manager. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Manager Review + description: Review everyone's access. + deadline: null + type: MANAGER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + Search: + value: + id: b7e6459eed5247ac8b98a5fed81fe27f + name: Reporting Access Review + created: 2022-07-28T19:19:40.035Z + modified: null + description: A review of everyone's access to the reporting system. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: ACCESS + description: Identities with reporting abilities + reviewerId: null + reviewer: null + query: '@access(name: ("reporter"))' + identityIds: null + accessConstraints: [] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Search Campaign Review + description: Review everyone's access to the reporting system. + deadline: null + type: SEARCH + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + Source Owner: + value: + id: b9f41bc69e7a4291b9de0630396d030d + name: AD Source Review + created: 2022-08-02T13:40:36.857Z + modified: null + description: A review of our AD source. + deadlineDuration: P1M + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: + sourceIds: + - 2c918084707deba501709d45ce4e5569 + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: AD Source Review + description: Review everyone's access. + deadline: null + type: SOURCE_OWNER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + RoleComposition: + value: + id: b9f41bc69e7a4291b9de0630396d030d + name: Campaign With Admin Role + created: 2022-08-02T13:40:36.857Z + modified: null + description: Campaign With Admin Role + deadlineDuration: null + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: null + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Campaign With Admin Role + description: Campaign With Admin Role + deadline: null + type: ROLE_COMPOSITION + status: null + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchCampaignTemplate + tags: + - Certification Campaigns + summary: Update a Campaign Template + description: 'Allows updating individual fields on a campaign template using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign template being modified. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + description: | + A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * name + * description + * deadlineDuration + * campaign (all fields that are allowed during create) + content: + application/json-patch+json: + schema: + type: array + items: + type: object + example: + - op: replace + path: /description + value: Updated description! + - op: replace + path: /campaign/filter/id + value: ff80818155fe8c080155fe8d925b0316 + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the template''s new representation.' + content: + application/json: + schema: + type: object + description: Campaign Template + properties: + id: + type: string + description: Id of the campaign template + example: 2c9079b270a266a60170a277bb960008 + name: + type: string + description: This template's name. Has no bearing on generated campaigns' names. + example: Manager Campaign Template + description: + type: string + description: This template's description. Has no bearing on generated campaigns' descriptions. + example: Template for the annual manager campaign. + created: + type: string + description: Creation date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:44:00.364Z' + modified: + type: string + description: Modification date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:52:09.969Z' + scheduled: + type: boolean + readOnly: true + description: Indicates if this campaign template has been scheduled. + example: false + ownerRef: + type: object + description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.' + properties: + id: + type: string + description: Id of the owner + example: 2c918086676d3e0601677611dbde220f + type: + type: string + enum: + - IDENTITY + description: Type of the owner + example: IDENTITY + name: + type: string + description: Name of the owner + example: Mister Manager + email: + type: string + description: Email of the owner + example: mr.manager@example.com + deadlineDuration: + type: string + description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).' + example: P2W + campaign: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + required: + - name + - description + - created + - modified + - campaign + examples: + Manager: + value: + id: e7dbec99d49349c8951bd84f58a05120 + name: Manager Review + created: 2022-08-02T19:16:42.632Z + modified: null + description: A review of everyone's access by their manager. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Manager Review + description: Review everyone's access. + deadline: null + type: MANAGER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + Search: + value: + id: b7e6459eed5247ac8b98a5fed81fe27f + name: Reporting Access Review + created: 2022-07-28T19:19:40.035Z + modified: null + description: A review of everyone's access to the reporting system. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: ACCESS + description: Identities with reporting abilities + reviewerId: null + reviewer: null + query: '@access(name: ("reporter"))' + identityIds: null + accessConstraints: [] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Search Campaign Review + description: Review everyone's access to the reporting system. + deadline: null + type: SEARCH + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + Source Owner: + value: + id: b9f41bc69e7a4291b9de0630396d030d + name: AD Source Review + created: 2022-08-02T13:40:36.857Z + modified: null + description: A review of our AD source. + deadlineDuration: P1M + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: + sourceIds: + - 2c918084707deba501709d45ce4e5569 + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: AD Source Review + description: Review everyone's access. + deadline: null + type: SOURCE_OWNER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + RoleComposition: + value: + id: b9f41bc69e7a4291b9de0630396d030d + name: Campaign With Admin Role + created: 2022-08-02T13:40:36.857Z + modified: null + description: Campaign With Admin Role + deadlineDuration: null + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: null + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Campaign With Admin Role + description: Campaign With Admin Role + deadline: null + type: ROLE_COMPOSITION + status: null + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteCampaignTemplate + tags: + - Certification Campaigns + summary: Delete a Campaign Template + description: Deletes a campaign template by ID. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign template being deleted. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '204': + description: The Source was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaign-templates/{id}/generate': + post: + operationId: generateCampaignTemplate + tags: + - Certification Campaigns + summary: Generate a Campaign from Template + description: |- + Generates a new campaign from a campaign template. + The campaign object contained in the template has special formatting applied to its name and description fields in order to determine the generated campaign's name/description. Placeholders in those fields are formatted with the current date and time upon generation. + Placeholders consist of a percent sign followed by a letter indicating what should be inserted; for example, "%Y" will insert the current year; a campaign template named "Campaign for %y" would generate a campaign called "Campaign for 2020" (assuming the year at generation time is 2020). + Valid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html). + Requires roles ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign template to use for generation. + responses: + '200': + description: 'Indicates a campaign was successfully generated from this template, and returns a reference to the new campaign.' + content: + application/json: + schema: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaign-templates/{id}/schedule': + get: + operationId: getCampaignTemplateSchedule + tags: + - Certification Campaigns + summary: Gets a Campaign Template's Schedule + description: Gets the schedule for a campaign template. Returns a 404 if there is no schedule set. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign template whose schedule is being fetched. + responses: + '200': + description: The current schedule for the campaign template. See the PUT endpoint documentation for more examples. + content: + application/json: + schema: + type: object + properties: + type: + type: string + description: 'Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have ''hours'' set, but not ''days''; a WEEKLY schedule can have both ''hours'' and ''days'' set.' + enum: + - DAILY + - WEEKLY + - MONTHLY + - ANNUALLY + - CALENDAR + months: + type: object + description: | + Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples: + + On February and March: + * type LIST + * values "2", "3" + + Every 3 months, starting in January (quarterly): + * type LIST + * values "1" + * interval 3 + + Every two months between July and December: + * type RANGE + * values "7", "12" + * interval 2 + properties: + type: + type: string + enum: + - LIST + - RANGE + values: + type: array + items: + type: string + interval: + type: integer + required: + - type + - values + days: + type: object + description: | + Specifies which day(s) a schedule is active for. This is required for all schedule types except DAILY. + The "values" field holds different data depending on the type of schedule: + * WEEKLY: days of the week (1-7) + * MONTHLY: days of the month (1-31, L, L-1...) + * ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31") + * CALENDAR: ISO-8601 dates ("2020-12-31") + + Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided + with ISO-8601 dates without year. + + Examples: + + On Sundays: + * type LIST + * values "1" + + The second to last day of the month: + * type LIST + * values "L-1" + + From the 20th to the last day of the month: + * type RANGE + * values "20", "L" + + Every March 2nd: + * type LIST + * values "--03-02" + + On March 2nd, 2021: + * type: LIST + * values "2021-03-02" + properties: + type: + type: string + enum: + - LIST + - RANGE + values: + type: array + items: + type: string + interval: + type: integer + required: + - type + - values + hours: + type: object + description: | + Specifies which hour(s) a schedule is active for. Examples: + + Every three hours starting from 8AM, inclusive: + * type LIST + * values "8" + * interval 3 + + During business hours: + * type RANGE + * values "9", "5" + + At 5AM, noon, and 5PM: + * type LIST + * values "5", "12", "17" + properties: + type: + type: string + enum: + - LIST + - RANGE + values: + type: array + items: + type: string + interval: + type: integer + required: + - type + - values + expiration: + type: string + format: date-time + description: Specifies the time after which this schedule will no longer occur. + timeZoneId: + type: string + description: 'The time zone to use when running the schedule. For instance, if the schedule is a DAILY schedule that runs at 1AM, and this field is set to "CST", the schedule will run at 1AM CST.' + required: + - type + - hours + example: + type: MONTHLY + hours: + type: LIST + values: + - '0' + days: + type: LIST + values: + - '1' + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: setCampaignTemplateSchedule + tags: + - Certification Campaigns + summary: Sets a Campaign Template's Schedule + description: 'Sets the schedule for a campaign template. If a schedule already exists, it will be overwritten with the new one.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign template being scheduled. + requestBody: + content: + application/json: + schema: + type: object + properties: + type: + type: string + description: 'Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have ''hours'' set, but not ''days''; a WEEKLY schedule can have both ''hours'' and ''days'' set.' + enum: + - DAILY + - WEEKLY + - MONTHLY + - ANNUALLY + - CALENDAR + months: + type: object + description: | + Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples: + + On February and March: + * type LIST + * values "2", "3" + + Every 3 months, starting in January (quarterly): + * type LIST + * values "1" + * interval 3 + + Every two months between July and December: + * type RANGE + * values "7", "12" + * interval 2 + properties: + type: + type: string + enum: + - LIST + - RANGE + values: + type: array + items: + type: string + interval: + type: integer + required: + - type + - values + days: + type: object + description: | + Specifies which day(s) a schedule is active for. This is required for all schedule types except DAILY. + The "values" field holds different data depending on the type of schedule: + * WEEKLY: days of the week (1-7) + * MONTHLY: days of the month (1-31, L, L-1...) + * ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31") + * CALENDAR: ISO-8601 dates ("2020-12-31") + + Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided + with ISO-8601 dates without year. + + Examples: + + On Sundays: + * type LIST + * values "1" + + The second to last day of the month: + * type LIST + * values "L-1" + + From the 20th to the last day of the month: + * type RANGE + * values "20", "L" + + Every March 2nd: + * type LIST + * values "--03-02" + + On March 2nd, 2021: + * type: LIST + * values "2021-03-02" + properties: + type: + type: string + enum: + - LIST + - RANGE + values: + type: array + items: + type: string + interval: + type: integer + required: + - type + - values + hours: + type: object + description: | + Specifies which hour(s) a schedule is active for. Examples: + + Every three hours starting from 8AM, inclusive: + * type LIST + * values "8" + * interval 3 + + During business hours: + * type RANGE + * values "9", "5" + + At 5AM, noon, and 5PM: + * type LIST + * values "5", "12", "17" + properties: + type: + type: string + enum: + - LIST + - RANGE + values: + type: array + items: + type: string + interval: + type: integer + required: + - type + - values + expiration: + type: string + format: date-time + description: Specifies the time after which this schedule will no longer occur. + timeZoneId: + type: string + description: 'The time zone to use when running the schedule. For instance, if the schedule is a DAILY schedule that runs at 1AM, and this field is set to "CST", the schedule will run at 1AM CST.' + required: + - type + - hours + example: + type: MONTHLY + hours: + type: LIST + values: + - '0' + days: + type: LIST + values: + - '1' + examples: + Monthly: + description: 'Runs on the 15th and last day of the month, at 5PM.' + value: + type: MONTHLY + hours: + type: LIST + values: + - '17' + days: + type: LIST + values: + - '15' + Once a year: + description: Runs every January 1st at midnight. + value: + type: ANNUALLY + hours: + type: LIST + values: + - '0' + days: + type: LIST + values: + - '--01-01' + Quarterly: + description: Runs once a quarter (every 3 months) on the first of the month at 1AM. + value: + type: ANNUALLY + hours: + type: LIST + values: + - '1' + days: + type: LIST + values: + - '1' + months: + type: LIST + values: + - '1' + interval: 3 + Yearly on Specific Days: + description: 'Runs on March 12 and December 5 at 1AM, every year.' + value: + type: ANNUALLY + hours: + type: LIST + values: + - '1' + days: + type: LIST + values: + - '--03-12' + - '--12-05' + On a Specific Date: + description: 'Runs at 1AM on February 18th, 2020' + value: + type: CALENDAR + hours: + type: LIST + values: + - '1' + days: + type: LIST + values: + - '2020-02-18' + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteCampaignTemplateSchedule + tags: + - Certification Campaigns + summary: Deletes a Campaign Template's Schedule + description: Deletes the schedule for a campaign template. Returns a 404 if there is no schedule set. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign template whose schedule is being deleted. + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/reassign-async': + post: + operationId: reassignIdentityCertsAsync + tags: + - Certifications + summary: Reassign Certifications Asynchronously + description: This API initiates a task to reassign up to 500 identities or items in an identity campaign certification to another reviewer. The `certification-tasks` API can be used to get an updated status on the task and determine when the reassignment is complete. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + reassign: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of item or identity being reassigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of item or identity being reassigned. + enum: + - TARGET_SUMMARY + - ITEM + - IDENTITY_SUMMARY + example: ITEM + required: + - id + - type + reassignTo: + type: string + description: The ID of the identity to which the certification is reassigned + example: ef38f94347e94562b5bb8424a56397d8 + reason: + type: string + description: The reason comment for why the reassign was made + example: reassigned for some reason + required: + - reassign + - reassignTo + - reason + responses: + '200': + description: A certification task object for the reassignment which can be queried for status. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The task id + example: abcd-ef12-3456 + certificationId: + type: string + description: The certification id + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + enum: + - REASSIGN + status: + type: string + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + errors: + type: array + items: + type: string + description: Any errors executing the task (Optional). + example: [] + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/tasks/{taskId}': + get: + operationId: getIdentityCertificationTaskStatus + tags: + - Certifications + summary: Certification Task Status + description: This API returns the status of a certification task. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + - in: path + name: taskId + schema: + type: string + required: true + description: The certification task ID + responses: + '200': + description: A certification task object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The task id + example: abcd-ef12-3456 + certificationId: + type: string + description: The certification id + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + enum: + - REASSIGN + status: + type: string + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + errors: + type: array + items: + type: string + description: Any errors executing the task (Optional). + example: [] + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/tasks-pending': + get: + operationId: getIdentityCertificationPendingTasks + tags: + - Certifications + summary: Pending Certification Tasks + description: This API returns the status of all pending (`QUEUED` or `IN_PROGRESS`) tasks for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + responses: + '200': + description: A list of pending (`QUEUED` or `IN_PROGRESS`) certification task objects. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The task id + example: abcd-ef12-3456 + certificationId: + type: string + description: The certification id + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + enum: + - REASSIGN + status: + type: string + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + errors: + type: array + items: + type: string + description: Any errors executing the task (Optional). + example: [] + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{certificationId}/access-review-items/{itemId}/permissions': + get: + operationId: getIdentityCertificationItemPermissions + tags: + - Certifications + summary: Permissions for Entitlement Certification Item + description: This API returns the permissions associated with an entitlement certification item based on the certification item's ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Supported fields and primitive operators: + + **target**: *eq, sw* + + **rights**: *ca* + + Supported composite operators: + + *and, or* + + All field values (second filter operands) are case-insensitive for this API. + + Only a single *and* or *or* composite filter operator may be used. It must also be used between a target filter and a rights filter, not between 2 filters for the same field. + For example, + + The following is valid: + *?filters=rights+ca+(%22CREATE%22)+and+target+eq+%22SYS.OBJAUTH2%22* + + The following is invalid: + *?filters=rights+ca+(%22CREATE%22)+and+rights+ca+(%SELECT%22)* + - in: path + name: certificationId + schema: + type: string + required: true + description: The certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: itemId + schema: + type: string + required: true + description: The certification item ID + example: 2c91808671bcbab40171bd945d961227 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: A list of permissions associated with the given itemId + content: + application/json: + schema: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/reviewers': + get: + operationId: listCertificationReviewers + tags: + - Certifications + summary: List of Reviewers for the certification + description: This API returns a list of reviewers for the certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators (Filtering is done by reviewer's fields): + + **id**: *eq, in* + + **name**: *eq, sw* + + **email**: *eq, sw* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name, email** + responses: + '200': + description: A list of reviewers + content: + application/json: + schema: + type: array + items: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /connector-rules: + get: + tags: + - Connector Rule Management + operationId: getConnectorRuleList + summary: List Connector Rules + description: |- + Returns the list of connector rules. + A token with ORG_ADMIN authority is required to call this API. + responses: + '200': + description: A list of connector rules + content: + application/json: + schema: + type: array + items: + description: ConnectorRuleResponse + allOf: + - description: ConnectorRuleCreateRequest + type: object + required: + - name + - type + - sourceCode + properties: + name: + type: string + description: the name of the rule + example: WebServiceBeforeOperationRule + minLength: 1 + maxLength: 128 + description: + type: string + description: a description of the rule's purpose + example: This rule does that + type: + type: string + enum: + - BuildMap + - ConnectorAfterCreate + - ConnectorAfterDelete + - ConnectorAfterModify + - ConnectorBeforeCreate + - ConnectorBeforeDelete + - ConnectorBeforeModify + - JDBCBuildMap + - JDBCOperationProvisioning + - JDBCProvision + - PeopleSoftHRMSBuildMap + - PeopleSoftHRMSOperationProvisioning + - PeopleSoftHRMSProvision + - RACFPermissionCustomization + - SAPBuildMap + - SapHrManagerRule + - SapHrOperationProvisioning + - SapHrProvision + - SuccessFactorsOperationProvisioning + - WebServiceAfterOperationRule + - WebServiceBeforeOperationRule + description: the type of rule + example: BuildMap + signature: + description: The rule's function signature. Describes the rule's input arguments and output (if any) + type: object + required: + - input + properties: + input: + type: array + items: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + output: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + sourceCode: + description: SourceCode + type: object + required: + - version + - script + properties: + version: + type: string + description: the version of the code + example: '1.0' + script: + type: string + description: The code + example: return "Mr. " + firstName; + attributes: + type: object + nullable: true + description: a map of string to objects + example: {} + - type: object + nullable: true + required: + - id + - created + properties: + id: + type: string + description: the ID of the rule + example: 8113d48c0b914f17b4c6072d4dcb9dfe + created: + type: string + description: an ISO 8601 UTC timestamp when this rule was created + example: '021-07-22T15:59:23Z' + modified: + type: string + nullable: true + description: an ISO 8601 UTC timestamp when this rule was last modified + example: '021-07-22T15:59:23Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:rule-management-connector:read' + - 'idn:rule-management-connector:manage' + post: + tags: + - Connector Rule Management + operationId: createConnectorRule + summary: Create Connector Rule + description: |- + Creates a new connector rule. + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + description: The connector rule to create + content: + application/json: + schema: + description: ConnectorRuleCreateRequest + type: object + required: + - name + - type + - sourceCode + properties: + name: + type: string + description: the name of the rule + example: WebServiceBeforeOperationRule + minLength: 1 + maxLength: 128 + description: + type: string + description: a description of the rule's purpose + example: This rule does that + type: + type: string + enum: + - BuildMap + - ConnectorAfterCreate + - ConnectorAfterDelete + - ConnectorAfterModify + - ConnectorBeforeCreate + - ConnectorBeforeDelete + - ConnectorBeforeModify + - JDBCBuildMap + - JDBCOperationProvisioning + - JDBCProvision + - PeopleSoftHRMSBuildMap + - PeopleSoftHRMSOperationProvisioning + - PeopleSoftHRMSProvision + - RACFPermissionCustomization + - SAPBuildMap + - SapHrManagerRule + - SapHrOperationProvisioning + - SapHrProvision + - SuccessFactorsOperationProvisioning + - WebServiceAfterOperationRule + - WebServiceBeforeOperationRule + description: the type of rule + example: BuildMap + signature: + description: The rule's function signature. Describes the rule's input arguments and output (if any) + type: object + required: + - input + properties: + input: + type: array + items: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + output: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + sourceCode: + description: SourceCode + type: object + required: + - version + - script + properties: + version: + type: string + description: the version of the code + example: '1.0' + script: + type: string + description: The code + example: return "Mr. " + firstName; + attributes: + type: object + nullable: true + description: a map of string to objects + example: {} + responses: + '201': + description: The created connector rule + content: + application/json: + schema: + description: ConnectorRuleResponse + allOf: + - description: ConnectorRuleCreateRequest + type: object + required: + - name + - type + - sourceCode + properties: + name: + type: string + description: the name of the rule + example: WebServiceBeforeOperationRule + minLength: 1 + maxLength: 128 + description: + type: string + description: a description of the rule's purpose + example: This rule does that + type: + type: string + enum: + - BuildMap + - ConnectorAfterCreate + - ConnectorAfterDelete + - ConnectorAfterModify + - ConnectorBeforeCreate + - ConnectorBeforeDelete + - ConnectorBeforeModify + - JDBCBuildMap + - JDBCOperationProvisioning + - JDBCProvision + - PeopleSoftHRMSBuildMap + - PeopleSoftHRMSOperationProvisioning + - PeopleSoftHRMSProvision + - RACFPermissionCustomization + - SAPBuildMap + - SapHrManagerRule + - SapHrOperationProvisioning + - SapHrProvision + - SuccessFactorsOperationProvisioning + - WebServiceAfterOperationRule + - WebServiceBeforeOperationRule + description: the type of rule + example: BuildMap + signature: + description: The rule's function signature. Describes the rule's input arguments and output (if any) + type: object + required: + - input + properties: + input: + type: array + items: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + output: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + sourceCode: + description: SourceCode + type: object + required: + - version + - script + properties: + version: + type: string + description: the version of the code + example: '1.0' + script: + type: string + description: The code + example: return "Mr. " + firstName; + attributes: + type: object + nullable: true + description: a map of string to objects + example: {} + - type: object + nullable: true + required: + - id + - created + properties: + id: + type: string + description: the ID of the rule + example: 8113d48c0b914f17b4c6072d4dcb9dfe + created: + type: string + description: an ISO 8601 UTC timestamp when this rule was created + example: '021-07-22T15:59:23Z' + modified: + type: string + nullable: true + description: an ISO 8601 UTC timestamp when this rule was last modified + example: '021-07-22T15:59:23Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:rule-management-connector:manage' + '/connector-rules/{id}': + get: + tags: + - Connector Rule Management + summary: Connector-Rule by ID + operationId: getConnectorRule + description: |- + Returns the connector rule specified by ID. + A token with ORG_ADMIN authority is required to call this API. + parameters: + - name: id + in: path + description: ID of the connector rule to retrieve + required: true + style: simple + explode: false + schema: + type: string + example: 8c190e6787aa4ed9a90bd9d5344523fb + responses: + '200': + description: Connector rule with the given ID + content: + application/json: + schema: + description: ConnectorRuleResponse + allOf: + - description: ConnectorRuleCreateRequest + type: object + required: + - name + - type + - sourceCode + properties: + name: + type: string + description: the name of the rule + example: WebServiceBeforeOperationRule + minLength: 1 + maxLength: 128 + description: + type: string + description: a description of the rule's purpose + example: This rule does that + type: + type: string + enum: + - BuildMap + - ConnectorAfterCreate + - ConnectorAfterDelete + - ConnectorAfterModify + - ConnectorBeforeCreate + - ConnectorBeforeDelete + - ConnectorBeforeModify + - JDBCBuildMap + - JDBCOperationProvisioning + - JDBCProvision + - PeopleSoftHRMSBuildMap + - PeopleSoftHRMSOperationProvisioning + - PeopleSoftHRMSProvision + - RACFPermissionCustomization + - SAPBuildMap + - SapHrManagerRule + - SapHrOperationProvisioning + - SapHrProvision + - SuccessFactorsOperationProvisioning + - WebServiceAfterOperationRule + - WebServiceBeforeOperationRule + description: the type of rule + example: BuildMap + signature: + description: The rule's function signature. Describes the rule's input arguments and output (if any) + type: object + required: + - input + properties: + input: + type: array + items: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + output: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + sourceCode: + description: SourceCode + type: object + required: + - version + - script + properties: + version: + type: string + description: the version of the code + example: '1.0' + script: + type: string + description: The code + example: return "Mr. " + firstName; + attributes: + type: object + nullable: true + description: a map of string to objects + example: {} + - type: object + nullable: true + required: + - id + - created + properties: + id: + type: string + description: the ID of the rule + example: 8113d48c0b914f17b4c6072d4dcb9dfe + created: + type: string + description: an ISO 8601 UTC timestamp when this rule was created + example: '021-07-22T15:59:23Z' + modified: + type: string + nullable: true + description: an ISO 8601 UTC timestamp when this rule was last modified + example: '021-07-22T15:59:23Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:rule-management-connector:read' + - 'idn:rule-management-connector:manage' + put: + tags: + - Connector Rule Management + summary: Update a Connector Rule + description: |- + Updates an existing connector rule with the one provided in the request body. Note that the fields 'id', 'name', and 'type' are immutable. + A token with ORG_ADMIN authority is required to call this API. + operationId: updateConnectorRule + parameters: + - name: id + in: path + description: ID of the connector rule to update + required: true + style: simple + explode: false + schema: + type: string + example: 8c190e6787aa4ed9a90bd9d5344523fb + requestBody: + description: The connector rule with updated data + content: + application/json: + schema: + description: ConnectorRuleUpdateRequest + allOf: + - type: object + required: + - id + properties: + id: + type: string + description: the ID of the rule to update + example: 8113d48c0b914f17b4c6072d4dcb9dfe + - description: ConnectorRuleCreateRequest + type: object + required: + - name + - type + - sourceCode + properties: + name: + type: string + description: the name of the rule + example: WebServiceBeforeOperationRule + minLength: 1 + maxLength: 128 + description: + type: string + description: a description of the rule's purpose + example: This rule does that + type: + type: string + enum: + - BuildMap + - ConnectorAfterCreate + - ConnectorAfterDelete + - ConnectorAfterModify + - ConnectorBeforeCreate + - ConnectorBeforeDelete + - ConnectorBeforeModify + - JDBCBuildMap + - JDBCOperationProvisioning + - JDBCProvision + - PeopleSoftHRMSBuildMap + - PeopleSoftHRMSOperationProvisioning + - PeopleSoftHRMSProvision + - RACFPermissionCustomization + - SAPBuildMap + - SapHrManagerRule + - SapHrOperationProvisioning + - SapHrProvision + - SuccessFactorsOperationProvisioning + - WebServiceAfterOperationRule + - WebServiceBeforeOperationRule + description: the type of rule + example: BuildMap + signature: + description: The rule's function signature. Describes the rule's input arguments and output (if any) + type: object + required: + - input + properties: + input: + type: array + items: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + output: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + sourceCode: + description: SourceCode + type: object + required: + - version + - script + properties: + version: + type: string + description: the version of the code + example: '1.0' + script: + type: string + description: The code + example: return "Mr. " + firstName; + attributes: + type: object + nullable: true + description: a map of string to objects + example: {} + responses: + '200': + description: The updated connector rule + content: + application/json: + schema: + description: ConnectorRuleResponse + allOf: + - description: ConnectorRuleCreateRequest + type: object + required: + - name + - type + - sourceCode + properties: + name: + type: string + description: the name of the rule + example: WebServiceBeforeOperationRule + minLength: 1 + maxLength: 128 + description: + type: string + description: a description of the rule's purpose + example: This rule does that + type: + type: string + enum: + - BuildMap + - ConnectorAfterCreate + - ConnectorAfterDelete + - ConnectorAfterModify + - ConnectorBeforeCreate + - ConnectorBeforeDelete + - ConnectorBeforeModify + - JDBCBuildMap + - JDBCOperationProvisioning + - JDBCProvision + - PeopleSoftHRMSBuildMap + - PeopleSoftHRMSOperationProvisioning + - PeopleSoftHRMSProvision + - RACFPermissionCustomization + - SAPBuildMap + - SapHrManagerRule + - SapHrOperationProvisioning + - SapHrProvision + - SuccessFactorsOperationProvisioning + - WebServiceAfterOperationRule + - WebServiceBeforeOperationRule + description: the type of rule + example: BuildMap + signature: + description: The rule's function signature. Describes the rule's input arguments and output (if any) + type: object + required: + - input + properties: + input: + type: array + items: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + output: + type: object + nullable: true + properties: + name: + type: string + description: the name of the argument + example: firstName + description: + type: string + description: the description of the argument + example: the first name of the identity + type: + type: string + nullable: true + description: the programmatic type of the argument + example: String + required: + - name + sourceCode: + description: SourceCode + type: object + required: + - version + - script + properties: + version: + type: string + description: the version of the code + example: '1.0' + script: + type: string + description: The code + example: return "Mr. " + firstName; + attributes: + type: object + nullable: true + description: a map of string to objects + example: {} + - type: object + nullable: true + required: + - id + - created + properties: + id: + type: string + description: the ID of the rule + example: 8113d48c0b914f17b4c6072d4dcb9dfe + created: + type: string + description: an ISO 8601 UTC timestamp when this rule was created + example: '021-07-22T15:59:23Z' + modified: + type: string + nullable: true + description: an ISO 8601 UTC timestamp when this rule was last modified + example: '021-07-22T15:59:23Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:rule-management-connector:manage' + delete: + tags: + - Connector Rule Management + summary: Delete a Connector-Rule + description: |- + Deletes the connector rule specified by the given ID. + A token with ORG_ADMIN authority is required to call this API. + operationId: deleteConnectorRule + parameters: + - name: id + in: path + description: ID of the connector rule to delete + required: true + style: simple + explode: false + schema: + type: string + example: 8c190e6787aa4ed9a90bd9d5344523fb + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:rule-management-connector:manage' + /connector-rules/validate: + post: + tags: + - Connector Rule Management + operationId: validateConnectorRule + summary: Validate Connector Rule + description: |- + Returns a list of issues within the code to fix, if any. + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + description: The code to validate + content: + application/json: + schema: + description: SourceCode + type: object + required: + - version + - script + properties: + version: + type: string + description: the version of the code + example: '1.0' + script: + type: string + description: The code + example: return "Mr. " + firstName; + responses: + '200': + description: The status of the code's eligibility as a connector rule + content: + application/json: + schema: + description: ConnectorRuleValidationResponse + type: object + required: + - state + - details + properties: + state: + type: string + enum: + - OK + - ERROR + example: ERROR + details: + type: array + items: + description: CodeErrorDetail + type: object + required: + - line + - column + - message + properties: + line: + type: integer + description: The line number where the issue occurred + example: 2 + column: + type: integer + description: the column number where the issue occurred + example: 5 + messsage: + type: string + description: a description of the issue in the code + example: Remove reference to .decrypt( + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:rule-management-connector:read' + - 'idn:rule-management-connector:manage' + /connectors: + get: + tags: + - Connectors + operationId: getConnectorList + summary: Gets connector list + description: |- + Fetches list of connectors that have 'RELEASED' status using filtering and pagination. + A token with ORG_ADMIN authority is required to call this API. + parameters: + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + Filtering is supported for the following fields and operators: + + **name**: *sw* + + **type**: *eq* + + **directConnect**: *eq* + example: directConnect eq "true" + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: locale + schema: + type: string + enum: + - de + - 'no' + - fi + - sv + - ru + - pt + - ko + - zh-TW + - en + - it + - fr + - zh-CN + - hu + - es + - cs + - ja + - pl + - da + - nl + example: de + description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"' + responses: + '200': + description: A Connector Dto object + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: The connector name + example: name + type: + type: string + description: The connector type + example: ServiceNow + scriptName: + type: string + description: The connector script name + example: servicenow + directConnect: + type: boolean + description: true if the source is a direct connect source + example: true + connectorMetadata: + type: object + description: Object containing metadata pertinent to the UI to be used + example: + supportedUI: EXTJS + platform: ccg + shortDesc: connector description + status: + type: string + description: The connector status + example: RELEASED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /custom-password-instructions: + post: + operationId: createCustomPasswordInstructions + tags: + - Custom Password Instructions + summary: Create Custom Password Instructions + description: This API creates the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + pageId: + type: string + description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.' + enum: + - 'change-password:enter-password' + - 'change-password:finish' + - 'flow-selection:select' + - 'forget-username:user-email' + - 'mfa:enter-code' + - 'mfa:enter-kba' + - 'mfa:select' + - 'reset-password:enter-password' + - 'reset-password:enter-username' + - 'reset-password:finish' + - 'unlock-account:enter-username' + - 'unlock-account:finish' + pageContent: + type: string + description: 'The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to "_blank" like this: link. This will open a new tab when the link is clicked. Notice we''re only supporting _blank as the redirection target.' + locale: + type: string + example: en + description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".' + example: + pageId: 'reset-password:enter-password' + pageContent: See company password policies for details by clicking here + responses: + '200': + description: Reference to the custom password instructions. + content: + application/json: + schema: + type: object + properties: + pageId: + type: string + description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.' + enum: + - 'change-password:enter-password' + - 'change-password:finish' + - 'flow-selection:select' + - 'forget-username:user-email' + - 'mfa:enter-code' + - 'mfa:enter-kba' + - 'mfa:select' + - 'reset-password:enter-password' + - 'reset-password:enter-username' + - 'reset-password:finish' + - 'unlock-account:enter-username' + - 'unlock-account:finish' + pageContent: + type: string + description: 'The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to "_blank" like this: link. This will open a new tab when the link is clicked. Notice we''re only supporting _blank as the redirection target.' + locale: + type: string + example: en + description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".' + example: + pageId: 'reset-password:enter-password' + locale: default + pageContent: See company password policies for details by clicking here + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/custom-password-instructions/{pageId}': + get: + operationId: getCustomPasswordInstructions + tags: + - Custom Password Instructions + summary: Get Custom Password Instructions by Page ID + description: This API returns the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API. + parameters: + - in: path + name: pageId + schema: + type: string + enum: + - 'change-password:enter-password' + - 'change-password:finish' + - 'flow-selection:select' + - 'forget-username:user-email' + - 'mfa:enter-code' + - 'mfa:enter-kba' + - 'mfa:select' + - 'reset-password:enter-password' + - 'reset-password:enter-username' + - 'reset-password:finish' + - 'unlock-account:enter-username' + - 'unlock-account:finish' + required: true + description: The page ID of custom password instructions to query. + example: 'mfa:select' + - in: query + name: locale + schema: + type: string + description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".' + responses: + '200': + description: Reference to the custom password instructions. + content: + application/json: + schema: + type: object + properties: + pageId: + type: string + description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.' + enum: + - 'change-password:enter-password' + - 'change-password:finish' + - 'flow-selection:select' + - 'forget-username:user-email' + - 'mfa:enter-code' + - 'mfa:enter-kba' + - 'mfa:select' + - 'reset-password:enter-password' + - 'reset-password:enter-username' + - 'reset-password:finish' + - 'unlock-account:enter-username' + - 'unlock-account:finish' + pageContent: + type: string + description: 'The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to "_blank" like this: link. This will open a new tab when the link is clicked. Notice we''re only supporting _blank as the redirection target.' + locale: + type: string + example: en + description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".' + example: + pageId: 'reset-password:enter-password' + locale: default + pageContent: See company password policies for details by clicking here + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteCustomPasswordInstructions + tags: + - Custom Password Instructions + summary: Delete Custom Password Instructions by page ID + description: This API delete the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API. + parameters: + - in: path + name: pageId + schema: + type: string + enum: + - 'change-password:enter-password' + - 'change-password:finish' + - 'flow-selection:select' + - 'forget-username:user-email' + - 'mfa:enter-code' + - 'mfa:enter-kba' + - 'mfa:select' + - 'reset-password:enter-password' + - 'reset-password:enter-username' + - 'reset-password:finish' + - 'unlock-account:enter-username' + - 'unlock-account:finish' + required: true + description: The page ID of custom password instructions to delete. + example: 'mfa:select' + - in: query + name: locale + schema: + type: string + description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".' + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /entitlements: + get: + operationId: listEntitlements + tags: + - Entitlements + summary: Gets a list of entitlements. + security: + - oauth2: + - 'idn:entitlement:read' + - 'idn:entitlement:manage' + description: |- + This API returns a list of entitlements. + + This API can be used in one of the two following ways: either getting entitlements for a specific **account-id**, or getting via use of **filters** (those two options are exclusive). + + Any authenticated token can call this API. + parameters: + - in: query + name: account-id + schema: + type: string + description: 'The account ID. If specified, returns only entitlements associated with the given Account. Can not be specified with the **filters**, **segmented-for-identity**, **for-segment-ids**, or **include-unsegmented** param(s).' + example: ef38f94347e94562b5bb8424a56397d8 + required: false + - in: query + name: segmented-for-identity + schema: + type: string + description: |- + If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. By convention, the value **me** can stand in for the current user's Identity ID. + Can not be specified with the **account-id** or **for-segment-ids** param(s). It is also illegal to specify a value that refers to a different user's Identity. + example: me + required: false + - in: query + name: for-segment-ids + schema: + type: string + format: comma-separated + description: |- + If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. + Can not be specified with the **account-id** or **segmented-for-identity** param(s). + example: '041727d4-7d95-4779-b891-93cf41e98249,a378c9fa-bae5-494c-804e-a1e30f69f649' + required: false + - in: query + name: include-unsegmented + schema: + type: boolean + default: true + description: 'Whether or not the response list should contain unsegmented Entitlements. If **for-segment-ids** and **segmented-for-identity** are both absent or empty, specifying **include-unsegmented=false** results in an error.' + example: true + required: false + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id** + example: 'name,-modified' + required: false + style: form + explode: true + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, in, sw* + + **type**: *eq, in* + + **attribute**: *eq, in* + + **value**: *eq, in, sw* + + **source.id**: *eq, in* + + **requestable**: *eq* + **created**: *gt, lt, ge, le* + **modified**: *gt, lt, ge, le* + example: attribute eq "memberOf" + required: false + style: form + explode: true + responses: + '200': + description: List of entitlements + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + owner: + type: object + description: Simplified DTO for the owner object of the entitlement + properties: + id: + type: string + description: The owner id for the entitlement + example: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: + type: string + description: The owner name for the entitlement + example: identity 1 + type: + type: string + enum: + - IDENTITY + description: The type of the owner. Initially only type IDENTITY is supported + example: IDENTITY + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/entitlements/{id}': + get: + operationId: getEntitlement + tags: + - Entitlements + summary: Get an entitlement + description: This API returns an entitlement by its ID. + security: + - oauth2: + - 'idn:entitlement:read' + - 'idn:entitlement:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The entitlement ID + example: 2c91808874ff91550175097daaec161c + responses: + '200': + description: An entitlement + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + owner: + type: object + description: Simplified DTO for the owner object of the entitlement + properties: + id: + type: string + description: The owner id for the entitlement + example: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: + type: string + description: The owner name for the entitlement + example: identity 1 + type: + type: string + enum: + - IDENTITY + description: The type of the owner. Initially only type IDENTITY is supported + example: IDENTITY + example: + sourceSchemaObjectType: group + attribute: memberOf + attributes: + GroupType: Security + sAMAccountName: LauncherTest1 + GroupScope: Global + objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}' + objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633 + cn: LauncherTest1 + msDS-PrincipalName: AUTOMATIONAD\LauncherTest1 + value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + description: some description + privileged: false + cloudGoverned: false + source: + type: SOURCE + id: 2c9180877504c40e0175097d5ce707c8 + name: EndToEnd-ADSource + owner: + id: 2c9180858315595501831958427e5424 + name: Addie Smith + type: IDENTITY + id: 2c91808c74ff913f0175097daa9d59cd + name: LauncherTest1 + created: '2020-10-08T18:33:52.029Z' + modified: '2021-01-19T16:53:35.707Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchEntitlement + tags: + - Entitlements + summary: Patch an entitlement + description: |- + This API updates an existing entitlement using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. + + The following fields are patchable: **requestable**, **privileged**, **segments**, **owner**. + + When you're patching owner, only owner type and owner id must be provided. Owner name is optional, and it won't be modified. If the owner name is provided, it should correspond to the real name. The only owner type currently supported is IDENTITY. + + A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:entitlement:manage' + parameters: + - name: id + in: path + description: ID of the entitlement to patch + required: true + schema: + type: string + example: 2c91808a7813090a017814121e121518 + requestBody: + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /requestable + value: true + examples: + Make an entitlement requestable and privileged in one call: + description: This example shows how multiple fields may be updated with a single patch call. + value: + - op: replace + path: /requestable + value: true + - op: replace + path: /privileged + value: true + Assign an entitlement to a segment: + description: This example shows how to use patch to assign an entitlement to a segment by adding the segment's ID to the entitlement's segments array. + value: + - op: add + path: /segments/- + value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + Assign an owner to an entitlement: + description: This example shows how to use patch to assign an owner to an entitlement by adding the owner's info to the entitlement. + value: + - op: add + path: /owner + value: + type: IDENTITY + id: 2c9180858315595501831958427e5424 + Replace an owner for an entitlement: + description: This example shows how to use patch to replace an entitlement's owner by replacing the owner's info to the entitlement. + value: + - op: replace + path: /owner + value: + type: IDENTITY + id: 2c9180858315595501831958427e5424 + responses: + '200': + description: Responds with the entitlement as updated. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + owner: + type: object + description: Simplified DTO for the owner object of the entitlement + properties: + id: + type: string + description: The owner id for the entitlement + example: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: + type: string + description: The owner name for the entitlement + example: identity 1 + type: + type: string + enum: + - IDENTITY + description: The type of the owner. Initially only type IDENTITY is supported + example: IDENTITY + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/entitlements/{id}/parents': + get: + operationId: listEntitlementParents + tags: + - Entitlements + summary: List of entitlements parents + description: This API returns a list of all parent entitlements of a given entitlement. + security: + - oauth2: + - 'idn:entitlement:read' + - 'idn:entitlement:manage' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: path + name: id + schema: + type: string + required: true + description: Entitlement Id + example: 2c91808c74ff913f0175097daa9d59cd + responses: + '200': + description: List of entitlements parents from an entitlement + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + owner: + type: object + description: Simplified DTO for the owner object of the entitlement + properties: + id: + type: string + description: The owner id for the entitlement + example: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: + type: string + description: The owner name for the entitlement + example: identity 1 + type: + type: string + enum: + - IDENTITY + description: The type of the owner. Initially only type IDENTITY is supported + example: IDENTITY + example: + - sourceSchemaObjectType: group + attribute: memberOf + attributes: + GroupType: Security + sAMAccountName: LauncherTest1 + GroupScope: Global + objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}' + objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633 + cn: LauncherTest1 + msDS-PrincipalName: AUTOMATIONAD\LauncherTest1 + value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + description: some description + privileged: false + cloudGoverned: false + source: + type: SOURCE + id: 2c9180877504c40e0175097d5ce707c8 + name: EndToEnd-ADSource + owner: + id: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: identity 1 + type: IDENTITY + id: 2c91808c74ff913f0175097daa9d59cd + name: LauncherTest1 + created: '2020-10-08T18:33:52.029Z' + modified: '2021-01-19T16:53:35.707Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/entitlements/{id}/children': + get: + operationId: listEntitlementChildren + tags: + - Entitlements + summary: List of entitlements children + description: This API returns a list of all child entitlements of a given entitlement. + security: + - oauth2: + - 'idn:entitlement:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: path + name: id + schema: + type: string + required: true + description: Entitlement Id + example: 2c91808874ff91550175097daaec161c + responses: + '200': + description: List of entitlements children from an entitlement + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + owner: + type: object + description: Simplified DTO for the owner object of the entitlement + properties: + id: + type: string + description: The owner id for the entitlement + example: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: + type: string + description: The owner name for the entitlement + example: identity 1 + type: + type: string + enum: + - IDENTITY + description: The type of the owner. Initially only type IDENTITY is supported + example: IDENTITY + example: + - sourceSchemaObjectType: group + attribute: memberOf + attributes: + GroupType: Security + sAMAccountName: LauncherTest1 + GroupScope: Global + objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}' + objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633 + cn: LauncherTest1 + msDS-PrincipalName: AUTOMATIONAD\LauncherTest1 + value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + description: some description + privileged: false + cloudGoverned: false + source: + type: SOURCE + id: 2c9180877504c40e0175097d5ce707c8 + name: EndToEnd-ADSource + owner: + id: 2a2fdacca5e345f18bf7970cfbb8fec2 + name: identity 1 + type: IDENTITY + id: 2c91808c74ff913f0175097daa9d59cd + name: LauncherTest1 + created: '2020-10-08T18:33:52.029Z' + modified: '2021-01-19T16:53:35.707Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /entitlements/bulk-update: + post: + operationId: updateEntitlementsInBulk + tags: + - Entitlements + summary: Bulk update an entitlement list + description: |- + This API applies an update to every entitlement of the list. + + The number of entitlements to update is limited to 50 items maximum. + + The JsonPatch update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. allowed operations : **{ "op": "replace", "path": "/privileged", "value": boolean }** **{ "op": "replace", "path": "/requestable","value": boolean }** + + A token with ORG_ADMIN or API authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + entitlementIds: + type: array + description: List of entitlement ids to update + maxItems: 50 + items: + type: string + example: + - 2c91808a7624751a01762f19d665220d + - 2c91808a7624751a01762f19d67c220e + - 2c91808a7624751a01762f19d692220f + jsonPatch: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /privileged + value: false + - op: replace + path: /requestable + value: false + example: + entitlementIds: + - 2c91808a7624751a01762f19d665220d + - 2c91808a7624751a01762f19d67c220e + - 2c91808a7624751a01762f19d692220f + jsonPatch: + - op: replace + path: /privileged + value: false + - op: replace + path: /requestable + value: false + required: + - entitlementIds + - jsonPatch + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/entitlements/{id}/entitlement-request-config': + get: + operationId: getEntitlementRequestConfig + tags: + - Entitlements + summary: Get Entitlement Request Config + description: This API returns the entitlement request config for a specified entitlement. + security: + - oauth2: + - 'idn:entitlement:read' + - 'idn:entitlement:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: Entitlement Id + example: 2c91808874ff91550175097daaec161c + responses: + '200': + description: An Entitlement Request Config + content: + application/json: + schema: + type: object + properties: + accessRequestConfig: + type: object + properties: + approvalSchemes: + type: array + description: Ordered list of approval steps for the access request. Empty when no approval is required. + items: + type: object + properties: + approverType: + type: string + enum: + - ENTITLEMENT_OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **ENTITLEMENT_OWNER**: Owner of the associated Entitlement + + **SOURCE_OWNER**: Owner of the associated Source + + **MANAGER**: Manager of the Identity for whom the request is being made + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: e3eab852-8315-467f-9de7-70eda97f63c8 + requestCommentRequired: + type: boolean + description: If the requester must provide a comment during access request. + default: false + example: true + denialCommentRequired: + type: boolean + description: If the reviewer must provide a comment when denying the access request. + default: false + example: false + example: + accessRequestConfig: + requestCommentRequired: true + denialCommentRequired: true + approvalSchemes: + - approverType: ENTITLEMENT_OWNER + approverId: null + - approverType: SOURCE_OWNER + approverId: null + - approverType: MANAGER + approverId: null + - approverType: GOVERNANCE_GROUP + approverId: 46c79819-a69f-49a2-becb-12c971ae66c6 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putEntitlementRequestConfig + tags: + - Entitlements + summary: Replace Entitlement Request Config + description: This API replaces the entitlement request config for a specified entitlement. + security: + - oauth2: + - 'idn:entitlement:manage' + parameters: + - name: id + in: path + description: Entitlement ID + required: true + schema: + type: string + example: 2c91808a7813090a017814121e121518 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + accessRequestConfig: + type: object + properties: + approvalSchemes: + type: array + description: Ordered list of approval steps for the access request. Empty when no approval is required. + items: + type: object + properties: + approverType: + type: string + enum: + - ENTITLEMENT_OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **ENTITLEMENT_OWNER**: Owner of the associated Entitlement + + **SOURCE_OWNER**: Owner of the associated Source + + **MANAGER**: Manager of the Identity for whom the request is being made + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: e3eab852-8315-467f-9de7-70eda97f63c8 + requestCommentRequired: + type: boolean + description: If the requester must provide a comment during access request. + default: false + example: true + denialCommentRequired: + type: boolean + description: If the reviewer must provide a comment when denying the access request. + default: false + example: false + responses: + '200': + description: Responds with the entitlement request config as updated. + content: + application/json: + schema: + type: object + properties: + accessRequestConfig: + type: object + properties: + approvalSchemes: + type: array + description: Ordered list of approval steps for the access request. Empty when no approval is required. + items: + type: object + properties: + approverType: + type: string + enum: + - ENTITLEMENT_OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **ENTITLEMENT_OWNER**: Owner of the associated Entitlement + + **SOURCE_OWNER**: Owner of the associated Source + + **MANAGER**: Manager of the Identity for whom the request is being made + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: e3eab852-8315-467f-9de7-70eda97f63c8 + requestCommentRequired: + type: boolean + description: If the requester must provide a comment during access request. + default: false + example: true + denialCommentRequired: + type: boolean + description: If the reviewer must provide a comment when denying the access request. + default: false + example: false + example: + accessRequestConfig: + requestCommentRequired: true + denialCommentRequired: true + approvalSchemes: + - approverType: ENTITLEMENT_OWNER + approverId: null + - approverType: SOURCE_OWNER + approverId: null + - approverType: MANAGER + approverId: null + - approverType: GOVERNANCE_GROUP + approverId: 46c79819-a69f-49a2-becb-12c971ae66c6 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /generate-password-reset-token/digit: + post: + operationId: generateDigitToken + tags: + - Password Management + summary: Generate a digit token + description: 'This API is used to generate a digit token for password management. Requires authorization scope of "idn:password-digit-token:create".' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - userId + properties: + userId: + type: string + description: The uid of the user requested for digit token + example: Abby.Smith + length: + type: integer + description: 'The length of digit token. It should be from 6 to 18, inclusive. The default value is 6.' + example: 8 + durationMinutes: + type: integer + description: The time to live for the digit token in minutes. The default value is 5 minutes. + example: 5 + example: + userId: Abby.Smith + length: 8 + durationMinutes: 5 + responses: + '200': + description: The digit token for password management. + content: + application/json: + schema: + type: object + properties: + digitToken: + type: string + description: The digit token for password management + example: 09087713 + requestId: + type: string + description: The reference ID of the digit token generation request + example: e1267ecd-fcd9-4c73-9c55-12555efad136 + example: + digitToken: 09087713 + requestId: e1267ecd-fcd9-4c73-9c55-12555efad136 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /historical-identities: + get: + operationId: listHistoricalIdentities + summary: Lists all the identities + description: 'This gets the list of identities for the customer. This list end point does not support count=true request param. The total count of identities would never be returned even if the count param is specified in the request Requires authorization scope of ''idn:identity-history:read''' + security: + - oauth2: + - 'idn:identity-history:read' + tags: + - Identity History + parameters: + - in: query + name: starts-with-query + schema: + type: string + description: 'This param is used for starts-with search for first, last and display name of the identity' + example: Ada + - in: query + name: is-deleted + schema: + type: boolean + description: Indicates if we want to only list down deleted identities or not. + example: true + - in: query + name: is-active + schema: + type: boolean + description: Indicates if we want to only list active or inactive identities. + example: true + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + responses: + '200': + description: List of identities for the customer. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: the identity ID + example: bc693f07e7b645539626c25954c58554 + displayName: + type: string + description: the display name of the identity + example: Adam Zampa + firstName: + type: string + description: the first name of the identity + example: Adam + lastName: + type: string + description: the last name of the identity + example: Zampa + active: + type: boolean + default: true + description: indicates if an identity is active or not + example: true + deletedDate: + type: string + nullable: true + description: the date when the identity was deleted + example: '2007-03-01T13:00:00.000Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}': + get: + operationId: getHistoricalIdentity + tags: + - Identity History + summary: Get latest snapshot of identity + description: 'This method retrieves a specified identity Requires authorization scope of ''idn:identity-history:read''' + security: + - oauth2: + - 'idn:identity-history:read' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + responses: + '200': + description: The identity object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: the identity ID + example: bc693f07e7b645539626c25954c58554 + displayName: + type: string + description: the display name of the identity + example: Adam Zampa + snapshot: + type: string + description: the date when the identity record was created + example: '2007-03-01T13:00:00.000Z' + deletedDate: + type: string + description: the date when the identity was deleted + example: '2007-03-01T13:00:00.000Z' + accessItemCount: + type: object + description: A map containing the count of each access item + additionalProperties: + type: string + attributes: + type: object + description: A map containing the identity attributes + additionalProperties: + type: string + example: + id: 2c9079b270a266a60170a2779fcb0007 + displayName: Lahoma Wuckert + deletedDate: null + snapshot: '2007-03-01T13:00:00.000Z' + attributes: + jobTitle: HR Manager + location: NYC + firstname: Lahoma + lastname: Wuckert + department: HR + accessItemCount: + role: 2 + accessProfile: 2 + entitlement: 28 + account: 3 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/access-items': + get: + operationId: listIdentityAccessItems + tags: + - Identity History + summary: Gets a list of access items for the identity filtered by item type + description: 'This method retrieves a list of access item for the identity filtered by the access item type Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: type + schema: + type: string + description: 'The type of access item for the identity. If not provided, it defaults to account' + example: account + responses: + '200': + description: The list of access items. + content: + application/json: + schema: + type: array + items: + oneOf: + - type: object + properties: + accessType: + type: string + example: accessProfile + description: the access item type. accessProfile in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + name: + type: string + example: sample + description: the access profile name + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + description: + type: string + example: AccessProfile - Workday/Citizenship access + description: the description for the access profile + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + entitlementCount: + type: string + example: 12 + description: the number of entitlements the access profile will create + appDisplayName: + type: string + example: AppName + description: the name of app + - type: object + properties: + accessType: + type: string + example: account + description: the access item type. account in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + nativeIdentity: + type: string + example: dr.arden.ogahn.d + description: the native identifier used to uniquely identify an acccount + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + entitlementCount: + type: string + example: 12 + description: the number of entitlements the account will create + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + - type: object + properties: + accessType: + type: string + example: app + description: the access item type. entitlement in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + displayName: + type: string + example: Display Name + description: the access profile display name + sourceName: + type: string + example: appName + description: the associated source name if it exists + - type: object + properties: + accessType: + type: string + example: entitlement + description: the access item type. entitlement in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + attribute: + type: string + example: groups + description: the entitlement attribute + value: + type: string + example: Upward mobility access + description: the associated value + entitlementType: + type: string + example: entitlement + description: the type of entitlement + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + description: + type: string + example: Entitlement - Workday/Citizenship access + description: the description for the entitlment + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + - type: object + properties: + accessType: + type: string + example: role + description: the access item type. role in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + displayName: + type: string + example: sample + description: the role display name + description: + type: string + example: Role - Workday/Citizenship access + description: the description for the role + sourceName: + type: string + example: Source Name + description: the associated source name if it exists + examples: + Access Profile: + description: An access profile response + value: + - accessType: accessProfile + id: 2c918087763e69d901763e72e97f006f + name: sample + sourceName: DataScienceDataset + sourceId: 2793o32dwd + description: AccessProfile - Workday/Citizenship access + displayName: Dr. Arden Rogahn MD + entitlementCount: 12 + appDisplayName: AppName + Account: + description: An account response + value: + - accessType: account + id: 2c918087763e69d901763e72e97f006f + nativeIdentity: dr.arden.ogahn.d + sourceName: DataScienceDataset + sourceId: 2793o32dwd + entitlementCount: 12 + displayName: Dr. Arden Rogahn MD + App: + description: An app response + value: + - accessType: app + id: 2c918087763e69d901763e72e97f006f + name: appName + Entitlement: + description: An entitlement event + value: + - accessType: entitlement + id: 2c918087763e69d901763e72e97f006f + attribute: groups + value: Upward mobility access + type: group + sourceName: DataScienceDataset + sourceId: 2793o32dwd + description: Entitlement - Workday/Citizenship access + displayName: Dr. Arden Rogahn MD + Role: + description: A role response + value: + - accessType: role + id: 2c918087763e69d901763e72e97f006f + name: sample + description: Role - Workday/Citizenship access + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/snapshots': + get: + operationId: listIdentitySnapshots + tags: + - Identity History + summary: Lists all the snapshots for the identity + description: 'This method retrieves all the snapshots for the identity Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: start + schema: + type: string + description: The specified start date + example: '2007-03-01T13:00:00Z' + - in: query + name: interval + schema: + type: string + enum: + - day + - month + description: The interval indicating the range in day or month for the specified interval-name + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: A list of identity summary for each snapshot. + content: + application/json: + schema: + type: array + items: + type: object + properties: + snapshot: + type: string + description: the date when the identity record was created + example: '2007-03-01T13:00:00.000Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/snapshot-summary': + get: + operationId: getIdentitySnapshotSummary + tags: + - Identity History + summary: Gets the summary for the event count for a specific identity + description: 'This method gets the summary for the event count for a specific identity by month/day Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: before + schema: + type: string + description: The date before which snapshot summary is required + example: '2007-03-01T13:00:00Z' + - in: query + name: interval + schema: + type: string + enum: + - day + - month + description: The interval indicating day or month. Defaults to month if not specified + - in: query + name: time-zone + schema: + type: string + description: The time zone. Defaults to UTC if not provided + example: UTC + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: A summary list of identity changes in date histogram format. + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: the name of metric + value: + type: number + description: the value associated to the metric + example: + name: '2021-04-01T00:00:00.000Z' + value: 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/snapshots/{date}': + get: + operationId: getIdentitySnapshot + tags: + - Identity History + summary: Gets an identity snapshot at a given date + description: 'This method retrieves a specified identity snapshot at a given date Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: path + name: date + schema: + type: string + description: The specified date + example: '2007-03-01T13:00:00Z' + required: true + responses: + '200': + description: The identity object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: the identity ID + example: bc693f07e7b645539626c25954c58554 + displayName: + type: string + description: the display name of the identity + example: Adam Zampa + snapshot: + type: string + description: the date when the identity record was created + example: '2007-03-01T13:00:00.000Z' + deletedDate: + type: string + description: the date when the identity was deleted + example: '2007-03-01T13:00:00.000Z' + accessItemCount: + type: object + description: A map containing the count of each access item + additionalProperties: + type: string + attributes: + type: object + description: A map containing the identity attributes + additionalProperties: + type: string + example: + id: 2c9079b270a266a60170a2779fcb0007 + displayName: Lahoma Wuckert + deletedDate: null + snapshot: '2007-03-01T13:00:00.000Z' + attributes: + jobTitle: HR Manager + location: NYC + firstname: Lahoma + lastname: Wuckert + department: HR + accessItemCount: + role: 2 + accessProfile: 2 + entitlement: 28 + account: 3 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/snapshots/{date}/access-items': + get: + operationId: listIdentitySnapshotAccessItems + tags: + - Identity History + summary: Gets the list of identity access items at a given date filterd by item type + description: 'This method retrieves the list of identity access items at a given date filterd by item type Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: path + name: date + schema: + type: string + required: true + description: The specified date + example: '2007-03-01T13:00:00Z' + - in: query + name: type + schema: + type: string + description: The access item type + example: account + responses: + '200': + description: The identity object. + content: + application/json: + schema: + type: array + items: + oneOf: + - type: object + properties: + accessType: + type: string + example: accessProfile + description: the access item type. accessProfile in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + name: + type: string + example: sample + description: the access profile name + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + description: + type: string + example: AccessProfile - Workday/Citizenship access + description: the description for the access profile + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + entitlementCount: + type: string + example: 12 + description: the number of entitlements the access profile will create + appDisplayName: + type: string + example: AppName + description: the name of app + - type: object + properties: + accessType: + type: string + example: account + description: the access item type. account in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + nativeIdentity: + type: string + example: dr.arden.ogahn.d + description: the native identifier used to uniquely identify an acccount + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + entitlementCount: + type: string + example: 12 + description: the number of entitlements the account will create + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + - type: object + properties: + accessType: + type: string + example: app + description: the access item type. entitlement in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + displayName: + type: string + example: Display Name + description: the access profile display name + sourceName: + type: string + example: appName + description: the associated source name if it exists + - type: object + properties: + accessType: + type: string + example: entitlement + description: the access item type. entitlement in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + attribute: + type: string + example: groups + description: the entitlement attribute + value: + type: string + example: Upward mobility access + description: the associated value + entitlementType: + type: string + example: entitlement + description: the type of entitlement + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + description: + type: string + example: Entitlement - Workday/Citizenship access + description: the description for the entitlment + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + - type: object + properties: + accessType: + type: string + example: role + description: the access item type. role in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + displayName: + type: string + example: sample + description: the role display name + description: + type: string + example: Role - Workday/Citizenship access + description: the description for the role + sourceName: + type: string + example: Source Name + description: the associated source name if it exists + examples: + Access Item AccessProfile Response: + description: An access profile response + value: + - type: accessProfile + id: 2c918087763e69d901763e72e97f006f + name: sample + sourceName: DataScienceDataset + sourceId: 2793o32dwd + description: AccessProfile - Workday/Citizenship access + displayName: Dr. Arden Rogahn MD + entitlementCount: 12 + appDisplayName: AppName + Access Item Account Response: + description: An account response + value: + - type: account + id: 2c918087763e69d901763e72e97f006f + nativeIdentity: dr.arden.ogahn.d + sourceName: DataScienceDataset + sourceId: 2793o32dwd + entitlementCount: 12 + displayName: Dr. Arden Rogahn MD + Access Item App Response: + description: An app response + value: + - type: app + id: 2c918087763e69d901763e72e97f006f + name: appName + Access Item Entitlement Response: + description: An entitlement event + value: + - type: entitlement + id: 2c918087763e69d901763e72e97f006f + attribute: groups + value: Upward mobility access + entitlementType: entitlement + sourceName: DataScienceDataset + sourceId: 2793o32dwd + description: Entitlement - Workday/Citizenship access + displayName: Dr. Arden Rogahn MD + Access Item Role Response: + description: A role response + value: + - type: role + id: 2c918087763e69d901763e72e97f006f + name: sample + description: Role - Workday/Citizenship access + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /common-access: + get: + operationId: getCommonAccess + summary: Get a paginated list of common access + tags: + - IAI Common Access + description: 'This endpoint returns the current common access for a customer. The returned items can be filtered and sorted. Requires authorization scope of iai:access-modeling:read' + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) + + Filtering is supported for the following fields and operators: + + **status**: *eq* "CONFIRMED" or "DENIED" **reviewedByUser** *eq* true or false **access.id**: *eq* "id" **access.type**: *eq* "ROLE" or "ACCESS_PROFILE" **access.name**: *sw* "Administrator" **access.description**: *sw* "admin" + required: false + style: form + explode: true + schema: + type: string + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) + + Sorting is supported for the following fields: **access.name,status** + + By default the common access items are sorted by name, ascending. + responses: + '200': + description: Succeeded. Returns a list of common access for a customer. + content: + application/json: + schema: + type: array + items: + type: object + properties: + access: + description: common access item + type: object + properties: + id: + type: string + description: Common access ID + type: + description: Common access type (ROLE or ACCESS_PROFILE) + type: string + enum: + - ACCESS_PROFILE + - ROLE + name: + type: string + description: Common access name + description: + type: string + description: Common access description + ownerName: + type: string + description: Common access owner name + ownerId: + type: string + description: Common access owner ID + status: + type: string + description: CONFIRMED or DENIED + lastUpdated: + type: string + readOnly: true + format: date-time + reviewedByUser: + type: boolean + description: true if user has confirmed or denied status + lastReviewed: + type: string + readOnly: true + format: date-time + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createCommonAccess + summary: Create common access items + tags: + - IAI Common Access + description: 'This API is used to add roles/access profiles to the list of common access for a customer. Requires authorization scope of iai:access-modeling:create' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + access: + type: object + properties: + id: + type: string + description: Common access ID + type: + description: Common access type (ROLE or ACCESS_PROFILE) + type: string + enum: + - ACCESS_PROFILE + - ROLE + name: + type: string + description: Common access name + description: + type: string + description: Common access description + ownerName: + type: string + description: Common access owner name + ownerId: + type: string + description: Common access owner ID + status: + type: string + enum: + - CONFIRMED + - DENIED + description: State of common access item. + responses: + '202': + description: Returns details of the common access classification request. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Common Access Item ID + access: + type: object + properties: + id: + type: string + description: Common access ID + type: + description: Common access type (ROLE or ACCESS_PROFILE) + type: string + enum: + - ACCESS_PROFILE + - ROLE + name: + type: string + description: Common access name + description: + type: string + description: Common access description + ownerName: + type: string + description: Common access owner name + ownerId: + type: string + description: Common access owner ID + status: + type: string + enum: + - CONFIRMED + - DENIED + description: State of common access item. + lastUpdated: + type: string + reviewedByUser: + type: boolean + lastReviewed: + type: string + createdByUser: + type: string + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /common-access/update-status: + post: + operationId: updateCommonAccessStatusInBulk + summary: Bulk update common access status + tags: + - IAI Common Access + description: 'This submits an update request to the common access application. At this time there are no parameters. Requires authorization scope of iai:access-modeling:update' + requestBody: + description: Confirm or deny in bulk the common access ids that are (or aren't) common access + required: true + content: + application/json: + schema: + type: array + items: + type: object + properties: + confirmedIds: + description: List of confirmed common access ids. + type: array + items: + type: string + format: uuid + deniedIds: + description: List of denied common access ids. + type: array + items: + type: string + format: uuid + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/events': + get: + operationId: getHistoricalIdentityEvents + tags: + - Identity History + summary: Lists all events for the given identity + description: 'This method retrieves all access events for the identity Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: from + schema: + type: string + description: The optional instant from which to return the access events + example: '2007-03-01T13:00:00Z' + - in: query + name: eventTypes + schema: + type: array + items: + type: string + description: 'An optional list of event types to return. If null or empty, all events are returned' + example: + - AccessAddedEvent + - AccessRemovedEvent + - in: query + name: accessItemTypes + schema: + type: array + items: + type: string + description: 'An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned' + example: + - entitlement + - account + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: The list of events for the identity + content: + application/json: + schema: + type: array + items: + anyOf: + - type: object + properties: + accessItem: + type: object + oneOf: + - type: object + properties: + accessType: + type: string + example: accessProfile + description: the access item type. accessProfile in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + name: + type: string + example: sample + description: the access profile name + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + description: + type: string + example: AccessProfile - Workday/Citizenship access + description: the description for the access profile + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + entitlementCount: + type: string + example: 12 + description: the number of entitlements the access profile will create + appDisplayName: + type: string + example: AppName + description: the name of app + - type: object + properties: + accessType: + type: string + example: account + description: the access item type. account in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + nativeIdentity: + type: string + example: dr.arden.ogahn.d + description: the native identifier used to uniquely identify an acccount + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + entitlementCount: + type: string + example: 12 + description: the number of entitlements the account will create + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + - type: object + properties: + accessType: + type: string + example: app + description: the access item type. entitlement in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + displayName: + type: string + example: Display Name + description: the access profile display name + sourceName: + type: string + example: appName + description: the associated source name if it exists + - type: object + properties: + accessType: + type: string + example: entitlement + description: the access item type. entitlement in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + attribute: + type: string + example: groups + description: the entitlement attribute + value: + type: string + example: Upward mobility access + description: the associated value + entitlementType: + type: string + example: entitlement + description: the type of entitlement + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + description: + type: string + example: Entitlement - Workday/Citizenship access + description: the description for the entitlment + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + - type: object + properties: + accessType: + type: string + example: role + description: the access item type. role in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + displayName: + type: string + example: sample + description: the role display name + description: + type: string + example: Role - Workday/Citizenship access + description: the description for the role + sourceName: + type: string + example: Source Name + description: the associated source name if it exists + example: + id: 8c190e6787aa4ed9a90bd9d5344523fb + accessType: account + nativeIdentity: 127999 + sourceName: JDBC Entitlements Source + entitlementCount: 0 + displayName: Sample Name + identityId: + type: string + description: the identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + eventType: + type: string + description: the event type + example: AccessItemAssociated + dt: + type: string + description: the date of event + example: '2019-03-08T22:37:33.901Z' + governanceEvent: + example: + name: Manager Certification for Jon Snow + dt: '2019-03-08T22:37:33.901Z' + type: certification + governanceId: 2c91808a77ff216301782327a50f09bf + owners: + - id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + reviewers: + - id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + decisionMaker: + id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + type: object + properties: + name: + type: string + description: 'The name of the governance event, such as the certification name or access request ID.' + example: Manager Certification for Jon Snow + dt: + type: string + description: The date that the certification or access request was completed. + example: '2019-03-08T22:37:33.901Z' + type: + type: string + enum: + - certification + - accessRequest + description: The type of governance event. + example: certification + governanceId: + type: string + description: The ID of the instance that caused the event - either the certification ID or access request ID. + example: 2c91808a77ff216301782327a50f09bf + owners: + type: array + description: The owners of the governance event (the certifiers or approvers) + items: + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + example: + - id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + reviewers: + type: array + description: 'The owners of the governance event (the certifiers or approvers), this field should be preferred over owners' + items: + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + example: + - id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + decisionMaker: + description: The decision maker + example: + id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + - type: object + properties: + accessItem: + type: object + oneOf: + - type: object + properties: + accessType: + type: string + example: accessProfile + description: the access item type. accessProfile in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + name: + type: string + example: sample + description: the access profile name + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + description: + type: string + example: AccessProfile - Workday/Citizenship access + description: the description for the access profile + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + entitlementCount: + type: string + example: 12 + description: the number of entitlements the access profile will create + appDisplayName: + type: string + example: AppName + description: the name of app + - type: object + properties: + accessType: + type: string + example: account + description: the access item type. account in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + nativeIdentity: + type: string + example: dr.arden.ogahn.d + description: the native identifier used to uniquely identify an acccount + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + entitlementCount: + type: string + example: 12 + description: the number of entitlements the account will create + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + - type: object + properties: + accessType: + type: string + example: app + description: the access item type. entitlement in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + displayName: + type: string + example: Display Name + description: the access profile display name + sourceName: + type: string + example: appName + description: the associated source name if it exists + - type: object + properties: + accessType: + type: string + example: entitlement + description: the access item type. entitlement in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + attribute: + type: string + example: groups + description: the entitlement attribute + value: + type: string + example: Upward mobility access + description: the associated value + entitlementType: + type: string + example: entitlement + description: the type of entitlement + sourceName: + type: string + example: DataScienceDataset + description: the name of the source + sourceId: + type: string + example: 2793o32dwd + description: the id of the source + description: + type: string + example: Entitlement - Workday/Citizenship access + description: the description for the entitlment + displayName: + type: string + example: Dr. Arden Rogahn MD + description: the display name of the identity + - type: object + properties: + accessType: + type: string + example: role + description: the access item type. role in this case + id: + type: string + example: 2c918087763e69d901763e72e97f006f + description: the access item id + displayName: + type: string + example: sample + description: the role display name + description: + type: string + example: Role - Workday/Citizenship access + description: the description for the role + sourceName: + type: string + example: Source Name + description: the associated source name if it exists + example: + id: 8c190e6787aa4ed9a90bd9d5344523fb + accessType: account + nativeIdentity: 127999 + sourceName: JDBC Entitlements Source + entitlementCount: 0 + displayName: Sample Name + identityId: + type: string + description: the identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + eventType: + type: string + description: the event type + example: AccessItemRemoved + dt: + type: string + description: the date of event + example: '2019-03-08T22:37:33.901Z' + governanceEvent: + example: + name: Manager Certification for Jon Snow + dt: '2019-03-08T22:37:33.901Z' + type: certification + governanceId: 2c91808a77ff216301782327a50f09bf + owners: + - id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + reviewers: + - id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + decisionMaker: + id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + type: object + properties: + name: + type: string + description: 'The name of the governance event, such as the certification name or access request ID.' + example: Manager Certification for Jon Snow + dt: + type: string + description: The date that the certification or access request was completed. + example: '2019-03-08T22:37:33.901Z' + type: + type: string + enum: + - certification + - accessRequest + description: The type of governance event. + example: certification + governanceId: + type: string + description: The ID of the instance that caused the event - either the certification ID or access request ID. + example: 2c91808a77ff216301782327a50f09bf + owners: + type: array + description: The owners of the governance event (the certifiers or approvers) + items: + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + example: + - id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + reviewers: + type: array + description: 'The owners of the governance event (the certifiers or approvers), this field should be preferred over owners' + items: + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + example: + - id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + decisionMaker: + description: The decision maker + example: + id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + - type: object + properties: + changes: + type: array + items: + type: object + properties: + name: + type: string + description: the attribute name + previousValue: + type: string + description: the old value of attribute + newValue: + type: string + description: the new value of attribute + example: + name: firstname + previousValue: adam + newValue: zampa + eventType: + type: string + description: the event type + identityId: + type: string + description: the identity id + dt: + type: string + description: the date of event + example: + attributeChanges: + name: firstname + previousValue: adam + newValue: zampa + eventType: AttributesChanged + identityId: 8a80828f643d484f01643e14202e206f + dt: '2019-03-08T22:37:33.901Z' + - type: object + properties: + accessRequest: + description: the access request details + type: object + properties: + requesterId: + type: string + example: 2c91808a77ff216301782327a50f09bf + description: the requester Id + requesterName: + type: string + example: Bing C + description: the requesterName + items: + type: array + example: + - operation: Add + accessItemType: role + name: Role-1 + decision: APPROVED + description: The role descrition + sourceId: 8a80828f643d484f01643e14202e206f + sourceName: Source1 + approvalInfos: + - name: John Snow + id: 8a80828f643d484f01643e14202e2000 + status: Approved + items: + type: object + properties: + operation: + type: string + example: Add + description: the access request item operation + accessItemType: + type: string + example: role + description: the access item type + name: + type: string + example: Role-1 + description: the name of access request item + decision: + type: string + example: APPROVED + enum: + - APPROVED + - REJECTED + description: the final decision for the access request + description: + type: string + example: The role descrition + description: the description of access request item + sourceId: + type: string + example: 8a80828f643d484f01643e14202e206f + description: the source id + sourceName: + type: string + example: Source1 + description: the source Name + approvalInfos: + type: array + example: + - name: John Snow + id: 8a80828f643d484f01643e14202e2000 + status: Approved + items: + type: object + properties: + id: + type: string + example: 8a80828f643d484f01643e14202e2000 + description: the id of approver + name: + type: string + example: John Snow + description: the name of approver + status: + type: string + example: Approved + description: the status of the approval request + identityId: + type: string + example: 8a80828f643d484f01643e14202e206f + description: the identity id + eventType: + type: string + example: AccessRequested + description: the event type + dt: + type: string + example: '2019-03-08T22:37:33.901Z' + description: the date of event + - type: object + properties: + certificationId: + type: string + description: the id of the certification item + example: 2c91808a77ff216301782327a50f09bf + certificationName: + type: string + description: the certification item name + example: Cert name + signedDate: + type: string + description: the date ceritification was signed + example: '2019-03-08T22:37:33.901Z' + certifiers: + type: array + description: this field is deprecated and may go away + items: + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + example: + - id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + reviewers: + type: array + description: The list of identities who review this certification + items: + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + example: + - id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + signer: + description: Identity who signed off on the certification + example: + id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + type: object + properties: + id: + type: string + description: the id of the certifier + example: 8a80828f643d484f01643e14202e206f + displayName: + type: string + description: the name of the certifier + example: John Snow + eventType: + type: string + description: the event type + example: IdentityCertified + dt: + type: string + description: the date of event + example: '2019-03-08T22:37:33.901Z' + - type: object + properties: + eventType: + type: string + description: the event type + identityId: + type: string + description: the identity id + dt: + type: string + description: the date of event + account: + type: object + properties: + id: + type: string + description: the ID of the account in the database + nativeIdentity: + type: string + description: the native identifier of the account + displayName: + type: string + description: the display name of the account + sourceId: + type: string + description: the ID of the source for this account + sourceName: + type: string + description: the name of the source for this account + entitlementCount: + type: integer + description: the number of entitlements on this account + accessType: + type: string + description: this value is always "account" + statusChange: + type: object + properties: + previousStatus: + type: string + description: the previous status of the account + enum: + - enabled + - disabled + - locked + newStatus: + type: string + description: the new status of the account + enum: + - enabled + - disabled + - locked + example: + account: + id: 2c91808a77ff216301782327a50f09bf + nativeIdentity: 127999 + displayName: Sample Name + sourceId: 8a80828f643d484f01643e14202e206f + sourceName: JDBC Entitlements Source + entitlementCount: 0 + accessType: account + statusChange: + previousStatus: enabled + newStatus: disabled + eventType: AccountStatusChanged + identityId: 8a80828f643d484f01643e14202e206f + date: '2019-03-08T22:37:33.901Z' + examples: + AccessItemAssociated: + description: An Access item associated event + value: + - accessItem: + id: 8c190e6787aa4ed9a90bd9d5344523fb + accessType: account + nativeIdentity: 127999 + sourceName: JDBC Entitlements Source + entitlementCount: 0 + displayName: Sample Name + eventType: AccessItemAssociated + identityId: 8a80828f643d484f01643e14202e206f + dt: '2019-03-08T22:37:33.901Z' + governanceEvent: + name: Access Request 58 + dt: '2019-03-08T22:37:33.901Z' + type: accessRequest + governanceId: 2c91808a77ff216301782327a50f09e1 + owners: + - id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + reviewers: + - id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + decisionMaker: + id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + AccessItemRemoved: + description: An Access item removed event + value: + - accessItem: + id: 8c190e6787aa4ed9a90bd9d5344523fb + accessType: account + nativeIdentity: 127999 + sourceName: JDBC Entitlements Source + entitlementCount: 0 + displayName: Sample Name + eventType: AccessItemRemoved + identityId: 8a80828f643d484f01643e14202e206f + dt: '2019-03-08T22:37:33.901Z' + governanceEvent: + name: Manager Certification for Jon Snow + dt: '2019-03-08T22:37:33.901Z' + type: certification + governanceId: 2c91808a77ff216301782327a50f09bf + owners: + - id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + reviewers: + - id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + decisionMaker: + id: bc693f07e7b645539626c25954c58554 + displayName: Jon Snow + AttributesChanged: + description: An attribute changed event + value: + - attributeChanges: + - name: firstname + previousValue: adam + newValue: zampa + eventType: AttributesChanged + identityId: 8a80828f643d484f01643e14202e206f + dt: '2019-03-08T22:37:33.901Z' + AccessRequested: + description: An access requested event + value: + accessRequest: + requesterId: 2c91808a77ff216301782327a50f09bf + requestName: Bing C + items: + - operation: Add + accessItemType: role + name: Role-1 + decision: APPROVED + description: The role descrition + sourceId: 8a80828f643d484f01643e14202e206f + sourceName: Source1 + approvalInfos: + - name: John Snow + id: 8a80828f643d484f01643e14202e2000 + status: Approved + eventType: AccessRequested + identityId: 8a80828f643d484f01643e14202e206f + dt: '2019-03-08T22:37:33.901Z' + IdentityCertified: + description: An identity certified event + value: + - certification: + id: 2c91808a77ff216301782327a50f09bf + name: Cert name + signedDate: '2019-03-08T22:37:33.901Z' + certifiers: + - id: 8a80828f643d484f01643e14202e206f + displayName: John Snow + reviewers: + - id: 8a80828f643d484f01643e14202e206f + displayName: Daenerys Targaryen + signer: + id: 8a80828f643d484f01643e14202e206f + displayName: Tyrion Lannister + eventType: IdentityCertified + identityId: 8a80828f643d484f01643e14202e206f + dt: '2019-03-08T22:37:33.901Z' + AccountStatusChanged: + description: An account status changed event + value: + - account: + id: 2c91808a77ff216301782327a50f09bf + nativeIdentity: 127999 + displayName: Sample Name + sourceId: 8a80828f643d484f01643e14202e206f + sourceName: JDBC Entitlements Source + entitlementCount: 0 + accessType: account + statusChange: + previousStatus: ENABLED + newStatus: DISABLED + eventType: AccountStatusChanged + identityId: 8a80828f643d484f01643e14202e206f + dt: '2019-03-08T22:37:33.901Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/start-date': + get: + operationId: getIdentityStartDate + tags: + - Identity History + summary: Gets the start date of the identity + description: 'This method retrieves start date of the identity Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + responses: + '200': + description: The start date of the identity + content: + application/json: + schema: + type: string + example: '2017-03-01T13:00:00.000Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/compare': + get: + operationId: compareIdentitySnapshots + tags: + - Identity History + summary: Gets a difference of count for each access item types for the given identity between 2 snapshots + description: 'This method gets a difference of count for each access item types for the given identity between 2 snapshots Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: snapshot1 + schema: + type: string + description: The snapshot 1 of identity + example: '2007-03-01T13:00:00Z' + - in: query + name: snapshot2 + schema: + type: string + description: The snapshot 2 of identity + example: '2008-03-01T13:00:00Z' + - in: query + name: accessItemTypes + schema: + type: array + items: + type: string + description: 'An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned ' + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: A IdentityCompare object with difference details for each access item type + content: + application/json: + schema: + type: array + items: + type: object + properties: + accessItemDiff: + type: object + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + additionalProperties: + type: object + example: + accessItemDiff: + role: + accessAdded: 2 + accessRemoved: 3 + entitlement: + accessAdded: 4 + accessRemoved: 0 + accessProfile: + accessAdded: 0 + accessRemoved: 1 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/historical-identities/{id}/compare/{access-type}': + get: + operationId: compareIdentitySnapshotsAccessType + tags: + - Identity History + summary: Gets a list of differences of specific accessType for the given identity between 2 snapshots + description: 'This method gets a list of differences of specific accessType for the given identity between 2 snapshots Requires authorization scope of ''idn:identity-history:read'' ' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: path + name: accessType + schema: + type: string + required: true + description: The specific type which needs to be compared + example: role + - in: query + name: access-associated + schema: + type: boolean + description: 'Indicates if added or removed access needs to be returned. true - added, false - removed, null - both added & removed' + example: '2007-03-01T13:00:00Z' + - in: query + name: snapshot1 + schema: + type: string + description: The snapshot 1 of identity + example: '2008-03-01T13:00:00Z' + - in: query + name: snapshot2 + schema: + type: string + description: The snapshot 2 of identity + example: '2009-03-01T13:00:00Z' + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: A list of events for the identity + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: the id of the access item + eventType: + type: string + enum: + - ADD + - REMOVE + displayName: + type: string + description: the display name of the access item + sourceName: + type: string + description: the source name of the access item + example: + id: 2c91808c7726345b017726a0a2fb013b + eventType: ADD + displayName: Test + sourceName: Source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identities/{identityId}/synchronize-attributes': + post: + operationId: synchronizeAttributesForIdentity + tags: + - Identities + summary: Attribute synchronization for single identity. + description: This end-point performs attribute synchronization for a selected identity. The endpoint can be called once in 10 seconds per identity. A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: identityId + schema: + type: string + required: true + description: The Identity id + responses: + '202': + description: An Identity Sync job + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Job ID. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + status: + type: string + description: The job status. + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + example: IN_PROGRESS + payload: + description: Job payload. + example: + type: SYNCHRONIZE_IDENTITY_ATTRIBUTES + dataJson: '{"identityId":"2c918083746f642c01746f990884012a"}' + type: object + properties: + type: + type: string + description: Payload type. + example: SYNCHRONIZE_IDENTITY_ATTRIBUTES + dataJson: + type: string + description: Payload type. + example: '{"identityId":"2c918083746f642c01746f990884012a"}' + required: + - type + - dataJson + required: + - id + - status + - payload + example: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3dfc + status: IN_PROGRESS + payload: + type: SYNCHRONIZE_IDENTITY_ATTRIBUTES + dataJson: '{"identityId":"2c918083746f642c01746f990884012a"}' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /identities: + get: + operationId: listIdentities + tags: + - Identities + summary: List Identities + description: This API returns a list of identities. + parameters: + - in: query + name: filters + schema: + type: string + required: false + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, sw* + + **alias**: *eq, sw* + + **firstname**: *eq, sw* + + **lastname**: *eq, sw* + + **email**: *eq, sw* + + **cloudStatus**: *eq* + + **processingState**: *eq* + + **correlated**: *eq* + + **protected**: *eq* + example: id eq "6c9079b270a266a60170a2779fcb0006" or correlated eq false + - in: query + name: sorters + schema: + type: string + format: comma-separated + required: false + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/#sorting-results) + + Sorting is supported for the following fields: **name, alias, cloudStatus** + example: 'name,-cloudStatus' + - in: query + name: defaultFilter + schema: + type: string + enum: + - CORRELATED_ONLY + - NONE + default: CORRELATED_ONLY + required: false + description: |- + Adds additional filter to filters query parameter. + + CORRELATED_ONLY adds correlated=true and returns only identities that are correlated. + + NONE does not add any and returns all identities that satisfy filters query parameter. + example: NONE + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + responses: + '200': + description: List of identities. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + title: IdentityDto + properties: + alias: + type: string + description: Alternate unique identifier for the identity + example: walter.white + emailAddress: + type: string + description: The email address of the identity + example: sender@example.com + processingState: + type: string + nullable: true + description: The processing state of the identity + enum: + - ERROR + - OK + example: ERROR + identityStatus: + type: string + description: The identity's status in the system + enum: + - UNREGISTERED + - REGISTERED + - PENDING + - WARNING + - DISABLED + - ACTIVE + - DEACTIVATED + - TERMINATED + - ERROR + - LOCKED + example: LOCKED + managerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + isManager: + type: boolean + description: Whether this identity is a manager of another identity + example: true + lastRefresh: + type: string + format: date-time + description: The last time the identity was refreshed by the system + example: '2020-11-22T15:42:31.123Z' + attributes: + type: object + description: A map with the identity attributes for the identity + example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identities/{id}': + get: + operationId: getIdentity + tags: + - Identities + summary: Identity Details + description: This API returns a single identity using the Identity ID. + security: + - oauth2: + - 'idn:identity:read' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: Identity Id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An identity object + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + title: IdentityDto + properties: + alias: + type: string + description: Alternate unique identifier for the identity + example: walter.white + emailAddress: + type: string + description: The email address of the identity + example: sender@example.com + processingState: + type: string + nullable: true + description: The processing state of the identity + enum: + - ERROR + - OK + example: ERROR + identityStatus: + type: string + description: The identity's status in the system + enum: + - UNREGISTERED + - REGISTERED + - PENDING + - WARNING + - DISABLED + - ACTIVE + - DEACTIVATED + - TERMINATED + - ERROR + - LOCKED + example: LOCKED + managerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + isManager: + type: boolean + description: Whether this identity is a manager of another identity + example: true + lastRefresh: + type: string + format: date-time + description: The last time the identity was refreshed by the system + example: '2020-11-22T15:42:31.123Z' + attributes: + type: object + description: A map with the identity attributes for the identity + example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteIdentity + tags: + - Identities + summary: Deletes an identity. + description: The API returns successful response if the requested identity was deleted. + security: + - oauth2: + - 'idn:identity:delete' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: Identity Id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request is invalid. It may indicate that the specified identity is marked as protected and cannot be deleted. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /identity-profiles: + get: + operationId: listIdentityProfiles + tags: + - Identity Profiles + summary: Identity Profiles list + description: |- + This returns a list of Identity Profiles based on the specified query parameters. + A token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, ne* + + **name**: *eq, ne* + + **priority**: *eq, ne* + example: id eq 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **priority** + example: 'name,-priority' + responses: + '200': + description: List of identityProfiles. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + required: + - authoritativeSource + properties: + description: + type: string + nullable: true + description: The description of the Identity Profile. + example: My custom flat file profile + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + description: The authoritative source for this Identity Profile. + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + properties: + enabled: + type: boolean + description: If the profile or mapping is enabled + example: true + default: true + attributeTransforms: + type: array + items: + type: object + properties: + identityAttributeName: + type: string + description: Name of the identity attribute + example: email + transformDefinition: + description: The seaspray transformation definition + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + nullable: true + additionalProperties: true + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result + example: 2c918086795cd09201795d5f7d7533df + reportName: + type: string + example: My annual report + description: The name of the report + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: true + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + - 'idn:identity-profile:manage' + post: + operationId: createIdentityProfile + summary: Create an Identity Profile + description: |- + This creates an Identity Profile + A token with ORG_ADMIN authority is required to call this API to create an Identity Profile. + tags: + - Identity Profiles + requestBody: + required: true + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + required: + - authoritativeSource + properties: + description: + type: string + nullable: true + description: The description of the Identity Profile. + example: My custom flat file profile + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + description: The authoritative source for this Identity Profile. + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + properties: + enabled: + type: boolean + description: If the profile or mapping is enabled + example: true + default: true + attributeTransforms: + type: array + items: + type: object + properties: + identityAttributeName: + type: string + description: Name of the identity attribute + example: email + transformDefinition: + description: The seaspray transformation definition + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + nullable: true + additionalProperties: true + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result + example: 2c918086795cd09201795d5f7d7533df + reportName: + type: string + example: My annual report + description: The name of the report + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: true + example: true + responses: + '201': + description: The created Identity Profile + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + required: + - authoritativeSource + properties: + description: + type: string + nullable: true + description: The description of the Identity Profile. + example: My custom flat file profile + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + description: The authoritative source for this Identity Profile. + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + properties: + enabled: + type: boolean + description: If the profile or mapping is enabled + example: true + default: true + attributeTransforms: + type: array + items: + type: object + properties: + identityAttributeName: + type: string + description: Name of the identity attribute + example: email + transformDefinition: + description: The seaspray transformation definition + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + nullable: true + additionalProperties: true + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result + example: 2c918086795cd09201795d5f7d7533df + reportName: + type: string + example: My annual report + description: The name of the report + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: true + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + /identity-profiles/bulk-delete: + post: + operationId: deleteIdentityProfiles + tags: + - Identity Profiles + summary: Delete Identity Profiles + description: |- + This deletes multiple Identity Profiles via a list of supplied IDs. + On success, this endpoint will return a reference to the bulk delete task result. + A token with ORG_ADMIN authority is required to call this API to delete a list of Identity Profiles. + requestBody: + description: Identity Profile bulk delete request body. + required: true + content: + application/json: + schema: + description: List of Identity Profile IDs to delete. + type: array + items: + type: string + example: + - 2c9180867b2a34e0017b3078d60b0699 + - 2c9180867b2a34e0017b3078d60b0698 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + description: An object with a TaskResult reference of the bulk delete job + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + /identity-profiles/export: + get: + operationId: exportIdentityProfiles + tags: + - Identity Profiles + summary: Export Identity Profiles + description: This exports existing identity profiles in the format specified by the sp-config service. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, ne* + + **name**: *eq, ne* + + **priority**: *eq, ne* + example: id eq 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **priority** + example: 'name,-priority' + responses: + '200': + description: List of export objects with identity profiles. + content: + application/json: + schema: + type: array + items: + type: object + description: Identity Profile exported object + properties: + version: + type: integer + example: 1 + description: Version or object from the target service. + self: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + object: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + default: false + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: false + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + - 'idn:identity-profile:manage' + /identity-profiles/import: + post: + operationId: importIdentityProfiles + summary: Import Identity Profiles + description: This imports previously exported identity profiles. + tags: + - Identity Profiles + requestBody: + description: Previously exported Identity Profiles. + required: true + content: + application/json: + schema: + type: array + items: + type: object + description: Identity Profile exported object + properties: + version: + type: integer + example: 1 + description: Version or object from the target service. + self: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + object: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + default: false + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: false + example: true + responses: + '200': + description: The result of importing Identity Profiles. + content: + application/json: + schema: + type: object + title: Import Object Response Body + description: Response model for import of a single object. + properties: + infos: + description: Informational messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: + type: object + example: + details: message details + required: + - key + - text + - details + warnings: + description: Warning messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: + type: object + example: + details: message details + required: + - key + - text + - details + errors: + description: Error messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: + type: object + example: + details: message details + required: + - key + - text + - details + importedObjects: + description: References to objects that were created or updated by the import. + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + required: + - infos + - warnings + - errors + - importedObjects + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + /identity-profiles/identity-preview: + post: + operationId: generateIdentityPreview + tags: + - Identity Profiles + summary: Generate Identity Profile Preview + description: |- + This generates a non-persisted IdentityDetails object that will represent as the preview of the identities attribute when the given policy's attribute config is applied. + A token with ORG_ADMIN authority is required to call this API to generate an identity preview. + requestBody: + description: Identity Preview request body. + required: true + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + format: uuid + example: 2c9180857893f12901789445619b0366 + identityAttributeConfig: + type: object + properties: + enabled: + type: boolean + description: If the profile or mapping is enabled + example: true + default: true + attributeTransforms: + type: array + items: + type: object + properties: + identityAttributeName: + type: string + description: Name of the identity attribute + example: email + transformDefinition: + description: The seaspray transformation definition + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + nullable: true + additionalProperties: true + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + responses: + '200': + description: Object representing the preview object with all of the identity attributes using the current mappings. + content: + application/json: + schema: + type: object + properties: + identity: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + previewAttributes: + type: array + items: + type: object + properties: + name: + type: string + description: Name of the attribute that is being previewed. + example: email + value: + type: object + description: Value that was derived during the preview. + example: email@mail.com + previousValue: + type: object + description: The value of the attribute before the preview. + example: oldEmail@mail.com + errorMessages: + description: A list of errors that may have been encountered + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + '/identity-profiles/{identity-profile-id}': + get: + operationId: getIdentityProfile + tags: + - Identity Profiles + summary: Gets a single Identity Profile + description: |- + This returns a single Identity Profile based on ID. + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An Identity Profile object + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + required: + - authoritativeSource + properties: + description: + type: string + nullable: true + description: The description of the Identity Profile. + example: My custom flat file profile + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + description: The authoritative source for this Identity Profile. + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + properties: + enabled: + type: boolean + description: If the profile or mapping is enabled + example: true + default: true + attributeTransforms: + type: array + items: + type: object + properties: + identityAttributeName: + type: string + description: Name of the identity attribute + example: email + transformDefinition: + description: The seaspray transformation definition + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + nullable: true + additionalProperties: true + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result + example: 2c918086795cd09201795d5f7d7533df + reportName: + type: string + example: My annual report + description: The name of the report + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: true + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + - 'idn:identity-profile:manage' + delete: + operationId: deleteIdentityProfile + tags: + - Identity Profiles + summary: Delete an Identity Profile + description: |- + This deletes an Identity Profile based on ID. + A token with ORG_ADMIN authority is required to call this API to delete an Identity Profile. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + description: An object with a TaskResult reference of the delete job. + type: object + properties: + id: + type: string + description: the application ID + example: ff8081814d977c21014da056804a0af3 + name: + type: string + description: the application name + example: Github + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + patch: + operationId: updateIdentityProfile + tags: + - Identity Profiles + summary: Update the Identity Profile + description: |- + This updates the specified Identity Profile. + A token with ORG_ADMIN authority is required to call this API to update the Identity Profile. Some fields of the Schema cannot be updated. These fields are listed below. + * id + * name + * created + * modified + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: 'A list of Identity Profile update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + add-attribute-transform: + summary: Add an attribute transform + value: + - op: add + path: /identityAttributeConfig/attributeTransforms/0 + value: + identityAttributeName: location + transformDefinition: + type: accountAttribute + attributes: + sourceName: Employees + attributeName: location + sourceId: 2c91808878b7d63b0178c66ffcdc4ce4 + responses: + '200': + description: The updated Identity Profile. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + required: + - authoritativeSource + properties: + description: + type: string + nullable: true + description: The description of the Identity Profile. + example: My custom flat file profile + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + description: The authoritative source for this Identity Profile. + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + properties: + enabled: + type: boolean + description: If the profile or mapping is enabled + example: true + default: true + attributeTransforms: + type: array + items: + type: object + properties: + identityAttributeName: + type: string + description: Name of the identity attribute + example: email + transformDefinition: + description: The seaspray transformation definition + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + nullable: true + additionalProperties: true + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result + example: 2c918086795cd09201795d5f7d7533df + reportName: + type: string + example: My annual report + description: The name of the report + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: true + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + '/identity-profiles/{identity-profile-id}/default-identity-attribute-config': + get: + operationId: getDefaultIdentityAttributeConfig + tags: + - Identity Profiles + summary: Default identity attribute config + description: |- + This returns the default identity attribute config + A token with ORG_ADMIN authority is required to call this API to get the default identity attribute config. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An Identity Attribute Config object + content: + application/json: + schema: + type: object + properties: + enabled: + type: boolean + description: If the profile or mapping is enabled + example: true + default: true + attributeTransforms: + type: array + items: + type: object + properties: + identityAttributeName: + type: string + description: Name of the identity attribute + example: email + transformDefinition: + description: The seaspray transformation definition + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + nullable: true + additionalProperties: true + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + '/identity-profiles/{identity-profile-id}/refresh-identities': + post: + operationId: refreshIdentityProfile + tags: + - Identity Profiles + summary: Refreshes all identities under profile + description: |- + This refreshes all identities under the profile + A token with ORG_ADMIN authority is required to call this API to refresh identities under this Identity Profile. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID to be refreshed + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Accepted status after all refreshes have launched + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + '/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}': + get: + operationId: listLifecycleStates + tags: + - Lifecycle States + summary: Lifecycle State + description: | + This endpoint returns a lifecycle state. + + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + - in: path + name: lifecycle-state-id + description: Lifecycle State ID + required: true + schema: + type: string + responses: + '200': + description: lifecycle-state + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + example: 2c9180835d2e5168015d32f890ca1581 + description: lifecycle stat id. + name: + type: string + readOnly: true + example: Lifecycle Name + description: Lifecycle-state name. + technicalName: + type: string + readOnly: true + example: lifecycleTechnicalName + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: LifecycleDescription + description: Lifecycle state description. + created: + type: string + readOnly: true + format: date-time + example: 2015-05-28T14:07:17.000Z + description: Lifecycle state created date. + modified: + type: string + readOnly: true + format: date-time + example: 2015-05-28T14:07:17.000Z + description: Lifecycle state modified date. + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + identityCount: + type: integer + format: int32 + readOnly: true + example: 12 + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + properties: + action: + type: string + example: ENABLE + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + example: 2c918084660f45d6016617daa9210584 + description: Source Id + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateLifecycleStates + tags: + - Lifecycle States + summary: Update Lifecycle State + description: | + This API updates individual lifecycle state fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + - in: path + name: lifecycle-state-id + description: Lifecycle State ID + required: true + schema: + type: string + requestBody: + required: true + description: | + A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields can be updated: + * enabled + * description + * accountActions + * accessProfileIds + * emailNotificationOption + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /description + value: Updated description! + - op: replace + path: /accessProfileIds + value: + - 2c918087742bab150174407a80f3125e + - 2c918087742bab150174407a80f3124f + - op: replace + path: /accountActions + value: + - action: ENABLE + sourceIds: + - 2c9180846a2f82fb016a481c1b1560c5 + - 2c9180846a2f82fb016a481c1b1560cc + - action: DISABLE + sourceIds: + - 2c91808869a0c9980169a207258513fb + - op: replace + path: /emailNotificationOption + value: + notifyManagers: true + notifyAllAdmins: false + notifySpecificUsers: false + emailAddressList: [] + responses: + '200': + description: Updated lifecycle-state. + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + example: 2c9180835d2e5168015d32f890ca1581 + description: lifecycle stat id. + name: + type: string + readOnly: true + example: Lifecycle Name + description: Lifecycle-state name. + technicalName: + type: string + readOnly: true + example: lifecycleTechnicalName + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: LifecycleDescription + description: Lifecycle state description. + created: + type: string + readOnly: true + format: date-time + example: 2015-05-28T14:07:17.000Z + description: Lifecycle state created date. + modified: + type: string + readOnly: true + format: date-time + example: 2015-05-28T14:07:17.000Z + description: Lifecycle state modified date. + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + identityCount: + type: integer + format: int32 + readOnly: true + example: 12 + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + properties: + action: + type: string + example: ENABLE + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + example: 2c918084660f45d6016617daa9210584 + description: Source Id + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-records: + post: + operationId: createNonEmployeeRecord + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Record + description: |- + This request will create a non-employee record. + Request will require the following security scope: + 'idn:nesr:create' + requestBody: + description: Non-Employee record creation request body. + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: Created non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + accountName: + type: string + description: Requested identity account name. + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeRecords + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Records + description: This gets a list of non-employee records. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + required: false + name: sorters + schema: + type: string + format: comma-separated + example: 'accountName,sourceId' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**' + - in: query + name: filters + required: false + schema: + type: string + example: sourceId eq "2c91808568c529c60168cca6f90c1313" + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"' + responses: + '200': + description: Non-Employee record objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + accountName: + type: string + description: Requested identity account name. + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-records/{id}': + get: + operationId: getNonEmployeeRecord + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Record + description: This gets a non-employee record. + parameters: + - in: path + name: id + description: Non-Employee record id (UUID) + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + schema: + type: string + responses: + '200': + description: Non-Employee record object + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + accountName: + type: string + description: Requested identity account name. + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateNonEmployeeRecord + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Update Non-Employee Record + description: This request will update a non-employee record. + parameters: + - in: path + name: id + description: Non-employee record id (UUID) + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + schema: + type: string + requestBody: + description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields. + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: An updated non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + accountName: + type: string + description: Requested identity account name. + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeRecord + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Patch Non-Employee Record + description: This request will patch a non-employee record. + parameters: + - in: path + name: id + description: Non-employee record id (UUID) + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + schema: + type: string + requestBody: + description: 'A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.' + required: true + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /endDate + value: + '2019-08-23T18:40:35.772Z': null + responses: + '200': + description: A patched non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + accountName: + type: string + description: Requested identity account name. + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeRecord + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Record + description: This request will delete a non-employee record. + parameters: + - in: path + name: id + description: Non-Employee record id (UUID) + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + schema: + type: string + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-records/bulk-delete: + post: + operationId: deleteNonEmployeeRecordInBulk + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Delete Multiple Non-Employee Records + description: |- + This request will delete multiple non-employee records based on the non-employee ids provided. + Request will require the following scope: + 'idn:nesr:delete' + requestBody: + description: Non-Employee bulk delete request body. + required: true + content: + application/json: + schema: + type: object + properties: + ids: + description: List of non-employee ids. + type: array + items: + type: string + format: uuid + required: + - ids + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-requests: + post: + operationId: createNonEmployeeRequest + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Request + description: This request will create a non-employee request and notify the approver + requestBody: + description: Non-Employee creation request body + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: Non-Employee request creation object + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + approvalOrder: + type: number + description: Approval order + example: 1 + comment: + type: string + description: comment of approver + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + comment: + type: string + description: comment of requester + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + 400.1 Bad Request Content: + description: Response for bad request content + value: + detailCode: 400.1 Bad Request Content + trackingId: e7eab60924f64aa284175b9fa3309599 + messages: + - locale: en + localeOrigin: REQUEST + text: firstName is required; accountName is required; + 400.1.409 Reference conflict: + description: Response for reference conflict + value: + detailCode: 400.1.409 Reference conflict + trackingId: e7eab60924f64aa284175b9fa3309599 + messages: + - locale: en + localeOrigin: REQUEST + text: Unable to create Non-Employee because the accountName "existed" is already being used. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeRequests + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Requests + description: This gets a list of non-employee requests. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: requested-for + required: true + schema: + type: string + example: me + description: The identity for whom the request was made. *me* indicates the current user. + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'approvalStatus,firstName' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**' + - in: query + name: filters + required: false + schema: + type: string + example: sourceId eq "2c91808568c529c60168cca6f90c1313" + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"' + responses: + '200': + description: List of non-employee request objects. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + approvalOrder: + type: number + description: Approval order + example: 1 + comment: + type: string + description: comment of approver + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + comment: + type: string + description: comment of requester + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-requests/{id}': + get: + operationId: getNonEmployeeRequest + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Request + description: This gets a non-employee request. + parameters: + - in: path + name: id + example: 2c91808b6ef1d43e016efba0ce470904 + description: Non-Employee request id (UUID) + required: true + schema: + type: string + responses: + '200': + description: Non-Employee request object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + approvalOrder: + type: number + description: Approval order + example: 1 + comment: + type: string + description: comment of approver + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + comment: + type: string + description: comment of requester + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeRequest + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Request + description: This request will delete a non-employee request. + parameters: + - in: path + name: id + description: Non-Employee request id in the UUID format + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + schema: + type: string + format: uuid + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-requests/summary/{requested-for}': + get: + operationId: getNonEmployeeRequestSummary + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Get Summary of Non-Employee Requests + description: 'This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter: 1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager''s id. 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.' + parameters: + - in: path + example: ac10d20a-841e-1e7d-8184-32d2e22c0179 + name: requested-for + description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user. + required: true + schema: + type: string + format: uuid (if user is Org Admin) + responses: + '200': + description: Non-Employee request summary object. + content: + application/json: + schema: + type: object + properties: + approved: + type: number + description: The number of approved non-employee requests on all sources that *requested-for* user manages. + rejected: + type: number + description: The number of rejected non-employee requests on all sources that *requested-for* user manages. + pending: + type: number + description: The number of pending non-employee requests on all sources that *requested-for* user manages. + nonEmployeeCount: + type: number + description: The number of non-employee records on all sources that *requested-for* user manages. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-sources: + post: + operationId: createNonEmployeeSource + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Source + description: |- + This request will create a non-employee source. + Request will require the following security scope: + 'idn:nesr:create' + requestBody: + description: Non-Employee source creation request body. + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: Name of non-employee source. + example: Retail + description: + type: string + description: Description of non-employee source. + example: Source description + owner: + description: Owner of non-employee source. + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + managementWorkgroup: + type: string + description: The ID for the management workgroup that contains source sub-admins + example: '123299' + approvers: + description: List of approvers. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + maxItems: 3 + accountManagers: + description: List of account managers. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + maxItems: 10 + required: + - owner + - name + - description + responses: + '200': + description: Created non-employee source. + content: + application/json: + schema: + allOf: + - allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + nonEmployeeCount: + nullable: true + type: integer + description: The number of non-employee records on all sources that *requested-for* user manages. + example: 2 + format: int32 + - type: object + properties: + cloudExternalId: + type: string + description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present. + example: '99999' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeSources + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Sources + description: This gets a list of non-employee sources. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + required: true + name: requested-for + example: me + schema: + type: string + description: The identity for whom the request was made. *me* indicates the current user. + - in: query + required: true + name: non-employee-count + example: false + schema: + type: boolean + description: The flag to determine whether return a non-employee count associate with source. + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'name,created' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created**' + responses: + '200': + description: List of non-employee sources objects. + content: + application/json: + schema: + type: array + items: + allOf: + - allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + nonEmployeeCount: + nullable: true + type: integer + description: The number of non-employee records on all sources that *requested-for* user manages. + example: 2 + format: int32 + - type: object + properties: + nonEmployeeCount: + type: integer + example: 2 + format: int32 + description: Number of non-employee records associated with this source. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}': + get: + operationId: getNonEmployeeSource + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Source + description: This gets a non-employee source. + parameters: + - in: path + example: 2c91808b7c28b350017c2a2ec5790aa1 + name: sourceId + description: Source Id + required: true + schema: + type: string + responses: + '200': + description: Non-Employee source object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + nonEmployeeCount: + nullable: true + type: integer + description: The number of non-employee records on all sources that *requested-for* user manages. + example: 2 + format: int32 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeSource + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Patch a Non-Employee Source + description: 'patch a non-employee source. (Partial Update) Patchable field: **name, description, approvers, accountManagers**' + parameters: + - in: path + name: sourceId + description: Source Id + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + schema: + type: string + requestBody: + description: 'A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + required: true + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: + new name: null + - op: replace + path: /approvers + value: + - 2c91809f703bb37a017040a2fe8748c7 + - 48b1f463c9e8427db5a5071bd81914b8 + responses: + '200': + description: A patched non-employee source object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + nonEmployeeCount: + nullable: true + type: integer + description: The number of non-employee records on all sources that *requested-for* user manages. + example: 2 + format: int32 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSource + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Source + description: This request will delete a non-employee source. + parameters: + - in: path + name: sourceId + description: Source Id + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + schema: + type: string + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employees/download': + get: + operationId: exportNonEmployeeRecords + security: + - oauth2: + - 'idn:nelm:read' + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Exports Non-Employee Records to CSV + description: This requests a CSV download for all non-employees from a provided source. + parameters: + - in: path + example: 2c918085842e69ae018432d22ccb212f + name: id + description: Source Id (UUID) + required: true + schema: + type: string + responses: + '200': + description: Exported CSV + content: + text/csv: + example: | + accountName,firstName,lastName,phone,email,manager,startDate,endDate + Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 + William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employee-bulk-upload': + post: + operationId: importNonEmployeeRecordsInBulk + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: 'Imports, or Updates, Non-Employee Records' + description: |- + This post will import, or update, Non-Employee records found in the CSV. + Request will need the following security scope: + 'idn:nesr:create' + parameters: + - in: path + name: id + description: Source Id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + content: + multipart/form-data: + schema: + type: object + properties: + data: + type: string + format: binary + required: + - data + responses: + '202': + description: The CSV was accepted to be bulk inserted now or at a later time. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The bulk upload job's ID. (UUID) + example: 2c91808568c529c60168cca6f90cffff + sourceId: + type: string + description: The ID of the source to bulk-upload non-employees to. (UUID) + example: 2c91808568c529c60168cca6f90c1313 + created: + type: string + format: date-time + description: The date-time the job was submitted. + example: '2019-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: The date-time that the job was last updated. + example: '2019-08-23T18:52:59.162Z' + status: + type: string + enum: + - PENDING + - IN_PROGRESS + - COMPLETED + - ERROR + description: | + Returns the following values indicating the progress or result of the bulk upload job. + "PENDING" means the job is queued and waiting to be processed. + "IN_PROGRESS" means the job is currently being processed. + "COMPLETED" means the job has been completed without any errors. + "ERROR" means the job failed to process with errors. + example: PENDING + '400': + description: | + Client Error - Returned if the request body is invalid. + The response body will contain the list of specific errors with one on each line. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employee-bulk-upload/status': + get: + operationId: getNonEmployeeBulkUploadStatus + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Bulk upload status on source + description: | + The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source. + parameters: + - in: path + example: 2c918085842e69ae018432d22ccb212f + name: id + description: Source ID (UUID) + required: true + schema: + type: string + responses: + '200': + description: 'Status of the newest bulk-upload job, if any.' + content: + application/json: + schema: + type: object + properties: + status: + type: string + enum: + - PENDING + - IN_PROGRESS + - COMPLETED + - ERROR + description: | + Returns the following values indicating the progress or result of the bulk upload job. + "PENDING" means the job is queued and waiting to be processed. + "IN_PROGRESS" means the job is currently being processed. + "COMPLETED" means the job has been completed without any errors. + "ERROR" means the job failed to process with errors. + null means job has been submitted to the source. + example: PENDING + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/schema-attributes-template/download': + get: + operationId: exportNonEmployeeSourceSchemaTemplate + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Exports Source Schema Template + description: |- + This requests a download for the Source Schema Template for a provided source. + Request will require the following security scope: + idn:nesr:read' + parameters: + - in: path + example: 2c918085842e69ae018432d22ccb212f + name: id + description: Source Id (UUID) + required: true + schema: + type: string + responses: + '200': + description: Exported Source Schema Template + content: + text/csv: + example: | + accountName,firstName,lastName,phone,email,manager,startDate,endDate + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-approvals: + get: + operationId: listNonEmployeeApproval + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Get List of Non-Employee Approval Requests + description: This gets a list of non-employee approval requests. + parameters: + - in: query + example: ac10d20a-841e-1e7d-8184-32d2e22c0179 + name: requested-for + schema: + type: string + description: The identity for whom the request was made. *me* indicates the current user. + required: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + example: filters=approvalStatus eq 'PENDING' + name: filters + schema: + type: string + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"' + - in: query + example: sorters=-created + name: sorters + schema: + type: string + format: comma-separated + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified**' + responses: + '200': + description: List of approval items. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + approvalOrder: + type: number + description: Approval order + example: 1 + comment: + type: string + description: comment of approver + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}': + get: + operationId: getNonEmployeeApproval + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Get a non-employee approval item detail + description: Approves a non-employee approval request and notifies the next approver. + parameters: + - in: path + name: id + example: ac10d20a-841e-1e7d-8184-32d2e22c0179 + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + - in: query + example: include-detail=false + name: include-detail + description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true* + required: false + schema: + type: string + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + approvalOrder: + type: number + description: Approval order + example: 1 + comment: + type: string + description: comment of approver + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + description: Non-Employee request associated to this approval + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + schemaAttributes: + description: List of schema attributes associated with this non-employee source. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + comment: + type: string + description: comment of requester + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date + description: Non-Employee employment start date. + example: '2020-03-24' + endDate: + type: string + format: date + description: Non-Employee employment end date. + example: '2021-03-25' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}/approve': + post: + operationId: approveNonEmployeeRequest + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Approve a Non-Employee Request + description: Approves a non-employee approval request and notifies the next approver. + parameters: + - in: path + name: id + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Comment on the approval item. + maxLength: 4000 + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + approvalOrder: + type: number + description: Approval order + example: 1 + comment: + type: string + description: comment of approver + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}/reject': + post: + operationId: rejectNonEmployeeRequest + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Reject a Non-Employee Request + description: This endpoint will reject an approval item request and notify user. + parameters: + - in: path + name: id + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Comment on the approval item. + maxLength: 4000 + required: + - comment + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + approvalOrder: + type: number + description: Approval order + example: 1 + comment: + type: string + description: comment of approver + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/summary/{requested-for}': + get: + operationId: getNonEmployeeApprovalSummary + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Get Summary of Non-Employee Approval Requests + description: 'This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter: 1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver''s id. 2. The current user is an approver, in which case "me" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.' + parameters: + - in: path + example: ac10d20a-841e-1e7d-8184-32d2e22c0179 + name: requested-for + schema: + type: string + description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user. + required: true + responses: + '200': + description: summary of non-employee approval requests + content: + application/json: + schema: + type: object + properties: + approved: + type: number + description: The number of approved non-employee approval requests. + pending: + type: number + description: The number of pending non-employee approval requests. + rejected: + type: number + description: The number of rejected non-employee approval requests. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}/schema-attributes': + get: + operationId: getNonEmployeeSourceSchemaAttributes + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Schema Attributes Non-Employee Source + description: 'This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned.' + parameters: + - in: path + example: 2c918085842e69ae018432d22ccb212f + name: sourceId + schema: + type: string + required: true + description: The Source id + responses: + '200': + description: A list of Schema Attributes + content: + application/json: + schema: + type: array + example: + - type: TEXT + label: string + technicalName: string + helpText: string + placeholder: string + required: true + items: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + maxItems: 18 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createNonEmployeeSourceSchemaAttributes + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Source Schema Attribute + description: 'This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response.' + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + description: The Source id + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + type: + type: string + description: Type of the attribute. Only type 'TEXT' is supported for custom attributes. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + responses: + '200': + description: Schema Attribute created. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSourceSchemaAttributes + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Delete all custom schema attributes + description: This end-point deletes all custom schema attributes for a non-employee source. + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + description: The Source id + responses: + '204': + description: All custon Schema Attributes were successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}/schema-attributes/{attributeId}': + get: + operationId: getNonEmployeeSchemaAttribute + security: + - oauth2: + - 'idn:nelm:read' + tags: + - Non-Employee Lifecycle Management + summary: Get Schema Attribute Non-Employee Source + description: This API gets a schema attribute by Id for the specified Non-Employee SourceId. + parameters: + - in: path + example: 2c918085842e69ae018432d22ccb212f + name: attributeId + schema: + type: string + required: true + description: The Schema Attribute Id (UUID) + - in: path + example: 2c918085842e69ae018432d22ccb212f + name: sourceId + schema: + type: string + required: true + description: The Source id + responses: + '200': + description: The Schema Attribute + content: + application/json: + example: | + id,system,modified,created,type,label,technicalName,helpText,placeholder,required + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeSchemaAttribute + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Patch Non-Employee Source's Schema Attribute + description: | + This end-point patches a specific schema attribute for a non-employee SourceId. + parameters: + - in: path + name: attributeId + schema: + type: string + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + description: The Schema Attribute Id (UUID) + - in: path + name: sourceId + schema: + type: string + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + description: The Source id + requestBody: + description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update '':'' ''label'', ''helpText'', ''placeholder'', ''required''.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /label + value: + new attribute label: null + required: true + responses: + '200': + description: The Schema Attribute was successfully patched. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSchemaAttribute + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Source's Schema Attribute + description: | + This end-point deletes a specific schema attribute for a non-employee source. + parameters: + - in: path + name: attributeId + schema: + type: string + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + description: The Schema Attribute Id (UUID) + - in: path + name: sourceId + schema: + type: string + required: true + example: 2c91808b6ef1d43e016efba0ce470904 + description: The Source id + responses: + '204': + description: The Schema Attribute was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/managed-clients/{id}/status': + get: + tags: + - Managed Clients + summary: Specified Managed Client Status. + description: Retrieve Managed Client Status by ID. + operationId: getManagedClientStatus + parameters: + - name: id + in: path + description: ID of the Managed Client Status to get + required: true + schema: + type: string + example: aClientId + - name: type + in: query + description: Type of the Managed Client Status to get + required: true + schema: + example: VA + description: Managed Client type + type: string + nullable: true + enum: + - CCG + - VA + - INTERNAL + - null + responses: + '200': + description: Responds with Managed Client Status having the given ID and Type. + content: + application/json: + schema: + description: Managed Client Status + type: object + required: + - body + - status + - type + - timestamp + properties: + body: + description: ManagedClientStatus body information + type: object + example: + alertKey: '' + id: '5678' + clusterId: '1234' + ccg_etag: ccg_etag123xyz456 + ccg_pin: NONE + cookbook_etag: 20210420125956-20210511144538 + hostname: megapod-useast1-secret-hostname.sailpoint.com + internal_ip: 127.0.0.1 + lastSeen: '1620843964604' + sinceSeen: '14708' + sinceSeenMillis: '14708' + localDev: false + stacktrace: '' + state: null + status: NORMAL + uuid: null + product: idn + va_version: null + platform_version: '2' + os_version: 2345.3.1 + os_type: flatcar + hypervisor: unknown + status: + description: status of the Managed Client + type: string + enum: + - NORMAL + - UNDEFINED + - NOT_CONFIGURED + - CONFIGURING + - WARNING + - ERROR + - FAILED + type: + description: type of the Managed Client + type: string + example: CCG + nullable: true + enum: + - CCG + - VA + - INTERNAL + - null + timestamp: + description: timestamp on the Client Status update + type: string + format: date-time + example: '2020-01-01T00:00:00.000000Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:managed-client-status:read' + post: + tags: + - Managed Clients + summary: Handle status request from client + description: Update a status detail passed in from the client + operationId: updateManagedClientStatus + parameters: + - name: id + in: path + description: ID of the Managed Client Status to update + required: true + schema: + type: string + example: aClientId + requestBody: + required: true + content: + application/json: + schema: + description: Managed Client Status + type: object + required: + - body + - status + - type + - timestamp + properties: + body: + description: ManagedClientStatus body information + type: object + example: + alertKey: '' + id: '5678' + clusterId: '1234' + ccg_etag: ccg_etag123xyz456 + ccg_pin: NONE + cookbook_etag: 20210420125956-20210511144538 + hostname: megapod-useast1-secret-hostname.sailpoint.com + internal_ip: 127.0.0.1 + lastSeen: '1620843964604' + sinceSeen: '14708' + sinceSeenMillis: '14708' + localDev: false + stacktrace: '' + state: null + status: NORMAL + uuid: null + product: idn + va_version: null + platform_version: '2' + os_version: 2345.3.1 + os_type: flatcar + hypervisor: unknown + status: + description: status of the Managed Client + type: string + enum: + - NORMAL + - UNDEFINED + - NOT_CONFIGURED + - CONFIGURING + - WARNING + - ERROR + - FAILED + type: + description: type of the Managed Client + type: string + example: CCG + nullable: true + enum: + - CCG + - VA + - INTERNAL + - null + timestamp: + description: timestamp on the Client Status update + type: string + format: date-time + example: '2020-01-01T00:00:00.000000Z' + responses: + '200': + description: Responds with the updated Managed Client Status. + content: + application/json: + schema: + description: Managed Client Status + type: object + required: + - body + - status + - type + - timestamp + properties: + body: + description: ManagedClientStatus body information + type: object + example: + body: + id: '1528' + clientId: '1528' + clusterId: '1533' + orgType: test + vaDownloadUrl: 'https://sptcbu-va-images.s3.amazonaws.com/va-latest.zip' + clusterJobCount: 1 + configuration: + clusterType: sqsCluster + clusterExternalId: 2c91808876dd79120176f758af765c58 + debug: 'false' + failureThreshold: '0' + gmtOffset: '-6' + scheduleUpgrade: 'false' + va_version: va-megapod-useast1-595-1627543540 + jobType: VA_UPGRADE + cookbook: va-megapod-useast1-595-1627543540 + connectorServices: + - id: '540696' + name: EndToEnd-ADSource + connector_host: host.example.com + connector_port: '389' + connector_(boolean)useSSL: false + connectorFileUploadHistory: null + - id: '540698' + name: EndToEnd-AzureADSource + connector_host: null + connector_port: null + connector_(boolean)useSSL: null + connectorFileUploadHistory: null + - id: '540710' + name: EndToEnd-OpenLDAP + connector_host: 10.0.2.64 + connector_port: '389' + connector_(boolean)useSSL: false + connectorFileUploadHistory: null + - id: '540713' + name: Dynamic-ADSource + connector_host: host.example.com + connector_port: '389' + connector_(boolean)useSSL: false + connectorFileUploadHistory: null + - id: '540716' + name: EndToEnd-JdbcADSource + connector_host: 10.0.5.187 + connector_port: '389' + connector_(boolean)useSSL: false + connectorFileUploadHistory: null + - id: '540717' + name: EndToEnd-JdbcSource + connector_host: null + connector_port: null + connector_(boolean)useSSL: null + connectorFileUploadHistory: + - serviceId: '540717' + date: '2021-02-05T22:58:15Z' + file: temp7081703651350031905mysql-connector-java-8.0.11.jar + jobs: + - uuid: 872b622f-5ab5-4836-9172-e3bb77f05b2c + cookbook: 872b622f-5ab5-4836-9172-e3bb77f05b2c + state: FINISHED + type: VA_UPGRADE + targetId: '1528' + managedProcessConfiguration: + charon: + version: '345' + path: sailpoint/charon + description: null + dependencies: null + ccg: + version: 415_583_79.0.0 + path: sailpoint/ccg + description: null + dependencies: null + toolbox: + version: '6' + path: sailpoint/toolbox + description: null + dependencies: null + fluent: + version: '50' + path: fluent/va + description: null + dependencies: null + va_agent: + version: '89' + path: sailpoint/va_agent + description: null + dependencies: null + queue: + name: megapod-useast1-denali-lwt-cluster-1533 + region: us-east-1 + maintenance: + window: 'true' + windowStartTime: '2021-07-29T00:00:00Z' + windowClusterTime: '2021-07-29T01:35:24Z' + windowFinishTime: '2021-07-29T04:00:00Z' + status: + description: status of the Managed Client + type: string + enum: + - NORMAL + - UNDEFINED + - NOT_CONFIGURED + - CONFIGURING + - WARNING + - ERROR + - FAILED + type: + description: type of the Managed Client + type: string + example: CCG + nullable: true + enum: + - CCG + - VA + - INTERNAL + - null + timestamp: + description: timestamp on the Client Status update + type: string + format: date-time + example: '2020-01-01T00:00:00.000000Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:managed-client-status:manage' + '/managed-clusters/{id}': + get: + tags: + - Managed Clusters + summary: Get a specified ManagedCluster. + description: Retrieve a ManagedCluster by ID. + operationId: getManagedCluster + parameters: + - name: id + in: path + description: ID of the ManagedCluster to get + required: true + style: simple + explode: false + schema: + type: string + example: aClusterId + responses: + '200': + description: Responds with ManagedCluster having the given ID. + content: + application/json: + schema: + description: Managed Cluster + type: object + required: + - id + - clientType + - ccgVersion + properties: + id: + description: ManagedCluster ID + type: string + example: aClusterId + name: + description: ManagedCluster name + type: string + example: Managed Cluster Name + pod: + description: ManagedCluster pod + type: string + example: megapod-useast1 + org: + description: ManagedCluster org + type: string + example: denali + type: + description: The Type of Cluster + example: idn + nullable: false + type: string + enum: + - idn + - iai + configuration: + description: ManagedProcess configuration map + type: object + additionalProperties: + type: string + example: + clusterExternalId: externalId + ccgVersion: 77.0.0 + keyPair: + description: key pair for the ManagedCluster + type: object + properties: + publicKey: + nullable: true + description: ManagedCluster publicKey + type: string + example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----' + publicKeyThumbprint: + nullable: true + description: ManagedCluster publicKeyThumbprint + type: string + example: 6CMlaJIV44-xJxcB3CJBjDUUn54 + publicKeyCertificate: + nullable: true + description: ManagedCluster publicKeyCertificate + type: string + example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----' + attributes: + description: Specific Attributes for Configuring a ManagedCluster by Type + type: object + properties: + queue: + description: ManagedCluster keystore for sqsCluster type + type: object + properties: + name: + description: ManagedCluster queue name + type: string + example: megapod-useast1-denali-lwt-cluster-1533 + region: + description: ManagedCluster queue aws region + type: string + example: us-east-1 + keystore: + nullable: true + description: ManagedCluster keystore for spConnectCluster type + type: string + example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW + description: + description: ManagedCluster description + type: string + example: A short description of the managed cluster. + redis: + description: Redis configuration for the ManagedCluster + type: object + properties: + redisHost: + description: ManagedCluster redisHost + type: string + example: megapod-useast1-shared-redis.cloud.sailpoint.com + redisPort: + description: ManagedCluster redisPort + type: integer + format: int32 + example: 6379 + clientType: + description: type of client for the ManagedCluster + type: string + example: CCG + nullable: true + enum: + - CCG + - VA + - INTERNAL + - null + ccgVersion: + description: CCG version used by the ManagedCluster + type: string + example: v01 + pinnedConfig: + description: boolean flag indiacting whether or not the cluster configuration is pinned + type: boolean + default: false + example: false + logConfiguration: + description: client log configuration for the cluster + example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }' + nullable: true + type: object + required: + - durationMinutes + - rootLevel + properties: + clientId: + description: Log configuration's client ID + type: string + example: aClientId + durationMinutes: + description: Duration in minutes for log configuration to remain in effect before resetting to defaults + type: integer + format: int32 + example: 120 + minimum: 5 + maximum: 1440 + expiration: + description: Expiration date-time of the log configuration request + example: '2020-12-15T19:13:36.079Z' + type: string + format: date-time + rootLevel: + description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + default: INFO + example: TRACE + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + logLevels: + description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + example: + sailpoint.connector.ADLDAPConnector: TRACE + type: object + additionalProperties: + default: INFO + example: TRACE + description: Standard Log4j log level + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + operational: + description: Whether or not the cluster is operational or not + type: boolean + default: false + example: false + status: + description: Cluster status + type: string + example: NORMAL + publicKeyCertificate: + nullable: true + description: Public key certificate + type: string + example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----' + publicKeyThumbprint: + nullable: true + description: Public key thumbprint + type: string + example: obc6pLiulGbtZ + publicKey: + nullable: true + description: Public key + type: string + example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----' + alertKey: + description: Key describing any immediate cluster alerts + type: string + example: LIMITED_RESOURCES + clientIds: + type: array + description: List of clients in a cluster + items: + type: string + example: + - '1244' + - '1245' + serviceCount: + description: Number of services bound to a cluster + type: integer + format: int32 + default: 0 + example: 6 + ccId: + description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished' + type: string + default: '0' + example: '1533' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:remote-client:read' + - 'idn:remote-client:manage' + '/managed-clusters/{id}/log-config': + get: + tags: + - Managed Clusters + summary: Get managed cluster's log configuration + description: Get managed cluster's log configuration. + operationId: getClientLogConfiguration + parameters: + - name: id + in: path + description: ID of ManagedCluster to get log configuration for + required: true + style: simple + explode: false + schema: + type: string + example: aClusterId + responses: + '200': + description: Log configuration of ManagedCluster matching given cluster ID + content: + application/json: + schema: + description: Client Runtime Logging Configuration + nullable: true + type: object + required: + - durationMinutes + - rootLevel + properties: + clientId: + description: Log configuration's client ID + type: string + example: aClientId + durationMinutes: + description: Duration in minutes for log configuration to remain in effect before resetting to defaults + type: integer + format: int32 + example: 120 + minimum: 5 + maximum: 1440 + expiration: + description: Expiration date-time of the log configuration request + example: '2020-12-15T19:13:36.079Z' + type: string + format: date-time + rootLevel: + description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + default: INFO + example: TRACE + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + logLevels: + description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + example: + sailpoint.connector.ADLDAPConnector: TRACE + type: object + additionalProperties: + default: INFO + example: TRACE + description: Standard Log4j log level + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:remote-client:read' + - 'idn:remote-client:manage' + put: + tags: + - Managed Clusters + summary: Update managed cluster's log configuration + description: Update managed cluster's log configuration + operationId: putClientLogConfiguration + parameters: + - name: id + in: path + description: ID of ManagedCluster to update log configuration for + required: true + style: simple + explode: false + schema: + type: string + example: aClusterId + requestBody: + description: ClientLogConfiguration for given ManagedCluster + content: + application/json: + schema: + description: Client Runtime Logging Configuration + nullable: true + type: object + required: + - durationMinutes + - rootLevel + properties: + clientId: + description: Log configuration's client ID + type: string + example: aClientId + durationMinutes: + description: Duration in minutes for log configuration to remain in effect before resetting to defaults + type: integer + format: int32 + example: 120 + minimum: 5 + maximum: 1440 + expiration: + description: Expiration date-time of the log configuration request + example: '2020-12-15T19:13:36.079Z' + type: string + format: date-time + rootLevel: + description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + default: INFO + example: TRACE + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + logLevels: + description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + example: + sailpoint.connector.ADLDAPConnector: TRACE + type: object + additionalProperties: + default: INFO + example: TRACE + description: Standard Log4j log level + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + required: true + responses: + '200': + description: Responds with updated ClientLogConfiguration for given ManagedCluster + content: + application/json: + schema: + description: Client Runtime Logging Configuration + nullable: true + type: object + required: + - durationMinutes + - rootLevel + properties: + clientId: + description: Log configuration's client ID + type: string + example: aClientId + durationMinutes: + description: Duration in minutes for log configuration to remain in effect before resetting to defaults + type: integer + format: int32 + example: 120 + minimum: 5 + maximum: 1440 + expiration: + description: Expiration date-time of the log configuration request + example: '2020-12-15T19:13:36.079Z' + type: string + format: date-time + rootLevel: + description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + default: INFO + example: TRACE + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + logLevels: + description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + example: + sailpoint.connector.ADLDAPConnector: TRACE + type: object + additionalProperties: + default: INFO + example: TRACE + description: Standard Log4j log level + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:remote-client:manage' + /managed-clusters: + get: + tags: + - Managed Clusters + summary: Retrieve all Managed Clusters. + description: 'Retrieve all Managed Clusters for the current Org, based on request context.' + operationId: getManagedClusters + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filtering is supported for the following fields and operators: + + **operational**: *eq* + example: operational eq operation + responses: + '200': + description: Responds with a list of ManagedCluster. + content: + application/json: + schema: + type: array + items: + description: Managed Cluster + type: object + required: + - id + - clientType + - ccgVersion + properties: + id: + description: ManagedCluster ID + type: string + example: aClusterId + name: + description: ManagedCluster name + type: string + example: Managed Cluster Name + pod: + description: ManagedCluster pod + type: string + example: megapod-useast1 + org: + description: ManagedCluster org + type: string + example: denali + type: + description: The Type of Cluster + example: idn + nullable: false + type: string + enum: + - idn + - iai + configuration: + description: ManagedProcess configuration map + type: object + additionalProperties: + type: string + example: + clusterExternalId: externalId + ccgVersion: 77.0.0 + keyPair: + description: key pair for the ManagedCluster + type: object + properties: + publicKey: + nullable: true + description: ManagedCluster publicKey + type: string + example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----' + publicKeyThumbprint: + nullable: true + description: ManagedCluster publicKeyThumbprint + type: string + example: 6CMlaJIV44-xJxcB3CJBjDUUn54 + publicKeyCertificate: + nullable: true + description: ManagedCluster publicKeyCertificate + type: string + example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----' + attributes: + description: Specific Attributes for Configuring a ManagedCluster by Type + type: object + properties: + queue: + description: ManagedCluster keystore for sqsCluster type + type: object + properties: + name: + description: ManagedCluster queue name + type: string + example: megapod-useast1-denali-lwt-cluster-1533 + region: + description: ManagedCluster queue aws region + type: string + example: us-east-1 + keystore: + nullable: true + description: ManagedCluster keystore for spConnectCluster type + type: string + example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW + description: + description: ManagedCluster description + type: string + example: A short description of the managed cluster. + redis: + description: Redis configuration for the ManagedCluster + type: object + properties: + redisHost: + description: ManagedCluster redisHost + type: string + example: megapod-useast1-shared-redis.cloud.sailpoint.com + redisPort: + description: ManagedCluster redisPort + type: integer + format: int32 + example: 6379 + clientType: + description: type of client for the ManagedCluster + type: string + example: CCG + nullable: true + enum: + - CCG + - VA + - INTERNAL + - null + ccgVersion: + description: CCG version used by the ManagedCluster + type: string + example: v01 + pinnedConfig: + description: boolean flag indiacting whether or not the cluster configuration is pinned + type: boolean + default: false + example: false + logConfiguration: + description: client log configuration for the cluster + example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }' + nullable: true + type: object + required: + - durationMinutes + - rootLevel + properties: + clientId: + description: Log configuration's client ID + type: string + example: aClientId + durationMinutes: + description: Duration in minutes for log configuration to remain in effect before resetting to defaults + type: integer + format: int32 + example: 120 + minimum: 5 + maximum: 1440 + expiration: + description: Expiration date-time of the log configuration request + example: '2020-12-15T19:13:36.079Z' + type: string + format: date-time + rootLevel: + description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + default: INFO + example: TRACE + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + logLevels: + description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).' + example: + sailpoint.connector.ADLDAPConnector: TRACE + type: object + additionalProperties: + default: INFO + example: TRACE + description: Standard Log4j log level + type: string + enum: + - 'OFF' + - FATAL + - ERROR + - WARN + - INFO + - DEBUG + - TRACE + operational: + description: Whether or not the cluster is operational or not + type: boolean + default: false + example: false + status: + description: Cluster status + type: string + example: NORMAL + publicKeyCertificate: + nullable: true + description: Public key certificate + type: string + example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----' + publicKeyThumbprint: + nullable: true + description: Public key thumbprint + type: string + example: obc6pLiulGbtZ + publicKey: + nullable: true + description: Public key + type: string + example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----' + alertKey: + description: Key describing any immediate cluster alerts + type: string + example: LIMITED_RESOURCES + clientIds: + type: array + description: List of clients in a cluster + items: + type: string + example: + - '1244' + - '1245' + serviceCount: + description: Number of services bound to a cluster + type: integer + format: int32 + default: 0 + example: 6 + ccId: + description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished' + type: string + default: '0' + example: '1533' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:remote-client:read' + - 'idn:remote-client:manage' + /mail-from-attributes: + put: + security: + - oauth2: + - 'sp:notification-mail-from-attributes:write' + operationId: putMailFromAttributes + tags: + - Notifications + summary: Change MAIL FROM domain + description: Change the MAIL FROM domain of an AWS SES email identity and provide the MX and TXT records to be placed in the caller's DNS + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + identity: + type: string + example: BobSmith@sailpoint.com + description: The identity or domain address + mailFromDomain: + type: string + example: example.sailpoint.com + description: The new MAIL FROM domain of the identity. Must be a subdomain of the identity. + description: MAIL FROM attributes for a domain / identity + example: + identity: BobSmith@sailpoint.com + mailFromDomain: example.sailpoint.com + responses: + '200': + description: MAIL FROM Attributes required to verify the change + content: + application/json: + schema: + type: object + properties: + id: + type: string + example: BobSmith@sailpoint.com + description: The identity or domain address + mxRecord: + type: string + example: 10 feedback-smtp.us-east-1.amazonses.com + description: MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you + txtRecord: + type: string + example: 'v=spf1 include:amazonses.com ~all' + description: TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain + mailFromDomainStatus: + type: string + enum: + - PENDING + - SUCCESS + - FAILED + example: PENDING + description: The current status of the MAIL FROM verification + description: MAIL FROM attributes for a domain / identity + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/mail-from-attribute/{id}': + get: + security: + - oauth2: + - 'sp:notification-mail-from-attributes:read' + operationId: getMailFromAttributes + tags: + - Notifications + summary: Get MAIL FROM Attributes + description: Retrieve MAIL FROM attributes for a given AWS SES identity. + parameters: + - in: query + name: id + required: true + schema: + type: string + description: 'Returns the MX and TXT record to be put in your DNS, as well as the MAIL FROM domain status' + example: bobsmith@sailpoint.com + responses: + '200': + description: MAIL FROM Attributes object + content: + application/json: + schema: + type: object + properties: + id: + type: string + example: BobSmith@sailpoint.com + description: The identity or domain address + mxRecord: + type: string + example: 10 feedback-smtp.us-east-1.amazonses.com + description: MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you + txtRecord: + type: string + example: 'v=spf1 include:amazonses.com ~all' + description: TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain + mailFromDomainStatus: + type: string + enum: + - PENDING + - SUCCESS + - FAILED + example: PENDING + description: The current status of the MAIL FROM verification + description: MAIL FROM attributes for a domain / identity + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/mfa/{method}/config': + get: + operationId: getMFAConfig + tags: + - MFA Configuration + summary: Configuration of a MFA method + description: This API returns the configuration of a given MFA method. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:mfa-configuration:read' + - 'idn:mfa-configuration:manage' + parameters: + - in: path + name: method + schema: + type: string + example: okta-verify + required: true + description: The name of the MFA method. The currently supported method name is okta-verify. + responses: + '200': + description: MFA configuration of a given method. + content: + application/json: + schema: + type: object + properties: + enabled: + type: boolean + description: If MFA method is enabled. + host: + type: string + description: The server host name or IP address of the MFA provider. + example: example.com + accessKey: + type: string + description: The secret key for authenticating requests to the MFA provider. + identityAttribute: + type: string + description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider. + example: email + example: + enabled: true + host: www.example.com + accessKey: dk778Y3QlA5UqocYpdU3rEkzrK2D497y + identityAttribute: email + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: setMFAConfig + tags: + - MFA Configuration + summary: Set MFA method configuration + description: This API sets the configuration of a given MFA method. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:mfa-configuration:manage' + parameters: + - in: path + name: method + schema: + type: string + example: okta-verify + required: true + description: The name of the MFA method. The currently supported method name is okta-verify. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + enabled: + type: boolean + description: If MFA method is enabled. + host: + type: string + description: The server host name or IP address of the MFA provider. + example: example.com + accessKey: + type: string + description: The secret key for authenticating requests to the MFA provider. + identityAttribute: + type: string + description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider. + example: email + example: + enabled: true + host: www.example.com + accessKey: dk778Y3QlA5UqocYpdU3rEkzrK2D497y + identityAttribute: email + responses: + '200': + description: MFA configuration of a given method. + content: + application/json: + schema: + type: object + properties: + enabled: + type: boolean + description: If MFA method is enabled. + host: + type: string + description: The server host name or IP address of the MFA provider. + example: example.com + accessKey: + type: string + description: The secret key for authenticating requests to the MFA provider. + identityAttribute: + type: string + description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider. + example: email + example: + enabled: true + host: www.example.com + accessKey: dk778Y3QlA5UqocYpdU3rEkzrK2D497y + identityAttribute: email + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/mfa/{method}/test': + get: + operationId: testMFAConfig + tags: + - MFA Configuration + summary: MFA method's test configuration + description: |- + This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:mfa-configuration:read' + - 'idn:mfa-configuration:manage' + parameters: + - in: path + name: method + schema: + type: string + example: okta-verify + required: true + description: The name of the MFA method. The currently supported method name is okta-verify. + responses: + '200': + description: The result of configuration test for the MFA provider. + content: + application/json: + schema: + description: Response model for configuration test of a given MFA method + type: object + properties: + state: + type: string + enum: + - SUCCESS + - FAILED + description: The configuration test result. + example: SUCCESS + readOnly: true + error: + type: string + example: MFA Method is disabled. + description: The error message to indicate the failure of configuration test. + readOnly: true + example: + state: SUCCESS + error: null + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /notification-template-defaults: + get: + operationId: listNotificationTemplateDefaults + tags: + - Notifications + summary: List Notification Template Defaults + description: 'This lists the default templates used for notifications, such as emails from IdentityNow. Since this is a beta feature, it doesn''t include all the templates.' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **key**: *eq, in* + + **medium**: *eq* + + **locale**: *eq* + responses: + '200': + description: A list of the default template objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + key: + type: string + example: cloud_manual_work_item_summary + name: + type: string + example: Task Manager Subscription + medium: + type: string + description: The message medium. More mediums may be added in the future. + enum: + - EMAIL + - PHONE + - SMS + - SLACK + - TEAMS + example: EMAIL + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en + subject: + type: string + example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.' + header: + type: string + example: 'Dear $__recipient.name,' + body: + type: string + example: Please go to the task manager + footer: + type: string + example: 'Thanks, The $__global.productName Team' + from: + type: string + example: $__global.emailFromAddress + replyTo: + type: string + example: $__global.emailFromAddress + description: + type: string + example: Daily digest - sent if number of outstanding tasks for task owner > 0 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /notification-templates: + get: + operationId: listNotificationTemplates + tags: + - Notifications + summary: List Notification Templates + description: 'This lists the templates that you have modified for your site. Since this is a beta feature, it doesn''t include all your modified templates.' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **key**: *eq, in* + + **medium**: *eq* + + **locale**: *eq* + example: medium eq "EMAIL" + responses: + '200': + description: A list of template objects for your site + content: + application/json: + schema: + type: array + items: + type: object + properties: + key: + type: string + example: cloud_manual_work_item_summary + name: + type: string + example: Task Manager Subscription + medium: + type: string + description: The message medium. More mediums may be added in the future. + enum: + - EMAIL + - PHONE + - SMS + - SLACK + - TEAMS + example: EMAIL + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en + subject: + type: string + example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.' + header: + type: string + example: 'Dear $__recipient.name,' + body: + type: string + example: Please go to the task manager + footer: + type: string + example: 'Thanks, The $__global.productName Team' + from: + type: string + example: $__global.emailFromAddress + replyTo: + type: string + example: $__global.emailFromAddress + description: + type: string + example: Daily digest - sent if number of outstanding tasks for task owner > 0 + id: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + description: This is auto-generated. + created: + type: string + format: date-time + description: The time when this template is created. This is auto-generated. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this template was last modified. This is auto-generated. + example: '2020-01-01T00:00:00.000000Z' + required: + - key + - medium + - locale + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createNotificationTemplate + tags: + - Notifications + summary: Create Notification Template + description: |- + This creates a template for your site. + + You can also use this endpoint to update a template. First, copy the response body from the [get notification template endpoint](https://developer.sailpoint.com/idn/api/beta/get-notification-template) for a template you wish to update and paste it into the request body for this endpoint. Modify the fields you want to change and submit the POST request when ready. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + key: + type: string + example: cloud_manual_work_item_summary + name: + type: string + example: Task Manager Subscription + medium: + type: string + description: The message medium. More mediums may be added in the future. + enum: + - EMAIL + - PHONE + - SMS + - SLACK + - TEAMS + example: EMAIL + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en + subject: + type: string + example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.' + header: + type: string + example: 'Dear $__recipient.name,' + body: + type: string + example: Please go to the task manager + footer: + type: string + example: 'Thanks, The $__global.productName Team' + from: + type: string + example: $__global.emailFromAddress + replyTo: + type: string + example: $__global.emailFromAddress + description: + type: string + example: Daily digest - sent if number of outstanding tasks for task owner > 0 + id: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + description: This is auto-generated. + created: + type: string + format: date-time + description: The time when this template is created. This is auto-generated. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this template was last modified. This is auto-generated. + example: '2020-01-01T00:00:00.000000Z' + required: + - key + - medium + - locale + responses: + '200': + description: A template object for your site + content: + application/json: + schema: + type: object + properties: + key: + type: string + example: cloud_manual_work_item_summary + name: + type: string + example: Task Manager Subscription + medium: + type: string + description: The message medium. More mediums may be added in the future. + enum: + - EMAIL + - PHONE + - SMS + - SLACK + - TEAMS + example: EMAIL + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en + subject: + type: string + example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.' + header: + type: string + example: 'Dear $__recipient.name,' + body: + type: string + example: Please go to the task manager + footer: + type: string + example: 'Thanks, The $__global.productName Team' + from: + type: string + example: $__global.emailFromAddress + replyTo: + type: string + example: $__global.emailFromAddress + description: + type: string + example: Daily digest - sent if number of outstanding tasks for task owner > 0 + id: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + description: This is auto-generated. + created: + type: string + format: date-time + description: The time when this template is created. This is auto-generated. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this template was last modified. This is auto-generated. + example: '2020-01-01T00:00:00.000000Z' + required: + - key + - medium + - locale + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/notification-templates/{id}': + get: + operationId: getNotificationTemplate + tags: + - Notifications + summary: Get Notification Template By Id + description: This gets a template that you have modified for your site by Id. + parameters: + - name: id + in: path + description: Id of the Notification Template + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + responses: + '200': + description: A template object for your site + content: + application/json: + schema: + type: array + items: + type: object + properties: + key: + type: string + example: cloud_manual_work_item_summary + name: + type: string + example: Task Manager Subscription + medium: + type: string + description: The message medium. More mediums may be added in the future. + enum: + - EMAIL + - PHONE + - SMS + - SLACK + - TEAMS + example: EMAIL + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en + subject: + type: string + example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.' + header: + type: string + example: 'Dear $__recipient.name,' + body: + type: string + example: Please go to the task manager + footer: + type: string + example: 'Thanks, The $__global.productName Team' + from: + type: string + example: $__global.emailFromAddress + replyTo: + type: string + example: $__global.emailFromAddress + description: + type: string + example: Daily digest - sent if number of outstanding tasks for task owner > 0 + id: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + description: This is auto-generated. + created: + type: string + format: date-time + description: The time when this template is created. This is auto-generated. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this template was last modified. This is auto-generated. + example: '2020-01-01T00:00:00.000000Z' + required: + - key + - medium + - locale + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /notification-templates/bulk-delete: + post: + operationId: deleteNotificationTemplatesInBulk + tags: + - Notifications + summary: Bulk Delete Notification Templates + description: 'This lets you bulk delete templates that you previously created for your site. Since this is a beta feature, you can only delete a subset of your notifications, i.e. ones that show up in the list call.' + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + properties: + key: + type: string + example: cloud_manual_work_item_summary + medium: + type: string + enum: + - EMAIL + - PHONE + - SMS + example: EMAIL + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en + required: + - key + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /oauth-clients: + get: + operationId: listOauthClients + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: List OAuth Clients + description: This gets a list of OAuth clients. + parameters: + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **lastUsed**: *le, isnull* + example: 'lastUsed le 2023-02-05T10:59:27.214Z' + responses: + '200': + description: List of OAuth clients. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Create OAuth Client + description: This creates an OAuth client. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + nullable: true + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client. + example: + - 'http://localhost:12345' + - 'http://localhost:67890' + grantTypes: + type: array + nullable: true + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal within the product. + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: 'Scopes of the API Client. If no scope is specified, the client will be created with the default scope "sp:scopes:all". This means the API Client will have all the rights of the owner who created it.' + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - name + - description + - accessTokenValiditySeconds + - grantTypes + - accessType + - enabled + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + secret: + type: string + description: Secret of the OAuth client (This field is only returned on the intial create call.) + example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3 + businessName: + type: string + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - secret + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/oauth-clients/{id}': + get: + operationId: getOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + - 'sp:oauth-client:read' + tags: + - OAuth Clients + summary: Get OAuth Client + description: This gets details of an OAuth client. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Delete OAuth Client + description: This deletes an OAuth client. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Patch OAuth Client + description: |- + This performs a targeted update to the field(s) of an OAuth client. + Request will require a security scope of + - sp:oauth-client:manage + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * tenant + * businessName + * homepageUrl + * name + * description + * accessTokenValiditySeconds + * refreshTokenValiditySeconds + * redirectUris + * grantTypes + * accessType + * enabled + * strongAuthSupported + * claimsSupported + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /strongAuthSupported + value: true + - op: replace + path: /businessName + value: acme-solar + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the OAuth client''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /org-config: + get: + operationId: getOrgConfig + tags: + - Org Config + summary: Get Org configuration settings + security: + - oauth2: + - 'idn:org-configs:read' + - 'idn:org-configs:manage' + description: Get org configuration with only external (org admin) accessible properties for the current org. + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + description: DTO class for OrgConfig data accessible by customer external org admin ("ORG_ADMIN") users + properties: + orgName: + type: string + description: The name of the org. + example: acme-solar + timeZone: + type: string + description: The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones + example: America/Toronto + lcsChangeHonorsSourceEnableFeature: + type: boolean + description: Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org. + example: false + armCustomerId: + type: string + description: ARM Customer ID + nullable: true + example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E + armSapSystemIdMappings: + type: string + description: 'A list of IDN::sourceId to ARM::systemId mappings.' + nullable: true + example: + - sourceId: 2c91808c791a94e501792388b0d62659 + systemId: '1556' + - sourceId: 2_2c91808c791a94e501792388b0d62659 + systemId: '2_1556' + - sourceId: 3_2c91808c791a94e501792388b0d62659 + systemId: '3_1556' + armAuth: + type: string + description: ARM authentication string + nullable: true + example: epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag== + armDb: + type: string + description: ARM database name + nullable: true + example: EU + armSsoUrl: + type: string + description: ARM SSO URL + nullable: true + example: 'https://your-arm-sso-url' + iaiEnableCertificationRecommendations: + type: boolean + description: Flag to determine whether IAI Certification Recommendations are enabled for the current org + example: true + sodReportConfigs: + type: array + items: + type: object + properties: + columnName: + type: string + description: Name of column in report + example: SOD Business Name + required: + type: boolean + description: 'If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column''s definition.' + example: true + default: false + included: + type: boolean + description: 'If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true.' + example: false + default: false + order: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order. + example: 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchOrgConfig + tags: + - Org Config + summary: Patch an Org configuration property + security: + - oauth2: + - 'idn:org-configs:manage' + description: 'Patch configuration of the current org using http://jsonpatch.com/ syntax. Commonly used for changing the time zone of an org.' + requestBody: + description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /timeZone + value: America/Toronto + required: true + responses: + '200': + description: The Org was successfully patched. + content: + application/json: + schema: + type: object + description: DTO class for OrgConfig data accessible by customer external org admin ("ORG_ADMIN") users + properties: + orgName: + type: string + description: The name of the org. + example: acme-solar + timeZone: + type: string + description: The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones + example: America/Toronto + lcsChangeHonorsSourceEnableFeature: + type: boolean + description: Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org. + example: false + armCustomerId: + type: string + description: ARM Customer ID + nullable: true + example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E + armSapSystemIdMappings: + type: string + description: 'A list of IDN::sourceId to ARM::systemId mappings.' + nullable: true + example: + - sourceId: 2c91808c791a94e501792388b0d62659 + systemId: '1556' + - sourceId: 2_2c91808c791a94e501792388b0d62659 + systemId: '2_1556' + - sourceId: 3_2c91808c791a94e501792388b0d62659 + systemId: '3_1556' + armAuth: + type: string + description: ARM authentication string + nullable: true + example: epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag== + armDb: + type: string + description: ARM database name + nullable: true + example: EU + armSsoUrl: + type: string + description: ARM SSO URL + nullable: true + example: 'https://your-arm-sso-url' + iaiEnableCertificationRecommendations: + type: boolean + description: Flag to determine whether IAI Certification Recommendations are enabled for the current org + example: true + sodReportConfigs: + type: array + items: + type: object + properties: + columnName: + type: string + description: Name of column in report + example: SOD Business Name + required: + type: boolean + description: 'If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column''s definition.' + example: true + default: false + included: + type: boolean + description: 'If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true.' + example: false + default: false + order: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order. + example: 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /org-config/valid-time-zones: + get: + operationId: getValidTimeZones + tags: + - Org Config + summary: Get list of time zones + security: + - oauth2: + - 'idn:org-configs:read' + - 'idn:org-configs-user:read' + description: Get a list of valid time zones that can be set in org configurations. + responses: + '200': + description: Request successful + content: + application/json: + schema: + type: array + items: + type: string + example: + - Etc/GMT-6 + - Etc/GMT+8 + - EST + - America/Chicago + - America/Toronto + - Asia/Gaza + - Europe/Brussels + - Europe/Kiev + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /outlier-summaries: + get: + operationId: getIdentityOutlierSnapshots + tags: + - IAI Outliers + summary: IAI Identity Outliers Summary + description: |- + This API receives a summary containing: the number of identities that customer has, the number of outliers, and the type of outlier + Requires authorization scope of 'iai:outliers-management:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - name: type + in: query + description: Type of the identity outliers snapshot to filter on + required: false + schema: + type: string + enum: + - LOW_SIMILARITY + - STRUCTURAL + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + Filtering is supported for the following field and operators: + **snapshotDate**: *ge, le* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Sorting is supported for the following field: **snapshotDate** + example: snapshotDate + required: false + responses: + '200': + description: Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers + headers: + X-Total-Count: + description: The total result count. + schema: + type: integer + content: + application/json: + schema: + type: array + items: + type: object + properties: + type: + type: string + enum: + - LOW_SIMILARITY + - STRUCTURAL + description: The type of outlier summary + example: LOW_SIMILARITY + snapshotDate: + type: string + format: date-time + description: The date the bulk outlier detection ran/snapshot was created + example: '2021-05-01T18:40:35.772Z' + totalOutliers: + type: integer + description: Total number of outliers for the customer making the request + example: 50 + totalIdentities: + type: integer + description: Total number of identities for the customer making the request + example: 5000 + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /outlier-summaries/latest: + get: + operationId: getLatestIdentityOutlierSnapshots + tags: + - IAI Outliers + summary: IAI Identity Outliers Latest Summary + description: |- + This API returns a most recent snapshot of each outlier type, each containing: the number of identities that customer has, the number of outliers, and the type of outlier + Requires authorization scope of 'iai:outliers-management:read' + parameters: + - name: type + in: query + description: Type of the identity outliers snapshot to filter on + required: false + schema: + type: string + enum: + - LOW_SIMILARITY + - STRUCTURAL + responses: + '200': + description: Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers + content: + application/json: + schema: + type: array + items: + type: object + properties: + type: + type: string + enum: + - LOW_SIMILARITY + - STRUCTURAL + description: The type of outlier summary + example: LOW_SIMILARITY + snapshotDate: + type: string + format: date-time + description: The date the bulk outlier detection ran/snapshot was created + example: '2021-05-01T18:40:35.772Z' + totalOutliers: + type: integer + description: Total number of outliers for the customer making the request + example: 50 + totalIdentities: + type: integer + description: Total number of identities for the customer making the request + example: 5000 + totalIgnored: + type: integer + description: Total number of ignored outliers + example: 10 + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /outliers: + get: + operationId: getIdentityOutliers + tags: + - IAI Outliers + summary: IAI Get Identity Outliers + description: |- + This API receives a list of outliers, containing data such as: identityId, outlier type, detection dates, identity attributes, if identity is ignore, and certification information + Requires authorization scope of 'iai:outliers-management:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: type + in: query + description: Type of the identity outliers snapshot to filter on + required: false + schema: + type: string + enum: + - LOW_SIMILARITY + - STRUCTURAL + example: LOW_SIMILARITY + - in: query + name: filters + required: false + schema: + type: string + example: attributes.displayName sw "John" and certStatus eq "false" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following Entitlement fields and operators: + **attributes**: *eq, sw, co, in* + + **firstDetectionDate**: *ge, le* + + **certStatus**: *eq* + + **ignored**: *eq* + + **score**: *ge, le* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'attributes.displayName,firstDetectionDate,-score' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Sorting is supported for the following fields: **firstDetectionDate, attributes, score** + responses: + '200': + description: Succeeded. Returns list of objects. Each object contains information about outliers + headers: + X-Total-Count: + description: The total result count. + schema: + type: integer + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The identity's unique identifier for the outlier record + example: 5be33d3e-c54d-4ed7-af73-2380543e8283 + identityId: + type: string + description: The ID of the identity that is detected as an outlier + example: 5be33d3e-c54d-4ed7-af73-2380543e8283 + type: + type: string + enum: + - LOW_SIMILARITY + - STRUCTURAL + description: The type of outlier summary + example: LOW_SIMILARITY + firstDetectionDate: + type: string + format: date-time + description: The first date the outlier was detected + example: '2021-05-01T18:40:35.772Z' + latestDetectionDate: + type: string + format: date-time + description: The most recent date the outlier was detected + example: '2021-05-03T18:40:35.772Z' + ignored: + type: boolean + description: Flag whether or not the outlier has been ignored + example: false + attributes: + type: object + description: Object containing mapped identity attributes + example: + displayName: John Smith + jobTitle: Software Engineer + department: Engineering + score: + type: number + format: float + description: The outlier score determined by the detection engine ranging from 0..1 + example: 0.92 + unignoreType: + type: string + enum: + - MANUAL + - AUTOMATIC + description: Enum value of if the outlier manually or automatically un-ignored. Will be NULL if outlier is not ignored + example: MANUAL + unignoreDate: + type: string + format: date-time + description: shows date when last time has been unignored outlier + example: '2021-06-01T18:40:35.772Z' + ignoreDate: + type: string + format: date-time + description: shows date when last time has been ignored outlier + example: '2021-06-01T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/outliers/{outlierId}/contributing-features': + get: + operationId: getPeerGroupOutliersContributingFeatures + tags: + - IAI Outliers + summary: Get identity outlier's contibuting features + description: |- + This API returns a list of contributing feature objects for a single outlier. The object contains: feature name, feature value type, value, importance, display name (translated text or message key), description (translated text or message key), translation messages object + Requires authorization scope of 'iai:outliers-management:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: include-translation-messages + in: query + description: Whether or not to include translation messages object in returned response + required: false + schema: + type: string + example: include-translation-messages= + - in: path + example: 2c918085842e69ae018432d22ccb212f + name: outlierId + schema: + type: string + required: true + description: The outlier id + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: importance + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Sorting is supported for the following fields: **importance** + responses: + '200': + description: Succeeded. Returns list of objects. Each object contains a feature and metadata about that feature + headers: + X-Total-Count: + description: The total result count. + schema: + type: integer + accept-language: + description: The locale to use for translations for displayName and description text + schema: + type: string + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the feature + example: entitlement_count + valueType: + type: string + enum: + - INTEGER + - FLOAT + description: The data type of the value field + example: INTEGER + value: + oneOf: + - type: number + format: float + minimum: 0 + maximum: 1 + - type: integer + format: int64 + description: The feature value + example: 0.92 + importance: + type: number + format: float + description: The importance of the feature. This can also be a negative value + minimum: -1 + maximum: 1 + example: -0.15 + displayName: + type: string + description: The (translated if header is passed) displayName for the feature + example: Number of entitlements + description: + type: string + description: The (translated if header is passed) description for the feature + example: The total number of entitlements belonging to an identity + translationMessages: + type: object + properties: + displayName: + properties: + key: + type: string + description: The key of the translation message + example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH + values: + type: array + description: The values corresponding to the translation messages + items: + type: string + example: + - '75' + - department + description: + properties: + key: + type: string + description: The key of the translation message + example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH + values: + type: array + description: The values corresponding to the translation messages + items: + type: string + example: + - '75' + - department + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /outliers/ignore: + post: + operationId: ignoreIdentityOutliers + tags: + - IAI Outliers + summary: IAI Identity Outliers Ignore + description: |- + This API receives a list of IdentityIDs in the request, changes the outliers to be ignored--returning a 204 if successful. + Requires authorization scope of 'iai:outliers-management:update' + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: string + description: List of identity IDs to ignore from outlier listing + example: + - abc123def456 + - ghi789jkl012 + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /outliers/unignore: + post: + operationId: unIgnoreIdentityOutliers + tags: + - IAI Outliers + summary: IAI Identity Outliers Unignore + description: |- + This API receives a list of IdentityIDs in the request, changes the outliers to be un-ignored--returning a 204 if successful. + Requires authorization scope of 'iai:outliers-management:update' + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: string + description: List of identity IDs to un-ignore from outlier listing + example: + - abc123def456 + - ghi789jkl012 + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /outliers/export: + get: + operationId: exportOutliersZip + tags: + - IAI Outliers + summary: IAI Identity Outliers Export + description: |- + This API exports a list of ignored outliers to a CSV as well as list of non-ignored outliers to a CSV. These two CSVs will be zipped and exported Columns will include: identityID, type, firstDetectionDate, latestDetectionDate, ignored, & attributes (defined set of identity attributes) + Requires authorization scope of 'iai:outliers-management:read' + parameters: + - name: type + in: query + description: Type of the identity outliers snapshot to filter on + required: false + schema: + type: string + enum: + - LOW_SIMILARITY + - STRUCTURAL + responses: + '200': + description: Succeeded. Returns zip of 2 CSVs to download. 1 CSV for ignored outliers and 1 for non-ignored outliers + content: + application/zip: + schema: + type: string + format: binary + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /password-dictionary: + get: + operationId: getPasswordDictionary + tags: + - Password Dictionary + summary: Get Password Dictionary + description: |- + This gets password dictionary for the organization. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-dictionary-management:read' + responses: + '200': + description: |- + + The password dictionary file can contain lines that are: + 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing + 2. empty lines + 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines + 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; + maximum length of the line is 128 Unicode codepoints + + + Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). + Password dict file must contain UTF-8 characters only. + + # Sample password text file + + ``` + + # Password dictionary small test file + + locale=en_US + + # Password dictionary prohibited words + + qwerty + abcd + aaaaa + password + qazxsws + + ``` + content: + text/plain: + schema: + type: string + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePasswordDictionary + tags: + - Password Dictionary + summary: Update Password Dictionary + description: |- + This updates password dictionary for the organization. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-dictionary:manage' + requestBody: + required: true + description: |- + + The password dictionary file can contain lines that are: + 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing + 2. empty lines + 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines + 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; + maximum length of the line is 128 Unicode codepoints + + + Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). + Password dict file must contain UTF-8 characters only. + + # Sample password text file + + ``` + + # Password dictionary small test file + + locale=en_US + + # Password dictionary prohibited words + + qwerty + abcd + aaaaa + password + qazxsws + + ``` + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Successfully updated. + '201': + description: Created. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /query-password-info: + post: + operationId: queryPasswordInfo + tags: + - Password Management + summary: Query Password Info + description: | + This API is used to query password related information. + + A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) + is required to call this API. "API authority" refers to a token that only has the "client_credentials" + grant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) + or a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) + grant type will **NOT** work on this endpoint, and a `403 Forbidden` response + will be returned. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + userName: + type: string + description: The login name of the user + example: Abby.Smith + sourceName: + type: string + description: The display name of the source + example: My-AD + example: + userName: Abby.Smith + sourceName: My-AD + responses: + '200': + description: Reference to the password info. + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + example: 2c918085744fec4301746f9a5bce4605 + sourceId: + type: string + example: 2c918083746f642c01746f990884012a + publicKeyId: + type: string + example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh + publicKey: + type: string + description: User's public key with Base64 encoding + example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB + accounts: + type: array + description: Account info related to queried identity and source + items: + type: object + properties: + accountId: + type: string + description: 'Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350' + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + accountName: + type: string + description: 'Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008' + example: Abby.Smith + policies: + type: array + description: Password constraints + items: + type: string + example: + - passwordRepeatedChar is 3 + - passwordMinAlpha is 1 + - passwordMinLength is 5 + - passwordMinNumeric is 1 + example: + identityId: 2c918085744fec4301746f9a5bce4611 + sourceId: 2c918083746f642c01746f9908840111 + publicKeyId: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVA + publicKey: AIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB + accounts: + - accountId: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + accountName: Abby.Smith + policies: + - passwordRepeatedChar is 3 + - passwordMinAlpha is 1 + - passwordMinLength is 5 + - passwordMinNumeric is 1 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /set-password: + post: + operationId: setIdentityPassword + tags: + - Password Management + summary: Set Identity's Password + description: | + This API is used to set a password for an identity. + + An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow). + + A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. + "API authority" refers to a token that only has the "client_credentials" grant type. + + You can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey). + To do so, follow these steps: + + 1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`. + + 2. Choose an account from the previous response that you will provide as an `accountId` in your request to set an encrypted password. + + 3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password: + + ```java + import javax.crypto.Cipher; + import java.security.KeyFactory; + import java.security.PublicKey; + import java.security.spec.X509EncodedKeySpec; + import java util.Base64; + + String encrypt(String publicKey, String toEncrypt) throws Exception { + byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey); + byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes("UTF-8")); + return Base64.getEncoder().encodeToString(encryptedBytes); + } + + private byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception { + PublicKey key = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(publicKeyBytes)); + String transformation = "RSA/ECB/PKCS1Padding"; + Cipher cipher = Cipher.getInstance(transformation); + cipher.init(1, key); + return cipher.doFinal(toEncryptBytes); + } + ``` + + In this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent. + + You can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + description: The identity ID that requested the password change + example: 8a807d4c73c545510173c545f0a002ff + encryptedPassword: + type: string + description: The RSA encrypted password + example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A== + publicKeyId: + type: string + description: The encryption key ID + example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2 + accountId: + type: string + description: 'Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350' + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + sourceId: + type: string + description: The ID of the source for which identity is requesting the password change + example: 8a807d4c73c545510173c545d4b60246 + example: + identityId: 8a807d4c73c545510173c545f0a002ff + encryptedPassword: GIAP7TaAg7Y2EJtFojokBDvHQ/iXF3qk0z0+eLusqXMSkEhAfr34GydFLy+BM2uZB94cwbTYKi9rRrCRRdh8610VeqpRDjhuc28nOPYqTJOx09IGJdr8dl4mbhC1f21JCqMBBrFSA4VQQvd6OMVsceoXTjDI0aKahRYNjlMlsOuaIUZeNQxWBydLuR6vYG3qAKEPCzYZbvyYuBUylUWArfqwV4dgwKGDgDkTLBkQU9LVu3rssc+BXaex6l6JcBDiPg7wvKD1G3lZ+BaGrMknbx3j0T2Uivg+HxwTf7PmtAua6O9M7F984c79KM+sYFTU37MAdlWZu/cy+w2DdHVdCg== + publicKeyId: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2 + accountId: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + sourceId: 8a807d4c73c545510173c545d4b60246 + responses: + '202': + description: Reference to the password change. + content: + application/json: + schema: + type: object + properties: + requestId: + type: string + nullable: true + description: The password change request ID + example: 089899f13a8f4da7824996191587bab9 + state: + type: string + enum: + - IN_PROGRESS + - FINISHED + - FAILED + description: Password change state + examples: + Password change is in progress: + value: + state: IN_PROGRESS + requestId: 089899f13a8f4da7824996191587bab9 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/password-change-status/{id}': + get: + operationId: getIdentityPasswordChangeStatus + tags: + - Password Management + summary: Get Password Change Request Status + description: This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + responses: + '200': + description: Status of the password change request + content: + application/json: + schema: + type: object + properties: + requestId: + type: string + nullable: true + description: The password change request ID + example: 089899f13a8f4da7824996191587bab9 + state: + type: string + enum: + - IN_PROGRESS + - FINISHED + - FAILED + description: Password change state + errors: + type: array + items: + type: string + description: The errors during the password change request + sourceIds: + type: array + items: + type: string + description: List of source IDs in the password change request + example: + status: IN_PROCESS + reqeustId: 089899f13a8f4da7824996191587bab9 + error: null + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /password-sync-groups: + get: + operationId: getPasswordSyncGroups + tags: + - Password Sync Groups + summary: Get Password Sync Group List + description: This API returns a list of password sync groups. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: A list of password sync groups. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createPasswordSyncGroup + tags: + - Password Sync Groups + summary: Create Password Sync Group + description: This API creates a password sync group based on the specifications provided. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:write' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + name: Password Sync Group 2 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + responses: + '200': + description: Reference to the password sync group. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: Password Sync Group 2 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/password-sync-groups/{id}': + get: + operationId: getPasswordSyncGroup + tags: + - Password Sync Groups + summary: Get Password Sync Group by ID + description: This API returns the sync group for the specified ID. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:read' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of password sync group to retrieve. + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + responses: + '200': + description: Reference to the password sync group. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: Password Sync Group 1 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePasswordSyncGroup + tags: + - Password Sync Groups + summary: Update Password Sync Group by ID + description: This API updates the specified password sync group. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:write' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of password sync group to update. + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: Password Sync Group 2 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + responses: + '200': + description: Reference to the password sync group. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: Password Sync Group 2 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deletePasswordSyncGroup + tags: + - Password Sync Groups + summary: Delete Password Sync Group by ID + description: This API deletes the specified password sync group. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:write' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of password sync group to delete. + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /password-org-config: + get: + operationId: getPasswordOrgConfig + tags: + - Password Configuration + summary: Get Password Org Config + description: 'This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:read''' + security: + - oauth2: + - 'idn:password-org-config:read' + responses: + '200': + description: Reference to the password org config. + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + customInstructionsEnabled: true + digitTokenDurationMinutes: 9 + digitTokenEnabled: false + digitTokenLength: 6 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePasswordOrgConfig + tags: + - Password Configuration + summary: Update Password Org Config + description: 'This API updates the password org config for specified fields. Other fields will keep original value. Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:write''' + security: + - oauth2: + - 'idn:password-org-config:write' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + digitTokenEnabled: true + digitTokenDurationMinutes: 12 + responses: + '200': + description: Reference to the password org config. + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + customInstructionsEnabled: true + digitTokenDurationMinutes: 12 + digitTokenEnabled: true + digitTokenLength: 6 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createPasswordOrgConfig + tags: + - Password Configuration + summary: Create Password Org Config + description: 'This API creates the password org config. Unspecified fields will use default value. Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:write''' + security: + - oauth2: + - 'idn:password-org-config:write' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + customInstructionsEnabled: true + digitTokenEnabled: true + digitTokenDurationMinutes: 12 + digitTokenLength: 9 + responses: + '200': + description: Reference to the password org config. + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + customInstructionsEnabled: true + digitTokenDurationMinutes: 9 + digitTokenEnabled: true + digitTokenLength: 12 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/peer-group-strategies/{strategy}/identity-outliers': + get: + operationId: getPeerGroupOutliers + tags: + - IAI Peer Group Strategies + summary: Identity Outliers List + deprecated: true + description: '-- Deprecated : See ''IAI Outliers'' This API will be used by Identity Governance systems to identify identities that are not included in an organization''s peer groups. By default, 250 identities are returned. You can specify between 1 and 1000 number of identities that can be returned.' + parameters: + - in: path + name: strategy + schema: + type: string + required: true + description: 'The strategy used to create peer groups. Currently, ''entitlement'' is supported.' + example: entitlement + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of identities that are not included in peer groups. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: A unique identifier for the peer group member. + type: + type: string + description: The type of the peer group member. + peer_group_id: + type: string + description: The ID of the peer group. + attributes: + type: object + additionalProperties: + type: object + description: 'Arbitrary key-value pairs, belonging to the peer group member.' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: [] + /personal-access-tokens: + get: + operationId: listPersonalAccessTokens + security: + - oauth2: + - 'sp:my-personal-access-tokens:read' + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:read' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: List Personal Access Tokens + description: 'This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the ''idn:all-personal-access-tokens:read'' right.' + parameters: + - in: query + name: owner-id + description: |- + The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read' + If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. + If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read' + required: false + schema: + type: string + default: null + example: 2c9180867b50d088017b554662fb281e + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **lastUsed**: *le, isnull* + example: 'lastUsed le 2023-02-05T10:59:27.214Z' + responses: + '200': + description: List of personal access tokens. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - name + - scope + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createPersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Create Personal Access Token + description: This creates a personal access token. + requestBody: + description: Name and scope of personal access token. + required: true + content: + application/json: + schema: + type: object + description: Object for specifying the name of a personal access token to create + properties: + name: + type: string + description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: 'Scopes of the personal access token. If no scope is specified, the token will be created with the default scope "sp:scopes:all". This means the personal access token will have all the rights of the owner who created it.' + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + required: + - name + responses: + '200': + description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + secret: + type: string + description: The secret of the personal access token (to be used as the password for Basic Auth). + example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9 + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - secret + - scope + - name + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/personal-access-tokens/{id}': + patch: + operationId: patchPersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Patch Personal Access Token + description: This performs a targeted update to the field(s) of a Personal Access Token. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Personal Access Token id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * name + * scope + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: New name + - op: replace + path: /scope + value: + - 'sp:scopes:all' + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the PAT''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - name + - scope + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deletePersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Delete Personal Access Token + description: This deletes a personal access token. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The personal access token id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /public-identities-config: + get: + operationId: getPublicIdentityConfig + tags: + - Public Identities Config + summary: Get Public Identity Config + description: This gets details of public identity config. + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org + properties: + attributes: + type: array + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: the key of the attribute + example: country + name: + type: string + description: the display name of the attribute + example: Country + modifiedBy: + type: object + nullable: true + description: The manager for the identity. + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + modified: + type: string + description: the date/time of the modification + format: date-time + example: '2018-06-25T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePublicIdentityConfig + tags: + - Public Identities Config + summary: Update Public Identity Config + description: This updates the details of public identity config. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org + properties: + attributes: + type: array + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: the key of the attribute + example: country + name: + type: string + description: the display name of the attribute + example: Country + modifiedBy: + type: object + nullable: true + description: The manager for the identity. + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + modified: + type: string + description: the date/time of the modification + format: date-time + example: '2018-06-25T20:22:28.104Z' + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org + properties: + attributes: + type: array + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: the key of the attribute + example: country + name: + type: string + description: the display name of the attribute + example: Country + modifiedBy: + type: object + nullable: true + description: The manager for the identity. + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + modified: + type: string + description: the date/time of the modification + format: date-time + example: '2018-06-25T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /notification-template-context: + get: + operationId: getNotificationsTemplateContext + tags: + - Notifications + summary: Get Notification Template Context + description: |- + The notification service (Hermes) maintains metadata to construct the notification templates or supply any information during the event propagation. The data-store where this information is retrieved is called "Global Context" (a.k.a. notification template context). It defines a set of attributes + that will be available per tenant (organization). + + Regarding authorization, the access token contains the tenant and will grant access to the one requested. + Requires the following security scope: idn:notification-templates:read + responses: + '200': + description: Notification template context attributes for a specific tenant. + content: + application/json: + schema: + type: array + items: + type: object + properties: + attributes: + type: object + description: A JSON object that stores the context. + example: + productUrl: 'https://test-org.identitysoon.com' + brandingConfigs: + default: + narrowLogoURL: null + productName: SailPoint + standardLogoURL: null + navigationColor: 011E64 + actionButtonColor: 20B2DE + emailFromAddress: null + activeLinkColor: 20B2DE + loginInformationalMessage: null + created: + type: string + description: When the global context was created + format: date-time + example: '2020-04-15T16:16:47.525Z' + modified: + type: string + description: When the global context was last modified + format: date-time + example: '2020-04-15T16:16:47.525Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/notification-preferences/{key}': + get: + operationId: getNotificationPreference + tags: + - Notifications + summary: Get Notification Preferences for tenant. + description: |- + Returns the notification preferences for tenant. Note that if the key doesn't exist, then a 404 will be returned. + Request will require the following legacy roles: ORG_ADMIN and API + parameters: + - in: path + name: key + required: true + schema: + type: string + description: The notification key. + responses: + '200': + description: Return preference for the given notification key. + content: + application/json: + schema: + type: object + description: Maps an Identity's attribute key to a list of preferred notification mediums. + properties: + key: + type: string + description: The template notification key. + example: cloud_manual_work_item_summary + mediums: + type: array + description: 'List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future.' + items: + type: string + enum: + - EMAIL + - SMS + - PHONE + - SLACK + - TEAMS + example: + - EMAIL + modified: + type: string + description: Modified date of preference + format: date-time + example: '2020-05-15T14:37:06.909Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + put: + operationId: putNotificationPreference + tags: + - Notifications + summary: Overwrite the preferences for the given notification key. + description: |- + In the notification world, a notification flows through these salient stages - + 1. Interest matching, + 2. Preferences + 3. Template Rendering. + + The default notification preferences make up a part of the second stage, along with user preferences (which is a future goal). The expectation is for admins to be able to set default preferences for their org, like opting in to or out of certain notifications, and configuring future preferences as we tack on more features. The key in the Dto is not necessary but if it is provided and doesn't match the key in the URI, then a 400 will be thrown. + Request will require the following legacy roles: ORG_ADMIN and API + parameters: + - in: path + name: key + required: true + schema: + type: string + description: The notification key. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Maps an Identity's attribute key to a list of preferred notification mediums. + properties: + key: + type: string + description: The template notification key. + example: cloud_manual_work_item_summary + mediums: + type: array + description: 'List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future.' + items: + type: string + enum: + - EMAIL + - SMS + - PHONE + - SLACK + - TEAMS + example: + - EMAIL + modified: + type: string + description: Modified date of preference + format: date-time + example: '2020-05-15T14:37:06.909Z' + responses: + '200': + description: 'The preferences were successfully replaced, and an echo of the new preferences are sent back to caller.' + content: + application/json: + schema: + type: object + description: Maps an Identity's attribute key to a list of preferred notification mediums. + properties: + key: + type: string + description: The template notification key. + example: cloud_manual_work_item_summary + mediums: + type: array + description: 'List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future.' + items: + type: string + enum: + - EMAIL + - SMS + - PHONE + - SLACK + - TEAMS + example: + - EMAIL + modified: + type: string + description: Modified date of preference + format: date-time + example: '2020-05-15T14:37:06.909Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + /recommendations/request: + post: + operationId: getRecommendations + summary: Returns a Recommendation Based on Object + tags: + - IAI Recommendations + description: The getRecommendations API returns recommendations based on the requested object. The recommendations are invoked by IdentityIQ and IdentityNow plug-ins that retrieve recommendations based on the performed calculations. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + requests: + type: array + items: + description: List of requests to retrieve recommendations + type: object + properties: + identityId: + type: string + description: The identity ID + example: 2c938083633d259901633d25c68c00fa + item: + type: object + properties: + id: + type: string + description: The ID of the access item for which to retrieve the recommendation + example: 2c938083633d259901633d2623ec0375 + type: + type: string + example: ENTITLEMENT + description: The type of the access item. + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + excludeInterpretations: + type: boolean + description: Exclude interpretations in the response if "true". Return interpretations in the response if this attribute is not specified. + default: 'false' + example: 'false' + includeTranslationMessages: + type: boolean + description: 'When set to true, the calling system uses the translated messages for the specified language' + default: 'false' + example: 'false' + includeDebugInformation: + type: boolean + description: Returns the recommender calculations if set to true + default: 'false' + example: 'true' + prescribeMode: + type: boolean + description: 'When set to true, uses prescribedRulesRecommenderConfig to get identity attributes and peer group threshold instead of standard config.' + default: 'false' + example: 'false' + responses: + '200': + description: The recommendations for a customer + content: + application/json: + schema: + type: object + properties: + response: + type: array + items: + type: object + properties: + request: + type: object + properties: + identityId: + type: string + description: The identity ID + example: 2c938083633d259901633d25c68c00fa + item: + type: object + properties: + id: + type: string + description: The ID of the access item for which to retrieve the recommendation + example: 2c938083633d259901633d2623ec0375 + type: + type: string + example: ENTITLEMENT + description: The type of the access item. + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + recommendation: + type: string + example: 'YES' + description: 'The recommendation - YES if the access is recommended, NO if not recommended, MAYBE if there is not enough information to make a recommendation, NOT_FOUND if the identity is not found in the system' + enum: + - 'YES' + - 'NO' + - MAYBE + - NOT_FOUND + interpretations: + type: array + items: + type: string + description: 'The list of interpretations explaining the recommendation. The array is empty if includeInterpretations is false or not present in the request. e.g. - [ "Not approved in the last 6 months." ]. Interpretations will be translated using the client''s locale as found in the Accept-Language header. If a translation for the client''s locale cannot be found, the US English translation will be returned.' + example: + - 75% of identities with the same department have this access. This information had a high impact on the overall score. + - 67% of identities with the same peer group have this access. This information had a low impact on the overall score. + - 42% of identities with the same location have this access. This information had a low impact on the overall score. + translationMessages: + type: array + example: + - key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH + values: + - '75' + - department + items: + properties: + key: + type: string + description: The key of the translation message + example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH + values: + type: array + description: The values corresponding to the translation messages + items: + type: string + example: + - '75' + - department + description: 'The list of translation messages, if they have been requested.' + recommenderCalculations: + description: The calcuations performed behind the scenes that provide recommendations to the user. + properties: + identityId: + type: string + description: The ID of the identity + example: 2c91808457d8f3ab0157e3e62cb4213c + entitlementId: + type: string + description: The entitlement ID + example: 2c91809050db617d0150e0bf3215385e + recommendation: + type: string + description: The actual recommendation + example: 'YES' + overallWeightedScore: + type: number + description: The overall weighted score + featureWeightedScores: + type: object + description: The weighted score of each individual feature + additionalProperties: + type: number + threshold: + type: number + description: The configured value against which the overallWeightedScore is compared + identityAttributes: + type: object + description: The values for your configured features + additionalProperties: + type: object + properties: + value: + type: string + featureValues: + description: The feature details + type: object + properties: + feature: + type: string + description: The type of feature + example: department + numerator: + type: integer + format: int32 + example: 14 + description: The number of identities that have access to the feature + denominator: + type: integer + format: int32 + example: 14 + description: The number of identities with the corresponding feature + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: [] + /recommendations/config: + get: + operationId: getRecommendationsConfig + summary: Get certification recommendation config values + tags: + - IAI Recommendations + description: Retrieves configuration attributes used by certification recommendations. + responses: + '200': + description: Cert recommendation configuration attributes + content: + application/json: + schema: + type: object + properties: + recommenderFeatures: + type: array + items: + type: string + description: List of identity attributes to use for calculating certification recommendations + example: + - jobTitle + - location + - peer_group + - department + - active + peerGroupPercentageThreshold: + type: number + description: The percent value that the recommendation calculation must surpass to produce a YES recommendation + minimum: 0 + maximum: 1 + example: 0.5 + forceRefresh: + type: boolean + description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run' + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: [] + put: + operationId: updateRecommendationsConfig + summary: Update certification recommendation config values + tags: + - IAI Recommendations + description: Updates configuration attributes used by certification recommendations. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + recommenderFeatures: + type: array + items: + type: string + description: List of identity attributes to use for calculating certification recommendations + example: + - jobTitle + - location + - peer_group + - department + - active + peerGroupPercentageThreshold: + type: number + description: The percent value that the recommendation calculation must surpass to produce a YES recommendation + minimum: 0 + maximum: 1 + example: 0.5 + forceRefresh: + type: boolean + description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run' + example: false + responses: + '200': + description: Cert recommendation configuration attributes after update + content: + application/json: + schema: + type: object + properties: + recommenderFeatures: + type: array + items: + type: string + description: List of identity attributes to use for calculating certification recommendations + example: + - jobTitle + - location + - peer_group + - department + - active + peerGroupPercentageThreshold: + type: number + description: The percent value that the recommendation calculation must surpass to produce a YES recommendation + minimum: 0 + maximum: 1 + example: 0.5 + forceRefresh: + type: boolean + description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run' + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: [] + /requestable-objects: + get: + operationId: listRequestableObjects + tags: + - Requestable Objects + summary: Requestable Objects List + description: |- + This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param. + Any authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity. + parameters: + - in: query + name: identity-id + required: false + schema: + type: string + example: e7eab60924f64aa284175b9fa3309599 + description: |- + If present, the value returns only requestable objects for the specified identity. + * Admin users can call this with any identity ID value. + * Non-admin users can only specify *me* or pass their own identity ID value. + * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result. + - in: query + name: types + description: 'Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.' + required: false + schema: + type: array + items: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + example: 'ROLE,ACCESS_PROFILE' + explode: false + - in: query + name: term + required: false + schema: + type: string + example: Finance Role + description: 'It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.' + - in: query + name: statuses + description: 'Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.' + required: false + schema: + type: array + items: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + explode: false + example: + - ASSIGNED + - PENDING + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: name sw "bob" + description: | + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, in, sw* + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + required: false + example: name + description: | + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + responses: + '200': + description: List of requestable objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Id of the requestable object itself + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Human-readable display name of the requestable object + example: Applied Research Access + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: The time when the requestable object was created + modified: + nullable: true + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: The time when the requestable object was last modified + description: + type: string + description: Description of the requestable object. + example: 'Access to research information, lab results, and schematics.' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + requestStatus: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + identityRequestId: + type: string + description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.' + nullable: true + example: null + ownerRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + requestCommentsRequired: + type: boolean + description: Whether the requester must provide comments when requesting the object. + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /role-insights/requests: + post: + operationId: createRoleInsightRequests + summary: A request to generate insights for roles + tags: + - Role Insights + description: This submits a create role insights request to the role insights application. At this time there are no parameters. All business roles will be processed for the customer. + responses: + '201': + description: Submitted a role insights generation request + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Request Id for a role insight generation request + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + createdDate: + type: string + format: date-time + description: The date-time role insights request was created. + example: '2020-09-16T18:49:32.150Z' + lastGenerated: + type: string + format: date-time + description: The date-time role insights request was completed. + example: '2020-09-16T18:50:12.150Z' + numberOfUpdates: + type: integer + description: Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED. + example: 0 + roleIds: + description: The role IDs that are in this request. + type: array + items: + type: string + status: + type: string + description: Request status + enum: + - CREATED + - IN PROGRESS + - COMPLETED + - FAILED + example: + id: c9aa02f7-86b0-4bc4-84bd-3116a6131e77 + createdDate: '2020-09-16T18:49:32.150Z' + lastGenerated: '2020-09-16T18:49:32.150Z' + numberOfUpdates: 0 + roleIds: + - 2c91808e720e94f8017253287c0a44f4 + - 2c918087723ac2800172532191540e03 + - 2c9180986e4c8592016e6b15eaef447c + status: CREATED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-insights/requests/{id}': + get: + operationId: getRoleInsightsRequests + summary: Returns the metadata for a request in order to generate insights for roles. + tags: + - Role Insights + description: This endpoint returns details of a prior request. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The role insights request id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + responses: + '200': + description: Succeeded. Returns details of an earlier role insights request. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Request Id for a role insight generation request + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + createdDate: + type: string + format: date-time + description: The date-time role insights request was created. + example: '2020-09-16T18:49:32.150Z' + lastGenerated: + type: string + format: date-time + description: The date-time role insights request was completed. + example: '2020-09-16T18:50:12.150Z' + numberOfUpdates: + type: integer + description: Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED. + example: 0 + roleIds: + description: The role IDs that are in this request. + type: array + items: + type: string + status: + type: string + description: Request status + enum: + - CREATED + - IN PROGRESS + - COMPLETED + - FAILED + example: + id: c9aa02f7-86b0-4bc4-84bd-3116a6131e77 + createdDate: '2020-09-16T18:49:32.150Z' + lastGenerated: '2020-09-16T18:49:32.150Z' + numberOfUpdates: 0 + roleIds: + - 2c91808e720e94f8017253287c0a44f4 + - 2c918087723ac2800172532191540e03 + - 2c9180986e4c8592016e6b15eaef447c + status: CREATED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /role-insights/summary: + get: + operationId: getRoleInsightsSummary + summary: Get role insights summary information + tags: + - Role Insights + description: This method returns high level summary information for role insights for a customer. + responses: + '200': + description: Succeeded. Returns high level counts. + content: + application/json: + schema: + type: object + properties: + numberOfUpdates: + type: integer + description: Total number of roles with updates + lastGenerated: + type: string + format: date-time + description: The date-time role insights were last found. + example: '2020-05-19T13:49:37.385Z' + entitlementsIncludedInRoles: + type: integer + description: The number of entitlements included in roles (vs free radicals). + example: 45 + totalNumberOfEntitlements: + type: integer + description: The total number of entitlements. + example: 250 + identitiesWithAccessViaRoles: + type: integer + description: The number of identities in roles vs. identities with just entitlements and not in roles. + example: 550 + totalNumberOfIdentities: + type: integer + description: The total number of identities. + example: 980 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /role-insights: + get: + operationId: getRoleInsights + summary: Get role insights + tags: + - Role Insights + description: This method returns detailed role insights for each role. + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: sorters + in: query + description: 'sort by numberOfUpdates, identitiesWithAccess, totalNumberOfIdentities (default- ascending)' + required: false + style: form + explode: true + schema: + type: string + - name: filters + in: query + description: 'Filter parameter(s) by "starts with" for the name, ownerName and description.' + required: false + style: form + explode: true + schema: + type: string + responses: + '200': + description: Succeeded. Returns a list of roles with information about insights for each role. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Insight id + example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 + numberOfUpdates: + type: integer + description: Total number of updates for this role + example: 5 + createdDate: + type: string + format: date-time + description: The date-time insights were last created for this role. + example: '2020-05-19T13:49:37.385Z' + role: + description: A role + type: object + properties: + name: + type: string + description: Role name + example: Software Engineer + id: + type: string + description: Role id + example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 + description: + type: string + description: Role description + example: Person who develops software + ownerName: + type: string + description: Role owner name + example: Bob + ownerId: + type: string + description: Role owner id + example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 + insight: + description: The kind of insight this is and some stats + type: object + properties: + type: + type: string + description: The number of identities in this role with the entitlement. + example: ADD + identitiesWithAccess: + type: integer + description: The number of identities in this role with the entitlement. + example: 850 + identitiesImpacted: + type: integer + description: The number of identities in this role that do not have the specified entitlement. + example: 150 + totalNumberOfIdentities: + type: integer + description: The total number of identities. + example: 1000 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-insights/{insightId}': + get: + operationId: getRoleInsight + summary: Get a single role insight + tags: + - Role Insights + description: This endpoint gets role insights information for a role. + parameters: + - in: path + name: insightId + schema: + type: string + required: true + description: The role insight id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + responses: + '200': + description: Succeeded. Returns information about insights for a single role. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Insight id + example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 + numberOfUpdates: + type: integer + description: Total number of updates for this role + example: 5 + createdDate: + type: string + format: date-time + description: The date-time insights were last created for this role. + example: '2020-05-19T13:49:37.385Z' + role: + description: A role + type: object + properties: + name: + type: string + description: Role name + example: Software Engineer + id: + type: string + description: Role id + example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 + description: + type: string + description: Role description + example: Person who develops software + ownerName: + type: string + description: Role owner name + example: Bob + ownerId: + type: string + description: Role owner id + example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 + insight: + description: The kind of insight this is and some stats + type: object + properties: + type: + type: string + description: The number of identities in this role with the entitlement. + example: ADD + identitiesWithAccess: + type: integer + description: The number of identities in this role with the entitlement. + example: 850 + identitiesImpacted: + type: integer + description: The number of identities in this role that do not have the specified entitlement. + example: 150 + totalNumberOfIdentities: + type: integer + description: The total number of identities. + example: 1000 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-insights/{insightId}/entitlement-changes': + get: + operationId: getRoleInsightsEntitlementsChanges + summary: Get entitlement insights for a role + tags: + - Role Insights + description: This endpoint returns entitlement insights for a role. + parameters: + - in: path + name: insightId + schema: + type: string + required: true + description: The role insight id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: sorters + description: sort by identitiesWithAccess or name + required: false + style: form + explode: true + schema: + type: string + - in: query + name: filters + description: Filter parameter(s) by "starts with" for the name and description. + required: false + style: form + explode: true + schema: + type: string + responses: + '200': + description: Succeeded. Returns a list of entitlements to be added for a role. + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: Name of the entitlement + id: + type: string + description: Id of the entitlement + description: + type: string + description: Description for the entitlement + attribute: + type: string + description: Attribute for the entitlement + value: + type: string + description: Attribute value for the entitlement + source: + type: string + description: Source or the application for the entitlement + insight: + description: The kind of insight this is and some stats + type: object + properties: + type: + type: string + description: The number of identities in this role with the entitlement. + example: ADD + identitiesWithAccess: + type: integer + description: The number of identities in this role with the entitlement. + example: 850 + identitiesImpacted: + type: integer + description: The number of identities in this role that do not have the specified entitlement. + example: 150 + totalNumberOfIdentities: + type: integer + description: The total number of identities. + example: 1000 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-insights/{insightId}/entitlement-changes/download': + get: + operationId: downloadRoleInsightsEntitlementsChanges + summary: Download entitlement insights for a role + tags: + - Role Insights + description: This endpoint returns the entitlement insights for a role. + parameters: + - in: path + name: insightId + schema: + type: string + required: true + description: The role insight id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: sorters + description: 'sort by identitiesWithAccess, default order descending' + required: false + style: form + explode: true + schema: + type: string + - in: query + name: filters + description: Filter parameter(s) by "starts with" for the name and description. + required: false + style: form + explode: true + schema: + type: string + responses: + '200': + description: Succeeded. Returns a csv file containing a list of entitlements to be added for a role. + content: + text/csv: + schema: + type: string + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-insights/{insightId}/current-entitlements': + get: + operationId: getRoleInsightsCurrentEntitlements + summary: Get current entitlement for a role + tags: + - Role Insights + description: This endpoint gets the entitlements for a role. The term "current" is to distinguish from the entitlement(s) an insight might recommend adding. + parameters: + - in: path + name: insightId + schema: + type: string + required: true + description: The role insight id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: filters + description: Filter parameter(s) by "starts with" for the name and description. + required: false + style: form + explode: true + schema: + type: string + responses: + '200': + description: Succeeded. Returns a list of current or pre-existing entitlements for a role. + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: Name of the entitlement + id: + type: string + description: Id of the entitlement + description: + type: string + description: Description for the entitlement + source: + type: string + description: Source or the application for the entitlement + attribute: + type: string + description: Attribute for the entitlement + value: + type: string + description: Attribute value for the entitlement + example: + name: Administrator + id: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + description: Full administrative access to IdentityNow + source: IdentityNow + attribute: assignedGroups + value: ORG_ADMIN + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-insights/{insightId}/entitlement-changes/{entitlementId}/identities': + get: + operationId: getEntitlementChangesIdentities + summary: Get identities for a suggested entitlement (for a role) + tags: + - Role Insights + description: 'Role insights suggests entitlements to be added for a role. This endpoint returns a list of identities in the role, with or without the entitlements, for a suggested entitlement so that the user can see which identities would be affected if the suggested entitlement were to be added to the role.' + parameters: + - in: path + name: insightId + schema: + type: string + required: true + description: The role insight id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: entitlementId + schema: + type: string + required: true + description: The entitlement id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: hasEntitlement + description: Identity has this entitlement or not + required: false + style: form + explode: true + schema: + type: boolean + default: false + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: sorters + description: sort by name + required: false + style: form + explode: true + schema: + type: string + - in: query + name: filters + description: Filter parameter by "starts with" for the name. + required: false + style: form + explode: true + schema: + type: string + responses: + '200': + description: Succeeded. Returns a list of identities with or without the entitlement. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Id for identity + name: + type: string + description: Name for identity + attributes: + type: object + additionalProperties: + type: string + example: + id: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + name: Adam Smith + attributes: + department: Human Resources-tah-mgb-dnd + firstName: Adam + jobTitle: Sales Analyst + location: Mexico + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /role-mining-sessions: + post: + operationId: createRoleMiningSessions + summary: Create a role mining session + tags: + - IAI Role Mining + description: This submits a create role mining session request to the role mining application. + requestBody: + description: Role mining session parameters + required: true + content: + application/json: + schema: + type: object + properties: + scope: + description: The scope of identities for this role mining session + example: + identityIds: [] + criteria: 'source.name:DataScienceDataset' + attributeFilterCriteria: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + type: object + properties: + identityIds: + type: array + items: + type: string + description: The list of identities for this role mining session. + example: + - 2c918090761a5aac0176215c46a62d58 + - 2c918090761a5aac01722015c46a62d42 + criteria: + type: string + description: The "search" criteria that produces the list of identities for this role mining session. + example: 'source.name:DataScienceDataset' + attributeFilterCriteria: + type: array + items: + type: object + description: The filter criteria for this role mining session. + example: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + pruneThreshold: + type: integer + description: The prune threshold to be used or null to calculate prescribedPruneThreshold + example: 5 + format: int32 + prescribedPruneThreshold: + type: integer + description: The calculated prescribedPruneThreshold + example: 10 + format: int32 + minNumIdentitiesInPotentialRole: + type: integer + description: Minimum number of identities in a potential role + example: 20 + format: int32 + potentialRoleCount: + type: integer + description: Number of potential roles + example: 0 + format: int32 + potentialRolesReadyCount: + type: integer + description: Number of potential roles ready + example: 0 + format: int32 + status: + description: The status of the role mining session + example: CREATED + type: object + properties: + state: + description: The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED + type: string + example: CREATED + type: + description: Role mining session type + example: SPECIALIZED + type: string + enum: + - SPECIALIZED + - COMMON + emailRecipientId: + type: string + description: The id of the user who will receive an email about the role mining session + example: 2c918090761a5aac0176215c46a62d58 + createdBy: + description: The session created by details + type: object + properties: + id: + type: string + description: ID of the creator + example: 2c918090761a5aac0176215c46a62d58 + displayName: + type: string + description: The display name of the creator + example: Ashley.Pierce + identityCount: + type: integer + description: Number of identities in the population which meet the search criteria or identity list provided + example: 0 + format: int32 + saved: + type: boolean + description: The session's saved status + example: true + name: + type: string + description: The session's saved name + example: Saved RM Session - 07/10 + responses: + '201': + description: Submitted a role mining session request + content: + application/json: + schema: + type: object + properties: + scope: + description: The scope of identities for this role mining session + type: object + properties: + identityIds: + type: array + items: + type: string + description: The list of identities for this role mining session. + example: + - 2c918090761a5aac0176215c46a62d58 + - 2c918090761a5aac01722015c46a62d42 + criteria: + type: string + description: The "search" criteria that produces the list of identities for this role mining session. + example: 'source.name:DataScienceDataset' + attributeFilterCriteria: + type: array + items: + type: object + description: The filter criteria for this role mining session. + example: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + minNumIdentitiesInPotentialRole: + type: integer + description: Minimum number of identities in a potential role + example: 20 + prescribedPruneThreshold: + type: integer + description: The computed (or prescribed) prune threshold for this session + example: 83 + pruneThreshold: + type: integer + description: The prune threshold to be used for this role mining session + example: 70 + potentialRoleCount: + type: integer + description: The number of potential roles + example: 8 + potentialRolesReadyCount: + type: integer + description: The number of potential roles which have completed processing + example: 4 + status: + description: The role mining session status + type: object + properties: + state: + description: The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED + type: string + example: CREATED + id: + type: string + description: Session Id for this role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + createdDate: + type: string + format: date-time + description: The date-time when this role mining session was created. + modifiedDate: + type: string + format: date-time + description: The date-time when this role mining session was completed. + type: + description: Role mining session type + type: string + enum: + - SPECIALIZED + - COMMON + example: SPECIALIZED + example: + scope: + identityIds: [] + criteria: 'source.name:DataScienceDataset' + minNumIdentitiesInPotentialRole: 20 + pruneThreshold: 70 + prescribedPruneThreshold: 83 + potentialRoleCount: 8 + potentialRolesReadyCount: 4 + status: + state: POTENTIAL_ROLES_PROCESSING + id: 602ba738-cf48-499b-a780-7b67b3fc1ecf + createdDate: '2021-09-08T16:11:05.348Z' + modifiedDate: '2021-09-08T16:11:05.348Z' + type: SPECIALIZED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: getRoleMiningSessions + summary: Retrieves all role mining sessions + tags: + - IAI Role Mining + description: Returns all role mining sessions that match the query parameters + parameters: + - in: query + name: filters + schema: + type: string + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **saved**: *eq* "true" or "false" **name**: *eq, sw*' + example: saved eq "true" and name sw "RM Session" + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **createdBy, createdDate**' + example: 'createdBy,createdDate' + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: Succeeded. Returns all role mining sessions that match the query parameters. + content: + application/json: + schema: + type: array + items: + type: object + properties: + scope: + description: The scope of identities for this role mining session + example: + identityIds: [] + criteria: 'source.name:DataScienceDataset' + attributeFilterCriteria: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + type: object + properties: + identityIds: + type: array + items: + type: string + description: The list of identities for this role mining session. + example: + - 2c918090761a5aac0176215c46a62d58 + - 2c918090761a5aac01722015c46a62d42 + criteria: + type: string + description: The "search" criteria that produces the list of identities for this role mining session. + example: 'source.name:DataScienceDataset' + attributeFilterCriteria: + type: array + items: + type: object + description: The filter criteria for this role mining session. + example: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + pruneThreshold: + type: integer + description: The prune threshold to be used or null to calculate prescribedPruneThreshold + example: 5 + format: int32 + prescribedPruneThreshold: + type: integer + description: The calculated prescribedPruneThreshold + example: 10 + format: int32 + minNumIdentitiesInPotentialRole: + type: integer + description: Minimum number of identities in a potential role + example: 20 + format: int32 + potentialRoleCount: + type: integer + description: Number of potential roles + example: 0 + format: int32 + potentialRolesReadyCount: + type: integer + description: Number of potential roles ready + example: 0 + format: int32 + status: + description: The status of the role mining session + example: CREATED + type: object + properties: + state: + description: The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED + type: string + example: CREATED + type: + description: Role mining session type + example: SPECIALIZED + type: string + enum: + - SPECIALIZED + - COMMON + emailRecipientId: + type: string + description: The id of the user who will receive an email about the role mining session + example: 2c918090761a5aac0176215c46a62d58 + createdBy: + description: The session created by details + type: object + properties: + id: + type: string + description: ID of the creator + example: 2c918090761a5aac0176215c46a62d58 + displayName: + type: string + description: The display name of the creator + example: Ashley.Pierce + identityCount: + type: integer + description: Number of identities in the population which meet the search criteria or identity list provided + example: 0 + format: int32 + saved: + type: boolean + description: The session's saved status + example: true + name: + type: string + description: The session's saved name + example: Saved RM Session - 07/10 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}': + patch: + operationId: patchRoleMiningSession + summary: Patch a role mining session + tags: + - IAI Role Mining + description: 'The method updates an existing role mining session using PATCH. Supports op in {"replace"} and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated.' + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id to be patched + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + requestBody: + required: true + description: Replace pruneThreshold and/or minNumIdentitiesInPotentialRole in role mining session. Update saved status or saved name for a role mining session. + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /pruneThreshold + value: '83' + - op: replace + path: /minNumIdentitiesInPotentialRole + value: '10' + - op: replace + path: /saved + value: 'false' + - op: replace + path: /name + value: RM Session - 07/10/22 + - op: add + path: /name + value: RM Session - 07/10/22 + responses: + '202': + description: Success + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: getRoleMiningSession + summary: Get a role mining session + tags: + - IAI Role Mining + description: The method retrieves a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id to be retrieved. + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + responses: + '200': + description: Returns a role mining session + content: + application/json: + schema: + type: object + properties: + scope: + description: The scope of identities for this role mining session + type: object + properties: + identityIds: + type: array + items: + type: string + description: The list of identities for this role mining session. + example: + - 2c918090761a5aac0176215c46a62d58 + - 2c918090761a5aac01722015c46a62d42 + criteria: + type: string + description: The "search" criteria that produces the list of identities for this role mining session. + example: 'source.name:DataScienceDataset' + attributeFilterCriteria: + type: array + items: + type: object + description: The filter criteria for this role mining session. + example: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + minNumIdentitiesInPotentialRole: + type: integer + description: Minimum number of identities in a potential role + example: 20 + prescribedPruneThreshold: + type: integer + description: The computed (or prescribed) prune threshold for this session + example: 83 + pruneThreshold: + type: integer + description: The prune threshold to be used for this role mining session + example: 70 + potentialRoleCount: + type: integer + description: The number of potential roles + example: 8 + potentialRolesReadyCount: + type: integer + description: The number of potential roles which have completed processing + example: 4 + status: + description: The role mining session status + type: object + properties: + state: + description: The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED + type: string + example: CREATED + id: + type: string + description: Session Id for this role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + createdDate: + type: string + format: date-time + description: The date-time when this role mining session was created. + modifiedDate: + type: string + format: date-time + description: The date-time when this role mining session was completed. + type: + description: Role mining session type + type: string + enum: + - SPECIALIZED + - COMMON + example: SPECIALIZED + example: + scope: + identityIds: [] + criteria: 'source.name:DataScienceDataset' + minNumIdentitiesInPotentialRole: 20 + pruneThreshold: 70 + prescribedPruneThreshold: 83 + potentialRoleCount: 8 + potentialRolesReadyCount: 4 + status: + state: POTENTIAL_ROLES_PROCESSING + id: 602ba738-cf48-499b-a780-7b67b3fc1ecf + createdDate: '2021-09-08T16:11:05.348Z' + modifiedDate: '2021-09-08T16:11:05.348Z' + type: SPECIALIZED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/status': + get: + operationId: getRoleMiningSessionStatus + summary: Get role mining session status state + tags: + - IAI Role Mining + description: This method returns a role mining session status for a customer. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + responses: + '200': + description: Succeeded. Returns session status + content: + application/json: + schema: + type: object + properties: + state: + description: The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED + type: string + example: CREATED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-role-summaries': + get: + operationId: getPotentialRoleSummaries + summary: Retrieves all potential role summaries + tags: + - IAI Role Mining + description: This method returns the potential role summaries for a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: sorters + required: false + style: form + explode: true + schema: + type: string + format: comma-separated + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **createdDate**' + example: createdDate + - in: query + name: filters + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Filtering is supported for the following fields and operators: + **createdById**: *eq, sw, co* + **createdByName**: *eq, sw, co* + **description**: *sw, co* + **endDate**: *le, lt* + **freshness**: *eq, ge, gt, le, lt* + **name**: *eq, sw, co* + **quality**: *eq, ge, gt, le, lt* + **startDate**: *ge, gt* + **saved**: *eq* + **type**: *eq* + example: (createdByName co "int")and (createdById sw "2c9180907")and (type eq "COMMON")and ((name co "entt")or (saved eq true)) + required: false + style: form + explode: true + schema: + type: string + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: Succeeded. Returns a list of potential role summaries for a role mining session. + content: + application/json: + schema: + type: array + items: + type: object + properties: + potentialRoleRef: + description: Details about the potential role + type: object + properties: + id: + type: string + description: Id of the potential role + name: + type: string + description: Name of the potential role + identityCount: + type: integer + description: The number of identities in a potential role. + example: 25 + entitlementCount: + type: integer + description: The number of entitlements in a potential role. + example: 15 + identityGroupStatus: + type: string + description: The status for this identity group which can be "REQUESTED" or "OBTAINED" + example: OBTAINED + provisionState: + description: 'The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".' + example: PENDING + type: string + enum: + - POTENTIAL + - PENDING + - COMPLETE + - FAILED + roleId: + type: string + description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned. + example: 2a4be6fbcf3c4e66b95a0c15ffd591 + density: + type: integer + description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities. + example: 90 + freshness: + type: integer + description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles. + example: 70 + quality: + type: integer + description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness. + example: 80 + example: + potentialRoleRef: + id: dd4c13c6-8237-4753-bfb7-f627e489f9ec + name: Potential Role - dd4c13 + identityCount: '25' + entitlementCount: '15' + identityGroupStatus: OBTAINED + provisionState: PENDING + roleId: 2a4be6fbcf3c4e66b95a0c15ffd591 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}': + get: + operationId: getPotentialRole + summary: Retrieves a specific potential role + tags: + - IAI Role Mining + description: This method returns a specific potential role for a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + responses: + '200': + description: Succeeded. Returns a list of potential roles for a role mining session. + content: + application/json: + schema: + type: object + properties: + createdBy: + description: The session created by details. + type: object + properties: + id: + type: string + description: ID of the creator + example: 2c918090761a5aac0176215c46a62d58 + displayName: + type: string + description: The display name of the creator + example: Ashley.Pierce + density: + type: integer + description: The density of a potential role. + example: 75 + format: int32 + description: + type: string + description: The description of a potential role. + example: Potential Role for Accounting dept + entitlementCount: + type: integer + description: The number of entitlements in a potential role. + example: 25 + format: int32 + excludedEntitlements: + description: The list of entitlement ids to be excluded. + type: array + items: + type: string + example: + - 07a0b4e2 + - 13b4e2a0 + freshness: + type: integer + description: The freshness of a potential role. + example: 75 + format: int32 + identityCount: + type: integer + description: The number of identities in a potential role. + example: 25 + format: int32 + identityDistribution: + description: Identity attribute distribution. + type: array + items: + type: object + properties: + attributeName: + type: string + description: Id of the potential role + example: department + distribution: + type: array + items: + type: object + additionalProperties: + type: string + example: + - attributeValue: NM Tier 3 + count: 6 + identityIds: + description: The list of ids in a potential role. + type: array + items: + type: string + example: + - 07a0b4e2 + - 13b4e2a0 + name: + type: string + description: Name of the potential role. + example: Saved Potential Role - 07/10 + provisionState: + description: The provisioning state of a potential role. + type: string + enum: + - POTENTIAL + - PENDING + - COMPLETE + - FAILED + example: POTENTIAL + quality: + type: integer + description: The quality of a potential role. + example: 100 + format: int32 + roleId: + type: string + description: The roleId of a potential role. + example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519 + saved: + type: boolean + description: The potential role's saved status. + example: true + session: + description: The session parameters of the potential role. + type: object + properties: + minNumIdentitiesInPotentialRole: + type: integer + description: Minimum number of identities in a potential role + example: 20 + format: int32 + name: + type: string + description: The session's saved name + example: Saved RM Session - 07/10 + pruneThreshold: + type: integer + description: The prune threshold to be used or null to calculate prescribedPruneThreshold + example: 5 + format: int32 + saved: + type: boolean + description: The session's saved status + example: true + scope: + description: The scope of identities for this role mining session + example: + identityIds: [] + criteria: 'source.name:DataScienceDataset' + attributeFilterCriteria: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + type: object + properties: + identityIds: + type: array + items: + type: string + description: The list of identities for this role mining session. + example: + - 2c918090761a5aac0176215c46a62d58 + - 2c918090761a5aac01722015c46a62d42 + criteria: + type: string + description: The "search" criteria that produces the list of identities for this role mining session. + example: 'source.name:DataScienceDataset' + attributeFilterCriteria: + type: array + items: + type: object + description: The filter criteria for this role mining session. + example: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + type: + description: Role mining potential type + type: string + enum: + - SPECIALIZED + - COMMON + example: SPECIALIZED + type: + description: Role mining potential type. + type: string + enum: + - SPECIALIZED + - COMMON + example: SPECIALIZED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchPotentialRole + summary: Update a potential role + tags: + - IAI Role Mining + description: | + The method updates an existing potential role using. + + The following fields can be modified: + + * `description` + + * `name` + + * `saved` + + + >**NOTE: All other fields can not be modified.** + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: The potential role summary id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + requestBody: + required: true + content: + application/json-patch+json: + schema: + type: array + items: + allOf: + - type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + properties: + op: + type: string + description: The operation to be performed + enum: + - remove + - replace + example: replace + example: + - op: remove + path: /description + - op: replace + path: /description + value: Acct I - Potential Role + - op: remove + path: /saved + - op: replace + path: /saved + value: 'false' + - op: remove + path: /name + - op: replace + path: /name + value: Potential Role Accounting + responses: + '200': + description: Succeeded. Returns the potential role summary based on the potentialRoleId provided. + content: + application/json: + schema: + type: object + items: + type: object + properties: + createdBy: + description: The session created by details. + type: object + properties: + id: + type: string + description: ID of the creator + example: 2c918090761a5aac0176215c46a62d58 + displayName: + type: string + description: The display name of the creator + example: Ashley.Pierce + density: + type: integer + description: The density of a potential role. + example: 75 + format: int32 + description: + type: string + description: The description of a potential role. + example: Potential Role for Accounting dept + entitlementCount: + type: integer + description: The number of entitlements in a potential role. + example: 25 + format: int32 + excludedEntitlements: + description: The list of entitlement ids to be excluded. + type: array + items: + type: string + example: + - 07a0b4e2 + - 13b4e2a0 + freshness: + type: integer + description: The freshness of a potential role. + example: 75 + format: int32 + identityCount: + type: integer + description: The number of identities in a potential role. + example: 25 + format: int32 + identityDistribution: + description: Identity attribute distribution. + type: array + items: + type: object + properties: + attributeName: + type: string + description: Id of the potential role + example: department + distribution: + type: array + items: + type: object + additionalProperties: + type: string + example: + - attributeValue: NM Tier 3 + count: 6 + identityIds: + description: The list of ids in a potential role. + type: array + items: + type: string + example: + - 07a0b4e2 + - 13b4e2a0 + name: + type: string + description: Name of the potential role. + example: Saved Potential Role - 07/10 + provisionState: + description: The provisioning state of a potential role. + type: string + enum: + - POTENTIAL + - PENDING + - COMPLETE + - FAILED + example: POTENTIAL + quality: + type: integer + description: The quality of a potential role. + example: 100 + format: int32 + roleId: + type: string + description: The roleId of a potential role. + example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519 + saved: + type: boolean + description: The potential role's saved status. + example: true + session: + description: The session parameters of the potential role. + type: object + properties: + minNumIdentitiesInPotentialRole: + type: integer + description: Minimum number of identities in a potential role + example: 20 + format: int32 + name: + type: string + description: The session's saved name + example: Saved RM Session - 07/10 + pruneThreshold: + type: integer + description: The prune threshold to be used or null to calculate prescribedPruneThreshold + example: 5 + format: int32 + saved: + type: boolean + description: The session's saved status + example: true + scope: + description: The scope of identities for this role mining session + example: + identityIds: [] + criteria: 'source.name:DataScienceDataset' + attributeFilterCriteria: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + type: object + properties: + identityIds: + type: array + items: + type: string + description: The list of identities for this role mining session. + example: + - 2c918090761a5aac0176215c46a62d58 + - 2c918090761a5aac01722015c46a62d42 + criteria: + type: string + description: The "search" criteria that produces the list of identities for this role mining session. + example: 'source.name:DataScienceDataset' + attributeFilterCriteria: + type: array + items: + type: object + description: The filter criteria for this role mining session. + example: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + type: + description: Role mining potential type + type: string + enum: + - SPECIALIZED + - COMMON + example: SPECIALIZED + type: + description: Role mining potential type. + type: string + enum: + - SPECIALIZED + - COMMON + example: SPECIALIZED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}/applications': + get: + operationId: getPotentialRoleApplications + summary: Retrieves the applications of a potential role for a role mining session + tags: + - IAI Role Mining + description: This method returns the applications of a potential role for a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: Succeeded. Returns a list of potential roles for a role mining session. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Id of the potential role + name: + type: string + description: Name of the potential role + example: + id: 2c9180877212632a017228d5a796292b + name: Slack + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularities': + get: + operationId: getEntitlementsPotentialRole + summary: Retrieves entitlements for a potential role in a role mining session + tags: + - IAI Role Mining + description: This method returns entitlements for a potential role in a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: includeCommonAccess + description: Boolean determining whether common access entitlements will be included or not + required: false + style: form + explode: true + schema: + type: boolean + - in: query + name: sorters + description: 'sort by popularity, default order descending' + required: false + style: form + explode: true + schema: + type: string + - in: query + name: filters + description: Filter parameter by "starts with" for the applicationName and entitlementRef.name. + required: false + style: form + explode: true + schema: + type: string + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: Succeeded. Returns a list of entitlements for a potential role. + content: + application/json: + schema: + type: array + items: + type: object + properties: + entitlementRef: + description: Details about the entitlement + type: object + properties: + id: + type: string + description: Id of the entitlement + name: + type: string + description: Name of the entitlement + description: + type: string + description: Description forthe entitlement + name: + type: string + description: Name of the entitlement + applicationName: + type: string + description: Application name of the entitlement + identityCount: + type: integer + description: The number of identities with this entitlement in a role. + example: 45 + popularity: + type: integer + description: The % popularity of this entitlement in a role. + example: 65 + popularityInOrg: + type: integer + description: TThe % popularity of this entitlement in the org. + example: 35 + example: + entitlementRef: + id: 2c9180877212632a017228d5a796292b + name: entitlement.10 + description: Read access + name: Administrator + applicationName: Slack + identityCount: '8' + popularity: '65' + popularityInOrg: '35' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularity-distribution': + get: + operationId: getEntitlementDistributionPotentialRole + summary: Retrieves entitlement popularity distribution for a potential role in a role mining session + tags: + - IAI Role Mining + description: This method returns entitlement popularity distribution for a potential role in a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: includeCommonAccess + description: Boolean determining whether common access entitlements will be included or not + required: false + style: form + explode: true + schema: + type: boolean + responses: + '200': + description: Succeeded. Returns a map containing entitlement popularity distribution for a potential role. + content: + application/json: + schema: + type: object + additionalProperties: + type: integer + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/edit-entitlements': + post: + operationId: updateEntitlementsPotentialRole + summary: Edit entitlements for a potential role to exclude some entitlements + tags: + - IAI Role Mining + description: This endpoint adds or removes entitlements from an exclusion list for a potential role. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + requestBody: + description: Role mining session parameters + required: true + content: + application/json: + schema: + type: object + properties: + ids: + description: The list of entitlement ids to be edited + type: array + items: + type: string + exclude: + type: boolean + description: 'If true, add ids to be exclusion list. If false, remove ids from the exclusion list.' + example: + ids: + - entId1 + - entId2 + exclude: true + responses: + '201': + description: Adds or removes entitlements from a potential role's entitlement exclusion list. + content: + application/json: + schema: + type: object + properties: + createdBy: + description: The session created by details. + type: object + properties: + id: + type: string + description: ID of the creator + example: 2c918090761a5aac0176215c46a62d58 + displayName: + type: string + description: The display name of the creator + example: Ashley.Pierce + density: + type: integer + description: The density of a potential role. + example: 75 + format: int32 + description: + type: string + description: The description of a potential role. + example: Potential Role for Accounting dept + entitlementCount: + type: integer + description: The number of entitlements in a potential role. + example: 25 + format: int32 + excludedEntitlements: + description: The list of entitlement ids to be excluded. + type: array + items: + type: string + example: + - 07a0b4e2 + - 13b4e2a0 + freshness: + type: integer + description: The freshness of a potential role. + example: 75 + format: int32 + identityCount: + type: integer + description: The number of identities in a potential role. + example: 25 + format: int32 + identityDistribution: + description: Identity attribute distribution. + type: array + items: + type: object + properties: + attributeName: + type: string + description: Id of the potential role + example: department + distribution: + type: array + items: + type: object + additionalProperties: + type: string + example: + - attributeValue: NM Tier 3 + count: 6 + identityIds: + description: The list of ids in a potential role. + type: array + items: + type: string + example: + - 07a0b4e2 + - 13b4e2a0 + name: + type: string + description: Name of the potential role. + example: Saved Potential Role - 07/10 + provisionState: + description: The provisioning state of a potential role. + type: string + enum: + - POTENTIAL + - PENDING + - COMPLETE + - FAILED + example: POTENTIAL + quality: + type: integer + description: The quality of a potential role. + example: 100 + format: int32 + roleId: + type: string + description: The roleId of a potential role. + example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519 + saved: + type: boolean + description: The potential role's saved status. + example: true + session: + description: The session parameters of the potential role. + type: object + properties: + minNumIdentitiesInPotentialRole: + type: integer + description: Minimum number of identities in a potential role + example: 20 + format: int32 + name: + type: string + description: The session's saved name + example: Saved RM Session - 07/10 + pruneThreshold: + type: integer + description: The prune threshold to be used or null to calculate prescribedPruneThreshold + example: 5 + format: int32 + saved: + type: boolean + description: The session's saved status + example: true + scope: + description: The scope of identities for this role mining session + example: + identityIds: [] + criteria: 'source.name:DataScienceDataset' + attributeFilterCriteria: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + type: object + properties: + identityIds: + type: array + items: + type: string + description: The list of identities for this role mining session. + example: + - 2c918090761a5aac0176215c46a62d58 + - 2c918090761a5aac01722015c46a62d42 + criteria: + type: string + description: The "search" criteria that produces the list of identities for this role mining session. + example: 'source.name:DataScienceDataset' + attributeFilterCriteria: + type: array + items: + type: object + description: The filter criteria for this role mining session. + example: + displayName: + untranslated: 'Location: Miami' + ariaLabel: + untranslated: 'Location: Miami' + data: + displayName: + translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION + name: location + operator: EQUALS + values: + - Miami + type: + description: Role mining potential type + type: string + enum: + - SPECIALIZED + - COMMON + example: SPECIALIZED + type: + description: Role mining potential type. + type: string + enum: + - SPECIALIZED + - COMMON + example: SPECIALIZED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/identities': + get: + operationId: getIdentitiesPotentialRole + summary: Retrieves identities for a potential role in a role mining session + tags: + - IAI Role Mining + description: This method returns identities for a potential role in a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: sorters + description: 'sort by name, default order ascending' + required: false + style: form + explode: true + schema: + type: string + - in: query + name: filters + description: Filter parameter by "starts with" for the name. + required: false + style: form + explode: true + schema: + type: string + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: Succeeded. Returns a list of identities for a potential role. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Id of the identity + name: + type: string + description: Name of the identity + attributes: + type: object + additionalProperties: + type: string + example: + id: 2c9180877212632a017228d5934525e6 + name: Allene Abernathy-Welch + attributes: + jobTitle: SQL Developer + department: IT + location: NYC + firstName: Allene + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export': + get: + operationId: exportRoleMiningPotentialRole + summary: Export (download) details for a potential role in a role mining session + tags: + - IAI Role Mining + description: This endpoint downloads all the information for a potential role in a role mining session. Includes identities and entitlements in the potential role. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + responses: + '200': + description: Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role. + content: + application/zip: + schema: + type: string + format: binary + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async': + post: + operationId: exportRoleMiningPotentialRoleAsync + summary: Asynchronously export details for a potential role in a role mining session and upload to S3 + tags: + - IAI Role Mining + description: This endpoint uploads all the information for a potential role in a role mining session to S3 as a downloadable zip archive. Includes identities and entitlements in the potential role. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 278359a6-04b7-4669-9468-924cf580964a + requestBody: + content: + application/json: + schema: + type: object + properties: + minEntitlementPopularity: + type: integer + description: The minimum popularity among identities in the role which an entitlement must have to be included in the report + example: 0 + includeCommonAccess: + type: boolean + description: 'If false, do not include entitlements that are highly popular among the entire orginization' + example: true + example: + minEntitlementPopularity: 0 + includeCommonAccess: true + responses: + '202': + description: Job Submitted. Returns a reportId that can be used to download the zip once complete + content: + application/json: + schema: + allOf: + - type: object + properties: + minEntitlementPopularity: + type: integer + description: The minimum popularity among identities in the role which an entitlement must have to be included in the report + example: 0 + includeCommonAccess: + type: boolean + description: 'If false, do not include entitlements that are highly popular among the entire orginization' + example: true + example: + minEntitlementPopularity: 0 + includeCommonAccess: true + - type: object + properties: + exportId: + type: string + format: uuid + description: ID used to reference this export + example: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04 + status: + description: The status of this export + example: QUEUED + type: string + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + example: + exportId: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04 + status: QUEUED + minEntitlementPopularity: 0 + includeCommonAccess: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}': + get: + operationId: exportRoleMiningPotentialRoleStatus + summary: Retrieve status of a potential role export job + tags: + - IAI Role Mining + description: This endpoint retrieves information about the current status of a potential role export. + parameters: + - in: path + name: sessionId + schema: + type: string + format: uuid + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + format: uuid + required: true + description: A potential role id in a role mining session + example: 278359a6-04b7-4669-9468-924cf580964a + - in: path + name: exportId + schema: + type: string + format: uuid + required: true + description: The id of a previously run export job for this potential role + example: 4940ffd4-836f-48a3-b2b0-6d498c3fdf40 + responses: + '200': + description: Success. Returns the current status of this export + content: + application/json: + schema: + allOf: + - type: object + properties: + minEntitlementPopularity: + type: integer + description: The minimum popularity among identities in the role which an entitlement must have to be included in the report + example: 0 + includeCommonAccess: + type: boolean + description: 'If false, do not include entitlements that are highly popular among the entire orginization' + example: true + example: + minEntitlementPopularity: 0 + includeCommonAccess: true + - type: object + properties: + exportId: + type: string + format: uuid + description: ID used to reference this export + example: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04 + status: + description: The status of this export + example: QUEUED + type: string + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + example: + exportId: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04 + status: QUEUED + minEntitlementPopularity: 0 + includeCommonAccess: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}/download': + get: + operationId: downloadRoleMiningPotentialRoleZip + summary: Export (download) details for a potential role in a role mining session + tags: + - IAI Role Mining + description: This endpoint downloads a completed export of information for a potential role in a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + format: uuid + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + format: uuid + required: true + description: A potential role id in a role mining session + example: 278359a6-04b7-4669-9468-924cf580964a + - in: path + name: exportId + schema: + type: string + format: uuid + required: true + description: The id of a previously run export job for this potential role + example: 4940ffd4-836f-48a3-b2b0-6d498c3fdf40 + responses: + '200': + description: Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role. + content: + application/zip: + schema: + type: string + format: binary + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/provision': + post: + operationId: createPotentialRoleProvisionRequest + summary: Create request to provision a potential role into an actual role. + tags: + - IAI Role Mining + description: This method starts a job to provision a potential role + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: min-entitlement-popularity + description: Minimum popularity required for an entitlement to be included in the provisioned role. + required: false + style: form + explode: true + schema: + type: integer + default: 0 + minimum: 0 + maximum: 100 + - in: query + name: include-common-access + description: Boolean determining whether common access entitlements will be included in the provisioned role. + required: false + style: form + explode: true + schema: + type: boolean + default: true + requestBody: + description: Required information to create a new role + content: + application/json: + schema: + type: object + properties: + roleName: + type: string + description: Name of the new role being created + example: Finance - Accounting + roleDescription: + type: string + description: Short description of the new role being created + example: General access for accounting department + ownerId: + type: string + description: ID of the identity that will own this role + example: 2b568c65bc3c4c57a43bd97e3a8e41 + example: + roleName: Finance - Accounting + roleDescription: General access for accounting department + ownerId: 2b568c65bc3c4c57a43bd97e3a8e41 + responses: + '202': + description: Accepted. Returns a potential role summary including the status of the provison request + content: + application/json: + schema: + type: object + properties: + potentialRoleRef: + description: Details about the potential role + type: object + properties: + id: + type: string + description: Id of the potential role + name: + type: string + description: Name of the potential role + identityCount: + type: integer + description: The number of identities in a potential role. + example: 25 + entitlementCount: + type: integer + description: The number of entitlements in a potential role. + example: 15 + identityGroupStatus: + type: string + description: The status for this identity group which can be "REQUESTED" or "OBTAINED" + example: OBTAINED + provisionState: + description: 'The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".' + example: PENDING + type: string + enum: + - POTENTIAL + - PENDING + - COMPLETE + - FAILED + roleId: + type: string + description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned. + example: 2a4be6fbcf3c4e66b95a0c15ffd591 + density: + type: integer + description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities. + example: 90 + freshness: + type: integer + description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles. + example: 70 + quality: + type: integer + description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness. + example: 80 + example: + potentialRoleRef: + id: dd4c13c6-8237-4753-bfb7-f627e489f9ec + name: Potential Role - dd4c13 + identityCount: '25' + entitlementCount: '15' + identityGroupStatus: OBTAINED + provisionState: PENDING + roleId: 2a4be6fbcf3c4e66b95a0c15ffd591 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/excluded-entitlements': + get: + operationId: getExcludedEntitlementsPotentialRole + summary: Retrieves excluded entitlements for a potential role in a role mining session + tags: + - IAI Role Mining + description: This method returns excluded entitlements for a potential role in a role mining session. + parameters: + - in: path + name: sessionId + schema: + type: string + required: true + description: The role mining session id + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: path + name: potentialRoleId + schema: + type: string + required: true + description: A potential role id in a role mining session + example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb + - in: query + name: sorters + description: 'sort by popularity, default order descending' + required: false + style: form + explode: true + schema: + type: string + - in: query + name: filters + description: Filter parameter by "starts with" for the applicationName and entitlementRef.name. + required: false + style: form + explode: true + schema: + type: string + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: Succeeded. Returns a list of excluded entitlements for a potential roles. + content: + application/json: + schema: + type: array + items: + type: object + properties: + entitlementRef: + description: Details about the entitlement + type: object + properties: + id: + type: string + description: Id of the entitlement + name: + type: string + description: Name of the entitlement + description: + type: string + description: Description forthe entitlement + name: + type: string + description: Name of the entitlement + applicationName: + type: string + description: Application name of the entitlement + identityCount: + type: integer + description: The number of identities with this entitlement in a role. + example: 45 + popularity: + type: integer + description: The % popularity of this entitlement in a role. + example: 65 + popularityInOrg: + type: integer + description: TThe % popularity of this entitlement in the org. + example: 35 + example: + entitlementRef: + id: 2c9180877212632a017228d5a796292b + name: entitlement.10 + description: Read access + name: Administrator + applicationName: Slack + identityCount: '8' + popularity: '65' + popularityInOrg: '35' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /roles: + get: + operationId: listRoles + tags: + - Roles + summary: List Roles + description: |- + This API returns a list of Roles. + + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: for-subadmin + schema: + type: string + description: 'If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity''s ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.' + example: 5168015d32f890ca15812c9180835d2e + required: false + - in: query + name: limit + description: |- + Note that for this API the maximum value for limit is 50. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 50 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 50 + default: 50 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: + **id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* + example: requestable eq false + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**' + example: 'name,-modified' + required: false + - in: query + name: for-segment-ids + schema: + type: string + format: comma-separated + description: |- + If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. + + If segmentation is currently unavailable, specifying this parameter results in an error. + example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d' + required: false + - in: query + name: include-unsegmented + schema: + type: boolean + default: true + description: 'Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.' + example: false + required: false + responses: + '200': + description: List of Roles + content: + application/json: + schema: + type: array + items: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:read' + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + - 'idn:role-checked:read' + post: + operationId: createRole + tags: + - Roles + summary: Create a Role + description: |- + This API creates a Role. + There is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket. + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + responses: + '201': + description: Role created + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + '/roles/{id}': + get: + operationId: getRole + tags: + - Roles + summary: Get a Role + description: |- + This API returns a Role by its ID. + + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: ID of the Role + example: 2c91808a7813090a017814121e121518 + responses: + '200': + description: List of all Roles + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:read' + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + - 'idn:role-checked:read' + patch: + operationId: patchRole + tags: + - Roles + summary: Patch a specified Role + description: |- + This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. + + The following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments** + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. + parameters: + - name: id + in: path + description: ID of the Role to patch + required: true + schema: + type: string + example: 2c91808a7813090a017814121e121518 + requestBody: + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Make a Role Requestable and Enable it in One Call: + description: This example shows how multiple fields may be updated with a single patch call. + value: + - op: replace + path: /requestable + value: true + - op: replace + path: /enabled + value: true + Assign a Role to a Segment: + description: This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array. + value: + - op: add + path: /segments/- + value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + Set the Membership Selection Criteria to a List of Identities: + description: 'This example shows how to define a Role''s membershp by providing a list of Identities, referenced by their IDs.' + value: + - op: replace + path: /membership + value: + type: IDENTITY_LIST + identities: + - id: 2c91808973fe906c0174262092014ed9 + - id: 2c918086262092014ed94fb8a47612f3 + Set the Membership Selection Criteria to a Standard Expression: + description: 'This example shows how to define a Role''s membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.' + value: + - op: replace + path: /membership + value: + type: STANDARD + criteria: + operation: OR + children: + - operation: EQUALS + key: + type: ENTITLEMENT + property: attribute.memberOf + sourceId: 2c9180887701fb2014213e122092014e + stringValue: Engineering + Add a New Clause as the Child of an Existing Standard Expression: + description: This example shows how to add a child clause to an existing STANDARD criteria expression. + value: + - op: add + path: /membership/criteria/children/- + value: + operation: ENDS_WITH + key: + type: IDENTITY + property: attribute.email + stringValue: '@identitynow.com' + required: true + responses: + '200': + description: Responds with the Role as updated. + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + delete: + operationId: deleteRole + tags: + - Roles + summary: Delete a Role + description: |- + This API deletes a Role by its ID. + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: ID of the Role + example: 2c91808a7813090a017814121e121518 + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + /roles/bulk-delete: + post: + operationId: bulkDeleteRoles + summary: Delete Role(s) + tags: + - Roles + description: |- + This API initiates a bulk deletion of one or more Roles. + + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Roles included in the request are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + roleIds: + description: List of IDs of Roles to be deleted. + type: array + items: + type: string + example: + - 2c9180847812e0b1017817051919ecca + - 2c9180887812e0b201781e129f151816 + required: + - roleIds + example: + roleIds: + - 2c91808876438bb2017668b91919ecca + - 2c91808876438ba801766e129f151816 + responses: + '202': + description: Returns an object with the id of the task performing the delete operation. + content: + application/json: + schema: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + example: + type: TASK_RESULT + id: 464ae7bf791e49fdb74606a2e4a89635 + name: null + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + 400.1 Bad Request Content: + description: Response for bad request content + value: + detailCode: 400.1 Bad Request Content + trackingId: 1ea1adcb84da4dcb890145e05745774e + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The request was syntactically correct but its content is semantically invalid. + 400.1 Role ids limit violation: + description: Role ids limit violation response + value: + detailCode: 400.1 Bad Request Content + trackingId: 77aa89ac6f0e422dbc588866abc22be9 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: roleIds count exceeded max limit of 50 for bulk-delete. + 400.1.404 Referenced object not found: + description: Referenced object not found response + value: + detailCode: 400.1.404 Referenced object not found + trackingId: 77aa89ac6f0e422dbc588866abc22be9 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: 'Referenced roleIds ["2c91808876438bb2017668b91919ecca"] was not found.' + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + '/roles/{id}/assigned-identities': + get: + operationId: getRoleAssignedIdentities + tags: + - Roles + summary: Identities assigned a Role + parameters: + - in: path + name: id + schema: + type: string + description: ID of the Role for which the assigned Identities are to be listed + example: 2c91808a7813090a017814121e121518 + required: true + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **aliasName**: *eq, sw* + + **email**: *eq, sw* + + **name**: *eq, sw, co* + example: name sw Joe + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **aliasName**, **email** + example: 'aliasName,name' + responses: + '200': + description: List of Identities assigned the Role + content: + application/json: + schema: + type: array + items: + type: object + description: A subset of the fields of an Identity which is a member of a Role. + properties: + id: + type: string + description: The ID of the Identity + example: 2c9180a46faadee4016fb4e018c20639 + aliasName: + type: string + description: The alias / username of the Identity + example: t.edison + name: + type: string + description: The human-readable display name of the Identity + example: Thomas Edison + email: + type: string + description: Email address of the Identity + example: t.edison@identitynow.com + roleAssignmentSource: + type: string + enum: + - ACCESS_REQUEST + - ROLE_MEMBERSHIP + description: Type which indicates how a particular Identity obtained a particular Role + example: ACCESS_REQUEST + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:read' + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + - 'idn:role-checked:read' + /segments: + post: + operationId: createSegment + tags: + - Segments + summary: Create Segment + description: |- + This API creates a segment. + + Note that segment definitions may take time to propagate to all identities. + + A token with ORG_ADMIN or API authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + responses: + '201': + description: Segment created + content: + application/json: + schema: + type: object + properties: + id: + type: string + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listSegments + tags: + - Segments + summary: List Segments + description: |- + This API returns a list of all segments. + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of all Segments + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/segments/{id}': + get: + operationId: getSegment + tags: + - Segments + summary: Get a Segment by its ID + description: |- + This API returns the segment specified by the given ID. + + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the Segment to retrieve. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Segment + content: + application/json: + schema: + type: object + properties: + id: + type: string + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSegment + tags: + - Segments + summary: Delete Segment by ID + description: |- + This API deletes the segment specified by the given ID. + + Note that segment deletion may take some time to become effective. + + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the Segment to delete. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchSegment + tags: + - Segments + summary: Update a Segment + description: |- + Allows updating Segment fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + Note that changes to a segment may take some time to propagate to all identities, and that segments will have no effect if segmentation is not enabled for your org. + + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the Segment being modified. + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of Segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + + The following fields are patchable: + * name + * description + * owner + * visibilityCriteria + * active + content: + application/json-patch+json: + schema: + type: array + items: + type: object + examples: + Set Visibility Criteria: + description: Set the visibility criteria + value: + - op: replace + path: /visibilityCriteria + value: + expression: + operator: AND + children: + - operator: EQUALS + attribute: location + value: + type: STRING + value: Philadelphia + - operator: EQUALS + attribute: department + value: + type: STRING + value: HR + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the Segment''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /send-test-notification: + post: + operationId: sendTestNotification + tags: + - Notifications + summary: Send Test Notification + description: Send a Test Notification + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + key: + type: string + description: The template notification key. + example: cloud_manual_work_item_summary + medium: + type: string + description: The notification medium. Has to be one of the following enum values. + enum: + - EMAIL + - SLACK + - TEAMS + context: + type: object + description: A Json object that denotes the context specific to the template. + example: + key: cloud_manual_work_item_summary + medium: EMAIL + context: + numberOfPendingTasks: '4' + ownerId: 201327fda1c44704ac01181e963d463c + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /service-desk-integrations: + get: + tags: + - Service Desk Integration + summary: List existing Service Desk Integrations + description: Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrationList + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - name: sorters + in: query + required: false + style: form + explode: true + schema: + type: string + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + example: name + - name: filters + in: query + required: false + style: form + explode: true + schema: + type: string + format: comma-separated + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq* + + **type**: *eq, in* + + **cluster**: *eq, in* + example: id eq 2c91808b6ef1d43e016efba0ce470904 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of ServiceDeskIntegrationDto + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + post: + tags: + - Service Desk Integration + summary: Create new Service Desk integration + description: Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: createServiceDeskIntegration + requestBody: + description: The specifics of a new integration to create + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + required: true + responses: + '200': + description: details of the created integration + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + '/service-desk-integrations/{id}': + get: + tags: + - Service Desk Integration + summary: Get a Service Desk integration + description: Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of the Service Desk integration to get + required: true + style: simple + explode: false + schema: + type: string + example: anId + responses: + '200': + description: ServiceDeskIntegrationDto with the given ID + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + put: + tags: + - Service Desk Integration + summary: Update a Service Desk integration + description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: updateServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of the Service Desk integration to update + required: true + style: simple + explode: false + schema: + type: string + example: anId + requestBody: + description: The specifics of the integration to update + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + required: true + responses: + '200': + description: ServiceDeskIntegrationDto as updated + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + delete: + tags: + - Service Desk Integration + summary: Delete a Service Desk integration + description: Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: deleteServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of Service Desk integration to delete + required: true + style: simple + explode: false + schema: + type: string + example: anId + responses: + '204': + description: Service Desk integration with the given ID successfully deleted + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + patch: + operationId: patchServiceDeskIntegration + tags: + - Service Desk Integration + summary: Service Desk Integration Update PATCH + description: Update an existing ServiceDeskIntegration by ID with a PATCH request. + parameters: + - name: id + in: path + description: ID of the Service Desk integration to update + required: true + style: simple + explode: false + schema: + type: string + example: anId + requestBody: + required: true + description: | + A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + PATCH can only be applied to the following fields: + * "beforeProvisioningRule" + + A 403 Forbidden Error indicates that you attempted to PATCH a field that is not allowed. + content: + application/json-patch+json: + schema: + type: object + description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + properties: + operations: + description: Operations to be applied + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: "[\n {\n\t \"op\": \"replace\",\n\t \"path\": \"/description\",\n\t \"value\": \"A new description\"\n }\n]" + responses: + '200': + description: ServiceDeskIntegrationDto as updated + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + /service-desk-integrations/types: + get: + tags: + - Service Desk Integration + summary: Service Desk Integration Types List. + description: This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrationTypes + responses: + '200': + description: Responds with an array of the currently supported Service Desk integration types. + content: + application/json: + schema: + type: array + items: + description: This represents a Service Desk Integration template type. + required: + - type + - scriptName + type: object + properties: + name: + description: This is the name of the type. + example: aName + type: string + type: + description: This is the type value for the type. + example: aType + type: string + scriptName: + description: This is the scriptName attribute value for the type. + example: aScriptName + type: string + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:read' + - 'idn:service-desk-integration:manage' + '/service-desk-integrations/templates/{scriptName}': + get: + tags: + - Service Desk Integration + summary: Service Desk integration template by scriptName. + description: This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrationTemplate + parameters: + - name: scriptName + in: path + description: The scriptName value of the Service Desk integration template to get + required: true + style: simple + explode: false + schema: + type: string + example: aScriptName + responses: + '200': + description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + modified: + description: Last modification date of the Object + type: string + format: date-time + readOnly: true + example: '2023-01-03T21:16:22.432Z' + - type: object + description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.' + required: + - type + - attributes + - provisioningConfig + properties: + type: + description: The 'type' property specifies the type of the Service Desk integration template. + type: string + example: Web Service SDIM + default: Web Service SDIM + attributes: + description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template. + type: object + additionalProperties: true + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + /service-desk-integrations/status-check-configuration: + get: + tags: + - Service Desk Integration + summary: Get the time check configuration + description: Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getStatusCheckDetails + responses: + '200': + description: QueuedCheckConfigDetails containing the configured values + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: 30 + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:read' + - 'idn:service-desk-integration:manage' + put: + tags: + - Service Desk Integration + summary: Update the time check configuration + description: Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: updateStatusCheckDetails + requestBody: + description: the modified time check configuration + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: 30 + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: 2 + required: true + responses: + '200': + description: QueuedCheckConfigDetails as updated + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: 30 + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + /sp-config/export: + post: + operationId: exportSpConfig + security: + - oauth2: + - 'sp:config:read' + - 'sp:config:manage' + tags: + - SP-Config + summary: Initiates Configuration Objects Export Job. + description: This post will export objects from the tenant to a JSON configuration file. + requestBody: + description: Export options control what will be included in the export. + required: true + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + excludeTypes: + description: Object type names to be excluded from an sp-config export command. + type: array + items: + type: string + enum: + - SOURCE + - RULE + - TRIGGER_SUBSCRIPTION + - TRANSFORM + - IDENTITY_PROFILE + example: SOURCE + includeTypes: + description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes. + type: array + items: + type: string + enum: + - SOURCE + - RULE + - TRIGGER_SUBSCRIPTION + - TRANSFORM + - IDENTITY_PROFILE + example: TRIGGER_SUBSCRIPTION + objectOptions: + description: Additional options targeting specific objects related to each item in the includeTypes field + type: object + additionalProperties: + type: object + properties: + includedIds: + description: Object ids to be included in an import or export. + type: array + items: + type: string + example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + includedNames: + description: Object names to be included in an import or export. + type: array + items: + type: string + example: Test Object + example: + TRIGGER_SUBSCRIPTION: + includedIds: + - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + includedNames: + - Test 2 + properties: + description: + type: string + description: Optional user defined description/name for export job. + example: Export Job 1 Test + examples: + Export all objects available: + description: Export all object types available in IDN. + value: + description: Export all available objects + excludeTypes: [] + includeTypes: + - SOURCE + - RULE + - TRIGGER_SUBSCRIPTION + - TRANSFORM + - IDENTITY_PROFILE + objectOptions: {} + Export sources by ID: + description: Export only sources that match the IDs specified in the export options. + value: + description: Export sources by ID + excludeTypes: [] + includeTypes: + - SOURCE + objectOptions: + SOURCE: + includedIds: + - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + - be9p119e-90e1-49pk-ac9f-fa576e96c9e4 + includedNames: [] + Export transforms by name: + description: Export only transforms that match the names specified in the export options. + value: + description: Export transforms by name + excludeTypes: [] + includeTypes: + - TRANSFORM + objectOptions: + TRANSFORM: + includedIds: [] + includedNames: + - Remove Diacritical Marks + - Common - Location Lookup + Export trigger subscriptions triggers and transforms with custom options: + description: Export trigger subscriptions and transforms that match the export options. + value: + description: Export trigger subscriptions and transforms with custom filter options + excludeTypes: [] + includeTypes: + - TRANSFORM + - TRIGGER_SUBSCRIPTION + objectOptions: + TRANSFORM: + includedIds: [] + includedNames: + - Remove Diacritical Marks + - Common - Location Lookup + TRIGGER_SUBSCRIPTION: + includedIds: + - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + - be9p119e-90e1-49pk-ac9f-fa576e96c9e4 + includedNames: + - 'NGROK Test: fire and forget' + - Manager Certification + responses: + '202': + description: Export job accepted and queued for processing. + content: + application/json: + schema: + type: object + properties: + jobId: + type: string + description: Unique id assigned to this job. + example: 3469b87d-48ca-439a-868f-2160001da8c1 + status: + type: string + description: Status of the job. + enum: + - NOT_STARTED + - IN_PROGRESS + - COMPLETE + - CANCELLED + - FAILED + example: COMPLETE + type: + type: string + description: 'Type of the job, either export or import.' + enum: + - EXPORT + - IMPORT + example: IMPORT + message: + type: string + description: This message contains additional information about the overall status of the job. + example: Download import results for details. + description: + type: string + description: Optional user defined description/name for export job. + example: ETS configuration objects from Acme-Solar sandbox + expiration: + type: string + format: date-time + description: The time until which the artifacts will be available for download. + example: '2021-05-11T22:23:16Z' + created: + type: string + format: date-time + description: The time the job was started. + example: '2021-05-11T22:23:16Z' + modified: + type: string + format: date-time + description: The time of the last update to the job. + example: '2021-05-11T22:23:16Z' + completed: + type: string + format: date-time + description: The time the job was completed. + example: '2021-05-11T22:23:16Z' + required: + - jobId + - status + - type + - message + - description + - expiration + - created + - modified + - completed + '400': + description: | + Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sp-config/export/{id}': + get: + operationId: exportSpConfigJobStatus + tags: + - SP-Config + summary: Get Status of Export Job + description: |- + This gets the status of the export job identified by the id parameter. + Request will need one of the following security scopes: + - sp:config:read - sp:config:manage + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the export job for which status will be returned. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Export job status successfully returned. + content: + application/json: + schema: + type: object + properties: + jobId: + type: string + description: Unique id assigned to this job. + example: 3469b87d-48ca-439a-868f-2160001da8c1 + status: + type: string + description: Status of the job. + enum: + - NOT_STARTED + - IN_PROGRESS + - COMPLETE + - CANCELLED + - FAILED + example: COMPLETE + type: + type: string + description: 'Type of the job, either export or import.' + enum: + - EXPORT + - IMPORT + example: IMPORT + message: + type: string + description: This message contains additional information about the overall status of the job. + example: Download import results for details. + description: + type: string + description: Optional user defined description/name for export job. + example: ETS configuration objects from Acme-Solar sandbox + expiration: + type: string + format: date-time + description: The time until which the artifacts will be available for download. + example: '2021-05-11T22:23:16Z' + created: + type: string + format: date-time + description: The time the job was started. + example: '2021-05-11T22:23:16Z' + modified: + type: string + format: date-time + description: The time of the last update to the job. + example: '2021-05-11T22:23:16Z' + completed: + type: string + format: date-time + description: The time the job was completed. + example: '2021-05-11T22:23:16Z' + required: + - jobId + - status + - type + - message + - description + - expiration + - created + - modified + - completed + example: + jobId: 1e824aa0-4c6e-4f14-95e9-e7dc5234aa51 + status: COMPLETE + type: EXPORT + message: null + description: Export Job 1 Test + expiration: '2021-05-20T15:04:24Z' + created: '2021-05-13T15:04:24.112Z' + modified: '2021-05-13T15:04:27.363Z' + completed: '2021-05-13T15:04:27.358Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sp-config/export/{id}/download': + get: + operationId: exportSpConfigDownload + tags: + - SP-Config + summary: Download Result of Export Job + description: |- + This gets export file resulting from the export job with the requested id and downloads it to a file. + Request will need one of the following security scopes: + - sp:config:read - sp:config:manage + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the export job for which the results will be downloaded. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Exported JSON objects. + content: + application/json: + schema: + type: object + title: Config Export Response Body + description: Response model for config export download response. + properties: + version: + type: integer + description: Current version of the export results object. + example: 1 + timestamp: + type: string + format: date-time + description: Time the export was completed. + example: '2021-05-11T22:23:16Z' + tenant: + type: string + description: Name of the tenant where this export originated. + example: sample-tenant + description: + type: string + description: Optional user defined description/name for export job. + example: Export Job 1 Test + options: + description: Options used to create this export. + type: object + properties: + excludeTypes: + description: Object type names to be excluded from an sp-config export command. + type: array + items: + type: string + enum: + - SOURCE + - RULE + - TRIGGER_SUBSCRIPTION + - TRANSFORM + - IDENTITY_PROFILE + example: SOURCE + includeTypes: + description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes. + type: array + items: + type: string + enum: + - SOURCE + - RULE + - TRIGGER_SUBSCRIPTION + - TRANSFORM + - IDENTITY_PROFILE + example: TRIGGER_SUBSCRIPTION + objectOptions: + description: Additional options targeting specific objects related to each item in the includeTypes field + type: object + additionalProperties: + type: object + properties: + includedIds: + description: Object ids to be included in an import or export. + type: array + items: + type: string + example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + includedNames: + description: Object names to be included in an import or export. + type: array + items: + type: string + example: Test Object + example: + TRIGGER_SUBSCRIPTION: + includedIds: + - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + includedNames: + - Test 2 + objects: + type: array + items: + type: object + title: Config Object for Export and Import + description: Config export and import format for individual object configurations. + properties: + version: + type: integer + description: Current version of configuration object. + example: 1 + self: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + object: + description: Object details. Format dependant on the object type. + additionalProperties: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sp-config/import: + post: + operationId: importSpConfig + tags: + - SP-Config + summary: Initiates Configuration Objects Import Job. + description: |- + This post will import objects from a JSON configuration file into a tenant. By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. The backup is provided so that the state of the configuration prior to the import is available for inspection or restore if needed. The backup can be skipped by setting "excludeBackup" to true in the import options. If a backup is performed, the id of the backup will be provided in the ImportResult as the "exportJobId". This can be downloaded using the /sp-config/export/{exportJobId}/download endpoint. + Request will need the following security scope: + - sp:config:manage + parameters: + - in: query + name: preview + schema: + type: boolean + default: false + required: false + description: 'This option is intended to give the user information about how an import operation would proceed, without having any affect on the target tenant. If true, no objects will be imported. Instead, the import process will pre-process the import file and attempt to resolve references within imported objects. The import result file will contain messages pertaining to how specific references were resolved, any errors associated with the preprocessing, and messages indicating which objects would be imported.' + example: 'true' + requestBody: + description: "The form-data \"name\" attribute for the file content must be \"data\".\n\n__Example__\n\n data: \"config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json\",\n options: {\n \"excludeTypes\": [],\n \"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \"objectOptions\": {\n \"TRIGGER_SUBSCRIPTION\": {\n \"includedIds\": [ \"193446a1-c431-4326-8ba7-d6eebf922948\"],\n \"includedNames\":[]\n }\n },\n \"defaultReferences\": [\n {\n \"type\": \"TRIGGER_SUBSCRIPTION\",\n \"id\": \"be9e116d-08e1-49fc-ab7f-fa585e96c9e4\",\n \"name\": \"Test Trigger\"\n }\n ],\n \"excludeBackup\": false\n }\n\n__Sample Import File__\n\n {\n \t\"version\": 1,\n \t\"timestamp\": \"2021-05-10T15:19:23.425041-05:00\",\n \t\"tenant\": \"sampleTenant\",\n \t\"options\": {\n \t\t\"excludeTypes\": [],\n \t\t\"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \t\t\"objectOptions\": null\n \t},\n \t\"objects\": [{\n \t\t\t\"version\": 1,\n \t\t\t\"self\": {\n \t\t\t\t\"type\": \"TRIGGER_SUBSCRIPTION\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"id\": \"193446a1-c431-4326-8ba7-d6eebf922948\"\n \t\t\t},\n \t\t\t\"object\": {\n \t\t\t\t\"type\": \"HTTP\",\n \t\t\t\t\"enabled\": true,\n \t\t\t\t\"httpConfig\": {\n \t\t\t\t\t\"url\": \"https://localhost\",\n \t\t\t\t\t\"httpAuthenticationType\": \"NO_AUTH\",\n \t\t\t\t\t\"basicAuthConfig\": null,\n \t\t\t\t\t\"bearerTokenAuthConfig\": null,\n \t\t\t\t\t\"httpDispatchMode\": \"SYNC\"\n \t\t\t\t},\n \t\t\t\t\"triggerName\": \"Access Request Submitted\",\n \t\t\t\t\"responseDeadline\": \"PT1H\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"triggerId\": \"idn:access-request-pre-approval\"\n \t\t\t}\n \t\t}\n \t]\n }\n" + required: true + content: + multipart/form-data: + schema: + type: object + properties: + data: + type: string + format: binary + description: JSON file containing the objects to be imported. + options: + type: object + properties: + excludeTypes: + description: Object type names to be excluded from an sp-config export command. + type: array + items: + type: string + example: SOURCE + includeTypes: + description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes. + type: array + items: + type: string + example: TRIGGER_SUBSCRIPTION + objectOptions: + description: Additional options targeting specific objects related to each item in the includeTypes field + type: object + additionalProperties: + type: object + properties: + includedIds: + description: Object ids to be included in an import or export. + type: array + items: + type: string + example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + includedNames: + description: Object names to be included in an import or export. + type: array + items: + type: string + example: Test Object + example: + TRIGGER_SUBSCRIPTION: + includedIds: + - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + includedNames: + - Test 2 + defaultReferences: + description: List of BaseRefenceDtos that can be used to resolve references on import. + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + excludeBackup: + description: 'By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. If excludeBackup is true, the backup will not be performed.' + type: boolean + default: false + example: 'false' + required: + - data + example: + data: config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json + options: + excludeTypes: [] + includeTypes: + - TRIGGER_SUBSCRIPTION + objectOptions: + TRIGGER_SUBSCRIPTION: + includedIds: + - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + includedNames: + - Lori Test 2 + defaultReferences: + - type: TRIGGER_SUBSCRIPTION + id: be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + name: Test Trigger + excludeBackup: false + responses: + '202': + description: Import job accepted and queued for processing. + content: + application/json: + schema: + type: object + properties: + jobId: + type: string + description: Unique id assigned to this job. + example: 3469b87d-48ca-439a-868f-2160001da8c1 + status: + type: string + description: Status of the job. + enum: + - NOT_STARTED + - IN_PROGRESS + - COMPLETE + - CANCELLED + - FAILED + example: COMPLETE + type: + type: string + description: 'Type of the job, either export or import.' + enum: + - EXPORT + - IMPORT + example: IMPORT + message: + type: string + description: This message contains additional information about the overall status of the job. + example: Download import results for details. + description: + type: string + description: Optional user defined description/name for export job. + example: ETS configuration objects from Acme-Solar sandbox + expiration: + type: string + format: date-time + description: The time until which the artifacts will be available for download. + example: '2021-05-11T22:23:16Z' + created: + type: string + format: date-time + description: The time the job was started. + example: '2021-05-11T22:23:16Z' + modified: + type: string + format: date-time + description: The time of the last update to the job. + example: '2021-05-11T22:23:16Z' + completed: + type: string + format: date-time + description: The time the job was completed. + example: '2021-05-11T22:23:16Z' + required: + - jobId + - status + - type + - message + - description + - expiration + - created + - modified + - completed + '400': + description: | + Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sp-config/import/{id}': + get: + operationId: importSpConfigJobStatus + tags: + - SP-Config + summary: Get Status of Import Job + description: |- + This gets the status of the import job identified by the id parameter. + Request will need the following security scope: + - sp:config:manage + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the import job for which status will be returned. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Import job status successfully returned. + content: + application/json: + schema: + type: object + properties: + jobId: + type: string + description: Unique id assigned to this job. + example: 3469b87d-48ca-439a-868f-2160001da8c1 + status: + type: string + description: Status of the job. + enum: + - NOT_STARTED + - IN_PROGRESS + - COMPLETE + - CANCELLED + - FAILED + example: COMPLETE + type: + type: string + description: 'Type of the job, either export or import.' + enum: + - EXPORT + - IMPORT + example: IMPORT + message: + type: string + description: This message contains additional information about the overall status of the job. + example: Download import results for details. + description: + type: string + description: Optional user defined description/name for export job. + example: ETS configuration objects from Acme-Solar sandbox + expiration: + type: string + format: date-time + description: The time until which the artifacts will be available for download. + example: '2021-05-11T22:23:16Z' + created: + type: string + format: date-time + description: The time the job was started. + example: '2021-05-11T22:23:16Z' + modified: + type: string + format: date-time + description: The time of the last update to the job. + example: '2021-05-11T22:23:16Z' + completed: + type: string + format: date-time + description: The time the job was completed. + example: '2021-05-11T22:23:16Z' + required: + - jobId + - status + - type + - message + - description + - expiration + - created + - modified + - completed + example: + jobId: 4fb10503-1c49-4603-8f8d-886e1f6aa47b + status: COMPLETE + type: IMPORT + message: Download import results for details. + description: null + expiration: '2021-05-20T16:42:39Z' + created: '2021-05-13T16:42:39.333Z' + modified: '2021-05-13T16:42:40.71Z' + completed: '2021-05-13T16:42:40.705Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sp-config/import/{id}/download': + get: + operationId: importSpConfigDownload + tags: + - SP-Config + summary: Download Result of Import Job + description: |- + This gets import file resulting from the import job with the requested id and downloads it to a file. The downloaded file will contain the results of the import operation, including any error, warning or informational messages associated with the import. + Request will need the following security scope: + - sp:config:manage + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the import job for which the results will be downloaded. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: 'Import Results JSON object, containing detailed results of the import operation.' + content: + application/json: + schema: + type: object + title: Config Import Response Body + description: Response Body for Config Import command. + properties: + results: + type: object + additionalProperties: + type: object + title: Import Object Response Body + description: Response model for import of a single object. + properties: + infos: + description: Informational messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: + type: object + example: + details: message details + required: + - key + - text + - details + warnings: + description: Warning messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: + type: object + example: + details: message details + required: + - key + - text + - details + errors: + description: Error messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: + type: object + example: + details: message details + required: + - key + - text + - details + importedObjects: + description: References to objects that were created or updated by the import. + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + required: + - infos + - warnings + - errors + - importedObjects + description: The results of an object configuration import job. + example: + results: + TRIGGER_SUBSCRIPTION: + infos: + - key: IMPORT_PREVIEW + text: 'Object to be imported: [c953134c-2224-42f2-a84e-fa5cbb395904, Test 2]' + detail: null + - key: IMPORT_PREVIEW + text: 'Object to be imported: [be9e116d-08e1-49fc-ab7f-fa585e96c9e4, Test 1]' + detail: null + warnings: [] + errors: [] + importedObjects: [] + exportJobId: + type: string + description: 'If a backup was performed before the import, this will contain the jobId of the backup job. This id can be used to retrieve the json file of the backup export.' + example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4 + required: + - results + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sp-config/config-objects: + get: + operationId: listSpConfigObjects + security: + - oauth2: + - 'sp:config:read' + - 'sp:config:manage' + tags: + - SP-Config + summary: Get Config Object details + description: This gets the list of object configurations which are known to the tenant export/import service. Object configurations that contain "importUrl" and "exportUrl" are available for export/import. + responses: + '200': + description: Object configurations returned successfully. + content: + application/json: + schema: + type: array + items: + title: Object Configuration Model + description: Response model for get object configuration. + type: object + properties: + objectType: + type: string + description: The object type this configuration is for. + example: TRIGGER_SUBSCRIPTION + resolveByIdUrl: + description: Url and query parameters to be used to resolve this type of object by Id. + type: object + title: Resolver URL Format for Object Configuration. + properties: + url: + description: URL for the target object endpoint. + type: string + example: 'ets://trigger-subscriptions/$id' + query: + description: Any query parameters that are needed for the URL. + type: object + nullable: true + example: null + resolveByNameUrl: + type: array + items: + type: object + title: Resolver URL Format for Object Configuration. + description: Format of resolver URLs for Object Configurations + properties: + url: + description: URL for the target object endpoint. + type: string + example: 'ets://trigger-subscriptions/$id' + query: + description: Any query parameters that are needed for the URL. + type: object + nullable: true + example: null + description: Url and query parameters to be used to resolve this type of object by name. + exportUrl: + type: object + title: Resolver URL Format for Object Configuration. + description: Format of resolver URLs for Object Configurations + properties: + url: + description: URL for the target object endpoint. + type: string + example: 'ets://trigger-subscriptions/$id' + query: + description: Any query parameters that are needed for the URL. + type: object + nullable: true + example: null + exportRight: + type: string + description: Rights needed by the invoker of sp-config/export in order to export this type of object. + example: 'idn:trigger-service-subscriptions:read' + exportLimit: + type: integer + format: int32 + description: Pagination limit imposed by the target service for this object type. + example: 10 + importUrl: + type: object + title: Resolver URL Format for Object Configuration. + description: Format of resolver URLs for Object Configurations + properties: + url: + description: URL for the target object endpoint. + type: string + example: 'ets://trigger-subscriptions/$id' + query: + description: Any query parameters that are needed for the URL. + type: object + nullable: true + example: null + importRight: + type: string + description: Rights needed by the invoker of sp-config/import in order to import this type of object. + example: 'idn:trigger-service-subscriptions:create' + importLimit: + type: integer + format: int32 + description: Pagination limit imposed by the target service for this object type. + example: 10 + referenceExtractors: + type: array + nullable: true + description: List of json paths within an exported object of this type that represent references that need to be resolved. + items: + type: string + example: + - $.owner + signatureRequired: + type: boolean + default: false + description: 'If true, this type of object will be JWS signed and cannot be modified before import.' + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sources: + get: + operationId: listSources + tags: + - Sources + summary: Lists all sources in IdentityNow. + description: |- + This end-point lists all the sources in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: name eq "#Employees" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *co, eq, in, sw* + + **type**: *eq, in* + + **owner.id**: *eq, in* + + **features**: *ca, co* + + **created**: *eq* + + **modified**: *eq* + + **managementWorkgroup.id**: *eq* + + **description**: *eq* + + **authoritative**: *eq* + + **healthy**: *eq* + + **status**: *eq, in* + + **connectionType**: *eq* + + **connectorName**: *eq* + - in: query + name: sorters + schema: + type: string + format: comma-separated + example: name + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status** + - in: query + name: for-subadmin + schema: + type: string + example: name + description: |- + Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user. + Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned. + responses: + '200': + description: List of Source objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createSource + tags: + - Sources + summary: Creates a source in IdentityNow. + description: |- + This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: provisionAsCsv + description: 'If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don''t set this query parameter and you attempt to set the `type` attribute directly, the request won''t correctly generate the source. ' + schema: + type: boolean + required: false + example: false + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + responses: + '201': + description: 'Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}': + get: + operationId: getSource + tags: + - Sources + summary: Get Source by ID + description: |- + This end-point gets a specific source in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source ID + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: A Source object + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putSource + tags: + - Sources + summary: Update Source (Full) + description: | + This API updates a source in IdentityNow, using a full object representation. In other words, the existing Source + configuration is completely replaced. + + Some fields are immutable and cannot be changed, such as: + + * id + * type + * authoritative + * connector + * connectorClass + * passwordPolicies + + Attempts to modify these fields will result in a 400 error. + + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + responses: + '200': + description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateSource + tags: + - Sources + summary: Update Source (Partial) + description: | + This API partially updates a source in IdentityNow, using a list of patch operations according to the + [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + Some fields are immutable and cannot be changed, such as: + + * id + * type + * authoritative + * created + * modified + * connector + * connectorClass + * passwordPolicies + + Attempts to modify these fields will result in a 400 error. + + A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in IdentityNow.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Edit the source description: + description: This example shows how to edit a source description. + value: + - op: replace + path: /description + value: new description + Edit the source cluster: + description: This example shows how to edit a source cluster by id. + value: + - op: replace + path: /cluster/id + value: 2c918087813a902001813f3f85736b45 + Edit source features: + description: This example illustrates how you can update source supported features + value: + - op: replace + path: /features + value: + - PASSWORD + - PROVISIONING + - ENABLE + - AUTHENTICATE + Change a source description and cluster in One Call: + description: This example shows how multiple fields may be updated with a single patch call. + value: + - op: replace + path: /description + value: new description + - op: replace + path: /cluster/id + value: 2c918087813a902001813f3f85736b45 + Add a filter string to the connector: + description: 'This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example below, any account that does not have an "m" or "d" in the id will be aggregated.' + value: + - op: add + path: /connectorAttributes/filterString + value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )' + Update connector attribute for specific operation type: + description: This example shows how you can update the 3rd object in the connection parameters operationType. This will change it from a standard group aggregation to a group aggregation on the "test" entitlement type + value: + - op: replace + path: /connectorAttributes/connectionParameters/2/operationType + value: Group Aggregation-test + responses: + '200': + description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSource + tags: + - Sources + summary: Delete Source by ID + description: |- + This end-point deletes a specific source in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + All of accounts on the source will be removed first, then the source will be deleted. Actual status of task execution can be retrieved via method GET `/task-status/{id}` + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source ID + example: 2c9180835d191a86015d28455b4a2329 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - TASK_RESULT + example: TASK_RESULT + id: + type: string + description: ID of the task result + example: 2c91808779ecf55b0179f720942f181a + name: + type: string + description: Human-readable display name of the task result (should be null/empty) + example: null + examples: + deleteSource: + summary: Response returned when deleting a source + value: + type: TASK_RESULT + id: 2c91808779ecf55b0179f720942f181a + name: null + links: + GetTaskStatusById: + operationId: getTaskStatus + parameters: + id: $response.body#/id + description: | + The `id` value returned in the response can be used as the `id` parameter in `GET /task-status/{id}`. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}/attribute-sync-config': + get: + operationId: getSourceAttrSyncConfig + tags: + - Sources + summary: Attribute Sync Config + description: |- + This API returns the existing attribute synchronization configuration for a source specified by the given ID. The response contains all attributes, regardless of whether they enabled or not. + A token with ORG_ADMIN authority is required to call this API. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The source id + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: Attribute synchronization configuration for a source + content: + application/json: + schema: + type: object + description: Specification of attribute sync configuration for a source + required: + - source + - attributes + properties: + source: + description: Reference to the source which is the target of the attribute synchronization + example: + - type: SOURCE + id: 2c9180835d191a86015d28455b4b232a + name: HR Active Directory + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + attributes: + type: array + description: Attribute synchronization configuration for specific identity attributes in the context of a source + items: + type: object + description: Specification of source attribute sync mapping configuration for an identity attribute + required: + - name + - displayName + - enabled + - target + properties: + name: + type: string + description: Name of the identity attribute + example: email + displayName: + type: string + description: Display name of the identity attribute + example: Email + enabled: + type: boolean + description: Determines whether or not the attribute is enabled for synchronization + example: true + target: + type: string + description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled + example: mail + example: + - name: email + displayName: Email + enabled: true + target: mail + - name: firstname + displayName: First Name + enabled: false + target: givenName + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putSourceAttrSyncConfig + tags: + - Sources + summary: Update Attribute Sync Config + description: |- + Replaces the attribute synchronization configuration for the source specified by the given ID with the configuration provided in the request body. Only the "enabled" field of the values in the "attributes" array is mutable. Attempting to change other attributes or add new values to the "attributes" array will result in an error. + + A token with ORG_ADMIN authority is required to call this API. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Specification of attribute sync configuration for a source + required: + - source + - attributes + properties: + source: + description: Reference to the source which is the target of the attribute synchronization + example: + - type: SOURCE + id: 2c9180835d191a86015d28455b4b232a + name: HR Active Directory + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + attributes: + type: array + description: Attribute synchronization configuration for specific identity attributes in the context of a source + items: + type: object + description: Specification of source attribute sync mapping configuration for an identity attribute + required: + - name + - displayName + - enabled + - target + properties: + name: + type: string + description: Name of the identity attribute + example: email + displayName: + type: string + description: Display name of the identity attribute + example: Email + enabled: + type: boolean + description: Determines whether or not the attribute is enabled for synchronization + example: true + target: + type: string + description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled + example: mail + example: + - name: email + displayName: Email + enabled: true + target: mail + - name: firstname + displayName: First Name + enabled: false + target: givenName + responses: + '200': + description: Updated attribute synchronization configuration for a source + content: + application/json: + schema: + type: object + description: Specification of attribute sync configuration for a source + required: + - source + - attributes + properties: + source: + description: Reference to the source which is the target of the attribute synchronization + example: + - type: SOURCE + id: 2c9180835d191a86015d28455b4b232a + name: HR Active Directory + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + attributes: + type: array + description: Attribute synchronization configuration for specific identity attributes in the context of a source + items: + type: object + description: Specification of source attribute sync mapping configuration for an identity attribute + required: + - name + - displayName + - enabled + - target + properties: + name: + type: string + description: Name of the identity attribute + example: email + displayName: + type: string + description: Display name of the identity attribute + example: Email + enabled: + type: boolean + description: Determines whether or not the attribute is enabled for synchronization + example: true + target: + type: string + description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled + example: mail + example: + - name: email + displayName: Email + enabled: true + target: mail + - name: firstname + displayName: First Name + enabled: false + target: givenName + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/connector/check-connection': + post: + operationId: testSourceConnection + tags: + - Sources + summary: Check connection for source connector. + description: |- + This endpoint validates that the configured credentials are valid and will properly authenticate with the source identified by the sourceId path parameter. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:source-connector:manage' + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + description: The ID of the Source. + example: cef3ee201db947c5912551015ba0c679 + responses: + '200': + description: The result of checking connection to the source connector with response from it. + content: + application/json: + schema: + type: object + title: Status Response + description: 'Response model for connection check, configuration test and ping of source connectors.' + properties: + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + readOnly: true + name: + type: string + description: Name of the source + example: 'ODS-AD-Test [source-999999]' + readOnly: true + status: + type: string + enum: + - SUCCESS + - FAILURE + description: The status of the health check. + example: SUCCESS + readOnly: true + elapsedMillis: + type: integer + description: The number of milliseconds spent on the entire request. + example: 1000 + readOnly: true + details: + type: object + description: | + The document contains the results of the health check. + The schema of this document depends on the type of source used. + readOnly: true + example: + useTLSForIQService: false + IQService: + TLS Port: 0 + .NET CLR Version: 4.0.30319.42000 + SecondaryServiceStatus: Running + Port: 5050 + Host: AUTOMATION-AD + Name: IQService + IQServiceStatus: Running + SecondaryService: IQService-Instance1-Secondary + Version: IQService Sep-2020 + secondaryPort: 5051 + OS Architecture: AMD64 + Operating System: Microsoft Windows Server 2012 R2 Standard + highestDotNetVersion: 4.8 or later + Build Time: '09/22/2020 06:34 AM -0500' + IQServiceClientAuthEnabled: false + requestProcessedOn: '1/19/2021 1:47:14 PM' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/connector/peek-resource-objects': + post: + operationId: peekResourceObjects + tags: + - Sources + summary: Peek source connector's resource objects + description: |- + Retrieves a sample of data returned from account and group aggregation requests. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:source-connector:manage' + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + description: The ID of the Source + example: cef3ee201db947c5912551015ba0c679 + requestBody: + required: true + content: + application/json: + schema: + example: + objectType: resource + maxCount: 50 + type: object + title: Resource Objects Request + description: Request model for peek resource objects from source connectors. + properties: + objectType: + type: string + description: The type of resource objects to iterate over. + default: account + example: group + maxCount: + type: integer + description: The maximum number of resource objects to iterate over and return. + default: 25 + example: 100 + responses: + '200': + description: List of resource objects that was fetched from the source connector. + content: + application/json: + schema: + type: object + title: Resource Objects Response + description: Response model for peek resource objects from source connectors. + properties: + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + readOnly: true + name: + type: string + description: Name of the source + example: 'ODS-AD-Test [source-999999]' + readOnly: true + objectCount: + type: integer + description: The number of objects that were fetched by the connector. + example: 25 + readOnly: true + elapsedMillis: + type: integer + description: The number of milliseconds spent on the entire request. + example: 1055 + readOnly: true + resourceObjects: + type: array + items: + type: object + title: Resource Object + description: Representation of the object which is returned from source connectors. + properties: + instance: + description: Identifier of the specific instance where this object resides. + type: string + readOnly: true + identity: + description: Native identity of the object in the Source. + type: string + example: 'CN=Aaron Carr,OU=test1,DC=test2,DC=test' + readOnly: true + uuid: + description: Universal unique identifier of the object in the Source. + type: string + example: '{abf7bd9b-68b4-4d21-9b70-870c58ebf844}' + readOnly: true + previousIdentity: + description: Native identity that the object has previously. + type: string + readOnly: true + name: + description: Display name for this object. + type: string + example: Aaron Carr + readOnly: true + objectType: + description: Type of object. + type: string + example: account + readOnly: true + incomplete: + description: 'A flag indicating that this is an incomplete object. Used in special cases where the connector has to return account information in several phases and the objects might not have a complete set of all account attributes. The attributes in this object will replace the corresponding attributes in the Link, but no other Link attributes will be changed.' + type: boolean + example: false + readOnly: true + incremental: + description: A flag indicating that this is an incremental change object. This is similar to incomplete but it also means that the values of any multi-valued attributes in this object should be merged with the existing values in the Link rather than replacing the existing Link value. + type: boolean + example: false + readOnly: true + delete: + description: A flag indicating that this object has been deleted. This is set only when doing delta aggregation and the connector supports detection of native deletes. + type: boolean + example: false + readOnly: true + remove: + description: A flag set indicating that the values in the attributes represent things to remove rather than things to add. Setting this implies incremental. The values which are always for multi-valued attributes are removed from the current values. + type: boolean + example: false + readOnly: true + missing: + description: A list of attribute names that are not included in this object. This is only used with SMConnector and will only contain "groups". + type: array + items: + type: string + example: + - missFieldOne + - missFieldTwo + readOnly: true + attributes: + description: Attributes of this ResourceObject. + type: object + example: + telephoneNumber: 12-(345)678-9012 + mail: example@test.com + displayName: Aaron Carr + readOnly: true + finalUpdate: + description: 'In Aggregation, for sparse object the count for total accounts scanned identities updated is not incremented.' + type: boolean + example: false + readOnly: true + description: Fetched objects from the source connector. + readOnly: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/connector/ping-cluster': + post: + operationId: pingCluster + tags: + - Sources + summary: Ping cluster for source connector + description: |- + This endpoint validates that the cluster being used by the source is reachable from IdentityNow. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:source-connector:manage' + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + description: The ID of the Source + example: cef3ee201db947c5912551015ba0c679 + responses: + '200': + description: The result of pinging connection with the source connector. + content: + application/json: + schema: + type: object + title: Status Response + description: 'Response model for connection check, configuration test and ping of source connectors.' + properties: + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + readOnly: true + name: + type: string + description: Name of the source + example: 'ODS-AD-Test [source-999999]' + readOnly: true + status: + type: string + enum: + - SUCCESS + - FAILURE + description: The status of the health check. + example: SUCCESS + readOnly: true + elapsedMillis: + type: integer + description: The number of milliseconds spent on the entire request. + example: 1000 + readOnly: true + details: + type: object + description: | + The document contains the results of the health check. + The schema of this document depends on the type of source used. + readOnly: true + example: + useTLSForIQService: false + IQService: + TLS Port: 0 + .NET CLR Version: 4.0.30319.42000 + SecondaryServiceStatus: Running + Port: 5050 + Host: AUTOMATION-AD + Name: IQService + IQServiceStatus: Running + SecondaryService: IQService-Instance1-Secondary + Version: IQService Sep-2020 + secondaryPort: 5051 + OS Architecture: AMD64 + Operating System: Microsoft Windows Server 2012 R2 Standard + highestDotNetVersion: 4.8 or later + Build Time: '09/22/2020 06:34 AM -0500' + IQServiceClientAuthEnabled: false + requestProcessedOn: '1/19/2021 1:47:14 PM' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/connector/test-configuration': + post: + operationId: testSourceConfiguration + tags: + - Sources + summary: Test configuration for source connector + description: |- + This endpoint performs a more detailed validation of the source's configuration that can take longer than the lighter weight credential validation performed by the checkConnection API. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:source-connector:manage' + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + description: The ID of the Source + example: cef3ee201db947c5912551015ba0c679 + responses: + '200': + description: The result of testing source connector configuration with response from it. + content: + application/json: + schema: + type: object + title: Status Response + description: 'Response model for connection check, configuration test and ping of source connectors.' + properties: + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + readOnly: true + name: + type: string + description: Name of the source + example: 'ODS-AD-Test [source-999999]' + readOnly: true + status: + type: string + enum: + - SUCCESS + - FAILURE + description: The status of the health check. + example: SUCCESS + readOnly: true + elapsedMillis: + type: integer + description: The number of milliseconds spent on the entire request. + example: 1000 + readOnly: true + details: + type: object + description: | + The document contains the results of the health check. + The schema of this document depends on the type of source used. + readOnly: true + example: + useTLSForIQService: false + IQService: + TLS Port: 0 + .NET CLR Version: 4.0.30319.42000 + SecondaryServiceStatus: Running + Port: 5050 + Host: AUTOMATION-AD + Name: IQService + IQServiceStatus: Running + SecondaryService: IQService-Instance1-Secondary + Version: IQService Sep-2020 + secondaryPort: 5051 + OS Architecture: AMD64 + Operating System: Microsoft Windows Server 2012 R2 Standard + highestDotNetVersion: 4.8 or later + Build Time: '09/22/2020 06:34 AM -0500' + IQServiceClientAuthEnabled: false + requestProcessedOn: '1/19/2021 1:47:14 PM' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}/connectors/source-config': + get: + operationId: getSourceConfig + tags: + - Sources + summary: Gets source config with language translations + description: |- + Looks up and returns the source config for the requested source id after populating the source config values and applying language translations. + A token with ORG_ADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + - in: query + name: locale + schema: + type: string + enum: + - de + - 'no' + - fi + - sv + - ru + - pt + - ko + - zh-TW + - en + - it + - fr + - zh-CN + - hu + - es + - cs + - ja + - pl + - da + - nl + description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"' + responses: + '200': + description: A Connector Detail object + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: The connector name + example: JDBC + sourceConfigXml: + type: string + description: XML representation of the source config data + example: "
\n\t
" + sourceConfig: + type: string + description: JSON representation of the source config data + example: + Form: + Field: + _defaultValue: 'true' + _hidden: 'true' + _name: cloudAuthEnabled + _type: boolean + _value: 'true' + _xmlns: 'http://www.sailpoint.com/xsd/sailpoint_form_1_0.xsd' + _connectorName: Active Directory - Direct + _directConnect: 'true' + _name: Active Directory + _status: released + _type: SourceConfig + __text: \n\t + directConnect: + type: boolean + description: true if the source is a direct connect source + example: true + fileUpload: + type: boolean + description: 'Connector config''s file upload attribute, false if not there' + example: false + uploadedFiles: + type: string + description: List of uploaded file strings for the connector + example: [] + connectorMetadata: + type: object + description: Object containing metadata pertinent to the UI to be used + example: + supportedUI: EXTJS + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies': + get: + operationId: listProvisioningPolicies + tags: + - Sources + summary: Lists ProvisioningPolicies + description: |- + This end-point lists all the ProvisioningPolicies in IdentityNow. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:read' + - 'idn:provisioning-policy:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: List of ProvisioningPolicyDto objects + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createProvisioningPolicy + tags: + - Sources + summary: Create Provisioning Policy + description: |- + This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types. + Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. + Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + examples: + Create Account Provisioning Policy: + value: + name: Account + description: Account Provisioning Policy + usageType: CREATE + fields: + - name: displayName + transform: + type: identityAttribute + attributes: + name: displayName + attributes: {} + isRequired: false + type: string + isMultiValued: false + - name: distinguishedName + transform: + type: usernameGenerator + attributes: + sourceCheck: true + patterns: + - 'CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + fn: + type: identityAttribute + attributes: + name: firstname + ln: + type: identityAttribute + attributes: + name: lastname + fi: + type: substring + attributes: + input: + type: identityAttribute + attributes: + name: firstname + begin: 0 + end: 1 + fti: + type: substring + attributes: + input: + type: identityAttribute + attributes: + name: firstname + begin: 0 + end: 2 + attributes: + cloudMaxUniqueChecks: '5' + cloudMaxSize: '100' + cloudRequired: 'true' + isRequired: false + type: '' + isMultiValued: false + - name: description + transform: + type: static + attributes: + value: '' + attributes: {} + isRequired: false + type: string + isMultiValued: false + responses: + '201': + description: Created ProvisioningPolicyDto object + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies/{usageType}': + get: + operationId: getProvisioningPolicy + tags: + - Sources + summary: Get Provisioning Policy by UsageType + description: |- + This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:read' + - 'idn:provisioning-policy-source:read' + - 'idn:provisioning-policy:manage' + - 'idn:provisioning-policy-source-admin-operations:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + example: REGISTER + responses: + '200': + description: The requested ProvisioningPolicyDto was successfully retrieved. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putProvisioningPolicy + tags: + - Sources + summary: Update Provisioning Policy by UsageType + description: |- + This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow. + Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. + Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:manage' + - 'idn:provisioning-policy-source-admin-operations:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + responses: + '200': + description: The ProvisioningPolicyDto was successfully replaced. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateProvisioningPolicy + tags: + - Sources + summary: Partial update of Provisioning Policy + description: |- + This API selectively updates an existing Provisioning Policy using a JSONPatch payload. + Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. + Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:update' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + requestBody: + required: true + description: The JSONPatch payload used to update the schema. + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + add-field: + summary: Add a field to the beginning of the list + value: + - op: add + path: /fields/0 + value: + name: email + transform: + type: identityAttribute + attributes: + name: email + attributes: {} + isRequired: false + type: string + isMultiValued: false + responses: + '200': + description: The ProvisioningPolicyDto was successfully updated. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteProvisioningPolicy + tags: + - Sources + summary: Delete Provisioning Policy by UsageType + description: |- + Deletes the provisioning policy with the specified usage on an application. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + responses: + '204': + description: The ProvisioningPolicyDto was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies/bulk-update': + post: + operationId: updateProvisioningPoliciesInBulk + tags: + - Sources + summary: Bulk Update Provisioning Policies + description: |- + This end-point updates a list of provisioning policies on the specified source in IdentityNow. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + responses: + '200': + description: A list of the ProvisioningPolicyDto was successfully replaced. + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/schemas': + get: + operationId: listSourceSchemas + tags: + - Sources + summary: Lists the Schemas that exist on the specified Source in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: query + name: include-types + required: false + schema: + type: string + description: 'If set to ''group'', then the account schema is filtered and only group schemas are returned. Only a value of ''group'' is recognized.' + example: group + responses: + '200': + description: The Schemas were successfully retrieved. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createSourceSchema + tags: + - Sources + summary: Creates a new Schema on the specified Source in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + responses: + '201': + description: The Schema was successfully created on the specified Source. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/schemas/{schemaId}': + get: + operationId: getSourceSchema + tags: + - Sources + summary: Get Source Schema by ID + description: | + Get the Source Schema by ID in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema ID. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: The requested Schema was successfully retrieved. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putSourceSchema + tags: + - Sources + summary: Update Source Schema (Full) + description: |- + This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below. + * id + * name + * created + * modified + Any attempt to modify these fields will result in an error response with a status code of 400. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema ID. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + responses: + '200': + description: The Schema was successfully replaced. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateSourceSchema + tags: + - Sources + summary: Update Source Schema (Partial) + description: | + Use this API to selectively update an existing Schema using a JSONPatch payload. + + The following schema fields are immutable and cannot be updated: + + - id + - name + - created + - modified + + + To switch an account attribute to a group entitlement, you need to have the following in place: + + - `isEntitlement: true` + - Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/beta/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group: + ```json + { + "name": "groups", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "The groups, roles etc. that reference account group objects", + "isMulti": true, + "isEntitlement": true, + "isGroup": true + } + ``` + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + description: The JSONPatch payload used to update the schema. + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /displayAttribute + value: + new-display-attribute: null + responses: + '200': + description: The Schema was successfully updated. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSourceSchema + tags: + - Sources + summary: Delete Source Schema by ID + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema ID. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '204': + description: The Schema was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}/schemas/accounts': + get: + tags: + - Sources + summary: Downloads source accounts schema template + operationId: downloadSourceAccountsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + responses: + '200': + description: Successfully downloaded the file + content: + text/csv: + example: 'id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:read' + - 'idn:source-schema:manage' + post: + tags: + - Sources + summary: Uploads source accounts schema template + description: This API uploads a source schema template file to configure a source's account attributes. + operationId: uploadSourceAccountsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Successfully uploaded the file + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:manage' + '/sources/{id}/schemas/entitlements': + get: + tags: + - Sources + summary: Downloads source entitlements schema template + operationId: downloadSourceEntitlementsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: schemaName + schema: + type: string + description: Name of entitlement schema + example: '?schemaName=group' + responses: + '200': + description: Successfully downloaded the file + content: + text/csv: + example: 'id,name,displayName,created,description,modified,entitlements,groups,permissions' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:read' + - 'idn:source-schema:manage' + post: + tags: + - Sources + summary: Uploads source entitlements schema template + description: This API uploads a source schema template file to configure a source's entitlement attributes. + operationId: uploadSourceEntitlementsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: schemaName + schema: + type: string + description: Name of entitlement schema + example: '?schemaName=group' + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Successfully uploaded the file + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + description: The underlying type of the value which an AttributeDefinition represents. + example: STRING + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: The sAMAccountName attribute + isMulti: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:manage' + '/sources/{sourceId}/upload-connector-file': + post: + operationId: uploadSourceConnectorFile + tags: + - Sources + summary: Upload connector file to source + description: |- + This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events. + A token with ORG_ADMIN authority is required to call this API. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Uploaded the file successfully and sent all post-upload events + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}/synchronize-attributes': + post: + operationId: syncAttributesForSource + tags: + - Sources + summary: Synchronize single source attributes. + description: |- + This end-point performs attribute synchronization for a selected source. + A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + responses: + '202': + description: A Source Sync job + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Job ID. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + status: + type: string + description: The job status. + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + example: IN_PROGRESS + payload: + description: Job payload. + example: + type: SYNCHRONIZE_SOURCE_ATTRIBUTES + dataJson: '{"sourceId":"2c918083746f642c01746f990884012a"}' + type: object + properties: + type: + type: string + description: Payload type. + example: SYNCHRONIZE_SOURCE_ATTRIBUTES + dataJson: + type: string + description: Payload type. + example: '{"sourceId":"2c918083746f642c01746f990884012a"}' + required: + - type + - dataJson + required: + - id + - status + - payload + example: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + status: IN_PROGRESS + payload: + type: SYNCHRONIZE_SOURCE_ATTRIBUTES + dataJson: '{"sourceId":"2c918083746f642c01746f990884012a"}' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}/entitlement-request-config': + get: + security: + - oauth2: + - 'idn:sources:read' + - 'idn:sources:manage' + operationId: getSourceEntitlementRequestConfig + summary: Get Source Entitlement Request Configuration + tags: + - Sources + description: |- + This API gets the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source. + + Access request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined. + - During access request, this source-level entitlement request configuration overrides the global organization-level configuration. + - However, the entitlement-level configuration (if defined) overrides this source-level configuration. + + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + responses: + '200': + description: Source Entitlement Request Configuration Details. + content: + application/json: + schema: + type: object + description: Entitlement Request Configuration + properties: + accessRequestConfig: + description: Configuration for requesting access to entitlements + type: object + properties: + approvalSchemes: + type: array + description: Ordered list of approval steps for the access request. Empty when no approval is required. + items: + type: object + properties: + approverType: + type: string + enum: + - ENTITLEMENT_OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **ENTITLEMENT_OWNER**: Owner of the associated Entitlement + + **SOURCE_OWNER**: Owner of the associated Source + + **MANAGER**: Manager of the Identity for whom the request is being made + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: e3eab852-8315-467f-9de7-70eda97f63c8 + requestCommentRequired: + type: boolean + description: If the requester must provide a comment during access request. + default: false + example: true + denialCommentRequired: + type: boolean + description: If the reviewer must provide a comment when denying the access request. + default: false + example: false + examples: + Get default config: + description: The default config for a source should look like the following where the empty approvalSchemes indicates that no approvals are required. + value: + accessRequestConfig: + approvalSchemes: [] + requestCommentRequired: false + denialCommentRequired: false + Get config with one approval: + description: 'In case of a single approval, the config could look like the following.' + value: + accessRequestConfig: + approvalSchemes: + - approverId: null + approverType: SOURCE_OWNER + requestCommentRequired: true + denialCommentRequired: false + Get config with multiple approvals: + description: 'In case of multiple levels of approvals the config could look like the following. In this scenario, access request review process should go through all the approvers sequentially.' + value: + accessRequestConfig: + approvalSchemes: + - approverId: null + approverType: ENTITLEMENT_OWNER + - approverId: null + approverType: SOURCE_OWNER + - approverId: 95e538a3-30c1-433a-af05-4bed973bbc22 + approverType: GOVERNANCE_GROUP + requestCommentRequired: true + denialCommentRequired: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + security: + - oauth2: + - 'idn:sources:manage' + operationId: updateSourceEntitlementRequestConfig + summary: Update Source Entitlement Request Configuration + tags: + - Sources + description: |- + This API replaces the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source. + + Access request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined. + - During access request, this source-level entitlement request configuration overrides the global organization-level configuration. + - However, the entitlement-level configuration (if defined) overrides this source-level configuration. + + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Entitlement Request Configuration + properties: + accessRequestConfig: + description: Configuration for requesting access to entitlements + type: object + properties: + approvalSchemes: + type: array + description: Ordered list of approval steps for the access request. Empty when no approval is required. + items: + type: object + properties: + approverType: + type: string + enum: + - ENTITLEMENT_OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **ENTITLEMENT_OWNER**: Owner of the associated Entitlement + + **SOURCE_OWNER**: Owner of the associated Source + + **MANAGER**: Manager of the Identity for whom the request is being made + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: e3eab852-8315-467f-9de7-70eda97f63c8 + requestCommentRequired: + type: boolean + description: If the requester must provide a comment during access request. + default: false + example: true + denialCommentRequired: + type: boolean + description: If the reviewer must provide a comment when denying the access request. + default: false + example: false + examples: + Set config with no approvals: + description: 'If no approvals are required, the following config can be set.' + value: + accessRequestConfig: + approvalSchemes: [] + Set config with one approval: + description: In case of single approval the following config can be set. + value: + accessRequestConfig: + approvalSchemes: + - approverType: SOURCE_OWNER + requestCommentRequired: true + denialCommentRequired: false + Set config with multiple approvals: + description: 'In case of multiple levels of approvals the following config can be set. In this scenario, access request review process should go through all the approvers sequentially.' + value: + accessRequestConfig: + approvalSchemes: + - approverType: ENTITLEMENT_OWNER + - approverType: SOURCE_OWNER + - approverType: GOVERNANCE_GROUP + approverId: 95e538a3-30c1-433a-af05-4bed973bbc22 + requestCommentRequired: true + denialCommentRequired: false + responses: + '200': + description: Source Entitlement Request Configuration Details. + content: + application/json: + schema: + type: object + description: Entitlement Request Configuration + properties: + accessRequestConfig: + description: Configuration for requesting access to entitlements + type: object + properties: + approvalSchemes: + type: array + description: Ordered list of approval steps for the access request. Empty when no approval is required. + items: + type: object + properties: + approverType: + type: string + enum: + - ENTITLEMENT_OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **ENTITLEMENT_OWNER**: Owner of the associated Entitlement + + **SOURCE_OWNER**: Owner of the associated Source + + **MANAGER**: Manager of the Identity for whom the request is being made + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: e3eab852-8315-467f-9de7-70eda97f63c8 + requestCommentRequired: + type: boolean + description: If the requester must provide a comment during access request. + default: false + example: true + denialCommentRequired: + type: boolean + description: If the reviewer must provide a comment when denying the access request. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /tagged-objects: + get: + operationId: listTaggedObjects + security: + - oauth2: + - 'idn:tag:read' + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: List Tagged Objects + description: |- + This API returns a list of all tagged objects. + + Any authenticated token may be used to call this API. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **objectRef.id**: *eq, in* + + **objectRef.type**: *eq, in* + + **tagName**: *eq, in* + example: tagName eq "BU_FINANCE" + required: false + responses: + '200': + description: List of all tagged objects. + content: + application/json: + schema: + type: array + items: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: addTagToObject + security: + - oauth2: + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Add Tag to Object + description: |- + This adds a tag to an object. + + Any authenticated token may be used to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '201': + description: Created. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/tagged-objects/{type}': + get: + operationId: listTaggedObjectsByType + security: + - oauth2: + - 'idn:tag:read' + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: List Tagged Objects + description: |- + This API returns a list of all tagged objects by type. + + Any authenticated token may be used to call this API. + parameters: + - in: path + name: type + schema: + type: string + enum: + - ROLE + - IDENTITY + - SOD_POLICY + required: true + description: The type of tagged object to retrieve. + example: ROLE + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **objectRef.id**: *eq* + + **objectRef.type**: *eq* + example: objectRef.id eq "2c91808568c529c60168cca6f90c1313" + required: false + responses: + '200': + description: List of all tagged objects for specified type. + content: + application/json: + schema: + type: array + items: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/tagged-objects/{type}/{id}': + get: + operationId: getTaggedObject + security: + - oauth2: + - 'idn:tag:read' + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Get Tagged Object + description: This gets a tagged object for the specified type. + parameters: + - in: path + name: type + schema: + type: string + enum: + - ROLE + - IDENTITY + - SOD_POLICY + required: true + description: The type of tagged object to retrieve. + example: ROLE + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to retrieve. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Tagged object by type and ID. + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateTaggedObject + security: + - oauth2: + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Update Tagged Object + description: This updates a tagged object for the specified type. + parameters: + - in: path + name: type + schema: + type: string + enum: + - ROLE + - IDENTITY + - SOD_POLICY + required: true + description: The type of tagged object to update. + example: ROLE + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to update. + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + responses: + '200': + description: Tagged object by type and ID. + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteTaggedObject + security: + - oauth2: + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Delete Tagged Object + description: This deletes a tagged object for the specified type. + parameters: + - in: path + name: type + schema: + type: string + enum: + - ROLE + - IDENTITY + - SOD_POLICY + required: true + description: The type of tagged object to delete. + example: ROLE + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to delete. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /tagged-objects/bulk-add: + post: + operationId: addTagsToManyObjects + tags: + - Tagged Objects + summary: Tag Multiple Objects + description: |- + This API adds tags to multiple objects. + + A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + requestBody: + required: true + description: 'Supported object types are ROLE, IDENTITY and SOD_POLICY.' + content: + application/json: + schema: + type: object + properties: + objectRefs: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Label to be applied to an Object + example: + - BU_FINANCE + - PCI + operation: + type: string + enum: + - APPEND + - MERGE + default: APPEND + description: |- + If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object. + + If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored. + example: MERGE + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + objectRefs: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Label to be applied to an Object + example: + - BU_FINANCE + - PCI + operation: + type: string + enum: + - APPEND + - MERGE + default: APPEND + description: |- + If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object. + + If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored. + example: MERGE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /tagged-objects/bulk-remove: + post: + operationId: removeTagsToManyObject + tags: + - Tagged Objects + summary: Remove Tags from Multiple Objects + description: |- + This API removes tags from multiple objects. + + A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + requestBody: + description: 'Supported object types are ROLE, IDENTITY and SOD_POLICY.' + required: true + content: + application/json: + schema: + type: object + properties: + objectRefs: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Label to be applied to an Object + example: + - BU_FINANCE + - PCI + operation: + type: string + enum: + - APPEND + - MERGE + default: APPEND + description: |- + If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object. + + If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored. + example: MERGE + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /transforms: + get: + tags: + - Transforms + summary: List transforms + description: |- + Gets a list of all saved transform objects. + A token with transforms-list read authority is required to call this API. + operationId: listTransforms + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: name + in: query + description: Name of the transform to retrieve from the list. + required: false + style: form + schema: + type: string + example: ExampleTransformName123 + - name: filters + in: query + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + Filtering is supported for the following fields and operators: + **internal**: *eq* + **name**: *eq*, *sw* + example: name eq ExampleTransformName123 + required: false + style: form + explode: true + schema: + type: string + responses: + '200': + description: A list of transforms matching the given criteria. + content: + application/json: + schema: + type: array + items: + type: object + description: DTO for representing an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + readOnly: true + description: Unique name of this transform + example: Timestamp To Date + type: + type: string + readOnly: true + description: 'The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).' + example: concat + attributes: + type: object + nullable: true + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + example: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: + type: boolean + default: false + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + - id: 2cd78adghjkja34jh2b1hkjhasuecd + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: false + - id: 2lkas8dhj4bkuakja77giih7l4ashh + name: PrefixSubstring + type: substring + attributes: + begin: 0 + end: 3 + internal: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:read' + - 'idn:transform:manage' + post: + tags: + - Transforms + summary: Create transform + description: |- + Creates a new transform object. Request body must include name, type, and attributes. + A token with transform write authority is required to call this API. + operationId: createTransform + requestBody: + required: true + description: The transform to be created. + content: + application/json: + schema: + type: object + description: DTO for representing an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + readOnly: true + description: Unique name of this transform + example: Timestamp To Date + type: + type: string + readOnly: true + description: 'The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).' + example: concat + attributes: + type: object + nullable: true + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + example: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: + type: boolean + default: false + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + responses: + '201': + description: Indicates the transform was successfully created and returns its representation. + content: + application/json: + schema: + type: object + description: DTO for representing an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + readOnly: true + description: Unique name of this transform + example: Timestamp To Date + type: + type: string + readOnly: true + description: 'The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).' + example: concat + attributes: + type: object + nullable: true + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + example: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: + type: boolean + default: false + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:manage' + '/transforms/{id}': + get: + tags: + - Transforms + summary: Transform by ID + description: |- + This API returns the transform specified by the given ID. + A token with transform read authority is required to call this API. + operationId: getTransform + parameters: + - name: id + in: path + description: ID of the transform to retrieve + required: true + style: simple + explode: false + schema: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + responses: + '200': + description: Transform with the given ID + content: + application/json: + schema: + type: object + description: DTO for representing an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + readOnly: true + description: Unique name of this transform + example: Timestamp To Date + type: + type: string + readOnly: true + description: 'The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).' + example: concat + attributes: + type: object + nullable: true + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + example: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: + type: boolean + default: false + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:read' + - 'idn:transform:manage' + put: + tags: + - Transforms + summary: Update a transform + description: |- + Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other attributes will result in an error. + A token with transform write authority is required to call this API. + operationId: updateTransform + parameters: + - name: id + in: path + description: ID of the transform to update + required: true + style: simple + explode: false + schema: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + requestBody: + description: 'The updated transform object (must include "name", "type", and "attributes" fields).' + content: + application/json: + schema: + type: object + description: DTO for representing an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + readOnly: true + description: Unique name of this transform + example: Timestamp To Date + type: + type: string + readOnly: true + description: 'The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).' + example: concat + attributes: + type: object + nullable: true + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + example: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: + type: boolean + default: false + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + responses: + '200': + description: Indicates the transform was successfully updated and returns its new representation. + content: + application/json: + schema: + type: object + description: DTO for representing an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + readOnly: true + description: Unique name of this transform + example: Timestamp To Date + type: + type: string + readOnly: true + description: 'The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).' + example: concat + attributes: + type: object + nullable: true + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + example: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: + type: boolean + default: false + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + id: 2cd78adghjkja34jh2b1hkjhasuecd + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:manage' + delete: + tags: + - Transforms + summary: Delete a transform + description: |- + Deletes the transform specified by the given ID. + A token with transform delete authority is required to call this API. + operationId: deleteTransform + parameters: + - name: id + in: path + description: ID of the transform to delete + required: true + style: simple + explode: false + schema: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:manage' + '/translation-catalogs/{catalog-id}': + get: + operationId: getMessageCatalogs + summary: Get Message catalogs + tags: + - IAI Recommendations + - IAI Access Request Recommendations + description: The getMessageCatalogs API returns message catalog based on the language headers in the requested object. + parameters: + - in: path + name: catalog-id + schema: + type: string + enum: + - recommender + - access-request-recommender + required: true + description: The ID of the message catalog. + responses: + '200': + description: The message catalogs based on the request headers + content: + application/json: + schema: + type: array + items: + type: object + properties: + locale: + type: string + description: The language in which the messages are returned + example: en_US + messages: + type: array + items: + type: object + properties: + key: + type: string + description: The key of the message + example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_LOW + format: + type: string + description: The format of the message + example: '{0,,\"i18n hint: percentage\"}% of identities with the same {1,,\"i18n hint: name of category feature\"} have this access. This information had a low impact on the overall score.' + description: The list of message with their keys and formats + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: [] + /triggers: + get: + operationId: listTriggers + tags: + - Triggers + summary: List Triggers + description: Gets a list of triggers that are available in the tenant. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq* + example: 'id eq "idn:access-request-post-approval"' + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: + + **id** **name** + example: name + responses: + '200': + description: List of triggers. + content: + application/json: + schema: + type: array + items: + type: object + required: + - id + - name + - type + - inputSchema + - exampleInput + properties: + id: + type: string + description: Unique identifier of the trigger. + example: 'idn:access-request-dynamic-approver' + name: + type: string + description: Trigger Name. + example: Access Request Dynamic Approver + type: + example: REQUEST_RESPONSE + type: string + description: The type of trigger. + enum: + - REQUEST_RESPONSE + - FIRE_AND_FORGET + description: + type: string + description: Trigger Description. + example: Trigger for getting a dynamic approver. + inputSchema: + type: string + description: The JSON schema of the payload that will be sent by the trigger to the subscribed service. + example: '{"definitions":{"record:AccessRequestDynamicApproverInput":{"type":"object","required":["accessRequestId","requestedFor","requestedItems","requestedBy"],"additionalProperties":true,"properties":{"accessRequestId":{"type":"string"},"requestedFor":{"$ref":"#/definitions/record:requestedForIdentityRef"},"requestedItems":{"type":"array","items":{"$ref":"#/definitions/record:requestedObjectRef"}},"requestedBy":{"$ref":"#/definitions/record:requestedByIdentityRef"}}},"record:requestedForIdentityRef":{"type":"object","required":["id","name","type"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}}},"record:requestedObjectRef":{"type":"object","optional":["description","comment"],"required":["id","name","type","operation"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"oneOf":[{"type":"null"},{"type":"string"}]},"type":{"type":"string"},"operation":{"type":"string"},"comment":{"oneOf":[{"type":"null"},{"type":"string"}]}}},"record:requestedByIdentityRef":{"type":"object","required":["type","id","name"],"additionalProperties":true,"properties":{"type":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"}}}},"$ref":"#/definitions/record:AccessRequestDynamicApproverInput"}' + exampleInput: + description: An example of the JSON payload that will be sent by the trigger to the subscribed service. + oneOf: + - title: Access Request Dynamic Approver + type: object + required: + - accessRequestId + - requestedFor + - requestedItems + - requestedBy + properties: + accessRequestId: + type: string + description: | + The unique ID of the access request object. Can be used with the [access request status endpoint](https://developer.sailpoint.com/idn/api/beta/list-access-request-status) to get the status of the request. + example: 4b4d982dddff4267ab12f0f1e72b5a6d + requestedFor: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity for whom the access is requested for. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requestedItems: + description: The access items that are being requested. + type: array + items: + type: object + required: + - id + - name + - type + - operation + properties: + id: + type: string + description: The unique ID of the access item. + example: 2c91808b6ef1d43e016efba0ce470904 + name: + type: string + description: Human friendly name of the access item. + example: Engineering Access + description: + nullable: true + type: string + description: Extended description of the access item. + example: Engineering Access + type: + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of access item being requested. + example: ACCESS_PROFILE + operation: + enum: + - Add + - Remove + description: Grant or revoke the access item + example: Add + comment: + nullable: true + type: string + description: A comment from the requestor on why the access is needed. + example: William needs this access for his day to day job activities. + requestedBy: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that initiated the access request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + - title: Access Request Post Approval + type: object + required: + - accessRequestId + - requestedFor + - requestedItemsStatus + - requestedBy + properties: + accessRequestId: + type: string + description: The unique ID of the access request. + example: 2c91808b6ef1d43e016efba0ce470904 + requestedFor: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity who the access request is for. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requestedItemsStatus: + description: Details on the outcome of each access item. + type: array + items: + type: object + required: + - id + - name + - type + - operation + - approvalInfo + properties: + id: + type: string + description: The unique ID of the access item being requested. + example: 2c91808b6ef1d43e016efba0ce470904 + name: + type: string + description: The human friendly name of the access item. + example: Engineering Access + description: + nullable: true + type: string + description: Detailed description of the access item. + example: Access to engineering database + type: + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of access item. + example: ACCESS_PROFILE + operation: + enum: + - Add + - Remove + description: The action to perform on the access item. + example: Add + comment: + nullable: true + type: string + description: A comment from the identity requesting the access. + example: William needs this access to do his job. + clientMetadata: + description: Additional customer defined metadata about the access item. + nullable: true + type: object + additionalProperties: true + example: + applicationName: My application + approvalInfo: + description: A list of one or more approvers for the access request. + type: array + items: + type: object + required: + - approvalDecision + - approverName + - approver + properties: + approvalComment: + nullable: true + type: string + description: A comment left by the approver. + example: This access looks good. Approved. + approvalDecision: + enum: + - APPROVED + - DENIED + description: The final decision of the approver. + example: APPROVED + approverName: + type: string + description: The name of the approver + example: Stephen.Austin + approver: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity of the approver. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requestedBy: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that initiated the access request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + - title: Access Request Pre Approval + type: object + required: + - accessRequestId + - requestedFor + - requestedItems + - requestedBy + properties: + accessRequestId: + type: string + description: The unique ID of the access request. + example: 2c91808b6ef1d43e016efba0ce470904 + requestedFor: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity who the access request is for. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requestedItems: + description: Details of the access items being requested. + type: array + items: + type: object + required: + - id + - name + - type + - operation + properties: + id: + type: string + description: The unique ID of the access item being requested. + example: 2c91808b6ef1d43e016efba0ce470904 + name: + type: string + description: The human friendly name of the access item. + example: Engineering Access + description: + nullable: true + type: string + description: Detailed description of the access item. + example: Access to engineering database + type: + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of access item. + example: ACCESS_PROFILE + operation: + enum: + - Add + - Remove + description: The action to perform on the access item. + example: Add + comment: + nullable: true + type: string + description: A comment from the identity requesting the access. + example: William needs this access to do his job. + requestedBy: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that initiated the access request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + - title: Account Aggregation Completed + type: object + required: + - source + - status + - started + - completed + - errors + - warnings + - stats + properties: + source: + required: + - type + - name + - id + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The source from which the accounts were aggregated. + properties: + type: + enum: + - SOURCE + description: The type of object that is referenced + example: SOURCE + status: + description: The overall status of the aggregation. + enum: + - Success + - Failed + - Terminated + example: Success + started: + type: string + format: date-time + description: The date and time when the account aggregation started. + example: '2020-06-29T22:01:50.474Z' + completed: + type: string + format: date-time + description: The date and time when the account aggregation finished. + example: '2020-06-29T22:02:04.090Z' + errors: + nullable: true + description: A list of errors that occurred during the aggregation. + type: array + items: + type: string + description: A descriptive error message. + example: Accounts unable to be aggregated. + warnings: + nullable: true + description: A list of warnings that occurred during the aggregation. + type: array + items: + type: string + description: A descriptive warning message. + example: Account Skipped + stats: + type: object + description: Overall statistics about the account aggregation. + required: + - scanned + - unchanged + - changed + - added + - removed + properties: + scanned: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: The number of accounts which were scanned / iterated over. + example: 200 + unchanged: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: 'The number of accounts which existed before, but had no changes.' + example: 190 + changed: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: 'The number of accounts which existed before, but had changes.' + example: 6 + added: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: The number of accounts which are new - have not existed before. + example: 4 + removed: + type: integer + minimum: 0 + maximum: 2147483647 + format: int32 + description: 'The number accounts which existed before, but no longer exist (thus getting removed).' + example: 3 + - title: Account Attributes Changed + type: object + required: + - identity + - source + - account + - changes + properties: + identity: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity whose account attributes changed. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + source: + required: + - id + - type + - name + type: object + description: The source that contains the account. + properties: + id: + description: ID of the object to which this reference applies + type: string + example: 4e4d982dddff4267ab12f0f1e72b5a6d + type: + type: string + enum: + - SOURCE + example: SOURCE + description: The type of object that is referenced + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: Corporate Active Directory + account: + type: object + description: Details of the account where the attributes changed. + required: + - id + - uuid + - name + - nativeIdentity + - type + properties: + id: + type: string + description: SailPoint generated unique identifier. + example: 52170a74-ca89-11ea-87d0-0242ac130003 + uuid: + nullable: true + type: string + description: The source's unique identifier for the account. UUID is generated by the source system. + example: 1cb1f07d-3e5a-4431-becd-234fa4306108 + name: + type: string + description: Name of the account. + example: john.doe + nativeIdentity: + type: string + description: Unique ID of the account on the source. + example: 'cn=john.doe,ou=users,dc=acme,dc=com' + type: + enum: + - ACCOUNT + description: The type of the account + example: ACCOUNT + changes: + type: array + description: A list of attributes that changed. + items: + type: object + required: + - attribute + - oldValue + - newValue + properties: + attribute: + type: string + description: The name of the attribute. + example: sn + oldValue: + description: The previous value of the attribute. + nullable: true + oneOf: + - type: string + - type: boolean + - type: array + items: + nullable: true + type: string + example: doe + newValue: + description: The new value of the attribute. + nullable: true + oneOf: + - type: string + - type: boolean + - type: array + items: + nullable: true + type: string + example: ryans + - title: Account Correlated + type: object + required: + - identity + - source + - account + - attributes + properties: + identity: + required: + - type + - name + - id + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that the account correlated with. + properties: + type: + enum: + - IDENTITY + description: The type of object that is referenced + example: IDENTITY + source: + required: + - id + - type + - name + type: object + description: The source from which the account came from. + properties: + id: + description: ID of the object to which this reference applies + type: string + example: 4e4d982dddff4267ab12f0f1e72b5a6d + type: + type: string + enum: + - SOURCE + example: SOURCE + description: The type of object that is referenced + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: Corporate Active Directory + account: + required: + - id + - name + - nativeIdentity + - type + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The account that was correlated. + properties: + type: + enum: + - ACCOUNT + description: The type of object that is referenced + example: ACCOUNT + nativeIdentity: + type: string + description: Unique ID of the account on the source. + example: 'cn=john.doe,ou=users,dc=acme,dc=com' + uuid: + nullable: true + type: string + description: The source's unique identifier for the account. UUID is generated by the source system. + example: 1cb1f07d-3e5a-4431-becd-234fa4306108 + attributes: + type: object + description: The attributes associated with the account. Attributes are unique per source. + additionalProperties: true + example: + sn: doe + givenName: john + memberOf: + - 'cn=g1,ou=groups,dc=acme,dc=com' + - 'cn=g2,ou=groups,dc=acme,dc=com' + - 'cn=g3,ou=groups,dc=acme,dc=com' + entitlementCount: + type: integer + format: int32 + description: The number of entitlements associated with this account. + example: 0 + - title: Accounts Collected for Aggregation + type: object + required: + - source + - status + - started + - completed + - errors + - warnings + - stats + properties: + source: + required: + - id + - type + - name + type: object + description: Reference to the source that has been aggregated. + properties: + id: + description: ID of the object to which this reference applies + type: string + example: 4e4d982dddff4267ab12f0f1e72b5a6d + type: + type: string + enum: + - SOURCE + example: SOURCE + description: The type of object that is referenced + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: Corporate Active Directory + status: + description: The overall status of the collection. + enum: + - Success + - Failed + - Terminated + example: Success + started: + type: string + format: date-time + description: The date and time when the account collection started. + example: '2020-06-29T22:01:50.474Z' + completed: + type: string + format: date-time + description: The date and time when the account collection finished. + example: '2020-06-29T22:02:04.090Z' + errors: + nullable: true + description: A list of errors that occurred during the collection. + type: array + items: + type: string + description: A descriptive error message. + example: Unable to collect accounts for aggregation. + warnings: + nullable: true + description: A list of warnings that occurred during the collection. + type: array + items: + type: string + description: A descriptive warning message. + example: Account Skipped + stats: + type: object + description: Overall statistics about the account collection. + required: + - scanned + - unchanged + - changed + - added + - removed + properties: + scanned: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: The number of accounts which were scanned / iterated over. + example: 200 + unchanged: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: 'The number of accounts which existed before, but had no changes.' + example: 190 + changed: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: 'The number of accounts which existed before, but had changes.' + example: 6 + added: + type: integer + format: int32 + minimum: 0 + maximum: 2147483647 + description: The number of accounts which are new - have not existed before. + example: 4 + removed: + type: integer + minimum: 0 + maximum: 2147483647 + format: int32 + description: 'The number accounts which existed before, but no longer exist (thus getting removed).' + example: 3 + - title: Account Uncorrelated + type: object + required: + - identity + - source + - account + properties: + identity: + required: + - type + - name + - id + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that the account uncorrelated with. + properties: + type: + enum: + - IDENTITY + description: The type of object that is referenced + example: IDENTITY + source: + required: + - type + - name + - id + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The source from which the account came from. + properties: + type: + enum: + - SOURCE + description: The type of object that is referenced + example: SOURCE + account: + required: + - id + - name + - nativeIdentity + - type + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The account that was uncorrelated. + properties: + type: + enum: + - ACCOUNT + description: The type of object that is referenced + example: ACCOUNT + nativeIdentity: + type: string + description: Unique ID of the account on the source. + example: 'cn=john.doe,ou=users,dc=acme,dc=com' + uuid: + nullable: true + type: string + description: The source's unique identifier for the account. UUID is generated by the source system. + example: 1cb1f07d-3e5a-4431-becd-234fa4306108 + entitlementCount: + type: integer + format: int32 + description: The number of entitlements associated with this account. + example: 0 + - title: Campaign Activated + type: object + required: + - campaign + properties: + campaign: + type: object + description: Details about the certification campaign that was activated. + required: + - id + - name + - description + - created + - deadline + - type + - campaignOwner + - status + properties: + id: + type: string + description: Unique ID for the campaign. + example: 2c91808576f886190176f88cac5a0010 + name: + type: string + description: The human friendly name of the campaign. + example: Manager Access Campaign + description: + type: string + description: Extended description of the campaign. + example: Audit access for all employees. + created: + type: string + format: date-time + description: The date and time the campaign was created. + example: '2021-02-16T03:04:45.815Z' + modified: + nullable: true + type: string + format: date-time + description: The date and time the campaign was last modified. + example: '2021-02-16T03:06:45.815Z' + deadline: + type: string + format: date-time + description: The date and time the campaign is due. + example: '2021-03-16T03:04:45.815Z' + type: + description: The type of campaign. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + campaignOwner: + type: object + description: Details of the identity that owns the campaign. + required: + - id + - displayName + - email + properties: + id: + type: string + description: The unique ID of the identity. + example: 37f080867702c1910177031320c40n27 + displayName: + type: string + description: The human friendly name of the identity. + example: John Snow + email: + type: string + description: The primary email address of the identity. + example: john.snow@example.com + status: + enum: + - ACTIVE + description: The current status of the campaign. + example: ACTIVE + - title: Campaign Ended + type: object + required: + - campaign + properties: + campaign: + type: object + description: Details about the certification campaign that ended. + required: + - id + - name + - description + - created + - deadline + - type + - campaignOwner + - status + properties: + id: + type: string + description: Unique ID for the campaign. + example: 2c91808576f886190176f88cac5a0010 + name: + type: string + description: The human friendly name of the campaign. + example: Manager Access Campaign + description: + type: string + description: Extended description of the campaign. + example: Audit access for all employees. + created: + type: string + format: date-time + description: The date and time the campaign was created. + example: '2021-02-16T03:04:45.815Z' + modified: + nullable: true + type: string + format: date-time + description: The date and time the campaign was last modified. + example: '2021-03-16T03:06:45.815Z' + deadline: + type: string + format: date-time + description: The date and time the campaign is due. + example: '2021-03-16T03:04:45.815Z' + type: + description: The type of campaign. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + campaignOwner: + type: object + description: Details of the identity that owns the campaign. + required: + - id + - displayName + - email + properties: + id: + type: string + description: The unique ID of the identity. + example: 37f080867702c1910177031320c40n27 + displayName: + type: string + description: The human friendly name of the identity. + example: John Snow + email: + type: string + description: The primary email address of the identity. + example: john.snow@example.com + status: + enum: + - COMPLETED + description: The current status of the campaign. + example: COMPLETED + - title: Campaign Generated + type: object + required: + - campaign + properties: + campaign: + description: Details about the campaign that was generated. + type: object + required: + - id + - name + - description + - created + - type + - campaignOwner + - status + properties: + id: + type: string + description: The unique ID of the campaign. + example: 2c91808576f886190176f88cac5a0010 + name: + type: string + description: Human friendly name of the campaign. + example: Manager Access Campaign + description: + type: string + description: Extended description of the campaign. + example: Audit access for all employees. + created: + type: string + format: date-time + description: The date and time the campaign was created. + example: '2021-02-16T03:04:45.815Z' + modified: + nullable: true + type: string + description: The date and time the campaign was last modified. + example: '2021-02-17T03:04:45.815Z' + deadline: + nullable: true + type: string + description: The date and time when the campaign must be finished by. + example: '2021-02-18T03:04:45.815Z' + type: + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + description: The type of campaign that was generated. + example: MANAGER + campaignOwner: + type: object + description: The identity that owns the campaign. + required: + - id + - displayName + - email + properties: + id: + type: string + description: The unique ID of the identity. + example: 37f080867702c1910177031320c40n27 + displayName: + type: string + description: The display name of the identity. + example: John Snow + email: + type: string + description: The primary email address of the identity. + example: john.snow@example.com + status: + enum: + - STAGED + - ACTIVATING + - ACTIVE + description: The current status of the campaign. + example: STAGED + - title: Certification Signed Off + type: object + required: + - certification + properties: + certification: + description: The certification campaign that was signed off on. + required: + - id + - name + - created + allOf: + - type: object + required: + - campaignRef + - completed + - decisionsMade + - decisionsTotal + - due + - signed + - reviewer + - campaignOwner + - hasErrors + - phase + - entitiesCompleted + - entitiesTotal + properties: + campaignRef: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + description: The date the reviewer signed off on the certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + description: A reference to the reviewer of the campaign. + type: object + required: + - type + - id + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object that the reviewer is. + enum: + - IDENTITY + - GOVERNANCE_GROUP + example: IDENTITY + email: + type: string + nullable: true + description: The email of the reviewing identity. Only applicable to `IDENTITY` + example: reviewer@test.com + reassignment: + nullable: true + description: A reference to a reviewer that this campaign has been reassigned to. + type: object + properties: + from: + description: The previous certification + type: object + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + reviewer: + description: Certification reviewer + type: object + required: + - type + - id + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object that the reviewer is. + enum: + - IDENTITY + - GOVERNANCE_GROUP + example: IDENTITY + email: + type: string + nullable: true + description: The email of the reviewing identity. Only applicable to `IDENTITY` + example: reviewer@test.com + properties: + type: + description: The type of object that the reviewer is. + enum: + - CERTIFICATION + example: CERTIFICATION + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + comment: + type: string + description: Comments from the previous reviewer. + example: Please review + hasErrors: + type: boolean + example: false + description: Indicates it the certification has any errors. + errorMessage: + type: string + nullable: true + example: The certification has an error + description: A message indicating what the error is. + completed: + type: boolean + description: Indicates if all certification decisions have been made. + example: false + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made by the reviewer. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions for the certification. + example: 40 + format: int32 + entitiesCompleted: + type: integer + description: 'The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete.' + example: 5 + format: int32 + entitiesTotal: + type: integer + format: int32 + description: 'The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete.' + example: 10 + properties: + id: + type: string + description: Unique ID of the certification. + example: 2c91808576f886190176f88caf0d0067 + name: + type: string + description: The name of the certification. + example: Manager Access Review for Alice Baker + created: + type: string + format: date-time + description: The date and time the certification was created. + example: '2020-02-16T03:04:45.815Z' + modified: + nullable: true + type: string + format: date-time + description: The date and time the certification was last modified. + example: '2020-02-16T03:06:45.815Z' + - title: Identity Attributes Changed + type: object + required: + - identity + - changes + properties: + identity: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity who's attributes changed. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + changes: + description: A list of one or more identity attributes that changed on the identity. + type: array + items: + type: object + required: + - attribute + properties: + attribute: + type: string + description: The name of the identity attribute that changed. + example: department + oldValue: + description: The value of the identity attribute before it changed. + nullable: true + example: sales + oneOf: + - type: string + - type: boolean + - type: array + items: + type: string + - type: object + nullable: true + additionalProperties: + oneOf: + - type: string + - type: number + - type: integer + - type: boolean + newValue: + description: The value of the identity attribute after it changed. + example: marketing + oneOf: + - type: string + - type: boolean + - type: array + items: + type: string + - type: object + nullable: true + additionalProperties: + oneOf: + - type: string + - type: number + - type: integer + - type: boolean + - title: Identity Created + type: object + required: + - identity + - attributes + properties: + identity: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that was created. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + attributes: + type: object + description: The attributes assigned to the identity. Attributes are determined by the identity profile. + additionalProperties: true + example: + firstname: John + - title: Identity Deleted + type: object + required: + - identity + - attributes + properties: + identity: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that was deleted. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + attributes: + type: object + description: The attributes assigned to the identity. Attributes are determined by the identity profile. + additionalProperties: true + example: + firstname: John + - title: Provisioning Completed + type: object + required: + - trackingNumber + - sources + - recipient + - accountRequests + properties: + trackingNumber: + type: string + description: The reference number of the provisioning request. Useful for tracking status in the Account Activity search interface. + example: 4b4d982dddff4267ab12f0f1e72b5a6d + sources: + type: string + description: One or more sources that the provisioning transaction(s) were done against. Sources are comma separated. + example: 'Corp AD, Corp LDAP, Corp Salesforce' + action: + nullable: true + type: string + description: Origin of where the provisioning request came from. + example: IdentityRefresh + errors: + nullable: true + description: A list of any accumulated error messages that occurred during provisioning. + type: array + items: + type: string + example: Connector AD Failed + warnings: + nullable: true + description: A list of any accumulated warning messages that occurred during provisioning. + type: array + items: + type: string + example: Notification Skipped due to invalid email + recipient: + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity who is the target of the provisioning request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + requester: + nullable: true + required: + - id + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity (if any) who submitted the provisioning request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + accountRequests: + type: array + description: A list of provisioning instructions to perform on an account-by-account basis. + items: + type: object + required: + - source + - accountOperation + - provisioningResult + - provisioningTarget + properties: + source: + required: + - id + - type + - name + type: object + description: Reference to the source being provisioned against. + properties: + id: + description: ID of the object to which this reference applies + type: string + example: 4e4d982dddff4267ab12f0f1e72b5a6d + type: + type: string + enum: + - SOURCE + example: SOURCE + description: The type of object that is referenced + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: Corporate Active Directory + accountId: + type: string + description: The unique idenfier of the account being provisioned. + example: 'CN=Chewy.Bacca,ou=hardcorefigter,ou=wookies,dc=starwars,dc=com' + accountOperation: + type: string + description: 'The provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete.' + example: Modify + provisioningResult: + description: 'The overall result of the provisioning transaction; this could be success, pending, failed, etc.' + enum: + - SUCCESS + - PENDING + - FAILED + example: SUCCESS + provisioningTarget: + type: string + description: 'The name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM).' + example: Corp AD + ticketId: + nullable: true + type: string + description: 'A reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM).' + example: '72619262' + attributeRequests: + nullable: true + description: A list of attributes as part of the provisioning transaction. + type: array + items: + type: object + required: + - attributeName + - operation + properties: + attributeName: + type: string + description: The name of the attribute being provisioned. + example: memberOf + attributeValue: + nullable: true + type: string + description: The value of the attribute being provisioned. + example: 'CN=jedi,DC=starwars,DC=com' + operation: + enum: + - Add + - Set + - Remove + description: The operation to handle the attribute. + example: Add + - title: Saved Search Complete + type: object + required: + - fileName + - ownerEmail + - ownerName + - query + - searchName + - searchResults + - signedS3Url + properties: + fileName: + type: string + description: A name for the report file. + example: Modified.zip + ownerEmail: + type: string + description: The email address of the identity that owns the saved search. + example: test@sailpoint.com + ownerName: + type: string + description: The name of the identity that owns the saved search. + example: Cloud Support + query: + type: string + description: The search query that was used to generate the report. + example: 'modified:[now-7y/d TO now]' + searchName: + type: string + description: The name of the saved search. + example: Modified Activity + searchResults: + type: object + description: 'A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type.' + properties: + Account: + description: A table of accounts that match the search criteria. + nullable: true + type: object + required: + - count + - noun + - preview + properties: + count: + type: string + description: The number of rows in the table. + example: 3 + noun: + type: string + description: The type of object represented in the table. + example: accounts + preview: + description: A sample of the data in the table. + type: array + items: + type: array + items: + type: string + example: Robert.Chase + example: [] + Entitlement: + description: A table of entitlements that match the search criteria. + nullable: true + type: object + required: + - count + - noun + - preview + properties: + count: + type: string + description: The number of rows in the table. + example: 2 + noun: + type: string + description: The type of object represented in the table. + example: entitlements + preview: + description: A sample of the data in the table. + type: array + items: + type: array + items: + type: string + example: Administrator + example: [] + Identity: + description: A table of identities that match the search criteria. + nullable: true + type: object + required: + - count + - noun + - preview + properties: + count: + type: string + description: The number of rows in the table. + example: 2 + noun: + type: string + description: The type of object represented in the table. + example: identities + preview: + description: A sample of the data in the table. + type: array + items: + type: array + items: + type: string + example: Carol Shelby + example: [] + signedS3Url: + type: string + description: The Amazon S3 URL to download the report from. + example: 'https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e732bb97a12a1fd8a215613e3c31fcdae8ba1fb6a25916843ab5b51d2ddefbc' + - title: Source Account Created + type: object + required: + - id + - nativeIdentifier + - sourceId + - sourceName + - identityId + - identityName + - attributes + properties: + uuid: + type: string + description: Source unique identifier for the identity. UUID is generated by the source system. + example: b7264868-7201-415f-9118-b581d431c688 + id: + type: string + description: SailPoint generated unique identifier. + example: ee769173319b41d19ccec35ba52f237b + nativeIdentifier: + type: string + description: Unique ID of the account on the source. + example: E009 + sourceId: + type: string + description: The ID of the source. + example: 2c918082814e693601816e09471b29b6 + sourceName: + type: string + description: The name of the source. + example: Active Directory + identityId: + type: string + description: The ID of the identity that is corellated with this account. + example: ee769173319b41d19ccec6c235423237b + identityName: + type: string + description: The name of the identity that is corellated with this account. + example: john.doe + attributes: + type: object + additionalProperties: true + description: The attributes of the account. The contents of attributes depends on the account schema for the source. + example: + firstname: John + lastname: Doe + email: john.doe@gmail.com + department: Sales + displayName: John Doe + created: '2020-04-27T16:48:33.597Z' + employeeNumber: E009 + uid: E009 + inactive: 'true' + phone: null + identificationNumber: E009 + - title: Source Account Deleted + type: object + required: + - id + - nativeIdentifier + - sourceId + - sourceName + - identityId + - identityName + - attributes + properties: + uuid: + type: string + description: Source unique identifier for the identity. UUID is generated by the source system. + example: b7264868-7201-415f-9118-b581d431c688 + id: + type: string + description: SailPoint generated unique identifier. + example: ee769173319b41d19ccec35ba52f237b + nativeIdentifier: + type: string + description: Unique ID of the account on the source. + example: E009 + sourceId: + type: string + description: The ID of the source. + example: 2c918082814e693601816e09471b29b6 + sourceName: + type: string + description: The name of the source. + example: Active Directory + identityId: + type: string + description: The ID of the identity that is corellated with this account. + example: ee769173319b41d19ccec6c235423237b + identityName: + type: string + description: The name of the identity that is corellated with this account. + example: john.doe + attributes: + type: object + additionalProperties: true + description: The attributes of the account. The contents of attributes depends on the account schema for the source. + example: + firstname: John + lastname: Doe + email: john.doe@gmail.com + department: Sales + displayName: John Doe + created: '2020-04-27T16:48:33.597Z' + employeeNumber: E009 + uid: E009 + inactive: 'true' + phone: null + identificationNumber: E009 + - title: Source Account Updated + type: object + required: + - id + - nativeIdentifier + - sourceId + - sourceName + - identityId + - identityName + - attributes + properties: + uuid: + type: string + description: Source unique identifier for the identity. UUID is generated by the source system. + example: b7264868-7201-415f-9118-b581d431c688 + id: + type: string + description: SailPoint generated unique identifier. + example: ee769173319b41d19ccec35ba52f237b + nativeIdentifier: + type: string + description: Unique ID of the account on the source. + example: E009 + sourceId: + type: string + description: The ID of the source. + example: 2c918082814e693601816e09471b29b6 + sourceName: + type: string + description: The name of the source. + example: Active Directory + identityId: + type: string + description: The ID of the identity that is corellated with this account. + example: ee769173319b41d19ccec6c235423237b + identityName: + type: string + description: The name of the identity that is corellated with this account. + example: john.doe + attributes: + type: object + additionalProperties: true + description: The attributes of the account. The contents of attributes depends on the account schema for the source. + example: + firstname: John + lastname: Doe + email: john.doe@gmail.com + department: Sales + displayName: John Doe + created: '2020-04-27T16:48:33.597Z' + employeeNumber: E009 + uid: E009 + inactive: 'true' + phone: null + identificationNumber: E009 + - title: Source Created + type: object + required: + - id + - name + - type + - created + - connector + - actor + properties: + id: + type: string + description: The unique ID of the source. + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human friendly name of the source. + example: Test source + type: + type: string + description: The connection type. + example: DIRECT_CONNECT + created: + type: string + format: date-time + description: The date and time the source was created. + example: '2021-03-29T22:01:50.474Z' + connector: + type: string + description: The connector type used to connect to the source. + example: active-directory + actor: + required: + - id + - name + - type + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that created the source. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + - title: Source Deleted + type: object + required: + - id + - name + - type + - deleted + - connector + - actor + properties: + id: + type: string + description: The unique ID of the source. + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human friendly name of the source. + example: Test source + type: + type: string + description: The connection type. + example: DIRECT_CONNECT + deleted: + type: string + format: date-time + description: The date and time the source was deleted. + example: '2021-03-29T22:01:50.474Z' + connector: + type: string + description: The connector type used to connect to the source. + example: active-directory + actor: + required: + - id + - name + - type + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that deleted the source. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + - title: Source Updated + type: object + required: + - id + - name + - type + - modified + - connector + - actor + properties: + id: + type: string + description: The unique ID of the source. + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: The user friendly name of the source. + example: Corporate Active Directory + type: + type: string + description: The connection type of the source. + example: DIRECT_CONNECT + modified: + type: string + format: date-time + description: The date and time the source was modified. + example: '2021-03-29T22:01:50.474Z' + connector: + type: string + description: The connector type used to connect to the source. + example: active-directory + actor: + required: + - type + - name + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity or system that performed the update. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + - title: VA Cluster Status Change Event + type: object + required: + - created + - type + - application + - healthCheckResult + - previousHealthCheckResult + properties: + created: + type: string + format: date-time + description: The date and time the status change occurred. + example: '2020-06-29T22:01:50.474Z' + type: + enum: + - SOURCE + - CLUSTER + description: The type of the object that initiated this event. + example: CLUSTER + application: + type: object + description: Details about the `CLUSTER` or `SOURCE` that initiated this event. + required: + - id + - name + - attributes + properties: + id: + type: string + description: The GUID of the application + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: The name of the application + example: Production VA Cluster + attributes: + type: object + description: Custom map of attributes for a source. This will only be populated if type is `SOURCE` and the source has a proxy. + additionalProperties: true + nullable: true + example: null + healthCheckResult: + type: object + description: The results of the most recent health check. + required: + - message + - resultType + - status + properties: + message: + type: string + description: Detailed message of the result of the health check. + example: Test Connection failed with exception. Error message - java.lang Exception + resultType: + type: string + description: The type of the health check result. + example: SOURCE_STATE_ERROR_CLUSTER + status: + enum: + - Succeeded + - Failed + description: The status of the health check. + example: Succeeded + previousHealthCheckResult: + type: object + description: The results of the last health check. + required: + - message + - resultType + - status + properties: + message: + type: string + description: Detailed message of the result of the health check. + example: Test Connection failed with exception. Error message - java.lang Exception + resultType: + type: string + description: The type of the health check result. + example: SOURCE_STATE_ERROR_CLUSTER + status: + enum: + - Succeeded + - Failed + description: The status of the health check. + example: Failed + outputSchema: + type: string + description: The JSON schema of the response that will be sent by the subscribed service to the trigger in response to an event. This only applies to a trigger type of `REQUEST_RESPONSE`. + nullable: true + example: '{"definitions":{"record:AccessRequestDynamicApproverOutput":{"type":["null","object"],"required":["id","name","type"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}}}},"$ref":"#/definitions/record:AccessRequestDynamicApproverOutput"}' + exampleOutput: + description: An example of the JSON payload that will be sent by the subscribed service to the trigger in response to an event. + nullable: true + oneOf: + - title: Access Request Dynamic Approver + type: object + nullable: true + required: + - id + - name + - type + properties: + id: + type: string + description: The unique ID of the identity to add to the approver list for the access request. + example: 2c91808b6ef1d43e016efba0ce470906 + name: + type: string + description: The name of the identity to add to the approver list for the access request. + example: Adam Adams + type: + enum: + - IDENTITY + - GOVERNANCE_GROUP + description: The type of object being referenced. + example: IDENTITY + - title: Access Request Pre Approval + type: object + required: + - approved + - comment + - approver + properties: + approved: + type: boolean + description: Whether or not to approve the access request. + example: false + comment: + type: string + description: A comment about the decision to approve or deny the request. + example: 'This access should be denied, because this will cause an SOD violation.' + approver: + type: string + description: The name of the entity that approved or denied the request. + example: AcmeCorpExternalIntegration + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-subscriptions:read' + /trigger-subscriptions: + post: + operationId: createSubscription + tags: + - Triggers + summary: Create a Subscription + description: |- + This API creates a new subscription to a trigger and defines trigger invocation details. The type of subscription determines which config object is required: + * HTTP subscriptions require httpConfig + * EventBridge subscriptions require eventBridgeConfig + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - triggerId + - type + - name + properties: + name: + type: string + description: Subscription name. + example: Access request subscription + description: + type: string + description: Subscription description. + example: Access requested to site xyz + triggerId: + type: string + description: ID of trigger subscribed to. + example: 'idn:access-requested' + type: + type: string + enum: + - HTTP + - EVENTBRIDGE + - INLINE + - SCRIPT + - WORKFLOW + description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.' + example: HTTP + responseDeadline: + type: string + description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.' + example: PT1H + default: PT1H + httpConfig: + description: Config required if HTTP subscription type is used. + type: object + properties: + url: + type: string + description: URL of the external/custom integration. + example: 'https://www.example.com' + httpDispatchMode: + type: string + description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.' + enum: + - SYNC + - ASYNC + - DYNAMIC + example: SYNC + httpAuthenticationType: + type: string + description: |- + Defines the HTTP Authentication type. Additional values may be added in the future. + + If *NO_AUTH* is selected, no extra information will be in HttpConfig. + + If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings. + + If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string. + enum: + - NO_AUTH + - BASIC_AUTH + - BEARER_TOKEN + default: NO_AUTH + example: BASIC_AUTH + basicAuthConfig: + type: object + properties: + userName: + type: string + description: The username to authenticate. + example: user@example.com + password: + type: string + nullable: true + description: 'The password to authenticate. On response, this field is set to null as to not return secrets.' + example: null + nullable: true + description: Config required if BASIC_AUTH is used. + bearerTokenAuthConfig: + type: object + properties: + bearerToken: + type: string + nullable: true + description: Bearer token + example: null + nullable: true + description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.' + required: + - url + - httpDispatchMode + eventBridgeConfig: + description: Config required if EVENTBRIDGE subscription type is used. + type: object + properties: + awsAccount: + type: string + description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource. + example: '123456789012' + awsRegion: + type: string + description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.' + example: us-west-1 + required: + - awsAccount + - awsRegion + enabled: + type: boolean + description: |- + Whether subscription should receive real-time trigger invocations or not. + + Test trigger invocations are always enabled regardless of this option. + default: true + example: true + filter: + type: string + description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. + example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + externalDocs: + description: JSONPath filter documentation + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events' + examples: + HTTP Subscription: + value: + name: Access request subscription + description: Access requested to site xyz + triggerId: 'idn:access-requested' + type: HTTP + httpConfig: + url: 'https://www.example.com' + httpDispatchMode: SYNC + httpAuthenticationType: BASIC_AUTH + basicAuthConfig: + userName: user@example.com + password: eRtg4%6yuI! + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + HTTP Async Subscription: + value: + name: Access request subscription + description: Access requested to site xyz + triggerId: 'idn:access-requested' + type: HTTP + responseDeadline: PT1H + httpConfig: + url: 'https://www.example.com' + httpDispatchMode: ASYNC + httpAuthenticationType: BASIC_AUTH + basicAuthConfig: + userName: user@example.com + password: eRtg4%6yuI! + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + EventBridge Subscription: + value: + name: Access request subscription + description: Access requested to site xyz + triggerId: 'idn:access-requested' + type: EVENTBRIDGE + eventBridgeConfig: + awsAccount: '123456789012' + awsRegion: us-west-1 + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + responses: + '201': + description: New subscription to a trigger. The trigger can now be invoked by the method defined in the subscription. + content: + application/json: + schema: + type: object + required: + - id + - triggerId + - type + - name + - triggerName + - enabled + - responseDeadline + properties: + id: + type: string + description: Subscription ID. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Subscription name. + example: Access request subscription + description: + type: string + description: Subscription description. + example: Access requested to site xyz + triggerId: + type: string + description: ID of trigger subscribed to. + example: 'idn:access-requested' + triggerName: + type: string + description: Trigger name of trigger subscribed to. + example: Access Requested + type: + type: string + enum: + - HTTP + - EVENTBRIDGE + - INLINE + - SCRIPT + - WORKFLOW + description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.' + example: HTTP + responseDeadline: + type: string + description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.' + example: PT1H + default: PT1H + httpConfig: + description: Config required if HTTP subscription type is used. + type: object + properties: + url: + type: string + description: URL of the external/custom integration. + example: 'https://www.example.com' + httpDispatchMode: + type: string + description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.' + enum: + - SYNC + - ASYNC + - DYNAMIC + example: SYNC + httpAuthenticationType: + type: string + description: |- + Defines the HTTP Authentication type. Additional values may be added in the future. + + If *NO_AUTH* is selected, no extra information will be in HttpConfig. + + If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings. + + If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string. + enum: + - NO_AUTH + - BASIC_AUTH + - BEARER_TOKEN + default: NO_AUTH + example: BASIC_AUTH + basicAuthConfig: + type: object + properties: + userName: + type: string + description: The username to authenticate. + example: user@example.com + password: + type: string + nullable: true + description: 'The password to authenticate. On response, this field is set to null as to not return secrets.' + example: null + nullable: true + description: Config required if BASIC_AUTH is used. + bearerTokenAuthConfig: + type: object + properties: + bearerToken: + type: string + nullable: true + description: Bearer token + example: null + nullable: true + description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.' + required: + - url + - httpDispatchMode + eventBridgeConfig: + description: Config required if EVENTBRIDGE subscription type is used. + type: object + properties: + awsAccount: + type: string + description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource. + example: '123456789012' + awsRegion: + type: string + description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.' + example: us-west-1 + required: + - awsAccount + - awsRegion + enabled: + type: boolean + description: |- + Whether subscription should receive real-time trigger invocations or not. + Test trigger invocations are always enabled regardless of this option. + default: true + example: true + filter: + type: string + description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. + example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + externalDocs: + description: JSONPath filter documentation + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-subscriptions:manage' + get: + operationId: listSubscriptions + tags: + - Triggers + summary: List Subscriptions + description: Gets a list of all trigger subscriptions. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + required: false + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq* + + **triggerId**: *eq* + + **type**: *eq* + example: id eq "12cff757-c0c0-413b-8ad7-2a47956d1e89" + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: + + **triggerId** **triggerName** + example: triggerName + responses: + '200': + description: List of subscriptions. + content: + application/json: + schema: + type: array + items: + type: object + required: + - id + - triggerId + - type + - name + - triggerName + - enabled + - responseDeadline + properties: + id: + type: string + description: Subscription ID. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Subscription name. + example: Access request subscription + description: + type: string + description: Subscription description. + example: Access requested to site xyz + triggerId: + type: string + description: ID of trigger subscribed to. + example: 'idn:access-requested' + triggerName: + type: string + description: Trigger name of trigger subscribed to. + example: Access Requested + type: + type: string + enum: + - HTTP + - EVENTBRIDGE + - INLINE + - SCRIPT + - WORKFLOW + description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.' + example: HTTP + responseDeadline: + type: string + description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.' + example: PT1H + default: PT1H + httpConfig: + description: Config required if HTTP subscription type is used. + type: object + properties: + url: + type: string + description: URL of the external/custom integration. + example: 'https://www.example.com' + httpDispatchMode: + type: string + description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.' + enum: + - SYNC + - ASYNC + - DYNAMIC + example: SYNC + httpAuthenticationType: + type: string + description: |- + Defines the HTTP Authentication type. Additional values may be added in the future. + + If *NO_AUTH* is selected, no extra information will be in HttpConfig. + + If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings. + + If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string. + enum: + - NO_AUTH + - BASIC_AUTH + - BEARER_TOKEN + default: NO_AUTH + example: BASIC_AUTH + basicAuthConfig: + type: object + properties: + userName: + type: string + description: The username to authenticate. + example: user@example.com + password: + type: string + nullable: true + description: 'The password to authenticate. On response, this field is set to null as to not return secrets.' + example: null + nullable: true + description: Config required if BASIC_AUTH is used. + bearerTokenAuthConfig: + type: object + properties: + bearerToken: + type: string + nullable: true + description: Bearer token + example: null + nullable: true + description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.' + required: + - url + - httpDispatchMode + eventBridgeConfig: + description: Config required if EVENTBRIDGE subscription type is used. + type: object + properties: + awsAccount: + type: string + description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource. + example: '123456789012' + awsRegion: + type: string + description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.' + example: us-west-1 + required: + - awsAccount + - awsRegion + enabled: + type: boolean + description: |- + Whether subscription should receive real-time trigger invocations or not. + Test trigger invocations are always enabled regardless of this option. + default: true + example: true + filter: + type: string + description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. + example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + externalDocs: + description: JSONPath filter documentation + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events' + examples: + HTTP Subscription: + value: + - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Access request subscription + description: Access requested to site xyz + triggerId: 'idn:access-requested' + triggerName: Access Requested + type: HTTP + httpConfig: + url: 'https://www.example.com' + httpDispatchMode: SYNC + httpAuthenticationType: BASIC_AUTH + basicAuthConfig: + userName: user@example.com + password: null + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + HTTP Async Subscription: + value: + name: Access request subscription + description: Access requested to site xyz + triggerId: 'idn:access-requested' + triggerName: Access Requested + type: HTTP + responseDeadline: PT1H + httpConfig: + url: 'https://www.example.com' + httpDispatchMode: ASYNC + httpAuthenticationType: BASIC_AUTH + basicAuthConfig: + userName: user@example.com + password: null + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + EventBridge Subscription: + value: + - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Access request subscription + description: Access requested to site xyz + triggerId: 'idn:access-requested' + triggerName: Access Requested + type: EVENTBRIDGE + eventBridgeConfig: + awsAccount: '123456789012' + awsRegion: us-west-1 + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-subscriptions:read' + '/trigger-subscriptions/{id}': + put: + operationId: updateSubscription + tags: + - Triggers + summary: Update a Subscription + description: |- + This API updates a trigger subscription in IdentityNow, using a full object representation. In other words, the existing + Subscription is completely replaced. The following fields are immutable: + + + * id + + * triggerId + + + Attempts to modify these fields result in 400. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: Subscription ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: Subscription name. + example: Access request subscription + description: + type: string + description: Subscription description. + example: Access requested to site xyz + type: + type: string + enum: + - HTTP + - EVENTBRIDGE + - INLINE + - SCRIPT + - WORKFLOW + description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.' + example: HTTP + responseDeadline: + type: string + description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.' + example: PT1H + default: PT1H + httpConfig: + description: Config required if HTTP subscription type is used. + type: object + properties: + url: + type: string + description: URL of the external/custom integration. + example: 'https://www.example.com' + httpDispatchMode: + type: string + description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.' + enum: + - SYNC + - ASYNC + - DYNAMIC + example: SYNC + httpAuthenticationType: + type: string + description: |- + Defines the HTTP Authentication type. Additional values may be added in the future. + + If *NO_AUTH* is selected, no extra information will be in HttpConfig. + + If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings. + + If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string. + enum: + - NO_AUTH + - BASIC_AUTH + - BEARER_TOKEN + default: NO_AUTH + example: BASIC_AUTH + basicAuthConfig: + type: object + properties: + userName: + type: string + description: The username to authenticate. + example: user@example.com + password: + type: string + nullable: true + description: 'The password to authenticate. On response, this field is set to null as to not return secrets.' + example: null + nullable: true + description: Config required if BASIC_AUTH is used. + bearerTokenAuthConfig: + type: object + properties: + bearerToken: + type: string + nullable: true + description: Bearer token + example: null + nullable: true + description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.' + required: + - url + - httpDispatchMode + eventBridgeConfig: + description: Config required if EVENTBRIDGE subscription type is used. + type: object + properties: + awsAccount: + type: string + description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource. + example: '123456789012' + awsRegion: + type: string + description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.' + example: us-west-1 + required: + - awsAccount + - awsRegion + enabled: + type: boolean + description: |- + Whether subscription should receive real-time trigger invocations or not. + + Test trigger invocations are always enabled regardless of this option. + default: true + example: true + filter: + type: string + description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. + example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + externalDocs: + description: JSONPath filter documentation + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events' + examples: + HTTP Subscription: + value: + name: Access request subscription + description: Access requested to site xyz + type: HTTP + httpConfig: + url: 'https://www.example.com' + httpDispatchMode: SYNC + httpAuthenticationType: BASIC_AUTH + basicAuthConfig: + userName: user@example.com + password: eRtg4%6yuI! + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + HTTP Async Subscription: + value: + name: Access request subscription + description: Access requested to site xyz + type: HTTP + responseDeadline: PT1H + httpConfig: + url: 'https://www.example.com' + httpDispatchMode: ASYNC + httpAuthenticationType: BASIC_AUTH + basicAuthConfig: + userName: user@example.com + password: eRtg4%6yuI! + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + EventBridge Subscription: + value: + name: Access request subscription + description: Access requested to site xyz + type: EVENTBRIDGE + eventBridgeConfig: + awsAccount: '123456789012' + awsRegion: us-west-1 + enabled: true + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + responses: + '200': + description: Updated subscription. + content: + application/json: + schema: + type: object + required: + - id + - triggerId + - type + - name + - triggerName + - enabled + - responseDeadline + properties: + id: + type: string + description: Subscription ID. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Subscription name. + example: Access request subscription + description: + type: string + description: Subscription description. + example: Access requested to site xyz + triggerId: + type: string + description: ID of trigger subscribed to. + example: 'idn:access-requested' + triggerName: + type: string + description: Trigger name of trigger subscribed to. + example: Access Requested + type: + type: string + enum: + - HTTP + - EVENTBRIDGE + - INLINE + - SCRIPT + - WORKFLOW + description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.' + example: HTTP + responseDeadline: + type: string + description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.' + example: PT1H + default: PT1H + httpConfig: + description: Config required if HTTP subscription type is used. + type: object + properties: + url: + type: string + description: URL of the external/custom integration. + example: 'https://www.example.com' + httpDispatchMode: + type: string + description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.' + enum: + - SYNC + - ASYNC + - DYNAMIC + example: SYNC + httpAuthenticationType: + type: string + description: |- + Defines the HTTP Authentication type. Additional values may be added in the future. + + If *NO_AUTH* is selected, no extra information will be in HttpConfig. + + If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings. + + If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string. + enum: + - NO_AUTH + - BASIC_AUTH + - BEARER_TOKEN + default: NO_AUTH + example: BASIC_AUTH + basicAuthConfig: + type: object + properties: + userName: + type: string + description: The username to authenticate. + example: user@example.com + password: + type: string + nullable: true + description: 'The password to authenticate. On response, this field is set to null as to not return secrets.' + example: null + nullable: true + description: Config required if BASIC_AUTH is used. + bearerTokenAuthConfig: + type: object + properties: + bearerToken: + type: string + nullable: true + description: Bearer token + example: null + nullable: true + description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.' + required: + - url + - httpDispatchMode + eventBridgeConfig: + description: Config required if EVENTBRIDGE subscription type is used. + type: object + properties: + awsAccount: + type: string + description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource. + example: '123456789012' + awsRegion: + type: string + description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.' + example: us-west-1 + required: + - awsAccount + - awsRegion + enabled: + type: boolean + description: |- + Whether subscription should receive real-time trigger invocations or not. + Test trigger invocations are always enabled regardless of this option. + default: true + example: true + filter: + type: string + description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. + example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + externalDocs: + description: JSONPath filter documentation + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-subscriptions:manage' + patch: + operationId: patchSubscription + tags: + - Triggers + summary: Patch a Subscription + description: |- + This API updates a trigger subscription in IdentityNow, using a set of instructions to modify a subscription partially. The following fields are patchable: + + **name**, **description**, **enabled**, **type**, **filter**, **responseDeadline**, **httpConfig**, **eventBridgeConfig**, **workflowConfig** + parameters: + - in: path + name: id + schema: + type: string + required: true + description: ID of the Subscription to patch + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + requestBody: + required: true + content: + application/json-patch+json: + schema: + description: Operations to be applied + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /description + value: A new description + - op: replace + path: /name + value: A new name + responses: + '200': + description: Updated subscription. + content: + application/json: + schema: + type: object + required: + - id + - triggerId + - type + - name + - triggerName + - enabled + - responseDeadline + properties: + id: + type: string + description: Subscription ID. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Subscription name. + example: Access request subscription + description: + type: string + description: Subscription description. + example: Access requested to site xyz + triggerId: + type: string + description: ID of trigger subscribed to. + example: 'idn:access-requested' + triggerName: + type: string + description: Trigger name of trigger subscribed to. + example: Access Requested + type: + type: string + enum: + - HTTP + - EVENTBRIDGE + - INLINE + - SCRIPT + - WORKFLOW + description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.' + example: HTTP + responseDeadline: + type: string + description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.' + example: PT1H + default: PT1H + httpConfig: + description: Config required if HTTP subscription type is used. + type: object + properties: + url: + type: string + description: URL of the external/custom integration. + example: 'https://www.example.com' + httpDispatchMode: + type: string + description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.' + enum: + - SYNC + - ASYNC + - DYNAMIC + example: SYNC + httpAuthenticationType: + type: string + description: |- + Defines the HTTP Authentication type. Additional values may be added in the future. + + If *NO_AUTH* is selected, no extra information will be in HttpConfig. + + If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings. + + If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string. + enum: + - NO_AUTH + - BASIC_AUTH + - BEARER_TOKEN + default: NO_AUTH + example: BASIC_AUTH + basicAuthConfig: + type: object + properties: + userName: + type: string + description: The username to authenticate. + example: user@example.com + password: + type: string + nullable: true + description: 'The password to authenticate. On response, this field is set to null as to not return secrets.' + example: null + nullable: true + description: Config required if BASIC_AUTH is used. + bearerTokenAuthConfig: + type: object + properties: + bearerToken: + type: string + nullable: true + description: Bearer token + example: null + nullable: true + description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.' + required: + - url + - httpDispatchMode + eventBridgeConfig: + description: Config required if EVENTBRIDGE subscription type is used. + type: object + properties: + awsAccount: + type: string + description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource. + example: '123456789012' + awsRegion: + type: string + description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.' + example: us-west-1 + required: + - awsAccount + - awsRegion + enabled: + type: boolean + description: |- + Whether subscription should receive real-time trigger invocations or not. + Test trigger invocations are always enabled regardless of this option. + default: true + example: true + filter: + type: string + description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. + example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + externalDocs: + description: JSONPath filter documentation + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-subscriptions:manage' + delete: + operationId: deleteSubscription + tags: + - Triggers + summary: Delete a Subscription + description: Deletes an existing subscription to a trigger. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: Subscription ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + responses: + '204': + description: Subscription is deleted successfully. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-subscriptions:manage' + /trigger-subscriptions/validate-filter: + post: + operationId: validateSubscriptionFilter + tags: + - Triggers + summary: Validate a Subscription Filter + description: |- + Validates a JSONPath filter expression against a provided mock input. + Request requires a security scope of: + requestBody: + required: true + content: + application/json: + schema: + required: + - input + - filter + type: object + properties: + input: + type: object + description: Mock input to evaluate filter expression against. + example: + identityId: 201327fda1c44704ac01181e963d463c + filter: + type: string + description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. + example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + externalDocs: + description: JSONPath filter documentation + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events' + example: + input: + identityId: 201327fda1c44704ac01181e963d463c + filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]' + responses: + '200': + description: Boolean whether specified filter expression is valid against the input. + content: + application/json: + schema: + type: object + properties: + isValid: + type: boolean + description: 'True if specified filter expression is valid against the input, false otherwise.' + example: + isValid: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-subscriptions:manage' + /trigger-invocations/status: + get: + operationId: listTriggerInvocationStatus + tags: + - Triggers + summary: List Latest Invocation Statuses + description: |- + Gets a list of latest invocation statuses. + Statuses of successful invocations are available for up to 24 hours. Statuses of failed invocations are available for up to 48 hours. + This endpoint may only fetch up to 2000 invocations, and should not be treated as a representation of the full history of invocations. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **triggerId**: *eq* **subscriptionId**: *eq* + example: 'triggerId eq "idn:access-request-dynamic-approver"' + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: + + **triggerId** **subscriptionName** **created** **completed** + example: created + responses: + '200': + description: List of latest invocation statuses. + content: + application/json: + schema: + type: array + items: + type: object + required: + - id + - triggerId + - subscriptionId + - startInvocationInput + - type + - subscriptionName + - created + properties: + id: + type: string + description: Invocation ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + triggerId: + type: string + description: Trigger ID + example: 'idn:access-requested' + subscriptionId: + type: string + description: Subscription ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + type: + type: string + description: |- + Defines the Invocation type. + + **TEST** The trigger was invocated as a test, either via the test subscription button in the UI or via the start test invocation API. + + **REAL_TIME** The trigger subscription is live and was invocated by a real event in IdentityNow. + enum: + - TEST + - REAL_TIME + example: TEST + created: + type: string + format: date-time + description: Invocation created timestamp. ISO-8601 in UTC. + example: '2020-03-27T20:40:10.738Z' + completed: + type: string + format: date-time + description: Invocation completed timestamp; empty fields imply invocation is in-flight or not completed. ISO-8601 in UTC. + example: '2020-03-27T20:42:14.738Z' + startInvocationInput: + description: Data related to start of trigger invocation. + type: object + properties: + triggerId: + type: string + description: Trigger ID + example: 'idn:access-requested' + input: + type: object + example: + identityId: 201327fda1c44704ac01181e963d463c + description: Trigger input payload. Its schema is defined in the trigger definition. + contentJson: + type: object + example: + workflowId: 1234 + description: JSON map of invocation metadata + completeInvocationInput: + description: Data related to end of trigger invocation. + type: object + properties: + localizedError: + type: object + description: Localized error message to indicate a failed invocation or error if any. + required: + - locale + - message + properties: + locale: + description: Message locale + type: string + example: An error has occurred! + message: + description: Message text + type: string + example: Error has occurred! + output: + type: object + example: + approved: false + description: Trigger output that completed the invocation. Its schema is defined in the trigger definition. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-invocation-status:read' + - 'sp:trigger-service-invocation-status:manage' + '/trigger-invocations/{id}/complete': + post: + operationId: completeTriggerInvocation + tags: + - Triggers + summary: Complete Trigger Invocation + description: Completes an invocation to a REQUEST_RESPONSE type trigger. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the invocation to complete. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + secret: + type: string + description: Unique invocation secret that was generated when the invocation was created. Required to authenticate to the endpoint. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + error: + type: string + description: The error message to indicate a failed invocation or error if any. + example: Access request is denied. + output: + type: object + example: + approved: false + description: Trigger output to complete the invocation. Its schema is defined in the trigger definition. + required: + - secret + - output + example: + secret: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + output: + approved: false + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /trigger-invocations/test: + post: + operationId: startTestTriggerInvocation + tags: + - Triggers + summary: Start a Test Invocation + description: 'Initiate a test event for all subscribers of the specified event trigger. If there are no subscribers to the specified trigger in the tenant, then no test event will be sent.' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + triggerId: + type: string + example: 'idn:access-request-post-approval' + description: Trigger ID + input: + type: object + example: + identityId: 201327fda1c44704ac01181e963d463c + description: 'Mock input to use for test invocation. This must adhere to the input schema defined in the trigger being invoked. If this property is omitted, then the default trigger sample payload will be sent.' + contentJson: + type: object + example: + workflowId: 1234 + description: JSON map of invocation metadata. + subscriptionIds: + type: array + items: + type: string + example: + - 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + description: 'Only send the test event to the subscription IDs listed. If omitted, the test event will be sent to all subscribers.' + required: + - triggerId + - contentJson + examples: + Test Trigger with Mock Input: + value: + triggerId: 'idn:access-requested' + input: + identityId: 201327fda1c44704ac01181e963d463c + contentJson: + workflowId: 1234 + Send Test to only One Subscriber: + value: + triggerId: 'idn:access-requested' + contentJson: + workflowId: 1234 + subscriptionIds: + - 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + responses: + '200': + description: Test trigger invocations that have been started for specified subscription(s). + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Invocation ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + triggerId: + type: string + description: Trigger ID + example: 'idn:access-requested' + secret: + type: string + description: Unique invocation secret. + example: 0f979022-08be-44f2-b6f9-7393ec73ed9b + contentJson: + type: object + example: + workflowId: 1234 + description: JSON map of invocation metadata. + '204': + description: 'Trigger invocation is skipped, because tenant has not subscribed to the specified trigger.' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'sp:trigger-service-invocation-status:manage' + /verified-from-addresses: + get: + operationId: listFromAddresses + tags: + - Notifications + summary: List From Addresses + description: Retrieve a list of sender email addresses and their verification statuses + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **email**: *eq* + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: + + **email** + responses: + '200': + description: List of Email Status + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + email: + type: string + example: sender@example.com + verificationStatus: + type: string + enum: + - PENDING + - SUCCESS + - FAILED + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createVerifiedFromAddress + tags: + - Notifications + summary: Create Verified From Address + description: Create a new sender email address and initiate verification process. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + email: + type: string + example: sender@example.com + verificationStatus: + type: string + enum: + - PENDING + - SUCCESS + - FAILED + example: + email: sender@example.com + responses: + '201': + description: New Verified Email Status + content: + application/json: + schema: + type: object + properties: + id: + type: string + email: + type: string + example: sender@example.com + verificationStatus: + type: string + enum: + - PENDING + - SUCCESS + - FAILED + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/verified-from-addresses/{id}': + delete: + operationId: deleteVerifiedFromAddress + tags: + - Notifications + summary: Delete Verified From Address + description: Delete a verified sender email address + parameters: + - in: path + name: id + schema: + type: string + required: true + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /verified-domains: + get: + security: + - oauth2: + - 'sp:notification-dkim-attributes:read' + operationId: getDkimAttributes + tags: + - Notifications + summary: Get DKIM Attributes + description: Retrieve DKIM (DomainKeys Identified Mail) attributes for all your tenants' AWS SES identities. Limits retrieval to 100 identities per call. + responses: + '200': + description: List of DKIM Attributes + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + example: 123b45b0-aaaa-bbbb-a7db-123456a56abc + description: UUID associated with domain to be verified + address: + type: string + example: BobSmith@sailpoint.com + description: The identity or domain address + dkimEnabled: + type: boolean + default: false + example: true + description: Whether or not DKIM has been enabled for this domain / identity + dkimTokens: + type: array + items: + type: string + example: + - uq1m3jjk25ckd3whl4n7y46c56r5l6aq + - u7pm38jky9ckdawhlsn7y4dcj6f5lpgq + - uhpm3jjkjjckdkwhlqn7yw6cjer5tpay + description: The tokens to be added to a DNS for verification + dkimVerificationStatus: + type: string + example: Success + description: 'The current status if the domain /identity has been verified. Ie Success, Failed, Pending' + description: DKIM attributes for a domain or identity + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + security: + - oauth2: + - 'sp:notification-verify-domain-dkim:write' + operationId: createDomainDkim + tags: + - Notifications + summary: Verify domain address via DKIM + description: Create a domain to be verified via DKIM (DomainKeys Identified Mail) + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + domain: + type: string + example: sailpoint.com + description: A domain address + responses: + '200': + description: List of DKIM tokens required for the verification process. + content: + application/json: + schema: + type: object + properties: + id: + type: string + example: 123b45b0-aaaa-bbbb-a7db-123456a56abc + description: New UUID associated with domain to be verified + domain: + type: string + example: sailpoint.com + description: A domain address + dkimEnabled: + default: false + example: true + description: DKIM is enabled for this domain + dkimTokens: + type: array + items: + type: string + example: + - token1 + - token2 + - token3 + description: DKIM tokens required for authentication + dkimVerificationStatus: + type: string + example: PENDING + description: Status of DKIM authentication + description: Domain status DTO containing everything required to verify via DKIM + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '405': + description: 'Method Not Allowed - indicates that the server knows the request method, but the target resource doesn''t support this method.' + content: + application/json: + schema: + type: object + properties: + errorName: + description: A message describing the error + example: NotSupportedException + errorMessage: + description: Description of the error + example: Cannot consume content type + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-policies: + post: + operationId: createSodPolicy + tags: + - SOD Policy + summary: Create SOD policy + description: |- + This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. + Requires role of ORG_ADMIN. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + nullable: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + name: Conflicting-Policy-Name + description: This policy ensures compliance of xyz + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + name: General-Policy-Name + responses: + '201': + description: SOD policy created + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + nullable: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: This policy ensures compliance of xyz + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listSodPolicies + tags: + - SOD Policy + summary: List SOD policies + description: |- + This gets list of all SOD policies. + Requires role of ORG_ADMIN + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq* **name**: *eq* **state**: *eq* + example: id eq "bc693f07e7b645539626c25954c58554" + required: false + responses: + '200': + description: List of all SOD policies. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + nullable: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + example: + - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: This policy ensures compliance of xyz + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + - description: Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-policies/{id}': + get: + operationId: getSodPolicy + tags: + - SOD Policy + summary: Get SOD policy by ID + description: |- + This gets specified SOD policy. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to retrieve. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: SOD policy ID. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + nullable: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: This policy ensures compliance of xyz + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateSodPolicy + tags: + - SOD Policy + summary: Update SOD policy by ID + description: |- + This updates a specified SOD policy. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy to update. + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + nullable: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: Modified Description + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Modified Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + responses: + '200': + description: SOD Policy by ID + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + nullable: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: Modified description + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Modified Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSodPolicy + tags: + - SOD Policy + summary: Delete SOD policy by ID + description: |- + This deletes a specified SOD policy. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD Policy to delete. + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: logical + schema: + type: boolean + default: true + description: Indicates whether this is a soft delete (logical true) or a hard delete. + required: false + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchSodPolicy + tags: + - SOD Policy + summary: Patch a SOD policy + description: |- + Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + Requires role of ORG_ADMIN. + This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy being modified. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + description: | + A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * name + * description + * ownerRef + * externalPolicyReference + * compensatingControls + * correctionAdvice + * state + * tags + * violationOwnerAssignmentConfig + * scheduled + * conflictingAccessCriteria + content: + application/json-patch+json: + schema: + type: array + items: + type: object + examples: + Conflicting Access Based Policy: + value: + - op: replace + path: /description + value: Modified description + - op: replace + path: /conflictingAccessCriteria/leftCriteria/name + value: money-in-modified + - op: replace + path: /conflictingAccessCriteria/rightCriteria + value: + name: money-out-modified + criteriaList: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + General Policy: + value: + - op: replace + path: /description + value: Modified description + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the SOD policy''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + nullable: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: DTO type + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: Modified description + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in-modified + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out-modified + criteriaList: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + General Policy: + value: + description: Modified description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-policies/{id}/schedule': + get: + operationId: getSodPolicySchedule + tags: + - SOD Policy + summary: Get SOD policy schedule + description: |- + This endpoint gets a specified SOD policy's schedule. + Requires the role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to retrieve. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: SOD policy ID. + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: SOD Policy schedule name + example: SCH-1584312283015 + created: + type: string + format: date-time + description: The time when this SOD policy schedule is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy schedule is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: SOD Policy schedule description + example: Schedule for policy xyz + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + emailEmptyResults: + type: boolean + description: Indicates if empty results need to be emailed + example: false + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePolicySchedule + tags: + - SOD Policy + summary: Update SOD Policy schedule + description: |- + This updates schedule for a specified SOD policy. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy to update its schedule. + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: SOD Policy schedule name + example: SCH-1584312283015 + created: + type: string + format: date-time + description: The time when this SOD policy schedule is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy schedule is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: SOD Policy schedule description + example: Schedule for policy xyz + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + emailEmptyResults: + type: boolean + description: Indicates if empty results need to be emailed + example: false + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + responses: + '200': + description: SOD policy by ID. + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: SOD Policy schedule name + example: SCH-1584312283015 + created: + type: string + format: date-time + description: The time when this SOD policy schedule is created. + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this SOD policy schedule is modified. + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: SOD Policy schedule description + example: Schedule for policy xyz + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + emailEmptyResults: + type: boolean + description: Indicates if empty results need to be emailed + example: false + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSodPolicySchedule + tags: + - SOD Policy + summary: Delete SOD policy schedule + description: |- + This deletes schedule for a specified SOD policy. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy the schedule must be deleted for. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-policies/{id}/violation-report/run': + post: + operationId: runSodPolicy + tags: + - SOD Policy + summary: Runs SOD policy violation report + description: |- + This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The SOD policy ID to run. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Reference to the violation report run task. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: + status: PENDING + type: REPORT_RESULT + id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d + name: policy-xyz + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-policies/{id}/violation-report': + get: + operationId: getSodViolationReportStatus + tags: + - SOD Policy + summary: Get SOD violation report status + description: |- + This gets the status for a violation report run task that has already been invoked. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to retrieve. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Status of the violation report run task. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: + status: SUCCESS + type: REPORT_RESULT + id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d + name: policy-xyz + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-violations/predict: + post: + operationId: predictSodViolations + tags: + - SOD Violations + summary: Predict SOD violations for the given identity if they were granted the given access. + description: |- + This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused. + + A token with ORG_ADMIN or API authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + description: An identity with a set of access to be added + required: + - identityId + - accessRefs + type: object + properties: + identityId: + description: Identity id to be checked. + type: string + example: 2c91808568c529c60168cca6f90c1313 + accessRefs: + description: The list of ENTITLEMENTs to consider for calculating possible violations in a preventive check. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The types of objects supported for SOD violations + properties: + type: + enum: + - ENTITLEMENT + example: ENTITLEMENT + description: The type of object that is referenced + example: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c050861ab1 + name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local' + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local' + example: + identityId: 2c91808568c529c60168cca6f90c1313 + accessRefs: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c050861ab1 + name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local' + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local' + responses: + '200': + description: Violation Contexts + content: + application/json: + schema: + description: An object containing a listing of the SOD violation reasons detected by this check. + required: + - requestId + type: object + properties: + violationContexts: + type: array + description: List of Violation Contexts + items: + type: object + properties: + policy: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + type: + type: string + example: SOD_POLICY + name: + type: string + example: A very cool policy name + description: The types of objects supported for SOD violations + properties: + type: + enum: + - ENTITLEMENT + example: ENTITLEMENT + description: The type of object that is referenced + conflictingAccessCriteria: + nullable: false + type: object + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + description: List of exception criteria. There is a min of 1 and max of 50 items in the list. + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' + existing: + type: boolean + description: Whether the subject identity already had that access or not + example: true + description: Access reference with addition of boolean existing flag to indicate whether the access was extant + description: The types of objects supported for SOD violations + properties: + type: + enum: + - ENTITLEMENT + example: ENTITLEMENT + description: The type of object that is referenced + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + existing: true + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + existing: false + rightCriteria: + type: object + properties: + criteriaList: + type: array + description: List of exception criteria. There is a min of 1 and max of 50 items in the list. + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' + existing: + type: boolean + description: Whether the subject identity already had that access or not + example: true + description: Access reference with addition of boolean existing flag to indicate whether the access was extant + description: The types of objects supported for SOD violations + properties: + type: + enum: + - ENTITLEMENT + example: ENTITLEMENT + description: The type of object that is referenced + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + existing: true + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + existing: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-violation-report-status/{reportResultId}': + get: + operationId: getSodViolationReportRunStatus + tags: + - SOD Policy + summary: Get violation report run status + description: |- + This gets the status for a violation report run task that has already been invoked. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: reportResultId + schema: + type: string + required: true + description: The ID of the report reference to retrieve. + example: 2e8d8180-24bc-4d21-91c6-7affdb473b0d + responses: + '200': + description: Status of the violation report run task. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: + status: SUCCESS + type: REPORT_RESULT + id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d + name: policy-xyz + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-violation-report/run: + post: + operationId: runSodAllPoliciesForOrg + tags: + - SOD Policy + summary: Runs all policies for org + description: |- + Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided. + Requires role of ORG_ADMIN. + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + filteredPolicyList: + type: array + description: Multi-policy report will be run for this list of ids + items: + type: string + example: + filteredPolicyList: + - b868cd40-ffa4-4337-9c07-1a51846cfa94 + - 63a07a7b-39a4-48aa-956d-50c827deba2a + responses: + '200': + description: Reference to the violation report run task. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: + status: PENDING + type: REPORT_RESULT + id: 37b3b32a-f394-46f8-acad-b5223969fa68 + name: Multi Query Report + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-violation-report: + get: + operationId: getSodAllReportRunStatus + tags: + - SOD Policy + summary: Get multi-report run task status + description: |- + This endpoint gets the status for a violation report for all policy run. + Requires role of ORG_ADMIN. + responses: + '200': + description: Status of the violation report run task for all policy run. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: + status: SUCCESS + type: REPORT_RESULT + id: 37b3b32a-f394-46f8-acad-b5223969fa68 + name: Multi Query Report + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-violation-report/{reportResultId}/download': + get: + operationId: downloadDefaultViolationReport + tags: + - SOD Policy + summary: Download violation report + description: |- + This allows to download a violation report for a given report reference. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: reportResultId + schema: + type: string + required: true + description: The ID of the report reference to download. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Returns the PolicyReport.zip that contains the violation report file. + content: + application/zip: + schema: + type: string + format: binary + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-violation-report/{reportResultId}/download/{fileName}': + get: + operationId: downloadCustomViolationReport + tags: + - SOD Policy + summary: Download custom violation report + description: |- + This allows to download a specified named violation report for a given report reference. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: reportResultId + schema: + type: string + required: true + description: The ID of the report reference to download. + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: fileName + schema: + type: string + required: true + description: Custom Name for the file. + example: custom-name + responses: + '200': + description: Returns the zip file with given custom name that contains the violation report file. + content: + application/zip: + schema: + type: string + format: binary + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items: + get: + operationId: listWorkItems + tags: + - Work Items + summary: List Work Items + description: 'This gets a collection of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + /work-items/completed: + get: + operationId: getCompletedWorkItems + tags: + - Work Items + summary: Completed Work Items + description: 'This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: 'The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.' + required: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of completed work items. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + /work-items/count: + get: + operationId: getCountWorkItems + tags: + - Work Items + summary: Count Work Items + description: 'This gets a count of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: array + items: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + /work-items/count/completed: + get: + operationId: getCountCompletedWorkItems + tags: + - Work Items + summary: Count Completed Work Items + description: 'This gets a count of completed work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: array + items: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + /work-items/summary: + get: + operationId: getWorkItemsSummary + tags: + - Work Items + summary: Work Items Summary + description: 'This gets a summary of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: array + items: + type: object + properties: + open: + type: integer + description: The count of open work items + example: 29 + completed: + type: integer + description: The count of completed work items + example: 1 + total: + type: integer + description: The count of total work items + example: 30 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '/work-items/{id}': + get: + operationId: getWorkItem + tags: + - Work Items + summary: Get a Work Item + description: 'This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + - in: path + name: id + schema: + type: string + required: true + description: ID of the work item. + responses: + '200': + description: The work item with the given ID. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + post: + operationId: completeWorkItem + tags: + - Work Items + summary: Complete a Work Item + description: 'This API completes a work item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A WorkItems object + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '/work-items/{id}/forward': + post: + operationId: forwardWorkItem + tags: + - Work Items + summary: Forward a Work Item + description: 'This API forwards a work item to a new owner. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - targetOwnerId + - comment + properties: + targetOwnerId: + type: string + description: The ID of the identity to forward this work item to. + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: Comments to send to the target owner + example: I'm going on vacation. + sendNotifications: + type: boolean + description: 'If true, send a notification to the target owner.' + default: true + example: true + responses: + '200': + description: 'Success, but no data is returned.' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}/approve/{approvalItemId}': + post: + operationId: approveApprovalItem + tags: + - Work Items + summary: Approve an Approval Item + description: 'This API approves an Approval Item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: approvalItemId + schema: + type: string + required: true + description: The ID of the approval item. + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '/work-items/{id}/reject/{approvalItemId}': + post: + operationId: rejectApprovalItem + tags: + - Work Items + summary: Reject an Approval Item + description: 'This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: approvalItemId + schema: + type: string + required: true + description: The ID of the approval item. + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '/work-items/bulk-approve/{id}': + post: + operationId: approveApprovalItemsInBulk + tags: + - Work Items + summary: Bulk approve Approval Items + description: 'This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '/work-items/bulk-reject/{id}': + post: + operationId: rejectApprovalItemsInBulk + tags: + - Work Items + summary: Bulk reject Approval Items + description: 'This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '/work-items/{id}/submit-account-selection': + post: + operationId: submitAccountSelection + tags: + - Work Items + summary: Submit Account Selections + description: 'This API submits account selections. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: true + example: + fieldName: fieldValue + description: 'Account Selection Data map, keyed on fieldName' + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + numItems: + type: integer + description: The number of items in the work item + example: 19 + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + /workflows: + post: + operationId: createWorkflow + tags: + - Workflows + summary: Create Workflow + description: Create a new workflow with the desired trigger and steps specified in the request body. + security: + - oauth2: + - 'sp:workflow:manage' + requestBody: + required: true + content: + application/json: + schema: + allOf: + - required: + - name + - owner + - type: object + properties: + name: + type: string + description: The name of the workflow + example: Send Email + owner: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: + type: string + description: Description of what the workflow accomplishes + example: Send an email to the identity who's attributes changed. + definition: + type: object + description: The map of steps that the workflow will execute. + properties: + start: + type: string + description: The name of the starting step. + example: Send Email Test + steps: + type: object + description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. + additionalProperties: true + example: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: ACTION + success: + type: success + enabled: + type: boolean + description: Enable or disable the workflow. Workflows cannot be created in an enabled state. + default: false + example: false + trigger: + type: object + description: The trigger that starts the workflow + required: + - type + - attributes + properties: + type: + enum: + - EVENT + - EXTERNAL + - SCHEDULED + example: EVENT + description: The trigger type + attributes: + description: Workflow Trigger Attributes. + oneOf: + - title: Event Trigger Attributes + type: object + required: + - id + properties: + id: + type: string + description: The unique ID of the trigger + example: 'idn:identity-attributes-changed' + filter: + type: string + description: JSON path expression that will limit which events the trigger will fire on + example: '$.changes[?(@.attribute == ''manager'')]' + - title: Scheduled Trigger Attributes + type: object + required: + - cronString + properties: + cronString: + type: string + description: A valid CRON expression + externalDocs: + description: CRON expression editor + url: 'https://crontab.guru/' + example: 0 * */3 */5 * + examples: + Event Trigger: + description: Workflow initiated by an event trigger + value: + name: Send Email + owner: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: Send an email to the identity who's attributes changed. + definition: + start: Send Email Test + steps: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: action + success: + type: success + enabled: false + trigger: + type: EVENT + attributes: + id: 'idn:identity-attributes-changed' + filter: '$.changes[?(@.attribute == ''manager'')]' + Scheduled Trigger: + description: Workflow initiated by a scheduled trigger + value: + name: Send Email + owner: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: Send an email to the identity who's attributes changed. + definition: + start: Send Email Test + steps: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: action + success: + type: success + enabled: false + trigger: + type: SCHEDULED + attributes: + cronString: 0 * */3 */5 * + responses: + '200': + description: The Workflow object + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + description: Workflow ID. This is a UUID generated upon creation. + example: d201c5e9-d37b-4aff-af14-66414f39d569 + executionCount: + type: integer + format: int32 + description: The number of times this workflow has been executed + example: 2 + failureCount: + type: integer + format: int32 + description: The number of times this workflow has failed during execution + example: 0 + created: + type: string + format: date-time + description: The date and time the workflow was created + example: '2022-01-10T16:06:16.636381447Z' + creator: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that created the workflow. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + - type: object + properties: + name: + type: string + description: The name of the workflow + example: Send Email + owner: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: + type: string + description: Description of what the workflow accomplishes + example: Send an email to the identity who's attributes changed. + definition: + type: object + description: The map of steps that the workflow will execute. + properties: + start: + type: string + description: The name of the starting step. + example: Send Email Test + steps: + type: object + description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. + additionalProperties: true + example: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: ACTION + success: + type: success + enabled: + type: boolean + description: Enable or disable the workflow. Workflows cannot be created in an enabled state. + default: false + example: false + trigger: + type: object + description: The trigger that starts the workflow + required: + - type + - attributes + properties: + type: + enum: + - EVENT + - EXTERNAL + - SCHEDULED + example: EVENT + description: The trigger type + attributes: + description: Workflow Trigger Attributes. + oneOf: + - title: Event Trigger Attributes + type: object + required: + - id + properties: + id: + type: string + description: The unique ID of the trigger + example: 'idn:identity-attributes-changed' + filter: + type: string + description: JSON path expression that will limit which events the trigger will fire on + example: '$.changes[?(@.attribute == ''manager'')]' + - title: Scheduled Trigger Attributes + type: object + required: + - cronString + properties: + cronString: + type: string + description: A valid CRON expression + externalDocs: + description: CRON expression editor + url: 'https://crontab.guru/' + example: 0 * */3 */5 * + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listWorkflows + tags: + - Workflows + summary: List Workflows + description: List all workflows in the tenant. + security: + - oauth2: + - 'sp:workflow:read' + responses: + '200': + description: List of workflows + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + description: Workflow ID. This is a UUID generated upon creation. + example: d201c5e9-d37b-4aff-af14-66414f39d569 + executionCount: + type: integer + format: int32 + description: The number of times this workflow has been executed + example: 2 + failureCount: + type: integer + format: int32 + description: The number of times this workflow has failed during execution + example: 0 + created: + type: string + format: date-time + description: The date and time the workflow was created + example: '2022-01-10T16:06:16.636381447Z' + creator: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that created the workflow. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + - type: object + properties: + name: + type: string + description: The name of the workflow + example: Send Email + owner: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: + type: string + description: Description of what the workflow accomplishes + example: Send an email to the identity who's attributes changed. + definition: + type: object + description: The map of steps that the workflow will execute. + properties: + start: + type: string + description: The name of the starting step. + example: Send Email Test + steps: + type: object + description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. + additionalProperties: true + example: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: ACTION + success: + type: success + enabled: + type: boolean + description: Enable or disable the workflow. Workflows cannot be created in an enabled state. + default: false + example: false + trigger: + type: object + description: The trigger that starts the workflow + required: + - type + - attributes + properties: + type: + enum: + - EVENT + - EXTERNAL + - SCHEDULED + example: EVENT + description: The trigger type + attributes: + description: Workflow Trigger Attributes. + oneOf: + - title: Event Trigger Attributes + type: object + required: + - id + properties: + id: + type: string + description: The unique ID of the trigger + example: 'idn:identity-attributes-changed' + filter: + type: string + description: JSON path expression that will limit which events the trigger will fire on + example: '$.changes[?(@.attribute == ''manager'')]' + - title: Scheduled Trigger Attributes + type: object + required: + - cronString + properties: + cronString: + type: string + description: A valid CRON expression + externalDocs: + description: CRON expression editor + url: 'https://crontab.guru/' + example: 0 * */3 */5 * + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflows/{id}': + get: + operationId: getWorkflow + tags: + - Workflows + summary: Get Workflow By Id + description: Get a single workflow by id. + security: + - oauth2: + - 'sp:workflow:read' + parameters: + - name: id + in: path + description: Id of the workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + responses: + '200': + description: The workflow object + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + description: Workflow ID. This is a UUID generated upon creation. + example: d201c5e9-d37b-4aff-af14-66414f39d569 + executionCount: + type: integer + format: int32 + description: The number of times this workflow has been executed + example: 2 + failureCount: + type: integer + format: int32 + description: The number of times this workflow has failed during execution + example: 0 + created: + type: string + format: date-time + description: The date and time the workflow was created + example: '2022-01-10T16:06:16.636381447Z' + creator: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that created the workflow. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + - type: object + properties: + name: + type: string + description: The name of the workflow + example: Send Email + owner: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: + type: string + description: Description of what the workflow accomplishes + example: Send an email to the identity who's attributes changed. + definition: + type: object + description: The map of steps that the workflow will execute. + properties: + start: + type: string + description: The name of the starting step. + example: Send Email Test + steps: + type: object + description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. + additionalProperties: true + example: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: ACTION + success: + type: success + enabled: + type: boolean + description: Enable or disable the workflow. Workflows cannot be created in an enabled state. + default: false + example: false + trigger: + type: object + description: The trigger that starts the workflow + required: + - type + - attributes + properties: + type: + enum: + - EVENT + - EXTERNAL + - SCHEDULED + example: EVENT + description: The trigger type + attributes: + description: Workflow Trigger Attributes. + oneOf: + - title: Event Trigger Attributes + type: object + required: + - id + properties: + id: + type: string + description: The unique ID of the trigger + example: 'idn:identity-attributes-changed' + filter: + type: string + description: JSON path expression that will limit which events the trigger will fire on + example: '$.changes[?(@.attribute == ''manager'')]' + - title: Scheduled Trigger Attributes + type: object + required: + - cronString + properties: + cronString: + type: string + description: A valid CRON expression + externalDocs: + description: CRON expression editor + url: 'https://crontab.guru/' + example: 0 * */3 */5 * + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateWorkflow + tags: + - Workflows + summary: Update Workflow + description: Perform a full update of a workflow. The updated workflow object is returned in the response. + security: + - oauth2: + - 'sp:workflow:manage' + parameters: + - name: id + in: path + description: Id of the Workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: The name of the workflow + example: Send Email + owner: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: + type: string + description: Description of what the workflow accomplishes + example: Send an email to the identity who's attributes changed. + definition: + type: object + description: The map of steps that the workflow will execute. + properties: + start: + type: string + description: The name of the starting step. + example: Send Email Test + steps: + type: object + description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. + additionalProperties: true + example: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: ACTION + success: + type: success + enabled: + type: boolean + description: Enable or disable the workflow. Workflows cannot be created in an enabled state. + default: false + example: false + trigger: + type: object + description: The trigger that starts the workflow + required: + - type + - attributes + properties: + type: + enum: + - EVENT + - EXTERNAL + - SCHEDULED + example: EVENT + description: The trigger type + attributes: + description: Workflow Trigger Attributes. + oneOf: + - title: Event Trigger Attributes + type: object + required: + - id + properties: + id: + type: string + description: The unique ID of the trigger + example: 'idn:identity-attributes-changed' + filter: + type: string + description: JSON path expression that will limit which events the trigger will fire on + example: '$.changes[?(@.attribute == ''manager'')]' + - title: Scheduled Trigger Attributes + type: object + required: + - cronString + properties: + cronString: + type: string + description: A valid CRON expression + externalDocs: + description: CRON expression editor + url: 'https://crontab.guru/' + example: 0 * */3 */5 * + responses: + '200': + description: The Workflow object + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + description: Workflow ID. This is a UUID generated upon creation. + example: d201c5e9-d37b-4aff-af14-66414f39d569 + executionCount: + type: integer + format: int32 + description: The number of times this workflow has been executed + example: 2 + failureCount: + type: integer + format: int32 + description: The number of times this workflow has failed during execution + example: 0 + created: + type: string + format: date-time + description: The date and time the workflow was created + example: '2022-01-10T16:06:16.636381447Z' + creator: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that created the workflow. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + - type: object + properties: + name: + type: string + description: The name of the workflow + example: Send Email + owner: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: + type: string + description: Description of what the workflow accomplishes + example: Send an email to the identity who's attributes changed. + definition: + type: object + description: The map of steps that the workflow will execute. + properties: + start: + type: string + description: The name of the starting step. + example: Send Email Test + steps: + type: object + description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. + additionalProperties: true + example: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: ACTION + success: + type: success + enabled: + type: boolean + description: Enable or disable the workflow. Workflows cannot be created in an enabled state. + default: false + example: false + trigger: + type: object + description: The trigger that starts the workflow + required: + - type + - attributes + properties: + type: + enum: + - EVENT + - EXTERNAL + - SCHEDULED + example: EVENT + description: The trigger type + attributes: + description: Workflow Trigger Attributes. + oneOf: + - title: Event Trigger Attributes + type: object + required: + - id + properties: + id: + type: string + description: The unique ID of the trigger + example: 'idn:identity-attributes-changed' + filter: + type: string + description: JSON path expression that will limit which events the trigger will fire on + example: '$.changes[?(@.attribute == ''manager'')]' + - title: Scheduled Trigger Attributes + type: object + required: + - cronString + properties: + cronString: + type: string + description: A valid CRON expression + externalDocs: + description: CRON expression editor + url: 'https://crontab.guru/' + example: 0 * */3 */5 * + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchWorkflow + tags: + - Workflows + summary: Patch Workflow + description: 'Partially update an existing Workflow using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.' + security: + - oauth2: + - 'sp:workflow:manage' + parameters: + - name: id + in: path + description: Id of the Workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + requestBody: + required: true + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Update all patchable fields: + description: Demonstrate how to update each patchable field in one PATCH request. + value: + - op: replace + path: /name + value: Send Email + - op: replace + path: /owner + value: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + - op: replace + path: /description + value: Send an email to the identity who's attributes changed. + - op: replace + path: /enabled + value: false + - op: replace + path: /definition + value: + start: Send Email Test + steps: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: action + success: + type: success + - op: replace + path: /trigger + value: + type: EVENT + attributes: + id: 'idn:identity-attributes-changed' + responses: + '200': + description: The Workflow object + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + description: Workflow ID. This is a UUID generated upon creation. + example: d201c5e9-d37b-4aff-af14-66414f39d569 + executionCount: + type: integer + format: int32 + description: The number of times this workflow has been executed + example: 2 + failureCount: + type: integer + format: int32 + description: The number of times this workflow has failed during execution + example: 0 + created: + type: string + format: date-time + description: The date and time the workflow was created + example: '2022-01-10T16:06:16.636381447Z' + creator: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that created the workflow. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + - type: object + properties: + name: + type: string + description: The name of the workflow + example: Send Email + owner: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. + properties: + type: + enum: + - IDENTITY + example: IDENTITY + description: The type of object that is referenced + example: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: William Wilson + description: + type: string + description: Description of what the workflow accomplishes + example: Send an email to the identity who's attributes changed. + definition: + type: object + description: The map of steps that the workflow will execute. + properties: + start: + type: string + description: The name of the starting step. + example: Send Email Test + steps: + type: object + description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. + additionalProperties: true + example: + Send Email: + actionId: 'sp:send-email' + attributes: + body: This is a test + from: sailpoint@sailpoint.com + recipientId.$: $.identity.id + subject: test + nextStep: success + selectResult: null + type: ACTION + success: + type: success + enabled: + type: boolean + description: Enable or disable the workflow. Workflows cannot be created in an enabled state. + default: false + example: false + trigger: + type: object + description: The trigger that starts the workflow + required: + - type + - attributes + properties: + type: + enum: + - EVENT + - EXTERNAL + - SCHEDULED + example: EVENT + description: The trigger type + attributes: + description: Workflow Trigger Attributes. + oneOf: + - title: Event Trigger Attributes + type: object + required: + - id + properties: + id: + type: string + description: The unique ID of the trigger + example: 'idn:identity-attributes-changed' + filter: + type: string + description: JSON path expression that will limit which events the trigger will fire on + example: '$.changes[?(@.attribute == ''manager'')]' + - title: Scheduled Trigger Attributes + type: object + required: + - cronString + properties: + cronString: + type: string + description: A valid CRON expression + externalDocs: + description: CRON expression editor + url: 'https://crontab.guru/' + example: 0 * */3 */5 * + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteWorkflow + tags: + - Workflows + summary: Delete Workflow By Id + description: Delete a workflow. **Enabled workflows cannot be deleted**. They must first be disabled. + security: + - oauth2: + - 'sp:workflow:manage' + parameters: + - name: id + in: path + description: Id of the Workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflows/{id}/test': + post: + operationId: testWorkflow + tags: + - Workflows + summary: Test Workflow By Id + description: |- + Test a workflow with the provided input data. The input data should resemble the input that the trigger will send the workflow. See the [event trigger documentation](https://developer.sailpoint.com/idn/docs/event-triggers/available) for an example input for the trigger that initiates this workflow. + This endpoint will return an execution ID, which can be used to lookup more information about the execution using the `Get a Workflow Execution` endpoint. + **This will cause a live run of the workflow, which could result in unintended modifications to your IDN tenant.** + security: + - oauth2: + - 'sp:workflow-execute:external' + parameters: + - name: id + in: path + description: Id of the workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - input + properties: + input: + type: object + description: The test input for the workflow. + examples: + Identity Attributes Changed: + description: Identity Attributes Changed Trigger Input + value: + input: + identity: + id: ee769173319b41d19ccec6cea52f237b + name: john.doe + type: IDENTITY + changes: + - attribute: department + oldValue: sales + newValue: marketing + - attribute: manager + oldValue: + id: ee769173319b41d19ccec6c235423237b + name: nice.guy + type: IDENTITY + newValue: + id: ee769173319b41d19ccec6c235423236c + name: mean.guy + type: IDENTITY + - attribute: email + oldValue: john.doe@hotmail.com + newValue: john.doe@gmail.com + responses: + '200': + description: The Workflow object + content: + application/json: + schema: + type: object + properties: + workflowExecutionId: + type: string + description: The workflow execution id + example: 0e11cefa-96e7-4b67-90d0-065bc1da5753 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflows/{id}/executions': + get: + operationId: listWorkflowExecutions + tags: + - Workflows + summary: List Workflow Executions + description: |- + This lists the executions for a given workflow. Workflow executions are available for up to 90 days before being archived. By default, you can get a maximum of 250 executions. To get executions past the first 250 records, you can do the following: + 1. Use the [Get Workflows](https://developer.sailpoint.com/idn/api/beta/list-workflows) endpoint to get your workflows. + 2. Get your workflow ID from the response. + 3. You can then do either of the following: + + - Filter to find relevant workflow executions. + For example, you can filter for failed workflow executions: `GET /workflows/:workflowID/executions?filters=status eq "Failed"` + + - You can paginate through results with the `offset` parameter. + For example, you can page through 50 executions per page and use that as a way to get to the records past the first 250. + Refer to [Paginating Results](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results) for more information about the query parameters you can use to achieve pagination. + security: + - oauth2: + - 'sp:workflow:read' + parameters: + - name: id + in: path + description: Id of the workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: status eq "Failed" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **start_time**: *eq, lt, lte, gt, gte* + + **status**: *eq* + required: false + responses: + '200': + description: List of workflow executions for the given workflow + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The workflow execution ID + example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81 + workflowId: + type: string + description: The workflow ID + example: d201c5d9-d37b-4a2f-af14-66414f39d568 + requestId: + type: string + description: This backend ID tracks a workflow request in the system. You can provide this ID in a customer support ticket for debugging purposes. + example: 41e12a74fa7b4a6a98ae47887b64acdb + startTime: + type: string + format: date-time + description: The date/time the workflow started + example: '2022-02-07T20:13:29.356648026Z' + closeTime: + type: string + format: date-time + description: The date/time the workflow ended + example: '2022-02-07T20:13:31.682410165Z' + status: + description: The workflow execution status + type: string + enum: + - Completed + - Failed + - Canceled + - Running + example: Completed + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflow-executions/{id}': + get: + operationId: getWorkflowExecution + tags: + - Workflows + summary: Get a Workflow Execution + description: 'Get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found.' + security: + - oauth2: + - 'sp:workflow:read' + parameters: + - name: id + in: path + description: Id of the workflow execution + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + responses: + '200': + description: The workflow execution + content: + application/json: + schema: + items: + type: object + properties: + id: + type: string + description: The workflow execution ID + example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81 + workflowId: + type: string + description: The workflow ID + example: d201c5d9-d37b-4a2f-af14-66414f39d568 + requestId: + type: string + description: This backend ID tracks a workflow request in the system. You can provide this ID in a customer support ticket for debugging purposes. + example: 41e12a74fa7b4a6a98ae47887b64acdb + startTime: + type: string + format: date-time + description: The date/time the workflow started + example: '2022-02-07T20:13:29.356648026Z' + closeTime: + type: string + format: date-time + description: The date/time the workflow ended + example: '2022-02-07T20:13:31.682410165Z' + status: + description: The workflow execution status + type: string + enum: + - Completed + - Failed + - Canceled + - Running + example: Completed + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflow-executions/{id}/history': + get: + operationId: getWorkflowExecutionHistory + tags: + - Workflows + summary: Get Workflow Execution History + description: 'Get a detailed history of a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found.' + security: + - oauth2: + - 'sp:workflow:read' + parameters: + - name: id + in: path + description: Id of the workflow execution + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + responses: + '200': + description: List of workflow execution events for the given workflow execution + content: + application/json: + schema: + type: array + items: + type: object + properties: + type: + description: The type of event + enum: + - WorkflowExecutionScheduled + - WorkflowExecutionStarted + - WorkflowExecutionCompleted + - WorkflowExecutionFailed + - WorkflowTaskScheduled + - WorkflowTaskStarted + - WorkflowTaskCompleted + - WorkflowTaskFailed + - ActivityTaskScheduled + - ActivityTaskStarted + - ActivityTaskCompleted + - ActivityTaskFailed + example: WorkflowTaskScheduled + timestamp: + type: string + format: date-time + description: The date-time when the event occurred + example: '2022-02-07T20:13:31.640618296Z' + attributes: + type: object + description: Additional attributes associated with the event + example: {} + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflow-executions/{id}/cancel': + post: + operationId: cancelWorkflowExecution + tags: + - Workflows + summary: Cancel Workflow Execution by ID + description: Use this API to cancel a running workflow execution. + security: + - oauth2: + - 'sp:workflow-execute:external' + parameters: + - name: id + in: path + description: The workflow execution ID + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /workflow-library: + get: + operationId: listCompleteWorkflowLibrary + tags: + - Workflows + summary: List Complete Workflow Library + description: 'This lists all triggers, actions, and operators in the library' + externalDocs: + description: Additional documentation for workflows + url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + security: + - oauth2: + - 'sp:workflow:read' + responses: + '200': + description: List of workflow steps + content: + application/json: + schema: + type: array + items: + anyOf: + - title: Workflow Action + type: object + properties: + id: + type: string + description: Action ID. This is a static namespaced ID for the action + example: 'sp:create-campaign' + name: + type: string + description: Action Name + example: Create Certification Campaign + type: + type: string + description: Action type + example: ACTION + description: + type: string + description: Action Description + example: Generates a certification campaign. + formFields: + type: array + description: One or more inputs that the action accepts + items: + type: object + properties: + helpText: + type: string + description: Describes the form field in the UI + example: The name to give to this certification campaign. + label: + type: string + description: A human readable name for this form field in the UI + example: Campaign Name + name: + type: string + description: The name of the input attribute + example: name + required: + type: boolean + description: Denotes if this field is a required attribute + example: false + type: + description: The type of the form field + nullable: true + enum: + - text + - textarea + - boolean + - email + - url + - number + - json + - checkbox + - jsonpath + - select + - multiType + - duration + - toggle + - identityPicker + - governanceGroupPicker + - string + - object + - array + - secret + - keyValuePairs + - emailPicker + - advancedToggle + example: text + isDynamicSchema: + type: boolean + description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.' + example: false + outputSchema: + type: object + description: 'Defines the output schema, if any, that this action produces.' + example: + definitions: {} + properties: + autoRevokeAllowed: + $id: '#sp:create-campaign/autoRevokeAllowed' + default: true + examples: + - false + title: autoRevokeAllowed + type: boolean + deadline: + $id: '#sp:create-campaign/deadline' + default: '' + examples: + - '2020-12-25T06:00:00.468Z' + format: date-time + pattern: ^.*$ + title: deadline + type: string + description: + $id: '#sp:create-campaign/description' + default: '' + examples: + - A review of everyone's access by their manager. + pattern: ^.*$ + title: description + type: string + emailNotificationEnabled: + $id: '#sp:create-campaign/emailNotificationEnabled' + default: true + examples: + - false + title: emailNotificationEnabled + type: boolean + filter: + $id: '#sp:create-campaign/filter' + properties: + id: + $id: '#sp:create-campaign/filter/id' + default: '' + examples: + - e0adaae69852e8fe8b8a3d48e5ce757c + pattern: ^.*$ + title: id + type: string + type: + $id: '#sp:create-campaign/filter/type' + default: '' + examples: + - CAMPAIGN_FILTER + pattern: ^.*$ + title: type + type: string + title: filter + type: object + id: + $id: '#sp:create-campaign/id' + default: '' + examples: + - 2c918086719eec070171a7e3355a360a + pattern: ^.*$ + title: id + type: string + name: + $id: '#sp:create-campaign/name' + default: '' + examples: + - Manager Review + pattern: ^.*$ + title: name + type: string + recommendationsEnabled: + $id: '#sp:create-campaign/recommendationsEnabled' + default: true + examples: + - false + title: recommendationEnabled + type: boolean + type: + $id: '#sp:create-campaign/type' + default: '' + examples: + - MANAGER + pattern: ^.*$ + title: type + type: string + title: 'sp:create-campaign' + type: object + - title: Workflow Trigger + type: object + properties: + id: + type: string + description: Trigger ID. This is a static namespaced ID for the trigger. + example: 'idn:identity-attributes-changed' + type: + description: Trigger type + enum: + - EVENT + - SCHEDULED + - EXTERNAL + example: EVENT + name: + type: string + description: Trigger Name + example: Identity Attributes Changed + description: + type: string + description: Trigger Description + example: One or more identity attributes changed. + isDynamicSchema: + type: boolean + description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.' + example: false + inputExample: + type: object + description: Example trigger payload if applicable + nullable: true + externalDocs: + description: List of triggers and their input schemas + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/available' + example: + changes: + - attribute: department + newValue: marketing + oldValue: sales + - attribute: manager + newValue: + id: ee769173319b41d19ccec6c235423236c + name: mean.guy + type: IDENTITY + oldValue: + id: ee769173319b41d19ccec6c235423237b + name: nice.guy + type: IDENTITY + - attribute: email + newValue: john.doe@gmail.com + oldValue: john.doe@hotmail.com + identity: + id: ee769173319b41d19ccec6cea52f237b + name: john.doe + type: IDENTITY + formFields: + type: array + nullable: true + description: One or more inputs that the trigger accepts + example: [] + items: + type: object + properties: + helpText: + type: string + description: Describes the form field in the UI + example: The name to give to this certification campaign. + label: + type: string + description: A human readable name for this form field in the UI + example: Campaign Name + name: + type: string + description: The name of the input attribute + example: name + required: + type: boolean + description: Denotes if this field is a required attribute + example: false + type: + description: The type of the form field + nullable: true + enum: + - text + - textarea + - boolean + - email + - url + - number + - json + - checkbox + - jsonpath + - select + - multiType + - duration + - toggle + - identityPicker + - governanceGroupPicker + - string + - object + - array + - secret + - keyValuePairs + - emailPicker + - advancedToggle + example: text + - title: Workflow Operator + type: object + properties: + id: + type: string + description: Operator ID. + example: 'sp:compare-boolean' + name: + type: string + description: Operator friendly name + example: Compare Boolean Values + type: + description: Operator type + type: string + example: OPERATOR + description: + type: string + description: Description of the operator + example: Compare two boolean values and decide what happens based on the result. + formFields: + type: array + description: One or more inputs that the operator accepts + items: + type: object + properties: + helpText: + type: string + description: Describes the form field in the UI + example: The name to give to this certification campaign. + label: + type: string + description: A human readable name for this form field in the UI + example: Campaign Name + name: + type: string + description: The name of the input attribute + example: name + required: + type: boolean + description: Denotes if this field is a required attribute + example: false + type: + description: The type of the form field + nullable: true + enum: + - text + - textarea + - boolean + - email + - url + - number + - json + - checkbox + - jsonpath + - select + - multiType + - duration + - toggle + - identityPicker + - governanceGroupPicker + - string + - object + - array + - secret + - keyValuePairs + - emailPicker + - advancedToggle + example: text + example: + - description: Enter the JSONPath to a value from the input to compare to Variable B. + helpText: '' + label: Variable A + name: variableA.$ + required: true + type: text + - helpText: Select an operation. + label: Operation + name: operator + options: + - label: Equals + value: BooleanEquals + required: true + type: select + - description: Enter the JSONPath to a value from the input to compare to Variable A. + helpText: '' + label: Variable B + name: variableB.$ + required: false + type: text + - description: Enter True or False. + helpText: '' + label: Variable B + name: variableB + required: false + type: text + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /workflow-library/actions: + get: + operationId: listWorkflowLibraryActions + tags: + - Workflows + summary: List Workflow Library Actions + description: This lists the workflow actions available to you. + externalDocs: + description: Additional documentation for each action + url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#actions' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq* + example: 'id eq "sp:create-campaign"' + security: + - oauth2: + - 'sp:workflow:read' + responses: + '200': + description: List of workflow actions + content: + application/json: + schema: + type: array + items: + title: Workflow Action + type: object + properties: + id: + type: string + description: Action ID. This is a static namespaced ID for the action + example: 'sp:create-campaign' + name: + type: string + description: Action Name + example: Create Certification Campaign + type: + type: string + description: Action type + example: ACTION + description: + type: string + description: Action Description + example: Generates a certification campaign. + formFields: + type: array + description: One or more inputs that the action accepts + items: + type: object + properties: + helpText: + type: string + description: Describes the form field in the UI + example: The name to give to this certification campaign. + label: + type: string + description: A human readable name for this form field in the UI + example: Campaign Name + name: + type: string + description: The name of the input attribute + example: name + required: + type: boolean + description: Denotes if this field is a required attribute + example: false + type: + description: The type of the form field + nullable: true + enum: + - text + - textarea + - boolean + - email + - url + - number + - json + - checkbox + - jsonpath + - select + - multiType + - duration + - toggle + - identityPicker + - governanceGroupPicker + - string + - object + - array + - secret + - keyValuePairs + - emailPicker + - advancedToggle + example: text + isDynamicSchema: + type: boolean + description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.' + example: false + outputSchema: + type: object + description: 'Defines the output schema, if any, that this action produces.' + example: + definitions: {} + properties: + autoRevokeAllowed: + $id: '#sp:create-campaign/autoRevokeAllowed' + default: true + examples: + - false + title: autoRevokeAllowed + type: boolean + deadline: + $id: '#sp:create-campaign/deadline' + default: '' + examples: + - '2020-12-25T06:00:00.468Z' + format: date-time + pattern: ^.*$ + title: deadline + type: string + description: + $id: '#sp:create-campaign/description' + default: '' + examples: + - A review of everyone's access by their manager. + pattern: ^.*$ + title: description + type: string + emailNotificationEnabled: + $id: '#sp:create-campaign/emailNotificationEnabled' + default: true + examples: + - false + title: emailNotificationEnabled + type: boolean + filter: + $id: '#sp:create-campaign/filter' + properties: + id: + $id: '#sp:create-campaign/filter/id' + default: '' + examples: + - e0adaae69852e8fe8b8a3d48e5ce757c + pattern: ^.*$ + title: id + type: string + type: + $id: '#sp:create-campaign/filter/type' + default: '' + examples: + - CAMPAIGN_FILTER + pattern: ^.*$ + title: type + type: string + title: filter + type: object + id: + $id: '#sp:create-campaign/id' + default: '' + examples: + - 2c918086719eec070171a7e3355a360a + pattern: ^.*$ + title: id + type: string + name: + $id: '#sp:create-campaign/name' + default: '' + examples: + - Manager Review + pattern: ^.*$ + title: name + type: string + recommendationsEnabled: + $id: '#sp:create-campaign/recommendationsEnabled' + default: true + examples: + - false + title: recommendationEnabled + type: boolean + type: + $id: '#sp:create-campaign/type' + default: '' + examples: + - MANAGER + pattern: ^.*$ + title: type + type: string + title: 'sp:create-campaign' + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /workflow-library/triggers: + get: + operationId: listWorkflowLibraryTriggers + tags: + - Workflows + summary: List Workflow Library Triggers + description: This lists the workflow triggers available to you + externalDocs: + description: Additional documentation for each trigger + url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#triggers' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq* + example: 'id eq "idn:identity-attributes-changed"' + security: + - oauth2: + - 'sp:workflow:read' + responses: + '200': + description: List of workflow triggers + content: + application/json: + schema: + type: array + items: + title: Workflow Trigger + type: object + properties: + id: + type: string + description: Trigger ID. This is a static namespaced ID for the trigger. + example: 'idn:identity-attributes-changed' + type: + description: Trigger type + enum: + - EVENT + - SCHEDULED + - EXTERNAL + example: EVENT + name: + type: string + description: Trigger Name + example: Identity Attributes Changed + description: + type: string + description: Trigger Description + example: One or more identity attributes changed. + isDynamicSchema: + type: boolean + description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.' + example: false + inputExample: + type: object + description: Example trigger payload if applicable + nullable: true + externalDocs: + description: List of triggers and their input schemas + url: 'https://developer.sailpoint.com/idn/docs/event-triggers/available' + example: + changes: + - attribute: department + newValue: marketing + oldValue: sales + - attribute: manager + newValue: + id: ee769173319b41d19ccec6c235423236c + name: mean.guy + type: IDENTITY + oldValue: + id: ee769173319b41d19ccec6c235423237b + name: nice.guy + type: IDENTITY + - attribute: email + newValue: john.doe@gmail.com + oldValue: john.doe@hotmail.com + identity: + id: ee769173319b41d19ccec6cea52f237b + name: john.doe + type: IDENTITY + formFields: + type: array + nullable: true + description: One or more inputs that the trigger accepts + example: [] + items: + type: object + properties: + helpText: + type: string + description: Describes the form field in the UI + example: The name to give to this certification campaign. + label: + type: string + description: A human readable name for this form field in the UI + example: Campaign Name + name: + type: string + description: The name of the input attribute + example: name + required: + type: boolean + description: Denotes if this field is a required attribute + example: false + type: + description: The type of the form field + nullable: true + enum: + - text + - textarea + - boolean + - email + - url + - number + - json + - checkbox + - jsonpath + - select + - multiType + - duration + - toggle + - identityPicker + - governanceGroupPicker + - string + - object + - array + - secret + - keyValuePairs + - emailPicker + - advancedToggle + example: text + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /workflow-library/operators: + get: + operationId: listWorkflowLibraryOperators + tags: + - Workflows + summary: List Workflow Library Operators + description: This lists the workflow operators available to you + security: + - oauth2: + - 'sp:workflow:read' + responses: + '200': + description: List of workflow operators + content: + application/json: + schema: + type: array + items: + title: Workflow Operator + type: object + properties: + id: + type: string + description: Operator ID. + example: 'sp:compare-boolean' + name: + type: string + description: Operator friendly name + example: Compare Boolean Values + type: + description: Operator type + type: string + example: OPERATOR + description: + type: string + description: Description of the operator + example: Compare two boolean values and decide what happens based on the result. + formFields: + type: array + description: One or more inputs that the operator accepts + items: + type: object + properties: + helpText: + type: string + description: Describes the form field in the UI + example: The name to give to this certification campaign. + label: + type: string + description: A human readable name for this form field in the UI + example: Campaign Name + name: + type: string + description: The name of the input attribute + example: name + required: + type: boolean + description: Denotes if this field is a required attribute + example: false + type: + description: The type of the form field + nullable: true + enum: + - text + - textarea + - boolean + - email + - url + - number + - json + - checkbox + - jsonpath + - select + - multiType + - duration + - toggle + - identityPicker + - governanceGroupPicker + - string + - object + - array + - secret + - keyValuePairs + - emailPicker + - advancedToggle + example: text + example: + - description: Enter the JSONPath to a value from the input to compare to Variable B. + helpText: '' + label: Variable A + name: variableA.$ + required: true + type: text + - helpText: Select an operation. + label: Operation + name: operator + options: + - label: Equals + value: BooleanEquals + required: true + type: select + - description: Enter the JSONPath to a value from the input to compare to Variable A. + helpText: '' + label: Variable B + name: variableB.$ + required: false + type: text + - description: Enter True or False. + helpText: '' + label: Variable B + name: variableB + required: false + type: text + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflows/{id}/external/oauth-clients': + post: + operationId: postWorkflowExternalTrigger + tags: + - Workflows + summary: Generate External Trigger OAuth Client + description: 'Create OAuth client ID, client secret, and callback URL for use in an external trigger. External triggers will need this information to generate an access token to authenticate to the callback URL and submit a trigger payload that will initiate the workflow.' + security: + - oauth2: + - 'sp:workflow:manage' + parameters: + - name: id + in: path + description: Id of the workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + responses: + '200': + description: The OAuth Client object + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: OAuth client ID for the trigger. This is a UUID generated upon creation. + example: 1a58c03a6bf64dc2876f6988c6e2c7b7 + secret: + type: string + description: OAuthClient secret. + example: 00cc24a7fe810fe06a7cb38bc168ae104d703c7abb296f9944dc68e69ddb578b + url: + type: string + description: URL for the external trigger to invoke + example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c17bea3a-574d-453c-9e04-4365fbf5af0b' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflows/execute/external/{id}': + post: + operationId: postExternalExecuteWorkflow + tags: + - Workflows + summary: Execute Workflow via External Trigger + description: This endpoint allows a service outside of IdentityNow to initiate a workflow that uses the "External Trigger" step. The external service will invoke this endpoint with the input data it wants to send to the workflow in the body. + security: + - oauth2: + - 'sp:workflow-execute:external' + parameters: + - name: id + in: path + description: Id of the workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + input: + type: object + description: The input for the workflow + example: + customAttribute1: value1 + customAttribute2: value2 + responses: + '200': + description: The Workflow object + content: + application/json: + schema: + type: object + properties: + workflowExecutionId: + type: string + description: The workflow execution id + example: 0e11cefa-96e7-4b67-90d0-065bc1da5753 + message: + type: string + description: An error message if any errors occurred + example: Workflow was not executed externally. Check enabled flag on workflow definition + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/workflows/execute/external/{id}/test': + post: + operationId: testExternalExecuteWorkflow + tags: + - Workflows + summary: Test Workflow via External Trigger + description: 'Validate a workflow with an "External Trigger" can receive input. The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow.' + security: + - oauth2: + - 'sp:workflow-execute:external' + parameters: + - name: id + in: path + description: Id of the workflow + required: true + style: simple + explode: false + schema: + type: string + example: c17bea3a-574d-453c-9e04-4365fbf5af0b + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + input: + type: object + description: The test input for the workflow + example: + test: hello world + responses: + '200': + description: Responds with the test input + content: + application/json: + schema: + type: object + properties: + payload: + type: object + description: The input that was received + example: + test: hello world + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. diff --git a/src/lib/Components/Clear.svelte b/src/lib/Components/Clear.svelte new file mode 100644 index 0000000..04412ed --- /dev/null +++ b/src/lib/Components/Clear.svelte @@ -0,0 +1,28 @@ + + + + + + + + + diff --git a/src/lib/Components/CurrentUser.svelte b/src/lib/Components/CurrentUser.svelte new file mode 100644 index 0000000..cd1d505 --- /dev/null +++ b/src/lib/Components/CurrentUser.svelte @@ -0,0 +1,20 @@ + + +
+

Current User

+
+

Account:

+

{$tenantData.uid}

+
+ +
+

Roles:

+ {#each $tenantData.role as role} +

{role}

+ {/each} +
+
diff --git a/src/lib/Components/HostingData.svelte b/src/lib/Components/HostingData.svelte new file mode 100644 index 0000000..6aa963c --- /dev/null +++ b/src/lib/Components/HostingData.svelte @@ -0,0 +1,25 @@ + + +
+

Hosting Data

+
+

Org:

+

{$hostingData.org}

+
+
+

Pod:

+

{$hostingData.pod}

+
+
+

Layer:

+

{$hostingData.layer}

+
+
+

Region:

+

{$hostingData.region}

+
+
diff --git a/src/lib/Components/Resources.svelte b/src/lib/Components/Resources.svelte new file mode 100644 index 0000000..45fad3c --- /dev/null +++ b/src/lib/Components/Resources.svelte @@ -0,0 +1,54 @@ + + + + +
+ +
diff --git a/src/lib/Components/Search.svelte b/src/lib/Components/Search.svelte new file mode 100644 index 0000000..eab51f9 --- /dev/null +++ b/src/lib/Components/Search.svelte @@ -0,0 +1,111 @@ + + +
+ {#key index} + +
+
+
+ + +
+ +
+ +
+
+ + {#if hit.hierarchy} + +
+
+

+ {hit.hierarchy.lvl1} - {hit.hierarchy.lvl2} +

+
+ +

Tags: {hit.tags.join(', ')}

+ +
+ + {:else} + +
+
+
+

+ {hit.topic.title} +

+

+ {hit.user.name} +

+
+

{hit.topic.views} 👁️‍🗨️

+
+ +
+ {#if hit.topic.tags.length > 0} +

Tags: {hit.topic.tags.join(', ')}

+ {:else} +

No Tags

+ {/if} + +
+
+ + {/if} + +
+
+
+ +
+
+
+
+ + {/key} +
diff --git a/src/lib/Components/StatusPage.svelte b/src/lib/Components/StatusPage.svelte new file mode 100644 index 0000000..80fad52 --- /dev/null +++ b/src/lib/Components/StatusPage.svelte @@ -0,0 +1,37 @@ + + +
+

Status Page

+
+ {#await resp} +
+

Checking

+ {:then status} + {#if status?.status?.description == 'All Systems Operational'} +

All Systems Operational

+ {:else} +
+

Ongoing Issues

+ + Click for details + +
+ {/if} + {/await} +
+
diff --git a/src/lib/Components/Support.svelte b/src/lib/Components/Support.svelte new file mode 100644 index 0000000..2620ee7 --- /dev/null +++ b/src/lib/Components/Support.svelte @@ -0,0 +1,26 @@ + + +
+

Support

+
+ {#each links as link} + + {link.label} + + {/each} +
+
diff --git a/src/lib/Components/TenantData.svelte b/src/lib/Components/TenantData.svelte new file mode 100644 index 0000000..871b98a --- /dev/null +++ b/src/lib/Components/TenantData.svelte @@ -0,0 +1,27 @@ + + +
+

Tenant Data

+
+

Name:

+

{$tenantData.org.name}

+
+
+

Tenant:

+

{$tenantData.org.scriptName}

+
+
+

Tenant Type:

+

{$tenantData.org.orgType}

+
+
+

Enabled Features:

+ {#each $tenantData.feature as feature} +

{feature}

+ {/each} +
+
diff --git a/src/lib/Components/TenantLinks.svelte b/src/lib/Components/TenantLinks.svelte new file mode 100644 index 0000000..a50c9e7 --- /dev/null +++ b/src/lib/Components/TenantLinks.svelte @@ -0,0 +1,50 @@ + + + + +
+ +
diff --git a/src/lib/Components/searchIcon.svelte b/src/lib/Components/searchIcon.svelte new file mode 100644 index 0000000..8df0460 --- /dev/null +++ b/src/lib/Components/searchIcon.svelte @@ -0,0 +1,17 @@ + + + + + diff --git a/src/lib/V3Spec.yaml b/src/lib/V3Spec.yaml new file mode 100644 index 0000000..af234da --- /dev/null +++ b/src/lib/V3Spec.yaml @@ -0,0 +1,121060 @@ +openapi: 3.0.1 +info: + title: IdentityNow V3 API + description: 'Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.' + termsOfService: 'https://developer.sailpoint.com/discuss/tos' + contact: + name: Developer Relations + url: 'https://developer.sailpoint.com/discuss/api-help' + license: + name: MIT + url: 'https://opensource.org/licenses/MIT' + version: 3.0.0 +servers: + - url: 'https://{tenant}.api.identitynow.com/v3' + description: This is the production API server. + variables: + tenant: + default: sailpoint + description: 'This is the name of your tenant, typically your company''s name.' +tags: + - name: Access Profiles + description: | + Use this API to implement and customize access profile functionality. + With this functionality in place, administrators can create access profiles and configure them for use throughout IdentityNow, enabling users to get the access they need quickly and securely. + + Access profiles group entitlements, which represent access rights on sources. + + For example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. + + An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. + + When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. + + When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. + + Access profiles are the most important units of access in IdentityNow. IdentityNow uses access profiles in many features, including the following: + + - Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles. + + - Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements. + + - Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile. + + - Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role. + + In IdentityNow, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones. + Administrators can enable and disable an access profile, and they can also make the following configurations: + + - Manage Entitlements: Manage the profile's access by adding and removing entitlements. + + - Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked. + Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile. + + - Multiple Account Options: Define the logic IdentityNow uses to provision access to an identity with multiple accounts on the source. + + Refer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles. + - name: Access Request Approvals + description: | + Use this API to implement and customize access request approval functionality. + With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles. + This enables more qualified users to review access requests and the others to spend their time on other tasks. + + In IdentityNow, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked. + For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked. + For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked. + If the administrator designates a governance group as the required approver, any governance group member can approve the requests. + + When a user submits an access request, IdentityNow sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration. + + In Approvals in IdentityNow, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval. + If the required approver approves the request and is the only reviewer required, IdentityNow grants or revokes access, based on the request. + If multiple reviewers are required, IdentityNow sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration. + The required approver can then view any completed access requests under the Reviewed tab. + + Refer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals. + - name: Access Requests + description: | + Use this API to implement and customize access request functionality. + With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked. + This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools. + + IdentityNow's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them. + + In the Request Center in IdentityNow, users can view available applications, roles, and entitlements and request access to them. + If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them. + + Users can use My Requests to track and/or cancel the requests. + + In My Team on the IdentityNow Home, managers can submit requests to revoke their team members' access. + They can use the My Requests tab under Request Center to track and/or cancel the requests. + + Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests. + - name: Accounts + description: | + Use this API to implement and customize account functionality. + With this functionality in place, administrators can manage users' access across sources in IdentityNow. + + In IdentityNow, an account refers to a user's account on a supported source. + This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. IdentityNow loads accounts through the creation of sources in IdentityNow. + + Administrators can correlate users' identities with the users' accounts on the different sources they use. + This allows IdentityNow to govern the access of identities and all their correlated accounts securely and cohesively. + + To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab. + + To view and edit source account statuses for an identity in IdentityNow, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. + Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity. + + Accounts can have the following statuses: + + - Enabled: The account is enabled. The user can access it. + + - Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in IdentityNow. This can occur when an administrator disables the account or when the user's lifecycle state changes. + + - Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times. + + - Pending: The account is currently updating. This status typically lasts seconds. + + Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed. + + Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts. + - name: Account Activities + description: | + Use this API to implement account activity tracking functionality. + With this functionality in place, users can track source account activity in IdentityNow, which greatly improves traceability in the system. + + An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life. + In IdentityNow's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient. + + Account activity includes most actions IdentityNow completes on source accounts. Users can search in IdentityNow for the following account action types: + + - Access Request: These include any access requests the source account is involved in. + + - Account Attribute Updates: These include updates to a single attribute on an account on a source. + + - Account State Update: These include locking or unlocking actions on an account on a source. + + - Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification. + + - Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state. + IdentityNow replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to. + + - Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action. + When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays. + Account Activity does not include attribute updates that occur as a result of aggregation. + + - Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates. + These also include refreshes that occur whenever IdentityNow assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source. + + - Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change. + + - Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state. + + - Password Change: These include password changes on sources. + + Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities. + - name: Certifications + description: | + Use this API to implement certification functionality. + With this functionality in place, administrators and designated certification reviewers can review users' access certifications and decide whether to approve access, revoke it, or reassign the review to another reviewer. + Implementing certifications improves organizations' data security by reducing inappropriate access through a distributed review process and helping them satisfy audit and regulatory requirements. + + A certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. + These serve as a way of showing that a user's access has been reviewed and approved. + Multiple certifications by different reviewers are often required to approve a user's access. + A set of multiple certifications is called a certification campaign. + + For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. + Once this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. + + Organization administrators or certification administrators can designate other IdentityNow users as certification reviewers. + Those reviewers can select the 'Certifications' tab to view any of the certifications they either need to review or have already reviewed under the 'Active' and 'Completed' tabs, respectively. + + When a certification campaign is in progress, certification reviewers will see certifications listed under 'Active,' where they can review the involved identities. + Under the 'Decision' column on the right, next to each access item, reviewers can select the checkmark to approve access, select the 'X' to revoke access, or they can toggle the 'More Options' menu to reassign the certification to another reviewer and provide a reason for reassignment in the form of a comment. + + Once a reviewer has made decisions on all the certification's involved access items, he or she must select 'Sign Off' to complete the review process. + Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. + + Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation. + In this situation, the certification campaign completes once all the remediation requests are completed. + + Refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) for more information about certifications. + - name: Certification Summaries + description: | + Use this API to implement certification summary functionality. + With this functionality in place, administrators and designated certification reviewers can review summaries of identity certification campaigns and draw conclusions about the campaigns' scope, security, and effectiveness. + Implementing certification summary functionality improves organizations' ability to review their [certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) and helps them satisfy audit and regulatory requirements by enabling them to trace access changes and the decisions made in their review processes. + + A certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. + These certifications serve as a way of showing that a user's access has been reviewed and approved. + Multiple certifications by different reviewers are often required to approve a user's access. + A set of multiple certifications is called a certification campaign. + + For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. + Once this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. + + Certification summaries provide information about identity certification campaigns such as the identities involved, the number of decisions made, and the access changed. + For example, an administrator or designated certification reviewer can examine the Manager Certification campaign to get an overview of how many entitlement decisions are made in that campaign as opposed to role decisions, which identities would be affected by changes to the campaign, and how those identities' access would be affected. + - name: Lifecycle States + description: | + Use this API to implement and customize lifecycle state functionality. + With this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have. + + A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with IdentityNow: 'Active' and 'Inactive.' + When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes. + The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored. + This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc. + + Administrators can create a variety of custom lifecycle states. Refer to [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas. + + Administrators must define the criteria for being in each lifecycle state, and they must define how IdentityNow manages users' access to apps and sources for each lifecycle state. + + In IdentityNow, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state. + + In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state: + + - Enable/disable the lifecycle state for the identity profile. + + - Enable/disable source accounts for the identity profile's lifecycle state. + + - Add existing access profiles to grant to the identity profiles in that lifecycle state. + + - Create a new access profile to grant to the identity profile in that lifecycle state. + + Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state. + To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. + For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states. + + During scheduled refreshes, IdentityNow evaluates lifFecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. + If the identities are missing access, IdentityNow provisions that access. + + Administrators can also use the 'Provisioning' tab to configure email notifications for IdentityNow to send whenever an identity with that identity profile has a lifecycle state change. + Refer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so. + + An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.' + Refer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses. + + Refer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states. + - name: Identity Profiles + description: | + Use this API to implement identity profile functionality. + With this functionality in place, administrators can view identity profiles and their configurations. + + Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. + + In IdentityNow, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. + This list shows some details about each identity profile, along with its status. + They can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. + + Refer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles. + - name: Non-Employee Lifecycle Management + description: | + Use this API to implement non-employee lifecycle management functionality. + With this functionality in place, administrators can create non-employee records and configure them for use in their organizations. + This allows organizations to provide secure access to non-employees and control that access. + + The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee. + Organizations can track non-employees' access and activity in IdentityNow by creating and maintaining non-employee sources. + Organizations can have a maximum of 50 non-employee sources. + + By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following: + + - SailPoint is not responsible for storing sensitive data. + You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in IdentityNow. + + - You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts. + + To manage non-employees in IdentityNow, administrators must create a non-employee source and add accounts to the source. + + To create a non-employee source in IdentityNow, administrators must use the Admin panel to go to Connections > Sources. + They must then specify 'Non-Employee' in the 'Source Type' field. + Refer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources. + + To add accounts to a non-employee source in IdentityNow, administrators can select the non-employee source and add the accounts. + They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to. + + Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts. + To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file. + Refer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources. + + Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities. + + Refer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management. + - name: OAuth Clients + description: | + Use this API to implement OAuth client functionality. + With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the IdentityNow REST API. + Refer to [Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information about OAuth and how it works with the IdentityNow REST API. + - name: Password Configuration + description: | + Use this API to implement organization password configuration functionality. + With this functionality in place, organization administrators can create organization-specific password configurations. + + These configurations include details like custom password instructions, as well as digit token length and duration. + + Refer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality. + - name: Password Management + description: | + Use this API to implement password management functionality. + With this functionality in place, users can manage their identity passwords for all their applications. + + In IdentityNow, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager. + Password Manager lists the user's identity's applications, possibly grouped to share passwords. + Users can then select 'Change Password' to update their passwords. + + Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually. + Password Manager may list the applications and sources in the following groups: + + - Password Group: This refers to a group of applications that share a password. + For example, a user can use the same password for Google Drive, Google Mail, and YouTube. + Updating the password for the password group updates the password for all its included applications. + + - Multi-Application Source: This refers to a source with multiple applications that share a password. + For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications. + Updating the password for the multi-application source updates the password for all its included applications. + + - Applications: These are applications that do not share passwords with other applications. + + An organization may require some authentication for users to update their passwords. + Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates. + + Refer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management. + - name: Password Dictionary + description: | + Use this API to implement password dictionary functionality. + With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords. + + A password dictionary is a list of words or characters that users are prevented from including in their passwords. + This can help protect users from themselves and force them to create passwords that are not easy to break. + + A password dictionary must meet the following requirements to for the API to handle them correctly: + + - It must be in .txt format. + + - All characters must be UTF-8 characters. + + - Each line must contain a single word or character with no spaces or whitespace characters. + + - It must contain at least one line other than the locale string. + + - Each line must not exceed 128 characters. + + - The file must not exceed 2500 lines. + + Administrators should also consider the following when they create their dictionaries: + + - Lines starting with a # represent comments. + + - All words in the password dictionary are case-insensitive. + For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord. + + - The dictionary uses substring matching. + For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring. + Users can then select 'Change Password' to update their passwords. + + Administrators must do the following to create a password dictionary: + + - Create the text file that will contain the prohibited password values. + + - If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode` + + The languageCode value refers to the language's 2-letter ISO 639-1 code. + The countryCode value refers to the country's 2-letter ISO 3166-1 code. + + Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes. + + - Upload the .txt file to IdentityNow with [Update Password Dictionary](https://developer.sailpoint.com/idn/api/v3/update-password-dictionary). Uploading a new file always overwrites the previous dictionary file. + + Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it. + + Refer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries. + - name: Password Sync Groups + description: | + Use this API to implement password sync group functionality. + With this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password. + This allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually. + + A password sync group is a group of applications that shares a password. + Administrators create these groups by grouping the applications' sources. + For example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password. + A user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually. + + The following are required for administrators to create a password sync group in IdentityNow: + + - At least two direct connect sources connected to IdentityNow and configured for Password Management. + + - Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources. + + - At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/policies.html) for more information about password policies. + + In the Admin panel in IdentityNow, administrators can use the Password Mgmt dropdown menu to select Sync Groups. + To create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group. + + Administrators can also delete sync groups in IdentityNow, but they should know the following before they do: + + - Passwords related to the associated sources will become independent, so changing one will not change the others anymore. + + - Passwords for the sources' connected applications will also become independent. + + - Password policies assigned to the sync group are then assigned directly to the associated sources. + To change the password policy for a source, administrators must edit it directly. + + Once the password sync group has been created, users can update the password for the group in Password Manager. + + Refer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups. + - name: Personal Access Tokens + description: | + Use this API to implement personal access token (PAT) functionality. + With this functionality in place, users can use PATs as an alternative to passwords for authentication in IdentityNow. + + PATs embed user information into the client ID and secret. + This replaces the API clients' need to store and provide a username and password to establish a connection, improving IdentityNow organizations' integration security. + + In IdentityNow, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens. + They must then provide a description about the token's purpose. + They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID. + + Refer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs. + - name: Public Identities + description: | + Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/idn/api/v3/public-identities-config) to enable non-administrators to view identities' publicly visible attributes. + With this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public. + This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. + - name: Public Identities Config + description: | + Use this API to implement public identity configuration functionality. + With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions. + This can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. + + By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager. + However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc. + Administrators can use this API to make those necessary identity attributes public to non-administrators. + + For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department. + If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/idn/api/v3/update-public-identity-config) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information. + - name: Requestable Objects + description: | + Use this API to implement requestable object functionality. + With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/idn/api/v3/access-requests), along with their statuses. + This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available. + - name: Roles + description: | + Use this API to implement and customize role functionality. + With this functionality in place, administrators can create roles and configure them for use throughout IdentityNow. + IdentityNow can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks. + + Entitlements represent the most granular level of access in IdentityNow. + Access profiles represent the next level and often group entitlements. + Roles represent the broadest level of access and often group access profiles. + + For example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. + + An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. + + An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source. + + When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. + + When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. + + When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. + + Roles often represent positions within organizations. + For example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role. + If the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need. + + In IdentityNow, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones. + Administrators can enable and disable the role, and they can also make the following configurations: + + - Manage Access: Manage the role's access by adding or removing access profiles. + + - Define Assignment: Define the criteria IdentityNow uses to assign the role to identities. + Use the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes. + Use the second, 'Identity List,' to specify the identities for assignment. + + - Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked. + Do not configure a role to be requestable without establishing a secure access request approval process for that role first. + + Refer to [Working with Roles](https://documentation.sailpoint.com/saas/help/provisioning/roles.html) for more information about roles. + - name: Saved Search + description: | + Use this API to implement saved search functionality. + With saved search functionality in place, users can save search queries and then view those saved searches, as well as rerun them. + + Search queries in IdentityNow can grow very long and specific, which can make reconstructing them difficult or tedious, so it can be especially helpful to save search queries. + It also opens the possibility to configure IdentityNow to run the saved queries on a schedule, which is essential to detecting user information and access changes throughout an organization's tenant and across all its sources. + Refer to [Scheduled Search](https://developer.sailpoint.com/idn/api/v3/scheduled-search) for more information about running saved searches on a schedule. + + In IdentityNow, users can save searches under a name, and then they can access that saved search and run it again when they want. + + Refer to [Managing Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html) for more information about saving searches and using them. + - name: Scheduled Search + description: | + Use this API to implement scheduled search functionality. + With scheduled search functionality in place, users can run saved search queries on their tenants on a schedule, and IdentityNow emails them the search results. + Users can also share these search results with other users by email by adding those users as subscribers, or those users can subscribe themselves. + + One of the greatest benefits of saving searches is the ability to run those searches on a schedule. + This is essential for organizations to constantly detect any changes to user information or access throughout their tenants and across all their sources. + For example, the manager Amanda Ross can schedule a saved search "manager.name:amanda.ross AND attributes.location:austin" on a schedule to regularly stay aware of changes with the Austin employees reporting to her. + IdentityNow emails her the search results when the search runs, so she can work on other tasks instead of actively running this search. + + In IdentityNow, scheduling a search involves a subscription. + Users can create a subscription for a saved search and schedule it to run daily, weekly, or monthly (you can only use one schedule option at a time). + The user can add other identities as subscribers so when the scheduled search runs, the subscribers and the user all receive emails. + + By default, subscriptions exclude detailed results from the emails, for security purposes. + Including detailed results about user access in an email may expose sensitive information. + However, the subscription creator can choose to include the information in the emails. + + By default, IdentityNow sends emails to the subscribers even when the searches do not return new results. + However, the subscription creator can choose to suppress these empty emails. + + Users can also subscribe to saved searches that already have existing subscriptions so they receive emails when the searches run. + A saved search can have up to 10 subscriptions configured at a time. + + The subscription creator can enable, disable, or delete the subscription. + + Refer to [Subscribing to Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html#subscribing-to-saved-searches) for more information about scheduling searches and subscribing to them. + - name: Search + description: | + Use this API to implement search functionality. + With search functionality in place, users can search their tenants for nearly any information from throughout their organizations. + + IdentityNow enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential. + Its search goes through all those sources and finds the results quickly and specifically. + + The search query is flexible - it can be very broad or very narrow. + The search only returns results for searchable objects it is filtering for. + The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities. + By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator." + + Users can further narrow their results by using IdentityNow's specific syntax and punctuation to structure their queries. + For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross. + Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries. + + Refer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about IdentityNow's search and its different possibilities. + + The search feature uses Elasticsearch as a datastore and query engine. + The power of Elasticsearch makes this feature suitable for ad-hoc reporting. + However, data from the operational databases (ex. identities, roles, events, etc) has to be ingested into Elasticsearch. + This ingestion process introduces a latency from when the operational data is created to when it is available in search. + Depending on the system load, this can take a few seconds to a few minutes. + Please keep this latency in mind when you use search. + - name: Segments + - name: Service Desk Integration + description: | + Use this API to build an integration between IdentityNow and a service desk ITSM (IT service management) solution. + Once an administrator builds this integration between IdentityNow and a service desk, users can use IdentityNow to raise and track tickets that are synchronized between IdentityNow and the service desk. + + In IdentityNow, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.' + + To create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page. + Refer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in IdentityNow. + + Administrators can create various service desk integrations, all with their own nuances. + The following service desk integrations are available: + + - [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html) + + - [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html) + + - [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html) + + - [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html) + + - [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) + + - [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html) + + - [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html) + - name: SOD Policy + description: Operations for Creating & Executing SOD (Seperation of Duties) policies + - name: SOD Violations + description: Operations for Predicting SOD (Seperation of Duties) violations + - name: Sources + description: | + Use this API to implement and customize source functionality. + With source functionality in place, organizations can use IdentityNow to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way. + + [Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the IdentityNow representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example. + Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. + Connecting these sources to IdentityNow makes it possible to manage user access across them all. + Then, if a new hire starts at an organization, IdentityNow can grant the new hire access to all the sources they need. + If an employee moves to a new department and needs access to new sources but no longer needs access to others, IdentityNow can grant the necessary access and revoke the unnecessary access for all the employee's various sources. + If an employee leaves the company, IdentityNow can revoke access to all the employee's various source accounts immediately. + These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure. + + In IdentityNow, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so. + They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups. + Admins go to Connections > Sources to see a list of the existing source representations in their organizations. + They can create new sources or select existing ones. + + To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type. + Refer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process. + + IdentityNow connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in. + Different sources use different connectors to share data with IdentityNow, and each connector's setup process is specific to that connector. + SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors. + Refer to [IdentityNow Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors. + Refer to the following links for more information about two useful connectors: + + - [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity). + + - [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services. + + Refer to [SaaS Connectivity](https://developer.sailpoint.com/idn/docs/saas-connectivity) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources. + + When admins select existing sources, they can view the following information about the source: + + - Associated connections (any associated identity profiles, apps, or references to the source in a transform). + + - Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources. + + - Associated entitlements (sets of access rights on sources). + + - Associated access profiles (groupings of entitlements). + + The user account data and the entitlements update with each data aggregation from the source. + Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their IdentityNow tenants so an access change on a source is detected quickly in IdentityNow. + Admins can view a history of these aggregations, and they can also run manual imports. + Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations. + + Admins can also make changes to determine which user account data IdentityNow collects from the source and how it correlates that account data with identity data. + To define which account attributes the source shares with IdentityNow, admins can edit the account schema on the source. + Refer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them. + To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. + Refer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities. + + Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform. + Refer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources. + + Well organized, mappped out connections between sources and IdentityNow are essential to achieving comprehensive identity access governance across all the source systems organizations need. + Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected. + - name: Tagged Objects + - name: Transforms + description: | + The purpose of this API is to expose functionality for the manipulation of Transform objects. + Transforms are a form of configurable objects which define an easy way to manipulate attribute data without having + to write code. These endpoints don't require API calls to other resources, audit service is used for keeping track + of which users have made changes to the Transforms. + + Refer to [Transforms](https://developer.sailpoint.com/idn/docs/transforms) for more information about transforms. + - name: Work Items + description: | + Use this API to implement work item functionality. + With this functionality in place, users can manage their work items (tasks). + + Work items refer to the tasks users see in IdentityNow's Task Manager. + They can see the pending work items they need to complete, as well as the work items they have already completed. + Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created. + For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp. + Once the user completes the work item, the work item will be listed with his or her other completed work items. + + To complete work items, users can use their dashboards and select the 'My Tasks' widget. + The widget will list any work items they need to complete, and they can select the work item from the list to review its details. + When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items. + + Refer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete. +paths: + /access-profiles: + get: + operationId: listAccessProfiles + tags: + - Access Profiles + summary: List Access Profiles + description: |- + This API returns a list of Access Profiles. + + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: for-subadmin + schema: + type: string + description: |- + If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. + + A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin. + example: 8c190e6787aa4ed9a90bd9d5344523fb + required: false + - in: query + name: limit + description: |- + Note that for this API the maximum value for limit is 50. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 50 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 50 + default: 50 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, sw* + + **created, modified**: *gt, lt, ge, le* + + **owner.id**: *eq, in* + + **requestable**: *eq* + + **source.id**: *eq, in* + example: name eq "SailPoint Support" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name, created, modified** + example: 'name,-modified' + required: false + - in: query + name: for-segment-ids + schema: + type: string + format: comma-separated + description: |- + If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. + + If segmentation is currently unavailable, specifying this parameter results in an error. + example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d' + required: false + - in: query + name: include-unsegmented + schema: + type: boolean + default: true + description: 'Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.' + example: false + required: false + responses: + '200': + description: List of Access Profiles + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + post: + operationId: createAccessProfile + tags: + - Access Profiles + summary: Create an Access Profile + description: |- + This API creates an Access Profile. + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + responses: + '201': + description: Access Profile created + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + '/access-profiles/{id}': + get: + operationId: getAccessProfile + tags: + - Access Profiles + summary: Get an Access Profile + description: |- + This API returns an Access Profile by its ID. + + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: ID of the Access Profile + example: 2c9180837ca6693d017ca8d097500149 + responses: + '200': + description: An AccessProfile + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + patch: + operationId: patchAccessProfile + tags: + - Access Profiles + summary: Patch a specified Access Profile + description: |- + This API updates an existing Access Profile. The following fields are patchable: + **name**, **description**, **enabled**, **owner**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria** + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer. + > The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters. + + > You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source. + + > Patching the value of the **requestable** field is only supported for customers enabled with the new Request Center. Otherwise, attempting to modify this field results in a 400 error. + parameters: + - name: id + in: path + description: ID of the Access Profile to patch + required: true + schema: + type: string + example: 2c91808a7813090a017814121919ecca + requestBody: + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Add Entitlements: + description: Add one or more entitlements to the end of the list + value: + - op: add + path: /entitlements + value: + - id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Insert Entitlement: + description: Add an entitlement at the beginning of the entitlement list + value: + - op: add + path: /entitlements/0 + value: + id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Replace Entitlements: + description: Replace all entitlements with a new list of entitlements + value: + - op: replace + path: /entitlements + value: + - id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Remove Entitlement: + description: Remove the first entitlement in the list + value: + - op: remove + path: /entitlements/0 + required: true + responses: + '200': + description: Responds with the Access Profile as updated. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + /access-profiles/bulk-delete: + post: + operationId: deleteAccessProfilesInBulk + summary: Delete Access Profile(s) + tags: + - Access Profiles + description: |- + This API initiates a bulk deletion of one or more Access Profiles. + + By default, if any of the indicated Access Profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated Access Profiles will be deleted. + + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to delete Access Profiles which are associated with Sources they are able to administer. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + accessProfileIds: + description: List of IDs of Access Profiles to be deleted. + type: array + items: + type: string + example: + - 2c9180847812e0b1017817051919ecca + - 2c9180887812e0b201781e129f151816 + bestEffortOnly: + description: 'If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use.' + type: boolean + example: true + example: + bestEffortOnly: true + accessProfileIds: + - 2c91808876438bb2017668b91919ecca + - 2c91808876438ba801766e129f151816 + responses: + '200': + description: 'Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.' + content: + application/json: + schema: + type: object + properties: + taskId: + type: string + description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status. + example: 2c9180867817ac4d017817c491119a20 + pending: + type: array + description: List of IDs of Access Profiles which are pending deletion. + items: + type: string + example: + - 2c91808876438bbb017668c21919ecca + - 2c91808876438bb201766e129f151816 + inUse: + type: array + description: List of usages of Access Profiles targeted for deletion. + items: + type: object + properties: + accessProfileId: + type: string + description: ID of the Access Profile that is in use + example: 2c91808876438bbb017668c21919ecca + usedBy: + type: array + description: List of references to objects which are using the indicated Access Profile + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + example: + pending: [] + inUse: + - accessProfileId: 2c91808876438ba801766e129f151816 + usages: + - type: Role + id: 2c9180887643764201766e9f6e121518 + '202': + description: Returned if at least one deletion will be performed. + content: + application/json: + schema: + type: object + properties: + taskId: + type: string + description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status. + example: 2c9180867817ac4d017817c491119a20 + pending: + type: array + description: List of IDs of Access Profiles which are pending deletion. + items: + type: string + example: + - 2c91808876438bbb017668c21919ecca + - 2c91808876438bb201766e129f151816 + inUse: + type: array + description: List of usages of Access Profiles targeted for deletion. + items: + type: object + properties: + accessProfileId: + type: string + description: ID of the Access Profile that is in use + example: 2c91808876438bbb017668c21919ecca + usedBy: + type: array + description: List of references to objects which are using the indicated Access Profile + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + example: + taskId: 2c91808a7813090a01781412a1119a20 + pending: + - 2c91808a7813090a017813fe1919ecca + inUse: + - accessProfileId: 2c91808876438ba801766e129f151816 + usages: + - type: Role + id: 2c9180887643764201766e9f6e121518 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + '/access-profiles/{id}/entitlements': + get: + operationId: getAccessProfileEntitlements + tags: + - Access Profiles + summary: List Access Profile's Entitlements + description: |- + This API lists the Entitlements associated with a given Access Profile + + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given Access Profile + parameters: + - name: id + in: path + description: ID of the containing Access Profile + required: true + schema: + type: string + example: 2c91808a7813090a017814121919ecca + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following Entitlement fields and operators: + **id**: *eq, in* + + **name**: *eq, sw* + + **attribute**: *eq, sw* + + **value**: *eq, sw* + + **created, modified**: *gt, lt, ge, le* + + **owner.id**: *eq, in* + + **source.id**: *eq, in* + example: attribute eq "memberOf" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name, attribute, value, created, modified** + example: 'name,-modified' + required: false + responses: + '200': + description: List of Entitlements + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + /access-requests: + post: + operationId: createAccessRequest + security: + - oauth2: + - 'idn:access-request:create' + summary: Submit an Access Request + tags: + - Access Requests + description: | + This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes. + + Access requests are processed asynchronously by IdentityNow. A success response from this endpoint means the request + has been submitted to IDN and is queued for processing. Because this endpoint is asynchronous, it will not return an error + if you submit duplicate access requests in quick succession, or you submit an access request for access that is already in progress, approved, or rejected. + It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can + be accomplished by using the [access request status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [pending access request approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) endpoints. You can also + use the [search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items that an identity has before submitting + an access request to ensure you are not requesting access that is already granted. + + There are two types of access request: + + __GRANT_ACCESS__ + * Can be requested for multiple identities in a single request. + * Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options. + * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. + * Roles, Access Profiles and Entitlements can be requested. + * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. + + __REVOKE_ACCESS__ + * Can only be requested for a single identity at a time. + * Does not support self request. Only manager can request to revoke access for their directly managed employees. + * If removeDate is specified, then the access will be removed on that date and time only for Roles and Access Profiles. Entitlements are currently unsupported for removeDate. + * Roles, Access Profiles, and Entitlements can be requested for revocation. + * Revoke requests for entitlements are limited to 1 entitlement per access request currently. + * [Roles, Access Profiles] RemoveData can be specified only if access don't have a sunset date. + * Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone. + + NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API. + + A token with API authority cannot be used to call this endpoint. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + requestedFor: + description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.' + type: array + items: + type: string + example: 2c918084660f45d6016617daa9210584 + requestType: + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. + example: GRANT_ACCESS + requestedItems: + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of the item being requested. + example: ACCESS_PROFILE + id: + type: string + description: 'ID of Role, Access Profile or Entitlement being requested.' + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: | + Comment provided by requester. + * Comment is required when the request is of type Revoke Access. + example: Requesting access profile for John Doe + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. + removeDate: + type: string + description: | + The date the role or access profile is no longer assigned to the specified identity. + * Specify a date in the future. + * The current SLA for the deprovisioning is 24 hours. + * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. + * Currently it is not supported for entitlements. + * If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements. + format: date-time + example: '2020-07-11T21:23:15.000Z' + required: + - id + - type + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. + required: + - requestedFor + - requestedItems + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-requests/cancel: + post: + operationId: cancelAccessRequest + tags: + - Access Requests + summary: Cancel Access Request + description: |- + This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step. + Any token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Request body payload for cancel access request endpoint. + required: + - accountActivityId + - comment + properties: + accountActivityId: + type: string + description: ID of the account activity object corresponding to the access request. + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: Reason for cancelling the pending access request. + example: I requested this role by mistake. + example: + accountActivityId: 2c91808568c529c60168cca6f90c1313 + comment: I requested this role by mistake. + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-config: + get: + operationId: getAccessRequestConfig + summary: Get Access Request Configuration + tags: + - Access Requests + description: This endpoint returns the current access-request configuration. + responses: + '200': + description: Access Request Configuration Details. + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateAccessRequestConfig + summary: Update Access Request Configuration + tags: + - Access Requests + description: |- + This endpoint replaces the current access-request configuration. + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + responses: + '200': + description: Access Request Configuration Details. + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-status: + get: + operationId: listAccessRequestStatus + tags: + - Access Requests + summary: Access Request Status + description: |- + The Access Request Status API returns a list of access request statuses based on the specified query parameters. + Any token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users. + parameters: + - in: query + name: requested-for + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + - in: query + name: requested-by + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + - in: query + name: regarding-identity + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. + required: false + - in: query + name: count + description: If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + required: false + schema: + type: boolean + default: false + example: false + - in: query + name: limit + description: Max number of results to return. + required: false + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + example: 100 + - in: query + name: offset + description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified. + required: false + schema: + type: integer + format: int32 + minimum: 0 + example: 10 + - in: query + name: filters + schema: + type: string + example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **accountActivityItemId**: *eq, in* + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified, accountActivityItemId** + example: created + required: false + responses: + '200': + description: List of requested item status. + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: Human-readable display name of the item being requested. + example: AccessProfile1 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of requested object. + example: ACCESS_PROFILE + cancelledRequestDetails: + nullable: true + type: object + properties: + comment: + type: string + description: Comment made by the owner when cancelling the associated request. + example: Nisl quis ipsum quam quisque condimentum nunc ut dolor nunc. + owner: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Date comment was added by the owner when cancelling the associated request + example: '2019-12-20T09:17:12.192Z' + description: Provides additional details for a request that has been cancelled. + errorMessages: + type: array + nullable: true + items: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + description: 'List of list of localized error messages, if any, encountered during the approval/provisioning process.' + state: + type: string + enum: + - EXECUTING + - REQUEST_COMPLETED + - CANCELLED + - TERMINATED + - PROVISIONING_VERIFICATION_PENDING + - REJECTED + - PROVISIONING_FAILED + - NOT_ALL_ITEMS_PROVISIONED + - ERROR + description: |- + Indicates the state of an access request: + * EXECUTING: The request is executing, which indicates the system is doing some processing. + * REQUEST_COMPLETED: Indicates the request has been completed. + * CANCELLED: The request was cancelled with no user input. + * TERMINATED: The request has been terminated before it was able to complete. + * PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified. + * REJECTED: The request was rejected. + * PROVISIONING_FAILED: The request has failed to complete. + * NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes. + * ERROR: An error occurred during request processing. + example: EXECUTING + approvalDetails: + type: array + items: + type: object + properties: + forwarded: + type: boolean + description: True if the request for this item was forwarded from one owner to another. + example: false + originalOwner: + description: 'Base identity/workgroup reference object representing the original owner, if forwarded.' + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + currentOwner: + description: Base reference of approver that will make decision. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + reviewedBy: + description: The identity who has reviewed the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Time at which item was modified. + example: '2019-08-23T18:52:57.398Z' + status: + type: string + enum: + - PENDING + - APPROVED + - REJECTED + - EXPIRED + - CANCELLED + - ARCHIVED + description: |- + Indicates the state of the request processing for this item: + * PENDING: The request for this item is awaiting processing. + * APPROVED: The request for this item has been approved. + * REJECTED: The request for this item was rejected. + * EXPIRED: The request for this item expired with no action taken. + * CANCELLED: The request for this item was cancelled with no user action. + * ARCHIVED: The request for this item has been archived after completion. + example: PENDING + scheme: + type: string + enum: + - APP_OWNER + - SOURCE_OWNER + - MANAGER + - ROLE_OWNER + - ACCESS_PROFILE_OWNER + - ENTITLEMENT_OWNER + - GOVERNANCE_GROUP + description: Describes the individual or group that is responsible for an approval step. + example: MANAGER + errorMessages: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + description: 'If the request failed, includes any error messages that were generated.' + comment: + type: string + description: 'Comment, if any, provided by the approver.' + example: I approve this request + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + description: Approval details for each item. + manualWorkItemDetails: + type: array + nullable: true + items: + type: object + properties: + forwarded: + type: boolean + description: True if the request for this item was forwarded from one owner to another. + example: true + originalOwner: + description: 'Base identity/workgroup reference object representing the original owner, if forwarded.' + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + currentOwner: + description: Base reference of approver that will make decision. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Time at which item was modified. + example: '2019-08-23T18:52:57.398Z' + status: + type: string + enum: + - PENDING + - APPROVED + - REJECTED + - EXPIRED + - CANCELLED + - ARCHIVED + description: |- + Indicates the state of the request processing for this item: + * PENDING: The request for this item is awaiting processing. + * APPROVED: The request for this item has been approved. + * REJECTED: The request for this item was rejected. + * EXPIRED: The request for this item expired with no action taken. + * CANCELLED: The request for this item was cancelled with no user action. + * ARCHIVED: The request for this item has been archived after completion. + example: PENDING + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + description: Manual work items created for provisioning the item. + accountActivityItemId: + type: string + description: Id of associated account activity item. + example: 2c9180926cbfbddd016cbfc7c3b10010 + requestType: + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. + example: GRANT_ACCESS + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the Access Request Status is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requesterComment: + nullable: true + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + sodViolationContext: + nullable: true + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + provisioningDetails: + nullable: true + type: object + properties: + orderedSubPhaseReferences: + type: string + description: 'Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.' + example: manualWorkItemDetails + description: Provides additional details about provisioning for this request. + preApprovalTriggerDetails: + nullable: true + type: object + properties: + comment: + type: string + description: Comment left for the pre-approval decision + example: Access is Approved + reviewer: + type: string + description: The reviewer of the pre-approval decision + example: John Doe + decision: + type: string + enum: + - APPROVED + - REJECTED + description: The decision of the pre-approval trigger + example: APPROVED + description: Provides additional details about the pre-approval trigger for this request. + accessRequestPhases: + type: array + items: + type: object + properties: + started: + type: string + description: The time that this phase started. + format: date-time + example: '2020-07-11T00:00:00Z' + finished: + type: string + description: The time that this phase finished. + format: date-time + example: '2020-07-12T00:00:00Z' + name: + type: string + description: The name of this phase. + example: APPROVAL_PHASE + state: + type: string + enum: + - PENDING + - EXECUTING + - COMPLETED + - CANCELLED + description: The state of this phase. + example: COMPLETED + result: + type: string + enum: + - SUCCESSFUL + - FAILED + description: The state of this phase. + example: SUCCESSFUL + phaseReference: + type: string + description: 'A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.' + example: approvalDetails + description: Provides additional details about this access request phase. + description: 'A list of Phases that the Access Request has gone through in order, to help determine the status of the request.' + description: + type: string + description: Description associated to the requested object. + example: This is the Engineering role that engineers are granted. + removeDate: + type: string + format: date-time + nullable: true + description: When the role access is scheduled for removal. + example: '2019-10-23T00:00:00.000Z' + cancelable: + type: boolean + description: True if the request can be canceled. + example: true + accessRequestId: + type: string + format: string + description: This is the account activity id. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + key1: value1 + key2: value2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/pending: + get: + operationId: listPendingApprovals + summary: Pending Access Request Approvals List + tags: + - Access Request Approvals + description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info. + parameters: + - in: query + name: owner-id + schema: + type: string + description: |- + If present, the value returns only pending approvals for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used. + * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value. + example: 2c91808568c529c60168cca6f90c1313 + required: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **requestedFor.id**: *eq, in* + + **modified**: *gt, lt, ge, le* + example: id eq "2c91808568c529c60168cca6f90c1313" + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified** + example: modified + responses: + '200': + description: List of Pending Approvals. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The approval id. + example: id12345 + name: + type: string + description: The name of the approval. + example: aName + created: + type: string + format: date-time + description: When the approval was created. + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: When the approval was modified last time. + example: '2018-07-25T20:22:28.104Z' + requestCreated: + type: string + format: date-time + description: When the access-request was created. + example: '2017-07-11T18:45:35.098Z' + requestType: + description: If the access-request was for granting or revoking access. + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + example: GRANT_ACCESS + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the item is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + owner: + description: The owner or approver of the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedObject: + description: The requested access item. + type: object + properties: + id: + type: string + description: Id of the object. + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the object. + example: Applied Research Access + description: + type: string + description: Description of the object. + example: 'Access to research information, lab results, and schematics' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of the object. + example: ROLE + requesterComment: + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + previousReviewersComments: + type: array + items: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + description: The history of the previous reviewers comments. + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + commentRequiredWhenRejected: + type: boolean + description: When true the rejector has to provide comments when rejecting + example: true + actionInProcess: + description: 'Action that is performed on this approval, and system has not finished performing that action yet.' + type: string + enum: + - APPROVED + - REJECTED + - FORWARDED + example: APPROVED + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + removeDateUpdateRequested: + type: boolean + description: 'If true, then the request is to change the remove date or sunset date.' + example: true + currentRemoveDate: + type: string + description: The remove date or sunset date that was assigned at the time of the request. + format: date-time + example: '2020-07-11T00:00:00Z' + sodViolationContext: + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/completed: + get: + operationId: listCompletedApprovals + summary: Completed Access Request Approvals List + tags: + - Access Request Approvals + description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info. + parameters: + - in: query + name: owner-id + required: false + schema: + type: string + description: |- + If present, the value returns only completed approvals for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN users can also fetch all the approvals in the org, when + owner-id is not used. + * Non-ORG_ADMIN users can only specify *me* or pass their own + identity ID value. + example: 2c91808568c529c60168cca6f90c1313 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **requestedFor.id**: *eq, in* + + **modified**: *gt, lt, ge, le* + example: id eq "2c91808568c529c60168cca6f90c1313" + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified** + example: modified + responses: + '200': + description: List of Completed Approvals. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The approval id. + example: id12345 + name: + type: string + description: The name of the approval. + example: aName + created: + type: string + format: date-time + description: When the approval was created. + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: When the approval was modified last time. + example: '2018-07-25T20:22:28.104Z' + requestCreated: + type: string + format: date-time + description: When the access-request was created. + example: '2017-07-11T18:45:35.098Z' + requestType: + description: If the access-request was for granting or revoking access. + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + example: GRANT_ACCESS + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the item is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + reviewedBy: + description: The identity who has reviewed the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + owner: + description: The owner or approver of the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedObject: + description: The requested access item. + type: object + properties: + id: + type: string + description: Id of the object. + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the object. + example: Applied Research Access + description: + type: string + description: Description of the object. + example: 'Access to research information, lab results, and schematics' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of the object. + example: ROLE + requesterComment: + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + reviewerComment: + allOf: + - type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + description: The approval's reviewer's comment. + nullable: true + previousReviewersComments: + type: array + items: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + description: The history of the previous reviewers comments. + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + commentRequiredWhenRejected: + type: boolean + description: When true the rejector has to provide comments when rejecting + example: true + state: + description: The final state of the approval + type: string + enum: + - APPROVED + - REJECTED + example: APPROVED + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + nullable: true + removeDateUpdateRequested: + type: boolean + description: 'If true, then the request was to change the remove date or sunset date.' + example: true + currentRemoveDate: + type: string + description: The remove date or sunset date that was assigned at the time of the request. + format: date-time + example: '2020-07-11T00:00:00Z' + nullable: true + sodViolationContext: + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/approve': + post: + operationId: approveAccessRequest + summary: Approves an access request approval. + tags: + - Access Request Approvals + description: This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Reviewer's comment. + required: false + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/reject': + post: + operationId: rejectAccessRequest + summary: Rejects an access request approval. + tags: + - Access Request Approvals + description: This endpoint rejects an access request approval. Only the owner of the approval and admin users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Reviewer's comment. + required: false + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/forward': + post: + operationId: forwardAccessRequest + summary: Forwards an access request approval. + tags: + - Access Request Approvals + description: This endpoint forwards an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Information about the forwarded approval. + required: true + content: + application/json: + schema: + type: object + required: + - newOwnerId + - comment + properties: + newOwnerId: + type: string + description: The Id of the new owner + example: 2c91808568c529c60168cca6f90c1314 + minLength: 1 + maxLength: 255 + comment: + type: string + description: The comment provided by the forwarder + example: 2c91808568c529c60168cca6f90c1313 + minLength: 1 + maxLength: 255 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/approval-summary: + get: + operationId: getAccessRequestApprovalSummary + summary: Get the number of access-requests-approvals + tags: + - Access Request Approvals + description: 'This endpoint returns the number of pending, approved and rejected access requests approvals. See "owner-id" query parameter below for authorization info.' + parameters: + - in: query + name: owner-id + schema: + type: string + description: |- + The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN user can also fetch all the approvals in the org, when + owner-id is not used. + * Non ORG_ADMIN users can only specify *me* or pass their own + identity ID value. + example: 2c91808568c529c60168cca6f90c1313 + required: false + - in: query + name: from-date + schema: + type: string + description: From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format + example: 'from-date=2020-03-19T19:59:11Z' + required: false + responses: + '200': + description: 'Number of pending, approved, rejected access request approvals.' + content: + application/json: + schema: + type: object + properties: + pending: + type: integer + description: The number of pending access requests approvals. + format: int32 + example: 0 + approved: + type: integer + description: The number of approved access requests approvals. + format: int32 + example: 0 + rejected: + type: integer + description: The number of rejected access requests approvals. + format: int32 + example: 0 + '400': + description: Client Error - Returned if the query parameter is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /accounts: + get: + operationId: listAccounts + tags: + - Accounts + summary: Accounts List + description: |- + This returns a list of accounts. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: identityId eq "2c9180858082150f0180893dbaf44201" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **identityId**: *eq* + + **name**: *eq, in* + + **nativeIdentity**: *eq, in* + + **sourceId**: *eq, in* + + **uncorrelated**: *eq* + required: false + responses: + '200': + description: List of account objects + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - sourceId + - sourceName + - attributes + - authoritative + - disabled + - locked + - nativeIdentity + - systemAccount + - uncorrelated + - manuallyCorrelated + - hasEntitlements + properties: + sourceId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The unique ID of the source this account belongs to + sourceName: + type: string + example: Employees + description: The display name of the source this account belongs to + identityId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The unique ID of the identity this account is correlated to + attributes: + type: object + additionalProperties: true + description: The account attributes that are aggregated + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + authoritative: + type: boolean + description: Indicates if this account is from an authoritative source + example: false + description: + type: string + description: A description of the account + nullable: true + example: null + disabled: + type: boolean + description: Indicates if the account is currently disabled + example: false + locked: + type: boolean + description: Indicates if the account is currently locked + example: false + nativeIdentity: + type: string + description: The unique ID of the account generated by the source system + example: '552775' + systemAccount: + type: boolean + example: false + description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.' + uncorrelated: + type: boolean + description: Indicates if this account is not correlated to an identity + example: false + uuid: + type: string + description: The unique ID of the account as determined by the account schema + example: slpt.support + nullable: true + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + hasEntitlements: + type: boolean + description: Indicates if the account has entitlements + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createAccount + tags: + - Accounts + summary: Create Account + description: |- + This API submits an account creation task and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - attributes + properties: + attributes: + description: The schema attribute values for the account + type: object + required: + - sourceId + properties: + sourceId: + type: string + description: Target source to create an account + example: 34bfcbe116c9407464af37acbaf7a4dc + additionalProperties: + type: string + example: + sourceId: 34bfcbe116c9407464af37acbaf7a4dc + city: Austin + displayName: John Doe + userName: jdoe + sAMAccountName: jDoe + mail: john.doe@sailpoint.com + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}': + get: + operationId: getAccount + tags: + - Accounts + summary: Account Details + description: |- + This API returns the details for a single account based on the ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An account object + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - sourceId + - sourceName + - attributes + - authoritative + - disabled + - locked + - nativeIdentity + - systemAccount + - uncorrelated + - manuallyCorrelated + - hasEntitlements + properties: + sourceId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The unique ID of the source this account belongs to + sourceName: + type: string + example: Employees + description: The display name of the source this account belongs to + identityId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The unique ID of the identity this account is correlated to + attributes: + type: object + additionalProperties: true + description: The account attributes that are aggregated + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + authoritative: + type: boolean + description: Indicates if this account is from an authoritative source + example: false + description: + type: string + description: A description of the account + nullable: true + example: null + disabled: + type: boolean + description: Indicates if the account is currently disabled + example: false + locked: + type: boolean + description: Indicates if the account is currently locked + example: false + nativeIdentity: + type: string + description: The unique ID of the account generated by the source system + example: '552775' + systemAccount: + type: boolean + example: false + description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.' + uncorrelated: + type: boolean + description: Indicates if this account is not correlated to an identity + example: false + uuid: + type: string + description: The unique ID of the account as determined by the account schema + example: slpt.support + nullable: true + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + hasEntitlements: + type: boolean + description: Indicates if the account has entitlements + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateAccount + tags: + - Accounts + summary: Update Account + description: |- + Use this API to modify the following fields: + * `identityId` + + * `manuallyCorrelated` + + >**NOTE: All other fields can not be modified.** + + The request must provide a JSONPatch payload. + + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /identityId + value: 2c9180845d1edece015d27a975983e21 + responses: + '202': + description: Accepted. Update request accepted and is in progress. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putAccount + tags: + - Accounts + summary: Update Account + description: |- + This API submits an account update task and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + >**NOTE: The PUT Account API is designated only for Delimited File sources.** + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - attributes + properties: + attributes: + description: The schema attribute values for the account + type: object + additionalProperties: true + example: + city: Austin + displayName: John Doe + userName: jdoe + sAMAccountName: jDoe + mail: john.doe@sailpoint.com + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteAccount + tags: + - Accounts + summary: Delete Account + description: |- + This API submits an account delete task and returns the task ID. This operation can only be used on Flat File Sources. Any attempt to execute this request on the source of other type will result in an error response with a status code of 400. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/entitlements': + get: + operationId: getAccountEntitlements + tags: + - Accounts + summary: Account Entitlements + description: |- + This API returns entitlements of the account. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An array of account entitlements + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Entitlement object that represents entitlement + properties: + attribute: + description: Name of the entitlement attribute + type: string + example: authorizationType + value: + description: Raw value of the entitlement + type: string + example: 'CN=Users,dc=sailpoint,dc=com' + description: + description: Entitlment description + type: string + example: Active Directory DC + attributes: + description: Entitlement attributes + type: object + additionalProperties: true + example: + GroupType: Security + sAMAccountName: Buyer + sourceSchemaObjectType: + description: Schema objectType on the given application that maps to an Account Group + type: string + example: group + privileged: + description: Determines if this Entitlement is privileged. + type: boolean + example: false + cloudGoverned: + description: Determines if this Entitlement is goverened in the cloud. + type: boolean + example: false + source: + description: Reference to the source this entitlment belongs to. + example: + - type: SOURCE + id: 2c9180835d191a86015d28455b4b232a + name: HR Active Directory + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/reload': + post: + operationId: reloadAccount + tags: + - Accounts + summary: Reload Account + description: |- + This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/enable': + post: + operationId: enableAccount + tags: + - Accounts + summary: Enable Account + description: |- + This API submits a task to enable account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account enable/disable + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/disable': + post: + operationId: disableAccount + tags: + - Accounts + summary: Disable Account + description: |- + This API submits a task to disable the account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account enable/disable + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/unlock': + post: + operationId: unlockAccount + tags: + - Accounts + summary: Unlock Account + description: |- + This API submits a task to unlock an account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account unlock + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + unlockIDNAccount: + description: 'If set, the IDN account is unlocked after the workflow completes.' + type: boolean + example: false + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /account-activities: + get: + operationId: listAccountActivities + tags: + - Account Activities + summary: List Account Activities + description: This gets a collection of account activities that satisfy the given query parameters. + parameters: + - in: query + name: requested-for + schema: + type: string + description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + example: 2c91808568c529c60168cca6f90c1313 + - in: query + name: requested-by + schema: + type: string + description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + example: 2c91808568c529c60168cca6f90c1313 + - in: query + name: regarding-identity + schema: + type: string + description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. + required: false + example: 2c91808568c529c60168cca6f90c1313 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results). + + Filtering is supported for the following fields and operators: + + **type**: *eq, in* (See the `type` property in the response schema for possible values) + + **created**: *gt, lt, ge, le* + + **modified**: *gt, lt, ge, le* + example: type eq "Identity Refresh" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Sorting is supported for the following fields: **type, created, modified** + example: created + required: false + responses: + '200': + description: List of account activities + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Id of the account activity + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: The name of the activity + example: 2c9180835d2e5168015d32f890ca1581 + created: + description: When the activity was first created + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + description: When the activity was last modified + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + nullable: true + completed: + description: When the activity was completed + type: string + format: date-time + nullable: true + example: '2018-10-19T13:49:37.385Z' + completionStatus: + nullable: true + type: string + description: The status after completion. + enum: + - SUCCESS + - FAILURE + - INCOMPLETE + - PENDING + example: SUCCESS + type: + nullable: true + type: string + example: appRequest + description: | + The type of action the activity performed. Please see the following list of types. This list may grow over time. + + - CloudAutomated + - IdentityAttributeUpdate + - appRequest + - LifecycleStateChange + - AccountStateUpdate + - AccountAttributeUpdate + - CloudPasswordRequest + - Attribute Synchronization Refresh + - Certification + - Identity Refresh + - Lifecycle Change Refresh + + + [Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data). + requesterIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + targetIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + errors: + nullable: true + description: 'A list of error messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' + warnings: + nullable: true + description: 'A list of warning messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'Some warning, another warning' + items: + type: array + description: Individual actions performed as part of this account activity + items: + type: object + properties: + id: + type: string + description: Item id + example: 48c545831b264409a81befcabb0e3c5a + name: + type: string + description: Human-readable display name of item + example: 48c545831b264409a81befcabb0e3c5a + requested: + type: string + format: date-time + description: Date and time item was requested + example: '2017-07-11T18:45:37.098Z' + approvalStatus: + nullable: true + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + provisioningStatus: + type: string + enum: + - PENDING + - FINISHED + - UNVERIFIABLE + - COMMITED + - FAILED + - RETRY + description: Provisioning state of an account activity item + example: PENDING + requesterComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + reviewerIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + reviewerComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + operation: + nullable: true + type: string + enum: + - ADD + - CREATE + - MODIFY + - DELETE + - DISABLE + - ENABLE + - UNLOCK + - LOCK + - REMOVE + description: Represents an operation in an account activity item + example: ADD + attribute: + type: string + description: Attribute to which account activity applies + nullable: true + example: detectedRoles + value: + type: string + description: Value of attribute + nullable: true + example: 'Treasury Analyst [AccessProfile-1529010191212]' + nativeIdentity: + nullable: true + type: string + description: Native identity in the target system to which the account activity applies + example: Sandie.Camero + sourceId: + type: string + description: Id of Source to which account activity applies + example: 2c91808363ef85290164000587130c0c + accountRequestInfo: + type: object + nullable: true + properties: + requestedObjectId: + type: string + description: Id of requested object + example: 2c91808563ef85690164001c31140c0c + requestedObjectName: + type: string + description: Human-readable name of requested object + example: Treasury Analyst + requestedObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + description: 'If an account activity item is associated with an access request, captures details of that request.' + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item' + example: + customKey1: custom value 1 + customKey2: custom value 2 + removeDate: + nullable: true + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + executionStatus: + type: string + description: The current state of execution. + enum: + - EXECUTING + - VERIFYING + - TERMINATED + - COMPLETED + example: COMPLETED + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + customKey1: custom value 1 + customKey2: custom value 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/account-activities/{id}': + get: + operationId: getAccountActivity + tags: + - Account Activities + summary: Get an Account Activity + description: This gets a single account activity by its id. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account activity id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An account activity object + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Id of the account activity + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: The name of the activity + example: 2c9180835d2e5168015d32f890ca1581 + created: + description: When the activity was first created + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + description: When the activity was last modified + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + nullable: true + completed: + description: When the activity was completed + type: string + format: date-time + nullable: true + example: '2018-10-19T13:49:37.385Z' + completionStatus: + nullable: true + type: string + description: The status after completion. + enum: + - SUCCESS + - FAILURE + - INCOMPLETE + - PENDING + example: SUCCESS + type: + nullable: true + type: string + example: appRequest + description: | + The type of action the activity performed. Please see the following list of types. This list may grow over time. + + - CloudAutomated + - IdentityAttributeUpdate + - appRequest + - LifecycleStateChange + - AccountStateUpdate + - AccountAttributeUpdate + - CloudPasswordRequest + - Attribute Synchronization Refresh + - Certification + - Identity Refresh + - Lifecycle Change Refresh + + + [Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data). + requesterIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + targetIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + errors: + nullable: true + description: 'A list of error messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' + warnings: + nullable: true + description: 'A list of warning messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'Some warning, another warning' + items: + type: array + description: Individual actions performed as part of this account activity + items: + type: object + properties: + id: + type: string + description: Item id + example: 48c545831b264409a81befcabb0e3c5a + name: + type: string + description: Human-readable display name of item + example: 48c545831b264409a81befcabb0e3c5a + requested: + type: string + format: date-time + description: Date and time item was requested + example: '2017-07-11T18:45:37.098Z' + approvalStatus: + nullable: true + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + provisioningStatus: + type: string + enum: + - PENDING + - FINISHED + - UNVERIFIABLE + - COMMITED + - FAILED + - RETRY + description: Provisioning state of an account activity item + example: PENDING + requesterComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + reviewerIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + reviewerComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + operation: + nullable: true + type: string + enum: + - ADD + - CREATE + - MODIFY + - DELETE + - DISABLE + - ENABLE + - UNLOCK + - LOCK + - REMOVE + description: Represents an operation in an account activity item + example: ADD + attribute: + type: string + description: Attribute to which account activity applies + nullable: true + example: detectedRoles + value: + type: string + description: Value of attribute + nullable: true + example: 'Treasury Analyst [AccessProfile-1529010191212]' + nativeIdentity: + nullable: true + type: string + description: Native identity in the target system to which the account activity applies + example: Sandie.Camero + sourceId: + type: string + description: Id of Source to which account activity applies + example: 2c91808363ef85290164000587130c0c + accountRequestInfo: + type: object + nullable: true + properties: + requestedObjectId: + type: string + description: Id of requested object + example: 2c91808563ef85690164001c31140c0c + requestedObjectName: + type: string + description: Human-readable name of requested object + example: Treasury Analyst + requestedObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + description: 'If an account activity item is associated with an access request, captures details of that request.' + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item' + example: + customKey1: custom value 1 + customKey2: custom value 2 + removeDate: + nullable: true + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + executionStatus: + type: string + description: The current state of execution. + enum: + - EXECUTING + - VERIFYING + - TERMINATED + - COMPLETED + example: COMPLETED + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + customKey1: custom value 1 + customKey2: custom value 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /certifications: + get: + operationId: listIdentityCertifications + tags: + - Certifications + summary: Identity Campaign Certifications by IDs + description: 'This API returns a list of identity campaign certifications that satisfy the given query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. This API does not support requests for certifications assigned to Governance Groups.' + parameters: + - in: query + name: reviewer-identity + schema: + type: string + example: me + description: The ID of reviewer identity. *me* indicates the current user. + required: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + Filtering is supported for the following fields and operators: + **id**: *eq, in* + **campaign.id**: *eq, in* + **phase**: *eq* + **completed**: *eq, ne* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'name,due' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Sorting is supported for the following fields: **name, due, signed** + responses: + '200': + description: List of identity campaign certifications + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}': + get: + operationId: getIdentityCertification + tags: + - Certifications + summary: Identity Certification by ID + description: This API returns a single identity campaign certification by its ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The certification id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An identity campaign certification object + content: + application/json: + schema: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/access-review-items': + get: + operationId: listIdentityAccessReviewItems + tags: + - Certifications + summary: List of Access Review Items + description: This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + required: false + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **type / access.type**: *eq* + + **completed**: *eq, ne* + + **identitySummary.id**: *eq, in* + + **identitySummary.name**: *eq, sw* + + **access.id**: *eq, in* + + **access.name**: *eq, sw* + + **entitlement.sourceName**: *eq, sw* + + **accessProfile.sourceName**: *eq, sw* + example: id eq "ef38f94347e94562b5bb8424a56397d8" + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'access.name,-accessProfile.sourceName' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName** + - in: query + name: entitlements + required: false + schema: + type: string + example: identityEntitlement + description: |- + Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs. + + An error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time. + - in: query + name: access-profiles + required: false + schema: + type: string + example: accessProfile1 + description: |- + Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs. + + An error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time. + - in: query + name: roles + required: false + schema: + type: string + example: userRole + description: |- + Filter results to view access review items that pertain to any of the specified comma-separated role IDs. + + An error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time. + responses: + '200': + description: A list of access review items + content: + application/json: + schema: + type: array + items: + type: object + properties: + accessSummary: + type: object + description: An object holding the access that is being reviewed + properties: + access: + type: object + properties: + type: + description: The type of item being certified + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: The ID of the item being certified + example: 2c9180867160846801719932c5153fb7 + name: + type: string + description: The name of the item being certified + example: Entitlement for Company Database + entitlement: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + accessProfile: + type: object + properties: + id: + type: string + description: The id of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + endDate: + nullable: true + type: string + format: date-time + description: The date at which a user's access expires + example: '2021-12-25T00:00:00.000Z' + owner: + description: Owner of the Access Profile + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlements: + type: array + description: A list of entitlements associated with this Access Profile + items: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + created: + type: string + description: Date the Access Profile was created. + format: date-time + example: '2021-01-01T22:32:58.104Z' + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-02-01T22:32:58.104Z' + role: + type: object + nullable: true + properties: + id: + type: string + description: The id for the Role + example: 2c91808a7190d06e0171993907fd0794 + name: + type: string + description: The name of the Role + example: Accounting-Employees + description: + type: string + description: Information about the Role + example: Role for members of the accounting department with the necessary Access Profiles + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + revocable: + type: boolean + description: Indicates whether the Role can be revoked or requested + example: false + endDate: + type: string + format: date-time + description: The date when a user's access expires. + example: '2021-12-25T00:00:00.000Z' + accessProfiles: + type: array + description: The list of Access Profiles associated with this Role + items: + type: object + properties: + id: + type: string + description: The id of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + endDate: + nullable: true + type: string + format: date-time + description: The date at which a user's access expires + example: '2021-12-25T00:00:00.000Z' + owner: + description: Owner of the Access Profile + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlements: + type: array + description: A list of entitlements associated with this Access Profile + items: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + created: + type: string + description: Date the Access Profile was created. + format: date-time + example: '2021-01-01T22:32:58.104Z' + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-02-01T22:32:58.104Z' + identitySummary: + type: object + properties: + id: + type: string + description: The ID of the identity summary + example: 2c91808772a504f50172a9540e501ba7 + name: + type: string + description: Name of the linked identity + example: Alison Ferguso + identityId: + type: string + description: The ID of the identity being certified + example: 2c9180857182306001719937377a33de + completed: + type: boolean + description: Indicates whether the review items for the linked identity's certification have been completed + example: true + id: + type: string + description: The review item's id + example: ef38f94347e94562b5bb8424a56397d8 + completed: + type: boolean + description: Whether the review item is complete + example: false + newAccess: + type: boolean + description: Indicates whether the review item is for new access to a source + example: false + decision: + type: string + description: The decision to approve or revoke the review item + enum: + - APPROVE + - REVOKE + example: APPROVE + comments: + nullable: true + type: string + description: Comments for this review item + example: This user still needs access to this source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/decide': + post: + operationId: makeIdentityDecision + tags: + - Certifications + summary: Decide on a Certification Item + description: The API makes a decision to approve or revoke one or more identity campaign certification items. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the identity campaign certification on which to make decisions + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: A non-empty array of decisions to be made. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The id of the review decision + example: ef38f94347e94562b5bb8424a56397d8 + decision: + type: string + description: The decision to approve or revoke the review item + enum: + - APPROVE + - REVOKE + example: APPROVE + proposedEndDate: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: The date at which a user's access should be taken away. Should only be set for `REVOKE` decisions. + bulk: + type: boolean + description: Indicates whether decision should be marked as part of a larger bulk decision + example: true + recommendation: + nullable: true + type: object + properties: + recommendation: + type: string + description: The recommendation from IAI at the time of the decision. This field will be null if no recommendation was made. + example: null + nullable: true + reasons: + type: array + items: + type: string + description: A list of reasons for the recommendation. + example: + - Reason 1 + - Reason 2 + timestamp: + type: string + format: date-time + description: The time at which the recommendation was recorded. + example: '2020-06-01T13:49:37.385Z' + comments: + type: string + description: Comments recorded when the decision was made + example: This user no longer needs access to this source + required: + - id + - decision + - bulk + minItems: 1 + maxItems: 250 + example: + - id: ef38f94347e94562b5bb8424a56396b5 + decision: APPROVE + bulk: true + comments: This user still needs access to this source. + - id: ef38f94347e94562b5bb8424a56397d8 + decision: APPROVE + bulk: true + comments: This user still needs access to this source too. + responses: + '200': + description: An identity campaign certification object + content: + application/json: + schema: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/reassign': + post: + operationId: reassignIdentityCertifications + tags: + - Certifications + summary: Reassign Identities or Items + description: This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + reassign: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of item or identity being reassigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of item or identity being reassigned. + enum: + - TARGET_SUMMARY + - ITEM + - IDENTITY_SUMMARY + example: ITEM + required: + - id + - type + reassignTo: + type: string + description: The ID of the identity to which the certification is reassigned + example: ef38f94347e94562b5bb8424a56397d8 + reason: + type: string + description: The reason comment for why the reassign was made + example: reassigned for some reason + required: + - reassign + - reassignTo + - reason + responses: + '200': + description: An identity campaign certification details after completing the reassignment. + content: + application/json: + schema: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/sign-off': + post: + operationId: signOffIdentityCertification + tags: + - Certifications + summary: Finalize Identity Certification Decisions + description: This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An identity campaign certification object + content: + application/json: + schema: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/decision-summary': + get: + operationId: getIdentityDecisionSummary + tags: + - Certification Summaries + summary: Summary of Certification Decisions + description: This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: filters + required: false + schema: + type: string + example: identitySummary.id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **identitySummary.id**: *eq, in* + responses: + '200': + description: Summary of the decisions made + content: + application/json: + schema: + type: object + properties: + entitlementDecisionsMade: + type: integer + description: Number of entitlement decisions that have been made + example: 3 + format: int32 + accessProfileDecisionsMade: + type: integer + description: Number of access profile decisions that have been made + example: 5 + format: int32 + roleDecisionsMade: + type: integer + description: Number of role decisions that have been made + example: 2 + format: int32 + accountDecisionsMade: + type: integer + description: Number of account decisions that have been made + example: 4 + format: int32 + entitlementDecisionsTotal: + type: integer + description: 'The total number of entitlement decisions on the certification, both complete and incomplete' + example: 6 + format: int32 + accessProfileDecisionsTotal: + type: integer + description: 'The total number of access profile decisions on the certification, both complete and incomplete' + example: 10 + format: int32 + roleDecisionsTotal: + type: integer + description: 'The total number of role decisions on the certification, both complete and incomplete' + example: 4 + format: int32 + accountDecisionsTotal: + type: integer + description: 'The total number of account decisions on the certification, both complete and incomplete' + example: 8 + format: int32 + entitlementsApproved: + type: integer + description: The number of entitlement decisions that have been made which were approved + example: 2 + format: int32 + entitlementsRevoked: + type: integer + description: The number of entitlement decisions that have been made which were revoked + example: 1 + format: int32 + accessProfilesApproved: + type: integer + description: The number of access profile decisions that have been made which were approved + example: 3 + format: int32 + accessProfilesRevoked: + type: integer + description: The number of access profile decisions that have been made which were revoked + example: 2 + format: int32 + rolesApproved: + type: integer + description: The number of role decisions that have been made which were approved + example: 2 + format: int32 + rolesRevoked: + type: integer + description: The number of role decisions that have been made which were revoked + example: 0 + format: int32 + accountsApproved: + type: integer + description: The number of account decisions that have been made which were approved + example: 1 + format: int32 + accountsRevoked: + type: integer + description: The number of account decisions that have been made which were revoked + example: 3 + format: int32 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/identity-summaries': + get: + operationId: getIdentitySummaries + tags: + - Certification Summaries + summary: Identity Summaries for Campaign Certification + description: This API returns a list of the identity summaries for a specific identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **completed**: *eq, ne* + + **name**: *eq, sw* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: name + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + responses: + '200': + description: List of identity summaries + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of the identity summary + example: 2c91808772a504f50172a9540e501ba7 + name: + type: string + description: Name of the linked identity + example: Alison Ferguso + identityId: + type: string + description: The ID of the identity being certified + example: 2c9180857182306001719937377a33de + completed: + type: boolean + description: Indicates whether the review items for the linked identity's certification have been completed + example: true + example: + - id: 2c91808772a504f50172a9540e501ba7 + name: Aaron Grey + identityId: 2c9180857182306001719937379633e4 + completed: false + - id: 2c91808772a504f50172a9540e501ba8 + name: Aglae Wilson + identityId: 2c9180857182306001719937377a33de + completed: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/access-summaries/{type}': + get: + operationId: getIdentityAccessSummaries + tags: + - Certification Summaries + summary: Access Summaries + description: This API returns a list of access summaries for the specified identity campaign certification and type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: type + schema: + type: string + enum: + - ROLE + - ACCESS_PROFILE + - ENTITLEMENT + required: true + description: The type of access review item to retrieve summaries for + example: ACCESS_PROFILE + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: access.id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **completed**: *eq, ne* + + **access.id**: *eq, in* + + **access.name**: *eq, sw* + + **entitlement.sourceName**: *eq, sw* + + **accessProfile.sourceName**: *eq, sw* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: access.name + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **access.name** + responses: + '200': + description: List of access summaries + content: + application/json: + schema: + type: array + items: + type: object + description: An object holding the access that is being reviewed + properties: + access: + type: object + properties: + type: + description: The type of item being certified + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: The ID of the item being certified + example: 2c9180867160846801719932c5153fb7 + name: + type: string + description: The name of the item being certified + example: Entitlement for Company Database + entitlement: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + accessProfile: + type: object + properties: + id: + type: string + description: The id of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + endDate: + nullable: true + type: string + format: date-time + description: The date at which a user's access expires + example: '2021-12-25T00:00:00.000Z' + owner: + description: Owner of the Access Profile + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlements: + type: array + description: A list of entitlements associated with this Access Profile + items: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + created: + type: string + description: Date the Access Profile was created. + format: date-time + example: '2021-01-01T22:32:58.104Z' + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-02-01T22:32:58.104Z' + role: + type: object + nullable: true + properties: + id: + type: string + description: The id for the Role + example: 2c91808a7190d06e0171993907fd0794 + name: + type: string + description: The name of the Role + example: Accounting-Employees + description: + type: string + description: Information about the Role + example: Role for members of the accounting department with the necessary Access Profiles + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + revocable: + type: boolean + description: Indicates whether the Role can be revoked or requested + example: false + endDate: + type: string + format: date-time + description: The date when a user's access expires. + example: '2021-12-25T00:00:00.000Z' + accessProfiles: + type: array + description: The list of Access Profiles associated with this Role + items: + type: object + properties: + id: + type: string + description: The id of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + endDate: + nullable: true + type: string + format: date-time + description: The date at which a user's access expires + example: '2021-12-25T00:00:00.000Z' + owner: + description: Owner of the Access Profile + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlements: + type: array + description: A list of entitlements associated with this Access Profile + items: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + created: + type: string + description: Date the Access Profile was created. + format: date-time + example: '2021-01-01T22:32:58.104Z' + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-02-01T22:32:58.104Z' + example: + - access: + type: ENTITLEMENT + id: 2c9180857182305e01719937429e2bad + name: CN=Engineering + entitlement: + id: 2c9180857182305e01719937429e2bad + name: CN=Engineering + description: Access to the engineering database + privileged: false + owner: + email: brandon.gray@acme-solar.com + type: IDENTITY + id: 2c9180867160846801719932c5153fb7 + name: Brandon Gray + attributeName: memberOf + attributeValue: CN=Engineering + sourceName: ODS-AD-Source + hasPermissions: true + revocable: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/identity-summary/{identitySummaryId}': + get: + operationId: getIdentitySummary + tags: + - Certification Summaries + summary: Summary for Identity + description: This API returns the summary for an identity on a specified identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: identitySummaryId + schema: + type: string + required: true + description: The identity summary ID + example: 2c91808772a504f50172a9540e501ba8 + responses: + '200': + description: An identity summary + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the identity summary + example: 2c91808772a504f50172a9540e501ba7 + name: + type: string + description: Name of the linked identity + example: Alison Ferguso + identityId: + type: string + description: The ID of the identity being certified + example: 2c9180857182306001719937377a33de + completed: + type: boolean + description: Indicates whether the review items for the linked identity's certification have been completed + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identities/{identity-id}/set-lifecycle-state': + post: + operationId: setLifecycleState + tags: + - Lifecycle States + summary: Set Lifecycle State + description: |- + This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding Identity Profile. + A token with ORG_ADMIN or API authority is required to call this API. + security: + - oauth2: + - 'idn:identity-lifecycle-state:update' + parameters: + - in: path + name: identity-id + description: The ID of the identity to update + required: true + example: 2c9180857893f1290178944561990364 + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + lifecycleStateId: + type: string + description: The ID of the lifecycle state to set + example: 2c9180877a86e408017a8c19fefe046c + responses: + '200': + description: The request was successfully accepted into the system. + content: + application/json: + schema: + type: object + properties: + accountActivityId: + type: string + example: 2c9180837ab5b716017ab7c6c9ef1e20 + description: The ID of the IdentityRequest object that was generated when the workflow launches + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identity-profiles/{identity-profile-id}/lifecycle-states': + get: + operationId: listLifecycleStates + tags: + - Lifecycle States + summary: Lists LifecycleStates + description: |- + This end-point lists all the LifecycleStates associated with IdentityProfiles. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:read' + parameters: + - in: path + name: identity-profile-id + description: The IdentityProfile id + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'created,modified' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified** + responses: + '200': + description: List of LifecycleState objects + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createLifecycleState + tags: + - Lifecycle States + summary: Create Lifecycle State + description: |- + This API creates a new Lifecycle State. + A token with ORG_ADMIN or API authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:manage' + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + description: Lifecycle State + required: true + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + responses: + '201': + description: Created LifecycleState object. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}': + get: + operationId: getLifecycleState + tags: + - Lifecycle States + summary: Retrieves Lifecycle State + description: |- + This endpoint retrieves a Lifecycle State. + A token with ORG_ADMIN or API authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:read' + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + - in: path + name: lifecycle-state-id + description: Lifecycle State ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: The requested LifecycleState was successfully retrieved. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateLifecycleStates + tags: + - Lifecycle States + summary: Update Lifecycle State + description: |- + This endpoint updates individual Lifecycle State fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + A token with ORG_ADMIN or API authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:manage' + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + - in: path + name: lifecycle-state-id + description: Lifecycle State ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields can be updated: + * enabled + * description + * accountActions + * accessProfileIds + * emailNotificationOption + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /description + value: Updated description! + - op: replace + path: /accessProfileIds + value: + - 2c918087742bab150174407a80f3125e + - 2c918087742bab150174407a80f3124f + - op: replace + path: /accountActions + value: + - action: ENABLE + sourceIds: + - 2c9180846a2f82fb016a481c1b1560c5 + - 2c9180846a2f82fb016a481c1b1560cc + - action: DISABLE + sourceIds: + - 2c91808869a0c9980169a207258513fb + - op: replace + path: /emailNotificationOption + value: + notifyManagers: true + notifyAllAdmins: false + notifySpecificUsers: false + emailAddressList: [] + responses: + '200': + description: The LifecycleState was successfully updated. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteLifecycleState + tags: + - Lifecycle States + summary: Delete Lifecycle State by ID + description: |- + This endpoint deletes the Lifecycle State using it's ID. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:manage' + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + - in: path + name: lifecycle-state-id + description: Lifecycle State ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: The request was successfully accepted into the system. + content: + application/json: + schema: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /identity-profiles: + get: + operationId: listIdentityProfiles + tags: + - Identity Profiles + summary: Identity Profiles List + description: |- + This returns a list of Identity Profiles based on the specified query parameters. + A token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, ne* + + **name**: *eq, ne* + + **priority**: *eq, ne* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'id,name' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **priority** + responses: + '200': + description: List of identityProfiles. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + default: false + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: false + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + /identity-profiles/export: + get: + operationId: exportIdentityProfiles + tags: + - Identity Profiles + summary: Export Identity Profiles + description: This exports existing identity profiles in the format specified by the sp-config service. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, ne* + + **name**: *eq, ne* + + **priority**: *eq, ne* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'id,name' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **priority** + responses: + '200': + description: List of export objects with identity profiles. + content: + application/json: + schema: + type: array + items: + type: object + description: Identity Profile exported object + properties: + version: + type: integer + example: 1 + description: Version or object from the target service. + format: int32 + self: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + object: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + default: false + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: false + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + /identity-profiles/import: + post: + operationId: importIdentityProfiles + summary: Import Identity Profiles + description: This imports previously exported identity profiles. + tags: + - Identity Profiles + requestBody: + description: Previously exported Identity Profiles. + required: true + content: + application/json: + schema: + type: array + items: + type: object + description: Identity Profile exported object + properties: + version: + type: integer + example: 1 + description: Version or object from the target service. + format: int32 + self: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + object: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + default: false + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: false + example: true + responses: + '200': + description: The result of importing Identity Profiles. + content: + application/json: + schema: + type: object + title: Import Object Response Body + description: Response model for import of a single object. + properties: + infos: + description: Informational messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: true + example: + details: message details + required: + - key + - text + - details + warnings: + description: Warning messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: true + example: + details: message details + required: + - key + - text + - details + errors: + description: Error messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: true + example: + details: message details + required: + - key + - text + - details + importedObjects: + description: References to objects that were created or updated by the import. + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + required: + - infos + - warnings + - errors + - importedObjects + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + '/identity-profiles/{identity-profile-id}': + get: + operationId: getIdentityProfile + tags: + - Identity Profiles + summary: Get single Identity Profile + description: |- + This returns a single Identity Profile based on ID. + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + responses: + '200': + description: An Identity Profile object. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + default: false + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: false + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + '/identity-profiles/{identity-profile-id}/default-identity-attribute-config': + get: + operationId: getDefaultIdentityAttributeConfig + tags: + - Identity Profiles + summary: Get default Identity Attribute Config + description: |- + This returns the default identity attribute config. + A token with ORG_ADMIN authority is required to call this API to get the default identity attribute config. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + responses: + '200': + description: An Identity Attribute Config object. + content: + application/json: + schema: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + default: false + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:manage' + /non-employee-records: + post: + operationId: createNonEmployeeRecord + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Record + description: |- + This request will create a non-employee record. + Requires role context of `idn:nesr:create` + requestBody: + description: Non-Employee record creation request body. + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: Created non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeRecords + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Records + description: |- + This gets a list of non-employee records. There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees. + 2. The user is an account manager, in which case they can get a list of the non-employees that they manage. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'accountName,sourceId' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**' + - in: query + name: filters + required: false + schema: + type: string + example: sourceId eq "2c91808568c529c60168cca6f90c1313" + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"' + responses: + '200': + description: Non-Employee record objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-records/{id}': + get: + operationId: getNonEmployeeRecord + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Record + description: |- + This gets a non-employee record. + Requires role context of `idn:nesr:read` + parameters: + - in: path + name: id + description: Non-Employee record id (UUID) + required: true + example: ef38f94347e94562b5bb8424a56397d8 + schema: + type: string + responses: + '200': + description: Non-Employee record object + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateNonEmployeeRecord + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Update Non-Employee Record + description: |- + This request will update a non-employee record. There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:update`, in which case they + update all available fields. + 2. The user is owner of the source, in this case they can only update the + end date. + parameters: + - in: path + name: id + description: Non-employee record id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + required: true + schema: + type: string + requestBody: + description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields. + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: An updated non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeRecord + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Patch Non-Employee Record + description: |- + This request will patch a non-employee record. There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:update`, in which case they + update all available fields. + 2. The user is owner of the source, in this case they can only update the + end date. + parameters: + - in: path + name: id + description: Non-employee record id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + required: true + schema: + type: string + requestBody: + description: 'A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.' + required: true + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /endDate + value: '2019-08-23T18:40:35.772Z' + responses: + '200': + description: A patched non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeRecord + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Record + description: |- + This request will delete a non-employee record. + Requires role context of `idn:nesr:delete` + parameters: + - in: path + name: id + description: Non-Employee record id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + required: true + schema: + type: string + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-records/bulk-delete: + post: + operationId: deleteNonEmployeeRecordsInBulk + tags: + - Non-Employee Lifecycle Management + summary: Delete Multiple Non-Employee Records + description: 'This request will delete multiple non-employee records based on the non-employee ids provided. Requires role context of `idn:nesr:delete`' + requestBody: + description: Non-Employee bulk delete request body. + required: true + content: + application/json: + schema: + type: object + properties: + ids: + description: List of non-employee ids. + type: array + items: + type: string + format: uuid + example: + - 2b838de9-db9b-abcf-e646-d4f274ad4238 + - 2d838de9-db9b-abcf-e646-d4f274ad4238 + required: + - ids + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-requests: + post: + operationId: createNonEmployeeRequest + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Request + description: 'This request will create a non-employee request and notify the approver. Requires role context of `idn:nesr:create` or the user must own the source.' + requestBody: + description: Non-Employee creation request body + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: Non-Employee request creation object + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + comment: + type: string + description: comment of requester + example: approved + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + 400.1 Bad Request Content: + description: Response for bad request content + value: + detailCode: 400.1 Bad Request Content + trackingId: e7eab60924f64aa284175b9fa3309599 + messages: + - locale: en + localeOrigin: REQUEST + text: firstName is required; accountName is required; + 400.1.409 Reference conflict: + description: Response for reference conflict + value: + detailCode: 400.1.409 Reference conflict + trackingId: e7eab60924f64aa284175b9fa3309599 + messages: + - locale: en + localeOrigin: REQUEST + text: Unable to create Non-Employee because the accountName "existed" is already being used. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeRequests + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Requests + description: |- + This gets a list of non-employee requests. There are two contextual uses for the `requested-for` path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request a list non-employee requests assigned to a particular account manager by passing in that manager's id. + 2. The current user is an account manager, in which case "me" should be + provided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: requested-for + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + description: The identity for whom the request was made. *me* indicates the current user. + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'created,approvalStatus' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**' + - in: query + name: filters + required: false + schema: + type: string + example: sourceId eq "2c91808568c529c60168cca6f90c1313" + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"' + responses: + '200': + description: List of non-employee request objects. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + comment: + type: string + description: comment of requester + example: approved + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-requests/{id}': + get: + operationId: getNonEmployeeRequest + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Request + description: |- + This gets a non-employee request. + There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:read`, in this case the user + can get the non-employee request for any user. + 2. The user must be the owner of the non-employee request. + parameters: + - in: path + name: id + description: Non-Employee request id (UUID) + example: ac110005-7156-1150-8171-5b292e3e0084 + required: true + schema: + type: string + responses: + '200': + description: Non-Employee request object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + comment: + type: string + description: comment of requester + example: approved + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeRequest + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Request + description: |- + This request will delete a non-employee request. + Requires role context of `idn:nesr:delete` + parameters: + - in: path + name: id + description: Non-Employee request id in the UUID format + required: true + schema: + type: string + format: uuid + example: ac110005-7156-1150-8171-5b292e3e0084 + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-requests/summary/{requested-for}': + get: + operationId: getNonEmployeeRequestSummary + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get Summary of Non-Employee Requests + description: |- + This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id. + 2. The current user is an account manager, in which case "me" should be + provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages. + parameters: + - in: path + name: requested-for + description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user. + required: true + schema: + type: string + format: uuid (if user is Org Admin) + example: 2c91808280430dfb0180431a59440460 + responses: + '200': + description: Non-Employee request summary object. + content: + application/json: + schema: + type: object + properties: + approved: + type: integer + description: The number of approved non-employee requests on all sources that *requested-for* user manages. + example: 2 + format: int32 + rejected: + type: integer + description: The number of rejected non-employee requests on all sources that *requested-for* user manages. + example: 2 + format: int32 + pending: + type: integer + description: The number of pending non-employee requests on all sources that *requested-for* user manages. + example: 2 + format: int32 + nonEmployeeCount: + type: integer + description: The number of non-employee records on all sources that *requested-for* user manages. + example: 2 + format: int32 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-sources: + post: + operationId: createNonEmployeeSource + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Source + description: 'This request will create a non-employee source. Requires role context of `idn:nesr:create`' + requestBody: + description: Non-Employee source creation request body. + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: Name of non-employee source. + example: Retail + description: + type: string + description: Description of non-employee source. + example: Source description + owner: + description: Owner of non-employee source. + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + managementWorkgroup: + type: string + description: The ID for the management workgroup that contains source sub-admins + example: '123299' + approvers: + description: List of approvers. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + maxItems: 3 + accountManagers: + description: List of account managers. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + maxItems: 10 + required: + - owner + - name + - description + responses: + '200': + description: Created non-employee source. + content: + application/json: + schema: + allOf: + - allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + cloudExternalId: + type: string + description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present. + example: '99999' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeSources + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Sources + description: |- + This gets a list of non-employee sources. There are two contextual uses for the requested-for path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request a list sources assigned to a particular account manager by passing in that manager's id. + 2. The current user is an account manager, in which case "me" should be + provided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: requested-for + required: true + schema: + type: string + example: me + description: The identity for whom the request was made. *me* indicates the current user. + - in: query + name: non-employee-count + required: false + example: true + schema: + type: boolean + description: The flag to determine whether return a non-employee count associate with source. + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'name,created' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**' + responses: + '200': + description: List of non-employee sources objects. + content: + application/json: + schema: + type: array + items: + allOf: + - allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeCount: + type: integer + description: Number of non-employee records associated with this source. + format: int32 + example: 120 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}': + get: + operationId: getNonEmployeeSource + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Source + description: |- + This gets a non-employee source. There are two contextual uses for the requested-for path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request any source. + 2. The current user is an account manager, in which case the user can only + request sources that they own. + parameters: + - in: path + name: sourceId + description: Source Id + example: 2c91808b7c28b350017c2a2ec5790aa1 + required: true + schema: + type: string + responses: + '200': + description: Non-Employee source object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeSource + tags: + - Non-Employee Lifecycle Management + summary: Patch a Non-Employee Source + description: 'patch a non-employee source. (partial update)
Patchable field: **name, description, approvers, accountManagers** Requires role context of `idn:nesr:update`.' + parameters: + - in: path + name: sourceId + description: Source Id + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + description: 'A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + required: true + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: + new name: null + - op: replace + path: /approvers + value: + - 2c91809f703bb37a017040a2fe8748c7 + - 48b1f463c9e8427db5a5071bd81914b8 + responses: + '200': + description: A patched non-employee source object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSource + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Source + description: 'This request will delete a non-employee source. Requires role context of `idn:nesr:delete`.' + parameters: + - in: path + name: sourceId + description: Source Id + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employees/download': + get: + operationId: exportNonEmployeeRecords + tags: + - Non-Employee Lifecycle Management + summary: Exports Non-Employee Records to CSV + description: 'This requests a CSV download for all non-employees from a provided source. Requires role context of `idn:nesr:read`' + parameters: + - in: path + name: id + description: Source Id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + responses: + '200': + description: Exported CSV + content: + text/csv: + example: | + accountName,firstName,lastName,phone,email,manager,startDate,endDate + Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 + William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employee-bulk-upload': + post: + operationId: importNonEmployeeRecordsInBulk + security: + - oauth2: + - 'idn:nelm:manage' + tags: + - Non-Employee Lifecycle Management + summary: 'Imports, or Updates, Non-Employee Records' + description: 'This post will import, or update, Non-Employee records found in the CSV. Requires role context of `idn:nesr:create`' + parameters: + - in: path + name: id + description: Source Id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + content: + multipart/form-data: + schema: + type: object + properties: + data: + type: string + format: binary + required: + - data + responses: + '202': + description: The CSV was accepted to be bulk inserted now or at a later time. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The bulk upload job's ID. (UUID) + example: 2c91808568c529c60168cca6f90cffff + sourceId: + type: string + description: The ID of the source to bulk-upload non-employees to. (UUID) + example: 2c91808568c529c60168cca6f90c1313 + created: + type: string + format: date-time + description: The date-time the job was submitted. + example: '2019-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: The date-time that the job was last updated. + example: '2019-08-23T18:52:59.162Z' + status: + type: string + enum: + - PENDING + - IN_PROGRESS + - COMPLETED + - ERROR + description: | + Returns the following values indicating the progress or result of the bulk upload job. + "PENDING" means the job is queued and waiting to be processed. + "IN_PROGRESS" means the job is currently being processed. + "COMPLETED" means the job has been completed without any errors. + "ERROR" means the job failed to process with errors. + example: PENDING + '400': + description: | + Client Error - Returned if the request body is invalid. + The response body will contain the list of specific errors with one on each line. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employee-bulk-upload/status': + get: + operationId: getNonEmployeeBulkUploadStatus + tags: + - Non-Employee Lifecycle Management + summary: Obtain the status of bulk upload on the source + description: | + The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source. + Requires role context of `idn:nesr:read` + parameters: + - in: path + name: id + description: Source ID (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + responses: + '200': + description: 'Status of the newest bulk-upload job, if any.' + content: + application/json: + schema: + type: object + properties: + status: + type: string + enum: + - PENDING + - IN_PROGRESS + - COMPLETED + - ERROR + description: | + Returns the following values indicating the progress or result of the bulk upload job. + "PENDING" means the job is queued and waiting to be processed. + "IN_PROGRESS" means the job is currently being processed. + "COMPLETED" means the job has been completed without any errors. + "ERROR" means the job failed to process with errors. + null means job has been submitted to the source. + example: PENDING + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/schema-attributes-template/download': + get: + operationId: exportNonEmployeeSourceSchemaTemplate + tags: + - Non-Employee Lifecycle Management + summary: Exports Source Schema Template + description: 'This requests a download for the Source Schema Template for a provided source. Requires role context of `idn:nesr:read`' + parameters: + - in: path + name: id + description: Source Id (UUID) + required: true + example: ef38f94347e94562b5bb8424a56397d8 + schema: + type: string + responses: + '200': + description: Exported Source Schema Template + content: + text/csv: + example: | + accountName,firstName,lastName,phone,email,manager,startDate,endDate + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-approvals: + get: + operationId: listNonEmployeeApprovals + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get List of Non-Employee Approval Requests + description: |- + This gets a list of non-employee approval requests. + There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:read`, in which case they + can list the approvals for any approver. + 2. The user owns the requested approval. + parameters: + - in: query + name: requested-for + schema: + type: string + description: The identity for whom the request was made. *me* indicates the current user. + required: false + example: 2c91808280430dfb0180431a59440460 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"' + example: approvalStatus eq "Pending" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**' + required: false + example: created + responses: + '200': + description: List of approval items. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + example: ac110005-7156-1150-8171-5b292e3e0084 + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}': + get: + operationId: getNonEmployeeApproval + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get a non-employee approval item detail + description: |- + Gets a non-employee approval item detail. There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:read`, in which case they + can get any approval. + 2. The user owns the requested approval. + parameters: + - in: path + name: id + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + - in: query + name: include-detail + description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true* + required: false + schema: + type: boolean + example: true + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + description: Non-Employee request associated to this approval + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + example: ac110005-7156-1150-8171-5b292e3e0084 + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + schemaAttributes: + description: List of schema attributes associated with this non-employee source. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + comment: + type: string + description: comment of requester + example: approved + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date + description: Non-Employee employment start date. + example: '2020-03-24' + endDate: + type: string + format: date + description: Non-Employee employment end date. + example: '2021-03-25' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}/approve': + post: + operationId: approveNonEmployeeRequest + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Approve a Non-Employee Request + description: Approves a non-employee approval request and notifies the next approver. The current user must be the requested approver. + parameters: + - in: path + name: id + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Comment on the approval item. + maxLength: 4000 + example: Approved by manager + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + example: ac110005-7156-1150-8171-5b292e3e0084 + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}/reject': + post: + operationId: rejectNonEmployeeRequest + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Reject a Non-Employee Request + description: This endpoint will reject an approval item request and notify user. The current user must be the requested approver. + parameters: + - in: path + name: id + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Comment on the approval item. + maxLength: 4000 + example: approved + required: + - comment + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + example: ac110005-7156-1150-8171-5b292e3e0084 + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/summary/{requested-for}': + get: + operationId: getNonEmployeeApprovalSummary + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get Summary of Non-Employee Approval Requests + description: |- + This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id. + 2. The current user is an approver, in which case "me" should be provided + as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her. + parameters: + - in: path + name: requested-for + schema: + type: string + description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user. + required: true + example: 2c91808280430dfb0180431a59440460 + responses: + '200': + description: summary of non-employee approval requests + content: + application/json: + schema: + type: object + properties: + approved: + type: integer + description: The number of approved non-employee approval requests. + format: int32 + example: 2 + pending: + type: integer + description: The number of pending non-employee approval requests. + format: int32 + example: 2 + rejected: + type: integer + description: The number of rejected non-employee approval requests. + format: int32 + example: 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}/schema-attributes': + get: + operationId: getNonEmployeeSourceSchemaAttributes + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Schema Attributes Non-Employee Source + description: |- + This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned. + Requires role context of `idn:nesr:read` or the user must be an account manager of the source. + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + example: ef38f94347e94562b5bb8424a56397d8 + description: The Source id + responses: + '200': + description: A list of Schema Attributes + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + maxItems: 18 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createNonEmployeeSourceSchemaAttributes + tags: + - Non-Employee Lifecycle Management + summary: Create a new Schema Attribute for Non-Employee Source + description: |- + This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response. + Requires role context of `idn:nesr:create` + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + description: The Source id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + type: + type: string + description: Type of the attribute. Only type 'TEXT' is supported for custom attributes. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + responses: + '200': + description: Schema Attribute created. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSourceSchemaAttributes + tags: + - Non-Employee Lifecycle Management + summary: Delete all custom schema attributes for Non-Employee Source + description: 'This end-point deletes all custom schema attributes for a non-employee source. Requires role context of `idn:nesr:delete`' + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + description: The Source id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: All custon Schema Attributes were successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}/schema-attributes/{attributeId}': + get: + operationId: getNonEmployeeSchemaAttribute + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get Schema Attribute Non-Employee Source + description: 'This API gets a schema attribute by Id for the specified Non-Employee SourceId. Requires role context of `idn:nesr:read` or the user must be an account manager of the source.' + parameters: + - in: path + name: attributeId + schema: + type: string + required: true + example: ef38f94347e94562b5bb8424a56397d8 + description: The Schema Attribute Id (UUID) + - in: path + name: sourceId + schema: + type: string + required: true + example: ef38f94347e94562b5bb8424a56397d8 + description: The Source id + responses: + '200': + description: The Schema Attribute + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeSchemaAttribute + tags: + - Non-Employee Lifecycle Management + summary: Patch a Schema Attribute for Non-Employee Source + description: | + This end-point patches a specific schema attribute for a non-employee SourceId. + Requires role context of `idn:nesr:update` + parameters: + - in: path + name: attributeId + schema: + type: string + required: true + description: The Schema Attribute Id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: sourceId + schema: + type: string + required: true + description: The Source id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update '':'' ''label'', ''helpText'', ''placeholder'', ''required''.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /label + value: + new attribute label: null + required: true + responses: + '200': + description: The Schema Attribute was successfully patched. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSchemaAttribute + tags: + - Non-Employee Lifecycle Management + summary: Delete a Schema Attribute for Non-Employee Source + description: | + This end-point deletes a specific schema attribute for a non-employee source. + Requires role context of `idn:nesr:delete` + parameters: + - in: path + name: attributeId + schema: + type: string + required: true + description: The Schema Attribute Id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: sourceId + schema: + type: string + required: true + description: The Source id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: The Schema Attribute was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /oauth-clients: + get: + operationId: listOauthClients + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: List OAuth Clients + description: This gets a list of OAuth clients. + parameters: + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **lastUsed**: *le, isnull* + example: 'lastUsed le 2023-02-05T10:59:27.214Z' + responses: + '200': + description: List of OAuth clients. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Create OAuth Client + description: This creates an OAuth client. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + nullable: true + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + description: The number of seconds an access token generated for this API Client is valid for + type: integer + format: int32 + example: 750 + refreshTokenValiditySeconds: + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + type: integer + format: int32 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client. + example: + - 'http://localhost:12345' + grantTypes: + type: array + nullable: true + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal within the product. + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: 'Scopes of the API Client. If no scope is specified, the client will be created with the default scope "sp:scopes:all". This means the API Client will have all the rights of the owner who created it.' + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - name + - description + - accessTokenValiditySeconds + - grantTypes + - accessType + - enabled + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + secret: + type: string + description: Secret of the OAuth client (This field is only returned on the intial create call.) + example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3 + businessName: + type: string + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + type: integer + format: int32 + refreshTokenValiditySeconds: + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + type: integer + format: int32 + redirectUris: + type: array + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - secret + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/oauth-clients/{id}': + get: + operationId: getOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + - 'sp:oauth-client:read' + tags: + - OAuth Clients + summary: Get OAuth Client + description: This gets details of an OAuth client. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Delete OAuth Client + description: This deletes an OAuth client. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Patch OAuth Client + description: This performs a targeted update to the field(s) of an OAuth client. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * tenant + * businessName + * homepageUrl + * name + * description + * accessTokenValiditySeconds + * refreshTokenValiditySeconds + * redirectUris + * grantTypes + * accessType + * enabled + * strongAuthSupported + * claimsSupported + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /strongAuthSupported + value: true + - op: replace + path: /businessName + value: acme-solar + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the OAuth client''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /password-sync-groups: + get: + operationId: getPasswordSyncGroups + tags: + - Password Sync Groups + summary: Get Password Sync Group List + description: This API returns a list of password sync groups. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: A list of password sync groups. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createPasswordSyncGroup + tags: + - Password Sync Groups + summary: Create Password Sync Group + description: This API creates a password sync group based on the specifications provided. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:write' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + name: Password Sync Group 2 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + responses: + '200': + description: Reference to the password sync group. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: Password Sync Group 2 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/password-sync-groups/{id}': + get: + operationId: getPasswordSyncGroup + tags: + - Password Sync Groups + summary: Get Password Sync Group by ID + description: This API returns the sync group for the specified ID. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:read' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of password sync group to retrieve. + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + responses: + '200': + description: Reference to the password sync group. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: Password Sync Group 1 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePasswordSyncGroup + tags: + - Password Sync Groups + summary: Update Password Sync Group by ID + description: This API updates the specified password sync group. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:write' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of password sync group to update. + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: Password Sync Group 2 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + responses: + '200': + description: Reference to the password sync group. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the sync group + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: + description: Name of the sync group + type: string + example: Password Sync Group 1 + passwordPolicyId: + type: string + description: ID of the password policy + example: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + type: array + description: List of password managed sources IDs + items: + type: string + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + example: + id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + name: Password Sync Group 2 + passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 + sourceIds: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deletePasswordSyncGroup + tags: + - Password Sync Groups + summary: Delete Password Sync Group by ID + description: This API deletes the specified password sync group. A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-sync-group-management:write' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of password sync group to delete. + example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /personal-access-tokens: + get: + operationId: listPersonalAccessTokens + security: + - oauth2: + - 'sp:my-personal-access-tokens:read' + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:read' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: List Personal Access Tokens + description: 'This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the ''idn:all-personal-access-tokens:read'' right.' + parameters: + - in: query + name: owner-id + description: |- + The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read' + If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. + If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read' + required: false + schema: + type: string + default: null + example: 2c9180867b50d088017b554662fb281e + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **lastUsed**: *le, isnull* + example: 'lastUsed le 2023-02-05T10:59:27.214Z' + responses: + '200': + description: List of personal access tokens. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - name + - scope + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createPersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Create Personal Access Token + description: This creates a personal access token. + requestBody: + description: Name and scope of personal access token. + required: true + content: + application/json: + schema: + type: object + description: Object for specifying the name of a personal access token to create + properties: + name: + type: string + description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: 'Scopes of the personal access token. If no scope is specified, the token will be created with the default scope "sp:scopes:all". This means the personal access token will have all the rights of the owner who created it.' + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + required: + - name + responses: + '200': + description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + secret: + type: string + description: The secret of the personal access token (to be used as the password for Basic Auth). + example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9 + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - secret + - scope + - name + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/personal-access-tokens/{id}': + patch: + operationId: patchPersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Patch Personal Access Token + description: This performs a targeted update to the field(s) of a Personal Access Token. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Personal Access Token id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * name + * scope + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: New name + - op: replace + path: /scope + value: + - 'sp:scopes:all' + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the PAT''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - name + - scope + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deletePersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Delete Personal Access Token + description: This deletes a personal access token. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The personal access token id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /public-identities: + get: + operationId: getPublicIdentities + tags: + - Public Identities + summary: Get a list of public identities + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + required: false + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **alias**: *eq, sw* + + **email**: *eq, sw* + + **firstname**: *eq, sw* + + **lastname**: *eq, sw* + example: firstname eq "John" + - in: query + name: add-core-filters + description: |- + If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*: + - Should be either correlated or protected. + - Should not be "spadmin" or "cloudadmin". + - uid should not be null. + - lastname should not be null. + - email should not be null. + required: false + example: false + schema: + type: boolean + default: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + required: false + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + example: name + responses: + '200': + description: A list of public identity objects. + content: + application/json: + schema: + type: array + items: + type: object + title: Public Identity + description: Details about a public identity + properties: + id: + type: string + description: Identity id + example: 2c9180857182305e0171993735622948 + name: + type: string + description: Human-readable display name of identity. + example: Alison Ferguso + alias: + type: string + description: Alternate unique identifier for the identity. + example: alison.ferguso + email: + nullable: true + type: string + description: Email address of identity. + example: alison.ferguso@acme-solar.com + status: + nullable: true + type: string + description: The lifecycle status for the identity + example: Active + manager: + description: An identity reference to the manager of this identity + type: object + nullable: true + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + attributes: + type: array + description: The public identity attributes of the identity + items: + type: object + properties: + key: + type: string + description: The attribute key + example: country + name: + type: string + description: Human-readable display name of the attribute + example: Country + value: + type: string + description: The attribute value + example: US + example: + - id: 2c9180857182305e0171993735622948 + name: Alison Ferguso + alias: alison.ferguso + email: alison.ferguso@acme-solar.com + status: Active + manager: + type: IDENTITY + id: 2c9180a46faadee4016fb4e018c20639 + name: Thomas Edison + attributes: + - key: phone + name: Phone + value: '5125551234' + - key: country + name: Country + value: US + - id: 2c9180a46faadee4016fb4e018c20639 + name: Thomas Edison + alias: thomas.edison + email: thomas.edison@acme-solar.com + status: Active + manager: + type: IDENTITY + id: 2c918086676d3e0601677611dbde220f + name: Mister Manager + attributes: + - key: phone + name: Phone + value: '5125554321' + - key: country + name: Country + value: US + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /public-identities-config: + get: + operationId: getPublicIdentityConfig + tags: + - Public Identities Config + summary: Get the Public Identities Configuration + description: Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API. + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org. + properties: + attributes: + type: array + description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org. + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: The attribute key + example: country + name: + type: string + description: The attribute display name + example: Country + modified: + nullable: true + type: string + description: When this configuration was last modified. + format: date-time + example: '2018-06-25T20:22:28.104Z' + modifiedBy: + description: The identity who last modified this configuration. + type: object + nullable: true + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePublicIdentityConfig + tags: + - Public Identities Config + summary: Update the Public Identities Configuration + description: Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org. + properties: + attributes: + type: array + description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org. + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: The attribute key + example: country + name: + type: string + description: The attribute display name + example: Country + modified: + nullable: true + type: string + description: When this configuration was last modified. + format: date-time + example: '2018-06-25T20:22:28.104Z' + modifiedBy: + description: The identity who last modified this configuration. + type: object + nullable: true + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org. + properties: + attributes: + type: array + description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org. + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: The attribute key + example: country + name: + type: string + description: The attribute display name + example: Country + modified: + nullable: true + type: string + description: When this configuration was last modified. + format: date-time + example: '2018-06-25T20:22:28.104Z' + modifiedBy: + description: The identity who last modified this configuration. + type: object + nullable: true + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /requestable-objects: + get: + operationId: listRequestableObjects + tags: + - Requestable Objects + summary: Requestable Objects List + description: |- + This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param. + Any authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity. + parameters: + - in: query + name: identity-id + required: false + schema: + type: string + example: e7eab60924f64aa284175b9fa3309599 + description: |- + If present, the value returns only requestable objects for the specified identity. + * Admin users can call this with any identity ID value. + * Non-admin users can only specify *me* or pass their own identity ID value. + * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result. + - in: query + name: types + description: 'Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.' + required: false + schema: + type: array + items: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + example: 'ROLE,ACCESS_PROFILE' + explode: false + - in: query + name: term + required: false + schema: + type: string + example: Finance Role + description: 'It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.' + - in: query + name: statuses + description: 'Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.' + required: false + schema: + type: array + items: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + explode: false + example: + - ASSIGNED + - PENDING + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: name sw "bob" + description: | + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, in, sw* + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + required: false + example: name + description: | + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + responses: + '200': + description: List of requestable objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Id of the requestable object itself + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Human-readable display name of the requestable object + example: Applied Research Access + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: The time when the requestable object was created + modified: + nullable: true + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: The time when the requestable object was last modified + description: + type: string + description: Description of the requestable object. + example: 'Access to research information, lab results, and schematics.' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + requestStatus: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + identityRequestId: + type: string + description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.' + nullable: true + example: null + ownerRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + requestCommentsRequired: + type: boolean + description: Whether the requester must provide comments when requesting the object. + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /roles: + get: + operationId: listRoles + tags: + - Roles + summary: List Roles + description: |- + This API returns a list of Roles. + + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: for-subadmin + schema: + type: string + description: 'If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity''s ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.' + example: 5168015d32f890ca15812c9180835d2e + required: false + - in: query + name: limit + description: |- + Note that for this API the maximum value for limit is 50. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 50 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 50 + default: 50 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: + **id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* + example: requestable eq false + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**' + example: 'name,-modified' + required: false + - in: query + name: for-segment-ids + schema: + type: string + format: comma-separated + description: |- + If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. + + If segmentation is currently unavailable, specifying this parameter results in an error. + example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d' + required: false + - in: query + name: include-unsegmented + schema: + type: boolean + default: true + description: 'Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.' + example: false + required: false + responses: + '200': + description: List of Roles + content: + application/json: + schema: + type: array + items: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:read' + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + - 'idn:role-checked:read' + post: + operationId: createRole + tags: + - Roles + summary: Create a Role + description: |- + This API creates a Role. + There is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket. + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + responses: + '201': + description: Role created + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + '/roles/{id}': + get: + operationId: getRole + tags: + - Roles + summary: Get a Role + description: |- + This API returns a Role by its ID. + + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: ID of the Role + example: 2c91808a7813090a017814121e121518 + responses: + '200': + description: List of all Roles + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:read' + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + - 'idn:role-checked:read' + patch: + operationId: patchRole + tags: + - Roles + summary: Patch a specified Role + description: |- + This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. + + The following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments** + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. + parameters: + - name: id + in: path + description: ID of the Role to patch + required: true + schema: + type: string + example: 2c91808a7813090a017814121e121518 + requestBody: + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Make a Role Requestable and Enable it in One Call: + description: This example shows how multiple fields may be updated with a single patch call. + value: + - op: replace + path: /requestable + value: true + - op: replace + path: /enabled + value: true + Assign a Role to a Segment: + description: This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array. + value: + - op: add + path: /segments/- + value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + Set the Membership Selection Criteria to a List of Identities: + description: 'This example shows how to define a Role''s membershp by providing a list of Identities, referenced by their IDs.' + value: + - op: replace + path: /membership + value: + type: IDENTITY_LIST + identities: + - id: 2c91808973fe906c0174262092014ed9 + - id: 2c918086262092014ed94fb8a47612f3 + Set the Membership Selection Criteria to a Standard Expression: + description: 'This example shows how to define a Role''s membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.' + value: + - op: replace + path: /membership + value: + type: STANDARD + criteria: + operation: OR + children: + - operation: EQUALS + key: + type: ENTITLEMENT + property: attribute.memberOf + sourceId: 2c9180887701fb2014213e122092014e + stringValue: Engineering + Add a New Clause as the Child of an Existing Standard Expression: + description: This example shows how to add a child clause to an existing STANDARD criteria expression. + value: + - op: add + path: /membership/criteria/children/- + value: + operation: ENDS_WITH + key: + type: IDENTITY + property: attribute.email + stringValue: '@identitynow.com' + required: true + responses: + '200': + description: Responds with the Role as updated. + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + '/roles/{id}/assigned-identities': + get: + operationId: getRoleAssignedIdentities + tags: + - Roles + summary: List Identities assigned a Role + parameters: + - in: path + name: id + schema: + type: string + description: ID of the Role for which the assigned Identities are to be listed + example: 2c91808a7813090a017814121e121518 + required: true + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **aliasName**: *eq, sw* + + **email**: *eq, sw* + + **name**: *eq, sw, co* + example: name sw Joe + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **aliasName**, **email** + example: 'aliasName,name' + responses: + '200': + description: List of Identities assigned the Role + content: + application/json: + schema: + type: array + items: + type: object + description: A subset of the fields of an Identity which is a member of a Role. + properties: + id: + type: string + description: The ID of the Identity + example: 2c9180a46faadee4016fb4e018c20639 + aliasName: + type: string + description: The alias / username of the Identity + example: t.edison + name: + type: string + description: The human-readable display name of the Identity + example: Thomas Edison + email: + type: string + description: Email address of the Identity + example: t.edison@identitynow.com + roleAssignmentSource: + type: string + enum: + - ACCESS_REQUEST + - ROLE_MEMBERSHIP + description: Type which indicates how a particular Identity obtained a particular Role + example: ACCESS_REQUEST + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role-unchecked:read' + - 'idn:role-unchecked:manage' + - 'idn:role-checked:manage' + - 'idn:role-checked:read' + /saved-searches: + post: + tags: + - Saved Search + description: | + Creates a new saved search. + summary: Create a saved search + operationId: createSavedSearch + requestBody: + description: The saved search to persist. + content: + application/json: + schema: + allOf: + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + required: true + responses: + '201': + description: The persisted saved search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + get: + tags: + - Saved Search + description: | + Returns a list of saved searches. + summary: Return a list of Saved Searches + operationId: listSavedSearches + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: filters + in: query + schema: + type: string + description: | + An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results). + + Allowed filter properties: *owner.id*, *public* + + Allowed filter operator: *eq* + + **Example filters**: + + ```owner.id eq "0de46054-fe90-434a-b84e-c6b3359d0c64"``` -- returns saved searches for the specified owner ID + + ```public eq true``` -- returns all public saved searches + + ```owner.id eq me or public eq true``` -- returns all of the current user's saved searches as well as all public saved searches belonging to other users in the current org + example: public eq true + responses: + '200': + description: The list of requested saved searches. + content: + application/json: + schema: + type: array + items: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + headers: + X-Total-Count: + description: The total result count (returned only if the *count* parameter is specified as *true*). + schema: + type: integer + example: 5 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '/saved-searches/{id}': + put: + tags: + - Saved Search + description: | + Updates an existing saved search. + summary: | + Updates an existing saved search + operationId: updateSavedSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + requestBody: + description: The saved search to persist. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + required: true + responses: + '200': + description: The persisted saved search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + get: + tags: + - Saved Search + description: | + Returns the specified saved search. + summary: Return a saved search by ID + operationId: getSavedSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '200': + description: The requested saved search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + delete: + tags: + - Saved Search + description: | + Deletes the specified saved search. + summary: Delete a document by ID + operationId: deleteSavedSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '204': + description: No Content - Indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '/saved-searches/{id}/execute': + post: + tags: + - Saved Search + description: | + Executes the specified saved search. + summary: Execute a saved search by ID + operationId: executeSavedSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + requestBody: + description: | + When saved search execution is triggered by a scheduled search, *scheduleId* will specify the ID of the triggering scheduled search. + + If *scheduleId* is not specified (when execution is triggered by a UI test), the *owner* and *recipients* arguments must be provided. + content: + application/json: + schema: + type: object + properties: + scheduleId: + description: | + The ID of the scheduled search that triggered the saved search execution. + type: string + example: 7a724640-0c17-4ce9-a8c3-4a89738459c8 + owner: + description: | + The owner of the scheduled search being tested. + allOf: + - type: object + description: | + A typed reference to the object. + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + recipients: + description: | + The email recipients of the scheduled search being tested. + type: array + items: + type: object + description: | + A typed reference to the object. + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + examples: + scheduled: + summary: Triggered by Scheduled Search + value: + scheduleId: 7a724640-0c17-4ce9-a8c3-4a89738459c8 + test: + summary: Triggered by UI Test + value: + owner: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + recipients: + - type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + required: true + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /scheduled-searches: + post: + tags: + - Scheduled Search + description: | + Creates a new scheduled search. + summary: Create a new scheduled search + operationId: createScheduledSearch + requestBody: + description: The scheduled search to persist. + content: + application/json: + schema: + allOf: + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + examples: + Daily Search: + description: A search that executes each day at a 9 AM + value: + savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad + schedule: + type: DAILY + hours: + type: LIST + values: + - '9' + recipients: + - type: IDENTITY + id: 2c9180867624cbd7017642d8c8c81f67 + Weekly Search: + description: A search that executes each week on select days and times + value: + savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad + schedule: + type: WEEKLY + days: + type: LIST + values: + - MON + - TUE + - WED + - THU + - FRI + - SAT + - SUN + hours: + type: LIST + values: + - '9' + recipients: + - type: IDENTITY + id: 2c9180867624cbd7017642d8c8c81f67 + Monthly Search: + description: A search that executes each month on select days and times + value: + savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad + schedule: + type: MONTHLY + days: + type: LIST + values: + - '1' + - '7' + - '14' + - L + hours: + type: LIST + values: + - '9' + recipients: + - type: IDENTITY + id: 2c9180867624cbd7017642d8c8c81f67 + Calendar Search: + description: A search that executes on specific calendar days + value: + savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad + schedule: + type: CALENDAR + days: + type: LIST + values: + - '2023-01-22' + - '2023-02-22' + hours: + type: LIST + values: + - '9' + recipients: + - type: IDENTITY + id: 2c9180867624cbd7017642d8c8c81f67 + required: true + responses: + '201': + description: The persisted scheduled search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + tags: + - Scheduled Search + description: | + Returns a list of scheduled searches. + summary: List scheduled searches + operationId: listScheduledSearch + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: filters + in: query + schema: + type: string + description: | + An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results). + + Allowed filter properties: *owner.id*, *savedSearchId* + + Allowed filter operator: *eq* + + **Example filters**: + + ```owner.id eq "0de46054-fe90-434a-b84e-c6b3359d0c64"``` -- returns scheduled searches for the specified owner ID + + ```savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e"``` -- returns scheduled searches that reference the specified saved search + + ```owner.id eq me or savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search + example: savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e" + responses: + '200': + description: The list of requested scheduled searches. + content: + application/json: + schema: + type: array + items: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + headers: + X-Total-Count: + description: The total result count (returned only if the *count* parameter is specified as *true*). + schema: + type: integer + example: 5 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/scheduled-searches/{id}': + put: + tags: + - Scheduled Search + description: | + Updates an existing scheduled search. + summary: Update an existing Scheduled Search + operationId: updateScheduledSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + requestBody: + description: The scheduled search to persist. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + required: true + responses: + '200': + description: The persisted scheduled search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + tags: + - Scheduled Search + description: Returns the specified scheduled search. + summary: Get a Scheduled Search + operationId: getScheduledSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '200': + description: The requested scheduled search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + tags: + - Scheduled Search + description: | + Deletes the specified scheduled search. + operationId: deleteScheduledSearch + summary: Delete a Scheduled Search + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '204': + description: No Content - Indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/scheduled-searches/{id}/unsubscribe': + post: + tags: + - Scheduled Search + description: | + Unsubscribes a recipient from the specified scheduled search. + operationId: unsubscribeScheduledSearch + summary: Unsubscribe a recipient from Scheduled Search + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + requestBody: + description: | + The recipient to be removed from the scheduled search. + content: + application/json: + schema: + type: object + description: | + A typed reference to the object. + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + required: true + responses: + '204': + description: No Content - Indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + /search: + post: + tags: + - Search + description: 'Performs a search with the provided query and returns a matching result collection. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. ' + externalDocs: + description: Learn more about search. + url: 'https://documentation.sailpoint.com/saas/help/search/index.html' + operationId: searchPost + summary: Perform Search + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + requestBody: + content: + application/json: + schema: + type: object + properties: + indices: + description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.' + externalDocs: + description: Learn more about search indices here. + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html' + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + queryType: + description: |- + The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body. + To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly. + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + - TYPEAHEAD + default: SAILPOINT + example: SAILPOINT + queryVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the query object. + This version number will map to the version of Elasticsearch for the query strings and objects being used. + query: + type: object + description: Query parameters used to construct an Elasticsearch query object. + properties: + query: + description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'name:a*' + fields: + description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields. + type: array + items: + type: string + example: + - name + timeZone: + description: The time zone to be applied to any range query related to dates. + type: string + example: America/Chicago + innerHit: + description: The innerHit query object returns a flattened list of results for the specified nested type. + type: object + required: + - query + - type + properties: + query: + description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'source.name:\"Active Directory\"' + type: + description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.' + type: string + example: access + queryDsl: + description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.' + type: object + example: + match: + name: john.doe + typeAheadQuery: + type: object + description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." ' + required: + - query + - field + properties: + query: + description: The type ahead query string used to construct a phrase prefix match query. + type: string + example: Work + field: + description: The field on which to perform the type ahead search. + type: string + example: source.name + nestedType: + description: The nested type. + type: string + example: access + maxExpansions: + description: |- + The number of suffixes the last term will be expanded into. + Influences the performance of the query and the number results returned. + Valid values: 1 to 1000. + type: integer + format: int32 + minimum: 1 + maximum: 1000 + default: 10 + example: 10 + includeNested: + description: Indicates whether nested objects from returned search results should be included. + type: boolean + default: true + example: true + queryResultFilter: + type: object + description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents. + properties: + includes: + description: The list of field names to include in the result documents. + type: array + items: + type: string + example: + - name + - displayName + excludes: + description: The list of field names to exclude from the result documents. + type: array + items: + type: string + example: + - stacktrace + aggregationType: + description: | + Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results. + + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + default: DSL + example: DSL + aggregationsVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the language being used for aggregation queries. + This version number will map to the version of Elasticsearch for the aggregation query object. + aggregationsDsl: + description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.' + type: object + example: {} + aggregations: + description: | + The aggregation’s specifications, such as the groupings and calculations to be performed. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + sort: + description: The fields to be used to sort the search results. Use + or - to specify the sort direction. + type: array + items: + type: string + example: + - displayName + - +id + searchAfter: + description: |- + Used to begin the search window at the values specified. + This parameter consists of the last values of the sorted fields in the current record set. + This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. + It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. + For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. + If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. + The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"] + type: array + items: + type: string + example: + - John Doe + - 2c91808375d8e80a0175e1f88a575221 + filters: + description: The filters to be applied for each filtered field name. + type: object + additionalProperties: + type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + example: {} + examples: + query-fields: + summary: Query with Fields + value: + indices: + - identities + query: + query: '"John Doe"' + fields: + - name + query-timeZone: + summary: Query with TimeZone + value: + indices: + - identities + query: + query: 'created: [2022-05-19T19:26:03.351Z TO now]' + timeZone: America/Los_Angeles + query-innerHit: + summary: Query with InnerHit + value: + indices: + - identities + query: + query: '"John Doe"' + innerHit: + type: access + query: 'source.name:\"Active Directory\"' + typeAheadQuery: + summary: TypeAheadQuery + value: + indices: + - identities + queryType: TYPEAHEAD + typeAheadQuery: + field: name + query: Jo + maxExpansions: 50 + typeAheadQuery-nestedType: + summary: TypeAheadQuery with NestedType + value: + indices: + - identities + queryType: TYPEAHEAD + typeAheadQuery: + field: source.name + nestedType: access + query: Work + maxExpansions: 50 + filter-exists: + summary: Filter with Exists + value: + indices: + - identities + query: + query: 'attributes.city:London' + filters: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + filter-range: + summary: Filter with Range + value: + indices: + - identities + query: + query: 'attributes.city:London' + timeZone: Europe/London + filters: + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + filter-terms: + summary: Filter with Terms + value: + indices: + - identities + query: + query: 'attributes.city:London' + filters: + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + required: true + responses: + '200': + description: List of matching documents. + content: + application/json: + schema: + type: array + items: + discriminator: + propertyName: _type + mapping: + accessprofile: ../model/access/profile/AccessProfileDocument.yaml + accountactivity: ../model/account/activity/AccountActivityDocument.yaml + account: ../model/account/AccountDocument.yaml + aggregation: ../model/aggregation/AggregationDocument.yaml + entitlement: ../model/entitlement/EntitlementDocument.yaml + event: ../model/event/EventDocument.yaml + identity: ../model/identity/IdentityDocument.yaml + role: ../model/role/RoleDocument.yaml + oneOf: + - description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + - description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + - description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + - description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + examples: + accessProfiles: + summary: A collection of AccessProfiles + value: + - id: 2c9180825a6c1adc015a71c9023f0818 + name: Cloud Eng + _type: accessprofile + description: Cloud Eng + created: '2017-02-24T20:21:23.145Z' + modified: '2019-05-24T20:36:04.312Z' + synced: '2020-02-18T05:30:20.414Z' + enabled: true + requestable: true + requestCommentsRequired: false + owner: + id: ff8081815757d36a015757d42e56031e + name: SailPoint Support + type: IDENTITY + email: cloud-support@sailpoint.com + source: + id: ff8081815757d4fb0157588f3d9d008f + name: Employees + entitlements: + - id: 2c918084575812550157589064f33b89 + name: 'CN=Cloud Engineering,DC=sailpoint,DC=COM' + description: mull + attribute: memberOf + value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM' + entitlementCount: 1 + tags: + - TAG_1 + - TAG_2 + entitlements: + summary: A collection of Entitlements + value: + - id: 2c9180946ed0c43d016eec1a80892fbd + name: entitlement.aa415ae7 + _type: entitlement + description: 'null' + attribute: groups + value: entitlement.aa415ae7 + modified: '2019-12-09T19:19:50.154Z' + synced: '2020-02-19T04:30:32.906Z' + displayName: entitlement.aa415ae7 + source: + id: 2c91808b6e9e6fb8016eec1a2b6f7b5f + name: ODS-HR-Employees + privileged: false + identityCount: 68 + tags: + - TAG_1 + - TAG_2 + events: + summary: A collection of Events + value: + - id: e092842f-c904-4b59-aac8-2544abeeef4b + name: Update Task Schedule Passed + _type: event + created: '2020-02-17T16:23:18.327Z' + synced: '2020-02-17T16:23:18.388Z' + action: TASK_SCHEDULE_UPDATE_PASSED + type: SYSTEM_CONFIG + actor: + name: MantisTaskScheduler + target: + name: Perform provisioning activity search delete synchronization + stack: tpe + trackingNumber: c6b98bc39ece48b080826d16c76b166c + ipAddress: 207.189.160.158 + details: 'null' + attributes: + sourceName: SailPoint + objects: + - TASK + - SCHEDULE + operation: UPDATE + status: PASSED + technicalName: TASK_SCHEDULE_UPDATE_PASSED + identities: + summary: A collection of Identities + value: + - id: 2c9180865c45e7e3015c46c434a80622 + name: ad.admin + _type: identity + firstName: AD + lastName: Admin + displayName: AD Admin + email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM + created: '2018-08-22T19:54:54.302Z' + modified: '2018-08-22T19:54:54.302Z' + synced: '2018-08-22T19:54:54.302Z' + phone: 512-942-7578 + inactive: false + protected: false + status: UNREGISTERED + employeeNumber: O349804 + manager: null + isManager: false + identityProfile: + id: 2c918085605c8d0601606f357cb231e6 + name: E2E AD + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + attributes: + uid: ad.admin + firstname: AD + cloudAuthoritativeSource: 2c9180855c45b230015c46c19b9c0202 + cloudStatus: UNREGISTERED + iplanet-am-user-alias-list: null + displayName: AD Admin + internalCloudStatus: UNREGISTERED + workPhone: 512-942-7578 + email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM + lastname: Admin + processingState: null + processingDetails: null + accounts: + - id: 2c9180865c45e7e3015c46c434a80623 + name: ad.admin + accountId: 'CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local' + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + type: Active Directory - Direct + disabled: false + locked: false + privileged: false + manuallyCorrelated: false + passwordLastSet: '2018-08-22T19:54:54.302Z' + entitlementAttributes: + memberOf: + - 'CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local' + - 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local' + created: '2018-08-22T19:54:54.302Z' + - id: 2c918083606d670c01606f35a30a0349 + name: ad.admin + accountId: ad.admin + source: + id: ff8081815c46b85b015c46b90c7c02a6 + name: IdentityNow + type: IdentityNowConnector + disabled: false + locked: false + privileged: false + manuallyCorrelated: false + passwordLastSet: null + entitlementAttributes: null + created: '2018-08-22T19:54:54.302Z' + accountCount: 2 + apps: + - id: '22751' + name: ADP Workforce Now + source: + id: 2c9180855c45b230015c46e2f6a8026a + name: Corporate Active Directory + account: + id: 2c9180865c45efa4015c470be0de1606 + accountId: 'CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + appCount: 1 + access: + - id: 2c918083634bc6cb01639808d40270ba + name: 'test [AccessProfile-1527264105448]' + displayName: test + type: ACCESS_PROFILE + description: test + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + owner: + id: 2c9180865c45e7e3015c46c434a80622 + name: ad.admin + displayName: AD Admin + - id: 2c9180865c45e7e3015c46c457c50755 + name: Administrators + displayName: Administrators + type: ENTITLEMENT + description: null + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + privileged: false + attribute: memberOf + value: 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local' + standalone: false + - id: 2c9180865decdaa5015e06598b293108 + name: 'test [cloudRole-1503345085223]' + displayName: test + type: ROLE + description: test + owner: + id: 2c9180865c45e7e3015c46c5030707a0 + name: will.albin + displayName: Albin Will + disabled: false + accessCount: 3 + accessProfileCount: 1 + entitlementCount: 1 + roleCount: 1 + tags: + - TAG_1 + - TAG_2 + roles: + summary: A collection of Roles + value: + - id: 2c91808c6faadea6016fb4f2bc69077b + name: IT Role + _type: role + description: IT role + created: '2020-01-17T19:20:15.040Z' + modified: null + synced: '2020-02-18T05:30:20.145Z' + enabled: true + requestable: false + requestCommentsRequired: false + owner: + id: 2c9180a46faadee4016fb4e018c20639 + name: Cloud Support + type: IDENTITY + email: thomas.edison@acme-solar.com + accessProfiles: + - id: 2c91809c6faade77016fb4f0b63407ae + name: Admin Access + accessProfileCount: 1 + tags: + - TAG_1 + - TAG_2 + headers: + X-Total-Count: + schema: + type: integer + description: The total result count (returned only if the *count* parameter is specified as *true*). + example: 30 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /search/count: + post: + tags: + - Search + description: Performs a search with a provided query and returns the count of results in the X-Total-Count header. + operationId: searchCount + summary: Count Documents Satisfying a Query + requestBody: + content: + application/json: + schema: + type: object + properties: + indices: + description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.' + externalDocs: + description: Learn more about search indices here. + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html' + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + queryType: + description: |- + The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body. + To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly. + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + - TYPEAHEAD + default: SAILPOINT + example: SAILPOINT + queryVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the query object. + This version number will map to the version of Elasticsearch for the query strings and objects being used. + query: + type: object + description: Query parameters used to construct an Elasticsearch query object. + properties: + query: + description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'name:a*' + fields: + description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields. + type: array + items: + type: string + example: + - name + timeZone: + description: The time zone to be applied to any range query related to dates. + type: string + example: America/Chicago + innerHit: + description: The innerHit query object returns a flattened list of results for the specified nested type. + type: object + required: + - query + - type + properties: + query: + description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'source.name:\"Active Directory\"' + type: + description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.' + type: string + example: access + queryDsl: + description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.' + type: object + example: + match: + name: john.doe + typeAheadQuery: + type: object + description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." ' + required: + - query + - field + properties: + query: + description: The type ahead query string used to construct a phrase prefix match query. + type: string + example: Work + field: + description: The field on which to perform the type ahead search. + type: string + example: source.name + nestedType: + description: The nested type. + type: string + example: access + maxExpansions: + description: |- + The number of suffixes the last term will be expanded into. + Influences the performance of the query and the number results returned. + Valid values: 1 to 1000. + type: integer + format: int32 + minimum: 1 + maximum: 1000 + default: 10 + example: 10 + includeNested: + description: Indicates whether nested objects from returned search results should be included. + type: boolean + default: true + example: true + queryResultFilter: + type: object + description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents. + properties: + includes: + description: The list of field names to include in the result documents. + type: array + items: + type: string + example: + - name + - displayName + excludes: + description: The list of field names to exclude from the result documents. + type: array + items: + type: string + example: + - stacktrace + aggregationType: + description: | + Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results. + + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + default: DSL + example: DSL + aggregationsVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the language being used for aggregation queries. + This version number will map to the version of Elasticsearch for the aggregation query object. + aggregationsDsl: + description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.' + type: object + example: {} + aggregations: + description: | + The aggregation’s specifications, such as the groupings and calculations to be performed. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + sort: + description: The fields to be used to sort the search results. Use + or - to specify the sort direction. + type: array + items: + type: string + example: + - displayName + - +id + searchAfter: + description: |- + Used to begin the search window at the values specified. + This parameter consists of the last values of the sorted fields in the current record set. + This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. + It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. + For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. + If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. + The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"] + type: array + items: + type: string + example: + - John Doe + - 2c91808375d8e80a0175e1f88a575221 + filters: + description: The filters to be applied for each filtered field name. + type: object + additionalProperties: + type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + example: {} + examples: + query-timeZone: + summary: Query with TimeZone + value: + indices: + - identities + query: + query: 'created: [2022-05-19T19:26:03.351Z TO now]' + timeZone: America/Los_Angeles + required: true + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + headers: + X-Total-Count: + description: The total result count. + schema: + type: integer + example: 5 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /search/aggregate: + post: + tags: + - Search + description: 'Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. ' + operationId: searchAggregate + summary: Perform a Search Query Aggregation + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + requestBody: + content: + application/json: + schema: + type: object + properties: + indices: + description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.' + externalDocs: + description: Learn more about search indices here. + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html' + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + queryType: + description: |- + The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body. + To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly. + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + - TYPEAHEAD + default: SAILPOINT + example: SAILPOINT + queryVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the query object. + This version number will map to the version of Elasticsearch for the query strings and objects being used. + query: + type: object + description: Query parameters used to construct an Elasticsearch query object. + properties: + query: + description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'name:a*' + fields: + description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields. + type: array + items: + type: string + example: + - name + timeZone: + description: The time zone to be applied to any range query related to dates. + type: string + example: America/Chicago + innerHit: + description: The innerHit query object returns a flattened list of results for the specified nested type. + type: object + required: + - query + - type + properties: + query: + description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'source.name:\"Active Directory\"' + type: + description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.' + type: string + example: access + queryDsl: + description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.' + type: object + example: + match: + name: john.doe + typeAheadQuery: + type: object + description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." ' + required: + - query + - field + properties: + query: + description: The type ahead query string used to construct a phrase prefix match query. + type: string + example: Work + field: + description: The field on which to perform the type ahead search. + type: string + example: source.name + nestedType: + description: The nested type. + type: string + example: access + maxExpansions: + description: |- + The number of suffixes the last term will be expanded into. + Influences the performance of the query and the number results returned. + Valid values: 1 to 1000. + type: integer + format: int32 + minimum: 1 + maximum: 1000 + default: 10 + example: 10 + includeNested: + description: Indicates whether nested objects from returned search results should be included. + type: boolean + default: true + example: true + queryResultFilter: + type: object + description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents. + properties: + includes: + description: The list of field names to include in the result documents. + type: array + items: + type: string + example: + - name + - displayName + excludes: + description: The list of field names to exclude from the result documents. + type: array + items: + type: string + example: + - stacktrace + aggregationType: + description: | + Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results. + + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + default: DSL + example: DSL + aggregationsVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the language being used for aggregation queries. + This version number will map to the version of Elasticsearch for the aggregation query object. + aggregationsDsl: + description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.' + type: object + example: {} + aggregations: + description: | + The aggregation’s specifications, such as the groupings and calculations to be performed. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + sort: + description: The fields to be used to sort the search results. Use + or - to specify the sort direction. + type: array + items: + type: string + example: + - displayName + - +id + searchAfter: + description: |- + Used to begin the search window at the values specified. + This parameter consists of the last values of the sorted fields in the current record set. + This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. + It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. + For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. + If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. + The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"] + type: array + items: + type: string + example: + - John Doe + - 2c91808375d8e80a0175e1f88a575221 + filters: + description: The filters to be applied for each filtered field name. + type: object + additionalProperties: + type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + example: {} + examples: + metricAggregation: + summary: MetricAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + metric: + name: How Many Locations + type: UNIQUE_COUNT + field: attributes.city + metricAggregation-dsl: + summary: MetricAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + How Many Locations: + cardinality: + field: attributes.city.exact + bucketAggregation: + summary: BucketAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + bucket: + name: Identity Locations + type: TERMS + field: attributes.city + bucketAggregation-dsl: + summary: BucketAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + Identity Locations: + terms: + field: attributes.city.exact + nestedAggregation-bucketAggregation: + summary: NestedAggregation with BucketAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + nested: + name: Access + field: access + type: TERMS + bucket: + name: Access Source Name + type: TERMS + field: access.source.name + nestedAggregation-bucketAggregation-dsl: + summary: NestedAggregation with BucketAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + access: + nested: + path: access + aggs: + Access Source Name: + terms: + field: access.source.name.exact + nestedAggregation-filterAggregation-bucketAggregation: + summary: NestedAggregation with FilterAggregation and BucketAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + nested: + name: Access + field: access + type: TERMS + filter: + name: Entitlements + field: access.type + value: ENTITLEMENT + bucket: + name: Access Name + type: TERMS + field: access.name + nestedAggregation-filterAggregation-bucketAggregation-dsl: + summary: NestedAggregation with FilterAggregation and BucketAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + access: + nested: + path: access + aggs: + Entitlements: + filter: + term: + access.type: ENTITLEMENT + aggs: + Access Name: + terms: + field: access.name.exact + bucketAggregation-subAggregation: + summary: BucketAggregation with SubAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + bucket: + name: Identity Department + type: TERMS + field: attributes.department + subAggregation: + bucket: + name: Identity Locations + type: TERMS + field: attributes.city + bucketAggregation-subAggregation-dsl: + summary: BucketAggregation with SubAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + Identity Department: + terms: + field: attributes.department.exact + aggs: + Identity Locations: + terms: + field: attributes.city.exact + required: true + responses: + '200': + description: Aggregation results. + content: + application/json: + schema: + type: object + properties: + aggregations: + type: object + description: | + The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run. + + See Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) documentation for information. + example: + Identity Locations: + buckets: + - key: Austin + doc_count: 109 + - key: London + doc_count: 64 + - key: San Jose + doc_count: 27 + - key: Brussels + doc_count: 26 + - key: Sao Paulo + doc_count: 24 + - key: Munich + doc_count: 23 + - key: Singapore + doc_count: 22 + - key: Tokyo + doc_count: 20 + - key: Taipei + doc_count: 16 + hits: + description: | + The results of the aggregation search query. + type: array + items: + discriminator: + propertyName: _type + mapping: + accessprofile: ../model/access/profile/AccessProfileDocument.yaml + accountactivity: ../model/account/activity/AccountActivityDocument.yaml + account: ../model/account/AccountDocument.yaml + aggregation: ../model/aggregation/AggregationDocument.yaml + entitlement: ../model/entitlement/EntitlementDocument.yaml + event: ../model/event/EventDocument.yaml + identity: ../model/identity/IdentityDocument.yaml + role: ../model/role/RoleDocument.yaml + oneOf: + - description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + - description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + - description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + - description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + text/csv: + schema: + description: | + If the *Accept:text/csv* header is specified and the *aggregationType* parameter in the request body is *SAILPOINT*, + + the aggregation result will be returned as a CSV document. + type: string + example: + - 'Identity Locations,Count' + - 'Munich,23' + - 'Brussels,26' + - 'Singapore,22' + - 'Tokyo,20' + - 'Taipei,16' + - 'London,64' + - 'Austin,109' + - 'Sao Paulo,24' + - 'San Jose,27' + headers: + X-Total-Count: + description: The total result count (returned only if the *count* parameter is specified as *true*). + schema: + type: integer + example: 5 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/search/{index}/{id}': + get: + tags: + - Search + description: 'Fetches a single document from the specified index, using the specified document ID.' + operationId: searchGet + summary: Get a Document by ID + parameters: + - in: path + name: index + description: | + The index from which to fetch the specified document. + + The currently supported index names are: *accessprofiles*, *accountactivities*, *accounts*, *aggregations*, *entitlements*, *events*, *identities*, and *roles*. + schema: + type: string + required: true + example: accounts + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '200': + description: The requested document. + content: + application/json: + schema: + discriminator: + propertyName: _type + mapping: + accessprofile: ../model/access/profile/AccessProfileDocument.yaml + accountactivity: ../model/account/activity/AccountActivityDocument.yaml + account: ../model/account/AccountDocument.yaml + aggregation: ../model/aggregation/AggregationDocument.yaml + entitlement: ../model/entitlement/EntitlementDocument.yaml + event: ../model/event/EventDocument.yaml + identity: ../model/identity/IdentityDocument.yaml + role: ../model/role/RoleDocument.yaml + oneOf: + - description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + - description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + - description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + - description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + examples: + accessProfile: + summary: AccessProfile + value: + id: 2c9180825a6c1adc015a71c9023f0818 + name: Cloud Eng + _type: accessprofile + description: Cloud Eng + created: '2017-02-24T20:21:23.145Z' + modified: '2019-05-24T20:36:04.312Z' + synced: '2020-02-18T05:30:20.414Z' + enabled: true + requestable: true + requestCommentsRequired: false + owner: + id: ff8081815757d36a015757d42e56031e + name: SailPoint Support + type: IDENTITY + email: cloud-support@sailpoint.com + source: + id: ff8081815757d4fb0157588f3d9d008f + name: Employees + entitlements: + - id: 2c918084575812550157589064f33b89 + name: 'CN=Cloud Engineering,DC=sailpoint,DC=COM' + description: mull + attribute: memberOf + value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM' + entitlementCount: 1 + tags: + - TAG_1 + - TAG_2 + entitlement: + summary: Entitlement + value: + id: 2c9180946ed0c43d016eec1a80892fbd + name: entitlement.aa415ae7 + _type: entitlement + description: 'null' + attribute: groups + value: entitlement.aa415ae7 + modified: '2019-12-09T19:19:50.154Z' + synced: '2020-02-19T04:30:32.906Z' + displayName: entitlement.aa415ae7 + source: + id: 2c91808b6e9e6fb8016eec1a2b6f7b5f + name: ODS-HR-Employees + privileged: false + identityCount: 68 + tags: + - TAG_1 + - TAG_2 + event: + summary: Event + value: + id: e092842f-c904-4b59-aac8-2544abeeef4b + name: Update Task Schedule Passed + _type: event + created: '2020-02-17T16:23:18.327Z' + synced: '2020-02-17T16:23:18.388Z' + action: TASK_SCHEDULE_UPDATE_PASSED + type: SYSTEM_CONFIG + actor: + name: MantisTaskScheduler + target: + name: Perform provisioning activity search delete synchronization + stack: tpe + trackingNumber: c6b98bc39ece48b080826d16c76b166c + ipAddress: 207.189.160.158 + details: 'null' + attributes: + sourceName: SailPoint + objects: + - TASK + - SCHEDULE + operation: UPDATE + status: PASSED + technicalName: TASK_SCHEDULE_UPDATE_PASSED + identity: + summary: Identity + value: + id: 2c9180865c45e7e3015c46c434a80622 + name: ad.admin + _type: identity + firstName: AD + lastName: Admin + displayName: AD Admin + email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM + created: '2018-08-22T19:54:54.302Z' + modified: '2018-08-22T19:54:54.302Z' + synced: '2018-08-22T19:54:54.302Z' + phone: 512-942-7578 + inactive: false + protected: false + status: UNREGISTERED + employeeNumber: O349804 + manager: null + isManager: false + identityProfile: + id: 2c918085605c8d0601606f357cb231e6 + name: E2E AD + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + attributes: + uid: ad.admin + firstname: AD + cloudAuthoritativeSource: 2c9180855c45b230015c46c19b9c0202 + cloudStatus: UNREGISTERED + iplanet-am-user-alias-list: null + displayName: AD Admin + internalCloudStatus: UNREGISTERED + workPhone: 512-942-7578 + email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM + lastname: Admin + processingState: null + processingDetails: null + accounts: + - id: 2c9180865c45e7e3015c46c434a80623 + name: ad.admin + accountId: 'CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local' + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + type: Active Directory - Direct + disabled: false + locked: false + privileged: false + manuallyCorrelated: false + passwordLastSet: '2018-08-22T19:54:54.302Z' + entitlementAttributes: + memberOf: + - 'CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local' + - 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local' + created: '2018-08-22T19:54:54.302Z' + - id: 2c918083606d670c01606f35a30a0349 + name: ad.admin + accountId: ad.admin + source: + id: ff8081815c46b85b015c46b90c7c02a6 + name: IdentityNow + type: IdentityNowConnector + disabled: false + locked: false + privileged: false + manuallyCorrelated: false + passwordLastSet: null + entitlementAttributes: null + created: '2018-08-22T19:54:54.302Z' + accountCount: 2 + apps: + - id: '22751' + name: ADP Workforce Now + source: + id: 2c9180855c45b230015c46e2f6a8026a + name: Corporate Active Directory + account: + id: 2c9180865c45efa4015c470be0de1606 + accountId: 'CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + appCount: 1 + access: + - id: 2c918083634bc6cb01639808d40270ba + name: 'test [AccessProfile-1527264105448]' + displayName: test + type: ACCESS_PROFILE + description: test + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + owner: + id: 2c9180865c45e7e3015c46c434a80622 + name: ad.admin + displayName: AD Admin + - id: 2c9180865c45e7e3015c46c457c50755 + name: Administrators + displayName: Administrators + type: ENTITLEMENT + description: null + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + privileged: false + attribute: memberOf + value: 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local' + standalone: false + - id: 2c9180865decdaa5015e06598b293108 + name: 'test [cloudRole-1503345085223]' + displayName: test + type: ROLE + description: test + owner: + id: 2c9180865c45e7e3015c46c5030707a0 + name: will.albin + displayName: Albin Will + disabled: false + accessCount: 3 + accessProfileCount: 1 + entitlementCount: 1 + roleCount: 1 + tags: + - TAG_1 + - TAG_2 + role: + summary: Role + value: + id: 2c91808c6faadea6016fb4f2bc69077b + name: IT Role + _type: role + description: IT role + created: '2020-01-17T19:20:15.040Z' + modified: null + synced: '2020-02-18T05:30:20.145Z' + enabled: true + requestable: false + requestCommentsRequired: false + owner: + id: 2c9180a46faadee4016fb4e018c20639 + name: Cloud Support + type: IDENTITY + email: thomas.edison@acme-solar.com + accessProfiles: + - id: 2c91809c6faade77016fb4f0b63407ae + name: Admin Access + accessProfileCount: 1 + tags: + - TAG_1 + - TAG_2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /segments: + post: + operationId: createSegment + security: + - oauth2: + - 'idn:segment:manage' + tags: + - Segments + summary: Create Segment + description: |- + This API creates a segment. + + Note that segment definitions may take time to propagate to all identities. + + A token with ORG_ADMIN or API authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Segment. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + default: false + example: true + responses: + '201': + description: Segment created + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Segment. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + default: false + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listSegments + security: + - oauth2: + - 'idn:segment:read' + - 'idn:segment:manage' + tags: + - Segments + summary: List Segments + description: |- + This API returns a list of all segments. + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of all Segments + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The id of the Segment. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + default: false + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/segments/{id}': + get: + operationId: getSegment + security: + - oauth2: + - 'idn:segment:read' + - 'idn:segment:manage' + tags: + - Segments + summary: Get a Segment by ID + description: |- + This API returns the segment specified by the given ID. + + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the Segment to retrieve. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Segment + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Segment. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + default: false + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSegment + security: + - oauth2: + - 'idn:segment:manage' + tags: + - Segments + summary: Delete Segment by ID + description: |- + This API deletes the segment specified by the given ID. + + Note that segment deletion may take some time to become effective. + + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the Segment to delete. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchSegment + security: + - oauth2: + - 'idn:segment:manage' + tags: + - Segments + summary: Update a Segment + description: |- + Allows updating Segment fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + Note that changes to a segment may take some time to propagate to all identities, and that segments will have no effect if segmentation is not enabled for your org. + + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the Segment being modified. + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of Segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + + The following fields are patchable: + * name + * description + * owner + * visibilityCriteria + * active + content: + application/json-patch+json: + schema: + type: array + items: + type: object + examples: + Set Visibility Criteria: + description: Set the visibility criteria + value: + - op: replace + path: /visibilityCriteria + value: + expression: + operator: AND + children: + - operator: EQUALS + attribute: location + value: + type: STRING + value: Philadelphia + - operator: EQUALS + attribute: department + value: + type: STRING + value: HR + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the Segment''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Segment. + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: + type: string + description: Segment Business Name + example: segment-xyz + created: + type: string + format: date-time + description: The time when this Segment is created + example: '2020-01-01T00:00:00.000000Z' + modified: + type: string + format: date-time + description: The time when this Segment is modified + example: '2020-01-01T00:00:00.000000Z' + description: + type: string + description: Optional description of the Segment + example: This segment represents xyz + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + visibilityCriteria: + type: object + properties: + expression: + type: object + properties: + operator: + type: string + description: Operator for the expression + enum: + - AND + - EQUALS + example: EQUALS + attribute: + type: string + description: Name for the attribute + example: location + value: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + children: + type: array + description: List of expressions + items: + type: object + properties: + type: + type: string + description: The type of attribute value + example: STRING + value: + type: string + description: The attribute value + example: Austin + example: [] + active: + type: boolean + description: Whether the Segment is currently active. Inactive segments have no effect. + default: false + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /service-desk-integrations: + get: + tags: + - Service Desk Integration + summary: List existing Service Desk Integrations + description: Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrations + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - name: sorters + in: query + required: false + style: form + explode: true + schema: + type: string + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + example: name + - name: filters + in: query + required: false + style: form + explode: true + schema: + type: string + format: comma-separated + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq* + + **type**: *eq, in* + + **cluster**: *eq, in* + example: name eq "John Doe" + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of ServiceDeskIntegrationDto + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + post: + tags: + - Service Desk Integration + summary: Create new Service Desk integration + description: Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: createServiceDeskIntegration + requestBody: + description: The specifics of a new integration to create + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + required: true + responses: + '200': + description: details of the created integration + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + '/service-desk-integrations/{id}': + get: + tags: + - Service Desk Integration + summary: Get a Service Desk integration + description: Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of the Service Desk integration to get + required: true + style: simple + explode: false + schema: + type: string + example: anId + responses: + '200': + description: ServiceDeskIntegrationDto with the given ID + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + put: + tags: + - Service Desk Integration + summary: Update a Service Desk integration + description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: updateServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of the Service Desk integration to update + required: true + style: simple + explode: false + schema: + type: string + example: anId + requestBody: + description: The specifics of the integration to update + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + required: true + responses: + '200': + description: ServiceDeskIntegrationDto as updated + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + delete: + tags: + - Service Desk Integration + summary: Delete a Service Desk integration + description: Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: deleteServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of Service Desk integration to delete + required: true + style: simple + explode: false + schema: + type: string + example: anId + responses: + '204': + description: Service Desk integration with the given ID successfully deleted + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + patch: + operationId: patchServiceDeskIntegration + tags: + - Service Desk Integration + summary: Service Desk Integration Update PATCH + description: Update an existing ServiceDeskIntegration by ID with a PATCH request. + parameters: + - name: id + in: path + description: ID of the Service Desk integration to update + required: true + style: simple + explode: false + schema: + type: string + example: anId + requestBody: + required: true + description: | + A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + PATCH can only be applied to the following fields: + * "beforeProvisioningRule" + + A 403 Forbidden Error indicates that you attempted to PATCH a field that is not allowed. + content: + application/json-patch+json: + schema: + type: object + description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + properties: + operations: + description: Operations to be applied + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + responses: + '200': + description: ServiceDeskIntegrationDto as updated + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + /service-desk-integrations/types: + get: + tags: + - Service Desk Integration + summary: Service Desk Integration Types List. + description: This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrationTypes + responses: + '200': + description: Responds with an array of the currently supported Service Desk integration types. + content: + application/json: + schema: + type: array + items: + description: This represents a Service Desk Integration template type. + required: + - type + - scriptName + type: object + properties: + name: + description: This is the name of the type. + example: aName + type: string + type: + description: This is the type value for the type. + example: aType + type: string + scriptName: + description: This is the scriptName attribute value for the type. + example: aScriptName + type: string + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + '/service-desk-integrations/templates/{scriptName}': + get: + tags: + - Service Desk Integration + summary: Service Desk integration template by scriptName. + description: This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrationTemplate + parameters: + - name: scriptName + in: path + description: The scriptName value of the Service Desk integration template to get + required: true + style: simple + explode: false + schema: + type: string + example: aScriptName + responses: + '200': + description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.' + required: + - type + - attributes + - provisioningConfig + properties: + type: + description: The 'type' property specifies the type of the Service Desk integration template. + type: string + example: Web Service SDIM + default: Web Service SDIM + attributes: + description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template. + type: object + additionalProperties: true + example: + property: value + key: value + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + /service-desk-integrations/status-check-configuration: + get: + tags: + - Service Desk Integration + summary: Get the time check configuration + description: Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getStatusCheckDetails + responses: + '200': + description: QueuedCheckConfigDetails containing the configured values + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: '30' + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: '2' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + put: + tags: + - Service Desk Integration + summary: Update the time check configuration + description: Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: updateStatusCheckDetails + requestBody: + description: the modified time check configuration + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: '30' + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: '2' + required: true + responses: + '200': + description: QueuedCheckConfigDetails as updated + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: '30' + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: '2' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:manage' + - 'idn:service-desk-integration:manage' + /query-password-info: + post: + operationId: queryPasswordInfo + tags: + - Password Management + summary: Query Password Info + description: | + This API is used to query password related information. + + A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) + is required to call this API. "API authority" refers to a token that only has the "client_credentials" + grant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) + or a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) + grant type will **NOT** work on this endpoint, and a `403 Forbidden` response + will be returned. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + userName: + type: string + description: The login name of the user + example: Abby.Smith + sourceName: + type: string + description: The display name of the source + example: My-AD + responses: + '200': + description: Reference to the password info. + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + description: Identity ID + example: 2c918085744fec4301746f9a5bce4605 + sourceId: + type: string + description: source ID + example: 2c918083746f642c01746f990884012a + publicKeyId: + type: string + description: public key ID + example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh + publicKey: + type: string + description: User's public key with Base64 encoding + example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB + accounts: + type: array + description: Account info related to queried identity and source + items: + type: object + properties: + accountId: + type: string + description: 'Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350' + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + accountName: + type: string + description: 'Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008' + example: Abby.Smith + policies: + type: array + description: Password constraints + items: + type: string + example: + - passwordRepeatedChar is 3 + - passwordMinAlpha is 1 + - passwordMinLength is 5 + - passwordMinNumeric is 1 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /set-password: + post: + operationId: setPassword + tags: + - Password Management + summary: Set Identity's Password + description: | + This API is used to set a password for an identity. + + An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow). + + A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. + "API authority" refers to a token that only has the "client_credentials" grant type. + + You can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey). + To do so, follow these steps: + + 1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`. + + 2. Choose an account from the previous response that you will provide as an `accountId` in your request to set an encrypted password. + + 3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password: + + ```java + import javax.crypto.Cipher; + import java.security.KeyFactory; + import java.security.PublicKey; + import java.security.spec.X509EncodedKeySpec; + import java util.Base64; + + String encrypt(String publicKey, String toEncrypt) throws Exception { + byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey); + byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes("UTF-8")); + return Base64.getEncoder().encodeToString(encryptedBytes); + } + + private byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception { + PublicKey key = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(publicKeyBytes)); + String transformation = "RSA/ECB/PKCS1Padding"; + Cipher cipher = Cipher.getInstance(transformation); + cipher.init(1, key); + return cipher.doFinal(toEncryptBytes); + } + ``` + + In this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent. + + You can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + description: The identity ID that requested the password change + example: 8a807d4c73c545510173c545f0a002ff + encryptedPassword: + type: string + description: The RSA encrypted password + example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A== + publicKeyId: + type: string + description: The encryption key ID + example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2 + accountId: + type: string + description: 'Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350' + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + sourceId: + type: string + description: The ID of the source for which identity is requesting the password change + example: 8a807d4c73c545510173c545d4b60246 + responses: + '202': + description: Reference to the password change. + content: + application/json: + schema: + type: object + properties: + requestId: + type: string + nullable: true + description: The password change request ID + example: 089899f13a8f4da7824996191587bab9 + state: + type: string + enum: + - IN_PROGRESS + - FINISHED + - FAILED + description: Password change state + example: IN_PROGRESS + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/password-change-status/{id}': + get: + operationId: getPasswordChangeStatus + tags: + - Password Management + summary: Get Password Change Request Status + description: This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + example: 089899f13a8f4da7824996191587bab9 + description: Password change request ID + responses: + '200': + description: Status of the password change request + content: + application/json: + schema: + type: object + properties: + requestId: + type: string + nullable: true + description: The password change request ID + example: 089899f13a8f4da7824996191587bab9 + state: + type: string + enum: + - IN_PROGRESS + - FINISHED + - FAILED + description: Password change state + example: IN_PROGRESS + errors: + type: array + items: + type: string + description: The errors during the password change request + example: + - The password change payload is invalid + sourceIds: + type: array + items: + type: string + description: List of source IDs in the password change request + example: + - 2c918083746f642c01746f990884012a + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /password-dictionary: + get: + operationId: getPasswordDictionary + tags: + - Password Dictionary + summary: Get Password Dictionary + description: |- + This gets password dictionary for the organization. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-dictionary-management:read' + responses: + '200': + description: |- + + The password dictionary file can contain lines that are: + 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing + 2. empty lines + 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines + 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; + maximum length of the line is 128 Unicode codepoints + + + Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). + Password dict file must contain UTF-8 characters only. + + # Sample password text file + + ``` + + # Password dictionary small test file + + locale=en_US + + # Password dictionary prohibited words + + qwerty + abcd + aaaaa + password + qazxsws + + ``` + content: + text/plain: + schema: + type: string + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePasswordDictionary + tags: + - Password Dictionary + summary: Update Password Dictionary + description: |- + This updates password dictionary for the organization. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-dictionary:manage' + requestBody: + required: true + description: |- + + The password dictionary file can contain lines that are: + 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing + 2. empty lines + 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines + 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; + maximum length of the line is 128 Unicode codepoints + + + Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). + Password dict file must contain UTF-8 characters only. + + # Sample password text file + + ``` + + # Password dictionary small test file + + locale=en_US + + # Password dictionary prohibited words + + qwerty + abcd + aaaaa + password + qazxsws + + ``` + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Successfully updated. + '201': + description: Created. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /password-org-config: + get: + operationId: getPasswordOrgConfig + tags: + - Password Configuration + summary: Get Password Org Config + description: 'This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:read''' + security: + - oauth2: + - 'idn:password-org-config:read' + responses: + '200': + description: Reference to the password org config. + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + customInstructionsEnabled: true + digitTokenDurationMinutes: 9 + digitTokenEnabled: false + digitTokenLength: 6 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePasswordOrgConfig + tags: + - Password Configuration + summary: Update Password Org Config + description: 'This API updates the password org config for specified fields. Other fields will keep original value. Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:write''' + security: + - oauth2: + - 'idn:password-org-config:write' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + digitTokenEnabled: true + digitTokenDurationMinutes: 12 + responses: + '200': + description: Reference to the password org config. + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + customInstructionsEnabled: true + digitTokenDurationMinutes: 12 + digitTokenEnabled: true + digitTokenLength: 6 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createPasswordOrgConfig + tags: + - Password Configuration + summary: Create Password Org Config + description: 'This API creates the password org config. Unspecified fields will use default value. Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:write''' + security: + - oauth2: + - 'idn:password-org-config:write' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + customInstructionsEnabled: true + digitTokenEnabled: true + digitTokenDurationMinutes: 12 + digitTokenLength: 9 + responses: + '200': + description: Reference to the password org config. + content: + application/json: + schema: + type: object + properties: + customInstructionsEnabled: + type: boolean + description: Indicator whether custom password instructions feature is enabled. The default value is false. + default: false + example: true + digitTokenEnabled: + type: boolean + description: Indicator whether "digit token" feature is enabled. The default value is false. + default: false + example: true + digitTokenDurationMinutes: + type: integer + format: int32 + description: The duration of "digit token" in minutes. The default value is 5. + minimum: 1 + maximum: 60 + default: 5 + example: 10 + digitTokenLength: + type: integer + format: int32 + description: The length of "digit token". The default value is 6. + minimum: 6 + maximum: 18 + default: 6 + example: 9 + example: + customInstructionsEnabled: true + digitTokenDurationMinutes: 9 + digitTokenEnabled: true + digitTokenLength: 12 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-policies: + post: + security: + - oauth2: + - 'idn:sod-policy:write' + operationId: createSodPolicy + tags: + - SOD Policy + summary: Create SOD policy + description: |- + This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. + Requires role of ORG_ADMIN. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + readOnly: true + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + nullable: true + ownerRef: + readOnly: true + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + nullable: true + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + nullable: true + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + nullable: true + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + nullable: true + readOnly: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + default: false + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + name: Conflicting-Policy-Name + description: This policy ensures compliance of xyz + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + name: General-Policy-Name + responses: + '201': + description: SOD policy created + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + readOnly: true + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + nullable: true + ownerRef: + readOnly: true + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + nullable: true + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + nullable: true + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + nullable: true + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + nullable: true + readOnly: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + default: false + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: This policy ensures compliance of xyz + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + security: + - oauth2: + - 'idn:sod-policy:read' + operationId: listSodPolicies + tags: + - SOD Policy + summary: List SOD policies + description: |- + This gets list of all SOD policies. + Requires role of ORG_ADMIN + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq* + + **name**: *eq* + + **state**: *eq* + example: id eq "bc693f07e7b645539626c25954c58554" + required: false + responses: + '200': + description: List of all SOD policies. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + readOnly: true + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + nullable: true + ownerRef: + readOnly: true + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + nullable: true + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + nullable: true + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + nullable: true + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + nullable: true + readOnly: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + default: false + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + example: + - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: This policy ensures compliance of xyz + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + - description: Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-policies/{id}': + get: + security: + - oauth2: + - 'idn:sod-policy:read' + operationId: getSodPolicy + tags: + - SOD Policy + summary: Get SOD policy by ID + description: |- + This gets specified SOD policy. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD Policy to retrieve. + example: ef38f943-47e9-4562-b5bb-8424a56397d8 + responses: + '200': + description: SOD policy ID. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + readOnly: true + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + nullable: true + ownerRef: + readOnly: true + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + nullable: true + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + nullable: true + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + nullable: true + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + nullable: true + readOnly: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + default: false + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: This policy ensures compliance of xyz + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + security: + - oauth2: + - 'idn:sod-policy:write' + operationId: setSodPolicy + tags: + - SOD Policy + summary: Update SOD policy by ID + description: |- + This updates a specified SOD policy. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy to update. + example: ef38f943-47e9-4562-b5bb-8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + readOnly: true + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + nullable: true + ownerRef: + readOnly: true + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + nullable: true + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + nullable: true + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + nullable: true + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + nullable: true + readOnly: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + default: false + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + name: Conflicting-Policy-Name + description: Modified Description + externalPolicyReference: XYZ policy + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Modified Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + responses: + '200': + description: SOD Policy by ID + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + readOnly: true + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + nullable: true + ownerRef: + readOnly: true + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + nullable: true + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + nullable: true + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + nullable: true + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + nullable: true + readOnly: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + default: false + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: Modified description + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a68 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a69 + General Policy: + value: + description: Modified Description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + security: + - oauth2: + - 'idn:sod-policy:write' + operationId: deleteSodPolicy + tags: + - SOD Policy + summary: Delete SOD policy by ID + description: |- + This deletes a specified SOD policy. + Requires role of ORG_ADMIN. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD Policy to delete. + example: ef38f943-47e9-4562-b5bb-8424a56397d8 + - in: query + name: logical + schema: + type: boolean + default: true + description: Indicates whether this is a soft delete (logical true) or a hard delete. Soft delete marks the policy as deleted and just save it with this status. It could be fully deleted or recovered further. Hard delete vise versa permanently delete SOD request during this call. + example: true + required: false + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + security: + - oauth2: + - 'idn:sod-policy:write' + operationId: patchSodPolicy + tags: + - SOD Policy + summary: Patch SOD policy by ID + description: |- + Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + Requires role of ORG_ADMIN. + This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy being modified. + example: 2c918083-5d19-1a86-015d-28455b4a2329 + requestBody: + required: true + description: | + A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * name + * description + * ownerRef + * externalPolicyReference + * compensatingControls + * correctionAdvice + * state + * tags + * violationOwnerAssignmentConfig + * scheduled + * conflictingAccessCriteria + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Conflicting Access Based Policy: + value: + - op: replace + path: /description + value: Modified description + - op: replace + path: /conflictingAccessCriteria/leftCriteria/name + value: money-in-modified + - op: replace + path: /conflictingAccessCriteria/rightCriteria + value: + name: money-out-modified + criteriaList: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + General Policy: + value: + - op: replace + path: /description + value: Modified description + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the SOD policy''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Policy id + example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + readOnly: true + name: + type: string + description: Policy Business Name + example: policy-xyz + created: + type: string + format: date-time + description: The time when this SOD policy is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: Optional description of the SOD policy + example: This policy ensures compliance of xyz + nullable: true + ownerRef: + readOnly: true + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + externalPolicyReference: + type: string + description: Optional External Policy Reference + example: XYZ policy + nullable: true + policyQuery: + type: string + description: Search query of the SOD policy + example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' + compensatingControls: + type: string + description: Optional compensating controls(Mitigating Controls) + example: Have a manager review the transaction decisions for their "out of compliance" employee + nullable: true + correctionAdvice: + type: string + description: Optional correction advice + example: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + nullable: true + state: + type: string + description: whether the policy is enforced or not + enum: + - ENFORCED + - NOT_ENFORCED + example: ENFORCED + tags: + type: array + description: tags for this policy object + example: + - TAG1 + - TAG2 + items: + type: string + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + nullable: true + readOnly: true + violationOwnerAssignmentConfig: + nullable: true + type: object + properties: + assignmentRule: + type: string + enum: + - MANAGER + - STATIC + description: |- + Details about the violations owner. + MANAGER - identity's manager + STATIC - Governance Group or Identity + example: MANAGER + ownerRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + scheduled: + type: boolean + default: false + description: defines whether a policy has been scheduled or not + example: true + type: + type: string + description: whether a policy is query based or conflicting access based + default: GENERAL + enum: + - GENERAL + - CONFLICTING_ACCESS_BASED + example: GENERAL + conflictingAccessCriteria: + nullable: true + type: object + properties: + leftCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + rightCriteria: + type: object + properties: + name: + type: string + description: Business name for the access construct list + example: money-in + criteriaList: + type: array + description: List of criteria. There is a min of 1 and max of 50 items in the list. + minItems: 1 + maxItems: 50 + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + description: Type of the propery to which this reference applies to + example: ENTITLEMENT + id: + type: string + description: ID of the object to which this reference applies to + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies to + example: Administrator + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + name: Administrator + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + name: Administrator + examples: + Conflicting Access Based Policy: + value: + id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + name: Conflicting-Policy-Name + created: '2020-01-01T00:00:00.000000Z' + modified: '2020-01-01T00:00:00.000000Z' + description: Modified description + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Owner Name + externalPolicyReference: XYZ policy + policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)' + compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee + correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.' + state: ENFORCED + tags: + - string + creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde + violationOwnerAssignmentConfig: + assignmentRule: MANAGER + ownerRef: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + name: Violation Owner Name + scheduled: true + type: CONFLICTING_ACCESS_BASED + conflictingAccessCriteria: + leftCriteria: + name: money-in-modified + criteriaList: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + rightCriteria: + name: money-out-modified + criteriaList: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + General Policy: + value: + description: Modified description + ownerRef: + type: IDENTITY + id: 2c918087682f9a86016839c05e8f1aff + name: Owner Name + externalPolicyReference: New policy + policyQuery: policy query implementation + compensatingControls: Compensating controls + correctionAdvice: Correction advice + tags: [] + state: ENFORCED + scheduled: false + creatorId: 2c918087682f9a86016839c05e8f1aff + modifierId: null + violationOwnerAssignmentConfig: null + type: GENERAL + conflictingAccessCriteria: null + id: 52c11db4-733e-4c31-949a-766c95ec95f1 + name: General-Policy-Name + created: '2020-05-12T19:47:38Z' + modified: '2020-05-12T19:47:38Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-policies/{id}/schedule': + get: + security: + - oauth2: + - 'idn:sod-policy:read' + operationId: getSodPolicySchedule + tags: + - SOD Policy + summary: Get SOD policy schedule + description: This endpoint gets a specified SOD policy's schedule. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy schedule to retrieve. + example: ef38f943-47e9-4562-b5bb-8424a56397d8 + responses: + '200': + description: SOD policy schedule. + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: SOD Policy schedule name + example: SCH-1584312283015 + created: + type: string + format: date-time + description: The time when this SOD policy schedule is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy schedule is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: SOD Policy schedule description + example: Schedule for policy xyz + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + emailEmptyResults: + type: boolean + description: Indicates if empty results need to be emailed + example: false + default: false + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + security: + - oauth2: + - 'idn:sod-policy:write' + operationId: setPolicySchedule + tags: + - SOD Policy + summary: Update SOD Policy schedule + description: This updates schedule for a specified SOD policy. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy to update its schedule. + example: ef38f943-47e9-4562-b5bb-8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: SOD Policy schedule name + example: SCH-1584312283015 + created: + type: string + format: date-time + description: The time when this SOD policy schedule is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy schedule is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: SOD Policy schedule description + example: Schedule for policy xyz + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + emailEmptyResults: + type: boolean + description: Indicates if empty results need to be emailed + example: false + default: false + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + responses: + '200': + description: Created or updated SOD policy schedule. + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: SOD Policy schedule name + example: SCH-1584312283015 + created: + type: string + format: date-time + description: The time when this SOD policy schedule is created. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + modified: + type: string + format: date-time + description: The time when this SOD policy schedule is modified. + example: '2020-01-01T00:00:00.000000Z' + readOnly: true + description: + type: string + description: SOD Policy schedule description + example: Schedule for policy xyz + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + emailEmptyResults: + type: boolean + description: Indicates if empty results need to be emailed + example: false + default: false + creatorId: + type: string + description: Policy's creator ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + modifierId: + type: string + description: Policy's modifier ID + example: 0f11f2a47c944bf3a2bd742580fe3bde + readOnly: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + security: + - oauth2: + - 'idn:sod-policy:write' + operationId: deleteSodPolicySchedule + tags: + - SOD Policy + summary: Delete SOD policy schedule + description: This deletes schedule for a specified SOD policy by ID. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the SOD policy the schedule must be deleted for. + example: ef38f943-47e9-4562-b5bb-8424a56397d8 + responses: + '204': + description: No content response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-policies/{id}/violation-report/run': + post: + security: + - oauth2: + - 'idn:sod-violation:write' + operationId: startSodPolicy + tags: + - SOD Policy + summary: Runs SOD policy violation report + description: 'This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The SOD policy ID to run. + example: ef38f943-47e9-4562-b5bb-8424a56397d8 + responses: + '200': + description: Reference to the violation report run task. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + description: Status of a violation report + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: PENDING + example: + status: PENDING + type: REPORT_RESULT + id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d + name: policy-xyz + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-policies/{id}/violation-report': + get: + security: + - oauth2: + - 'idn:sod-violation:read' + operationId: getSodViolationReportStatus + tags: + - SOD Policy + summary: Get SOD violation report status + description: This gets the status for a violation report run task that has already been invoked. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the violation report to retrieve status for. + example: ef38f943-47e9-4562-b5bb-8424a56397d8 + responses: + '200': + description: Status of the violation report run task. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + description: Status of a violation report + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: PENDING + example: + status: SUCCESS + type: REPORT_RESULT + id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d + name: policy-xyz + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-risks/risks/{id}': + get: + security: + - oauth2: + - 'idn:sod-policy:read' + operationId: getArmRiskById + tags: + - SOD Policy + summary: Gets the specified ARM risk. + description: |- + This API gets the specified ARM risk. + + Any authenticated token can call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: 'The composite ID of the ARM Risk. It should consist of a jobId, rulebookId, and a riskCode; each separated by a "!"' + example: 52435!246635!BS_04 + responses: + '200': + description: ARM Risk + content: + application/json: + schema: + description: An object containing the details of an ARM risk listing of the SOD violation reasons detected by this check. + type: object + properties: + name: + type: string + description: Risk Name + example: BS02_RISK + readOnly: true + description: + type: string + description: Description + example: This is a description of risk code BS02 + readOnly: true + owners: + type: array + items: + type: string + description: List of risk owners' SAP usernames + example: [] + readOnly: true + externalReference: + type: string + description: URL to "what if" details in ARM + example: 'https://webui-dev.erpmaestro.com/home/what-if-report/100000' + readOnly: true + rating: + type: string + description: Risk Rating + example: Informational + readOnly: true + businessFunctions: + type: object + description: A map from business function codes to "Left side" or "Right side" + additionalProperties: + type: string + example: + BS02_01: Left side + BS02_02: Right side + readOnly: true + approvers: + type: array + items: + type: string + description: List of risk approvers' SAP usernames + example: + - JOE USER + readOnly: true + mitigatingControls: + type: string + description: What was done to mitigate risks + example: Required two levels of verification + readOnly: true + correctionAdvice: + type: string + description: Recommendation on how to resolve risk + example: Run a certification campaign and determine if access should be revoked + readOnly: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-violation-report-status/{reportResultId}': + get: + security: + - oauth2: + - 'idn:sod-violation:read' + operationId: getSodViolationReportRunStatus + tags: + - SOD Policy + summary: Get violation report run status + description: This gets the status for a violation report run task that has already been invoked. + parameters: + - in: path + name: reportResultId + schema: + type: string + required: true + description: The ID of the report reference to retrieve. + example: 2e8d8180-24bc-4d21-91c6-7affdb473b0d + responses: + '200': + description: Status of the violation report run task. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + description: Status of a violation report + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: PENDING + example: + status: SUCCESS + type: REPORT_RESULT + id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d + name: policy-xyz + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-violations/predict: + post: + security: + - oauth2: + - 'idn:sod-violation:read' + operationId: startPredictSodViolations + tags: + - SOD Violations + summary: Predict SOD violations for identity. + description: |- + This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused. + + A token with ORG_ADMIN or API authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + description: An identity with a set of access to be added + required: + - identityId + - accessRefs + type: object + properties: + identityId: + description: Identity id to be checked. + type: string + example: 2c91808568c529c60168cca6f90c1313 + accessRefs: + description: The list of ENTITLEMENTs to consider for calculating possible violations in a preventive check. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: The types of objects supported for SOD violations + properties: + type: + enum: + - ENTITLEMENT + example: ENTITLEMENT + description: The type of object that is referenced + example: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c050861ab1 + name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local' + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local' + example: + identityId: 2c91808568c529c60168cca6f90c1313 + accessRefs: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c050861ab1 + name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local' + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local' + responses: + '200': + description: Violation Contexts + content: + application/json: + schema: + description: An object containing a listing of the SOD violation reasons detected by this check. + required: + - requestId + type: object + properties: + violationContexts: + type: array + description: List of Violation Contexts + items: + type: object + properties: + policy: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + type: + type: string + example: SOD_POLICY + name: + type: string + example: A very cool policy name + description: The types of objects supported for SOD violations + properties: + type: + enum: + - ENTITLEMENT + example: ENTITLEMENT + description: The type of object that is referenced + conflictingAccessCriteria: + nullable: false + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + type: object + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + description: List of exception criteria. There is a min of 1 and max of 50 items in the list. + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' + existing: + type: boolean + description: Whether the subject identity already had that access or not + default: false + example: true + description: Access reference with addition of boolean existing flag to indicate whether the access was extant + description: The types of objects supported for SOD violations + properties: + type: + enum: + - ENTITLEMENT + example: ENTITLEMENT + description: The type of object that is referenced + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + existing: true + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + existing: false + rightCriteria: + type: object + properties: + criteriaList: + type: array + description: List of exception criteria. There is a min of 1 and max of 50 items in the list. + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' + existing: + type: boolean + description: Whether the subject identity already had that access or not + default: false + example: true + description: Access reference with addition of boolean existing flag to indicate whether the access was extant + description: The types of objects supported for SOD violations + properties: + type: + enum: + - ENTITLEMENT + example: ENTITLEMENT + description: The type of object that is referenced + example: + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a66 + existing: true + - type: ENTITLEMENT + id: 2c9180866166b5b0016167c32ef31a67 + existing: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-violations/check: + post: + security: + - oauth2: + - 'idn:sod-violation:read' + operationId: startViolationCheck + tags: + - SOD Violations + summary: Check SOD violations + description: |- + This API initiates a SOD policy verification asynchronously. + + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + description: An identity with a set of access to be added + required: + - identityId + - accessRefs + type: object + properties: + identityId: + description: Set of identity id's to be checked. + type: string + example: 2c91809050db617d0150e0bf3215385e + accessRefs: + description: The bundle of access profiles to be added to the identities specified. All references must be ENTITLEMENT type. + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + clientName: client1 + clientId: 2c91808f7892918f0178b78da4a305a1 + example: + identityId: 2c91808568c529c60168cca6f90c1313 + accessRefs: + - type: ENTITLEMENT + id: 2c918087682f9a86016839c050861ab1 + name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local' + - type: ENTITLEMENT + id: 2c918087682f9a86016839c0509c1ab2 + name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local' + clientMetadata: + additionalProp1: string + additionalProp2: string + additionalProp3: string + responses: + '202': + description: Request ID with a timestamp. + content: + application/json: + schema: + description: An object referencing an SOD violation check + required: + - requestId + type: object + properties: + requestId: + description: The id of the original request + example: 089899f13a8f4da7824996191587bab9 + type: string + created: + type: string + format: date-time + readOnly: true + description: The date-time when this request was created. + example: '2020-01-01T00:00:00.000000Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-violations/config: + get: + security: + - oauth2: + - 'idn:sod-policy:read' + operationId: getArmConfig + tags: + - SOD Violations + summary: Expose just the ARM config + description: This API expose just the ARM config from Tenaya (Org Config Service) for UI. + responses: + '200': + description: Org config with ARM data. + content: + application/json: + schema: + type: object + description: Arm Data for the org configuration. + properties: + armCustomerId: + type: string + description: ARM Customer ID + nullable: true + example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E + armSsoUrl: + type: string + description: ARM SSO URL + nullable: true + example: 'https://your-arm-sso-url' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-violation-report/run: + post: + security: + - oauth2: + - 'idn:sod-violation:write' + operationId: startSodAllPoliciesForOrg + tags: + - SOD Policy + summary: Runs all policies for org + description: 'Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided.' + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + filteredPolicyList: + type: array + description: Multi-policy report will be run for this list of ids + items: + type: string + example: + - b868cd40-ffa4-4337-9c07-1a51846cfa94 + - 63a07a7b-39a4-48aa-956d-50c827deba2a + example: + filteredPolicyList: + - b868cd40-ffa4-4337-9c07-1a51846cfa94 + - 63a07a7b-39a4-48aa-956d-50c827deba2a + responses: + '200': + description: Reference to the violation report run task. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + description: Status of a violation report + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: PENDING + example: + status: PENDING + type: REPORT_RESULT + id: 37b3b32a-f394-46f8-acad-b5223969fa68 + name: Multi Query Report + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sod-violation-report: + get: + security: + - oauth2: + - 'idn:sod-violation:read' + operationId: getSodAllReportRunStatus + tags: + - SOD Policy + summary: Get multi-report run task status + description: This endpoint gets the status for a violation report for all policy run. + responses: + '200': + description: Status of the violation report run task for all policy run. + content: + application/json: + schema: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + description: Status of a violation report + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: PENDING + example: + status: SUCCESS + type: REPORT_RESULT + id: 37b3b32a-f394-46f8-acad-b5223969fa68 + name: Multi Query Report + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-violation-report/{reportResultId}/download': + get: + security: + - oauth2: + - 'idn:sod-violation:read' + operationId: getDefaultViolationReport + tags: + - SOD Policy + summary: Download violation report + description: This allows to download a violation report for a given report reference. + parameters: + - in: path + name: reportResultId + schema: + type: string + required: true + description: The ID of the report reference to download. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Returns the PolicyReport.zip that contains the violation report file. + content: + application/zip: + schema: + type: string + format: binary + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sod-violation-report/{reportResultId}/download/{fileName}': + get: + security: + - oauth2: + - 'idn:sod-violation:read' + operationId: getCustomViolationReport + tags: + - SOD Policy + summary: Download custom violation report + description: This allows to download a specified named violation report for a given report reference. + parameters: + - in: path + name: reportResultId + schema: + type: string + required: true + description: The ID of the report reference to download. + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: fileName + schema: + type: string + required: true + description: Custom Name for the file. + example: custom-name + responses: + '200': + description: Returns the zip file with given custom name that contains the violation report file. + content: + application/zip: + schema: + type: string + format: binary + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sources: + get: + operationId: listSources + tags: + - Sources + summary: Lists all sources in IdentityNow. + description: |- + This end-point lists all the sources in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: name eq "#Employees" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *co, eq, in, sw* + + **type**: *eq, in* + + **owner.id**: *eq, in* + + **features**: *ca, co* + + **created**: *eq* + + **modified**: *eq* + + **managementWorkgroup.id**: *eq* + + **description**: *eq* + + **authoritative**: *eq* + + **healthy**: *eq* + + **status**: *eq, in* + + **connectionType**: *eq* + + **connectorName**: *eq* + - in: query + name: sorters + schema: + type: string + format: comma-separated + example: name + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status** + - in: query + name: for-subadmin + schema: + type: string + example: name + description: |- + Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user. + Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned. + responses: + '200': + description: List of Source objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createSource + tags: + - Sources + summary: Creates a source in IdentityNow. + description: |- + This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: provisionAsCsv + description: 'If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don''t set this query parameter and you attempt to set the `type` attribute directly, the request won''t correctly generate the source. ' + schema: + type: boolean + required: false + example: false + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + responses: + '201': + description: 'Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}': + get: + operationId: getSource + tags: + - Sources + summary: Get Source by ID + description: |- + This end-point gets a specific source in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: A Source object + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putSource + tags: + - Sources + summary: Update Source (Full) + description: | + This API updates a source in IdentityNow, using a full object representation. In other words, the existing Source + configuration is completely replaced. + + Some fields are immutable and cannot be changed, such as: + + * id + * type + * authoritative + * connector + * connectorClass + * passwordPolicies + + Attempts to modify these fields will result in a 400 error. + + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + responses: + '200': + description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateSource + tags: + - Sources + summary: Update Source (Partial) + description: | + This API partially updates a source in IdentityNow, using a list of patch operations according to the + [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + Some fields are immutable and cannot be changed, such as: + + * id + * type + * authoritative + * created + * modified + * connector + * connectorClass + * passwordPolicies + + Attempts to modify these fields will result in a 400 error. + + A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in IdentityNow.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Edit the source description: + description: This example shows how to edit a source description. + value: + - op: replace + path: /description + value: new description + Edit the source cluster: + description: This example shows how to edit a source cluster by id. + value: + - op: replace + path: /cluster/id + value: 2c918087813a902001813f3f85736b45 + Edit source features: + description: This example illustrates how you can update source supported features + value: + - op: replace + path: /features + value: + - PASSWORD + - PROVISIONING + - ENABLE + - AUTHENTICATE + Change a source description and cluster in One Call: + description: This example shows how multiple fields may be updated with a single patch call. + value: + - op: replace + path: /description + value: new description + - op: replace + path: /cluster/id + value: 2c918087813a902001813f3f85736b45 + Add a filter string to the connector: + description: 'This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example below, any account that does not have an "m" or "d" in the id will be aggregated.' + value: + - op: add + path: /connectorAttributes/filterString + value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )' + Update connector attribute for specific operation type: + description: This example shows how you can update the 3rd object in the connection parameters operationType. This will change it from a standard group aggregation to a group aggregation on the "test" entitlement type + value: + - op: replace + path: /connectorAttributes/connectionParameters/2/operationType + value: Group Aggregation-test + responses: + '200': + description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSource + tags: + - Sources + summary: Delete Source by ID + description: |- + This end-point deletes a specific source in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + All of accounts on the source will be removed first, then the source will be deleted. Actual status of task execution can be retrieved via method GET `/task-status/{id}` + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - TASK_RESULT + example: TASK_RESULT + id: + type: string + description: ID of the task result + example: 2c91808779ecf55b0179f720942f181a + name: + type: string + description: Human-readable display name of the task result (should be null/empty) + example: null + examples: + deleteSource: + summary: Response returned when deleting a source + value: + type: TASK_RESULT + id: 2c91808779ecf55b0179f720942f181a + name: null + links: + GetTaskStatusById: + parameters: + id: $response.body#/id + description: | + The `id` value returned in the response can be used as the `id` parameter in `GET /task-status/{id}`. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies': + get: + operationId: listProvisioningPolicies + tags: + - Sources + summary: Lists ProvisioningPolicies + description: |- + This end-point lists all the ProvisioningPolicies in IdentityNow. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:read' + - 'idn:provisioning-policy:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: List of ProvisioningPolicyDto objects + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createProvisioningPolicy + tags: + - Sources + summary: Create Provisioning Policy + description: |- + This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types. + Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. + Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + examples: + Create Account Provisioning Policy: + value: + name: Account + description: Account Provisioning Policy + usageType: CREATE + fields: + - name: displayName + transform: + type: identityAttribute + attributes: + name: displayName + attributes: {} + isRequired: false + type: string + isMultiValued: false + - name: distinguishedName + transform: + type: usernameGenerator + attributes: + sourceCheck: true + patterns: + - 'CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + fn: + type: identityAttribute + attributes: + name: firstname + ln: + type: identityAttribute + attributes: + name: lastname + fi: + type: substring + attributes: + input: + type: identityAttribute + attributes: + name: firstname + begin: 0 + end: 1 + fti: + type: substring + attributes: + input: + type: identityAttribute + attributes: + name: firstname + begin: 0 + end: 2 + attributes: + cloudMaxUniqueChecks: '5' + cloudMaxSize: '100' + cloudRequired: 'true' + isRequired: false + type: '' + isMultiValued: false + - name: description + transform: + type: static + attributes: + value: '' + attributes: {} + isRequired: false + type: string + isMultiValued: false + responses: + '201': + description: Created ProvisioningPolicyDto object + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies/{usageType}': + get: + operationId: getProvisioningPolicy + tags: + - Sources + summary: Get Provisioning Policy by UsageType + description: |- + This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:read' + - 'idn:provisioning-policy-source:read' + - 'idn:provisioning-policy:manage' + - 'idn:provisioning-policy-source-admin-operations:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + example: REGISTER + responses: + '200': + description: The requested ProvisioningPolicyDto was successfully retrieved. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putProvisioningPolicy + tags: + - Sources + summary: Update Provisioning Policy by UsageType + description: |- + This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow. + Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. + Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:manage' + - 'idn:provisioning-policy-source-admin-operations:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + responses: + '200': + description: The ProvisioningPolicyDto was successfully replaced. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateProvisioningPolicy + tags: + - Sources + summary: Partial update of Provisioning Policy + description: |- + This API selectively updates an existing Provisioning Policy using a JSONPatch payload. + Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. + Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:update' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + requestBody: + required: true + description: The JSONPatch payload used to update the schema. + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + add-field: + summary: Add a field to the beginning of the list + value: + - op: add + path: /fields/0 + value: + name: email + transform: + type: identityAttribute + attributes: + name: email + attributes: {} + isRequired: false + type: string + isMultiValued: false + responses: + '200': + description: The ProvisioningPolicyDto was successfully updated. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteProvisioningPolicy + tags: + - Sources + summary: Delete Provisioning Policy by UsageType + description: |- + Deletes the provisioning policy with the specified usage on an application. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + responses: + '204': + description: The ProvisioningPolicyDto was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies/bulk-update': + post: + operationId: updateProvisioningPoliciesInBulk + tags: + - Sources + summary: Bulk Update Provisioning Policies + description: |- + This end-point updates a list of provisioning policies on the specified source in IdentityNow. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:manage' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + responses: + '200': + description: A list of the ProvisioningPolicyDto was successfully replaced. + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/schemas': + get: + operationId: listSourceSchemas + tags: + - Sources + summary: List Schemas on a Source + description: | + Lists the Schemas that exist on the specified Source in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: query + name: include-types + required: false + schema: + type: string + description: 'If set to ''group'', then the account schema is filtered and only group schemas are returned. Only a value of ''group'' is recognized.' + example: group + responses: + '200': + description: The Schemas were successfully retrieved. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createSourceSchema + tags: + - Sources + summary: Create Schema on a Source + description: | + Creates a new Schema on the specified Source in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + responses: + '201': + description: The Schema was successfully created on the specified Source. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/schemas/{schemaId}': + get: + operationId: getSourceSchema + tags: + - Sources + summary: Get Source Schema by ID + description: | + Get the Source Schema by ID in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: The requested Schema was successfully retrieved. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putSourceSchema + tags: + - Sources + summary: Update Source Schema (Full) + description: | + This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below. + + * id + * name + * created + * modified + + Any attempt to modify these fields will result in an error response with a status code of 400. + + > `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + responses: + '200': + description: The Schema was successfully replaced. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateSourceSchema + tags: + - Sources + summary: Update Source Schema (Partial) + description: | + Use this API to selectively update an existing Schema using a JSONPatch payload. + + The following schema fields are immutable and cannot be updated: + + - id + - name + - created + - modified + + + To switch an account attribute to a group entitlement, you need to have the following in place: + + - `isEntitlement: true` + - Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group: + ```json + { + "name": "groups", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "The groups, roles etc. that reference account group objects", + "isMulti": true, + "isEntitlement": true, + "isGroup": true + } + ``` + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + description: The JSONPatch payload used to update the schema. + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + add-attribute: + summary: Add an attribute to the end of the list + value: + - op: add + path: /attributes/- + value: + name: location + type: STRING + schema: null + description: Employee location + isMulti: false + isEntitlement: false + isGroup: false + responses: + '200': + description: The Schema was successfully updated. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSourceSchema + tags: + - Sources + summary: Delete Source Schema by ID + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '204': + description: The Schema was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/source-health': + get: + operationId: getSourceHealth + tags: + - Sources + summary: This API fetches source health by source's id + description: This endpoint fetches source health by source's id + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: Fetched source health successfully + content: + application/json: + schema: + type: object + description: Dto for source health data + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + name: + type: string + description: the name of the source + example: Source1234 + org: + type: string + description: source's org + example: denali-cjh + isAuthoritative: + type: boolean + example: false + description: Is the source authoritative + isCluster: + type: boolean + example: false + description: Is the source in a cluster + hostname: + type: string + example: megapod-useast1-secret-hostname.sailpoint.com + description: source's hostname + pod: + type: string + description: source's pod + example: megapod-useast1 + iqServiceVersion: + type: string + description: The version of the iqService + example: iqVersion123 + status: + type: string + enum: + - SOURCE_STATE_ERROR_CLUSTER + - SOURCE_STATE_ERROR_SOURCE + - SOURCE_STATE_ERROR_VA + - SOURCE_STATE_FAILURE_CLUSTER + - SOURCE_STATE_FAILURE_SOURCE + - SOURCE_STATE_HEALTHY + - SOURCE_STATE_UNCHECKED_CLUSTER + - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES + - SOURCE_STATE_UNCHECKED_SOURCE + - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS + description: connection test result + example: SOURCE_STATE_UNCHECKED_SOURCE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}/schemas/accounts': + get: + tags: + - Sources + summary: Downloads source accounts schema template + description: |- + This API downloads the CSV schema that defines the account attributes on a source. + >**NOTE: This API is designated only for Delimited File sources.** + operationId: downloadSourceAccountsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + responses: + '200': + description: Successfully downloaded the file + content: + text/csv: + example: 'id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:read' + post: + tags: + - Sources + summary: Uploads source accounts schema template + description: |- + This API uploads a source schema template file to configure a source's account attributes. + + To retrieve the file to modify and upload, log into Identity Now. + + Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema** + + >**NOTE: This API is designated only for Delimited File sources.** + operationId: uploadSourceAccountsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Successfully uploaded the file + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:manage' + '/sources/{id}/schemas/entitlements': + get: + tags: + - Sources + summary: Downloads source entitlements schema template + description: |- + This API downloads the CSV schema that defines the entitlement attributes on a source. + + >**NOTE: This API is designated only for Delimited File sources.** + operationId: downloadSourceEntitlementsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: schemaName + schema: + type: string + description: Name of entitlement schema + example: '?schemaName=group' + responses: + '200': + description: Successfully downloaded the file + content: + text/csv: + example: 'id,name,displayName,created,description,modified,entitlements,groups,permissions' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:read' + post: + tags: + - Sources + summary: Uploads source entitlements schema template + description: |- + This API uploads a source schema template file to configure a source's entitlement attributes. + + To retrieve the file to modify and upload, log into Identity Now. + + Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Import Entitlements** -> **Download** + + >**NOTE: This API is designated only for Delimited File sources.** + operationId: uploadSourceEntitlementsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: schemaName + schema: + type: string + description: Name of entitlement schema + example: '?schemaName=group' + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Successfully uploaded the file + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:manage' + '/sources/{sourceId}/upload-connector-file': + post: + operationId: uploadSourceConnectorFile + tags: + - Sources + summary: Upload connector file to source + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + description: |- + This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events. + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Uploaded the file successfully and sent all post-upload events + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /tagged-objects: + get: + operationId: listTaggedObjects + security: + - oauth2: + - 'idn:tag:read' + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: List Tagged Objects + description: |- + This API returns a list of all tagged objects. + + Any authenticated token may be used to call this API. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **objectRef.id**: *eq, in* + + **objectRef.type**: *eq, in* + + **tagName**: *eq, in* + example: tagName eq "BU_FINANCE" + required: false + responses: + '200': + description: List of all tagged objects. + content: + application/json: + schema: + type: array + items: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: setTagToObject + security: + - oauth2: + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Add Tag to Object + description: |- + This adds a tag to an object. + + Any authenticated token may be used to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '201': + description: Created. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/tagged-objects/{type}': + get: + operationId: listTaggedObjectsByType + security: + - oauth2: + - 'idn:tag:read' + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: List Tagged Objects + description: |- + This API returns a list of all tagged objects by type. + + Any authenticated token may be used to call this API. + parameters: + - in: path + name: type + schema: + type: string + enum: + - ROLE + - IDENTITY + - SOD_POLICY + required: true + description: The type of tagged object to retrieve. + example: ROLE + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **objectRef.id**: *eq* + + **objectRef.type**: *eq* + example: objectRef.id eq "2c91808568c529c60168cca6f90c1313" + required: false + responses: + '200': + description: List of all tagged objects for specified type. + content: + application/json: + schema: + type: array + items: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/tagged-objects/{type}/{id}': + get: + operationId: getTaggedObject + security: + - oauth2: + - 'idn:tag:read' + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Get Tagged Object + description: This gets a tagged object for the specified type. + parameters: + - in: path + name: type + schema: + type: string + enum: + - ROLE + - IDENTITY + - SOD_POLICY + required: true + description: The type of tagged object to retrieve. + example: ROLE + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to retrieve. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Tagged object by type and ID. + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putTaggedObject + security: + - oauth2: + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Update Tagged Object + description: This updates a tagged object for the specified type. + parameters: + - in: path + name: type + schema: + type: string + enum: + - ROLE + - IDENTITY + - SOD_POLICY + required: true + description: The type of tagged object to update. + example: ROLE + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to update. + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + responses: + '200': + description: Tagged object by type and ID. + content: + application/json: + schema: + type: object + properties: + objectRef: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Labels to be applied to an Object + example: + - BU_FINANCE + - PCI + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteTaggedObject + security: + - oauth2: + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Delete Tagged Object + description: This deletes a tagged object for the specified type. + parameters: + - in: path + name: type + schema: + type: string + enum: + - ROLE + - IDENTITY + - SOD_POLICY + required: true + description: The type of tagged object to delete. + example: ROLE + - in: path + name: id + schema: + type: string + required: true + description: The ID of the object reference to delete. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /tagged-objects/bulk-add: + post: + operationId: setTagsToManyObjects + security: + - oauth2: + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Tag Multiple Objects + description: |- + This API adds tags to multiple objects. + + A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + requestBody: + required: true + description: 'Supported object types are ROLE, IDENTITY and SOD_POLICY.' + content: + application/json: + schema: + type: object + properties: + objectRefs: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Label to be applied to an Object + example: + - BU_FINANCE + - PCI + operation: + type: string + enum: + - APPEND + - MERGE + default: APPEND + description: |- + If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object. + + If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored. + example: MERGE + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + objectRefs: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Label to be applied to an Object + example: + - BU_FINANCE + - PCI + operation: + type: string + enum: + - APPEND + - MERGE + default: APPEND + description: |- + If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object. + + If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored. + example: MERGE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /tagged-objects/bulk-remove: + post: + operationId: deleteTagsToManyObject + security: + - oauth2: + - 'idn:tag:manage' + tags: + - Tagged Objects + summary: Remove Tags from Multiple Objects + description: |- + This API removes tags from multiple objects. + + A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + requestBody: + description: 'Supported object types are ROLE, IDENTITY and SOD_POLICY.' + required: true + content: + application/json: + schema: + type: object + properties: + objectRefs: + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + nullable: true + description: Human-readable display name of the object to which this reference applies + example: William Wilson + tags: + type: array + items: + type: string + description: Label to be applied to an Object + example: + - BU_FINANCE + - PCI + operation: + type: string + enum: + - APPEND + - MERGE + default: APPEND + description: |- + If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object. + + If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored. + example: MERGE + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /transforms: + get: + tags: + - Transforms + summary: List transforms + description: |- + Gets a list of all saved transform objects. + A token with transforms-list read authority is required to call this API. + operationId: listTransforms + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: name + in: query + description: Name of the transform to retrieve from the list. + required: false + style: form + schema: + type: string + example: ExampleTransformName123 + - name: filters + in: query + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + Filtering is supported for the following fields and operators: + **internal**: *eq* + **name**: *eq*, *sw* + required: false + style: form + explode: true + example: name eq "Uppercase" + schema: + type: string + responses: + '200': + description: A list of transforms matching the given criteria. + content: + application/json: + schema: + type: array + items: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + - id: 2cd78adghjkja34jh2b1hkjhasuecd + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: false + - id: 2lkas8dhj4bkuakja77giih7l4ashh + name: PrefixSubstring + type: substring + attributes: + begin: 0 + end: 3 + internal: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:read' + post: + tags: + - Transforms + summary: Create transform + description: 'Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. A token with transform write authority is required to call this API.' + operationId: createTransform + requestBody: + required: true + description: The transform to be created. + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + responses: + '201': + description: Indicates the transform was successfully created and returns its representation. + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:update' + '/transforms/{id}': + get: + tags: + - Transforms + summary: Transform by ID + description: |- + This API returns the transform specified by the given ID. + A token with transform read authority is required to call this API. + operationId: getTransform + parameters: + - name: id + in: path + description: ID of the transform to retrieve + required: true + style: simple + explode: false + example: 2cd78adghjkja34jh2b1hkjhasuecd + schema: + type: string + responses: + '200': + description: Transform with the given ID + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:read' + put: + tags: + - Transforms + summary: Update a transform + description: |- + Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error. + A token with transform write authority is required to call this API. + operationId: updateTransform + parameters: + - name: id + in: path + description: ID of the transform to update + required: true + style: simple + explode: false + schema: + type: string + example: 2cd78adghjkja34jh2b1hkjhasuecd + requestBody: + description: 'The updated transform object (must include "name", "type", and "attributes" fields).' + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + responses: + '200': + description: Indicates the transform was successfully updated and returns its new representation. + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + id: 2cd78adghjkja34jh2b1hkjhasuecd + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:manage' + delete: + tags: + - Transforms + summary: Delete a transform + description: |- + Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform. + A token with transform delete authority is required to call this API. + operationId: deleteTransform + parameters: + - name: id + in: path + description: ID of the transform to delete + required: true + style: simple + explode: false + schema: + type: string + example: 2cd78adghjkja34jh2b1hkjhasuecd + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transform:manage' + /work-items: + get: + operationId: listWorkItems + tags: + - Work Items + summary: List Work Items + description: 'This gets a collection of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items/completed: + get: + operationId: getCompletedWorkItems + tags: + - Work Items + summary: Completed Work Items + description: 'This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: 'The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.' + required: false + example: 1211bcaa32112bcef6122adb21cef1ac + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of completed work items. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items/count: + get: + operationId: getCountWorkItems + tags: + - Work Items + summary: Count Work Items + description: 'This gets a count of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items/completed/count: + get: + operationId: getCountCompletedWorkItems + tags: + - Work Items + summary: Count Completed Work Items + description: 'This gets a count of completed work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items/summary: + get: + operationId: getWorkItemsSummary + tags: + - Work Items + summary: Work Items Summary + description: 'This gets a summary of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: object + properties: + open: + type: integer + description: The count of open work items + example: 29 + completed: + type: integer + description: The count of completed work items + example: 1 + total: + type: integer + description: The count of total work items + example: 30 + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}': + get: + operationId: getWorkItem + tags: + - Work Items + summary: Get a Work Item + description: 'This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: ID of the work item. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: The work item with the given ID. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: completeWorkItem + tags: + - Work Items + summary: Complete a Work Item + description: 'This API completes a work item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A WorkItems object + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}/approve/{approvalItemId}': + post: + operationId: approveApprovalItem + tags: + - Work Items + summary: Approve an Approval Item + description: 'This API approves an Approval Item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: approvalItemId + schema: + type: string + required: true + description: The ID of the approval item. + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}/reject/{approvalItemId}': + post: + operationId: rejectApprovalItem + tags: + - Work Items + summary: Reject an Approval Item + description: 'This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: approvalItemId + schema: + type: string + required: true + description: The ID of the approval item. + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/bulk-approve/{id}': + post: + operationId: approveApprovalItemsInBulk + tags: + - Work Items + summary: Bulk approve Approval Items + description: 'This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/bulk-reject/{id}': + post: + operationId: rejectApprovalItemsInBulk + tags: + - Work Items + summary: Bulk reject Approval Items + description: 'This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}/submit-account-selection': + post: + operationId: submitAccountSelection + tags: + - Work Items + summary: Submit Account Selections + description: 'This API submits account selections. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: true + example: + fieldName: fieldValue + description: 'Account Selection Data map, keyed on fieldName' + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. +security: + - oauth2: [] +components: + securitySchemes: + oauth2: + type: oauth2 + description: | + OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information. + - Directions for generating a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) + - Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) + - Directions for using [authorization code flow](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) + + Which authentication method should I choose? See our [guide](https://developer.sailpoint.com/idn/api/authentication#which-oauth-20-grant-flow-should-i-use) + + Learn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/idn/api/authentication#find-your-tenants-oauth-details) + flows: + clientCredentials: + tokenUrl: 'https://tenant.api.identitynow.com/oauth/token' + scopes: + 'sp:scopes:default': default scope + 'sp:scopes:all': access to all scopes + authorizationCode: + authorizationUrl: 'https://tenant.identitynow.com/oauth/authorize' + tokenUrl: 'https://tenant.api.identitynow.com/oauth/token' + scopes: + 'sp:scopes:default': default scope + 'sp:scopes:all': access to all scopes + schemas: + AccessRequest: + type: object + properties: + requestedFor: + description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.' + type: array + items: + type: string + example: 2c918084660f45d6016617daa9210584 + requestType: + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. + example: GRANT_ACCESS + requestedItems: + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of the item being requested. + example: ACCESS_PROFILE + id: + type: string + description: 'ID of Role, Access Profile or Entitlement being requested.' + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: | + Comment provided by requester. + * Comment is required when the request is of type Revoke Access. + example: Requesting access profile for John Doe + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. + removeDate: + type: string + description: | + The date the role or access profile is no longer assigned to the specified identity. + * Specify a date in the future. + * The current SLA for the deprovisioning is 24 hours. + * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. + * Currently it is not supported for entitlements. + * If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements. + format: date-time + example: '2020-07-11T21:23:15.000Z' + required: + - id + - type + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. + required: + - requestedFor + - requestedItems + AccessRequestItem: + type: object + properties: + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of the item being requested. + example: ACCESS_PROFILE + id: + type: string + description: 'ID of Role, Access Profile or Entitlement being requested.' + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: | + Comment provided by requester. + * Comment is required when the request is of type Revoke Access. + example: Requesting access profile for John Doe + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. + removeDate: + type: string + description: | + The date the role or access profile is no longer assigned to the specified identity. + * Specify a date in the future. + * The current SLA for the deprovisioning is 24 hours. + * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. + * Currently it is not supported for entitlements. + * If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements. + format: date-time + example: '2020-07-11T21:23:15.000Z' + required: + - id + - type + AccessProfileDocument: + description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + AccessProfileSummary: + description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + AccessReviewReassignment: + type: object + properties: + reassign: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of item or identity being reassigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of item or identity being reassigned. + enum: + - TARGET_SUMMARY + - ITEM + - IDENTITY_SUMMARY + example: ITEM + required: + - id + - type + reassignTo: + type: string + description: The ID of the identity to which the certification is reassigned + example: ef38f94347e94562b5bb8424a56397d8 + reason: + type: string + description: The reason comment for why the reassign was made + example: reassigned for some reason + required: + - reassign + - reassignTo + - reason + Account: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - sourceId + - sourceName + - attributes + - authoritative + - disabled + - locked + - nativeIdentity + - systemAccount + - uncorrelated + - manuallyCorrelated + - hasEntitlements + properties: + sourceId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The unique ID of the source this account belongs to + sourceName: + type: string + example: Employees + description: The display name of the source this account belongs to + identityId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + description: The unique ID of the identity this account is correlated to + attributes: + type: object + additionalProperties: true + description: The account attributes that are aggregated + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + authoritative: + type: boolean + description: Indicates if this account is from an authoritative source + example: false + description: + type: string + description: A description of the account + nullable: true + example: null + disabled: + type: boolean + description: Indicates if the account is currently disabled + example: false + locked: + type: boolean + description: Indicates if the account is currently locked + example: false + nativeIdentity: + type: string + description: The unique ID of the account generated by the source system + example: '552775' + systemAccount: + type: boolean + example: false + description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.' + uncorrelated: + type: boolean + description: Indicates if this account is not correlated to an identity + example: false + uuid: + type: string + description: The unique ID of the account as determined by the account schema + example: slpt.support + nullable: true + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + hasEntitlements: + type: boolean + description: Indicates if the account has entitlements + example: true + AccountActivity: + type: object + properties: + id: + type: string + description: Id of the account activity + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: The name of the activity + example: 2c9180835d2e5168015d32f890ca1581 + created: + description: When the activity was first created + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + description: When the activity was last modified + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + nullable: true + completed: + description: When the activity was completed + type: string + format: date-time + nullable: true + example: '2018-10-19T13:49:37.385Z' + completionStatus: + nullable: true + type: string + description: The status after completion. + enum: + - SUCCESS + - FAILURE + - INCOMPLETE + - PENDING + example: SUCCESS + type: + nullable: true + type: string + example: appRequest + description: | + The type of action the activity performed. Please see the following list of types. This list may grow over time. + + - CloudAutomated + - IdentityAttributeUpdate + - appRequest + - LifecycleStateChange + - AccountStateUpdate + - AccountAttributeUpdate + - CloudPasswordRequest + - Attribute Synchronization Refresh + - Certification + - Identity Refresh + - Lifecycle Change Refresh + + + [Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data). + requesterIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + targetIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + errors: + nullable: true + description: 'A list of error messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' + warnings: + nullable: true + description: 'A list of warning messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'Some warning, another warning' + items: + type: array + description: Individual actions performed as part of this account activity + items: + type: object + properties: + id: + type: string + description: Item id + example: 48c545831b264409a81befcabb0e3c5a + name: + type: string + description: Human-readable display name of item + example: 48c545831b264409a81befcabb0e3c5a + requested: + type: string + format: date-time + description: Date and time item was requested + example: '2017-07-11T18:45:37.098Z' + approvalStatus: + nullable: true + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + provisioningStatus: + type: string + enum: + - PENDING + - FINISHED + - UNVERIFIABLE + - COMMITED + - FAILED + - RETRY + description: Provisioning state of an account activity item + example: PENDING + requesterComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + reviewerIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + reviewerComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + operation: + nullable: true + type: string + enum: + - ADD + - CREATE + - MODIFY + - DELETE + - DISABLE + - ENABLE + - UNLOCK + - LOCK + - REMOVE + description: Represents an operation in an account activity item + example: ADD + attribute: + type: string + description: Attribute to which account activity applies + nullable: true + example: detectedRoles + value: + type: string + description: Value of attribute + nullable: true + example: 'Treasury Analyst [AccessProfile-1529010191212]' + nativeIdentity: + nullable: true + type: string + description: Native identity in the target system to which the account activity applies + example: Sandie.Camero + sourceId: + type: string + description: Id of Source to which account activity applies + example: 2c91808363ef85290164000587130c0c + accountRequestInfo: + type: object + nullable: true + properties: + requestedObjectId: + type: string + description: Id of requested object + example: 2c91808563ef85690164001c31140c0c + requestedObjectName: + type: string + description: Human-readable name of requested object + example: Treasury Analyst + requestedObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + description: 'If an account activity item is associated with an access request, captures details of that request.' + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item' + example: + customKey1: custom value 1 + customKey2: custom value 2 + removeDate: + nullable: true + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + executionStatus: + type: string + description: The current state of execution. + enum: + - EXECUTING + - VERIFYING + - TERMINATED + - COMPLETED + example: COMPLETED + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + customKey1: custom value 1 + customKey2: custom value 2 + AccountActivitySearchedItem: + description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + AccountAttributes: + type: object + required: + - attributes + properties: + attributes: + description: The schema attribute values for the account + type: object + additionalProperties: true + example: + city: Austin + displayName: John Doe + userName: jdoe + sAMAccountName: jDoe + mail: john.doe@sailpoint.com + AccountDocument: + description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + AccountsAsyncResult: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + AccountToggleRequest: + description: Request used for account enable/disable + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.' + type: boolean + example: false + AccountUnlockRequest: + description: Request used for account unlock + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + unlockIDNAccount: + description: 'If set, the IDN account is unlocked after the workflow completes.' + type: boolean + example: false + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.' + type: boolean + example: false + Aggregation: + description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + ApprovalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + Campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + Certification: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + CertificationReference: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + EntitlementDocument: + description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + EntitlementSummary: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + Event: + description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + IdentityDocument: + description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + IdentityProfile: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + default: false + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + default: false + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + default: false + example: true + IdentityReferenceWithNameAndEmail: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + ProvisioningConfig: + type: object + description: Specification of a Service Desk integration provisioning configuration. + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + ProvisioningPolicy: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + QueuedCheckConfigDetails: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: '30' + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: '2' + Reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + ReassignmentReference: + type: object + properties: + id: + type: string + description: The ID of item or identity being reassigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of item or identity being reassigned. + enum: + - TARGET_SUMMARY + - ITEM + - IDENTITY_SUMMARY + example: ITEM + required: + - id + - type + RemediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + RequestableObject: + type: object + properties: + id: + type: string + description: Id of the requestable object itself + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Human-readable display name of the requestable object + example: Applied Research Access + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: The time when the requestable object was created + modified: + nullable: true + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: The time when the requestable object was last modified + description: + type: string + description: Description of the requestable object. + example: 'Access to research information, lab results, and schematics.' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + requestStatus: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + identityRequestId: + type: string + description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.' + nullable: true + example: null + ownerRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + requestCommentsRequired: + type: boolean + description: Whether the requester must provide comments when requesting the object. + example: false + RequestableObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + RequestableObjectRequestStatus: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + Reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + RoleDocument: + description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + RoleSummary: + description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + SearchDocument: + discriminator: + propertyName: _type + mapping: + accessprofile: ../model/access/profile/AccessProfileDocument.yaml + accountactivity: ../model/account/activity/AccountActivityDocument.yaml + account: ../model/account/AccountDocument.yaml + aggregation: ../model/aggregation/AggregationDocument.yaml + entitlement: ../model/entitlement/EntitlementDocument.yaml + event: ../model/event/EventDocument.yaml + identity: ../model/identity/IdentityDocument.yaml + role: ../model/role/RoleDocument.yaml + oneOf: + - description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + - description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + - description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + - description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + SavedSearch: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + Schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + ScheduledSearch: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + ServiceDeskIntegrationDto: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the identity that is the owner of this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the identity + example: MyName + clusterRef: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to the source cluster for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - CLUSTER + example: CLUSTER + id: + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + description: Reference to beforeProvisioningRule for this Service Desk integration + properties: + type: + description: The type of object being referenced + enum: + - RULE + example: RULE + id: + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + description: Human-readable display name of the rule + example: Example Rule + ServiceDeskIntegrationTemplateDto: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.' + required: + - type + - attributes + - provisioningConfig + properties: + type: + description: The 'type' property specifies the type of the Service Desk integration template. + type: string + example: Web Service SDIM + default: Web Service SDIM + attributes: + description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template. + type: object + additionalProperties: true + example: + property: value + key: value + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + properties: + type: + description: The type of object being referenced + enum: + - SOURCE + example: SOURCE + id: + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + noProvisioningRequests: + description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. + type: boolean + example: true + provisioningRequestExpiration: + description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.' + type: integer + format: int32 + example: 7 + ServiceDeskIntegrationTemplateType: + description: This represents a Service Desk Integration template type. + required: + - type + - scriptName + type: object + properties: + name: + description: This is the name of the type. + example: aName + type: string + type: + description: This is the type value for the type. + example: aType + type: string + scriptName: + description: This is the scriptName attribute value for the type. + example: aScriptName + type: string + Source: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + SourceHealthDto: + type: object + description: Dto for source health data + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' + example: OpenLDAP - Direct + name: + type: string + description: the name of the source + example: Source1234 + org: + type: string + description: source's org + example: denali-cjh + isAuthoritative: + type: boolean + example: false + description: Is the source authoritative + isCluster: + type: boolean + example: false + description: Is the source in a cluster + hostname: + type: string + example: megapod-useast1-secret-hostname.sailpoint.com + description: source's hostname + pod: + type: string + description: source's pod + example: megapod-useast1 + iqServiceVersion: + type: string + description: The version of the iqService + example: iqVersion123 + status: + type: string + enum: + - SOURCE_STATE_ERROR_CLUSTER + - SOURCE_STATE_ERROR_SOURCE + - SOURCE_STATE_ERROR_VA + - SOURCE_STATE_FAILURE_CLUSTER + - SOURCE_STATE_FAILURE_SOURCE + - SOURCE_STATE_HEALTHY + - SOURCE_STATE_UNCHECKED_CLUSTER + - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES + - SOURCE_STATE_UNCHECKED_SOURCE + - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS + description: connection test result + example: SOURCE_STATE_UNCHECKED_SOURCE + Transform: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + WorkItems: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + WorkItemsCount: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + WorkItemsSummary: + type: object + properties: + open: + type: integer + description: The count of open work items + example: 29 + completed: + type: integer + description: The count of completed work items + example: 1 + total: + type: integer + description: The count of total work items + example: 30 diff --git a/src/lib/authentication.ts b/src/lib/authentication.ts index 47c575a..a3eb0ca 100644 --- a/src/lib/authentication.ts +++ b/src/lib/authentication.ts @@ -1,77 +1,136 @@ -import axios from 'axios'; -import { idnSession } from './settings'; +import { + hostingData, + idnSession, + noHostingData, + noSession, + noTenantData, + tenantData +} from './settings'; import { get } from 'svelte/store'; +// Gets currently active tab from Chrome via Extension API export async function getActiveTabURL() { const tabs = await chrome.tabs.query({ active: true, currentWindow: true }); - if (tabs.length === 0) { - console.debug('No Tabs returned, Returning'); - return null; + if (tabs.length < 1) { + throw new Error('No tabs returned'); } const activeTab = tabs[0]; if (!activeTab || !activeTab.url) { - console.debug('No ActiveTab, Returning'); - return null; + throw new Error('No active tab'); } return new URL(activeTab.url); } -export async function checkAuth() { - console.debug('Getting Session - ' + new Date().toLocaleTimeString()); +// retrieve the hosting data for the tenant from the API +export async function getHostingData(session: IdnSession) { + console.debug('Retrieving Hosting Data'); + const resp = await fetch(`${session.baseUrl}/beta/tenant-data/hosting-data`, { + method: 'GET', + headers: { + Authorization: `Bearer ${session.accessToken}` + } + }); + + if (resp.status === 401) return noHostingData; + + const hostingData = (await resp.json()) satisfies HostingData; + console.debug(hostingData); + + return hostingData; +} + +// retrieve the tenant data for the tenant from the API +export async function getTenantData(session: IdnSession) { + console.debug('Retrieving Tenant Data'); + const resp = await fetch(`${session.baseUrl}/cc/api/user/get`, { + method: 'GET', + headers: { + Authorization: `Bearer ${session.accessToken}` + } + }); + + if (resp.status === 401) return noTenantData; + + const tenantData = (await resp.json()) satisfies TenantData; + console.debug(tenantData); + + return tenantData; +} + +// Check for a current session +export async function checkSession() { + console.debug('Checking Session - ' + new Date().toLocaleTimeString()); let session; - let tabUrl; - try { - tabUrl = await getActiveTabURL(); - if (!tabUrl) { - throw new Error('No Active Tab'); - } - session = await axios.get(tabUrl.origin + '/ui/session'); - console.debug('Current page is a valid IDN Tenant'); - } catch (error) { - const tenant = get(idnSession).tenant; - if (tenant) { - tabUrl = new URL(tenant); - session = await axios.get(tenant + '/ui/session'); - console.debug('Using cached session'); - } else { - console.debug('No Session, and Current Tab is not an IDN Tenant'); - return; - } - } + if (window.chrome && chrome.runtime && chrome.runtime.id) { + let tabUrl; - console.debug('Setting timeout for ' + session.data.refreshIn + ' milliseconds'); - setTimeout(() => checkAuth(), session.data.refreshIn); - - const sessionData = { - ...session.data, - expiration: new Date(Date.now() + session.data.refreshIn) - }; - - try { - const hostingData = await axios.get(`${session.data.baseUrl}/beta/tenant-data/hosting-data`, { - method: 'GET', - headers: { - Authorization: `Bearer ${session.data.accessToken}` + try { + tabUrl = await getActiveTabURL(); + session = await (await fetch(tabUrl.origin + '/ui/session')).json(); + console.debug('Current page is a valid IDN Tenant'); + } catch (error) { + const tenant = get(idnSession).tenant; + if (tenant) { + tabUrl = new URL(tenant); + const sessionResp = await fetch(tenant + '/ui/session').catch((err: Error) => + console.debug(err) + ); + if (!sessionResp) return; + session = await sessionResp.json().catch((err: Error) => console.debug(err)); + console.debug('Using cached session'); + } else { + console.debug('No Session, and Current Tab is not an IDN Tenant'); + session = noSession; } - }); + } + console.debug('Checking Session again in ' + session.refreshIn + ' milliseconds'); + setTimeout(() => checkSession(), session.refreshIn); + } else { + console.debug('Using Dev Session'); + const tenant = import.meta.env.VITE_TENANT; - sessionData.tenant = tabUrl.origin; - sessionData.org = hostingData.data.org; - sessionData.pod = hostingData.data.pod; - sessionData.layer = hostingData.data.layer; - sessionData.region = hostingData.data.region; + const accessTokenResp = await fetch( + `https://${tenant}.api.identitynow.com/oauth/token?grant_type=client_credentials&client_id=${ + import.meta.env.VITE_CLIENT_ID + }&client_secret=${import.meta.env.VITE_CLIENT_SECRET}`, + { method: 'POST' } + ); - idnSession.set(sessionData); - } catch (error) { - console.error('Error fetching hosting data:', error); + const accessTokenData = await accessTokenResp.json(); + console.debug(accessTokenData); + + session = { + authType: 'OAuth2.0', + baseUrl: `https://${tenant}.api.identitynow.com`, + logoutUrl: `https://${tenant}.identitynow.com/logout`, + accessToken: accessTokenData.access_token, + refreshIn: accessTokenData.expires_in, + pollUrl: `https://${tenant}.identitynow.com/ui/session`, + strongAuth: accessTokenData.strong_auth, + strongAuthUrl: `https://${tenant}.identitynow.com/api/user/strongAuthn`, + csrfToken: '' + }; + console.debug('Checking Session again in ' + session.refreshIn + ' milliseconds'); + setTimeout(() => checkSession(), session.refreshIn); } + + console.debug('Session Data'); + console.debug(session); + + hostingData.set(await getHostingData(session)); + tenantData.set(await getTenantData(session)); + idnSession.set({ + ...session, + expiration: new Date(Date.now() + session.refreshIn), + tenant: new URL(session.pollUrl).origin + }); } diff --git a/src/lib/settings.ts b/src/lib/settings.ts index 4473e23..694709a 100644 --- a/src/lib/settings.ts +++ b/src/lib/settings.ts @@ -1,6 +1,137 @@ import { localStorageStore } from '@skeletonlabs/skeleton'; -import type { Writable } from 'svelte/store'; +import { writable, type Writable } from 'svelte/store'; -export const idnSession: Writable = localStorageStore('tenantData', { - tenant: 'https://whatever.com' -}); +export const noSession: IdnSession = { + tenant: '', + authType: '', + baseUrl: '', + logoutUrl: '', + accessToken: '', + refreshIn: 30000, + pollUrl: '', + strongAuth: false, + strongAuthUrl: '', + csrfToken: '', + expiration: new Date() +}; + +export const noHostingData: HostingData = { + org: 'No Data', + pod: 'No Data', + publicPod: 'No Data', + layer: 'No Data', + region: 'No Data' +}; + +export const noTenantData: TenantData = { + id: '', + alias: '', + uid: '', + name: '', + displayName: '', + uuid: '', + encryptionKey: null, + encryptionCheck: null, + status: '', + pending: false, + passwordResetSinceLastLogin: false, + usageCertAttested: null, + userFlags: {}, + enabled: false, + altAuthVia: '', + altAuthViaIntegrationData: null, + kbaAnswers: 0, + disablePasswordReset: false, + ptaSourceId: null, + supportsPasswordPush: false, + attributes: { + lastLoginTimestamp: 0, + uid: '', + firstname: '', + cloudAuthoritativeSource: '', + cloudStatus: '', + displayName: '', + internalCloudStatus: '', + lastSyncDate: '', + workPhone: '', + email: '', + lastname: '' + }, + externalId: '', + role: [], + phone: null, + email: '', + personalEmail: null, + employeeNumber: null, + riskScore: 0, + featureFlags: {}, + feature: [], + orgEncryptionKey: '', + orgEncryptionKeyId: '', + meta: {}, + org: { + name: '', + scriptName: '', + mode: '', + numQuestions: 9, + status: '', + maxRegisteredUsers: 0, + pod: '', + pwdResetPersonalPhone: false, + pwdResetPersonalEmail: false, + pwdResetKba: false, + pwdResetEmail: false, + pwdResetDuo: false, + pwdResetPhoneMask: false, + authErrorText: null, + strongAuthKba: false, + strongAuthPersonalPhone: false, + strongAuthPersonalEmail: false, + integrations: [], + productName: '', + kbaReqForAuthn: 0, + kbaReqAnswers: 0, + lockoutAttemptThreshold: 0, + lockoutTimeMinutes: 0, + usageCertRequired: false, + adminStrongAuthRequired: false, + enableExternalPasswordChange: false, + enablePasswordReplay: false, + enableAutomaticPasswordReplay: false, + notifyAuthenticationSettingChange: false, + netmasks: null, + countryCodes: null, + whiteList: false, + usernameEmptyText: null, + usernameLabel: null, + enableAutomationGeneration: false, + emailTestMode: false, + emailTestAddress: '', + orgType: '', + passwordReplayState: '', + systemNotificationConfig: '', + maxClusterDebugHours: '', + brandName: '', + logo: null, + emailFromAddress: '', + standardLogoUrl: null, + narrowLogoUrl: null, + actionButtonColor: '', + activeLinkColor: '', + navigationColor: '' + }, + stepUpAuth: false, + bxInstallPrompted: false, + federatedLogin: false, + auth: { + service: '', + encryption: '' + }, + onNetwork: false, + onTrustedGeo: false, + loginUrl: '' +}; + +export const idnSession: Writable = localStorageStore('tenantData', noSession); +export const hostingData: Writable = writable(noHostingData); +export const tenantData: Writable = writable(noTenantData); diff --git a/src/lib/utilities.ts b/src/lib/utilities.ts new file mode 100644 index 0000000..4593cf5 --- /dev/null +++ b/src/lib/utilities.ts @@ -0,0 +1 @@ +export const labelSort = (a: any, b: any) => a.label.localeCompare(b.label); diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte index b4d857a..3a52c2d 100644 --- a/src/routes/+layout.svelte +++ b/src/routes/+layout.svelte @@ -7,17 +7,22 @@ import '../app.postcss'; import { AppBar, AppShell, storeHighlightJs } from '@skeletonlabs/skeleton'; - - import { checkAuth } from '$lib/authentication'; + import { checkSession } from '$lib/authentication'; import { idnSession } from '$lib/settings'; + import { arrow, autoUpdate, computePosition, flip, offset, shift } from '@floating-ui/dom'; + import { storePopup } from '@skeletonlabs/skeleton'; import dayjs from 'dayjs'; import hljs from 'highlight.js'; import 'highlight.js/styles/github-dark.css'; import { onMount } from 'svelte'; + import TenantLinks from '$lib/Components/TenantLinks.svelte'; + import { page } from '$app/stores'; + import Resources from '$lib/Components/Resources.svelte'; + storePopup.set({ computePosition, autoUpdate, offset, shift, flip, arrow }); storeHighlightJs.set(hljs); - onMount(async () => checkAuth()); + onMount(async () => checkSession()); let now = dayjs(); let minutesUntil = dayjs($idnSession?.expiration).diff(now, 'minutes'); @@ -35,10 +40,17 @@
- Tenant - Session + Tenant + + API Client + + Session
+
+ + +
{#if minutesUntil < 0 || secondsUntil < 0} @@ -53,7 +65,7 @@ Strong Auth: {#if $idnSession.strongAuth === true} True {:else} - True + False {/if}

diff --git a/src/routes/+page.svelte b/src/routes/+page.svelte index ccf56de..ad1444f 100644 --- a/src/routes/+page.svelte +++ b/src/routes/+page.svelte @@ -1,22 +1,29 @@ -

-
-

Tenant Info

-

Tenant: {$idnSession.org}

-

Region: {$idnSession.region}

-

Pod: {$idnSession.pod}

-
-
-

Quick Links

- - Tenant Dashboard - +
+ +
+
+ +
+ +
+ + +
+
+ + +
diff --git a/src/routes/api-client/+page.svelte b/src/routes/api-client/+page.svelte new file mode 100644 index 0000000..9e5b529 --- /dev/null +++ b/src/routes/api-client/+page.svelte @@ -0,0 +1,69 @@ + + +
+
+ + +
+
+ + + +
+ + Request + Response + + {#if tabSet === 0} +
+ +
+ {:else if tabSet === 1} +
+ +
+ {/if} +
diff --git a/src/routes/api-client/BetaSpec.json b/src/routes/api-client/BetaSpec.json new file mode 100644 index 0000000..7ff39ce --- /dev/null +++ b/src/routes/api-client/BetaSpec.json @@ -0,0 +1,217521 @@ +{ + "openapi": "3.0.1", + "info": { + "title": "IdentityNow Beta API", + "description": "Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. These APIs are in beta and are subject to change. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.", + "termsOfService": "https://developer.sailpoint.com/discuss/tos", + "contact": { + "name": "Developer Relations", + "url": "https://developer.sailpoint.com/discuss/api-help" + }, + "license": { + "name": "MIT", + "url": "https://opensource.org/licenses/MIT" + }, + "version": "3.1.0-beta" + }, + "servers": [ + { + "url": "https://{tenant}.api.identitynow.com/beta", + "description": "This is the beta API server.", + "variables": { + "tenant": { + "default": "sailpoint", + "description": "This is the name of your tenant, typically your company's name." + } + } + } + ], + "tags": [ + { + "name": "Access Profiles", + "description": "Use this API to implement and customize access profile functionality. \nWith this functionality in place, administrators can create access profiles and configure them for use throughout IdentityNow, enabling users to get the access they need quickly and securely.\n\nAccess profiles group entitlements, which represent access rights on sources. \n\nFor example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.\n\nAn administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.\n\nWhen users only need Active Directory employee access, they can request access to the 'Employees' entitlement.\n\nWhen users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.\n\nAccess profiles are the most important units of access in IdentityNow. IdentityNow uses access profiles in many features, including the following:\n\n- Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles.\n\n- Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements. \n\n- Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile.\n\n- Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role. \n\nIn IdentityNow, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones. \nAdministrators can enable and disable an access profile, and they can also make the following configurations: \n\n- Manage Entitlements: Manage the profile's access by adding and removing entitlements. \n\n- Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked. \nDo not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile.\n\n- Multiple Account Options: Define the logic IdentityNow uses to provision access to an identity with multiple accounts on the source. \n\nRefer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles. \n" + }, + { + "name": "Access Request Approvals", + "description": "Use this API to implement and customize access request approval functionality. \nWith this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles. \nThis enables more qualified users to review access requests and the others to spend their time on other tasks. \n\nIn IdentityNow, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked. \nFor applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked. \nFor roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked. \nIf the administrator designates a governance group as the required approver, any governance group member can approve the requests.\n \nWhen a user submits an access request, IdentityNow sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration.\n\nIn Approvals in IdentityNow, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval. \nIf the required approver approves the request and is the only reviewer required, IdentityNow grants or revokes access, based on the request. \nIf multiple reviewers are required, IdentityNow sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration. \nThe required approver can then view any completed access requests under the Reviewed tab. \n\nRefer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals.\n" + }, + { + "name": "Access Requests", + "description": "Use this API to implement and customize access request functionality. \nWith this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked.\nThis allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools. \n\nIdentityNow's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them.\n\nIn the Request Center in IdentityNow, users can view available applications, roles, and entitlements and request access to them. \nIf the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them. \n\nUsers can use My Requests to track and/or cancel the requests.\n\nIn My Team on the IdentityNow Home, managers can submit requests to revoke their team members' access. \nThey can use the My Requests tab under Request Center to track and/or cancel the requests.\n\nRefer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests.\n" + }, + { + "name": "Account Activities", + "description": "Use this API to implement account activity tracking functionality.\nWith this functionality in place, users can track source account activity in IdentityNow, which greatly improves traceability in the system. \n\nAn account activity refers to a log of each action performed on a source account. This is useful for auditing the changes that occur on an account throughout its life. \nIn IdentityNow's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient. \n\nAccount activity includes most actions IdentityNow completes on source accounts. Users can search in IdentityNow for the following account action types: \n\n- Access Request: These include any access requests the source account is involved in. \n\n- Account Attribute Updates: These include updates to a single attribute on an account on a source. \n\n- Account State Update: These include locking or unlocking actions on an account on a source. \n\n- Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification.\n\n- Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state. \nIdentityNow replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to. \n\n- Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action. \nWhen you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays.\nAccount Activity does not include attribute updates that occur as a result of aggregation.\n\n- Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates. \nThese also include refreshes that occur whenever IdentityNow assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source. \n\n- Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change. \n\n- Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state.\n\n- Password Change: These include password changes on sources.\n\nRefer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities.\n" + }, + { + "name": "Account Aggregations", + "description": "Use this API to implement account aggregation progress tracking functionality. \nWith this functionality in place, administrators can view in-progress account aggregations, their statuses, and their relevant details. \n\nAn account aggregation refers to the process IdentityNow uses to gather and load account data from a source into IdentityNow.\n\nWhenever IdentityNow is in the process of aggregating a source, it adds an entry to the Aggregation Activity Log, along with its relevant details. \nTo view aggregation activity, administrators can select the Connections drop-down menu, select Sources, and select the relevant source, select its Import Data tab, and select Account Aggregation. \nIn Account Aggregation, administrators can view the account aggregations' statuses and details in the Account Activity Log.\n\nRefer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about account aggregations.\n" + }, + { + "name": "Accounts", + "description": "Use this API to implement and customize account functionality.\nWith this functionality in place, administrators can manage users' access across sources in IdentityNow. \n\nIn IdentityNow, an account refers to a user's account on a supported source.\nThis typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. IdentityNow loads accounts through the creation of sources in IdentityNow.\n\nAdministrators can correlate users' identities with the users' accounts on the different sources they use. \nThis allows IdentityNow to govern the access of identities and all their correlated accounts securely and cohesively. \n\nTo view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab. \n\nTo view and edit source account statuses for an identity in IdentityNow, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. \nAdministrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity. \n\nAccounts can have the following statuses: \n\n- Enabled: The account is enabled. The user can access it.\n\n- Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in IdentityNow. This can occur when an administrator disables the account or when the user's lifecycle state changes. \n\n- Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.\n\n- Pending: The account is currently updating. This status typically lasts seconds. \n\nAdministrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.\n\nRefer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts.\n" + }, + { + "name": "Certification Campaigns", + "description": "Use this API to implement certification campaign functionality.\nWith this functionality in place, administrators can create, customize, and manage certification campaigns for their organizations' use. \nCertification campaigns provide IdentityNow (IDN) users with an interactive review process they can use to identify and verify access to systems. \nCampaigns help organizations reduce risk of inappropriate access and satisfy audit requirements. \n\nA certification refers to IDN's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. \nThese certifications serve as a way of showing that a user's access has been reviewed and approved. \nMultiple certifications by different reviewers are often required to approve a user's access. \nA set of multiple certifications is called a certification campaign. \n\nFor example, an organization may use a Manager Certification campaign as a way of showing that a user's access has been reviewed and approved by multiple managers. \nOnce this campaign has been completed, IDN would provision all the access the user needs, nothing more. \n\nIDN provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns:\n\nYou can create these types of campaigns without using any search queries in IDN: \n\n- ManagerCampaign: IDN provides this campaign type as a way to ensure that an identity's access is certified by their managers. \nYou only need to provide a name and description to create one. \n\n- Source Owner Campaign: IDN provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners. \nYou only need to provide a name and description to create one. \nYou can specify the sources whose owners you want involved or just run it across all sources. \n\nFor more information about these campaign types, refer to [Starting a Manager or Source Owner Campaign](https://documentation.sailpoint.com/saas/help/certs/starting_campaign.html).\n\nOne useful way to create certification campaigns in IDN is to use a specific search and then run a campaign on the results returned by that search. \nThis allows you to be much more specific about whom you are certifying in your campaigns and what access you are certifying in your campaigns. \nFor example, you can search for all identities who are managed by \"Amanda.Ross\" and also have the access to the \"Accounting\" role and then run a certification campaign based on that search to ensure that the returned identities are appropriately certified. \n\nYou can use IDN search queries to create these types of campaigns: \n\n- Identities: Use this campaign type to review and revoke access items for specific identities. \nYou can either build a search query and create a campaign certifying all identities returned by that query, or you can search for individual identities and add those identities to the certification campaign. \n\n- Access Items: Use this campaign type to review and revoke a set of roles, access profiles, or entitlements from the identities that have them. \nYou can either build a search query and create a campaign certifying all access items returned by that query, or you can search for individual access items and add those items to the certification campaign. \n\n- Role Composition: Use this campaign type to review a role's composition, including its title, description, and membership criteria. \nYou can either build a search query and create a campaign certifying all roles returned by that query, or you can search for individual roles and add those roles to the certification campaign. \n\n- Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in IDN. \nYou can use this campaign type to view all the uncorrelated accounts for a source and certify them. \n\nFor more information about search-based campaigns, refer to [Starting a Campaign from Search](https://documentation.sailpoint.com/saas/help/certs/starting_search_campaign.html).\n\nOnce you have generated your campaign, it becomes available for preview. \nAn administrator can review the campaign and make changes, or if it's ready and accurate, activate it. \n\nOnce the campaign is active, organization administrators or certification administrators can designate other IDN users as certification reviewers. \nThose reviewers can view any of the certifications they either need to review (active) or have already reviewed (completed).\n\nWhen a certification campaign is in progress, certification reviewers see the listed active certifications whose involved identities they can review. \nReviewers can then make decisions to grant or revoke access, as well as reassign the ceritifcation to another reviewer. If the reviewer chooses this option, they must provide a reason for reassignment in the form of a comment.\n\nOnce a reviewer has made decisions on all the certification's involved access items, he or she must \"Sign Off\" to complete the review process.\nDoing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. \n\nOnce all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. \nIn the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation.\nIn this situation, the certification campaign completes once all the remediation requests are completed. \n\nThe end of a certification campaign is determined by its deadline, its completion status, or by an administrator's decision. \n\nFor more information about certifications and certification campaigns, refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html).\n" + }, + { + "name": "Certifications", + "description": "Use this API to implement certification functionality.\nThis API provides specific functionality that improves an organization's ability to manage its certification process. \n\nA certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. \nThese certifications serve as a way of showing that a user's access has been reviewed and approved. \nMultiple certifications by different reviewers are often required to approve a user's access. \nA set of multiple certifications is called a certification campaign. \n\nFor example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. \nOnce this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. \n\nThis API enables administrators and reviewers to get useful information about certifications at a high level, such as the reviewers involved, and at a more granular level, such as the permissions affected by changes to entitlements within those certifications. \nIt also provides the useful ability to reassign identities and items within certifications to other reviewers, rather than [reassigning the entire certifications themselves](https://developer.sailpoint.com/idn/api/beta/reassign-identity-certs-async). \n" + }, + { + "name": "Connector Rule Management" + }, + { + "name": "Connectors", + "description": "Use this API to implement connector functionality. \nWith this functionality in place, administrators can view available connectors.\n\nConnectors are the bridges IdentityNow uses to communicate with and aggregate data from sources. \nFor example, if it is necessary to set up a connection between IdentityNow and the Active Directory source, a connector can bridge the two and enable IdentityNow to synchronize data between the systems. \nThis ensures account entitlements and states are correct throughout the organization. \n\nIn IdentityNow, administrators can use the Connections drop-down menu and select Sources to view the available source connectors. \n\nRefer to [IdentityNow Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about the connectors available in IdentityNow. \n\nRefer to [SaaS Connectivity](https://developer.sailpoint.com/idn/docs/saas-connectivity) for more information about the SaaS custom connectors that do not need VAs (virtual appliances) to communicate with their sources. \n\nRefer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about using connectors in IdentityNow.\n" + }, + { + "name": "Custom Password Instructions", + "description": "Use this API to implement custom password instruction functionality.\nWith this functionality in place, administrators can create custom password instructions to help users reset their passwords, change them, unlock their accounts, or recover their usernames. \nThis allows administrators to emphasize password policies or provide organization-specific instructions.\n\nAdministrators must first use [Update Password Org Config](https://developer.sailpoint.com/idn/api/beta/update-password-org-config) to set `customInstructionsEnabled` to `true`. \n\nOnce they have enabled custom instructions, they can use [Create Custom Password Instructions](https://developer.sailpoint.com/idn/api/beta/create-custom-password-instructions) to create custom page content for the specific pageId they select. \n\nFor example, an administrator can use the pageId forget-username:user-email to set the custom text for the case when users forget their usernames and must enter their emails. \n\nRefer to [Creating Custom Instruction Text](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html#creating-custom-instruction-text) for more information about creating custom password instructions.\n" + }, + { + "name": "Entitlements", + "description": "Use this API to implement and customize entitlement functionality. \nWith this functionality in place, administrators can view entitlements and configure them for use throughout IdentityNow in certifications, access profiles, and roles. \nAdministrators in IdentityNow can then grant users access to the entitlements or configure them so users themselves can request access to the entitlements whenever they need them. \nWith a good approval process, this entitlement functionality allows users to gain the specific access they need on sources quickly and securely. \n\nEntitlements represent access rights on sources. \nEntitlements are the most granular form of access in IdentityNow. \nEntitlements are often grouped into access profiles, and access profiles themselves are often grouped into roles, the broadest form of access in IdentityNow. \n\nFor example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.\n\nAn administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.\n\nAn administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.\n\nWhen users only need Active Directory employee access, they can request access to the 'Employees' entitlement.\n\nWhen users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.\n\nWhen users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. \n\nAdministrators often use roles and access profiles within those roles to manage access so that users can gain access more quickly, but the hierarchy of access all starts with entitlements. \n\nAnywhere entitlements appear, you can select them to find more information about the following: \n\n- Cloud Access Details: These provide details about the cloud access entitlements on cloud-enabled sources. \n\n- Permissions: Permissions represent individual units of read/write/admin access to a system.\n\n- Relationships: These list each entitlement's parent and child relationships.\n\n- Type: This is the entitlement's type. Some sources support multiple types, each with a different attribute schema.\n\nIdentityNow uses entitlements in many features, including the following: \n\n- Certifications: Entitlements can be revoked from an identity that no longer needs them.\n\n- Roles: Roles can group access profiles which themselves group entitlements. You can grant and revoke access on a broad level with roles. Role membership criteria can grant roles to identities based on whether they have certain entitlements or attributes.\n\n- Access Profiles: Access profiles group entitlements.\nThey are the most important units of access in IdentityNow. \nIdentityNow uses them in provisioning, certifications, and access requests, and administrators can configure them to grant very broad or very granular access. \n\nYou cannot delete entitlements directly from IdentityNow. \nEntitlements are deleted based on their inclusion in aggregations. \n\nRefer to [Deleting Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html#deleting-entitlements) more information about deleting entitlements.\n\nRefer to [Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html) for more information about entitlements.\n" + }, + { + "name": "IAI Access Request Recommendations" + }, + { + "name": "IAI Common Access" + }, + { + "name": "IAI Outliers" + }, + { + "name": "IAI Peer Group Strategies" + }, + { + "name": "IAI Recommendations" + }, + { + "name": "IAI Role Mining" + }, + { + "name": "Identities", + "description": "Use this API to implement identity functionality. \nWith this functionality in place, administrators can synchronize an identity's attributes with its various source attributes. \n\nIdentityNow uses identities as users' authoritative accounts. Identities can own other accounts, entitlements, and attributes. \n\nAn identity has a variety of attributes, such as an account name, an email address, a job title, and more. \nThese identity attributes can be correlated with different attributes on different sources. \nFor example, the identity John.Smith can own an account in the GitHub source with the account name John-Smith-Org, and IdentityNow knows they are the same person with the same access and attributes. \n\nIn IdentityNow, administrators often set up these synchronizations to get triggered automatically with a change or to run on a schedule. \nTo manually synchronize attributes for an identity, administrators can use the Identities drop-down menu and select Identity List to view the list of identities.\nThey can then select the identity they want to manually synchronize and use the hamburger menu to select 'Synchronize Attributes.' \nDoing so immediately begins the attribute synchronization and analyzes all accounts for the selected identity.\n\nRefer to [Synchronizing Attributes](https://documentation.sailpoint.com/saas/help/provisioning/attr_sync.html) for more information about synchronizing attributes.\n" + }, + { + "name": "Identity History" + }, + { + "name": "Identity Profiles", + "description": "Use this API to implement and customize identity profile functionality. \nWith this functionality in place, administrators can manage identity profiles and configure them for use by identities throughout IdentityNow. \n\nIdentity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. \nThis allows administrators to save time by applying identity profiles to any number of similar identities rather than configuring each one individually.\n\nIn IdentityNow, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. \nThis list shows some details about each identity profile, along with its status. They can select an identity profile to view and modify its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. \nAdministrators can also use this page to create new identity profiles or delete existing ones. \n\nRefer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles.\n" + }, + { + "name": "Lifecycle States", + "description": "Use this API to implement and customize lifecycle state functionality.\nWith this functionality in place, administrators can view and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have.\n\nA lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with IdentityNow: 'Active' and 'Inactive.' \nWhen an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes. \nThe inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored. \nThis saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc. \n\nAdministrators must define the criteria for being in each lifecycle state, and they must define how IdentityNow manages users' access to apps and sources for each lifecycle state.\n\nIn IdentityNow, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to select the lifecycle state they want to modify. \n\nIn the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state: \n\n- Enable/disable the lifecycle state for the identity profile.\n\n- Enable/disable source accounts for the identity profile's lifecycle state.\n\n- Add existing access profiles to grant to the identity profiles in that lifecycle state.\n\n- Create a new access profile to grant to the identity profile in that lifecycle state.\n\nAccess profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state. \nTo maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. \nFor example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states.\n\nDuring scheduled refreshes, IdentityNow evaluates lifecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. \nIf the identities are missing access, IdentityNow provisions that access. \n\nAdministrators can also use the 'Provisioning' tab to configure email notifications for IdentityNow to send whenever an identity with that identity profile has a lifecycle state change. \nRefer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so.\n\nAn identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.' \nRefer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses. \n\nRefer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states.\n" + }, + { + "name": "Managed Clients", + "description": "Read and write operations for managing client data and statuses" + }, + { + "name": "Managed Clusters", + "description": "Operations for accessing and managing client Clusters, including Log Configuration" + }, + { + "name": "MFA Configuration", + "description": "Configure and test multifactor authentication (MFA) methods" + }, + { + "name": "Non-Employee Lifecycle Management", + "description": "Use this API to implement non-employee lifecycle management functionality. \nWith this functionality in place, administrators can create non-employee records and configure them for use in their organizations. \nThis allows organizations to provide secure access to non-employees and control that access. \n\nThe 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee. \nOrganizations can track non-employees' access and activity in IdentityNow by creating and maintaining non-employee sources. \nOrganizations can have a maximum of 50 non-employee sources. \n\nBy using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following:\n\n- SailPoint is not responsible for storing sensitive data. \nYou may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in IdentityNow.\n\n- You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts.\n\nTo manage non-employees in IdentityNow, administrators must create a non-employee source and add accounts to the source. \n\nTo create a non-employee source in IdentityNow, administrators must use the Admin panel to go to Connections > Sources.\nThey must then specify 'Non-Employee' in the 'Source Type' field. \nRefer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources.\n\nTo add accounts to a non-employee source in IdentityNow, administrators can select the non-employee source and add the accounts. \nThey can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to. \n\nAdministrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts. \nTo add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file. \nRefer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources.\n\nOnce administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities. \n\nRefer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management.\n" + }, + { + "name": "Notifications" + }, + { + "name": "OAuth Clients", + "description": "Use this API to implement OAuth client functionality. \nWith this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the IdentityNow REST API.\nRefer to [Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information about OAuth and how it works with the IdentityNow REST API. \n" + }, + { + "name": "Org Config", + "description": "Operations for managing org configuration settings (eg. time zone)" + }, + { + "name": "Password Configuration", + "description": "Use this API to implement organization password configuration functionality. \nWith this functionality in place, organization administrators can create organization-specific password configurations. \n\nThese configurations include details like custom password instructions, as well as digit token length and duration. \n\nRefer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality.\n" + }, + { + "name": "Password Dictionary", + "description": "Use this API to implement password dictionary functionality. \nWith this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords. \n\nA password dictionary is a list of words or characters that users are prevented from including in their passwords. \nThis can help protect users from themselves and force them to create passwords that are not easy to break. \n\nA password dictionary must meet the following requirements to for the API to handle them correctly: \n\n- It must be in .txt format.\n\n- All characters must be UTF-8 characters. \n\n- Each line must contain a single word or character with no spaces or whitespace characters.\n\n- It must contain at least one line other than the locale string.\n\n- Each line must not exceed 128 characters.\n\n- The file must not exceed 2500 lines. \n\nAdministrators should also consider the following when they create their dictionaries: \n\n- Lines starting with a # represent comments.\n\n- All words in the password dictionary are case-insensitive. \nFor example, adding the word \"password\" to the dictionary also disallows the following: PASSWORD, Password, and PassWord.\n\n- The dictionary uses substring matching. \nFor example, adding the word \"spring\" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring.\nUsers can then select 'Change Password' to update their passwords. \n\nAdministrators must do the following to create a password dictionary: \n\n- Create the text file that will contain the prohibited password values.\n\n- If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode`\n\nThe languageCode value refers to the language's 2-letter ISO 639-1 code.\nThe countryCode value refers to the country's 2-letter ISO 3166-1 code.\n\nRefer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes.\n\n- Upload the .txt file to IdentityNow with [Update Password Dictionary](https://developer.sailpoint.com/idn/api/beta/update-password-dictionary). Uploading a new file always overwrites the previous dictionary file.\n\nAdministrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it.\n\nRefer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries.\n" + }, + { + "name": "Password Management", + "description": "Use this API to implement password management functionality. \nWith this functionality in place, users can manage their identity passwords for all their applications.\n\nIn IdentityNow, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager. \nPassword Manager lists the user's identity's applications, possibly grouped to share passwords. \nUsers can then select 'Change Password' to update their passwords. \n\nGrouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually. \nPassword Manager may list the applications and sources in the following groups:\n\n- Password Group: This refers to a group of applications that share a password. \nFor example, a user can use the same password for Google Drive, Google Mail, and YouTube. \nUpdating the password for the password group updates the password for all its included applications.\n\n- Multi-Application Source: This refers to a source with multiple applications that share a password. \nFor example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications. \nUpdating the password for the multi-application source updates the password for all its included applications. \n\n- Applications: These are applications that do not share passwords with other applications.\n\nAn organization may require some authentication for users to update their passwords. \nUsers may be required to answer security questions or use a third-party authenticator before they can confirm their updates. \n\nRefer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management.\n" + }, + { + "name": "Password Sync Groups", + "description": "Use this API to implement password sync group functionality. \nWith this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password. \nThis allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually. \n\nA password sync group is a group of applications that shares a password. \nAdministrators create these groups by grouping the applications' sources. \nFor example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password. \nA user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually.\n\nThe following are required for administrators to create a password sync group in IdentityNow: \n\n- At least two direct connect sources connected to IdentityNow and configured for Password Management.\n\n- Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources.\n\n- At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/policies.html) for more information about password policies. \n\nIn the Admin panel in IdentityNow, administrators can use the Password Mgmt dropdown menu to select Sync Groups. \nTo create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group. \n\nAdministrators can also delete sync groups in IdentityNow, but they should know the following before they do: \n\n- Passwords related to the associated sources will become independent, so changing one will not change the others anymore. \n\n- Passwords for the sources' connected applications will also become independent. \n\n- Password policies assigned to the sync group are then assigned directly to the associated sources. \nTo change the password policy for a source, administrators must edit it directly. \n\nOnce the password sync group has been created, users can update the password for the group in Password Manager.\n\nRefer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups.\n" + }, + { + "name": "Personal Access Tokens", + "description": "Use this API to implement personal access token (PAT) functionality. \nWith this functionality in place, users can use PATs as an alternative to passwords for authentication in IdentityNow. \n\nPATs embed user information into the client ID and secret. \nThis replaces the API clients' need to store and provide a username and password to establish a connection, improving IdentityNow organizations' integration security. \n\nIn IdentityNow, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens. \nThey must then provide a description about the token's purpose. \nThey can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID. \n\nRefer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs.\n" + }, + { + "name": "Public Identities Config", + "description": "Use this API to implement public identity configuration functionality. \nWith this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions. \nThis can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.\n\nBy default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager. \nHowever, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc.\nAdministrators can use this API to make those necessary identity attributes public to non-administrators. \n\nFor example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department. \nIf an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/idn/api/beta/update-public-identity-config) to make the \"department\" attribute public, the approver can see the department and make a decision without requesting any more information. \n" + }, + { + "name": "Requestable Objects", + "description": "Use this API to implement requestable object functionality. \nWith this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/idn/api/beta/access-requests), along with their statuses. \nThis can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available. \n" + }, + { + "name": "Role Insights" + }, + { + "name": "Roles", + "description": "Use this API to implement and customize role functionality.\nWith this functionality in place, administrators can create roles and configure them for use throughout IdentityNow. \nIdentityNow can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks.\n\nEntitlements represent the most granular level of access in IdentityNow. \nAccess profiles represent the next level and often group entitlements. \nRoles represent the broadest level of access and often group access profiles. \n\nFor example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.\n\nAn administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.\n\nAn administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.\n\nWhen users only need Active Directory employee access, they can request access to the 'Employees' entitlement.\n\nWhen users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.\n\nWhen users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. \n\nRoles often represent positions within organizations. \nFor example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role. \nIf the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need.\n\nIn IdentityNow, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones. \nAdministrators can enable and disable the role, and they can also make the following configurations: \n\n- Manage Access: Manage the role's access by adding or removing access profiles.\n\n- Define Assignment: Define the criteria IdentityNow uses to assign the role to identities. \nUse the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes. \nUse the second, 'Identity List,' to specify the identities for assignment.\n\n- Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked. \nDo not configure a role to be requestable without establishing a secure access request approval process for that role first. \n\nRefer to [Working with Roles](https://documentation.sailpoint.com/saas/help/provisioning/roles.html) for more information about roles.\n" + }, + { + "name": "Search Attribute Configuration" + }, + { + "name": "Segments" + }, + { + "name": "Service Desk Integration", + "description": "Use this API to build an integration between IdentityNow and a service desk ITSM (IT service management) solution. \nOnce an administrator builds this integration between IdentityNow and a service desk, users can use IdentityNow to raise and track tickets that are synchronized between IdentityNow and the service desk. \n\nIn IdentityNow, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.'\n\nTo create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page. \nRefer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in IdentityNow.\n\nAdministrators can create various service desk integrations, all with their own nuances. \nThe following service desk integrations are available: \n\n- [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html)\n\n- [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html)\n\n- [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html)\n\n- [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html)\n\n- [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html)\n\n- [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html)\n\n- [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html)\n" + }, + { + "name": "SOD Policy", + "description": "Operations for Creating & Executing SOD (Seperation of Duties) policies" + }, + { + "name": "SOD Violations", + "description": "Operations for Predicting SOD (Seperation of Duties) violations" + }, + { + "name": "Sources", + "description": "Use this API to implement and customize source functionality. \nWith source functionality in place, organizations can use IdentityNow to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way. \n\n[Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the IdentityNow representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example.\nOrganizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. \nConnecting these sources to IdentityNow makes it possible to manage user access across them all.\nThen, if a new hire starts at an organization, IdentityNow can grant the new hire access to all the sources they need.\nIf an employee moves to a new department and needs access to new sources but no longer needs access to others, IdentityNow can grant the necessary access and revoke the unnecessary access for all the employee's various sources. \nIf an employee leaves the company, IdentityNow can revoke access to all the employee's various source accounts immediately. \nThese are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure. \n\nIn IdentityNow, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so.\nThey can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups.\nAdmins go to Connections > Sources to see a list of the existing source representations in their organizations. \nThey can create new sources or select existing ones. \n\nTo create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type.\nRefer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process. \n\nIdentityNow connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in.\nDifferent sources use different connectors to share data with IdentityNow, and each connector's setup process is specific to that connector. \nSailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors.\nRefer to [IdentityNow Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors. \nRefer to the following links for more information about two useful connectors: \n\n- [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity).\n\n- [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services. \n\nRefer to [SaaS Connectivity](https://developer.sailpoint.com/idn/docs/saas-connectivity) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources. \n\nWhen admins select existing sources, they can view the following information about the source:\n\n- Associated connections (any associated identity profiles, apps, or references to the source in a transform).\n\n- Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources.\n\n- Associated entitlements (sets of access rights on sources).\n\n- Associated access profiles (groupings of entitlements). \n\nThe user account data and the entitlements update with each data aggregation from the source. \nOrganizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their IdentityNow tenants so an access change on a source is detected quickly in IdentityNow.\nAdmins can view a history of these aggregations, and they can also run manual imports. \nRefer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations. \n\nAdmins can also make changes to determine which user account data IdentityNow collects from the source and how it correlates that account data with identity data. \nTo define which account attributes the source shares with IdentityNow, admins can edit the account schema on the source.\nRefer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them. \nTo define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. \nRefer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities.\n\nAdmins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform.\nRefer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources. \n\nWell organized, mappped out connections between sources and IdentityNow are essential to achieving comprehensive identity access governance across all the source systems organizations need. \nRefer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected. \n" + }, + { + "name": "SP-Config", + "description": "Import and export configuration for some objects between tenants." + }, + { + "name": "Tagged Objects" + }, + { + "name": "Transforms", + "description": "Operations for creating, managing, and deleting transforms" + }, + { + "name": "Triggers", + "description": "Event Triggers provide real-time updates to changes in IdentityNow so you can take action as soon as an event occurs, rather than poll an API endpoint for updates. IdentityNow provides a user interface within the admin console to create and manage trigger subscriptions. These endpoints allow for programatically creating and managing trigger subscriptions.\n\nThere are two types of event triggers:\n * `FIRE_AND_FORGET`: This trigger type will send a payload to each subscriber without needing a response. Each trigger of this type has a limit of **50 subscriptions**.\n * `REQUEST_RESPONSE`: This trigger type will send a payload to a subscriber and expect a response back. Each trigger of this type may only have **one subscription**.\n\n## Available Event Triggers\nProduction ready event triggers that are available in all tenants.\n\n| Name | ID | Type | Trigger condition | Schema(s) |\n|-|-|-|-|-|\n| [Access Request Dynamic Approval](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/access-request-dynamic-approval) | idn:access-request-dynamic-approver | REQUEST_RESPONSE |After an access request is submitted. Expects the subscriber to respond with the ID of an identity or workgroup to add to the approval workflow. | [Input Schema](#section/Access-Request-Dynamic-Approver-Event-Trigger-Input) - [Output Schema](#section/Access-Request-Dynamic-Approver-Event-Trigger-Output) |\n| [Access Request Postapproval](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/access-request-postapproval) | idn:access-request-post-approval | FIRE_AND_FORGET | After an access request is approved. |[Input Schema](#section/Access-Request-Post-Approval-Event-Trigger-Input)|\n| [Access Request Preapproval](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/access-request-preapproval) | idn:access-request-pre-approval | REQUEST_RESPONSE | After an access request is submitted. Expects the subscriber to respond with an approval decision. | [Input Schema](#section/Access-Request-Pre-Approval-Event-Trigger-Input) - [Output Schema](#section/Access-Request-Pre-Approval-Event-Trigger-Output) |\n| [Account Aggregation Completed](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/account-aggregation-completed) | idn:account-aggregation-completed | FIRE_AND_FORGET | After an account aggregation completed, terminated, failed. | [Input Schema](#section/Account-Aggregation-Completed-Event-Trigger-Input) |\n| Account Attributes Changed | idn:account-attributes-changed | FIRE_AND_FORGET | After an account aggregation, and one or more account attributes have changed. | [Input Schema](#section/Account-Attributes-Changed-Event-Trigger-Input) |\n| Account Correlated | idn:account-correlated | FIRE_AND_FORGET | After an account is added to an identity. | [Input Schema](#section/Account-Correlated-Event-Trigger-Input) |\n| Accounts Collected for Aggregation | idn:aggregation-accounts-collected | FIRE_AND_FORGET | New, changed, and deleted accounts have been gathered during an aggregation and are being processed. | [Input Schema](#section/Accounts-Collected-for-Aggregation-Event-Trigger-Input) |\n| Account Uncorrelated | idn:account-uncorrelated | FIRE_AND_FORGET | After an account is removed from an identity. | [Input Schema](#section/Account-Uncorrelated-Event-Trigger-Input) |\n| Campaign Activated | idn:campaign-activated | FIRE_AND_FORGET | After a campaign is activated. | [Input Schema](#section/Campaign-Activated-Event-Trigger-Input) |\n| Campaign Ended | idn:campaign-ended | FIRE_AND_FORGET | After a campaign ends. | [Input Schema](#section/Campaign-Ended-Event-Trigger-Input) |\n| Campaign Generated | idn:campaign-generated | FIRE_AND_FORGET | After a campaign finishes generating. | [Input Schema](#section/Campaign-Generated-Event-Trigger-Input) |\n| Certification Signed Off | idn:certification-signed-off | FIRE_AND_FORGET | After a certification is signed off by its reviewer. | [Input Schema](#section/Certification-Signed-Off-Event-Trigger-Input) |\n| [Identity Attributes Changed](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/account-aggregation-completed) | idn:identity-attributes-changed | FIRE_AND_FORGET | After One or more identity attributes changed. | [Input Schema](#section/Identity-Attributes-Changed-Event-Trigger-Input) |\n| [Identity Created](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/identity-created) | idn:identity-created | FIRE_AND_FORGET | After an identity is created. | [Input Schema](#section/Identity-Created-Event-Trigger-Input) |\n| [Provisioning Action Completed](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/provisioning-action-completed) | idn:post-provisioning | FIRE_AND_FORGET | After a provisioning action completed on a source. | [Input Schema](#section/Provisioning-Completed-Event-Trigger-Input) |\n| [Saved Search Complete](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/saved-search-completed) | idn:saved-search-complete | FIRE_AND_FORGET | After a scheduled search completed. | [Input Schema](#section/Saved-Search-Complete-Event-Trigger-Input) |\n| [Source Created](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-created) | idn:source-created | FIRE_AND_FORGET | After a source is created. | [Input Schema](#section/Source-Created-Event-Trigger-Input) |\n| [Source Deleted](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-deleted) | idn:source-deleted | FIRE_AND_FORGET | After a source is deleted. | [Input Schema](#section/Source-Deleted-Event-Trigger-Input) |\n| [Source Updated](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-updated) | idn:source-updated | FIRE_AND_FORGET | After configuration changes have been made to a source. | [Input Schema](#section/Source-Updated-Event-Trigger-Input) |\n| [VA Cluster Status Change](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/va-cluster-status-change) | idn:va-cluster-status-change | FIRE_AND_FORGET | After the status of a VA cluster has changed. | [Input Schema](#section/VA-Cluster-Status-Change-Event-Event-Trigger-Input) |\n\n## Early Access Event Triggers\nTriggers that are in-development and not ready for production use. Please contact support to enable these triggers in your tenant.\n\n| Name | ID | Type | Trigger condition | Schema(s) |\n|-|-|-|-|-|\n| [Identity Deleted](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/identity-deleted) | idn:identity-deleted | FIRE_AND_FORGET | After an identity is deleted. | [Input Schema](#section/Identity-Deleted-Event-Trigger-Input) |\n| [Source Account Created](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-account-created) | idn:source-account-created | FIRE_AND_FORGET | After a source account is created. | [Input Schema](#section/Source-Account-Created-Event-Trigger-Input) |\n| [Source Account Deleted](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-account-deleted) | idn:source-account-deleted | FIRE_AND_FORGET | After a source account is deleted. | [Input Schema](#section/Source-Account-Deleted-Event-Trigger-Input) |\n| [Source Account Updated](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/source-account-updated) | idn:source-account-updated | FIRE_AND_FORGET | After a source account is changed. | [Input Schema](#section/Source-Account-Updated-Event-Trigger-Input) |\n\nRefer to [Event Triggers](https://developer.sailpoint.com/idn/docs/event-triggers/) for more information about event triggers.\n" + }, + { + "name": "Work Items", + "description": "Use this API to implement work item functionality. \nWith this functionality in place, users can manage their work items (tasks). \n\nWork items refer to the tasks users see in IdentityNow's Task Manager. \nThey can see the pending work items they need to complete, as well as the work items they have already completed. \nTask Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created. \nFor example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp. \nOnce the user completes the work item, the work item will be listed with his or her other completed work items. \n\nTo complete work items, users can use their dashboards and select the 'My Tasks' widget. \nThe widget will list any work items they need to complete, and they can select the work item from the list to review its details. \nWhen they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items. \n\nRefer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete.\n" + }, + { + "name": "Workflows", + "description": "Workflows allow administrators to create custom automation scripts directly within IdentityNow. These automation scripts respond to [event triggers](https://developer.sailpoint.com/idn/docs/event-triggers#how-to-get-started-with-event-triggers) and perform a series of actions to perform tasks that are either too cumbersome or not available in the IdentityNow UI. Workflows can be configured via a graphical user interface within IdentityNow, or by creating and uploading a JSON formatted script to the Workflow service. The Workflows API collection provides the necessary functionality to create, manage, and test your workflows via REST.\n\nRefer to [Creating and Managing Workflows](https://documentation.sailpoint.com/saas/help/workflows/workflow-basics.html) for more information about how to build workflows in the visual builder in the IdentityNow UI.\n" + }, + { + "name": "Event Trigger Models", + "x-displayName": "Trigger Models", + "description": "## Access Request Dynamic Approver Event Trigger Input\n\n\n## Access Request Dynamic Approver Event Trigger Output\n\n\n## Access Request Post Approval Event Trigger Input\n\n\n## Access Request Pre Approval Event Trigger Input\n\n\n## Access Request Pre Approval Event Trigger Output\n\n\n## Account Aggregation Completed Event Trigger Input\n\n\n## Account Attributes Changed Event Trigger Input\n\n\n## Account Correlated Event Trigger Input\n\n\n## Accounts Collected for Aggregation Event Trigger Input\n\n\n## Account Uncorrelated Event Trigger Input\n\n\n## Campaign Activated Event Trigger Input\n\n\n## Campaign Ended Event Trigger Input\n\n\n## Campaign Generated Event Trigger Input\n\n\n## Certification Signed Off Event Trigger Input\n\n\n## Identity Attributes Changed Event Trigger Input\n\n\n## Identity Created Event Trigger Input\n\n\n## Identity Deleted Event Trigger Input\n\n\n## Provisioning Completed Event Trigger Input\n\n\n## Saved Search Complete Event Trigger Input\n\n\n## Source Account Created Event Trigger Input\n\n\n## Source Account Deleted Event Trigger Input\n\n\n## Source Account Updated Event Trigger Input\n\n\n## Source Created Event Trigger Input\n\n\n## Source Deleted Event Trigger Input\n\n\n## Source Updated Event Trigger Input\n\n\n## VA Cluster Status Change Event Event Trigger Input\n\n" + } + ], + "security": [ + { + "oauth2": [] + } + ], + "components": { + "securitySchemes": { + "oauth2": { + "type": "oauth2", + "description": "OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information.\n- Directions for generating a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens)\n- Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow)\n- Directions for using [authorization code flow](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow)\n\nWhich authentication method should I choose? See our [guide](https://developer.sailpoint.com/idn/api/authentication#which-oauth-20-grant-flow-should-i-use)\n\nLearn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/idn/api/authentication#find-your-tenants-oauth-details)\n", + "flows": { + "clientCredentials": { + "tokenUrl": "https://tenant.api.identitynow.com/oauth/token", + "scopes": { + "sp:scopes:default": "default scope", + "sp:scopes:all": "access to all scopes" + } + }, + "authorizationCode": { + "authorizationUrl": "https://tenant.identitynow.com/oauth/authorize", + "tokenUrl": "https://tenant.api.identitynow.com/oauth/token", + "scopes": { + "sp:scopes:default": "default scope", + "sp:scopes:all": "access to all scopes" + } + } + } + } + }, + "schemas": { + "AccountAggregation": { + "type": "object", + "properties": { + "start": { + "type": "string", + "format": "date-time", + "example": "2021-01-31T14:30:05.104Z", + "description": "When the aggregation started." + }, + "status": { + "type": "string", + "enum": [ + "STARTED", + "ACCOUNTS_COLLECTED", + "COMPLETED", + "CANCELLED", + "RETRIED", + "TERMINATED" + ], + "example": "ACCOUNTS_COLLECTED", + "description": "STARTED - Aggregation started, but source account iteration has not completed.\n\nACCOUNTS_COLLECTED - Source account iteration completed, but all accounts have not yet been processed.\n\nCOMPLETED - Aggregation completed (*possibly with errors*).\n\nCANCELLED - Aggregation cancelled by user.\n\nRETRIED - Aggregation retried because of connectivity issues with the Virtual Appliance.\n\nTERMINATED - Aggregation marked as failed after 3 tries after connectivity issues with the Virtual Appliance.\n" + }, + "totalAccounts": { + "type": "integer", + "example": 520, + "description": "The total number of *NEW, CHANGED and DELETED* accounts that need to be processed for this aggregation. This does not include accounts that were unchanged since the previous aggregation. This can be zero if there were no new, changed or deleted accounts since the previous aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*" + }, + "processedAccounts": { + "type": "integer", + "example": 150, + "description": "The number of *NEW, CHANGED and DELETED* accounts that have been processed so far. This reflects the number of accounts that have been processed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*" + } + } + }, + "ApprovalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "slimcampaign": { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + "fullcampaign": { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + }, + "IdentityProfile": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "nullable": true, + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile" + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + }, + "description": "The authoritative source for this Identity Profile." + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If the profile or mapping is enabled", + "example": true, + "default": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "nullable": true, + "additionalProperties": true, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result", + "example": "2c918086795cd09201795d5f7d7533df" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report" + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": true, + "example": true + } + } + } + ] + }, + "ManagedClient": { + "description": "Managed Client", + "type": "object", + "required": [ + "clientId", + "clusterId", + "description", + "type" + ], + "properties": { + "id": { + "description": "ManagedClient ID", + "readOnly": true, + "type": "string", + "example": "aClientId" + }, + "alertKey": { + "description": "ManagedClient alert key", + "readOnly": true, + "type": "string", + "example": "anAlertKey" + }, + "apiGatewayBaseUrl": { + "description": "ManagedClient gateway base url", + "readOnly": true, + "type": "string", + "example": "https://denali-xxx.api.cloud.sailpoint.com" + }, + "ccId": { + "description": "Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)", + "type": "integer", + "format": "int64", + "example": 2248 + }, + "clientId": { + "description": "The client ID used in API management", + "type": "string", + "example": "aClientApiId" + }, + "clusterId": { + "description": "Cluster ID that the ManagedClient is linked to", + "type": "string", + "example": "aClusterId" + }, + "cookbook": { + "description": "VA cookbook", + "readOnly": true, + "type": "string", + "example": "va-cookbook-info" + }, + "description": { + "description": "ManagedClient description", + "type": "string", + "example": "A short description of the ManagedClient" + }, + "ipAddress": { + "description": "The public IP address of the ManagedClient", + "readOnly": true, + "type": "string", + "example": "123.456.78.90" + }, + "lastSeen": { + "description": "When the ManagedClient was last seen by the server", + "readOnly": true, + "type": "string", + "format": "date-time", + "example": "2020-01-01T00:00:00.000000Z" + }, + "name": { + "description": "ManagedClient name", + "type": "string", + "example": "aName" + }, + "sinceLastSeen": { + "description": "Milliseconds since the ManagedClient has polled the server", + "readOnly": true, + "type": "string", + "example": 15000 + }, + "status": { + "description": "Status of the ManagedClient", + "readOnly": true, + "allOf": [ + { + "type": "string", + "enum": [ + "NORMAL", + "UNDEFINED", + "NOT_CONFIGURED", + "CONFIGURING", + "WARNING", + "ERROR", + "FAILED" + ] + } + ] + }, + "type": { + "description": "Type of the ManagedClient (VA, CCG)", + "type": "string", + "example": "VA" + }, + "vaDownloadUrl": { + "description": "ManagedClient VA download URL", + "readOnly": true, + "type": "string", + "example": "aUrl" + }, + "vaVersion": { + "description": "Version that the ManagedClient's VA is running", + "readOnly": true, + "type": "string", + "example": "va-megapod-useast1-610-1621372012" + }, + "secret": { + "description": "Client's apiKey", + "type": "string", + "example": "ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381" + } + } + }, + "ManagedClientStatus": { + "description": "Managed Client Status", + "type": "object", + "required": [ + "body", + "status", + "type", + "timestamp" + ], + "properties": { + "body": { + "description": "ManagedClientStatus body information", + "type": "object", + "example": { + "alertKey": "", + "id": "5678", + "clusterId": "1234", + "ccg_etag": "ccg_etag123xyz456", + "ccg_pin": "NONE", + "cookbook_etag": "20210420125956-20210511144538", + "hostname": "megapod-useast1-secret-hostname.sailpoint.com", + "internal_ip": "127.0.0.1", + "lastSeen": "1620843964604", + "sinceSeen": "14708", + "sinceSeenMillis": "14708", + "localDev": false, + "stacktrace": "", + "state": null, + "status": "NORMAL", + "uuid": null, + "product": "idn", + "va_version": null, + "platform_version": "2", + "os_version": "2345.3.1", + "os_type": "flatcar", + "hypervisor": "unknown" + } + }, + "status": { + "description": "status of the Managed Client", + "type": "string", + "enum": [ + "NORMAL", + "UNDEFINED", + "NOT_CONFIGURED", + "CONFIGURING", + "WARNING", + "ERROR", + "FAILED" + ] + }, + "type": { + "description": "type of the Managed Client", + "type": "string", + "example": "CCG", + "nullable": true, + "enum": [ + "CCG", + "VA", + "INTERNAL", + null + ] + }, + "timestamp": { + "description": "timestamp on the Client Status update", + "type": "string", + "format": "date-time", + "example": "2020-01-01T00:00:00.000000Z" + } + } + }, + "MessageCatalogDto": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The language in which the messages are returned", + "example": "en_US" + }, + "messages": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key of the message", + "example": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_LOW" + }, + "format": { + "type": "string", + "description": "The format of the message", + "example": "{0,,\\\"i18n hint: percentage\\\"}% of identities with the same {1,,\\\"i18n hint: name of category feature\\\"} have this access. This information had a low impact on the overall score." + } + } + }, + "description": "The list of message with their keys and formats" + } + } + }, + "PeerGroupMember": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "A unique identifier for the peer group member." + }, + "type": { + "type": "string", + "description": "The type of the peer group member." + }, + "peer_group_id": { + "type": "string", + "description": "The ID of the peer group." + }, + "attributes": { + "type": "object", + "additionalProperties": { + "type": "object" + }, + "description": "Arbitrary key-value pairs, belonging to the peer group member." + } + } + }, + "RecommendationRequestDto": { + "type": "object", + "properties": { + "requests": { + "type": "array", + "items": { + "description": "List of requests to retrieve recommendations", + "type": "object", + "properties": { + "identityId": { + "type": "string", + "description": "The identity ID", + "example": "2c938083633d259901633d25c68c00fa" + }, + "item": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the access item for which to retrieve the recommendation", + "example": "2c938083633d259901633d2623ec0375" + }, + "type": { + "type": "string", + "example": "ENTITLEMENT", + "description": "The type of the access item.", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ] + } + } + } + } + } + }, + "excludeInterpretations": { + "type": "boolean", + "description": "Exclude interpretations in the response if \"true\". Return interpretations in the response if this attribute is not specified.", + "default": "false", + "example": "false" + }, + "includeTranslationMessages": { + "type": "boolean", + "description": "When set to true, the calling system uses the translated messages for the specified language", + "default": "false", + "example": "false" + }, + "includeDebugInformation": { + "type": "boolean", + "description": "Returns the recommender calculations if set to true", + "default": "false", + "example": "true" + }, + "prescribeMode": { + "type": "boolean", + "description": "When set to true, uses prescribedRulesRecommenderConfig to get identity attributes and peer group threshold instead of standard config.", + "default": "false", + "example": "false" + } + } + }, + "RecommendationResponseDto": { + "type": "object", + "properties": { + "response": { + "type": "array", + "items": { + "type": "object", + "properties": { + "request": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "description": "The identity ID", + "example": "2c938083633d259901633d25c68c00fa" + }, + "item": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the access item for which to retrieve the recommendation", + "example": "2c938083633d259901633d2623ec0375" + }, + "type": { + "type": "string", + "example": "ENTITLEMENT", + "description": "The type of the access item.", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ] + } + } + } + } + }, + "recommendation": { + "type": "string", + "example": "YES", + "description": "The recommendation - YES if the access is recommended, NO if not recommended, MAYBE if there is not enough information to make a recommendation, NOT_FOUND if the identity is not found in the system", + "enum": [ + "YES", + "NO", + "MAYBE", + "NOT_FOUND" + ] + }, + "interpretations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of interpretations explaining the recommendation. The array is empty if includeInterpretations is false or not present in the request. e.g. - [ \"Not approved in the last 6 months.\" ]. Interpretations will be translated using the client's locale as found in the Accept-Language header. If a translation for the client's locale cannot be found, the US English translation will be returned.", + "example": [ + "75% of identities with the same department have this access. This information had a high impact on the overall score.", + "67% of identities with the same peer group have this access. This information had a low impact on the overall score.", + "42% of identities with the same location have this access. This information had a low impact on the overall score." + ] + }, + "translationMessages": { + "type": "array", + "example": [ + { + "key": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH", + "values": [ + "75", + "department" + ] + } + ], + "items": { + "properties": { + "key": { + "type": "string", + "description": "The key of the translation message", + "example": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH" + }, + "values": { + "type": "array", + "description": "The values corresponding to the translation messages", + "items": { + "type": "string" + }, + "example": [ + "75", + "department" + ] + } + } + }, + "description": "The list of translation messages, if they have been requested." + }, + "recommenderCalculations": { + "description": "The calcuations performed behind the scenes that provide recommendations to the user.", + "properties": { + "identityId": { + "type": "string", + "description": "The ID of the identity", + "example": "2c91808457d8f3ab0157e3e62cb4213c" + }, + "entitlementId": { + "type": "string", + "description": "The entitlement ID", + "example": "2c91809050db617d0150e0bf3215385e" + }, + "recommendation": { + "type": "string", + "description": "The actual recommendation", + "example": "YES" + }, + "overallWeightedScore": { + "type": "number", + "description": "The overall weighted score" + }, + "featureWeightedScores": { + "type": "object", + "description": "The weighted score of each individual feature", + "additionalProperties": { + "type": "number" + } + }, + "threshold": { + "type": "number", + "description": "The configured value against which the overallWeightedScore is compared" + }, + "identityAttributes": { + "type": "object", + "description": "The values for your configured features", + "additionalProperties": { + "type": "object", + "properties": { + "value": { + "type": "string" + } + } + } + }, + "featureValues": { + "description": "The feature details", + "type": "object", + "properties": { + "feature": { + "type": "string", + "description": "The type of feature", + "example": "department" + }, + "numerator": { + "type": "integer", + "format": "int32", + "example": 14, + "description": "The number of identities that have access to the feature" + }, + "denominator": { + "type": "integer", + "format": "int32", + "example": 14, + "description": "The number of identities with the corresponding feature" + } + } + } + } + } + } + } + } + } + }, + "RemediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "SearchAttributeConfig": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the new attribute", + "example": "newMailAttribute" + }, + "displayName": { + "type": "string", + "description": "The display name of the new attribute", + "example": "New Mail Attribute" + }, + "applicationAttributes": { + "type": "object", + "description": "Map of application id and their associated attribute.", + "example": { + "2c91808b79fd2422017a0b35d30f3968": "employeeNumber", + "2c91808b79fd2422017a0b36008f396b": "employeeNumber" + } + } + } + }, + "WorkItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + }, + "WorkItemsCount": { + "type": "object", + "properties": { + "count": { + "type": "integer", + "description": "The count of work items", + "example": 29 + } + } + }, + "WorkItemsSummary": { + "type": "object", + "properties": { + "open": { + "type": "integer", + "description": "The count of open work items", + "example": 29 + }, + "completed": { + "type": "integer", + "description": "The count of completed work items", + "example": 1 + }, + "total": { + "type": "integer", + "description": "The count of total work items", + "example": 30 + } + } + }, + "Form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "FormItem": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + "Section": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + }, + "Field": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "Display name of the field", + "example": "Field 1" + }, + "displayType": { + "type": "string", + "description": "Type of the field to display", + "example": "checkbox" + }, + "required": { + "type": "boolean", + "description": "True if the field is required" + }, + "allowedValuesList": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of allowed values for the field", + "example": [ + { + "Val1Display": null, + "Val1Value": null + }, + { + "Val2Display": null, + "Val2Value": null + } + ] + }, + "value": { + "type": "object", + "description": "Value of the field" + } + } + } + ] + }, + "Trigger-Input-AccessRequestDynamicApprover": { + "title": "Access Request Dynamic Approver", + "type": "object", + "required": [ + "accessRequestId", + "requestedFor", + "requestedItems", + "requestedBy" + ], + "properties": { + "accessRequestId": { + "type": "string", + "description": "The unique ID of the access request object. Can be used with the [access request status endpoint](https://developer.sailpoint.com/idn/api/beta/list-access-request-status) to get the status of the request.\n", + "example": "4b4d982dddff4267ab12f0f1e72b5a6d" + }, + "requestedFor": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity for whom the access is requested for.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "requestedItems": { + "description": "The access items that are being requested.", + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "name", + "type", + "operation" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the access item.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "name": { + "type": "string", + "description": "Human friendly name of the access item.", + "example": "Engineering Access" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Extended description of the access item.", + "example": "Engineering Access" + }, + "type": { + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of access item being requested.", + "example": "ACCESS_PROFILE" + }, + "operation": { + "enum": [ + "Add", + "Remove" + ], + "description": "Grant or revoke the access item", + "example": "Add" + }, + "comment": { + "nullable": true, + "type": "string", + "description": "A comment from the requestor on why the access is needed.", + "example": "William needs this access for his day to day job activities." + } + } + } + }, + "requestedBy": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that initiated the access request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + "Trigger-Input-AccessRequestPostApproval": { + "title": "Access Request Post Approval", + "type": "object", + "required": [ + "accessRequestId", + "requestedFor", + "requestedItemsStatus", + "requestedBy" + ], + "properties": { + "accessRequestId": { + "type": "string", + "description": "The unique ID of the access request.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "requestedFor": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity who the access request is for.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "requestedItemsStatus": { + "description": "Details on the outcome of each access item.", + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "name", + "type", + "operation", + "approvalInfo" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the access item being requested.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "name": { + "type": "string", + "description": "The human friendly name of the access item.", + "example": "Engineering Access" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Detailed description of the access item.", + "example": "Access to engineering database" + }, + "type": { + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + }, + "operation": { + "enum": [ + "Add", + "Remove" + ], + "description": "The action to perform on the access item.", + "example": "Add" + }, + "comment": { + "nullable": true, + "type": "string", + "description": "A comment from the identity requesting the access.", + "example": "William needs this access to do his job." + }, + "clientMetadata": { + "description": "Additional customer defined metadata about the access item.", + "nullable": true, + "type": "object", + "additionalProperties": true, + "example": { + "applicationName": "My application" + } + }, + "approvalInfo": { + "description": "A list of one or more approvers for the access request.", + "type": "array", + "items": { + "type": "object", + "required": [ + "approvalDecision", + "approverName", + "approver" + ], + "properties": { + "approvalComment": { + "nullable": true, + "type": "string", + "description": "A comment left by the approver.", + "example": "This access looks good. Approved." + }, + "approvalDecision": { + "enum": [ + "APPROVED", + "DENIED" + ], + "description": "The final decision of the approver.", + "example": "APPROVED" + }, + "approverName": { + "type": "string", + "description": "The name of the approver", + "example": "Stephen.Austin" + }, + "approver": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity of the approver.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + } + } + } + } + }, + "requestedBy": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that initiated the access request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + "Trigger-Input-AccessRequestPreApproval": { + "title": "Access Request Pre Approval", + "type": "object", + "required": [ + "accessRequestId", + "requestedFor", + "requestedItems", + "requestedBy" + ], + "properties": { + "accessRequestId": { + "type": "string", + "description": "The unique ID of the access request.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "requestedFor": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity who the access request is for.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "requestedItems": { + "description": "Details of the access items being requested.", + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "name", + "type", + "operation" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the access item being requested.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "name": { + "type": "string", + "description": "The human friendly name of the access item.", + "example": "Engineering Access" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Detailed description of the access item.", + "example": "Access to engineering database" + }, + "type": { + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + }, + "operation": { + "enum": [ + "Add", + "Remove" + ], + "description": "The action to perform on the access item.", + "example": "Add" + }, + "comment": { + "nullable": true, + "type": "string", + "description": "A comment from the identity requesting the access.", + "example": "William needs this access to do his job." + } + } + } + }, + "requestedBy": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that initiated the access request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + "Trigger-Input-AccountAggregationCompleted": { + "title": "Account Aggregation Completed", + "type": "object", + "required": [ + "source", + "status", + "started", + "completed", + "errors", + "warnings", + "stats" + ], + "properties": { + "source": { + "required": [ + "type", + "name", + "id" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The source from which the accounts were aggregated.", + "properties": { + "type": { + "enum": [ + "SOURCE" + ], + "description": "The type of object that is referenced", + "example": "SOURCE" + } + } + }, + "status": { + "description": "The overall status of the aggregation.", + "enum": [ + "Success", + "Failed", + "Terminated" + ], + "example": "Success" + }, + "started": { + "type": "string", + "format": "date-time", + "description": "The date and time when the account aggregation started.", + "example": "2020-06-29T22:01:50.474Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "The date and time when the account aggregation finished.", + "example": "2020-06-29T22:02:04.090Z" + }, + "errors": { + "nullable": true, + "description": "A list of errors that occurred during the aggregation.", + "type": "array", + "items": { + "type": "string", + "description": "A descriptive error message.", + "example": "Accounts unable to be aggregated." + } + }, + "warnings": { + "nullable": true, + "description": "A list of warnings that occurred during the aggregation.", + "type": "array", + "items": { + "type": "string", + "description": "A descriptive warning message.", + "example": "Account Skipped" + } + }, + "stats": { + "type": "object", + "description": "Overall statistics about the account aggregation.", + "required": [ + "scanned", + "unchanged", + "changed", + "added", + "removed" + ], + "properties": { + "scanned": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which were scanned / iterated over.", + "example": 200 + }, + "unchanged": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which existed before, but had no changes.", + "example": 190 + }, + "changed": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which existed before, but had changes.", + "example": 6 + }, + "added": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which are new - have not existed before.", + "example": 4 + }, + "removed": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "format": "int32", + "description": "The number accounts which existed before, but no longer exist (thus getting removed).", + "example": 3 + } + } + } + } + }, + "Trigger-Input-AccountAttributesChanged": { + "title": "Account Attributes Changed", + "type": "object", + "required": [ + "identity", + "source", + "account", + "changes" + ], + "properties": { + "identity": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity whose account attributes changed.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "source": { + "required": [ + "id", + "type", + "name" + ], + "type": "object", + "description": "The source that contains the account.", + "properties": { + "id": { + "description": "ID of the object to which this reference applies", + "type": "string", + "example": "4e4d982dddff4267ab12f0f1e72b5a6d" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "example": "SOURCE", + "description": "The type of object that is referenced" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "Corporate Active Directory" + } + } + }, + "account": { + "type": "object", + "description": "Details of the account where the attributes changed.", + "required": [ + "id", + "uuid", + "name", + "nativeIdentity", + "type" + ], + "properties": { + "id": { + "type": "string", + "description": "SailPoint generated unique identifier.", + "example": "52170a74-ca89-11ea-87d0-0242ac130003" + }, + "uuid": { + "nullable": true, + "type": "string", + "description": "The source's unique identifier for the account. UUID is generated by the source system.", + "example": "1cb1f07d-3e5a-4431-becd-234fa4306108" + }, + "name": { + "type": "string", + "description": "Name of the account.", + "example": "john.doe" + }, + "nativeIdentity": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "cn=john.doe,ou=users,dc=acme,dc=com" + }, + "type": { + "enum": [ + "ACCOUNT" + ], + "description": "The type of the account", + "example": "ACCOUNT" + } + } + }, + "changes": { + "type": "array", + "description": "A list of attributes that changed.", + "items": { + "type": "object", + "required": [ + "attribute", + "oldValue", + "newValue" + ], + "properties": { + "attribute": { + "type": "string", + "description": "The name of the attribute.", + "example": "sn" + }, + "oldValue": { + "description": "The previous value of the attribute.", + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "array", + "items": { + "nullable": true, + "type": "string" + } + } + ], + "example": "doe" + }, + "newValue": { + "description": "The new value of the attribute.", + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "array", + "items": { + "nullable": true, + "type": "string" + } + } + ], + "example": "ryans" + } + } + } + } + } + }, + "Trigger-Input-AccountCorrelated": { + "title": "Account Correlated", + "type": "object", + "required": [ + "identity", + "source", + "account", + "attributes" + ], + "properties": { + "identity": { + "required": [ + "type", + "name", + "id" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that the account correlated with.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "description": "The type of object that is referenced", + "example": "IDENTITY" + } + } + }, + "source": { + "required": [ + "id", + "type", + "name" + ], + "type": "object", + "description": "The source from which the account came from.", + "properties": { + "id": { + "description": "ID of the object to which this reference applies", + "type": "string", + "example": "4e4d982dddff4267ab12f0f1e72b5a6d" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "example": "SOURCE", + "description": "The type of object that is referenced" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "Corporate Active Directory" + } + } + }, + "account": { + "required": [ + "id", + "name", + "nativeIdentity", + "type" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The account that was correlated.", + "properties": { + "type": { + "enum": [ + "ACCOUNT" + ], + "description": "The type of object that is referenced", + "example": "ACCOUNT" + }, + "nativeIdentity": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "cn=john.doe,ou=users,dc=acme,dc=com" + }, + "uuid": { + "nullable": true, + "type": "string", + "description": "The source's unique identifier for the account. UUID is generated by the source system.", + "example": "1cb1f07d-3e5a-4431-becd-234fa4306108" + } + } + }, + "attributes": { + "type": "object", + "description": "The attributes associated with the account. Attributes are unique per source.", + "additionalProperties": true, + "example": { + "sn": "doe", + "givenName": "john", + "memberOf": [ + "cn=g1,ou=groups,dc=acme,dc=com", + "cn=g2,ou=groups,dc=acme,dc=com", + "cn=g3,ou=groups,dc=acme,dc=com" + ] + } + }, + "entitlementCount": { + "type": "integer", + "format": "int32", + "description": "The number of entitlements associated with this account.", + "example": 0 + } + } + }, + "Trigger-Input-AccountsCollectedForAggregation": { + "title": "Accounts Collected for Aggregation", + "type": "object", + "required": [ + "source", + "status", + "started", + "completed", + "errors", + "warnings", + "stats" + ], + "properties": { + "source": { + "required": [ + "id", + "type", + "name" + ], + "type": "object", + "description": "Reference to the source that has been aggregated.", + "properties": { + "id": { + "description": "ID of the object to which this reference applies", + "type": "string", + "example": "4e4d982dddff4267ab12f0f1e72b5a6d" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "example": "SOURCE", + "description": "The type of object that is referenced" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "Corporate Active Directory" + } + } + }, + "status": { + "description": "The overall status of the collection.", + "enum": [ + "Success", + "Failed", + "Terminated" + ], + "example": "Success" + }, + "started": { + "type": "string", + "format": "date-time", + "description": "The date and time when the account collection started.", + "example": "2020-06-29T22:01:50.474Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "The date and time when the account collection finished.", + "example": "2020-06-29T22:02:04.090Z" + }, + "errors": { + "nullable": true, + "description": "A list of errors that occurred during the collection.", + "type": "array", + "items": { + "type": "string", + "description": "A descriptive error message.", + "example": "Unable to collect accounts for aggregation." + } + }, + "warnings": { + "nullable": true, + "description": "A list of warnings that occurred during the collection.", + "type": "array", + "items": { + "type": "string", + "description": "A descriptive warning message.", + "example": "Account Skipped" + } + }, + "stats": { + "type": "object", + "description": "Overall statistics about the account collection.", + "required": [ + "scanned", + "unchanged", + "changed", + "added", + "removed" + ], + "properties": { + "scanned": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which were scanned / iterated over.", + "example": 200 + }, + "unchanged": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which existed before, but had no changes.", + "example": 190 + }, + "changed": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which existed before, but had changes.", + "example": 6 + }, + "added": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which are new - have not existed before.", + "example": 4 + }, + "removed": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "format": "int32", + "description": "The number accounts which existed before, but no longer exist (thus getting removed).", + "example": 3 + } + } + } + } + }, + "Trigger-Input-AccountUncorrelated": { + "title": "Account Uncorrelated", + "type": "object", + "required": [ + "identity", + "source", + "account" + ], + "properties": { + "identity": { + "required": [ + "type", + "name", + "id" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that the account uncorrelated with.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "description": "The type of object that is referenced", + "example": "IDENTITY" + } + } + }, + "source": { + "required": [ + "type", + "name", + "id" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The source from which the account came from.", + "properties": { + "type": { + "enum": [ + "SOURCE" + ], + "description": "The type of object that is referenced", + "example": "SOURCE" + } + } + }, + "account": { + "required": [ + "id", + "name", + "nativeIdentity", + "type" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The account that was uncorrelated.", + "properties": { + "type": { + "enum": [ + "ACCOUNT" + ], + "description": "The type of object that is referenced", + "example": "ACCOUNT" + }, + "nativeIdentity": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "cn=john.doe,ou=users,dc=acme,dc=com" + }, + "uuid": { + "nullable": true, + "type": "string", + "description": "The source's unique identifier for the account. UUID is generated by the source system.", + "example": "1cb1f07d-3e5a-4431-becd-234fa4306108" + } + } + }, + "entitlementCount": { + "type": "integer", + "format": "int32", + "description": "The number of entitlements associated with this account.", + "example": 0 + } + } + }, + "Trigger-Input-CampaignActivated": { + "title": "Campaign Activated", + "type": "object", + "required": [ + "campaign" + ], + "properties": { + "campaign": { + "type": "object", + "description": "Details about the certification campaign that was activated.", + "required": [ + "id", + "name", + "description", + "created", + "deadline", + "type", + "campaignOwner", + "status" + ], + "properties": { + "id": { + "type": "string", + "description": "Unique ID for the campaign.", + "example": "2c91808576f886190176f88cac5a0010" + }, + "name": { + "type": "string", + "description": "The human friendly name of the campaign.", + "example": "Manager Access Campaign" + }, + "description": { + "type": "string", + "description": "Extended description of the campaign.", + "example": "Audit access for all employees." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was created.", + "example": "2021-02-16T03:04:45.815Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was last modified.", + "example": "2021-02-16T03:06:45.815Z" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign is due.", + "example": "2021-03-16T03:04:45.815Z" + }, + "type": { + "description": "The type of campaign.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "campaignOwner": { + "type": "object", + "description": "Details of the identity that owns the campaign.", + "required": [ + "id", + "displayName", + "email" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the identity.", + "example": "37f080867702c1910177031320c40n27" + }, + "displayName": { + "type": "string", + "description": "The human friendly name of the identity.", + "example": "John Snow" + }, + "email": { + "type": "string", + "description": "The primary email address of the identity.", + "example": "john.snow@example.com" + } + } + }, + "status": { + "enum": [ + "ACTIVE" + ], + "description": "The current status of the campaign.", + "example": "ACTIVE" + } + } + } + } + }, + "Trigger-Input-CampaignEnded": { + "title": "Campaign Ended", + "type": "object", + "required": [ + "campaign" + ], + "properties": { + "campaign": { + "type": "object", + "description": "Details about the certification campaign that ended.", + "required": [ + "id", + "name", + "description", + "created", + "deadline", + "type", + "campaignOwner", + "status" + ], + "properties": { + "id": { + "type": "string", + "description": "Unique ID for the campaign.", + "example": "2c91808576f886190176f88cac5a0010" + }, + "name": { + "type": "string", + "description": "The human friendly name of the campaign.", + "example": "Manager Access Campaign" + }, + "description": { + "type": "string", + "description": "Extended description of the campaign.", + "example": "Audit access for all employees." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was created.", + "example": "2021-02-16T03:04:45.815Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was last modified.", + "example": "2021-03-16T03:06:45.815Z" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign is due.", + "example": "2021-03-16T03:04:45.815Z" + }, + "type": { + "description": "The type of campaign.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "campaignOwner": { + "type": "object", + "description": "Details of the identity that owns the campaign.", + "required": [ + "id", + "displayName", + "email" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the identity.", + "example": "37f080867702c1910177031320c40n27" + }, + "displayName": { + "type": "string", + "description": "The human friendly name of the identity.", + "example": "John Snow" + }, + "email": { + "type": "string", + "description": "The primary email address of the identity.", + "example": "john.snow@example.com" + } + } + }, + "status": { + "enum": [ + "COMPLETED" + ], + "description": "The current status of the campaign.", + "example": "COMPLETED" + } + } + } + } + }, + "Trigger-Input-CampaignGenerated": { + "title": "Campaign Generated", + "type": "object", + "required": [ + "campaign" + ], + "properties": { + "campaign": { + "description": "Details about the campaign that was generated.", + "type": "object", + "required": [ + "id", + "name", + "description", + "created", + "type", + "campaignOwner", + "status" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "2c91808576f886190176f88cac5a0010" + }, + "name": { + "type": "string", + "description": "Human friendly name of the campaign.", + "example": "Manager Access Campaign" + }, + "description": { + "type": "string", + "description": "Extended description of the campaign.", + "example": "Audit access for all employees." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was created.", + "example": "2021-02-16T03:04:45.815Z" + }, + "modified": { + "nullable": true, + "type": "string", + "description": "The date and time the campaign was last modified.", + "example": "2021-02-17T03:04:45.815Z" + }, + "deadline": { + "nullable": true, + "type": "string", + "description": "The date and time when the campaign must be finished by.", + "example": "2021-02-18T03:04:45.815Z" + }, + "type": { + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "description": "The type of campaign that was generated.", + "example": "MANAGER" + }, + "campaignOwner": { + "type": "object", + "description": "The identity that owns the campaign.", + "required": [ + "id", + "displayName", + "email" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the identity.", + "example": "37f080867702c1910177031320c40n27" + }, + "displayName": { + "type": "string", + "description": "The display name of the identity.", + "example": "John Snow" + }, + "email": { + "type": "string", + "description": "The primary email address of the identity.", + "example": "john.snow@example.com" + } + } + }, + "status": { + "enum": [ + "STAGED", + "ACTIVATING", + "ACTIVE" + ], + "description": "The current status of the campaign.", + "example": "STAGED" + } + } + } + } + }, + "Trigger-Input-CertificationSignedOff": { + "title": "Certification Signed Off", + "type": "object", + "required": [ + "certification" + ], + "properties": { + "certification": { + "description": "The certification campaign that was signed off on.", + "required": [ + "id", + "name", + "created" + ], + "allOf": [ + { + "type": "object", + "required": [ + "campaignRef", + "completed", + "decisionsMade", + "decisionsTotal", + "due", + "signed", + "reviewer", + "campaignOwner", + "hasErrors", + "phase", + "entitiesCompleted", + "entitiesTotal" + ], + "properties": { + "campaignRef": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "phase": { + "type": "string", + "description": "The current phase of the campaign.\n* `STAGED`: The campaign is waiting to be activated.\n* `ACTIVE`: The campaign is active.\n* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.\n", + "enum": [ + "STAGED", + "ACTIVE", + "SIGNED" + ], + "example": "ACTIVE" + }, + "due": { + "type": "string", + "format": "date-time", + "description": "The due date of the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "signed": { + "type": "string", + "format": "date-time", + "description": "The date the reviewer signed off on the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "reviewer": { + "description": "A reference to the reviewer of the campaign.", + "type": "object", + "required": [ + "type", + "id", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object that the reviewer is.", + "enum": [ + "IDENTITY", + "GOVERNANCE_GROUP" + ], + "example": "IDENTITY" + }, + "email": { + "type": "string", + "nullable": true, + "description": "The email of the reviewing identity. Only applicable to `IDENTITY`", + "example": "reviewer@test.com" + } + } + }, + "reassignment": { + "nullable": true, + "description": "A reference to a reviewer that this campaign has been reassigned to.", + "type": "object", + "properties": { + "from": { + "description": "The previous certification", + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "reviewer": { + "description": "Certification reviewer", + "type": "object", + "required": [ + "type", + "id", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object that the reviewer is.", + "enum": [ + "IDENTITY", + "GOVERNANCE_GROUP" + ], + "example": "IDENTITY" + }, + "email": { + "type": "string", + "nullable": true, + "description": "The email of the reviewing identity. Only applicable to `IDENTITY`", + "example": "reviewer@test.com" + } + } + } + } + } + ], + "properties": { + "type": { + "description": "The type of object that the reviewer is.", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + "comment": { + "type": "string", + "description": "Comments from the previous reviewer.", + "example": "Please review" + } + } + }, + "hasErrors": { + "type": "boolean", + "example": false, + "description": "Indicates it the certification has any errors." + }, + "errorMessage": { + "type": "string", + "nullable": true, + "example": "The certification has an error", + "description": "A message indicating what the error is." + }, + "completed": { + "type": "boolean", + "description": "Indicates if all certification decisions have been made.", + "example": false + }, + "decisionsMade": { + "type": "integer", + "description": "The number of approve/revoke/acknowledge decisions that have been made by the reviewer.", + "example": 20, + "format": "int32" + }, + "decisionsTotal": { + "type": "integer", + "description": "The total number of approve/revoke/acknowledge decisions for the certification.", + "example": 40, + "format": "int32" + }, + "entitiesCompleted": { + "type": "integer", + "description": "The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete.", + "example": 5, + "format": "int32" + }, + "entitiesTotal": { + "type": "integer", + "format": "int32", + "description": "The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete.", + "example": 10 + } + } + } + ], + "properties": { + "id": { + "type": "string", + "description": "Unique ID of the certification.", + "example": "2c91808576f886190176f88caf0d0067" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Manager Access Review for Alice Baker" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the certification was created.", + "example": "2020-02-16T03:04:45.815Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date and time the certification was last modified.", + "example": "2020-02-16T03:06:45.815Z" + } + } + } + } + }, + "Trigger-Input-IdentityAttributesChanged": { + "title": "Identity Attributes Changed", + "type": "object", + "required": [ + "identity", + "changes" + ], + "properties": { + "identity": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity who's attributes changed.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "changes": { + "description": "A list of one or more identity attributes that changed on the identity.", + "type": "array", + "items": { + "type": "object", + "required": [ + "attribute" + ], + "properties": { + "attribute": { + "type": "string", + "description": "The name of the identity attribute that changed.", + "example": "department" + }, + "oldValue": { + "description": "The value of the identity attribute before it changed.", + "nullable": true, + "example": "sales", + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "object", + "nullable": true, + "additionalProperties": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "integer" + }, + { + "type": "boolean" + } + ] + } + } + ] + }, + "newValue": { + "description": "The value of the identity attribute after it changed.", + "example": "marketing", + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "object", + "nullable": true, + "additionalProperties": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "integer" + }, + { + "type": "boolean" + } + ] + } + } + ] + } + } + } + } + } + }, + "Trigger-Input-IdentityCreated": { + "title": "Identity Created", + "type": "object", + "required": [ + "identity", + "attributes" + ], + "properties": { + "identity": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that was created.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "attributes": { + "type": "object", + "description": "The attributes assigned to the identity. Attributes are determined by the identity profile.", + "additionalProperties": true, + "example": { + "firstname": "John" + } + } + } + }, + "Trigger-Input-IdentityDeleted": { + "title": "Identity Deleted", + "type": "object", + "required": [ + "identity", + "attributes" + ], + "properties": { + "identity": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that was deleted.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "attributes": { + "type": "object", + "description": "The attributes assigned to the identity. Attributes are determined by the identity profile.", + "additionalProperties": true, + "example": { + "firstname": "John" + } + } + } + }, + "Trigger-Input-ProvisioningCompleted": { + "title": "Provisioning Completed", + "type": "object", + "required": [ + "trackingNumber", + "sources", + "recipient", + "accountRequests" + ], + "properties": { + "trackingNumber": { + "type": "string", + "description": "The reference number of the provisioning request. Useful for tracking status in the Account Activity search interface.", + "example": "4b4d982dddff4267ab12f0f1e72b5a6d" + }, + "sources": { + "type": "string", + "description": "One or more sources that the provisioning transaction(s) were done against. Sources are comma separated.", + "example": "Corp AD, Corp LDAP, Corp Salesforce" + }, + "action": { + "nullable": true, + "type": "string", + "description": "Origin of where the provisioning request came from.", + "example": "IdentityRefresh" + }, + "errors": { + "nullable": true, + "description": "A list of any accumulated error messages that occurred during provisioning.", + "type": "array", + "items": { + "type": "string", + "example": "Connector AD Failed" + } + }, + "warnings": { + "nullable": true, + "description": "A list of any accumulated warning messages that occurred during provisioning.", + "type": "array", + "items": { + "type": "string", + "example": "Notification Skipped due to invalid email" + } + }, + "recipient": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity who is the target of the provisioning request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "requester": { + "nullable": true, + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity (if any) who submitted the provisioning request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "accountRequests": { + "type": "array", + "description": "A list of provisioning instructions to perform on an account-by-account basis.", + "items": { + "type": "object", + "required": [ + "source", + "accountOperation", + "provisioningResult", + "provisioningTarget" + ], + "properties": { + "source": { + "required": [ + "id", + "type", + "name" + ], + "type": "object", + "description": "Reference to the source being provisioned against.", + "properties": { + "id": { + "description": "ID of the object to which this reference applies", + "type": "string", + "example": "4e4d982dddff4267ab12f0f1e72b5a6d" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "example": "SOURCE", + "description": "The type of object that is referenced" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "Corporate Active Directory" + } + } + }, + "accountId": { + "type": "string", + "description": "The unique idenfier of the account being provisioned.", + "example": "CN=Chewy.Bacca,ou=hardcorefigter,ou=wookies,dc=starwars,dc=com" + }, + "accountOperation": { + "type": "string", + "description": "The provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete.", + "example": "Modify" + }, + "provisioningResult": { + "description": "The overall result of the provisioning transaction; this could be success, pending, failed, etc.", + "enum": [ + "SUCCESS", + "PENDING", + "FAILED" + ], + "example": "SUCCESS" + }, + "provisioningTarget": { + "type": "string", + "description": "The name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM).", + "example": "Corp AD" + }, + "ticketId": { + "nullable": true, + "type": "string", + "description": "A reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM).", + "example": "72619262" + }, + "attributeRequests": { + "nullable": true, + "description": "A list of attributes as part of the provisioning transaction.", + "type": "array", + "items": { + "type": "object", + "required": [ + "attributeName", + "operation" + ], + "properties": { + "attributeName": { + "type": "string", + "description": "The name of the attribute being provisioned.", + "example": "memberOf" + }, + "attributeValue": { + "nullable": true, + "type": "string", + "description": "The value of the attribute being provisioned.", + "example": "CN=jedi,DC=starwars,DC=com" + }, + "operation": { + "enum": [ + "Add", + "Set", + "Remove" + ], + "description": "The operation to handle the attribute.", + "example": "Add" + } + } + } + } + } + } + } + } + }, + "Trigger-Input-SavedSearchComplete": { + "title": "Saved Search Complete", + "type": "object", + "required": [ + "fileName", + "ownerEmail", + "ownerName", + "query", + "searchName", + "searchResults", + "signedS3Url" + ], + "properties": { + "fileName": { + "type": "string", + "description": "A name for the report file.", + "example": "Modified.zip" + }, + "ownerEmail": { + "type": "string", + "description": "The email address of the identity that owns the saved search.", + "example": "test@sailpoint.com" + }, + "ownerName": { + "type": "string", + "description": "The name of the identity that owns the saved search.", + "example": "Cloud Support" + }, + "query": { + "type": "string", + "description": "The search query that was used to generate the report.", + "example": "modified:[now-7y/d TO now]" + }, + "searchName": { + "type": "string", + "description": "The name of the saved search.", + "example": "Modified Activity" + }, + "searchResults": { + "type": "object", + "description": "A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type.", + "properties": { + "Account": { + "description": "A table of accounts that match the search criteria.", + "nullable": true, + "type": "object", + "required": [ + "count", + "noun", + "preview" + ], + "properties": { + "count": { + "type": "string", + "description": "The number of rows in the table.", + "example": 3 + }, + "noun": { + "type": "string", + "description": "The type of object represented in the table.", + "example": "accounts" + }, + "preview": { + "description": "A sample of the data in the table.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string", + "example": "Robert.Chase" + }, + "example": [] + } + } + } + }, + "Entitlement": { + "description": "A table of entitlements that match the search criteria.", + "nullable": true, + "type": "object", + "required": [ + "count", + "noun", + "preview" + ], + "properties": { + "count": { + "type": "string", + "description": "The number of rows in the table.", + "example": 2 + }, + "noun": { + "type": "string", + "description": "The type of object represented in the table.", + "example": "entitlements" + }, + "preview": { + "description": "A sample of the data in the table.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string", + "example": "Administrator" + }, + "example": [] + } + } + } + }, + "Identity": { + "description": "A table of identities that match the search criteria.", + "nullable": true, + "type": "object", + "required": [ + "count", + "noun", + "preview" + ], + "properties": { + "count": { + "type": "string", + "description": "The number of rows in the table.", + "example": 2 + }, + "noun": { + "type": "string", + "description": "The type of object represented in the table.", + "example": "identities" + }, + "preview": { + "description": "A sample of the data in the table.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string", + "example": "Carol Shelby" + }, + "example": [] + } + } + } + } + } + }, + "signedS3Url": { + "type": "string", + "description": "The Amazon S3 URL to download the report from.", + "example": "https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e732bb97a12a1fd8a215613e3c31fcdae8ba1fb6a25916843ab5b51d2ddefbc" + } + } + }, + "Trigger-Input-SourceAccountCreated": { + "type": "object", + "required": [ + "id", + "nativeIdentifier", + "sourceId", + "sourceName", + "identityId", + "identityName", + "attributes" + ], + "properties": { + "uuid": { + "type": "string", + "description": "Source unique identifier for the identity. UUID is generated by the source system.", + "example": "b7264868-7201-415f-9118-b581d431c688" + }, + "id": { + "type": "string", + "description": "SailPoint generated unique identifier.", + "example": "ee769173319b41d19ccec35ba52f237b" + }, + "nativeIdentifier": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "E009" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source.", + "example": "2c918082814e693601816e09471b29b6" + }, + "sourceName": { + "type": "string", + "description": "The name of the source.", + "example": "Active Directory" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity that is corellated with this account.", + "example": "ee769173319b41d19ccec6c235423237b" + }, + "identityName": { + "type": "string", + "description": "The name of the identity that is corellated with this account.", + "example": "john.doe" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The attributes of the account. The contents of attributes depends on the account schema for the source.", + "example": { + "firstname": "John", + "lastname": "Doe", + "email": "john.doe@gmail.com", + "department": "Sales", + "displayName": "John Doe", + "created": "2020-04-27T16:48:33.597Z", + "employeeNumber": "E009", + "uid": "E009", + "inactive": "true", + "phone": null, + "identificationNumber": "E009" + } + } + } + }, + "Trigger-Input-SourceAccountDeleted": { + "type": "object", + "required": [ + "id", + "nativeIdentifier", + "sourceId", + "sourceName", + "identityId", + "identityName", + "attributes" + ], + "properties": { + "uuid": { + "type": "string", + "description": "Source unique identifier for the identity. UUID is generated by the source system.", + "example": "b7264868-7201-415f-9118-b581d431c688" + }, + "id": { + "type": "string", + "description": "SailPoint generated unique identifier.", + "example": "ee769173319b41d19ccec35ba52f237b" + }, + "nativeIdentifier": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "E009" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source.", + "example": "2c918082814e693601816e09471b29b6" + }, + "sourceName": { + "type": "string", + "description": "The name of the source.", + "example": "Active Directory" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity that is corellated with this account.", + "example": "ee769173319b41d19ccec6c235423237b" + }, + "identityName": { + "type": "string", + "description": "The name of the identity that is corellated with this account.", + "example": "john.doe" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The attributes of the account. The contents of attributes depends on the account schema for the source.", + "example": { + "firstname": "John", + "lastname": "Doe", + "email": "john.doe@gmail.com", + "department": "Sales", + "displayName": "John Doe", + "created": "2020-04-27T16:48:33.597Z", + "employeeNumber": "E009", + "uid": "E009", + "inactive": "true", + "phone": null, + "identificationNumber": "E009" + } + } + } + }, + "Trigger-Input-SourceAccountUpdated": { + "type": "object", + "required": [ + "id", + "nativeIdentifier", + "sourceId", + "sourceName", + "identityId", + "identityName", + "attributes" + ], + "properties": { + "uuid": { + "type": "string", + "description": "Source unique identifier for the identity. UUID is generated by the source system.", + "example": "b7264868-7201-415f-9118-b581d431c688" + }, + "id": { + "type": "string", + "description": "SailPoint generated unique identifier.", + "example": "ee769173319b41d19ccec35ba52f237b" + }, + "nativeIdentifier": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "E009" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source.", + "example": "2c918082814e693601816e09471b29b6" + }, + "sourceName": { + "type": "string", + "description": "The name of the source.", + "example": "Active Directory" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity that is corellated with this account.", + "example": "ee769173319b41d19ccec6c235423237b" + }, + "identityName": { + "type": "string", + "description": "The name of the identity that is corellated with this account.", + "example": "john.doe" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The attributes of the account. The contents of attributes depends on the account schema for the source.", + "example": { + "firstname": "John", + "lastname": "Doe", + "email": "john.doe@gmail.com", + "department": "Sales", + "displayName": "John Doe", + "created": "2020-04-27T16:48:33.597Z", + "employeeNumber": "E009", + "uid": "E009", + "inactive": "true", + "phone": null, + "identificationNumber": "E009" + } + } + } + }, + "Trigger-Input-SourceCreated": { + "title": "Source Created", + "type": "object", + "required": [ + "id", + "name", + "type", + "created", + "connector", + "actor" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the source.", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human friendly name of the source.", + "example": "Test source" + }, + "type": { + "type": "string", + "description": "The connection type.", + "example": "DIRECT_CONNECT" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the source was created.", + "example": "2021-03-29T22:01:50.474Z" + }, + "connector": { + "type": "string", + "description": "The connector type used to connect to the source.", + "example": "active-directory" + }, + "actor": { + "required": [ + "id", + "name", + "type" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that created the source.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + "Trigger-Input-SourceDeleted": { + "title": "Source Deleted", + "type": "object", + "required": [ + "id", + "name", + "type", + "deleted", + "connector", + "actor" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the source.", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human friendly name of the source.", + "example": "Test source" + }, + "type": { + "type": "string", + "description": "The connection type.", + "example": "DIRECT_CONNECT" + }, + "deleted": { + "type": "string", + "format": "date-time", + "description": "The date and time the source was deleted.", + "example": "2021-03-29T22:01:50.474Z" + }, + "connector": { + "type": "string", + "description": "The connector type used to connect to the source.", + "example": "active-directory" + }, + "actor": { + "required": [ + "id", + "name", + "type" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that deleted the source.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + "Trigger-Input-SourceUpdated": { + "title": "Source Updated", + "type": "object", + "required": [ + "id", + "name", + "type", + "modified", + "connector", + "actor" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the source.", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "The user friendly name of the source.", + "example": "Corporate Active Directory" + }, + "type": { + "type": "string", + "description": "The connection type of the source.", + "example": "DIRECT_CONNECT" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time the source was modified.", + "example": "2021-03-29T22:01:50.474Z" + }, + "connector": { + "type": "string", + "description": "The connector type used to connect to the source.", + "example": "active-directory" + }, + "actor": { + "required": [ + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity or system that performed the update.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + "Trigger-Input-VAClusterStatusChangeEvent": { + "title": "VA Cluster Status Change Event", + "type": "object", + "required": [ + "created", + "type", + "application", + "healthCheckResult", + "previousHealthCheckResult" + ], + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the status change occurred.", + "example": "2020-06-29T22:01:50.474Z" + }, + "type": { + "enum": [ + "SOURCE", + "CLUSTER" + ], + "description": "The type of the object that initiated this event.", + "example": "CLUSTER" + }, + "application": { + "type": "object", + "description": "Details about the `CLUSTER` or `SOURCE` that initiated this event.", + "required": [ + "id", + "name", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "description": "The GUID of the application", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "The name of the application", + "example": "Production VA Cluster" + }, + "attributes": { + "type": "object", + "description": "Custom map of attributes for a source. This will only be populated if type is `SOURCE` and the source has a proxy.", + "additionalProperties": true, + "nullable": true, + "example": null + } + } + }, + "healthCheckResult": { + "type": "object", + "description": "The results of the most recent health check.", + "required": [ + "message", + "resultType", + "status" + ], + "properties": { + "message": { + "type": "string", + "description": "Detailed message of the result of the health check.", + "example": "Test Connection failed with exception. Error message - java.lang Exception" + }, + "resultType": { + "type": "string", + "description": "The type of the health check result.", + "example": "SOURCE_STATE_ERROR_CLUSTER" + }, + "status": { + "enum": [ + "Succeeded", + "Failed" + ], + "description": "The status of the health check.", + "example": "Succeeded" + } + } + }, + "previousHealthCheckResult": { + "type": "object", + "description": "The results of the last health check.", + "required": [ + "message", + "resultType", + "status" + ], + "properties": { + "message": { + "type": "string", + "description": "Detailed message of the result of the health check.", + "example": "Test Connection failed with exception. Error message - java.lang Exception" + }, + "resultType": { + "type": "string", + "description": "The type of the health check result.", + "example": "SOURCE_STATE_ERROR_CLUSTER" + }, + "status": { + "enum": [ + "Succeeded", + "Failed" + ], + "description": "The status of the health check.", + "example": "Failed" + } + } + } + } + }, + "Trigger-Output-AccessRequestDynamicApprover": { + "title": "Access Request Dynamic Approver", + "type": "object", + "nullable": true, + "required": [ + "id", + "name", + "type" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the identity to add to the approver list for the access request.", + "example": "2c91808b6ef1d43e016efba0ce470906" + }, + "name": { + "type": "string", + "description": "The name of the identity to add to the approver list for the access request.", + "example": "Adam Adams" + }, + "type": { + "enum": [ + "IDENTITY", + "GOVERNANCE_GROUP" + ], + "description": "The type of object being referenced.", + "example": "IDENTITY" + } + } + }, + "Trigger-Output-AccessRequestPreApproval": { + "title": "Access Request Pre Approval", + "type": "object", + "required": [ + "approved", + "comment", + "approver" + ], + "properties": { + "approved": { + "type": "boolean", + "description": "Whether or not to approve the access request.", + "example": false + }, + "comment": { + "type": "string", + "description": "A comment about the decision to approve or deny the request.", + "example": "This access should be denied, because this will cause an SOD violation." + }, + "approver": { + "type": "string", + "description": "The name of the entity that approved or denied the request.", + "example": "AcmeCorpExternalIntegration" + } + } + } + } + }, + "paths": { + "/access-profiles": { + "get": { + "operationId": "listAccessProfiles", + "tags": [ + "Access Profiles" + ], + "summary": "List Access Profiles", + "description": "This API returns a list of Access Profiles.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "for-subadmin", + "schema": { + "type": "string" + }, + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "example": "8c190e6787aa4ed9a90bd9d5344523fb", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 50, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 50, + "default": 50 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "example": "name eq \"SailPoint Support\"", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "example": "name,-modified", + "required": false + }, + { + "in": "query", + "name": "for-segment-ids", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "example": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "required": false + }, + { + "in": "query", + "name": "include-unsegmented", + "schema": { + "type": "boolean", + "default": true + }, + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "example": false, + "required": false + } + ], + "responses": { + "200": { + "description": "List of Access Profiles", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:read", + "idn:access-profile:manage" + ] + } + ] + }, + "post": { + "operationId": "createAccessProfile", + "tags": [ + "Access Profiles" + ], + "summary": "Create an Access Profile", + "description": "This API creates an Access Profile.\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Access Profile created", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:manage" + ] + } + ] + } + }, + "/access-profiles/{id}": { + "get": { + "operationId": "getAccessProfile", + "tags": [ + "Access Profiles" + ], + "summary": "Get an Access Profile", + "description": "This API returns an Access Profile by its ID.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "ID of the Access Profile", + "example": "2c9180837ca6693d017ca8d097500149" + } + ], + "responses": { + "200": { + "description": "An AccessProfile", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:read", + "idn:access-profile:manage" + ] + } + ] + }, + "patch": { + "operationId": "patchAccessProfile", + "tags": [ + "Access Profiles" + ], + "summary": "Patch a specified Access Profile", + "description": "This API updates an existing Access Profile. The following fields are patchable:\n**name**, **description**, **enabled**, **owner**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria**\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer.\n> The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.\n\n> You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.\n\n> Patching the value of the **requestable** field is only supported for customers enabled with the new Request Center. Otherwise, attempting to modify this field results in a 400 error.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Access Profile to patch", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121919ecca" + } + } + ], + "requestBody": { + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "Add Entitlements": { + "description": "Add one or more entitlements to the end of the list", + "value": [ + { + "op": "add", + "path": "/entitlements", + "value": [ + { + "id": "2c9180857725c14301772a93bb77242d", + "type": "ENTITLEMENT", + "name": "AD User Group" + } + ] + } + ] + }, + "Insert Entitlement": { + "description": "Add an entitlement at the beginning of the entitlement list", + "value": [ + { + "op": "add", + "path": "/entitlements/0", + "value": { + "id": "2c9180857725c14301772a93bb77242d", + "type": "ENTITLEMENT", + "name": "AD User Group" + } + } + ] + }, + "Replace Entitlements": { + "description": "Replace all entitlements with a new list of entitlements", + "value": [ + { + "op": "replace", + "path": "/entitlements", + "value": [ + { + "id": "2c9180857725c14301772a93bb77242d", + "type": "ENTITLEMENT", + "name": "AD User Group" + } + ] + } + ] + }, + "Remove Entitlement": { + "description": "Remove the first entitlement in the list", + "value": [ + { + "op": "remove", + "path": "/entitlements/0" + } + ] + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Responds with the Access Profile as updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:manage" + ] + } + ] + }, + "delete": { + "operationId": "deleteAccessProfile", + "tags": [ + "Access Profiles" + ], + "summary": "Delete the specified Access Profile", + "description": "This API deletes an existing Access Profile.\n\nThe Access Profile must not be in use. If it is, a 400 error is returned.\n\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a SOURCE_SUBADMIN token must be able to administer the Source associated with the Access Profile.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Access Profile to delete", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121919ecca" + } + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Returned when an access profile cannot be deleted as it's being used.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "400.2.1.0 Object in use by another": { + "description": "Returned when an access profile cannot be deleted as it's being used", + "value": { + "detailCode": "400.2.1.0 Object in use by another", + "trackingId": "c9c1033c55b84ebc9e93e926dcf8b8b3", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The \"testAccessProfile\" access profile can't be deleted because it's in use." + } + ] + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:manage" + ] + } + ] + } + }, + "/access-profiles/bulk-delete": { + "post": { + "operationId": "deleteAccessProfilesInBulk", + "summary": "Delete Access Profile(s)", + "tags": [ + "Access Profiles" + ], + "description": "This API initiates a bulk deletion of one or more Access Profiles.\n\nBy default, if any of the indicated Access Profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated Access Profiles will be deleted.\n\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to delete Access Profiles which are associated with Sources they are able to administer.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accessProfileIds": { + "description": "List of IDs of Access Profiles to be deleted.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c9180847812e0b1017817051919ecca", + "2c9180887812e0b201781e129f151816" + ] + }, + "bestEffortOnly": { + "description": "If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use.", + "type": "boolean", + "example": true + } + } + }, + "example": { + "bestEffortOnly": true, + "accessProfileIds": [ + "2c91808876438bb2017668b91919ecca", + "2c91808876438ba801766e129f151816" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "taskId": { + "type": "string", + "description": "ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.", + "example": "2c9180867817ac4d017817c491119a20" + }, + "pending": { + "type": "array", + "description": "List of IDs of Access Profiles which are pending deletion.", + "items": { + "type": "string" + }, + "example": [ + "2c91808876438bbb017668c21919ecca", + "2c91808876438bb201766e129f151816" + ] + }, + "inUse": { + "type": "array", + "description": "List of usages of Access Profiles targeted for deletion.", + "items": { + "type": "object", + "properties": { + "accessProfileId": { + "type": "string", + "description": "ID of the Access Profile that is in use", + "example": "2c91808876438bbb017668c21919ecca" + }, + "usedBy": { + "type": "array", + "description": "List of references to objects which are using the indicated Access Profile", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + } + } + } + }, + "example": { + "pending": [], + "inUse": [ + { + "accessProfileId": "2c91808876438ba801766e129f151816", + "usages": [ + { + "type": "Role", + "id": "2c9180887643764201766e9f6e121518" + } + ] + } + ] + } + } + } + }, + "202": { + "description": "Returned if at least one deletion will be performed.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "taskId": { + "type": "string", + "description": "ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.", + "example": "2c9180867817ac4d017817c491119a20" + }, + "pending": { + "type": "array", + "description": "List of IDs of Access Profiles which are pending deletion.", + "items": { + "type": "string" + }, + "example": [ + "2c91808876438bbb017668c21919ecca", + "2c91808876438bb201766e129f151816" + ] + }, + "inUse": { + "type": "array", + "description": "List of usages of Access Profiles targeted for deletion.", + "items": { + "type": "object", + "properties": { + "accessProfileId": { + "type": "string", + "description": "ID of the Access Profile that is in use", + "example": "2c91808876438bbb017668c21919ecca" + }, + "usedBy": { + "type": "array", + "description": "List of references to objects which are using the indicated Access Profile", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + } + } + } + }, + "example": { + "taskId": "2c91808a7813090a01781412a1119a20", + "pending": [ + "2c91808a7813090a017813fe1919ecca" + ], + "inUse": [ + { + "accessProfileId": "2c91808876438ba801766e129f151816", + "usages": [ + { + "type": "Role", + "id": "2c9180887643764201766e9f6e121518" + } + ] + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:manage" + ] + } + ] + } + }, + "/access-profiles/{id}/entitlements": { + "get": { + "operationId": "getAccessProfileEntitlements", + "tags": [ + "Access Profiles" + ], + "summary": "List Access Profile's Entitlements", + "description": "This API lists the Entitlements associated with a given Access Profile\n\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given Access Profile", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the containing Access Profile", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121919ecca" + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "example": "attribute eq \"memberOf\"", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "example": "name,-modified", + "required": false + } + ], + "responses": { + "200": { + "description": "List of Entitlements", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The entitlement id", + "example": "2c91808874ff91550175097daaec161c" + }, + "name": { + "type": "string", + "description": "The entitlement name", + "example": "LauncherTest2" + }, + "attribute": { + "type": "string", + "description": "The entitlement attribute name", + "example": "memberOf" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The object type of the entitlement from the source schema", + "example": "group" + }, + "description": { + "type": "string", + "description": "The description of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "privileged": { + "type": "boolean", + "description": "True if the entitlement is privileged", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": true + }, + "created": { + "type": "string", + "description": "Time when the entitlement was created", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "modified": { + "type": "string", + "description": "Time when the entitlement was last modified", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The source ID", + "example": "2c9180827ca885d7017ca8ce28a000eb" + }, + "type": { + "type": "string", + "description": "The source type, will always be \"SOURCE\"", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The source name", + "example": "ODS-AD-Source" + } + } + }, + "attributes": { + "type": "object", + "description": "A map of free-form key-value pairs from the source system", + "example": { + "fieldName": "fieldValue" + }, + "additionalProperties": true + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Entitlement is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "directPermissions": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + }, + "owner": { + "type": "object", + "description": "Simplified DTO for the owner object of the entitlement", + "properties": { + "id": { + "type": "string", + "description": "The owner id for the entitlement", + "example": "2a2fdacca5e345f18bf7970cfbb8fec2" + }, + "name": { + "type": "string", + "description": "The owner name for the entitlement", + "example": "identity 1" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the owner. Initially only type IDENTITY is supported", + "example": "IDENTITY" + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:read", + "idn:access-profile:manage" + ] + } + ] + } + }, + "/access-requests": { + "post": { + "operationId": "createAccessRequest", + "security": [ + { + "oauth2": [ + "idn:access-request:create" + ] + } + ], + "summary": "Submit an Access Request", + "tags": [ + "Access Requests" + ], + "description": "This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes.\n\nAccess requests are processed asynchronously by IdentityNow. A success response from this endpoint means the request\nhas been submitted to IDN and is queued for processing. Because this endpoint is asynchronous, it will not return an error\nif you submit duplicate access requests in quick succession, or you submit an access request for access that is already in progress, approved, or rejected.\nIt is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can\nbe accomplished by using the [access request status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [pending access request approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) endpoints. You can also\nuse the [search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items that an identity has before submitting\nan access request to ensure you are not requesting access that is already granted.\n\nThere are two types of access request:\n\n__GRANT_ACCESS__\n* Can be requested for multiple identities in a single request.\n* Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options. \n* Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.\n* Roles, Access Profiles and Entitlements can be requested.\n* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.\n \n__REVOKE_ACCESS__\n* Can only be requested for a single identity at a time.\n* Does not support self request. Only manager can request to revoke access for their directly managed employees.\n* If removeDate is specified, then the access will be removed on that date and time only for Roles and Access Profiles. Entitlements are currently unsupported for removeDate.\n* Roles, Access Profiles, and Entitlements can be requested for revocation.\n* Revoke requests for entitlements are limited to 1 entitlement per access request currently.\n* [Roles, Access Profiles] RemoveData can be specified only if access don't have a sunset date.\n* Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.\n\nNOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.\n\nA token with API authority cannot be used to call this endpoint. \n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "requestedFor": { + "description": "A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID.", + "type": "array", + "items": { + "type": "string", + "example": "2c918084660f45d6016617daa9210584" + } + }, + "requestType": { + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "description": "Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.", + "example": "GRANT_ACCESS" + }, + "requestedItems": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of the item being requested.", + "example": "ACCESS_PROFILE" + }, + "id": { + "type": "string", + "description": "ID of Role, Access Profile or Entitlement being requested.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "comment": { + "type": "string", + "description": "Comment provided by requester.\n* Comment is required when the request is of type Revoke Access.\n", + "example": "Requesting access profile for John Doe" + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string", + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + } + }, + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status." + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.\n* Specify a date in the future.\n* The current SLA for the deprovisioning is 24 hours.\n* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity.\n* Currently it is not supported for entitlements.\n* If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements.\n", + "format": "date-time", + "example": "2020-07-11T21:23:15.000Z" + } + }, + "required": [ + "id", + "type" + ] + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string", + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + } + }, + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities." + } + }, + "required": [ + "requestedFor", + "requestedItems" + ] + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-requests/cancel": { + "post": { + "operationId": "cancelAccessRequest", + "tags": [ + "Access Requests" + ], + "summary": "Cancel Access Request", + "description": "This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step.\nAny token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Request body payload for cancel access request endpoint.", + "required": [ + "accountActivityId", + "comment" + ], + "properties": { + "accountActivityId": { + "type": "string", + "description": "ID of the account activity object corresponding to the access request.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "comment": { + "type": "string", + "description": "Reason for cancelling the pending access request.", + "example": "I requested this role by mistake." + } + } + }, + "example": { + "accountActivityId": "2c91808568c529c60168cca6f90c1313", + "comment": "I requested this role by mistake." + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-requests/close": { + "post": { + "operationId": "closeAccessRequest", + "tags": [ + "Access Requests" + ], + "summary": "Close Access Request", + "description": "This endpoint closes access requests that are stuck in a pending state. It can be used throughout a request's lifecycle (even after the approval state, unlike Cancel Access Request). A token with ORG_ADMIN authority is required.\n\nTo find pending access requests via the UI, navigate to Search and use this query: status: Pending AND \"Access Request\". Use the Column Chooser to select \"Tracking Number,\" and the Download button to export a CSV containing the Tracking Numbers.\n\nTo find pending access requests via the API, use List Account Activities.\n\nInput the ids from either source\n\nTo track the status of endpoint requests, navigate to Search and use this query: name:\"Close Identity Requests\". Search will include \"Close Identity Requests Started\" audits when requests are initiated, and \"Close Identity Requests Completed\" audits when requests are completed. The completion audit will list the Identity Request IDs that finished in error.\n\nThis API triggers the Provisioning Action Completed event trigger for each access request that is closed.\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Request body payload for close access requests endpoint.", + "required": [ + "accessRequestIds" + ], + "properties": { + "accessRequestIds": { + "type": "array", + "description": "Access Request IDs for the requests to be closed. Accepts 1-500 Identity Request IDs per request.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "message": { + "type": "string", + "description": "Reason for closing the access request. Displayed under Warnings in IdentityNow.", + "default": "The IdentityNow Administrator manually closed this request.", + "example": "The IdentityNow Administrator manually closed this request." + }, + "executionStatus": { + "type": "string", + "enum": [ + "Terminated", + "Completed" + ], + "description": "The request's provisioning status. Displayed as Stage in IdentityNow.", + "default": "Terminated", + "example": "Terminated" + }, + "completionStatus": { + "type": "string", + "enum": [ + "Success", + "Incomplete", + "Failure" + ], + "description": "The request's overall status. Displayed as Status in IdentityNow.", + "default": "Failure", + "example": "Failure" + } + } + }, + "example": { + "accessRequestIds": [ + "2c90ad2a70ace7d50170acf22ca90010" + ], + "executionStatus": "Terminated", + "completionStatus": "Failure", + "message": "The IdentityNow Administrator manually closed this request." + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-config": { + "get": { + "operationId": "getAccessRequestConfig", + "summary": "Get Access Request Configuration", + "tags": [ + "Access Requests" + ], + "description": "This endpoint returns the current access-request configuration.", + "responses": { + "200": { + "description": "Access Request Configuration Details.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approvalsMustBeExternal": { + "type": "boolean", + "description": "If true, then approvals must be processed by external system.", + "example": true + }, + "autoApprovalEnabled": { + "type": "boolean", + "description": "If true and requester and reviewer are the same, then automatically approve the approval.", + "example": true + }, + "requestOnBehalfOfConfig": { + "description": "Request On Behalf Of Configuration.", + "type": "object", + "properties": { + "allowRequestOnBehalfOfAnyoneByAnyone": { + "type": "boolean", + "description": "If anyone can request access for anyone.", + "example": true + }, + "allowRequestOnBehalfOfEmployeeByManager": { + "type": "boolean", + "description": "If a manager can request access for his/her direct reports.", + "example": true + } + } + }, + "approvalReminderAndEscalationConfig": { + "description": "Approval Reminder and Escalation Configuration.", + "type": "object", + "properties": { + "daysUntilEscalation": { + "type": "integer", + "description": "Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.", + "format": "int32", + "example": 0 + }, + "daysBetweenReminders": { + "type": "integer", + "description": "Number of days to wait between reminder notifications.", + "format": "int32", + "example": 0 + }, + "maxReminders": { + "type": "integer", + "description": "Maximum number of reminder notification to send to the reviewer before approval escalation.", + "format": "int32", + "example": 0 + }, + "fallbackApproverRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + } + } + }, + "entitlementRequestConfig": { + "description": "Entitlement Request Configuration.", + "type": "object", + "properties": { + "allowEntitlementRequest": { + "type": "boolean", + "description": "Flag for allowing entitlement request.", + "example": true + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while submitting an entitlement request.", + "default": false, + "example": false + }, + "deniedCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while rejecting an entitlement request.", + "default": false, + "example": false + }, + "grantRequestApprovalSchemes": { + "type": "string", + "description": "Approval schemes for granting entitlement request. This can be empty if no approval is needed.\nMultiple schemes must be comma-separated. The valid schemes are \"entitlementOwner\", \"sourceOwner\", \"manager\" and \"workgroup:{id}\".\nMultiple workgroups (governance groups) can be used.\n", + "default": "sourceOwner", + "example": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updateAccessRequestConfig", + "summary": "Update Access Request Configuration", + "tags": [ + "Access Requests" + ], + "description": "This endpoint replaces the current access-request configuration.\nA token with ORG_ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approvalsMustBeExternal": { + "type": "boolean", + "description": "If true, then approvals must be processed by external system.", + "example": true + }, + "autoApprovalEnabled": { + "type": "boolean", + "description": "If true and requester and reviewer are the same, then automatically approve the approval.", + "example": true + }, + "requestOnBehalfOfConfig": { + "description": "Request On Behalf Of Configuration.", + "type": "object", + "properties": { + "allowRequestOnBehalfOfAnyoneByAnyone": { + "type": "boolean", + "description": "If anyone can request access for anyone.", + "example": true + }, + "allowRequestOnBehalfOfEmployeeByManager": { + "type": "boolean", + "description": "If a manager can request access for his/her direct reports.", + "example": true + } + } + }, + "approvalReminderAndEscalationConfig": { + "description": "Approval Reminder and Escalation Configuration.", + "type": "object", + "properties": { + "daysUntilEscalation": { + "type": "integer", + "description": "Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.", + "format": "int32", + "example": 0 + }, + "daysBetweenReminders": { + "type": "integer", + "description": "Number of days to wait between reminder notifications.", + "format": "int32", + "example": 0 + }, + "maxReminders": { + "type": "integer", + "description": "Maximum number of reminder notification to send to the reviewer before approval escalation.", + "format": "int32", + "example": 0 + }, + "fallbackApproverRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + } + } + }, + "entitlementRequestConfig": { + "description": "Entitlement Request Configuration.", + "type": "object", + "properties": { + "allowEntitlementRequest": { + "type": "boolean", + "description": "Flag for allowing entitlement request.", + "example": true + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while submitting an entitlement request.", + "default": false, + "example": false + }, + "deniedCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while rejecting an entitlement request.", + "default": false, + "example": false + }, + "grantRequestApprovalSchemes": { + "type": "string", + "description": "Approval schemes for granting entitlement request. This can be empty if no approval is needed.\nMultiple schemes must be comma-separated. The valid schemes are \"entitlementOwner\", \"sourceOwner\", \"manager\" and \"workgroup:{id}\".\nMultiple workgroups (governance groups) can be used.\n", + "default": "sourceOwner", + "example": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584" + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Access Request Configuration Details.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approvalsMustBeExternal": { + "type": "boolean", + "description": "If true, then approvals must be processed by external system.", + "example": true + }, + "autoApprovalEnabled": { + "type": "boolean", + "description": "If true and requester and reviewer are the same, then automatically approve the approval.", + "example": true + }, + "requestOnBehalfOfConfig": { + "description": "Request On Behalf Of Configuration.", + "type": "object", + "properties": { + "allowRequestOnBehalfOfAnyoneByAnyone": { + "type": "boolean", + "description": "If anyone can request access for anyone.", + "example": true + }, + "allowRequestOnBehalfOfEmployeeByManager": { + "type": "boolean", + "description": "If a manager can request access for his/her direct reports.", + "example": true + } + } + }, + "approvalReminderAndEscalationConfig": { + "description": "Approval Reminder and Escalation Configuration.", + "type": "object", + "properties": { + "daysUntilEscalation": { + "type": "integer", + "description": "Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.", + "format": "int32", + "example": 0 + }, + "daysBetweenReminders": { + "type": "integer", + "description": "Number of days to wait between reminder notifications.", + "format": "int32", + "example": 0 + }, + "maxReminders": { + "type": "integer", + "description": "Maximum number of reminder notification to send to the reviewer before approval escalation.", + "format": "int32", + "example": 0 + }, + "fallbackApproverRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + } + } + }, + "entitlementRequestConfig": { + "description": "Entitlement Request Configuration.", + "type": "object", + "properties": { + "allowEntitlementRequest": { + "type": "boolean", + "description": "Flag for allowing entitlement request.", + "example": true + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while submitting an entitlement request.", + "default": false, + "example": false + }, + "deniedCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while rejecting an entitlement request.", + "default": false, + "example": false + }, + "grantRequestApprovalSchemes": { + "type": "string", + "description": "Approval schemes for granting entitlement request. This can be empty if no approval is needed.\nMultiple schemes must be comma-separated. The valid schemes are \"entitlementOwner\", \"sourceOwner\", \"manager\" and \"workgroup:{id}\".\nMultiple workgroups (governance groups) can be used.\n", + "default": "sourceOwner", + "example": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-status": { + "get": { + "operationId": "listAccessRequestStatus", + "tags": [ + "Access Requests" + ], + "summary": "Access Request Status", + "description": "The Access Request Status API returns a list of access request statuses based on the specified query parameters.\nAny token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users.", + "parameters": [ + { + "in": "query", + "name": "requested-for", + "schema": { + "type": "string" + }, + "example": "2c9180877b2b6ea4017b2c545f971429", + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "required": false + }, + { + "in": "query", + "name": "requested-by", + "schema": { + "type": "string" + }, + "example": "2c9180877b2b6ea4017b2c545f971429", + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "required": false + }, + { + "in": "query", + "name": "regarding-identity", + "schema": { + "type": "string" + }, + "example": "2c9180877b2b6ea4017b2c545f971429", + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "required": false + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "required": false, + "schema": { + "type": "boolean", + "default": false + }, + "example": false + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.", + "required": false, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + }, + "example": 100 + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "required": false, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0 + }, + "example": 10 + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "example": "created", + "required": false + } + ], + "responses": { + "200": { + "description": "List of requested item status.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Human-readable display name of the item being requested.", + "example": "AccessProfile1" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Type of requested object.", + "example": "ACCESS_PROFILE" + }, + "cancelledRequestDetails": { + "nullable": true, + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Comment made by the owner when cancelling the associated request.", + "example": "Nisl quis ipsum quam quisque condimentum nunc ut dolor nunc." + }, + "owner": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Date comment was added by the owner when cancelling the associated request", + "example": "2019-12-20T09:17:12.192Z" + } + }, + "description": "Provides additional details for a request that has been cancelled." + }, + "errorMessages": { + "type": "array", + "nullable": true, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "description": "List of list of localized error messages, if any, encountered during the approval/provisioning process." + }, + "state": { + "type": "string", + "enum": [ + "EXECUTING", + "REQUEST_COMPLETED", + "CANCELLED", + "TERMINATED", + "PROVISIONING_VERIFICATION_PENDING", + "REJECTED", + "PROVISIONING_FAILED", + "NOT_ALL_ITEMS_PROVISIONED", + "ERROR" + ], + "description": "Indicates the state of an access request:\n* EXECUTING: The request is executing, which indicates the system is doing some processing.\n* REQUEST_COMPLETED: Indicates the request has been completed.\n* CANCELLED: The request was cancelled with no user input.\n* TERMINATED: The request has been terminated before it was able to complete.\n* PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.\n* REJECTED: The request was rejected.\n* PROVISIONING_FAILED: The request has failed to complete.\n* NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.\n* ERROR: An error occurred during request processing.", + "example": "EXECUTING" + }, + "approvalDetails": { + "type": "array", + "items": { + "type": "object", + "properties": { + "forwarded": { + "type": "boolean", + "description": "True if the request for this item was forwarded from one owner to another.", + "example": false + }, + "originalOwner": { + "description": "Base identity/workgroup reference object representing the original owner, if forwarded.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "currentOwner": { + "description": "Base reference of approver that will make decision.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "reviewedBy": { + "description": "The identity who has reviewed the approval.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which item was modified.", + "example": "2019-08-23T18:52:57.398Z" + }, + "status": { + "type": "string", + "enum": [ + "PENDING", + "APPROVED", + "REJECTED", + "EXPIRED", + "CANCELLED", + "ARCHIVED" + ], + "description": "Indicates the state of the request processing for this item:\n* PENDING: The request for this item is awaiting processing.\n* APPROVED: The request for this item has been approved.\n* REJECTED: The request for this item was rejected.\n* EXPIRED: The request for this item expired with no action taken.\n* CANCELLED: The request for this item was cancelled with no user action.\n* ARCHIVED: The request for this item has been archived after completion.", + "example": "PENDING" + }, + "scheme": { + "type": "string", + "enum": [ + "APP_OWNER", + "SOURCE_OWNER", + "MANAGER", + "ROLE_OWNER", + "ACCESS_PROFILE_OWNER", + "ENTITLEMENT_OWNER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step.", + "example": "MANAGER" + }, + "errorMessages": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + }, + "description": "If the request failed, includes any error messages that were generated." + }, + "comment": { + "type": "string", + "description": "Comment, if any, provided by the approver.", + "example": "I approve this request" + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + } + } + }, + "description": "Approval details for each item." + }, + "manualWorkItemDetails": { + "type": "array", + "nullable": true, + "items": { + "type": "object", + "properties": { + "forwarded": { + "type": "boolean", + "description": "True if the request for this item was forwarded from one owner to another.", + "example": true + }, + "originalOwner": { + "description": "Base identity/workgroup reference object representing the original owner, if forwarded.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "currentOwner": { + "description": "Base reference of approver that will make decision.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which item was modified.", + "example": "2019-08-23T18:52:57.398Z" + }, + "status": { + "type": "string", + "enum": [ + "PENDING", + "APPROVED", + "REJECTED", + "EXPIRED", + "CANCELLED", + "ARCHIVED" + ], + "description": "Indicates the state of the request processing for this item:\n* PENDING: The request for this item is awaiting processing.\n* APPROVED: The request for this item has been approved.\n* REJECTED: The request for this item was rejected.\n* EXPIRED: The request for this item expired with no action taken.\n* CANCELLED: The request for this item was cancelled with no user action.\n* ARCHIVED: The request for this item has been archived after completion.", + "example": "PENDING" + }, + "forwardHistory": { + "type": "array", + "items": { + "type": "object", + "properties": { + "oldApproverName": { + "type": "string", + "description": "Display name of approver from whom the approval was forwarded.", + "example": "Frank Mir" + }, + "newApproverName": { + "type": "string", + "description": "Display name of approver to whom the approval was forwarded.", + "example": "Al Volta" + }, + "comment": { + "type": "string", + "nullable": true, + "description": "Comment made while forwarding.", + "example": "Forwarding from Frank to Al" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which approval was forwarded.", + "example": "2019-08-23T18:52:57.398Z" + }, + "forwarderName": { + "type": "string", + "nullable": true, + "description": "Display name of forwarder who forwarded the approval.", + "example": "William Wilson" + }, + "reassignmentType": { + "description": "Type of approval reassignment.", + "example": "AUTOMATIC_REASSIGNMENT", + "type": "string", + "enum": [ + "MANUAL_REASSIGNMENT", + "AUTOMATIC_REASSIGNMENT", + "AUTO_ESCALATION", + "SELF_REVIEW_DELEGATION" + ] + } + } + }, + "description": "The history of approval forward action." + } + } + }, + "description": "Manual work items created for provisioning the item." + }, + "accountActivityItemId": { + "type": "string", + "description": "Id of associated account activity item.", + "example": "2c9180926cbfbddd016cbfc7c3b10010" + }, + "requestType": { + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "description": "Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.", + "example": "GRANT_ACCESS" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "requester": { + "description": "The identity that requested the item.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedFor": { + "description": "The identity for whom the Access Request Status is requested for.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requesterComment": { + "nullable": true, + "description": "The requester's comment.", + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "sodViolationContext": { + "nullable": true, + "description": "The details of the SOD violations for the associated approval.", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "SUCCESS", + "ERROR" + ], + "description": "The status of SOD violation check", + "example": "SUCCESS" + }, + "uuid": { + "description": "The id of the Violation check event", + "type": "string", + "example": "f73d16e9-a038-46c5-b217-1246e15fdbdd" + }, + "violationCheckResult": { + "description": "The inner object representing the completed SOD Violation check", + "type": "object", + "properties": { + "message": { + "description": "If the request failed, includes any error message that was generated.", + "example": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An error has occurred during the SOD violation check" + } + ], + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.", + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + } + }, + "violationContexts": { + "type": "array", + "items": { + "description": "The contextual information of the violated criteria", + "type": "object", + "properties": { + "policy": { + "description": "Reference to the Policy that is being violated.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "conflictingAccessCriteria": { + "type": "object", + "description": "The object which contains the left and right hand side of the entitlements that got violated according to the policy.", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + } + } + } + } + } + }, + "violatedPolicies": { + "type": "array", + "description": "A list of the Policies that were violated", + "items": { + "description": "Reference to the policy that was violated", + "example": [ + { + "type": "SOD_POLICY", + "id": "69129440-422d-4a23-aadd-35c828d5bfda", + "name": "HR Policy" + } + ], + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + } + } + }, + "provisioningDetails": { + "nullable": true, + "type": "object", + "properties": { + "orderedSubPhaseReferences": { + "type": "string", + "description": "Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain \"manualWorkItemDetails\" which indicate that there is further information in that object for this phase.", + "example": "manualWorkItemDetails" + } + }, + "description": "Provides additional details about provisioning for this request." + }, + "preApprovalTriggerDetails": { + "nullable": true, + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Comment left for the pre-approval decision", + "example": "Access is Approved" + }, + "reviewer": { + "type": "string", + "description": "The reviewer of the pre-approval decision", + "example": "John Doe" + }, + "decision": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED" + ], + "description": "The decision of the pre-approval trigger", + "example": "APPROVED" + } + }, + "description": "Provides additional details about the pre-approval trigger for this request." + }, + "accessRequestPhases": { + "type": "array", + "items": { + "type": "object", + "properties": { + "started": { + "type": "string", + "description": "The time that this phase started.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + }, + "finished": { + "type": "string", + "description": "The time that this phase finished.", + "format": "date-time", + "example": "2020-07-12T00:00:00Z" + }, + "name": { + "type": "string", + "description": "The name of this phase.", + "example": "APPROVAL_PHASE" + }, + "state": { + "type": "string", + "enum": [ + "PENDING", + "EXECUTING", + "COMPLETED", + "CANCELLED" + ], + "description": "The state of this phase.", + "example": "COMPLETED" + }, + "result": { + "type": "string", + "enum": [ + "SUCCESSFUL", + "FAILED" + ], + "description": "The state of this phase.", + "example": "SUCCESSFUL" + }, + "phaseReference": { + "type": "string", + "description": "A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.", + "example": "approvalDetails" + } + }, + "description": "Provides additional details about this access request phase." + }, + "description": "A list of Phases that the Access Request has gone through in order, to help determine the status of the request." + }, + "description": { + "type": "string", + "description": "Description associated to the requested object.", + "example": "This is the Engineering role that engineers are granted." + }, + "removeDate": { + "type": "string", + "format": "date-time", + "nullable": true, + "description": "When the role access is scheduled for removal.", + "example": "2019-10-23T00:00:00.000Z" + }, + "cancelable": { + "type": "boolean", + "description": "True if the request can be canceled.", + "example": true + }, + "accessRequestId": { + "type": "string", + "format": "string", + "description": "This is the account activity id.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request", + "example": { + "key1": "value1", + "key2": "value2" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/pending": { + "get": { + "operationId": "listPendingApprovals", + "summary": "Pending Access Request Approvals List", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint returns a list of pending approvals. See \"owner-id\" query parameter below for authorization info.", + "parameters": [ + { + "in": "query", + "name": "owner-id", + "schema": { + "type": "string" + }, + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**" + } + ], + "responses": { + "200": { + "description": "List of Pending Approvals.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The approval id." + }, + "name": { + "type": "string", + "example": "Pending approval name", + "description": "The name of the approval." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the approval was created.", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the approval was modified last time.", + "example": "2018-07-25T20:22:28.104Z" + }, + "requestCreated": { + "type": "string", + "format": "date-time", + "description": "When the access-request was created.", + "example": "2017-07-11T18:45:35.098Z" + }, + "requestType": { + "description": "If the access-request was for granting or revoking access.", + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "example": "GRANT_ACCESS" + }, + "requester": { + "description": "The identity that requested the item.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedFor": { + "description": "The identity for whom the item is requested for.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "owner": { + "description": "The owner or approver of the approval.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedObject": { + "description": "The requested access item.", + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c938083633d259901633d25c68c00fa", + "description": "Id of the object." + }, + "name": { + "type": "string", + "example": "Object Name", + "description": "Name of the object." + }, + "description": { + "type": "string", + "example": "Object Description", + "description": "Description of the object." + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Type of the object.", + "example": "ROLE" + } + } + }, + "requesterComment": { + "description": "The requester's comment.", + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "previousReviewersComments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "description": "The history of the previous reviewers comments." + }, + "forwardHistory": { + "type": "array", + "items": { + "type": "object", + "properties": { + "oldApproverName": { + "type": "string", + "description": "Display name of approver from whom the approval was forwarded.", + "example": "Frank Mir" + }, + "newApproverName": { + "type": "string", + "description": "Display name of approver to whom the approval was forwarded.", + "example": "Al Volta" + }, + "comment": { + "type": "string", + "nullable": true, + "description": "Comment made while forwarding.", + "example": "Forwarding from Frank to Al" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which approval was forwarded.", + "example": "2019-08-23T18:52:57.398Z" + }, + "forwarderName": { + "type": "string", + "nullable": true, + "description": "Display name of forwarder who forwarded the approval.", + "example": "William Wilson" + }, + "reassignmentType": { + "description": "Type of approval reassignment.", + "example": "AUTOMATIC_REASSIGNMENT", + "type": "string", + "enum": [ + "MANUAL_REASSIGNMENT", + "AUTOMATIC_REASSIGNMENT", + "AUTO_ESCALATION", + "SELF_REVIEW_DELEGATION" + ] + } + } + }, + "description": "The history of approval forward action." + }, + "commentRequiredWhenRejected": { + "type": "boolean", + "example": true, + "description": "When true the rejector has to provide comments when rejecting" + }, + "actionInProcess": { + "description": "Action that is performed on this approval, and system has not finished performing that action yet.", + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "FORWARDED" + ], + "example": "APPROVED" + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + }, + "removeDateUpdateRequested": { + "type": "boolean", + "example": true, + "description": "If true, then the request is to change the remove date or sunset date." + }, + "currentRemoveDate": { + "type": "string", + "description": "The remove date or sunset date that was assigned at the time of the request.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + }, + "sodViolationContext": { + "description": "The details of the SOD violations for the associated approval.", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "SUCCESS", + "ERROR" + ], + "description": "The status of SOD violation check", + "example": "SUCCESS" + }, + "uuid": { + "description": "The id of the Violation check event", + "type": "string", + "example": "f73d16e9-a038-46c5-b217-1246e15fdbdd" + }, + "violationCheckResult": { + "description": "The inner object representing the completed SOD Violation check", + "type": "object", + "properties": { + "message": { + "description": "If the request failed, includes any error message that was generated.", + "example": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An error has occurred during the SOD violation check" + } + ], + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.", + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + } + }, + "violationContexts": { + "type": "array", + "items": { + "description": "The contextual information of the violated criteria", + "type": "object", + "properties": { + "policy": { + "description": "Reference to the Policy that is being violated.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "conflictingAccessCriteria": { + "type": "object", + "description": "The object which contains the left and right hand side of the entitlements that got violated according to the policy.", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + } + } + } + } + } + }, + "violatedPolicies": { + "type": "array", + "description": "A list of the Policies that were violated", + "items": { + "description": "Reference to the policy that was violated", + "example": [ + { + "type": "SOD_POLICY", + "id": "69129440-422d-4a23-aadd-35c828d5bfda", + "name": "HR Policy" + } + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the application ID", + "example": "ff8081814d977c21014da056804a0af3" + }, + "name": { + "type": "string", + "description": "the application name", + "example": "Github" + } + } + } + } + } + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/completed": { + "get": { + "operationId": "listCompletedApprovals", + "summary": "Completed Access Request Approvals List", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info.", + "parameters": [ + { + "in": "query", + "name": "owner-id", + "schema": { + "type": "string" + }, + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value." + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**" + } + ], + "responses": { + "200": { + "description": "List of Completed Approvals.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c938083633d259901633d25c68c00fa", + "description": "The approval id." + }, + "name": { + "type": "string", + "example": "Approval Name", + "description": "The name of the approval." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the approval was created.", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the approval was modified last time.", + "example": "2018-07-25T20:22:28.104Z" + }, + "requestCreated": { + "type": "string", + "format": "date-time", + "description": "When the access-request was created.", + "example": "2017-07-11T18:45:35.098Z" + }, + "requestType": { + "description": "If the access-request was for granting or revoking access.", + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "example": "GRANT_ACCESS" + }, + "requester": { + "description": "The identity that requested the item.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedFor": { + "description": "The identity for whom the item is requested for.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "reviewedBy": { + "description": "The identity who has reviewed the approval.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "owner": { + "description": "The owner or approver of the approval.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedObject": { + "description": "The requested access item.", + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c938083633d259901633d25c68c00fa", + "description": "Id of the object." + }, + "name": { + "type": "string", + "example": "Object Name", + "description": "Name of the object." + }, + "description": { + "type": "string", + "example": "Object Description", + "description": "Description of the object." + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Type of the object.", + "example": "ROLE" + } + } + }, + "requesterComment": { + "description": "The requester's comment.", + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "reviewerComment": { + "description": "The approval's reviewer's comment.", + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "previousReviewersComments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "description": "The history of the previous reviewers comments." + }, + "forwardHistory": { + "type": "array", + "items": { + "type": "object", + "properties": { + "oldApproverName": { + "type": "string", + "description": "Display name of approver from whom the approval was forwarded.", + "example": "Frank Mir" + }, + "newApproverName": { + "type": "string", + "description": "Display name of approver to whom the approval was forwarded.", + "example": "Al Volta" + }, + "comment": { + "type": "string", + "nullable": true, + "description": "Comment made while forwarding.", + "example": "Forwarding from Frank to Al" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which approval was forwarded.", + "example": "2019-08-23T18:52:57.398Z" + }, + "forwarderName": { + "type": "string", + "nullable": true, + "description": "Display name of forwarder who forwarded the approval.", + "example": "William Wilson" + }, + "reassignmentType": { + "description": "Type of approval reassignment.", + "example": "AUTOMATIC_REASSIGNMENT", + "type": "string", + "enum": [ + "MANUAL_REASSIGNMENT", + "AUTOMATIC_REASSIGNMENT", + "AUTO_ESCALATION", + "SELF_REVIEW_DELEGATION" + ] + } + } + }, + "description": "The history of approval forward action." + }, + "commentRequiredWhenRejected": { + "type": "boolean", + "example": true, + "description": "When true the rejector has to provide comments when rejecting" + }, + "state": { + "description": "The final state of the approval", + "type": "string", + "enum": [ + "APPROVED", + "REJECTED" + ], + "example": "APPROVED" + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + }, + "removeDateUpdateRequested": { + "type": "boolean", + "example": true, + "description": "If true, then the request was to change the remove date or sunset date." + }, + "currentRemoveDate": { + "type": "string", + "description": "The remove date or sunset date that was assigned at the time of the request.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + }, + "sodViolationContext": { + "description": "The details of the SOD violations for the associated approval.", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "SUCCESS", + "ERROR" + ], + "description": "The status of SOD violation check", + "example": "SUCCESS" + }, + "uuid": { + "description": "The id of the Violation check event", + "type": "string", + "example": "f73d16e9-a038-46c5-b217-1246e15fdbdd" + }, + "violationCheckResult": { + "description": "The inner object representing the completed SOD Violation check", + "type": "object", + "properties": { + "message": { + "description": "If the request failed, includes any error message that was generated.", + "example": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An error has occurred during the SOD violation check" + } + ], + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.", + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + } + }, + "violationContexts": { + "type": "array", + "items": { + "description": "The contextual information of the violated criteria", + "type": "object", + "properties": { + "policy": { + "description": "Reference to the Policy that is being violated.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "conflictingAccessCriteria": { + "type": "object", + "description": "The object which contains the left and right hand side of the entitlements that got violated according to the policy.", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + } + } + } + } + } + }, + "violatedPolicies": { + "type": "array", + "description": "A list of the Policies that were violated", + "items": { + "description": "Reference to the policy that was violated", + "example": [ + { + "type": "SOD_POLICY", + "id": "69129440-422d-4a23-aadd-35c828d5bfda", + "name": "HR Policy" + } + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the application ID", + "example": "ff8081814d977c21014da056804a0af3" + }, + "name": { + "type": "string", + "description": "the application name", + "example": "Github" + } + } + } + } + } + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/{approvalId}/approve": { + "post": { + "operationId": "approveAccessRequest", + "summary": "Approves an access request approval.", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.", + "parameters": [ + { + "in": "path", + "name": "approvalId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The id of the approval.", + "example": "2c91808b7294bea301729568c68c002e" + } + ], + "requestBody": { + "description": "Reviewer's comment.", + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string" + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/{approvalId}/reject": { + "post": { + "operationId": "rejectAccessRequest", + "summary": "Rejects an access request approval.", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint rejects an access request approval. Only the owner of the approval and admin users are allowed to perform this action.", + "parameters": [ + { + "in": "path", + "name": "approvalId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The id of the approval.", + "example": "2c91808b7294bea301729568c68c002e" + } + ], + "requestBody": { + "description": "Reviewer's comment.", + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string" + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/{approvalId}/forward": { + "post": { + "operationId": "forwardAccessRequest", + "summary": "Forwards an access request approval to a new owner.", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint forwards an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.", + "parameters": [ + { + "in": "path", + "name": "approvalId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The id of the approval.", + "example": "2c91808b7294bea301729568c68c002e" + } + ], + "requestBody": { + "description": "Information about the forwarded approval.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "newOwnerId", + "comment" + ], + "properties": { + "newOwnerId": { + "type": "string", + "description": "The Id of the new owner", + "minLength": 1, + "maxLength": 255 + }, + "comment": { + "type": "string", + "description": "The comment provided by the forwarder", + "minLength": 1, + "maxLength": 255 + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/approval-summary": { + "get": { + "operationId": "getAccessRequestApprovalSummary", + "summary": "Get the number of pending, approved and rejected access requests approvals", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint returns the number of pending, approved and rejected access requests approvals. See \"owner-id\" query parameter below for authorization info.", + "parameters": [ + { + "in": "query", + "name": "owner-id", + "schema": { + "type": "string" + }, + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when owner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own identity ID value." + }, + { + "in": "query", + "name": "from-date", + "schema": { + "type": "string" + }, + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format\n\nexample: from-date=2020-03-19T19:59:11Z" + } + ], + "responses": { + "200": { + "description": "Number of pending, approved, rejected access request approvals.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "pending": { + "type": "integer", + "description": "The number of pending access requests approvals." + }, + "approved": { + "type": "integer", + "description": "The number of approved access requests approvals." + }, + "rejected": { + "type": "integer", + "description": "The number of rejected access requests approvals." + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the query parameter is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/ai-access-request-recommendations": { + "get": { + "operationId": "getAccessRequestRecommendations", + "tags": [ + "IAI Access Request Recommendations" + ], + "summary": "Identity Access Request Recommendations", + "description": "This API returns the access request recommendations for the specified identity. The default identity is *me* which indicates the current user.", + "parameters": [ + { + "in": "query", + "name": "identity-id", + "description": "Get access request recommendations for an identityId. *me* indicates the current user.", + "schema": { + "type": "string", + "default": "me" + }, + "required": false, + "example": "2c91808570313110017040b06f344ec9" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.", + "required": false, + "schema": { + "type": "integer", + "minimum": 0, + "maximum": 15, + "default": 15 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "include-translation-messages", + "description": "If *true* it will populate a list of translation messages in the response.", + "schema": { + "type": "boolean", + "default": false + }, + "required": false, + "example": false + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**access.name**: *co*\n\n**access.type**: *eq, in*\n\n**access.description**: *co*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name, access.type**\n\nBy default the recommendations are sorted by highest confidence first." + } + ], + "responses": { + "200": { + "description": "List of access request recommendations for the identityId", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "Identity ID for the recommendation", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Name of the access item", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "description": "Description of the access item", + "example": "This item grants an employee read and write access to the database" + } + } + }, + "ignored": { + "type": "boolean", + "example": true, + "description": "Whether or not the identity has already chosen to ignore this recommendation." + }, + "requested": { + "type": "boolean", + "example": true, + "description": "Whether or not the identity has already chosen to request this recommendation." + }, + "viewed": { + "type": "boolean", + "example": true, + "description": "Whether or not the identity reportedly viewed this recommendation." + }, + "messages": { + "type": "array", + "items": { + "type": "object", + "properties": { + "interpretation": { + "type": "string", + "description": "Information about why the access item was recommended.", + "example": "95% of your peers have this access." + } + } + } + }, + "translationMessages": { + "description": "The list of translation messages", + "type": "array", + "example": [ + { + "key": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH", + "values": [ + "75", + "department" + ] + } + ], + "items": { + "properties": { + "key": { + "type": "string", + "description": "The key of the translation message", + "example": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH" + }, + "values": { + "type": "array", + "description": "The values corresponding to the translation messages", + "items": { + "type": "string" + }, + "example": [ + "75", + "department" + ] + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/ai-access-request-recommendations/ignored-items": { + "post": { + "operationId": "addAccessRequestRecommendationsIgnoredItem", + "tags": [ + "IAI Access Request Recommendations" + ], + "summary": "Notification of Ignored Access Request Recommendations", + "description": "This API ignores a recommended access request item. Once an item is ignored, it will be marked as ignored=true if it is still a recommended item. The consumer can decide to hide ignored recommendations.", + "requestBody": { + "description": "The recommended access item to ignore for an identity.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + } + }, + "required": [ + "identityId", + "access" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Recommendation successfully stored as ignored.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "getAccessRequestRecommendationsIgnoredItems", + "tags": [ + "IAI Access Request Recommendations" + ], + "summary": "List of Ignored Access Request Recommendations", + "description": "This API returns the list of ignored access request recommendations.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**access.id**: *eq, in*\n\n**access.type**: *eq, in*\n\n**identityId**: *eq, in*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.id, access.type, identityId, timestamp**" + } + ], + "responses": { + "200": { + "description": "Returns list of ignored access request recommendations.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/ai-access-request-recommendations/requested-items": { + "post": { + "operationId": "addAccessRequestRecommendationsRequestedItem", + "tags": [ + "IAI Access Request Recommendations" + ], + "summary": "Notification of Requested Access Request Recommendations", + "description": "This API consumes a notification that a recommended access request item was requested. This API does not actually make the request, it is just a notification. This will help provide feedback in order to improve our recommendations.", + "requestBody": { + "description": "The recommended access item that was requested for an identity.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + } + }, + "required": [ + "identityId", + "access" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Notification successfully acknowledged.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "getAccessRequestRecommendationsRequestedItems", + "tags": [ + "IAI Access Request Recommendations" + ], + "summary": "List of Requested Access Request Recommendations", + "description": "This API returns a list of requested access request recommendations.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**access.id**: *eq, in*\n\n**access.type**: *eq, in*\n\n**identityId**: *eq, in*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.id, access.type, identityId, timestamp**" + } + ], + "responses": { + "200": { + "description": "Returns the list of requested access request recommendations.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/ai-access-request-recommendations/viewed-items": { + "post": { + "operationId": "addAccessRequestRecommendationsViewedItem", + "tags": [ + "IAI Access Request Recommendations" + ], + "summary": "Notification of Viewed Access Request Recommendations", + "description": "This API consumes a notification that a recommended access request item was viewed. Future recommendations with this item will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations.", + "requestBody": { + "description": "The recommended access that was viewed for an identity.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + } + }, + "required": [ + "identityId", + "access" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Recommendation successfully stored as viewed.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "getAccessRequestRecommendationsViewedItems", + "tags": [ + "IAI Access Request Recommendations" + ], + "summary": "List of Viewed Access Request Recommendations", + "description": "This API returns the list of viewed access request recommendations.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**access.id**: *eq, in*\n\n**access.type**: *eq, in*\n\n**identityId**: *eq, in*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.id, access.type, identityId, timestamp**" + } + ], + "responses": { + "200": { + "description": "Returns list of viewed access request recommendations.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/ai-access-request-recommendations/viewed-items/bulk-create": { + "post": { + "operationId": "addAccessRequestRecommendationsViewedItems", + "tags": [ + "IAI Access Request Recommendations" + ], + "summary": "Notification of Viewed Access Request Recommendations in Bulk", + "description": "This API consumes a notification that a set of recommended access request item were viewed. Future recommendations with these items will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations.", + "requestBody": { + "description": "The recommended access items that were viewed for an identity.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + } + }, + "required": [ + "identityId", + "access" + ] + } + } + } + } + }, + "responses": { + "201": { + "description": "Recommendations successfully stored as viewed.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "UUID", + "description": "The identity ID taking the action.", + "example": "2c91808570313110017040b06f344ec9" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "ID of access item being recommended.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts": { + "get": { + "operationId": "listAccounts", + "tags": [ + "Accounts" + ], + "summary": "Accounts List", + "description": "This returns a list of accounts. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:read", + "idn:accounts:manage" + ] + } + ], + "parameters": [ + { + "in": "query", + "name": "detailLevel", + "schema": { + "type": "string", + "enum": [ + "SLIM", + "FULL" + ] + }, + "description": "Determines whether Slim, or increased level of detail is provided for each account in the returned list. FULL is the default behavior.", + "example": "FULL" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "identityId eq \"2c9180858082150f0180893dbaf44201\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*" + } + ], + "responses": { + "200": { + "description": "List of account objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "title": "Slim Account", + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "properties": { + "uuid": { + "type": "string", + "format": "uuid", + "description": "Unique ID from the owning source", + "example": "2c9180857893f12901789445619b0366", + "nullable": true + }, + "nativeIdentity": { + "type": "string", + "description": "The native identifier of the account", + "example": "brandin.gray" + }, + "description": { + "type": "string", + "description": "The description for the account", + "example": "Brandin Gray the CEO of Silly Inc.", + "nullable": true + }, + "disabled": { + "type": "boolean", + "description": "Whether the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Whether the account is locked", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Whether the account was manually correlated", + "example": false + }, + "hasEntitlements": { + "type": "boolean", + "description": "Whether the account has any entitlements associated with it", + "example": true + }, + "sourceId": { + "type": "string", + "description": "The ID of the source for which this account belongs", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "sourceName": { + "type": "string", + "description": "The name of the source", + "example": "Large Source" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity for which this account is correlated to if not uncorrelated", + "example": "4b9163835d2e5168015d32f890ca5936" + }, + "attributes": { + "type": "object", + "description": "A map containing attributes associated with the account", + "additionalProperties": true, + "example": { + "firstName": "SailPoint", + "lastName": "Support", + "displayName": "SailPoint Support" + } + } + } + } + ] + }, + { + "type": "object", + "title": "Full Account", + "allOf": [ + { + "type": "object", + "title": "Slim Account", + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "properties": { + "uuid": { + "type": "string", + "format": "uuid", + "description": "Unique ID from the owning source", + "example": "2c9180857893f12901789445619b0366", + "nullable": true + }, + "nativeIdentity": { + "type": "string", + "description": "The native identifier of the account", + "example": "brandin.gray" + }, + "description": { + "type": "string", + "description": "The description for the account", + "example": "Brandin Gray the CEO of Silly Inc.", + "nullable": true + }, + "disabled": { + "type": "boolean", + "description": "Whether the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Whether the account is locked", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Whether the account was manually correlated", + "example": false + }, + "hasEntitlements": { + "type": "boolean", + "description": "Whether the account has any entitlements associated with it", + "example": true + }, + "sourceId": { + "type": "string", + "description": "The ID of the source for which this account belongs", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "sourceName": { + "type": "string", + "description": "The name of the source", + "example": "Large Source" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity for which this account is correlated to if not uncorrelated", + "example": "4b9163835d2e5168015d32f890ca5936" + }, + "attributes": { + "type": "object", + "description": "A map containing attributes associated with the account", + "additionalProperties": true, + "example": { + "firstName": "SailPoint", + "lastName": "Support", + "displayName": "SailPoint Support" + } + } + } + } + ] + }, + { + "type": "object", + "properties": { + "authoritative": { + "type": "boolean", + "description": "Whether this account belongs to an authoritative source", + "example": false + }, + "systemAccount": { + "type": "boolean", + "description": "Whether this account is for the IdentityNow source", + "example": false + }, + "uncorrelated": { + "type": "boolean", + "description": "True if this account is not correlated to an identity", + "example": false + }, + "features": { + "type": "string", + "description": "A string list containing the owning source's features", + "example": "ENABLE" + } + } + } + ] + } + ] + } + }, + "examples": { + "SlimAccounts": { + "description": "List of slim accounts that would result with *detailLevel = SLIM*", + "value": [ + { + "attributes": null, + "created": "2021-09-28T02:15:44.644Z", + "description": null, + "disabled": false, + "features": "PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE", + "hasEntitlements": true, + "id": "2c9180867c184ff6017c2a2fbf031667", + "identityId": "2c9180867c184ff6017c2a2fbf031666", + "locked": false, + "manuallyCorrelated": false, + "modified": "2021-09-28T02:16:12.207Z", + "name": "Geovanni.0a7cad6df", + "nativeIdentity": "CN=Geovanni 0a7cad6df,OU=hpun,OU=org-data-service,DC=TestAutomationAD,DC=local", + "sourceId": "2c91808b7c28b350017c2a2ec5790aa1", + "uuid": "{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}" + } + ] + }, + "FullAccounts": { + "description": "List of slim accounts that would result with *detailLevel = FULL* or not specifying it", + "value": [ + { + "attributes": null, + "authoritative": true, + "created": "2021-09-28T02:15:44.644Z", + "description": null, + "disabled": false, + "features": "PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE", + "hasEntitlements": true, + "id": "2c9180867c184ff6017c2a2fbf031667", + "identityId": "2c9180867c184ff6017c2a2fbf031666", + "locked": false, + "manuallyCorrelated": false, + "modified": "2021-09-28T02:16:12.207Z", + "name": "Geovanni.0a7cad6df", + "nativeIdentity": "CN=Geovanni 0a7cad6df,OU=hpun,OU=org-data-service,DC=TestAutomationAD,DC=local", + "sourceId": "2c91808b7c28b350017c2a2ec5790aa1", + "systemAccount": false, + "uncorrelated": false, + "uuid": "{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}" + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createAccount", + "tags": [ + "Accounts" + ], + "summary": "Create Account", + "description": "This API submits an account creation task and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:manage" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "attributes" + ], + "properties": { + "attributes": { + "description": "The schema attribute values for the account", + "type": "object", + "example": { + "city": "Austin", + "displayName": "John Doe", + "userName": "jdoe", + "sAMAccountName": "jDoe", + "mail": "john.doe@sailpoint.com" + } + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}": { + "get": { + "operationId": "getAccount", + "tags": [ + "Accounts" + ], + "summary": "Account Details", + "description": "This API returns the details for a single account based on the ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:read", + "idn:accounts:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An account object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "required": [ + "sourceId", + "sourceName", + "attributes", + "authoritative", + "disabled", + "locked", + "nativeIdentity", + "systemAccount", + "uncorrelated", + "manuallyCorrelated", + "hasEntitlements" + ], + "properties": { + "sourceId": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The unique ID of the source this account belongs to" + }, + "sourceName": { + "type": "string", + "example": "Employees", + "description": "The display name of the source this account belongs to" + }, + "identityId": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The unique ID of the identity this account is correlated to" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The account attributes that are aggregated", + "example": { + "firstName": "SailPoint", + "lastName": "Support", + "displayName": "SailPoint Support" + } + }, + "authoritative": { + "type": "boolean", + "description": "Indicates if this account is from an authoritative source", + "example": false + }, + "description": { + "type": "string", + "description": "A description of the account", + "nullable": true, + "example": null + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is currently disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is currently locked", + "example": false + }, + "nativeIdentity": { + "type": "string", + "description": "The unique ID of the account generated by the source system", + "example": "552775" + }, + "systemAccount": { + "type": "boolean", + "example": false, + "description": "If true, this is a user account within IdentityNow. If false, this is an account from a source system." + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if this account is not correlated to an identity", + "example": false + }, + "uuid": { + "type": "string", + "description": "The unique ID of the account as determined by the account schema", + "example": "slpt.support", + "nullable": true + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "hasEntitlements": { + "type": "boolean", + "description": "Indicates if the account has entitlements", + "example": true + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateAccount", + "tags": [ + "Accounts" + ], + "summary": "Update Account", + "description": "This updates account details. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + }, + "example": [ + { + "op": "replace", + "path": "/identityId", + "value": "2c9180845d1edece015d27a975983e21" + } + ] + } + } + }, + "responses": { + "202": { + "description": "Accepted. Update request accepted and is in progress.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putAccount", + "tags": [ + "Accounts" + ], + "summary": "Update Account", + "description": "This API submits an account update task and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "attributes" + ], + "properties": { + "attributes": { + "description": "The schema attribute values for the account", + "type": "object", + "example": { + "city": "Austin", + "displayName": "John Doe", + "userName": "jdoe", + "sAMAccountName": "jDoe", + "mail": "john.doe@sailpoint.com" + } + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteAccount", + "tags": [ + "Accounts" + ], + "summary": "Delete Account", + "description": "This API submits an account delete task and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/entitlements": { + "get": { + "operationId": "getAccountEntitlements", + "tags": [ + "Accounts" + ], + "summary": "Account Entitlements", + "description": "This API returns entitlements of the account. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:read" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "An array of account entitlements", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The entitlement id", + "example": "2c91808874ff91550175097daaec161c" + }, + "name": { + "type": "string", + "description": "The entitlement name", + "example": "LauncherTest2" + }, + "attribute": { + "type": "string", + "description": "The entitlement attribute name", + "example": "memberOf" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The object type of the entitlement from the source schema", + "example": "group" + }, + "description": { + "type": "string", + "description": "The description of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "privileged": { + "type": "boolean", + "description": "True if the entitlement is privileged", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": true + }, + "created": { + "type": "string", + "description": "Time when the entitlement was created", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "modified": { + "type": "string", + "description": "Time when the entitlement was last modified", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The source ID", + "example": "2c9180827ca885d7017ca8ce28a000eb" + }, + "type": { + "type": "string", + "description": "The source type, will always be \"SOURCE\"", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The source name", + "example": "ODS-AD-Source" + } + } + }, + "attributes": { + "type": "object", + "description": "A map of free-form key-value pairs from the source system", + "example": { + "fieldName": "fieldValue" + }, + "additionalProperties": true + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Entitlement is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "directPermissions": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + }, + "owner": { + "type": "object", + "description": "Simplified DTO for the owner object of the entitlement", + "properties": { + "id": { + "type": "string", + "description": "The owner id for the entitlement", + "example": "2a2fdacca5e345f18bf7970cfbb8fec2" + }, + "name": { + "type": "string", + "description": "The owner name for the entitlement", + "example": "identity 1" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the owner. Initially only type IDENTITY is supported", + "example": "IDENTITY" + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/reload": { + "post": { + "operationId": "reloadAccount", + "tags": [ + "Accounts" + ], + "summary": "Reload Account", + "description": "This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/enable": { + "post": { + "operationId": "enableAccount", + "tags": [ + "Accounts" + ], + "summary": "Enable Account", + "description": "This API submits a task to enable account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "Request used for account enable/disable", + "type": "object", + "properties": { + "externalVerificationId": { + "description": "If set, an external process validates that the user wants to proceed with this request.", + "type": "string", + "example": "3f9180835d2e5168015d32f890ca1581" + }, + "forceProvisioning": { + "description": "If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.", + "type": "boolean", + "example": false + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/disable": { + "post": { + "operationId": "disableAccount", + "tags": [ + "Accounts" + ], + "summary": "Disable Account", + "description": "This API submits a task to disable the account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "Request used for account enable/disable", + "type": "object", + "properties": { + "externalVerificationId": { + "description": "If set, an external process validates that the user wants to proceed with this request.", + "type": "string", + "example": "3f9180835d2e5168015d32f890ca1581" + }, + "forceProvisioning": { + "description": "If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.", + "type": "boolean", + "example": false + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/unlock": { + "post": { + "operationId": "unlockAccount", + "tags": [ + "Accounts" + ], + "summary": "Unlock Account", + "description": "This API submits a task to unlock an account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "Request used for account unlock", + "type": "object", + "properties": { + "externalVerificationId": { + "description": "If set, an external process validates that the user wants to proceed with this request.", + "type": "string", + "example": "3f9180835d2e5168015d32f890ca1581" + }, + "unlockIDNAccount": { + "description": "If set, the IDN account is unlocked after the workflow completes.", + "type": "boolean", + "example": false + }, + "forceProvisioning": { + "description": "If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.", + "type": "boolean", + "example": false + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identities-accounts/{id}/enable": { + "post": { + "operationId": "enableAccountForIdentity", + "tags": [ + "Accounts" + ], + "summary": "Enable IDN Account for Identity", + "description": "This API submits a task to enable IDN account for a single identity.", + "externalDocs": { + "description": "Learn more about enabling identities here", + "url": "https://documentation.sailpoint.com/saas/help/common/users/user_access.html#enabling-user-identities" + }, + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id.", + "example": "2c91808384203c2d018437e631158309" + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identities-accounts/{id}/disable": { + "post": { + "operationId": "disableAccountForIdentity", + "tags": [ + "Accounts" + ], + "summary": "Disable IDN Account for Identity", + "description": "This API submits a task to disable IDN account for a single identity.", + "externalDocs": { + "description": "Learn more about disabling identities here", + "url": "https://documentation.sailpoint.com/saas/help/common/users/user_access.html#disabling-user-identities" + }, + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id.", + "example": "2c91808384203c2d018437e631158309" + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identities-accounts/enable": { + "post": { + "operationId": "enableAccountsForIdentities", + "tags": [ + "Accounts" + ], + "summary": "Enable IDN Accounts for Identities", + "description": "This API submits tasks to enable IDN account for each identity provided in the request body.", + "externalDocs": { + "description": "Learn more about enabling identities here", + "url": "https://documentation.sailpoint.com/saas/help/common/users/user_access.html#enabling-user-identities" + }, + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityIds": { + "description": "The ids of the identities for which enable/disable accounts.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c91808384203c2d018437e631158308", + "2c9180858082150f0180893dbaf553fe" + ] + } + } + } + } + } + }, + "responses": { + "207": { + "description": "Bulk response details.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "Bulk response object.", + "properties": { + "id": { + "type": "string", + "description": "Identifier of bulk request item.", + "example": "2c9180858082150f0180893dbaf553fe" + }, + "statusCode": { + "type": "integer", + "format": "int32", + "description": "Response status value.", + "example": 404 + }, + "message": { + "type": "string", + "description": "Status containing additional context information about failures.", + "example": "Referenced identity \"2c9180858082150f0180893dbaf553fe\" was not found." + } + } + }, + "example": [ + { + "id": "2c9180858082150f0180893dbaf553fe", + "statusCode": 404, + "message": "Referenced identity \"2c9180858082150f0180893dbaf553fe\" was not found." + }, + { + "id": "2c91808384203c2d018437e631158308", + "statusCode": 202, + "message": null + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identities-accounts/disable": { + "post": { + "operationId": "disableAccountsForIdentities", + "tags": [ + "Accounts" + ], + "summary": "Disable IDN Accounts for Identities", + "description": "This API submits tasks to disable IDN account for each identity provided in the request body.", + "externalDocs": { + "description": "Learn more about disabling identities here", + "url": "https://documentation.sailpoint.com/saas/help/common/users/user_access.html#disabling-user-identities" + }, + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityIds": { + "description": "The ids of the identities for which enable/disable accounts.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c91808384203c2d018437e631158308", + "2c9180858082150f0180893dbaf553fe" + ] + } + } + } + } + } + }, + "responses": { + "207": { + "description": "Bulk response details.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "Bulk response object.", + "properties": { + "id": { + "type": "string", + "description": "Identifier of bulk request item.", + "example": "2c9180858082150f0180893dbaf553fe" + }, + "statusCode": { + "type": "integer", + "format": "int32", + "description": "Response status value.", + "example": 404 + }, + "message": { + "type": "string", + "description": "Status containing additional context information about failures.", + "example": "Referenced identity \"2c9180858082150f0180893dbaf553fe\" was not found." + } + } + }, + "example": [ + { + "id": "2c9180858082150f0180893dbaf553fe", + "statusCode": 404, + "message": "Referenced identity \"2c9180858082150f0180893dbaf553fe\" was not found." + }, + { + "id": "2c91808384203c2d018437e631158308", + "statusCode": 202, + "message": null + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/search-attribute-config": { + "post": { + "operationId": "createSearchAttributeConfig", + "tags": [ + "Search Attribute Configuration" + ], + "summary": "Configure/create extended search attributes in IdentityNow.", + "description": "This API accepts an attribute name, an attribute display name and a list of name/value pair associates of application IDs to attribute names. It will then validate the inputs and configure/create and attribute promotion configuration in the Link ObjectConfig.\nA token with ORG_ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the new attribute", + "example": "newMailAttribute" + }, + "displayName": { + "type": "string", + "description": "The display name of the new attribute", + "example": "New Mail Attribute" + }, + "applicationAttributes": { + "type": "object", + "description": "Map of application id and their associated attribute.", + "example": { + "2c91808b79fd2422017a0b35d30f3968": "employeeNumber", + "2c91808b79fd2422017a0b36008f396b": "employeeNumber" + } + } + } + }, + "example": { + "name": "newMailAttribute", + "displayName": "New Mail Attribute", + "applicationAttributes": { + "2c9180866166b5b0016167c32ef31a66": "mail", + "2c9180866166b5b0016167c32ef31a67": "mail" + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "getSearchAttributeConfig", + "tags": [ + "Search Attribute Configuration" + ], + "summary": "Retrieve a list of extended search attributes in IdentityNow.", + "description": "This API retrieves a list of attribute/application associates currently configured in IdentityNow.\nA token with ORG_ADMIN authority is required to call this API.", + "responses": { + "200": { + "description": "List of attribute configurations in IdentityNow.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the new attribute", + "example": "newMailAttribute" + }, + "displayName": { + "type": "string", + "description": "The display name of the new attribute", + "example": "New Mail Attribute" + }, + "applicationAttributes": { + "type": "object", + "description": "Map of application id and their associated attribute.", + "example": { + "2c91808b79fd2422017a0b35d30f3968": "employeeNumber", + "2c91808b79fd2422017a0b36008f396b": "employeeNumber" + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/search-attribute-config/{name}": { + "get": { + "operationId": "getSingleSearchAttributeConfig", + "tags": [ + "Search Attribute Configuration" + ], + "summary": "Get the details of a specific extended search attribute in IdentityNow.", + "description": "This API accepts an extended attribute name and retrieves the corresponding extended attribute configuration.\nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "name": "name", + "in": "path", + "description": "Name of the extended search attribute configuration to delete.", + "required": true, + "schema": { + "type": "string", + "example": "newMailAttribute" + } + } + ], + "responses": { + "200": { + "description": "Specific attribute configuration in IdentityNow.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the new attribute", + "example": "newMailAttribute" + }, + "displayName": { + "type": "string", + "description": "The display name of the new attribute", + "example": "New Mail Attribute" + }, + "applicationAttributes": { + "type": "object", + "description": "Map of application id and their associated attribute.", + "example": { + "2c91808b79fd2422017a0b35d30f3968": "employeeNumber", + "2c91808b79fd2422017a0b36008f396b": "employeeNumber" + } + } + } + } + } + } + } + }, + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSearchAttributeConfig", + "tags": [ + "Search Attribute Configuration" + ], + "summary": "Delete an extended search attribute in IdentityNow.", + "description": "This API accepts an extended attribute name and deletes the corresponding extended attribute configuration.\nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "name": "name", + "in": "path", + "description": "Name of the extended search attribute configuration to delete.", + "required": true, + "schema": { + "type": "string", + "example": "newMailAttribute" + } + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchSearchAttributeConfig", + "tags": [ + "Search Attribute Configuration" + ], + "summary": "Update the details of a specific extended search attribute in IdentityNow.", + "description": "This API updates an existing Search Attribute Configuration. The following fields are patchable:\n**name**, **displayName**, **applicationAttributes**\nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "name": "name", + "in": "path", + "description": "Name of the Search Attribute Configuration to patch.", + "required": true, + "schema": { + "type": "string", + "example": "promotedMailAttribute" + } + } + ], + "requestBody": { + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/name", + "value": "newAttributeName" + }, + { + "op": "replace", + "path": "/displayName", + "value": "new attribute display name" + }, + { + "op": "add", + "path": "/applicationAttributes", + "value": { + "2c91808b79fd2422017a0b35d30f3968": "employeeNumber" + } + } + ] + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Responds with the Search Attribute Configuration as updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the new attribute", + "example": "newMailAttribute" + }, + "displayName": { + "type": "string", + "description": "The display name of the new attribute", + "example": "New Mail Attribute" + }, + "applicationAttributes": { + "type": "object", + "description": "Map of application id and their associated attribute.", + "example": { + "2c91808b79fd2422017a0b35d30f3968": "employeeNumber", + "2c91808b79fd2422017a0b36008f396b": "employeeNumber" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/account-activities": { + "get": { + "operationId": "listAccountActivities", + "tags": [ + "Account Activities" + ], + "summary": "List Account Activities", + "description": "This gets a collection of account activities that satisfy the given query parameters.", + "parameters": [ + { + "in": "query", + "name": "requested-for", + "schema": { + "type": "string" + }, + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "required": false + }, + { + "in": "query", + "name": "requested-by", + "schema": { + "type": "string" + }, + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "required": false + }, + { + "in": "query", + "name": "regarding-identity", + "schema": { + "type": "string" + }, + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "required": false + }, + { + "in": "query", + "name": "type", + "schema": { + "type": "string" + }, + "description": "The type of account activity.", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in*\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified**" + } + ], + "responses": { + "200": { + "description": "List of account activities", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the account activity itself", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "completionStatus": { + "nullable": true, + "type": "string", + "description": "The status after completion.", + "enum": [ + "SUCCESS", + "FAILURE", + "INCOMPLETE", + "PENDING" + ], + "example": "SUCCESS" + }, + "type": { + "type": "string", + "example": "appRequest" + }, + "requesterIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "targetIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds." + ] + }, + "warnings": { + "type": "array", + "items": { + "type": "string" + }, + "example": null + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Item id", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of item", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "requested": { + "type": "string", + "format": "date-time", + "description": "Date and time item was requested", + "example": "2017-07-11T18:45:37.098Z" + }, + "approvalStatus": { + "nullable": true, + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "provisioningStatus": { + "type": "string", + "enum": [ + "PENDING", + "FINISHED", + "UNVERIFIABLE", + "COMMITED", + "FAILED", + "RETRY" + ], + "description": "Provisioning state of an account activity item", + "example": "PENDING" + }, + "requesterComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "reviewerIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "reviewerComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "operation": { + "nullable": true, + "type": "string", + "enum": [ + "ADD", + "CREATE", + "MODIFY", + "DELETE", + "DISABLE", + "ENABLE", + "UNLOCK", + "LOCK", + "REMOVE" + ], + "description": "Represents an operation in an account activity item", + "example": "ADD" + }, + "attribute": { + "type": "string", + "description": "Attribute to which account activity applies", + "nullable": true, + "example": "detectedRoles" + }, + "value": { + "type": "string", + "description": "Value of attribute", + "nullable": true, + "example": "Treasury Analyst [AccessProfile-1529010191212]" + }, + "nativeIdentity": { + "nullable": true, + "type": "string", + "description": "Native identity in the target system to which the account activity applies", + "example": "Sandie.Camero" + }, + "sourceId": { + "type": "string", + "description": "Id of Source to which account activity applies", + "example": "2c91808363ef85290164000587130c0c" + }, + "accountRequestInfo": { + "type": "object", + "nullable": true, + "properties": { + "requestedObjectId": { + "type": "string", + "description": "Id of requested object", + "example": "2c91808563ef85690164001c31140c0c" + }, + "requestedObjectName": { + "type": "string", + "description": "Human-readable name of requested object", + "example": "Treasury Analyst" + }, + "requestedObjectType": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + } + }, + "description": "If an account activity item is associated with an access request, captures details of that request." + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request item", + "example": { + "customKey1": "custom value 1", + "customKey2": "custom value 2" + } + }, + "removeDate": { + "nullable": true, + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + } + } + } + }, + "executionStatus": { + "type": "string", + "description": "The current state of execution.", + "enum": [ + "EXECUTING", + "VERIFYING", + "TERMINATED", + "COMPLETED" + ], + "example": "COMPLETED" + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request" + }, + "cancelable": { + "type": "boolean", + "description": "Whether the account activity can be canceled before completion" + }, + "cancelComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/account-activities/{id}": { + "get": { + "operationId": "getAccountActivity", + "tags": [ + "Account Activities" + ], + "summary": "Get Account Activity", + "description": "This gets a single account activity by its id.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account activity id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An account activity object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the account activity itself", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "completionStatus": { + "nullable": true, + "type": "string", + "description": "The status after completion.", + "enum": [ + "SUCCESS", + "FAILURE", + "INCOMPLETE", + "PENDING" + ], + "example": "SUCCESS" + }, + "type": { + "type": "string", + "example": "appRequest" + }, + "requesterIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "targetIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds." + ] + }, + "warnings": { + "type": "array", + "items": { + "type": "string" + }, + "example": null + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Item id", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of item", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "requested": { + "type": "string", + "format": "date-time", + "description": "Date and time item was requested", + "example": "2017-07-11T18:45:37.098Z" + }, + "approvalStatus": { + "nullable": true, + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "provisioningStatus": { + "type": "string", + "enum": [ + "PENDING", + "FINISHED", + "UNVERIFIABLE", + "COMMITED", + "FAILED", + "RETRY" + ], + "description": "Provisioning state of an account activity item", + "example": "PENDING" + }, + "requesterComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "reviewerIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "reviewerComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "operation": { + "nullable": true, + "type": "string", + "enum": [ + "ADD", + "CREATE", + "MODIFY", + "DELETE", + "DISABLE", + "ENABLE", + "UNLOCK", + "LOCK", + "REMOVE" + ], + "description": "Represents an operation in an account activity item", + "example": "ADD" + }, + "attribute": { + "type": "string", + "description": "Attribute to which account activity applies", + "nullable": true, + "example": "detectedRoles" + }, + "value": { + "type": "string", + "description": "Value of attribute", + "nullable": true, + "example": "Treasury Analyst [AccessProfile-1529010191212]" + }, + "nativeIdentity": { + "nullable": true, + "type": "string", + "description": "Native identity in the target system to which the account activity applies", + "example": "Sandie.Camero" + }, + "sourceId": { + "type": "string", + "description": "Id of Source to which account activity applies", + "example": "2c91808363ef85290164000587130c0c" + }, + "accountRequestInfo": { + "type": "object", + "nullable": true, + "properties": { + "requestedObjectId": { + "type": "string", + "description": "Id of requested object", + "example": "2c91808563ef85690164001c31140c0c" + }, + "requestedObjectName": { + "type": "string", + "description": "Human-readable name of requested object", + "example": "Treasury Analyst" + }, + "requestedObjectType": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + } + }, + "description": "If an account activity item is associated with an access request, captures details of that request." + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request item", + "example": { + "customKey1": "custom value 1", + "customKey2": "custom value 2" + } + }, + "removeDate": { + "nullable": true, + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + } + } + } + }, + "executionStatus": { + "type": "string", + "description": "The current state of execution.", + "enum": [ + "EXECUTING", + "VERIFYING", + "TERMINATED", + "COMPLETED" + ], + "example": "COMPLETED" + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request" + }, + "cancelable": { + "type": "boolean", + "description": "Whether the account activity can be canceled before completion" + }, + "cancelComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/account-aggregations/{id}/status": { + "get": { + "operationId": "getAccountAggregationStatus", + "tags": [ + "Account Aggregations" + ], + "summary": "In-progress Account Aggregation status", + "description": "This API returns the status of an *in-progress* account aggregation, along with the total number of **NEW**, **CHANGED** and **DELETED** accounts found since the previous aggregation, and the number of those accounts that have been processed so far.\n\nAccounts that have not changed since the previous aggregation are not included in **totalAccounts** and **processedAccounts** counts returned by this API. This is distinct from **Accounts Scanned** shown in the Aggregation UI, which indicates total accounts scanned regardless of whether they changed or not.\n\nSince this endpoint reports on the status of an *in-progress* account aggregation, totalAccounts and processedAccounts may change between calls to this endpoint.\n\n*Only available up to an hour after the aggregation completes. May respond with *404 Not Found* after that.*\n\nA token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN or DASHBOARD authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account aggregation id", + "example": "2c91808477a6b0c60177a81146b8110b" + } + ], + "responses": { + "200": { + "description": "An account aggregation status object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "start": { + "type": "string", + "format": "date-time", + "example": "2021-01-31T14:30:05.104Z", + "description": "When the aggregation started." + }, + "status": { + "type": "string", + "enum": [ + "STARTED", + "ACCOUNTS_COLLECTED", + "COMPLETED", + "CANCELLED", + "RETRIED", + "TERMINATED" + ], + "example": "ACCOUNTS_COLLECTED", + "description": "STARTED - Aggregation started, but source account iteration has not completed.\n\nACCOUNTS_COLLECTED - Source account iteration completed, but all accounts have not yet been processed.\n\nCOMPLETED - Aggregation completed (*possibly with errors*).\n\nCANCELLED - Aggregation cancelled by user.\n\nRETRIED - Aggregation retried because of connectivity issues with the Virtual Appliance.\n\nTERMINATED - Aggregation marked as failed after 3 tries after connectivity issues with the Virtual Appliance.\n" + }, + "totalAccounts": { + "type": "integer", + "example": 520, + "description": "The total number of *NEW, CHANGED and DELETED* accounts that need to be processed for this aggregation. This does not include accounts that were unchanged since the previous aggregation. This can be zero if there were no new, changed or deleted accounts since the previous aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*" + }, + "processedAccounts": { + "type": "integer", + "example": 150, + "description": "The number of *NEW, CHANGED and DELETED* accounts that have been processed so far. This reflects the number of accounts that have been processed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns": { + "get": { + "operationId": "getActiveCampaigns", + "tags": [ + "Certification Campaigns" + ], + "summary": "List Campaigns", + "description": "Gets campaigns and returns them in a list. Can provide increased level of detail for each campaign if provided the correct query.", + "parameters": [ + { + "in": "query", + "name": "detail", + "schema": { + "type": "string", + "enum": [ + "SLIM", + "FULL" + ] + }, + "required": false, + "description": "Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.", + "example": "FULL" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "required": false, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**status**: *eq, in*", + "example": "name eq \"Manager Campaign\"" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "required": false, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "example": "name" + } + ], + "responses": { + "200": { + "description": "A list of campaign objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + } + ] + } + }, + "examples": { + "Slim Campaign": { + "description": "List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM", + "value": [ + { + "id": "2c918086719eec070171a7e3355a360a", + "name": "Manager Review", + "description": "A review of everyone's access by their manager.", + "deadline": "2020-12-25T06:00:00.123Z", + "type": "MANAGER", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + }, + { + "id": "7e1a731e3fb845cfbe58112ba4673ee4", + "name": "Search Campaign", + "description": "Search Campaign Info", + "deadline": "2022-07-26T15:42:44Z", + "type": "SEARCH", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + }, + { + "id": "2c918086719eec070171a7e3355a412b", + "name": "AD Source Review", + "description": "A review of our AD source.", + "deadline": "2020-12-25T06:00:00.123Z", + "type": "SOURCE_OWNER", + "status": "STAGED", + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + }, + { + "id": "3b2e2e5821e84127b6d693d41c40623b", + "name": "Role Composition Campaign", + "description": "A review done by a role owner.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "ROLE_COMPOSITION", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + ] + }, + "Full Campaign": { + "description": "List of Campaigns that would result from specifying *detail* as FULL", + "value": [ + { + "id": "078696a575e045c68d6722ccdb9f101d", + "name": "Role Composition Campaign", + "description": "A review done by a role owner.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "ROLE_COMPOSITION", + "status": "ERROR", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "created": "2022-08-02T20:29:51.065Z", + "modified": "2022-08-02T20:29:51.331Z", + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0fbe863c063c4c88a35fd7f17e8a3df5", + "name": "Test Role Composition Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": { + "remediatorRef": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "reviewerId": null, + "reviewer": null, + "roleIds": [ + "b15d609fc5c8434b865fe552315fda8f" + ], + "query": null, + "description": null + }, + "alerts": [ + { + "level": "ERROR", + "localizations": [ + { + "locale": "en", + "localeOrigin": "DEFAULT", + "text": "Composite criterion must have children non-composite criterion must not." + } + ] + } + ], + "totalCertifications": 0, + "completedCertifications": 0, + "sourcesWithOrphanEntitlements": null + }, + { + "id": "1be8fc1103914bf0a4e14e316b6a7b7c", + "name": "Manager Review", + "description": "A review of everyone's access by their manager.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "MANAGER", + "status": "STAGED", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "created": "2022-08-02T19:00:27.731Z", + "modified": "2022-08-02T19:00:34.391Z", + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0fbe863c063c4c88a35fd7f17e8a3df5", + "name": "Test Manager Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": 5, + "completedCertifications": 0, + "sourcesWithOrphanEntitlements": [] + }, + { + "id": "7e1a731e3fb845cfbe58112ba4673ee4", + "name": "Search Campaign", + "description": "Search Campaign for Identities", + "deadline": "2022-07-26T15:42:44Z", + "type": "SEARCH", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "created": "2022-07-25T15:42:18.276Z", + "modified": "2022-07-25T15:42:53.718Z", + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0fbe863c063c4c88a35fd7f17e8a3df5", + "name": "Test Search Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": { + "type": "IDENTITY", + "description": "Example of Search Campaign", + "reviewer": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": null + }, + "query": "user", + "identityIds": null, + "accessConstraints": [] + }, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": 6, + "completedCertifications": 0, + "sourcesWithOrphanEntitlements": [] + }, + { + "id": "ad3cf3dd50394b1bad646de4bc51b999", + "name": "Source Owner Campaign", + "description": "Example for Source Owner Campaign", + "deadline": "2022-08-10T17:09:02Z", + "type": "SOURCE_OWNER", + "status": "ACTIVE", + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "created": "2022-07-27T17:04:19.027Z", + "modified": "2022-07-27T17:09:13.925Z", + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0fbe863c063c4c88a35fd7f17e8a3df5", + "name": "Test Source Owner Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": { + "sourceIds": [ + "2c91808781fd5aea01821200dc88318e" + ] + }, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": 2, + "completedCertifications": 0, + "sourcesWithOrphanEntitlements": [], + "correlatedStatus": "CORRELATED" + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createCampaign", + "tags": [ + "Certification Campaigns" + ], + "summary": "Create a campaign", + "description": "Creates a new Certification Campaign with the information provided in the request body.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + }, + "examples": { + "Manager": { + "value": { + "name": "Manager Review", + "description": "A review of everyone's access by their manager.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "MANAGER", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0c46fb26c6b20967a55517ee90d15b93" + } + } + }, + "Search": { + "value": { + "name": "Search Campaign", + "description": "Search Campaign", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "SEARCH", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0c46fb26c6b20967a55517ee90d15b93" + }, + "searchCampaignInfo": { + "type": "ACCESS", + "query": "user" + } + } + }, + "Source Owner": { + "value": { + "name": "Source Owner", + "description": "Source Owner Info", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "SOURCE_OWNER", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0c46fb26c6b20967a55517ee90d15b93" + }, + "sourceOwnerCampaignInfo": { + "sourceIds": [ + "612b31b1a0f04aaf83123bdb80e70db6" + ] + }, + "correlatedStatus": "CORRELATED" + } + }, + "Role Composition": { + "value": { + "name": "Role Composition Campaign", + "description": "A review done by a role owner.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "ROLE_COMPOSITION", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0c46fb26c6b20967a55517ee90d15b93" + }, + "roleCompositionCampaignInfo": { + "remediatorRef": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "roleIds": [ + "b15d609fc5c8434b865fe552315fda8f" + ] + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates that the campaign requested was successfully created and returns its representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + }, + "examples": { + "Manager": { + "value": { + "id": "5594f43b76804a6980ece5fdccf74be7", + "name": "Manager Review", + "description": "A review of everyone's access by their manager.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "MANAGER", + "status": "PENDING", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "created": "2022-08-02T20:21:18.421Z", + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0fbe863c063c4c88a35fd7f17e8a3df5", + "name": "Test Manager Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": 0, + "completedCertifications": 0, + "sourcesWithOrphanEntitlements": null + } + }, + "Search": { + "value": { + "id": "ec041831cb2147778b594feb9d8db44a", + "name": "Search Campaign", + "description": "Search Campaign", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "SEARCH", + "status": "PENDING", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "created": "2022-08-03T13:54:34.344Z", + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0fbe863c063c4c88a35fd7f17e8a3df5", + "name": "Test Search Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": { + "type": "ACCESS", + "description": "user", + "reviewer": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": null + }, + "query": "user", + "identityIds": null, + "accessConstraints": [] + }, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": 0, + "completedCertifications": 0, + "sourcesWithOrphanEntitlements": null + } + }, + "Source Owner": { + "value": { + "id": "fd7b76ba4ea042de8a9414aa12fc977a", + "name": "Source Owner", + "description": "Source Owner Info", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "SOURCE_OWNER", + "status": "PENDING", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "created": "2022-08-03T13:34:19.541Z", + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0fbe863c063c4c88a35fd7f17e8a3df5", + "name": "Test Source Owner Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "sourceIds": [ + "612b31b1a0f04aaf83123bdb80e70db6" + ], + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": 0, + "completedCertifications": 0, + "sourcesWithOrphanEntitlements": null, + "correlatedStatus": "CORRELATED" + } + }, + "Role Composition": { + "value": { + "id": "3b2e2e5821e84127b6d693d41c40623b", + "name": "Role Composition Campaign", + "description": "A review done by a role owner.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "ROLE_COMPOSITION", + "status": "PENDING", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "created": "2022-08-02T20:30:46.083Z", + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "0fbe863c063c4c88a35fd7f17e8a3df5", + "name": "Test Role Composition Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": { + "remediatorRef": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "reviewerId": null, + "reviewer": null, + "roleIds": [ + "b15d609fc5c8434b865fe552315fda8f" + ], + "query": null, + "description": null + }, + "alerts": null, + "totalCertifications": 0, + "completedCertifications": 0, + "sourcesWithOrphanEntitlements": null + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/delete": { + "post": { + "operationId": "deleteCampaigns", + "tags": [ + "Certification Campaigns" + ], + "summary": "Deletes Campaigns", + "description": "Deletes campaigns whose Ids are specified in the provided list of campaign Ids. Authorized callers must be an ORG_ADMIN or a CERT_ADMIN.", + "requestBody": { + "description": "The ids of the campaigns to delete.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "ids": { + "description": "The ids of the campaigns to delete", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c9180887335cee10173490db1776c26", + "2c9180836a712436016a7125a90c0021" + ] + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/{id}": { + "get": { + "operationId": "getCampaign", + "tags": [ + "Certification Campaigns" + ], + "summary": "Get a campaign", + "description": "Retrieves information for an existing campaign using the campaign's ID. Authorized callers must be a reviewer for this campaign, an ORG_ADMIN, or a CERT_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the campaign to be retrieved", + "example": "2c91808571bcfcf80171c23e4b4221fc" + } + ], + "responses": { + "200": { + "description": "A campaign object", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + "examples": { + "Manager": { + "value": { + "id": "2c918086719eec070171a7e3355a360a", + "name": "Manager Review", + "description": "A review of everyone's access by their manager.", + "deadline": "2020-12-25T06:00:00.123Z", + "type": "MANAGER", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + }, + "Search": { + "value": { + "id": "7e1a731e3fb845cfbe58112ba4673ee4", + "name": "Search Campaign", + "description": "Search Campaign Info", + "deadline": "2022-07-26T15:42:44Z", + "type": "SEARCH", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + }, + "Source Owner": { + "value": { + "id": "2c918086719eec070171a7e3355a412b", + "name": "AD Source Review", + "description": "A review of our AD source.", + "deadline": "2020-12-25T06:00:00.123Z", + "type": "SOURCE_OWNER", + "status": "STAGED", + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + }, + "RoleComposition": { + "value": { + "id": "3b2e2e5821e84127b6d693d41c40623b", + "name": "Role Composition Campaign", + "description": "A review done by a role owner.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "ROLE_COMPOSITION", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateCampaign", + "tags": [ + "Certification Campaigns" + ], + "summary": "Update a Campaign", + "description": "Allows updating individual fields on a campaign using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the campaign template being modified.", + "example": "2c91808571bcfcf80171c23e4b4221fc" + } + ], + "requestBody": { + "required": true, + "description": "A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\nThe fields that can be patched differ based on the status of the campaign.\n\nIn the *STAGED* status, the following fields can be patched:\n* name\n* description\n* recommendationsEnabled\n* deadline\n* emailNotificationEnabled\n* autoRevokeAllowed\n\nIn the *ACTIVE* status, the following fields can be patched:\n* deadline\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + }, + "example": [ + { + "op": "replace", + "path": "/name", + "value": "This field has been updated!" + }, + { + "op": "copy", + "from": "/name", + "path": "/description" + } + ] + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the campaign's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + "examples": { + "Manager": { + "value": { + "id": "2c918086719eec070171a7e3355a360a", + "name": "Manager Review", + "description": "A review of everyone's access by their manager.", + "deadline": "2020-12-25T06:00:00.123Z", + "type": "MANAGER", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + }, + "Search": { + "value": { + "id": "7e1a731e3fb845cfbe58112ba4673ee4", + "name": "Search Campaign", + "description": "Search Campaign Info", + "deadline": "2022-07-26T15:42:44Z", + "type": "SEARCH", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + }, + "Source Owner": { + "value": { + "id": "2c918086719eec070171a7e3355a412b", + "name": "AD Source Review", + "description": "A review of our AD source.", + "deadline": "2020-12-25T06:00:00.123Z", + "type": "SOURCE_OWNER", + "status": "STAGED", + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + }, + "RoleComposition": { + "value": { + "id": "3b2e2e5821e84127b6d693d41c40623b", + "name": "Role Composition Campaign", + "description": "A review done by a role owner.", + "deadline": "2020-12-25T06:00:00.468Z", + "type": "ROLE_COMPOSITION", + "status": "ACTIVE", + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/{id}/activate": { + "post": { + "operationId": "activateCampaign", + "tags": [ + "Certification Campaigns" + ], + "summary": "Activate a Campaign", + "description": "Submits a job to activate the campaign with the given Id. The campaign must be staged.\nRequires roles of CERT_ADMIN and ORG_ADMIN", + "requestBody": { + "description": "Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller's timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format.", + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "timeZone": { + "type": "string", + "description": "The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as 'Z') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh.", + "default": "Z", + "example": "-05:00" + } + } + } + } + } + }, + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The campaign id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/{id}/complete": { + "post": { + "operationId": "completeCampaign", + "tags": [ + "Certification Campaigns" + ], + "summary": "Complete a Campaign", + "description": ":::caution\n\nThis endpoint will run successfully for any campaigns that are **past due**.\n\nThis endpoint will return a content error if the campaign is **not past due**.\n\n:::\n\nCompletes a certification campaign. This is provided to admins so that they\ncan complete a certification even if all items have not been completed.\n\nRequires roles of CERT_ADMIN and ORG_ADMIN\n", + "requestBody": { + "description": "Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE", + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "autoCompleteAction": { + "description": "Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion.", + "type": "string", + "enum": [ + "APPROVE", + "REVOKE" + ], + "default": "APPROVE", + "example": "REVOKE" + } + } + } + } + } + }, + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The campaign id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/{id}/run-remediation-scan": { + "post": { + "operationId": "runCampaignRemediationScan", + "tags": [ + "Certification Campaigns" + ], + "summary": "Run Campaign Remediation Scan", + "description": "Kicks off remediation scan task for a certification campaign.\nRequires roles of CERT_ADMIN and ORG_ADMIN", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string", + "example": "2c91808571bcfcf80171c23e4b4221fc" + }, + "required": true, + "description": "The ID of the campaign for which remediation scan is being run." + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/{id}/reassign": { + "post": { + "operationId": "reassignCampaign", + "tags": [ + "Certification Campaigns" + ], + "summary": "Reassign Certifications", + "description": "This API reassigns the specified certifications from one identity to another. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The certification campaign ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "certificationIds": { + "description": "List of certification IDs to reassign", + "type": "array", + "items": { + "type": "string" + }, + "minItems": 1, + "maxItems": 250, + "example": [ + "af3859464779471211bb8424a563abc1", + "af3859464779471211bb8424a563abc2", + "af3859464779471211bb8424a563abc3" + ] + }, + "reassignTo": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The identity ID to which the review is being assigned.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "type": { + "type": "string", + "description": "The type of the ID provided.", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + } + } + }, + "reason": { + "type": "string", + "description": "Comment to explain why the certification was reassigned", + "example": "reassigned for some reason" + } + } + } + } + } + }, + "responses": { + "202": { + "description": "The reassign task that has been submitted.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification task.", + "example": "2c918086719eec070171a7e3355a360a" + }, + "type": { + "type": "string", + "description": "The type of the certification task. More values may be added in the future.", + "enum": [ + "REASSIGN", + "ADMIN_REASSIGN", + "COMPLETE_CERTIFICATION", + "FINISH_CERTIFICATION", + "COMPLETE_CAMPAIGN", + "ACTIVATE_CAMPAIGN", + "CAMPAIGN_CREATE", + "CAMPAIGN_DELETE" + ], + "example": "ADMIN_REASSIGN" + }, + "targetType": { + "type": "string", + "description": "The type of item that is being operated on by this task whose ID is stored in the targetId field.", + "enum": [ + "CERTIFICATION", + "CAMPAIGN" + ], + "example": "CAMPAIGN" + }, + "targetId": { + "type": "string", + "description": "The ID of the item being operated on by this task.", + "example": "2c918086719eec070171a7e3355a834c" + }, + "status": { + "type": "string", + "description": "The status of the task.", + "enum": [ + "QUEUED", + "IN_PROGRESS", + "SUCCESS", + "ERROR" + ] + }, + "errors": { + "description": "A list of errors that have been encountered by the task.", + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "created": { + "type": "string", + "description": "The date and time on which this task was created.", + "format": "date-time", + "example": "2020-09-24T18:10:47.693Z" + } + } + }, + "example": { + "id": "2c918086719eec070171a7e3355a360a", + "type": "ADMIN_REASSIGN", + "targetType": "CAMPAIGN", + "targetId": "2c918086719eec070171a7e3355a834c", + "status": "QUEUED", + "errors": [], + "created": "2020-09-24T18:10:47.693Z" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/{id}/reports": { + "get": { + "operationId": "getCampaignReports", + "tags": [ + "Certification Campaigns" + ], + "summary": "Get Campaign Reports", + "description": "Fetches all reports for a certification campaign by campaign ID.\nRequires roles of CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string", + "example": "2c91808571bcfcf80171c23e4b4221fc" + }, + "required": true, + "description": "The ID of the campaign for which reports are being fetched." + } + ], + "responses": { + "200": { + "description": "Array of campaign report objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "title": "Campaign Report", + "required": [ + "reportType" + ], + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "reportType": { + "type": "string", + "enum": [ + "CAMPAIGN_COMPOSITION_REPORT", + "CAMPAIGN_REMEDIATION_STATUS_REPORT", + "CAMPAIGN_STATUS_REPORT", + "CERTIFICATION_SIGNOFF_REPORT" + ] + }, + "lastRunAt": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "The most recent date and time this report was run" + } + } + } + ], + "example": { + "type": "REPORT_RESULT", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Campaign Composition Report", + "status": "SUCCESS", + "reportType": "CAMPAIGN_COMPOSITION_REPORT", + "lastRunAt": "2019-12-19T13:49:37.385Z" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/{id}/run-report/{type}": { + "post": { + "operationId": "runCampaignReport", + "tags": [ + "Certification Campaigns" + ], + "summary": "Run Campaign Report", + "description": "Runs a report for a certification campaign.\nRequires the following roles: CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string", + "example": "2c91808571bcfcf80171c23e4b4221fc" + }, + "required": true, + "description": "The ID of the campaign for which report is being run." + }, + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "CAMPAIGN_COMPOSITION_REPORT", + "CAMPAIGN_REMEDIATION_STATUS_REPORT", + "CAMPAIGN_STATUS_REPORT", + "CERTIFICATION_SIGNOFF_REPORT" + ] + }, + "required": true, + "description": "The type of the report to run." + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaigns/reports-configuration": { + "get": { + "operationId": "getCampaignReportsConfig", + "tags": [ + "Certification Campaigns" + ], + "summary": "Get Campaign Reports Configuration", + "description": "Fetches configuration for campaign reports. Currently it includes only one element - identity attributes defined as custom report columns.\nRequires roles of CERT_ADMIN and ORG_ADMIN.", + "responses": { + "200": { + "description": "Campaign Report Configuration", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Campaign Reports Configuration", + "properties": { + "identityAttributeColumns": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "firstname", + "lastname" + ] + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "setCampaignReportsConfig", + "tags": [ + "Certification Campaigns" + ], + "summary": "Set Campaign Reports Configuration", + "description": "Overwrites configuration for campaign reports.\nRequires roles CERT_ADMIN and ORG_ADMIN.", + "requestBody": { + "required": true, + "description": "Campaign Report Configuration", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Campaign Reports Configuration", + "properties": { + "identityAttributeColumns": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "firstname", + "lastname" + ] + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The persisted Campaign Report Configuration", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Campaign Reports Configuration", + "properties": { + "identityAttributeColumns": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "firstname", + "lastname" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaign-templates": { + "get": { + "operationId": "listCampaignTemplates", + "tags": [ + "Certification Campaigns" + ], + "summary": "List Campaign Templates", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**" + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields: **name, id**" + } + ], + "responses": { + "200": { + "description": "List of campaign template objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "Campaign Template", + "properties": { + "id": { + "type": "string", + "description": "Id of the campaign template", + "example": "2c9079b270a266a60170a277bb960008" + }, + "name": { + "type": "string", + "description": "This template's name. Has no bearing on generated campaigns' names.", + "example": "Manager Campaign Template" + }, + "description": { + "type": "string", + "description": "This template's description. Has no bearing on generated campaigns' descriptions.", + "example": "Template for the annual manager campaign." + }, + "created": { + "type": "string", + "description": "Creation date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:44:00.364Z" + }, + "modified": { + "type": "string", + "description": "Modification date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:52:09.969Z" + }, + "scheduled": { + "type": "boolean", + "readOnly": true, + "description": "Indicates if this campaign template has been scheduled.", + "example": false + }, + "ownerRef": { + "type": "object", + "description": "The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.", + "properties": { + "id": { + "type": "string", + "description": "Id of the owner", + "example": "2c918086676d3e0601677611dbde220f" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the owner", + "example": "IDENTITY" + }, + "name": { + "type": "string", + "description": "Name of the owner", + "example": "Mister Manager" + }, + "email": { + "type": "string", + "description": "Email of the owner", + "example": "mr.manager@example.com" + } + } + }, + "deadlineDuration": { + "type": "string", + "description": "The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign's deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was \"P2W\" (two weeks), the resulting campaign's deadline would be 2020-01-15 (the current date plus 14 days).", + "example": "P2W" + }, + "campaign": { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + } + }, + "required": [ + "name", + "description", + "created", + "modified", + "campaign" + ] + } + }, + "example": [ + { + "id": "e7dbec99d49349c8951bd84f58a05120", + "name": "Manager Review", + "created": "2022-08-02T19:16:42.632Z", + "modified": null, + "description": "A review of everyone's access by their manager.", + "deadlineDuration": "P14D", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Manager Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Manager Review", + "description": "Review everyone's access.", + "deadline": null, + "type": "MANAGER", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + }, + { + "id": "b7e6459eed5247ac8b98a5fed81fe27f", + "name": "Reporting Access Review", + "created": "2022-07-28T19:19:40.035Z", + "modified": null, + "description": "A review of everyone's access to the reporting system.", + "deadlineDuration": "P14D", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Search Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": { + "type": "ACCESS", + "description": "Identities with reporting abilities", + "reviewerId": null, + "reviewer": null, + "query": "@access(name: (\"reporter\"))", + "identityIds": null, + "accessConstraints": [] + }, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Search Campaign", + "description": "Review everyone's access to the reporting system.", + "deadline": null, + "type": "SEARCH", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + }, + { + "id": "b9f41bc69e7a4291b9de0630396d030d", + "name": "Campaign With Admin Role", + "created": "2022-08-02T13:40:36.857Z", + "modified": null, + "description": "Campaign With Admin Role", + "deadlineDuration": null, + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": null, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": { + "remediatorRef": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "reviewerId": null, + "reviewer": null, + "roleIds": [ + "b15d609fc5c8434b865fe552315fda8f" + ], + "query": null, + "description": null + }, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Campaign With Admin Role", + "description": "Campaign With Admin Role", + "deadline": null, + "type": "ROLE_COMPOSITION", + "status": null, + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + }, + { + "id": "b9f41bc69e7a4291b9de0630396d030d", + "name": "AD Source Review", + "created": "2022-08-02T13:40:36.857Z", + "modified": null, + "description": "A review of our AD source.", + "deadlineDuration": "P1M", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Source Owner Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": { + "sourceIds": [ + "2c918084707deba501709d45ce4e5569" + ] + }, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "AD Source Review", + "description": "Review everyone's access.", + "deadline": null, + "type": "SOURCE_OWNER", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createCampaignTemplate", + "tags": [ + "Certification Campaigns" + ], + "summary": "Create a Campaign Template", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Campaign Template", + "properties": { + "id": { + "type": "string", + "description": "Id of the campaign template", + "example": "2c9079b270a266a60170a277bb960008" + }, + "name": { + "type": "string", + "description": "This template's name. Has no bearing on generated campaigns' names.", + "example": "Manager Campaign Template" + }, + "description": { + "type": "string", + "description": "This template's description. Has no bearing on generated campaigns' descriptions.", + "example": "Template for the annual manager campaign." + }, + "created": { + "type": "string", + "description": "Creation date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:44:00.364Z" + }, + "modified": { + "type": "string", + "description": "Modification date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:52:09.969Z" + }, + "scheduled": { + "type": "boolean", + "readOnly": true, + "description": "Indicates if this campaign template has been scheduled.", + "example": false + }, + "ownerRef": { + "type": "object", + "description": "The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.", + "properties": { + "id": { + "type": "string", + "description": "Id of the owner", + "example": "2c918086676d3e0601677611dbde220f" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the owner", + "example": "IDENTITY" + }, + "name": { + "type": "string", + "description": "Name of the owner", + "example": "Mister Manager" + }, + "email": { + "type": "string", + "description": "Email of the owner", + "example": "mr.manager@example.com" + } + } + }, + "deadlineDuration": { + "type": "string", + "description": "The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign's deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was \"P2W\" (two weeks), the resulting campaign's deadline would be 2020-01-15 (the current date plus 14 days).", + "example": "P2W" + }, + "campaign": { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + } + }, + "required": [ + "name", + "description", + "created", + "modified", + "campaign" + ] + }, + "examples": { + "Manager": { + "description": "This creates a template that can be used to generate manager campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named \"{current date} Manager Review\" (e.g. \"2020-03-16 Manager Review\").", + "value": { + "name": "Manager Review", + "description": "A review of everyone's access by their manager.", + "deadlineDuration": "P2W", + "campaign": { + "name": "Manager Review", + "description": "Review everyone's access.", + "type": "MANAGER", + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c" + }, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + } + }, + "Search": { + "description": "This creates a template that can be used to generate search access campaigns. The campaigns will cover the \"reporter\" access item for across all identities.", + "value": { + "name": "Reporting Access Review", + "description": "A review of everyone's access to the reporting system.", + "deadlineDuration": "P2W", + "campaign": { + "name": "Search Review", + "description": "Review everyone's access to the reporting system.", + "type": "SEARCH", + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c" + }, + "searchCampaignInfo": { + "type": "ACCESS", + "query": "@access(name: (\"reporter\"))", + "description": "Identities with reporting abilities" + }, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + } + }, + "Source Owner": { + "description": "This creates a template that can be used to generate source owner campaigns. The campaigns will have a due date that is one month after their creation date, and will review one source.", + "value": { + "name": "AD Source Review", + "description": "A review of our AD source.", + "deadlineDuration": "P1M", + "campaign": { + "name": "Source Review", + "description": "Review everyone's access.", + "type": "SOURCE_OWNER", + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c" + }, + "sourceOwnerCampaignInfo": { + "sourceIds": [ + "2c918084707deba501709d45ce4e5569" + ] + }, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "RoleComposition": { + "description": "This creates a template that can be used to generate role composition campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named \"{current date} Role Composition Review\" (e.g. \"2020-03-16 Role Composition Review\").", + "value": { + "name": "Role Composition Review", + "description": "A review of every role's access items, by the specified reviewer.", + "deadlineDuration": "P2W", + "campaign": { + "name": "Role Composition Review", + "description": "Review all our roles.", + "type": "ROLE_COMPOSITION", + "roleCompositionCampaignInfo": { + "remediatorRef": { + "type": "IDENTITY", + "id": "2c9180876ab2c053016ab6f65dfd5aaa" + } + }, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Created successfully.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Campaign Template", + "properties": { + "id": { + "type": "string", + "description": "Id of the campaign template", + "example": "2c9079b270a266a60170a277bb960008" + }, + "name": { + "type": "string", + "description": "This template's name. Has no bearing on generated campaigns' names.", + "example": "Manager Campaign Template" + }, + "description": { + "type": "string", + "description": "This template's description. Has no bearing on generated campaigns' descriptions.", + "example": "Template for the annual manager campaign." + }, + "created": { + "type": "string", + "description": "Creation date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:44:00.364Z" + }, + "modified": { + "type": "string", + "description": "Modification date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:52:09.969Z" + }, + "scheduled": { + "type": "boolean", + "readOnly": true, + "description": "Indicates if this campaign template has been scheduled.", + "example": false + }, + "ownerRef": { + "type": "object", + "description": "The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.", + "properties": { + "id": { + "type": "string", + "description": "Id of the owner", + "example": "2c918086676d3e0601677611dbde220f" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the owner", + "example": "IDENTITY" + }, + "name": { + "type": "string", + "description": "Name of the owner", + "example": "Mister Manager" + }, + "email": { + "type": "string", + "description": "Email of the owner", + "example": "mr.manager@example.com" + } + } + }, + "deadlineDuration": { + "type": "string", + "description": "The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign's deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was \"P2W\" (two weeks), the resulting campaign's deadline would be 2020-01-15 (the current date plus 14 days).", + "example": "P2W" + }, + "campaign": { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + } + }, + "required": [ + "name", + "description", + "created", + "modified", + "campaign" + ] + }, + "examples": { + "Manager": { + "value": { + "id": "e7dbec99d49349c8951bd84f58a05120", + "name": "Manager Review", + "created": "2022-08-02T19:16:42.632Z", + "modified": null, + "description": "A review of everyone's access by their manager.", + "deadlineDuration": "P14D", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Manager Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Manager Review", + "description": "Review everyone's access.", + "deadline": null, + "type": "MANAGER", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "Search": { + "value": { + "id": "b7e6459eed5247ac8b98a5fed81fe27f", + "name": "Reporting Access Review", + "created": "2022-07-28T19:19:40.035Z", + "modified": null, + "description": "A review of everyone's access to the reporting system.", + "deadlineDuration": "P14D", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Search Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": { + "type": "ACCESS", + "description": "Identities with reporting abilities", + "reviewerId": null, + "reviewer": null, + "query": "@access(name: (\"reporter\"))", + "identityIds": null, + "accessConstraints": [] + }, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Search Campaign Review", + "description": "Review everyone's access to the reporting system.", + "deadline": null, + "type": "SEARCH", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "Source Owner": { + "value": { + "id": "b9f41bc69e7a4291b9de0630396d030d", + "name": "AD Source Review", + "created": "2022-08-02T13:40:36.857Z", + "modified": null, + "description": "A review of our AD source.", + "deadlineDuration": "P1M", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Source Owner Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": { + "sourceIds": [ + "2c918084707deba501709d45ce4e5569" + ] + }, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "AD Source Review", + "description": "Review everyone's access.", + "deadline": null, + "type": "SOURCE_OWNER", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "RoleComposition": { + "value": { + "id": "b9f41bc69e7a4291b9de0630396d030d", + "name": "Campaign With Admin Role", + "created": "2022-08-02T13:40:36.857Z", + "modified": null, + "description": "Campaign With Admin Role", + "deadlineDuration": null, + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": null, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": { + "remediatorRef": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "reviewerId": null, + "reviewer": null, + "roleIds": [ + "b15d609fc5c8434b865fe552315fda8f" + ], + "query": null, + "description": null + }, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Campaign With Admin Role", + "description": "Campaign With Admin Role", + "deadline": null, + "type": "ROLE_COMPOSITION", + "status": null, + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaign-templates/{id}": { + "get": { + "operationId": "getCampaignTemplate", + "tags": [ + "Certification Campaigns" + ], + "summary": "Get a Campaign Template", + "description": "Fetches a campaign template by ID.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The desired campaign template's ID.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "The data for the campaign matching the given ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Campaign Template", + "properties": { + "id": { + "type": "string", + "description": "Id of the campaign template", + "example": "2c9079b270a266a60170a277bb960008" + }, + "name": { + "type": "string", + "description": "This template's name. Has no bearing on generated campaigns' names.", + "example": "Manager Campaign Template" + }, + "description": { + "type": "string", + "description": "This template's description. Has no bearing on generated campaigns' descriptions.", + "example": "Template for the annual manager campaign." + }, + "created": { + "type": "string", + "description": "Creation date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:44:00.364Z" + }, + "modified": { + "type": "string", + "description": "Modification date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:52:09.969Z" + }, + "scheduled": { + "type": "boolean", + "readOnly": true, + "description": "Indicates if this campaign template has been scheduled.", + "example": false + }, + "ownerRef": { + "type": "object", + "description": "The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.", + "properties": { + "id": { + "type": "string", + "description": "Id of the owner", + "example": "2c918086676d3e0601677611dbde220f" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the owner", + "example": "IDENTITY" + }, + "name": { + "type": "string", + "description": "Name of the owner", + "example": "Mister Manager" + }, + "email": { + "type": "string", + "description": "Email of the owner", + "example": "mr.manager@example.com" + } + } + }, + "deadlineDuration": { + "type": "string", + "description": "The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign's deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was \"P2W\" (two weeks), the resulting campaign's deadline would be 2020-01-15 (the current date plus 14 days).", + "example": "P2W" + }, + "campaign": { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + } + }, + "required": [ + "name", + "description", + "created", + "modified", + "campaign" + ] + }, + "examples": { + "Manager": { + "value": { + "id": "e7dbec99d49349c8951bd84f58a05120", + "name": "Manager Review", + "created": "2022-08-02T19:16:42.632Z", + "modified": null, + "description": "A review of everyone's access by their manager.", + "deadlineDuration": "P14D", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Manager Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Manager Review", + "description": "Review everyone's access.", + "deadline": null, + "type": "MANAGER", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "Search": { + "value": { + "id": "b7e6459eed5247ac8b98a5fed81fe27f", + "name": "Reporting Access Review", + "created": "2022-07-28T19:19:40.035Z", + "modified": null, + "description": "A review of everyone's access to the reporting system.", + "deadlineDuration": "P14D", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Search Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": { + "type": "ACCESS", + "description": "Identities with reporting abilities", + "reviewerId": null, + "reviewer": null, + "query": "@access(name: (\"reporter\"))", + "identityIds": null, + "accessConstraints": [] + }, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Search Campaign Review", + "description": "Review everyone's access to the reporting system.", + "deadline": null, + "type": "SEARCH", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "Source Owner": { + "value": { + "id": "b9f41bc69e7a4291b9de0630396d030d", + "name": "AD Source Review", + "created": "2022-08-02T13:40:36.857Z", + "modified": null, + "description": "A review of our AD source.", + "deadlineDuration": "P1M", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Source Owner Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": { + "sourceIds": [ + "2c918084707deba501709d45ce4e5569" + ] + }, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "AD Source Review", + "description": "Review everyone's access.", + "deadline": null, + "type": "SOURCE_OWNER", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "RoleComposition": { + "value": { + "id": "b9f41bc69e7a4291b9de0630396d030d", + "name": "Campaign With Admin Role", + "created": "2022-08-02T13:40:36.857Z", + "modified": null, + "description": "Campaign With Admin Role", + "deadlineDuration": null, + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": null, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": { + "remediatorRef": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "reviewerId": null, + "reviewer": null, + "roleIds": [ + "b15d609fc5c8434b865fe552315fda8f" + ], + "query": null, + "description": null + }, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Campaign With Admin Role", + "description": "Campaign With Admin Role", + "deadline": null, + "type": "ROLE_COMPOSITION", + "status": null, + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchCampaignTemplate", + "tags": [ + "Certification Campaigns" + ], + "summary": "Update a Campaign Template", + "description": "Allows updating individual fields on a campaign template using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the campaign template being modified.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "description": "A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields are patchable:\n* name\n* description\n* deadlineDuration\n* campaign (all fields that are allowed during create)\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + }, + "example": [ + { + "op": "replace", + "path": "/description", + "value": "Updated description!" + }, + { + "op": "replace", + "path": "/campaign/filter/id", + "value": "ff80818155fe8c080155fe8d925b0316" + } + ] + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the template's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Campaign Template", + "properties": { + "id": { + "type": "string", + "description": "Id of the campaign template", + "example": "2c9079b270a266a60170a277bb960008" + }, + "name": { + "type": "string", + "description": "This template's name. Has no bearing on generated campaigns' names.", + "example": "Manager Campaign Template" + }, + "description": { + "type": "string", + "description": "This template's description. Has no bearing on generated campaigns' descriptions.", + "example": "Template for the annual manager campaign." + }, + "created": { + "type": "string", + "description": "Creation date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:44:00.364Z" + }, + "modified": { + "type": "string", + "description": "Modification date of Campaign Template", + "readOnly": true, + "format": "date-time", + "example": "2020-03-05T22:52:09.969Z" + }, + "scheduled": { + "type": "boolean", + "readOnly": true, + "description": "Indicates if this campaign template has been scheduled.", + "example": false + }, + "ownerRef": { + "type": "object", + "description": "The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.", + "properties": { + "id": { + "type": "string", + "description": "Id of the owner", + "example": "2c918086676d3e0601677611dbde220f" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the owner", + "example": "IDENTITY" + }, + "name": { + "type": "string", + "description": "Name of the owner", + "example": "Mister Manager" + }, + "email": { + "type": "string", + "description": "Email of the owner", + "example": "mr.manager@example.com" + } + } + }, + "deadlineDuration": { + "type": "string", + "description": "The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign's deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was \"P2W\" (two weeks), the resulting campaign's deadline would be 2020-01-15 (the current date plus 14 days).", + "example": "P2W" + }, + "campaign": { + "type": "object", + "title": "Campaign", + "allOf": [ + { + "type": "object", + "title": "Slim Campaign", + "required": [ + "name", + "description", + "type" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Id of the campaign", + "example": "2c9079b270a266a60170a2779fcb0007" + }, + "name": { + "description": "The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "type": "string", + "example": "Manager Campaign" + }, + "description": { + "type": "string", + "description": "The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.", + "example": "Everyone needs to be reviewed by their manager" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The campaign's completion deadline.", + "example": "2020-03-15T10:00:01.456Z" + }, + "type": { + "type": "string", + "description": "The type of campaign. Could be extended in the future.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "emailNotificationEnabled": { + "type": "boolean", + "description": "Enables email notification for this campaign", + "example": false + }, + "autoRevokeAllowed": { + "type": "boolean", + "description": "Allows auto revoke for this campaign", + "example": false + }, + "recommendationsEnabled": { + "type": "boolean", + "description": "Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.", + "example": true + }, + "status": { + "type": "string", + "description": "The campaign's current status.", + "readOnly": true, + "enum": [ + "PENDING", + "STAGED", + "CANCELING", + "ACTIVATING", + "ACTIVE", + "COMPLETING", + "COMPLETED", + "ERROR", + "ARCHIVED" + ], + "example": "ACTIVE" + }, + "correlatedStatus": { + "type": "string", + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Created time of the campaign", + "example": "2020-03-03T22:15:13.611Z" + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Modified time of the campaign", + "example": "2020-03-03T22:20:12.674Z" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + }, + "filter": { + "type": "object", + "description": "Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.", + "properties": { + "id": { + "type": "string", + "description": "The ID of whatever type of filter is being used.", + "example": "0fbe863c063c4c88a35fd7f17e8a3df5" + }, + "type": { + "type": "string", + "description": "Type of the filter", + "enum": [ + "CAMPAIGN_FILTER", + "RULE" + ], + "example": "CAMPAIGN_FILTER" + }, + "name": { + "type": "string", + "description": "Name of the filter", + "example": "Test Filter" + } + } + }, + "sunsetCommentsRequired": { + "type": "boolean", + "description": "Determines if comments on sunset date changes are required.", + "default": true, + "example": true + }, + "sourceOwnerCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SOURCE_OWNER.", + "properties": { + "sourceIds": { + "type": "array", + "description": "The list of sources to be included in the campaign.", + "items": { + "type": "string" + }, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + } + } + }, + "searchCampaignInfo": { + "type": "object", + "description": "Must be set only if the campaign type is SEARCH.", + "properties": { + "type": { + "type": "string", + "description": "The type of search campaign represented.", + "enum": [ + "IDENTITY", + "ACCESS" + ], + "example": "ACCESS" + }, + "description": { + "type": "string", + "description": "Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.", + "example": "Search Campaign description" + }, + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "query": { + "type": "string", + "description": "The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.", + "example": "Search Campaign query description" + }, + "identityIds": { + "type": "array", + "description": "A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.", + "items": { + "type": "string" + }, + "maxItems": 1000, + "example": [ + "0fbe863c063c4c88a35fd7f17e8a3df5" + ] + }, + "accessConstraints": { + "type": "array", + "description": "Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ], + "description": "Type of Access", + "example": "ENTITLEMENT" + }, + "ids": { + "description": "Must be set only if operator is SELECTED.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "operator": { + "type": "string", + "enum": [ + "ALL", + "SELECTED" + ], + "description": "Used to determine whether the scope of the campaign should be reduced for selected ids or all.", + "example": "SELECTED" + } + }, + "required": [ + "type", + "operator" + ] + }, + "maxItems": 1000 + } + }, + "required": [ + "type" + ] + }, + "roleCompositionCampaignInfo": { + "type": "object", + "description": "Optional configuration options for role composition campaigns.", + "properties": { + "reviewer": { + "description": "If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object" + } + ] + }, + "roleIds": { + "type": "array", + "description": "Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "items": { + "type": "string" + }, + "example": [ + "2c90ad2a70ace7d50170acf22ca90010" + ] + }, + "remediatorRef": { + "type": "object", + "description": "This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Legal Remediator Type", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the remediator.", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "name": { + "type": "string", + "description": "The name of the remediator.", + "readOnly": true, + "example": "Role Admin" + } + }, + "required": [ + "type", + "id" + ] + }, + "query": { + "type": "string", + "description": "Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.", + "example": "Search Query" + }, + "description": { + "type": "string", + "description": "Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.", + "example": "Role Composition Description" + } + }, + "required": [ + "remediatorRef" + ] + }, + "alerts": { + "type": "array", + "description": "A list of errors and warnings that have accumulated.", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "level": { + "type": "string", + "enum": [ + "ERROR", + "WARN", + "INFO" + ], + "description": "Denotes the level of the message", + "example": "ERROR" + }, + "localizations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + }, + "totalCertifications": { + "type": "integer", + "description": "The total number of certifications in this campaign.", + "readOnly": true, + "example": 100 + }, + "completedCertifications": { + "type": "integer", + "description": "The number of completed certifications in this campaign.", + "readOnly": true, + "example": 10 + }, + "sourcesWithOrphanEntitlements": { + "type": "array", + "description": "A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).", + "readOnly": true, + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the source", + "example": "2c90ad2a70ace7d50170acf22ca90010" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "Source with orphan entitlements" + } + } + } + } + } + } + ] + } + }, + "required": [ + "name", + "description", + "created", + "modified", + "campaign" + ] + }, + "examples": { + "Manager": { + "value": { + "id": "e7dbec99d49349c8951bd84f58a05120", + "name": "Manager Review", + "created": "2022-08-02T19:16:42.632Z", + "modified": null, + "description": "A review of everyone's access by their manager.", + "deadlineDuration": "P14D", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Manager Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Manager Review", + "description": "Review everyone's access.", + "deadline": null, + "type": "MANAGER", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "Search": { + "value": { + "id": "b7e6459eed5247ac8b98a5fed81fe27f", + "name": "Reporting Access Review", + "created": "2022-07-28T19:19:40.035Z", + "modified": null, + "description": "A review of everyone's access to the reporting system.", + "deadlineDuration": "P14D", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Search Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": { + "type": "ACCESS", + "description": "Identities with reporting abilities", + "reviewerId": null, + "reviewer": null, + "query": "@access(name: (\"reporter\"))", + "identityIds": null, + "accessConstraints": [] + }, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Search Campaign Review", + "description": "Review everyone's access to the reporting system.", + "deadline": null, + "type": "SEARCH", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "Source Owner": { + "value": { + "id": "b9f41bc69e7a4291b9de0630396d030d", + "name": "AD Source Review", + "created": "2022-08-02T13:40:36.857Z", + "modified": null, + "description": "A review of our AD source.", + "deadlineDuration": "P1M", + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": { + "type": "CAMPAIGN_FILTER", + "id": "e0adaae69852e8fe8b8a3d48e5ce757c", + "name": "Test Source Owner Filter" + }, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": { + "sourceIds": [ + "2c918084707deba501709d45ce4e5569" + ] + }, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": null, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "AD Source Review", + "description": "Review everyone's access.", + "deadline": null, + "type": "SOURCE_OWNER", + "status": null, + "emailNotificationEnabled": true, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + }, + "RoleComposition": { + "value": { + "id": "b9f41bc69e7a4291b9de0630396d030d", + "name": "Campaign With Admin Role", + "created": "2022-08-02T13:40:36.857Z", + "modified": null, + "description": "Campaign With Admin Role", + "deadlineDuration": null, + "ownerRef": { + "email": "support@testmail.identitysoon.com", + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "scheduled": false, + "campaign": { + "created": null, + "modified": null, + "filter": null, + "sunsetCommentsRequired": true, + "sourceOwnerCampaignInfo": null, + "searchCampaignInfo": null, + "roleCompositionCampaignInfo": { + "remediatorRef": { + "type": "IDENTITY", + "id": "7ec252acbd4245548bc25df22348cb75", + "name": "SailPoint Support" + }, + "reviewerId": null, + "reviewer": null, + "roleIds": [ + "b15d609fc5c8434b865fe552315fda8f" + ], + "query": null, + "description": null + }, + "alerts": null, + "totalCertifications": null, + "completedCertifications": null, + "sourcesWithOrphanEntitlements": null, + "id": null, + "name": "Campaign With Admin Role", + "description": "Campaign With Admin Role", + "deadline": null, + "type": "ROLE_COMPOSITION", + "status": null, + "emailNotificationEnabled": false, + "autoRevokeAllowed": false, + "recommendationsEnabled": false, + "correlatedStatus": "CORRELATED" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteCampaignTemplate", + "tags": [ + "Certification Campaigns" + ], + "summary": "Delete a Campaign Template", + "description": "Deletes a campaign template by ID.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the campaign template being deleted.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "204": { + "description": "The Source was successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaign-templates/{id}/generate": { + "post": { + "operationId": "generateCampaignTemplate", + "tags": [ + "Certification Campaigns" + ], + "summary": "Generate a Campaign from Template", + "description": "Generates a new campaign from a campaign template.\nThe campaign object contained in the template has special formatting applied to its name and description fields in order to determine the generated campaign's name/description. Placeholders in those fields are formatted with the current date and time upon generation.\nPlaceholders consist of a percent sign followed by a letter indicating what should be inserted; for example, \"%Y\" will insert the current year; a campaign template named \"Campaign for %y\" would generate a campaign called \"Campaign for 2020\" (assuming the year at generation time is 2020).\nValid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html).\nRequires roles ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the campaign template to use for generation." + } + ], + "responses": { + "200": { + "description": "Indicates a campaign was successfully generated from this template, and returns a reference to the new campaign.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/campaign-templates/{id}/schedule": { + "get": { + "operationId": "getCampaignTemplateSchedule", + "tags": [ + "Certification Campaigns" + ], + "summary": "Gets a Campaign Template's Schedule", + "description": "Gets the schedule for a campaign template. Returns a 404 if there is no schedule set.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the campaign template whose schedule is being fetched." + } + ], + "responses": { + "200": { + "description": "The current schedule for the campaign template. See the PUT endpoint documentation for more examples.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have 'hours' set, but not 'days'; a WEEKLY schedule can have both 'hours' and 'days' set.", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "ANNUALLY", + "CALENDAR" + ] + }, + "months": { + "type": "object", + "description": "Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples:\n\nOn February and March:\n* type LIST\n* values \"2\", \"3\"\n\nEvery 3 months, starting in January (quarterly):\n* type LIST\n* values \"1\"\n* interval 3\n\nEvery two months between July and December:\n* type RANGE\n* values \"7\", \"12\"\n* interval 2\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "LIST", + "RANGE" + ] + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + }, + "interval": { + "type": "integer" + } + }, + "required": [ + "type", + "values" + ] + }, + "days": { + "type": "object", + "description": "Specifies which day(s) a schedule is active for. This is required for all schedule types except DAILY.\nThe \"values\" field holds different data depending on the type of schedule:\n* WEEKLY: days of the week (1-7)\n* MONTHLY: days of the month (1-31, L, L-1...)\n* ANNUALLY: if the \"months\" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year (\"--12-31\")\n* CALENDAR: ISO-8601 dates (\"2020-12-31\")\n\nNote that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided\nwith ISO-8601 dates without year.\n\nExamples:\n\nOn Sundays:\n* type LIST\n* values \"1\"\n\nThe second to last day of the month:\n* type LIST\n* values \"L-1\"\n\nFrom the 20th to the last day of the month:\n* type RANGE\n* values \"20\", \"L\"\n\nEvery March 2nd:\n* type LIST\n* values \"--03-02\"\n\nOn March 2nd, 2021:\n* type: LIST\n* values \"2021-03-02\"\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "LIST", + "RANGE" + ] + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + }, + "interval": { + "type": "integer" + } + }, + "required": [ + "type", + "values" + ] + }, + "hours": { + "type": "object", + "description": "Specifies which hour(s) a schedule is active for. Examples:\n\nEvery three hours starting from 8AM, inclusive:\n* type LIST\n* values \"8\"\n* interval 3\n\nDuring business hours:\n* type RANGE\n* values \"9\", \"5\"\n\nAt 5AM, noon, and 5PM:\n* type LIST\n* values \"5\", \"12\", \"17\"\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "LIST", + "RANGE" + ] + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + }, + "interval": { + "type": "integer" + } + }, + "required": [ + "type", + "values" + ] + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "Specifies the time after which this schedule will no longer occur." + }, + "timeZoneId": { + "type": "string", + "description": "The time zone to use when running the schedule. For instance, if the schedule is a DAILY schedule that runs at 1AM, and this field is set to \"CST\", the schedule will run at 1AM CST." + } + }, + "required": [ + "type", + "hours" + ], + "example": { + "type": "MONTHLY", + "hours": { + "type": "LIST", + "values": [ + "0" + ] + }, + "days": { + "type": "LIST", + "values": [ + "1" + ] + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "setCampaignTemplateSchedule", + "tags": [ + "Certification Campaigns" + ], + "summary": "Sets a Campaign Template's Schedule", + "description": "Sets the schedule for a campaign template. If a schedule already exists, it will be overwritten with the new one.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the campaign template being scheduled." + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have 'hours' set, but not 'days'; a WEEKLY schedule can have both 'hours' and 'days' set.", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "ANNUALLY", + "CALENDAR" + ] + }, + "months": { + "type": "object", + "description": "Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples:\n\nOn February and March:\n* type LIST\n* values \"2\", \"3\"\n\nEvery 3 months, starting in January (quarterly):\n* type LIST\n* values \"1\"\n* interval 3\n\nEvery two months between July and December:\n* type RANGE\n* values \"7\", \"12\"\n* interval 2\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "LIST", + "RANGE" + ] + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + }, + "interval": { + "type": "integer" + } + }, + "required": [ + "type", + "values" + ] + }, + "days": { + "type": "object", + "description": "Specifies which day(s) a schedule is active for. This is required for all schedule types except DAILY.\nThe \"values\" field holds different data depending on the type of schedule:\n* WEEKLY: days of the week (1-7)\n* MONTHLY: days of the month (1-31, L, L-1...)\n* ANNUALLY: if the \"months\" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year (\"--12-31\")\n* CALENDAR: ISO-8601 dates (\"2020-12-31\")\n\nNote that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided\nwith ISO-8601 dates without year.\n\nExamples:\n\nOn Sundays:\n* type LIST\n* values \"1\"\n\nThe second to last day of the month:\n* type LIST\n* values \"L-1\"\n\nFrom the 20th to the last day of the month:\n* type RANGE\n* values \"20\", \"L\"\n\nEvery March 2nd:\n* type LIST\n* values \"--03-02\"\n\nOn March 2nd, 2021:\n* type: LIST\n* values \"2021-03-02\"\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "LIST", + "RANGE" + ] + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + }, + "interval": { + "type": "integer" + } + }, + "required": [ + "type", + "values" + ] + }, + "hours": { + "type": "object", + "description": "Specifies which hour(s) a schedule is active for. Examples:\n\nEvery three hours starting from 8AM, inclusive:\n* type LIST\n* values \"8\"\n* interval 3\n\nDuring business hours:\n* type RANGE\n* values \"9\", \"5\"\n\nAt 5AM, noon, and 5PM:\n* type LIST\n* values \"5\", \"12\", \"17\"\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "LIST", + "RANGE" + ] + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + }, + "interval": { + "type": "integer" + } + }, + "required": [ + "type", + "values" + ] + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "Specifies the time after which this schedule will no longer occur." + }, + "timeZoneId": { + "type": "string", + "description": "The time zone to use when running the schedule. For instance, if the schedule is a DAILY schedule that runs at 1AM, and this field is set to \"CST\", the schedule will run at 1AM CST." + } + }, + "required": [ + "type", + "hours" + ], + "example": { + "type": "MONTHLY", + "hours": { + "type": "LIST", + "values": [ + "0" + ] + }, + "days": { + "type": "LIST", + "values": [ + "1" + ] + } + } + }, + "examples": { + "Monthly": { + "description": "Runs on the 15th and last day of the month, at 5PM.", + "value": { + "type": "MONTHLY", + "hours": { + "type": "LIST", + "values": [ + "17" + ] + }, + "days": { + "type": "LIST", + "values": [ + "15" + ] + } + } + }, + "Once a year": { + "description": "Runs every January 1st at midnight.", + "value": { + "type": "ANNUALLY", + "hours": { + "type": "LIST", + "values": [ + "0" + ] + }, + "days": { + "type": "LIST", + "values": [ + "--01-01" + ] + } + } + }, + "Quarterly": { + "description": "Runs once a quarter (every 3 months) on the first of the month at 1AM.", + "value": { + "type": "ANNUALLY", + "hours": { + "type": "LIST", + "values": [ + "1" + ] + }, + "days": { + "type": "LIST", + "values": [ + "1" + ] + }, + "months": { + "type": "LIST", + "values": [ + "1" + ], + "interval": 3 + } + } + }, + "Yearly on Specific Days": { + "description": "Runs on March 12 and December 5 at 1AM, every year.", + "value": { + "type": "ANNUALLY", + "hours": { + "type": "LIST", + "values": [ + "1" + ] + }, + "days": { + "type": "LIST", + "values": [ + "--03-12", + "--12-05" + ] + } + } + }, + "On a Specific Date": { + "description": "Runs at 1AM on February 18th, 2020", + "value": { + "type": "CALENDAR", + "hours": { + "type": "LIST", + "values": [ + "1" + ] + }, + "days": { + "type": "LIST", + "values": [ + "2020-02-18" + ] + } + } + } + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteCampaignTemplateSchedule", + "tags": [ + "Certification Campaigns" + ], + "summary": "Deletes a Campaign Template's Schedule", + "description": "Deletes the schedule for a campaign template. Returns a 404 if there is no schedule set.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the campaign template whose schedule is being deleted." + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/reassign-async": { + "post": { + "operationId": "reassignIdentityCertsAsync", + "tags": [ + "Certifications" + ], + "summary": "Reassign Certifications Asynchronously", + "description": "This API initiates a task to reassign up to 500 identities or items in an identity campaign certification to another reviewer. The `certification-tasks` API can be used to get an updated status on the task and determine when the reassignment is complete. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "reassign": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of item or identity being reassigned.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "type": { + "type": "string", + "description": "The type of item or identity being reassigned.", + "enum": [ + "TARGET_SUMMARY", + "ITEM", + "IDENTITY_SUMMARY" + ], + "example": "ITEM" + } + }, + "required": [ + "id", + "type" + ] + } + }, + "reassignTo": { + "type": "string", + "description": "The ID of the identity to which the certification is reassigned", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "reason": { + "type": "string", + "description": "The reason comment for why the reassign was made", + "example": "reassigned for some reason" + } + }, + "required": [ + "reassign", + "reassignTo", + "reason" + ] + } + } + } + }, + "responses": { + "200": { + "description": "A certification task object for the reassignment which can be queried for status.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The task id", + "example": "abcd-ef12-3456" + }, + "certificationId": { + "type": "string", + "description": "The certification id", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "type": { + "type": "string", + "enum": [ + "REASSIGN" + ] + }, + "status": { + "type": "string", + "enum": [ + "QUEUED", + "IN_PROGRESS", + "SUCCESS", + "ERROR" + ] + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Any errors executing the task (Optional).", + "example": [] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/tasks/{taskId}": { + "get": { + "operationId": "getIdentityCertificationTaskStatus", + "tags": [ + "Certifications" + ], + "summary": "Certification Task Status", + "description": "This API returns the status of a certification task. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID" + }, + { + "in": "path", + "name": "taskId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The certification task ID" + } + ], + "responses": { + "200": { + "description": "A certification task object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The task id", + "example": "abcd-ef12-3456" + }, + "certificationId": { + "type": "string", + "description": "The certification id", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "type": { + "type": "string", + "enum": [ + "REASSIGN" + ] + }, + "status": { + "type": "string", + "enum": [ + "QUEUED", + "IN_PROGRESS", + "SUCCESS", + "ERROR" + ] + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Any errors executing the task (Optional).", + "example": [] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/tasks-pending": { + "get": { + "operationId": "getIdentityCertificationPendingTasks", + "tags": [ + "Certifications" + ], + "summary": "Pending Certification Tasks", + "description": "This API returns the status of all pending (`QUEUED` or `IN_PROGRESS`) tasks for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID" + } + ], + "responses": { + "200": { + "description": "A list of pending (`QUEUED` or `IN_PROGRESS`) certification task objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The task id", + "example": "abcd-ef12-3456" + }, + "certificationId": { + "type": "string", + "description": "The certification id", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "type": { + "type": "string", + "enum": [ + "REASSIGN" + ] + }, + "status": { + "type": "string", + "enum": [ + "QUEUED", + "IN_PROGRESS", + "SUCCESS", + "ERROR" + ] + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Any errors executing the task (Optional).", + "example": [] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{certificationId}/access-review-items/{itemId}/permissions": { + "get": { + "operationId": "getIdentityCertificationItemPermissions", + "tags": [ + "Certifications" + ], + "summary": "Permissions for Entitlement Certification Item", + "description": "This API returns the permissions associated with an entitlement certification item based on the certification item's ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nSupported fields and primitive operators:\n\n**target**: *eq, sw*\n\n**rights**: *ca*\n\nSupported composite operators:\n\n*and, or*\n\nAll field values (second filter operands) are case-insensitive for this API.\n\nOnly a single *and* or *or* composite filter operator may be used. It must also be used between a target filter and a rights filter, not between 2 filters for the same field.\nFor example,\n\nThe following is valid:\n*?filters=rights+ca+(%22CREATE%22)+and+target+eq+%22SYS.OBJAUTH2%22*\n\nThe following is invalid:\n*?filters=rights+ca+(%22CREATE%22)+and+rights+ca+(%SELECT%22)*" + }, + { + "in": "path", + "name": "certificationId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "itemId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The certification item ID", + "example": "2c91808671bcbab40171bd945d961227" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "A list of permissions associated with the given itemId", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/reviewers": { + "get": { + "operationId": "listCertificationReviewers", + "tags": [ + "Certifications" + ], + "summary": "List of Reviewers for the certification", + "description": "This API returns a list of reviewers for the certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators (Filtering is done by reviewer's fields):\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**email**: *eq, sw*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, email**" + } + ], + "responses": { + "200": { + "description": "A list of reviewers", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/connector-rules": { + "get": { + "tags": [ + "Connector Rule Management" + ], + "operationId": "getConnectorRuleList", + "summary": "List Connector Rules", + "description": "Returns the list of connector rules.\nA token with ORG_ADMIN authority is required to call this API.", + "responses": { + "200": { + "description": "A list of connector rules", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "description": "ConnectorRuleResponse", + "allOf": [ + { + "description": "ConnectorRuleCreateRequest", + "type": "object", + "required": [ + "name", + "type", + "sourceCode" + ], + "properties": { + "name": { + "type": "string", + "description": "the name of the rule", + "example": "WebServiceBeforeOperationRule", + "minLength": 1, + "maxLength": 128 + }, + "description": { + "type": "string", + "description": "a description of the rule's purpose", + "example": "This rule does that" + }, + "type": { + "type": "string", + "enum": [ + "BuildMap", + "ConnectorAfterCreate", + "ConnectorAfterDelete", + "ConnectorAfterModify", + "ConnectorBeforeCreate", + "ConnectorBeforeDelete", + "ConnectorBeforeModify", + "JDBCBuildMap", + "JDBCOperationProvisioning", + "JDBCProvision", + "PeopleSoftHRMSBuildMap", + "PeopleSoftHRMSOperationProvisioning", + "PeopleSoftHRMSProvision", + "RACFPermissionCustomization", + "SAPBuildMap", + "SapHrManagerRule", + "SapHrOperationProvisioning", + "SapHrProvision", + "SuccessFactorsOperationProvisioning", + "WebServiceAfterOperationRule", + "WebServiceBeforeOperationRule" + ], + "description": "the type of rule", + "example": "BuildMap" + }, + "signature": { + "description": "The rule's function signature. Describes the rule's input arguments and output (if any)", + "type": "object", + "required": [ + "input" + ], + "properties": { + "input": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + }, + "output": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + } + }, + "sourceCode": { + "description": "SourceCode", + "type": "object", + "required": [ + "version", + "script" + ], + "properties": { + "version": { + "type": "string", + "description": "the version of the code", + "example": "1.0" + }, + "script": { + "type": "string", + "description": "The code", + "example": "return \"Mr. \" + firstName;" + } + } + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "a map of string to objects", + "example": {} + } + } + }, + { + "type": "object", + "nullable": true, + "required": [ + "id", + "created" + ], + "properties": { + "id": { + "type": "string", + "description": "the ID of the rule", + "example": "8113d48c0b914f17b4c6072d4dcb9dfe" + }, + "created": { + "type": "string", + "description": "an ISO 8601 UTC timestamp when this rule was created", + "example": "021-07-22T15:59:23Z" + }, + "modified": { + "type": "string", + "nullable": true, + "description": "an ISO 8601 UTC timestamp when this rule was last modified", + "example": "021-07-22T15:59:23Z" + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:rule-management-connector:read", + "idn:rule-management-connector:manage" + ] + } + ] + }, + "post": { + "tags": [ + "Connector Rule Management" + ], + "operationId": "createConnectorRule", + "summary": "Create Connector Rule", + "description": "Creates a new connector rule.\nA token with ORG_ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "description": "The connector rule to create", + "content": { + "application/json": { + "schema": { + "description": "ConnectorRuleCreateRequest", + "type": "object", + "required": [ + "name", + "type", + "sourceCode" + ], + "properties": { + "name": { + "type": "string", + "description": "the name of the rule", + "example": "WebServiceBeforeOperationRule", + "minLength": 1, + "maxLength": 128 + }, + "description": { + "type": "string", + "description": "a description of the rule's purpose", + "example": "This rule does that" + }, + "type": { + "type": "string", + "enum": [ + "BuildMap", + "ConnectorAfterCreate", + "ConnectorAfterDelete", + "ConnectorAfterModify", + "ConnectorBeforeCreate", + "ConnectorBeforeDelete", + "ConnectorBeforeModify", + "JDBCBuildMap", + "JDBCOperationProvisioning", + "JDBCProvision", + "PeopleSoftHRMSBuildMap", + "PeopleSoftHRMSOperationProvisioning", + "PeopleSoftHRMSProvision", + "RACFPermissionCustomization", + "SAPBuildMap", + "SapHrManagerRule", + "SapHrOperationProvisioning", + "SapHrProvision", + "SuccessFactorsOperationProvisioning", + "WebServiceAfterOperationRule", + "WebServiceBeforeOperationRule" + ], + "description": "the type of rule", + "example": "BuildMap" + }, + "signature": { + "description": "The rule's function signature. Describes the rule's input arguments and output (if any)", + "type": "object", + "required": [ + "input" + ], + "properties": { + "input": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + }, + "output": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + } + }, + "sourceCode": { + "description": "SourceCode", + "type": "object", + "required": [ + "version", + "script" + ], + "properties": { + "version": { + "type": "string", + "description": "the version of the code", + "example": "1.0" + }, + "script": { + "type": "string", + "description": "The code", + "example": "return \"Mr. \" + firstName;" + } + } + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "a map of string to objects", + "example": {} + } + } + } + } + } + }, + "responses": { + "201": { + "description": "The created connector rule", + "content": { + "application/json": { + "schema": { + "description": "ConnectorRuleResponse", + "allOf": [ + { + "description": "ConnectorRuleCreateRequest", + "type": "object", + "required": [ + "name", + "type", + "sourceCode" + ], + "properties": { + "name": { + "type": "string", + "description": "the name of the rule", + "example": "WebServiceBeforeOperationRule", + "minLength": 1, + "maxLength": 128 + }, + "description": { + "type": "string", + "description": "a description of the rule's purpose", + "example": "This rule does that" + }, + "type": { + "type": "string", + "enum": [ + "BuildMap", + "ConnectorAfterCreate", + "ConnectorAfterDelete", + "ConnectorAfterModify", + "ConnectorBeforeCreate", + "ConnectorBeforeDelete", + "ConnectorBeforeModify", + "JDBCBuildMap", + "JDBCOperationProvisioning", + "JDBCProvision", + "PeopleSoftHRMSBuildMap", + "PeopleSoftHRMSOperationProvisioning", + "PeopleSoftHRMSProvision", + "RACFPermissionCustomization", + "SAPBuildMap", + "SapHrManagerRule", + "SapHrOperationProvisioning", + "SapHrProvision", + "SuccessFactorsOperationProvisioning", + "WebServiceAfterOperationRule", + "WebServiceBeforeOperationRule" + ], + "description": "the type of rule", + "example": "BuildMap" + }, + "signature": { + "description": "The rule's function signature. Describes the rule's input arguments and output (if any)", + "type": "object", + "required": [ + "input" + ], + "properties": { + "input": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + }, + "output": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + } + }, + "sourceCode": { + "description": "SourceCode", + "type": "object", + "required": [ + "version", + "script" + ], + "properties": { + "version": { + "type": "string", + "description": "the version of the code", + "example": "1.0" + }, + "script": { + "type": "string", + "description": "The code", + "example": "return \"Mr. \" + firstName;" + } + } + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "a map of string to objects", + "example": {} + } + } + }, + { + "type": "object", + "nullable": true, + "required": [ + "id", + "created" + ], + "properties": { + "id": { + "type": "string", + "description": "the ID of the rule", + "example": "8113d48c0b914f17b4c6072d4dcb9dfe" + }, + "created": { + "type": "string", + "description": "an ISO 8601 UTC timestamp when this rule was created", + "example": "021-07-22T15:59:23Z" + }, + "modified": { + "type": "string", + "nullable": true, + "description": "an ISO 8601 UTC timestamp when this rule was last modified", + "example": "021-07-22T15:59:23Z" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:rule-management-connector:manage" + ] + } + ] + } + }, + "/connector-rules/{id}": { + "get": { + "tags": [ + "Connector Rule Management" + ], + "summary": "Connector-Rule by ID", + "operationId": "getConnectorRule", + "description": "Returns the connector rule specified by ID.\nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the connector rule to retrieve", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string" + }, + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Connector rule with the given ID", + "content": { + "application/json": { + "schema": { + "description": "ConnectorRuleResponse", + "allOf": [ + { + "description": "ConnectorRuleCreateRequest", + "type": "object", + "required": [ + "name", + "type", + "sourceCode" + ], + "properties": { + "name": { + "type": "string", + "description": "the name of the rule", + "example": "WebServiceBeforeOperationRule", + "minLength": 1, + "maxLength": 128 + }, + "description": { + "type": "string", + "description": "a description of the rule's purpose", + "example": "This rule does that" + }, + "type": { + "type": "string", + "enum": [ + "BuildMap", + "ConnectorAfterCreate", + "ConnectorAfterDelete", + "ConnectorAfterModify", + "ConnectorBeforeCreate", + "ConnectorBeforeDelete", + "ConnectorBeforeModify", + "JDBCBuildMap", + "JDBCOperationProvisioning", + "JDBCProvision", + "PeopleSoftHRMSBuildMap", + "PeopleSoftHRMSOperationProvisioning", + "PeopleSoftHRMSProvision", + "RACFPermissionCustomization", + "SAPBuildMap", + "SapHrManagerRule", + "SapHrOperationProvisioning", + "SapHrProvision", + "SuccessFactorsOperationProvisioning", + "WebServiceAfterOperationRule", + "WebServiceBeforeOperationRule" + ], + "description": "the type of rule", + "example": "BuildMap" + }, + "signature": { + "description": "The rule's function signature. Describes the rule's input arguments and output (if any)", + "type": "object", + "required": [ + "input" + ], + "properties": { + "input": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + }, + "output": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + } + }, + "sourceCode": { + "description": "SourceCode", + "type": "object", + "required": [ + "version", + "script" + ], + "properties": { + "version": { + "type": "string", + "description": "the version of the code", + "example": "1.0" + }, + "script": { + "type": "string", + "description": "The code", + "example": "return \"Mr. \" + firstName;" + } + } + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "a map of string to objects", + "example": {} + } + } + }, + { + "type": "object", + "nullable": true, + "required": [ + "id", + "created" + ], + "properties": { + "id": { + "type": "string", + "description": "the ID of the rule", + "example": "8113d48c0b914f17b4c6072d4dcb9dfe" + }, + "created": { + "type": "string", + "description": "an ISO 8601 UTC timestamp when this rule was created", + "example": "021-07-22T15:59:23Z" + }, + "modified": { + "type": "string", + "nullable": true, + "description": "an ISO 8601 UTC timestamp when this rule was last modified", + "example": "021-07-22T15:59:23Z" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:rule-management-connector:read", + "idn:rule-management-connector:manage" + ] + } + ] + }, + "put": { + "tags": [ + "Connector Rule Management" + ], + "summary": "Update a Connector Rule", + "description": "Updates an existing connector rule with the one provided in the request body. Note that the fields 'id', 'name', and 'type' are immutable.\nA token with ORG_ADMIN authority is required to call this API.", + "operationId": "updateConnectorRule", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the connector rule to update", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string" + }, + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "requestBody": { + "description": "The connector rule with updated data", + "content": { + "application/json": { + "schema": { + "description": "ConnectorRuleUpdateRequest", + "allOf": [ + { + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "the ID of the rule to update", + "example": "8113d48c0b914f17b4c6072d4dcb9dfe" + } + } + }, + { + "description": "ConnectorRuleCreateRequest", + "type": "object", + "required": [ + "name", + "type", + "sourceCode" + ], + "properties": { + "name": { + "type": "string", + "description": "the name of the rule", + "example": "WebServiceBeforeOperationRule", + "minLength": 1, + "maxLength": 128 + }, + "description": { + "type": "string", + "description": "a description of the rule's purpose", + "example": "This rule does that" + }, + "type": { + "type": "string", + "enum": [ + "BuildMap", + "ConnectorAfterCreate", + "ConnectorAfterDelete", + "ConnectorAfterModify", + "ConnectorBeforeCreate", + "ConnectorBeforeDelete", + "ConnectorBeforeModify", + "JDBCBuildMap", + "JDBCOperationProvisioning", + "JDBCProvision", + "PeopleSoftHRMSBuildMap", + "PeopleSoftHRMSOperationProvisioning", + "PeopleSoftHRMSProvision", + "RACFPermissionCustomization", + "SAPBuildMap", + "SapHrManagerRule", + "SapHrOperationProvisioning", + "SapHrProvision", + "SuccessFactorsOperationProvisioning", + "WebServiceAfterOperationRule", + "WebServiceBeforeOperationRule" + ], + "description": "the type of rule", + "example": "BuildMap" + }, + "signature": { + "description": "The rule's function signature. Describes the rule's input arguments and output (if any)", + "type": "object", + "required": [ + "input" + ], + "properties": { + "input": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + }, + "output": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + } + }, + "sourceCode": { + "description": "SourceCode", + "type": "object", + "required": [ + "version", + "script" + ], + "properties": { + "version": { + "type": "string", + "description": "the version of the code", + "example": "1.0" + }, + "script": { + "type": "string", + "description": "The code", + "example": "return \"Mr. \" + firstName;" + } + } + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "a map of string to objects", + "example": {} + } + } + } + ] + } + } + } + }, + "responses": { + "200": { + "description": "The updated connector rule", + "content": { + "application/json": { + "schema": { + "description": "ConnectorRuleResponse", + "allOf": [ + { + "description": "ConnectorRuleCreateRequest", + "type": "object", + "required": [ + "name", + "type", + "sourceCode" + ], + "properties": { + "name": { + "type": "string", + "description": "the name of the rule", + "example": "WebServiceBeforeOperationRule", + "minLength": 1, + "maxLength": 128 + }, + "description": { + "type": "string", + "description": "a description of the rule's purpose", + "example": "This rule does that" + }, + "type": { + "type": "string", + "enum": [ + "BuildMap", + "ConnectorAfterCreate", + "ConnectorAfterDelete", + "ConnectorAfterModify", + "ConnectorBeforeCreate", + "ConnectorBeforeDelete", + "ConnectorBeforeModify", + "JDBCBuildMap", + "JDBCOperationProvisioning", + "JDBCProvision", + "PeopleSoftHRMSBuildMap", + "PeopleSoftHRMSOperationProvisioning", + "PeopleSoftHRMSProvision", + "RACFPermissionCustomization", + "SAPBuildMap", + "SapHrManagerRule", + "SapHrOperationProvisioning", + "SapHrProvision", + "SuccessFactorsOperationProvisioning", + "WebServiceAfterOperationRule", + "WebServiceBeforeOperationRule" + ], + "description": "the type of rule", + "example": "BuildMap" + }, + "signature": { + "description": "The rule's function signature. Describes the rule's input arguments and output (if any)", + "type": "object", + "required": [ + "input" + ], + "properties": { + "input": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + }, + "output": { + "type": "object", + "nullable": true, + "properties": { + "name": { + "type": "string", + "description": "the name of the argument", + "example": "firstName" + }, + "description": { + "type": "string", + "description": "the description of the argument", + "example": "the first name of the identity" + }, + "type": { + "type": "string", + "nullable": true, + "description": "the programmatic type of the argument", + "example": "String" + } + }, + "required": [ + "name" + ] + } + } + }, + "sourceCode": { + "description": "SourceCode", + "type": "object", + "required": [ + "version", + "script" + ], + "properties": { + "version": { + "type": "string", + "description": "the version of the code", + "example": "1.0" + }, + "script": { + "type": "string", + "description": "The code", + "example": "return \"Mr. \" + firstName;" + } + } + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "a map of string to objects", + "example": {} + } + } + }, + { + "type": "object", + "nullable": true, + "required": [ + "id", + "created" + ], + "properties": { + "id": { + "type": "string", + "description": "the ID of the rule", + "example": "8113d48c0b914f17b4c6072d4dcb9dfe" + }, + "created": { + "type": "string", + "description": "an ISO 8601 UTC timestamp when this rule was created", + "example": "021-07-22T15:59:23Z" + }, + "modified": { + "type": "string", + "nullable": true, + "description": "an ISO 8601 UTC timestamp when this rule was last modified", + "example": "021-07-22T15:59:23Z" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:rule-management-connector:manage" + ] + } + ] + }, + "delete": { + "tags": [ + "Connector Rule Management" + ], + "summary": "Delete a Connector-Rule", + "description": "Deletes the connector rule specified by the given ID.\nA token with ORG_ADMIN authority is required to call this API.", + "operationId": "deleteConnectorRule", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the connector rule to delete", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string" + }, + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:rule-management-connector:manage" + ] + } + ] + } + }, + "/connector-rules/validate": { + "post": { + "tags": [ + "Connector Rule Management" + ], + "operationId": "validateConnectorRule", + "summary": "Validate Connector Rule", + "description": "Returns a list of issues within the code to fix, if any.\nA token with ORG_ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "description": "The code to validate", + "content": { + "application/json": { + "schema": { + "description": "SourceCode", + "type": "object", + "required": [ + "version", + "script" + ], + "properties": { + "version": { + "type": "string", + "description": "the version of the code", + "example": "1.0" + }, + "script": { + "type": "string", + "description": "The code", + "example": "return \"Mr. \" + firstName;" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The status of the code's eligibility as a connector rule", + "content": { + "application/json": { + "schema": { + "description": "ConnectorRuleValidationResponse", + "type": "object", + "required": [ + "state", + "details" + ], + "properties": { + "state": { + "type": "string", + "enum": [ + "OK", + "ERROR" + ], + "example": "ERROR" + }, + "details": { + "type": "array", + "items": { + "description": "CodeErrorDetail", + "type": "object", + "required": [ + "line", + "column", + "message" + ], + "properties": { + "line": { + "type": "integer", + "description": "The line number where the issue occurred", + "example": 2 + }, + "column": { + "type": "integer", + "description": "the column number where the issue occurred", + "example": 5 + }, + "messsage": { + "type": "string", + "description": "a description of the issue in the code", + "example": "Remove reference to .decrypt(" + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:rule-management-connector:read", + "idn:rule-management-connector:manage" + ] + } + ] + } + }, + "/connectors": { + "get": { + "tags": [ + "Connectors" + ], + "operationId": "getConnectorList", + "summary": "Gets connector list", + "description": "Fetches list of connectors that have 'RELEASED' status using filtering and pagination.\nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n\n**name**: *sw*\n\n**type**: *eq*\n\n**directConnect**: *eq*", + "example": "directConnect eq \"true\"" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "locale", + "schema": { + "type": "string", + "enum": [ + "de", + "no", + "fi", + "sv", + "ru", + "pt", + "ko", + "zh-TW", + "en", + "it", + "fr", + "zh-CN", + "hu", + "es", + "cs", + "ja", + "pl", + "da", + "nl" + ], + "example": "de" + }, + "description": "The locale to apply to the config. If no viable locale is given, it will default to \"en\"" + } + ], + "responses": { + "200": { + "description": "A Connector Dto object", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The connector name", + "example": "name" + }, + "type": { + "type": "string", + "description": "The connector type", + "example": "ServiceNow" + }, + "scriptName": { + "type": "string", + "description": "The connector script name", + "example": "servicenow" + }, + "directConnect": { + "type": "boolean", + "description": "true if the source is a direct connect source", + "example": true + }, + "connectorMetadata": { + "type": "object", + "description": "Object containing metadata pertinent to the UI to be used", + "example": { + "supportedUI": "EXTJS", + "platform": "ccg", + "shortDesc": "connector description" + } + }, + "status": { + "type": "string", + "description": "The connector status", + "example": "RELEASED" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/custom-password-instructions": { + "post": { + "operationId": "createCustomPasswordInstructions", + "tags": [ + "Custom Password Instructions" + ], + "summary": "Create Custom Password Instructions", + "description": "This API creates the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "pageId": { + "type": "string", + "description": "The page ID that represents the page for forget user name, reset password and unlock account flow.", + "enum": [ + "change-password:enter-password", + "change-password:finish", + "flow-selection:select", + "forget-username:user-email", + "mfa:enter-code", + "mfa:enter-kba", + "mfa:select", + "reset-password:enter-password", + "reset-password:enter-username", + "reset-password:finish", + "unlock-account:enter-username", + "unlock-account:finish" + ] + }, + "pageContent": { + "type": "string", + "description": "The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to \"_blank\" like this: link. This will open a new tab when the link is clicked. Notice we're only supporting _blank as the redirection target." + }, + "locale": { + "type": "string", + "example": "en", + "description": "The locale for the custom instructions, a BCP47 language tag. The default value is \\\"default\\\"." + } + } + }, + "example": { + "pageId": "reset-password:enter-password", + "pageContent": "See company password policies for details by clicking here" + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the custom password instructions.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "pageId": { + "type": "string", + "description": "The page ID that represents the page for forget user name, reset password and unlock account flow.", + "enum": [ + "change-password:enter-password", + "change-password:finish", + "flow-selection:select", + "forget-username:user-email", + "mfa:enter-code", + "mfa:enter-kba", + "mfa:select", + "reset-password:enter-password", + "reset-password:enter-username", + "reset-password:finish", + "unlock-account:enter-username", + "unlock-account:finish" + ] + }, + "pageContent": { + "type": "string", + "description": "The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to \"_blank\" like this: link. This will open a new tab when the link is clicked. Notice we're only supporting _blank as the redirection target." + }, + "locale": { + "type": "string", + "example": "en", + "description": "The locale for the custom instructions, a BCP47 language tag. The default value is \\\"default\\\"." + } + } + }, + "example": { + "pageId": "reset-password:enter-password", + "locale": "default", + "pageContent": "See company password policies for details by clicking here" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/custom-password-instructions/{pageId}": { + "get": { + "operationId": "getCustomPasswordInstructions", + "tags": [ + "Custom Password Instructions" + ], + "summary": "Get Custom Password Instructions by Page ID", + "description": "This API returns the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "pageId", + "schema": { + "type": "string", + "enum": [ + "change-password:enter-password", + "change-password:finish", + "flow-selection:select", + "forget-username:user-email", + "mfa:enter-code", + "mfa:enter-kba", + "mfa:select", + "reset-password:enter-password", + "reset-password:enter-username", + "reset-password:finish", + "unlock-account:enter-username", + "unlock-account:finish" + ] + }, + "required": true, + "description": "The page ID of custom password instructions to query.", + "example": "mfa:select" + }, + { + "in": "query", + "name": "locale", + "schema": { + "type": "string" + }, + "description": "The locale for the custom instructions, a BCP47 language tag. The default value is \\\"default\\\"." + } + ], + "responses": { + "200": { + "description": "Reference to the custom password instructions.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "pageId": { + "type": "string", + "description": "The page ID that represents the page for forget user name, reset password and unlock account flow.", + "enum": [ + "change-password:enter-password", + "change-password:finish", + "flow-selection:select", + "forget-username:user-email", + "mfa:enter-code", + "mfa:enter-kba", + "mfa:select", + "reset-password:enter-password", + "reset-password:enter-username", + "reset-password:finish", + "unlock-account:enter-username", + "unlock-account:finish" + ] + }, + "pageContent": { + "type": "string", + "description": "The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like ... clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to \"_blank\" like this: link. This will open a new tab when the link is clicked. Notice we're only supporting _blank as the redirection target." + }, + "locale": { + "type": "string", + "example": "en", + "description": "The locale for the custom instructions, a BCP47 language tag. The default value is \\\"default\\\"." + } + } + }, + "example": { + "pageId": "reset-password:enter-password", + "locale": "default", + "pageContent": "See company password policies for details by clicking here" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteCustomPasswordInstructions", + "tags": [ + "Custom Password Instructions" + ], + "summary": "Delete Custom Password Instructions by page ID", + "description": "This API delete the custom password instructions for the specified page ID. A token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "pageId", + "schema": { + "type": "string", + "enum": [ + "change-password:enter-password", + "change-password:finish", + "flow-selection:select", + "forget-username:user-email", + "mfa:enter-code", + "mfa:enter-kba", + "mfa:select", + "reset-password:enter-password", + "reset-password:enter-username", + "reset-password:finish", + "unlock-account:enter-username", + "unlock-account:finish" + ] + }, + "required": true, + "description": "The page ID of custom password instructions to delete.", + "example": "mfa:select" + }, + { + "in": "query", + "name": "locale", + "schema": { + "type": "string" + }, + "description": "The locale for the custom instructions, a BCP47 language tag. The default value is \\\"default\\\"." + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/entitlements": { + "get": { + "operationId": "listEntitlements", + "tags": [ + "Entitlements" + ], + "summary": "Gets a list of entitlements.", + "security": [ + { + "oauth2": [ + "idn:entitlement:read", + "idn:entitlement:manage" + ] + } + ], + "description": "This API returns a list of entitlements.\n\nThis API can be used in one of the two following ways: either getting entitlements for a specific **account-id**, or getting via use of **filters** (those two options are exclusive).\n\nAny authenticated token can call this API.", + "parameters": [ + { + "in": "query", + "name": "account-id", + "schema": { + "type": "string" + }, + "description": "The account ID. If specified, returns only entitlements associated with the given Account. Can not be specified with the **filters**, **segmented-for-identity**, **for-segment-ids**, or **include-unsegmented** param(s).", + "example": "ef38f94347e94562b5bb8424a56397d8", + "required": false + }, + { + "in": "query", + "name": "segmented-for-identity", + "schema": { + "type": "string" + }, + "description": "If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. By convention, the value **me** can stand in for the current user's Identity ID.\nCan not be specified with the **account-id** or **for-segment-ids** param(s). It is also illegal to specify a value that refers to a different user's Identity.", + "example": "me", + "required": false + }, + { + "in": "query", + "name": "for-segment-ids", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\nCan not be specified with the **account-id** or **segmented-for-identity** param(s).", + "example": "041727d4-7d95-4779-b891-93cf41e98249,a378c9fa-bae5-494c-804e-a1e30f69f649", + "required": false + }, + { + "in": "query", + "name": "include-unsegmented", + "schema": { + "type": "boolean", + "default": true + }, + "description": "Whether or not the response list should contain unsegmented Entitlements. If **for-segment-ids** and **segmented-for-identity** are both absent or empty, specifying **include-unsegmented=false** results in an error.", + "example": true, + "required": false + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id**", + "example": "name,-modified", + "required": false, + "style": "form", + "explode": true + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n\n**type**: *eq, in*\n\n**attribute**: *eq, in*\n\n**value**: *eq, in, sw*\n\n**source.id**: *eq, in*\n\n**requestable**: *eq*\n**created**: *gt, lt, ge, le*\n**modified**: *gt, lt, ge, le*", + "example": "attribute eq \"memberOf\"", + "required": false, + "style": "form", + "explode": true + } + ], + "responses": { + "200": { + "description": "List of entitlements", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The entitlement id", + "example": "2c91808874ff91550175097daaec161c" + }, + "name": { + "type": "string", + "description": "The entitlement name", + "example": "LauncherTest2" + }, + "attribute": { + "type": "string", + "description": "The entitlement attribute name", + "example": "memberOf" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The object type of the entitlement from the source schema", + "example": "group" + }, + "description": { + "type": "string", + "description": "The description of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "privileged": { + "type": "boolean", + "description": "True if the entitlement is privileged", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": true + }, + "created": { + "type": "string", + "description": "Time when the entitlement was created", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "modified": { + "type": "string", + "description": "Time when the entitlement was last modified", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The source ID", + "example": "2c9180827ca885d7017ca8ce28a000eb" + }, + "type": { + "type": "string", + "description": "The source type, will always be \"SOURCE\"", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The source name", + "example": "ODS-AD-Source" + } + } + }, + "attributes": { + "type": "object", + "description": "A map of free-form key-value pairs from the source system", + "example": { + "fieldName": "fieldValue" + }, + "additionalProperties": true + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Entitlement is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "directPermissions": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + }, + "owner": { + "type": "object", + "description": "Simplified DTO for the owner object of the entitlement", + "properties": { + "id": { + "type": "string", + "description": "The owner id for the entitlement", + "example": "2a2fdacca5e345f18bf7970cfbb8fec2" + }, + "name": { + "type": "string", + "description": "The owner name for the entitlement", + "example": "identity 1" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the owner. Initially only type IDENTITY is supported", + "example": "IDENTITY" + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/entitlements/{id}": { + "get": { + "operationId": "getEntitlement", + "tags": [ + "Entitlements" + ], + "summary": "Get an entitlement", + "description": "This API returns an entitlement by its ID.", + "security": [ + { + "oauth2": [ + "idn:entitlement:read", + "idn:entitlement:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The entitlement ID", + "example": "2c91808874ff91550175097daaec161c" + } + ], + "responses": { + "200": { + "description": "An entitlement", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The entitlement id", + "example": "2c91808874ff91550175097daaec161c" + }, + "name": { + "type": "string", + "description": "The entitlement name", + "example": "LauncherTest2" + }, + "attribute": { + "type": "string", + "description": "The entitlement attribute name", + "example": "memberOf" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The object type of the entitlement from the source schema", + "example": "group" + }, + "description": { + "type": "string", + "description": "The description of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "privileged": { + "type": "boolean", + "description": "True if the entitlement is privileged", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": true + }, + "created": { + "type": "string", + "description": "Time when the entitlement was created", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "modified": { + "type": "string", + "description": "Time when the entitlement was last modified", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The source ID", + "example": "2c9180827ca885d7017ca8ce28a000eb" + }, + "type": { + "type": "string", + "description": "The source type, will always be \"SOURCE\"", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The source name", + "example": "ODS-AD-Source" + } + } + }, + "attributes": { + "type": "object", + "description": "A map of free-form key-value pairs from the source system", + "example": { + "fieldName": "fieldValue" + }, + "additionalProperties": true + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Entitlement is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "directPermissions": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + }, + "owner": { + "type": "object", + "description": "Simplified DTO for the owner object of the entitlement", + "properties": { + "id": { + "type": "string", + "description": "The owner id for the entitlement", + "example": "2a2fdacca5e345f18bf7970cfbb8fec2" + }, + "name": { + "type": "string", + "description": "The owner name for the entitlement", + "example": "identity 1" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the owner. Initially only type IDENTITY is supported", + "example": "IDENTITY" + } + } + } + } + }, + "example": { + "sourceSchemaObjectType": "group", + "attribute": "memberOf", + "attributes": { + "GroupType": "Security", + "sAMAccountName": "LauncherTest1", + "GroupScope": "Global", + "objectguid": "{01a6e70b-9705-4155-a5c6-492a9bcc8c64}", + "objectSid": "S-1-5-21-3585869415-1648031554-2909195034-1633", + "cn": "LauncherTest1", + "msDS-PrincipalName": "AUTOMATIONAD\\LauncherTest1" + }, + "value": "CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local", + "description": "some description", + "privileged": false, + "cloudGoverned": false, + "source": { + "type": "SOURCE", + "id": "2c9180877504c40e0175097d5ce707c8", + "name": "EndToEnd-ADSource" + }, + "owner": { + "id": "2c9180858315595501831958427e5424", + "name": "Addie Smith", + "type": "IDENTITY" + }, + "id": "2c91808c74ff913f0175097daa9d59cd", + "name": "LauncherTest1", + "created": "2020-10-08T18:33:52.029Z", + "modified": "2021-01-19T16:53:35.707Z" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchEntitlement", + "tags": [ + "Entitlements" + ], + "summary": "Patch an entitlement", + "description": "This API updates an existing entitlement using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.\n\nThe following fields are patchable: **requestable**, **privileged**, **segments**, **owner**.\n\nWhen you're patching owner, only owner type and owner id must be provided. Owner name is optional, and it won't be modified. If the owner name is provided, it should correspond to the real name. The only owner type currently supported is IDENTITY.\n\nA token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:entitlement:manage" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the entitlement to patch", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121e121518" + } + } + ], + "requestBody": { + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + }, + "example": [ + { + "op": "replace", + "path": "/requestable", + "value": true + } + ] + }, + "examples": { + "Make an entitlement requestable and privileged in one call": { + "description": "This example shows how multiple fields may be updated with a single patch call.", + "value": [ + { + "op": "replace", + "path": "/requestable", + "value": true + }, + { + "op": "replace", + "path": "/privileged", + "value": true + } + ] + }, + "Assign an entitlement to a segment": { + "description": "This example shows how to use patch to assign an entitlement to a segment by adding the segment's ID to the entitlement's segments array.", + "value": [ + { + "op": "add", + "path": "/segments/-", + "value": "f7b1b8a3-5fed-4fd4-ad29-82014e137e19" + } + ] + }, + "Assign an owner to an entitlement": { + "description": "This example shows how to use patch to assign an owner to an entitlement by adding the owner's info to the entitlement.", + "value": [ + { + "op": "add", + "path": "/owner", + "value": { + "type": "IDENTITY", + "id": "2c9180858315595501831958427e5424" + } + } + ] + }, + "Replace an owner for an entitlement": { + "description": "This example shows how to use patch to replace an entitlement's owner by replacing the owner's info to the entitlement.", + "value": [ + { + "op": "replace", + "path": "/owner", + "value": { + "type": "IDENTITY", + "id": "2c9180858315595501831958427e5424" + } + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "Responds with the entitlement as updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The entitlement id", + "example": "2c91808874ff91550175097daaec161c" + }, + "name": { + "type": "string", + "description": "The entitlement name", + "example": "LauncherTest2" + }, + "attribute": { + "type": "string", + "description": "The entitlement attribute name", + "example": "memberOf" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The object type of the entitlement from the source schema", + "example": "group" + }, + "description": { + "type": "string", + "description": "The description of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "privileged": { + "type": "boolean", + "description": "True if the entitlement is privileged", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": true + }, + "created": { + "type": "string", + "description": "Time when the entitlement was created", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "modified": { + "type": "string", + "description": "Time when the entitlement was last modified", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The source ID", + "example": "2c9180827ca885d7017ca8ce28a000eb" + }, + "type": { + "type": "string", + "description": "The source type, will always be \"SOURCE\"", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The source name", + "example": "ODS-AD-Source" + } + } + }, + "attributes": { + "type": "object", + "description": "A map of free-form key-value pairs from the source system", + "example": { + "fieldName": "fieldValue" + }, + "additionalProperties": true + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Entitlement is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "directPermissions": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + }, + "owner": { + "type": "object", + "description": "Simplified DTO for the owner object of the entitlement", + "properties": { + "id": { + "type": "string", + "description": "The owner id for the entitlement", + "example": "2a2fdacca5e345f18bf7970cfbb8fec2" + }, + "name": { + "type": "string", + "description": "The owner name for the entitlement", + "example": "identity 1" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the owner. Initially only type IDENTITY is supported", + "example": "IDENTITY" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/entitlements/{id}/parents": { + "get": { + "operationId": "listEntitlementParents", + "tags": [ + "Entitlements" + ], + "summary": "List of entitlements parents", + "description": "This API returns a list of all parent entitlements of a given entitlement.", + "security": [ + { + "oauth2": [ + "idn:entitlement:read", + "idn:entitlement:manage" + ] + } + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "Entitlement Id", + "example": "2c91808c74ff913f0175097daa9d59cd" + } + ], + "responses": { + "200": { + "description": "List of entitlements parents from an entitlement", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The entitlement id", + "example": "2c91808874ff91550175097daaec161c" + }, + "name": { + "type": "string", + "description": "The entitlement name", + "example": "LauncherTest2" + }, + "attribute": { + "type": "string", + "description": "The entitlement attribute name", + "example": "memberOf" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The object type of the entitlement from the source schema", + "example": "group" + }, + "description": { + "type": "string", + "description": "The description of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "privileged": { + "type": "boolean", + "description": "True if the entitlement is privileged", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": true + }, + "created": { + "type": "string", + "description": "Time when the entitlement was created", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "modified": { + "type": "string", + "description": "Time when the entitlement was last modified", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The source ID", + "example": "2c9180827ca885d7017ca8ce28a000eb" + }, + "type": { + "type": "string", + "description": "The source type, will always be \"SOURCE\"", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The source name", + "example": "ODS-AD-Source" + } + } + }, + "attributes": { + "type": "object", + "description": "A map of free-form key-value pairs from the source system", + "example": { + "fieldName": "fieldValue" + }, + "additionalProperties": true + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Entitlement is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "directPermissions": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + }, + "owner": { + "type": "object", + "description": "Simplified DTO for the owner object of the entitlement", + "properties": { + "id": { + "type": "string", + "description": "The owner id for the entitlement", + "example": "2a2fdacca5e345f18bf7970cfbb8fec2" + }, + "name": { + "type": "string", + "description": "The owner name for the entitlement", + "example": "identity 1" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the owner. Initially only type IDENTITY is supported", + "example": "IDENTITY" + } + } + } + } + } + }, + "example": [ + { + "sourceSchemaObjectType": "group", + "attribute": "memberOf", + "attributes": { + "GroupType": "Security", + "sAMAccountName": "LauncherTest1", + "GroupScope": "Global", + "objectguid": "{01a6e70b-9705-4155-a5c6-492a9bcc8c64}", + "objectSid": "S-1-5-21-3585869415-1648031554-2909195034-1633", + "cn": "LauncherTest1", + "msDS-PrincipalName": "AUTOMATIONAD\\LauncherTest1" + }, + "value": "CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local", + "description": "some description", + "privileged": false, + "cloudGoverned": false, + "source": { + "type": "SOURCE", + "id": "2c9180877504c40e0175097d5ce707c8", + "name": "EndToEnd-ADSource" + }, + "owner": { + "id": "2a2fdacca5e345f18bf7970cfbb8fec2", + "name": "identity 1", + "type": "IDENTITY" + }, + "id": "2c91808c74ff913f0175097daa9d59cd", + "name": "LauncherTest1", + "created": "2020-10-08T18:33:52.029Z", + "modified": "2021-01-19T16:53:35.707Z" + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/entitlements/{id}/children": { + "get": { + "operationId": "listEntitlementChildren", + "tags": [ + "Entitlements" + ], + "summary": "List of entitlements children", + "description": "This API returns a list of all child entitlements of a given entitlement.", + "security": [ + { + "oauth2": [ + "idn:entitlement:read" + ] + } + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "Entitlement Id", + "example": "2c91808874ff91550175097daaec161c" + } + ], + "responses": { + "200": { + "description": "List of entitlements children from an entitlement", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The entitlement id", + "example": "2c91808874ff91550175097daaec161c" + }, + "name": { + "type": "string", + "description": "The entitlement name", + "example": "LauncherTest2" + }, + "attribute": { + "type": "string", + "description": "The entitlement attribute name", + "example": "memberOf" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The object type of the entitlement from the source schema", + "example": "group" + }, + "description": { + "type": "string", + "description": "The description of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "privileged": { + "type": "boolean", + "description": "True if the entitlement is privileged", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": true + }, + "created": { + "type": "string", + "description": "Time when the entitlement was created", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "modified": { + "type": "string", + "description": "Time when the entitlement was last modified", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The source ID", + "example": "2c9180827ca885d7017ca8ce28a000eb" + }, + "type": { + "type": "string", + "description": "The source type, will always be \"SOURCE\"", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The source name", + "example": "ODS-AD-Source" + } + } + }, + "attributes": { + "type": "object", + "description": "A map of free-form key-value pairs from the source system", + "example": { + "fieldName": "fieldValue" + }, + "additionalProperties": true + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Entitlement is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "directPermissions": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + }, + "owner": { + "type": "object", + "description": "Simplified DTO for the owner object of the entitlement", + "properties": { + "id": { + "type": "string", + "description": "The owner id for the entitlement", + "example": "2a2fdacca5e345f18bf7970cfbb8fec2" + }, + "name": { + "type": "string", + "description": "The owner name for the entitlement", + "example": "identity 1" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the owner. Initially only type IDENTITY is supported", + "example": "IDENTITY" + } + } + } + } + } + }, + "example": [ + { + "sourceSchemaObjectType": "group", + "attribute": "memberOf", + "attributes": { + "GroupType": "Security", + "sAMAccountName": "LauncherTest1", + "GroupScope": "Global", + "objectguid": "{01a6e70b-9705-4155-a5c6-492a9bcc8c64}", + "objectSid": "S-1-5-21-3585869415-1648031554-2909195034-1633", + "cn": "LauncherTest1", + "msDS-PrincipalName": "AUTOMATIONAD\\LauncherTest1" + }, + "value": "CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local", + "description": "some description", + "privileged": false, + "cloudGoverned": false, + "source": { + "type": "SOURCE", + "id": "2c9180877504c40e0175097d5ce707c8", + "name": "EndToEnd-ADSource" + }, + "owner": { + "id": "2a2fdacca5e345f18bf7970cfbb8fec2", + "name": "identity 1", + "type": "IDENTITY" + }, + "id": "2c91808c74ff913f0175097daa9d59cd", + "name": "LauncherTest1", + "created": "2020-10-08T18:33:52.029Z", + "modified": "2021-01-19T16:53:35.707Z" + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/entitlements/bulk-update": { + "post": { + "operationId": "updateEntitlementsInBulk", + "tags": [ + "Entitlements" + ], + "summary": "Bulk update an entitlement list", + "description": "This API applies an update to every entitlement of the list.\n\nThe number of entitlements to update is limited to 50 items maximum.\n\nThe JsonPatch update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. allowed operations : **{ \"op\": \"replace\", \"path\": \"/privileged\", \"value\": boolean }** **{ \"op\": \"replace\", \"path\": \"/requestable\",\"value\": boolean }** \n\nA token with ORG_ADMIN or API authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "entitlementIds": { + "type": "array", + "description": "List of entitlement ids to update", + "maxItems": 50, + "items": { + "type": "string" + }, + "example": [ + "2c91808a7624751a01762f19d665220d", + "2c91808a7624751a01762f19d67c220e", + "2c91808a7624751a01762f19d692220f" + ] + }, + "jsonPatch": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + }, + "example": [ + { + "op": "replace", + "path": "/privileged", + "value": false + }, + { + "op": "replace", + "path": "/requestable", + "value": false + } + ] + } + }, + "example": { + "entitlementIds": [ + "2c91808a7624751a01762f19d665220d", + "2c91808a7624751a01762f19d67c220e", + "2c91808a7624751a01762f19d692220f" + ], + "jsonPatch": [ + { + "op": "replace", + "path": "/privileged", + "value": false + }, + { + "op": "replace", + "path": "/requestable", + "value": false + } + ] + }, + "required": [ + "entitlementIds", + "jsonPatch" + ] + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/entitlements/{id}/entitlement-request-config": { + "get": { + "operationId": "getEntitlementRequestConfig", + "tags": [ + "Entitlements" + ], + "summary": "Get Entitlement Request Config", + "description": "This API returns the entitlement request config for a specified entitlement.", + "security": [ + { + "oauth2": [ + "idn:entitlement:read", + "idn:entitlement:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "Entitlement Id", + "example": "2c91808874ff91550175097daaec161c" + } + ], + "responses": { + "200": { + "description": "An Entitlement Request Config", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accessRequestConfig": { + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "Ordered list of approval steps for the access request. Empty when no approval is required.", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "ENTITLEMENT_OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**ENTITLEMENT_OWNER**: Owner of the associated Entitlement\n\n**SOURCE_OWNER**: Owner of the associated Source\n\n**MANAGER**: Manager of the Identity for whom the request is being made\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "e3eab852-8315-467f-9de7-70eda97f63c8" + } + } + } + }, + "requestCommentRequired": { + "type": "boolean", + "description": "If the requester must provide a comment during access request.", + "default": false, + "example": true + }, + "denialCommentRequired": { + "type": "boolean", + "description": "If the reviewer must provide a comment when denying the access request.", + "default": false, + "example": false + } + } + } + } + }, + "example": { + "accessRequestConfig": { + "requestCommentRequired": true, + "denialCommentRequired": true, + "approvalSchemes": [ + { + "approverType": "ENTITLEMENT_OWNER", + "approverId": null + }, + { + "approverType": "SOURCE_OWNER", + "approverId": null + }, + { + "approverType": "MANAGER", + "approverId": null + }, + { + "approverType": "GOVERNANCE_GROUP", + "approverId": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putEntitlementRequestConfig", + "tags": [ + "Entitlements" + ], + "summary": "Replace Entitlement Request Config", + "description": "This API replaces the entitlement request config for a specified entitlement.", + "security": [ + { + "oauth2": [ + "idn:entitlement:manage" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Entitlement ID", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121e121518" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accessRequestConfig": { + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "Ordered list of approval steps for the access request. Empty when no approval is required.", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "ENTITLEMENT_OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**ENTITLEMENT_OWNER**: Owner of the associated Entitlement\n\n**SOURCE_OWNER**: Owner of the associated Source\n\n**MANAGER**: Manager of the Identity for whom the request is being made\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "e3eab852-8315-467f-9de7-70eda97f63c8" + } + } + } + }, + "requestCommentRequired": { + "type": "boolean", + "description": "If the requester must provide a comment during access request.", + "default": false, + "example": true + }, + "denialCommentRequired": { + "type": "boolean", + "description": "If the reviewer must provide a comment when denying the access request.", + "default": false, + "example": false + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Responds with the entitlement request config as updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accessRequestConfig": { + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "Ordered list of approval steps for the access request. Empty when no approval is required.", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "ENTITLEMENT_OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**ENTITLEMENT_OWNER**: Owner of the associated Entitlement\n\n**SOURCE_OWNER**: Owner of the associated Source\n\n**MANAGER**: Manager of the Identity for whom the request is being made\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "e3eab852-8315-467f-9de7-70eda97f63c8" + } + } + } + }, + "requestCommentRequired": { + "type": "boolean", + "description": "If the requester must provide a comment during access request.", + "default": false, + "example": true + }, + "denialCommentRequired": { + "type": "boolean", + "description": "If the reviewer must provide a comment when denying the access request.", + "default": false, + "example": false + } + } + } + } + }, + "example": { + "accessRequestConfig": { + "requestCommentRequired": true, + "denialCommentRequired": true, + "approvalSchemes": [ + { + "approverType": "ENTITLEMENT_OWNER", + "approverId": null + }, + { + "approverType": "SOURCE_OWNER", + "approverId": null + }, + { + "approverType": "MANAGER", + "approverId": null + }, + { + "approverType": "GOVERNANCE_GROUP", + "approverId": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/generate-password-reset-token/digit": { + "post": { + "operationId": "generateDigitToken", + "tags": [ + "Password Management" + ], + "summary": "Generate a digit token", + "description": "This API is used to generate a digit token for password management. Requires authorization scope of \"idn:password-digit-token:create\".", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "userId" + ], + "properties": { + "userId": { + "type": "string", + "description": "The uid of the user requested for digit token", + "example": "Abby.Smith" + }, + "length": { + "type": "integer", + "description": "The length of digit token. It should be from 6 to 18, inclusive. The default value is 6.", + "example": 8 + }, + "durationMinutes": { + "type": "integer", + "description": "The time to live for the digit token in minutes. The default value is 5 minutes.", + "example": 5 + } + } + }, + "example": { + "userId": "Abby.Smith", + "length": 8, + "durationMinutes": 5 + } + } + } + }, + "responses": { + "200": { + "description": "The digit token for password management.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "digitToken": { + "type": "string", + "description": "The digit token for password management", + "example": 9087713 + }, + "requestId": { + "type": "string", + "description": "The reference ID of the digit token generation request", + "example": "e1267ecd-fcd9-4c73-9c55-12555efad136" + } + } + }, + "example": { + "digitToken": 9087713, + "requestId": "e1267ecd-fcd9-4c73-9c55-12555efad136" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities": { + "get": { + "operationId": "listHistoricalIdentities", + "summary": "Lists all the identities", + "description": "This gets the list of identities for the customer. This list end point does not support count=true request param. The total count of identities would never be returned even if the count param is specified in the request Requires authorization scope of 'idn:identity-history:read'", + "security": [ + { + "oauth2": [ + "idn:identity-history:read" + ] + } + ], + "tags": [ + "Identity History" + ], + "parameters": [ + { + "in": "query", + "name": "starts-with-query", + "schema": { + "type": "string" + }, + "description": "This param is used for starts-with search for first, last and display name of the identity", + "example": "Ada" + }, + { + "in": "query", + "name": "is-deleted", + "schema": { + "type": "boolean" + }, + "description": "Indicates if we want to only list down deleted identities or not.", + "example": true + }, + { + "in": "query", + "name": "is-active", + "schema": { + "type": "boolean" + }, + "description": "Indicates if we want to only list active or inactive identities.", + "example": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + } + ], + "responses": { + "200": { + "description": "List of identities for the customer.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the identity ID", + "example": "bc693f07e7b645539626c25954c58554" + }, + "displayName": { + "type": "string", + "description": "the display name of the identity", + "example": "Adam Zampa" + }, + "firstName": { + "type": "string", + "description": "the first name of the identity", + "example": "Adam" + }, + "lastName": { + "type": "string", + "description": "the last name of the identity", + "example": "Zampa" + }, + "active": { + "type": "boolean", + "default": true, + "description": "indicates if an identity is active or not", + "example": true + }, + "deletedDate": { + "type": "string", + "nullable": true, + "description": "the date when the identity was deleted", + "example": "2007-03-01T13:00:00.000Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}": { + "get": { + "operationId": "getHistoricalIdentity", + "tags": [ + "Identity History" + ], + "summary": "Get latest snapshot of identity", + "description": "This method retrieves a specified identity Requires authorization scope of 'idn:identity-history:read'", + "security": [ + { + "oauth2": [ + "idn:identity-history:read" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "responses": { + "200": { + "description": "The identity object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the identity ID", + "example": "bc693f07e7b645539626c25954c58554" + }, + "displayName": { + "type": "string", + "description": "the display name of the identity", + "example": "Adam Zampa" + }, + "snapshot": { + "type": "string", + "description": "the date when the identity record was created", + "example": "2007-03-01T13:00:00.000Z" + }, + "deletedDate": { + "type": "string", + "description": "the date when the identity was deleted", + "example": "2007-03-01T13:00:00.000Z" + }, + "accessItemCount": { + "type": "object", + "description": "A map containing the count of each access item", + "additionalProperties": { + "type": "string" + } + }, + "attributes": { + "type": "object", + "description": "A map containing the identity attributes", + "additionalProperties": { + "type": "string" + } + } + }, + "example": { + "id": "2c9079b270a266a60170a2779fcb0007", + "displayName": "Lahoma Wuckert", + "deletedDate": null, + "snapshot": "2007-03-01T13:00:00.000Z", + "attributes": { + "jobTitle": "HR Manager", + "location": "NYC", + "firstname": "Lahoma", + "lastname": "Wuckert", + "department": "HR" + }, + "accessItemCount": { + "role": 2, + "accessProfile": 2, + "entitlement": 28, + "account": 3 + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/access-items": { + "get": { + "operationId": "listIdentityAccessItems", + "tags": [ + "Identity History" + ], + "summary": "Gets a list of access items for the identity filtered by item type", + "description": "This method retrieves a list of access item for the identity filtered by the access item type Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "type", + "schema": { + "type": "string" + }, + "description": "The type of access item for the identity. If not provided, it defaults to account", + "example": "account" + } + ], + "responses": { + "200": { + "description": "The list of access items.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "accessProfile", + "description": "the access item type. accessProfile in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "name": { + "type": "string", + "example": "sample", + "description": "the access profile name" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "description": { + "type": "string", + "example": "AccessProfile - Workday/Citizenship access", + "description": "the description for the access profile" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + }, + "entitlementCount": { + "type": "string", + "example": 12, + "description": "the number of entitlements the access profile will create" + }, + "appDisplayName": { + "type": "string", + "example": "AppName", + "description": "the name of app" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "account", + "description": "the access item type. account in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "nativeIdentity": { + "type": "string", + "example": "dr.arden.ogahn.d", + "description": "the native identifier used to uniquely identify an acccount" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "entitlementCount": { + "type": "string", + "example": 12, + "description": "the number of entitlements the account will create" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "app", + "description": "the access item type. entitlement in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "displayName": { + "type": "string", + "example": "Display Name", + "description": "the access profile display name" + }, + "sourceName": { + "type": "string", + "example": "appName", + "description": "the associated source name if it exists" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "entitlement", + "description": "the access item type. entitlement in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "attribute": { + "type": "string", + "example": "groups", + "description": "the entitlement attribute" + }, + "value": { + "type": "string", + "example": "Upward mobility access", + "description": "the associated value" + }, + "entitlementType": { + "type": "string", + "example": "entitlement", + "description": "the type of entitlement" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "description": { + "type": "string", + "example": "Entitlement - Workday/Citizenship access", + "description": "the description for the entitlment" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "role", + "description": "the access item type. role in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "displayName": { + "type": "string", + "example": "sample", + "description": "the role display name" + }, + "description": { + "type": "string", + "example": "Role - Workday/Citizenship access", + "description": "the description for the role" + }, + "sourceName": { + "type": "string", + "example": "Source Name", + "description": "the associated source name if it exists" + } + } + } + ] + } + }, + "examples": { + "Access Profile": { + "description": "An access profile response", + "value": [ + { + "accessType": "accessProfile", + "id": "2c918087763e69d901763e72e97f006f", + "name": "sample", + "sourceName": "DataScienceDataset", + "sourceId": "2793o32dwd", + "description": "AccessProfile - Workday/Citizenship access", + "displayName": "Dr. Arden Rogahn MD", + "entitlementCount": 12, + "appDisplayName": "AppName" + } + ] + }, + "Account": { + "description": "An account response", + "value": [ + { + "accessType": "account", + "id": "2c918087763e69d901763e72e97f006f", + "nativeIdentity": "dr.arden.ogahn.d", + "sourceName": "DataScienceDataset", + "sourceId": "2793o32dwd", + "entitlementCount": 12, + "displayName": "Dr. Arden Rogahn MD" + } + ] + }, + "App": { + "description": "An app response", + "value": [ + { + "accessType": "app", + "id": "2c918087763e69d901763e72e97f006f", + "name": "appName" + } + ] + }, + "Entitlement": { + "description": "An entitlement event", + "value": [ + { + "accessType": "entitlement", + "id": "2c918087763e69d901763e72e97f006f", + "attribute": "groups", + "value": "Upward mobility access", + "type": "group", + "sourceName": "DataScienceDataset", + "sourceId": "2793o32dwd", + "description": "Entitlement - Workday/Citizenship access", + "displayName": "Dr. Arden Rogahn MD" + } + ] + }, + "Role": { + "description": "A role response", + "value": [ + { + "accessType": "role", + "id": "2c918087763e69d901763e72e97f006f", + "name": "sample", + "description": "Role - Workday/Citizenship access" + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/snapshots": { + "get": { + "operationId": "listIdentitySnapshots", + "tags": [ + "Identity History" + ], + "summary": "Lists all the snapshots for the identity", + "description": "This method retrieves all the snapshots for the identity Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "start", + "schema": { + "type": "string" + }, + "description": "The specified start date", + "example": "2007-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "interval", + "schema": { + "type": "string", + "enum": [ + "day", + "month" + ] + }, + "description": "The interval indicating the range in day or month for the specified interval-name" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "A list of identity summary for each snapshot.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "snapshot": { + "type": "string", + "description": "the date when the identity record was created", + "example": "2007-03-01T13:00:00.000Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/snapshot-summary": { + "get": { + "operationId": "getIdentitySnapshotSummary", + "tags": [ + "Identity History" + ], + "summary": "Gets the summary for the event count for a specific identity", + "description": "This method gets the summary for the event count for a specific identity by month/day Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "before", + "schema": { + "type": "string" + }, + "description": "The date before which snapshot summary is required", + "example": "2007-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "interval", + "schema": { + "type": "string", + "enum": [ + "day", + "month" + ] + }, + "description": "The interval indicating day or month. Defaults to month if not specified" + }, + { + "in": "query", + "name": "time-zone", + "schema": { + "type": "string" + }, + "description": "The time zone. Defaults to UTC if not provided", + "example": "UTC" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "A summary list of identity changes in date histogram format.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "the name of metric" + }, + "value": { + "type": "number", + "description": "the value associated to the metric" + } + }, + "example": { + "name": "2021-04-01T00:00:00.000Z", + "value": 2 + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/snapshots/{date}": { + "get": { + "operationId": "getIdentitySnapshot", + "tags": [ + "Identity History" + ], + "summary": "Gets an identity snapshot at a given date", + "description": "This method retrieves a specified identity snapshot at a given date Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "path", + "name": "date", + "schema": { + "type": "string" + }, + "description": "The specified date", + "example": "2007-03-01T13:00:00Z", + "required": true + } + ], + "responses": { + "200": { + "description": "The identity object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the identity ID", + "example": "bc693f07e7b645539626c25954c58554" + }, + "displayName": { + "type": "string", + "description": "the display name of the identity", + "example": "Adam Zampa" + }, + "snapshot": { + "type": "string", + "description": "the date when the identity record was created", + "example": "2007-03-01T13:00:00.000Z" + }, + "deletedDate": { + "type": "string", + "description": "the date when the identity was deleted", + "example": "2007-03-01T13:00:00.000Z" + }, + "accessItemCount": { + "type": "object", + "description": "A map containing the count of each access item", + "additionalProperties": { + "type": "string" + } + }, + "attributes": { + "type": "object", + "description": "A map containing the identity attributes", + "additionalProperties": { + "type": "string" + } + } + }, + "example": { + "id": "2c9079b270a266a60170a2779fcb0007", + "displayName": "Lahoma Wuckert", + "deletedDate": null, + "snapshot": "2007-03-01T13:00:00.000Z", + "attributes": { + "jobTitle": "HR Manager", + "location": "NYC", + "firstname": "Lahoma", + "lastname": "Wuckert", + "department": "HR" + }, + "accessItemCount": { + "role": 2, + "accessProfile": 2, + "entitlement": 28, + "account": 3 + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/snapshots/{date}/access-items": { + "get": { + "operationId": "listIdentitySnapshotAccessItems", + "tags": [ + "Identity History" + ], + "summary": "Gets the list of identity access items at a given date filterd by item type", + "description": "This method retrieves the list of identity access items at a given date filterd by item type Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "path", + "name": "date", + "schema": { + "type": "string" + }, + "required": true, + "description": "The specified date", + "example": "2007-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "type", + "schema": { + "type": "string" + }, + "description": "The access item type", + "example": "account" + } + ], + "responses": { + "200": { + "description": "The identity object.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "accessProfile", + "description": "the access item type. accessProfile in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "name": { + "type": "string", + "example": "sample", + "description": "the access profile name" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "description": { + "type": "string", + "example": "AccessProfile - Workday/Citizenship access", + "description": "the description for the access profile" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + }, + "entitlementCount": { + "type": "string", + "example": 12, + "description": "the number of entitlements the access profile will create" + }, + "appDisplayName": { + "type": "string", + "example": "AppName", + "description": "the name of app" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "account", + "description": "the access item type. account in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "nativeIdentity": { + "type": "string", + "example": "dr.arden.ogahn.d", + "description": "the native identifier used to uniquely identify an acccount" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "entitlementCount": { + "type": "string", + "example": 12, + "description": "the number of entitlements the account will create" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "app", + "description": "the access item type. entitlement in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "displayName": { + "type": "string", + "example": "Display Name", + "description": "the access profile display name" + }, + "sourceName": { + "type": "string", + "example": "appName", + "description": "the associated source name if it exists" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "entitlement", + "description": "the access item type. entitlement in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "attribute": { + "type": "string", + "example": "groups", + "description": "the entitlement attribute" + }, + "value": { + "type": "string", + "example": "Upward mobility access", + "description": "the associated value" + }, + "entitlementType": { + "type": "string", + "example": "entitlement", + "description": "the type of entitlement" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "description": { + "type": "string", + "example": "Entitlement - Workday/Citizenship access", + "description": "the description for the entitlment" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "role", + "description": "the access item type. role in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "displayName": { + "type": "string", + "example": "sample", + "description": "the role display name" + }, + "description": { + "type": "string", + "example": "Role - Workday/Citizenship access", + "description": "the description for the role" + }, + "sourceName": { + "type": "string", + "example": "Source Name", + "description": "the associated source name if it exists" + } + } + } + ] + } + }, + "examples": { + "Access Item AccessProfile Response": { + "description": "An access profile response", + "value": [ + { + "type": "accessProfile", + "id": "2c918087763e69d901763e72e97f006f", + "name": "sample", + "sourceName": "DataScienceDataset", + "sourceId": "2793o32dwd", + "description": "AccessProfile - Workday/Citizenship access", + "displayName": "Dr. Arden Rogahn MD", + "entitlementCount": 12, + "appDisplayName": "AppName" + } + ] + }, + "Access Item Account Response": { + "description": "An account response", + "value": [ + { + "type": "account", + "id": "2c918087763e69d901763e72e97f006f", + "nativeIdentity": "dr.arden.ogahn.d", + "sourceName": "DataScienceDataset", + "sourceId": "2793o32dwd", + "entitlementCount": 12, + "displayName": "Dr. Arden Rogahn MD" + } + ] + }, + "Access Item App Response": { + "description": "An app response", + "value": [ + { + "type": "app", + "id": "2c918087763e69d901763e72e97f006f", + "name": "appName" + } + ] + }, + "Access Item Entitlement Response": { + "description": "An entitlement event", + "value": [ + { + "type": "entitlement", + "id": "2c918087763e69d901763e72e97f006f", + "attribute": "groups", + "value": "Upward mobility access", + "entitlementType": "entitlement", + "sourceName": "DataScienceDataset", + "sourceId": "2793o32dwd", + "description": "Entitlement - Workday/Citizenship access", + "displayName": "Dr. Arden Rogahn MD" + } + ] + }, + "Access Item Role Response": { + "description": "A role response", + "value": [ + { + "type": "role", + "id": "2c918087763e69d901763e72e97f006f", + "name": "sample", + "description": "Role - Workday/Citizenship access" + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/common-access": { + "get": { + "operationId": "getCommonAccess", + "summary": "Get a paginated list of common access", + "tags": [ + "IAI Common Access" + ], + "description": "This endpoint returns the current common access for a customer. The returned items can be filtered and sorted. Requires authorization scope of iai:access-modeling:read", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)\n\nFiltering is supported for the following fields and operators:\n\n**status**: *eq* \"CONFIRMED\" or \"DENIED\" **reviewedByUser** *eq* true or false **access.id**: *eq* \"id\" **access.type**: *eq* \"ROLE\" or \"ACCESS_PROFILE\" **access.name**: *sw* \"Administrator\" **access.description**: *sw* \"admin\"", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)\n\nSorting is supported for the following fields: **access.name,status**\n\nBy default the common access items are sorted by name, ascending." + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of common access for a customer.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "access": { + "description": "common access item", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Common access ID" + }, + "type": { + "description": "Common access type (ROLE or ACCESS_PROFILE)", + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ] + }, + "name": { + "type": "string", + "description": "Common access name" + }, + "description": { + "type": "string", + "description": "Common access description" + }, + "ownerName": { + "type": "string", + "description": "Common access owner name" + }, + "ownerId": { + "type": "string", + "description": "Common access owner ID" + } + } + }, + "status": { + "type": "string", + "description": "CONFIRMED or DENIED" + }, + "lastUpdated": { + "type": "string", + "readOnly": true, + "format": "date-time" + }, + "reviewedByUser": { + "type": "boolean", + "description": "true if user has confirmed or denied status" + }, + "lastReviewed": { + "type": "string", + "readOnly": true, + "format": "date-time" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createCommonAccess", + "summary": "Create common access items", + "tags": [ + "IAI Common Access" + ], + "description": "This API is used to add roles/access profiles to the list of common access for a customer. Requires authorization scope of iai:access-modeling:create", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Common access ID" + }, + "type": { + "description": "Common access type (ROLE or ACCESS_PROFILE)", + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ] + }, + "name": { + "type": "string", + "description": "Common access name" + }, + "description": { + "type": "string", + "description": "Common access description" + }, + "ownerName": { + "type": "string", + "description": "Common access owner name" + }, + "ownerId": { + "type": "string", + "description": "Common access owner ID" + } + } + }, + "status": { + "type": "string", + "enum": [ + "CONFIRMED", + "DENIED" + ], + "description": "State of common access item." + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Returns details of the common access classification request.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Common Access Item ID" + }, + "access": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Common access ID" + }, + "type": { + "description": "Common access type (ROLE or ACCESS_PROFILE)", + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE" + ] + }, + "name": { + "type": "string", + "description": "Common access name" + }, + "description": { + "type": "string", + "description": "Common access description" + }, + "ownerName": { + "type": "string", + "description": "Common access owner name" + }, + "ownerId": { + "type": "string", + "description": "Common access owner ID" + } + } + }, + "status": { + "type": "string", + "enum": [ + "CONFIRMED", + "DENIED" + ], + "description": "State of common access item." + }, + "lastUpdated": { + "type": "string" + }, + "reviewedByUser": { + "type": "boolean" + }, + "lastReviewed": { + "type": "string" + }, + "createdByUser": { + "type": "string" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/common-access/update-status": { + "post": { + "operationId": "updateCommonAccessStatusInBulk", + "summary": "Bulk update common access status", + "tags": [ + "IAI Common Access" + ], + "description": "This submits an update request to the common access application. At this time there are no parameters. Requires authorization scope of iai:access-modeling:update", + "requestBody": { + "description": "Confirm or deny in bulk the common access ids that are (or aren't) common access", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "confirmedIds": { + "description": "List of confirmed common access ids.", + "type": "array", + "items": { + "type": "string", + "format": "uuid" + } + }, + "deniedIds": { + "description": "List of denied common access ids.", + "type": "array", + "items": { + "type": "string", + "format": "uuid" + } + } + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/events": { + "get": { + "operationId": "getHistoricalIdentityEvents", + "tags": [ + "Identity History" + ], + "summary": "Lists all events for the given identity", + "description": "This method retrieves all access events for the identity Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "from", + "schema": { + "type": "string" + }, + "description": "The optional instant from which to return the access events", + "example": "2007-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "eventTypes", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "An optional list of event types to return. If null or empty, all events are returned", + "example": [ + "AccessAddedEvent", + "AccessRemovedEvent" + ] + }, + { + "in": "query", + "name": "accessItemTypes", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned", + "example": [ + "entitlement", + "account" + ] + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "The list of events for the identity", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "anyOf": [ + { + "type": "object", + "properties": { + "accessItem": { + "type": "object", + "oneOf": [ + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "accessProfile", + "description": "the access item type. accessProfile in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "name": { + "type": "string", + "example": "sample", + "description": "the access profile name" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "description": { + "type": "string", + "example": "AccessProfile - Workday/Citizenship access", + "description": "the description for the access profile" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + }, + "entitlementCount": { + "type": "string", + "example": 12, + "description": "the number of entitlements the access profile will create" + }, + "appDisplayName": { + "type": "string", + "example": "AppName", + "description": "the name of app" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "account", + "description": "the access item type. account in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "nativeIdentity": { + "type": "string", + "example": "dr.arden.ogahn.d", + "description": "the native identifier used to uniquely identify an acccount" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "entitlementCount": { + "type": "string", + "example": 12, + "description": "the number of entitlements the account will create" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "app", + "description": "the access item type. entitlement in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "displayName": { + "type": "string", + "example": "Display Name", + "description": "the access profile display name" + }, + "sourceName": { + "type": "string", + "example": "appName", + "description": "the associated source name if it exists" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "entitlement", + "description": "the access item type. entitlement in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "attribute": { + "type": "string", + "example": "groups", + "description": "the entitlement attribute" + }, + "value": { + "type": "string", + "example": "Upward mobility access", + "description": "the associated value" + }, + "entitlementType": { + "type": "string", + "example": "entitlement", + "description": "the type of entitlement" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "description": { + "type": "string", + "example": "Entitlement - Workday/Citizenship access", + "description": "the description for the entitlment" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "role", + "description": "the access item type. role in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "displayName": { + "type": "string", + "example": "sample", + "description": "the role display name" + }, + "description": { + "type": "string", + "example": "Role - Workday/Citizenship access", + "description": "the description for the role" + }, + "sourceName": { + "type": "string", + "example": "Source Name", + "description": "the associated source name if it exists" + } + } + } + ], + "example": { + "id": "8c190e6787aa4ed9a90bd9d5344523fb", + "accessType": "account", + "nativeIdentity": 127999, + "sourceName": "JDBC Entitlements Source", + "entitlementCount": 0, + "displayName": "Sample Name" + } + }, + "identityId": { + "type": "string", + "description": "the identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + "eventType": { + "type": "string", + "description": "the event type", + "example": "AccessItemAssociated" + }, + "dt": { + "type": "string", + "description": "the date of event", + "example": "2019-03-08T22:37:33.901Z" + }, + "governanceEvent": { + "example": { + "name": "Manager Certification for Jon Snow", + "dt": "2019-03-08T22:37:33.901Z", + "type": "certification", + "governanceId": "2c91808a77ff216301782327a50f09bf", + "owners": [ + { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + ], + "reviewers": [ + { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + ], + "decisionMaker": { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + }, + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the governance event, such as the certification name or access request ID.", + "example": "Manager Certification for Jon Snow" + }, + "dt": { + "type": "string", + "description": "The date that the certification or access request was completed.", + "example": "2019-03-08T22:37:33.901Z" + }, + "type": { + "type": "string", + "enum": [ + "certification", + "accessRequest" + ], + "description": "The type of governance event.", + "example": "certification" + }, + "governanceId": { + "type": "string", + "description": "The ID of the instance that caused the event - either the certification ID or access request ID.", + "example": "2c91808a77ff216301782327a50f09bf" + }, + "owners": { + "type": "array", + "description": "The owners of the governance event (the certifiers or approvers)", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + }, + "example": [ + { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + } + ] + }, + "reviewers": { + "type": "array", + "description": "The owners of the governance event (the certifiers or approvers), this field should be preferred over owners", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + }, + "example": [ + { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + } + ] + }, + "decisionMaker": { + "description": "The decision maker", + "example": { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + }, + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + } + } + } + } + }, + { + "type": "object", + "properties": { + "accessItem": { + "type": "object", + "oneOf": [ + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "accessProfile", + "description": "the access item type. accessProfile in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "name": { + "type": "string", + "example": "sample", + "description": "the access profile name" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "description": { + "type": "string", + "example": "AccessProfile - Workday/Citizenship access", + "description": "the description for the access profile" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + }, + "entitlementCount": { + "type": "string", + "example": 12, + "description": "the number of entitlements the access profile will create" + }, + "appDisplayName": { + "type": "string", + "example": "AppName", + "description": "the name of app" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "account", + "description": "the access item type. account in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "nativeIdentity": { + "type": "string", + "example": "dr.arden.ogahn.d", + "description": "the native identifier used to uniquely identify an acccount" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "entitlementCount": { + "type": "string", + "example": 12, + "description": "the number of entitlements the account will create" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "app", + "description": "the access item type. entitlement in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "displayName": { + "type": "string", + "example": "Display Name", + "description": "the access profile display name" + }, + "sourceName": { + "type": "string", + "example": "appName", + "description": "the associated source name if it exists" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "entitlement", + "description": "the access item type. entitlement in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "attribute": { + "type": "string", + "example": "groups", + "description": "the entitlement attribute" + }, + "value": { + "type": "string", + "example": "Upward mobility access", + "description": "the associated value" + }, + "entitlementType": { + "type": "string", + "example": "entitlement", + "description": "the type of entitlement" + }, + "sourceName": { + "type": "string", + "example": "DataScienceDataset", + "description": "the name of the source" + }, + "sourceId": { + "type": "string", + "example": "2793o32dwd", + "description": "the id of the source" + }, + "description": { + "type": "string", + "example": "Entitlement - Workday/Citizenship access", + "description": "the description for the entitlment" + }, + "displayName": { + "type": "string", + "example": "Dr. Arden Rogahn MD", + "description": "the display name of the identity" + } + } + }, + { + "type": "object", + "properties": { + "accessType": { + "type": "string", + "example": "role", + "description": "the access item type. role in this case" + }, + "id": { + "type": "string", + "example": "2c918087763e69d901763e72e97f006f", + "description": "the access item id" + }, + "displayName": { + "type": "string", + "example": "sample", + "description": "the role display name" + }, + "description": { + "type": "string", + "example": "Role - Workday/Citizenship access", + "description": "the description for the role" + }, + "sourceName": { + "type": "string", + "example": "Source Name", + "description": "the associated source name if it exists" + } + } + } + ], + "example": { + "id": "8c190e6787aa4ed9a90bd9d5344523fb", + "accessType": "account", + "nativeIdentity": 127999, + "sourceName": "JDBC Entitlements Source", + "entitlementCount": 0, + "displayName": "Sample Name" + } + }, + "identityId": { + "type": "string", + "description": "the identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + "eventType": { + "type": "string", + "description": "the event type", + "example": "AccessItemRemoved" + }, + "dt": { + "type": "string", + "description": "the date of event", + "example": "2019-03-08T22:37:33.901Z" + }, + "governanceEvent": { + "example": { + "name": "Manager Certification for Jon Snow", + "dt": "2019-03-08T22:37:33.901Z", + "type": "certification", + "governanceId": "2c91808a77ff216301782327a50f09bf", + "owners": [ + { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + ], + "reviewers": [ + { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + ], + "decisionMaker": { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + }, + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the governance event, such as the certification name or access request ID.", + "example": "Manager Certification for Jon Snow" + }, + "dt": { + "type": "string", + "description": "The date that the certification or access request was completed.", + "example": "2019-03-08T22:37:33.901Z" + }, + "type": { + "type": "string", + "enum": [ + "certification", + "accessRequest" + ], + "description": "The type of governance event.", + "example": "certification" + }, + "governanceId": { + "type": "string", + "description": "The ID of the instance that caused the event - either the certification ID or access request ID.", + "example": "2c91808a77ff216301782327a50f09bf" + }, + "owners": { + "type": "array", + "description": "The owners of the governance event (the certifiers or approvers)", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + }, + "example": [ + { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + } + ] + }, + "reviewers": { + "type": "array", + "description": "The owners of the governance event (the certifiers or approvers), this field should be preferred over owners", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + }, + "example": [ + { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + } + ] + }, + "decisionMaker": { + "description": "The decision maker", + "example": { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + }, + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + } + } + } + } + }, + { + "type": "object", + "properties": { + "changes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "the attribute name" + }, + "previousValue": { + "type": "string", + "description": "the old value of attribute" + }, + "newValue": { + "type": "string", + "description": "the new value of attribute" + } + }, + "example": { + "name": "firstname", + "previousValue": "adam", + "newValue": "zampa" + } + } + }, + "eventType": { + "type": "string", + "description": "the event type" + }, + "identityId": { + "type": "string", + "description": "the identity id" + }, + "dt": { + "type": "string", + "description": "the date of event" + } + }, + "example": { + "attributeChanges": { + "name": "firstname", + "previousValue": "adam", + "newValue": "zampa" + }, + "eventType": "AttributesChanged", + "identityId": "8a80828f643d484f01643e14202e206f", + "dt": "2019-03-08T22:37:33.901Z" + } + }, + { + "type": "object", + "properties": { + "accessRequest": { + "description": "the access request details", + "type": "object", + "properties": { + "requesterId": { + "type": "string", + "example": "2c91808a77ff216301782327a50f09bf", + "description": "the requester Id" + }, + "requesterName": { + "type": "string", + "example": "Bing C", + "description": "the requesterName" + }, + "items": { + "type": "array", + "example": [ + { + "operation": "Add", + "accessItemType": "role", + "name": "Role-1", + "decision": "APPROVED", + "description": "The role descrition", + "sourceId": "8a80828f643d484f01643e14202e206f", + "sourceName": "Source1", + "approvalInfos": [ + { + "name": "John Snow", + "id": "8a80828f643d484f01643e14202e2000", + "status": "Approved" + } + ] + } + ], + "items": { + "type": "object", + "properties": { + "operation": { + "type": "string", + "example": "Add", + "description": "the access request item operation" + }, + "accessItemType": { + "type": "string", + "example": "role", + "description": "the access item type" + }, + "name": { + "type": "string", + "example": "Role-1", + "description": "the name of access request item" + }, + "decision": { + "type": "string", + "example": "APPROVED", + "enum": [ + "APPROVED", + "REJECTED" + ], + "description": "the final decision for the access request" + }, + "description": { + "type": "string", + "example": "The role descrition", + "description": "the description of access request item" + }, + "sourceId": { + "type": "string", + "example": "8a80828f643d484f01643e14202e206f", + "description": "the source id" + }, + "sourceName": { + "type": "string", + "example": "Source1", + "description": "the source Name" + }, + "approvalInfos": { + "type": "array", + "example": [ + { + "name": "John Snow", + "id": "8a80828f643d484f01643e14202e2000", + "status": "Approved" + } + ], + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "8a80828f643d484f01643e14202e2000", + "description": "the id of approver" + }, + "name": { + "type": "string", + "example": "John Snow", + "description": "the name of approver" + }, + "status": { + "type": "string", + "example": "Approved", + "description": "the status of the approval request" + } + } + } + } + } + } + } + } + }, + "identityId": { + "type": "string", + "example": "8a80828f643d484f01643e14202e206f", + "description": "the identity id" + }, + "eventType": { + "type": "string", + "example": "AccessRequested", + "description": "the event type" + }, + "dt": { + "type": "string", + "example": "2019-03-08T22:37:33.901Z", + "description": "the date of event" + } + } + }, + { + "type": "object", + "properties": { + "certificationId": { + "type": "string", + "description": "the id of the certification item", + "example": "2c91808a77ff216301782327a50f09bf" + }, + "certificationName": { + "type": "string", + "description": "the certification item name", + "example": "Cert name" + }, + "signedDate": { + "type": "string", + "description": "the date ceritification was signed", + "example": "2019-03-08T22:37:33.901Z" + }, + "certifiers": { + "type": "array", + "description": "this field is deprecated and may go away", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + }, + "example": [ + { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + } + ] + }, + "reviewers": { + "type": "array", + "description": "The list of identities who review this certification", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + }, + "example": [ + { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + } + ] + }, + "signer": { + "description": "Identity who signed off on the certification", + "example": { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + }, + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the certifier", + "example": "8a80828f643d484f01643e14202e206f" + }, + "displayName": { + "type": "string", + "description": "the name of the certifier", + "example": "John Snow" + } + } + }, + "eventType": { + "type": "string", + "description": "the event type", + "example": "IdentityCertified" + }, + "dt": { + "type": "string", + "description": "the date of event", + "example": "2019-03-08T22:37:33.901Z" + } + } + }, + { + "type": "object", + "properties": { + "eventType": { + "type": "string", + "description": "the event type" + }, + "identityId": { + "type": "string", + "description": "the identity id" + }, + "dt": { + "type": "string", + "description": "the date of event" + }, + "account": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the ID of the account in the database" + }, + "nativeIdentity": { + "type": "string", + "description": "the native identifier of the account" + }, + "displayName": { + "type": "string", + "description": "the display name of the account" + }, + "sourceId": { + "type": "string", + "description": "the ID of the source for this account" + }, + "sourceName": { + "type": "string", + "description": "the name of the source for this account" + }, + "entitlementCount": { + "type": "integer", + "description": "the number of entitlements on this account" + }, + "accessType": { + "type": "string", + "description": "this value is always \"account\"" + } + } + }, + "statusChange": { + "type": "object", + "properties": { + "previousStatus": { + "type": "string", + "description": "the previous status of the account", + "enum": [ + "enabled", + "disabled", + "locked" + ] + }, + "newStatus": { + "type": "string", + "description": "the new status of the account", + "enum": [ + "enabled", + "disabled", + "locked" + ] + } + } + } + }, + "example": { + "account": { + "id": "2c91808a77ff216301782327a50f09bf", + "nativeIdentity": 127999, + "displayName": "Sample Name", + "sourceId": "8a80828f643d484f01643e14202e206f", + "sourceName": "JDBC Entitlements Source", + "entitlementCount": 0, + "accessType": "account" + }, + "statusChange": { + "previousStatus": "enabled", + "newStatus": "disabled" + }, + "eventType": "AccountStatusChanged", + "identityId": "8a80828f643d484f01643e14202e206f", + "date": "2019-03-08T22:37:33.901Z" + } + } + ] + } + }, + "examples": { + "AccessItemAssociated": { + "description": "An Access item associated event", + "value": [ + { + "accessItem": { + "id": "8c190e6787aa4ed9a90bd9d5344523fb", + "accessType": "account", + "nativeIdentity": 127999, + "sourceName": "JDBC Entitlements Source", + "entitlementCount": 0, + "displayName": "Sample Name" + }, + "eventType": "AccessItemAssociated", + "identityId": "8a80828f643d484f01643e14202e206f", + "dt": "2019-03-08T22:37:33.901Z", + "governanceEvent": { + "name": "Access Request 58", + "dt": "2019-03-08T22:37:33.901Z", + "type": "accessRequest", + "governanceId": "2c91808a77ff216301782327a50f09e1", + "owners": [ + { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + ], + "reviewers": [ + { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + ], + "decisionMaker": { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + } + } + ] + }, + "AccessItemRemoved": { + "description": "An Access item removed event", + "value": [ + { + "accessItem": { + "id": "8c190e6787aa4ed9a90bd9d5344523fb", + "accessType": "account", + "nativeIdentity": 127999, + "sourceName": "JDBC Entitlements Source", + "entitlementCount": 0, + "displayName": "Sample Name" + }, + "eventType": "AccessItemRemoved", + "identityId": "8a80828f643d484f01643e14202e206f", + "dt": "2019-03-08T22:37:33.901Z", + "governanceEvent": { + "name": "Manager Certification for Jon Snow", + "dt": "2019-03-08T22:37:33.901Z", + "type": "certification", + "governanceId": "2c91808a77ff216301782327a50f09bf", + "owners": [ + { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + ], + "reviewers": [ + { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + ], + "decisionMaker": { + "id": "bc693f07e7b645539626c25954c58554", + "displayName": "Jon Snow" + } + } + } + ] + }, + "AttributesChanged": { + "description": "An attribute changed event", + "value": [ + { + "attributeChanges": [ + { + "name": "firstname", + "previousValue": "adam", + "newValue": "zampa" + } + ], + "eventType": "AttributesChanged", + "identityId": "8a80828f643d484f01643e14202e206f", + "dt": "2019-03-08T22:37:33.901Z" + } + ] + }, + "AccessRequested": { + "description": "An access requested event", + "value": { + "accessRequest": { + "requesterId": "2c91808a77ff216301782327a50f09bf", + "requestName": "Bing C", + "items": [ + { + "operation": "Add", + "accessItemType": "role", + "name": "Role-1", + "decision": "APPROVED", + "description": "The role descrition", + "sourceId": "8a80828f643d484f01643e14202e206f", + "sourceName": "Source1", + "approvalInfos": [ + { + "name": "John Snow", + "id": "8a80828f643d484f01643e14202e2000", + "status": "Approved" + } + ] + } + ] + }, + "eventType": "AccessRequested", + "identityId": "8a80828f643d484f01643e14202e206f", + "dt": "2019-03-08T22:37:33.901Z" + } + }, + "IdentityCertified": { + "description": "An identity certified event", + "value": [ + { + "certification": { + "id": "2c91808a77ff216301782327a50f09bf", + "name": "Cert name", + "signedDate": "2019-03-08T22:37:33.901Z", + "certifiers": [ + { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "John Snow" + } + ], + "reviewers": [ + { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "Daenerys Targaryen" + } + ], + "signer": { + "id": "8a80828f643d484f01643e14202e206f", + "displayName": "Tyrion Lannister" + } + }, + "eventType": "IdentityCertified", + "identityId": "8a80828f643d484f01643e14202e206f", + "dt": "2019-03-08T22:37:33.901Z" + } + ] + }, + "AccountStatusChanged": { + "description": "An account status changed event", + "value": [ + { + "account": { + "id": "2c91808a77ff216301782327a50f09bf", + "nativeIdentity": 127999, + "displayName": "Sample Name", + "sourceId": "8a80828f643d484f01643e14202e206f", + "sourceName": "JDBC Entitlements Source", + "entitlementCount": 0, + "accessType": "account" + }, + "statusChange": { + "previousStatus": "ENABLED", + "newStatus": "DISABLED" + }, + "eventType": "AccountStatusChanged", + "identityId": "8a80828f643d484f01643e14202e206f", + "dt": "2019-03-08T22:37:33.901Z" + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/start-date": { + "get": { + "operationId": "getIdentityStartDate", + "tags": [ + "Identity History" + ], + "summary": "Gets the start date of the identity", + "description": "This method retrieves start date of the identity Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "responses": { + "200": { + "description": "The start date of the identity", + "content": { + "application/json": { + "schema": { + "type": "string", + "example": "2017-03-01T13:00:00.000Z" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/compare": { + "get": { + "operationId": "compareIdentitySnapshots", + "tags": [ + "Identity History" + ], + "summary": "Gets a difference of count for each access item types for the given identity between 2 snapshots", + "description": "This method gets a difference of count for each access item types for the given identity between 2 snapshots Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "snapshot1", + "schema": { + "type": "string" + }, + "description": "The snapshot 1 of identity", + "example": "2007-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "snapshot2", + "schema": { + "type": "string" + }, + "description": "The snapshot 2 of identity", + "example": "2008-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "accessItemTypes", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned " + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "A IdentityCompare object with difference details for each access item type", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accessItemDiff": { + "type": "object", + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.", + "additionalProperties": { + "type": "object" + } + } + }, + "example": { + "accessItemDiff": { + "role": { + "accessAdded": 2, + "accessRemoved": 3 + }, + "entitlement": { + "accessAdded": 4, + "accessRemoved": 0 + }, + "accessProfile": { + "accessAdded": 0, + "accessRemoved": 1 + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/historical-identities/{id}/compare/{access-type}": { + "get": { + "operationId": "compareIdentitySnapshotsAccessType", + "tags": [ + "Identity History" + ], + "summary": "Gets a list of differences of specific accessType for the given identity between 2 snapshots", + "description": "This method gets a list of differences of specific accessType for the given identity between 2 snapshots Requires authorization scope of 'idn:identity-history:read' ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "path", + "name": "accessType", + "schema": { + "type": "string" + }, + "required": true, + "description": "The specific type which needs to be compared", + "example": "role" + }, + { + "in": "query", + "name": "access-associated", + "schema": { + "type": "boolean" + }, + "description": "Indicates if added or removed access needs to be returned. true - added, false - removed, null - both added & removed", + "example": "2007-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "snapshot1", + "schema": { + "type": "string" + }, + "description": "The snapshot 1 of identity", + "example": "2008-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "snapshot2", + "schema": { + "type": "string" + }, + "description": "The snapshot 2 of identity", + "example": "2009-03-01T13:00:00Z" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "A list of events for the identity", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the id of the access item" + }, + "eventType": { + "type": "string", + "enum": [ + "ADD", + "REMOVE" + ] + }, + "displayName": { + "type": "string", + "description": "the display name of the access item" + }, + "sourceName": { + "type": "string", + "description": "the source name of the access item" + } + }, + "example": { + "id": "2c91808c7726345b017726a0a2fb013b", + "eventType": "ADD", + "displayName": "Test", + "sourceName": "Source" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identities/{identityId}/synchronize-attributes": { + "post": { + "operationId": "synchronizeAttributesForIdentity", + "tags": [ + "Identities" + ], + "summary": "Attribute synchronization for single identity.", + "description": "This end-point performs attribute synchronization for a selected identity. The endpoint can be called once in 10 seconds per identity. A token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "identityId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Identity id" + } + ], + "responses": { + "202": { + "description": "An Identity Sync job", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Job ID.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "status": { + "type": "string", + "description": "The job status.", + "enum": [ + "QUEUED", + "IN_PROGRESS", + "SUCCESS", + "ERROR" + ], + "example": "IN_PROGRESS" + }, + "payload": { + "description": "Job payload.", + "example": { + "type": "SYNCHRONIZE_IDENTITY_ATTRIBUTES", + "dataJson": "{\"identityId\":\"2c918083746f642c01746f990884012a\"}" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Payload type.", + "example": "SYNCHRONIZE_IDENTITY_ATTRIBUTES" + }, + "dataJson": { + "type": "string", + "description": "Payload type.", + "example": "{\"identityId\":\"2c918083746f642c01746f990884012a\"}" + } + }, + "required": [ + "type", + "dataJson" + ] + } + }, + "required": [ + "id", + "status", + "payload" + ] + }, + "example": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3dfc", + "status": "IN_PROGRESS", + "payload": { + "type": "SYNCHRONIZE_IDENTITY_ATTRIBUTES", + "dataJson": "{\"identityId\":\"2c918083746f642c01746f990884012a\"}" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identities": { + "get": { + "operationId": "listIdentities", + "tags": [ + "Identities" + ], + "summary": "List Identities", + "description": "This API returns a list of identities.", + "parameters": [ + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "required": false, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**alias**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*\n\n**email**: *eq, sw*\n\n**cloudStatus**: *eq*\n\n**processingState**: *eq*\n\n**correlated**: *eq*\n\n**protected**: *eq*", + "example": "id eq \"6c9079b270a266a60170a2779fcb0006\" or correlated eq false" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "required": false, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/#sorting-results)\n\nSorting is supported for the following fields: **name, alias, cloudStatus**", + "example": "name,-cloudStatus" + }, + { + "in": "query", + "name": "defaultFilter", + "schema": { + "type": "string", + "enum": [ + "CORRELATED_ONLY", + "NONE" + ], + "default": "CORRELATED_ONLY" + }, + "required": false, + "description": "Adds additional filter to filters query parameter.\n\nCORRELATED_ONLY adds correlated=true and returns only identities that are correlated.\n\nNONE does not add any and returns all identities that satisfy filters query parameter.", + "example": "NONE" + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + } + ], + "responses": { + "200": { + "description": "List of identities.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "title": "IdentityDto", + "properties": { + "alias": { + "type": "string", + "description": "Alternate unique identifier for the identity", + "example": "walter.white" + }, + "emailAddress": { + "type": "string", + "description": "The email address of the identity", + "example": "sender@example.com" + }, + "processingState": { + "type": "string", + "nullable": true, + "description": "The processing state of the identity", + "enum": [ + "ERROR", + "OK" + ], + "example": "ERROR" + }, + "identityStatus": { + "type": "string", + "description": "The identity's status in the system", + "enum": [ + "UNREGISTERED", + "REGISTERED", + "PENDING", + "WARNING", + "DISABLED", + "ACTIVE", + "DEACTIVATED", + "TERMINATED", + "ERROR", + "LOCKED" + ], + "example": "LOCKED" + }, + "managerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "isManager": { + "type": "boolean", + "description": "Whether this identity is a manager of another identity", + "example": true + }, + "lastRefresh": { + "type": "string", + "format": "date-time", + "description": "The last time the identity was refreshed by the system", + "example": "2020-11-22T15:42:31.123Z" + }, + "attributes": { + "type": "object", + "description": "A map with the identity attributes for the identity", + "example": "{\"uid\":\"Walter White\",\"firstname\":\"walter\",\"cloudStatus\":\"UNREGISTERED\",\"displayName\":\"Walter White\",\"identificationNumber\":\"942\",\"lastSyncDate\":1470348809380,\"email\":\"walter@gmail.com\",\"lastname\":\"white\"}" + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identities/{id}": { + "get": { + "operationId": "getIdentity", + "tags": [ + "Identities" + ], + "summary": "Identity Details", + "description": "This API returns a single identity using the Identity ID.", + "security": [ + { + "oauth2": [ + "idn:identity:read" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "Identity Id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An identity object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "title": "IdentityDto", + "properties": { + "alias": { + "type": "string", + "description": "Alternate unique identifier for the identity", + "example": "walter.white" + }, + "emailAddress": { + "type": "string", + "description": "The email address of the identity", + "example": "sender@example.com" + }, + "processingState": { + "type": "string", + "nullable": true, + "description": "The processing state of the identity", + "enum": [ + "ERROR", + "OK" + ], + "example": "ERROR" + }, + "identityStatus": { + "type": "string", + "description": "The identity's status in the system", + "enum": [ + "UNREGISTERED", + "REGISTERED", + "PENDING", + "WARNING", + "DISABLED", + "ACTIVE", + "DEACTIVATED", + "TERMINATED", + "ERROR", + "LOCKED" + ], + "example": "LOCKED" + }, + "managerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "isManager": { + "type": "boolean", + "description": "Whether this identity is a manager of another identity", + "example": true + }, + "lastRefresh": { + "type": "string", + "format": "date-time", + "description": "The last time the identity was refreshed by the system", + "example": "2020-11-22T15:42:31.123Z" + }, + "attributes": { + "type": "object", + "description": "A map with the identity attributes for the identity", + "example": "{\"uid\":\"Walter White\",\"firstname\":\"walter\",\"cloudStatus\":\"UNREGISTERED\",\"displayName\":\"Walter White\",\"identificationNumber\":\"942\",\"lastSyncDate\":1470348809380,\"email\":\"walter@gmail.com\",\"lastname\":\"white\"}" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteIdentity", + "tags": [ + "Identities" + ], + "summary": "Deletes an identity.", + "description": "The API returns successful response if the requested identity was deleted.", + "security": [ + { + "oauth2": [ + "idn:identity:delete" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "Identity Id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request is invalid. It may indicate that the specified identity is marked as protected and cannot be deleted.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identity-profiles": { + "get": { + "operationId": "listIdentityProfiles", + "tags": [ + "Identity Profiles" + ], + "summary": "Identity Profiles list", + "description": "This returns a list of Identity Profiles based on the specified query parameters.\nA token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "example": "id eq 8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "example": "name,-priority" + } + ], + "responses": { + "200": { + "description": "List of identityProfiles.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "nullable": true, + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile" + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + }, + "description": "The authoritative source for this Identity Profile." + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If the profile or mapping is enabled", + "example": true, + "default": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "nullable": true, + "additionalProperties": true, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result", + "example": "2c918086795cd09201795d5f7d7533df" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report" + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": true, + "example": true + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:read", + "idn:identity-profile:manage" + ] + } + ] + }, + "post": { + "operationId": "createIdentityProfile", + "summary": "Create an Identity Profile", + "description": "This creates an Identity Profile\nA token with ORG_ADMIN authority is required to call this API to create an Identity Profile.", + "tags": [ + "Identity Profiles" + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "nullable": true, + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile" + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + }, + "description": "The authoritative source for this Identity Profile." + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If the profile or mapping is enabled", + "example": true, + "default": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "nullable": true, + "additionalProperties": true, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result", + "example": "2c918086795cd09201795d5f7d7533df" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report" + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": true, + "example": true + } + } + } + ] + } + } + } + }, + "responses": { + "201": { + "description": "The created Identity Profile", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "nullable": true, + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile" + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + }, + "description": "The authoritative source for this Identity Profile." + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If the profile or mapping is enabled", + "example": true, + "default": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "nullable": true, + "additionalProperties": true, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result", + "example": "2c918086795cd09201795d5f7d7533df" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report" + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": true, + "example": true + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/bulk-delete": { + "post": { + "operationId": "deleteIdentityProfiles", + "tags": [ + "Identity Profiles" + ], + "summary": "Delete Identity Profiles", + "description": "This deletes multiple Identity Profiles via a list of supplied IDs.\nOn success, this endpoint will return a reference to the bulk delete task result.\nA token with ORG_ADMIN authority is required to call this API to delete a list of Identity Profiles.", + "requestBody": { + "description": "Identity Profile bulk delete request body.", + "required": true, + "content": { + "application/json": { + "schema": { + "description": "List of Identity Profile IDs to delete.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c9180867b2a34e0017b3078d60b0699", + "2c9180867b2a34e0017b3078d60b0698" + ] + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "description": "An object with a TaskResult reference of the bulk delete job", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/export": { + "get": { + "operationId": "exportIdentityProfiles", + "tags": [ + "Identity Profiles" + ], + "summary": "Export Identity Profiles", + "description": "This exports existing identity profiles in the format specified by the sp-config service.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "example": "id eq 8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "example": "name,-priority" + } + ], + "responses": { + "200": { + "description": "List of export objects with identity profiles.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "Identity Profile exported object", + "properties": { + "version": { + "type": "integer", + "example": 1, + "description": "Version or object from the target service." + }, + "self": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "object": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile", + "nullable": true + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + } + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made.", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "description": "Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.", + "properties": { + "enabled": { + "description": "The backend will only promote values if the profile/mapping is enabled.", + "type": "boolean", + "default": false, + "example": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "description": "Defines a transformation definition for an identity attribute.", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute.", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition.", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report." + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": false, + "example": true + } + } + } + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:read", + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/import": { + "post": { + "operationId": "importIdentityProfiles", + "summary": "Import Identity Profiles", + "description": "This imports previously exported identity profiles.", + "tags": [ + "Identity Profiles" + ], + "requestBody": { + "description": "Previously exported Identity Profiles.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "Identity Profile exported object", + "properties": { + "version": { + "type": "integer", + "example": 1, + "description": "Version or object from the target service." + }, + "self": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "object": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile", + "nullable": true + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + } + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made.", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "description": "Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.", + "properties": { + "enabled": { + "description": "The backend will only promote values if the profile/mapping is enabled.", + "type": "boolean", + "default": false, + "example": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "description": "Defines a transformation definition for an identity attribute.", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute.", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition.", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report." + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": false, + "example": true + } + } + } + ] + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The result of importing Identity Profiles.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Import Object Response Body", + "description": "Response model for import of a single object.", + "properties": { + "infos": { + "description": "Informational messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": { + "type": "object" + }, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "warnings": { + "description": "Warning messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": { + "type": "object" + }, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "errors": { + "description": "Error messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": { + "type": "object" + }, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "importedObjects": { + "description": "References to objects that were created or updated by the import.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "required": [ + "infos", + "warnings", + "errors", + "importedObjects" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/identity-preview": { + "post": { + "operationId": "generateIdentityPreview", + "tags": [ + "Identity Profiles" + ], + "summary": "Generate Identity Profile Preview", + "description": "This generates a non-persisted IdentityDetails object that will represent as the preview of the identities attribute when the given policy's attribute config is applied.\nA token with ORG_ADMIN authority is required to call this API to generate an identity preview.", + "requestBody": { + "description": "Identity Preview request body.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "format": "uuid", + "example": "2c9180857893f12901789445619b0366" + }, + "identityAttributeConfig": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If the profile or mapping is enabled", + "example": true, + "default": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "nullable": true, + "additionalProperties": true, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Object representing the preview object with all of the identity attributes using the current mappings.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identity": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "previewAttributes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the attribute that is being previewed.", + "example": "email" + }, + "value": { + "type": "object", + "description": "Value that was derived during the preview.", + "example": "email@mail.com" + }, + "previousValue": { + "type": "object", + "description": "The value of the attribute before the preview.", + "example": "oldEmail@mail.com" + }, + "errorMessages": { + "description": "A list of errors that may have been encountered", + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/{identity-profile-id}": { + "get": { + "operationId": "getIdentityProfile", + "tags": [ + "Identity Profiles" + ], + "summary": "Gets a single Identity Profile", + "description": "This returns a single Identity Profile based on ID.\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The Identity Profile ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An Identity Profile object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "nullable": true, + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile" + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + }, + "description": "The authoritative source for this Identity Profile." + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If the profile or mapping is enabled", + "example": true, + "default": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "nullable": true, + "additionalProperties": true, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result", + "example": "2c918086795cd09201795d5f7d7533df" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report" + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": true, + "example": true + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:read", + "idn:identity-profile:manage" + ] + } + ] + }, + "delete": { + "operationId": "deleteIdentityProfile", + "tags": [ + "Identity Profiles" + ], + "summary": "Delete an Identity Profile", + "description": "This deletes an Identity Profile based on ID.\nA token with ORG_ADMIN authority is required to call this API to delete an Identity Profile.", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The Identity Profile ID.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "description": "An object with a TaskResult reference of the delete job.", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "the application ID", + "example": "ff8081814d977c21014da056804a0af3" + }, + "name": { + "type": "string", + "description": "the application name", + "example": "Github" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + }, + "patch": { + "operationId": "updateIdentityProfile", + "tags": [ + "Identity Profiles" + ], + "summary": "Update the Identity Profile", + "description": "This updates the specified Identity Profile.\nA token with ORG_ADMIN authority is required to call this API to update the Identity Profile. Some fields of the Schema cannot be updated. These fields are listed below.\n* id\n* name\n* created\n* modified", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The Identity Profile ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of Identity Profile update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "add-attribute-transform": { + "summary": "Add an attribute transform", + "value": [ + { + "op": "add", + "path": "/identityAttributeConfig/attributeTransforms/0", + "value": { + "identityAttributeName": "location", + "transformDefinition": { + "type": "accountAttribute", + "attributes": { + "sourceName": "Employees", + "attributeName": "location", + "sourceId": "2c91808878b7d63b0178c66ffcdc4ce4" + } + } + } + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "The updated Identity Profile.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "nullable": true, + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile" + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + }, + "description": "The authoritative source for this Identity Profile." + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If the profile or mapping is enabled", + "example": true, + "default": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "nullable": true, + "additionalProperties": true, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result", + "example": "2c918086795cd09201795d5f7d7533df" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report" + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": true, + "example": true + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/{identity-profile-id}/default-identity-attribute-config": { + "get": { + "operationId": "getDefaultIdentityAttributeConfig", + "tags": [ + "Identity Profiles" + ], + "summary": "Default identity attribute config", + "description": "This returns the default identity attribute config\nA token with ORG_ADMIN authority is required to call this API to get the default identity attribute config.", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The Identity Profile ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An Identity Attribute Config object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If the profile or mapping is enabled", + "example": true, + "default": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "nullable": true, + "additionalProperties": true, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/{identity-profile-id}/refresh-identities": { + "post": { + "operationId": "refreshIdentityProfile", + "tags": [ + "Identity Profiles" + ], + "summary": "Refreshes all identities under profile", + "description": "This refreshes all identities under the profile\nA token with ORG_ADMIN authority is required to call this API to refresh identities under this Identity Profile.", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The Identity Profile ID to be refreshed", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "Accepted status after all refreshes have launched", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}": { + "get": { + "operationId": "listLifecycleStates", + "tags": [ + "Lifecycle States" + ], + "summary": "Lifecycle State", + "description": "This endpoint returns a lifecycle state.\n\nA token with ORG_ADMIN or API authority is required to call this API.\n", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "description": "Identity Profile ID", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "lifecycle-state-id", + "description": "Lifecycle State ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "lifecycle-state", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "lifecycle stat id." + }, + "name": { + "type": "string", + "readOnly": true, + "example": "Lifecycle Name", + "description": "Lifecycle-state name." + }, + "technicalName": { + "type": "string", + "readOnly": true, + "example": "lifecycleTechnicalName", + "description": "The technical name for lifecycle state. This is for internal use." + }, + "description": { + "type": "string", + "example": "LifecycleDescription", + "description": "Lifecycle state description." + }, + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "example": "2015-05-28T14:07:17Z", + "description": "Lifecycle state created date." + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "example": "2015-05-28T14:07:17Z", + "description": "Lifecycle state modified date." + }, + "enabled": { + "type": "boolean", + "example": true, + "description": "Whether the lifecycle state is enabled or disabled." + }, + "identityCount": { + "type": "integer", + "format": "int32", + "readOnly": true, + "example": 12, + "description": "Number of identities that have the lifecycle state." + }, + "emailNotificationOption": { + "type": "object", + "properties": { + "notifyManagers": { + "type": "boolean", + "example": true, + "description": "If true, then the manager is notified of the lifecycle state change." + }, + "notifyAllAdmins": { + "type": "boolean", + "example": true, + "description": "If true, then all the admins are notified of the lifecycle state change." + }, + "notifySpecificUsers": { + "type": "boolean", + "example": true, + "description": "If true, then the users specified in \"emailAddressList\" below are notified of lifecycle state change." + }, + "emailAddressList": { + "type": "array", + "example": [ + "test@test.com", + "test2@test.com" + ], + "items": { + "type": "string" + }, + "description": "List of user email addresses. If \"notifySpecificUsers\" option is true, then these users are notified of lifecycle state change." + } + } + }, + "accountActions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "action": { + "type": "string", + "example": "ENABLE", + "description": "Describes if action will be enabled or disabled", + "enum": [ + "ENABLE", + "DISABLE" + ] + }, + "sourceIds": { + "type": "array", + "items": { + "example": "2c918084660f45d6016617daa9210584", + "description": "Source Id", + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of source IDs. The sources must have the ENABLE feature or flat file source. See \"/sources\" endpoint for source features." + } + } + } + }, + "accessProfileIds": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of access-profile IDs that are associated with the lifecycle state." + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateLifecycleStates", + "tags": [ + "Lifecycle States" + ], + "summary": "Update Lifecycle State", + "description": "This API updates individual lifecycle state fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nA token with ORG_ADMIN or API authority is required to call this API.\n", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "description": "Identity Profile ID", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "lifecycle-state-id", + "description": "Lifecycle State ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "description": "A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields can be updated:\n* enabled\n* description\n* accountActions\n* accessProfileIds\n* emailNotificationOption\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/description", + "value": "Updated description!" + }, + { + "op": "replace", + "path": "/accessProfileIds", + "value": [ + "2c918087742bab150174407a80f3125e", + "2c918087742bab150174407a80f3124f" + ] + }, + { + "op": "replace", + "path": "/accountActions", + "value": [ + { + "action": "ENABLE", + "sourceIds": [ + "2c9180846a2f82fb016a481c1b1560c5", + "2c9180846a2f82fb016a481c1b1560cc" + ] + }, + { + "action": "DISABLE", + "sourceIds": [ + "2c91808869a0c9980169a207258513fb" + ] + } + ] + }, + { + "op": "replace", + "path": "/emailNotificationOption", + "value": { + "notifyManagers": true, + "notifyAllAdmins": false, + "notifySpecificUsers": false, + "emailAddressList": [] + } + } + ] + } + } + }, + "responses": { + "200": { + "description": "Updated lifecycle-state.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "lifecycle stat id." + }, + "name": { + "type": "string", + "readOnly": true, + "example": "Lifecycle Name", + "description": "Lifecycle-state name." + }, + "technicalName": { + "type": "string", + "readOnly": true, + "example": "lifecycleTechnicalName", + "description": "The technical name for lifecycle state. This is for internal use." + }, + "description": { + "type": "string", + "example": "LifecycleDescription", + "description": "Lifecycle state description." + }, + "created": { + "type": "string", + "readOnly": true, + "format": "date-time", + "example": "2015-05-28T14:07:17Z", + "description": "Lifecycle state created date." + }, + "modified": { + "type": "string", + "readOnly": true, + "format": "date-time", + "example": "2015-05-28T14:07:17Z", + "description": "Lifecycle state modified date." + }, + "enabled": { + "type": "boolean", + "example": true, + "description": "Whether the lifecycle state is enabled or disabled." + }, + "identityCount": { + "type": "integer", + "format": "int32", + "readOnly": true, + "example": 12, + "description": "Number of identities that have the lifecycle state." + }, + "emailNotificationOption": { + "type": "object", + "properties": { + "notifyManagers": { + "type": "boolean", + "example": true, + "description": "If true, then the manager is notified of the lifecycle state change." + }, + "notifyAllAdmins": { + "type": "boolean", + "example": true, + "description": "If true, then all the admins are notified of the lifecycle state change." + }, + "notifySpecificUsers": { + "type": "boolean", + "example": true, + "description": "If true, then the users specified in \"emailAddressList\" below are notified of lifecycle state change." + }, + "emailAddressList": { + "type": "array", + "example": [ + "test@test.com", + "test2@test.com" + ], + "items": { + "type": "string" + }, + "description": "List of user email addresses. If \"notifySpecificUsers\" option is true, then these users are notified of lifecycle state change." + } + } + }, + "accountActions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "action": { + "type": "string", + "example": "ENABLE", + "description": "Describes if action will be enabled or disabled", + "enum": [ + "ENABLE", + "DISABLE" + ] + }, + "sourceIds": { + "type": "array", + "items": { + "example": "2c918084660f45d6016617daa9210584", + "description": "Source Id", + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of source IDs. The sources must have the ENABLE feature or flat file source. See \"/sources\" endpoint for source features." + } + } + } + }, + "accessProfileIds": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of access-profile IDs that are associated with the lifecycle state." + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-records": { + "post": { + "operationId": "createNonEmployeeRecord", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Create Non-Employee Record", + "description": "This request will create a non-employee record.\nRequest will require the following security scope:\n'idn:nesr:create'", + "requestBody": { + "description": "Non-Employee record creation request body.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + } + }, + "required": [ + "accountName", + "firstName", + "lastName", + "email", + "phone", + "manager", + "sourceId", + "startDate", + "endDate" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Created non-employee record.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id." + }, + "accountName": { + "type": "string", + "description": "Requested identity account name." + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listNonEmployeeRecords", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "List Non-Employee Records", + "description": "This gets a list of non-employee records.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "required": false, + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "accountName,sourceId", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**" + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ], + "responses": { + "200": { + "description": "Non-Employee record objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id." + }, + "accountName": { + "type": "string", + "description": "Requested identity account name." + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-records/{id}": { + "get": { + "operationId": "getNonEmployeeRecord", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get a Non-Employee Record", + "description": "This gets a non-employee record.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee record id (UUID)", + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Non-Employee record object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id." + }, + "accountName": { + "type": "string", + "description": "Requested identity account name." + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updateNonEmployeeRecord", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Update Non-Employee Record", + "description": "This request will update a non-employee record.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-employee record id (UUID)", + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "description": "Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + } + }, + "required": [ + "accountName", + "firstName", + "lastName", + "email", + "phone", + "manager", + "sourceId", + "startDate", + "endDate" + ] + } + } + } + }, + "responses": { + "200": { + "description": "An updated non-employee record.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id." + }, + "accountName": { + "type": "string", + "description": "Requested identity account name." + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchNonEmployeeRecord", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Patch Non-Employee Record", + "description": "This request will patch a non-employee record.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-employee record id (UUID)", + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "description": "A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.", + "required": true, + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/endDate", + "value": { + "2019-08-23T18:40:35.772Z": null + } + } + ] + } + } + }, + "responses": { + "200": { + "description": "A patched non-employee record.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id." + }, + "accountName": { + "type": "string", + "description": "Requested identity account name." + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeRecord", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Non-Employee Record", + "description": "This request will delete a non-employee record.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee record id (UUID)", + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-records/bulk-delete": { + "post": { + "operationId": "deleteNonEmployeeRecordInBulk", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Multiple Non-Employee Records", + "description": "This request will delete multiple non-employee records based on the non-employee ids provided.\nRequest will require the following scope:\n'idn:nesr:delete'", + "requestBody": { + "description": "Non-Employee bulk delete request body.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "ids": { + "description": "List of non-employee ids.", + "type": "array", + "items": { + "type": "string", + "format": "uuid" + } + } + }, + "required": [ + "ids" + ] + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-requests": { + "post": { + "operationId": "createNonEmployeeRequest", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Create Non-Employee Request", + "description": "This request will create a non-employee request and notify the approver", + "requestBody": { + "description": "Non-Employee creation request body", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + } + }, + "required": [ + "accountName", + "firstName", + "lastName", + "email", + "phone", + "manager", + "sourceId", + "startDate", + "endDate" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Non-Employee request creation object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "nonEmployeeSource": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "approvalItems": { + "description": "List of approval item for the request", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1 + }, + "comment": { + "type": "string", + "description": "comment of approver" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "comment": { + "type": "string", + "description": "comment of requester" + }, + "completionDate": { + "type": "string", + "format": "date-time", + "description": "When the request was completely approved.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2020-03-24T11:11:41.139-05:00" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "400.1 Bad Request Content": { + "description": "Response for bad request content", + "value": { + "detailCode": "400.1 Bad Request Content", + "trackingId": "e7eab60924f64aa284175b9fa3309599", + "messages": [ + { + "locale": "en", + "localeOrigin": "REQUEST", + "text": "firstName is required; accountName is required;" + } + ] + } + }, + "400.1.409 Reference conflict": { + "description": "Response for reference conflict", + "value": { + "detailCode": "400.1.409 Reference conflict", + "trackingId": "e7eab60924f64aa284175b9fa3309599", + "messages": [ + { + "locale": "en", + "localeOrigin": "REQUEST", + "text": "Unable to create Non-Employee because the accountName \"existed\" is already being used." + } + ] + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listNonEmployeeRequests", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "List Non-Employee Requests", + "description": "This gets a list of non-employee requests.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "requested-for", + "required": true, + "schema": { + "type": "string" + }, + "example": "me", + "description": "The identity for whom the request was made. *me* indicates the current user." + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "approvalStatus,firstName", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**" + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ], + "responses": { + "200": { + "description": "List of non-employee request objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "nonEmployeeSource": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "approvalItems": { + "description": "List of approval item for the request", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1 + }, + "comment": { + "type": "string", + "description": "comment of approver" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "comment": { + "type": "string", + "description": "comment of requester" + }, + "completionDate": { + "type": "string", + "format": "date-time", + "description": "When the request was completely approved.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2020-03-24T11:11:41.139-05:00" + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-requests/{id}": { + "get": { + "operationId": "getNonEmployeeRequest", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get a Non-Employee Request", + "description": "This gets a non-employee request.", + "parameters": [ + { + "in": "path", + "name": "id", + "example": "2c91808b6ef1d43e016efba0ce470904", + "description": "Non-Employee request id (UUID)", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Non-Employee request object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "nonEmployeeSource": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "approvalItems": { + "description": "List of approval item for the request", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1 + }, + "comment": { + "type": "string", + "description": "comment of approver" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "comment": { + "type": "string", + "description": "comment of requester" + }, + "completionDate": { + "type": "string", + "format": "date-time", + "description": "When the request was completely approved.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2020-03-24T11:11:41.139-05:00" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeRequest", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Non-Employee Request", + "description": "This request will delete a non-employee request.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee request id in the UUID format", + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-requests/summary/{requested-for}": { + "get": { + "operationId": "getNonEmployeeRequestSummary", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get Summary of Non-Employee Requests", + "description": "This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter: 1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id. 2. The current user is an account manager, in which case \"me\" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.", + "parameters": [ + { + "in": "path", + "example": "ac10d20a-841e-1e7d-8184-32d2e22c0179", + "name": "requested-for", + "description": "The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use \"me\" instead to indicate the current user.", + "required": true, + "schema": { + "type": "string", + "format": "uuid (if user is Org Admin)" + } + } + ], + "responses": { + "200": { + "description": "Non-Employee request summary object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approved": { + "type": "number", + "description": "The number of approved non-employee requests on all sources that *requested-for* user manages." + }, + "rejected": { + "type": "number", + "description": "The number of rejected non-employee requests on all sources that *requested-for* user manages." + }, + "pending": { + "type": "number", + "description": "The number of pending non-employee requests on all sources that *requested-for* user manages." + }, + "nonEmployeeCount": { + "type": "number", + "description": "The number of non-employee records on all sources that *requested-for* user manages." + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources": { + "post": { + "operationId": "createNonEmployeeSource", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Create Non-Employee Source", + "description": "This request will create a non-employee source.\nRequest will require the following security scope:\n'idn:nesr:create'", + "requestBody": { + "description": "Non-Employee source creation request body.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Description of non-employee source.", + "example": "Source description" + }, + "owner": { + "description": "Owner of non-employee source.", + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Identity id.", + "example": "2c91808570313110017040b06f344ec9" + } + }, + "required": [ + "id" + ] + }, + "managementWorkgroup": { + "type": "string", + "description": "The ID for the management workgroup that contains source sub-admins", + "example": "123299" + }, + "approvers": { + "description": "List of approvers.", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Identity id.", + "example": "2c91808570313110017040b06f344ec9" + } + }, + "required": [ + "id" + ] + }, + "maxItems": 3 + }, + "accountManagers": { + "description": "List of account managers.", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Identity id.", + "example": "2c91808570313110017040b06f344ec9" + } + }, + "required": [ + "id" + ] + }, + "maxItems": 10 + } + }, + "required": [ + "owner", + "name", + "description" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Created non-employee source.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "approvers": { + "description": "List of approvers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "accountManagers": { + "description": "List of account managers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "nonEmployeeCount": { + "nullable": true, + "type": "integer", + "description": "The number of non-employee records on all sources that *requested-for* user manages.", + "example": 2, + "format": "int32" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "cloudExternalId": { + "type": "string", + "description": "Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present.", + "example": "99999" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listNonEmployeeSources", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "List Non-Employee Sources", + "description": "This gets a list of non-employee sources.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "required": true, + "name": "requested-for", + "example": "me", + "schema": { + "type": "string" + }, + "description": "The identity for whom the request was made. *me* indicates the current user." + }, + { + "in": "query", + "required": true, + "name": "non-employee-count", + "example": false, + "schema": { + "type": "boolean" + }, + "description": "The flag to determine whether return a non-employee count associate with source." + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "name,created", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created**" + } + ], + "responses": { + "200": { + "description": "List of non-employee sources objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "approvers": { + "description": "List of approvers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "accountManagers": { + "description": "List of account managers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "nonEmployeeCount": { + "nullable": true, + "type": "integer", + "description": "The number of non-employee records on all sources that *requested-for* user manages.", + "example": 2, + "format": "int32" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "nonEmployeeCount": { + "type": "integer", + "example": 2, + "format": "int32", + "description": "Number of non-employee records associated with this source." + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{sourceId}": { + "get": { + "operationId": "getNonEmployeeSource", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get a Non-Employee Source", + "description": "This gets a non-employee source.", + "parameters": [ + { + "in": "path", + "example": "2c91808b7c28b350017c2a2ec5790aa1", + "name": "sourceId", + "description": "Source Id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Non-Employee source object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "approvers": { + "description": "List of approvers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "accountManagers": { + "description": "List of account managers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "nonEmployeeCount": { + "nullable": true, + "type": "integer", + "description": "The number of non-employee records on all sources that *requested-for* user manages.", + "example": 2, + "format": "int32" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchNonEmployeeSource", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Patch a Non-Employee Source", + "description": "patch a non-employee source. (Partial Update) Patchable field: **name, description, approvers, accountManagers**", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "description": "Source Id", + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "description": "A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "required": true, + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/name", + "value": { + "new name": null + } + }, + { + "op": "replace", + "path": "/approvers", + "value": [ + "2c91809f703bb37a017040a2fe8748c7", + "48b1f463c9e8427db5a5071bd81914b8" + ] + } + ] + } + } + }, + "responses": { + "200": { + "description": "A patched non-employee source object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "approvers": { + "description": "List of approvers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "accountManagers": { + "description": "List of account managers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "nonEmployeeCount": { + "nullable": true, + "type": "integer", + "description": "The number of non-employee records on all sources that *requested-for* user manages.", + "example": 2, + "format": "int32" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeSource", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Non-Employee Source", + "description": "This request will delete a non-employee source.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "description": "Source Id", + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{id}/non-employees/download": { + "get": { + "operationId": "exportNonEmployeeRecords", + "security": [ + { + "oauth2": [ + "idn:nelm:read", + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Exports Non-Employee Records to CSV", + "description": "This requests a CSV download for all non-employees from a provided source.", + "parameters": [ + { + "in": "path", + "example": "2c918085842e69ae018432d22ccb212f", + "name": "id", + "description": "Source Id (UUID)", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Exported CSV", + "content": { + "text/csv": { + "example": "accountName,firstName,lastName,phone,email,manager,startDate,endDate\nJon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00\nWilliam.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00\n" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{id}/non-employee-bulk-upload": { + "post": { + "operationId": "importNonEmployeeRecordsInBulk", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Imports, or Updates, Non-Employee Records", + "description": "This post will import, or update, Non-Employee records found in the CSV.\nRequest will need the following security scope:\n'idn:nesr:create'", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Source Id (UUID)", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + } + ], + "requestBody": { + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "data": { + "type": "string", + "format": "binary" + } + }, + "required": [ + "data" + ] + } + } + } + }, + "responses": { + "202": { + "description": "The CSV was accepted to be bulk inserted now or at a later time.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The bulk upload job's ID. (UUID)", + "example": "2c91808568c529c60168cca6f90cffff" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source to bulk-upload non-employees to. (UUID)", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date-time the job was submitted.", + "example": "2019-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date-time that the job was last updated.", + "example": "2019-08-23T18:52:59.162Z" + }, + "status": { + "type": "string", + "enum": [ + "PENDING", + "IN_PROGRESS", + "COMPLETED", + "ERROR" + ], + "description": "Returns the following values indicating the progress or result of the bulk upload job.\n\"PENDING\" means the job is queued and waiting to be processed.\n\"IN_PROGRESS\" means the job is currently being processed.\n\"COMPLETED\" means the job has been completed without any errors.\n\"ERROR\" means the job failed to process with errors.\n", + "example": "PENDING" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.\nThe response body will contain the list of specific errors with one on each line.\n", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{id}/non-employee-bulk-upload/status": { + "get": { + "operationId": "getNonEmployeeBulkUploadStatus", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Bulk upload status on source", + "description": "The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.\n", + "parameters": [ + { + "in": "path", + "example": "2c918085842e69ae018432d22ccb212f", + "name": "id", + "description": "Source ID (UUID)", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Status of the newest bulk-upload job, if any.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "PENDING", + "IN_PROGRESS", + "COMPLETED", + "ERROR" + ], + "description": "Returns the following values indicating the progress or result of the bulk upload job.\n\"PENDING\" means the job is queued and waiting to be processed.\n\"IN_PROGRESS\" means the job is currently being processed.\n\"COMPLETED\" means the job has been completed without any errors.\n\"ERROR\" means the job failed to process with errors.\nnull means job has been submitted to the source.\n", + "example": "PENDING" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{id}/schema-attributes-template/download": { + "get": { + "operationId": "exportNonEmployeeSourceSchemaTemplate", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Exports Source Schema Template", + "description": "This requests a download for the Source Schema Template for a provided source.\nRequest will require the following security scope:\nidn:nesr:read'", + "parameters": [ + { + "in": "path", + "example": "2c918085842e69ae018432d22ccb212f", + "name": "id", + "description": "Source Id (UUID)", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Exported Source Schema Template", + "content": { + "text/csv": { + "example": "accountName,firstName,lastName,phone,email,manager,startDate,endDate\n" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals": { + "get": { + "operationId": "listNonEmployeeApproval", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get List of Non-Employee Approval Requests", + "description": "This gets a list of non-employee approval requests.", + "parameters": [ + { + "in": "query", + "example": "ac10d20a-841e-1e7d-8184-32d2e22c0179", + "name": "requested-for", + "schema": { + "type": "string" + }, + "description": "The identity for whom the request was made. *me* indicates the current user.", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "example": "filters=approvalStatus eq 'PENDING'", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"" + }, + { + "in": "query", + "example": "sorters=-created", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified**" + } + ], + "responses": { + "200": { + "description": "List of approval items.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1 + }, + "comment": { + "type": "string", + "description": "comment of approver" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + }, + { + "type": "object", + "properties": { + "nonEmployeeRequest": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee request id." + }, + "requester": { + "example": { + "type": "IDENTITY", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "William Smith" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + } + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals/{id}": { + "get": { + "operationId": "getNonEmployeeApproval", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get a non-employee approval item detail", + "description": "Approves a non-employee approval request and notifies the next approver.", + "parameters": [ + { + "in": "path", + "name": "id", + "example": "ac10d20a-841e-1e7d-8184-32d2e22c0179", + "description": "Non-Employee approval item id (UUID)", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "example": "include-detail=false", + "name": "include-detail", + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Non-Employee approval item object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1 + }, + "comment": { + "type": "string", + "description": "comment of approver" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + }, + { + "type": "object", + "properties": { + "nonEmployeeRequest": { + "description": "Non-Employee request associated to this approval", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee request id." + }, + "requester": { + "example": { + "type": "IDENTITY", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "William Smith" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + } + }, + { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "nonEmployeeSource": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "schemaAttributes": { + "description": "List of schema attributes associated with this non-employee source.", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts." + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + } + ] + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee." + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "comment": { + "type": "string", + "description": "comment of requester" + }, + "completionDate": { + "type": "string", + "format": "date-time", + "description": "When the request was completely approved.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "startDate": { + "type": "string", + "format": "date", + "description": "Non-Employee employment start date.", + "example": "2020-03-24" + }, + "endDate": { + "type": "string", + "format": "date", + "description": "Non-Employee employment end date.", + "example": "2021-03-25" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2020-03-24T11:11:41.139-05:00" + } + } + } + ] + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals/{id}/approve": { + "post": { + "operationId": "approveNonEmployeeRequest", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Approve a Non-Employee Request", + "description": "Approves a non-employee approval request and notifies the next approver.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee approval item id (UUID)", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Comment on the approval item.", + "maxLength": 4000 + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Non-Employee approval item object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1 + }, + "comment": { + "type": "string", + "description": "comment of approver" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + }, + { + "type": "object", + "properties": { + "nonEmployeeRequest": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee request id." + }, + "requester": { + "example": { + "type": "IDENTITY", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "William Smith" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals/{id}/reject": { + "post": { + "operationId": "rejectNonEmployeeRequest", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Reject a Non-Employee Request", + "description": "This endpoint will reject an approval item request and notify user.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee approval item id (UUID)", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Comment on the approval item.", + "maxLength": 4000 + } + }, + "required": [ + "comment" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Non-Employee approval item object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1 + }, + "comment": { + "type": "string", + "description": "comment of approver" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + }, + { + "type": "object", + "properties": { + "nonEmployeeRequest": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee request id." + }, + "requester": { + "example": { + "type": "IDENTITY", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "William Smith" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals/summary/{requested-for}": { + "get": { + "operationId": "getNonEmployeeApprovalSummary", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get Summary of Non-Employee Approval Requests", + "description": "This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter: 1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id. 2. The current user is an approver, in which case \"me\" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.", + "parameters": [ + { + "in": "path", + "example": "ac10d20a-841e-1e7d-8184-32d2e22c0179", + "name": "requested-for", + "schema": { + "type": "string" + }, + "description": "The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use \"me\" instead to indicate the current user.", + "required": true + } + ], + "responses": { + "200": { + "description": "summary of non-employee approval requests", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approved": { + "type": "number", + "description": "The number of approved non-employee approval requests." + }, + "pending": { + "type": "number", + "description": "The number of pending non-employee approval requests." + }, + "rejected": { + "type": "number", + "description": "The number of rejected non-employee approval requests." + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{sourceId}/schema-attributes": { + "get": { + "operationId": "getNonEmployeeSourceSchemaAttributes", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "List Schema Attributes Non-Employee Source", + "description": "This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned.", + "parameters": [ + { + "in": "path", + "example": "2c918085842e69ae018432d22ccb212f", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id" + } + ], + "responses": { + "200": { + "description": "A list of Schema Attributes", + "content": { + "application/json": { + "schema": { + "type": "array", + "example": [ + { + "type": "TEXT", + "label": "string", + "technicalName": "string", + "helpText": "string", + "placeholder": "string", + "required": true + } + ], + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts." + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + }, + "maxItems": 18 + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createNonEmployeeSourceSchemaAttributes", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Create Non-Employee Source Schema Attribute", + "description": "This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a \"400.1.409 Reference conflict\" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a \"400.1.4 Limit violation\" response.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "description": "The Source id" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Type of the attribute. Only type 'TEXT' is supported for custom attributes.", + "example": "TEXT" + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Schema Attribute created.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts." + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeSourceSchemaAttributes", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete all custom schema attributes", + "description": "This end-point deletes all custom schema attributes for a non-employee source.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "description": "The Source id" + } + ], + "responses": { + "204": { + "description": "All custon Schema Attributes were successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{sourceId}/schema-attributes/{attributeId}": { + "get": { + "operationId": "getNonEmployeeSchemaAttribute", + "security": [ + { + "oauth2": [ + "idn:nelm:read" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get Schema Attribute Non-Employee Source", + "description": "This API gets a schema attribute by Id for the specified Non-Employee SourceId.", + "parameters": [ + { + "in": "path", + "example": "2c918085842e69ae018432d22ccb212f", + "name": "attributeId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema Attribute Id (UUID)" + }, + { + "in": "path", + "example": "2c918085842e69ae018432d22ccb212f", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id" + } + ], + "responses": { + "200": { + "description": "The Schema Attribute", + "content": { + "application/json": { + "example": "id,system,modified,created,type,label,technicalName,helpText,placeholder,required\n", + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts." + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchNonEmployeeSchemaAttribute", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Patch Non-Employee Source's Schema Attribute", + "description": "This end-point patches a specific schema attribute for a non-employee SourceId.\n", + "parameters": [ + { + "in": "path", + "name": "attributeId", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "description": "The Schema Attribute Id (UUID)" + }, + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "description": "The Source id" + } + ], + "requestBody": { + "description": "A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update ':' 'label', 'helpText', 'placeholder', 'required'.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/label", + "value": { + "new attribute label": null + } + } + ] + } + }, + "required": true + }, + "responses": { + "200": { + "description": "The Schema Attribute was successfully patched.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts." + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeSchemaAttribute", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Non-Employee Source's Schema Attribute", + "description": "This end-point deletes a specific schema attribute for a non-employee source.\n", + "parameters": [ + { + "in": "path", + "name": "attributeId", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "description": "The Schema Attribute Id (UUID)" + }, + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808b6ef1d43e016efba0ce470904", + "description": "The Source id" + } + ], + "responses": { + "204": { + "description": "The Schema Attribute was successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/managed-clients/{id}/status": { + "get": { + "tags": [ + "Managed Clients" + ], + "summary": "Specified Managed Client Status.", + "description": "Retrieve Managed Client Status by ID.", + "operationId": "getManagedClientStatus", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Managed Client Status to get", + "required": true, + "schema": { + "type": "string", + "example": "aClientId" + } + }, + { + "name": "type", + "in": "query", + "description": "Type of the Managed Client Status to get", + "required": true, + "schema": { + "example": "VA", + "description": "Managed Client type", + "type": "string", + "nullable": true, + "enum": [ + "CCG", + "VA", + "INTERNAL", + null + ] + } + } + ], + "responses": { + "200": { + "description": "Responds with Managed Client Status having the given ID and Type.", + "content": { + "application/json": { + "schema": { + "description": "Managed Client Status", + "type": "object", + "required": [ + "body", + "status", + "type", + "timestamp" + ], + "properties": { + "body": { + "description": "ManagedClientStatus body information", + "type": "object", + "example": { + "alertKey": "", + "id": "5678", + "clusterId": "1234", + "ccg_etag": "ccg_etag123xyz456", + "ccg_pin": "NONE", + "cookbook_etag": "20210420125956-20210511144538", + "hostname": "megapod-useast1-secret-hostname.sailpoint.com", + "internal_ip": "127.0.0.1", + "lastSeen": "1620843964604", + "sinceSeen": "14708", + "sinceSeenMillis": "14708", + "localDev": false, + "stacktrace": "", + "state": null, + "status": "NORMAL", + "uuid": null, + "product": "idn", + "va_version": null, + "platform_version": "2", + "os_version": "2345.3.1", + "os_type": "flatcar", + "hypervisor": "unknown" + } + }, + "status": { + "description": "status of the Managed Client", + "type": "string", + "enum": [ + "NORMAL", + "UNDEFINED", + "NOT_CONFIGURED", + "CONFIGURING", + "WARNING", + "ERROR", + "FAILED" + ] + }, + "type": { + "description": "type of the Managed Client", + "type": "string", + "example": "CCG", + "nullable": true, + "enum": [ + "CCG", + "VA", + "INTERNAL", + null + ] + }, + "timestamp": { + "description": "timestamp on the Client Status update", + "type": "string", + "format": "date-time", + "example": "2020-01-01T00:00:00.000000Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:managed-client-status:read" + ] + } + ] + }, + "post": { + "tags": [ + "Managed Clients" + ], + "summary": "Handle status request from client", + "description": "Update a status detail passed in from the client", + "operationId": "updateManagedClientStatus", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Managed Client Status to update", + "required": true, + "schema": { + "type": "string", + "example": "aClientId" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "Managed Client Status", + "type": "object", + "required": [ + "body", + "status", + "type", + "timestamp" + ], + "properties": { + "body": { + "description": "ManagedClientStatus body information", + "type": "object", + "example": { + "alertKey": "", + "id": "5678", + "clusterId": "1234", + "ccg_etag": "ccg_etag123xyz456", + "ccg_pin": "NONE", + "cookbook_etag": "20210420125956-20210511144538", + "hostname": "megapod-useast1-secret-hostname.sailpoint.com", + "internal_ip": "127.0.0.1", + "lastSeen": "1620843964604", + "sinceSeen": "14708", + "sinceSeenMillis": "14708", + "localDev": false, + "stacktrace": "", + "state": null, + "status": "NORMAL", + "uuid": null, + "product": "idn", + "va_version": null, + "platform_version": "2", + "os_version": "2345.3.1", + "os_type": "flatcar", + "hypervisor": "unknown" + } + }, + "status": { + "description": "status of the Managed Client", + "type": "string", + "enum": [ + "NORMAL", + "UNDEFINED", + "NOT_CONFIGURED", + "CONFIGURING", + "WARNING", + "ERROR", + "FAILED" + ] + }, + "type": { + "description": "type of the Managed Client", + "type": "string", + "example": "CCG", + "nullable": true, + "enum": [ + "CCG", + "VA", + "INTERNAL", + null + ] + }, + "timestamp": { + "description": "timestamp on the Client Status update", + "type": "string", + "format": "date-time", + "example": "2020-01-01T00:00:00.000000Z" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Responds with the updated Managed Client Status.", + "content": { + "application/json": { + "schema": { + "description": "Managed Client Status", + "type": "object", + "required": [ + "body", + "status", + "type", + "timestamp" + ], + "properties": { + "body": { + "description": "ManagedClientStatus body information", + "type": "object", + "example": { + "body": { + "id": "1528", + "clientId": "1528", + "clusterId": "1533", + "orgType": "test", + "vaDownloadUrl": "https://sptcbu-va-images.s3.amazonaws.com/va-latest.zip", + "clusterJobCount": 1, + "configuration": { + "clusterType": "sqsCluster", + "clusterExternalId": "2c91808876dd79120176f758af765c58", + "debug": "false", + "failureThreshold": "0", + "gmtOffset": "-6", + "scheduleUpgrade": "false", + "va_version": "va-megapod-useast1-595-1627543540", + "jobType": "VA_UPGRADE", + "cookbook": "va-megapod-useast1-595-1627543540" + }, + "connectorServices": [ + { + "id": "540696", + "name": "EndToEnd-ADSource", + "connector_host": "host.example.com", + "connector_port": "389", + "connector_(boolean)useSSL": false, + "connectorFileUploadHistory": null + }, + { + "id": "540698", + "name": "EndToEnd-AzureADSource", + "connector_host": null, + "connector_port": null, + "connector_(boolean)useSSL": null, + "connectorFileUploadHistory": null + }, + { + "id": "540710", + "name": "EndToEnd-OpenLDAP", + "connector_host": "10.0.2.64", + "connector_port": "389", + "connector_(boolean)useSSL": false, + "connectorFileUploadHistory": null + }, + { + "id": "540713", + "name": "Dynamic-ADSource", + "connector_host": "host.example.com", + "connector_port": "389", + "connector_(boolean)useSSL": false, + "connectorFileUploadHistory": null + }, + { + "id": "540716", + "name": "EndToEnd-JdbcADSource", + "connector_host": "10.0.5.187", + "connector_port": "389", + "connector_(boolean)useSSL": false, + "connectorFileUploadHistory": null + }, + { + "id": "540717", + "name": "EndToEnd-JdbcSource", + "connector_host": null, + "connector_port": null, + "connector_(boolean)useSSL": null, + "connectorFileUploadHistory": [ + { + "serviceId": "540717", + "date": "2021-02-05T22:58:15Z", + "file": "temp7081703651350031905mysql-connector-java-8.0.11.jar" + } + ] + } + ], + "jobs": [ + { + "uuid": "872b622f-5ab5-4836-9172-e3bb77f05b2c", + "cookbook": "872b622f-5ab5-4836-9172-e3bb77f05b2c", + "state": "FINISHED", + "type": "VA_UPGRADE", + "targetId": "1528", + "managedProcessConfiguration": { + "charon": { + "version": "345", + "path": "sailpoint/charon", + "description": null, + "dependencies": null + }, + "ccg": { + "version": "415_583_79.0.0", + "path": "sailpoint/ccg", + "description": null, + "dependencies": null + }, + "toolbox": { + "version": "6", + "path": "sailpoint/toolbox", + "description": null, + "dependencies": null + }, + "fluent": { + "version": "50", + "path": "fluent/va", + "description": null, + "dependencies": null + }, + "va_agent": { + "version": "89", + "path": "sailpoint/va_agent", + "description": null, + "dependencies": null + } + } + } + ], + "queue": { + "name": "megapod-useast1-denali-lwt-cluster-1533", + "region": "us-east-1" + }, + "maintenance": { + "window": "true", + "windowStartTime": "2021-07-29T00:00:00Z", + "windowClusterTime": "2021-07-29T01:35:24Z", + "windowFinishTime": "2021-07-29T04:00:00Z" + } + } + } + }, + "status": { + "description": "status of the Managed Client", + "type": "string", + "enum": [ + "NORMAL", + "UNDEFINED", + "NOT_CONFIGURED", + "CONFIGURING", + "WARNING", + "ERROR", + "FAILED" + ] + }, + "type": { + "description": "type of the Managed Client", + "type": "string", + "example": "CCG", + "nullable": true, + "enum": [ + "CCG", + "VA", + "INTERNAL", + null + ] + }, + "timestamp": { + "description": "timestamp on the Client Status update", + "type": "string", + "format": "date-time", + "example": "2020-01-01T00:00:00.000000Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:managed-client-status:manage" + ] + } + ] + } + }, + "/managed-clusters/{id}": { + "get": { + "tags": [ + "Managed Clusters" + ], + "summary": "Get a specified ManagedCluster.", + "description": "Retrieve a ManagedCluster by ID.", + "operationId": "getManagedCluster", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the ManagedCluster to get", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "aClusterId" + } + } + ], + "responses": { + "200": { + "description": "Responds with ManagedCluster having the given ID.", + "content": { + "application/json": { + "schema": { + "description": "Managed Cluster", + "type": "object", + "required": [ + "id", + "clientType", + "ccgVersion" + ], + "properties": { + "id": { + "description": "ManagedCluster ID", + "type": "string", + "example": "aClusterId" + }, + "name": { + "description": "ManagedCluster name", + "type": "string", + "example": "Managed Cluster Name" + }, + "pod": { + "description": "ManagedCluster pod", + "type": "string", + "example": "megapod-useast1" + }, + "org": { + "description": "ManagedCluster org", + "type": "string", + "example": "denali" + }, + "type": { + "description": "The Type of Cluster", + "example": "idn", + "nullable": false, + "type": "string", + "enum": [ + "idn", + "iai" + ] + }, + "configuration": { + "description": "ManagedProcess configuration map", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "example": { + "clusterExternalId": "externalId", + "ccgVersion": "77.0.0" + } + }, + "keyPair": { + "description": "key pair for the ManagedCluster", + "type": "object", + "properties": { + "publicKey": { + "nullable": true, + "description": "ManagedCluster publicKey", + "type": "string", + "example": "-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----" + }, + "publicKeyThumbprint": { + "nullable": true, + "description": "ManagedCluster publicKeyThumbprint", + "type": "string", + "example": "6CMlaJIV44-xJxcB3CJBjDUUn54" + }, + "publicKeyCertificate": { + "nullable": true, + "description": "ManagedCluster publicKeyCertificate", + "type": "string", + "example": "-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----" + } + } + }, + "attributes": { + "description": "Specific Attributes for Configuring a ManagedCluster by Type", + "type": "object", + "properties": { + "queue": { + "description": "ManagedCluster keystore for sqsCluster type", + "type": "object", + "properties": { + "name": { + "description": "ManagedCluster queue name", + "type": "string", + "example": "megapod-useast1-denali-lwt-cluster-1533" + }, + "region": { + "description": "ManagedCluster queue aws region", + "type": "string", + "example": "us-east-1" + } + } + }, + "keystore": { + "nullable": true, + "description": "ManagedCluster keystore for spConnectCluster type", + "type": "string", + "example": "/u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW" + } + } + }, + "description": { + "description": "ManagedCluster description", + "type": "string", + "example": "A short description of the managed cluster." + }, + "redis": { + "description": "Redis configuration for the ManagedCluster", + "type": "object", + "properties": { + "redisHost": { + "description": "ManagedCluster redisHost", + "type": "string", + "example": "megapod-useast1-shared-redis.cloud.sailpoint.com" + }, + "redisPort": { + "description": "ManagedCluster redisPort", + "type": "integer", + "format": "int32", + "example": 6379 + } + } + }, + "clientType": { + "description": "type of client for the ManagedCluster", + "type": "string", + "example": "CCG", + "nullable": true, + "enum": [ + "CCG", + "VA", + "INTERNAL", + null + ] + }, + "ccgVersion": { + "description": "CCG version used by the ManagedCluster", + "type": "string", + "example": "v01" + }, + "pinnedConfig": { + "description": "boolean flag indiacting whether or not the cluster configuration is pinned", + "type": "boolean", + "default": false, + "example": false + }, + "logConfiguration": { + "description": "client log configuration for the cluster", + "example": "{ \"rootLevel\": \"WARN\", \"logLevels\": { \"foobar\": \"WARN\" } }", + "nullable": true, + "type": "object", + "required": [ + "durationMinutes", + "rootLevel" + ], + "properties": { + "clientId": { + "description": "Log configuration's client ID", + "type": "string", + "example": "aClientId" + }, + "durationMinutes": { + "description": "Duration in minutes for log configuration to remain in effect before resetting to defaults", + "type": "integer", + "format": "int32", + "example": 120, + "minimum": 5, + "maximum": 1440 + }, + "expiration": { + "description": "Expiration date-time of the log configuration request", + "example": "2020-12-15T19:13:36.079Z", + "type": "string", + "format": "date-time" + }, + "rootLevel": { + "description": "Root log level to apply, the default level for all logs. For more information about logging levels, refer to the \"Logging Levels\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "default": "INFO", + "example": "TRACE", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + }, + "logLevels": { + "description": "Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the \"Logging Classes\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "example": { + "sailpoint.connector.ADLDAPConnector": "TRACE" + }, + "type": "object", + "additionalProperties": { + "default": "INFO", + "example": "TRACE", + "description": "Standard Log4j log level", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + } + } + } + }, + "operational": { + "description": "Whether or not the cluster is operational or not", + "type": "boolean", + "default": false, + "example": false + }, + "status": { + "description": "Cluster status", + "type": "string", + "example": "NORMAL" + }, + "publicKeyCertificate": { + "nullable": true, + "description": "Public key certificate", + "type": "string", + "example": "-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----" + }, + "publicKeyThumbprint": { + "nullable": true, + "description": "Public key thumbprint", + "type": "string", + "example": "obc6pLiulGbtZ" + }, + "publicKey": { + "nullable": true, + "description": "Public key", + "type": "string", + "example": "-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----" + }, + "alertKey": { + "description": "Key describing any immediate cluster alerts", + "type": "string", + "example": "LIMITED_RESOURCES" + }, + "clientIds": { + "type": "array", + "description": "List of clients in a cluster", + "items": { + "type": "string" + }, + "example": [ + "1244", + "1245" + ] + }, + "serviceCount": { + "description": "Number of services bound to a cluster", + "type": "integer", + "format": "int32", + "default": 0, + "example": 6 + }, + "ccId": { + "description": "CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished", + "type": "string", + "default": "0", + "example": "1533" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:remote-client:read", + "idn:remote-client:manage" + ] + } + ] + } + }, + "/managed-clusters/{id}/log-config": { + "get": { + "tags": [ + "Managed Clusters" + ], + "summary": "Get managed cluster's log configuration", + "description": "Get managed cluster's log configuration.", + "operationId": "getClientLogConfiguration", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of ManagedCluster to get log configuration for", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "aClusterId" + } + } + ], + "responses": { + "200": { + "description": "Log configuration of ManagedCluster matching given cluster ID", + "content": { + "application/json": { + "schema": { + "description": "Client Runtime Logging Configuration", + "nullable": true, + "type": "object", + "required": [ + "durationMinutes", + "rootLevel" + ], + "properties": { + "clientId": { + "description": "Log configuration's client ID", + "type": "string", + "example": "aClientId" + }, + "durationMinutes": { + "description": "Duration in minutes for log configuration to remain in effect before resetting to defaults", + "type": "integer", + "format": "int32", + "example": 120, + "minimum": 5, + "maximum": 1440 + }, + "expiration": { + "description": "Expiration date-time of the log configuration request", + "example": "2020-12-15T19:13:36.079Z", + "type": "string", + "format": "date-time" + }, + "rootLevel": { + "description": "Root log level to apply, the default level for all logs. For more information about logging levels, refer to the \"Logging Levels\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "default": "INFO", + "example": "TRACE", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + }, + "logLevels": { + "description": "Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the \"Logging Classes\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "example": { + "sailpoint.connector.ADLDAPConnector": "TRACE" + }, + "type": "object", + "additionalProperties": { + "default": "INFO", + "example": "TRACE", + "description": "Standard Log4j log level", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:remote-client:read", + "idn:remote-client:manage" + ] + } + ] + }, + "put": { + "tags": [ + "Managed Clusters" + ], + "summary": "Update managed cluster's log configuration", + "description": "Update managed cluster's log configuration", + "operationId": "putClientLogConfiguration", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of ManagedCluster to update log configuration for", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "aClusterId" + } + } + ], + "requestBody": { + "description": "ClientLogConfiguration for given ManagedCluster", + "content": { + "application/json": { + "schema": { + "description": "Client Runtime Logging Configuration", + "nullable": true, + "type": "object", + "required": [ + "durationMinutes", + "rootLevel" + ], + "properties": { + "clientId": { + "description": "Log configuration's client ID", + "type": "string", + "example": "aClientId" + }, + "durationMinutes": { + "description": "Duration in minutes for log configuration to remain in effect before resetting to defaults", + "type": "integer", + "format": "int32", + "example": 120, + "minimum": 5, + "maximum": 1440 + }, + "expiration": { + "description": "Expiration date-time of the log configuration request", + "example": "2020-12-15T19:13:36.079Z", + "type": "string", + "format": "date-time" + }, + "rootLevel": { + "description": "Root log level to apply, the default level for all logs. For more information about logging levels, refer to the \"Logging Levels\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "default": "INFO", + "example": "TRACE", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + }, + "logLevels": { + "description": "Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the \"Logging Classes\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "example": { + "sailpoint.connector.ADLDAPConnector": "TRACE" + }, + "type": "object", + "additionalProperties": { + "default": "INFO", + "example": "TRACE", + "description": "Standard Log4j log level", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + } + } + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Responds with updated ClientLogConfiguration for given ManagedCluster", + "content": { + "application/json": { + "schema": { + "description": "Client Runtime Logging Configuration", + "nullable": true, + "type": "object", + "required": [ + "durationMinutes", + "rootLevel" + ], + "properties": { + "clientId": { + "description": "Log configuration's client ID", + "type": "string", + "example": "aClientId" + }, + "durationMinutes": { + "description": "Duration in minutes for log configuration to remain in effect before resetting to defaults", + "type": "integer", + "format": "int32", + "example": 120, + "minimum": 5, + "maximum": 1440 + }, + "expiration": { + "description": "Expiration date-time of the log configuration request", + "example": "2020-12-15T19:13:36.079Z", + "type": "string", + "format": "date-time" + }, + "rootLevel": { + "description": "Root log level to apply, the default level for all logs. For more information about logging levels, refer to the \"Logging Levels\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "default": "INFO", + "example": "TRACE", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + }, + "logLevels": { + "description": "Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the \"Logging Classes\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "example": { + "sailpoint.connector.ADLDAPConnector": "TRACE" + }, + "type": "object", + "additionalProperties": { + "default": "INFO", + "example": "TRACE", + "description": "Standard Log4j log level", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:remote-client:manage" + ] + } + ] + } + }, + "/managed-clusters": { + "get": { + "tags": [ + "Managed Clusters" + ], + "summary": "Retrieve all Managed Clusters.", + "description": "Retrieve all Managed Clusters for the current Org, based on request context.", + "operationId": "getManagedClusters", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filtering is supported for the following fields and operators:\n\n**operational**: *eq*", + "example": "operational eq operation" + } + ], + "responses": { + "200": { + "description": "Responds with a list of ManagedCluster.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "description": "Managed Cluster", + "type": "object", + "required": [ + "id", + "clientType", + "ccgVersion" + ], + "properties": { + "id": { + "description": "ManagedCluster ID", + "type": "string", + "example": "aClusterId" + }, + "name": { + "description": "ManagedCluster name", + "type": "string", + "example": "Managed Cluster Name" + }, + "pod": { + "description": "ManagedCluster pod", + "type": "string", + "example": "megapod-useast1" + }, + "org": { + "description": "ManagedCluster org", + "type": "string", + "example": "denali" + }, + "type": { + "description": "The Type of Cluster", + "example": "idn", + "nullable": false, + "type": "string", + "enum": [ + "idn", + "iai" + ] + }, + "configuration": { + "description": "ManagedProcess configuration map", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "example": { + "clusterExternalId": "externalId", + "ccgVersion": "77.0.0" + } + }, + "keyPair": { + "description": "key pair for the ManagedCluster", + "type": "object", + "properties": { + "publicKey": { + "nullable": true, + "description": "ManagedCluster publicKey", + "type": "string", + "example": "-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----" + }, + "publicKeyThumbprint": { + "nullable": true, + "description": "ManagedCluster publicKeyThumbprint", + "type": "string", + "example": "6CMlaJIV44-xJxcB3CJBjDUUn54" + }, + "publicKeyCertificate": { + "nullable": true, + "description": "ManagedCluster publicKeyCertificate", + "type": "string", + "example": "-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----" + } + } + }, + "attributes": { + "description": "Specific Attributes for Configuring a ManagedCluster by Type", + "type": "object", + "properties": { + "queue": { + "description": "ManagedCluster keystore for sqsCluster type", + "type": "object", + "properties": { + "name": { + "description": "ManagedCluster queue name", + "type": "string", + "example": "megapod-useast1-denali-lwt-cluster-1533" + }, + "region": { + "description": "ManagedCluster queue aws region", + "type": "string", + "example": "us-east-1" + } + } + }, + "keystore": { + "nullable": true, + "description": "ManagedCluster keystore for spConnectCluster type", + "type": "string", + "example": "/u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW" + } + } + }, + "description": { + "description": "ManagedCluster description", + "type": "string", + "example": "A short description of the managed cluster." + }, + "redis": { + "description": "Redis configuration for the ManagedCluster", + "type": "object", + "properties": { + "redisHost": { + "description": "ManagedCluster redisHost", + "type": "string", + "example": "megapod-useast1-shared-redis.cloud.sailpoint.com" + }, + "redisPort": { + "description": "ManagedCluster redisPort", + "type": "integer", + "format": "int32", + "example": 6379 + } + } + }, + "clientType": { + "description": "type of client for the ManagedCluster", + "type": "string", + "example": "CCG", + "nullable": true, + "enum": [ + "CCG", + "VA", + "INTERNAL", + null + ] + }, + "ccgVersion": { + "description": "CCG version used by the ManagedCluster", + "type": "string", + "example": "v01" + }, + "pinnedConfig": { + "description": "boolean flag indiacting whether or not the cluster configuration is pinned", + "type": "boolean", + "default": false, + "example": false + }, + "logConfiguration": { + "description": "client log configuration for the cluster", + "example": "{ \"rootLevel\": \"WARN\", \"logLevels\": { \"foobar\": \"WARN\" } }", + "nullable": true, + "type": "object", + "required": [ + "durationMinutes", + "rootLevel" + ], + "properties": { + "clientId": { + "description": "Log configuration's client ID", + "type": "string", + "example": "aClientId" + }, + "durationMinutes": { + "description": "Duration in minutes for log configuration to remain in effect before resetting to defaults", + "type": "integer", + "format": "int32", + "example": 120, + "minimum": 5, + "maximum": 1440 + }, + "expiration": { + "description": "Expiration date-time of the log configuration request", + "example": "2020-12-15T19:13:36.079Z", + "type": "string", + "format": "date-time" + }, + "rootLevel": { + "description": "Root log level to apply, the default level for all logs. For more information about logging levels, refer to the \"Logging Levels\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "default": "INFO", + "example": "TRACE", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + }, + "logLevels": { + "description": "Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the \"Logging Classes\" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).", + "example": { + "sailpoint.connector.ADLDAPConnector": "TRACE" + }, + "type": "object", + "additionalProperties": { + "default": "INFO", + "example": "TRACE", + "description": "Standard Log4j log level", + "type": "string", + "enum": [ + "OFF", + "FATAL", + "ERROR", + "WARN", + "INFO", + "DEBUG", + "TRACE" + ] + } + } + } + }, + "operational": { + "description": "Whether or not the cluster is operational or not", + "type": "boolean", + "default": false, + "example": false + }, + "status": { + "description": "Cluster status", + "type": "string", + "example": "NORMAL" + }, + "publicKeyCertificate": { + "nullable": true, + "description": "Public key certificate", + "type": "string", + "example": "-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----" + }, + "publicKeyThumbprint": { + "nullable": true, + "description": "Public key thumbprint", + "type": "string", + "example": "obc6pLiulGbtZ" + }, + "publicKey": { + "nullable": true, + "description": "Public key", + "type": "string", + "example": "-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----" + }, + "alertKey": { + "description": "Key describing any immediate cluster alerts", + "type": "string", + "example": "LIMITED_RESOURCES" + }, + "clientIds": { + "type": "array", + "description": "List of clients in a cluster", + "items": { + "type": "string" + }, + "example": [ + "1244", + "1245" + ] + }, + "serviceCount": { + "description": "Number of services bound to a cluster", + "type": "integer", + "format": "int32", + "default": 0, + "example": 6 + }, + "ccId": { + "description": "CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished", + "type": "string", + "default": "0", + "example": "1533" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:remote-client:read", + "idn:remote-client:manage" + ] + } + ] + } + }, + "/mail-from-attributes": { + "put": { + "security": [ + { + "oauth2": [ + "sp:notification-mail-from-attributes:write" + ] + } + ], + "operationId": "putMailFromAttributes", + "tags": [ + "Notifications" + ], + "summary": "Change MAIL FROM domain", + "description": "Change the MAIL FROM domain of an AWS SES email identity and provide the MX and TXT records to be placed in the caller's DNS", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identity": { + "type": "string", + "example": "BobSmith@sailpoint.com", + "description": "The identity or domain address" + }, + "mailFromDomain": { + "type": "string", + "example": "example.sailpoint.com", + "description": "The new MAIL FROM domain of the identity. Must be a subdomain of the identity." + } + }, + "description": "MAIL FROM attributes for a domain / identity" + }, + "example": { + "identity": "BobSmith@sailpoint.com", + "mailFromDomain": "example.sailpoint.com" + } + } + } + }, + "responses": { + "200": { + "description": "MAIL FROM Attributes required to verify the change", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "BobSmith@sailpoint.com", + "description": "The identity or domain address" + }, + "mxRecord": { + "type": "string", + "example": "10 feedback-smtp.us-east-1.amazonses.com", + "description": "MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you" + }, + "txtRecord": { + "type": "string", + "example": "v=spf1 include:amazonses.com ~all", + "description": "TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain" + }, + "mailFromDomainStatus": { + "type": "string", + "enum": [ + "PENDING", + "SUCCESS", + "FAILED" + ], + "example": "PENDING", + "description": "The current status of the MAIL FROM verification" + } + }, + "description": "MAIL FROM attributes for a domain / identity" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/mail-from-attribute/{id}": { + "get": { + "security": [ + { + "oauth2": [ + "sp:notification-mail-from-attributes:read" + ] + } + ], + "operationId": "getMailFromAttributes", + "tags": [ + "Notifications" + ], + "summary": "Get MAIL FROM Attributes", + "description": "Retrieve MAIL FROM attributes for a given AWS SES identity.", + "parameters": [ + { + "in": "query", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "Returns the MX and TXT record to be put in your DNS, as well as the MAIL FROM domain status", + "example": "bobsmith@sailpoint.com" + } + ], + "responses": { + "200": { + "description": "MAIL FROM Attributes object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "BobSmith@sailpoint.com", + "description": "The identity or domain address" + }, + "mxRecord": { + "type": "string", + "example": "10 feedback-smtp.us-east-1.amazonses.com", + "description": "MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you" + }, + "txtRecord": { + "type": "string", + "example": "v=spf1 include:amazonses.com ~all", + "description": "TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain" + }, + "mailFromDomainStatus": { + "type": "string", + "enum": [ + "PENDING", + "SUCCESS", + "FAILED" + ], + "example": "PENDING", + "description": "The current status of the MAIL FROM verification" + } + }, + "description": "MAIL FROM attributes for a domain / identity" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/mfa/{method}/config": { + "get": { + "operationId": "getMFAConfig", + "tags": [ + "MFA Configuration" + ], + "summary": "Configuration of a MFA method", + "description": "This API returns the configuration of a given MFA method. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:mfa-configuration:read", + "idn:mfa-configuration:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "method", + "schema": { + "type": "string", + "example": "okta-verify" + }, + "required": true, + "description": "The name of the MFA method. The currently supported method name is okta-verify." + } + ], + "responses": { + "200": { + "description": "MFA configuration of a given method.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If MFA method is enabled." + }, + "host": { + "type": "string", + "description": "The server host name or IP address of the MFA provider.", + "example": "example.com" + }, + "accessKey": { + "type": "string", + "description": "The secret key for authenticating requests to the MFA provider." + }, + "identityAttribute": { + "type": "string", + "description": "Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.", + "example": "email" + } + } + }, + "example": { + "enabled": true, + "host": "www.example.com", + "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y", + "identityAttribute": "email" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "setMFAConfig", + "tags": [ + "MFA Configuration" + ], + "summary": "Set MFA method configuration", + "description": "This API sets the configuration of a given MFA method. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:mfa-configuration:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "method", + "schema": { + "type": "string", + "example": "okta-verify" + }, + "required": true, + "description": "The name of the MFA method. The currently supported method name is okta-verify." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If MFA method is enabled." + }, + "host": { + "type": "string", + "description": "The server host name or IP address of the MFA provider.", + "example": "example.com" + }, + "accessKey": { + "type": "string", + "description": "The secret key for authenticating requests to the MFA provider." + }, + "identityAttribute": { + "type": "string", + "description": "Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.", + "example": "email" + } + } + }, + "example": { + "enabled": true, + "host": "www.example.com", + "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y", + "identityAttribute": "email" + } + } + } + }, + "responses": { + "200": { + "description": "MFA configuration of a given method.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If MFA method is enabled." + }, + "host": { + "type": "string", + "description": "The server host name or IP address of the MFA provider.", + "example": "example.com" + }, + "accessKey": { + "type": "string", + "description": "The secret key for authenticating requests to the MFA provider." + }, + "identityAttribute": { + "type": "string", + "description": "Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.", + "example": "email" + } + } + }, + "example": { + "enabled": true, + "host": "www.example.com", + "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y", + "identityAttribute": "email" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/mfa/{method}/test": { + "get": { + "operationId": "testMFAConfig", + "tags": [ + "MFA Configuration" + ], + "summary": "MFA method's test configuration", + "description": "This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:mfa-configuration:read", + "idn:mfa-configuration:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "method", + "schema": { + "type": "string", + "example": "okta-verify" + }, + "required": true, + "description": "The name of the MFA method. The currently supported method name is okta-verify." + } + ], + "responses": { + "200": { + "description": "The result of configuration test for the MFA provider.", + "content": { + "application/json": { + "schema": { + "description": "Response model for configuration test of a given MFA method", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "SUCCESS", + "FAILED" + ], + "description": "The configuration test result.", + "example": "SUCCESS", + "readOnly": true + }, + "error": { + "type": "string", + "example": "MFA Method is disabled.", + "description": "The error message to indicate the failure of configuration test.", + "readOnly": true + } + } + }, + "example": { + "state": "SUCCESS", + "error": null + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/notification-template-defaults": { + "get": { + "operationId": "listNotificationTemplateDefaults", + "tags": [ + "Notifications" + ], + "summary": "List Notification Template Defaults", + "description": "This lists the default templates used for notifications, such as emails from IdentityNow. Since this is a beta feature, it doesn't include all the templates.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**key**: *eq, in*\n\n**medium**: *eq*\n\n**locale**: *eq*" + } + ], + "responses": { + "200": { + "description": "A list of the default template objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "example": "cloud_manual_work_item_summary" + }, + "name": { + "type": "string", + "example": "Task Manager Subscription" + }, + "medium": { + "type": "string", + "description": "The message medium. More mediums may be added in the future.", + "enum": [ + "EMAIL", + "PHONE", + "SMS", + "SLACK", + "TEAMS" + ], + "example": "EMAIL" + }, + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en" + }, + "subject": { + "type": "string", + "example": "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}." + }, + "header": { + "type": "string", + "example": "Dear $__recipient.name," + }, + "body": { + "type": "string", + "example": "Please go to the task manager" + }, + "footer": { + "type": "string", + "example": "Thanks, The $__global.productName Team" + }, + "from": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "replyTo": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "description": { + "type": "string", + "example": "Daily digest - sent if number of outstanding tasks for task owner > 0" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/notification-templates": { + "get": { + "operationId": "listNotificationTemplates", + "tags": [ + "Notifications" + ], + "summary": "List Notification Templates", + "description": "This lists the templates that you have modified for your site. Since this is a beta feature, it doesn't include all your modified templates.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**key**: *eq, in*\n\n**medium**: *eq*\n\n**locale**: *eq*", + "example": "medium eq \"EMAIL\"" + } + ], + "responses": { + "200": { + "description": "A list of template objects for your site", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "example": "cloud_manual_work_item_summary" + }, + "name": { + "type": "string", + "example": "Task Manager Subscription" + }, + "medium": { + "type": "string", + "description": "The message medium. More mediums may be added in the future.", + "enum": [ + "EMAIL", + "PHONE", + "SMS", + "SLACK", + "TEAMS" + ], + "example": "EMAIL" + }, + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en" + }, + "subject": { + "type": "string", + "example": "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}." + }, + "header": { + "type": "string", + "example": "Dear $__recipient.name," + }, + "body": { + "type": "string", + "example": "Please go to the task manager" + }, + "footer": { + "type": "string", + "example": "Thanks, The $__global.productName Team" + }, + "from": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "replyTo": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "description": { + "type": "string", + "example": "Daily digest - sent if number of outstanding tasks for task owner > 0" + }, + "id": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b", + "description": "This is auto-generated." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this template is created. This is auto-generated.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this template was last modified. This is auto-generated.", + "example": "2020-01-01T00:00:00.000000Z" + } + }, + "required": [ + "key", + "medium", + "locale" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createNotificationTemplate", + "tags": [ + "Notifications" + ], + "summary": "Create Notification Template", + "description": "This creates a template for your site. \n\nYou can also use this endpoint to update a template. First, copy the response body from the [get notification template endpoint](https://developer.sailpoint.com/idn/api/beta/get-notification-template) for a template you wish to update and paste it into the request body for this endpoint. Modify the fields you want to change and submit the POST request when ready.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "key": { + "type": "string", + "example": "cloud_manual_work_item_summary" + }, + "name": { + "type": "string", + "example": "Task Manager Subscription" + }, + "medium": { + "type": "string", + "description": "The message medium. More mediums may be added in the future.", + "enum": [ + "EMAIL", + "PHONE", + "SMS", + "SLACK", + "TEAMS" + ], + "example": "EMAIL" + }, + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en" + }, + "subject": { + "type": "string", + "example": "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}." + }, + "header": { + "type": "string", + "example": "Dear $__recipient.name," + }, + "body": { + "type": "string", + "example": "Please go to the task manager" + }, + "footer": { + "type": "string", + "example": "Thanks, The $__global.productName Team" + }, + "from": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "replyTo": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "description": { + "type": "string", + "example": "Daily digest - sent if number of outstanding tasks for task owner > 0" + }, + "id": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b", + "description": "This is auto-generated." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this template is created. This is auto-generated.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this template was last modified. This is auto-generated.", + "example": "2020-01-01T00:00:00.000000Z" + } + }, + "required": [ + "key", + "medium", + "locale" + ] + } + } + } + }, + "responses": { + "200": { + "description": "A template object for your site", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "key": { + "type": "string", + "example": "cloud_manual_work_item_summary" + }, + "name": { + "type": "string", + "example": "Task Manager Subscription" + }, + "medium": { + "type": "string", + "description": "The message medium. More mediums may be added in the future.", + "enum": [ + "EMAIL", + "PHONE", + "SMS", + "SLACK", + "TEAMS" + ], + "example": "EMAIL" + }, + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en" + }, + "subject": { + "type": "string", + "example": "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}." + }, + "header": { + "type": "string", + "example": "Dear $__recipient.name," + }, + "body": { + "type": "string", + "example": "Please go to the task manager" + }, + "footer": { + "type": "string", + "example": "Thanks, The $__global.productName Team" + }, + "from": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "replyTo": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "description": { + "type": "string", + "example": "Daily digest - sent if number of outstanding tasks for task owner > 0" + }, + "id": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b", + "description": "This is auto-generated." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this template is created. This is auto-generated.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this template was last modified. This is auto-generated.", + "example": "2020-01-01T00:00:00.000000Z" + } + }, + "required": [ + "key", + "medium", + "locale" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/notification-templates/{id}": { + "get": { + "operationId": "getNotificationTemplate", + "tags": [ + "Notifications" + ], + "summary": "Get Notification Template By Id", + "description": "This gets a template that you have modified for your site by Id.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the Notification Template", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "responses": { + "200": { + "description": "A template object for your site", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "example": "cloud_manual_work_item_summary" + }, + "name": { + "type": "string", + "example": "Task Manager Subscription" + }, + "medium": { + "type": "string", + "description": "The message medium. More mediums may be added in the future.", + "enum": [ + "EMAIL", + "PHONE", + "SMS", + "SLACK", + "TEAMS" + ], + "example": "EMAIL" + }, + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en" + }, + "subject": { + "type": "string", + "example": "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}." + }, + "header": { + "type": "string", + "example": "Dear $__recipient.name," + }, + "body": { + "type": "string", + "example": "Please go to the task manager" + }, + "footer": { + "type": "string", + "example": "Thanks, The $__global.productName Team" + }, + "from": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "replyTo": { + "type": "string", + "example": "$__global.emailFromAddress" + }, + "description": { + "type": "string", + "example": "Daily digest - sent if number of outstanding tasks for task owner > 0" + }, + "id": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b", + "description": "This is auto-generated." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this template is created. This is auto-generated.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this template was last modified. This is auto-generated.", + "example": "2020-01-01T00:00:00.000000Z" + } + }, + "required": [ + "key", + "medium", + "locale" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/notification-templates/bulk-delete": { + "post": { + "operationId": "deleteNotificationTemplatesInBulk", + "tags": [ + "Notifications" + ], + "summary": "Bulk Delete Notification Templates", + "description": "This lets you bulk delete templates that you previously created for your site. Since this is a beta feature, you can only delete a subset of your notifications, i.e. ones that show up in the list call.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "example": "cloud_manual_work_item_summary" + }, + "medium": { + "type": "string", + "enum": [ + "EMAIL", + "PHONE", + "SMS" + ], + "example": "EMAIL" + }, + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en" + } + }, + "required": [ + "key" + ] + } + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/oauth-clients": { + "get": { + "operationId": "listOauthClients", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "List OAuth Clients", + "description": "This gets a list of OAuth clients.", + "parameters": [ + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "example": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ], + "responses": { + "200": { + "description": "List of OAuth clients.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the OAuth client", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "businessName": { + "type": "string", + "nullable": true, + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "nullable": true, + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "nullable": true, + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400 + }, + "redirectUris": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs used with the authorization_code flow", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal to IDN", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was created", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was last updated", + "example": "2018-06-25T20:22:28.104Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "id", + "businessName", + "homepageUrl", + "name", + "description", + "accessTokenValiditySeconds", + "refreshTokenValiditySeconds", + "redirectUris", + "grantTypes", + "accessType", + "type", + "internal", + "enabled", + "strongAuthSupported", + "claimsSupported", + "created", + "modified", + "scope" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createOauthClient", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "Create OAuth Client", + "description": "This creates an OAuth client.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "businessName": { + "type": "string", + "nullable": true, + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "nullable": true, + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "nullable": true, + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "nullable": true, + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400 + }, + "redirectUris": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client.", + "example": [ + "http://localhost:12345", + "http://localhost:67890" + ] + }, + "grantTypes": { + "type": "array", + "nullable": true, + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal within the product.", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client. If no scope is specified, the client will be created with the default scope \"sp:scopes:all\". This means the API Client will have all the rights of the owner who created it.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "name", + "description", + "accessTokenValiditySeconds", + "grantTypes", + "accessType", + "enabled" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the OAuth client", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "secret": { + "type": "string", + "description": "Secret of the OAuth client (This field is only returned on the intial create call.)", + "example": "5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3" + }, + "businessName": { + "type": "string", + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400 + }, + "redirectUris": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs used with the authorization_code flow", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal to IDN", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was created", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was last updated", + "example": "2018-06-25T20:22:28.104Z" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "id", + "secret", + "businessName", + "homepageUrl", + "name", + "description", + "accessTokenValiditySeconds", + "refreshTokenValiditySeconds", + "redirectUris", + "grantTypes", + "accessType", + "type", + "internal", + "enabled", + "strongAuthSupported", + "claimsSupported", + "created", + "modified", + "scope" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/oauth-clients/{id}": { + "get": { + "operationId": "getOauthClient", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage", + "sp:oauth-client:read" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "Get OAuth Client", + "description": "This gets details of an OAuth client.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The OAuth client id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the OAuth client", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "businessName": { + "type": "string", + "nullable": true, + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "nullable": true, + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "nullable": true, + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400 + }, + "redirectUris": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs used with the authorization_code flow", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal to IDN", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was created", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was last updated", + "example": "2018-06-25T20:22:28.104Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "id", + "businessName", + "homepageUrl", + "name", + "description", + "accessTokenValiditySeconds", + "refreshTokenValiditySeconds", + "redirectUris", + "grantTypes", + "accessType", + "type", + "internal", + "enabled", + "strongAuthSupported", + "claimsSupported", + "created", + "modified", + "scope" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteOauthClient", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "Delete OAuth Client", + "description": "This deletes an OAuth client.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The OAuth client id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchOauthClient", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "Patch OAuth Client", + "description": "This performs a targeted update to the field(s) of an OAuth client.\nRequest will require a security scope of \n- sp:oauth-client:manage", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The OAuth client id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields are patchable:\n* tenant\n* businessName\n* homepageUrl\n* name\n* description\n* accessTokenValiditySeconds\n* refreshTokenValiditySeconds\n* redirectUris\n* grantTypes\n* accessType\n* enabled\n* strongAuthSupported\n* claimsSupported\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/strongAuthSupported", + "value": true + }, + { + "op": "replace", + "path": "/businessName", + "value": "acme-solar" + } + ] + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the OAuth client's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the OAuth client", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "businessName": { + "type": "string", + "nullable": true, + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "nullable": true, + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "nullable": true, + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400 + }, + "redirectUris": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs used with the authorization_code flow", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal to IDN", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was created", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was last updated", + "example": "2018-06-25T20:22:28.104Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "id", + "businessName", + "homepageUrl", + "name", + "description", + "accessTokenValiditySeconds", + "refreshTokenValiditySeconds", + "redirectUris", + "grantTypes", + "accessType", + "type", + "internal", + "enabled", + "strongAuthSupported", + "claimsSupported", + "created", + "modified", + "scope" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/org-config": { + "get": { + "operationId": "getOrgConfig", + "tags": [ + "Org Config" + ], + "summary": "Get Org configuration settings", + "security": [ + { + "oauth2": [ + "idn:org-configs:read", + "idn:org-configs:manage" + ] + } + ], + "description": "Get org configuration with only external (org admin) accessible properties for the current org.", + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "DTO class for OrgConfig data accessible by customer external org admin (\"ORG_ADMIN\") users", + "properties": { + "orgName": { + "type": "string", + "description": "The name of the org.", + "example": "acme-solar" + }, + "timeZone": { + "type": "string", + "description": "The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones", + "example": "America/Toronto" + }, + "lcsChangeHonorsSourceEnableFeature": { + "type": "boolean", + "description": "Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org.", + "example": false + }, + "armCustomerId": { + "type": "string", + "description": "ARM Customer ID", + "nullable": true, + "example": "DE38E75A-5FF6-4A65-5DC7-08D64426B09E" + }, + "armSapSystemIdMappings": { + "type": "string", + "description": "A list of IDN::sourceId to ARM::systemId mappings.", + "nullable": true, + "example": [ + { + "sourceId": "2c91808c791a94e501792388b0d62659", + "systemId": "1556" + }, + { + "sourceId": "2_2c91808c791a94e501792388b0d62659", + "systemId": "2_1556" + }, + { + "sourceId": "3_2c91808c791a94e501792388b0d62659", + "systemId": "3_1556" + } + ] + }, + "armAuth": { + "type": "string", + "description": "ARM authentication string", + "nullable": true, + "example": "epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag==" + }, + "armDb": { + "type": "string", + "description": "ARM database name", + "nullable": true, + "example": "EU" + }, + "armSsoUrl": { + "type": "string", + "description": "ARM SSO URL", + "nullable": true, + "example": "https://your-arm-sso-url" + }, + "iaiEnableCertificationRecommendations": { + "type": "boolean", + "description": "Flag to determine whether IAI Certification Recommendations are enabled for the current org", + "example": true + }, + "sodReportConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "columnName": { + "type": "string", + "description": "Name of column in report", + "example": "SOD Business Name" + }, + "required": { + "type": "boolean", + "description": "If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column's definition.", + "example": true, + "default": false + }, + "included": { + "type": "boolean", + "description": "If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true.", + "example": false, + "default": false + }, + "order": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order.", + "example": 2 + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchOrgConfig", + "tags": [ + "Org Config" + ], + "summary": "Patch an Org configuration property", + "security": [ + { + "oauth2": [ + "idn:org-configs:manage" + ] + } + ], + "description": "Patch configuration of the current org using http://jsonpatch.com/ syntax. Commonly used for changing the time zone of an org.", + "requestBody": { + "description": "A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/timeZone", + "value": "America/Toronto" + } + ] + } + }, + "required": true + }, + "responses": { + "200": { + "description": "The Org was successfully patched.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "DTO class for OrgConfig data accessible by customer external org admin (\"ORG_ADMIN\") users", + "properties": { + "orgName": { + "type": "string", + "description": "The name of the org.", + "example": "acme-solar" + }, + "timeZone": { + "type": "string", + "description": "The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones", + "example": "America/Toronto" + }, + "lcsChangeHonorsSourceEnableFeature": { + "type": "boolean", + "description": "Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org.", + "example": false + }, + "armCustomerId": { + "type": "string", + "description": "ARM Customer ID", + "nullable": true, + "example": "DE38E75A-5FF6-4A65-5DC7-08D64426B09E" + }, + "armSapSystemIdMappings": { + "type": "string", + "description": "A list of IDN::sourceId to ARM::systemId mappings.", + "nullable": true, + "example": [ + { + "sourceId": "2c91808c791a94e501792388b0d62659", + "systemId": "1556" + }, + { + "sourceId": "2_2c91808c791a94e501792388b0d62659", + "systemId": "2_1556" + }, + { + "sourceId": "3_2c91808c791a94e501792388b0d62659", + "systemId": "3_1556" + } + ] + }, + "armAuth": { + "type": "string", + "description": "ARM authentication string", + "nullable": true, + "example": "epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag==" + }, + "armDb": { + "type": "string", + "description": "ARM database name", + "nullable": true, + "example": "EU" + }, + "armSsoUrl": { + "type": "string", + "description": "ARM SSO URL", + "nullable": true, + "example": "https://your-arm-sso-url" + }, + "iaiEnableCertificationRecommendations": { + "type": "boolean", + "description": "Flag to determine whether IAI Certification Recommendations are enabled for the current org", + "example": true + }, + "sodReportConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "columnName": { + "type": "string", + "description": "Name of column in report", + "example": "SOD Business Name" + }, + "required": { + "type": "boolean", + "description": "If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column's definition.", + "example": true, + "default": false + }, + "included": { + "type": "boolean", + "description": "If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true.", + "example": false, + "default": false + }, + "order": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order.", + "example": 2 + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/org-config/valid-time-zones": { + "get": { + "operationId": "getValidTimeZones", + "tags": [ + "Org Config" + ], + "summary": "Get list of time zones", + "security": [ + { + "oauth2": [ + "idn:org-configs:read", + "idn:org-configs-user:read" + ] + } + ], + "description": "Get a list of valid time zones that can be set in org configurations.", + "responses": { + "200": { + "description": "Request successful", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "example": [ + "Etc/GMT-6", + "Etc/GMT+8", + "EST", + "America/Chicago", + "America/Toronto", + "Asia/Gaza", + "Europe/Brussels", + "Europe/Kiev" + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/outlier-summaries": { + "get": { + "operationId": "getIdentityOutlierSnapshots", + "tags": [ + "IAI Outliers" + ], + "summary": "IAI Identity Outliers Summary", + "description": "This API receives a summary containing: the number of identities that customer has, the number of outliers, and the type of outlier\nRequires authorization scope of 'iai:outliers-management:read'", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "name": "type", + "in": "query", + "description": "Type of the identity outliers snapshot to filter on", + "required": false, + "schema": { + "type": "string", + "enum": [ + "LOW_SIMILARITY", + "STRUCTURAL" + ] + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following field and operators: \n**snapshotDate**: *ge, le*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following field: **snapshotDate**", + "example": "snapshotDate", + "required": false + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers", + "headers": { + "X-Total-Count": { + "description": "The total result count.", + "schema": { + "type": "integer" + } + } + }, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "LOW_SIMILARITY", + "STRUCTURAL" + ], + "description": "The type of outlier summary", + "example": "LOW_SIMILARITY" + }, + "snapshotDate": { + "type": "string", + "format": "date-time", + "description": "The date the bulk outlier detection ran/snapshot was created", + "example": "2021-05-01T18:40:35.772Z" + }, + "totalOutliers": { + "type": "integer", + "description": "Total number of outliers for the customer making the request", + "example": 50 + }, + "totalIdentities": { + "type": "integer", + "description": "Total number of identities for the customer making the request", + "example": 5000 + } + } + } + } + } + } + }, + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/outlier-summaries/latest": { + "get": { + "operationId": "getLatestIdentityOutlierSnapshots", + "tags": [ + "IAI Outliers" + ], + "summary": "IAI Identity Outliers Latest Summary", + "description": "This API returns a most recent snapshot of each outlier type, each containing: the number of identities that customer has, the number of outliers, and the type of outlier\nRequires authorization scope of 'iai:outliers-management:read'", + "parameters": [ + { + "name": "type", + "in": "query", + "description": "Type of the identity outliers snapshot to filter on", + "required": false, + "schema": { + "type": "string", + "enum": [ + "LOW_SIMILARITY", + "STRUCTURAL" + ] + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "LOW_SIMILARITY", + "STRUCTURAL" + ], + "description": "The type of outlier summary", + "example": "LOW_SIMILARITY" + }, + "snapshotDate": { + "type": "string", + "format": "date-time", + "description": "The date the bulk outlier detection ran/snapshot was created", + "example": "2021-05-01T18:40:35.772Z" + }, + "totalOutliers": { + "type": "integer", + "description": "Total number of outliers for the customer making the request", + "example": 50 + }, + "totalIdentities": { + "type": "integer", + "description": "Total number of identities for the customer making the request", + "example": 5000 + }, + "totalIgnored": { + "type": "integer", + "description": "Total number of ignored outliers", + "example": 10 + } + } + } + } + } + } + }, + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/outliers": { + "get": { + "operationId": "getIdentityOutliers", + "tags": [ + "IAI Outliers" + ], + "summary": "IAI Get Identity Outliers", + "description": "This API receives a list of outliers, containing data such as: identityId, outlier type, detection dates, identity attributes, if identity is ignore, and certification information\nRequires authorization scope of 'iai:outliers-management:read'", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "type", + "in": "query", + "description": "Type of the identity outliers snapshot to filter on", + "required": false, + "schema": { + "type": "string", + "enum": [ + "LOW_SIMILARITY", + "STRUCTURAL" + ], + "example": "LOW_SIMILARITY" + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string", + "example": "attributes.displayName sw \"John\" and certStatus eq \"false\"" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**attributes**: *eq, sw, co, in*\n\n**firstDetectionDate**: *ge, le*\n\n**certStatus**: *eq*\n\n**ignored**: *eq*\n\n**score**: *ge, le*" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated", + "example": "attributes.displayName,firstDetectionDate,-score" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **firstDetectionDate, attributes, score**" + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns list of objects. Each object contains information about outliers", + "headers": { + "X-Total-Count": { + "description": "The total result count.", + "schema": { + "type": "integer" + } + } + }, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The identity's unique identifier for the outlier record", + "example": "5be33d3e-c54d-4ed7-af73-2380543e8283" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity that is detected as an outlier", + "example": "5be33d3e-c54d-4ed7-af73-2380543e8283" + }, + "type": { + "type": "string", + "enum": [ + "LOW_SIMILARITY", + "STRUCTURAL" + ], + "description": "The type of outlier summary", + "example": "LOW_SIMILARITY" + }, + "firstDetectionDate": { + "type": "string", + "format": "date-time", + "description": "The first date the outlier was detected", + "example": "2021-05-01T18:40:35.772Z" + }, + "latestDetectionDate": { + "type": "string", + "format": "date-time", + "description": "The most recent date the outlier was detected", + "example": "2021-05-03T18:40:35.772Z" + }, + "ignored": { + "type": "boolean", + "description": "Flag whether or not the outlier has been ignored", + "example": false + }, + "attributes": { + "type": "object", + "description": "Object containing mapped identity attributes", + "example": { + "displayName": "John Smith", + "jobTitle": "Software Engineer", + "department": "Engineering" + } + }, + "score": { + "type": "number", + "format": "float", + "description": "The outlier score determined by the detection engine ranging from 0..1", + "example": 0.92 + }, + "unignoreType": { + "type": "string", + "enum": [ + "MANUAL", + "AUTOMATIC" + ], + "description": "Enum value of if the outlier manually or automatically un-ignored. Will be NULL if outlier is not ignored", + "example": "MANUAL" + }, + "unignoreDate": { + "type": "string", + "format": "date-time", + "description": "shows date when last time has been unignored outlier", + "example": "2021-06-01T18:40:35.772Z" + }, + "ignoreDate": { + "type": "string", + "format": "date-time", + "description": "shows date when last time has been ignored outlier", + "example": "2021-06-01T18:40:35.772Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/outliers/{outlierId}/contributing-features": { + "get": { + "operationId": "getPeerGroupOutliersContributingFeatures", + "tags": [ + "IAI Outliers" + ], + "summary": "Get identity outlier's contibuting features", + "description": "This API returns a list of contributing feature objects for a single outlier. The object contains: feature name, feature value type, value, importance, display name (translated text or message key), description (translated text or message key), translation messages object\nRequires authorization scope of 'iai:outliers-management:read'", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "include-translation-messages", + "in": "query", + "description": "Whether or not to include translation messages object in returned response", + "required": false, + "schema": { + "type": "string", + "example": "include-translation-messages=" + } + }, + { + "in": "path", + "example": "2c918085842e69ae018432d22ccb212f", + "name": "outlierId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The outlier id" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated", + "example": "importance" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **importance**" + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns list of objects. Each object contains a feature and metadata about that feature", + "headers": { + "X-Total-Count": { + "description": "The total result count.", + "schema": { + "type": "integer" + } + }, + "accept-language": { + "description": "The locale to use for translations for displayName and description text", + "schema": { + "type": "string" + } + } + }, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the feature", + "example": "entitlement_count" + }, + "valueType": { + "type": "string", + "enum": [ + "INTEGER", + "FLOAT" + ], + "description": "The data type of the value field", + "example": "INTEGER" + }, + "value": { + "oneOf": [ + { + "type": "number", + "format": "float", + "minimum": 0, + "maximum": 1 + }, + { + "type": "integer", + "format": "int64" + } + ], + "description": "The feature value", + "example": 0.92 + }, + "importance": { + "type": "number", + "format": "float", + "description": "The importance of the feature. This can also be a negative value", + "minimum": -1, + "maximum": 1, + "example": -0.15 + }, + "displayName": { + "type": "string", + "description": "The (translated if header is passed) displayName for the feature", + "example": "Number of entitlements" + }, + "description": { + "type": "string", + "description": "The (translated if header is passed) description for the feature", + "example": "The total number of entitlements belonging to an identity" + }, + "translationMessages": { + "type": "object", + "properties": { + "displayName": { + "properties": { + "key": { + "type": "string", + "description": "The key of the translation message", + "example": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH" + }, + "values": { + "type": "array", + "description": "The values corresponding to the translation messages", + "items": { + "type": "string" + }, + "example": [ + "75", + "department" + ] + } + } + }, + "description": { + "properties": { + "key": { + "type": "string", + "description": "The key of the translation message", + "example": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH" + }, + "values": { + "type": "array", + "description": "The values corresponding to the translation messages", + "items": { + "type": "string" + }, + "example": [ + "75", + "department" + ] + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/outliers/ignore": { + "post": { + "operationId": "ignoreIdentityOutliers", + "tags": [ + "IAI Outliers" + ], + "summary": "IAI Identity Outliers Ignore", + "description": "This API receives a list of IdentityIDs in the request, changes the outliers to be ignored--returning a 204 if successful.\nRequires authorization scope of 'iai:outliers-management:update'", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of identity IDs to ignore from outlier listing", + "example": [ + "abc123def456", + "ghi789jkl012" + ] + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/outliers/unignore": { + "post": { + "operationId": "unIgnoreIdentityOutliers", + "tags": [ + "IAI Outliers" + ], + "summary": "IAI Identity Outliers Unignore", + "description": "This API receives a list of IdentityIDs in the request, changes the outliers to be un-ignored--returning a 204 if successful.\nRequires authorization scope of 'iai:outliers-management:update'", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of identity IDs to un-ignore from outlier listing", + "example": [ + "abc123def456", + "ghi789jkl012" + ] + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/outliers/export": { + "get": { + "operationId": "exportOutliersZip", + "tags": [ + "IAI Outliers" + ], + "summary": "IAI Identity Outliers Export", + "description": "This API exports a list of ignored outliers to a CSV as well as list of non-ignored outliers to a CSV. These two CSVs will be zipped and exported Columns will include: identityID, type, firstDetectionDate, latestDetectionDate, ignored, & attributes (defined set of identity attributes)\nRequires authorization scope of 'iai:outliers-management:read'", + "parameters": [ + { + "name": "type", + "in": "query", + "description": "Type of the identity outliers snapshot to filter on", + "required": false, + "schema": { + "type": "string", + "enum": [ + "LOW_SIMILARITY", + "STRUCTURAL" + ] + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns zip of 2 CSVs to download. 1 CSV for ignored outliers and 1 for non-ignored outliers", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-dictionary": { + "get": { + "operationId": "getPasswordDictionary", + "tags": [ + "Password Dictionary" + ], + "summary": "Get Password Dictionary", + "description": "This gets password dictionary for the organization.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-dictionary-management:read" + ] + } + ], + "responses": { + "200": { + "description": "\nThe password dictionary file can contain lines that are:\n1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing\n2. empty lines\n3. locale line - the first line that starts with \"locale=\" is considered to be locale line, the rest are treated as normal content lines\n4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;\n maximum length of the line is 128 Unicode codepoints\n\n\nPassword dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).\n Password dict file must contain UTF-8 characters only.\n\n# Sample password text file\n\n```\n\n# Password dictionary small test file\n\nlocale=en_US\n\n# Password dictionary prohibited words\n\nqwerty\nabcd\naaaaa\npassword\nqazxsws\n\n```", + "content": { + "text/plain": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePasswordDictionary", + "tags": [ + "Password Dictionary" + ], + "summary": "Update Password Dictionary", + "description": "This updates password dictionary for the organization.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-dictionary:manage" + ] + } + ], + "requestBody": { + "required": true, + "description": "\nThe password dictionary file can contain lines that are:\n1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing\n2. empty lines\n3. locale line - the first line that starts with \"locale=\" is considered to be locale line, the rest are treated as normal content lines\n4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;\n maximum length of the line is 128 Unicode codepoints\n\n\nPassword dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).\n Password dict file must contain UTF-8 characters only.\n\n# Sample password text file\n\n```\n\n# Password dictionary small test file\n\nlocale=en_US\n\n# Password dictionary prohibited words\n\nqwerty\nabcd\naaaaa\npassword\nqazxsws\n\n```", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated." + }, + "201": { + "description": "Created." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/query-password-info": { + "post": { + "operationId": "queryPasswordInfo", + "tags": [ + "Password Management" + ], + "summary": "Query Password Info", + "description": "This API is used to query password related information. \n\nA token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) \nis required to call this API. \"API authority\" refers to a token that only has the \"client_credentials\" \ngrant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) \nor a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) \ngrant type will **NOT** work on this endpoint, and a `403 Forbidden` response \nwill be returned.\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "userName": { + "type": "string", + "description": "The login name of the user", + "example": "Abby.Smith" + }, + "sourceName": { + "type": "string", + "description": "The display name of the source", + "example": "My-AD" + } + } + }, + "example": { + "userName": "Abby.Smith", + "sourceName": "My-AD" + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password info.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "example": "2c918085744fec4301746f9a5bce4605" + }, + "sourceId": { + "type": "string", + "example": "2c918083746f642c01746f990884012a" + }, + "publicKeyId": { + "type": "string", + "example": "N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh" + }, + "publicKey": { + "type": "string", + "description": "User's public key with Base64 encoding", + "example": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB" + }, + "accounts": { + "type": "array", + "description": "Account info related to queried identity and source", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "accountName": { + "type": "string", + "description": "Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008", + "example": "Abby.Smith" + } + } + } + }, + "policies": { + "type": "array", + "description": "Password constraints", + "items": { + "type": "string" + }, + "example": [ + "passwordRepeatedChar is 3", + "passwordMinAlpha is 1", + "passwordMinLength is 5", + "passwordMinNumeric is 1" + ] + } + } + }, + "example": { + "identityId": "2c918085744fec4301746f9a5bce4611", + "sourceId": "2c918083746f642c01746f9908840111", + "publicKeyId": "N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVA", + "publicKey": "AIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB", + "accounts": [ + { + "accountId": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com", + "accountName": "Abby.Smith" + } + ], + "policies": [ + "passwordRepeatedChar is 3", + "passwordMinAlpha is 1", + "passwordMinLength is 5", + "passwordMinNumeric is 1" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/set-password": { + "post": { + "operationId": "setIdentityPassword", + "tags": [ + "Password Management" + ], + "summary": "Set Identity's Password", + "description": "This API is used to set a password for an identity. \n\nAn identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or [\"authorization_code\" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).\n\nA token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. \n\"API authority\" refers to a token that only has the \"client_credentials\" grant type.\n\nYou can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey). \nTo do so, follow these steps:\n\n1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`. \n\n2. Choose an account from the previous response that you will provide as an `accountId` in your request to set an encrypted password. \n\n3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password:\n\n```java\nimport javax.crypto.Cipher;\nimport java.security.KeyFactory;\nimport java.security.PublicKey;\nimport java.security.spec.X509EncodedKeySpec;\nimport java util.Base64;\n\nString encrypt(String publicKey, String toEncrypt) throws Exception {\n byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey);\n byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes(\"UTF-8\"));\n return Base64.getEncoder().encodeToString(encryptedBytes);\n}\n\nprivate byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception {\n PublicKey key = KeyFactory.getInstance(\"RSA\").generatePublic(new X509EncodedKeySpec(publicKeyBytes));\n String transformation = \"RSA/ECB/PKCS1Padding\";\n Cipher cipher = Cipher.getInstance(transformation);\n cipher.init(1, key);\n return cipher.doFinal(toEncryptBytes);\n}\n``` \n\nIn this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent. \n\nYou can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. \n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "description": "The identity ID that requested the password change", + "example": "8a807d4c73c545510173c545f0a002ff" + }, + "encryptedPassword": { + "type": "string", + "description": "The RSA encrypted password", + "example": "XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==" + }, + "publicKeyId": { + "type": "string", + "description": "The encryption key ID", + "example": "YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2" + }, + "accountId": { + "type": "string", + "description": "Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source for which identity is requesting the password change", + "example": "8a807d4c73c545510173c545d4b60246" + } + } + }, + "example": { + "identityId": "8a807d4c73c545510173c545f0a002ff", + "encryptedPassword": "GIAP7TaAg7Y2EJtFojokBDvHQ/iXF3qk0z0+eLusqXMSkEhAfr34GydFLy+BM2uZB94cwbTYKi9rRrCRRdh8610VeqpRDjhuc28nOPYqTJOx09IGJdr8dl4mbhC1f21JCqMBBrFSA4VQQvd6OMVsceoXTjDI0aKahRYNjlMlsOuaIUZeNQxWBydLuR6vYG3qAKEPCzYZbvyYuBUylUWArfqwV4dgwKGDgDkTLBkQU9LVu3rssc+BXaex6l6JcBDiPg7wvKD1G3lZ+BaGrMknbx3j0T2Uivg+HxwTf7PmtAua6O9M7F984c79KM+sYFTU37MAdlWZu/cy+w2DdHVdCg==", + "publicKeyId": "YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2", + "accountId": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com", + "sourceId": "8a807d4c73c545510173c545d4b60246" + } + } + } + }, + "responses": { + "202": { + "description": "Reference to the password change.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "requestId": { + "type": "string", + "nullable": true, + "description": "The password change request ID", + "example": "089899f13a8f4da7824996191587bab9" + }, + "state": { + "type": "string", + "enum": [ + "IN_PROGRESS", + "FINISHED", + "FAILED" + ], + "description": "Password change state" + } + } + }, + "examples": { + "Password change is in progress": { + "value": { + "state": "IN_PROGRESS", + "requestId": "089899f13a8f4da7824996191587bab9" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-change-status/{id}": { + "get": { + "operationId": "getIdentityPasswordChangeStatus", + "tags": [ + "Password Management" + ], + "summary": "Get Password Change Request Status", + "description": "This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true + } + ], + "responses": { + "200": { + "description": "Status of the password change request", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "requestId": { + "type": "string", + "nullable": true, + "description": "The password change request ID", + "example": "089899f13a8f4da7824996191587bab9" + }, + "state": { + "type": "string", + "enum": [ + "IN_PROGRESS", + "FINISHED", + "FAILED" + ], + "description": "Password change state" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The errors during the password change request" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of source IDs in the password change request" + } + } + }, + "example": { + "status": "IN_PROCESS", + "reqeustId": "089899f13a8f4da7824996191587bab9", + "error": null + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-sync-groups": { + "get": { + "operationId": "getPasswordSyncGroups", + "tags": [ + "Password Sync Groups" + ], + "summary": "Get Password Sync Group List", + "description": "This API returns a list of password sync groups. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:read" + ] + } + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "A list of password sync groups.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createPasswordSyncGroup", + "tags": [ + "Password Sync Groups" + ], + "summary": "Create Password Sync Group", + "description": "This API creates a password sync group based on the specifications provided. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:write" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "name": "Password Sync Group 2", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password sync group.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "id": "6881f631-3bd5-4213-9c75-8e05cc3e35dd", + "name": "Password Sync Group 2", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-sync-groups/{id}": { + "get": { + "operationId": "getPasswordSyncGroup", + "tags": [ + "Password Sync Groups" + ], + "summary": "Get Password Sync Group by ID", + "description": "This API returns the sync group for the specified ID. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:read" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of password sync group to retrieve.", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + } + ], + "responses": { + "200": { + "description": "Reference to the password sync group.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "id": "6881f631-3bd5-4213-9c75-8e05cc3e35dd", + "name": "Password Sync Group 1", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePasswordSyncGroup", + "tags": [ + "Password Sync Groups" + ], + "summary": "Update Password Sync Group by ID", + "description": "This API updates the specified password sync group. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:write" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of password sync group to update.", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "id": "6881f631-3bd5-4213-9c75-8e05cc3e35dd", + "name": "Password Sync Group 2", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password sync group.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "id": "6881f631-3bd5-4213-9c75-8e05cc3e35dd", + "name": "Password Sync Group 2", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deletePasswordSyncGroup", + "tags": [ + "Password Sync Groups" + ], + "summary": "Delete Password Sync Group by ID", + "description": "This API deletes the specified password sync group. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:write" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of password sync group to delete.", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-org-config": { + "get": { + "operationId": "getPasswordOrgConfig", + "tags": [ + "Password Configuration" + ], + "summary": "Get Password Org Config", + "description": "This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:read'", + "security": [ + { + "oauth2": [ + "idn:password-org-config:read" + ] + } + ], + "responses": { + "200": { + "description": "Reference to the password org config.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "customInstructionsEnabled": true, + "digitTokenDurationMinutes": 9, + "digitTokenEnabled": false, + "digitTokenLength": 6 + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePasswordOrgConfig", + "tags": [ + "Password Configuration" + ], + "summary": "Update Password Org Config", + "description": "This API updates the password org config for specified fields. Other fields will keep original value. Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'", + "security": [ + { + "oauth2": [ + "idn:password-org-config:write" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "digitTokenEnabled": true, + "digitTokenDurationMinutes": 12 + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password org config.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "customInstructionsEnabled": true, + "digitTokenDurationMinutes": 12, + "digitTokenEnabled": true, + "digitTokenLength": 6 + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createPasswordOrgConfig", + "tags": [ + "Password Configuration" + ], + "summary": "Create Password Org Config", + "description": "This API creates the password org config. Unspecified fields will use default value. Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'", + "security": [ + { + "oauth2": [ + "idn:password-org-config:write" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "customInstructionsEnabled": true, + "digitTokenEnabled": true, + "digitTokenDurationMinutes": 12, + "digitTokenLength": 9 + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password org config.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "customInstructionsEnabled": true, + "digitTokenDurationMinutes": 9, + "digitTokenEnabled": true, + "digitTokenLength": 12 + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/peer-group-strategies/{strategy}/identity-outliers": { + "get": { + "operationId": "getPeerGroupOutliers", + "tags": [ + "IAI Peer Group Strategies" + ], + "summary": "Identity Outliers List", + "deprecated": true, + "description": "-- Deprecated : See 'IAI Outliers' This API will be used by Identity Governance systems to identify identities that are not included in an organization's peer groups. By default, 250 identities are returned. You can specify between 1 and 1000 number of identities that can be returned.", + "parameters": [ + { + "in": "path", + "name": "strategy", + "schema": { + "type": "string" + }, + "required": true, + "description": "The strategy used to create peer groups. Currently, 'entitlement' is supported.", + "example": "entitlement" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "List of identities that are not included in peer groups.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "A unique identifier for the peer group member." + }, + "type": { + "type": "string", + "description": "The type of the peer group member." + }, + "peer_group_id": { + "type": "string", + "description": "The ID of the peer group." + }, + "attributes": { + "type": "object", + "additionalProperties": { + "type": "object" + }, + "description": "Arbitrary key-value pairs, belonging to the peer group member." + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [] + } + ] + } + }, + "/personal-access-tokens": { + "get": { + "operationId": "listPersonalAccessTokens", + "security": [ + { + "oauth2": [ + "sp:my-personal-access-tokens:read", + "sp:my-personal-access-tokens:manage", + "sp:all-personal-access-tokens:read", + "sp:all-personal-access-tokens:manage" + ] + } + ], + "tags": [ + "Personal Access Tokens" + ], + "summary": "List Personal Access Tokens", + "description": "This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right.", + "parameters": [ + { + "in": "query", + "name": "owner-id", + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "required": false, + "schema": { + "type": "string", + "default": null, + "example": "2c9180867b50d088017b554662fb281e" + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "example": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ], + "responses": { + "200": { + "description": "List of personal access tokens.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the personal access token (to be used as the username for Basic Auth).", + "example": "86f1dc6fe8f54414950454cbb11278fa" + }, + "name": { + "type": "string", + "description": "The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.", + "example": "NodeJS Integration" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the personal access token.", + "example": [ + "demo:personal-access-token-scope:first", + "demo:personal-access-token-scope:second" + ] + }, + "owner": { + "description": "Details about the owner of the personal access token.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was created.", + "example": "2017-07-11T18:45:37.098Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + } + }, + "required": [ + "id", + "name", + "scope", + "owner", + "created" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createPersonalAccessToken", + "security": [ + { + "oauth2": [ + "sp:my-personal-access-tokens:manage", + "sp:all-personal-access-tokens:manage" + ] + } + ], + "tags": [ + "Personal Access Tokens" + ], + "summary": "Create Personal Access Token", + "description": "This creates a personal access token.", + "requestBody": { + "description": "Name and scope of personal access token.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Object for specifying the name of a personal access token to create", + "properties": { + "name": { + "type": "string", + "description": "The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created.", + "example": "NodeJS Integration" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the personal access token. If no scope is specified, the token will be created with the default scope \"sp:scopes:all\". This means the personal access token will have all the rights of the owner who created it.", + "example": [ + "demo:personal-access-token-scope:first", + "demo:personal-access-token-scope:second" + ] + } + }, + "required": [ + "name" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the personal access token (to be used as the username for Basic Auth).", + "example": "86f1dc6fe8f54414950454cbb11278fa" + }, + "secret": { + "type": "string", + "description": "The secret of the personal access token (to be used as the password for Basic Auth).", + "example": "1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the personal access token.", + "example": [ + "demo:personal-access-token-scope:first", + "demo:personal-access-token-scope:second" + ] + }, + "name": { + "type": "string", + "description": "The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.", + "example": "NodeJS Integration" + }, + "owner": { + "description": "Details about the owner of the personal access token.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was created.", + "example": "2017-07-11T18:45:37.098Z" + } + }, + "required": [ + "id", + "secret", + "scope", + "name", + "owner", + "created" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/personal-access-tokens/{id}": { + "patch": { + "operationId": "patchPersonalAccessToken", + "security": [ + { + "oauth2": [ + "sp:my-personal-access-tokens:manage" + ] + } + ], + "tags": [ + "Personal Access Tokens" + ], + "summary": "Patch Personal Access Token", + "description": "This performs a targeted update to the field(s) of a Personal Access Token.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Personal Access Token id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields are patchable:\n* name\n* scope\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/name", + "value": "New name" + }, + { + "op": "replace", + "path": "/scope", + "value": [ + "sp:scopes:all" + ] + } + ] + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the PAT's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the personal access token (to be used as the username for Basic Auth).", + "example": "86f1dc6fe8f54414950454cbb11278fa" + }, + "name": { + "type": "string", + "description": "The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.", + "example": "NodeJS Integration" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the personal access token.", + "example": [ + "demo:personal-access-token-scope:first", + "demo:personal-access-token-scope:second" + ] + }, + "owner": { + "description": "Details about the owner of the personal access token.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was created.", + "example": "2017-07-11T18:45:37.098Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + } + }, + "required": [ + "id", + "name", + "scope", + "owner", + "created" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deletePersonalAccessToken", + "security": [ + { + "oauth2": [ + "sp:my-personal-access-tokens:manage", + "sp:all-personal-access-tokens:manage" + ] + } + ], + "tags": [ + "Personal Access Tokens" + ], + "summary": "Delete Personal Access Token", + "description": "This deletes a personal access token.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The personal access token id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/public-identities-config": { + "get": { + "operationId": "getPublicIdentityConfig", + "tags": [ + "Public Identities Config" + ], + "summary": "Get Public Identity Config", + "description": "This gets details of public identity config.", + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org", + "properties": { + "attributes": { + "type": "array", + "items": { + "type": "object", + "description": "Used to map an attribute key for an Identity to its display name.", + "properties": { + "key": { + "type": "string", + "description": "the key of the attribute", + "example": "country" + }, + "name": { + "type": "string", + "description": "the display name of the attribute", + "example": "Country" + } + } + } + }, + "modifiedBy": { + "type": "object", + "nullable": true, + "description": "The manager for the identity.", + "properties": { + "type": { + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity.", + "example": "Thomas Edison" + } + } + }, + "modified": { + "type": "string", + "description": "the date/time of the modification", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePublicIdentityConfig", + "tags": [ + "Public Identities Config" + ], + "summary": "Update Public Identity Config", + "description": "This updates the details of public identity config.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org", + "properties": { + "attributes": { + "type": "array", + "items": { + "type": "object", + "description": "Used to map an attribute key for an Identity to its display name.", + "properties": { + "key": { + "type": "string", + "description": "the key of the attribute", + "example": "country" + }, + "name": { + "type": "string", + "description": "the display name of the attribute", + "example": "Country" + } + } + } + }, + "modifiedBy": { + "type": "object", + "nullable": true, + "description": "The manager for the identity.", + "properties": { + "type": { + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity.", + "example": "Thomas Edison" + } + } + }, + "modified": { + "type": "string", + "description": "the date/time of the modification", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org", + "properties": { + "attributes": { + "type": "array", + "items": { + "type": "object", + "description": "Used to map an attribute key for an Identity to its display name.", + "properties": { + "key": { + "type": "string", + "description": "the key of the attribute", + "example": "country" + }, + "name": { + "type": "string", + "description": "the display name of the attribute", + "example": "Country" + } + } + } + }, + "modifiedBy": { + "type": "object", + "nullable": true, + "description": "The manager for the identity.", + "properties": { + "type": { + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity.", + "example": "Thomas Edison" + } + } + }, + "modified": { + "type": "string", + "description": "the date/time of the modification", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/notification-template-context": { + "get": { + "operationId": "getNotificationsTemplateContext", + "tags": [ + "Notifications" + ], + "summary": "Get Notification Template Context", + "description": "The notification service (Hermes) maintains metadata to construct the notification templates or supply any information during the event propagation. The data-store where this information is retrieved is called \"Global Context\" (a.k.a. notification template context). It defines a set of attributes\n that will be available per tenant (organization).\n\nRegarding authorization, the access token contains the tenant and will grant access to the one requested.\nRequires the following security scope: idn:notification-templates:read", + "responses": { + "200": { + "description": "Notification template context attributes for a specific tenant.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "attributes": { + "type": "object", + "description": "A JSON object that stores the context.", + "example": { + "productUrl": "https://test-org.identitysoon.com", + "brandingConfigs": { + "default": { + "narrowLogoURL": null, + "productName": "SailPoint", + "standardLogoURL": null, + "navigationColor": 1.1e+65, + "actionButtonColor": "20B2DE", + "emailFromAddress": null, + "activeLinkColor": "20B2DE", + "loginInformationalMessage": null + } + } + } + }, + "created": { + "type": "string", + "description": "When the global context was created", + "format": "date-time", + "example": "2020-04-15T16:16:47.525Z" + }, + "modified": { + "type": "string", + "description": "When the global context was last modified", + "format": "date-time", + "example": "2020-04-15T16:16:47.525Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/notification-preferences/{key}": { + "get": { + "operationId": "getNotificationPreference", + "tags": [ + "Notifications" + ], + "summary": "Get Notification Preferences for tenant.", + "description": "Returns the notification preferences for tenant. Note that if the key doesn't exist, then a 404 will be returned.\nRequest will require the following legacy roles: ORG_ADMIN and API", + "parameters": [ + { + "in": "path", + "name": "key", + "required": true, + "schema": { + "type": "string" + }, + "description": "The notification key." + } + ], + "responses": { + "200": { + "description": "Return preference for the given notification key.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Maps an Identity's attribute key to a list of preferred notification mediums.", + "properties": { + "key": { + "type": "string", + "description": "The template notification key.", + "example": "cloud_manual_work_item_summary" + }, + "mediums": { + "type": "array", + "description": "List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future.", + "items": { + "type": "string", + "enum": [ + "EMAIL", + "SMS", + "PHONE", + "SLACK", + "TEAMS" + ] + }, + "example": [ + "EMAIL" + ] + }, + "modified": { + "type": "string", + "description": "Modified date of preference", + "format": "date-time", + "example": "2020-05-15T14:37:06.909Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putNotificationPreference", + "tags": [ + "Notifications" + ], + "summary": "Overwrite the preferences for the given notification key.", + "description": "In the notification world, a notification flows through these salient stages - \n 1. Interest matching, \n 2. Preferences \n 3. Template Rendering. \n\nThe default notification preferences make up a part of the second stage, along with user preferences (which is a future goal). The expectation is for admins to be able to set default preferences for their org, like opting in to or out of certain notifications, and configuring future preferences as we tack on more features. The key in the Dto is not necessary but if it is provided and doesn't match the key in the URI, then a 400 will be thrown. \nRequest will require the following legacy roles: ORG_ADMIN and API", + "parameters": [ + { + "in": "path", + "name": "key", + "required": true, + "schema": { + "type": "string" + }, + "description": "The notification key." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Maps an Identity's attribute key to a list of preferred notification mediums.", + "properties": { + "key": { + "type": "string", + "description": "The template notification key.", + "example": "cloud_manual_work_item_summary" + }, + "mediums": { + "type": "array", + "description": "List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future.", + "items": { + "type": "string", + "enum": [ + "EMAIL", + "SMS", + "PHONE", + "SLACK", + "TEAMS" + ] + }, + "example": [ + "EMAIL" + ] + }, + "modified": { + "type": "string", + "description": "Modified date of preference", + "format": "date-time", + "example": "2020-05-15T14:37:06.909Z" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The preferences were successfully replaced, and an echo of the new preferences are sent back to caller.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Maps an Identity's attribute key to a list of preferred notification mediums.", + "properties": { + "key": { + "type": "string", + "description": "The template notification key.", + "example": "cloud_manual_work_item_summary" + }, + "mediums": { + "type": "array", + "description": "List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future.", + "items": { + "type": "string", + "enum": [ + "EMAIL", + "SMS", + "PHONE", + "SLACK", + "TEAMS" + ] + }, + "example": [ + "EMAIL" + ] + }, + "modified": { + "type": "string", + "description": "Modified date of preference", + "format": "date-time", + "example": "2020-05-15T14:37:06.909Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + } + } + } + }, + "/recommendations/request": { + "post": { + "operationId": "getRecommendations", + "summary": "Returns a Recommendation Based on Object", + "tags": [ + "IAI Recommendations" + ], + "description": "The getRecommendations API returns recommendations based on the requested object. The recommendations are invoked by IdentityIQ and IdentityNow plug-ins that retrieve recommendations based on the performed calculations.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "requests": { + "type": "array", + "items": { + "description": "List of requests to retrieve recommendations", + "type": "object", + "properties": { + "identityId": { + "type": "string", + "description": "The identity ID", + "example": "2c938083633d259901633d25c68c00fa" + }, + "item": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the access item for which to retrieve the recommendation", + "example": "2c938083633d259901633d2623ec0375" + }, + "type": { + "type": "string", + "example": "ENTITLEMENT", + "description": "The type of the access item.", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ] + } + } + } + } + } + }, + "excludeInterpretations": { + "type": "boolean", + "description": "Exclude interpretations in the response if \"true\". Return interpretations in the response if this attribute is not specified.", + "default": "false", + "example": "false" + }, + "includeTranslationMessages": { + "type": "boolean", + "description": "When set to true, the calling system uses the translated messages for the specified language", + "default": "false", + "example": "false" + }, + "includeDebugInformation": { + "type": "boolean", + "description": "Returns the recommender calculations if set to true", + "default": "false", + "example": "true" + }, + "prescribeMode": { + "type": "boolean", + "description": "When set to true, uses prescribedRulesRecommenderConfig to get identity attributes and peer group threshold instead of standard config.", + "default": "false", + "example": "false" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The recommendations for a customer", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "response": { + "type": "array", + "items": { + "type": "object", + "properties": { + "request": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "description": "The identity ID", + "example": "2c938083633d259901633d25c68c00fa" + }, + "item": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the access item for which to retrieve the recommendation", + "example": "2c938083633d259901633d2623ec0375" + }, + "type": { + "type": "string", + "example": "ENTITLEMENT", + "description": "The type of the access item.", + "enum": [ + "ENTITLEMENT", + "ACCESS_PROFILE", + "ROLE" + ] + } + } + } + } + }, + "recommendation": { + "type": "string", + "example": "YES", + "description": "The recommendation - YES if the access is recommended, NO if not recommended, MAYBE if there is not enough information to make a recommendation, NOT_FOUND if the identity is not found in the system", + "enum": [ + "YES", + "NO", + "MAYBE", + "NOT_FOUND" + ] + }, + "interpretations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of interpretations explaining the recommendation. The array is empty if includeInterpretations is false or not present in the request. e.g. - [ \"Not approved in the last 6 months.\" ]. Interpretations will be translated using the client's locale as found in the Accept-Language header. If a translation for the client's locale cannot be found, the US English translation will be returned.", + "example": [ + "75% of identities with the same department have this access. This information had a high impact on the overall score.", + "67% of identities with the same peer group have this access. This information had a low impact on the overall score.", + "42% of identities with the same location have this access. This information had a low impact on the overall score." + ] + }, + "translationMessages": { + "type": "array", + "example": [ + { + "key": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH", + "values": [ + "75", + "department" + ] + } + ], + "items": { + "properties": { + "key": { + "type": "string", + "description": "The key of the translation message", + "example": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH" + }, + "values": { + "type": "array", + "description": "The values corresponding to the translation messages", + "items": { + "type": "string" + }, + "example": [ + "75", + "department" + ] + } + } + }, + "description": "The list of translation messages, if they have been requested." + }, + "recommenderCalculations": { + "description": "The calcuations performed behind the scenes that provide recommendations to the user.", + "properties": { + "identityId": { + "type": "string", + "description": "The ID of the identity", + "example": "2c91808457d8f3ab0157e3e62cb4213c" + }, + "entitlementId": { + "type": "string", + "description": "The entitlement ID", + "example": "2c91809050db617d0150e0bf3215385e" + }, + "recommendation": { + "type": "string", + "description": "The actual recommendation", + "example": "YES" + }, + "overallWeightedScore": { + "type": "number", + "description": "The overall weighted score" + }, + "featureWeightedScores": { + "type": "object", + "description": "The weighted score of each individual feature", + "additionalProperties": { + "type": "number" + } + }, + "threshold": { + "type": "number", + "description": "The configured value against which the overallWeightedScore is compared" + }, + "identityAttributes": { + "type": "object", + "description": "The values for your configured features", + "additionalProperties": { + "type": "object", + "properties": { + "value": { + "type": "string" + } + } + } + }, + "featureValues": { + "description": "The feature details", + "type": "object", + "properties": { + "feature": { + "type": "string", + "description": "The type of feature", + "example": "department" + }, + "numerator": { + "type": "integer", + "format": "int32", + "example": 14, + "description": "The number of identities that have access to the feature" + }, + "denominator": { + "type": "integer", + "format": "int32", + "example": 14, + "description": "The number of identities with the corresponding feature" + } + } + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [] + } + ] + } + }, + "/recommendations/config": { + "get": { + "operationId": "getRecommendationsConfig", + "summary": "Get certification recommendation config values", + "tags": [ + "IAI Recommendations" + ], + "description": "Retrieves configuration attributes used by certification recommendations.", + "responses": { + "200": { + "description": "Cert recommendation configuration attributes", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "recommenderFeatures": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of identity attributes to use for calculating certification recommendations", + "example": [ + "jobTitle", + "location", + "peer_group", + "department", + "active" + ] + }, + "peerGroupPercentageThreshold": { + "type": "number", + "description": "The percent value that the recommendation calculation must surpass to produce a YES recommendation", + "minimum": 0, + "maximum": 1, + "example": 0.5 + }, + "forceRefresh": { + "type": "boolean", + "description": "If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run", + "example": false + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [] + } + ] + }, + "put": { + "operationId": "updateRecommendationsConfig", + "summary": "Update certification recommendation config values", + "tags": [ + "IAI Recommendations" + ], + "description": "Updates configuration attributes used by certification recommendations.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "recommenderFeatures": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of identity attributes to use for calculating certification recommendations", + "example": [ + "jobTitle", + "location", + "peer_group", + "department", + "active" + ] + }, + "peerGroupPercentageThreshold": { + "type": "number", + "description": "The percent value that the recommendation calculation must surpass to produce a YES recommendation", + "minimum": 0, + "maximum": 1, + "example": 0.5 + }, + "forceRefresh": { + "type": "boolean", + "description": "If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run", + "example": false + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Cert recommendation configuration attributes after update", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "recommenderFeatures": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of identity attributes to use for calculating certification recommendations", + "example": [ + "jobTitle", + "location", + "peer_group", + "department", + "active" + ] + }, + "peerGroupPercentageThreshold": { + "type": "number", + "description": "The percent value that the recommendation calculation must surpass to produce a YES recommendation", + "minimum": 0, + "maximum": 1, + "example": 0.5 + }, + "forceRefresh": { + "type": "boolean", + "description": "If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run", + "example": false + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [] + } + ] + } + }, + "/requestable-objects": { + "get": { + "operationId": "listRequestableObjects", + "tags": [ + "Requestable Objects" + ], + "summary": "Requestable Objects List", + "description": "This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param.\nAny authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity.", + "parameters": [ + { + "in": "query", + "name": "identity-id", + "required": false, + "schema": { + "type": "string" + }, + "example": "e7eab60924f64aa284175b9fa3309599", + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result." + }, + { + "in": "query", + "name": "types", + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "required": false, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + } + }, + "example": "ROLE,ACCESS_PROFILE", + "explode": false + }, + { + "in": "query", + "name": "term", + "required": false, + "schema": { + "type": "string" + }, + "example": "Finance Role", + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored." + }, + { + "in": "query", + "name": "statuses", + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "required": false, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AVAILABLE", + "PENDING", + "ASSIGNED" + ], + "description": "Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.", + "example": "AVAILABLE" + } + }, + "explode": false, + "example": [ + "ASSIGNED", + "PENDING" + ] + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "name sw \"bob\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "required": false, + "example": "name", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n" + } + ], + "responses": { + "200": { + "description": "List of requestable objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the requestable object itself", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the requestable object", + "example": "Applied Research Access" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "The time when the requestable object was created" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "The time when the requestable object was last modified" + }, + "description": { + "type": "string", + "description": "Description of the requestable object.", + "example": "Access to research information, lab results, and schematics." + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + }, + "requestStatus": { + "type": "string", + "enum": [ + "AVAILABLE", + "PENDING", + "ASSIGNED" + ], + "description": "Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.", + "example": "AVAILABLE" + }, + "identityRequestId": { + "type": "string", + "description": "If *requestStatus* is *PENDING*, indicates the id of the associated account activity.", + "nullable": true, + "example": null + }, + "ownerRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Whether the requester must provide comments when requesting the object.", + "example": false + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights/requests": { + "post": { + "operationId": "createRoleInsightRequests", + "summary": "A request to generate insights for roles", + "tags": [ + "Role Insights" + ], + "description": "This submits a create role insights request to the role insights application. At this time there are no parameters. All business roles will be processed for the customer.", + "responses": { + "201": { + "description": "Submitted a role insights generation request", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Request Id for a role insight generation request", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + "createdDate": { + "type": "string", + "format": "date-time", + "description": "The date-time role insights request was created.", + "example": "2020-09-16T18:49:32.150Z" + }, + "lastGenerated": { + "type": "string", + "format": "date-time", + "description": "The date-time role insights request was completed.", + "example": "2020-09-16T18:50:12.150Z" + }, + "numberOfUpdates": { + "type": "integer", + "description": "Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED.", + "example": 0 + }, + "roleIds": { + "description": "The role IDs that are in this request.", + "type": "array", + "items": { + "type": "string" + } + }, + "status": { + "type": "string", + "description": "Request status", + "enum": [ + "CREATED", + "IN PROGRESS", + "COMPLETED", + "FAILED" + ] + } + }, + "example": { + "id": "c9aa02f7-86b0-4bc4-84bd-3116a6131e77", + "createdDate": "2020-09-16T18:49:32.150Z", + "lastGenerated": "2020-09-16T18:49:32.150Z", + "numberOfUpdates": 0, + "roleIds": [ + "2c91808e720e94f8017253287c0a44f4", + "2c918087723ac2800172532191540e03", + "2c9180986e4c8592016e6b15eaef447c" + ], + "status": "CREATED" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights/requests/{id}": { + "get": { + "operationId": "getRoleInsightsRequests", + "summary": "Returns the metadata for a request in order to generate insights for roles.", + "tags": [ + "Role Insights" + ], + "description": "This endpoint returns details of a prior request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role insights request id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns details of an earlier role insights request.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Request Id for a role insight generation request", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + "createdDate": { + "type": "string", + "format": "date-time", + "description": "The date-time role insights request was created.", + "example": "2020-09-16T18:49:32.150Z" + }, + "lastGenerated": { + "type": "string", + "format": "date-time", + "description": "The date-time role insights request was completed.", + "example": "2020-09-16T18:50:12.150Z" + }, + "numberOfUpdates": { + "type": "integer", + "description": "Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED.", + "example": 0 + }, + "roleIds": { + "description": "The role IDs that are in this request.", + "type": "array", + "items": { + "type": "string" + } + }, + "status": { + "type": "string", + "description": "Request status", + "enum": [ + "CREATED", + "IN PROGRESS", + "COMPLETED", + "FAILED" + ] + } + }, + "example": { + "id": "c9aa02f7-86b0-4bc4-84bd-3116a6131e77", + "createdDate": "2020-09-16T18:49:32.150Z", + "lastGenerated": "2020-09-16T18:49:32.150Z", + "numberOfUpdates": 0, + "roleIds": [ + "2c91808e720e94f8017253287c0a44f4", + "2c918087723ac2800172532191540e03", + "2c9180986e4c8592016e6b15eaef447c" + ], + "status": "CREATED" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights/summary": { + "get": { + "operationId": "getRoleInsightsSummary", + "summary": "Get role insights summary information", + "tags": [ + "Role Insights" + ], + "description": "This method returns high level summary information for role insights for a customer.", + "responses": { + "200": { + "description": "Succeeded. Returns high level counts.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "numberOfUpdates": { + "type": "integer", + "description": "Total number of roles with updates" + }, + "lastGenerated": { + "type": "string", + "format": "date-time", + "description": "The date-time role insights were last found.", + "example": "2020-05-19T13:49:37.385Z" + }, + "entitlementsIncludedInRoles": { + "type": "integer", + "description": "The number of entitlements included in roles (vs free radicals).", + "example": 45 + }, + "totalNumberOfEntitlements": { + "type": "integer", + "description": "The total number of entitlements.", + "example": 250 + }, + "identitiesWithAccessViaRoles": { + "type": "integer", + "description": "The number of identities in roles vs. identities with just entitlements and not in roles.", + "example": 550 + }, + "totalNumberOfIdentities": { + "type": "integer", + "description": "The total number of identities.", + "example": 980 + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights": { + "get": { + "operationId": "getRoleInsights", + "summary": "Get role insights", + "tags": [ + "Role Insights" + ], + "description": "This method returns detailed role insights for each role.", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "sorters", + "in": "query", + "description": "sort by numberOfUpdates, identitiesWithAccess, totalNumberOfIdentities (default- ascending)", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "name": "filters", + "in": "query", + "description": "Filter parameter(s) by \"starts with\" for the name, ownerName and description.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of roles with information about insights for each role.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Insight id", + "example": "1467e61e-f284-439c-ba2d-c6cc11cf0941" + }, + "numberOfUpdates": { + "type": "integer", + "description": "Total number of updates for this role", + "example": 5 + }, + "createdDate": { + "type": "string", + "format": "date-time", + "description": "The date-time insights were last created for this role.", + "example": "2020-05-19T13:49:37.385Z" + }, + "role": { + "description": "A role", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Role name", + "example": "Software Engineer" + }, + "id": { + "type": "string", + "description": "Role id", + "example": "1467e61e-f284-439c-ba2d-c6cc11cf0941" + }, + "description": { + "type": "string", + "description": "Role description", + "example": "Person who develops software" + }, + "ownerName": { + "type": "string", + "description": "Role owner name", + "example": "Bob" + }, + "ownerId": { + "type": "string", + "description": "Role owner id", + "example": "1467e61e-f284-439c-ba2d-c6cc11cf0941" + } + } + }, + "insight": { + "description": "The kind of insight this is and some stats", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The number of identities in this role with the entitlement.", + "example": "ADD" + }, + "identitiesWithAccess": { + "type": "integer", + "description": "The number of identities in this role with the entitlement.", + "example": 850 + }, + "identitiesImpacted": { + "type": "integer", + "description": "The number of identities in this role that do not have the specified entitlement.", + "example": 150 + }, + "totalNumberOfIdentities": { + "type": "integer", + "description": "The total number of identities.", + "example": 1000 + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights/{insightId}": { + "get": { + "operationId": "getRoleInsight", + "summary": "Get a single role insight", + "tags": [ + "Role Insights" + ], + "description": "This endpoint gets role insights information for a role.", + "parameters": [ + { + "in": "path", + "name": "insightId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role insight id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns information about insights for a single role.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Insight id", + "example": "1467e61e-f284-439c-ba2d-c6cc11cf0941" + }, + "numberOfUpdates": { + "type": "integer", + "description": "Total number of updates for this role", + "example": 5 + }, + "createdDate": { + "type": "string", + "format": "date-time", + "description": "The date-time insights were last created for this role.", + "example": "2020-05-19T13:49:37.385Z" + }, + "role": { + "description": "A role", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Role name", + "example": "Software Engineer" + }, + "id": { + "type": "string", + "description": "Role id", + "example": "1467e61e-f284-439c-ba2d-c6cc11cf0941" + }, + "description": { + "type": "string", + "description": "Role description", + "example": "Person who develops software" + }, + "ownerName": { + "type": "string", + "description": "Role owner name", + "example": "Bob" + }, + "ownerId": { + "type": "string", + "description": "Role owner id", + "example": "1467e61e-f284-439c-ba2d-c6cc11cf0941" + } + } + }, + "insight": { + "description": "The kind of insight this is and some stats", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The number of identities in this role with the entitlement.", + "example": "ADD" + }, + "identitiesWithAccess": { + "type": "integer", + "description": "The number of identities in this role with the entitlement.", + "example": 850 + }, + "identitiesImpacted": { + "type": "integer", + "description": "The number of identities in this role that do not have the specified entitlement.", + "example": 150 + }, + "totalNumberOfIdentities": { + "type": "integer", + "description": "The total number of identities.", + "example": 1000 + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights/{insightId}/entitlement-changes": { + "get": { + "operationId": "getRoleInsightsEntitlementsChanges", + "summary": "Get entitlement insights for a role", + "tags": [ + "Role Insights" + ], + "description": "This endpoint returns entitlement insights for a role.", + "parameters": [ + { + "in": "path", + "name": "insightId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role insight id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "sorters", + "description": "sort by identitiesWithAccess or name", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filters", + "description": "Filter parameter(s) by \"starts with\" for the name and description.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of entitlements to be added for a role.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the entitlement" + }, + "id": { + "type": "string", + "description": "Id of the entitlement" + }, + "description": { + "type": "string", + "description": "Description for the entitlement" + }, + "attribute": { + "type": "string", + "description": "Attribute for the entitlement" + }, + "value": { + "type": "string", + "description": "Attribute value for the entitlement" + }, + "source": { + "type": "string", + "description": "Source or the application for the entitlement" + }, + "insight": { + "description": "The kind of insight this is and some stats", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The number of identities in this role with the entitlement.", + "example": "ADD" + }, + "identitiesWithAccess": { + "type": "integer", + "description": "The number of identities in this role with the entitlement.", + "example": 850 + }, + "identitiesImpacted": { + "type": "integer", + "description": "The number of identities in this role that do not have the specified entitlement.", + "example": 150 + }, + "totalNumberOfIdentities": { + "type": "integer", + "description": "The total number of identities.", + "example": 1000 + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights/{insightId}/entitlement-changes/download": { + "get": { + "operationId": "downloadRoleInsightsEntitlementsChanges", + "summary": "Download entitlement insights for a role", + "tags": [ + "Role Insights" + ], + "description": "This endpoint returns the entitlement insights for a role.", + "parameters": [ + { + "in": "path", + "name": "insightId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role insight id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "sorters", + "description": "sort by identitiesWithAccess, default order descending", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filters", + "description": "Filter parameter(s) by \"starts with\" for the name and description.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a csv file containing a list of entitlements to be added for a role.", + "content": { + "text/csv": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights/{insightId}/current-entitlements": { + "get": { + "operationId": "getRoleInsightsCurrentEntitlements", + "summary": "Get current entitlement for a role", + "tags": [ + "Role Insights" + ], + "description": "This endpoint gets the entitlements for a role. The term \"current\" is to distinguish from the entitlement(s) an insight might recommend adding.", + "parameters": [ + { + "in": "path", + "name": "insightId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role insight id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "filters", + "description": "Filter parameter(s) by \"starts with\" for the name and description.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of current or pre-existing entitlements for a role.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the entitlement" + }, + "id": { + "type": "string", + "description": "Id of the entitlement" + }, + "description": { + "type": "string", + "description": "Description for the entitlement" + }, + "source": { + "type": "string", + "description": "Source or the application for the entitlement" + }, + "attribute": { + "type": "string", + "description": "Attribute for the entitlement" + }, + "value": { + "type": "string", + "description": "Attribute value for the entitlement" + } + }, + "example": { + "name": "Administrator", + "id": "8c190e67-87aa-4ed9-a90b-d9d5344523fb", + "description": "Full administrative access to IdentityNow", + "source": "IdentityNow", + "attribute": "assignedGroups", + "value": "ORG_ADMIN" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-insights/{insightId}/entitlement-changes/{entitlementId}/identities": { + "get": { + "operationId": "getEntitlementChangesIdentities", + "summary": "Get identities for a suggested entitlement (for a role)", + "tags": [ + "Role Insights" + ], + "description": "Role insights suggests entitlements to be added for a role. This endpoint returns a list of identities in the role, with or without the entitlements, for a suggested entitlement so that the user can see which identities would be affected if the suggested entitlement were to be added to the role.", + "parameters": [ + { + "in": "path", + "name": "insightId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role insight id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "entitlementId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The entitlement id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "hasEntitlement", + "description": "Identity has this entitlement or not", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "sorters", + "description": "sort by name", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filters", + "description": "Filter parameter by \"starts with\" for the name.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of identities with or without the entitlement.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id for identity" + }, + "name": { + "type": "string", + "description": "Name for identity" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "example": { + "id": "8c190e67-87aa-4ed9-a90b-d9d5344523fb", + "name": "Adam Smith", + "attributes": { + "department": "Human Resources-tah-mgb-dnd", + "firstName": "Adam", + "jobTitle": "Sales Analyst", + "location": "Mexico" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions": { + "post": { + "operationId": "createRoleMiningSessions", + "summary": "Create a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "This submits a create role mining session request to the role mining application.", + "requestBody": { + "description": "Role mining session parameters", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "scope": { + "description": "The scope of identities for this role mining session", + "example": { + "identityIds": [], + "criteria": "source.name:DataScienceDataset", + "attributeFilterCriteria": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + }, + "type": "object", + "properties": { + "identityIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identities for this role mining session.", + "example": [ + "2c918090761a5aac0176215c46a62d58", + "2c918090761a5aac01722015c46a62d42" + ] + }, + "criteria": { + "type": "string", + "description": "The \"search\" criteria that produces the list of identities for this role mining session.", + "example": "source.name:DataScienceDataset" + }, + "attributeFilterCriteria": { + "type": "array", + "items": { + "type": "object" + }, + "description": "The filter criteria for this role mining session.", + "example": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + } + } + }, + "pruneThreshold": { + "type": "integer", + "description": "The prune threshold to be used or null to calculate prescribedPruneThreshold", + "example": 5, + "format": "int32" + }, + "prescribedPruneThreshold": { + "type": "integer", + "description": "The calculated prescribedPruneThreshold", + "example": 10, + "format": "int32" + }, + "minNumIdentitiesInPotentialRole": { + "type": "integer", + "description": "Minimum number of identities in a potential role", + "example": 20, + "format": "int32" + }, + "potentialRoleCount": { + "type": "integer", + "description": "Number of potential roles", + "example": 0, + "format": "int32" + }, + "potentialRolesReadyCount": { + "type": "integer", + "description": "Number of potential roles ready", + "example": 0, + "format": "int32" + }, + "status": { + "description": "The status of the role mining session", + "example": "CREATED", + "type": "object", + "properties": { + "state": { + "description": "The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED", + "type": "string", + "example": "CREATED" + } + } + }, + "type": { + "description": "Role mining session type", + "example": "SPECIALIZED", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ] + }, + "emailRecipientId": { + "type": "string", + "description": "The id of the user who will receive an email about the role mining session", + "example": "2c918090761a5aac0176215c46a62d58" + }, + "createdBy": { + "description": "The session created by details", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the creator", + "example": "2c918090761a5aac0176215c46a62d58" + }, + "displayName": { + "type": "string", + "description": "The display name of the creator", + "example": "Ashley.Pierce" + } + } + }, + "identityCount": { + "type": "integer", + "description": "Number of identities in the population which meet the search criteria or identity list provided", + "example": 0, + "format": "int32" + }, + "saved": { + "type": "boolean", + "description": "The session's saved status", + "example": true + }, + "name": { + "type": "string", + "description": "The session's saved name", + "example": "Saved RM Session - 07/10" + } + } + } + } + } + }, + "responses": { + "201": { + "description": "Submitted a role mining session request", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "scope": { + "description": "The scope of identities for this role mining session", + "type": "object", + "properties": { + "identityIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identities for this role mining session.", + "example": [ + "2c918090761a5aac0176215c46a62d58", + "2c918090761a5aac01722015c46a62d42" + ] + }, + "criteria": { + "type": "string", + "description": "The \"search\" criteria that produces the list of identities for this role mining session.", + "example": "source.name:DataScienceDataset" + }, + "attributeFilterCriteria": { + "type": "array", + "items": { + "type": "object" + }, + "description": "The filter criteria for this role mining session.", + "example": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + } + } + }, + "minNumIdentitiesInPotentialRole": { + "type": "integer", + "description": "Minimum number of identities in a potential role", + "example": 20 + }, + "prescribedPruneThreshold": { + "type": "integer", + "description": "The computed (or prescribed) prune threshold for this session", + "example": 83 + }, + "pruneThreshold": { + "type": "integer", + "description": "The prune threshold to be used for this role mining session", + "example": 70 + }, + "potentialRoleCount": { + "type": "integer", + "description": "The number of potential roles", + "example": 8 + }, + "potentialRolesReadyCount": { + "type": "integer", + "description": "The number of potential roles which have completed processing", + "example": 4 + }, + "status": { + "description": "The role mining session status", + "type": "object", + "properties": { + "state": { + "description": "The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED", + "type": "string", + "example": "CREATED" + } + } + }, + "id": { + "type": "string", + "description": "Session Id for this role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + "createdDate": { + "type": "string", + "format": "date-time", + "description": "The date-time when this role mining session was created." + }, + "modifiedDate": { + "type": "string", + "format": "date-time", + "description": "The date-time when this role mining session was completed." + }, + "type": { + "description": "Role mining session type", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ], + "example": "SPECIALIZED" + } + }, + "example": { + "scope": { + "identityIds": [], + "criteria": "source.name:DataScienceDataset" + }, + "minNumIdentitiesInPotentialRole": 20, + "pruneThreshold": 70, + "prescribedPruneThreshold": 83, + "potentialRoleCount": 8, + "potentialRolesReadyCount": 4, + "status": { + "state": "POTENTIAL_ROLES_PROCESSING" + }, + "id": "602ba738-cf48-499b-a780-7b67b3fc1ecf", + "createdDate": "2021-09-08T16:11:05.348Z", + "modifiedDate": "2021-09-08T16:11:05.348Z", + "type": "SPECIALIZED" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "getRoleMiningSessions", + "summary": "Retrieves all role mining sessions", + "tags": [ + "IAI Role Mining" + ], + "description": "Returns all role mining sessions that match the query parameters", + "parameters": [ + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **saved**: *eq* \"true\" or \"false\" **name**: *eq, sw*", + "example": "saved eq \"true\" and name sw \"RM Session\"" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **createdBy, createdDate**", + "example": "createdBy,createdDate" + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns all role mining sessions that match the query parameters.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "scope": { + "description": "The scope of identities for this role mining session", + "example": { + "identityIds": [], + "criteria": "source.name:DataScienceDataset", + "attributeFilterCriteria": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + }, + "type": "object", + "properties": { + "identityIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identities for this role mining session.", + "example": [ + "2c918090761a5aac0176215c46a62d58", + "2c918090761a5aac01722015c46a62d42" + ] + }, + "criteria": { + "type": "string", + "description": "The \"search\" criteria that produces the list of identities for this role mining session.", + "example": "source.name:DataScienceDataset" + }, + "attributeFilterCriteria": { + "type": "array", + "items": { + "type": "object" + }, + "description": "The filter criteria for this role mining session.", + "example": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + } + } + }, + "pruneThreshold": { + "type": "integer", + "description": "The prune threshold to be used or null to calculate prescribedPruneThreshold", + "example": 5, + "format": "int32" + }, + "prescribedPruneThreshold": { + "type": "integer", + "description": "The calculated prescribedPruneThreshold", + "example": 10, + "format": "int32" + }, + "minNumIdentitiesInPotentialRole": { + "type": "integer", + "description": "Minimum number of identities in a potential role", + "example": 20, + "format": "int32" + }, + "potentialRoleCount": { + "type": "integer", + "description": "Number of potential roles", + "example": 0, + "format": "int32" + }, + "potentialRolesReadyCount": { + "type": "integer", + "description": "Number of potential roles ready", + "example": 0, + "format": "int32" + }, + "status": { + "description": "The status of the role mining session", + "example": "CREATED", + "type": "object", + "properties": { + "state": { + "description": "The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED", + "type": "string", + "example": "CREATED" + } + } + }, + "type": { + "description": "Role mining session type", + "example": "SPECIALIZED", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ] + }, + "emailRecipientId": { + "type": "string", + "description": "The id of the user who will receive an email about the role mining session", + "example": "2c918090761a5aac0176215c46a62d58" + }, + "createdBy": { + "description": "The session created by details", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the creator", + "example": "2c918090761a5aac0176215c46a62d58" + }, + "displayName": { + "type": "string", + "description": "The display name of the creator", + "example": "Ashley.Pierce" + } + } + }, + "identityCount": { + "type": "integer", + "description": "Number of identities in the population which meet the search criteria or identity list provided", + "example": 0, + "format": "int32" + }, + "saved": { + "type": "boolean", + "description": "The session's saved status", + "example": true + }, + "name": { + "type": "string", + "description": "The session's saved name", + "example": "Saved RM Session - 07/10" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}": { + "patch": { + "operationId": "patchRoleMiningSession", + "summary": "Patch a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "The method updates an existing role mining session using PATCH. Supports op in {\"replace\"} and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id to be patched", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "requestBody": { + "required": true, + "description": "Replace pruneThreshold and/or minNumIdentitiesInPotentialRole in role mining session. Update saved status or saved name for a role mining session.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/pruneThreshold", + "value": "83" + }, + { + "op": "replace", + "path": "/minNumIdentitiesInPotentialRole", + "value": "10" + }, + { + "op": "replace", + "path": "/saved", + "value": "false" + }, + { + "op": "replace", + "path": "/name", + "value": "RM Session - 07/10/22" + }, + { + "op": "add", + "path": "/name", + "value": "RM Session - 07/10/22" + } + ] + } + } + }, + "responses": { + "202": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "getRoleMiningSession", + "summary": "Get a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "The method retrieves a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id to be retrieved.", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Returns a role mining session", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "scope": { + "description": "The scope of identities for this role mining session", + "type": "object", + "properties": { + "identityIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identities for this role mining session.", + "example": [ + "2c918090761a5aac0176215c46a62d58", + "2c918090761a5aac01722015c46a62d42" + ] + }, + "criteria": { + "type": "string", + "description": "The \"search\" criteria that produces the list of identities for this role mining session.", + "example": "source.name:DataScienceDataset" + }, + "attributeFilterCriteria": { + "type": "array", + "items": { + "type": "object" + }, + "description": "The filter criteria for this role mining session.", + "example": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + } + } + }, + "minNumIdentitiesInPotentialRole": { + "type": "integer", + "description": "Minimum number of identities in a potential role", + "example": 20 + }, + "prescribedPruneThreshold": { + "type": "integer", + "description": "The computed (or prescribed) prune threshold for this session", + "example": 83 + }, + "pruneThreshold": { + "type": "integer", + "description": "The prune threshold to be used for this role mining session", + "example": 70 + }, + "potentialRoleCount": { + "type": "integer", + "description": "The number of potential roles", + "example": 8 + }, + "potentialRolesReadyCount": { + "type": "integer", + "description": "The number of potential roles which have completed processing", + "example": 4 + }, + "status": { + "description": "The role mining session status", + "type": "object", + "properties": { + "state": { + "description": "The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED", + "type": "string", + "example": "CREATED" + } + } + }, + "id": { + "type": "string", + "description": "Session Id for this role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + "createdDate": { + "type": "string", + "format": "date-time", + "description": "The date-time when this role mining session was created." + }, + "modifiedDate": { + "type": "string", + "format": "date-time", + "description": "The date-time when this role mining session was completed." + }, + "type": { + "description": "Role mining session type", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ], + "example": "SPECIALIZED" + } + }, + "example": { + "scope": { + "identityIds": [], + "criteria": "source.name:DataScienceDataset" + }, + "minNumIdentitiesInPotentialRole": 20, + "pruneThreshold": 70, + "prescribedPruneThreshold": 83, + "potentialRoleCount": 8, + "potentialRolesReadyCount": 4, + "status": { + "state": "POTENTIAL_ROLES_PROCESSING" + }, + "id": "602ba738-cf48-499b-a780-7b67b3fc1ecf", + "createdDate": "2021-09-08T16:11:05.348Z", + "modifiedDate": "2021-09-08T16:11:05.348Z", + "type": "SPECIALIZED" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/status": { + "get": { + "operationId": "getRoleMiningSessionStatus", + "summary": "Get role mining session status state", + "tags": [ + "IAI Role Mining" + ], + "description": "This method returns a role mining session status for a customer.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns session status", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "state": { + "description": "The role mining session status. Can be one of these states - CREATED|UPDATED|IDENTITIES_OBTAINED|PRUNE_THRESHOLD_OBTAINED|POTENTIAL_ROLES_PROCESSING|POTENTIAL_ROLES_CREATED", + "type": "string", + "example": "CREATED" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-role-summaries": { + "get": { + "operationId": "getPotentialRoleSummaries", + "summary": "Retrieves all potential role summaries", + "tags": [ + "IAI Role Mining" + ], + "description": "This method returns the potential role summaries for a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **createdDate**", + "example": "createdDate" + }, + { + "in": "query", + "name": "filters", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Filtering is supported for the following fields and operators:\n**createdById**: *eq, sw, co*\n**createdByName**: *eq, sw, co*\n**description**: *sw, co*\n**endDate**: *le, lt*\n**freshness**: *eq, ge, gt, le, lt*\n**name**: *eq, sw, co*\n**quality**: *eq, ge, gt, le, lt*\n**startDate**: *ge, gt*\n**saved**: *eq*\n**type**: *eq*", + "example": "(createdByName co \"int\")and (createdById sw \"2c9180907\")and (type eq \"COMMON\")and ((name co \"entt\")or (saved eq true))", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of potential role summaries for a role mining session.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "potentialRoleRef": { + "description": "Details about the potential role", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the potential role" + }, + "name": { + "type": "string", + "description": "Name of the potential role" + } + } + }, + "identityCount": { + "type": "integer", + "description": "The number of identities in a potential role.", + "example": 25 + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements in a potential role.", + "example": 15 + }, + "identityGroupStatus": { + "type": "string", + "description": "The status for this identity group which can be \"REQUESTED\" or \"OBTAINED\"", + "example": "OBTAINED" + }, + "provisionState": { + "description": "The status of provisioning for this potential role. Can be \"POTENTIAL\", \"PENDING\", \"FAILED\", or \"COMPLETE\".", + "example": "PENDING", + "type": "string", + "enum": [ + "POTENTIAL", + "PENDING", + "COMPLETE", + "FAILED" + ] + }, + "roleId": { + "type": "string", + "description": "ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.", + "example": "2a4be6fbcf3c4e66b95a0c15ffd591" + }, + "density": { + "type": "integer", + "description": "The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.", + "example": 90 + }, + "freshness": { + "type": "integer", + "description": "The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.", + "example": 70 + }, + "quality": { + "type": "integer", + "description": "The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.", + "example": 80 + } + }, + "example": { + "potentialRoleRef": { + "id": "dd4c13c6-8237-4753-bfb7-f627e489f9ec", + "name": "Potential Role - dd4c13" + }, + "identityCount": "25", + "entitlementCount": "15", + "identityGroupStatus": "OBTAINED", + "provisionState": "PENDING", + "roleId": "2a4be6fbcf3c4e66b95a0c15ffd591" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}": { + "get": { + "operationId": "getPotentialRole", + "summary": "Retrieves a specific potential role", + "tags": [ + "IAI Role Mining" + ], + "description": "This method returns a specific potential role for a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of potential roles for a role mining session.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "createdBy": { + "description": "The session created by details.", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the creator", + "example": "2c918090761a5aac0176215c46a62d58" + }, + "displayName": { + "type": "string", + "description": "The display name of the creator", + "example": "Ashley.Pierce" + } + } + }, + "density": { + "type": "integer", + "description": "The density of a potential role.", + "example": 75, + "format": "int32" + }, + "description": { + "type": "string", + "description": "The description of a potential role.", + "example": "Potential Role for Accounting dept" + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements in a potential role.", + "example": 25, + "format": "int32" + }, + "excludedEntitlements": { + "description": "The list of entitlement ids to be excluded.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "07a0b4e2", + "13b4e2a0" + ] + }, + "freshness": { + "type": "integer", + "description": "The freshness of a potential role.", + "example": 75, + "format": "int32" + }, + "identityCount": { + "type": "integer", + "description": "The number of identities in a potential role.", + "example": 25, + "format": "int32" + }, + "identityDistribution": { + "description": "Identity attribute distribution.", + "type": "array", + "items": { + "type": "object", + "properties": { + "attributeName": { + "type": "string", + "description": "Id of the potential role", + "example": "department" + }, + "distribution": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "example": [ + { + "attributeValue": "NM Tier 3", + "count": 6 + } + ] + } + } + } + }, + "identityIds": { + "description": "The list of ids in a potential role.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "07a0b4e2", + "13b4e2a0" + ] + }, + "name": { + "type": "string", + "description": "Name of the potential role.", + "example": "Saved Potential Role - 07/10" + }, + "provisionState": { + "description": "The provisioning state of a potential role.", + "type": "string", + "enum": [ + "POTENTIAL", + "PENDING", + "COMPLETE", + "FAILED" + ], + "example": "POTENTIAL" + }, + "quality": { + "type": "integer", + "description": "The quality of a potential role.", + "example": 100, + "format": "int32" + }, + "roleId": { + "type": "string", + "description": "The roleId of a potential role.", + "example": "07a0b4e2-7a76-44fa-bd0b-c64654b66519" + }, + "saved": { + "type": "boolean", + "description": "The potential role's saved status.", + "example": true + }, + "session": { + "description": "The session parameters of the potential role.", + "type": "object", + "properties": { + "minNumIdentitiesInPotentialRole": { + "type": "integer", + "description": "Minimum number of identities in a potential role", + "example": 20, + "format": "int32" + }, + "name": { + "type": "string", + "description": "The session's saved name", + "example": "Saved RM Session - 07/10" + }, + "pruneThreshold": { + "type": "integer", + "description": "The prune threshold to be used or null to calculate prescribedPruneThreshold", + "example": 5, + "format": "int32" + }, + "saved": { + "type": "boolean", + "description": "The session's saved status", + "example": true + }, + "scope": { + "description": "The scope of identities for this role mining session", + "example": { + "identityIds": [], + "criteria": "source.name:DataScienceDataset", + "attributeFilterCriteria": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + }, + "type": "object", + "properties": { + "identityIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identities for this role mining session.", + "example": [ + "2c918090761a5aac0176215c46a62d58", + "2c918090761a5aac01722015c46a62d42" + ] + }, + "criteria": { + "type": "string", + "description": "The \"search\" criteria that produces the list of identities for this role mining session.", + "example": "source.name:DataScienceDataset" + }, + "attributeFilterCriteria": { + "type": "array", + "items": { + "type": "object" + }, + "description": "The filter criteria for this role mining session.", + "example": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + } + } + }, + "type": { + "description": "Role mining potential type", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ], + "example": "SPECIALIZED" + } + } + }, + "type": { + "description": "Role mining potential type.", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ], + "example": "SPECIALIZED" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchPotentialRole", + "summary": "Update a potential role", + "tags": [ + "IAI Role Mining" + ], + "description": "The method updates an existing potential role using.\n\nThe following fields can be modified:\n\n* `description`\n\n* `name`\n\n* `saved`\n\n\n>**NOTE: All other fields can not be modified.**\n", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The potential role summary id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "remove", + "replace" + ], + "example": "replace" + } + } + } + }, + "example": [ + { + "op": "remove", + "path": "/description" + }, + { + "op": "replace", + "path": "/description", + "value": "Acct I - Potential Role" + }, + { + "op": "remove", + "path": "/saved" + }, + { + "op": "replace", + "path": "/saved", + "value": "false" + }, + { + "op": "remove", + "path": "/name" + }, + { + "op": "replace", + "path": "/name", + "value": "Potential Role Accounting" + } + ] + } + } + }, + "responses": { + "200": { + "description": "Succeeded. Returns the potential role summary based on the potentialRoleId provided.", + "content": { + "application/json": { + "schema": { + "type": "object", + "items": { + "type": "object", + "properties": { + "createdBy": { + "description": "The session created by details.", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the creator", + "example": "2c918090761a5aac0176215c46a62d58" + }, + "displayName": { + "type": "string", + "description": "The display name of the creator", + "example": "Ashley.Pierce" + } + } + }, + "density": { + "type": "integer", + "description": "The density of a potential role.", + "example": 75, + "format": "int32" + }, + "description": { + "type": "string", + "description": "The description of a potential role.", + "example": "Potential Role for Accounting dept" + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements in a potential role.", + "example": 25, + "format": "int32" + }, + "excludedEntitlements": { + "description": "The list of entitlement ids to be excluded.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "07a0b4e2", + "13b4e2a0" + ] + }, + "freshness": { + "type": "integer", + "description": "The freshness of a potential role.", + "example": 75, + "format": "int32" + }, + "identityCount": { + "type": "integer", + "description": "The number of identities in a potential role.", + "example": 25, + "format": "int32" + }, + "identityDistribution": { + "description": "Identity attribute distribution.", + "type": "array", + "items": { + "type": "object", + "properties": { + "attributeName": { + "type": "string", + "description": "Id of the potential role", + "example": "department" + }, + "distribution": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "example": [ + { + "attributeValue": "NM Tier 3", + "count": 6 + } + ] + } + } + } + }, + "identityIds": { + "description": "The list of ids in a potential role.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "07a0b4e2", + "13b4e2a0" + ] + }, + "name": { + "type": "string", + "description": "Name of the potential role.", + "example": "Saved Potential Role - 07/10" + }, + "provisionState": { + "description": "The provisioning state of a potential role.", + "type": "string", + "enum": [ + "POTENTIAL", + "PENDING", + "COMPLETE", + "FAILED" + ], + "example": "POTENTIAL" + }, + "quality": { + "type": "integer", + "description": "The quality of a potential role.", + "example": 100, + "format": "int32" + }, + "roleId": { + "type": "string", + "description": "The roleId of a potential role.", + "example": "07a0b4e2-7a76-44fa-bd0b-c64654b66519" + }, + "saved": { + "type": "boolean", + "description": "The potential role's saved status.", + "example": true + }, + "session": { + "description": "The session parameters of the potential role.", + "type": "object", + "properties": { + "minNumIdentitiesInPotentialRole": { + "type": "integer", + "description": "Minimum number of identities in a potential role", + "example": 20, + "format": "int32" + }, + "name": { + "type": "string", + "description": "The session's saved name", + "example": "Saved RM Session - 07/10" + }, + "pruneThreshold": { + "type": "integer", + "description": "The prune threshold to be used or null to calculate prescribedPruneThreshold", + "example": 5, + "format": "int32" + }, + "saved": { + "type": "boolean", + "description": "The session's saved status", + "example": true + }, + "scope": { + "description": "The scope of identities for this role mining session", + "example": { + "identityIds": [], + "criteria": "source.name:DataScienceDataset", + "attributeFilterCriteria": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + }, + "type": "object", + "properties": { + "identityIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identities for this role mining session.", + "example": [ + "2c918090761a5aac0176215c46a62d58", + "2c918090761a5aac01722015c46a62d42" + ] + }, + "criteria": { + "type": "string", + "description": "The \"search\" criteria that produces the list of identities for this role mining session.", + "example": "source.name:DataScienceDataset" + }, + "attributeFilterCriteria": { + "type": "array", + "items": { + "type": "object" + }, + "description": "The filter criteria for this role mining session.", + "example": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + } + } + }, + "type": { + "description": "Role mining potential type", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ], + "example": "SPECIALIZED" + } + } + }, + "type": { + "description": "Role mining potential type.", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ], + "example": "SPECIALIZED" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}/applications": { + "get": { + "operationId": "getPotentialRoleApplications", + "summary": "Retrieves the applications of a potential role for a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "This method returns the applications of a potential role for a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of potential roles for a role mining session.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the potential role" + }, + "name": { + "type": "string", + "description": "Name of the potential role" + } + }, + "example": { + "id": "2c9180877212632a017228d5a796292b", + "name": "Slack" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularities": { + "get": { + "operationId": "getEntitlementsPotentialRole", + "summary": "Retrieves entitlements for a potential role in a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "This method returns entitlements for a potential role in a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "includeCommonAccess", + "description": "Boolean determining whether common access entitlements will be included or not", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "sorters", + "description": "sort by popularity, default order descending", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filters", + "description": "Filter parameter by \"starts with\" for the applicationName and entitlementRef.name.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of entitlements for a potential role.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "entitlementRef": { + "description": "Details about the entitlement", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the entitlement" + }, + "name": { + "type": "string", + "description": "Name of the entitlement" + }, + "description": { + "type": "string", + "description": "Description forthe entitlement" + } + } + }, + "name": { + "type": "string", + "description": "Name of the entitlement" + }, + "applicationName": { + "type": "string", + "description": "Application name of the entitlement" + }, + "identityCount": { + "type": "integer", + "description": "The number of identities with this entitlement in a role.", + "example": 45 + }, + "popularity": { + "type": "integer", + "description": "The % popularity of this entitlement in a role.", + "example": 65 + }, + "popularityInOrg": { + "type": "integer", + "description": "TThe % popularity of this entitlement in the org.", + "example": 35 + } + }, + "example": { + "entitlementRef": { + "id": "2c9180877212632a017228d5a796292b", + "name": "entitlement.10", + "description": "Read access" + }, + "name": "Administrator", + "applicationName": "Slack", + "identityCount": "8", + "popularity": "65", + "popularityInOrg": "35" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularity-distribution": { + "get": { + "operationId": "getEntitlementDistributionPotentialRole", + "summary": "Retrieves entitlement popularity distribution for a potential role in a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "This method returns entitlement popularity distribution for a potential role in a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "includeCommonAccess", + "description": "Boolean determining whether common access entitlements will be included or not", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a map containing entitlement popularity distribution for a potential role.", + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": { + "type": "integer" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/edit-entitlements": { + "post": { + "operationId": "updateEntitlementsPotentialRole", + "summary": "Edit entitlements for a potential role to exclude some entitlements", + "tags": [ + "IAI Role Mining" + ], + "description": "This endpoint adds or removes entitlements from an exclusion list for a potential role.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "requestBody": { + "description": "Role mining session parameters", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "ids": { + "description": "The list of entitlement ids to be edited", + "type": "array", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "boolean", + "description": "If true, add ids to be exclusion list. If false, remove ids from the exclusion list." + } + }, + "example": { + "ids": [ + "entId1", + "entId2" + ], + "exclude": true + } + } + } + } + }, + "responses": { + "201": { + "description": "Adds or removes entitlements from a potential role's entitlement exclusion list.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "createdBy": { + "description": "The session created by details.", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the creator", + "example": "2c918090761a5aac0176215c46a62d58" + }, + "displayName": { + "type": "string", + "description": "The display name of the creator", + "example": "Ashley.Pierce" + } + } + }, + "density": { + "type": "integer", + "description": "The density of a potential role.", + "example": 75, + "format": "int32" + }, + "description": { + "type": "string", + "description": "The description of a potential role.", + "example": "Potential Role for Accounting dept" + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements in a potential role.", + "example": 25, + "format": "int32" + }, + "excludedEntitlements": { + "description": "The list of entitlement ids to be excluded.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "07a0b4e2", + "13b4e2a0" + ] + }, + "freshness": { + "type": "integer", + "description": "The freshness of a potential role.", + "example": 75, + "format": "int32" + }, + "identityCount": { + "type": "integer", + "description": "The number of identities in a potential role.", + "example": 25, + "format": "int32" + }, + "identityDistribution": { + "description": "Identity attribute distribution.", + "type": "array", + "items": { + "type": "object", + "properties": { + "attributeName": { + "type": "string", + "description": "Id of the potential role", + "example": "department" + }, + "distribution": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "example": [ + { + "attributeValue": "NM Tier 3", + "count": 6 + } + ] + } + } + } + }, + "identityIds": { + "description": "The list of ids in a potential role.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "07a0b4e2", + "13b4e2a0" + ] + }, + "name": { + "type": "string", + "description": "Name of the potential role.", + "example": "Saved Potential Role - 07/10" + }, + "provisionState": { + "description": "The provisioning state of a potential role.", + "type": "string", + "enum": [ + "POTENTIAL", + "PENDING", + "COMPLETE", + "FAILED" + ], + "example": "POTENTIAL" + }, + "quality": { + "type": "integer", + "description": "The quality of a potential role.", + "example": 100, + "format": "int32" + }, + "roleId": { + "type": "string", + "description": "The roleId of a potential role.", + "example": "07a0b4e2-7a76-44fa-bd0b-c64654b66519" + }, + "saved": { + "type": "boolean", + "description": "The potential role's saved status.", + "example": true + }, + "session": { + "description": "The session parameters of the potential role.", + "type": "object", + "properties": { + "minNumIdentitiesInPotentialRole": { + "type": "integer", + "description": "Minimum number of identities in a potential role", + "example": 20, + "format": "int32" + }, + "name": { + "type": "string", + "description": "The session's saved name", + "example": "Saved RM Session - 07/10" + }, + "pruneThreshold": { + "type": "integer", + "description": "The prune threshold to be used or null to calculate prescribedPruneThreshold", + "example": 5, + "format": "int32" + }, + "saved": { + "type": "boolean", + "description": "The session's saved status", + "example": true + }, + "scope": { + "description": "The scope of identities for this role mining session", + "example": { + "identityIds": [], + "criteria": "source.name:DataScienceDataset", + "attributeFilterCriteria": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + }, + "type": "object", + "properties": { + "identityIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identities for this role mining session.", + "example": [ + "2c918090761a5aac0176215c46a62d58", + "2c918090761a5aac01722015c46a62d42" + ] + }, + "criteria": { + "type": "string", + "description": "The \"search\" criteria that produces the list of identities for this role mining session.", + "example": "source.name:DataScienceDataset" + }, + "attributeFilterCriteria": { + "type": "array", + "items": { + "type": "object" + }, + "description": "The filter criteria for this role mining session.", + "example": { + "displayName": { + "untranslated": "Location: Miami" + }, + "ariaLabel": { + "untranslated": "Location: Miami" + }, + "data": { + "displayName": { + "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION" + }, + "name": "location", + "operator": "EQUALS", + "values": [ + "Miami" + ] + } + } + } + } + }, + "type": { + "description": "Role mining potential type", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ], + "example": "SPECIALIZED" + } + } + }, + "type": { + "description": "Role mining potential type.", + "type": "string", + "enum": [ + "SPECIALIZED", + "COMMON" + ], + "example": "SPECIALIZED" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/identities": { + "get": { + "operationId": "getIdentitiesPotentialRole", + "summary": "Retrieves identities for a potential role in a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "This method returns identities for a potential role in a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "sorters", + "description": "sort by name, default order ascending", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filters", + "description": "Filter parameter by \"starts with\" for the name.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of identities for a potential role.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the identity" + }, + "name": { + "type": "string", + "description": "Name of the identity" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "example": { + "id": "2c9180877212632a017228d5934525e6", + "name": "Allene Abernathy-Welch", + "attributes": { + "jobTitle": "SQL Developer", + "department": "IT", + "location": "NYC", + "firstName": "Allene" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export": { + "get": { + "operationId": "exportRoleMiningPotentialRole", + "summary": "Export (download) details for a potential role in a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "This endpoint downloads all the information for a potential role in a role mining session. Includes identities and entitlements in the potential role.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role.", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async": { + "post": { + "operationId": "exportRoleMiningPotentialRoleAsync", + "summary": "Asynchronously export details for a potential role in a role mining session and upload to S3", + "tags": [ + "IAI Role Mining" + ], + "description": "This endpoint uploads all the information for a potential role in a role mining session to S3 as a downloadable zip archive. Includes identities and entitlements in the potential role.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "278359a6-04b7-4669-9468-924cf580964a" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "minEntitlementPopularity": { + "type": "integer", + "description": "The minimum popularity among identities in the role which an entitlement must have to be included in the report", + "example": 0 + }, + "includeCommonAccess": { + "type": "boolean", + "description": "If false, do not include entitlements that are highly popular among the entire orginization", + "example": true + } + }, + "example": { + "minEntitlementPopularity": 0, + "includeCommonAccess": true + } + } + } + } + }, + "responses": { + "202": { + "description": "Job Submitted. Returns a reportId that can be used to download the zip once complete", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "minEntitlementPopularity": { + "type": "integer", + "description": "The minimum popularity among identities in the role which an entitlement must have to be included in the report", + "example": 0 + }, + "includeCommonAccess": { + "type": "boolean", + "description": "If false, do not include entitlements that are highly popular among the entire orginization", + "example": true + } + }, + "example": { + "minEntitlementPopularity": 0, + "includeCommonAccess": true + } + }, + { + "type": "object", + "properties": { + "exportId": { + "type": "string", + "format": "uuid", + "description": "ID used to reference this export", + "example": "0c6cdb76-1227-4aaf-af21-192dbdfbfa04" + }, + "status": { + "description": "The status of this export", + "example": "QUEUED", + "type": "string", + "enum": [ + "QUEUED", + "IN_PROGRESS", + "SUCCESS", + "ERROR" + ] + } + } + } + ], + "example": { + "exportId": "0c6cdb76-1227-4aaf-af21-192dbdfbfa04", + "status": "QUEUED", + "minEntitlementPopularity": 0, + "includeCommonAccess": true + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}": { + "get": { + "operationId": "exportRoleMiningPotentialRoleStatus", + "summary": "Retrieve status of a potential role export job", + "tags": [ + "IAI Role Mining" + ], + "description": "This endpoint retrieves information about the current status of a potential role export.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "278359a6-04b7-4669-9468-924cf580964a" + }, + { + "in": "path", + "name": "exportId", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The id of a previously run export job for this potential role", + "example": "4940ffd4-836f-48a3-b2b0-6d498c3fdf40" + } + ], + "responses": { + "200": { + "description": "Success. Returns the current status of this export", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "minEntitlementPopularity": { + "type": "integer", + "description": "The minimum popularity among identities in the role which an entitlement must have to be included in the report", + "example": 0 + }, + "includeCommonAccess": { + "type": "boolean", + "description": "If false, do not include entitlements that are highly popular among the entire orginization", + "example": true + } + }, + "example": { + "minEntitlementPopularity": 0, + "includeCommonAccess": true + } + }, + { + "type": "object", + "properties": { + "exportId": { + "type": "string", + "format": "uuid", + "description": "ID used to reference this export", + "example": "0c6cdb76-1227-4aaf-af21-192dbdfbfa04" + }, + "status": { + "description": "The status of this export", + "example": "QUEUED", + "type": "string", + "enum": [ + "QUEUED", + "IN_PROGRESS", + "SUCCESS", + "ERROR" + ] + } + } + } + ], + "example": { + "exportId": "0c6cdb76-1227-4aaf-af21-192dbdfbfa04", + "status": "QUEUED", + "minEntitlementPopularity": 0, + "includeCommonAccess": true + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}/download": { + "get": { + "operationId": "downloadRoleMiningPotentialRoleZip", + "summary": "Export (download) details for a potential role in a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "This endpoint downloads a completed export of information for a potential role in a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "278359a6-04b7-4669-9468-924cf580964a" + }, + { + "in": "path", + "name": "exportId", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The id of a previously run export job for this potential role", + "example": "4940ffd4-836f-48a3-b2b0-6d498c3fdf40" + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role.", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/provision": { + "post": { + "operationId": "createPotentialRoleProvisionRequest", + "summary": "Create request to provision a potential role into an actual role.", + "tags": [ + "IAI Role Mining" + ], + "description": "This method starts a job to provision a potential role", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "min-entitlement-popularity", + "description": "Minimum popularity required for an entitlement to be included in the provisioned role.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "integer", + "default": 0, + "minimum": 0, + "maximum": 100 + } + }, + { + "in": "query", + "name": "include-common-access", + "description": "Boolean determining whether common access entitlements will be included in the provisioned role.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "requestBody": { + "description": "Required information to create a new role", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "roleName": { + "type": "string", + "description": "Name of the new role being created", + "example": "Finance - Accounting" + }, + "roleDescription": { + "type": "string", + "description": "Short description of the new role being created", + "example": "General access for accounting department" + }, + "ownerId": { + "type": "string", + "description": "ID of the identity that will own this role", + "example": "2b568c65bc3c4c57a43bd97e3a8e41" + } + }, + "example": { + "roleName": "Finance - Accounting", + "roleDescription": "General access for accounting department", + "ownerId": "2b568c65bc3c4c57a43bd97e3a8e41" + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted. Returns a potential role summary including the status of the provison request", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "potentialRoleRef": { + "description": "Details about the potential role", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the potential role" + }, + "name": { + "type": "string", + "description": "Name of the potential role" + } + } + }, + "identityCount": { + "type": "integer", + "description": "The number of identities in a potential role.", + "example": 25 + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements in a potential role.", + "example": 15 + }, + "identityGroupStatus": { + "type": "string", + "description": "The status for this identity group which can be \"REQUESTED\" or \"OBTAINED\"", + "example": "OBTAINED" + }, + "provisionState": { + "description": "The status of provisioning for this potential role. Can be \"POTENTIAL\", \"PENDING\", \"FAILED\", or \"COMPLETE\".", + "example": "PENDING", + "type": "string", + "enum": [ + "POTENTIAL", + "PENDING", + "COMPLETE", + "FAILED" + ] + }, + "roleId": { + "type": "string", + "description": "ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.", + "example": "2a4be6fbcf3c4e66b95a0c15ffd591" + }, + "density": { + "type": "integer", + "description": "The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.", + "example": 90 + }, + "freshness": { + "type": "integer", + "description": "The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.", + "example": 70 + }, + "quality": { + "type": "integer", + "description": "The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.", + "example": 80 + } + }, + "example": { + "potentialRoleRef": { + "id": "dd4c13c6-8237-4753-bfb7-f627e489f9ec", + "name": "Potential Role - dd4c13" + }, + "identityCount": "25", + "entitlementCount": "15", + "identityGroupStatus": "OBTAINED", + "provisionState": "PENDING", + "roleId": "2a4be6fbcf3c4e66b95a0c15ffd591" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/excluded-entitlements": { + "get": { + "operationId": "getExcludedEntitlementsPotentialRole", + "summary": "Retrieves excluded entitlements for a potential role in a role mining session", + "tags": [ + "IAI Role Mining" + ], + "description": "This method returns excluded entitlements for a potential role in a role mining session.", + "parameters": [ + { + "in": "path", + "name": "sessionId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The role mining session id", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "path", + "name": "potentialRoleId", + "schema": { + "type": "string" + }, + "required": true, + "description": "A potential role id in a role mining session", + "example": "8c190e67-87aa-4ed9-a90b-d9d5344523fb" + }, + { + "in": "query", + "name": "sorters", + "description": "sort by popularity, default order descending", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filters", + "description": "Filter parameter by \"starts with\" for the applicationName and entitlementRef.name.", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "Succeeded. Returns a list of excluded entitlements for a potential roles.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "entitlementRef": { + "description": "Details about the entitlement", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the entitlement" + }, + "name": { + "type": "string", + "description": "Name of the entitlement" + }, + "description": { + "type": "string", + "description": "Description forthe entitlement" + } + } + }, + "name": { + "type": "string", + "description": "Name of the entitlement" + }, + "applicationName": { + "type": "string", + "description": "Application name of the entitlement" + }, + "identityCount": { + "type": "integer", + "description": "The number of identities with this entitlement in a role.", + "example": 45 + }, + "popularity": { + "type": "integer", + "description": "The % popularity of this entitlement in a role.", + "example": 65 + }, + "popularityInOrg": { + "type": "integer", + "description": "TThe % popularity of this entitlement in the org.", + "example": 35 + } + }, + "example": { + "entitlementRef": { + "id": "2c9180877212632a017228d5a796292b", + "name": "entitlement.10", + "description": "Read access" + }, + "name": "Administrator", + "applicationName": "Slack", + "identityCount": "8", + "popularity": "65", + "popularityInOrg": "35" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/roles": { + "get": { + "operationId": "listRoles", + "tags": [ + "Roles" + ], + "summary": "List Roles", + "description": "This API returns a list of Roles.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "for-subadmin", + "schema": { + "type": "string" + }, + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "example": "5168015d32f890ca15812c9180835d2e", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 50, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 50, + "default": 50 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "example": "requestable eq false", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "example": "name,-modified", + "required": false + }, + { + "in": "query", + "name": "for-segment-ids", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "example": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "required": false + }, + { + "in": "query", + "name": "include-unsegmented", + "schema": { + "type": "boolean", + "default": true + }, + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "example": false, + "required": false + } + ], + "responses": { + "200": { + "description": "List of Roles", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:read", + "idn:role-unchecked:manage", + "idn:role-checked:manage", + "idn:role-checked:read" + ] + } + ] + }, + "post": { + "operationId": "createRole", + "tags": [ + "Roles" + ], + "summary": "Create a Role", + "description": "This API creates a Role.\nThere is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket.\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Role created", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:manage", + "idn:role-checked:manage" + ] + } + ] + } + }, + "/roles/{id}": { + "get": { + "operationId": "getRole", + "tags": [ + "Roles" + ], + "summary": "Get a Role", + "description": "This API returns a Role by its ID.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "ID of the Role", + "example": "2c91808a7813090a017814121e121518" + } + ], + "responses": { + "200": { + "description": "List of all Roles", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:read", + "idn:role-unchecked:manage", + "idn:role-checked:manage", + "idn:role-checked:read" + ] + } + ] + }, + "patch": { + "operationId": "patchRole", + "tags": [ + "Roles" + ], + "summary": "Patch a specified Role", + "description": "This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.\n\nThe following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Role to patch", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121e121518" + } + } + ], + "requestBody": { + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "Make a Role Requestable and Enable it in One Call": { + "description": "This example shows how multiple fields may be updated with a single patch call.", + "value": [ + { + "op": "replace", + "path": "/requestable", + "value": true + }, + { + "op": "replace", + "path": "/enabled", + "value": true + } + ] + }, + "Assign a Role to a Segment": { + "description": "This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array.", + "value": [ + { + "op": "add", + "path": "/segments/-", + "value": "f7b1b8a3-5fed-4fd4-ad29-82014e137e19" + } + ] + }, + "Set the Membership Selection Criteria to a List of Identities": { + "description": "This example shows how to define a Role's membershp by providing a list of Identities, referenced by their IDs.", + "value": [ + { + "op": "replace", + "path": "/membership", + "value": { + "type": "IDENTITY_LIST", + "identities": [ + { + "id": "2c91808973fe906c0174262092014ed9" + }, + { + "id": "2c918086262092014ed94fb8a47612f3" + } + ] + } + } + ] + }, + "Set the Membership Selection Criteria to a Standard Expression": { + "description": "This example shows how to define a Role's membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.", + "value": [ + { + "op": "replace", + "path": "/membership", + "value": { + "type": "STANDARD", + "criteria": { + "operation": "OR", + "children": [ + { + "operation": "EQUALS", + "key": { + "type": "ENTITLEMENT", + "property": "attribute.memberOf", + "sourceId": "2c9180887701fb2014213e122092014e" + }, + "stringValue": "Engineering" + } + ] + } + } + } + ] + }, + "Add a New Clause as the Child of an Existing Standard Expression": { + "description": "This example shows how to add a child clause to an existing STANDARD criteria expression.", + "value": [ + { + "op": "add", + "path": "/membership/criteria/children/-", + "value": { + "operation": "ENDS_WITH", + "key": { + "type": "IDENTITY", + "property": "attribute.email" + }, + "stringValue": "@identitynow.com" + } + } + ] + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Responds with the Role as updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:manage", + "idn:role-checked:manage" + ] + } + ] + }, + "delete": { + "operationId": "deleteRole", + "tags": [ + "Roles" + ], + "summary": "Delete a Role", + "description": "This API deletes a Role by its ID.\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "ID of the Role", + "example": "2c91808a7813090a017814121e121518" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:manage", + "idn:role-checked:manage" + ] + } + ] + } + }, + "/roles/bulk-delete": { + "post": { + "operationId": "bulkDeleteRoles", + "summary": "Delete Role(s)", + "tags": [ + "Roles" + ], + "description": "This API initiates a bulk deletion of one or more Roles.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Roles included in the request are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "roleIds": { + "description": "List of IDs of Roles to be deleted.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c9180847812e0b1017817051919ecca", + "2c9180887812e0b201781e129f151816" + ] + } + }, + "required": [ + "roleIds" + ] + }, + "example": { + "roleIds": [ + "2c91808876438bb2017668b91919ecca", + "2c91808876438ba801766e129f151816" + ] + } + } + } + }, + "responses": { + "202": { + "description": "Returns an object with the id of the task performing the delete operation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "example": { + "type": "TASK_RESULT", + "id": "464ae7bf791e49fdb74606a2e4a89635", + "name": null + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "400.1 Bad Request Content": { + "description": "Response for bad request content", + "value": { + "detailCode": "400.1 Bad Request Content", + "trackingId": "1ea1adcb84da4dcb890145e05745774e", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The request was syntactically correct but its content is semantically invalid." + } + ] + } + }, + "400.1 Role ids limit violation": { + "description": "Role ids limit violation response", + "value": { + "detailCode": "400.1 Bad Request Content", + "trackingId": "77aa89ac6f0e422dbc588866abc22be9", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "roleIds count exceeded max limit of 50 for bulk-delete." + } + ] + } + }, + "400.1.404 Referenced object not found": { + "description": "Referenced object not found response", + "value": { + "detailCode": "400.1.404 Referenced object not found", + "trackingId": "77aa89ac6f0e422dbc588866abc22be9", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "Referenced roleIds [\"2c91808876438bb2017668b91919ecca\"] was not found." + } + ] + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:manage", + "idn:role-checked:manage" + ] + } + ] + } + }, + "/roles/{id}/assigned-identities": { + "get": { + "operationId": "getRoleAssignedIdentities", + "tags": [ + "Roles" + ], + "summary": "Identities assigned a Role", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "description": "ID of the Role for which the assigned Identities are to be listed", + "example": "2c91808a7813090a017814121e121518", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "example": "name sw Joe" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "example": "aliasName,name" + } + ], + "responses": { + "200": { + "description": "List of Identities assigned the Role", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A subset of the fields of an Identity which is a member of a Role.", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Identity", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "aliasName": { + "type": "string", + "description": "The alias / username of the Identity", + "example": "t.edison" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Identity", + "example": "Thomas Edison" + }, + "email": { + "type": "string", + "description": "Email address of the Identity", + "example": "t.edison@identitynow.com" + }, + "roleAssignmentSource": { + "type": "string", + "enum": [ + "ACCESS_REQUEST", + "ROLE_MEMBERSHIP" + ], + "description": "Type which indicates how a particular Identity obtained a particular Role", + "example": "ACCESS_REQUEST" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:read", + "idn:role-unchecked:manage", + "idn:role-checked:manage", + "idn:role-checked:read" + ] + } + ] + } + }, + "/segments": { + "post": { + "operationId": "createSegment", + "tags": [ + "Segments" + ], + "summary": "Create Segment", + "description": "This API creates a segment.\n\nNote that segment definitions may take time to propagate to all identities.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect." + } + } + } + } + } + }, + "responses": { + "201": { + "description": "Segment created", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect." + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listSegments", + "tags": [ + "Segments" + ], + "summary": "List Segments", + "description": "This API returns a list of all segments.\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "List of all Segments", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect." + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/segments/{id}": { + "get": { + "operationId": "getSegment", + "tags": [ + "Segments" + ], + "summary": "Get a Segment by its ID", + "description": "This API returns the segment specified by the given ID.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Segment to retrieve.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Segment", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect." + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSegment", + "tags": [ + "Segments" + ], + "summary": "Delete Segment by ID", + "description": "This API deletes the segment specified by the given ID.\n\nNote that segment deletion may take some time to become effective.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Segment to delete.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchSegment", + "tags": [ + "Segments" + ], + "summary": "Update a Segment", + "description": "Allows updating Segment fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nNote that changes to a segment may take some time to propagate to all identities, and that segments will have no effect if segmentation is not enabled for your org.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Segment being modified.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of Segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\n\nThe following fields are patchable:\n* name\n* description\n* owner\n* visibilityCriteria\n* active\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + }, + "examples": { + "Set Visibility Criteria": { + "description": "Set the visibility criteria", + "value": [ + { + "op": "replace", + "path": "/visibilityCriteria", + "value": { + "expression": { + "operator": "AND", + "children": [ + { + "operator": "EQUALS", + "attribute": "location", + "value": { + "type": "STRING", + "value": "Philadelphia" + } + }, + { + "operator": "EQUALS", + "attribute": "department", + "value": { + "type": "STRING", + "value": "HR" + } + } + ] + } + } + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the Segment's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect." + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/send-test-notification": { + "post": { + "operationId": "sendTestNotification", + "tags": [ + "Notifications" + ], + "summary": "Send Test Notification", + "description": "Send a Test Notification", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The template notification key.", + "example": "cloud_manual_work_item_summary" + }, + "medium": { + "type": "string", + "description": "The notification medium. Has to be one of the following enum values.", + "enum": [ + "EMAIL", + "SLACK", + "TEAMS" + ] + }, + "context": { + "type": "object", + "description": "A Json object that denotes the context specific to the template." + } + } + }, + "example": { + "key": "cloud_manual_work_item_summary", + "medium": "EMAIL", + "context": { + "numberOfPendingTasks": "4", + "ownerId": "201327fda1c44704ac01181e963d463c" + } + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/service-desk-integrations": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "List existing Service Desk Integrations", + "description": "Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getServiceDeskIntegrationList", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "name": "sorters", + "in": "query", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "example": "name" + }, + { + "name": "filters", + "in": "query", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "example": "id eq 2c91808b6ef1d43e016efba0ce470904" + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "List of ServiceDeskIntegrationDto", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-integration:read" + ] + } + ] + }, + "post": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Create new Service Desk integration", + "description": "Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "createServiceDeskIntegration", + "requestBody": { + "description": "The specifics of a new integration to create", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "details of the created integration", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + } + }, + "/service-desk-integrations/{id}": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Get a Service Desk integration", + "description": "Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getServiceDeskIntegration", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Service Desk integration to get", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "anId" + } + } + ], + "responses": { + "200": { + "description": "ServiceDeskIntegrationDto with the given ID", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-integration:read" + ] + } + ] + }, + "put": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Update a Service Desk integration", + "description": "Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "updateServiceDeskIntegration", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Service Desk integration to update", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "anId" + } + } + ], + "requestBody": { + "description": "The specifics of the integration to update", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "ServiceDeskIntegrationDto as updated", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + }, + "delete": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Delete a Service Desk integration", + "description": "Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "deleteServiceDeskIntegration", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of Service Desk integration to delete", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "anId" + } + } + ], + "responses": { + "204": { + "description": "Service Desk integration with the given ID successfully deleted" + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + }, + "patch": { + "operationId": "patchServiceDeskIntegration", + "tags": [ + "Service Desk Integration" + ], + "summary": "Service Desk Integration Update PATCH", + "description": "Update an existing ServiceDeskIntegration by ID with a PATCH request.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Service Desk integration to update", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "anId" + } + } + ], + "requestBody": { + "required": true, + "description": "A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nPATCH can only be applied to the following fields:\n * \"beforeProvisioningRule\"\n\nA 403 Forbidden Error indicates that you attempted to PATCH a field that is not allowed.\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "object", + "description": "A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "properties": { + "operations": { + "description": "Operations to be applied", + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + } + }, + "example": "[\n {\n\t \"op\": \"replace\",\n\t \"path\": \"/description\",\n\t \"value\": \"A new description\"\n }\n]" + } + } + } + }, + "responses": { + "200": { + "description": "ServiceDeskIntegrationDto as updated", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + } + }, + "/service-desk-integrations/types": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Service Desk Integration Types List.", + "description": "This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getServiceDeskIntegrationTypes", + "responses": { + "200": { + "description": "Responds with an array of the currently supported Service Desk integration types.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "description": "This represents a Service Desk Integration template type.", + "required": [ + "type", + "scriptName" + ], + "type": "object", + "properties": { + "name": { + "description": "This is the name of the type.", + "example": "aName", + "type": "string" + }, + "type": { + "description": "This is the type value for the type.", + "example": "aType", + "type": "string" + }, + "scriptName": { + "description": "This is the scriptName attribute value for the type.", + "example": "aScriptName", + "type": "string" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-admin:manage", + "idn:service-desk-integration:read", + "idn:service-desk-integration:manage" + ] + } + ] + } + }, + "/service-desk-integrations/templates/{scriptName}": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Service Desk integration template by scriptName.", + "description": "This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getServiceDeskIntegrationTemplate", + "parameters": [ + { + "name": "scriptName", + "in": "path", + "description": "The scriptName value of the Service Desk integration template to get", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "aScriptName" + } + } + ], + "responses": { + "200": { + "description": "Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "format": "date-time", + "readOnly": true, + "example": "2023-01-03T21:16:22.432Z" + } + } + }, + { + "type": "object", + "description": "This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.", + "required": [ + "type", + "attributes", + "provisioningConfig" + ], + "properties": { + "type": { + "description": "The 'type' property specifies the type of the Service Desk integration template.", + "type": "string", + "example": "Web Service SDIM", + "default": "Web Service SDIM" + }, + "attributes": { + "description": "The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.", + "type": "object", + "additionalProperties": true + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-integration:read" + ] + } + ] + } + }, + "/service-desk-integrations/status-check-configuration": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Get the time check configuration", + "description": "Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getStatusCheckDetails", + "responses": { + "200": { + "description": "QueuedCheckConfigDetails containing the configured values", + "content": { + "application/json": { + "schema": { + "description": "Configuration of maximum number days and interval for checking Service Desk integration queue status", + "required": [ + "provisioningStatusCheckIntervalMinutes", + "provisioningMaxStatusCheckDays" + ], + "type": "object", + "properties": { + "provisioningStatusCheckIntervalMinutes": { + "description": "interval in minutes between status checks", + "type": "string", + "example": 30 + }, + "provisioningMaxStatusCheckDays": { + "description": "maximum number of days to check", + "type": "string", + "example": 2 + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-admin:manage", + "idn:service-desk-integration:read", + "idn:service-desk-integration:manage" + ] + } + ] + }, + "put": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Update the time check configuration", + "description": "Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "updateStatusCheckDetails", + "requestBody": { + "description": "the modified time check configuration", + "content": { + "application/json": { + "schema": { + "description": "Configuration of maximum number days and interval for checking Service Desk integration queue status", + "required": [ + "provisioningStatusCheckIntervalMinutes", + "provisioningMaxStatusCheckDays" + ], + "type": "object", + "properties": { + "provisioningStatusCheckIntervalMinutes": { + "description": "interval in minutes between status checks", + "type": "string", + "example": 30 + }, + "provisioningMaxStatusCheckDays": { + "description": "maximum number of days to check", + "type": "string", + "example": 2 + } + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "QueuedCheckConfigDetails as updated", + "content": { + "application/json": { + "schema": { + "description": "Configuration of maximum number days and interval for checking Service Desk integration queue status", + "required": [ + "provisioningStatusCheckIntervalMinutes", + "provisioningMaxStatusCheckDays" + ], + "type": "object", + "properties": { + "provisioningStatusCheckIntervalMinutes": { + "description": "interval in minutes between status checks", + "type": "string", + "example": 30 + }, + "provisioningMaxStatusCheckDays": { + "description": "maximum number of days to check", + "type": "string", + "example": 2 + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + } + }, + "/sp-config/export": { + "post": { + "operationId": "exportSpConfig", + "security": [ + { + "oauth2": [ + "sp:config:read", + "sp:config:manage" + ] + } + ], + "tags": [ + "SP-Config" + ], + "summary": "Initiates Configuration Objects Export Job.", + "description": "This post will export objects from the tenant to a JSON configuration file.", + "requestBody": { + "description": "Export options control what will be included in the export.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "excludeTypes": { + "description": "Object type names to be excluded from an sp-config export command.", + "type": "array", + "items": { + "type": "string", + "enum": [ + "SOURCE", + "RULE", + "TRIGGER_SUBSCRIPTION", + "TRANSFORM", + "IDENTITY_PROFILE" + ], + "example": "SOURCE" + } + }, + "includeTypes": { + "description": "Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.", + "type": "array", + "items": { + "type": "string", + "enum": [ + "SOURCE", + "RULE", + "TRIGGER_SUBSCRIPTION", + "TRANSFORM", + "IDENTITY_PROFILE" + ], + "example": "TRIGGER_SUBSCRIPTION" + } + }, + "objectOptions": { + "description": "Additional options targeting specific objects related to each item in the includeTypes field", + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "includedIds": { + "description": "Object ids to be included in an import or export.", + "type": "array", + "items": { + "type": "string", + "example": "be9e116d-08e1-49fc-ab7f-fa585e96c9e4" + } + }, + "includedNames": { + "description": "Object names to be included in an import or export.", + "type": "array", + "items": { + "type": "string", + "example": "Test Object" + } + } + } + }, + "example": { + "TRIGGER_SUBSCRIPTION": { + "includedIds": [ + "be9e116d-08e1-49fc-ab7f-fa585e96c9e4" + ], + "includedNames": [ + "Test 2" + ] + } + } + } + } + } + ], + "properties": { + "description": { + "type": "string", + "description": "Optional user defined description/name for export job.", + "example": "Export Job 1 Test" + } + } + }, + "examples": { + "Export all objects available": { + "description": "Export all object types available in IDN.", + "value": { + "description": "Export all available objects", + "excludeTypes": [], + "includeTypes": [ + "SOURCE", + "RULE", + "TRIGGER_SUBSCRIPTION", + "TRANSFORM", + "IDENTITY_PROFILE" + ], + "objectOptions": {} + } + }, + "Export sources by ID": { + "description": "Export only sources that match the IDs specified in the export options.", + "value": { + "description": "Export sources by ID", + "excludeTypes": [], + "includeTypes": [ + "SOURCE" + ], + "objectOptions": { + "SOURCE": { + "includedIds": [ + "be9e116d-08e1-49fc-ab7f-fa585e96c9e4", + "be9p119e-90e1-49pk-ac9f-fa576e96c9e4" + ], + "includedNames": [] + } + } + } + }, + "Export transforms by name": { + "description": "Export only transforms that match the names specified in the export options.", + "value": { + "description": "Export transforms by name", + "excludeTypes": [], + "includeTypes": [ + "TRANSFORM" + ], + "objectOptions": { + "TRANSFORM": { + "includedIds": [], + "includedNames": [ + "Remove Diacritical Marks", + "Common - Location Lookup" + ] + } + } + } + }, + "Export trigger subscriptions triggers and transforms with custom options": { + "description": "Export trigger subscriptions and transforms that match the export options.", + "value": { + "description": "Export trigger subscriptions and transforms with custom filter options", + "excludeTypes": [], + "includeTypes": [ + "TRANSFORM", + "TRIGGER_SUBSCRIPTION" + ], + "objectOptions": { + "TRANSFORM": { + "includedIds": [], + "includedNames": [ + "Remove Diacritical Marks", + "Common - Location Lookup" + ] + }, + "TRIGGER_SUBSCRIPTION": { + "includedIds": [ + "be9e116d-08e1-49fc-ab7f-fa585e96c9e4", + "be9p119e-90e1-49pk-ac9f-fa576e96c9e4" + ], + "includedNames": [ + "NGROK Test: fire and forget", + "Manager Certification" + ] + } + } + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Export job accepted and queued for processing.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "jobId": { + "type": "string", + "description": "Unique id assigned to this job.", + "example": "3469b87d-48ca-439a-868f-2160001da8c1" + }, + "status": { + "type": "string", + "description": "Status of the job.", + "enum": [ + "NOT_STARTED", + "IN_PROGRESS", + "COMPLETE", + "CANCELLED", + "FAILED" + ], + "example": "COMPLETE" + }, + "type": { + "type": "string", + "description": "Type of the job, either export or import.", + "enum": [ + "EXPORT", + "IMPORT" + ], + "example": "IMPORT" + }, + "message": { + "type": "string", + "description": "This message contains additional information about the overall status of the job.", + "example": "Download import results for details." + }, + "description": { + "type": "string", + "description": "Optional user defined description/name for export job.", + "example": "ETS configuration objects from Acme-Solar sandbox" + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The time until which the artifacts will be available for download.", + "example": "2021-05-11T22:23:16Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time the job was started.", + "example": "2021-05-11T22:23:16Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time of the last update to the job.", + "example": "2021-05-11T22:23:16Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "The time the job was completed.", + "example": "2021-05-11T22:23:16Z" + } + }, + "required": [ + "jobId", + "status", + "type", + "message", + "description", + "expiration", + "created", + "modified", + "completed" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.\n", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sp-config/export/{id}": { + "get": { + "operationId": "exportSpConfigJobStatus", + "tags": [ + "SP-Config" + ], + "summary": "Get Status of Export Job", + "description": "This gets the status of the export job identified by the id parameter.\nRequest will need one of the following security scopes:\n- sp:config:read - sp:config:manage", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the export job for which status will be returned.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Export job status successfully returned.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "jobId": { + "type": "string", + "description": "Unique id assigned to this job.", + "example": "3469b87d-48ca-439a-868f-2160001da8c1" + }, + "status": { + "type": "string", + "description": "Status of the job.", + "enum": [ + "NOT_STARTED", + "IN_PROGRESS", + "COMPLETE", + "CANCELLED", + "FAILED" + ], + "example": "COMPLETE" + }, + "type": { + "type": "string", + "description": "Type of the job, either export or import.", + "enum": [ + "EXPORT", + "IMPORT" + ], + "example": "IMPORT" + }, + "message": { + "type": "string", + "description": "This message contains additional information about the overall status of the job.", + "example": "Download import results for details." + }, + "description": { + "type": "string", + "description": "Optional user defined description/name for export job.", + "example": "ETS configuration objects from Acme-Solar sandbox" + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The time until which the artifacts will be available for download.", + "example": "2021-05-11T22:23:16Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time the job was started.", + "example": "2021-05-11T22:23:16Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time of the last update to the job.", + "example": "2021-05-11T22:23:16Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "The time the job was completed.", + "example": "2021-05-11T22:23:16Z" + } + }, + "required": [ + "jobId", + "status", + "type", + "message", + "description", + "expiration", + "created", + "modified", + "completed" + ] + }, + "example": { + "jobId": "1e824aa0-4c6e-4f14-95e9-e7dc5234aa51", + "status": "COMPLETE", + "type": "EXPORT", + "message": null, + "description": "Export Job 1 Test", + "expiration": "2021-05-20T15:04:24Z", + "created": "2021-05-13T15:04:24.112Z", + "modified": "2021-05-13T15:04:27.363Z", + "completed": "2021-05-13T15:04:27.358Z" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sp-config/export/{id}/download": { + "get": { + "operationId": "exportSpConfigDownload", + "tags": [ + "SP-Config" + ], + "summary": "Download Result of Export Job", + "description": "This gets export file resulting from the export job with the requested id and downloads it to a file.\nRequest will need one of the following security scopes:\n- sp:config:read - sp:config:manage", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the export job for which the results will be downloaded.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Exported JSON objects.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Config Export Response Body", + "description": "Response model for config export download response.", + "properties": { + "version": { + "type": "integer", + "description": "Current version of the export results object.", + "example": 1 + }, + "timestamp": { + "type": "string", + "format": "date-time", + "description": "Time the export was completed.", + "example": "2021-05-11T22:23:16Z" + }, + "tenant": { + "type": "string", + "description": "Name of the tenant where this export originated.", + "example": "sample-tenant" + }, + "description": { + "type": "string", + "description": "Optional user defined description/name for export job.", + "example": "Export Job 1 Test" + }, + "options": { + "description": "Options used to create this export.", + "type": "object", + "properties": { + "excludeTypes": { + "description": "Object type names to be excluded from an sp-config export command.", + "type": "array", + "items": { + "type": "string", + "enum": [ + "SOURCE", + "RULE", + "TRIGGER_SUBSCRIPTION", + "TRANSFORM", + "IDENTITY_PROFILE" + ], + "example": "SOURCE" + } + }, + "includeTypes": { + "description": "Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.", + "type": "array", + "items": { + "type": "string", + "enum": [ + "SOURCE", + "RULE", + "TRIGGER_SUBSCRIPTION", + "TRANSFORM", + "IDENTITY_PROFILE" + ], + "example": "TRIGGER_SUBSCRIPTION" + } + }, + "objectOptions": { + "description": "Additional options targeting specific objects related to each item in the includeTypes field", + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "includedIds": { + "description": "Object ids to be included in an import or export.", + "type": "array", + "items": { + "type": "string", + "example": "be9e116d-08e1-49fc-ab7f-fa585e96c9e4" + } + }, + "includedNames": { + "description": "Object names to be included in an import or export.", + "type": "array", + "items": { + "type": "string", + "example": "Test Object" + } + } + } + }, + "example": { + "TRIGGER_SUBSCRIPTION": { + "includedIds": [ + "be9e116d-08e1-49fc-ab7f-fa585e96c9e4" + ], + "includedNames": [ + "Test 2" + ] + } + } + } + } + }, + "objects": { + "type": "array", + "items": { + "type": "object", + "title": "Config Object for Export and Import", + "description": "Config export and import format for individual object configurations.", + "properties": { + "version": { + "type": "integer", + "description": "Current version of configuration object.", + "example": 1 + }, + "self": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "object": { + "description": "Object details. Format dependant on the object type.", + "additionalProperties": true + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sp-config/import": { + "post": { + "operationId": "importSpConfig", + "tags": [ + "SP-Config" + ], + "summary": "Initiates Configuration Objects Import Job.", + "description": "This post will import objects from a JSON configuration file into a tenant. By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. The backup is provided so that the state of the configuration prior to the import is available for inspection or restore if needed. The backup can be skipped by setting \"excludeBackup\" to true in the import options. If a backup is performed, the id of the backup will be provided in the ImportResult as the \"exportJobId\". This can be downloaded using the /sp-config/export/{exportJobId}/download endpoint.\nRequest will need the following security scope:\n- sp:config:manage", + "parameters": [ + { + "in": "query", + "name": "preview", + "schema": { + "type": "boolean", + "default": false + }, + "required": false, + "description": "This option is intended to give the user information about how an import operation would proceed, without having any affect on the target tenant. If true, no objects will be imported. Instead, the import process will pre-process the import file and attempt to resolve references within imported objects. The import result file will contain messages pertaining to how specific references were resolved, any errors associated with the preprocessing, and messages indicating which objects would be imported.", + "example": "true" + } + ], + "requestBody": { + "description": "The form-data \"name\" attribute for the file content must be \"data\".\n\n__Example__\n\n data: \"config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json\",\n options: {\n \"excludeTypes\": [],\n \"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \"objectOptions\": {\n \"TRIGGER_SUBSCRIPTION\": {\n \"includedIds\": [ \"193446a1-c431-4326-8ba7-d6eebf922948\"],\n \"includedNames\":[]\n }\n },\n \"defaultReferences\": [\n {\n \"type\": \"TRIGGER_SUBSCRIPTION\",\n \"id\": \"be9e116d-08e1-49fc-ab7f-fa585e96c9e4\",\n \"name\": \"Test Trigger\"\n }\n ],\n \"excludeBackup\": false\n }\n\n__Sample Import File__\n\n {\n \t\"version\": 1,\n \t\"timestamp\": \"2021-05-10T15:19:23.425041-05:00\",\n \t\"tenant\": \"sampleTenant\",\n \t\"options\": {\n \t\t\"excludeTypes\": [],\n \t\t\"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \t\t\"objectOptions\": null\n \t},\n \t\"objects\": [{\n \t\t\t\"version\": 1,\n \t\t\t\"self\": {\n \t\t\t\t\"type\": \"TRIGGER_SUBSCRIPTION\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"id\": \"193446a1-c431-4326-8ba7-d6eebf922948\"\n \t\t\t},\n \t\t\t\"object\": {\n \t\t\t\t\"type\": \"HTTP\",\n \t\t\t\t\"enabled\": true,\n \t\t\t\t\"httpConfig\": {\n \t\t\t\t\t\"url\": \"https://localhost\",\n \t\t\t\t\t\"httpAuthenticationType\": \"NO_AUTH\",\n \t\t\t\t\t\"basicAuthConfig\": null,\n \t\t\t\t\t\"bearerTokenAuthConfig\": null,\n \t\t\t\t\t\"httpDispatchMode\": \"SYNC\"\n \t\t\t\t},\n \t\t\t\t\"triggerName\": \"Access Request Submitted\",\n \t\t\t\t\"responseDeadline\": \"PT1H\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"triggerId\": \"idn:access-request-pre-approval\"\n \t\t\t}\n \t\t}\n \t]\n }\n", + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "data": { + "type": "string", + "format": "binary", + "description": "JSON file containing the objects to be imported." + }, + "options": { + "type": "object", + "properties": { + "excludeTypes": { + "description": "Object type names to be excluded from an sp-config export command.", + "type": "array", + "items": { + "type": "string", + "example": "SOURCE" + } + }, + "includeTypes": { + "description": "Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.", + "type": "array", + "items": { + "type": "string", + "example": "TRIGGER_SUBSCRIPTION" + } + }, + "objectOptions": { + "description": "Additional options targeting specific objects related to each item in the includeTypes field", + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "includedIds": { + "description": "Object ids to be included in an import or export.", + "type": "array", + "items": { + "type": "string", + "example": "be9e116d-08e1-49fc-ab7f-fa585e96c9e4" + } + }, + "includedNames": { + "description": "Object names to be included in an import or export.", + "type": "array", + "items": { + "type": "string", + "example": "Test Object" + } + } + } + }, + "example": { + "TRIGGER_SUBSCRIPTION": { + "includedIds": [ + "be9e116d-08e1-49fc-ab7f-fa585e96c9e4" + ], + "includedNames": [ + "Test 2" + ] + } + } + }, + "defaultReferences": { + "description": "List of BaseRefenceDtos that can be used to resolve references on import.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "excludeBackup": { + "description": "By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. If excludeBackup is true, the backup will not be performed.", + "type": "boolean", + "default": false, + "example": "false" + } + } + } + }, + "required": [ + "data" + ] + }, + "example": { + "data": "config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json", + "options": { + "excludeTypes": [], + "includeTypes": [ + "TRIGGER_SUBSCRIPTION" + ], + "objectOptions": { + "TRIGGER_SUBSCRIPTION": { + "includedIds": [ + "be9e116d-08e1-49fc-ab7f-fa585e96c9e4" + ], + "includedNames": [ + "Lori Test 2" + ] + } + }, + "defaultReferences": [ + { + "type": "TRIGGER_SUBSCRIPTION", + "id": "be9e116d-08e1-49fc-ab7f-fa585e96c9e4", + "name": "Test Trigger" + } + ], + "excludeBackup": false + } + } + } + } + }, + "responses": { + "202": { + "description": "Import job accepted and queued for processing.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "jobId": { + "type": "string", + "description": "Unique id assigned to this job.", + "example": "3469b87d-48ca-439a-868f-2160001da8c1" + }, + "status": { + "type": "string", + "description": "Status of the job.", + "enum": [ + "NOT_STARTED", + "IN_PROGRESS", + "COMPLETE", + "CANCELLED", + "FAILED" + ], + "example": "COMPLETE" + }, + "type": { + "type": "string", + "description": "Type of the job, either export or import.", + "enum": [ + "EXPORT", + "IMPORT" + ], + "example": "IMPORT" + }, + "message": { + "type": "string", + "description": "This message contains additional information about the overall status of the job.", + "example": "Download import results for details." + }, + "description": { + "type": "string", + "description": "Optional user defined description/name for export job.", + "example": "ETS configuration objects from Acme-Solar sandbox" + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The time until which the artifacts will be available for download.", + "example": "2021-05-11T22:23:16Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time the job was started.", + "example": "2021-05-11T22:23:16Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time of the last update to the job.", + "example": "2021-05-11T22:23:16Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "The time the job was completed.", + "example": "2021-05-11T22:23:16Z" + } + }, + "required": [ + "jobId", + "status", + "type", + "message", + "description", + "expiration", + "created", + "modified", + "completed" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.\n", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sp-config/import/{id}": { + "get": { + "operationId": "importSpConfigJobStatus", + "tags": [ + "SP-Config" + ], + "summary": "Get Status of Import Job", + "description": "This gets the status of the import job identified by the id parameter.\nRequest will need the following security scope:\n- sp:config:manage", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the import job for which status will be returned.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Import job status successfully returned.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "jobId": { + "type": "string", + "description": "Unique id assigned to this job.", + "example": "3469b87d-48ca-439a-868f-2160001da8c1" + }, + "status": { + "type": "string", + "description": "Status of the job.", + "enum": [ + "NOT_STARTED", + "IN_PROGRESS", + "COMPLETE", + "CANCELLED", + "FAILED" + ], + "example": "COMPLETE" + }, + "type": { + "type": "string", + "description": "Type of the job, either export or import.", + "enum": [ + "EXPORT", + "IMPORT" + ], + "example": "IMPORT" + }, + "message": { + "type": "string", + "description": "This message contains additional information about the overall status of the job.", + "example": "Download import results for details." + }, + "description": { + "type": "string", + "description": "Optional user defined description/name for export job.", + "example": "ETS configuration objects from Acme-Solar sandbox" + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The time until which the artifacts will be available for download.", + "example": "2021-05-11T22:23:16Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time the job was started.", + "example": "2021-05-11T22:23:16Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time of the last update to the job.", + "example": "2021-05-11T22:23:16Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "The time the job was completed.", + "example": "2021-05-11T22:23:16Z" + } + }, + "required": [ + "jobId", + "status", + "type", + "message", + "description", + "expiration", + "created", + "modified", + "completed" + ] + }, + "example": { + "jobId": "4fb10503-1c49-4603-8f8d-886e1f6aa47b", + "status": "COMPLETE", + "type": "IMPORT", + "message": "Download import results for details.", + "description": null, + "expiration": "2021-05-20T16:42:39Z", + "created": "2021-05-13T16:42:39.333Z", + "modified": "2021-05-13T16:42:40.71Z", + "completed": "2021-05-13T16:42:40.705Z" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sp-config/import/{id}/download": { + "get": { + "operationId": "importSpConfigDownload", + "tags": [ + "SP-Config" + ], + "summary": "Download Result of Import Job", + "description": "This gets import file resulting from the import job with the requested id and downloads it to a file. The downloaded file will contain the results of the import operation, including any error, warning or informational messages associated with the import.\nRequest will need the following security scope:\n- sp:config:manage", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the import job for which the results will be downloaded.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Import Results JSON object, containing detailed results of the import operation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Config Import Response Body", + "description": "Response Body for Config Import command.", + "properties": { + "results": { + "type": "object", + "additionalProperties": { + "type": "object", + "title": "Import Object Response Body", + "description": "Response model for import of a single object.", + "properties": { + "infos": { + "description": "Informational messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": { + "type": "object" + }, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "warnings": { + "description": "Warning messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": { + "type": "object" + }, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "errors": { + "description": "Error messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": { + "type": "object" + }, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "importedObjects": { + "description": "References to objects that were created or updated by the import.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "required": [ + "infos", + "warnings", + "errors", + "importedObjects" + ] + }, + "description": "The results of an object configuration import job.", + "example": { + "results": { + "TRIGGER_SUBSCRIPTION": { + "infos": [ + { + "key": "IMPORT_PREVIEW", + "text": "Object to be imported: [c953134c-2224-42f2-a84e-fa5cbb395904, Test 2]", + "detail": null + }, + { + "key": "IMPORT_PREVIEW", + "text": "Object to be imported: [be9e116d-08e1-49fc-ab7f-fa585e96c9e4, Test 1]", + "detail": null + } + ], + "warnings": [], + "errors": [], + "importedObjects": [] + } + } + } + }, + "exportJobId": { + "type": "string", + "description": "If a backup was performed before the import, this will contain the jobId of the backup job. This id can be used to retrieve the json file of the backup export.", + "example": "be9e116d-08e1-49fc-ab7f-fa585e96c9e4" + } + }, + "required": [ + "results" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sp-config/config-objects": { + "get": { + "operationId": "listSpConfigObjects", + "security": [ + { + "oauth2": [ + "sp:config:read", + "sp:config:manage" + ] + } + ], + "tags": [ + "SP-Config" + ], + "summary": "Get Config Object details", + "description": "This gets the list of object configurations which are known to the tenant export/import service. Object configurations that contain \"importUrl\" and \"exportUrl\" are available for export/import.", + "responses": { + "200": { + "description": "Object configurations returned successfully.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "title": "Object Configuration Model", + "description": "Response model for get object configuration.", + "type": "object", + "properties": { + "objectType": { + "type": "string", + "description": "The object type this configuration is for.", + "example": "TRIGGER_SUBSCRIPTION" + }, + "resolveByIdUrl": { + "description": "Url and query parameters to be used to resolve this type of object by Id.", + "type": "object", + "title": "Resolver URL Format for Object Configuration.", + "properties": { + "url": { + "description": "URL for the target object endpoint.", + "type": "string", + "example": "ets://trigger-subscriptions/$id" + }, + "query": { + "description": "Any query parameters that are needed for the URL.", + "type": "object", + "nullable": true, + "example": null + } + } + }, + "resolveByNameUrl": { + "type": "array", + "items": { + "type": "object", + "title": "Resolver URL Format for Object Configuration.", + "description": "Format of resolver URLs for Object Configurations", + "properties": { + "url": { + "description": "URL for the target object endpoint.", + "type": "string", + "example": "ets://trigger-subscriptions/$id" + }, + "query": { + "description": "Any query parameters that are needed for the URL.", + "type": "object", + "nullable": true, + "example": null + } + } + }, + "description": "Url and query parameters to be used to resolve this type of object by name." + }, + "exportUrl": { + "type": "object", + "title": "Resolver URL Format for Object Configuration.", + "description": "Format of resolver URLs for Object Configurations", + "properties": { + "url": { + "description": "URL for the target object endpoint.", + "type": "string", + "example": "ets://trigger-subscriptions/$id" + }, + "query": { + "description": "Any query parameters that are needed for the URL.", + "type": "object", + "nullable": true, + "example": null + } + } + }, + "exportRight": { + "type": "string", + "description": "Rights needed by the invoker of sp-config/export in order to export this type of object.", + "example": "idn:trigger-service-subscriptions:read" + }, + "exportLimit": { + "type": "integer", + "format": "int32", + "description": "Pagination limit imposed by the target service for this object type.", + "example": 10 + }, + "importUrl": { + "type": "object", + "title": "Resolver URL Format for Object Configuration.", + "description": "Format of resolver URLs for Object Configurations", + "properties": { + "url": { + "description": "URL for the target object endpoint.", + "type": "string", + "example": "ets://trigger-subscriptions/$id" + }, + "query": { + "description": "Any query parameters that are needed for the URL.", + "type": "object", + "nullable": true, + "example": null + } + } + }, + "importRight": { + "type": "string", + "description": "Rights needed by the invoker of sp-config/import in order to import this type of object.", + "example": "idn:trigger-service-subscriptions:create" + }, + "importLimit": { + "type": "integer", + "format": "int32", + "description": "Pagination limit imposed by the target service for this object type.", + "example": 10 + }, + "referenceExtractors": { + "type": "array", + "nullable": true, + "description": "List of json paths within an exported object of this type that represent references that need to be resolved.", + "items": { + "type": "string" + }, + "example": [ + "$.owner" + ] + }, + "signatureRequired": { + "type": "boolean", + "default": false, + "description": "If true, this type of object will be JWS signed and cannot be modified before import.", + "example": false + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources": { + "get": { + "operationId": "listSources", + "tags": [ + "Sources" + ], + "summary": "Lists all sources in IdentityNow.", + "description": "This end-point lists all the sources in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "name eq \"#Employees\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "name", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**" + }, + { + "in": "query", + "name": "for-subadmin", + "schema": { + "type": "string" + }, + "example": "name", + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned." + } + ], + "responses": { + "200": { + "description": "List of Source objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createSource", + "tags": [ + "Sources" + ], + "summary": "Creates a source in IdentityNow.", + "description": "This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "provisionAsCsv", + "description": "If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don't set this query parameter and you attempt to set the `type` attribute directly, the request won't correctly generate the source. ", + "schema": { + "type": "boolean" + }, + "required": false, + "example": false + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{id}": { + "get": { + "operationId": "getSource", + "tags": [ + "Sources" + ], + "summary": "Get Source by ID", + "description": "This end-point gets a specific source in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source ID", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "A Source object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putSource", + "tags": [ + "Sources" + ], + "summary": "Update Source (Full)", + "description": "This API updates a source in IdentityNow, using a full object representation. In other words, the existing Source\nconfiguration is completely replaced.\n\nSome fields are immutable and cannot be changed, such as:\n\n* id\n* type\n* authoritative\n* connector\n* connectorClass\n* passwordPolicies\n\nAttempts to modify these fields will result in a 400 error.\n\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.\n", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateSource", + "tags": [ + "Sources" + ], + "summary": "Update Source (Partial)", + "description": "This API partially updates a source in IdentityNow, using a list of patch operations according to the\n[JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nSome fields are immutable and cannot be changed, such as:\n\n* id\n* type\n* authoritative\n* created\n* modified\n* connector\n* connectorClass\n* passwordPolicies\n\nAttempts to modify these fields will result in a 400 error.\n\nA token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API.\n", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "description": "A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in IdentityNow.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "Edit the source description": { + "description": "This example shows how to edit a source description.", + "value": [ + { + "op": "replace", + "path": "/description", + "value": "new description" + } + ] + }, + "Edit the source cluster": { + "description": "This example shows how to edit a source cluster by id.", + "value": [ + { + "op": "replace", + "path": "/cluster/id", + "value": "2c918087813a902001813f3f85736b45" + } + ] + }, + "Edit source features": { + "description": "This example illustrates how you can update source supported features", + "value": [ + { + "op": "replace", + "path": "/features", + "value": [ + "PASSWORD", + "PROVISIONING", + "ENABLE", + "AUTHENTICATE" + ] + } + ] + }, + "Change a source description and cluster in One Call": { + "description": "This example shows how multiple fields may be updated with a single patch call.", + "value": [ + { + "op": "replace", + "path": "/description", + "value": "new description" + }, + { + "op": "replace", + "path": "/cluster/id", + "value": "2c918087813a902001813f3f85736b45" + } + ] + }, + "Add a filter string to the connector": { + "description": "This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example below, any account that does not have an \"m\" or \"d\" in the id will be aggregated.", + "value": [ + { + "op": "add", + "path": "/connectorAttributes/filterString", + "value": "!( id.contains( \"m\" ) ) || !( id.contains( \"d\" ) )" + } + ] + }, + "Update connector attribute for specific operation type": { + "description": "This example shows how you can update the 3rd object in the connection parameters operationType. This will change it from a standard group aggregation to a group aggregation on the \"test\" entitlement type", + "value": [ + { + "op": "replace", + "path": "/connectorAttributes/connectionParameters/2/operationType", + "value": "Group Aggregation-test" + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSource", + "tags": [ + "Sources" + ], + "summary": "Delete Source by ID", + "description": "This end-point deletes a specific source in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.\nAll of accounts on the source will be removed first, then the source will be deleted. Actual status of task execution can be retrieved via method GET `/task-status/{id}`", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source ID", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "TASK_RESULT" + ], + "example": "TASK_RESULT" + }, + "id": { + "type": "string", + "description": "ID of the task result", + "example": "2c91808779ecf55b0179f720942f181a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the task result (should be null/empty)", + "example": null + } + } + }, + "examples": { + "deleteSource": { + "summary": "Response returned when deleting a source", + "value": { + "type": "TASK_RESULT", + "id": "2c91808779ecf55b0179f720942f181a", + "name": null + } + } + } + } + }, + "links": { + "GetTaskStatusById": { + "operationId": "getTaskStatus", + "parameters": { + "id": "$response.body#/id" + }, + "description": "The `id` value returned in the response can be used as the `id` parameter in `GET /task-status/{id}`.\n" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{id}/attribute-sync-config": { + "get": { + "operationId": "getSourceAttrSyncConfig", + "tags": [ + "Sources" + ], + "summary": "Attribute Sync Config", + "description": "This API returns the existing attribute synchronization configuration for a source specified by the given ID. The response contains all attributes, regardless of whether they enabled or not.\nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "Attribute synchronization configuration for a source", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Specification of attribute sync configuration for a source", + "required": [ + "source", + "attributes" + ], + "properties": { + "source": { + "description": "Reference to the source which is the target of the attribute synchronization", + "example": [ + { + "type": "SOURCE", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "HR Active Directory" + } + ], + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "attributes": { + "type": "array", + "description": "Attribute synchronization configuration for specific identity attributes in the context of a source", + "items": { + "type": "object", + "description": "Specification of source attribute sync mapping configuration for an identity attribute", + "required": [ + "name", + "displayName", + "enabled", + "target" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "displayName": { + "type": "string", + "description": "Display name of the identity attribute", + "example": "Email" + }, + "enabled": { + "type": "boolean", + "description": "Determines whether or not the attribute is enabled for synchronization", + "example": true + }, + "target": { + "type": "string", + "description": "Name of the source account attribute to which the identity attribute value will be synchronized if enabled", + "example": "mail" + } + } + }, + "example": [ + { + "name": "email", + "displayName": "Email", + "enabled": true, + "target": "mail" + }, + { + "name": "firstname", + "displayName": "First Name", + "enabled": false, + "target": "givenName" + } + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putSourceAttrSyncConfig", + "tags": [ + "Sources" + ], + "summary": "Update Attribute Sync Config", + "description": "Replaces the attribute synchronization configuration for the source specified by the given ID with the configuration provided in the request body. Only the \"enabled\" field of the values in the \"attributes\" array is mutable. Attempting to change other attributes or add new values to the \"attributes\" array will result in an error.\n \nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Specification of attribute sync configuration for a source", + "required": [ + "source", + "attributes" + ], + "properties": { + "source": { + "description": "Reference to the source which is the target of the attribute synchronization", + "example": [ + { + "type": "SOURCE", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "HR Active Directory" + } + ], + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "attributes": { + "type": "array", + "description": "Attribute synchronization configuration for specific identity attributes in the context of a source", + "items": { + "type": "object", + "description": "Specification of source attribute sync mapping configuration for an identity attribute", + "required": [ + "name", + "displayName", + "enabled", + "target" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "displayName": { + "type": "string", + "description": "Display name of the identity attribute", + "example": "Email" + }, + "enabled": { + "type": "boolean", + "description": "Determines whether or not the attribute is enabled for synchronization", + "example": true + }, + "target": { + "type": "string", + "description": "Name of the source account attribute to which the identity attribute value will be synchronized if enabled", + "example": "mail" + } + } + }, + "example": [ + { + "name": "email", + "displayName": "Email", + "enabled": true, + "target": "mail" + }, + { + "name": "firstname", + "displayName": "First Name", + "enabled": false, + "target": "givenName" + } + ] + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Updated attribute synchronization configuration for a source", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Specification of attribute sync configuration for a source", + "required": [ + "source", + "attributes" + ], + "properties": { + "source": { + "description": "Reference to the source which is the target of the attribute synchronization", + "example": [ + { + "type": "SOURCE", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "HR Active Directory" + } + ], + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "attributes": { + "type": "array", + "description": "Attribute synchronization configuration for specific identity attributes in the context of a source", + "items": { + "type": "object", + "description": "Specification of source attribute sync mapping configuration for an identity attribute", + "required": [ + "name", + "displayName", + "enabled", + "target" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the identity attribute", + "example": "email" + }, + "displayName": { + "type": "string", + "description": "Display name of the identity attribute", + "example": "Email" + }, + "enabled": { + "type": "boolean", + "description": "Determines whether or not the attribute is enabled for synchronization", + "example": true + }, + "target": { + "type": "string", + "description": "Name of the source account attribute to which the identity attribute value will be synchronized if enabled", + "example": "mail" + } + } + }, + "example": [ + { + "name": "email", + "displayName": "Email", + "enabled": true, + "target": "mail" + }, + { + "name": "firstname", + "displayName": "First Name", + "enabled": false, + "target": "givenName" + } + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/connector/check-connection": { + "post": { + "operationId": "testSourceConnection", + "tags": [ + "Sources" + ], + "summary": "Check connection for source connector.", + "description": "This endpoint validates that the configured credentials are valid and will properly authenticate with the source identified by the sourceId path parameter.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:source-connector:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Source.", + "example": "cef3ee201db947c5912551015ba0c679" + } + ], + "responses": { + "200": { + "description": "The result of checking connection to the source connector with response from it.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Status Response", + "description": "Response model for connection check, configuration test and ping of source connectors.", + "properties": { + "id": { + "type": "string", + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "ODS-AD-Test [source-999999]", + "readOnly": true + }, + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "FAILURE" + ], + "description": "The status of the health check.", + "example": "SUCCESS", + "readOnly": true + }, + "elapsedMillis": { + "type": "integer", + "description": "The number of milliseconds spent on the entire request.", + "example": 1000, + "readOnly": true + }, + "details": { + "type": "object", + "description": "The document contains the results of the health check.\nThe schema of this document depends on the type of source used.\n", + "readOnly": true, + "example": { + "useTLSForIQService": false, + "IQService": { + "TLS Port": 0, + ".NET CLR Version": "4.0.30319.42000", + "SecondaryServiceStatus": "Running", + "Port": 5050, + "Host": "AUTOMATION-AD", + "Name": "IQService", + "IQServiceStatus": "Running", + "SecondaryService": "IQService-Instance1-Secondary", + "Version": "IQService Sep-2020", + "secondaryPort": 5051, + "OS Architecture": "AMD64", + "Operating System": "Microsoft Windows Server 2012 R2 Standard", + "highestDotNetVersion": "4.8 or later", + "Build Time": "09/22/2020 06:34 AM -0500" + }, + "IQServiceClientAuthEnabled": false, + "requestProcessedOn": "1/19/2021 1:47:14 PM" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/connector/peek-resource-objects": { + "post": { + "operationId": "peekResourceObjects", + "tags": [ + "Sources" + ], + "summary": "Peek source connector's resource objects", + "description": "Retrieves a sample of data returned from account and group aggregation requests.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:source-connector:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Source", + "example": "cef3ee201db947c5912551015ba0c679" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "example": { + "objectType": "resource", + "maxCount": 50 + }, + "type": "object", + "title": "Resource Objects Request", + "description": "Request model for peek resource objects from source connectors.", + "properties": { + "objectType": { + "type": "string", + "description": "The type of resource objects to iterate over.", + "default": "account", + "example": "group" + }, + "maxCount": { + "type": "integer", + "description": "The maximum number of resource objects to iterate over and return.", + "default": 25, + "example": 100 + } + } + } + } + } + }, + "responses": { + "200": { + "description": "List of resource objects that was fetched from the source connector.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Resource Objects Response", + "description": "Response model for peek resource objects from source connectors.", + "properties": { + "id": { + "type": "string", + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "ODS-AD-Test [source-999999]", + "readOnly": true + }, + "objectCount": { + "type": "integer", + "description": "The number of objects that were fetched by the connector.", + "example": 25, + "readOnly": true + }, + "elapsedMillis": { + "type": "integer", + "description": "The number of milliseconds spent on the entire request.", + "example": 1055, + "readOnly": true + }, + "resourceObjects": { + "type": "array", + "items": { + "type": "object", + "title": "Resource Object", + "description": "Representation of the object which is returned from source connectors.", + "properties": { + "instance": { + "description": "Identifier of the specific instance where this object resides.", + "type": "string", + "readOnly": true + }, + "identity": { + "description": "Native identity of the object in the Source.", + "type": "string", + "example": "CN=Aaron Carr,OU=test1,DC=test2,DC=test", + "readOnly": true + }, + "uuid": { + "description": "Universal unique identifier of the object in the Source.", + "type": "string", + "example": "{abf7bd9b-68b4-4d21-9b70-870c58ebf844}", + "readOnly": true + }, + "previousIdentity": { + "description": "Native identity that the object has previously.", + "type": "string", + "readOnly": true + }, + "name": { + "description": "Display name for this object.", + "type": "string", + "example": "Aaron Carr", + "readOnly": true + }, + "objectType": { + "description": "Type of object.", + "type": "string", + "example": "account", + "readOnly": true + }, + "incomplete": { + "description": "A flag indicating that this is an incomplete object. Used in special cases where the connector has to return account information in several phases and the objects might not have a complete set of all account attributes. The attributes in this object will replace the corresponding attributes in the Link, but no other Link attributes will be changed.", + "type": "boolean", + "example": false, + "readOnly": true + }, + "incremental": { + "description": "A flag indicating that this is an incremental change object. This is similar to incomplete but it also means that the values of any multi-valued attributes in this object should be merged with the existing values in the Link rather than replacing the existing Link value.", + "type": "boolean", + "example": false, + "readOnly": true + }, + "delete": { + "description": "A flag indicating that this object has been deleted. This is set only when doing delta aggregation and the connector supports detection of native deletes.", + "type": "boolean", + "example": false, + "readOnly": true + }, + "remove": { + "description": "A flag set indicating that the values in the attributes represent things to remove rather than things to add. Setting this implies incremental. The values which are always for multi-valued attributes are removed from the current values.", + "type": "boolean", + "example": false, + "readOnly": true + }, + "missing": { + "description": "A list of attribute names that are not included in this object. This is only used with SMConnector and will only contain \"groups\".", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "missFieldOne", + "missFieldTwo" + ], + "readOnly": true + }, + "attributes": { + "description": "Attributes of this ResourceObject.", + "type": "object", + "example": { + "telephoneNumber": "12-(345)678-9012", + "mail": "example@test.com", + "displayName": "Aaron Carr" + }, + "readOnly": true + }, + "finalUpdate": { + "description": "In Aggregation, for sparse object the count for total accounts scanned identities updated is not incremented.", + "type": "boolean", + "example": false, + "readOnly": true + } + } + }, + "description": "Fetched objects from the source connector.", + "readOnly": true + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/connector/ping-cluster": { + "post": { + "operationId": "pingCluster", + "tags": [ + "Sources" + ], + "summary": "Ping cluster for source connector", + "description": "This endpoint validates that the cluster being used by the source is reachable from IdentityNow.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:source-connector:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Source", + "example": "cef3ee201db947c5912551015ba0c679" + } + ], + "responses": { + "200": { + "description": "The result of pinging connection with the source connector.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Status Response", + "description": "Response model for connection check, configuration test and ping of source connectors.", + "properties": { + "id": { + "type": "string", + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "ODS-AD-Test [source-999999]", + "readOnly": true + }, + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "FAILURE" + ], + "description": "The status of the health check.", + "example": "SUCCESS", + "readOnly": true + }, + "elapsedMillis": { + "type": "integer", + "description": "The number of milliseconds spent on the entire request.", + "example": 1000, + "readOnly": true + }, + "details": { + "type": "object", + "description": "The document contains the results of the health check.\nThe schema of this document depends on the type of source used.\n", + "readOnly": true, + "example": { + "useTLSForIQService": false, + "IQService": { + "TLS Port": 0, + ".NET CLR Version": "4.0.30319.42000", + "SecondaryServiceStatus": "Running", + "Port": 5050, + "Host": "AUTOMATION-AD", + "Name": "IQService", + "IQServiceStatus": "Running", + "SecondaryService": "IQService-Instance1-Secondary", + "Version": "IQService Sep-2020", + "secondaryPort": 5051, + "OS Architecture": "AMD64", + "Operating System": "Microsoft Windows Server 2012 R2 Standard", + "highestDotNetVersion": "4.8 or later", + "Build Time": "09/22/2020 06:34 AM -0500" + }, + "IQServiceClientAuthEnabled": false, + "requestProcessedOn": "1/19/2021 1:47:14 PM" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/connector/test-configuration": { + "post": { + "operationId": "testSourceConfiguration", + "tags": [ + "Sources" + ], + "summary": "Test configuration for source connector", + "description": "This endpoint performs a more detailed validation of the source's configuration that can take longer than the lighter weight credential validation performed by the checkConnection API.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:source-connector:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Source", + "example": "cef3ee201db947c5912551015ba0c679" + } + ], + "responses": { + "200": { + "description": "The result of testing source connector configuration with response from it.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Status Response", + "description": "Response model for connection check, configuration test and ping of source connectors.", + "properties": { + "id": { + "type": "string", + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the source", + "example": "ODS-AD-Test [source-999999]", + "readOnly": true + }, + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "FAILURE" + ], + "description": "The status of the health check.", + "example": "SUCCESS", + "readOnly": true + }, + "elapsedMillis": { + "type": "integer", + "description": "The number of milliseconds spent on the entire request.", + "example": 1000, + "readOnly": true + }, + "details": { + "type": "object", + "description": "The document contains the results of the health check.\nThe schema of this document depends on the type of source used.\n", + "readOnly": true, + "example": { + "useTLSForIQService": false, + "IQService": { + "TLS Port": 0, + ".NET CLR Version": "4.0.30319.42000", + "SecondaryServiceStatus": "Running", + "Port": 5050, + "Host": "AUTOMATION-AD", + "Name": "IQService", + "IQServiceStatus": "Running", + "SecondaryService": "IQService-Instance1-Secondary", + "Version": "IQService Sep-2020", + "secondaryPort": 5051, + "OS Architecture": "AMD64", + "Operating System": "Microsoft Windows Server 2012 R2 Standard", + "highestDotNetVersion": "4.8 or later", + "Build Time": "09/22/2020 06:34 AM -0500" + }, + "IQServiceClientAuthEnabled": false, + "requestProcessedOn": "1/19/2021 1:47:14 PM" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{id}/connectors/source-config": { + "get": { + "operationId": "getSourceConfig", + "tags": [ + "Sources" + ], + "summary": "Gets source config with language translations", + "description": "Looks up and returns the source config for the requested source id after populating the source config values and applying language translations.\nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id" + }, + { + "in": "query", + "name": "locale", + "schema": { + "type": "string", + "enum": [ + "de", + "no", + "fi", + "sv", + "ru", + "pt", + "ko", + "zh-TW", + "en", + "it", + "fr", + "zh-CN", + "hu", + "es", + "cs", + "ja", + "pl", + "da", + "nl" + ] + }, + "description": "The locale to apply to the config. If no viable locale is given, it will default to \"en\"" + } + ], + "responses": { + "200": { + "description": "A Connector Detail object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The connector name", + "example": "JDBC" + }, + "sourceConfigXml": { + "type": "string", + "description": "XML representation of the source config data", + "example": "
\n\t
" + }, + "sourceConfig": { + "type": "string", + "description": "JSON representation of the source config data", + "example": { + "Form": { + "Field": { + "_defaultValue": "true", + "_hidden": "true", + "_name": "cloudAuthEnabled", + "_type": "boolean", + "_value": "true" + }, + "_xmlns": "http://www.sailpoint.com/xsd/sailpoint_form_1_0.xsd", + "_connectorName": "Active Directory - Direct", + "_directConnect": "true", + "_name": "Active Directory", + "_status": "released", + "_type": "SourceConfig", + "__text": "\\n\\t" + } + } + }, + "directConnect": { + "type": "boolean", + "description": "true if the source is a direct connect source", + "example": true + }, + "fileUpload": { + "type": "boolean", + "description": "Connector config's file upload attribute, false if not there", + "example": false + }, + "uploadedFiles": { + "type": "string", + "description": "List of uploaded file strings for the connector", + "example": [] + }, + "connectorMetadata": { + "type": "object", + "description": "Object containing metadata pertinent to the UI to be used", + "example": { + "supportedUI": "EXTJS" + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/provisioning-policies": { + "get": { + "operationId": "listProvisioningPolicies", + "tags": [ + "Sources" + ], + "summary": "Lists ProvisioningPolicies", + "description": "This end-point lists all the ProvisioningPolicies in IdentityNow.\nA token with API, or ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:read", + "idn:provisioning-policy:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "List of ProvisioningPolicyDto objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Create Provisioning Policy", + "description": "This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types.\nTransforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.\nRefer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + }, + "examples": { + "Create Account Provisioning Policy": { + "value": { + "name": "Account", + "description": "Account Provisioning Policy", + "usageType": "CREATE", + "fields": [ + { + "name": "displayName", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "displayName" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "distinguishedName", + "transform": { + "type": "usernameGenerator", + "attributes": { + "sourceCheck": true, + "patterns": [ + "CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", + "CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", + "CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", + "CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + ], + "fn": { + "type": "identityAttribute", + "attributes": { + "name": "firstname" + } + }, + "ln": { + "type": "identityAttribute", + "attributes": { + "name": "lastname" + } + }, + "fi": { + "type": "substring", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "firstname" + } + }, + "begin": 0, + "end": 1 + } + }, + "fti": { + "type": "substring", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "firstname" + } + }, + "begin": 0, + "end": 2 + } + } + } + }, + "attributes": { + "cloudMaxUniqueChecks": "5", + "cloudMaxSize": "100", + "cloudRequired": "true" + }, + "isRequired": false, + "type": "", + "isMultiValued": false + }, + { + "name": "description", + "transform": { + "type": "static", + "attributes": { + "value": "" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + } + ] + } + } + } + } + } + }, + "responses": { + "201": { + "description": "Created ProvisioningPolicyDto object", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/provisioning-policies/{usageType}": { + "get": { + "operationId": "getProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Get Provisioning Policy by UsageType", + "description": "This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:read", + "idn:provisioning-policy-source:read", + "idn:provisioning-policy:manage", + "idn:provisioning-policy-source-admin-operations:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "usageType", + "required": true, + "schema": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "description": "The type of ProvisioningPolicy usage.", + "example": "REGISTER" + } + ], + "responses": { + "200": { + "description": "The requested ProvisioningPolicyDto was successfully retrieved.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Update Provisioning Policy by UsageType", + "description": "This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow.\nTransforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.\nRefer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:manage", + "idn:provisioning-policy-source-admin-operations:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "usageType", + "required": true, + "schema": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "description": "The type of ProvisioningPolicy usage." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The ProvisioningPolicyDto was successfully replaced.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Partial update of Provisioning Policy", + "description": "This API selectively updates an existing Provisioning Policy using a JSONPatch payload.\nTransforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.\nRefer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:update" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "usageType", + "required": true, + "schema": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "description": "The type of ProvisioningPolicy usage." + } + ], + "requestBody": { + "required": true, + "description": "The JSONPatch payload used to update the schema.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "add-field": { + "summary": "Add a field to the beginning of the list", + "value": [ + { + "op": "add", + "path": "/fields/0", + "value": { + "name": "email", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "email" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + } + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "The ProvisioningPolicyDto was successfully updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Delete Provisioning Policy by UsageType", + "description": "Deletes the provisioning policy with the specified usage on an application.\nA token with API, or ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "usageType", + "required": true, + "schema": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "description": "The type of ProvisioningPolicy usage." + } + ], + "responses": { + "204": { + "description": "The ProvisioningPolicyDto was successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/provisioning-policies/bulk-update": { + "post": { + "operationId": "updateProvisioningPoliciesInBulk", + "tags": [ + "Sources" + ], + "summary": "Bulk Update Provisioning Policies", + "description": "This end-point updates a list of provisioning policies on the specified source in IdentityNow.\nA token with API, or ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "A list of the ProvisioningPolicyDto was successfully replaced.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/schemas": { + "get": { + "operationId": "listSourceSchemas", + "tags": [ + "Sources" + ], + "summary": "Lists the Schemas that exist on the specified Source in IdentityNow.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "query", + "name": "include-types", + "required": false, + "schema": { + "type": "string" + }, + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "example": "group" + } + ], + "responses": { + "200": { + "description": "The Schemas were successfully retrieved.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Creates a new Schema on the specified Source in IdentityNow.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "responses": { + "201": { + "description": "The Schema was successfully created on the specified Source.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/schemas/{schemaId}": { + "get": { + "operationId": "getSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Get Source Schema by ID", + "description": "Get the Source Schema by ID in IdentityNow.\n", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "schemaId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema ID.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "The requested Schema was successfully retrieved.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Update Source Schema (Full)", + "description": "This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below.\n* id\n* name\n* created\n* modified\nAny attempt to modify these fields will result in an error response with a status code of 400.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "schemaId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema ID.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The Schema was successfully replaced.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Update Source Schema (Partial)", + "description": "Use this API to selectively update an existing Schema using a JSONPatch payload. \n\nThe following schema fields are immutable and cannot be updated:\n\n- id\n- name\n- created\n- modified\n\n\nTo switch an account attribute to a group entitlement, you need to have the following in place:\n\n- `isEntitlement: true`\n- Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/beta/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group:\n```json\n{\n \"name\": \"groups\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"id\": \"2c9180887671ff8c01767b4671fc7d60\",\n \"name\": \"group\"\n },\n \"description\": \"The groups, roles etc. that reference account group objects\",\n \"isMulti\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n}\n```\n", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "schemaId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "description": "The JSONPatch payload used to update the schema.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/displayAttribute", + "value": { + "new-display-attribute": null + } + } + ] + } + } + }, + "responses": { + "200": { + "description": "The Schema was successfully updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Delete Source Schema by ID", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "schemaId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema ID.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "204": { + "description": "The Schema was successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{id}/schemas/accounts": { + "get": { + "tags": [ + "Sources" + ], + "summary": "Downloads source accounts schema template", + "operationId": "downloadSourceAccountsSchema", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Successfully downloaded the file", + "content": { + "text/csv": { + "example": "id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:source-schema:read", + "idn:source-schema:manage" + ] + } + ] + }, + "post": { + "tags": [ + "Sources" + ], + "summary": "Uploads source accounts schema template", + "description": "This API uploads a source schema template file to configure a source's account attributes.", + "operationId": "uploadSourceAccountsSchema", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Successfully uploaded the file", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:source-schema:manage" + ] + } + ] + } + }, + "/sources/{id}/schemas/entitlements": { + "get": { + "tags": [ + "Sources" + ], + "summary": "Downloads source entitlements schema template", + "operationId": "downloadSourceEntitlementsSchema", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "schemaName", + "schema": { + "type": "string" + }, + "description": "Name of entitlement schema", + "example": "?schemaName=group" + } + ], + "responses": { + "200": { + "description": "Successfully downloaded the file", + "content": { + "text/csv": { + "example": "id,name,displayName,created,description,modified,entitlements,groups,permissions" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:source-schema:read", + "idn:source-schema:manage" + ] + } + ] + }, + "post": { + "tags": [ + "Sources" + ], + "summary": "Uploads source entitlements schema template", + "description": "This API uploads a source schema template file to configure a source's entitlement attributes.", + "operationId": "uploadSourceEntitlementsSchema", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "schemaName", + "schema": { + "type": "string" + }, + "description": "Name of entitlement schema", + "example": "?schemaName=group" + } + ], + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Successfully uploaded the file", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ], + "description": "The underlying type of the value which an AttributeDefinition represents.", + "example": "STRING" + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "The sAMAccountName attribute" + }, + "isMulti": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:source-schema:manage" + ] + } + ] + } + }, + "/sources/{sourceId}/upload-connector-file": { + "post": { + "operationId": "uploadSourceConnectorFile", + "tags": [ + "Sources" + ], + "summary": "Upload connector file to source", + "description": "This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events.\nA token with ORG_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Uploaded the file successfully and sent all post-upload events", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING." + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{id}/synchronize-attributes": { + "post": { + "operationId": "syncAttributesForSource", + "tags": [ + "Sources" + ], + "summary": "Synchronize single source attributes.", + "description": "This end-point performs attribute synchronization for a selected source.\nA token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id" + } + ], + "responses": { + "202": { + "description": "A Source Sync job", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Job ID.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "status": { + "type": "string", + "description": "The job status.", + "enum": [ + "QUEUED", + "IN_PROGRESS", + "SUCCESS", + "ERROR" + ], + "example": "IN_PROGRESS" + }, + "payload": { + "description": "Job payload.", + "example": { + "type": "SYNCHRONIZE_SOURCE_ATTRIBUTES", + "dataJson": "{\"sourceId\":\"2c918083746f642c01746f990884012a\"}" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Payload type.", + "example": "SYNCHRONIZE_SOURCE_ATTRIBUTES" + }, + "dataJson": { + "type": "string", + "description": "Payload type.", + "example": "{\"sourceId\":\"2c918083746f642c01746f990884012a\"}" + } + }, + "required": [ + "type", + "dataJson" + ] + } + }, + "required": [ + "id", + "status", + "payload" + ] + }, + "example": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "status": "IN_PROGRESS", + "payload": { + "type": "SYNCHRONIZE_SOURCE_ATTRIBUTES", + "dataJson": "{\"sourceId\":\"2c918083746f642c01746f990884012a\"}" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{id}/entitlement-request-config": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sources:read", + "idn:sources:manage" + ] + } + ], + "operationId": "getSourceEntitlementRequestConfig", + "summary": "Get Source Entitlement Request Configuration", + "tags": [ + "Sources" + ], + "description": "This API gets the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source.\n\nAccess request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined.\n- During access request, this source-level entitlement request configuration overrides the global organization-level configuration.\n- However, the entitlement-level configuration (if defined) overrides this source-level configuration.\n\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "responses": { + "200": { + "description": "Source Entitlement Request Configuration Details.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Entitlement Request Configuration", + "properties": { + "accessRequestConfig": { + "description": "Configuration for requesting access to entitlements", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "Ordered list of approval steps for the access request. Empty when no approval is required.", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "ENTITLEMENT_OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**ENTITLEMENT_OWNER**: Owner of the associated Entitlement\n\n**SOURCE_OWNER**: Owner of the associated Source\n\n**MANAGER**: Manager of the Identity for whom the request is being made\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "e3eab852-8315-467f-9de7-70eda97f63c8" + } + } + } + }, + "requestCommentRequired": { + "type": "boolean", + "description": "If the requester must provide a comment during access request.", + "default": false, + "example": true + }, + "denialCommentRequired": { + "type": "boolean", + "description": "If the reviewer must provide a comment when denying the access request.", + "default": false, + "example": false + } + } + } + } + }, + "examples": { + "Get default config": { + "description": "The default config for a source should look like the following where the empty approvalSchemes indicates that no approvals are required.", + "value": { + "accessRequestConfig": { + "approvalSchemes": [], + "requestCommentRequired": false, + "denialCommentRequired": false + } + } + }, + "Get config with one approval": { + "description": "In case of a single approval, the config could look like the following.", + "value": { + "accessRequestConfig": { + "approvalSchemes": [ + { + "approverId": null, + "approverType": "SOURCE_OWNER" + } + ], + "requestCommentRequired": true, + "denialCommentRequired": false + } + } + }, + "Get config with multiple approvals": { + "description": "In case of multiple levels of approvals the config could look like the following. In this scenario, access request review process should go through all the approvers sequentially.", + "value": { + "accessRequestConfig": { + "approvalSchemes": [ + { + "approverId": null, + "approverType": "ENTITLEMENT_OWNER" + }, + { + "approverId": null, + "approverType": "SOURCE_OWNER" + }, + { + "approverId": "95e538a3-30c1-433a-af05-4bed973bbc22", + "approverType": "GOVERNANCE_GROUP" + } + ], + "requestCommentRequired": true, + "denialCommentRequired": false + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "security": [ + { + "oauth2": [ + "idn:sources:manage" + ] + } + ], + "operationId": "updateSourceEntitlementRequestConfig", + "summary": "Update Source Entitlement Request Configuration", + "tags": [ + "Sources" + ], + "description": "This API replaces the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source.\n\nAccess request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined.\n- During access request, this source-level entitlement request configuration overrides the global organization-level configuration.\n- However, the entitlement-level configuration (if defined) overrides this source-level configuration.\n\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Entitlement Request Configuration", + "properties": { + "accessRequestConfig": { + "description": "Configuration for requesting access to entitlements", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "Ordered list of approval steps for the access request. Empty when no approval is required.", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "ENTITLEMENT_OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**ENTITLEMENT_OWNER**: Owner of the associated Entitlement\n\n**SOURCE_OWNER**: Owner of the associated Source\n\n**MANAGER**: Manager of the Identity for whom the request is being made\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "e3eab852-8315-467f-9de7-70eda97f63c8" + } + } + } + }, + "requestCommentRequired": { + "type": "boolean", + "description": "If the requester must provide a comment during access request.", + "default": false, + "example": true + }, + "denialCommentRequired": { + "type": "boolean", + "description": "If the reviewer must provide a comment when denying the access request.", + "default": false, + "example": false + } + } + } + } + }, + "examples": { + "Set config with no approvals": { + "description": "If no approvals are required, the following config can be set.", + "value": { + "accessRequestConfig": { + "approvalSchemes": [] + } + } + }, + "Set config with one approval": { + "description": "In case of single approval the following config can be set.", + "value": { + "accessRequestConfig": { + "approvalSchemes": [ + { + "approverType": "SOURCE_OWNER" + } + ], + "requestCommentRequired": true, + "denialCommentRequired": false + } + } + }, + "Set config with multiple approvals": { + "description": "In case of multiple levels of approvals the following config can be set. In this scenario, access request review process should go through all the approvers sequentially.", + "value": { + "accessRequestConfig": { + "approvalSchemes": [ + { + "approverType": "ENTITLEMENT_OWNER" + }, + { + "approverType": "SOURCE_OWNER" + }, + { + "approverType": "GOVERNANCE_GROUP", + "approverId": "95e538a3-30c1-433a-af05-4bed973bbc22" + } + ], + "requestCommentRequired": true, + "denialCommentRequired": false + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Source Entitlement Request Configuration Details.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Entitlement Request Configuration", + "properties": { + "accessRequestConfig": { + "description": "Configuration for requesting access to entitlements", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "Ordered list of approval steps for the access request. Empty when no approval is required.", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "ENTITLEMENT_OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**ENTITLEMENT_OWNER**: Owner of the associated Entitlement\n\n**SOURCE_OWNER**: Owner of the associated Source\n\n**MANAGER**: Manager of the Identity for whom the request is being made\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "e3eab852-8315-467f-9de7-70eda97f63c8" + } + } + } + }, + "requestCommentRequired": { + "type": "boolean", + "description": "If the requester must provide a comment during access request.", + "default": false, + "example": true + }, + "denialCommentRequired": { + "type": "boolean", + "description": "If the reviewer must provide a comment when denying the access request.", + "default": false, + "example": false + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects": { + "get": { + "operationId": "listTaggedObjects", + "security": [ + { + "oauth2": [ + "idn:tag:read", + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "List Tagged Objects", + "description": "This API returns a list of all tagged objects.\n\nAny authenticated token may be used to call this API.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**objectRef.id**: *eq, in*\n\n**objectRef.type**: *eq, in*\n\n**tagName**: *eq, in*", + "example": "tagName eq \"BU_FINANCE\"", + "required": false + } + ], + "responses": { + "200": { + "description": "List of all tagged objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "addTagToObject", + "security": [ + { + "oauth2": [ + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Add Tag to Object", + "description": "This adds a tag to an object.\n\nAny authenticated token may be used to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "201": { + "description": "Created." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects/{type}": { + "get": { + "operationId": "listTaggedObjectsByType", + "security": [ + { + "oauth2": [ + "idn:tag:read", + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "List Tagged Objects", + "description": "This API returns a list of all tagged objects by type.\n\nAny authenticated token may be used to call this API.", + "parameters": [ + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "IDENTITY", + "SOD_POLICY" + ] + }, + "required": true, + "description": "The type of tagged object to retrieve.", + "example": "ROLE" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**objectRef.id**: *eq*\n\n**objectRef.type**: *eq*", + "example": "objectRef.id eq \"2c91808568c529c60168cca6f90c1313\"", + "required": false + } + ], + "responses": { + "200": { + "description": "List of all tagged objects for specified type.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects/{type}/{id}": { + "get": { + "operationId": "getTaggedObject", + "security": [ + { + "oauth2": [ + "idn:tag:read", + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Get Tagged Object", + "description": "This gets a tagged object for the specified type.", + "parameters": [ + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "IDENTITY", + "SOD_POLICY" + ] + }, + "required": true, + "description": "The type of tagged object to retrieve.", + "example": "ROLE" + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to retrieve.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Tagged object by type and ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updateTaggedObject", + "security": [ + { + "oauth2": [ + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Update Tagged Object", + "description": "This updates a tagged object for the specified type.", + "parameters": [ + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "IDENTITY", + "SOD_POLICY" + ] + }, + "required": true, + "description": "The type of tagged object to update.", + "example": "ROLE" + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to update.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Tagged object by type and ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteTaggedObject", + "security": [ + { + "oauth2": [ + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Delete Tagged Object", + "description": "This deletes a tagged object for the specified type.", + "parameters": [ + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "IDENTITY", + "SOD_POLICY" + ] + }, + "required": true, + "description": "The type of tagged object to delete.", + "example": "ROLE" + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to delete.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects/bulk-add": { + "post": { + "operationId": "addTagsToManyObjects", + "tags": [ + "Tagged Objects" + ], + "summary": "Tag Multiple Objects", + "description": "This API adds tags to multiple objects.\n\nA token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "description": "Supported object types are ROLE, IDENTITY and SOD_POLICY.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRefs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Label to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + }, + "operation": { + "type": "string", + "enum": [ + "APPEND", + "MERGE" + ], + "default": "APPEND", + "description": "If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.\n\nIf MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.", + "example": "MERGE" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRefs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Label to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + }, + "operation": { + "type": "string", + "enum": [ + "APPEND", + "MERGE" + ], + "default": "APPEND", + "description": "If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.\n\nIf MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.", + "example": "MERGE" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects/bulk-remove": { + "post": { + "operationId": "removeTagsToManyObject", + "tags": [ + "Tagged Objects" + ], + "summary": "Remove Tags from Multiple Objects", + "description": "This API removes tags from multiple objects.\n\nA token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "requestBody": { + "description": "Supported object types are ROLE, IDENTITY and SOD_POLICY.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRefs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Label to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + }, + "operation": { + "type": "string", + "enum": [ + "APPEND", + "MERGE" + ], + "default": "APPEND", + "description": "If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.\n\nIf MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.", + "example": "MERGE" + } + } + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/transforms": { + "get": { + "tags": [ + "Transforms" + ], + "summary": "List transforms", + "description": "Gets a list of all saved transform objects.\nA token with transforms-list read authority is required to call this API.", + "operationId": "listTransforms", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "name", + "in": "query", + "description": "Name of the transform to retrieve from the list.", + "required": false, + "style": "form", + "schema": { + "type": "string", + "example": "ExampleTransformName123" + } + }, + { + "name": "filters", + "in": "query", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "example": "name eq ExampleTransformName123", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A list of transforms matching the given criteria.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "DTO for representing an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Unique name of this transform", + "example": "Timestamp To Date" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", + "example": "concat" + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "example": { + "inputFormat": "MMM dd yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + }, + "internal": { + "type": "boolean", + "default": false, + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + } + }, + "example": [ + { + "id": "2cd78adghjkja34jh2b1hkjhasuecd", + "name": "Timestamp To Date", + "type": "dateFormat", + "attributes": { + "inputFormat": "MMM-dd-yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + }, + "internal": false + }, + { + "id": "2lkas8dhj4bkuakja77giih7l4ashh", + "name": "PrefixSubstring", + "type": "substring", + "attributes": { + "begin": 0, + "end": 3 + }, + "internal": true + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:read", + "idn:transform:manage" + ] + } + ] + }, + "post": { + "tags": [ + "Transforms" + ], + "summary": "Create transform", + "description": "Creates a new transform object. Request body must include name, type, and attributes.\nA token with transform write authority is required to call this API.", + "operationId": "createTransform", + "requestBody": { + "required": true, + "description": "The transform to be created.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "DTO for representing an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Unique name of this transform", + "example": "Timestamp To Date" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", + "example": "concat" + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "example": { + "inputFormat": "MMM dd yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + }, + "internal": { + "type": "boolean", + "default": false, + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + }, + "example": { + "name": "Timestamp To Date", + "type": "dateFormat", + "attributes": { + "inputFormat": "MMM dd yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + } + } + } + }, + "responses": { + "201": { + "description": "Indicates the transform was successfully created and returns its representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "DTO for representing an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Unique name of this transform", + "example": "Timestamp To Date" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", + "example": "concat" + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "example": { + "inputFormat": "MMM dd yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + }, + "internal": { + "type": "boolean", + "default": false, + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:manage" + ] + } + ] + } + }, + "/transforms/{id}": { + "get": { + "tags": [ + "Transforms" + ], + "summary": "Transform by ID", + "description": "This API returns the transform specified by the given ID.\nA token with transform read authority is required to call this API.", + "operationId": "getTransform", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the transform to retrieve", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string" + }, + "example": "2c9180835d2e5168015d32f890ca1581" + } + ], + "responses": { + "200": { + "description": "Transform with the given ID", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "DTO for representing an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Unique name of this transform", + "example": "Timestamp To Date" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", + "example": "concat" + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "example": { + "inputFormat": "MMM dd yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + }, + "internal": { + "type": "boolean", + "default": false, + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:read", + "idn:transform:manage" + ] + } + ] + }, + "put": { + "tags": [ + "Transforms" + ], + "summary": "Update a transform", + "description": "Replaces the transform specified by the given ID with the transform provided in the request body. Only the \"attributes\" field is mutable. Attempting to change other attributes will result in an error.\nA token with transform write authority is required to call this API.", + "operationId": "updateTransform", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the transform to update", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string" + }, + "example": "2c9180835d2e5168015d32f890ca1581" + } + ], + "requestBody": { + "description": "The updated transform object (must include \"name\", \"type\", and \"attributes\" fields).", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "DTO for representing an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Unique name of this transform", + "example": "Timestamp To Date" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", + "example": "concat" + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "example": { + "inputFormat": "MMM dd yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + }, + "internal": { + "type": "boolean", + "default": false, + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + }, + "example": { + "name": "Timestamp To Date", + "type": "dateFormat", + "attributes": { + "inputFormat": "MMM-dd-yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates the transform was successfully updated and returns its new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "DTO for representing an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Unique name of this transform", + "example": "Timestamp To Date" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", + "example": "concat" + }, + "attributes": { + "type": "object", + "nullable": true, + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "example": { + "inputFormat": "MMM dd yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + }, + "internal": { + "type": "boolean", + "default": false, + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + }, + "example": { + "id": "2cd78adghjkja34jh2b1hkjhasuecd", + "name": "Timestamp To Date", + "type": "dateFormat", + "attributes": { + "inputFormat": "MMM-dd-yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + }, + "internal": false + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:manage" + ] + } + ] + }, + "delete": { + "tags": [ + "Transforms" + ], + "summary": "Delete a transform", + "description": "Deletes the transform specified by the given ID.\nA token with transform delete authority is required to call this API.", + "operationId": "deleteTransform", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the transform to delete", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string" + }, + "example": "2c9180835d2e5168015d32f890ca1581" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:manage" + ] + } + ] + } + }, + "/translation-catalogs/{catalog-id}": { + "get": { + "operationId": "getMessageCatalogs", + "summary": "Get Message catalogs", + "tags": [ + "IAI Recommendations", + "IAI Access Request Recommendations" + ], + "description": "The getMessageCatalogs API returns message catalog based on the language headers in the requested object.", + "parameters": [ + { + "in": "path", + "name": "catalog-id", + "schema": { + "type": "string", + "enum": [ + "recommender", + "access-request-recommender" + ] + }, + "required": true, + "description": "The ID of the message catalog." + } + ], + "responses": { + "200": { + "description": "The message catalogs based on the request headers", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The language in which the messages are returned", + "example": "en_US" + }, + "messages": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key of the message", + "example": "recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_LOW" + }, + "format": { + "type": "string", + "description": "The format of the message", + "example": "{0,,\\\"i18n hint: percentage\\\"}% of identities with the same {1,,\\\"i18n hint: name of category feature\\\"} have this access. This information had a low impact on the overall score." + } + } + }, + "description": "The list of message with their keys and formats" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [] + } + ] + } + }, + "/triggers": { + "get": { + "operationId": "listTriggers", + "tags": [ + "Triggers" + ], + "summary": "List Triggers", + "description": "Gets a list of triggers that are available in the tenant.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq*", + "example": "id eq \"idn:access-request-post-approval\"" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields:\n\n**id** **name**", + "example": "name" + } + ], + "responses": { + "200": { + "description": "List of triggers.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "name", + "type", + "inputSchema", + "exampleInput" + ], + "properties": { + "id": { + "type": "string", + "description": "Unique identifier of the trigger.", + "example": "idn:access-request-dynamic-approver" + }, + "name": { + "type": "string", + "description": "Trigger Name.", + "example": "Access Request Dynamic Approver" + }, + "type": { + "example": "REQUEST_RESPONSE", + "type": "string", + "description": "The type of trigger.", + "enum": [ + "REQUEST_RESPONSE", + "FIRE_AND_FORGET" + ] + }, + "description": { + "type": "string", + "description": "Trigger Description.", + "example": "Trigger for getting a dynamic approver." + }, + "inputSchema": { + "type": "string", + "description": "The JSON schema of the payload that will be sent by the trigger to the subscribed service.", + "example": "{\"definitions\":{\"record:AccessRequestDynamicApproverInput\":{\"type\":\"object\",\"required\":[\"accessRequestId\",\"requestedFor\",\"requestedItems\",\"requestedBy\"],\"additionalProperties\":true,\"properties\":{\"accessRequestId\":{\"type\":\"string\"},\"requestedFor\":{\"$ref\":\"#/definitions/record:requestedForIdentityRef\"},\"requestedItems\":{\"type\":\"array\",\"items\":{\"$ref\":\"#/definitions/record:requestedObjectRef\"}},\"requestedBy\":{\"$ref\":\"#/definitions/record:requestedByIdentityRef\"}}},\"record:requestedForIdentityRef\":{\"type\":\"object\",\"required\":[\"id\",\"name\",\"type\"],\"additionalProperties\":true,\"properties\":{\"id\":{\"type\":\"string\"},\"name\":{\"type\":\"string\"},\"type\":{\"type\":\"string\"}}},\"record:requestedObjectRef\":{\"type\":\"object\",\"optional\":[\"description\",\"comment\"],\"required\":[\"id\",\"name\",\"type\",\"operation\"],\"additionalProperties\":true,\"properties\":{\"id\":{\"type\":\"string\"},\"name\":{\"type\":\"string\"},\"description\":{\"oneOf\":[{\"type\":\"null\"},{\"type\":\"string\"}]},\"type\":{\"type\":\"string\"},\"operation\":{\"type\":\"string\"},\"comment\":{\"oneOf\":[{\"type\":\"null\"},{\"type\":\"string\"}]}}},\"record:requestedByIdentityRef\":{\"type\":\"object\",\"required\":[\"type\",\"id\",\"name\"],\"additionalProperties\":true,\"properties\":{\"type\":{\"type\":\"string\"},\"id\":{\"type\":\"string\"},\"name\":{\"type\":\"string\"}}}},\"$ref\":\"#/definitions/record:AccessRequestDynamicApproverInput\"}" + }, + "exampleInput": { + "description": "An example of the JSON payload that will be sent by the trigger to the subscribed service.", + "oneOf": [ + { + "title": "Access Request Dynamic Approver", + "type": "object", + "required": [ + "accessRequestId", + "requestedFor", + "requestedItems", + "requestedBy" + ], + "properties": { + "accessRequestId": { + "type": "string", + "description": "The unique ID of the access request object. Can be used with the [access request status endpoint](https://developer.sailpoint.com/idn/api/beta/list-access-request-status) to get the status of the request.\n", + "example": "4b4d982dddff4267ab12f0f1e72b5a6d" + }, + "requestedFor": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity for whom the access is requested for.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "requestedItems": { + "description": "The access items that are being requested.", + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "name", + "type", + "operation" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the access item.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "name": { + "type": "string", + "description": "Human friendly name of the access item.", + "example": "Engineering Access" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Extended description of the access item.", + "example": "Engineering Access" + }, + "type": { + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of access item being requested.", + "example": "ACCESS_PROFILE" + }, + "operation": { + "enum": [ + "Add", + "Remove" + ], + "description": "Grant or revoke the access item", + "example": "Add" + }, + "comment": { + "nullable": true, + "type": "string", + "description": "A comment from the requestor on why the access is needed.", + "example": "William needs this access for his day to day job activities." + } + } + } + }, + "requestedBy": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that initiated the access request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + { + "title": "Access Request Post Approval", + "type": "object", + "required": [ + "accessRequestId", + "requestedFor", + "requestedItemsStatus", + "requestedBy" + ], + "properties": { + "accessRequestId": { + "type": "string", + "description": "The unique ID of the access request.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "requestedFor": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity who the access request is for.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "requestedItemsStatus": { + "description": "Details on the outcome of each access item.", + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "name", + "type", + "operation", + "approvalInfo" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the access item being requested.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "name": { + "type": "string", + "description": "The human friendly name of the access item.", + "example": "Engineering Access" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Detailed description of the access item.", + "example": "Access to engineering database" + }, + "type": { + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + }, + "operation": { + "enum": [ + "Add", + "Remove" + ], + "description": "The action to perform on the access item.", + "example": "Add" + }, + "comment": { + "nullable": true, + "type": "string", + "description": "A comment from the identity requesting the access.", + "example": "William needs this access to do his job." + }, + "clientMetadata": { + "description": "Additional customer defined metadata about the access item.", + "nullable": true, + "type": "object", + "additionalProperties": true, + "example": { + "applicationName": "My application" + } + }, + "approvalInfo": { + "description": "A list of one or more approvers for the access request.", + "type": "array", + "items": { + "type": "object", + "required": [ + "approvalDecision", + "approverName", + "approver" + ], + "properties": { + "approvalComment": { + "nullable": true, + "type": "string", + "description": "A comment left by the approver.", + "example": "This access looks good. Approved." + }, + "approvalDecision": { + "enum": [ + "APPROVED", + "DENIED" + ], + "description": "The final decision of the approver.", + "example": "APPROVED" + }, + "approverName": { + "type": "string", + "description": "The name of the approver", + "example": "Stephen.Austin" + }, + "approver": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity of the approver.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + } + } + } + } + }, + "requestedBy": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that initiated the access request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + { + "title": "Access Request Pre Approval", + "type": "object", + "required": [ + "accessRequestId", + "requestedFor", + "requestedItems", + "requestedBy" + ], + "properties": { + "accessRequestId": { + "type": "string", + "description": "The unique ID of the access request.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "requestedFor": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity who the access request is for.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "requestedItems": { + "description": "Details of the access items being requested.", + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "name", + "type", + "operation" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the access item being requested.", + "example": "2c91808b6ef1d43e016efba0ce470904" + }, + "name": { + "type": "string", + "description": "The human friendly name of the access item.", + "example": "Engineering Access" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Detailed description of the access item.", + "example": "Access to engineering database" + }, + "type": { + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of access item.", + "example": "ACCESS_PROFILE" + }, + "operation": { + "enum": [ + "Add", + "Remove" + ], + "description": "The action to perform on the access item.", + "example": "Add" + }, + "comment": { + "nullable": true, + "type": "string", + "description": "A comment from the identity requesting the access.", + "example": "William needs this access to do his job." + } + } + } + }, + "requestedBy": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that initiated the access request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + { + "title": "Account Aggregation Completed", + "type": "object", + "required": [ + "source", + "status", + "started", + "completed", + "errors", + "warnings", + "stats" + ], + "properties": { + "source": { + "required": [ + "type", + "name", + "id" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The source from which the accounts were aggregated.", + "properties": { + "type": { + "enum": [ + "SOURCE" + ], + "description": "The type of object that is referenced", + "example": "SOURCE" + } + } + }, + "status": { + "description": "The overall status of the aggregation.", + "enum": [ + "Success", + "Failed", + "Terminated" + ], + "example": "Success" + }, + "started": { + "type": "string", + "format": "date-time", + "description": "The date and time when the account aggregation started.", + "example": "2020-06-29T22:01:50.474Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "The date and time when the account aggregation finished.", + "example": "2020-06-29T22:02:04.090Z" + }, + "errors": { + "nullable": true, + "description": "A list of errors that occurred during the aggregation.", + "type": "array", + "items": { + "type": "string", + "description": "A descriptive error message.", + "example": "Accounts unable to be aggregated." + } + }, + "warnings": { + "nullable": true, + "description": "A list of warnings that occurred during the aggregation.", + "type": "array", + "items": { + "type": "string", + "description": "A descriptive warning message.", + "example": "Account Skipped" + } + }, + "stats": { + "type": "object", + "description": "Overall statistics about the account aggregation.", + "required": [ + "scanned", + "unchanged", + "changed", + "added", + "removed" + ], + "properties": { + "scanned": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which were scanned / iterated over.", + "example": 200 + }, + "unchanged": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which existed before, but had no changes.", + "example": 190 + }, + "changed": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which existed before, but had changes.", + "example": 6 + }, + "added": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which are new - have not existed before.", + "example": 4 + }, + "removed": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "format": "int32", + "description": "The number accounts which existed before, but no longer exist (thus getting removed).", + "example": 3 + } + } + } + } + }, + { + "title": "Account Attributes Changed", + "type": "object", + "required": [ + "identity", + "source", + "account", + "changes" + ], + "properties": { + "identity": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity whose account attributes changed.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "source": { + "required": [ + "id", + "type", + "name" + ], + "type": "object", + "description": "The source that contains the account.", + "properties": { + "id": { + "description": "ID of the object to which this reference applies", + "type": "string", + "example": "4e4d982dddff4267ab12f0f1e72b5a6d" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "example": "SOURCE", + "description": "The type of object that is referenced" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "Corporate Active Directory" + } + } + }, + "account": { + "type": "object", + "description": "Details of the account where the attributes changed.", + "required": [ + "id", + "uuid", + "name", + "nativeIdentity", + "type" + ], + "properties": { + "id": { + "type": "string", + "description": "SailPoint generated unique identifier.", + "example": "52170a74-ca89-11ea-87d0-0242ac130003" + }, + "uuid": { + "nullable": true, + "type": "string", + "description": "The source's unique identifier for the account. UUID is generated by the source system.", + "example": "1cb1f07d-3e5a-4431-becd-234fa4306108" + }, + "name": { + "type": "string", + "description": "Name of the account.", + "example": "john.doe" + }, + "nativeIdentity": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "cn=john.doe,ou=users,dc=acme,dc=com" + }, + "type": { + "enum": [ + "ACCOUNT" + ], + "description": "The type of the account", + "example": "ACCOUNT" + } + } + }, + "changes": { + "type": "array", + "description": "A list of attributes that changed.", + "items": { + "type": "object", + "required": [ + "attribute", + "oldValue", + "newValue" + ], + "properties": { + "attribute": { + "type": "string", + "description": "The name of the attribute.", + "example": "sn" + }, + "oldValue": { + "description": "The previous value of the attribute.", + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "array", + "items": { + "nullable": true, + "type": "string" + } + } + ], + "example": "doe" + }, + "newValue": { + "description": "The new value of the attribute.", + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "array", + "items": { + "nullable": true, + "type": "string" + } + } + ], + "example": "ryans" + } + } + } + } + } + }, + { + "title": "Account Correlated", + "type": "object", + "required": [ + "identity", + "source", + "account", + "attributes" + ], + "properties": { + "identity": { + "required": [ + "type", + "name", + "id" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that the account correlated with.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "description": "The type of object that is referenced", + "example": "IDENTITY" + } + } + }, + "source": { + "required": [ + "id", + "type", + "name" + ], + "type": "object", + "description": "The source from which the account came from.", + "properties": { + "id": { + "description": "ID of the object to which this reference applies", + "type": "string", + "example": "4e4d982dddff4267ab12f0f1e72b5a6d" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "example": "SOURCE", + "description": "The type of object that is referenced" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "Corporate Active Directory" + } + } + }, + "account": { + "required": [ + "id", + "name", + "nativeIdentity", + "type" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The account that was correlated.", + "properties": { + "type": { + "enum": [ + "ACCOUNT" + ], + "description": "The type of object that is referenced", + "example": "ACCOUNT" + }, + "nativeIdentity": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "cn=john.doe,ou=users,dc=acme,dc=com" + }, + "uuid": { + "nullable": true, + "type": "string", + "description": "The source's unique identifier for the account. UUID is generated by the source system.", + "example": "1cb1f07d-3e5a-4431-becd-234fa4306108" + } + } + }, + "attributes": { + "type": "object", + "description": "The attributes associated with the account. Attributes are unique per source.", + "additionalProperties": true, + "example": { + "sn": "doe", + "givenName": "john", + "memberOf": [ + "cn=g1,ou=groups,dc=acme,dc=com", + "cn=g2,ou=groups,dc=acme,dc=com", + "cn=g3,ou=groups,dc=acme,dc=com" + ] + } + }, + "entitlementCount": { + "type": "integer", + "format": "int32", + "description": "The number of entitlements associated with this account.", + "example": 0 + } + } + }, + { + "title": "Accounts Collected for Aggregation", + "type": "object", + "required": [ + "source", + "status", + "started", + "completed", + "errors", + "warnings", + "stats" + ], + "properties": { + "source": { + "required": [ + "id", + "type", + "name" + ], + "type": "object", + "description": "Reference to the source that has been aggregated.", + "properties": { + "id": { + "description": "ID of the object to which this reference applies", + "type": "string", + "example": "4e4d982dddff4267ab12f0f1e72b5a6d" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "example": "SOURCE", + "description": "The type of object that is referenced" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "Corporate Active Directory" + } + } + }, + "status": { + "description": "The overall status of the collection.", + "enum": [ + "Success", + "Failed", + "Terminated" + ], + "example": "Success" + }, + "started": { + "type": "string", + "format": "date-time", + "description": "The date and time when the account collection started.", + "example": "2020-06-29T22:01:50.474Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "The date and time when the account collection finished.", + "example": "2020-06-29T22:02:04.090Z" + }, + "errors": { + "nullable": true, + "description": "A list of errors that occurred during the collection.", + "type": "array", + "items": { + "type": "string", + "description": "A descriptive error message.", + "example": "Unable to collect accounts for aggregation." + } + }, + "warnings": { + "nullable": true, + "description": "A list of warnings that occurred during the collection.", + "type": "array", + "items": { + "type": "string", + "description": "A descriptive warning message.", + "example": "Account Skipped" + } + }, + "stats": { + "type": "object", + "description": "Overall statistics about the account collection.", + "required": [ + "scanned", + "unchanged", + "changed", + "added", + "removed" + ], + "properties": { + "scanned": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which were scanned / iterated over.", + "example": 200 + }, + "unchanged": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which existed before, but had no changes.", + "example": 190 + }, + "changed": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which existed before, but had changes.", + "example": 6 + }, + "added": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 2147483647, + "description": "The number of accounts which are new - have not existed before.", + "example": 4 + }, + "removed": { + "type": "integer", + "minimum": 0, + "maximum": 2147483647, + "format": "int32", + "description": "The number accounts which existed before, but no longer exist (thus getting removed).", + "example": 3 + } + } + } + } + }, + { + "title": "Account Uncorrelated", + "type": "object", + "required": [ + "identity", + "source", + "account" + ], + "properties": { + "identity": { + "required": [ + "type", + "name", + "id" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that the account uncorrelated with.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "description": "The type of object that is referenced", + "example": "IDENTITY" + } + } + }, + "source": { + "required": [ + "type", + "name", + "id" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The source from which the account came from.", + "properties": { + "type": { + "enum": [ + "SOURCE" + ], + "description": "The type of object that is referenced", + "example": "SOURCE" + } + } + }, + "account": { + "required": [ + "id", + "name", + "nativeIdentity", + "type" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The account that was uncorrelated.", + "properties": { + "type": { + "enum": [ + "ACCOUNT" + ], + "description": "The type of object that is referenced", + "example": "ACCOUNT" + }, + "nativeIdentity": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "cn=john.doe,ou=users,dc=acme,dc=com" + }, + "uuid": { + "nullable": true, + "type": "string", + "description": "The source's unique identifier for the account. UUID is generated by the source system.", + "example": "1cb1f07d-3e5a-4431-becd-234fa4306108" + } + } + }, + "entitlementCount": { + "type": "integer", + "format": "int32", + "description": "The number of entitlements associated with this account.", + "example": 0 + } + } + }, + { + "title": "Campaign Activated", + "type": "object", + "required": [ + "campaign" + ], + "properties": { + "campaign": { + "type": "object", + "description": "Details about the certification campaign that was activated.", + "required": [ + "id", + "name", + "description", + "created", + "deadline", + "type", + "campaignOwner", + "status" + ], + "properties": { + "id": { + "type": "string", + "description": "Unique ID for the campaign.", + "example": "2c91808576f886190176f88cac5a0010" + }, + "name": { + "type": "string", + "description": "The human friendly name of the campaign.", + "example": "Manager Access Campaign" + }, + "description": { + "type": "string", + "description": "Extended description of the campaign.", + "example": "Audit access for all employees." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was created.", + "example": "2021-02-16T03:04:45.815Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was last modified.", + "example": "2021-02-16T03:06:45.815Z" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign is due.", + "example": "2021-03-16T03:04:45.815Z" + }, + "type": { + "description": "The type of campaign.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "campaignOwner": { + "type": "object", + "description": "Details of the identity that owns the campaign.", + "required": [ + "id", + "displayName", + "email" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the identity.", + "example": "37f080867702c1910177031320c40n27" + }, + "displayName": { + "type": "string", + "description": "The human friendly name of the identity.", + "example": "John Snow" + }, + "email": { + "type": "string", + "description": "The primary email address of the identity.", + "example": "john.snow@example.com" + } + } + }, + "status": { + "enum": [ + "ACTIVE" + ], + "description": "The current status of the campaign.", + "example": "ACTIVE" + } + } + } + } + }, + { + "title": "Campaign Ended", + "type": "object", + "required": [ + "campaign" + ], + "properties": { + "campaign": { + "type": "object", + "description": "Details about the certification campaign that ended.", + "required": [ + "id", + "name", + "description", + "created", + "deadline", + "type", + "campaignOwner", + "status" + ], + "properties": { + "id": { + "type": "string", + "description": "Unique ID for the campaign.", + "example": "2c91808576f886190176f88cac5a0010" + }, + "name": { + "type": "string", + "description": "The human friendly name of the campaign.", + "example": "Manager Access Campaign" + }, + "description": { + "type": "string", + "description": "Extended description of the campaign.", + "example": "Audit access for all employees." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was created.", + "example": "2021-02-16T03:04:45.815Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was last modified.", + "example": "2021-03-16T03:06:45.815Z" + }, + "deadline": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign is due.", + "example": "2021-03-16T03:04:45.815Z" + }, + "type": { + "description": "The type of campaign.", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "example": "MANAGER" + }, + "campaignOwner": { + "type": "object", + "description": "Details of the identity that owns the campaign.", + "required": [ + "id", + "displayName", + "email" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the identity.", + "example": "37f080867702c1910177031320c40n27" + }, + "displayName": { + "type": "string", + "description": "The human friendly name of the identity.", + "example": "John Snow" + }, + "email": { + "type": "string", + "description": "The primary email address of the identity.", + "example": "john.snow@example.com" + } + } + }, + "status": { + "enum": [ + "COMPLETED" + ], + "description": "The current status of the campaign.", + "example": "COMPLETED" + } + } + } + } + }, + { + "title": "Campaign Generated", + "type": "object", + "required": [ + "campaign" + ], + "properties": { + "campaign": { + "description": "Details about the campaign that was generated.", + "type": "object", + "required": [ + "id", + "name", + "description", + "created", + "type", + "campaignOwner", + "status" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "2c91808576f886190176f88cac5a0010" + }, + "name": { + "type": "string", + "description": "Human friendly name of the campaign.", + "example": "Manager Access Campaign" + }, + "description": { + "type": "string", + "description": "Extended description of the campaign.", + "example": "Audit access for all employees." + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the campaign was created.", + "example": "2021-02-16T03:04:45.815Z" + }, + "modified": { + "nullable": true, + "type": "string", + "description": "The date and time the campaign was last modified.", + "example": "2021-02-17T03:04:45.815Z" + }, + "deadline": { + "nullable": true, + "type": "string", + "description": "The date and time when the campaign must be finished by.", + "example": "2021-02-18T03:04:45.815Z" + }, + "type": { + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH", + "ROLE_COMPOSITION" + ], + "description": "The type of campaign that was generated.", + "example": "MANAGER" + }, + "campaignOwner": { + "type": "object", + "description": "The identity that owns the campaign.", + "required": [ + "id", + "displayName", + "email" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the identity.", + "example": "37f080867702c1910177031320c40n27" + }, + "displayName": { + "type": "string", + "description": "The display name of the identity.", + "example": "John Snow" + }, + "email": { + "type": "string", + "description": "The primary email address of the identity.", + "example": "john.snow@example.com" + } + } + }, + "status": { + "enum": [ + "STAGED", + "ACTIVATING", + "ACTIVE" + ], + "description": "The current status of the campaign.", + "example": "STAGED" + } + } + } + } + }, + { + "title": "Certification Signed Off", + "type": "object", + "required": [ + "certification" + ], + "properties": { + "certification": { + "description": "The certification campaign that was signed off on.", + "required": [ + "id", + "name", + "created" + ], + "allOf": [ + { + "type": "object", + "required": [ + "campaignRef", + "completed", + "decisionsMade", + "decisionsTotal", + "due", + "signed", + "reviewer", + "campaignOwner", + "hasErrors", + "phase", + "entitiesCompleted", + "entitiesTotal" + ], + "properties": { + "campaignRef": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "phase": { + "type": "string", + "description": "The current phase of the campaign.\n* `STAGED`: The campaign is waiting to be activated.\n* `ACTIVE`: The campaign is active.\n* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.\n", + "enum": [ + "STAGED", + "ACTIVE", + "SIGNED" + ], + "example": "ACTIVE" + }, + "due": { + "type": "string", + "format": "date-time", + "description": "The due date of the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "signed": { + "type": "string", + "format": "date-time", + "description": "The date the reviewer signed off on the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "reviewer": { + "description": "A reference to the reviewer of the campaign.", + "type": "object", + "required": [ + "type", + "id", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object that the reviewer is.", + "enum": [ + "IDENTITY", + "GOVERNANCE_GROUP" + ], + "example": "IDENTITY" + }, + "email": { + "type": "string", + "nullable": true, + "description": "The email of the reviewing identity. Only applicable to `IDENTITY`", + "example": "reviewer@test.com" + } + } + }, + "reassignment": { + "nullable": true, + "description": "A reference to a reviewer that this campaign has been reassigned to.", + "type": "object", + "properties": { + "from": { + "description": "The previous certification", + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "reviewer": { + "description": "Certification reviewer", + "type": "object", + "required": [ + "type", + "id", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object that the reviewer is.", + "enum": [ + "IDENTITY", + "GOVERNANCE_GROUP" + ], + "example": "IDENTITY" + }, + "email": { + "type": "string", + "nullable": true, + "description": "The email of the reviewing identity. Only applicable to `IDENTITY`", + "example": "reviewer@test.com" + } + } + } + } + } + ], + "properties": { + "type": { + "description": "The type of object that the reviewer is.", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "correlatedStatus": { + "description": "The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).", + "enum": [ + "CORRELATED", + "UNCORRELATED" + ], + "example": "CORRELATED" + } + } + }, + "comment": { + "type": "string", + "description": "Comments from the previous reviewer.", + "example": "Please review" + } + } + }, + "hasErrors": { + "type": "boolean", + "example": false, + "description": "Indicates it the certification has any errors." + }, + "errorMessage": { + "type": "string", + "nullable": true, + "example": "The certification has an error", + "description": "A message indicating what the error is." + }, + "completed": { + "type": "boolean", + "description": "Indicates if all certification decisions have been made.", + "example": false + }, + "decisionsMade": { + "type": "integer", + "description": "The number of approve/revoke/acknowledge decisions that have been made by the reviewer.", + "example": 20, + "format": "int32" + }, + "decisionsTotal": { + "type": "integer", + "description": "The total number of approve/revoke/acknowledge decisions for the certification.", + "example": 40, + "format": "int32" + }, + "entitiesCompleted": { + "type": "integer", + "description": "The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete.", + "example": 5, + "format": "int32" + }, + "entitiesTotal": { + "type": "integer", + "format": "int32", + "description": "The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete.", + "example": 10 + } + } + } + ], + "properties": { + "id": { + "type": "string", + "description": "Unique ID of the certification.", + "example": "2c91808576f886190176f88caf0d0067" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Manager Access Review for Alice Baker" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the certification was created.", + "example": "2020-02-16T03:04:45.815Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date and time the certification was last modified.", + "example": "2020-02-16T03:06:45.815Z" + } + } + } + } + }, + { + "title": "Identity Attributes Changed", + "type": "object", + "required": [ + "identity", + "changes" + ], + "properties": { + "identity": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity who's attributes changed.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "changes": { + "description": "A list of one or more identity attributes that changed on the identity.", + "type": "array", + "items": { + "type": "object", + "required": [ + "attribute" + ], + "properties": { + "attribute": { + "type": "string", + "description": "The name of the identity attribute that changed.", + "example": "department" + }, + "oldValue": { + "description": "The value of the identity attribute before it changed.", + "nullable": true, + "example": "sales", + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "object", + "nullable": true, + "additionalProperties": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "integer" + }, + { + "type": "boolean" + } + ] + } + } + ] + }, + "newValue": { + "description": "The value of the identity attribute after it changed.", + "example": "marketing", + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "object", + "nullable": true, + "additionalProperties": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "integer" + }, + { + "type": "boolean" + } + ] + } + } + ] + } + } + } + } + } + }, + { + "title": "Identity Created", + "type": "object", + "required": [ + "identity", + "attributes" + ], + "properties": { + "identity": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that was created.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "attributes": { + "type": "object", + "description": "The attributes assigned to the identity. Attributes are determined by the identity profile.", + "additionalProperties": true, + "example": { + "firstname": "John" + } + } + } + }, + { + "title": "Identity Deleted", + "type": "object", + "required": [ + "identity", + "attributes" + ], + "properties": { + "identity": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that was deleted.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "attributes": { + "type": "object", + "description": "The attributes assigned to the identity. Attributes are determined by the identity profile.", + "additionalProperties": true, + "example": { + "firstname": "John" + } + } + } + }, + { + "title": "Provisioning Completed", + "type": "object", + "required": [ + "trackingNumber", + "sources", + "recipient", + "accountRequests" + ], + "properties": { + "trackingNumber": { + "type": "string", + "description": "The reference number of the provisioning request. Useful for tracking status in the Account Activity search interface.", + "example": "4b4d982dddff4267ab12f0f1e72b5a6d" + }, + "sources": { + "type": "string", + "description": "One or more sources that the provisioning transaction(s) were done against. Sources are comma separated.", + "example": "Corp AD, Corp LDAP, Corp Salesforce" + }, + "action": { + "nullable": true, + "type": "string", + "description": "Origin of where the provisioning request came from.", + "example": "IdentityRefresh" + }, + "errors": { + "nullable": true, + "description": "A list of any accumulated error messages that occurred during provisioning.", + "type": "array", + "items": { + "type": "string", + "example": "Connector AD Failed" + } + }, + "warnings": { + "nullable": true, + "description": "A list of any accumulated warning messages that occurred during provisioning.", + "type": "array", + "items": { + "type": "string", + "example": "Notification Skipped due to invalid email" + } + }, + "recipient": { + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity who is the target of the provisioning request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "requester": { + "nullable": true, + "required": [ + "id", + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity (if any) who submitted the provisioning request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + }, + "accountRequests": { + "type": "array", + "description": "A list of provisioning instructions to perform on an account-by-account basis.", + "items": { + "type": "object", + "required": [ + "source", + "accountOperation", + "provisioningResult", + "provisioningTarget" + ], + "properties": { + "source": { + "required": [ + "id", + "type", + "name" + ], + "type": "object", + "description": "Reference to the source being provisioned against.", + "properties": { + "id": { + "description": "ID of the object to which this reference applies", + "type": "string", + "example": "4e4d982dddff4267ab12f0f1e72b5a6d" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "example": "SOURCE", + "description": "The type of object that is referenced" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "Corporate Active Directory" + } + } + }, + "accountId": { + "type": "string", + "description": "The unique idenfier of the account being provisioned.", + "example": "CN=Chewy.Bacca,ou=hardcorefigter,ou=wookies,dc=starwars,dc=com" + }, + "accountOperation": { + "type": "string", + "description": "The provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete.", + "example": "Modify" + }, + "provisioningResult": { + "description": "The overall result of the provisioning transaction; this could be success, pending, failed, etc.", + "enum": [ + "SUCCESS", + "PENDING", + "FAILED" + ], + "example": "SUCCESS" + }, + "provisioningTarget": { + "type": "string", + "description": "The name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM).", + "example": "Corp AD" + }, + "ticketId": { + "nullable": true, + "type": "string", + "description": "A reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM).", + "example": "72619262" + }, + "attributeRequests": { + "nullable": true, + "description": "A list of attributes as part of the provisioning transaction.", + "type": "array", + "items": { + "type": "object", + "required": [ + "attributeName", + "operation" + ], + "properties": { + "attributeName": { + "type": "string", + "description": "The name of the attribute being provisioned.", + "example": "memberOf" + }, + "attributeValue": { + "nullable": true, + "type": "string", + "description": "The value of the attribute being provisioned.", + "example": "CN=jedi,DC=starwars,DC=com" + }, + "operation": { + "enum": [ + "Add", + "Set", + "Remove" + ], + "description": "The operation to handle the attribute.", + "example": "Add" + } + } + } + } + } + } + } + } + }, + { + "title": "Saved Search Complete", + "type": "object", + "required": [ + "fileName", + "ownerEmail", + "ownerName", + "query", + "searchName", + "searchResults", + "signedS3Url" + ], + "properties": { + "fileName": { + "type": "string", + "description": "A name for the report file.", + "example": "Modified.zip" + }, + "ownerEmail": { + "type": "string", + "description": "The email address of the identity that owns the saved search.", + "example": "test@sailpoint.com" + }, + "ownerName": { + "type": "string", + "description": "The name of the identity that owns the saved search.", + "example": "Cloud Support" + }, + "query": { + "type": "string", + "description": "The search query that was used to generate the report.", + "example": "modified:[now-7y/d TO now]" + }, + "searchName": { + "type": "string", + "description": "The name of the saved search.", + "example": "Modified Activity" + }, + "searchResults": { + "type": "object", + "description": "A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type.", + "properties": { + "Account": { + "description": "A table of accounts that match the search criteria.", + "nullable": true, + "type": "object", + "required": [ + "count", + "noun", + "preview" + ], + "properties": { + "count": { + "type": "string", + "description": "The number of rows in the table.", + "example": 3 + }, + "noun": { + "type": "string", + "description": "The type of object represented in the table.", + "example": "accounts" + }, + "preview": { + "description": "A sample of the data in the table.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string", + "example": "Robert.Chase" + }, + "example": [] + } + } + } + }, + "Entitlement": { + "description": "A table of entitlements that match the search criteria.", + "nullable": true, + "type": "object", + "required": [ + "count", + "noun", + "preview" + ], + "properties": { + "count": { + "type": "string", + "description": "The number of rows in the table.", + "example": 2 + }, + "noun": { + "type": "string", + "description": "The type of object represented in the table.", + "example": "entitlements" + }, + "preview": { + "description": "A sample of the data in the table.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string", + "example": "Administrator" + }, + "example": [] + } + } + } + }, + "Identity": { + "description": "A table of identities that match the search criteria.", + "nullable": true, + "type": "object", + "required": [ + "count", + "noun", + "preview" + ], + "properties": { + "count": { + "type": "string", + "description": "The number of rows in the table.", + "example": 2 + }, + "noun": { + "type": "string", + "description": "The type of object represented in the table.", + "example": "identities" + }, + "preview": { + "description": "A sample of the data in the table.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string", + "example": "Carol Shelby" + }, + "example": [] + } + } + } + } + } + }, + "signedS3Url": { + "type": "string", + "description": "The Amazon S3 URL to download the report from.", + "example": "https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e732bb97a12a1fd8a215613e3c31fcdae8ba1fb6a25916843ab5b51d2ddefbc" + } + } + }, + { + "title": "Source Account Created", + "type": "object", + "required": [ + "id", + "nativeIdentifier", + "sourceId", + "sourceName", + "identityId", + "identityName", + "attributes" + ], + "properties": { + "uuid": { + "type": "string", + "description": "Source unique identifier for the identity. UUID is generated by the source system.", + "example": "b7264868-7201-415f-9118-b581d431c688" + }, + "id": { + "type": "string", + "description": "SailPoint generated unique identifier.", + "example": "ee769173319b41d19ccec35ba52f237b" + }, + "nativeIdentifier": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "E009" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source.", + "example": "2c918082814e693601816e09471b29b6" + }, + "sourceName": { + "type": "string", + "description": "The name of the source.", + "example": "Active Directory" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity that is corellated with this account.", + "example": "ee769173319b41d19ccec6c235423237b" + }, + "identityName": { + "type": "string", + "description": "The name of the identity that is corellated with this account.", + "example": "john.doe" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The attributes of the account. The contents of attributes depends on the account schema for the source.", + "example": { + "firstname": "John", + "lastname": "Doe", + "email": "john.doe@gmail.com", + "department": "Sales", + "displayName": "John Doe", + "created": "2020-04-27T16:48:33.597Z", + "employeeNumber": "E009", + "uid": "E009", + "inactive": "true", + "phone": null, + "identificationNumber": "E009" + } + } + } + }, + { + "title": "Source Account Deleted", + "type": "object", + "required": [ + "id", + "nativeIdentifier", + "sourceId", + "sourceName", + "identityId", + "identityName", + "attributes" + ], + "properties": { + "uuid": { + "type": "string", + "description": "Source unique identifier for the identity. UUID is generated by the source system.", + "example": "b7264868-7201-415f-9118-b581d431c688" + }, + "id": { + "type": "string", + "description": "SailPoint generated unique identifier.", + "example": "ee769173319b41d19ccec35ba52f237b" + }, + "nativeIdentifier": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "E009" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source.", + "example": "2c918082814e693601816e09471b29b6" + }, + "sourceName": { + "type": "string", + "description": "The name of the source.", + "example": "Active Directory" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity that is corellated with this account.", + "example": "ee769173319b41d19ccec6c235423237b" + }, + "identityName": { + "type": "string", + "description": "The name of the identity that is corellated with this account.", + "example": "john.doe" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The attributes of the account. The contents of attributes depends on the account schema for the source.", + "example": { + "firstname": "John", + "lastname": "Doe", + "email": "john.doe@gmail.com", + "department": "Sales", + "displayName": "John Doe", + "created": "2020-04-27T16:48:33.597Z", + "employeeNumber": "E009", + "uid": "E009", + "inactive": "true", + "phone": null, + "identificationNumber": "E009" + } + } + } + }, + { + "title": "Source Account Updated", + "type": "object", + "required": [ + "id", + "nativeIdentifier", + "sourceId", + "sourceName", + "identityId", + "identityName", + "attributes" + ], + "properties": { + "uuid": { + "type": "string", + "description": "Source unique identifier for the identity. UUID is generated by the source system.", + "example": "b7264868-7201-415f-9118-b581d431c688" + }, + "id": { + "type": "string", + "description": "SailPoint generated unique identifier.", + "example": "ee769173319b41d19ccec35ba52f237b" + }, + "nativeIdentifier": { + "type": "string", + "description": "Unique ID of the account on the source.", + "example": "E009" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source.", + "example": "2c918082814e693601816e09471b29b6" + }, + "sourceName": { + "type": "string", + "description": "The name of the source.", + "example": "Active Directory" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity that is corellated with this account.", + "example": "ee769173319b41d19ccec6c235423237b" + }, + "identityName": { + "type": "string", + "description": "The name of the identity that is corellated with this account.", + "example": "john.doe" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The attributes of the account. The contents of attributes depends on the account schema for the source.", + "example": { + "firstname": "John", + "lastname": "Doe", + "email": "john.doe@gmail.com", + "department": "Sales", + "displayName": "John Doe", + "created": "2020-04-27T16:48:33.597Z", + "employeeNumber": "E009", + "uid": "E009", + "inactive": "true", + "phone": null, + "identificationNumber": "E009" + } + } + } + }, + { + "title": "Source Created", + "type": "object", + "required": [ + "id", + "name", + "type", + "created", + "connector", + "actor" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the source.", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human friendly name of the source.", + "example": "Test source" + }, + "type": { + "type": "string", + "description": "The connection type.", + "example": "DIRECT_CONNECT" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the source was created.", + "example": "2021-03-29T22:01:50.474Z" + }, + "connector": { + "type": "string", + "description": "The connector type used to connect to the source.", + "example": "active-directory" + }, + "actor": { + "required": [ + "id", + "name", + "type" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that created the source.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + { + "title": "Source Deleted", + "type": "object", + "required": [ + "id", + "name", + "type", + "deleted", + "connector", + "actor" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the source.", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human friendly name of the source.", + "example": "Test source" + }, + "type": { + "type": "string", + "description": "The connection type.", + "example": "DIRECT_CONNECT" + }, + "deleted": { + "type": "string", + "format": "date-time", + "description": "The date and time the source was deleted.", + "example": "2021-03-29T22:01:50.474Z" + }, + "connector": { + "type": "string", + "description": "The connector type used to connect to the source.", + "example": "active-directory" + }, + "actor": { + "required": [ + "id", + "name", + "type" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that deleted the source.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + { + "title": "Source Updated", + "type": "object", + "required": [ + "id", + "name", + "type", + "modified", + "connector", + "actor" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the source.", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "The user friendly name of the source.", + "example": "Corporate Active Directory" + }, + "type": { + "type": "string", + "description": "The connection type of the source.", + "example": "DIRECT_CONNECT" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time the source was modified.", + "example": "2021-03-29T22:01:50.474Z" + }, + "connector": { + "type": "string", + "description": "The connector type used to connect to the source.", + "example": "active-directory" + }, + "actor": { + "required": [ + "type", + "name" + ], + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity or system that performed the update.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + } + } + } + }, + { + "title": "VA Cluster Status Change Event", + "type": "object", + "required": [ + "created", + "type", + "application", + "healthCheckResult", + "previousHealthCheckResult" + ], + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the status change occurred.", + "example": "2020-06-29T22:01:50.474Z" + }, + "type": { + "enum": [ + "SOURCE", + "CLUSTER" + ], + "description": "The type of the object that initiated this event.", + "example": "CLUSTER" + }, + "application": { + "type": "object", + "description": "Details about the `CLUSTER` or `SOURCE` that initiated this event.", + "required": [ + "id", + "name", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "description": "The GUID of the application", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "The name of the application", + "example": "Production VA Cluster" + }, + "attributes": { + "type": "object", + "description": "Custom map of attributes for a source. This will only be populated if type is `SOURCE` and the source has a proxy.", + "additionalProperties": true, + "nullable": true, + "example": null + } + } + }, + "healthCheckResult": { + "type": "object", + "description": "The results of the most recent health check.", + "required": [ + "message", + "resultType", + "status" + ], + "properties": { + "message": { + "type": "string", + "description": "Detailed message of the result of the health check.", + "example": "Test Connection failed with exception. Error message - java.lang Exception" + }, + "resultType": { + "type": "string", + "description": "The type of the health check result.", + "example": "SOURCE_STATE_ERROR_CLUSTER" + }, + "status": { + "enum": [ + "Succeeded", + "Failed" + ], + "description": "The status of the health check.", + "example": "Succeeded" + } + } + }, + "previousHealthCheckResult": { + "type": "object", + "description": "The results of the last health check.", + "required": [ + "message", + "resultType", + "status" + ], + "properties": { + "message": { + "type": "string", + "description": "Detailed message of the result of the health check.", + "example": "Test Connection failed with exception. Error message - java.lang Exception" + }, + "resultType": { + "type": "string", + "description": "The type of the health check result.", + "example": "SOURCE_STATE_ERROR_CLUSTER" + }, + "status": { + "enum": [ + "Succeeded", + "Failed" + ], + "description": "The status of the health check.", + "example": "Failed" + } + } + } + } + } + ] + }, + "outputSchema": { + "type": "string", + "description": "The JSON schema of the response that will be sent by the subscribed service to the trigger in response to an event. This only applies to a trigger type of `REQUEST_RESPONSE`.", + "nullable": true, + "example": "{\"definitions\":{\"record:AccessRequestDynamicApproverOutput\":{\"type\":[\"null\",\"object\"],\"required\":[\"id\",\"name\",\"type\"],\"additionalProperties\":true,\"properties\":{\"id\":{\"type\":\"string\"},\"name\":{\"type\":\"string\"},\"type\":{\"type\":\"string\"}}}},\"$ref\":\"#/definitions/record:AccessRequestDynamicApproverOutput\"}" + }, + "exampleOutput": { + "description": "An example of the JSON payload that will be sent by the subscribed service to the trigger in response to an event.", + "nullable": true, + "oneOf": [ + { + "title": "Access Request Dynamic Approver", + "type": "object", + "nullable": true, + "required": [ + "id", + "name", + "type" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the identity to add to the approver list for the access request.", + "example": "2c91808b6ef1d43e016efba0ce470906" + }, + "name": { + "type": "string", + "description": "The name of the identity to add to the approver list for the access request.", + "example": "Adam Adams" + }, + "type": { + "enum": [ + "IDENTITY", + "GOVERNANCE_GROUP" + ], + "description": "The type of object being referenced.", + "example": "IDENTITY" + } + } + }, + { + "title": "Access Request Pre Approval", + "type": "object", + "required": [ + "approved", + "comment", + "approver" + ], + "properties": { + "approved": { + "type": "boolean", + "description": "Whether or not to approve the access request.", + "example": false + }, + "comment": { + "type": "string", + "description": "A comment about the decision to approve or deny the request.", + "example": "This access should be denied, because this will cause an SOD violation." + }, + "approver": { + "type": "string", + "description": "The name of the entity that approved or denied the request.", + "example": "AcmeCorpExternalIntegration" + } + } + } + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-subscriptions:read" + ] + } + ] + } + }, + "/trigger-subscriptions": { + "post": { + "operationId": "createSubscription", + "tags": [ + "Triggers" + ], + "summary": "Create a Subscription", + "description": "This API creates a new subscription to a trigger and defines trigger invocation details. The type of subscription determines which config object is required:\n* HTTP subscriptions require httpConfig\n* EventBridge subscriptions require eventBridgeConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "triggerId", + "type", + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "Subscription name.", + "example": "Access request subscription" + }, + "description": { + "type": "string", + "description": "Subscription description.", + "example": "Access requested to site xyz" + }, + "triggerId": { + "type": "string", + "description": "ID of trigger subscribed to.", + "example": "idn:access-requested" + }, + "type": { + "type": "string", + "enum": [ + "HTTP", + "EVENTBRIDGE", + "INLINE", + "SCRIPT", + "WORKFLOW" + ], + "description": "Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.", + "example": "HTTP" + }, + "responseDeadline": { + "type": "string", + "description": "Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.", + "example": "PT1H", + "default": "PT1H" + }, + "httpConfig": { + "description": "Config required if HTTP subscription type is used.", + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "URL of the external/custom integration.", + "example": "https://www.example.com" + }, + "httpDispatchMode": { + "type": "string", + "description": "HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.", + "enum": [ + "SYNC", + "ASYNC", + "DYNAMIC" + ], + "example": "SYNC" + }, + "httpAuthenticationType": { + "type": "string", + "description": "Defines the HTTP Authentication type. Additional values may be added in the future.\n\nIf *NO_AUTH* is selected, no extra information will be in HttpConfig.\n\nIf *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.\n\nIf *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.", + "enum": [ + "NO_AUTH", + "BASIC_AUTH", + "BEARER_TOKEN" + ], + "default": "NO_AUTH", + "example": "BASIC_AUTH" + }, + "basicAuthConfig": { + "type": "object", + "properties": { + "userName": { + "type": "string", + "description": "The username to authenticate.", + "example": "user@example.com" + }, + "password": { + "type": "string", + "nullable": true, + "description": "The password to authenticate. On response, this field is set to null as to not return secrets.", + "example": null + } + }, + "nullable": true, + "description": "Config required if BASIC_AUTH is used." + }, + "bearerTokenAuthConfig": { + "type": "object", + "properties": { + "bearerToken": { + "type": "string", + "nullable": true, + "description": "Bearer token", + "example": null + } + }, + "nullable": true, + "description": "Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets." + } + }, + "required": [ + "url", + "httpDispatchMode" + ] + }, + "eventBridgeConfig": { + "description": "Config required if EVENTBRIDGE subscription type is used.", + "type": "object", + "properties": { + "awsAccount": { + "type": "string", + "description": "AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.", + "example": "123456789012" + }, + "awsRegion": { + "type": "string", + "description": "AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.", + "example": "us-west-1" + } + }, + "required": [ + "awsAccount", + "awsRegion" + ] + }, + "enabled": { + "type": "boolean", + "description": "Whether subscription should receive real-time trigger invocations or not.\n\nTest trigger invocations are always enabled regardless of this option.", + "default": true, + "example": true + }, + "filter": { + "type": "string", + "description": "JSONPath filter to conditionally invoke trigger when expression evaluates to true.", + "example": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]", + "externalDocs": { + "description": "JSONPath filter documentation", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events" + } + } + } + }, + "examples": { + "HTTP Subscription": { + "value": { + "name": "Access request subscription", + "description": "Access requested to site xyz", + "triggerId": "idn:access-requested", + "type": "HTTP", + "httpConfig": { + "url": "https://www.example.com", + "httpDispatchMode": "SYNC", + "httpAuthenticationType": "BASIC_AUTH", + "basicAuthConfig": { + "userName": "user@example.com", + "password": "eRtg4%6yuI!" + } + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + }, + "HTTP Async Subscription": { + "value": { + "name": "Access request subscription", + "description": "Access requested to site xyz", + "triggerId": "idn:access-requested", + "type": "HTTP", + "responseDeadline": "PT1H", + "httpConfig": { + "url": "https://www.example.com", + "httpDispatchMode": "ASYNC", + "httpAuthenticationType": "BASIC_AUTH", + "basicAuthConfig": { + "userName": "user@example.com", + "password": "eRtg4%6yuI!" + } + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + }, + "EventBridge Subscription": { + "value": { + "name": "Access request subscription", + "description": "Access requested to site xyz", + "triggerId": "idn:access-requested", + "type": "EVENTBRIDGE", + "eventBridgeConfig": { + "awsAccount": "123456789012", + "awsRegion": "us-west-1" + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + } + } + } + } + }, + "responses": { + "201": { + "description": "New subscription to a trigger. The trigger can now be invoked by the method defined in the subscription.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "id", + "triggerId", + "type", + "name", + "triggerName", + "enabled", + "responseDeadline" + ], + "properties": { + "id": { + "type": "string", + "description": "Subscription ID.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Subscription name.", + "example": "Access request subscription" + }, + "description": { + "type": "string", + "description": "Subscription description.", + "example": "Access requested to site xyz" + }, + "triggerId": { + "type": "string", + "description": "ID of trigger subscribed to.", + "example": "idn:access-requested" + }, + "triggerName": { + "type": "string", + "description": "Trigger name of trigger subscribed to.", + "example": "Access Requested" + }, + "type": { + "type": "string", + "enum": [ + "HTTP", + "EVENTBRIDGE", + "INLINE", + "SCRIPT", + "WORKFLOW" + ], + "description": "Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.", + "example": "HTTP" + }, + "responseDeadline": { + "type": "string", + "description": "Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.", + "example": "PT1H", + "default": "PT1H" + }, + "httpConfig": { + "description": "Config required if HTTP subscription type is used.", + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "URL of the external/custom integration.", + "example": "https://www.example.com" + }, + "httpDispatchMode": { + "type": "string", + "description": "HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.", + "enum": [ + "SYNC", + "ASYNC", + "DYNAMIC" + ], + "example": "SYNC" + }, + "httpAuthenticationType": { + "type": "string", + "description": "Defines the HTTP Authentication type. Additional values may be added in the future.\n\nIf *NO_AUTH* is selected, no extra information will be in HttpConfig.\n\nIf *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.\n\nIf *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.", + "enum": [ + "NO_AUTH", + "BASIC_AUTH", + "BEARER_TOKEN" + ], + "default": "NO_AUTH", + "example": "BASIC_AUTH" + }, + "basicAuthConfig": { + "type": "object", + "properties": { + "userName": { + "type": "string", + "description": "The username to authenticate.", + "example": "user@example.com" + }, + "password": { + "type": "string", + "nullable": true, + "description": "The password to authenticate. On response, this field is set to null as to not return secrets.", + "example": null + } + }, + "nullable": true, + "description": "Config required if BASIC_AUTH is used." + }, + "bearerTokenAuthConfig": { + "type": "object", + "properties": { + "bearerToken": { + "type": "string", + "nullable": true, + "description": "Bearer token", + "example": null + } + }, + "nullable": true, + "description": "Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets." + } + }, + "required": [ + "url", + "httpDispatchMode" + ] + }, + "eventBridgeConfig": { + "description": "Config required if EVENTBRIDGE subscription type is used.", + "type": "object", + "properties": { + "awsAccount": { + "type": "string", + "description": "AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.", + "example": "123456789012" + }, + "awsRegion": { + "type": "string", + "description": "AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.", + "example": "us-west-1" + } + }, + "required": [ + "awsAccount", + "awsRegion" + ] + }, + "enabled": { + "type": "boolean", + "description": "Whether subscription should receive real-time trigger invocations or not.\nTest trigger invocations are always enabled regardless of this option.", + "default": true, + "example": true + }, + "filter": { + "type": "string", + "description": "JSONPath filter to conditionally invoke trigger when expression evaluates to true.", + "example": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]", + "externalDocs": { + "description": "JSONPath filter documentation", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-subscriptions:manage" + ] + } + ] + }, + "get": { + "operationId": "listSubscriptions", + "tags": [ + "Triggers" + ], + "summary": "List Subscriptions", + "description": "Gets a list of all trigger subscriptions.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "required": false, + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq*\n\n**triggerId**: *eq*\n\n**type**: *eq*", + "example": "id eq \"12cff757-c0c0-413b-8ad7-2a47956d1e89\"" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields:\n\n**triggerId** **triggerName**", + "example": "triggerName" + } + ], + "responses": { + "200": { + "description": "List of subscriptions.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "triggerId", + "type", + "name", + "triggerName", + "enabled", + "responseDeadline" + ], + "properties": { + "id": { + "type": "string", + "description": "Subscription ID.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Subscription name.", + "example": "Access request subscription" + }, + "description": { + "type": "string", + "description": "Subscription description.", + "example": "Access requested to site xyz" + }, + "triggerId": { + "type": "string", + "description": "ID of trigger subscribed to.", + "example": "idn:access-requested" + }, + "triggerName": { + "type": "string", + "description": "Trigger name of trigger subscribed to.", + "example": "Access Requested" + }, + "type": { + "type": "string", + "enum": [ + "HTTP", + "EVENTBRIDGE", + "INLINE", + "SCRIPT", + "WORKFLOW" + ], + "description": "Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.", + "example": "HTTP" + }, + "responseDeadline": { + "type": "string", + "description": "Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.", + "example": "PT1H", + "default": "PT1H" + }, + "httpConfig": { + "description": "Config required if HTTP subscription type is used.", + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "URL of the external/custom integration.", + "example": "https://www.example.com" + }, + "httpDispatchMode": { + "type": "string", + "description": "HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.", + "enum": [ + "SYNC", + "ASYNC", + "DYNAMIC" + ], + "example": "SYNC" + }, + "httpAuthenticationType": { + "type": "string", + "description": "Defines the HTTP Authentication type. Additional values may be added in the future.\n\nIf *NO_AUTH* is selected, no extra information will be in HttpConfig.\n\nIf *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.\n\nIf *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.", + "enum": [ + "NO_AUTH", + "BASIC_AUTH", + "BEARER_TOKEN" + ], + "default": "NO_AUTH", + "example": "BASIC_AUTH" + }, + "basicAuthConfig": { + "type": "object", + "properties": { + "userName": { + "type": "string", + "description": "The username to authenticate.", + "example": "user@example.com" + }, + "password": { + "type": "string", + "nullable": true, + "description": "The password to authenticate. On response, this field is set to null as to not return secrets.", + "example": null + } + }, + "nullable": true, + "description": "Config required if BASIC_AUTH is used." + }, + "bearerTokenAuthConfig": { + "type": "object", + "properties": { + "bearerToken": { + "type": "string", + "nullable": true, + "description": "Bearer token", + "example": null + } + }, + "nullable": true, + "description": "Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets." + } + }, + "required": [ + "url", + "httpDispatchMode" + ] + }, + "eventBridgeConfig": { + "description": "Config required if EVENTBRIDGE subscription type is used.", + "type": "object", + "properties": { + "awsAccount": { + "type": "string", + "description": "AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.", + "example": "123456789012" + }, + "awsRegion": { + "type": "string", + "description": "AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.", + "example": "us-west-1" + } + }, + "required": [ + "awsAccount", + "awsRegion" + ] + }, + "enabled": { + "type": "boolean", + "description": "Whether subscription should receive real-time trigger invocations or not.\nTest trigger invocations are always enabled regardless of this option.", + "default": true, + "example": true + }, + "filter": { + "type": "string", + "description": "JSONPath filter to conditionally invoke trigger when expression evaluates to true.", + "example": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]", + "externalDocs": { + "description": "JSONPath filter documentation", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events" + } + } + } + } + }, + "examples": { + "HTTP Subscription": { + "value": [ + { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Access request subscription", + "description": "Access requested to site xyz", + "triggerId": "idn:access-requested", + "triggerName": "Access Requested", + "type": "HTTP", + "httpConfig": { + "url": "https://www.example.com", + "httpDispatchMode": "SYNC", + "httpAuthenticationType": "BASIC_AUTH", + "basicAuthConfig": { + "userName": "user@example.com", + "password": null + } + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + ] + }, + "HTTP Async Subscription": { + "value": { + "name": "Access request subscription", + "description": "Access requested to site xyz", + "triggerId": "idn:access-requested", + "triggerName": "Access Requested", + "type": "HTTP", + "responseDeadline": "PT1H", + "httpConfig": { + "url": "https://www.example.com", + "httpDispatchMode": "ASYNC", + "httpAuthenticationType": "BASIC_AUTH", + "basicAuthConfig": { + "userName": "user@example.com", + "password": null + } + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + }, + "EventBridge Subscription": { + "value": [ + { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Access request subscription", + "description": "Access requested to site xyz", + "triggerId": "idn:access-requested", + "triggerName": "Access Requested", + "type": "EVENTBRIDGE", + "eventBridgeConfig": { + "awsAccount": "123456789012", + "awsRegion": "us-west-1" + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-subscriptions:read" + ] + } + ] + } + }, + "/trigger-subscriptions/{id}": { + "put": { + "operationId": "updateSubscription", + "tags": [ + "Triggers" + ], + "summary": "Update a Subscription", + "description": "This API updates a trigger subscription in IdentityNow, using a full object representation. In other words, the existing\n Subscription is completely replaced. The following fields are immutable:\n\n\n * id\n\n * triggerId\n\n\n Attempts to modify these fields result in 400.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "Subscription ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Subscription name.", + "example": "Access request subscription" + }, + "description": { + "type": "string", + "description": "Subscription description.", + "example": "Access requested to site xyz" + }, + "type": { + "type": "string", + "enum": [ + "HTTP", + "EVENTBRIDGE", + "INLINE", + "SCRIPT", + "WORKFLOW" + ], + "description": "Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.", + "example": "HTTP" + }, + "responseDeadline": { + "type": "string", + "description": "Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.", + "example": "PT1H", + "default": "PT1H" + }, + "httpConfig": { + "description": "Config required if HTTP subscription type is used.", + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "URL of the external/custom integration.", + "example": "https://www.example.com" + }, + "httpDispatchMode": { + "type": "string", + "description": "HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.", + "enum": [ + "SYNC", + "ASYNC", + "DYNAMIC" + ], + "example": "SYNC" + }, + "httpAuthenticationType": { + "type": "string", + "description": "Defines the HTTP Authentication type. Additional values may be added in the future.\n\nIf *NO_AUTH* is selected, no extra information will be in HttpConfig.\n\nIf *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.\n\nIf *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.", + "enum": [ + "NO_AUTH", + "BASIC_AUTH", + "BEARER_TOKEN" + ], + "default": "NO_AUTH", + "example": "BASIC_AUTH" + }, + "basicAuthConfig": { + "type": "object", + "properties": { + "userName": { + "type": "string", + "description": "The username to authenticate.", + "example": "user@example.com" + }, + "password": { + "type": "string", + "nullable": true, + "description": "The password to authenticate. On response, this field is set to null as to not return secrets.", + "example": null + } + }, + "nullable": true, + "description": "Config required if BASIC_AUTH is used." + }, + "bearerTokenAuthConfig": { + "type": "object", + "properties": { + "bearerToken": { + "type": "string", + "nullable": true, + "description": "Bearer token", + "example": null + } + }, + "nullable": true, + "description": "Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets." + } + }, + "required": [ + "url", + "httpDispatchMode" + ] + }, + "eventBridgeConfig": { + "description": "Config required if EVENTBRIDGE subscription type is used.", + "type": "object", + "properties": { + "awsAccount": { + "type": "string", + "description": "AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.", + "example": "123456789012" + }, + "awsRegion": { + "type": "string", + "description": "AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.", + "example": "us-west-1" + } + }, + "required": [ + "awsAccount", + "awsRegion" + ] + }, + "enabled": { + "type": "boolean", + "description": "Whether subscription should receive real-time trigger invocations or not.\n\nTest trigger invocations are always enabled regardless of this option.", + "default": true, + "example": true + }, + "filter": { + "type": "string", + "description": "JSONPath filter to conditionally invoke trigger when expression evaluates to true.", + "example": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]", + "externalDocs": { + "description": "JSONPath filter documentation", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events" + } + } + } + }, + "examples": { + "HTTP Subscription": { + "value": { + "name": "Access request subscription", + "description": "Access requested to site xyz", + "type": "HTTP", + "httpConfig": { + "url": "https://www.example.com", + "httpDispatchMode": "SYNC", + "httpAuthenticationType": "BASIC_AUTH", + "basicAuthConfig": { + "userName": "user@example.com", + "password": "eRtg4%6yuI!" + } + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + }, + "HTTP Async Subscription": { + "value": { + "name": "Access request subscription", + "description": "Access requested to site xyz", + "type": "HTTP", + "responseDeadline": "PT1H", + "httpConfig": { + "url": "https://www.example.com", + "httpDispatchMode": "ASYNC", + "httpAuthenticationType": "BASIC_AUTH", + "basicAuthConfig": { + "userName": "user@example.com", + "password": "eRtg4%6yuI!" + } + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + }, + "EventBridge Subscription": { + "value": { + "name": "Access request subscription", + "description": "Access requested to site xyz", + "type": "EVENTBRIDGE", + "eventBridgeConfig": { + "awsAccount": "123456789012", + "awsRegion": "us-west-1" + }, + "enabled": true, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Updated subscription.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "id", + "triggerId", + "type", + "name", + "triggerName", + "enabled", + "responseDeadline" + ], + "properties": { + "id": { + "type": "string", + "description": "Subscription ID.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Subscription name.", + "example": "Access request subscription" + }, + "description": { + "type": "string", + "description": "Subscription description.", + "example": "Access requested to site xyz" + }, + "triggerId": { + "type": "string", + "description": "ID of trigger subscribed to.", + "example": "idn:access-requested" + }, + "triggerName": { + "type": "string", + "description": "Trigger name of trigger subscribed to.", + "example": "Access Requested" + }, + "type": { + "type": "string", + "enum": [ + "HTTP", + "EVENTBRIDGE", + "INLINE", + "SCRIPT", + "WORKFLOW" + ], + "description": "Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.", + "example": "HTTP" + }, + "responseDeadline": { + "type": "string", + "description": "Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.", + "example": "PT1H", + "default": "PT1H" + }, + "httpConfig": { + "description": "Config required if HTTP subscription type is used.", + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "URL of the external/custom integration.", + "example": "https://www.example.com" + }, + "httpDispatchMode": { + "type": "string", + "description": "HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.", + "enum": [ + "SYNC", + "ASYNC", + "DYNAMIC" + ], + "example": "SYNC" + }, + "httpAuthenticationType": { + "type": "string", + "description": "Defines the HTTP Authentication type. Additional values may be added in the future.\n\nIf *NO_AUTH* is selected, no extra information will be in HttpConfig.\n\nIf *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.\n\nIf *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.", + "enum": [ + "NO_AUTH", + "BASIC_AUTH", + "BEARER_TOKEN" + ], + "default": "NO_AUTH", + "example": "BASIC_AUTH" + }, + "basicAuthConfig": { + "type": "object", + "properties": { + "userName": { + "type": "string", + "description": "The username to authenticate.", + "example": "user@example.com" + }, + "password": { + "type": "string", + "nullable": true, + "description": "The password to authenticate. On response, this field is set to null as to not return secrets.", + "example": null + } + }, + "nullable": true, + "description": "Config required if BASIC_AUTH is used." + }, + "bearerTokenAuthConfig": { + "type": "object", + "properties": { + "bearerToken": { + "type": "string", + "nullable": true, + "description": "Bearer token", + "example": null + } + }, + "nullable": true, + "description": "Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets." + } + }, + "required": [ + "url", + "httpDispatchMode" + ] + }, + "eventBridgeConfig": { + "description": "Config required if EVENTBRIDGE subscription type is used.", + "type": "object", + "properties": { + "awsAccount": { + "type": "string", + "description": "AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.", + "example": "123456789012" + }, + "awsRegion": { + "type": "string", + "description": "AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.", + "example": "us-west-1" + } + }, + "required": [ + "awsAccount", + "awsRegion" + ] + }, + "enabled": { + "type": "boolean", + "description": "Whether subscription should receive real-time trigger invocations or not.\nTest trigger invocations are always enabled regardless of this option.", + "default": true, + "example": true + }, + "filter": { + "type": "string", + "description": "JSONPath filter to conditionally invoke trigger when expression evaluates to true.", + "example": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]", + "externalDocs": { + "description": "JSONPath filter documentation", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-subscriptions:manage" + ] + } + ] + }, + "patch": { + "operationId": "patchSubscription", + "tags": [ + "Triggers" + ], + "summary": "Patch a Subscription", + "description": "This API updates a trigger subscription in IdentityNow, using a set of instructions to modify a subscription partially. The following fields are patchable:\n\n**name**, **description**, **enabled**, **type**, **filter**, **responseDeadline**, **httpConfig**, **eventBridgeConfig**, **workflowConfig**", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "ID of the Subscription to patch", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json-patch+json": { + "schema": { + "description": "Operations to be applied", + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + }, + "example": [ + { + "op": "replace", + "path": "/description", + "value": "A new description" + }, + { + "op": "replace", + "path": "/name", + "value": "A new name" + } + ] + } + } + } + }, + "responses": { + "200": { + "description": "Updated subscription.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "id", + "triggerId", + "type", + "name", + "triggerName", + "enabled", + "responseDeadline" + ], + "properties": { + "id": { + "type": "string", + "description": "Subscription ID.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Subscription name.", + "example": "Access request subscription" + }, + "description": { + "type": "string", + "description": "Subscription description.", + "example": "Access requested to site xyz" + }, + "triggerId": { + "type": "string", + "description": "ID of trigger subscribed to.", + "example": "idn:access-requested" + }, + "triggerName": { + "type": "string", + "description": "Trigger name of trigger subscribed to.", + "example": "Access Requested" + }, + "type": { + "type": "string", + "enum": [ + "HTTP", + "EVENTBRIDGE", + "INLINE", + "SCRIPT", + "WORKFLOW" + ], + "description": "Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.", + "example": "HTTP" + }, + "responseDeadline": { + "type": "string", + "description": "Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.", + "example": "PT1H", + "default": "PT1H" + }, + "httpConfig": { + "description": "Config required if HTTP subscription type is used.", + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "URL of the external/custom integration.", + "example": "https://www.example.com" + }, + "httpDispatchMode": { + "type": "string", + "description": "HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.", + "enum": [ + "SYNC", + "ASYNC", + "DYNAMIC" + ], + "example": "SYNC" + }, + "httpAuthenticationType": { + "type": "string", + "description": "Defines the HTTP Authentication type. Additional values may be added in the future.\n\nIf *NO_AUTH* is selected, no extra information will be in HttpConfig.\n\nIf *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.\n\nIf *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.", + "enum": [ + "NO_AUTH", + "BASIC_AUTH", + "BEARER_TOKEN" + ], + "default": "NO_AUTH", + "example": "BASIC_AUTH" + }, + "basicAuthConfig": { + "type": "object", + "properties": { + "userName": { + "type": "string", + "description": "The username to authenticate.", + "example": "user@example.com" + }, + "password": { + "type": "string", + "nullable": true, + "description": "The password to authenticate. On response, this field is set to null as to not return secrets.", + "example": null + } + }, + "nullable": true, + "description": "Config required if BASIC_AUTH is used." + }, + "bearerTokenAuthConfig": { + "type": "object", + "properties": { + "bearerToken": { + "type": "string", + "nullable": true, + "description": "Bearer token", + "example": null + } + }, + "nullable": true, + "description": "Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets." + } + }, + "required": [ + "url", + "httpDispatchMode" + ] + }, + "eventBridgeConfig": { + "description": "Config required if EVENTBRIDGE subscription type is used.", + "type": "object", + "properties": { + "awsAccount": { + "type": "string", + "description": "AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.", + "example": "123456789012" + }, + "awsRegion": { + "type": "string", + "description": "AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.", + "example": "us-west-1" + } + }, + "required": [ + "awsAccount", + "awsRegion" + ] + }, + "enabled": { + "type": "boolean", + "description": "Whether subscription should receive real-time trigger invocations or not.\nTest trigger invocations are always enabled regardless of this option.", + "default": true, + "example": true + }, + "filter": { + "type": "string", + "description": "JSONPath filter to conditionally invoke trigger when expression evaluates to true.", + "example": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]", + "externalDocs": { + "description": "JSONPath filter documentation", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-subscriptions:manage" + ] + } + ] + }, + "delete": { + "operationId": "deleteSubscription", + "tags": [ + "Triggers" + ], + "summary": "Delete a Subscription", + "description": "Deletes an existing subscription to a trigger.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "Subscription ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + } + ], + "responses": { + "204": { + "description": "Subscription is deleted successfully." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-subscriptions:manage" + ] + } + ] + } + }, + "/trigger-subscriptions/validate-filter": { + "post": { + "operationId": "validateSubscriptionFilter", + "tags": [ + "Triggers" + ], + "summary": "Validate a Subscription Filter", + "description": "Validates a JSONPath filter expression against a provided mock input.\nRequest requires a security scope of: ", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "required": [ + "input", + "filter" + ], + "type": "object", + "properties": { + "input": { + "type": "object", + "description": "Mock input to evaluate filter expression against.", + "example": { + "identityId": "201327fda1c44704ac01181e963d463c" + } + }, + "filter": { + "type": "string", + "description": "JSONPath filter to conditionally invoke trigger when expression evaluates to true.", + "example": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]", + "externalDocs": { + "description": "JSONPath filter documentation", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events" + } + } + } + }, + "example": { + "input": { + "identityId": "201327fda1c44704ac01181e963d463c" + }, + "filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]" + } + } + } + }, + "responses": { + "200": { + "description": "Boolean whether specified filter expression is valid against the input.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "isValid": { + "type": "boolean", + "description": "True if specified filter expression is valid against the input, false otherwise." + } + } + }, + "example": { + "isValid": true + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-subscriptions:manage" + ] + } + ] + } + }, + "/trigger-invocations/status": { + "get": { + "operationId": "listTriggerInvocationStatus", + "tags": [ + "Triggers" + ], + "summary": "List Latest Invocation Statuses", + "description": "Gets a list of latest invocation statuses.\nStatuses of successful invocations are available for up to 24 hours. Statuses of failed invocations are available for up to 48 hours.\nThis endpoint may only fetch up to 2000 invocations, and should not be treated as a representation of the full history of invocations.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**triggerId**: *eq* **subscriptionId**: *eq*", + "example": "triggerId eq \"idn:access-request-dynamic-approver\"" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields:\n\n**triggerId** **subscriptionName** **created** **completed**", + "example": "created" + } + ], + "responses": { + "200": { + "description": "List of latest invocation statuses.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "id", + "triggerId", + "subscriptionId", + "startInvocationInput", + "type", + "subscriptionName", + "created" + ], + "properties": { + "id": { + "type": "string", + "description": "Invocation ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "triggerId": { + "type": "string", + "description": "Trigger ID", + "example": "idn:access-requested" + }, + "subscriptionId": { + "type": "string", + "description": "Subscription ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "type": { + "type": "string", + "description": "Defines the Invocation type.\n\n**TEST** The trigger was invocated as a test, either via the test subscription button in the UI or via the start test invocation API.\n\n**REAL_TIME** The trigger subscription is live and was invocated by a real event in IdentityNow.", + "enum": [ + "TEST", + "REAL_TIME" + ], + "example": "TEST" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Invocation created timestamp. ISO-8601 in UTC.", + "example": "2020-03-27T20:40:10.738Z" + }, + "completed": { + "type": "string", + "format": "date-time", + "description": "Invocation completed timestamp; empty fields imply invocation is in-flight or not completed. ISO-8601 in UTC.", + "example": "2020-03-27T20:42:14.738Z" + }, + "startInvocationInput": { + "description": "Data related to start of trigger invocation.", + "type": "object", + "properties": { + "triggerId": { + "type": "string", + "description": "Trigger ID", + "example": "idn:access-requested" + }, + "input": { + "type": "object", + "example": { + "identityId": "201327fda1c44704ac01181e963d463c" + }, + "description": "Trigger input payload. Its schema is defined in the trigger definition." + }, + "contentJson": { + "type": "object", + "example": { + "workflowId": 1234 + }, + "description": "JSON map of invocation metadata" + } + } + }, + "completeInvocationInput": { + "description": "Data related to end of trigger invocation.", + "type": "object", + "properties": { + "localizedError": { + "type": "object", + "description": "Localized error message to indicate a failed invocation or error if any.", + "required": [ + "locale", + "message" + ], + "properties": { + "locale": { + "description": "Message locale", + "type": "string", + "example": "An error has occurred!" + }, + "message": { + "description": "Message text", + "type": "string", + "example": "Error has occurred!" + } + } + }, + "output": { + "type": "object", + "example": { + "approved": false + }, + "description": "Trigger output that completed the invocation. Its schema is defined in the trigger definition." + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-invocation-status:read", + "sp:trigger-service-invocation-status:manage" + ] + } + ] + } + }, + "/trigger-invocations/{id}/complete": { + "post": { + "operationId": "completeTriggerInvocation", + "tags": [ + "Triggers" + ], + "summary": "Complete Trigger Invocation", + "description": "Completes an invocation to a REQUEST_RESPONSE type trigger.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the invocation to complete.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "secret": { + "type": "string", + "description": "Unique invocation secret that was generated when the invocation was created. Required to authenticate to the endpoint.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "error": { + "type": "string", + "description": "The error message to indicate a failed invocation or error if any.", + "example": "Access request is denied." + }, + "output": { + "type": "object", + "example": { + "approved": false + }, + "description": "Trigger output to complete the invocation. Its schema is defined in the trigger definition." + } + }, + "required": [ + "secret", + "output" + ] + }, + "example": { + "secret": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "output": { + "approved": false + } + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/trigger-invocations/test": { + "post": { + "operationId": "startTestTriggerInvocation", + "tags": [ + "Triggers" + ], + "summary": "Start a Test Invocation", + "description": "Initiate a test event for all subscribers of the specified event trigger. If there are no subscribers to the specified trigger in the tenant, then no test event will be sent.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "triggerId": { + "type": "string", + "example": "idn:access-request-post-approval", + "description": "Trigger ID" + }, + "input": { + "type": "object", + "example": { + "identityId": "201327fda1c44704ac01181e963d463c" + }, + "description": "Mock input to use for test invocation. This must adhere to the input schema defined in the trigger being invoked. If this property is omitted, then the default trigger sample payload will be sent." + }, + "contentJson": { + "type": "object", + "example": { + "workflowId": 1234 + }, + "description": "JSON map of invocation metadata." + }, + "subscriptionIds": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + ], + "description": "Only send the test event to the subscription IDs listed. If omitted, the test event will be sent to all subscribers." + } + }, + "required": [ + "triggerId", + "contentJson" + ] + }, + "examples": { + "Test Trigger with Mock Input": { + "value": { + "triggerId": "idn:access-requested", + "input": { + "identityId": "201327fda1c44704ac01181e963d463c" + }, + "contentJson": { + "workflowId": 1234 + } + } + }, + "Send Test to only One Subscriber": { + "value": { + "triggerId": "idn:access-requested", + "contentJson": { + "workflowId": 1234 + }, + "subscriptionIds": [ + "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + ] + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Test trigger invocations that have been started for specified subscription(s).", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Invocation ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "triggerId": { + "type": "string", + "description": "Trigger ID", + "example": "idn:access-requested" + }, + "secret": { + "type": "string", + "description": "Unique invocation secret.", + "example": "0f979022-08be-44f2-b6f9-7393ec73ed9b" + }, + "contentJson": { + "type": "object", + "example": { + "workflowId": 1234 + }, + "description": "JSON map of invocation metadata." + } + } + } + } + } + } + }, + "204": { + "description": "Trigger invocation is skipped, because tenant has not subscribed to the specified trigger." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "sp:trigger-service-invocation-status:manage" + ] + } + ] + } + }, + "/verified-from-addresses": { + "get": { + "operationId": "listFromAddresses", + "tags": [ + "Notifications" + ], + "summary": "List From Addresses", + "description": "Retrieve a list of sender email addresses and their verification statuses", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**email**: *eq*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields:\n\n**email**" + } + ], + "responses": { + "200": { + "description": "List of Email Status", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "email": { + "type": "string", + "example": "sender@example.com" + }, + "verificationStatus": { + "type": "string", + "enum": [ + "PENDING", + "SUCCESS", + "FAILED" + ] + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createVerifiedFromAddress", + "tags": [ + "Notifications" + ], + "summary": "Create Verified From Address", + "description": "Create a new sender email address and initiate verification process.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "email": { + "type": "string", + "example": "sender@example.com" + }, + "verificationStatus": { + "type": "string", + "enum": [ + "PENDING", + "SUCCESS", + "FAILED" + ] + } + } + }, + "example": { + "email": "sender@example.com" + } + } + } + }, + "responses": { + "201": { + "description": "New Verified Email Status", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "email": { + "type": "string", + "example": "sender@example.com" + }, + "verificationStatus": { + "type": "string", + "enum": [ + "PENDING", + "SUCCESS", + "FAILED" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/verified-from-addresses/{id}": { + "delete": { + "operationId": "deleteVerifiedFromAddress", + "tags": [ + "Notifications" + ], + "summary": "Delete Verified From Address", + "description": "Delete a verified sender email address", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/verified-domains": { + "get": { + "security": [ + { + "oauth2": [ + "sp:notification-dkim-attributes:read" + ] + } + ], + "operationId": "getDkimAttributes", + "tags": [ + "Notifications" + ], + "summary": "Get DKIM Attributes", + "description": "Retrieve DKIM (DomainKeys Identified Mail) attributes for all your tenants' AWS SES identities. Limits retrieval to 100 identities per call.", + "responses": { + "200": { + "description": "List of DKIM Attributes", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "123b45b0-aaaa-bbbb-a7db-123456a56abc", + "description": "UUID associated with domain to be verified" + }, + "address": { + "type": "string", + "example": "BobSmith@sailpoint.com", + "description": "The identity or domain address" + }, + "dkimEnabled": { + "type": "boolean", + "default": false, + "example": true, + "description": "Whether or not DKIM has been enabled for this domain / identity" + }, + "dkimTokens": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "uq1m3jjk25ckd3whl4n7y46c56r5l6aq", + "u7pm38jky9ckdawhlsn7y4dcj6f5lpgq", + "uhpm3jjkjjckdkwhlqn7yw6cjer5tpay" + ], + "description": "The tokens to be added to a DNS for verification" + }, + "dkimVerificationStatus": { + "type": "string", + "example": "Success", + "description": "The current status if the domain /identity has been verified. Ie Success, Failed, Pending" + } + }, + "description": "DKIM attributes for a domain or identity" + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "security": [ + { + "oauth2": [ + "sp:notification-verify-domain-dkim:write" + ] + } + ], + "operationId": "createDomainDkim", + "tags": [ + "Notifications" + ], + "summary": "Verify domain address via DKIM", + "description": "Create a domain to be verified via DKIM (DomainKeys Identified Mail)", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "domain": { + "type": "string", + "example": "sailpoint.com", + "description": "A domain address" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "List of DKIM tokens required for the verification process.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "123b45b0-aaaa-bbbb-a7db-123456a56abc", + "description": "New UUID associated with domain to be verified" + }, + "domain": { + "type": "string", + "example": "sailpoint.com", + "description": "A domain address" + }, + "dkimEnabled": { + "default": false, + "example": true, + "description": "DKIM is enabled for this domain" + }, + "dkimTokens": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "token1", + "token2", + "token3" + ], + "description": "DKIM tokens required for authentication" + }, + "dkimVerificationStatus": { + "type": "string", + "example": "PENDING", + "description": "Status of DKIM authentication" + } + }, + "description": "Domain status DTO containing everything required to verify via DKIM" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "405": { + "description": "Method Not Allowed - indicates that the server knows the request method, but the target resource doesn't support this method.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "errorName": { + "description": "A message describing the error", + "example": "NotSupportedException" + }, + "errorMessage": { + "description": "Description of the error", + "example": "Cannot consume content type" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies": { + "post": { + "operationId": "createSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Create SOD policy", + "description": "This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy.\nRequires role of ORG_ADMIN.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy" + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee" + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function." + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "nullable": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "name": "Conflicting-Policy-Name", + "description": "This policy ensures compliance of xyz", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "name": "General-Policy-Name" + } + } + } + } + } + }, + "responses": { + "201": { + "description": "SOD policy created", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy" + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee" + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function." + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "nullable": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "This policy ensures compliance of xyz", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listSodPolicies", + "tags": [ + "SOD Policy" + ], + "summary": "List SOD policies", + "description": "This gets list of all SOD policies.\nRequires role of ORG_ADMIN", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq* **name**: *eq* **state**: *eq*", + "example": "id eq \"bc693f07e7b645539626c25954c58554\"", + "required": false + } + ], + "responses": { + "200": { + "description": "List of all SOD policies.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy" + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee" + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function." + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "nullable": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + } + }, + "example": [ + { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "This policy ensures compliance of xyz", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + }, + { + "description": "Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies/{id}": { + "get": { + "operationId": "getSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Get SOD policy by ID", + "description": "This gets specified SOD policy.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to retrieve.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "SOD policy ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy" + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee" + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function." + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "nullable": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "This policy ensures compliance of xyz", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updateSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Update SOD policy by ID", + "description": "This updates a specified SOD policy.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy to update.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy" + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee" + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function." + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "nullable": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "Modified Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Modified Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "SOD Policy by ID", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy" + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee" + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function." + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "nullable": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "Modified description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Modified Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Delete SOD policy by ID", + "description": "This deletes a specified SOD policy.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD Policy to delete.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "query", + "name": "logical", + "schema": { + "type": "boolean", + "default": true + }, + "description": "Indicates whether this is a soft delete (logical true) or a hard delete.", + "required": false + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Patch a SOD policy", + "description": "Allows updating SOD Policy fields other than [\"id\",\"created\",\"creatorId\",\"policyQuery\",\"type\"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\nRequires role of ORG_ADMIN.\nThis endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception. ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy being modified.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "description": "A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields are patchable:\n* name\n* description\n* ownerRef\n* externalPolicyReference\n* compensatingControls\n* correctionAdvice\n* state\n* tags\n* violationOwnerAssignmentConfig\n* scheduled\n* conflictingAccessCriteria\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": [ + { + "op": "replace", + "path": "/description", + "value": "Modified description" + }, + { + "op": "replace", + "path": "/conflictingAccessCriteria/leftCriteria/name", + "value": "money-in-modified" + }, + { + "op": "replace", + "path": "/conflictingAccessCriteria/rightCriteria", + "value": { + "name": "money-out-modified", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2" + } + ] + } + } + ] + }, + "General Policy": { + "value": [ + { + "op": "replace", + "path": "/description", + "value": "Modified description" + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the SOD policy's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy" + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee" + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function." + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "nullable": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "DTO type", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "Modified description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in-modified", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out-modified", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Modified description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies/{id}/schedule": { + "get": { + "operationId": "getSodPolicySchedule", + "tags": [ + "SOD Policy" + ], + "summary": "Get SOD policy schedule", + "description": "This endpoint gets a specified SOD policy's schedule.\nRequires the role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to retrieve.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "SOD policy ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "SOD Policy schedule name", + "example": "SCH-1584312283015" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "SOD Policy schedule description", + "example": "Schedule for policy xyz" + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "emailEmptyResults": { + "type": "boolean", + "description": "Indicates if empty results need to be emailed", + "example": false + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePolicySchedule", + "tags": [ + "SOD Policy" + ], + "summary": "Update SOD Policy schedule", + "description": "This updates schedule for a specified SOD policy.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy to update its schedule.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "SOD Policy schedule name", + "example": "SCH-1584312283015" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "SOD Policy schedule description", + "example": "Schedule for policy xyz" + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "emailEmptyResults": { + "type": "boolean", + "description": "Indicates if empty results need to be emailed", + "example": false + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "SOD policy by ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "SOD Policy schedule name", + "example": "SCH-1584312283015" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is created.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is modified.", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "SOD Policy schedule description", + "example": "Schedule for policy xyz" + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "emailEmptyResults": { + "type": "boolean", + "description": "Indicates if empty results need to be emailed", + "example": false + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSodPolicySchedule", + "tags": [ + "SOD Policy" + ], + "summary": "Delete SOD policy schedule", + "description": "This deletes schedule for a specified SOD policy.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy the schedule must be deleted for.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies/{id}/violation-report/run": { + "post": { + "operationId": "runSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Runs SOD policy violation report", + "description": "This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The SOD policy ID to run.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Reference to the violation report run task.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ] + } + } + } + ] + }, + "example": { + "status": "PENDING", + "type": "REPORT_RESULT", + "id": "2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "name": "policy-xyz" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies/{id}/violation-report": { + "get": { + "operationId": "getSodViolationReportStatus", + "tags": [ + "SOD Policy" + ], + "summary": "Get SOD violation report status", + "description": "This gets the status for a violation report run task that has already been invoked.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to retrieve.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Status of the violation report run task.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ] + } + } + } + ] + }, + "example": { + "status": "SUCCESS", + "type": "REPORT_RESULT", + "id": "2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "name": "policy-xyz" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violations/predict": { + "post": { + "operationId": "predictSodViolations", + "tags": [ + "SOD Violations" + ], + "summary": "Predict SOD violations for the given identity if they were granted the given access.", + "description": "This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "An identity with a set of access to be added", + "required": [ + "identityId", + "accessRefs" + ], + "type": "object", + "properties": { + "identityId": { + "description": "Identity id to be checked.", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "accessRefs": { + "description": "The list of ENTITLEMENTs to consider for calculating possible violations in a preventive check.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c050861ab1", + "name": "CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2", + "name": "CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local" + } + ] + } + } + }, + "example": { + "identityId": "2c91808568c529c60168cca6f90c1313", + "accessRefs": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c050861ab1", + "name": "CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2", + "name": "CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local" + } + ] + } + } + } + }, + "responses": { + "200": { + "description": "Violation Contexts", + "content": { + "application/json": { + "schema": { + "description": "An object containing a listing of the SOD violation reasons detected by this check.", + "required": [ + "requestId" + ], + "type": "object", + "properties": { + "violationContexts": { + "type": "array", + "description": "List of Violation Contexts", + "items": { + "type": "object", + "properties": { + "policy": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "SOD_POLICY" + }, + "name": { + "type": "string", + "example": "A very cool policy name" + } + } + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "conflictingAccessCriteria": { + "nullable": false, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report-status/{reportResultId}": { + "get": { + "operationId": "getSodViolationReportRunStatus", + "tags": [ + "SOD Policy" + ], + "summary": "Get violation report run status", + "description": "This gets the status for a violation report run task that has already been invoked.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "reportResultId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the report reference to retrieve.", + "example": "2e8d8180-24bc-4d21-91c6-7affdb473b0d" + } + ], + "responses": { + "200": { + "description": "Status of the violation report run task.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ] + } + } + } + ] + }, + "example": { + "status": "SUCCESS", + "type": "REPORT_RESULT", + "id": "2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "name": "policy-xyz" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report/run": { + "post": { + "operationId": "runSodAllPoliciesForOrg", + "tags": [ + "SOD Policy" + ], + "summary": "Runs all policies for org", + "description": "Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided.\nRequires role of ORG_ADMIN.", + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "filteredPolicyList": { + "type": "array", + "description": "Multi-policy report will be run for this list of ids", + "items": { + "type": "string" + } + } + } + }, + "example": { + "filteredPolicyList": [ + "b868cd40-ffa4-4337-9c07-1a51846cfa94", + "63a07a7b-39a4-48aa-956d-50c827deba2a" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the violation report run task.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ] + } + } + } + ] + }, + "example": { + "status": "PENDING", + "type": "REPORT_RESULT", + "id": "37b3b32a-f394-46f8-acad-b5223969fa68", + "name": "Multi Query Report" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report": { + "get": { + "operationId": "getSodAllReportRunStatus", + "tags": [ + "SOD Policy" + ], + "summary": "Get multi-report run task status", + "description": "This endpoint gets the status for a violation report for all policy run.\nRequires role of ORG_ADMIN.", + "responses": { + "200": { + "description": "Status of the violation report run task for all policy run.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ] + } + } + } + ] + }, + "example": { + "status": "SUCCESS", + "type": "REPORT_RESULT", + "id": "37b3b32a-f394-46f8-acad-b5223969fa68", + "name": "Multi Query Report" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report/{reportResultId}/download": { + "get": { + "operationId": "downloadDefaultViolationReport", + "tags": [ + "SOD Policy" + ], + "summary": "Download violation report", + "description": "This allows to download a violation report for a given report reference.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "reportResultId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the report reference to download.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Returns the PolicyReport.zip that contains the violation report file.", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report/{reportResultId}/download/{fileName}": { + "get": { + "operationId": "downloadCustomViolationReport", + "tags": [ + "SOD Policy" + ], + "summary": "Download custom violation report", + "description": "This allows to download a specified named violation report for a given report reference.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "reportResultId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the report reference to download.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "fileName", + "schema": { + "type": "string" + }, + "required": true, + "description": "Custom Name for the file.", + "example": "custom-name" + } + ], + "responses": { + "200": { + "description": "Returns the zip file with given custom name that contains the violation report file.", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items": { + "get": { + "operationId": "listWorkItems", + "tags": [ + "Work Items" + ], + "summary": "List Work Items", + "description": "This gets a collection of work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false + } + ], + "responses": { + "200": { + "description": "List of work items", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/completed": { + "get": { + "operationId": "getCompletedWorkItems", + "tags": [ + "Work Items" + ], + "summary": "Completed Work Items", + "description": "This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "List of completed work items.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/count": { + "get": { + "operationId": "getCountWorkItems", + "tags": [ + "Work Items" + ], + "summary": "Count Work Items", + "description": "This gets a count of work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false + } + ], + "responses": { + "200": { + "description": "List of work items", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "count": { + "type": "integer", + "description": "The count of work items", + "example": 29 + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/count/completed": { + "get": { + "operationId": "getCountCompletedWorkItems", + "tags": [ + "Work Items" + ], + "summary": "Count Completed Work Items", + "description": "This gets a count of completed work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false + } + ], + "responses": { + "200": { + "description": "List of work items", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "count": { + "type": "integer", + "description": "The count of work items", + "example": 29 + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/summary": { + "get": { + "operationId": "getWorkItemsSummary", + "tags": [ + "Work Items" + ], + "summary": "Work Items Summary", + "description": "This gets a summary of work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false + } + ], + "responses": { + "200": { + "description": "List of work items", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "open": { + "type": "integer", + "description": "The count of open work items", + "example": 29 + }, + "completed": { + "type": "integer", + "description": "The count of completed work items", + "example": 1 + }, + "total": { + "type": "integer", + "description": "The count of total work items", + "example": 30 + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}": { + "get": { + "operationId": "getWorkItem", + "tags": [ + "Work Items" + ], + "summary": "Get a Work Item", + "description": "This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "ID of the work item." + } + ], + "responses": { + "200": { + "description": "The work item with the given ID.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "completeWorkItem", + "tags": [ + "Work Items" + ], + "summary": "Complete a Work Item", + "description": "This API completes a work item. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "A WorkItems object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}/forward": { + "post": { + "operationId": "forwardWorkItem", + "tags": [ + "Work Items" + ], + "summary": "Forward a Work Item", + "description": "This API forwards a work item to a new owner. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "targetOwnerId", + "comment" + ], + "properties": { + "targetOwnerId": { + "type": "string", + "description": "The ID of the identity to forward this work item to.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "comment": { + "type": "string", + "description": "Comments to send to the target owner", + "example": "I'm going on vacation." + }, + "sendNotifications": { + "type": "boolean", + "description": "If true, send a notification to the target owner.", + "default": true, + "example": true + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Success, but no data is returned." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}/approve/{approvalItemId}": { + "post": { + "operationId": "approveApprovalItem", + "tags": [ + "Work Items" + ], + "summary": "Approve an Approval Item", + "description": "This API approves an Approval Item. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "approvalItemId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the approval item.", + "example": "1211bcaa32112bcef6122adb21cef1ac" + } + ], + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}/reject/{approvalItemId}": { + "post": { + "operationId": "rejectApprovalItem", + "tags": [ + "Work Items" + ], + "summary": "Reject an Approval Item", + "description": "This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "approvalItemId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the approval item.", + "example": "1211bcaa32112bcef6122adb21cef1ac" + } + ], + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/bulk-approve/{id}": { + "post": { + "operationId": "approveApprovalItemsInBulk", + "tags": [ + "Work Items" + ], + "summary": "Bulk approve Approval Items", + "description": "This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/bulk-reject/{id}": { + "post": { + "operationId": "rejectApprovalItemsInBulk", + "tags": [ + "Work Items" + ], + "summary": "Bulk reject Approval Items", + "description": "This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}/submit-account-selection": { + "post": { + "operationId": "submitAccountSelection", + "tags": [ + "Work Items" + ], + "summary": "Submit Account Selections", + "description": "This API submits account selections. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": true + }, + "example": { + "fieldName": "fieldValue" + } + } + }, + "description": "Account Selection Data map, keyed on fieldName" + }, + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z" + }, + "numItems": { + "type": "integer", + "description": "The number of items in the work item", + "example": 19 + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflows": { + "post": { + "operationId": "createWorkflow", + "tags": [ + "Workflows" + ], + "summary": "Create Workflow", + "description": "Create a new workflow with the desired trigger and steps specified in the request body.", + "security": [ + { + "oauth2": [ + "sp:workflow:manage" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "required": [ + "name", + "owner" + ] + }, + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the workflow", + "example": "Send Email" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + }, + "description": { + "type": "string", + "description": "Description of what the workflow accomplishes", + "example": "Send an email to the identity who's attributes changed." + }, + "definition": { + "type": "object", + "description": "The map of steps that the workflow will execute.", + "properties": { + "start": { + "type": "string", + "description": "The name of the starting step.", + "example": "Send Email Test" + }, + "steps": { + "type": "object", + "description": "One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.", + "additionalProperties": true, + "example": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "ACTION" + }, + "success": { + "type": "success" + } + } + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enable or disable the workflow. Workflows cannot be created in an enabled state.", + "default": false, + "example": false + }, + "trigger": { + "type": "object", + "description": "The trigger that starts the workflow", + "required": [ + "type", + "attributes" + ], + "properties": { + "type": { + "enum": [ + "EVENT", + "EXTERNAL", + "SCHEDULED" + ], + "example": "EVENT", + "description": "The trigger type" + }, + "attributes": { + "description": "Workflow Trigger Attributes.", + "oneOf": [ + { + "title": "Event Trigger Attributes", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the trigger", + "example": "idn:identity-attributes-changed" + }, + "filter": { + "type": "string", + "description": "JSON path expression that will limit which events the trigger will fire on", + "example": "$.changes[?(@.attribute == 'manager')]" + } + } + }, + { + "title": "Scheduled Trigger Attributes", + "type": "object", + "required": [ + "cronString" + ], + "properties": { + "cronString": { + "type": "string", + "description": "A valid CRON expression", + "externalDocs": { + "description": "CRON expression editor", + "url": "https://crontab.guru/" + }, + "example": "0 * */3 */5 *" + } + } + } + ] + } + } + } + } + } + ] + }, + "examples": { + "Event Trigger": { + "description": "Workflow initiated by an event trigger", + "value": { + "name": "Send Email", + "owner": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + }, + "description": "Send an email to the identity who's attributes changed.", + "definition": { + "start": "Send Email Test", + "steps": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "action" + }, + "success": { + "type": "success" + } + } + }, + "enabled": false, + "trigger": { + "type": "EVENT", + "attributes": { + "id": "idn:identity-attributes-changed", + "filter": "$.changes[?(@.attribute == 'manager')]" + } + } + } + }, + "Scheduled Trigger": { + "description": "Workflow initiated by a scheduled trigger", + "value": { + "name": "Send Email", + "owner": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + }, + "description": "Send an email to the identity who's attributes changed.", + "definition": { + "start": "Send Email Test", + "steps": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "action" + }, + "success": { + "type": "success" + } + } + }, + "enabled": false, + "trigger": { + "type": "SCHEDULED", + "attributes": { + "cronString": "0 * */3 */5 *" + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The Workflow object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Workflow ID. This is a UUID generated upon creation.", + "example": "d201c5e9-d37b-4aff-af14-66414f39d569" + }, + "executionCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has been executed", + "example": 2 + }, + "failureCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has failed during execution", + "example": 0 + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the workflow was created", + "example": "2022-01-10T16:06:16.636381447Z" + }, + "creator": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that created the workflow.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + } + } + }, + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the workflow", + "example": "Send Email" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + }, + "description": { + "type": "string", + "description": "Description of what the workflow accomplishes", + "example": "Send an email to the identity who's attributes changed." + }, + "definition": { + "type": "object", + "description": "The map of steps that the workflow will execute.", + "properties": { + "start": { + "type": "string", + "description": "The name of the starting step.", + "example": "Send Email Test" + }, + "steps": { + "type": "object", + "description": "One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.", + "additionalProperties": true, + "example": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "ACTION" + }, + "success": { + "type": "success" + } + } + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enable or disable the workflow. Workflows cannot be created in an enabled state.", + "default": false, + "example": false + }, + "trigger": { + "type": "object", + "description": "The trigger that starts the workflow", + "required": [ + "type", + "attributes" + ], + "properties": { + "type": { + "enum": [ + "EVENT", + "EXTERNAL", + "SCHEDULED" + ], + "example": "EVENT", + "description": "The trigger type" + }, + "attributes": { + "description": "Workflow Trigger Attributes.", + "oneOf": [ + { + "title": "Event Trigger Attributes", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the trigger", + "example": "idn:identity-attributes-changed" + }, + "filter": { + "type": "string", + "description": "JSON path expression that will limit which events the trigger will fire on", + "example": "$.changes[?(@.attribute == 'manager')]" + } + } + }, + { + "title": "Scheduled Trigger Attributes", + "type": "object", + "required": [ + "cronString" + ], + "properties": { + "cronString": { + "type": "string", + "description": "A valid CRON expression", + "externalDocs": { + "description": "CRON expression editor", + "url": "https://crontab.guru/" + }, + "example": "0 * */3 */5 *" + } + } + } + ] + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listWorkflows", + "tags": [ + "Workflows" + ], + "summary": "List Workflows", + "description": "List all workflows in the tenant.", + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "responses": { + "200": { + "description": "List of workflows", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Workflow ID. This is a UUID generated upon creation.", + "example": "d201c5e9-d37b-4aff-af14-66414f39d569" + }, + "executionCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has been executed", + "example": 2 + }, + "failureCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has failed during execution", + "example": 0 + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the workflow was created", + "example": "2022-01-10T16:06:16.636381447Z" + }, + "creator": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that created the workflow.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + } + } + }, + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the workflow", + "example": "Send Email" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + }, + "description": { + "type": "string", + "description": "Description of what the workflow accomplishes", + "example": "Send an email to the identity who's attributes changed." + }, + "definition": { + "type": "object", + "description": "The map of steps that the workflow will execute.", + "properties": { + "start": { + "type": "string", + "description": "The name of the starting step.", + "example": "Send Email Test" + }, + "steps": { + "type": "object", + "description": "One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.", + "additionalProperties": true, + "example": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "ACTION" + }, + "success": { + "type": "success" + } + } + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enable or disable the workflow. Workflows cannot be created in an enabled state.", + "default": false, + "example": false + }, + "trigger": { + "type": "object", + "description": "The trigger that starts the workflow", + "required": [ + "type", + "attributes" + ], + "properties": { + "type": { + "enum": [ + "EVENT", + "EXTERNAL", + "SCHEDULED" + ], + "example": "EVENT", + "description": "The trigger type" + }, + "attributes": { + "description": "Workflow Trigger Attributes.", + "oneOf": [ + { + "title": "Event Trigger Attributes", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the trigger", + "example": "idn:identity-attributes-changed" + }, + "filter": { + "type": "string", + "description": "JSON path expression that will limit which events the trigger will fire on", + "example": "$.changes[?(@.attribute == 'manager')]" + } + } + }, + { + "title": "Scheduled Trigger Attributes", + "type": "object", + "required": [ + "cronString" + ], + "properties": { + "cronString": { + "type": "string", + "description": "A valid CRON expression", + "externalDocs": { + "description": "CRON expression editor", + "url": "https://crontab.guru/" + }, + "example": "0 * */3 */5 *" + } + } + } + ] + } + } + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflows/{id}": { + "get": { + "operationId": "getWorkflow", + "tags": [ + "Workflows" + ], + "summary": "Get Workflow By Id", + "description": "Get a single workflow by id.", + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "responses": { + "200": { + "description": "The workflow object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Workflow ID. This is a UUID generated upon creation.", + "example": "d201c5e9-d37b-4aff-af14-66414f39d569" + }, + "executionCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has been executed", + "example": 2 + }, + "failureCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has failed during execution", + "example": 0 + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the workflow was created", + "example": "2022-01-10T16:06:16.636381447Z" + }, + "creator": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that created the workflow.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + } + } + }, + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the workflow", + "example": "Send Email" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + }, + "description": { + "type": "string", + "description": "Description of what the workflow accomplishes", + "example": "Send an email to the identity who's attributes changed." + }, + "definition": { + "type": "object", + "description": "The map of steps that the workflow will execute.", + "properties": { + "start": { + "type": "string", + "description": "The name of the starting step.", + "example": "Send Email Test" + }, + "steps": { + "type": "object", + "description": "One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.", + "additionalProperties": true, + "example": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "ACTION" + }, + "success": { + "type": "success" + } + } + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enable or disable the workflow. Workflows cannot be created in an enabled state.", + "default": false, + "example": false + }, + "trigger": { + "type": "object", + "description": "The trigger that starts the workflow", + "required": [ + "type", + "attributes" + ], + "properties": { + "type": { + "enum": [ + "EVENT", + "EXTERNAL", + "SCHEDULED" + ], + "example": "EVENT", + "description": "The trigger type" + }, + "attributes": { + "description": "Workflow Trigger Attributes.", + "oneOf": [ + { + "title": "Event Trigger Attributes", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the trigger", + "example": "idn:identity-attributes-changed" + }, + "filter": { + "type": "string", + "description": "JSON path expression that will limit which events the trigger will fire on", + "example": "$.changes[?(@.attribute == 'manager')]" + } + } + }, + { + "title": "Scheduled Trigger Attributes", + "type": "object", + "required": [ + "cronString" + ], + "properties": { + "cronString": { + "type": "string", + "description": "A valid CRON expression", + "externalDocs": { + "description": "CRON expression editor", + "url": "https://crontab.guru/" + }, + "example": "0 * */3 */5 *" + } + } + } + ] + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updateWorkflow", + "tags": [ + "Workflows" + ], + "summary": "Update Workflow", + "description": "Perform a full update of a workflow. The updated workflow object is returned in the response.", + "security": [ + { + "oauth2": [ + "sp:workflow:manage" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the Workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the workflow", + "example": "Send Email" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + }, + "description": { + "type": "string", + "description": "Description of what the workflow accomplishes", + "example": "Send an email to the identity who's attributes changed." + }, + "definition": { + "type": "object", + "description": "The map of steps that the workflow will execute.", + "properties": { + "start": { + "type": "string", + "description": "The name of the starting step.", + "example": "Send Email Test" + }, + "steps": { + "type": "object", + "description": "One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.", + "additionalProperties": true, + "example": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "ACTION" + }, + "success": { + "type": "success" + } + } + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enable or disable the workflow. Workflows cannot be created in an enabled state.", + "default": false, + "example": false + }, + "trigger": { + "type": "object", + "description": "The trigger that starts the workflow", + "required": [ + "type", + "attributes" + ], + "properties": { + "type": { + "enum": [ + "EVENT", + "EXTERNAL", + "SCHEDULED" + ], + "example": "EVENT", + "description": "The trigger type" + }, + "attributes": { + "description": "Workflow Trigger Attributes.", + "oneOf": [ + { + "title": "Event Trigger Attributes", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the trigger", + "example": "idn:identity-attributes-changed" + }, + "filter": { + "type": "string", + "description": "JSON path expression that will limit which events the trigger will fire on", + "example": "$.changes[?(@.attribute == 'manager')]" + } + } + }, + { + "title": "Scheduled Trigger Attributes", + "type": "object", + "required": [ + "cronString" + ], + "properties": { + "cronString": { + "type": "string", + "description": "A valid CRON expression", + "externalDocs": { + "description": "CRON expression editor", + "url": "https://crontab.guru/" + }, + "example": "0 * */3 */5 *" + } + } + } + ] + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The Workflow object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Workflow ID. This is a UUID generated upon creation.", + "example": "d201c5e9-d37b-4aff-af14-66414f39d569" + }, + "executionCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has been executed", + "example": 2 + }, + "failureCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has failed during execution", + "example": 0 + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the workflow was created", + "example": "2022-01-10T16:06:16.636381447Z" + }, + "creator": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that created the workflow.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + } + } + }, + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the workflow", + "example": "Send Email" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + }, + "description": { + "type": "string", + "description": "Description of what the workflow accomplishes", + "example": "Send an email to the identity who's attributes changed." + }, + "definition": { + "type": "object", + "description": "The map of steps that the workflow will execute.", + "properties": { + "start": { + "type": "string", + "description": "The name of the starting step.", + "example": "Send Email Test" + }, + "steps": { + "type": "object", + "description": "One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.", + "additionalProperties": true, + "example": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "ACTION" + }, + "success": { + "type": "success" + } + } + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enable or disable the workflow. Workflows cannot be created in an enabled state.", + "default": false, + "example": false + }, + "trigger": { + "type": "object", + "description": "The trigger that starts the workflow", + "required": [ + "type", + "attributes" + ], + "properties": { + "type": { + "enum": [ + "EVENT", + "EXTERNAL", + "SCHEDULED" + ], + "example": "EVENT", + "description": "The trigger type" + }, + "attributes": { + "description": "Workflow Trigger Attributes.", + "oneOf": [ + { + "title": "Event Trigger Attributes", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the trigger", + "example": "idn:identity-attributes-changed" + }, + "filter": { + "type": "string", + "description": "JSON path expression that will limit which events the trigger will fire on", + "example": "$.changes[?(@.attribute == 'manager')]" + } + } + }, + { + "title": "Scheduled Trigger Attributes", + "type": "object", + "required": [ + "cronString" + ], + "properties": { + "cronString": { + "type": "string", + "description": "A valid CRON expression", + "externalDocs": { + "description": "CRON expression editor", + "url": "https://crontab.guru/" + }, + "example": "0 * */3 */5 *" + } + } + } + ] + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchWorkflow", + "tags": [ + "Workflows" + ], + "summary": "Patch Workflow", + "description": "Partially update an existing Workflow using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.", + "security": [ + { + "oauth2": [ + "sp:workflow:manage" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the Workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "Update all patchable fields": { + "description": "Demonstrate how to update each patchable field in one PATCH request.", + "value": [ + { + "op": "replace", + "path": "/name", + "value": "Send Email" + }, + { + "op": "replace", + "path": "/owner", + "value": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + }, + { + "op": "replace", + "path": "/description", + "value": "Send an email to the identity who's attributes changed." + }, + { + "op": "replace", + "path": "/enabled", + "value": false + }, + { + "op": "replace", + "path": "/definition", + "value": { + "start": "Send Email Test", + "steps": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "action" + }, + "success": { + "type": "success" + } + } + } + }, + { + "op": "replace", + "path": "/trigger", + "value": { + "type": "EVENT", + "attributes": { + "id": "idn:identity-attributes-changed" + } + } + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "The Workflow object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Workflow ID. This is a UUID generated upon creation.", + "example": "d201c5e9-d37b-4aff-af14-66414f39d569" + }, + "executionCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has been executed", + "example": 2 + }, + "failureCount": { + "type": "integer", + "format": "int32", + "description": "The number of times this workflow has failed during execution", + "example": 0 + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time the workflow was created", + "example": "2022-01-10T16:06:16.636381447Z" + }, + "creator": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that created the workflow.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + } + } + }, + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the workflow", + "example": "Send Email" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.", + "properties": { + "type": { + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY", + "description": "The type of object that is referenced" + } + }, + "example": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "William Wilson" + } + }, + "description": { + "type": "string", + "description": "Description of what the workflow accomplishes", + "example": "Send an email to the identity who's attributes changed." + }, + "definition": { + "type": "object", + "description": "The map of steps that the workflow will execute.", + "properties": { + "start": { + "type": "string", + "description": "The name of the starting step.", + "example": "Send Email Test" + }, + "steps": { + "type": "object", + "description": "One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.", + "additionalProperties": true, + "example": { + "Send Email": { + "actionId": "sp:send-email", + "attributes": { + "body": "This is a test", + "from": "sailpoint@sailpoint.com", + "recipientId.$": "$.identity.id", + "subject": "test" + }, + "nextStep": "success", + "selectResult": null, + "type": "ACTION" + }, + "success": { + "type": "success" + } + } + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enable or disable the workflow. Workflows cannot be created in an enabled state.", + "default": false, + "example": false + }, + "trigger": { + "type": "object", + "description": "The trigger that starts the workflow", + "required": [ + "type", + "attributes" + ], + "properties": { + "type": { + "enum": [ + "EVENT", + "EXTERNAL", + "SCHEDULED" + ], + "example": "EVENT", + "description": "The trigger type" + }, + "attributes": { + "description": "Workflow Trigger Attributes.", + "oneOf": [ + { + "title": "Event Trigger Attributes", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the trigger", + "example": "idn:identity-attributes-changed" + }, + "filter": { + "type": "string", + "description": "JSON path expression that will limit which events the trigger will fire on", + "example": "$.changes[?(@.attribute == 'manager')]" + } + } + }, + { + "title": "Scheduled Trigger Attributes", + "type": "object", + "required": [ + "cronString" + ], + "properties": { + "cronString": { + "type": "string", + "description": "A valid CRON expression", + "externalDocs": { + "description": "CRON expression editor", + "url": "https://crontab.guru/" + }, + "example": "0 * */3 */5 *" + } + } + } + ] + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteWorkflow", + "tags": [ + "Workflows" + ], + "summary": "Delete Workflow By Id", + "description": "Delete a workflow. **Enabled workflows cannot be deleted**. They must first be disabled.", + "security": [ + { + "oauth2": [ + "sp:workflow:manage" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the Workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflows/{id}/test": { + "post": { + "operationId": "testWorkflow", + "tags": [ + "Workflows" + ], + "summary": "Test Workflow By Id", + "description": "Test a workflow with the provided input data. The input data should resemble the input that the trigger will send the workflow. See the [event trigger documentation](https://developer.sailpoint.com/idn/docs/event-triggers/available) for an example input for the trigger that initiates this workflow.\nThis endpoint will return an execution ID, which can be used to lookup more information about the execution using the `Get a Workflow Execution` endpoint.\n**This will cause a live run of the workflow, which could result in unintended modifications to your IDN tenant.**", + "security": [ + { + "oauth2": [ + "sp:workflow-execute:external" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "input" + ], + "properties": { + "input": { + "type": "object", + "description": "The test input for the workflow." + } + } + }, + "examples": { + "Identity Attributes Changed": { + "description": "Identity Attributes Changed Trigger Input", + "value": { + "input": { + "identity": { + "id": "ee769173319b41d19ccec6cea52f237b", + "name": "john.doe", + "type": "IDENTITY" + }, + "changes": [ + { + "attribute": "department", + "oldValue": "sales", + "newValue": "marketing" + }, + { + "attribute": "manager", + "oldValue": { + "id": "ee769173319b41d19ccec6c235423237b", + "name": "nice.guy", + "type": "IDENTITY" + }, + "newValue": { + "id": "ee769173319b41d19ccec6c235423236c", + "name": "mean.guy", + "type": "IDENTITY" + } + }, + { + "attribute": "email", + "oldValue": "john.doe@hotmail.com", + "newValue": "john.doe@gmail.com" + } + ] + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The Workflow object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "workflowExecutionId": { + "type": "string", + "description": "The workflow execution id", + "example": "0e11cefa-96e7-4b67-90d0-065bc1da5753" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflows/{id}/executions": { + "get": { + "operationId": "listWorkflowExecutions", + "tags": [ + "Workflows" + ], + "summary": "List Workflow Executions", + "description": "This lists the executions for a given workflow. Workflow executions are available for up to 90 days before being archived. By default, you can get a maximum of 250 executions. To get executions past the first 250 records, you can do the following: \n1. Use the [Get Workflows](https://developer.sailpoint.com/idn/api/beta/list-workflows) endpoint to get your workflows. \n2. Get your workflow ID from the response. \n3. You can then do either of the following: \n\n - Filter to find relevant workflow executions.\n For example, you can filter for failed workflow executions: `GET /workflows/:workflowID/executions?filters=status eq \"Failed\"`\n\n - You can paginate through results with the `offset` parameter. \n For example, you can page through 50 executions per page and use that as a way to get to the records past the first 250. \n Refer to [Paginating Results](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results) for more information about the query parameters you can use to achieve pagination. ", + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "status eq \"Failed\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**start_time**: *eq, lt, lte, gt, gte*\n\n**status**: *eq*", + "required": false + } + ], + "responses": { + "200": { + "description": "List of workflow executions for the given workflow", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The workflow execution ID", + "example": "b393f4e2-4785-4d7f-ab27-3a6b8ded4c81" + }, + "workflowId": { + "type": "string", + "description": "The workflow ID", + "example": "d201c5d9-d37b-4a2f-af14-66414f39d568" + }, + "requestId": { + "type": "string", + "description": "This backend ID tracks a workflow request in the system. You can provide this ID in a customer support ticket for debugging purposes.", + "example": "41e12a74fa7b4a6a98ae47887b64acdb" + }, + "startTime": { + "type": "string", + "format": "date-time", + "description": "The date/time the workflow started", + "example": "2022-02-07T20:13:29.356648026Z" + }, + "closeTime": { + "type": "string", + "format": "date-time", + "description": "The date/time the workflow ended", + "example": "2022-02-07T20:13:31.682410165Z" + }, + "status": { + "description": "The workflow execution status", + "type": "string", + "enum": [ + "Completed", + "Failed", + "Canceled", + "Running" + ], + "example": "Completed" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflow-executions/{id}": { + "get": { + "operationId": "getWorkflowExecution", + "tags": [ + "Workflows" + ], + "summary": "Get a Workflow Execution", + "description": "Get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found.", + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the workflow execution", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "responses": { + "200": { + "description": "The workflow execution", + "content": { + "application/json": { + "schema": { + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The workflow execution ID", + "example": "b393f4e2-4785-4d7f-ab27-3a6b8ded4c81" + }, + "workflowId": { + "type": "string", + "description": "The workflow ID", + "example": "d201c5d9-d37b-4a2f-af14-66414f39d568" + }, + "requestId": { + "type": "string", + "description": "This backend ID tracks a workflow request in the system. You can provide this ID in a customer support ticket for debugging purposes.", + "example": "41e12a74fa7b4a6a98ae47887b64acdb" + }, + "startTime": { + "type": "string", + "format": "date-time", + "description": "The date/time the workflow started", + "example": "2022-02-07T20:13:29.356648026Z" + }, + "closeTime": { + "type": "string", + "format": "date-time", + "description": "The date/time the workflow ended", + "example": "2022-02-07T20:13:31.682410165Z" + }, + "status": { + "description": "The workflow execution status", + "type": "string", + "enum": [ + "Completed", + "Failed", + "Canceled", + "Running" + ], + "example": "Completed" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflow-executions/{id}/history": { + "get": { + "operationId": "getWorkflowExecutionHistory", + "tags": [ + "Workflows" + ], + "summary": "Get Workflow Execution History", + "description": "Get a detailed history of a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found.", + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the workflow execution", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "responses": { + "200": { + "description": "List of workflow execution events for the given workflow execution", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of event", + "enum": [ + "WorkflowExecutionScheduled", + "WorkflowExecutionStarted", + "WorkflowExecutionCompleted", + "WorkflowExecutionFailed", + "WorkflowTaskScheduled", + "WorkflowTaskStarted", + "WorkflowTaskCompleted", + "WorkflowTaskFailed", + "ActivityTaskScheduled", + "ActivityTaskStarted", + "ActivityTaskCompleted", + "ActivityTaskFailed" + ], + "example": "WorkflowTaskScheduled" + }, + "timestamp": { + "type": "string", + "format": "date-time", + "description": "The date-time when the event occurred", + "example": "2022-02-07T20:13:31.640618296Z" + }, + "attributes": { + "type": "object", + "description": "Additional attributes associated with the event", + "example": {} + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflow-executions/{id}/cancel": { + "post": { + "operationId": "cancelWorkflowExecution", + "tags": [ + "Workflows" + ], + "summary": "Cancel Workflow Execution by ID", + "description": "Use this API to cancel a running workflow execution.", + "security": [ + { + "oauth2": [ + "sp:workflow-execute:external" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "The workflow execution ID", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflow-library": { + "get": { + "operationId": "listCompleteWorkflowLibrary", + "tags": [ + "Workflows" + ], + "summary": "List Complete Workflow Library", + "description": "This lists all triggers, actions, and operators in the library", + "externalDocs": { + "description": "Additional documentation for workflows", + "url": "https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html" + }, + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + } + ], + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "responses": { + "200": { + "description": "List of workflow steps", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "anyOf": [ + { + "title": "Workflow Action", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Action ID. This is a static namespaced ID for the action", + "example": "sp:create-campaign" + }, + "name": { + "type": "string", + "description": "Action Name", + "example": "Create Certification Campaign" + }, + "type": { + "type": "string", + "description": "Action type", + "example": "ACTION" + }, + "description": { + "type": "string", + "description": "Action Description", + "example": "Generates a certification campaign." + }, + "formFields": { + "type": "array", + "description": "One or more inputs that the action accepts", + "items": { + "type": "object", + "properties": { + "helpText": { + "type": "string", + "description": "Describes the form field in the UI", + "example": "The name to give to this certification campaign." + }, + "label": { + "type": "string", + "description": "A human readable name for this form field in the UI", + "example": "Campaign Name" + }, + "name": { + "type": "string", + "description": "The name of the input attribute", + "example": "name" + }, + "required": { + "type": "boolean", + "description": "Denotes if this field is a required attribute", + "example": false + }, + "type": { + "description": "The type of the form field", + "nullable": true, + "enum": [ + "text", + "textarea", + "boolean", + "email", + "url", + "number", + "json", + "checkbox", + "jsonpath", + "select", + "multiType", + "duration", + "toggle", + "identityPicker", + "governanceGroupPicker", + "string", + "object", + "array", + "secret", + "keyValuePairs", + "emailPicker", + "advancedToggle" + ], + "example": "text" + } + } + } + }, + "isDynamicSchema": { + "type": "boolean", + "description": "Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.", + "example": false + }, + "outputSchema": { + "type": "object", + "description": "Defines the output schema, if any, that this action produces.", + "example": { + "definitions": {}, + "properties": { + "autoRevokeAllowed": { + "$id": "#sp:create-campaign/autoRevokeAllowed", + "default": true, + "examples": [ + false + ], + "title": "autoRevokeAllowed", + "type": "boolean" + }, + "deadline": { + "$id": "#sp:create-campaign/deadline", + "default": "", + "examples": [ + "2020-12-25T06:00:00.468Z" + ], + "format": "date-time", + "pattern": "^.*$", + "title": "deadline", + "type": "string" + }, + "description": { + "$id": "#sp:create-campaign/description", + "default": "", + "examples": [ + "A review of everyone's access by their manager." + ], + "pattern": "^.*$", + "title": "description", + "type": "string" + }, + "emailNotificationEnabled": { + "$id": "#sp:create-campaign/emailNotificationEnabled", + "default": true, + "examples": [ + false + ], + "title": "emailNotificationEnabled", + "type": "boolean" + }, + "filter": { + "$id": "#sp:create-campaign/filter", + "properties": { + "id": { + "$id": "#sp:create-campaign/filter/id", + "default": "", + "examples": [ + "e0adaae69852e8fe8b8a3d48e5ce757c" + ], + "pattern": "^.*$", + "title": "id", + "type": "string" + }, + "type": { + "$id": "#sp:create-campaign/filter/type", + "default": "", + "examples": [ + "CAMPAIGN_FILTER" + ], + "pattern": "^.*$", + "title": "type", + "type": "string" + } + }, + "title": "filter", + "type": "object" + }, + "id": { + "$id": "#sp:create-campaign/id", + "default": "", + "examples": [ + "2c918086719eec070171a7e3355a360a" + ], + "pattern": "^.*$", + "title": "id", + "type": "string" + }, + "name": { + "$id": "#sp:create-campaign/name", + "default": "", + "examples": [ + "Manager Review" + ], + "pattern": "^.*$", + "title": "name", + "type": "string" + }, + "recommendationsEnabled": { + "$id": "#sp:create-campaign/recommendationsEnabled", + "default": true, + "examples": [ + false + ], + "title": "recommendationEnabled", + "type": "boolean" + }, + "type": { + "$id": "#sp:create-campaign/type", + "default": "", + "examples": [ + "MANAGER" + ], + "pattern": "^.*$", + "title": "type", + "type": "string" + } + }, + "title": "sp:create-campaign", + "type": "object" + } + } + } + }, + { + "title": "Workflow Trigger", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Trigger ID. This is a static namespaced ID for the trigger.", + "example": "idn:identity-attributes-changed" + }, + "type": { + "description": "Trigger type", + "enum": [ + "EVENT", + "SCHEDULED", + "EXTERNAL" + ], + "example": "EVENT" + }, + "name": { + "type": "string", + "description": "Trigger Name", + "example": "Identity Attributes Changed" + }, + "description": { + "type": "string", + "description": "Trigger Description", + "example": "One or more identity attributes changed." + }, + "isDynamicSchema": { + "type": "boolean", + "description": "Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.", + "example": false + }, + "inputExample": { + "type": "object", + "description": "Example trigger payload if applicable", + "nullable": true, + "externalDocs": { + "description": "List of triggers and their input schemas", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/available" + }, + "example": { + "changes": [ + { + "attribute": "department", + "newValue": "marketing", + "oldValue": "sales" + }, + { + "attribute": "manager", + "newValue": { + "id": "ee769173319b41d19ccec6c235423236c", + "name": "mean.guy", + "type": "IDENTITY" + }, + "oldValue": { + "id": "ee769173319b41d19ccec6c235423237b", + "name": "nice.guy", + "type": "IDENTITY" + } + }, + { + "attribute": "email", + "newValue": "john.doe@gmail.com", + "oldValue": "john.doe@hotmail.com" + } + ], + "identity": { + "id": "ee769173319b41d19ccec6cea52f237b", + "name": "john.doe", + "type": "IDENTITY" + } + } + }, + "formFields": { + "type": "array", + "nullable": true, + "description": "One or more inputs that the trigger accepts", + "example": [], + "items": { + "type": "object", + "properties": { + "helpText": { + "type": "string", + "description": "Describes the form field in the UI", + "example": "The name to give to this certification campaign." + }, + "label": { + "type": "string", + "description": "A human readable name for this form field in the UI", + "example": "Campaign Name" + }, + "name": { + "type": "string", + "description": "The name of the input attribute", + "example": "name" + }, + "required": { + "type": "boolean", + "description": "Denotes if this field is a required attribute", + "example": false + }, + "type": { + "description": "The type of the form field", + "nullable": true, + "enum": [ + "text", + "textarea", + "boolean", + "email", + "url", + "number", + "json", + "checkbox", + "jsonpath", + "select", + "multiType", + "duration", + "toggle", + "identityPicker", + "governanceGroupPicker", + "string", + "object", + "array", + "secret", + "keyValuePairs", + "emailPicker", + "advancedToggle" + ], + "example": "text" + } + } + } + } + } + }, + { + "title": "Workflow Operator", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Operator ID.", + "example": "sp:compare-boolean" + }, + "name": { + "type": "string", + "description": "Operator friendly name", + "example": "Compare Boolean Values" + }, + "type": { + "description": "Operator type", + "type": "string", + "example": "OPERATOR" + }, + "description": { + "type": "string", + "description": "Description of the operator", + "example": "Compare two boolean values and decide what happens based on the result." + }, + "formFields": { + "type": "array", + "description": "One or more inputs that the operator accepts", + "items": { + "type": "object", + "properties": { + "helpText": { + "type": "string", + "description": "Describes the form field in the UI", + "example": "The name to give to this certification campaign." + }, + "label": { + "type": "string", + "description": "A human readable name for this form field in the UI", + "example": "Campaign Name" + }, + "name": { + "type": "string", + "description": "The name of the input attribute", + "example": "name" + }, + "required": { + "type": "boolean", + "description": "Denotes if this field is a required attribute", + "example": false + }, + "type": { + "description": "The type of the form field", + "nullable": true, + "enum": [ + "text", + "textarea", + "boolean", + "email", + "url", + "number", + "json", + "checkbox", + "jsonpath", + "select", + "multiType", + "duration", + "toggle", + "identityPicker", + "governanceGroupPicker", + "string", + "object", + "array", + "secret", + "keyValuePairs", + "emailPicker", + "advancedToggle" + ], + "example": "text" + } + } + }, + "example": [ + { + "description": "Enter the JSONPath to a value from the input to compare to Variable B.", + "helpText": "", + "label": "Variable A", + "name": "variableA.$", + "required": true, + "type": "text" + }, + { + "helpText": "Select an operation.", + "label": "Operation", + "name": "operator", + "options": [ + { + "label": "Equals", + "value": "BooleanEquals" + } + ], + "required": true, + "type": "select" + }, + { + "description": "Enter the JSONPath to a value from the input to compare to Variable A.", + "helpText": "", + "label": "Variable B", + "name": "variableB.$", + "required": false, + "type": "text" + }, + { + "description": "Enter True or False.", + "helpText": "", + "label": "Variable B", + "name": "variableB", + "required": false, + "type": "text" + } + ] + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflow-library/actions": { + "get": { + "operationId": "listWorkflowLibraryActions", + "tags": [ + "Workflows" + ], + "summary": "List Workflow Library Actions", + "description": "This lists the workflow actions available to you.", + "externalDocs": { + "description": "Additional documentation for each action", + "url": "https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#actions" + }, + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq*", + "example": "id eq \"sp:create-campaign\"" + } + ], + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "responses": { + "200": { + "description": "List of workflow actions", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "title": "Workflow Action", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Action ID. This is a static namespaced ID for the action", + "example": "sp:create-campaign" + }, + "name": { + "type": "string", + "description": "Action Name", + "example": "Create Certification Campaign" + }, + "type": { + "type": "string", + "description": "Action type", + "example": "ACTION" + }, + "description": { + "type": "string", + "description": "Action Description", + "example": "Generates a certification campaign." + }, + "formFields": { + "type": "array", + "description": "One or more inputs that the action accepts", + "items": { + "type": "object", + "properties": { + "helpText": { + "type": "string", + "description": "Describes the form field in the UI", + "example": "The name to give to this certification campaign." + }, + "label": { + "type": "string", + "description": "A human readable name for this form field in the UI", + "example": "Campaign Name" + }, + "name": { + "type": "string", + "description": "The name of the input attribute", + "example": "name" + }, + "required": { + "type": "boolean", + "description": "Denotes if this field is a required attribute", + "example": false + }, + "type": { + "description": "The type of the form field", + "nullable": true, + "enum": [ + "text", + "textarea", + "boolean", + "email", + "url", + "number", + "json", + "checkbox", + "jsonpath", + "select", + "multiType", + "duration", + "toggle", + "identityPicker", + "governanceGroupPicker", + "string", + "object", + "array", + "secret", + "keyValuePairs", + "emailPicker", + "advancedToggle" + ], + "example": "text" + } + } + } + }, + "isDynamicSchema": { + "type": "boolean", + "description": "Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.", + "example": false + }, + "outputSchema": { + "type": "object", + "description": "Defines the output schema, if any, that this action produces.", + "example": { + "definitions": {}, + "properties": { + "autoRevokeAllowed": { + "$id": "#sp:create-campaign/autoRevokeAllowed", + "default": true, + "examples": [ + false + ], + "title": "autoRevokeAllowed", + "type": "boolean" + }, + "deadline": { + "$id": "#sp:create-campaign/deadline", + "default": "", + "examples": [ + "2020-12-25T06:00:00.468Z" + ], + "format": "date-time", + "pattern": "^.*$", + "title": "deadline", + "type": "string" + }, + "description": { + "$id": "#sp:create-campaign/description", + "default": "", + "examples": [ + "A review of everyone's access by their manager." + ], + "pattern": "^.*$", + "title": "description", + "type": "string" + }, + "emailNotificationEnabled": { + "$id": "#sp:create-campaign/emailNotificationEnabled", + "default": true, + "examples": [ + false + ], + "title": "emailNotificationEnabled", + "type": "boolean" + }, + "filter": { + "$id": "#sp:create-campaign/filter", + "properties": { + "id": { + "$id": "#sp:create-campaign/filter/id", + "default": "", + "examples": [ + "e0adaae69852e8fe8b8a3d48e5ce757c" + ], + "pattern": "^.*$", + "title": "id", + "type": "string" + }, + "type": { + "$id": "#sp:create-campaign/filter/type", + "default": "", + "examples": [ + "CAMPAIGN_FILTER" + ], + "pattern": "^.*$", + "title": "type", + "type": "string" + } + }, + "title": "filter", + "type": "object" + }, + "id": { + "$id": "#sp:create-campaign/id", + "default": "", + "examples": [ + "2c918086719eec070171a7e3355a360a" + ], + "pattern": "^.*$", + "title": "id", + "type": "string" + }, + "name": { + "$id": "#sp:create-campaign/name", + "default": "", + "examples": [ + "Manager Review" + ], + "pattern": "^.*$", + "title": "name", + "type": "string" + }, + "recommendationsEnabled": { + "$id": "#sp:create-campaign/recommendationsEnabled", + "default": true, + "examples": [ + false + ], + "title": "recommendationEnabled", + "type": "boolean" + }, + "type": { + "$id": "#sp:create-campaign/type", + "default": "", + "examples": [ + "MANAGER" + ], + "pattern": "^.*$", + "title": "type", + "type": "string" + } + }, + "title": "sp:create-campaign", + "type": "object" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflow-library/triggers": { + "get": { + "operationId": "listWorkflowLibraryTriggers", + "tags": [ + "Workflows" + ], + "summary": "List Workflow Library Triggers", + "description": "This lists the workflow triggers available to you", + "externalDocs": { + "description": "Additional documentation for each trigger", + "url": "https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#triggers" + }, + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq*", + "example": "id eq \"idn:identity-attributes-changed\"" + } + ], + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "responses": { + "200": { + "description": "List of workflow triggers", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "title": "Workflow Trigger", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Trigger ID. This is a static namespaced ID for the trigger.", + "example": "idn:identity-attributes-changed" + }, + "type": { + "description": "Trigger type", + "enum": [ + "EVENT", + "SCHEDULED", + "EXTERNAL" + ], + "example": "EVENT" + }, + "name": { + "type": "string", + "description": "Trigger Name", + "example": "Identity Attributes Changed" + }, + "description": { + "type": "string", + "description": "Trigger Description", + "example": "One or more identity attributes changed." + }, + "isDynamicSchema": { + "type": "boolean", + "description": "Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.", + "example": false + }, + "inputExample": { + "type": "object", + "description": "Example trigger payload if applicable", + "nullable": true, + "externalDocs": { + "description": "List of triggers and their input schemas", + "url": "https://developer.sailpoint.com/idn/docs/event-triggers/available" + }, + "example": { + "changes": [ + { + "attribute": "department", + "newValue": "marketing", + "oldValue": "sales" + }, + { + "attribute": "manager", + "newValue": { + "id": "ee769173319b41d19ccec6c235423236c", + "name": "mean.guy", + "type": "IDENTITY" + }, + "oldValue": { + "id": "ee769173319b41d19ccec6c235423237b", + "name": "nice.guy", + "type": "IDENTITY" + } + }, + { + "attribute": "email", + "newValue": "john.doe@gmail.com", + "oldValue": "john.doe@hotmail.com" + } + ], + "identity": { + "id": "ee769173319b41d19ccec6cea52f237b", + "name": "john.doe", + "type": "IDENTITY" + } + } + }, + "formFields": { + "type": "array", + "nullable": true, + "description": "One or more inputs that the trigger accepts", + "example": [], + "items": { + "type": "object", + "properties": { + "helpText": { + "type": "string", + "description": "Describes the form field in the UI", + "example": "The name to give to this certification campaign." + }, + "label": { + "type": "string", + "description": "A human readable name for this form field in the UI", + "example": "Campaign Name" + }, + "name": { + "type": "string", + "description": "The name of the input attribute", + "example": "name" + }, + "required": { + "type": "boolean", + "description": "Denotes if this field is a required attribute", + "example": false + }, + "type": { + "description": "The type of the form field", + "nullable": true, + "enum": [ + "text", + "textarea", + "boolean", + "email", + "url", + "number", + "json", + "checkbox", + "jsonpath", + "select", + "multiType", + "duration", + "toggle", + "identityPicker", + "governanceGroupPicker", + "string", + "object", + "array", + "secret", + "keyValuePairs", + "emailPicker", + "advancedToggle" + ], + "example": "text" + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflow-library/operators": { + "get": { + "operationId": "listWorkflowLibraryOperators", + "tags": [ + "Workflows" + ], + "summary": "List Workflow Library Operators", + "description": "This lists the workflow operators available to you", + "security": [ + { + "oauth2": [ + "sp:workflow:read" + ] + } + ], + "responses": { + "200": { + "description": "List of workflow operators", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "title": "Workflow Operator", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Operator ID.", + "example": "sp:compare-boolean" + }, + "name": { + "type": "string", + "description": "Operator friendly name", + "example": "Compare Boolean Values" + }, + "type": { + "description": "Operator type", + "type": "string", + "example": "OPERATOR" + }, + "description": { + "type": "string", + "description": "Description of the operator", + "example": "Compare two boolean values and decide what happens based on the result." + }, + "formFields": { + "type": "array", + "description": "One or more inputs that the operator accepts", + "items": { + "type": "object", + "properties": { + "helpText": { + "type": "string", + "description": "Describes the form field in the UI", + "example": "The name to give to this certification campaign." + }, + "label": { + "type": "string", + "description": "A human readable name for this form field in the UI", + "example": "Campaign Name" + }, + "name": { + "type": "string", + "description": "The name of the input attribute", + "example": "name" + }, + "required": { + "type": "boolean", + "description": "Denotes if this field is a required attribute", + "example": false + }, + "type": { + "description": "The type of the form field", + "nullable": true, + "enum": [ + "text", + "textarea", + "boolean", + "email", + "url", + "number", + "json", + "checkbox", + "jsonpath", + "select", + "multiType", + "duration", + "toggle", + "identityPicker", + "governanceGroupPicker", + "string", + "object", + "array", + "secret", + "keyValuePairs", + "emailPicker", + "advancedToggle" + ], + "example": "text" + } + } + }, + "example": [ + { + "description": "Enter the JSONPath to a value from the input to compare to Variable B.", + "helpText": "", + "label": "Variable A", + "name": "variableA.$", + "required": true, + "type": "text" + }, + { + "helpText": "Select an operation.", + "label": "Operation", + "name": "operator", + "options": [ + { + "label": "Equals", + "value": "BooleanEquals" + } + ], + "required": true, + "type": "select" + }, + { + "description": "Enter the JSONPath to a value from the input to compare to Variable A.", + "helpText": "", + "label": "Variable B", + "name": "variableB.$", + "required": false, + "type": "text" + }, + { + "description": "Enter True or False.", + "helpText": "", + "label": "Variable B", + "name": "variableB", + "required": false, + "type": "text" + } + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflows/{id}/external/oauth-clients": { + "post": { + "operationId": "postWorkflowExternalTrigger", + "tags": [ + "Workflows" + ], + "summary": "Generate External Trigger OAuth Client", + "description": "Create OAuth client ID, client secret, and callback URL for use in an external trigger. External triggers will need this information to generate an access token to authenticate to the callback URL and submit a trigger payload that will initiate the workflow.", + "security": [ + { + "oauth2": [ + "sp:workflow:manage" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "responses": { + "200": { + "description": "The OAuth Client object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "OAuth client ID for the trigger. This is a UUID generated upon creation.", + "example": "1a58c03a6bf64dc2876f6988c6e2c7b7" + }, + "secret": { + "type": "string", + "description": "OAuthClient secret.", + "example": "00cc24a7fe810fe06a7cb38bc168ae104d703c7abb296f9944dc68e69ddb578b" + }, + "url": { + "type": "string", + "description": "URL for the external trigger to invoke", + "example": "https://tenant.api.identitynow.com/beta/workflows/execute/external/c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflows/execute/external/{id}": { + "post": { + "operationId": "postExternalExecuteWorkflow", + "tags": [ + "Workflows" + ], + "summary": "Execute Workflow via External Trigger", + "description": "This endpoint allows a service outside of IdentityNow to initiate a workflow that uses the \"External Trigger\" step. The external service will invoke this endpoint with the input data it wants to send to the workflow in the body.", + "security": [ + { + "oauth2": [ + "sp:workflow-execute:external" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "input": { + "type": "object", + "description": "The input for the workflow", + "example": { + "customAttribute1": "value1", + "customAttribute2": "value2" + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The Workflow object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "workflowExecutionId": { + "type": "string", + "description": "The workflow execution id", + "example": "0e11cefa-96e7-4b67-90d0-065bc1da5753" + }, + "message": { + "type": "string", + "description": "An error message if any errors occurred", + "example": "Workflow was not executed externally. Check enabled flag on workflow definition" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/workflows/execute/external/{id}/test": { + "post": { + "operationId": "testExternalExecuteWorkflow", + "tags": [ + "Workflows" + ], + "summary": "Test Workflow via External Trigger", + "description": "Validate a workflow with an \"External Trigger\" can receive input. The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow.", + "security": [ + { + "oauth2": [ + "sp:workflow-execute:external" + ] + } + ], + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Id of the workflow", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "c17bea3a-574d-453c-9e04-4365fbf5af0b" + } + } + ], + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "input": { + "type": "object", + "description": "The test input for the workflow", + "example": { + "test": "hello world" + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Responds with the test input", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "payload": { + "type": "object", + "description": "The input that was received", + "example": { + "test": "hello world" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + } + } +} diff --git a/src/routes/api-client/CustomSpec.json b/src/routes/api-client/CustomSpec.json new file mode 100644 index 0000000..1062209 --- /dev/null +++ b/src/routes/api-client/CustomSpec.json @@ -0,0 +1,12 @@ +{ + "paths": { + "/custom/api/endpoint": { + "get": "content", + "post": "content", + "put": "content", + "patch": "content", + "delete": "content", + "head": "content" + } + } +} diff --git a/src/routes/api-client/V3Spec.json b/src/routes/api-client/V3Spec.json new file mode 100644 index 0000000..f22d443 --- /dev/null +++ b/src/routes/api-client/V3Spec.json @@ -0,0 +1,158903 @@ +{ + "openapi": "3.0.1", + "info": { + "title": "IdentityNow V3 API", + "description": "Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.", + "termsOfService": "https://developer.sailpoint.com/discuss/tos", + "contact": { + "name": "Developer Relations", + "url": "https://developer.sailpoint.com/discuss/api-help" + }, + "license": { + "name": "MIT", + "url": "https://opensource.org/licenses/MIT" + }, + "version": "3.0.0" + }, + "servers": [ + { + "url": "https://{tenant}.api.identitynow.com/v3", + "description": "This is the production API server.", + "variables": { + "tenant": { + "default": "sailpoint", + "description": "This is the name of your tenant, typically your company's name." + } + } + } + ], + "tags": [ + { + "name": "Access Profiles", + "description": "Use this API to implement and customize access profile functionality. \nWith this functionality in place, administrators can create access profiles and configure them for use throughout IdentityNow, enabling users to get the access they need quickly and securely.\n\nAccess profiles group entitlements, which represent access rights on sources. \n\nFor example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.\n\nAn administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.\n\nWhen users only need Active Directory employee access, they can request access to the 'Employees' entitlement.\n\nWhen users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.\n\nAccess profiles are the most important units of access in IdentityNow. IdentityNow uses access profiles in many features, including the following:\n\n- Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles.\n\n- Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements. \n\n- Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile.\n\n- Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role. \n\nIn IdentityNow, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones. \nAdministrators can enable and disable an access profile, and they can also make the following configurations: \n\n- Manage Entitlements: Manage the profile's access by adding and removing entitlements. \n\n- Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked. \nDo not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile.\n\n- Multiple Account Options: Define the logic IdentityNow uses to provision access to an identity with multiple accounts on the source. \n\nRefer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles.\n" + }, + { + "name": "Access Request Approvals", + "description": "Use this API to implement and customize access request approval functionality. \nWith this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles. \nThis enables more qualified users to review access requests and the others to spend their time on other tasks. \n\nIn IdentityNow, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked. \nFor applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked. \nFor roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked. \nIf the administrator designates a governance group as the required approver, any governance group member can approve the requests.\n \nWhen a user submits an access request, IdentityNow sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration.\n\nIn Approvals in IdentityNow, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval. \nIf the required approver approves the request and is the only reviewer required, IdentityNow grants or revokes access, based on the request. \nIf multiple reviewers are required, IdentityNow sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration. \nThe required approver can then view any completed access requests under the Reviewed tab. \n\nRefer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals.\n" + }, + { + "name": "Access Requests", + "description": "Use this API to implement and customize access request functionality. \nWith this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked.\nThis allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools. \n\nIdentityNow's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them.\n\nIn the Request Center in IdentityNow, users can view available applications, roles, and entitlements and request access to them. \nIf the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them. \n\nUsers can use My Requests to track and/or cancel the requests.\n\nIn My Team on the IdentityNow Home, managers can submit requests to revoke their team members' access. \nThey can use the My Requests tab under Request Center to track and/or cancel the requests.\n\nRefer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests.\n" + }, + { + "name": "Accounts", + "description": "Use this API to implement and customize account functionality.\nWith this functionality in place, administrators can manage users' access across sources in IdentityNow. \n\nIn IdentityNow, an account refers to a user's account on a supported source.\nThis typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. IdentityNow loads accounts through the creation of sources in IdentityNow.\n\nAdministrators can correlate users' identities with the users' accounts on the different sources they use. \nThis allows IdentityNow to govern the access of identities and all their correlated accounts securely and cohesively. \n\nTo view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab. \n\nTo view and edit source account statuses for an identity in IdentityNow, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. \nAdministrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity. \n\nAccounts can have the following statuses: \n\n- Enabled: The account is enabled. The user can access it.\n\n- Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in IdentityNow. This can occur when an administrator disables the account or when the user's lifecycle state changes. \n\n- Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.\n\n- Pending: The account is currently updating. This status typically lasts seconds. \n\nAdministrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.\n\nRefer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts.\n" + }, + { + "name": "Account Activities", + "description": "Use this API to implement account activity tracking functionality.\nWith this functionality in place, users can track source account activity in IdentityNow, which greatly improves traceability in the system. \n\nAn account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life. \nIn IdentityNow's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient. \n\nAccount activity includes most actions IdentityNow completes on source accounts. Users can search in IdentityNow for the following account action types: \n\n- Access Request: These include any access requests the source account is involved in. \n\n- Account Attribute Updates: These include updates to a single attribute on an account on a source. \n\n- Account State Update: These include locking or unlocking actions on an account on a source. \n\n- Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification.\n\n- Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state. \nIdentityNow replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to. \n\n- Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action. \nWhen you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays.\nAccount Activity does not include attribute updates that occur as a result of aggregation.\n\n- Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates. \nThese also include refreshes that occur whenever IdentityNow assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source. \n\n- Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change. \n\n- Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state.\n\n- Password Change: These include password changes on sources.\n\nRefer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities.\n" + }, + { + "name": "Certifications", + "description": "Use this API to implement certification functionality. \nWith this functionality in place, administrators and designated certification reviewers can review users' access certifications and decide whether to approve access, revoke it, or reassign the review to another reviewer. \nImplementing certifications improves organizations' data security by reducing inappropriate access through a distributed review process and helping them satisfy audit and regulatory requirements. \n\nA certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. \nThese serve as a way of showing that a user's access has been reviewed and approved. \nMultiple certifications by different reviewers are often required to approve a user's access. \nA set of multiple certifications is called a certification campaign.\n\nFor example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. \nOnce this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. \n\nOrganization administrators or certification administrators can designate other IdentityNow users as certification reviewers. \nThose reviewers can select the 'Certifications' tab to view any of the certifications they either need to review or have already reviewed under the 'Active' and 'Completed' tabs, respectively. \n\nWhen a certification campaign is in progress, certification reviewers will see certifications listed under 'Active,' where they can review the involved identities. \nUnder the 'Decision' column on the right, next to each access item, reviewers can select the checkmark to approve access, select the 'X' to revoke access, or they can toggle the 'More Options' menu to reassign the certification to another reviewer and provide a reason for reassignment in the form of a comment. \n\nOnce a reviewer has made decisions on all the certification's involved access items, he or she must select 'Sign Off' to complete the review process.\nDoing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. \n\nOnce all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation.\nIn this situation, the certification campaign completes once all the remediation requests are completed. \n\nRefer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) for more information about certifications.\n" + }, + { + "name": "Certification Summaries", + "description": "Use this API to implement certification summary functionality. \nWith this functionality in place, administrators and designated certification reviewers can review summaries of identity certification campaigns and draw conclusions about the campaigns' scope, security, and effectiveness. \nImplementing certification summary functionality improves organizations' ability to review their [certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) and helps them satisfy audit and regulatory requirements by enabling them to trace access changes and the decisions made in their review processes. \n\nA certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. \nThese certifications serve as a way of showing that a user's access has been reviewed and approved. \nMultiple certifications by different reviewers are often required to approve a user's access. \nA set of multiple certifications is called a certification campaign. \n\nFor example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. \nOnce this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. \n\nCertification summaries provide information about identity certification campaigns such as the identities involved, the number of decisions made, and the access changed. \nFor example, an administrator or designated certification reviewer can examine the Manager Certification campaign to get an overview of how many entitlement decisions are made in that campaign as opposed to role decisions, which identities would be affected by changes to the campaign, and how those identities' access would be affected. \n" + }, + { + "name": "Lifecycle States", + "description": "Use this API to implement and customize lifecycle state functionality.\nWith this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have.\n\nA lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with IdentityNow: 'Active' and 'Inactive.' \nWhen an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes. \nThe inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored. \nThis saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc. \n\nAdministrators can create a variety of custom lifecycle states. Refer to [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas.\n\nAdministrators must define the criteria for being in each lifecycle state, and they must define how IdentityNow manages users' access to apps and sources for each lifecycle state.\n\nIn IdentityNow, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state. \n\nIn the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state: \n\n- Enable/disable the lifecycle state for the identity profile.\n\n- Enable/disable source accounts for the identity profile's lifecycle state.\n\n- Add existing access profiles to grant to the identity profiles in that lifecycle state.\n\n- Create a new access profile to grant to the identity profile in that lifecycle state.\n\nAccess profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state. \nTo maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. \nFor example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states.\n\nDuring scheduled refreshes, IdentityNow evaluates lifFecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. \nIf the identities are missing access, IdentityNow provisions that access. \n\nAdministrators can also use the 'Provisioning' tab to configure email notifications for IdentityNow to send whenever an identity with that identity profile has a lifecycle state change. \nRefer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so.\n\nAn identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.' \nRefer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses. \n\nRefer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states.\n" + }, + { + "name": "Identity Profiles", + "description": "Use this API to implement identity profile functionality. \nWith this functionality in place, administrators can view identity profiles and their configurations. \n\nIdentity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. \n\nIn IdentityNow, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. \nThis list shows some details about each identity profile, along with its status. \nThey can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. \n\nRefer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles.\n" + }, + { + "name": "Non-Employee Lifecycle Management", + "description": "Use this API to implement non-employee lifecycle management functionality. \nWith this functionality in place, administrators can create non-employee records and configure them for use in their organizations. \nThis allows organizations to provide secure access to non-employees and control that access. \n\nThe 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee. \nOrganizations can track non-employees' access and activity in IdentityNow by creating and maintaining non-employee sources. \nOrganizations can have a maximum of 50 non-employee sources. \n\nBy using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following:\n\n- SailPoint is not responsible for storing sensitive data. \nYou may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in IdentityNow.\n\n- You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts.\n\nTo manage non-employees in IdentityNow, administrators must create a non-employee source and add accounts to the source. \n\nTo create a non-employee source in IdentityNow, administrators must use the Admin panel to go to Connections > Sources.\nThey must then specify 'Non-Employee' in the 'Source Type' field. \nRefer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources.\n\nTo add accounts to a non-employee source in IdentityNow, administrators can select the non-employee source and add the accounts. \nThey can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to. \n\nAdministrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts. \nTo add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file. \nRefer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources.\n\nOnce administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities. \n\nRefer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management.\n" + }, + { + "name": "OAuth Clients", + "description": "Use this API to implement OAuth client functionality. \nWith this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the IdentityNow REST API.\nRefer to [Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information about OAuth and how it works with the IdentityNow REST API. \n" + }, + { + "name": "Password Configuration", + "description": "Use this API to implement organization password configuration functionality. \nWith this functionality in place, organization administrators can create organization-specific password configurations. \n\nThese configurations include details like custom password instructions, as well as digit token length and duration. \n\nRefer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality.\n" + }, + { + "name": "Password Management", + "description": "Use this API to implement password management functionality. \nWith this functionality in place, users can manage their identity passwords for all their applications.\n\nIn IdentityNow, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager. \nPassword Manager lists the user's identity's applications, possibly grouped to share passwords. \nUsers can then select 'Change Password' to update their passwords. \n\nGrouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually. \nPassword Manager may list the applications and sources in the following groups:\n\n- Password Group: This refers to a group of applications that share a password. \nFor example, a user can use the same password for Google Drive, Google Mail, and YouTube. \nUpdating the password for the password group updates the password for all its included applications.\n\n- Multi-Application Source: This refers to a source with multiple applications that share a password. \nFor example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications. \nUpdating the password for the multi-application source updates the password for all its included applications. \n\n- Applications: These are applications that do not share passwords with other applications.\n\nAn organization may require some authentication for users to update their passwords. \nUsers may be required to answer security questions or use a third-party authenticator before they can confirm their updates. \n\nRefer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management.\n" + }, + { + "name": "Password Dictionary", + "description": "Use this API to implement password dictionary functionality. \nWith this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords. \n\nA password dictionary is a list of words or characters that users are prevented from including in their passwords. \nThis can help protect users from themselves and force them to create passwords that are not easy to break. \n\nA password dictionary must meet the following requirements to for the API to handle them correctly: \n\n- It must be in .txt format.\n\n- All characters must be UTF-8 characters. \n\n- Each line must contain a single word or character with no spaces or whitespace characters.\n\n- It must contain at least one line other than the locale string.\n\n- Each line must not exceed 128 characters.\n\n- The file must not exceed 2500 lines. \n\nAdministrators should also consider the following when they create their dictionaries: \n\n- Lines starting with a # represent comments.\n\n- All words in the password dictionary are case-insensitive. \nFor example, adding the word \"password\" to the dictionary also disallows the following: PASSWORD, Password, and PassWord.\n\n- The dictionary uses substring matching. \nFor example, adding the word \"spring\" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring.\nUsers can then select 'Change Password' to update their passwords. \n\nAdministrators must do the following to create a password dictionary: \n\n- Create the text file that will contain the prohibited password values.\n\n- If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode`\n\nThe languageCode value refers to the language's 2-letter ISO 639-1 code.\nThe countryCode value refers to the country's 2-letter ISO 3166-1 code.\n\nRefer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes.\n\n- Upload the .txt file to IdentityNow with [Update Password Dictionary](https://developer.sailpoint.com/idn/api/v3/update-password-dictionary). Uploading a new file always overwrites the previous dictionary file.\n\nAdministrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it.\n\nRefer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries.\n" + }, + { + "name": "Password Sync Groups", + "description": "Use this API to implement password sync group functionality. \nWith this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password. \nThis allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually. \n\nA password sync group is a group of applications that shares a password. \nAdministrators create these groups by grouping the applications' sources. \nFor example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password. \nA user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually.\n\nThe following are required for administrators to create a password sync group in IdentityNow: \n\n- At least two direct connect sources connected to IdentityNow and configured for Password Management.\n\n- Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources.\n\n- At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/policies.html) for more information about password policies. \n\nIn the Admin panel in IdentityNow, administrators can use the Password Mgmt dropdown menu to select Sync Groups. \nTo create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group. \n\nAdministrators can also delete sync groups in IdentityNow, but they should know the following before they do: \n\n- Passwords related to the associated sources will become independent, so changing one will not change the others anymore. \n\n- Passwords for the sources' connected applications will also become independent. \n\n- Password policies assigned to the sync group are then assigned directly to the associated sources. \nTo change the password policy for a source, administrators must edit it directly. \n\nOnce the password sync group has been created, users can update the password for the group in Password Manager.\n\nRefer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups.\n" + }, + { + "name": "Personal Access Tokens", + "description": "Use this API to implement personal access token (PAT) functionality. \nWith this functionality in place, users can use PATs as an alternative to passwords for authentication in IdentityNow. \n\nPATs embed user information into the client ID and secret. \nThis replaces the API clients' need to store and provide a username and password to establish a connection, improving IdentityNow organizations' integration security. \n\nIn IdentityNow, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens. \nThey must then provide a description about the token's purpose. \nThey can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID. \n\nRefer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs.\n" + }, + { + "name": "Public Identities", + "description": "Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/idn/api/v3/public-identities-config) to enable non-administrators to view identities' publicly visible attributes. \nWith this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public. \nThis can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.\n" + }, + { + "name": "Public Identities Config", + "description": "Use this API to implement public identity configuration functionality. \nWith this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions. \nThis can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.\n\nBy default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager. \nHowever, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc.\nAdministrators can use this API to make those necessary identity attributes public to non-administrators. \n\nFor example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department. \nIf an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/idn/api/v3/update-public-identity-config) to make the \"department\" attribute public, the approver can see the department and make a decision without requesting any more information.\n" + }, + { + "name": "Requestable Objects", + "description": "Use this API to implement requestable object functionality. \nWith this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/idn/api/v3/access-requests), along with their statuses. \nThis can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available.\n" + }, + { + "name": "Roles", + "description": "Use this API to implement and customize role functionality.\nWith this functionality in place, administrators can create roles and configure them for use throughout IdentityNow. \nIdentityNow can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks.\n\nEntitlements represent the most granular level of access in IdentityNow. \nAccess profiles represent the next level and often group entitlements. \nRoles represent the broadest level of access and often group access profiles. \n\nFor example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.\n\nAn administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.\n\nAn administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.\n\nWhen users only need Active Directory employee access, they can request access to the 'Employees' entitlement.\n\nWhen users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.\n\nWhen users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. \n\nRoles often represent positions within organizations. \nFor example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role. \nIf the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need.\n\nIn IdentityNow, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones. \nAdministrators can enable and disable the role, and they can also make the following configurations: \n\n- Manage Access: Manage the role's access by adding or removing access profiles.\n\n- Define Assignment: Define the criteria IdentityNow uses to assign the role to identities. \nUse the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes. \nUse the second, 'Identity List,' to specify the identities for assignment.\n\n- Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked. \nDo not configure a role to be requestable without establishing a secure access request approval process for that role first. \n\nRefer to [Working with Roles](https://documentation.sailpoint.com/saas/help/provisioning/roles.html) for more information about roles.\n" + }, + { + "name": "Saved Search", + "description": "Use this API to implement saved search functionality. \nWith saved search functionality in place, users can save search queries and then view those saved searches, as well as rerun them. \n\nSearch queries in IdentityNow can grow very long and specific, which can make reconstructing them difficult or tedious, so it can be especially helpful to save search queries. \nIt also opens the possibility to configure IdentityNow to run the saved queries on a schedule, which is essential to detecting user information and access changes throughout an organization's tenant and across all its sources. \nRefer to [Scheduled Search](https://developer.sailpoint.com/idn/api/v3/scheduled-search) for more information about running saved searches on a schedule. \n\nIn IdentityNow, users can save searches under a name, and then they can access that saved search and run it again when they want. \n\nRefer to [Managing Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html) for more information about saving searches and using them. \n" + }, + { + "name": "Scheduled Search", + "description": "Use this API to implement scheduled search functionality. \nWith scheduled search functionality in place, users can run saved search queries on their tenants on a schedule, and IdentityNow emails them the search results. \nUsers can also share these search results with other users by email by adding those users as subscribers, or those users can subscribe themselves. \n\nOne of the greatest benefits of saving searches is the ability to run those searches on a schedule. \nThis is essential for organizations to constantly detect any changes to user information or access throughout their tenants and across all their sources. \nFor example, the manager Amanda Ross can schedule a saved search \"manager.name:amanda.ross AND attributes.location:austin\" on a schedule to regularly stay aware of changes with the Austin employees reporting to her.\nIdentityNow emails her the search results when the search runs, so she can work on other tasks instead of actively running this search.\n\nIn IdentityNow, scheduling a search involves a subscription. \nUsers can create a subscription for a saved search and schedule it to run daily, weekly, or monthly (you can only use one schedule option at a time). \nThe user can add other identities as subscribers so when the scheduled search runs, the subscribers and the user all receive emails. \n\nBy default, subscriptions exclude detailed results from the emails, for security purposes. \nIncluding detailed results about user access in an email may expose sensitive information.\nHowever, the subscription creator can choose to include the information in the emails. \n\nBy default, IdentityNow sends emails to the subscribers even when the searches do not return new results. \nHowever, the subscription creator can choose to suppress these empty emails. \n\nUsers can also subscribe to saved searches that already have existing subscriptions so they receive emails when the searches run. \nA saved search can have up to 10 subscriptions configured at a time. \n\nThe subscription creator can enable, disable, or delete the subscription. \n\nRefer to [Subscribing to Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html#subscribing-to-saved-searches) for more information about scheduling searches and subscribing to them.\n" + }, + { + "name": "Search", + "description": "Use this API to implement search functionality. \nWith search functionality in place, users can search their tenants for nearly any information from throughout their organizations. \n\nIdentityNow enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential. \nIts search goes through all those sources and finds the results quickly and specifically. \n\nThe search query is flexible - it can be very broad or very narrow. \nThe search only returns results for searchable objects it is filtering for. \nThe following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities. \nBy default, no filter is applied, so a search for \"Ad\" returns both the identity \"Adam.Archer\" as well as the role \"Administrator.\"\n\nUsers can further narrow their results by using IdentityNow's specific syntax and punctuation to structure their queries. \nFor example, the query \"attributes.location:austin AND NOT manager.name:amanda.ross\" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross.\nRefer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries. \n\nRefer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about IdentityNow's search and its different possibilities. \n\nThe search feature uses Elasticsearch as a datastore and query engine. \nThe power of Elasticsearch makes this feature suitable for ad-hoc reporting.\nHowever, data from the operational databases (ex. identities, roles, events, etc) has to be ingested into Elasticsearch. \nThis ingestion process introduces a latency from when the operational data is created to when it is available in search. \nDepending on the system load, this can take a few seconds to a few minutes. \nPlease keep this latency in mind when you use search. \n" + }, + { + "name": "Segments" + }, + { + "name": "Service Desk Integration", + "description": "Use this API to build an integration between IdentityNow and a service desk ITSM (IT service management) solution. \nOnce an administrator builds this integration between IdentityNow and a service desk, users can use IdentityNow to raise and track tickets that are synchronized between IdentityNow and the service desk. \n\nIn IdentityNow, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.'\n\nTo create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page. \nRefer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in IdentityNow.\n\nAdministrators can create various service desk integrations, all with their own nuances. \nThe following service desk integrations are available: \n\n- [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html)\n\n- [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html)\n\n- [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html)\n\n- [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html)\n\n- [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html)\n\n- [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html)\n\n- [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html)\n" + }, + { + "name": "SOD Policy", + "description": "Operations for Creating & Executing SOD (Seperation of Duties) policies" + }, + { + "name": "SOD Violations", + "description": "Operations for Predicting SOD (Seperation of Duties) violations" + }, + { + "name": "Sources", + "description": "Use this API to implement and customize source functionality. \nWith source functionality in place, organizations can use IdentityNow to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way. \n\n[Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the IdentityNow representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example.\nOrganizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. \nConnecting these sources to IdentityNow makes it possible to manage user access across them all.\nThen, if a new hire starts at an organization, IdentityNow can grant the new hire access to all the sources they need.\nIf an employee moves to a new department and needs access to new sources but no longer needs access to others, IdentityNow can grant the necessary access and revoke the unnecessary access for all the employee's various sources. \nIf an employee leaves the company, IdentityNow can revoke access to all the employee's various source accounts immediately. \nThese are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure. \n\nIn IdentityNow, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so.\nThey can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups.\nAdmins go to Connections > Sources to see a list of the existing source representations in their organizations. \nThey can create new sources or select existing ones. \n\nTo create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type.\nRefer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process. \n\nIdentityNow connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in.\nDifferent sources use different connectors to share data with IdentityNow, and each connector's setup process is specific to that connector. \nSailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors.\nRefer to [IdentityNow Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors. \nRefer to the following links for more information about two useful connectors: \n\n- [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity).\n\n- [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services. \n\nRefer to [SaaS Connectivity](https://developer.sailpoint.com/idn/docs/saas-connectivity) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources. \n\nWhen admins select existing sources, they can view the following information about the source:\n\n- Associated connections (any associated identity profiles, apps, or references to the source in a transform).\n\n- Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources.\n\n- Associated entitlements (sets of access rights on sources).\n\n- Associated access profiles (groupings of entitlements). \n\nThe user account data and the entitlements update with each data aggregation from the source. \nOrganizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their IdentityNow tenants so an access change on a source is detected quickly in IdentityNow.\nAdmins can view a history of these aggregations, and they can also run manual imports. \nRefer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations. \n\nAdmins can also make changes to determine which user account data IdentityNow collects from the source and how it correlates that account data with identity data. \nTo define which account attributes the source shares with IdentityNow, admins can edit the account schema on the source.\nRefer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them. \nTo define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. \nRefer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities.\n\nAdmins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform.\nRefer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources. \n\nWell organized, mappped out connections between sources and IdentityNow are essential to achieving comprehensive identity access governance across all the source systems organizations need. \nRefer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected. \n" + }, + { + "name": "Tagged Objects" + }, + { + "name": "Transforms", + "description": "The purpose of this API is to expose functionality for the manipulation of Transform objects.\nTransforms are a form of configurable objects which define an easy way to manipulate attribute data without having\nto write code. These endpoints don't require API calls to other resources, audit service is used for keeping track\nof which users have made changes to the Transforms.\n\nRefer to [Transforms](https://developer.sailpoint.com/idn/docs/transforms) for more information about transforms.\n" + }, + { + "name": "Work Items", + "description": "Use this API to implement work item functionality. \nWith this functionality in place, users can manage their work items (tasks). \n\nWork items refer to the tasks users see in IdentityNow's Task Manager. \nThey can see the pending work items they need to complete, as well as the work items they have already completed. \nTask Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created. \nFor example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp. \nOnce the user completes the work item, the work item will be listed with his or her other completed work items. \n\nTo complete work items, users can use their dashboards and select the 'My Tasks' widget. \nThe widget will list any work items they need to complete, and they can select the work item from the list to review its details. \nWhen they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items. \n\nRefer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete.\n" + } + ], + "paths": { + "/access-profiles": { + "get": { + "operationId": "listAccessProfiles", + "tags": [ + "Access Profiles" + ], + "summary": "List Access Profiles", + "description": "This API returns a list of Access Profiles.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "for-subadmin", + "schema": { + "type": "string" + }, + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "example": "8c190e6787aa4ed9a90bd9d5344523fb", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 50, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 50, + "default": 50 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "example": "name eq \"SailPoint Support\"", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "example": "name,-modified", + "required": false + }, + { + "in": "query", + "name": "for-segment-ids", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "example": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "required": false + }, + { + "in": "query", + "name": "include-unsegmented", + "schema": { + "type": "boolean", + "default": true + }, + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "example": false, + "required": false + } + ], + "responses": { + "200": { + "description": "List of Access Profiles", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:read" + ] + } + ] + }, + "post": { + "operationId": "createAccessProfile", + "tags": [ + "Access Profiles" + ], + "summary": "Create an Access Profile", + "description": "This API creates an Access Profile.\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Access Profile created", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:manage" + ] + } + ] + } + }, + "/access-profiles/{id}": { + "get": { + "operationId": "getAccessProfile", + "tags": [ + "Access Profiles" + ], + "summary": "Get an Access Profile", + "description": "This API returns an Access Profile by its ID.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "ID of the Access Profile", + "example": "2c9180837ca6693d017ca8d097500149" + } + ], + "responses": { + "200": { + "description": "An AccessProfile", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:read" + ] + } + ] + }, + "patch": { + "operationId": "patchAccessProfile", + "tags": [ + "Access Profiles" + ], + "summary": "Patch a specified Access Profile", + "description": "This API updates an existing Access Profile. The following fields are patchable:\n**name**, **description**, **enabled**, **owner**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria**\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer.\n> The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.\n\n> You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.\n\n> Patching the value of the **requestable** field is only supported for customers enabled with the new Request Center. Otherwise, attempting to modify this field results in a 400 error.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Access Profile to patch", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121919ecca" + } + } + ], + "requestBody": { + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "Add Entitlements": { + "description": "Add one or more entitlements to the end of the list", + "value": [ + { + "op": "add", + "path": "/entitlements", + "value": [ + { + "id": "2c9180857725c14301772a93bb77242d", + "type": "ENTITLEMENT", + "name": "AD User Group" + } + ] + } + ] + }, + "Insert Entitlement": { + "description": "Add an entitlement at the beginning of the entitlement list", + "value": [ + { + "op": "add", + "path": "/entitlements/0", + "value": { + "id": "2c9180857725c14301772a93bb77242d", + "type": "ENTITLEMENT", + "name": "AD User Group" + } + } + ] + }, + "Replace Entitlements": { + "description": "Replace all entitlements with a new list of entitlements", + "value": [ + { + "op": "replace", + "path": "/entitlements", + "value": [ + { + "id": "2c9180857725c14301772a93bb77242d", + "type": "ENTITLEMENT", + "name": "AD User Group" + } + ] + } + ] + }, + "Remove Entitlement": { + "description": "Remove the first entitlement in the list", + "value": [ + { + "op": "remove", + "path": "/entitlements/0" + } + ] + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Responds with the Access Profile as updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "nullable": true, + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.", + "example": true + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Source with with which the Access Profile is associated", + "example": "2c91809773dee3610173fdb0b6061ef4" + }, + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "The type of the Source, will always be SOURCE", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The display name of the associated Source", + "example": "ODS-AD-SOURCE" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Entitlement", + "example": "2c91809773dee32014e13e122092014e" + }, + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "The type of the Entitlement, will always be ENTITLEMENT", + "example": "ENTITLEMENT" + }, + "name": { + "type": "string", + "description": "The display name of the Entitlement", + "example": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local" + } + } + } + }, + "requestable": { + "type": "boolean", + "description": "Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "List of IDs of segments, if any, to which this Access Profile is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "provisioningCriteria": { + "description": "When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.", + "nullable": true, + "example": { + "operation": "OR", + "children": [ + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "CONTAINS", + "value": "useast" + }, + { + "attribute": "manager", + "operation": "CONTAINS", + "value": "Scott.Clark" + } + ] + }, + { + "operation": "AND", + "children": [ + { + "attribute": "dn", + "operation": "EQUALS", + "value": "Gibson" + }, + { + "attribute": "telephoneNumber", + "operation": "CONTAINS", + "value": "512" + } + ] + } + ] + }, + "type": "object", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "nullable": true, + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines matching criteria for an Account to be provisioned with a specific Access Profile", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "HAS", + "AND", + "OR" + ], + "description": "Supported operations on ProvisioningCriteria", + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.", + "example": "email", + "nullable": true + }, + "value": { + "type": "string", + "description": "String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.", + "example": null + } + } + } + }, + "required": [ + "owner", + "name", + "source" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:manage" + ] + } + ] + } + }, + "/access-profiles/bulk-delete": { + "post": { + "operationId": "deleteAccessProfilesInBulk", + "summary": "Delete Access Profile(s)", + "tags": [ + "Access Profiles" + ], + "description": "This API initiates a bulk deletion of one or more Access Profiles.\n\nBy default, if any of the indicated Access Profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated Access Profiles will be deleted.\n\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to delete Access Profiles which are associated with Sources they are able to administer.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accessProfileIds": { + "description": "List of IDs of Access Profiles to be deleted.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "2c9180847812e0b1017817051919ecca", + "2c9180887812e0b201781e129f151816" + ] + }, + "bestEffortOnly": { + "description": "If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use.", + "type": "boolean", + "example": true + } + } + }, + "example": { + "bestEffortOnly": true, + "accessProfileIds": [ + "2c91808876438bb2017668b91919ecca", + "2c91808876438ba801766e129f151816" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "taskId": { + "type": "string", + "description": "ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.", + "example": "2c9180867817ac4d017817c491119a20" + }, + "pending": { + "type": "array", + "description": "List of IDs of Access Profiles which are pending deletion.", + "items": { + "type": "string" + }, + "example": [ + "2c91808876438bbb017668c21919ecca", + "2c91808876438bb201766e129f151816" + ] + }, + "inUse": { + "type": "array", + "description": "List of usages of Access Profiles targeted for deletion.", + "items": { + "type": "object", + "properties": { + "accessProfileId": { + "type": "string", + "description": "ID of the Access Profile that is in use", + "example": "2c91808876438bbb017668c21919ecca" + }, + "usedBy": { + "type": "array", + "description": "List of references to objects which are using the indicated Access Profile", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + } + } + } + }, + "example": { + "pending": [], + "inUse": [ + { + "accessProfileId": "2c91808876438ba801766e129f151816", + "usages": [ + { + "type": "Role", + "id": "2c9180887643764201766e9f6e121518" + } + ] + } + ] + } + } + } + }, + "202": { + "description": "Returned if at least one deletion will be performed.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "taskId": { + "type": "string", + "description": "ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.", + "example": "2c9180867817ac4d017817c491119a20" + }, + "pending": { + "type": "array", + "description": "List of IDs of Access Profiles which are pending deletion.", + "items": { + "type": "string" + }, + "example": [ + "2c91808876438bbb017668c21919ecca", + "2c91808876438bb201766e129f151816" + ] + }, + "inUse": { + "type": "array", + "description": "List of usages of Access Profiles targeted for deletion.", + "items": { + "type": "object", + "properties": { + "accessProfileId": { + "type": "string", + "description": "ID of the Access Profile that is in use", + "example": "2c91808876438bbb017668c21919ecca" + }, + "usedBy": { + "type": "array", + "description": "List of references to objects which are using the indicated Access Profile", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + } + } + } + }, + "example": { + "taskId": "2c91808a7813090a01781412a1119a20", + "pending": [ + "2c91808a7813090a017813fe1919ecca" + ], + "inUse": [ + { + "accessProfileId": "2c91808876438ba801766e129f151816", + "usages": [ + { + "type": "Role", + "id": "2c9180887643764201766e9f6e121518" + } + ] + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:manage" + ] + } + ] + } + }, + "/access-profiles/{id}/entitlements": { + "get": { + "operationId": "getAccessProfileEntitlements", + "tags": [ + "Access Profiles" + ], + "summary": "List Access Profile's Entitlements", + "description": "This API lists the Entitlements associated with a given Access Profile\n\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given Access Profile", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the containing Access Profile", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121919ecca" + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "example": "attribute eq \"memberOf\"", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "example": "name,-modified", + "required": false + } + ], + "responses": { + "200": { + "description": "List of Entitlements", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The entitlement id", + "example": "2c91808874ff91550175097daaec161c" + }, + "name": { + "type": "string", + "description": "The entitlement name", + "example": "LauncherTest2" + }, + "attribute": { + "type": "string", + "description": "The entitlement attribute name", + "example": "memberOf" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The object type of the entitlement from the source schema", + "example": "group" + }, + "description": { + "type": "string", + "description": "The description of the entitlement", + "example": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local" + }, + "privileged": { + "type": "boolean", + "description": "True if the entitlement is privileged", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": true + }, + "created": { + "type": "string", + "description": "Time when the entitlement was created", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "modified": { + "type": "string", + "description": "Time when the entitlement was last modified", + "format": "date-time", + "example": "2020-10-08T18:33:52.029Z" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The source ID", + "example": "2c9180827ca885d7017ca8ce28a000eb" + }, + "type": { + "type": "string", + "description": "The source type, will always be \"SOURCE\"", + "example": "SOURCE" + }, + "name": { + "type": "string", + "description": "The source name", + "example": "ODS-AD-Source" + } + } + }, + "attributes": { + "type": "object", + "description": "A map of free-form key-value pairs from the source system", + "example": { + "fieldName": "fieldValue" + }, + "additionalProperties": true + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Entitlement is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + }, + "directPermissions": { + "type": "array", + "items": { + "type": "object", + "description": "Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.", + "properties": { + "rights": { + "type": "array", + "description": "All the rights (e.g. actions) that this permission allows on the target", + "readOnly": true, + "items": { + "type": "string", + "example": "SELECT" + } + }, + "target": { + "type": "string", + "description": "The target the permission would grants rights on.", + "readOnly": true, + "example": "SYS.GV_$TRANSACTION" + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:access-profile:read" + ] + } + ] + } + }, + "/access-requests": { + "post": { + "operationId": "createAccessRequest", + "security": [ + { + "oauth2": [ + "idn:access-request:create" + ] + } + ], + "summary": "Submit an Access Request", + "tags": [ + "Access Requests" + ], + "description": "This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes.\n\nAccess requests are processed asynchronously by IdentityNow. A success response from this endpoint means the request\nhas been submitted to IDN and is queued for processing. Because this endpoint is asynchronous, it will not return an error\nif you submit duplicate access requests in quick succession, or you submit an access request for access that is already in progress, approved, or rejected.\nIt is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can\nbe accomplished by using the [access request status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [pending access request approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) endpoints. You can also\nuse the [search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items that an identity has before submitting\nan access request to ensure you are not requesting access that is already granted.\n\nThere are two types of access request:\n\n__GRANT_ACCESS__\n* Can be requested for multiple identities in a single request.\n* Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options. \n* Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.\n* Roles, Access Profiles and Entitlements can be requested.\n* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.\n \n__REVOKE_ACCESS__\n* Can only be requested for a single identity at a time.\n* Does not support self request. Only manager can request to revoke access for their directly managed employees.\n* If removeDate is specified, then the access will be removed on that date and time only for Roles and Access Profiles. Entitlements are currently unsupported for removeDate.\n* Roles, Access Profiles, and Entitlements can be requested for revocation.\n* Revoke requests for entitlements are limited to 1 entitlement per access request currently.\n* [Roles, Access Profiles] RemoveData can be specified only if access don't have a sunset date.\n* Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.\n\nNOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.\n\nA token with API authority cannot be used to call this endpoint. \n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "requestedFor": { + "description": "A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID.", + "type": "array", + "items": { + "type": "string", + "example": "2c918084660f45d6016617daa9210584" + } + }, + "requestType": { + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "description": "Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.", + "example": "GRANT_ACCESS" + }, + "requestedItems": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of the item being requested.", + "example": "ACCESS_PROFILE" + }, + "id": { + "type": "string", + "description": "ID of Role, Access Profile or Entitlement being requested.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "comment": { + "type": "string", + "description": "Comment provided by requester.\n* Comment is required when the request is of type Revoke Access.\n", + "example": "Requesting access profile for John Doe" + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string", + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + } + }, + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status." + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.\n* Specify a date in the future.\n* The current SLA for the deprovisioning is 24 hours.\n* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity.\n* Currently it is not supported for entitlements.\n* If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements.\n", + "format": "date-time", + "example": "2020-07-11T21:23:15.000Z" + } + }, + "required": [ + "id", + "type" + ] + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string", + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + } + }, + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities." + } + }, + "required": [ + "requestedFor", + "requestedItems" + ] + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-requests/cancel": { + "post": { + "operationId": "cancelAccessRequest", + "tags": [ + "Access Requests" + ], + "summary": "Cancel Access Request", + "description": "This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step.\nAny token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Request body payload for cancel access request endpoint.", + "required": [ + "accountActivityId", + "comment" + ], + "properties": { + "accountActivityId": { + "type": "string", + "description": "ID of the account activity object corresponding to the access request.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "comment": { + "type": "string", + "description": "Reason for cancelling the pending access request.", + "example": "I requested this role by mistake." + } + } + }, + "example": { + "accountActivityId": "2c91808568c529c60168cca6f90c1313", + "comment": "I requested this role by mistake." + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-config": { + "get": { + "operationId": "getAccessRequestConfig", + "summary": "Get Access Request Configuration", + "tags": [ + "Access Requests" + ], + "description": "This endpoint returns the current access-request configuration.", + "responses": { + "200": { + "description": "Access Request Configuration Details.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approvalsMustBeExternal": { + "type": "boolean", + "description": "If true, then approvals must be processed by external system.", + "example": true + }, + "autoApprovalEnabled": { + "type": "boolean", + "description": "If true and requester and reviewer are the same, then automatically approve the approval.", + "example": true + }, + "requestOnBehalfOfConfig": { + "description": "Request On Behalf Of Configuration.", + "type": "object", + "properties": { + "allowRequestOnBehalfOfAnyoneByAnyone": { + "type": "boolean", + "description": "If anyone can request access for anyone.", + "example": true + }, + "allowRequestOnBehalfOfEmployeeByManager": { + "type": "boolean", + "description": "If a manager can request access for his/her direct reports.", + "example": true + } + } + }, + "approvalReminderAndEscalationConfig": { + "description": "Approval Reminder and Escalation Configuration.", + "type": "object", + "properties": { + "daysUntilEscalation": { + "type": "integer", + "description": "Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.", + "format": "int32", + "example": 0 + }, + "daysBetweenReminders": { + "type": "integer", + "description": "Number of days to wait between reminder notifications.", + "format": "int32", + "example": 0 + }, + "maxReminders": { + "type": "integer", + "description": "Maximum number of reminder notification to send to the reviewer before approval escalation.", + "format": "int32", + "example": 0 + }, + "fallbackApproverRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + } + } + }, + "entitlementRequestConfig": { + "description": "Entitlement Request Configuration.", + "type": "object", + "properties": { + "allowEntitlementRequest": { + "type": "boolean", + "description": "Flag for allowing entitlement request.", + "example": true + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while submitting an entitlement request.", + "default": false, + "example": false + }, + "deniedCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while rejecting an entitlement request.", + "default": false, + "example": false + }, + "grantRequestApprovalSchemes": { + "type": "string", + "description": "Approval schemes for granting entitlement request. This can be empty if no approval is needed.\nMultiple schemes must be comma-separated. The valid schemes are \"entitlementOwner\", \"sourceOwner\", \"manager\" and \"workgroup:{id}\".\nMultiple workgroups (governance groups) can be used.\n", + "default": "sourceOwner", + "example": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updateAccessRequestConfig", + "summary": "Update Access Request Configuration", + "tags": [ + "Access Requests" + ], + "description": "This endpoint replaces the current access-request configuration.\nA token with ORG_ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approvalsMustBeExternal": { + "type": "boolean", + "description": "If true, then approvals must be processed by external system.", + "example": true + }, + "autoApprovalEnabled": { + "type": "boolean", + "description": "If true and requester and reviewer are the same, then automatically approve the approval.", + "example": true + }, + "requestOnBehalfOfConfig": { + "description": "Request On Behalf Of Configuration.", + "type": "object", + "properties": { + "allowRequestOnBehalfOfAnyoneByAnyone": { + "type": "boolean", + "description": "If anyone can request access for anyone.", + "example": true + }, + "allowRequestOnBehalfOfEmployeeByManager": { + "type": "boolean", + "description": "If a manager can request access for his/her direct reports.", + "example": true + } + } + }, + "approvalReminderAndEscalationConfig": { + "description": "Approval Reminder and Escalation Configuration.", + "type": "object", + "properties": { + "daysUntilEscalation": { + "type": "integer", + "description": "Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.", + "format": "int32", + "example": 0 + }, + "daysBetweenReminders": { + "type": "integer", + "description": "Number of days to wait between reminder notifications.", + "format": "int32", + "example": 0 + }, + "maxReminders": { + "type": "integer", + "description": "Maximum number of reminder notification to send to the reviewer before approval escalation.", + "format": "int32", + "example": 0 + }, + "fallbackApproverRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + } + } + }, + "entitlementRequestConfig": { + "description": "Entitlement Request Configuration.", + "type": "object", + "properties": { + "allowEntitlementRequest": { + "type": "boolean", + "description": "Flag for allowing entitlement request.", + "example": true + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while submitting an entitlement request.", + "default": false, + "example": false + }, + "deniedCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while rejecting an entitlement request.", + "default": false, + "example": false + }, + "grantRequestApprovalSchemes": { + "type": "string", + "description": "Approval schemes for granting entitlement request. This can be empty if no approval is needed.\nMultiple schemes must be comma-separated. The valid schemes are \"entitlementOwner\", \"sourceOwner\", \"manager\" and \"workgroup:{id}\".\nMultiple workgroups (governance groups) can be used.\n", + "default": "sourceOwner", + "example": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584" + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Access Request Configuration Details.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approvalsMustBeExternal": { + "type": "boolean", + "description": "If true, then approvals must be processed by external system.", + "example": true + }, + "autoApprovalEnabled": { + "type": "boolean", + "description": "If true and requester and reviewer are the same, then automatically approve the approval.", + "example": true + }, + "requestOnBehalfOfConfig": { + "description": "Request On Behalf Of Configuration.", + "type": "object", + "properties": { + "allowRequestOnBehalfOfAnyoneByAnyone": { + "type": "boolean", + "description": "If anyone can request access for anyone.", + "example": true + }, + "allowRequestOnBehalfOfEmployeeByManager": { + "type": "boolean", + "description": "If a manager can request access for his/her direct reports.", + "example": true + } + } + }, + "approvalReminderAndEscalationConfig": { + "description": "Approval Reminder and Escalation Configuration.", + "type": "object", + "properties": { + "daysUntilEscalation": { + "type": "integer", + "description": "Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.", + "format": "int32", + "example": 0 + }, + "daysBetweenReminders": { + "type": "integer", + "description": "Number of days to wait between reminder notifications.", + "format": "int32", + "example": 0 + }, + "maxReminders": { + "type": "integer", + "description": "Maximum number of reminder notification to send to the reviewer before approval escalation.", + "format": "int32", + "example": 0 + }, + "fallbackApproverRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + } + } + }, + "entitlementRequestConfig": { + "description": "Entitlement Request Configuration.", + "type": "object", + "properties": { + "allowEntitlementRequest": { + "type": "boolean", + "description": "Flag for allowing entitlement request.", + "example": true + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while submitting an entitlement request.", + "default": false, + "example": false + }, + "deniedCommentsRequired": { + "type": "boolean", + "description": "Flag for requiring comments while rejecting an entitlement request.", + "default": false, + "example": false + }, + "grantRequestApprovalSchemes": { + "type": "string", + "description": "Approval schemes for granting entitlement request. This can be empty if no approval is needed.\nMultiple schemes must be comma-separated. The valid schemes are \"entitlementOwner\", \"sourceOwner\", \"manager\" and \"workgroup:{id}\".\nMultiple workgroups (governance groups) can be used.\n", + "default": "sourceOwner", + "example": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-status": { + "get": { + "operationId": "listAccessRequestStatus", + "tags": [ + "Access Requests" + ], + "summary": "Access Request Status", + "description": "The Access Request Status API returns a list of access request statuses based on the specified query parameters.\nAny token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users.", + "parameters": [ + { + "in": "query", + "name": "requested-for", + "schema": { + "type": "string" + }, + "example": "2c9180877b2b6ea4017b2c545f971429", + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "required": false + }, + { + "in": "query", + "name": "requested-by", + "schema": { + "type": "string" + }, + "example": "2c9180877b2b6ea4017b2c545f971429", + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "required": false + }, + { + "in": "query", + "name": "regarding-identity", + "schema": { + "type": "string" + }, + "example": "2c9180877b2b6ea4017b2c545f971429", + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "required": false + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "required": false, + "schema": { + "type": "boolean", + "default": false + }, + "example": false + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.", + "required": false, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + }, + "example": 100 + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "required": false, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0 + }, + "example": 10 + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "example": "created", + "required": false + } + ], + "responses": { + "200": { + "description": "List of requested item status.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Human-readable display name of the item being requested.", + "example": "AccessProfile1" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Type of requested object.", + "example": "ACCESS_PROFILE" + }, + "cancelledRequestDetails": { + "nullable": true, + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Comment made by the owner when cancelling the associated request.", + "example": "Nisl quis ipsum quam quisque condimentum nunc ut dolor nunc." + }, + "owner": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Date comment was added by the owner when cancelling the associated request", + "example": "2019-12-20T09:17:12.192Z" + } + }, + "description": "Provides additional details for a request that has been cancelled." + }, + "errorMessages": { + "type": "array", + "nullable": true, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "description": "List of list of localized error messages, if any, encountered during the approval/provisioning process." + }, + "state": { + "type": "string", + "enum": [ + "EXECUTING", + "REQUEST_COMPLETED", + "CANCELLED", + "TERMINATED", + "PROVISIONING_VERIFICATION_PENDING", + "REJECTED", + "PROVISIONING_FAILED", + "NOT_ALL_ITEMS_PROVISIONED", + "ERROR" + ], + "description": "Indicates the state of an access request:\n* EXECUTING: The request is executing, which indicates the system is doing some processing.\n* REQUEST_COMPLETED: Indicates the request has been completed.\n* CANCELLED: The request was cancelled with no user input.\n* TERMINATED: The request has been terminated before it was able to complete.\n* PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.\n* REJECTED: The request was rejected.\n* PROVISIONING_FAILED: The request has failed to complete.\n* NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.\n* ERROR: An error occurred during request processing.", + "example": "EXECUTING" + }, + "approvalDetails": { + "type": "array", + "items": { + "type": "object", + "properties": { + "forwarded": { + "type": "boolean", + "description": "True if the request for this item was forwarded from one owner to another.", + "example": false + }, + "originalOwner": { + "description": "Base identity/workgroup reference object representing the original owner, if forwarded.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "currentOwner": { + "description": "Base reference of approver that will make decision.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "reviewedBy": { + "description": "The identity who has reviewed the approval.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which item was modified.", + "example": "2019-08-23T18:52:57.398Z" + }, + "status": { + "type": "string", + "enum": [ + "PENDING", + "APPROVED", + "REJECTED", + "EXPIRED", + "CANCELLED", + "ARCHIVED" + ], + "description": "Indicates the state of the request processing for this item:\n* PENDING: The request for this item is awaiting processing.\n* APPROVED: The request for this item has been approved.\n* REJECTED: The request for this item was rejected.\n* EXPIRED: The request for this item expired with no action taken.\n* CANCELLED: The request for this item was cancelled with no user action.\n* ARCHIVED: The request for this item has been archived after completion.", + "example": "PENDING" + }, + "scheme": { + "type": "string", + "enum": [ + "APP_OWNER", + "SOURCE_OWNER", + "MANAGER", + "ROLE_OWNER", + "ACCESS_PROFILE_OWNER", + "ENTITLEMENT_OWNER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step.", + "example": "MANAGER" + }, + "errorMessages": { + "type": "array", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + }, + "description": "If the request failed, includes any error messages that were generated." + }, + "comment": { + "type": "string", + "description": "Comment, if any, provided by the approver.", + "example": "I approve this request" + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + } + } + }, + "description": "Approval details for each item." + }, + "manualWorkItemDetails": { + "type": "array", + "nullable": true, + "items": { + "type": "object", + "properties": { + "forwarded": { + "type": "boolean", + "description": "True if the request for this item was forwarded from one owner to another.", + "example": true + }, + "originalOwner": { + "description": "Base identity/workgroup reference object representing the original owner, if forwarded.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "currentOwner": { + "description": "Base reference of approver that will make decision.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which item was modified.", + "example": "2019-08-23T18:52:57.398Z" + }, + "status": { + "type": "string", + "enum": [ + "PENDING", + "APPROVED", + "REJECTED", + "EXPIRED", + "CANCELLED", + "ARCHIVED" + ], + "description": "Indicates the state of the request processing for this item:\n* PENDING: The request for this item is awaiting processing.\n* APPROVED: The request for this item has been approved.\n* REJECTED: The request for this item was rejected.\n* EXPIRED: The request for this item expired with no action taken.\n* CANCELLED: The request for this item was cancelled with no user action.\n* ARCHIVED: The request for this item has been archived after completion.", + "example": "PENDING" + }, + "forwardHistory": { + "type": "array", + "items": { + "type": "object", + "properties": { + "oldApproverName": { + "type": "string", + "description": "Display name of approver from whom the approval was forwarded.", + "example": "Frank Mir" + }, + "newApproverName": { + "type": "string", + "description": "Display name of approver to whom the approval was forwarded.", + "example": "Al Volta" + }, + "comment": { + "type": "string", + "nullable": true, + "description": "Comment made while forwarding.", + "example": "Forwarding from Frank to Al" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which approval was forwarded.", + "example": "2019-08-23T18:52:57.398Z" + }, + "forwarderName": { + "type": "string", + "nullable": true, + "description": "Display name of forwarder who forwarded the approval.", + "example": "William Wilson" + }, + "reassignmentType": { + "description": "Type of approval reassignment.", + "example": "AUTOMATIC_REASSIGNMENT", + "type": "string", + "enum": [ + "MANUAL_REASSIGNMENT", + "AUTOMATIC_REASSIGNMENT", + "AUTO_ESCALATION", + "SELF_REVIEW_DELEGATION" + ] + } + } + }, + "description": "The history of approval forward action." + } + } + }, + "description": "Manual work items created for provisioning the item." + }, + "accountActivityItemId": { + "type": "string", + "description": "Id of associated account activity item.", + "example": "2c9180926cbfbddd016cbfc7c3b10010" + }, + "requestType": { + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "description": "Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.", + "example": "GRANT_ACCESS" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "requester": { + "description": "The identity that requested the item.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedFor": { + "description": "The identity for whom the Access Request Status is requested for.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requesterComment": { + "nullable": true, + "description": "The requester's comment.", + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "sodViolationContext": { + "nullable": true, + "description": "The details of the SOD violations for the associated approval.", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "SUCCESS", + "ERROR" + ], + "description": "The status of SOD violation check", + "example": "SUCCESS" + }, + "uuid": { + "description": "The id of the Violation check event", + "type": "string", + "example": "f73d16e9-a038-46c5-b217-1246e15fdbdd" + }, + "violationCheckResult": { + "description": "The inner object representing the completed SOD Violation check", + "type": "object", + "properties": { + "message": { + "description": "If the request failed, includes any error message that was generated.", + "example": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An error has occurred during the SOD violation check" + } + ], + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.", + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + } + }, + "violationContexts": { + "type": "array", + "items": { + "description": "The contextual information of the violated criteria", + "type": "object", + "properties": { + "policy": { + "description": "Reference to the Policy that is being violated.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "conflictingAccessCriteria": { + "type": "object", + "description": "The object which contains the left and right hand side of the entitlements that got violated according to the policy.", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + } + } + } + } + } + }, + "violatedPolicies": { + "type": "array", + "description": "A list of the Policies that were violated", + "items": { + "description": "Reference to the policy that was violated", + "example": [ + { + "type": "SOD_POLICY", + "id": "69129440-422d-4a23-aadd-35c828d5bfda", + "name": "HR Policy" + } + ], + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + } + } + }, + "provisioningDetails": { + "nullable": true, + "type": "object", + "properties": { + "orderedSubPhaseReferences": { + "type": "string", + "description": "Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain \"manualWorkItemDetails\" which indicate that there is further information in that object for this phase.", + "example": "manualWorkItemDetails" + } + }, + "description": "Provides additional details about provisioning for this request." + }, + "preApprovalTriggerDetails": { + "nullable": true, + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Comment left for the pre-approval decision", + "example": "Access is Approved" + }, + "reviewer": { + "type": "string", + "description": "The reviewer of the pre-approval decision", + "example": "John Doe" + }, + "decision": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED" + ], + "description": "The decision of the pre-approval trigger", + "example": "APPROVED" + } + }, + "description": "Provides additional details about the pre-approval trigger for this request." + }, + "accessRequestPhases": { + "type": "array", + "items": { + "type": "object", + "properties": { + "started": { + "type": "string", + "description": "The time that this phase started.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + }, + "finished": { + "type": "string", + "description": "The time that this phase finished.", + "format": "date-time", + "example": "2020-07-12T00:00:00Z" + }, + "name": { + "type": "string", + "description": "The name of this phase.", + "example": "APPROVAL_PHASE" + }, + "state": { + "type": "string", + "enum": [ + "PENDING", + "EXECUTING", + "COMPLETED", + "CANCELLED" + ], + "description": "The state of this phase.", + "example": "COMPLETED" + }, + "result": { + "type": "string", + "enum": [ + "SUCCESSFUL", + "FAILED" + ], + "description": "The state of this phase.", + "example": "SUCCESSFUL" + }, + "phaseReference": { + "type": "string", + "description": "A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.", + "example": "approvalDetails" + } + }, + "description": "Provides additional details about this access request phase." + }, + "description": "A list of Phases that the Access Request has gone through in order, to help determine the status of the request." + }, + "description": { + "type": "string", + "description": "Description associated to the requested object.", + "example": "This is the Engineering role that engineers are granted." + }, + "removeDate": { + "type": "string", + "format": "date-time", + "nullable": true, + "description": "When the role access is scheduled for removal.", + "example": "2019-10-23T00:00:00.000Z" + }, + "cancelable": { + "type": "boolean", + "description": "True if the request can be canceled.", + "example": true + }, + "accessRequestId": { + "type": "string", + "format": "string", + "description": "This is the account activity id.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request", + "example": { + "key1": "value1", + "key2": "value2" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/pending": { + "get": { + "operationId": "listPendingApprovals", + "summary": "Pending Access Request Approvals List", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint returns a list of pending approvals. See \"owner-id\" query parameter below for authorization info.", + "parameters": [ + { + "in": "query", + "name": "owner-id", + "schema": { + "type": "string" + }, + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "example": "2c91808568c529c60168cca6f90c1313", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "example": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "example": "modified" + } + ], + "responses": { + "200": { + "description": "List of Pending Approvals.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The approval id.", + "example": "id12345" + }, + "name": { + "type": "string", + "description": "The name of the approval.", + "example": "aName" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the approval was created.", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the approval was modified last time.", + "example": "2018-07-25T20:22:28.104Z" + }, + "requestCreated": { + "type": "string", + "format": "date-time", + "description": "When the access-request was created.", + "example": "2017-07-11T18:45:35.098Z" + }, + "requestType": { + "description": "If the access-request was for granting or revoking access.", + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "example": "GRANT_ACCESS" + }, + "requester": { + "description": "The identity that requested the item.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedFor": { + "description": "The identity for whom the item is requested for.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "owner": { + "description": "The owner or approver of the approval.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedObject": { + "description": "The requested access item.", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the object.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the object.", + "example": "Applied Research Access" + }, + "description": { + "type": "string", + "description": "Description of the object.", + "example": "Access to research information, lab results, and schematics" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Type of the object.", + "example": "ROLE" + } + } + }, + "requesterComment": { + "description": "The requester's comment.", + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "previousReviewersComments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "description": "The history of the previous reviewers comments." + }, + "forwardHistory": { + "type": "array", + "items": { + "type": "object", + "properties": { + "oldApproverName": { + "type": "string", + "description": "Display name of approver from whom the approval was forwarded.", + "example": "Frank Mir" + }, + "newApproverName": { + "type": "string", + "description": "Display name of approver to whom the approval was forwarded.", + "example": "Al Volta" + }, + "comment": { + "type": "string", + "nullable": true, + "description": "Comment made while forwarding.", + "example": "Forwarding from Frank to Al" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which approval was forwarded.", + "example": "2019-08-23T18:52:57.398Z" + }, + "forwarderName": { + "type": "string", + "nullable": true, + "description": "Display name of forwarder who forwarded the approval.", + "example": "William Wilson" + }, + "reassignmentType": { + "description": "Type of approval reassignment.", + "example": "AUTOMATIC_REASSIGNMENT", + "type": "string", + "enum": [ + "MANUAL_REASSIGNMENT", + "AUTOMATIC_REASSIGNMENT", + "AUTO_ESCALATION", + "SELF_REVIEW_DELEGATION" + ] + } + } + }, + "description": "The history of approval forward action." + }, + "commentRequiredWhenRejected": { + "type": "boolean", + "description": "When true the rejector has to provide comments when rejecting", + "example": true + }, + "actionInProcess": { + "description": "Action that is performed on this approval, and system has not finished performing that action yet.", + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "FORWARDED" + ], + "example": "APPROVED" + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + }, + "removeDateUpdateRequested": { + "type": "boolean", + "description": "If true, then the request is to change the remove date or sunset date.", + "example": true + }, + "currentRemoveDate": { + "type": "string", + "description": "The remove date or sunset date that was assigned at the time of the request.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + }, + "sodViolationContext": { + "description": "The details of the SOD violations for the associated approval.", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "SUCCESS", + "ERROR" + ], + "description": "The status of SOD violation check", + "example": "SUCCESS" + }, + "uuid": { + "description": "The id of the Violation check event", + "type": "string", + "example": "f73d16e9-a038-46c5-b217-1246e15fdbdd" + }, + "violationCheckResult": { + "description": "The inner object representing the completed SOD Violation check", + "type": "object", + "properties": { + "message": { + "description": "If the request failed, includes any error message that was generated.", + "example": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An error has occurred during the SOD violation check" + } + ], + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.", + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + } + }, + "violationContexts": { + "type": "array", + "items": { + "description": "The contextual information of the violated criteria", + "type": "object", + "properties": { + "policy": { + "description": "Reference to the Policy that is being violated.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "conflictingAccessCriteria": { + "type": "object", + "description": "The object which contains the left and right hand side of the entitlements that got violated according to the policy.", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + } + } + } + } + } + }, + "violatedPolicies": { + "type": "array", + "description": "A list of the Policies that were violated", + "items": { + "description": "Reference to the policy that was violated", + "example": [ + { + "type": "SOD_POLICY", + "id": "69129440-422d-4a23-aadd-35c828d5bfda", + "name": "HR Policy" + } + ], + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/completed": { + "get": { + "operationId": "listCompletedApprovals", + "summary": "Completed Access Request Approvals List", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info.", + "parameters": [ + { + "in": "query", + "name": "owner-id", + "required": false, + "schema": { + "type": "string" + }, + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "example": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "example": "modified" + } + ], + "responses": { + "200": { + "description": "List of Completed Approvals.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The approval id.", + "example": "id12345" + }, + "name": { + "type": "string", + "description": "The name of the approval.", + "example": "aName" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the approval was created.", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the approval was modified last time.", + "example": "2018-07-25T20:22:28.104Z" + }, + "requestCreated": { + "type": "string", + "format": "date-time", + "description": "When the access-request was created.", + "example": "2017-07-11T18:45:35.098Z" + }, + "requestType": { + "description": "If the access-request was for granting or revoking access.", + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "example": "GRANT_ACCESS" + }, + "requester": { + "description": "The identity that requested the item.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedFor": { + "description": "The identity for whom the item is requested for.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "reviewedBy": { + "description": "The identity who has reviewed the approval.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "owner": { + "description": "The owner or approver of the approval.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "requestedObject": { + "description": "The requested access item.", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the object.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the object.", + "example": "Applied Research Access" + }, + "description": { + "type": "string", + "description": "Description of the object.", + "example": "Access to research information, lab results, and schematics" + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Type of the object.", + "example": "ROLE" + } + } + }, + "requesterComment": { + "description": "The requester's comment.", + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "reviewerComment": { + "allOf": [ + { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + ], + "description": "The approval's reviewer's comment.", + "nullable": true + }, + "previousReviewersComments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "description": "The history of the previous reviewers comments." + }, + "forwardHistory": { + "type": "array", + "items": { + "type": "object", + "properties": { + "oldApproverName": { + "type": "string", + "description": "Display name of approver from whom the approval was forwarded.", + "example": "Frank Mir" + }, + "newApproverName": { + "type": "string", + "description": "Display name of approver to whom the approval was forwarded.", + "example": "Al Volta" + }, + "comment": { + "type": "string", + "nullable": true, + "description": "Comment made while forwarding.", + "example": "Forwarding from Frank to Al" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "Time at which approval was forwarded.", + "example": "2019-08-23T18:52:57.398Z" + }, + "forwarderName": { + "type": "string", + "nullable": true, + "description": "Display name of forwarder who forwarded the approval.", + "example": "William Wilson" + }, + "reassignmentType": { + "description": "Type of approval reassignment.", + "example": "AUTOMATIC_REASSIGNMENT", + "type": "string", + "enum": [ + "MANUAL_REASSIGNMENT", + "AUTOMATIC_REASSIGNMENT", + "AUTO_ESCALATION", + "SELF_REVIEW_DELEGATION" + ] + } + } + }, + "description": "The history of approval forward action." + }, + "commentRequiredWhenRejected": { + "type": "boolean", + "description": "When true the rejector has to provide comments when rejecting", + "example": true + }, + "state": { + "description": "The final state of the approval", + "type": "string", + "enum": [ + "APPROVED", + "REJECTED" + ], + "example": "APPROVED" + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z", + "nullable": true + }, + "removeDateUpdateRequested": { + "type": "boolean", + "description": "If true, then the request was to change the remove date or sunset date.", + "example": true + }, + "currentRemoveDate": { + "type": "string", + "description": "The remove date or sunset date that was assigned at the time of the request.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z", + "nullable": true + }, + "sodViolationContext": { + "description": "The details of the SOD violations for the associated approval.", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "SUCCESS", + "ERROR" + ], + "description": "The status of SOD violation check", + "example": "SUCCESS" + }, + "uuid": { + "description": "The id of the Violation check event", + "type": "string", + "example": "f73d16e9-a038-46c5-b217-1246e15fdbdd" + }, + "violationCheckResult": { + "description": "The inner object representing the completed SOD Violation check", + "type": "object", + "properties": { + "message": { + "description": "If the request failed, includes any error message that was generated.", + "example": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An error has occurred during the SOD violation check" + } + ], + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.", + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + } + }, + "violationContexts": { + "type": "array", + "items": { + "description": "The contextual information of the violated criteria", + "type": "object", + "properties": { + "policy": { + "description": "Reference to the Policy that is being violated.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "conflictingAccessCriteria": { + "type": "object", + "description": "The object which contains the left and right hand side of the entitlements that got violated according to the policy.", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "items": { + "description": "Details of the Entitlement criteria", + "type": "object", + "properties": { + "existing": { + "type": "boolean", + "example": true, + "description": "If the entitlement already belonged to the user or not." + }, + "type": { + "example": "ENTITLEMENT", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Entitlement ID", + "example": "2c918085771e9d3301773b3cb66f6398" + }, + "name": { + "type": "string", + "description": "Entitlement name", + "example": "My HR Entitlement" + } + } + } + } + } + } + } + } + } + } + }, + "violatedPolicies": { + "type": "array", + "description": "A list of the Policies that were violated", + "items": { + "description": "Reference to the policy that was violated", + "example": [ + { + "type": "SOD_POLICY", + "id": "69129440-422d-4a23-aadd-35c828d5bfda", + "name": "HR Policy" + } + ], + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/{approvalId}/approve": { + "post": { + "operationId": "approveAccessRequest", + "summary": "Approves an access request approval.", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.", + "parameters": [ + { + "in": "path", + "name": "approvalId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The id of the approval.", + "example": "2c91808b7294bea301729568c68c002e" + } + ], + "requestBody": { + "description": "Reviewer's comment.", + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/{approvalId}/reject": { + "post": { + "operationId": "rejectAccessRequest", + "summary": "Rejects an access request approval.", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint rejects an access request approval. Only the owner of the approval and admin users are allowed to perform this action.", + "parameters": [ + { + "in": "path", + "name": "approvalId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The id of the approval.", + "example": "2c91808b7294bea301729568c68c002e" + } + ], + "requestBody": { + "description": "Reviewer's comment.", + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat" + }, + "author": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the author", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was created", + "example": "2017-07-11T18:45:37.098Z" + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/{approvalId}/forward": { + "post": { + "operationId": "forwardAccessRequest", + "summary": "Forwards an access request approval.", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint forwards an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.", + "parameters": [ + { + "in": "path", + "name": "approvalId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The id of the approval.", + "example": "2c91808b7294bea301729568c68c002e" + } + ], + "requestBody": { + "description": "Information about the forwarded approval.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "newOwnerId", + "comment" + ], + "properties": { + "newOwnerId": { + "type": "string", + "description": "The Id of the new owner", + "example": "2c91808568c529c60168cca6f90c1314", + "minLength": 1, + "maxLength": 255 + }, + "comment": { + "type": "string", + "description": "The comment provided by the forwarder", + "example": "2c91808568c529c60168cca6f90c1313", + "minLength": 1, + "maxLength": 255 + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/access-request-approvals/approval-summary": { + "get": { + "operationId": "getAccessRequestApprovalSummary", + "summary": "Get the number of access-requests-approvals", + "tags": [ + "Access Request Approvals" + ], + "description": "This endpoint returns the number of pending, approved and rejected access requests approvals. See \"owner-id\" query parameter below for authorization info.", + "parameters": [ + { + "in": "query", + "name": "owner-id", + "schema": { + "type": "string" + }, + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "example": "2c91808568c529c60168cca6f90c1313", + "required": false + }, + { + "in": "query", + "name": "from-date", + "schema": { + "type": "string" + }, + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format", + "example": "from-date=2020-03-19T19:59:11Z", + "required": false + } + ], + "responses": { + "200": { + "description": "Number of pending, approved, rejected access request approvals.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "pending": { + "type": "integer", + "description": "The number of pending access requests approvals.", + "format": "int32", + "example": 0 + }, + "approved": { + "type": "integer", + "description": "The number of approved access requests approvals.", + "format": "int32", + "example": 0 + }, + "rejected": { + "type": "integer", + "description": "The number of rejected access requests approvals.", + "format": "int32", + "example": 0 + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the query parameter is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts": { + "get": { + "operationId": "listAccounts", + "tags": [ + "Accounts" + ], + "summary": "Accounts List", + "description": "This returns a list of accounts. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:read" + ] + } + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "identityId eq \"2c9180858082150f0180893dbaf44201\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*", + "required": false + } + ], + "responses": { + "200": { + "description": "List of account objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "sourceId", + "sourceName", + "attributes", + "authoritative", + "disabled", + "locked", + "nativeIdentity", + "systemAccount", + "uncorrelated", + "manuallyCorrelated", + "hasEntitlements" + ], + "properties": { + "sourceId": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The unique ID of the source this account belongs to" + }, + "sourceName": { + "type": "string", + "example": "Employees", + "description": "The display name of the source this account belongs to" + }, + "identityId": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The unique ID of the identity this account is correlated to" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The account attributes that are aggregated", + "example": { + "firstName": "SailPoint", + "lastName": "Support", + "displayName": "SailPoint Support" + } + }, + "authoritative": { + "type": "boolean", + "description": "Indicates if this account is from an authoritative source", + "example": false + }, + "description": { + "type": "string", + "description": "A description of the account", + "nullable": true, + "example": null + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is currently disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is currently locked", + "example": false + }, + "nativeIdentity": { + "type": "string", + "description": "The unique ID of the account generated by the source system", + "example": "552775" + }, + "systemAccount": { + "type": "boolean", + "example": false, + "description": "If true, this is a user account within IdentityNow. If false, this is an account from a source system." + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if this account is not correlated to an identity", + "example": false + }, + "uuid": { + "type": "string", + "description": "The unique ID of the account as determined by the account schema", + "example": "slpt.support", + "nullable": true + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "hasEntitlements": { + "type": "boolean", + "description": "Indicates if the account has entitlements", + "example": true + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createAccount", + "tags": [ + "Accounts" + ], + "summary": "Create Account", + "description": "This API submits an account creation task and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:manage" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "attributes" + ], + "properties": { + "attributes": { + "description": "The schema attribute values for the account", + "type": "object", + "required": [ + "sourceId" + ], + "properties": { + "sourceId": { + "type": "string", + "description": "Target source to create an account", + "example": "34bfcbe116c9407464af37acbaf7a4dc" + } + }, + "additionalProperties": { + "type": "string" + }, + "example": { + "sourceId": "34bfcbe116c9407464af37acbaf7a4dc", + "city": "Austin", + "displayName": "John Doe", + "userName": "jdoe", + "sAMAccountName": "jDoe", + "mail": "john.doe@sailpoint.com" + } + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}": { + "get": { + "operationId": "getAccount", + "tags": [ + "Accounts" + ], + "summary": "Account Details", + "description": "This API returns the details for a single account based on the ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:read" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An account object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "sourceId", + "sourceName", + "attributes", + "authoritative", + "disabled", + "locked", + "nativeIdentity", + "systemAccount", + "uncorrelated", + "manuallyCorrelated", + "hasEntitlements" + ], + "properties": { + "sourceId": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The unique ID of the source this account belongs to" + }, + "sourceName": { + "type": "string", + "example": "Employees", + "description": "The display name of the source this account belongs to" + }, + "identityId": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The unique ID of the identity this account is correlated to" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The account attributes that are aggregated", + "example": { + "firstName": "SailPoint", + "lastName": "Support", + "displayName": "SailPoint Support" + } + }, + "authoritative": { + "type": "boolean", + "description": "Indicates if this account is from an authoritative source", + "example": false + }, + "description": { + "type": "string", + "description": "A description of the account", + "nullable": true, + "example": null + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is currently disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is currently locked", + "example": false + }, + "nativeIdentity": { + "type": "string", + "description": "The unique ID of the account generated by the source system", + "example": "552775" + }, + "systemAccount": { + "type": "boolean", + "example": false, + "description": "If true, this is a user account within IdentityNow. If false, this is an account from a source system." + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if this account is not correlated to an identity", + "example": false + }, + "uuid": { + "type": "string", + "description": "The unique ID of the account as determined by the account schema", + "example": "slpt.support", + "nullable": true + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "hasEntitlements": { + "type": "boolean", + "description": "Indicates if the account has entitlements", + "example": true + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateAccount", + "tags": [ + "Accounts" + ], + "summary": "Update Account", + "description": "Use this API to modify the following fields:\n* `identityId`\n\n* `manuallyCorrelated`\n\n>**NOTE: All other fields can not be modified.**\n\nThe request must provide a JSONPatch payload.\n\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/identityId", + "value": "2c9180845d1edece015d27a975983e21" + } + ] + } + } + }, + "responses": { + "202": { + "description": "Accepted. Update request accepted and is in progress.", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putAccount", + "tags": [ + "Accounts" + ], + "summary": "Update Account", + "description": "This API submits an account update task and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.\n>**NOTE: The PUT Account API is designated only for Delimited File sources.**", + "security": [ + { + "oauth2": [ + "idn:accounts:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "attributes" + ], + "properties": { + "attributes": { + "description": "The schema attribute values for the account", + "type": "object", + "additionalProperties": true, + "example": { + "city": "Austin", + "displayName": "John Doe", + "userName": "jdoe", + "sAMAccountName": "jDoe", + "mail": "john.doe@sailpoint.com" + } + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteAccount", + "tags": [ + "Accounts" + ], + "summary": "Delete Account", + "description": "This API submits an account delete task and returns the task ID. This operation can only be used on Flat File Sources. Any attempt to execute this request on the source of other type will result in an error response with a status code of 400.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/entitlements": { + "get": { + "operationId": "getAccountEntitlements", + "tags": [ + "Accounts" + ], + "summary": "Account Entitlements", + "description": "This API returns entitlements of the account. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts:read" + ] + } + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An array of account entitlements", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Entitlement object that represents entitlement", + "properties": { + "attribute": { + "description": "Name of the entitlement attribute", + "type": "string", + "example": "authorizationType" + }, + "value": { + "description": "Raw value of the entitlement", + "type": "string", + "example": "CN=Users,dc=sailpoint,dc=com" + }, + "description": { + "description": "Entitlment description", + "type": "string", + "example": "Active Directory DC" + }, + "attributes": { + "description": "Entitlement attributes", + "type": "object", + "additionalProperties": true, + "example": { + "GroupType": "Security", + "sAMAccountName": "Buyer" + } + }, + "sourceSchemaObjectType": { + "description": "Schema objectType on the given application that maps to an Account Group", + "type": "string", + "example": "group" + }, + "privileged": { + "description": "Determines if this Entitlement is privileged.", + "type": "boolean", + "example": false + }, + "cloudGoverned": { + "description": "Determines if this Entitlement is goverened in the cloud.", + "type": "boolean", + "example": false + }, + "source": { + "description": "Reference to the source this entitlment belongs to.", + "example": [ + { + "type": "SOURCE", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "HR Active Directory" + } + ], + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/reload": { + "post": { + "operationId": "reloadAccount", + "tags": [ + "Accounts" + ], + "summary": "Reload Account", + "description": "This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/enable": { + "post": { + "operationId": "enableAccount", + "tags": [ + "Accounts" + ], + "summary": "Enable Account", + "description": "This API submits a task to enable account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "Request used for account enable/disable", + "type": "object", + "properties": { + "externalVerificationId": { + "description": "If set, an external process validates that the user wants to proceed with this request.", + "type": "string", + "example": "3f9180835d2e5168015d32f890ca1581" + }, + "forceProvisioning": { + "description": "If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing 'true' for an unlocked account will add and process 'Unlock' operation by the workflow.", + "type": "boolean", + "example": false + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/disable": { + "post": { + "operationId": "disableAccount", + "tags": [ + "Accounts" + ], + "summary": "Disable Account", + "description": "This API submits a task to disable the account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "Request used for account enable/disable", + "type": "object", + "properties": { + "externalVerificationId": { + "description": "If set, an external process validates that the user wants to proceed with this request.", + "type": "string", + "example": "3f9180835d2e5168015d32f890ca1581" + }, + "forceProvisioning": { + "description": "If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing 'true' for an unlocked account will add and process 'Unlock' operation by the workflow.", + "type": "boolean", + "example": false + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/accounts/{id}/unlock": { + "post": { + "operationId": "unlockAccount", + "tags": [ + "Accounts" + ], + "summary": "Unlock Account", + "description": "This API submits a task to unlock an account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:accounts-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "Request used for account unlock", + "type": "object", + "properties": { + "externalVerificationId": { + "description": "If set, an external process validates that the user wants to proceed with this request.", + "type": "string", + "example": "3f9180835d2e5168015d32f890ca1581" + }, + "unlockIDNAccount": { + "description": "If set, the IDN account is unlocked after the workflow completes.", + "type": "boolean", + "example": false + }, + "forceProvisioning": { + "description": "If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.", + "type": "boolean", + "example": false + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Async task details", + "content": { + "application/json": { + "schema": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/account-activities": { + "get": { + "operationId": "listAccountActivities", + "tags": [ + "Account Activities" + ], + "summary": "List Account Activities", + "description": "This gets a collection of account activities that satisfy the given query parameters.", + "parameters": [ + { + "in": "query", + "name": "requested-for", + "schema": { + "type": "string" + }, + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "required": false, + "example": "2c91808568c529c60168cca6f90c1313" + }, + { + "in": "query", + "name": "requested-by", + "schema": { + "type": "string" + }, + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "required": false, + "example": "2c91808568c529c60168cca6f90c1313" + }, + { + "in": "query", + "name": "regarding-identity", + "schema": { + "type": "string" + }, + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "required": false, + "example": "2c91808568c529c60168cca6f90c1313" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in* (See the `type` property in the response schema for possible values)\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*", + "example": "type eq \"Identity Refresh\"", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **type, created, modified**", + "example": "created", + "required": false + } + ], + "responses": { + "200": { + "description": "List of account activities", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the account activity", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "The name of the activity", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "created": { + "description": "When the activity was first created", + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "description": "When the activity was last modified", + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "nullable": true + }, + "completed": { + "description": "When the activity was completed", + "type": "string", + "format": "date-time", + "nullable": true, + "example": "2018-10-19T13:49:37.385Z" + }, + "completionStatus": { + "nullable": true, + "type": "string", + "description": "The status after completion.", + "enum": [ + "SUCCESS", + "FAILURE", + "INCOMPLETE", + "PENDING" + ], + "example": "SUCCESS" + }, + "type": { + "nullable": true, + "type": "string", + "example": "appRequest", + "description": "The type of action the activity performed. Please see the following list of types. This list may grow over time.\n\n- CloudAutomated\n- IdentityAttributeUpdate\n- appRequest\n- LifecycleStateChange\n- AccountStateUpdate\n- AccountAttributeUpdate\n- CloudPasswordRequest\n- Attribute Synchronization Refresh\n- Certification\n- Identity Refresh\n- Lifecycle Change Refresh\n\n\n[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).\n" + }, + "requesterIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "targetIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "errors": { + "nullable": true, + "description": "A list of error messages, if any, that were encountered.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds." + ] + }, + "warnings": { + "nullable": true, + "description": "A list of warning messages, if any, that were encountered.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "Some warning, another warning" + ] + }, + "items": { + "type": "array", + "description": "Individual actions performed as part of this account activity", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Item id", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of item", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "requested": { + "type": "string", + "format": "date-time", + "description": "Date and time item was requested", + "example": "2017-07-11T18:45:37.098Z" + }, + "approvalStatus": { + "nullable": true, + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "provisioningStatus": { + "type": "string", + "enum": [ + "PENDING", + "FINISHED", + "UNVERIFIABLE", + "COMMITED", + "FAILED", + "RETRY" + ], + "description": "Provisioning state of an account activity item", + "example": "PENDING" + }, + "requesterComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "reviewerIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "reviewerComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "operation": { + "nullable": true, + "type": "string", + "enum": [ + "ADD", + "CREATE", + "MODIFY", + "DELETE", + "DISABLE", + "ENABLE", + "UNLOCK", + "LOCK", + "REMOVE" + ], + "description": "Represents an operation in an account activity item", + "example": "ADD" + }, + "attribute": { + "type": "string", + "description": "Attribute to which account activity applies", + "nullable": true, + "example": "detectedRoles" + }, + "value": { + "type": "string", + "description": "Value of attribute", + "nullable": true, + "example": "Treasury Analyst [AccessProfile-1529010191212]" + }, + "nativeIdentity": { + "nullable": true, + "type": "string", + "description": "Native identity in the target system to which the account activity applies", + "example": "Sandie.Camero" + }, + "sourceId": { + "type": "string", + "description": "Id of Source to which account activity applies", + "example": "2c91808363ef85290164000587130c0c" + }, + "accountRequestInfo": { + "type": "object", + "nullable": true, + "properties": { + "requestedObjectId": { + "type": "string", + "description": "Id of requested object", + "example": "2c91808563ef85690164001c31140c0c" + }, + "requestedObjectName": { + "type": "string", + "description": "Human-readable name of requested object", + "example": "Treasury Analyst" + }, + "requestedObjectType": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + } + }, + "description": "If an account activity item is associated with an access request, captures details of that request." + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request item", + "example": { + "customKey1": "custom value 1", + "customKey2": "custom value 2" + } + }, + "removeDate": { + "nullable": true, + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + } + } + } + }, + "executionStatus": { + "type": "string", + "description": "The current state of execution.", + "enum": [ + "EXECUTING", + "VERIFYING", + "TERMINATED", + "COMPLETED" + ], + "example": "COMPLETED" + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request", + "example": { + "customKey1": "custom value 1", + "customKey2": "custom value 2" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/account-activities/{id}": { + "get": { + "operationId": "getAccountActivity", + "tags": [ + "Account Activities" + ], + "summary": "Get an Account Activity", + "description": "This gets a single account activity by its id.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The account activity id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An account activity object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the account activity", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "The name of the activity", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "created": { + "description": "When the activity was first created", + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "description": "When the activity was last modified", + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "nullable": true + }, + "completed": { + "description": "When the activity was completed", + "type": "string", + "format": "date-time", + "nullable": true, + "example": "2018-10-19T13:49:37.385Z" + }, + "completionStatus": { + "nullable": true, + "type": "string", + "description": "The status after completion.", + "enum": [ + "SUCCESS", + "FAILURE", + "INCOMPLETE", + "PENDING" + ], + "example": "SUCCESS" + }, + "type": { + "nullable": true, + "type": "string", + "example": "appRequest", + "description": "The type of action the activity performed. Please see the following list of types. This list may grow over time.\n\n- CloudAutomated\n- IdentityAttributeUpdate\n- appRequest\n- LifecycleStateChange\n- AccountStateUpdate\n- AccountAttributeUpdate\n- CloudPasswordRequest\n- Attribute Synchronization Refresh\n- Certification\n- Identity Refresh\n- Lifecycle Change Refresh\n\n\n[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).\n" + }, + "requesterIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "targetIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "errors": { + "nullable": true, + "description": "A list of error messages, if any, that were encountered.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds." + ] + }, + "warnings": { + "nullable": true, + "description": "A list of warning messages, if any, that were encountered.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "Some warning, another warning" + ] + }, + "items": { + "type": "array", + "description": "Individual actions performed as part of this account activity", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Item id", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of item", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "requested": { + "type": "string", + "format": "date-time", + "description": "Date and time item was requested", + "example": "2017-07-11T18:45:37.098Z" + }, + "approvalStatus": { + "nullable": true, + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "provisioningStatus": { + "type": "string", + "enum": [ + "PENDING", + "FINISHED", + "UNVERIFIABLE", + "COMMITED", + "FAILED", + "RETRY" + ], + "description": "Provisioning state of an account activity item", + "example": "PENDING" + }, + "requesterComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "reviewerIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "reviewerComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "operation": { + "nullable": true, + "type": "string", + "enum": [ + "ADD", + "CREATE", + "MODIFY", + "DELETE", + "DISABLE", + "ENABLE", + "UNLOCK", + "LOCK", + "REMOVE" + ], + "description": "Represents an operation in an account activity item", + "example": "ADD" + }, + "attribute": { + "type": "string", + "description": "Attribute to which account activity applies", + "nullable": true, + "example": "detectedRoles" + }, + "value": { + "type": "string", + "description": "Value of attribute", + "nullable": true, + "example": "Treasury Analyst [AccessProfile-1529010191212]" + }, + "nativeIdentity": { + "nullable": true, + "type": "string", + "description": "Native identity in the target system to which the account activity applies", + "example": "Sandie.Camero" + }, + "sourceId": { + "type": "string", + "description": "Id of Source to which account activity applies", + "example": "2c91808363ef85290164000587130c0c" + }, + "accountRequestInfo": { + "type": "object", + "nullable": true, + "properties": { + "requestedObjectId": { + "type": "string", + "description": "Id of requested object", + "example": "2c91808563ef85690164001c31140c0c" + }, + "requestedObjectName": { + "type": "string", + "description": "Human-readable name of requested object", + "example": "Treasury Analyst" + }, + "requestedObjectType": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + } + }, + "description": "If an account activity item is associated with an access request, captures details of that request." + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request item", + "example": { + "customKey1": "custom value 1", + "customKey2": "custom value 2" + } + }, + "removeDate": { + "nullable": true, + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + } + } + } + }, + "executionStatus": { + "type": "string", + "description": "The current state of execution.", + "enum": [ + "EXECUTING", + "VERIFYING", + "TERMINATED", + "COMPLETED" + ], + "example": "COMPLETED" + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request", + "example": { + "customKey1": "custom value 1", + "customKey2": "custom value 2" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications": { + "get": { + "operationId": "listIdentityCertifications", + "tags": [ + "Certifications" + ], + "summary": "Identity Campaign Certifications by IDs", + "description": "This API returns a list of identity campaign certifications that satisfy the given query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. This API does not support requests for certifications assigned to Governance Groups.", + "parameters": [ + { + "in": "query", + "name": "reviewer-identity", + "schema": { + "type": "string" + }, + "example": "me", + "description": "The ID of reviewer identity. *me* indicates the current user.", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**id**: *eq, in*\n**campaign.id**: *eq, in*\n**phase**: *eq*\n**completed**: *eq, ne*" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "name,due", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **name, due, signed**" + } + ], + "responses": { + "200": { + "description": "List of identity campaign certifications", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "example": "2c9180835d2e5168015d32f890ca1581", + "type": "string", + "description": "id of the certification" + }, + "name": { + "example": "Source Owner Access Review for Employees [source]", + "type": "string", + "description": "name of the certification" + }, + "campaign": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "completed": { + "type": "boolean", + "description": "Have all decisions been made?", + "example": true + }, + "identitiesCompleted": { + "type": "integer", + "description": "The number of identities for whom all decisions have been made and are complete.", + "example": 5, + "format": "int32" + }, + "identitiesTotal": { + "type": "integer", + "description": "The total number of identities in the Certification, both complete and incomplete.", + "example": 10, + "format": "int32" + }, + "created": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "created date" + }, + "modified": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "modified date" + }, + "decisionsMade": { + "type": "integer", + "description": "The number of approve/revoke/acknowledge decisions that have been made.", + "example": 20, + "format": "int32" + }, + "decisionsTotal": { + "type": "integer", + "description": "The total number of approve/revoke/acknowledge decisions.", + "example": 40, + "format": "int32" + }, + "due": { + "type": "string", + "format": "date-time", + "description": "The due date of the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "signed": { + "type": "string", + "format": "date-time", + "nullable": true, + "description": "The date the reviewer signed off on the Certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + }, + "reassignment": { + "type": "object", + "nullable": true, + "properties": { + "from": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the certification.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Certification Name" + }, + "type": { + "type": "string", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + } + } + }, + "comment": { + "type": "string", + "description": "The comment entered when the Certification was reassigned", + "example": "Reassigned for a reason" + } + } + }, + "hasErrors": { + "description": "Identifies if the certification has an error", + "type": "boolean", + "example": false + }, + "errorMessage": { + "description": "Description of the certification error", + "nullable": true, + "type": "string", + "example": "The certification has an error" + }, + "phase": { + "type": "string", + "description": "The current phase of the campaign.\n* `STAGED`: The campaign is waiting to be activated.\n* `ACTIVE`: The campaign is active.\n* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.\n", + "enum": [ + "STAGED", + "ACTIVE", + "SIGNED" + ], + "example": "ACTIVE" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}": { + "get": { + "operationId": "getIdentityCertification", + "tags": [ + "Certifications" + ], + "summary": "Identity Certification by ID", + "description": "This API returns a single identity campaign certification by its ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The certification id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An identity campaign certification object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "example": "2c9180835d2e5168015d32f890ca1581", + "type": "string", + "description": "id of the certification" + }, + "name": { + "example": "Source Owner Access Review for Employees [source]", + "type": "string", + "description": "name of the certification" + }, + "campaign": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "completed": { + "type": "boolean", + "description": "Have all decisions been made?", + "example": true + }, + "identitiesCompleted": { + "type": "integer", + "description": "The number of identities for whom all decisions have been made and are complete.", + "example": 5, + "format": "int32" + }, + "identitiesTotal": { + "type": "integer", + "description": "The total number of identities in the Certification, both complete and incomplete.", + "example": 10, + "format": "int32" + }, + "created": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "created date" + }, + "modified": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "modified date" + }, + "decisionsMade": { + "type": "integer", + "description": "The number of approve/revoke/acknowledge decisions that have been made.", + "example": 20, + "format": "int32" + }, + "decisionsTotal": { + "type": "integer", + "description": "The total number of approve/revoke/acknowledge decisions.", + "example": 40, + "format": "int32" + }, + "due": { + "type": "string", + "format": "date-time", + "description": "The due date of the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "signed": { + "type": "string", + "format": "date-time", + "nullable": true, + "description": "The date the reviewer signed off on the Certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + }, + "reassignment": { + "type": "object", + "nullable": true, + "properties": { + "from": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the certification.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Certification Name" + }, + "type": { + "type": "string", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + } + } + }, + "comment": { + "type": "string", + "description": "The comment entered when the Certification was reassigned", + "example": "Reassigned for a reason" + } + } + }, + "hasErrors": { + "description": "Identifies if the certification has an error", + "type": "boolean", + "example": false + }, + "errorMessage": { + "description": "Description of the certification error", + "nullable": true, + "type": "string", + "example": "The certification has an error" + }, + "phase": { + "type": "string", + "description": "The current phase of the campaign.\n* `STAGED`: The campaign is waiting to be activated.\n* `ACTIVE`: The campaign is active.\n* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.\n", + "enum": [ + "STAGED", + "ACTIVE", + "SIGNED" + ], + "example": "ACTIVE" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/access-review-items": { + "get": { + "operationId": "listIdentityAccessReviewItems", + "tags": [ + "Certifications" + ], + "summary": "List of Access Review Items", + "description": "This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "required": false, + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "example": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "access.name,-accessProfile.sourceName", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**" + }, + { + "in": "query", + "name": "entitlements", + "required": false, + "schema": { + "type": "string" + }, + "example": "identityEntitlement", + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time." + }, + { + "in": "query", + "name": "access-profiles", + "required": false, + "schema": { + "type": "string" + }, + "example": "accessProfile1", + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time." + }, + { + "in": "query", + "name": "roles", + "required": false, + "schema": { + "type": "string" + }, + "example": "userRole", + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time." + } + ], + "responses": { + "200": { + "description": "A list of access review items", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accessSummary": { + "type": "object", + "description": "An object holding the access that is being reviewed", + "properties": { + "access": { + "type": "object", + "properties": { + "type": { + "description": "The type of item being certified", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the item being certified", + "example": "2c9180867160846801719932c5153fb7" + }, + "name": { + "type": "string", + "description": "The name of the item being certified", + "example": "Entitlement for Company Database" + } + } + }, + "entitlement": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "The id for the entitlement", + "example": "2c918085718230600171993742c63558" + }, + "name": { + "type": "string", + "description": "The name of the entitlement", + "example": "CN=entitlement.bbb7c650" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Information about the entitlement", + "example": "Gives read/write access to the company database" + }, + "privileged": { + "type": "boolean", + "example": false, + "description": "Indicates if the entitlement is a privileged entitlement" + }, + "owner": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the source", + "example": "memberOf" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute on the source", + "example": "CN=entitlement.bbb7c650" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The schema object type on the source used to represent the entitlement and its attributes", + "example": "groups" + }, + "sourceName": { + "type": "string", + "description": "The name of the source for which this entitlement belongs", + "example": "ODS-AD-Source" + }, + "sourceType": { + "type": "string", + "description": "The type of the source for which the entitlement belongs", + "example": "Active Directory - Direct" + }, + "hasPermissions": { + "type": "boolean", + "description": "Indicates if the entitlement has permissions", + "example": false + }, + "isPermission": { + "type": "boolean", + "description": "Indicates if the entitlement is a representation of an account permission", + "example": false + }, + "revocable": { + "type": "boolean", + "description": "Indicates whether the entitlement can be revoked", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "account": { + "type": "object", + "nullable": true, + "description": "Information about the status of the entitlement", + "properties": { + "nativeIdentity": { + "type": "string", + "description": "The native identity for this account", + "example": "CN=Alison Ferguso" + }, + "disabled": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently disabled" + }, + "locked": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently locked" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "nullable": true, + "type": "string", + "description": "The id associated with the account", + "example": "2c9180857182305e0171993737eb29e6" + }, + "name": { + "nullable": true, + "type": "string", + "description": "The account name", + "example": "Alison Ferguso" + }, + "created": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was created", + "example": "2020-04-20T20:11:05.067Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was last modified", + "example": "2020-05-20T18:57:16.987Z" + } + } + } + } + }, + "accessProfile": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792" + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "privileged": { + "type": "boolean", + "description": "Indicates if the entitlement is a privileged entitlement", + "example": false + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "endDate": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date at which a user's access expires", + "example": "2021-12-25T00:00:00.000Z" + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with this Access Profile", + "items": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "The id for the entitlement", + "example": "2c918085718230600171993742c63558" + }, + "name": { + "type": "string", + "description": "The name of the entitlement", + "example": "CN=entitlement.bbb7c650" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Information about the entitlement", + "example": "Gives read/write access to the company database" + }, + "privileged": { + "type": "boolean", + "example": false, + "description": "Indicates if the entitlement is a privileged entitlement" + }, + "owner": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the source", + "example": "memberOf" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute on the source", + "example": "CN=entitlement.bbb7c650" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The schema object type on the source used to represent the entitlement and its attributes", + "example": "groups" + }, + "sourceName": { + "type": "string", + "description": "The name of the source for which this entitlement belongs", + "example": "ODS-AD-Source" + }, + "sourceType": { + "type": "string", + "description": "The type of the source for which the entitlement belongs", + "example": "Active Directory - Direct" + }, + "hasPermissions": { + "type": "boolean", + "description": "Indicates if the entitlement has permissions", + "example": false + }, + "isPermission": { + "type": "boolean", + "description": "Indicates if the entitlement is a representation of an account permission", + "example": false + }, + "revocable": { + "type": "boolean", + "description": "Indicates whether the entitlement can be revoked", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "account": { + "type": "object", + "nullable": true, + "description": "Information about the status of the entitlement", + "properties": { + "nativeIdentity": { + "type": "string", + "description": "The native identity for this account", + "example": "CN=Alison Ferguso" + }, + "disabled": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently disabled" + }, + "locked": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently locked" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "nullable": true, + "type": "string", + "description": "The id associated with the account", + "example": "2c9180857182305e0171993737eb29e6" + }, + "name": { + "nullable": true, + "type": "string", + "description": "The account name", + "example": "Alison Ferguso" + }, + "created": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was created", + "example": "2020-04-20T20:11:05.067Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was last modified", + "example": "2020-05-20T18:57:16.987Z" + } + } + } + } + } + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created.", + "format": "date-time", + "example": "2021-01-01T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-02-01T22:32:58.104Z" + } + } + }, + "role": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "The id for the Role", + "example": "2c91808a7190d06e0171993907fd0794" + }, + "name": { + "type": "string", + "description": "The name of the Role", + "example": "Accounting-Employees" + }, + "description": { + "type": "string", + "description": "Information about the Role", + "example": "Role for members of the accounting department with the necessary Access Profiles" + }, + "privileged": { + "type": "boolean", + "description": "Indicates if the entitlement is a privileged entitlement", + "example": false + }, + "owner": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "revocable": { + "type": "boolean", + "description": "Indicates whether the Role can be revoked or requested", + "example": false + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "The date when a user's access expires.", + "example": "2021-12-25T00:00:00.000Z" + }, + "accessProfiles": { + "type": "array", + "description": "The list of Access Profiles associated with this Role", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792" + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "privileged": { + "type": "boolean", + "description": "Indicates if the entitlement is a privileged entitlement", + "example": false + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "endDate": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date at which a user's access expires", + "example": "2021-12-25T00:00:00.000Z" + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with this Access Profile", + "items": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "The id for the entitlement", + "example": "2c918085718230600171993742c63558" + }, + "name": { + "type": "string", + "description": "The name of the entitlement", + "example": "CN=entitlement.bbb7c650" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Information about the entitlement", + "example": "Gives read/write access to the company database" + }, + "privileged": { + "type": "boolean", + "example": false, + "description": "Indicates if the entitlement is a privileged entitlement" + }, + "owner": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the source", + "example": "memberOf" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute on the source", + "example": "CN=entitlement.bbb7c650" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The schema object type on the source used to represent the entitlement and its attributes", + "example": "groups" + }, + "sourceName": { + "type": "string", + "description": "The name of the source for which this entitlement belongs", + "example": "ODS-AD-Source" + }, + "sourceType": { + "type": "string", + "description": "The type of the source for which the entitlement belongs", + "example": "Active Directory - Direct" + }, + "hasPermissions": { + "type": "boolean", + "description": "Indicates if the entitlement has permissions", + "example": false + }, + "isPermission": { + "type": "boolean", + "description": "Indicates if the entitlement is a representation of an account permission", + "example": false + }, + "revocable": { + "type": "boolean", + "description": "Indicates whether the entitlement can be revoked", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "account": { + "type": "object", + "nullable": true, + "description": "Information about the status of the entitlement", + "properties": { + "nativeIdentity": { + "type": "string", + "description": "The native identity for this account", + "example": "CN=Alison Ferguso" + }, + "disabled": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently disabled" + }, + "locked": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently locked" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "nullable": true, + "type": "string", + "description": "The id associated with the account", + "example": "2c9180857182305e0171993737eb29e6" + }, + "name": { + "nullable": true, + "type": "string", + "description": "The account name", + "example": "Alison Ferguso" + }, + "created": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was created", + "example": "2020-04-20T20:11:05.067Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was last modified", + "example": "2020-05-20T18:57:16.987Z" + } + } + } + } + } + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created.", + "format": "date-time", + "example": "2021-01-01T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-02-01T22:32:58.104Z" + } + } + } + } + } + } + } + }, + "identitySummary": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the identity summary", + "example": "2c91808772a504f50172a9540e501ba7" + }, + "name": { + "type": "string", + "description": "Name of the linked identity", + "example": "Alison Ferguso" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity being certified", + "example": "2c9180857182306001719937377a33de" + }, + "completed": { + "type": "boolean", + "description": "Indicates whether the review items for the linked identity's certification have been completed", + "example": true + } + } + }, + "id": { + "type": "string", + "description": "The review item's id", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "completed": { + "type": "boolean", + "description": "Whether the review item is complete", + "example": false + }, + "newAccess": { + "type": "boolean", + "description": "Indicates whether the review item is for new access to a source", + "example": false + }, + "decision": { + "type": "string", + "description": "The decision to approve or revoke the review item", + "enum": [ + "APPROVE", + "REVOKE" + ], + "example": "APPROVE" + }, + "comments": { + "nullable": true, + "type": "string", + "description": "Comments for this review item", + "example": "This user still needs access to this source" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/decide": { + "post": { + "operationId": "makeIdentityDecision", + "tags": [ + "Certifications" + ], + "summary": "Decide on a Certification Item", + "description": "The API makes a decision to approve or revoke one or more identity campaign certification items. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the identity campaign certification on which to make decisions", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A non-empty array of decisions to be made.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the review decision", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "decision": { + "type": "string", + "description": "The decision to approve or revoke the review item", + "enum": [ + "APPROVE", + "REVOKE" + ], + "example": "APPROVE" + }, + "proposedEndDate": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "The date at which a user's access should be taken away. Should only be set for `REVOKE` decisions." + }, + "bulk": { + "type": "boolean", + "description": "Indicates whether decision should be marked as part of a larger bulk decision", + "example": true + }, + "recommendation": { + "nullable": true, + "type": "object", + "properties": { + "recommendation": { + "type": "string", + "description": "The recommendation from IAI at the time of the decision. This field will be null if no recommendation was made.", + "example": null, + "nullable": true + }, + "reasons": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of reasons for the recommendation.", + "example": [ + "Reason 1", + "Reason 2" + ] + }, + "timestamp": { + "type": "string", + "format": "date-time", + "description": "The time at which the recommendation was recorded.", + "example": "2020-06-01T13:49:37.385Z" + } + } + }, + "comments": { + "type": "string", + "description": "Comments recorded when the decision was made", + "example": "This user no longer needs access to this source" + } + }, + "required": [ + "id", + "decision", + "bulk" + ] + }, + "minItems": 1, + "maxItems": 250 + }, + "example": [ + { + "id": "ef38f94347e94562b5bb8424a56396b5", + "decision": "APPROVE", + "bulk": true, + "comments": "This user still needs access to this source." + }, + { + "id": "ef38f94347e94562b5bb8424a56397d8", + "decision": "APPROVE", + "bulk": true, + "comments": "This user still needs access to this source too." + } + ] + } + } + }, + "responses": { + "200": { + "description": "An identity campaign certification object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "example": "2c9180835d2e5168015d32f890ca1581", + "type": "string", + "description": "id of the certification" + }, + "name": { + "example": "Source Owner Access Review for Employees [source]", + "type": "string", + "description": "name of the certification" + }, + "campaign": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "completed": { + "type": "boolean", + "description": "Have all decisions been made?", + "example": true + }, + "identitiesCompleted": { + "type": "integer", + "description": "The number of identities for whom all decisions have been made and are complete.", + "example": 5, + "format": "int32" + }, + "identitiesTotal": { + "type": "integer", + "description": "The total number of identities in the Certification, both complete and incomplete.", + "example": 10, + "format": "int32" + }, + "created": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "created date" + }, + "modified": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "modified date" + }, + "decisionsMade": { + "type": "integer", + "description": "The number of approve/revoke/acknowledge decisions that have been made.", + "example": 20, + "format": "int32" + }, + "decisionsTotal": { + "type": "integer", + "description": "The total number of approve/revoke/acknowledge decisions.", + "example": 40, + "format": "int32" + }, + "due": { + "type": "string", + "format": "date-time", + "description": "The due date of the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "signed": { + "type": "string", + "format": "date-time", + "nullable": true, + "description": "The date the reviewer signed off on the Certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + }, + "reassignment": { + "type": "object", + "nullable": true, + "properties": { + "from": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the certification.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Certification Name" + }, + "type": { + "type": "string", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + } + } + }, + "comment": { + "type": "string", + "description": "The comment entered when the Certification was reassigned", + "example": "Reassigned for a reason" + } + } + }, + "hasErrors": { + "description": "Identifies if the certification has an error", + "type": "boolean", + "example": false + }, + "errorMessage": { + "description": "Description of the certification error", + "nullable": true, + "type": "string", + "example": "The certification has an error" + }, + "phase": { + "type": "string", + "description": "The current phase of the campaign.\n* `STAGED`: The campaign is waiting to be activated.\n* `ACTIVE`: The campaign is active.\n* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.\n", + "enum": [ + "STAGED", + "ACTIVE", + "SIGNED" + ], + "example": "ACTIVE" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/reassign": { + "post": { + "operationId": "reassignIdentityCertifications", + "tags": [ + "Certifications" + ], + "summary": "Reassign Identities or Items", + "description": "This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "reassign": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of item or identity being reassigned.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "type": { + "type": "string", + "description": "The type of item or identity being reassigned.", + "enum": [ + "TARGET_SUMMARY", + "ITEM", + "IDENTITY_SUMMARY" + ], + "example": "ITEM" + } + }, + "required": [ + "id", + "type" + ] + } + }, + "reassignTo": { + "type": "string", + "description": "The ID of the identity to which the certification is reassigned", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "reason": { + "type": "string", + "description": "The reason comment for why the reassign was made", + "example": "reassigned for some reason" + } + }, + "required": [ + "reassign", + "reassignTo", + "reason" + ] + } + } + } + }, + "responses": { + "200": { + "description": "An identity campaign certification details after completing the reassignment.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "example": "2c9180835d2e5168015d32f890ca1581", + "type": "string", + "description": "id of the certification" + }, + "name": { + "example": "Source Owner Access Review for Employees [source]", + "type": "string", + "description": "name of the certification" + }, + "campaign": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "completed": { + "type": "boolean", + "description": "Have all decisions been made?", + "example": true + }, + "identitiesCompleted": { + "type": "integer", + "description": "The number of identities for whom all decisions have been made and are complete.", + "example": 5, + "format": "int32" + }, + "identitiesTotal": { + "type": "integer", + "description": "The total number of identities in the Certification, both complete and incomplete.", + "example": 10, + "format": "int32" + }, + "created": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "created date" + }, + "modified": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "modified date" + }, + "decisionsMade": { + "type": "integer", + "description": "The number of approve/revoke/acknowledge decisions that have been made.", + "example": 20, + "format": "int32" + }, + "decisionsTotal": { + "type": "integer", + "description": "The total number of approve/revoke/acknowledge decisions.", + "example": 40, + "format": "int32" + }, + "due": { + "type": "string", + "format": "date-time", + "description": "The due date of the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "signed": { + "type": "string", + "format": "date-time", + "nullable": true, + "description": "The date the reviewer signed off on the Certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + }, + "reassignment": { + "type": "object", + "nullable": true, + "properties": { + "from": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the certification.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Certification Name" + }, + "type": { + "type": "string", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + } + } + }, + "comment": { + "type": "string", + "description": "The comment entered when the Certification was reassigned", + "example": "Reassigned for a reason" + } + } + }, + "hasErrors": { + "description": "Identifies if the certification has an error", + "type": "boolean", + "example": false + }, + "errorMessage": { + "description": "Description of the certification error", + "nullable": true, + "type": "string", + "example": "The certification has an error" + }, + "phase": { + "type": "string", + "description": "The current phase of the campaign.\n* `STAGED`: The campaign is waiting to be activated.\n* `ACTIVE`: The campaign is active.\n* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.\n", + "enum": [ + "STAGED", + "ACTIVE", + "SIGNED" + ], + "example": "ACTIVE" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/sign-off": { + "post": { + "operationId": "signOffIdentityCertification", + "tags": [ + "Certifications" + ], + "summary": "Finalize Identity Certification Decisions", + "description": "This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "An identity campaign certification object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "example": "2c9180835d2e5168015d32f890ca1581", + "type": "string", + "description": "id of the certification" + }, + "name": { + "example": "Source Owner Access Review for Employees [source]", + "type": "string", + "description": "name of the certification" + }, + "campaign": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "completed": { + "type": "boolean", + "description": "Have all decisions been made?", + "example": true + }, + "identitiesCompleted": { + "type": "integer", + "description": "The number of identities for whom all decisions have been made and are complete.", + "example": 5, + "format": "int32" + }, + "identitiesTotal": { + "type": "integer", + "description": "The total number of identities in the Certification, both complete and incomplete.", + "example": 10, + "format": "int32" + }, + "created": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "created date" + }, + "modified": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "modified date" + }, + "decisionsMade": { + "type": "integer", + "description": "The number of approve/revoke/acknowledge decisions that have been made.", + "example": 20, + "format": "int32" + }, + "decisionsTotal": { + "type": "integer", + "description": "The total number of approve/revoke/acknowledge decisions.", + "example": 40, + "format": "int32" + }, + "due": { + "type": "string", + "format": "date-time", + "description": "The due date of the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "signed": { + "type": "string", + "format": "date-time", + "nullable": true, + "description": "The date the reviewer signed off on the Certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + }, + "reassignment": { + "type": "object", + "nullable": true, + "properties": { + "from": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the certification.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Certification Name" + }, + "type": { + "type": "string", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + } + } + }, + "comment": { + "type": "string", + "description": "The comment entered when the Certification was reassigned", + "example": "Reassigned for a reason" + } + } + }, + "hasErrors": { + "description": "Identifies if the certification has an error", + "type": "boolean", + "example": false + }, + "errorMessage": { + "description": "Description of the certification error", + "nullable": true, + "type": "string", + "example": "The certification has an error" + }, + "phase": { + "type": "string", + "description": "The current phase of the campaign.\n* `STAGED`: The campaign is waiting to be activated.\n* `ACTIVE`: The campaign is active.\n* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.\n", + "enum": [ + "STAGED", + "ACTIVE", + "SIGNED" + ], + "example": "ACTIVE" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/decision-summary": { + "get": { + "operationId": "getIdentityDecisionSummary", + "tags": [ + "Certification Summaries" + ], + "summary": "Summary of Certification Decisions", + "description": "This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*" + } + ], + "responses": { + "200": { + "description": "Summary of the decisions made", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "entitlementDecisionsMade": { + "type": "integer", + "description": "Number of entitlement decisions that have been made", + "example": 3, + "format": "int32" + }, + "accessProfileDecisionsMade": { + "type": "integer", + "description": "Number of access profile decisions that have been made", + "example": 5, + "format": "int32" + }, + "roleDecisionsMade": { + "type": "integer", + "description": "Number of role decisions that have been made", + "example": 2, + "format": "int32" + }, + "accountDecisionsMade": { + "type": "integer", + "description": "Number of account decisions that have been made", + "example": 4, + "format": "int32" + }, + "entitlementDecisionsTotal": { + "type": "integer", + "description": "The total number of entitlement decisions on the certification, both complete and incomplete", + "example": 6, + "format": "int32" + }, + "accessProfileDecisionsTotal": { + "type": "integer", + "description": "The total number of access profile decisions on the certification, both complete and incomplete", + "example": 10, + "format": "int32" + }, + "roleDecisionsTotal": { + "type": "integer", + "description": "The total number of role decisions on the certification, both complete and incomplete", + "example": 4, + "format": "int32" + }, + "accountDecisionsTotal": { + "type": "integer", + "description": "The total number of account decisions on the certification, both complete and incomplete", + "example": 8, + "format": "int32" + }, + "entitlementsApproved": { + "type": "integer", + "description": "The number of entitlement decisions that have been made which were approved", + "example": 2, + "format": "int32" + }, + "entitlementsRevoked": { + "type": "integer", + "description": "The number of entitlement decisions that have been made which were revoked", + "example": 1, + "format": "int32" + }, + "accessProfilesApproved": { + "type": "integer", + "description": "The number of access profile decisions that have been made which were approved", + "example": 3, + "format": "int32" + }, + "accessProfilesRevoked": { + "type": "integer", + "description": "The number of access profile decisions that have been made which were revoked", + "example": 2, + "format": "int32" + }, + "rolesApproved": { + "type": "integer", + "description": "The number of role decisions that have been made which were approved", + "example": 2, + "format": "int32" + }, + "rolesRevoked": { + "type": "integer", + "description": "The number of role decisions that have been made which were revoked", + "example": 0, + "format": "int32" + }, + "accountsApproved": { + "type": "integer", + "description": "The number of account decisions that have been made which were approved", + "example": 1, + "format": "int32" + }, + "accountsRevoked": { + "type": "integer", + "description": "The number of account decisions that have been made which were revoked", + "example": 3, + "format": "int32" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/identity-summaries": { + "get": { + "operationId": "getIdentitySummaries", + "tags": [ + "Certification Summaries" + ], + "summary": "Identity Summaries for Campaign Certification", + "description": "This API returns a list of the identity summaries for a specific identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "name", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**" + } + ], + "responses": { + "200": { + "description": "List of identity summaries", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the identity summary", + "example": "2c91808772a504f50172a9540e501ba7" + }, + "name": { + "type": "string", + "description": "Name of the linked identity", + "example": "Alison Ferguso" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity being certified", + "example": "2c9180857182306001719937377a33de" + }, + "completed": { + "type": "boolean", + "description": "Indicates whether the review items for the linked identity's certification have been completed", + "example": true + } + } + } + }, + "example": [ + { + "id": "2c91808772a504f50172a9540e501ba7", + "name": "Aaron Grey", + "identityId": "2c9180857182306001719937379633e4", + "completed": false + }, + { + "id": "2c91808772a504f50172a9540e501ba8", + "name": "Aglae Wilson", + "identityId": "2c9180857182306001719937377a33de", + "completed": true + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/access-summaries/{type}": { + "get": { + "operationId": "getIdentityAccessSummaries", + "tags": [ + "Certification Summaries" + ], + "summary": "Access Summaries", + "description": "This API returns a list of access summaries for the specified identity campaign certification and type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "ACCESS_PROFILE", + "ENTITLEMENT" + ] + }, + "required": true, + "description": "The type of access review item to retrieve summaries for", + "example": "ACCESS_PROFILE" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "access.name", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**" + } + ], + "responses": { + "200": { + "description": "List of access summaries", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "An object holding the access that is being reviewed", + "properties": { + "access": { + "type": "object", + "properties": { + "type": { + "description": "The type of item being certified", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the item being certified", + "example": "2c9180867160846801719932c5153fb7" + }, + "name": { + "type": "string", + "description": "The name of the item being certified", + "example": "Entitlement for Company Database" + } + } + }, + "entitlement": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "The id for the entitlement", + "example": "2c918085718230600171993742c63558" + }, + "name": { + "type": "string", + "description": "The name of the entitlement", + "example": "CN=entitlement.bbb7c650" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Information about the entitlement", + "example": "Gives read/write access to the company database" + }, + "privileged": { + "type": "boolean", + "example": false, + "description": "Indicates if the entitlement is a privileged entitlement" + }, + "owner": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the source", + "example": "memberOf" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute on the source", + "example": "CN=entitlement.bbb7c650" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The schema object type on the source used to represent the entitlement and its attributes", + "example": "groups" + }, + "sourceName": { + "type": "string", + "description": "The name of the source for which this entitlement belongs", + "example": "ODS-AD-Source" + }, + "sourceType": { + "type": "string", + "description": "The type of the source for which the entitlement belongs", + "example": "Active Directory - Direct" + }, + "hasPermissions": { + "type": "boolean", + "description": "Indicates if the entitlement has permissions", + "example": false + }, + "isPermission": { + "type": "boolean", + "description": "Indicates if the entitlement is a representation of an account permission", + "example": false + }, + "revocable": { + "type": "boolean", + "description": "Indicates whether the entitlement can be revoked", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "account": { + "type": "object", + "nullable": true, + "description": "Information about the status of the entitlement", + "properties": { + "nativeIdentity": { + "type": "string", + "description": "The native identity for this account", + "example": "CN=Alison Ferguso" + }, + "disabled": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently disabled" + }, + "locked": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently locked" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "nullable": true, + "type": "string", + "description": "The id associated with the account", + "example": "2c9180857182305e0171993737eb29e6" + }, + "name": { + "nullable": true, + "type": "string", + "description": "The account name", + "example": "Alison Ferguso" + }, + "created": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was created", + "example": "2020-04-20T20:11:05.067Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was last modified", + "example": "2020-05-20T18:57:16.987Z" + } + } + } + } + }, + "accessProfile": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792" + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "privileged": { + "type": "boolean", + "description": "Indicates if the entitlement is a privileged entitlement", + "example": false + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "endDate": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date at which a user's access expires", + "example": "2021-12-25T00:00:00.000Z" + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with this Access Profile", + "items": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "The id for the entitlement", + "example": "2c918085718230600171993742c63558" + }, + "name": { + "type": "string", + "description": "The name of the entitlement", + "example": "CN=entitlement.bbb7c650" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Information about the entitlement", + "example": "Gives read/write access to the company database" + }, + "privileged": { + "type": "boolean", + "example": false, + "description": "Indicates if the entitlement is a privileged entitlement" + }, + "owner": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the source", + "example": "memberOf" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute on the source", + "example": "CN=entitlement.bbb7c650" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The schema object type on the source used to represent the entitlement and its attributes", + "example": "groups" + }, + "sourceName": { + "type": "string", + "description": "The name of the source for which this entitlement belongs", + "example": "ODS-AD-Source" + }, + "sourceType": { + "type": "string", + "description": "The type of the source for which the entitlement belongs", + "example": "Active Directory - Direct" + }, + "hasPermissions": { + "type": "boolean", + "description": "Indicates if the entitlement has permissions", + "example": false + }, + "isPermission": { + "type": "boolean", + "description": "Indicates if the entitlement is a representation of an account permission", + "example": false + }, + "revocable": { + "type": "boolean", + "description": "Indicates whether the entitlement can be revoked", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "account": { + "type": "object", + "nullable": true, + "description": "Information about the status of the entitlement", + "properties": { + "nativeIdentity": { + "type": "string", + "description": "The native identity for this account", + "example": "CN=Alison Ferguso" + }, + "disabled": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently disabled" + }, + "locked": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently locked" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "nullable": true, + "type": "string", + "description": "The id associated with the account", + "example": "2c9180857182305e0171993737eb29e6" + }, + "name": { + "nullable": true, + "type": "string", + "description": "The account name", + "example": "Alison Ferguso" + }, + "created": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was created", + "example": "2020-04-20T20:11:05.067Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was last modified", + "example": "2020-05-20T18:57:16.987Z" + } + } + } + } + } + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created.", + "format": "date-time", + "example": "2021-01-01T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-02-01T22:32:58.104Z" + } + } + }, + "role": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "The id for the Role", + "example": "2c91808a7190d06e0171993907fd0794" + }, + "name": { + "type": "string", + "description": "The name of the Role", + "example": "Accounting-Employees" + }, + "description": { + "type": "string", + "description": "Information about the Role", + "example": "Role for members of the accounting department with the necessary Access Profiles" + }, + "privileged": { + "type": "boolean", + "description": "Indicates if the entitlement is a privileged entitlement", + "example": false + }, + "owner": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "revocable": { + "type": "boolean", + "description": "Indicates whether the Role can be revoked or requested", + "example": false + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "The date when a user's access expires.", + "example": "2021-12-25T00:00:00.000Z" + }, + "accessProfiles": { + "type": "array", + "description": "The list of Access Profiles associated with this Role", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Access Profile", + "example": "2c91808a7190d06e01719938fcd20792" + }, + "name": { + "type": "string", + "description": "Name of the Access Profile", + "example": "Employee-database-read-write" + }, + "description": { + "type": "string", + "description": "Information about the Access Profile", + "example": "Collection of entitlements to read/write the employee database" + }, + "privileged": { + "type": "boolean", + "description": "Indicates if the entitlement is a privileged entitlement", + "example": false + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "endDate": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "The date at which a user's access expires", + "example": "2021-12-25T00:00:00.000Z" + }, + "owner": { + "description": "Owner of the Access Profile", + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "entitlements": { + "type": "array", + "description": "A list of entitlements associated with this Access Profile", + "items": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "The id for the entitlement", + "example": "2c918085718230600171993742c63558" + }, + "name": { + "type": "string", + "description": "The name of the entitlement", + "example": "CN=entitlement.bbb7c650" + }, + "description": { + "nullable": true, + "type": "string", + "description": "Information about the entitlement", + "example": "Gives read/write access to the company database" + }, + "privileged": { + "type": "boolean", + "example": false, + "description": "Indicates if the entitlement is a privileged entitlement" + }, + "owner": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the source", + "example": "memberOf" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute on the source", + "example": "CN=entitlement.bbb7c650" + }, + "sourceSchemaObjectType": { + "type": "string", + "description": "The schema object type on the source used to represent the entitlement and its attributes", + "example": "groups" + }, + "sourceName": { + "type": "string", + "description": "The name of the source for which this entitlement belongs", + "example": "ODS-AD-Source" + }, + "sourceType": { + "type": "string", + "description": "The type of the source for which the entitlement belongs", + "example": "Active Directory - Direct" + }, + "hasPermissions": { + "type": "boolean", + "description": "Indicates if the entitlement has permissions", + "example": false + }, + "isPermission": { + "type": "boolean", + "description": "Indicates if the entitlement is a representation of an account permission", + "example": false + }, + "revocable": { + "type": "boolean", + "description": "Indicates whether the entitlement can be revoked", + "example": true + }, + "cloudGoverned": { + "type": "boolean", + "description": "True if the entitlement is cloud governed", + "example": false + }, + "account": { + "type": "object", + "nullable": true, + "description": "Information about the status of the entitlement", + "properties": { + "nativeIdentity": { + "type": "string", + "description": "The native identity for this account", + "example": "CN=Alison Ferguso" + }, + "disabled": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently disabled" + }, + "locked": { + "type": "boolean", + "example": false, + "description": "Indicates whether this account is currently locked" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "nullable": true, + "type": "string", + "description": "The id associated with the account", + "example": "2c9180857182305e0171993737eb29e6" + }, + "name": { + "nullable": true, + "type": "string", + "description": "The account name", + "example": "Alison Ferguso" + }, + "created": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was created", + "example": "2020-04-20T20:11:05.067Z" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "description": "When the account was last modified", + "example": "2020-05-20T18:57:16.987Z" + } + } + } + } + } + }, + "created": { + "type": "string", + "description": "Date the Access Profile was created.", + "format": "date-time", + "example": "2021-01-01T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "Date the Access Profile was last modified.", + "format": "date-time", + "example": "2021-02-01T22:32:58.104Z" + } + } + } + } + } + } + } + } + }, + "example": [ + { + "access": { + "type": "ENTITLEMENT", + "id": "2c9180857182305e01719937429e2bad", + "name": "CN=Engineering" + }, + "entitlement": { + "id": "2c9180857182305e01719937429e2bad", + "name": "CN=Engineering", + "description": "Access to the engineering database", + "privileged": false, + "owner": { + "email": "brandon.gray@acme-solar.com", + "type": "IDENTITY", + "id": "2c9180867160846801719932c5153fb7", + "name": "Brandon Gray" + }, + "attributeName": "memberOf", + "attributeValue": "CN=Engineering", + "sourceName": "ODS-AD-Source", + "hasPermissions": true, + "revocable": true + } + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/certifications/{id}/identity-summary/{identitySummaryId}": { + "get": { + "operationId": "getIdentitySummary", + "tags": [ + "Certification Summaries" + ], + "summary": "Summary for Identity", + "description": "This API returns the summary for an identity on a specified identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity campaign certification ID", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "identitySummaryId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The identity summary ID", + "example": "2c91808772a504f50172a9540e501ba8" + } + ], + "responses": { + "200": { + "description": "An identity summary", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the identity summary", + "example": "2c91808772a504f50172a9540e501ba7" + }, + "name": { + "type": "string", + "description": "Name of the linked identity", + "example": "Alison Ferguso" + }, + "identityId": { + "type": "string", + "description": "The ID of the identity being certified", + "example": "2c9180857182306001719937377a33de" + }, + "completed": { + "type": "boolean", + "description": "Indicates whether the review items for the linked identity's certification have been completed", + "example": true + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identities/{identity-id}/set-lifecycle-state": { + "post": { + "operationId": "setLifecycleState", + "tags": [ + "Lifecycle States" + ], + "summary": "Set Lifecycle State", + "description": "This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding Identity Profile.\nA token with ORG_ADMIN or API authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:identity-lifecycle-state:update" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "identity-id", + "description": "The ID of the identity to update", + "required": true, + "example": "2c9180857893f1290178944561990364", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "lifecycleStateId": { + "type": "string", + "description": "The ID of the lifecycle state to set", + "example": "2c9180877a86e408017a8c19fefe046c" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accountActivityId": { + "type": "string", + "example": "2c9180837ab5b716017ab7c6c9ef1e20", + "description": "The ID of the IdentityRequest object that was generated when the workflow launches" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identity-profiles/{identity-profile-id}/lifecycle-states": { + "get": { + "operationId": "listLifecycleStates", + "tags": [ + "Lifecycle States" + ], + "summary": "Lists LifecycleStates", + "description": "This end-point lists all the LifecycleStates associated with IdentityProfiles.\nA token with API, or ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:identity-profile-lifecycle-state:read" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "description": "The IdentityProfile id", + "required": true, + "schema": { + "type": "string" + }, + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "created,modified", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**" + } + ], + "responses": { + "200": { + "description": "List of LifecycleState objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "technicalName" + ], + "properties": { + "enabled": { + "type": "boolean", + "example": true, + "description": "Whether the lifecycle state is enabled or disabled." + }, + "technicalName": { + "type": "string", + "example": "Technical Name", + "description": "The technical name for lifecycle state. This is for internal use." + }, + "description": { + "type": "string", + "example": "Lifecycle description", + "description": "Lifecycle state description." + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 42, + "readOnly": true, + "description": "Number of identities that have the lifecycle state." + }, + "emailNotificationOption": { + "type": "object", + "description": "This is used for representing email configuration for a lifecycle state", + "properties": { + "notifyManagers": { + "type": "boolean", + "example": true, + "description": "If true, then the manager is notified of the lifecycle state change." + }, + "notifyAllAdmins": { + "type": "boolean", + "example": true, + "description": "If true, then all the admins are notified of the lifecycle state change." + }, + "notifySpecificUsers": { + "type": "boolean", + "example": true, + "description": "If true, then the users specified in \"emailAddressList\" below are notified of lifecycle state change." + }, + "emailAddressList": { + "type": "array", + "example": [ + "test@test.com", + "test2@test.com" + ], + "items": { + "type": "string" + }, + "description": "List of user email addresses. If \"notifySpecificUsers\" option is true, then these users are notified of lifecycle state change." + } + } + }, + "accountActions": { + "type": "array", + "items": { + "type": "object", + "description": "Object for specifying Actions to be performed on a specified list of sources' account.", + "properties": { + "action": { + "example": "ENABLE", + "type": "string", + "description": "Describes if action will be enabled or disabled", + "enum": [ + "ENABLE", + "DISABLE" + ] + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique source IDs. The sources must have the ENABLE feature or flat file source. See \"/sources\" endpoint for source features." + } + } + } + }, + "accessProfileIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique access-profile IDs that are associated with the lifecycle state." + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createLifecycleState", + "tags": [ + "Lifecycle States" + ], + "summary": "Create Lifecycle State", + "description": "This API creates a new Lifecycle State.\nA token with ORG_ADMIN or API authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:identity-profile-lifecycle-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "description": "Identity Profile ID", + "required": true, + "schema": { + "type": "string" + }, + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "description": "Lifecycle State", + "required": true, + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "technicalName" + ], + "properties": { + "enabled": { + "type": "boolean", + "example": true, + "description": "Whether the lifecycle state is enabled or disabled." + }, + "technicalName": { + "type": "string", + "example": "Technical Name", + "description": "The technical name for lifecycle state. This is for internal use." + }, + "description": { + "type": "string", + "example": "Lifecycle description", + "description": "Lifecycle state description." + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 42, + "readOnly": true, + "description": "Number of identities that have the lifecycle state." + }, + "emailNotificationOption": { + "type": "object", + "description": "This is used for representing email configuration for a lifecycle state", + "properties": { + "notifyManagers": { + "type": "boolean", + "example": true, + "description": "If true, then the manager is notified of the lifecycle state change." + }, + "notifyAllAdmins": { + "type": "boolean", + "example": true, + "description": "If true, then all the admins are notified of the lifecycle state change." + }, + "notifySpecificUsers": { + "type": "boolean", + "example": true, + "description": "If true, then the users specified in \"emailAddressList\" below are notified of lifecycle state change." + }, + "emailAddressList": { + "type": "array", + "example": [ + "test@test.com", + "test2@test.com" + ], + "items": { + "type": "string" + }, + "description": "List of user email addresses. If \"notifySpecificUsers\" option is true, then these users are notified of lifecycle state change." + } + } + }, + "accountActions": { + "type": "array", + "items": { + "type": "object", + "description": "Object for specifying Actions to be performed on a specified list of sources' account.", + "properties": { + "action": { + "example": "ENABLE", + "type": "string", + "description": "Describes if action will be enabled or disabled", + "enum": [ + "ENABLE", + "DISABLE" + ] + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique source IDs. The sources must have the ENABLE feature or flat file source. See \"/sources\" endpoint for source features." + } + } + } + }, + "accessProfileIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique access-profile IDs that are associated with the lifecycle state." + } + } + } + ] + } + } + } + }, + "responses": { + "201": { + "description": "Created LifecycleState object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "technicalName" + ], + "properties": { + "enabled": { + "type": "boolean", + "example": true, + "description": "Whether the lifecycle state is enabled or disabled." + }, + "technicalName": { + "type": "string", + "example": "Technical Name", + "description": "The technical name for lifecycle state. This is for internal use." + }, + "description": { + "type": "string", + "example": "Lifecycle description", + "description": "Lifecycle state description." + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 42, + "readOnly": true, + "description": "Number of identities that have the lifecycle state." + }, + "emailNotificationOption": { + "type": "object", + "description": "This is used for representing email configuration for a lifecycle state", + "properties": { + "notifyManagers": { + "type": "boolean", + "example": true, + "description": "If true, then the manager is notified of the lifecycle state change." + }, + "notifyAllAdmins": { + "type": "boolean", + "example": true, + "description": "If true, then all the admins are notified of the lifecycle state change." + }, + "notifySpecificUsers": { + "type": "boolean", + "example": true, + "description": "If true, then the users specified in \"emailAddressList\" below are notified of lifecycle state change." + }, + "emailAddressList": { + "type": "array", + "example": [ + "test@test.com", + "test2@test.com" + ], + "items": { + "type": "string" + }, + "description": "List of user email addresses. If \"notifySpecificUsers\" option is true, then these users are notified of lifecycle state change." + } + } + }, + "accountActions": { + "type": "array", + "items": { + "type": "object", + "description": "Object for specifying Actions to be performed on a specified list of sources' account.", + "properties": { + "action": { + "example": "ENABLE", + "type": "string", + "description": "Describes if action will be enabled or disabled", + "enum": [ + "ENABLE", + "DISABLE" + ] + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique source IDs. The sources must have the ENABLE feature or flat file source. See \"/sources\" endpoint for source features." + } + } + } + }, + "accessProfileIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique access-profile IDs that are associated with the lifecycle state." + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}": { + "get": { + "operationId": "getLifecycleState", + "tags": [ + "Lifecycle States" + ], + "summary": "Retrieves Lifecycle State", + "description": "This endpoint retrieves a Lifecycle State.\nA token with ORG_ADMIN or API authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:identity-profile-lifecycle-state:read" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "description": "Identity Profile ID", + "required": true, + "schema": { + "type": "string" + }, + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + { + "in": "path", + "name": "lifecycle-state-id", + "description": "Lifecycle State ID", + "required": true, + "schema": { + "type": "string" + }, + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "The requested LifecycleState was successfully retrieved.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "technicalName" + ], + "properties": { + "enabled": { + "type": "boolean", + "example": true, + "description": "Whether the lifecycle state is enabled or disabled." + }, + "technicalName": { + "type": "string", + "example": "Technical Name", + "description": "The technical name for lifecycle state. This is for internal use." + }, + "description": { + "type": "string", + "example": "Lifecycle description", + "description": "Lifecycle state description." + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 42, + "readOnly": true, + "description": "Number of identities that have the lifecycle state." + }, + "emailNotificationOption": { + "type": "object", + "description": "This is used for representing email configuration for a lifecycle state", + "properties": { + "notifyManagers": { + "type": "boolean", + "example": true, + "description": "If true, then the manager is notified of the lifecycle state change." + }, + "notifyAllAdmins": { + "type": "boolean", + "example": true, + "description": "If true, then all the admins are notified of the lifecycle state change." + }, + "notifySpecificUsers": { + "type": "boolean", + "example": true, + "description": "If true, then the users specified in \"emailAddressList\" below are notified of lifecycle state change." + }, + "emailAddressList": { + "type": "array", + "example": [ + "test@test.com", + "test2@test.com" + ], + "items": { + "type": "string" + }, + "description": "List of user email addresses. If \"notifySpecificUsers\" option is true, then these users are notified of lifecycle state change." + } + } + }, + "accountActions": { + "type": "array", + "items": { + "type": "object", + "description": "Object for specifying Actions to be performed on a specified list of sources' account.", + "properties": { + "action": { + "example": "ENABLE", + "type": "string", + "description": "Describes if action will be enabled or disabled", + "enum": [ + "ENABLE", + "DISABLE" + ] + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique source IDs. The sources must have the ENABLE feature or flat file source. See \"/sources\" endpoint for source features." + } + } + } + }, + "accessProfileIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique access-profile IDs that are associated with the lifecycle state." + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateLifecycleStates", + "tags": [ + "Lifecycle States" + ], + "summary": "Update Lifecycle State", + "description": "This endpoint updates individual Lifecycle State fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\nA token with ORG_ADMIN or API authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:identity-profile-lifecycle-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "description": "Identity Profile ID", + "required": true, + "schema": { + "type": "string" + }, + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + { + "in": "path", + "name": "lifecycle-state-id", + "description": "Lifecycle State ID", + "required": true, + "schema": { + "type": "string" + }, + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields can be updated:\n* enabled\n* description\n* accountActions\n* accessProfileIds\n* emailNotificationOption\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/description", + "value": "Updated description!" + }, + { + "op": "replace", + "path": "/accessProfileIds", + "value": [ + "2c918087742bab150174407a80f3125e", + "2c918087742bab150174407a80f3124f" + ] + }, + { + "op": "replace", + "path": "/accountActions", + "value": [ + { + "action": "ENABLE", + "sourceIds": [ + "2c9180846a2f82fb016a481c1b1560c5", + "2c9180846a2f82fb016a481c1b1560cc" + ] + }, + { + "action": "DISABLE", + "sourceIds": [ + "2c91808869a0c9980169a207258513fb" + ] + } + ] + }, + { + "op": "replace", + "path": "/emailNotificationOption", + "value": { + "notifyManagers": true, + "notifyAllAdmins": false, + "notifySpecificUsers": false, + "emailAddressList": [] + } + } + ] + } + } + }, + "responses": { + "200": { + "description": "The LifecycleState was successfully updated.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "technicalName" + ], + "properties": { + "enabled": { + "type": "boolean", + "example": true, + "description": "Whether the lifecycle state is enabled or disabled." + }, + "technicalName": { + "type": "string", + "example": "Technical Name", + "description": "The technical name for lifecycle state. This is for internal use." + }, + "description": { + "type": "string", + "example": "Lifecycle description", + "description": "Lifecycle state description." + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 42, + "readOnly": true, + "description": "Number of identities that have the lifecycle state." + }, + "emailNotificationOption": { + "type": "object", + "description": "This is used for representing email configuration for a lifecycle state", + "properties": { + "notifyManagers": { + "type": "boolean", + "example": true, + "description": "If true, then the manager is notified of the lifecycle state change." + }, + "notifyAllAdmins": { + "type": "boolean", + "example": true, + "description": "If true, then all the admins are notified of the lifecycle state change." + }, + "notifySpecificUsers": { + "type": "boolean", + "example": true, + "description": "If true, then the users specified in \"emailAddressList\" below are notified of lifecycle state change." + }, + "emailAddressList": { + "type": "array", + "example": [ + "test@test.com", + "test2@test.com" + ], + "items": { + "type": "string" + }, + "description": "List of user email addresses. If \"notifySpecificUsers\" option is true, then these users are notified of lifecycle state change." + } + } + }, + "accountActions": { + "type": "array", + "items": { + "type": "object", + "description": "Object for specifying Actions to be performed on a specified list of sources' account.", + "properties": { + "action": { + "example": "ENABLE", + "type": "string", + "description": "Describes if action will be enabled or disabled", + "enum": [ + "ENABLE", + "DISABLE" + ] + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique source IDs. The sources must have the ENABLE feature or flat file source. See \"/sources\" endpoint for source features." + } + } + } + }, + "accessProfileIds": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ], + "description": "List of unique access-profile IDs that are associated with the lifecycle state." + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteLifecycleState", + "tags": [ + "Lifecycle States" + ], + "summary": "Delete Lifecycle State by ID", + "description": "This endpoint deletes the Lifecycle State using it's ID.\nA token with API, or ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:identity-profile-lifecycle-state:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "description": "Identity Profile ID", + "required": true, + "schema": { + "type": "string" + }, + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + { + "in": "path", + "name": "lifecycle-state-id", + "description": "Lifecycle State ID", + "required": true, + "schema": { + "type": "string" + }, + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "202": { + "description": "The request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/identity-profiles": { + "get": { + "operationId": "listIdentityProfiles", + "tags": [ + "Identity Profiles" + ], + "summary": "Identity Profiles List", + "description": "This returns a list of Identity Profiles based on the specified query parameters.\nA token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "id,name", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**" + } + ], + "responses": { + "200": { + "description": "List of identityProfiles.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile", + "nullable": true + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + } + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made.", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "description": "Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.", + "properties": { + "enabled": { + "description": "The backend will only promote values if the profile/mapping is enabled.", + "type": "boolean", + "default": false, + "example": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "description": "Defines a transformation definition for an identity attribute.", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute.", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition.", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report." + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": false, + "example": true + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:read" + ] + } + ] + } + }, + "/identity-profiles/export": { + "get": { + "operationId": "exportIdentityProfiles", + "tags": [ + "Identity Profiles" + ], + "summary": "Export Identity Profiles", + "description": "This exports existing identity profiles in the format specified by the sp-config service.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*" + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "id,name", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**" + } + ], + "responses": { + "200": { + "description": "List of export objects with identity profiles.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "Identity Profile exported object", + "properties": { + "version": { + "type": "integer", + "example": 1, + "description": "Version or object from the target service.", + "format": "int32" + }, + "self": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "object": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile", + "nullable": true + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + } + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made.", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "description": "Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.", + "properties": { + "enabled": { + "description": "The backend will only promote values if the profile/mapping is enabled.", + "type": "boolean", + "default": false, + "example": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "description": "Defines a transformation definition for an identity attribute.", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute.", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition.", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report." + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": false, + "example": true + } + } + } + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:read" + ] + } + ] + } + }, + "/identity-profiles/import": { + "post": { + "operationId": "importIdentityProfiles", + "summary": "Import Identity Profiles", + "description": "This imports previously exported identity profiles.", + "tags": [ + "Identity Profiles" + ], + "requestBody": { + "description": "Previously exported Identity Profiles.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "Identity Profile exported object", + "properties": { + "version": { + "type": "integer", + "example": 1, + "description": "Version or object from the target service.", + "format": "int32" + }, + "self": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "object": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile", + "nullable": true + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + } + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made.", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "description": "Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.", + "properties": { + "enabled": { + "description": "The backend will only promote values if the profile/mapping is enabled.", + "type": "boolean", + "default": false, + "example": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "description": "Defines a transformation definition for an identity attribute.", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute.", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition.", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report." + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": false, + "example": true + } + } + } + ] + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The result of importing Identity Profiles.", + "content": { + "application/json": { + "schema": { + "type": "object", + "title": "Import Object Response Body", + "description": "Response model for import of a single object.", + "properties": { + "infos": { + "description": "Informational messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": true, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "warnings": { + "description": "Warning messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": true, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "errors": { + "description": "Error messages returned from the target service on import.", + "type": "array", + "items": { + "type": "object", + "title": "Config Import/Export Message", + "description": "Message model for Config Import/Export.", + "properties": { + "key": { + "type": "string", + "description": "Message key.", + "example": "UNKNOWN_REFERENCE_RESOLVER" + }, + "text": { + "type": "string", + "description": "Message text.", + "example": "Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]" + }, + "details": { + "type": "object", + "description": "Message details if any, in key:value pairs.", + "additionalProperties": true, + "example": { + "details": "message details" + } + } + }, + "required": [ + "key", + "text", + "details" + ] + } + }, + "importedObjects": { + "description": "References to objects that were created or updated by the import.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "required": [ + "infos", + "warnings", + "errors", + "importedObjects" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/identity-profiles/{identity-profile-id}": { + "get": { + "operationId": "getIdentityProfile", + "tags": [ + "Identity Profiles" + ], + "summary": "Get single Identity Profile", + "description": "This returns a single Identity Profile based on ID.\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The Identity Profile ID.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + } + ], + "responses": { + "200": { + "description": "An Identity Profile object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile", + "nullable": true + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + } + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made.", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "description": "Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.", + "properties": { + "enabled": { + "description": "The backend will only promote values if the profile/mapping is enabled.", + "type": "boolean", + "default": false, + "example": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "description": "Defines a transformation definition for an identity attribute.", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute.", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition.", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report." + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": false, + "example": true + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:read" + ] + } + ] + } + }, + "/identity-profiles/{identity-profile-id}/default-identity-attribute-config": { + "get": { + "operationId": "getDefaultIdentityAttributeConfig", + "tags": [ + "Identity Profiles" + ], + "summary": "Get default Identity Attribute Config", + "description": "This returns the default identity attribute config.\nA token with ORG_ADMIN authority is required to call this API to get the default identity attribute config.", + "parameters": [ + { + "in": "path", + "name": "identity-profile-id", + "schema": { + "type": "string", + "format": "uuid" + }, + "required": true, + "description": "The Identity Profile ID.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + } + ], + "responses": { + "200": { + "description": "An Identity Attribute Config object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.", + "properties": { + "enabled": { + "description": "The backend will only promote values if the profile/mapping is enabled.", + "type": "boolean", + "default": false, + "example": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "description": "Defines a transformation definition for an identity attribute.", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute.", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition.", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:identity-profile:manage" + ] + } + ] + } + }, + "/non-employee-records": { + "post": { + "operationId": "createNonEmployeeRecord", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Create Non-Employee Record", + "description": "This request will create a non-employee record.\nRequires role context of `idn:nesr:create`", + "requestBody": { + "description": "Non-Employee record creation request body.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.", + "example": { + "description": "Auditing" + } + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + } + }, + "required": [ + "accountName", + "firstName", + "lastName", + "email", + "phone", + "manager", + "sourceId", + "startDate", + "endDate" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Created non-employee record.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "Abby.Smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listNonEmployeeRecords", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "List Non-Employee Records", + "description": "This gets a list of non-employee records. There are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.\n 2. The user is an account manager, in which case they can get a list of the non-employees that they manage.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "accountName,sourceId", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**" + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ], + "responses": { + "200": { + "description": "Non-Employee record objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "Abby.Smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-records/{id}": { + "get": { + "operationId": "getNonEmployeeRecord", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get a Non-Employee Record", + "description": "This gets a non-employee record.\nRequires role context of `idn:nesr:read`", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee record id (UUID)", + "required": true, + "example": "ef38f94347e94562b5bb8424a56397d8", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Non-Employee record object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "Abby.Smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updateNonEmployeeRecord", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Update Non-Employee Record", + "description": "This request will update a non-employee record. There are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:update`, in which case they\nupdate all available fields.\n 2. The user is owner of the source, in this case they can only update the\nend date.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-employee record id (UUID)", + "example": "ef38f94347e94562b5bb8424a56397d8", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "description": "Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.", + "example": { + "description": "Auditing" + } + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + } + }, + "required": [ + "accountName", + "firstName", + "lastName", + "email", + "phone", + "manager", + "sourceId", + "startDate", + "endDate" + ] + } + } + } + }, + "responses": { + "200": { + "description": "An updated non-employee record.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "Abby.Smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchNonEmployeeRecord", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Patch Non-Employee Record", + "description": "This request will patch a non-employee record. There are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:update`, in which case they\nupdate all available fields.\n 2. The user is owner of the source, in this case they can only update the\nend date.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-employee record id (UUID)", + "example": "ef38f94347e94562b5bb8424a56397d8", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "description": "A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.", + "required": true, + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/endDate", + "value": "2019-08-23T18:40:35.772Z" + } + ] + } + } + }, + "responses": { + "200": { + "description": "A patched non-employee record.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee record id.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "Abby.Smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2019-08-23T18:52:59.162Z" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2020-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeRecord", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Non-Employee Record", + "description": "This request will delete a non-employee record.\nRequires role context of `idn:nesr:delete`", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee record id (UUID)", + "example": "ef38f94347e94562b5bb8424a56397d8", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-records/bulk-delete": { + "post": { + "operationId": "deleteNonEmployeeRecordsInBulk", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Multiple Non-Employee Records", + "description": "This request will delete multiple non-employee records based on the non-employee ids provided. Requires role context of `idn:nesr:delete`", + "requestBody": { + "description": "Non-Employee bulk delete request body.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "ids": { + "description": "List of non-employee ids.", + "type": "array", + "items": { + "type": "string", + "format": "uuid" + }, + "example": [ + "2b838de9-db9b-abcf-e646-d4f274ad4238", + "2d838de9-db9b-abcf-e646-d4f274ad4238" + ] + } + }, + "required": [ + "ids" + ] + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-requests": { + "post": { + "operationId": "createNonEmployeeRequest", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Create Non-Employee Request", + "description": "This request will create a non-employee request and notify the approver. Requires role context of `idn:nesr:create` or the user must own the source.", + "requestBody": { + "description": "Non-Employee creation request body", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "sourceId": { + "type": "string", + "description": "Non-Employee's source id.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.", + "example": { + "description": "Auditing" + } + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + } + }, + "required": [ + "accountName", + "firstName", + "lastName", + "email", + "phone", + "manager", + "sourceId", + "startDate", + "endDate" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Non-Employee request creation object", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "nonEmployeeSource": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "approvalItems": { + "description": "List of approval item for the request", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1, + "format": "float" + }, + "comment": { + "type": "string", + "description": "comment of approver", + "example": "I approve" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "comment": { + "type": "string", + "description": "comment of requester", + "example": "approved" + }, + "completionDate": { + "type": "string", + "format": "date-time", + "description": "When the request was completely approved.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2020-03-24T11:11:41.139-05:00" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "400.1 Bad Request Content": { + "description": "Response for bad request content", + "value": { + "detailCode": "400.1 Bad Request Content", + "trackingId": "e7eab60924f64aa284175b9fa3309599", + "messages": [ + { + "locale": "en", + "localeOrigin": "REQUEST", + "text": "firstName is required; accountName is required;" + } + ] + } + }, + "400.1.409 Reference conflict": { + "description": "Response for reference conflict", + "value": { + "detailCode": "400.1.409 Reference conflict", + "trackingId": "e7eab60924f64aa284175b9fa3309599", + "messages": [ + { + "locale": "en", + "localeOrigin": "REQUEST", + "text": "Unable to create Non-Employee because the accountName \"existed\" is already being used." + } + ] + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listNonEmployeeRequests", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "List Non-Employee Requests", + "description": "This gets a list of non-employee requests. There are two contextual uses for the `requested-for` path parameter:\n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request a list non-employee requests assigned to a particular account manager by passing in that manager's id.\n 2. The current user is an account manager, in which case \"me\" should be\nprovided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "requested-for", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d", + "description": "The identity for whom the request was made. *me* indicates the current user." + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "created,approvalStatus", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**" + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "example": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ], + "responses": { + "200": { + "description": "List of non-employee request objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "nonEmployeeSource": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "approvalItems": { + "description": "List of approval item for the request", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1, + "format": "float" + }, + "comment": { + "type": "string", + "description": "comment of approver", + "example": "I approve" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "comment": { + "type": "string", + "description": "comment of requester", + "example": "approved" + }, + "completionDate": { + "type": "string", + "format": "date-time", + "description": "When the request was completely approved.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2020-03-24T11:11:41.139-05:00" + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-requests/{id}": { + "get": { + "operationId": "getNonEmployeeRequest", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get a Non-Employee Request", + "description": "This gets a non-employee request.\nThere are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:read`, in this case the user\ncan get the non-employee request for any user.\n 2. The user must be the owner of the non-employee request.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee request id (UUID)", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Non-Employee request object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "nonEmployeeSource": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "approvalItems": { + "description": "List of approval item for the request", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1, + "format": "float" + }, + "comment": { + "type": "string", + "description": "comment of approver", + "example": "I approve" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "comment": { + "type": "string", + "description": "comment of requester", + "example": "approved" + }, + "completionDate": { + "type": "string", + "format": "date-time", + "description": "When the request was completely approved.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment start date.", + "example": "2020-03-24T00:00:00-05:00" + }, + "endDate": { + "type": "string", + "format": "date-time", + "description": "Non-Employee employment end date.", + "example": "2021-03-25T00:00:00-05:00" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2020-03-24T11:11:41.139-05:00" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeRequest", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Non-Employee Request", + "description": "This request will delete a non-employee request. \nRequires role context of `idn:nesr:delete`", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee request id in the UUID format", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + }, + "example": "ac110005-7156-1150-8171-5b292e3e0084" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-requests/summary/{requested-for}": { + "get": { + "operationId": "getNonEmployeeRequestSummary", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get Summary of Non-Employee Requests", + "description": "This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter:\n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id.\n 2. The current user is an account manager, in which case \"me\" should be\nprovided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.", + "parameters": [ + { + "in": "path", + "name": "requested-for", + "description": "The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use \"me\" instead to indicate the current user.", + "required": true, + "schema": { + "type": "string", + "format": "uuid (if user is Org Admin)" + }, + "example": "2c91808280430dfb0180431a59440460" + } + ], + "responses": { + "200": { + "description": "Non-Employee request summary object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approved": { + "type": "integer", + "description": "The number of approved non-employee requests on all sources that *requested-for* user manages.", + "example": 2, + "format": "int32" + }, + "rejected": { + "type": "integer", + "description": "The number of rejected non-employee requests on all sources that *requested-for* user manages.", + "example": 2, + "format": "int32" + }, + "pending": { + "type": "integer", + "description": "The number of pending non-employee requests on all sources that *requested-for* user manages.", + "example": 2, + "format": "int32" + }, + "nonEmployeeCount": { + "type": "integer", + "description": "The number of non-employee records on all sources that *requested-for* user manages.", + "example": 2, + "format": "int32" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources": { + "post": { + "operationId": "createNonEmployeeSource", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Create Non-Employee Source", + "description": "This request will create a non-employee source. Requires role context of `idn:nesr:create`", + "requestBody": { + "description": "Non-Employee source creation request body.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Description of non-employee source.", + "example": "Source description" + }, + "owner": { + "description": "Owner of non-employee source.", + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Identity id.", + "example": "2c91808570313110017040b06f344ec9" + } + }, + "required": [ + "id" + ] + }, + "managementWorkgroup": { + "type": "string", + "description": "The ID for the management workgroup that contains source sub-admins", + "example": "123299" + }, + "approvers": { + "description": "List of approvers.", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Identity id.", + "example": "2c91808570313110017040b06f344ec9" + } + }, + "required": [ + "id" + ] + }, + "maxItems": 3 + }, + "accountManagers": { + "description": "List of account managers.", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Identity id.", + "example": "2c91808570313110017040b06f344ec9" + } + }, + "required": [ + "id" + ] + }, + "maxItems": 10 + } + }, + "required": [ + "owner", + "name", + "description" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Created non-employee source.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "approvers": { + "description": "List of approvers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "accountManagers": { + "description": "List of account managers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "cloudExternalId": { + "type": "string", + "description": "Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present.", + "example": "99999" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listNonEmployeeSources", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "List Non-Employee Sources", + "description": "This gets a list of non-employee sources. There are two contextual uses for the requested-for path parameter: \n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request a list sources assigned to a particular account manager by passing in that manager's id.\n 2. The current user is an account manager, in which case \"me\" should be\nprovided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "requested-for", + "required": true, + "schema": { + "type": "string" + }, + "example": "me", + "description": "The identity for whom the request was made. *me* indicates the current user." + }, + { + "in": "query", + "name": "non-employee-count", + "required": false, + "example": true, + "schema": { + "type": "boolean" + }, + "description": "The flag to determine whether return a non-employee count associate with source." + }, + { + "in": "query", + "name": "sorters", + "required": false, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "name,created", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**" + } + ], + "responses": { + "200": { + "description": "List of non-employee sources objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "approvers": { + "description": "List of approvers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "accountManagers": { + "description": "List of account managers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "nonEmployeeCount": { + "type": "integer", + "description": "Number of non-employee records associated with this source.", + "format": "int32", + "example": 120 + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{sourceId}": { + "get": { + "operationId": "getNonEmployeeSource", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get a Non-Employee Source", + "description": "This gets a non-employee source. There are two contextual uses for the requested-for path parameter: \n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request any source.\n 2. The current user is an account manager, in which case the user can only\nrequest sources that they own.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "description": "Source Id", + "example": "2c91808b7c28b350017c2a2ec5790aa1", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Non-Employee source object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "approvers": { + "description": "List of approvers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "accountManagers": { + "description": "List of account managers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchNonEmployeeSource", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Patch a Non-Employee Source", + "description": "patch a non-employee source. (partial update)
Patchable field: **name, description, approvers, accountManagers** Requires role context of `idn:nesr:update`.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "description": "Source Id", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + } + ], + "requestBody": { + "description": "A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "required": true, + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/name", + "value": { + "new name": null + } + }, + { + "op": "replace", + "path": "/approvers", + "value": [ + "2c91809f703bb37a017040a2fe8748c7", + "48b1f463c9e8427db5a5071bd81914b8" + ] + } + ] + } + } + }, + "responses": { + "200": { + "description": "A patched non-employee source object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "approvers": { + "description": "List of approvers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "accountManagers": { + "description": "List of account managers", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeSource", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete Non-Employee Source", + "description": "This request will delete a non-employee source. Requires role context of `idn:nesr:delete`.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "description": "Source Id", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{id}/non-employees/download": { + "get": { + "operationId": "exportNonEmployeeRecords", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Exports Non-Employee Records to CSV", + "description": "This requests a CSV download for all non-employees from a provided source. Requires role context of `idn:nesr:read`", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Source Id (UUID)", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + } + ], + "responses": { + "200": { + "description": "Exported CSV", + "content": { + "text/csv": { + "example": "accountName,firstName,lastName,phone,email,manager,startDate,endDate\nJon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00\nWilliam.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00\n" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{id}/non-employee-bulk-upload": { + "post": { + "operationId": "importNonEmployeeRecordsInBulk", + "security": [ + { + "oauth2": [ + "idn:nelm:manage" + ] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Imports, or Updates, Non-Employee Records", + "description": "This post will import, or update, Non-Employee records found in the CSV. Requires role context of `idn:nesr:create`", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Source Id (UUID)", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + } + ], + "requestBody": { + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "data": { + "type": "string", + "format": "binary" + } + }, + "required": [ + "data" + ] + } + } + } + }, + "responses": { + "202": { + "description": "The CSV was accepted to be bulk inserted now or at a later time.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The bulk upload job's ID. (UUID)", + "example": "2c91808568c529c60168cca6f90cffff" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source to bulk-upload non-employees to. (UUID)", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date-time the job was submitted.", + "example": "2019-08-23T18:52:59.162Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date-time that the job was last updated.", + "example": "2019-08-23T18:52:59.162Z" + }, + "status": { + "type": "string", + "enum": [ + "PENDING", + "IN_PROGRESS", + "COMPLETED", + "ERROR" + ], + "description": "Returns the following values indicating the progress or result of the bulk upload job.\n\"PENDING\" means the job is queued and waiting to be processed.\n\"IN_PROGRESS\" means the job is currently being processed.\n\"COMPLETED\" means the job has been completed without any errors.\n\"ERROR\" means the job failed to process with errors.\n", + "example": "PENDING" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.\nThe response body will contain the list of specific errors with one on each line.\n", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{id}/non-employee-bulk-upload/status": { + "get": { + "operationId": "getNonEmployeeBulkUploadStatus", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Obtain the status of bulk upload on the source", + "description": "The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.\nRequires role context of `idn:nesr:read`\n", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Source ID (UUID)", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + } + ], + "responses": { + "200": { + "description": "Status of the newest bulk-upload job, if any.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "PENDING", + "IN_PROGRESS", + "COMPLETED", + "ERROR" + ], + "description": "Returns the following values indicating the progress or result of the bulk upload job.\n\"PENDING\" means the job is queued and waiting to be processed.\n\"IN_PROGRESS\" means the job is currently being processed.\n\"COMPLETED\" means the job has been completed without any errors.\n\"ERROR\" means the job failed to process with errors.\nnull means job has been submitted to the source.\n", + "example": "PENDING" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{id}/schema-attributes-template/download": { + "get": { + "operationId": "exportNonEmployeeSourceSchemaTemplate", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Exports Source Schema Template", + "description": "This requests a download for the Source Schema Template for a provided source. Requires role context of `idn:nesr:read`", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Source Id (UUID)", + "required": true, + "example": "ef38f94347e94562b5bb8424a56397d8", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Exported Source Schema Template", + "content": { + "text/csv": { + "example": "accountName,firstName,lastName,phone,email,manager,startDate,endDate\n" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals": { + "get": { + "operationId": "listNonEmployeeApprovals", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get List of Non-Employee Approval Requests", + "description": "This gets a list of non-employee approval requests.\nThere are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:read`, in which case they\ncan list the approvals for any approver.\n 2. The user owns the requested approval.", + "parameters": [ + { + "in": "query", + "name": "requested-for", + "schema": { + "type": "string" + }, + "description": "The identity for whom the request was made. *me* indicates the current user.", + "required": false, + "example": "2c91808280430dfb0180431a59440460" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"", + "example": "approvalStatus eq \"Pending\"", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**", + "required": false, + "example": "created" + } + ], + "responses": { + "200": { + "description": "List of approval items.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1, + "format": "float" + }, + "comment": { + "type": "string", + "description": "comment of approver", + "example": "I approve" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + }, + { + "type": "object", + "properties": { + "nonEmployeeRequest": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee request id.", + "example": "ac110005-7156-1150-8171-5b292e3e0084" + }, + "requester": { + "example": { + "type": "IDENTITY", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "William Smith" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + } + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals/{id}": { + "get": { + "operationId": "getNonEmployeeApproval", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get a non-employee approval item detail", + "description": "Gets a non-employee approval item detail. There are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:read`, in which case they\ncan get any approval.\n 2. The user owns the requested approval.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee approval item id (UUID)", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + }, + { + "in": "query", + "name": "include-detail", + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "required": false, + "schema": { + "type": "boolean" + }, + "example": true + } + ], + "responses": { + "200": { + "description": "Non-Employee approval item object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1, + "format": "float" + }, + "comment": { + "type": "string", + "description": "comment of approver", + "example": "I approve" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + }, + { + "type": "object", + "properties": { + "nonEmployeeRequest": { + "description": "Non-Employee request associated to this approval", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee request id.", + "example": "ac110005-7156-1150-8171-5b292e3e0084" + }, + "requester": { + "example": { + "type": "IDENTITY", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "William Smith" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + } + }, + { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Requested identity account name.", + "example": "william.smith" + }, + "firstName": { + "type": "string", + "description": "Non-Employee's first name.", + "example": "William" + }, + "lastName": { + "type": "string", + "description": "Non-Employee's last name.", + "example": "Smith" + }, + "email": { + "type": "string", + "description": "Non-Employee's email.", + "example": "william.smith@example.com" + }, + "phone": { + "type": "string", + "description": "Non-Employee's phone.", + "example": "5555555555" + }, + "manager": { + "type": "string", + "description": "The account ID of a valid identity to serve as this non-employee's manager.", + "example": "jane.doe" + }, + "nonEmployeeSource": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee source id.", + "example": "a0303682-5e4a-44f7-bdc2-6ce6112549c1" + }, + "sourceId": { + "type": "string", + "description": "Source Id associated with this non-employee source.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Source name associated with this non-employee source.", + "example": "Retail" + }, + "description": { + "type": "string", + "description": "Source description associated with this non-employee source.", + "example": "Source description" + } + } + }, + { + "type": "object", + "properties": { + "schemaAttributes": { + "description": "List of schema attributes associated with this non-employee source.", + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts.", + "example": "TEXT" + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + } + ] + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Attribute blob/bag for a non-employee.", + "example": { + "description": "Auditing" + } + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "comment": { + "type": "string", + "description": "comment of requester", + "example": "approved" + }, + "completionDate": { + "type": "string", + "format": "date-time", + "description": "When the request was completely approved.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "startDate": { + "type": "string", + "format": "date", + "description": "Non-Employee employment start date.", + "example": "2020-03-24" + }, + "endDate": { + "type": "string", + "format": "date", + "description": "Non-Employee employment end date.", + "example": "2021-03-25" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2020-03-24T11:11:41.139-05:00" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2020-03-24T11:11:41.139-05:00" + } + } + } + ] + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals/{id}/approve": { + "post": { + "operationId": "approveNonEmployeeRequest", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Approve a Non-Employee Request", + "description": "Approves a non-employee approval request and notifies the next approver. The current user must be the requested approver.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee approval item id (UUID)", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Comment on the approval item.", + "maxLength": 4000, + "example": "Approved by manager" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Non-Employee approval item object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1, + "format": "float" + }, + "comment": { + "type": "string", + "description": "comment of approver", + "example": "I approve" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + }, + { + "type": "object", + "properties": { + "nonEmployeeRequest": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee request id.", + "example": "ac110005-7156-1150-8171-5b292e3e0084" + }, + "requester": { + "example": { + "type": "IDENTITY", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "William Smith" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals/{id}/reject": { + "post": { + "operationId": "rejectNonEmployeeRequest", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Reject a Non-Employee Request", + "description": "This endpoint will reject an approval item request and notify user. The current user must be the requested approver.", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Non-Employee approval item id (UUID)", + "required": true, + "schema": { + "type": "string" + }, + "example": "e136567de87e4d029e60b3c3c55db56d" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Comment on the approval item.", + "maxLength": 4000, + "example": "approved" + } + }, + "required": [ + "comment" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Non-Employee approval item object.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee approval item id", + "example": "2c1e388b-1e55-4b0a-ab5c-897f1204159c" + }, + "approver": { + "description": "Reference to the associated Identity", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + }, + "accountName": { + "type": "string", + "description": "Requested identity account name", + "example": "test.account" + }, + "approvalStatus": { + "type": "string", + "enum": [ + "APPROVED", + "REJECTED", + "PENDING", + "NOT_READY", + "CANCELLED" + ], + "description": "Enum representing the non-employee request approval status", + "example": "APPROVED" + }, + "approvalOrder": { + "type": "number", + "description": "Approval order", + "example": 1, + "format": "float" + }, + "comment": { + "type": "string", + "description": "comment of approver", + "example": "I approve" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the request was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the request was created.", + "example": "2019-08-23T18:40:35.772Z" + } + } + }, + { + "type": "object", + "properties": { + "nonEmployeeRequest": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "description": "Non-Employee request id.", + "example": "ac110005-7156-1150-8171-5b292e3e0084" + }, + "requester": { + "example": { + "type": "IDENTITY", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "William Smith" + }, + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GOVERNANCE_GROUP", + "IDENTITY" + ], + "example": "IDENTITY", + "description": "Identifies if the identity is a normal identity or a governance group" + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "5168015d32f890ca15812c9180835d2e" + } + } + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-approvals/summary/{requested-for}": { + "get": { + "operationId": "getNonEmployeeApprovalSummary", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get Summary of Non-Employee Approval Requests", + "description": "This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter:\n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id.\n 2. The current user is an approver, in which case \"me\" should be provided\nas the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.", + "parameters": [ + { + "in": "path", + "name": "requested-for", + "schema": { + "type": "string" + }, + "description": "The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use \"me\" instead to indicate the current user.", + "required": true, + "example": "2c91808280430dfb0180431a59440460" + } + ], + "responses": { + "200": { + "description": "summary of non-employee approval requests", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "approved": { + "type": "integer", + "description": "The number of approved non-employee approval requests.", + "format": "int32", + "example": 2 + }, + "pending": { + "type": "integer", + "description": "The number of pending non-employee approval requests.", + "format": "int32", + "example": 2 + }, + "rejected": { + "type": "integer", + "description": "The number of rejected non-employee approval requests.", + "format": "int32", + "example": 2 + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{sourceId}/schema-attributes": { + "get": { + "operationId": "getNonEmployeeSourceSchemaAttributes", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "List Schema Attributes Non-Employee Source", + "description": "This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned.\nRequires role context of `idn:nesr:read` or the user must be an account manager of the source.", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "example": "ef38f94347e94562b5bb8424a56397d8", + "description": "The Source id" + } + ], + "responses": { + "200": { + "description": "A list of Schema Attributes", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts.", + "example": "TEXT" + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + }, + "maxItems": 18 + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createNonEmployeeSourceSchemaAttributes", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Create a new Schema Attribute for Non-Employee Source", + "description": "This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a \"400.1.409 Reference conflict\" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a \"400.1.4 Limit violation\" response.\nRequires role context of `idn:nesr:create`", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Type of the attribute. Only type 'TEXT' is supported for custom attributes.", + "example": "TEXT" + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Schema Attribute created.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts.", + "example": "TEXT" + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeSourceSchemaAttributes", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete all custom schema attributes for Non-Employee Source", + "description": "This end-point deletes all custom schema attributes for a non-employee source. Requires role context of `idn:nesr:delete`", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "All custon Schema Attributes were successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/non-employee-sources/{sourceId}/schema-attributes/{attributeId}": { + "get": { + "operationId": "getNonEmployeeSchemaAttribute", + "security": [ + { + "oauth2": [] + } + ], + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Get Schema Attribute Non-Employee Source", + "description": "This API gets a schema attribute by Id for the specified Non-Employee SourceId. Requires role context of `idn:nesr:read` or the user must be an account manager of the source.", + "parameters": [ + { + "in": "path", + "name": "attributeId", + "schema": { + "type": "string" + }, + "required": true, + "example": "ef38f94347e94562b5bb8424a56397d8", + "description": "The Schema Attribute Id (UUID)" + }, + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "example": "ef38f94347e94562b5bb8424a56397d8", + "description": "The Source id" + } + ], + "responses": { + "200": { + "description": "The Schema Attribute", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts.", + "example": "TEXT" + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchNonEmployeeSchemaAttribute", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Patch a Schema Attribute for Non-Employee Source", + "description": "This end-point patches a specific schema attribute for a non-employee SourceId.\nRequires role context of `idn:nesr:update`\n", + "parameters": [ + { + "in": "path", + "name": "attributeId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema Attribute Id (UUID)", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "description": "A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update ':' 'label', 'helpText', 'placeholder', 'required'.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/label", + "value": { + "new attribute label": null + } + } + ] + } + }, + "required": true + }, + "responses": { + "200": { + "description": "The Schema Attribute was successfully patched.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "UUID", + "example": "ac110005-7156-1150-8171-5b292e3e0084", + "description": "Schema Attribute Id" + }, + "system": { + "type": "boolean", + "description": "True if this schema attribute is mandatory on all non-employees sources.", + "example": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was last modified.", + "example": "2019-08-23T18:52:59.162Z" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "When the schema attribute was created.", + "example": "2019-08-23T18:40:35.772Z" + }, + "type": { + "type": "string", + "enum": [ + "TEXT", + "DATE", + "IDENTITY" + ], + "description": "Enum representing the type of data a schema attribute accepts.", + "example": "TEXT" + }, + "label": { + "type": "string", + "description": "Label displayed on the UI for this schema attribute.", + "example": "Account Name" + }, + "technicalName": { + "type": "string", + "description": "The technical name of the attribute. Must be unique per source.", + "example": "account.name" + }, + "helpText": { + "type": "string", + "description": "help text displayed by UI.", + "example": "The unique identifier for the account" + }, + "placeholder": { + "type": "string", + "description": "Hint text that fills UI box.", + "example": "Enter a unique user name for this account." + }, + "required": { + "type": "boolean", + "description": "If true, the schema attribute is required for all non-employees in the source", + "example": true + } + }, + "required": [ + "type", + "technicalName", + "label" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteNonEmployeeSchemaAttribute", + "tags": [ + "Non-Employee Lifecycle Management" + ], + "summary": "Delete a Schema Attribute for Non-Employee Source", + "description": "This end-point deletes a specific schema attribute for a non-employee source.\nRequires role context of `idn:nesr:delete`\n", + "parameters": [ + { + "in": "path", + "name": "attributeId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema Attribute Id (UUID)", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "sourceId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "The Schema Attribute was successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/oauth-clients": { + "get": { + "operationId": "listOauthClients", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "List OAuth Clients", + "description": "This gets a list of OAuth clients.", + "parameters": [ + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "example": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ], + "responses": { + "200": { + "description": "List of OAuth clients.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the OAuth client", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "businessName": { + "type": "string", + "nullable": true, + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "nullable": true, + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "nullable": true, + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400 + }, + "redirectUris": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs used with the authorization_code flow", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal to IDN", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was created", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was last updated", + "example": "2018-06-25T20:22:28.104Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "id", + "businessName", + "homepageUrl", + "name", + "description", + "accessTokenValiditySeconds", + "refreshTokenValiditySeconds", + "redirectUris", + "grantTypes", + "accessType", + "type", + "internal", + "enabled", + "strongAuthSupported", + "claimsSupported", + "created", + "modified", + "scope" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createOauthClient", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "Create OAuth Client", + "description": "This creates an OAuth client.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "businessName": { + "type": "string", + "nullable": true, + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "nullable": true, + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "nullable": true, + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "nullable": true, + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "description": "The number of seconds an access token generated for this API Client is valid for", + "type": "integer", + "format": "int32", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400, + "type": "integer", + "format": "int32" + }, + "redirectUris": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client.", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "nullable": true, + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal within the product.", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client. If no scope is specified, the client will be created with the default scope \"sp:scopes:all\". This means the API Client will have all the rights of the owner who created it.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "name", + "description", + "accessTokenValiditySeconds", + "grantTypes", + "accessType", + "enabled" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the OAuth client", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "secret": { + "type": "string", + "description": "Secret of the OAuth client (This field is only returned on the intial create call.)", + "example": "5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3" + }, + "businessName": { + "type": "string", + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750, + "type": "integer", + "format": "int32" + }, + "refreshTokenValiditySeconds": { + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400, + "type": "integer", + "format": "int32" + }, + "redirectUris": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs used with the authorization_code flow", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal to IDN", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was created", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was last updated", + "example": "2018-06-25T20:22:28.104Z" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "id", + "secret", + "businessName", + "homepageUrl", + "name", + "description", + "accessTokenValiditySeconds", + "refreshTokenValiditySeconds", + "redirectUris", + "grantTypes", + "accessType", + "type", + "internal", + "enabled", + "strongAuthSupported", + "claimsSupported", + "created", + "modified", + "scope" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/oauth-clients/{id}": { + "get": { + "operationId": "getOauthClient", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage", + "sp:oauth-client:read" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "Get OAuth Client", + "description": "This gets details of an OAuth client.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The OAuth client id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the OAuth client", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "businessName": { + "type": "string", + "nullable": true, + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "nullable": true, + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "nullable": true, + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400 + }, + "redirectUris": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs used with the authorization_code flow", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal to IDN", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was created", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was last updated", + "example": "2018-06-25T20:22:28.104Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "id", + "businessName", + "homepageUrl", + "name", + "description", + "accessTokenValiditySeconds", + "refreshTokenValiditySeconds", + "redirectUris", + "grantTypes", + "accessType", + "type", + "internal", + "enabled", + "strongAuthSupported", + "claimsSupported", + "created", + "modified", + "scope" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteOauthClient", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "Delete OAuth Client", + "description": "This deletes an OAuth client.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The OAuth client id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchOauthClient", + "security": [ + { + "oauth2": [ + "sp:oauth-client:manage" + ] + } + ], + "tags": [ + "OAuth Clients" + ], + "summary": "Patch OAuth Client", + "description": "This performs a targeted update to the field(s) of an OAuth client.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The OAuth client id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields are patchable:\n* tenant\n* businessName\n* homepageUrl\n* name\n* description\n* accessTokenValiditySeconds\n* refreshTokenValiditySeconds\n* redirectUris\n* grantTypes\n* accessType\n* enabled\n* strongAuthSupported\n* claimsSupported\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/strongAuthSupported", + "value": true + }, + { + "op": "replace", + "path": "/businessName", + "value": "acme-solar" + } + ] + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the OAuth client's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the OAuth client", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "businessName": { + "type": "string", + "nullable": true, + "description": "The name of the business the API Client should belong to", + "example": "Acme-Solar" + }, + "homepageUrl": { + "type": "string", + "nullable": true, + "description": "The homepage URL associated with the owner of the API Client", + "example": "http://localhost:12345" + }, + "name": { + "type": "string", + "description": "A human-readable name for the API Client", + "example": "Demo API Client" + }, + "description": { + "type": "string", + "nullable": true, + "description": "A description of the API Client", + "example": "An API client used for the authorization_code, refresh_token, and client_credentials flows" + }, + "accessTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds an access token generated for this API Client is valid for", + "example": 750 + }, + "refreshTokenValiditySeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds a refresh token generated for this API Client is valid for", + "example": 86400 + }, + "redirectUris": { + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "description": "A list of the approved redirect URIs used with the authorization_code flow", + "example": [ + "http://localhost:12345" + ] + }, + "grantTypes": { + "type": "array", + "items": { + "description": "OAuth2 Grant Type", + "type": "string", + "example": "CLIENT_CREDENTIALS", + "enum": [ + "CLIENT_CREDENTIALS", + "AUTHORIZATION_CODE", + "REFRESH_TOKEN" + ] + }, + "description": "A list of OAuth 2.0 grant types this API Client can be used with", + "example": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "REFRESH_TOKEN" + ] + }, + "accessType": { + "description": "The access type (online or offline) of this API Client", + "example": "OFFLINE", + "type": "string", + "enum": [ + "ONLINE", + "OFFLINE" + ] + }, + "type": { + "description": "The type of the API Client (public or confidential)", + "example": "CONFIDENTIAL", + "type": "string", + "enum": [ + "CONFIDENTIAL", + "PUBLIC" + ] + }, + "internal": { + "type": "boolean", + "description": "An indicator of whether the API Client can be used for requests internal to IDN", + "example": false + }, + "enabled": { + "type": "boolean", + "description": "An indicator of whether the API Client is enabled for use", + "example": true + }, + "strongAuthSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports strong authentication", + "example": false + }, + "claimsSupported": { + "type": "boolean", + "description": "An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow", + "example": false + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was created", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when the API Client was last updated", + "example": "2018-06-25T20:22:28.104Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the API Client.", + "example": [ + "demo:api-client-scope:first", + "demo:api-client-scope:second" + ] + } + }, + "required": [ + "id", + "businessName", + "homepageUrl", + "name", + "description", + "accessTokenValiditySeconds", + "refreshTokenValiditySeconds", + "redirectUris", + "grantTypes", + "accessType", + "type", + "internal", + "enabled", + "strongAuthSupported", + "claimsSupported", + "created", + "modified", + "scope" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-sync-groups": { + "get": { + "operationId": "getPasswordSyncGroups", + "tags": [ + "Password Sync Groups" + ], + "summary": "Get Password Sync Group List", + "description": "This API returns a list of password sync groups. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:read" + ] + } + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "A list of password sync groups.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createPasswordSyncGroup", + "tags": [ + "Password Sync Groups" + ], + "summary": "Create Password Sync Group", + "description": "This API creates a password sync group based on the specifications provided. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:write" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "name": "Password Sync Group 2", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password sync group.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "id": "6881f631-3bd5-4213-9c75-8e05cc3e35dd", + "name": "Password Sync Group 2", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-sync-groups/{id}": { + "get": { + "operationId": "getPasswordSyncGroup", + "tags": [ + "Password Sync Groups" + ], + "summary": "Get Password Sync Group by ID", + "description": "This API returns the sync group for the specified ID. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:read" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of password sync group to retrieve.", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + } + ], + "responses": { + "200": { + "description": "Reference to the password sync group.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "id": "6881f631-3bd5-4213-9c75-8e05cc3e35dd", + "name": "Password Sync Group 1", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePasswordSyncGroup", + "tags": [ + "Password Sync Groups" + ], + "summary": "Update Password Sync Group by ID", + "description": "This API updates the specified password sync group. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:write" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of password sync group to update.", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "id": "6881f631-3bd5-4213-9c75-8e05cc3e35dd", + "name": "Password Sync Group 2", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password sync group.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the sync group", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + }, + "name": { + "description": "Name of the sync group", + "type": "string", + "example": "Password Sync Group 1" + }, + "passwordPolicyId": { + "type": "string", + "description": "ID of the password policy", + "example": "2c91808d744ba0ce01746f93b6204501" + }, + "sourceIds": { + "type": "array", + "description": "List of password managed sources IDs", + "items": { + "type": "string" + }, + "example": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + }, + "example": { + "id": "6881f631-3bd5-4213-9c75-8e05cc3e35dd", + "name": "Password Sync Group 2", + "passwordPolicyId": "2c91808d744ba0ce01746f93b6204501", + "sourceIds": [ + "2c918084660f45d6016617daa9210584", + "2c918084660f45d6016617daa9210500" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deletePasswordSyncGroup", + "tags": [ + "Password Sync Groups" + ], + "summary": "Delete Password Sync Group by ID", + "description": "This API deletes the specified password sync group. A token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-sync-group-management:write" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of password sync group to delete.", + "example": "6881f631-3bd5-4213-9c75-8e05cc3e35dd" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/personal-access-tokens": { + "get": { + "operationId": "listPersonalAccessTokens", + "security": [ + { + "oauth2": [ + "sp:my-personal-access-tokens:read", + "sp:my-personal-access-tokens:manage", + "sp:all-personal-access-tokens:read", + "sp:all-personal-access-tokens:manage" + ] + } + ], + "tags": [ + "Personal Access Tokens" + ], + "summary": "List Personal Access Tokens", + "description": "This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right.", + "parameters": [ + { + "in": "query", + "name": "owner-id", + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "required": false, + "schema": { + "type": "string", + "default": null, + "example": "2c9180867b50d088017b554662fb281e" + } + }, + { + "in": "query", + "name": "filters", + "required": false, + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "example": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ], + "responses": { + "200": { + "description": "List of personal access tokens.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the personal access token (to be used as the username for Basic Auth).", + "example": "86f1dc6fe8f54414950454cbb11278fa" + }, + "name": { + "type": "string", + "description": "The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.", + "example": "NodeJS Integration" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the personal access token.", + "example": [ + "demo:personal-access-token-scope:first", + "demo:personal-access-token-scope:second" + ] + }, + "owner": { + "description": "Details about the owner of the personal access token.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was created.", + "example": "2017-07-11T18:45:37.098Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + } + }, + "required": [ + "id", + "name", + "scope", + "owner", + "created" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createPersonalAccessToken", + "security": [ + { + "oauth2": [ + "sp:my-personal-access-tokens:manage", + "sp:all-personal-access-tokens:manage" + ] + } + ], + "tags": [ + "Personal Access Tokens" + ], + "summary": "Create Personal Access Token", + "description": "This creates a personal access token.", + "requestBody": { + "description": "Name and scope of personal access token.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Object for specifying the name of a personal access token to create", + "properties": { + "name": { + "type": "string", + "description": "The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created.", + "example": "NodeJS Integration" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the personal access token. If no scope is specified, the token will be created with the default scope \"sp:scopes:all\". This means the personal access token will have all the rights of the owner who created it.", + "example": [ + "demo:personal-access-token-scope:first", + "demo:personal-access-token-scope:second" + ] + } + }, + "required": [ + "name" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the personal access token (to be used as the username for Basic Auth).", + "example": "86f1dc6fe8f54414950454cbb11278fa" + }, + "secret": { + "type": "string", + "description": "The secret of the personal access token (to be used as the password for Basic Auth).", + "example": "1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the personal access token.", + "example": [ + "demo:personal-access-token-scope:first", + "demo:personal-access-token-scope:second" + ] + }, + "name": { + "type": "string", + "description": "The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.", + "example": "NodeJS Integration" + }, + "owner": { + "description": "Details about the owner of the personal access token.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was created.", + "example": "2017-07-11T18:45:37.098Z" + } + }, + "required": [ + "id", + "secret", + "scope", + "name", + "owner", + "created" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/personal-access-tokens/{id}": { + "patch": { + "operationId": "patchPersonalAccessToken", + "security": [ + { + "oauth2": [ + "sp:my-personal-access-tokens:manage" + ] + } + ], + "tags": [ + "Personal Access Tokens" + ], + "summary": "Patch Personal Access Token", + "description": "This performs a targeted update to the field(s) of a Personal Access Token.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Personal Access Token id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields are patchable:\n* name\n* scope\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "example": [ + { + "op": "replace", + "path": "/name", + "value": "New name" + }, + { + "op": "replace", + "path": "/scope", + "value": [ + "sp:scopes:all" + ] + } + ] + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the PAT's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the personal access token (to be used as the username for Basic Auth).", + "example": "86f1dc6fe8f54414950454cbb11278fa" + }, + "name": { + "type": "string", + "description": "The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.", + "example": "NodeJS Integration" + }, + "scope": { + "type": "array", + "nullable": true, + "items": { + "type": "string", + "default": "sp:scopes:all" + }, + "description": "Scopes of the personal access token.", + "example": [ + "demo:personal-access-token-scope:first", + "demo:personal-access-token-scope:second" + ] + }, + "owner": { + "description": "Details about the owner of the personal access token.", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was created.", + "example": "2017-07-11T18:45:37.098Z" + }, + "lastUsed": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.", + "example": "2017-07-11T18:45:37.098Z" + } + }, + "required": [ + "id", + "name", + "scope", + "owner", + "created" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deletePersonalAccessToken", + "security": [ + { + "oauth2": [ + "sp:my-personal-access-tokens:manage", + "sp:all-personal-access-tokens:manage" + ] + } + ], + "tags": [ + "Personal Access Tokens" + ], + "summary": "Delete Personal Access Token", + "description": "This deletes a personal access token.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The personal access token id", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/public-identities": { + "get": { + "operationId": "getPublicIdentities", + "tags": [ + "Public Identities" + ], + "summary": "Get a list of public identities", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "required": false, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**alias**: *eq, sw*\n\n**email**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*", + "example": "firstname eq \"John\"" + }, + { + "in": "query", + "name": "add-core-filters", + "description": "If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:\n - Should be either correlated or protected.\n - Should not be \"spadmin\" or \"cloudadmin\".\n - uid should not be null.\n - lastname should not be null.\n - email should not be null.", + "required": false, + "example": false, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "required": false, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "example": "name" + } + ], + "responses": { + "200": { + "description": "A list of public identity objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "title": "Public Identity", + "description": "Details about a public identity", + "properties": { + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180857182305e0171993735622948" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity.", + "example": "Alison Ferguso" + }, + "alias": { + "type": "string", + "description": "Alternate unique identifier for the identity.", + "example": "alison.ferguso" + }, + "email": { + "nullable": true, + "type": "string", + "description": "Email address of identity.", + "example": "alison.ferguso@acme-solar.com" + }, + "status": { + "nullable": true, + "type": "string", + "description": "The lifecycle status for the identity", + "example": "Active" + }, + "manager": { + "description": "An identity reference to the manager of this identity", + "type": "object", + "nullable": true, + "properties": { + "type": { + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity.", + "example": "Thomas Edison" + } + } + }, + "attributes": { + "type": "array", + "description": "The public identity attributes of the identity", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The attribute key", + "example": "country" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the attribute", + "example": "Country" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "US" + } + } + } + } + } + } + }, + "example": [ + { + "id": "2c9180857182305e0171993735622948", + "name": "Alison Ferguso", + "alias": "alison.ferguso", + "email": "alison.ferguso@acme-solar.com", + "status": "Active", + "manager": { + "type": "IDENTITY", + "id": "2c9180a46faadee4016fb4e018c20639", + "name": "Thomas Edison" + }, + "attributes": [ + { + "key": "phone", + "name": "Phone", + "value": "5125551234" + }, + { + "key": "country", + "name": "Country", + "value": "US" + } + ] + }, + { + "id": "2c9180a46faadee4016fb4e018c20639", + "name": "Thomas Edison", + "alias": "thomas.edison", + "email": "thomas.edison@acme-solar.com", + "status": "Active", + "manager": { + "type": "IDENTITY", + "id": "2c918086676d3e0601677611dbde220f", + "name": "Mister Manager" + }, + "attributes": [ + { + "key": "phone", + "name": "Phone", + "value": "5125554321" + }, + { + "key": "country", + "name": "Country", + "value": "US" + } + ] + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/public-identities-config": { + "get": { + "operationId": "getPublicIdentityConfig", + "tags": [ + "Public Identities Config" + ], + "summary": "Get the Public Identities Configuration", + "description": "Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API.", + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.", + "properties": { + "attributes": { + "type": "array", + "description": "Up to 5 identity attributes that will be available to everyone in the org for all users in the org.", + "items": { + "type": "object", + "description": "Used to map an attribute key for an Identity to its display name.", + "properties": { + "key": { + "type": "string", + "description": "The attribute key", + "example": "country" + }, + "name": { + "type": "string", + "description": "The attribute display name", + "example": "Country" + } + } + } + }, + "modified": { + "nullable": true, + "type": "string", + "description": "When this configuration was last modified.", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modifiedBy": { + "description": "The identity who last modified this configuration.", + "type": "object", + "nullable": true, + "properties": { + "type": { + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity.", + "example": "Thomas Edison" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePublicIdentityConfig", + "tags": [ + "Public Identities Config" + ], + "summary": "Update the Public Identities Configuration", + "description": "Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.", + "properties": { + "attributes": { + "type": "array", + "description": "Up to 5 identity attributes that will be available to everyone in the org for all users in the org.", + "items": { + "type": "object", + "description": "Used to map an attribute key for an Identity to its display name.", + "properties": { + "key": { + "type": "string", + "description": "The attribute key", + "example": "country" + }, + "name": { + "type": "string", + "description": "The attribute display name", + "example": "Country" + } + } + } + }, + "modified": { + "nullable": true, + "type": "string", + "description": "When this configuration was last modified.", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modifiedBy": { + "description": "The identity who last modified this configuration.", + "type": "object", + "nullable": true, + "properties": { + "type": { + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity.", + "example": "Thomas Edison" + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.", + "properties": { + "attributes": { + "type": "array", + "description": "Up to 5 identity attributes that will be available to everyone in the org for all users in the org.", + "items": { + "type": "object", + "description": "Used to map an attribute key for an Identity to its display name.", + "properties": { + "key": { + "type": "string", + "description": "The attribute key", + "example": "country" + }, + "name": { + "type": "string", + "description": "The attribute display name", + "example": "Country" + } + } + } + }, + "modified": { + "nullable": true, + "type": "string", + "description": "When this configuration was last modified.", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modifiedBy": { + "description": "The identity who last modified this configuration.", + "type": "object", + "nullable": true, + "properties": { + "type": { + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity.", + "example": "Thomas Edison" + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/requestable-objects": { + "get": { + "operationId": "listRequestableObjects", + "tags": [ + "Requestable Objects" + ], + "summary": "Requestable Objects List", + "description": "This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param.\nAny authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity.", + "parameters": [ + { + "in": "query", + "name": "identity-id", + "required": false, + "schema": { + "type": "string" + }, + "example": "e7eab60924f64aa284175b9fa3309599", + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result." + }, + { + "in": "query", + "name": "types", + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "required": false, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + } + }, + "example": "ROLE,ACCESS_PROFILE", + "explode": false + }, + { + "in": "query", + "name": "term", + "required": false, + "schema": { + "type": "string" + }, + "example": "Finance Role", + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored." + }, + { + "in": "query", + "name": "statuses", + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "required": false, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AVAILABLE", + "PENDING", + "ASSIGNED" + ], + "description": "Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.", + "example": "AVAILABLE" + } + }, + "explode": false, + "example": [ + "ASSIGNED", + "PENDING" + ] + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "name sw \"bob\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "required": false, + "example": "name", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n" + } + ], + "responses": { + "200": { + "description": "List of requestable objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the requestable object itself", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the requestable object", + "example": "Applied Research Access" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "The time when the requestable object was created" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "The time when the requestable object was last modified" + }, + "description": { + "type": "string", + "description": "Description of the requestable object.", + "example": "Access to research information, lab results, and schematics." + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + }, + "requestStatus": { + "type": "string", + "enum": [ + "AVAILABLE", + "PENDING", + "ASSIGNED" + ], + "description": "Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.", + "example": "AVAILABLE" + }, + "identityRequestId": { + "type": "string", + "description": "If *requestStatus* is *PENDING*, indicates the id of the associated account activity.", + "nullable": true, + "example": null + }, + "ownerRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Whether the requester must provide comments when requesting the object.", + "example": false + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/roles": { + "get": { + "operationId": "listRoles", + "tags": [ + "Roles" + ], + "summary": "List Roles", + "description": "This API returns a list of Roles.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "for-subadmin", + "schema": { + "type": "string" + }, + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "example": "5168015d32f890ca15812c9180835d2e", + "required": false + }, + { + "in": "query", + "name": "limit", + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 50, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 50, + "default": 50 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "example": "requestable eq false", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "example": "name,-modified", + "required": false + }, + { + "in": "query", + "name": "for-segment-ids", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "example": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "required": false + }, + { + "in": "query", + "name": "include-unsegmented", + "schema": { + "type": "boolean", + "default": true + }, + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "example": false, + "required": false + } + ], + "responses": { + "200": { + "description": "List of Roles", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:read", + "idn:role-unchecked:manage", + "idn:role-checked:manage", + "idn:role-checked:read" + ] + } + ] + }, + "post": { + "operationId": "createRole", + "tags": [ + "Roles" + ], + "summary": "Create a Role", + "description": "This API creates a Role.\nThere is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket.\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Role created", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:manage", + "idn:role-checked:manage" + ] + } + ] + } + }, + "/roles/{id}": { + "get": { + "operationId": "getRole", + "tags": [ + "Roles" + ], + "summary": "Get a Role", + "description": "This API returns a Role by its ID.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "ID of the Role", + "example": "2c91808a7813090a017814121e121518" + } + ], + "responses": { + "200": { + "description": "List of all Roles", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:read", + "idn:role-unchecked:manage", + "idn:role-checked:manage", + "idn:role-checked:read" + ] + } + ] + }, + "patch": { + "operationId": "patchRole", + "tags": [ + "Roles" + ], + "summary": "Patch a specified Role", + "description": "This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.\n\nThe following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Role to patch", + "required": true, + "schema": { + "type": "string", + "example": "2c91808a7813090a017814121e121518" + } + } + ], + "requestBody": { + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "Make a Role Requestable and Enable it in One Call": { + "description": "This example shows how multiple fields may be updated with a single patch call.", + "value": [ + { + "op": "replace", + "path": "/requestable", + "value": true + }, + { + "op": "replace", + "path": "/enabled", + "value": true + } + ] + }, + "Assign a Role to a Segment": { + "description": "This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array.", + "value": [ + { + "op": "add", + "path": "/segments/-", + "value": "f7b1b8a3-5fed-4fd4-ad29-82014e137e19" + } + ] + }, + "Set the Membership Selection Criteria to a List of Identities": { + "description": "This example shows how to define a Role's membershp by providing a list of Identities, referenced by their IDs.", + "value": [ + { + "op": "replace", + "path": "/membership", + "value": { + "type": "IDENTITY_LIST", + "identities": [ + { + "id": "2c91808973fe906c0174262092014ed9" + }, + { + "id": "2c918086262092014ed94fb8a47612f3" + } + ] + } + } + ] + }, + "Set the Membership Selection Criteria to a Standard Expression": { + "description": "This example shows how to define a Role's membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.", + "value": [ + { + "op": "replace", + "path": "/membership", + "value": { + "type": "STANDARD", + "criteria": { + "operation": "OR", + "children": [ + { + "operation": "EQUALS", + "key": { + "type": "ENTITLEMENT", + "property": "attribute.memberOf", + "sourceId": "2c9180887701fb2014213e122092014e" + }, + "stringValue": "Engineering" + } + ] + } + } + } + ] + }, + "Add a New Clause as the Child of an Existing Standard Expression": { + "description": "This example shows how to add a child clause to an existing STANDARD criteria expression.", + "value": [ + { + "op": "add", + "path": "/membership/criteria/children/-", + "value": { + "operation": "ENDS_WITH", + "key": { + "type": "IDENTITY", + "property": "attribute.email" + }, + "stringValue": "@identitynow.com" + } + } + ] + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Responds with the Role as updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A Role", + "properties": { + "id": { + "type": "string", + "description": "The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.", + "example": "2c918086749d78830174a1a40e121518" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Role", + "maxLength": 128, + "example": "Role 2567" + }, + "created": { + "type": "string", + "description": "Date the Role was created", + "format": "date-time", + "example": "2021-03-01T22:32:58.104Z", + "readOnly": true + }, + "modified": { + "type": "string", + "description": "Date the Role was last modified.", + "format": "date-time", + "example": "2021-03-02T20:22:28.104Z", + "readOnly": true + }, + "description": { + "type": "string", + "nullable": true, + "description": "A human-readable description of the Role", + "example": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor." + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the Access Profile", + "example": "ff808081751e6e129f1518161919ecca" + }, + "type": { + "type": "string", + "description": "Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.", + "enum": [ + "ACCESS_PROFILE" + ], + "example": "ACCESS_PROFILE" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the Access Profile. This field is ignored on input.", + "example": "Access Profile 2567" + } + } + }, + "nullable": true + }, + "membership": { + "nullable": true, + "type": "object", + "description": "When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.", + "properties": { + "type": { + "type": "string", + "enum": [ + "STANDARD", + "IDENTITY_LIST" + ], + "description": "This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed", + "example": "IDENTITY_LIST" + }, + "criteria": { + "nullable": true, + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "nullable": true, + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "nullable": true, + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + }, + "children": { + "type": "array", + "items": { + "type": "object", + "description": "Defines STANDARD type Role membership", + "properties": { + "operation": { + "type": "string", + "enum": [ + "EQUALS", + "NOT_EQUALS", + "CONTAINS", + "STARTS_WITH", + "ENDS_WITH", + "AND", + "OR" + ], + "description": "An operation", + "example": "EQUALS" + }, + "key": { + "type": "object", + "nullable": true, + "description": "Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria", + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY", + "ACCOUNT", + "ENTITLEMENT" + ], + "description": "Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.", + "example": "ACCOUNT" + }, + "property": { + "type": "string", + "description": "The name of the attribute or entitlement to which the associated criteria applies.", + "example": "attribute.email" + }, + "sourceId": { + "type": "string", + "nullable": true, + "description": "ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT", + "example": "2c9180867427f3a301745aec18211519" + } + }, + "required": [ + "type", + "property" + ] + }, + "stringValue": { + "type": "string", + "description": "String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.", + "example": "carlee.cert1c9f9b6fd@mailinator.com" + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "nullable": true, + "description": "Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa." + } + } + }, + "identities": { + "type": "array", + "items": { + "type": "object", + "description": "A reference to an Identity in an IDENTITY_LIST role membership criteria.", + "properties": { + "type": { + "nullable": true, + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure." + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the Identity.", + "example": "Thomas Edison" + }, + "aliasName": { + "type": "string", + "nullable": true, + "description": "User name of the Identity", + "example": "t.edison" + } + } + }, + "nullable": true, + "description": "Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST." + } + } + }, + "legacyMembershipInfo": { + "type": "object", + "nullable": true, + "description": "This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.", + "example": { + "type": "IDENTITY_LIST" + }, + "additionalProperties": true + }, + "enabled": { + "type": "boolean", + "description": "Whether the Role is enabled or not. This field is false by default.", + "example": true + }, + "requestable": { + "type": "boolean", + "description": "Whether the Role can be the target of Access Requests. This field is false by default.", + "example": true + }, + "accessRequestConfig": { + "nullable": true, + "description": "Access request configuration for this object", + "type": "object", + "properties": { + "commentsRequired": { + "type": "boolean", + "description": "Whether the requester of the containing object must provide comments justifying the request", + "example": true + }, + "denialCommentsRequired": { + "type": "boolean", + "description": "Whether an approver must provide comments when denying the request", + "example": true + }, + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "revocationRequestConfig": { + "nullable": true, + "description": "Revocation request configuration for this object.", + "type": "object", + "properties": { + "approvalSchemes": { + "type": "array", + "description": "List describing the steps in approving the revocation request", + "items": { + "type": "object", + "properties": { + "approverType": { + "type": "string", + "enum": [ + "APP_OWNER", + "OWNER", + "SOURCE_OWNER", + "MANAGER", + "GOVERNANCE_GROUP" + ], + "description": "Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field", + "example": "GOVERNANCE_GROUP" + }, + "approverId": { + "type": "string", + "nullable": true, + "description": "Id of the specific approver, used only when approverType is GOVERNANCE_GROUP", + "example": "46c79819-a69f-49a2-becb-12c971ae66c6" + } + } + } + } + } + }, + "segments": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "description": "List of IDs of segments, if any, to which this Role is assigned.", + "example": [ + "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", + "29cb6c06-1da8-43ea-8be4-b3125f248f2a" + ] + } + }, + "required": [ + "name", + "owner" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:manage", + "idn:role-checked:manage" + ] + } + ] + } + }, + "/roles/{id}/assigned-identities": { + "get": { + "operationId": "getRoleAssignedIdentities", + "tags": [ + "Roles" + ], + "summary": "List Identities assigned a Role", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "description": "ID of the Role for which the assigned Identities are to be listed", + "example": "2c91808a7813090a017814121e121518", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "example": "name sw Joe" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "example": "aliasName,name" + } + ], + "responses": { + "200": { + "description": "List of Identities assigned the Role", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A subset of the fields of an Identity which is a member of a Role.", + "properties": { + "id": { + "type": "string", + "description": "The ID of the Identity", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "aliasName": { + "type": "string", + "description": "The alias / username of the Identity", + "example": "t.edison" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the Identity", + "example": "Thomas Edison" + }, + "email": { + "type": "string", + "description": "Email address of the Identity", + "example": "t.edison@identitynow.com" + }, + "roleAssignmentSource": { + "type": "string", + "enum": [ + "ACCESS_REQUEST", + "ROLE_MEMBERSHIP" + ], + "description": "Type which indicates how a particular Identity obtained a particular Role", + "example": "ACCESS_REQUEST" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:role-unchecked:read", + "idn:role-unchecked:manage", + "idn:role-checked:manage", + "idn:role-checked:read" + ] + } + ] + } + }, + "/saved-searches": { + "post": { + "tags": [ + "Saved Search" + ], + "description": "Creates a new saved search.\n", + "summary": "Create a saved search", + "operationId": "createSavedSearch", + "requestBody": { + "description": "The saved search to persist.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "description": "The name of the saved search.\n", + "type": "string", + "example": "Disabled accounts" + }, + "description": { + "description": "The description of the saved search.\n", + "type": "string", + "nullable": true, + "example": "Disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "public": { + "description": "Indicates if the saved search is public.\n", + "type": "boolean", + "default": false, + "example": false + }, + "created": { + "description": "The date the saved search was initially created.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modified": { + "description": "The last date the saved search was modified.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "indices": { + "description": "The names of the Elasticsearch indices in which to search.\n", + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "columns": { + "description": "The columns to be returned (specifies the order in which they will be presented) for each document type.\n\nThe currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.\n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "object", + "properties": { + "field": { + "description": "The name of the field.\n", + "type": "string", + "example": "email" + }, + "header": { + "description": "The value of the header.\n", + "type": "string", + "example": "Work Email" + } + }, + "required": [ + "field" + ] + } + }, + "example": { + "identity": [ + { + "field": "displayName", + "header": "Display Name" + }, + { + "field": "e-mail", + "header": "Work Email" + } + ] + } + }, + "query": { + "description": "The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.\n", + "type": "string", + "example": "@accounts(disabled:true)" + }, + "fields": { + "description": "The fields to be searched against in a multi-field query.\n", + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "example": [ + "disabled" + ] + }, + "sort": { + "description": "The fields to be used to sort the search results.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "displayName" + ] + }, + "filters": { + "nullable": true, + "allOf": [ + { + "type": "object", + "description": "The filters to be applied for each filtered field name.", + "example": { + "attributes.cloudAuthoritativeSource": { + "type": "EXISTS", + "exclude": true + }, + "accessCount": { + "type": "RANGE", + "range": { + "lower": { + "value": "3" + } + } + }, + "created": { + "type": "RANGE", + "range": { + "lower": { + "value": "2019-12-01", + "inclusive": true + }, + "upper": { + "value": "2020-01-01" + } + } + }, + "source.name": { + "type": "TERMS", + "terms": [ + "HR Employees", + "Corporate Active Directory" + ], + "exclude": true + }, + "protected": { + "type": "TERMS", + "terms": [ + "true" + ] + } + } + }, + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + } + ] + } + }, + "required": [ + "indices", + "query" + ] + } + ] + } + } + }, + "required": true + }, + "responses": { + "201": { + "description": "The persisted saved search.", + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The saved search ID.\n", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64" + }, + "owner": { + "description": "The owner of the saved search.\n", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the saved search.\n", + "type": "string", + "example": "Disabled accounts" + }, + "description": { + "description": "The description of the saved search.\n", + "type": "string", + "nullable": true, + "example": "Disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "public": { + "description": "Indicates if the saved search is public.\n", + "type": "boolean", + "default": false, + "example": false + }, + "created": { + "description": "The date the saved search was initially created.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modified": { + "description": "The last date the saved search was modified.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "indices": { + "description": "The names of the Elasticsearch indices in which to search.\n", + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "columns": { + "description": "The columns to be returned (specifies the order in which they will be presented) for each document type.\n\nThe currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.\n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "object", + "properties": { + "field": { + "description": "The name of the field.\n", + "type": "string", + "example": "email" + }, + "header": { + "description": "The value of the header.\n", + "type": "string", + "example": "Work Email" + } + }, + "required": [ + "field" + ] + } + }, + "example": { + "identity": [ + { + "field": "displayName", + "header": "Display Name" + }, + { + "field": "e-mail", + "header": "Work Email" + } + ] + } + }, + "query": { + "description": "The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.\n", + "type": "string", + "example": "@accounts(disabled:true)" + }, + "fields": { + "description": "The fields to be searched against in a multi-field query.\n", + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "example": [ + "disabled" + ] + }, + "sort": { + "description": "The fields to be used to sort the search results.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "displayName" + ] + }, + "filters": { + "nullable": true, + "allOf": [ + { + "type": "object", + "description": "The filters to be applied for each filtered field name.", + "example": { + "attributes.cloudAuthoritativeSource": { + "type": "EXISTS", + "exclude": true + }, + "accessCount": { + "type": "RANGE", + "range": { + "lower": { + "value": "3" + } + } + }, + "created": { + "type": "RANGE", + "range": { + "lower": { + "value": "2019-12-01", + "inclusive": true + }, + "upper": { + "value": "2020-01-01" + } + } + }, + "source.name": { + "type": "TERMS", + "terms": [ + "HR Employees", + "Corporate Active Directory" + ], + "exclude": true + }, + "protected": { + "type": "TERMS", + "terms": [ + "true" + ] + } + } + }, + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + } + ] + } + }, + "required": [ + "indices", + "query" + ] + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "tags": [ + "Saved Search" + ], + "description": "Returns a list of saved searches.\n", + "summary": "Return a list of Saved Searches", + "operationId": "listSavedSearches", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "filters", + "in": "query", + "schema": { + "type": "string" + }, + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *public*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns saved searches for the specified owner ID\n\n```public eq true``` -- returns all public saved searches\n\n```owner.id eq me or public eq true``` -- returns all of the current user's saved searches as well as all public saved searches belonging to other users in the current org\n", + "example": "public eq true" + } + ], + "responses": { + "200": { + "description": "The list of requested saved searches.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The saved search ID.\n", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64" + }, + "owner": { + "description": "The owner of the saved search.\n", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the saved search.\n", + "type": "string", + "example": "Disabled accounts" + }, + "description": { + "description": "The description of the saved search.\n", + "type": "string", + "nullable": true, + "example": "Disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "public": { + "description": "Indicates if the saved search is public.\n", + "type": "boolean", + "default": false, + "example": false + }, + "created": { + "description": "The date the saved search was initially created.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modified": { + "description": "The last date the saved search was modified.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "indices": { + "description": "The names of the Elasticsearch indices in which to search.\n", + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "columns": { + "description": "The columns to be returned (specifies the order in which they will be presented) for each document type.\n\nThe currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.\n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "object", + "properties": { + "field": { + "description": "The name of the field.\n", + "type": "string", + "example": "email" + }, + "header": { + "description": "The value of the header.\n", + "type": "string", + "example": "Work Email" + } + }, + "required": [ + "field" + ] + } + }, + "example": { + "identity": [ + { + "field": "displayName", + "header": "Display Name" + }, + { + "field": "e-mail", + "header": "Work Email" + } + ] + } + }, + "query": { + "description": "The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.\n", + "type": "string", + "example": "@accounts(disabled:true)" + }, + "fields": { + "description": "The fields to be searched against in a multi-field query.\n", + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "example": [ + "disabled" + ] + }, + "sort": { + "description": "The fields to be used to sort the search results.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "displayName" + ] + }, + "filters": { + "nullable": true, + "allOf": [ + { + "type": "object", + "description": "The filters to be applied for each filtered field name.", + "example": { + "attributes.cloudAuthoritativeSource": { + "type": "EXISTS", + "exclude": true + }, + "accessCount": { + "type": "RANGE", + "range": { + "lower": { + "value": "3" + } + } + }, + "created": { + "type": "RANGE", + "range": { + "lower": { + "value": "2019-12-01", + "inclusive": true + }, + "upper": { + "value": "2020-01-01" + } + } + }, + "source.name": { + "type": "TERMS", + "terms": [ + "HR Employees", + "Corporate Active Directory" + ], + "exclude": true + }, + "protected": { + "type": "TERMS", + "terms": [ + "true" + ] + } + } + }, + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + } + ] + } + }, + "required": [ + "indices", + "query" + ] + } + ] + } + } + } + }, + "headers": { + "X-Total-Count": { + "description": "The total result count (returned only if the *count* parameter is specified as *true*).", + "schema": { + "type": "integer" + }, + "example": 5 + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + } + } + } + }, + "/saved-searches/{id}": { + "put": { + "tags": [ + "Saved Search" + ], + "description": "Updates an existing saved search.\n", + "summary": "Updates an existing saved search\n", + "operationId": "updateSavedSearch", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "requestBody": { + "description": "The saved search to persist.", + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The saved search ID.\n", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64" + }, + "owner": { + "description": "The owner of the saved search.\n", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the saved search.\n", + "type": "string", + "example": "Disabled accounts" + }, + "description": { + "description": "The description of the saved search.\n", + "type": "string", + "nullable": true, + "example": "Disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "public": { + "description": "Indicates if the saved search is public.\n", + "type": "boolean", + "default": false, + "example": false + }, + "created": { + "description": "The date the saved search was initially created.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modified": { + "description": "The last date the saved search was modified.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "indices": { + "description": "The names of the Elasticsearch indices in which to search.\n", + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "columns": { + "description": "The columns to be returned (specifies the order in which they will be presented) for each document type.\n\nThe currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.\n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "object", + "properties": { + "field": { + "description": "The name of the field.\n", + "type": "string", + "example": "email" + }, + "header": { + "description": "The value of the header.\n", + "type": "string", + "example": "Work Email" + } + }, + "required": [ + "field" + ] + } + }, + "example": { + "identity": [ + { + "field": "displayName", + "header": "Display Name" + }, + { + "field": "e-mail", + "header": "Work Email" + } + ] + } + }, + "query": { + "description": "The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.\n", + "type": "string", + "example": "@accounts(disabled:true)" + }, + "fields": { + "description": "The fields to be searched against in a multi-field query.\n", + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "example": [ + "disabled" + ] + }, + "sort": { + "description": "The fields to be used to sort the search results.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "displayName" + ] + }, + "filters": { + "nullable": true, + "allOf": [ + { + "type": "object", + "description": "The filters to be applied for each filtered field name.", + "example": { + "attributes.cloudAuthoritativeSource": { + "type": "EXISTS", + "exclude": true + }, + "accessCount": { + "type": "RANGE", + "range": { + "lower": { + "value": "3" + } + } + }, + "created": { + "type": "RANGE", + "range": { + "lower": { + "value": "2019-12-01", + "inclusive": true + }, + "upper": { + "value": "2020-01-01" + } + } + }, + "source.name": { + "type": "TERMS", + "terms": [ + "HR Employees", + "Corporate Active Directory" + ], + "exclude": true + }, + "protected": { + "type": "TERMS", + "terms": [ + "true" + ] + } + } + }, + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + } + ] + } + }, + "required": [ + "indices", + "query" + ] + } + ] + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "The persisted saved search.", + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The saved search ID.\n", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64" + }, + "owner": { + "description": "The owner of the saved search.\n", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the saved search.\n", + "type": "string", + "example": "Disabled accounts" + }, + "description": { + "description": "The description of the saved search.\n", + "type": "string", + "nullable": true, + "example": "Disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "public": { + "description": "Indicates if the saved search is public.\n", + "type": "boolean", + "default": false, + "example": false + }, + "created": { + "description": "The date the saved search was initially created.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modified": { + "description": "The last date the saved search was modified.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "indices": { + "description": "The names of the Elasticsearch indices in which to search.\n", + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "columns": { + "description": "The columns to be returned (specifies the order in which they will be presented) for each document type.\n\nThe currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.\n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "object", + "properties": { + "field": { + "description": "The name of the field.\n", + "type": "string", + "example": "email" + }, + "header": { + "description": "The value of the header.\n", + "type": "string", + "example": "Work Email" + } + }, + "required": [ + "field" + ] + } + }, + "example": { + "identity": [ + { + "field": "displayName", + "header": "Display Name" + }, + { + "field": "e-mail", + "header": "Work Email" + } + ] + } + }, + "query": { + "description": "The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.\n", + "type": "string", + "example": "@accounts(disabled:true)" + }, + "fields": { + "description": "The fields to be searched against in a multi-field query.\n", + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "example": [ + "disabled" + ] + }, + "sort": { + "description": "The fields to be used to sort the search results.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "displayName" + ] + }, + "filters": { + "nullable": true, + "allOf": [ + { + "type": "object", + "description": "The filters to be applied for each filtered field name.", + "example": { + "attributes.cloudAuthoritativeSource": { + "type": "EXISTS", + "exclude": true + }, + "accessCount": { + "type": "RANGE", + "range": { + "lower": { + "value": "3" + } + } + }, + "created": { + "type": "RANGE", + "range": { + "lower": { + "value": "2019-12-01", + "inclusive": true + }, + "upper": { + "value": "2020-01-01" + } + } + }, + "source.name": { + "type": "TERMS", + "terms": [ + "HR Employees", + "Corporate Active Directory" + ], + "exclude": true + }, + "protected": { + "type": "TERMS", + "terms": [ + "true" + ] + } + } + }, + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + } + ] + } + }, + "required": [ + "indices", + "query" + ] + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "tags": [ + "Saved Search" + ], + "description": "Returns the specified saved search.\n", + "summary": "Return a saved search by ID", + "operationId": "getSavedSearch", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "responses": { + "200": { + "description": "The requested saved search.", + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The saved search ID.\n", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64" + }, + "owner": { + "description": "The owner of the saved search.\n", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the saved search.\n", + "type": "string", + "example": "Disabled accounts" + }, + "description": { + "description": "The description of the saved search.\n", + "type": "string", + "nullable": true, + "example": "Disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "public": { + "description": "Indicates if the saved search is public.\n", + "type": "boolean", + "default": false, + "example": false + }, + "created": { + "description": "The date the saved search was initially created.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modified": { + "description": "The last date the saved search was modified.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "indices": { + "description": "The names of the Elasticsearch indices in which to search.\n", + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "columns": { + "description": "The columns to be returned (specifies the order in which they will be presented) for each document type.\n\nThe currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.\n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "object", + "properties": { + "field": { + "description": "The name of the field.\n", + "type": "string", + "example": "email" + }, + "header": { + "description": "The value of the header.\n", + "type": "string", + "example": "Work Email" + } + }, + "required": [ + "field" + ] + } + }, + "example": { + "identity": [ + { + "field": "displayName", + "header": "Display Name" + }, + { + "field": "e-mail", + "header": "Work Email" + } + ] + } + }, + "query": { + "description": "The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.\n", + "type": "string", + "example": "@accounts(disabled:true)" + }, + "fields": { + "description": "The fields to be searched against in a multi-field query.\n", + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "example": [ + "disabled" + ] + }, + "sort": { + "description": "The fields to be used to sort the search results.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "displayName" + ] + }, + "filters": { + "nullable": true, + "allOf": [ + { + "type": "object", + "description": "The filters to be applied for each filtered field name.", + "example": { + "attributes.cloudAuthoritativeSource": { + "type": "EXISTS", + "exclude": true + }, + "accessCount": { + "type": "RANGE", + "range": { + "lower": { + "value": "3" + } + } + }, + "created": { + "type": "RANGE", + "range": { + "lower": { + "value": "2019-12-01", + "inclusive": true + }, + "upper": { + "value": "2020-01-01" + } + } + }, + "source.name": { + "type": "TERMS", + "terms": [ + "HR Employees", + "Corporate Active Directory" + ], + "exclude": true + }, + "protected": { + "type": "TERMS", + "terms": [ + "true" + ] + } + } + }, + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + } + ] + } + }, + "required": [ + "indices", + "query" + ] + } + ] + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "tags": [ + "Saved Search" + ], + "description": "Deletes the specified saved search.\n", + "summary": "Delete a document by ID", + "operationId": "deleteSavedSearch", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "responses": { + "204": { + "description": "No Content - Indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/saved-searches/{id}/execute": { + "post": { + "tags": [ + "Saved Search" + ], + "description": "Executes the specified saved search.\n", + "summary": "Execute a saved search by ID", + "operationId": "executeSavedSearch", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "requestBody": { + "description": "When saved search execution is triggered by a scheduled search, *scheduleId* will specify the ID of the triggering scheduled search.\n\nIf *scheduleId* is not specified (when execution is triggered by a UI test), the *owner* and *recipients* arguments must be provided.\n", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "scheduleId": { + "description": "The ID of the scheduled search that triggered the saved search execution.\n", + "type": "string", + "example": "7a724640-0c17-4ce9-a8c3-4a89738459c8" + }, + "owner": { + "description": "The owner of the scheduled search being tested.\n", + "allOf": [ + { + "type": "object", + "description": "A typed reference to the object.\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + ] + }, + "recipients": { + "description": "The email recipients of the scheduled search being tested.\n", + "type": "array", + "items": { + "type": "object", + "description": "A typed reference to the object.\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + } + } + }, + "examples": { + "scheduled": { + "summary": "Triggered by Scheduled Search", + "value": { + "scheduleId": "7a724640-0c17-4ce9-a8c3-4a89738459c8" + } + }, + "test": { + "summary": "Triggered by UI Test", + "value": { + "owner": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313" + }, + "recipients": [ + { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313" + } + ] + } + } + } + } + }, + "required": true + }, + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/scheduled-searches": { + "post": { + "tags": [ + "Scheduled Search" + ], + "description": "Creates a new scheduled search.\n", + "summary": "Create a new scheduled search", + "operationId": "createScheduledSearch", + "requestBody": { + "description": "The scheduled search to persist.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "description": "The name of the scheduled search.\n", + "type": "string", + "example": "Daily disabled accounts", + "nullable": true + }, + "description": { + "description": "The description of the scheduled search.\n", + "type": "string", + "nullable": true, + "example": "Daily disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "savedSearchId": { + "description": "The ID of the saved search that will be executed.", + "type": "string", + "example": "554f1511-f0a1-4744-ab14-599514d3e57c" + }, + "created": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The date the scheduled search was initially created.", + "readOnly": true + }, + "modified": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The last date the scheduled search was modified.", + "readOnly": true + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "description": "A list of identities that should receive the scheduled search report via email.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + } + }, + "enabled": { + "description": "Indicates if the scheduled search is enabled.\n", + "type": "boolean", + "default": false, + "example": false + }, + "emailEmptyResults": { + "description": "Indicates if email generation should not be suppressed if search returns no results.\n", + "type": "boolean", + "default": false, + "example": false + }, + "displayQueryDetails": { + "description": "Indicates if the generated email should include the query and search results preview (which could include PII).\n", + "type": "boolean", + "default": false, + "example": false + } + }, + "required": [ + "savedSearchId", + "schedule", + "recipients" + ] + } + ] + }, + "examples": { + "Daily Search": { + "description": "A search that executes each day at a 9 AM", + "value": { + "savedSearchId": "9c620e13-cd33-4804-a13d-403bd7bcdbad", + "schedule": { + "type": "DAILY", + "hours": { + "type": "LIST", + "values": [ + "9" + ] + } + }, + "recipients": [ + { + "type": "IDENTITY", + "id": "2c9180867624cbd7017642d8c8c81f67" + } + ] + } + }, + "Weekly Search": { + "description": "A search that executes each week on select days and times", + "value": { + "savedSearchId": "9c620e13-cd33-4804-a13d-403bd7bcdbad", + "schedule": { + "type": "WEEKLY", + "days": { + "type": "LIST", + "values": [ + "MON", + "TUE", + "WED", + "THU", + "FRI", + "SAT", + "SUN" + ] + }, + "hours": { + "type": "LIST", + "values": [ + "9" + ] + } + }, + "recipients": [ + { + "type": "IDENTITY", + "id": "2c9180867624cbd7017642d8c8c81f67" + } + ] + } + }, + "Monthly Search": { + "description": "A search that executes each month on select days and times", + "value": { + "savedSearchId": "9c620e13-cd33-4804-a13d-403bd7bcdbad", + "schedule": { + "type": "MONTHLY", + "days": { + "type": "LIST", + "values": [ + "1", + "7", + "14", + "L" + ] + }, + "hours": { + "type": "LIST", + "values": [ + "9" + ] + } + }, + "recipients": [ + { + "type": "IDENTITY", + "id": "2c9180867624cbd7017642d8c8c81f67" + } + ] + } + }, + "Calendar Search": { + "description": "A search that executes on specific calendar days", + "value": { + "savedSearchId": "9c620e13-cd33-4804-a13d-403bd7bcdbad", + "schedule": { + "type": "CALENDAR", + "days": { + "type": "LIST", + "values": [ + "2023-01-22", + "2023-02-22" + ] + }, + "hours": { + "type": "LIST", + "values": [ + "9" + ] + } + }, + "recipients": [ + { + "type": "IDENTITY", + "id": "2c9180867624cbd7017642d8c8c81f67" + } + ] + } + } + } + } + }, + "required": true + }, + "responses": { + "201": { + "description": "The persisted scheduled search.", + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The scheduled search ID.", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64", + "readOnly": true + }, + "owner": { + "description": "The owner of the scheduled search", + "readOnly": true, + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + }, + "ownerId": { + "description": "The ID of the scheduled search owner.\n\nPlease use the `id` in the `owner` object instead.\n", + "type": "string", + "example": "2c9180867624cbd7017642d8c8c81f67", + "readOnly": true, + "deprecated": true + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the scheduled search.\n", + "type": "string", + "example": "Daily disabled accounts", + "nullable": true + }, + "description": { + "description": "The description of the scheduled search.\n", + "type": "string", + "nullable": true, + "example": "Daily disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "savedSearchId": { + "description": "The ID of the saved search that will be executed.", + "type": "string", + "example": "554f1511-f0a1-4744-ab14-599514d3e57c" + }, + "created": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The date the scheduled search was initially created.", + "readOnly": true + }, + "modified": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The last date the scheduled search was modified.", + "readOnly": true + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "description": "A list of identities that should receive the scheduled search report via email.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + } + }, + "enabled": { + "description": "Indicates if the scheduled search is enabled.\n", + "type": "boolean", + "default": false, + "example": false + }, + "emailEmptyResults": { + "description": "Indicates if email generation should not be suppressed if search returns no results.\n", + "type": "boolean", + "default": false, + "example": false + }, + "displayQueryDetails": { + "description": "Indicates if the generated email should include the query and search results preview (which could include PII).\n", + "type": "boolean", + "default": false, + "example": false + } + }, + "required": [ + "savedSearchId", + "schedule", + "recipients" + ] + } + ], + "required": [ + "id", + "owner", + "ownerId" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "tags": [ + "Scheduled Search" + ], + "description": "Returns a list of scheduled searches.\n", + "summary": "List scheduled searches", + "operationId": "listScheduledSearch", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "filters", + "in": "query", + "schema": { + "type": "string" + }, + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "example": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ], + "responses": { + "200": { + "description": "The list of requested scheduled searches.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The scheduled search ID.", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64", + "readOnly": true + }, + "owner": { + "description": "The owner of the scheduled search", + "readOnly": true, + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + }, + "ownerId": { + "description": "The ID of the scheduled search owner.\n\nPlease use the `id` in the `owner` object instead.\n", + "type": "string", + "example": "2c9180867624cbd7017642d8c8c81f67", + "readOnly": true, + "deprecated": true + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the scheduled search.\n", + "type": "string", + "example": "Daily disabled accounts", + "nullable": true + }, + "description": { + "description": "The description of the scheduled search.\n", + "type": "string", + "nullable": true, + "example": "Daily disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "savedSearchId": { + "description": "The ID of the saved search that will be executed.", + "type": "string", + "example": "554f1511-f0a1-4744-ab14-599514d3e57c" + }, + "created": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The date the scheduled search was initially created.", + "readOnly": true + }, + "modified": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The last date the scheduled search was modified.", + "readOnly": true + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "description": "A list of identities that should receive the scheduled search report via email.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + } + }, + "enabled": { + "description": "Indicates if the scheduled search is enabled.\n", + "type": "boolean", + "default": false, + "example": false + }, + "emailEmptyResults": { + "description": "Indicates if email generation should not be suppressed if search returns no results.\n", + "type": "boolean", + "default": false, + "example": false + }, + "displayQueryDetails": { + "description": "Indicates if the generated email should include the query and search results preview (which could include PII).\n", + "type": "boolean", + "default": false, + "example": false + } + }, + "required": [ + "savedSearchId", + "schedule", + "recipients" + ] + } + ], + "required": [ + "id", + "owner", + "ownerId" + ] + } + } + } + }, + "headers": { + "X-Total-Count": { + "description": "The total result count (returned only if the *count* parameter is specified as *true*).", + "schema": { + "type": "integer" + }, + "example": 5 + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/scheduled-searches/{id}": { + "put": { + "tags": [ + "Scheduled Search" + ], + "description": "Updates an existing scheduled search.\n", + "summary": "Update an existing Scheduled Search", + "operationId": "updateScheduledSearch", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "requestBody": { + "description": "The scheduled search to persist.", + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The scheduled search ID.", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64", + "readOnly": true + }, + "owner": { + "description": "The owner of the scheduled search", + "readOnly": true, + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + }, + "ownerId": { + "description": "The ID of the scheduled search owner.\n\nPlease use the `id` in the `owner` object instead.\n", + "type": "string", + "example": "2c9180867624cbd7017642d8c8c81f67", + "readOnly": true, + "deprecated": true + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the scheduled search.\n", + "type": "string", + "example": "Daily disabled accounts", + "nullable": true + }, + "description": { + "description": "The description of the scheduled search.\n", + "type": "string", + "nullable": true, + "example": "Daily disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "savedSearchId": { + "description": "The ID of the saved search that will be executed.", + "type": "string", + "example": "554f1511-f0a1-4744-ab14-599514d3e57c" + }, + "created": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The date the scheduled search was initially created.", + "readOnly": true + }, + "modified": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The last date the scheduled search was modified.", + "readOnly": true + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "description": "A list of identities that should receive the scheduled search report via email.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + } + }, + "enabled": { + "description": "Indicates if the scheduled search is enabled.\n", + "type": "boolean", + "default": false, + "example": false + }, + "emailEmptyResults": { + "description": "Indicates if email generation should not be suppressed if search returns no results.\n", + "type": "boolean", + "default": false, + "example": false + }, + "displayQueryDetails": { + "description": "Indicates if the generated email should include the query and search results preview (which could include PII).\n", + "type": "boolean", + "default": false, + "example": false + } + }, + "required": [ + "savedSearchId", + "schedule", + "recipients" + ] + } + ], + "required": [ + "id", + "owner", + "ownerId" + ] + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "The persisted scheduled search.", + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The scheduled search ID.", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64", + "readOnly": true + }, + "owner": { + "description": "The owner of the scheduled search", + "readOnly": true, + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + }, + "ownerId": { + "description": "The ID of the scheduled search owner.\n\nPlease use the `id` in the `owner` object instead.\n", + "type": "string", + "example": "2c9180867624cbd7017642d8c8c81f67", + "readOnly": true, + "deprecated": true + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the scheduled search.\n", + "type": "string", + "example": "Daily disabled accounts", + "nullable": true + }, + "description": { + "description": "The description of the scheduled search.\n", + "type": "string", + "nullable": true, + "example": "Daily disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "savedSearchId": { + "description": "The ID of the saved search that will be executed.", + "type": "string", + "example": "554f1511-f0a1-4744-ab14-599514d3e57c" + }, + "created": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The date the scheduled search was initially created.", + "readOnly": true + }, + "modified": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The last date the scheduled search was modified.", + "readOnly": true + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "description": "A list of identities that should receive the scheduled search report via email.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + } + }, + "enabled": { + "description": "Indicates if the scheduled search is enabled.\n", + "type": "boolean", + "default": false, + "example": false + }, + "emailEmptyResults": { + "description": "Indicates if email generation should not be suppressed if search returns no results.\n", + "type": "boolean", + "default": false, + "example": false + }, + "displayQueryDetails": { + "description": "Indicates if the generated email should include the query and search results preview (which could include PII).\n", + "type": "boolean", + "default": false, + "example": false + } + }, + "required": [ + "savedSearchId", + "schedule", + "recipients" + ] + } + ], + "required": [ + "id", + "owner", + "ownerId" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "tags": [ + "Scheduled Search" + ], + "description": "Returns the specified scheduled search.", + "summary": "Get a Scheduled Search", + "operationId": "getScheduledSearch", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "responses": { + "200": { + "description": "The requested scheduled search.", + "content": { + "application/json": { + "schema": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The scheduled search ID.", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64", + "readOnly": true + }, + "owner": { + "description": "The owner of the scheduled search", + "readOnly": true, + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + }, + "ownerId": { + "description": "The ID of the scheduled search owner.\n\nPlease use the `id` in the `owner` object instead.\n", + "type": "string", + "example": "2c9180867624cbd7017642d8c8c81f67", + "readOnly": true, + "deprecated": true + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the scheduled search.\n", + "type": "string", + "example": "Daily disabled accounts", + "nullable": true + }, + "description": { + "description": "The description of the scheduled search.\n", + "type": "string", + "nullable": true, + "example": "Daily disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "savedSearchId": { + "description": "The ID of the saved search that will be executed.", + "type": "string", + "example": "554f1511-f0a1-4744-ab14-599514d3e57c" + }, + "created": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The date the scheduled search was initially created.", + "readOnly": true + }, + "modified": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The last date the scheduled search was modified.", + "readOnly": true + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "description": "A list of identities that should receive the scheduled search report via email.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + } + }, + "enabled": { + "description": "Indicates if the scheduled search is enabled.\n", + "type": "boolean", + "default": false, + "example": false + }, + "emailEmptyResults": { + "description": "Indicates if email generation should not be suppressed if search returns no results.\n", + "type": "boolean", + "default": false, + "example": false + }, + "displayQueryDetails": { + "description": "Indicates if the generated email should include the query and search results preview (which could include PII).\n", + "type": "boolean", + "default": false, + "example": false + } + }, + "required": [ + "savedSearchId", + "schedule", + "recipients" + ] + } + ], + "required": [ + "id", + "owner", + "ownerId" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "tags": [ + "Scheduled Search" + ], + "description": "Deletes the specified scheduled search.\n", + "operationId": "deleteScheduledSearch", + "summary": "Delete a Scheduled Search", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "responses": { + "204": { + "description": "No Content - Indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/scheduled-searches/{id}/unsubscribe": { + "post": { + "tags": [ + "Scheduled Search" + ], + "description": "Unsubscribes a recipient from the specified scheduled search.\n", + "operationId": "unsubscribeScheduledSearch", + "summary": "Unsubscribe a recipient from Scheduled Search", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "requestBody": { + "description": "The recipient to be removed from the scheduled search.\n", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "A typed reference to the object.\n", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "No Content - Indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + } + } + } + }, + "/search": { + "post": { + "tags": [ + "Search" + ], + "description": "Performs a search with the provided query and returns a matching result collection. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. ", + "externalDocs": { + "description": "Learn more about search.", + "url": "https://documentation.sailpoint.com/saas/help/search/index.html" + }, + "operationId": "searchPost", + "summary": "Perform Search", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "indices": { + "description": "The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.", + "externalDocs": { + "description": "Learn more about search indices here.", + "url": "https://documentation.sailpoint.com/saas/help/search/searchable-fields.html" + }, + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "queryType": { + "description": "The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.\nTo use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "DSL", + "SAILPOINT", + "TYPEAHEAD" + ], + "default": "SAILPOINT", + "example": "SAILPOINT" + }, + "queryVersion": { + "allOf": [ + { + "description": "The current Elasticserver version.", + "type": "string", + "default": "5.2", + "example": "5.2" + }, + { + "type": "string", + "description": "The version of the query object.\nThis version number will map to the version of Elasticsearch for the query strings and objects being used." + } + ] + }, + "query": { + "type": "object", + "description": "Query parameters used to construct an Elasticsearch query object.", + "properties": { + "query": { + "description": "The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.", + "type": "string", + "example": "name:a*" + }, + "fields": { + "description": "The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "name" + ] + }, + "timeZone": { + "description": "The time zone to be applied to any range query related to dates.", + "type": "string", + "example": "America/Chicago" + }, + "innerHit": { + "description": "The innerHit query object returns a flattened list of results for the specified nested type.", + "type": "object", + "required": [ + "query", + "type" + ], + "properties": { + "query": { + "description": "The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.", + "type": "string", + "example": "source.name:\\\"Active Directory\\\"" + }, + "type": { + "description": "The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document \"nested\" within another document. For example, an identity can have nested documents for access, accounts, and apps.", + "type": "string", + "example": "access" + } + } + } + } + }, + "queryDsl": { + "description": "The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.", + "type": "object", + "example": { + "match": { + "name": "john.doe" + } + } + }, + "typeAheadQuery": { + "type": "object", + "description": "Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing \"Jo\" results in top hits matching \"Jo.\" Typing \"Job\" results in top hits matching \"Job.\" ", + "required": [ + "query", + "field" + ], + "properties": { + "query": { + "description": "The type ahead query string used to construct a phrase prefix match query.", + "type": "string", + "example": "Work" + }, + "field": { + "description": "The field on which to perform the type ahead search.", + "type": "string", + "example": "source.name" + }, + "nestedType": { + "description": "The nested type.", + "type": "string", + "example": "access" + }, + "maxExpansions": { + "description": "The number of suffixes the last term will be expanded into.\nInfluences the performance of the query and the number results returned.\nValid values: 1 to 1000.", + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "default": 10, + "example": 10 + } + } + }, + "includeNested": { + "description": "Indicates whether nested objects from returned search results should be included.", + "type": "boolean", + "default": true, + "example": true + }, + "queryResultFilter": { + "type": "object", + "description": "Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.", + "properties": { + "includes": { + "description": "The list of field names to include in the result documents.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "name", + "displayName" + ] + }, + "excludes": { + "description": "The list of field names to exclude from the result documents.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "stacktrace" + ] + } + } + }, + "aggregationType": { + "description": "Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DSL", + "SAILPOINT" + ], + "default": "DSL", + "example": "DSL" + }, + "aggregationsVersion": { + "allOf": [ + { + "description": "The current Elasticserver version.", + "type": "string", + "default": "5.2", + "example": "5.2" + }, + { + "type": "string", + "description": "The version of the language being used for aggregation queries.\nThis version number will map to the version of Elasticsearch for the aggregation query object." + } + ] + }, + "aggregationsDsl": { + "description": "The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.", + "type": "object", + "example": {} + }, + "aggregations": { + "description": "The aggregation’s specifications, such as the groupings and calculations to be performed.\n", + "allOf": [ + { + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + }, + { + "type": "object", + "properties": { + "subAggregation": { + "description": "Aggregation to be performed on the result of the parent bucket aggregation.", + "allOf": [ + { + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + }, + { + "type": "object", + "properties": { + "subAggregation": { + "description": "Aggregation to be performed on the result of the parent bucket aggregation.", + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + } + } + } + ] + } + } + } + ] + }, + "sort": { + "description": "The fields to be used to sort the search results. Use + or - to specify the sort direction.", + "type": "array", + "items": { + "type": "string", + "example": [ + "displayName", + "+id" + ] + } + }, + "searchAfter": { + "description": "Used to begin the search window at the values specified.\nThis parameter consists of the last values of the sorted fields in the current record set.\nThis is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.\nIt is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.\nFor example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example [\"displayName\", \"id\"]. \nIf the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is \"John Doe\", then using that displayName and ID will start a new search after this identity.\nThe searchAfter value will look like [\"John Doe\",\"2c91808375d8e80a0175e1f88a575221\"]", + "type": "array", + "items": { + "type": "string", + "example": [ + "John Doe", + "2c91808375d8e80a0175e1f88a575221" + ] + } + }, + "filters": { + "description": "The filters to be applied for each filtered field name.", + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "example": {} + } + } + }, + "examples": { + "query-fields": { + "summary": "Query with Fields", + "value": { + "indices": [ + "identities" + ], + "query": { + "query": "\"John Doe\"", + "fields": [ + "name" + ] + } + } + }, + "query-timeZone": { + "summary": "Query with TimeZone", + "value": { + "indices": [ + "identities" + ], + "query": { + "query": "created: [2022-05-19T19:26:03.351Z TO now]", + "timeZone": "America/Los_Angeles" + } + } + }, + "query-innerHit": { + "summary": "Query with InnerHit", + "value": { + "indices": [ + "identities" + ], + "query": { + "query": "\"John Doe\"", + "innerHit": { + "type": "access", + "query": "source.name:\\\"Active Directory\\\"" + } + } + } + }, + "typeAheadQuery": { + "summary": "TypeAheadQuery", + "value": { + "indices": [ + "identities" + ], + "queryType": "TYPEAHEAD", + "typeAheadQuery": { + "field": "name", + "query": "Jo", + "maxExpansions": 50 + } + } + }, + "typeAheadQuery-nestedType": { + "summary": "TypeAheadQuery with NestedType", + "value": { + "indices": [ + "identities" + ], + "queryType": "TYPEAHEAD", + "typeAheadQuery": { + "field": "source.name", + "nestedType": "access", + "query": "Work", + "maxExpansions": 50 + } + } + }, + "filter-exists": { + "summary": "Filter with Exists", + "value": { + "indices": [ + "identities" + ], + "query": { + "query": "attributes.city:London" + }, + "filters": { + "attributes.cloudAuthoritativeSource": { + "type": "EXISTS", + "exclude": true + } + } + } + }, + "filter-range": { + "summary": "Filter with Range", + "value": { + "indices": [ + "identities" + ], + "query": { + "query": "attributes.city:London", + "timeZone": "Europe/London" + }, + "filters": { + "accessCount": { + "type": "RANGE", + "range": { + "lower": { + "value": "3" + } + } + }, + "created": { + "type": "RANGE", + "range": { + "lower": { + "value": "2019-12-01", + "inclusive": true + }, + "upper": { + "value": "2020-01-01" + } + } + } + } + } + }, + "filter-terms": { + "summary": "Filter with Terms", + "value": { + "indices": [ + "identities" + ], + "query": { + "query": "attributes.city:London" + }, + "filters": { + "source.name": { + "type": "TERMS", + "terms": [ + "HR Employees", + "Corporate Active Directory" + ], + "exclude": true + }, + "protected": { + "type": "TERMS", + "terms": [ + "true" + ] + } + } + } + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "List of matching documents.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "discriminator": { + "propertyName": "_type", + "mapping": { + "accessprofile": "../model/access/profile/AccessProfileDocument.yaml", + "accountactivity": "../model/account/activity/AccountActivityDocument.yaml", + "account": "../model/account/AccountDocument.yaml", + "aggregation": "../model/aggregation/AggregationDocument.yaml", + "entitlement": "../model/entitlement/EntitlementDocument.yaml", + "event": "../model/event/EventDocument.yaml", + "identity": "../model/identity/IdentityDocument.yaml", + "role": "../model/role/RoleDocument.yaml" + } + }, + "oneOf": [ + { + "description": "This is more of a complete representation of an access profile. ", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "entitlements": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "example": 5 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "AccountActivity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "action": { + "type": "string", + "description": "The type of action that this activity performed", + "externalDocs": { + "description": "Learn more about account activity action types", + "url": "https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data" + }, + "example": "Identity Refresh." + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "description": "The current stage of the activity", + "example": "Completed" + }, + "origin": { + "type": "string", + "nullable": true, + "example": null + }, + "status": { + "type": "string", + "description": "the current status of the activity", + "example": "Complete" + }, + "requester": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "recipient": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "trackingNumber": { + "type": "string", + "example": "61aad0c9e8134eca89e76a35e0cabe3f" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "warnings": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "approvals": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "The comment text", + "example": "This request was autoapproved by our automated ETS subscriber." + }, + "commenter": { + "type": "string", + "description": "The name of the commenter", + "example": "Automated AR Approval" + }, + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "string", + "description": "The result of the approval", + "example": "Finished" + }, + "type": { + "type": "string", + "nullable": true, + "example": null + } + } + } + }, + "originalRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "the account id", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "description": "the operation that was used", + "example": "add" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "expansionItems": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "2c91808981f58ea601821c3e93482e6f" + }, + "cause": { + "type": "string", + "example": "Role" + }, + "name": { + "type": "string", + "description": "The name of the item", + "example": "smartsheet-role" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "accountRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Unique ID of the account", + "example": "John.Doe" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "example": "Modify", + "description": "The operation that was performed" + }, + "provisioningTarget": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "object", + "properties": { + "errors": { + "type": "array", + "items": { + "type": "string", + "example": "[ConnectorError] [\n {\n \"code\": \"unrecognized_keys\",\n \"keys\": [\n \"groups\"\n ],\n \"path\": [],\n \"message\": \"Unrecognized key(s) in object: 'groups'\"\n }\n] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)" + } + }, + "status": { + "type": "string", + "description": "The status of the account request", + "example": "failed" + }, + "ticketId": { + "type": "string", + "nullable": true, + "example": null + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "sources": { + "type": "string", + "example": "smartsheet-test, airtable-v4, IdentityNow" + } + } + } + ] + }, + { + "description": "Account", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "firstName": "John", + "lastName": "Doe", + "displayName": "John.Doe" + } + }, + "identity": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "access": { + "type": "array", + "items": { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the account", + "format": "int32", + "example": 2 + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if the account is not correlated to an identity", + "example": false + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Aggregation", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "example": "Success" + }, + "duration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "avgDuration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "changedAccounts": { + "type": "integer", + "format": "int32", + "example": 1 + }, + "nextScheduled": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "startTime": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "sourceOwner": { + "type": "string", + "description": "John Doe" + } + } + } + ] + }, + { + "description": "Entitlement", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "displayName": { + "type": "string", + "description": "The display name of the entitlement", + "example": "Admin" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 3 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Event", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "action": { + "type": "string", + "description": "The action that was performed", + "example": "update" + }, + "type": { + "type": "string", + "description": "The type of event", + "example": "SYSTEM_CONFIG" + }, + "actor": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "target": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "stack": { + "type": "string", + "example": "tpe" + }, + "trackingNumber": { + "type": "string", + "example": "63f891e0735f4cc8bf1968144a1e7440" + }, + "ipAddress": { + "type": "string", + "example": "52.52.97.85" + }, + "details": { + "type": "string", + "example": "73b65dfbed1842548c207432a18c84b0" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "example": { + "pod": "stg03-useast1", + "org": "acme", + "sourceName": "SailPoint" + } + }, + "objects": { + "type": "array", + "items": { + "type": "string", + "example": "AUTHENTICATION" + } + }, + "operation": { + "type": "string", + "example": "REQUEST" + }, + "status": { + "type": "string", + "example": "PASSED" + }, + "technicalName": { + "type": "string", + "example": "AUTHENTICATION_REQUEST_PASSED" + } + } + } + ] + }, + { + "description": "Identity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "firstName": { + "type": "string", + "description": "The first name of the identity", + "example": "Carol" + }, + "lastName": { + "type": "string", + "description": "The last name of the identity", + "example": "Adams" + }, + "displayName": { + "type": "string", + "example": "Carol.Adams", + "description": "The display name of the identity" + }, + "email": { + "type": "string", + "description": "The identity's primary email address", + "example": "Carol.Adams@sailpointdemo.com" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "phone": { + "type": "string", + "description": "The phone number of the identity", + "example": "+1 440-527-3672" + }, + "inactive": { + "type": "boolean", + "description": "Indicates if the identity is inactive", + "example": false + }, + "protected": { + "type": "boolean", + "example": false + }, + "status": { + "type": "string", + "description": "The identity's status in SailPoint", + "example": "UNREGISTERED" + }, + "employeeNumber": { + "type": "string", + "example": "1a2a3d4e" + }, + "manager": { + "nullable": true, + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "isManager": { + "type": "boolean", + "description": "Indicates if this identity is a manager of other identities", + "example": false + }, + "identityProfile": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "country": "US", + "firstname": "Carol", + "cloudStatus": "UNREGISTERED" + } + }, + "processingState": { + "type": "string", + "nullable": true, + "example": null + }, + "processingDetails": { + "nullable": true, + "type": "object", + "properties": { + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "example": "In Process" + }, + "retryCount": { + "type": "integer", + "example": 0, + "format": "int32" + }, + "stackTrace": { + "type": "string", + "example": "" + }, + "message": { + "type": "string", + "example": "" + } + } + }, + "accounts": { + "type": "array", + "description": "List of accounts associated with the identity", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + } + }, + "accountCount": { + "type": "integer", + "description": "Number of accounts associated with the identity", + "format": "int32", + "example": 3 + }, + "apps": { + "type": "array", + "description": "The list of applications the identity has access to", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "account": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The SailPoint generated unique ID", + "example": "2c9180837dfe6949017e21f3d8cd6d49" + }, + "accountId": { + "type": "string", + "description": "The account ID generated by the source", + "example": "CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + } + } + } + } + } + ] + } + }, + "appCount": { + "type": "integer", + "format": "int32", + "description": "The number of applications the identity has access to", + "example": 2 + }, + "access": { + "type": "array", + "description": "The list of access items assigned to the identity", + "items": { + "discriminator": { + "propertyName": "type", + "mapping": { + "ACCESS_PROFILE": "../access/AccessProfileSummary.yaml", + "ENTITLEMENT": "../access/AccessProfileEntitlement.yaml", + "ROLE": "../access/AccessProfileRole.yaml" + } + }, + "oneOf": [ + { + "description": "This is a summary representation of an access profile.", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "revocable": { + "type": "boolean", + "example": true + } + } + } + ] + }, + { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "disabled": { + "type": "boolean" + }, + "revocable": { + "type": "boolean" + } + } + } + ] + } + ] + } + }, + "accessCount": { + "type": "integer", + "format": "int32", + "description": "The number of access items assigned to the identity", + "example": 5 + }, + "accessProfileCount": { + "type": "integer", + "description": "The number of access profiles assigned to the identity", + "example": 1 + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the identity", + "example": 10 + }, + "roleCount": { + "type": "integer", + "description": "The number of roles assigned to the identity", + "example": 1 + }, + "owns": { + "type": "object", + "properties": { + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "entitlements": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "roles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "apps": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "governanceGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "fallbackApprover": { + "type": "boolean", + "example": false + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfileCount": { + "type": "integer" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + } + ] + } + }, + "examples": { + "accessProfiles": { + "summary": "A collection of AccessProfiles", + "value": [ + { + "id": "2c9180825a6c1adc015a71c9023f0818", + "name": "Cloud Eng", + "_type": "accessprofile", + "description": "Cloud Eng", + "created": "2017-02-24T20:21:23.145Z", + "modified": "2019-05-24T20:36:04.312Z", + "synced": "2020-02-18T05:30:20.414Z", + "enabled": true, + "requestable": true, + "requestCommentsRequired": false, + "owner": { + "id": "ff8081815757d36a015757d42e56031e", + "name": "SailPoint Support", + "type": "IDENTITY", + "email": "cloud-support@sailpoint.com" + }, + "source": { + "id": "ff8081815757d4fb0157588f3d9d008f", + "name": "Employees" + }, + "entitlements": [ + { + "id": "2c918084575812550157589064f33b89", + "name": "CN=Cloud Engineering,DC=sailpoint,DC=COM", + "description": "mull", + "attribute": "memberOf", + "value": "CN=Cloud Engineering,DC=sailpoint,DC=COM" + } + ], + "entitlementCount": 1, + "tags": [ + "TAG_1", + "TAG_2" + ] + } + ] + }, + "entitlements": { + "summary": "A collection of Entitlements", + "value": [ + { + "id": "2c9180946ed0c43d016eec1a80892fbd", + "name": "entitlement.aa415ae7", + "_type": "entitlement", + "description": "null", + "attribute": "groups", + "value": "entitlement.aa415ae7", + "modified": "2019-12-09T19:19:50.154Z", + "synced": "2020-02-19T04:30:32.906Z", + "displayName": "entitlement.aa415ae7", + "source": { + "id": "2c91808b6e9e6fb8016eec1a2b6f7b5f", + "name": "ODS-HR-Employees" + }, + "privileged": false, + "identityCount": 68, + "tags": [ + "TAG_1", + "TAG_2" + ] + } + ] + }, + "events": { + "summary": "A collection of Events", + "value": [ + { + "id": "e092842f-c904-4b59-aac8-2544abeeef4b", + "name": "Update Task Schedule Passed", + "_type": "event", + "created": "2020-02-17T16:23:18.327Z", + "synced": "2020-02-17T16:23:18.388Z", + "action": "TASK_SCHEDULE_UPDATE_PASSED", + "type": "SYSTEM_CONFIG", + "actor": { + "name": "MantisTaskScheduler" + }, + "target": { + "name": "Perform provisioning activity search delete synchronization" + }, + "stack": "tpe", + "trackingNumber": "c6b98bc39ece48b080826d16c76b166c", + "ipAddress": "207.189.160.158", + "details": "null", + "attributes": { + "sourceName": "SailPoint" + }, + "objects": [ + "TASK", + "SCHEDULE" + ], + "operation": "UPDATE", + "status": "PASSED", + "technicalName": "TASK_SCHEDULE_UPDATE_PASSED" + } + ] + }, + "identities": { + "summary": "A collection of Identities", + "value": [ + { + "id": "2c9180865c45e7e3015c46c434a80622", + "name": "ad.admin", + "_type": "identity", + "firstName": "AD", + "lastName": "Admin", + "displayName": "AD Admin", + "email": "SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM", + "created": "2018-08-22T19:54:54.302Z", + "modified": "2018-08-22T19:54:54.302Z", + "synced": "2018-08-22T19:54:54.302Z", + "phone": "512-942-7578", + "inactive": false, + "protected": false, + "status": "UNREGISTERED", + "employeeNumber": "O349804", + "manager": null, + "isManager": false, + "identityProfile": { + "id": "2c918085605c8d0601606f357cb231e6", + "name": "E2E AD" + }, + "source": { + "id": "2c9180855c45b230015c46c19b9c0202", + "name": "EndToEnd-ADSource" + }, + "attributes": { + "uid": "ad.admin", + "firstname": "AD", + "cloudAuthoritativeSource": "2c9180855c45b230015c46c19b9c0202", + "cloudStatus": "UNREGISTERED", + "iplanet-am-user-alias-list": null, + "displayName": "AD Admin", + "internalCloudStatus": "UNREGISTERED", + "workPhone": "512-942-7578", + "email": "SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM", + "lastname": "Admin" + }, + "processingState": null, + "processingDetails": null, + "accounts": [ + { + "id": "2c9180865c45e7e3015c46c434a80623", + "name": "ad.admin", + "accountId": "CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local", + "source": { + "id": "2c9180855c45b230015c46c19b9c0202", + "name": "EndToEnd-ADSource", + "type": "Active Directory - Direct" + }, + "disabled": false, + "locked": false, + "privileged": false, + "manuallyCorrelated": false, + "passwordLastSet": "2018-08-22T19:54:54.302Z", + "entitlementAttributes": { + "memberOf": [ + "CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local", + "CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local" + ] + }, + "created": "2018-08-22T19:54:54.302Z" + }, + { + "id": "2c918083606d670c01606f35a30a0349", + "name": "ad.admin", + "accountId": "ad.admin", + "source": { + "id": "ff8081815c46b85b015c46b90c7c02a6", + "name": "IdentityNow", + "type": "IdentityNowConnector" + }, + "disabled": false, + "locked": false, + "privileged": false, + "manuallyCorrelated": false, + "passwordLastSet": null, + "entitlementAttributes": null, + "created": "2018-08-22T19:54:54.302Z" + } + ], + "accountCount": 2, + "apps": [ + { + "id": "22751", + "name": "ADP Workforce Now", + "source": { + "id": "2c9180855c45b230015c46e2f6a8026a", + "name": "Corporate Active Directory" + }, + "account": { + "id": "2c9180865c45efa4015c470be0de1606", + "accountId": "CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + } + } + ], + "appCount": 1, + "access": [ + { + "id": "2c918083634bc6cb01639808d40270ba", + "name": "test [AccessProfile-1527264105448]", + "displayName": "test", + "type": "ACCESS_PROFILE", + "description": "test", + "source": { + "id": "2c9180855c45b230015c46c19b9c0202", + "name": "EndToEnd-ADSource" + }, + "owner": { + "id": "2c9180865c45e7e3015c46c434a80622", + "name": "ad.admin", + "displayName": "AD Admin" + } + }, + { + "id": "2c9180865c45e7e3015c46c457c50755", + "name": "Administrators", + "displayName": "Administrators", + "type": "ENTITLEMENT", + "description": null, + "source": { + "id": "2c9180855c45b230015c46c19b9c0202", + "name": "EndToEnd-ADSource" + }, + "privileged": false, + "attribute": "memberOf", + "value": "CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local", + "standalone": false + }, + { + "id": "2c9180865decdaa5015e06598b293108", + "name": "test [cloudRole-1503345085223]", + "displayName": "test", + "type": "ROLE", + "description": "test", + "owner": { + "id": "2c9180865c45e7e3015c46c5030707a0", + "name": "will.albin", + "displayName": "Albin Will" + }, + "disabled": false + } + ], + "accessCount": 3, + "accessProfileCount": 1, + "entitlementCount": 1, + "roleCount": 1, + "tags": [ + "TAG_1", + "TAG_2" + ] + } + ] + }, + "roles": { + "summary": "A collection of Roles", + "value": [ + { + "id": "2c91808c6faadea6016fb4f2bc69077b", + "name": "IT Role", + "_type": "role", + "description": "IT role", + "created": "2020-01-17T19:20:15.040Z", + "modified": null, + "synced": "2020-02-18T05:30:20.145Z", + "enabled": true, + "requestable": false, + "requestCommentsRequired": false, + "owner": { + "id": "2c9180a46faadee4016fb4e018c20639", + "name": "Cloud Support", + "type": "IDENTITY", + "email": "thomas.edison@acme-solar.com" + }, + "accessProfiles": [ + { + "id": "2c91809c6faade77016fb4f0b63407ae", + "name": "Admin Access" + } + ], + "accessProfileCount": 1, + "tags": [ + "TAG_1", + "TAG_2" + ] + } + ] + } + } + } + }, + "headers": { + "X-Total-Count": { + "schema": { + "type": "integer" + }, + "description": "The total result count (returned only if the *count* parameter is specified as *true*).", + "example": 30 + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/search/count": { + "post": { + "tags": [ + "Search" + ], + "description": "Performs a search with a provided query and returns the count of results in the X-Total-Count header.", + "operationId": "searchCount", + "summary": "Count Documents Satisfying a Query", + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "indices": { + "description": "The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.", + "externalDocs": { + "description": "Learn more about search indices here.", + "url": "https://documentation.sailpoint.com/saas/help/search/searchable-fields.html" + }, + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "queryType": { + "description": "The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.\nTo use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "DSL", + "SAILPOINT", + "TYPEAHEAD" + ], + "default": "SAILPOINT", + "example": "SAILPOINT" + }, + "queryVersion": { + "allOf": [ + { + "description": "The current Elasticserver version.", + "type": "string", + "default": "5.2", + "example": "5.2" + }, + { + "type": "string", + "description": "The version of the query object.\nThis version number will map to the version of Elasticsearch for the query strings and objects being used." + } + ] + }, + "query": { + "type": "object", + "description": "Query parameters used to construct an Elasticsearch query object.", + "properties": { + "query": { + "description": "The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.", + "type": "string", + "example": "name:a*" + }, + "fields": { + "description": "The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "name" + ] + }, + "timeZone": { + "description": "The time zone to be applied to any range query related to dates.", + "type": "string", + "example": "America/Chicago" + }, + "innerHit": { + "description": "The innerHit query object returns a flattened list of results for the specified nested type.", + "type": "object", + "required": [ + "query", + "type" + ], + "properties": { + "query": { + "description": "The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.", + "type": "string", + "example": "source.name:\\\"Active Directory\\\"" + }, + "type": { + "description": "The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document \"nested\" within another document. For example, an identity can have nested documents for access, accounts, and apps.", + "type": "string", + "example": "access" + } + } + } + } + }, + "queryDsl": { + "description": "The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.", + "type": "object", + "example": { + "match": { + "name": "john.doe" + } + } + }, + "typeAheadQuery": { + "type": "object", + "description": "Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing \"Jo\" results in top hits matching \"Jo.\" Typing \"Job\" results in top hits matching \"Job.\" ", + "required": [ + "query", + "field" + ], + "properties": { + "query": { + "description": "The type ahead query string used to construct a phrase prefix match query.", + "type": "string", + "example": "Work" + }, + "field": { + "description": "The field on which to perform the type ahead search.", + "type": "string", + "example": "source.name" + }, + "nestedType": { + "description": "The nested type.", + "type": "string", + "example": "access" + }, + "maxExpansions": { + "description": "The number of suffixes the last term will be expanded into.\nInfluences the performance of the query and the number results returned.\nValid values: 1 to 1000.", + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "default": 10, + "example": 10 + } + } + }, + "includeNested": { + "description": "Indicates whether nested objects from returned search results should be included.", + "type": "boolean", + "default": true, + "example": true + }, + "queryResultFilter": { + "type": "object", + "description": "Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.", + "properties": { + "includes": { + "description": "The list of field names to include in the result documents.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "name", + "displayName" + ] + }, + "excludes": { + "description": "The list of field names to exclude from the result documents.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "stacktrace" + ] + } + } + }, + "aggregationType": { + "description": "Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DSL", + "SAILPOINT" + ], + "default": "DSL", + "example": "DSL" + }, + "aggregationsVersion": { + "allOf": [ + { + "description": "The current Elasticserver version.", + "type": "string", + "default": "5.2", + "example": "5.2" + }, + { + "type": "string", + "description": "The version of the language being used for aggregation queries.\nThis version number will map to the version of Elasticsearch for the aggregation query object." + } + ] + }, + "aggregationsDsl": { + "description": "The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.", + "type": "object", + "example": {} + }, + "aggregations": { + "description": "The aggregation’s specifications, such as the groupings and calculations to be performed.\n", + "allOf": [ + { + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + }, + { + "type": "object", + "properties": { + "subAggregation": { + "description": "Aggregation to be performed on the result of the parent bucket aggregation.", + "allOf": [ + { + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + }, + { + "type": "object", + "properties": { + "subAggregation": { + "description": "Aggregation to be performed on the result of the parent bucket aggregation.", + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + } + } + } + ] + } + } + } + ] + }, + "sort": { + "description": "The fields to be used to sort the search results. Use + or - to specify the sort direction.", + "type": "array", + "items": { + "type": "string", + "example": [ + "displayName", + "+id" + ] + } + }, + "searchAfter": { + "description": "Used to begin the search window at the values specified.\nThis parameter consists of the last values of the sorted fields in the current record set.\nThis is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.\nIt is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.\nFor example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example [\"displayName\", \"id\"]. \nIf the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is \"John Doe\", then using that displayName and ID will start a new search after this identity.\nThe searchAfter value will look like [\"John Doe\",\"2c91808375d8e80a0175e1f88a575221\"]", + "type": "array", + "items": { + "type": "string", + "example": [ + "John Doe", + "2c91808375d8e80a0175e1f88a575221" + ] + } + }, + "filters": { + "description": "The filters to be applied for each filtered field name.", + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "example": {} + } + } + }, + "examples": { + "query-timeZone": { + "summary": "Query with TimeZone", + "value": { + "indices": [ + "identities" + ], + "query": { + "query": "created: [2022-05-19T19:26:03.351Z TO now]", + "timeZone": "America/Los_Angeles" + } + } + } + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response.", + "headers": { + "X-Total-Count": { + "description": "The total result count.", + "schema": { + "type": "integer" + }, + "example": 5 + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/search/aggregate": { + "post": { + "tags": [ + "Search" + ], + "description": "Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. ", + "operationId": "searchAggregate", + "summary": "Perform a Search Query Aggregation", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "indices": { + "description": "The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.", + "externalDocs": { + "description": "Learn more about search indices here.", + "url": "https://documentation.sailpoint.com/saas/help/search/searchable-fields.html" + }, + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "queryType": { + "description": "The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.\nTo use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "DSL", + "SAILPOINT", + "TYPEAHEAD" + ], + "default": "SAILPOINT", + "example": "SAILPOINT" + }, + "queryVersion": { + "allOf": [ + { + "description": "The current Elasticserver version.", + "type": "string", + "default": "5.2", + "example": "5.2" + }, + { + "type": "string", + "description": "The version of the query object.\nThis version number will map to the version of Elasticsearch for the query strings and objects being used." + } + ] + }, + "query": { + "type": "object", + "description": "Query parameters used to construct an Elasticsearch query object.", + "properties": { + "query": { + "description": "The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.", + "type": "string", + "example": "name:a*" + }, + "fields": { + "description": "The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "name" + ] + }, + "timeZone": { + "description": "The time zone to be applied to any range query related to dates.", + "type": "string", + "example": "America/Chicago" + }, + "innerHit": { + "description": "The innerHit query object returns a flattened list of results for the specified nested type.", + "type": "object", + "required": [ + "query", + "type" + ], + "properties": { + "query": { + "description": "The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.", + "type": "string", + "example": "source.name:\\\"Active Directory\\\"" + }, + "type": { + "description": "The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document \"nested\" within another document. For example, an identity can have nested documents for access, accounts, and apps.", + "type": "string", + "example": "access" + } + } + } + } + }, + "queryDsl": { + "description": "The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.", + "type": "object", + "example": { + "match": { + "name": "john.doe" + } + } + }, + "typeAheadQuery": { + "type": "object", + "description": "Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing \"Jo\" results in top hits matching \"Jo.\" Typing \"Job\" results in top hits matching \"Job.\" ", + "required": [ + "query", + "field" + ], + "properties": { + "query": { + "description": "The type ahead query string used to construct a phrase prefix match query.", + "type": "string", + "example": "Work" + }, + "field": { + "description": "The field on which to perform the type ahead search.", + "type": "string", + "example": "source.name" + }, + "nestedType": { + "description": "The nested type.", + "type": "string", + "example": "access" + }, + "maxExpansions": { + "description": "The number of suffixes the last term will be expanded into.\nInfluences the performance of the query and the number results returned.\nValid values: 1 to 1000.", + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "default": 10, + "example": 10 + } + } + }, + "includeNested": { + "description": "Indicates whether nested objects from returned search results should be included.", + "type": "boolean", + "default": true, + "example": true + }, + "queryResultFilter": { + "type": "object", + "description": "Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.", + "properties": { + "includes": { + "description": "The list of field names to include in the result documents.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "name", + "displayName" + ] + }, + "excludes": { + "description": "The list of field names to exclude from the result documents.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "stacktrace" + ] + } + } + }, + "aggregationType": { + "description": "Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DSL", + "SAILPOINT" + ], + "default": "DSL", + "example": "DSL" + }, + "aggregationsVersion": { + "allOf": [ + { + "description": "The current Elasticserver version.", + "type": "string", + "default": "5.2", + "example": "5.2" + }, + { + "type": "string", + "description": "The version of the language being used for aggregation queries.\nThis version number will map to the version of Elasticsearch for the aggregation query object." + } + ] + }, + "aggregationsDsl": { + "description": "The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.", + "type": "object", + "example": {} + }, + "aggregations": { + "description": "The aggregation’s specifications, such as the groupings and calculations to be performed.\n", + "allOf": [ + { + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + }, + { + "type": "object", + "properties": { + "subAggregation": { + "description": "Aggregation to be performed on the result of the parent bucket aggregation.", + "allOf": [ + { + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + }, + { + "type": "object", + "properties": { + "subAggregation": { + "description": "Aggregation to be performed on the result of the parent bucket aggregation.", + "type": "object", + "properties": { + "nested": { + "type": "object", + "description": "The nested aggregation object.", + "required": [ + "name", + "type" + ], + "properties": { + "name": { + "description": "The name of the nested aggregate to be included in the result.", + "type": "string", + "example": "id" + }, + "type": { + "description": "The type of the nested object.", + "type": "string", + "example": "access" + } + } + }, + "metric": { + "type": "object", + "description": "The calculation done on the results of the query", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the metric aggregate to be included in the result.\nIf the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.", + "type": "string", + "example": "Access Name Count" + }, + "type": { + "description": "Enum representing the currently supported metric aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "COUNT", + "UNIQUE_COUNT", + "AVG", + "SUM", + "MEDIAN", + "MIN", + "MAX" + ], + "default": "UNIQUE_COUNT", + "example": "COUNT" + }, + "field": { + "description": "The field the calculation is performed on.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "@access.name" + } + } + }, + "filter": { + "type": "object", + "description": "An additional filter to constrain the results of the search query.", + "required": [ + "name", + "field", + "value" + ], + "properties": { + "name": { + "description": "The name of the filter aggregate to be included in the result.", + "type": "string", + "example": "Entitlements" + }, + "type": { + "description": "Enum representing the currently supported filter aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERM" + ], + "default": "TERM", + "example": "TERM" + }, + "field": { + "description": "The search field to apply the filter to.\n\nPrefix the field name with '@' to reference a nested object.\n", + "type": "string", + "example": "access.type" + }, + "value": { + "description": "The value to filter on.", + "type": "string", + "example": "ENTITLEMENT" + } + } + }, + "bucket": { + "type": "object", + "description": "The bucket to group the results of the aggregation query by.", + "required": [ + "name", + "field" + ], + "properties": { + "name": { + "description": "The name of the bucket aggregate to be included in the result.", + "type": "string", + "example": "Identity Locations" + }, + "type": { + "description": "Enum representing the currently supported bucket aggregation types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "TERMS" + ], + "default": "TERMS", + "example": "TERMS" + }, + "field": { + "description": "The field to bucket on.\nPrefix the field name with '@' to reference a nested object.", + "type": "string", + "example": "attributes.city" + }, + "size": { + "description": "Maximum number of buckets to include.", + "type": "integer", + "format": "int32", + "example": 100 + }, + "minDocCount": { + "description": "Minimum number of documents a bucket should have.", + "type": "integer", + "format": "int32", + "example": 2 + } + } + } + } + } + } + } + ] + } + } + } + ] + }, + "sort": { + "description": "The fields to be used to sort the search results. Use + or - to specify the sort direction.", + "type": "array", + "items": { + "type": "string", + "example": [ + "displayName", + "+id" + ] + } + }, + "searchAfter": { + "description": "Used to begin the search window at the values specified.\nThis parameter consists of the last values of the sorted fields in the current record set.\nThis is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.\nIt is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.\nFor example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example [\"displayName\", \"id\"]. \nIf the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is \"John Doe\", then using that displayName and ID will start a new search after this identity.\nThe searchAfter value will look like [\"John Doe\",\"2c91808375d8e80a0175e1f88a575221\"]", + "type": "array", + "items": { + "type": "string", + "example": [ + "John Doe", + "2c91808375d8e80a0175e1f88a575221" + ] + } + }, + "filters": { + "description": "The filters to be applied for each filtered field name.", + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "example": {} + } + } + }, + "examples": { + "metricAggregation": { + "summary": "MetricAggregation", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "SAILPOINT", + "aggregations": { + "metric": { + "name": "How Many Locations", + "type": "UNIQUE_COUNT", + "field": "attributes.city" + } + } + } + }, + "metricAggregation-dsl": { + "summary": "MetricAggregation using DSL", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "DSL", + "aggregationsDsl": { + "How Many Locations": { + "cardinality": { + "field": "attributes.city.exact" + } + } + } + } + }, + "bucketAggregation": { + "summary": "BucketAggregation", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "SAILPOINT", + "aggregations": { + "bucket": { + "name": "Identity Locations", + "type": "TERMS", + "field": "attributes.city" + } + } + } + }, + "bucketAggregation-dsl": { + "summary": "BucketAggregation using DSL", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "DSL", + "aggregationsDsl": { + "Identity Locations": { + "terms": { + "field": "attributes.city.exact" + } + } + } + } + }, + "nestedAggregation-bucketAggregation": { + "summary": "NestedAggregation with BucketAggregation", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "SAILPOINT", + "aggregations": { + "nested": { + "name": "Access", + "field": "access", + "type": "TERMS" + }, + "bucket": { + "name": "Access Source Name", + "type": "TERMS", + "field": "access.source.name" + } + } + } + }, + "nestedAggregation-bucketAggregation-dsl": { + "summary": "NestedAggregation with BucketAggregation using DSL", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "DSL", + "aggregationsDsl": { + "access": { + "nested": { + "path": "access" + }, + "aggs": { + "Access Source Name": { + "terms": { + "field": "access.source.name.exact" + } + } + } + } + } + } + }, + "nestedAggregation-filterAggregation-bucketAggregation": { + "summary": "NestedAggregation with FilterAggregation and BucketAggregation", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "SAILPOINT", + "aggregations": { + "nested": { + "name": "Access", + "field": "access", + "type": "TERMS" + }, + "filter": { + "name": "Entitlements", + "field": "access.type", + "value": "ENTITLEMENT" + }, + "bucket": { + "name": "Access Name", + "type": "TERMS", + "field": "access.name" + } + } + } + }, + "nestedAggregation-filterAggregation-bucketAggregation-dsl": { + "summary": "NestedAggregation with FilterAggregation and BucketAggregation using DSL", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "DSL", + "aggregationsDsl": { + "access": { + "nested": { + "path": "access" + }, + "aggs": { + "Entitlements": { + "filter": { + "term": { + "access.type": "ENTITLEMENT" + } + }, + "aggs": { + "Access Name": { + "terms": { + "field": "access.name.exact" + } + } + } + } + } + } + } + } + }, + "bucketAggregation-subAggregation": { + "summary": "BucketAggregation with SubAggregation", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "SAILPOINT", + "aggregations": { + "bucket": { + "name": "Identity Department", + "type": "TERMS", + "field": "attributes.department" + }, + "subAggregation": { + "bucket": { + "name": "Identity Locations", + "type": "TERMS", + "field": "attributes.city" + } + } + } + } + }, + "bucketAggregation-subAggregation-dsl": { + "summary": "BucketAggregation with SubAggregation using DSL", + "value": { + "indices": [ + "aggregations" + ], + "aggregationType": "DSL", + "aggregationsDsl": { + "Identity Department": { + "terms": { + "field": "attributes.department.exact" + }, + "aggs": { + "Identity Locations": { + "terms": { + "field": "attributes.city.exact" + } + } + } + } + } + } + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Aggregation results.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "aggregations": { + "type": "object", + "description": "The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run.\n\nSee Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) documentation for information.\n", + "example": { + "Identity Locations": { + "buckets": [ + { + "key": "Austin", + "doc_count": 109 + }, + { + "key": "London", + "doc_count": 64 + }, + { + "key": "San Jose", + "doc_count": 27 + }, + { + "key": "Brussels", + "doc_count": 26 + }, + { + "key": "Sao Paulo", + "doc_count": 24 + }, + { + "key": "Munich", + "doc_count": 23 + }, + { + "key": "Singapore", + "doc_count": 22 + }, + { + "key": "Tokyo", + "doc_count": 20 + }, + { + "key": "Taipei", + "doc_count": 16 + } + ] + } + } + }, + "hits": { + "description": "The results of the aggregation search query.\n", + "type": "array", + "items": { + "discriminator": { + "propertyName": "_type", + "mapping": { + "accessprofile": "../model/access/profile/AccessProfileDocument.yaml", + "accountactivity": "../model/account/activity/AccountActivityDocument.yaml", + "account": "../model/account/AccountDocument.yaml", + "aggregation": "../model/aggregation/AggregationDocument.yaml", + "entitlement": "../model/entitlement/EntitlementDocument.yaml", + "event": "../model/event/EventDocument.yaml", + "identity": "../model/identity/IdentityDocument.yaml", + "role": "../model/role/RoleDocument.yaml" + } + }, + "oneOf": [ + { + "description": "This is more of a complete representation of an access profile. ", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "entitlements": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "example": 5 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "AccountActivity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "action": { + "type": "string", + "description": "The type of action that this activity performed", + "externalDocs": { + "description": "Learn more about account activity action types", + "url": "https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data" + }, + "example": "Identity Refresh." + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "description": "The current stage of the activity", + "example": "Completed" + }, + "origin": { + "type": "string", + "nullable": true, + "example": null + }, + "status": { + "type": "string", + "description": "the current status of the activity", + "example": "Complete" + }, + "requester": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "recipient": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "trackingNumber": { + "type": "string", + "example": "61aad0c9e8134eca89e76a35e0cabe3f" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "warnings": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "approvals": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "The comment text", + "example": "This request was autoapproved by our automated ETS subscriber." + }, + "commenter": { + "type": "string", + "description": "The name of the commenter", + "example": "Automated AR Approval" + }, + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "string", + "description": "The result of the approval", + "example": "Finished" + }, + "type": { + "type": "string", + "nullable": true, + "example": null + } + } + } + }, + "originalRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "the account id", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "description": "the operation that was used", + "example": "add" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "expansionItems": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "2c91808981f58ea601821c3e93482e6f" + }, + "cause": { + "type": "string", + "example": "Role" + }, + "name": { + "type": "string", + "description": "The name of the item", + "example": "smartsheet-role" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "accountRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Unique ID of the account", + "example": "John.Doe" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "example": "Modify", + "description": "The operation that was performed" + }, + "provisioningTarget": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "object", + "properties": { + "errors": { + "type": "array", + "items": { + "type": "string", + "example": "[ConnectorError] [\n {\n \"code\": \"unrecognized_keys\",\n \"keys\": [\n \"groups\"\n ],\n \"path\": [],\n \"message\": \"Unrecognized key(s) in object: 'groups'\"\n }\n] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)" + } + }, + "status": { + "type": "string", + "description": "The status of the account request", + "example": "failed" + }, + "ticketId": { + "type": "string", + "nullable": true, + "example": null + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "sources": { + "type": "string", + "example": "smartsheet-test, airtable-v4, IdentityNow" + } + } + } + ] + }, + { + "description": "Account", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "firstName": "John", + "lastName": "Doe", + "displayName": "John.Doe" + } + }, + "identity": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "access": { + "type": "array", + "items": { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the account", + "format": "int32", + "example": 2 + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if the account is not correlated to an identity", + "example": false + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Aggregation", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "example": "Success" + }, + "duration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "avgDuration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "changedAccounts": { + "type": "integer", + "format": "int32", + "example": 1 + }, + "nextScheduled": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "startTime": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "sourceOwner": { + "type": "string", + "description": "John Doe" + } + } + } + ] + }, + { + "description": "Entitlement", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "displayName": { + "type": "string", + "description": "The display name of the entitlement", + "example": "Admin" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 3 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Event", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "action": { + "type": "string", + "description": "The action that was performed", + "example": "update" + }, + "type": { + "type": "string", + "description": "The type of event", + "example": "SYSTEM_CONFIG" + }, + "actor": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "target": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "stack": { + "type": "string", + "example": "tpe" + }, + "trackingNumber": { + "type": "string", + "example": "63f891e0735f4cc8bf1968144a1e7440" + }, + "ipAddress": { + "type": "string", + "example": "52.52.97.85" + }, + "details": { + "type": "string", + "example": "73b65dfbed1842548c207432a18c84b0" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "example": { + "pod": "stg03-useast1", + "org": "acme", + "sourceName": "SailPoint" + } + }, + "objects": { + "type": "array", + "items": { + "type": "string", + "example": "AUTHENTICATION" + } + }, + "operation": { + "type": "string", + "example": "REQUEST" + }, + "status": { + "type": "string", + "example": "PASSED" + }, + "technicalName": { + "type": "string", + "example": "AUTHENTICATION_REQUEST_PASSED" + } + } + } + ] + }, + { + "description": "Identity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "firstName": { + "type": "string", + "description": "The first name of the identity", + "example": "Carol" + }, + "lastName": { + "type": "string", + "description": "The last name of the identity", + "example": "Adams" + }, + "displayName": { + "type": "string", + "example": "Carol.Adams", + "description": "The display name of the identity" + }, + "email": { + "type": "string", + "description": "The identity's primary email address", + "example": "Carol.Adams@sailpointdemo.com" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "phone": { + "type": "string", + "description": "The phone number of the identity", + "example": "+1 440-527-3672" + }, + "inactive": { + "type": "boolean", + "description": "Indicates if the identity is inactive", + "example": false + }, + "protected": { + "type": "boolean", + "example": false + }, + "status": { + "type": "string", + "description": "The identity's status in SailPoint", + "example": "UNREGISTERED" + }, + "employeeNumber": { + "type": "string", + "example": "1a2a3d4e" + }, + "manager": { + "nullable": true, + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "isManager": { + "type": "boolean", + "description": "Indicates if this identity is a manager of other identities", + "example": false + }, + "identityProfile": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "country": "US", + "firstname": "Carol", + "cloudStatus": "UNREGISTERED" + } + }, + "processingState": { + "type": "string", + "nullable": true, + "example": null + }, + "processingDetails": { + "nullable": true, + "type": "object", + "properties": { + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "example": "In Process" + }, + "retryCount": { + "type": "integer", + "example": 0, + "format": "int32" + }, + "stackTrace": { + "type": "string", + "example": "" + }, + "message": { + "type": "string", + "example": "" + } + } + }, + "accounts": { + "type": "array", + "description": "List of accounts associated with the identity", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + } + }, + "accountCount": { + "type": "integer", + "description": "Number of accounts associated with the identity", + "format": "int32", + "example": 3 + }, + "apps": { + "type": "array", + "description": "The list of applications the identity has access to", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "account": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The SailPoint generated unique ID", + "example": "2c9180837dfe6949017e21f3d8cd6d49" + }, + "accountId": { + "type": "string", + "description": "The account ID generated by the source", + "example": "CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + } + } + } + } + } + ] + } + }, + "appCount": { + "type": "integer", + "format": "int32", + "description": "The number of applications the identity has access to", + "example": 2 + }, + "access": { + "type": "array", + "description": "The list of access items assigned to the identity", + "items": { + "discriminator": { + "propertyName": "type", + "mapping": { + "ACCESS_PROFILE": "../access/AccessProfileSummary.yaml", + "ENTITLEMENT": "../access/AccessProfileEntitlement.yaml", + "ROLE": "../access/AccessProfileRole.yaml" + } + }, + "oneOf": [ + { + "description": "This is a summary representation of an access profile.", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "revocable": { + "type": "boolean", + "example": true + } + } + } + ] + }, + { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "disabled": { + "type": "boolean" + }, + "revocable": { + "type": "boolean" + } + } + } + ] + } + ] + } + }, + "accessCount": { + "type": "integer", + "format": "int32", + "description": "The number of access items assigned to the identity", + "example": 5 + }, + "accessProfileCount": { + "type": "integer", + "description": "The number of access profiles assigned to the identity", + "example": 1 + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the identity", + "example": 10 + }, + "roleCount": { + "type": "integer", + "description": "The number of roles assigned to the identity", + "example": 1 + }, + "owns": { + "type": "object", + "properties": { + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "entitlements": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "roles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "apps": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "governanceGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "fallbackApprover": { + "type": "boolean", + "example": false + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfileCount": { + "type": "integer" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + } + ] + } + } + } + } + }, + "text/csv": { + "schema": { + "description": "If the *Accept:text/csv* header is specified and the *aggregationType* parameter in the request body is *SAILPOINT*,\n\nthe aggregation result will be returned as a CSV document.\n", + "type": "string", + "example": [ + "Identity Locations,Count", + "Munich,23", + "Brussels,26", + "Singapore,22", + "Tokyo,20", + "Taipei,16", + "London,64", + "Austin,109", + "Sao Paulo,24", + "San Jose,27" + ] + } + } + }, + "headers": { + "X-Total-Count": { + "description": "The total result count (returned only if the *count* parameter is specified as *true*).", + "schema": { + "type": "integer" + }, + "example": 5 + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/search/{index}/{id}": { + "get": { + "tags": [ + "Search" + ], + "description": "Fetches a single document from the specified index, using the specified document ID.", + "operationId": "searchGet", + "summary": "Get a Document by ID", + "parameters": [ + { + "in": "path", + "name": "index", + "description": "The index from which to fetch the specified document.\n\nThe currently supported index names are: *accessprofiles*, *accountactivities*, *accounts*, *aggregations*, *entitlements*, *events*, *identities*, and *roles*.\n", + "schema": { + "type": "string" + }, + "required": true, + "example": "accounts" + }, + { + "in": "path", + "name": "id", + "description": "ID of the requested document.", + "schema": { + "type": "string" + }, + "required": true, + "example": "2c91808568c529c60168cca6f90c1313" + } + ], + "responses": { + "200": { + "description": "The requested document.", + "content": { + "application/json": { + "schema": { + "discriminator": { + "propertyName": "_type", + "mapping": { + "accessprofile": "../model/access/profile/AccessProfileDocument.yaml", + "accountactivity": "../model/account/activity/AccountActivityDocument.yaml", + "account": "../model/account/AccountDocument.yaml", + "aggregation": "../model/aggregation/AggregationDocument.yaml", + "entitlement": "../model/entitlement/EntitlementDocument.yaml", + "event": "../model/event/EventDocument.yaml", + "identity": "../model/identity/IdentityDocument.yaml", + "role": "../model/role/RoleDocument.yaml" + } + }, + "oneOf": [ + { + "description": "This is more of a complete representation of an access profile. ", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "entitlements": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "example": 5 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "AccountActivity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "action": { + "type": "string", + "description": "The type of action that this activity performed", + "externalDocs": { + "description": "Learn more about account activity action types", + "url": "https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data" + }, + "example": "Identity Refresh." + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "description": "The current stage of the activity", + "example": "Completed" + }, + "origin": { + "type": "string", + "nullable": true, + "example": null + }, + "status": { + "type": "string", + "description": "the current status of the activity", + "example": "Complete" + }, + "requester": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "recipient": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "trackingNumber": { + "type": "string", + "example": "61aad0c9e8134eca89e76a35e0cabe3f" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "warnings": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "approvals": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "The comment text", + "example": "This request was autoapproved by our automated ETS subscriber." + }, + "commenter": { + "type": "string", + "description": "The name of the commenter", + "example": "Automated AR Approval" + }, + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "string", + "description": "The result of the approval", + "example": "Finished" + }, + "type": { + "type": "string", + "nullable": true, + "example": null + } + } + } + }, + "originalRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "the account id", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "description": "the operation that was used", + "example": "add" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "expansionItems": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "2c91808981f58ea601821c3e93482e6f" + }, + "cause": { + "type": "string", + "example": "Role" + }, + "name": { + "type": "string", + "description": "The name of the item", + "example": "smartsheet-role" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "accountRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Unique ID of the account", + "example": "John.Doe" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "example": "Modify", + "description": "The operation that was performed" + }, + "provisioningTarget": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "object", + "properties": { + "errors": { + "type": "array", + "items": { + "type": "string", + "example": "[ConnectorError] [\n {\n \"code\": \"unrecognized_keys\",\n \"keys\": [\n \"groups\"\n ],\n \"path\": [],\n \"message\": \"Unrecognized key(s) in object: 'groups'\"\n }\n] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)" + } + }, + "status": { + "type": "string", + "description": "The status of the account request", + "example": "failed" + }, + "ticketId": { + "type": "string", + "nullable": true, + "example": null + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "sources": { + "type": "string", + "example": "smartsheet-test, airtable-v4, IdentityNow" + } + } + } + ] + }, + { + "description": "Account", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "firstName": "John", + "lastName": "Doe", + "displayName": "John.Doe" + } + }, + "identity": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "access": { + "type": "array", + "items": { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the account", + "format": "int32", + "example": 2 + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if the account is not correlated to an identity", + "example": false + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Aggregation", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "example": "Success" + }, + "duration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "avgDuration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "changedAccounts": { + "type": "integer", + "format": "int32", + "example": 1 + }, + "nextScheduled": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "startTime": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "sourceOwner": { + "type": "string", + "description": "John Doe" + } + } + } + ] + }, + { + "description": "Entitlement", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "displayName": { + "type": "string", + "description": "The display name of the entitlement", + "example": "Admin" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 3 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Event", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "action": { + "type": "string", + "description": "The action that was performed", + "example": "update" + }, + "type": { + "type": "string", + "description": "The type of event", + "example": "SYSTEM_CONFIG" + }, + "actor": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "target": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "stack": { + "type": "string", + "example": "tpe" + }, + "trackingNumber": { + "type": "string", + "example": "63f891e0735f4cc8bf1968144a1e7440" + }, + "ipAddress": { + "type": "string", + "example": "52.52.97.85" + }, + "details": { + "type": "string", + "example": "73b65dfbed1842548c207432a18c84b0" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "example": { + "pod": "stg03-useast1", + "org": "acme", + "sourceName": "SailPoint" + } + }, + "objects": { + "type": "array", + "items": { + "type": "string", + "example": "AUTHENTICATION" + } + }, + "operation": { + "type": "string", + "example": "REQUEST" + }, + "status": { + "type": "string", + "example": "PASSED" + }, + "technicalName": { + "type": "string", + "example": "AUTHENTICATION_REQUEST_PASSED" + } + } + } + ] + }, + { + "description": "Identity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "firstName": { + "type": "string", + "description": "The first name of the identity", + "example": "Carol" + }, + "lastName": { + "type": "string", + "description": "The last name of the identity", + "example": "Adams" + }, + "displayName": { + "type": "string", + "example": "Carol.Adams", + "description": "The display name of the identity" + }, + "email": { + "type": "string", + "description": "The identity's primary email address", + "example": "Carol.Adams@sailpointdemo.com" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "phone": { + "type": "string", + "description": "The phone number of the identity", + "example": "+1 440-527-3672" + }, + "inactive": { + "type": "boolean", + "description": "Indicates if the identity is inactive", + "example": false + }, + "protected": { + "type": "boolean", + "example": false + }, + "status": { + "type": "string", + "description": "The identity's status in SailPoint", + "example": "UNREGISTERED" + }, + "employeeNumber": { + "type": "string", + "example": "1a2a3d4e" + }, + "manager": { + "nullable": true, + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "isManager": { + "type": "boolean", + "description": "Indicates if this identity is a manager of other identities", + "example": false + }, + "identityProfile": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "country": "US", + "firstname": "Carol", + "cloudStatus": "UNREGISTERED" + } + }, + "processingState": { + "type": "string", + "nullable": true, + "example": null + }, + "processingDetails": { + "nullable": true, + "type": "object", + "properties": { + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "example": "In Process" + }, + "retryCount": { + "type": "integer", + "example": 0, + "format": "int32" + }, + "stackTrace": { + "type": "string", + "example": "" + }, + "message": { + "type": "string", + "example": "" + } + } + }, + "accounts": { + "type": "array", + "description": "List of accounts associated with the identity", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + } + }, + "accountCount": { + "type": "integer", + "description": "Number of accounts associated with the identity", + "format": "int32", + "example": 3 + }, + "apps": { + "type": "array", + "description": "The list of applications the identity has access to", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "account": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The SailPoint generated unique ID", + "example": "2c9180837dfe6949017e21f3d8cd6d49" + }, + "accountId": { + "type": "string", + "description": "The account ID generated by the source", + "example": "CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + } + } + } + } + } + ] + } + }, + "appCount": { + "type": "integer", + "format": "int32", + "description": "The number of applications the identity has access to", + "example": 2 + }, + "access": { + "type": "array", + "description": "The list of access items assigned to the identity", + "items": { + "discriminator": { + "propertyName": "type", + "mapping": { + "ACCESS_PROFILE": "../access/AccessProfileSummary.yaml", + "ENTITLEMENT": "../access/AccessProfileEntitlement.yaml", + "ROLE": "../access/AccessProfileRole.yaml" + } + }, + "oneOf": [ + { + "description": "This is a summary representation of an access profile.", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "revocable": { + "type": "boolean", + "example": true + } + } + } + ] + }, + { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "disabled": { + "type": "boolean" + }, + "revocable": { + "type": "boolean" + } + } + } + ] + } + ] + } + }, + "accessCount": { + "type": "integer", + "format": "int32", + "description": "The number of access items assigned to the identity", + "example": 5 + }, + "accessProfileCount": { + "type": "integer", + "description": "The number of access profiles assigned to the identity", + "example": 1 + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the identity", + "example": 10 + }, + "roleCount": { + "type": "integer", + "description": "The number of roles assigned to the identity", + "example": 1 + }, + "owns": { + "type": "object", + "properties": { + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "entitlements": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "roles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "apps": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "governanceGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "fallbackApprover": { + "type": "boolean", + "example": false + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfileCount": { + "type": "integer" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + } + ] + }, + "examples": { + "accessProfile": { + "summary": "AccessProfile", + "value": { + "id": "2c9180825a6c1adc015a71c9023f0818", + "name": "Cloud Eng", + "_type": "accessprofile", + "description": "Cloud Eng", + "created": "2017-02-24T20:21:23.145Z", + "modified": "2019-05-24T20:36:04.312Z", + "synced": "2020-02-18T05:30:20.414Z", + "enabled": true, + "requestable": true, + "requestCommentsRequired": false, + "owner": { + "id": "ff8081815757d36a015757d42e56031e", + "name": "SailPoint Support", + "type": "IDENTITY", + "email": "cloud-support@sailpoint.com" + }, + "source": { + "id": "ff8081815757d4fb0157588f3d9d008f", + "name": "Employees" + }, + "entitlements": [ + { + "id": "2c918084575812550157589064f33b89", + "name": "CN=Cloud Engineering,DC=sailpoint,DC=COM", + "description": "mull", + "attribute": "memberOf", + "value": "CN=Cloud Engineering,DC=sailpoint,DC=COM" + } + ], + "entitlementCount": 1, + "tags": [ + "TAG_1", + "TAG_2" + ] + } + }, + "entitlement": { + "summary": "Entitlement", + "value": { + "id": "2c9180946ed0c43d016eec1a80892fbd", + "name": "entitlement.aa415ae7", + "_type": "entitlement", + "description": "null", + "attribute": "groups", + "value": "entitlement.aa415ae7", + "modified": "2019-12-09T19:19:50.154Z", + "synced": "2020-02-19T04:30:32.906Z", + "displayName": "entitlement.aa415ae7", + "source": { + "id": "2c91808b6e9e6fb8016eec1a2b6f7b5f", + "name": "ODS-HR-Employees" + }, + "privileged": false, + "identityCount": 68, + "tags": [ + "TAG_1", + "TAG_2" + ] + } + }, + "event": { + "summary": "Event", + "value": { + "id": "e092842f-c904-4b59-aac8-2544abeeef4b", + "name": "Update Task Schedule Passed", + "_type": "event", + "created": "2020-02-17T16:23:18.327Z", + "synced": "2020-02-17T16:23:18.388Z", + "action": "TASK_SCHEDULE_UPDATE_PASSED", + "type": "SYSTEM_CONFIG", + "actor": { + "name": "MantisTaskScheduler" + }, + "target": { + "name": "Perform provisioning activity search delete synchronization" + }, + "stack": "tpe", + "trackingNumber": "c6b98bc39ece48b080826d16c76b166c", + "ipAddress": "207.189.160.158", + "details": "null", + "attributes": { + "sourceName": "SailPoint" + }, + "objects": [ + "TASK", + "SCHEDULE" + ], + "operation": "UPDATE", + "status": "PASSED", + "technicalName": "TASK_SCHEDULE_UPDATE_PASSED" + } + }, + "identity": { + "summary": "Identity", + "value": { + "id": "2c9180865c45e7e3015c46c434a80622", + "name": "ad.admin", + "_type": "identity", + "firstName": "AD", + "lastName": "Admin", + "displayName": "AD Admin", + "email": "SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM", + "created": "2018-08-22T19:54:54.302Z", + "modified": "2018-08-22T19:54:54.302Z", + "synced": "2018-08-22T19:54:54.302Z", + "phone": "512-942-7578", + "inactive": false, + "protected": false, + "status": "UNREGISTERED", + "employeeNumber": "O349804", + "manager": null, + "isManager": false, + "identityProfile": { + "id": "2c918085605c8d0601606f357cb231e6", + "name": "E2E AD" + }, + "source": { + "id": "2c9180855c45b230015c46c19b9c0202", + "name": "EndToEnd-ADSource" + }, + "attributes": { + "uid": "ad.admin", + "firstname": "AD", + "cloudAuthoritativeSource": "2c9180855c45b230015c46c19b9c0202", + "cloudStatus": "UNREGISTERED", + "iplanet-am-user-alias-list": null, + "displayName": "AD Admin", + "internalCloudStatus": "UNREGISTERED", + "workPhone": "512-942-7578", + "email": "SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM", + "lastname": "Admin" + }, + "processingState": null, + "processingDetails": null, + "accounts": [ + { + "id": "2c9180865c45e7e3015c46c434a80623", + "name": "ad.admin", + "accountId": "CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local", + "source": { + "id": "2c9180855c45b230015c46c19b9c0202", + "name": "EndToEnd-ADSource", + "type": "Active Directory - Direct" + }, + "disabled": false, + "locked": false, + "privileged": false, + "manuallyCorrelated": false, + "passwordLastSet": "2018-08-22T19:54:54.302Z", + "entitlementAttributes": { + "memberOf": [ + "CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local", + "CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local", + "CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local" + ] + }, + "created": "2018-08-22T19:54:54.302Z" + }, + { + "id": "2c918083606d670c01606f35a30a0349", + "name": "ad.admin", + "accountId": "ad.admin", + "source": { + "id": "ff8081815c46b85b015c46b90c7c02a6", + "name": "IdentityNow", + "type": "IdentityNowConnector" + }, + "disabled": false, + "locked": false, + "privileged": false, + "manuallyCorrelated": false, + "passwordLastSet": null, + "entitlementAttributes": null, + "created": "2018-08-22T19:54:54.302Z" + } + ], + "accountCount": 2, + "apps": [ + { + "id": "22751", + "name": "ADP Workforce Now", + "source": { + "id": "2c9180855c45b230015c46e2f6a8026a", + "name": "Corporate Active Directory" + }, + "account": { + "id": "2c9180865c45efa4015c470be0de1606", + "accountId": "CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + } + } + ], + "appCount": 1, + "access": [ + { + "id": "2c918083634bc6cb01639808d40270ba", + "name": "test [AccessProfile-1527264105448]", + "displayName": "test", + "type": "ACCESS_PROFILE", + "description": "test", + "source": { + "id": "2c9180855c45b230015c46c19b9c0202", + "name": "EndToEnd-ADSource" + }, + "owner": { + "id": "2c9180865c45e7e3015c46c434a80622", + "name": "ad.admin", + "displayName": "AD Admin" + } + }, + { + "id": "2c9180865c45e7e3015c46c457c50755", + "name": "Administrators", + "displayName": "Administrators", + "type": "ENTITLEMENT", + "description": null, + "source": { + "id": "2c9180855c45b230015c46c19b9c0202", + "name": "EndToEnd-ADSource" + }, + "privileged": false, + "attribute": "memberOf", + "value": "CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local", + "standalone": false + }, + { + "id": "2c9180865decdaa5015e06598b293108", + "name": "test [cloudRole-1503345085223]", + "displayName": "test", + "type": "ROLE", + "description": "test", + "owner": { + "id": "2c9180865c45e7e3015c46c5030707a0", + "name": "will.albin", + "displayName": "Albin Will" + }, + "disabled": false + } + ], + "accessCount": 3, + "accessProfileCount": 1, + "entitlementCount": 1, + "roleCount": 1, + "tags": [ + "TAG_1", + "TAG_2" + ] + } + }, + "role": { + "summary": "Role", + "value": { + "id": "2c91808c6faadea6016fb4f2bc69077b", + "name": "IT Role", + "_type": "role", + "description": "IT role", + "created": "2020-01-17T19:20:15.040Z", + "modified": null, + "synced": "2020-02-18T05:30:20.145Z", + "enabled": true, + "requestable": false, + "requestCommentsRequired": false, + "owner": { + "id": "2c9180a46faadee4016fb4e018c20639", + "name": "Cloud Support", + "type": "IDENTITY", + "email": "thomas.edison@acme-solar.com" + }, + "accessProfiles": [ + { + "id": "2c91809c6faade77016fb4f0b63407ae", + "name": "Admin Access" + } + ], + "accessProfileCount": 1, + "tags": [ + "TAG_1", + "TAG_2" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/segments": { + "post": { + "operationId": "createSegment", + "security": [ + { + "oauth2": [ + "idn:segment:manage" + ] + } + ], + "tags": [ + "Segments" + ], + "summary": "Create Segment", + "description": "This API creates a segment.\n\nNote that segment definitions may take time to propagate to all identities.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Segment.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect.", + "default": false, + "example": true + } + } + } + } + } + }, + "responses": { + "201": { + "description": "Segment created", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Segment.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect.", + "default": false, + "example": true + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "operationId": "listSegments", + "security": [ + { + "oauth2": [ + "idn:segment:read", + "idn:segment:manage" + ] + } + ], + "tags": [ + "Segments" + ], + "summary": "List Segments", + "description": "This API returns a list of all segments.\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "List of all Segments", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Segment.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect.", + "default": false, + "example": true + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/segments/{id}": { + "get": { + "operationId": "getSegment", + "security": [ + { + "oauth2": [ + "idn:segment:read", + "idn:segment:manage" + ] + } + ], + "tags": [ + "Segments" + ], + "summary": "Get a Segment by ID", + "description": "This API returns the segment specified by the given ID.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Segment to retrieve.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Segment", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Segment.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect.", + "default": false, + "example": true + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSegment", + "security": [ + { + "oauth2": [ + "idn:segment:manage" + ] + } + ], + "tags": [ + "Segments" + ], + "summary": "Delete Segment by ID", + "description": "This API deletes the segment specified by the given ID.\n\nNote that segment deletion may take some time to become effective.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Segment to delete.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "patchSegment", + "security": [ + { + "oauth2": [ + "idn:segment:manage" + ] + } + ], + "tags": [ + "Segments" + ], + "summary": "Update a Segment", + "description": "Allows updating Segment fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nNote that changes to a segment may take some time to propagate to all identities, and that segments will have no effect if segmentation is not enabled for your org.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the Segment being modified.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of Segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\n\nThe following fields are patchable:\n* name\n* description\n* owner\n* visibilityCriteria\n* active\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + }, + "examples": { + "Set Visibility Criteria": { + "description": "Set the visibility criteria", + "value": [ + { + "op": "replace", + "path": "/visibilityCriteria", + "value": { + "expression": { + "operator": "AND", + "children": [ + { + "operator": "EQUALS", + "attribute": "location", + "value": { + "type": "STRING", + "value": "Philadelphia" + } + }, + { + "operator": "EQUALS", + "attribute": "department", + "value": { + "type": "STRING", + "value": "HR" + } + } + ] + } + } + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the Segment's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Segment.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "name": { + "type": "string", + "description": "Segment Business Name", + "example": "segment-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is created", + "example": "2020-01-01T00:00:00.000000Z" + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this Segment is modified", + "example": "2020-01-01T00:00:00.000000Z" + }, + "description": { + "type": "string", + "description": "Optional description of the Segment", + "example": "This segment represents xyz" + }, + "owner": { + "type": "object", + "description": "The owner of this object.", + "properties": { + "type": { + "description": "Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.", + "example": "IDENTITY", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ] + }, + "id": { + "type": "string", + "description": "Identity id", + "example": "2c9180a46faadee4016fb4e018c20639" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.", + "example": "support" + } + } + }, + "visibilityCriteria": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "properties": { + "operator": { + "type": "string", + "description": "Operator for the expression", + "enum": [ + "AND", + "EQUALS" + ], + "example": "EQUALS" + }, + "attribute": { + "type": "string", + "description": "Name for the attribute", + "example": "location" + }, + "value": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "children": { + "type": "array", + "description": "List of expressions", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of attribute value", + "example": "STRING" + }, + "value": { + "type": "string", + "description": "The attribute value", + "example": "Austin" + } + } + }, + "example": [] + } + } + } + } + }, + "active": { + "type": "boolean", + "description": "Whether the Segment is currently active. Inactive segments have no effect.", + "default": false, + "example": true + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/service-desk-integrations": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "List existing Service Desk Integrations", + "description": "Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getServiceDeskIntegrations", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "name": "sorters", + "in": "query", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "example": "name" + }, + { + "name": "filters", + "in": "query", + "required": false, + "style": "form", + "explode": true, + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "example": "name eq \"John Doe\"" + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "List of ServiceDeskIntegrationDto", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-integration:read" + ] + } + ] + }, + "post": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Create new Service Desk integration", + "description": "Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "createServiceDeskIntegration", + "requestBody": { + "description": "The specifics of a new integration to create", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "details of the created integration", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + } + }, + "/service-desk-integrations/{id}": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Get a Service Desk integration", + "description": "Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getServiceDeskIntegration", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Service Desk integration to get", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "anId" + } + } + ], + "responses": { + "200": { + "description": "ServiceDeskIntegrationDto with the given ID", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-integration:read" + ] + } + ] + }, + "put": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Update a Service Desk integration", + "description": "Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "updateServiceDeskIntegration", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Service Desk integration to update", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "anId" + } + } + ], + "requestBody": { + "description": "The specifics of the integration to update", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "ServiceDeskIntegrationDto as updated", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + }, + "delete": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Delete a Service Desk integration", + "description": "Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "deleteServiceDeskIntegration", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of Service Desk integration to delete", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "anId" + } + } + ], + "responses": { + "204": { + "description": "Service Desk integration with the given ID successfully deleted" + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + }, + "patch": { + "operationId": "patchServiceDeskIntegration", + "tags": [ + "Service Desk Integration" + ], + "summary": "Service Desk Integration Update PATCH", + "description": "Update an existing ServiceDeskIntegration by ID with a PATCH request.", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the Service Desk integration to update", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "anId" + } + } + ], + "requestBody": { + "required": true, + "description": "A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nPATCH can only be applied to the following fields:\n * \"beforeProvisioningRule\"\n\nA 403 Forbidden Error indicates that you attempted to PATCH a field that is not allowed.\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "object", + "description": "A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "properties": { + "operations": { + "description": "Operations to be applied", + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "ServiceDeskIntegrationDto as updated", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + } + }, + "/service-desk-integrations/types": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Service Desk Integration Types List.", + "description": "This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getServiceDeskIntegrationTypes", + "responses": { + "200": { + "description": "Responds with an array of the currently supported Service Desk integration types.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "description": "This represents a Service Desk Integration template type.", + "required": [ + "type", + "scriptName" + ], + "type": "object", + "properties": { + "name": { + "description": "This is the name of the type.", + "example": "aName", + "type": "string" + }, + "type": { + "description": "This is the type value for the type.", + "example": "aType", + "type": "string" + }, + "scriptName": { + "description": "This is the scriptName attribute value for the type.", + "example": "aScriptName", + "type": "string" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-integration:read" + ] + } + ] + } + }, + "/service-desk-integrations/templates/{scriptName}": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Service Desk integration template by scriptName.", + "description": "This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getServiceDeskIntegrationTemplate", + "parameters": [ + { + "name": "scriptName", + "in": "path", + "description": "The scriptName value of the Service Desk integration template to get", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string", + "example": "aScriptName" + } + } + ], + "responses": { + "200": { + "description": "Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.", + "required": [ + "type", + "attributes", + "provisioningConfig" + ], + "properties": { + "type": { + "description": "The 'type' property specifies the type of the Service Desk integration template.", + "type": "string", + "example": "Web Service SDIM", + "default": "Web Service SDIM" + }, + "attributes": { + "description": "The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + } + } + } + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-integration:read" + ] + } + ] + } + }, + "/service-desk-integrations/status-check-configuration": { + "get": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Get the time check configuration", + "description": "Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "getStatusCheckDetails", + "responses": { + "200": { + "description": "QueuedCheckConfigDetails containing the configured values", + "content": { + "application/json": { + "schema": { + "description": "Configuration of maximum number days and interval for checking Service Desk integration queue status", + "required": [ + "provisioningStatusCheckIntervalMinutes", + "provisioningMaxStatusCheckDays" + ], + "type": "object", + "properties": { + "provisioningStatusCheckIntervalMinutes": { + "description": "interval in minutes between status checks", + "type": "string", + "example": "30" + }, + "provisioningMaxStatusCheckDays": { + "description": "maximum number of days to check", + "type": "string", + "example": "2" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:read", + "idn:service-desk-integration:read" + ] + } + ] + }, + "put": { + "tags": [ + "Service Desk Integration" + ], + "summary": "Update the time check configuration", + "description": "Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.", + "operationId": "updateStatusCheckDetails", + "requestBody": { + "description": "the modified time check configuration", + "content": { + "application/json": { + "schema": { + "description": "Configuration of maximum number days and interval for checking Service Desk integration queue status", + "required": [ + "provisioningStatusCheckIntervalMinutes", + "provisioningMaxStatusCheckDays" + ], + "type": "object", + "properties": { + "provisioningStatusCheckIntervalMinutes": { + "description": "interval in minutes between status checks", + "type": "string", + "example": "30" + }, + "provisioningMaxStatusCheckDays": { + "description": "maximum number of days to check", + "type": "string", + "example": "2" + } + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "QueuedCheckConfigDetails as updated", + "content": { + "application/json": { + "schema": { + "description": "Configuration of maximum number days and interval for checking Service Desk integration queue status", + "required": [ + "provisioningStatusCheckIntervalMinutes", + "provisioningMaxStatusCheckDays" + ], + "type": "object", + "properties": { + "provisioningStatusCheckIntervalMinutes": { + "description": "interval in minutes between status checks", + "type": "string", + "example": "30" + }, + "provisioningMaxStatusCheckDays": { + "description": "maximum number of days to check", + "type": "string", + "example": "2" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:service-desk-admin:manage", + "idn:service-desk-integration:manage" + ] + } + ] + } + }, + "/query-password-info": { + "post": { + "operationId": "queryPasswordInfo", + "tags": [ + "Password Management" + ], + "summary": "Query Password Info", + "description": "This API is used to query password related information. \n\nA token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) \nis required to call this API. \"API authority\" refers to a token that only has the \"client_credentials\" \ngrant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) \nor a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) \ngrant type will **NOT** work on this endpoint, and a `403 Forbidden` response \nwill be returned.\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "userName": { + "type": "string", + "description": "The login name of the user", + "example": "Abby.Smith" + }, + "sourceName": { + "type": "string", + "description": "The display name of the source", + "example": "My-AD" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password info.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "description": "Identity ID", + "example": "2c918085744fec4301746f9a5bce4605" + }, + "sourceId": { + "type": "string", + "description": "source ID", + "example": "2c918083746f642c01746f990884012a" + }, + "publicKeyId": { + "type": "string", + "description": "public key ID", + "example": "N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh" + }, + "publicKey": { + "type": "string", + "description": "User's public key with Base64 encoding", + "example": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB" + }, + "accounts": { + "type": "array", + "description": "Account info related to queried identity and source", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "accountName": { + "type": "string", + "description": "Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008", + "example": "Abby.Smith" + } + } + } + }, + "policies": { + "type": "array", + "description": "Password constraints", + "items": { + "type": "string" + }, + "example": [ + "passwordRepeatedChar is 3", + "passwordMinAlpha is 1", + "passwordMinLength is 5", + "passwordMinNumeric is 1" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/set-password": { + "post": { + "operationId": "setPassword", + "tags": [ + "Password Management" + ], + "summary": "Set Identity's Password", + "description": "This API is used to set a password for an identity. \n\nAn identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or [\"authorization_code\" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).\n\nA token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. \n\"API authority\" refers to a token that only has the \"client_credentials\" grant type.\n\nYou can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey). \nTo do so, follow these steps:\n\n1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`. \n\n2. Choose an account from the previous response that you will provide as an `accountId` in your request to set an encrypted password. \n\n3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password:\n\n```java\nimport javax.crypto.Cipher;\nimport java.security.KeyFactory;\nimport java.security.PublicKey;\nimport java.security.spec.X509EncodedKeySpec;\nimport java util.Base64;\n\nString encrypt(String publicKey, String toEncrypt) throws Exception {\n byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey);\n byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes(\"UTF-8\"));\n return Base64.getEncoder().encodeToString(encryptedBytes);\n}\n\nprivate byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception {\n PublicKey key = KeyFactory.getInstance(\"RSA\").generatePublic(new X509EncodedKeySpec(publicKeyBytes));\n String transformation = \"RSA/ECB/PKCS1Padding\";\n Cipher cipher = Cipher.getInstance(transformation);\n cipher.init(1, key);\n return cipher.doFinal(toEncryptBytes);\n}\n``` \n\nIn this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent. \n\nYou can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. \n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "identityId": { + "type": "string", + "description": "The identity ID that requested the password change", + "example": "8a807d4c73c545510173c545f0a002ff" + }, + "encryptedPassword": { + "type": "string", + "description": "The RSA encrypted password", + "example": "XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==" + }, + "publicKeyId": { + "type": "string", + "description": "The encryption key ID", + "example": "YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2" + }, + "accountId": { + "type": "string", + "description": "Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "sourceId": { + "type": "string", + "description": "The ID of the source for which identity is requesting the password change", + "example": "8a807d4c73c545510173c545d4b60246" + } + } + } + } + } + }, + "responses": { + "202": { + "description": "Reference to the password change.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "requestId": { + "type": "string", + "nullable": true, + "description": "The password change request ID", + "example": "089899f13a8f4da7824996191587bab9" + }, + "state": { + "type": "string", + "enum": [ + "IN_PROGRESS", + "FINISHED", + "FAILED" + ], + "description": "Password change state", + "example": "IN_PROGRESS" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-change-status/{id}": { + "get": { + "operationId": "getPasswordChangeStatus", + "tags": [ + "Password Management" + ], + "summary": "Get Password Change Request Status", + "description": "This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "example": "089899f13a8f4da7824996191587bab9", + "description": "Password change request ID" + } + ], + "responses": { + "200": { + "description": "Status of the password change request", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "requestId": { + "type": "string", + "nullable": true, + "description": "The password change request ID", + "example": "089899f13a8f4da7824996191587bab9" + }, + "state": { + "type": "string", + "enum": [ + "IN_PROGRESS", + "FINISHED", + "FAILED" + ], + "description": "Password change state", + "example": "IN_PROGRESS" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The errors during the password change request", + "example": [ + "The password change payload is invalid" + ] + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of source IDs in the password change request", + "example": [ + "2c918083746f642c01746f990884012a" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-dictionary": { + "get": { + "operationId": "getPasswordDictionary", + "tags": [ + "Password Dictionary" + ], + "summary": "Get Password Dictionary", + "description": "This gets password dictionary for the organization.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-dictionary-management:read" + ] + } + ], + "responses": { + "200": { + "description": "\nThe password dictionary file can contain lines that are:\n1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing\n2. empty lines\n3. locale line - the first line that starts with \"locale=\" is considered to be locale line, the rest are treated as normal content lines\n4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;\n maximum length of the line is 128 Unicode codepoints\n\n\nPassword dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).\n Password dict file must contain UTF-8 characters only.\n\n# Sample password text file\n\n```\n\n# Password dictionary small test file\n\nlocale=en_US\n\n# Password dictionary prohibited words\n\nqwerty\nabcd\naaaaa\npassword\nqazxsws\n\n```", + "content": { + "text/plain": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePasswordDictionary", + "tags": [ + "Password Dictionary" + ], + "summary": "Update Password Dictionary", + "description": "This updates password dictionary for the organization.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:password-dictionary:manage" + ] + } + ], + "requestBody": { + "required": true, + "description": "\nThe password dictionary file can contain lines that are:\n1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing\n2. empty lines\n3. locale line - the first line that starts with \"locale=\" is considered to be locale line, the rest are treated as normal content lines\n4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;\n maximum length of the line is 128 Unicode codepoints\n\n\nPassword dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).\n Password dict file must contain UTF-8 characters only.\n\n# Sample password text file\n\n```\n\n# Password dictionary small test file\n\nlocale=en_US\n\n# Password dictionary prohibited words\n\nqwerty\nabcd\naaaaa\npassword\nqazxsws\n\n```", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated." + }, + "201": { + "description": "Created." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/password-org-config": { + "get": { + "operationId": "getPasswordOrgConfig", + "tags": [ + "Password Configuration" + ], + "summary": "Get Password Org Config", + "description": "This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:read'", + "security": [ + { + "oauth2": [ + "idn:password-org-config:read" + ] + } + ], + "responses": { + "200": { + "description": "Reference to the password org config.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "customInstructionsEnabled": true, + "digitTokenDurationMinutes": 9, + "digitTokenEnabled": false, + "digitTokenLength": 6 + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "updatePasswordOrgConfig", + "tags": [ + "Password Configuration" + ], + "summary": "Update Password Org Config", + "description": "This API updates the password org config for specified fields. Other fields will keep original value. Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'", + "security": [ + { + "oauth2": [ + "idn:password-org-config:write" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "digitTokenEnabled": true, + "digitTokenDurationMinutes": 12 + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password org config.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "customInstructionsEnabled": true, + "digitTokenDurationMinutes": 12, + "digitTokenEnabled": true, + "digitTokenLength": 6 + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createPasswordOrgConfig", + "tags": [ + "Password Configuration" + ], + "summary": "Create Password Org Config", + "description": "This API creates the password org config. Unspecified fields will use default value. Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'", + "security": [ + { + "oauth2": [ + "idn:password-org-config:write" + ] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "customInstructionsEnabled": true, + "digitTokenEnabled": true, + "digitTokenDurationMinutes": 12, + "digitTokenLength": 9 + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the password org config.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "customInstructionsEnabled": { + "type": "boolean", + "description": "Indicator whether custom password instructions feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenEnabled": { + "type": "boolean", + "description": "Indicator whether \"digit token\" feature is enabled. The default value is false.", + "default": false, + "example": true + }, + "digitTokenDurationMinutes": { + "type": "integer", + "format": "int32", + "description": "The duration of \"digit token\" in minutes. The default value is 5.", + "minimum": 1, + "maximum": 60, + "default": 5, + "example": 10 + }, + "digitTokenLength": { + "type": "integer", + "format": "int32", + "description": "The length of \"digit token\". The default value is 6.", + "minimum": 6, + "maximum": 18, + "default": 6, + "example": 9 + } + } + }, + "example": { + "customInstructionsEnabled": true, + "digitTokenDurationMinutes": 9, + "digitTokenEnabled": true, + "digitTokenLength": 12 + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies": { + "post": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:write" + ] + } + ], + "operationId": "createSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Create SOD policy", + "description": "This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy.\nRequires role of ORG_ADMIN.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz", + "nullable": true + }, + "ownerRef": { + "readOnly": true, + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy", + "nullable": true + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "nullable": true + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "nullable": true + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "nullable": true, + "readOnly": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "default": false, + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "name": "Conflicting-Policy-Name", + "description": "This policy ensures compliance of xyz", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "name": "General-Policy-Name" + } + } + } + } + } + }, + "responses": { + "201": { + "description": "SOD policy created", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz", + "nullable": true + }, + "ownerRef": { + "readOnly": true, + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy", + "nullable": true + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "nullable": true + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "nullable": true + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "nullable": true, + "readOnly": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "default": false, + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "This policy ensures compliance of xyz", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:read" + ] + } + ], + "operationId": "listSodPolicies", + "tags": [ + "SOD Policy" + ], + "summary": "List SOD policies", + "description": "This gets list of all SOD policies.\nRequires role of ORG_ADMIN", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq*\n\n**name**: *eq*\n\n**state**: *eq*", + "example": "id eq \"bc693f07e7b645539626c25954c58554\"", + "required": false + } + ], + "responses": { + "200": { + "description": "List of all SOD policies.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz", + "nullable": true + }, + "ownerRef": { + "readOnly": true, + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy", + "nullable": true + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "nullable": true + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "nullable": true + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "nullable": true, + "readOnly": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "default": false, + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + } + }, + "example": [ + { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "This policy ensures compliance of xyz", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + }, + { + "description": "Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies/{id}": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:read" + ] + } + ], + "operationId": "getSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Get SOD policy by ID", + "description": "This gets specified SOD policy.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD Policy to retrieve.", + "example": "ef38f943-47e9-4562-b5bb-8424a56397d8" + } + ], + "responses": { + "200": { + "description": "SOD policy ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz", + "nullable": true + }, + "ownerRef": { + "readOnly": true, + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy", + "nullable": true + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "nullable": true + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "nullable": true + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "nullable": true, + "readOnly": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "default": false, + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "This policy ensures compliance of xyz", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:write" + ] + } + ], + "operationId": "setSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Update SOD policy by ID", + "description": "This updates a specified SOD policy.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy to update.", + "example": "ef38f943-47e9-4562-b5bb-8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz", + "nullable": true + }, + "ownerRef": { + "readOnly": true, + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy", + "nullable": true + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "nullable": true + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "nullable": true + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "nullable": true, + "readOnly": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "default": false, + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "name": "Conflicting-Policy-Name", + "description": "Modified Description", + "externalPolicyReference": "XYZ policy", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Modified Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "SOD Policy by ID", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz", + "nullable": true + }, + "ownerRef": { + "readOnly": true, + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy", + "nullable": true + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "nullable": true + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "nullable": true + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "nullable": true, + "readOnly": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "default": false, + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "Modified description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Modified Description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:write" + ] + } + ], + "operationId": "deleteSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Delete SOD policy by ID", + "description": "This deletes a specified SOD policy.\nRequires role of ORG_ADMIN.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD Policy to delete.", + "example": "ef38f943-47e9-4562-b5bb-8424a56397d8" + }, + { + "in": "query", + "name": "logical", + "schema": { + "type": "boolean", + "default": true + }, + "description": "Indicates whether this is a soft delete (logical true) or a hard delete. Soft delete marks the policy as deleted and just save it with this status. It could be fully deleted or recovered further. Hard delete vise versa permanently delete SOD request during this call.", + "example": true, + "required": false + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:write" + ] + } + ], + "operationId": "patchSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Patch SOD policy by ID", + "description": "Allows updating SOD Policy fields other than [\"id\",\"created\",\"creatorId\",\"policyQuery\",\"type\"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\nRequires role of ORG_ADMIN.\nThis endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception. ", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy being modified.", + "example": "2c918083-5d19-1a86-015d-28455b4a2329" + } + ], + "requestBody": { + "required": true, + "description": "A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields are patchable:\n* name\n* description\n* ownerRef\n* externalPolicyReference\n* compensatingControls\n* correctionAdvice\n* state\n* tags\n* violationOwnerAssignmentConfig\n* scheduled\n* conflictingAccessCriteria\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": [ + { + "op": "replace", + "path": "/description", + "value": "Modified description" + }, + { + "op": "replace", + "path": "/conflictingAccessCriteria/leftCriteria/name", + "value": "money-in-modified" + }, + { + "op": "replace", + "path": "/conflictingAccessCriteria/rightCriteria", + "value": { + "name": "money-out-modified", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2" + } + ] + } + } + ] + }, + "General Policy": { + "value": [ + { + "op": "replace", + "path": "/description", + "value": "Modified description" + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the SOD policy's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Policy id", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Policy Business Name", + "example": "policy-xyz" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Optional description of the SOD policy", + "example": "This policy ensures compliance of xyz", + "nullable": true + }, + "ownerRef": { + "readOnly": true, + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "externalPolicyReference": { + "type": "string", + "description": "Optional External Policy Reference", + "example": "XYZ policy", + "nullable": true + }, + "policyQuery": { + "type": "string", + "description": "Search query of the SOD policy", + "example": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)" + }, + "compensatingControls": { + "type": "string", + "description": "Optional compensating controls(Mitigating Controls)", + "example": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "nullable": true + }, + "correctionAdvice": { + "type": "string", + "description": "Optional correction advice", + "example": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "nullable": true + }, + "state": { + "type": "string", + "description": "whether the policy is enforced or not", + "enum": [ + "ENFORCED", + "NOT_ENFORCED" + ], + "example": "ENFORCED" + }, + "tags": { + "type": "array", + "description": "tags for this policy object", + "example": [ + "TAG1", + "TAG2" + ], + "items": { + "type": "string" + } + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "nullable": true, + "readOnly": true + }, + "violationOwnerAssignmentConfig": { + "nullable": true, + "type": "object", + "properties": { + "assignmentRule": { + "type": "string", + "enum": [ + "MANAGER", + "STATIC" + ], + "description": "Details about the violations owner.\nMANAGER - identity's manager\nSTATIC - Governance Group or Identity", + "example": "MANAGER" + }, + "ownerRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "scheduled": { + "type": "boolean", + "default": false, + "description": "defines whether a policy has been scheduled or not", + "example": true + }, + "type": { + "type": "string", + "description": "whether a policy is query based or conflicting access based", + "default": "GENERAL", + "enum": [ + "GENERAL", + "CONFLICTING_ACCESS_BASED" + ], + "example": "GENERAL" + }, + "conflictingAccessCriteria": { + "nullable": true, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Business name for the access construct list", + "example": "money-in" + }, + "criteriaList": { + "type": "array", + "description": "List of criteria. There is a min of 1 and max of 50 items in the list.", + "minItems": 1, + "maxItems": 50, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ENTITLEMENT" + ], + "description": "Type of the propery to which this reference applies to", + "example": "ENTITLEMENT" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies to", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies to", + "example": "Administrator" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "name": "Administrator" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "name": "Administrator" + } + ] + } + } + } + } + } + } + }, + "examples": { + "Conflicting Access Based Policy": { + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "name": "Conflicting-Policy-Name", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "description": "Modified description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Owner Name" + }, + "externalPolicyReference": "XYZ policy", + "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)", + "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", + "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", + "state": "ENFORCED", + "tags": [ + "string" + ], + "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "violationOwnerAssignmentConfig": { + "assignmentRule": "MANAGER", + "ownerRef": { + "type": "IDENTITY", + "id": "2c91808568c529c60168cca6f90c1313", + "name": "Violation Owner Name" + } + }, + "scheduled": true, + "type": "CONFLICTING_ACCESS_BASED", + "conflictingAccessCriteria": { + "leftCriteria": { + "name": "money-in-modified", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "name": "money-out-modified", + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2" + } + ] + } + } + } + }, + "General Policy": { + "value": { + "description": "Modified description", + "ownerRef": { + "type": "IDENTITY", + "id": "2c918087682f9a86016839c05e8f1aff", + "name": "Owner Name" + }, + "externalPolicyReference": "New policy", + "policyQuery": "policy query implementation", + "compensatingControls": "Compensating controls", + "correctionAdvice": "Correction advice", + "tags": [], + "state": "ENFORCED", + "scheduled": false, + "creatorId": "2c918087682f9a86016839c05e8f1aff", + "modifierId": null, + "violationOwnerAssignmentConfig": null, + "type": "GENERAL", + "conflictingAccessCriteria": null, + "id": "52c11db4-733e-4c31-949a-766c95ec95f1", + "name": "General-Policy-Name", + "created": "2020-05-12T19:47:38Z", + "modified": "2020-05-12T19:47:38Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies/{id}/schedule": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:read" + ] + } + ], + "operationId": "getSodPolicySchedule", + "tags": [ + "SOD Policy" + ], + "summary": "Get SOD policy schedule", + "description": "This endpoint gets a specified SOD policy's schedule.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy schedule to retrieve.", + "example": "ef38f943-47e9-4562-b5bb-8424a56397d8" + } + ], + "responses": { + "200": { + "description": "SOD policy schedule.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "SOD Policy schedule name", + "example": "SCH-1584312283015" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "SOD Policy schedule description", + "example": "Schedule for policy xyz" + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "emailEmptyResults": { + "type": "boolean", + "description": "Indicates if empty results need to be emailed", + "example": false, + "default": false + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:write" + ] + } + ], + "operationId": "setPolicySchedule", + "tags": [ + "SOD Policy" + ], + "summary": "Update SOD Policy schedule", + "description": "This updates schedule for a specified SOD policy.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy to update its schedule.", + "example": "ef38f943-47e9-4562-b5bb-8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "SOD Policy schedule name", + "example": "SCH-1584312283015" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "SOD Policy schedule description", + "example": "Schedule for policy xyz" + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "emailEmptyResults": { + "type": "boolean", + "description": "Indicates if empty results need to be emailed", + "example": false, + "default": false + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Created or updated SOD policy schedule.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "SOD Policy schedule name", + "example": "SCH-1584312283015" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is created.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "modified": { + "type": "string", + "format": "date-time", + "description": "The time when this SOD policy schedule is modified.", + "example": "2020-01-01T00:00:00.000000Z", + "readOnly": true + }, + "description": { + "type": "string", + "description": "SOD Policy schedule description", + "example": "Schedule for policy xyz" + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "emailEmptyResults": { + "type": "boolean", + "description": "Indicates if empty results need to be emailed", + "example": false, + "default": false + }, + "creatorId": { + "type": "string", + "description": "Policy's creator ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + }, + "modifierId": { + "type": "string", + "description": "Policy's modifier ID", + "example": "0f11f2a47c944bf3a2bd742580fe3bde", + "readOnly": true + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:write" + ] + } + ], + "operationId": "deleteSodPolicySchedule", + "tags": [ + "SOD Policy" + ], + "summary": "Delete SOD policy schedule", + "description": "This deletes schedule for a specified SOD policy by ID.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD policy the schedule must be deleted for.", + "example": "ef38f943-47e9-4562-b5bb-8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies/{id}/violation-report/run": { + "post": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:write" + ] + } + ], + "operationId": "startSodPolicy", + "tags": [ + "SOD Policy" + ], + "summary": "Runs SOD policy violation report", + "description": "This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The SOD policy ID to run.", + "example": "ef38f943-47e9-4562-b5bb-8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Reference to the violation report run task.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "description": "Status of a violation report", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ], + "example": "PENDING" + } + } + } + ] + }, + "example": { + "status": "PENDING", + "type": "REPORT_RESULT", + "id": "2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "name": "policy-xyz" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-policies/{id}/violation-report": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:read" + ] + } + ], + "operationId": "getSodViolationReportStatus", + "tags": [ + "SOD Policy" + ], + "summary": "Get SOD violation report status", + "description": "This gets the status for a violation report run task that has already been invoked.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the violation report to retrieve status for.", + "example": "ef38f943-47e9-4562-b5bb-8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Status of the violation report run task.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "description": "Status of a violation report", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ], + "example": "PENDING" + } + } + } + ] + }, + "example": { + "status": "SUCCESS", + "type": "REPORT_RESULT", + "id": "2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "name": "policy-xyz" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-risks/risks/{id}": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:read" + ] + } + ], + "operationId": "getArmRiskById", + "tags": [ + "SOD Policy" + ], + "summary": "Gets the specified ARM risk.", + "description": "This API gets the specified ARM risk.\n\nAny authenticated token can call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The composite ID of the ARM Risk. It should consist of a jobId, rulebookId, and a riskCode; each separated by a \"!\"", + "example": "52435!246635!BS_04" + } + ], + "responses": { + "200": { + "description": "ARM Risk", + "content": { + "application/json": { + "schema": { + "description": "An object containing the details of an ARM risk listing of the SOD violation reasons detected by this check.", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Risk Name", + "example": "BS02_RISK", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Description", + "example": "This is a description of risk code BS02", + "readOnly": true + }, + "owners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of risk owners' SAP usernames", + "example": [], + "readOnly": true + }, + "externalReference": { + "type": "string", + "description": "URL to \"what if\" details in ARM", + "example": "https://webui-dev.erpmaestro.com/home/what-if-report/100000", + "readOnly": true + }, + "rating": { + "type": "string", + "description": "Risk Rating", + "example": "Informational", + "readOnly": true + }, + "businessFunctions": { + "type": "object", + "description": "A map from business function codes to \"Left side\" or \"Right side\"", + "additionalProperties": { + "type": "string" + }, + "example": { + "BS02_01": "Left side", + "BS02_02": "Right side" + }, + "readOnly": true + }, + "approvers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of risk approvers' SAP usernames", + "example": [ + "JOE USER" + ], + "readOnly": true + }, + "mitigatingControls": { + "type": "string", + "description": "What was done to mitigate risks", + "example": "Required two levels of verification", + "readOnly": true + }, + "correctionAdvice": { + "type": "string", + "description": "Recommendation on how to resolve risk", + "example": "Run a certification campaign and determine if access should be revoked", + "readOnly": true + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report-status/{reportResultId}": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:read" + ] + } + ], + "operationId": "getSodViolationReportRunStatus", + "tags": [ + "SOD Policy" + ], + "summary": "Get violation report run status", + "description": "This gets the status for a violation report run task that has already been invoked.", + "parameters": [ + { + "in": "path", + "name": "reportResultId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the report reference to retrieve.", + "example": "2e8d8180-24bc-4d21-91c6-7affdb473b0d" + } + ], + "responses": { + "200": { + "description": "Status of the violation report run task.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "description": "Status of a violation report", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ], + "example": "PENDING" + } + } + } + ] + }, + "example": { + "status": "SUCCESS", + "type": "REPORT_RESULT", + "id": "2e8d8180-24bc-4d21-91c6-7affdb473b0d", + "name": "policy-xyz" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violations/predict": { + "post": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:read" + ] + } + ], + "operationId": "startPredictSodViolations", + "tags": [ + "SOD Violations" + ], + "summary": "Predict SOD violations for identity.", + "description": "This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused.\n\nA token with ORG_ADMIN or API authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "An identity with a set of access to be added", + "required": [ + "identityId", + "accessRefs" + ], + "type": "object", + "properties": { + "identityId": { + "description": "Identity id to be checked.", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "accessRefs": { + "description": "The list of ENTITLEMENTs to consider for calculating possible violations in a preventive check.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c050861ab1", + "name": "CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2", + "name": "CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local" + } + ] + } + } + }, + "example": { + "identityId": "2c91808568c529c60168cca6f90c1313", + "accessRefs": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c050861ab1", + "name": "CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2", + "name": "CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local" + } + ] + } + } + } + }, + "responses": { + "200": { + "description": "Violation Contexts", + "content": { + "application/json": { + "schema": { + "description": "An object containing a listing of the SOD violation reasons detected by this check.", + "required": [ + "requestId" + ], + "type": "object", + "properties": { + "violationContexts": { + "type": "array", + "description": "List of Violation Contexts", + "items": { + "type": "object", + "properties": { + "policy": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "SOD_POLICY" + }, + "name": { + "type": "string", + "example": "A very cool policy name" + } + } + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "conflictingAccessCriteria": { + "nullable": false, + "description": "The object which contains the left and right hand side of the entitlements that got violated according to the policy.", + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + } + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violations/check": { + "post": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:read" + ] + } + ], + "operationId": "startViolationCheck", + "tags": [ + "SOD Violations" + ], + "summary": "Check SOD violations", + "description": "This API initiates a SOD policy verification asynchronously.\n\nA token with ORG_ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "description": "An identity with a set of access to be added", + "required": [ + "identityId", + "accessRefs" + ], + "type": "object", + "properties": { + "identityId": { + "description": "Set of identity id's to be checked.", + "type": "string", + "example": "2c91809050db617d0150e0bf3215385e" + }, + "accessRefs": { + "description": "The bundle of access profiles to be added to the identities specified. All references must be ENTITLEMENT type.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.", + "example": { + "clientName": "client1", + "clientId": "2c91808f7892918f0178b78da4a305a1" + } + } + } + }, + "example": { + "identityId": "2c91808568c529c60168cca6f90c1313", + "accessRefs": [ + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c050861ab1", + "name": "CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + { + "type": "ENTITLEMENT", + "id": "2c918087682f9a86016839c0509c1ab2", + "name": "CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local" + } + ], + "clientMetadata": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + } + } + } + } + }, + "responses": { + "202": { + "description": "Request ID with a timestamp.", + "content": { + "application/json": { + "schema": { + "description": "An object referencing an SOD violation check", + "required": [ + "requestId" + ], + "type": "object", + "properties": { + "requestId": { + "description": "The id of the original request", + "example": "089899f13a8f4da7824996191587bab9", + "type": "string" + }, + "created": { + "type": "string", + "format": "date-time", + "readOnly": true, + "description": "The date-time when this request was created.", + "example": "2020-01-01T00:00:00.000000Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violations/config": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-policy:read" + ] + } + ], + "operationId": "getArmConfig", + "tags": [ + "SOD Violations" + ], + "summary": "Expose just the ARM config", + "description": "This API expose just the ARM config from Tenaya (Org Config Service) for UI.", + "responses": { + "200": { + "description": "Org config with ARM data.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Arm Data for the org configuration.", + "properties": { + "armCustomerId": { + "type": "string", + "description": "ARM Customer ID", + "nullable": true, + "example": "DE38E75A-5FF6-4A65-5DC7-08D64426B09E" + }, + "armSsoUrl": { + "type": "string", + "description": "ARM SSO URL", + "nullable": true, + "example": "https://your-arm-sso-url" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report/run": { + "post": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:write" + ] + } + ], + "operationId": "startSodAllPoliciesForOrg", + "tags": [ + "SOD Policy" + ], + "summary": "Runs all policies for org", + "description": "Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided.", + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "filteredPolicyList": { + "type": "array", + "description": "Multi-policy report will be run for this list of ids", + "items": { + "type": "string", + "example": [ + "b868cd40-ffa4-4337-9c07-1a51846cfa94", + "63a07a7b-39a4-48aa-956d-50c827deba2a" + ] + } + } + } + }, + "example": { + "filteredPolicyList": [ + "b868cd40-ffa4-4337-9c07-1a51846cfa94", + "63a07a7b-39a4-48aa-956d-50c827deba2a" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Reference to the violation report run task.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "description": "Status of a violation report", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ], + "example": "PENDING" + } + } + } + ] + }, + "example": { + "status": "PENDING", + "type": "REPORT_RESULT", + "id": "37b3b32a-f394-46f8-acad-b5223969fa68", + "name": "Multi Query Report" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:read" + ] + } + ], + "operationId": "getSodAllReportRunStatus", + "tags": [ + "SOD Policy" + ], + "summary": "Get multi-report run task status", + "description": "This endpoint gets the status for a violation report for all policy run.", + "responses": { + "200": { + "description": "Status of the violation report run task for all policy run.", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "description": "Status of a violation report", + "enum": [ + "SUCCESS", + "WARNING", + "ERROR", + "TERMINATED", + "TEMP_ERROR", + "PENDING" + ], + "example": "PENDING" + } + } + } + ] + }, + "example": { + "status": "SUCCESS", + "type": "REPORT_RESULT", + "id": "37b3b32a-f394-46f8-acad-b5223969fa68", + "name": "Multi Query Report" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report/{reportResultId}/download": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:read" + ] + } + ], + "operationId": "getDefaultViolationReport", + "tags": [ + "SOD Policy" + ], + "summary": "Download violation report", + "description": "This allows to download a violation report for a given report reference.", + "parameters": [ + { + "in": "path", + "name": "reportResultId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the report reference to download.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Returns the PolicyReport.zip that contains the violation report file.", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-violation-report/{reportResultId}/download/{fileName}": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-violation:read" + ] + } + ], + "operationId": "getCustomViolationReport", + "tags": [ + "SOD Policy" + ], + "summary": "Download custom violation report", + "description": "This allows to download a specified named violation report for a given report reference.", + "parameters": [ + { + "in": "path", + "name": "reportResultId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the report reference to download.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "fileName", + "schema": { + "type": "string" + }, + "required": true, + "description": "Custom Name for the file.", + "example": "custom-name" + } + ], + "responses": { + "200": { + "description": "Returns the zip file with given custom name that contains the violation report file.", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources": { + "get": { + "operationId": "listSources", + "tags": [ + "Sources" + ], + "summary": "Lists all sources in IdentityNow.", + "description": "This end-point lists all the sources in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "example": "name eq \"#Employees\"", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*" + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "example": "name", + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**" + }, + { + "in": "query", + "name": "for-subadmin", + "schema": { + "type": "string" + }, + "example": "name", + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned." + } + ], + "responses": { + "200": { + "description": "List of Source objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createSource", + "tags": [ + "Sources" + ], + "summary": "Creates a source in IdentityNow.", + "description": "This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "provisionAsCsv", + "description": "If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don't set this query parameter and you attempt to set the `type` attribute directly, the request won't correctly generate the source. ", + "schema": { + "type": "boolean" + }, + "required": false, + "example": false + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "responses": { + "201": { + "description": "Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{id}": { + "get": { + "operationId": "getSource", + "tags": [ + "Sources" + ], + "summary": "Get Source by ID", + "description": "This end-point gets a specific source in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "A Source object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putSource", + "tags": [ + "Sources" + ], + "summary": "Update Source (Full)", + "description": "This API updates a source in IdentityNow, using a full object representation. In other words, the existing Source\nconfiguration is completely replaced.\n\nSome fields are immutable and cannot be changed, such as:\n\n* id\n* type\n* authoritative\n* connector\n* connectorClass\n* passwordPolicies\n\nAttempts to modify these fields will result in a 400 error.\n\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.\n", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateSource", + "tags": [ + "Sources" + ], + "summary": "Update Source (Partial)", + "description": "This API partially updates a source in IdentityNow, using a list of patch operations according to the\n[JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nSome fields are immutable and cannot be changed, such as:\n\n* id\n* type\n* authoritative\n* created\n* modified\n* connector\n* connectorClass\n* passwordPolicies\n\nAttempts to modify these fields will result in a 400 error.\n\nA token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API.\n", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "description": "A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in IdentityNow.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "Edit the source description": { + "description": "This example shows how to edit a source description.", + "value": [ + { + "op": "replace", + "path": "/description", + "value": "new description" + } + ] + }, + "Edit the source cluster": { + "description": "This example shows how to edit a source cluster by id.", + "value": [ + { + "op": "replace", + "path": "/cluster/id", + "value": "2c918087813a902001813f3f85736b45" + } + ] + }, + "Edit source features": { + "description": "This example illustrates how you can update source supported features", + "value": [ + { + "op": "replace", + "path": "/features", + "value": [ + "PASSWORD", + "PROVISIONING", + "ENABLE", + "AUTHENTICATE" + ] + } + ] + }, + "Change a source description and cluster in One Call": { + "description": "This example shows how multiple fields may be updated with a single patch call.", + "value": [ + { + "op": "replace", + "path": "/description", + "value": "new description" + }, + { + "op": "replace", + "path": "/cluster/id", + "value": "2c918087813a902001813f3f85736b45" + } + ] + }, + "Add a filter string to the connector": { + "description": "This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example below, any account that does not have an \"m\" or \"d\" in the id will be aggregated.", + "value": [ + { + "op": "add", + "path": "/connectorAttributes/filterString", + "value": "!( id.contains( \"m\" ) ) || !( id.contains( \"d\" ) )" + } + ] + }, + "Update connector attribute for specific operation type": { + "description": "This example shows how you can update the 3rd object in the connection parameters operationType. This will change it from a standard group aggregation to a group aggregation on the \"test\" entitlement type", + "value": [ + { + "op": "replace", + "path": "/connectorAttributes/connectionParameters/2/operationType", + "value": "Group Aggregation-test" + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSource", + "tags": [ + "Sources" + ], + "summary": "Delete Source by ID", + "description": "This end-point deletes a specific source in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.\nAll of accounts on the source will be removed first, then the source will be deleted. Actual status of task execution can be retrieved via method GET `/task-status/{id}`", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "202": { + "description": "Accepted - Returned if the request was successfully accepted into the system.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "TASK_RESULT" + ], + "example": "TASK_RESULT" + }, + "id": { + "type": "string", + "description": "ID of the task result", + "example": "2c91808779ecf55b0179f720942f181a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the task result (should be null/empty)", + "example": null + } + } + }, + "examples": { + "deleteSource": { + "summary": "Response returned when deleting a source", + "value": { + "type": "TASK_RESULT", + "id": "2c91808779ecf55b0179f720942f181a", + "name": null + } + } + } + } + }, + "links": { + "GetTaskStatusById": { + "parameters": { + "id": "$response.body#/id" + }, + "description": "The `id` value returned in the response can be used as the `id` parameter in `GET /task-status/{id}`.\n" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/provisioning-policies": { + "get": { + "operationId": "listProvisioningPolicies", + "tags": [ + "Sources" + ], + "summary": "Lists ProvisioningPolicies", + "description": "This end-point lists all the ProvisioningPolicies in IdentityNow.\nA token with API, or ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:read", + "idn:provisioning-policy:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "List of ProvisioningPolicyDto objects", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Create Provisioning Policy", + "description": "This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types.\nTransforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.\nRefer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.\nA token with ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + }, + "examples": { + "Create Account Provisioning Policy": { + "value": { + "name": "Account", + "description": "Account Provisioning Policy", + "usageType": "CREATE", + "fields": [ + { + "name": "displayName", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "displayName" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "distinguishedName", + "transform": { + "type": "usernameGenerator", + "attributes": { + "sourceCheck": true, + "patterns": [ + "CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", + "CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", + "CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", + "CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + ], + "fn": { + "type": "identityAttribute", + "attributes": { + "name": "firstname" + } + }, + "ln": { + "type": "identityAttribute", + "attributes": { + "name": "lastname" + } + }, + "fi": { + "type": "substring", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "firstname" + } + }, + "begin": 0, + "end": 1 + } + }, + "fti": { + "type": "substring", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "firstname" + } + }, + "begin": 0, + "end": 2 + } + } + } + }, + "attributes": { + "cloudMaxUniqueChecks": "5", + "cloudMaxSize": "100", + "cloudRequired": "true" + }, + "isRequired": false, + "type": "", + "isMultiValued": false + }, + { + "name": "description", + "transform": { + "type": "static", + "attributes": { + "value": "" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + } + ] + } + } + } + } + } + }, + "responses": { + "201": { + "description": "Created ProvisioningPolicyDto object", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/provisioning-policies/{usageType}": { + "get": { + "operationId": "getProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Get Provisioning Policy by UsageType", + "description": "This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:read", + "idn:provisioning-policy-source:read", + "idn:provisioning-policy:manage", + "idn:provisioning-policy-source-admin-operations:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "usageType", + "required": true, + "schema": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "description": "The type of ProvisioningPolicy usage.", + "example": "REGISTER" + } + ], + "responses": { + "200": { + "description": "The requested ProvisioningPolicyDto was successfully retrieved.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Update Provisioning Policy by UsageType", + "description": "This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow.\nTransforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.\nRefer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:manage", + "idn:provisioning-policy-source-admin-operations:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "usageType", + "required": true, + "schema": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "description": "The type of ProvisioningPolicy usage." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The ProvisioningPolicyDto was successfully replaced.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Partial update of Provisioning Policy", + "description": "This API selectively updates an existing Provisioning Policy using a JSONPatch payload.\nTransforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.\nRefer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:update" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "usageType", + "required": true, + "schema": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "description": "The type of ProvisioningPolicy usage." + } + ], + "requestBody": { + "required": true, + "description": "The JSONPatch payload used to update the schema.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "add-field": { + "summary": "Add a field to the beginning of the list", + "value": [ + { + "op": "add", + "path": "/fields/0", + "value": { + "name": "email", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "email" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + } + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "The ProvisioningPolicyDto was successfully updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteProvisioningPolicy", + "tags": [ + "Sources" + ], + "summary": "Delete Provisioning Policy by UsageType", + "description": "Deletes the provisioning policy with the specified usage on an application.\nA token with API, or ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "usageType", + "required": true, + "schema": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "description": "The type of ProvisioningPolicy usage." + } + ], + "responses": { + "204": { + "description": "The ProvisioningPolicyDto was successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/provisioning-policies/bulk-update": { + "post": { + "operationId": "updateProvisioningPoliciesInBulk", + "tags": [ + "Sources" + ], + "summary": "Bulk Update Provisioning Policies", + "description": "This end-point updates a list of provisioning policies on the specified source in IdentityNow.\nA token with API, or ORG_ADMIN authority is required to call this API.", + "security": [ + { + "oauth2": [ + "idn:provisioning-policy:manage" + ] + } + ], + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + } + }, + "responses": { + "200": { + "description": "A list of the ProvisioningPolicyDto was successfully replaced.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/schemas": { + "get": { + "operationId": "listSourceSchemas", + "tags": [ + "Sources" + ], + "summary": "List Schemas on a Source", + "description": "Lists the Schemas that exist on the specified Source in IdentityNow.\n", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source ID.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "query", + "name": "include-types", + "required": false, + "schema": { + "type": "string" + }, + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "example": "group" + } + ], + "responses": { + "200": { + "description": "The Schemas were successfully retrieved.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "createSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Create Schema on a Source", + "description": "Creates a new Schema on the specified Source in IdentityNow.\n", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "responses": { + "201": { + "description": "The Schema was successfully created on the specified Source.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/schemas/{schemaId}": { + "get": { + "operationId": "getSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Get Source Schema by ID", + "description": "Get the Source Schema by ID in IdentityNow.\n", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "schemaId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "The requested Schema was successfully retrieved.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Update Source Schema (Full)", + "description": "This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below.\n\n* id\n* name\n* created\n* modified\n\nAny attempt to modify these fields will result in an error response with a status code of 400.\n\n> `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error.\n", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "schemaId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "The Schema was successfully replaced.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "operationId": "updateSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Update Source Schema (Partial)", + "description": "Use this API to selectively update an existing Schema using a JSONPatch payload. \n\nThe following schema fields are immutable and cannot be updated:\n\n- id\n- name\n- created\n- modified\n\n\nTo switch an account attribute to a group entitlement, you need to have the following in place:\n\n- `isEntitlement: true`\n- Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group:\n```json\n{\n \"name\": \"groups\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"id\": \"2c9180887671ff8c01767b4671fc7d60\",\n \"name\": \"group\"\n },\n \"description\": \"The groups, roles etc. that reference account group objects\",\n \"isMulti\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n}\n```\n", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "schemaId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "requestBody": { + "required": true, + "description": "The JSONPatch payload used to update the schema.", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)", + "required": [ + "op", + "path" + ], + "properties": { + "op": { + "type": "string", + "description": "The operation to be performed", + "enum": [ + "add", + "remove", + "replace", + "move", + "copy", + "test" + ], + "example": "replace" + }, + "path": { + "type": "string", + "description": "A string JSON Pointer representing the target path to an element to be affected by the operation", + "example": "/description" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + }, + { + "type": "array", + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "object" + } + ] + } + } + ], + "description": "The value to be used for the operation, required for \"add\" and \"replace\" operations", + "example": "New description" + } + } + } + }, + "examples": { + "add-attribute": { + "summary": "Add an attribute to the end of the list", + "value": [ + { + "op": "add", + "path": "/attributes/-", + "value": { + "name": "location", + "type": "STRING", + "schema": null, + "description": "Employee location", + "isMulti": false, + "isEntitlement": false, + "isGroup": false + } + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "The Schema was successfully updated.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteSourceSchema", + "tags": [ + "Sources" + ], + "summary": "Delete Source Schema by ID", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + { + "in": "path", + "name": "schemaId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The Schema id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "204": { + "description": "The Schema was successfully deleted." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{sourceId}/source-health": { + "get": { + "operationId": "getSourceHealth", + "tags": [ + "Sources" + ], + "summary": "This API fetches source health by source's id", + "description": "This endpoint fetches source health by source's id", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "Fetched source health successfully", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "Dto for source health data", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "name": { + "type": "string", + "description": "the name of the source", + "example": "Source1234" + }, + "org": { + "type": "string", + "description": "source's org", + "example": "denali-cjh" + }, + "isAuthoritative": { + "type": "boolean", + "example": false, + "description": "Is the source authoritative" + }, + "isCluster": { + "type": "boolean", + "example": false, + "description": "Is the source in a cluster" + }, + "hostname": { + "type": "string", + "example": "megapod-useast1-secret-hostname.sailpoint.com", + "description": "source's hostname" + }, + "pod": { + "type": "string", + "description": "source's pod", + "example": "megapod-useast1" + }, + "iqServiceVersion": { + "type": "string", + "description": "The version of the iqService", + "example": "iqVersion123" + }, + "status": { + "type": "string", + "enum": [ + "SOURCE_STATE_ERROR_CLUSTER", + "SOURCE_STATE_ERROR_SOURCE", + "SOURCE_STATE_ERROR_VA", + "SOURCE_STATE_FAILURE_CLUSTER", + "SOURCE_STATE_FAILURE_SOURCE", + "SOURCE_STATE_HEALTHY", + "SOURCE_STATE_UNCHECKED_CLUSTER", + "SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES", + "SOURCE_STATE_UNCHECKED_SOURCE", + "SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS" + ], + "description": "connection test result", + "example": "SOURCE_STATE_UNCHECKED_SOURCE" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sources/{id}/schemas/accounts": { + "get": { + "tags": [ + "Sources" + ], + "summary": "Downloads source accounts schema template", + "description": "This API downloads the CSV schema that defines the account attributes on a source.\n>**NOTE: This API is designated only for Delimited File sources.**", + "operationId": "downloadSourceAccountsSchema", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "responses": { + "200": { + "description": "Successfully downloaded the file", + "content": { + "text/csv": { + "example": "id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:source-schema:read" + ] + } + ] + }, + "post": { + "tags": [ + "Sources" + ], + "summary": "Uploads source accounts schema template", + "description": "This API uploads a source schema template file to configure a source's account attributes.\n\nTo retrieve the file to modify and upload, log into Identity Now. \n\nClick **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema**\n\n>**NOTE: This API is designated only for Delimited File sources.**", + "operationId": "uploadSourceAccountsSchema", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ], + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Successfully uploaded the file", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:source-schema:manage" + ] + } + ] + } + }, + "/sources/{id}/schemas/entitlements": { + "get": { + "tags": [ + "Sources" + ], + "summary": "Downloads source entitlements schema template", + "description": "This API downloads the CSV schema that defines the entitlement attributes on a source.\n\n>**NOTE: This API is designated only for Delimited File sources.**", + "operationId": "downloadSourceEntitlementsSchema", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "schemaName", + "schema": { + "type": "string" + }, + "description": "Name of entitlement schema", + "example": "?schemaName=group" + } + ], + "responses": { + "200": { + "description": "Successfully downloaded the file", + "content": { + "text/csv": { + "example": "id,name,displayName,created,description,modified,entitlements,groups,permissions" + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:source-schema:read" + ] + } + ] + }, + "post": { + "tags": [ + "Sources" + ], + "summary": "Uploads source entitlements schema template", + "description": "This API uploads a source schema template file to configure a source's entitlement attributes.\n\nTo retrieve the file to modify and upload, log into Identity Now. \n\nClick **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Import Entitlements** -> **Download**\n\n>**NOTE: This API is designated only for Delimited File sources.**", + "operationId": "uploadSourceEntitlementsSchema", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id", + "example": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "in": "query", + "name": "schemaName", + "schema": { + "type": "string" + }, + "description": "Name of entitlement schema", + "example": "?schemaName=group" + } + ], + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Successfully uploaded the file", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the Schema.", + "example": "2c9180835d191a86015d28455b4a2329" + }, + "name": { + "type": "string", + "description": "The name of the Schema.", + "example": "account" + }, + "nativeObjectType": { + "type": "string", + "description": "The name of the object type on the native system that the schema represents.", + "example": "User" + }, + "identityAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the unique identifier for an object in the schema.", + "example": "sAMAccountName" + }, + "displayAttribute": { + "type": "string", + "description": "The name of the attribute used to calculate the display value for an object in the schema.", + "example": "distinguishedName" + }, + "hierarchyAttribute": { + "type": "string", + "description": "The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.", + "example": "memberOf" + }, + "includePermissions": { + "type": "boolean", + "description": "Flag indicating whether or not the include permissions with the object data when aggregating the schema.", + "example": false + }, + "features": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "description": "The features that the schema supports.", + "example": [ + "PROVISIONING", + "NO_PERMISSIONS_PROVISIONING", + "GROUPS_HAVE_MEMBERS" + ] + }, + "configuration": { + "type": "object", + "description": "Holds any extra configuration data that the schema may require.", + "example": { + "groupMemberAttribute": "member" + } + }, + "attributes": { + "type": "array", + "description": "The attribute definitions which form the schema.", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "sAMAccountName" + }, + "type": { + "description": "The type of the attribute.", + "example": "STRING", + "type": "string", + "enum": [ + "STRING", + "LONG", + "INT", + "BOOLEAN" + ] + }, + "schema": { + "description": "A reference to the schema on the source to the attribute values map to.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "The object ID this reference applies to.", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "The human-readable display name of the object.", + "example": "group" + } + } + }, + "description": { + "type": "string", + "description": "A human-readable description of the attribute.", + "example": "SAM Account Name" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "example": false + }, + "isEntitlement": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is an entitlement.", + "example": false + }, + "isGroup": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute represents a group.\nThis can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..\n", + "example": false + } + } + }, + "example": [ + { + "name": "sAMAccountName", + "type": "STRING", + "isMultiValued": false, + "isEntitlement": false, + "isGroup": false + }, + { + "name": "memberOf", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "Group membership", + "isMultiValued": true, + "isEntitlement": true, + "isGroup": true + } + ] + }, + "created": { + "type": "string", + "description": "The date the Schema was created.", + "format": "date-time", + "example": "2019-12-24T22:32:58.104Z" + }, + "modified": { + "type": "string", + "description": "The date the Schema was last modified.", + "format": "date-time", + "example": "2019-12-31T20:22:28.104Z" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:source-schema:manage" + ] + } + ] + } + }, + "/sources/{sourceId}/upload-connector-file": { + "post": { + "operationId": "uploadSourceConnectorFile", + "tags": [ + "Sources" + ], + "summary": "Upload connector file to source", + "parameters": [ + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + }, + "description": "The Source id.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "description": "This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events.\nA token with ORG_ADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Uploaded the file successfully and sent all post-upload events", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects": { + "get": { + "operationId": "listTaggedObjects", + "security": [ + { + "oauth2": [ + "idn:tag:read", + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "List Tagged Objects", + "description": "This API returns a list of all tagged objects.\n\nAny authenticated token may be used to call this API.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**objectRef.id**: *eq, in*\n\n**objectRef.type**: *eq, in*\n\n**tagName**: *eq, in*", + "example": "tagName eq \"BU_FINANCE\"", + "required": false + } + ], + "responses": { + "200": { + "description": "List of all tagged objects.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "setTagToObject", + "security": [ + { + "oauth2": [ + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Add Tag to Object", + "description": "This adds a tag to an object.\n\nAny authenticated token may be used to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "201": { + "description": "Created." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects/{type}": { + "get": { + "operationId": "listTaggedObjectsByType", + "security": [ + { + "oauth2": [ + "idn:tag:read", + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "List Tagged Objects", + "description": "This API returns a list of all tagged objects by type.\n\nAny authenticated token may be used to call this API.", + "parameters": [ + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "IDENTITY", + "SOD_POLICY" + ] + }, + "required": true, + "description": "The type of tagged object to retrieve.", + "example": "ROLE" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**objectRef.id**: *eq*\n\n**objectRef.type**: *eq*", + "example": "objectRef.id eq \"2c91808568c529c60168cca6f90c1313\"", + "required": false + } + ], + "responses": { + "200": { + "description": "List of all tagged objects for specified type.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects/{type}/{id}": { + "get": { + "operationId": "getTaggedObject", + "security": [ + { + "oauth2": [ + "idn:tag:read", + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Get Tagged Object", + "description": "This gets a tagged object for the specified type.", + "parameters": [ + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "IDENTITY", + "SOD_POLICY" + ] + }, + "required": true, + "description": "The type of tagged object to retrieve.", + "example": "ROLE" + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to retrieve.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "Tagged object by type and ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "put": { + "operationId": "putTaggedObject", + "security": [ + { + "oauth2": [ + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Update Tagged Object", + "description": "This updates a tagged object for the specified type.", + "parameters": [ + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "IDENTITY", + "SOD_POLICY" + ] + }, + "required": true, + "description": "The type of tagged object to update.", + "example": "ROLE" + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to update.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Tagged object by type and ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRef": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Labels to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "operationId": "deleteTaggedObject", + "security": [ + { + "oauth2": [ + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Delete Tagged Object", + "description": "This deletes a tagged object for the specified type.", + "parameters": [ + { + "in": "path", + "name": "type", + "schema": { + "type": "string", + "enum": [ + "ROLE", + "IDENTITY", + "SOD_POLICY" + ] + }, + "required": true, + "description": "The type of tagged object to delete.", + "example": "ROLE" + }, + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to delete.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects/bulk-add": { + "post": { + "operationId": "setTagsToManyObjects", + "security": [ + { + "oauth2": [ + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Tag Multiple Objects", + "description": "This API adds tags to multiple objects.\n\nA token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "requestBody": { + "required": true, + "description": "Supported object types are ROLE, IDENTITY and SOD_POLICY.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRefs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Label to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + }, + "operation": { + "type": "string", + "enum": [ + "APPEND", + "MERGE" + ], + "default": "APPEND", + "description": "If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.\n\nIf MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.", + "example": "MERGE" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Request succeeded.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRefs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Label to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + }, + "operation": { + "type": "string", + "enum": [ + "APPEND", + "MERGE" + ], + "default": "APPEND", + "description": "If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.\n\nIf MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.", + "example": "MERGE" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/tagged-objects/bulk-remove": { + "post": { + "operationId": "deleteTagsToManyObject", + "security": [ + { + "oauth2": [ + "idn:tag:manage" + ] + } + ], + "tags": [ + "Tagged Objects" + ], + "summary": "Remove Tags from Multiple Objects", + "description": "This API removes tags from multiple objects.\n\nA token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.", + "requestBody": { + "description": "Supported object types are ROLE, IDENTITY and SOD_POLICY.", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "objectRefs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "nullable": true, + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Label to be applied to an Object", + "example": [ + "BU_FINANCE", + "PCI" + ] + }, + "operation": { + "type": "string", + "enum": [ + "APPEND", + "MERGE" + ], + "default": "APPEND", + "description": "If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.\n\nIf MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.", + "example": "MERGE" + } + } + } + } + } + }, + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/transforms": { + "get": { + "tags": [ + "Transforms" + ], + "summary": "List transforms", + "description": "Gets a list of all saved transform objects.\nA token with transforms-list read authority is required to call this API.", + "operationId": "listTransforms", + "parameters": [ + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "name", + "in": "query", + "description": "Name of the transform to retrieve from the list.", + "required": false, + "style": "form", + "schema": { + "type": "string", + "example": "ExampleTransformName123" + } + }, + { + "name": "filters", + "in": "query", + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "required": false, + "style": "form", + "explode": true, + "example": "name eq \"Uppercase\"", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A list of transforms matching the given criteria.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "The representation of an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "description": "Unique name of this transform", + "example": "Timestamp To Date", + "minLength": 1, + "maxLength": 50 + }, + "type": { + "type": "string", + "description": "The type of transform operation", + "enum": [ + "accountAttribute", + "base64Decode", + "base64Encode", + "concat", + "conditional", + "dateCompare", + "dateFormat", + "dateMath", + "decomposeDiacriticalMarks", + "e164phone", + "firstValid", + "rule", + "identityAttribute", + "indexOf", + "iso3166", + "lastIndexOf", + "leftPad", + "lookup", + "lower", + "normalizeNames", + "randomAlphaNumeric", + "randomNumeric", + "reference", + "replaceAll", + "replace", + "rightPad", + "split", + "static", + "substring", + "trim", + "upper", + "usernameGenerator", + "uuid" + ], + "example": "dateFormat", + "externalDocs": { + "description": "Transform Operations", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations" + } + }, + "attributes": { + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Decode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Encode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "concat", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of items to join together", + "example": [ + "John", + " ", + "Smith" + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "conditional", + "type": "object", + "required": [ + "expression", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "expression": { + "type": "string", + "description": "A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. \n\nThe `eq` operator is the only valid comparison", + "example": "ValueA eq ValueB" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": "false" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateCompare", + "type": "object", + "required": [ + "firstDate", + "secondDate", + "operator", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "firstDate": { + "description": "This is the first date to consider (The date that would be on the left hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "secondDate": { + "description": "This is the second date to consider (The date that would be on the right hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "operator": { + "type": "string", + "description": "This is the comparison to perform.\n| Operation | Description |\n| --------- | ------- |\n| LT | Strictly less than: firstDate < secondDate |\n| LTE | Less than or equal to: firstDate <= secondDate |\n| GT | Strictly greater than: firstDate > secondDate |\n| GTE | Greater than or equal to: firstDate >= secondDate |\n", + "enum": [ + "LT", + "LTE", + "GT", + "GTE" + ], + "example": "LT" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateMath", + "type": "object", + "required": [ + "expression" + ], + "properties": { + "expression": { + "type": "string", + "description": "A string value of the date and time components to operation on, along with the math operations to execute.\n", + "externalDocs": { + "description": "Date Math Expressions", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure" + }, + "example": "now+1w" + }, + "roundUp": { + "type": "boolean", + "description": "A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. \n\n\nIf not provided, the transform will default to `false`\n\n\n`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)\n\n\n`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)\n", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "decomposeDiacriticalMarks", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "e164phone", + "type": "object", + "properties": { + "defaultRegion": { + "type": "string", + "description": "This is an optional attribute that can be used to define the region of the phone number to format into.\n\n\nIf defaultRegion is not provided, it will take US as the default country.\n\n\nThe format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)\n", + "example": "US" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "firstValid", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of attributes to evaluate for existence.", + "example": [ + { + "attributes": { + "sourceName": "Active Directory", + "attributeName": "sAMAccountName" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "Okta", + "attributeName": "login" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "HR Source", + "attributeName": "employeeID" + }, + "type": "accountAttribute" + } + ] + }, + "ignoreErrors": { + "type": "boolean", + "description": "a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "rule", + "oneOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Generic rule that needs to be invoked by the transform", + "example": "Generic Calculation Rule" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "includeNumbers", + "includeSpecialChars", + "length" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `generateRandomString`", + "example": "generateRandomString" + }, + "includeNumbers": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include numbers", + "example": true + }, + "includeSpecialChars": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include special characters", + "example": true + }, + "length": { + "type": "string", + "description": "This specifies how long the randomly generated string needs to be\n\n\n>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "uid" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `getReferenceIdentityAttribute`", + "example": "getReferenceIdentityAttribute" + }, + "uid": { + "type": "string", + "description": "This is the SailPoint User Name (uid) value of the identity whose attribute is desired\n\nAs a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.\n", + "example": "2c91808570313110017040b06f344ec9" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + } + ] + }, + { + "title": "identityAttribute", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "The system (camel-cased) name of the identity attribute to bring in", + "example": "email" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "indexOf", + "type": "object", + "required": [ + "substring" + ], + "properties": { + "substring": { + "type": "string", + "description": "A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.", + "example": "admin_" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "iso3166", + "type": "object", + "properties": { + "format": { + "type": "string", + "description": "An optional value to denote which ISO 3166 format to return. Valid values are:\n\n\n`alpha2` - Two-character country code (e.g., \"US\"); this is the default value if no format is supplied\n\n\n`alpha3` - Three-character country code (e.g., \"USA\")\n\n\n`numeric` - The numeric country code (e.g., \"840\")\n", + "example": "alpha2" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "leftPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lookup", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched\n\n\n>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return \"Unknown Region\" for the attribute that is mapped to this transform.\n", + "example": { + "USA": "Americas", + "FRA": "EMEA", + "AUS": "APAC", + "default": "Unknown Region" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lower", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "nameNormalizer", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomAlphaNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "reference", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "This ID specifies the name of the pre-existing transform which you want to use within your current transform", + "example": "Existing Transform" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replaceAll", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.", + "example": { + "-": " ", + "\"": "'", + "ñ": "n" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replace", + "type": "object", + "required": [ + "regex", + "replacement" + ], + "properties": { + "regex": { + "type": "string", + "description": "This can be a string or a regex pattern in which you want to replace.", + "example": "[^a-zA-Z]", + "externalDocs": { + "description": "Regex Builder", + "url": "https://regex101.com/" + } + }, + "replacement": { + "type": "string", + "description": "This is the replacement string that should be substituded wherever the string or pattern is found.", + "example": " " + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "rightPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "split", + "type": "object", + "required": [ + "delimiter", + "index" + ], + "properties": { + "delimiter": { + "type": "string", + "description": "This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data", + "example": "," + }, + "index": { + "type": "string", + "description": "An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.", + "example": "5" + }, + "throws": { + "type": "boolean", + "description": "A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)\n\n\n`true` - The transform should return \"IndexOutOfBoundsException\"\n\n\n`false` - The transform should return null\n\n\nIf not provided, the transform will default to false and return a null\n", + "example": true + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "static", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "string", + "description": "This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.", + "example": "string$variable", + "externalDocs": { + "description": "Static Transform Documentation", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/static" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "substring", + "type": "object", + "required": [ + "begin" + ], + "properties": { + "begin": { + "type": "integer", + "description": "The index of the first character to include in the returned substring.\n\n\nIf `begin` is set to -1, the transform will begin at character 0 of the input data\n", + "example": 1, + "format": "int32" + }, + "beginOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the begin attribute when returning a substring. \n\nThis attribute is only used if begin is not -1.\n", + "example": 3, + "format": "int32" + }, + "end": { + "type": "integer", + "description": "The index of the first character to exclude from the returned substring.\n\nIf end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.\n", + "example": 6, + "format": "int32" + }, + "endOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the end attribute when returning a substring. \n\nThis attribute is only used if end is provided and is not -1.\n", + "example": 1, + "format": "int32" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "trim", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "upper", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "uuid", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + } + ] + }, + "internal": { + "type": "boolean", + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + } + }, + "example": [ + { + "id": "2cd78adghjkja34jh2b1hkjhasuecd", + "name": "Timestamp To Date", + "type": "dateFormat", + "attributes": { + "inputFormat": "MMM-dd-yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + }, + "internal": false + }, + { + "id": "2lkas8dhj4bkuakja77giih7l4ashh", + "name": "PrefixSubstring", + "type": "substring", + "attributes": { + "begin": 0, + "end": 3 + }, + "internal": true + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:read" + ] + } + ] + }, + "post": { + "tags": [ + "Transforms" + ], + "summary": "Create transform", + "description": "Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. A token with transform write authority is required to call this API.", + "operationId": "createTransform", + "requestBody": { + "required": true, + "description": "The transform to be created.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "The representation of an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "description": "Unique name of this transform", + "example": "Timestamp To Date", + "minLength": 1, + "maxLength": 50 + }, + "type": { + "type": "string", + "description": "The type of transform operation", + "enum": [ + "accountAttribute", + "base64Decode", + "base64Encode", + "concat", + "conditional", + "dateCompare", + "dateFormat", + "dateMath", + "decomposeDiacriticalMarks", + "e164phone", + "firstValid", + "rule", + "identityAttribute", + "indexOf", + "iso3166", + "lastIndexOf", + "leftPad", + "lookup", + "lower", + "normalizeNames", + "randomAlphaNumeric", + "randomNumeric", + "reference", + "replaceAll", + "replace", + "rightPad", + "split", + "static", + "substring", + "trim", + "upper", + "usernameGenerator", + "uuid" + ], + "example": "dateFormat", + "externalDocs": { + "description": "Transform Operations", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations" + } + }, + "attributes": { + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Decode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Encode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "concat", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of items to join together", + "example": [ + "John", + " ", + "Smith" + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "conditional", + "type": "object", + "required": [ + "expression", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "expression": { + "type": "string", + "description": "A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. \n\nThe `eq` operator is the only valid comparison", + "example": "ValueA eq ValueB" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": "false" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateCompare", + "type": "object", + "required": [ + "firstDate", + "secondDate", + "operator", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "firstDate": { + "description": "This is the first date to consider (The date that would be on the left hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "secondDate": { + "description": "This is the second date to consider (The date that would be on the right hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "operator": { + "type": "string", + "description": "This is the comparison to perform.\n| Operation | Description |\n| --------- | ------- |\n| LT | Strictly less than: firstDate < secondDate |\n| LTE | Less than or equal to: firstDate <= secondDate |\n| GT | Strictly greater than: firstDate > secondDate |\n| GTE | Greater than or equal to: firstDate >= secondDate |\n", + "enum": [ + "LT", + "LTE", + "GT", + "GTE" + ], + "example": "LT" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateMath", + "type": "object", + "required": [ + "expression" + ], + "properties": { + "expression": { + "type": "string", + "description": "A string value of the date and time components to operation on, along with the math operations to execute.\n", + "externalDocs": { + "description": "Date Math Expressions", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure" + }, + "example": "now+1w" + }, + "roundUp": { + "type": "boolean", + "description": "A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. \n\n\nIf not provided, the transform will default to `false`\n\n\n`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)\n\n\n`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)\n", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "decomposeDiacriticalMarks", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "e164phone", + "type": "object", + "properties": { + "defaultRegion": { + "type": "string", + "description": "This is an optional attribute that can be used to define the region of the phone number to format into.\n\n\nIf defaultRegion is not provided, it will take US as the default country.\n\n\nThe format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)\n", + "example": "US" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "firstValid", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of attributes to evaluate for existence.", + "example": [ + { + "attributes": { + "sourceName": "Active Directory", + "attributeName": "sAMAccountName" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "Okta", + "attributeName": "login" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "HR Source", + "attributeName": "employeeID" + }, + "type": "accountAttribute" + } + ] + }, + "ignoreErrors": { + "type": "boolean", + "description": "a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "rule", + "oneOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Generic rule that needs to be invoked by the transform", + "example": "Generic Calculation Rule" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "includeNumbers", + "includeSpecialChars", + "length" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `generateRandomString`", + "example": "generateRandomString" + }, + "includeNumbers": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include numbers", + "example": true + }, + "includeSpecialChars": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include special characters", + "example": true + }, + "length": { + "type": "string", + "description": "This specifies how long the randomly generated string needs to be\n\n\n>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "uid" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `getReferenceIdentityAttribute`", + "example": "getReferenceIdentityAttribute" + }, + "uid": { + "type": "string", + "description": "This is the SailPoint User Name (uid) value of the identity whose attribute is desired\n\nAs a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.\n", + "example": "2c91808570313110017040b06f344ec9" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + } + ] + }, + { + "title": "identityAttribute", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "The system (camel-cased) name of the identity attribute to bring in", + "example": "email" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "indexOf", + "type": "object", + "required": [ + "substring" + ], + "properties": { + "substring": { + "type": "string", + "description": "A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.", + "example": "admin_" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "iso3166", + "type": "object", + "properties": { + "format": { + "type": "string", + "description": "An optional value to denote which ISO 3166 format to return. Valid values are:\n\n\n`alpha2` - Two-character country code (e.g., \"US\"); this is the default value if no format is supplied\n\n\n`alpha3` - Three-character country code (e.g., \"USA\")\n\n\n`numeric` - The numeric country code (e.g., \"840\")\n", + "example": "alpha2" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "leftPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lookup", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched\n\n\n>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return \"Unknown Region\" for the attribute that is mapped to this transform.\n", + "example": { + "USA": "Americas", + "FRA": "EMEA", + "AUS": "APAC", + "default": "Unknown Region" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lower", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "nameNormalizer", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomAlphaNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "reference", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "This ID specifies the name of the pre-existing transform which you want to use within your current transform", + "example": "Existing Transform" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replaceAll", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.", + "example": { + "-": " ", + "\"": "'", + "ñ": "n" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replace", + "type": "object", + "required": [ + "regex", + "replacement" + ], + "properties": { + "regex": { + "type": "string", + "description": "This can be a string or a regex pattern in which you want to replace.", + "example": "[^a-zA-Z]", + "externalDocs": { + "description": "Regex Builder", + "url": "https://regex101.com/" + } + }, + "replacement": { + "type": "string", + "description": "This is the replacement string that should be substituded wherever the string or pattern is found.", + "example": " " + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "rightPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "split", + "type": "object", + "required": [ + "delimiter", + "index" + ], + "properties": { + "delimiter": { + "type": "string", + "description": "This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data", + "example": "," + }, + "index": { + "type": "string", + "description": "An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.", + "example": "5" + }, + "throws": { + "type": "boolean", + "description": "A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)\n\n\n`true` - The transform should return \"IndexOutOfBoundsException\"\n\n\n`false` - The transform should return null\n\n\nIf not provided, the transform will default to false and return a null\n", + "example": true + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "static", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "string", + "description": "This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.", + "example": "string$variable", + "externalDocs": { + "description": "Static Transform Documentation", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/static" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "substring", + "type": "object", + "required": [ + "begin" + ], + "properties": { + "begin": { + "type": "integer", + "description": "The index of the first character to include in the returned substring.\n\n\nIf `begin` is set to -1, the transform will begin at character 0 of the input data\n", + "example": 1, + "format": "int32" + }, + "beginOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the begin attribute when returning a substring. \n\nThis attribute is only used if begin is not -1.\n", + "example": 3, + "format": "int32" + }, + "end": { + "type": "integer", + "description": "The index of the first character to exclude from the returned substring.\n\nIf end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.\n", + "example": 6, + "format": "int32" + }, + "endOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the end attribute when returning a substring. \n\nThis attribute is only used if end is provided and is not -1.\n", + "example": 1, + "format": "int32" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "trim", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "upper", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "uuid", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + } + ] + }, + "internal": { + "type": "boolean", + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + }, + "example": { + "name": "Timestamp To Date", + "type": "dateFormat", + "attributes": { + "inputFormat": "MMM dd yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + } + } + } + }, + "responses": { + "201": { + "description": "Indicates the transform was successfully created and returns its representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "The representation of an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "description": "Unique name of this transform", + "example": "Timestamp To Date", + "minLength": 1, + "maxLength": 50 + }, + "type": { + "type": "string", + "description": "The type of transform operation", + "enum": [ + "accountAttribute", + "base64Decode", + "base64Encode", + "concat", + "conditional", + "dateCompare", + "dateFormat", + "dateMath", + "decomposeDiacriticalMarks", + "e164phone", + "firstValid", + "rule", + "identityAttribute", + "indexOf", + "iso3166", + "lastIndexOf", + "leftPad", + "lookup", + "lower", + "normalizeNames", + "randomAlphaNumeric", + "randomNumeric", + "reference", + "replaceAll", + "replace", + "rightPad", + "split", + "static", + "substring", + "trim", + "upper", + "usernameGenerator", + "uuid" + ], + "example": "dateFormat", + "externalDocs": { + "description": "Transform Operations", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations" + } + }, + "attributes": { + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Decode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Encode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "concat", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of items to join together", + "example": [ + "John", + " ", + "Smith" + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "conditional", + "type": "object", + "required": [ + "expression", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "expression": { + "type": "string", + "description": "A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. \n\nThe `eq` operator is the only valid comparison", + "example": "ValueA eq ValueB" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": "false" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateCompare", + "type": "object", + "required": [ + "firstDate", + "secondDate", + "operator", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "firstDate": { + "description": "This is the first date to consider (The date that would be on the left hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "secondDate": { + "description": "This is the second date to consider (The date that would be on the right hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "operator": { + "type": "string", + "description": "This is the comparison to perform.\n| Operation | Description |\n| --------- | ------- |\n| LT | Strictly less than: firstDate < secondDate |\n| LTE | Less than or equal to: firstDate <= secondDate |\n| GT | Strictly greater than: firstDate > secondDate |\n| GTE | Greater than or equal to: firstDate >= secondDate |\n", + "enum": [ + "LT", + "LTE", + "GT", + "GTE" + ], + "example": "LT" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateMath", + "type": "object", + "required": [ + "expression" + ], + "properties": { + "expression": { + "type": "string", + "description": "A string value of the date and time components to operation on, along with the math operations to execute.\n", + "externalDocs": { + "description": "Date Math Expressions", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure" + }, + "example": "now+1w" + }, + "roundUp": { + "type": "boolean", + "description": "A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. \n\n\nIf not provided, the transform will default to `false`\n\n\n`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)\n\n\n`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)\n", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "decomposeDiacriticalMarks", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "e164phone", + "type": "object", + "properties": { + "defaultRegion": { + "type": "string", + "description": "This is an optional attribute that can be used to define the region of the phone number to format into.\n\n\nIf defaultRegion is not provided, it will take US as the default country.\n\n\nThe format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)\n", + "example": "US" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "firstValid", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of attributes to evaluate for existence.", + "example": [ + { + "attributes": { + "sourceName": "Active Directory", + "attributeName": "sAMAccountName" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "Okta", + "attributeName": "login" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "HR Source", + "attributeName": "employeeID" + }, + "type": "accountAttribute" + } + ] + }, + "ignoreErrors": { + "type": "boolean", + "description": "a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "rule", + "oneOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Generic rule that needs to be invoked by the transform", + "example": "Generic Calculation Rule" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "includeNumbers", + "includeSpecialChars", + "length" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `generateRandomString`", + "example": "generateRandomString" + }, + "includeNumbers": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include numbers", + "example": true + }, + "includeSpecialChars": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include special characters", + "example": true + }, + "length": { + "type": "string", + "description": "This specifies how long the randomly generated string needs to be\n\n\n>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "uid" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `getReferenceIdentityAttribute`", + "example": "getReferenceIdentityAttribute" + }, + "uid": { + "type": "string", + "description": "This is the SailPoint User Name (uid) value of the identity whose attribute is desired\n\nAs a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.\n", + "example": "2c91808570313110017040b06f344ec9" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + } + ] + }, + { + "title": "identityAttribute", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "The system (camel-cased) name of the identity attribute to bring in", + "example": "email" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "indexOf", + "type": "object", + "required": [ + "substring" + ], + "properties": { + "substring": { + "type": "string", + "description": "A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.", + "example": "admin_" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "iso3166", + "type": "object", + "properties": { + "format": { + "type": "string", + "description": "An optional value to denote which ISO 3166 format to return. Valid values are:\n\n\n`alpha2` - Two-character country code (e.g., \"US\"); this is the default value if no format is supplied\n\n\n`alpha3` - Three-character country code (e.g., \"USA\")\n\n\n`numeric` - The numeric country code (e.g., \"840\")\n", + "example": "alpha2" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "leftPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lookup", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched\n\n\n>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return \"Unknown Region\" for the attribute that is mapped to this transform.\n", + "example": { + "USA": "Americas", + "FRA": "EMEA", + "AUS": "APAC", + "default": "Unknown Region" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lower", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "nameNormalizer", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomAlphaNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "reference", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "This ID specifies the name of the pre-existing transform which you want to use within your current transform", + "example": "Existing Transform" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replaceAll", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.", + "example": { + "-": " ", + "\"": "'", + "ñ": "n" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replace", + "type": "object", + "required": [ + "regex", + "replacement" + ], + "properties": { + "regex": { + "type": "string", + "description": "This can be a string or a regex pattern in which you want to replace.", + "example": "[^a-zA-Z]", + "externalDocs": { + "description": "Regex Builder", + "url": "https://regex101.com/" + } + }, + "replacement": { + "type": "string", + "description": "This is the replacement string that should be substituded wherever the string or pattern is found.", + "example": " " + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "rightPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "split", + "type": "object", + "required": [ + "delimiter", + "index" + ], + "properties": { + "delimiter": { + "type": "string", + "description": "This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data", + "example": "," + }, + "index": { + "type": "string", + "description": "An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.", + "example": "5" + }, + "throws": { + "type": "boolean", + "description": "A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)\n\n\n`true` - The transform should return \"IndexOutOfBoundsException\"\n\n\n`false` - The transform should return null\n\n\nIf not provided, the transform will default to false and return a null\n", + "example": true + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "static", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "string", + "description": "This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.", + "example": "string$variable", + "externalDocs": { + "description": "Static Transform Documentation", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/static" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "substring", + "type": "object", + "required": [ + "begin" + ], + "properties": { + "begin": { + "type": "integer", + "description": "The index of the first character to include in the returned substring.\n\n\nIf `begin` is set to -1, the transform will begin at character 0 of the input data\n", + "example": 1, + "format": "int32" + }, + "beginOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the begin attribute when returning a substring. \n\nThis attribute is only used if begin is not -1.\n", + "example": 3, + "format": "int32" + }, + "end": { + "type": "integer", + "description": "The index of the first character to exclude from the returned substring.\n\nIf end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.\n", + "example": 6, + "format": "int32" + }, + "endOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the end attribute when returning a substring. \n\nThis attribute is only used if end is provided and is not -1.\n", + "example": 1, + "format": "int32" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "trim", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "upper", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "uuid", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + } + ] + }, + "internal": { + "type": "boolean", + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:update" + ] + } + ] + } + }, + "/transforms/{id}": { + "get": { + "tags": [ + "Transforms" + ], + "summary": "Transform by ID", + "description": "This API returns the transform specified by the given ID.\nA token with transform read authority is required to call this API.", + "operationId": "getTransform", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the transform to retrieve", + "required": true, + "style": "simple", + "explode": false, + "example": "2cd78adghjkja34jh2b1hkjhasuecd", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Transform with the given ID", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "The representation of an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "description": "Unique name of this transform", + "example": "Timestamp To Date", + "minLength": 1, + "maxLength": 50 + }, + "type": { + "type": "string", + "description": "The type of transform operation", + "enum": [ + "accountAttribute", + "base64Decode", + "base64Encode", + "concat", + "conditional", + "dateCompare", + "dateFormat", + "dateMath", + "decomposeDiacriticalMarks", + "e164phone", + "firstValid", + "rule", + "identityAttribute", + "indexOf", + "iso3166", + "lastIndexOf", + "leftPad", + "lookup", + "lower", + "normalizeNames", + "randomAlphaNumeric", + "randomNumeric", + "reference", + "replaceAll", + "replace", + "rightPad", + "split", + "static", + "substring", + "trim", + "upper", + "usernameGenerator", + "uuid" + ], + "example": "dateFormat", + "externalDocs": { + "description": "Transform Operations", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations" + } + }, + "attributes": { + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Decode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Encode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "concat", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of items to join together", + "example": [ + "John", + " ", + "Smith" + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "conditional", + "type": "object", + "required": [ + "expression", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "expression": { + "type": "string", + "description": "A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. \n\nThe `eq` operator is the only valid comparison", + "example": "ValueA eq ValueB" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": "false" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateCompare", + "type": "object", + "required": [ + "firstDate", + "secondDate", + "operator", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "firstDate": { + "description": "This is the first date to consider (The date that would be on the left hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "secondDate": { + "description": "This is the second date to consider (The date that would be on the right hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "operator": { + "type": "string", + "description": "This is the comparison to perform.\n| Operation | Description |\n| --------- | ------- |\n| LT | Strictly less than: firstDate < secondDate |\n| LTE | Less than or equal to: firstDate <= secondDate |\n| GT | Strictly greater than: firstDate > secondDate |\n| GTE | Greater than or equal to: firstDate >= secondDate |\n", + "enum": [ + "LT", + "LTE", + "GT", + "GTE" + ], + "example": "LT" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateMath", + "type": "object", + "required": [ + "expression" + ], + "properties": { + "expression": { + "type": "string", + "description": "A string value of the date and time components to operation on, along with the math operations to execute.\n", + "externalDocs": { + "description": "Date Math Expressions", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure" + }, + "example": "now+1w" + }, + "roundUp": { + "type": "boolean", + "description": "A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. \n\n\nIf not provided, the transform will default to `false`\n\n\n`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)\n\n\n`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)\n", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "decomposeDiacriticalMarks", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "e164phone", + "type": "object", + "properties": { + "defaultRegion": { + "type": "string", + "description": "This is an optional attribute that can be used to define the region of the phone number to format into.\n\n\nIf defaultRegion is not provided, it will take US as the default country.\n\n\nThe format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)\n", + "example": "US" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "firstValid", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of attributes to evaluate for existence.", + "example": [ + { + "attributes": { + "sourceName": "Active Directory", + "attributeName": "sAMAccountName" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "Okta", + "attributeName": "login" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "HR Source", + "attributeName": "employeeID" + }, + "type": "accountAttribute" + } + ] + }, + "ignoreErrors": { + "type": "boolean", + "description": "a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "rule", + "oneOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Generic rule that needs to be invoked by the transform", + "example": "Generic Calculation Rule" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "includeNumbers", + "includeSpecialChars", + "length" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `generateRandomString`", + "example": "generateRandomString" + }, + "includeNumbers": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include numbers", + "example": true + }, + "includeSpecialChars": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include special characters", + "example": true + }, + "length": { + "type": "string", + "description": "This specifies how long the randomly generated string needs to be\n\n\n>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "uid" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `getReferenceIdentityAttribute`", + "example": "getReferenceIdentityAttribute" + }, + "uid": { + "type": "string", + "description": "This is the SailPoint User Name (uid) value of the identity whose attribute is desired\n\nAs a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.\n", + "example": "2c91808570313110017040b06f344ec9" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + } + ] + }, + { + "title": "identityAttribute", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "The system (camel-cased) name of the identity attribute to bring in", + "example": "email" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "indexOf", + "type": "object", + "required": [ + "substring" + ], + "properties": { + "substring": { + "type": "string", + "description": "A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.", + "example": "admin_" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "iso3166", + "type": "object", + "properties": { + "format": { + "type": "string", + "description": "An optional value to denote which ISO 3166 format to return. Valid values are:\n\n\n`alpha2` - Two-character country code (e.g., \"US\"); this is the default value if no format is supplied\n\n\n`alpha3` - Three-character country code (e.g., \"USA\")\n\n\n`numeric` - The numeric country code (e.g., \"840\")\n", + "example": "alpha2" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "leftPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lookup", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched\n\n\n>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return \"Unknown Region\" for the attribute that is mapped to this transform.\n", + "example": { + "USA": "Americas", + "FRA": "EMEA", + "AUS": "APAC", + "default": "Unknown Region" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lower", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "nameNormalizer", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomAlphaNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "reference", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "This ID specifies the name of the pre-existing transform which you want to use within your current transform", + "example": "Existing Transform" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replaceAll", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.", + "example": { + "-": " ", + "\"": "'", + "ñ": "n" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replace", + "type": "object", + "required": [ + "regex", + "replacement" + ], + "properties": { + "regex": { + "type": "string", + "description": "This can be a string or a regex pattern in which you want to replace.", + "example": "[^a-zA-Z]", + "externalDocs": { + "description": "Regex Builder", + "url": "https://regex101.com/" + } + }, + "replacement": { + "type": "string", + "description": "This is the replacement string that should be substituded wherever the string or pattern is found.", + "example": " " + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "rightPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "split", + "type": "object", + "required": [ + "delimiter", + "index" + ], + "properties": { + "delimiter": { + "type": "string", + "description": "This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data", + "example": "," + }, + "index": { + "type": "string", + "description": "An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.", + "example": "5" + }, + "throws": { + "type": "boolean", + "description": "A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)\n\n\n`true` - The transform should return \"IndexOutOfBoundsException\"\n\n\n`false` - The transform should return null\n\n\nIf not provided, the transform will default to false and return a null\n", + "example": true + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "static", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "string", + "description": "This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.", + "example": "string$variable", + "externalDocs": { + "description": "Static Transform Documentation", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/static" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "substring", + "type": "object", + "required": [ + "begin" + ], + "properties": { + "begin": { + "type": "integer", + "description": "The index of the first character to include in the returned substring.\n\n\nIf `begin` is set to -1, the transform will begin at character 0 of the input data\n", + "example": 1, + "format": "int32" + }, + "beginOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the begin attribute when returning a substring. \n\nThis attribute is only used if begin is not -1.\n", + "example": 3, + "format": "int32" + }, + "end": { + "type": "integer", + "description": "The index of the first character to exclude from the returned substring.\n\nIf end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.\n", + "example": 6, + "format": "int32" + }, + "endOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the end attribute when returning a substring. \n\nThis attribute is only used if end is provided and is not -1.\n", + "example": 1, + "format": "int32" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "trim", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "upper", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "uuid", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + } + ] + }, + "internal": { + "type": "boolean", + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:read" + ] + } + ] + }, + "put": { + "tags": [ + "Transforms" + ], + "summary": "Update a transform", + "description": "Replaces the transform specified by the given ID with the transform provided in the request body. Only the \"attributes\" field is mutable. Attempting to change other properties (ex. \"name\" and \"type\") will result in an error.\nA token with transform write authority is required to call this API.", + "operationId": "updateTransform", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the transform to update", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string" + }, + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + } + ], + "requestBody": { + "description": "The updated transform object (must include \"name\", \"type\", and \"attributes\" fields).", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "The representation of an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "description": "Unique name of this transform", + "example": "Timestamp To Date", + "minLength": 1, + "maxLength": 50 + }, + "type": { + "type": "string", + "description": "The type of transform operation", + "enum": [ + "accountAttribute", + "base64Decode", + "base64Encode", + "concat", + "conditional", + "dateCompare", + "dateFormat", + "dateMath", + "decomposeDiacriticalMarks", + "e164phone", + "firstValid", + "rule", + "identityAttribute", + "indexOf", + "iso3166", + "lastIndexOf", + "leftPad", + "lookup", + "lower", + "normalizeNames", + "randomAlphaNumeric", + "randomNumeric", + "reference", + "replaceAll", + "replace", + "rightPad", + "split", + "static", + "substring", + "trim", + "upper", + "usernameGenerator", + "uuid" + ], + "example": "dateFormat", + "externalDocs": { + "description": "Transform Operations", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations" + } + }, + "attributes": { + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Decode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Encode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "concat", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of items to join together", + "example": [ + "John", + " ", + "Smith" + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "conditional", + "type": "object", + "required": [ + "expression", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "expression": { + "type": "string", + "description": "A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. \n\nThe `eq` operator is the only valid comparison", + "example": "ValueA eq ValueB" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": "false" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateCompare", + "type": "object", + "required": [ + "firstDate", + "secondDate", + "operator", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "firstDate": { + "description": "This is the first date to consider (The date that would be on the left hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "secondDate": { + "description": "This is the second date to consider (The date that would be on the right hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "operator": { + "type": "string", + "description": "This is the comparison to perform.\n| Operation | Description |\n| --------- | ------- |\n| LT | Strictly less than: firstDate < secondDate |\n| LTE | Less than or equal to: firstDate <= secondDate |\n| GT | Strictly greater than: firstDate > secondDate |\n| GTE | Greater than or equal to: firstDate >= secondDate |\n", + "enum": [ + "LT", + "LTE", + "GT", + "GTE" + ], + "example": "LT" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateMath", + "type": "object", + "required": [ + "expression" + ], + "properties": { + "expression": { + "type": "string", + "description": "A string value of the date and time components to operation on, along with the math operations to execute.\n", + "externalDocs": { + "description": "Date Math Expressions", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure" + }, + "example": "now+1w" + }, + "roundUp": { + "type": "boolean", + "description": "A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. \n\n\nIf not provided, the transform will default to `false`\n\n\n`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)\n\n\n`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)\n", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "decomposeDiacriticalMarks", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "e164phone", + "type": "object", + "properties": { + "defaultRegion": { + "type": "string", + "description": "This is an optional attribute that can be used to define the region of the phone number to format into.\n\n\nIf defaultRegion is not provided, it will take US as the default country.\n\n\nThe format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)\n", + "example": "US" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "firstValid", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of attributes to evaluate for existence.", + "example": [ + { + "attributes": { + "sourceName": "Active Directory", + "attributeName": "sAMAccountName" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "Okta", + "attributeName": "login" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "HR Source", + "attributeName": "employeeID" + }, + "type": "accountAttribute" + } + ] + }, + "ignoreErrors": { + "type": "boolean", + "description": "a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "rule", + "oneOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Generic rule that needs to be invoked by the transform", + "example": "Generic Calculation Rule" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "includeNumbers", + "includeSpecialChars", + "length" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `generateRandomString`", + "example": "generateRandomString" + }, + "includeNumbers": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include numbers", + "example": true + }, + "includeSpecialChars": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include special characters", + "example": true + }, + "length": { + "type": "string", + "description": "This specifies how long the randomly generated string needs to be\n\n\n>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "uid" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `getReferenceIdentityAttribute`", + "example": "getReferenceIdentityAttribute" + }, + "uid": { + "type": "string", + "description": "This is the SailPoint User Name (uid) value of the identity whose attribute is desired\n\nAs a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.\n", + "example": "2c91808570313110017040b06f344ec9" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + } + ] + }, + { + "title": "identityAttribute", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "The system (camel-cased) name of the identity attribute to bring in", + "example": "email" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "indexOf", + "type": "object", + "required": [ + "substring" + ], + "properties": { + "substring": { + "type": "string", + "description": "A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.", + "example": "admin_" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "iso3166", + "type": "object", + "properties": { + "format": { + "type": "string", + "description": "An optional value to denote which ISO 3166 format to return. Valid values are:\n\n\n`alpha2` - Two-character country code (e.g., \"US\"); this is the default value if no format is supplied\n\n\n`alpha3` - Three-character country code (e.g., \"USA\")\n\n\n`numeric` - The numeric country code (e.g., \"840\")\n", + "example": "alpha2" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "leftPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lookup", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched\n\n\n>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return \"Unknown Region\" for the attribute that is mapped to this transform.\n", + "example": { + "USA": "Americas", + "FRA": "EMEA", + "AUS": "APAC", + "default": "Unknown Region" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lower", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "nameNormalizer", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomAlphaNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "reference", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "This ID specifies the name of the pre-existing transform which you want to use within your current transform", + "example": "Existing Transform" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replaceAll", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.", + "example": { + "-": " ", + "\"": "'", + "ñ": "n" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replace", + "type": "object", + "required": [ + "regex", + "replacement" + ], + "properties": { + "regex": { + "type": "string", + "description": "This can be a string or a regex pattern in which you want to replace.", + "example": "[^a-zA-Z]", + "externalDocs": { + "description": "Regex Builder", + "url": "https://regex101.com/" + } + }, + "replacement": { + "type": "string", + "description": "This is the replacement string that should be substituded wherever the string or pattern is found.", + "example": " " + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "rightPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "split", + "type": "object", + "required": [ + "delimiter", + "index" + ], + "properties": { + "delimiter": { + "type": "string", + "description": "This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data", + "example": "," + }, + "index": { + "type": "string", + "description": "An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.", + "example": "5" + }, + "throws": { + "type": "boolean", + "description": "A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)\n\n\n`true` - The transform should return \"IndexOutOfBoundsException\"\n\n\n`false` - The transform should return null\n\n\nIf not provided, the transform will default to false and return a null\n", + "example": true + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "static", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "string", + "description": "This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.", + "example": "string$variable", + "externalDocs": { + "description": "Static Transform Documentation", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/static" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "substring", + "type": "object", + "required": [ + "begin" + ], + "properties": { + "begin": { + "type": "integer", + "description": "The index of the first character to include in the returned substring.\n\n\nIf `begin` is set to -1, the transform will begin at character 0 of the input data\n", + "example": 1, + "format": "int32" + }, + "beginOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the begin attribute when returning a substring. \n\nThis attribute is only used if begin is not -1.\n", + "example": 3, + "format": "int32" + }, + "end": { + "type": "integer", + "description": "The index of the first character to exclude from the returned substring.\n\nIf end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.\n", + "example": 6, + "format": "int32" + }, + "endOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the end attribute when returning a substring. \n\nThis attribute is only used if end is provided and is not -1.\n", + "example": 1, + "format": "int32" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "trim", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "upper", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "uuid", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + } + ] + }, + "internal": { + "type": "boolean", + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + }, + "example": { + "name": "Timestamp To Date", + "type": "dateFormat", + "attributes": { + "inputFormat": "MMM-dd-yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates the transform was successfully updated and returns its new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "description": "The representation of an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "description": "Unique name of this transform", + "example": "Timestamp To Date", + "minLength": 1, + "maxLength": 50 + }, + "type": { + "type": "string", + "description": "The type of transform operation", + "enum": [ + "accountAttribute", + "base64Decode", + "base64Encode", + "concat", + "conditional", + "dateCompare", + "dateFormat", + "dateMath", + "decomposeDiacriticalMarks", + "e164phone", + "firstValid", + "rule", + "identityAttribute", + "indexOf", + "iso3166", + "lastIndexOf", + "leftPad", + "lookup", + "lower", + "normalizeNames", + "randomAlphaNumeric", + "randomNumeric", + "reference", + "replaceAll", + "replace", + "rightPad", + "split", + "static", + "substring", + "trim", + "upper", + "usernameGenerator", + "uuid" + ], + "example": "dateFormat", + "externalDocs": { + "description": "Transform Operations", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations" + } + }, + "attributes": { + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Decode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Encode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "concat", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of items to join together", + "example": [ + "John", + " ", + "Smith" + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "conditional", + "type": "object", + "required": [ + "expression", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "expression": { + "type": "string", + "description": "A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. \n\nThe `eq` operator is the only valid comparison", + "example": "ValueA eq ValueB" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": "false" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateCompare", + "type": "object", + "required": [ + "firstDate", + "secondDate", + "operator", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "firstDate": { + "description": "This is the first date to consider (The date that would be on the left hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "secondDate": { + "description": "This is the second date to consider (The date that would be on the right hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "operator": { + "type": "string", + "description": "This is the comparison to perform.\n| Operation | Description |\n| --------- | ------- |\n| LT | Strictly less than: firstDate < secondDate |\n| LTE | Less than or equal to: firstDate <= secondDate |\n| GT | Strictly greater than: firstDate > secondDate |\n| GTE | Greater than or equal to: firstDate >= secondDate |\n", + "enum": [ + "LT", + "LTE", + "GT", + "GTE" + ], + "example": "LT" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateMath", + "type": "object", + "required": [ + "expression" + ], + "properties": { + "expression": { + "type": "string", + "description": "A string value of the date and time components to operation on, along with the math operations to execute.\n", + "externalDocs": { + "description": "Date Math Expressions", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure" + }, + "example": "now+1w" + }, + "roundUp": { + "type": "boolean", + "description": "A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. \n\n\nIf not provided, the transform will default to `false`\n\n\n`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)\n\n\n`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)\n", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "decomposeDiacriticalMarks", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "e164phone", + "type": "object", + "properties": { + "defaultRegion": { + "type": "string", + "description": "This is an optional attribute that can be used to define the region of the phone number to format into.\n\n\nIf defaultRegion is not provided, it will take US as the default country.\n\n\nThe format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)\n", + "example": "US" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "firstValid", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of attributes to evaluate for existence.", + "example": [ + { + "attributes": { + "sourceName": "Active Directory", + "attributeName": "sAMAccountName" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "Okta", + "attributeName": "login" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "HR Source", + "attributeName": "employeeID" + }, + "type": "accountAttribute" + } + ] + }, + "ignoreErrors": { + "type": "boolean", + "description": "a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "rule", + "oneOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Generic rule that needs to be invoked by the transform", + "example": "Generic Calculation Rule" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "includeNumbers", + "includeSpecialChars", + "length" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `generateRandomString`", + "example": "generateRandomString" + }, + "includeNumbers": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include numbers", + "example": true + }, + "includeSpecialChars": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include special characters", + "example": true + }, + "length": { + "type": "string", + "description": "This specifies how long the randomly generated string needs to be\n\n\n>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "uid" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `getReferenceIdentityAttribute`", + "example": "getReferenceIdentityAttribute" + }, + "uid": { + "type": "string", + "description": "This is the SailPoint User Name (uid) value of the identity whose attribute is desired\n\nAs a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.\n", + "example": "2c91808570313110017040b06f344ec9" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + } + ] + }, + { + "title": "identityAttribute", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "The system (camel-cased) name of the identity attribute to bring in", + "example": "email" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "indexOf", + "type": "object", + "required": [ + "substring" + ], + "properties": { + "substring": { + "type": "string", + "description": "A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.", + "example": "admin_" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "iso3166", + "type": "object", + "properties": { + "format": { + "type": "string", + "description": "An optional value to denote which ISO 3166 format to return. Valid values are:\n\n\n`alpha2` - Two-character country code (e.g., \"US\"); this is the default value if no format is supplied\n\n\n`alpha3` - Three-character country code (e.g., \"USA\")\n\n\n`numeric` - The numeric country code (e.g., \"840\")\n", + "example": "alpha2" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "leftPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lookup", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched\n\n\n>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return \"Unknown Region\" for the attribute that is mapped to this transform.\n", + "example": { + "USA": "Americas", + "FRA": "EMEA", + "AUS": "APAC", + "default": "Unknown Region" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lower", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "nameNormalizer", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomAlphaNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "reference", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "This ID specifies the name of the pre-existing transform which you want to use within your current transform", + "example": "Existing Transform" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replaceAll", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.", + "example": { + "-": " ", + "\"": "'", + "ñ": "n" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replace", + "type": "object", + "required": [ + "regex", + "replacement" + ], + "properties": { + "regex": { + "type": "string", + "description": "This can be a string or a regex pattern in which you want to replace.", + "example": "[^a-zA-Z]", + "externalDocs": { + "description": "Regex Builder", + "url": "https://regex101.com/" + } + }, + "replacement": { + "type": "string", + "description": "This is the replacement string that should be substituded wherever the string or pattern is found.", + "example": " " + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "rightPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "split", + "type": "object", + "required": [ + "delimiter", + "index" + ], + "properties": { + "delimiter": { + "type": "string", + "description": "This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data", + "example": "," + }, + "index": { + "type": "string", + "description": "An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.", + "example": "5" + }, + "throws": { + "type": "boolean", + "description": "A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)\n\n\n`true` - The transform should return \"IndexOutOfBoundsException\"\n\n\n`false` - The transform should return null\n\n\nIf not provided, the transform will default to false and return a null\n", + "example": true + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "static", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "string", + "description": "This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.", + "example": "string$variable", + "externalDocs": { + "description": "Static Transform Documentation", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/static" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "substring", + "type": "object", + "required": [ + "begin" + ], + "properties": { + "begin": { + "type": "integer", + "description": "The index of the first character to include in the returned substring.\n\n\nIf `begin` is set to -1, the transform will begin at character 0 of the input data\n", + "example": 1, + "format": "int32" + }, + "beginOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the begin attribute when returning a substring. \n\nThis attribute is only used if begin is not -1.\n", + "example": 3, + "format": "int32" + }, + "end": { + "type": "integer", + "description": "The index of the first character to exclude from the returned substring.\n\nIf end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.\n", + "example": 6, + "format": "int32" + }, + "endOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the end attribute when returning a substring. \n\nThis attribute is only used if end is provided and is not -1.\n", + "example": 1, + "format": "int32" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "trim", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "upper", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "uuid", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + } + ] + }, + "internal": { + "type": "boolean", + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + }, + "example": { + "id": "2cd78adghjkja34jh2b1hkjhasuecd", + "name": "Timestamp To Date", + "type": "dateFormat", + "attributes": { + "inputFormat": "MMM-dd-yyyy, HH:mm:ss.SSS", + "outputFormat": "yyyy/dd/MM" + }, + "internal": false + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:manage" + ] + } + ] + }, + "delete": { + "tags": [ + "Transforms" + ], + "summary": "Delete a transform", + "description": "Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform.\nA token with transform delete authority is required to call this API.", + "operationId": "deleteTransform", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of the transform to delete", + "required": true, + "style": "simple", + "explode": false, + "schema": { + "type": "string" + }, + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + } + ], + "responses": { + "204": { + "description": "No content - indicates the request was successful but there is no content to be returned in the response." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [ + "idn:transform:manage" + ] + } + ] + } + }, + "/work-items": { + "get": { + "operationId": "listWorkItems", + "tags": [ + "Work Items" + ], + "summary": "List Work Items", + "description": "This gets a collection of work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false, + "example": "1211bcaa32112bcef6122adb21cef1ac" + } + ], + "responses": { + "200": { + "description": "List of work items", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/completed": { + "get": { + "operationId": "getCompletedWorkItems", + "tags": [ + "Work Items" + ], + "summary": "Completed Work Items", + "description": "This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "required": false, + "example": "1211bcaa32112bcef6122adb21cef1ac" + }, + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "List of completed work items.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/count": { + "get": { + "operationId": "getCountWorkItems", + "tags": [ + "Work Items" + ], + "summary": "Count Work Items", + "description": "This gets a count of work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false, + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "List of work items", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "count": { + "type": "integer", + "description": "The count of work items", + "example": 29 + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/completed/count": { + "get": { + "operationId": "getCountCompletedWorkItems", + "tags": [ + "Work Items" + ], + "summary": "Count Completed Work Items", + "description": "This gets a count of completed work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false, + "example": "1211bcaa32112bcef6122adb21cef1ac" + } + ], + "responses": { + "200": { + "description": "List of work items", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "count": { + "type": "integer", + "description": "The count of work items", + "example": 29 + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/summary": { + "get": { + "operationId": "getWorkItemsSummary", + "tags": [ + "Work Items" + ], + "summary": "Work Items Summary", + "description": "This gets a summary of work items belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "query", + "name": "ownerId", + "schema": { + "type": "string" + }, + "description": "ID of the work item owner.", + "required": false, + "example": "1211bcaa32112bcef6122adb21cef1ac" + } + ], + "responses": { + "200": { + "description": "List of work items", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "open": { + "type": "integer", + "description": "The count of open work items", + "example": 29 + }, + "completed": { + "type": "integer", + "description": "The count of completed work items", + "example": 1 + }, + "total": { + "type": "integer", + "description": "The count of total work items", + "example": 30 + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}": { + "get": { + "operationId": "getWorkItem", + "tags": [ + "Work Items" + ], + "summary": "Get a Work Item", + "description": "This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "ID of the work item.", + "example": "2c9180835d191a86015d28455b4a2329" + } + ], + "responses": { + "200": { + "description": "The work item with the given ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "post": { + "operationId": "completeWorkItem", + "tags": [ + "Work Items" + ], + "summary": "Complete a Work Item", + "description": "This API completes a work item. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "A WorkItems object", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}/approve/{approvalItemId}": { + "post": { + "operationId": "approveApprovalItem", + "tags": [ + "Work Items" + ], + "summary": "Approve an Approval Item", + "description": "This API approves an Approval Item. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "approvalItemId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the approval item.", + "example": "1211bcaa32112bcef6122adb21cef1ac" + } + ], + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}/reject/{approvalItemId}": { + "post": { + "operationId": "rejectApprovalItem", + "tags": [ + "Work Items" + ], + "summary": "Reject an Approval Item", + "description": "This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "in": "path", + "name": "approvalItemId", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the approval item.", + "example": "1211bcaa32112bcef6122adb21cef1ac" + } + ], + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/bulk-approve/{id}": { + "post": { + "operationId": "approveApprovalItemsInBulk", + "tags": [ + "Work Items" + ], + "summary": "Bulk approve Approval Items", + "description": "This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/bulk-reject/{id}": { + "post": { + "operationId": "rejectApprovalItemsInBulk", + "tags": [ + "Work Items" + ], + "summary": "Bulk reject Approval Items", + "description": "This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/work-items/{id}/submit-account-selection": { + "post": { + "operationId": "submitAccountSelection", + "tags": [ + "Work Items" + ], + "summary": "Submit Account Selections", + "description": "This API submits account selections. Either an admin, or the owning/current user must make this request.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the work item", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": true + }, + "example": { + "fieldName": "fieldValue" + } + } + }, + "description": "Account Selection Data map, keyed on fieldName" + }, + "responses": { + "200": { + "description": "A work items details object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + } + }, + "security": [ + { + "oauth2": [] + } + ], + "components": { + "securitySchemes": { + "oauth2": { + "type": "oauth2", + "description": "OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information.\n- Directions for generating a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens)\n- Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow)\n- Directions for using [authorization code flow](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow)\n\nWhich authentication method should I choose? See our [guide](https://developer.sailpoint.com/idn/api/authentication#which-oauth-20-grant-flow-should-i-use)\n\nLearn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/idn/api/authentication#find-your-tenants-oauth-details)\n", + "flows": { + "clientCredentials": { + "tokenUrl": "https://tenant.api.identitynow.com/oauth/token", + "scopes": { + "sp:scopes:default": "default scope", + "sp:scopes:all": "access to all scopes" + } + }, + "authorizationCode": { + "authorizationUrl": "https://tenant.identitynow.com/oauth/authorize", + "tokenUrl": "https://tenant.api.identitynow.com/oauth/token", + "scopes": { + "sp:scopes:default": "default scope", + "sp:scopes:all": "access to all scopes" + } + } + } + } + }, + "schemas": { + "AccessRequest": { + "type": "object", + "properties": { + "requestedFor": { + "description": "A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID.", + "type": "array", + "items": { + "type": "string", + "example": "2c918084660f45d6016617daa9210584" + } + }, + "requestType": { + "type": "string", + "enum": [ + "GRANT_ACCESS", + "REVOKE_ACCESS" + ], + "description": "Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.", + "example": "GRANT_ACCESS" + }, + "requestedItems": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of the item being requested.", + "example": "ACCESS_PROFILE" + }, + "id": { + "type": "string", + "description": "ID of Role, Access Profile or Entitlement being requested.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "comment": { + "type": "string", + "description": "Comment provided by requester.\n* Comment is required when the request is of type Revoke Access.\n", + "example": "Requesting access profile for John Doe" + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string", + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + } + }, + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status." + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.\n* Specify a date in the future.\n* The current SLA for the deprovisioning is 24 hours.\n* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity.\n* Currently it is not supported for entitlements.\n* If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements.\n", + "format": "date-time", + "example": "2020-07-11T21:23:15.000Z" + } + }, + "required": [ + "id", + "type" + ] + } + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string", + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + } + }, + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities." + } + }, + "required": [ + "requestedFor", + "requestedItems" + ] + }, + "AccessRequestItem": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "The type of the item being requested.", + "example": "ACCESS_PROFILE" + }, + "id": { + "type": "string", + "description": "ID of Role, Access Profile or Entitlement being requested.", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "comment": { + "type": "string", + "description": "Comment provided by requester.\n* Comment is required when the request is of type Revoke Access.\n", + "example": "Requesting access profile for John Doe" + }, + "clientMetadata": { + "type": "object", + "additionalProperties": { + "type": "string", + "example": { + "requestedAppId": "2c91808f7892918f0178b78da4a305a1", + "requestedAppName": "test-app" + } + }, + "example": { + "requestedAppName": "test-app", + "requestedAppId": "2c91808f7892918f0178b78da4a305a1" + }, + "description": "Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status." + }, + "removeDate": { + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.\n* Specify a date in the future.\n* The current SLA for the deprovisioning is 24 hours.\n* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity.\n* Currently it is not supported for entitlements.\n* If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements.\n", + "format": "date-time", + "example": "2020-07-11T21:23:15.000Z" + } + }, + "required": [ + "id", + "type" + ] + }, + "AccessProfileDocument": { + "description": "This is more of a complete representation of an access profile. ", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "entitlements": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "example": 5 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + "AccessProfileSummary": { + "description": "This is a summary representation of an access profile.", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "revocable": { + "type": "boolean", + "example": true + } + } + } + ] + }, + "AccessReviewReassignment": { + "type": "object", + "properties": { + "reassign": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of item or identity being reassigned.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "type": { + "type": "string", + "description": "The type of item or identity being reassigned.", + "enum": [ + "TARGET_SUMMARY", + "ITEM", + "IDENTITY_SUMMARY" + ], + "example": "ITEM" + } + }, + "required": [ + "id", + "type" + ] + } + }, + "reassignTo": { + "type": "string", + "description": "The ID of the identity to which the certification is reassigned", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "reason": { + "type": "string", + "description": "The reason comment for why the reassign was made", + "example": "reassigned for some reason" + } + }, + "required": [ + "reassign", + "reassignTo", + "reason" + ] + }, + "Account": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "sourceId", + "sourceName", + "attributes", + "authoritative", + "disabled", + "locked", + "nativeIdentity", + "systemAccount", + "uncorrelated", + "manuallyCorrelated", + "hasEntitlements" + ], + "properties": { + "sourceId": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The unique ID of the source this account belongs to" + }, + "sourceName": { + "type": "string", + "example": "Employees", + "description": "The display name of the source this account belongs to" + }, + "identityId": { + "type": "string", + "example": "2c9180835d2e5168015d32f890ca1581", + "description": "The unique ID of the identity this account is correlated to" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "description": "The account attributes that are aggregated", + "example": { + "firstName": "SailPoint", + "lastName": "Support", + "displayName": "SailPoint Support" + } + }, + "authoritative": { + "type": "boolean", + "description": "Indicates if this account is from an authoritative source", + "example": false + }, + "description": { + "type": "string", + "description": "A description of the account", + "nullable": true, + "example": null + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is currently disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is currently locked", + "example": false + }, + "nativeIdentity": { + "type": "string", + "description": "The unique ID of the account generated by the source system", + "example": "552775" + }, + "systemAccount": { + "type": "boolean", + "example": false, + "description": "If true, this is a user account within IdentityNow. If false, this is an account from a source system." + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if this account is not correlated to an identity", + "example": false + }, + "uuid": { + "type": "string", + "description": "The unique ID of the account as determined by the account schema", + "example": "slpt.support", + "nullable": true + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "hasEntitlements": { + "type": "boolean", + "description": "Indicates if the account has entitlements", + "example": true + } + } + } + ] + }, + "AccountActivity": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the account activity", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "The name of the activity", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "created": { + "description": "When the activity was first created", + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z" + }, + "modified": { + "description": "When the activity was last modified", + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "nullable": true + }, + "completed": { + "description": "When the activity was completed", + "type": "string", + "format": "date-time", + "nullable": true, + "example": "2018-10-19T13:49:37.385Z" + }, + "completionStatus": { + "nullable": true, + "type": "string", + "description": "The status after completion.", + "enum": [ + "SUCCESS", + "FAILURE", + "INCOMPLETE", + "PENDING" + ], + "example": "SUCCESS" + }, + "type": { + "nullable": true, + "type": "string", + "example": "appRequest", + "description": "The type of action the activity performed. Please see the following list of types. This list may grow over time.\n\n- CloudAutomated\n- IdentityAttributeUpdate\n- appRequest\n- LifecycleStateChange\n- AccountStateUpdate\n- AccountAttributeUpdate\n- CloudPasswordRequest\n- Attribute Synchronization Refresh\n- Certification\n- Identity Refresh\n- Lifecycle Change Refresh\n\n\n[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).\n" + }, + "requesterIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "targetIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "errors": { + "nullable": true, + "description": "A list of error messages, if any, that were encountered.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds." + ] + }, + "warnings": { + "nullable": true, + "description": "A list of warning messages, if any, that were encountered.", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "Some warning, another warning" + ] + }, + "items": { + "type": "array", + "description": "Individual actions performed as part of this account activity", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Item id", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of item", + "example": "48c545831b264409a81befcabb0e3c5a" + }, + "requested": { + "type": "string", + "format": "date-time", + "description": "Date and time item was requested", + "example": "2017-07-11T18:45:37.098Z" + }, + "approvalStatus": { + "nullable": true, + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "provisioningStatus": { + "type": "string", + "enum": [ + "PENDING", + "FINISHED", + "UNVERIFIABLE", + "COMMITED", + "FAILED", + "RETRY" + ], + "description": "Provisioning state of an account activity item", + "example": "PENDING" + }, + "requesterComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "reviewerIdentitySummary": { + "type": "object", + "nullable": true, + "properties": { + "id": { + "type": "string", + "description": "ID of this identity summary", + "example": "ff80818155fe8c080155fe8d925b0316" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity", + "example": "SailPoint Services" + }, + "identityId": { + "type": "string", + "description": "ID of the identity that this summary represents", + "example": "c15b9f5cca5a4e9599eaa0e64fa921bd" + }, + "completed": { + "type": "boolean", + "description": "Indicates if all access items for this summary have been decided on", + "example": true + } + } + }, + "reviewerComment": { + "type": "object", + "nullable": true, + "properties": { + "commenterId": { + "type": "string", + "description": "Id of the identity making the comment", + "example": "2c918084660f45d6016617daa9210584" + }, + "commenterName": { + "type": "string", + "description": "Human-readable display name of the identity making the comment", + "example": "Adam Kennedy" + }, + "body": { + "type": "string", + "description": "Content of the comment", + "example": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat." + }, + "date": { + "type": "string", + "format": "date-time", + "description": "Date and time comment was made", + "example": "2017-07-11T18:45:37.098Z" + } + } + }, + "operation": { + "nullable": true, + "type": "string", + "enum": [ + "ADD", + "CREATE", + "MODIFY", + "DELETE", + "DISABLE", + "ENABLE", + "UNLOCK", + "LOCK", + "REMOVE" + ], + "description": "Represents an operation in an account activity item", + "example": "ADD" + }, + "attribute": { + "type": "string", + "description": "Attribute to which account activity applies", + "nullable": true, + "example": "detectedRoles" + }, + "value": { + "type": "string", + "description": "Value of attribute", + "nullable": true, + "example": "Treasury Analyst [AccessProfile-1529010191212]" + }, + "nativeIdentity": { + "nullable": true, + "type": "string", + "description": "Native identity in the target system to which the account activity applies", + "example": "Sandie.Camero" + }, + "sourceId": { + "type": "string", + "description": "Id of Source to which account activity applies", + "example": "2c91808363ef85290164000587130c0c" + }, + "accountRequestInfo": { + "type": "object", + "nullable": true, + "properties": { + "requestedObjectId": { + "type": "string", + "description": "Id of requested object", + "example": "2c91808563ef85690164001c31140c0c" + }, + "requestedObjectName": { + "type": "string", + "description": "Human-readable name of requested object", + "example": "Treasury Analyst" + }, + "requestedObjectType": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + } + }, + "description": "If an account activity item is associated with an access request, captures details of that request." + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request item", + "example": { + "customKey1": "custom value 1", + "customKey2": "custom value 2" + } + }, + "removeDate": { + "nullable": true, + "type": "string", + "description": "The date the role or access profile is no longer assigned to the specified identity.", + "format": "date-time", + "example": "2020-07-11T00:00:00Z" + } + } + } + }, + "executionStatus": { + "type": "string", + "description": "The current state of execution.", + "enum": [ + "EXECUTING", + "VERIFYING", + "TERMINATED", + "COMPLETED" + ], + "example": "COMPLETED" + }, + "clientMetadata": { + "nullable": true, + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arbitrary key-value pairs, if any were included in the corresponding access request", + "example": { + "customKey1": "custom value 1", + "customKey2": "custom value 2" + } + } + } + }, + "AccountActivitySearchedItem": { + "description": "AccountActivity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "action": { + "type": "string", + "description": "The type of action that this activity performed", + "externalDocs": { + "description": "Learn more about account activity action types", + "url": "https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data" + }, + "example": "Identity Refresh." + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "description": "The current stage of the activity", + "example": "Completed" + }, + "origin": { + "type": "string", + "nullable": true, + "example": null + }, + "status": { + "type": "string", + "description": "the current status of the activity", + "example": "Complete" + }, + "requester": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "recipient": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "trackingNumber": { + "type": "string", + "example": "61aad0c9e8134eca89e76a35e0cabe3f" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "warnings": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "approvals": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "The comment text", + "example": "This request was autoapproved by our automated ETS subscriber." + }, + "commenter": { + "type": "string", + "description": "The name of the commenter", + "example": "Automated AR Approval" + }, + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "string", + "description": "The result of the approval", + "example": "Finished" + }, + "type": { + "type": "string", + "nullable": true, + "example": null + } + } + } + }, + "originalRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "the account id", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "description": "the operation that was used", + "example": "add" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "expansionItems": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "2c91808981f58ea601821c3e93482e6f" + }, + "cause": { + "type": "string", + "example": "Role" + }, + "name": { + "type": "string", + "description": "The name of the item", + "example": "smartsheet-role" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "accountRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Unique ID of the account", + "example": "John.Doe" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "example": "Modify", + "description": "The operation that was performed" + }, + "provisioningTarget": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "object", + "properties": { + "errors": { + "type": "array", + "items": { + "type": "string", + "example": "[ConnectorError] [\n {\n \"code\": \"unrecognized_keys\",\n \"keys\": [\n \"groups\"\n ],\n \"path\": [],\n \"message\": \"Unrecognized key(s) in object: 'groups'\"\n }\n] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)" + } + }, + "status": { + "type": "string", + "description": "The status of the account request", + "example": "failed" + }, + "ticketId": { + "type": "string", + "nullable": true, + "example": null + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "sources": { + "type": "string", + "example": "smartsheet-test, airtable-v4, IdentityNow" + } + } + } + ] + }, + "AccountAttributes": { + "type": "object", + "required": [ + "attributes" + ], + "properties": { + "attributes": { + "description": "The schema attribute values for the account", + "type": "object", + "additionalProperties": true, + "example": { + "city": "Austin", + "displayName": "John Doe", + "userName": "jdoe", + "sAMAccountName": "jDoe", + "mail": "john.doe@sailpoint.com" + } + } + } + }, + "AccountDocument": { + "description": "Account", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "firstName": "John", + "lastName": "Doe", + "displayName": "John.Doe" + } + }, + "identity": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "access": { + "type": "array", + "items": { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the account", + "format": "int32", + "example": 2 + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if the account is not correlated to an identity", + "example": false + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + "AccountsAsyncResult": { + "description": "Accounts async response containing details on started async process", + "required": [ + "id" + ], + "type": "object", + "properties": { + "id": { + "description": "id of the task", + "type": "string", + "example": "2c91808474683da6017468693c260195" + } + } + }, + "AccountToggleRequest": { + "description": "Request used for account enable/disable", + "type": "object", + "properties": { + "externalVerificationId": { + "description": "If set, an external process validates that the user wants to proceed with this request.", + "type": "string", + "example": "3f9180835d2e5168015d32f890ca1581" + }, + "forceProvisioning": { + "description": "If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing 'true' for an unlocked account will add and process 'Unlock' operation by the workflow.", + "type": "boolean", + "example": false + } + } + }, + "AccountUnlockRequest": { + "description": "Request used for account unlock", + "type": "object", + "properties": { + "externalVerificationId": { + "description": "If set, an external process validates that the user wants to proceed with this request.", + "type": "string", + "example": "3f9180835d2e5168015d32f890ca1581" + }, + "unlockIDNAccount": { + "description": "If set, the IDN account is unlocked after the workflow completes.", + "type": "boolean", + "example": false + }, + "forceProvisioning": { + "description": "If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.", + "type": "boolean", + "example": false + } + } + }, + "Aggregation": { + "description": "Aggregation", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "example": "Success" + }, + "duration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "avgDuration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "changedAccounts": { + "type": "integer", + "format": "int32", + "example": 1 + }, + "nextScheduled": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "startTime": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "sourceOwner": { + "type": "string", + "description": "John Doe" + } + } + } + ] + }, + "ApprovalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "Campaign": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "Certification": { + "type": "object", + "properties": { + "id": { + "example": "2c9180835d2e5168015d32f890ca1581", + "type": "string", + "description": "id of the certification" + }, + "name": { + "example": "Source Owner Access Review for Employees [source]", + "type": "string", + "description": "name of the certification" + }, + "campaign": { + "type": "object", + "required": [ + "id", + "name", + "type", + "campaignType", + "description" + ], + "properties": { + "id": { + "type": "string", + "description": "The unique ID of the campaign.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the campaign.", + "example": "Campaign Name" + }, + "type": { + "type": "string", + "enum": [ + "CAMPAIGN" + ], + "description": "The type of object that is being referenced.", + "example": "CAMPAIGN" + }, + "campaignType": { + "type": "string", + "enum": [ + "MANAGER", + "SOURCE_OWNER", + "SEARCH" + ], + "description": "The type of the campaign.", + "example": "MANAGER" + }, + "description": { + "type": "string", + "description": "The description of the campaign set by the admin who created it.", + "nullable": true, + "example": "A description of the campaign" + } + } + }, + "completed": { + "type": "boolean", + "description": "Have all decisions been made?", + "example": true + }, + "identitiesCompleted": { + "type": "integer", + "description": "The number of identities for whom all decisions have been made and are complete.", + "example": 5, + "format": "int32" + }, + "identitiesTotal": { + "type": "integer", + "description": "The total number of identities in the Certification, both complete and incomplete.", + "example": 10, + "format": "int32" + }, + "created": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "created date" + }, + "modified": { + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "modified date" + }, + "decisionsMade": { + "type": "integer", + "description": "The number of approve/revoke/acknowledge decisions that have been made.", + "example": 20, + "format": "int32" + }, + "decisionsTotal": { + "type": "integer", + "description": "The total number of approve/revoke/acknowledge decisions.", + "example": 40, + "format": "int32" + }, + "due": { + "type": "string", + "format": "date-time", + "description": "The due date of the certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "signed": { + "type": "string", + "format": "date-time", + "nullable": true, + "description": "The date the reviewer signed off on the Certification.", + "example": "2018-10-19T13:49:37.385Z" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + }, + "reassignment": { + "type": "object", + "nullable": true, + "properties": { + "from": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the certification.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Certification Name" + }, + "type": { + "type": "string", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + } + } + }, + "comment": { + "type": "string", + "description": "The comment entered when the Certification was reassigned", + "example": "Reassigned for a reason" + } + } + }, + "hasErrors": { + "description": "Identifies if the certification has an error", + "type": "boolean", + "example": false + }, + "errorMessage": { + "description": "Description of the certification error", + "nullable": true, + "type": "string", + "example": "The certification has an error" + }, + "phase": { + "type": "string", + "description": "The current phase of the campaign.\n* `STAGED`: The campaign is waiting to be activated.\n* `ACTIVE`: The campaign is active.\n* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.\n", + "enum": [ + "STAGED", + "ACTIVE", + "SIGNED" + ], + "example": "ACTIVE" + } + } + }, + "CertificationReference": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the certification.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Certification Name" + }, + "type": { + "type": "string", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + } + } + }, + "EntitlementDocument": { + "description": "Entitlement", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "displayName": { + "type": "string", + "description": "The display name of the entitlement", + "example": "Admin" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 3 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + "EntitlementSummary": { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + }, + "Event": { + "description": "Event", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "action": { + "type": "string", + "description": "The action that was performed", + "example": "update" + }, + "type": { + "type": "string", + "description": "The type of event", + "example": "SYSTEM_CONFIG" + }, + "actor": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "target": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "stack": { + "type": "string", + "example": "tpe" + }, + "trackingNumber": { + "type": "string", + "example": "63f891e0735f4cc8bf1968144a1e7440" + }, + "ipAddress": { + "type": "string", + "example": "52.52.97.85" + }, + "details": { + "type": "string", + "example": "73b65dfbed1842548c207432a18c84b0" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "example": { + "pod": "stg03-useast1", + "org": "acme", + "sourceName": "SailPoint" + } + }, + "objects": { + "type": "array", + "items": { + "type": "string", + "example": "AUTHENTICATION" + } + }, + "operation": { + "type": "string", + "example": "REQUEST" + }, + "status": { + "type": "string", + "example": "PASSED" + }, + "technicalName": { + "type": "string", + "example": "AUTHENTICATION_REQUEST_PASSED" + } + } + } + ] + }, + "IdentityDocument": { + "description": "Identity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "firstName": { + "type": "string", + "description": "The first name of the identity", + "example": "Carol" + }, + "lastName": { + "type": "string", + "description": "The last name of the identity", + "example": "Adams" + }, + "displayName": { + "type": "string", + "example": "Carol.Adams", + "description": "The display name of the identity" + }, + "email": { + "type": "string", + "description": "The identity's primary email address", + "example": "Carol.Adams@sailpointdemo.com" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "phone": { + "type": "string", + "description": "The phone number of the identity", + "example": "+1 440-527-3672" + }, + "inactive": { + "type": "boolean", + "description": "Indicates if the identity is inactive", + "example": false + }, + "protected": { + "type": "boolean", + "example": false + }, + "status": { + "type": "string", + "description": "The identity's status in SailPoint", + "example": "UNREGISTERED" + }, + "employeeNumber": { + "type": "string", + "example": "1a2a3d4e" + }, + "manager": { + "nullable": true, + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "isManager": { + "type": "boolean", + "description": "Indicates if this identity is a manager of other identities", + "example": false + }, + "identityProfile": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "country": "US", + "firstname": "Carol", + "cloudStatus": "UNREGISTERED" + } + }, + "processingState": { + "type": "string", + "nullable": true, + "example": null + }, + "processingDetails": { + "nullable": true, + "type": "object", + "properties": { + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "example": "In Process" + }, + "retryCount": { + "type": "integer", + "example": 0, + "format": "int32" + }, + "stackTrace": { + "type": "string", + "example": "" + }, + "message": { + "type": "string", + "example": "" + } + } + }, + "accounts": { + "type": "array", + "description": "List of accounts associated with the identity", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + } + }, + "accountCount": { + "type": "integer", + "description": "Number of accounts associated with the identity", + "format": "int32", + "example": 3 + }, + "apps": { + "type": "array", + "description": "The list of applications the identity has access to", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "account": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The SailPoint generated unique ID", + "example": "2c9180837dfe6949017e21f3d8cd6d49" + }, + "accountId": { + "type": "string", + "description": "The account ID generated by the source", + "example": "CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + } + } + } + } + } + ] + } + }, + "appCount": { + "type": "integer", + "format": "int32", + "description": "The number of applications the identity has access to", + "example": 2 + }, + "access": { + "type": "array", + "description": "The list of access items assigned to the identity", + "items": { + "discriminator": { + "propertyName": "type", + "mapping": { + "ACCESS_PROFILE": "../access/AccessProfileSummary.yaml", + "ENTITLEMENT": "../access/AccessProfileEntitlement.yaml", + "ROLE": "../access/AccessProfileRole.yaml" + } + }, + "oneOf": [ + { + "description": "This is a summary representation of an access profile.", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "revocable": { + "type": "boolean", + "example": true + } + } + } + ] + }, + { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "disabled": { + "type": "boolean" + }, + "revocable": { + "type": "boolean" + } + } + } + ] + } + ] + } + }, + "accessCount": { + "type": "integer", + "format": "int32", + "description": "The number of access items assigned to the identity", + "example": 5 + }, + "accessProfileCount": { + "type": "integer", + "description": "The number of access profiles assigned to the identity", + "example": 1 + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the identity", + "example": 10 + }, + "roleCount": { + "type": "integer", + "description": "The number of roles assigned to the identity", + "example": 1 + }, + "owns": { + "type": "object", + "properties": { + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "entitlements": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "roles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "apps": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "governanceGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "fallbackApprover": { + "type": "boolean", + "example": false + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + "IdentityProfile": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "required": [ + "authoritativeSource" + ], + "properties": { + "description": { + "type": "string", + "description": "The description of the Identity Profile.", + "example": "My custom flat file profile", + "nullable": true + }, + "owner": { + "type": "object", + "description": "The owner of the Identity Profile.", + "nullable": true, + "properties": { + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "Type of the object to which this reference applies", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "priority": { + "type": "integer", + "format": "int64", + "description": "The priority for an Identity Profile.", + "example": 10 + }, + "authoritativeSource": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "SOURCE" + ], + "description": "Type of the object to which this reference applies", + "example": "SOURCE" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c9180835d191a86015d28455b4b232a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "HR Active Directory" + } + } + }, + "identityRefreshRequired": { + "type": "boolean", + "default": false, + "description": "True if a identity refresh is needed. Typically triggered when a change on the source has been made.", + "example": true + }, + "identityCount": { + "type": "integer", + "description": "The number of identities that belong to the Identity Profile.", + "format": "int32", + "example": 8 + }, + "identityAttributeConfig": { + "type": "object", + "description": "Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.", + "properties": { + "enabled": { + "description": "The backend will only promote values if the profile/mapping is enabled.", + "type": "boolean", + "default": false, + "example": true + }, + "attributeTransforms": { + "type": "array", + "items": { + "type": "object", + "description": "Defines a transformation definition for an identity attribute.", + "properties": { + "identityAttributeName": { + "type": "string", + "description": "Name of the identity attribute.", + "example": "email" + }, + "transformDefinition": { + "description": "The seaspray transformation definition.", + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of the transform definition.", + "example": "accountAttribute" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "description": "Arbitrary key-value pairs to store any metadata for the object", + "example": { + "attributeName": "e-mail", + "sourceName": "MySource", + "sourceId": "2c9180877a826e68017a8c0b03da1a53" + } + } + } + } + } + } + } + } + }, + "identityExceptionReportReference": { + "type": "object", + "nullable": true, + "properties": { + "taskResultId": { + "type": "string", + "format": "uuid", + "description": "The id of the task result.", + "example": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + "reportName": { + "type": "string", + "example": "My annual report", + "description": "The name of the report." + } + } + }, + "hasTimeBasedAttr": { + "description": "Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.", + "type": "boolean", + "default": false, + "example": true + } + } + } + ] + }, + "IdentityReferenceWithNameAndEmail": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "ProvisioningConfig": { + "type": "object", + "description": "Specification of a Service Desk integration provisioning configuration.", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "ProvisioningPolicy": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "the provisioning policy name", + "example": "example provisioning policy for inactive identities" + }, + "description": { + "type": "string", + "description": "the description of the provisioning policy", + "example": "this provisioning policy creates access based on an identity going inactive" + }, + "usageType": { + "type": "string", + "nullable": false, + "enum": [ + "CREATE", + "UPDATE", + "DELETE", + "ASSIGN", + "UNASSIGN", + "CREATE_GROUP", + "UPDATE_GROUP", + "DELETE_GROUP", + "REGISTER", + "CREATE_IDENTITY", + "UPDATE_IDENTITY", + "EDIT_GROUP", + "ENABLE", + "DISABLE", + "UNLOCK", + "CHANGE_PASSWORD" + ], + "example": "CREATE", + "description": "The type of ProvisioningPolicy usage." + }, + "fields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.", + "example": "userName" + }, + "transform": { + "type": "object", + "description": "The transform to apply to the field", + "example": { + "type": "rule", + "attributes": { + "name": "Create Unique LDAP Attribute" + } + }, + "default": {} + }, + "attributes": { + "type": "object", + "description": "Attributes required for the transform", + "example": { + "template": "${firstname}.${lastname}${uniqueCounter}", + "cloudMaxUniqueChecks": "50", + "cloudMaxSize": "20", + "cloudRequired": "true" + } + }, + "isRequired": { + "type": "boolean", + "readOnly": true, + "description": "Flag indicating whether or not the attribute is required.", + "default": false, + "example": false + }, + "type": { + "type": "string", + "description": "The type of the attribute.", + "example": "string" + }, + "isMultiValued": { + "type": "boolean", + "description": "Flag indicating whether or not the attribute is multi-valued.", + "default": false, + "example": false + } + } + } + } + } + }, + "QueuedCheckConfigDetails": { + "description": "Configuration of maximum number days and interval for checking Service Desk integration queue status", + "required": [ + "provisioningStatusCheckIntervalMinutes", + "provisioningMaxStatusCheckDays" + ], + "type": "object", + "properties": { + "provisioningStatusCheckIntervalMinutes": { + "description": "interval in minutes between status checks", + "type": "string", + "example": "30" + }, + "provisioningMaxStatusCheckDays": { + "description": "maximum number of days to check", + "type": "string", + "example": "2" + } + } + }, + "Reassignment": { + "type": "object", + "nullable": true, + "properties": { + "from": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the certification.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the certification.", + "example": "Certification Name" + }, + "type": { + "type": "string", + "enum": [ + "CERTIFICATION" + ], + "example": "CERTIFICATION" + }, + "reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + } + } + }, + "comment": { + "type": "string", + "description": "The comment entered when the Certification was reassigned", + "example": "Reassigned for a reason" + } + } + }, + "ReassignmentReference": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of item or identity being reassigned.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "type": { + "type": "string", + "description": "The type of item or identity being reassigned.", + "enum": [ + "TARGET_SUMMARY", + "ITEM", + "IDENTITY_SUMMARY" + ], + "example": "ITEM" + } + }, + "required": [ + "id", + "type" + ] + }, + "RemediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "RequestableObject": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id of the requestable object itself", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the requestable object", + "example": "Applied Research Access" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "The time when the requestable object was created" + }, + "modified": { + "nullable": true, + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "The time when the requestable object was last modified" + }, + "description": { + "type": "string", + "description": "Description of the requestable object.", + "example": "Access to research information, lab results, and schematics." + }, + "type": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + }, + "requestStatus": { + "type": "string", + "enum": [ + "AVAILABLE", + "PENDING", + "ASSIGNED" + ], + "description": "Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.", + "example": "AVAILABLE" + }, + "identityRequestId": { + "type": "string", + "description": "If *requestStatus* is *PENDING*, indicates the id of the associated account activity.", + "nullable": true, + "example": null + }, + "ownerRef": { + "type": "object", + "nullable": true, + "properties": { + "type": { + "type": "string", + "description": "The type can only be IDENTITY. This is read-only", + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "Identity id.", + "example": "5168015d32f890ca15812c9180835d2e" + }, + "name": { + "type": "string", + "description": "Human-readable display name of identity. This is read-only", + "example": "Alison Ferguso" + }, + "email": { + "type": "string", + "description": "Email address of identity. This is read-only", + "example": "alison.ferguso@identitysoon.com" + } + } + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Whether the requester must provide comments when requesting the object.", + "example": false + } + } + }, + "RequestableObjectType": { + "type": "string", + "enum": [ + "ACCESS_PROFILE", + "ROLE", + "ENTITLEMENT" + ], + "description": "Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.", + "example": "ACCESS_PROFILE" + }, + "RequestableObjectRequestStatus": { + "type": "string", + "enum": [ + "AVAILABLE", + "PENDING", + "ASSIGNED" + ], + "description": "Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.", + "example": "AVAILABLE" + }, + "Reviewer": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The id of the reviewer.", + "example": "ef38f94347e94562b5bb8424a56397d8" + }, + "name": { + "type": "string", + "description": "The name of the reviewer.", + "example": "Reviewer Name" + }, + "email": { + "type": "string", + "description": "The email of the reviewing identity.", + "example": "reviewer@test.com" + }, + "type": { + "type": "string", + "enum": [ + "IDENTITY" + ], + "description": "The type of the reviewing identity.", + "example": "IDENTITY" + }, + "created": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The created date of the reviewing identity." + }, + "modified": { + "nullable": true, + "example": "2018-06-25T20:22:28.104Z", + "format": "date-time", + "type": "string", + "description": "The modified date of the reviewing identity." + } + } + }, + "RoleDocument": { + "description": "Role", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfileCount": { + "type": "integer" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + "RoleSummary": { + "description": "Role", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "disabled": { + "type": "boolean" + }, + "revocable": { + "type": "boolean" + } + } + } + ] + }, + "SearchDocument": { + "discriminator": { + "propertyName": "_type", + "mapping": { + "accessprofile": "../model/access/profile/AccessProfileDocument.yaml", + "accountactivity": "../model/account/activity/AccountActivityDocument.yaml", + "account": "../model/account/AccountDocument.yaml", + "aggregation": "../model/aggregation/AggregationDocument.yaml", + "entitlement": "../model/entitlement/EntitlementDocument.yaml", + "event": "../model/event/EventDocument.yaml", + "identity": "../model/identity/IdentityDocument.yaml", + "role": "../model/role/RoleDocument.yaml" + } + }, + "oneOf": [ + { + "description": "This is more of a complete representation of an access profile. ", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "entitlements": { + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "example": 5 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "AccountActivity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "action": { + "type": "string", + "description": "The type of action that this activity performed", + "externalDocs": { + "description": "Learn more about account activity action types", + "url": "https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data" + }, + "example": "Identity Refresh." + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "description": "The current stage of the activity", + "example": "Completed" + }, + "origin": { + "type": "string", + "nullable": true, + "example": null + }, + "status": { + "type": "string", + "description": "the current status of the activity", + "example": "Complete" + }, + "requester": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "recipient": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "trackingNumber": { + "type": "string", + "example": "61aad0c9e8134eca89e76a35e0cabe3f" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "warnings": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "example": null + }, + "approvals": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comments": { + "type": "array", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "The comment text", + "example": "This request was autoapproved by our automated ETS subscriber." + }, + "commenter": { + "type": "string", + "description": "The name of the commenter", + "example": "Automated AR Approval" + }, + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "string", + "description": "The result of the approval", + "example": "Finished" + }, + "type": { + "type": "string", + "nullable": true, + "example": null + } + } + } + }, + "originalRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "the account id", + "example": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "description": "the operation that was used", + "example": "add" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "expansionItems": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "2c91808981f58ea601821c3e93482e6f" + }, + "cause": { + "type": "string", + "example": "Role" + }, + "name": { + "type": "string", + "description": "The name of the item", + "example": "smartsheet-role" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "accountRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Unique ID of the account", + "example": "John.Doe" + }, + "attributeRequests": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The attribute name", + "example": "groups" + }, + "op": { + "type": "string", + "description": "The operation to perform", + "example": "Add" + }, + "value": { + "type": "string", + "description": "The value of the attribute", + "example": "3203537556531076" + } + } + } + }, + "op": { + "type": "string", + "example": "Modify", + "description": "The operation that was performed" + }, + "provisioningTarget": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "result": { + "type": "object", + "properties": { + "errors": { + "type": "array", + "items": { + "type": "string", + "example": "[ConnectorError] [\n {\n \"code\": \"unrecognized_keys\",\n \"keys\": [\n \"groups\"\n ],\n \"path\": [],\n \"message\": \"Unrecognized key(s) in object: 'groups'\"\n }\n] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)" + } + }, + "status": { + "type": "string", + "description": "The status of the account request", + "example": "failed" + }, + "ticketId": { + "type": "string", + "nullable": true, + "example": null + } + } + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + } + } + } + }, + "sources": { + "type": "string", + "example": "smartsheet-test, airtable-v4, IdentityNow" + } + } + } + ] + }, + { + "description": "Account", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "firstName": "John", + "lastName": "Doe", + "displayName": "John.Doe" + } + }, + "identity": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "access": { + "type": "array", + "items": { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + } + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the account", + "format": "int32", + "example": 2 + }, + "uncorrelated": { + "type": "boolean", + "description": "Indicates if the account is not correlated to an identity", + "example": false + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Aggregation", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "status": { + "type": "string", + "example": "Success" + }, + "duration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "avgDuration": { + "type": "integer", + "format": "int32", + "example": 20 + }, + "changedAccounts": { + "type": "integer", + "format": "int32", + "example": 1 + }, + "nextScheduled": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "startTime": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "sourceOwner": { + "type": "string", + "description": "John Doe" + } + } + } + ] + }, + { + "description": "Entitlement", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "A description of the entitlement", + "example": "The admin privilege" + }, + "attribute": { + "type": "string", + "description": "The name of the entitlement attribute", + "example": "admin" + }, + "value": { + "type": "string", + "description": "The value of the entitlement", + "example": "true" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "displayName": { + "type": "string", + "description": "The display name of the entitlement", + "example": "Admin" + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "identityCount": { + "type": "integer", + "format": "int32", + "example": 3 + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Event", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "type": "object", + "properties": { + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "action": { + "type": "string", + "description": "The action that was performed", + "example": "update" + }, + "type": { + "type": "string", + "description": "The type of event", + "example": "SYSTEM_CONFIG" + }, + "actor": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "target": { + "type": "object", + "properties": { + "name": { + "type": "string", + "example": "John Doe", + "description": "the actor or target name" + }, + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + }, + "stack": { + "type": "string", + "example": "tpe" + }, + "trackingNumber": { + "type": "string", + "example": "63f891e0735f4cc8bf1968144a1e7440" + }, + "ipAddress": { + "type": "string", + "example": "52.52.97.85" + }, + "details": { + "type": "string", + "example": "73b65dfbed1842548c207432a18c84b0" + }, + "attributes": { + "type": "object", + "additionalProperties": true, + "example": { + "pod": "stg03-useast1", + "org": "acme", + "sourceName": "SailPoint" + } + }, + "objects": { + "type": "array", + "items": { + "type": "string", + "example": "AUTHENTICATION" + } + }, + "operation": { + "type": "string", + "example": "REQUEST" + }, + "status": { + "type": "string", + "example": "PASSED" + }, + "technicalName": { + "type": "string", + "example": "AUTHENTICATION_REQUEST_PASSED" + } + } + } + ] + }, + { + "description": "Identity", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "firstName": { + "type": "string", + "description": "The first name of the identity", + "example": "Carol" + }, + "lastName": { + "type": "string", + "description": "The last name of the identity", + "example": "Adams" + }, + "displayName": { + "type": "string", + "example": "Carol.Adams", + "description": "The display name of the identity" + }, + "email": { + "type": "string", + "description": "The identity's primary email address", + "example": "Carol.Adams@sailpointdemo.com" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "phone": { + "type": "string", + "description": "The phone number of the identity", + "example": "+1 440-527-3672" + }, + "inactive": { + "type": "boolean", + "description": "Indicates if the identity is inactive", + "example": false + }, + "protected": { + "type": "boolean", + "example": false + }, + "status": { + "type": "string", + "description": "The identity's status in SailPoint", + "example": "UNREGISTERED" + }, + "employeeNumber": { + "type": "string", + "example": "1a2a3d4e" + }, + "manager": { + "nullable": true, + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "isManager": { + "type": "boolean", + "description": "Indicates if this identity is a manager of other identities", + "example": false + }, + "identityProfile": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "attributes": { + "type": "object", + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "country": "US", + "firstname": "Carol", + "cloudStatus": "UNREGISTERED" + } + }, + "processingState": { + "type": "string", + "nullable": true, + "example": null + }, + "processingDetails": { + "nullable": true, + "type": "object", + "properties": { + "date": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "stage": { + "type": "string", + "example": "In Process" + }, + "retryCount": { + "type": "integer", + "example": 0, + "format": "int32" + }, + "stackTrace": { + "type": "string", + "example": "" + }, + "message": { + "type": "string", + "example": "" + } + } + }, + "accounts": { + "type": "array", + "description": "List of accounts associated with the identity", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account", + "example": "john.doe" + }, + "source": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "example": "Delimited File", + "description": "the type of source returned" + } + } + } + ] + }, + "disabled": { + "type": "boolean", + "description": "Indicates if the account is disabled", + "example": false + }, + "locked": { + "type": "boolean", + "description": "Indicates if the account is locked", + "example": false + }, + "privileged": { + "type": "boolean", + "example": false + }, + "manuallyCorrelated": { + "type": "boolean", + "description": "Indicates if the account has been manually correlated to an identity", + "example": false + }, + "passwordLastSet": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "entitlementAttributes": { + "type": "object", + "nullable": true, + "description": "a map or dictionary of key/value pairs", + "additionalProperties": true, + "example": { + "moderator": true, + "admin": true, + "trust_level": "4" + } + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + } + } + ] + } + }, + "accountCount": { + "type": "integer", + "description": "Number of accounts associated with the identity", + "format": "int32", + "example": 3 + }, + "apps": { + "type": "array", + "description": "The list of applications the identity has access to", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "account": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The SailPoint generated unique ID", + "example": "2c9180837dfe6949017e21f3d8cd6d49" + }, + "accountId": { + "type": "string", + "description": "The account ID generated by the source", + "example": "CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + } + } + } + } + } + ] + } + }, + "appCount": { + "type": "integer", + "format": "int32", + "description": "The number of applications the identity has access to", + "example": 2 + }, + "access": { + "type": "array", + "description": "The list of access items assigned to the identity", + "items": { + "discriminator": { + "propertyName": "type", + "mapping": { + "ACCESS_PROFILE": "../access/AccessProfileSummary.yaml", + "ENTITLEMENT": "../access/AccessProfileEntitlement.yaml", + "ROLE": "../access/AccessProfileRole.yaml" + } + }, + "oneOf": [ + { + "description": "This is a summary representation of an access profile.", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "revocable": { + "type": "boolean", + "example": true + } + } + } + ] + }, + { + "description": "EntitlementReference", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + "privileged": { + "type": "boolean", + "example": false + }, + "attribute": { + "type": "string", + "example": "memberOf" + }, + "value": { + "type": "string", + "example": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com" + }, + "standalone": { + "type": "boolean", + "example": false + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "description": { + "type": "string", + "nullable": true, + "example": null + } + } + } + ] + }, + { + "type": "object", + "properties": { + "owner": { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "example": "John Q. Doe" + } + } + } + ] + }, + "disabled": { + "type": "boolean" + }, + "revocable": { + "type": "boolean" + } + } + } + ] + } + ] + } + }, + "accessCount": { + "type": "integer", + "format": "int32", + "description": "The number of access items assigned to the identity", + "example": 5 + }, + "accessProfileCount": { + "type": "integer", + "description": "The number of access profiles assigned to the identity", + "example": 1 + }, + "entitlementCount": { + "type": "integer", + "description": "The number of entitlements assigned to the identity", + "example": 10 + }, + "roleCount": { + "type": "integer", + "description": "The number of roles assigned to the identity", + "example": 1 + }, + "owns": { + "type": "object", + "properties": { + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "entitlements": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "roles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "apps": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "governanceGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "fallbackApprover": { + "type": "boolean", + "example": false + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + }, + { + "description": "Role", + "allOf": [ + { + "type": "object", + "required": [ + "id", + "name", + "_type" + ], + "properties": { + "id": { + "type": "string", + "example": "2c91808375d8e80a0175e1f88a575222" + }, + "name": { + "type": "string", + "example": "john.doe" + }, + "_type": { + "description": "Enum representing the currently supported document types.\n\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofile", + "accountactivity", + "account", + "aggregation", + "entitlement", + "event", + "identity", + "role" + ], + "example": "identity" + } + } + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the access item", + "example": "The admin role" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "synced": { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + }, + "enabled": { + "type": "boolean", + "example": true + }, + "requestable": { + "type": "boolean", + "example": true, + "description": "Indicates if the access can be requested" + }, + "requestCommentsRequired": { + "type": "boolean", + "description": "Indicates if comments are required when requesting access", + "example": false + }, + "owner": { + "allOf": [ + { + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + } + } + } + ] + }, + { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": "john.doe@sailpoint.com", + "description": "The email of the identity" + } + } + } + ] + } + } + } + ] + }, + { + "type": "object", + "properties": { + "accessProfiles": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313", + "description": "The unique ID of the referenced object." + }, + "name": { + "type": "string", + "example": "John Doe", + "description": "The human readable name of the referenced object." + } + } + } + }, + "accessProfileCount": { + "type": "integer" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "TAG_1", + "TAG_2" + ] + } + } + } + ] + } + ] + }, + "SavedSearch": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The saved search ID.\n", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64" + }, + "owner": { + "description": "The owner of the saved search.\n", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure.", + "example": "IDENTITY" + }, + "id": { + "description": "The id of the object.\n", + "type": "string", + "example": "2c91808568c529c60168cca6f90c1313" + } + }, + "required": [ + "type", + "id" + ] + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the saved search.\n", + "type": "string", + "example": "Disabled accounts" + }, + "description": { + "description": "The description of the saved search.\n", + "type": "string", + "nullable": true, + "example": "Disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "public": { + "description": "Indicates if the saved search is public.\n", + "type": "boolean", + "default": false, + "example": false + }, + "created": { + "description": "The date the saved search was initially created.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "modified": { + "description": "The last date the saved search was modified.\n", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "indices": { + "description": "The names of the Elasticsearch indices in which to search.\n", + "type": "array", + "items": { + "description": "Enum representing the currently supported indices.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "accessprofiles", + "accountactivities", + "entitlements", + "events", + "identities", + "roles", + "*" + ], + "example": "identities" + }, + "example": [ + "identities" + ] + }, + "columns": { + "description": "The columns to be returned (specifies the order in which they will be presented) for each document type.\n\nThe currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.\n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "object", + "properties": { + "field": { + "description": "The name of the field.\n", + "type": "string", + "example": "email" + }, + "header": { + "description": "The value of the header.\n", + "type": "string", + "example": "Work Email" + } + }, + "required": [ + "field" + ] + } + }, + "example": { + "identity": [ + { + "field": "displayName", + "header": "Display Name" + }, + { + "field": "e-mail", + "header": "Work Email" + } + ] + } + }, + "query": { + "description": "The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.\n", + "type": "string", + "example": "@accounts(disabled:true)" + }, + "fields": { + "description": "The fields to be searched against in a multi-field query.\n", + "type": "array", + "nullable": true, + "items": { + "type": "string" + }, + "example": [ + "disabled" + ] + }, + "sort": { + "description": "The fields to be used to sort the search results.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "displayName" + ] + }, + "filters": { + "nullable": true, + "allOf": [ + { + "type": "object", + "description": "The filters to be applied for each filtered field name.", + "example": { + "attributes.cloudAuthoritativeSource": { + "type": "EXISTS", + "exclude": true + }, + "accessCount": { + "type": "RANGE", + "range": { + "lower": { + "value": "3" + } + } + }, + "created": { + "type": "RANGE", + "range": { + "lower": { + "value": "2019-12-01", + "inclusive": true + }, + "upper": { + "value": "2020-01-01" + } + } + }, + "source.name": { + "type": "TERMS", + "terms": [ + "HR Employees", + "Corporate Active Directory" + ], + "exclude": true + }, + "protected": { + "type": "TERMS", + "terms": [ + "true" + ] + } + } + }, + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported filter types.\nAdditional values may be added in the future without notice.", + "type": "string", + "enum": [ + "EXISTS", + "RANGE", + "TERMS" + ], + "example": "RANGE" + }, + "range": { + "type": "object", + "description": "The range of values to be filtered.", + "properties": { + "lower": { + "description": "The lower bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + }, + "upper": { + "description": "The upper bound of the range.", + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "description": "The value of the range's endpoint.", + "type": "string", + "example": "1" + }, + "inclusive": { + "description": "Indicates if the endpoint is included in the range.", + "type": "boolean", + "default": false, + "example": false + } + } + } + } + }, + "terms": { + "description": "The terms to be filtered.", + "type": "array", + "items": { + "type": "string", + "example": "account_count" + } + }, + "exclude": { + "description": "Indicates if the filter excludes results.", + "type": "boolean", + "default": false, + "example": false + } + } + } + ] + } + }, + "required": [ + "indices", + "query" + ] + } + ] + }, + "Schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "ScheduledSearch": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "id": { + "description": "The scheduled search ID.", + "type": "string", + "example": "0de46054-fe90-434a-b84e-c6b3359d0c64", + "readOnly": true + }, + "owner": { + "description": "The owner of the scheduled search", + "readOnly": true, + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + }, + "ownerId": { + "description": "The ID of the scheduled search owner.\n\nPlease use the `id` in the `owner` object instead.\n", + "type": "string", + "example": "2c9180867624cbd7017642d8c8c81f67", + "readOnly": true, + "deprecated": true + } + } + }, + { + "type": "object", + "properties": { + "name": { + "description": "The name of the scheduled search.\n", + "type": "string", + "example": "Daily disabled accounts", + "nullable": true + }, + "description": { + "description": "The description of the scheduled search.\n", + "type": "string", + "nullable": true, + "example": "Daily disabled accounts" + } + } + }, + { + "type": "object", + "properties": { + "savedSearchId": { + "description": "The ID of the saved search that will be executed.", + "type": "string", + "example": "554f1511-f0a1-4744-ab14-599514d3e57c" + }, + "created": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The date the scheduled search was initially created.", + "readOnly": true + }, + "modified": { + "allOf": [ + { + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "A date-time in ISO-8601 format" + } + ], + "description": "The last date the scheduled search was modified.", + "readOnly": true + }, + "schedule": { + "type": "object", + "description": "The schedule information.", + "properties": { + "type": { + "description": "Enum representing the currently supported schedule types.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "DAILY", + "WEEKLY", + "MONTHLY", + "CALENDAR" + ], + "example": "WEEKLY" + }, + "days": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The days to execute the search.\n\nIf `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.\n\nIf `type` is `MONTHLY`, the values will be a number in double quotes, like `\"1\"`, `\"10\"`, or `\"28\"`. Optionally, the value `\"L\"` can be used to refer to the last day of the month.\n", + "example": { + "type": "LIST", + "values": [ + "MON", + "WED", + "FRI" + ] + }, + "nullable": true + } + ] + }, + "hours": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "Enum representing the currently supported selector types.\n\nLIST - the *values* array contains one or more distinct values.\n\nRANGE - the *values* array contains two values: the start and end of the range, inclusive.\n\nAdditional values may be added in the future without notice.\n", + "type": "string", + "enum": [ + "LIST", + "RANGE" + ], + "example": "LIST" + }, + "values": { + "description": "The selected values.\n", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "MON", + "WED" + ] + }, + "interval": { + "nullable": true, + "description": "The selected interval for RANGE selectors.\n", + "type": "integer", + "format": "int32", + "example": 3 + } + }, + "required": [ + "type", + "values" + ] + }, + { + "description": "The hours selected.", + "example": { + "type": "RANGE", + "values": [ + "9", + "18" + ], + "interval": 3 + } + } + ] + }, + "expiration": { + "description": "The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'", + "type": "string", + "nullable": true, + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z" + }, + "timeZoneId": { + "description": "The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org's default timezone is used.", + "nullable": true, + "type": "string", + "example": "GMT-06:00" + } + }, + "required": [ + "type", + "hours" + ] + }, + "recipients": { + "description": "A list of identities that should receive the scheduled search report via email.", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "The ID of the referenced object", + "example": "2c9180867624cbd7017642d8c8c81f67" + } + }, + "required": [ + "type", + "id" + ] + } + }, + "enabled": { + "description": "Indicates if the scheduled search is enabled.\n", + "type": "boolean", + "default": false, + "example": false + }, + "emailEmptyResults": { + "description": "Indicates if email generation should not be suppressed if search returns no results.\n", + "type": "boolean", + "default": false, + "example": false + }, + "displayQueryDetails": { + "description": "Indicates if the generated email should include the query and search results preview (which could include PII).\n", + "type": "boolean", + "default": false, + "example": false + } + }, + "required": [ + "savedSearchId", + "schedule", + "recipients" + ] + } + ], + "required": [ + "id", + "owner", + "ownerId" + ] + }, + "ServiceDeskIntegrationDto": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "Specification of a Service Desk integration", + "required": [ + "description", + "type", + "attributes" + ], + "properties": { + "description": { + "description": "Description of the Service Desk integration", + "type": "string", + "example": "A very nice Service Desk integration" + }, + "type": { + "description": "Service Desk integration types\n\n- ServiceNowSDIM\n- ServiceNow\n", + "type": "string", + "default": "ServiceNowSDIM", + "example": "ServiceNowSDIM" + }, + "ownerRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the identity that is the owner of this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "clusterRef": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to the source cluster for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "cluster": { + "description": "ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)", + "type": "string", + "example": "xyzzy999", + "deprecated": true + }, + "managedSources": { + "description": "Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)", + "type": "array", + "items": { + "type": "string" + }, + "deprecated": true, + "example": [ + "2c9180835d191a86015d28455b4a2329", + "2c5680835d191a85765d28455b4a9823" + ] + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + }, + "attributes": { + "description": "Attributes of the Service Desk integration. Validation constraints enforced by the implementation.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "beforeProvisioningRule": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "description": "Reference to beforeProvisioningRule for this Service Desk integration", + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "description": "ID of the rule", + "example": "2c91808568c529c60168cca6f90c1333" + }, + "name": { + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + } + } + } + ] + }, + "ServiceDeskIntegrationTemplateDto": { + "allOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "id": { + "description": "System-generated unique ID of the Object", + "type": "string", + "example": "id12345", + "readOnly": true + }, + "name": { + "description": "Name of the Object", + "type": "string", + "example": "aName" + }, + "created": { + "description": "Creation date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + }, + "modified": { + "description": "Last modification date of the Object", + "type": "string", + "example": "2015-05-28T14:07:17Z", + "format": "date-time", + "readOnly": true + } + } + }, + { + "type": "object", + "description": "This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.", + "required": [ + "type", + "attributes", + "provisioningConfig" + ], + "properties": { + "type": { + "description": "The 'type' property specifies the type of the Service Desk integration template.", + "type": "string", + "example": "Web Service SDIM", + "default": "Web Service SDIM" + }, + "attributes": { + "description": "The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.", + "type": "object", + "additionalProperties": true, + "example": { + "property": "value", + "key": "value" + } + }, + "provisioningConfig": { + "description": "The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.", + "type": "object", + "properties": { + "universalManager": { + "description": "Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.", + "type": "boolean", + "readOnly": true, + "example": true + }, + "managedResourceRefs": { + "description": "References to sources for the Service Desk integration template. May only be specified if universalManager is false.", + "type": "array", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + ], + "properties": { + "type": { + "description": "The type of object being referenced", + "enum": [ + "SOURCE" + ], + "example": "SOURCE" + }, + "id": { + "description": "ID of the source", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "description": "Human-readable display name of the source", + "example": "My Source" + } + } + }, + "example": [ + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb051111", + "name": "My Source 1" + }, + { + "type": "SOURCE", + "id": "2c9180855d191c59015d291ceb052222", + "name": "My Source 2" + } + ] + }, + "planInitializerScript": { + "description": "This is a reference to a plan initializer script.", + "type": "object", + "properties": { + "source": { + "description": "This is a Rule that allows provisioning instruction changes.", + "type": "string", + "example": "\\r\\n\\r\\n\\r\\n Before Provisioning Rule which changes disables and enables to a modify.\\r\\n \n" + } + } + }, + "noProvisioningRequests": { + "description": "Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.", + "type": "boolean", + "example": true + }, + "provisioningRequestExpiration": { + "description": "When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.", + "type": "integer", + "format": "int32", + "example": 7 + } + } + } + } + } + ] + }, + "ServiceDeskIntegrationTemplateType": { + "description": "This represents a Service Desk Integration template type.", + "required": [ + "type", + "scriptName" + ], + "type": "object", + "properties": { + "name": { + "description": "This is the name of the type.", + "example": "aName", + "type": "string" + }, + "type": { + "description": "This is the type value for the type.", + "example": "aType", + "type": "string" + }, + "scriptName": { + "description": "This is the scriptName attribute value for the type.", + "example": "aScriptName", + "type": "string" + } + } + }, + "Source": { + "type": "object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "name": { + "type": "string", + "description": "Human-readable name of the source", + "example": "My Source" + }, + "description": { + "type": "string", + "description": "Human-readable description of the source", + "example": "This is the corporate directory." + }, + "owner": { + "description": "Reference to an owning Identity Object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "IDENTITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the identity", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the identity", + "example": "MyName" + } + } + }, + "cluster": { + "description": "Reference to the associated Cluster", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CLUSTER" + ], + "example": "CLUSTER" + }, + "id": { + "type": "string", + "description": "ID of the cluster", + "example": "2c9180866166b5b0016167c32ef31a66" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the cluster", + "example": "Corporate Cluster" + } + } + }, + "accountCorrelationConfig": { + "description": "Reference to an Account Correlation Config object", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG" + ], + "example": "ACCOUNT_CORRELATION_CONFIG" + }, + "id": { + "type": "string", + "description": "ID of the account correlation config", + "example": "2c9180855d191c59015d28583727245a" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the account correlation config", + "example": "Directory [source-62867] Account Correlation" + } + } + }, + "accountCorrelationRule": { + "description": "Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "managerCorrelationMapping": { + "description": "Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity", + "type": "object", + "properties": { + "accountAttribute": { + "type": "string", + "description": "Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.", + "example": "manager" + }, + "identityAttribute": { + "type": "string", + "description": "Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.", + "example": "manager" + } + } + }, + "managerCorrelationRule": { + "description": "Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "beforeProvisioningRule": { + "description": "Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "RULE" + ], + "example": "RULE" + }, + "id": { + "type": "string", + "description": "ID of the rule", + "example": "2c918085708c274401708c2a8a760001" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the rule", + "example": "Example Rule" + } + } + }, + "schemas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "CONNECTOR_SCHEMA" + ], + "example": "CONNECTOR_SCHEMA" + }, + "id": { + "type": "string", + "description": "ID of the schema", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the schema", + "example": "MySchema" + } + } + }, + "description": "List of references to Schema objects", + "example": [ + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232a", + "name": "account" + }, + { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180835d191a86015d28455b4b232b", + "name": "group" + } + ] + }, + "passwordPolicies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "PASSWORD_POLICY" + ], + "example": "PASSWORD_POLICY" + }, + "id": { + "type": "string", + "description": "ID of the policy", + "example": "2c91808568c529c60168cca6f90c1777" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the policy", + "example": "My Password Policy" + } + } + }, + "description": "List of references to the associated PasswordPolicy objects.", + "example": [ + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb053980", + "name": "Corporate Password Policy" + }, + { + "type": "PASSWORD_POLICY", + "id": "2c9180855d191c59015d291ceb057777", + "name": "Vendor Password Policy" + } + ] + }, + "features": { + "type": "array", + "description": "Optional features that can be supported by a source.", + "items": { + "type": "string", + "enum": [ + "AUTHENTICATE", + "COMPOSITE", + "DIRECT_PERMISSIONS", + "DISCOVER_SCHEMA", + "ENABLE", + "MANAGER_LOOKUP", + "NO_RANDOM_ACCESS", + "PROXY", + "SEARCH", + "TEMPLATE", + "UNLOCK", + "UNSTRUCTURED_TARGETS", + "SHAREPOINT_TARGET", + "PROVISIONING", + "GROUP_PROVISIONING", + "SYNC_PROVISIONING", + "PASSWORD", + "CURRENT_PASSWORD", + "ACCOUNT_ONLY_REQUEST", + "ADDITIONAL_ACCOUNT_REQUEST", + "NO_AGGREGATION", + "GROUPS_HAVE_MEMBERS", + "NO_PERMISSIONS_PROVISIONING", + "NO_GROUP_PERMISSIONS_PROVISIONING", + "NO_UNSTRUCTURED_TARGETS_PROVISIONING", + "NO_DIRECT_PERMISSIONS_PROVISIONING" + ], + "description": "Optional features that can be supported by an source.\n* AUTHENTICATE: The source supports pass-through authentication.\n* COMPOSITE: The source supports composite source creation.\n* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.\n* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.\n* ENABLE The source supports reading if an account is enabled or disabled.\n* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.\n* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.\n* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.\n* SEARCH\n* TEMPLATE\n* UNLOCK: The source supports reading if an account is locked or unlocked.\n* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.\n* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.\n* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.\n* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.\n* SYNC_PROVISIONING: The source can provision accounts synchronously.\n* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.\n* CURRENT_PASSWORD: Some source types support verification of the current password\n* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.\n* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.\n* NO_AGGREGATION: A source that does not support aggregation.\n* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.\n* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.\n* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.\n* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.\n* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.", + "example": "AUTHENTICATE" + }, + "example": [ + "SYNC_PROVISIONING", + "MANAGER_LOOKUP", + "SEARCH", + "PROVISIONING", + "AUTHENTICATE", + "GROUP_PROVISIONING", + "PASSWORD" + ] + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "connector": { + "type": "string", + "description": "Connector script name.", + "example": "active-directory" + }, + "connectorClass": { + "type": "string", + "description": "The fully qualified name of the Java class that implements the connector interface.", + "example": "sailpoint.connector.LDAPConnector" + }, + "connectorAttributes": { + "type": "object", + "description": "Connector specific configuration; will differ from type to type.", + "example": { + "healthCheckTimeout": 30, + "authSearchAttributes": [ + "cn", + "uid", + "mail" + ] + } + }, + "deleteThreshold": { + "type": "integer", + "format": "int32", + "description": "Number from 0 to 100 that specifies when to skip the delete phase.", + "example": 10 + }, + "authoritative": { + "type": "boolean", + "description": "When true indicates the source is referenced by an IdentityProfile.", + "example": false + }, + "managementWorkgroup": { + "description": "Reference to Management Workgroup for this Source", + "type": "object", + "properties": { + "type": { + "description": "The type of object being referenced", + "type": "string", + "enum": [ + "GOVERNANCE_GROUP" + ], + "example": "GOVERNANCE_GROUP" + }, + "id": { + "type": "string", + "description": "ID of the management workgroup", + "example": "2c91808568c529c60168cca6f90c2222" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the management workgroup", + "example": "My Management Workgroup" + } + } + }, + "healthy": { + "type": "boolean", + "description": "When true indicates a healthy source", + "example": true + }, + "status": { + "type": "string", + "description": "A status identifier, giving specific information on why a source is healthy or not", + "example": "SOURCE_STATE_HEALTHY" + }, + "since": { + "type": "string", + "description": "Timestamp showing when a source health check was last performed", + "example": "2021-09-28T15:48:29.3801666300Z" + }, + "connectorId": { + "type": "string", + "description": "The id of connector", + "example": "active-directory" + }, + "connectorName": { + "type": "string", + "description": "The name of the connector that was chosen on source creation", + "example": "Active Directory" + }, + "connectionType": { + "type": "string", + "description": "The type of connection (direct or file)", + "example": "file" + }, + "connectorImplementstionId": { + "type": "string", + "description": "The connector implementstion id", + "example": "delimited-file" + } + }, + "required": [ + "name", + "owner", + "connector" + ] + }, + "SourceHealthDto": { + "type": "object", + "description": "Dto for source health data", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "the id of the Source", + "example": "2c91808568c529c60168cca6f90c1324" + }, + "type": { + "type": "string", + "description": "Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ", + "example": "OpenLDAP - Direct" + }, + "name": { + "type": "string", + "description": "the name of the source", + "example": "Source1234" + }, + "org": { + "type": "string", + "description": "source's org", + "example": "denali-cjh" + }, + "isAuthoritative": { + "type": "boolean", + "example": false, + "description": "Is the source authoritative" + }, + "isCluster": { + "type": "boolean", + "example": false, + "description": "Is the source in a cluster" + }, + "hostname": { + "type": "string", + "example": "megapod-useast1-secret-hostname.sailpoint.com", + "description": "source's hostname" + }, + "pod": { + "type": "string", + "description": "source's pod", + "example": "megapod-useast1" + }, + "iqServiceVersion": { + "type": "string", + "description": "The version of the iqService", + "example": "iqVersion123" + }, + "status": { + "type": "string", + "enum": [ + "SOURCE_STATE_ERROR_CLUSTER", + "SOURCE_STATE_ERROR_SOURCE", + "SOURCE_STATE_ERROR_VA", + "SOURCE_STATE_FAILURE_CLUSTER", + "SOURCE_STATE_FAILURE_SOURCE", + "SOURCE_STATE_HEALTHY", + "SOURCE_STATE_UNCHECKED_CLUSTER", + "SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES", + "SOURCE_STATE_UNCHECKED_SOURCE", + "SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS" + ], + "description": "connection test result", + "example": "SOURCE_STATE_UNCHECKED_SOURCE" + } + } + }, + "Transform": { + "type": "object", + "description": "The representation of an internally- or customer-defined transform.", + "required": [ + "name", + "type", + "attributes" + ], + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Unique ID of this transform", + "example": "2cd78adghjkja34jh2b1hkjhasuecd" + }, + "name": { + "type": "string", + "description": "Unique name of this transform", + "example": "Timestamp To Date", + "minLength": 1, + "maxLength": 50 + }, + "type": { + "type": "string", + "description": "The type of transform operation", + "enum": [ + "accountAttribute", + "base64Decode", + "base64Encode", + "concat", + "conditional", + "dateCompare", + "dateFormat", + "dateMath", + "decomposeDiacriticalMarks", + "e164phone", + "firstValid", + "rule", + "identityAttribute", + "indexOf", + "iso3166", + "lastIndexOf", + "leftPad", + "lookup", + "lower", + "normalizeNames", + "randomAlphaNumeric", + "randomNumeric", + "reference", + "replaceAll", + "replace", + "rightPad", + "split", + "static", + "substring", + "trim", + "upper", + "usernameGenerator", + "uuid" + ], + "example": "dateFormat", + "externalDocs": { + "description": "Transform Operations", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations" + } + }, + "attributes": { + "description": "Meta-data about the transform. Values in this list are specific to the type of transform to be executed.", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Decode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "base64Encode", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "concat", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of items to join together", + "example": [ + "John", + " ", + "Smith" + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "conditional", + "type": "object", + "required": [ + "expression", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "expression": { + "type": "string", + "description": "A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. \n\nThe `eq` operator is the only valid comparison", + "example": "ValueA eq ValueB" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": "false" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateCompare", + "type": "object", + "required": [ + "firstDate", + "secondDate", + "operator", + "positiveCondition", + "negativeCondition" + ], + "properties": { + "firstDate": { + "description": "This is the first date to consider (The date that would be on the left hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "secondDate": { + "description": "This is the second date to consider (The date that would be on the right hand side of the comparison operation).", + "oneOf": [ + { + "title": "accountAttribute", + "type": "object", + "required": [ + "sourceName", + "attributeName" + ], + "properties": { + "sourceName": { + "type": "string", + "description": "A reference to the source to search for the account", + "example": "Workday" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.", + "example": "DEPARTMENT" + }, + "accountSortAttribute": { + "type": "string", + "description": "The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries", + "example": "created" + }, + "accountSortDescending": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)", + "example": false + }, + "accountReturnFirstLink": { + "type": "boolean", + "description": "The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false", + "example": false + }, + "accountFilter": { + "type": "string", + "description": "This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.\nOnly certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements", + "example": "!(nativeIdentity.startsWith(\"*DELETED*\"))" + }, + "accountPropertyFilter": { + "type": "string", + "description": "This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.\n\nAll account attributes are available for filtering as this operation is performed in memory.", + "example": "(groups.containsAll({'Admin'}) || location == 'Austin')" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + } + ] + }, + "operator": { + "type": "string", + "description": "This is the comparison to perform.\n| Operation | Description |\n| --------- | ------- |\n| LT | Strictly less than: firstDate < secondDate |\n| LTE | Less than or equal to: firstDate <= secondDate |\n| GT | Strictly greater than: firstDate > secondDate |\n| GTE | Greater than or equal to: firstDate >= secondDate |\n", + "enum": [ + "LT", + "LTE", + "GT", + "GTE" + ], + "example": "LT" + }, + "positiveCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to true", + "example": "true" + }, + "negativeCondition": { + "type": "string", + "description": "The output of the transform if the expression evalutes to false", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateFormat", + "type": "object", + "properties": { + "inputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "outputFormat": { + "description": "A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.\n\n*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*", + "oneOf": [ + { + "title": "Named Construct", + "type": "string", + "description": "| Construct | Date Time Pattern | Description |\n| --------- | ----------------- | ----------- |\n| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | \n| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |\n| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |\n| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |\n| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |\n", + "enum": [ + "ISO8601", + "LDAP", + "PEOPLE_SOFT", + "EPOCH_TIME_JAVA", + "EPOCH_TIME_WIN32" + ], + "example": "PEOPLE_SOFT" + }, + { + "title": "Java Simple Date Format", + "type": "string", + "description": "There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.\n\n>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.\n (This table is from the SimpleDateFormat page.)\n\n| Date Time Pattern | Result |\n| ----------------- | ------ |\n| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |\n| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |\n| `h:mm a` | 12:08 PM |\n| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |\n| `K:mm a, z` | 0:08 PM, PDT |\n| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |\n| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |\n| `yyMMddHHmmssZ` | 010704120856-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |\n| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |\n| `YYYY-'W'ww-u` | 2001-W27-3 |\n", + "example": "mm/dd/yyyy" + } + ] + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "dateMath", + "type": "object", + "required": [ + "expression" + ], + "properties": { + "expression": { + "type": "string", + "description": "A string value of the date and time components to operation on, along with the math operations to execute.\n", + "externalDocs": { + "description": "Date Math Expressions", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure" + }, + "example": "now+1w" + }, + "roundUp": { + "type": "boolean", + "description": "A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. \n\n\nIf not provided, the transform will default to `false`\n\n\n`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)\n\n\n`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)\n", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "decomposeDiacriticalMarks", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "e164phone", + "type": "object", + "properties": { + "defaultRegion": { + "type": "string", + "description": "This is an optional attribute that can be used to define the region of the phone number to format into.\n\n\nIf defaultRegion is not provided, it will take US as the default country.\n\n\nThe format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)\n", + "example": "US" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "firstValid", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "array", + "items": { + "type": "object" + }, + "description": "An array of attributes to evaluate for existence.", + "example": [ + { + "attributes": { + "sourceName": "Active Directory", + "attributeName": "sAMAccountName" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "Okta", + "attributeName": "login" + }, + "type": "accountAttribute" + }, + { + "attributes": { + "sourceName": "HR Source", + "attributeName": "employeeID" + }, + "type": "accountAttribute" + } + ] + }, + "ignoreErrors": { + "type": "boolean", + "description": "a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.", + "example": false + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "rule", + "oneOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "This is the name of the Generic rule that needs to be invoked by the transform", + "example": "Generic Calculation Rule" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "includeNumbers", + "includeSpecialChars", + "length" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `generateRandomString`", + "example": "generateRandomString" + }, + "includeNumbers": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include numbers", + "example": true + }, + "includeSpecialChars": { + "type": "boolean", + "description": "This must be either \"true\" or \"false\" to indicate whether the generator logic should include special characters", + "example": true + }, + "length": { + "type": "string", + "description": "This specifies how long the randomly generated string needs to be\n\n\n>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + }, + { + "type": "object", + "required": [ + "name", + "operation", + "uid" + ], + "properties": { + "name": { + "type": "string", + "description": "This must always be set to \"Cloud Services Deployment Utility\"", + "example": "Cloud Services Deployment Utility" + }, + "operation": { + "type": "string", + "description": "The operation to perform `getReferenceIdentityAttribute`", + "example": "getReferenceIdentityAttribute" + }, + "uid": { + "type": "string", + "description": "This is the SailPoint User Name (uid) value of the identity whose attribute is desired\n\nAs a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.\n", + "example": "2c91808570313110017040b06f344ec9" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false + } + } + } + ] + }, + { + "title": "identityAttribute", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "The system (camel-cased) name of the identity attribute to bring in", + "example": "email" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "indexOf", + "type": "object", + "required": [ + "substring" + ], + "properties": { + "substring": { + "type": "string", + "description": "A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.", + "example": "admin_" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "iso3166", + "type": "object", + "properties": { + "format": { + "type": "string", + "description": "An optional value to denote which ISO 3166 format to return. Valid values are:\n\n\n`alpha2` - Two-character country code (e.g., \"US\"); this is the default value if no format is supplied\n\n\n`alpha3` - Three-character country code (e.g., \"USA\")\n\n\n`numeric` - The numeric country code (e.g., \"840\")\n", + "example": "alpha2" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "leftPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lookup", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched\n\n\n>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return \"Unknown Region\" for the attribute that is mapped to this transform.\n", + "example": { + "USA": "Americas", + "FRA": "EMEA", + "AUS": "APAC", + "default": "Unknown Region" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "lower", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "nameNormalizer", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomAlphaNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "randomNumeric", + "type": "object", + "properties": { + "length": { + "type": "string", + "description": "This is an integer value specifying the size/number of characters the random string must contain\n\n\n* This value must be a positive number and cannot be blank\n\n\n* If no length is provided, the transform will default to a value of `32`\n\n\n* Due to identity attribute data constraints, the maximum allowable value is `450` characters\n", + "example": "10" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "reference", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "This ID specifies the name of the pre-existing transform which you want to use within your current transform", + "example": "Existing Transform" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replaceAll", + "type": "object", + "required": [ + "table" + ], + "properties": { + "table": { + "type": "object", + "additionalProperties": true, + "description": "An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.", + "example": { + "-": " ", + "\"": "'", + "ñ": "n" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "replace", + "type": "object", + "required": [ + "regex", + "replacement" + ], + "properties": { + "regex": { + "type": "string", + "description": "This can be a string or a regex pattern in which you want to replace.", + "example": "[^a-zA-Z]", + "externalDocs": { + "description": "Regex Builder", + "url": "https://regex101.com/" + } + }, + "replacement": { + "type": "string", + "description": "This is the replacement string that should be substituded wherever the string or pattern is found.", + "example": " " + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "rightPad", + "type": "object", + "required": [ + "length" + ], + "properties": { + "length": { + "type": "string", + "description": "An integer value for the desired length of the final output string", + "example": "4" + }, + "padding": { + "type": "string", + "description": "A string value representing the character that the incoming data should be padded with to get to the desired length\n\n\nIf not provided, the transform will default to a single space (\" \") character for padding\n", + "example": "0" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "split", + "type": "object", + "required": [ + "delimiter", + "index" + ], + "properties": { + "delimiter": { + "type": "string", + "description": "This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data", + "example": "," + }, + "index": { + "type": "string", + "description": "An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.", + "example": "5" + }, + "throws": { + "type": "boolean", + "description": "A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)\n\n\n`true` - The transform should return \"IndexOutOfBoundsException\"\n\n\n`false` - The transform should return null\n\n\nIf not provided, the transform will default to false and return a null\n", + "example": true + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "static", + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "type": "string", + "description": "This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.", + "example": "string$variable", + "externalDocs": { + "description": "Static Transform Documentation", + "url": "https://developer.sailpoint.com/idn/docs/transforms/operations/static" + } + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + }, + { + "title": "substring", + "type": "object", + "required": [ + "begin" + ], + "properties": { + "begin": { + "type": "integer", + "description": "The index of the first character to include in the returned substring.\n\n\nIf `begin` is set to -1, the transform will begin at character 0 of the input data\n", + "example": 1, + "format": "int32" + }, + "beginOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the begin attribute when returning a substring. \n\nThis attribute is only used if begin is not -1.\n", + "example": 3, + "format": "int32" + }, + "end": { + "type": "integer", + "description": "The index of the first character to exclude from the returned substring.\n\nIf end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.\n", + "example": 6, + "format": "int32" + }, + "endOffset": { + "type": "integer", + "description": "This integer value is the number of characters to add to the end attribute when returning a substring. \n\nThis attribute is only used if end is provided and is not -1.\n", + "example": 1, + "format": "int32" + }, + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "trim", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "upper", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + }, + "input": { + "type": "object", + "description": "This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.", + "additionalProperties": true, + "example": { + "type": "accountAttribute", + "attributes": { + "attributeName": "first_name", + "sourceName": "Source" + } + } + } + } + }, + { + "title": "uuid", + "type": "object", + "properties": { + "requiresPeriodicRefresh": { + "type": "boolean", + "description": "A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process", + "example": false, + "default": false + } + } + } + ] + }, + "internal": { + "type": "boolean", + "readOnly": true, + "description": "Indicates whether this is an internal SailPoint-created transform or a customer-created transform", + "example": false + } + } + }, + "WorkItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the work item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterId": { + "type": "string", + "description": "ID of the requester", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "requesterDisplayName": { + "type": "string", + "description": "The displayname of the requester", + "example": "John Smith" + }, + "ownerId": { + "type": "string", + "description": "The ID of the owner", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "ownerName": { + "type": "string", + "description": "The name of the owner", + "example": "Jason Smith" + }, + "created": { + "type": "string", + "format": "date-time", + "example": "2017-07-11T18:45:37.098Z", + "description": "Time when the work item was created" + }, + "modified": { + "type": "string", + "format": "date-time", + "example": "2018-06-25T20:22:28.104Z", + "description": "Time when the work item was last updated" + }, + "description": { + "type": "string", + "description": "The description of the work item", + "example": "Create account on source 'AD'" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "GENERIC", + "CERTIFICATION", + "REMEDIATION", + "DELEGATION", + "APPROVAL", + "VIOLATIONREVIEW", + "FORM", + "POLICYVIOLATION", + "CHALLENGE", + "IMPACTANALYSIS", + "SIGNOFF", + "EVENT", + "MANUALACTION", + "TEST" + ], + "example": "GENERIC", + "description": "The type of the work item" + }, + "remediationItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the certification", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetId": { + "type": "string", + "description": "The ID of the certification target", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "targetName": { + "type": "string", + "description": "The name of the certification target", + "example": "john.smith" + }, + "targetDisplayName": { + "type": "string", + "description": "The display name of the certification target", + "example": "emailAddress" + }, + "applicationName": { + "type": "string", + "description": "The name of the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute being certified", + "example": "phoneNumber" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the certification on the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute being certified", + "example": "512-555-1212" + }, + "nativeIdentity": { + "type": "string", + "description": "The native identity of the target", + "example": "jason.smith2" + } + } + }, + "approvalItems": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the approval item", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "account": { + "type": "string", + "description": "The account referenced by the approval item", + "example": "john.smith" + }, + "application": { + "type": "string", + "description": "The name the application/source", + "example": "Active Directory" + }, + "attributeName": { + "type": "string", + "description": "The name of the attribute", + "example": "emailAddress" + }, + "attributeOperation": { + "type": "string", + "description": "The operation of the attribute", + "example": "update" + }, + "attributeValue": { + "type": "string", + "description": "The value of the attribute", + "example": "a@b.com" + }, + "state": { + "type": "string", + "enum": [ + "FINISHED", + "REJECTED", + "RETURNED", + "EXPIRED", + "PENDING", + "CANCELED" + ], + "example": "FINISHED", + "description": "The state of a work item" + } + } + }, + "name": { + "type": "string", + "description": "The work item name", + "example": "Account Create" + }, + "completed": { + "type": "string", + "format": "date-time", + "example": "2018-10-19T13:49:37.385Z", + "description": "The time at which the work item completed" + }, + "numItems": { + "type": "integer", + "format": "int32", + "description": "The number of items in the work item", + "example": 19 + }, + "form": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "ID of the form", + "example": "2c9180835d2e5168015d32f890ca1581" + }, + "name": { + "type": "string", + "description": "Name of the form", + "example": "AccountSelection Form" + }, + "title": { + "type": "string", + "description": "The form title", + "example": "Account Selection for John.Doe" + }, + "subtitle": { + "type": "string", + "description": "The form subtitle.", + "example": "Please select from the following" + }, + "targetUser": { + "type": "string", + "description": "The name of the user that should be shown this form", + "example": "Jane.Doe" + }, + "sections": { + "type": "object", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the FormItem", + "example": "Field1" + } + } + }, + { + "type": "object", + "properties": { + "label": { + "type": "string", + "description": "Label of the section", + "example": "Section 1" + }, + "formItems": { + "type": "array", + "items": { + "type": "object" + }, + "description": "List of FormItems. FormItems can be SectionDetails and/or FieldDetails", + "example": [] + } + } + } + ] + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "The work item ID that was specified was not found." + ], + "description": "An array of errors that ocurred during the work item" + } + } + }, + "WorkItemsCount": { + "type": "object", + "properties": { + "count": { + "type": "integer", + "description": "The count of work items", + "example": 29 + } + } + }, + "WorkItemsSummary": { + "type": "object", + "properties": { + "open": { + "type": "integer", + "description": "The count of open work items", + "example": 29 + }, + "completed": { + "type": "integer", + "description": "The count of completed work items", + "example": 1 + }, + "total": { + "type": "integer", + "description": "The count of total work items", + "example": 30 + } + } + } + } + } +} diff --git a/src/routes/session/+page.svelte b/src/routes/session/+page.svelte index b9e1b25..a2d7e49 100644 --- a/src/routes/session/+page.svelte +++ b/src/routes/session/+page.svelte @@ -3,6 +3,6 @@ import { CodeBlock } from '@skeletonlabs/skeleton'; -
+
diff --git a/yq.exe b/yq.exe new file mode 100644 index 0000000000000000000000000000000000000000..83c95ec0a8bb4f8dce9bd4c01ff6d164fa04affc GIT binary patch literal 9176576 zcmeFadwf*Y)jvE585khp49F!2$e^PpsE~NUL`<1L0%u@?K`El}v{58RMU5~6QBV>l zfgFa>!D4HRZPC`&T5WBAEpoA%a7hAMB~X!zRlury9IR0k0#WmRzk8pV%p?K({GRvy zy#G9C=IpaCYp=cb+H0-7_T?1a8nX1Tq*(Z`z1?C7$dJY2GN0#qR3fq8$SwUWf9d`A zQJa!He;+lo?5;(Q@`d-`x$w4o9rJFx@4oxJj@#!u7W(dU+;yL$;D(zV_uhZU{4r^1 zeViuX;zEn%j+H&tTgn>wY_VLJ+&8(0#qx;DVmZH`jB_nU9y^1G<3EOzEtZ~^B>bnI zjJDVx=ZpN;!%|XZu{hL=EX$x7h`q;RRK6o2OGuGJy?6d?30W>kWsU#Mf2WsO^m7y& zSVG8iBc9cG#{I*aYmCZf$vS$T z#nQ4&(Q!YXasQC7Zp>XOqii$UF6(Sr9hXZ|yl%|G`3vr!XHjhj4J`f8n3G-dO&qi6 z!F#>8-EMLe`T~7qG5a+R=)}12{|5h;0{=^a|DPz(?wE4F<96R&3+`~Z3$AlqIQh!l z+pd^=_5C+`itk%=@63hcCO$Z6>;qXj4^1zcG=Jv3MT_s8ealTV9-6ga?4((<9+*;g zcg`)Pp8Il&uD;VZsqn_J(-!*f%<|opbN}>llNK$wxA?Yc)9<*jkE8vKv;A|AFSReu z(f!BMbz_0kt_S&J6gVBaG1r+<8WQWR7KA~T4#?A&#J$yqaYcCJ9m*!WUx&J<2 z1*0OFrP{~>R(m?dSBm7znf%TDrM_DxYa3_Ulk+Rjl=_O8HD6n|4cPVaU0R^MJUj>4 z+HPCmJ73$lEGIeSs%&52>!%0u+O7;(vg^Vlq1Fp(XF5mffk6UMx-rw~Li|6_Sn=7C z9-yQ3$l9rvt<=w;k2qY3IQ0K)_Nzm@!PlTQ`L1b}tqx=nTg~(mrt9JbmHxv|+!j*S zBGw~946Yy$5Y_`o#o-~}qAx+C4DwHzs8H2jyAUu(vCN$&%reDuvlYy~F_=>ba~n%_ zz})@~U81PY9D4gUc4cra;Ol|ec5P$%P(6_23Ak*P73mi5 zVORA@?>&{{ExuCSSO!Fa8M+X}A&%wZAB$zXC-eo5Ly6<|<*dE{ydvBE7rq9qmwyG) z4PpAP5JCD4lV}2j9soLe01(6XfZ1HNSCN0iKSWp$n8ToI2S>+ty}e!=S&a~I1%C&> z`MSMb+jzCjRr&4ZzGLC9@QU^*{$Qi7N87cH*W1zAdA<+BSL4+koRp--#~v-%NI-$S zmMlq|&+!0rMd3GT{;!el#;B`5Vg;7HFodt~<;mUU+rqZzkWI66qgA{#5~fa_FH<&x z%`WMnzXz?;3&5GqkshREg_p{9rB%y1ukp!80pR4KzEu*RWzL+2g72j#p}T&da^1j3 zZquSW0LbGUSy1cw9y%$;Hb>gp+r>1WB=mqHbi@UKBd&Wybp((h17610p!L0vqYQXH zBE%Cc)dA_pgj6-XrzIqo;#VxjPhsuMq@g66p4+Mgy~qK?c8(2LJb|>0co4A+lS=sw z1xXU|XI1)-@o?w9zHqC@I3O|!(TN|Au_q)BBd`fF0VAzhyondxXhKjoRR4+bGO7gv zO}r$7heQURp*Yc6acR704gc;;dxt!y{MJ^kv;n^VcnM|rY|3!_SnKskXy5wXNNRN1 zFz!K@wBm>x7}yZH=;07Tx*drbX5u)Rs5_9FqEfSvs!QyHY5Er|s=JVSe3>j;jMTE; z3h=!XrZTkzsm&_2TyLx-JJX6rY;k{PsI63Qf0TJ@DfE%;IXp}p-jX=fZcy0_mF*>& z&3e_CfP&U&%`$`jyv)S_;_Iy&Ry*P%{q$g7F9bxg-qQm8wY8VUQmEbB?g?D;q&H-l zUlbUJ{{tybC13rm$y#t3bwFUmfh*9<{_Pk8gLX0)NPCly+=Gh>l{DD%8dMnCa?Nix zOtFZnAE%%}Y0o2%Kkrw*C>E>n9!UchRS1B;rm)MmK~g}RjPN1O6P(oM#!#EuSdeTZ zaY`p5ly0#U1$DbSsktavoaIj1TNIpK>`vNO6f7xsC;g)+_#A2FPI`N4@cQJUV1>h- z^p3{}7X`~)i1ZjAAY%zKdW?^Xf*UGj-hcS>`bxZpd4g%zX;UrJjnrfWvzLYt^d#F$ zLlMZ}nUG7tLFXe~dBcEU{DBbfXIl+I z9E5Z!U&R~=wmO-dY(lP1eiAPP{^BAMfQ?=xfv-ufL_A*iJxCg?NoJo#93JCiP_&p; zteMOzNZ^-{1^l@b5&qU5TJUDYgg0FlWkRcq!9bdu4=`bFl>0J%0q*OuPIBMnNc87j zEb-tNNX2_Z1NZenfc@82zzRovJsLoQ)7tdhDE8vvLv4B7Y0sblmaJ~t!1O>LE05L8n zJBlNU&`1mmjk6>ui;X$Ll>3@;aMj zu#p%Q5cti=BKl4;N3c~#mXK(hNOV)2geUF;kD0J-)4W&=kCk zYOYQDo*B6?C3{!oTC~t3s)4gfiK_cLD3Ri1^^5xAH(7hU4)QTMyUwVG^!6ZXIHE>1 z)mp<4s)#DU`0}^*(pH>6`)fVUNu&kTjYahAfPPUN^a5upp!C3>4S!Kuj6m3`XwU;K zcoe{CM@<^FyLM0|Uzq)I>k<_tLGD#S66C*BaD*9*^_=hn53_+A&`qY^t6Ju?0k_IU zeK?83G)&c= z0om=aBnQIoPlw7GzFp1`H=|06mb3?{HpHf?*pAt1BjSOdrE`2Vhn&CO0^7$y+b5m2 zPr4q^VZxrL2eL{rf176WU7-gm?0W7}yYC`xV@0|vXKA``C_+O^LkJJ`rD4{o8~emt z10k)^;cQqsXyb^V;C?Xz1BuO{ooSD(R2V4x>s4R~9H2`VV4@5hfDMgZv^NJVH-NT( zI;?sY%^{F1Ox$`tyi_-KOMx8l+Gunqc>*azVM+J3xpP1F&0xsx2|#cb~!(kSkm zP8-{nUYOJD%a##CWyDZMpwgMB#%SdX+W1`QuQvD}tLwCy2Vsw^mO0R}4B6|lFV$Rs9sb!V;QyXp^o2marc zzUtiQz42Y?Fb$0ZE!v;@XzRLd#CN5yN;eLiwecWv%cyfB*wXvl>Bhkptv)@NGW0B! z=-)x0?@a#=0_oqCZfw&*K>chKM0up21$od1^DY#whv4YGiDxgV`1iZg^?*&!?R%Ea zW&PikZq)0|Lf`Uz^PfIyk3MR*9!yP^vLl?VZ@tR=r;j?QkJ_gv9aJePdQ!8#MKk}g z5N4hApV$~pu@i>PXNDlMQu_OkEbpcD)X4FDIP3x(+7%i$9) zKKX=;j|(tj^?W%&zlh!(8r0&!`!GTOlCc4mg*2geNVB_aT7L*j1kxFBA&|j9F#3W>4@KLE`F0L(H+FjjTlDK!yd* z7HWhRaRcqVz`gLoMRHgaD0_C46M4JvvHno0LfI}#@5bv`R$_KZ*W1LVCdDmZ}|OBBg)DlEJ3x4F}=cQUlNYjp=_3^O*nIf7-Sr8_r_y<(S&Q zYuxO+s2cjYt@k2$2T~4Dy+{4m2R74xA$-@PhM@J|eJ9~DV&v{wn4e4pdD%oTBNRUS zDP4RzDBcK=YCTNNnt)UMOQL5TSQrO&c!2f#NS+=XI22ZgUVo+s+_%Y#a^d0wS|7CP znFoRVvXQV6977Mk20B>weLU*@-ru@vks*e>qTkjlKs95}W{f@idP7EulS~ zUzGiIBjt|&I7Z|Gr;DS_#f~ecC$}tnFIEg9L*QIVD!6O!kFZ<~2m0_{lY#@!D>9lq zxed$z?%b9~`eHF+$@`)3?*V}fG+Sasw=xF52d-1%RzQP| z#&A9iyaG>dy|$tp`3s~#Guk{xy%^s|I$bZPB!K%ECE<)2PD66G9sme>)N=|D?!}7q@vspwN=07OXhYrru3Qha2K?@PaSaA zw_ktL!Z8QR@9^}IeRf)bB| z@W14k(e|` zL=IN`d%@ZG7u}t`H~VBH-4mP)_T6oA+Q4kEZ-4YP<~OI7f1n%R=5LbxyE)3gyU~kH z`l&{ff1CB@cEr>b!Um{m2miLqLE#DB4E{Y}LUra$38q{`cS`QJ
  • (?-I$s?3@@A zOa5iInykCWS0Gp3@+Iq1#2c^2<{wL;Ke1?VX}A0fumvC#SeNr7<5a|+$hz;LeJ8X> z>%nP-chyB3pH-N&$8CI}XMW51-3e{w-;j>+H#`eXJXn}{peT52QbF!E->aTrDR}i= zZ57=l?#wSd#(wvyL+<)BVA5l7WU>4yu<6Ojv;y=g*c5A=X@gQQm ztPg-N!*!GVw?VvFX`wO0=4*>$T^FSsssr1q0KDE~sr28qJrzIvdi9?-C^=1ja4{(0!lj`##pSH+AhTJ^Pe*AmF~mtp1M(*C&wzrh4`+ z&`JAcowg4C)`I-@?cEbWs~LqNNSkcO&kgoO5@|JUSYTzUgQ zXZ;Njrj0I;7=NuUZRK5v4d0JScYb^SVEm25U#SB>_d9le=-sySn|JEaJ?-tji*~;4 z{SvPY>UDT$Pzwh{UfJ2YBwPZ3d`>o>Haufo*AdV$&W(ofU(Y5*k*FJI;871h-ffmr zUAwQYR4Xz6%Ihq!1MSQ1b2sjgeQ2D*yF*(=Ll_jlpd~T{REhFj^9gO!UM#AR-SphX z#s7kNrg^Wxb_6@~XC8DnV&?!DcHbHIzGEn8GpX6^8MW6eTV%kERCCyytp_LDOMlm* zdB@hW9QYjNj=BAxB%xrx&IJwoc6TFDgb{q!>O2>;bW^S}Prr==s^&6uh$Mg~IQN1h zJB~eE(S#lwvh!2#LG;kRj>b7Wx$i&nFZ_6~^BC{P=Rp^t%_D(=1E`?I`CHh{s=OpcQLvBO!#E=`ujQ7Vou~?Ee!@q`Zlf zHn1{~dEdX|L=DU*6oshCJOyc^d=7f<0iO-3huntQ6b8%t&}-pmqeSm6J#ecnTy191 zbN6VgmPqsDj9v3TBtxyqOPr;JTu_=hq`fq7ZD~PngI4{jOl!pY`8x|g2~Scvdn|F4 z<_BgcMYDfvX7~0(^JUh5htrX@G_WM8H1|ENx*`tBzVJ7|Tlcr7EE#21_f6nhS=o%Z zY{$d0dp&JR`rSfS@CPpiBqq0^OlKDGo`z)Ntyr>R6iu#_4gR?I@O2M%&$v%+} z$w6SBgH4BkGn>JUU+7in1I)v#=f@R$FZ>Bv!QVP^NlCPN7B8^0NGRO^=)mV#_(c>( zmbp2U8wXI!iC8VD3UE~;H;1cLEsiCbJL(@%$Q=dGM`gze;s*A{5L6{Th};-OhXo2O zM`XEfiuCO$LM1Xc=Lm+-5e%O%O_&3t8Ma~2xEp)0B95O(NoC%$xl*t_2w4vrq-y>} zz{4FZx0jx3XwkIl5+s<^^bYyltpuk#6QlmR+q6{dX<3}^NqP%L-@;EBHNBm2OMa#Y zA8FT}H6k&loS0~Xc9E2&v`9j` zbEK9E$F$T?l!$31l<>ZpduY*aH}nz`;uMc@aNn`|PwdR`0#hsVcHb&HsTAPPqJ5x> zh8*@?0{p0XmSKJtQ#vZCuk3n-AXsA`pi4Z@pavv$bP*?8Y61q0f`xc=Pq@jHUF?j6 zbW`Iz7oXl~2@_z&WM9+}!--gcY zBYGylj;Ckmu%vHhCny1U$*=@y?7{l=u)8UNyCL(1iD+)@3|YOa`8k(W6YDsk*)7`5 zyRzU>)BYVXwXj` z(~UpLl8ONG z-PBPKP`WQDXMoa$DaIzn_l)!(hKFI4cHeXvtJ=S%OZ&f2?JrdXsKE38dkWY{fr#UO zLV+u=e~dC%i46K@{)6@}&O_hBJrVOSWBfa+P5=5~sv@`n9J;?gMd!k6lW3H29Zu$` z4_W-7-5OVYpS9%jYC5i1U2b6W9>DHd^A1rxAK$y)!50<3?` z8J*y!7t_9tCvhmusqlC5_qplw;D1b;H;MIslQus)SDDVVxpzrd+LRsuZLWR+w9%GC zY4hyQ3rzkTpP5LX%f9))pwC=sC?78)|G@0TkG8RRApK7#x7oCsqi6ymhWL+R&0^aL ztY)NYtG;5N!=F}x{gNB|-fU@i?#D_jCLiKCOs&}ECE%GdFtm*Pk=$^b7|H!>OS##( zbLNIlkp<53?7d;S&UJr<%i_aeB~X?hW{#DF%0B8;USja4;YzZYIRnM;N0+%~f|nAA8x@!2ySB4tIFW)&t3UU@C-x+)#e2om9>ed#kK)w0e6{yyZlGMVnQ^ z%EIx4!Hkrv2RULi2okA=n2M+BOiG0EEIsf&Xq_{95+;c)aMMG7wn)!^GKK45>>D@SHrv|WPeF4q~T#~?_YME{2nRq6ZuJ!Oj zAkuXpf7kl7w$YYzj^+0^w3ltA=USf+*v^&uAFSWY^?mFxqCtYaNO0_7htV#h$uwbU zN8qn7^e86m+WPuY(G=BI>RJ5trK0UFLqhp&EWaC3t`z)CONlEpYEOsF98bkW_zD2x zTsHhn!-S!u*6txl{WUJpHd6bqpy)_&uY;Qd8?5g8ObzBPHt!Ry@f{xdT?|DD zKc_Q%*mqDgfoV4Q@6VIq`ko41tO6|)|| zh#SsII#g!AUemb0c-U_+=1!JJ$K0BqV9Z^5Q8#05KtcoLn4^6({y(t~<*Ax3?Ymyb z>6&O8zZYvGrlbjN{Lh-WsJv?vFY7rC=RclB0|&(#`1>EDfs-%nrh(Zf<9kRpur&0a zweL~Ye-7$Dwa2hB@8~r2YRH>YnfD<>-m#T=|CE7CLJih~`IrL3M){{ZWZ7CNJLaIU z|0_A3H-pv*lacB$Q@{8Css6Olh)X)_Gsf9s-d9#=c&smecmFKDp_Ba@NE`%2~c zGVGEVjp>cclD$_y^*OlFC%1+|*YSK`(E8cOIB1g(9K~836A>?@fwJPGFRhlyuQ^CL zesKOoYTn~ePgty_eUMdIF&`DU;JunHN2Kn+M#nV0>NKm;YOZ7?r_l`s&XGy-v`?*m zI|K)G;cR6609!H->8B3Eb~qoiZ*I}LAjHiQu&y(+lR!ofG-luym6iFdyJui8b=pRf zSfi z0bcuZtk!spT*V zv&&(RC9WNC&;+gXe}?X$5E99k$~`~X%Mg*lh|go1R7^f$vU(^y=ezCS#nU^>S7lt- zLm||-<+e3AKSiY-v_A6pAgI9Op4F~oi%ee6dNe`?o89=-tmSOKe%-#xV zrQ-bC?7E?XxogXi3r=*SP249rCpz(BEs5|e^VXx^EMDyE!J04`+#w#q0F`b(5-x-L z5kV+5yj1x_t)NxQ$q34WJ7CGV1Cx;ffb{lC3rNsj$<0}Mpw`ZZT;Ip}%6h9M6uA&R z^i<w{L+esFVU?HO&h+!`ZAga=qc7xc3viGi%prL=Z)>*k%9=T$Z#GrM_1=v`J z{XY;T6`%9scoAoKNZ}HQx-64s3`PlN&H&grdFmXVU>^ix@ z3tN!?L}qYl>l$6v?cPnq1c-A3WllXvh)xF5ZtTTmi~Co})+3BT|c(7X?Bk2o(jMEaoG3_o6(U6ZIIcdyHneyAMk0%MT}7#MmFCsIqS3AWoXPAuX|0 zRW>ueo@s{Xb<7Pb*^naCx$=F0t;}edoC2RE^j9vR?cHmE^u9Z2Xi-!L%FdNVGLh zjz5x~IrX5KjQHp9&aUXO8C`9O^pW+;Elaf?=VUh~p#E1WKP*_f2v~>yeYGX~u()*? zfS6>Up)i@8sZeK$K;G%T0ZZxx4*CbZ z&O+Vzi?b5Nb-ZAl{>8ZgFaBLAL<)aXC}J=ay!gTNK8P83`+mZM&jUG5)~9$!_>Z>5 zatGE)0GOq>?=f>EdoS=G{U$yKNr4=pSe7Jjs{iP>tWMM(=6EwlK-G>qWQBHvOF+Dd zEoUKNOYNFY9HF9O8&wM;R=|ilIyrjN!=Y}Lo83i#E~b3~-M-6%eCd=gMY)$deONtmIwQ@oK^+&6@W*ry{{p~=%?00M zpig@<6@*#G$6?g5Q`Yfa@GEmH-ZCk#+bcN`rMkqNJ1_(1)=yOT&;tW>V@8gDljN&M z1~EBcbq%1xVKmx$x#vtFgkR@^%Tk8OOWne0J?$7{Emxp0f!om}J5S*EUwjNmYaYr#Z z#IfN4UBJqq4R7T`jt*2Skq4_|IAGC~BL=3@fsbM$p7_L>-3qA$f^>RO^Pei#k$C<~ zvbJeQD~?!uwX{SggkbyNpqZL~iKVnpfSFx1kC*AA??gH*PBVRunVv5Ggmm%3IQ%p! zNUrJ7sZQh+C(q}s>?O2A-YpS_Be2rhe=hc)3*J$i#k+tzS<$Orb}0RVs#iVi)h00- zel~O{Chs5@{0Hh)P6|;TJBpc5OxA@B!s!e5yoxVL0d!t8iy5N-A{rToRYwr`xrkp5 z@q?d-_<4w539$k~G@pPZ8qp*kg8&0+7*OQ3D!hd-zIrR8c6Q_@)&&?lT(Z_KA%H=H zCCUUC05iOf`B|<+U0T=}cQcuCB{frqJD4iXtP(wU+j4Mg6nF>ra(t8%|1#oV24@Gi z^DLUGXYR%}7+srkhJNvr+gx4~X8dz81tO%J3t6b06D^cMwws)WM3p4@#4t)AS&3(rT=5tT%V z!1&h?zi11pG7fn%_qj9ox&v!%tSjl@v|!4Gtojd-Lu{v6bzDa7(TU4g(>Y^E=NU+t zA9N>QUwvi5P>)iZqX4`OwkAh_w{yfMREu5z;5+aom_`ni===_w zNX4nsk}tPKB0&xsBtuugXc|Z&W<)}4fGHh<)*5$|G~)-yPY2?MmJEYF>DtO&WH%&+DSP2PXu0M6*ijD}Se_vGm0rVFDEAR(UE5_fIA#87hQ^TV9 zE7Laak93!@D01dg{PVRWT2vLeYxQT4dAXx&p3&FnAs(%4u zvY#*-AF^3|Sp29f$v!NnG2-3_;aP&!QC#BB3ysA*h!@io+r!d`4p!L38tgg=D<>dF zOVGM>tq%RYf+#`dkfII=N{%M-2O#?M3M4G-SeN~gZ;!y#qYe+=03vexvpA1?J9w{9 zQzUCs2~dopbf`k1RAKk$eKUqAK|WO2A*+nj^e@OgA(Hj_mm0HRIh_$gRV-Cr!l?7<;h-FXV$lP0fqy^)75iG|`ups}%oB=ZKgSoN!KO#bG ztl|Ojv-hkZXLP0#z6_k!(Y^GqWw2Kr?A0h`&~kB+>;)#!Zj39D7*za$GZK&=J1PmO zf{-d=_g}F`p9ie!UB0pYis2T@F(`5A2lrRxz&o}LvNG3>XZ2ohsxr+hfL7)9+BIs1 zYdj@qyp%Gv#0qpC4LUEeX73F}E)l1{iRqldm&fUx6ekXMbEYZ_$$=NtXLC%rK%XWt z>W6@3CKEHQ<`OIP-}S&W0S$=r!*X}fYj)JmUAPuuyY@eOu2x(LVOFkibAY)(lUa^Ba zO>q874C9WP;8L6Tvy3?u8RgIWv4qqM%DEyZ(jWGX_=<_a3YR#JK;=VMTfCz@Sj9H# zv+MFDySEf-f2!pe#cg(V`TmxqNGeiQ8UPgX3WMu0K5@Sj3hj*@vt?sy{PY}QVwF1s z!yD{{iTOI&HKn2Iy}oqlLGYJLw1A-T{YOucE)J1YxC4vr
      >OBpi=R|e&QKX2D% zBn!;9b!IPP&92eqQrVZ$FwKdKLE9j&R1WbRx1gZ0z#Hr5d@&lOmqqkL>p{W>*VQnG zT*dyp1rm5a58ONC0*|2=N3gX3=i^X9#fgIw!u!>|Ji(vnppYl{OXl_Gjg^I=kykNV zZ(PM_{(~o&Al~8lYx|m2zK^qF?1y_5EZAouf8J;0QY`m0x@@x41)g9D1|>>=7JA|ex~B0;BCc4fxC)}YCiS4{dqr^5c_$IGP~O-w7HG^;>d#@$UO-a z=k(qzGQz?JknZ4vQh$p%62FhdO?bi&54{nY;?J8Y0Sy3Zk{1C;m%uLf1j`h#&&(FB z$LInuT?{Y*^@##%;rhf+Hlu0zasphiG8yuA>x=MFLCU%|YegAw+o)gT&wDJEIo2^U zGcF|*)yQ1yagN1+%m5ERGE%V~>@{Q0Ryl-|m(!00eCR_O>(9%V(AZnW9rfaLpvVO% zF%Z*4nUTjMw<1Gq&aY$@*2qd69F^Lu3dbxIHg7GkRh z&Iv5ckoHyXLK_bdOw3@VdV6woF#T$7mpY^|PS@+l$Vx^jqcAI{*nxFqR>rgPWv^n4 zn)BN>gu39WIN$#u#BqQ0S?@ZCv7yK)(&+jMS|>jwmCleKL+RX_BBT1ggFM5SC)^hb zMh$uBx3)PzJ7^uKN__YPN@So!s6zvx8%!faI{+SxsUnioG(tAQz)#dG(Kl(obN?y0 zk}ezQ7U;)`HW&f^y4fL|FJ=8um^SDixX)7Gf$hFKS~|LZDh>PuO~=`Jv9h)OOR+J} zO*2Wyg1STWmYjIyrRciS5R6;NvyCq4?}*^OM4Ds4DQMDZ$Q?LPbGey@eE=&~!sx-a zqh+v*&(QCNmum3#kxR(i;0g~XIkn_j=zq|E6N55Zym%Tso_`G%s2|L*crT-Uf^7rl z+EC8LiP}v8$_L-c>S)xqZx_$QgF%8w#SQ-eaDmWCum;)q3{kZ|zBgFE>J3`P8R6~9 zPLTAU3i@Y}{xFF61FqAhw9*4}KnIvqnCy!gIN{8(jRB5%nw;Iiq!ZWmgaQLT8R(#_ z&gg)D-tK}$WOZWyEiOKL{Wqb0X==VM{SD3Hb)4Ub#{zu{{KQ|Z=fFZN?goh(iG;Fm zdSY`ha6q?3?cbREqJ6WE`Vn+?>862^0rqcF{=2QSh|e;o%fFl^hJmb&Q-*`ZpitnI z!qXBNf-c91K@Wh-S8qTR%Hv1`^h5aXc#|tgIJ(I7kH=Az9pHe(Nyq#WC*KP6z!Zmg z9P66?yrq;lWLoBE%#UMQ2aH(|s})uSgxVe4jbhYG$Pzupabv{qvGu^@x26lb@S8(7 z@-yNJ1^QPf`}2CrN?}l}CMSo-K(Bj(D4+bCK0C0$jt(FeJ{>Q{iWTqS-^Ur2O~-#H0LxLNR+`pdN&7P{JroX#>{qcz)5Tb9 zD==yA8P$dMDBBI~SF;{pjP`RSQGaIA9tvOF`jw*nL`8edu|WG7iuM>Bw}AGCz0;uo zBp}d!l1cj?>M`1XA9rfT(f+p*B+MTd>=%Yf|HoB5r2k1EZ}Ca`>oNKt7IvAnqFD4& zStb1kN%~`XG@kUmd3SUryPd?JOyWNc;w!C_Ay$1K{4fajnr>hg{M$->Ctk`{7KWY6 z1Vck1<-e%&Vq;hB24o2vP%MW&uPiBxkys#AXl|NW^qV#LnkAI|GQj-}|SW zWS!-HZ%Uye@LlyT?AF^G!Kq+4dchTeV)XZ3&avPVh2?!xO|xzf6c2}EXUcbE8?WRG zib5@3dB8LzvJdNl#Pw%f;RoH97>CK5qWM$iBu?Exj>(&A1h``f(d7N-<2&|I%)TIz z=hf^DnbC9fhM2-tM<+Cic{4~v1ys%}tzlk4srxadtfBu_b*?UMy@?r3EWqlxEKZqa zG}o}d{hhNmi~NJh;K1&hCntsEy0}SU3$JPkS|3U_Cxvo+Y{iE@BvLDX%!UMJXK62E z7Zxs3(0j~=F`y<==p^qY${Y!lgJEzO0DG}osQ>@b(N3x|h)W$An#42vnGkKtj4ZmI z3_LJNqd}RUh3a5X_Kwow#v9FscI_)|qv|X)))CEq5wdsJa8Bxqg>@`ib&g5hm+WH* z@@Vtm_&|0SQ37+Cles7HCJv+j5#fSP+QT4JWpQ;cOe{Dp@aO$r0)lu`b1=*WIemjX z7b`wPZs?XREM>eOo%4Buk5Tyf^B!QykPr9$scECfD8_xt9do!WIcLHN2#5!BVtE5V zVfqO7ALnvUE5JntF2jI-_6yADMo4TrW^}mscQ%YG%;=&Mzy+!h9rV&50OOXKb2_ZF z;NlEdQQ&qLR)4AP-W*OUX&$2l(>X{Jw=vNbsqh4g?Gh&LA8x?iG9n!?-N6c*cW5c>m?$ydk+EWrRM8C8yP#3wdn9m3lIp>Lcg~1jfjJX@yw-j$;7T8rz zg0ziuIVVgMRT#5Z?2gWE`nIEH>Bzwx)kXieR=th&1S|BYGY2$3Pa+cU%z?HvojI7b zCpvRZeailNOWZ)r=*#&?MjVP<;?LWCK1n5gIeKI;`7TrDswh_W<1oDaXAT`WDmolG zQTtRnb}okkjaa2)2kqfjyQXj%^p>1ZmSaM>7!4$smQzJmu=#32$q~v4Wx1SCipTIO z$=FqdNWCbh8R)2Vaq({U0cRc%S@;+L;=6eQ56>{F!9XB{^hey^yDgp zns@eYisy~a^UhBGX~`es(YJP5QEL9*P`L@TN`j^e*3$iyy?14Qyx`LS_f0byw1ZUKQ}Z_TOtyH> zllbTDVYnBfdO*s^!5gvV9l;y?z?FHAP<42%^atZ!-dbxFAS5{Z)%;g3uOwKqL=>~! zpmpEBR^xubDd63CX#td$Mm7_+AOZ6Cu$ye{!Sugo*K&Dy${vwE70hlyUu?VqQ^$;9 zl-vCQE?Mk@ZdLT(T1c)!c_Xa=;KgOwUdoXM(wuSde`Dl~BFkjGM$eh5zC0v0+q!o{DXLiONPcBevLMKMFN8g3#k*&m8Fz8*QF> zJ^<@Nlz+u+sm_*SVmB2dhMp$w|AN4BVKBVZCVmlv|`SS_~Qn;j| zY2V+%uSoR5>Oj!yMpz8PrWazPga3;q|AUHi;XXR{TnhRZmn5WWk8LH&{nxzOM z-_=_6od|`(_ejx>N@{LnC=t91{L}2S6MXiSIa>AA%z~H!jJfifait-x+M(ibr4s^- zza|?<@QOs%FYm(w>S)!ceu)i#hTSlT8{=6X+Gm=}Lz~^|P++rXsKK&qpTQF|3 z0&tmPScpIW6uc)j2Un8zczf#YaK>Y^8jfjkzZ%p?1~%=T6uWTL*5BIh9TQ{H!Lr&7 z{iD_1yu72@X$XtO3Dt^T*sdQwhV4so|4`hhz^>B177S#r*TdlPI_+w3%ij$73*TqDdoa4Cjf+tPEkRr{#Bm^w>K-9XPNeJ49QGpoT5QCx)H+6d(E8H4=@u~! zsg=us1`cB=F{Wn$daAKD2g?%e2KUE@q<*O4-gx-b1h9eihD`Q`72JmdGDgRvIsUI_ z&cvN)9RGoZ5JXx3J_E6e6bLe_zP}LPUz*2y zXv`Q`*ml}U`{??(ZsTWQDq!3}E{oIHF2k;JRQK}dwV}n#Xvm2c{M)coe!>YEW;C3& zy>S$oaU3MDmd&DnVXt>OJb;+De&M@KazcY8DX@~nVD&jha{Efsq)|q(^`K6xZoEqB zAovpD=#BDl1yeDCjMj!K(kThaRT~f>y(cJULEoFtKgWI z5|_rMjFt9BIcN(y@K_0CtKA)VRJJI9g92`l(Sy%B^937X8^xD%zp z!wZ}l;Obr=f$2?VFTzeT)sY>EJ=O6jXe;ZztP&Zd=IUv7xMW-mQNlr!z-MxAHA^Nb z*ocEoiv89^QE4l2>^)A=qOY=6F$QR}4{hNBQwK}>O-rO74_8;_@}@yx=@7Sk&KVb1 z>*vC?*7skr(W9q!jGhkCj0UA5&qWoWqK}4!d(?r^8MWbvPZs8v6>=O4pV~QbW*2M= z8)zWzI8T`o>0(QN?D+gE*1g0YW>T_9eK?6CKwPJaz8@=^87(UPJ4;!7F^jK_D_$w- z%;Igm0TkPWV#Pn;kznJCM#+Ba_E8o^jwm&OY{u4AfzWppe zj^$^>l|K+Gzg3lQZHVIkd}8^wekghpO&9&+${&f9U#iO2#me8ESbi(ZZ)Evq<}}+c zV&%uH^0l$@qZ7+7W% zrz)RSAEp23#PUm7elg3hjVu4XSot=qY`=Y5wEQP%Fsm`^AJ6jRSbj!Fd6$dw3pw!p zM^(NhR{!&f<=ZGaPNM0ezbsDy=#S1+G5=b>DJqhial#@hHe*jEKR+e86Lg$X4S_-L zZo`)9z%~EmgRU^1*udFPD43h=xauGF@8=JXgktAzBhEB(_dWbC+;W}TBfs)=p6?)U z@y7BRmkgr14F|S7xvxKR?G$a}z@*UP*}N({sW4}s_oKq#?XTrmem!(aO1^)aqcAw{ zwbD@ZeY>MD=a6@MWR;$INDoeJ=SkO7xa$2hZX{fkq>p;j9ZboRUaM$59(u73inf2E z{Xy%yi=p*tM~cyr=rWF)$3OJ4Ng!IF_HZQ82uPR=$Eem3;QCCZI$yVvld!7e+>6cg zb&`dH<`Y}jY>dbBrDm6}-`3tFI5uqm-EE1S2Y;LRG7DJn<_|L?bYU@hr~)o1J9h!^ zV+OeU6&P&9QtM-~Q{JGlgc2pOEpjOEOnd?VgAUAbcSzLet}!?4>cLmk>P&F?5$ets z+BYrY&+oIYdx7DgyFoX67E9&A;j|4voMfb#0NuJyo;l+Suw5t50;13t%iOZiCT2vT zIy_StMzu<^KIN1WGC1gxAE~Sd%&bT7#5xz?o7-goRSF|`=Sp~XjFM%u%z<_6Iz6Zs zcErrv)$C$6aVf!6N2_Td7!0Fwk_HpvYG);50#C_(IAY=pxIT~P8{mzQ>Bt#=T;_;U zIp2o;31itY=He9qm34H28y(Xm4lx5Px-wk5fG@MrHL7x(^Z(z=-P#krOlY zy!y|kT3&UaHgRZPiX}3lQ}Ug-bLiCzn7kFqdcb6(svYDmSh3x9n`Cv>ZU4u6mTp5! zo?{!ar}8B}gM%*E*tN54Op5CP*=drn=nk{zBA2Qv;(M;YEQdq>fd|srS+eI)gq_yW zS<&v3@_Btp*Y<5z9LBSR==NebsJDLQw&ZV40~j~K&GGMLT2$N>~#@? zqPR#Q6LVr6&l(Q4NaaM`D1Z^0`B*&OJo(L#l2uohuHCObK9%WB$U0_bZow2~Sir$4 zZbgK`+POLHVIGO_;5z_C_<-_Cz`|5i3D$}DfZ70j8@U=7!=ZMjLYB~v_dG25_ z?j_#8s7OxZvC92<6fZmR3OIO1I}Rm}DX@8A$=Q)=D7dcu3b(OCKXo9|4^NMQZRP4I z`-!SZ23|oRf75yRmGU`!0d!~OnFqC+T0~(h%()P}|F=N!lac=u1mDG_D@5#FASm(q zbriAZVu(eidW=J1I}8zsIW8{Oi|@;UZE}3o4i13rMaFSY@Sd#6wJ)R)h`YVXgAb7e zer@iz*yl0MNdIh~g_paHo%*J~n`6?A4^W)?05^g3@C2QYyPN;z$@~DrVBo?(gpU&r zf|~zrgyNyYwDM%)!tCt>@qLoxMaF0D`fvCplIg)}RXe@|pZngT31mAgcw--=2V+Hf zuv*c__);y-g^&3S2>81T6z7$Bz+KG2uaD?v-@;u5vx17!ctw4YDVQ<@-&nyJUC}~Q zt~-wGo?oCkDtNXBI#+>`w{qiD&}Mpn#Ib!`OgCTN#*5p(QxcP`0%DSx@IeKf{_wZ< zS$J({61q=)C`kyCD=HRcekiH9Da_OFQT|ud{8&=6tOLC9wkH!GmEQ(xRvh;jt?v4E zP_vcPWcA=;4w31Up2Z|&4#{M^;H+dKw}yNUY99IZM7&@n2?Tye+&F@KX=a7Npt8zQ zjFAI66vs%ah&l=6_{JW5I^4@IY_foIBj?x*?^LM@=%t4=?$U`0?{H4lQK>h#>!g*R%eE@&%u}&}x1KNP1wBjg5gH4c<{0_TuO% zI?&87+-Hcr_&BX7YE8C;@!jhf|CsP=U?o8tq`mkgx||@3`L4YtS9{CFk4;eJV$HY7 z7SW4Pn4>gQb^7X04o!j!A77>ZsabZQEc>ci_SRV0VwQa!uVLnhwokUW<_IS@sQ(!g z#vZ;0BnX!nVuEmqH0+TRwFJ?O44A)Goj!B@r}t>9{E|M`r+ssWZ#>{!oIoFSzC;2m z7Q0U>vJ@-(dF$7JIF1mP1ELA8W(KPdroHzQ6P<3U5_WzyT8vlO|A@zhfjv$T{BR*~g9cs^JfYoMCk~>w#7tuNa|vtG zKllF>$84k!L4(&_am$aQ^gDdT&c`JEp4|}7Uz1p`>I~hyp92T575$bH-IJ&>JV8R2 z;A;A_1nw6BrV_&>yrX?RBmr{7WaO8P&Jp8@-A0z@0phCD4;qV}knD6jP%!DYow#n4 z)Grf#ke6&-rs{7ygYt`6o@&18v}|3C{1!kk?FT#stZ*@D@k=}QG+w)B4x|8Xq8 zT$X?4gU{-Xv;&% zH(PsIky_24%<^SoE$dH3`N-_5(;u9^G%QPvH%ncp_@hkR9W9{xXAVp4M_lAW`F-NZ zFrhO?&^q%TxU4WTaQ_;|;GbnVQ(i_d9^ynxxlykAO}tPJSDVfzzNd7uEnmm;Zw-YcV zeZn`eGSle5$5x5jY;j3q6+=`N8)7heG6J1C8~y`~AHaVqmi7s|d43H3XVgkj_}Z(o zf?~0gYa-+d)rO5I10WM(K%Qj;(u>7<1^@b3(rUuD#^67e0RJ@;{`^GvvlRUIbD~5j zjKSylN7e7fl13B$vna3V1Mf!%{_{-mJrlv70*?VkWemngj3D~hA41&`v@VOK?IuGO z#^Aq2Wfi55qJOdYO^YgDqR8_T1>X^av9bgHQU!l_EbVT>{}2Ea{`Yr#mKG=ModX&iy+Q|5svZeF(oM249PVuWgj{afy#UOThmfMdOkfj0Q%4J}%tvMsXUn z&W)u#k2G;{4E`Uf`Aqs~FPrdJCc=tF;+pO&DaU9R9NGe=>q{x)*pTqGCT^4{&d*V znBn0fTq&8?B*0<)iod--fHFf@;eKpJfOk*`o^WCEzwL+7^r=V}I{_wgbF3PGE)&@V zjeTubnOtJF-vn2pL{X}$u2-x&$^WRXOgsQi5(^}LRDe9;PMl5sdEyrd`f~>^{os6^ z{;%0F|JN-Xj8(@oNKQ;)9DHI5BcJFw#*62d;=bNOKjzp_v6Uni6e+xy<^nqw^z9j< z@MrD#Uggd0p1?K7jz8A1D-E5;J+f=Ik*o2^QF@55HDjB$;yJ|NBc#c=A7}YR(*3%+ zWSV7jHY>pVT2-`Pq!yv}#%3_@iu+I^ao?Pra-Z(Hfzy6r5uy=E5 ze%0wQ8NT1klq9ShjrRSLgvsEIBXB2R?lSRPMxYV(oEg`*PVkJX(~~gmjT#Yb95z+3 zaham*r?JLayKCGtAQPJ+8|Tj5v&<>m^Lt$Pw0Vr#9yLqckMZw8gHG;2gI3+na`=Yq zs_CRV+QUrP9-OMN37KPjn>ZDR%PvG9!R32kzs9YqOqClt<*LeNp?vN#qj}|Dnyh)9 zvyx9Z1~>2t@@K?WS%QQ9kUdMLy~H$>qptwCAWki^@N&Q=`EI)Dk>@}(4`Ahxr2cJR z^U%YoL-;Z>2)Rv9f(v1t^N1{G`s{;)p3GG4eHy~7sufRq%~+K*mQj^liwX{M{zA3J zPO>0tI-WLUB~_JmCnxmW0skV-=!m941jD^J@8uO(#OX$iD|{&!ZmxdVEXn7}Z5Rwe zxvOeK=<2DK&9Y{b;#?ER62F?70s)EpFWyR)MfRZxi%w%vJSUkTO0ZCHT|9_NHi973 z_?-hdVlaS&MEQDb0tzIq6)5|a=QR`emsIARer`4RTdSeZOmb&~^&>=K1I>uH@Z_jV z$Lc41w)J}M!H4g`D(cIK_XMoZ;i2wt(c9m2=YFoO{JDgIC2PI@qZBxEJy|x~;{*)3 zThnVTg!6P0Zn^tOIq!eOBHf@MLhZc27wcCyQkrGaoo}ZMN{y+rF)rGnFd`=Hf97;t{w|tUoSFOA6h8B&3ZE!+@WM5X*HiOH`$q+``_DX)wdB%@G%kzvSJlwZoYQu7hYN4Z*dq=kqh5b&lD6ji1QfJ3{%|txZ_Yy) zS1%xnPckP6GAB%e$c=0zx?u}NaQ9UsX;&h$K?!7ZARnI@5Ly7HXZiCkk%h2bN>7*f zwWJFx@=Et@oy_!#8g&@*=kWjEMvjF4UzE+I12h#PYmGCpyw{0O0+^ly<$sBjAAy~! zJm*BR7$jbq9>nPkJ@^-iKzv!{en8K}R&}Sv%0nB0uUy&__@1tE+7qS}Mi^sHvPp0t z%3i73!Op_W27v@M*3k1_gB+ZW^b;_0l#xQPVv|2=$(E&OBPfVVJZ89koC2U_){ zh7ixH;W*#8$PXEUdiWypeVP2=*LqSTk^@%;h8TN{FYwXs>+xnc_D8PfC!&H6;&XJ3 z+Qz}WO{qDI{R;hXp_fhXy<6L;A!J7g!X*1-D3XGW`rGx_I=(S=M$bMWZ#FunZ@po_ z!#ggW{^$rj`*l5g554Nyd$9hS6`%iG4~!ExzCvZ-Tj6zFm^$?lzGZ~lGeZ1el{{Dr zUp>6Rr|nB16d!B>YMx+zD?akgW=(LjWjJMWCd}{HdIA>r<|sBr*-akYrsK}W(g>jQ zpql#>)&M5i-CI9ssC}yC?pGcy%0A!;%u9D?e~Ff3g}`n6L*;R}|F+$8t?!NbKb>8a zEj)px8SZTCtH5nrtym&J9$>i#SfV6L}|x%a=7&1)MT;tzh!G zE12@1SI}u!3~#HdAroqU+ov}+psnq?Rq<(6@-urWXUz`7f9(r)#kMycD8&G5swgsf@QJ3}LMtnH8qdQq* zakVx%+3p%|Nr;C`+)Rj4z7NB4XvcNX(Qb)7m45ph4Yb6YB6*P!zxAV4KgvXCvto{P zUE8>5AUlTn-6OJ+@&CI%=&&Ih+H z(5=|_dh{_U-SspE0@lAUGqjgZSzIjUBe#T4{pVoCJeZ38t0*ICaR8CB#sT_yPxn)gTURIf8!}TgJsL*Wp|=M1RQ#6#eJ10v)2Ch0vs8TLkc>3ed%v zjgVqNTu+51G9Xh7{WgbDs6PuT1XWqYZaE>A)2{-&4g;nVwY^7x+NapLpwzLyBHiM{ zH^D&*Xz#)C^y#1!=O+XQ_%QRJyV1nE9aCVxkE62s!!cq!Ly`o_2PjL_akvnHbi_FP zd8=if5sU!{oGg}x)x~#2zfZOPRnA&?dlIKnMSsQS*>~|SVX=MV5rcOLQWsY+{prB@ zBBdWcf8m0CHAuBThTray!0*{>h+n_|0KZSrV-{a${A%V!@oNL`b>R2nUpnKr9x)yG z1)2UdsI;mP`?+`=LEO4CYJiY}a+yf{W-SU)8?hJ7Kj{!bi2nw90>Qb&%`YPdXz0rOHa$G}1$eVrQ_?crgn%iPWMK5~ z;eM=Jx>|2S%{(oTJIm&q9IDJ43y!vUc|p)%U?%$if+y9O6YE<lvWXV>DrK+5*^gW;3lK4!nS3+g zwqG?B-SoNqz5-0Q;6v!9W<)?cLRBtnvZJq>*jKoh*=wi#t!eiiaIeBek}li!ZZ?~6 zeei(VT=GvfxqeQP`UU3(K7-~{ehw)IGt|ig^H0_#d1o;=B;S8zq}yNjnH!r(mgIpf z_x)&=Wn#Ot9#@sqNHtZe$oXOEUwCu=$%n7L#5PEm+$jrM+LhU>+Z0Vc`N;F$t&`bdK{@a zT$p`0G7j?)Pv8!+hTK<$vmYMg7&{#6@GM5z!fWbh<7Rw1J~+qZ`cAVJ9039E3EYXx z?Cy7Ya>JURPBo7a-D%(fOJL{$o-!u!ZRj^(Hnl4GkxIVf>N6^EL@xvg42RnuOP`Sc zy_v3-U&X)e>ZOvj2gsbL2S$8304X(xeewir1+H$$67@1O9XZIEMYbdc`>{n)@$?yqi;8+@wl?_;(ti!nB^!m1r)BhV38$Pdp&kt3~v9I%Fc$~3>$)~Zxb>P! z%E2U5CJmuZhS^^U1S$XhY_L2i2*q2Cb#LBv6D; zZ@h%BE>O@m4mi0j3D*gO)LEO*7<@FvAz$>|L$Y#Q7LUrYy+dqY!CH_HRo3t$I)q;w z-Yr9G)aFF<<{TnJY*`Q-VGhYCiSbE-A%7-$nmoAsE)_wXMohx|4_od$#%}fU6{1Zk zvpPV6K;B6F!)@ojzs0nVSbKtfL}TR00ciZgsYER8-FqP4Nh8_^Fi8QR9kiVb=pG z--@TP+kp%Q1qSm)f<#56X$C2k&cOigdVkp)ks7gXHGCUm6K!*7@H147T&o7tkMZ=G$pMus82Tw8in;(P1`L~0y7U!5P24bqk zAVETle|IZd?EGu2#W~^~ZdmDPv0Z#5BUFpC#3sB&Ud4SlRh?Q5`6Uk5c4>I{(vCK> z{}#^#Zvu-2=yg>ozf=2lg#gT>w4eW5Horb{DLb9bU&Q*QcUILu z4D~CS(G>&9j^Y+zAO+@G+wVUuSC~z_*c~krpX1vq{ zoQ(PNHowiG2G+oQ1w$?7pvw@U=ZHwOb0l(7LWq}Z;#nkI)-gO(|19kezYYQ5hsNba z(n0H+aP&ncfl5~p#q=18C$SaZ6s%HI^YFY;4r#$lpKTIhT(4rsu^6LK^gaukN|5zU zz*P#e@Xc`ucj{%yU%00$p1*lvTZW$717-_0>UIz$FbAJ)6Qf(G7ECII_+gvqOZ;+E zb#*++B2RXzHulQ;@%=$iqAL#a`vYe~<5yiiMGE0$4fcl;DT7;Cc5ihO?!Vc`?jF%e zhR*+fbbfgFk8*x!7ms6u38tfa$of8q^ARpjtuD)J=3p$0s=wMUjwAMe?Ip1x`x6va>rGHti~eBJdGxcO z^U)6U#Vsom=zMnqoh5yLaBli$OA08muK5(`auRKtDE~L4Y^sV!NDU!x0#-5hRpY;; z6aADZOmqD|&(``6r3;|j zKy514VhgzAE+gB|2Xq=cdlQq{l2FZdit+Mklva8 zs{4oKKQI0S(aw-Arav6ctH@GJXY`Wa+x9lA*Sba9y1M%1I7O5tVsG3&4tB)Fi0WOC zLh0P$#F_b{%yPV$Gd7<%)SgWEuEt?Eb=ztIzS2sITAr)^D9R}K`w4)IGDLmfP250P zkbULe_b2o8$_W_tcp-D#{@zn>fAf@A%=0~qc&=r~-L4P#8tdH9uYLaYJ9sY7sk_E| zUg|yP(!}T73Jb?0zvoSqZcjg(@>}13V5P#ZZptK%mgI5_if(lF`epI^8=C7$!#GGV z=-5H{<2Vl~nsU9ME|-qb_GYm&&|tc44>-o*=vT3^a>4EUk{u&&qf@!N*BTtG`aV9Z z;Tq$68no0c?5|G7_my@0nW&Ev1rHbS)?w-K&41F|ePBCxN9x;ebECzur_mplFZ9Nn ztT+%082aPX_)PkvX7M;st!cOA225-2b$&~|>nA@h%OuPGQ4yW^or=e>D|E?1o_DQ? znQIVK(P|ICgvJJ$f|KN|!e;~y>TzCibd~#!d415T|8313Ik~Ffl=G}KA}26`fRD#t za2m!jW|KMD(mIx9K>7SbbiV#Vrlgw5$rph=(=3d_Guin*baRLn?7o|R+dmH z3!x?h3wgn*L|NE_vggLD!1tQT3aWB;O~rzA<$-l;GjbyMD7CmFf27%t_YyHqFLC0R zJzh$Fl?f11Jz#O+#cwEACBW!=L`#+hahl-XgVWaKnlMXi8c;!r*=Watw!9}fh_O@1PATr%+r4sVa4v zW;pL{ID}z*0u>uI?m?QMX)TPreoN}h3iWY3pA&z=U^7vhr7#AGfFsShvZByo8Im%#~gXJ_BtI~s~SQI=BBb-4Lw%WLTu(*BbHe5Z~UU3w=eS0GH{51jaK2H|DsseW5bgeiA~63orL0v zS-EqbNsr+B9T_7aEr|g*PVQzSds3%><=lpVVFS?uvcMiY{k?}7l@T!UUxO&w>gbuW zfU+j)mhIj|9pPsQIE(fPzY7bN>mT$K_qOl#$-$+OSZHRUV6r|TNQ%ydkOZJK+N*z< z2Kx2(44{pXrqgrHM7sB4oqG~*S>|gRn`Q{k9o43g{vG4s8r>^3rc&xyZvY{`sh-1D z{T#$0MRKZkGz_o!NCaAuW+H32co-tPqrqvv)y|AJ5f6Ts`Cr_+;4}MSV`mWEUEM_9m^2ffr)9AV9#WWTT(Hr@)?>m}~1T`+JkK%JYRuN?uwjf!uBWWj4s08!|yoek&7V z(e(spv`ajs{wyvQaB$PWWqq3w?v1p??v{clxVi~vNWnStJRNi;IvbvIj#rCcnTvi; z&PJkO#JN0`8lsEs)45<3%r1tQg&BKc@Y8es?C@$jW~`qU`G;nWB(=ixANBnH5t2WJ zn~d+>&Uz0C2U>rr5rU-3v~j0JN5Al+1v$lm#jhH*V{mi@ITxznfh$&fyPAX@a29U~EWS*a@xhg9g1hFPj?|EStnY(4a}FWJtc2(K zj~d?t^i%X7Sp10YP$%-OIQ!E{y>yfJaU)jnXxklR4Op*ubWh%b-A~I2n}V1mRT2eX zxG16c#PSaHEv*MZ)3&Y5!J(g%)5`yxB614~^^9c#8*?VF4)<{njZ$J^!}EAiR-jMI zX#YQb`1{)q5BK2T_kw{xNI?s0zicPn^JznK=KHM{rY+@OukIS2yW?!DFCXrYubvJ; z!@&EvVb;m3?TxRc_|8a;N!)00e|;Tsj`zEBI5XnAbEVZT`app>B~L$~e-qxn1Rx(b z_m_-p<=NhZsPD(QhbAi|(Q*&3V$cL> zdGv$pASHr#&!B5Uk~(wSwl0xa9$4xn4dPw!qOHlrVq@r;HPJiV8(x?x|HJbD#XfZ& z=W?9qhZI(~0Jo$#=gU?~3EkR<(mH;CRm~7$Y~@HOrJUui2|WYlc6GsH;anJL`w^ag zTD2)~tI5xf?V{lld!FcX%)fL=Lc@3On3>D)6Q}QR5=-?nf)H6OMpuCksf#U8>x(BZ z;5tLQkeUHeHKI1580M7oIzLMDdEaeDIrTJ(Z#?tV^Il%+5ADYeIm zKV?ZY{_juIU^sq@+I3>L*eluywI%byvD?+V6Te+gb)scp0v4EgiIbd3=4jiN=RRWg z8u;x2lRqGT5TUq%IuvhFYvDvFH(a%5*5#3ye_Ndz_`+4IXMaVx10){|Sd;voc7S`B zFn5z*)ty+Y(Pw)`Zi(2gcCSEz(!U$|7Y;8{V$T;Cu)F9%!}5PS%=bIZv^QSAm^UOt zjea%7-n?oTH&4`O<8{M33zqd`n3|7YR2+^KwS?o%k5f-Jd~$Q6{)ySEc=J8xihR?@ z?Ju^=SNQq^M`koBcUTUFsZRU|C4Nx6aRYUzNCpZA#;qBjC^>|x9CHGpr+pS1hp~EX z_hlqeQXGQiLRu_y@@Ez3`GuPJT5%bCy2?H6G0m|rAh>Cyggh5heNoZfpio;Y*6@ig z))}cjRE+sjPBGjV3XI#} z#5jQAHL}QKuXV#yu{A_d0UgRsDU=&=4cwzedW1JS(SNIC1>T)S69Q(fwdTqGV|1 zyauYD9bw-*`ggop&b*grJg*jVa;l#zY~_LXY6O=$OvcRxB_H{J!s4OOAtW~FIB zgIN!flRF6WA27EhQ84*wh+aLqm;AeSLCDmEOra-IUBaHJue;pj2Nqm2%3puSd(UUu=Qe+^py*z{KUQ6x(pYc zu{+?W!;K=xz{=HBouK2H3Fn_q#RWWoihsZKD^XNiS^+ksX;f5Jl{)fx(H`3aO;O-i z!LR zraDz?0*jU5eG>Q-(iIdLH^G(T4Sdgwz1x{v!g*S|z`pHP6Q=K5>YipQMCU$c(RRxE#iFcMe9C zd#7#b7rv(M(f_^X`|=auAC)z8ALYh0u!ajq-)|*;!Lm2S|H@s1@@4xs&zHkmJYR9U z-~XdL&*=X?vEE0&Mwe)ceiW2-cRXzZigg?>IKYsF#oIcc7-yyYH0{$|7G>4Unh;VNlJ?q91}o5G|@Ks^{Ikqi}jO5 zCNZ$+9TcP{lXfL&qAyHc**JRkQnioqKX?|uLRC1!)TYx_@NKR|QPbTPx|Q#urEAe< zo_cN!4zPQsl}mIql_|jS!VyZffu>z-{O?$#CxVB9)eq<&{E&SqbQvVUKR)<9=a zN_T1Tg#Eg&I1r6JAA-Tl&nN`?A zDKM`0Q{;#HY%aMt9G_Io8dHDag^Bz=;n;YxV#k!)F*3HC78}sP!jJt}2oilnKhABS zve@&ULp{`Se%hgKQ4d(0Q0oLEf#)_Qs7oxlwA4Z1$l{?|shEQiRG9np?(R!?| zTv@SGtGn8!jf**)*X~S@1Ri@SlES?I~v}%$JS8I#UdJ~Hje-9(SPof2b%b=Y} zQoX5QD8^~;o5e`AW-i7B230v#R}7iU&W#(2*)tc3u?2{1>ZE!7*|MD^McFx|Q@d77tBy^YN_*2e3g^{O-XtTD z!6FCG(oCw*Z_Su9=%MxfNMh{H`$6k=0R3VY-K36rCJM}mn0lC^TEKS zzl>{or~cyV#v885sgD>1rv?||@ltR|H>RG{T6fFsR)8^$UScduiI^)r-!!FfcuWSf zKIE|j$<)N!BC++6*cOnG`~?^U)YwjU6xopM|5Gw<&a{r;RGCwC)17$j5H&eZ5i6&0 z9spIDF1T(u*(_NSe3fExhlboS9$YMlW?|!*d7lHA&5ncFnBm*XBGBSoz@j=mk4o>N~P9Uaq;7A-00D_%HeraNPRR$udG&g1@) z)Ad;9l9M}7*BT-FYqVgH>rzi{`ly}GsN0m|D;SOkn4|2jN_PmBMpJA3A>QREK(n2q zvREOD0x&q(mNhw@Mt5>{?5 z7c~5bQ)uUO-6*CVZhR>pRYkD_qaWBzhZgp4gqOS{OCM_|LCJw@u*NcPAjw%kG0S(0j7rj3e*(} z`~106m~=*=+}U4?H{M8QyYUmRa^GXLdat;JV~t2aT_wy7K~*RvuneH?;;(w}eXjV& zLf}IymB$#}hd%>QL}{J4^{CezZP3Wi!9&Nc-oOP=@n)#S9ZSNs20sMPp?M^5C=ooH zOib>km(<^b@mni60pipt`amz~tJKd0vge^rxpT0ne4`_3EkiDQhC z;0LcV4VmCl_hz+uHI%2@%oYUBg?Ze^(ulQx{wevW9-}H5oG5s!3dXABV=KSs-<~xv z(}CN5MJ5@TR!wB0$K-IytN_mpKwwnGWCrKt^jp~fY5kKLfP65Ty9!onLz=TZy-Pdq z-W`Jfd4H#|Q}MbopG4bK4`pZBPtEg+^*Ev0-Z~10a%tC!z-6twoWMydTBbRHg{|^i zx4BdI)y0Owx5pU7QNP4v?3Qx2{-hxMeoUztJ*Is z3j>#JRI3|z1?txC3S7C$>!p2H;PN)!7=!7DcCY=6s%I07WNn@K4<*cMt#KdiAm{S$te-E6?i zI%bHhaFb7K=mpISvFUB>gG5XqRn~9<|G5(*E$QCN(yQ;8k7TXB2!R=X{4^~hEP?#I zt~Y_`%;#PNV&sF)*UOY|@i9>B6=-nPQcw44*t
      hEDC#jeh1j*j0bsc-9Yh$g=qX;;oJ_Y_!=?pjCjL|Ei7cmzO$%HVt#I4Cwgv9 z!+CHR%R%DkD@hJ_FT0bjX%`$r`${NT1u$lO$$?tNST9a9@1*B5er`B^ej%nC>-9y2 zEj4kI=rk@dv8yI#GM#X6a)4S+wNk4NWS}v0h-maX{{iq-`x}lnLtV#}8`{!ysJwW_ zZ(q@iJL^djVU1kn9ydgajx;%jO2R6S-GI5LhS4#*X-_+z3J!T#Sb{RxFM7uQhwjKx zHpdY*-RLiNn^Lrcm3N?x-6P9{|tL1Wn9tS?%T3+DB_7AwhZdj|ooNaH;p1{qc^wvpgrdwUH{Bp*F zz4@hDt`N)LPx2x3TPaBjvh;_wDRCWDBz76s-v&1FAL3Ni7SCE}yv|3LfB}vOC4#?V zzmvN~NK_d4_1O~}*%;2r+t6%KeKU9|38SbfVR(NBXL`El8)87wl`gJXfO1}Qbq1G^ z#$A2KZFo`V53kZ>lq0|@JppEa_ZXyhj+MIci+hb!vs0Qp>_Fnd8^0Vej2}*$fw|21 zYt{BtfjnJGUYQJ*`WUSOuaSF(($2vefC4hMzwk(4rM9T?@l@UU=C~1WR#TdwVtqBy#r}b1mzv%##RLb;=ndpwEItJ}Ad@cG;zSp+9VG-M z|6w?FY|cVGi;jNiXF}K^5=@|dOj!z%#u3L(;xb5sLttNZXVo*Y~W@bwy^YLck3uMWLtqPGh5-1m!>`;3Xo71 zImGs4lQX|zHs#8V0PZxq=VAXx?qfs2iWSNLS|G_hfn73hJ*WYAU9`_GAhNqhCV5cV z>!vq#6=Dkz>h*dj5!yrj1M^Kk(6W9HC(e;j8++M3sX^oH2rRpB5~JV4Cfz|z{UE7D zwu5jiz!(a6iKv?Rq87fWvueNSwb(Lz)5KnEkSy-u`_vL<*2ix``>ltEXSDZa7Y>SGkoliGu!s?!N1tddwPc z9<`a}^675%?`8vH%>MJNPxdMRqdF}sViO0T^A?~wiMu&6l4#YMSeqq)&i9=Se+wt_ zZyKLC=Tp)&Z-#QAj`Je1ws7FFj?kh#IgPApQE899{=`k= zimZwxYH>ww#})bUB0Z1(KmsLk^x5AtKE{%x@T}rvG?bJW`19))sSV| zXj{&kI$wtrg!-XoWq6I2t!}{-R%~>3?@pCyGF7-}6=k)|PqBkt2T32-8l!TAoN8(o zN+Z+HBI2{h$V~Q`!{M=g?w(6nLJ0Ahi?v6K7FafCl1d8)9$V++wo&s)BBi3KA2)WjAdAYW|Mio!>?(5me-9otUIj9A{bkqv z$2Y7GMs64PR>YeeGD4<%uXkade8;<3#1qfH<4%iNsTGp3!s-36M`$J{V+bwz+XDzE zXwA~sPG%-sKk?}UUI{d95bC36=LDKM^vkLqQtd!%83la`Dd>|g?Yp4=k5H3F2<*H? z(*HbV16DFVy;=t^VthVQOStaZB+!WEUB~RL@z3#q`x6t$kXq-AV3ozwjuvpiB)rC} z!f_%FdE*H|tgfdp$OnR!3X+OTTU0lQ%0* z=N+`UmFE=9&WpAdsLFHdEAg2Zv-Kl?HWeWZSin@V6_C&mam;m3O<>vFNh+rmCUYu& zsK^Ou(Vqwzm+Ee@gK*U=>LsY|#;SJ1im1dQnmG)q~TJ zrJtuP{UB|%c48mk`foytAZ#Rm9@Y;df9};Ut1X%|g0L*914$Kl;!~xHb3mzbvXLsE zDpRrq%CweDk)lJ`R29Kr|9j87ksM`6j>CGq>d*K~{)`t%W+b7HO`kdEc5TZN9p#9Q zu1%6ZS<=I3G)8(jse~tcB|W+)e?OD|s#(^o^vIrkgi@(u=;;ymoc!;SncqXhNgnm7 z3XYxslM6J#FEncY=V|`uWzGMde9gL7=%3V9g)zlJGt+C&32;%xZbA&?J+gk@Alc!) zhmf49dNnQjs0Xb~L%wPZAjZBBSbAY$bZ34un`5K%i)BAfP)4ljkYFjNE?7tN@oz|B zyyyp7*I7V((8d<02u(d_`%27ZImWcw?H>6}(4q}Frl+S&bL1_=c90*kFCegdSbZ>! z3cE@om@m;VRrti?ZD!Hz?9+m;RMy;iYZ0te}xNA48>lOVfuTX<%Bxl4Q==< zf#UDvOi0Z5J+b&d1#Z^XHwD!78ay_+f8*Z3oC0&&U36QZ+DMP;&bR&foi?s&OCY)v z8cE)&{-nj>$x(viNIt(5^M7qP@%25C+_xg}!<69m=j7#d0aQl+5md7`HRW<<=SGR4G2&L2y-|R`!pGcFXSJl$|7W6+F zd#xsZ)x~VTeA`>tdAZVwFGN;d2K$|*iJB=EeYFMtB&=IA@>sEBU7C`-PL0{2m~*Mt zeMjD}pvm1#egYsqWyWVohsc}FOJnFlL1YoV!H+x45n)&o4lErHx6d-7z7%>u)DOT! zSIsM{jU>Os958pn+BwEq|Mzfgn|mfT0+h<0Ze|u|Dh7ou>e_`0(@^7#kF7AHG3YUv zi7y1W_j6`nCS*-_;#UEoWg-jT)~y=If|1kZwE5?qX+^of-FCHv3Byje?_tHuUTrl! z+4gg1kFk>xzlyRv3z+(s86X4Nk$&+_I6WF?f%mL=&Hi#+xwcYDvVD8 zO>Y@3jYR^^mmoAH-YIzZmWfmC-G2$^vwY_O-pAd+-eUJ5dw`0SuWe+T(AreV*E-49 zI-mc{`uY;^+x2yYeqlgCotiBXd0NIwzyG6Z@0l?jXU1fv)L=p1^pLL7@44MAQzgfI zo7G8N)Gf#GFc^K;h%VZ63kHg6yTzGlogjE1Q;?z2`|GbD4Wie}jgb2C!BjJl3Z;|p zWtxe0Pz0C~Qh~Hi?@&1FD+2eUw)_SuX0Pw?hkJUxmJ~CZv4zn$_ce1GSGqYB(28~y z&i(~rAU{x3*-G*XjP0g=Yka2MJ-^mi;L%ou15q%8tnG)|1M_SaVwff?L*Zccr1YVcU{VFu+&Q6jQ$ zw3c8B5o*?Zq6nno#_;KqfX0qPf|I?xQyIZYykIzF@vgn+#FqQswQB6twI-tx4@wjH za(fGB&luC5&lVA~2?9obIaRysm#_e*z7*lO1HH7TaQ0x*tp=dNVzP4_L2i9(avC$F z#EC+1-&c+ME$ypr|0<2jS8cQ(6w=AoLrr0Zf^Yv05A`@2 z($g~EL;a9x({mr+YCcCFGxCOSq@HE)28iRJi;6W5p9^=ZDzMA18wC@ytn`lU*P zvPyRf&l~3#4WDziA+q?BhI;;x_Jk(#&&-U1LujvtVyzHbICiTgv=u4na}LYm^STbD z$&?DMm6?UWJIr_Qhhw*R-^Df}o3&bGx=!XIRau5-1|@78ZNccy?c9sL*Du&S69K|p z#A*@ilMAD7Tv+%lOGM6&!a?qM{*`DemP@(Cm^0>QFL&mmvwG8CqNk;2 z>2HS=_~-{LC^NJ)>JI{+1)~mCb&c1B`v zr%L>9GoO-n3mDFL2)rh?I^9{MYDGi8_FyR2DC--g?!X;J6=feq>MPOFe`q%ROvXTE zYOv(*YUJ;IN@Ss4vwN4xXc6k8FHB!q?di|ejURJ#uJ>c)TO&e_1<{Q9-k(Rcdsj&$k2F(eKieT_p;sWST)${cquX!#LNDX3{icM3D# z(v816QLj%(T=P#(NqvD2C;+c~M)F6Z9~1RE9T~%GSA*sk3ImHt`NI-`IkiCcnO$i8 z*{Sn;ERYV?w#q6Q#o6e{hC-kYPj99LS`{2pimPEeR8&@o{xz*MPjL>kcFELPUe1u^21qdYdvnu%URj3ObTqf2fPsbV>UGNOh~>}!Q8)Wem#oqQE1aY3Q6ojcrN zmvgCeI=~7s7#}zvuGFQ`(H+`OYAgORph9-?$n2(CD7u8ZT$wDfm*W?CUeHK+DQuoh89#|tr#US1Wik?zIni2?yDs*3O8hKTbabBS zM60jn4VN+#>ashRMK2!u2C*^WUf8 ze$=9%HRkSAGYX!8iWV6cxcr7#ep;pdivz0EwFjlOB`v7N%aokJ%wo;bZmE12}0pKm6xqAndc7?f+6!tRT$>*;Hi>E zy%gJgprHU@ukoM?*r@{uGb+J2y}GI2MR9sWQ|fm?^T>WR@u26_I9>PWRm(F_wooFw zAQCG}eJd3E1XVE<+Z~R5XyxM+5@|RMC>(n~bs-c`K0bbB$viosW9!ZOI_0!(g8ejL z)0p=l^&rWeea1!cCNo-qiNr@lN8fX!2Ty70>QL;TK0NQa>&c!mp!_X`Nn2YvK7POX zkm>?J<8B~>)t|-x1|;LVKoCR}ti31~l<3#Qi*h}XL@^LcvKhNw5r52X>RU`k>Q zF&26*Np8_8y$3$HdqwKKegK1*N0x%)-dPT#WP0|> za45;e^EEs-x^n-tmd1T1y@9C79=38O3c`2T+y!g0lb1-6+vWHUG@IdrUTDUOT9lov8xU;KM(%P=jWt@ z&(G<((RStstaVS&abWyc2|qa?bBc5x-LBqKbQB-l(Bp&5Nm>y<)l5(-Jwe-gPEa~r zZ@bH$CHw=+%X-bz^o)7({5RHr$QmO>7ag>mIX3o@@fNb9omnvnK?JBWx#lOY`405I zlcX=M35si2=l!)_Y*K641il+$o~nh6C~U(8-ddXxfPEN8N_6xe=UQvPG#MlM%J-Nx zcnUEKl+}v<8e)7l_R2$+Z0ZUk%$s(}1nLF{iE6?wyg=^&BrohFD{QiMk+ckVD!?ufjyp%bI{x9dxhOF_7K*Mc92Xx}Q-xkoe`rMh^SyePG`^qGKZT=GQvjJFH%cJg zjJiT+?gtx$ccVFhFFcySX))QIpT$DW*YZG(ZO%viCirm9<60xw#sIO@;4kRPgYzVa zcFE{P&y_Gb^rIE|4a|=mW7L0p)hE4qS6I?3>n5&k`xN3wc9r{P+xI(6knQfb39>yh zF>Adw^6dM^_v90^{w25e^tfkBIPuS%|4aLA>&Q&F4`{!=Y3;WK3KA~*-~rKR?AONR zk^LsqC)0it)uP0V#eCEH|52;#&zHH=S4siq8XuaVxO(oiJI7F zq@UK0tZixG>@8y9mzHTS{P$#-VXO3Mc%<7XyZ5p z|4{9?#EpHMz+X_$I8L+P;~Np;IP9XQmID2Ma^A5QJiX8Xv#-l)9!q(H2-I`t< zFOQLGDNX;%Q)U_yeZ9M#(1RwS(m`>b>O`@ssP%cjp%x~0qLZu6GAyU`Y?*-`7#YcP zSW_`;t%Co^1@I)vvfuI*{7n~U2^_27j~LOLb0a;aja{F=-b;T{6DYVgn)iA1+uCb= z{V89=Ir3O`1FdM~X%{W(K_LXSAGf@|kz z(XqYf=Q|mylUWGt{7nD!`T0Eh?c=J>J_5>je>wRe^YftiB1^IQ-`XGl1O0aG&HqjP z_TC;JWKI%(np5ozamKP|g1pglh7PLX+G*Nybnj_WoW-uw2h(r$EefvXpM&eSzhCDo z8HZ2$m+H4KER}xy*BPIw-!4Cw;q}&UAAbLTqu<_wVgCPf{dTqVTY^R5|DJw3pyPk0 z-|jH_t=6vE@PYJO$)aricFapY>D@EobLh9fea`5ΠoO?KuAc%gvKV_2Lug|MTd# zfm{07{4&;P-#*OZpH~iQAKtjuA4KOx|5E;G`mOlqH{be9{+WOF0r}^ecm6m0LmKqw z<(~yT?L+BB9OZ$1i2gFxGZ3-Xh)*BLLNo^Ac=W#%p((x8%R)@=BAr%K)gFi*!@J2P zbmAF_Wd|@4bpl!>p`uPbt;CH7u@WP(mwYR+-IS8BR$^~1;zer?r~W-0<9OuNsTp*F zxtVDtwo}5g+e##sdjKo3iG7``Wh9Pi&JQ@8C!aXyWib((ISm^{M?dyW%{~gIcBLM! zc}|;+?9Y+e*e15B$TAyKt9**A4u1}|y7C#rR$u)SY&CQ20oZEFk-gX|+0m`V+4bjT z>t6|qf9(DT@efIwcKvx+B$2WI0gGE!F5%m5|Kw?DxMLSuxN)-R#VmyY#oEMGc+l-+ zIjF;9sGum-Lg2U@9s^mLOVcX)b*8ri=Ly@PFsKPIvh`6Lrr3NKiWgd!Bi9OBo#jDn zk}DT=_?UimydX9(WhPhJrU*x2^e|aUuryx&NL67&66P2XkbSu~cg~-?lNpbTj(++Z zn)afQ_Nrmv4T3iC@k2rGm#f6sVJumTDm9$2(qc%xKTOFlnn#@QJqCJLz zxvw5=ywvvM(J`7(vkQyef9?54tk{U{R(o@M->{2kD zmzDm9ZB(ARM2Kak{&h)nw!#pp> zcFgaOsh(TECOH${$H!$75AhEUGxBj$VA*A)E3!%vQKV);{4gpOH@r`}BL1FdO}65b z{ztA$VpxliOuQkzCvkF#(B{XzjUPhxX>wmTFJya8y7jaFQ~$|*hxdZJXZ+jqpM3E7 z{3k}L^XI=4|NdpvkoF`9-(; zw7p*Zg|eFrAWMkIZ&J|2TD4&nE@d4^r=uPBy3=)Ga=!NPnlXB zeXAcK;Uh_-EDxzfMLoswj-HBWuKzN{CvmcVPjt^*`2SsXGk=VLrmm?F|q{2sdq>~xmJU1JB6W%N~?jN?6KV=b7 zHLI}UT^Kq4km}0ThON{nk&-blLc-?xCJHPEawYyyN@B8)+#R3KW~kPNVcB~!pem({ zv8+!|{YWTrx^IwWr%=TfXHi?TW;2mbZo4Mh;8Z)tI{->~xHsu>)r7)^L!0^n(tuNq zelyp<8rQVC;pNmf_?1G1yL$`VGRCL3mck4&UJ6sy#lq0ELX6Jifjc1-4&NHJ& zQz_UsGn+QZxe6=|O%yX~bD1HG+U_wA>h41ak49G%3x4XCGj3DSgME{YX8bq!wEJKCIS980^sD&6afDV{#We$+@9cPNPs_l zmIN^LB{2{>kQf-7W6pQ}bV+c>XG?;#_cBWyq!kn^7jE_C0-Rvvg3O*QvCxs4=8FZ1 zgfkHd27bwfU-gm;k_taC&#h=U-V+Ur4j>wO0Qed5;gqiZl8zjvP|$|+(w0H+Y3H*f zM31gKF=0i7RA6nbZZxPsL|9bhSM-z+t5Y+(B?S4~2a*rB>^D#zSUxm=wtVObXrkbi zYkLg#KvH5tzXMB&q6-79C+6+I zJm-W`j*GQ%DqDTffr6<998g|TMhtNmjvvASSg_Y*_PXyaTzCQr5H+z4)z9&az3%UX zHn4-`lxs-M_;sY}rNGTWjD{BN!O&YMI2UFoW>{xkb>~}bao-S#sytp&8(XA?vA=z_ z+21}Mqgth4*aOH$Z0&Arcq91@UIh}5KS|Bl)YKOXz2wlE%JucbOn$~8xK*@sZzmZS z%FI}wJdKa2GOyF2LKFbU&Y{UL+McK*Ty+uIw&B?8BzvSD4#!UjlYQLCgBHr_HxT<> zox0Ryo(edu0ah-pskoxw498MBUFqU|`@2jgt#MQs3eY@jZ?swH&MR$|gG>#FfX zDs7hf>#Mc-N*yQ50MXY!qoW61486286gsg(lTCo4LJ1$9z-G}Kz$gXa8@^z(Mx=8s zeazZ0c4{g4UeRTmXU`JO#OV9|s+;rKak`Gvsq!PS&C1#)XN0UgZ}`5_8=Js>hI=N9 zP}%$uNcF|PaUw+7MXoYsQ>s}$srcxD@3!tr13?IpBIM0wsp#KZ1`iU-er7-QuF-n|(Z zYUF3tYWilX*?A^It7in*)c7+M47)vuJAdnohzriNW16ZlP0th&;!@v(h_>g8hJ*3x zv=$v)Bjz+38ZC2IjA zu`bKU(x05cCoQ5>#F6i^v`l$l7j<|UccJF5*!V4tz)Rk26nm}D|EK=RefxXCcM$*N zOA->Fo!!AKgOT;}~log-DMd^Ro?WOdxyhQPychdJ(rZ`cm z*DjoGM(_AkFQv|3_=t@m$Q6_4B|qiAYgItLd{Yh>`Cs}p{H)to`J>P9RdRq55|KuA+uVAaqztTTh{=f83js_^-KdCJ( zo_}&d5C7zrN9@{O3Hu#5!Rv9O;AZA{rCpR6Fn%5vr2(Uti!$wBj9*_EiQRyT&~Tvy zvGGZwycmaM=P{C|=~OX!A0?k$laVgH$4RG)AtgS=|My6|ii=5~53Yt?JyjR@$>;q^VJ<2q}@@-xO1vG3v;9T#$ zsK#2?%UIVr!65z1_)CG0{$>!R1HK_)|V-G`$y(bSO)kA4&uXjO{79@q0~ubZSA{9x6}o=`)+; z&infm8eUuHM7QlxKy1`HM8pELhy9dqCWmyV*{R$4Ud@Pgf-l(gdi~=Rnp)u`{?ICQ zGCq7obo5{iprQZx*!?SXGj+Rr`fxPgTQ&G0prLf78>L>o%@(|#JhOuxAE5bTusGjM zR=!ik#=kHSt@euMfeUmm!WF_rUE}Bn9bt~LVbWz)u68d;^6rsl26PMblnFhK&|~7y zRd3YSYC_ph*f{#@=JOMT;!u0Y*WQyGybT7lD=?$lC2I>D z*$aDQg8kjwMV>wXjicYVKm$0%i90s`Sm9-2v_{1=Q@*)ktJ}{2V^mBt(-z3J?%zx< zw2xw+zCh3n;D)}SG*c7Zgoj^K1!VZ!vo8(J4sn0&HBrhy%2vWZamOKw8Xqv!*-Zq@ z334yPH4{KEx1}SF;uZofmWh&vjKl9fUeUfto$3vB;Zl z*06B4rShn+V~i@pR*pW}+x?N|qge9+-*Bu9waL1I4aaZ-d(er#-AXa}xyvXN0-NmU zZaJLDKPz0-K4*rLm;ev#r8vTBLO8)t=k~}54m6{92oCGS@U#5$ZN0PDPNuo~6O7w9 z4V;mWThZ-2wg(VtkYKs4T#ni_r}u&aVfUCE7UsaiXGZzL&OP)aPsAl3rdi?H;`d#P zU#NTrM9fS=+-6(J0xQX;3Z`=Ru`wKT_$Ys9ziBq@Q#3Ef{jrxXQSSaN#Pj}M_=M~~ z^h*jG1e*Sn*IHU`bFOX=$#+^riU_4}dcFy8r-et8|zu2Nbe@*xhGxBcMokqJ6l`e`x#P%5&Mm zCkB?by6Y~W?-1>~FHrKw;D1;RS6}hKnaXe)hO69oyG|X-=|g8XZo_eWt{|^1(9p669$s8Ufe=SM^gK%@UioWOXy%s*Bq6@yy zs$ZMUl`UQo^hQ9$WWYVtw*4f`lHe?}%{ZJWc<$;Yl&>#YuZ6H&C#l<$W}JA*F5Mzy zhV#|kfybMOas2KTIr$vVLwTsaY*X$-)oOwirMwtuQU+E_@U~f3%YtbjpfhGjxT&a*{8lDI(qo|5_c$|6u>~`Kyt2ki%<=WU8fqN?7AV8_iykE+55XL4~E`A^v|FJ^nUfCc4V%eKh z3avyrbdP&Gqwk#;j+d~ov2STLLJQv-#g?$zU*qjO*2g)Ao9aDI=UW(*p%D}aT9vA7 zU~|=uR0U@&7KNyio}ZI5`*du~yKzdCu+?aDNVaqh2@roTyFV z?}0?BJ)^JPca`-;^)A8YZZ;R|p9%7nyOxWL)jS(N&ER)E!a1h?4CARGg9(x_6W+bF}?! z;G*|EX871LLr1DV%m71(KY6iX1n2wxd3{X3>x+!w?2ya*CBmw`)_qLG)ix8fX?Uv5N&sB$*GvbK@C+a7M@8_t=35V z&h_*Xu6lKrJB|H`&ur#u4wWAEgh#y^ia${ZCAnrnP9vB3{bb!i=9e>>ZR2NojlbzP zZsb4hyJ~++x_!!bbj3mV z<82y5{~axHJW7N%-Nc)1;kKm@@YL8QoDC&$xz^3c?6UNQX@I-ZJzSD=u}@!2UeFn} zN%K9O@Vbc10kQsM+GA}(u~|^p6aHj|V&-S4>IpNMztLn?THOM8%Ct0=8tR(Tdj42t*9D)k^jwqR_uWRjUKH=->!NIWPhj<~A~>pBRQ+Js_-W`hH8q^b9~w?ej0or6#7>LER5kF`=4lHhtx0t zv;VT(pse9PEz0UNDbv#=Kh@;ditdMK>u^c(tDZEqz#9ARYLrJBgNk7ycZs3{iGog5 z6A%-)^Sx{e<25LAXXr9fP%T$XK+mUe!`)=RdgxNV8mYSlNAntR&UB|_wJ-31u}CN_ zHTv@~`{}=>JM5p`;l6WChXgUb^W(Sc27}>q_`}_*aBiaDs_8rjVL9#^@A*vod^ykE zBM4Ht6}G4SN)!>0_W2afmf`zrZ{Y4IeLtQX-2&6vS0-+mMM+e{{u(6nZy&A5ZMYQw z%k;vAafYba4jT_Db!ea$5Lp4U=jk`1#~ETml*v5u_BobjEz!!n$fz|Hs|lJ^e3bk? z{dbd6x*=59d9d?dX>fcezXjiESs%rb9p>Pd{V05HiwL`$5@mG}k3sbd$KJ43F|jMB zqa7OPa-*g%QIc**z1TN_UIJ* zq#5(Xz50F6C^2WSB%gv!dn`TXGF$)SP(FL_$>OnFu?<3nuiiITgl9Bah~T(IGE3K+l|KhAr{R3U?8d@FsN-GUn;fj^qoz8 zvvju8+gZDC5JZL&AHn5?CLCLNyg7>p5$(soBO_jjP_UsZd|ZBesAzLImM?QBk8?ru z(U~Rrny~M3sSopZzj1-zZmwyz*P+Cs91sT&47*zSs|WI=4yJQF9m*nf4VQSvqhR z8>z`1V;_K?xo?0giX+eP#Hs&LZ*x=Ye3{$y?tyJi37j%h?$^$C_WXttCFRa2jy2tm zPQS*}f9G(F%yq^{soKN=z`HmV#u>G%dmh7>YGm0nTPKC0dzi=v5!d0w;EGF@1ja?MbomD+2uiRbf2DwAdhw-}X=KD(p~Ma3ymr^2h>X}C z+Px)I^l{|4lGbohXDBwjRXTc=+G5rX{AT6@(L7+P#ytv++1alN{Az1;v%L-_eyrI~ zeW`n9p%l3c_3kz(2D}0Nk+`!E((RFGpSbEkfZ58U_pB~vg+ckUK0G6=SZ5Xh*XNA;tF z)z4GPYM^N_ICdyTw@RZR??-C5UujMeucx_gA=&guJO6pnH_wwaYkQOIhP9zlZDx6I z;iYi=fPvAQ4>d&Q6>xSD%HWbr$Jrso(&IR3p-d1`gqR%rJ>BJpo9sEvr} zW&(*}`fF5EvGoGB)c=@)ZHiEq3yf6JJ4W95?C9Mn4w)B#|pz_ zo7^pE;;OqZY++m)dybp|$xeJV2!3=`3YT=4hXE4`8*4i$Y=lDgXoGv_VkIg6f{8e8=c8J6oGBpa!xU_RZOrI zvR1zsrs3K3HQL%L5}EsJhUz&fiHYuh2c@{ZdnF`y&0RXbG8HT}I zGRotOy1_tCG#?8JLF7-abgnfPB08P>3p*^sl#J{{ z?Hc({&N@ww#6{vh{88>f5<1rW<-jX<^15Ed^N`h6|9w)#m91kiDEz;$SYk4)#(Hi% zyNOwBndKlhn;@DPn3!@0f@_C6xJf6d2>2oLSmxve=U%F@mpWBzW>cmXS5SL?p9jtH zQS$YFLmd*iDbpvV>;xFvxc5OS>vgL$iGrWKjmkfa7u_Efqr>AFoAY*oP6YetqIW<+ul{GzWVabRN{R<>ZeN8i6GoN#hw zzV(|mG+^T+l<)pP(6;?84{zPoN-|+HFUNb5qlf?MPb>^NU8ptb>MgcdqJ~t>EhbHC zEbjab=(9;hQ=Cz+h7%WX1f`p2JOf+8qsYkHOk4F|bP^Nx=$K@qDsDw}I4;!rL1e_A z^?Bzz;iC7@6iNcls6C-X9r%~_nwNZy?$9k13%%t_j8~d~GnBl+VRl2bj>qg;6&kVG zu5r2?u_s*APE&=+f5Pg)=F=pRThJsqsTM_*os_Ahjw*6uZ#bjYqMhKC+TiTo!d53I zcSG`YhRQ})_9Z99uaTh}5&1(~BC$WC4&Owr?l1)1`F3PPXSirH0v)b~ja)zI4BE2OI-;iA`JNaQqU1y_AM z%bmly&>yR1qtvTar}IP9>=e2^SFalVs4KT&I0iy)!=PuXG(*qRp#IBEm4V6>HS0>w zqm8P$(8=DU{HFYy8UVJ+B&WmJHO+^&a7<~TW`;>&xXjA- zJYgK>fJnn~qJ$*U=s}}Sm?vs9npIue z9lJS8BGrT7Ucja0uL7_=VC+D)ao47u6$6=((E!44BlgrWzlxn${z&%+oAS}+E@RC* z=uu!R%qcm8lbKho8AEJ#B$>UJI`N|b8B-m`nq}h*LwRADu#8NT5ctS zPyO&f*!AXr0{t`VGlVhzm`uJxCo%AALc0Lb1p9aen-}~kjm>vPrm?9WhcL~hD1zX^ z{W{$mtfcNeaNoLX#y`L3_&Ky*O@Kf5K1OC*ad%G6vtwLU!x$gB%&5%+$3C_s$2oc6 z0R0mic!vIo4?M#B<4sI#a6c{$c5c^~vCFfta}bknX;@kKDHRw&B(=n!$v8j_k)zHZfIx+ePCrC`Uc_r*>ghmJVJ@t+peRI^bj_PT` zgBj%jpxy@5N1te+9_s$5>^S+LZxhaz)lO}3s%k6iuN7`ePe({^Lco+dZEp{BMiI6)fWju!M=b}mA3SP%4FajvJY8bDP3#a^hGJ%BCVH||OHgArf#J;X!J2kV~^ z9k?&?x>da71?2lFogNohKj5!f!!o(S(pRGXd9}2`L4EJYvdV!hp!RZ^9 zal=lU(Uw8d5ci=C-n^;jV&QK{asrB4=Hz+uD{xDvoxiD)4~#&6m;-o3`Ef*q94|B* zA3U;pNe(h#cm@7$mS@yT%!Nv4(LN(Z5@l*AzF>11Uak>kcjR#Xc}M+gf{F=Upu@%| z&`DUeS1y}oB9NS~A&yHFoLbGCedqhW9B?d;i~@5wxz}$;0&GNCLIMm?A6BlA$C8+2 zBtU;!*g^E)J>+ho*jOGHG60z%Lso6idGO%p^ROy-V z`C?Q4)qqCrPZii-W_*@DN6F~$c$_q)Vzc4heOC9 zqr`huDaxu%u4E=yrsfp`c9p=czsnLUAWt;ni}bpVYBb^v{n`eu4_M}PQT5g|}xKHxL9e50X%52DIOA+rV%gnv3k5B*Zuh;p5 z{eoE%t$Z3St1c`46IfcDNmGaF1;z&P5Byf!e3(3ckVFxDd2dqj#N*CE9fN!_TSa&0vEavrIkc4K5NuxHW zNJ`{JI*gep==c@r86xyl=7OGh!FT==%ZaTxo;!`IX^g2KYr`jz7=1Ahb_AX{GjR6` zj*<9NeDHarm*gy7okFUe!7n)m0(Udkz~UdmdO%5`q>D$^J#!6BrPvmaXmPq$r|-*R zU2-qa5_Mg>x8nMxSnAI_o*ja~ybr9vkU`X=Ao>xi0+^}4&|pOl1eD%V_l1piLdu)A z*8fDe%8g6HJ>^v(K$J?LVe}W=^XFKOd*(W9bW?`8GWk*ufu#c%Ro#|@ z=s%ntiv{irpICybbFUEUL2!Se?C|7Gv|v+~Z45cK*=A{X?#$2ee|PX33&={6XSwhs z$%M5&bN$@6#w>q5C){Mok7?2QQ)NE{nqoYQ5B%V)B{>M)`0To>O$`GQ*LU4IpI@9W z(=WE>)(h)m8|rJUES`-lRx0Acqna#NK`}8fwaW0(Z*IxWNuj(Ne#>}L=YC&LNcLl~ zGiH;rpOJ*_zE?C4z6^q5PN>R?9}nA~0h~CcKZ2RLQ8?{@yd7(zRgiYl{8^N zaRel+l=il51LL(yfFyKG0wmOqg9Tdxp-`ZM|%gLp!^@kCg zTCUie?5nN+g>jgWaxny-daictCkDPw+Nt|>eDdsnYOVi*@CBZ3Rs+ea7;byPk4x^z z$rY-+Kxv{N_BH6@Bw%z4KVbr5du;e?>xZDsy<`BHT4$l52#Q4ye zTER;;kr&gJI%3h=3Q2OkMR_uJ332=|p2?wsWt%yVb_(jUAx#z@^+O!;%>5S;fKvx zj`~7}W*-R&Snhq0Ef8HA=MhSRd4!clnN%}qDV)%yZgmVnPV4JVr49HdWFH4Crb`Mdm@FNvuEJ}DZ8AwBvBG1wl6VE45bGO?5T zO;$gq{ZT#IPYfRCwcOu5TbkVgnl%%F{yIOab%XoVqupK5GDIq`SlY8_#WDjBbT}y8 zJ!Eql6tnUSUOOUfLKOGPQ( zDnbHLE(SLNmUVHxYqc#}>%H|_1fQ2x-N)$Om2Klt>gT9EPtDNjHeBM6NH&wf42$Ft0! zIvfjwT6?$&(bsH_>Di82QP4lDwuff^7;)lp+;hn&I+?{A_`a7d42OO-Zk}4`lM;*j z@8dKxdrwv#?mU~ApYCXe_MGcd-t14awo24uWXSKQ)&7W!XzDjJzrU%~?M?k%-d;@& z-P0s6F&!utrv*_g&40W;&`v|{TA3N>8$<2T15lLH?3F=F zYS6n_&*V+qp~;w4GhfE6@CJV1Wursbps_wub%r&0L9q{zACF3p;HFl2Y<9@jd8pIL zI4(B@P6iIOZ5H&ceppl4(!Gvtw(`XvGtFLnaC@`C&*Ch9&^^f)VK?&DBV!_Wx`!I4 zGwMm}v1xYf$&CG!_CgqYpg0tVh}s{U4L$7Wo%3vZkeBDX@t ziM9CS*JVytMF~~(q$}o*og@^WGaE51xg~-|C(j)BMn@cLUA&jhu$_8X{>5l!q)M_Q zP6mH|OGkuaTo@IHO9ff=RJd|QW>Ag}b{dpIj*$=!II&Lj{o4%aclF351@yvT^oL^) zvQR5~n9kVM@+i$Vpj+a@kA196z88P#L&Xg83}@86j|n<)W}KAU=k_UFw^Vbk z=F|Um{dJ6^PlduH*6;j8%XjA@P$xr;J0(|GywZS6E(S~yE#omRSgXpeZmbp#JyYwa z;5WR>%z8ld=De$GCwbBGb%bQq4qq&mViy;)aV}&C2fj=mDJpVjBVtKqhX5aG5 zdDNF*!CcR(JrLi4Q>}25KgTA&jIQ>dZeRO1*z^j?zuAW5Pv#LHo|oRA8r^kuDEb%B z$?2~{&7+VqdembVMu&1Mo$beSYza0No>NOB=vJx{VfMe>1hhGysE7Q!@FR|_El72@ z@5X$XgAWoQP-t$Dtbn$@*N8KzwIZNA;tLd4!^!6a7UHwGt(auxlz{Wn|UkDmrGdW zJ>5dWtV%tVsUVVgtf&Rpx+}D< zraWDNY^My4bb2P-GXj+A?AWfMKjyR3bY@x*T(#Gr+rwUi&pjB+V)>saf1DSAur6sf zZ}w5*E@k`k8PYyU1$ui?z1q&4l&L;Yqu4trlsPzwcW+hTY99L2bS&3!g^3$ssSkT3 zl<6#Gx`iTD7lMfM!W7PexHS^MvRWTf32c|Xy^2TwAUT$ZnY^LB&UWc)%F=>X+Bwsz z2t0f`Wz!JpsOH*vW+>=x0k9fqn@>@j(4LohckDkVqj&yeeA`67;l;`i7|=7#vjx&T z3WWGbK9sNbLBhZ=m)+;3a6?3{UDx_ohD19)hK`IikC;0g%0dSt8LvaBmSgXYl!Mdy zk=P^WoQJGYkqG04BXV&!g5ua&(+eJy1O_S0g!qWMxT}wk2xw9OE^sd%Eh> zftWc?v)ev>mr39`#%91#!c3An5kJbxF z#3buB3Sw(DR(~`sFB5@(LPuScubV``u8q$vz)0+G3x#7a99}wP-8PX!!~_PgV`{$j>nQO_hUn z%FigH{%KUe0iuURKRz=9fKNQA$j%}N^(g_Du>@{?cKPFOe~2TS2w0pxRbYZ7Zm@6%axN{89noRDdxJ5_Zq>)IpY8JN( zzM)qxK6&;hZMOoySFR|@X6^fS=oRqbtZd@E34;7igK`R6Qe05-;6M_7w| z9kbUzP&E;d?#^SMgXKDj^bGNDmE_xo$MALlj)bm!ke5yXinLx&??fxZ4{DoTLw1ARkP}hN31vyDc`BQ{?F5bD6&F`tE!ChCp=} z4sUj%nTdl$>KcmbRUU+PoPsBs3kY6vl)}=-_`(3jVcTE+A1|w7$-%_1U8RzpfK5mm z?{^<%`Tz8BT{%DG(`?q~`!Dv}f!|Z?b^9y!Hi|XJsmv=W6Zvr&+4s}f#}u3h_BpAN z*dA`Nb_gxpZwIpXS5pBsseIM7;}cm#wwm+Q)`1o*>^J$4zJGRTC4J8$$oBfKFwJ}N z3bL$FmPBB|Bdmrih&C@OAYNZ02?0k>)|FSwAHHl}6S32}@v>SkVO~U1!atTWl~d!jEZ(rQ=25r~Q`TUA#kHXmb*|nKZgLs z^z^E>eX(H<`n^Llx4so$cI%ARLw4_v5nB0Q{*5IP;2@R!*nK8()`9U+%SSV@a^+m zG;Epm$+OD2ww*&Oe`wC11*uLt=8XR-`qeO`Y_6S@Yy(@GtF)ovxSq2}|I>dKARl$d z1qyMePWNAPajp!6oa*(6{8kcmd8VKxM|7mFU{zQ{f`GZXW;lz%#VT1o&|hNxU8zBm=SlmAXfzXya~_!r|}NM6%@%l8bO zTPL0i07MV=9zVBE{0h0f9XLLGLvyqTq4OAeai?Fh{CP3;+C9Q-7T{zKZUd8dSS}87 zCG~YMm3;AALJF`-nlB`M!9Db$&iI22u9e2?@Ge2CPL_Um}@@tL_ zFN{wf9GhHBuyscC55(&$B3J0e5q~Fv23vI`zI8>hp=t(^xdXjozfD@BWGXg?@3H{& zv;o`Bv2M7Vm{V zX)J4Qw%OfiS3CX8q&e0%1dpp`M)W8oKIqq;n}Drd7&8V;=fF{KYHg~rqHh)_SD0I# z2BRP7Tx!?S^B3O{9of%%lJ=au5_7iv&|**lY3{T8b7o22g-hmvNL9R zI0DSyL}T2$+K>TiemWi9S}94KAwPSQ#rSO08>$YWtfV-~U?vX}{}K{_+3+<%j0{ z(v4pS8fR9Rj9jo~M+dne@FL3~FAmFuISp)PF?(yfS=;roGJXXj{X+{Wl=HjeFO|Sp z<+RfE?gHLImo#nnLW7ovE?J}Jn(d)0nzx7Yg13zRQP%d*rNLV$e?sWQ=Ft639l-X@ z6D*_7XU*0Q8vEw(Z_qyUBOZ9M8FwyBjHVBfVk5ZMuwv|I*Ofyy`}^-1hsZ^=BKY^&cycvA10DtJq8 zYoZZU*DG3H_4R_R?Amcs8{V?xCUt#WOp?QKOQtNU{SRDM2mo_?dWi- z)i64`g^nW0mGQYm=8_INqkueam8Kt&X5(?J^y0xn-Wh~w`K;}9Cp2;`RJVlvaSz&* z+utDNp9hK<`^0AjjbQ!=lDxEDu~k9xDJ21Uw5cyZ$)Gxa1VM2^W02L<=`gXS=WZ{ z>yV>eR+7TQeEwKRE-Sof-M(K&;l_8e7T?h~>%}ALBqP=7xR+$xZ9*8mMq)b}P!#R( z%1*91C%)9;QCs${XL!-25;n7HPfm_VoYOWUW^+W@Q`XbRu$o-YM=%;T)M*15H!n3J z8MlcOUR!LwEfBEon@iBE1NZ7zv;{tWNvwy=bO?nKdO+k)y2aemoaA&98#YCbTc8AR5*ZAJ2ajYQ}Dk+5;^vqz;LG+hwV` zSYZi6WoSf;6iZf*=T$O@)Daywy;B|MP>1TCwpaK`w(ilg!hhQ(bWdRCt1+w`xjp5_ zdS+4vp)sn7Np%cis%FgM0|{`BGYMSy-+)#T@trAZ#y_zw@IQH^W17&Lz>wbwI>D29 z4B4DILJgQo1?s%X|JG^A9VF#;UiQ|^qrLc0B#~L+_#5+B>W+v9<{WZ+)(AY#KWu#$ zvS;P^RG;w zo%}ofXsCpnuZiFlbYW|#86jCJ^zp%^U(w-2VB`PrK;&eUYB(N>{th+cuTjrsM*~m3 zS>R68G+!N?h6j`;$o@1l9kjC$N?L6)8laz2=-lq{;H5m1qUHzMnA8E$-5^!-yx^cBP&J3N^CxLv8`sM}(tpcMztsd)bX^UM_4r?*9_3>?eY2>4xSe!qBEmwTWCZkQ zs5hR~&4{9E^NTO7{QaMGIH(;2&X^b;AA)$b#sBHp|0(WIONs8T=xd24wj|bMY%pzCE!jVYxGMt#t*Qcd-Clh9DRbbznsq2SC=>5M{s~Engfp!mR`>iDypNZH~kWEVG0=4v0?tZ z<1YaztU8~xho2w9PDjezb9^Dm$56JNpJi62;)DW%>G}you9@W)n!1^$?xcip7c_bM_2+FSm5D%0|4`NK+E(_1B8 z?3ZY2zu|z}Qb3qA*ZwWj;koVE90d&Yr(Y1i6M0m|XO(!X=8FBoy#YWI;K{1ZqY3LK zd!)L5HNiLn&0eJ!f|n9(o{?_}h+k4)en(O9e_9mXC8NT!EQcFDl;13b^ zZ$6Z1?j}aSA0M`MoFtutoCOkr!z`%~m4`r_WDS9O3tLk0?JqI~+}~b6{R|4IIlV(C z)xc=^W92LIj3=&>*jb)=4P<MjxvaYEhD0E9dTJ{P6Rho76a>`Cdq9a%KJVd>*h2 z>XBs~4a{@+Ix#6;^=)tYKVkQk?BsTSS}BeXO=vIS2a1lokA=$b;Z(5D?;-QK^ah{O zywaXxbcYl&cdL1~sd+%owQCuop4-B2>8t#&>dPAr5Gm-BT%41}LFYH~=?VU-&==B#30Z%PLRJt0;{HJ&@!(XIni%$kP26K85f3XO5xlp*68CBb zG#4sOc3`^Fj1Lsp<^+$?4~rmMO&^f`KJaK+wlI)_AzX}9$kk$WTQC|4`+$~zp_!m8}&FoIEII> zEdqeSnEmXiH0l{B=Xio7?lOt~D?ko!?m_P3^^PAg)S$$$BDodfs=xa3%b(+|=76@q zEm_ zT@Pp9n|^m@eieM0nR-SxX(#`_#=JrQFwvi?=eDOejBJJ)1(v5%3~W!avQvt|w3VsH zwa<~FOF*&y_y5{=l0;CQy{F-xy3PRDTa+gR@ zsYfW4J?r2mb0>Cs(!@vmHTmmX5}F-qL_GhFXJc**wo;KDj9t7yk7g0! z#a_0)B79EsKmFKA{%4l>LR0E`j(SqR1t#k#6cv-wJThWmc$hCS zgV^48?A=BjG|YvzjSWThYLa9kPSnGHBf6{W%*!$c-uSC;s_n7|jkEo;t_9j(prL9a z%FI^{iNM%n)0>}eR_Wi^dR-DN<;S(2LMGrp)+MjN#ltNhM=ALq358Gx8d>~8n&#L? z{#NT4b&&L9$d+;s8A^GIPQ-UWV&g(O!BH-Aod z$-GRmL4L9a{A8w&OHq9V1!*N`a{Ux)m#u22Gmj5_niN(C@%PWv7Tu!vz z&%er#=72h)m$>Na7NV_&;z=9rcl04w`_w98Z8zoh)0!Z9{*_qZyp-^`vHSl@C! z$K#BjTQ`{8-g4Yq75I-YPPGLd-LwFO@WcF;1s~`4*4I^a9;?cN6{bv8-=D5!;H9 z+vT-53UxX<&Wp{q=2w@wYwa*p1BFroG=EVp{KFR3pEbTqSB%mOui9gP*_cl*&3 zZ4agBm?WJAcBsoq80%MLHe#Oe`%nY+v@Z|C?9W@9i5t@%mtOkA6GSDkLsMc{ALG3E z1A-G3hgk)fWgK#*BZ-biXULaOJkw}5XOWC{B9;}fGZ;gbS zZDogK*j`==iT0wXa3RJ1jXhzH|*jx1{q-KL|ky;Zl_G2+$VpE9B>a1AMHF=yqs zJi;78IeA1pzlt!+Kg#ld$ZJ|Z*}mzWyST9rHzj4a(wS0fc{NTe1@SvA@wu!m_Ml#5 z$=VO`(J~0El>G7qN2Xp&3DSxe$w?aD7u!k=nP;Z|#gdydGvwx4D+v+h_}f^=DBoF| z<}Ra%r!hsQ0)7CLpUlLRxR}A_IPr|z@B^j(hg|tpW7Cc&{^_p#^X^R3&ub~4Wng4gOCQmo!(+_5HI? z|L^|UPCq_V{3!aRCmI_TjRjTR8F(P@g?XA2#lAkNZ@WIp@`tf)u3^Ouv@dCUz?j#Z zE)!!-A@c9HT|HS?1VN(VGfAJQrx~9z7MfLV<~SN~$SS>P(Ml55GQz z5Y2}ACDwDm9ZVvS6r01Ih6eyQcmys_jccafMAlxG6@SB;&+I%<41vsrn&JgAln-I| zF^Z#wRHr{AfTN_@B&M4eyK^BysRJ=f1gyHV{{cM6-YYwp!5%abFX;8=ui)J<%_rOV>k^ z7@vvJ@~5CSS;<*An?cIVyQjEes6!9GZb4R;P~*YM6ARq^E4szLxL@)BDmY=U2{k?g z$&2StB&sZb0>7cT4-yhB@1rtj1<+7ib$=)@SeK)km)DUm}^$tIyFddq!UGkPw!Qzut+dYd2eTR7Z zvg8$?YT5p8BH|R1r<%-jECW++{rF9B?&mKwH@W!vD~Q)R%H<#H#}}9jh&Rt_oL0SUdlH^jL5KQZaMq8q%;?|Q zpkL~coKiBIPhW=Y2&B2DbhhR!Z><ZMpj8uotqi}Q01*sltY$5uz>#zO@k3wHR{Mpymn9#@ z!v#+v(l*up+bV3c|CCYKF7p+(I`n5h3fqluWfZpPYu_~I94VYlS4l(OIhbJ|sA2!| z#mum0XHEk|kIgY|~Ii zSYgHUFSPI21}#W#S1RF$#(`+UVGARKKp~ z{E(=wZ0wz9kHl@!$xe$&CYutIUJ;`TR}R;X-4673;<3=*6DZ7F@A&YUC27HF zECG%WQzG*`f}rxm%`{dF*`C>~d0t>O)@h>L;i>jdozl7O^>qWXYN|M0G>rYB?1Nhe zNs=xR?iWiF54guyM=<|!g%RspX+Nk7nk0V`Z|<1z%J6_J69u(9^;J!Pm^h(ZQq2>?PCHAX|mp}&dR7$OOLC+c|ca}@s4S*+`CF6LbLJ= zo}(Qb(h;mPE@2H_Ah71|)ugLCH)(3eCS}^D7dQS0O&b4kqTgdgzfr(dhaLWX5W2&< zpO2puVVph^fUstV0p%W9=|j(bs51=@j<9ub=O(FR!o?}>8(f}bHx5T5u$o}!_*QIf zI<;+5X^Q(bw$|5GXVs1p^jNa8H&OPWaFx_{6;5v#i3dNKEpq@XHZ1BN+IRKp0It*UjDf(6TTx$Eh@RZHMX%6qh0#Y_LuRu~Yg@UOkK0VtTK2DZS6|aPnIB+R ziO0PT02>XMT7;nk_hMT!RYnN&B4z7lPSD^`yGW=M0+sQcH4X4(DXRd6xs!o9BYRpN z0u0DR0x75pQ@=W+OHIxhUGZswOCdM(I>Lp|IU}dGQelM=U9+YP_7L42hhGh5*~(rGSu1#Bo3HXQhLX9T@uY9|EE?Z7A)XBsvs zSNlJ>kdDo{oPIEj9o~~q&_v1BMlO$O$^JGtxn1;oITm;4^o$2DX2*V8^IVT5edC&$ z1(sg#@yb4&hJ#qx@>jxBd4!9O4qWNQs0m&ilA5hMY?I5yhOC*B+xbknjtFY!5BI=y z)PE0IGdEX$xAq(s$6@IH_SgJ%fysR;-F@WOv9*5RQ!jTcH~sGL|0$rh_Z;0H{hJI1 zAml*h&`J918+^&Yl~OxdV_w7?zs9>}jdfH(6%BZExngK4*XVinI*AUz>(kW-UaH3w z!6M%XPGFEC6>3;bR1kuE7{JGra;V-9`>Rp z_ABDS0UOJs069LCLv<#4ODI-)x}TG#2;P1Cx`tO z$~2WgL)N3>w|GuN93K`;VlvPZ8<#T2lT^S^?0@}m?*KxWbS*zu1+sm0}3Ck z=tfLZQi7C(7B!i=Kib&WD~PoQ%AXNy@lE(mq*>I=&pKDgKeWWfsnTB`@A+*SW!m}c zIg@>q>A+ug|9W~-ba=Y)K^LO=0oD!X(CWcO(uR$SYw-~H&4oN*0Np$`e6oo*#ZC}B z*Vc3VeA{yI-xl0t>{2|C^T-XV3*A z6l?j<{)$FtwOj?Gw6_HtN~GW|dll^XSO2F}_@60!p$dPK!dHE&b$4*F9u)iL$z$^vE0=M#rmM^wNXwCi; zRj2|k=EdCU3K+!us(^`Q7Gv22cwGZs+@q^|JkgAB;~5WE`H%Js(Kx-39m~m z_@#ScF{L!w>tewV^=u)Mu%&+3+cu20zQ7B+)3R5`0s4!4=w)KdExOm90=lEa&9eA!MWGvAOxZ!uL%H!wzh?3OJ@PXBeqT<6e2z@u zH(OU$c4g98kxw2t2^6CV4?<(E}=hS$L>TDF7qmI$1AE>Y6LnOpp*0yBwOPE_M0qQqQX|A;1IuUM0*cJXr_CEh9E=>O@& zi;^5_*1ZOixLrR_xa#lMmWz<;c<+%kkudQaeA>|Zu`ojRU*qh*y`@l}{iW;Bv({_F zOSmWZg+56+^KLJCmWPL>f1#e>L@Cd#vi{|BV_DNm%len`oC-b2zy7@R{9a$vjY}pm zv*e}%L)LRtkDz76tcgQ*BwH5%pR)ehe*XWNw zS*_>t9o>^1YWR$X#q*z~z_JaKdzbZpTty!|aD#~fcK^D(cz)8xhi)qZL(2Nk;VU$! zK-dx=7UKi`>McBwEXzI&&H1-F9q;u~GX4u;fW{}fC#NP5g^9oomI_AJ&%6KsG?F*= z3k6tf$|QbYEvn~}nPX_8=F22OqE6EXnd5dB3ux!rRMzu|{a~kGm$AQYqJQoFfRooO z5dDH)2ac@pod*wYPy9@KVn7a+Jyw!1cQ>!8>6f$&EwsoDCn_~0Er!y(lc)ai=EeQ- zpZ%uLVTBI;+GeWnVk`GstOnzOOKtyf+KmS(rsT-+^#z*-&I7{3tW74=lIi!H;Y`&d%94p zoCeM3zoJy2%c*6<^G0&%Y+_Wwxru)D_Dq^YaKdZi>#K(BKy)(i4^XeQ;J??dg$R^8}eB~l5b^PqXA^%|doXf-UoK(E$C`{>ovB-qj4 zqtu8__Sed|$iyvqoE5?f1Y2zUK20gFY3O%(8hO;^-X@A(LvQ&^ANT;=v4c7ESX*_*97=5A z%6h+;Oelv6ehRAhq;xavVFX!kM-lRMRT(!x>N64=&b5YuUG`RF`yO2DgxU-GX*M6B{wfAG=Za`wfQU-L z+Ghy*EN;y|X`m7_T#UWI!{8}aOW#(`;oFA`yYc^qK6V~|Nz+YGR&#o*)u_HIVoPl- zECZt1`m-YVLrQc?N{JK;`C>brWDS16Ai`2?8OQ*YP^j0XG!XAI(T_b)TO})n0++Eg zTI*+=zmOV`UpWSIt*z)}RrEXKDxzf8>!Ki5vMJQ!nBye!``cz(`?>3VEZChOTfjC5 zp}GAF6_9QY^82z0jOmU}W15~DdOG<0N+crsWu4@cNs><{#q%$F&kC`}zpuxzetK}m zR`gmWjrZd$s}B*bdvSdY_fvQT(pFX*QgS59r`o*zK5FPX`|s|egnnOZMOod@l?5Z> zHJ5(u4$my~5--$ab?~x349`DBQ|WU-$J5+8iHpB`swa~Wg6c5o-^@*+WNXWv(&VlI zt*~m}iVYu+Xn4Ekqw^9ynk%__mzIR0&oJN5i{JiMRt{)Aa{dM5E9$>R$1zG|fC|Rc zmoIria(M5N@e9UOl&!A`j!0bAb!6EGp+-yINE5D1Q~(dCVbUDN4Xy%r*o)s;&#dq+svHq6s*|pn4uW%Q3yn-_; zD+{FG8m+M|d>MKuG9f>?7G2K%2f9k=(Y1WadsYj{K)~FG%T;# zAv>(RX6}Hc`R$~zR6^~Wj_=6`${uR&d;v%&0^e0L=_UC&{G5)mg*FZ~lV5?6C0?>$ zCFUx=9Q`K5yyvoRlt7n9Rug!DQs<2>I?QS`tt&}jW<2w?8*3)1R9WlD| zyTk7{gtVRar*bz`RctHwuXU*zRLMuw`f_I7dT8dz16Ej!G5Ct|?0OtKqB?86!E0=LS*_b1|O(Th?ev)R=+Cc!|X4$(x(c{3<><6Hc1M%Fv+Z30~;u zYdQ49su5czREB;FocU;LXp*?rFamAA}t&yI_pOopUSfJ zGmCVT3dN};n`cd=tF4hMVk0s8#?i*vE-1FXipz(0eh^9YZ+ZijL>0F~Mvx$MI_VL# zvc7yw3*@inB<|fpT?{@a7i+Yv$tAsIY)(B(Ys~`yo5#cUTjYhecU`QBVX1%-!5N*))YS1%A$=;oKI=zE7aKr+0q-EQY@D4 zw@Gwm{YD+b*#kcxq)ldC4F{x!k>5BWz&iAM(Kj>-Su?M!f5Un>)f_D*aP%ov;P+32 zQn*Wo7LC@lUCj}*$3Qc|-#s}p8HXBr@R>ReX3HkJ!RlP+O>{N43LazLkKb^@5MfR<%|tw%ewxBOY>lNE?|LlyKBzl{Ik?tC&yxoTJ*_=_`c4+_}p zd@}qGE|)Q)lYYK|(OWFgM$0{h#ab-u^{v0uffx*rigGSX@Y!cMTV+jczPGC0LYG+8 z=G5lm+|{D{j64)FX@0&iGuZLpcNlC-K0PRBY#{|`|7tJHsn!D(CR2{=)R$@XdRiaI zEz&rt{_{+4?h8_m+iy z$42Lv>&0)g4eNBggfc_!~?w)8#sjD zeSJnT4D^eZKL}v0OUEJ&SBj+-gJ9mp2PJ9#$>9mUqwPVz+Z+C2;9sxqtFs;m5btMw zh!I0R(DuCS2l8ZzkSqgjI98K6>?NMp2v|@``^y=K^Km#8d_2*HFb-li*X-T%0OPE| zOu1pz%bY3{*Z#oe%xk!w8Tz?$!TWI(WD5Xvtd?`Nnaq ze&)sJZB(CyFrpw)<`EZDWF8>Ke2oRm9E@N<_NEfDOOM0+KK)MIQ8AKO_gHg-EC26D zlAyOOf2=E|&|K)sU!ol&w)~28`K2oVZk7Lgm;G1&CXLpCl)pKdR(%Kq^GpgicRPcH zT%6xOy?w8EXU^rm?EJo@^ZXXsdUmSQZ#%N70NLMJO8 z-a?GIVT%(F9W{`A@X+NDga`LmwGDIpGbpU>DG%$sfz# z#w#O8?Z=CdUQ0L9eNEF)*G)Q^-^1^uHE0DMC#!i74D8rt@ZS9K(lno(4&VM>?AH0& zj}_IE1QjHF@Ehb}RFINIwFPCDhArVg(Tqvck&Gv$9SAM`q=)b?6g`GKnZWHmaLb;i z+rn!Owfv#=CM+t^Z*xL(e@S6FKdo$esNq}!Bk^&QCM0!EU=FV=8ZU(Y-X$P4bcw_# z=2i{-Jd*wN^GDHyw%Zo#5v`k)Rol0I@yn#i;uN~|sl4R;q%3TiZ5ke$QtmpUB0Ol- zKK6HXTUq}SX|hv?n-h0vG3q*^y`wfM*ut9a)uMV5=_LHj+0Ax-QP5UN6Vp9n7!fIbZoutH|TTO*`bzLB_ot!k3s zz}8c9;+>Mx?y&8pm)jjk)%prWN54Iw_7HTH=pOCB&wf*Q!0zm{x_u0I|A1`+ zYEv`(G0RJ?x(`|}ZMYdC*Au^M<}ug-^kc{miM1~IhuT=Vl6P}VV$o+llQ6qT3&R|P ze)20!%f`cYXU4nYdum=1Z z?vVY||1nTY*WY@Sa>Xwzlm$3X+3V@akTvLMtC?PE-t)GvoXx-!H@)a+asz_Z3ii{R z1sCuE{kl};)+=UUi(Zwe^*)ujUJQd(`S4t=x>qJSuRp@g6fhs1iTcmar)RZ3N;>Vd zkxtxJx+<(SZa=AebT-b>UE)g*-K>N&px`JxXQ zkzeM4C|Z2|6bOuncd5XO>;P>FNwtoMkIEUDy?R7hQ|LBrp(V5+wIO{*G|lflf%R*B zn7XF5@{-5P)Ga71n?}YfdPKU`mlA-6BX?xu`WZSvZx|}aizK&=i_o`C#8&M5pmO|j zRB>j*^fs=82%}FUT6WuuBJ7$}8ZoFzC@;D?kaCaj(2?;<3SBcZw_@k}RpZg<@Wbqm z=mrNE)Lw{Ihe|Vb^8a6+H_;_XLYf3Zgc@`RAk;tb`{nc9(I#fZLsDRbvs$x=BIc(j z0MP=C(zSE5naXU?I2*~Tee#a(G6Tjaca zU*y{w#_`|vRi+iPWKmsMHH%d z>#~rk4f%BX1s&^4J+~LHcJgN*My2!m6xR*geog0K{Vl~^<*dO+>HsN8V2|Ah4EUQD zB~`Hw)m%gdpH#n0GX?ZP{}5`FE&wl&P~(%lNQtwMC+piQ#VZkI!_r%qG&aq`iJBw+ zC~B}bUJfc}ETPP?V?SB}h5!zZ*?U;={w< zcw9k0#S>+BdtS4aQC2Boo8G03-ckx>eNhc-Y88zip`$*~zYU6Tjr*1&Al<|uJGHoyf>KPGPOyTS6#DJDFbu1NpLXa@i+Pzc zY;qQv-SjdD$C!gv>ZFyH@MPnN(Edez86`mbTjHE-oMdNx1*_)rc&?P_alnXpj{_p{ z3rnFUGmwKW3`0pUly&#YE-Rk)wzav~V$IhPb;1J92PmF%05tVfJMvoT*{nIgBSu+q zx%Cg(0d4|EmeC42|4{Nn|0jEY+iOF;rZCx9a32yZd#t(~XR? zxW#tTp%Yohl?8|J;96MFufRG4Qc-s3uI71>qQhD_%NjudZFEG&gs&}bc`>Yd=;P{_ zI@Q(@WXPJ5>r~{a!$-^y_We2gR2$Y*gzjxlb%*Qu`%?)DHA;b}x~zE%{#Aa=&k*!$ zkJb9)^qU;=j1%y~!W&SRq#2YhjKtxkYib5o#V^Q1FIiJqmAI^}Dt0Lo6#eAvJ^uqp z+zt2V#v|+U;7=0vYezczv*+iO4>LU!x1P-=afnDC9WkFO{QIiZ8bYb8{Up@zg~ml* z)T_;4N$@msoEJY==PP=%cegO1Lbv~pG_a6iFFl=BKG2Jap{0M%o_wInDrN6n{A}2t z3^)T6%1I7HM7ci^-2BrLuB%lklVUII%Jn)!IM(CQ#cfg|>~YIf}sYq6XVCQ@9dswIP0= zwT?Q8j^?j@%5}86`Zxs>;kgCgK$c#s&BSf#uKE4ZWOe%O2+DVjm-)&ai{2XQ`E*MoD#vF;ApO;zUB{7+~ z`Pl}vM#X2W(){E?p0?UDH$TT-NBNog`PIR0ewLWC6~0%MkagP3@v!=Daoz1hwxU}HA|TM<8z0}s=fMsc)~ z8OkF6Kk(^7rm8JU%apw_q9xn;j5+q+j!4wH5sckSZb^SS{!*c#>!e?|f{6H4oelz$ zrq)-MBT}%i&&9#r$v0&iruMfEv0oezTGXp2M5bG1qB=}aYBO`nT?FjZ?U;MkeNh>0 z%B_s<&Yk(1%^zWZ$4e+HvZj1omFUI7@eq;dzsT_&{(&V%)JjVNj_w8k*o#`s>d}k> zLtZW+)HV&=xlnK~^~xT|qA$}%q|Z+!AeVrtKVbA)hHG?O7VfLkb(kD>*G8q$wnOP-w|a^l;8S_Y~{T+ zvOBJK+VDLTzjve^6FjC3II&hFxwSwpd?P99YEi0f=e~T9Gh$bI1Xl0~mk~ukt zPNXqnoZo!^8bSD{j}MbtPqt*=+7~$dM-wNTJ=$a}E4y;M z%D``}CACWy@-qT&=o~u0`teN>h1ts$RvDi}QfPPC_9@`(4;=m6QPaoc>PfF$q@gA_ zg^4nHB|9UzjgqU6to#N&-(U_Iul8FR$saY^T<2ueUpcyR2kvpumGKjxEBz@=^3}3B zyMF7VUB^8MGfyiZ)?#hoS|5?8Bk4(v=!omd*3-YA_6XS>{Sksef2zg5Fu>{u@pGK! z(L{|~SaWNPCQ}{6=OFffv3RSeHTZmN2+hGc2p+JeW@I}d>W*TuH|?+7*>o1kLXEeP z2EtUDT8=8Eve|U4h;BKsGR9ex&FjCA69YSV@cCJrdXx=nHXK1~RH9d|^^0KZmsfV5 zB`s(0;z){>Y&KZyvZ=x2T!TDD$O6%@(hkiPVuS_u($*hZ8X*S^XxL+jt#15~6r?as zqP7G(&e>cY;R0S-YTH~YGQe~M)Gg+R0_cD5O`T;{|Ej#f3Dg;Q(*;N_YCmM?l{tJ(UQt;S%~#iWm=_H(k^1NCO{ahk-TQs@mU}{FAtMH4=MgMC|WXAZc?Q`ZJdMEN?8_h=&h)@!s$( z=s3=k%zrlf`gHL`!22z9ad;l51Zy$2RsA!2e(c6}-}-hrqIe4qYH50B5`1X?9oU5Q zC;GVgc1s^;kMn7!S$nS&L8~qPo4)th_|K<+^;Ql4v>#7y~!q|N`g zn~1mgH^`3=bPIh&ECii%&s2)J6@E2RGFfRJ$#1)b(*jW{tGnm1%_=9N61e?sowl~!ycui$H z(+l-9nfJ*DTBoxVS}wRcc83Ax&+}~4zwJ&XSO;Z4VSLOfwi2;^A74-{vgMmpD0Zg+~#L_VzXv|EC#AMkk?L4%uA>3pN6!4@Lv@mPz`2L+Ow>_e708dp~iQq z9f3-m6b5(vn1cAE%e7V8c?B0j5RQ(13O_;#{k}UnuVTX%wn=XtkxLFOy*rW_d-Uyc z7D-%mw<|nl5>6UJpVm?;X9b+CH@E%53B7o)7M4xWk<~sU3@v)NyBHuCV;|YLrJEpP zC+b0Ka@epX*|4d$>(<;Z_IexV-9!o5i#_Yfl=h0VvbO0d-#Vo8ze1k}Tj+{E^t}Nr z?jUgN_3G&BV**F#^?f{l_StfA7%h=w*i8G5^v7Dvortw{CQ|Gf%TdjQrJ6}qu?<>_ zt4}oFVSiGu@y13aUr0I`6QEs-r3ENq2UY|Ixm}X_YKIc30Ai__8dHEft&2CmE5#e! zgHxruq4rOm-g%T8H!l@43q?L)mo=u(FoyYXSV8PP%k#!_O3o*}y>(wm>Ad)$jlY>x z-hJb5+?f*rFLrTWa_$it*sHs_8C*3zXrMZf3s1 zSMQTQ8?Ac|Kbdy0zWNcv*Sk}X^%9fYczd4}>U-%Twudgqx%Ud{=s9mI?MNM@7KD1% z>myqJc1*%)UWYI-Tc{rg5!zENF?6lLl!zCLp_&R_q?_hD2isZ zYB1=awm0aGw|-W?KC2sw`FDF!>tU82o7H+hXyDq|2I!+UN;25W!mw3)bM5WKrUCjM zEk8jG3oYo$2Wf~lx5GnKOQA3XzU{^D+#;IP}Dn-8xi;}Z@ zKtB}Cj%tRw2LmCjMm^2jm@$rV#GkheAMlrW@x@6yL^E{cgk33%G8HDRe6OR{)FzMP zkDzFm)_L)p#!=ACli1!+H-eZR*!C)x%EB>{&G8YDEuDE$T$TNSo`pQ&3?9F>f7yE? z*C}9PT^*}s$^A=4^ce!ZL zzK>b$7qlwvI=9U$TgjGv4vzRh^W{Ccy2_-6*htK*zUhip-nx(ciO%G1*7*S+LRmg$FrHqcmvQ#((*(0MET{OQY1SBLUi)TAVsI;+W>J9~>o>nqmUfYk&TK^n{` zMO+H|OW|Fp#w<;2JrPNuGYNF`?>Q&mkJI>$(fHa?oTQmtr;(m$ddZ(67O1_0`Nfz3 z+tH{|j-PL-8YUyo1-|V`>P~l9^^x^0m^wh~cE{uJY z7pT!OC#I>*AcQnZLyqG&_>C*mZt!R_2RqXA#gTqu=;t2h#bUVvnQc%8O1gIpkxVLI zKHN;axmc9|YbMw{3nc~?KwD2l&0Hqm0~TKX!iN=*^}(%U2xnkIj)%u-%9ff0h71){ zZKAHW(SJ+}y_2a(QJ$ITqRKK+m-ta(Q{|#QKZ`bMwS@n)A6F=}LIu0p5vc6dWT z=lOJ6lc%o4ttrLz#k0HyEUIRnTX`kyS;AyKpJDSpB`ORWWtn#cIot5Hj{H~jpa~cg zxS!XL$}`Wos9%mJN^3F6#}B1r9g)Ja8*}Zt|0+L~sUwLUu@Z9w)9rKr>xG8w9cly^!7bY z71%v~2xHI-0rhwhph5^xr?Usz!x9zQBVuc@AtE0mum?hk-%*vj_4y?+YVVDcu6nKR zs{T_KdfDGqF5X=H^1^kqy8feb$W|HdV_Pe<18K{Mc;J>>#O`gLio}>UZ%7NC!lCDM z3}azM*}7Z1uv20@mcab-Qe=U6{}c5nTRwG^$I>8Lmy^x;m^UCE+I5aep58^LJEE=^ zi_Ek^JgAq`4!8HA{f#4=c3za$v76gZNYmO!Ev>)CLrnp?J@y0yZ%_k-8>Ra)A{KR8OP!*hZ#wevU?px(4fBwB~OQmH!iN z`luxtP&{0Mp8^gxlf97b+plX@;Shv9F%eut45Bxga~iT!p}mSvdU1Q@7+iDK(SjpB zWOerZoh3rxbZIaE2pM+i&>eRW%yhLPA*@Mvh1YhOKF*6T5i`?SU<1E{Ps}ZUHM_r8`dcRZ$(d%>ZYm2Kq_k|1~M|5IohI z3<1gN3!M4lUd{`tFaPcVtoH051_cU-Z1&~DadJr}z?bgQwSxk4ve+qk3MHERuGm*e zXg(ga53y*i+FM)i@OQqN)k#Osf~KCpqy(P1W2zZSySpnHnHwJCzei%>aS9hdRyc?H zyHy~*54IyG;P4NdBO3f=W7XmTdTYOux7Zr|b;aDpp4%PQLBVguO!!~lPQ7T2?6ufa z`|bX7czs$6!Jgyn+CDl%V&3!AXd!IBgfOXNi0)E*kPXlx&hAm>d<+}VM1Uz~RUrJv zk%BF80Q&P6S@NqN=7b;b2heo`_XYG-emiaZbU$my_Ax)%>Yd1!+XEUA)qJ=PW~(p% z&wavxewz9a6UzZw%wit}az(gGqUD#=LRo72IQoi804-c1@K&SqZQv9WbKEzg37HPK za?#GTB z%wF@0{jOI2u=Y887+C4Lf?KA}z^Y2=EH!8z#v5~hmpG%I|28jsBdsUyBk#Ih+ht1ky`ZitgNOsuWaKqpsMaxf^yKh)ph`ebL00%_)}{5(Mc<|tRnO}f}j;;iZErz|iBx>9bqEG>cUnC>blG+$!6p!}MbL*^{i<{^6R&!-<#~lscw`w`)%Vfj_p$ySwc#Ajpf)YL{@PazH zRABl#yQrurWNkc73mL3+jZIp_*hST9En=2Ow`8lLZY}9hmLzQN%FAzbxmmzm%Az+f z5Lj>3M9ovXNyXI6`8#NjF1OpGSXM1HXL)lg3OZt{o!{5(HNO*qtgjHPa|G4C*CU_m z0HJ;pW|!VLp*Fw1uFHhlko8n;r!nT`kMWrp53a4QJs61MikBuoi?0&QGM{Et5gQ8U zr3XRvhvrB=qzxVA(?sB);XV?X`>&%75KWyX(Y5v{*O0zyNV2w)wFcY5vb8f$Vf)3IiOaHebYt_!gI_vgM%ICDb!xCv>vUz6hjkb4vK20mAmM~@P?DWPrnP)Ng!!34hBUUB? z^N=4~px6b(n%0~6$#LCY*_YXMxYGULV!E9kwf3hQzgN|tPUE+qp5pb}xOv8)|D~6J zXFr|#_s?y!M|_g*)MwK=bZR5?fKDBi>C{R;)^=)%s6{Vz>Ldr6ZHN1v()f=3QHE+f zKftFNt;c2twNw9~f7+vfd~eT(-0F`cG-5D=IsR)-yTQfBakL?lZp0c<{$1u`IF1toqPBl9INu zq&3fSU469twd;{k;Pi>WUln+NN@w;LE|6>!FxQMh*h>VK6GQ*Bf5fqsZD)W)+>=T; zyF*ja;!z;ul=_Ctm>vA^Z>TlKiJ0C_=cdoeaXZmws^; z>~YvnXX-Y_viGJPnx@i;VfRj=^0~cJ2O&}oo98}QvV|HB5eEl-gFXd*i%^c2hYq_KEYkm6O zqCT#rW36Yg6nh`w)4%?gS_lriQjg5(-&&s8%Tc>>#FE#>Rld8uogaAv-oYYzgje>? zlpZ>TyexPRg-k`T^!G+4f>Ul3WU?(}0u$^<>52~V7rFS3yhUi_=8u+0d-0fPU9RYB zsByg@D~U2%{@o1{Z1JkvrsHaLa%CNkuG`GUFi6Y&FSCD$e!TfR5bRx>@*t<@j-6AW zyU-<{B+due9J%_A`OR76p|gqL`#&4Wn@9P-vbhfMVs*tF`x$M5-*7I-Dl<*xV~dQR zQ_z4_Vwz1BBmCwt(4V%%J3awzQ(Y{_11A>;D22$9PW7z;@2DVK>V!#$J)EV zM^#;W{D~wGkT`=941zMzr~zNWN=t;41cRKx2}H#j#j9ztmTDg;32?z`aKd94ryYCM z+S2x7?ZZB7t=B4uwFw|EEe5d2qg7C=dmJB#tq4@||NizqGnpXv-v8(Sr!{lV*{`+N zUVH7e*IIk+mQm5_H#D7eDS2VF1!%ES(wM~ULl&%%z zFeSr-Ok}9fe^Rg7t*Gc@_E&qZ9ioQHHgqS_kFEOA5nR&oG8NOTx~!;W#JWp@`P%U; zct4W2QZ^QQeV#j~|HwQo3)uxEQCQvy5a$bs+q!{RKg0(D|F!uUPLjj)avm*wEl1I= zs5JxM5a6@>^VYd&RW9bLlf_ttS|VMe3B4gPg&5F-()=~@mD zg)uB4HcJ^p42X4j8xy3+=|@%#k?H`~@C;ep3^A^hL)D-3$C1VT+BFR5hT;5f7-*@0 zwo$tA1UP2WGB=Dq zUvG~$&GZtUjGx87Lme$hr&!B505STtm8d$;BDF9^s{Me2`u@TZuv;=;K9d5XziE2S zfTLynq^-=D3;62rJ0_BuyOyMaW@)KEd2DBcsd-1MlyYW|6Iw%h$e(IMJjBeWe#<{3 zGFi%>Oy;DC(hkA{>g?WuAUaAg8!Y}dsFLC@u;^V7U^@&6X!mO+F5jRM@7D$KwUGmV z)%L)`Kk#c+GYq3Rvll;Qg)|&p*uNo*mTOt#>%MH)_(0op%Aj}`L~`>Ey#I;4UWeW5 zrM$iw119@Cx7XXd#)>!E=OGsH^||z^-9kqY`z+tkNXT+k@;I3VQ_#!bX%!mzx^N|0 z{h1qCN&;<)@vfsGWFR+thcv5VMam!zCXY4}VvbDo_qHy^LqIax1;Pl(9 zey9HT!&AAR`*RRXqA*IL=y%mY(m9K*yzfDZAhcxwAEx{1%ScbZ%vyfe!g!uEZTTc# zs@xrjs>!rZVvm<(z`VH!n|1W{4-Hxm|6#GhCIQ+Y;k7Z#?76Im&hinLJ-#DfUI!wg zKc#{;mdYh7r1@g1*0J%l{6U_Ii%7Mx(Sr7G$o{PaW>h-l)+i>XYThu$&T)q)5GG$R zyP2TLM!jOYw`xA_OnvC2EXS>xp2Kln0sEXN$2G*q2qR>G~P8#Kiq#cjCLO_ zC`!$@2l`l2=a>|HOYJ(=ux6*J9p74TSE=!Jwh^lUk6%kyCWUYlu0SEpKt9!^1-9_YTbY2&L;F)wZGTR^R6jTt z=#WjB>Y%?t@0N}m89z5Y`A}-+s0wZ}l~TlRns555>J&%mF#Sv;>OGR*zc`~$nCK@5 zZE}@M{>;RTHmkx<*7;L2#H9|^{?3{!`;lrE(xT2&Dw5U(t<}X9+B(&mcW?1$iA-d&9ljs9%44QToXAnS)Bh2V}jenc>FG~A7Cl)I^HXea7^4gu&!$u#vD#h zOEFoAYHnYig>0XR{g)uV+g0nFPMWgLm-v=O=So_N57b4*ua2A5hhtlzJhXKkZo4||10)^IcbjIWHtL7jd!CDE1J0cRkW4)*t)VPpFGaK8(6r2I&{mmqVl2B76Jg^ zwPI6ynfQtSCb$}yB+s+AGJUqH34J)gQIPA9e-eeOl<@8r5)y@9!M16BVlyENiD?&! z*EHw}SsMPW3}4)K3_$O`M}Yc0qY2=Nl!q)1O)#zk;@gV;qOQjyo8}5`aq#Gx8ZS|R zaagAdRLGYvmmi~*OD&1X3Su!WdbT5wD4hIFCY?^#nBzEg2OBZFMip?REX0>ip7dn{ zzsaLmt5vU?cM(y27M$U)c3+$N!@sxhqdC|5RI2&KTA@D#exGw2@&~rC<|h6g$E83| zUFHAt%2s>NWM6Qu>f7n{UFRLxp4u<8P?imX>U?I7|IaI1=RK8u$=|N*eYuNmd#YU} zVAM1zYgzPgaL)DoEovF=J#(l3&z8=<BB(S}X*}iX_XFXSKp~Tpr*Y}9)gvS+cia6{I=Ip^f zZ`-?G8CpDUYyvGiyaUYYZ2uC4Z)fG&E$qAj<)P+tUbLWi7WD_B!&j-^E-)93s@W(^tN$z&_@8nG0eap zH&DT5FWNx`JMH{U{TD#!#88Fxmi7{p^21;?eU97=a*sDz_kpe#d^qf(8S8~8brSmd zDNgueRDwbo$Sc_59bdPlMksAEEzD2byl?Lb)NQhNddV9Due8ME8bSDjoN7TBrcpau z*b#MmnKqNv1FvEAThNsk;>`4A8sDnwzI>W>u~xohBr&C{K3~`gmmReItFL|f6$<<*M(^7@xzeA9;95uRF!bIW2F=nrgWtElK*l% zFJ{rz@UBGRj<08!SxXZi7>Oox3l?y*?i&8=b(vbHl1XY96Z|}1FLPgilr4I3wrHh_ z##Qv^F4JSWKdwwg|5Dv!7FlW2vBV+$a_5t9kKA}WE>Ej1OYF(@lDe^ph=Yie@TOfd zLTt}j`4U4<=CYq#H_ppzJ|P*O8*(>Ey)`%;RB(~*N#3=I0IT2mE`Xr}2y$ApC^CI3 zSFi;ZeZ;r={4Eof_9a+FGgj8=n>f?AB{45Q|4`tMTT!Ai?i)3l9MKbhh*WhnkAgqE zfMth+aUb4ZoRooa&$zsl{8W-a>A%}Ean|N@JQjoW4GUiD>Kcb^kuKK!%Q7I{m>t_e zN7-K00U(;@vyhs8xM3d5lNwp$`3g&ix}6c?Bxiuw*t3sN!>TSjEwil6RvUyUZ|9H! zr8B_D`1ERebA&U0@0`!lmCM3<;y?EYJo8h2T7!U!lZst;3M%xvn>m~@2Ow6OQirNK<}zC-D#4XV-+IAB83i-fB-_c4SXsPAGeILSlTE zJJ+b=Bf2Qg-gmY$um~|#lD*E8=*BHApX zOdYLQkEJc9%C^44jO4e+*lL{74xm=J4mH4DR8Kfl2WQ~7+W2R*B!md6L4S|PmKRtm zwMHQLK3U~(Ma&?iYOPO!rNTI$J`61Uh0XaOf2qbR<>Th0J>B4icz%CQuRw4!DRYbP zjBCHCE^z*O?7PR!zj=Qh*@HJtaE@HldLu*gzjB3TNN!bbXdiDZT7l|4jI zYcce3A-tk_lDFWF;J>I_DkSI8qU$UPqZ%T+{^5>is)kdPX{FY?b&_5LXR3KELbgS64IMV0VVnS-keeHe{< zqJLq;ae;*6+0D;`!O#2rv8#En7rir>*D?iPHQ`OispvS+IWK7Tk3lwT=GGBHnH7wb z21YBi6AWp&0bwgt){Eassm~*IHODa*1tWq41cT=f$PJ z!iRE)?)l}0P~_{bae?S+)ztB3A+EF+hw6GoF6L}wo2n&J1Ws5<66dA5;u#_ z>IneYRb&nai9oP&lGT#3@&S!l_zoMkK6-fEtST=tE8mL&Q^#wCObiRs@O_+yIVBXo zwIJ4fN;w#doKoR++2EJm#4IUi98j4vs67Va5I7CG=}pwLyxY$87Oa_3z{uyX+45HO)%>nah+_&4 z8vUD4o#@XkR|U_R&;1d-+9>jt9+g-7Yvq0@H+NrhXF-rkrA-GaIT~4f0X+cdf$6Z` z%6Lnr`zGV3p3GBhXY^p#tigzSiQ+!I+l{KbpLq@bOFJFb9Z#n4>nGr{jlfp5WflU| z8WkJW$u~+2a`K*)ekERXlRr^o*fr*vvvH5hJP(np9MeKrGAHno6zYr2Lq}v+livQC z?$OGudfmTn{CxexXsv&6X#QmAyXw>nzY)jVJT+cJ9NWQ>vQ2@f-XGS5m>~JpcOZ#M z+mM*VhHwpHXW;h|fmsmC}`+2dJoRIk)rU_>Ko{O0E!>9xLFw3rVI~#ZSF99bd$8~ZIJ3+0O z`Pp>KpV*}7nBSLOzQkJcolHJ6)z20*lU&l8Qj+8XX{ty95N47&zus2AVkBugfWrJ6 zLaMo6fHA2mS#n3`x?d&=zkUP2o}qevUug?hckp2(A1waNGQPSY6RTn!9%#(J{Gns6 z5a2_n8?O4aF?8eiPpV`7<&0mtcUR%u{#Z#cuafjpSIc|xl3Vx?cxwMJ)a45$y~hi$ z`dU1X0T{?4e7&#_7GK4Zq@^=aT=`9gBrz0g%tfs}XDax>OVkvZvsO{5#b>mm5r>N2 z$_dkBa)g+1TTG#!fp{SunlW%IZit}CZwK{*QhH_H=sNd<$jlNwY`o_khKlB<` z?8s#hWD7SOv$H84eLM{6B;tHszyqJ0e&{r&6uOzh6ZvS~x&27jy23#`T5TzF<br~j*gyQn*4IJ?GxLrkUFjc+W6-&fDWh58x2t(_SK$mYXvB~X z@pk>Q&j7pwDQTQK4za{M=XD$$=MCRvx#pI=Ue(T)$F)vXm=%qpZl2N)ncwid!uIF% za?w9V>U3(j)*#v}GUpx2aGj{5SkdR~Tfu#)a38d~&DOaEdCix_FKdkFB^r)YZD|=v z*h0%TE^Bmr<3u{)&R9YPL93X|$XCaD15q#NN{&;6=Sk;fCX`+L%?}RxAgK$%)Gff; z&HjA*b3JSo7(KyQWA%5s@k)DLAwl!~0%<5IOzxjn!KhZZ^ewhyu0#p1;cZj~%2MYZ*#$3fGJ{gU~m}qrx z&AvNMC$)OB9Fw??^fw>&${ef;Uz#<0CX*{gb8wok!NL~fo!k?HtaFv!LJdrG5G-sc z#9M0S*IBMRe1C>MZia^|RLUTCf7vv*ru046XX$1V>C`vW)Vh>`Cy`2G2kd9@l2#SFtAXTY*9(jD7w0+sFcf@hHB>6g@~a#i%QM2)~Zk0 z^wr8<3Q=j3kelyFVa(#k=2W+$I&79Gy!Ls2s5}0V9qQ}rvP11e*4Uc(C5;Snuxdkd zpJ+!f+|t)-fU~u(C@{c|G zO}JkLF!L{nYZ(-Ms+}Zm#EQf|MC)^5VBupb84rSqKHhqz<;6!0`7$eKGq+9EES)#q zp6;w^?IO5iFY?wUF75L5=XF)%8v_g9#am#>56h)})Z$vhR;T>j*6Ph)ieVN$1ADqP zM44}%Dfmez@`=qXL#84C5K??zh@*C!Z^Q>89O$SDJTdP}YP2j8pEN_kK1Xw9Yb(`9 zbX$jh6F+dTKP+GFe}0%>hMp>Q=9H4|M%a1<;FkbV8+h^(MS2djT@1KfpV3g;R)A|2 zmh>==F6cx9zw3y^zgim3e-_Ov#{}Q%H9qjf*wbsHZ}y4A4q9XHwl`|pjx>Lxwsn5L zUd@A&5zNGDKO9Flac{W=p)Q&8CNrlpc(FmX>n<6PPk`b`EFFn$G-)0Y1%CZP?UJzr?Fz*$X6;G1S-W^q69Lsvw}nz2WX#I< zL`x;olmLi6)yfYFvD^8ps5jgk8#$OjNfpp|S$eFqK3SXMTNpJa0;T z;ERNc3wNXm>W0!cpf9`lVolF18CFdz+c3dz0?|TS@`2WYitM&a;Ro$XSG(=C+5_A6 zO$eP5tv&(HhaYXUx?=(l&6A0n&R86$v6a}iuC06pKl!>&rJV=;Ba7nIfpBia;GI03 z{MbB}i||5h`T9Ph{94MgMSq^nYcB#L4jjOrp@V^ELfN+3=<8Ur zH$-B4YqzE+u%1+TS(|?+@-?i{i)ReBN71e&wC=(45?+4l3cMsh?xfL}dHSe9&%c|R zYb{uJ`rxTsq|gz}lNs#KIFoiuBz`UZ?^Pck+A9)x;>=g8znwQ>;p@$PKBy0@*qtVd ze4T>n>@XMX_?W$L#&h7`!=gA9GgRBX)E0&lGR?g7U4bVjHPyzRs~f)MCT3N6@+Msx zy7-j>NTx1!MU%IFd?lD<&A#ga{qnE1y3Y+UMyaemetl(qeA#lo0c>61$-R;I&59HG zc76V@%>aw|1}`?rgR(}O*F1fQ$WmC#SAqbUnFl3A!b5A8UN)UYY#93+R{X%imyzM) zS2i+r&#l@YSonfonZ}7b@{?7E0&TzLJ#j}bJwC)^Z2#g}jji*)Y}cPa+h2hv@WkVm zpKt|hVBt5&BTd2#txq>C{17`8%VC*Uy+k>qHA+tOuR%A_n;}BHA9XfVj`H7bu@T?3 zsor8v|BWchi~F2(!CFIc(0ED6JFtV@!zoR^zm^2lOQw(9xTpwy;M3(vvat+2Bua#k z>}w_tZX)xJB=D1Wv&+M{&u5p1Pqt`*kFD!8@`1upCNJI53;rR##s6OFuGi6sUV9 z?{xPP^iy)_>N5hLKAkRk<~kaAd_CG<94ue==dt&bj=<^dqUH{8t5p`^zQ?L9EC$`M9{PQx;-{YAn zyb^r~{*AoY>~4QIUulWLvlk+-j8OWo&=~U}atmT5Oo98&_<*z{E;iFV&(M*&uZ>iB zh?!L=UPR)<6xr{$<811JB3~pG{gE!-HPhVV5|6u_#2`ie_DLtX!rVr(`STe57}rL@ zt$=j4+Bg{qU~kuzV~HHk*4S}#SALAk{MYOJTFnUCpvxlthif(OUHspQR9QbCpc#QD z+etr+QJD_ia3AGMl>QbD7l9}1%FlB3?{?{(^3Aj5H~HyIIF(-|qx2wwJ<>t)W+h;U zsL7R|HjMhY2bViW!qL@zSfMekZ3#rb&sL-7`qpz{YunYlL7O6YZ>M>}vPA0^@b6cR z^u1nJTe%igudCh8&#LjG1B-siCQXtF)Qgb@p=AXR#Bn{5(6QV(E#9MKm5WqeQ90)n zy=};3?({R0xA}{}%(C>m&PcB-N~6^UaK60eaiWbzt%#Kvak=!xEc}6Hh7A(=?*X>q zn4;BlS>$x3+{W~sNdUap0x0;oIJ>pwM0HBAXC#aC@wHoCty|)f=MKNLojzy9t3OZz&2_{WB09$(w}A{FYZzgKQ8y?&G4oB1W`T{F56c0#DvR)(-;F zQ+PvqEv?Ugt@X}+`OT-W)g6>nK-A?b5C@yCZ2Bo!2s>3Lm*z;K7!o3}-3XzgU+fK< ze@=MJ2&7s+o4N&?j8tmRwHbrTJ3ii@(1&H1fR!$Q{_TW*3xZaKA-DhB4QZ49+XB)N zrSi-sO$beBN8hVl`nl3*29^FR((QzPkQCtioaV=8Z6&Y2OQs>pGy#howaz=thoSm# z5g)(-IvV+XnuWx(QX@sq>vKDoq2wqO2iOYj5BO6!4 zNUQd@TyE93Rvq=m7vSq1U&WO#QTQt*Yh!3C9i#tc=7U{-myMFNO}@ue<`JC~W}oNu zLiBTn6-N{xpZ->uuYE?n(|WKP!0F#^{{wk_!MUooa(17ms3MO; zc8DyEqLC(;8LaHS)k~(94?}x%syST+6NSHCopF2~ppM`t3idsxR%Db;?~!?j&`sbg6r@sShjljHBzKrhayzjPA?V zt`A}FH0dXshnhLAhR?r9{fM1;<|fs!m#>UJf6WsNhuOlDDmaZY=XJZ7-Zn!q8rT5* zNq-21alqma#dvRfe<8h2+Wxd2Y;EbUQE|hV?!9F%LcFIh4K_!Ua-5`hH=LsX)F}9) z&DfM0!6O*GPpV8!T01}Hmr}o-xTf>mQRDJ&w6PFen6@6V5Hi8r6wD3Dx_>$TAFFlrs@)sD!**EY z2aB?RSxY|9(e}nGX%szm)#`7JUyF1iS2l{r(%sxVf@wCd^B6GmHGjrlEV;>dPH?!^1+gf>YmfZwx!S0 zQo30PdwZNc%v&;$FT9^xAP6x+723!o)p;R~xap4#QaF4Yp5}L+;8$|+3W}u9*BfC* z2{pJ;znpVY$io4JyGX`p@tkr&HLLWxIC!k{yR*kZ8+7hm^sxL#PlIMHyKpg&Af6=V z0F#b^YAH02bbqb|@#K!KEka8Oa?Itg`glqIsv8N8{$7S!k6Is~GgvH)#<}!0-{dWr z7yOufEmsk_8)!&vpouR839)Fue@+|eN4 z5|62LX8myi>{s^57*!p8g!lHK4_!&sjgOFJPQ&mlNer)u`JBOzh z!tCF!;}!Pi4!NdYEUo}D8ol@cHW_-Hp^i0a`#6(WJ!cDGkAZ4f6B+(OWcbD~j-q&& zcI@rtb##r3a5kKnoA{4Pwf8-Z6fKMv05xi+GW9y&0*kdptxqiJ1^&1-A$(vbl3FAX z*%fLptl6jb~n}uUXqsF z?N|#xFxA_!s$BU>?x?G4rRqy4b;|!?{GX;t<_8q~HITvhhtvk}$=kIhXucq2yTg_p zV?}stxsuhJ2}1ipFGlPm`|_xH^rbWYuB3JElu5tjlX%B;dE%wfbdpog*?`4jOqwEL%j zz?nTG+U?)k%xNt7yhQ(#PN{oleSsS@;`68Nhd~xd6DHbEKvmQtw2T~vGU27Os(n1bI_7~{M7nede+|}g~ve9 zXqNV@fA?-5>QApfu;^pQUmMkj2KAwVqq5#VmS~|*5wBH>N}Y|`r*VQ9Lz1x_SwyR6 z+I&;&CgeYOHbwuTO~|R&@a(t%p^Huh2ddEAg2qIA1ymJI)Q4Ra{syK@Z*O0(vT7lE zJ1rzz=2<7m8gdiC#x~BgrYm5u6zIfN3~lG*JG0u(%Nf*6KuKFkpzVKv+rsxpWDPUp zIg1sb zWEDOS;gDydfEyv$?qJVYUt@7*)?X_C$d7&=lVcxscyxNX{V{I|$9$+re}_)bEN5Kp z>4L|gT|~71*$-BkhXk7J@H##s(Bz(8NijkhBT=}H`YsvJ=2&rBN#Q~ z6@c~-*8uZ#ojm~qdP$uQ1Ge}}>HKh(^4x=^KgmD2yf^O7tJ1f^vEEV_C~GC_2>u;( zP+ey>*wd?y8JZ_{^ve5m`kOuKsQDubGspQbhVcGN6h8evBXdEc@MdS2j#`ne$Q-6> zp{wZsZT;iznt=({)<0GCzi{;@>tFVNsQ;+@0T`u1s>`k~BR*}YUfI_@R1DPm%s{aq zacY{e(f;DFhKl~>c6>+oi#hZXJNlMxj?{Ai9e+)Vrh1Mc$YY0%d|>Ohf(F_Mdt?Fs z%U#}GM2Jti@9rVsxJyQONoZ#eT>q@n_zdYVnev+AQ$g;=A+| zFHwV(VOWY=?PKv*`5~%Iym+q5p?5DX-SL*K&&O@pH;>KR%2- z#Fz~GMlDh*EkuhNU|cczP%)J=xR%MnTCaIA%UVA?BZswC&rvgh`=lud*tTv^TO(*o zwOGdK=06#V%oTsZql527sfwH)y8ivQ>tBt=ceK_Y>pB#8;))`vOT2i@60n4AJisCX z6n4ba1@aHxq0K>MfS)M*-6cyI8opa*Wapn5gC;=qg)?-!)C|;SdGr?f(F{wFNPsCl!08-r7y1G*g~2R|{eH9k4;x6$aMl_)a3 zsz)pM3EYkAtVOXW$XR4DMfLD@#(OPB-Tyg>= z1R_FOnA`S~M_YW)i+@|qX*FUEQb=H=?@BNJjQtw_aY%`H?++u^6?Z=i)_~Tk8LNYi4Zi9hPECIs;v&O|JycG%)Ulqi}GN#_wzT zk*kE@pm}wx&sfxIFm>gzw;4%qrSPjY+~Z)O9T9HXIjGybHl`=Y zKXJU(i74P%^JjFRD|6jWe}bS`{xH}-Chr^-;&*qr>%2O-&TAtqUD42xf2wLr=bW5O zF1>tu*QVA(`Ev*tTRSuGy>|S`_5bcE-{a|jhi}CHFYxsjV1R{&GF@numt0_Zg8T;n zySG4{(+emWgr1N(`p1SP`mfadt0dAWM0b2vs`&9sm{+c#?SLVIeCooXkX&zIoZ$i zot!+C#LURe^TA{bkhvu%PwP>6Uhwlw%;Z_u+CWoMC!Z|0Tsi+PxjPtSs$){~_lMSP z_x3$rg6#`3TB3M?UrYXZnzO=H)P@lklRU38vl>3+=+)u3!0G2_2)|9jZq(`-6eCGy;_njZ$oSK@@gsW&d}_bYhLdnUMUlLrr05Kl5gEL zF-3Rua!dqWL$Z@+8P8A=tk`3}-_Au%AEtwXz6t1Oa5Hi{Zbz`pz@pKhF`q*D1frz8(ooNaL7W zyGn8M_C*3652&Y9fsat%2q$V5-6wjYBb6vUTF#8bZY=lkW&RGAefpiUMhd``{jM<* zCp{A5qTM%YSEx?&ca^sbK~?9Re%^5InTnLp#Cdsmr+t!>*aE>u6ckcMis7pobuNK74I$Or_!M8HZJQ;Zjs8FGbSvI8(|tOlT;nPG9yr)1oYk-T@8YOtao z<+q$z+xm=Mh?n{zyd`QzHgJz8`R3!G+YjY3w_Tnc+cgsiQzqiNv?>#9^&w{s? zTh#r=T@9S@e{mprl<#dQ0x%{f<0Y+sTap)hX@LZoFa#|l#6!eMzD%^+NNDo9$rf;c!zTES_(P8 zln0by!P@2gthp?45m%7z=~X{`eSPdB4y_RvM9GA(?s&IvcK@ZDR5~?1;un3O+n77v zB}(oQ{KS6C$8h}d{WBSjw%)Z|wuoohr1(Xfxmh}PaKW2h&}le!m~-VgmT{~6VtGqM z5?^VDM#CNd8W%46S2*!>dEP)KLjHm9fxm?ptkpGY;rxHp$JXm|RLO_+RnN}hmQ)j= zzccL}BJ!4l*c1lEze6$-`)PSApiA4=G-2dBX;yw@5awK|Bog8n77q9;Qp}@&R+!L( zRicuS2vkhZxn}ni(T|TiNU>7dZ=!CPyZ&{Y_Ov$B{q>IUE4{cspgt1AUC(L;%#A?5 zGwZ8N;M?--tWQj>2AX@V^U#E)Cn{kPad`5$uJ!ga^J)*gG@Zl~mHG zzBkk@xxIYQr1%dv+ocjwv(%ip#TRIB6UA73w*{`-jMQ9SgW;W0R)|P{Gvkz9k-@=Z zlfeNsadUvV^e6uY;) zRlp*&@OkW@125H<^%w&9pp}r^4WSZ?M(e_6>YEXcy%=G(*4Ptgj?h!9!8nT2m6q{5 zzpodVhg>?$gFNcUT@8(y=J)lo&%OM@rtGu&p=CU~y^@{x-5OQVS%nSiU=D1|66`rAW(m4c^;uiCTRUhd*@mD*?4_mV}*&o~CfkPtDg zC~jF3g7y-tCCTg_hHS|09#)*(y?X#@Y@IT~bvIw5F#h2^`lC5gn!566$=h{6@Z0kd zpj@?S?_du~#%}|zX7;#G%mWYOi{NR$*@2-+bl9p@Ftdk{8}Kl5uZ{@-lqHLh2yNI% z4tNt^*y_jamceQ?{N2Fo>(OZ3W#jLaTKz>x?Xzp*4_o;GBfHFlwxm8rIY-PSzv5A3 z)v>g1-Z+dt>Znfdm!p$I3;f-7I{l#HXVZ_&uD6X+Pf>xBR}&YVqT4(=-bG*)$NMGU z@xs{WI9`~;iUdzkAck6ZS2E0Roi4jCA#&4Yv8OvV_acce;4@4_Nvskbv#*?-7}%>8 z0hhUqXK%}ANrDF#*XM7*Zc!gwLv1+latGySCdb>_)ev>{@Z2rfkzO8-ePHWEf06z# zjWQ}x6gILF)BvMd|4t6EKgG)@j@@TT)zN1VczR+&EGazvua_l;_78WwU0gr>HAGW_ z9Mr|QNo8YT(YI(v*m{OvA6sKjlVPXhJ+KA4kN%eLUi|5gEVl4_%0biE^=*A3@x>d& z?PEJ#Ac}C+j@rQYRuf8rjS?}q$_Ll>-75a}ue?0&A2_}CY5k^8LD!R-4y|&4Alq?3 z<4WuLs?9w_EB0BRn` zr7+7Z7Qg*To?!Mr`w1oh{iaqqIWmjTqaMI7@yRv{7d`X~j4DE8&hKja(snE8mQx$Uxi@8$C{{3Lh?a$#(tSW1$B;97`m3hdw zq7|h8?3k?2VnXuKKI9{iFsYDw7rgCM4Zm^G*%IzoJmP{ScRP9(2#5xwZ=tSiWpS$bmQJuFNOI6F6L z33Cma&WS3PS)G1ZzFf5?#(U;-lhtN>bNx|cc77zjRCv+7si)Ty_9wjHP%DK3(FQhI zleu_Wsgc-s^^@*3VdO^T>^E{_3a6+%Ua=0_gXazau0HyZk76N3nI|jqNU)hHZriBd z^|ifYrO)Wk22c@$#j=UUITaVwewRGkd0oO6_qzioemTbVhTSv#4KOqz`$nLMdGJEK<-HV%m?|w7cZRuTz%E9S*O(x-^Law z9GLi=!Y2jBZ;|s{EB%FGr_aoNDb0O3KIf&o&vxVjZAU0BqFwY)JxD-HnpZjR?_bf? z706k*3#-%aZVV{R@O{kbX3HFuTaG9;y$EaHkw~>rVb}H`pm9=-NYO7(}dCBQ7U1N`8wKLKe2*t zVM>@d+WyApaKh}3Vz1YnQZF`VCYtv-(`#1%RbJhq-nRPG3%tnFFTCW2FIiI1F0C^S zrz#=BJ(q(`91Z>Ct)F!`KTW?R2li-~)jXz!vXJj-bMFQ;+!8l-SeCSE(* zY%J9mx=U@Ad7-C^FHxL{#Z$E0B&JNa3cy7Jy!Z{J4r49&1pC-=5ii9E@tnquwX}yw zTF}oaLlLr&66d2oU3#AMr~m$@axd|Hx6j_CGhaP!DCcr=i(e_c(71@C3FU&o@snNI zjl~Ve=kTYDLd}Yr_$T6xX72wBT}H})p!3Xdz8ocdTk^E@BTA|;KYuz`ma?+AB~)#w zLfY_Eq^3KCi=)p69DT9|evNHEdjR(SEIYuwV2xyHZ^3JM$YBZ#irUWYc`rIC5-&Wj zAG{s?PdNYm@PQrmWg8+@two6Cx8YsVYDbd;ON*AP3JALqxhRPO?oYfE|8tU#J4yTh z4zEHx(9K2FuL``Xk8n#*41`?o*E?s|tdS+Y$hJNlZ>Fx60#@=l;@VBB9dUz8)rpD% zg`GJ#JO9yY!4O_N2mTYdgLW7N&oLc7|52ZJ*w0#KEh~S(wgAadSEpGv*p+E=Jl=t* zbs4wE*!>O_1Bdxgf{`J8#r#|XMB2z5Utumh)X#w(;j+$@6`JCO@lx?m38L}hIrcfC z&0EQI`;5<&>F5I*h;}gnCZ*YI9%UP0XQuhNZ0Q6m{TPQ(F5VP)!DU@Csvc_>R4#xP+uOMyw9_S+>Gp zNBrqSi{IuEAo6#&J6u^RXH_JAfj-Y=Gb6a?>S&)^TYwJnO8j|@oz2V)jeZT@27^|K zI<)!70G8DmzJOg!71>IlFv_RKe2U^QhyTw0kDhx2s|Mgo2e$sSB*ygx{jdrbiH?H8 z0y|;bEcU~}E3y;yi9S6hYDWCe0(gE80R8=SaQ4+bd4DF_E*|u>S*ifG<87lMiJwbx z_){lC!W26cvlHONuJ~jUW0ja;5n5k|0A2d~$6kE+s{PUI#-9CGCr7gYLAB7IWbU@( zbSzG-_xD?eEXgF!G0Ze(0jMQOBWfraOa!^N-UY@(GoEDIJ=uY~(fTalkir9<`|3i+rBBV) z-%9wQh4Ku#DLTIiIJwP=N-txz-iv&uWiL_KG*FZ6Ig^~L6&jpaISUlmI2o;ybTf-Y z^1gi*&u9OqpYf)o1gdiK2i+QaV5curUEJfnG(AFM75>(0(a%(oE>ZbjEri6+`5dB^ zMQY_iS`k&k)!72VR+~^nfk-Hb2a@0oe^vr&{ zx|Nam)=9G_qF!I^Hp+HqoIcl10GLFwMjPvMtXa;Bxwm+-!tS>5C0t^km?0iqtznH5 z=nlw-EK%4cPCA?h%vmXmtY@$4(Rxix!&-b2c_2>U({? z@2GDE9nS|)(PWza8L8BA0MMuv!aLm%p73>s6kHH&=T>g zN);>(KeZy=-*6evgc}&((i@B9YRETTNrlMVEAv9bV>p`{6cF7!RY(~vrcJI49~OUI8T9{&ZDd;)xa{urRD@|_zdxZ?=VE{@^!xEaFI)_F~8Rnl1L`e zjo)rRJ!tN6>F@5M@bMJ($KOv6nOj}@%%0_!`RSw0^0*uTdX)4Vi27 z`ndmEY9{IRXZ~x@jM3|MUd{Wi#{I*5tT_A*`Fl^)-17Te)Fe}EhyNY@JN(Er0)8MF zsqd{0pWb-tTZ1|HGLo~z+zp~)^-=;r(ghaMqdHt+_OEmseb17TcaAPEvIK}WBk;tv z{gzxuRGq}kxz;Mc+}-EkpLU@n0_LihxTjTA!xoMcJjnU-i9VzlqPWXU=Xm5qjz{im zDH?r4zvduMbEdSsa#NDG**ns8PQIu#=Urq&5CBj7o*mT2osThlg(a6c9Lu!poU%s4 zYirP%(%YM2vzUDsda=)VF*$I_>$+Rx&mp0hf(qxZuZpJeAWh*fF)XC5*1+uwosk~o zVrlTc>)4?*X5Hu|Y#0rUV1&`IJaOA=`-*I{2sS=`K4W_X+m8Rh_GngD>@hv)lIdd@ ztNk;nTw}Lk<}WyZA@91E4SGow)^383PNgRE(yKjb=TTAo#y;XM=U6)EwO0GLNXvW zqIO-)Ynk)uBb?d)MRUe?+-d*c$Cnr> zq3#jp{P4*CcNFVp7yPHk`2G{;xa{~Ey(9`x+sF8ZG`&5hO<+Ps<* z=96rpf%*a{SBLZfU{_b9&-4eSG&zS*s%I5m9%vDmgHANfbOAx4+~5jueRhOmFz3R zWCFnkWEbv!QZLOpnf|1{i2B@@-&!4f6{7!;)jCl!O2a174zVZwS%hOjK(RHFd>lz(piB4Zyd{{S4@9$_oZpa-79Hs=VJ6KoEzBIKe>njv7<6RpiBUIfvB_AwM8zn<+NvRqAa4tG638&WjOwr-*<4?**@si6ACSWIx z<5=r^W4yud7P%pD(aRjS-q(dOH1NH3*v|@`gIeqrdF9G0jbKzSW4FbP|7GoEPeEmL z*sE5F*>ZU;^M>!s?yk{K+mt}mhLTAT{GTYLsH7L3CWx4V@DyBwZQp+n%QF3ktMA2s z;MvL#vW$RdRLPuVz&kw` zJosYTz+t9iSl3CT<5v z-Z_~yoGpYb>+#}`KJ<&l3g6+;mia3W=4!tTnf!I1GRW38$5YBN%Fn@c>dvtt=Os}% zU%M$Au*V=iN?9N}Fsq(}_>m0l%WrvcPe08*{eY*WT>(tsXZ}P<{XMg**8G@#D!dy; zkvThQ*2`iGAVsh;&hc5ky6vZa*>n$1<>r?~UXMD&2KM}uo{c%n67)ZK7X5H%WJ#xe z-r6z=p0ifZ@!~)0Csw@Ky*=sPR`7%AJ5llry)W)((G};}^saCmA_L$~4%igwz`;NK zBP9!64L9+VUT#hX_S6-}&64S z8R%h^pPG7p-1o zYqU34vS=*Um2aG@U9escR!lNitrf1aowO4M$=n;FTa>XmxP~7f_3MtMogwTKelk_i;-Q4Ojb=I&f zpJUN$%VXMd)1zBJGH>8}CcxQBN@x-ssqY?B%y#(ym&1RP<`C*g{b7F3Ro}RjP=kJt zy^M!*VR8v>N4A&>3&pBspXL6?;jeubzmkmOkF|n2$^k#p-1r%o$fY1kV6AH`?o9BOdEq z>;ta!Hq&hkY~c6eOEk*4yJ#C|yTS3-sx7k_c-w;qlrN1bSZ}OBIFAEMx^_~0YWv)_ z;}*Q(E<5C6!sxmhE|VF#+xm1$Jh=}Qt&<13+HFxSW;0-Nwz6>p#+W!P&D{rvpDKS@7Z zk10sYe`!f(3 zlS>liKn_zQDny@1K8{fv%w8Pxg!$3($r7}>)oIZhtSSnH^{}m{U^^~`w(F7j#F>%! zlqNZlw36n_2e=gm?rKw+#CQ%utqI)qO5+a@WDh*9lnkG z>lA@ZfO5WfYfGPzTT|z#1_h%1{&74Y>6ub*0={c8k!VFV$oH6 zm=qt#2naWA)DI*X{G6lQn)RQGk1ZFfK2%?d9>Xd8$IIKPz>80w5s6>g6!G1!ZA;r3 zu*+fv8<4MpUfidV1#3k*Yvgt#QcwX6H}*L{reV6T2U234vWyTGr%B_7uPwZ)4!)5n z3I69i%uD@O%O|jY@NUA(-Z6JxUVZ#)Ym4N^?nM&SkMJQJzkNL`AzS~XE-Kq*>dT<5 z=fc}k^<_K5gu;X0G$D);KjLV}&?m`Th|b7B!WvSeNk3NvAdoe-0vTA^Xb1p4o}-`Y z&+;b6&mAJy#AhLCYYScyDL*?L{n!CJwq|nt#v>Jz<5Q26Mq;V(wmpK2)*5}7=7zWJ z1;YBO=L2^wr4^t4J8rwp9zLiazP5fiZR`yn;GB%e=3m4d*>hQW_Ex76RcdWELLk-hJ9+xr@CHQIa&Pu zBgfz8h{r5=+YTW7-S!#&Zhzs|%kxOi1fqo*iz7OI&t~R$FEJkCODh{iNY@5!nD@#H{BZkCUOMME|J8<8XVibMBKXPa9N#X4H5b4NLb=4Fn9c2 zwA{|srGkhCOd!c4F`qtGS*|Dl3&;wpv9KO={T33Bh z7w6ZW(Y(N)CaHcSTNeaY)sV&f#EQfc1J&`&aUDrLR{a*+tY3?TkeFS_t2#7mHiX(K z7q6^_A#=4fTS41Q1*O)_)!@u+>ytAjfPm4O#Ml4?tRdhFUuMh*3Nl6^BB%jkv*XJQ z){&9z@TZja-h9WlEUx3Tn{QA;t$Z3y(12BuHDrc>Geujme1DQ6bZw?12kxhFkU%n6 zk3bX`U~<$SuIVP~7CDuzFL3v~cC|bC1vj~(+fz13n#=WTa^=cr%XmL}dYj(&e_~Rn zuE=bOkFmdfNZ394BuVRvB8;7REt7LaV{WaKCkF0&hiYbh5e34u0-dS9dy9@qXafwn zygLX{*g9|Ye_x-NpF1RN29Y)i%TXwC+^m^o7BAdARlBcj=8R3~aXfZ& zx@pSq%k5!m6wIMVzcMe8#81ncNOUaf7su1j1#gGwmPF7}{lcQ`FD$9Te*a;4CBLwy z_^6vKFx3 zOJdYMYMLBB_hlz?v`273XQ5Kgup)R6qbyvumD^n-aXe+T9eWi~qMKWX^AB0MwW3QD{`WdUn?Ax%=k~xlsvF|cPsyhDBi$?nV3&UQZ?^uXp@5D>i} zV&L2T8s9#sXgOn^#SxyUV5O@)|Axh03n%U9FE?gUFxENn8mdJQvdtgGFk^`rip;A zgD{q#ZLGDr?eMl&>&rGpxEM6LAlpEHWvO+o1Q6p!_)WNy?`TRbC$q;L4c@jl!(|`W z4}Z3sp}L)+X3`!qY5wNfE;z;$j{U=)cNVuzj5>5PTQE8&US&hXPEHiy;F00YJ*y)B zCY!%!jTxCgQ*DGfZ3j0~uaqO%o_mAAw+}xzDVJ>rN!b#Cx_AFgCmZTJA$H03zLhRQuyU=0#-8R)|DdrKyJ?KEdUf2aezg#Fi20K~qaNSn zj<*ZTYAstyA5R&^%$5;}d*+H=8m_|X z<1;*_mYJ!pTIPlwS$mrE_S#IR*ZbT8`O@ZM6Kw{#w9Bt1tpK?F`TweFVTWqof5nzP zbeUh)rSJCB8_X7$zN=^YDnH#bzbD=F#}&(*4XEZPC{Td++I|^$@3A=@yrylBO+ENH zjj{UUAL^%S-k6(QQ}gDN3M0rfSNW-0+Kfk8^U!WPzsxE%lcly+tBPbU?;xYqj}LKR z)ZPpjr7GReuSz-KZ_}s@Fh_rtrg|&=EuqP$2k}4k>a#RvF85n<_%1#UlRircTZp@D zn0f3F-~5U`4Px4fOY?Eam0sK5L-w12AVU+UMtffwM=MppJZ?=`juwRexJH}5PZAQA(i@Q_p z`sb%tngK37*fagG#&@>B2U-hgM_wNcEL*h!t!raW$OP?-`X! z{ZtDnN6%fU)O~tQ6kequ<3SoUz5b}RZ;#X!D}HC!RWtKZZEd!i3Vw5C{n4==vi|UY z--)*VHi(VTZu$F(e{^V;-N00^xxqdI9+0sx zds$>?eqw*2G&kk2Mo)XZ3xNm5q^4&<6lEGbv3@`9@Rv_kaYl! z$Rt~Xo)S~7`S3+s$((E>e;2K&5i`cs|Br{LAK9P#5B#K{Uq9()km?`lAbsIRpVPSX zX~>SbgK_-g+`&lxAMSVN==8nE0ZxzmQ?;YWm1 zPd%>bR`x^^3#6Mt7cNm{@y{p}iPxZ4@S3dtzG`1!QD2&`j~Bde7NT?0q8XTHCc!kkn!P*8wAnkA5=B`)!=`8#atzDG#43*pUvs^`-W>E;RO z(`->a7TCDI%+ahF<7$7bDzko!@XJ@6>GXM~*qrRzxLo9IwkiF9Y!@No(bQ81WrIqWU_pCoe> z@)ScSB^cu<{*g$oVBCRH>&a8|HKMA50S;+w(J)e(2D3)`e<+8zY;8iqmIMNR5#&86HXHUjIhtMj#*on|^!L0_qay2Y-7KB3AzC=h3T zbFx(8wQc##U>m$-m{b&d`qaw==EvjU21O2w;-VQnTr}%kq|suox7$%4_@8a{v7xf( zu<~Tgp;xoh6a6=Dg!~z4F7e&xs4J*cWL@S` zWE~p&WVe123wgnSRW;OVmTI-5xYLV9G_E?B=k%d9T2D%#ORELd`fcqWw>`{xV8+|a z(NT_|5?aYsStknYv7<_qODH7E2=|<{5h)#bx8g?Tp1vZ7vJBMM@{%(VG}QJucF6UA z{+|VI4_5(eA4t7w^@(uxkY)w$@%jVVRM;qQGP%l|$?hgjw0i<87x=ul3^k&^p}<(( z@oq-A=-%k9qyp_ft`|T-g=DE8Oa!<;W4jM;`+I%a-zO)=_KQ@#6%N$BRQpF|cAuvt zZY)ISl&%ld{k1;7BT}`Q_zCZatM(HSVZTN!Xw79C>tj3Y{Vv}4m>trYM zxJ^v$Dy~^Rl%`V3(3Ty--O(M#$<%R9of34{<*HI@3A*hyk zeYe-T4KqYLBHY*R#UVfE@G17&VSf5^Mg=9NlW!9A587-MrsoRNb0v5!p#j{Ds;-lE zQl}V#g`;>53}83Jv%c$j2DZvR;RF}ofNHBElmJVd{`lVf|*=z4=c%uEX_ zMIR6gVDUTkXMavWB#D8Cy{=6<6j!!Q+H=XLyF0A^kK;cYe~v4`nACSsIV552Bad5X z+j@&@1<_H$xnL8M*4J&;RLh$bo4PqTDKU0)w0iIhO!=1nlVbxnYyMvX8Q5mQk`bd zg(?L9fs~5jE;;a7f_hNvBTd(2HlEtQX$Ek9*;*-!?^QdAl7ww;of8ABFHTq{%Y(ID zof@ecNGvSf$ispze*5+!=w*A*t9s>ICs^^$DTA-uUX#Wcr@DN*vljzpeZTQ5eGHE*nx^PpWD{VIc0=^tWm;5sBq zp+j>Mz{>}p&JoXZ{m*tbgZ`9f^>2QDCti7R>lP?V)s)koSrjXg>rJs+_RE$E^Y3!C z_Y9m!C^5(X4lkE{fIxwN8;_2AzrmC5EHDjDV!p7R3KNAdz2%FhW6b4B4$vtu+;RP_lZS2bsHMl zEL+MxXnmP|=}~)Uh8w1T80Z2VVBdK4A0yg4gweS9XBiR^hBlHdm}6 z1(@8Y?#DHD>+FHyL_ukCQetQyNabr_B8sum4ae2EtF5%Un0lUi1e0^?tAD@U46UzC zT3?&8ERycb^)gIY9#B~(?C}zBC{J=g0A>_jmyjQc{A7x0dZVTl(@0l}me=t;NvURnyIrqIPOfkie3IrVrNp&Ak? z^gd$gAf{@$H~k3F`cF3R40i>YNXY)$-%V3h*?w6i7fh5%-j}g?*&DtFhe!?#=mLpA z8>$5hD{a{QD^7?aNI9q2*}jf>`=QuCBeUGm$B-)5Vx`Cn@i)UgU}_fD9^Au%HQI3x zhI#mU-9K*G$Kx;Nu#aE-;Yb%9JQw&mKHFP#n=aDdsx5b*tN|~JFE5uPCr^B?Ae>ik zSZFz!_*=E>TLsC**HkzF$m4?so<>7jczDF;hcIjO16YYO4e4V0Q&+YAj=p@WTYQPm zhW6;PJTgU9QDPxGnq2e446|6tleuUOXh;r+emBD&ifmF_ zIdsPOkZQj0EPrlwRg{m&vWGgpF8k#t`GbfjWcIdvVrFX8Ln)KvDd6UZWGQ$A!ki`+ z^CO5;pp}1gu;hC7SotksFYxpxr7uB;UKig(~8X=HUDS=rp6x9wf#bM!TA zsn|w)6*(K#hVDs=qCtJnox@iD;ij||y)2h;`tcsUNJWqkySYn7e&*P?;13CYf2X3` zf)ca3>^1|(!Qq>|EqisIm;1WU@`x@^P^Oo>ZEtyHFUf@U%2PGKlpaiEc{xDnJD0^h zz4aM=_5yX=B|QhC-_cw2u#=;Ac4Od(*TpUBTRf~iaS%{;fQ!)!=eH;Fk`wUX?el>b zSkaZ{W-xt%N)j5(E3y$NmBb?yUgCfoO`lro_i? zVgLW$l-SrUl6X)AJdc_%Nc|gUMF~<$<%jb^tgBJhRQTBcL)x3bS6N*D|4B$NAn}Gx zBcKM2ZD`dd3YLhe39>wa3x-8Ou?h-^ihv=3ATEhF2-oXvudP~_E_Ux%+p5)C0<9)s z*{o&JDoX2Gb>g)ZwPpQj{_oGsbGLxh{>w{qpXZsGGiS~@bLPyMGc%~jagq96jXE9r z@3_7(0{?#0gebEcbZvJAAolKkYz4^tRtC9rfml^6RfhV2Bq?&}_}}3=XuPbWA2JH9 zf{{ogCX_YEvNuhr*e18pxAlp{)+$ga?<5|}?LB*9hx6;zV%MMJZ5&xhvh5>|bXXv6 zYJbPQGDo)g4vZ@NbN&Z4%q-vqwVfEIrQaX;LxvRe>LLa7fBauhY1|9FKU4g7@&Es| z|F)0JYTq%-?)boMmkB1Q%#&w!0{iz@{GKM+eU)a+U-6CF@c~Oc(1L?rn*~y4T{h>e z;vsqOlvpw(B*((XAyX5Xx*fNOV*k>8L!4ZjGch_SrzZT2bu7kkrS!%BN_-WYr4XhG zEPU1M-BA;2tHO&{)BN|WtbMSl-@1;sEUEifm&q@y0JiWw;*vezN%nOjjvkO{4&>>; zlmW#+hVNM7UYil6LQ+*QntP^lL00}NbZCl{nir#MDYoOr>?KUEr$K?ORC*QXbQGDXC>xYEbH~7;5ZDf z30qI8It0DK_KyU~4xynHT(jYB47PkV)U4%^fpO5T#K5@aN2059=%ODVNMtp4DrX`* zqs6}9S!p-RcyvNB&4t3MSJaOLgx03CkWhTKRvF<|iJ4c;bj zyMJe^>ruX0rpTsvz8R&8q+(Mx>c8ZjStKTuE-|c@b2)))<#ksZQ_Zw@n zcVa1a)&xdzp85tn)3`kT@S3-AqwU;*QLn|w+m44d{#$?i(}}-RARiZFe~j>aZL#(N zPfF>hgu~fi>1OsBFFuUJ*1U)xvS`qj? z-hTUtFF89H9RtD}8h+6+N2=4B_(A-1nD|f0#Q(mo_YmxZHPPjOKG?9Uqnw=S8o>HT zmeKc%)8-DE?&L$O_Kxn{4vf9OG+?auN4A`qZCcdBldry5=#2Azn>^GaavInC0n5ER zu_^JRyp6baK~m=XVa;_Xh^NmxR1h!jf^s_ge-e%f3EdOVO|Uu;`kqr+2&t&f1Pwtw z3SJ|{S_E*9u@0;K&YfxH+Vlj%ZAtDt5lZmO%(6*87G{n{mB4qzg`X&(Ctf2v_hjALl+^V z=xfKEUlaZB)6Ry$3Ul1MjmEcC+le5J#{%_9Gc;SX3H1}$+Ax#`CUk-q z7_}wF;)Re4Mys>ON6%$UZl}R`gJJY`b`#mV{*d9#)vK$(0zz#HvQ~(*l z|JN`FNtD#PSriT}O{87lq@pREepCW15OUsc;2(TO16zA2x73F-_qvciB)XZL4sZCSiS}f8; zr^U?t*VQcZ3sj|Mqth^_bd374iQ|a=^m(y1-}Bid^K>=ga=*0Ljm; zDko8u`F5%vbEV%D?hg_Cz-_ZMeGR?usSR#^ua?((SSRzu=$WFybo{dYN9p3jJ>0s> z^*N2q$)b5bdJNJId;1gIaFK$4pRe@I4W+C1?dy;IbHXp*AoX|O^VbO9Ws*jj{(n|B z29=dLf?j6fTp~CH@5Ns?6-cF$mj&Q0#1tH@yc~_Z`db5zpYr>Yu31w< zcisC2bIabrt6w?k=^O^PO~D~My-Ga?LIY_5Gk*?$KQZ2ILS!KEwe{r_Dy9@Rd^DkA zd{M*uH5D_88{VmjOeuBq*U*9Dz{*`34Jux0_%rd35Ai&j!*oW-IfB&4t0+2N@+j^9 z$6IQ@A}-vKD3HM4F~to6m_nMX)y4z35D_TEPF|Bp9}Op`1uMpZM6hBcNO%=DfJ87d zxfJ&Y^`A_g1Xwq)YTL0B!J|zm18e_2fU^(I(GP4+=lQS;S*p0=MJ|DSkv@e4vl@gQ zQh!|PI#S{YBEW@mOZN2lfl;Tq>u>Y)|^wcWFz&q%I6We$tH(pw9r==CTb)>I=4 z^h%mc>>Z_XvQ5vY>#avTV%|!&f_*Q1RFLcRF_B)v$9}3v2hUf%Rh_7FZ@IiKceY#yV&!?*Xyzgvjjm zKs>E|LdDxa%d;zFJ5vQ+sos=om6VuwZvz{y8@-o)j@yX%y1Npc+$s}0maB6Wi~XhQ zOJ!#AOutvAY)tEpl?0Sp`7i63nC6*vD#G>OO;kevEmi+5mVd4|7Rj6S%P5BD1>d@5LaSsnIRy>aBGt(cSSkB4QzlYdFB3IB-(<%Rp3vz z@+~Ao_7<4L6X!ZZrbkv_dz+feS?MoH)31TsesM_q!m0gn-2$PTln!Db!ud|;Az7CT zuR@`92^&}?iO8k~>^!nun$K=PB<<4tQZIYDjQadC9t!m^oCjRQ7n5T>zP1sJ*QB-c zSRp9nsmWJ(4odF3k^t8dhyMp`)Q@S%Fe@(Oh+7`mKkGLnsnIhZ9RGfBNc&=uf*(Ev z|ESSYZxqZkTVJ!xDdZkyFMEy8pY7->_%nIPCIWxOp>bfqH4z1~5c5n9ebbfiXMTnR z`y4X&!!}#R8xK>(9lUjIR*{-ze)DzMa>)I*+Fw^l6W#v0C#2_^-(RGk@Gnc|={M^C z60Tr(FA?I#7NAmc8*Q0j*w5YL@+Dy6u-r zz+^EMI@~M^4Ky^gE(a}$JUvG?pp+@bqRJv$&=>J#G-t4ADe?FeGu5xc4Mr~sl~#*w z#?Dba(I|f1*_Zaz*v2}qN|>_OKk2k#8MOjQSjJ3#^$%t}p`Y*_B{qqrXh*6$N~S9- zwG3CH@_SJ~Q@B@&^zW`qlBcIPA~1=I?IS+bo1YOg*5eklJ#50Q&^X+_rkLvN_+*yz z1ui7*oM&gGtD#uOz%CBqO!2k$!;&Fg?UPIBCL`_okeTtAv;Um+WBvrX@hvGJPX2$U z)_1Wn;X9q+yFYiGz^~D(t9g^Nq_5b2z z|6eBoZGPX%Y512;cAyb$?2U(S=t+txOZX4ajx&F=HLTSWLR4bz#%#lzlrpLOR zRDhM!8vhS?nkUF!$sLYC2BrU`Osqvu$ISuD2 zmc+IZMPS=p@$${*1g5pIWca1_z_iW!efFckWw^EOvcNtHOwai!&^yP=9+w}VdPs3} zQp3rK@`scOJo2n9H|QgR{$}S+g?vs$05uz^*3C)$Z!3$AoQ`cC-ig)HGjP{o z@4#07!U2&n|FUO3N5T)nRQzw7Irxw}X-^AgnXgD}kZ`Aqu+TOh#6mlbucrQXWtJK= zn=kTP8vjwk|9hfk?fb=&Q@4H`i>!(XerSJp&az2PNUbN{eDT?wtd_P08+=%bGlVLg zTPXDui$(6c5vZYqIf0hn0tuf|phZrkn#g4w-WrmbZXe5?hJXf-sX*dRUF#Drl!2o) zo>;6^eb~-!SKh9Ca`;LwS@jZ&tQEXb(XpJ?YC$Lb*P+hrz>0-*;Ka4UftFdkC9W2Z zxu{kK$1*RHT&@2+yZAH~=XQoFXZ|EgEGdVv z_uCoIGgmGZ71SK-7f(HfcbbhiD6Q#UixlRxIs1pgGH>c4#PI~ano}R*17k~}8TfNv zm;9JNce+fowvy=!WOC#8+LcMcEu88TzC-q%>uR=tOv#)Z*y~Ut+>R3If8ph7;jl6K zsaUsUFcF9OcAHdExteo?CFmDBlbtxXe9(`X9H>To_V*9z(itCY{j;f`8R2}iE4)R; z+S5A{ioARe9>{dv&5_Ee?{#;ereo62Hw6~6AvehUe`9Vt*jRLGL1+4UtJKZXWuKw7 z@Gl*loGy)Ndg}`0H_^YfI1P@C!f}ysTqJW#9X#2!y%-ES@rNkT8t&2#YT7P6vwK3VY=6;Q=aenz_fe9$r4s$-p9`od5B38oSG(V>m@ju#rEFSyz0W{nFUGN&X&2h!vD&TX) zjCsHk_22agrVRTD4SZBz!L-mQ;KmGgnJ&1UOufXpLS>5Z)pXaNS@3}MO^t68hJtUpfwJfM`Q$6=xOXyd{E$>P}|Y z?f`F~F8lT+%!CMG z-WTr!1eUcbb}!B&s$yw3`}x_7*4;h}>i1CVCO2iY&Z-3K!!!2=)0^mvD9$~*J~}W( z>n=@C(*JPh%S(Xi99rnuSd}kQ=oX+t{f1w*r}D4PLMhO{KN5d!6v0uU%D+A!8>E*A zj=~vR9E&s48;e}-w_$^rac0W`u;tQ%jbn=}*raTv^_dOh(_7Rr?X%m^MRIh8FuT6O zo3t3t(vvD0@*z&&{F@uJ;zWQ&>d(wiiz&?Bs0D%23!?qFd*(ph0LY=H^Z~`LU@JD=bo}B| zwWGv~>`$X^At-Hk{{M&2+2p8iq#i(N1r}7CDykLDijb#APw_#|*^A-S}zI9Rd0CUC))3DIfn zipM|pZf=b|y6eDrw*7E859jT-zmaQl?8b~l+ifdsyQ$vm#5ijadeqP9VOS?nUX+zu zLE?r(osKj4N~7atG`PN0?X!)!MVUpc@N6|Ey#x^_Dp7xmrHU@?wd4rra{PaKzMW_` z8+GVKmvQLrfxsP_7zb|cC(z-WfqHB(GO>^jy-yvMjt${ zX7KuP(cA&_jlfDp3psfEy}$)qYxZ)Mr)5V?`+i8dy~a@|&@xmRp^zKDb}f;VThT(v zI^hw=I|`HyNi4P_ffn;Hb-)eZ+x9oTFcQ@MI)34a#a3IJv;HAHJyq+e%of;NqmHZj zhM1E>uaTW_M5r$_4|?LF9Y49>C3N;4B2ly`)R-9&j|NoKBg$?=30KuT>W{& z0^7%#bmmx_X`eZUUsL1ftmc>XDf`xD&f?en`cCK;%{z4)gMJ@qh<!|1>uveFo{~MF)4{4yNwxu)%(AJk*#lwWCDdgr#cj2<8_@ zK7ZBe*Od~PjQDKnX+(|9D#R&8S&L=R+J+j82`v1ZRLFiuk_WMer=9%|vNYn{`(z>; zC8stIpWyQ#alDihaRV#=3FX&R`*IRhY+t%YZge&#L>k#2=2h%( zSR}1o>urCR7^5|^TD-t0c7tg7GjhVgZ0%m&hdg#;>ae06lR5vrL|5VVXgTmsP;08_ z1>J1FFk=@xLRDE|6h<4ol_RM!sNP5!J4!_JzIrFn&XIDZJQH}*%T$C(O0O;4dZ7<& z!?)3e^SqT_Va(jIfh7XlXiCHbYD$fDp7tWpn;Tr&#Z3e71?2AbqE(1*kjdgos!oY< zV$$f_za!I`+7awBN;>`p9REN*HGhbB#cCOAmL0_yuBVEqQ2Hg7`-ZSCFC&(9jf3&i zT`+*N@6(@!`*;gut6zTxa)bEMK7(rK_V;3)W2im6;cCL%D zU4y>TP$HJFl1V7m%HI5JUO66Zm3PlKVbHQRv72N}4$;xI#2Om(zYz?6wo`O$??SpX z`}q_{KU9+ZRM;2AAeBMCz{>j&Ug8`IX%d6llF7om*0ENtWB*$H*CJC238k3DPh$LY z_}5no9oF)?;Q!(`z`ylr;qQ_+BSpnDPr{_O6r+}$lUKsSn#BuS%DfkO6kYnBg8c=3@{9m^y6BRG$)aMJb1TDEh0MjgKv?2 z+&B3%#{rr60~F3F0&*9Xz-naEbe!i?RO3s>+QU&bHB*s%E?JIlNt4Z%ECO8_Fe37Q zLa$TpnXm`?Dli11vV)g(rrnaLiiALIW1pUldSu_vwlpTw|36ulwYrFj4ZVNmA0TJX zcSKHK3>2RxoQEZF?zlE{F5>GynwW{B^%l!bj61VB8|ST^w5CL>(5#DCVorGkVrpJx z9=pp?l7ZV4n;$!s{nZP6TAOc?T;66Pd^hhvUXy)?1#rx#d8?+G0IFg58FC4gK`u~{*c}z^w@6vuL~u>N@#x`O(pqf(!tw@^ z^Xe*aEfB8HNR+Hl$umdN!<}QYIAfQj|MQc|to{Fh+PjCQn%<6Je|-rUeaYyLzt_{~ zuB}SFXL6;>wZzBA>^uZraew{ET!uL%o8v;V>Q0Pbs&xql-s!7Z?ze>D80d5+c&WcZ|H+iN8?seY&D9Bpqut)wXd^{ zvoo_6_l_S=%kpf)IN#7}za*Z*pw!`3lEm$}1a8L&x2xfUX>obVl4w1?FdeNV18o1D z36|-;72VSn&Tp!GJc1n4Gpv2!>Gs~{_AGTp-3_Iw{Fn3D?Hr&9U3@-IFF>!H#CPUEtoHo_PBcsN;qX3g@Lhg$zi!K_=ZYpOiU)<4{%d!A(`v*Vzt@+5s~IJG7+20}JH zNJc9Ki~0zwRWtPiQ{6ljsr_kh9bb`KVqU07x)84qCtZkXc_Yn72A0G)^8xy?|Lwbs zVYH-5;|smh<0P+S_CU&=ZvW@WJGzoS6YpT5YHZ?K7d`I~% z=ARz1#$S~BFJ;+wn``GL^Y-3EsHzT6#}sk4OU0HOU-0q-%AA7UR`Z54!c?(!k{vNy z0#UoMB=UrXW93(|_;9q2n1AbSy;K&GVqz2L7YrO@V>25V&6CwwgO3SDG5Gz|i!82f z>CTQbd2hNAh}P?v>d@$k^4vg&{m4B?p-0=iy z*&WsFbZ=5%pi%xn}_0#Dc_vwf8Jpff8{DhqCebvvuKDuRFL+atBp{|E0(-Jw9>&S)^cM3;TUGH=HBeF7Jmc z77cHjG%6}TLo@?uyn=Bs~2T!Zq?s==GP_Ok&DO8@ z@wED-El@|0m%F3Pfz?j0BY@I6c0$d@TA60nzFCuAnN>6@T4+wDTG5X(yvFZIR+;e- z+Fw_n-@LyAsx=(d(#;+xR=y*&e`$Sz?H_(pZcDfL8JKNYGXZ22?CyV%A`n)itNlg; z?)1OqW0mZdC>O^R-dfMjZO-J|WcMS<>{(uncc{(6SETO_GUaGWu8GekIkz^*xwShE zc!A;Cdrokx|B{8WEd`}WPy}G7!b++wgc^1Z>B5T*Hrr?%cRK*m@#W95GO)#T9&nb> zIvQ|5>z!OmAAf69gHz8V7$M@HI{+FUmPv-(8kY25E%Uq3!KDi4t<{MKnD5~Yw$Fjr z?qJ}t92(F*x`pc?w}JxFTWzBhl+=@?b?|pI!AO0Bkv_yJXV?FM!+PphcdR3G%jSmZ zvDhfQJk<(R<-lo;r1A4Y2kRON^eLyV4|T`l-Go73ed$IfH8nnfO!{8eaE!iZ^Ie7w zCTJT&O~aR+*Cv`*)>DJW^A@M42a@9{+>}`+Z0#T9kXFQkD|1jxIZKQAn+^RW_bx2V zB9wZiBb|3HqoUxLFU*72(Y$-LX|A; zh)Ll(G@vozVg(rg(u)n#amh{O&goTr&kB4a+g7%0ItEY`_X~fdxz)yIB_d>aF2u(p%X6{RuB%@H#&}1{Yflgp$QzXXx2nYUgy7_3`WE ztX3p2II8ZoPdfEdEGuIWaWVoyM92lVIN7%rsQJscL=vf`%v?hmiTY|sjJm`7 zLht5`>aj7jHJ<>TWra9}A?DlEU0v+PU&Mw5ai9_ia0pZYNf2a`jhd4SduwLt|Jp@2Lvdr0MZc8JEHWvuS)hG;Y6aaW#C zNq5K9FYi``kvimMXc2+*UicCg6|^Jl zg_p3uxxe(j__8c7oLizeuYC1t8-P%_T8{!x2dpA~W+-b8foa%q!=~SqHZiawnD_O6 z0)viX=gPy8wW{^z|Jdy7m-s@eM1+b&GjscLnikFb^}F&qLqSJ29ljxo;vuxKlzdSu%(zze( zKlnGC{qWHt`~!TnVC%AImhUZmtT(0tgMJz#VDVG$tCpGZXw>ej5DUbLhbCvpY!qH0O-?`zOZ9SKa)6Q$9b$Ptze0wZtz$ zbFJ2U9$r`8_ObUc6aay&EPiYKUr)ax&2&8|eAEk7HquX6k-Szz>xvyWVOwvv=bp!F zum-~08K|o`MWt$FAj_qZFDrgJK_E>VesXgZc2{h<=~!>|uAxu9bnB}F&!>pD_dRX{ z>Z6GA?Q62O+&{v*a@Yq;qk!KNXpyb5x(XQKmymz9Vs>(+IML{zV)*XeS-yi#!~m7Q zxBxUg8c3_F$@cfO2i|UWs5PF*w9Q1i>CE}5SOW);(fT2dsy*##pdr5(iJy9s> zWME+pP5W8ZxdC4W4EkqzQa~<3;1W9|=nKO+zX-j>sh1mWRee-6m8%`wI^5DcXRd8% zvfs_!bCZ(OCj|q^smy^~4JGO=KA)PO5&LxRQkO4aHPr-{QcE;%%zh*V%|!fFll41I z^{#9)U%A;P=DnYkFy?=xn|oZTTMl4P9;Z@&{5tNk^SS@90wM-(`v>13D)Z-kJW&x- zQMdf~L~fJP*s^(QjHB10l{1zwnfoe&(D1a=KX#y@*$_4ue^?}(2kES2d66;2(Ejxv z+M&m(bkR#oMtRX2wb1EzM(fshw5L!pRUx=28PkGl^t;*{NJbjb%d+Zo%iH1uOf@@y z{VY$VvOrU!Sw?A6HxEBDasAWHG=UXsgkwjp^gFiN^sWSMtsoA{hOf!b@h3n14|nQhR2^4US8%!W)u?w`%?~YPYrko;2=}i z0E}o}b?-zt)GW9OnuEmI3vUFoN8zG*)@6G_XPH}89+;6p)oNIcu26808JWP_&TnPX zK$k%s<1>c}hdX4+{$p+Kh(-sPcO`+8=7x^IoXc+6v=3Z&XHO`Ca+Ri11qoK zFE^~63#94|xmlM6*-{q_7Yw4DgsWCmpWaltqmHWUC)qQtPgU_q!JXZ;c{$MmR5=u} zTDK^Ro^Qe_EZ(Wlz@k_pQ-zhGUAqO3k;wT~`|~V5a*5%&KOR-A4@;R;5Botg*SimQ z9>i$goxHUwO=rzUhmAb3il^tzntOC$SWr{KSL8uRB5!Ac>Y&KMxyRsraw~nNhuz=6 zEK&U*MX=;t2>Z+%QnNwwhI1KbA**R0lBDK|ne8Y{w!@t-*KYnj9*2~0GvkAac%e7= zMu+%*6jfIup((sLL()}Ck(qJoAyU%8Ch$Z@)%aM7ytw^^uXU&O&F@dQMEIrKEXVk$ z{W#w0Yv$B!_*qU&OU$Pf_hs~rTt=G7c|UK zo+|sro3&u}{5f^DYV9x-@0nA5*Mevr=-2=9LDj#G#<}|2yZQC6=D|ELTJ;AP&YB&( z`U(#Gx~s%a7M`k`Rkv((V>Pg!C}D{)1zX9j%n{T!#a~(Ivy;#l3p%GTR9?e_)^EGO zpIUMYjkCa~S;TKk0l&25mIP#TiiO)N3HKDi?G4-k!uoAOCEWZPK zUe;6K?sZymT-CqtLi+QXS+keST6DEUV`|AXZw*hrXiP1+R71=(yC_B%G4rX`@_bUR zxG-he;`%w)jcE{FUK65g-1~wn_2muwrT*%L3(C$q+crjiMlnEnTl?q*0hmq*N2sz| zngm~2IIj^5tpF_K!3iRKOY(BKej9FMWI>*8Z>!cUgVCa+>zxI zJH&%I#v&uIqZiD^%9>hoy|-p|66Vwr4lP&B7-HAA9^=|*_H)8YsPat&-HBIq0_1Rk zT&wtrP~|B+X9ZfUmQX9svqW6F_{_`I7gSTwTVtQC%A8tqfut{J_o_(xrh>O^{=aQI zr%kCw9xhlSejH^%Etyj{f7YT!Ry!SIzs#OIXK}-PCwRx|3$#$)1aoZvH6twcB}wcT zcdqpH2M@9@s=%L4zR)sh&gEClv10KDi^kOp><2dc-&JA<&^4eTIk61bpgak&P=TZn zZqRu(ZrZOY{ZckY$e6U_Nb@rqUKF$Ohf5i`iYaFNA7S%1BD^8w;f?YT_so@y@N0pqF)Nr@Ewg*~@1aD34 z!liTSCeOJ_1t)oHuDTipS2u-@uG7}nEM7Ecf%vG`nckX)>*h>cSbw#xWgdF;%2`r= zpreZe5XwodU$oe5HM6;^EjfOE-+t5qF46w+xf)aMDrwTU=m{+!jpx-}gYHFI>}Tr( zG&!B@xuBm_$-eW*ZB49F`@lr7N|Qhq>6jIJ;d7l6h@NS2DU{XY->-FWaB_T~er?+L z?h~&08POAS?8xuti9v8>;i1!bXTMra8+w0{{8RJ1sQ!R-nZ=a{hjb+G2Roe!!WfPD z<%O}dNVUEz8AG5=6p*P&Vf?deQW!H|EzYX%j%R&yyv{m7hTFfM{mW!1uh<8lvf%fW)ZDd=$?*SYqxtlbxtuSqIoMg{blrPoU0<^k?G})+*G-_K7?mF zRo2`;5X$`fP|CQOmZOhUV5SeasdB+pD6Ck+G985j@{xlp;hj$rBs0rYr!fEi)hRlF zy0t&8XO{S&NS=2{(eA0DSAJGeJ42uEJD53vCEsitfKkCYL-`$Jk~0*C|92ez5LWIn z_{%&nug6O=`f^Jw{p~EI$O<4VE$+smyVGxJ^xruzqZPjW-By3*hP+vGqw;nX{Ov`- z^ye1VJ{@sll7IK6mrwZV%mA?NxG;%umkF-J|3-~j8S)8|wGvN$gZ}SS{nDys>RHIz%b$BQ^KS7n>_ z*+Mh#+!JwFTnw_V>T?yX8+v{*|cmI69&Qp zb>DF~uMhQ_F!Me0cLwlq-kVoM9k=|=k(P5F9iU-{*sbVe6o{la-%K8m?C6ioPO_8g z+3BBmDqkq}&+SqV>B9!XQ3&y}%(qj;7p01elXy@FuWyChS!Tky;>NrE;l{02WoLT5 zBx^y$-FLemSpIM2{3aq@Tbe1XU;2gObcX%mekOYt^*+ zPd>E%ucYd~gIY5DJF>`QslE~^$g$;ZIEnP>R7m^*ZA^(aNSTBr9Qul>{WxPZpHdYyHA4_WVJvtuxbkbJq|cd#4E z{X#!FILn2)x;2!;v|XQM-|cqx-Tibc>^p1EVc%h|BO?AUt;6|%$!#a3YRyI7n(L-A zQK()#Mz5D)jm@8<4+zNA63%J9wB({z@lunn7vq{DJWZS36k)^1^dz|;{=kE|cNpDE zlY;KTV9lh4Id#jJa|q7Yyrr2MetUiBX!vZWsqB%yDOjPe+JiN5z zYsspvwN*_`R<%4)Rh_CjT~%e&u)tfBs$pu$5^Psn-56VcqqkqR#HBvsHl>p~??GTB#XOZ>btJHeU}(-AZ39P6_%340K;m zPMMV2d!k}y(REXS&?p57|B~jP3ZFfn~4~xv)b;xI0bSW32Cy+EeLBE zOS9HWpg3F^r!CtxSM0d4$h&ek`zLjB^E;fpcjMdMkdFfoZ;k&Ak23pmR@<5QRFe$^XV!hrma^PMv9qCc#huGqDNiMl;^OHOF}EmCmnhfpP9+E~A{ z9Upe}Pm+4|ramTe!W%1-)7QyOq$xgzA zSRcoes-q7ugP4lvE$d!I!(KL%nuL-y?E4oCl#jUoG5mxo$HE#XnExEWY+p{Sw|Q{( z;lMK;MFGd9jZe|s?0AV6y@ZPX>|cI_#tFT{*+9D;blOkmPdUl;rt65m-xIj4T%rs% z*zhcX3ArlMZM(23xRHujD89-5)RUv)#Xx9}h#LOL?kWvmTF%1Gx#gkC2O+;bza+Pu z^Gia0NJW)`MT$FqZuyY+$+P|dB$>ASdw|)l-&OW~J;^`Fa`Fu#%P6hZop8)sn&sIY zYkY9?yOTd;q>U7uWg(_}(`gLx=_#;3Oo283*v-T}Ii^_>eXRSTQY2zO6NdyB%nc3C zYIqI%>M@2nCmxfedlaL#-HhSUe#Ad%zi!glo^8(HC1y4q!|=F1Dc{Ai`io@s7ttIB znP}cWFJ+vsj(y^;kHKEpehI5;tX&uUeTxXxs{|&MdRK0CeSc}6B#mC6WU}ukW*?t1 zHs~`_TdVq^B7dOzJkfC`7D;yfXlLK#G&CU1XW5E<(|~iTI!$(}*2~gs#bN-vdFoX& zV{uM3%-g#;&8%SJ-f8}byUyq8$)8o0D`2kt(4O_pp+qa+gMch0(}Q$2e;|4j@0i7X ztC~8S>fW<5iLyPHuj2ZzR3p=ibJH{eGYj)vs@{iYq$tHSqA06@X&;iE#65n3eYfq< zM`K4$gu@*HL2bibZT+WhQf+qUa57ecI3}w&rDtrfA-|oco6RY@eIbPdRS%csIpCac zy$0Y_$j@1aDxEZbI{kCD(?5$+{sE4cu>-tLLj;hek0k3E1j)P`RZPttHl-yya+k|` zIEHdCo03ZLj_Qfl$;1VXE?SG*kHW-#$&Xnw*54ze{y z2c)61Okb{6wE88?j{2Pff}JY8+kD_1CLK49;=%9`SUC|WP>eNZtBvKMiJtH;9QE|9 zrZgqI*B#&Kc$ajav z*JP$A$kdEmkK?MsAGUwmlMQLq$CsT1X-E4n^b1c`VSjvX{#5W6FH#ga57o`>S%2kn znbG0k?I{t#5@atK6wiB%A2`8qv>M<%OsxX>Yd@($_@*6Jh$qI$bT!2sx+BPe{}N4ZWfJyp5za1>5pUv`r^;|da_@x*u3Nt28*&ky6!^fOz$pu zeL$vbZ+U>FpoIRPmg=$elq!FrGx6lK@Uz5wrL{@|3`l%iW>SyzwrQ9za_hyz5rOnJ zr9XEW)mOCL$RZEhQe$Q$egGe_%hM4UT=$(A0I4p20yY=Xi|E3sJESzuopMj|OUzp8PM?J2{KN+Pr4q9m2#H$s!tXl7$c z>X)|KDmh2#Tz|S4EntZkI6=B3sMpG$%Tum9|Fe4%a$_3glc_yFQTy*wd8VfFxTYnm z@A9housW@D!aT)a4%t$^`6=0{9ozV0QR4(GyG_SY3g-Hqu#ZnE1ffbE( zU^8KCk{Z{f=K?tLROSuYJ*k+2fKH+1q;pcYKjAGPpnFEPleFYMy^R z7OYrz_i7kvM@Yt04Ew;w9RW>1eK@uo~o z5szWDFsnhL^7bxYQ18f15^zXbPNc;8TMyYOK>Z9tNv~*VwPbG>r$emzzosb>!LJoAcAh)}AY;`DNP=U4&@!^oXZ@TF1YUWnxSc4 z&d|~it4ux}hOsIBP8WUY^!gJic%V%^rhl$h3d6k;&S&aJi{h%X)GakDQmwus6BWDL zt{gyh0t5sV%Qr9JVfEQjo?bwehB#<1Qt;0Uv}Y)=!urA^c~eeiV)5m?OZ5W;&(yI+ z*N5=Iq-5(OA`W6;rZCxrzQ;a^be{no%t!=Z{lHUv)Uatb^`5I(3oBG=iJw|!1~6@< z;PLASij#6MJ=9}b9Ju?ND1gnFWgb7f3PJ_R~`x`F2{Cm`Tu)tMF|+K_07u zIipq%3GE13m2cJU9VHL)fq{3E35R642mvfhW%I(f7b;U|O{qF>!_1~i4pJeUVjAe4 zB6O48%3^0#G$`3s4l^JnIeQV21WK+W-{Du#EXdY%@+gWydox-bLT2C!dnmTO#NJ{dk)aGsrC$ejPYP~hTJ=z*Sm}Y5SJXnVSp+Szs?=Ic zW;P;QSTmW|*Nyjv;G18U#d*S5fMm~II=m))jFMDk1hwdPS)Sd?`46nD*`^N;(E<2>bmjGCnm}7cf0BMr&->i(tGFA?@Cm33uBG&!TMAA zwX8y$V=v%OxvS*;spLGFoGyI^HJN)-mGnKd60_9R@xa5BJY99nP1M2tE`tB$ME-1d zxz@Fk%W==*ey6W$O7ja`@vq4|Ydd&!HFEZZo;bbsLP*J8gGiui97XAYWSRI*1zs zIJ7juj*eimC89Uy(Ke}^{<+Ob#a4cA6<8q<;;iwcUP(N38Q)Q*3|p&QZ_;s_k-Uf2 zBaMR`8A3@s z{xh?MgOkQ1B64W`>iY1fU`x&6>Q|#btNwdc!mpp(TWtNzPyWmLeWy^txWm>jx%{m9 zi_+?!?bmOo|3_fNq3y4t2HSq`aP7}MLjCuuM56uZGHY1<*X{T1kOCG(55xbwBh-%% zG+F;_zkZB}|C0W-iS~~@T>XsZpGp6FRU*-T#c3jcn8g2O{nP#W#~rqQjG51@zbLK# z*?#@g|GWC5d29ddPcTm2o0Cv1Pmf79tSdO=hps3kiGHw0n&%6DS&OzE(Smb?F`6tN zYGArzPkLcI4(s-zktcaW|2 zOKVpv^q8iWn07WA$I!p!cqmFj2LcVp$8?TmtIYPNMI9T447T@HN) zY`(>h(IdY@=ivMIqdo5Ms}(1FPrL%CTKTMhO`?Alhfto%ZhM0Yxo_|O6>WBB8y5w7 zS8nsJ-m!b91eUlpJMu&dmXE?=8tLEbH!^W`#HIDM!A9%s(+VHh6xrzuq}u{5!{9MRds3mX-xJz8+b2Q<$HkeiUDi z7SI%?R=-jATT?NnEYMP?3@lW+#zO%;%CEd#fZa(298qw4mVjYvTa*aVBnvl0re;<3 zk3mP@FoT?)`he2?;JU=D!A-0_QjW!Z#+Q8t>_I+CequO-RJSO0uA946Ur zChtpP@CZ2*7{J%U(0=ys<@w`38n@sKm4s5NA~}b*b0ZT;fti;AV-XlG1Rl10XmLd& ztL*&Gr@1a*;}o=`y^5n3clRpB=PzY+tE3guz_Rv%Ius=S~a=QvfV*BimMVW)ywwRO z!U$`wwcvU=w~G8vgxmVCc2=dqa=HJJp4(iI%KOXoyqRKec{!hSYoG3FND0&r(wkzk zQ_wC;LHqBzSn2?)!*xK-UzW2W*l*vy^OEh0(EA`|E%U#x!MkW)uV4GKJ~M8tm`R$O zUyjfu@SZCEJmzv{-AGOusV;q2i7kI&Sz_wDg%9wMu5H^t&@LlOUzgK`6T?dK*NrbX zOL8)OJZS7PsoGNW@^b`p)&GU%a;~+$v9H%!M}!N3G-n9DSCL6lnI~cBV<+>_ zBh=ak#LQE%Xi}+GWy(ycP)@xbpG4THc4{s%vv+H`4Ych-j^+zR9km*8y8N@_b9GnT z@x6eP#qU4iW$r&EK`&dqdGCYtnm^b59XC)vGpMAO7vfh5nCG^*(2U_M0bbZRmiyzF z7dQ{Ec2U4a`P<3N9A*RW#JEnCa%O_T>kvuC4R4RKBVds!yb4h!>MEKymv5$;XcWh2 zhj@7g;vK2`JC=Mt{C>L>{NBfIKLUOh-Aw#m`FjGtMRODQZQz^v;ebs1?)+yuVLu;! z$4fAM`t5xM{DMcuuM7RMq18D_{I<zwGnVPxxJu#BcYN3H-(gzrkJb>-|6Cw{$1?{fS*>N5HQO{knnQnl}>kt4-qf zGrpPT<1*=Yef)o;-%Brn-)Tq2uS@?Gegl&DJ$glge%*!N8^>nixBb2U4Zp7nzdMNg z{rvRH1-~0!PtdP0iQinlnd&b1mH&_Uedk5+dmr=g2>5lOpYVI-wFG{PW+mvifp6xA z{WIxzXUG3WzrB9}Kkbh@0)AcOFAx0AN#eI{W&*!22*2zu_GHwycpIL%AJfL4q_@MG3MT44hB_h`>qr2hw3t^k1(cIyZ4IX6*EX1cr0OjAu} z67b`X9M1l!>SF&y^G^6V<{`P3(W_BiR3b2iT8yfvs0- zUmXhnx~agI55d~+nDzY}{Qif)f55`O`$+Hux4ocYK7&SbsszIyaXz{|jxDg_2g+hs zx3I2C&1@X8oXAw1)zB#8u#hv{N<)>O48tSS(3hi^O1*G3=4KF^lPkC5kh`(ee87~O zD-KG{2EtAFQe-oj)%r|USj54vOi@)P-&Ch!Qoc4cX}QaL;5_x{zCi}EXK`YZW&wp7P)JtS5(w6C7 zbP`~>pRD71YDi?_qF`jqJk26TOo#+G?W>8NyUB~*vM*Fw3==r?u4dz?O`4x_VJim^ zn&o0;Cw`HO8nsq=5%+K`igz1bzBv|&>?D_>#lNiw-Lu{&af@Spe&Pnl37qp80ITP} zH9E^oT=_|74F{ucsLtlFi%sJ7OlUQ4y?KJbvS6gTv1YpoR#YzvL|+7CFp}4g#!OJS zJW+St$?745jSxGlp*M$R?9Ew~RkN{5leH{~VC6e}Fdgt^Le%3pR6=RCmG3aq`M^D% zUgY9ML{D=<9oMbYG}ctSym-7~2)$s~9eT!O{kdW1Wf?QY1yWDvEdRz(WxlQNXm~zP z@nE%a;%xabZxE{D>58EPiZ1lLFyOg}(Gm0cGlgVN;P2emaSCE-&IF5&<9QN~hJmP? zUp`BtA4X;=imvX9CW`n=-3v+fg(}}FS9=H0YqTr0QBgLH@*Xy7=TYNuMR}@2JQqU>Hg!lg zK~!|B(hWk>YaDNCB9rFTz#F1P7heGL>{)cMoqj3Pfx{uVX_)+D%%vP`fSfdKvD&N(F@T5f=sZMFh4plbUBE-{PTpABc z%?87}I6r_g9ZM0bVEB~|U8HI|yA9T}j+$rL#%_+4We4fJ7S7)+Xya3;vRvR|4Sk@d zRphl^xZr1`#0PkxjisiWs2Huhi!ah6wdNy2P$arH2;kc?wKG}Ru@`~0S8lyx-a*#w zWhpP489W|N@%g&Yj(^3OTAE5;>Ve`v5ek?Yc5MFbYmA?Vi+}ly@=LIV*E0VkKEsx8 zI8u2oXtJYSx{pB@Y%=IE^2Pg^rCMylalm-iv(rBv5~mIM7sT5azZ8sU+e=sx9_NJRU$^2 z1R3W}Uj1gyo?JKssUyU7G#QIVM7S^1WuDp7{4_N~sz+J=_Ewe8wv&CaXW~-E+z6%s(!&wRO*|?VZz7 zwQ<>VqBiRvTubDK_Hl;yb@YOXmKNq`x5#1m;@!l=3LFl0}% z!O{O!5wMGY(TM{D-mKe0xW7QUfo2wC$`v);aAsD+De|9=;FKjOF>0Y76lA`nfS8}^ ztIZtV)YM4c2Ghr7EP9#nprfeIWZTG=K$zw7ywG@0XM z*?hFMeG`*LzE^R6Ko zmR_0bMM5qG!W@-AGtId=#YZ^FIrm`kUkL9Osqf5F-xKY~{-8uLoIL9_0RhBuq&L)?$oatmOa&daLrB_9uHFa!SQfevl0Y=+CFk1RoD!W)@=XQ!{V==nAc0{aMo9qQnf4y-S`Kx7%1VWJ)=32P*fhW(5v9qhH>C>jV zavg?uhmEWX9V{MwJhz(cIZC$v%g?_vYVZa`D_VV2O=#bso1bC--8BNO0+-r4Y=KyM zZd*(DQMy<2Sx!~RQ9ad7`kgD<>bb%hWehXk50O%0h0^7Ms^PD?+P*Ny$^yfkM8v*Td z9%&GzcR3(`4{z1|5`W-(R`v65j~@ItTF)&QqX)lPoqb?*%X9UQ%8V~^dW`D1oltRB znvzT6tM~q8^x%$A<>_DW2QH@Yd8QCnk6INh>C1RGoa^{Tts*$fLpJQ7F`c5DOpq$w zz<`kTY~pOwz=~giMX2(PQw572fti`O+?D$~><6}9nH~Ei2TF`gE0$X6-gHA*R>KXF zVnn!<=?|2$F$Wyt-M1sou-Bylia$Ra zL4(abB$_*2j-D>Z2%7`@Qt3;Se!WY7Z;OR6&`;NnIdc(7u1}cw3x0R#$W~8q^8Y(B zF$Uy&;nRo!447yd zB09VXScaa_O%#c-&lDz_=6d>Ijd+Sr-{gWja=@S9j@4=_!5xq4H|qZqFy3arf45{4 zzq+R>7~YG1@ha@i?ST~wuyaFelnIGDnimQ3B4Wn3xla{@B81jx)<*hYbNwAcE}XlG zk4!^hXnxnz@nOy8niLFQM=6q+@m7(B9F1n=@;zZ<}DFuOxKn9OXfRV zW?4p|$}?c`2PkAkpcw_L5u0d^zY*m z)G*}&ZBuLm(Hb))9G>VnUD(xEngW(jn5~?iR0LKBj3o&6L`mq7La+(4YsS)x)Ka2h-o+_4=23D+vz@f_XEcOiOPQd9C z^arY#j)64wUw)sE@viXG$mLLknE}{d8>-Ar7Ij2r`nEJ}`nH79m?R>lFuEsfjb!@RY>m#4*m^8&^biPI*ZzFI-O~02mKO-Tg%d4Efzg0(W|AeniU!&d! z^l&q?-tK}Qe^K1B8-Bj1_fX{@=o(54SCz)OB-tzF@@(96=2#lRZMg9-xor2?Y=uGV zVuosR5zP}3_d6oK`w?x9Or!yJqtSD6NI$nu|6O<)`r_V=eWCL0Yy~O)c5tFDcU*Uidy8dqa?Nk$$3ifBMPzEOWtg>H&H0 zmSYPkOi=dG1Bl+n=H0yMU!3!CF9Pp7ZRyBG#VH843qpZ|Fya?LkfbrcwYnj%cjAi~ z#|N{5*aT{dJe!z|)tB(~1AQe9sg06SIZ~zOm6Jc|G#8R$9zB6S&$^QTn(Nze<^T;a z!`#;qNq8l|v-<6U!@;~wFtbSkKLK6Bqxlej3pjnJ9>^>$`QzslOio-!& zB&c!LCCnHBo#jf7)fO?kWTAm2%`*1!`;%l@VDtdj3ZF!^$=}c0eq>$k@0)CYac28@HQOY5apg>JKjA6&14z4hb7*IbrW66aOooT{_O%XI_3?HEUwSSrn{dt~`@=YrSl` z2;ha<_>Kpq|E467CKn}%Bs^Udv_0M*;uo8TnMBgklDFu}Jpf_uKS>Qj?#ymf4N1%7 zfl`vyPs{z}BD38k->`~gCw=PwGyL>o^O#Hb!Wro!NHw`Xap#LlN|t-D^2M|$9ZP&l0JSbV-Bm4*fn5mK zF&uxg;;O1qN5wKuip=nCM6ipZW&vI$G0j!w=nrB?kS}WXM4u|@mnyuUfecbuf|Q|R z?ouPv)rFYVE&+?8-BM-Iv6iIN6V$0y8jdQfjiAm&8pIZsVPk9j!oVJ zHlwedE%Y>Ja)_AH0hFM;^{-flaA)|c98umOY4T`}9X~$b{WsGDBxC*Gt#5=X7yp3Z z=7tl^Q2aU2YsxYl|8{%yDGXuOeo+EqP>5Hmtn=13QGzFbsujDb=f+!i^3C>k!c!x6 z{*|{CI|8~O7Wvn;dO>avZ1~E?W~CrXS!N?K3siQ(Pv~y4a?Fz&h$7ox_+RS%taK0o(l`z?eH{nNik&LC=``fkr)lNG1*OlZLzg?UDl# zN?PXh^pne+{W8O)e-!eys(DYN&>Yq0u(MVk?Tqx#ZC=LAeo0y6DQUz|XLenFwWV%6 zpL>_Hs{`L^3q1Mce$t4#Zzv4E*#6I)P-o85mf7d;rBS8KHomcg3|^#>qr_IqqN)zu z-9EZUyBt?v^eT>OxR@yZn~n)RtvYgIfm>VnH5V4zM&5GXelVEDI-7SwGe3By zCC3k+ssBN{q`*$iX-!jF~9 zxJ)D0a663A-=@>4aCcE`RAiOlSBLiJ23GzYMH)D%iFbX-<}6FPC{HK4DFgqLj)7FQNhz3pN;-=qdyi|Xb4K9iIuS)+VCugx1)X=n|9=(cO4uPs-g zwY(Ns0Ydvy5Dx#@a;M{sL^CZPZ6=$boYNgAVO_@>vcZdPTw`B9H^x)?%gX%<{)IQX>Ke0q9P3-nt3jj z?Y*Ou*;FmVMQ+JWrL2-_f2R5SD@l0msf?DW9WN-{gZqxY?c0v~kUgKpcc=22S*f~i zPJQ-K5^puWbgZsnP1C=tUguMv$Z%|-ewQ0(nyr}6qB`98*^Qd zah|(M?N&00wr7^XH_%-(ma&boiTknnYbh=JP4OF~&U={g83%lp8Rw^ZZu}mBql$D> zldzw@L^|{u6mGNQ<3Q5Q64vz0ovMeF+9V##8`ALj5Gw^pqY`-d{te#}s5O%uCa*r^ zW8%_vdXAua=CNaJ`SA%%T>1l~lU&3Vb+PKKl{kkA6*?si-JB#Im@uc(R^{Bi1LyBKJxOHXqDJ zN7Nr3{q`r+!l1YG9B#8;^I%9^(V$?TXsFS;;8IK7N?lsi zghdboHzB!Pu3pqCE^X1))}^+f7Fnzkpe(K|RZ&{&((1%ii`pWJHUIbL%yT!Ot-tS| zm*&nh>zOlW&YU@O=1c|h?>!6}J^RzB^yto_ZL8YjXS*N2wujQ=du5o;@xn+NzOdNJ z7X|6@J&klAD-Xx_c+%Y+;L|NoOQck0# zq^G6r0qedUhwmhYGpcOQWJSXIi$C;#IWqmp&?H{zfyAE{)$T8;=UOBmmhPx?_3BBBH}2f_$mo@ z9HhQOyyoZeB(YHRD{Pmix>$P+W_U+TnoL@gH9GyXGFGmM9QdVoK(0;FKr+(x4A^0_ zQ{X0Q<|HE9CQimbyr$|Z@aNw0*}m}uvYGy|1TA^WUCCCyV-!$WFFgDWG?6b~Xyw%W z52|LQXd>G34P{9@HjfW9;L+w@d}q$vzF@t~9L~{gD)Z-Zsc6faN}JXl4|%UB0p?e= z{<^-w;Pp2CK~?bxz@D&&)RXF?XM%c?rAbZ2H@U^Po6Hn#Zc};CI95{a7%|AFER%ck z=Y<$*ei>~ZV=d_5DS76QrpZGJQxp5(I$dmi3acJ=rJ3^X&NGt;@SdTjZ7*An=OM#!AaoJ;RBK zf?IHpHv$<;!@EuFWp=GJdX(1Z`jLqd7{&CPLA%A)u8d+V%jm?M9Lt!x!VPtUmP@4j zks2_C5NyfrFw)9%CYhu=K6EShd+#eO!0Y5;y0Kqfz+LZX3^)pSeY3k7#$9bU0zw)h z!WdU~Z()JXj8!$U>{`H6S{;x%!5#SCWF(+)Q~k0(>#8)aKHGzYrm zz+W82O$!(`_qVv9XLVW=R9AbDDM z`Cj0e7NH!Ah-RB`+~#khO;nN5);km!%quaU^^3N~`7i-IOHkowNL4v>CZxKpa~Qh# ziXF=2ljQ&Pi@5mS&kTHundt81}F$(@2?+%HhVWQkY9A!(PnwNLD{QIo`1woCs} ze*T`I5zq5qq54d<00m)O?#?DhBJyqlKJ=Ec<6_inL>`PkG9#OVliXvf1H@Fo;wo2Q zdSBHoSunbA&FJ{b+V*WH)wa81M;E?XJN?Z9nC$4mE9>G1?L&^!lil|XIGC$ypY~Lc zsP0Zw#=9>3EtuX_z@&_}Cg^@$vegR5+pWey+n8S%bN#UPQ#_i#6bx>!ty)_bJ!37d zbXTIC8C|%p7OU~W>jK)Z8?-4%?%$)XYDKj9yKt{Mx>Y9o^!|16WmxdL$KDaz(p?H= zWF;p{CsG;q*P!qqO1d^=Kdep`3oti@j~&Oso%;ArL(p;SPHRhAewc7}{wkx5vfnaC z7tVQ)e&bEO?JfnF1Ewr2vYq^JMuYdkWhz;Rqlmb+&>8{1$hdZ%0!e+P`_U)SJ`|MR zWvcy5%U!?_@^m%6OV1P{w#WJtmcmfkLp%IbPPJn0l3kr8z zV}-8;Rco%R!q1>@J5A)`fUrTqOwqu-bcQO)re;F%{SJ=W*iI`D_OL-oAC`@_#rbU4BY_`PsWFUz6WHnrL3JiTr6A zf|_mjj-?Jg3lRCDg(xXrU3p%$7&a8Sp;WC6a8c*O`S78i(7Kz)f3AogZu^I5%O9vN zI_nwzEm`w%bj&i6)-;}b!`adEHV}Mv;t-1nZa9_S^%H6Ui`VFr@(d3YnFGNR3F8PAE9pQZNI*=vuDsn zhtF4ZX`PQ=H?ec*T75V0tqdeyyq;C7=hRQY%{oDO9nq?8eY6CZ$DO?O59UP!cIT>o9dfvi zXkOQ?|2955@D~vq_r2^SGxA(bdSG}Eg#Ib^(@kzAEHaC6W#;|6N5Y0WAIdP89Q=ML zg#Q1)?^A!w#cyxnxBdO@A&w6N$GoJ5`QFJT_V`*4n{BBe_Ib(mf5b=ky?W-OYS^E) z%`UiUWsn@v71}@XG}rZYt48)2Fp0=7^-|aMNAbBIN2Kj{>rF#VsX=SNeRpubS%`lS z8;>B7k9d#u!`F8!@S$=-UMz8oA5P={AK7&!jUdDSK;}oz`tP*<2)RY3S@y`iK3z*^ zx@dO%b}Zkzi}FYPm+}|W{*Jm6wTi5R&?P=x!PxnOUsG(7z>$YmUY2jk^en%&klUuD z!p$@@$*WnHV|uGx)L~Mxd-S0Y7b;uQIX%?hn1Hc^C5wy{kV(Lclz+4`T%R@WG+o$E zM)u0kWffE{y6o?c@C;(h_hAqaD-445JxnceeSPZtCxrwZ>Oa6$c)wgq5cy9L>dSz< zA_sCWrF@9hx|%97@J(LnIBw@jl`}#b-{{PUUth+^+PSz0cfiK)8x!GOCw%)!X2IUPJ$dvY4q zL@sS`5!HGlhIg%(*<^I#n&!2QT8jalCF1}a0L_*gtSW7Q6BuklHm*%KHE13U7y3&>3{AQ1zW>i3pH6>2RQN*PBI?0w+;A;=$w=QT(kNO@7I!ig zb3fryfwel)^iSCsfWAjQA+3jcF^CLd`w-Mv2x{Dp1SR?CmphZxYCsHW$kWfuo_^@M z?wmnCJKoRx2B&+cGD}1x3EmQ&E|rA-0ou!#PcE>x=2l0RD|q{`iK`;RKAtV3;Nm~t zASHR9a<}mp87296`jX=rFxAy`0`02-l${?1@wQ4T*Jo{frc)bWy^^}dFKcBpzb4uu za(CU{%~W_mw!$FMofDDB%b(0=Bv6hBV%3lQs1-iqUww;J|JZ+h418`m z+8UI0F`}sT=*Q8UBqNXB1dxG%j733uKBU7F;c;yM zrBkf-#y@u6LB0{C=;sfjtZRPN=ESmDXht}SFL2lUh+khv1SV_+?h+pnk)bN)S=3KN z%ALNFf*I(c|DU7I+&fF~IlNOrTOW}&bM97PU5KH5LvPQ&FT71y4lgsfN9jZ7b2)Wb zdF{VgN7DOiIx=wL>7M@FJVUoRCsw_H8N~hTJ~kza zr#=c5RdM0^dIChb7-l7%72qFV0O8?Ne}**UmT~`b(^g?F|JuK?1pua@lyrxd|GR5e z@i7Epr{7QcO9>c(mlHE$W{L8306SM)x)EbKyJz|Vo%dC$htp%#r-<^VHGBLF@Fy!< zpMiPV$yslt7uQ0prFUGQ^)VTlu2TV3M5>ts;QXD1E?~328 zfc$Xml}1D=>xcs^yeBL?{8NvG5~hED-mgwZ29HdS-G>_)JI!h@ZndFL(V;ksmIf4) zl{PAA=|#tu{i6$&${JtRv0;}3ZS&_l`Lu7mmqiAV3wY^d@wxgzI-}X04U8uPa5w|@ z{xD|->?~xtn{9;C5O&T8=l>zJU#79^udze!xS&M$YW>OF1q_U6!5fOXM`*2cZHB}s zIZh?Vs^nN%FQvL>3e5`EC1%beIGP80nhR@VixzQqRnUlPya92Co|rq9yxMr1Dz1&)!1Hy(Q;C}exjeSqp@7=|4_;g3yaAkqLPs+4 z%8@YcLnz~(TQB(p=A=z2E?jucaMDU{ZzQIxRde4mU2R5_?~)xg^2xt%^&VVa;TsPw zMbQ5T0$v_m4k8f`E?RX8xPO|g?ni|ChPsiQg#VefZUEsRahIwz=PlEPqPj#}t+Bqz zi_2NUb&%u5W%cJL7PtdpW?JwNdS)pz_kXNe>`G@Cnh{FtQ~v&3z3YdSS)MZ&-(tp} z%WhUS^yi{|u)AcL?jLvTM%eVKXFUbvFJ#6!wpbuDv* zY^)LseE(MQ%$Xc7e4m&RZ74p8Fk?uUK+8J!wkykn=X{JU_;O(W}6x;vwu4!iS4 z=>CNId>hFVKK2weR0UIwa)I)(T%hc!BFyBP+W4A|E7J>VKK+{ynP|%%tnE#cju!r- zEnDD0#1|1{gRLNEP%S9X6|5n6rw`T>oI(u+wY&FE$1qk9*_UZj%eoiv2Ri> zqpRi!b&b7b>(n7dbZv%MYCV!`J+a8A%=uu|qcl0}{%t2Res25j!l-P5;E9V* zv{hsxPaU@yz4*(Molgm~yYMcPCYaE{%!c==1^e%eiaI;J5FDHr z3Qio&X#UDo%*}FRAcr&NY-YPY@}13`Dp+=OHgn1E#Vd^d%-_r+VKZ*n)b8vcxtuAs zg1vA#Q`B+2E%cL%xPj{qrmQ&_mD3rM0L0J4!2_EMr!HnL+&4hP&fPq7I&(Zx$mkt{ zgnir@Y(!-l8ZSPO1fJ52tuAu62)D`V5@IYB`f^i*Hs;SKi>UI4163uoVh03vy4cZ& zbtiN?^CPBY=yv9>n$O9|KZe7%Fuf>nd%a+CO8pYnx`B%5<|DTEAV;|(K6>7AwEmeK zWkh)SXS0tzGac)m^$|1rQ|@4uTkIpEnH&!ik#>1w>t7kOC`WbxuJ2`9oubU{<+-dn z{}29cy8S5x(j9N*fBav|AGlNdqmCN^dIrus_uB>Td?f0W`?hLWpIP_P0ZNu-SI$Mu zRh6568Rxx{(s_UM3C*AM@|iA{`Q3H-6S>W{cz-Lu{qg@*J|A<(Jc=L+{o|kVIpFs4 znR#}|d#N@ws6qY;$t75%L7_zPjrxI69Fyh}Cwu_c zeYGbr#*4?27_0v5-H<&*YWTKS%#S7DHh`QUKJX~jkXbgKx6C*qv32O|P20qv3A>eM zy)y9M^T^G;T7C*9ToP0b>@%^opyAL|Q}wMXiGOm;FLge}{&fP4T=NSZuUka%TSNq{ zNMFUzsFq~u{C8#((c5O=uL+Akxa0RzPp@V{iQ$nSD^nh-UTyO%a?yoGVUcmUisD104x`#6--g(#=H zP5m?3kmr>R@2aKEXh(2Yl9T1@Q{Qqk4`53veE|BW?|;E%?8u3%1Z|PvO-5y5^Pzn zu-#gYF2eo7y8sgIm>JGK_*N+WWPxT)??myczsxRR@Hv%<9J?UBxqadFFR%}&2Zl@6 zAbKxW{n3$YFoYTOI%Y84*-mx`@B3rGb$?v&OaIhT$hO&__$8IQwP+(^)o=d|wG;P8 z4qFv@9y%*r6p$!Igx15{ds8it7Do ze6QSgDs&oofTT_iajWkoKy)vnUA+uPV%2XFRoHk06>KD=f3fP3RzWdwPlj=wSiM#M zh7Ytl`sB`@=mW2}*=m8u1jdfFBG;=bb7^7W+ zt+o&R0fu7yXZxK0sh^3?i~(f+N|A`%FdsDWo`HUb6gTiwwPtFL85~gdgMOyGVXJo0 zv@|cf^1UuyhUkYul;npC|7PhU-(ZN%1m`r;-5-3ZwNXl$-O@j85&V{b{Xs5AG5&F8 zK5Rhs@^67Ed1fK~Uw>1XXCm>^XNYx&h`s>;-jH4uLCtG(X~~TBW?4&rO|jhGpSC}J zR7%L$-)pqeqKMQVcoEVO8v*YNV{1@#WWxY_e44mmpW(?-%=lmd zFnCWfV}vW=pYy}1duXWG0L+qzhda9pgAiFwkCj-qkiJo$pGa-I}xmthM>rANUYck1fjBuj1Yf0QnR((YNu_F6_5-n-=+q}7li9fi}9^#!<<-^ z)HhW>_yvnUhb-$?c-B`h%?h^0sT63*(Kz7KrjI^jpLcJ(QaXl8v)%~pi+c!#wz$ri zXXu1}tRgr0QNTaD5*B3{5|3>nJvpr_Zr)O2U+(gLjk;PxR|9XLjPAhhe=x#%2FmQ8 zUbp#m!oJWqtb+5OcRc+=e(2}jh5E$4d@A!#%*;I-rib>)OW(BgaRVrCroIo84m#8J z$@h@%w*HAfeK-4xhi5=33vz6w-L)Q)mHk6Va@wc9;corg*3!jkNPPP7X>i<756N@; zg^>940UjLLCzlA6s|3nS-_$j{CE|6{zgw0Tpo}OO-TtmHnM)X^F6;Opy{}GFh^G$- zK=hF#>Ds8WT&>wOyI^K-*6h9QVJCO>?H&n;A+Wa^N^OhWSYhP2I`Ziwtp&{On^OMS z6lni%#LO&ocid(7IiB)$R8WVD5#>MkwJN39L?O7soi-aDczK!!diZ9rR_F64u_uV( zY_%LDZ|g!I9Q%B?34Nw-?}a`s+VWc{KK{C{W>vk`2n$#dU&m`r36Zp(*x`a-gYj}d zo!sv>+1T{!%L4KZQOPgf^8F0lehMWc``??E`{P6~p!G6f=lt(4mi*6q(#co)XQ-%O4i%NTAs&*e_YSGZx32;&@m^^p~}7-%L8m{h*(9WN@*00u`TB>S2fB|Iy8rciVk>=YYH+xUTmJ@x z)dy~l$MkJ?hnV*BV>_|*gwb&Ieo_5FHUsT%_UR0Vt0dhGQTwOrD91$H{GrIb*iz=} zzvmUh>YwEK!T8H8fkBHw*uHPHZBiN^SBB|f`3sq^kWbM*;i$ONJV5FDEyrs<-@$me z1!{?kv-clZeR2k+uZQHaG$c9gtCYLeL-OUs40(wEZB{JlWp2Ir7xy1TSy}p6N;=89 z-!h*JZg+uluy3mF5=P=!jn6qxrTL52941~rcR%Lvs<=p&5UgAM{)>I^{nU}qU#O;n zY7Rwf#JrtYuDRN&xw>E8Ts6;)8P*WxXonumdX*jwqDsxb?GP1ERA~G?s{bqp3)1Ks z{cQH>hid$V>LCohJJnb8=_llbT@<*+r91U+dFzh-tL(~KT8)L~b0yIK*J z+^O7(R*=OOS=jc1nI!g#@lEi#Tg2yN;h!4S%>LjHe8skRZ|plV;jb*C^~0mNHg4=R z%TTv*!)?#3hle9_TRyrxb5#(Z0m z^mK4YOQ!sqKV~}UZqHV`AREp8SFNu^-_o%=*w;1NAx+gsY>+J0C%W*?-_x_L%X>EV zT-Ev%!NM@AYk8X`H9ezP&cA=aa==aAhU-8>wB^@|TX^SuewscnZP=sf^Sv8-HGRHM zwB=T!Qm$tfnDSg;y4xTG!I0_8$j1&A6S&gr9&Rnz5=7g(VYQ%W{nJpH^p@&8CFK@z zS`nh`<&Bvx2Z`H`uD=?P(S@x7KXpQBL(vI)H*`N?pT=n^ z_pNM8SM92$xIx%?w#OFJ_h;5*GVHHqKW<_)GtDtvSMJ zj+hE>;L0P|N56SrrkWQSz|2W9Sxg7!NxWV>1;&RUEF$8@M(-QSf~CZ5^XpQJjFZJzTx*!rU-|>_lUHzV>^|}}9PlJH;M4{7 zBmO%;;JBA(Ak>WC1^=-9-PnBIC@McLyni+QGs!az5xmgpu&doPpi2~|$0voA=j&hmgU?Nb^)13p~3g<9pUTMcsP{UICxdld?46g za7iV)q&t7Ia4pM&>9{mZu4reF&e;*9&Y9WvqcfkRUSJ5a`xlA1V>E)eOc>hrv{q*N zeeg+>Wz6y(PAs&#^Pc&%N|6yc?_5WgSoPBNVjXO>C>g|CMgDBGrmwbnph!0h3ku`Z z>_8*mQN6T6EwF2a*dFUM-o4z9?}bens^0ce4ppbOFDe6xLF8`y^jv|wV~~(;_}yuL z@BL4eq&$8PFvB)~Gg|K}xz)@k0aW5QU~pLMS4a@P!(-&j04uw{U#V{7(La6bbzaDl z=iZd*!mw-?%wEbr%V22aZV*>pwx9x7-6~w_U#$A7b;2i#9Ydw!Kxgt!L#H`>lzj}1 z&90v8Z5laJeel(AFWCR9?*+?DwdoF{TOHCLq$jxHua>?sB)Tra+-8`hpw?LB(#Dr3 z7;QYa(c=!)CApX%|MqzE7U4OgwH&Mn$tYnNyv{q)E$07P`-jthncC+BnLkeUt5Sy~ ztVw#jkhABU!TCN_cmBaDQu*l2%e6@6`DgJ?oU~Ieh~9EE$)e{P(;>8@vvVs8aJf-@ z!*l2mi<^JiiuxtJW4n&8nZ4cD85eQU8hf-c5uZm*t4DN4@+jykK8rkPHV%mM1NVdH zmJYBm8+i75C}vMBM6-6|O#wRd*p%+w8d2G2C4`ejwwkEDjeB2pbJ6 zo2t+Idn+t!m{bHd7ATW8xo`i@YZr#QwP>3J8LgVWz^($4)oSTFrC(R^+gErL*G$J{}mS<#a9qbAG!M)X}uTB zJ&fO5TJMKp`yu!bjkwQdkvkbVnS4v<%|si#rpLd#=*hb&)Rh&)>R+sSphDmwQS4gP zP-zE0(oqlH+7TniqQU%O%X?)sD4126TIBai57 z>z7)2l}qcMK)2257>HhuRQM17`SV4nC$z_I>b~1EhpVmVsJ~!Y)njN-P#Yb!MS4+` zp??C|ICU_sKh=+JVKp+n->sBSxxY_k0`Uq?dIEX+dr=G}_IKFi)eH+XT#rrcSkYjP z?-li6c%pPqdgjgbOujz89t6l5sQYL~m z`0(8f?hByRsGj=^LM8g~wGHRsFp60`0y>l)5|hMAhIYho0T9F%J*eMki!_lbj6?Mq zMEZjf>)(ac-}$)Ct)2^3w?mU%ZVejS&UvVp)&6Ffb4Z`tz)VJ}@$^|CwaZv~uzzZi ztk=Tx2l1sK{-yRWQ|^M|ju~hi5ssCxhhJnOlhWi*{RjIP5esSrjh2ik!N{bK8R&y3 z;vV`91FaiV2LJXO!dp`vec?*^%!{vl&Lt*OQX4xFV;$H(%a+(5)YwbLQbh%2bbwI? zmq<)Jz(qg@Qe2RX6tMIM@xsoCPfHXA5$|DQgfjMb+U0v?@w2vgg$q?G_b&TRz!Bl; zvxCz4kcu|_`(b_k&}nQ-YUAeyHjirKr`Fh}iokI9>cq?#oeklIW8}y0_=(VOGSYCn z=Crz1HKMYyuWMF|tpAzl#QDeox3wu65=J*GE7oM>glvX0D}$=#^078UB;;mHBCFMi zTQVeSMe3i6GexqC0dA(GqVJrlfTUEnjPVn8yQe1Fco-qs{ZE7Mg??f@3#xvUr)DQ3R%Sufatq z5EQyTpNrR)iaqEV6f!eY>jh9J%9*L^#~Jl<*&css=my*W-_0@|Z%={82k(FbJo1_E z4;drh9K!)QZ~V=Wrd~Jyb(ub*aMiPoE=bH#e60FctJPX0h?mF<^=kJZRW6ZG)jH?z zhKbU>@6-{%O_mROo-)Tx`NRrj>3yM*MjVtxj*RdGshoms4K+Puy zmNRtPHSXnJpGet%;UK~C|Mkb@e{UQ4yCMZDJB33=OL z)VB&hB3Eq` z+%4$BjP8{i2e4Rw#QEIzh7X&2dOvd`TU*B;2qpj7walPHiOAtVqj!klq^wFOXdeZ6 zu!TXux=UHpx@uN+2?q3OoL;Gquj$&@RXjiBJps>DEKL;O$0xb^*$Cas#54ZCRO9E% zAycrykr_epK?0b}HOMi8EQ}t=OMa(F@{1;ADUAB19oHG%8Y^N?3z|Y)`{Jdbn?URW z#Azl2%8&U9@8XN;<3o}JpO75hzo|NSTjF4uofu)s;A$W7l3=BW58oLw`>X6awVzTu z*~)3I0GU)%$lm>jcG-CVkrLV}5ZO+hPNrn!Njm98woakWqvEq1XKtCnr!}R4gFM;HMKSw^bbwu4BD=HgDV;dMEH~Qhs&OgHy#3d?yf8hie6~q?L10VK?1?Amq z<5hX}P=GCH7-WE7oC5IgeIme%_ak1d;iaPEU&15)IwM#+bi>$#{cpPn!wzoY6m60Z z#3>e;pa2bwbI0AT14Rs+o{aof{UC<0nj;(M=VAqME_i+X z!;BDj%hMSlP8FKAkoMzh#wzcq1H-ZE7oQ0siJWr_j1~f|t|Q=nH7A^}6K>|~F2=dz zV1#2e4F_YCR7wAEe*MTpU1Vwip|yX<_p>XN$!FUC_s>dMdhScF-RM6IZq6@q$9yD= zUL6WlZZ%yA_y3fv$VyF3)#oe~$b(YGWRVko+dU{)dxlaO>fdItSo`}NEYd9*KE(T#yZFtS zEC=UgVIV5GJs?3JF}p~?rY>Gn-8-1xKJPY#zE$F`xjIw!eOe7AZTHGm5EcD^ z19q`A32y1T@UO+15J0+j5?y+<-8R2v5?{X3{$PUMFU!Hd?I6FoWOf0zh%IX;6fu}Z zaQst@%{d-=1uIyABuh^co?5#>*NqW(B+z8X2vX={>y!4*&{&_YWx!ul)jsiWov*oH zUc&(9ykDjZfWQ!FBq3h@n75vAzi9U_sjza9uEV;AMvF>KlUVv^aIHg}IKImh*v!S2 zze!l{{*I+xvaP~hcn~C})dcZrlY;oU<9WY;e}PZ1;pe4mnn0P<+8$l2%P$s-jKRC%!Hg`z^#5l(Z-R z)T@Dp2i{jr=9)Hgxk{Pbwx~=YZ?qTQMfg%Ip~9UqD_tDj$b>(Nh%^Tn)%CMH5&7XB zU@$Uv^nSW#L|3F@(QI3;OHW$tCk8XK25JjdxEHRHelcgG?AOl)syR=`C#xviaG} zKdk3Inw6PbHv@P$x5B*1Vb{^CpmlGNu-5_m`nO+6kB(t_Wo7EzQ2xwehsFzYoxSA4 zqb%MYU)NSw&MvHUZ`F;X!D#awfYf;*0$$??@<3ctyOy3koK3i#0`?ICU z*P(u76Sag;+t_r@4Y*{I9JYuq+u*VxT5w`0@;26?V5z}=fP4RG{a?1c{J`+QF!z_v zq#fP|&E^sw(mQNrBYg@!WxH@E+Od@m86^Ek1V0k#&IOLpiQkQ{X7XcO)$+~uE& zp=pN^PibSH_B8aO(33c=GJAhYYvv-wGUNNl77u6ku(NHlIfMOXv>9Ec7arHcvE1Le zz8$On8$mDMMVp_nDvOsAr55{RN9P%Py!2PZVZWu!4STJM{7eCs(Ruv3pMMYvVK?aO zcYpt)OCrz?5~=w|-<5k~A*;;xkM0KA-$l{?;A=Ts5J0Z(LR7WItMuNql)B^kdf~WT ztgqP#=*Q;+;UMn~0kj}b&|B~)$6lGcd?rc&c=h8)O7!P`Q1j0Wf2`|Tev-i$1<*M#exvOC?F}-NZ zII{#qVk8;;)4q6djT?HY*0{)(Dig^sg9-4rK-Ip0>fXOQjVh!63nD^VHZic_ZPRjoR|mvccKvI1DTO8PdJ^; zYFaNkpIwKsqyP7FopY{$OI7ZIOZoo2>HEiUNQROo3%Mq;s2S;P>3g&qS+8LIxNs)@ zOkc}8zQDgh=Mk$St?-vZG`^7-0sS)>{}MhpzrBZS)O9sq?jKA(Rs2nTTtdZ^_fE@( zDW;wn?IQ_Gt^7-tKB$9w2M}ZRQg(OcJXMu4=tZf{L7^ZP=55m4)j!7*Mm~=etgm;@ zb!S45_C{}Zbkq9JFDbC&`0A05O{yu{@`5G%T}`y*H+(fM{;QJUFD*%aO-*CHZjOPP z)^`P-iDM%w-Q*iXjEqxS!g;L@H;knwOlx)iXg#U}`#Y)$tr~Qnq1rQXsp#Dz^VFVs zjA7bRHnn>I82ZOMZC0#ZO^p10xc7a;C0`O@O3~MdNV%gf13Mq?GzA3ZswQ=|aF?oN zPe0dcV~{7GX`0sK%XN%cTX@KkvQ47cgNWdQ8M?oX{kF%IsVUJBuIVh7+HFjDJ}>v+ zh18BbKBtLBXKPM0FKMeS%=%akv@kbw4Z!Y>DudFI-E( z#U#MbOUDi8pf)<{S&>ksjpEbO8L78y6s1!|Nm5}rcZYEbOw%mmI~*kZ$8&_V=%dPq zTjk$V<;`K`_)s@WinjE&H8Oo#(g|n=D(XkXbvD)=VzdYk{*Y^bD)Ib_ihu~D?y&a! zmj$H8gt4|ZwXCA-kaCV?+?xM$l?Y_?BC!OIuG~?aF&Co+T*2#WMAc`FZ&iKT$bs3i zh8BkZo(w}iADi!5q)20KxF^h<38Sk#Ez8u}uYKMyz6 zRP`ccta|rHVQmfLU}D2jLMhk&L2Pn~sXW?h6s50*o+f;E9zuMDc;BBon3m`CGW2%^B}I;Q^1C(3=<&qftH{ z$)%VpQk<`TJvDTL?kA(yL;Q`eG0#12x4e!RVYiXPCEof12Nk2K2na?Rb%n>`iQ?ml z)zMq&kp$8ztwRXAbN(7iQzKQ!_ummuNFzzpts=Ha3ep0c3Z-?pTY+(bA|=prE=Cu& z%Ix@9J(kXt4Pje#7u=Is= zaD|#xGpyLvDnRFWSDIq(yuW-Qg-iWZ&46W%-%YD4rjV%pj$TKJ&ephC*UMDq6zI(O zUdb-_-Y)%PKu~2Sa@#s!HN7&0nm&8ek6?dK*oSx)&r-aLig)o+N#4SH!uhZ$Q!mF- zuqfHDUBtS&aHn-Ojb@MEqu?p|>!&T1i8;~$*r{5V@u^#-3E*%o+VT&+P4Sx6wl?&3 zTP}h%?!G;}-yLx=`11EN;PI6l()0hVs?onC65psBCt4;B_i6rI^^gl`!WY;{z^Ji> zgRR^C?wtpXYu~k<4%?Nm4GYXr7`tn?niF!ywsLuzUoRxh4Sh(n!`4$h64_*ZgNF}S zKPobo^61I3M%mb>_;#Lpm(_tu#Q7O@sT#b~j^uMQW*4+I?ljVSD*d!Dz09W{?_qH+ zE$$rR;lv=@*3SW?y9qj-o1>P*YcinZ-yHbpSJu+VG$c9gtCTy_L-Iy#2#HT$s#wx_ zpYBmBe|j1cpMDSNBdVYHUb>=R% zC*k_-1@PSUdsgxLlf-|J51YjpG+#oYykX#~=_XU9*~ro4OtX=xm$HnX&QMwSPZh1)f+YjjO z{=ns?%(nh-xQGb2IP^v3vFripR|f2=*V!@j<98+q&mTYJo=RKH)3$>p$Rw9? z9h7$*lLKEl3`aos6$&Vcz&xP9gyV2u+Q@w$MB=dHgS0mCPOpvp3@xPlJLV1OFm*1n z)8Jz*IHU>gm!KxY3=)p#g#Jb$usa(es z4xAHdh3;wOM4d)eiM!^Jwd<6UMC1%GS~dMmKH+9>qlLG6o2sw)gJi6O{rgX)O-q)N zqo9FX_cPWJaC4KG_#9>WN`a9)d3X><6+iu)j8@_42eMj)EUjkb$79dSlONl1xV8L~ zHhKTA+jpl&oc?Pp@c+7vrh}ya^&6Yn{>}5m^m!!BDy^LWeIP$Y-LbY6^~s%o33!)$ z3pv1XDAW|Y-13hN$Hs7@tOZ zjCLyZ_}{r-LM2<4d#xc;#z!_h#>V*tbgx$Ah9b4F$qM+E@Z2b<64#adU~B1}eQ=(v z`lo;S?Te1=KJgOXNpGa-Y3JLd`Dp_a;l5WjX*|q+>HNnJRcUj%w#}Arg7V$3_2&K@{3=r(i%G**iE)VG3eLp0;8h5~9( z|L0R>(-Px{4Lwb^?>rzeY!HNg5NYe(Prtb+oxzD9ViMV}94P zRlBBXe%JJv-!<{o(9^5I*)93X^!Hmf#CSa1A4^Iq3mthytBh@j)h`RXD@6Zk&TTM{o{=a?RUfyI-5B!>a z-do;gpTlml&nL7`XqgY-$1zDrphS4hln7?JYpZJ~EY$nvv-WER}LY~wg^F<-5FS({f7bn%=PQynj` zKXJ#L<(sm}Di5L0t8Ff1z|Y3GZC8hL%BW&^K zZHQw9%P2MxBf8d((l%nOb*niXp?k}lD5P%sF?lK+47}Q!LtA%GZ<5)B9q; zwPTmp{V2D~tN3c&%hvY~*iN`}`&cE>mi?rNfM4D`Gtddz6ZT=lV zu=g6aPFe7N(%K`viHNog?VeF?8vly6^dcsRKUJOrw3Mq$WjNyxewxD>y*Vx%ceZ6T zbq5cA@VkU^sMqSA?d*jf!5`V8Eji>TOlPlkTjS3Cx@TQuy>;@j277N4JIA1wIKY2X z>YwzpK$CrH`PhO+`G+|EeKGrxew(%-TWMSQ?`zWhcl$cgw>Z+7kdavLJat5wHj&9~ z-{4uVV#PR{6G%1gpl|U7_Q%qJXiHC`q>MWWmBvv(wM!Bh_5#&G^?Q4D$qK$&_fBp1NJkI**fN=>;%xN%o#>>iNP9gW<7CR!^^B!w9Wg|5RU2 z|9*i3lcwt8Z2y!F?hl>eaqmBOMzT;kJ4ESPp>)nX3hKOOtWY}E4YAp}6F!f&_I|QN z_$9xKJmPd09hoqIAn#i3Jh>{NjHABw4zfEpQv8Tv|S@*!}fu z*=gbS!6izXYCA6a7uGGC-6@v~?B?<{fN!(m*(;e1AK-^r&?$CT!^^B$^lNr9Unkwm zH}~8`-PnCOuwy>#I- zRhIxPPWiUfC5w+B$ClC21%+udO^(iq?oTwQVlA6l+ITOQZHoIBa&5e)BZa$em=^jjuZ3PwTTvh#VPzcBEG6kyRth&yF^C@9OFrIV&=3Tq{rBA`)+8kO4UIZNXi<^(@43 z)+hr-573QHbZ@u$HM(kLwE0|O1XttX%P6k8^tt;RUCq?Lh^WX5Jkv@UTOs}J|+ zU)1_qL5HT(c|_UkLLB%`rQiRx&aI^CoX%ZWD-edO9|vfMz(tied7uwZwI6DCg$CK5 zJ6Q9AX1G)j2bkH`4uEt?jso$!F{T=>vqc{*N237f9If{XO>c_vWmrLapp`&Bv8q(U z*EG941u)a3B>9VNwETmIKEd7gUAeJb>xN+3rr)pIZ@U{1{_e%E`yrX!5BS3>!!)(^ z@6@z@Y|gGU^J%?Kn{Kc?~=>j5F0p?hsI!0PbjZEAs)>W6d z+n@X0udh*6e{B3q=VDu7#$Cn=bJc3o^Oe;)@$QNDa*LEUSwmPOzRb` ze1#HECo#8i-P-=hy^LL%$C*e2wqGaP5<2dYWGXJdet2`Yy2P#FNzko2 z2^!5T+e1^WN2;!B!_?jC@Rr3_@6oXMhimaT_CQ_y+0J?VNp;>0zsquO-`n@Dq_?^H z-QW1}uN4190mh$1@nb3NUs)cS-(h$W5sDu~iGZ`NpuMAvBZTDhHerijzsOdR#sP`q z^Vm&R6`#Z33B7DNz&;~)Zyar&rK%)5-+PJQU%Gq#VB>lFB{uUK&^`^PVQK3?y77t< zvY&&3!HqBbQkMw2bzYj`6D4lIcf%S_qegd)QHP&6{>HGicDT~c+$k;1eSOaSF9eJ& z03!N2M7%mJU+9{WUHD`J^b#3l6Sp^yl(Td`&k`!JqG5=LsK2%R#P?|V)m0)$qnGm` z9OH39bc}}-bGlNm0~aCZCKbA0g_4mAQCqlk>3KeQZpFz`0OP-7Cz8t*FHHYELGS++ z1@S}eei{QArG6Iv#(g!az5Ry-zxHW;TxUOcSHz9{t7I%n#JIGkp(t`^(xRZ<>3z2e z*XC1sjxIgba7wtL&e#yYJJ!qGUA*C5gHSRx>RvVNWm>4A)4xuJ!XM{1jR2C2{9!UN z2S7dUN+QsIkHEq=^xqzxiP5y=2iAqFS)`!fu?&-~f0`G23I6d-)!+TC$!s0mHl!oU z6w{L_8c=gVu--%r?nUbsYJ6Re%(oD2fM$Kb6~lQ(_FSuy0WIhluaQO3su&C}+s(uc z$A=OI_$$@YcV#d7|+6xQ^$R>vUD2e~jL*$*B~qgKa0lb-H-zEsBf}OzB5tS6G}R7y>2&`x>8a1P_%^ z!+xb$uh0+d8cO#dtoui4+~9+$j~}zGxnCoe$K?))_`PI^K?*DQxCu*{5ivz@O+VnFtgyI+py9!r((KKrt6E`r*t4IV0p*N_|hBhgSp7=+|KLfs(M@-O8J+#9H>A(i<2T;JI_jpDtP{`(v zxb*p&Qdqod|-t7a@akgC#}JA6bh(YlOc?}rrdmO59Y zsvgrS9c{Tll|;2qq+exi7nSeRR#%R(Gj@n+?eV_uCDen0sZ8RaPt@7cK26pCWDzMq zb-K0l>;5R9ndfF>Tksc@myvy*iklYdabPhbIg_&P>}S4USN5n?6KZAI;*i%@H;n4g z&5lj^;mn;vrEy!pHn16Ia>ZxOqh72Ewa~?jFIQT8BVPkAA=nkUjK9|E<_ooeq5oMH z^7fA9aAHeZMv{BS;&<*V>qI~I?i(Q@3_*qiE{RA229@KfC*;4GMIsq_LHl71i2K2K z3S<8!N7p5a7~>;OEhfi4iufiGDR&x%<7Ub&Y!`Quor?#G<+Ujc;iGN4KEr^P6Dgn}YZ!SVO^~hQqyU^gc=3 zB=U%7R5DC!+-bkpfT)GoqBbF{kz)?Ttt-XAE8OX)7V3H-hDe)W_t~1#k2}|?;9@J- za5(n%`-E!b3inYh6B;)5insfVp0P$&?xa5}q6(x;F~K1I8l+D&Ci=CBi(%gW{#Vte z#({~s>Q$VL!F;t4w0}syKA9GAzZ-2HS^>M#J@mBiK!pIdse*xG*k8XCn~dt(kIR)u zJC59?AfWM`z{%&|OEk7c8rve!w8@=9E14~O5x6YLt^4x4x;qzV31)|or=P<-{lF5h zhFQ`^naF{Q$KfT6rs{WorL}iJbm0sRuA!~F$MU23GX-v<;p&f{25xAeEQWp`XdMWLl59Um(k|C$QmTL>gQk0QJq2jMP<% zl)A1?3An$#nIl^`PPFlbV-?uZ^w6ztHs&^57_X;Ne}DaWBH$b+HC2~c7x15!23GQm zJ3a%yK=%iTt)U4?Xc07tD~0Z;(2lAMRCDWF+~3M?=f;7mEb3UWs{!=*ecR)=GRyx} z0Zv!V2dp>4=@xDIIS_a>k{|4j1ee?Ae+66`+v_uLriUt<=U7E@C zch5E(d)s{l?9B{z7Rv$z3=MZjcw3OC4$fG}px+Hs`@1=_tl){V1C?R2@4xIvC@lM! z@nmq%&E(I!YJ=Fa3=B|G#%id)JJrK**YY$B!@^d|+#}u|V|W?{w_gT;5)Z(`D>DE< zAKS@KOY*O|B~H_)tNkl{{pETtxDTMZA77c?v%B|?2?@gB@7Vso`S*lj`SN#Db>lBI z+jz+ax^j!J^fRo;{Z?`Z!{8NmK6OgEx&QXQxAbeYu_OI)C9X1NUV;l6%VJBGk*lC_ z9|VPU7UHU`Dez)9bT4dR?-2|S;#?FRjJu?8VYs3>XJKH3o2r-oT#z4SQ#~wR8^7aC z>RZ&8Ken1@yt9bDH-Fpr4*$KOMX4t;>mBmdJ;T!TYbYwT9k`d*zfL%xz5(0Si0bgJ z%BJdJ9tzcgk21K<4xorGb3t+Egix@)gius6&;4zaBDYT(hR&?xyATrQH~tgC`_nn= zubK{czVCjaqwk`AG>A<3E&L>kZi5|X{^z7OEqa2#X15Vg(;83z_w=QRl$PzJMHki& z-nzV7<9DnQ&no1r&XvNkz5>Uk<)zBM*aSh(U$AO(=W-^HU8CIU{h?qHXmsH+1zHejysUlo@(Z_Fg3hid_40N;M_9O?YhGuqysw) z#rXFC&F2YvgkX-^A*JF!FqMyPvYJMw;qc>Q?W>eK(?jycpb!$DzErWK_je0gto-R| zNW$?Yon-Ns6d7D6XmdS$msjc~YvV7&uE_A0)28L|mnr|7zeHy~3}W)T$9sJWV|9_@#?VDO8!prvw<*qz~ZX_d*NA$uY^2-rwCcU(|Lus}1;Vhf+ z>-V1|qvY`z!=KGK$%%+D^VE`*jUF4iHSFb!hy3`1wUS^6SCFM`)Iy8|ee;6{QYd)> z_rjmH;Pmz`bR7R9-R8Vl;H&~F1Z%TTnHdVpunaZz!oyAJIJWSCQgI*74 zuhhV`QSb)smzJI3H8%KIYYGJ^Y4BH{QfU?7at$?c_WttF4X($xK?=ffB4Jwn)iK-J zkXs^H8E0&^OXYi2>@n4`D)u}5@cz?HYM>`V+LSV6^yHKZWU_5%QCo6K8Nm+-lDJfd z*!T~z+<5(nZBudn$?L~beUP`EysKjK6&hTSz=H$N>Vdfu{+gXkfvuLz<)eDUMx z`R#lix&;JRA5A9t6XM;Dn3bitob?BZg(-rFxa^##A>vLz#3lH&ViS*@0O4?gcdl1R z8=H8aEuL-RZT?H=Ff<-Jm->tf91$jQr_j zTDCLdE7Yh>GV0$+Dq+#7k%(!{`OE9It4}R?0||V@D)UuZ=q?j!vu&#p?n?08FG`3CM}0&F`fT_>3jkxQ_?$i9GaQikw)-^_XQ=eo8@D z{<>`W=q}4&n=X$(Bj~Pa9zD$3kP4QQx`lNeoULoc4LPu9U^ytiu9WIZoYgO$!oNh? zpFmDC_)8d04(OIU1llCe(6qD+s|^k%E~02b>nYu5Mb0=q)4kifPV?xw?T`#QD|ZRf zttQ-p9#z|AZu+u(Im?iD2zmZ2CbR=3@&0F!fGTWIy^0uJU=4~7=*1m0iLppVh8ze* znpJu~rinz+BwOOGahgsCNNs83z`Fd~DLaEwv{ z|DURV)+4%Me+CT~OxxFJLPTG*L=%#`L1%W?Q6ghQ+|UiOk3OZTy5&wyC#h;&Vyu@k zid^CO3X!dAM88CF7j@g+v8@EscgH?dgZrktSER2YkNWO;uEYJ8!T%M%^lGdyi(Q|!}M0*y**_<8vjm$J# zJ0Wl8mt^^(`{g`QyXjx9gDD;<5Uwk_{8o3`I3LQ=gRt_pBLG+-1Pir%pH-NidSu zfAan>2oIf)3$q^T#27dNdzK&py6kkobA(E_mwfjnBNtr=N3e6MZmgLa#u7J%h12ad z!GBh`T77m8Kg-;4ep!9;Z)tw9cB;?G2BZf6op`-E{F; zq`QcR=Jk0n4DFlU(HFol+=mB2%)MCpGPw9J{ilwiU> zBhr7~|5X1k$n-yiv&@YFM7I~mc0xygSF6wN;b)0E&UfI+zot8|Ry`)C*$=n@KKb4y znf`~#>Hbgl{m-Cp7U?eHp?Uphnf{+|{V(5D|0l?QI{lFl&n&J${=ZH9q$0IQ(nj7! z|LRi;a}V-3|G9|EBMaHq@;;N`&g=vZ1lOE@|1^W@T?ULl52AfAeRZgx)!Wl<#S5|< zS5yqutUDUWJ2&iHMLyL|ukJU}Kk*Z7UIXaHkEFA%icP{z;8D62p;dP1hBPOIe=;H0 zxIccK9{dPVCZiKh>(@E^=KZTvgplv7!e5I&Kl4t(z*po3>dVYr5b-riutC*|Y7)9*aNkaxe-<}Z!2P@D$snpogz zx4&zX#KywVzpXHZ6jj<(Ew_1gA&AvN5_O->4_~jA!EFtGI4FcRMq2R@(n9H7rSdIVvf&pdyo&cyd?zQ$~MuYf~l$z{TeRR zFcvjc|12dak25BVJRKPuV!i~o@8JljpJJ+)56U3ATP}Ep5W77oly%jx(4@PW3sp93 z^m){d^eO*oT<-KYm0W+Y1Cq`hqxCjJu`>Vx`hPlG*RDc-{O(jw@^%Um2PW099#8qX z*@yh`L~=mL#j}b>jF7A%t3}<5*BB$Y>>o-lP$ zPyH;kfp#w(kltd(*nuz*9{=^w$8$@9!Ih{E8t3U9G{^q&HsiO5lHM<;O9j zFT%bd_F37!o6YKO6g$qH@X~vZ#QNJ5Bpk z;VtbO(EOKxk1}_LG`tE0u}MWWLCs2L-G&;%&-kE`#t&pCf-u-~{Z519H7BqKe zN+0fiL))?HeHh!&r)n9Ox~0qOJiwbmCU4P~_e|)=XLB`8(FVJP`XGTT;yJ@D2Tm(Y zzP%@99Bp9w^4GA(j`P=GR00y1T3*(9MHu$yzUV$#ofk@X7pqQO6~aQkApWE&^l<6K zS6#AIUzm#5;WPXR^*Fv-SD#30s($a_76_&|m3o>k6|_D%m8_X82i%RRp1v*B-{Hl;TU%)J7j_m*>Z*z z;L&HU@^{TtdQy*)4M4yyCJ?6Q<7rT~)&% z@n4s((QnfKCQ4f%>y{1EdSf@Dt`{`!DM292HGQQDp}FFAvPvc9i_mpH!tN5E7$hbX zbz;9H-R)E5ZPq{oR{T8FGO~*2v+I`EUb@D!l4Rt)zno0_&l!D4_3URGN{Q%UgvLah~K3l2h4ZCvSQ)GyI_O z>hdk(Xj|N0YJ|aSIM3)_uKoq9m$AeE?+Tg0JZ1eFy0uRG^bw0MBg3en8%D8MzlQe! zjRu^M{=Y_>zbZKi|H>iY^{kzjEm3|9!-MD<&zjmIsM^%!La3tbIT zgiHeKSzw+jpU0O49!v)osQ?9)Qpc|n^gCbiT$=Uhf6S;e&fQmwzO};ec6<3UK4aC5 z-xpUnOm~)4jfxpUB_~d2YG5JtVla4pqWX!AlZ^iaRWCIhuF)H( zxip@|0Rt*`D%ev$#)EnegGPuoSkvTsP8$%;cY}Cho?_#3^_6IQkiT8+IQrr@_F2u; zP&P6#AwZzwE}PU~Qn_@s^J)v(%C1OFy%r9UvicA!Wt@{!X_r+N#EvWAYPjZg5X3DV zglv?aA&|jkeL>@I1bltxuPhVWxx7rQ^|17U#<((-bMAOQYx^SO^NUna!p!Tk9D-j6>mX}88~ zF4K@!cJ6I0Z90m6UQas$x{}>|ID+CY>}IjZ<6SlK$fJ6!da*(cCZ_*P1^2rnEZDI- ztxzHRU&hI_lz30o(0Stlaj&9q$Z$msGQMT6f(+i6C>^za5`KkVZ}7(=NF)*Nd4g9{ z0l=!I0w@XM$cWGFnUN94U6LasN`j456*P`Ef>I4{8TIX4Lp)oxvb~ zNbhj{z7FAvO?_AKk|Slbg!d3Sn5C#W`s|u+M84Q)IGVhZ(I98(Buc2;St=fQIZ=&| zEAi5u6YG_DN5>cqKA0$S(Y?|WT<0gYKAC)vVk7sIEUkAeN<=<*X;Oh(GzSP7+M=CA zeAyp^jsGRzpSYuZozZK0_vgpn?iIei30iD0Fjp+ zTS4Q^%G5vAITNbwW7A|oCDeZCZJyc#&21WxlYVkwRqp5Zy=2N^2P7896$SbcMy2tl zNSTVDo*W61imVjDMA+DdUkeWq5Sw zQ%0irYAD{^q5mAa0PR1zrVmG`Q7Cj?+)yqp5+*SpA;U>X(PwRZrqgtySrEiC-m9&c zt^di$c|A@-4jTC2i)V4a>I8^AJJc$SZ$X-XEgaLeHf~{SA+|`T(*=zO#1<*NpmA?r zlTm~ESG(F8RB*+AQ^Du=&lFv%JgobQRO5kgf|K3}wQe`>kzpP~F3w>dHua_Y7eu+h zrT!;$S(IcuofES83CqZvpUKG7f5XX9Nnt;9GWc@CqRfzuIpxwp&%e0}p!J)TOZaDg zl*IdouA;!%B3O?85nM*FNx@{>8iKLvN9d+`TWXunx1LB?q=0M2&IAI-X;RI2U$$ma znJ?JHPptYn6$F3yUkb+AyAg5yadJ&TLl0=YqO($e zxvGGT{;+Nr=@u0BwLeky@oQ^3_jCszgG>Z%L*^rDls8BWJZ@i2lVL;niLY<}{DAiN z2NXUVe>L{@n}hKYIrTfzuxx1Wii|MnXT-)gM+{mQT)H}_S}~z2NcNk#Wn?e*&Bc%R zS2d--;K$als`d$`L9+Xd5udKxGICH31-n5o3+>}Bho7@ zXex2H7l#u}ETiL!%p~*U^ATjj_|$8B0*z15*`q5m=1?YZo9;JMnYYh|lSTh_-vR%x ziP>xBlEl1DlzxqzA=gOxivxWW6RXxwLE{rdmUbi9`7lefZc%8FJt<{n-yX7K*>#GE zRqLmqQP$d}s|a>Q)+l~;lik9wv9KE{-pD=L{3oLPA>#CTVXB@H%bLemP}3SWB2{Jn?-T9h3wJ%y1_(H9WUR_R z_zftr34~a^vOZjSrt}UcM#o3H+DZHQVJ|f8prbpBH#^Wj4`su&d>yW~nEOY(6E6sc z4BPfLKk;FM^acOWPy8rU#ul$vFlVeG|Fk`9epfdE)OAZbPuIeVX4KM%@(boqCbbo~ zNeNE^tX#{OodZ*f-0hAp{cW2Y^wpU3YpNGm7OPHI$gL^vR~4bYKZb=a&5`qe<)3Yx zR}R#pokKY=pR!U8JgDEK|4o$6KgWD#%-)wwSkvCzmtO#`VPm?8j7` z2f$-%>MmVg8()i4oVw_5+v^G=*ODRC*;7fx>!#lLx_I%oi5yYU4=(*E zsQNfMqok+MGi)}g8o!RXb(Ir=i^|7B(1*TJL-K3xuM?HcJIe_Y)#s2MTDVw0vI~@U zF&XLlb4`K!d=JsF{GY^2kFoU9WBG|y&j%d^Xk8Oel+RNm@nKQoJ9#L!x`*t+GBoL9fK>?#cjS_26v_YXJmDG&}c`t4xs8uSq#o`667lZ_YSWMUiSeMmkZMAA! zKCP`*t%_RYVl4qBfLghz+*-x^tm_4|6#`1W&)3X*Hyf~*-yc6753=)~%bA%oXU?2C zbLI^DzY@)_ioVJm%kQV3c5{@yta&E6ROCuvqgeUL#;y z0A}g6BF;&s^N$#UNFJa+%g+$eKtW0GC8Ntr1EtR|_ciU5T z3_qiNe=blnEB?Sw%06#bU~YDXhJX_~7UxV&c?##!&+RiSc5b{^@__nihm|p(U99>8d z1GS)ujNskc3%itUizrq95T^zQ7>P)QezF2{r&ujk_mmwSyj8eLX5W)`X?(YAS9ZMs7J4$O^4`(t0@G-}2=$y3^&y#Zwh@X^Oe)8(`b@-?j$q;(pCF zCk#0?2*6~B76(Ox9z2$M@e|OuI`%s$F2m8|?;@%r{}=p)G%qP@2}RLQioXt5nP~pg znmBE_OZm}1yQm~{<3G%fwwG@W%=sB{(Kn*6B>q7_&&R#T5VWXF$0`PGww-qQ^Yl}` zb=t+u;|uZN;v8AVM;y5qc69hO4O0Fj@S{ig;|q!V%w&*X|h;ybgQd>g8kqOY@4aEL3sWy^8#6Q+|z276Ecf! z$(`mgAHp|N5U|g(!CmGE{l;^jU(W`_no+N0$4_g@&DQ@{x=>fLtob zC4$Udrt?ZuzWN-04>Z4T>v1QDMextM5!ec4)qS(Y(`!nN3rW_F8WZg@pOvZR5^648 zrSlIM?)?_TouURS#l?a-wh!V@`@(i(c5Eeh=}iXnA+{81XOYAI_VaD}<#(m*yVm*X z1wMUTVAKCHJXQW-Ki$8db06i+7w7S(k2^=YMi&SBQuhkg! zGILIGGB|r-q(4Gv2CdM zt-b=yy6BEAFdr%ZUTXvM=Gh#L%2AtxvXTpc*Xsj+1Z$Int-8Y0-YL(faSP?{R<*9* z|BZo_&FdCeyf)VF9|N>>4SGXACk^^QKhZZ(j9087IAmW{EcX=xRYO+6tQX`{Uuu0r zGFhMlT5TJO=(n@3E9H#-EW7B5;^J1(A|+*9_5@Mxa`{Id$5=Gg0NPAz08R1S;3gDP z-v*93OJf$P=te8Ea5?bQ5s>3j_@@5d;+3ztxgTQLUwWwB{hs58=To1d94vo5y)=^; zc&*pK2RMKKy;=*=2O)Zn zga30Vp4<3NiW0BowK%#NO-D>ngf^Ayf68&rz}BYj+|H3&BCFPP!nJrRp_S%b=nVj0 zUJIU%7oLtT1wdy5WYWX_XdwIXLM`!qO*v;Zlz6`zC3Nq_lrT|XU~Gw2pno50Q|FGR zg@-A%mrE@q)$%`B6Q$RD$z)~E2>+{5eJ~L+=zPef*Xz1KPo=LTo#eiL`Q>75{m1ZU zm}^JbVA_GS!RSdn(9k$v5!e-lr8wYib@L+bJ@`}R7ZoYX?l83K106*gGOT@&5xJ;x$o zL3Rp#31N&LI{W7BZhd$}w;sin%sP_QfB$~va?(xzkorH`0{Yj(J`?i$e=_}7Z}Ln* zyW_Zdi5}3nTLfMIuRwsK|5L=@CyT#N7XK+k$B2D3Sj!!z;1l}?AGIp{Ua?ChCV&*3X?oE`r?MSyvUwY17o)~?khL} zQ$YO*jNZzovM9R6U*EDcej_*~_O$@#kIv8n^e)CP__@sBTZ(V(S4O+A*X^krM?3=> z>v#8&2-Ji6jara}6zv?W@oY*Tn#OvAA`kjYTqfqC;|kmU<0)ZEZqk*H4+-l1gVftV z{bKo}1+U)=RlwVTODpkrocA4;hG*YbHdhCPW*{mZMsiC=hF3*sBCVE`i|>AS0(5RK zTl<6kseK&?hnGxyh7&{UOzcd|8v1w}_6a5=DQ)r)IYq;kz^WBWy~cf6^M2O-X6OCV zg#Ip7pZqGtb1T%JB`^~_bsQrAWNx>aF_E0~C(o2>(cW>{%Qx*psQxD* z{gbnqV?f9u?z%P3Leo7L2FKGcG^O#}9sPjRoo;+hvQ1Y_tLmwV`90zE^vKpTQ0Z%6 z`O7BD$I2mIET>o)n<&P5vKK|+!%`ql!2}PoK5{bbQ$|^4c}j>SSJ4*q&u2?JRePym zTYWPjv=we7PjwI98Dd+@9P(3t36 z_UF=XPqh8>%HIqu_!7ntskoHvS%KfIFtSKdPI6==c93R^C0-|FhW-miJdcnsgFF7i z>5%wOnfMQ6t3O~WsAipX7K`mKrn_bZ;W!(U-L;;i2zy4p)HJ!D+ElJ;kSOv9>Xs9^zGWdYIMKj2Eo=0j$H$SFfyze!OvCL@CfkE58TWB9xNbg^DQ4L0MDfD6A z2fBcxBc1ZD-kQxx8ZsZ^K2;>V_4FZkQ!Z_PiPzj#dk`3gjYKK9KYh>UXl#jT#zn(xA6&Sc<%JVP3Q+_ekoq^5}P{ zPj?minDwZoNxJV0zbj6@@S9U_`nZ;^?&Y`CwSS-RLwBZ_U9P9A29w^K2Dv3>~|F}q!3F&AN$D}ggt-zh8M5IO`flMMbqeVk!;~(hZ%_D z8W;dNzl{xF$z%0pRk68ZzuMmntcu+xwp#_U6$*Ec^WmXcZ%}R6vPzPVonsX`HL>%U z=3&VDB6uOnIF0`q7Ac=R4tcUJvj6crTEmHPJ?PT!bLr7^{kM{Ca@8udigp`6=su+2f(g+G7As$qUn z&Ywl}+4Qza8fq5Kz`IP_H}F%;umxzzv%>Tw~Iqg#|2keF6~2Q+JPffWo5l6;v&trkq`z_)1WL1bbBq^ z%BL1ufFnN6(eNSPVOdzWl*)Dxp?}FoJNJloeDB+j{>BRU$j$}krT2Vn!YT^re?nWm zufc07%I&{jP_13)zX{7enW3?~%)3pgwv(MEaRt4j9 zvNXm9eV3ouA<@6Jwja})7!V(MSY>oiruGYUT+LHPGQw#Cfj6xiP;J#cEqHp#j6g;q3Da~K$8fOkF- zruw~Vf22z|ExNmP|1qtf49MPJ8QmFqf5(vB%^iUSe_#+I9YsfdA&i0hXnUo-=vlex zt;%C}g(mIv%6Cqm3ErN>P*lRjo!vAE&&^|?bRRjwXX^A}#B4tFlonD#k?dSsKdeA8 zdZLePZy7k#zhk^(S9*bEAD-#WbNM>?2(NqTgrJ00nLYjKiHuuznm--FNIbL;-B~>M zigU;?SQ$2x!O^Je`U&s& z8b*9cCn_U*ibfr^*4c-(rj2w*9lNG_(z>u-`B+P?G4bKIgZ~~Fi1cz*?EC0HRB>gC zg)av7-{4RGfu>-gDsZO0)G?K#@DUHAw`+M$!-XBx@A+V0PxsjO zo%#(kTBHr*>?Qb49g$XdA4&`7^*UHPaYPDk^3fD;(ytr;KZ79ZVCG!QAfq2FLhpW+ z5CTbXjX}>v+U*-*f95XHrY*X6$SaKy5CYbk%&>KH0&EY5dXmN>tW*Vc z+B}FsOW$u?#7OFXV_`2q7j%=|DN~_KeitQc8%1UN@#%vs}J{NNF(|@(=-u{w{oF3l(G@o z1@Y>D#~&V-=8qJ_t2-6~+dlqqr&R|I`WZisxp(Mqx>hSW9Y>TI_2abn@2>q=s@!IE zjx}a^q?doxX#Ulw3x`u%QCbaT{+#hf=8&tw=*|ZwihZ8v==&>xLf_2F)cprMSA*Kv z6QW}D)4X)Ec*A+oru7<<%J_}h9c|%Qch(=h8*y@Fbk~sA8~2OOrwwjtQQRw`*b@r{ z70Y5oh!uFFM7;+J7L&QkC-fohUgV6dS~iF*JVJ1u#X!-QU|{f%d;}w}jLY+4M}55n z8z!$(x=66!Qe<>QseTxpyzG7_6J%t|E&LVxfd38ysCk0XGS_Xa0AuHg9cPpKk4&uD zaZX^>ey}9tb>0^kYz=bO4EsV8^hr(7)U$Tb<{E1eMm;NIb1Y_W6=r##VNLA`fyM0M z7pxO%<5RLB>nD{%g|BSUv$`)+eAssU-0-LC?0o5^uA@d5N3zB^egRhSxW=-$-ZjZS zKPRYgt7z-6FYNjv_}>95ncD)K*)V3BQJXV8iNEee`*IYvTk6m}t4>G9zarT!y2XFy zZjohqyNA3^;UT{LhNFrZ|KRzq_4I71-?KK(C2Cg>ThWp{PHQmZ+qc*@wR1?gAq7En ztms%(zH?edd}IM!ff0MQU3j9w^F&_yr_0JbVb%5hl2-eE$;e_oU-D;51YRtsSdxh4 zzHZdh{QU=j?21Vd1pETJq!p#X`8O92M|B_FnK>_pypDjh;giZCJMF7tjkJYs1)5$V z;17b651u2!+8_m`mCHjm`PUQf#uWOkt=TDAZBI#ttU&cl)>6Oev?H*XHs~eA==xE^ zR_qK17R~h+fmZtn+>c=V$ulb(_cT!3bOvuV*;*19C3J8Sb4_J@ctJ?plAV=-MT;~H z@J-H_H`ZMgj{c3TiEogzsXOK}jPr|jd^-ojt(OjKP2H>Fz5Bxu)}H6zv8jspJ&f;- z=S6#O>R8Py(^I!6Z?BTw;lcAutV!q`X#S6$+m+l(Vd6~c;=sh!ne)u?CoP;^*I&E# zI`LTB7%%>W$RhfRyk%_B73#r2fj>bO7sovrVh_yT5LmoRCx;;Q>D|gsdSp*_?U1V2 zJRziN$jXj&*(^1dkqw=9yXcuQS2x^p-Q~mK#81FI_F}Xqg*4Pm?%jnM+m-j}Et#FQ zE3ch@|80Mu^>;i2q>ZiC-y;38{@P!B)yP9Z(?aEmw0G09N=?P3%F?C| z$*In%S{7~Y#^(hDe&i0l*1-DLo7<^Kye=r;BPhdcVSE?P*n-0o-rK&eq2du}luJ)~ zv4g{`5$Kl-)3R>aH#6ur_fB%M4fvV;5#wMD_CZpqr@2+5=>UJ9!ju@k(~D216;Brz z&@d==EX|hw^57=dVupZ|+Sa$bd)@D{*}Yh|j`cd_Ewhh4`PI-9PxFTwR9E?wf*F{w zCr+RTfu>(ji#`88GTr|A<1^ad@ z(o_(h2V6y$T0vrp{abH-K3L*$ZiO_T?8cEFh6>ewcA8gerYa_$d+yK4qJEpph(P{T z$yn|K#lj|{l{ci#i*sCINln(Wd%urdEyjk|jwbu?v}r?&skRjQZ5eO+Stx!C)r~jZ zU3C}yKGmYnPC^lOoz16XXPD~2b=}sbF6k@HgoEn(<8iKQwsu?B-GHWRKmCfj?3vA6 z)s=1Ql4XS*s3B{X$}Ttg&3`xU@oDhk+TK&V4mi|$40n1>9jYaF$;{^bcNe;~pfYw^I_sMh?z8}iu_+dryp#Ch=9rIzgt!^RCs#eEcKejJ(k z(MumZK5`$j>#3@zyl0ACn%g${Tr!cf&k0-N|I;t)%KKZ`-Tw0_3@)f&f=U@S`?=eR zkPvW4bu6zMKfuWztZAd@w54PaaDI)eJgk`vEg%f~VbSaYF1zKj`Y z*6jxlz<;Z(f##p+t1b5qAI1^^l3d!y?v?^g-*LHXl^$r8GKsR+^OYTFmi;Tt?lQhw zpig3Su;AG`wUT)A`jC7U$(~i5**NZ=HUFtgHmbvGQD=_q&phkQNnG74f4%NTfP4ii zxwck!p=bREXUTF0=)??T?RZnEoeAX|aFEd{Qp9sF7{rom4;}xNV~O{ybi}(ZqBtF~ z$weHIj#%j;DocQ2555<rHHL`e$x+5tpVTX1a)T(-D(h#COsW z7ZcH97OlthsCTAtla@c_6$cs%YX9Zz+p(W2rnW3R)_)%8gD`0S4wM6XeU{q4CFIi7 zgD#fJ;?!F<>~9yJ`yE&;J5Bd~BiqlL2RxUx?%p%JP49!(n?HaN1s++GeAC@8@Q`*$ zyg87na0xQNEy+9V>Q?QbWEBH2swboIdo`3rK!RWR$EWS_qfv2+q$;-sT(qyg7kpz40XIG{~6;EdzHQ zE-$7JO%z0(!to<+c`W?>fo6D%$`oevZ|P35d+`g4kJ_2n3m>M15b|2m2_Cg8&@93v zcr>xr1pVgX0R$iN0jN@|-`rVb%XS2s<$_FQ$#tV&790EKD_nR0IW8e6%Qq~RJ32lK z6cD;HaLS6h9)Xzj8~W|%XW>0_KT8Q25%kHpMj76rQ~F)UFQ8z&9UY$wRFMy9p-YgB zl1ms!a#+c0>blLUH4no%*_K%&HFSnYZDg}&Cn1g#wMj3^%DVZTx^na5PtzNZTLz{D zpN5geS?H3OW%j;<-fzo2ItK0Q#)i2q+fK6ww-Pas2%TTMsL|=Q{TdhXgPp7+y;SJ? zF5;YY4$noLn2tEzMI4rn_@;{(oQBcQMQr>e1vJM+^n9BLcG_9y^DNu6W9}hB)Megw z5xvq88(hS{?)G!I`Muo5ZcoLUhh4<#bi^-R#G-V>d>3)aUI1BfW(E;0X2VO&@1f|* zGFK7D-_Nu2`}qdV?|SJE>)Uc?!`vVSj_mGAhaUDrApMfR0Nt*`?YdVP9rW-Eb6IuH zV5qV<{)y(^$v5{Gb^CN4L38*g_KCW9{!G5O{;=**e&)e2^Cv4J*6(V5lJ=3cB1v3R zZ2ztP+N!si@kNqz$9vJ<2)67~@g`g_)GTY;*Wn)~TzqtzP6Po1ajCa{TA&qeJigUd zD7FZT0)*}&pTF=D@thD7)WZyhqm{rMyg_8i_$ht~y?Vpjz1?fwhunf`8$i75Ei&e& zA$qu#)}UXNn2jbtt*J0WJ6p5%sIIM{DS-upm=&tNH2wZH^*^ggm#Y6keWdE&_BHiK z+7GL%^q#x!itDCKz2VBMz4FuQMmEmMyY`Bym(`tiW#g>gwO8m7MgRWn0AwsoW1Aje zJ~AppZ>`Tt+@o+O09s!ngnH^#4Ql_pCp77*<~{l$Du|epyeO8xWYB`FL-QBgzfbd* z{`@@mHv}MutNxiHwh#O8VA~77MwZB*Hm^P_n*UaRaxh`*SwR|Bd6BllP)C|SR$~_u z&!auz*u{C_*pCXru@geviP|FV3fm|g(uI*uCfX;~H<*`K?Cao`!M7y-(^54YWO{CF zI(x)MWU_rWRyUQ)k}*H~rI;okDtUR*8tl&Na3BC`YI_RA#3;@~{y)I9_bMg2-nSF~ z-TnEakK6Qd2!C44Bv?7{6Zai3;W8&*dVPJDc?NbMrfcaD^N;bkv^c2oz!I`!Dal!0 zAl#nBBg9T^Bg*&9zDCI5)ViZ!Nr6osyGJoaW(a3Y{)9N^$P5x>*|GHR4O!#GAX>Jg z!4|K4_4J8CK$(}l-kg$tEF z7J+-7olLuB#S2nXwp(WdtzJn-E9~TSyJtovkpCm$U2|XkD$ur<5Z*UVSe;(Fp6{12 z0;(W_LoAC1Q`zSCJ23;SWp*kf?D(^!>#l8-Z(9qdDa+jBNmWecF|VL`?ert?GUM@_ zy~F=~W3YJ`Wv?UBQdl8gM5A{|xx#38D74K?a;P{RnD2JvYs?Gh`r7RREaMfae3Na%j@qB{)>KEwUu)~qi9?l$ zs116HTFeupT|dAdw31|Z?n&<3OtiDwk3@FqUuoVj-2yiIa%TIm9;xWPz7SUg_TWN zp?Gk-S#pl+cd6zEBPgIuUijb5PJvV?zd))~M|RwGmfGd)(m_5)DEiG;KW|Fxu`=T-#XUwn=cGJGyG!St%dQh z>J)gb@8@{2;iV+a=2?JesxICytdym&5-Q(W`$AI>FMiH=^RiC@mhD?qfD~#= zJ_64AkdBF4ZZ)S9{94}Ai3{`8s{e|Ig0I1Y`ak`rU1@u@H5JWnVLpj-58F7G{pfs; zS%ln+^S^OHu4F?Ta7f7~+-ondtf~D#C&F(#b`n`J-n?x`9p;jJ*_{;=*k80~shw9Tdg|$P?-x`oW;mdCMmN|C^!5y)QQ5x6`ck>Vgc`D$@lY5H`$K zuN3nu#Ls}OFtFIwD7Ol(hSkz=suJg^Hkn(^ZY*0(j=x3|s-v%lTHj`74lTfAL!b%C z0WS|1mEtR4C&AEPQ?8z?v%d;0O}Tll9+n74O=$O9)lr+RI(}|8uAZYSu$%}59$(4I z$$+m3M6PGOg53L_9V&k@5E;+cmFGnJPPnovT6}h@Ve;>x&QwQVOf@@kv4$&tOcPphM^Ah?;2T0E{g{=Mw#@@+q@I4AH-@dcssmjaPLlOfdlE`7%lcJzT_anS1MYl%YQQ*Bc2 zpHObWO490LSR+cJrTL5{S;(O1IJH}D;7rtFn$eU}~W z6avGHa0_6qv?CPSX}DJU2TmThAph+8>C{n-LZ}+yKk`yQ?MvZ&lZJmxY-E9mb`4O% z<=bxQ+0--fdT$n#TL!Yf2{b=LxFvBvTS-*hmDVN3sA2D>_W#w*?*^K`U>Am58!o>p zZ~DB%6?|b0yTFn^M`N|$2}Pb$v(Q{r07h>te=3iKRs#wc-Eg@w{fcCf-{$tL#T(==f2`sjG z*60AzpZbl@ixY4z;(P(g7f2lEVGx0c{p96f_BKq z+--}!f>VVOpg=1UhdG|+b%kJwu*mz5w&+o!AWH~QuSTQs5ZOb~ZpqVt21ge(iRYv! zm&LDO(_ZB?hrOxxy%N$X;5L;PV-gA*NM$MoZqrVnvMD=K@mX)WivLBfDhBh2#6^BM zJ{~?#9dA;HUKdCHGTSXkMDACrW? z{R<|zEqZYOo)HZ7?>5XP)W5khpK$%d?K%Bx60k1)E2Dow`q#n!?ZEzB1w8s!X2;hD zd0HpPmnhQIles$|RB7%Sej^n{whmq!ou_#Hlc(=}kPPk(``T{4Df^GRB{WnnfikkH z=5|9Y&AMYu7LPqhjr5#i|60f&v+^j%?L_#i=jbnV=C7GhRExelS%aOlVv^_ThT$+f zLsh17UQ4~5AT4TCq+(VtAtFE2){xOi$X8v^YVr}?taidoIJyS?PEK_!#E{^QvT}9h za3GXh2#1H-D%DIJxmMQbH@O*%G2u4Q*%JW5R}J>lW`M=py5y2bMaLnkJ3!r*8&U}P z2zk$1wxZgvx0&xM-a%UC^wAto@f@E$IgY4P;E>~lFy&C&3!2S|IK|DJLBgMZDMaVV zsfFWyCwJf;&f<{jU3FD*eC9-lFdSkcJp9t))55XKdAARaxx%)|-FL!UV>r56E0e$c zq#7HFZV&50iDY&3Ey`c6^4D_0SiUO|UyKq?tKZn_^0q)^P>yH^U;Tg$wSJH@HlD-P z$MtoCyx8~>F7So}W0OFbI6`ewro7G~yK-rU*-V6E^#$QL`#<)8 zo$C_@Ash{7G4-$#+gN)^q+&*%8;2+wndnV&!d#!198nz~&1ajrX1kqCY*F@#{wMH> zc)_TSv!ORlNEv9u6M_mQYH$*|LdN^Q7IObk+vq$JktphGQYHhx*chx!#Tty|MP9NX1`!s@+HFQmCMZqBUNMc_uyPxn78@Xcluzghg87^F}qjTYDlr zN0pr#j-t<$q-I{?&_~*Y$&$IISeYwv$rk`l=Xh8-;4aa6O>H|h8_n?--@E?#6yf&B-c zp*XP2I6|FV)CtVh(XFt&Jd{)pDSjdd(o0Xhn z4bQ4Au8wg`&HExNoLs$gRAA9xv|M3X{6b~qU)lD2p;PMqcvREJf#$=+;+y^{JdZB& zVi%W;iG`2I3p_KU&;iqWtg2qZU<6{*GVPNeg>6Py_P{GW-(umNQM&n_eAnlww>i760a+f z{PR^yBsC^U0N&I|B**vbPnp!qA-$`n{oywE~{prf12=*6PlRGgb>me`{&nirS2G*>InWq06( zj~^Z#7hPAD0tdS02F!n@Ys)_dsDE7>t%Wfw@c?-FAIbY-B$NN&$oo6*A4J}+f!*!E ztrutf_UqY9yk{;i{D{BSeJJfO=!&BguP9 z4tdWEmA~Tbq9o3p7aPd}7-ZA8d3r$NB-=^yhoc`Rdv$(ZiGFz7v}#HZMSt@0v@=kf zTwDC@Q0sfrN|mtwR+qmQnEQA5589Ey9BFEkhuW24tEse85Pq=Le4AiZ)R!)WbgTi3e+W>MmO+SwwjU1=`gOq7y^a{8sv{aXW8JK%Fa2$TNO`WeU zF^*f!^>*^x;3V6wJ!S&GewS)&>JH=CsC5*e{mX6S7IPZE=9E;*CNqgnE|)IT97U+b zo~2kNs?;RxQ)FX^nyI9UyPc)x=YJC0lAaaqJ6jTEVZ4eYF_s{POHID$!-J0p-2ETD zzgQ;Sc&W|?&{*qj_|zMPHvwcSn)b6w&ErO_Ksn^%#>q#s9>wr$X-eIG(67}$|F7`J zehvHq{{#FV(0;Iy*6l~?OR{Reo!0Ibn8lbD_(zVL_QpD$R7oqVGumh+|JV4q%QB;T zyMAVzhB^K9DKw@N&8hbt19SIF$nWxgm3%f=M|Uzm=CnXsSk928CE1-#X{-RAc}!LO zEcBqVCr4<=c6V^z7IMdf+=<9yVGg8yBE@X8c<}s7i;q*6CR_Vxg}fHEeln(u@VWY; zwxHvktqJtrtGp$nD}&R1ddpEx5{oC2#}y#4UZX78+pMO713pX}X>UThb2(BkwpS5;E&T8mwAaVN z#hxtdk2CfeP4?XlN{(N|A#U#dw{Q`GZr8{peehq8QcCo7^Fp2|h#`v9muA&sG-AhT zm1X>Rc-Lp*XXI^`H>~I?o|cuN7gyywl4rzv$S0-FTLr| zwWQ7<<#~>ZYRvg3Yhk5IP9NETubq9Y^n}*eT_D>YK!4PX5qb&`^b4u0067%v9AsJGS z^>Ow&!qv}(TidaCzurKF0ClLZ15EUT=t)$z$T4ru&;oAktQHpn^arrS+;Nf{z#<)| zU9K}^%Io}%`|CRWmRSUrCSLqpdi$d3HrXMzNF)|$){-t79FM{t+fSxL@^VKSCFXPs z`C7<1@^8J73UXvsu6e{BQiO|(A~Q?bztnBl(R^g7*3zuHzqK&(t+VjraQW|H`+r5= z6uHz6_&QQ~yLlt~ACY$*JZMYuzP7VUUlz z-6TF`4{*Q=pae4QR?{x?=-zBTpEP{sOjB*9UeSwr>dQZTFdZ$>CgPms%R* zkHr|ngyW$?Dci>oMq`3H&+?D^?B{OtGk&Y0ZQ*zjGaxTdr&EFI*wKjF)zS5wE3%VB z%NS_dOBbtS;|jy&n`-;AsSlNJo8F@u)|1@8-@N3D_KMRF$rY)1>|bgaUfA=JR&{mz zn(VB~SY>In61V)7P)ubJzh#k%W}6Y_S6QZ~j%Jpb%Q4Of#b(mGt5az+3pl)0mv)$-{^aw{oLEEyRxkd$1u2VTI|3#Nh%e`c-c?`o7sJpIzq~b{>==~;&D(N(e zMJn#M*^fpkTPA`-oiY-DN+4<8^ zdvv6tD%Fg!!Q^227c_%uev+P_=u$$q1Aq*gLu|(m_uF?EDO%-%YC^IfIXv?LHPFQ% z_ruI~YkncoLzXl4sfOoL=dND&CwHpN>9g0+uw6_Cd+NWL6IdSfRXV4yku}*2I{p7# z=sYAG9f$rXPj7+DEDJ|Bnx9jnl$+P7X1i+ZJYCnOeWuFVJI!#w)40 z*(rVM{#lVZ_II>JGc?@@djYK|fvbn~G~Ss=w7Yf!|b+|v#DJ$ zyg(DuETC^Jgg(nZx6_C>8m9N)8Q+5BM*ij{Uvd(GTWqvYM`jkuq4oCU>CS3v6{ZHh z+_GcmL2?Ugkk&>kA~PWLB1nBfUA5(MCpb+!VP|OX&omyeuhSvX8iqPHt~7d4sgND1 z_;i=0eJ^^Eot3l8%qP}ZMYD2KDs6Uw9!R=~b&;95**q#U4o(E!tollA@i=!O^KK7kSAcUVOG^&LKoQ-r%?09FQ0PQ9Al+xLjU$2~2&$vh#TkWSNm8ekr!{30P^ejs}nlZPu z6uS8}RP&{a{TlvInP2C^7A}SwN7;&59exBI&SDx~ke58(i_hTT6_VO*E~08woMk5N z0(qvG01SuqVPoy!NJWkXzyfqh8B8g%5)k`oHSHUq64Bj}inl)TX9G(J6o0Xw#Vl*J z86?Prz4GrD)In8$PUU6I!k=#?t!ighnA^ykJcnF)bz>qGx2JRE@eEhI5}epvla;GT z=k3>}a&Q2|psz^fI7f9tDrw8P31!F{vcEKk@*ZG|l~yf=&4gboYl@2{9tHoIBF2Bf zFT$+FFLU+1kJWeKmljz37FhgpUS#q6#R@7Beot1z;+ri=MTOtS zRF(tqdx^`?1;5`*Wbey<+AwAPvtlOzwiH5NXx+QMOEO}s{S8= zpfmBikAtZHg5T-2U1c{eoBe#eyl3Y)U(rlX-X~hPKV?Q=kWBM)299CKztU#M>^{GH z12aK;5i_T=z?&bY3#ip@p);4!vX=kF|7&3GZdyPaOSFC!Is3_2?ow46&p(=jmUL5@ zhkRfKX(FA~Pt2@7cjYX02uS!>Q+B_O7E;~pEIYchY;l*eb5%B;|3PLkYV@lt=q&be zBHiQUY2fqZi)~vUOBJMvd2W9{;Wuf#F6k^JG!-Gyl&mt}xevDVuLGtzEL9aWHiE9S@dUCq>GI!@}fU;=OQ8KCT5RBv@P>ucL+zM7TKci z3pRTSGS{EhLlEp7jm8w|$Li|>UMyzemFNHXL=Dq#sWCl#T0hJ4$0=b>l!RDbW4j%$GaB3Na2?Uo*lx#b zvWuvln7q8P-44=4PX26cw?l>3dKIhoR)i9Sa4fYgcVjN8JNB+UYaRY)?z7nIVK;s3>MJwrllwbN z?0xrHYFhc^ewqJWViqa+TK}`i{FYDF@B4@_iv<+Io{Sx^s|p2x;|~K|eM>K)K870q zw|;$o`UF9}NI-7%fdrB3OBg~utf=OjZ`(n6)S&J}iVOjmk0Kw}o zc*B5~d`uKyAT?9}i=c>MDp3Exex2m$ID<3)Qlhj7e(}B0i~@A3$P#4~dYD7vvGLqh z$DK{COPMiC4@IxWCNG}*IC18h6%tV5xr-_9;1>cPA>xh#-NzYpr+yGtb9mA!PwLWg z3dC=n*3oe$UO{G@rn0x3?u$F@|9@u-SGmHY4k*m|)L-{^G}=L`eSwm{xjKcdIe6i` zvZZma<#rD@?zMcbym7DPbFZnE$=TGx=zoOXAljzuq z6m$5cnif;{GZyidgVksL{$Y$Lrpx{zvS;EnFYRyev-e_LGH&f3UD;}KaiGvW5b3QV z@%$%9!D(S*?2y3kHcTx}tEJfyit3#Jo*72%5YNA!Qn8VZf!}SO%Iey?5lvj+k>WX|FZM@%Z5~QU)paB#ac`w6b zZ{s}k!v2n>mN{NWHuorA_dA`pg2cW5PIOAo|LMnd#XYc(KQ#zi2TeZ@>zbv1(Fi_u z2SWLVf5ShHapRZ4KlBV@&~r-)tB6(i?0!4YutR9HFO=wPQS#aPz`Pd~sh7G|S|n>b z9e8{lkG$d&C-C@-w)h&URVKO#7nz-xRac>zS~zSwW{=OD=(OTRTJj22_4k!n>J53( zi}z&`tv7wq)@#zkiJ7v=at>COYDmqjbXl&39oJBC?+z^tc0naCT4~e%Tc;OyMIB%z zxb?~Ij~rm}&IoVJY3{sRY7sc18U)rqs~Jy&Xo<80aEL;yBocp}(Bc}#ZrN%OlqR)M z;!r-u{nnJ5JCO=XXYi`=_M4Bf^3&Fvk4$&=HhX-K64Ip4 z+5OIqebwIKuD#7++Pemyubzx-`A6f**Ub2bz;PKMp4;2yyN-OW|Mw|#dO(wp9MDfQ z>-K~CmpB1g(WfNWzuWO5K>xZ(I@`P<`=lS<7+7$rl4IYMZseQcc+Mf*1G}Zr$!7?5 zv@t6XKY~1o9jpUdpLrcUcg{cH43b+h|4%J{+y>?L|KI6XYW>oMod!N5j5=3)_U>UC z%{U8N!k%91r`@T)v7=GhBlUph)F%9Reb!ll#Up#B?k7iB8X_T=`1qoFOs}39S)aVj zi!b9Lv<`su1cVm%K%~FR^~aaeAcFK-=VT&}e*9#noi ztpa(sr^^ov$LHAo(fAp3t#PI6+S?gjE22z!TV>$x6<+H*-Ssqg>sy@W(4$ZJ(lJ6+ zbY&+R5;%gQlF=RE<~H94O5j@xI^BZy5&Zbg8imENWgd6JpFVa@|)I?+-U-I(}_%z8#Px}Fn%Z}$f<)i>pE zDDe0z$Y%|rP3+3Dyb4SGRVcC`41;?}+E?Ld1G`a>+pqdj+x8q(qYi^C#`ItIzob46 z<t+4<_|hA?b3D9xO5utA z6?%O0=|)WvI%}4dGsT%peIC8XE-&MYCBWH}ZC%ww7%%jOZ1S=(99wUeKO_DoBMue; zFL{y74jXI@?3(>G=12jsd01nHH&lFko7Nb75cn`B%3Mx`!m*xV%p$sv%`=hv-Kyic zg6XVg42Sr(E-e`7S0#aVGPro|H77D^@j=_q5r^jd_s_@%Rlqjmp2*HxsrlM2{tdBM`~4`be^39L_1YRdnLo~V190GqZEc+rC$*>7 zHZ5^l-=&PLLcpuqPYjlU11>&L+&hwH-o^Zrv8yw2s>m(O)Uf8)>L+JH;xc*O~SXX(w}&rCUz^N@{ojj}BW+BFd-#|^c~I9`~Jr5Jc^l{yorB{c7* zlE5=JP3&m9GJ4ZQFLo18Ff@16fj4VpwNs~$hi;M^Yx})McyqR7v}@JHh|}`$W+vmP zi0TVvvV`qYte!f)<3*=1#cL*e*&8HtG~jSJ^+cRKzbi7sUKM0@QXIm6pF4MSK47{2 znPvJ2Y&^GVD?6~m)FW%(zi+9HeP}(g))m%=ieTokBxru!hsjrqeLrE?T#kI~gA`YF ziu6u?y4sBoZ0lMW5t<@8?qo9BX&DukCm){3UIN56QkMAH8mvdHUkq?|RSKu9rWXSsn~IZtVnqGLO8uO+ee(B{YUwbC-TTFU!%| z*q4+l6h-jWVKHpZcm)0@T$^Ep$liAY19mJCZhR&zal;W*mQ%>mBDS4JFIfYFoDVkn zQ_0$iB(Cio8Y|&4K81m~A5r+g`Q!Z0xcMUovjPj^E-Wqrw&!Nkpnq(!ed7`*ItKGf zu6r{zdAjHT^8)IhASsh6U{|GR0SW`n6h^-YkjxajtH|D_EaG-Luh9M@y?$3@1tI0f zQ>Ho#db*`5hye>A8N|0yL}*tPy}!@o9AH|2d`z()=?UahtV#Yc6Gb||?}8tcYbnt` z13%d!$u9h*2~r0`#EQRcO5w+%hTEZPl~Bdi+XCAvyRnKrU0_=!-IX=gi&xygS*)nt z=KyQWf*iN3vdKbO!};sCz?hy11t|p@LeKmWj2?hP(ddx%wun$zh|~nuW;}08rBFAn zheI8WlGg_C#Bknqs6(1$20s1`(iT6Ii8RymZ(VS<;$skyx^|@Q^O51omWK9j)5gvx2LIp=qn3@2xcqfXc>OKmwV3a9cYX6R z$s&HQ?OQhMk(G+G;ET9Q9RGxy-%Vp$lJ#&7J9P2cXV-m&Z4 zTpEv{_2hmuH?J)NKdeGWsDH!`%o7qO!)K;Q@pr~e@Dyum)*IQv+kjW+)v5KpJ$uF{ zLg09zzecNMDZ_<*AR21;|MqN0u&h&i1_vVdYNT<8g2pLC1}`=+TarW$o-+;?6wk|E zV@|MqPQoQUbPp5vC9`?lA4QpG)?rMM`|D5U*$F+~=a0|8AL+#j>IF^lCR@%DDukfx z**WPQVP^x8?%B?@sdekrrw}v;(>!Ca&FfgT!H7Rqh!4%!<;9*{sFow#^ztIh))UUE zy&%1Atl^WXeT?Jk`5!Pm^h2$m*kZP3iD-F$*xbNFOo}XO5%o^A{BL_V`;Jk)U3rt& zda-kYmUoD8OuN#tucv(;v0KI&!vvvB$PP+Ap5WUX1~qFDr=RZS_{n;aL3B5WsF$rl z>`aWIEf{XF4|&$-GrL+6XqRb|TdvI~52O~8cL{;ur{*&7R!4WllXjiI5aV&&70I(f#PE+& zi}1SVzv@Ubfe}2b60dc&?tG<@F z%tLD#Dj*h#KK5ZxU>3jVV#b@^m~WU5_%z+t*#Uj?6q!eloj z^|*EsQvk_I)7u)S$EL&mo?A#h$)}nT&$$^fCa}2GNm3dd*m7z{yvDG0&WN_JT$eHW zX405Fy0Y%3gn6lBUq=FUJRO)3Z0ZqM%o7bA-KJgPai<1(?z>umLXCSg>{EFS+wusU zg-Bpywc3d-(lvWjSP4uB+hAseP2IqVf7i{9qq%bBg4qsc;#@lq_Bc`M{r~gl0sM;~ zFkd?fKwJ zd=rkvq+oJ~WA^YV96Kaz-<}8+geMKq9>0_er`*VoUy)Z`{`YA|hVijdR4pGXA9W9R zpOl9W{NiGn$E$(}w;*)+yhs{^Qe9VV8x?r=%Te)5i#tXg`*+=2J#uV(;J40;kKC5z z&VZN-qg#_)7s`J5yy(zvNxR0nNDJt^*wAgd09$AknY4oQmrx_jjrrLpQc?4=7NxW8 zwf7^FJ=||~`OAShbu5n6<*x-I*AfVoubBQT)x`efZ+Oz#844^qJ!KvrPjF7e+^Qf8>?^fBKB)&J04}P)(L; z@zaB*hf8|Aj3n4jmZ|fT3eAfzGdEUq5@+6W@PGI~3Vy+#x{SP)4BSqE!7DN2W@ZwC zmY_nrMNnT$5}$Xai1s0h;XUE*lM;=?I^L7`n9wR?;YQf6)(Y6n!t|A}HrlaX=Y$T#yK zBz_M#u^s76+Q`z=J>}jY6bs^1X1&e>C+cFNJ;7yC+37Xj97*5QOHaEY2qtw~a!fEB zJHM=Y$c9j)y`b)!E!Buqe(7-eAu|TSpTgy#yy<>yA;VEX37 zH%YCIUzKN1E__mmz7sCr9*AgihoXP?TJeq^SUmKo>gWgJU6qk{dH4}ePj6Lj{J8Rq z7qV+l92+k_QWt;2N2O{fAi02FZ+}qIs>2I=jKhv@$dx&(vU>C0)+Vp@Yy|LMj`|*rn{_CjKSCCFH}Xd9h#vB=TYE|8aEclnwH@h>q?WkosVrZ6l^y4; zH`RFM`|)@O6_+&iWG;<2oBrk2d~!-QhfcvT5RjZwdZgtO?tHdTK--*jM$>p+oM=-K1Vsk_wyTab-=l1<|pEwnxg()4Fx zn^Ds;iO?2H+`%l$z`P5}Kc7sP-4gJ7w*;VghD-AjvVK_t>~Exg3WD*C${|9Fp}rA* zbb;y|MZ)#P-gK9|0ZLWx>qAyjtLHAn8gGbIB7phD3rWUyHZ+8bwpGPbLeZ_^A*-~t zIWrvl#Y4w&|0X_=i#fkmFyv0Q!r7Y;1Ut?|>N-J8?0c^u_l5(l1H87m%BFuw&N<>E z&QJ=T_rIaj3Cz6Kn4`F-Eee{b`HA%7yw`Z~TXw*IBoXbDM6}Z!d7p509sli~CH0*1 zUBwLm*Y)xi`)fB1sr4>)zwLCxa(kMni-OBVwt7xzgOI@*HCc>t3MVJi3WB#TUkVJ} zAZossWXQ~B7v6m|i` z1LcrCI;S1NiC(+87I9IstUnmB8VJeVJ)d!uLh8eGn&~rK%W7)K&sMeE^;r3wr$gnt z%dNFGADRK@RLz`&CPKB~Ce8M8EZpTkm1ZY+agl&6RCY~i-S1X!!r3UJ{dg_@Ui3)k z@hA!dZ(M2Z>!KGISXnwW3DB?hNVUoZldx?*_? z$7=J>9>adjZ~7yD)UcqqKo~D>pq$w%`iS{d-uS$TUpj}+PrwZ4Tgq^cwcfcUSPd03 zM#bUSSZ>o_T*xK!P+@iUhH&}X8NI^g>!#;cm#>-nnx5Q(vYT9Iv6q3()Oc}+A9JWx z;z)EEV*Sdg2@)X2Cx&U2i|77osjm^R^UDlSViHgfl|P)R>vnBrA#FH&l5;z|kxbixggl@MtTu}P38 zAKbrl$vHz)Tagb}s-)vO+TXkMr7x1sMk~v#^V8L2(g(Qor%oe1N9hmy=?yM@AJ%tN zA4#X*YSWp3j=s0M^v9P_K40ap@zbZc^yM!7f^_*YK765*`tNh;gVX6J`sF9P^0Qp} zvmWpnCgzV{-njC!T>IyD_MZrIg$|Jp8gx6dWr2BzvEHS|->1Hr;%;t=oX_xg3p8z! zv>I8qkZQPDCY{{)o;G zyBeRwbhC=#8mMHw(RDB_W5`Q*4R}jB$y1bJqFHbuDU;TuNIzXCUfWKpfwk5aPfUC+ zqJ;P!qH3>kKlZ{MUZ83nPbl1WBG(Y)aaZOJ7Qfh+-$>-t*#cjaYM|ZJF3ls88SqXf zCgFr8DlMd6v870-^Z4v-WxUJHGkZg+Z?VRAa(Y5;S&}g!eeTuxyqFn>zx_TOQlAx= z`+@2_;TcPFxyzUh$10+~h#;2x3Rz4q%<&+|(%(Q3y_MK5>&sddNn-g>&!)TCWjAD~5EYPf+V#cQwykLA;JWP42Ju!=919%o#4}sHLgCo@fE)ZZ82H?5_r3JV$pc ze@#)_-ChFNOetGF!Q)dX)De{tY{ z+>MAM6fu*C7GC`&3=JR%w^&XGR}%r5doiE@z_Smg8W0tpd{kp!>$*JuVv<=onE!sV z3WJ{svX6`BCLSi;@`o{`gYTiy6&C;Zx&9TUP-;#j-TYpariT+2>kmM_Ys}9U(s*pa z;D5G$JAUIFr1e5R6Wkxa?P?#877}AlA&VITshBDU=z;kFLZ^{srrl@T89twgqZILD zMfmGrDKwf|2er>mt%H&kQ|sV(!dhRHm;K)qg_V~u+#k2Nh_csPiF-w$c^1^O1g3#_ zp8w#CQCP+Ld!z-$OB9Rn&1AmcU$myNwmn_EPzkX!r1{eTg=1&uNlMYUNw!p7T2JQN z@4IX}?!e&6q0$s$4H^mbBEnm?AJpRg2hOcRdHVkvS?Jk7(LV=!R5^^BBVihe1) zfcP6?W;feE16m|8FkKMX4+)`iDLzn?)}1 zvr6D=C3EG^@XH&Of6TRSd1n7fH^0!~37vEcRIqe)gVSpgWl0Q5v1A7sI5KoDQ8~Zk ze!hq-cf&&rXOZf-^&Vic|JlKZ=G7KO)`i@M9bUrxnk-PWz#(zlG*UHxjI|%3i97Xiy-RI6pHwj;jlZHuR};*6F12Fb?W{1(Gmkm(@kF+VJ5oT>pm?Va;*2647E#o5T%*Pd@LmIY0$4 zYz5={U-UE6FXrrkwhy)M|Dl1y`YLuPF3#imf6?lJm3m|)g752WUh%HMOE=L{xEA+n z<4;N@&$Za`g-QHg)EAmZo3&d3QsntO94Vx=W_SHKa~G4GpHfsf{m|{|f0z3WUZji( z5Jdlc8EO9V6Ik|E@2MwQ9}clQTkQDAKHmD><1m{?_X17FlARj@f#yOB6QxGopoS$+ zlR2waik!n+Zndu}@UYrlt?1vn4O^=>*0z#vcO&I?2UK@B!-?u;sl++dA`kL6QnB)B zx*ND%HLGhyUTnUdUU2TGze^lqSV2R5Nslhi_(8N}#Pc>A67)Zq++%UQA(@sh?eW*t z5h&eJfq%xHxaj|}b}sNyRoDJcfJjhqqJl;R4K}sGXF#lpNSkQT8JJ*Ds#NT4ZnYL$ zd!>*7$}2blG7h7$)mE#w)!X)#+LyMLBKo%kkcYI&qg5XNDr(g|j#boF161<={?bv#sWo{3RAJXhh)P^ie<>mi@gMTaZU zr?%5YzjqqBJU2Wfmk0fa;ZZ)AAiKwZ_|?Ba?l~&R%mb7520f3FYX{r1YRczhVC_Js8Tu zghSigT<@2>IgC`+n&~0$g8OK?4;yRR%1p(NC^r0LmI84*6Xfz$Y+XM6;y&FCcX%{i zTNwHebbey)DJq1F?C_hPgU%*zl>4G>ry`mf*eg2;Skpxj)$!oVYFPb9teL|7aAxK6 zei}6v8Dy(_?WfqZ(?u;$FNW6f{qf!bNBvlq?zjZA+05BMH~;+R$1~cO!c2%;0fCI9 zZWEp;aZ@AX)9j>Jm#GzM-{_X8YU<{7P8DQ-lXpK*TxGsV62?;EYLTN00Z(aemk0Ox3zU@$Wzj zU)#WIX&Ml{hTTM^CDxRzcBeuV(Q8&R+`YTMiU^9`5&ss@bM}WKVo$$6XO`2(RJGy# zW5o2Bw5e&uTq($ku4!=cosRt{cf2_y-DgBcXKy(^tLnhfgQ{nVb{jR2le9#;=t5Y9 z{Im8A!bEIs7zGcPW%Yk=KF6ZfH^7jVAsxNI3I*Y+W0AWgYpq;N;s5xQ`W zFt87(FOU^V;)DvU&~T--o!oReO|zhUQtEgSM5Eg}GR#(uJ!at!N-5|^PbfDNo25+7 zvf4RM9W7v^W}Hf$wM3)Uh0UX+-s*1I%Lwu`r~G8>n#~-d#!8-ety8BAs`p1O zeSdkO08DNrR^IMBj7V0CkQ-fft~mDKAPl<#8;p?ngfj z*FTT>?1O)gNG=h2UcX(EH&^@4n*7>5O3+C_NphpsM~|K3)8WA(4(T;>6hvZp0f{k4 z3x8L)d8q-`F9gi^i+jujeGa;x=@o9HWlNm4F-`Po5wrQ7V& zpG=UB%`Hfu9HcX};se9hyPuHH{qR8{pa%FoRD)%o@%_IoK<;$~QI6!^S z`jsOng|(X9q|WBPb_6_2;8?;1=^J`Zo7zg_>%Xf!>i??6Kd`)lN;fZB>WRx=LjpQLkh?Z{fF=xXK&&4ZpYCe0sr5qP_Z5LY$$$ z(BI4G?^X17;CEwPtHz{`u1)M!ck#~f8S62A2mRd{>)Kdf_PN%= z#-vVQXE}1)VLWShcuF1I?Tq#@TwJt7I@K8B(%vSWYE0^?KI9~p`tY5!f5w>fZ2H~R zdrah)Z`EJ(*I44o;&JK0r*W~$!M)+oXG!e}D#2d=$>B>=MBHqmQ@yyHX-oD@^(1xK z;8=R#H&HnIrH=OfSXECy0{FLZH4s}0@u6Hxv!!W7Jase?$TByQ z2E%vC;qe9AaKP|?U{tO5UPOa0!z2YQ<4FDC}+z>ezV`sBu+ig9+Cz$d$3Gx2^e_0!w-lC+Lv|a@jA<}nv0duU@ z)Iz%3AUp}HHy0GrPO1gW+ zLo}mU=wQtquX4-WG}-5q1e01RLlz$ft?<3p+Vamu41spYhTD zl+Md|5j2pgj|lRMrl0k=A1=xr0O&#UH=)mDb5M>ZJA=i{FNFP6r-WsZbN?q8moD@i^K#2>wpwBj^7wM}gNqeJHoXU$3A3 zT~#LDn9{wz(jdTMcAzA7Azz4wnH?BQtRisg~>3IAGFDsdPY|jWmMfm0*15^fX3#7^(Kx$V7$2f7z`7?6Xs7$n-+sdGRR-|E% zxnC1GvEBV(7S+PHcFt6wv6XHszYxcZ)1a0iK<;`i>@nd4B=9jwTy%mUl4%7XO4LrN zw6C(vGY4ycwtkuj?Le)ijUf1f6<23BU-6Yk}1b*c=FA*Z-}SjrpkIp zKWbQHMe~e1-Jlu%+|q_a!)NHqd=-3z)E%7vy8-wB=myXVe2fP!g92h!9NVB2qI@{* zIiQrD&`P_i(Xd86+-PN>_!-BI1_pNna8LShxK+H;sKUL@!GRH4HWOuF8hL{6~sJqj4FQSMS9~cdr)*$Nsqvnwi zOt_EJeN_Y=ah{U>XZ*)Pg&YHG+2y68OT=U3SVr za3$niPfg6VgXhDcnsATSdkirNRRY4O&~$`f2q>`v5lb|sYtrA#s7YEzPdGHoY^YIB z2%NdHi2$v8%I2L2ZnHc>`U~Kz5%g8obJy1-EsJ&8uXfJC4q*7O#;RA(R0Z8l zgv>c;5F=5MyZBWY*aH5rf1}4w>rr(V3ziaN7;XWlVh@;PnZI^p#!n!RpZh$1%0vmJ zq90bP7*3dfSXRpBA35^|;GFS=-<6Rsi`)Ly9DvYS4h271@rpXA@mSb3=UlnKgR<&% zxIrcNq2daM+8cdAJt_rhWw@$sY3l24dBxjL`EfJ&gI2&zAZJVi=;ZblYRUAU$$ZG` zn)~Uv{9d(xJpS-4YGeFC{|&%N|0>l76lAk0AFpAXe+)dJivMSou<8GV+RqLVA{(@p z{5zA~%cbPg<`+w8Hu53uXe9nrw0d>ZCxm`jyZqu!ikyPcR_KRV^-TiAFv3|RwV&Vy zi33OM8N~j9BlfZQ-&C)^)Tn<575xF4s5%MwSh0q0!5VoOr@lCPj>&so6z~2%$I$=U z1)VK)b?#yD^o51l=L7h+VJgL*O1hiP&WF z<szq3+kLu-Mo^}bI7wJ52Dj|6uo6RRnW!nL%j9pWA*y1CYTEsE-EX@)nXzg z{JYhU-z;G(db@Wd#%N`dsHRF((!Q4 z9l?OVpiPb6zO3py`^?1R?1KTQj};JbB|N5Mg&J^2(@SyQB3HbN*Nga*N5k&&i}U-J zsSA`04}WmJABH0B6!@VEnQRq#j=H`6SQ*B0S-_W^eDyJ1&WolSdItL`7Rjg2opT*- zHp>Q%;J74lTp$g7d~FIJe>?CB!nmZ{4+`@m?m?!P68RpKe2tR4>;X!5eehDp3-UX76VlvxUi_fA)pfymWN!K>0`ueZ zV<9u~MuWx&7Np`E9Ou>|#$)T^e1`!l)$@6ba(+jEbhG zGG=cQplQFLizH;HByz+0YlZod=Se=p`Wd%CYe{z<@7r`bT>7TOtOPKZWuIWzr9#)w?x*Yi;}<^5gfa!tex=YPXHw zr~mAgEX3?Y`cl2wj~^qmQAbqyh|WF|%gf6#0FX^K3X-qukdDT86TyeTrE(}L^)JKi( z?+NoSr4HlusgY&HEql%+m`E3*c}EnJNyom=CSER#7H(58nH?bFy=;lJMfL%Kc)!PQ z_13u;6ECc^E`7x5xh%%j1DjtRo4(*u;} zQLC%_53M&1imre$=-+(20cM`b`TaAS2L{x|b^#w}6nPko{gWJx)UACC!tvJL1NR_3 z{XQ?k>KR{-epdh=U5~WNERN-?cUOACrk1_^B8#4doGMD?BEqewO3?`e5jRk zKRK=cWS=poWzY4^Y$WdMGiRa_KWN!AZf0rAo=ckhTGYa9IUkx&w~do5-|L(E*_u4t zU-1bhHXmiYcKDVj)Qimh{80}z&AmSR5pV4Oc5QU$F~+SsIo+^ulHXG27g@M)X(MciMYmSw;%x44I7soBh>^<11lBXgaz}3(; z2?^2hNu600hu2-K@9$v$r@|j-3Z^R+!=$DBr2Dh;iWLb3Qk9CIZ13Q74>T9BknW42falh!% z6xa|>QBT+?eU>~J0u$&cbdXF00c3RpPr8oyLqCqDFC<(ET;7;vKce%h#xmpI?7uBJ z!iuf6h1>ebEq?_f5l@4(uqnbwB_zHj`&HEeu1qE09v!CL?mjx2L_~^?J)eyZ-3*qG zv;c4$-6srg?F4&06!ffBeN;-*QUIx08k<+>D%mAMLPnGCsB;Z5Pk;0)UcG+$=M>bi zhORUn9j)FmcYs`|7u`tDSw9TtWqSGAKF1c!ECD4t$-~5)1lw+e39gqipIqezT`Ru5 z$^8K@F8wa#otEXlqc5DDDspcV_Q{>`9DiQp$;!Ts|1|0C>UgoM_3#! z0DHCzj~D2P(Ps=^B=3K%SpJI_fyqKss$)yOPwQ#;g-Brz?l(E21)mX;jOG0EDRf<&)34J+%rfK?`9oxPGKeAE@{8ip1!p zw+bORet6>~A4@YW5SWgK8N!1E*Zu`IF|Jbzi^BV@SAl2!r-^JJ8l9vjEQLPEVg>!3 ztR(NhE0mz(28A9_Ay!Z*jF%dKlQ?#RThSh&RfSt_I=#2w{8yFQDPS`^#%A~gHpBbh z!4CX@F{ysFi9Om4hbj4{Eur?uJ= zDVPMdZDCjSNiGUpIrqd6u0T`weFBel*{Gb6*zzes&2*Th%?}N9L1I~ z{ANzr{SaJtJ_sUfD_P~t6P_~y3f*3Y*Ucu4RSvT@f0mP3_nR|?R;r1fQ)rU;VtyS4 zb7$a9zQnSri|ffQO4_7iq<8A~8YW}~>k5C4g1=1xB&l4GH)@ol0koB%H@RWM^uPHxy$ns7UMP~+FOOu_)P zG*-AWF}l=BeMakQ^%Ijyuchn>Jrqq}&?}mL#JX}Q`_4x3SU5*!wJZtgqM-n#Ypv4W zr``=8t$7ekw^}e>uSn?j3bLR z725NSrW?3BtZ}h=iz`4wX@(J??RD_?$@DhE?w|3k?9oya0*1I?jrip1Kz%%PV)P4(1OTUxuRy#Lwm&_q3SY9uyegIkRS>TuJ&6qC zQ3i_ke4D`=c!7}PS+p>36Q6EU@d4eu$y#Ah8%neD=%c&o^F+pO`sdg?JqJGwon!Fv zl;Y=s`p7NcQ!8DVGaJfc>C42mD{@?WQoQh~#OU66trn}*-n1&wfJs4cn};6@awerAGT23GGSzpvhvSr@xt+HNCn~Or`ON?%tJWZ3wAR@WCYTb5K2Z zF;F{GL1mLFD;XyJ2fiY$(^OA{py`Dq+-Ef+f!)1q?pogh<{g*VSnpc-Y=GTQ!4gK02GOK=fLhr3Vlo-R@8^RJ89t{=I_}5lXs!vDZ zM;(dLZ3#^)e33l3^~rd_(pX~UL#$Ql`6GdR&oPO*M&HdW_sJCf=eNXzh{Ep6x}R5R znwg*s8a8MRbcRu*j5qp3$yjvrDSGvT_Q#*9hgPuL9(lm%LLT_Pp5rO7II}Gv3Y z$haBxk&xWyCJOI!$|ofkt9WAcuNMSxd|wq1S~h*V9t?tK+*$!e(3aHqomKe#UHYLy zrpDqju;Kc2S6HHQ^nf%?rNYgL(VxrJUK-T?9X(j>&$%f8(Xq_2#(~qp6Y4v^>#C%LPr@#OS}b2zqo_U5i+47%V|76tf7Mj?MA{ z80Hpb!T)>!;`z!BT)2}XpW>#+^nkIvxE~>r+FM5dT$#92Nm8=trlS@WxFw&_;>?r7 z6h1^37i#s;$a-dqU(dYlim#-w`>#sfUy!-?BbU#{|JpqN>*PcZ{Lk~dpZTM0@W0(c zZK@?dsN%sJAmJnZZK<=wi1>@cZeE0qJR!%6oZLu2q3|A`F&G}!=nINSY}(N-sH z1+90#C%2fE@7x`}a}T#D7vxa#zLI6-KG$f9k06l`KK-JA1X#Y)xf zXDJlA@!qi%baeCMdmge^FA?05+2-T)(^qg~Ih(57>{j`o1?Tggz6IB^Vf;V%1sE$-EZZXYo0&&frjZ*3ace6(BLor%rp#WxEIkT<%fEuZ* zpM_PeN530o18>&a+^F0y&=9G!WJ^FiE>e&|_$Q2a(pdqmC z<;%VWK4%Ydc$JT?7D_<>_Epcl4*Ie4)3<(61#BcF_oli>XIZu9eTp19H0YLEm8{pm zkJ|@FrqLUUNrkcC{~4rW9Y+6lJAHbM4!jmC{i{KG82`YhpPDN_Hb}=iTjlR1-F^FJ z{ygmA82JV@u{5T8R{y`zzU1O&*N$J9_fl9S4>9ytk+8;2XkxNdk7*UqTX45%8L?t}Q==myGQ`k}L|N_^`UA7RY8`XkhFGnc&WzRRQ6 zE!^#TOcxbj0GSM?L5MomQ(^%0ol~0N+RGDw=@&YNRNFXfU>4U!tMpZK)hr-k%& zc#t;9)5ku~kmuErZuil>KF?Q+d$ZAxPd{x7>4SjDJr$%w-AX^vgVmI4`@tYRpx=GI z{ik)y*Z`Hk)zS}`n$3K4o1i+EZMMFgd@(o}qWmXZ9h%?WjTMX^Juc3?LJSGBL86sb zYJpl2P4h=fmUf%T>A~nk4>490SRU0+Vt?VhA|16rUD+m`qyn9!ay1u%m*S9toSi!& zmfRCh5r2qVU{mu;tbeiUr)Cz#syEI&GM>JUAdAgR(8mIiqaegVv8OFs=#<3*PW^{%2m0qd#fFn*#4j`tYO^ zEeuyR!mAw9K-WDZ?z+ zKvo_`CZm=7T$_vnTrfTh)@ayFT>75({O+wnHj+V3vn&X|_m1nf|9>)^KCkAKZoj?@ z{7+$6H$c72BsSOxW1Xn#Y8ueaeigds<-cKVcN&T;{hCC^^_oI#&#fu7Q!w3cL|O7~ z^jn$+6Gm?;y7d%oP`oCmx|b9{uX^|N9eB|bvI4fd)m3v2Kd(5WQ|uO&hoDXd=Xvye z;G^K5aXnlh5B5}PVqaGi=gkLv?-76=WI?H~f*1mODy@NE%%YX#psxLg=~ z8-S1f6Bz@$3mbH=eIkI4^~>y!hEFKux^iLgC;<~m)r@2q4Mm~-5WD|XfH4g)b~e2% zFrJSVzRQ`~>CdKW%X{vZ9J2ps_3Xb0yi5dMp(Ewnke<&5?yG*hluiPS3i)CBVJQzYc4hkp{-a7C){e4jT$y|9 zhHZ+b9u;3k_ItkERXA@DZdh9=816)SILXauoPLMuR#>u**I9pZ_N(KiUeVrmw=VZ? zNH6Gkvlu-#vA<+`b7a}X5q%2xW_xqD6}qu8pVXr*)KG_mp!A9{+QgzS4XaZ8GUPY+S!rgMc$Q$;}?lPd&2H)F`81V(%bjYLhcV6UCQ9=`LJTLWW zHgLLFAgWQ;hx;PwbD$AUT-2u;O6pUk^$LW6KsFWdx7(>HQhA(rlQj`>FS zM8W~%ap0@?`%2H>e~eBGe_yFqlRxtcMmqRKv0HE7z2eNE;34~7(`ig@Hi6#iop`N~ z{gKRxRAI+6t;JUC!x?aqNR$-dIb})ao6PTQ*B_VET8Y*R}az z8gY1k3-3~P{NO+C*Aup|AyJef!EnE2Vmpb9+jw>r0r#!Jgf$Y>G5^F^14gZVTb4z$ z6srjL)!g1~Xm#e^qU`)JoSQy8HDK8dT<^P~>9`N+lj(nQ{%1l=ac|#X@_MfVXL#*U z`pr)1Bc^2yN9ejUZsgA;U$>mgnnUqD<8nR#j9fr*7lumAU?mqnI%Pyi6If+}UL$GL zYqdX0?N_59vj?>@6hWGcQS}szFCeR6QY80?$HW0DgK`XjnI$a=wW z7LXd(f@#4aw8Ssb5GQXw7-D9oS@h)lID0)%f#Jwg7 zTlecFK&yMpmf4|=LI$1L41jopzxOYvWW6(;=Q-XPterq@7CKU^PL_w_?{ z?!B+7k&rmXk>~P;Xli<+;A^2NP8In}*K;dikb(Ztq-o)i;NIa-oe23~n>C^uo1KN5 zGx93;|&ntU$vYsq5p<|QyFMRPIVdQ3faTvS!*+D;7A3lqtZ zOR3OOX2u|V#>tW?q7oAYrvEheTm`B2Dvg+(&)_tp9ZkpaC^fDm$~nL2HTckX%&5k> zsJG(VXk1HBcHE^q0gd)}F|edYSo3CSlsNQjCU$`cB5=0#&yY7y#Z}uUIf?7!kU)-XE(nY*snLvi_9nwzMj?m2JWrXbh}Kx zc;4aOt&tpF&#skQ$|DRdM6s*t3ElPG&;{qqzVXrc196uJh{Kw`>JW%KcE`sQEcHhQbM00{g1xlDup1HGktpiU;&q>2{B?H1!*RumXlr)?0DDpPDf<)#o-j zc728+uOSWlNXLvXL<={mSc&_}_Kyi}x~T3K!71SG(P!SAb?{d=;9}1}dtlX`55dNe$cWKt`q-1`dCZ+out} zH2l_kU0ozqNjNs7#xiY8j3PmYzh@JNlAGKHa)Dw_=ON#5{%ATzs5(;nxR$^A@|yXj zbTanypzA(Hig(GP`U^Bt4em?qv``Iig4x`)(nW&~Ri>L1ZCX}*wHZ@K=3;PDWs6+5-1dBwkgy|NA>mtV?)-xr%KjwRfYr}7 zf6uc;#@Y?NB{<^N+J?19@e=MzQI9KW>!1Tb#>m`;V-MKdgs+_VLI@2$#m7V7YF02mnVRAJ@%TF`r&Q(U%>fvMhuIu+XZ|xt-Peve zB>L>$nh>bGUmz>Zv+4j@nOxEr;e3LIUDD3waiuJlnvV%wK8D*6`t^5Y#Y=ss53s;A zS{!DeI1grRa&zLP!uNO7ZqC#Vf2xrCF;+)zSxz!>{B{2>ei43I78|;LEFq(;#oI{7 zlfMr)9Ix2bcX~e>+#qx8MV`AWFYK$3ki($s&4K?;bm%4) zH2N1o1(t>}$@O+Tam4P z77uV7ofe&=n-1M&lw{RBs(VeOJ4pO?CHowBI85jIzPEL7V<@}KN<2EeswBBC!`Y&O zU{UJ*Pzd>7tPfEhaNM}1Q8rSH@@hYMoG!iKiTKCnZ*pasmhW045p*d!s2&$w?8&kB zx5tJOvf-0wL~K8vIys*D3Slk&LeME? z&5q+*mmgl5y5Z$*vBU?3#Cu$sJy);0E=|pOxwF3TgLw7p%|pkfCcf@EaXH%GNqAU76#g)T)5ZJ&ODC)M=1pLp*=Ti;J^5$_36 zA{UlfUlbAm!E!()!7W1=Y0DzZE@#B9V#Ky7sx1`3zJxWWety z6u6R6wp7dbPp@yBfPaSD$N9i^aWv1&UG~U){?ncrl`|#hah>i*(f1}V->>S;U@ds# zA&nXIy;Q%@w|;^4xWr2*%Y`qo_xQ--H$=tAeDM_gPtL2lte~r$n}oSGqNXyQ8u0ud zW(NL6icfOeIX8h{4PuJjs zL?kzbgL%c@E-Y|&%=05@K$$brFTS9WWCyS>ZZzLKTLY=WCdM&8N-dQ)k_J=@|K!zA zF`)gQil$>WppB8E3N@fpBS+PiM7wG#)tT?F)F>HpxQhbliDxpq2A`E}Ho+!WI%4oZ zQ3vF~%(Py}V#cr3Z|d?IO$zo|GB7pXL)87?_cIF&X|IqCL_J>K5!UH*|6MS7$=m}mdF|DCn2etFQJ4%hydKE(HVMP0XCwav zrC1p7_2Xc%CK|KP#uNk0O6!WprRiUo*5=kmQ?m)wa8Zp+wK2~)(*tKPsLzSRJ%_oN z>9yIFFclD`|K)dM@`up)#=&E@8z%|37X~0l$!{(s_MP_aBq~bl12Pey2tJ)TG4Lzwetj#{EzP}w}#j|Q`VKLt)~b29VQgWiZVPUuZmN{?^Mx3 zF)_|I{W58*@OK-kx~Hf<^L>eFJ3Br{psITA4;$CJcIpk|?pIUhItaUQ)hP?{rOAm7Q?8e#3ijnC37UZIkj; z0wzjX8V*JfmPOO}zbY#qiC=km?k0uXuFN|I2K6fs7Y(V|rV}}c!0+_)pq@TcWQMb0 zPS%#_X2+nyyssi_Baj7aL^rF=ztYvg4Ye)8-d=$_PA}=A_Wh&z8S>(j$eJIHMAmSk zSOjJ1o`Btw;(%;3UoydB`ZWXaMvcgTg^~WqpkcPG*{mI=moYUtHZzXV+@}4+ei&zi z38&17H8tpyIr(*Z*noI)NqhEt-LmRXPu4!C^4=&@`_QZY2%TEmpzaUa`2{*vy@^Al ziYMZJ&)xD`1eMZm8SQev?0`wnGfB^xyYHY$YWuT&gAN-!Hczv+c0;1}Ba6TvB;5lC ziCM+cFCw=UTG}j*jw}&N=cWKW)fR3r5{Hu8A0@qDakNGk*jD&ke%QPgskC=3*hZTF zmb~9eFe$jAI(^TqQ$#jbLqq0*rhB|7&v`*ORa=|)@nnU{{<3z|nOT*BKk9x)E$k-n zq0FyeXW!~Gm$;+Wh)rq1m%2mkqMano;Z~<7j;?Ka;$c4GgdSUWafxp95gLQxOBbzc z!BTrF>F#h85{T)MEBP=~ANEw+he(7EC+dUagC{517Y_>wia@HlWm^ux9>2D~(DVE` zV=ReX-k2KHc$s!3nj`M5Klt#e-D*F!NA1OVwYO*XN*hcU{cwBG(<8cjx^%)JdYail0rw=KD!Y51 z`3>KswS+dr{AWV_CwD&qXDOoh@HJf9eS3FF9uF`n%IJnM|7%r(Xu#hp+fNS$9KHbnNP{lSNU zR^$klKu>q7S^P2Ha}8FqT}%e$rB&bMa~Zist{3rSi|PUzEoio9ualIk(oC(1rrNEG z-0?#W&Y$X3Tym4=?~j%0lgvttepSdgQu%zv_!P>3i{R8K= zezROK;7WzbeQ}$342(-xh{WJI_TFv>t09{<@tm#=6hFM(au<_Z8URG>cd1aW;r}PX zF7X8Au(WGGRlE=R#V?-%`J|8OqRzY6pTsww`2OceGuh_8M1q$ho?X4u<$*`JgL`FO zHu4Dg({)0A5B?`knKbPfgFj$fK7A zYa<=jSaOQ!GZ=jvF%Hi}7CjE+-J^f3l{jGZFSC+1`kZcx+_FGLl6M;o)7mK-M1*+$ zP-6^4ef_*fm{B9x(*M>l*T)tY? z7<4J0pOTf?-s}#i8ft2jTVf`9GK^+CJ>(CET~=@rvZr1Qzt)QrJ;x9yn`$2y3)np- z^6)hXlvPH5csDGRAAfso>YHMhb?L8mjY&SJM@yG(bZ018nr;oHO19mfnATpk{|97t?XHV-JSd@u1$;}k#6%wteTT0!kr+#k!$^2J zxP|A(lCw**rLpw5(pd5Xw7%NpbMfTs?&6bVv)&s^PA^N0uJBpwlNVKF`^D0;E8Jp| zW#lStn^=BKeR5nSR*6r=l9Q`q)su_O!Qlz{X+$o4I+i*ov8Qijp;Yho47wr5!Y3E| z6~Ti0`6#-tfSIM+{EC28C3BGTn{&KcU!g&dy5IcGUkHmFaLIZ5x|WO5g`sF5<{zHm zb*Sbd7sJQ_EBP1J0T|WX*5BeVgYN@jYN&c`P3wEjTJ#Qd8Qj#V zeITxY$_-5_T1RPZ%Jh-+yslcWxcT|Dzp!~oNc&9#Lb?Gd*?#D>ExRhjcrdxeiPHYHJwmLOvl2swM$NV|Tc>HtVIL)5rZ;}8 za6!Mmxr>4ADW8nnYe|TdVI)kGmdx_(Ka^RlFIz`bw&l@ZF`k?}LMD<4SLqQs|Hj=B zIqO0wT2ZE^)g<=!<}7@2^>V3eAsqvB(MLttVB8R(E zVgB~jq`k2eME-4>G?~R@PR}DYVhaxi#GQ^TUc`eG_T9gexq;?xHj(=d7rsg4iJ7bAX z7JfgabMf?mUv^E9^d+?U%4BD)*`8pw50B3g-}=lR5F8{M)#WD#g3!uk|I ziFtd;?*rlSi@)WB$GEzj@W_rlWP`?E%wcmpuxI{E%dVa}(c&)V=K!pVpa^MTs1+4w zj#q~nTWD1io$-d$nCR~MzX#NE00+oy@+#>e=;zs9qMtP_vSH1V4QrOob9G^;UEo^B1=(NwEMdDjP?-RW9*H3*o>x_Tg6wUKuol>IKvvNnFd{`c$6{^>#T* zE1l4KVtr)c`D&gHphek!U=v!G78YYzyN^jeA6aw*G_m2q$7j~6Dhozz} zxxUr{KuT{y;bJ8|hHFBopc5Z3_Rq9qp6m#?30BZ20&X%5j^0?e$C&+lR z4DHy_HC=s|VJ_`rE^0$^WhpMMMIf#DUz3=2mqUypNNoa71 zU`lPifdgu_1$Wpv<5~Hgi?rSa=3=Ras+i81SV!G-yQN%UX}?huvUxo6d^>R@vopcUkvkawH$W|D?k}R70)OCiJUg>IyEAa!iKlD8%;V;1 zQoBOn$@@OZ1{z!YotZt5nQP_PQg`Rn*`9dIY$ccMgOmSR#s|rW4vqtsqM0(}@48FW zWH-sBi=JN;uFm=sx(fY6i-iuByzSjH#7$r%x+P<#m(2#xKW+2-pYTuIbDEfE+7x0E z2D4N6CZrb;hc7k(7ftntpW0O9_NY48_+#0B#@~MIuEa)aoHWZ$V93I{ArC6l+)lrp z-v&CLU2xQ!C2^!eV!vL#cLMe_!YbWNfPj6GCHGhw*LnSpD!RojqPFQyi(JEeBry>E zUKX1iw*2PfBNehkl0liQn+GcaL-BXFukBCxxk`*~ChBi(q9%T4mICarFHl1Ur;#8j%P3ufzaSS0U!EVqUHn zeeZiqp8_p{`z}0G)jJh$8+)o+)Z{Pg7L(OdEfE`GV?^EyK6u>5Rq3 z|ESxlW(pShH5A0s?ymWU7Ep#3Sg$seOy(q?)@&&2de(2ERJs#yRK6SF_cE;?z%*nZ zVc)QOlx!+x*ns~$;j))_@7Lb=~iP1@X9)hlxt`!GYs;t9 z{vWZaT2!CpE)%es55RCejG!JyU|mvk1oWXx_l)Z9QnC7T{DJ*xqx*qM3~qW*B(NRs zDuB(t8Ze3$|6!dsV65L6PEc@;eRa0C9cErXcZA=cjwF5n=pM4J^99-AW7qW&Yb?nA zi7fF3X?_<0 zKpLF^fyL8j{_-8^_t(CHkz!3$cbAhIld5u3<9|?h#_VbV;3i=50go*FIsDc4DATDfobo^GLgq2+ zzfGBcI$I9xe}-fDP|-^FWoVXP_{(ITyi{Z%am-`?m_zQeqE}HO{ zl6DZe`&_Qeo%~htuK|C1XCY+={hc4A)ngLq{F{$`MWIQmH_bhtrD})HB)$bFenK?k z`3pf)i=x#p%t4EJffTc?NL}RPzBy3OzU&iHbBf`Y>7sdRvEL2eG*v7j^Pa5kTtLq> z(BdKF7yIk%5eR<7(+$#i^haB@su(3o%(;5s{FB}7Ox$4P<>9NVo|LAeDCCYT@(1$< zB7iTGjGBLv>5OiY6;n=FSBdyMOib0MMs~`OypEek=6!};;;vXnXD>O^E}9QQ$EW(Q zY>!n>D8@Ely>G^~@$^7;1I|Cs*bAFMo!K>&UK94m>vccXC3O{iC;=h9pKu zeAZ}^X8iu|b1qJ9ldPsCgkB1rnuXtB-r8bgySt7@hF@PNcYkfLi48i?eR?iQpM5o; z40VnkhH9(gJ3&zgB0cZj(~qp@9|QjpnCwU4|J$l2brAly+2;?(|64J1rjFNo#nYFv zPros8+h(vIStP?36Qr}ap5ctAzsSh!oHr!0=mh(IZ6{}WuPraGum0nlBkPlYQnQnzTz&Ensztx` z)&H2!r`PI}f7U1c#;Tv2iw9G7#!b+Mv-ttF%xHwYuS|?CgZK-Yj~t)uzcTYFNZr!i zz4*IiN_kbz)5k(n$}I{Rm>B)nkw#2olOtDRm8c}E=8UI`aQyKj3mzNn(TOU?bU&VN zk5Wh7+4i_ikLBH8kLNLW8D%|r4~$^kJt(=@ zfm#0^hndZtOZC~Uxl-K^lq}J#$AgMLt{zinu)Fcq5qaFc4@ZrZDZ%a0-GzBNfNE2N zX0L(K5l$e2jkF7w)exO-+Mnb+6269&06*(DV;nvBC$WR?o`7AmxnIlZs2-Y*kVZIQ z&4k4T*~4|XzLnmAGsV|S@?iY$NOHQ&weY{h=+CPZ^0{SnabEdWmDia+jzy1RDAwb` zG?j0|cgk{o0{T(wmL~QB;{iu~ynz~jd)+}C)tdXh62D8LUx0XCoBxdbn2j@MMh*;N zk9+?5{@=|joqLPrFHz1uMup3i-Dp&x{kT2szy&H(R^qI zUB;8F8v`cr5KSHxO%A$5B_%JOzmyJa|FUWbMMd6|IGua!Oic=&G7}Ef3D3WNXN|rw zNtDzeN@@^?oWg0&ae{ZM&c?SW4^m~8D=x;OKKdK9ZR4|C9*6}^Uzc=HB#L=QbJ1;K zJ@+tH-z~#MEK;|H+Ts${Q{%~j<$9PUy_)FNcb2!1MK6%?Gm&LY<>NS1L3C#sQ}D#G z^&#NL-3VG$=Ncg5NvpAc5AE>*SPx|Dwpep}cfkzVctM=@;O#P(RJ3RIeH{KiOu9_Z z`_qX!wiL)~+8(j<$8{JVAF-Y+@y@vPI2uhI=U0x2l^i738k>p5md<6kqOL0K!!lU+ z_O6=ij|4Q}@7+ihTJ(QX4N`)^FfRs{c8o)#-WVDjg8uS+POV#TR^CK6=L8%sRZX%G z`W;n};|P-u%Gkd=+L2)+NLD&->e#Fh#|t+^BXv7$jn4y)!IO$H0;+Fp6hViNSpO6z z(?6l}%t1Bw1F0YtIvU~MV(b~WboQQcSgmcQ*v3wMYC_4FbI`**Hl1)Vx!I9t~b!pZfQbObJ!Q7W~7S`F-XDHN*YaP3RM> z_y`7)y167Xn+Xoan*B$Drf_3Oh9N4LH$s!3Li4Uhlv>r=o4X@QHFcwpw%Bk!P>$4<4tV92SbDqlIin(G_6U zq^_{bFOjy7s*IQ4JA0e_wJ+{zUeMlXxUF@BZ}+XfGFhU)_;w>)S7Qxs%bw-O&t9hw z3=5>kTbmgLGXh*+?+mLqc)6YzF271V-NNKN-;;!+m37?OO6}G?u3ih|&w?&%?&<95 zQU5r7P*^OAKBfL;?u17GqHpVPYsSXQM(MpaE)lZ-1CW**bOyKW~W2W6LubSj|YN-Zd=#Qtk^F11b* zE2{C&%*KDuzQBws8Q>Yo?^+Q+7sqOac6FsUs z=*7#&O$;Gz)JQ&7Nj_Goe{f=3U&+xX)nYb!x>!-4+#Rc4+4LEse@=fl_ko9uSH$<^ zySl9-$>jxmST)6yPm6x)1YEGBYQ%giyi{aQil#3vH2d2{hf0qU$<;XZrBCxSZ$LD$ z{BB?@Y_=!_)z3_06RWn7~nwg^-t+>$j`P50RLM zIN$A;dp-3ZRG8=`Qu_{*?`UhU9v-9@V>Nw8&ca?eVP4%{k2dh!z2p_HvUeRsJNn@D!-=B6p8Gec0mCjvi&N)0 z42Q#R^{t|y$Xy-TB6E3XWNO;t<;SsEI8>;pGKk+8!8SDBYB7>3G+XwkDgM4{z`RT+vn(~4w0O@lP}p5mP1SEAwxdE z3EOoZMet~aPcq>JD5W;V6#%V-D*#H=pxcTMK(O-I{mDFqgq25!L&d--Oo%E5;HpAY zo@k^FN~|qz=bO&un7l|}$SYXuMSra&ppGOblvoF^*_lO|dL9PYcAqH+5?Rt$xJxAD ze?djlp3D3eko^1$>%N;WVM$+YyDD65vM8vKJJgl5Es#aJzc8%wPua1-nNb&Ss?0jVOryLZb17P;{sj84EWHNPLrdw0Lce|aGP5w zX7$YC=C?U)TFRzxv&$)8hF>oq7e7gpX#Sb+@;iJdDolUx3+t;wH6BcYKP6dV=OZia zZ;ky$O&+p^WOblIDtDz06b<&uHw0TFS%5koY-aNX-pv^(>C@y#pT2Wzj(mrIB1gXT zi5Poff6OwyZSJw-Q}K0W<5L4y0)Kt=Q%$dBjz$?teX%4n#*~unD_VfX4Mn6LlFPcU zuwFhCgUyUTXffi)&m6FO?oXvIgn0wK7Mf!jG?R5#!2_;ldZJdUe>GtcSN3bZ^*O)J zWbQt-;6*=t>U`?z^<~`M!#a9KnQiAuu`XdIq)s&bi;-abE-!9=lijXTT(z5D$sa%T z3w1WK_%;4=A!$ZSNonUeNY^HhZ^w*|=+oo}o~kY)$0b)gy1epPULuotr4=&i-LhhN9l~zgc@*(Z*?zJoYiZ|F(N?kzMvN_wz@Y-TfVtTc+Wl(ew7@8K?J@jSN|0Wl6N-Woh^ouG+8> z$}y9A8bu$!)s2F#yJ_X1_=cW7o>vt;?Z4^EIeqt1XEae&(1dFM2j&Z(Mf>gSBD~=h zxe*k8^(nGgHW(u)O`4J%|Hl*Cbsk~-ziE;X3&pU9se@F#qU$bX39e$u4zmoGvS?9L zzMbhOa9S8)!x*P=t4jA_VHj#(Qr*?C+bQ3%bkTsDLdNzw9;$q}>rOuCIH}vt2bz;U zBDA<+;JOX9BEcV)QPD zupEAviy}c}1M0~5N&;l6z1G5(N4Lp*)qMQg1$roi-#)sF2Vo=7)6zwWpDl!~GNATe>gqM7|3@dSk zo&g~>o)!yl31RUgV`Sp`hJF3#@l6B%N(+o%R4~>E#+pOI`0pW%P3BFb+sfx?d<+O1 zP@Wx~&~xQ-{6Bh96IvjIw%;v&L!Dq5zxEdEyl`0qWkt12e|b5$Jf57v`nk~TzfXVU z{?9`P!7oHKV0+v~ivHz|X*Aiki!X?E=^ytVrbkJFbkW)Wm-Bq5*~UJ^FC#~iIk(!> zQ61S!7yW4z>djJuS6kPi67!r&-fi`5K`l6yE0YdJNX@xPaC11hdxX`L3{a8$n$7F zmi)GQv|JOj$2?qvpO9LsptZ`??k?)j{yN81x*v?cTtWSL^M7ee)9I$EVY97SUf$iI zaFTz8%4M=;fY9d>yXJ=p3GTmGKZ4M|9AFTE-l{@3L1^z|Y52g~1B&-u|!fa1%`hjzo(g8;pJ7-e8e zv`RAx6Zi?gz<62Az8y|PNa71$)bOCdJ*D=0XSovMsUQ0w>A#!=&f~ZUVEIf%>KUnH*(%!xgu_?Dz|Ue$ zu9xgU`YtD^y0)v!&x)r!2(m@ASgntg%j-;0d+xXQ`^qb+SMg7D=qpZ@?Uv59M)vE& z3&oQ^v;ZP;>M67QOUm)O)`h1R$iwSoIS^BaLC&U?)s?=AMJn~H9iUU1`^^JJWs%ke zz^a1=!i)M`qTlr6{{BTc@NRM7-R_>hs<2|kaIX24*+|><0 znJ6rO0C>uG#11mZc`=Anw#3i?{X@Ua19VdCEXA3=U(iv7ue!xcuU3B#v05^qJtS^b ziLJAae~(ztQnTH|$Mb>0II$7m$TmMP%_qgH{oH9DSYJJERx{$a2K&EMa}6qZ2qC(UEebbGcH1G6ubmU>=jAKfvFyE=KAX6BMX1YODy%UbZhwI zdy&>}@F8A3zB00q5J&}p-apbRP@q3vj%gkn=jfE;N)I9X~Bjc(6Zcwq*ZDIh{ zQE=jG8b4S{?^J(Qjtw28hT~K|K+jU&vggLJHllLaB>ugc*^9 z>m_D>z)WSwdCD-ASMFG9T%#AD+j z+0zduj1SG6BXe+L^|6}=(&FWl#3Gjq=ipv5rmpPWyGL6LiJ*ny_j@>n8XW^@E+bgetenT5AL$rVc-U+CjEY*Riy7!Xj}LkJ^?M zj(Q84h`r~F*0$VSadh)ZoYou?e#)XE`BuU&b%e74xNYhuNZyp!WWBtq@ewDc<<3kA zEwghR5{i3UGFC_n3Kkd{_`0JhyDvplqGBQlp+Uqaf#d$pZU_=2{#Gc={(^AI3A5)S zmO6h0!VDd%z^x5Zttm)EO}U5lF7lR~iu#aggb>3#1dirNdp+6;jzCO6-cV69 ztw0oG!H}jUK4~Ni_>Cu@>e}4O9_c-OJld3>b;-X5k#96??oi{Z(Xw%kw0@USR2HEV zHq^|;Z;yvE{WUHX*P^aJ_gK-Dtj&tgAv+oc-74o}!z3zbj zR}gq0xYXUvf`r<}Xq*zF?{Abs{6acV%m z`jWj`{cfmF-%x(~7)(loFHK+lpRm@|1IDCItYvM4uKA>pB#hLjepdr#QPch!>-s}| z;lBEz*>IkOh?MYC0}2e%phUe$3bY;v=g9mBeOl0n6q({E=N#IJwEjDNv{GrKt4e=2MMwd}RR>Dc7`P4u=@8ewCm?%dR41RuSf5hVJdYKnXZ|B-MAeIo~v z|2csg6OJBje>kQ2(QAvB(>imC-dtTiLI+j)5=D!%I!^`I@59#IiaCzrL9V3 z54MMB_#hoEvmFf7CAZ4`RA5!~(f!Cjrj~eehq@>Y2FVj?l|4|XUdgZ#I{Af8W@__H z&Gl(oN_LX0ff_DcY9hzwu=AWdTLxmGL99iBRoFNypS28EL{AkDyAd{fAO*(=xEBl* zSg;wb17tZcbE|}-jjVbZu?4IXhAZLM%ppYBp3#wK!D7W#qJq{x^A*+n==RKSIA5-( z%+GYtoF?0VF3MOmkTG0*nSKyiCa>yPWDFwN(}rJPHXYCEXCARLeIv2dy)CMOTO^OM zoxh${nHEj!k~bCh8!lTytvhkIii2iJayN?ePDtI-o#EQ=G{mdmR4VqB6N@d~{W+BE zhX?7EK7F#6{8zP-UPQ(2b(74fLOy*I>F(2PA-V}_iHaS#jOro<`a>QI2naOF?|#m1 z3(&l?g4&9y4f{?|owB+&Juow4!Oa@LH#@I6_q0#{)jWzL2L%7*AYEv8<9+%)i2zvA zM+ND3GaT+L(p{1*H1|Uf$bF>*SowsCZhh?o0zYhxC%2fFfUUL!(!K(Nc*LL3ZH6f0 z>p}?K6k(`--{f;Q2Oznpg7g4?!mm44O%7L+Oo~bo#zCr$8^QJksHxXQsS!0)3q+bN zyLkyEvL=SJ_eX5DMwVT0tgTUPM5!1F-Y?}PxaCW9uvom)2eB>O9KEJrJUy^5oGgL9 zAKu62f2}(C%0_XU43)=68B-2}YLdSGpIu$Lkn>LZAH8NJ(O?T$kSE$84!e*Oh&_b9 zRZbuF>Qg6OhWxO%{=MqjmXu$s7gG8wrI8oS=SJX%F~3+a?Lxt9{a(1m0_7}w#EM8O zu)Qjnjd-2VB0fRAb>(NfUot?_5#A7n4#?`>`8H?)xE7UT^0X)u%qA+-NpBDP>Xv@j z=e$42c|SQ>l2y64_Unj7Pz4~gkl=RoH3B*6b_f7ITHrSD!PRwr;P3BxOl8tVYw7}$ zb`L5)m00ama=*&lY~i@|7)krvoXx1CISS4aUl!4POL0Y#X|>PZ$x5fYmP)BD=qM|Kv*M$Epo@+yT@ z?h5f24oYouPx3hqjJi@;Wka^!6PlonfFH`o8CiLtzUXD7{7k&$l}@{lvB_)G4ZO>b z*(@8g;A*#nhxQM5`)qdyLn~Iv&~kB#qP-{fMw&kpePUYke>7eH^)DlM9`}K$tIumb zd%^tTuiQBG-Cyjat1HMd*@7}mpjk4n3Lv-a zAD(awI&_*@?uU#iWN~JWEWV{dKJo+Q^P2pDWGUw%;^#8W+*edxy6C$9faIvYz+Iuj zoB8VEKIwB8hJ-Xq4S_i8G32HmyHkDZU(B^Wh!3!&kxXdUPt2+{fOt9er!Zv)+U(C4 zfxkc(nsK#2wG5cPgA7ZQ0rPK-(xfrj(g6x|zuIR&FaCN6^aFB4p)jg& z5!W|pTvMBH@s-*{I6Cp@8bI$gjaXU>v|4W(07+et*wZVreN-Mi?piN43!1~!cfpF)eYxMI8&Lts_cI}PnmS+Utag^Rxan1H)gJWudC}(v1HeQ%bl=cjj)in znFlt!JPEfRmi2)l!#u@+OTZs@VlZW&Y-JevVr2svA{|^8dPs&0CI!g#trc1S;6 zjdSGKHhuHW`Q}4KDpbq^k>#1V$(Cpufd*=s)A8gBZsB)=^NEr)&uMtOCC#@)FLw3w zoj#2GvXQ;G++i-z^VqNH6Z}28X~=c$y7i=q8-AB~c(7}zOPRm0RWH5L`p3>t zIUZDecs#e6Agwg2U<}XI5fPves#?Y+`*-Lh zM`kKjgdd4dlWDXn(RO>RAaXWPl?{;_E?aU)7IIaW8VU)?RPsU1$JDfR^=lfy-=mxQ z(*Ld_*@juTa$ZriYdx`|Q8ncdEO@7ns89B1vra4=YGT(;ReJFduHC~`rbsI(4Hws1 zqpoW<0|6&d?Bxnx{8OAKSkt;;Xfaq?SpPmREoN6J9NgEmnu03Vi<%I_8Ugq1_l-Av zwGwSijsR|2DM*HnqXjf59+uloG&tzmZdQ~p7;LbKo1?VZ*7(8qtcy_FB= z>BGB!{=j>=m3S9UxPF<=PE^Qo5`XzR4*l@0CeVCXcSdCYb|(^YMA{l=IP?5eF*tFB z`AcfBI4h)LUUX3`bN$PC{$KI*wc-6e9U`d@xxWX5h^Gl5V$hLg4X4M`HK$+K-mdP7Z}Der ze}RJ-RNaKC!}PzOmzKSU+1>3G)EG+-WEXSQ@!_@YE90qDP~XZ}*ZMdYqYO0B@G6UI|33){1SIaL zP@_oQXjJeTyfsmx8wGizL4#VwODk4I+M*&R5EV6X6JWdDHnz6a>S@)ZM|;<{BBE6y zR=_KYRTNK)m*S+cN0gRpHUH0d&AV?&;NbZ^&mYZx-*+x+)>^Y>&6=4tGtHzgcz#^v z97Lk_Gm#I&r^#Vs2K;VT;yIQWPpZt`yxLBaj5)Yh(H`#wf^y-NWLc3z03OCZ6M92k z5!E$ZgRK@N%Uo|m6iUqMFR1+`QIU8JKpABpj>;_N-r9icI_oQ|rna+x?%$F5Pm+eW zZB1WqXIy(&LDMkT?_VZSgD+2aSD#6TUqPsI|FozTC#3t>w-j|IQBpvMN*=2Gh!6Yh zPO8QVX?vAIGTX#s-a{LgDd=E9dr;84eEax&&P)?CNbzli8lQU<+4(b+7UXctFzzBOO3-tt zyRQz5JkGti!I<;LWog0|%PcuYrKqulBVpKNHRug@;~1XKzN%UPj7qGgjvEnz6ux2H zzt#Pwp<)^^R{h27fd;9Y-5mBJ5Y^0x6m=c!0*}JWlhP!8O(^`1&>qx?!h+71%xKP+ zA;jkiVZ-?IB~+VU-POFcn*)gX$!e8`38XodQMc(qqz~$_{_wApsf)!#gzWQenWHe$ zE=74y?_Z;1jq-hrkkvh5Zgtw#JQ`WZO&=VvmE5ysTj@3X;@q6Ne#xf4qTge|UfrA4 zu%CC;`@x8dHxndf|kyIq>|SN3WC+ePYk*rL&)!Be$nR}uTcicghX zaa@{r+ho7YvRt@61@cA%uhInNTa!t0pauoEvD zN7L6H7OUQTP5(tmE349%Y)rh(qIG298m_eGI<>vy@A=`yst@MA6Zzqir9NFA&vHNH z|FM}0^!^`}QXQyR(;(ESp7?**Qz}+U01a!=>@T*bUk8m8_`2BI zTkC%?jAb)E0vvVDLfNz)r+K2CS-_|7!3QN8N&QV&C7*iEN@xqO0dJqkc}ln8@P?w^ z*tk1w%o{5IAmr4)?eugg)7ZqdE?i3!kwmtp{zd--CjM~!2oE2r0XyC6#L!1X?i zjC41Uz_u*S;~q4Sg!(x6VsLA3l%YO~Rtb{v`8qU??h^phd92XR`2VaLd|c zqlo~*s@>*)Sd~`3ib~&wlIaRzsoS7NgB@p zJW|6}^>40$qTGw5cL&l4+*m6)y}3ysOGTWQIk)s@VO5D3FKM0JG2WMa&DuA=Z@>ie zjXkZ9d%*Uc(zkjSV4YIeuX06L@-a*IlOl=&m(ox2T$cK8md;^)ZVAdNdGo`3aBGc5 z`zQr`I5)bBB{T@2?-ZUUroc_i3+ofF7g!uH8O;)Icy(SKifk@=cK_IN*y8p32g0KD zWAzETf9w%G(eL(Tu4T1_*H<>T)L!%VTj-Z`KK18@(z()6k+~ZC#usZe5#A3Nx$VCd zAHQh^Nnhu+K6!sR(dqr&Tn-tTyO{90_?SwP{8p*yN|snr_f#&oCoUR1!>g2T8LY76 z8C5~@QGw#VBq`9RDqF~#=~?>F|5#Msr;QnpWI|cf=an!AGWzxTw;SM;7d=-be+cBz zFhLHRHN-M>7}p9Nna|=#^2ZulL>7NGIKH)?&UBqX(u-yU@pYf8re(oLp?W>Mg<2g< zbMt2LnRxtLOY0Kva%f!QT~+3c`oyI&;2Y(nax^FTeSpi{*e5OpK6}%~>o8#Voi}Me zD7o>{T2pX;Dwug(5PtzC3_*~jbrASzYI30AF&w?I2N-t%K&<`Iw_Vz_uWRbGR`{)# z=vDTmG{2!+2+2g1xWL>IM}q8DpB!7NQQl;H{N@8e9mFGw zZ+&hN5A*D8(ELOTU-ikNdMbGVul~w6YzP0&t#3@-@~$!!FRm+2#olR81}*mdL*>If z-E~%&hwHDMljiGQqOs%TcCPxEGq*2Xa&(2YXWu`i?p8_CBpIz?jmP&-ulByb&+Gs2 z{7uyRbXnB;p|hsRGwPB~qDt))nmOtY{!rNh%C5*6%YX0-ST2Wm_i4J*b{~1oJnW+M z2<1&F|4GUKZa}oI!LGTkuN;Xt3kSl>v!Ls)0PnzQmtw|_XYGW(;m8-# z@^Z8={H;Pm)$LBAB>5-%^8-fs^1wVM2X*#)?59Oh72rGK7#;DRg5O-ICgM9Z`nS97 zlz4G8&apXtX*^$ZtM1xS&3(PM=J#sQ*WVm#j~`Px(`i4{-wf%X7HHOt!2)}ZQ!QR7 z?lbR1h%1z}0duCcT+8zPKv_ndKiYL|EP#Y)m4z;5>>anKJlWTyQ3MaL>m9gaV-wbIg05zG#&FN>E)qct4Y|T9Z<9+ zqzXg}fUvt0M74e1D$~pYkT!I)#kGf91y!iHZz^ry82cM<^4&GE%|3m^n1SWlGK!eX zugRUu*MtHS`3I*b@<)Ud`Fm+1ziE&3H2yJHGmT%OMrG1jt%lOz{`H}k?FPfrt@90F zxMqiK&F9bR`Wybn&x=Z#DtY7Jv{ka$%mCWDvc}vmebx^TO~?O)0C;hzrrvMs0>VJR z7yzUTwa2~8D0{N7p7#1Cpt2R9%QNUdr!rAfR5d(lgODEYQ4Y99RXmh5G3M$dFADsJbF>N7*K>0r0( zk9yJVZI_{a*)D3qW?xOkzM@?UG;J5B$y3o>lLg6pl^tMTL8YI0a5;EU$Jyenlmxb(}Bp5|y}pb@w5t^pKF8j%sR#U54Mc z!7nQQRER$nf;v*Hx1Fr<#m~WoqM4)AlUIhvcr;?h_?>^;za3ErPHD;-=T=SD9XE|j zJa78PU62>m17WR0L^TaLLNi(Wxx;&7tqCV4Uz9}C9Q$>in!!C?zma+B=%E3Tn~v~7 zgGnI5#|%Mo=*JCQsmuW=SfOEf11_Xlrg~7BN}-~PD@9o;(`V&}yT!L{?G9Vhx$k9L z6Fp@G`eV-Jz7LOYDVm z(v~e_XYzA?p}l?^=KE(VT;p--zq*~v@TlX&3z5a24vudbbWH{QR>ud$+*Y2r zFOIN|!4>$zqe{C5+Z-?R+~UH@Xk$ryOTVTmoMQAakPGa@q_chd zxSj=@u=?)&Yqt85)G@t95FFB~EV?0LQEb8)C;p_nzD~E+Zu)!Bv30+oW7~y;UXdFTNdDrlJK7u8Qdm8>f>g6vZspsDsA0MIi{A~RT ziXU&F@+W6r`(7wtoy)RarI#NY&gbi`vb7A8U?XM&hLSkFAt*_DU7W5Ck2vnJ+#DSY8ll^Y8d?Ll}0 zfX4Jv&{Y_53%GbeNifgIPmkkQbgI=|2Ov?vvq4WJ@IpNhF;t%na`m#TO^dn=_Xb<1uGIe~xvPMr@K@+U{XCQn7oW|lL5b5d#306R^Q9d|YB)9-^hmmbvO zTl+J1fNR4IKbeR0q#w~-8AR*>jfciJ7u|sEnN}Qbmo+eHD%Iy&c@rCAZcoNlVor>) zb5&i^zZQ*D6g?Szl*iD9FD{6VW0TE zHAgwQ0jV#^pSyhjGfnzuiuBJEHa3n7l2oG=_dTbg?y&bPYSD$X zh7!2Y?w$q4DU7djule{Hr;(ou4D(+= zyn9m^QB@T|iJe=B+(v`c?FAZ}=`gGb3_R80v@R_Wr&>D-X!V?x#7yMdCgeHq)jGF3 zGNHrl&_FUjnZl6uvKe}qJsA%F^udVW)^G$?FZ+%L;0}^bL!?l+I;Kf7uQpPy^jJ3- z6z;hsu)sLSg7%i=A^H7`9kizdO>4$han4N5*pXa>!*$~QZQC*jxGr5Z2DFwgIzhjA zrk{Oy{qnFd&pSVNf!L93sfHb{dKzqEp6}Yo!eC^}mfadlTDA;o3Jr;JXsB4)vZcJ~ zP<4r#kIsupmW_Su7G{^;D~$YLiHP73p3Ob_-QX1i;j+IQFf-Pi?s z<)M5qk7tas8Trmb^Q^D*_~KJfU#|Sa^ckGe_TqQi(Bu2&3@Y-@wHm#mQ=C62EmC0&Z&<8~+;0m#dc!oq)KxZz+)p8e1f&NlM!iyx zw_ z>tFhj`p@G}-qgR)PZTmcz|@9C*i6j~&5y5&+2`bb^X{%;?iQs;m8{uBGcSj9 zcdb(VlTde+k7^#4(GZ-!q1ZPK>fFi}u`0=VNc4kEDi9==yE{41ARjH$ctMs5&d5{6 zi*}-D8m`zN!gOzi{7e0Ls^swD=~4TK*1@B3+&d_K_b+gF4Z`uoH!S5R^`LL7_lv`n zGhDek;ax=PfgyAbx?PgNB7W^iZcv;c@rJPTOF;K2mt(L2iRFDQ7F&I_rR2p4+$?B=#okEjzv#OZx;InUj z9DDb#wlj`(Bhqw91j;4D2nf2nb7YPVGX7qbuUk#ll9MrTWB5Nw!@jBRMvXnPux`l4 zj-ti`(TjyM4-UFnTzxy(v_^(>{DZ=vaJAhQk=CL@*0b6MF{4+wUuDpBt#Ho7ppzk9 z&vm18P5Ab|#`8Z%22k}wgx|)F!p5)jv1j}}R+&0JK?Rl0J^^O;OH87NaQ6 zeU0B(*JysLImtH_G;|%n@8otJq)HG2cYb%b2rhaFs=E5?4EmU=sp-@Ze#@32jR&@D z*^7M*$yk-^z;w?N$g1|5?3WUR`adrf?(GLdi)+gZ6~jy2)pOJQ7?9WgPahZak-!-JUpleUx1tF5UMTw;Ya)kIdvNh-SkTdV3zxyautRDU_^<_WuV86FVb3rHlt%+5&Y9mWcEXXcqqrBUV z2`J5x?(J6%r+sGwmue|+%U2TsPSha&bH3CW+CM@oVEh-xhU33&(wrN)0@>{*B*;cd zEuQ`3z=Zkv7Fag@80_l9mH*&{B%|OeKd*j)FTJuLZH%4@{E#6k|8C%u|Jhe4UuQeH zgR|HH-(BzHH=Rtp>FYuH_+23U&JliB`;vBhosvcXDU{F0LchXNS$OW_)=&tgGbq3F z`s`RQ-6nINUOrpE@7Ayrp51ea(D=9KpyF zkqR%nKfeuupIc-C|7+eUap9X@;N3sYRxs8uwt!E4y;9FARxlEy>b}U$f7$BnjxVSa z8(_?$62dxlFZd3&TSE++dp}P#NNk1st&dvyAyG0NO#W4W3q8Q!mczv69Q0|WhNDnEEpg2}UJOTmmo zjtWKD`iBdCPb#$|@g(YQ#T$(@cYO|IBmH_Hr%8Wxl|^oRkx0q1=(`|;)T2K3u(8BS zlD&K$pTX>Q;@z#U@bi!_B=Kq}$?nbHtx}LN z^h<#Wn!YJz;u|Jtlil1idkWg_q;O>>mZ6}1NBkT1qVaUkf2SEfhzf+^lToO~-`6d^ z{e0q0-2N^$OWZ>K`uGdqC*I7}7sTfA9_k6ZqEK1*vnCT#jzN0)*D*-5yx5@>UjKrX z-@&q!m%{Ia<%jz7NmLVrm)}IZiQ=hYd^FTgQe8iy!rh~Slp~KJf0snsuA{#M#-(z< zHXZx?BYE<$=MA~?!2Y(Zwc+dkDUlfen09?Ap7i`NCZGmKzuqpLrH-Aj_;aP$kn43> zB^L#xu4Vf`aW#|S+}t*}?sWdN8GO!_b@45+iF>`SJ1jVv4s(d(VCz<`l~Z%!vtu_d zZE0Gp^~g&4*3*iD!sR;Bz3ufmRl%mWxt?L>UYeau7nff)NR_y*p(ycw_u= zN19YuH76vq^T3P&;pyw|G+vT4#XG&dsGb~#%HnBDS(M{aep^JD|eN;c<)u3?O z*p1J&H2o1~1^v+F97P4U*320Rw|xC`OYp!9zf^A}Zut4*{lB<#Z&y^I8g7Up^+HWV1hcMiNiR`8E+3~JqU`ZE%oYZz z!FywU_XAo@=XVi4SN#3Zzh&F)8Lqcqo0iZ2$}qiWtMejh=Rc*JoZTYAxPl{~W-!8d zC9?3?AT_3rziTm2+q&nRz?Htp&yul;Pvh%oaWttd!K!ujBc2ZmKO4KTqowIdmeUKl zD(d>8i*jaf!UEi6q1e0XEkypg*ma@*)*U5K(E71F%jCahPGza^8LvHY7d8w;<}Q^o zNe=(cpl0t(yP0q1Z=SMEAofyW&2d}lO-BT&rz$lx3Q{+rSTe4Jff>ie zN=bZgU(n4$9a~R~zt6ePtU2FNxkOl}X4989R?c8P3CGxwu-4~9?@~_E&^>ZBpGH#W z8A@_;z>DKfWlWA?Yz-;APfRYDLcF$2Jz}5j)9e#xDlX@luB`EAWXTmY{ff(M6^ZUX z8w-o!Vd_BZ4Nt!rYIG0y&@p;TmW|h==Iv|hgN)zEO7BsTI%Y4jx;H*z!%d=WIO*cG z8=q$opqo2OK4*}rn>%a&$%}gxT(uGuy3hoP;eR6-L3#)NbNArWmX8yu$Gx*zTfsyQ zCol`yuKk=&n32bqg{FRN#;E#&x7=)li%;n9M7cbWL^^FH9 z0e*=kg57DTop;hMdhwkWJlUAB!@Tmc1`S-lJm0mUXUbIkvsOh?Nr9E^F+RD^T@#b{ z3UyrNng&n2WX;5Wca8)zvvFR<`oJe{9QWH5pSq3BUKNJ0PP1qS^w{KS<<<;KPFV-b z->XwyF|iQvHyMe;-J4X9Isy1#Y~xQVZC_@C(v?;J$FT+Opmo|E<&&#E5WjoLDHI!I zMl!@rSIHrNQdJH>D!IeG#9aZ2$6;?b5`f8;9f||{d)CtB$QYFXCqf*D!U$U&e z-_7El+QGxdA@M>Jkg1aWK#=*tCj-x=G>tm`oF>*V8tV-Eu+v>;to8T8>0{=V;kOo=gR~O}Kq@?xR5DF9>P8*T91b zt4=q}mud)tST22~!S)G1y%7xMr)ij!wIZEsA%#wMfbx(M*!##F%qg!-r zcQ^FBVFiZtB}2C_G?@xE^A$RO+D5TO`%#7L@SO{DGT>LyYpQAI#cBraN^=zdeY*uQ` z%E;VrkWEufTvztqzLAA9_l&RGH&*>hr0qx|m}42Xpq^#^Q*}5vxU3gcTFf-T5)4;m z$A(L}aLH#|mnnSPbgrcC^=VtX#o<*74~vg1oG~P}@%cg))HimW!Iz2*;?FaU_C@LJ zbe@2zGn()H! zWWtcK8ukAvF4o64cy?M-hn=A9z4JK3DP(NoMb|`Hw^B)If>p-fYZ;?T8ypfQ8MdNp-6``bAKO;g6CE@7Q=q_636mDySHt1I6q6|@fk;&ewtb{ z`^ctiBaa7Fk;i9OO|5yQX?i;q7_$m(9I!Zm^sbV{)jaA`#q7*wm7kr&^B0%WEF%lg z9kTJ+!u(`YQSe`#iVECEb+Leq?Li?MzV4`O5fF$I!I%o`7_Mrm;tk99Tuxmd%&&IcgrZd8tvX-#?GSw6}3cx(y2xr2`P^Z<*jx|N3p{Geh7j)Lr zTzX^CI|L@@u@w|dKV8rMIeetV`UA2Bp2Va|SaaO6t{N55?sO9OCb&m^joO(+Oi1+s z>5N!V6T~8ItrV7Ku=>Crcu^JF zt0sGg$kYX|{0i?guy@{_3F#A5pMid!LB@b7SWiiYMDh4sSx;zs9i~yQI zOlO@2$)2Dp6 z%G)*kiZTDji=-uHW)*59qe;@*rDlC3wL}t-RI3lAHzv}ePLO1)i&{sZ}8D=vrVbSe?;zH6!Imc2kL zw=%d5%zq%*Z4LitVd+Z{+LyY$af@?9%{NZN7lu8L)4@d^R|l6tBHg*At@^a}m+o|4 zyy3Ws$swzQnhlY7lSzSKC69iG15lX=;u1S|q!G|`S8pk%pKb8{>=OZ`az9`-kI3T< zN4CD-%~Uv@c~#+O=%&)h<1Yj?uSDi^O*y^pD9k!W2J5@=#_XrrfMCRD%uz-b&Nid4 zalj%EZjlE!`^eUH0yi%5_=Ku)g-ot2i#)!O1{#_F8_LtbZKPHLn(Ie#VQXV$bYiMq z(Ca$Z_NxQB&4A*MJ%{;)C0z$*$0D}iP5LamNFv?PEdPz=HykV5pHa#+CxxSweYhKQ z1&4QN{5I^L*1ta5n=O6S7qfAnx@owlu_K>X#%IHB!^?HO8^S|}{D10BC6*0y7%>{3 zx$F6K3x98u)IazE3l3kEG(Gr~Hsg=OhFiO@yYmTV7dJe{&#r&4bX(_q`|$= z+kQj~Q~waT`R8iRqwte>C-jpDM!d*OU1Z)oC0Tg1oZpv3Za$MQ-qv0-QFE1%+fK6B zaTSGQS|T?e!^fCsBJ&U9$*7@YUH|yn69=wG{^Of(irn@Uf`im~wyVOsTV(75K(3F( zTh%_}TZsAYycQYa2)K9$iIDyLMYpw*1em71FQHZJh zndi4`eP%XJ9CIp)*cZ?;^HhGHnXT;#75&Dv%shU~Gqb-IUpJs*-R@TY;DK+(KRU7F zqy7WGFfK^TSh?Mig4w%LCS69lOuh;ieclZ!I|@Q~um@$5Jkd0H{I=^)@8oBM`>5Y| z_f4}|yqXJvWZ<~adHciv*n;X%;iStp{-ap8Z*wWG6KmO_xGQ{6I zk&DR}1clm`oP#2ny33&@_2Vo@XAgKrbad^iNFbgP_RqLdN9HXE;SP?!x)!*J7dp1| z&j5#M@fTVaG!!lBmsg762VVVVohY1kkH5M;%sV)fH}P7>*8Uj)>EM2git`|O!0>HX z5b?C|QK%0%15@92|D10_0NDI@-mHoV0F57Iqem(GFu`^GmJ7J z$6BZALik^>(64Habd!81v%6MGv;M`$6AvXr5=&f_Pw>P)8~p7}-u?{pQxfMpxxxBO zl^l8yKvYR?oBE|$Di|n%4fMU`huX>mqgOnw=S2jM`FE$ln#!hHWK{{iY}j9J4a#RWi+*4zoWsR|MJcVpqi>j zuW0XL!K5Aq<$Yk8CgHe|WyTmnwKJi;yLC0+?Y2unoi|I7CEvV()r5=JZe`fv&cA`l zY^Xe6HIL5}(I+bUTkp$ZfFK<9f5ag)?JB4udAp#c&hJj#WniW2+peWak8OGSQDO=r zbG3d}x9pVizc8KI-uVr_4CvqI0JIFCeFECSEsrDNQdP*MvTvrj^nvG+wLhKDfMqhB zu8;Ot3Q;BUb%(>HQu598)gwsmvldL;yWgs>DA3q&m z@I+LZQnhak8&}|uj5uyE6nse&Qs6bf%TK{y#kc0CkBab*MJrRs;8k zz;zpT0nDy|X?N2uWHMV9$-*MzPmleD?w~s}d!8QnMP|=avY5Rq_>;QQpMy-Q*&m}%l!ACS<+ZXix@2TvMFM!RrWGlGO@*iT&B;0dV*+=;c z9=7r)Wy+tODgO$Uzx)^ceBcwctV@@_yOlqEXUab)TmAz-?}L61`Y*8cNmZBI!~#M{ zzqD7N@-Oj;cF&am{o9QG^ZTG5+wf!5xjJ^*2R|jx{zn@21(xkGWm}bHTjs4#{$0+f zE9BpY5BJ7Dc*yv7-k!L#R0;pDW$-^t_%ER9+<*E+Gp`GW8t(O!@ISOK{4u)n?B`_J z#N${O9e@{;&41D%oGAA?`XsF(JL^PoKz?ZGY?_k9icQPzwQqc$-Y9u^7HiXLU5{z_ zl{TW?L+8PbHsgWOKPta{`wd^M_d*)$V_#L>WHilmWql#TJ}>{1^7$_nTfBUp+1GB( zJ5sYHA1Rs=@9?omAQRN3a-o%q!B%v_AU(^eE5wZ+B0IskFVE zp+?{VItc{H8f|yq z%4WPNH{(8RjKupZs9Ac`ZhE7C5=m8PdhQ1tg_lLyU#VWkE9-+uhn<52ZA4|Yoi$!lW$P^WjkWvT9s^o(=-&1i{$0W56xNy-XX0W|wvUhehC*vzi2NX2!pQ6d zN|r4A&s+N17!(%re9J<3$3ZhKEiyIvm&s}=O#aTxm!E)(%H_9rPqJu}mpyPxfm{FQt=&Cr{A`uG-<^|N(OvUAf+{~U?@s{lA!Et1`>tw(%Vmpa$YtRo z^jN`-fg7CK#{QhQwsqIB;TpT?UUITrSW=CSR$=7``NRGHog3|%ho#lq|IGe3_s;;L z-5SB{`)?_jKPXvt70>vV!lnVTa|^oq>(JplIu?|zdhix525bz22SgT@Jxj=fvd8(Q zO|^rdd-4sfU#CUhz4UeZrh~FI-dFpMEG%hSn)d&G(%g|V?fX{p_iEoG;7v~d&k9w{ zebDC1^%jWn*_}aVYfD|r(=ygq`80+rM%9J$H*45mBm6^4W^iBSf1^kF@VUb6x3}kN z1?*2P@cduyZk;6!fFalN#AJ1wjeB~DNDb|O-z^2}BOOK0w^~HDOpp5ySmE}#-Z?y`l=y^M^$)%Ta@e6G>zKa@H|Ug`!Ebx;U7O;w zwe}SX@46$m-1NJZe-`EE^l#MPV;$-GlYcwy^xs!VSkVv5gTj)J^pPxcdN8w*DmnIj zn#ZK4^EB-JXKDUxXYLoBHH`96ocLp<4y|-QKSwO~&RNW_o)4U^)oFZtK81f|9-9%> zzD7!aMx{Tab<5P|m_SEz+2=n%$GG;_V*VT?Ayw9<3|RBL*H?0{rG@~!fdo~n^c>#F z$FuF-uUT$CYm_YNUa46>F31e~I^lPXp9;(dhPL*7XNEQ2d2Y77^o9Q{#xc44w>^^{ zIn=XzqKz70fI$y};(fjV)MSLj+19B2XOm#h6FtFZzCC}=rQK6TZvT>OzgIk1W*UY! z;=@hjdlRVPoBq|aSX{TPMLzlZCqn=xvqI5Qd;2pmvAywdNh?E=@83)OcCUke>?#f3 z$>(KQ;M{vFxUquFvXXc#JRn}vYSx?092qcT4RHPeX=|(hOz-H zQwc4##~D6&0fWP$A>^~m3fvoZpgCcoG8mqt4DMXMT}Fzf#z!Gn?m>NflgB@8#Hcs_ z*BNR2Ps^9ppnJh&sLt%9rJ$-dt*INan$w{RgArVdvLxGTo+tsV`&JV&XZklX?*K>yQ(C;& zL7zp+OZNMBL&0Z}-AZQOW1V6A#hdA-@A;{G%H&yi_Yt9I;rDrQO*6#5k}ECI>`bB? z(}|jtsKF;X&k~)fMBKk1SQn*}oug!I)$uKk3q1yQTK{ zY<{#AGVAsZ^OxIW}wcb!5T77V(!eaoRKmg8bk~UE`%-Wa`YK>M})SFzV}iSWkztRwKLj5F_9ZZy*03rup|oocciD8f5?^Lrc7;1vUwL)JAg=_se#XCR{vlxXl~r>K zRxHG5b#)y)G5pV~gIIyNcN_BkLT3(p+dvb8ia|F8CO z(@>j#U@48DCkfJ;NN%jkD+C*s6`HM

      G^r2aJ7)fQSN?`+#kC6R@iS z9`^xH4rD@Yv;zK%fc6}@*m#PnIISc*Ic76$!5Vtgn#4zvTzklS`4&;Kv&}V zRpcBkXzhzx2}H&33kSQ z*pdCwH-Bu;#`gHL;-oLjpReZ2PrG}5!j39nS|0^Gz8xMI{$KCee(V^SMi#B&&7}oR zBdkMTt(^*qPwRCg=9_Nr6WW54Z8n>@amRfU(*3`*CAqS4#tDZ#pdX$b+lw0}f7Y&a zMl?sUld|)yzFSy^|LBxV|2@HW7NtiCIePl^yu#A`_pGz?+fPgFmUdbBkOBFP9F2@B z3k^EBu!Uj%0S&4EnRwVo#1XvBm0u}RdYjT&jpkmC^-XPOW8dVx)E+#cE<&SNyNCLP zpri9(4k?MvEM}A4cvk;@@dzsw$-(#p>3a2!zkda%Jv>V$RQTss2w4InwoqzC={;`BQE`8^QFUQ-CN&p-g;u|o>(*T5BI)yW516kj>dN3){rG^yQ|yuUNHJu z`rW&NOuI(t_j(x_~zIk5gOig~hJ_RqFw(kuQP zi5G=F?$0o%frEhAP8drWnXm#A5cQOaNu|$^tzxz-d0u%}v3?_qKPbFr_r&V>hNAV6 zNBO>EDFZ#^XAL(s|0U=iTiwn|(ERf%f@Q5*8P~s{+pa3~5m6%6S}+lbgr*4bJUy=p zBpy|UL15{AK>*Cf*z@D(F=738PRh<|WF^_lZz~z8KNLk;N3}Fp6*OJ|9RYQ+ zqOm_sy0GauecRHK|EA$;{5JVk>Uamh98k6IajU6c+^LCgo7pswkfNEpB0uqMvzvD3s~_=NKIqzu zc#c^mQJF>?1gn9BYNUzwLChd6AI%Rcx^`u{4gdrEca$+aQkkbxJbyL=BA-9t)c{`a zXYe{sfcq0tG_y=FIScjuepB1iXbsDt6(OSVnt_HE>jxZ+3xm1#fdM%!1F^wn2QR%0 zD;bc_hPUjo`F1E*>5`e$C68wdn|*lC;;>7|nD_f;3>f4wrtz-)GM8k_&*`3idt4|> zDva$5m}Wb3zQ8Otu;<#Bf>`M|oG*LACVS3i#a)`d*5aSJZ2JV6&iYNeIk$2U$E z+`uiqHscKO*8KbhZrtaUIM8*SZEJ!>2)zE?6huy6tpP!h#zmW*V>pab0yll=Qefes z_FWhMd}iaoy4KG-31}KnpLj@!5<0uF%;Ixmlt-J}F0X2@PyW^u^o#;=!XKABw|rdU zy|M9^in(xoY^46Bv5A-BD>(1G8(sHaSEZM|Y3{pEiA5n>Tb~oRm$oZ60yIAH=dtnk zi^dPcDY;`@!mS?{dGy?J-GMlsd#t$S-nhukRX3K^*BC2_drmC;aNL4RD^KKvhL0(| zK6O}ISsj~=YG?777#aUbed;D`y_+U8TcK)%_e~K$KQX@g-N;m zZCC5PywVRpTEY5BxIMW(HQy0hpV?;dhe}Juc1-r_dzPGm-&}p-6W7YZf4Ty?#?@nF zH3y_~qmJtCj@QnlE;YZ+)frx1f@KpX0~!q^o2z;B>wbRV0vuK{Nl@@%HBt=_%=x-9 zpWsO3wnuo0*A5fdrvCMbt0r^qc4BjVg0BDXZm6InmKj+}2wCs!>B-V(4q1yVHr(2s zm^~$4yL?^6v70C(;*z-m|j2oJM9c?LIYo-sqTg*;%xP6JoZAi!_A>#M~D+l}Js z^kV4o4^lriY~s)8LG3Vaji1B!*789ABA-@2cdH4}7-j_B^V^joZemw(<0b9m=YH7q z4I`^X5y_$bLbCLkLzb#W+q)DTq~_mgpFdm6qdxgP!IVQl?K!)!UcBOK!uVEe#O+<2 zm1n8lOm>aOYoFA{oF=<)cBNn}Yc!?PR>r{k#QY_E13dL(y@d66o(CTCp+51w<%-MWQIP!J!wO9L>Y`d7V9$C+EW>7V zLrLcuK)tMc$^FqVu7aG)CLoZN&;|x3rj(z#v;) zH2dRv&hJsK$x69THs!0iDc#pCRlZh1AyeKNQJEf$9I!%g)M7is^3iMX+;gc;7p(|*<9FoxX{>N1U8IbAuwlD*a6gy?@Hk| zXcGaDUh5iUTQ3-OFkP5f+4*;Dr))=P115LhQQ~NNQq5+5I^Km?=k%mY5Oyc2UE9D7HryHjVzp01x_;BYPxbwOWKGLr;Q$?`$&ysb>Cl_iN;&HmCI!o42zXkr#)8xt=p_``tJ1KHA8`H9 zj4${_RSwXeuqNGzt81&8lWR7Z9j$_ix|S}>Y4*6a>*Vm(Wy(eCzXgC^&{=?Df7D}M z)-i+gbxO0)m4^CwI7!+8fR$803lLfSDUrkvu`$j+biETm25@b{TYbjbh-PiDgqZH zLHVsto|)d?UEVM;>bI`u^cj(xPojO+BZ}p9%jQW@>R;%^DX9>K8aC=(|J=GkU&tWG z@xLAfmbI?*;RP+V7yL(?`oW{s<4GPmAKu?FsqMZ8*o|lSEVdp0clT1TpW>CcxKC%%VHtQ|&%!e>?Yc_I>~HPvHy@YolZM#l4I56ee^7q7mSkCMhRD>) zQTHvYd23npr~(+UFN>Ksf7h<^Dr)VxcMtI_D1W}?aV2P}ZJH>|E4+Wk!2h%zjf1>> zbp5Sf%)&Oo;RYT!1e6!ibzXm{iZnKl4a?{JgAA(Aw^|XBgiNcNTZhrY;@ z=VX`}5^YocjI{)whKs_PRF#}Oq~<5$W8)u8zu*uM=C8=jkJqqeOIYQ1o~-^RRWj!- z8Z_)KaQk0OgJ%9ID{;xhy+j0;6y{2++#uV#7l@s?!5Mk}f6b3(F212EUVHAfw-glK zcu=xz>1k~R$)O$k9ezB4-5rImv9qwui@TxN)sKO2^7eKlH+k0`CdrTL_>SZg`l$J9 z(+4%Hns%XQ;govx{li2Dh#*!_=kM6c0+)Ins z93(USBLBjk`ish#a(gZNk6ztMhw|L@QvQrJt&Npxh`r1{+})>}y0?jpiw3t9xIuqm zqr&*fx!T2Rs7DWxB%%g;`!{b=#rDPl`Jv0~chiAdWB;yRBW-x~6ijWczIb|5b4zp4 z^ro4M7`7I4&NB$xiko(At-kWAD=%w0pFPBl*jMpwB~5#`R$nsn;%k~tX=yH=))ZT` z3yHhVwe~}N|E9xRtFQU?m6tOnYHco_ep%B1+rQRz48hl4)98aQyMo|B%J@}xkVAc~ zX)I54X#a6jX~){4`0}Ez65E)9vYI7k4Q#1>Suc(K;>!znDLH<&oMy_Fd^D?Ie%3>e z`KfHj(0*{pAnRc|-_v}P#^(?F@p&y1F^tb8>KdO*XKH+I&t%!QL2V4ISLlE@+_ujv z4U%;_;B5^y2FB+dmFmyZ+_SW+HQB-YYV+7~Gi&%qDxwmE1c> z-t7;Gz=RCCUkNt-CFuC##P~W6hkH}U2`mA4y!K}_hk~Y(AW>oR;q}v#^+K~`$dSlW z#LDu==L9-G=k_VqI_~l---#LeN^n#dx-VYakOo)IxmSs0ZjvBrAg|-;ph(7>wuGzj zdTuWxW#3ggGw5F&7XZYt29MG|6>g?*Nj79cjEB*(pAEeJRn=(S}=PtDb zkFD&hDOr@m>`VqII};OiGS6R4A84QV4g zp?eH+Cnh@GBe<}ze3L04btP0hDHhi!UYVFoipvv|cZ??p+zj8g8tlV6m8oY91s?No0&!MfLZJ07x={ircp~Ket#H)1) z{PecEx>JSiUu_?sPI81|CixQ_g|HN$np;^ZuC+e5ng?z{Shwzn^g`|K2qt(tf5CA^ zS^b!?uX6OCd+2^Tql|52E!0fFPYzUVpuuF!cReR4edZtVVBh(FyOa6nKh$^rt9CN~ zNB8xe|A?K;KjDGC^M7(cpY%uO?Sn|6zelR4ifVio71KBYo0fmwQFIDle+VrTuf2iy zf~E$}msY28Rg+0F>qt`xH*dplC~+`B{l6ut&m=i5o#Z4XIe;X~O7`a!yMekIekiZ% zkQg17EWeW-Hy>~!eX_irwTp|BWnUcGR=@y!AMWQ)4E>Z3a(t#os$|=BB%X!ChR(|S z??w|m4=9oC=BnHuD3DBl@|mWpgo_7J!r7JkB+8kZVPr01Q^dOk4{z0$+{j0VQ zf6MIN@JqfF{GR>~1FrWF8B20qp|u|-cgy{-{}=m*T*z?<+_8W9EEYs_`GbypdMIt% zmH^ywz0uDUM*ntvAI1H`^IpHk|32VcAb5hLyiRCNi%TY=DuY1F?IfviH&hL{(zcy>cbyBYwcQ zg~M*GpUw8;o2YxV(IOukjawDgF4ODdXvcRGzbMM5yPbIVF-uo&0LxWsEDK4=P^Z8h z`}NG|Jvk!XNNoMe>PPF(NKe`db`M>gF@K-CD#!fQm?CWgyORJ!|F{$Whmm=AfCObU zsEj~74Aj%p-Otfdsk92@PYx1WgHf*rqrRxur2&aeI=MNq+KzC3&0TZ5_nlOzw=V>vR`K|Yt@ba6fAmaJ3M5kodKN}!LLjb-I@H*0*1+0M zj=R#Ou+(&k*^0_rp*}b&6Jun~`QANhHC3|rI_mC7F}>p~m@fWC=A}IS(5hh|^c%r8 ze{=j==we6ouIb~e!(k$rRj}@hq+R=jw;;8!IVYwm#!Vbl)G-?;=d(dbT{25+?)5V~ z#-PYTu4oJ)u{>Skj%EhbU8SFc`Dr)8{ru;?A)%d<(Dd1c8@`!*^wd9>TTyBb8U2%G zq8pWlm}T7#{I7KRV8-7d=-0YltXiD*H^9L_Yq*=0F$<~ka!)Hc@*ixBR@HsWsgYPegxPI z%oO{bky&=Imv-Q$&kJSCV8CbQq$v*jOpPhT_thW%_>x942oSBz8d&I#RE3WUf@jTO zpI5c}eG2}g?0ff3!ym!Gnx2v)=Cl*#uK9EhM&%uqEfmOg-vfg9`h;N4kR zM{K${l{TNY{ljOx1H#_h9Q3=@#y#2b3kPZn+Wfr*gR|ZnAXl5&Cc|OQ2(veDn|!)) zet~=GKh#)<|KoCvMoYeVJtxpIZ`R=McunD@I-S;TLyOn0AW1=c)Bf(R7i6qG``xs$ z_9zi%tUb(&yStWhlO+!bVC~8Qppv>u5|nzX@?J3MaRxBgevtYK{1vK7zX}tCBMKkfP;I1S%^MH#Hw=GEdgZA9fQ8|PSe{8Dp?Ldr1 z;~W03*r}qXB1mvbNXb1U@a(?%U-NBz{ZryoL+@x3;SyTAa3*Yat>fBWD0y--9&|YGOx;EOf-*eJ=76+2{((X3@6;mBmtB&l3*2&Oh zl0L;=l4Tu;-eoqOz>Gqj4rCdlwva57d}boF;FEYINZg{mik!cRqPfipQnIWiH{E$v zbNjW_4!aC#ZyZNt*Jf6k63HdjyqM)FC_q_|%VtujHnq8t!h~m4K`Buw>-B!HlBC!l z2LR)@Z_Mfe0~|FWFa+gBS1 z86Wt!;nvdXEP!Seg7}Xd5Ti=HWmrw`7|ZXidRGAULylFDvuk!Fnq^O`2Wk4O>Ve!U z71mdU?3o*}-3m#Sb^jxPBlH6*gUPb8zfc_+i04sttYEYge$J}xF*Zh>8Dld%y=9Xs zGR@Ol1<@}IxaI>qPsw9ulxmfo{~=FJuU~%%Ko0Q-mY;Me~p%tF>`ve z)7Rxi_*M39B9l{!T%W7u`W%x_ z6GI6V+Fv}Q&`0#7&;}ab>s6Z~m8@JHHvwfzS63m$nC^(afTc@64`n$-zT z&X`1eO!0VVP$oR2u7t-l@R;$xD1dzY(x(^Y$mta1lx{Sw1@#gIzJ*ljC6^A2sp1$^$-i+}31 z#!oFeS#tJX#ygnnseS@QmHH54RmFmU>|ngotdiZ!Fm6g8Gn|m6_=_Nm%0f9 z{rqVu4J^Gr|NHU~X#VFWOrzCMw9~@M%E{T zDz{-b57TQrNdton`8DjF25iPy*KhL4q!YOKn_+j8*sU({W{})JNS=&Dp9TEyRt3vs z4$<0Aj)u>Q@M(=dNM2Cd{Xss+ye}}%>HmVn5PXz$1P6i&N9m5WE)jKKx5IPPO~%>9 zl>-4ge@hw58i~_m_1IITyi{{Io*9XCi7Tf~OrGAr9a_vV?0y86c1}+J%Fw0t8%7^e zSzVX-qDPXcLFCG%QzOrH6mN*kSb|g0Rm-PFJ}D`ogPIztes>A_sC?$3k-2SRLVQa! zJ(sp67Mb_7!dkbq@QBPii>B21jwzcJ_#niWlu!Nn`bgtp8zNT)>w`j_(6sV|NdR3l zSS9dR{qBmKpCEGM@}(rMFJ0?X-yc)z>Vm<`yIwU^K=sBYN>bYOG!V+J{+7pa1wrNf zU0AxF;FbKnt@N+!XHDO4pR5wFl@NZ_Yy6S^ld}B`+$Td1_Rrx*rom@HP)L-&X)3L; zbS=Mgtjx9K@8s_@{--O+*o42EA01m`(0zdAKLFf z?02L6{{NBwljkVvlb7}LrhfjapJ(;+qJBE`(>=9bq6gnYY3W@TAELWe7a#lQ@PGQ} z0sr>T!-}U^{4s<5vv!C*cd9PNm9~h@^`-54oLzda9v7BAqR0Phg#_Iz*pM{O_H~cT~$7bQnTVu0k zTW7_XX_f7&nbsCPQ~sGQ^Pt`|g$Y}qQ@*9{=2C30d+W*9&bQ(4qS5%LTpFRTV@bB8Ec!q(@MZ>iJK)Ls7}6v~xPZ0?By<&W)AJ_b{^e06v# zUr&|KbI0W?A?5Q}>Tb%GuYB7nzvJuq^s~O7EuW!-m9MAD=egtZm5}mzKtCh5kbdRc zPWfYdl+O(*+48AGD_>8Q&vVD+DC~Uzhl>4!MgI6wEv&i-Qb2 z)q$SEf#;5KP(pCvvD9rVfd_Y)3@Beu98~|k%4dNkxBO^WzMd+d=Z?!)Ldxf{)Low~ zU-|kdzvHZ)^q-htek?3sPnFMe$K@*_<@11kYCfc2`T8h-Y_IZf$}hhqEMHHR&vVD+ zD}g<%I5+7*!Lm*%Ga~}AUTFp`5HOc zOuh=an#sSLtN8}3d@T15*K62OVY7E^Ho0%_Ht@NpavDAyLE<9J{fmg(H%MGwx(HYW zk^AGD3mOk?-8SK}E1R13Y~A|pD=({SinMOIvhlL%O#_}Ux#A3bGR?m$a(|-a6~3_M zyIy7*3SU%)w#V$t-5*_61Tje!X;T4lz7+M zu^=_vloA3VfZ|pjICYGJd_Er8+#FDpmI6 zUPLE$!MvZOgb9W=W2^q{iYMX^3NsQK$1-JN12Xp;T-@BiQ~CK&#}TDU9($yrpuwF> z@ML#21h{$%SQ_95S|p-UC1c7a0aSxICSJ;My(fPIF{A*a0yjp$_Owi_+aEyY{5tCK znIFlQyBylHeaUa`nZ1)?JJC7t$Z$x^BPEM{0jz77f@$4YE2j_Tmdeiaoc9_+4n)@{r1mQTBd)E^0YRx}+V)t8sIIjnY zq-6>c0Gz_gM64PRTFbEvA5k~=Qf=KUU+$NWQT`Wj3o~%p`F4T064Z=t8szT7$=6*N zl|Ws?C7cTSje_bd$j0v{GtEM^2Z@tKVd0;9+y^5(_?z&3_TjT-iOCil`UX^>H4O> z8%b~8gH&&Rc~@`uRNfn=d%(Oh74|FhJJj1B%*C<~BI{sMon*L&@e@H;=#G zJpOv~`0LH%uea^u4~A&gE#EE7`dLzeBD3E`R)apo~hB42tz)Q9{hsD>di zA96d>eql(954njxEet6rG&olP-bed8N`5NA2=@4I22jKse z4vAWtJ(xF3hr}$TkX2GbQYFpf^^$IJ`A^yZr)K+q4Lz==x1}SUj$UAtQ=abXFSX@o zI?X z;@9l{2w;_t?{gZzX6Lw=L+QY8y6~H#6b*U!m4x{DQ6~3)GL`wv zW2t+J(O@SVs%aU&%8a7F1Pes}Df#q=TuIKI!) zPse2R>nZwq_NJde(PC-S^z-4ifuPaPM-KgpiV_v(5&g<4`t1q*dgjrunj8pxk`HSCC-tNsd%Z9Eqe6so^%VU)d(%&#XtA_u`uT7hG**@#}hRrK2v`t{7C|AUZzML<6f=;yZaEd2z13HoC_>A$IO`dfqu zbn7YldG@BCK+$4p)AaM)FQi`)(9Z+ZAf-rk@DW zUo85$+&YJTFxz?h$Mm9qK;QJ2hV=6^`b+zwztq#Ov>EzKq2F%b7X77p^b=J?9wDu^=r$twEEYV_+V`UNVN{&&;#6CwJe zqMre84*g)Z^YqvBqW{Fc>5ql<^ECQnebFED^eb(K{uuPzh+Oo?^5`e3f+(Y(tfHT+ zM!%k-U!Zd7Uz4Vv2+4!VGY%%wXi?e>{RM??gN@!re?ehx|4&o}QDGjVpR7i|o}yo%a_N6N zO+OK$zn~EM864-(4`w@0|FOO4FYL?yFDNJq=`RZDFY1f_B2Noxv-B6a4K{i=`it`D zFLD(`g?T*vTqG|0hvGc_fXbzRb%y>TPk#~gGdRwrzvxTQe@t)s`}IwKaY#S6E}I+_ z_eFoPr-igx`itEL8@(I-#d-7>y9%PhJf8mIkba(4|A5M+|E&!D#h(6R=x1=8OMmf~ zp#SLJ^bhEp{?d?s{7{Yl(!S^~^|X*SOMj``V54`VpF3^+WF}KY1qG$9f~YW$r=P_p ztACzGKcI5ye=|crhZ#x!OQD}ZaW4I(UxNOldea~2n|@ZpjBaMW{j)Fn%RMcm&C*}) zHrS}$=r7NszuZ+273T5umxuK8H2MLROaGrU^p|`3%b}k^aW4JkUxNN4d(*#f-}FaA z`lBKJ(Z1-9dRj=Er9bL6*r?s;kLJ-IbrnQ~c|85mkba&!Nw(sPn~@O5ZNj1E|UH{Wve-LRFQn@WRG zIRD$Wn!j>74DJ)jvJ)~;EzRuG;1D(%1c{m;@lO_lE0$(}*e*GGXzfuUK^lUk_DOS) z=ar06t;MjHKtIW{RY!ONbY)EeOP!pr6eKyoZ(BhlTM1Y`ms7h=Ev+5#8apbqey%-m z6FD$3Rr1Q!oCdhkTqP`fvTSY$PB6m7_XISv2A|Y|xmM8i`TKU2CWhR|7rqRMi#Cg^ zBg35?+R(x>`^aF_+F%qHDEvD}>_b)@(nTohsAScFEaI)qBubVI%9PA%{YOC|=V<{` zei8|lkwwSXf?v!hLRAU1O}hc~i%|x2bhm3{PB2J{McVS7<)PA3|7G_a9@cweubkMI zUV6D-*B9B;z2C@saXKrm6E#yxXP3BT%wq<}M|t}rZ+Y-~LTIUdj_$j#sXS7+g?+iv zpm3$Rt1ONDW_{#0E;72SvuBpP@0Qxz4!K3HHJvk8(t;*V*qZN%&{BJ)#SdoF19TR2 zo~C5$-rW)=YpFfm;t!qb9r=&jub@cY<|QZ7tJuq_>6b}*F(3NQbwRqAmfBq{|6x9V z5CK4;76&jKi^3jt6`TXw}oCpG-DavlR$2R~;ix*&1~%~Fh8Bstsx2ix6o zBiY`Y$CKO-=0`dX&FDu-dgr%;FS0zM{WPon%uxH8q0JOibmuAiBCf=<;n(+4`o!de zQ&{Mpi0^9o#Dsr8{=sPk)zNm>*C&sdNRG{odusJ{NDGYpogw-M)6J={)Gk?!U3t&4nzhrdT|L?< zt|-<7kY)o^M7dS$CyoUy6jAbiuf5MqW>V1md4KQw{PXi8SI(TW&)RFRy>{P6Hmzwv zdcNiY*Pq==4Q`c{B7jylFrmo-Y-p2Kto4B4|>0Yku z`AvOjBmX-06s|WZ-`pQbBg!=fX(`wEi}upZYA#Y!3Lek0L(Ne!%MMw9ScuZc;;6@w z5K1!AOSi}zyv-6+cv-jRt-sSI5cchJ$;%MjU}aOB%m-WgHbj!aSKPC+f-^ z@5=JXmHu4G(G|tdgw}(~GtV5zl`aZ@#vO%9eyLnVXR;=nBt$eG=13wkAKptj)lwGd z1l5u`<}b-@GOF^@L^BtGyrkI*7)T^9DOX`WHm51ik+st4!8aB+ciBP()r5IdJ}b9J z=9)MPT>0MGM`px6lsb0KzMU-+mq)cCyJkbpUrlCWu8;j;ch^_y$}1Qx_FeBmYlLJZ!G7soC%k*T??+56|!Ry7c$U?w*(YySc8_ zyT|EYX$oLvb!nEi^zi@R)Bhjoq<%j0rRY;J%Ts*qwEfG9l>htd|7zm@TEYLH`JsM( zj4Qm1|6bu}Ie*1QU-`B~DmXiv`R09Rk6QTVePfT3eOG?1BVW1qTa#8kw^y`a_%nN? z1;d*-n!9t3%1ht8pX?7RKE8RWDnsY=FV3VX)mFD?OfA7~eWWeZIqNIGMNetTW9f0A zG{rF8Fw4+ySZFxTun4}%+spxVKXb4!a_~&#pek~(CUUSTaKg#|&rTzB z*`=zSn_Z0G+VM*jLaWDk%A~h;mA2BqA?d&m#_9PvCYTlWkI}%C^}3eVb(3M0;X=bX zZ*8BpbWZ>AhZtqVhP{vaBeYzzxl{IatKXc*YtB>6T934H0=wir)19*K)jHqhB>wi+ z-`}^=Kgl5YK~pmLp4x6++JqPjS}n-yTDx@Vgg~nafxND}mIhks&tGa2wc?*@KwY;l zMX4rLW_8_M_roU9tgf55+{l&EbS{*d#GBQ%%HFlc{`oi0l={u{4HA4-*Eu$jO8aM_ z{qv0dQ)U0ue@}h0kN##K@WAJ)<=8AhDw-^?$sV=vU0I_enY;b1jPM=5%YU-Jl@Wfh zN9n$KTkMhFH}5ZwA{k--*o-hZ^8k^WQNyIc2|S3x=PQe{&xE z%Y3c7Y`J>BzHqvKUei|3Ue)rdf-bc(fdWh**ivaeA=vV&5zS-`3r=XJGr@u`f5{>W zu!x|9kWuK5&TcoxQGjvyCbiVRf-akX^Od&JzXFWJo*cpY;n7`KNPl|t`UyH&I$CDq zD?Pp5tz*)4=b2f;_%2oA#a-5j#U_AR@d2EyTT9Q#i$NJV^anxo2TAm&Nm0&M@THR!eCad= zUs_7=asdP{wGg}_PVkC3!5i822jTSx>GenAYstqiwM#v>Btg-zQRY8HW!@ZFi^7<6 zjpqy}-Mr8{bGPRVCp}cq;N4^3FW%y{`17P2QO|c^#%t1_>>)f8I2{H^jckMhi9PGKF5-WOv`<8z-l!+E@=yr#}wj?O0ycqTuvb9na;IL@zv zBi9sk-^jr!D1Oq}o8Q_s>EHrZ2rSi6OZ^*>E{yRDXO43cm%sJ5eE;92C&=%Xo-Dsx zdX~ZNYa!}sT5}N`qDur#fS0Y(orV8Pvfnn=Wf=Q zVA^z%m>0_si9n3Rh!v5Q<5)qpae5?XCLXYS87Ql&#SkyuqE)Y-WQtOR>4;bA&w>tel@=DlvB*?9u83?&AkwN|SIcCp% zI^f3A6{n8XSs4?3?acm_S7(?wwzFMqzIJwbm#^IeW=Wc_o&8jouiXoFU(0r{Wo(j8 z)T}Ny8?)-*YO`2h2O46Ma5}ittUb`d0~uNN%o7=Yd+td6JgbUdLu^**WN34N;5NK1?uQPO?tctY>Gs?k-(Pl8I6xywkOyUu7>8?TwU zbhkagcmAcs-6UyjFSQmb+ukY?*K93B@@0~IN?dIx>uXo6?;7bVL+tgY{S(E4j3UwY zsOjKN(@Cm>2TZJWV3+CXzcQcFiC_tWA7oZ#V~rkVh>cWU4aJu@>$nUO^+S}(1hw!iX& zXK2^6;fh}Dz|(-*kELCi@%N52uOR7{4<3F^U05f{(QBEtW1bCleg}d2-nLzTihDW1 z+e{Z=;I@~IoaVH48m{7(Hb)KE%c0IUn-lhO*)mD35do#85|5ri5|o5br;Aa&i|AU( zo#RVE*C|HVYym4fHM*81&QXB+8PT<@b)h{I(Y0)`%AWCbJ$KnA{l2Tdg%kvq4XFJx zT3u~$Fw!gto-85rlQk~d@1QJ&vSP?YQEu)>a+UV1o83;^&dqN2ZgVN}FVzMa?+xl> zO=FS^g2$&61V^MXJX8%XU2%{SLL?KTYe}HJ*~37fO04}KauYI`Zucs`f{zNta(ATh`0y6AG*Gn>o+!i zeFxWzo4PLHHISeY2jZ1ZTrvwZlBxtzzAsy*nJn$c>YGPScMaPvF{!emI!S-GZE-Xz z{=b~Pa~uh6B_{zgjeL^cB!^ru*+fd!=--VmX%|anP4_S}JDj27vSm5{`x)hbRe}0a zQDBo37?|uF&H#uLXy$kuFbtGU4AhwaJF@ZLt=|K$uDE4?2tTDHS~ zS(2Ojh4jn@qjRh0Xb{Z_w7shBReJZF{@F&p(;LdC|Wf9PynwR6F`gw?nAb-J&`y)CVoswMLcWhaJ8 zUlrLs`1?CFSGro_G5W&Y#yHpMv74T zuRfEU!Crh*P67os(}xrl=D{wp!jwE^7Lz~H$otLynfWG{QITVogSKt3E6N8O{Z;9k zWkGq`qGa{chB_aeo|mxLC#|@N7sqWZ+>=)tyL4M=T8l9}?caSjD#>BCR*Blb+G6an zI4K&7e=70UUgQzYZs;5rnJ-N+8*MO+J#RjOs_(e@m7I|vNBV?1-G(J3)jSl^s&*x+PDO%_oFfW)=!_D z_)z20$Jp2L3Prwz*;O)zw1|EAJ^SkB1eH=_lYNUEZDv1Rh1weTn`E{O=7}=R$8taF z7*+0LuXxH0-;Zf!8q<2w#N_FE!t3Y1k$*aYM{{mTL;155N*eN~Ab)g6h$EdKUz$)C z!%DZ;p;lfyL~qQ%XTINa+Tw_~FYpR8Z?j~%5x2_97o!<6jS3d?4I8!Wyv^s+lT~hc zdx7^@wIfC^CVnYMCLa%ItawlT(5mjK^}p#UTXLB>cidX0t#xvzRmUlqBoHn4QB#zW&p zlTni7k4c}HK=){(Yy3_QcV1I#l$cE{jv73y6zEo zOc%SKb3*}|e*UU|^}HwF8Fe?;T%eal4amFRKjwO%k?Wmfu0Pty^}k!x#sAT64a5H| z=6axS!|SidULV@<`du;CA1#l$-n4!$tb4?rddqI~8{=8(oA<#nVLbPh4I|FHBlh`s z^Sb!gd=oFh#xoaLoKq@A_Ra*K2Nwsn2=WuZX>_57I?-CH<%^p(%#=XU!P3HLC$mfUZ)e z7E{4h$61Rt9sgo9+jpxAn^aL@q>r~#mQa40((hSQoIDr^ohLI z%~%@^zdA7*ciEpx;@Fhe^O?w>j{Hh#Pi*&r+oI3Ut$QB-q5w<>B)6Aoi`f`q8aZqz zpS$YzXwV182d(lAmm4c!Q}TUtM>LQx6Qc3^e=VQlXUk_5Z;|48Ze959;qU!-=3Q@o zzWd~_QLzuL3)Ts?$WY7`eHlw!^zHW-WfHNu(6^}Yu$)nc6(?m^RfhLid?=OmUXR4q z8%*(LrW?DbJ?qs^jBdmAt5DP;bN4LiVy1`Z4ofac)#muQ!&3N4&agBm*Gco;Sf!7| zHkHh#{x>yVK0DQ171S(!Uz#w7n%(wuXQq|N?@Uj3a%ZOV0YG%EJfix=X3ar#CqKMH zAH6T`OebuXI(Mas(WHj@I)X#f+!J*<+)QnhsCmT1vgDcASk_F4Hpzm?ik+SOE=d~3 z1^IpR9;Fo+r(;!FP5sWv)rZ|?b2(TjO^r$}DOU8<|IUt%MJdEDt>kRQDpRq_EIGMB ztnPTo#Ol~ctkS73DOShpU__?AFKw?Y0Z>O-m12%c%9ds=rn}5NP1l=>w)}%T^Xa&l z_lU;aW=4}fm)470RP*|v+}_sc?8oD*?W;?m*%gNw&*faScB~WX)yzr!)Jvte)y+^| zRkA8JAzr4RwXt;3_b)d-6(`@tjmbBro_uO9Zxq{-@Uu^FDWsCD7BR(5F@$d+}LDZ;{<+ldo41_ zEK4sSbw^4-B_sAfDvg+ol+}+)FHuZJ%2GyUmZbX@jnws=QCTJJb(ozqD!ZhOzJk{? zXIM|)jnzu>RkZ9PzBNh^(P?nty&9=|{Bd`D-9z?j>mE87n(40B<)#W@ zcgMrA(Wx04=Z}B&r8L*SxmtXAI*^ z8fP>rs^|L7$mL8rXVT4??lTVIOeSYC&6y4}RE#)TIm5CjMx5-NVcD|!%H34mjGjIJ ziL*@3X{3T=^VVzH%IK$TN76sU z?D9KJ%-#$?Yh(6AUCi)*55~o<(fVEe@~1WV|Esrnu#x&heq4zEP`E>54auN1S&xg%mZ`5EHDjR1}*^;!MWf}a0(a= zP5?u}VBiORK_8F}dVoW~0iZKT1N(rzKx@zf)P5oS3H|_^K^S}oz6AdPAA@z^U9b`? z1#f`G;05qBcnmxU7J@s#&EPt4HJA^s1XqCRU<$YtTmZ&{v%sm~Bv1&3f#bmd&<`99 zdV<42CO8mu0s8^QA6*~V10;b2u=8_aE7$^l1mAXJ!JXh1a6Jft1)vPf2A6|kFbP};&I9AXX3TA*3Py{Xl6TsQvbZ{~_5ex?o7zB<5xu6#~5*!K+0_mV5*cY?|Z9pr~4E+5c zVLSK@{0wTqH{c8KDfkGi0dIrlpc=deUINd7C&44&esDLq4crK>1y_LzFbB*8Q^90# zF*qNb1I_?r!6+~S?3|;_FgU7&wU?I2z+zhS*SA+TBN^k|34yJ%h!3AJEI18K#P6CBs7&smb0R6zx zpeHySWP$@h7qA~l1wOC`NCF99r*_M7w}LI;NANxP3Va4OfDgcXU=>&f-UP3J7r`^& zaqtkh7u*SM0oQ{NSOChvY;ZX!29v;r;5;x6oCd~#k)Qw!0RusQkOPhaM}Y1i19S!Z zgZ3Z=>#=3!VTEgZsc;;8t)0 zxCR73IVc4)KnW-U7l8@jY;Za_8Jq})0|yKO$AVnY3mgd!1qXq2&=Kql+JQEp6=(+j z)?QiecJLec8PtGpz!%_C@DW%8-UiD-HFyoY1fBy=f=9sp;BIgmxDi|nt^yTc4wwn1 zg2~`wa6UK(oB_syQD6kf2YKK)a17`TvcO^BV9*V80v*8Kpe;xS&A~3M_IG!H-@z~7 z2k8U@dqDtN=^E>)>VZJa`H`3LXIWfZM@Mpb`YZJTMo`0@J`{;1VzqoD0qb zr-0Gm1TYi~27b^N^a0s`{R`YfzyY8$NCW$Ty+CWw0@Qva{0aU5n?V?S2fhUV0Uv{P z;9am1ECp|X#oz_-G0k=D6kGttgR{V?;3QB8hJoY3 z0MHK{4SIsZK_)m5bOHN;RNw=9fFzIrc53?wcPrQeegxlxufS(u1NZ>E2UdY);7#xf zco94U9tRJBd%>N6{VUw-K?p1WWnebA92A2|;6iX77za)RW57sI0EU2ppg+g~M}Z?i zcaQ<)9k823`WsfhPg`r?~fnyTNVXMsO{- z3RHkOU?!LfCWDK?`QRLI1{e!Qfe|1d+S%*gI~Z8;9IZ>Yy|7UTJR270hWN*!OP%z@Dz9yJOJ(iw}YENB?y9fU@n*irh&`A zC14^r7n})B0i(eQU?><2{Gc!B1F}I6a0oa6bOvc)AFvl_4O)O&?N#Oe3H|_^K^S}o zz6AdPAA@z^U9b`?1#f`G;05qBcnmxU7J@s#&EPt4HJA^s1XqCRU<$YtTmZ&{v%sm~ zBv1(0U&}on3;_MW(V!p0KJwZ#52>yCc*am(DKLHnf4L%2-fDgg@U^RFPRDoB)BJeDD z0z3@v19yR2!42RV5CG+%6wCl6pa@(9CV;cS>EL8=A{Y)FFbEtAazQU}Bsdft1kyoA zurFu_+JIJ|8Tk8MVLSK@{0wTqH{c8KDfkGi0dIrlpc=deUINd7C&44&esDLq4crK> z1y_LzFbB*8Q^90#F*qNb1I_?r!6+~Sdj# zTmmM7bHSP56fhc`0EU9Wzz_O@J|G+P0Ed7BKxdE!_5pi=)}RHbeOvew`~fzDF!&C9 z3H}2<2J67PU?o@z-T;fi3*c$+7na2@D=zBYycmC_rNN! z47>?m0WX4Qz~kT{a4)zM+ybr#A+P|Hf!W}4Pz)x43&D9{95@Y(0V6>H7y<@@{vZb& z1&#pSK?djw_6O}j3fL301c~6URl+v#EBFbx;A`+X_yl|i-Uq9}Tc8TO3KoH9!4u$N za38n}+zM_0*MI;h2c=*JC;>&_A}|4*4NeCqgA>7U;DABkSda^Pfg{18;2@9=I)Z&c zJJ1HS0?okRD~0XgH}Es40pEZxz^C9Num-#hmV;{W8h8mj2c86vfcwGS;5Kk0xE5Rm zD!?2t6HEn@!NuTwa1J;Fj0K~>2#^o*z;WOh&>Lid!@$9y8|VZ&fW1LmkPMoGUD`?1 z-2r|FzknaWw_p?42-btO;2p36ECH{Bm%;PkDex$G0Nev^2RDIA5CrqUTrdkv1DAnI zz(jB^I1`)#MuQW;P%s$yL0`}ZWP={y5O4tK4AQ_pU@y=bv;eisg+IX`U^57V@4%Pf zKj34q4!jFif~DXMuo%1mo(7MB2f;#c2e=tr2d)P5!Ij_&Fda+*mx2qxcyJat6`TYL z!7y+<7y$Z#qd`w_ILHJCf-Yb`kP3WY50C^Bz)lV0xm&>&@FVyhFuv!01~z~XzGL4S|~ zjsi!3?jQqn1^a{cAO-9RT7pFI*D_%n_!ayFT<|sc9DD*k1n+~@;4M%EUImN5v)~Ev zFt`ug1#Sg5fNMYil!H<*1C)Rwa1odQ&IYH0lfj8#IB>uqa4g6Ly}*&+P;d}P2OYt_ zpdDxfT7hQZZ>`>Uw}aon&!7f;1HJ&Cf{(x&@HSWus=;gECGZ@05VNq za22Qka{&7XxKqJoa4|R^oCD4PW5Fme0_1}{a2z-W^aferFmN#F20DQbU~kYCB!lK) z*Aig|_#ONLegNNsO<*Hf57vTrzzVPgybfLl&x5DHqu>E>54auN1S&xg%mZ`5EHDjR z1}*^;!MWf}a0(a=P5?u}VBiORK_8F}dVoW~0iZKT1N(rzKx@zf)K&|Bf`8h2RcwGq?_14d#O@!4+USm;x>Z7l85LEO06~ z2^4~1;CL_q^aDqOp5Snh2@V8ZzRl-)V1^fuU2Va5Dzy|OEcn_=s z%fOr974RZ>20RWP0{4PD!7bo=5CRK88JG<&2gP6#xDcEN#(~qo7%&nPfFWQY=nrzh zQQ!#B9b|y6V1Ljaq<}p^OOOcudQ;d2eg!`P7kmvq2cLis!TVq}cneg4SHU9iEO-Ju z4DJJWfm^{1;2IDB<)9SI041OZTm&Y7v%%@$WN;!F4jeED91C(mFK{F{6dVN7K}WDJ zXb0MWR-hU9`wd|`_znCFYQQ((3-BrU2&@5bgXN$ayarwZ&w(ewBjA2;H@FSl2(ATJ zfeJ7O%mh=xWNCx33wg644wy1fk(ju;2v;0xCvB(AeaZ{f>~f1xC~qZ zCW3Rpncx&K8k_)zg2BKK`hq?n8}tB&fCE5hkOuYvdx6%V1*m;Z_!ImAHiIzu4txpz z13m`pz`I~2SPI?%i@^)vY48|$5G(|DfSbW};A$`*TnVlK)4>#QDYyWP2WNp(!AYPH z3&=u?t+Jh9ZCuj*0!C$Wk+rY2jC*Xpw!RO!;@F92~tOjp^D)1^;1fB&?fQP|- z;4W}0xB*-P0-zj}f*GI$6bW&YQ}rX5T(Qb`Q zq7SqPIk0B4@7abk^>;J%*}UbSu4`6p%=$!a&BV?`+Q)uX@gdrS;Fwhb&G1~SJ?+g( z^ETd^HZ50TW}#iFXr9Tg%HCLaDkgq*{^c(X=I?q7f3(WVY>fE|H<)E9_T@gk{PmTA z1kK-FTO1B&xuZ|8(;zeTo>1HSbjhtgvbMHTQ$l;XCr2*osrkATUhL#*&yJFjn&YmS z%9?`eet1OOY)G@%Cd4#mv-QYI_XTs^EX>wA9QQ%}wClTfj);3Ol=Q>oe%djj^J#qx z6Ig$<^I@&+4JCbO&-T_?*VU=Yx=Ea7TC4lPOdA37O06W(6j(5M>duag$o zD5W%=Ho6j96Knm1>`4DwUg(s~%J6I7(9b+YYD%k}pR1JIOKK@vVN=o#AL%BWC}}0P z(d8IjaZ40msj|Rr6S<~m`sqseB~NNj$3m$G0{moUstK7Nz%;dH7n(@0=wj! z6;1l;i&e72BKi}|lVaVFI;-E9m7Lh8WY%W@9If6Q%RYDGoQhgs`H9@B$>EMu zv97p{>~nO+SYJhV&Po%0)?Vm>?6>#dZyEdjRrY%v$>SvWD!yc9?t%g4^= z=z;!y73Fc)70AoF8h*@s%QGada-vaHIy@9vxoC{xAx< zSA38YNb01cvi^TB4`|~YZJ^XSRlmb+^p&VRb>QxMyA-Z4Hh5ud;;%lUVSdZpJNXt} z)*-O1?7Ob{TL0mD<>yxZtt-+Ce0j?&!zqK6r`Kg~47bYOXbvk20@VY`Hgz@mKfi2y z2VccHEtoQG$+1lAzgE(8o+#88!-{*f4elT?& z>(AbvvQMzh-GMgq0;zY$1#bPvMr9p$z3^Yl?*vnqTlt+}8-1dn&2lG@`gzzmp zCx12`zO_F#pKMxFmpRp&TIg*pwUcqnWGB?GC9xXqRDZ3rZMtZa<1WeC6{Tfzf%Yjc z>p%Ss+(ohkYN`F@lH60St5sIY>muiPhPk8<1*CQf?@5pL%iQvSS}u(hxKyv6myZR#mt8ydc!#^RoW$zmA~Ve86fh+}3@n z5>Z#U%k?*2s9p$lWV}$u{yN4Bc5y^7uO@2s`?%Gwbkf7@gh>6ZRradvb(P_LY>P?f z*`?4dzun;kB<|&jl2Ut^EJ~1C^GE1k<#26*ct*Z9d>p>ty1{{^s)UtlSHXh7s{9W& z4ez$5AaTintxM;Wyi)0ehH1-(m23}Lv2NBu&Nh7kV(n#ZUFE;)ALwWGmyZ8W!~dHt68AD{Y+=;6G29{2w6!538tGR3-&g)++pl-%z|(rxg%N{&DB6Uq?-|;^x^=Fq18rZ^AJ0Er(P_%D z*2A^Y2j5R`rd+x*Ci7RUn%d3@>dL7qkRzp!n#h4_oB!o1+&)6n{&ni4dQ#Bk5*(Xp zpC6>>*Y8AfmBHFTBz0?bv*LsGm6^oL4s~kZ=5sCEHagWik1P8+(MjB3wh@hpQ74dT z!e_5?3y{S4O}E+sIAxJJxyNld_;WAeT#}x{acqO7LU|X z2Q@eK?YCc?vR%p3j#0&H^Tfi0+KequsK^QT6#d~IVovyAu`rx2jt%c`&ZHWuUrgs! zAQfe4asO7QVry}>@1-#N0H1z>Wb$@Qg2TG+eDXCtZ z*c1Bja-!;g*V+^{<%?gjNFi_PU4quycPRVPwtv-bNTq4!_Y-8YoVY%Q-b(sb{iN=U zO_0j-y#xtA8ug&oe?F`HRbNw1D)zCpTFsJjUEW%qSUlQ$v$BG;wj+63Up1LeJs+*D zmIHIby+wccNHHheT`a7m`QVHVcQU8;HB8|`Sl-gn{x$4VLvQiE!TsDyzf5u14up&t zSj6YpuHyJ#Hd3!nh*(*6V^(J4cjxZnSKQWJ|Ca&@4XagYv3J}{)c;hAe6tSnE$Wr* zpR?qC{#=J=lx%QnmxMoXLL>DJ=MOGB(CPkmT;6fIeQLhUtSxvW zQB(Jt(%tPCie{M2=S8A&d^9Rn{?^t%tESD=3&mwse1_HSzKVxXhi+E+5xIX^$Ti8hY zoBXf%?b@fLDC!qlEp~KkIB9W?{%Eh8th&71Rz-ZW$;tY@OE0DJ6vbBcUQaD$#f>Rk z_M?0lSnC#FRa>i^os!^Q7{u0+zCOi7>zg!1YumMvXwj%jalb#;i<@n$Y(yF#70Ep%B2D=E$Xo0Fn)eUf?fcu+`6ru= z^{Q{jn%KAGRXeVU#NPe+953SGhrL()i}3erB>V~+{-O>F|F*jDulb*ZzfZ|tzL)%J znMQMNDCr;@{sh9$tqcE%#>2m`zJ3bnIrRF+{@kaek1Va{+^=d&6B4ku7TWNn9j{DW z;(KYeS`gDxobLKuMNF;0Ee{wgy6a@4$Dj9=9M6WLdVJ_?Pmh%~8a8S$=vbG0Uj2Dl zBl*L~sQmG#Hn5}LNV^86Ze5aCTtAD%2yP3#9=?}~vJ!t)gD2UD|K7CWd>kvVnr1-t zcg>yZ9mhG{-cz}V|4}}YPYNu z9=d;=rvjUYQkzhN^$+*i_-El?Gx4vP1mbs8!PGd-#^TA8HL4w(PBSz9G%82wQM*q1 z*`8W*oD=LEEK<+085aq)pT=?Sni6e7L-&ZPsOjz$T)0dqGBDM4;B)>2+MnySO_av} zPBKv`NmW$bpc&(+wx>?y)JHm1X$m|OJ0pp0zrT7`Y&@yNrPUl#7g-xW+v^&?Q>PiY zWE4*EQ?En&)syG}@BJ!&a(^qyEDqTTdDS0LW1^JY-M+u@!7~KZfP!`#w2d( zWX*%8!PSj#uIjY<7I>m*zeppA^SI48{C!Zt1ur&ESs*;P`%$*zQNpoXNK+dE6=FX zZ{MOR)E=?lGCflMlsPw3b;}ir#oEoxt5o)r5_X>HRVt@A;XY1iieFz62u;ZeA1W5A z{-gTQ6jMLaIn|Fu74TC`{b-7K^$Ll&bm3WJ^2yNmjexK~>p21n|V$$m!M{OUj2<|})^JXoHw zP?9lpa;yFZJN+r6Q~wcE1(X_Ab*et;+HkPOjceSw{CpaL>J@02ClBci7%g?B2@#1%B?9ImD zxH*TLB~O+fmg-+E%)jtUa5w+8l-*@d0Rf}X_s-$>lxvM5y zXXDRw)tP^52Xy3aaUYqB@T$G;p#O#+5-!Kshpf&CdPbu39ha}$^xpJ5-%BG}6y&b* zg*Gd#3xbZmN+u!MpLmV0>@Ux7atZ==WQ%TPXHc+HwbH*=Bz(eAHpWMh8 z7woiGuwbtiGQUohL=f#Me77&pN9^b4AMKBZ_VXcE6pg6;Oo+9geMd&^XGA1$dA?4H ze@8F;IVfHMIE@<3A4d_q*HLeb#@Cf660n^`=FvFYne3jcM9050Fr7n992m8il8TVV zWR0UR65XsaryyfuP=7qDK1Q#0{|MXYX>YQ(OOEzTsL1H2kf;@_3}#M3oe_ERSzGET z8;Q3hr>0dsOLA)dQ18pXwj^~9uI2rwmD1%|RiHX@p$={9_xL%HMv*Pd*N;W~=-|a6 z-r$8w0aHJ$zdvp6hT;OMD++(>k`~3SHB_srON){YI%#TN5%=v^URhu4&26xqMvG-! z3GQ2%m`XHz&Wlv!XI(k0^zR!ln))o`s#~`F?MQHCKdLyrm?k8^^>Z zJwZw&&DHQNGS_SFkQqj60}T(X{+~-m|I6l}e+@hezOHm?=xpv%U-_3Bd#uc(tBH99 zIvAz{I#~SjPu0GP7j=Dj$f;F-q0cw(R{c`vpnX2SYrj8awMpEq* zgUG}L-LQ{ueo&^MqjtXXLv&QB!@Y}pn@bfxsic;p^!J>QmpiCu$vzxsahz4sDtlc` znd&cgYRq)m(j0x-Ze~vNk~7^;OreM`kOt*`J%_NwoK~~p3*Vv_?9i@MFNdL<-1C%G zP5qHcL#B49$MA~2MV|2T;mMK&6VEKIe9$-bMG`g4Bsm7gPz9-DCg?Qy+? zc6Urw1?YD{I=bX|(+oW#NzKr?vrIGlRC}r;r!M7`l0}tSQ=4wgBSy;!lYgw|KGyTx zSp~UEe4%DaDBVQ|dcpwu&0D?UC<($zZ{+CDguxY6C40yt49;Gq`guEzuC~mdyPdv4 z-+Y=-`Kl7n`%nkNgDuv2o}_oiIO9pS>bbb`Nkx+SXD~fZr`p%OXcC9q7#?i1jv-&;$sRZ>;>pyZyjjD3 zo+o?X-G7^%db+HBvaQpQiFBE@8(r45yA_H1G1Hfddd~gMc7$z}XWU9h*z_!Q6}_}o zO~q-`o$k9-Wt)9A63Rn;;P!3QZD4|O&wkC1+KuDHf1I|}ia$~nw^&Q7XGONZuf={rLv6Ii3sOt-RFvycO;Z8vXOi7~jp2ANy`Zl+sPBDYq%=b2lV*jvZi zTi4oK_a@YDFOTc*Sx}%}mbJri5s^x;Z;{STsI2KI^*5~cM9I`y97b{b$ z{-c~(m}1KBigmtnO+!$d?4a~d&Cp~w{^YKmy&uaSW15B5mS4~|Yv)+Zk{ zs5`Gh=XEYa=a^I^KUky*7zbV3eUQ9hMh4$&O;(Q)&Og-otkr`O7PsRyp`=aw3`!WV zST%-(;ej9Wm4st=*)JE3RTXWV+=>axJeC>rSkK#dOy9aqaEJUA`+)8YRJ;33k#_W9 zxWn|f62F^l%eOlUJgwDiX{@Gb_0!1sH=diqOh&d^bwMho>b=%r%SjBj6c31$4`x8c ze*YmS*;nzI7wg&=zHa>R#TeumFd6+w=w}yF7_G~kuke8#X4P;IgPXQbjk>0 zUL=g-(zxfJNsfKqj!)~k4#nDwe@9wLCnq>a2~ih*+^ukrwKm zdT^yThm6=oCy+fnR1?U~nP%K$-vP#e+a$;;Pq3#l?WrBLCushBU!Al1uB*Vi2M_a< zPCiVbyh*FMzA^RN_8a?8r(v6RY)gLnEx&ndAHBl;WUAiaelS!`(1xEPB>krLsrS4b ztdF+v9%v&v<}lfY`PD9kSwWb_N{rNQi9)Z-TQTFK_WKU{dPNI;y`n`)s*YOfsAWl$ zUsQ-@J#!E*S>*dpXE2dNJy8kjcYSQV$#swOC%1ZbyQ#hFCIgIamaIwCngO64@)emA z)ks=tCecKqWo^GhkxICp;N8d6Csg+x!CTFTpBfpqi3(}-_uuc&pXA@ohW45Hamw87 z{``*C>)5YQHa?PX^JkgLS81{c8<~jznn>DBr)4z z;pPlHM9w$S#v{wsbH;}yiAYCz*I5Uw)zTEZ8@VJFWlO7 zwED~pW5QBS@s;0$`a(%{C*=Bbhp;eBM_5>Rn@Ijt6r1q zD>|t34A(W6Y|LexQ7tHlk&z(m3(nCC)PJq;HNPUMSLC95RsHa#D!)2zd&dSBEuHO~ zkfl%yQjDvyJ&}6IlyA9j&+dow&cR|-(bp|wWpa^J^bAG?$MtFwD=}WE7j*1f>l{X1 zKZSdY2J7owhw*i$gQ8}D0<`|^GTE+72+u6r71~yu*jGtapn_AyWQufev~JeTF?!!; zj4?h&@A;kpBTZUku`ru87PsBRtU=aT+^XMZjm5P(aG#rq91-vD-al9=GS?g5yOug# zeIJ{6`?2!h8#U3G0s$c;Sg+@8fe>o@Rco3PZBOgNOEV%bO&X=&Va5AMRxS zMJVZo+m6-xDlaUraQUq|64uQ&tRqcW8*cO>kaP%Pu}Gwg4%}yLNEZ^)U@xS7tW^7L zjD%ERLwd0{Qe6`b=}G-IAw8f2_k0^tIw9@+-p0=h>8np8AvLoh1x-kK(U8griTKUX zf#TQEhV|jC3hU|ku!^E#ElM`J@|m!<-w=skE5agvyLw5gwPt!p#B;mN^5~zhIjzxR zG2TD-Rocn3^e}Tb-3xwIi>v?jyhY#tkRc@1cJtn|RR`_`<~_Q(Y*}*UQulUE@Cv^i z4Y1xp<6gJ!rhmF_{quZlU&>=F0F#YpkyZS7IR`UWzSDu>h0znd@Erj&0i zQ9DYXTBI-b7%vcgNiLMM4|f{@SLxOTr)PAar3B8=_gS(x;wB=$>-i}6jsXqaQw>8yUJ{$~KU?;t6l-McTb&q% z%;+EMj@ko(qvO{~URh*Zk1h9Qx`#D;RFnM}(;18DjH76t zNZ3UvoaV~w*h94cw*9j*dT#*ExOm$#Gy^0&q{q`uKn1~O1^OU!LGIGx6~v#O}eL}a~G&kqPxnIdMey6XnY7{1$A736!r#!%^4XWdP+N^@kvfyOYH4LVCQ=5EuB46=cyDJte^#yAuW_bb~mg9Iw8b*mS8`Ksbz ztN_vS&XcFflpT3o152t)*_xy3Y^u(CMCNDjvh_D5=*6-prLT|Zj{dI zm?oj5a_cOTa1_mC^r57iZjO40iLUcIikE9(UAd}Xl;(ux{-W3T%WG93(t+nA#x?FE z#w)v`8YQJO~^B%A!kKI^Hn73CVB|El&>n$h^5r)uG?GBY2DFywF1A}L=kcV5+FbU zP2J?MoTmiP5BFeAo>}fs_A*3hWHQ}-@~rRuqEFg~lD^+Z=6|2UKm!hsC<&DZc3n+? za$H{Bm~7xJ6trjDpNLr~spX3*P0#iM$dZ|>oNy--xWZDBoPx)_mnxxA*)3bG%I-Gd z8;xb5F)Oe-g4~-3SJ9k~E41$l=f*3K<~Z^yyQ*%upa2JsUOrXLhof}#rE`=Ufe$KQ zsnvgYfN^r*`_`_OYt{#*;vNrdR_8^>4)KpGY}}-3qszuBb4QQ#sI=IK!~9b-TzJ3o zbEK_Ym#x%)u5pXl3{~&g`p%-O z+2onyWdz1SBJ39(t*~8bAFL~uQJU%R|MC^`b~2~zRZJ65$~IACxmO<3K<_nAHE?29 zzvWiH%BB>v|5g2ln#RZ1MZK5fUiAw~j;-HlzPG90Q0efM|0=0>U%z=o^=oUV4Skna zzoAxjwt1^pze%-kRsCi{q$*W>x)+FXBS&$!so&J7i)eu=C6qh1e#0ug;B4|_+sIu` zV5jY0JIz$rr~zHq*4BW`e3aeSfV!#%^p$Gl2w-YJUFFR8#=|gdMVkGq$_@RuuWEK| zz3kJVexp&nxb~N9Uj9RELhAQQa$e|l!^LM)T|cd1_~FOuGNGwIU7+wYv5jpc z@L`o+W&xv?(onn0?c91l72Zdf45zYUPCq9ukbZ`2B zTw1KI2~7!jH9ljJ(HqNV);>B$WHs)srt$d^B^ouCjN{Ou*FUX@PDI8c5=zC(YZ-Ge z4OJUVS4Jr5oVNW<`|MM%7%J;uIuD2C^QDxVdwuP6T`Lb%bcMW`H=(2+ddgkVR|{zs z6BS*f^%gG|DZ%=fbsV9jgRddOnygdgeiA0bQr%E4prCq0CZk_HP5*-WFErOiic_yb zV2yE6D8u$;*HzB#Z!cd@Y`jjgMj0qhqL_9|{W?i`C`Q7gBNF<`uQy6kikf=K&HI{q z$;WP_ULu>YctHU5Nbrc^GF6S9pZ+HvQa8EZ{cOKJv3 zY9+RO+{@PQ3(3C@KG4Zu@fH?Ppc4{Gd9ENv^JMH3pJ2ewn>4Z^7t{!<8m;t|AY7fccJdkD|wjTSeb97> zaU4Gd5Xm@>an`=?pwGy7k8UJxk*zIjp1~X`gLwxi#r;DQKf@=JTw~3b>qANR6OxJ9 zDUlG&OcC`7G#Sd%3PqjNN04{Mx``TnqnG#yo$6tgtnmFRXlmDRz6WODsF*2SYIJTJ zh4#d5UNY3aB<5-NuVRQKjr=z}w?{_F$7YzM z;oy>9XYIR{wQq-a__1$4maFn<76qy4WuS9eHar#^9v5lBVz~n&maFcYJS7Dc!sYX$ zmOIwH{97zUT~EG>pJWTB`zbm<$y5o~>$GRUg>eRK`u}aG*A497qV$ztYtW#LsT3BN zHyZ;TYy8j7Z@jnLjxYMyY{!=ZG9|?RJRw6I>#otQ3*stf2$5&x| z$5)n~q}ms5ZRO0eon=%oZJ5O>nlwq;b6A>VrZ-Kflvc{GFgfKIZJ(v)OK$&apXyOk zajSyhkYp!!d1OvXcakHM70EJ~BKNC4UZ0La^yJekOizf~=;_86?o>tWl`l=zrlMXy zNNg8L>~WKZ?Pedb8%wTvzH$3yeZpqDKH+eTZ0?Vh#8&GQY&FOGE2qhHbq2f^@;8)p z;7P|Zzsv2omh_8E+EZyJhZ)n$s#U1|1w|^|&bfk8D2ZmXDk>}7a|>&0=a_NoB;)7Q zma9~sLv~ffz_RI6Wqhfmy$XEyD9t{sdyh$_$;q_Owi^F@ysW&Brn;F4Dhmecg_mkr{ljAqLcb-K0UV`#lmfJj$spnN~VlgYTTHoJ7TB!6y zDh0Y&pmwcH_6{fLS;O3A7>RmhD4r?2-4_pwwY{2$qQ++Z7qv0@$TVW3W*lGyPoL1% z22XNU^s7>g+3vR7)xK-5Zt_tar7JZ|l96Dz_s|ffmUfz0k-g6Sn3*lAR7Mg^-a19)Qkv;M@s5bA``)2m zG;1=vW)Jyilg&S4vE#WvE;N!q;n{@uw`{s*S5@53rTU$V%36<@M`-O>HT3kF0bQ@e zP5&k*QSu2j&n_lDrhm&mGB719n|#d%VC?T>_Xp-a$c9v7DBYwi6}6w!M5eKzeRE>9MnufdXVo+O^Ou5K>CA!+plr&i+iQfq( znzV8+)pN3xx3C~1p>^RW^E$mL(;copYbyDpFDGS8*Izo7{2NT2RH^G8ruj1A@&>XP z^`Fo^qW+3VM~NwaPm^sa7#h*CEm;|JXM!o=)|DhZhf-{b>OXCh_E3XlqkH^+jL+Q^ z^|@Z_JGcEet<{--V-*E7r>stEA@WMygu&Q{2)-K&^ECuX`xw z$mYLEjnp4hb_P?}Ktv-uwc+L(iJ<(-Voa=yO2p12Zw|%dfWVrvuab1sqwLSbVpV}x zg%2kV)qmQSM~=$O9+YsMsXD0lMWN)8hujx^Hw|!mC{r zf+>HtA_cV{s%ediqNnmG*EOg9@BBbjp0=VL?0YtOfR;{GO16^Z0l}1-zhqGi?i@od zuBa_(@1C7Rnq%V?tMH|T*eEK}MA7_^zlCv}Zr|pbNWExuMrS2*8*{r!lkmQ7x9IcT zS33Ru1APg;dt_KFN$cr*<-2B=&DQFqz^~b>0!vMqXB1acEIBCjvK8q~iItai&kHOW zP`$mmW^ERCCMi}o%MVoN1*$d=h#FUtdETU)`}htoRm^%QlgNs5z2vFcOK(wKu&e5h zncJ4D2Bi`Gz?SM=%`3K+bd`#a8|A6kef4+s6RB?9Rhm#vlJx3_@m23=UbaIMOJCL; z-`a4}%YW#PN;Y*NQ8zW?O5|9TZ+9FN$+MHAg+e|1oO*bC*5TKj*Q0OEW^XjCGWR;jHL@D?h>)Z|KX?w);$GQ20pFc*<6D6m3?ko!ft6LS)t3em%Z0aoUVrTAT$1DtXs9(? zSSLrqF-@L-qrW}L6lFiEaS<6mGp$sbqCS;Sa(9th+vFBh+lUuNEaev9k58wqqKPK% zB|B{tRQ_{85t-<11{><#j+e+F<;ii{Dt*k6!%Gs&auXu;?4u$rjv=4Gt=k!Ho6$~OHiliy4KR3k7A(LE+;{t(8!*CUC=?aDUoid=I{ zBb78LlrfK8>Xr;*Vs_*wFR>LLtxr%om_#wkta&F=FnN|3X$#6V4761(ZKqA^FWJtY zH0{5yP5bY&2F9xsCVh9?zI?@7SduJBwf9P}+y9__>8;O}zOg!6hLR&F0_Z+g>TyIa zafh0|(wu}6wZL(XbX`?Ura0H&v$;zN%1n+TOzv^tQlr@BpN=M@ zMU6e)?2Ww|8*)b}UUhml=0p4OpVnvF{BP!()f=CZY?L1}DH@pss4?FavXlhXP8Jo} z+KHwmaYAe16dTp*e^FFa7?h}`N8L$L()^`1dfrU=NO5~= zP@M>bMA-Pvw)s(T4vi{o+n^Eg>aSWkWlOlBgL{hAK=I=-B2&B1{bcHR>h_gR;B)Pjr{;2t z{neMUe==(d`Z+6FXqt@l6dIQ7g!=8F{?AF)h*sq7Z`Gchy-NMB1HJW`X6u@WMi893 ziMBsGv|j(eqLS>?s_I@ZhUz(!NV5l`6ur^JOzp?r#!cndOuBC*@WXYn(-`l3C#~LV zqb|XHv`eg|)|^_;BgE%&lfO@tZ&lhv`j1GvH215`wjh_6q>p$%ZRjwi16EbNsa4%R zST@&F9qWlQWi*j9a#5y!6pH9 zIdC{|he&k#i$ZM=x;T&!QxmRI<3RJ#lJ?SR_iR-fj4LnFnN(h`cyqk@qJTM`jz=%z zWpflNFH3aaF@yA1+lET8U8R#dAlWy6uqis!>8NZJSx?wGpZ;tNq5aW1DhMX|^(Q}f z!xRlaYrRCZ9iI*LzI>vZmp6tqr9aTNvu;uTmw0B1W76M;cr)96*MWQOv81f`avJNr zG0=IFuE~TyRfB7LS^vu;4;Os8UHt>v|M56hcDOyqr~#`O7Mi&XpD3OS2kOOruVyVl zfljliVVNSzO>(#r+;%p&8{V^)P)M`Nw9vHpW&Tj(U$tI*xm^npF%8-OL}MRjPK(AE zY$|!P5M>}f)?~FF-J^NaN6yxw4|K;;r+}6smN_=mBxSg7hRq6KbNBL=9 zXkK0atuj`3a>s~=JHM``_%F&onNgkHyTSec2jyR$^`G*SJ?#FJ!K4EZR-y*mX6TRB zEbZy67-Bnfv@k1o^%d#`@3*GBRayVwgk9S*KCFLb%6d~>xb4?x-)gN6O`J@w0)=h z2M0EB|L|`>dGcyI28)S4WttQP%m{}^id~R$rx2? z%m|_58?62I+HQSP%RPL9-_8%T(R`ty$@!svt;_m9JrVu1$`2H`OIAMKLQJViFkd1; z+r(Gfxsgb3TPC)jw&5|uUR&HP@*b6BDyXmWnnTYPNt3_5SLKe(K+JayOSa6t!7Mp2p}&I^t($ud?;G zon6(VQ&lX^Xhl_f1z1RNLksdjZ8 z6Jpd)8_-|VBto${vMYbgGz9xwu~G}zj33+~d$(G3vpRUHtXUqlK&!u=|4M&bq`$n- z@rh`!ptYvI)l=QO5!H3m&e0>i@xk29zIiM4pmvthPA)AN9_y)fXi4`!-jDtXsW+-W zW3lLhMovV3uXc&iA62ke{h8l&`ZJ0*>EMJ$P-~L0w%NC=f6ECNs(e&lPvcPZse*NG zvs~1Qx?kA8egOSiJf-+C7FlZ zm!+glvDNla(ykhblk3U(|Iqd(@KqH_`*2u-5eNxOG_pw4h*434h$cWZVe>{J#FY#% z8bvcv8AV7Cfsw=ra*Y?`?tr7XjDw;GZXlqBWmrVn+z=dhv11qoaY0b?Jx^8lIrk)C zalZHO4|C4#KHX1Ob#--hb)7zG%uWey`YgnER%5amXOJCAIR8zof3DIF(8}}EB={E3 z1IA1|i_M|I8i`$>aSjMwX9nFy3MJ}BgyJF~UIcxfCG}YHF!hGQN7c3$@;Z3royYn> zdpg!1DOi6(*7*}?LLN8DR`2B_Ztz6if!pATQ$D)?)?TXvKRx|(g5S}izt69yd*NDb zSw-1Ip-ZvZuo;1{P!XtlqZv$ot}XdAS}VE;an+3M^EgxCaBC0vewL2kr`b6bJ2I&M z(y9N@OWdH(hH1XJ1j{qK#Hl@k$_Ms2hzEaGX5joousKcpv+_KsE_$)hOz-@IwWR~u zub^UW$;sYOOTqVTU3}DQ%HBwb-)@3H<^KEky4pGQfPiBm?RxErc9yR-7>7=q`{Tyl z34i(iAtb=fkBd@3uIVTCzq9AfMW}Co?;q~Re^!vlji$df?muhh+IMjO&-g3RKCo^y zWte}^foT={>Pp~0DMxqLy@3NOBC(%c3Fp}{Z2Ia?txPUPCjEl>9T>n`ivF*TbN;T! z|I3G1T?OAirBF~Z&9!YU<0y}Z7GH*sI|bw48u;H!5!}Zii0=Ewuzvig;sCBj>n=!) zyujP?-}$$sOZa^zc8GL1qNobug;<;%v>LlG3EygyQ_$oz+s{i9T|eL0SU;=${v8#g zjp^iJ)cRaB2-%ZZz8p_vV+?iXd1^7)ld%mL`;SY&&=mYMEA3#m6*+l0!{!0RPXSW#6Vu{VCzj`|&t7%X$6)#^)_@i2EHo^{3hv_`m7Y zpQdz19_Av1pkn-H?k(*vvjDsbwx-r2oyJ>IW9zK^^-{CjgrI)_Q^G^tjTIwMK-U+>_XxV3F8A4DHk)$H?i zp&PT&R~f&wZy{SW12H}lL#tPi;c6c(L3uVaTKC=VFt9#+J-W7r_fr2v)E_neX!~uU z&kAprE~`m_;=(z|=W%ZcY@(@$FE(*^2$7Ri>5=|%rnE-IBay*o@L<6_^G2S37m0nl znK10=x52Q_G972k`|(aV8jGJCpIeXqNbJBbY5fd<=#xB;?HoXzmsdaKfl#JLkDb{v`_r6 z3&sDspdt6I|FvHKI{Z_JKkE&}kLq8+H;=cD7Npu&{I{al2;6dkYfOFu^>2H9KlS%J zr21W5uuWss?<^GWk|xwf(YHVTcCz&CkH1S=MUyFt_5YN=efCR#0Qi6A@1)oE!{5(a zMiaKb`VYom4$}jDLGAx>$mo$XUl|5sl)`d5dj5eP&-+4 z9IuuS4PH#P>7mSv5)sT*nG4_T;AH3!y!E%12c&bQ>8T6PhP3+a@MtzQ8ectrd?W3{ zDiCdy_6=^(zNgws`>>c2!xr%&Ui+}WjF-wYFG_|Eg8>|>SdsE-A?L{N>-N;4vDJ+= z)g%R5iFa!46es5^oKzWV&eIi+h5I0La9nA}%24af!L3W%RfZBX2Pg8Zg$|j6JMcSr z_4nDe|Mq_x1N$do+DKg=)t~>d=7ArmL**G&u<@JF{AdC<#QC3yLuk{KuXUCO!(sU9 zYckK(@xAR2P3#0+KxEhzBFq_B0@%i*&r8$=r}o@e&>`8W3(iAyl`z_O+byYWNZAbbkuvF_XpIbRK#NPjdan zUHoNxTIQ60T8FJ5J`DgVo)|m^ zol>;AIZ3EnU4xS^m~<0frrO88b4CeV7d+py52M<`d(4Zc$UcCXiz|OWVXw1rtrF|e zSNo1d(&$-?x9ANs)mJ6^e-POifP(qmgyZ3`M) zWcr&4Gic@|Oxw!83;Pa{@ljM>7qeyTVZ3}gwp}Q5Yr?eWkst2+Q0*$(AI$h@+=Y3O z9B^*=ExGE;#i2=gLz+rHJM5#eJ&Jh!bli#Mt78x*vg~WHe_0InaR(f}0hNvqAsxbl zYT?+fxkgyJb^Hmdn?Lkh9p2e1(1fwz@uukU@ge+^-O0}_$T0c-?Lgd0M93!7+fO}B zZrAYHRNOXT`|}d<5M=wTM%nI7waWix%Kr(pp~ldL8iOsDznzA?CT_hPA-e>9X~2YDn-{&trKt7=bnkL~^YPz)WINTSTf!1SGf5T|hr zcxj!+uPi_{R_tjx7O^eMLyO+FEo6N6&!5A?)(pq*-xJ!jJ#^x3>=|_!yR!B?v0rgN zu4gEcpFaI!R1>*iM~Du&y*ObUyZa-N^z+AbhVL@%7D9OFQrc2e%I*lSd6nOlF6V-H9Fu7#BZ|ag6-}b)oyG`9$LF$t)b003tHOTw_%(6qRrfT z$!D`iyy7)`RCKeCi*EK2_@UBZ<~9Qb9C|g!u;;P+n1XjxFpAbR8lXh|dGPaBZ2Uop z@{vvX$X?VO5&+HEogB^M#D-7T#m?A^QCc(Bj#B9#YzR$T20l|oWI!8qH`iQ(UpSp- z0tRvS%$+yAiYn--!I@JxUCyRM+u~hloDNI-wNnzy!Z(!_MyF_?4$cv+HjghLW4iSG zwE}*r+b(qWZ72Me^BdaX2KsA+1Y5YM7&H1rvge{?@S|??tKFnwh$^CtM7oThJRruL zhkDKNlj$3Se8%?K1ClO1^;g|eG0$T3SD8Ug;buqNaNS!`@rMh!g|?sgL&WXQ7c31n zH2=gad_o_Cnt1?ZJUEgt?J88kS3&rt;HkY>pWS@JJH{P9t)T0!vY4TR_LHCpJ!G|J zJdT7Y%aF+0E* z!aHk^=Rn#Ap$t{li&Vr;nLIWGkCBkujzmSA47ki;h(M<7Bri(q-px98s1aU?0GLJnoHtIBpDGfSt?x zr0IE(-U2fh+#~9b=ZJhh z0cug7ibn{+9E*mMPS}AqhSPgBTz{LVNiPNrMq_@WdfS2s`|BpAFEigDa7*rVd~L%| zRUI;ao9pUmkGnYp=ga-(Of_%Lh`yoxZ`AnPl`8*A$g?&k)?U%Ui-fgz>KX7D57qJ; z6W=W4flat~RNOQFbp#aCp(=xh>| z4sMrx08jFFk5SgBU_fAsmS1v{NZWl_anpSb-2+kUHKcJ-Yr`NAirRgajA0P9IC&VN z_L8OPro`GKxoZfIOdduC2{ji(B=Y#BG@hqNk1bN}z-Gt0QrO{`z?1aLm={TUYH2?d zu&1=H){zLFq8Q__?1}rTgz;lGawxvoDSj325TWD-^TX2=`#kc8GT-5R%OFqYcOPwK z{@OJv^K)3Td?m#Jy+uPV5_>&+;hNd>NNmnS4LH9>vm}Onb569_z1f4&^ zGJ3v1wX`exd;zAIh?EhJb3QF{c%rQY+LlC*jp!EY*jSID6*U;dXKDU~&{Tg!$O^kA z){P2T{|&|Z3XGux8a` z4znmj*o8i%>8xH;1k9Vw@PyTC1_d^y=4O}$(L*wDulAjs=~=M@8pF-sUPK9YDG;D= zB+dzKI~fjIZs5Y9br?PzK>=mU^TCm*2t#=Hh=92hMz#4D$97u0wqAAAbMrR_eCE_j#lGkKvYGwg1q5n0vPW}=8Q5<_Twk!Jyc^F4|?pt-uTwA2e5A`oIAZ^-GtI43FSAbj)j%rPL4&omWIhqNb zb^pJihckD>6kl6=96<4<#x1g>iJ$c(T=C=K+rm>f;HmI36i$VA|M1!*B#lH8wQ%O1 zgxjwL-L;AS#-wW}8IFURHr*utG&F*%8`JbVa2vJ+);6-9Y4_Z3e%OT;C4ZK5w&t4Y z;oY5pI}B|S-mqkoIxM4CJ53w+p^*&*npH+$w=%c-(YRE z_$uwMLPMupAcT2sF7p z3HN+=c>;&n7&0FsjcH4c5o5zl_x}cZ75=liN}hgOg;N~9gnSqsSQBdTAr=WW|B`;pQ!B zuuEEJMj>nj@*}HMfARIOjbFSobvEeKes=2&olxx)u(tVx<9Y*zS1fNz7FU)2So1H! zT^#wn&J4w$Dzmmd)u&zVRo1UB*l{>N^84TGYA$u=RKRxOkAu&zdo$TgZ+>ls`u_0z zdKmjSU>~t(@;UzYG0Uz^a6lgx=^MZou1!Qf>Z>UUfRKgh&uo-a0T7Z@Use4DoeN=+ z`ESV;R$W07$N!bE^pZgTEQ1adJ@rctTd=M4EXYhM{3Q$2Ut;xJeYH{xzb`zaqR17U zrY+Tsp3iI{Z;mSBbu##0*K!D1xYCS4%J-Z&2*bl;xlR}ZP_;7gZ(?y413LE-$ zALutTM~JYR6RS#j6dEp{9`D*?eI9-Cy6|YtKa@x6o5V@a27-H2wTW=;Dit**xK)07A-*ih|#35Pyh$l4@>(RJr|+ zk}B*pH4SCjx(Bdss%nVHQLOvo{nS0c)jd#N<7>EUGN9ns9DI6Hc1vz`yCrDE%g}0; zn(k4AJo^>EzP^l77G##gDOwE@eygh~^~>X}0gn-*S^i%v4|4e^Md%kNs@j7bHY%!E ze{7R59Zy(C*VB}uAG!Wai?;t@-e6-3n^B0qedm@|2@B82FGASucZ^)XJ2CH=soMk7 zl)3*&QshiOzX6oYWHT(#23m~CwbN8p3w|E(lZl^5`!kWnQ_S*TdA=?6<5AFF(#|VyedG=YDS>GiGY)#RR+a$2Y(O-L4y%{1e@?@$3Pt*l9 zo65R;$3tR@Jew*OPsCkmJ$#DqC05{?aO)-t4+imUJS!_qtaK(*xlGvz%Rrqo(Ep^$ z`e$l7puzCZP(v+ye`Qc?an`TiAEE}_?2c5fG1!s)gDuE?gRKb{7 z0SN_Nzp$x7IXqu-IcHBk#QA3gdP=@}AaB2_pZb^q{c--{Om>+iu6!kFUcoSHcooi_ zL>F*#L|cz+3%wnDCcJZM_4s2WV>CV{RQ@}gKW=2g!pS8WMHO`|OFqWm_>wL9{s3Yv znGe%7BD#FttNdvOei@XXOCE37n8otsK7^BncWS8{aIX`LX^vnbnO16gW1!UQ)Tp02 zznlWh`ZA714FxTostm#>tC*zswt@1@E~{`UJ>J^zu(e;=y$3rO48$A;c*P zaWo-vJP7u0Cuv%VeVMP~m!>$kzT%f&rTVgBRW0jpR_Yc%PzTZ&UqIE%6rX5*F7So%{3hY&@GV@Wb%d zgvGm$u2|O`Nii7r2?O8Zd-Cnaro;c5foJ61D?S{9gpj>vB-`H*UZ@KAQdsx-;de0K zR3l03tK9Ovye~aW-fOPSIX}ELr~Hd-G+oyxx#j!#1NrzHQ+o_?TZ}tw30e_T+n&D; z$FEraid}+93_%C_juNvDE2>Jkl}Eu=>}#4ZbqjJiV)7{x1#lmC$H+-TRUY(4V5V45T;j(Ih?1vp`mI~%UGlb zp=K8*%)r>-4;>%(qV*Ub=sCK-Fvo^iXCZ{`4CKUAaV|Ln?>m|E&&Gq;vcCv@ue6sbSNktyVuN|1kty-1L2-tbDl5M=Nrfm z{i9P^2jmrkdtnOK{{;iEIA$dSA>@_)l4VR&975z*HpKG$@SA2EUp|x&)AC=w!oWlj zcV+x5h5Tkr(n4IY6$)qhk0WIlYyAt5LxdqP3GPQNrMZ6zTUwe30nkwDEW$_?6) z-IfmSrJ822q@dp`_B6vO2Cg2AtVoxd1v2J3-mPOU8zky6>X_9D3Qe1a2B+%!wGZuZ zalnbxz{f*Q*g`@1H8*_TfbyD7`xOmOKE(eD6QrK~yUW_YvcHe0-)-YhvU3yO*5V6= zyV(+J5^pmXcBOoH3Dqz%X&>~73#bwBCfTe;=z*_6ATh}`_?}p!60H66C$*mn*~S9O zZ-M9W8_oGZ7R&?W>_xkikS%?L#b_t;50miJPtlKJD5tSIbk>U`$(OS*m!y%$7$0;k ztD>>nKKWSoW7~ji2MU7t-xNPI&LJiR#bz7q4r(lf{n+hVzVM2PU5ARiiO&p_#<*bf zEAWvpX^3uoL_a9c$kX;gyno^b=b=>VKg`BubH4H*&8`^T7O3AAU)7jX?TZ(x+9}^P zlNuW}z8Ylzj8BLDOJUz6vu~1JOlyjqz=v}yz_t4@Ij}9sAU|b=IUX-0)Ji;Yn#2>o zC-KA^{CeG;_WuJMg8>XSIt{{}u;J ziD)u?WsOEgDOUaZM{E6;*!nvk>DLeI1NC>6`p-y6%x;~~HXE~dH*m{>$J`B<#e?`?HX zjG0%aTi5AjlbXhqHec1hX?BmbHH$$Wo@-h%27iyl=3pfDs~fV_zBQAi2o_KYuUya+ z>(jV|SN_y2)C69L#L5ej!+47<5hn<=&Bk62z7EZ0acuD%)$A#dbv*(b1n-_J1a}9) z90!_5|G`4E>xct@(dj7x%d`r{HvVJ`QKqXy$YxBEj$bSI?TurujWk5RPc{Dk2)}CZf$;Cy+K>_D62E8Ed2}Coiq0cm!tj~!8qupv zH+UHe_AMMlJ3R*x{9E9f^$*=7k(Ynv5-_<$3XkLqRG6L3`$JF{Cb^E7)NwL_=&DK! z0oM&4mec+^o4<;hua|>Ph%@iVd-}Mm$&FTs+~4~@YX3q6HPXM;Nc%4(XAhc>6{Ex&-CltR}lK$m>hAS-&N^4{PxXPgMNbcT{5KJLcQ|n`8Tr*E~4-K9%d8 zsRmd064vnYQmR`N7xPe@l010x_aK8_{c5=`P2GrV9`-MH;+l(db@C87ijUr{Ejhvs zgk(TU|kMvG^wLTB-u2!*TT&K(R;nXr*aoEK1uW{9ZV6ZCl=6^V!W5Mx`Wbt!Evfx;n zIvWWLNTa;@L5)vpT@c4Iq;ny{&$sg6?l@2)YRg6Rfh4d84*2Ib5FQ_iSb^ z|GiG$Gv!jV9~pBBTx8x-rPaldJk~60BV320#L7#=pJ?}@$4vl76 zmSQ26<{vYi2V87N;Q1POG+}o{$=90w%U7qyuAjELOppP-X7kR!?vy{J#~PEAZyv0R(6B1tK`_ z;G%-lc8CbhH&6J2^D*xuNvm%S2oBhRIST9FAm6Ou+yOHlYTHdt2NE2vzec=!sA5yI zQ6$EnTX`2HKc5_${Imp3ke}VqZ!Kq?VnEP zN&o!tC=wB!#ib)-2WcKm0NG{uagd>G9@=;a?5@Fi42`Tam42+fK>rRNdUFQMll}b#lgP?B>0D3)UDYkgqO? zNbIQ8vt|FU&p6PJ*(y7PWlTlZtgc*qv|?1U&rRqOFx78;FA zzOsMYX+t#gW&P2}yjyeMe%vG?-x=V2I(d&cKm4gYazN#|&5JO#r!rz772gkryYF>w ziJ0z#NT?St(nuRkSdMd}&|scV^jlPWZ++p%Z|*NAqiwoGI7wA_G2E40A{6o(u~!Jf z1o=G~mFg}s9oA^IT^~FxCnf(CB>-zyB#M7iTx%=P@+yoKG-jz(5|$WeoKQauL6|sl z0ynLB15f_24!Cv?59^FedU#k0E@y;?rQ(ti9tQpl>z;?5+P=A&8%r`+1hP1+JCd=1 zTawyO4l?_o@%76B32gmqOl>nfl^dx#U8s2}bpWrK@0Xgdhxv279hF~$sQg>In_SoWbXrjlhroPxP>GHZtJOQG@td*lwf z2|io|`$u9&UX~MMZn_>i4EY(WV=^cws!$L>o(=mdg>_e#T9ePGgoTW<~~HGA}ugH6@#E7XS08O8ziD8k_F9qz|dd z=813iL756I($XM7U_qSjUu;`z`?jV>RJVGXO7!Caz?=V}WuK*BWz=L- z=(@F6h2Ttl;Kd(qE4nNcY2I>$-T%B5QiwJ{D!4s}He{%{RmKl^j#ejzY8B=(vwpoS zVfZqM#JF>#4I68aQLq5pLU7K7e>Z6_f~BxHTEGvpwl={m%At5JgS5_gkXE2L{W0fY zW3kFE8ZP<4S$F0@IS77G95Y0E7E`<5bOv-l5yWj!Kyx`l2 zmV@ngI}T#7K$zTmov)VEU$C3)_E5FB;0!IV{nuNp*UW5eSa|$b`)w&mf&9Rf8SVCO zl?_`Ok36wkR(eDT4Nb&RtQmkM!-B)UzGP$nY2N|aW5?G#Hng67ZFAo--I$DlE6237&qk}TkQKsf`Qq?|GPo)5C+!o{~}u!qhI1u+ar3Fx>Yl_F#`*R zHRh-+a3m7{{XJyIa#;jz7QL4If3z!-B7=# z21vhtt#6tpkDY$o=6QA@@gIg5=g}#tvo(xhM4%a+@_yuBv5~1hF5M zeCtRy^Wlk7Q}yflKl(&rOMp7#%fVrFa>eB0*;c{0}jj(}Xz~z`DNe(?`hdz-Wep z^zO$0I#NXysD4=61_<0n^^k$zpjW5%fhQ!v+X+XIg9*|-dVoBT<+-l?x|gC`jO zSmc9A7e1j(Dy%YpSsnE6EJvBB87I#!|H&&^{bMo_un%w}aC9gWkPhYh1TrVQ8FzD# zM(;BH1SSWZt-_HYb)^@Ow@J{-^Rg&Ky`IOVHe2YA8aYX`HTN;*9?SlOHeX}5W|F~4 zFWyB4ucCYuU<~2AXmk4*c&&?+*jbxpiCFzpPj|5>iVq4qcmTRY9pof^{d2H*NacI_5;*r?7~O26Vt0q_Z3!rsSrHz6(flw z$e%c!ew~EZ%S3vIP4p%DEe-&#RjqqY3_7UB;OopZvWJ$leTa z^_en;if{>zpplyKXJ+_w=mV$A2)bdqH-hTTp_UEhE6JU}`lZuX;4c-WjHSTxg-Z!6 z{jhi^Co;^=MLJV7T*+_=fn8cY37%xs6nTr9gUuhKXDM%C+AVnfQ09+TPt+S|y?cq| z^}!`5c|A1abY_U;jp-qhmwWp`CC|j-{A)XZ>|N-jZh!N~_yWw08MNKfX}fY-d~K#j z*4EdQtP`T9#eO*ZM53he-sgIg@i-A!umXpRSS45S1zLdkCP_>_RIhu6w>7o!W!KJoWv`IKvGxC^$MGGC4 zFbSugDhlB;1Uc9#70J$=j@GfJ(`TU5B!S8U*he3+*#Y}OoeohpL^De*YzTu*UjO|% ztiL0cYK#nBt7VHVL1Vah0B3v{!w8*^F{eHnRD+lG5UMZ7C8!23(Tq!(;Tyttog!2h zS9nw((2x-Osne$ck)r}MhrJXnb5Lu^H9vS7EjR*o{8{@dYW<42q=3BvwSaL4jj;Ox zPa4*|T8}?;RYYkAtYyiX0$C@Nu(ab(n@2=Kd@Ca>T}I*AxCBSx8Jf|H88QmTb(c|? zhfs`zjl#H397{k&qWEvj5A-e4#_~LVHBD$|DgE3agM38Mue4XjHn(I$EH*8&g8)0E zLDN#LN`H-T!awkJVl0S;@cmSA$0S{Rn#w;eK}i^_8F|d`C1L8xD*p)5*q=$6O~*`? zQ@0&Hb~KyA9jUTD>=bQH2K%1B4oUwWc0c>x>EE>r{|Eis;o*8c-~UwU`2n~Dd%m}3 z^kIhd{LLpx&tHgeiG%fgoBud2c=~rAzG@O>TsNkF6Q;f0X#YcS<2&4^q-V&~v;Gw; z0&aDIp0BqDkgm(b)LHzzM0N~}qKha4*l*Vgjr0%%XW?}q9@h3&Ij$xMYC!15n@HF91PegUtp^{zSdr*v_GRE=eo2`yNo^~K@ zDP|L0r~ws0EuT_@z|w|%b0bOlw}1KReowUg%y{Wg<>$+XRDOc~sWvAIa}scA#6K0I zxlNes%TMnUgg@>7=JBV&q#~-s@#oDC9e+fAmeARHF!^anzdwIe#-`t`A_E;7dC@W; z;9U~;r$1$Qt|i(}+a3(cN2`;B1+8(ZFCQ_Q)r475^mkMGCm$;PTO9qA53_{+S0@$w z^Di|*zYVp4f{4$qQW;S5^^O-T3+}W725RO)@#^Kn!B*c%VYWR`kNy*teq0*RuUSo) z6-EE?O8=xorT+uak72J1DzgOVr;&U$U-#o*+yDHTcbC`qcQ3GnA9Viw`u+yUc|S3cqrJwImAH+Yk{@sT3(;0d&`oHE-uGkSh zf4UQV?GmGqa||X?-Ti(4PBO&p{!W-@2Zp>M;!mM)u((%vu>;K66H{oTd%s82=gwED z!i4R(1iAB(X8ea4VqJAQM!56C_(r)Cm^tUa6W|V)8ZvW|sx)&C9jP9pxag4SQ+7ma z-rL_Cs`KZr2K-})c^Ol&gQOlYG7^SVQ+giY=pv}wERKDkQngH|%ACv?RBoE`5RE8% zM7&jvb1+n?XCQGG{jIy}$=R&qgp&{B66EAPnsF~Pgp-@_r9_OgXG#yw$)e2xPRbI+ zXC?hs>82k&vK~J{+~gQ!ded7=J{(|u--!PLJcN@Xeq}gX z^|Y}hPN87Pyen%{uH49A8^2S0my#ImAHMGxq4IuQf>c&&#+}R%D&OoPR6a58pj3)| zHDaSjX+E5&N@@N554*pd?fYji1oG8eQW?8*y4Q!NJX3FuwT>FB-DqFI!ie6w6aUl< zCDz+tekMgIor_Do{pH!3^B8ly{pD?)h1{3M9+X@&W`iSDEUPQ%31!D}NnV4~ni`X1 z)ejBnpKj@AAMd$6x{ptK+OlApRRC&VCA&R^KpN$J1w5a?g;=tt`l%@yJ{rJeB#8E~NZ@XaJ8uz$(^ zhXTHsG5{VVbr2pvsIgAnXu8djDRux#Q58C`U9_dSn(}aQwD(FzfVu8Y<%YKrH1lZT z#w=Wdl7F{m+`|l!{EZ!j6;F>jI4iDx+p&V8075#L3+bVC;()=Z@n44)U-U=k-|MGQ zV%+?@=P4^O|MUF&KxI9qUEM{PR)kBCX(Kh`&&&{}%{oe$R&qn5Obg7v>2EoviFHcQ#a|MmRaZK`S@%)fL0X_@)I&A)j(ClLMsPy9M{7EX4?CCJHkn$eya z!pRGgg_9>;e{fE2e>1?zM(5w<^i@(Gg`fZH{LB5loq_#5aUEfQPplg3@9~PAJnrCO zm+vK97$&obBOYTLc8+*r?@TR23OBRdwqAVs6jgi081idO&nGS4-(X2hZ^i0|vB90t zvDo3eiu-|$M`B`M51V;}*Pt0T06{ZecxEB3xdPKVT(5s7b(H>@j7zY8#%jhmW=Q`m zI70g8j?s_cPYWDh6vp-|D zH-C3Zl3w}Y+D3b&jExTLx|(NJ2RejW2>pTj5St`Bt_)yGHx+Pz`h7ulgobO}sO+{f zf+@YI>X6Paxgt3CIlIUFO|=ee*IthamrL=5-vh+%+%=VLVsv)}Vz2E+<9zKb54@~YHiIzD6nW}B2e4^4QQ4kbRC; z&9P!|seNVl#|mg)=F|Txwk5Vh?CTEjV#V&gMY#I?BHM(c4-6nS2FeFJ@tM*)Vf zbVF-MV;Bvo>Vuk{4Wd3j99I%tU~($zz0S($r}()YM29?!OYKoeg2md^6F?x@touRyJikPU1& zM!i^{8{Lsn{b%)iqy2Yh^!pL+#O0-_Wn>l<8|GZ-c6kRA3O;7CDtNvZvC%Ak*mjsK zLZugEPe|Xc;CTqF#aH-zDFSn|uk~f-f8W#a1!fLTZjtwlu|DIW2NG37{hrWX`X&*V z#`JrPW;bEB*FSv{q<=bGeW?BO<}%kmGGKyMrnn}^hYa&LoV5NJqJsDRJ>s5_emR(a zXa8(b`^b(j$}Y#(Y+f2G^HUq6XJsYCOaj z#}8>M9XJ%1+TIQ3=WNZ*VXoJIlj5cSE*{lr|IG$2=4bNE&1WsE52^nc5|yndS8Sp8 z5F;tBk(GnrlTjn=Tz`bI|Ezs$$CnKG`u45Hd!whQki2dzlOL1o4X*_gqPuIv-)(m} z`>9YTQXQOZ9_(7!Q4NL_c@m~Er8;m^)Brp87TY<{Z_(rH`2^{n`M5MTzGiFoW6bvY zXIm@Pe^)fxKNKPK4|(GH=i1jB?;og{sP~ji|9cwk6ilg6$B7)8{gg0m2AdJ|AJFo^ z_<&0wKK~{%9PTfffWCQ97>=NLurbJ;~URMZO>)HKA((s!d!7LyRB;peu%a5 zSRq*w^|G6t0Iqor48TaX8%)FDarK0+Ca<0wC}5wU#qRwIG`G-N2J#L~(%kVXHR=F4 z9z;0%xIz35!hkt(6y}cF=~*Y764T7}lcGlLAleVsR*AnaUPR-5T!PD-O3k>F8M4fI z^KcP}CoXS9AlQ0DZA9BABbGK02XiictR7FOS`QMx)6hSrys3jJpavzmcp2kxC9w+r$f8F z8eobTk)|#ExE@!;sE2;s=g(DcO&5Koerf!C)mvdFaQ&v|e+SQ3ZO3Cm+?maZXj$?K zbD<0=ciagdkn>fyAsP#M)l+xkU-epv^>00e7u`7A2mIer^358#D*Nb0_8R)K%JjI$ z4sN#`6Xi`l=pqcu7yAy&?c>2IFHlq7eqwym{5W=1uLZc&_H86SX}0D+#(a!#nBH8L zZEenOOL}oQyG@p5NOqx`(c)~zEOfnQuBOBE(8u?o$nWQ4qUAUB?msNQH6+jba44Cdc|=fYEgQDd?Lk}VShk=6Q(uP|Crh_+BwE6 z1@+CsQ84VNHSCTqsum?2zQ(p0!| zUqPc>3F`ls9ap$AG&yuNQbrE8KQ#Ut*ftr|Z5qE`1iGQ2;?4C+x7s!B?ozu3Q=YSH z5*FgYoP>pIgld0${AC=GSzS~>`wK6jb*wth{A)VAZzvl_`|D7~?@rafg>0jqj{yqD zz=kP-NnFNEX)@Nq`51>8(r&jqF?@#YuSfYD+8$Dy3>D;#+BX2qDajqRn}%?{3%EOf z6s#_oX@U2{zaQIJM=otH9r+qA!H#@UGhSkbbmaFj(vj;fZL}i`z^X#0o^O9Kx+6iR z|B9oz4xUS|SD~By7aMDEj8X#+OhEr-lYe?XL$rJ+{xw>@Pm25@`JQxRV{G|nGhxe9 zxCGhqux9*&8N!xr^69?#mo90PEdlu+^FlOR%oWq3IC0?p&o9{Z4eWRDfQwy{&*pdc^ModC(SJ37?*Djn=i0MiqE_MfcV~utbe|Xg&GbA3&-!k zZ+x#KlJx~{WPhAtEfrbo@G~Z1>P(cEgIM4tO{yk;!E{ly7}jzJFC6ij;Gl~<f&2tCvUh4$;EbVxA5l{!oB%#%;@_!sZzkMQ;FcYKXM;Q21S`N|k-iUS1B zcWH&1{=oO|c>dD-eeQg#id@iNzGGu^GVa;bHM~abwX(}YS3rm(v4?-t7nk@iUh5b0 zMr-iMBv1aOZdD9V`&mEooEQ^kKaP zi1e9AH}5ivB$D;tQQ+YmiL>Z(qQcFr5x8CR0f%#lV$9Q%9NguE>uBMaSCKWzgR4dX z3->5$_2A|p-CV73(+HQTaEl9tx|0=d-jjf9Nx0q~+|Chzo6B%bP{+KAtkxdf-%!B9 zWkkbWjdb%9AtG5_3HPRiRdgAwa7&F)HymG^S7xr8=%_0P9KIi6@syhnZ*tsBLkWww z@yaOj5|M7EDc(Y4nBj`I?Q$V6Pw~2Wcq2T#wj}Q@24-TMr}#aX<}l-TzD~>#d+@3# z%=j%xH{TN{k~Nr^+Zj3$iM_lX91s&xV@1{%8`q?-Xs%~WKVWQF_tWx~Oh3il9b)*d^`gWK>Yz};ct zw8LsQxDNY^Fi*t)tZ2BQWZrwiu&kpA_p}6BbU8`kW^EVhPJ0M&+#4{@OmNf{60Vbl zV_rqpWDoB52R-UGLexC!wjn2Ctt$^eAQv!ewuXpUs@Bw3@ z0aFM#O##1#fSBP5xNW4$zXI;?07rO$ZAsr-47c>?JH>-r;=}zNwR-G)f^bJFTp8hN z@roG^*Bq^I|M^nrJN2LFJ<%pR#yk2RA13sTuz;#hmcDK2i{B^uM8;Zr6kz-p)F;zO zQzYw10!|db_!lWI^uvqJj{UL?58%h}+n2)Oca_wOFCf?l!lC5awmJee#q?yA7=%Ya zj-cIJ^y<%{jzM^$6y+dHV>>w0btP_7#qDEp7b)&&;F{Y7bLU&6MKC3knD}HeM?LoE z@wl{a39IpOpFG3iE@1I0PWrJ6fg!;2aAU#}_z}OH5(I+hEAZ}k0Jjm~n|xr&3=qo{ zGsuD-ro`ScTJ#!-?JGrzIoM(LBW99f4zZYX6mtqOXCkb$BCDB?DVYIGrkKsF0)%!@ z%ukaYp=;KWPsB`cm@SC;m_$p&Z>1!G&e@9DikRI5^DZeU43nL_($L=g6G z9_$4yZTSnbl)tz!Co1lh7WW~=y|*=R=OIG0BI`&WS26>%GR16X6`-|^(t6@r$KQ|M zbhHk3nEihK&m`t&60H&6(PEBK%)!Jg z63h*2JUS&az+a}2zq8nK@VBkPp8B1Gy_=;~emA&&UB!OAMsXkilhRtOxbGYe+;0&K zT9Gx($CbT*zh6UCW!!v>8*{kg_OrP8iaUnDXk&JtUC;t9R;(($CS(fCR5CX7Ss0Wh)*1$ArCXb zVYVRVF^W0dVrDC5B{82uP-sO~f{!Vg0sbE9lIAH@(6{yu;k z^R&cM#D8T?TLG;;6BKbsvjgXKr2&Bkp)fBPVKOuzn#oSN>TE6AF3D3?{Q;# zDdu>KnXZ_RwgBd0gl$%29p__8W&o2Z=6hBFLaok!dbuOitYmYEd6&bSM$Bb+a}GMc zsl`lF%#(>ZNHCw5f}-;!Gr(V_kiU~GY-c4kxy+GzBTK9Nc6GQ%5I0wG@3=(yo1(Zc z#sYW!k)-u3A6GI1v@*rCu%Mk3^w%35=&vgrtuLZ_;qNoJG4Dw*M*I;LGg&duA?9$w zTp=%tGR54(W`n=UikTg9nA1JXa~3~Nz2JVZoJi1^kFGVS-Q?)UP;VS#eC%=r8Pz|KWPTcy$GPJ$QtEiN@f6)Ddu#G zX?4QbV_OqCKno)1ZUPsJng8AJtk50)9@Rup%?-JGmQmt7S zY2!#;z|zX!yBzK`;)W$0B>v3{mDZh#ySpiH+X(JWKCWa2Xl05SWI`2Tc#k|a78pWJK%$Xg?-)26hWCk#qVm7l15NZ`+?fZ_uYpTg6VqWerFD2$< z5@8Yl%>_#5r;6E%nB4^PE-5H-B$)yJGKKsdVPUzx!nFEn#KB&`(#qfOK$i6DcHEc~ z6?d$~-J-bnHUaKDgnGjM^>HOLKr2(sc2)setCVmGLbs z=0?TrO3dDZ`Ggb{S|u}p$rLlzVkRh|e}2IL%w+?dZKMk2nq#hkC0gNa!rm>XX6=#|Y;OG6S?S#dNcvcC3D~+0oir ziju!Q9p*{I{81tv;)htw*@}5NF((S<7fU@_B{P7@6!QX`4MOeu;=}(s%sEn&n5$8} z@b`7xm~zG3dcM;6kYd*U2FwFW`I_vm{qI-wA!)y+rJ&?QYlJWYf-(>`Z;dQ{SrG7|81Vq zI$bgAeg$Sn!L0BxB{P7@6my})v<{xX9M|94gdq=eio+aF%wrUDqQxvz%t~TD)rNE? z_?VIz;4f3i-)*eL*AM-sJ5o0-_V}CNa9a@fX};kGyU^lJP~7&!JymcYWJ%Qzk{O_t zDW=GRT3a--$bpWOqU7&fR4@E}95<$yV$K+>{2im1kM0BJVgz`?{`D~>Gl0ny^F6Bo zp>|C^Z;!(?ud=zsJjY?4Nz7#uV-ercViqgr$;2Ean9oZ=(fN`Y;4f3i-$@qMnuR%M zyKcRarB!}6077V8g&UKrxR0Nwv=%Dvi+h2)zBOq*%g2?>0If_hEi9-VG_&q;wEnut z(K^XtjwR-M5<3xps>Li&%yWo2TrgKiL7`PL1DH%P_psUEZx_}14|<0FbPqGZVYVRV z6^gkySLw`G%yqv2b31}UVgLG=k{RGHQ^?;=7S;~cE4*b*Tb5S-J_@pgzYpNX)JR-J zd_RjDQrwG(d%fU(u#ij=S|u|;D^tu&hkJXmZFrU!49(@F-sM5eMo7|R?JWK z0CO(_K4Jg*n35U5WQsZ6V%k3KdbjJ-G!OF=kR)`zj~mlOF^5~s48^>Tn9~IFyH`9q zB{RTZrjWl&SPMwy{sru_&;$p&fTfkcH#poP;)W630sZj#xk_ug;_m(#xNQXYCLdQa z1GF;546>kBKWuo(f%cW6xUM$1Pp zIa-&1l|t(axG^tFtVMhqinI?O@D z%u&pl1C_sViaGa3V6H+8DC}P!Q!)emWeWMbkF|hQyHq{*TI(E2fM z%v!!cRvCY+#f?$ip2Qs@xC>cQ^@C&vXl06-W{i}|TyUQW!3g89V)k5j-$b&SB1xqQv|JtQ0!m$Bijh%&q;D&Mk^r`#msQ2<8nwrep^A%M|jr zkA<~M)oZ+Ec@LJh`q$wW5%+M#z0%@tRNQgIoqBpF_)DIogFRa9K}4Dn1clK zc_}D5Uor#yWeWK_$--JvTY9A4$kHmmpMaG*Zg69A75DLTl-Ajb`{H-NUEhSXp5^08 zW`I_vm=+e)Iz_XGx=#J|IY;X_hj}eA-m}ps;^^OvwyjGR2&3F)g8US2)Zx4|4;$Pv~5Q z8`DHFhg-}Eig_I|rwQhFb3HmGGr(V_kiSb<3rMw7%~Q`f*aa-D{Jq@aUP|2X--N%P z_f=ZQDDLhZz-=SAH~F}d8K9LZW{?H7bNOYjIMBXQl>FU|?h{(S!Hr2$%EwVq>n3^ z0a}@2wzCS*YWdsQ+e`T9X-Df^h>h^~aom`fCkd@>EM~r9b|q$S!F)mr3ayeEz+{RU zYccJZDXemY7JHcIILtGNnM2Ig)juIX-n_?isSuYrXF9$CS^XoEmTS_!e@W60OnP3E zwlJwO{)*n(F(Ga2*l*C-$ggD3PpHN%aG4osEFU-j7HrP|SYTXZmq^i8Xv<8<8qN=3 zywP2_HTO&u7S(1dYPO>OS_9N01+`3yCNjE6GJ%TnUX&Bl%=s4ATI(IVIw9;Yg(-w5 z0SsT&jbt5zn<~>uVM{D*hQdw-th~QyX6+-z&3%gHi2%h+G4HS*U!}c0!%@5z+*I*j zgx(i=pT~`P{AQtdUxw0~uE4EH?+JogB?Uz!B$Jq4d=*n9zG{TUwPw$miH_n6SX|}* zTnBtMflpN6TP<*!0^e%@Ja4bazYi>#0b-eAwzCQlYc~awN*%EuJ>`hq4e3$+f*bSl z1R=JK#Y|DmuEgvum`_MSAyzU2m`pKaE#@(*Un(DQgcf_4w>!*Rh?%39GtW{6CoAUM zuYtMh7t(o}k13hN^x~_SLjAIjwfOydv$qu6^-qt#M>^a##9e!n(0Z)JO;p^T#2q5I z3t3X7tro)W$Fo!zKLB#xQywKU(V#X-uU}6>t=7uLdIwdo}U#5`1v)FR* z*OK~Gk%PUPrB!}Ef!GMG@8iZ?qqxg^DXn|(P6761-}wr--~LQmhxxdY8K9LZrke$| zwpPljFqvSSqv*v6wp*^KxQN6wEK4@Mx9H047t+3v4zBwKnDZ1D*WN zk)p&r!C@Xv%yPxtdWO@fQg^ZpXy z@3%db)-8%z_XRLJ3TB0mDVYIGrkD#Yrkx+-y#2e7hxrLaRpkgb<`~7CXfZb`W+gG7 z`jK=d_?VIz;4f3i-)*b~q$a6an&mC)H$CR@_XdYsMBJyx39U^n?i$5yPux=l_d%9a z{UDhETA5;sENGksz0}F?NGVGGHglMJA+x5JV$L{S`CF}+kA4o!#XpeN<9tlX3}7zQ`8&zN zTDQslo-5%-mR9*4=5RSaO|IfT-a~1fuedLM2Hf?#N$XiYu4D#iWr}HGL9HxhhaIiI zKI&+##qbbXKgW%E??$2ZREs%BG0!39aKT(51%+103}72fEXDjBqPl37pd(t`7$CS(ff0;u5cCxT`eVy{IBeg9{D}NIlZVTep zj1gM+@>}t^qxE4aN?CdW!$bHx6E~(* zG1s4_v{otRC!YXw?=I3h%Ey$<047t+=@!%Kq~{-Xgr<3zXF1GMiP=Okhg;0)ig_I| zrwQhF|M2LP%m9CxLjEpcEg;oSHJv6p*aa-D{M~>dBDAi;jS1f%{Qdk?rL|0PcYh4r zHiCPTk1Lr0TA5-7Sx`G@O1!=HzEYI@9px~G6EjIMueX>J6mtqOXYM3_oB5cM8Ng(U z*~}_@{ZP5k5xVAKvWb{KV|WOi-{QtRcD>NK_Y|dbjAFJTW;emSOA3k{NoIh*Od)?q zSXev1CCzoP7qGPQ_d$m{gSaOu?yVNLSaI+D4{+ywM_P~caV0ZAD^tvNRsmY=TK9p| zo&0_@%h7tW!#tLlFaK3&ZDTPD6|*Zbdkf|hQc!4>%m5}+%vg(Q1?f_6BdyrOd;>#L z`1=ZOOpapC?5_MRP|Ud>0dv*2r1LZ%Q!)emWeWMbkF|hQYZlgd+lISldi)*ga0d~0 z?P#I(Sc{vlxIKwGL~s|fr0NIB4A9CHGtGip|M5FsQ0-(XN?AJ2VRj_uC5k!kWTiEv zm~U(Y=GOm`*8V=GWCk#qV%h}>&GHD1^Dq}e6$pRl;l_M+ozU6aVrDDmU}6>t=7zs} zbV_D`zf2*2XR+nrueE)ovpzAb_Z!4=Hp6c zfL5lMZWc67_3syh9cX7MD*6}I3#~J8V}86=XuZ^8rYq*<#GELYUp(Z|DwzRHrkEGl zY!GU7QsH)oIY){T^LemRFrUJWDOb$TPgFY76tnh2V73s<8+=U34DgpJsD!EUo;#0mD*oi*REOSKP4{H$`#B5qCx{`TO&O9<7oYpp_|R6{`TP)>f)}-hnQa zqNKGwhKFFb#ErTC8sYEnX-aFdV%BW|W=FxS@G&JbfXNhdp~bX@=n+3S%#erqFUQ|U z$lqfW^A3xdsF;<+eCiw0nc!neW`Ms;A%C~A7LaPE)g!$4wM`Fr{5{Lzo=V)Oi-p#X z7B^0D+Y|Rx!F`Y=RX<2(fL5lMA`5Dr9$&=tx3IJBW<*>2}#pf0;u5P71=l>GAhQmR9-wmm8~(aIEGk?wj3|)}4y`;`_i|Z%FG|KCWa2 zXl06NVL`1?*lCrMrC;xJwC+arLhCoUG4B-#t(RF$qnPIqbGTrxkb*+1WCk#qV(wwH z!CxEbl-$wv>2weCL5PfC&cKbiLNUKTUg`W)G1t8Z%m02=k=B~4h1Q7{cZ=d)MBM8I_k(*;Qsq}N1GF;5JjJGiR;!fqJfrYo zDN0#-(P2JA%u>Z{VKFx<<|pq0bMJQ2I?BhC%m5}+%;^@>`s_X%<@z+u!@SG!cN+QI zL^1D4RsOC~%m+1N>zQ`MZR*fK=Nur!k(7&_ zLd=<8k-yD+OvwyjGR16W6(H2UbNWp$hq>l%5GwlNT!(o!F&`Txbe?W8=PPC_Vs;bE zyQH9u8OaRrmnr1$2n%b?!t<_ouotkj^7jKLOY131Co1mZW0lr9ihJ*7;LiJ!v>xf> zN@jporkL%l!lyOXqxGXIfC{bGIm|1G`SO)Q>mZ9cTQR#5v$tSAAq9n2$qZmJ#f-I> z)=)~l*b!RnVb)=INT2?M8n35U5WQu8LF|8o=`m4i?^DsAHND6;f z;l_McD0Ggsm}QDNn3zR^xnYJ!r(_2B%M|i=7F+I%(nn`F*t=O;`Fpv;y_C4uDDK{_ zq!s5lgV6Uk0Cd-9By_ld;vfp<5YZk)fuH6yi)D5F4c->}@luFv{S~88&Y#(h8|nYc zg~~fE+8Ce}6Rkqfc0@>`pp6NljWNsEPEckU`mo2)g;I!U4-kzzU=iGyDup`6Lg7P@ zvA?YcRI)&o`%uL}sA6-eg|bGNzevmTpn5u}lL&RZLcMad@~{w4_Yms2Pszh0e5k@8 zRH3P5Nl;~Zm@&=u*JpQ<6{Kn-M!8V68aHO~Wx~M077FL|#GXK?egZXDN(loC1ggEh z;En^bb^mRW#j{+z!h4nfMwV3h_=^L)jDWccxV4MYhLeI~UwIpVn?50Jy?sEO8x$=c z`6j_)*|FaAaz|UNM_Y43@qD6v7~YhRZGRT>Mq4zT?id>)+9*MLtJ0GX93B{r7BY{q zo!}%6DB>W$@HmI|pcEn}9|4GP@_yWyF$&ehLS+N$KW_nQ&&MR}3Lh#v2$gNlv`}&& zStS0e_71AM2i3FO zsoDaKAyjR^jhQ)87+E- zH#oo|0-mUVi#sW8X#jj+9RL^nhivTV1EvLOOEcfGq~Bvd9q+Kd3X>tEtu>)2AI)$> z`B*Z7Tp%2#fLN?&2NXW}@hEATN}IX`RsD4d;@!n4(qc{V7{&j`hZD%*!D@qLC+ z=HR%}qx2*}9L)tD?8NDg=IZo4b+=WQHt$i5lS*((S6Zl|8av~BpkhVhtJi}WCI`>( z;HYFA9F?+yRm90@ho%_las-^5H(hh{flkm1RmO!fTa{*_No+}vgoUBjMVW(JmmY(= zHbqsqZ&R978A{9?oLCx_ctHQYik8LHUJZM^dVO-ov!vRjD)F=B7q%J^FaMG^3W?7b=^}#k?yIk-!EsUUyPB( z{xAQfTTD!f(BB6)u9YXb^8?F&!Tg~4Q=;-)qTtQ=4MM_eLX`lhSQ)p%Jof--VAB#s zN*)j?sS1p^;E%@IcMjWkhS$D7f`3X7{}sWXAA}72lJkH2qZJ3ze>fZ$C&^__qK2{h z@8kmv)9GhKcUkSj0l<1c1poZ{_yB9qZ`t5@rpk-rL=jQH9ffuzqaDem3EB>vU$yO| z{kMere_zi)WA17U|I#3SWg^hetjuqY@|hPkXG8L#1uu##g-nMqNH0RO5PT-z7s?!* zT-uUT!i5KDh$#)WBJ8z7=&v{b2!4MbKcfL7x{(nUAKYO7q<}9eUjO|2#Qk%{nA4+K za^U$#+81hsKWTpZx_~|8PLfQ5oc~f8(2|2TRP9%nj|w!R_Cb#$!JEoB%zmxG0Cd3M zxP<$v>rH6VzAk8AlzulSTobL!W#%=zdsw1t0{|?aFzsK|WP$TVseWw}S`!7A}di;bGe4+&BU8adb46o?17Dt3b2=FX>F#&>1PcWhxO5zeRF$ZJHe-hrYpr6e04p1?tz=OUi*w$%AZ;eR+96rTXX z54o9*8#AlxuRN-7X)`>@?*bu>#dw-!cDFt;{F?2D=7`yRXlZI0>VVy#Q;W(sX4IXW zQFoe}0`}lvV_uEn+!@jDl7MqR^{A`u4AU#G4o23_Q22uoK6+6FoKSc@c~R_rdbp4+ zn2sEDE>DgP;r!w+0qLgC;!x(B3Af(BqWlbsRDs!dllh4qkNLGARJWW}7KSo6jcqC4 z&Ba5teOd2A@;FWZQ_BeQp+>!$YCUhf~W? zy!1Fcd=?+R6%Q9x@$oR3gofn1hZth29K`W+!~|ua1*h8CALvLNt0%3wEtO)%*3H3H zB+~q=3pic5RC55V#a@ypT1g)b6HA^9TVZG!E| zxPqSk{{z(Yy7>1xIWphOy$FNce04sLuXQbO6j+))${a=YDBw!NG&{xWyPBhZZFsD- zrvp|0y+XOD*a1lx4f(}r8$*Ud2*FtNOCH2~j{JBjb+%lWrmDwo3uP~(FV&lVCm|^;i_X+a@VytQwKt#}E ziXh!o$de$*d-sZfmR`zMW>D`JLPS6Mkm8*U|H2t!&7KMoL}7e0NK^y_+_sc$#An`k z{y4^**IN9_l+M_rFwpzcWQ?m#9-xG*>H!2_ceUX)Aln?m( z_y_VqSE(EZogsfi^0z?#7L(~2uV>>4bftL!2g7P;G3SjM(h;~ zn=R>7bYf2k{=N)<@U)Y`L%l}gb^e=LmoW8mQQNnr7D#>2>pBI7m-ndN9h!@Ql>u_V z2C4b~WA1I>qbjcV@w`Gn!VMY_#AUs`QztF5iJ^(DL%6G9<@RtYGtRY9%Zbx{$&B_SaBJ3hqj^0XACUGQEh6p3J+d05{=jCI zME@=o+#XAxD=?DFH`?-_MfvykN7-G?C<~<|S)o>$HLEdrAG&7z+Y@6pay8hzhH4UH zO~pfagZ%Yx*S@`$a^V% ze?M_;4Eh<$ZIU`L5NZ`wLUD`I=)So+?oC|4=0k7k&^;-(St`Gf*wRKgX+~*amWpNNh4JE7U4;a7ME~Yw|uc)+4uEO9_T^bCz}>@+`6)Ol+AJ!E8n-@k+j=QrKPml*w`eV8&iPjR{`Hp*hbi8#R;upD zyM?`=?5J3O=v*x%BRZG-f=3dn0HreDe0r4XQi)l$)!1pm0qFuu=4h*5Mvj^&Et)Eg znravon`LJH=UU5;M|5X-g_5&GA}c;~(H7B1>bJt<0Gjgh#2fU?mt zAEa5rG-Z|%2XvK^B9+m?lVC zQGWcT^24unzcViet(DJWQ^6vX7dMBK;?Vt)$)$11GtB!X8_en7ma*FVBhq4~^YS~2 zF)qJzcX0XL^Qc(e=v*sLyB)XRxiqxPabsJ*$Kj`Chfe(DI20VmXoYpu#dUw4YF}Rw z9&b7Qin_Ve^bd8?O&A^;aCzB;y09~_Md;}qUyov3xQiM9e;_(A1*A96VDC?y6icF@ zbhW8x&^A|-Bs8Sm{cdjP04fFoo9n#c-dvM>rVTBZ3pG5nph>+hh)2zN0fq zpF+|He-fW88IS#AOa2a=w&x~Up`gv$B;b|=ExO`;Vwt?;JYFZU^Z=YcuK9BD>{#0GQaNViz#F#x4IP3C-yQNwlc0URw zti$g8Z7ag(mk&g`d1F3c7~>bUeV`bY}aJklHhlb=Ppxs5=K@m&dU!$dYP`LipO0O;`+`cJWzif%9G}$TF`O< zO((Qj0_`97kY3Wf+(>A-=99!T+_LwU+R%O`g$V8a&#i{Ni3f9m0`&}@Ny%)0dh>aJ zYS|*|e_>GBk)X28D=kn~!w${1K@AUq^4Xw%Oi+mm)ORdUnEF?d0fd2}E=DZj&oEY>^+S_Q)~Z>@t?L1)6v z9589S>1}oP`qfTt&3_Olman~(kmT~UT&}I9Yr@vQNExZE{X52MJPp^%m#C)^TE*>n zavOPF-8uD3CuuAGj1J_^snb?Hj)(lJ9 zU=gYae@A7B!avq{g|^}YuurPmg9l<~x6j5eMJh{B=oBh+h#$*esjax*F2Ah9@?*T` zI@_m}Pf|6+SEIbPdJTp`ZN+H2j-jkWdznbYkRT&6wF*QLw+RYyKw-32fmL0Mfmr|g z7TZN8RNREsb+_S)b?1O(Jw9icyQ^7bPYR`yq4@?+7&mdmvACX^3zEHDpqXhE-H0Y<|>0AE2Lqr@5$Kj*H6S*x?3Cx8`LjiWXGjZA-GU~42Kw7g`W~9J$JKn$Ro99pZ9$W; zIHUwjHI13kwA7S5-|ewm3QOVN1^A5LnVuE#P)Mw|2fMlQggQBc*{@A(*6(0t zd^94^K9_}tL#~fgoTq3jE~muOy15V!7#_-6FU!ol(mO(7b2<#bQTch%m8;C1W7GAk z7Dz^WBk9;)Y(qqkZC5)e7KcQ4ds&WpaaH-x{mBUc7m%0 z!LRUUeGz4}jvLxJDSJg15IO%prV5G9bjY#Z(WO-8j@5t|>CU#O%pI!%xm}`t=8n}s z-{{V&YK~w^h@^6bMEjZ}I$kLA1<^G_^J4JXv$T-5+lp(zOApt7M&qFhCfuBACFsQ* zp@LT`JR*=5;c!DZ+DSW1NYVe$FK-g;S?I2IVL3FaXpxnnQW1>_33T^paRiPFzjHP? zeWLlR7O$M@%U?@Z@HT|Rxe@n-$5V*UvL2t8RLSsfNreJDU>=l5NnNXoxv`>NE{{!E ziZM@yYxol$;q!C*>&#h_0Y21&=KgT1C!D$^oH{z3`fNCLa5(j$aOydsRH47Q1fSfh zRmbE}T6K|Kpvl5tFr8|r)|p!+ub`J>r#70z-|cTC(nIakI`iRh-sEuVig0T4C^lQD zb(f?HwVp((McMC#Q>!GEc`f`^S#_!FeEBG)3EwJRh*Zb;o%Sh)^R_z3(DLNT+Dijs zCui>|{+O?QwUvwkl*Bw={VwSDywX$MO15y8v|$K7zb-9*H;wp=Mps)SG}K7% zd3j|=+As@s)g4K3ciVy966_P1q-z^K9DwwN>F$g@G@P3c>2;@IHym^sO0}o z8}Zml5MKxW1Fpel!->#UHzuaQk$`2J<%s;*;;za~a#tm}bG9x0H{ymz!vDIas}I(2 z;#&ORSTHQ%pixjCSl8YcIZn6Lx^rrmeH$ZwYS$unh-)9@`F5n``F5s(h2Cm=a#6A? zSnke1pou-I%b+`;D+tD=Wri%-qfvD|``Tzkr*+ak`u7j3^_NG~;^q?&0Q&bI=C5J> z!m`pS$vIGz#bvEp$^1fk1Agsb7=HqSVG@>cEku3bN)$70%a3mxp*O#c zIa8c6G7vxDYnxrP6hYMxku7@7KW(=SGUwrimy1!L#`h>3VnsfI3dcpYa`+n_$;0j`iVPsv1)MAQg#;`dKIZ#3H%txga8f11G&|5!Le819$=FP z$B%`7{Lv*U7Dn=N5s(We1#YaR=z{pTx2GCEn}4oPVV$JNaT?Yx>G64<@m(QLo>9;# zeJa}W5SIs;gx+Zl4&_p9WLtz!E{HJY4}!fLVzOvI(VeSf(W{iL$k-N4BL6e>wpS4; zu>49$5$BI=>jzw6nQ4p9)p6kD-+!z)$+BDqn#uT!xxv4=V<~$}yA|CYcpIM(AB^>p z)vqxZDoS-@na&uM#2S34K?-p-P_0?b;5rmnlQIx(az$UapYdd(|0y)3tOOAqi@63T z1whCJm<6>3d%|OpnO~VOn#g0l)Ysa5;Rv>3m=1srVn8-T4%|i$2<;J1MuVR7*222r zxA0TchqO;c6iAf(F%;&2`M{;rc=A|@M|095P{6-~pIY!v79WJ|uqCnL8)P*AO5$iAHp7!$IYDVhRok=NspXwhiABxq9iW9|& zTxmswob7mZ)wK)&FT6>4H6uaDV3)j_;Up*ow?Njt^D7Y*XsM2iDcq&_Z1enkG2mF! zVkOD^z^PCA6qJc?+sqA#<}|o8xIl>Yr`B%E`sv2PWANP3ETEjd-^^##g%2 z@1(M8`cSWV_^B7J%=_U2KcyStmvx^EaL;=!X2&CAA>i!hIuzW%$ZT~m2IlQx9(TrT zK*D=o4bA$j-J7YscrEAR-K&_GpT2k_zQ&lpew?o}sO8=1GpoVCP3gbF2YH~Z z$U}|&&|p98$AiA1c;4N&jm*ELnEIKe<{-%T_xQby8V&Y?Q7*|F;Vg|=e--|idk_RA z^wf~7>w50_9q-er^&=ow7PLUJV{MOgRLs|*ap&PtpGfq zfUO43*`CmMcp9Qn$kmxB{wa>F?X>s{EPiQc#S2mVFJ~+6W$|MRJAqz+;zegGekF_l zxwGQAD1OD+iZ`D`@rCV*yRCuVjV{J1INu*8EAY=XA!x7@CqV`f)O5fX|@A+QvioWz!er7>E01t2N=ru@eQo|CvA z>E0aOnBJXI)<-Txhe-7!gmr{K5pvZ?-*(?K%k57{fksbBy5+9GZKweSd$QoS*d7z@ zdCQxL77q|J8Ky8nt4ee*rDZYiF3&wQwi;*>6~suUMD6mnws znRyY$C2H8Yu!ym%2f;sj&R#~;ZxWFXUPJX(Dp1N*F9FnJ@{Y;T+dyg(kOFyez8gsg zvkRJ90_&wuN!6CprZJ(45{%H$NWcanDtpZQ&6BjOq`zRWKtZ5#fT$>dL7=Ce>@lRV z8RW^r#{z3a;zZzUVBX(s+pB5@UoBo6#YyCnO z)k^v%nX2i=_qr?p6s)G)Wf#lvZ$H!gRUGUJLc?B;2NtgdP%=oMm z7zyYfSR$aTfqTvKifm6Xv1}`w>ezToiN#{S9kQkTCx#6IGz#S~><`)4*~qQN zab+K`VfTrQPXa8NO%zyzFlSz%GWCaT-Rk}qtSOwDP`EMJ5_6Xi3xwsr#?u`5e_MxY z74PGjvnOL@s51l#-|7iiJa6Jycxq+VTgn{-OhUTIjl!NqQ7MN?$=`VjP0SQW-eNLN4W8a&51pj|uyGCTAU*ob}%1tdAyh z|H3*8qjl+-fW&v%bpwpV62&_)q%By;U#s%q?c6v7Ayek)adzBneE0ZUJpLv(a_t8% zUH+|ZPg_>MT+LDcbf+Z9R*#p=KgWjz=6LnMr(^I^Z=Q1pRg|jF1$)=u zh^-;atxBm{*aiZjP^enU6#}q(W!%Criv5)wx9klxR%1ZwYzurx?O|ko`7s3Q6VEh2 zAX5ui0Qf5#1~!5Rlfnhsh9gOHsu!Nm-Y;|oD8&^JJvfIblksY{F$#WTw{d$cTPD>( z7M>8wDSV`*`_Why6SyJ772II&4&hJ~$V?A{xDB!bSas8U58}xM_l#qXp~TSTf5Rp2 zw-k7g-D;-c$=C<*&dJ6noNT!LEv~vYOdhaqv`ztmb86mhPC48eyQD~H)`2O9|FFkM zKi5@vIuRZ$iS)>L-E-&b<1qW67!b?gG~^=6Y#~tbpu(!(C>cf;=>vAwj4z#)LcrRI zrc~iqRkAk-kHJdSoh%07oeV>m!jWoM*=c$!wY8HGU4$2|=xS?Ak}$StTz_);P7l@A zcE|h&Pv;{ri<1^(TDob)htQp(t-3EB;DLDq(LiskcmNMl9-I057Wc*9{y0X#cd}n` z5B$AAcKi?UE`YV;$~jc@eYf9q`w!R#ROQF8dE#$Z{XnXWl9u+OpeR5^!WO&ye|KTR z15skTCvMBXq-}cO9)`*Iw}z*RI+<3>x(LG^yMWi9iYQ%NuVaQux{)GrPZjWsEL?ZDnIZdJs9Pq!wZno{Be{Sh`8k>)H|(HDQ5o za?oxw)C%G+KY;3m=seA`zSjQO1np~0D^AAW0mWV6-)|l4{g!1F_p>Er&QXy2$ZRDc zEJ;&)4Dw!Bd@253P@KUkNp~G{evUyzQP0??U`~mI*$;;)_*w@Qk0daPX6pd&Z2)Qe zmqXs6Pl5n@2f!+DR2sGhAPi|f7al&*V_PXqF8F$(LUgDQph1rYy$RbD5?kI^4JSL> z^CnuS+B~uad?#ew7VyA22H^Nk4_Sr-UX%_9ybdkJ7n%l?>A4^_WieM+Ri3^;-mwvh zzhK>Bc~|-J%HC1)(^g0n=1%CEX6lFE7`E?=Cup?{<>+4+aOyw;w~>C1C+FRwERo`O zb^mJ^6qkRG)-R7tp3!S9FQnK-Hssu3>Yb)Z5P zzpG@k)Bb*=mEr5~90KR;Y8mhoVVGnvkoRtnF_Zo7oRZNp-Ccl0c__vM95cl|v3Q!d zi3chNe$pFCsyy9?FPZCkYF*v+w_&9Zzcxtr?P$eck>PMcaRVCbVTll(zOf zC?wR6RwwYi{8#vk7sgO&6|aMUw47*Qf`%>w%Wv=*%VNXq8y5fW=bM6Ws-?7Z=}sQg zEyk7cdMFpv;q#~42KY*c=yfev1+((NeXK)o`&zn`?@GxinnSCJziuyX7HEm)>uGi`&@1=6GUH!yrwutWk(+ zmqi)ws@^vWGUE&J@>stv~sRdDfwWx*DC%2g2S2Lec7Fs`ie3tFMki3 z>rXS3$xuV~cVMZ}_M%~POn#%s+;&D~n%x&(gBSPsTi;kiw;sd!RaQ59O<4=;zPZ}x zIBN&uIp18>=b&nEh;fzL+5jd6oL?}qOH>o%abz3wPl5%|MTU%$#qo_H$4>bj57VcoUUF5UV?w-aK;zl9)dI zzmY`ekR$_m8lZM6`q>2d*PH$ufE|fGiI{bQ6l^~9jq#`Pqqa6kMmfj_K@t6*Dk4KE zfs8OjSu1}6A4BpZ(pK>`sZ{P#gq>wdhGQo!s1L2=8JAJOCU$6Q?qb2xtU3}%xp@fZH!%gx`7oN z$uO|`^Sqe#FoR)N;5ezoi%YJJu@=Qr?`IcPD-T~RlFCEu1~zn-Bc#NI(!A;(kc>ulj57!Zq_D;%3(^u8Ni7#P` zD^*d;Zh^vKvi9=Dll|`?w)6J5Ig|a<2F6UToINnkh1hSdw<9#f*15{z68P}nZEfp` z4t(T-zuBMBZ~k5DIfXLU;AOJ0G(FSff1OVAQY2ngxha+O_xRs&A=ST|N9L}?tqLfn za=4A}!u#S3q-=gqLVr0A8izp24?G#CL8#P)zlPUeL7Lr#G2MsV2#UFhk65|!=t;U3y48D9ETaW7M&Ipx>PZq#r+G{>hx;mx9i~B2BbE%JLRj9%J!GLC<5t zYCffXGu|l9eYl{Yyi%4os^UF%?jwr6OBikDYk?3y4r1!Yf}@Q479mDF(WV5>XA$2= zA%0j1@y=FDh#4nmB;HyS65^?Aln{Tl=~JXI+dg^`tgSZ90!zS8#hIS~VUPcV$;Pdj z5G{Ar?DWM~Rj$K{kZh@%l0jbF{?<@U6}2U~T(5eV4Fum7yNz3+dhA$mmf|Nhc}76E zB@(TipJPs(y0ALPxRbyezyUI$(3q5PhT{uXD?qw=LYaHRr27=4>p^ddMYYJ;2g1#vlt5^L?XP$F8v^^_K(bWA7Be}X+Mq#LV97617(RVfrShKHD#gZ7 zmLh&*1zf8}!KYP{%|$BF5Y?o3NElR*A%q|mdf^=p%wk~0ETSJC3Z4U$(02mhK4igC z7Ng@VWzlF3=cADhW$`W}1wjl;Srmw}csHah>i3M{{KXvWR{8?bf-193%759U;{vtx zU#K4G&z3*i(iaF&X)?X%{15fT4TnYUxzocFOKm}sSK1<4kpw z68XVDIh(eKcCvIV@}ebbZJyf{3*b)mkeHY^0cTr6=#H{;M@fiy*uiY}yhsU=FK3q! zW{Hvzr7bK8=^fKP=&JLWl2r%3LQKg9xF;fGf}L+}#Bc3V!6h|VnniGlxHcg|PgCv< z>(>!|AezUxCQilY8HpD(jjY&1%fNQ>gm0E)x5(Tu#vu!D7a=4En|0j&L#!MEN(;FsEBB-FXpv)}7c{sX>dmz; z|7$LkRq~077!EyS@wG;JFL%y6+R7dP=Q3`N#is$Zd=$A2Ts#iuTeB ztV{xj+h}f<0ya=hpX6v|#XmWEV133sHTlb6135(nG)Y+-;0yp9uAve?p#w;%aPhsX z0f7ORDE|wv(0qHKPNOl17YqRwm;nnG-Og57L^Yc99Rg%fG)~OCL5}<@gsj_|flFRwh6H=&m`EUZT zqAqwqJCd<{C53>zZ5&QRBk)qoF96ZNU*z6}UjYHK?w4ltDIiL)5FNH=9UyBjrTDh&DrLx01z&03pNd_sq5I^IYCtAk5r5tFom2lp7vh zMk@9vU4!F5!r9}HJ=T#OfPS}A06ong8<5out79NA8GF;Xt*i-KIk+Dk=V{-rz0|9; zm6tl;SkuJP>@@G_>fn67d?z~vXM@T{8-$}AL@de#-#f8-><&y3FuAI8HSgz|dYh`Pb`h7~fmD`xX%`z7J3ty7xY;f3^X1PFnHX z)xkb`8+Mr-w03U$-bJ4MbOKn|6(8mfI=TjMe0ObNBw|d|{X5!9jLYD}Q3%^zIOZC? zA(O*bA$t)-ogv3ybS`++uQ(xVcktVgiGt_th~ksmn$d5<(ak6by#s}v3;vexF7CPk z-908a3dM&?ahyj#@U7u?ob-mX6whUO9J1Q`@w`&>wZ!>0;DYYg7q=(7vt`=<1n^1C{{P<|0)E5DDW z7vPsMz>Ti$Tfij*1Rrv3->RM%5uCNVavC;cs*h9<1yrcvSL%l>M53-s=c=)Ksti3< zLv^5TT5D-Yv>rJFvL0)ZLBI#6(AtzmewrUhcKdg56sFS2tz4Quh2tlIyZvu-&74jF zoJ)_49{*9g&$96?kKG1FD;{apv`96o4oZs(7;XNO9V+Zv*(Q0;lC1E`* zuvEQ@|A(G~Hm8A#FPMw!8OL2PH&$#OPW6(DQGSoM>bH1d)tudlK9yg~5ebwUEEL#6 zh8;_bX-U6Lvx^9k4n)vA3SP4nk_hb8Af&+49vsH1fdep6{T{wbQcPMMyMy6Y6?H>d zp$f%A|JBMFqC&Y)B*Lgb5@;_&!m;Gms^T$X5fOkH5Q0GiT^%btNE)oIy%KA-csk!2 zTG7;M;34hzor+(2+nloO8>V@GP`Ws7lD81O;d|dHg$zh6kF*mxL>10Jsy#%M1Ur^BX!7zFkr0>OO#l9-tCLt6P`(#_T>+JG6W2H^u0 z5%z6Ey{dyH^uhI%71Gfi3p-A=nzI>F!3NP8LSfKk2F1}9C5dT~jYc9^0HIi$U zM4?_^{5v(i&07VVJZ9dnjspx)gd+!<5WE8}^wn1HMRbW}-}&15GUm2TVs6{|ELk5Q~|-e(Q>_KwqnE|3L^->Eie?#jIh`*Qw#Jr~&RzjMj@2+{QJn z;Zp|ld`G&tV(YM56lrcF`Mt`#n81aY5{P}!b|FJT+b-}HqXqHOg68_K(SplE@Y~Bh z`uZm!rZ!vDZNLAtG<5OEOVYJI1=N(26~>Q|U2Kvn)Ok zs-wvHEP}2mpK1H3qV79)jdR8B@F4aW8=~nBJBD(wOE18wJ(m>sp?=2G2yY_B3LHmM zHGWVXc!Hth>u4g(UOBdL?5ASoXho1Dh^<|fuKu=CPUXlb`f7+)F_i79YfCBnfTu*b zjT?CusxWYM?bnc!2FxGG6wX)3lw4NNn8kf?QNfH`wGtO7#5F6#lzM(aWy(3Ot@w93 zF}HRFWNgvfV6lcrQ=GD;=%~laBgaZx4R)q9J@j-RCj-+26Br|;3WOn>?|?P4D`k*|3!#} zhcQddt^t%#^akYv<3FQLwY3-EFJ2h6#Ra^-Z3ixUY-xP&!uPA&)f0`R#WZ$+W zS6u1Lh@A|D$?6k{1(%2O%WB(N zGw37Yjctktl013A<&e=|g#*N=> zW2wIbn=m!gjmo=#94?#RMI3!CliivJ6Y$z-cwd6D?I?OP=YCedsQ5k_kG<9_5fKP5 z@Kjhm%;>%RCva10lQ3ma8$9zw8a&!0SUNU`)wHg2B(Ty1E~!q;`D(|VSYc>ugUC+& zCuk6ddd?;0DsC|w!ig6Zthf_kLgQO+&IBs{ruu}Ej}tF{jb3mWV8dQL6Jbuq!JNcY zI}Hm?r}I4C6hT*3e1aL|AJYpw-X5EQ5jryFxzyqb z{&iY17uB7$CAZw|?cr$2MQp_aq(!yjxtG3DD?WwN{i3FZiDFqan@|V}RQQT<<|tzb z={pTeUB~(}dg!3FMjw>`u*cL+l&LPGLn-LY&Nfb4v6N3CG5^{CsJu zM}@FD@QiyhT4h7k$9z?lJrjifFI0AjGu&35P3IDKjJ_w)zxm+aAL)v~`c6e2CVe=X zFa0XG?0d5m#|p-8_E^?a_igDB9AGEHsF{&IWpeqU;%@TY8<&OIarhvC)g{!_aDW{~ zb6w3_(VH;b*nG zN$obcJY{0i;BqWuxSE5Q;$CeeoQsWb2{JkJwI*x6DKZluxbczV7#wWi^BA+!6Fjrh z(>*!wEN3>XV@<@ut*-@ndm=9~J-|$-B~!*b!DP2Fa2ZO|rR5K~b{W07`bMCn##b(u zm+QhQ182liSAi3-9-S>`Xc)w)t$-BBP!Z7d;@+W(FxBq^ov za#EWq=IeVEwbK-}Cw?-~N$rR3>x9}uOtT|m4i$mJ^bI#HntgaO1c;d{M0qT|6i_1Q z+2Ew7DI~Ot9^&~8D4H!rdAzKVxc!%)=dZpOP0zMCwoB$sx1ImQxxmeNj!Eh;smy@1MG0O=F(kmzC8@(_4RRle+THXmgsfM`# zg!5dMb;*;EGmhX7OVaMVP58wCksegSDv{Bd4y zwcfm)>f1XjthdFRXC2Ydg~#!Rj%X0Qec6}R+u|RC?(V-qv^7?*TTnOG>G^BTA4ESM zf$v~aRVtLIY#4{e+`^Pgruk0mvv#|4aK;F?6N@wr>qwg35Gk-kqG6U2i4;pD3L-=) z$stPIKjAF7#wwX)mDC|jKYkp-bi=f0Vfsr9glSIoS@htOdsNTF;ym?W84IXBrVw*V z5>w0tC=ik)tn0I9UK1{*ka9{AQ_L|014+WrPd)hO%m_(3y`&RKqL^2+nY0^BJ|Kb4 zX$S_cOnyqJq)volmh$T)q4%c2r4T2?F*b3c4x5eU3(Zp6{xnOo@rx6evOM8~1(= z#+D%zm#dyQf%v5(C_Jy0M;C?auu3EJ-G+(QWCDsvVFMm0-{#FCGM40BDynu z!E;cX(fi=WQmk_CVgNe#Q)2bO(fI13VOHy1HFoQH(hfXuLa;J~JcD4M!UPgCf_Okn z5mmx!bS_Io4s~pb5Y6a)gCNmlBY|U=u~CI|Y~C*}f5j)W=eI4rYjNku1mbr@uM1qL zZ?N%0m`sQG0h(0F`HnEzV!nl^3g?K#@Czl0%8gMO<`vW7IFXb0BWkEdEKcuX7k){Z z{NyII7-UQ%dYGOKlV7k)&{c=0arqkt0J8{xPYpv}U?F8hUi;Ycy52z%iU|x8Rfy+>+Opqu z*zYYTS79LP+cK!fwC*zwENe9hI1oFasM#!y1 z6XXBQihiXQ{c3@H1o0c3#J}57RulXCW~=;St9%U`ZzSeFXwkpFJKAzs+;VpM&)cc! zPfQg3uaXi%e}$%#{!B4PS!ISPDh~6FKbK`-pGc_&L9QSz*c-%8BORHd^xF;vP4E_z zV}CR8lX9w2PLqQv=5~}Jx9!Q+&#(oqtsV$xIF3)R#+!sjG9+R-%2)-pb`Szl-=+jnF-6{&Zj4ZqV0T_CB zT^-G?#uH~}*M>$#!0HgYekLV^fC@V&yO?6Gw93?m*flF$=4n9-%;GFrn8g(HyH**& zRv2|@xQuEF7=^2?RqtX7>DwR0oV*I&+bOTY=YT$p!V+1Wd>eKz!SaLV+GH)tbK~A; zALL=SWF_f5C`cFy-Llv4%hBC!` z(JB*W=ucV3?tdYchWZ~*1|9})hK8GV~RP&DnnW;otYjkvtJ0|)R{~% z&qEnYXPRR8cIX@V;uWS8z>HibmdHo}it}rUQOMKYvGZD-(V@_UaY0!4ZMAw%-Eu66 zq{dr5c5EdD>!p3TawhRVv#=z(;B{8MPI=QY^^ngw#}|&4fKFWcBZ1ud;Jp%G1B_g; zxXuE`DlQ$^PpqCteVDmmPfMT|Clh|j_@z_PJ$Q1cWX?+EgTE7BKo zMY=bFw|RGgijGvl+rb8;1QEM(Fu0k2)?-B*JC=ePs+(%0GsOMSR3mj3>WyD^fh*_0 zvJ@oYN?cz(R*Z2m*gl*X)mW?nA{WWMsmzE|(W(Z%_}B_W`|gH+Vi1Zg`hhzG!2e|d zcMsl)$Z_nHM%-~{D*-qWhudEj^RDunYd?l)%ZbDg6m%lnxCpO}!Od+Ob=4sfFDKT#_7& z8~Pa%I8$WZF2oXM)Vtbtda!4=`H%}YnYjnQ#l{>1->x-MrL(b3*ry=CzHdFEjxjOT5p_JxI}zJ3a1G*) z(5?-H8#h?>d%Md1V>)j3nAeD8=<(PWB<`nhbqKpEZM~#8xwLgeaT4xt`?lz}{>+a{ zq<)E+nhiLsHVYBO_8YHw^PTLX84t1*xalK#AUC$+N;dA_bY4{sgQo?8N za@lGa1s`7$yu(P4k{=-yc3N>#S@w;tX?fm)jv9~LiQXab&!0*t8DF|MVVXCi2G(H| zjWE9iYTlla7)QQI?b3h#{&|}qhRKIH6fX|BF#q}srwjzru>*`8R{Wh$B1P@*z-|fB zA4@kY^YK}zJE9mHS}rN>LASQOO@iBPoQy+|aszgxoCtQ&+i=^-Nn8xEY@YVgxXgTG z3bam3w?&1n8cWoA;Qr&fMYtcihacxiPSt(ece%Ly&3~mbzPfW>D|s0a=~q0AfNcNU zP;gXnwZR;urA4J(1W?*4wGQ;Qp7B}aW*S_ghrKko`=;WAH`|rdRNN)27WyrNJ6VRw zo(`TWpN8ofdszNDwP{5*a}491YiXG0_Hs5{@B@3!FNvTB??XZ#4%0{V;_J6!{HrBr z{PmHX>Gya9XYQ~#qe#U4BRa+kwSVLd3CcPudd2^&Iv~ZcexYx2Mb-}$=V&iwLPd@! zKBpQ#mv}GaORlzVTO>v7?M3IR9Y0`MlKq5%Al5q|uQWT;+lSJYg@eB>IAvQ2zMcce z01lD@6iSbyVQyt{`c%X={ucZ*W9uNON}8Y3#l~RBTv7$X%RPKIH*5y^jDgqBq+MA@21O#uF-LH$QaEyZ6}Ef%Kjru| z70uAfN5I6xz?dRYo9E+irncgKSe=l6hHGl8%JIVGy}*9tMEK-yA6$XG4m;!&{zeSA z?1+e9q%P8<#G!oD>3;MY7xk8H>?HoI#TO{f@7_2O&tN^?ef zFJn|}1IXf${a{-i`@uZuU2Vs;l*BPpuH}Xt+yM}1=}Nl-oud|)0`S`)d<*u9NIC~e z?wozzZj;MvwepVuE{o@91nz}mmQ5z-u@dYyUG+0O@R$yqnDCg|QiySulX1pV?;@}8 zTZ`Z0S}%2NBzNA({H(o*zOBk`$jN)ra5!c~9c_SN#cphXt4iS( zk@Zl8LO&d3ua(CTBLd*RQgqL(-L7WbS5S{naI2Q+FcA4lFf z)k~AL8*7idv~Sm;rr-e5zbTLh^U2fgfc@pTRtP5SUfNx|v5{GK1pDCv1RU&%jR(lL z!%jxNMo?Ed7>;W{*l}FDse$Ca=PHDfX(Q`Ox*m6H!yAJ=k83j;N<`Bu)C1*IZ@0U{rx{pW?eYXQT9~wi%uDsoe4tT7?8tY=Ca! zzx&|w(^jqk@@BVJ+T-}vJm8pO;kX~UxOI?AkB=P%f{VryK{q!Pvd8cHAcURD8pe+A zX2S--?v~E5gK5x_#-eG_$(Oe6IJXExjb=>6b&A-tl-hN&G2OmDS6g)@Qe7MELCc+U zP+Qd;3b%2LXJbug#O-iPDh-|H{V6Hz~N&8HNQQ*B0Mk;FZAM+IfTL87&vhx znljlUZj03vuDV}mqAA0zrYu%XS^aK^xGHN3{J$zzgzp%imb@h7P3^2P<`^P)p}+}w z+^7BnIOI)KS}rJJkJ!!X5H229S8Ws7iN#JJczW6>@cdfgVyoLv5q_icT%t*`W)=8~kmzX3{2 zu)%Glz5<z$sk5XEmgwA2%YJo>#{4hZrESxq25`z|GYnZZMAJ7Z!^t z>4<&AZ+@lP?CXYj+U$E+z9TwOemBV()7iNwH4WZoNDsdSaoE|2<{#)l+zVu{yMgU z0$o{Pg|ol{DPZ>OAoIaWWWK@5JPnk_tr!tkdrF)f@33}U?McE^6aVNdKCOFKXdgnO z9z%SZg1pYB+9eTG)+IdX>#PH3+X~RoRUC}V3tc?|ABJ`Ni2Kg%xQqvD&p5n~^cl>V z8Io5Gt-$d7 zlDdNg0f}z7e67PbV0k|;oU=~mzMjm_R_o@WG2LR!)hjt{!FXmY z-^gfAUrTfv+fE5O(>YTS=`7p23pHWhiCb60RNBX5@6|;m41r--3@$3c)lMF(+Oc$i zRiY%hRf=B+t=?P718Q;+9{^}nt&$HMQTc>)BXD0s@N%oNp`?4RqlRCh2I$BBQeHku zp-aGWGA7r7YUn~0J5&cWBRtd=5|E;@_JThFAj}PC6ghB=gH=kdgdqg`KA6!g+m2ZD zXQAVzgwJCLyS(yoy>Yg*f1}}4C*kuMpBDF4Vhs(9Z~^zpmE zS%ZI6Zx?0of)Ld@Nc2vzTT}=a4!%slMoDd@&hj`SLuWA%8Hdjx6gDnlPBolWS_M3o z7&)$Q<6#6Vdm%4A#>0Bdhh}b_u9g2neQ%ZT$`v{-z7<9%%Xcfuqx&V}0FKK_v?hw! zKYhwGxDJMFLedl?p){|oHU&mH-rY&DNXVn1CH2Gh>bo!>!`696Fl>E%DTb}>xk(oZ zz~qq$jA=weU zGtJ+Pr{y5$N8k|JJ153$l&cr3VQFyhLyGNjAspYjwU>sJ*YJIs3O%vv~7uO#*lG(^JgrB*~2q7u$eL`g+vLfA{H{ z8V4BK zS3xQY((u>^0Pu)q@l*R*9$}4oX0V%%wNmroA5aW%kxvH`8qAEvsu^icA0m{Ud92cE zU*KCHyK17)Z(2w6gQ8}o{{1H9n+T`rzB)hvI~&Y=0pcKQ(Q+ZH+Xc~G^@2@PQLyGB z8!%-!C0G@ruJRw3U_XB}ZF5-?U8Q&bv8Wf}_Shef1oP++aDuewE3hLOMU@ycK=d`W z^tzHgJb;J6aYphZKNuThdOvS&*V{#ZnTJ+cL=oIXzXxs)k;n3H8;bwn*j=PE{{TD& z2+Yqhk0(Op^VAyf`NMCk$q?9xQ?QKW6+a{!bref}ZUot=gN;}03yA@Q3cTz|UJ`n? z+3oj=p?z(J7M3U!;Y%iD-_~K$qreJK)4U*}0fB46xRcDn->X1hV0;&-2HZh9N+}9w zlD@;rA{kEoA^qc;D&~Mb~&gl2(%69Y%{v^y`)ql!5>_53Yc*>mq zIF1K|=kmKiX8sKr9CG&HY%5``V)1?*2UHu$L#}{idDilF*<#Rj;6&y%k`MKTs}j*< zlm>Pxr-xm6al+zYkND>M6;7lBH%8JdjJ-v_L7*Slc^3=@&<{%GTU&UfA>VylQxr4I zpW1Z>cRDIi?H{7Xf1P#YvW{Ffa3*aY6zd^JL!=E`HdBX)qTPnx7OB zd9gE)huEQ+bEzl_gQLMTQU|C&2X57|MukN?J!6}m0Vnk_>);oC@G+)m>qaUR2M_1t ztwzf%8p|1Q($f)2iZKYP7zml~{z9FPTv59mdz;w#a~evX2;M+effi9i8ygQ+&AMJ&vclEm9h59SuP|j09(8djY z6i%Z*MNA8c|4iXbzzSJ5t{4-H=X=gu%eo47!G7M}>i+t?GMpRSHX$#k0WA#1Wi|R6 zFz+l*Ptkr^E4csv3;*S3!T*<$_&@ev;a>!8L;Cu62JiS^aN;xXd5Qu0tOFJgT(gdW zL-(DttV<0=7F$m0b#!l4ng&*k6<9GTKh>0Hzx3F&}&{O(o~!)}REvDxnWXkv`~dp$Uk87v`_Oh3dii`in5hi9B0>X~H;!?1)eC_hk`> zWNWGRA=y~J8c9Rgu2S$aSE0^)}Jmpvhr>1ZJX-VxFujp8u4sM$P#9ER`8pe-`y<**62))0a2m zT^vo5Lk#KUonF-=4kV3(PHza4z-;`@m!Rmk9sxyV z7?Dc~{&ucSQSl3tEW&Z?_+!DVRu=mg(HHg3y0s)LVYC^H}i|4#+8b)qZCgEe<1#od7$^LAP-ih#MStzra}QjDT@V+7s~A zb_Aq+m1ID+hEca-k|J{(xN5{{%J_Wj%Oa4psCkE&X!!o{yxMWHUH?Sent<# zKV>fYg8IjPiTa111^@o6pW&08G{HP54gv}vC#UQOeWT|8C1d-ZzkyoGU8BMxzzvK%!<}qua_m@44x1AzhM9&Z%Y|rc> zJKJ8%W#FJe;8titJHBgk2l@v%a{hZW{gqz|P5-NB!4!M4>RK&CcVIjJX-32PS`+l` zh))CrEq@Q8Fns6<*x{uqK9&2%>;}*ZSsGZmb z=;91Zu6k1X*Ye-N3TJOqb7;H$t-y|W*lQwsGxTd{Erd-Dt%2yx0kpC^57HNo?9k`6 z%AUQ9GY)S!S@$uNz-4;fDd=%^nNP-N`kkMRL*NTrg&duB`*S*I*cbWlZth6_R`B5N zuh=lFRj_C}#qUnbnc)<*MI8{{Vua`?94Z;T~B9!a0KpWD?5`rQHv=$Zw^k%AGPI0iBDZWkY6?Cy}PCh zo+Uf1s;om8Fax}z5)Oy1m*=TNG}*Ll3}3nR0uZi;#tmGM52hfV5o%&@zP}NY#PhOz zE!~#g7-52Qa@_pBGQoS`PN5_2j8}1fd^fdRQ;lOaD^6hLx^6NO`?`!=P8KfId=JFM z#Q3&lPOL0WI6wF>st!JY4A?#~(aJCv8Mfu8oo$PjX(`_3&` z+1v(5UhI#_!#Yo$wlY;J=y85#5Y|USuus16J(*CPFV300unlmSHqLK9QF19(cFB{U^j0DNnr=eDyzxH!Tr}bvef0)yN4(RaZ$>7S_zi?Av zt-_f1fA1~<%@rYv<`d(&Y)XH|JYxPC7!Hk)=c@(j^Lr@LV=lM5WTbA~8%=Wv5~+o` zoCuO9qXG5jytS|vler3HZV0>$`%D%+517CH8Qaw$tu!CP3&j)bR#kX3S2{obDEx6g zKhBenbsH3Y9>tr4pP1K$o~AGdf(XDrN(nrIyY-y&JU3bP? zi2W?aJvm@(j4k-JOas&N+FZD5XXQ40g4`pJx5xRxM@gxNn86ZTWOy7Iwt-Y5g9-Rr zO~GGuAK1ewOC45|DI7VwN}vc5&c}I*puw&Hb}Qf)>s`Cd)en)w*Mi*c0U$TTyq3Hj zF6AOcynVlAu=o~Ci&*QH;8Q3I`9X!KTc~BumzO5KN0S0w zLTkNW?0*4CfAPuhwp}yYpQpzEBzy4p@2ZFY58n@6@zTB(Z}p#~zT=#plNgz>AZmaA z$9Jbc`oyI*`RY5Orgz#|=Ix*+)iZW77FE~2y@j!+_}z)vo8HIzGxmmIriB~|I{YW_ zbEiz5@JO2*CKT-xT)Gpge|=2hlosxj!x2YVBkmB){bvIs_22N3_oHvM{qQl?FNPk1 z<{coOsL8yFD!X$KS9S^l^XU6xA<1?6&-Lb0w6@@-bhMOy*m-CIJS)p!Raju^8*&^6}3H|hpUC6hL`Ox?I?>^)c zz)r{t3HWuE4Z@as^{*6)5sQD0a?She+ZS@+ug2Fw)XI@-oN$g~kQKlE3=FB5jD(<^wC&+}$CaRbN|$*W)&|OO9$4Fie4__$=Q_!6OOy4sEoIwcuDoq)?5Dv2 zctT?AtCK4lF+6JSS8+dT8(uJ&?{$?OMtf@YS&go4P##1AE7WP+UbC9JkuZl!6K}(u z>LL$k&cm$rhjD$-S(hd0Iju{f@=h$j1p2Ra`9;+o_#`0yELS!=UHRdm9%wqC`@!qa z7K_6IBYO%)_P&sSh#8Hn9f<$t)SXtR4NvdX{TjcLxv-+|=qXe!SKW$2zKGC|5H!K4v*3v$_tfO_MQj?4miV!HRz=veY`k);Fn zhNE@NK6iA?WLY0l8`REg=lYOdM*f#9M&AP8?&5+o|DZErke6jSctT{U7aTr3q38m0 zbp_0jOA>FWSrrrR)!4z&)BG-NU^wA(*6R<6u8LS+<^UJ$dr-<^FyBGjE{@?5o?yay*OFE_w0lBVfz7Y&f@uGrKrvm z`z{|<*cjUDiN%F2aD#K-BN6e$ey&uId)BKAf$+a2KCs&ndV1C5wXD)<%FTthlJWudK^EzNneA0lAa|K>J zVa%RpuDQJ(7Ch56E%Fvv?HPBg{mV%KfB=Be~VLx7Gy7d-f^1bnBo3; zOdPhuVDNcOZwlx&jnjL^w3Z=j^AXBj-G@D0b!G~pA~A)S?Z#=#^L9VG1_d+r={5H^ zl@GbJ>!CS%^9KwQY{Ks258?E^;vr;uG11C2`j_|infY12+e4XDwMnS9JA*B8NdCOt zynByTZpgd;1x4^~wsEg+#_9*ojE*y{8&7HFYLzn+p z@I2K%*ssY&mwFH*=b42C;lfxqP;NsIYJ=saQK0Qe1ofs)9;mB=uwdne=9T#ZUaCV< z5q=Q)^g>FKbpLRPuQFYKMY&6ocmH)&%!blMhkvQ_yd{w9!@=l`#p(L2J@8XE-@iys zc`*ib!BW@ey$mpe9zqp924rzHdse;P?HKf$IRX9mG0Cx0khU@@|Ln%upSJ}{I@Li@ z8mzjSs)0-H7_f%etISSUx_HVttS51}(J`yV&&@B3$OJ2-B&u*0L!aNu5O*(4S*CJpA40c3cnU6EtE>AJNY z`T=iy%oUpye`Hg)?DW)X z3mJwR!+NCtoZT*~N+c9hx)3SH7N>DwM;c?-VAc&IM{=Pa^ysnHe0gSjj`-AQ+OB^x zU_~eiS%_X}1i_rAizW2q{Fhx2_DG77MBrtW|AO_?c{}Maw1RVH?RHF}=>Yx^qX*{E zr!bE`h*e22ZP=cVmTs4ksk^hY{}=G-mvq1nP4aE{nCCm-=e`~jn>&;v<2MDL^RqB~ zX=Ka=kdC~zy^^bmZEc%YlblQgzb|BY}F?#OctsA``-bFP4-w=%1PxYMSO1yh} ziPuM@FY81=7DW6_Tp#56kHg1p&G1oKXp!U2)^U2y8QgM}aYiEBg59OAtP>o+%UWYf z+uD|DJhrj88(!P)!wnm_+%mE5FWi6kXsik;`!>WIA!R>0F45oU2v|xs#y>s;L1pTg zT-#9O9`ea^ApciY@_uCq)Le>IbpH-VN5!7x;df#YBS^}fu2%zi!mZZ+hyH-i0RQ|- zWa7>eu(z%?yRra|V;T&Zm4$ICZCGVNyh=-}EQE85`TABCfD+7?Qdx-5Fs3C{7IdvF zl-dd`{`vPv)^5luIlCjLWIU&`u!r_C+T!0cM-q}N3wxHHj4ST39!E0AY~Y{Zh>cV; zl3;Ijx#$M_e&I*|c?$SXOP^d>plx72RBgxEcW7CgjWgQ!c5E)|coL%IYaZPqdW(^>Z!jJt9GVXIEYYAa{r z6Uu%TE}Jk#dwD?jIeB&UNgnN$L!LVijRSt(^N>GITR9Z@CqZhu=0 zWXlh#Kk|E4pKMnj;9f{v)v*ylD*=h`fu_Zj6tfXGc+*$vhJU6bHGKu*G7^9C4`>1B zS&&)gTHGVaPS6*Imv=S{hB?e*^nUsF()P9(MwZI}xp7!0I||6!9^;R_Nas`>tbc+uR}-H#5yAvEUKowE3IDcJP9K zjj)`f>W4<))ET+~kl-9Kw{YNq$&rTo+fAoMPNn^0+XIq@1)mZCO8;CW{=2QEgt3?~ z;ICMn{xBH;sV}5fUqGk@;8FL2F)>+()^m#z^oRNAc5EMu!9{)iiopW;w#zjpc{R*J z^Qh3gatCl#yDl#xY8VCJ`>>U5%~WjvxV(X(^Yn<&MaJ!dLx?}t8j6?dRa0T{9cyb^ zk6;v_6xs(o`%Rp@nbQR>C7?M|bS5xt_yeTq*R7Bu;FHU4?i(NfJEc5m(&6B5YugB3 z%vQvg*u&u(_{l@VA-!6qp}jxqElPGcet)kWBLlw+drB024-)Mt8Nv1e>R%pObV1qJ z`QE$k@}6t=BPBD^e(1xcTItv!-tHKM`n8p|4k^A8ZG7+d>|oemxbdXwEh7oSNFHEq z8B_ZI0@Yi>B8b7|M%YkTwKZVFfGALI+mk8W;Q6qcWB`#I#N5FK-7NPg5?d--{ET01%gJ_wVD z^eLI$f$XrRVX{;Wr^89}^@eCR_9DjBjHkz-;N)VU)OMdZl_m5K- z!@JW_Ore&29et}LGVu8bi#EzZ@`VeMy?(?rIRYKL+l*6ejX(RTtf>o=6~}V?NykXC zs4s~DuZ^_4)}e0TtJ*s792t;i4vQo&E>y&pR$zlgC~H-QSYQ9-6gF~4T36R4e_%^d zH*C@c*IF+{04$IAt5C<~RA9@IeItb%@G+`zWZ*^;4mQuMj_8OIp3s!F6W=-pv*f^KFCbGz8oZi$fZEK<^(~FJa)-~)l zAtGbQ3nV#%ZMBxoI3YX0ihZ-4-bFHYRj_48M?A7@YkBJCBfF!=puRGM8{f)0Un9F; z!)MqzdczL+QzP-eMhCtcc_JuYmmJa;tebloTdFLw@$b2xzQLzNeeAn7I&i;VRDNZ} z62Q#LSU-xi{Jle6d~c-XjSiHF6#k{|hBfjk^Q!KKXXG*F?mG1I{hXE{folwbVAqq+ ztS`7I+3jAOtsFUXWMsF_Vk~I*n$gw~FSs*xB0AUR?P#IMi?eyWNXv(u&GRPcZTD=R zKW5M7;R`6?kJ+<%{(Q^Pk>n*feD`&n(LKVDKubFmgE$yb3;&f2KTJGBR-W1SIv%f7L|$gl-L zX(Yf^DIn0iZ}L~NShjJF?6jiAlEv4KFi&N_5T43uw;#e&soDqF`i-1cRq~A0c%v_D zpJ8WLaztWPQIJ_f{?Bd1U$&!n29KP4{;^QfCI-%y_iUApE*X2TbnN|*ZtE(!tt(}* zFnwnolZyt!N=BE>!4EII?}@tIGqYAySR9&hc+Ts?Cac4%!CqBe`xue_lRIs&eDSVYDvA4z519IEd8+hg()W=s`Jvn`@Edj|2AkEXgJ#aQafdg z{POXhFJH}u@b+KOKJrpKOi6(%5Xr1~B>Dd!k*`e;W`iHz8R<_D&a`13ZMCu8yqhCy zY75DyFc1H0bc+kD*!>clJ))c0xgFo?uOH2Bm1LVafrU57YFB9PTBv1-p4D>3OcTE+TLaz;8qX|x zN|#4(SZCrp4x>+%M_P82*J|OfHQN70Us!V_d0ldRVWfIfUFiIEb(5MAzjdeyk?IX~ zq2ag|cc#B8{dQCRcvAxrZ1lvs+Uj>Tw!M%DX=`Uv^XOzRVlCGwo;1F4W>0V8&SILjPNO4QY?q?I?dHQuv)=V6?E|?Lpg!$k>?XacoB+ z(sEe1%X8t4?@)%+o>MzFR45#>Pn6~Rfm(M~WI81jY+hxZ=y99s3 zqv7f;4Zkzk$OE@5brpE<&ZAw?_h7E=E$sPo)%4?QphDD4Er?({loBpde=fFA%@^k| ze^xgPXi9V+^1V9?Sf%MF8ZC#vp2BZ7L7&=xRDoA@qIM(eIqW#IR&>H;h=c3{%?#!GHuwnPg{v=<_@T-xv*;CJiHrd&Ysvr)mri)q`DMVxGSd0wy2ggK{>vHI8)^SY^>zv12lVx z^_izyC7>=Ele6L!zkFOcaXAz=tE^zkX|bU<2VY-4QD0w#{kumneOX~F&d$ytR8hPw z-k)yLn+@L6T$_Ye2rRI>y)mPB$v{DPrr@ARHl^-Al;_zIu#<1MIQpagto@BcU-R#N zZKFw$i6JqjjL90B`y9B8Cc^C0T2ntLoR~&L3TORA2uT~j2DfpM>i1?IA4wEO65~rE ziHH)O*FrR^SLU!4=JU#EV%z}gS1rfXRrj3Li-WsK4*V2TNB?G}eyOpehhw}w;M&>v ziHm__Jnqvix8A`H$>M0D8xJOwmQZbJX*4k&;=8S~puV^+(I?$CVjNYKkz!~>X_-ap zZbXxF{~Dw5m$HCC122{k@GfPUY`d94;U^6qDj_sJr?}jU*ahBT;^U(6^>y)-;=%^L ztIWN3RM*A-1YaLkSD1=y+#6w0v3gx-zINH!i&u&+N_0EIzON%5qB$CWr!M}tNPKVl z4`{KW*fYSO!_Qk@F9Lnno>8JxAm=}%r!B7)M-sid)g^A~#&)F}F<-A*fjv)Mo z{+gD2&l{nw;v|J7FbeZkw&CoFG0d>%ptDL6jCW?jl`4C9^}91qXVx{|UQ*DIhFGDu zF(eT`uLSv6-7}(-9Xl1x~=kSg4!OmTZbtrByE=*DJCkvw4?~R9rkp?L= z_dYAI%=VS6sqfr4_!Q2k7%XPNC+viDfn|9F?{;a(s)2hHg)3Sqp(*e;@liQSIh$;#~k7M0_M!q)(|Iz~903 zC%7e%t%IP-1IpN}p67Rq=!PfE`E56gsM~IS6WlZhH>-o2E!>2YS5al|0TGII#zGmd z9YPFAsSU{kev06Q{^{&b`1v^>aoNN%M_oDReh-z-wele{JujjW{no;iehZ$ak#k|m zGhtemNV}dJl7@3+^;fuyB*z1h>C>#FlXDsOQ<=tS)e#ONPhgY!cBftaV`2$>wC%tI zK9&e#Aadng(rH1U@`6D9*Kd{AZ=t~eT8lh!`nkZG=avsSj866C?87bU%0|R==pK`xNHL_tW%cvz1)v()vNr8~iT? znZDd^*M%-S9-^|wyV9a03FTz!*M=Tw)?#5O3L&oK0_ACPP*EcvlAN7qFH3|W^f+9Q zXLa%CIdAhhorbO%qUg*Tt~~oYW($0gyfpmyi+Jut<;PYj9_$tTVSGCBh(zKma>5p= z!Vnesq)Md~_}eo5Eu1(4S$g$@RN%>x$FhE>zSR-*@=T0i#PT2Drh2hS@C|&qF4?y_ z$1^p#ozi%wUc@sM6m_1dJ>ve8qlNn-Y__k9zZ_|K70=YmSUGh!toJ=r;Tu{lmJwf? z4=LYNg{$|5?w&6MR(~*S2<`VGS+noHxd1;Ik=I}8{07i9Mv`at#2dxdk$~~!&rG3y zTC{p|ZRq>#>+W@AWNA)4Jvlg96==+^m%cEu{YtVQMRc+xuC|Y8^`kk)|Em&G0oM}V zl_NT39x$o3hB;H;Y)=R+%h>#o)7r}@nE;?8zuv^ zaG7dE%erM0yKKVA>Ac?;-u<%X4VnJK$!?uZSK;8&7t8?70(+<~NKa9G0q9;rZxss= zQe<76{J&RAk!dmgO8xr=uXSe0?0t>gsdu%7Y19aOn%@3DyWW+voj`HzLFYy!NBmcm7bABY={9H28@i`i8tn17d>VS_RFYkc zP_u``q(xEa5JC!fJK7smRCI>P(9lrKYIOk;(BJYGeDmOvNkK>sxi~@=5l( znDwCzL}y8q-4V|K+?4*3T-)q$*)+3P=4m>Tjh_L!J6}VX6S^&vVE0SJaSsdke>PmW z(#SI1Pv0Jq{kFT^+B@h=hfTz3Gkn7`Io)M$UD$Z;ISrA6lmlQrPR2{aksLh5f1s4_ zQ&)mfKP1wafUWS~Q_)DB1ZD3^Um*Q#_ZCc$W|o%1p^+OHL)+@G#;xzS!T4c@Vwftf6AL7-`D!ftFNXe(Mf(k2AKE#cV84Y;@lhwi!&wLF80^kt%5#%b5gZrO*m*caVt zZP%xB+?e*ZW~z&ZMy@tXPU-bNUUeM4X2UFvOf#-$&WvM(NBR~_z4XDH5q@MtW`zB% zGd02Rf(V;`+2I{GGI_OszId(1_cJ($8DHk%nP1P2?=6gPfUeY0{K$-OD0s~J$cMPO z0eI?#k%2GPB}cdBjc_#C?N}Q|?EuzBuV+(#QhA2Edr(JeDNn2rzUTP+jML9mB)-My z&s%z>WXcxr_jX;at=bQ9+oVx0acp_onYnB^70+Fw(woDc)3Ie4N832H)f?UXUhg)&$IOx)ma+&8+RCfv>uR7j!1 zdhDOTLY!-P*g?v!)Ne|l(`JXC)EWF}+*j9dUVD|uf4{#_44$(GAnaYKlX5IO@%Wtp zXO$i&9_jZ{Ri{TErl-L&p^N*GnfWYYClc4`eG(Cdu-PkwM?}OcBG|jMG6TtRdf)8* zjoeE_TwR#{oF*YGiN!rH^sFP&iINZSoaH*R520WdUBV%5Wb#IY!-rj_p6G|b>!1|)@d}ES?oSTtiV`Ol`bsS1 zesqLArw%G+C*e`yRnCy2O%Ugjs;AHYHz7?&DIHPUIHclpp}9hq8q&=HiH;RUYXBL6^ViHVE_8= z)>iY5%u!Pikie7}(L@klG*|w05M9!GS%-_Po_r9|03k9T#5lYdZ8x9V{!REdR|+0V z@(W!qUG)|DI&sw}CfmsP{ZD@p)=}Th`ESI3H8jDyS^<3Ljj*1`z~}7z&fvfi zty~r^a|6?-?PmQpVGFrg^ugjb~No-t*v&={4p-3x*sF~{ z9g%0=`MyLK;PQ=;$^XjHf6kT{b-}NfLliB_+W&w2T$uUO8e^bBL7hN*3|RACh;)@=|xJjGXfuy>1uh>88X#56n|e zZ~AAxtEtWUjku`jw^AOfDzW4m#V@hkBy&c~i$lbGv2#LmKf|5)Q-{#Jo_c6$j}8!| zygVGbkSvdvbs&;3mbs;lGXGLy8XE z6eaepZs7A6V#kJOuk4@}^K<#QFhq=R1%VDEaBW94{<=a8BQ0;88!cpu2EY-}#_>AT zNScXrBZcpA+d)kc8%E?~@|MDE!aYk6^p54+qf)&+^9ulcOJpF1=ofI-v%zEDCOpoY zwLv|3u|;o$qHAqvQon|N2CZpIEfgI&H*(6z?S_pm%in#CzdC>!;r5MBk~Ns|3F9`; zL{)Z*D6GQ)00sy*X&{g3zzKIR`{#fOcSl3N-V}a38~q2)mJJC%8AShSeQonC$nU*F zX5yB4nMmZ($s+b}ug)%jg_ENSIa?dz30JQQ-SsEnMc{U5xXsD`-OEwj3mO2Bu?)f! z6>UPMIU7p=WJu9&8BQO-&t(DR*vU=dr2&BU1pqD$00h40Zt1hMA5El3fdlH&F~+(& z`R3v$-{(F1aQ@!4zF>Hw?|l(Y{q*%C?N1NI*6@D#XD8hEL3q+O8wn1Ix%<=b$0mjF zzNqr9;D5V{enLgW+uRpUet}O|+V9&nvU{0z^v1kiMs^2;h-1GklLVYKpDb4QR zU@!Zq>J-vWTf5>aYSWgk({Z_!k%xqgA{4vQ=mY>J4WtTt#V-Rc?@VA)fW$h9 zv8R(*=S8Xmdb+^E<9@|I_0fq5cq`j!MEQ3B9wyL%)Fg??R8n7|h3cY6 zG7Jjdop~EwCrqKHj7(a$-cG`faLX%nIa*DZ+1XsZw&Bleoh5liBZ)=ov>n&wHD09y zCFrkpl?E)#HT^)QzXJfLYiZ_iYzGb!0{=(`ILTM@UwhL>OTKQ=9)ii-Hf8+|J|48P zujw3&h zEiSSB#SNdHT^0S>q^leHa6b1<4ZYb^ch+}i$?eE#$f_eoNDn9-LdiEoOC62*NE zDq;R+?9fXn(710xXzpkuH%T3cYD`n2_pnm+fp^Nr|rsj#d&1;Xk!YS5X;Zb_v6L6)LzR!fmtb4ak zL7gQ0al2@e-N*l-j{Fs$wSzf2sVcI#p({Yle48dl1GY*qvRc<#HE?^K=*4OYf4 zZDQ0)W!g-1|KL=`YW4n*3uh!B&@WCBjIZ?0t3a!8__v4;NngCTII(eEaI@CMIXEQe zqdfl?kzgnFRU_R8aLN73xR6fO!tR_33(^uvgT3(V@p$Ep&mV-USjUP ztzP>4JR0>naut$U-t;QgD(b04DogFqVBkKiHuC zLm4`PAWK9LrCv#1lj#TAUHI@HI{KDx2pIVO6c-7r;J-2a53?f)?@T4wpGFMZ%*l#C z>k?i?c_b1s?yFc<8b|O8VQYovwi=9m_JPj8K*7B zwe(*B=WM{)nFEg9=Yc~4`Ybr5bjRsuvAw0Cd9(F%@#l%VY4A@8DdVKm)A=FmIDG^^ z&S)6+m=qkvlWZ5rIrwhmxnXR3a3imgJ&~uCb-N_LVI;pg+8D{NxrmYYBggTKltQBR zyUV@5`%v$1cJIH|?t3&~OtIB!DgMaw+jS+;5Qedl1zwd#JxciCV*<|{9>)J?A0*u< zd)ey~u83&6NtV4ILu$tXjrdo?oM2UKieLRcbcZ53z!8ZQ6r^z!9 z=$WVQxNg@qNt!$PCHYRo=!lZ@Qu!UJ-ZS&~!_s7WD47C7bB-laDl%|qB-Z>^lmRjd zHoN34aAH+wRv34)T2ig2YJefShvh>%TlJ|DK@+-Yw|Ze_EMf1tkm&=3x~O(y-e>9< z41bcfGh4J=iCeHaO`Hf2DqCh`;NB=EwSAA-zPG+xguuBeJ=FMzLE7yTK$>{ag{8$-7GdN4 zBMTAyUXa5aG=`Dte|!|>pBb)xFEpnSeIPRMAHsybm%W{js&N0!(Ly#b1Z>}*eHohZ zF-W_H?dpHdJn^uY7_a=YJDFIbCH4njKQ(g629|6b6L2r*7)S5msTK#5d&VK<%-9YBPk43ip@QekjT~9AzSw@}o(krg{Q!<+0Om{mUQ^ zS8s>VT?=^Bcuv=b8LU{(=+#==*xI!|q;NV_9F=G%(OD@QXVDE`{GNj>5}#38%Fwtl zL$N1)EM$olV5c-VW;j{D7%;unKc7jUuEB=VgS2axaaO5F@^hmS4f^9jWxuT=m(BkT7a&#Hzle6+h^7q0+0fTur;B@ zkQYQm@Zue_H0)b=s#ucii7bl_Wb2J0%Q%$%0h~?DQPUl90qI#syiAbSHP<@RAYOD-stASF8~*tZ$zPD#gTVtG z-P6P9=sR2vrlX)2l)K55`)a%8cpr7|>kjeWj{!~=&;9ASK*##%(wL*^aRL`w*(2~F zJk8fZo0`%g?IkzIjK3_U1+5#cZ^1#{4^%YjBUX~g)(fpJ;H~$g_b~|Z-)w8>m->rd z2QPm9o+IMUs$){KQ1%<%E8eeVN0G=?phV(qabh$kMwBZ5IzrDxzyo-5K5O*&SRSlc z#8>dgzl833fV+_kCLD>E1^c+JddtiT$&WHuddPs0b8&@vthsfmEBq5bAjy#hm{&{~ zl`+;)SMAL_G2kE3_Zg?kPZ(csx&^NUi>cvCjc1cpGo~sw^roPSdt7^*(VOOggJ}a)Ob~ci z+V_D?F%BcT%D(9?G;a}%@iMZmVd(q6y@&rs( z{{;J0m{7|rMHeQzb%~G^eMPz>PsHW~RWyG7nCv!-aD3{xaAIm%G;vWW>wOcBVY|;u zq4_h!#FJAe5@%gZ-f8k*8T4JE@rx#s?GV7V)oi!-_!&5Is|hW7dDeB|#8qK-nAONP z^ku0sW2`l#2Y!$Z-rav<0UqQ0R-vcLI`M!Dp2B1kqrwm}fYSHLKFF??aHiv5G70Nf+JzBj! zlvH3*G;tZz^SEf@Iw9d^JfzRn7fX-)x_oGp)fo}lhy^!QoGSgX76v^+Q<&bwl!h|g@-@+w>;T%3OH6;fGgWucsIrqIrJaxHV$M<;GF%3Ygg3&bpEYxqKH^y$8y)f5s zYqRS=>^FIwt+p=iRR-o7{+24_Ckd!s{r9Ud^?cjECajV*Ud+E5f57>CtG(ar-N@Bh z>dnIAzi6os5$CcG0!w|;TY-G}E$sEu&c=Q($C*YZnr5q?t}l?K#1v{SNTn z>Lzr_Rfs5o(P^nbG4}Go4oKbnc3T&k`Ol`e}I0V}hb8yxEA2qs3~ ze)8VfeKPp%=80M>T#7%QlAy16R7dSEzTIgyB?i{=$K31n;Z-Z&q{CtcYRbEPo&acO zb%2SavLg~5GVUGL=l6`cptw_Lu18r&E7@<^Tu$C3-5!JBrn;0pb=_-v%r&^j;P4~F zlEuedMY^ef{8CfjSMc%v#)e*e1)QUagoH>U_eF^>=iG0v|EV11B8P!cC`DcJQvcWq z_w=)17t{-nLRuMDhjQ8wj|(R{v~CcDR)W4-C5Z=2g%ZU2A}a*_v7Ws`L%+PKsVVg6 zEnTl;MqHQ}-3>|}oA^R0!Ai;x_h#Wa1?(}4-Ij-4Cd%0OdWAq_5Zj-TMZa%uC<{GG zMS3puswD2FvD_LyZ;2fOpN_u_UgFx>sg6Tr#s`zdE57LGN4x)FhghFKg4jLd#F7oK z?xQST_1jzX*+b*?tAF}W;#Grq(0ov*+%PWm2PGJ^V6c4MDHuc+i*TBu-_~dd{UO8E z$u?cdW84wRhR(tMJX%1oaHaiYFsO*|_?`(3=zN12qb}Mo6CARmt(43#z7Z>j!0NzS(N|#1IbXigUjM`9nI7Mk-OmR&S?!=}jYzba)?ZR~HSMGBv;D_naK zTgixYJdN{2qO5n#`J)Qr#!Qaiq`h(uhPwVQM%byuEW4hevHs!q3(dRA#4fH9qv08- zCM>K>mcE6j1 zprhm+&k zy7hqXSt;)GVKsf)>ixbxkDrM(F0t;em*}6E;c6GmGI2q4T2KOPiLYsy{`w`{6r_&k zZ|1eu>`cK^Ax#=i1I`E}TbMPm9|9^jP<4bxVC``!vmQmztE1>LWHjWv2LX zqmxA)PyINyA@%Z@o%U}o8*Tq+}UuoV>KF{eN9Ah|5MUs;{ z5U3{p!*Ma0RK(MIAxn7 znv7BB1IE#p_zPxAb({-=7$!Nb-r&aO$Lli=A&b06e(M_3*ob->bxjrzy__jf_7gV+ z?3qo0hA(8Mfcqdj1@zk+b>g9?z?&=ovs1uHVJQveMy5Khi5~;>gKH(%jEZ(Rl_HQ% zZB>b&-hBCF=)H6Lq0oEjZyb8J3$37cfv(Bomo5dpk3HznYtIb5M_rsjulpd2Uj6po zAe`k;np5KG|0sIfmGH^pKde`){!S6}({H<Qg?jJBx>MEO-*jiqZPQ(u zo^8|}>kkFqD(;%R+Hx{W1xgDX!YB;3APUQBrUCinlS{i+&6rk2-5zY4rOw9Jm}k{w zf0%uCGWJ=i;v4YA@~19wT{#iz4abHF^YPBPO~ycw!pXbfzz41AHBrhD!&U>EJEfxG zg-E=jBE2zNYxd5?hs>wfv@t+!l&g($b)ZrO=cxAE>|m+N&D|Bfmoj zeEsV>9$wu52km{|YqLSi=@CLHblADV(}>|B^-Sw#fma@mSsLhN7O4A@IfqEAxZAs3 zhHXv(;YVREIpJML)2H?jC;!CYwiaQwZ@P;nudP_^jKfP1LKufj)YmxcT)JW$+7(k| zgFS!3ciaSV^ls}9QO2y6H4`+!_%BkySPRCr3<|eI->hfQ$ZD<}zDMc~QHbN6ig;)0 zJftGkFNE%TQ#WRe(CQ-nNZMNH3&tvU}HO>X-|-U|1-mL@EM;c>Ml49#^jqWFCtFkN7?rW%&zYy}o*PU4gf{ zc()UQehK^stW41a)jUi!l7a67Xl^U7@;mUb8AfNX5Tdc~6TPSHfHD+2y-pA(y0&g4 zQomuSOkJc~as)}P|6u$RF9CsM2Y2~V1#ha$=5useS3v$a#-Dn1_~==^fXmDZ)*oqw zJtE1o3iPb{-JCA_8DxyC6)(OYQ}p(`=<=V7{4R^&Rki%nYx$f}Y@$BY*CTSO2hNC4 zmOHe`;*u9@3YMZ*7kIA^hvk#i4BvC{SEkOQntnIx!lQ0>3XE`5kp7GaeSq+g9J=?n zwFOT)6JKtVqMsvB07PML4WE(=2S=tqqVksek$gT;1W5BvRW_`{)6ZA7`N-@eKIRAS zsmEZlyCSdsX403TRR0lumPBj;3OQW!5#IrC;qjp0eNcFI5)^)`qmM$>MI8$SC2&_c z+-2$oywE)4pVL^LnU6@dtm(e~uTNL=*6Z*yCsG?#4|u9Xp5ApK^7Mx9OP(qU(1hul zh%Ze2oz(=M!8^kki+s?E0SiSk; zocy|SZ~MH<9CECmUCG{@e3q5>D-wS#GW)H{QpDk$q!e1>2}AQ^+`-Cz!(*|shjfLN z>6+u`T4b*usA#q;yD7OMtv_eZm<9aMKhras_+dBGxbX(C^H`(`TOekW=QHFu={-n| zI=%%j2q(q;F!X=_pyv0(zp!l|+tOc=-{7G3q$a63xq%vWg#hd~ z3_$S6%J`mL-N)h$&TnAdoxMW6m;aE}1GahNEE+3DM)b5KN0q9ds1i>Vs1n{MCukq+ zUN3bd`2y!P&pKKnrAnXGi0D)}^+zxg9;z=wcRp+L!^GgiitDYC2P!7($|qG(vn5~` zb=57mkaEmbkgg=MHmc*sSHVGM{axz*T&vo9@5^pR0~z7{Yy4yzl&22a(>!-|D4Vo{ zm7ZREXM-GycqN_9iW$iXD^9N}mK z4l!A|HiXfpMc*%IFded`0Ft&Xwmhz}^{#^_G=;Q2;$3-^)A9_GOnm{w0Z9fuX)g#~-b~-TpO=Oh$i8{NoeoZ_2BMe$^=bZJPAAX(In72q41_Zj!^s z8IX#uk^oZl!y>yn!2+UB(p3J8cmZ?ysbiST-s8(OU7)8mHnW)z_O=GTf0c0riA*ty zaMJEDR#g!ebocLWLhy4Q+|+%LFzN~Ev}{}5uJjd}dvNrA@Bgi);IYmC;eBhZ+F`e? zl&v((-9)1jxA{d|GDW|vqDrno#H1ClqAVdI()X$%1dyx#TaQvbP!@PS*Qk0#&pMmd zZ7ZL$I4Jn$YQLb%8fsa*TvPf6T9)6B0vgB(m$N~6*XHN8RGvSAeTAPFvk?$_&*{Q}a4y&Uwom=0?fd)P z_vsFUn)&vOoZ+?M7H664JKN!pT7CSC91b`mL`6DbM4uEoiugF6_(b%vKG9O@L?Q9| zfAO;>gAOA5nBN7T(Pc>sdYkQh&~Ff~gm;c&7a9I2A#V4WHEdRJ*=f~n7vX7dbQgNYX^X#{pjrbn+{fq9J z;Ua;#^hCvWE4DCWE^V;ib4_<+@P;{kVi8Xv9j8R=IHX4AeB~OvxM%a`DS|u-yz%OQ z7|aj(C5(ad@FB-R;y`q`N%dI<$RKRDkg2;W~M~-AF z@+*+RVhbL*)o8LVP%W|MQW3>O?M8tL!N2NX~WCWy!0OXz7%~WNMr;NE5#2DN6U|W(`orNPRoCFsI+|atf(UPsBRrSg1It6I-IeO_)fQZ*=4y(o^{05>H=>*R^tFzxS z5{Wf63gW?Ao7xWtBj!&>VSju*G^ zTjvf8UBZnwsf7A{X5np?4w2~nzxpsXRF{I#{LjjtZYT1MvO3uF*@1;mcfde}K8OFa zlv$|wMQgIjUCak6NiS>-PpV$8Xt~0=v_;->;WFmC1YN3e$*b$XZ^iI zQ~dS;v7y_}5^_3mXk0m`tR!zQ_a3LE#FGzEYsYiLlUlN$i zj|)BeH(sbS(Yswa z4p~$)S#uR>hWCr+IH(DJJsE1;?7cU?GQ z;ESRjTKC;410+OQK7o%+ckMs3%i8~=T}Yso+y0#!U}ZSf+u)KdKiFT}n10@7o9#Qj zXYIP0ltkWgZY>;xML=&cKcrf;cn@>un5I{|BM^o!##Ur*ejHKJ?6(1q0`6`o~UE$uRKYu{+%~(eD=R{yDn=ki-m zA?fE^<$@IG?N4zrYKqe@rq4xlW!y@amZ<;9;@4lN`M;&q{0yy8Gs`(%E9dX{; zjKJ;@y4$6&8=(#tZym@Ej(cLRo8^A)0iGAWUCsWG>3XpWD1d`0SQfrvqn*x2DEVQI z(s|@_LI`5Q9i_uD94NF+g@BSQ?n1p@g{u8nN9kOhsWSg4opV&HmeCGAO6Mw~{y0h} zG`|t(V?&P*YPiad)0sNamR)yyRW?#^n0`IdnuTYD>;iV8$(nAQOf{t{oII12(kT;T zLti{iJ!7G6#`1~KZ|Y}q?7N*7JAov1uYNPmL8kL&1-E}5hUwf3n}U6 zSMMZIp09r~p-)I5J zp|^7*|4e}){rS_e>3{9lMFhC&y6x7WuEjsJx~{Ui_MEC7s;tXK~23>)1B1hU9-?p+!$Mg?*9JwYYLt+?I~H@ zxo&WQH)pdEo(ZL7@js#%k`fuf{Z3F+^6N@h%#((aEdEnYu@8Pojp8ZZ*?DDtmQ!Y1 zrcBSgGV^lETo5$p{r%4dQqAy?+PXTY%rEb!ErIH-b7gd>8fAv&lVJCelbgZs3|cnlI;G{Yr)9dOmY=R15kof*!Jtn2)N#lX}$7k9L_Yn9cA<+-xg zFGNZg^)Mv}OS4C*w4f^6#+U53ss6%(x9s?fZjySHw9s;7lR^Gx?<3_+e2`V~O)ocGFx zU9C+xE$gXz!`{_;uXU5G*c6?W2*y$`wpD1;Pq;#9>UlBKcK*q~zQoyo7k36l zv)?k@VE;7>3)p{l#a$uQ5kKYmoK(BF=Zr4egh1EAN5S=S)8e8n|)PlCMJRK9B)CfBc>dY^H`y|4Yx*iH;dynT$7hBk4%D* z;2`EsxMUP^ud|#Fahh)?U7jUNezqlI)e$rY(8P5M1uX&x`ZcA418 z-m8}0S}+PXL0$4{92_6;;&EP#l9wPd={fMK!23|7wfUmtDfg2D_$HSFcu$9!pB@!j zd~L^)k*Gj^{?Wz{yG;4B>!+D5Y2ugn7tSaKlso+X+jAQ)lw^&{DH;_jZQjsi=){g( zd~MGotkzmpxHTAsrgV=;Y|qj8!}6M6&5#E#N?tpY$o>^>RF0*Zn|k&bnViY+wsx8F zqF>8vs^o*gnMz(WQ$ql~-NZ2;t;&CoH9KUdwPQ<90>d;3^%D+7SHH; zs6um}W)vEy7oE!SNp{znJ2BbD>0QT$=Ka*} zx}Ou8_kFu76uwuqEMbZI75SNqY-e3tC*!6KX!K zVRY@>4wzg$3rP^%$Y~^lWIJ!y_qd;B-HCg%$W1(%*fnzf2}@98K9STOWV_6}afk`_ zNxK{JvZc!oHNmv2VUbnqmeO&=ed+vJv_eV~&H;VBj$^5b^g!ZV@0~SA%-j$1V>187 zz*^`Qj&LprJV>Fi9+%Q1Rx9U2`ge`zUV*_yKA(n83YbZcJrqE4$2_Epa8z0YICsTa zP4FMg9-5=cqWI`!x8Yc=5D?T|2Kp)sMU=`G1PGvzHtplY;O$TxD_9{&H+==aA*V$TlwXbbD4COuG8M9#z?VU=rCZ1_GX-V zIc}1T+7|Ct2yKnA3?EPhH zWW(dU##uLF8ExDX^lOK;v4iv1j}Jc?w4sn7>a#)5Ys00;PwimO%ps|UomJH@&J4lX zD$c2emzZcsiAS)H$6vUj@&y1BA)uJt0rKaww%91};+s85CPAnYBKK)H`=@@%)->;N zDWJ&f6I=FnCI$Lhxze{&IzoDMEqyxg8ngRIIPKeVnM{;tf3nR(r7vKzqO-YaoQmNa zXR*cEkAsPyEdyZ@nkdLKK`^^OoR((FQejYm&* z~qIeoHUNY(og_JonB8;AWmBhW1z|jr^<-7e|61IrF-8WjI;XC|6_k z<{9s{SA+R)P_ZA~4JvVf#`k$Qar>C{F}}~O&+)*SmK%2+c09gdC!_=lQ`_;VKZO3o zs4%G6%zlc&AxP--&|-J~4hJsPleF=(4Sl%_-9y^tsT|g5hY;zU?85iMt!vVR6rsm$ znkyviN_Ps=a~vbp&(6G*BpGLnNS<%}aO#N25?_PE=x&}m0RGoFIyvMbQqyhV*lhQ& zkwvB{e*~$^))-RPq)EMc)*pf&A*!8vQF!3HI-O{QhI3Z~r}C`fkg`O-t0+ZS)I=++ zktoF(Q$`@1PQnQ-*3sW&wnX{e8H{95V5fJ6uzRqA>F77==oj@_f%Ygb%z+91`DoDZ z3GL9Y1c}jaYu7uDh5tjp@9^j;jjau^uODzW-kh~OgTx`^M|8&=D-$6nFM=x8=H$gM z)NJ=G`vg>cmf2qcCF6HGn3CTO=TI`VZaV~CCekzLzyB;Tbi`_-Z|fQb zy6)bp^RZ*EK*8%U)j-H5R;zR|BG%cm%DJ=$`|919lc3@wGF1G9EEO}pBIL^U3EAjV z)J(R(v;MJCh-H#9K_Jz$Ud#F2l}4tH=72928(C!6AyY=qO_YJ0zv+s89CBVQr_|N& zgXx_3qhp+X)NCZ?dsdVF6_siO&!wR_`^ZHJ<{3wlwrnTX_cD&6$%@4nB+s1W4pbt^ zX&K7MLBFj z`)E#Ga-we^&2je89N9S7AuO6<#TU6kyFT_^>Rt&L_Eo`HGf8<@Ub=o0l{80|B| zXj5Pq*>el$6f)ZkNQaqHCnv}(%BzhLL7hC1(MN4KFxQ-Al`+@Mu&jPe{|KEq`$y8fak}iEpV^)4pZ~Qx*+1X0 zJJ~;SM9C=Gu50q*w>g@#c8|L`$nMFVJAqQDR2fd?>wVohvU?CzyE&(a zbBwTiNNj^yPkt9p&5`A^NS$JuO0Ebz(^UhdF=P3BkGIb9(cNJ!pInfn8ZJ`B=#|!h zui|GcpS;4dT-sPZ$F^_z;Q#o~*glFKW(Yeq$)X92pG$e@jGqg*`&W%0_1o)xo{W}- z4hbJ+{1}FE;uxIqvt9N4Qj59ZUjfp-Jb=i!P* zS{0!;sdXmKv`C`XnLa6L;y>Qy@I>H?Tc4N7L&C;~ZQ4Z!{uwvQ+iWxS^DIRA|5-+k zDyvJ*=nb7}7GmaL;V>!XN#SEAWhDM5-_lt?S;2poGj_a7h}+B9IrG!{(d>+#+xXG0 zMq>K+{uPJNN`7b-j`YJRSn#=fJA?hBQQB9u{HJrn@)Y`p2KK&p&E-OYR7t62-tSM` zoePB*%WF6NUF|rnwB4pZv)!gYa=NOu&*7qPRY^Cklx|uXw11P|{wcH{#h)BakWF0e zYjYj^1we4NczdsKfK&oV)pGCTd_b~hpSN@QAy6?D!W4Y$)nPYm+~AAlz{mM^?ZJ1m zG+p+^HP?Rxgh$upLAanI4^=r3UU(=7VWK$@-f0ld7KDbsuK^$K5IP|I)d+vV`aJu9 zL-W36L=26|#+)pG&o-2f1Emv%QeqtH$RFk-_7y|yHfLY=dD?}K)_~pca_^Z>9|CqW zswHPCy#>qK$Fo`17SWy>>Gy|ZhNo1JK!l&_Q%YIO9OC`I*1!K-{9isS5C0{H>Vx-e zOZ$+g4v&94Xm6DZ|89Lgpx+@r{r0o@GY-cSVXf@gdWbEznmPVb`)wx#DD^H3+E4#f z^vL>%QRJgG-oMR5%)b*qyU)$TkJmo{$d)p4=<`?2p9nwagP$DRGr&)+j~_Bq;mpY3 z$E{ON8s}j0*~{1rOy0l%i1ZJ$Oyv&#z-L5P9$X(TC&X&99Hy{(>*%&F_1U3ozo{{E6BR&7Ua- zeh`n5d{>@_DH@{7^NHA7E}o}2+($>pZ|OAhG!D6b1*dUo5Xw4mV|YpNjQ78?WBkT& zcz23J!Me(&5XM!Dhz+9eMgD$*! zwRGY4gEfGcSOYNq^d#k~-soKOPi0;6WFsG2Q8xQ^P%})GQR4)(CbU0u;o`m|&jG>6 z!4x85;4{BvV{o$H`ssBA-Z^jVZS^kYw5X=6FWWnDY3_uw)1NcbDKt-kWSUa&w^T*j z5y_ur#-Bds_^iGzkG>z{SSJUYch}<|cYZgS8-P~u0 zICxf>#4f?@`I>Sz94ajXyg05{h(_0)mX1dVKa_!}tv5w#F5WqkpMTxY;s zaWe4b;-q6xt;5MPhLe@~#KEsmLLUpp=h4T#$7JZ^<|QAOK0ZnN-c@<+ACqnWok#zl zw10J8`}dY*`~QjB56!>J@vk;IW`=*+<_E_7+I$&c_TSQKfI+w4=$SO=y65#julW5B zzbTGm0--Ac!2%`+J{MjRU*P`f@Inq24!7(ncH1?!WGHgEx8~@eKkygt{>45@Enq1} zCfpd%={2I$L;bVy{UrL?c^9f*2A8iQ4$8pgbqav`Nd2t6`BSd>!)a|LvtI%9Vc|)v ziUq9XnWOyKSnB+T#!%MVB9j*|!Q+2o8tp<;y>JK%%d|kMHSE zITL^lb4~b3Z~l%Fbc22UL4x>|VYl`Uw1?~luVk-d2y*Rm^8yl#;eFJ348bga z{ZoFEPB{MB=J(Iqo8RrVKV9ul{+INZK~8_UVXb0zody%01S9^RzyEaQ1!u==jZMFa za$XW_o3kxwHP06m)_ht(6SoooJtz<8(7Y*h%W(BoA6NfL_!Zxr1OK)&7r!v)r9S6n z;Qv$}`~#kQdj>h^^Wp#ck-13!zkq+D@PFyY!@uI8v+x^|3yvL{?)bYOEJ>)yIiWQe~4 zu9NjjBh5P-PoEs@=gF|fmh2WdCMZylKx)<%Ue&CBa)X?j#x0Z8wnCODCTKi^ORFr ztfl1g?0M_5`F6j`R1C=)z_}aKBx+XRG7b4hP}hODT}+qtHHTC1`hXVnX|0&&{BH?f4AZA9M&B2ZH|n zXde!k>|fd6HG}vKKl2fv`bmIvpa0?FbXZ^Pu%6`t?aBY)qGVQBN{s)knOUB5ei7lM zJ;IMM{Q5VG_2rI=<;gY7zaoG%;-xl!v?BE}^^fb+{*{t{OD=u8;qA|~UiE-He1+_5 z**8$`65r4FSV6FBC-m#J;eqQymp8u`4xPL#bom-x*S!}i?ft~1bp`K*zO?qe(6}5c zXl0iGM&r+ik$>&s=XAk$lEIhJbIb#YlCwACfeh4|EArb~ZhZKU!3car{TV&P>PHDV zxc+@5d42g8>YpU|#~J)J=U+7JzSd~Oc~DQtLvFBr>d?r&d~AEjy&(e-^z%vZd$iyq z3p@NWKw|GqomSyXhQuvC|Cqwzy17x5fgf(LFF#2yTHyVjQ&c3hN@1{N><{f6OdGRt zynBA)&mCuuJ|qH0066#$Bfr}lzX^i>V#Dtm#_!nXrTYX55TUHB=LY-3+zPJZPr>pQ&0)9%Ddk=D;ldo3Y z_G2G4>EEgGGHZN=HU4C~_KU)M>sb`T1Buw&b_Y2VTEh2+ckd63Z+}!xKOC%vvYiU* z4SHknUk3a&f}ee&T66L9Lyz&{9~9>73|!tO4|l!*V?F{I09XFq>pC()djP#N$HJBA zUKQP|S?)be3Shr`_dOVN@7n?+Y~A~@b?<+D|6v{N=lHJhOyc3x-Z11dyTcm#o3p)o zdTGPap~ch6YO1D}X$R|0WV*NizFi#d0cbSt48p7v1o*u^LGzCA?hZQcUqwaLM>O;c zEe@Ad(Nr&Px>Q}zrQrx}x>jA#HFQriyZ)EA`7HC(@b}e^fWKDBirBkW)^N6f8=xss z>BB!5_}QeE*+hoP>^6~cGrElZuOHFB!9U8KSgD&38yVoZG59Y12>4jOV=+Vc?Gxa) zzKC?yJ$)FzdoMU@EIbE)eN&WFheJdt89u-T{8QW$^2}{d}!`Qj02$VP1+g8STXuXZ_R6r9SGsjs8+&6| z%Nw1#?2Bz5)@8%eBC5^u&)AMo%Z_eVvXhnUvM;`2sbW8~W!eKVw&VDg9i8~D%Ua44 zy7v*~TV6lD<-qarox3;m-!S`i^|{MVmt7;%Yiow>C)o!e3vIZ?kN;TJZd`dl0Uten zkH7y>|37}n)b_^v|9!-W`n?|LiQe=I&)7ACEfr4Xv# zT;Dq%f!3<>%LfoyHifNTR}kWEo%|$D%}KJXv({Vr{ak)$e%jQgwyM8P0f)bTIQ-?x zILU!ehCe6ea`5Miy&U{aKQ#U>^@WdCCxyHhwMVXH|FCfX{o%qblBf|y6tcUjloVG& zVkNPQ^=%lU-z2yTWbPhi`FK|GX>5(*wj;MWc=NvfKrYJcSV$qL9sUq&oi!EI%mrsq z9n60Iry-r11yvRZpXEcwe`dF~681m!RL95P=8O2=mex+O_04<$AB?SOTo5i)=Fl8Y z$VaWE1yg$@zgsY%6~eVDIzJ`$m+qmL)Hurd@2Iy!Xug6iRd2W0`t8&kU)!=*Ox9H% z+c7M*wsFCj4omX+vs)jI?e92cn7;i~Z2eCETQPR`ZG2I9|NfyN4gzf6?N7gS+fTA4h+_|7DCMX;_jptob{RCF;pO0&ByuwuPhxRahi_La|Hkwq_P4U_ZE}2HfYuou5BLx>>opv>*H(;K?j!Xmhty#F@{wEO zBX=CFb#(Zl$zyzp9PzMDJm*PLF8yI*#0O@0RM_w`w^N zf`jJ?Z14Va9$b_xs^w=X|JP8#coIW0%@k4(Vcjbgtqpgl)f(1M~u3$){KtJALURd7!QX!y3~;{-rXZg|VTahN#-^Ia)?rgC z*(}sCH1`ZEb#X_sOir1A&QsViMmP5j3(Y@$C5z{!24nrG{wu3o@)xC2Ci%+=*VUri zD?igU<1P8i(xj5VJop+hB$iX@_x!f}Oh4yF^1(tWGJcl#*lY64!tlm-TvS~GFFJ{5cecKOiHygJlvbvhq@OlMYbmc`$?3)B zAfG~7b}yl>}1BE)2C$C}u zhqZq~oA&8srMHZYL+ZG1y|mMDYybYBe)B(NM>_puYr*OtNd1sc5MM38!10WVG0^W| zAHT@e6_tmSP-z^7>-!}2)Z+|)Sq z;qT2ZD5yV?oLs-)E;e-GcAqcw`w_n_Db#)3ct2Jk3spd7+E#)UF-GS@9UoeJ%h7Vr z9Ir#pLXW@Gxn|d@@@QzpN=Dd{#DQ-u+tL^$Qni{1#CP^N1+q;ehJ&oN&ka~SvqWKwRd7_})PvR(X?-aUixGcW-na zbg3ZF$=tt9zoCF25{TJDw2b}Z@vLvO%Oz{pnS|5BSt zpk}N08*ZC?fC3vNhrMK`KSFffqW z?@zhZ?@GXNCsd&|^z9TII_)pw33RSo73-I5id^qq_G@V_BPvP$cZI!Wn|iNGt#!Zb zUBSD92K{M8pSeMQoZG|ndho)7MlRcH&PVIhe!qk1a%lP)&ccbKpJ@uS?`d9 zJxas>lxHyk%a+&y(sF@ros|f}r#M;7UN3xa?BDfw zjFs#vQ+BZd8VoSPI$PfhqsjBgMS<7F640573n#QDtPo9TGvt6Y{P&=zRA>7`s=|fj z)uHA{vagLTg9V~jx4z))ADy+S?H(G~8mFRV@7lqyQ`TNz&_0qKD|sjf(+KK7IP0zyNfut{*q4V#~7fWC_Do1R$c*7#Ct0RSbA{+OlPuFAm z!UnPyr~lZVPzneSVPSllMr4cz0G<@3j(N>9*Q6s3#fdXWy3@t1Sfkm^{%3rlxKU~H z4Bs?QJHPeyfCxEL@@wWC@tMC9%Ep1RiER}Gn-ku$JKM)mDwTsC%Rjxx-Y+N;;hUR4|4LOv@Jfk!xV z1I)%+yM^xhA`J!pH*&3DxTFt|jIAI6M3imi{Fyj+Qv)#{b`a@$?`G4B z_z`a9AXULYi_kcLsBOlVX2sBd%*jh;KgvH^ugoZ%;Kx$3K-Q?B`s3crJ!rC~EHtL7T+1pT^t=GGZ z^dqA5b2QI`p}gKIF-Y9E=}zv-o|jogsF-I60J?ZOroXZJ_@36yc6K`;wf$JPH`ud!EqJ4x1t>U!Q7}Ga$3tE&FeW_Z&d)IAs7pf*}K7NnzzYe*Q4K=+&k!n7uzeQlK))8T_UnA6@8WYvP0J2cjmS~ zSsX)ofi|)%JMYf%7j5~4e^-gWV4~^|P1UHWuv!_XJ7ca)3RKK!qN52cj-pvztJ9~% zEs__25udi9<5EJalmkhCR=<0P*1O5XrIcw91Pm0mp;wO4P#m$eUY|UxNl>cnU&Vu( zo6^Vo-ylShZa($of3}XoGlgVf~#KRr|MdtP1pJ*TumCF(#)C}9w>4b zd{h+%8I}{UJ)gcY+q-9Hw(XsDE7Qexd#6wO=XB0}lG8)Jx{mz14QtbPutqv)etq~VCUK^VW|v>)_d9;7r2FnK_Ai^Yucy zVKiT^l@5B#Y<*Y6Q3W5eY46LAeZ@0p$-*yB&DAK9`f%|{AlA|Jdw7&2e6A9#sjDRi{jCmVcc&#)dI3)Ig63sey zty{*jd-(^$m;JJPL6Z+w{E2JN3)f?{w?y$mk5T^EZ_Hjct`tm zm-<=mjQ&5|y$N_!MbmQD4C%$kHrBUm@MP5cpJ-TD6hg8HREZ)1Toe;4WI z{l!&y+ERX!QcHuVuCa{~7<@k;Wa9WUbfW=Gm?v7bVB@!iy#wvHtCx){ScDQV8*va6It}s3Kx_#>! z*VA5ui77HrA_72^XOc9CV7f8hfDsFFR!^yxT^NY_X1Kg@a%^0Je~(Fi?@{=LgpLKp zF@8c;#KL?gt&*aJ1y-53Qs}t1XdM9WRZUxxsy5Q=6~1Tw{2|Ea`z(u1yJ$8LgD&nt21D^SkO_c5H8@(eOoMmFt#)J52OH~kaR6bS{fpFAUPfRp478@35gGPT|9*%<{R30EUATSL@iIOm4r~8;YZ| z$7!cjm100HTdoE;b#IT=>Ss(kJ~A;j9fLQtq=l7ye8iTwFusw6g`DXWkRmc6uqOLQ zfse4GCfvaTc@*AqIFgk3MucoI`_H}=Vf4a%5${oo(K%F-MASl~apV&8P_L9b`4LKk zFdzhHZ|H%djHn8Hj;h2@Zu)Ji`WBzHI$DYAXWsrmY&5a?qSG?%{1M{kz7pUDoW$TN zcpG?tZA+GO@ekx{LSyJWt(h?R8k|*XP!d|(+zyjYz=WFmG25FCI>!#Xn|1fcZe;E-phhh*+?0JWS<7P@H7VS+Bw~7ZCu6QU(mMMyoP53?Jf6RN;uR z%~?~9E-L+Bh`X4){(MCX=!x==6@I!Y{RDc2<5%z!$;PFmA-Ed7Qw|&YGY-rqOv_OZ zOqos`NcZ`v@Hn~)WlIB|Q_NV}kh9tO$O{l7#A*mu&KhpQ zK_XkBH~S9VP9OpxXM_vcMwJi(Gk-#C?23rU`V?i$Dg16$`U7YT+izjhjkwFK)gR`g_z%W2Ml`fvSlzmsTVe*He ztJrlAttkB}PVbV{pqO?yZqS8ME+RBjY9bRAS{+4n&?lmPhI-y2t_(T;#3P1ameOp2Nlu4n6Bc}R|By^5J*927*PZ{u_{sJ z!ylMW9d9h=Iu%D@{}_+K_6&%}Aa)!LLFjKzj8~zVTPfm7NYS#U(Uqp5nIYT`ktl|+ zLndkA!fDV)SwkR?AxwjyiS8-3$JR|V1F?fO{e+*JeJ=Cc+BiAZs7-cc)Fv7s!Y1ZJ z5@~4`ySb!k>?TH8MsSAd;*hrJ2+r;Df~@OZQNh@a!vA4Og^hS@-XW12>q#v6Q7Y!^ zaj}I+sTibpa*$K<^G~I}p&mG5sxf$y(%RX2Am$`84q%h4T8)eHO|sg!gHR@b!@x)0R;R z<6j>($2quFxWi_;-Q-rmwN(-YSB1Pf^RYFg-gwW^kc#c>qLCVbVTIqb)c9slK4E6^ z5A2B&4*6nV6;lf!0(MOtcF#ui6y^zz!=?yeSd*wtF?5d`gFiZfK*2BZli^jv4yg@J zrjmwnRs9KX#8-zy_;*p=VOteiV2f?5Vl0Atf^Bk*j6K|jdy@Dd*}+R?h`2tjR0YG8 z{NugzVVp?|m+;qd!Pil*il(@r=8$isbOmPHH>+q3mLo^nv$gg}QKFg-%EOpI%gHLG z+NLdHyk=f-AfQB6Zii|#Ec6}Lr7}KI$w->W(BsMghgJ~n065yaFXi}Hkh9MD$Q%wY z$`YiZKqaPacxVt>Pt;~;!e10(A}VkM?~$RYDP$-!4Vjo^0agU_ks%!N0||)V@+b5btXIPXwSzeB-d~CC3|0xt zk+sPfoZA9UD01Mlx^ED}*({+A#&FafV>q~@NgcSc(dc~$U*c3Tcm@dO98$(==kDSJ ztZCdpp~$p_!eS$EfHrsGmtq=+Op1YgN@eg~b_rc^+-BKw;hc_zT zldfVo`2HAUI4_jOMwcjG`gVxUBmX$K?P%Cj_T^FHJ8)MK6+qX~{_EL)3_04nT(73L zV6|Z&<2&W5LgO+pl(Twj1N+kQ$ZLLmd+Z*>i0|}@q5nk1$sh|ow}{)8U~EN73?0c0Fgzq3kHl3 z)S9z)itrM!u$nts0W;a~*^yKk^0?!cF|LG|24+2fkp{T1Kc9#eRk5YhfFZh#bBP{3 z@}ZhcM1hl3QigfEltC;>=vWZwjKa-pQ2Hfj?c}AQ>LwCp){JR}+h9!n$Maowsr-oy z`fgP_YY80r6ZFcBfWE?8S9ufqd^dRQv*f!&YWRtBR$n8oxAH2PeVVaJ`RBjHF;{I< z@IlZJq2mN5p9cnCfJ5A-biyQpJEOk9wdBb9#QX$;+Mk#gvG4GK1u}vcvxytO z#t|#D8(ORynsab6b}xW@x^p&9?(6n#GRM%jRksMS|yvp`B003bP6#W;-RD<9yPd&vHnMDMkKztAmvbsnAJZBpUgr@ z1qH?ky~+zbCox;ILr;shDF>seV2vtDFU`UOAvJ9Y;=YI$G;MAZj75@>7FN!tDff|v zE@7Oe%{{Ez3Ux{rpp^)%&*n-_2g-+@Rc*zT2Mz*M2thX)A*+pSuNZR{=5(h5;~JT7 z_d&BZgE7I@F(QW@M>P{YGE=H3<{+{uql^$Weoa>Tt(5i$Y#jc<*%u;#00F+1WO0$T zj7=PV;laZ$Qv6+>D+b!+Q+&_oh0jgBV&K?4N6{%)lH$TL!=pS>U1vphU4tZGs&$4?${yees zN!olwg=VeaFuM{?7|rIlw?yK##r-b@KF=qCY8nf!fNZ4LSRnrc5eQ2pMVwz?nx7-z z8|GFZ{$E!YI?RP@RYOvM>D1-sLrblOaC|aHSnUWsPV}oiF2h&=N*BtYd6f}p@|^XeK+f!*fixMlqF@Dfe< z*!VwI{+VZ0qjt=+`A6v&TJ5MQojplqPg2bpIF=nxF6;==>2{k%xHUVmpU+rpZhyP3FtNHOK!JB99~3D*;MS+*nr?Ebh z#DeVLkeMQAiY**%Ff77_q-kL}Kn#0X&&^UN_i|F@!}-Cz7~;d15(` z9w!e5W&NVR*PdZ=y5wG5R8TJ)n$EQxR%8lne!WnCSHeqV)VoM>@+>k1aG7~yoJ?X$)9j#s1nR4tdE|Pr;kfjB41o}n9T1a`G*NT z>ZI(@XzRc=u0K!3Qs`tCw0iuf!*L=9J(JJPJL(UCP_!x;sf4jhMlGeR79r^zjG^UFoeIyk(JfPwr6%tp zJ^={3o6(=JPCzLlPXGi!ivZ6Pw7UIQq=@9MkMgZHlCSYyHd|9d{R-84hf90C&a#AOL^IRUAUIx{Pi z)Ppe%EP@_MhW|cTn^0&}HkvNJT|$y=o-R~Ssl*6qh*BhutqH<+z`O@Pmp)@mnZS+&E5Bc9_ZU*{UO&FZt|cLf%r#n$Oa$K z#Ps4wLS_FQzV1k4kXxbKO^&)z^was}K=D|xFX(3wQ6+3wG3xE!X{y8g;{{lG97ya( z7)aEuSwxys))0G3P|QvBD-uPC^^Z$o8oGZNUQPrhkyFQfAj#&+)93ZrdR4PafwtIlby}?>SWu_AWDfB)1s!AWMm_0SFAl z8i5G|m?)Adp>*rWZ2brdIFL9c;}VB?Q$v)UW3IY3k|Tm!kLqCZup`0Man_Sd)yH;})c;Ld{Fa(t#Em&! z)#PGLJ#|e8&a$S;u2xNFshS2!O}E)K{faf6j5eK%8}x6Gs_Um0QP9Fb zb#3Y<{Tm{6rPy^{%(~dW^KfJCzE}G9Dr>6IHT6?9ZT)AS#`?pmrVsPjzfYdCF!eru zOHK1|WByImRKl7D>6$do13y}Ax=huyO=_yPYud<~*uT}dLH|amy1KEhANQ#K>AD8k zb?xga{hKOvW!rU4U|sCr-MBHksG3&4fSO*?HT6>c>vWgZzt>bvpSjq-e?4pU?_>Oy znpWV(td|@O%e^rVTn!cYtEQP5NAujZEtQJ7D@B)SU@8T z`7hjm!wv&^0)olu*661B<5#iUhr~=ajiw(%t=Fcs)*$oh7TOYeD%^xur3tcm1)33y zezEY|?KO*T|J(R|;Hv*S`2835z6>jyFs)n0uNwa+Q4KfaK|6j`!`ERpgka{|HXY~> z&4>-Jp(dcd;^!1Xy`S`96VnBjj+ibw0Am@jj1RvWLw)pV-jCq5k&NoB;YL&Bl;Efq zZC`S+>fiD>>0dErtcWsJ1j#B882IF^Ej1S^RW}!j)}W7WF05(Q+~1&NWOEP1ZZ2DU3R^q=CTS_= zXYL02<;f*0^SfmZ2>w?8o^Tqx<$w&S>&;CE>FW^pUOByF{i0MfgZ(qN-36BQty{`s<3}xsmSA?g@<=1c(_n8J?#@L!&UF5<<^9cHaX8W+O`}44NjxXBb zWK0~030z6M6SmR?Ke-*U!K6Eod|o^@sFyWc=J@>zg~dRj-qAtucX+54dCAy{>KlKk zW)x#|X^7biY5%2YKgOA{80^u0G`Sc}Hy9S0{6{!Y2QamS(b&Tk)gABx&E}R+pr?xI zi-BQ|vl~Bo=6t)%BP>HhxCS?70*eIV>z<;2_4E(Q zrshFF@ITJ^%7u2)zj{7FZ0b2u)pw6smhcO#iuUAG%Ibq$xgp0ew@l6A3Jm*U2}mo%M%Ar`$5{W?Ypmj@4k7 zrHU=y!R+F0*%CKDy-bUVGQ)>jg9ciSp)1<{>_yY_6dZ4}=xgd0!*3aJZ@v&^WNZ;j zWkUqFH@}Tl|Cy}6n?GTHomNg^2!+uQHVK4v&8xMa#Hzoin9hEO=(cd(yPuD0{Z`gp z8`@}B74t^)!$p7sQ@rW}0gTG!@D)q)W=f|hx6*jIp zS>TX!!NP4C*KyAoM0YJMYOXIi*x2M5$UI_xr%d8WaM{M0xa)^OvOgtboGP1VF&))Ql8TRRyEIDh`!~VlvGuPH`=R^y z@mMZ>wdats}RORNw zn+`Xc)A2`XKg7=lYx>Cf(al6mW?@1$log{7kj+kGYEn`w6|c?WaPk4rV25iUmaPm^|I zw-G#N8*nZm?D3JNaG>^Mt0>}4V1$M5=_FzV z)?uGM-3;YXBB1d99=jN=A3$m7B$<8zUzpb$5UrX<71qVn)qRt*8rAsI=qXm?I*{d} z^=O!VBR=lHkFVgzEZ#*n{oG5A5{1D0%;j?2rp)4)9|PI;OT0V4iEry;oYMu3W%_=r zkHQfDZX$juT_SuL#*Z179UC)2?%!=8LG@pFC)WHeMHy4sJbz3O;*a+yQ{}@%uT}bO zaV`-9{+l9fA~rZiW6&WJ=0%F$P-GHv1NNEDv(O?qij-Cn(r4cmW_b=5giRu(_fP7@ z6MO;9*I<^<6)q|~Nl9-z#$&>As?tBoksaqsFguJo*bF1)PZu>qhO|F;_*nSk4aFa& z)Q=_9k0roB8HBBz_;!&`zy#$$mOuIJu0#-Wb3v7L@ZSatemuzS!!uec`QVYVeBbB1 zmgoDnQ_7HbBdHERm=ZTk?nB&Q-wo=maE9Z_5ZrN^cfJWkAPg0V&xfXkTZxFNy5~7GY4CI|r)h2w)@Mp6?*-%Ge4fMes#5f2>vgH`sp{`|m>i zMP#^a0sy5Gm!HCJyTKPE*Gq$bR{5>M8r6}kk&o^c<)a4xoJ}>O_=NLo=D*Ht!XT69 z3WH3+C7MCX)e8?_2!mXQz(3SX|8_AM#03Ny7J^I|(t@C{#F(F6sPH20pJgT5~(em*mKW)MT+u8r3eE&02(NJcu zfdksfm*6WTIu-g>o7oyG`Igw+{-$816c?-xiV&OMsu#ELMGrK9{DX-F;H6vJn0Qgq zBF#AKZm|Rhy#v!gl~U1~3x1_#2TTKg!D9|flD6V3N{&u0sGm$Qq(h%ujk9X@vf8YeXdf_6;Ip;4Qd> z21Otu`3CjkM!q;p)D^k%d`tph+(~FdT%c}fu@JVSgKAd6HAs@m4p0aY{kr(K7E**; zh!pd07ep!(B1DdPv1BIls_+v-eqhY7U63C}I{fh=C-FnQYL;dbITRZ7o2oTReuxPm zYEoJzkyH|iB=e2ao5)Y@>%u9Q;u0-C7pfNn`9kEU>m1>eosO7%5+y&gf72W#k7qSQ z$+621%sFtDSq65A8hE1Qr*@=;muUH^$ke!LQGT3a|3$`#fsRttG8X(+ zrWeiR!`v25fKUPn$)}yHBuWMv^H&#XJjq(uNIg?pFlr6Qnz03=4$Ih6FlsNyoCv*x zvFI78dnopGqsYaQssFn-TGyQp8<`IrOn(%NKS**Ub;F1vY)Xo*ly2?(`{E(D@1c4s}5| zB7hr(pApv(Ke^-az~QXvK|p9^kwh{O?oS>hPjr?fYzMi68BU;aSlaBSloQ_#(9%=( zjB_kW!UM!fdZ5O<1qt}!4!G0Yum*-^Z8OLIi4BX7$4lftOx6wS_4B1VQu`Bb%=W5H z+i~yk+)F)IWI^a30bwrQH;2$sL3jZ#asGu3;c5JqSnwZlW4=^$q*2hu5e@Df!d0|G zRN7&SFT$Ug?XEs3Q72WxykP*MSlm+BCY-(@{q8$z{A%VMzzAUL$l{&-k1KxV4!nrn z0va3D5=;+>k0qGtLbKP>Qh5#NtH0NQju1HHUp;mSE{T`l?s6<)evw&m&i=-g4jl9p zf8I&C4l}qG>|XCm;X7~cRg*{~9Cwy{3JMs$B5-s3c^!bv(~SU5r41w>8sozG!o$Hv zf!t)gFcTytq?b>DJA^3~fP3l=3tR^q+>&^Jdmswjwuu(F+fhJ+t51jkHyqE+4+$cW z`vzW^e=fwmzgG_h&ac3Yw!zIzvwBxVaGj#SjkUpD7zS4o3GQ@)yHSC=lHkr&;O3yG zz}V>u+^aUYem1zT+vRfpac2?18D!47lfvjs{1ng43G7oKcQ#&_ zcS?#z;#k}>Mj?A!2I4ddy~|Oz_otqGg7EBaX_?wVy3gYdRJ01+5paW zZxqm2r*eiAWtQMjwt+KGg9&rLq);Rth*vN<5f0qm3Yb{`Awa*YU`GU~yp00NC+0hB zH-IYbn%MbK3+O9Slt4|?FF?2B#(Yo#^=hCA3h2&-=xBR^Sr&#VF9{Q&YSmFb5&LnF zhU-+Fecfxp&0_Id$%(AD0DnNh9Teb>8n8nF9#6oJtRaT?Pp~^HFQYokC+1345yo)m zPc5MDNl|uolm+uMNg^V>D1bDf`?43+PBGO8kzn zU|vg@0~O4RG|U|e=5y}?=Au>X>)BzL@-hl0pO|}C1v*Om1X2@x)`Dqz*j&Q=5!FjS zzsHSPcct`mbsN>sEmAJNA7Nf0FyEAdA~fIjcaBtRd*D1K~%m>_0kZSGCy*Lb4UPkqmPt21v(37NW;@530phwEBzFuy@yo4}6 zyF&Wz>*@8L4hPfTpOFuW^#=KR* z9H(I}RWR559WcMIXFrFBVam%W{PGF$+f#$p{QL3E7T7KYVlm?zO;P!_o@BjQ}Bi-G>`9L&3d7!=0hvKK3@?zOjOR z?H-0JFQfX(C+7F80)1s}9s1e<7PR7}FUqXGK4!suh%o;y=^cqHe^!01R4~sZ%u593 z3sO+}Dlem8@`*W4!=#}Gn5&0bFiUNieJz-05N4i&d9A>7b6zd}jkf@B)pB<70+t$6 zizSnAVd0o!Y(v%#$2R;l<25inz0(STwcCZtOxeWEf|E7`jE^f^Yl1GvF?Gbhn zQ3HS*LU1<=xaGPWYA=fhR%SlMh60;CRL?Fw#S)Q6q!2l$1`q_)B!aqKfvV7;N&)KA zxd8R!GWM)E3<@E@$bOZY12ibD?VLAR{W{wQbpb&!e<}kvSYLwt25@O-4XXsON(sv= zuy)?9(1C81M8hgE>)1+kOT*e;Y{7b03b9+CpjPSDhqy6o6{uGZD-6PWkN^2ifJzZi zRbf!Y(V&XW8#O4+8!HMdP;MJkPYcv31a*!Ab*Tnb1Wu*t2c3DEF5V-M>>XiXdeF^F^0X0WT2@@g)2V!APSuvrZ z;u{k+JZ-FBzuM~By)3EZd$gdlGZm54${zhUu4J{kc3_=?v&^{V#^G9|xv~2UQY$q^zs$%_W>i~5CTPk>SZw-UWj0TlyUZg>FSD;S% z#_Cvq8`LNZ)XfAHuRxurL8SxKID!fYsC{?Zy-JS;m2R$KN%Tt7>-~BQRGk!JuZk>C zR}$1rNuWqvb3pYf6`4*&SoM8z})Xj>@)%7Rf?I^#|E@xOf4_1^S zs}SFLuE8A=e9)GhVM(6Lk&~J;EX6YjIk!2(Qa!)&8)-Si(mef;#F{fK-E+3z=$|vJ zzo)0)$jlj*>FMe>F3cHrp{J8`zLA|hEW0^aJ4_|;Gc|mq9cuVE;3fioCk5YLdlS)z z{}bge(Ct6hZa-#WBHDk7#viCa{6(Te( z5gl2PjnU{EaN|X{NE zGtCi7;53KG5Atd-6M`u&&S^shH0abAH6tXgf_6%LTwr7RSIuW3VvRdYRI%-GhX3*; z^Ma9#Tr&X@VSVO4b_aCXgrg&q#q}CiFdnCvIa>?ToRNrK2LiqBS>uNPa5-iL%#SW+ z+&IR^oG&m>?#{6ecfl8REV=dg@m5SPM#PW%oqAmHV@1C`?0r=JNEDeaWx|+u6%Jjf z1GVZDwO(bJ4;n!^{Hrv2?-tUnBk4LxQfc}7#8gVCACfPClvE%E*=e8xg2tC8n9KI6 zT}-fl!!lHWe&b_fA#WSoqw1Q~9^?;%Kn7K!vso)8IG?hJFdaN000TR7j=C8F-0*3An=t_y_!{=|V6Vx>v4P3ZY9dDA(vT-~dwR zq8}XNrZ7KgvnPey>~`3UBQJpcdSc(xJvapwxdZJ6xocLI|Bh#L`VL@AzXD$!c0Act z;Cw5`<$Sz;Os%WBvHbOdnsw!8gZ0h3cSS7Y0jtV9-N4eH)E-%%1E5C(1+U?(f&4jVH z?E%@}df5S^X1m)t6nlYSSG)te+|IW;=0W!ih3Z)Z{BJKmh1q2wPlI{#?!$5fKX?x; zK9-V$KVc;b{!rprei=0BfhgsPwC?iHtG;0~v3@BIQ=h&q=76)ng=lROTAKm_t4(&* zFSPyc1Zn%)m7wQ?ms$-sC!Au5NX+&1_gx&_J~BaSwMsEJdxG%T1O(}ccxb-fI}*Nd zi+P$=d+2RFC`DXE|HZC9Yn#MJkUto%zc5Dq3%lsnw^YA#+MgjzG5X+799S}qiK@M* z$!Nr$gWpi-SA3K2FsuH_dS$y03=i*YfM{V$2+SuRwv#yTepn{z@4+P`_`mBRP9-N^ zu|sC#!BToO(iDIgLI&cR(1kL^1|*sPO43~s(dGCS926tzsR{m^(~hYAMaY-o2Y2S9 z*T~PP{sUgm;9eD1e~L~39GY_=ZtCU0FVo#llEs6!@R?_Vb3Q%v2I4+DjD!!)W$91df6(4XvP2yZZOIP43-VfAl-!~T$O z3x8c768v?;MdJ@S6o~^=>GODLfcRX~Y;Xa|0P80HwImOpf}g}b*$7~^ z@-pv1;sT0Qj?p-#e2uuxLi07q%QIgChRu5QovWRoxoR2EeElWO(5(EcK_@rI_20s{ z7WvMA?7`<8OA+HACWw3xM0+v6c$m#b6C;-52_dyj$Na7>iIE@}fI<`sFRb&|?~7Ug zI931Ct=C_1LiJBj^$%*j{*+egcTPJWHU@B1MjVwAN2T1~l_AUsJG%rn>6yyT1`4^^ z6o#!LA`{t}$ht1TTGAooaY!}q*Y7B(GtVqoSUL5r&5S}8#x;cEC96jAEU5%4s9$iL zlP6h<>zB3u1dsNo9v70RgL z$>Ir64%L8)_U~V+%*mbD*u*h}*a+7|p#I9HIU2q9? zM@S{v8gugr$%SZO8_L6KB6nR=L#U^Zo=Mz){;By^F-{y(tnUf z5VhVQB(;5jSQn&h2`|71(2B5$pqZwBiOw651USA0o0ei=ErXSdO|aDdmOa-WRtu`q zBgn!vFyYC;}uEfo~q;b zAHVtqtBwM_&VL^y-*X{IZa$o$$PEn#FO+z9f#cw8hK+<(36b;-&I~Kt2)n?#ZJoXk z{5y)iYucXxeQ&2sMdjB<=q*=RZ^3G$oWlW1axVJDF|I#0-G|S!QmKfaAjVWGK5;U$ z;NYx;f3vUr6MoBbbs+FUo50Dt7!vdk+>HzML-MXqN#KDQH;R5h+N{_&8$9Wv8$h(= ze+dLGy#*>sXE{lLX%Wx`fjl;s9{llO8OJhB}^sv1lJiC4b^dgh!g9HR2Ml~{v@ z7@kHd#sd$_!ZOKGodMg{W;!Cb?tuIf^@)eQa}w`Fy)b#t2>) z<_SwT@Y*_m+`K!AKjySO0shEU`~ehGpMgJI5&Y3Seh6Da>3`^ld&Bx+wMZ|Vc+vkC zMCu0>K#aB@64(7C`e8jT)DMa4){#L5cDPpb!z!&G!tq07=!%goE1Hzrwd02o`kzXp zss6_V)n!RI(zbEElt=-~M~4qZnM+vE*64xw?FWReneT$Gd(R_X1829Y{#Un&qU$lN zA3J(}>H|MU(RWSU@zK}!T|w2(%&Xz_JjhijDo^!GQmSg_Ts-DcA+vc6=quKLeves} zvlF<8KrFFBo`0Qs63f6^OJBGS$&Fb{_ZoBX`1DFCD@v7m5QsnB`~hbza@iN{)Uyn~ zuDEIi;Xy#7e>c|QM2vHdQR`)wmu%yX4dt-5{nvL($FS06+>WN-uZ$mEI1SmdO{&3& zurL)(G+*tD1#MT!n9vhyVo0rebMiXzUwVIr+pd;FG()?ao5 z<9|3Cn`XPw7U>#617o->HzznSxyAj7A~l1$7yWQO#`Xlm*I#xyquxsK87|DjBCouY z0P6?`)Ii^8mv1l=00_zW<=wowJBPC^2-X!F*z()S7k*UZ#gPVKizaNqn*VHsgN@NK zfl4qb?CJ%1;BoWTS@FfE86)@ZgpOy9H?UP^pC22jT|lHmmBVyjz%NJ@mZ64i$guc@Nh|Kb}^JZ;ko~m*T>IvM|cO=Gku>=?GEMTa$I<1n>ebNYbU_@g9wtv68z8&*2 z9EE{V3Bv+|&+_ITfcT*DVfFbv68I+AlU}25BRJzE7x62J)E0&Y! zoAmHb^za|;uJm>5Ul_Q7y#q)05DmW4QlNYr-M+16lJ1>4&6Z5alVA&~ zmZL+i0?vXsmU0of%MB4KR{bxiI>fimNA|XYgK^O~c(I?R?})o%;KAc=k-o#uI8i)+ z(*4=i!oXzWVz4*&WC7Dra1rdLs7yq(C$4>4ML+&5__2Idv-6Qi0q6caQQI{)6LIPv z=QJe4J1J9 zx^wo;llWj9%Zkk}sesDh$8ObCh917)ZDZ-o{8wjd6pA{;VE0J;OwS#7|y^ zMVHqG+kqgwC0nzX@sKi!A<1XlOGHh-m1wU*wxAf7UHQT30EU%Xd4xHNJ4KbJ6+7oY zB8@{0MP@-zl&7{27~h{Nqed8h^7kLAR&f)F9#>-9pTEb64{~)x8~lk2f|Y1{{42P4 zx|)AfpY)6Rq-H##(mC<>;o_`GMw84tg5X3BTF8SmV!5$77kk(eFYvFD^JRL> zMckCPmkk6$mk>o5R=DUkkhu6IHGkF<_3=FDKynupVMRKwm`PqvK7y&LtX0*koHf&B z04#@A9rasag)7?q({(Vfyo>p(_rXqq1B48rn1`i2qdU%_pOYzFDhUAdhmrL1Uy*6;*BwDX|G54& z`^xV(My)h&i-tEq!8?!eG5`vA6oP9M`{`&&}-`=z{f^3 zOQ{rfXF+7y%Yf^*&!WddgmFJWFlct;`h{n)5}X+C`%0SHcugMSTQ44JG(WzFWMDYu z+Yon{$N5IR;rE1XK{NF4NVQNKMBdd=#9z-Z?`{Wp-W8RU{|d@KEJ3v|iQ9k9!S5MH z9&iX3In8J;KDOi2*weC|^U?FjTi%0hJjr9K2HjESte%MnGQSb*EL9(D>#UiCPE`)N zW9pUo=C(ULohm1`8CR>$#L0KQd-j;Tsv~!ldAi~8h0f}mqym>iJ$2T62n~cc7dfkk z;7xEoexjQ4QJ#)?3V<1SiU*$CoHaAmr)2`)S>Fpz8vIu9+k^^HEWwjp@SX>?-9GNtyK3DzXP0LN|E6l}=&bn*?$qnD zTSwhFhVPvC6y;KB{0*8 zs9*?zzZpvRb96U9|C%n5D&m}PRf#aeSJoLDwA?uv17_;HPPnMNkRC+|$F#CSe>>X|lOy`(fnfvXf7<zXURb(^oNJ!==JSYN;@sBFg`un^c=Iuqtd}-6_$y9XevU0~3`r z)2MpjZDOyZdY6k6d-auEG{-48Z|;md8cvCZ&sAjjDpT>CnEgNa+uA;^WYGAbc?vOJXs}HWwRp4j)c^HW#3ujYrIx)~4-WrH{`IY#+XjV; zlOP|B>#>r6X_&JA$He}iKdMh4>crzmO?lkvrO~LWO98*)JJa)V;<^L*bODme8b^a_G@vxI=J zsolK->Wbi$r7)h+Cpm?WlUgbT9!{h0g}7&5gh{|H_@QE2#a5=!9~36B8{&JiM;mo< zZRmXKXXTRc%+9IX+0%jDabZuBPsO|lBDcc_qo-7r94{nbhQU7h&ulleF~|Bg}Gv8f`pNudYf$4Hvy$==} zuxgkYAJWso9mUpVHD8)jiblRFEL%?T=5c8Oxl;$AvMp^Zm!#s0HXiKC2jy#_6KRg` zr7cCP%yZctw0Aasz&~d0j^V!&lF{r_;qPrHk^j`^m5W$)TTcm^u^cGl_>r?0dxGtw z@lCrM{Fkj_Ts%mRN6ZYG3A6KwfB##AxX7xBteCC#!pP(l90ayk)t8lMN#cXN)NK0z z?Q+0KUipCxN0VxOzlP!)UV`|~AgVYxvR9Vyn-B#30Ja^({#xfVF9+%lJ5iqR&0Qzo z$&#kItjjmN1oJrZEzi8-GvX?**$DkEOzKMy0PA0GVth?2mip-?zvYMZ(|6&PUwLy+$|1)i;y#^Kf#CyB@&-mB z&hKJ2Mj-yeuccPkGm!9x;;1SeVdXz=xlAr0HZ4Y7~>-tK1qN?{bA(P629}%hgiFR20LZ+o55}>JrRgMxINop z&hyiZv0!2UBShQ`ryFYPnY2na-v5r2@h@f#ZoiiZa3eD3&ROexa1eBa+kah>JLeOp z_YBe3FqUv`V&P3w9EJYV3IeB>;Z!-udDcF+Z#6>Md5s&LR{mnm7Xm=h!0i_#8~!I1 zAa`16p1*_9_E7&+^rtu-QI{SD7k3owz{>HRgDJJk6u_I`tD;7D(5%&YpDsqf?O zbq6Xy?1P>z(!c4m@%iGP8^Mt`JEtY0l-suk1>LST@RJ>&=;YMAsyas+YdGkD{Ekn` ztNTaCp&dRR8VGGaYuiouDkndZ=xL|3hZNBeYYV%_6;i(gT;|}~T zt}y4@@mE5%=gU;cw-K`;^S=ZOXWbYUJ9}oMw7~ZTCN~N&7D6kF3a19mzkJ5XZbBcK zn~;8I{9hVTVb@f;m7Z|!uXQ6giQ82JqMW)c6a z!5;)6;X!Kt!EgM)Y>YV#KhXw}YLU{Oxm zn!JL@a)q)4NoaGum$nWs*NfhIt;c&_U(-^m7L;OR!S`YoGwc zRbIEN(D_yzQvsO$I#u%&1LJ}Y5|U@SBZnTYxh+FfI|QIjs?A8)*Hw%~|s-9@1)I-ERL? zNvNM&u)z#3!4s(A>XAJ`IfFYyG42uLVGDzDt{~3R3ZWUI~LR(#Kvas zv`P7>paPX%$Vw&Q!LKm{fpk$Qh#6YE7rFz`?_!@WR{KkqUu_o*4D1W~89BQ=Vw4(o z_$H7z|4|sD9YX(R#yA*hY4-RK^>rP{|CN~G&HX;mP8tJHtg{MJJYRn0oTb_)6dL>?lC7vVFF5Tss#U{?;s8^I8C zLo;a}qY;viCT)^@4}`Fhq}W0^%}CK@WZQ7Ngt_*}0W>|jR@JQN76E!Q6K3zW*g7M4 z=%^Dwt;_c%tD^kN(AMLYZ|AfsC4U$=$AVd*b-=MB(@G>1up(R!hQ`-X&EE zHZ?df9FyAiqPj63iqIiUjD-s_XCX3I5-D?g){rF!?!`r9ZqMH&M%FJw%iL&7=CUDk zoVpd}q|CV}a~S?WbX(?9ZJEnCwiJ@XG%(*uOh*jbVWj*vx^Ix`u~3|NJICXkRaXt+0g_kGln3wEw4%nVexknXSc^?0Qzh8hEh3_Q3l;6l3oJT)ij{Cl;JC8ViZK}uot8HsTyW4V!mEgZHQ`?nc&hld!ww=n6n zv>?!}Essp=Zs-^h$gl`gJa6A_4<_v%;ui z$^u8>g19;~&x51gXelEcIxP)RJjQRgp%DzKfc(gTBYrBZ8KYPeOSAB~m@D!T_U~vm zv7~%!F%}FBwX&^jcAN4uygPm-Qr@3}6vN)4VRVSv{4=gqH@FKzpy-`eBSpRL#b z!2419dCe!sRX^8vEI?0`iY|_)?Cxw3efL`0QeL5=dtDaTxgSof}Hi^3+Uw& zmK&o$EnXlVE<(N*+&yPyHh!-%&mM9JIrr+l1i%qu#@PzGQ3z+L3arU8H6`js)RgIS z!vgJ+%v*n98xbzU11Q}^Y^XQ)P%nyTcPy1)8~G1OHBc*TDK^H_caYU(%v3?cFx5*u z6!;Dk`V16crEIoLd9zqsw2oGii{Lv4w464nkkhFDjAXD3LY`-%^yJWf2?X z59Zzlo?xRmp_qlXz>nza4xBSFb-d$B=lpKnhWb9s^M2FbjZE}=^OpXz-B9QJ&)k6l zi~lmtF+6bn4VX2Ve+m9yi(QtmsmvoG)P*WW#0||pJT87{_Qw0VS*;9Z+2NU5eB8$Q z$Xn{;>)Pa19;zJI5r3CBr#*^?RuK*fP(E8^VfuRWigU@+oNsP~+NH|QSw9Z>HyH8I znb0Lr;Q3Z4h&WRH-DoYan7#ewTOw|f19;^*QM6DpB4i*Qa_c*tmn?W3eXf((K1bZLXVAn{vG93nzxFH-h z+nm+^072Pm*c+0v4XHyZ_^&SF#G;g2);xZ01Q1f-8AZ#{N3&A~@=@UAcLUeB^l(|{ z^xlr-D`t0CiSN-(Hj}aO5^|WRm^#YsA*~<4(Fe`_P!+YbIuh8PB(@AyA?*R<%i>k! z0=~jXnM8mH0x;q2cQWxs`?*pn=U0ips-4s$w4V>KCs59Eg_tMdx!8_7@Ir2A8^Ahj zI=@Bh?x^!yZ2{=G=C}GTssuyEr{f~?TYaApd%C21^!(Nv((-v}G>Is^Y%wQrWHiUT zRH{6GSmte{1MARIOfgaOk!$#q-*1t}dY%K%ci}htiG7KVGO2|(h`lD_x zpDN*O7SuD|xC0O$j!Zl73HyO4Znc`hL*oP~kRBq7YJ$ki+85k}Z&`0Pu7b?Da<#MA zFe!*aY^hjliVg6DxU$1d*)l@O6IGBln($NA3bI+`w2zw6Z(O@c=hs$$?m=Jh~G1owrUGw_Z+OWomAaNEQ9l@Bb-Q_Mxu zqOhj=D!4zNN=+Ho=jTTB;6iF4R{^%~gDyb2q?pa?k^BKYVB5^uWGRJsjL)c_Xl_fy z@4yeBnfX`3ng0=D02Ms)`8@&I6x4qZ5YCSqx)WL{5dRAXQe>?SzaQSwDZ3BAkbdnS z%8+iIbz-PH742KKBDTg;(Y{WRvuk>Ne`f3RYZrb^nH~$}$+TMY!{xAo|1K8#Ya2^x0MURnXdikRf5q64#0(5TPOFgh4UF0IJ(O;)Si!; zYc_ap6Pe`H*&`AN713qHBOrJ7)LCGL=qrde+%(k|CWhNF{aBB= zfATQ5|G` z7(=KHk=*}!B^(K5DHRF5m~IDuS|Li9ngj2dTS>dE442TUklK457Q1bBB89ga9|IQS zp}oMXA}$cw#NV?o;N)U)IVr=qga5+@!RSy;w;e$GO*N}fQEk11!dRy__fIF2%cA07 z*x*EhWHJZ07Aa*9eobQ6lPMt1kCveg-rSK=unWN`OgvhF=kS99a-#}!u;p9H-x;K< zu|s8T9)$|2SwROuNBLo7KoQw&S&F3|5j!S>BdMmqQ)N&f6$pr0tD;oGQr0#VQq{@_ zdWRuZ6p-3gNHtuRlWUM422*#1C5S^`wh_0>A`+AqHiwn`R{C#r%dC)U`w!4FF@iqv zy-Q=z9gtw6H`fKSH9;zZi^?C|0EA{Ct3^z$wIC{ki%uy3&r~WvB;5B4oJTW=3=b|D zg8V{T>4b`G>aA3^6U2B|5o2v<0_;MUl<0Q*rVBB8p+&q=u<4odt+@v&F9>voW0qBc zeB@^w7VXY`tKyc?em;%pP7m`BW0fDmoeTY5DHJrLIlUs)NHcn&gvxOUYaWpJXhqB` zz7_3)@ylHNMTCB7Ubm%Rh^Q3t>BPt(3uFraZPTl05}NpTV(rK>@gQbDTb$r*T|Yel zc_(*j`((|c6VOlPqMue&Qa@ENf>#ltm&#}u)PjW6PqXA|59783!L?!+D zrLanxfe)2Rl9e<38L5)Km?J9bOI&1X=8Nf~l9D@2Q>y4kd~cf*OSCE~lAwcaPL$cI z=qY?H8t6sbL}{R|9h(UY7Boj`AT@p;{zBA{z$}6K3uzOkB&>s={A{jUAYk5mU5}YyVVF{<|kn5X6^~ZLJPEoE)(Q2;#4Qo} zqj}ve=nwP7cYzL2Ii}hO;;1jJF+@M)!S;tz91GnH*>$=7#o35$B@|%Af)Oaj!-`DF zyUp5%untzQBB*G7yF^gulADyp(hGttCh$mdXH%9&Ew^094^BZTr7^UAr zfB(Oy-zLmDX8m^LWzlax<0AU)$b+Ka2DbYT>$hLUHxt&_`mHB(Z+!K(+#Q2{GZz2< zQolJsgQM9`yEh$!ep}p@mBi3*k1;jl1oYdsh5rZjTOTNEt>2#BctZMZ#oPbG`t9OZP}Tl8F%e(QufjyJw^EA&5%PkV1Ej9BS3J7B&)rA+m- zII<;7{TX7SBk5%UZ{S}a=9cjBCQX4ruPIgVjqZ4t;=P4aaWE?pIlxH_GCqVSFU)wW zr(vr$cyG(=(|gds@a`;T8?F3PHz)igag>Q9zNcoR33>IEvv4WLe^E$kzf%lg$rrK) z%OlCAy@yd;e66KM0GZ3?JM+wB zY|S?UC=$dQ-UpH#_YD9dMx{${;@|K!Sj_1oUF9s8q< ze2(MufZyN}IvLaBBPViv9`L6lHQap1bFHu?T%<%!l9A>WoSCXb3+R5}$HUSCwwMRj zPsUWSnSBj64U(9Eo@NPLlR{=TVE;~_d7ll@!668(_RH@kV?Rl7adoxeTSJn|bX4}FP$5kD^Q9&nXER#0`| zioTHRhmNhYL{=#!6B@z_G$|fHqi3OJao;0QfJ}iXJm~(bSQInWN-ShFK?C;3J0|r1 z@3lzcOGKi-l7C4E5QO>eBnkOT2n}8#+Y5zo|CGK5;w}^x)gtgegSBHsnraB?Sj--9 z9s*+gpC;jQGi8l3L4cxYF|deEP7(ePzTgBU*hQG4iA(@}2{Ou=X|F~q-Qd8MLNvz^ zpLr7U0;Q?rGyPsUuJN7vbC=SevIe4RC&^CzDQp1!$*a;zz%LRyz|X08q@E!p%=yv- z)`s6udRVZ zQuE*3Bmyr}NqxA|5H)Fxo@K&u7z(*y-b!@F@XG-iGFij#MKqycg(g)iNFtGuRNMfo z(DXD`ir7d%ur|(!`WolI{Y55QzZrqa)|X&a!@zc7{e6RC?o{@x1xPmAvf(La>E9xG zmyJsa&Wn-z%|W_#{+(H+3|-B?cfNdF{M&l{iyn)Tk50!|KjlN`m(St&Rkc&JCgg*o z9PJBUBkYUW_z7C}Ri*<;&}2{l3wY+EEh6^ekKJT+#LSm$-p<22kP6&j9sStk=#EpL ztOSoFcgKbMDkPpdo|2I~{3l38B2TLd*U$NpKY%|GV{KrI^)f5)u9at=ctF_Kin*$J zBO_q_e%Ok=_Kg#Ucgx=*`CB4?VF_G;K+woEw|UoI5EBU&vLyx7qC3yG3%kM$_0{Eh z8{+c8-fTqP{$-W8(Yw}a z&_gZkJL#X^qACgw?1w=7mOqQ&W)wqkcdliY#IzL@+ScmFU;}M~^TA%w@(Kx03SvL5 z2wT2&`FWr=N`BTnf86rvoR&`xi;5xI5(8@=*pEIRbzSW94c3$Tn6y6D^9^=ARtaty zxEmKa-(c50GJa(2mht1b&NqmkC$MD|10&7>xx(-Y%s@V|Y&!OTaZ z=o^}K0`$GLHTrg?1Jw;Uq*}xl{z@k{SY`vx!HqcQ<{QB^7HEXexuKb$_rHKsIKH3W z{$h;Y|Kg8A=mcDFHXQc9xLXMA`VoX~$HWrusMW`60mnx#_!zEJ0to#ij$a1Al zP|5Ss3R$tpQ9mGeASH;}74y(}Nlq1i|M5s8=#F|Y4ao74RPPGD6RKmPSAanBKy-2R zHRUPTjeiot7hMm+cm0Tje;ucRwOD||uo-$z6F*o*r@VFfUG#7ieLJE2amIg~(=Kg| zzR~i#%aY$%=Nm^3ana`+HyPxzYDv}P3viM1YqG|Ys>#3qC#d>Aa6Z-BJC%tBB0@|f zMK^M`K2jKQ{_EpHz(=nI0k2(60`C0aD3Z&Xlgx}~Bh9D(_W4v>ABv)HzrUOSeScE) zEny4?1}*+X=w~>E;wi&t23GV5d)WI?Hb5}9O_$&YmXczcGHV}FrLYtmw-FmN4!r#l zQZly`7nzi}{r99~?yOJ^CtdaVQ!c~@xy37?xhO~mO$yv$Sr_5Ph0dhVX3|8@Mryag z1rcnncSVWB6G|y_utj=MI2$*@1j77SHEfYjA<4B8tE+bv;~se)Q#>xe~V2e3C?Y%Q-th6x#2DEyw)noI~wg&Un=Yj7)viDBCf8a)stoll2 zL(_F!Gm!XGfpz}XOR`%_XA~(y5jjRgX@WrV5Ij)s1e3}cq+uoKA>466HG5QK=MrS{ zTMQ*ur$tp|Hv3S%VKS8cp?TwbiYuGez!6J3q>nuv#g*S_E1`A$a%e^r|IL|s0{nN) zQS}RvQp~2355k&8oj)?7Cd_|DVg4(MiJ3kB>X%{upF7x7L?8IG;G4%*b8U8L<`jIfB zs15FB6t(qVli(|Aw;&01s%%Su^sY#teU+T8A&iKEp!5SZp00m$on1foO^8u{iZdy% zGZt_sEI7Rh90sd#&b{zeV(As=kzX}nxgDvFeMA3pi;BOz#%zsnsX<2#i;z^%3=o+}kT)>VpeRA8QmYhqgbbh{Bu)ZM$EQ<8 z>(Yg)ZMABvRVj;00w|lxW|hUNfXW+21)&NACI9dD-1lbQOcECB@BjP%`Dosq_wI7; z+3vaLo_lXx8$YMcu)>tV;OBUF_{(ZHE&^z%vix|zMZT-Bac*k(M1J4vuEi6qIz${f zW%wZp%}RKg5Qb)qJN7YIdj3F_$QeT8R7g6Hy5arw@N%mc_Nd)y^XcWznvMqrE^8Vn zfK#^q{uu=h=hJczFRE9QK78*Yfi~u`q5xjzL%Q`_#laD1*>q3~2ov+$q!VlXdRaC% zK1|@GQBBmbn@u5wfnpm_l;LDV4)+6m!Y6_iraev`SAp+1?C=G=P74f$h~B*dNB?i} z;0lJK;?Fr`p#NsJ&^%_t^xJx&-_IAk$SAblXoXFWa=4DX3>LMN(yeh0$Rx%wkC`N) zggpOJGOk)Rd~yX#11M59bpIprOWa90(V@buS)VXnOkVoWW|%JZm)(`9-gK#( zd|$QlX}l93R~Zt`@+jNK%}z4zH*SEvszhmQ7c1qq#^lPC{XXawr9CmsCIM%aP55-dQd0Etz@QluEUt za6)=$f~A4(xLY(3_QYsyni2nKZTG2oKc9{C-YuFp2-X=r& zY=tr+A5A7fXKvSD-&07Q#y5@YGA7&~Wwj1kBsbI=fHkf}?-5k89lIrFV9!lK^kXS75 zrG;OoQp85y;Vpc1pJX6$S5=+2Dr>+|v3retXBXtemDWVn_B zdE)#716SO$C;OkMuTq3}0woL6fyNH=W|RrZKSAx7OR0_bR$zB&a!p3-7n@WX&9n=) z0yQx8JGP$Swmr>gA31Sl!9^x5>WK&IHDO{LUw;gQSlRSP?7knWKd${R^oNpY4kTok z#ndlRyMF0Pyd29u(IW=xXO@I9f_a44EXT1(7^!`yECBHEBzmD7XqqD|LB<7v zmH3$!fGf^1WfAntJAJ5MF4$`77c*Pv9%fThAt|T-hA+$=&xaZ6fc?)HtRP>KmD3zz z67hlCdA%}Bg^S`!Eqp%<^1BX^qP)V zg$d4^8KJRSOxYBZr_<9)Pg$9pMcc_(JD`8Jc_*u%aG=G>=%=L+Oq+eve(p)@r$fp= z!<*$WKblVz!#`6gs5YO_48r)(Pc&fS`UpFnj-`ysBXMmMf;OUBTg_@M7YOVjkz%u2 zDkRm+z3zp`M@3XCPZc{SifF{-gqah;M>S2t{!Haov8$o=(?ktzz=QiUv({rB17=Rf zdo{NGnQ+&<2!2=IAY|GjYEz7-Gmmxz7T*=z@;~)uYt3p z#e^Q;Yxy0z=*tj^WiE(Y+UF8*`F~!7_PH#N+GjDqli88Ai?u4Deb`}avr^he95FKy z??Ha10upV8jttTC%UX#82HOSa?6dg*H$P8qjQbeP>1((EJCQTI^C!dESb#^%urDK| z;fBXwDNS{bK!oV$Ux}u2Y5GzoB);Yd+Fx}Km6VIH$@D_cd1o|FSLXhmak6})dfb#| zf#VyZW=?!$OL`-<0@ttT$B*s4(Avm%juS7`5@`|NaDw)+Pt2

      (eD!FJ#;QZ@Y`bO>lzWIdp%k5J{zf8tM^vms+ihg-|{r{SN(Xm?8 zq<&fOJoL-nv#4LnH=K-q>4tci6W1?O5uIu37p^fht6%QO2u+T!HpKPJ>p+}XL`u(K zO;PlW@f*OPbPU%eEFE)4ne2bI_4xlK{qp2yrC(;AnWSI7bvCbGCJ+5V`ep1Neq{YJ zY4-n3{ZbEkv+0+Scb}Ag;rz`xcMVOK;L1vlbntNEkIh1%w>~wlx6HiB5%>3|%Xn`^ z1DY{sFhs<**lujc$z_=L;A#Q2Tq8@cvh{(ZP<-nH;;?>xTP1k2=sG+&=^60z5g?~t z^w>I1dTkw+Q9VV(k8 zZm#cf=fP(p70PporsmvE(>LFO7>B&D7Vb(oxSf|{A-T^Onp7EQD0i`xH&II3rsgDV$4nVwO7=R(t4OA(^MB|m7mPkq|HN~@_=F&!_)sNk0q0@PdxaT!0R#Z; zCycu|tDR_x6U}G*`7x!knq&s{65ct>pKNTsvynQAIxHW~@%=ZCL4a-gB{t&+=$FeV zKS}%VZ2E)f0B;n@d~}4FoaZ&+FKjm1ca3us_9a?h>qk%fD@qq^~v;~ z_5;&O~(RLnC^SA9h7F_hsNiag|TZ9qD z^a3NC{siL&Uw*hrHbDFe>UL4uv#FeNjaWdjfQ$T+%}G{nbb52tKcW2>*Co@x;s?;* zj1MiReSu*Ce^TUMwnNNvi~RGX*RU!7NpZjHKz|=TLjHZu7xTGAD8j&BQ~vR3YOi9u z|H3)3G7W}>3lEuJI4`C}F+f`Z29T@l?eb5-&PUxG+8WFM%a;6e@jhAp&rSD*y)NT{ zKcx`*T(r%dH`ZRAMiQ($esYu0`Sv`}`KJp>=eHL$N$1oJ&?4^2e=xNfk-tZXeth{} zIw6U^?NQ%J$NvsFo_r_McXgb;N&5Y5p|8YsTlX5;^*b*%1bvqz4*%v~b&9@F@F%a|8JE$RzQr!%)ICkp_m~>JXp#{4zH>m}QNJgFV-FmIz#O#EK7z$( zxwFBKx$u8ZG3g6&c0rmuQ=w}EVWa`tU|F8YH%L?WhHvShvmJ(6h z+%CMq+8@$K)9=WLZxKG({avnWWccrh2kD>b8YsiRZ<)~lzw^=WLUUi6%j#(C znfN3|^cT(pX|jI39LDAhxL;K5toMt)syFs}7o$sbHe|$JjMr-=PPYDgo2bA1N36e3 z6ZIdu@i_1g0DfTF-U89dmo1#wpMswg zt$(ixyuJQGKVtp&H&OrgNfvUNhyP;W$4mTRrq4eK{6JaF0Mowk0@zZHu)`z+m!}X} z_iR)gst%)}>}MFa#T)yJi6p^~mR!GI>dy*oy&Klc>7_~%#QztbFJ99IIiM2uE&@V} z8*mE?f#Q)js+Ej*D}Pk>-AL3Av*Z>`HUPht3O_EvVePmChqcE~;#)qfU^_c<_&(JU zK)JHaY~oM9w6OMjJGC39rGNij`*$|c{@Ewh{^(@<#`_PA8<6ie z{G}pqWd1l4@fE(%8eBG?IQxnS^y~8%GAFsy?1w1_U?Poi;S$BB_7e4JQ7g z1@NNUyC&%q@87BH->n(!-}^70c>f-s`{VTQ{Pj)uZ|3zsQvZJXYxGZV!~T8y(uwzP zSSLm5b2cP_24%=V)z5i9o8KZwz`TFB87zq!0rRDT8UUo>V`qkp=i zKPoevW?g5gx_Ynhnss$ib*)DctpCRAT7};+tg;rpj)YO5YTC01HNELjP<2o>tzT$C z^)@^Kfa)Qs>6Ca)x>Zv(YuX(o&aJcWjO^=h1pa}h=WxIZeEof7|6JnUcU<0wa5%?@ zfAOX*%Owb5o9k>6v-LW-|gcC2Cs=o_DcPrXMRmN+5 zI9{vN_p#KsmGzxi`Ky{OFXPLNjc8x<3Rj0q7$4Ir3Df8O-oo^CXA7oBUM}>1!J_|A z{1*BTM1u5}V30VjpPK;l_E!l^Nc(r7eY^dH?hlcLK$PDO*B36iS^_Nd;>C5#%)~a} z|Kq>a@Lio29_;4qJcC3vjh}GQi{+Id%z%I3!Snohw^QOX%?UB|jne^!yLEYRX1S=mF( z&nn)hnSdu;)Ix#V@;Kn$e61baNOW8>ya~*zRP*=++(I9MThn0SceUUbKz{`M&Us$o z$0>+S;dj)SO5*o&JdTCmrPtU2PQ@?xKRu%2`(|VSlBzG%3hi_5PY9T9J`s?YMnq%X zJ42rLninRys$q9MQHWJz9^V)6hn`ZK7sL1D;hh$KEFTZ!f+P6-q)xi5AkbgGFCHN3q4O z$TC-~Eo?WJ@dY{`Ut$lHv6K(Ipu zS_vNKpYP(1Saj8gE8lqXs7ctWm83VUVk~wm-1$R$tpIOQvl5>f_+85bo2)n^zisolra&_CeDx?!T<1P;0Ak_*Ue= z^(+BLWntfnOe9+buA5j@*tc(B99fDC!-9%Vuc~X)U`$T(Lp@9|-I%;b3{zv4ZJ)|z48u}qIzYsYIr?(UXUxTmivsNQQ{Q{TU|2lj9JRCl$oPouN3y z=Zu3bUia#5giR&KD^lo5;{qvx%n2WQhqjMV5+$@+xwsy>eyE>_;_m+!5i0PsrMS;Wf7N=ZXzfmtLA18&fn96! zjnRSy^sH|1igMW6C;e1fn;cWi-_R$O@`Q$9_&6Dly+e1fGoFFtLRj<-ib*blPFCxs zH4U+r_%jFlIE36MKK{_P42_w~<)J*oaTT#CCxwZF81JH^4klTK%D#dp zT??1Puv@(%)%23zVa;{04kDShbP@h8bK{S5*k&9n*lz0S;qv~Gsw1HL!itQlBN#pw z23k9p?&%im6WUz0)`#f5gLN(xbq?DW)(UaaZXlxyYxKFTVr_$mTLxM=m&Uq=wjns@ z4Ce#2O*jAc|9tyZJJZtg?hkEf8URG~;XFjn09zpVxN#n_Pw8I<_Blzw00N~eXTBhA zjrMNF(nb*OVjM8MLZ<7%^UTT5OBoa`;!c7@q+?7=2DK$B+5 z(L~b>BK^N8Wo{8J2WUL>$nn}(sP--Ep&_uFvsFPYtTcWIZ6Unzxeof1VO$=E<5?RV zYX0&suw7F)0HVtz=1wdgPCLC&2^rm$nuE{|&DFx=@?yR4_VS#>+kCt&l%w9pn{R>k zp#XXuVB=m02vNS1^G6NmOZJTu6kiV;YsOJyI%^6Dl#(&zCfV{tX`-z^_fTy)v~Z`G zL*`b_ngbvP*Ng$u0DWksvfngM=AB3fek$9hU>Ta6h%fxu7npG?%m^ zHOPjI0bNiOHMC(37@=3o-nOreb5#xJsv4>e{}U}&w8d7TUn3D{Bc8b!Ce4S-P<3nq zvjKivy&qkSxv$y(%r*ECI6qPQnyY2R=wZRvqM|jb8erAi5kFe8UYxOp@wY|68o(9j zxy3*lu$IJvL@$KKIs?PdM%hJy&4A0XfF0eNbo8WfiQIB4#pplkjd!tP2;iAWK>i0IJ|k9ObjHG!7Rt%OOSpHs z;1Mk97ccbfSQMh8=u0Gw3<>FAPl7A+Rv4Z#xObpM?9=+VgsA>6fbvD=O7?#S`#*yQ z+I&FC!(7dITC6*+R`i9o$8S_j*V4E6L)&pFG|wntAnRuK3)GlIJWVc{U*f(5CoW_Z zS02utemefPt!T}3pa@}=fkOKKq7S18-kljhlq3`oT*X>lbV#Y*xvg(w{lrN0THp%b z#|PT_bzizKv_Do}GT-kW9{m6X{rXkue$S?jcp(JDi~U1y9Bu#% z3KEp#g}K}cgzZ?|J_f0qG;F?qASR+~ zAHmN*8^=svlWy|&wy8S>a)4lK|IehGkIKJ{}_e1h}< zQ}=ie_LiWDo6v+DUu0u4W+tb_p7-lR8%jfUzJptQb%%x&2R}*orPrdORJWL73W`yN zs5fJ(->%f6C1!xNlHcAON{%7FF-*h&=phl(ugKer3YC8LRyO2Tw8r1I0qnrU#0Z%V zeyr6s3<>Ure6NZj97bZ57?n%`HP*_+fJd9dUjRl?H^v)R9Oe9rv26|TM=~zavvx`w z8p{)69`*w|K{jCXNU0>c-&qW-^?#LOg2qHHkr&QNWcTaEn5%ul`E+Z}r&|Y$Jdabu zVz$$&b*wek*ASgTYrLE)9x&~Lrv)UzIlW4LTSAOr-lCH-DpsoD~XJ`XZ`atr}5lDi}gT0Pdfs*X<} z7dKcrV!%ddol&y%a09T}ovVtaL|>lVT7g2wnl5TYI+Nc$tEbjdljWgIWc+sxVr&91 z6@NghZ9Q-a?{Ct(I-?pPUJ+q0qbq=C6&caX8V?e%@2k<%D&;zRl&-TRBi659?>3bG z@*8%t>WfGCfQK)_r*1yuZWu%Z$m+CZbRwc118&kD*!41e-HKMNeY-Ga5T+xh4`bF~ zAl-U!BpP9)47QkauPbuj;nKo)W|J$uG{Q7~FXQ)e^?g(>Ok1E)*cpfUU=rImgOg3( zC4y`-Xzg;`tCXj5F9L%)WAG|nEStQs$+Fkcf2JUMOf2=qym-d!dZ9_W$t-4H^Y`8^&n*wX}pH4-L}!p|9rqwsrp zLk{dwZU9IE*e3JBEYl4D-+|V&^EUrCR0OSUK7f93T2S|(W_oU&k^#1uY^Hz%0LyZ8 z+v2CuidprX92aN*P*^g-x&=(b7zLT^z?7!Y*w!mW5ff-I8Q50zi?RI@lkDsldK@=4 z&lE0D^8X=ND^)+6=emQwZRq{3rDq`P`-?c0cO1pTw4dp)+(ew11{pRi%|d~woRfhi zxW_O-`ezil1F6Br-VCQg;N4Fv1nQ2hM}Xc1%!042)z>xoCVI_{VNGNB-G@>!{0>7y z^sI^Ph&JN*S;-RFz$|d8w6I{=Pvl!~sKPa^=PJ2A z*cykl9;;|=O!Dd7Jxt{J^#1Ae(9k@kM~*iLPY?+Z!;>tQ5P#7ZN-8K6&odYu*8FMY zf-+voD=g_*JuMi`mpWuzmm_Smp1uIQ>&bZ(56DL?4uOu#hvQNu9}`IRLfAMN5b&s& zzu~Mj6o{W6>dA=?NS2N@rE%%_XfRp`XMT)_k`7g0Tw=>19jDiWeE-^=BpqE(JrVLb z7o?K!6bXBw+7#k_^&m3{@ydmGaRDheb}?Q=&-tzc=tf-OAoJ~{7{lii6vO>$5Tu9< zBq`z{;lXuS%kdX30sgTRS|RsWSo#sZzO2^= z5uXFz-~)cOQ|*GB4FSwuVT_~zfaBE96u^zl#?VG_Y*&+0CxKGnyBYA65k8IZX;cxD z2;_wL_O5S;MvOd#Y|sm;y4wzdngj0`+m=vx*=C(WB66 z&1fQH+{KOX8^w+~3u2{zHj%YcU~Fo9nLSYOHwO><_);a3!SO|UmKbC(KRt2_CCXa= z^+TYzU)Hm{0=h8k_vcG}f55{!2p_Y=GtKJ2g(9rt_{bW_yq=uic*tmUc0$^IGeSw5 zm(rG}Mx%VCA2}Fp5t3$wekv8*g@=7Gx*CNcpd5^D=WrFyoQ#KUFv4iTaR~Iv1d*?vV^l4@T3ORnLjE6&=aJC_jdA4f9#s z5M<}&<_9HXq_+`2DCfui#?B9Lu;P#JPjr0xS)q(i*Wh6rpCo(+T!HP@UK&x(ns>|@Ak67#eXpLCseghip+^J|FmY1ISl=nnbUibS`$gPg;HW@+)VB9t|<c=k0NG?qAxc?B%^G2a0lih>?s)K; zvMn-E_!|1ZB+d)2{_I6&M?4fSpfS1uCe?+o25`mac6j|Df^d>&?1$$i!FAuzlts7w=yuz(Hmww*P`M^CK^es^`GoaE8R_|g%vfa>l5iqg| z^ud}bqlw%o{1le8n##Rq{Cf`Y2Lf8_qehzyzyuoE7D3sRahcTu8;GrBZPNcUQ{@jM ztZ|)7Rbon8GQj2pAL|E4E@%X`*i*4T39!xA|HO&a|M(BBf9HwSKj`@NJLiTdfJrz` zo>xumTM2{@_$41To7A2F8q3%G8Md5f>oHN zQqrbqr{WXftv#4RPa}vcNrhXE%^&nXzM%Y%r*ILg>WdBR3;d6(MX8uin4+8|#CHWg z=dQ(1Yz!O@wO1`cF8Iw&#OnN2Nl-0C2)3~ZgFMI7nz?vIftf5B9^o%Nb1~STM@Gv} zw6suOTfgI1UJOq+F71h&HEU$_H{IA5HCn>4~-6_Dyg2@F&NCWN0t4zg5z*0VBY>&U<8m z0(hH2qiO=l-4j9K2^SB}LF`^gXAV8}hmFtoa3th96g@O7;d$SA&vrsi%Z4$(ILRsF z>`K}*huttqM$%56L@HD=7t}$SWuzQ7#tgP>6y{-l)K=KDi6+!*(K96e}JAUTfK|x@IpG=`WkaFmK0(@9JsEoPu_)TI@G&8cT86Z(N6G1nU!5 zaI23-)UL*&Z(3HX=&xRoeJE;ceZz|L$3<2bXBYzo)c8`z z$O4QsYZ&35&Gl7@$Nxa$@i#Ws-lqO7POhK2rHdAZc>w*oEQ@Hfs@KAf`ktU_IOm8w z;_s=RjoZ<-=!DqQR$GMMIrq5sO;#>i`BCkgmT5`$O{G@I(3ncHagY*L@@p$9zv&% z#yJ-x)5%6987RY<-I1C43-oP^WZ*1g|A085+6Xu~9G{vc)X<%SI6pFuFt`m1GY(Q; z&+L*BCTLum$?xCptdaxxGafUS(2q`YVEmHsCCvi$EOy?VmYhGqMkLHh)r+o z=xx$0Vb4cP6O>aL`q=cdLK6bNUv;e+yNqo2qp67>5i%9w&S{49c#qv6pk{eqt;`VD$l(Jw>MFV}Ni`pvkjG5rFiN%Xr? zvNTPDPp`$(+nMrO8a6X!&-{l>fqo22% z(60awQ~v(^)8o4y{(%Fg zj7G4z@Xryf6>x!te+MxG#~-Y5>!8TE$Ays{c>Q`5m@uyI3Tj~>ZPMK$-V3AHf+V4z z)k@GLo5O|tb0Y9vk3kOb-GImO;G07DR%Ra;zCWIAV(Q0$ZzaY6!1pGHg5%(CI^lC4 zAHMVxfsbT_w!nYIE*yDZ3)D8)1EiFE-b9llW&Ks6)#7Wau!6uPM_UB~RYNA;c*_le zTRBt4EEL%=Z*c==m0HhiXs8?pp=;u*N?uZ&jzA1q>z>cRuwc>erc$mjx04vFhzc5$Rqqxtc!3vNFD4k( z5;ijnp2w?)fekoO$=o-N=M)u1zZr^$qeX8I;kWU8M}DkU?i8`hx!bW9LSF|4;B(!I?p^-Rk!i1kACM27E^*H?W^82aBjPBR z$EMNMdV_P(=#~wY_5I-gudE**I8znuno@AQ%%2CLFb?04s`u`=NbT7$s~!yeb&FR{ zFM_gOF<*#vP$y06SxZq!+%D^kzZZa)Y8ooqA=sspwZ6L@%U2+-L@U=cIBRO~gI%nZ z{yWA!1KzmcO)^WhTYPUiwgaIlenCo6Yq6@f*;~d`>mB& zXeC}iA_;0E(}WN)m@%i=Z}11rZ71*na%atIU=~vj{a!b#WBU{r?oYiRU*M+UYit>6 zB`-wIS<$=6=Ov_88RM=ob|d-i|(IHX+ZFz#SioN9dTZW$pj>%15dYFhO4CB@S|+S*mE8csxoPz$M`N-?yQC zIqFTmty)QT#+>a{)nhpM@*|Kmc(rnd?S?!d(6cV5^9Ax>WoK`iX?P`(en(u5{RB|xxy@$ zQqoiD@Apa9;1^KGw?LQb`~z;U1nQ_%?}E0fcn|aLemG`=bGcUhpl2S5DO+WgHybZN zrP;TUAu!yl+dVmhlda?~>y2?MX@&hiU()y}%SCd~i;{%pkTV%;Xy_2pLI{E@XMk|Z z(F^)L!bZ(a@y6NUCU$v(I0qnp{2Dr3wOhO#^;l(Uf3Qw@IX(z|fK7Mp_|prwMtz81 z+wv#993POn5mt?bs!kDHe6^=P1qxo+c@zgQ%p@hsde*)#0H0?wY{XjZ6;VsXdgedY zL4^Kwjv72B2}ewWqYh-*jj2SMr{aQ?#JJ$nMZdth7Dboy)_1v7-*} zIw5Pc`hL2Smy+&48xSc zm6c+Wy@dw`ZXqtAt=L)JF@FHI>9 z5|%)Up=Q$Ae{5*P{->LXDM39#wkw&5|KQ)~N}II|x>X8tqs01xO~$Z`j+o>B_TJ{S zh;WpdrdmadO=tjG!Lp1CCYH3#N#)yBM9EY!nAVD+*PCqjOrPvaF=8d z0;4TEfeVe>nN`o6zYA;#HyxV5>Qil;_i|+)>7E`Q?8-8NH_$E;N2BOyB3_Pg)E$$e zHs5d-ML9-b@m*o{O$rnX8>6+yi`4M&|U0=nsprlEt7^`L{<8iNTr{vEje7!w8~ z(A9*Sg&;m)$!IaBF$(_4N%A^-+A zWPFyysXX;A$?wJaKd&nKw`LAK^S3SI{+&r6GARDcBz9Qlk`sjNJRC$ooIwBH%t3@a zKJ%QJ$c?t_e$;%Uj9FkS%c0~!3uDSy(PGYOnM{BNUcLtw`SHpr=0_?= zz87ZJs77)TjET*40Kscq+Czi@dQ;436p!7eD(HU$E7;CB<}C>AiH&hC{iM}YQLuT; zt;L4nP1+QBBc$`j&JTWal*2y(Siorr=0f)Goz$l#mx0S;gD0C<}^O&V&~52BwM7V;?G`<^dtEU{WAmgz_`$k#_bM8JSYa5l|bwS;(n5G zm3%#Wac&^-0i zv=Zk(Tg{$W96U6>qD5#GVu7H4G|$HAy<}G#w@MnfWYEB1Tqc>=EA31ST;mWD{$UIsOri!zpdH zOlc8z=veyn$h2jw8kQ5j%sxfFWN5+K7Fuw{QBA+10fVeQ1#lyvc|W`}v%A1boOY9Q zQGZv&TY0o!#SZ)(U$I?lSPNsTVJ))E%4e2A%py6kL-FYNz%H%lW^DcBWcT29t?tMW ztzo&=V>7lP(@4VvdL73*7nCNCM%aK?@E?fKGi^kWObw7z{BbWalhRX}*g>WY85^J) zuO!puX`Xe{$7ns#*jnx2R;}*v5Us~Lx}19QbFOnyhpw_)SvJYTera8KxF2@2t3@#d znlj)eP5okrd5iHZfh3-xi6H^T%v0@rANAXOcjWR^sHp@%1?Ro9&?V=heCMJW>Db*l zFmPUpe#wU7%0q3Zbw=tBNOhgo4yiYon(kaCoRYv^@Q7p92=IqchS={H7=(Jp%U;ob zfqu?KlV$vu?>+dvq8tA9t;nLABrSG^CDK-xl@>K=gDs-^R2XpN@2~IP2{Hpnuz+gl z6HUJZ5he$wUEy3bE1lqvuXr7Q`&BH)-@XAy>;HD3HL&T5$)fnK7ty~eXp{+P$#NN(_I`dHlaNi#=xY|4Ol3oYMNN%ca5 z0OuSmC9>#(b6y62UC#XXU|o8)R6yiFNU=X2H{8 zozMp*KF>@=Fg!PUxx&xQvDIi9ZF@F4@B07==iJ#4V(gS}bs9Kgd_@Q4|3SK6pf!%k zPmirZx^JMjUmt-z&}%Ak#Q)};J46*5eOh`koK@W5U*9j_C=IQSJz{2^eTkIxqLgzk zPX*(C{L|F_dHHe<>Tluq)Kv^}&fN}J_nH*q&*^7i<3f;$NcuT*?;YfPdgF#|%(yYvtlco7R@3y*LaUt%t3L{x(iM4;_iSA`gsZZgE8_Fzl{KzA<+8L4KT% zwiQz)<%;|S3lMZ!#KFVo4>$4M0=EDOpJ*DJhFg!&6Fzwl@05$bReWdIL`>C6;%NnD z-Pk(*s#}vBtKri%eu<3`#+hBeYvBG)<@!@|_QBA|@j3fZqJsy95%h&^ z&!ytVA-!!LH{VJq%K{Sy`f)aw9}hpvrA*v$_e7$A0tl|1_%We;WBeKg?5O+W#->nb zq0BB06!*@sNF`1gxl|D&a&MkSHL{(T^5K zHs2U-6tE+^|Azk-*@9RNc=Hi`h&I+ZER|`xq!zd-)s$YW3H{dW8-o0*MaqqUl&Mx? z0Vll@2b0!deu|BVK4nMrgSyqtERiZmaOf*ROBN*oah9g5s9>=#IO^`>sJqYDgcwTR z{Y;=pSuQ8fGL~IP{(w9GBa?`*WAAkviip2o25}nujG`cx6i_DfH@+q)_|%ohqu_%Q zw<2r7bc0S!6p*%(D9AU)btqt`;FNd&TM8P^;ore*(H--QqBP^4r_n74&;~SyF=-YY zAXHeDf(8w)=(r~z$ETWWAR*0-q^zZAeURc}BAgybEtFJ$(w^FrC8*Faez@=p1JdwB zU(l$iMeu>5VnXJHFF+qrpYZlDS~8i&V8F%SD@;fx@C$oD9n8YgiqsBB?6s+bVN&aI z%-Ri9O#h2Q#U~0C<$?;odpz7Xz=Pj?JrY2I-+c=bZagbO=)T`Q1AR~JvC;0w@9?Vc zk~>T|e^7_T>tW3A2@~5`ewGTXS6H-=Ws#z30TYuq#WRKRE6?~>3)4yvbCalol{?Fw zD{%!|nmRbsG-t&AJZAiT{Y4N^n7Ht$@Tj46=_eh3@0_cr17RugCkz?E)N}&-RL%g) zf>BBn)T|*dm$_qK6uKhznxkjj_gjqn;)k+%KI; zyu@KfDs#Lpen5=?=rMb3nEzsmfVRfNFQPl%T?Bm=dP?cD_UI<`S$6NZUlh3DaP&bL z!Ivc(AO?mJkHvs;zyNBzEfFO2s>^E5bBU~IBzZOGkI2e#ICJqDvhOP8=`lMA6snnu zxHyf6(i-tkw3zNV;g4>h9dh@PTNn)NAp*MaBe*gnvck9;MPpl+qm zzg-Lao=)ihFgG&gnw*if0}5O03yesaZ$A(FVts}zKiop9dC*!_t2$3v8N*#nhdWON6P4x9AB`&XQD0~{{jshdeo*XW8;@59KVm1p7W=~(^a6vM z;AGzt#jyoQu3pj^5E?C^3F1G#g{VY~$oD`+`{bEAezqIAGQa&M2v5CbJAUaC8QM%8xNjW!2{n(LF+sa*`^b2KS~M&=EpA!!jj@&m^qgJr z1DU}n$!A`R!Zk`TC#L>JPq3-)BR_1Kg(%GfoV-+o>R@rqPr3m;OP1r)8zL7 zsWWP+?-ej&ZG5ZhK&l2`@Nh##Uc~QNH>K34kHUJu<|!V3&vkyRCzXaa`wnjNLFf2; zY{C{%9s;_R7l>?9CyM$*AIl+1iAL3Gka1})ovl!M+l&>60>c7;#?amWhtDsk{@bUV zOK;NZt@SGL1dNup*w#6Jfvmp<4Vt*F7GlA7;!zbkZ;6fdTMxFZE$v!tY`Sfc<^+kXD~X- z{4Y_UQWdbx;Q7Y5js^6bnYA`OGoM+jRuTmWwuY^N1cU?&Aj{e^1-m5ojSQrW>g7k( z`Vvi(cja4V*;}Xz=TYEP?e;Op61=oJjLRDWoiMPC31p&HH@`$>*-v*o{v1$n)nf_; z-C0D>T+zadl3*NjXb=?q@si`AAksAn1(T(Kn3*#~&&E$*n_=9*ta{GuH=64_6oDW* ztO#$6-l_CvB_T9T^MzYsnm_(1K!+yF1EFA=9~nj{#S^BoCNBBlZ{v$>G0;n3_HtB! z`sOVnYIwjDkYgb45gF~io)?KANR2m%Alf@rR*uKyP}z7qDnexw@W5Ro{jF%zB+4ag zC*zTC8Y!k|D|4MAto70AcI1Z3@-@9x$HuE2$2i}=TNC#SwBh{%III68E*RL-xKT?v z;u$W>)9QBSh9|qV^!?h+o37X3)_(Y<|5Q)BM$-p(iD*>~X=@)FG-ZUg`0dNDetcoS z#U(TW4(^4;)SbudYCY@yH!f!$e^0E64h9oosl28EhXA~fy4L3JmAca3Rqu}CK=e)8 zFIM5x!Cy~T=5lug+-G*1cz5#2tO`h(Km5E2Ee`2kcpCU)=5G{#$r#=^pmwBlbg0v(6fa8ADvDQ*mS%>kpWOjLo-Dr0mygXnQoXMgYEq zNy7_bFkcQ9T|JZxnxTctwOAY22QwL4gE<_&i-U0srzw|w!Vy0(gp7^Fgknt#k1aDc zq;aM!E~cw-1&vE;!q|GT#*1u@$b{U8A=1H&hW1c%csUwsM(2-duV7tO3tbB_dGBIE z;m|^DVh&?5idc&Sd9a}KWm1VMRjAmVPeViWe^_Yr|0lyQG!(_y}cv8D%S1#fyA~-_pv5NErQ8kqxRyohq_NikuZMvXezJ zVPtPb0{*v70@*F9%+FMriBe{-*XqnQEW`8juSCLFt%~?|3SSFRN(zsLTIV9_Py_OFmIHoByyU$Lee%$m+nHJx{kRnsl1rawtd ze~Z`jJFBJztZ5!=ii@VP_$$n7A8gvlR`T~xHj}bOuED-Q1SJBYMrJr`Wc&=zDAPPM z%L22*Gs-;7ebP2v#EqnoGbYUlN7vK=w-lQreH6$o-kOrowOWCh0RW zBT$@x*5tODodPb1q1Xo$xmvt+!0`wW`C^wKwH?j}{!jA&OMGH139&eBHYt!p@aqM9 z7(3}B$1F9&I=^P1_$TDd@_o)1M-6r^SYEvegO^@B*l4vviD(AKbC<%A;j)^FJ(GOC z%|GRQn-?vc#{RV0>KE1qAFOkLPo-mLgw_Vvq+_5CZ9vl_(R3ZokZ2=bIg)1u8^}Qa zRAxm{^ScjV+f_FJQ$I^X$GHDj`gdW|^eX^<*wm>wE68~1K^kcBWsqvNBD%*I8@2lO4T z!R0W2)0Xi9wAa-IXgEk_XS=Cg!*}$rI@&?qe|8imnB0FBKZywwM*_F+mh(SB%eiri4k_gS%Z)y-0b0YM<=F;kJ3-PUptTd zl}q`_wdg#F_|2!?4Xaq<4sl(W>2*7dGrSsb(;v$Od0J(B7?1@GG3M2t+oikh0!%X( ziU6j*DC0n~jMo{}Z6HMLgGEmcV2?0ia$>?XkKl&~RpZRsk(f-) zlW(VLq02JhhZ>}<8cMEC!>ww;RT;+B%nXO!8ly}wa0M{%fl(sqnJ&EcFxjBx;f6JE z&NwiR9Uy{UX7l_xm>{ z&r7WVg-GlJhH%t^7liD1?mbW{YBa%3T zB14w6z)bMf7{ibScku;_MoK+s74@cb8oSEy@f(<=2cZZTa?{n>lB=B-8jhUU$Z;Am ztNeRM9LNQSzp zr(heclR7@MCH*x|HY{#SV`I9o!db2MM{(?sp<_}%;>sL4{L-oT z(BYSFP;6x7p&7UYiBfhhGwCyFKO5cHzc5Cb9+DN=pj@)4Rz4Q~ll}v1=UWvAiw^c> zgKg;PLMPT=0Zmn_>3%Z28!z zzeZ+KZ-L)vx0DXsbU%}-|J*>*i2mw)4$r!Z)|#i-1@p<`0yu0zIy1h63~?Wei!mV# zG3GpzK2D4e4#OjzjibgRUsF-jnVG;6M*9ZR3#jSHd=aX1VF4;HnNd_Y7?Ez}jcz$Bj`)B-vL{M}7*2`WDB zoj^qg) z)9S_$5idd(Z{y$LcJ4LZ?Oo{=yjM4&b&^Tu|)3*?)IK?K}C`S33HUhE* zELr{`mITKlJ`?gi4p@Za5XWc;^ZOtPWE#(iJou!bU*q>HtLO|{tLaIt#vW>{+)VzM z_A|7P2IF%p%*Z{R0)sGd&d@wpWCRLi3hlYV6*w0uOyVX(3`ffTMtsi}j~Up013l2| zK5pJ0Xx#RJ9TBm6-hSITX3a!r-#T0zAASry-S2c|R#lJ0;=j=M1X!G?Dq;6Y-d|Bapq}0Y~SuB->Qv01_>u{pm+fZh7*+n#cehWD9 zS#~)Ceq%i{OKvsZ$z1#cdDe!Hi15C49Wod<=Uz`6Z$n;`f37#UWeA=g600W zenKFBG#y>i(pO-2>pMpp8fHyKq5-a`+1-Jz)e|Gr+C@;mBY+xLNUAqe$V61!ouyUP zUBC+T?&-{S6~KsPFx4IC)D|ajvO&|stQU*<{k68MiIdet@CuFbOZ*4KZQ$$L6?QL# z8b5;gp3GwrqXnb@EoDwoU9StAc2}0xu-ZAMcE9HARhvA`b?tX{Y~?mCZIzZb%sB=Z z#tsOdRg-o@Y4`&CM|i7I3*ZqMD{;F(7S;j~%dv^WnlPghWH1ce#)2|P;{LjE=%byW zDQN}2T=kw5zv&#a2?$;r0YlD4T{&;7UaXitnZJ&zUt1uyz1w0fovv+?74izdMaX&~go)IH)v)cHd~WR2a18bQ5ic{nh`xRRd05|H6C@)5IvB+Be}j^82+ zP4Xo-4iJ7`?{=a1hf|**aNw^Fc$fK6CE0iHRy38=JWvcEurO{^Y_@QY{CE+4QYpd8 zqH)ys6>Xi19Al88q|SE?JEO*Qc5ynGVKHLE92y5b5a=o#m$q*X&wRU&XTGuPD+tQE zIRvF&opWAaC6Adm;tf~>y*zL0erK?2_VRMe+hqEI0MUVao)%KFofkS)^y6x4HKQCH=xUo-_0TyUbR81 zi}lCR^dLo5jA#@|>IGuB9FHN(e&_P#4*bY@Uh;Q1lmpFKdm-+_1dJsuKB5gMEMyu2R|R;KjB79u+(6cu$>5+BO% zCdkv|`54^oMjwQ8kqhT*`lkCU>w8x?D(lY+6yT4n7iz2C;@G7*OWv0QM?NwS90~5i zrRZDaY>!w^`WH~1i|rptDMZG0uB^YbBCoRkM(n7Mzs2zb84{L=psu4Z&1oJ~*58JJ z@!*k`a$W{Ltm6&L7`?1WBeBOKD^lOA;F%|$wUA64kb(vO{w?&`Z{YBYuG3ov-^#^N zGcBhML3~8sgBPKHgHQ7o9;|o=lO>G$_!M|Cq6zSpwy#?Zrc%eZQ1Mze;06Io{3ql7 z1CvY6QZdSyY*?Xrj@(_Gn7`vp1|IB$NZ?l4!*uNpL<4u7o>3gERrX!*NXFEg{CeiO zA6$f?7pJ2PE3B(nLWqta_~1L9c`KVsHRr`25gj-I6Gfagt%&}bO_nLOuYrMe{0HUY zEPWp~S9=Q3ayfd&4*QlRjKMOVWGtFGci|BvQ_p>|cqP?xrqR5rGM`wH_!3MdXZLb0 z>I4=Ev=Ji5vdAf?yd{~^)hop06?|LJ5bLPCX(k#QmUDd^=WD!%%7~v%ILG4JirwnW z3w1t)w;CI}e~s_{aAhu9^@l3+@OT6IAuaaW#0c`{JMZCPE=YN%PvdW#<`rDb%$%Q` zqBYEC3E55%3v1yQ_$9G_r|Kww-+j8K63*ZpR9!N^Rle3B4aPEAWks8}DhrS=U8<3z z)$CpIR)6cPX22}Kt#F`EoU=(oTIdC~F5P?z8Ju%ZL;YaOPQiD<06ahD26H!sJ_SMC zU(deLIrj@@Tr}%+oc{;T?TtPJm*Wt)_Z2d;@$Ni?sOnQ%Xseb}49$zjS^5m;+$W{< z;PYkvguMAv+TpKfdMglMxE<=|(g4=F&P-8CZI(&!KM$ArdUjuu?0jNp%2|T^(-6$b z%>;LU^b1ib5& zFAlEDMWz{n)0S|^f1Q8cn2bNgDzss!FSJ&6Aid7Gvo~(QA6{+Vr|H*OO}?H#+I<>! znIoQmSiz^m3cegx(14$QdIIn)neTUZGM`=WjP;|!ELam-A9~jp+ER?@eh|`hdPpo! z!*V}7K-s>~CY-D6J`MeL-ZzX)dPWKU%-sP(Fhf4HQ|A`I*R_Gu{3w`REC?$BIGyBo z>;-)68|XZ&8W(|m$v%tjDGlw6JzO$>yu0%-{c7;Sk+#z-kTE~tCjLunJ`Hq};=YEp z#X<*Q8kwWlg0Uw?e4h1pckw&_{uNr^T$=tbU&AVVAMNfE>&QxqoewRS{9T5%-R5gp zX|I8hb&;y0olqAvsVgv{IJg!Bs{i?vtCW60dgAmEY~^%c-DjmOPk^?`O#8q zRV%7jph=y?a~Jg?`Z8=FzRZugcSzKM6JHK4xO>2!t@9qQNbSgX^I^K%bIA=*Pd~d#QdG zjvYGUyf26!&be90=@0Ed=IdL4ZNGyO@j;1{hCWb=FdOfnL{JJ!M8@)%L%yJn*>30D zwF>0UZHVP5P|Wq7>6wE0P6Z9o5%}s4894i3BlMKJOG)Uh($FDrTY|Ta^O^mQwTAx3 zv!ac25tuf1QKK>&j$LK)=hB|LN^8C>eii*sBZd)BbVr0}yXRMUBP?7pzr>y84_)uh z^TQjH%PnO``iTFhyYN0b$P6T^oMrY z(Xv4?i5)Z81-H$(4#8&N=F-qRM7ah^xqia#xt+Oaeg_3M48Rc{fk zx)Lv9Z$yyy+CY1xl{ChlhnhX;OF!TXytr7f$Dg}qX7HsgAcCGazngZLR zkla+-bvrPCtMZCpL#1iH&7YO_c(YW$yP>qlZmstfE^KltepP+>w6w>2rTS=h1NTaW z4r`lt`g<(*wfz7Ahct7LQ%e84wC(q>x4>B61BL4Fw0z}=M6=i%_siy`Ta=judEf$*UiSS%__mEeABbZDrdC`6jl}vn0mgd`QSEe zNQ!KUXga9r(=kil@6<_eKL`!~YkTgV3$2s(jb;7VJnA%F zEKn!|f;z%j2fn{WF6*~keTrAB{x&0Ss-U;nQcP$FL8I{R?fB>|hM72aac49)N3pCNK^d>kH5; z7MsrPoSX%GZHzFIrDa=PlC;F&DYA@fJX7rJaMsPCJ0L33JMQM+=)*Z_n+>gIpRJIsqI4Z)J$akBj&NusW_7X$ z9UBDW!wd9pz1ulYCjx^tP6^; z{+3dI-?h`}N6Y$|`n7SI)9Eq~Vpk?4>h-C52l4@{Di~2Uw8CV2Y+b5}sbA4W=nwe1 zOf5j^_Nw%Eqfi=$TY9!m8;J%xbEdu)ZKae?X}yUIoJb~3i;Q10axApP2;pf|;}7RV zjp+02yk_Zhk&QkFnx@YI(&vChp98>Hr<-l`*+V*{(#PeTC(-S}BkgAQ0w#8p34J#4 zp%495=(7_AQQPRpwj3aFXk4=Lzuh!44Q|Bgnf&pJ{AiLi_o*u9@IlgqRrywrp|(`i z0zOPZ>)Q!cu2cmt;lrc~n(B;lKNeMvFz5ZlDZ{ueg)=QzEap~$_ zp0VZj>o>OW1;0l{P*YJ~=zDGRUd%6i_y$F*GV*P3eL9BnHQ2Z7cMjVdiJgjfHb`2#}K36*;47JH9pGtVYK1f{AFoPG_WZK6?s_OxVJdCBi-M2Jkqhx-y?0iSI;O>^bx+rYAcbMDP78TD1jE7qWhWqr((m5uThIW*8{nXd+ zrka2FHh)su1D1mUh)O*x{h>P8o^NWww_5r14pR3ueyW#_RaGoeKYuYjG>a3`N|*r$rozQm~H4{a=#QO>t{H%yLFeK;(S z)xO>wH#VBniOoBFJ-+tocQj}{4kAAWFn^ETzP7N`HcF|zrEOO^7cCHKV@jfok5xF| zC@*+Nn$NR2&}m{ZR*4Qcua+g4$uLG{teEJ-3K8|1`kAoW%#~sW7K1!_w1o3Hhbb^T z%j^S`X_Qz2$YK%a<1cbX?@u1PIE=~pet506V1I;(FwghnBlMg*mrvb%LLl?yJr4B4 z)3_(b`5otqbNCt?cI9)}{Cw6vWe-gHKdgNVd{o61cLIq#3~a!lfq*0!l=x~;5Mn?Q zOkfu`5;ZCks)&f7Xn{OH5+JaNvWC@Y<1@BeYg@Gstx^Tn3IPPf2Lz%#VimE}9XZ1yDhLN{k4(80>j*W={Uxj5e*i+9Hzlh>J23Hg}mtTt7j1<2&em^3*oD+o(v5zVz=tMlr`GUHk2yT&Lbdt|B@~z3 z8&MQ8{u@d6@J(eZFO6Y)AUr1a0xuNC{=zm2WBl&0!WfAixrlpB?@C=DXL~3xPAcl7 zf<$n5AhMJCB{fm{`>gmoH!}`j#D{lIvS;-1Eh8RZ}8RF})g=@E7 zT)Yh>Gef!?rAbB?yG)U5v~$`Knln2>s4?PhMPs~4V-{$eo`gh7$YU1rO)cugv3|)5E31N)Cuf~lyInHZ{)wRAWCfq8ryXg67^a~ zMEy$I%2e~yW+|c)O`@D2>b?ijaA|ERdiawtMVRTa;pU$arbvNxiulHuu}2#1z^g*h zZa##f(SlSI;Y{@fxF07INfk-Geu5;bhK{-&q}*7Ih&Dd|jwePnthrJSc{-Be*BcYSb9iA9{Q1Lhx$>TkZ~$Do-UC^8mE12*N^fudW`(s8U2p) zr8#Z%m9mr5(UiCjZ>)` zM;Km}@@km(xJ{31>6&t!W3`g-%&Z+V>F@_C$2m$lcKEv}$K9+gl;b{mYRZxNffl8y zA19;z)%lPXi*roE$UNPQL zmaaDYFVfY1$%k~c9i7_i$8AjO>+urSrA_@flWR~I_$X3g1*tV%4G!CioYc{V)IoPe zNHzMHR3@TY?0s3FGR2b_h5ZLNwjncXN0`hkrA^XUQKcUhx}7#jR3twAXCd(+K7_<0 z(M0O{@h~D=lrq_fMP5@sw(Be;iObpTT5sYEjij;DRl~_B50a=KuU&?Q>(-W{`x?R& znfmc&sh13F3anGaH^w;B6NB33SA?QfdT09m=q@I7}k_eM^Z<<4ib*|xjKZL zQ9J$`PhC5H`5LQ0Wr^+|AHdRR2innEzj>UU!*d9O=xj_2V2w;=BV#%TxiPpXzKpwbzKW~C(y#2=E2T?|>uL(+ zyup|uZEFsMw@hP0V>ybYa=tUO0$TNe*zStliYt2&nh~N z+#Td@kFQ^11NYg*ha4L;iXe(CPQ_3*OA=C2WaUhZo~S-22U9Uum^k_%`FZImn->MlNXG0mxg-Jmn=xi! z3bT&YP_80l3y!yre2t8_stOPNtz8v@Pj^tVdd2gho>!BT2Php&5A9=XVenOo*nDE} zHKfOK2PaQRsh$IhaWO3P@TluuaG%#78RPQBjdV7gWHqvQaAoYkKaPkp)(kkwV=U1u zS)7ML8x*IG%w9DJ*bdk<2bb9Bo$~|1G{FoPH~2 zsISi--XpA5osIV9?X9|cz?4Z%``9`+b+ zZ*%>ZP3zfMK~8~X{DU*`o{}0qt0+fJ6(`U-oO@)+cy!Y6OJkT_^>4STmYK?yK}+!9 zEHcL^nG_YZx`*V)M|S@WtkrLob|3Bo5A!=8_|+W(uwcUn&Z^%05TyyOBXO@&S*y z-7iCuOMExT(ACCNqo)+qWAm@5>7AJ6#6=QAap_0t%rU!_7K;chm2TT9o_W#~~t`yHNgn)dt0O=!PfZQF1E;4x^wB+4gR z3bN16=!<>j6qH|8Uixc#n` zf_ij;mtD1=JCe9v`=v;}|GoV(Uj852kMkQ`6>j=}?q$sM(nB-ZoKUe-`Sh7jbU@iA z!F7mw`Qf@#T>otuG`}Zq_`wNuw4os|f zo!ITFZyv+dlnK6ssCNhto+)7(s%r28m-Jej#n%a%{{$XV$AhpFp?^+wFM+ogr$!(u z>zSwJU*F(pu5gzixn4mQ_!ahPglI`k#idDQjjz~czB6W^n<@ZoZ0vq=_W zPin5~PhA)sAh+eIQ>{plz)0abR;6&KSZrW5HTLIn?4R)@CZJGQ@$)D)vMgh^$!sxmcS>cqQ1eX(=r zqkCM810?9?RmTzb87tLZ^XGVC%=uHf#;P#nu1S<-Grd*{Z-gTlvQ5y+zpS`K_?Em=9rV;5#DqS&*?= zSXwWmh`5NRa)g)OZb=jfc?rZqAV7$5lZb;!gzIKSgpya~(Yvt(M8vlx;`|5^BNY+1 zN>xNQ6j&#MZ;U)vt-8-UzY!u{}mvwce#5h6Yi<|`sZzWg^TLYyWcoQ7^L0wK%BwISrGe}oBfDnhm&4-=xm zASCQR;2V{{1dH?;MJlR?UlJzfF`{k$)km1tH(=(yr_nfwEGs^r4zdNv-Hm=QNuJYF zC-K^_q0lMV$y#42n#N9IQrYJPMi1_UoX6eV>3CAFDC zgTY&#;B{BN=ivQ0)Fc}rUJ|Mw5M0UF%7I+G=5gnUE5Yf*p8bdhU+>}pYoA~)6hz$j zB_(|k){Mh;j^Y?}XZ@)$p0AN+6MhJuf$&79cT+a@-SM3AWMt0;stXVuN*(eTZi!%f z;7a24K zvhVc}Nc=*YopOTqP0X7rIa@B##`)R95oE%?&pJZ^NSiI)$fm@Gp%ubQSXFDXn1v%} zD-X7}M=b54@Hpw7y#S|xB{~LHATcOwc6jK!B*h%Q_~L<2`2mwCxNo0Tf??Hs_6_Vk zntmy~PIafx~SBl9qpnvA+>1PX4JXfI{<4I{lQyd?fs0dPniWsi+A(Zc#H`pt^p%gDHIjM%^VesBy1N+fbS8gfpw( za?I!c(HnKM-gM=g-{Vb~{=COS!m}YM~c@G+A@F%;Kf?rC?5eZ?eyf)HljX${+3+Ir9$uNlCyc;Z> zJGu=E_uL+4VX`^?2f{1_61~-Q*y7x8W98ez!r{Lb7M{BOD?nX@$CO z7nNYAFd{3hYoyh#E`;2A_i$s<9*iBG%Ex1N4*ha@WM*F69W!ul6kAZz8-H+|q@OeN zchd1Ecs>;9j(2Y5$E5H_%)fhvzaVRFo_c@LjfimPCYSViUAX@xqx5X77xvBeHY4aA z-*2B6kH0hKcUKv2#Sh$JQWEDmm0ohzJGZfje|S#aR^0ua6n=gg8`|+7-Z&nQ98702 z0KTnsdJTs-;WgyVjpeEF@;4Fo3Oo&ExCy2_4w1aDNsdyXR5g_X(B>`}m^)vpyI@A) zE|>$(v{o=EaUSjv&WZ|bKoy*uWh)UrK_grj3iixeJ}lAPUu53rJqV7FM2AO|NA**( z`Q^>xgm|2f-pViYJ`CRBtghilr&r>oYl1kSM-p1^5igwN^i2+#kfOl|QSTJO2BY-i zj}bhCzP(xYPDwSYNwPfSATZH&j*k-X-YD*3W~bs`cQ3*^fd_2nLX(L(UrdiELP z5$uPZNzvS-fWB8T!8ZyHn9bW6S&hrhJ*|uqO@Jk5d5<8MGr0xZKK(ll;@k8K5jWW1@9+@ zYUp2ws!euz)@{fB9#!%Pvt)3{ki$CE~u#l#3iiOHcrcjlo?W^}!FAaI?9IEclMwyPWyebl8f6*ov0@ zrP^O_Oq_JzzA;UHSnc;NV!Ci^vTE5?`jS`KkzgIqRsTieMqb|KKfAG_Qwn_=>mj;R`=+S2l*r6q+hfBe4`58)iI}>)k3-D zA8{(iIv!lbG}Q&CFzObcipN&9STrg32cB5e7Yck)FDmaYY?v!^M{X_NU)tFf+T!vh zbaf(v4viegI6wyJfrc%(qNu!72^-`1;?iAE`q)fGsbkpPNo=F&?t-f;e4`Vcb|((7 z7rTA^(YRl_(>{0k#)h1u*-ndkIXrQ!pl5UX)yvDfhk}nXD0D^krlqngFt|(=O%tQ) zz0&JwJcYBC`Op__6a*qQ$DxIDkYhOi7a&-O45hv~Hxzso`4qph$)mFWo!Q6T(KuN{ z1UAAy=`iK&+^i}8cSlPuQY^BsOGG02`P!1VSR#qi;rtqs_`g3fdR%WJi|hw z)@L3hZEep$F?VPd$8iM0sYOjoCY9s#6YD4m8Nd9afHR&(=$0H_rD7GEF$(*ctC|)& zFvaQ|@~q#E*)hhyGodlN5ajqZPG81ZSG@k`?iy3K(|-`rcK==9$Nz-Bx3%UAZ-H>k z198C+Ha{gqV~1DKkksquICpUORr*7iy<|tQ zJ2!Sibvqlr#INPYSaEl_Ew(Ps!lv42;r_+wM%bXzQZmqDd4=nxbEf~CRs z_bj&anT(UOIzN8o#S}0mR}tI zJnG!M8B)Z}@z~yi6J<_(PB*@@FW9|FIX<`x6DM))+~-We%JTjg_!Z6?SPcDFem0CO zaK9O6ygE;OQRAG|boce0aXLh6ygM4lU~k8XI;u!MN(!7*fEf*?S7V0`&P3k?O$`{X zT520boABCrcAR5ey`xgZ2y}4w_HauRbsa zti%a`vb{X0kjK{z% zIp48>4qrS`e+{nIMkt&dVyes39x5Qp2E7)yfe%U z>-P@}pC%OLOgV-#gt&d*u_iDk+wtZe^f64?8)WmlYA1zjCz?t=t@cGEZtQ~@KiR%7 z|1a%(`GB9%zH%VY7|50@WxHz)g@|ABGS-*efib$PJEOkT>8u`xmWIZIISR`Yjosq* zjpK$amt#C^mE+E}77*jNJ7ZS~jt@t354Ca_V)8MZjQOD9<0C-z#uNd!FZ+C#r0@a1!voRk4G=@L`bP-IRr^)cxey!7{o!hT?$A_P`jcqsPvU$(A2IM_ zIC3nISVVZfZ-}88{tm5Pr(@!AMu22t`ZuC-L=-|iu(|8Q)@Cc%L!yGDpR zSi^i{Hle2Thx*GXyb5zksPIX!wx{C!4g@`RMY-`TH<7hSHda+zXZLXXDOPRx3l@Zv zX@6y+F*_Drc`NayNTOU2?_wblE(o>4^B3iX_L)z(AVyLLc$$+-dNJO02F~fi!4rG0 zpBoiChYjqgnhU%foWvi#zz>W8sSuJ7b_#S}_3gMmAZ?;=)Wt4p1@FPUzTddv?RW`^ zu)zj9MO@HaI}Z~0Jl?sh4!S%)K>6)Zdn6?BQ~ZIu9FF9r9KkN-@Fq=n%0bMBTq(P_ zf5O_I>4rm-h`f|Td1yM=wO_caUreo#S6{g@b~&o{@N?BS#XZ$wA-+D_@~(;sV%wMs zXR$6ObX9FHj$aLR14FCNFR!}_{;^=3^?fwHql=uGm$9K}G#dueq9SwPAQrE~@Lwz& zfqL&T{?x*&k=2hNntp3E*Hk(~$s{+N3hU=lpr)$PL$e#OT4yw3M?raaA2c|T~z zrv=4l;P0f8i$FxScRO|m=Xu}9&K_?I{7l|YjEQ|ws;%^j(O=|B&1D2P+}?Az9ek!0EhY7R4GktAR^fxA>UsQyAa`>-A`uEcGc*bk zLQ)xmMM@Kqil6Dk=Vw=SFYfnBYjFB1C866JbbAjNe>@lI(ERL>R`uw4zs(XMXSE94 za=fXS>NfrVZpey=7BtFCH^a>oF#*OPqJF&{k35Y}+>3=csQ;~!^~tOp-GQE#-v7U9 z>-g=)AU4_^!_gJeez}$ZF7ApkAaE;KaT>8yce%9f6w)+XK&pJ$jSnQ3FW77KHUSmk zHsNQqi3|P$y+N>TXq$2UU}pB_3K3#B2*=OA82T3d|KXGtpGiloEAUbRC`j@z4>>WEiDD?<{$FjIa>L_5Gv#dfM3?=Gl?X7+rW zS~yKp{gupapVSM5ei$c2826sl{&x(pPb?gP_8ZXU>T9BmS6*wst|`N2GItsb;h3Dx zjSnM5evGn8ef}nkohn|JBQrwym>MJV$iR;Fi=P-lIexwr-k(v6X&T1Q-F#qB+s-G( zPkCZVvRU3&rtXvHv#AE2S<6?Z(t_oNI?;&?GIv7;89^^gl}NFC62o2KeB9r%oV$sGG?i`YZT(mGv1NsfO>6PH_zZ zvgY?Kcn11|bE+b!}*^NGzgpK1Y$iR}Z;#M`sk z%6ZUCw^A$c3ltFSo7<4$&Jsi+EJUM)e+XWK*E32|oM|}GV8>dtG!5PsJq3<$%MrD9 zR|$?#2#+t_71(krXZEi%)GGVJD9;UOx*gZ_!VgcIL<;#atFCjJCcikyieO71gCL;Xc2{@dJ-PS1HyuZ`Ex}yU%zf!b7K)C9yW8S92`nxUD{h&k9cl{(QxTu2Sst58v# z$+Hh@D^vrl5M3JxjfcgGFIadpKXLp9wZ}0TfSW&fCVUa03BF;`Tr~qD5XwAfFguVfFlof z1P8WRiL$ZRHy(S4R;E@kANXj}K;PeofN^eL4AhO64V8!UR33gynyNO{$rrx^p!hGQ?gl35tfjnOS>vD!I5fUYF@^>*^cMdv9xu$ zaFh4Q#r4Kxkw3naoQW@v$_gx01t&UvH$h-=hO2ddM%50-igl=siw8~0J)+)6$%UFg zJ>E)kUw;fMTZ~=?TiV{Bk{!m#@^g^GlELtj*^}76qZgnxFH-iEwHS+K@`N+#V&CT* z8@)URL2y?`JH1O;li)u$MZ?7|pV={-p`{d=;2*;-_7l%ha&0wJWH_q@2RHTN{!Z#@ zwSZc5E<~j(&R4*Jg~g3@Vy{IB%$EOxuftC)D>>M|$GpAGYF+1Hd_jDH`m$8Mm*T3s zbM!K7$9JA*bgsk)>?!KCR@mel{@fgl3H<`iAq)kfOPrp!WdaygJb(@#=E_&h6$j!y z3fi&2KyhD{&YwaOU(KAQvuG8%h;0VaBso!EYV9G(ix=x1{fkiZMTl;%xb$cwmO#W#t*b? zoOuWtfR5-#ofnR)#7dyx-KhWNVqDVznnb0DlUSPEu*!VHm;4H~YB|7Ki6MdnE-$vK z!Oo_oG?ncMuLnjfr_XXt!SiN}{}Y?kBpFcnoSB9=w)D)v8LTuJi1jV4Jsd3WA(Y2s zOK9ON$4VE8V+*qSRtsfIqqrP7+tITYbq87RT!JJxf)M9oKqj~wAksc!>V@0qmHSZ0 zV3R1EzEPYy4&yY+!I?yhhFkW-*_Pc<#^m3Bt$2`6n<3q^KAja){2#>D^t4Q0be}-6 z_Mt7@Vh!dX{OgEi#j>!h`Mc9LljMt7NARzlEI(?Mx;9kXEIIE5OszP8=~S0EN9Zch-B)puXAlfw=L$ zIB#~t7qFmm(zZ_Y#bM3*3wPQ!R&E&Ug%(D9CQP>RtROo+1meDXQNh4hY#{!C3Qncj z0va}9^UE1ngu|IIIhX&~uFABq=D>r!U;_m^9d?Knp8)skiep@IW$ezLqJ3nH)9Mzd zW~03OQ62>lQlvyG=x4m`3w08*ip{r)_$0a|k%F8|fgD2nE1h$F*z^d~m5x9O&!^x{ zGOCJ|(t)ZW0^*6I8HwQLOOljDL(@qMKc5!Gw{GPn#Z(!~mf-wOGbAxAY%DJ4ffc46~&Wsg8+~Ug+yn@B3&x`i69rGc4 z$itF{!*`Yfv`N7plAjx);FscnG1)M||)-Pc#`zqlV3I!^mXjvQv344)k z#(j!PU-N|G97c*;419ZNhm zpBCjD!j8^DInU?*`ngKdF|vl2h1z|~tTRs9P#{cY@2bWYRcpim2%i{kZ zkb}xUNh*b(kcin`1UKh8sfenDu{Rl6LOk-(!6#t?)W(xQ_Cw*oFTmacCjw3xGltAj zEY~a=Di^33rh{^UDUWojf7bn+{jFJ?546)SWT6YUba~cq@>aQ89Z^{TDbrSWY2z`)=9jI??3v zv|`Qnn>_C}iFs;p%7QY)(&0|oN*AvzzhO3?jl=2O-CA7Y213bQv8GnkH4i})@E>&+ zJPt8Cf-(<`F6!xOID%}i_>X{#NxU+=M-$E$K}e#n$9_3z&4?#|8`}3T66_g^sI*cU6MsDrhxx*l+?`o?n@gh|2B4AF{Jp+)eC?kLVety$cq zT9x~sOxh6NCNuOhC4X_q z)O#F<$!Co`Ueaat9Ap=aU7gQd*?(BhU^p*wwF=KAcb2^tfJ>5}G*8B^rzSAAPGFFG4oi-tNCl0!!chI)V^KN%x zyO28#2d|4Elb5!I6(36G!<-chWeX|5I8AQ-aXQLPLAj=3iv;A3w_XgFGf!pv@?mV9 ziTO|9BQV&tw8a3M9KOw}9x%KR`ezwlE>(}P)dgRidPVaKwL6VL$lb#3G=wB2An12L zgIUvdU4y7|eo5QG>SGldVRr=y8n(5SbsJOKUGRKUj|l6jY$eNN1frj ziDdjJrX#7kUZ@K2JbSPcve}-D`j#^=0y7gJF?j5}}j2>bFP!wCS1=-fY(i11#^V zn(>E@$yaQQjQF(WU7>ZZ`Y&SK-mUJ8&5nn8$Syk>;z8>Vj`HkB%w0k+R&^(Z$+^5B zbsSawRIO9oz-oT9SDD6ewAi%|VAT3k+w^Pb$E8wy{XUev9vZ??`75hz2v3``KVjKZ zRoP*E_v!5@_GWvrWKi3Zf=}5-E^=BXMsk#6J0JM;S?$I!vOf7IeBjvR)7}TJ?1!0R zAM5v1TKyaP%&}s){2apKcp^SkHI+EvmsU>`ErFB-=a|8oZhy1t8& zG3p&aPg4V5a&F&sF2=+)?EEq(WdjacLDz?>C(TahtcL7i(eRtDPyD(+LgBC&ohF;r z(w)AWIqgeY(hZ!?cKk;9hp04!Dd)k2O68^>Y-MOLUdQndaLhP-w?iXPZ=}0@W4pOL z&E1QVbHMM^T<7b$q`(=so>tTr*C`;%M|sJzcka(k z*_w^(3%nb48aXLja#Qy5tjcR#K4-M^1b0i2K4p$%@BAV+r9L;KVO~;6GRIGtT)ptM zD}Pjhu}n6HVaqELFgFEfKet3o$;IH*X=uoE zA{xOeuv1{HgLU4m-jld2{z(ozpcoQ7HkqWQQ^AJTxxHgy)L4xq2bD|7fnKl@5Ul8J zh6==L0uG*C^ab3RVfBGor|ZN%$T!Ym=>Hg;{>2U6W+W6o1$HuI+!tFvMHY3Z4aTDG z$Jo7zSASEl#_-j8^{P(2>d#lN;#G~vIa)5B_Hm+!x$(pdQ<`Dm!VtDxOyFOjP`7s5 zFX1TpoucH|N&7d8_HR~Lemx{bU|_u`=7EUPs#7K5uqc6N`A!_ zt<+nG!mLyPqvB6aYSY4k|d;RIJovI`nh-yQ2oKdIrnUxo|E=|@O+*=(h!W; zW2%5yH-4u>%iAh2H$o6xJ~+-tZ=pi=EQ4ITt6g2)Sc1Z43b${-O(j`aOGz!v!#s%Ham%Nljam3^XT!em;sAcPvP)r~@{K!XW{EKLLdTm)v~O_JVG2Yk zaDo(7?I;~D4h~-ot`DOB#;ndq{1x?ZR^NhYV+O(}Hy5)yao6SfT&ztuUhV$Cb4Z4@ z#H&K&9q&H^x4O@}lALPT58pj$D}w(8j{NGmW=4yV5$bab>Vt^x((%iuj0|z}*W5(3 zft+t%jpKi_6P>;}yh@=o3C_L55Uy=0ZgNMj!zOXj@mBQzQI3Uwd=R1u>lP8Me)VxR zOE&%{U-roF@&^6~yrL81*LbQ#Uh~b;@SFMg1aej7+`Ty4P%hkL#8z|bol9X-QnVy;*lsbIF| z{!fCd9p-FU4bsqZt`rPpJ8?n~7gE!(2Od65E(_sA0!rtXZr}AG90c!%|H>7;(-nFz zILPJQ>#E=1$%S9?e3NmudOai@-ES{$j=^>!;4vF_RC3{!R>uO``uWrYnCBv_fHvkN z%aiDu_1;>j6leWOM9IT_fCWvg0MVP`i@oWBxlu4&OKx|w`@vi}W^~4B78pL#F?YL^ zt{=GH>6ydW=QIvrkoYY^4SL)IrEMBXC zWhj6H6c2H2SHhj|##E)G+ms*{Rsb!@G02Jj<2gBEaTn|hT!+S@?K~2U z>;pX-4#M_m#dx}xd&?C=@^Use;^f{z`%zn zas)}^wyp!=_~yKnPxCSwi@KxLh2&s1FV)6Ais;}7JmKCTu~&-LdStH6pw=-1bcOu??tD}7jkW8jSVj?E^cH|ZO&Y?m}?A%ymO@>Z#_y6 zG+-D;8Ayu5VpPrD8Cw?p%jMnJVa+2YfDJ6ci~FC0Z@{eGb)A?9PxXU65Pa}-_CQ17 zY3u>qBi?@EWty_ee*Fu@-*adP?bl@5ugUDW=`}T?xv*6eet@U`u=0xR+va#NjH?l} zzkAl+sIAXr=B4fB)fWwcNE(he*f~;v5NYIK?ubO1gDTA-SZH%H z_RjC^+MJz;28&t+O%N5h9*vjdyCWKNkZecpr=0tA&!xRmyB_{S#0O+AZH>C~!vR>* zmo60Sf}b|zreMd>7OZ;Z;BXjROsB4;WM~2>s_9P8_~dTj?>R^W4FG>7`;1C-Km-(t z@H?C!w_&C^K9Nh{h`*hPQS%(9ZxZjg;rN`f$ML`;s3iu)co`J2>Toj>?^ry=Sv}C{ zS<*GC6bG`Vm*h!I34RJqgoxjaYz8{3=VRDxiJq6Ke#2hVn=sH}_z17VI-~b`MsIq# z5}UDNo!)bTFBn_PTSCD)POFkJhZwR!ByQ+?#&JZY4P6I|$-pr<$Yrc$-S-@Ts)JLh=ovok_P-C>ZQ zk&So(z5yxkyV4*GTZ3`qmrw77uss?e$8b7rq6;^0-itkS4TmkO`h>IoFs$lLu&V2G zeA&_2(a=u_4Web|@H~UR?&^Hl%ZYB^;0y20isEWl45n^H^T#ibIkVvlY_($2qABj` zEF{CtIJa;pOO3<)ett#pN^I|{o`Y^N5=9rKc-4Y6u4`r=~_f==Xp9KJ-XM{E6xp~!6|0b2%&?{@kg)iz+x zpJQ&N-11cs#IpcfDLG%~&O-MmI9>4sRwOq$>-Tkmra;qecF(FGjxBxg<2qcPbuHLm z349kYF~ivnTfeqrO(iT__503%!?i`cBaydI{hwYVs{gMEQ2j@jLiIy0WAwIWf;^wR zB?QY2e6w5^fgzYqSe^={--C)iO}~fz6SOaX$DiBK>Ui))zEfLAcmEsoMkDII6C-Tn zLGdCC^s`^!&{?GP95~w*JZcW}$b9XKT{S^?^z>Qa(FYanhezYBf_C~K z@TFQ;Q~Z$wZ*2DmHcu~_$@Q<+?j=*5@Zv2x*GYd{#umqe4+_6}G_Dx~zSOHJFE$0w z>E!gqrJG_tABOpQOa^g%);z444^O-+3p|dyX%z+_7@$}v+`@*&IJ9x(23SdO9C$y2 z8pxFcG!X~6EQaa8%5Nj-j2>m!4KIT1S%`DD5kJ_9Cx&TDDvbAU&}pp+Bx%B635E7l z^w+aaKc9ZNf5F$IarIBpe_MopM9mFPobeO%LkhU88es$Mc^I;!uZ+G$I~&db(ZUAo z&%Yn{c72aOIukZsuQMTV&gpre=pV%a-xhz3B?Od@_0Q=J5BLA^{8dNQHu)6l4hOUE zW~^UgTdd>3!+h!MvvC#q(V~p(%Mn)C$rasfDaZ#!#;_Bv;Q+!c9Lrt+1~aqhJ30AI z$d|Kb-M*O15va<5D{L!~c^;>IPKlMkUhm;OA?b#9y;_%Ya(a|5q3y71#TUpGfGl(N zH!6`<7&&*$_++W#2Nr=~ta2hZl0r2J!Z#H=tV3kJxtx8b7)asYIOx_JPb{F4tyhxQ z4PPYR25BFB(^wyIs*(oYk8+*f6cOJlD?bF|dztEonn<47=}8hULgIuIeXsgfra>${u#LWPOX$* z`wz72t89md4j5c9op2Q^eJH^(Z`(CxB7+;2AWGNv8Zh1M|7%p1)@(&>f1-5aXH^|05AG1k!$}aLZlv;F4 zp6?zs-RP^|kfs|o1{W!2&s!H9=E8BIZeO2^)cb^UNMTX0amx$(vn4T;tqEKLNe@@_ z@I2PdQ1$r&U&8hI4qu4Fnmc6<>^0|q93Phb0ab=`g!5Y%Hj$NoPJ=ncg|m78^t`nF zdA@1U*Z5)vg+0VImVftZNRTO>hi}b_n&`W@AkTL%9lO}D=V^wFor4sZ#P!E5*4trM zSn-jjf0!x`_)|ESt^lCk5%~mm*;qQ5|A{1S3|g+}mPq*sU7$JP@H{5JN)Naf6@a6= zEaK?KEF-&UM$Yo-I0VEK>OSvMA@%_K&(aX_MWfulX)OE(7LMIN*+q%CA3b3-*c?0q zfAYMIxTrm_7K_*Lh6sbDe;H+rKSQgFQS&gqSh8WlYiN%(B)^YRQUSQ?pU zv7aN*F80T4=!K_NQ!hNLG%(gm2hb&4K@{TWp2ySp1olxx2bfu6ABoff0Z^|Y5olAD z!v|CZe*1X%nNSGN=cFESkYIP`KP`WMRi5$o}es*CW&?JMkr``z~zA(jJfRr4BX-*7L) z%7_uN|4Ug|@|25PV5y<38JlAgrz~*!3ZsRjb-@_)l_rcw@qfLFljZ*X$>ltZGpV^6 ztNXFI$5*k5f3i4a3Lvtp{|gU}+$!#RWQH)a&;}{d^QD8uoX29Y@1SilZ;U}Pm;T&h z+T@esIUYC&XH1Z>Z>(CfM*INQ>Z!M6vxL=k zlo%mV`@v@m2dTilKV|qtx;i`EWk%h&pV{BRLZlCz2@R%MsLDPy{RjE!9Hsjt zJrv_|{0J?_f-rQOwvZaXdF-?wo!w+%f2&y(xT+U1S%Tz@->|@xvomvY_f7>pm{WqtD;@@NOB}6u2!mT))8C zk;)`ml{p8MF&^ek(;Kef0q`Lz9e^8#qPUH9+$~q;pX$3*YqCfE1 z8t8KXYLUFk1O+NH+R4%{=^Y>)O zidTiWC63BJ;)AIU%6sbSVE%Y02^_ppo?}sru!k_kyE0Jy>roN2(d~ra=?*N08GV~!jb1cF$ zyAz&7JIg}X0}c5DTudFR$-u{`KdWw+na5dDJd)Z;o)>srgQRGjng$5uyXm#|pc%nC zU`3atcU00vEa{IOfbI)k+EMz}5lCO!LHbhEMej*_gNLEsJHar%<%b;h!ei8LSZpr8 zRknTObW_+y%{xP$0}imT43`MNK8edfOh^$tyy%x49mX?P?=g#qi&%Q|s~Dfrh21hN zAO#|JK2kl|`+o2tAc7UPqFL6ZHt}C?u z;>%s|xx%<^!0J|9U#!KJy2d%)N|-PsJENtjn;Q#0?&$Y}INM-L@Wb%@2~jn^W!T$Q z)Eh}B&%jowDsJ@(;G#kZLp|2nj8)U2!o2lZkTCv=k2TbgU8(irS^vb2hSKqZfA@9Xf>t$k&6ZqiJ*$569V8i{g}iYVKD2Ofb>YJhk{NPxF$J zhl6o&3_yV=!`c{v=)8_UuY!ue&|xJb7cXneI-}EQokfAOI`-iz`j=ynu&v*q4U(z9 zNIHG)IR1WQLrHqY$qR~c0{Nhl^Kq7NX!sJWS;aw~Uy7 zUq#EH;;SlJE-21G)Rbe{{lH>I-Ko60XZ`k}>jG{GpB+9|)n*}|%&ik6c3SW7PEA?zi^1LZ)lHC&!Yo)wZsY4KE^$}UC_iZAK1ikSsb zl@fgBFdpp1v)jAK5=bzXJ4_Ijw0#M$ZvQ^;OJoAl?inU+G8>QfTv&6aD$pSX&Hxb{ za8Lt?Cu(?KN&Ffdy1^IU;6eR{`Xf~j^%7Pzi|DF~=+ZyWkOe6^HnB|+2!$?S4NjK`l=y=@44n_GI@HodnMAYpU^ z4bdojCe_0ysruZ~aedHrPE5tZC!!q?H?m9Mu&^Sv2-Vkr9h1}TGps}{x(9yGgl@UM z$=kC%t=;B#5j`GE$BXCiB6j|n`1G=RnS_sPYr=2eQ*UF3hH{5CA$qgqPvF!$mkFoV z;?V)8(l)q#H=uXy#Eu{Czj39k&x>xL2=vVJ?)4rYx(@#T9Q5m&rKefxJ*3fWum=z#37_Q!CUXk?Dm)fi`WiGlHv zy~5OArTNfZ5R}W<-L zb^W_F0vY}hdilXe!XtyWi%D?|NhTSbaw4DXQzrTe~pZUaOOFECIwUcAT@6ner z_c0{lv#I;!sS@Ch2T(oE>C4Azy*i=O=}k!Gl}wxg$TWZ{;*Bpa`wpxBH)D_3@QSL+ zs5|qjufTsCkq|udo?}HERXT=Gc)7AWkt1~IAZr|0G{{kT2YQO=Cw#rYQCWbm_%zi~ zm55JBsA>oOBCdF9HqLCMrWxxU%c$mRIKL61ym8pc0ETVCl6DVcLZo5`DkBy1U~xNC zj02&iO4orL>&n~M1(%MH<69eyo_~a~hk}%%S*Z#X1T1gPS)_+UNd#6v`$}FkJFL3N zxeU|si{_uDZ)#Z%Q)3)g<1@~<<<3|ZlIKh42Gb*;PIb~K><&aYk#}q070$q`hxhn} zNN!I&D7j%4pnAd_tO!WEFWpEnfTK*y@-}4AG1I0PeTIfx^L3A%X$*`T1*9oM-WY^Y zxw!=%M^lmK-HlJu!|)?o0p&iSf z<0r3vzlhZ;zL$}L;70&na|CaAxeho$My9SeI zZ(@pf>?!UMMUM}^}!yzJ))~5#U~NfKcFf$`7ORWEGRr==D|OqXM_cW z=Y2SqiT(2v@)1O64dm7m2+Y7?vvBjLG&+LdJ)2K4FiZ_p`rgi8)K z(Fj)()h;;$!t`D+mz1DY60S#37fjDju<|hm!{cRgskM2#urJni5xa}A{{{1`Eu}~5 zDId!f_1Hc~$$K8(Xoyb2sqV8Oy!jW4@Lq?<&lBF^=PJZNJj7Q2T;Xg&?#1TZ?YRt% z+YTd`lLfk>hr-mFQIj*Wx1+KTKC-{BV}+m!SxugFRUuCtrzKB-zs-U3bJl-2NT}2m zS9W()z6jA}mQ{7Sa#HrCH2N(}fN8>1I=Nm#W}}&Nc^3!vPc)U>Lnj4az~jT?1X#K& zV=sL&>TH2v7PJ?9%<4=UggnVm4gbvNX_zKW2A}B=$Fi%b7O{SX;BrjZfKlZw&p9g; zV2}{}aBe)JEH4q=Ja}dNr`GZk#gi8(xB{tg%9VJDgddidh|Ex4qM6D|bPH->RnGX} zcS=JFTzQF*%v`$w^@_FTa)RzIg0tbI(eri=W~$C@X|fm-UI#%HSFt9D-88vpa?45y zc1+=L(t3fT>LmTo1rV`s(nQ1#YiQ(+rJ1GCNscB0X&={_Xo1UjwN^6%|+EUV>9Q+--p(%v6=kkL~DRtFrx5QY9j zX#16NfP{Lwcdx6Aj92hvOf|G;4#qGD`W4(w;aiBv#1>OS;l`Y6Fol;eDrNC@ zprH^Ih-Q)UQ9jkrN134TMj#)tyngP59#|N6eo zdWFsWv)w;3n#S(p8%NWXxCloG_b6E_uIfwWF<_uPhEKu+W#jInbu|G|Zq+?ztAvA9 z!kbh=Mi!elKj3(vH}vPY>i)mZ#?k8V<6IY=7ri}*gU4aN2R9!0DQ@0= zfWchjs$)DNU)dS!<|AC-Jv9C{#{;~4X>4`>>WmHZE>!v%tmqWAsHYFT2J;jQoEYa+ zkbk6hdc`TD8Cw_Qbdz0_+6LU65YyeAv99zQxSHa|!PT^fRUC^>Umx57qdoW`=4IvP z!e(62*+_Nm3dc46Gsp9d8W-37h71 z1-}{)zU*knpyMWkjw=RT#?u*d$)Kx|U%kbkO<@Lo)RsX-Gq7vU&Y+`4`gLT*I%9}D z!7Z*YB&nC=M7(?yro`f-gaIr65gqI{{}Dp-mSn&`-1Omha-n!{Ch_%1mP?}%`P*av z;R(>xJ^p;&5?myhy08)sGMM7AzsGl8%s2WOd_eiF*Py+8u`3tjPRK{hyn3p*Y5kRyzXLNameddd@%mboWc@e>`!aq`4gEP`^Bt&uIT%jKE}Ajl&#oZb4w?iG_19cZlo$ zeSM9oafV>poQ~-Yk30%(fX+lN0++*2cP_$`g`9?zum?5@Lbbm&E{~DhpXF#6*c6hk z0b!GD5tSRKkcNAR3dasyttj|;^*>*$|Dg8u9}%v9#s72ti#q?T`mea4ef>-4x9uCk z`}yNV|G*Qx#Nl(E@SKb(?T0VLeS(8VQwtO;|M2MN@wvod)8}mzLUoVNpDT}&h-kxy zT1I4CINEZ)S);j@OjxqbXWN=lc9Su^>baRK>>g*Obx&{tG%XoirAtqNYsMq`%87JnA&2hYylivw7XrA{uO3RPY3rkEp zA^I8R4gFc=wJAFnWs8114S$!!4TbfD@h9+Nn5~Fs{T5rr7vGOS_S3QQK4E2b!Sb#c zua}Rjb}x^~$@qL;@0^Tnr3w6GG4TyD@ozZ472BgM{w3t3ea>?zQb|wtiQ_-bzGb5o z`}$FBD)w=1>Z%@A1LkF5!Kx+(`Ga|1RJ&`sYVFi3?F6{?3zl-?*iRPHhG)G{puV+4 z#8mZv51G_v#PjLT?bC-k>#su+Ent+-%D==a&Lb1gge>l%nx3m-kH+R&tR4-HY z-`GL@IeuUSn1ijVS?MlpY`h6JbjY3Yp5uWPNRA~ouCBQ!fS~v1Ux@_s?{lYZg84Sl z7lT;cV~GFaosjjX;1@nR!57ns1at4IF@z`FbVzbLYT+Mk!ynZkidQfNxc=%A`^Y#8 zPuL^S(ZYZi2k8tr`?L%|t7)SS#~6gsGe_ z_j{95hS5p#7~UTb9@1gFVTxsBtW@@EQi@XV!N--r+5SrT1s#^Z)|a2$LHW=8L&~p{ z$M9$I@TxtMMtZv{KtAe{|7-b<2QVFC|3xR`+79fG_|ate{E^N(w&PTV3bbVTIiURk zDYVagKD_UXd<=qlH-9edkGF79G-SkF8j5_vS`xO}VJG%BXBu``Z{e+YuIMeUhGv}Z zkd8TN>HUz3hjJZnq4Bpb#%-_b+|iqY*oC|;xE}t=&lU|TLbOKQ>yEd&Wo*GsF8Jv5 zxjH%Cf^*a=kK>~88tA8$ld+{3zN7F@Ta0r|##qZ%M>(yiSnM%&;iGIkGwvN| z4#xim#F7uk1Mg-EfAYy6C;5XvvDwQ;M)_008aM-P{0LSwDv`x0yRXOge~peZom8>? zkj(hcIsXY<vh!KUxlR`s4d5)rQx2UJAY0_#_*>)fanY=}4sE4i;aJUY{Wg_@bhW z)fRTDV4t>OpHbL1H0&-GPb}KM%tBu%=)wpZU3@e2i-H$x@MkQz_zx_6Z^0+o@kt6l zOv6vn@vUc@lpm}ii~&_6`S z`z`!>!PnXGbqc>y!yjzY>9_C?srI+y3l+Xt!zU0=i%#0#!cSA}Z^tJo{4fnaTQ9#g z!K7c|o9?mG&qxtp?01VJ^k1su{T5!yZ=D@qr|>H^{L#HS{T6nhS z@3-(f6#aI5ox-ow@ZEKMnT3Bw(Qn5WDtxhq|6sSqzf221P4G!}e3HTs)9?@L_|{$~ z{Z|UUX{Me2OhtcLg#LUT@3-)s6#aI5ox-ow@V#|>nT6l+2=!;79bc&M#Tx$XU3&Xl z_^pCZvg4B!ewc=Tig-)^w#J+EzaaRgyX^E|spwxAp?|WD_gna91Yc*z*D3r;4c}kK zms$8}iheu3P~nR;{AZtN_0P2M7b^Pg_#}lNrs22zRns4>4wL@livAgP`ZE;$_ebcT zrK2zZfH2nE`{gW*G-GXnOW~YC+ zqF=**(8p|fq5n*i{woFVx8wZ^-&hi%f7ww}>WHti@SPO>c6^z_*J}8zPCES-erqN9 zmubgmDtv*4Ptfb1WZ@qZeCzFY`iCj{HT(wf-ke<%M`v=!#|sh`dj*^(86CY_)I%KQ{f9V{Hze_Pwgx8Tljv8{#)(z4^{MQ z_|)DS|C_p)^zUCv{`u{Azrr`pjnIGUlvaM7gPJgpQ-Q# z8b1F*lppT@7XAgnw-(yzzf{q$;a435|7bNy`^T8{-z|8*9q(88#`_}lum3^gf1QQD zOz>rPe3`=6YWODlS1kD}wD2v9g?>9eQ{f9Ve1b#cf0Bh?FZkBUcKR8#0{d6PUpEnW zhU^RdolW{561?Az_bYtky%GAK?WvVtXW_3Ge3>0zrtq~I{*ezsKNcdD{9E{bihesj zQ{f9Vd`v)Vza$I4e-ZiDdW)U@ixvGE{-Qfke}_eXCzJkH1n;-w{R-bWJ3{}i7QOu~ z{5-*z+3{rxU#sCK7+U=cE&P>&&$Qz+6}~{jpRMDQEPN+L|0Fy87b*HR{Gm9l{hFdp z`gfF*e||gOukelcMCi|-1AM&6zd8%QM(|~Je3`=6YWRNrfDey<7JixFGwt|Hg)h+X z&XvG(#zgr|vhWiG-+Hs1{tFfT8oqly@YqqTnF?Q^;s4yM$zPI%pC|a%o9y&6@B{r{ z!>8)?Zwev$gewDA3f^zW`xU-%R)qdT-F5mcd?!V}9bcyKwHp4)!N6PkyU@aKT`2m` zj?Yy10u8_X3E(aJJITU7CivDH?ersHg!F6pHT2I|`nTznN&jTQ`|WtY!Z*&0(BJ7R zt^MjO{2;-X+3{rxU#sEsIsXmIzlA?|ztC^TXDWPwhA-WM@-6+DWZ~BczO}$kKLSoj zzlPsU|4f+vA5Hp~3EpqV`xU(U#9T28vd7h`Gpp~pQ7K6 z&s6vV4ZotRCVxp5e*XgUuk{8y{RnR%{TjYN$2a|8(*KI!{dT-x;TvZ}=zrt`&>v&< ze+xfP@MU&SqwLjMEbq5jtVqt3$bm@oRzjxSUAS{9_F5OND+rzD(h3 zHT(_ZP`+h<6N1!1m3bA3N8G>648Hle5S$|X!zLY zfVbvPNf!Qf!M9Gd)6YN@(68aYr2dSt=x;XZUnqFL9q(88#%U4y|D@yVEc^t)m)Y@U z3SX1Z$-ZypQ-Q#8vZxyQU9?1xA1$5MgLuEr$0r}ui=~Mzq9&p(+QLQ z7Xd3O4f75y5%P{%iYZ_>Y`i2U>0@qUGGoEo8j?Iulr>MZ;-f-ke<%M`v=!#A(f z+ON>UPZNBm9iOT21sc9!8}Qcnon+z13cl5Cr+=WLU&DX>CioY&fB$3B-(Asf$NLq& z@wN#4Uw)*OUuWTW%oF`*$CoL5t%i3;qkPMLF0}B^2tLz}&s6vV4Zl1acuRjKS@>y! zZ@tD&|GA2O4Zk1>_^|%}&ZPfB!Tarazrr`(8lnGp^MJ=~WXk@x@WZo&KQc)!9oPKnTeB#81Y{aI(>FB5#39bcyKwHm%*DCoDw-$DyN zR?%RsvlHaByCjE~I-fzeI6~6J72>nm$ z_&N(eS@30ce3`=6YWQ1qe4&LOr0BQfGZnr-!!H{I`YriQvhWA*CI4D;?er%q`ZfGl z^q+<4KWx(fy5RkGykFrPCq?LgL&w)y_-6!PX2+K)e65DBzZCTk_kRmNP4Jm^e5S$| zX!tAj@{=t5g^KnirX8QD@C6!v`T?!|k}UiL!M9#*r~hn4zlN_o3B0Ahnhu%t z_g3`V@qUGGyeUF|cfI~~7JlzNK2zZfG<+lde^&jI zEd1SqZyjr=zmK9{!|!+(cx(J@3Yzp^CV0Oc?^pQ78zb~TspIP`e9PTJza3wu@UEA*Nzh3Z}c6_G77ijn=bbOM9e@O7H*>?I96#W{0ijHqOXwpAf@P0equkeip z5&Gx*QU4gr{*d#3__2a7v*XJYzE;EEx)Sxb=C6eo zzMrDsj?Yy10u6t01MrsoBw6@_Gs(Z!F?RZUEBZBjLw{}jXfjOtUl+XJj`u5k}F$w<C_981r&%z7F$BmTuxF&fS``vYjk2?=Cjrh2(zg6*Z*qFo31hq~S zM{^5qln;^2cCPc7tHuHf)~4 z&d{(WZ-QIwZAQ9<9dkR&jkjTYDeQ$B_EuWTw3LkRzBcQ8reGUKhs8u<`aX^qDLI@U zsdFzzS#XpzR$15sQs<{^*ryftbq#yjF<{w4vH!sW9~W?81Z?hqQ0QU}Z7{yV8lN*Q z{Do5SBs>29u=Y0aQ59GJcmfG52;QIsfOL$ZB|9;QR-Rv%b z`uzS6pAXr4=g!MHXU?2CbLPyM{;K@2i1J_VMR{j@oc%x}en#4F9u-DhpMNj}^Uo)@ zWBx`dsOIdi)Hvn0OZhdi<=3e4nXuvM z{&|Il|Ll7j|EHyV^UbmN_f+`jw&S0<8tps#t2IvfA4&N&vE|pO@|z;cZ@LHN9s9^4 zr~FWbe{A`gs(evI`OP<@JkRjcK0VSYulTorZ2A7G{IH1f+i72S)`w@`)%Yv^ZO)3t zzlXx#+m8RLZYb}puWFp~ihtL{mS3aFZ;B{CC9?fRPI<+@Gh@roROO2z%DDWd$0Nca~y<=>U|XU3MFsmd2cl;6VhCystJ(kcI(l)elz_e!}8B5KUCo#TfV<4KP;mBQ*t7XNMve@{F9oeLuI zcgk!0W6Q5mik;qR2cOyMu(m41UeMGz3==ldM} zCP}Iqy%Y%yb&;X;o36OOta_EwXwsEN^TM;}ARaJ+MswDLMsw&bMWmiRrIG64BoZR5 zxvJFp$R}Mwq*sxbDh)zp^!$o-P>HjDr3)uF-Nh01kQ8oLhaOgCe-Tl3ms1w!BWF6L zpO(@i+e@qYd88^nEu#3(oZ=jx{hjhZlJaMV#q{r4;LrW9i1M4B(df(m-x3k(77(2lP&ScaPIQg;Le%{YYT{;DEgw^1TcCr_V1` z|D>w^na&L^DlheR~qRfjYRZMD=I z;Tyvg64mdBD*M?ug&@m5^aaXN0Ym@PIHfRo7g>!UzOA}`t)vvU#j3Y zGZCQSFffj_<8}yp#e1jQg4gT_$Bc@I4_XgyI&XYXCvusN@rdXK2n&$Pv&sQn-ic@h zyw?t~W#l$HT+3On`FnUxRjHQK&5UhhY6XS}zfNI|Bcc)JDPpdm+`bIKDVh*N=az<)qqyl}ZmXYLk8NE~t zKRl=KnIX~eoX+R<>N%6ooAHeGMt*|2-GOnNeWSAkGLI7j&#U9IdHhL6lBzb_=!G`$ z!g~3V!WUM|mvp|cX1-*G5F0h|rJW-I;#!5iwIZzyU+pniO*oae#|7(dRNtPQ8_2_z z-FtAEJTB4o4m#lR=iyQ!T&)&$!J3I+etDE4yi}~fgEA!l98VyhK{h;rI1htQARg6d zW^g+l(*5g^aflxk)gei~(PM^aw(J^8w6E@b20@Td@%}M{azK4n@0sed&>4+pe7%u` zmW^JW5eD+88NZ#c1xBw<{4F$kjY-OlH#0oA1lEIY!A;6$R?~tzactdf*1eNp`sx}@ z#LS9~Z^y_EvGMB645NA~4!qB3Gvg8K^9b)N11UPlssgne7~oYB144qP3IDG-dK#?f z1WgO}KsbrW5Cr7^Qz}00<%<6+K~cuXE#t4He-RY2itk`_3DMEE9qgY1-p8#4`{&>1 zL^vd&ahqc;B6~RGuK5@FKTnZc>QMauo%8U2yzoCMZz4{hzHSw~LtX>&skwe{<0+7( zZ|nBdqOPWIkt?of;E-my*jn0@>nZItto~F~ny8OMTJ7%m!r(4wAOCo(Nf$6t6`lIJigkl9^X-14LRmQd`AW>Ky6Znm)XrR1D#MFN8@IY1xbHTR@3}j5xs6a!frYw zsXPk~d}eYKNx*@%H$-sYvvIiol(F>~aLteEtYP55V+p3U7#z4ub0F~F2@c$;Ik1c7 zKt!(cjmbd#k}>!X=~4(5Y*{b@b$|s?hi@lYun#UZ2g{WK0dwgNc01x&oSTMVY>3uk zzX-t;!CUriZ$n1r1Gi}9CT>U;NcgpR{4 z&8PYq%Y&Fa7%wzcGMA?%@z+YeC}CpUn6@;8i`(1Y=jhfOSvAm+I+yNX6Nn~*i^TRK zNSja|nJ(@)6L{GzArKQESX&rZnrvnz&&9*M9wN_ifz2-yz%#YMO#FcT-5B?{JA{No z{M+O#mg!~sM&E>ogn77NJ2(#3HHLr3{Xy??ROvFv+=H1fMdt2!aLulg>?Z*%s(*qQ z2Bx|h1!f4Y@{2F-X9i|w*qbGMMKo$k21FvOLr_I$3sZ@jlH9>+cPCwA3FQ!zRzWp@ z-VOYG*Dlb=Swc(B(lx1L0>3awPRjKBQ ztV55CL0Gp;Z{Rk!H*4qo3F=NYtM>xvh_8e5r@fwJ#zSK6w-CuAmD)O_20_hxb<+~8(W~K-7JlC4in5*W1LdB$K( z$!v4GaWRM^f6&dH4C_VYRJVrW?=~qY4x-MRptm3ZthZbE79Y2dm)`g zJgS+`8-PGElazkoL8wKa7Xy&2oCnd207Q-)iaQB8)PJIqLqcNzWXPe+Ys;1P-8Iw& z@tMBlIM*acf8;5V96SZ46qXCV)d72&m^9C!PvcLaN;<|k(;Ju`MJOTBL`|anXcE2o1xR$t6HB7x z!6XsZ7*rNcpNXbW{{J5eH3GaC3LRBRLZKG*tSF>{9r3yj>jk6>IappEjyex4LIUv% z2|=0KB)?89Rz;XoOp79nn!mt5c_2%P=yS-MzMSOv<@TTQsYRnYX1`iUNDZteZg$p_v|FG;ae3^RiV1PA6EPd8}iosJe zPVooz3oLygUz)Cp>u>LQLPDub<#T44534UDWGL7gb7^}8FK-NjQF7296o9% zDOjjtudqgI69JjcNo24epLq zb*SGo0tBVsv_K?7zu5@dQ@>Fch3Q}LMsAxhh7z}C;s@YgGT%WP*U`-$_HWm%h`s1Xzr%*j?NeSMESXyb&Mn$QT>H z-;93?;oz`F!#&N2B)EJE#8&R${X~)XP`%rk=;aRD?~TW$Zqw2V$PAdc<<7-TX`Jv7 z8}~cp?=n0yY-t#6^cJN}0ZGn`7YlTr&iJpg9+1`^Qej3C)id=Ybzm{sg@6J3s|l6P?| zI$fTQkCcGYD7!q9Rb=fn9=#F|2&?GM_1Aj_H-Z`op1M<@#&-05FV)+;E+)3OiG}^j zE<`kCXglvr3G;>O(McsgJZ_eJ=e@it;^0zq|E&x_-~o@1zn(vWZ`6dwG2K)nT3d z&MEd~zI?~1#xJ6grj478Omp;04qtx69MJdIqed)?H{u5u$8XOtt%>ox%h&on#J@zZ zR7$;(G$x6Vtpms4IhD^F@of6kjX0f)XHq&ci9yEERh~L~G*$??xTT`*RA(%9JIzOI z@akC!IUe7;r^x3OyGw7t#V44}4}jq?$7gQ?7?{o9A3Nx^vEAMqSBcEQ*)r?y4c>)c zyZ48!RMEBodfZ?6#c94Eo<7Dmo*7twzN9tSq0djZ*~joF$KQyW?UAkc9*G|>L(}-x z%A>-sQ9TQONAXPjYVj-htw>`M?}@{}^wb4`pN!VJ)4=a^r}??S@7^BcJihmU-;vyk z1EnKyK^*YIz0<&Ne>N2?;P=7UL2r)jc6?kVGDqPDY=UsaY_qRFMm!q?PtouC0~HD5 zc*1VPBT=oCq((#Z)3cue-&Xv|@o%r;{9y<2nWn+)KwO>O8PVw%bkA<%R5b%?p}iMb zVe(5Fvoq(SHpq@zghO>b@@g(jT_}_S>mrtLxX1bMeB3^Pl^NQ0)>C;e!_>8Rw9OTb z^zMSY_qvWX{*2q9@!S>{ci? zOR7RXsvx!KJr3Un{Mv)}0WYw;Bw}ncG5Fefu4$0?r}sb;PNk&L_k%&nUYLbjvWkY8 zm?h1MJ;m4Ih%7F2o8QN@1~g&$VBfoejj)8eAFOGMxQg`r6vtPe!j3w|H;)$w8fSMVhOzO(j@KX(Y<11AK&W3>WbU&42$^@8v< z@3|m+)IS;bRq3A}km;5l7pVvRlTwf-T=_*eDd`94&2&gZ3O+MXwOV?wsf`!QU20VD zCMxO&k~`oRMn-qCP#aVuwUWdxP4

      sfGP3+CdcyVjiJzH?1Wt9G?;MhZ~$q{S|j3 zUA>h}^uV=bxPm#VR8g8MJh#S_zloBH`Y&LULMYrs(9z^k`Q0Qi-YfQokISI3-iYx3DMHyWdhg+rTv3HO5`0& zEBVE;OMbBo!>_URSU1BrLsGEllHW~=-e3h)VwO&K!Kx3UHa}(kj|*yCV6}xUT$`K9S7j=|7rp>$ix}^$%0n(IvE4^r%NA0xY#IK z1-|odSA0iO3*Xf;BbcB;ej`><(fUhm3uy%YVN_`QnU_#VvtV=ukt~QsVtD=alICAB zij)ApF5PsJ{B9Bu&c}ZXo$^-V>}BA;dw!(&PqB>f-$qp98~swBbNKIxAX%hbR92Ev zhM4BV%_u}Zq?$qULaXS`okH@LqFrI8Z}j)2Qt+tiBrrD^(CN66jL=nzCDm8^Dz;~p zWKac-L;dz9Bp@O)<+}7a|I;Vj*-QNB3IlL|sTdwU0UKF`Hm-`b6 z*oXOCL+6VP8dqBwNw>L-UbrS057;5)UU<@N>3qn<1NKH?3&FB8!2{hKCZBGP%phvh z_9gM+XDBsD>ootnMs=wx1HDsFL{P#a6#usv z8Y^fF{qI;-<1P!--^^ZyYHtne4u%KTCynY`K{?MPD-oqd6 zf2`rl9nGz6_7wb4Mk)K)c1^mfU^9ew6vd)n6#Yg~{6yX=y|#&V$3^RCj@&mpMCzYmKC#WtS!CSjYuOteO&!eWVwWskP^-Yu{r&=)GM zYJ%0Hi)kU;KQ53ea*YY}=mI-TZ!EogbAR#DHK4=A7`zc$9r^`5VX#h5eC;``eDei6 zS-~%mRhw3i%diaWjM}n-KjwPr{ll#wzZ>>zJZP#H);SFOhcMB(Ki;5}tD6!)CDo&N`Wu)_yU{!lX&GnKCf1f^1LGA zd8K{^kVnK8=G$8~rgCi$mi4sZqAXnMa>V!E65K%C6)UTvo}fzic}IfrXk&I2UkslO zq3e`EJ!i*aSoQL~ih8#7W?LRwlHbM+ndI-fv#6)JC`tMs%e3zE{vG@^D&V8xdsM2@ z#jJ-qd949APqNaw!-`mxG|9UDQjhQD&bjd)_+IH0>YVF;)A3880LS7(Y&5tcj+0p} zTBZib3DE1mHw`vu*`xBN<&VXMOr3qNxZIURX}5YIzY8!&w7fI|`9cidU-2ETvf%c? zyL6YmPxeQJ>scXJ47^kmJLOogzs^f94e#ra)oHi7D>GrF;~E^IFWzH~LhiNF31-&W zBE+ygWn#0?{|VVZ*CuU9b+8(hKnfa&_^sm74o$d8Rp8m6UrtqH)NL2gen5L*P4g*zWQHppmJ}KKni&8|}~Vi+vMZ4LBH2 zUVq~j?hs-98}VjeEH4f6$&QbF`5b;kDR^FRnTh=;Gte7%YRrlUs91$K z_r1tgoc-dQwze&x8L`I&NJ7h>RgR9cFZ(fvqLW!LwXb#%stPVT|J+X~1-_pEJ}6SW zu>Bn|*!nTrP6LclzRm zm!LWjx^tLbRrU56%r#rCiYDxpLvD?;>+V0*hWO6I9DaI!BY1Hi>|fx^-{To9*{2BV z@)jg%l>TR{gVMbkC8OG%d?5tzz0ZI7-q&~Z^7Cdn?+49-(LHNa7xs3y?u;**f~UT| zW1!5=PjI8PYvIjU546-wh-*tbVOoV|Xej==am}t(m>IenfAd1A_?sWPOj3HwU)(~7 zbht(pX5ikvR$M_`Gz2>cU2yLhZfriln;8R(UARdISJ?2z&xNozv`~iy%Y<1(w4%ra z7zyL!>>Y5M<7HREpKf3QuAGZ84E}WKUX}R~%6{+Si%mEeuu2z{@T7XXD~OL(W_yZa zxTGz*cS3*C)Y&KN^K@iaD#mMx;G?C-^TDiCG4l9pIltSK)!kas7*;QE|1O|vAyh4P zJXo9STMeGle+0e)`->FT_jj%*Mb~&a^1bS6J_l+Rvw`i1;3dN26pc|?*HD0AO)Z1?O#FOxi_{QoqrZ(yrjOi?Rq7YagS)e>#G2zUPx!G)@71*& z@DyLnB{G5b!dw)Bvt|iAgH?*ax9A9FE7VT-pux_-epo&B!?u`s4<&BNl;oFYaKE#e z`<=~WhrA!^1C6Se(!Z!b68=ieQ8H_L{m*L0UGe`2b;0FtxNgit;y#7ias$`z6ASf` z`F9anDn(u}Qxkrn-Z;kU&OnRnkN&_6XuTf-S`H=}T)Cy#8&J)8(dDX&J?vPi)mqf% zsrxWtl0PBS>whKJn(UfjjdJ-$w~5PX_|O~(c=w$IR919U25`9)~R zI~dAU0~T^{^XiOMKQ>f%9H?R3t6WYzaBqsU{iJET0a2U-%s#b z-@f6a32~GB*Qe%MrD>!+>^u)AkoG+%`KP72(7$>Y<&f8Zz%HaKjQ`W%ROy8FyU5E> zKRcm8ej9BQTl#FQitm79o&3VSCcjGErLn0J@7Sf_sBOffz0p+l*vtonkIHYk+6%`! z4W{U|KW)G~cJFjfYvp1v#8@r}5B-VO={Dc!O`Qb`4$D(gOQ#U@qHXeGSN@xLoG}9f zM+9+4Et;1Wt>KsRHLImKhiOjhRcsY3x0=6n6vMArT9HS@6QEenZ?Q7X>iPC0bj{Ym zpJVT+!M>#VbQ?AvF2YZa|A=fQ$@(4RTVCwP@dWg`|4F9iz}yLHe7&t_=X~ma1@=WR zA{P{G*rM=S6+GMSixi#|A|AN@T&*UD>5u@J929joDEu%vC_LB7hC4-k3+bgMi5xt& z&kyeaay385)a%R-U-vf3Uq%_|nQrBbksF?sN5bLu*DrEb{uHyU85)kiZtSdcRvwJM zc~!J+V_F^{N!Xpi2PkovmSIgP%)tJUo|vaaPt3_VfpIQe^M>`YOwGpf2RXFCB&KxN zCgsb4_23-JuslgDPjk!f>lnL1m~XLX$4(OhEZsr6KxN;i*cJp(^K%6L>>tc;b~?I0 zoY8+Qf<)=!)C?1Gn2wuNb?vnzI$2^{4wOPFV6+H~ST|Jy9*!P?9ivGhhIKYpIB??h zW^G?QAL1m*vp*qHOo3}NIj%66k3?J-ZdlJFRrSB&dz(3+{NrBmE_N=Ps?<#h z&qD;B+;Ai&4Ruzfbooe#HK6 zFH*b*7Pz$DK?s)-BMV!Z5dw0QxI%LSotZGpM7O9EJ5;MA>pAlKD@aPVA3NvTnIE4! zTrv`F#q{LH{a^VQGKa2ohDA+ zKDa>xuYaL96oR}$$2ig%>LIA$;v+~IL4-pG94cx9#Mhu7PhP$tB^sQ3#ov8Rzm;&oX>Qgj6 z$S>$S$Dyxu0FYHkM-lg-{SI;Sc$kah-*={;QLzPeN#6(@D60s()0B6?F zKUxl`o`^0GxixW^ss{~O7V zH(qr*Cq{mR`=>Ngc2EFC(PynLZ?8{c|8yj5!lVs9M9}x|dgOgG@#CDYYv+$g!sVlN zetR=io-Nl$_s{5wx_=f;L;u`yxzj&$*Pwrv?~m#qd*SaR`z2Tz(I0Al{3k1qnIA=b zVE+30(&ECfT{FtAKNJkSY^e5O6u_-ld zud~d&b|197mu;XtFdF6gJ1}dlz)5razHd3`KJsgzySh=Mi^%}{3wGtR3SG6`5bPIL zmSUL?@1nmfh{atPNX<{q{2kT|etozjMC$EJIsp02dVqWwXR+-~109g}{0bm{@Tvo{ zedHMpZLqKdKn1=F>vz4{?Xz0HTmB)acX>4Ru5Jb>lL*S-FetYYlo{=yOm;wt(eEzY ze!p|t@5=VCif;eme$eS&nS%EJG{7OnKUbsuBd>%>@#@o>6#uLCFD<^}-&K~q17g|h zMUZf8@})i4Yh0LQ4#pv4>^X*2@Mm|^Jp%ee^9O)+P&BONEr9iDoGGXN+uxzqBV8j5ECh#?id4#`k*{gkL%M8`XKeTeruUZle)X1O0mArNWGO7)(aF1ie=l z=5nvtkA2a@IDRdrM03z9*q7k^2sr@7x?K*;Jk;Uv(PH4+yI_QBv6sQ!&#rqPl!?(? z|Gp2Dsl?H8`v;dfbb07W&}G#=hb~G6l&_1D0bfLjyeKK4==1nF^nt5re9?W_e}MaX zkq3V}7h`pr*yG1Ix|hJ*;jUEMhebGpx&?N{$T_s-F>D_;Pm0<;v=XoOp$eSviKqe< zr$2ITDik1>UGqDqm#1{p%L@K(RBe36(>WWZa<>G3N*Nh%Nn^wWRVz-EP;e`nOM7Dd zfB=2ypM3WcY}~VmZ%4Z9bd(7ivX2X+CSG9a^&hl*l>idJlw^-Tg5@xtGDvGIERkkZ zyI=t*&afxGp}x8K4g34B`uA_w(6Te^?z*tbz)zwq!F3=dFl!I?Xq8dNes|$%@IO7l zupaA~_L{KGZWuqX1ju9SurMkcEni9^QQ$YUUI6^;MZZ<_LvEx5_r)**^^eU;KP*xD zVS`}5L9Egy^utr`Zp? zci&N#9BE+b4z>#uR1s{&JQ?m}M^@UZr4F2vu{N>!K#7|N7p4EcHhgpllf&UKr?uGk zFTmh=wuxpE4MW!6;y=iypsL5dW)BhjS83oCFio=s0`i|lr2MI z9KK(H1HX7O2g9l64xA0y&qyqFXRsZ#-D@RWDhF+Yt;pfc+Ve<}*SbAk4z1mcs?5QM zU`ziR+jHj0x6Hb)QRWb=-e%S=qv9fnD_Vln>GhOC@0?WfC}c(hEtJnZ{u%uP8K0z{ zt%IraZWB14rx*XsI|E-EqC@sNS+EKuv zAg_N9=l5E0x;m?ABTY{SS)L!S1+R%KWDQTFCWYP|tf-Gj;$^y2yxyl z2}1<{NNCPn0v$?J$@}AEytV_HKYgeA6v^I^%B*&MLwB$ml`_R-6)cJaLV-%fwM}jN z!{z&RP`*!lc~5(JIXxsKLq8~z0pj3`6eQSAld6~QScj&dXPwu&wfl)kZeT-YD8b!f z0v!A(YC!Y+O9ARvEb@>G8J8YU<$MAYR|#B4kuJOT(-`6*yudeGB5b9L4Kn&&|7rnrUmaL-v(g@{ z71EYWK0}&m=`9)3hJDdcU$6ft&m{PdP%YXFioi7k&b?F=Zz3BriS=%j-xd1ktui|! zb_865wG+w@Ils^m_b)j(ON#yxGA-Rf>Om1(p&WC3b*Xd>X+dqCwwK8&QZa0BY{=vP z5)-@E4~0#&z#USKz_I=&xUA;-Kk{U4f8^KnX(>Z?FW_TM^h}Kt{FQ?3Md!@HJKZIh zaA+0qV_*to&nji03=CnJd`W%?Vn=O|V&TyLy_-O7u(eco!Vb*)ysa!VuIM^Uc(c-$ z(7%E;6Fz}J^F8-Y2|@5u4lJBcc{idOAy$&SD)gMY&?ni&`;}GFZ?B*#=;%)LUkkLh2y@W z12Hf=oCC0Zq?K?GkmJt`3~f6^t>;s`7}e9#7MC9|DqfT?Iww?y@~7pizyJ_nVt$-C zti%=Xpr63_L{<7{O(7;EUuK-~*kw|Oq5}3Hi+jlT{%)?55l(ECUcn@KSOrhIsOId$ z3y@tj`dv|26XEmvC`Aa@nt>ptvEr1RJ!bjMvXed%wE zexQrtEDF{%s%!|c#nhAIh|~*h+C8K>$3bga(D|N${#kvJ zCiuO5QsC*-C)b+c^2C4U8|{DF2ZtvdHG{YY6chZT`b_ZW^l^py!*0r9$yB@O1?rA( z+ur9PzWre49E<`q#7+u6f~|dYT;AL5yc6!Y<|65R)p3e0;lgAxhdvzK9B&R?g6XUj z%@fCOR-zRy-fWk$1>n@ZrN9vmd+h;X<9Oq-`|y>K0T&B@ltX>~F7tzUQVv98i}r0_ zurj5HL{Ddtib$mXF|bDKA8?W?B)<43vs{S`9L<6iT2vUrs?gtM%5yTSmdVSK8HH5iS{$J=o*&c)@CP}ZJDsiH&eoj_U`e7t zd88_c;ONaDmki7ccHjMoHqfCi5MDY8{Uh|Z(rQINP$g!vv=_kX3#87`8+LXVIJt2- zq!rrf@SJfJ+L&MJFLc{c`pZ|uY3Xs1EdC8jHH7|>N(KO`>+mZuljW&m5W|?|$)UgL zUdFz|wH&&ur7*Nr`BjxDD~t+=Iiz(+Tj(x@lr*$-2ivbF$vZb;MZVO)sdBDb<#T5kH`LBdT1Om~>bjBkTTh{%FTmDO=R zqYQLcmO>Sv!%^v@#*mq##Q)mY>m>~?? z+O#s%XUEg2MUSA(NFYIL8GvYU-*D>bp*8hCuL+_wvt15=VZ4|ex2!BJF`MhV!FNa z^9!JUKKS3%{7Kj9xPAB{T9LJU+gbYs*QlA%smxB4T;5*sf=agLhY7`c% z_C_>-xKiIL@2pQDlz;$b_4Z%yAqoVMuhemHHO$>N#o4W20cixz$~w4s9CW=#Giy>t z@yCGh%_k5`+ZuSsi##ef`Y}{&U+Y0YOe@)kXQ5xCQ85&QDyA*e{LUA{fhSz&Oh&K- zcz}~{NXkdm-+wZT@x5nWNBxVY1$@jekN1t<{5mJ}R5Q@aWX$PooYZEx>1-U-W~AwC zoYQuvhYWQriTSUJb35j4=3*s;x`^Tm48po~TFwL-t zfChf?{Re ~bZY^jbCgu)9%u+PW}Kp91tZ=7$0lC zhiDhD@H|l)DU~z^x1<7tehP!1KP(vBcndK2!^RFUc)a`^3~2wnF#M*kBqa`wpYNO( z?Qi;g^aid%J3b!`{|I&33(n>hwAQ0qHy9BA%bSEzRhS@3$y&S{)$^I3^2JC0^#75x zML5~9E52w_*gYM>uII?*`q0>XGc>}q=DR}>mh&@1*Wzy;{LkT^K41K2k%k>g{DuGQ zeDR;1AK{-q8vf}C&cU&^P_i5xJBj{r{L||b0JYk$m`3(2!WI>bCAGn&7%@sa+DJ_F zK~@N%1EHJ3Q+d=U^yCI*CDED5O>P|Hq2AlTO0p)xPW*;&Z6Q|rC2lk83{G(~L52i$ zq4mrMgI``?z#;p|ne19;%{~Q1e(E*@rD<+CKkR!}3Oe=yb#g7&cLR5r0--!mw?> zyp4#^_6#|aK`aEnS0XbLCds^-nE_7*f;ALlU}C|Hl8CPfp$viYEn3y{I6a~oX(21m zZ9Fy}${6?yPCPo5xq?HG8l7@EQobo4@BsP=+oYQqy_-*C{Erl$F~|zx4{%+WNzlIq zJl&3VQyEe*fl&ml7W6g3KWBQek&5w?i};qlFE!)fl$JiZ1=5(e1qRfi|G!7pVg0O! z2i$#JR*?(VkwCn%fSay?0T&0n7bk%I22>G2Qjhvaf0lRnXHpHx-Vy%{Gs&qOl6wH~Kbx=WFC#Fh0M_IVnC9QirBy$g#8%bm{X6nbwG>tOXx{m$U5`$u zd^v}8ezui3K#w5*6cQR?onMeikQtLDl$d~6PlT&4L(}$mSqLA}F+7T4W)&7HBz>BT ziCWQ>B(E94M2>%(@KS&9NHiyz!LBi!WCp*0Lhy|_sR7mxwtp7RUf49lewy8aN9=Us zbn7uVyj2lDm(0}mg2f~sUqSVx;5AtLM$ON^Ck1`S^Ef}7oS#h=cI!#H$$qjC=)(s@ zH0htp%xiCdmE(gX>#8nd=*{#@`#Gc|Rl3L>2hA5=@k=( z+KcIab!v%ujX-N}X(U=z-$ef~mi?SW>S+Ic7FQCK>YUja;rd$`J zIvt`&#<^@%k!*P=i;7d6Iytj2yI9aFnBKQvcHTw_L+xn@f*ZvJL-+v@-r$`WJ^% z%j-JBpCX!pF+O2=sdxfkOluy7@Yja1jKOKbYkc_cr5NRRGlTEUWk&gT`J}}?O-}5J zO1<3+S3hI9TUhN(FQc4J74-kRqzLP8e5zp3PCCrZ&YC*3_)3`PrtPQxtt!f6)l$b}OhLPOPODffYmhc+AfsEQ{w^OnZkOY0W(Q4! zT*=1rLx7R=>s>rt)aBvZ`i3FW)tBe?gEs_8aZ0x1#29I$!anz zagPW*oXL$tic8-Cj8w0c;PwV4A#svQWc?IGIN&Z0T98_FO)8iWNZ4in0;O<%u@Yzf z84F-sy`sk`^k1BhX2E0VC!<=~Ez1uS6@*)#V+IoT*qiKQqejhm8IP zOjLy{mtr~Lo1}Ee2DY&Vs%UroA%%H8gfn)zP|UO&_p^IwSIKHxe2??Z?ni~}90?&A zseix1uN^Zo<<}bQT|m9DI)WOpSwOZ7awh7}2)DRP0|NO^P-cZcJb2)Ipk&y$%eRgJ zv6B@PRp&y{A*Be8Qhh5iwb~2kM^3lgTuTW)b4n&z^9Oqo2=RQ@55{k~*Eye`$EmU7 z^L?B#TPT4rW1hmVU16d{B(9f4G3CLni$(*O6d2_V5zBX_aLI@LkCjwUy@BZ%DVK9( zEjvQhk)x9P_)SuU1Wv<<K(WdaN;j&<)WC69(BU|HcupLiGjEBKCH_A40>$33^%5v4|I6%J3`py)58Inyf>D zj3~VgWsMpt3Pdo41b}i@=xN&(i>lxsMMUg9OZ>DZ2Qy6#5IZ;P6T@QQ9K-h>8uLO5 zODq7=+8b86RPRi*dek^rk&haX$KJR}VMnaO`%{#}Twdz^uNGz;e;+5uGCb11wET0d zD`{0==W=Tm1R@7W|1y51_zVyV7>~9&k+e`H(>JOibX_*$$yfAp^1;V^4LIc&M|nbY9FZffuBSU(x4A| z6O>@?j~+!;YJc<(Y6!}fqJM+h+Jp+c8vNne^)jFVAvb7OAQkmvXHMER+#f5YFTTGH z^1~WFXPYlBTjWMdj`4gKx3Ov`mPW-0I+d7ovUJ0hQ4y7oze1=bD)36Hi`5NSM z_A5<`X)xGT0SLAhZw7{cT*50#N59RVtP`bEOzV5`vRXtFKkAO%16YB^yvg14X#|Aa8-!A-z>zvT^NN?QMnH8p*?UcWe}_Z!SV61y?G#OPCl`K z9n$kt`GEl!#X0|Bf18>x6^zUY{)A45>&Q?(-F>6~3N}IuV(S|h6L?cFr9pg>hIzu*9C2hjTua&3NNELyMl?h{G~jEAukg;1Qbp&M z!ut9G<)HFmeS^VF-R~Fj+d%iDN<3EC+gD(N=)7&pz-IrQ{V}n^bQ~O_MzpiCRll-- zaxH8ZP}ZFIYq^2hsks&J7bBSU7?*wXIF80}?6r$fUkI02%|&o$@Lz7$^=ZWj0-BZ< z+8Y&f{MZAwN<;w4BNnIxyKL?RK?IGl60Z&h(kchkm$C4I&$zJhpsy z(LE6+v0MhtP$t&i(3QL{{P{VjAS``k=dLfT8sv8J8bvg#q=KI(zp6=iS14HM3p5{W zjIs1V5;lXN3UDeQufpgj|0o|M&FX!l8Xrr~l;Ml<*flJO5;DXw$rfOFCHfuKDt7f? z7!7}lQ{3eBqsUM6n&cOu1ctQP!?D=6TOPolK#R)N$ghA{a$zi&s3`-uu)Ljs0_-2V zhK25sLco;mRva)^tfDQ$U#~8XI{B_qR>TB`p>8mi&*3vzn@yB=B1#+igstO8ws6Fx zdIRxZKd$5D*6|p+Lr<6y|U z^XH0yv!<@4-^*%&u?$0@Cr}!<+{cWQ0gcg(1?al{NZGwB_-?0iwZc zlmn^|M9+aBc~4Et-`_04WRic@d#6I!Sw}>$BkbRq0gm5Ku|=N;aB#=hkCU?N{*#hZ zIX5j&za;TxihgnN<@T|GnMj?LHg!mAum+YJ@L;)&2l@+l#jcoN%sJQ}x%mFwva^2T zhRx(bSc$Q-PCdyKiasl>3=43w$5$@|bx`x~%=VumSv*-gjFm3r&JFw+^c|T4m)Jn! z$ls8}J+H@4E<(dqoPsF!TH`?C?en2FZO|?#paV&)coixJgk6}tWj_ab`!}_dmsb)L z5G;Ky8hnDk^{e?KG zs7~~s1hKt}*pGnNpMcn!5V({l9-h+UdCX>8yD>4M21c4wfub4>3z|AeI3 zIsOS5`1AdtBzlkRrTgN_U~*>y$Obcg;(f)Kajb!vcX4MJN%o{G>1$Gi0A9(yw}z|v z1O6L<&KyuTQcG!I9|aa+CV}=z`-ltQxU900d!aTl!M7OC4>eY8FNX^)8aY!0-6Q#y zGs-iG{e-+9p!+#>>eoZa!`CGFs*~}af_F;Dc#NzZ2%TxD?*-Eq6#rrh9nLU zJn}1LEX9evLI7`HnC07-eM;q7=?K)(3b8s%7X3zcXYps%Znv8W!JCtw17nwyU1V}J5&>cBY#+I_}H!P&` zqxKi$_x17}ySQPG82j7LK$@?=g;TC(#xd!;#)v}5Ui%pf-hr!mUR?j-}StKciVS6{8^hLbQeSj-QZkgMOCwgVKX~i)nQdt@Os$U zaMFPB)vcb#zCt~9Xj%MI65*eO6XnnI&s_XLA6%6$&L+qD!`UQjrFa5eqLS*FbTyKy zq<`(2N2vxnq<0XHMc6UNaO9-OMhJ&9OpiHf89A`gWZDPCg^T$x)RH*GeG&aqyh@?LunT zSRdK_za`RVAf!*;VekW`&%5Y6Z=ka`FcBu1sY&!GNxl&uUJ+ zXFfMpV8VHBKUd4iosl0`;mQ#YE_WbV@@U*J5td%Br2o1R!UQsw+LOocZ90XZihQ=0 z`%bq3V>jpTMd)oJ12c`N_F|Jog?6WAuFD3FWVfJHKK=KafB??oU>*At2fsyw>9dyj z{uAI+)KEfIdJgtd3t`Wpf8f~>7#N5C9rjQA^WBcV{uD;7@~^z0e*Wv5qxAD1qx}C; zKQDoWMXm2wLXU!eF0+bX-%XD7J+<2ltXSn!E&2>o0p;xM;s<}Qvpj7T9@D`zI_l*) zpT6|ROUR>a{rg!opX2fI;k~}QD zu)zGMEHtg*jd$>VgoC#EsUsfU?TI5e9S`izaX=Ve%l%jH;XAX=@PVa4N*8xL&^MLtEBuorUvo zN3gOXu_9>SXqr#FDHyXcC^ftfAh#cXW2a@I-}r&)JEs1VagSB9&b;xxFF@cfK993xW%cKqGJZYZl>svD6`ti6$QR^ zJHcH7rVwG}bSYMj1M z7zg8NVs{242B^rL*n#=k6xBaJ-lG{Cz48i&uNs)FT?>xj^O%^})r*Jfu12(x$gW9e{}}^ry>}6hsOdRo=?+dg^$Y`j(NZT6*HdMVf!ZD+PINS4d7(x{ z+L@I8@imEd?j08x0h9V>x7K0Ly8$_{5u2J_4*T#OF0<|<$WHjPPUvdZ1v{HdPvg7W zSk5`itoyh#FYs~YTGP^C=m>hU4$Qxf7r>y9Cu`6AAB{&GhF-b;H?n>2b@llFg&S3} z4}64+s^W|GVevAEQ+yJp_!KUN8M7fJ+xH>w7CkervNt!KJXsA3o~9YW`0FcPYd}_R z{Cl~$9;hzV8T_*lXHv2LJ#5#(X$<$U*jwm4=HCN@PMq7`ummqwV&Ww9mNoEDFDQfk z%FlI1j#2S&zFBei`L(;?3sg7G`KRdnSI(Ed9c9$-V1VZzJ#m1<<3ZwDcQK~m@gOfm z{&XR)7qrDywVgehw#&W%0>SANCCnH|LWa&&&e!G7;VUjvN-!S%1)lJ&%@cpvMBodC znmqZoS=V-}@52O7{3&>0&d0c&#>q<*JGBIq_$IGIHeNd!bKUQEDe;ic@m1jA{S$hn zsAfH~GfEel*02=0qYM1I-~L4V(ietxJq&yz%i|oIX^ZAT8Nc+4>JOZ+WAFI3S9*MP zC!7nkPvichcZ}S4s1`VaeV7~kP(8S$0oZPMXOtMrR--n3&Mwu_Uw?vLwLjXaK!<=t z2~Pdy&YaF|B_NJrJlY-O#A{78aEbZ6E=&r+8&dR%ga0&Gr8RsoYk5}J0=K<0hSY?> zDx#MV0*bWUKuT_)psUwE02H`4rK{l^4mlANS3PwBZy2uEb5Y~%=fYJvt#g})GAC>Q z{BH{wnA&-Zp*8$j6cPJle-vxSM5ZaqQz1S(k!lD8*Ram28%W?e`Y3>O1A0JYPq-V1 zC3B5|quv(vvd8{n5yy%iBbE44#TH<*aL!4{fUrNF*6}b1CS$HWhxeJl{bwB?btIH2 zD90iXp&ZL(V(DLu1}e!^e?)l>B%k#|;kSk#=MUE4760K7(w{|P-UvLxnllY5Oz6ul zM6S)T9~&b+HaQ=U;sL^-ywljv7C=@jC8i%w3w0ic=IT0zx*YL6_SE@K*xYmLrZj14MimCX5U0T)ni ztPgu*d4t9aBv0aok4GZ+UOPv(Ul7~AkW>a2NV*=l@*mb&pS5yr=BTgQ%L(sQ{OqWX z;6;eH#9jB`(9;#I01y3ICK>R72Jq6SxnxZJFK4IvDnga9ni^ijfN7M~>~!}=TOe=P zU?hfQ`(zcYM)P1H;FQgb{_*Klze)U@z=R~|FG*vS$syZ!VrIL|;iDY?WSpTo_7tJ& zV*00N@C?S}47q9TRiR&V5vuj?+BIIC%CZulYi{oY_@DIOExoXcsnQF3O4$o)7ap|e ze>cpJPhO%r0i%`Y>aO{Zbb{JncttS+#%T;A$ny5f<6xH8cR9;j8IbmUQzD09aCJu; zQ+hP2`NslHqUU$Z{GI3*zSI2{YPZ(AE%Tpz?V-J2)%R0(JO0tPjwWeKM~rU6&qBBw zH^59V;F&_WJ@x3`T33LrAe?Cr^t}J&MR8m`HVA$rzung6uVW+y6+cl;>=Z6azgd$f zwgOl1c1X{2MTmm`KMMX#&Yu`@{DT_Yq=pHNq5UismXylL-B|f2l!5NxQX5E*bTO@; z#)rN|ahYn*4pDi+69X%}MJ95SuQouxZ;u-=}9vYp8qs~K%^H2s|LGn~N59{#2 zZS*-XS75^kqOlxw$1^yhg&fgh|7;-%#r^YDDjQH>dFDlN*F3xUP_E zymYDQX1XiIf!1E@VHfG{;v$TyxShTWBpRB^QT{)@SkSjEEfqDz;kZm1UV$?!HvI{>aJUqj3d~t- zGy=df68Z_%*6;>$@IqleIM3KG3a!-OAW! zcd`SdyWsdyKr}WA_}kJpvo?53RBXQz4}g!Ii+CyaLt~U{>2pYDpn(UdOH13BC8R14 zjG1AljY(mLsA`;?s20%K70c9;RDAjXy0Y?dEpA#kNCY;ux3`^agNQ4F?|R=98JR`= zRz{w;23~*K<7^6SOOsmAG;6UxI!*mq*?_!O0-PAsmb|u-Z4w>}O(4P63FsGI z?t=q6)V2@CaGhR{`Eh1Vdv#dEiUG|j;nbiT0B?vU1foh!h*3*DtC7nO|5@s+E9Kk) z2CVeZC6F(z+g(QaE*Zz0qyvrW1^OswAGlisC{o(~+i$3jMFj^dCwqXePW3U$4-Aqg zoaAia6G%Z`Xs-$%(%1%q2^kd>_)f(*I4ak9;gC>kXlnQvslGIj=Rcdh7q~PK`_JDp zc|TDK{$_?Qk-ylq#Qj8=uXsNZd9H{foTCQLP>U~`?OU9H`__5@PznnX2ENk>yz*fx zK#n*i+8XMegQdDR{!sXk=vHJA$qp2F=3}iIeBeJv=1?#M$6rniSLlzk3}6f$Mh_l*pB*5K*t>#A_!uq6bRx%_riRIe`W;!d2|@Vg^68;v~qrx_?Zmf z97%&DMFYwQWBD`vqY1IN59DiJU*qyJltQ$R?Wsn^T;%yLq`4JYNE)iV7a+~PeitCk zHS$rh972>pU4fBW#zvu=qJrb4qq>zm4i+aX%BCV4$f$cNvm`D4Il~~3msIyrO64l~ATLRH`8{&TiwiG*P%n7;BcG;0Fzv?p z4X(juS5Ui(?4SQECagqxT7i;PWuJTE?5ST+j;zqjMw-tzDbt!`K&Qx12K0`_(g`J* zCf=g#boJHLOJF^Rgb~xP5@Namj0{zaZUod;qG_9&Vk2$n_Nih{EJ`w~o8gOL!*VQt zE0i$P5*2!5QLqvnYd^h|BHR(#ZlG!#XTl=;x0h&K*eX7^In0QsU1V8nFziK}Fzv-73N2z|f?r-cDbc(aF@&DW}qCeO( zxqiDqXHc$ChQh58b{0%6=o`exePlWo;aUtiZmB6 zP-_>8W{AZ``Axjz8m!VESG7;TGiy)LwWsRZmCFckVYZdF^uw@GqX zNACQ9(vdmsG!Pt=NMTOA6M4R;>URMb?`8U3p@A8X??A_v-?eEi{DtPpmTOQ4J|4Dn zPVjiU8~(LWrv!Pa9q}dPS2?ePf9*AoVa{x`ixA@9{!R}5T>FVCu#p)-Eh&JJw4Pl7 zuH}fbe~3~tR_&22*m@iOocLH3Tz{d0*RvovE6(nOfp+B-~vydh0q%MFcQO!+8miRA{)bXvEP9(b80<10<|vq@3lS>DCLw7f6F%U zw>TVwHOawW#%> z7op0RAII9&3)(RcX_!HfAv~I-OwW>mH{mldLNZ(@|FpsSjpcNsxysPLFeCpyG zeaP}blJyh)vwi*e=O3xD!TUuMcYK|NCeHF8M8DgVg_5lb#H5xq4WbexM@<*C3YonA z$!`2NeWM?chHyo*60TnV^vqB?TqvM9p7#1*XJlOTL?g=B2Mf@;|5b!)59dZRaUfVO zLi9{x2bxkhBCSWpmug(6H zGEq*N8zy$>r1=Dr?LwHUMY?9PXRPG16#M`T{rXen;j3G|>SVlUVD_dNi%yz^T6SQp z#0ku94Q#$qLCsYA<5Q>UUpg3-zxP_Zf9Z#)!3p*;juwK zViLKn4}rr3jwCL#@yM_22Qq@g1NNc@wNhUvWQXYhF`V^7Y}&%$Jd!bU0s^yH~S2ofxZ zOop+EpCR9iZuE`b<@Z4xz@n>%i+_45gP}NsXL73AF0ePw;^5iEQ>Ec=DZbH_QoOsl zYdrWFYn0w9yISAcHL4IJCp^di7c)V}LIk|5LRLAo>Z{sVfX^cJPvGTCXUke9K zH^#!wC2!LVmZ5liAN-%}U349Ez~^ZKWqc+hFq@cev$wDVv$yguPpj6U%3WsGSz~1$ zvUmgEgKOkHNtnOCHdfq%6pwF_E3OD4*Rcy?rN<^Yu0g}xtfPkScPt6(>T3Mv`aj4W zyaVRkPH-%n|3fBM$!9n%>~=if-ue!p{oZ;tS#J_HTXYtY_>SszQ#moU%`+{{*%F9BAEvGIvIad16*hwo&$ix z>wnvR_${7)RjC}{wIp}vF`}$>)FncCSOlUG4sOK`cdmbXuHO!=$@RbHF}8lxb!_Fd zID~#a-Zj_%E-l%OptVQsH_dwh{UPhGy7@3^M-pZCw?UMgKU}CQR8{TF;V?xdx+P8h+|elp<;$0wMdN5V4Z$_d%lpM=E^aS3e3z_}lT(#R8ZW#sMFR zv!i5TdPn$tv03ne!KUYBf)89~1)sHPD*rcuI*Cw+)^j>Y%o$9zW?=DuU>eK68!qgE z*T>zEW4Fq2g~~CNIYuA{3gB_9Oe#)W@I_1YfKQdqRrsbHf+ zc>W4=MMCNO!5PPyVOV?lAtzY!cvW!ve>f@=H>C?a9~?((4R?vd{ZlIG0F(ZPBn(n( zV8)7D(3>2M zR)8+J9J6>tw=&J?)^1zStC+PvQ})^5t$ec*Yp;+#ed-wc^tJp}9lP;b z`UqNy&!~@^`0=IxkGVGiud2HKzr%1P2zbLBCJi-eP>XR+L^Np78%zL|7Ap4FSQW8i zi;xQ_sK5=#HC&roYq8iCElw@1XepvnWfE|xf+(W=s$i|2Yp9}D2w>&?eAhnb4oOh^ zf1mgNygrh9&OUow(_VY+wb$k&N%byimXa1LscxbUMP1Mh|JPPEqxINxNNmSZ6|q$x z;~$+nmHpGf+XoKIIqzWM22dSoAkf(QGVCw0^(75l3b=lx;^)TJD}Jt$de~n)jMgiD zZfrgKr#K$%(H^Q?^Dk&?-umru>|nQ+&C%g(j=o$mt5Gp0!?!5_l?47$u*H=EH>5~3 zc>=oM|G_MjNu`pvMqVsJGN@E-+4eTt>I>MiZoXYpjibZ)?&2Tlu-fSG-oo)<>6_5u zacwi`@TTz~OB0ie*GA(;h3AJ-R2WP&Tv${b5G0HA{?vkho69F!%*rRSjBmm|O)hT_ ze}J4QvPq_CTJHB$o>%!Jvb4cCvK*gDmKt30?rgGDT0oYQmP3}E2jQKK5~7M4>b(nHj^^^^$M(6%eQqva)PB9!p3g$$ zNMX+*QUgiJ7mYF*&qk!u0z^Kt3`CaSlZnXWWx`@gzWhTm`4XY(BMqlR-UX*MqXPNz zg8bnUq4V9xa(x`lN0N$NQhz0tD=8TDnG@Jr9%zVRWASZMM4x=~92{iXf7putx%ED& zU2@Ld)err%9fd8^I5N3{ux~`zW8%pX);L12_w1Y@PqL@MG=r}kA2kzcx!@hgnSF0| zs?G(f^Us&M4oOXOR}Qy&?aPBt$|Pjloo`d+y0L?)6751BWr==&YkQ90zcW&GRjRIQ zn$`7}ElunC@*dUIIjC!v>UvaT{cuq*)*RKg?Gb+ZiJq}DOk`nU4G&CX-=$i#LSod@>o%mQklx~6B1yc5g66{!IRw>?>1#*KfUn9Si2 zzkX1QZmlUtS2sT0nZ)=ImJ{SZsXxKwjGyaxTaM6T)_GtB9n@0xX+ zi1OV-&&axM@&}_l6CA{ueIEE9fBpLNz_+eqTk}`HfKwCQ|4jZC&jUwTp1BY)#3HPS zpO#yhsK~vD%f(}Z@2H8ftiU^Wr73e2@fo?fI61Mdk?67hd1EhhXNA2>el5Ce;h^xF zzmc}zuM0yI0(DUMSUTg@Hdmd>#=+=+IiQc1SaLI!Kp0y$t=>N+{Q7?2v-F-UH)_}Z z^rJHomYjefN+E{_;b+QMo*%yKOI47H?{fn6{TJtl9sWNNImLEW3;&Eye+=(+li&y( zFcI=|*C-FfT8w8AN-qeFYW#Y<%4Y@j9{2mSo@{Z;h&Q&_Ec)1RP zuj0&*s@^tPRnH)n^q+p~o<^#rG96oqcu$?6Gz}@Xu3ApdSn3X|U?NF#jj^rwN&iet z7_Y)V+nXRH6FEM9!gCip_yM&EI{lzO0HZpRhToJMeb@oIGEBdbJhy-723(mr;P!S* zUL)3dcLsY^VTnc@L6vd#HSc``CL_lGc_~ zkZt}cXg2ER_mBMF9^YZ<@ooQg^YMK!p!xVtg^ybrU!VU!j_=qT+@QeU0X7CjyqWlG z*TVQNy`bgs4La&8@h7iw6mZ`^KNrse{PXiA?&C{*hduW@bEU1tb85P3_o+k^jMm@b zId>>C8b*N?@|UnUaA@feNh~vm?F=vHy%(uJ*CS3=7Oo;oPL$19KNoV?YT-`ux!7;q*G})6ogvH;8S|hc<-=9doW)K`8V1 zCPjJiw}}|90EkBC0-H1O`@o*HPOukCqF%K}xx-^q%G?(-&Ouu`niuXDMZtOQmw}SB zy(=@vo(fY4kzAGK0gv7w`ax02?W`@E z$h6E?H$O{$9~r&DoS|>FCLZwNTqZmcNO~gluH`+f7Wen+qa|)5?%g zpXNqlx3JF@;!^{`xZZYI8aB)Eib&L@FHSCs$f=MkPjZ|@nQa}qRwJi724`42ASq_#KZ?f{(gyJ-B8;KVK8`}+Ko?A(&3B>qtZ zQ+K}Q!VWYsYnQDX;h$^iBUsbu;oKtt=y-G=G&9 zg$Mb@D2@Be9*~z>=;I8a1?jHzy-x9%Yr4mMY% zDAcD2ERqnSmqcjXaumZ>3qUHIYsoNJHCYMoB;>61PchySNnh56{mjD$g6vCv?!2YJz_uj(KByTxU zLoqwnc(2t!SRalSrLKj`IMcW*J{qObQ40`lIE?qzUM~Brhu4kHBShOvY`*F#qxkn% z2rMr49ob`pUmLICaw75v#X6NB|DZ5y3-BW5}Uf-jhf)jun1bCGPFMT|e?P+KgLaZ14%zQS;3(0LOn&;vAdo%{-~B zeC6La_e@ob zrHQ&u46H~o>N5R#?xCyGx&K)eQ0{=em5C7tlRX)iybHq1CvirotoCi-6Dyp4szVD<~?2F!wf4!d_-=;nX$o7SY|o&6wqfm^rS$2@*eL)zrcnIbM-X< zGF!hRuq>Ps8$2ylJl~2F>=Fuj1t)y(BUcu07=pvj)YmFqCT<>WEd5y3xbq3}X57J7 zkk;p7WX$pv5~7`c!uV`sYQ8i6$0JPLqf~4pJe_0h;`J8Lzt(WCz=*7>Q!kweKiugt`Nff9KGbf@W(oRI!-!t8a5~1sVlNSAM{k^@; z$$x!t^8Z{X{~ZH|w)dC(e_cqxGl$MtuF!jr2J&C?2lC%OHIe_&M`YH)nG~9QwogBW z0sWlc(b3P-wVCwe({lK!kK1v9ZyWS83qqTPP@kn_1t`O*EIPqhhs3 zln4xuGgy(j?o9eN-LdhDrc(hwAMHTB$7j_`nTE&wz8@L%{Wj%m-87$dI3PD2XK3hF z#WFwqRI(i*>WDP4`a>L5h&Y4|C8hrmKSc1EbgJLR--0%drVa7e!dMzULFEdnF{a^u ziWq+%8WY@vuiDgSDY1`Nf-}*I#U|D3b zhCliFQ-FBCJ^8OVRDJ^l6k+?TW6}T7mswhTB90?wQKD13KcZf}dz%;|G`1acMxx)6 z7g5uGGI-BH=bOP~w5t5%H5TraQ;Dr+c**YOZ?nxgf;_im5ZEh+br-s7y18n;qiTw% zrs-1M>)Kf?o@Ix%{!Qn6M&^Q~$+KIZVD{1aq(tk`V%cBN7chkQs_C$NO@Qc5ShJk9 z6_Xa+kazN{^@{d03ZtyE&@uyBMj2bsTMM)>&*N^%o6$eXCG%`43dPp?%0$Q3m5FY> z@m03V9kv{N0~_r!w>&Av>{61p(Yn{PwaJ?o&Kzp86xF54sM4NE8HWE|Zp{ZZiC;GMJ!zxQy>0Id&x9*0%f!Jc z!k?A9zqE7u2kSd-rrOT54=2?0K|jK^^{5p4YW>II)LMNV!!?#4l53OPlSf|HEZ&QzBoIqdC^~g)G9iZ)#hm)#`K_b`hotF?*A7yV_-q?bqoJ$W-V6*(Qy50GRB{jb|T9Ks<~w&yA(2IEwW$YcJZ4Uyy!Ed z{3EIItk0C6S;5LtU$Ne)FB<`v2`oK@f|^tnKJvH#6_lA{fncgC1!M1l5-CI-i5Ste z&YHs9j1Fe@uVYJF zSO;Qhn~X}a5>33QjWYnxdNf#!ni`wv_vGNgjQ_8D4>pua{kQ6GqWUK}RY2w1yrY8M ziz=uvES(|iMpgZo{+u&wbpRb3Af6VQ2sy*dpieSp5(! z>+;rm!*D-q*cen4ULKLsAHM4lH*hQd*KRjCPSGSaYgfJXd5K#zGC4|(LTIrZuf4?| z&LaEeY@GeN2-@yYhqk)9O~nCdf9INhm5K8{($a%vu`=3Bcpr3~{2i|+ziRxSoGC)r zC6ROg=rZ-H;gqSaiu^V2^$j;6G|Qx2Ov5MWdomPThi0u)KQW)OsToOho5IG<8+jG2 zwxOWBk;^WSceD&1=qQ8@$BwP_IRa~ent=5e@hfFn129*(14NX(nT^mJ*&!NIR$01! z(gTY2(X_GMWcHE>ih~qeTbCzKRiYXasrl&oy=%^;HiG>=pZtJ_2wPZnoVss=hso4U zNtqw~9J=MY42v*$Bujq$ZE9edF{KxAn!3i`Zx{Z5apz)Qja-tqRz!f zaPZ})-<8?skXkPjvQR4zPvxBX~T&gqGLfIngzB=XT=SON9@|cK^ zL2;z+9MsSKcm|kI{{;T+gZ?i3Pc#)aAOW9t;XEChK7Hgx63_;2Wi!bNt(+ayltC*Tw92BD_S6a6kEc&WC=$&N_BHCz*?`O|C zV6$WtV3x;Mc~2dmO*W2V-Uik!P%ja!EB%e!6!n&>SIcUeQq1N{=~aCT*5zujD?#$^ul1akz#ouCar{h>;FetF>-lma%w zwP@M1rXV^r{M62NlgINncQT8%a@KHUD)N@C&~#GHN{>0kE%NxL`A_o<>&^lhKlyrj zVM#-GtAw!FEEy_!XSa%E6^8@$#B5Z?Y!uNvdR8O8Ac=l`o?vA=d|(SJ+fuyNnyhS- z#{d-@r5oQq8{fK_8Xo}+^#>;lTVG&xt<~@=>yBCV)9LVI_tpGN2}f4H+qSB1Lbu$C zx^CSX&ed#e6GwcL+oC!8Pk3aZ9_KhUAd--0OQPT2zv1P7+fqdm|GS6>iDSj;7}P{u zXO8*!?`I?X3!NIxa?-hiJ$uXG9CPME{Vm%l{aIDx{ZSQf@K!u7+Eu3&XEoxgvOTzY z8O83bl0z6S^X$LTentV{n(K9KZc(DJb$#m8(w+vX~Yq-I0Xd*tC z-U*AP;FK3mtOwKP9tW@3_JX(RT2LKp425s|MDmMF)!^@`^{Akq|Bh0SMYZYH8_M#~ z6g1C@UZv`#NP>=RpOL;@IF`R)$$8lHbrC#XR3@ z{FWFNKNlla@atrZf=1BEl=64Q072mT9LNoNROXd#LyY`xk&$tGTMPT!{r&P@(OQAm zEe^HjQG>36%*COvAE(>D$O2e8{nv^?`x%{GW_4t&EoV|SP)zl|Lq>T=Q+~+a*nuN% zIXCjuq^rkGxcbVPfsxYA(X(dVnETx;CPeF_#p7n(*zxLtY;BRP=3C+AHylwm^UEQV z@?HOUzHDkoOx&sBwOq(2rf)Z-i}<);kDD84#AW;xswQOZ4ZrJEGJBe4?z^c zx$Utkn;(u=5*c%$!aQ04BZ5M0yEEPT^63G1MLMc2^L~soOapU}81DZ6IKh`|H*}^L zuE~RwPyNI%S>sR9AN$*Gf4~7^RQRbKxsx-&aTeC8Y;X+NB}vdb07qR9z;V|SmKm>1 z31IQhPksME??4d%*@HuFb{(PLWP$WT)iF|a)TQdUk2=^tQTgR^=*2vts)`z#ZPRyIdOS~!|(RvT9|Uy zAMiV(^62?Yx=CtIi`5jCt$*hqs(+X_V>?;%>}$oIsXC}=Llq)2^((x*O-9#5RLa9h zG{>LcybBF?rkYJXIQp8eDi7gb>vzDh7*YcFR|A;0lVyrP2|U%aL}=+@aLEbs*3^I< zm(&dtKAGGrl@I;SKpmlz0_Oj;1)=vGn?h)TSBXm^vkaWUYm=7o4>Nx!bti?& zhTBu%Gyl-=+{+z*7OM|fm-L4|l&BA7`a|b@M0Tz@4|Mhn&+%wh@~00=|42q;LMF)E z@SML`r$$k*jtc}Yqw!&ok?M8ums2w>!V*@sO^cJ^I7E{y%R-OpoQS*MmQx>y?j;_N)Jls`ZaTu$Bm| zbV-Aiw8O5MDgmjW^$0%|%b@ILH@QCPMXX7=DL^jz0jpW|8YIY{nnr9KMP_ z&S?dI+-NnL-c#V6*t;eE`0n23@MvxPk%pXPUHHzXW}5W(Sv$>G#%%)-bIP9M;OEaj z6Gh*cL-dD%O|vZrffgSCnM+bs&Xz@-_j>Gud)HL+RP$Z)9u_33D^ZmfktRn0w+IYM zOGRcGm8+dB#P}Ei9r~q=To^4c>qE7aUg;2&pL+w=Jmd7?Mx4XTpFzbgm!=9qkB4D& zRa7OO$i<&Kgp5=-$^h@dRv_diyuu}x${a%88k#}~`CvRsrV;YTgQ&P(|CGQQ=`GA} z0U;JGU$&znU0YD>E&se3ej;@<#NEomP>Yj4Z;^a``u)EP|9K+Z{}%r3!HTxM6NA@; z&;`~B!A;=LzJ@VG3jVj|0RR2wz?FjkW#wN5|8IW@{Kpq$z`sw=Zvg)@{{4Rnf31HO zurzii%u#(9)vR5fESd2og*)_{@PDD|-Ih+YW&2%Ln8*4})UF6>a@nxRY4A!e@33S0 zN%^+WWn${Xt_5!P{J%XZ&XKKJPDtV~v-qoaNLtPos~d@-BLkHk9Q;i8plDbBmCE>5 zuj+Wpz$CR{q<+AAwdkBc5Y^VZy}hlKB1*TBUv z@0HJ6T=3YPr8{geard`J&KWC3{y4Rm_3;mY1MSMJzmO|6mbT@A5sSaEjLW zN?#5C^j1FHd~Wh;eu&m?=Uj6Izk@F*98Y!u?xP9MFCr)NFT2L=_5RaVybBV76j#%n zyuG1aRpR?>Ot0mlyj!|g#s6N#ow5~s*B(XJqwggX`8hfBY71ZXL1B#nc=epJgS7cj zVjWm3d?;BlUK}1=zk_bc$ywC|V~v!)6~5yMB^*_jL*wDOJ!nhtw+a(ykFBaJ|00j8 z*S@HzoAE_1AyjJehM@PipTv51@KeVU1(1vVHe#ZbIr%1YaCcomZ}#tUQB@+z2pyC7 zmO6s3u(w3hADD34Pxls%*LMiVzSmt`;Kzz{#on>Ii1rtMZz$ z`CCZigoNrw?eeN@cEx?#=y1M6_<&c`gFHct+qs7=(XS)-H2M4N;M0bnD~O|C9AJMh zQWrr+Z}Vdj*@(CT#P7M)tGz#Ka+%+>^IhU3aPn7O1c}9k+U?V!@A1};-QIbonE6{r zTLK&G- z{TdyVkCo)qT%=lT@Z6NpOZ#4r|BdPsov!-;U8r;;5rykn4x|4qM)W2+jZ(5qf6V>X zeVhyLEz}5fH3Y|*#0@rD8Qj*|$T;|{ZgG%7-D6YxG-?dzwGMYiQjjB@cV3>J^WAfS zo{RjF_8tCVtEV-gu|WHnpj))Rs!|nIbyu>xwfMDqW-z2+&_ctY;0ZbNk9L#$ z4%xG=pr%LAa8=!j2%IHWs(}Mmt~)_J+5NbLe$f6UwEy}LTv;mEwu^SDLerz+yIvC? zCI3qAt)X%ClX1CyuArtfx5Uwe|NYk*G`+OU^={B@!*ky2qn( z!K?8tYMlG|)I0-mD5wJMY9*iHH=LzZ!I!Rp<32<7tSzV^B5#njODZQrc8NjCQ{YR4 z&EhZCPE3)*y%KGA~JR(DgL#HwcYDh{;Lf!&7S9}2;R+ju6x8eT;QYuZQlZm6ci zH56#{ZYR`F`oxeEcM8aPC(|)**jE;q8}=xE%swtx>=7N+K3W8os`qM0@>{%|W2ZM%rzX2SNOrfK|El&%fWeH)h&h>fso z(+^gZZipVPToMiq-K!EewHlUadzR(3jz;05Ac)vhA8qp`9L6A_FPe&VjeE|TETz&1#D=HT+vX}RW@ zfDFB=A?`4O$zU*~o(4o^8wblQN~%z_RG$*W2&6*qb39XK4&HN`Y72Sotd^Ag*JR-O zC?B<>q<1y~?0}B(Yo79u#^o1CgxbY%@r}P|{x@UCU@V7AM6+y0UY1$afS?NRb007d zlZ#!H!*(*8_}%xuw|*ZU8PFBei?klN##hN_t&^tCLV6fSp&A8Ho3Rw~i9qjR(1v zTgEdWN-k}LPvc6`ec`zeTb|3;qMxqx!vMQD0z}pd-!_}C;!n;e&AyK33KXaTTQ5p< zE7Q(XWc8QlM*45996$@*IJ?04;Imc0O^y$1P>JDrkyiV{d9A`siz{48K{{olQkYtm zmwE9?4UiGpxa)qlz+MTC$?#p6wrb^1Ww3Z>!j5I&H6u-SgIA2_ ziRR#Wa&(Em6PEl)9wjaUQJV}y%Y5~X=&;rrikTrWHLx7(Ofay(d!_bMfB56=GvW8F zRNuq#uROqXdOAFi9{kU;D@iGR5G{db`1!qZmfQg7AGgO^6|RTZ0p^2(#$Oav zg~?eqbsd7Kz7anZs2_=L6-W#Zi4j;i%D2#yv$@y(H2zJ2QZ710aOUKgqv%MS4?J7% z;x$`x8~TalME~B&A)^_+>$BJ2-Z74(giP{NZCNn?=$`pRzsRq#*Y-IAV^SjY?>8*z zJ4(tW3C9(?9MkxR@2|PAcC zM`H{p{z{YHJK@t2D~~%4?TyB*fj*2{adytrP)Lqn0q>+^LO7RBN*G+uoXdnLl z{#UCX(5il~D~aBZi}@3GwY7F5y7XQ~)PoVZLkJU$@mP+&=~@5zebbT}y^HzvD*1z= z3gfM>j5qlD=Qu)R4)N!nZ8XNSTbX(Oi!op$FH*>qBgKFgzqa;SERI!}mA|Zr{ihZ2 z+!=-GP8Xo!e9Uovh;_?C6U&xll66l|B z=&;0J?iT%b5PiEG-dOkjHTOOAE7AYqMsTZLQfno>P7)?3NBBh)!G`Ew6hAEWa)iBj ztZcls_DDpzcfD!u(c4XgFn#hADa<@>zq}ED_%}ykppS2I?D&$tB|<}8+vCKJ-&1$^ zE(^4`#LBuC(=Qj2;7I#tscJVY!-{stMYVI7!JQaPDyG9NE3& z2kGO=!i|;*uM9(u3zOje>pDkW#lqCVRgy({J|T!3MP`8saD~0!>r9v+J6HK+CBv4> zp%wzdalhXOTy-5zJjlp~CpxyPuNgm@YKqKh*U5~$HaxO|5hy&}F&N5dI^AULdxGL4BIskMw+ zD_E%)NXb@A<8AfM_Q!E_7Y90$7=fzoi?T%M$eT^k_oh_JBgQxP0h94`)y;p3k9ONy z>es9xP@0iwWwy005qh0VRlSM-&`wQYB~DxBV&*q2%@|?laOKc~Zn0JK$<|1sFaO3e zpBy;BpHDEISZjPp%|4fJ&74nm;-F$@$lQY3+pKryo@s&tD3U1SG5Kr*)BkBWnR$x->U5N=MRMv7CwH_B7Vg=f`75nz;lVqy5T;T zwam{N;TNfDwQ6HQ)r{0PTCoiW-pBARC!2e%Z%>koY_E9V;n1%)(HL3#nsYbdYIEOV zCNp$}#-1DvEwD1D02guapl4qLxbe*Zm$Lt)?Uysm>(Su1;4?R}O!yfP=tD5F0Di&9 zeE8jo_gz!?Y1YjIy}>a9^gcXGlFi{6fZpIJU7%(7b?20`S1gHT`@$Ez0{pHBN$$bH zo4w@+8ztlt{hs~w>>Lw>l2A4h2-dct5~0eCf!mMw;5@3^c}Y;+-j}Jai>gb68hECn zT|f8zTMo3fQI|B&C6$td|0iis zd3mPuN|WtVomeFT6S0`Q>$iyql{w{&(PSf4Co*xeCv(`=hlAd0$?YcPBVhY`EGFFk z-tRF^YJX2e9mj~E--P?EsvB2OHRrwXoE6FgN$$2xD6aMkFTxr!xaIOYbMT8t$1s%~ zfq%wH&f;R(>mmh4J7UqgkwtRCF5=mC1jLA9eIp*74YdAe@c$xXlIz)C!pz~tHc0Pq z#{cZ182?l1Ri^y-WkCN>rj>wQC#okjDw(F!L~1-$*z9|0{u!N7zJUDUCoV3AV9uI) zwsmQyodO#LuCsqA{T*wOP2<%RLFNhvyz;nMUp9T*VT@f~uHF6;-AC z!?*2mCdzWXt_jcnUtR?hO(;zHWmN+j6%d`BU<{HQZP0wF8t}r1L}iGO0R)P;*NPy8 zsSJ1SSqHG5-+7l#Wa^1^XQ&eXS&<$ z&HtH-1sPp&VOKrjDEltfiasi-Wrw;46*%47*}o3>_o>2d3Lv%Kzw$+Hb@=yUwZ&n2Ld>K(!yLuI^CcjG+ww&Na zI+mv<8TLzY`p-Z|YS>hxbPZV5sjJ(_kHvVXrq4v^i1x!MwcXqEGnY#pw{s-RY)nR< zTPI;WL?NQW2Ha!VvQ;LU(CjE`bxk=cm1|r4li*y=ZzrQQy>-3}tQ?)>fDpBDLPjut=lHIYv&wne%3Oqb4UcSK_7QcMM?qtl2F|fd?;gCBQbQ3j zxp*4reECUyxvY3-tG6Pp)(j0l@oJTftG@*sRRiAAJsx}CBKCNjiq-pJr7e}M-V)h6 zTO#yDU&OoWIN@?G5cDMG*XP(KjT=v`ZJY@))iz{bKV`h*?cJY7utg(f2#mCg7)%@)0A z3wD`cTA(h*SyAm{qvg0EY_#M74aE|f?bFmYdZ9sV@_VNe3ZN6)M*>o9O=aST2kDa& zQ>#d9An;>#D>wgCmcARFyUucsT4SCR8+j2&uHcvbGkhm*yI0?FRG2-N2a#m1{W=oE zbE0CvmW#BPBFlBf>I3Ii^yj@>->Ly0iiI}PVR5OG>`AE2kUic9zC^_EL}3>*2pm=s z@7tw;tL>bqWYmfUrVRx5&Fg%d z#z?vnm^7;0vspAIS{FGW!7pog3~=XTZ7@Sdpnp1p#;>X0`hWD0TEeihDWwweziar|c^oz9vt#X`xT{WZ z$ON?}9^omOOP`$u;vv7A;n?jwsh?_B8K>DVn`r!+1)>iFaYhKUFpM+{#EAG+4Uq;+ zDwrQmAcHIr_PLXNk@aC=hV{YL=Lh7Pl?c_WGqv;dxu}Wr_J58@@$C=W-S<)M`UpX%zS;Q8o30l?R|F`$JMuZU zej;NxfvL0R6Q|41eIQAuU!PIKLEiBnA7%C6?7Yo&W@ ziDuP&On^YIKh@B`R6RGSp83?{eL&2wa?|XIuP3>Rb&rpz<*(1v_|=vfzt}3;Rx$n^*7*Lm(E+us z{rwN>$Nt^N>gUGH3#ijKe%I2L`nn(cw@1O+)-LZWJj()J{z8PG&TVs&yP+u>hW&nP z4KTVnvw2E0(tI;rnBiFI2phpeoT4tlNX7Cy&C79I!K_vF#2%ewBhEkryZ^0+?D3v?;EEY$f~Z7I(SWZmN@9>3i4hR4gj-3>jf;(x1(zX^SQB>wuq>&kCcJgEo`@mFD=ELVqAlmP7nnxStU^qRcfeL(y!?OwauOGT&2X#?|)XTi%!1i|-u~ zUt$|pvQK$~j-VUBtym~wYAW#&FC+?JC59?zY%eCw`>=24H%5Yyb(gPhD@av)XVQk) zzy@GG=ZTIlutUv8>Zro9q(wJk$-SwQkK~^^^w=Hd)U00KvOEV>P zebJcIz}<_2LDXCgeP0NDb3cqG5Dpq*$tZEzJ|}r9d`E^c$nb&ing@KC*M?5igw&lE?;Z}z zd#{xR)7ghB>0IbD5#vOoV(#ZiWJN$gas)@-x>CwPyEu7n#wQT zU9HpDCi`V-Bt6A_P3%WK{qkSe%N3B9^-?N{>Sfxh=hv%W=0y1dB{K9y_VJJdmrCzW3iS6gOa}F_+zp0PjaCfJhq#E^Q4(tfC}aZGu;fzC=XCl&acvc1NT?;%6ETV zw-npMH*9!vioo_mf} z;fxO&=rlD_H)=y}RpRP{Ri*zcgUn)+5Y|KP8UAN@?w7gBbkznxzQp&Bl4sQo=lnq&QJEwxvU2OSnTml)Z}57^qY^NgZh}Yn zg|We}c8pQHKH5*)LY6r_lkW4}Oh%mZMCh$E6uFlh!Cjr+;cL(&gSr@=x)`Z5)1fs# zU^54irwmkgsu?K^i*Z{zQKIcRN;JqP`u6bp|5~jC6|hJp)B09eULAJ4oj1Afi_}1( z->1ujIka;PXy~srAYVh9wN47#+Q4mzJ(|RyA@zXD8bK}3&SNPTDC@;0+;Q(pIFWXd}?y7~#QjR3?9-hvSiL?7K=+@!d z6%N#GqQeBC#b!!%pdYP#b&GebB1dfSzTX?327kHq>}yWgHvGPVczC3q&ry zFXzO3>uOtT-&u<_5vX%8F78}M)e2A8!Cs^4;dNK-zz$Z}CoKDak~Jsg4`Kvc%*P;O z9nWS2+u@90eUkqKM_M{~e9>&O%GmB+-xQ1ouUd~E^iKE}S4a3#CqwQndn{A#xoX6j zPW}Ze6*prfZxlTM$sM$ntl_kFia5Ugj-m0vKN&S#GZCCU^`4^!Bc4v~`&{?^!WzE+ z%KvTz@~^jTY00t0fA9qMFLycrGnt$d$ypKGfbZd|iuk{s{=mjXIAP%zSaP|sbMFmf zhaPOE$#>5enm=%n|6=q|!iz>xpkL@gRHR8!CD0RK_^#5A{sU2nvv_J#6Xh?e)+s(J z%dCneW<1uHXz^#~BO`jJmOzvjUO%V2EaYobEOi=ab^Q4sP`ifjBkKD0cDZGSPi5>t zMonAl?TEULWNBm*ziWk%Obb4!C_iZ$-wjrk7i?9GioNL zoqw7GBJ*oqCa!fdT%NIpt06|^zEn7k7tr;`C5HGP{}^3+HjghRzGQ!!&KElV?>|__yWc?DxwLIV)c3J`cjLX7C)eK#RmLKJ z-aH>q!Z9ag-7BYH1Nr8{qViAwg}hj8ntH4x@BbKBVvm!Zz**telVVo5zw+Q);ViyM zIkvYvtt4|5dm&d=qkQjMckCs8lHwqRy))`%{naOh=wvuO{@~juGg9Sa z!RoI#RQ!}wK!=`$=c_wEPqn$QDXIOFK}J65WR29~T?h*7zdXIH+4!5sPYJ_M^r1*& zEYKJWG)7D$GL5A}r`$y7lrGWYNUQ{&*`S7F(-b#U!7uHMo=(#1Eb9B?)u^h8DQZt_ zUyo?DgW8gIGJ4Egpu)Pp$l`l+j-DhG<$HIyuZ!GQzNPB$PR&!nRF#R)nn#Rce)kh7 zX6rjlRSXzs!_e=aC4%rVqfvr3l;v_{7@q93vbd!nC)Iz2cowQC`(LiMq2sA-9!d4; zZU!X1$$xGJM_XS%4S)Ky($bH!-`eq(*se0cw?yy-s^zkUa*tmMzFnf%rNVU_D_bc< z>>~lhZ1Qf9`2{c)%j}40lxQi!M3ftt!2+?#bxJb8K-<97W1_L%!~*VV7VEtcdMcTmkv( ziS&Nq<+pHtyfOB{Q5E=K=)w;Jz>tL8E+tc!87+!SVbMoB;)jCy+e0ia?B~<4; z391KCw3#qD_R(gjPM*>tBRKl~Uo~@x7+Wc<_KHp=hGj{lbXwVz@3E(PE5hPSEGccj zob~P^kb&n;g!|oh9#z@?1q?%=AN^KWzen>c;)Gdxp{yeId;tl$mEoZ;)Ysz%Umt06 z`IpE56U08nCqj|M2APTGJr#kBS6F?A@A%U4A$7SycC&7fg|N$rFwmnWBtzU7bw6T$w>C$3 zQQI01rcIkPdxh^>t?3{lekl_>jtqJtb<%pm=K^!c9YT;A#Cg%sTDI%BI|2U%;&^wj zOk6?)@BOW&9IN-5&Oro&9#guL&@sn7} zYj&~O1pLLC+E;7N2Rz=j3O4A&B&#QaiaL>e0_ZVrn?L^`NIC*@5Qg?FmS0#E2}?8Z|UUT1dWNHoE;UaNTn%1;op|r+=^d%eA#hKsqYFT{VSN6MZRm z^V`)2W(V^d`4Igs98#Y1_AXJ4ldVRZ-^O^yzTCq6*2HVt8}f&i={LQ_h5Snn(k|Db z|8w+xIEEU?Z>H#bn&=y#oHVtsANT#V2)Kz}voJ@*QgL zM54C+iZZBuq+35iR{_n7+#|wLwc*Q~^&hRDTBP|gqIt+&d1bQFu>9^QniqUVRX)v^ z7|j<2G~X*l^TlrdGrD&Q@ctfC`WW4J@aZ1^HE~97HkfF_QGYK-{RFA)noazti1;U1 z?6elT|( zh|f2uGK-QIHj0uv2tH)atM^0p^5*^QMb=N6gt@=_dfgSWo(57#hX=E%09N_IGFauU zi?W#R9ef;p78#jly6%s|A|qdOOgGZI;33C!6V=}`YU-|<>Q$4^TI_x8-m9)2trYSZ z(`D4S_Az(=)qyRl)c9_q_oo-&I~TuIHRq+5dKp{G&s(sA<}1E5-z6W!eCv2l`^(5y z|NOyLQSYo>rnX|@De^SP+ySS7jw z5R9uRO@%*w6e@gSvrjNCqj%FrXa=wBtmRx?6$rjqXnU|lBr@)3HFIJ ze!sstpb!7xIEXM%Qo?WweW<}h(MLbOJoJHL)B{2KK`A2aQpQF)^+ zpy3i1qQbwSHdqj3r?!M9ukm*+W61Oe`2ik!`g|!}p{?^)f5wFP->)C%YAA=$zpdVV zooc#K^AXVktsf;-owm%fu>&hc6ty5FFjKU7v;++p`_~0o;`Oq#Q{olr7U(p~mq6H` zyxd$<=6uur&481<5Q6k!;`E0ZBDh2JKec}79KA?uhw$9fm75ivA3Ic`NphYk5D3CU zIl)lO6&zpI&w5up&Qj06E=`NRRtGZ1NtE4aCHn95-0<8@D%_;Tr~DdGO!KtrjJ?mo z@snWTs9QeT4AQ<<8gj9H`O)F3aLVbKUCXGbE5#l8g{IHCIj267=zCU11>Al0OVcc$ z`97NEeSdS)m5fHwKO%H?muI2k-LqOk#R-1^72{Mi5jxk^w)8vHcBxA`(Ir*UfLq@T zA{{PlE`7ZI_cg~- zIud>+gO)9VbBc`VMokg&CAKeA)0Mx6>2l`G+*fA4grCiPON2s8MEzR-O+ViO-M7>o z-LEB}FMmYz|6+4ULjS*Q2E`;+#7z31axG)emm~z$`U5r!q(7+tmySxwpK7;x9j~JqLI9>v2mt*0lC@w3C!U$&cQQ66qb^ zk9=6gF$%HP(}mr2-?Lk%G2>j4>w8IJL*|M|KL=aNvFHtnL+>M%pQr*&WAO= zvGTbDlF+Z>RX@E;YEXev$OzOZnw}@_c#wfUztLBK$U=OHXHkE)3Ek8nlb!4k-UIi# zA)6W5YAZ^foTkbY`S||FUnM_$BJd>$MukY?hL5xioifm^KfBc&(J&kd(PK(K{`Mrk zl#B|F*L<5&Y+vu_2^JioSK5kAP_4{NZn2UwLalws&7XtLb@=zqO=YLIBtND+09+p1 z(3}8Re<{)uYeqn+1%)7;DL*o}4L&`Z5B#&@lAQ?ts#dv)0{Ap|$Ct1X zi$)eZ*eiV7FcskI808zO#Y-8^FX6QnIR^{(bFV;bH%y^wWOD*)ZKkp?-PbzGskO}|Gnhvz(?tlZ|q5FAKd#STC1 zrw*V{J6CrZkGawI;pH6~PWQ{V56?M)^5G{saJhMG-{H}=^Z`8V>)?uTo!h>SoEL1l z4L){?9*!Q=20e%??|DChz4X@XpOZE&624`1({7O^9F@hLB6%0d>b{D9&vW4k7J4>+ z{jz4I4=RXu($n)+)oLO?K2IdNGyvoyg+a52n<#qPwwezH&e#SIqlmypsk+R^dX>V|JQ{PvC>!*JVAZi~ey ztbw~tB8`1@7L>UEbTKnta!?jWeROh)qY!9;Mp}5kmglTL#;!x!z%_UUpykqC9R6-O zSyBc=y=WV@g39f-xiatDNn&;AzFy)!Kkqo&f!;QB(g0VD*qyA#f>e#j%w{$AA*j4J z-SMtOAY42*kl&=+a>ef=JMJly@jrDSwN}c4FvQQ+6PFHZ7 zt3O9%^zuh4^#G+H>MX6)tG~OMD6CKR!3vn34w^kV{o-?{UldFJ6-oXTsqPX~nlMf5QAirh(kozlsi61A5Ew8?fkaM-=sg1;r!fWf&{r?A9zpm_hBdngBoTq$@?#cbo6Zfr_0pu zAcQ;D3`zOF@9RQjWN_xZCJIG@&TFCD#W4_6+130!} zgv{kD%Q_V3%Q zrspo8rd*e_(s@ar@7j;V*e%dI9a^)9I)Tht|*h{XzCeWDcvuBx&Zb zU~$tuJm)T9&9>-LI$I@2h=6}(Y4`Rw+?-R>lTiOdVmpqih&AR%M{!L=%0JSXgQMqH z){QBtm^El7O-wx_QpcwEEx8V#N2h5*_SqCN4gS-IaUNqng{V_ObmIg*UX2OA;SypE z5bYng_Du>m(Dh<O;c%N`a!4Mp2^lki>gw~A~Ml@AZ|cX-a7Wbi5SHa%)L(YnC7 zw;CPwJ3|-p=}AGyKJ#v`0N||e*gUd5m`j+IgUexNAnx0L8QHtOnwlgaQ+A`b!^hJ9%n+*6MkS0OzFI=f94oTJYFvRKW)VIvP=4{lHOGkYDSs2?GCqcVv>`; zQX=%wLTK_B#^1HpP$+HptrI`_4T`w0f)2wi+Vd`8caIy9g_7Hr95Q z@b8WNX*2pWD^A94!?dpufR%}>3YWUzN5e&=vv!%SjLnCQKrfQ;e?javy<XA8tGURqZ!AlKXL*m%NYvUi!3jz2W@OloYt;vOoZ8-)@q~)9y^-KxrPl_! z*8De+m|U9ip)T*0|8Q29#>dbub+X^Z`d;}!R)Mb#LXdbrrP@*ax>Eh1qxP-$f?eh3iMgP3oFk?f9RH z%LWlwyz7?2kJTi)PN_5WLGp6URHEpzbHj^|wOQ+g%(Y%m`QRl&c`+mCokO7B!Y3W| zmUzAAJL(-NKx3QN9PNc*=ybDUqPH`drp4dEdXcR4`b7ca%!#@wov#YppWyp5eN5jLAl8Md8V)k zxCGCeHPzH$0^z9w)fFE4R(Sb$d&={nJ$o|u(iM(9+3==ikMu2byRB4$z@4A4Hh z6P;RsfDs5>&I5@H^S#}gpA~=Hu_8;6dX2QiAD;BucXKCkQQ#);xr9?`S^khgr%6<4 zRb6k57*~rSW>nY5>dJ6A2dR)o+;3A{NsE!Hx*z6o%%!Fy@}*+$x@t<+9EFRw_Y;wd zq__6B%Ys@fq4LO(@bZh~dsWeai|Q;2xGa-{AFcFf32lpy!C%*F7$zudND9=>_`G|3 zwPQSL2Um3^LgQx|-0y)-u^%lrz>jiiQPJ*rk{sX#pgbo5;m{nzvbS&c0beL-l4ps(=l8T1v&q_46=(AS+;Ltpt2Xo|k-B2DS5RKo)9Df-I2 z#o&J9xuUN=%M9@UzS+{gLz>ZzHBbd*55Plm;MCyl zO(b4R{3Um@ruJ!@!{u?qd9yI!-j5q)BzCZSO{n1pZ9m6HvRg8Z>)|6?HTRqli6i7A zXptGSeAfQ*z05h9-?2xkILB|w+20xT2&su_x!$J_>mhXAb%PMHTf8=RXo5?xL1zG{ z@Eqt5aa-WzN+R_3&zK6oH^5DW2pUa=Prja-3dv_vp*qG_$*%c7Wh&h87|?W6VS#rO z?KYbVO_4MFEu7;6vMEXF&{Z)1{jvr4rR^JLf;ZE;8QFb*knT0Pnh6#fZG~#;8OcwJ z(j&=>4gUBwjf4vXM0IW?j3|=Zz+aok&42$PfepCJgog6sy`Y2uaP`f$gI=s{HlE~} zhb9pxe{XL#K9(|uKh7_A&%S!LyfDuj7t25tnp)^|4R7gjZg@r~vB7yZyrZ3-?ydD1n0i1;F#ma% z#+t!h^pza@6`fD%SEj!=+drb$Vp3@wV@*ll**-k`98*$eXw$$L#V5XeZ_@Kxs1sL3 zC$8uAR5nIu!0?rh=!|-i5D3_+6xOqOvafZU+B=fC39ItKR#VQ91?G6CV8c?^WNA$6tg*?n3v zH%zKSGW^k%n(HcRCpr5omo!-weN^Zw@(rk`6}gJCHhYg(Jy%nxUKq$A0h1}-MYEdG zft#Ybw5S4!|E5fVexb<;fCl;nKfVaG{pnRT{cRt%qcfN1F@5B(^=b+EE!enMIPlN& z>Hk2#|Nds^pGUUP{~z5>{~uV=y#HSP%w}D$|2q1W|C9LBEn%+~)y>+a6P=3RTcF>B z|H~4#*wXKHF`!ViBYGEk?*;W5WO())A_B;Mnt(7-3_PAo2_v{D*}6FUhCk+)jP+%I z%`|EExp!XzLP5Fs`xzO3xWv!M*O_V$$0w^jy;eQf&r*-G)5&snG7SQLnkX`!CO#YQ z&u?r!Xu)S=owZIw&v1PE`czQYcsr<@{4Ga%zMsKGH@1MfN9TdM4}aerb!oeV_u?(h zkZAO0_K0LvQzCTo-`Rk66$?l#=ky2gJNYBKEKbBarQr;cMNnWd^A58X`(I;k&X@|I z-_Y?I%>(`2Q~)h&&JMk-nXVvnDuCXDsbJe}467@{O3m5p39i&^&h~cS+-zvy@O;es z!gBWdmGLo1R@`oU;b=5G`qgpaft#juWMi@4OUHA2cKGA9dVbiR2dBL40WS{pws*T2EWxb&}qCq4_rN^v)+E_-Zr)X66oxRmVxp5 zZ4lMSqZ}yuI8bb{ApE8PW`Lq@4xm{7(4j!#{lVf*WZ6I*5R#o+nyDRsJoq)^Ph5;& z*8a9rndEYrzuK^OwJNgrEz-&&y|zbs?TPGtQb^kd^%#DA^u|6ub$yE*9zi`0-cW|Iln7m|Hi8g+UN;l_XO z*N%T5V+~C`v!(IB%HZY5r@_Aw+48aemL6zv*dNUS&DZvGBlacX*qW9`yg26XKW~5F zP@`UbV>5EMQ73g4AQ+(=pYI=uK#;~K9a8eISn>fOXbQcVIWe|QodlJ33D-UXNPr(N zU85sd7`C5Of-sb_AWibgk3AjfymNvFTbPYr)QoeH?cD4Z`D2OkpQOq8~OJdK}_P^>!7# zcoG#2bV==8(zX*x>O)e!29zsk!^li4-eJ?4p)Pqz3(_fApS|GdbENPW5&j~oag1uL zPC2P{iI&&6Ep8{nG|mTgcdcC4>g5F;pI1Rgp{!EWd5{am_U2R zi3+TE@HtgsXH&`|@$+&U!s5pwZ`&_5K0CyQPfqx$kBAM#15oo(p~FUMDOL)5-DSAG zQM;e$f8knV5b7xiKlMSo$t*%tKm%;FF7kS*y|OGH4IW3(yLNJmv<0D07m3hG*BQ^` zF#UVy-)B72*CqW+q+U!?eG}w555ykPW*9aPM9%;AX_4#$@#Wj+a}59MW{Uo&iTmcNPsvhx^nB?}!H`*8vjKeY!gEtbiHPq1)#dT+EB3Cc zCQnT#VtaVE*Esl&RQ#-&BrD*ODh`gmRLYS)F?jrc&UUx@0&DSDms82IceRyB_-By9 zL)l!ZEwnVY4y_jd)Q7HU8CelKD>pj0B6btjP4=YmLbR29M?HetBRT(OYy|j`N?XFq z>A%qbNr#CON=a%;_D!%Oz?67-lfDi`Y-Ex# zc}*Ho4nHQbVu#+}Np0%*8`VrQn8J-z)1+;&7<8W2xj_4FO3V}+y*(mZNE?`#P_nbO zSu|gtg~(%t$kmg+u8>=L_?toO1927DYTc88)JY6}^?uz}^w~3n4$SdRKUqoyhi=cn zO*Dc9lsjs1q;*}QH{Pg|-~rSx_0etYjCAYMr@zeyI{-hjwq0!S^i|@m_L2Be4eg!% z)BImj)_H)EE8fhriMR=xydO{eIt(SROXEgD%HhYKpG(9)(60VC=*$0{)`}zs$7BQE z{KN7E{b>eB8A%Z~OfO`WJGG4u)u>gpQ`x*hqR3(>60dSoA=dubNtyyTnndW%=}4MR zU7e(1c$%QEe>Np)$Y+v<7J~`8>_#Nb^o1!&Q{WA}vjs`xMEIpYX$Be-;mQ5k07*%1 z_u$|&%;fi>;)9qbI)j};U^Y?0c)Y>PjX#T6G13c6z^wcRM|@0$0pP^c<0bQ|C8Z|{ zgeL!cM#p>Iv35tY&)Vij2?u9lo;f-azYyqH^B1BFoc@g9##~D@V)Y)V%svnjrpNmi;&bIlr6g?8n>h z$-vJYbl_{xhdy$BGfXv|3C5*x_Wu=r7XReG!cTNnGyH_U0zbc4*&=>^az_*V-10-i z&#i^v=gtKIe&$`*1V5vvfuC2yS@=0cO?(A@+Dviy8D!Pkc1D5s5gqti{Is9&U*pGl z#AWUQNWLIsP%_K}5-}6VNF_9JLp@qFi8$Ekb(X|{ThQ&uWkvytVHp|eAKt(z{ZsQr z?@WZ4%T}AGCpxUc#_&Ojon6=%e-ULBCqliZ0=>JA0D5T3+AGDA_4XG1DqpEV;2i$T z=F_E(Au!`4f7A><&Vpf`ElMU+#G8`8%hhVu9!VNL1`}(b$;{U;1)04QnnT7(U}}|n ze*hK)flN3@2pST|*?`EK0wC%-IY7vD4M3cgUO$3_K=Q7i3?N$FeJDV9?_YZe5F|Th ztnDRX9sj=mmE)h`CZQ&Tk@in+6hEX0L$V^GnOo>($5ed^6~nfJ=UyNg0{*&wCC&B`wd-ruZ}S9%_Ex_9F)$H$SVXtogZT^f(S}=1sz> zYC4lhYMM@j4u0RnPhJ7yrz^v8(?ffX$B8^sGxxU10OryTS>orC8R% z1^~4B=NU6Y4W22@EXodC_gvF5xNLs?y7*L%z8d~t!EXWAmS;}W&EPjshhA^(E-20j z14Sg14@LHW6QLEC8yMd_5-`4WX8^`ES2qFU&n5xJj)!M~al-Pi0^_+80pm?pqc6a} z9X})(FB#V|7?W={r#eS_Y5qK~t>n|XncsZ$AVk{Cy!=gLURIS0X$VuU^9Psx<3N ztA%x@8g}rs&cDt8{m#FjM*-PJfciK}s%dYx+T=;w*vOF*{LhZe8W?>Pe6$u8S`=?! zk$w|{mySsH(+g#G(hq~-FNQ5UowRD`q*arGb7iW(jy}S3+NXPMZZujN2m9ToP#+oe znsckyXZIEp${2Og0KrN>H}Xg|y{!p(i?0&(_#kTnctK-gW!-s#{#(N{Ms?EBj5Gi} z5kjeot@8t43;O8k&h(2@(^r9fjCV)hEMO->-ydV5WnfQ4%MEuRS`wjQE~yVmvLB9h zsi(QrkTOPGQh%59X%CW4R}vFu#5>^%Czh(kg=N&Y|9ZqyG~~omnOm2={@Cn5x|7eO zJL|+iJ9zjy#L_D_-t%knC15VFWwc9pHUSSCld za1_ePe}8|GWs-Cr*0%+j`qkIz7YnWwEd+{ZGyS6d)MJohI-iN|a2Ai8&y;>~lCNL1 zkDes`qJS@ln|{%Qrw&n!sDrTINZIJvT-m6d;Ga)B(8ehozCC|J`lMNgK6b{BfcOpb z52bL7u5KBW(8o8MKR*;D$95e;|B&io*2k>1ZrVOD=7$b`htNNIbKMz7p=LcQnld0V zhclt82T-fjQmXcR2U5|Rjg_c~~FbL*_B^JLX`==EuvYyI_4U5ZXw z|Ik>=>mRS{4_by{@~y9$K7IZ68|WWq=gLsxaxo_nA7)a2Q@U*ZBhG{j126{mEr0cs zj~e&?aQ80oQ5IMKI7tX32yBpB5GX;T2J0nQFNsJ^6!2NxKoD9{&_?ls6@3vBh=Q7! z1hTHHvD#|IzAsv<^-`-=5yWZ|s03&=!B$bcUuRuJE-Dbz{J!5a^E|uH?&bpG`+5I= zKazcJGjrygGiS~@bLNbHKAa|bPdJD?L?coSlE@J^63@Ia28sQC4J6*0RO z$c|OxUb+Ho*XoZ#;9t;C2LoOG>%zoXltCSOH6E3E{7y+0{)3E}Lz%=sP!uqO&ZMW8 zdmG?&f!;vm*xQ2ol?}k;mFB7H#=-%s0PzudVP=6Dj1%}UY52IJc20&5EA%yOo?Bn$ zJd*#t=hnaD0+UNMc%DyQ@!b9xU)dTjc%7mE@u5j4BR+OUH;zyJEr>H$PnDxuC@8hi zkZbH^UVmdQyP4$+Ovo(?Ai3pVo9XDu@g+4@jjejz5G^Bo0+(;9ZvrBZtQvcjJeLU= z4QDv%!gACl_(JNd?!h);9W|B!3<+GfgZMWf--@h0qL2RV)ISQK##w8e?ot1O=5srH zTGO_8ArP>5o|Qj8ZSfo;7XzMVI`V_f1aHi3+bIl)`5!^^MnB7+n0DhRoHs^L=31j( zsk8i8XG+>oHTKEJoGzuYOHVQKMF;kQg;}oy4_df$ip*sH?vL5%;iY;u%Ea?USD@u@ zzDLWE0J6Sc)Abt5jiWCEH_l;E9N(pD`yFdLUq3ogKbply6YvOtw&P1xN6+YpORtRH zk)iqXuVj$+;sfIt@@jq^!;r)A%!dpB!jKzN4=dr{8LRFjn}qZq6ciMnnx6Ig9JJGgubqpXus;%jzsVYM=U|jHvAMJ7570 z+uTqRr4{Mlh5fIYTnvD?nE|Gq0}55G&BBP}`Kx1uFp+02p2YiQ)8hb%-~TG(x4rz; zyBkKJjne6mK&3n-IDKAk9hLNC(2L`t)paz!0=0Vxh<|fii-b)v)C)&df{7-aj-6^f z@e=Wk!QrQWVRchWd+K!Rjvx8Xr;tva2Nj&reuH{euC#$Y%Z~fc^ zbRSxFwzE!}D1M*?agdZdc^m>cbRrgj1UiM!FW%=ncL>4AU+M`m*B(#XF9GXa)vARc zxScB$8z17h$l}n#cOsG?r)^F6ze^yJ-n^OID+YS5x)nh$aTBCk@yj^mgp$QmrsYd7 zkuPg2x^92#Y0#`6U+Lhb3+u;^o~O|?n`pAySwAimCZT#$2(U zLxQO*E(YdC@70*Yq(aQy@h4!;=x6v)P-jI@H|tkgKU-GmV6RwBLflDW{VZZfs4IUF zhfHy=iH@O%?n92E(ed~N{xE0`lR+~;51K`{AT_5mhC3g>Tc*W96F+{B)bj^8CxLy! z{7-bC6ADii)e@^=Z!bHo8{)yS_XB!B6T?Y zGq{xbqYf;}@VoIsp;x+tLj4vCg+8AF3SG8KbC?PBO*t=-0=E2o4BIV>^!V2mjZfqF z*N^VkkLI!NXYnYOidsG`n;cKdxcm`J76Ybo&5t^@LL{C_vKZ4L2uElwzlV>pPJVUd zmCtyrVeys0chQ89ScH41G1GT4C=D8}-jQC8#(QU8Ky+b^;tAB|iB|(gfBa2Wj{{?_) zQd5exVv$D#Woi8jK4d!?I(T$&88&CPDD6OwR>rc_UD!BI6z6K05=@%fslAFEUQ5El{`(kTcu^J7tB+=V_AjA{MsLyaG3 zHuSN?#Lv*V@E3j%!0L0-UZz01m7`kfxAM=)xZx7rDf-aVPnUB(?lTNWN+Xo04}bET zk-kyutP?TKU5~RZlOam!xPZ|;9p@_%MB?86t2E0$837m_CJ{pKevEx&ar1nX|3D^89yye1= ziO(x0e(d;P3H@D6uZ@WW&ZDlCZWb|1#qWh4HK`#uB91e>46GdT4LAq|Iq}ke0e8*~ zL~k(l_BM#74cjzB;3L>vOkC;Bu>8}37z>CQy38OZ1D;p^I_Mun4nQctz*?mvwFwm4 z6Z|l~lgP&-@_Eu!RET%x(`Y8mQD1tam^2Fjz4%K2ly3kcAA&=Fe{URzqMJ5{&Y1=d zeRx5HL)8Tchl#To41N0}_Q+O#R2wG@H&bSOA*!`UPlK zvsE(@xPmnMKW0Q$-=NYc!E(08-^zM#{ABPMpc+}nF7V8$Uk)?mj$ zsK?h-R*e_TzCny?`jL1f_LK6&oT*?q2&tvDeA8Y@lY8S-uHt$pl6s~XFj;PfmtnoA z^CH+3DLxx!7?yYK%>hzN3dh=h)>5Q%K#}W8yj6SpmCnWagL?*-UW&h&`ec{M>QOO> zYVVOw!5xAf)@gE-iw&{Jg7$%x*?YD*+@c(ZTa@()y#pPP=fICwl>61E~a72wua;*gTRU3HUTPApsI!u`aK_+4479{x_I^N`Grh87{kO@1>5(Eu!dIs5wp zNxpy=je9e~MfRF|5#&Ts05W5JIA7opPDEo`Ux3o3w(+nu(>$`);7kwuKoqB=5HyII z_aQxtEv5o>5}ps&*QSVOW)`@o6ZQ&$2vdX{TcXw{bKIJNRk@bqjh5G@V#tjm1-Su7 zH8G7@c1@LId6h)uMeQWWi#2m)lD&_m2D?iIBc;kCrOsukAWGG7y25nUUJ&q=<2sWo zp_iSNQmwyqyuV7;M}aXbP-l;dP0soV=;o=B3~As5Y=(z&lMHSrH(0cParDrw?-CnG z1a*6(pe6OQ-RSh;p8-|q2?RKOXMrger?ET|q0djQ6Ya;tA80=}iQzaClE0{xo=1U& zR*;|Zd>|+;Ft?v^=gnH_N#QaHmJi2)-G^RAYz+KoIjTba(9TX?$?N>>+%S&@otZq# z_(xs?;r{e4)gzW)w2EL-Wx4~;)EwRhQ$NWQb?MW6@P_WaMku*SKU%{_pXx_1=|^>Z z^qPM3xPEjs9_jj5<9R}gs{7AOOvg}k{&`J5vp*PmL<0X2m>oEdkWNxYOtu2US1xpL zGVnoO1J!UPiH8)}HTc`hqixo#lJ#f(&aqO1eQtOMIGMguaME(B;N-(r^!Agh<9nr= z3*$P}#r?rAkZ;T@KYRu3^aN$m>j-62Q*c5_k%WvXXp>(qruZ&@WPR+v1bSCwno zSy*xW5)?q|+|Q`~2eTM@R4Y9~EF9-#>2A%YvJAU2RrwX^2ll)xyMkYuMpSwY^Z*>& zh}|Y;n^E9C{e{1O)!4&sqmUE@0?OOeG(@Zf8TL61)29a^H(>y7chz=Nh(F^6sY4yI zi(|x8Xuez}d;a2jMTF>(5J@HSViuwFjDNlIg9^?N=`D6kwlAAc1QoIP0czB5Dz!dj zW2M9{t;*$%%e|sigIk3e;9j`~dv#vSK=V`wSOI795_njS!5JcjtLep3zu5*4%NJyA z@vx-)j2;%uA6L3K+XxJoe?=mf)XvkRS)S~G0p;4jCh$RR1?PYX zg8XA^C*XM9V{-@)ID9$46%IcJvmB3p;OZQc^aWF|I~GSjG|i_XXzN^dIWbwtOki{1 z?ryF0Z0CFnQ(Wx=dg!V>(H8(K3Db!VWQyC>f#1NWC53IxlooR_WtM|~@kH&siS#kH zJmzv+5q11v1RJZ1M-o^dW;*R03oDFQAyaDMs^NI-^*4I`TV$Q_g{Q`9|HQs9$nwi) zZL-W6eKOV`ujq&-YWA28C=t5FWl-t)Gn1mHYAfWx92j=Mf3e0A#Dd_Cfl{bKT)%^TqVs%$qaY>BYi;Y|eCAE~q95!NSOt(1@`-;rAqA&b;1>oA zp5{7XF@rhwMS=3Bh2dmjnhi7tf=Q=Z)T1=Gbxuy^w?VR^+cu#dx-E&9s zlN@Izxkj_ltD8JdN_*X@=nh6-v#PX2+P2n@_T_cJY}g;X%r)HI#yjpb|NTnyAGj{! zA2TDVgc1kj6Au+;^g2z+i2l8|pJyrKJE(eBKg|o+b)K4k;7XPyz?Xeq#(9D`+5x`R zTR+m&#iSVUT5`U34DxY40U3ro9Ue*k8=yHxKf!jIJwtR(GS;%`ZJO%UF!XI zj$JQur89nFwX8qKRf(6HK8u#%`~jZjNcJ^NpnrC{S^y?T7K^UL$G}nTN`4K|P5UK( z&yAuJ>mCSdRL@$}c_!+leo*#gH24lv*-deLwbeT)l>x_|3_Q{4$)Qmg+WGg(b=E0yd>i_&cwVJ`wp{CH<-Gt< z<<|EFuE(_>DQJE%TPb;dpYbQXpwGsG*kn?F!?d94fU+?@d@Sk@UW!%&C9X*dx2S(r z6ZPh~N$bQpTYtZS!gD&ESTet(o+nYRE|S`N01hBz=;$t0EfvYv?~1eE_TK2S5&stK z)9SiZGkmIXQHMiNo4F^zzn;5@V7AuG;CrZ98VY@?AvZQu2-GIV9=-T8?s59)`-rf? zROSl~pY&^tyK}gVG(ZAObW!SMQWZK{&nnPS7NwsBJM?wE_VxrXv=I(g4Yxkx6t#cr z3m&)qO4JUAs@9DqYFhW62c7=$Jz_F(g9#gw7;0bOK>@|<{|9voV1Bs(s9P_}50~~7 z4#$B(gljJ|)(#oFvrW#!iEYe~$@H?FMs<5sv%jX3F?c3%0YlD4*M`WCOfSWf+PJ1z|S-JLoJi{S9ttksf;%_p= zS^x0Q?e)=C9Mxl?F&x#?pGWnycE`q9&rAKo!|4CVeJa*bX7z_lp{f-}^$h2y0Rob; z@Nmx0`qZDkIE-3O{b}qWRrL*@DDnpn_0d0lG1+p1Szl{b-|(Oa|H=73K^8*F`TPxu zAx~e(V{YXLp#EWm7__Frp}L}f_(Zhdit~R4puFd~{yhJuwHMC+>Cf|jTIKv74LHvK z*-j=Fz@rWn>KiTqRB2_Yo)vwOaRb2$o|@b6q35~2;iGi_7z?LVLUGV}($Ge%n_L4l;)hJ)qzAMV6`t;K8%3VPq2>ZJR+qD?-Nh&K_#T z*+WN~2C&ug9Lb-LmON#L;hdsD_;(S{D%ym9Tf&D$&VN9$XTf?XG6?@JN<;IFcJsL2 z=(($rpllckmDddnBu_I3_rgD5tU-51Tpgm4aURfPoX;`KOc%|tA6R(Y<(#+f6M+?m zpVKXl)Yn@$S}o|AGBKLz4D%0_L!NqT<`sAQR)DKfDd=M+QU(ODAACVt_;?D*0^4&O z877;|q6uEv5>fQG{MVtE)rS!(4t=ymg^z-&9n(+K&AIfhqK75uVJ&E49-qHLKZbG| z*`QQGnxU7JYwA>ffqAwZ9;O5g&RHv_V{%|QHJaZxEfo;f?Kw8Z0Fl5XnOx(5oi%l~e&COKGlf{3<44 zPfZD&9r0aihk!PZ`~p0Zbt!qo-Z)jaN8oE}+q5cMu1rAYY?}NO1TY_l`w; z^gA$;M*rD1lFrVCk#xxgaN5N3S@2Eb;LY%IB5C)sAEI7(t zFfCHh-QvY4$oO9=S;~@MzN&j^V&#r`uAL^2W|Nobf@4^4g}dO66;45SliN;4!BM(k zG73V!USx{))7?Dc5vQoTn}1``ZRZKF>rO?RXSxf1{%5D4yUpua@L3duBn^GVY@NZ> zB_qYP_{PU@E#8Y)&>!0|!gPSk0*Qc#Uj&aVrG|cnbI9VXFWdf_$*HWJ{Y{<~Q{^0l zDokKYPo<#~oQG_J-*;bF0{3#Uywgv5Ef|Y;yX0&|Y%Z?=#;8AFf5iq-ZBlRgt^fmk z4$QeK=0ORjULO14vX}?+5U==s>cW|EE#v-CSoZo$-hzm4fkW$c65?gv$^hc3JhRb(tY z#%ZXkafhz-&$`khT}7mStvH|Q7QD4_jcPnK*YSZ~-+AnNnm!RL(+bVhb$zhU1t3x+ zdusjy`k9Ix{V!Ae5(v)Pte#j*&snV^;bbP3L--uC%Yu{TM1HqKe<$;&d{?z6)l)r& z%)!;-YHk&dl!`#ET_A_63GwCW^oSHeLo?A3#@|qW3hvLL3nELtP(7u%qb)G_DZfc( z@qq}KG5LjHy^h1Iv}iQr*E}_g*(ci)w`?3xe}uE(7{bf`FN$yMUOvNY;k1D$0H+PW zC-uAV|2CTnraskL;O6#wVjr9k``{Ya1EYU~vn5>0j5W|vJCbz&_Fdm8$tJ7U^+)$O zbOpUikJk0?NrT?zAOekongj_ZVJfs=M?snHK4(N_yaX=BF%0#!4)qdRBN1>;te@C78NqPYe!PT@SRU z!4YI-u9ql&sr!K=zSYJfqx}wbp+&6;<+3fRwSP>)=VEeji&tzh9jZ>Galo&;zK31M zYykP8W^B=GdQg=6f!UK6f;_EBRF|;{q&5TUGEKr9xxE}4?0$lKT7Z1*>psIazB zntMk48J-nWMB>ADoy9D%p65UBDW))n1iX_@aI@3l$bx}t&W`Rnu@1Vy%@i8k?(&%N z56X-g(|<{x$ZTiqzvPEOC+^e;fYK-k0RPQ+%hmtxWf?GXAWlq5m~P<==^#?X=%@W4 zAG_W~X*YwSDU%(|Qd^HOeU$n#$hznx-h@s}*h$iN!GB@yMfphVxT|l-<0DS$n7*mX zH+Q$esKYya0ZHQn!EMkfD%0QUkUCOrH0Yyk(52F7(9cTGG@CLLPkF5R}eu#7Z_Ai4}Zyt zGQ9xc9F=ppi-u@MI8~+}ybq;Cp+o4m2z|FmzXB`BKUgH0%|N%g?0Ye5o=#Mh7~fnD ze4Of|xiltBK(Am5>}ytqO4L6Z@fH-#0SR}=;47B(LVizAGDlhgv?vQssCG0%b@9l= z!%dXJ&{?_@ntpywKY$wXzn3C_5XMdgU!e{3Kq6LYVWNNN+I9rsVtm1|rv{nMpda?q z5Ia-CrV!uA<;%ZGXcC2%-J|KIN9YU-p-0AN++L5gu6s*X2i;;@xuK&Y1p2}KTl60K zcM7wi0jv)CH(x@)4nqGP9kKuYYti(}CH-Ra`kAX#$%TQ|=sm7Gryv$fcvg}}+i&y2q9C~PCM>daIDp^e0F?SN> z7ZZ)F-Tle-HsTokAg_hs2X05==TzVaZbzi}ObP!K*Xd>Fj>Ent96-pt7OCU#2{+fn z>Bz5jT8l2AYAC!WE>ztz3aCnLa9O$qw(;mfRl(6f)go_4sKWRh-T^ydeQt|uIoMV^ zoL`rG?;?NM&P{!ydM_ZQZ`scvMH6!kbcka&8@}la4@eX;gi(X3Ck*pG5ti#{T19pO2a>WLLm31U+~9Jjdd| z`JJAb4RY!AJg?5^WMF*(D?T1U=N%0MZFt0C+>CrjZjmL{su%9ii!CgC>oi9%30MKEI@0`P`}exxQ2RgVnSYB>r983uj*tHBI3m zhynMusKTlbl5p6n{dlKm`uc>N=gDX=*qr~Bi}P^)N47ry;{}(b`rRKB;q!Ng1D`G9 zI>hJGnH}M?jc;1=4-Z7uK*?CB%6>|s>LrdxLW3046lsH2aBo|Ii&M*}I#oLmKm z5*-4tn4n7ck|iF*4Yc+xTObc126~w@rrZ-Kv5hf@R-h~@WTKI=Zj4N+Khd;nHEPTQd7yyqx?~)V#Cle9ulPvBorT=8;SshUg`^N@#KsL-TGu-mRnOMw) z9v?4j`OyyjNHCJlo}am-)gPGUzZsDwEuHCfEU=4gry0mJkqB9yj7Cq!M$Oaof2c7r zn4-=dOiex9KHo&*pCg|2#`O-mz)!Z)vSI}Idq-hMm{OYtc7UkRSM8ul<7ZHZ{B7eW zqTWI8f_is^_z$^0OO1r9n^@{)sG`W&BZaAUi;n;*KlFaS()fQK1-lil%)(!N&MR#iSRw)C%|`QL5KLhWI#vwe$XYKPdEVlrZ4=N#;?&2y+CDJnMd@) zvC-?>SW>1i5n+wYtWXwvQCS>f$aCQ;6f@XGmLwub&?_D^bX#xEs?Z|dgRAyufcy$dZ$>ml7baXx2U%hUBDS73#u2Hfu zql2Eg{UZm1e&;@ykbXlCgnmbTsk_((`prO=gm$(0&gsYaw>>)kZ4rfJ#nTwtJra+jLc1^e6CxI}U;G9OD9}F^Err;H2nwd&k%Fj&$Mdm* zj2eL`1aRX0Peq9Bu_CX2EoN0s;KfW)EG+yXa70gKvy@;6Oi&Q&}d zQ|Jl$YP!1jpV<3O?ENMTNz{B{I}Az2z}?HGE)qJ1xPnle*l6#t0A;bORY+)RuwQ|` znR4(|guZrLn#82=Vp5p8bQFc_aci#+fgpBp9(KJW@nF14BCsvep-!0rxnoQG!)bAaD8a|~%@APaXNMKMR= zAHf_wUqCp^B{eorhK=49l~S(xBG4{hh<>4F9MS=EVEpfkk9mz|5j}rB zM%1>KUrkS4GKm>KdaiqW1)jpzN}Gp>d6M2rh775MU6aEMBPx z*J&z%&o>y4F_*be8fo4eO8}4Pm63^#duQ6oy%sf8ih6Z`jgTjH_O|0ACUI!AyFWrU zIN19mjIjy%CQ;v!Z6>PaCEZi>5bK}pYu0EP>jml?W~fJjJTgrVUx7>RXeQPT$uWem zr3nf7x#9&813kf0HMZ#doAqWUnMNn4g%L(I8A4)@#4JHy#QuI9ZH55gFp3UeheO(l z-g1Or{|(pFU$N)$a=Q@%hT2&fo6z#-MNJ3*Y& zCtNK2Xgn5^v5eiKdSby$n?O`B)k+L8qQMyQT8{^b7{8*1zRZ_Y?K@y=Qxf^c`a@G! zk7`ZbxI({Jo=8(aqMyzWH3NY^=y*GG2l%6B2k3@;SQdluXyJfsjep}GEhheTev{Gl z*dywH6ZKaD*xA|7M~aUBRu^Rk)jL*NQWVkykpNX=Go7Me zeqvhv6c=j8(Zqzk3Z)M3u?PDbI@51`fs-$uc5}DOiUOzLf2cJ=Kcws@p69IYm*=0;9Vw5WvwGmFM_I3cm6nef=)3B1-1V9S zJ=c%OzYE4dwgbI$KoQtxnaC!HkkF~cWzYkQr{ijRS?^UoNCx#v>yEZ?vX1>gg!$Sm zMuh5AhxrN_` zhIcaZFdt#6+0G5YEqiw$lB)DN@+pSl1sPOiFjGvx#iUI2w0?bo7G{AnG2BY|-6VW+ z0nGLZS!F+0UmPOY#BjEyOfpmOo(<$r%_S11Ac^DDJRl)3r2tn2NDGfmS^&_3mlb$l zkH9OSL@*zX_=U;Qh>u&J_bjPoe_ZP~9Fm;hI4rMc?D`Cg`#$@8d;9g66H~v#&jOFt z@IEp@PD=u&dMAZPt;PnRZtB-heAl+ByC8@Gy`W5Rc;PE!;NN}{ma6|P?j2-+m>j*S z7eLiFm)KLD+L&Zu4I!O*n-Bb!$06#eS%_N>(-4k%ibQG(|6u8HYXNla1{c$K zo0Gkr-)&ddQY#Bw4W?Y2o!LzS{8>lU+PQ1g`Vs(243&evf}f`ZKaVBC589v3diAbd zyL}*v&b6B@kv9L%Hlg1uGocT*{zS`98;a8ne-0P! zK?X8PIXHf6leK8m<5<17XV<6&8o4pZvsP4GP!Qhyd zp3lEg?M~GM)oQ9ra{!5qG_k?dE8iNph;8&2!hm{mRtRVIiYzP;D5KOBq3;ic?~NWV z_-0>dBPtfYL(dyZkG=|N5*Mp5l^b}T+sahm=k*yvH@u6Sa z{3)|wSsZ_Mss9MfZ@>RDTo{k-f0ydVc89&)+rjV9j_VivE<`I)`k#&8QZxR~m4S~X z=>f)?HuHg2{b0c?Ooi3A^FD3$9Y)n7*yqVz+Uj#91wK9n%QIIV`E{GBzQCq{I-ePg zC{#m;Vv|vpCCpbz<_p1%6wx+pu8905!jGghhETUM;4!6{Q@NLJRe{=O^zLk*Qc^Se zzl71(Me4P$64f8a-#Te^V*XxszN?{F`U?IpKr2!Dy^a5A2LI4T#l&Re(3ye0U(U;4bv?rGv*fp0(OPiveWY-axaJu>tf zIIeNv*su9>f7^f2)&7u3``egOX}{-h&k`n+j;E2)&pkB{@io(2i5^d@3G+}L_NX&H zuT=*F^g}Sf`L199ga{8oAV5F-J3q~=`#aR5{S9L}byzZn*4@9?L(A-*d)MCM<-;e= z8vmv?cwze-jpYRB3<0sb7$uUVX5vuyd}GxFyM+q#OHSa+!h z3>LLAs{S_3#-hNhsw5AUJ)4H_7L8Qo&Lbjs{;1`RwEsi(r&Gsk?lP#$af2eWyGGr% zorb=#sQYpCyM<@F;H#bLLRA!elMW2NV$d%)UO&2slqewUb)*`dCh1->)YJ4#$1(W>*8 z%@_uWylTV5Bs<@F3(UY{E+uMd3uHs0^T@2+AS1U-J&d>Kvh4)MF-fav=G zGsZ{gJ3prVv%22CXGufH^j%@k&v)`7ipH93%ses#gyj*`fppn%mV)CPJTIohzX0~b zezP9PIFiozd7W(}o$>RnJ(%nds{>6DBNsFFuUo+apWLBYz-%Q5UX_Rivi4xco^crI zKiNjUI%k_r|B-I`kFn|R+NdS;KRdDfE;RC6d&eCAhCWg0h{-PWe>KU0VEq>cg75B z>us{18|R6(4k*nCpC$U;palbQKN#yoRrxS78iZvIE5n&8AEnpL=RQ*;p!=xj{1h?^ zQfA!M5W_Kfd%!V&yWJ%;Rw5s?r8AjF35{)EgJVWzf@8)NIrJK`)#ezk4--Qjt|?c*;V_YgZ>2yprgM(BGSL@=Nw@F4%~i2cp&Y!*MEt@7;C>> zOmK9+Px;*L_W{{&9G^c}Kiw&d#`Y?)S~JmxE>=JFhYYZ>O4b4Er~Au4=WEes_-BX% zsoJJ&Ja(0T$iJQ?Piy&+>(;Rx`|n{}epGAufe}m73~Lfl3$ny|hb9IOOOxJxKCm=Z zt-%5sW{dlFVeCH_z}Sbg5#RF+jKO(ac7}Tu5g0}WpsbaKz0dkslq~fL<3xf`R^V{u zvaI?_0!JJz?ntjq9o71o>2oO8hzGNv1HDfhfK)W%2CjJ^m{F5#IQDOS zVSn2r(wKJp5E_x?PO9B&vtnGes^4_l;g>NH)riHX4$q~q@g zo;w@Dy)g-=!AY7?);D&MmZJ{)KeuBT=GN*dcsP3#?Bng8=+LaIwqXi>C<9Y)!+0BS z(fhR3Egu^k0yqRj;4hrZp?@PxMW$vdFP@rhxaIU&7qT~EwKD*<{E@R=;(UY-e*bC9 zpFbG+L%+L&-#%rh)nOx*Z0aL|`{dps2yWnYZ@E6cVF7KLK0WkZ6LHoDI7_bs()zZC zw2Ci*w0%o7(uQiJ-S~MTz2%fIfV68pK-#V2+(=V1K60TebchjB)M3o}Ye)Kv#!n~u zf4z+#t^Y$Z&&AaL=?E)$BV6Zg-4_;EfnGRTF~tf_ske5&1$C~#8uE=bq|Mq5EoZa! z+DF#NUDob5tn^k)*Vb$Mu;)Znqlo=iDtvVHHlRc?G7>u#hG>-h{FOu~Iby4^|N2t@ zKg-677LF4>jFv}|e?cEO+0F8u4?J=pNKW1mlS+2;tt z(Ee5CjNheF5M~qQ9+`HAjqX~kOsgYp7(FX+8~#0|L$27xkBL?GCwn>({{Nx=)w>NW zhV)H8w_%AT{cZ2GgSw9Ws|TcCHlofb1pUknluB`d(y@L?`4FSqGw#Y>e~XO|X#yj& zWusB9LVn#kvC~|7z|C(PTwr2#^Z>p7roE>7xBiyEKd;a4sV|L%&$`xy8Rq|uhEFL; zxdhj|hAg}+!aaWx?s?ee9upsUVDxcAap&na6h{BIf#`z%e?aY@>2`4Sk7@rS$-C6G z^@#&&|L`d;D%?3HrvE>7`>!PgeEyKiov$$l zbgwO5qb@$pg|WyoiR>zpWIOs~k4#rrA`_0pe@ez3eX@sb|4!E`!;fwMasy1nzkO%E zt2b(vyahQOH) z#OjNG+XNQ;<#Y{y`)NNYf`XB6n*aUDHp0|3PV@WYe>^zx1?S$Np)yKbiUU;`&f0{*`*$J~sXpXN}li97h78EJ zOl~8dxDH#Ng2OlZdBP&rKfn8me(;mtfrsF)rMj<~tS{K-?@#Eyx=2v)1b_ije#qH`o5dXmJn_P^z3K@2_eywh6w#7?V z$G5#!iUS@B24Yhbw@)x+d%Fn9&-MO?6BCc00*>5V&fs~~-PEBI^>zm>b;KTtjBNGQ zt8s%m{6{vY2g|e4++QPlzkMb68HM(txyA19IIk+|8Gc(Ih2yOP&!;YUVs8Y#F5!QkwdD|5PYA%LH%p6=&9L+hgj8rL7yTNd?9;}e09_N zj4zQlgaEf8pPaD)*hl0b|bz*1gIt9N)8D zzO>uW84SODpJ_K0{`hgam+t1jcL1J zm=P8NU#M@a#Bg(n&0ie9gQ9rL9>2tIt;X+H>`vuY!5HwXduJNfJElA}hjOI^$qMG; zSMbchWy{}6#POgeD|plUQ79;g#@|edpCsNb{~PKE!TSK<-5fHB8tQD+J5@k#&9Uir z!yY1s_%|g`Qkr+#enx6=3KM@(<;ObZP3J1tvaeD2Cs8X11I}Wq#jnW!jnO1w9t8OU zM=tS;y3lGvA3~z(^R`(#(e!x*cW#on?uh?7jsF3}U*%T8JMb@j4*uq^!{0v1V5_eAb-f`;s6Lh& zQS!y$U+~_Zd?EjLCSOV=NK)|3%mzTRU?X~DI4Fq5-|40t=E@%J3MHpxynMOPjIRTg zPs5$^?aHS~P0@ov3SrmMy93hEJAqDM5zyxl0{yi@&Q%aC~e;j@=DnlZk9uzoT|Sjpbk zYV@D3*KgwjdBF^OL%~H;95QrzMvE(mNZ zNMe3DLz(6)*Ag0$VADCnm#E&RYtuQymtg+@!zP()fc5F|Gt)J{PwIGnXaDPU|CvJs z^9L(p{{;`In7>Z{|1K}@%g*9Ff?hQ7K6q1eR41R8Xhw7b{l~6c*Sr5V?|`CN{WOZ; zPK`#bQr!hh+DKN9{E;isqF zSm*eU($5c?{Vzd`j{Scq(b6URU*d*2yC0za@04#>zuxwOro#U}?SBd0bnJh@`+nK~ z5*$tZAE5p3l;1D=e|0oT{y%O1OC)0#?0@r}vHwNBb;0oebh9PR&hg;GcMzZqW#DxZcs<=d4{lU7FK{eRj1&+TabdgeI|*#YYh?dgxU zeix@dp6P1w!0rEZ-K{jNKV^s+l%_sgVLH?K{Me~}GDcX*t)DLKdi}P3^5fb63E=ze z*)I40VA}r@v#9O=Z@)`u|C=wnf?Da%>qBZ{ht~?{;n{M9}N3>izmMRo(Hl1eF^G+_~|Z>pHAh+ zzC9QUG4}1*2eJOu3E=w(+< zU&Yhs;U~L{KfC?^1^fRPji`3)|GyfL54!!I06$CZ#yY1@r{iN;BKmi|ejES)3-dgyh#bYlH+ ziT%D4{qey^qVe=2t{-h_jURtUo5l}@{N5Pcd_7?Oana}T?O(C~?YE~t zA~G`yvs~fHBEE9Qd(LY^?)=NXsIaY9BQ0 zr8)P$ME$m(F$Xtt?Sp7&lWifVKZ4K-%XVf3Oip)upI3p^?yu!;+ql`dv!NN zv#}^nK`xzGhvN=Q$5rlaLjyORK6+C)#cFFrM1H{yy*(>V%DB8Pe@EFD;S7Im0ULuD zF=8s1T6K?vv1gxaAwTCU62m@MKT6`GYCNg~ki{sc7Cx}M4d>+WI`mU_1cl)DB6r`= zsUy)TiEmWPkYysSXO5RTI=*J_zsPo1cYC>F92!cBK&y7&52XG!g4C$1n3fSk0|8Kq zojTaJcN8N@8?BX(J*xjhSgCin@+CD|EeJ>*aPH{(@yHQ@-KREM#@Egql7bT=QoL0S z-2o%xd-Iz;!G8d|-u!yclAk3ryl=&T9=_o8Bza$iL<&p#;jy>j!wkHd*(1r@@KIV( z`fI*maWeC(H+zpe?ez!wv02OLrq zoRU=Jf7^?cAB9yPoiV|)V%P{@ev4q_UF&catM8ud8ZpEBzIUB;%t6i}^t^?o#w?fv;gf2_L6~ z^8~UJ<>Q8JJ*qxs<)^aTX;My?VTFBJ1z!x2k`V$&u2jm)yKz7q@_%6bs&Dvb2mfrv zA0N)3`&fQAGr859xa4n(JZe_!&2NMGT_wLw>M4EC<1rtS%gwx8CYKHBPW;wIF|N7f z`0*@x56A&07gL5?oVzUUNSn)Oyy+6}B*9@-D~YqVvRt0oCD}f%O^tB37kT4%Z<`n# zfbrj$YBjVbTMgfzVU5}uKH3Uin;iKNU-^O)lksIb2ZH_xluhPtAY{Nx{qyf28gRab z|4qoZF@1UJh8*@R=ZED<$|l$)a^xj9reZM~V5)iFwzcsX6{hUO(>&Es%#$VA7jB1@ z$U>Q4*dfgMNJ~%r5B=}x$%Z8}IX`EGK9o>gjh}0AIxg^2PW;Rzet;T%N}Z2e6Q`#Y z)odyoZb4pE2qw#OyWQAp^d{6F`W7gITs)13dgAEPHwn>PKva(2Kn?JXde1isIa0p0 zcE4vew4LD{xzC3$W}g$BIUK{~Gq5`01r?_8m@S;}d+S+bTsyvuxw!${4af2z2uIQg zEkeHFfL`8~*2xexUjIhlsFouCTi#I{!ybH#FTDN@g{xWEo4?PqbS!EmQb75c*|UB4 zlP5>N1b+#PPs=V@)vY_?^!%H>IFrEts+T(j(Vf@TzE*7JaT;baEqvc%?f%?K+92cw zT`OBz*t1mf>;&{i1YckR5Iq4(QUQKt?{mvb{H(C8**UMwkK>%YTPrd3^^gQ!=@#ZD zl_TLRnOZ*9Y$-d+hgOSys3fl_=`E6Qx`Q8Y{zlJ|-++|iiDVPZ^A7rhb91Pl>?%DB zN{RZJY;7tVPjaW73-gbuTR1E)k@n-V(nDgVo z+t@_Q@ms(hcGPb?HT_5c=yFUgd0ThhaFi__$}7kn^eTc~NT<0uf+nxOsZe0$865y0 zIi-OVVZ(DF5iZCrta{!^OP~K;Ovx!l!Ly>IC0GZ#fE7Gxr&aYbq~-U?-iAGA_(r`P zJ`Nv7OH28X0`r{UNrzZ1-<$8OhEJ0@KUIED4qSK%&Qt;^3$rXk(mVmv^6$XOfx7T9) zJx@AOelEg|CY5Tw$IvFU#M#DR&lxz^^-T*{u!2)vSa^++BG`Qcv>sq#59W-0m@_tG zqvJWzNZ1|XD70GkSPgsez6mEcCCi~-qW|%HuUyhLhqTSn=Ququ4(B)>PToXc%sEaK z+fVPN($CiOg5EJMT&4!vpoe2pv}*bP8G4I0Fv7Tv8*QMqnG}_nht`eD9)MO5mJKnV zfe{ZW>xiE^=)&DSL2k>SCRY6vv9{z^R0r*-_lZTp3zDEgU7A)z;ZGd@IOBPpJk_`SQ1XNLIz$>bv1NB znRGCiggzNN+i+B0u+O|%v?oAT9xw-@=3)}ctHU|d&FVb+n@NejS!2~~D#d_lO)5<{ z4V2Ki<%pVp4c9t6SWZBS{v9$4gW@-~Dr#?|_=nPoV+wA|>= z5Vc6~LcG=x`54^Eo+Uiba9r(K$vAv(5H(L!fEP)gC6DVDNfj$;13*74{b|Kwd{dh3 z4W8Mij`tX39(hRuWUfJV19f!+AWarbA6J`VDk{xGH3Peq_0+W;gWA3q`KY$^HC1l9 zI6;*-e=c|dN#G4?%mX1aOG`V1FPW1OBY;29{ZVaP?#K4 z`U#%j)I;bok$hjk*(8%3m1X!DsrEU!O#o1o<`8~7vk)_c#pxApjgx;G0ka_7oppiV zNq{4Yj1cYIi*LjvK0bCJ4J`q6P10cf4b)|U=F2o4v{Sz{B8bA*rxkQ^ccoy;l z_A!`QS&{%VVBC80_cHsd-z55q{4G%3^*pB+x%A@_B3q_BoS!2vnhE(_TxwB9Y-B|A z#F&IBWY+@q;hl+RqL{2H)J+OP&+bb&JK6TRgpRsS8Y6kix!+GVz(Lup02*y!ItG_NpdUihgUUlFs32gPQyFP2!CLd17Y@~_XLzbF)IEHMN};zxsLaKa2K7gTz{Mg{ zJ@K13oP}DQxgx>zZRYQBJw^V`rTm>u`8%8XxAcH`@&)QF$P!=Ro&x>^m&*?h-Ylu3 zVt%??NjLjAV{jXK7x;))(xoflpZpfDXYvML{+7}a52M>J#G-hcq ztiY4fexRZl&{+8!<`r9`Hduav(L1Wi=a(1W-J3a;dq+0G66#Sk_TmpJwTq{YrNf6n z`6qwRc!u2CWGhTIf}4PK>Mv>$L*9~>FGO#$7w01tinuQF_%?W9bD$nk27JJcx%Vu+E0xn+lV|A- zxUd4h#5^-0mkLSIs0MFvWjCm3)NNtr_(rbt1<%g&28ZQ(cfaNHulM=iprV4zN0$F0 z1(*H7I#+g zp6SF9M)q`Qae1p~`A|nT%5t+BEkMg*&rp>%y$1j;ucP6im8FGg+(+!+tsY@?iT@32 z-BMzc|5;;MnP=&BY``W$K1hV4t$p}eO76t>ug5`3ZiRQ;ZC41V@$E*vis0T)c=Ez#jk*|1eUc=sx zdd2d~2i{R2fV}h~VJB29@5uELn82~ExVn|ebjD9eQXRPzl| zoyYMf%mX-N!N0H)N_*2RcVq+A>A>_%%MY8SJgsW%mC^*zJUuO(s&19gls?B*EY|eH zd3i%{UCK1@Luj8CQ`=s0_YMp`+`zPfSd_5>Cm+ure{R*- z?sg-^Y^0|&A|OVC#*|nVvTJ#(-v5@@d0sd%Xg$-374(6Lyp?;%`JSZ<4a0TLRa@js zo2wSTLwv^b)Grtj1D-OBbchr(!XJ#(4i_CSwRMS$rb)<+i;HA@kd=l}t`(4#ju+ET zWImsC%tGe@Asw?2EEW*B_HE%Iu$u7D#i|M6C*cdUe&%5GTaF_PVUA5_Ov3-OjI96= z$OVkb)1|I>{0(G83-Cu%7sKdDaso@`S);y3!*Z)FCC}0twB!g7tFnz0U3j?_yqofg zl^}s_{!ZY0CnXgpJPUTXRrT4oR`5JnfWwllnzmBp66a_O7Uxkl15fUR-V>P+XdnlQ zAu=%h<>Y!>aPJX$qt=QLF$UGCxPby90#zL&Z%}N9$oFM(i+32Xs&Dj%NzR9ALG(u< za5t1A2vwOsq{w>p8lJ|^$KnK2LjoFbn0l^58-+hYi}tjmx#-!N@d--r@7zuKS-JHd z64L*;NtR%KFY^Ws$5F|*1(AkM|Y9GwaEVu@2F->6KS4Xe~Dq`^}h;FScLvn zd+}llUKIJ2FZgR@j|q8h&O%o-fBN!2_bly!TOU-9a_X#eef|fHRtC=SVP=O4M(x=0 zjeHBX#IQloXJ=*>;PTQzV%=r&dd{F^JfD+OFs^n^_Stx_cu)!+EY8D&#n}_&LHEdm z@$w)w@?e}i=n;8vmOSWb9{4{TpZ@mv^sRU}Cwqc@G2XryXJ4F!i}C5-(%dXdD|`v4 z>K2{~_rz&%z@Fqye{G!qLsW5T_SxQskB=`(e;YS5vnSw#oTBuPGK}G5BcpE;;C`$jb0zPm^4^37I&zoNW_tI-WsueO7v&$y0=haF6)BF2^*W(zz zX;k5+0khCrsPBe;4xNw_8QH>@zsYkm9k5ipXZuFI;q~t`?lB+TW7%VTJf-v_)?g{$ zc9z74RuUX+1(<)!<92eT{CG`Vhi6r+`NkYJc8$LR$;llxi>8}+w zeA0J(`a6XUpQVjY|5Ee6_$A!5Tu0cWX<6ubb%LfPj%YEooK9L2_|T`Zv|KFZ=_>1x zmL(#8)S_*gpv55Q!6W7r0@WTdeUK$0n9zmg=z`C%3DqyMkq_JH;=4bj_zxghFxzc8kydL99H43jvL(B1FcCH=#wHsV~)O43^{DkUBvgg?#=E z>SKhcnGc7U5Bo(v>=F5JH9kx@uf!P5>gnpl(@c!L9C{Rf>WC$%{cqcWW%%E6X#YV& z;2-E`xn{jWlowgAfM&@w&~R$|x6_>9)D0Cok84E*Vf^@z{%J~QptVOPDm%&gg*n0*Il9ms|h1w8;%b@!dxLi|UuERA8w`)WA=T;If z_ribB-7D@@V}JLcwczrxj;;@Px7zCA-`rDh!w9$+Z=N?6YqY)7;IH&lH$sllW%*8B z=sAkCVCr4-5oO>x3T`D3E^A!{-IrrY)!=XoC9V9;rGr)#;DLISx(w(AIuAdNuY$z| z@H>U?;a9Jh9wofLYgIQ?K>cP>)aTz{%g;})$ETpuA)v*OT3<$i)z$#1Td?@csf71)ww>-A=XB>= zpXtsnT&N!C4qzMs7}dSm^yQuW8lGDLr20(5f0>DbWb6M+N#Dr)@&p65*vc^2|+bNHUPmNt_1{{8Uj8y5TJEJ zLHjV${&nrPPfF_c!zV^Je!SE87w4Gne~b&&lZ|6+=3s2*GH2qT1rluX+zE&*Ip%Q* zHc8Qs9^|9J`qB0>`RZCe>aHKXqaR(wM>`%vNQw&I1Runw&SI0SKOlK!bo|q*@n8{k z^8(tab3kr=z#(%7U?R^@kDvxJI0O}Q&;LC#SQA`n`S%D%imMHM$^@!72VqbB%WmSZ zf_RjChGZi(t9A$D3##i&XHlxbyL^IHxSjv!eKzys5_^lB=p73kPd*SEbPo2LCTBYd?~U?^oX# z-P_Qy;F{=e3jVG}-yn<`1_MrX@*Dk{`~geB5}5%qPW~@&(}t1c=TgWA7dJ;SQm(`x zCko`5^xh65Sk)0WTp{Fl)+sL~IZ{Ak?P_coHU8h$_>X~+`laOWme&kwd6eH#z=050 zi%R|PYXI<&7=R7)oADLJ{}Ppp_$ps^4uh+TSpNaXR~<25n0f87;M`Lm5th%;kM8HA zY&;VCa?HCnN`yIk-(bi^-UR+lem_PtN+z3uKo&6+>a7VW^lRsQ`N@WUZ~=DHYjS-@ z#jnY2{rBmJKl^F)nw)y*9UCaMXt4n(d>11kb?X0zgh66y@qG3? zGKg8bW6TDAu@F5ImLl4jx#J;bdqgz(dFoR=ds4x+r=q&|Q}q;<2P| zkX?70|DNWY}*XM!SGAcm*vL5!h^fnn`+gp|3?3UuEI^bvL+VfPVsv=KZOU|$WN(*WJ@ zM1S|jiFlh9?xS`tlQz}o_wiT2+qPc%X8DI1@CNz(uc~xF1jQZNugEVHi<(O`p(iYN z2t7tFo8Ycdx%w$DkHlph`JcQlj{J3@p|C_;6nEeFf)8dFgGIE9Wf+7mTr9buBV8;x z{0*94cun%;`F+_`uDC!VHZPtp7qR3++!3-v<1oz+(&r(PW?XxB>TY@+{$pwX7e^KAp%arcsY+Om59PjG}T* z*d6WjK~eV?;`(@+m$i7@SzKnb3QyzM5xXZTzqM0ds}IDrR7 z1OkT9?T`~|p%~vjcns#x&xmkP0ufxVL`Wrt>>5noO#lt>8EY5pelEt*x;+zvz1LYm zubPD4qM&zs)!0X0u7rH(J<&gIoto&Mxo&$H%K@*dY6MhZFo8b52hQ!z+_qJB#xk8L zhWvVc9^y>k-wjWW^hD5a`)mYH(cNeogl?pC+Kmo?{`wyT+7kgMy zfZXR_7dnEzf?(>VdC0I`G=$0r!<=xQBri&E0YUemRERimd%-php&$&l(D$lL;!9-p z5Rv342ad3Es>aTdav-Oq?6EQ#*>31;pMp;lpdc^t=s zww6h*Lxddcld?FW6M8tZ8cq4ay!2YW+~q-2m0L5&fd0o##$59YNHXR5eL6cIyti5o zJtK0*hxeM}>>RbvWWO(vzmUCIe(!UuM}^da8;QAndPYU2p{JM1jB#<7C& zBz1x7Sr`3xY|BgI9a1Y&v$$nA;OJrQU+8)M{q%XgvF7Lt4u9Yg)IWtoRIGk=Ne2zt z4bWkLz{0zvRWFyi-{Xi85o1~{%74>Sb44#rB6#=^yQ>yc^{xhhhzi1Z_VTUWB@v*$ zptr3~=1;7w4)HAgcORA~4+K*`zsKr!W?Obs9i-k}f-=vFLv2RFkkv<^CY6q?otBMr z<*GGy0nPhpj&skb^6%RaEzOs=%EP>VrMcCcN(Zh4`2dKaXXRRwd5yKM9^?ng-H)|= zli)=ALxjaGgu1ggnfo1#YaZG7aX10uX>=!Tf3d1Vf zo60)Ovst~M7F6x+;i+D2$4Hx`N<3`*SVs8h8l=;KL&N9c5ug|*H5goY zUhH27mj+^g2!Z|ZrT*b#@Jt{u&t~-x!?0-u1aBY0UYN&${)`W8Sv=~-#HdSvqr}KW z@6s2ZfxkV=JkhB8HR{LuLj)I|6}`exruU|MYK96Vh5?@I#eVGV#d8kyqd>3lvEtvZ z+IvW(JdPO@T=oV%gy{^56XQ~sZ%tn~7M<_u#^)7yB!FpLcvkcePs1Ysrn%WXey)F* zg?p9twy_rIAO0zx2v80l!!Uwd0aPCW%6UxtAirhas0BY9zkSM}T56`;<;h6e<+-3f zJcRY*{7sx+kWRAd*EqB*37n+`vmQ)+${=#}SV7@*6kZ=5=IA#l|8ANtPi{kbo{L&v zmb@t444&|Dc(5K1ddd(B|3uCTb>4b#+pxgAOHRNwReL>U(3+yb&+v9<9|V-4=tPF6 z<_H5svj!pwfOykldSdD!oajkE{5zlZY{I`SP|T#B-!quTbQg8-;L`KcVtaHv9&9R0 zsf+GX^8#0w8l$^ZQ(rb2MTi9FBi6Acf)$*odiDH2l@Sg62rwcsmir{kbwI%D5V6(ZOTbJkN)E7Jk#1 zRpc4>ru1x!-7~phC)hKpba@h?@Gdq{kj>aduJ3%K0fuCE&%o`{*8e=2)i4ZjMS0+y z4B+6*7P3YGohF4C2#v_~cB|g@b-X4J50^cuV8c$eSy#Ovji!uci&bqVn)xZStRETU zeZj(sSe;433=s<_OvHYNqH$U!FZ1o6<#P$LMgXPdeF7Z4qD88-RD zMMpa-2F&3Su3iAs6@(Jfti&ZEHS{VV_9SA%%>0(W$8+0nrCTxGvqeekD$Q>7QtN#t zWP`dY(2OQx6i^ha#g}T06pLawDG$D1$$DtuhyL!PV{baQZ(w=pia^r-vh@SjRnte|)Fu-sjjSblppHN>}cV zF^PM591G6Y1q)FS{sni*Z?>C~uJ*q9FBBWCi}hlAHKtTQ-M!;JYNx%wv*4aPqtP)z%1@kVH!Qk-!8Uzpc`~lyzDXvdw za$Y*)Bsjndu)c|E>NuK3!h+ba>m_b0vc9g)yDZMeC+la?Uz8&Uc!mZbF2?Oy)OXsy zd@^+j_xciA%rWapblJfRWC0A@`%m%27#sfStW!`nJ#OwNz1FX@yw%Mn?Xh&TC+@r5h3bLwsF z{FXTw&Z&A*D`xDo{_p}RIqM!O&jL^B+E%dx zn0&Q=2w~Ko>dR!*V1LyW6{{#Bx|RM6V{N-mF`JC|WAOg4b9$`3)PE%IL=>@NEU!E(pNI>mg5~@fIFykaA>r}V`iJ@>OZZ>qz07BUrv83_v z<&t_8zCIH!*pUJgLW3`$7Zt?&Git;Bal#Qy{VE&g!Gt z+f|<>j5A@3PYSLOHAF!-o#9}`40o;L=lQ!m!HFP}FEFeX`fJ;b$NK{Jvm#&M5#rDn zys6FMpQ8M4Jxf;L>!QG=-|Z>Nf4lTiU*JJOsmMn>@hl18y~Ii(TGPQN*4Pf481NlN ze7-&rIB9uXlxk0P6`=rPi^WS%XE&TQy|}1B_z?Dl(X^c30Crf+#=!BvW-l|;vbI^T za+%>}D)c}KJ~Od&*hYsve%-M$*P|$CrD2h>Z`Ih#o~Q)=dt&{dM_PD@T3U$!arivh zw7_ASW?L0(ShM@$Y)c~Tns^Yltq_4*H1~t;A%8;mXz%^MM?<*Xp5&tXmw#caE~*bS zPJ6Z@_*1JZKqr~T{Z^(1$!}#8S z{Y{Bi$+1lX6>>X9;tx76Z?z5~-( zRsiDSM)aQV^O3QD+bAH9e!^HYEF&U*Q0%u`HEwgI5S67IgJ3kp+bk{uKotTjH&>MR z?N-|J`CPygPJKQLKY(vui8sG#;Zz>WJ_?&q_nc8Q66@~W2VvJM3}1G*YHh)q!rB3O z5+%6rrmw6(9(NV_{F5QKu6&GKm}>b?h5OyjYt>4Wi{!57e631ZxjFwlFr*-pGKPE)tDWBELc?k^7u6Nf#)Z$)rj_5mPZi{#M|{q~HLL7cAxtAkv~`{!wz^JQ87G zF|zU8lj#2#vyt@DUlY@Ll3D`46pFb7VmkK6p+dkZ5psJ~?Jev&-_p>x{Mg2hJD~JD zp!2XtiB3o>S)}uX^_BX{gpmMzfT}LTFqH8fdQ8A?R#O??jY9Y!ojhe>L%q`tD>w`} ztgg+l0!i2~Gaq}eq`e*J#=a>h!GE|xGhLqD6E3Y{;ss0+kwu#oX@4YDfb>MI^+)yL z|M7Mv@KIJ*|4$&1uuc%r04`CYf?I>AB_NtWkO@pA?oq16wWzcrBoIXsMX& z+>#T72LMQ<`ipe2mM$uCWz(~Nv*-*!Ot3qdNP<;111&8G*$Xj?6sq}+@QgwJ4$B?1PJ;o&c!NtvG?8DO!D<-94``cvX#OA2>p7WJSE~aO;QoeZG6`6_#tgb$uncI}#8!hN z0&l}D8Tju`!{>d!R~jxguxeHs4SyTH-{#ZrGu~H~hvk1kzf(1aM?3yq`pwJie|P%5 z`+L2T#iE8RviO(j_ntEx{T9+oapZrCe&cEUTm0^y?+g)!Qs- zoH#d|YP-a-=yz#(wr$Vd19R#~A%YBN zz4qovIDQ>#T(*7?-B-C{z>}5qDQU76TE(e=!0lHpf%_4`ROdL*BB9I32}6cG|(%644V`S$**23 z9TWCN;%8*)=g)*zeV2Y|z~$O)FyRA&tKkvhT?)0=PTSd}HW5Q1xBvxa(67X+kfR`G zpGMAhdlInKst$o*V`bq!GHNaQhr^HTrW1I_<9`$zNF0o0dI7cM{*^7~9Dt?qEa@@w z5DDy12}e5%7Z(dqNP*~^p-6nxRU4<~u#;@$h)7w-vfm}7kQpH3L+83TLk9CEwEAbf zAjbw3#;;3}BaT*6WI1|)^c(nAZYF$+@qA87r>t~Pl~?4@nP7*CuYs#iGn0q^JW zyv^pHi7+pDX6Ec~OWd0d1@CS8`THkMVNSyX!kT~Jl|K?BvQMDhI@aEHgueMSq`ZYN zjsD?XJ6beYO4LMbau%><*rw?9!{3JDHzP+5DU@`8ppuTc{ml z<0Z%&tR3|nwL5=ql^7{uciX+U+TE0$?*oaQYzXZ80eExVd@f+LHtsh2&Q z(5AdA+wARPdwXq)8FEVh>aur3tIy@h=`A-N$Q+olv2s+Zv?}#GTB~k;@8%GJt<@9W ztuA|W#ar;_{@jYYg_`XAQw@i-KQqxj8<|UJ#mp+@h_h-g<;^~OwB3KSuQbs_F+rpL zq^h!igrdLT&8*O)c}Ls$D;jr~){Rny_SvmLO{K{iLUd`ricbscrxIsGp1=9Lu8voy z$j4G%Xx}qgL#t0!l`RY--TYyGJ^Mr59%J}y}%jAy)3ju?A&O!AP%2FSp^GWsfe zW$Ao-RjjO3ABG-XG|b4XZ11wk6ED_`w(dV^)rL z=Jg-5k70SK(WT5)^7H*w5~0S;@o49u(5hq6DYoZWG1+~oh_EdFaIM0pFA0({Ow(T&fQdS^#6 z`LbkR5&K_Dia~yfS@q&-rHO^zoFz^_N`Nx>bE)_NcHh9_7i1DS9icnAK#sRYP(Gfedfu&XiW8vRPHX7k}<=Yhq_q+eSz zI;9}Vz1|4m=-qZ*PhdKGY~-9C;8PRDi5-177JTY)@cYT9!w;1`1Bim(mgN2(+hS03 z(y(L0C8-hfArNSL}fQqgG+$0FMMK5q@8^seOLXAz`&v zKte@vU6ZO3HpSpPDF&nnyQ#XdVNg!}tm+A*@!H`%k`%#cc>t}VRvzU>jR@zkbGHYn zj;Kakwl!SE?#dmkoT~F9twmL>bJ$)suDW$zfrK*o$(nBAH3>P9ju%R=h_3I4biAG& zK--sGuG9>(BC*$K-3$b5{=wzg%d6KodznuBtBnIH>Z*$EsETdy2jTjU#2mM;bXLoa z<5;9gB~LU6;FPW>0*C0VnK{%+G&ht&9DCL(Xer-q=u0&o*siq6+3Z%n^VbamAS7QcppBM4jpA3av@0@xkQ>-Z(CORcNz!K<3RrZs5i}xt@6z z#0AhPdmK+E)su)Q@T_m!IEtt>fKt7 zOdO?ehW`)cQ}a%oAQ3j%NqsMWzkfLYG4cJ)_k-T9r70DHHMQuWS#M~%<)&7?idVQ| z&EdSLc#K+eSdE>y<1v|T-bs7@o+%~VGMCN&sX#yZ*>2x!DL3|9@bT{5y?pHT^U<~l z#zC^_IC>zO;vaJHFsX5QIIWL}O&n_5$oA*m{vnLO7gVkb*vCHqan(d(Z^#>Q8$o0# zW?;#Pij{wFq_&&LNPlTAvEXp^u&hr;yv@|3&EB3rN>;o2f~7IdBA7Jgs$zc#z=i3D zU3t^JlG#HbCxd?@Ep>_Rp;z^!9j|tJ4-!dms=A47lh4{;j7Asajvy_+^WQxF4}3bI zS-%&aa11RAwbYI`d{`hxk`zytWMY#&i@iE=hxfbhp@})8xHORJTfMKn?Pf?Zpe7eY znzW_AuC2)ITw-B2b;8N-uL~hreRNIt?4}t`s6;`Zo;-?AD=dBmqM(P#y;;P-0KDCQ zhJ;AKoAr$X0%Gg<;PIXxbnt;Rv+m>Z-Y?G_jNxZ$w*ht2PZYoLpo`ylACDTFi?(U3 z#BXfUZ`}Rb>|vicOhY@B>d{r-(N;D{Kq zF{e1azV50XL;=XXJQoGND%A7B+oF_Gz72lzRSQSs`L+z8Eop=FtfEesyGLmO)oIVULmU~A1D2={8 zWCJD3gAbp8l%ZYD7kJYd&a)(YUZXydLMHu=T znw7V(iha4t_7vM5gd1FcG6M7CA4`YvBX&&44Zm$A`iB-)2e7dE@#jUkjsV!_M?+Kv z?=cS-J*bY&FPPO58A+kp*kdT`n_yq)?^9pbT=2t-v^3}^D}#Y8A|bPq#gWk}`Udes zE<2EUEm4magj2X+SwoDUcwnTpqL8)2sbKo-S(&0y56K>T_*Wnk1s-@)?F!v{Hshu{xF+vWGKmv3E!%Zx=1lIjdR|wY zP&)4P{7uz_nzWIccUOd(bu5WyW2ospu55nRhMHdIT7HrEDPxuKP)AmP|Az2kFEgrA z{Dn(SmqH;J3k?n(@?gjwji2<&B>7!Cy}1u-0n2}n@I!k591H@97`0ucI^Oz$Kx`;?y+C^U3q#P2l^C$n$zYflKTAPlJJhOBP zvqJBq8;aI@(`f?#_mkZel5V$7|GF6n(*~W>iYsmKC;zZb*DL=1fZaG+hkpDSDldDc ze%6&8Q7wY8;1*TbXii&n+V^h}^V}~Sn^#Wer14DPd9&Vjr!BS1J zLP;RoMCFegOINUQJIV|6oFuu=@KbQ}v3$0soy+JnZ?(EVG~CfB8LNNVg}z2NM1JnL z08IIzpwVehSlJ;wC{{t>JD7+!Y$fmKuH0ljj!wJN$_-H8#?zO0!+46csYtw`l*?u- z-Po?u{KGK$>hS;=S7ki^2QOSt{-}|FJp)>hinr)wpJ*(nphF~U*0rHWYmusb#jk}~ z;;JQEdLQqjo#R#tpIiHa5)3dOerd zyg9CJ7=KIa`cG_E=`-|aHqmene=lf^S?hnA54D;fHPV9SD_3kp%fQ4+k*&O%Sv|!s zLY$MSJdlind0LMX4}I3_|2^ll!7u+bwwq0Ft4O&bvBEI-@po&YkFSd7?eCp!dj!tG zQ!Up`5XV!>1>*nDO(FrpjQB1bJ5cenT-p5IalQlk{2&8)IrJN*Gd=Bh@5K{+1Zh4q zsUr|OtraIe@vX6LlaJf~IDD=-*1_k^@BVx6nRL1O-Uobs6YUc|YtQ>v;N$&bQV-BL z`PLiv6;t=9J>nr==Xul0l;fHE5D=I=?o>EPzzbGsnX?fkMz%`c@_VICms>^L*D zByW%crRaLOdRVI-GE}MS=uj+u<6ib|xzNFYB7h)VKzM)MTac51kUAM0-y8nCd8&@v z$*PVQ3mJ8^kMqWCtlkeMe#!`YJKr$0`aU;4xLgoFpaC%|b)H@^pN*X`0`F*@^TabI zx<=3V7#gGZ?zqN{swTiJCAwo4kolM`R+W?0f{k{(x7f~)(vlVRGFp3~?)1eD+-TR9 ze#&UCB>zzlk(b3Jgx{sh!EL$5jsc-Rj1Ews+^BoC-egi#>lq#OX^tV@SW;{J>)xx~ zsCgOS^1(M8F2}15h9e)zovMQ?gBs7&Omssz=dVz4feJ$W@G~#@nI7XwoZt5t9DV*f z_(Qkt9eYtR#L>*`qhq`_es&UjdARO<4gy(ywyQ0xG!<-dOL2^=2DLTU`KyX zkDAex=5n$3mE(E`wB;wvniH8f@~`c7{xwCZ;9nCrmw&BMzj6N;<5VV}ychS|ujBUG zADs#{No%)k^{J;L1Zpc@n_%rL)h`%=?WDB4=j|3#@N8hLrb4RByC8`zI04e07MAOhKxXBO6(#^IDxx9N*Z`&uKKqWr88=h_r}U zk;eYb^_>s^@TqZhWr}qrs7;leZMu~(m87C#e4ro$RCf{ zlhcKPnu?CRqEo(f)k5O(itJD!aFz%^w{tZ#=pW zTCT>_&Lm&k-?!7z?>M>&{Tg9FzedNkL9t&2SwD6VPDiV7}NwaTt z4fmXdGc*eqh!Vp-N}#*0S-7Ft-`_md`p=qb)=XUBCYfVEgl}mkF3OsT(ONeX5%mtz z8lL(Mj}h_i-v9#HpJhf3Or{WrrecP1+j;}$xXGyT1Jg2G9|25{rC;9n@97TH4a;>x#hKK*a>_6#Ry~FvTrGiXvQ2sVx3Rqqyh@U-#{#06jGRgK5tH^iP z&kXkhV$SGnZ9wy^9si`j%nBCrci#9eSSOdl60+E#;(wM*5*0eAr1@bboiP1y?cJF? z(LtHgeeuM#^%}16MAia2fRBw*t-{>d(f}LoPE*?sX256DPWC)qi~+xIVMcGJhnfKWriesXwxuGVx z_tNWsJPtK0B*X{R!!K}@`IX#9Q?+#w&JRyrS~psiG%F>6U+5OrH0-={cOQH4$xAiT zc>aj51;c&}WeoyEKio{&QR#0fTkFcce0RF6VCVfz1>fZ=n!0wy{AlX(x)b=Gn^5yN zdFnUC?t}avrN3mUv_Ri3)whpym3r~X%ekTGs&vuE2B~1R3f{t1G<99wGOK@S{nW;W z8dTb*XX}TUTg)4P?VY?_q(gT#6{%@*x0?D>Q?eZRG}H}b=>vCODmgI?j|TTq|E`a0 zj4y1W)LeBnB0vH5DW+T_V?jFS#}Www%vu-L^_1C(lAG?zBPiZODt^XyLMfc3AJC$$h%93-Ud#+q@Xmrn| zb;sHFSKL_UzOoOz!QehQE4t?kb;HD8m}Yg<-%vl&74mnAcyBSdWHD2&6T>BWpx^En z)K9ln#e3Qxz8_kux!BE>Zv1QBVgC5LdD0X8Y*sk?^B(An@go`o{}KIPabWz+wIotp zIza;~(TEOBNEL{md9NPtAM}49{SP(I;ElgpVG1^#VI_fSK8I;Os||gE_1gAGD;s!g za9}>Y18mN*(>9*I>mhLiQ8U^P{6zHoam`~LPard)Hv*s9=EwC(GSxzyBSpzAI8m|N_cf9p~`Jq|(WdyK1wOR}d9*_Uz zU-2LQMs(HF|7`R7x)syJ%SJKd>o0b6=xzKxY+yAXx%-K!iJw%(c9NvE;wvzv$Hlk3 zRsWOH`pRX|)RMZIXliNwLB=Kqn?z}*f+UVGgv;-@a!C`84-8>vNb)n?tL?laUF|Vc zn;hl}&_C~9J{K1#@6FEy8z}ZJI3$w;NChkcoyCb7~uy%a#ve0WW{$VwrJu@lstx#(S1uoP1?yK{OnsA zYCckyJ#(+!`sBJQVDmoIv^p0yB}<6C)~p}YVg{3|f9sMta{s<&Uz|hit3NV}HDqG| z>&aS8m^KP}UK3aMRR|SN!`CvVzO(>O&N1SEPF#svRX~gSu32PN@w|~Xqo4KmSmZrA zlhhl5OUA0uFyBq-mW7%P7Ea)7xdB>Va4u@}w^M~ZKg9UXE9+dlQI+#sS_Z&)B_hC6Q7>1S17;sSIWO!176m5n19QbktF8q&p? zEljr-9MW;pJ9@;lG`j<{RrKonPWDgDBeBbw5JGexkqf`HH`{#Y$v5s|d9iWYhb2mY zcs!=ugeNEQ;i$jxAUZ91wFU*h&3}V?<*%5woeOWnDJ&ZfpmgW2Roaimg^2D^<>0H0 zU+9krfq#}0ktB~wh1d=VaN@8=?T-fiU1T7N@$Nc^RmT(DtWQsoKgYXIkzrCQ0{vhm z%0hP(gi$p~FJQ_H=ZeSkzpXk<(Uf`hrDybs(%2}OdXUK3pIAOj{oV!fVTyK?ekCJT z=lG2r!H{qM8WT;YRWsKjtqTx$e_Vo$GiTFlb^uo*pxzzBLG^iG&LlFSddXE8#B}~t z5mV3&+VT4!br=to1u|o7`W=j5bSh{(RSf(SgWz%y-ly3gwd%swSobdMT#(U)m!{B# zESr|?efTdE-$1@#={m)47~EUNM%d55XEf+f9x;!00994SiM#)05ThXHArkP_e)AJ3 z2y+Xn<7b+9jkF%BbP#7~jdH%^9R~h3@D_;K?-kPH!>q?a@*g)tgGOAa9J>`{D62mR z#F{H-bmR>_wm70>3MPk#*$4|Fu|pGOfGHCDlNSNhb_fkHgG}bEn0DMwDa0fQ$KeXYPRF2VIyKEWK@krKgiYo80P3h zA0P(*fyA@#qn*gV4#_{iaN`Zgy{2Y80j}ksk=&!2h!ECnGrdp6{}EvFqG4ci+iHhN zV_ilVf4d?BliP{BV270XrL`;=yHIYj{&JIvI&pxFv?DVJiWqv)9MV65y9PKV_-fFc zY-9-D$aTHCsIAFtuT9!xgI~-%WIa7L-yce^54T?b`;M`zXNt!9cG&E>Tx0LeVY3rJ zv_;}G`pJ>X{`*Y`_+UnkRF`gV29OFj*e2%b#-@4KkvC=nWFGiVzh*7qzgB(%W<-Z~ zw?Isv%C%j1ep^+%w!fSt6Ern2N;W+OS;$NM;~}&%fmSpbcwtOh?OZv%Bd_0=uF^U| zzlG-MGbi71))FGQFiA$A4)1u{N$&4>)un$GuX5e|Ck*nlYW8PM-Kpfo%QC3s=O>9u zGM#=CIKx=^WjPcpKE0d}mR)a7@v}Faz7{!kN;X|@Vb@o3e6*85--*v^F#^`(dgq-_ zS6#fN#_D+%xu5Oz;Y6>^y*%!V=XjMP1o7TEP4@W@mzTWe^y7n^|NVZU0{z&~i+*gs z=*Ld8`$am|)F~v6{KYWV*mo{gj7?|lx{crIVilRzBTgqZq0Y$qme?4Rxsd{bAO7c7 zE>ThD9wZfoy$++!;3_(8?xlkNaPfRq9*O0j%5%c<c5b?d7ZLSZ)r;ovl#03t{UBXsaz)CyqNB6E+cDnoqwD(!(B?x%; zw+l|h|1y@g{IXrGnFj#sHo3ou{cr`T@O2vDyKf-jL?6vrV;eUyREScXJS$8UU6$U>8^C-<&LkZIAcafWp4j7 zs%Eeu#$i#^sTqTj)-O7(UTp_W?;+x)P3q8bUGT+p3>R%020BO#RHvF&0Ex6Hu=-8rJX!q3E9w?pdpXf-Cyv=zIi>)0ERYK;)T9h3w-#ga z-CIsu8yiKpM9}-;8;fii#l63`0PsTqYGUImqwhfGlkF;y`I7>oS-2mad*|jZG&%aq z3!2tm08b$tY&S;GOU_RapZtPc$=8xeGTbt|MplKfJ%4_ApOp2?bt>OOSMZXzb!ZQU zD=$P>*izz-?!I}ccshS)GAg!X!Al$q4x4uKa7np-VZr*{SXpvRPU9LaeCC9jOH~jC zSHqiV=d${#SO7&@fFgc!;2wfX^ICNVO*!@%EO)c9TvxhrjfJg-nl|uot(>>8h-1U7 z2>PGT=5y%Yd-}_M{`64ucf?M>fm$>DtNHU>p|l>`Cf7(vu8~8zsvDEg3;Y*#g*Yzi z2IC*cAZ?z_LrWXiI=fiAKbp$)0GVNaN!qWW+h^^j+toB`U4EaA*&gOx{SscK@k1fE zS|^A{qq`Rr6JPp7$uktOi%r4BYx*dD(rX$vDzFNuHNBT~*k->Z$mbU>b}WxPJ&H4X z{8uK-;_hHAui?m#Q;7LW&7R5O)+(BADrux7D|4~!V3`1H6Xt@C_vLp}DesD7IbM+s zs%$#)(YSJhu)5xx)7Kk7Fjt_rX~Z}M8~hVfV?IRk{jN3GFSbJ85V@Zs29XDYi#7Tv ze$p8x7f7XVbzm#lFODnw#izip50Q2~0wS)cq(~f<%v*Sb!2-r>@m~%W>QZm8z&`bs zvuWEq@0dQo!T9=ml_r>Y{%3bV8Yi?EAnFgbnc(&B^E-5v78?)zxo;Tlq=><2cW_Z4 zqKuz(v=1W{5Y_0ts3yl~_M0Ut=EJDazPPi*6{U!ZLNy-5>rF5D82>1AQ!QAP2Xv#Z zxfNYeOE|i&+_XwW&7aIc@`3k*CxKYW(S1P78`Reu+ks-8MH=-z@FJSEffolCr8bO{ zeySg)iwbDqdar?xx8HA;sF*+S$$A8FxT4=I3Ht*t<=3kkXCyLH8Ul2}G22X+HY;)P zeS2m>;cgOZ;O?|yFEgCjd z=nXCKxj3^B2Oj%>72oOG;=TRY`s(!TwZ-bzD@l;_Rz3MgFD%r4vep}lId7N6g_C~s z&J=cQYGuh=WxkYPdCU7~Ka|*?YU^IPokNRjqlEo|$+f+;+V$+;Y=6o&wU6+~@%m-A zzvTZ*`_~P^9k&LN&iHlkLu=Rg^Z$R0|L1R|;jjEa8SO9m-?cCQjOT>+?P!YlXH0Rx zelptw;cdV0Bq=bOR*%>((mGyK9G!N}xhv6$SSkt^Cx@_I4)wKa{H|1N7h5bQQxY>M zY(@ON6eTRCkB{w(#9pb2ZJM|R{z++nQ$;D4k=WCGD;fKYmOD@p?pGzLbLy`)amtN4 z(V}1GVWWQi5TBJ(dWQHgKUM6073;~W#NRs~6BzwruH2x}uaBk{g_`4BVbt9)Ohz3G zX$N1=Rdm`7=V-u#!m**(ao=Vq?|gwP@2sPwm03WbMGF$Bli^>U&Y3%QG5~3IIdjJ| zyRAA@xv5Qu2yL;zB)QmMd2$i$dcQ#kckh*Ng*gmhp-RSMe*&uKQ4}g$&n~Q3x%aMx ztKy+s2E$jJe~d?;+r9X#&@Edj&CN>##+|zCYA)9Nu36ag^^3U;zvewt;PKmJisQWwp@=4R*Mo)a!d+$$_{V%J# zNzLnpR%tg_?%GDWMWU?fETjX!4|qr4t|-r2S$_&& zUGsq7zyWFi*IK0YOqi@d&a{Zar`$KH+Z1alg5}{xG`s zNI(h8)j})q*7_fUDRHc;MBjy)FLLcq?`nSzPi*MruI*XE=x!de|8(Wv>tjpqvijSC z`p5Dr^r)+Utm^+Q4=6d~k1v1SK>NMFGB)d9r@ZffK1=tlKE0f-KJMa)#{bpvmu6vS-}5{PyP39`i{QC;4x^Hb(%cY%5VLh<+h3wZ1Ais(EI9R6InJtM zFTtthVOy`$(cZupJagh(%2PlLsSgYd?pZP#Z*YuGSq7;5!|_kbh=@0^Na_wIpNV0!Qz2sl(vY!5WMV^~4E8D0S&o!IkXu2loZ` z`MN{s8!0S6hNZC3FCu=E-G9?rkx18_+(!_-G8Is$o#oJE_NI3Ko0&kd`Tl3M{94W} z%Mhu6eCY`O{N2?tpPNwgeF94m5pUiO!>@Pm#iGe4{K{uRlSS1lK`D;6&ljUV?jMfN zEw)hA7roCEi!{kKw;SqIuf(75Jwu-pg_76QAt=E*MiF%k%vk?vLj9HxO2cvlYXc`G z1TQ#9w!DZwLQ`LhtTYkdQC_SEoI8oCQ>EbFSCHPq@!JHoK-JY+7jKx%`49dVvD)!y zLZ$Wv$w&2tcY^|8*fr`+bRV_hx?wddke^z)x+N77aGtQN8$goT|JIRVCqGjqdqT}? z=|-C$8cK>I?Xg7in#b*%cBqRVEPo*7(9)0kcoOS>3%deCT_G7mJ1HU5)-Yr#QZn_b z;(2Iu2fy7;Y8}kp*hEJ$)7jBf|-9JdsHeD{7BQP=XgW3ipPSZI2d#~bPyl{zQ zd1OH#lGni)f@puqug!{i&l-i)dq#1|N61%i$2DEU2r%qQ_Z8y0ZMOO~n6Q7zzlVou zpdH>MqHGf1;)a!oS**M#zRI-(#0TCzgzO}mR4$t8zwBWC_N!-6b$D_L{o_%nxq2)w zLr)IZ*}thgw7<|(!;=K?mFtsyT!NPkhq**koWOgyiYgQPRufmTU0&JCRDXo4e&Dj> zDK-G=ruv!E52LAq`uxzN!^x2pO>sQ!55~}~U(u33f1;^D^?4L#+jVL%Epe%qIE;1$ zC0$Fb$L#X9XcSKl?XC%Y;63&VFCO4Umx%tr`z{a7KD^a^kv?kmX~f?1PV9X^|Geef z`1%X}*QVq+1?L0r65g~WBD@Ob^=9u!VP-Spsd*T4EFhi66mrX0@TL#!noRv3KS?Sq#N`2T8Tr z2La8uXNK?Rn+97+<;$;fVCXKC z2##u9(MrOU@JguDqKVub^fQ&{#v3+(ZdSGYA|=>?M-dMTdc(P}BaRBxG|)%U6rp zZZPehV=?s7+p9Kvwcmk0v^V1RzDQ(528o;(CnOF7bD8l?TfW|9B4+H(Z%XS0d88W~vi@sMz%x zjRy4vkt55M5gs5&(k2S{(<}9UO|9&o)rwKCPe{GQs*TL-!0rPyYF|z9r8VI=VTI%5 zWkd{Ks)#|=nGO=P^!A971Jr>#u5g$X@O<*qaHI`LP1J|!fWf}B2_kfceDRV+^CE0A zBaR7BU0rFQio}XZB@yeWCL5tAfcdJ)6Y?6W8P!Dg)q82o1EApu1Id7c)Xp8$3Rn89h&sk*%uYX{WHPv4*PFs<1D)TJ90N zCB*{yzMG8jDk+#7|BCKC&}qGril#r7xBz@)ZdZ9PGWrIFkweEdP?t%T3K29Bw@uW;L%c@g*ws zp5Dd57DyqbcwU#7m)S;H{&D&S$9VvAmUb`T+p5CE(?ism>~_7SR@c*s2khm)gfJ0| zz!eaLNsOim*}?++T!SK=DJ+iprs1b5*q-L^#TB*t+0Fue!su7gPG<_1MJfR8o98jD zNVjJy6_0qp{usf&H+{k?VBoHTe?gzPMAi-;e7ZjIm(x~umltW3T=IAAaMjX9TJ<*y zVw%BK(aFRQ)TcQ%tAJ_I|L1pt`8#iZ=KTF9O2^~~Z9$&hJAc#7k=U_I;mdZ)ISs>C0 zJMM-#MZ&(a=a(#XTr4Bf`44Z?rSp4qsqR!k-5+SJbs->i$6f-?)Qw8J*qb9bCpjar zuw!rY@GT@P&R>}=stQo+JGEi!9nj?nd@5HN3MeD>G>nKsl#;N`ae(&&4< zDu%utf9h3f-t=c+G3Vkw=-VoQTwMkK0)4NDyVErX!h^IcS<7jlRtCy>;Wh!{ONXiZ*{ybK z&BwM2eU`9HBYOG7RN^+{+pl=rU%~@~PVkEN*C%@jFq2>Uvhf!$9@rV3O?0Q1{Vv_=~{Zf6s)o^76VVEo6r3X2RAq+khw}$AZAr@vVV0lLJg8ZbimEFZw+9vh}45o_IdeMi%Y}0Y=bJfG= zF6cfj-)Na(zEGbKk!_QLD*T9r&zKywy$931KX5f@JH(X#&*QQ6Q;T)m8w= z)Rbf;Jpv*^($8@v9Y`j1)}fN;qvdM@P4)c+^FD<#*ZJr?AXaM^wUj@;xpWhwP`%cb4^cw}Dv+O?p)4s9) zD8nKMq;HL+@0e6^qLThGgFbCD%JYAsYp3_<+GUwto29O0#adsKC?O7meR71NdJkfd z{fnHN^>K@uc8f8_+`2R%%Wn*v0}hi`eSk`ip0kq93||BE>-W>Crpc*l{;IPaa;-?3 z!2A~c$r4m0OUAbcbduCeUE$qR$@>Tt$P?KA9nIpA2ULz)apgQFMVpepCYG2haT5UI{1= z{Uur)O8eX^)A&;{<(FE5Hw5OA+RA0MV z<)Eqa5=F4^w6(HB=Bjt^*J65svpogBC&uc+zghgHX?Ch#`_`lxZg%3 zW~qQ}p-UXE%XohIUpZ%c?P|i}I?4<7S4ZPRKl$QR`e(wzdPA(Qf)nHUAH7Rp?D3(G zQ*+`Y&#G!YXmeF-WOG4P>y4WWeQ=77Bw)M(OaFeS8*B7wGebA2dci1g#5fNO_U#9u z_;pfg7{3+5wlg5Lj*<5x+;8y6n$OmP9D89@?qdqySF@yHl3_9wPkUEH^h?>#l#|-8ruRcsbyUSTxs5Xjf`R$N0N3i8=E|YR7FWkEE%wvmG{nzQ=owh0TK1t%uua*etlho%x|5(1@n@&$ly#<826m%$J;> zW6k;V=rjEt%QiSOl7D5S!HF}$@Z7MfiG6l^2(@t{fQfVFIc3<{6>jxAJ>NEY@4jIi zKA3XdIX$XsI+f1r+qC{P@67J3p`la|Ow0d%-Ff{K$>Bo40{uXHvy0V14Y`VmxoR3a z?GjH2W`4I#bw1Zr=WOLQ9TQ$lN4%{y-TSfgGwO#A+Lv_nUp1JWH1YiD ze29Iq*8fy{@|pjaeXfsBKk_vH`IPn3%D(q0dV^o>u{@r=MKO^eF-5RE?&nu|9&8Z< zIbND}u{7;sHA0dVm}zI|wlDKKwE7z=1c=wY!$}V(PG}ol_vXB#0HRD#Nf(9cWzW&d#EaZ*##6Exam`qmy`MS6OKPwK0Oq~ z4{(-R(;+%i_Y<~T>pV5PLL_K)eWwB-i^;5@Q%iOuA-#pLm|iKw`|uCF6GmbWGcrvN z-7g%mMLYZ7=%-X3HnDxJ5IgbN^~e+C$MZLjV^?)S#3mGuLgR^s}aCiLGpIzwt1I=G27CHr+&ggW|4p-THY(8$2Gr zan(<$6yE8IXy;2|MiH4od%OkAo?dAnW4p^+zwezIGWNT?P8WUta0TE8KDAx>XG9nC z8S4Uep7{ID6qR8){7MyvMfBA(Xxo8=zjF&bJTylFs90PNPvr zi!ZRX%g^3-_dh;y+51j5;YQ5Fk^b&3ql@@SC#m{JW>dYNz0a@NUmzb9n3SfUog@e2pZ06$U#DyNdClw=8Ezi~6oRj4^eQ*K6rYI}10^oq)= zGb(3R#ZDZ~pelzK)UtUHA!}Qw$+9cjOXiyS3P) z7QxTJZ2b6J+>TUp-wyZ0Pj%JVXIGuUF@7fwCtK$5f(-0@`>5NR5TYtj&Ml;sf~?dCb{gSO@s;0 zv1AUBvMnnLD3O@WC&vFahgSW(khdI!x9VG5xJ`}|wp7Jl@(<669JVE#`+NB{=Ejd5 z8EI{R5#adv>yk5-ZRQ>uuiF5q6D8Z!r&zlkBMf|vRp3$&>evqzoD!QEE?j0??%>Q0ifit5>&dD>^mm2i)pC7Rj4uf;j z&rcD9jXvRE%#^O>z++-46;t8flV4g`_p#tgY?d8~6mIo#(ihy>Jv2Xb+vEa3*HIp( zv-+*F-_+BIPL}*;#xML~?(`opxV|pfWlf zyG1o>ypEC-9$L0JN!0h(>;=C1%RUi6?(_@PslbOyk{tUmU27J&J`Fl{(#?!6OJ}z= z?!X#}**NFMB7e}SPqmTCmfD()Dw{}sK_S5<3|I81`;{HjRoprVe-qJqkE!V@B~xj2+`xJ1k0 zDuG|>}Hn9k!v%}o^G>#i?#*3Pryj6#R3xsNS&A_Kc8@B;o9iY~O+Ek`E3 z;8%+dQu-Ri2l_(p-F8%R8oBdZKF_i4E9PVW-Nacev*xR(8`;R;xT15+4N4xKJi)R^iL{!;@VD`%0_g}SweKxT5w)-*3228`g2A7yYPKa@k;QW zwtqhq!WG2vFJSf1G**ZBI85wD&=_K$;(`>E69GJXB?H*w+!FZfed?FLFsLIyzl5FW zR2aVP{sNhzHPmHzW`99vBkykVt&@n`BsAew8LGQp4X-2P_F=D9#q-LL4&L0)xWodz zx3ay$`Npj+l#|*>ykvAFb~(vpqn$_8-&Ez6*Q#5`RQZ`|2!q-d_!EBK0RoOM??Qmv zxIX7l0Wef|a?;H!e7}35i@gr_3A=ye;9r0_y2(EjA z5iC3{a|FIvSbc~FL57xYV!;=vNQTl3$xyX3Q!@C+-}V#^y@R0=z*ib9w1B__b+B+F zidFu8cXA*jU0Qz>1HsfjD*|Jvsn|F@lB2sh+|A_I#A$%$$JoD2~l(?IOpZ47j@n>)Or%WgKqBlgADrZNS`%-VC#s;G_~GzNW|Y!O`+)tLuDG{oOV zVg$~;kQ`|aiw=^qc;UaoQp#RHed7G?RmvR{i9J_6ffOX0!t371t6I0`w8&x4g>&~t zCTx@@ED}IuU>N(_^2!Z6dBm|zPZ!FkEf@A^Y7u*^QFN=QorF>{$QQ_o9jy47Bl{s< z8l)oR3eAX~yhuAVZR0hP z3aV5l?m=3!3F0PC7z=oaPsYeCPNH!EndcQe`NQ`=A%2dt*_`~c{50S0>hg?y9q-^D zF?DWNmzl^CX+ga75p+2u|A=?*)Sms$IC3h$Xhv7*=@|bwfiZa`<0=P!$~e+EMqEJn zOsvA_v0%?l-j4S^NhKC@FV%dTfPzx;8owI3?pZEV2Ks4lq-H4teQF{njt7CtSGKvW z^bTA-qS@z&_1~{Le7nKl*41vb1drEw5L2Yh{&I>Nr9hn(#cp52Q^M+AyH)jsAw+~F zWhE;_`Tad&U4gO|*bYo8aIC7G9lva}0AV3HuEs(_a-6N8dvC$JvQ4|z?~y%er~0ky z=mAd|Ahm4jH2f!CL6vokq0jv0 zyW8p0k}^RsvrlbB8m8Z;y1#Vq6Y1liuf!Lq-+VD2c#klzrDMy!{E2N~D@Rs0vABe; ze$WV1u_NkVO_0t~rGouGDtre#G_-n(D>#yZd&ez1((!Mui|hB>SYDl*d`{0p%`d_` z(f@OkkBk5E>=?bDlbd{q>*MN&Z7fF{Ek7eC`3?VlDal^>hCbBHu84k^TiH@`hArTM zqDcIpM=PRFZ$g>aGADlGg}$E=MT7h}IOypAs$A1GOs_8uts)#AVZ662bPM58WT^Zv zIUcLfLgc0WQ34H&JVeqI;%5(%o={Da8+b5@gaYmY^==IuNjE(O=y!is3DW`tgxAJt z?-9L0i$>Cqp`xEL_q>^BRmX-D$+J{cFnvN*?5u(+iwgSl0fwsTSU;A7FnLY~TjKM5 z@^sRZP(9;I+|QN+?_?&ic{TTV$LO+ez}$Sy(z63CxODL$Z34xz1G|CYsh$e_d?a&K z)0R;49spF;F?~MG=OC%8aue_H#Bcn^%pCvnzq>B)>AH+}U9RHNC%k3$bdz_jJwm)~ z_DXC-EE;2xKJDG@7dV68w%*oHGCZTt{f0ik*qQWl<-){m0irm=GkO%M;CyGC^S?a= zjo=7wlz+5A>n9BXx@DpnCSgBfH-b!(gGh~8+hG$oJf(U3In2}OdYY4C*CjVqaWNjl z)T0~%Z4>JxH6{P5c;Wm=D~daA=Sb@u5KnR_V?8s;*{mf!u{bYgGPXTv_Rb<4Gj!Y0 zENLtDzWFe__$1U^#6{0om#cfky4)bO^KU0Q?qhA+K9K!KLei3t&hGs9&%%liO94qo zfm$uuQmL?yFmD# zFZ|DUCSlq>Cu{k{Ey)uy@xJQU4)3)A-pdW|mfzeN=;B|7^ZP^zazUGQBbj zdIIs*K<@$S&{{zKyg__eh$oG$0a&q| zGL5=mJ03ju3>jiiV_N3j^El0p$ZmF0X0r#X*(`y_UTgs|x?w@@*gE3rKCrd08@3#N zly$57`lcO%hg-00b2v2jIqgg-+gf+1Xrok$WRdZqt=(2{BoGUUO0UNZl`3p&YHT-ypHJ%S&tP zbQ4qFe%hx1q!zW1`>Q2Va;6x;Sz@A41}h;VzXi(GU!%i=OLaA0SLG6D52|8cX_m&J zhP;>NxEjZcaW<+1RW#@X>{4-{iJI;wh#FaUCL5C-G$Jm&D7H2BK_s@ZI`&L8V5=Ug zx><}4Hq!y$LXuGp(FXJU&P$Ni}E?hlT-%AW{PdT zbKb>f@4AgU*~wpbi0J?ur)5ka7P?p11t=)s_ z^Hf829}B$qpYXw-$n%*6XNlH?r!oBU`h1OQy)E5y@Uj2T!N&wp7JR(*%mu9vG0anZ zen}Pv27JPgZNTIBsb@m1jfU0;NV>~35;7z+@U=4#&{q3I-M6v4{v6`3ypqG1-FHwALv4VKm#Bv@bN_x zc19OGe`7@{ezU6a0e%bUW1*8k-p|(huuJ|h01m$nKDHGgnkoOQI(`FCF@_hG)RNZ> zKy|?W^vFg@K3B$CY=0TusQ=-GBs|yW07b4iDpj{!+4s2snsPH&oyJD|nVWI_6sa=N z%^sgwl#8;$f>(`e5u&IKx1ON*OGAzEUlmcha)G%!8Q2Hx;*@_;qAj-j!vQ zC3(w+>1V&iZ>~X(<|JPv)aZHscXYMY+m)ja(@C?=uL?&SigH%q;4p~G!vHime@=Bj zna3Yu5}`}t!!E{W9o?N3VOKi+^CR~t#4fD1*^s7aOg&u7fcV%o*ad}I_ z;o(%ch%{q6T&zmQK}_CTYXVN7P}Sag?w+~+A0+Qu*7?k>H6_hkZoEGB@~$nhnv&?g z6)OffxSYLmUkZ2Yih?zm^W+Dc5x+YJ6>;TWJzZ89?r0YSNFM9k|CCNqdcYc5;M9BF z7V1_Y;QR_#n%O?_*@-C^?i2>yH8v+XAQ=A^Ux@wHwoE5RY)AdEr!+41yD}s6XnSnq zu1&G&C0fX1v39$0H^I!+0!Zz#5lVq-^EWoI=K>A!X+k~a?4`jIr5})yRm8m*x zTUE5Zuqt;`RoTwE&jhlxRHGVC`_8!Xj(+=-R3Ieba@ML&_RgJMlq8~?`!1TGlas|_ z7-&EeK*oDVp>naEZZyB=#>f$6!W(LD);+FqhRnY@l_zb+6}`4!26Jj7PO+}}W9RE- z=r66|lICY`B>7hUp9Uhp9;@*mYaKFADC5FBgLi9!JcWsV^O9I(s zkC30hp}-pzG@ZOHdoCOQoy6SDXrG3!Xr3JOU#(kP!~dr&qb=|0UwoqTp`OgHult?j z4+>kLjrrp7wc_!$>ed30+9F-m$UeBf1y$V1c>9Zl%l~!c`W$caR~1P+^p2NkzwDV% z^90pqvMiqexo6TTby>;u;-&N!S#g4}hO8S9otEgo62UM~`x6phHV`Uf_ipwRYW{eg zFAJ9)$;GsGdvtP+H~W05FyR*~h)(;VeT|$UU7@VGu2=y&6+$+=vQ=Ng6*DVd;;j@Fbe?Xr3#V#hN!r8^LeqZ{UffA+2o{bh{k;I{Fc z6lC-u=oJF)BEfyMx9ev#ZAW*r zJCPCRM0XD**Tu6O9B8V&WPkkN>nmsFm|^YB1zNFnVqOF*uyc|3$+c4EjXRe&HcZK> z|6$^GDw-xm=Egkqk3&&r223<%rhp%mnPZ(G-jA34CbnZyeAa48d`Tn>7=1M$SfAK> z)9;;{QzZSSXxTIR8MFA+)Z0zOp5Gq3UwX|2BO5g$>B+k2wI z!N17Czeey63;wVM<+Y=g+NK?KA@5w%61dX<7I;Sz!|&D?3^h*zQHqiv{2T?e4oYn% z?Ov0UTJ{Zj**O#uFPBcHtBj^rESr?EzQbtJzOIMAkFV>fV$M9EpeQ@&;9`+|Af?ZrU#rugXmxsVYIzI#~7FKZ-K%Xc(Hf#k9?#V12?3J zR~3_Abza}N>*C+qlmY*SD=pNt(;o+C|J>=x-pHM)6j(b*=qphJlY91ea?oFZgkwVf zXpj*Gz5ONlKUr95qrXTu!w3Wup9%Wy<`E`uh zR~s6Ip9bNl!Cx&DHO%+E#u}YC#(eKMhS}yXM#JBM`)=6_q4*?OC}h{YW{T{Qem)NN zL$2l~$E}qqCV>hTjyWCm*k8?#kD5w(!$jE!^*?t_3}SIBy8HAMCz^g6-CbIDNObqa zx=NAU?3(?(IhMK>n=GA|sUG>#u{#1X=)Mb8k zDt~3&lHh%PxA)8KeZ6neG5uXN4Ozv!bF)feytq>DUzORI_ZdoI=PRe`^YkFQ<8}2* zgU=4ku6#FJm+2y$$kjS1`}KBv9rQ5W_Tucee@-cDyMFAazz_Pm@GjBUsCoKf>cCp1 zn#S`_NTCVi09)WKC=NvBAw2U&|BpO3Ll1Y~jqCp1-hIJ$rRne9=9%~UOMG`3Ns}r| zBHl}+?Rm^%3B~vRgyH&9b2<@oeAGwxakCZ+UOSTbA&1Sr4!iDN&eCXnlQ-MsE&h+>-4pPPHt#qadfLVl4Z1&B(Ljq_G7x;&44OmbY z!<714?0xvX9$eF8NMie^Ne~CWK~Db97yJVI&NuDKy{|*r1_$rOgs!9$#LsNk=78wl z^6=;#;nAOjFXMi@(75%r@L}7+yIu|t{1E45cdL?ZVF5&1v$R%=x2f@-y(t|M@^BSQEeP222OP6%Kw`@)sGz zOsbp`DF0^})o`{BW!nT#y*?s%?I`O@1Oo=I3a;>Zn^)w%Y?gHuybY({?j>%W1i|&e zo3ny9#^1di_PVYtcs(h2Z7q_2o#+e$`l_q^^tkq-OFG-jV}40z6jIpjWl-y5muE5J z?*)~9^ovjbZd~?vUkbjv`AWW%%dlH})|v19mY3pX69HD165+k~-+@@Z%ppqackOO} zP6O5#>!a;_sQo#%{uy__(ay{2K8r}+WbgcB27YXsw?_d@ght-aOYc^|DFLmL6Wj5h z9D;%FJqlY2xB7Li+|bTTwBUB>57FHNLUB8@CO+znd$Of>BwjA*Ew<}R?=PNe(%bqG zA9V=jV;jj9g!F!dL*Q2okM23Qu0qGbpOUOL{BkOM{Rnf#K5j}t{9x~rDLF~XT+4G= z-;e7Lq&DmUo^zCZ1J4i8bH|SkzWaiyB#>LfB16vO`a{v}PfnpjE~s2n(8(y;uK!#B z2ugi>vQOG982=K3OE%T(ng~9uD00AOyNZ0pFY=@nLGTHCejCh&MaeUm6@EA%y=4?# zYJ_(#9}__(xJ36ZWrHbPs7D2sVCQ~{cvlJ^bi5&`(R)cM78q^hwWc-<9_9V1a&Enb zoWEmZuo1(=2*};0LR~DbdUSjB=x5#G)da&Nf6*o!KWO#( z8RO&m4`9X zJK=HrUmJn$nS!n>D*54Oj*1UGy!ZaMGVlP*=Knb$fX{V8;KJwAkXD`OFGR8=zb|4e z0MUigMvA=Czm=iXs7FPKv(ZhmO$WQn;9pbzm;9^DlB4$gNo_T*om*xsjX`px8D zAH!R)K5qN!KjU9ND$C?w7gPS<=3nD4>Yaa`!FdtA@voQ9>A}B7KRzW#oRagIqI;Is z4ImlaD$zo~#AhK;&D?*cExE8KqYKKxz*T$}Apx)1OJt6!A9iLqbP-=SfAGwaiJ^lFMWCmk!5}mh7a?Gt|{CW|TiMU`FTm z-oGaqUoe@y5B3lG_k9ifJ5(HSBJZwqx^tnsaMt?g*u+QezB7vpC7*!{J?+CYlMB7@ zS1SI&se)&k3k^&Po@eyIg}(XuUICk*+40Hgj=wJ;BsQi2tG2zbD=6lN-8j&OZ}i|m zcl5@AoPN7O^FR77+Vn!XwDkvuRs*PAltTRAhcC>M*AH;2AWEqm*zCbo(fGlWvWu*u z$dzqaUAUuMfd$zGE};PLL(Q|8O{OucmcP|zHpKj)R8T=~Rs~M~9oyBDu|c`i1(|ht zyGcq%KgI>G@6Ud{-ClFbCcq4eeDQdH(wlzjJ!(bj$E=Z7itNjKdPR4NpVm-nDpDg?F%PQ9eL zQ&DcxM(I4u$smkHH-zzTDGNpVt@uy3_o@@(#F}D9r@wbh`0=)2{DIOx1|zxjxGWI- z+`YcRy~bECRW&Z)!ModD)}=|I^!zLYEaSCSq_g_wecSRcboJa3$q(B3RA4s9(|_0Q zYe|@$O3*T{%}B|3|NU6^{*ANI#GR^3I~w-me-vrrT8N(s^;_K|TAO z2P-+BIwX0{HL>D<;3F{{CxX|jx6})!sT<^7cch=VbdB=C(A;EOhw^QzbeCTPlio+~ zxHcZ4GxD>420#0eL8s}+*sO7R8z?UM#Jrh`Q~~M>1a**pBTccyHrcDt4s3Co^gpn6Bk19(#|w3bwAaZoI^gX@P36m;T(EQIpB%wL^kFU8mX>QX6`;$n284 z0$cP~ebboZuXB6hud)i5((@HcNWfZ>jR5UzioBV~_!IjF{$H~oIom=3Z(6_DX47`F zcSNb$*4N-;yy;*cA+$b|D z??85qd2jDBrKx@t2fAo2;N)L(pB@XEZ1csl9Q_amR*zgz_JG)#9L}`-O%PvyqOb3q zS;)8p-paUdOZemVHVg`eeFM+D`llFn{Q5%s&YSfp68ASuVDWdw&&7w1q(KF~(U#$K z4sC_3ttol}s^=8C07-z%vUdRKgVHUYm2R;>E%vt-m(!yBroSXUB>7Z0hE2N8YavFC zenW$*rO-?cQBkq?!dHBf6dl;7Py{a$^?gyO?2p%+|KvU4ZRNZ7+r)U-?RtU#i63G| zif?GXtg&BbXmkE0F2aIPJfVm2lV*Hf_QNR$kn@TMH|0Yp$w>s_tSzvQHhW(>PW|&M z;Y@eR%PVO6rSu8@0<}}tS^s_SQqr7>Kk2#mH%p1=--P9`{C~`y34B%6wf_@HAR>5! zB1VN8Y^;e|4GNkoq6r1L7j7gDtrTq=CyFg<3<;!ykPxQp_OPbC*4k^Y4eQis z&{dMKwo}_etKPkcApTH0dE~B;SHm0zpbC_cIl51WeGuL;1Mh($wW)sn0#}V7O>Oh= z&|gf6K>m6|T@>s2?WX^s~z&Cnbl!}H=U(>8z5 z*C6y&Lw4VN2ZYy-g5oUk$n&}74f@UgnaO%aNo%`GlZM)+e;#TB8RjQCy_ut&+|7To zV$kT@ee!$?ev-%Tj$b?j@b)R^Th z35;r}Ljw)&tAETL|C&_`tKFR(FzH$Na-0ol?zpw?T)DvpnvdLRxZe^?&s1Qe2c1EG z_`*e;fBU+q2%k0!VD7Qw{@$qr1S#YiVn&$Q6)_*%ZY}AEG7()nGY!#SpL>2*Wt50g z=F&~ifaM=+Cq7t)_3iS?V{d_m#{ag}G3N8)qW9?d4Jh`6LdC{&zKm}X|#}Ea*J65CW_qWu zO#DD3BYxnjy&ZJjzD&grj4~r2Xzj}U_)Stgohd-$06}B!X$p6Vu8V&`kIk5q>bU!` z$<83~Hm|MGV)UQ|Mk_griwUxUSj=Rh`O3-deA6O*syjNzM|y&1?w_8tM)8+-^CPI3 zI*ejDeIcEO$zvcLITFh+wM0avX5lmUkz{@E^!4kzPxXC=`hZG{`}}6%7?7?3&U_UD z)hLJj;iHlrj{hFUvP66b0Xk-<5uzYUew{V$ zlcZ;GkGWh<=neJbq^G3tf4jxMF6o%h1+h}Vrn+PL_?Y_O4KVfIN~3=oB2iF_le?40 zwrGB`=(8%iilUI%FXovheyK}(6F*LVw>{f$;!b@RwN0R282-P*lOOT+-u(wU|F!G- zEGw<%`{zB1I#Ok>TaVwp4W;3TIbK8n>gJ_?;6d&jf(S3&VAj@k{OP6tVdmH5oBySLj%NgS_^Q=nC%!Oj+Vv4`{ zn#FseTae}B?**Q@8%UiC-hX|Y!TaM}y!bt^&(~z3K1(+<7=49 zV1GO_@!VxT{s(uRJEQ^F`QIeT>K;FA`1ciTe+1>U0>fE?$PD*clnUbdZj>~@u0#xI z0ul31G80G}h@F_msY4s#)VmKzwxFKb5U$5wZiL~@j*|QY(Yq4B=zW{r=zmH8zicOx zz)EULG^2CK9_m0CpJj;d9F^~K3bW4}|pnNt7$_VG%mO;%{1wRF}qk=0_ zwpHoxicr{fJb2bR8r!D`^sboivFH-9d$^a=_#9d4a}$2ox| z%0J}C2Q?jjXnZ$`rDsz| zx%q&w3_F&X9gF**@tJ$7*==634LdsW;G1pFkG}-=?ctD@F&6ip2a&oVjf%Dg(3VC; z{qe)7Hcf|5f3fb&`f}Qxxyp9(j4o|HRnDN?hdJ|HV6koWfqvtEJHpnv($pgWn0l`N zAk}{yY8m~1s!(;E{HIi1(LV8qyn1eyszo2CbEW>K!(6TnU8A;bx;mo=w)O&_LRE67vB@laqJRhZzKCt7@4v(MO@|xK9vZH%pq@o^#>a2Z z9qQAiLou(SN>h=bQa^=?o?c=*G^VFf$-l|!{ocT|Rv&Hq0)zYTdllDlInduIuiE`` z!O+jYa!qEJn-2WG`lYGA^XdD*pYLB5So(8@nxgO8_J7>Q5-sP;EVeyiZ(AmO8wHxj z3BdIGfN@D522aYP{Uqo#RUlqQIUE^0c9Rm8gSJ7v^ft;d& z(EsNTe&;TO|GVG+Nc^W&7os|oQ;UARW*A#QFm%2Azk0!cx%zbHYpFg_iTLBiejfg* zN8{A$Sq6OPop9Z@z|!yWdDGz|kNWf)G$3d64K!oqiv&hD`Y_`^Ijt=-ey^d=nhvYh z`U|OPm)Bu}Kr^ud-hq$1>(x}3m-UIC;??qJ-qPKcxV8>A9bPqi!Q1thQ{BL~dL}oQ zWhv0{j3*ktf`wk%-sp><%?KQKFtI7|KU&cfUrM#2|E9xl4EoK!`tzy!vA@`=yNL_+ z)ZLdRdg$lvww{(mMbqII0^9z<<}YXT`wMLitYl=2)t&v4I=9?(ZdrD`+MYr+lFocK?*x0CnVg>`L;UnchG}R`0d>E@$J0(`bV_m z45yuI)J_))sN34*tF+EF9K}ax*v{n#mRe=4~Yd*}>;Z(gC6TUOj+fomrFf zu#gTC_okz1%ABy~gY7=_YrnJZnOo9+G)W?XOQVCJ#;g#M1XvxcT}yiTV{dsJEeo;} zh!cgXMRz_D0#<)B9mdQ28p>la&PHV@2ETk>DGg)fsT9Ikg-J-7dlW^5( zvUv9z>5qOC1Qx%o$6X-a$An#YbfDHVd*@#Jsl%*)#-E_oB%FWvYo8FVFHXW45Im}u zP|vG4!ZV~@I{q=Mz@G>+PFTI&3_OGD?fB=uXQ8;>RDs24d|Dik7e{^J7<6DJryq-tVS*yY=CWKGw8AD}4EA^W7%(K}WS(9}J(v}tXKr}AZV z+=R>s=Dy3N?gF#MQmRffJbS(0oYjV|T)aiP^8Mzqd(}Q)T^`J1ci_+EiAZHLIY58h z;}-jSTytMhBeCJHa!K5$k=$!Ke80*5n}}LZ2V>7t(_Ojr{q0B(Opa<1l>jDZwHqWu zkj#?mP-m;&l016#f|cC|Xa$pqGq7-_T6JMZ*RI=4J!%r^sY>{Vy@ zz`x@V9DJG$z}Rj|DdQ~r<2Ezq2896A*9Pko+`h39v223EY|%VKNZm!WglzOdTBh+i zxv#dRfii!u56WkG?5_HmK#7d9F(vM;KR}E>A(+|j-fsk~yYm#$#*X*}SRpDa>8nB7 z{Z)a5zg2gg+_xU-X{asT$6EL|#(GML9c!C6)*5Pf>;*ctT+z9VwZ`**Zb**R7S&jn zUD)GTKLA!qvMKt&AL~wm@TH$7$EteV#rO9(*1s0nv5sM^c6{1i+WJ~L7llbIfmGUMABFK2w1&**1HdN_Bh zMQ8K_3(WdVskc7EmMs&XnrHgMmL>2NDjCg%=upS z2j>f=%lC(+Y>{}g+|-Cr@IKjZoXA!`K{3vb|BwZi&~-aQjuy8IMt1eA7koa=v;N*K z8A~WP6X)tq@L=znhP;H2PVObo0ilu;E$o+>cUntXvaS)13JD?h15w$@7xW1G80hn< z4EVWE|J4WotwQX~2a@1dRmA@hXp?vpU|UGvt45vC!TA=_Exm*K+N0A!oyP}0sDJIl zP3>RxN3o>`$G>h&`%!^sMZhjplQ?kvLQynHYY|z1V+m!)Ka2Cu19-%J@T{%?fAI1& zfY)gOE45kVpAP`=7e8Z(eUE9(F2q3WuWke;Pabap-eTSf;Kx4O=mXq-Ab>wcEPM|l z>;!P;1Kh3rix2I-Jl6OR{U`}=RptKjUf}(haZn|fuI%Dxd%fpgNv>bXTT~eT9zlC{ zv8so^)_?U+^*kd#h8ma}a*UsKy}M1bl2S*Qjd;$n(>KxQU>m#EW1I~)D=#rXA|y+1 zv+#w`EYmO>%m@9kkq3Cc=H$f}@Xq8t32Ov(S`{i+E2U<_mjA7-8endc5NC({mzYr> zoNi{+d%2ix$0zEeGJRC+_MJ~TMp`Bnl?Uuo!~`-8v#I``wQ89CjbHJztvqgmVv?Im z`J_~zm%HCzk#tbqRp&dX-tiq&7Csv^+cd9jOs(%Js#5q)%aemh_wxHOe~bCZV)JPN zU+5e^tP`@_c+hZ|jn)E#wsdn}CqUE*-1^B~jlRq#W}!mvN&uu$E1AsPyr*YVmHVue zo=*8e1pz++Uuh4C7l|!c@Vmx_U{-yp?G6)s4d=;rwi&1y5NJL^I3!p6U?g?l>Q_&% zlz(_Y-74)gd}eIMzU?Xd8ki=It>VJI?V(RHq^v}8-*){E}HY2 zE}yA=EAc`LSpWVyuwJhyW7cr;sR35G@C}83+3haX{GLsmz4XIs;eG}my`!`W4y(uR ziSPOx)6O&ZxgUZ}clx)WS5ZZeH%&Z1eCwVjok|MlM`fSQGx8^%HSDA^&H(-RFr7% zfjvF{@*@IE*BltvJgfN7F~?fS6_%?z4_x&v2JYkzp)&XVA-1mJwyvYU<=3@;w5e->sjDnm*BsR~kh*T>#vQDh7-&8N zEm-4@W1#5&QZ;%SnDe;Tr zF_*!~`C4-i(f(v|k+!nLvBtySeHMS2V>JAw@zs&~D6j1Dy!x+mb41zYN7P@-%>eVh z?D7HiSMck|vdfRGpUlm`vdah7kK<;L_kK|QD1IGPcKK2Dr*ji1yF5^TGB^3&`~3PL zq2^Y`yQbi&E9i%NE+k2>jN>0Q8H7-g~S0aTj~a#OkyNTI-t;qbs=Zi`2=6wOS*+LWH`BJUU+_%i33SJb&pZwhF)Fw zCU3}zrsqsEr$ckm^{J$HX?C6N--7axGw>vjemB;BR<=wEPRi?_M}AmVl@~tF#AlC5Td#2zBU|jQe{>a84C*G- zu=!AV;Ld<4Sy#k?t{cPc@o>opk>I8UUofBzb_5n)!}~DlB}zKH!?XVsd$^WI;gT((l6FpU41c&Yyy_s?sz@lF(5>`dpjhc(6k^v=7$rgpYqiK+eE(ly#P~9H14O3C)9(lY1Vd@KiaSaG&34<0s0! zhDb@YZeqS(HIHrmU1O@TpDf?6ZJkMIyN}{>X7R3hrDD}W#YghFrl~?^CgzB? zIrv+ZjmDoR70~#hBF~)MJzp^#v8n)$$f2L77cQ25IU06#zsZm?LM>5d6zb zgJNhIPn@e*rI$k`d!-JZ7;$or^4E7F!F4u0o6bo{lt{@cH{YuN3}Tb}JEOnoG2j6A z#1tCcS-C<>vpL3E151xGGEOwEc;UgJ;DNx>y&_O?ghJ=Z`hGDp z3GUdA(1+d`M`kW0dO^fBqoR}8rbT?hM_8T9zpWcSq>V37CCCqDuL}ha*3Jn<=hKeV z2IlM7v9qVb?!n<-cXOo}|B=IK4Zn zzM4Xn#m`qPej3EzHRA6Y`G^|x| zl8y7<{}?Sw#w0D2p(yA8x`jIE>$~B{8iv;zBw75JWtlGdi45HV3oC>rElZi^(IUzV zP$MEGtF8XDc*_E1RJ*oPTL+B$m5!8YfaGtRjDCXu(LV|-JOU7M^plbjGgXryFsnk# zJ(Oi;Suow~O9^GeTqF{`#M95(l*Jgd?CDXvp)Q}az3DhMe8%TR(t~a^m!vuaP?Hn( z#a}ct)u~4_Q%$>TpM0$(#d2>UR<0|JyXRlm4S?}f{EvlSRD_UW-&&|it<==DO;NjX!LeYji*2Dl-;WDxcn&>k3DDq2qNd}EqsF2SM;5or$@Umf?{cMBI ztchyj=yoW=ONkHnx;IDt0Z=Cf6!XvAYrXE9G<)#~q9G+c{rTnZw*PR0fCPUQ`|`^k z?-p423zZONdmLEKykjCxMNTC6Y+&IJC}}3+6C}ExW+gStJ(qwWqgGjG7xD_I#7d3* z(mv-#Q7oX?!%igGEbZ>kp0z={(2-TuERB?GZ615uV~uE0PcNd)c< z5VvvXba`G0tjy%I*B!^LMK=A+cQ3!jgOgF3y7V!kbm%dm;AXPHMX~xyi1=&wjd)$_;W*%_cmLLja{7ExnGuuxY zt=Qln%>VTCmf4qZBqpuT2&V{^>-tW>d0LKp7O z7WqWsj`^}j1@XaMM28V08vpE@GqHe=sc_MT`JVyh1);$2NjA7~UVnR9hlUC~Go+Z4 zd*!cj-kq%|W-RYXf~7O4cv@N--g8gJe+N)}95B_nKju6?k$Yaep{I^{Lawo)Fstr( zwF+%8uWXp#Kh(KFw5ML68|A(`-Y7r`F6oB1_r1mMk1T#?NIq6eK32PH^a#y@xm;fF z#k=MlA%$ZCULV9L5?#`=oJMHub<~byK9AaQ=kur?Is|sRc#0xM%9k5;L#a{u(r6!0 z>w1000c)sW+p!frl|n8=tMI91RLUxWr5a_yJE%o+-(7mO2O2B$6`z_e^V9F`_;Rd% zM)SV>PjOOy(zt)g3|X@~UKBJV-`R9nA}Kng2&-TH&(p~B>4@Zyd*79NIwu6KBp3GR zslRB?i>sA`2883U$^hX@DUCKAdUpPtt@91iVCOzaX(K~L8>nJlBy7zf`N@naJ&(s} zy@HBOt1nDTZ#D5_e}0Zy{Dg#`a?u|ogDwet?fPV3;r#|T(jdV=wfA;Bp>du6>}0;| zKXOZ4lNjrnSp+52<~!fbD%Add^1`2#pEYL+t30E459e`XCT#;C)=&Qn@j?>zIdjt# zRA*ih+U&CxHZM20ta8s$>@GtphZfn#zOEIbGlI-}5X~tPTROUQk2nK4qKgCA*Sr0H+rj4OMvZr@0nbAoJto`h-u*Ta&LuQ&i6o_IM`g<&`$Z3N zsku^9rTovmQI4e}%YP;urAvN1q=y;-=fo9_-0$v{50JgUINKy6g6n79E=ZIU1Jkd( zv9qyuoUmRjhN=pctkz+kK06ql!AuxN_i1zctxV1t?A@diBK&m;d0Tp`P&|}YeveK^ z0t=-ewG0Ob++)sj>$iZJxM_ZOU|7we|I}{Kur|k0-6WA6|6)m_XWvwt6sIfuH7T%>6qB7H+3GD6E_;mUNKMM? zOs1)7A89!Mw!jhtK-pZ%>6>5S<@C*~F!=;HHy(DtH<88*IeG90lZ$5i1CLv6yUJ$y zReEluQ((Ll#DksfN~1fqjJ)tS7>+hhkfcCOF^Vr?f$ z$JeK^jHM5==e$?=8B5i`&p>h~$GKXN3GD(I(S6|E&-5vs25q*Dn=|q~v;6;CL!`XzoV>XTudA1)M}0 za1bFDK9||~p;+@nq2`A|5mc%8qp#WRzjc0u-TwJH&0-d&TJBH3b(0Qk9#vYtXn*~y ziE|BsypST0Q1*I5A0Mzd`o%LY%5typR)GtV1jQWNnR^{I5Ra&|2b)BMH$DjJY*LTf?n) zqUBG&(H%u@>E+!J(-NPXiH}U}z{k(?cKrr|o2li0{Q*A>q3AOv2m_w?(ew?x(evv7 z-@ttS3?UYK(}W}1jk$2vgtDD=+iQ=Q5N)3j-KiJOq(AWH_&G;#S2&?;Q{C^ZsWJmt zu|2f}U$)ZXB`3fkV)}4NTV-@j_`~h?Opmq*uE>&Y@Jw(Yi@pMt{hY-aBET!73FA^+ zCkk7Cw)h?C|mu!cxI9SfBEHVOJ9i2Dg|xpfbZ1loR9jC##zUQJ2~6=)$oVA!X%@pXnrd@f?Kikg~T zK^MW-G7#-I*|H`$e|m?igEi@ zb>kHE4|%B~fUGqB76JukQT~bpcJtgEZIEet&pL4*DiVl7j(5ddtY{@M%+GZdCH@Ea zX<cSSIL0p6>+HfyOq)BCqz41 zBJhWECgL&7oUo*h8&P{T#V#=Z%L!$h1B+T2VI;UaurRFm&TZM1!9NFdp&Is*B zHodRlL`HOkvT=_L#3DtAlu!er&itQdGn0Gkz?OIPm4K z5SS4<4GKPg)cmj%6`_zQjXp<;gt04%E{L$8a4*jyvFmkMCL^-lJ``ATiyDA5bRtzG zKYK!1dtmYRRMZ)Gb|knVuy7m&k~^>>EO{?Ig(os=P(|8g?6SNa8G%xdM$6fL%v~S2 zSA0&m4J})g&9$jKJ5f= z>2tj3vn{aryM{jTI%<*Uo0;^vIYo>dSN&ydxcQHR!`UzKv#;jg%HSUZ4tsSx`jj1D6(S=f)=RuWreQ3C z^eN33-0G=VTkne9Qh3aBWjWu?KuxI(b8MzwDA>0Hy3jC$&9J*X?4@ikk45jR+}|qb zP4vFXoyo07?z@RBGq=0l@Aw6FyOYhW$ldy1o~G2tP3Px@K6W}EMatH$y03m)`(&+P z*u}m_nG;ycjekSaWVJ+f$bDD2ZUN_)tvMfT3oM-{@sZ@AEo!PGN z$BSp%fg*tPkfo+>%S&wXT5+CPLirIFt4vy>%(H^~+|&! ze(Vcrip#&R*Jk8?z|ZX{4GJcby&jmtJi6D5`3a5K8_GVYQJ<^6^JCnYY*wAmc;UUk<@i5axSVO>vh4#47nAa2cpjhu#$J0qm2>QBmqjMQ%f01u9&EbC zpKZ1D1J}$1+wc#gufjoH4t}fh0(UOa`)F06g$eksF>w&!Kg@xN%`sl5mi0armKPO3 z{o6}=UtN)O&rU1ISkJ?;?lbbBictdk*l}F^!KPO5-k#xem-~%z-l%)$pC8%rL+An} z;|HFck30YK47iX*v)hG?$G!tHmcL_>ae=;Y27SFGZI!O2Uj{O?zU%eY@1KVz&cCEC zJO7OFD)g}XnLTOPy{Jot!r?C~{LxfM8d&*fOrVVT3%_N>G!0`DaJKgPupF7aH8F^v zed-w+3-{Su@owBciqUQTHlus^?F<$i^9$P+_UsV55G_bt zBDw<>-_(Zl+P#}rkdFn~_NKPjd%$7P%+ z?$!&t4bIdaKfgEBn}Hhn8R;TF9s2CPdFwvb_t2zlnplrMV}o{{B1{b5#l_5zY3HX+ z`IzN!5?b9Y;o@zP^2Ji?>&K@0ncWd?nncACeobp+)j zLebpo_-*#@OyfrJZC_#BxHyB(wRN3k>S{>Vb*k#p{+&;8 z<6dfO8lalqdBgVVVq4RB=lV6hmu-6W_agP`%w$b};kT*jZEoEDswp|ExMgEW46?6h zIy3Mu2mavt3^M-kPxB_eWz3A&RM>3OoPi?h7;l=_=B;6oyKaEHc-!Bt{p>!?ouzcQ z?E;Sk691Vb;*Z<^plu)@rytJ#LVEv1^rPkF0v+oB4_n>_ur+$*1~;E!i~RGO#||+C zx*ibQ>i)$9UHC&09lIwad;P6suTwXc|BjZ`m#P29aPP4GYrr8=Sf>Bu!Fx7|MKqet)XC{4b(FP-n9 zUKUAyxA?+A7Jebg_j1k8^vJAz=cmE%MWE0;cADv13VvhMGk{U8!Bq)>5hrIrgwTr! z6JQHro3qZhl>xv~`=@NpnEzh(3$g|k&svBAqtw;p=a{3`=|jTj&)zZ zgs&7!;N*ViECbDT?*h7C+>ik}jSalxTy|T6=|Hrmi3Ie=pRcOW29hAeR#bB=G`lQ{x{->_=KfcMexgU0`*l_EW3JeXJR;C zL|<2;&Rg#9=vFQgWosjl$`6L&DGQfe7E>K4~B+UclJCnWXzxc0{?!0NhbW}Dwg8k;@=-Z3gX}6AN<$& z_eK-Z-wXd9TCDE%%)fiQu#fKiyX|xX%>I7{nD1WW15;uL+`zx?OQSuI8u@2fH@-@M zg=!EV|G)l`hagS(8yO^XJl#LS1dV^>MwGMy^sIFMNGSO7oUbcD)yCi^!%1wAYL9M_ zvu?1XK=Mf_WsCBXlvU`v0ivHVs_-3LGTZ=KhHQ5e1fI2sVUPkoc&vDPY*aTGSq)J= zPtCZQcXs}Lr|0qe{*iC$we^o+7Ti8F(>LNr5pBccd|t1fk#oF#227Z8n|N-KAE21w z7WttRH4ZTtx!)QMNw-Lg{2~pe(4cQ{$p8rU|1xyB<6pMA92+I16@LD4Ps1Euc;Mo! zPwW?&bxzOFvwo3YbU@1Rv;{d|{8SO3Tu$u zjGt_{#`4FHx{t59A>aBx6f|u8ABzF@@)s?zFVq*#pl_a(?*I6E2Cy~pcs|NBQLgDC_rTzdu&i`QrT8954|0Db#ix}O*TQgWK|54i+{2zZy zV>KUTST{ZSKUC2TUPYg_U<%yhS2VMyiZXV?q8AcEZ5u; z@^N5ohX(7@e7U>tqxKt;y7)cNwNM(vh~p2v&3y+=fb(_}JjlMKb?&oUt%I(xMLv(y zeV+$}-&S{w@ABAPD4HDfrn#iKJT?@W$?)C3Tx{Z-rg=_}4tEbxaa~2f`}CRJq0v7j z@QwY6(voI>GIB%~!f9Q((vg^L?0nGKJodu*jaGLpz}Ahf6aTtbU8?%iExOda!~Ecm z>E3?gj?^5Z_>CuR{KhLewAJ+9dNmn+sHjy}$GgUi?-Yxwrc~ayz~Z0lZEPCY=tHnY zcHmAeF_Jq0l2RhI*kugi3ewlRb5B!sUWz>@cVHE+m;UX07){OXjf{p&^WNc@(Yyp- zn|x_no_8xu5Q-=OPHY}qVTz-fw$<>07_IBC8wt)i%@p?T~NZfgV=gG14UwqgrZ zJk}m~-J2pJRJMn_o?1jV^_#XM&csd)c~bQ1etATv_2c|^Q)9nL(VTvXT=z^qmmx*O znjPuLR%|V;8^8FPH41QgzdzZ5$G-{<>GfUOvK$s9 zt~`vNV;+7AGD#TZ4;Au<(mwdt7B6r=QMjLdzD0SYU*09LoPN_=Di?2<^V`G;meo$` zp?|htznLN{u+{w)SNr4v?livpxVqorPm58?-P21%*vwe*Y$8+5`orwn9_F4!C_jT0 zN5JWmH3FySo+^yxFWypLZ08y?Kbe^d3M+8m&-u{QT_#|JWD1qrS*slF>aqeQ7ER70 znHGY3PqEjnlmTV*i}+QkxgsUCQ+HPXc{`ULb~!)heuD)+L=`0{uxO>nR}GRLmQk!U z5aSp&CF`#UL)pa|&D93DGKxanO$8B$H4_}5c@svy9p9+hVpXNQDC1#Z(HneGu_zm* z@k9cKuRdP;TPlM)14|TfGATA>r%EkWsJjAC%OSWQ=9i)WZbSeAFlLQQvAn(r^oR!a z>5HhqB@@+>bHU!`u@}r~gu(E4=Il)zVdlRR!{Vs*nng4s$t;R+wLMoL&%M9Ya$Ea&BCk@P8ALw3LOOzZta(K60QKhkU+UgsV|57@Sg{_Y0=r|u$J^>24u zjPOB{?Qj=MkVLnW{@J~a+i>UFaPY<3Pa;Tf{&C>$j3F$CUhrw~H=*qPy4}1>^yN?e zX(o#ACQXj9a`rXu_8jHx&87Zhd%mR!Ve5r0R2j?D>!tBgu>r z;Y;)Az6%kDonZsWf0$|sKPD}a!H|~dEfIxAzPN`>|Jmffg-kbvS^U>LcH1nC_h=pz z=mFPaT_uJO2sBeiZgJP>JK)XjliV7|^KPH(Gzp2td~$X_kF1S<9m0T$0!s&~^Mu~A z3oQ4(f#7HVvpxaPF;sZsI#{>1fnIF=l1!`)W$%FhP0wJwBt4v{eh6JaA9^^^7KlWl zhhq^}2x|7oyiPE@JJO7FGvx{+!7c2Ei(UyUzgydAS$U!eNW8hhL||C3Vjr~EhD{{C zSrIZ@(Kagjj<2!+@-eVbZ=?1p%Ds{tCGnfI1A~ByjYeQ$hM4m)+%bl4-w@+G%B`D# zeBD1uJhU?5l0TnYVxQb^@zPFVDgE9UI$GtmVcRBv-ko%^03wr2?oF`@lTSwMwh4ES zukMi7$<81DkbrG|Z-(rzYWdgTTt&*lGBxGPo-vYj5uCDmeLf4%+G@7+0(7j|@lu&ZdCMXj|gMNQ^lp zg!p{6!s_QoBww1@YLux#^GicnC6f-k(#qV@7tu7n57a9R5LP@c6j(HvqLpM4TJjlg zro?hqN1RL9$?&q5ONtct+2QP+>>`g}!gPwzr{x9{A40`}MP^D0w%?x1uoCl)pb#v} zMWa)tix&zUAwjxqJZ|`tyk!$j<`SZZBuBq_oTXu;mq~GHBGdRFu+qX$dK+V*S_Yvy z2rWjBqmBye60b`16<9eJR?|{pB%1{?#@AjOAx18o79Gu2$RVtCL3dRk9-y}&hU0Zi z6#UYBWDYZx7aj^4FXDegb3ru@%o%H7RCgjGhEiY-`wXt=N>|$6S?FdLb|WMOe;3Br zr)8wl`8mbF)S8ed$*yU7PkG8^LMmNx$nmbI6f?~8MfMyWC%17g=Fg$k0^4%?3|Xf# zm|FeA&eT4PKNQ?Kzc8@mcRbau>s4=IIt)A>(RqB{$X&dT-(%XSsnUT3A#=}qUo!lf zk|(cEK~?9oi7m1w%GJAA2r}A)+P|cL z=xvzn^Wo^FW&C5-sk#{oukRO*R+J`=2s_^>b|Wj_16<0-~olPAa%{-d|Xs8YR=h>L2+O z>Pl+veZ#v^S^U8ifm!+V0-TO~0(3K_H|mekCCro#e^$c^*oS6aG@m`@-m0kC&|_9P z0fo0JI{8?;slR55?4cpUZuvSF=?9#g4)Y8@0|3bkQr^Q)8_ z46L8d6siX32`a;J()75q`oTqZd|ek+s6DTXBzNx`)(sX$bjSAt#FWmTe)r!FpVNm} z_&l)uUxUv+!yUcAXYtp2h0k0sZsw!mqRI_^2 zytW)3$`~>6Kf8|aHr)8BsgcUR=$-F=rObxj&Ug2mTgg*rJTDb?>7(ixlgH0>b#i|> z4EOZ2-v$gsMoq*x3^`VFbFXg^AmzV1_-8#F@)GBvMfq8jO)+w1>K{gqm-|YMX*TDX?TR zQzNs^85g3y%sj0s68u`I?&L`9Hd?GLtqi^&SfV7MlVYP#pY|){&bAwIZplu3Tlv$x z2kbOeqRu$&N&Tx*s!kiNWOP$Bl50&d~_Z7fp0pcejO>D>YmlyCUR|_^stnV zs&MBY?c9(YxIp1GRzXG5SY)bHYsV%E3uBZ6Z3RHm{43F940bCQgNFl4wE;@>8^Zg> z+3Cu80%&I#naC-F1+rL6*!Y>++xmj6oF}P~^kPHRof;Oty|6?S|272>EnXtDP*JrN zv$5I&Q&MU!bwm4|+w{gOUq4AdLh4!-TeGM&6QS&1lM+yLmWhhlB@cj^BGbX3@eMWO zd&v3%o7T#zK@epACibE3tlEp2gvghcwvjD7VnZbR1vC5YW6%;Ef}=B}PoiHWx(mkw z+E};BNO18pBGydyh7R{Wb9=!37S~ABMQ3x@U!b=Kto`;hKU%u5Wy&rfK4NG${xsr9 zfGK8vzRK?7OrKNI@5R5ZR=F$e2mG7fYc*(i$a6+}SJa#J=D9uVMEu&uZ^NDfnYj@M zYYjQR)D&gf7N1O&ZnTUiY}f<8Z2-#snb|?0T}AlN4dWZc^26{nsMH5~xk6V|n)T+2 zxpNuwG9%N957%;YeWGZ)dHsy(l*0O>hqO%!{|xqBVBuKYXJprn(2+(JMAy!Yntd6Z zjj40rfrvT9$b_>Gv`ER)@bO~S;o`i< z{s^|$4Ub>NYD>hiujPJIv1AEtWIR>NF>rXXaiaLPq)bo2pfdVOWyvP|qro)+=K*~y zhHIJZ46GLGRUz1}8K{|jliSfO3GTyDj>)vhIq%pfqUSK~t;gFfHU_Z2Gp$aBkM-iq zgsBpgtYr0MbQ1a=?m<<#+;AcQky^1otca6yzS)6R0f>_J8~e{b!|(L0?}48XH4 z{z_6o52z$yV^I8EfE@wr23WinX-sjHYvUo)rwCrZ6+B~CJ5HM) zg@>iCf_hSAn#oMYpELT)0~qO!g~C5CG+YKrTq`0zK9`Rwv)|Jj>`hDgmBHuO%_}!e z^q=vU;Sl1F$6 zLnlmsRyYUUEE0)pP~;T|IrRvju(e50&@=GOTxN=JCuk)_kWDg!J410-Bg{?(^VZWo z_=xhp5VBHBT(d%5#cKL+JBdW+;LU66I#P`<*PZeU4x+w;KX7MrKeLMb#419nzI%ZQ zFs-qVexyf>?4vK)M|bMct$L)HeU-aJ5o~tD;GuK5b#h19f{Rr!WWOC@A6=$Lqj`kj z3U%WCk}kKnbKa){ir)jRv(5#j7YxCCJ7dg*vVYdS9PiJZ7seJQKWqF{&Z+rR{zaM0HC8cNdK(~q5swhtc?b& zPk7+9OIFhFTFi4VG+J1Bet$dUgxB9AB*oauwOvk=Rj{u`ofAXwH?{?Yfqe^atw9 z{7gK@_U~3H8O3JOImXDc@wk9voMX;BC^b%wo>T-4j-H}GWvrw!_6??;&DwQd1|s4n zTw>iSJLixJYthND9WryU609$*;78H{V)maG@kFx%qQS`Knu4yGwE{B#<;vP*m8cL( zm!S`%c|BzSPFKZ1#VD+3UcTB*=yhyLzJ^tm`cz*n+5r`{BxZ-RKa_Tcp6f%*jF|yT zepLov4=mU5BJtBTgQBA@U&F6t|Mk9k3s3NUkGdcntNQ@4(`3a?)QX)|f##o40I{`dT-%f>p#t+J>DBDxl79XXtq!$l6Q?lb#QYGb*S>@(ZtGCVfAVFK+ z?fZ(~f|VZRZC6%G>2&Ulf!$atrP9TJk)hC8{#pfm;4knmmnHlKjmy}9(94acF12iA zr!EHo+bp?of z&5_-}5FZ5K)74kczkRcmv@ZT_j11{DRxsFEUhqH$c^0ITd(lxymT60^WYP8_*;`T< ztct~C)F{Aera`RSy~T=^D!2baU#9$Ehh&QJ9cv3NBq43W7f70rYXCjA(tdC`4Dz~mjx=c^UNF_@iH@ZSy)?YtXMa}7|hNsR%Un|t1ma&NXVH((llRYA2fY4 zePY{)-yt8AW~+thr5gH~VVK>!3wG3vo!(N583@-4HmO{Kz=i~vP})9t(Fy{u2X%yM z_;sa4m3vi^gJobTdu${ocDUKxa{XNv;Bf2C66+q&GESV^uEd(gy}!uoMz(3(8%eo7 z)8@x-_eQ@Ssfun{pNX}Y2$tBRSp`z46={RFp#64&#Wsq+IJwZyA1t{nnFrAHtBOU^5P>~1)@pb_%u46RP~Z{#4lv9lXJ8+b20H!) zBT*?MoBdQ{?i=|LAIpmg9KKd&`T`q%t&>BVF?;&VL9ig@=#?Q#O@E$9)<_AjVj^$h zv}F;3$&%<{8Q-;1TPV`h+tu9Lcnae}T`g5i@IpxG!wPLGQ1irnRkgHZ)>R-f0*v_MHV8VLV&&D6| zGAD*Fc%cFz=^SRxKJ09#p(mlxMp4K0YeD>wCFQ?P!9aR5E9`gBjO`lLc ze_#$eL=AJlI?tES|J<4;pV4g0%AF^9JYns7{v@EuMr#CgN8nD$yhVM0+>i^QipwsE z4cj6^b(b;0!odS|Qw)6smg>kIvy5N_5sRe|NK#IRN30KL@3C^4C5jALR6ob`NBqf( z5Q$IKG;9J-UR*GV_9n$5Tktys;J^Y!J1iOhC(Uz}#hdD**doh*KHOIVghKRp?}>-l{_B-SWMMPe-i3L%|GhD#2a(}2n$!T61cBrS3}x?=PIVh$EtS!=2^LXxMf0yL zd9IR_WlMewG^Cw=1}(p`WFz_w$u9}|y2n1herV@}vbA;1$zHBdFT>gG;gTJd!R@ne z2qPIMN3VYIK>TWtW9-heurNbgZ(w-MkIFx{D&Wkf2tA0DY>dzjD%0#s!RpmR0sLB~ zh)QP$58s+n))vsy zhq$!|CoqLEKe<<(Dyr;oxAMZ+@vGcrrg$s$Vc(45eH#C{M`oq-8~l}FPGrb#{jm1M z6yT434Oh)XM!{bYy9{p#2QI-hbnCuqw}Dj4aALRa`gtIBz1~5yYb+1e{2d;ge2eA5 zG9?W6@}5mi1ekl6x=g-;E%I$aafK1*Vvq)Wtv;ea7aA;| zlGvyYolUM2JtPk1roc)?4BM>V%OdQXEZz6MpFgWIl94|PaQZ8R?j1J(aGm7tKM~Lh zm3v0>M#{OdUO433q&*r7RAMkEBS}W4`x6qB82P4SUr8#jj%6QEQ4qOm)-Rz5fPv)k zTXAcFURS7TK!tAEKf8g>Od$q-yU=2~QFZEprSCmf|E}sbf5@Q({H_!H>IVv9WJ`_T zr{cla>xNHnS&&D(Ai1d$*C$inY4&N>CRNcrEYRUz31E?^1F?)5kN4Kk7?ym11W3M( zIO96U-}u6}va=L!J7n`1YNGq9W>HUJ&Www`WRrI+6pb9FTshtyUd{b2*kpvlTC$W{si9QhafhG4Fu&pfW z3($5?D0y>ya9jQ3k>Kld8Z`V;^%gcsWh`gE5%H%cQ#sz8Z+sx^ate}qml}pfATl&= z`P49qJX6QG3zE3+P7HWt$pDA`jwJEsiANQ%C0Fe#_owD|yNGL=DbT9hyYv+Eidg(X z@+t6r*{1rx5X`i0HDZg8+fpPZq~-}5`9=U)R{Bdv&#V-Gv6pGW@=vjyA0U*OFgWuA zT#oWX`%N8<0Jrv5^INT<|Cp5iM~-9yL%!X?>lSpP?UXvoxjTzAXx^CzXN0apbK^i~ z_sU;u&Oo}nE*KjE3AxvnL3A*T7pjqhpdY)DF4|uDTT-;uPV6q){7*hW6PaHL!*O(x zrSGPL>i_NiLe8z(vL%sEZr(it5_d2psmqgHYC32}_N2J}qdMlpUA*MZJ&+D@5qtdS zX(G$Q_Yn)<8o?J2xBdWMsMGU;Bcd)cBK~+bYvs)!Z(Lc$=5HA%OXTu7vdiLv^CtOK zxzVkVeMdiMAgyZBPlWIuc*(Dmjo23NFA_iyBOJr7F8Gf4n0=9om4#!?{JVAj)siFy z_)znk4(sFF`yt*8G}~D}_@>71jRUW<{B>lNmK)dT4hYag?8mwXGXNLEJRHAfcK5o? z{?QcTZNDp`d&*n?n#;Kh`;i?_6i*2Jk|0TLOrrId=ffGJ1}M>b?Mryt0{Qss1B00? zbyudlse!xX+p;b@g61~O=eXk`+0kvS@8$+pZi!uSPbl!f-dS&XXzmq!KAO|m>(2e@ z$QBJ1n3*bmY#Pc_lT%Xv`jVNS);0?N4Z=UD_m`)NEzt1yXV5)g0441HK0p0rbD*32ZRAw|Ekv+&62|dD@R&9|G_r% zq2>$pp7@iXR{K>}n5)rQr;SoFk25(9BhUBRk88o?vp=0ix{zp@PoiZWi5>%q4z}^BhEO+qgzAwe zgc=f|&VauHcg+zSliOeZiw)AgMXhw_226qaA>Y9AOs{oh_Gqqkb^4Lc|K~Q6W>DlD8k_o<=llgq?y? z1CVu>XNQAr5pqD9cufrV)8c32Z;`60`NKVQt+gjY7URT)OWKqvey)!1rC25=Y05l% zpQu7zYhF7Q2O1@`RPI0MawJO|>!Z1B0GO6-CSPN#l(F(8E5mu(3_#kgC{RNwH_8m# zAvG4-Y;f1GVO;VL(wm)h^Em_A86)dO>v-+dA{D1lj=$nc87hzSh@}29E#wFcO^!zT z=8-IwH1>pLMY7*$9(%&LMmZ?7%v(MsdPd*GAnRwCb?ko3%|8-^A80N`d?l(SDLtrA zSD{tM>03D>O*w^jD%u*qZUHLnDAL@tR;Xt7UR+Qhug4+0@z{^MhM-gE{HGM8NHTv) zfm9LMm%F&ba>K>t=5y;#=1+^znJ3`nr-Yw8$i>Fr;4b~3XPQzMaWSA8#ed?teH5Rx z-o_^l&xLH7-m_A~#)E_$?}{{R1$L4yC=x(@SKVkszeXhHOKUf0g+8)ZZi9+YEKlcH z8HV+0Xj-d^EnUPipH(`SW`|epW~b`ad3llS*D5(2lT)=_gsT-2=4J(-w?rK4TvWu5 zBpLA)+5@*X5%e^=yud{yVJ^7_rxu5f`yf!5}Bf)KfJ5{&9S=NHb{L6x= zTv*jE_Vl5zK>vJUiau+~hinp*6tpO;M?;sl^ho?8n~3WfgMZEkiQcc^J#jrJD6U7X zDXvGYDX!-tFTzr6!jK!%f_q5qGWzR(X3&3P&}K>A#4IM`dL%L^KU0Ar*DI3gnW9E& zoy?gO@|~2Pq>;<#z#v!fLO+mMe(03H+?R?)X;UE->JQNhKb)@SP-Y(&>;q@(}xQ??VK^iG%_8L<0nGjz&=-wTB^>o>A5WO@67 z&2Kmq+!JtWvIWOUgen}}l0*XgYj-K|<|h^qN)7D?J>EoAv6!SV3Oz6bp zwR$v~M=iZdU3chvA0cq#_p*I0L+MQWkrp5Nu9d&7f-Jau(m?oMj}Iju82qwcUqeaa zn^Z8N7V@+@{vG-Af&Ekzp<{fb0f%|EHaKoK8dWl;Kz>F)Ekh0c6<=+=Sa=Rb>?B>CbHF#x6uUmB&M}AcPv=Y->jA=Dw{ew z`)6hG6KyIhap8EUDT}RF6-@{9cn;Yh?MJ6j4ik=YKq)IRR6of#)c+}ZnI&7_6yr!N z;DjKs`g0Evs)r?%nXe>gB%I9^meEz5CDcTmNjZEPSpIv15ivPLZrT4QUZCnbl_jqb zW;TzdbvgQi8{?0e8m}&@)^zo?Q1dF(jEI!E++XdM^0v#J@I^aosV03^ojGf*(Bt5C zwy1jj@T=xHIVL7CvwN-Cm|(lROJYtJ*qccSC|rv#b6}j4LPvz zCE%U`uz~XLw=;h|$eUDLs+E5%X&e!WSsZ5-AkgH;8oXG&Q7<(j$v0`j&OV;N=_mBY>EB)0h1135 z=-ED(qho(>tf~z-THn$1XNRx+60Ms5JSO1uq+{c&DH8GEBeJmc?uCF79N^(nU@{

      $%2tZhWyr3e|8@G)0p7=p#3T;KPO}XKRS^xTz zH+!t0lw4bO_Au;VLrl%=kpV|Dd%U-R+2hnkGkX-iVrGv^zsm$L>gau)?vz2$ij$jX zp9gu){t&%bInca#f0y~7Tp#r1Ib~n5j|S<{p1~#n)y<=tu9Jzo^_^~0i1FX;O2vAn zO&iHu%^z=A{e7&YXw!Rk#1C1pqrV&Qg9bBpWwAILW=qBgDm8duQGiFxo`L1>7%}uZ z0VHhL!utlnZ3}%b^kGK`Kkwov^p>^IMVlaKPks~BRG5`D|M(|$QPEC5UWZv03XEs} zjMg8w8!t(N(c;BSEg{FS7=O^;No{+vC;X<$hJg{qNKgc(isf1f*%m&mjBczfS%qy7 zxKm43()NwUez{mh8vDawMu{*lzQT$>wI)f>MQLx;W0ZEz$UtmUlvT6V+l8~qwqt}H4;B7L5tFU zo}qz+*vevq&f}1bd%YQfU%TpNXDjJvK?@47L?9oqsy^At>0?6&+{ccwlFTS~{s;i1 z@AL73ug%~Q52o|Q@ul>}rf2g=rD^R79+^ElhIG8&J(V$9si%x%sTkp^QLJ%K`FHvv z;br@6fo z>0VCQo2V<-4XflLTk>{W@?n*{TP2C#vX7qT5&jW(u6=rieR{(R3eK>PD(s_idh~f7 zwRF*M4gB0OySvGy_);8zo&-wsAGlWj7?~RNEPUjTFTPs=r%ni$AI*4uBZ|z(t59~t zli0N1UwhQE5^wV0n%V*Uy)E#a)h&rFe8Cnlvwzgdef7x;v)uK6)0FGg?D-WIk%nL| z-)m-AZ?4v^?!kx9&1~@|B+Z_!08DXP%)r##_*zA~Mh0O{z zEBt5bS_ah_9)i4lF{NQyz;o84&jI~Z0t>!FZ%y+#NQe7y8xpS;Fp7O<$ngMEQY`6skk5h7t-C>5 zo#Y-q2eZ%QsiUmitM-*NDL*rkV2pKjJNOP4V38yR52nBi;7FF+2}kqW?V~ArbhiD#okZ!Dl&Ex1 zcqLsx#uJ&w{{M)4tT6I%S`YH^H;*G9fByde3Hdl;tCf#WP5Kw*qdVY#TR#5b|F(R5 zxg8F>3^4v%^6`5|{Hu)CDw&WjmwXxYKPMmm*2WNT3IF%V$HMpe2%S4_u>ytNLe2N&dm;GlWJKf`q`QAG3O4U?ONan1$#*}4SYQOTv z&c<3GX@Wg)vC^^B7?{2N7)tkLK4M!hVW)npR)0&T4NkL4FnK()aIM1 z^N8RbgN!&&1VmQ_@>$*6PyE=Azx`$p@crcUckxHj-HA){* zJKWiX#dW0^lSB>tZs|5?n?)@>f4$-&p^+J)k!r~gluEPz#oO<~BHifAI@lO?+zokf;(}jX+sA$HTE|DaKek6(FagF{=;cVe+9B4h|@S2Ak5b;=*IJtXtxwfijw~3{zgh~S4ch%h>)-M!u z6$e%-{?&`$>~GS+B!;*%&$P3M{lo@v;?ylL)8Qe41Wtbm5yyf8JN*4^1WZ`78xsVn z%eTtZUMMKrkWtoG{@z_QSd#nE3%!6MFHI!c@qZ}P{d@A^f&V4?8tTf+ltEuc|M1wq zpd0%W7~3m1Ctnf2*%P-;f4&#cbvqw7gMOG2G&foO%yZJ0iGD%}`~^lkGf&NYVb^Cx zG&2p+Fdg(I^th2x-tLjhQ0DJ3XIX*?88>jeni>E~=KpCJ61kTT<^3lOXJ|N7p{FbiyXngnKX zSi#r{!*0@w+j%X@-tubVoG!ZKrcm~Fsa?*Xe>{M}ew>c{2Ac)UIfdwCWBc(rdYTqb z_Mv+c;p@!8%d^*p(#s0#+iBNdjQdoX;&aL-pv!JfjFhf=bC>pfUDX-1T+zkKT8TL`A6F9 z`qjHOKbG|uTOVS`@qCHQoi2nE!D;peS2;|#o2$2o%KP=^_x;vqM!6^Xt^K_R*cY)S zffhsG@r!l1C9AX>!uufReL&oisnA=MmAC8-Dv+N~4O@4ds$8_CJ{PB8Jz9^~$ELOF z@*1~&lOfc=qKlyxRiF=Xx6R9o1Y75k?yl81qnGj2+}z6z0d3wA7d_S+HTVWse|Z>Z zbhxA=qU|TVY2{5gdxMD>craIRkV}m*s4h7mS8ye@Rk(!Qu8rKYV$Rk-?Y}T;p7L8= zBZk#tS<|YswSF12-Wk;(4(qa1W<1Wm_qvfX?j*B?!Sn0+3ud-`bRJ=7g{tCez160N zeo{b-uH>L`oxVX~4SKz~+598xlQMCZYC(YGIQzp#K+@+C$-tnx-S?3~f*shPF z9mtpaO#HtW@?;0uB|@zs<^EJm92>0|6{};(^?6qGZB&|&YWo>cppF35IiBgZ` zA4YoIbcC`x{E1suPu1F1ppdry@LFK$N}iB548L_a`fAd^evOryClzgC-grc%C>=|>&sgE$#ni1(RnVkmQex`f(>?-pVqdv+S*pzTA^ZlWVSd`_o?_d2>CdK{ zGxehT!Twa^s8Qz{m!v&~TdU1Q^8ehGYiJLdv*9yug3ZKAO3LPPD=1tP|6^;naTM#n zT_MF2c^{0CyDR_2AlTr$9^;4)vs#Jw_bd>qn9<&W?~;R?k=d`**;m$kt?_HlEiYPM z`|_;bWzO1iXFWGcV>6%S&dGCnbCp+Gw6Au#-GNz+A5*i&r1P2BLTXN*93N)Hra)x- z31d1`vY5>AlY+&E1NW_xGh`ZRRxJ^>PU=KGvc!Q7?nVkVv3_!7_O#|jZ4JPz9ZwbM zoTG%A-1v1NOadw6q|Avz)oCE6MYovaK;tL8Aq2C5>&gD5iUgck(YBs)BNYdBs@zCv zJzE-SJ$cR*k#%|I$qb%sPK=fE$~u%F9bCM2E_Sn9x@Xz=ZQiDX?DrfXsR97RWmur)*KDmI?YDae*i6~G}Wla+Kbi6l=|WRV@+653q% z>Zg)>AM1|mu=f!m^=qejJ$)_N)7jnhROt1joSc+sAi$~)8`@K@#zA-bld0RCy}RvU zHTy%C-RI}6OoF)?6x>u9y^#OKHAL)uFfEa73zg1$%FiT!uoY}`cj;gyDa}~iD9A1 zj~8emRj(NDgT^>!WTclDJs)U_@4=5dn_cF5ax9U6?v zI-fIy2*7P6818O=LPQBPnWJ{U7=(0Sz|>}>nu@kHmCoNQT0Y6Fh&-1`;%ngEZzIQ* z#V-V6H*gUevMoq4j8w!X?5xstA7z5WUax*#c?eXn1kYT;BRKH^7yymoGeFl@Iy06@ zZHT*L-uX8lYeee`mdhdV5UgvgTuXBv~ z72T?n>{aWt7vq_cW7$gyi%Iqp|JnJw;jf_{e+4N$(1E{-+WBktA1r_Al>5(=fbKz* zC%%HqETVv{`Zq&#-2JE}AMww#K6f!=&r6AoMRS71$A<~n>Fn}J zc&<9Xe0+}1o!jpI`mqn%5*gOecmb~@Dcl!Uq=J(8sXbrt2HHmy6comHEv$@A%i~bA z@NA(r2tsQ|1nClUlE(q75Eaju0&eNI*f|D2>NM4(9YW#Waq`|S?BJGl0K~Z6@tHVe zApj_;EIvCwd{>2&pWhs>PYE`s_%;5e_@izf@B@K=inb5`ZNcbhpoI_JKRJp3&J#zD zo)Tgn_b4`!GCG2TjM%1@Zc^X zQN2Z;%U$E{dh*|G@mde|JOle;!JcRUNCRJGXZq=6ZxRa&m0vYJJ3N>pc_8WBoG@YD z`dqGZId@iT=-b`hzdbrRm49`Z-eqHG5m`&z>m$bdRQ%7YkNm_{n<*MqiZXZaYitWahFHA<_P<2E`Y{SwW{41&LmIMU;U^ zv=SSzj7Z6rU~J0H$f%8aE{sd!JEWm4JA<)4+^u*skYjTI1O3u}t^#E^W(WOIrvm}&FK2cb_Tfxg3{%*smv?^TZj;_& z7RwK59`CG$*k#bVB;<@{Z}or%atw9^V++B>Gv?(2VR1UTaR-PPz^%(c1go`yei_07 z?SqBUIn3r_S@TQ50$ZhHv{}cp6X{5%6FQQa*rv;DF0&KVyWxH1h1jDos_co99kM;Fzh&quXN}V`6n6C5SoEBl#Fxuy*4Z;!YEE*#YL*&S z2>KV*Tp$9v!FG8#pL424^TBDLrOqbC0BN-$8YKnlDorLF1;9x<@pzd zT!1m%=pJLiZZOtzvE*mj>77xwB3&q>4nVI&Pwtzf4u3S=;LI_P8=R^CE;tjA9?k@2 z5@)07UO3ZB?w_9g+&IHxBcbC9gVDJ~f#tK=U9#Q%c%V?#nb}T#?2>wZ?)$j;81;KT zhJNgB?Ecwr*k^CF&)#I7m3>&&?c?3>u?|r%RMBkITx2scsG=J^AY@2<%mL~?AMcty zxt%Jj@CJQWE*J$X_ZZxnE_rDwtek1mPLgCXmFGP<^thVnw5Q_#(YDa4_$Lf372@iO z6s{J)9)$$5p-?_t{oqJTAq~Ji{!gNi*M-mB63$sz&i+jNi`NDg&kaC_*!c~}%zk7h zdtC;v!V;e<1l{uZdR{b0+~Qxn$pzTdjqb6DneeqjDmGso0XF}1T4!u-I|5SL?c)<$ zq%}VuK7XKBWip>I&~(A4K=$w{pp*El0uph&hTyLGz0eu>T7Wx+@T!2vB=!(!! z;m_}02!GBP*cqM9!4&?yWz*+ZqgCcbgH6HG1)Boc!=^w^@@H@05H|G^`{RH2IncQh zcI;@E@;(}(U6oGzYbI1wh z{O&3o>#zfHxrAKA9O`d~3L4@M{87hFi7NQWa9Qoy2O>zhn?o-K2j-tYjY z7gBGX`TK&r`I$jyL0&LAJ3APeo5Shq2ejN0KjwGi@D?s=91Hua?9*$shw{` zNzr@4PC=q|Ob?$hbBZLH8hkSC^e^7@FZOZ)nREj(rB{klRgkG#WTJfY?At_iOQ!Ya zAiv~Pd+9JJb@NG`Db@IK3Z$}0oi|M2= zd~b|XyFQzzosX&7Tv0p|0#-OPA>b26HaG(&le0VfaQp%j*0%Wlm{y8!ZGATs?Hv#C z#l+kUrKw-Hc!>FBpgU`yLQKFW7j*gM8Pg7|&SO~juX2t!o1I-u{XOr~4ayzr;_Va1 zv)uEd*1@6!-N7^n=jg2F{4t-e<=-0e>Wk06uXI?9jppix3A{EPKmz}>ph{baDa>GKnX@b$d| zI`j2!K1|{3=I1*o_pa0D1?Fj^(bapGsh~jgG`fH^8eP-pi|AbZs+ZhfKOzO=8|2TJ zIY1GR_Cs|RolS_<3YkG1bLdqn_BJ2Qp_8?$bdE_m>L;Iiq<+28K^xse|Ke0fR^`g6 zm{aQPDs?uNqV7CiLrA7ZiPsSk3b`{4r+O++X;`*5^WH)K4d)HJ7X;GkE2DkZOFyzX zKRkfC4DK+7A&8`OoYje6YvFP%!=B9WYxF>W9w44n1E)zm*{)?)bBt5AF*C7Q*V($xPOK@j2b!;2_irTxI4!J?tn{zl-zTpg z=BmtjUE@dD6k%p%VoRNmw*ISvt;UO0L;-XEq}N+{bn5=hQm1TxW@3Y`d9rMOcH%F3 zznthxZzbIXqeBye(O3jv2wuISkWJ^Il{veKeLm`a{@nXq=6(K;_Zj6=Ic8F$evX;8ye|PKqym;v7wh#h=M}?U zyLFBMr)H|g{tLPv9Zy2aBo6evIz5@6N&eL!ln>rZ;O?H%La-k@t8Ko5bn7^xvp2G) zQC%?vj@_(Npj!51RJ0ttBs6$KC5N^vO5+^}wZ?@gPH7)S$eNdC|zc9{*sody~r9}PphUWO(_qxrC@?*4G zfAH$(XchV>^>cI_-wE6XZGpy*43Vt=0U{8S|^D4mFHL`zt^ z!oj-Sufdks*gQo{ja@N}6V0oPo}FKb8bqo|FEM`78?$d${seh*u5pr*k@=gyf-xC= zoQ#Qyq$?16!#`6j$=GNAt?Zzw3UJp*`HmIULsB^u5JukKT2&_q`)if5Y zWHh)+gK(8@{2L3_H|FCk^)zjNRqMtxCptI&4NqyRZcf2fD$B3OH|iljNh9HUOb!J= zV_B<*$WMAZ7=xYN3w~z3TGN#enEEupspC!nhICl)8I{o~u+Ynu#fiXT9im9TzfBwC zOnohLoKyB1K2jR$ISVdKT!c~#XO*G=&N1fX$33s^@xU|a%pg9Ll832>yib)2EW%9&4EbEYJD~3AT=%-~KKZC6t z=r;glvDZ~^K+-&sl;sw^!HFpOXUD(VaXmu(z1J>2yeqz4^uDomEIx=@T6{2{ctjdf z*%Is50G%?Qw0_NeK*3ncy;X*LEf3pOrg}RK!#=>c*Tc8ZRTjTJdz#*6X1B$j73ojI z9{VzU`<-Jg-!h{R-~Rf&6u!OZX~VZcvoOPeEHq{o_L?^f6PTbvS-QCO*J~E`P-U#o z{>oSdoI2ICcBXPNYAT&j>J*GcFf;#xVa??0LU{B`0Az|T@woflpI9C>J!nA-tXBD5 zC4pgTWeijujLG?yDj&PJ0hoZ}dl>QBKBdmoeTe#wt#2jz>YB+H*O86s;?`~9OlM=_ zYw&8O^Gf0@Gc$r!w`_IAsKYFyz6GO>aY8Mbi7b84*j{J5zb@yQ8WLJXNaaVixCan- zkWCu8`#zUP<1q5u^4xF#?@{?l{GS)!*nxq>KdqL3-m?5-`Q&pn-21 z=oG#Y0b!f1M*q1h|B~dL$GQAe-Z}RNpTRpXcHkY^Sd(9HeaHL_>D)_{ZFz#-t~Oj^{Q+Vn@&TS1?8Qo?Ux)svUB7mK$nV&P zOe@U7nvV%7NYrCs@mXjfsYuGUx8#m@=C$NeyS;_@oBSUGTQANOYsn!Wqmg0Dzg2z1 z@Muq^km(rh;l^hlZVN15Y6unCL-L2+MNpg(CUx6G6qTjmL((x(MMj}edzw`6lwVnq z^BF{x!K2ta~93*V;<~fn<1HM>()K^Db6OF z31Aq~ngwGO_K?4EU^#c=nVuvY`JICN)}-tm zh_cmkCf-*Sv6brFVC;momlY!u1M-8U=qS)hMM26g&$w)O+MiDpA!Av$Us0S^Y6|MQ z6=mXAFTtOL6Xid>{5=nt#62A)(A-|r@we1(2ENIi@|PCX*U)Rm!UAvL(k+wt#po6@ zT=yLlYnYMTa+x*kR&$>GOB2|jG47d;bBc?6=xh#CGz9?lPkjZM#*XKMMe6HGP)Z9l zskmA&Qa?Q{oK1?-bYZ7qM87bx!SPkhZ>cX5&g7arwhg8NUNA6WBgaHexA~#W;sT8$ z)r7Nl#js((NXR$R)>fNsYHcGOEWOiT<&Y1+Y50UK@T*b?>X{ zP1@5d?zTTbLiWID!5Ri5LVahB$*M$jritD~DDILqW}@o;0w9e2362uP3y*1k0JZV( z3`2`xCA3)iwD#nfB=tdS;db{s%soZOTvMuD;4nL-H&~Yhp*Uqq8BG)=v<^o>aMcRHVs$&28sYTTfssj5JO&cXc6nu-Fu-R)GrE|AMgrbM`p(lzO4h3eNnS8nqA<&aQuur0jeIzB0V_TA8iW0ach?ZcV z3reRR6j!_<6ti1R{kx~s3emb7Ih1bmV*{ZbK?fAV2Q%;o^}Y@JY$kQfUOk_@TB&p{ zJkC7vDqRfP2tYjzkLgEBRhq_QBmHq`8>8qbwkse$wQt@kQA4M{aTIMZawNSXFtL?P zZo}X4(ZYY{_J3)dm!q{`)TMprkSTI(l%dgSgj#d0|F$fa%F5L9pp?)!PkF=0mVf^) z-sz~H7S&g~MA_#}MK{e%3ty*Z3)Ml;bw^0z`~3}xZ?+;IMC4~u8y+EJi_=vzt;ies z+Wor@VvjVoi~SAlQfFn6{dSW0KTS6hKdl0Z->{;S#1|PBZkPC=LA{Z9@ZUOb zn|Vw#eqQT}AFBXC2lCCJsu;86d&X;4zMq@n%Xb)l<}ssl zx|2^c`Au-&*MOEA45Q(n&DG#yRq(#pulN<}+HzvM&l;v-kK<4uaGYgRxNe03Dwg%? zZciMxyMfz%SxB8iEt2P76b0TjYndVH&h(E`VNN`fF(Vv-N)Y{y_%y4=1#NsP6!^1g5y?8+%v+I8( z_Ttbt4<{8Ml6y5k9m)tS{wBQ?kI4?)*RI`+&Oz_=R;C}f!}OYLQ(Hb>b3#<#8Z7-QDs-)A@tBQnDz|EoPAW@Pld*n;%pJ2MTi z=d+8bGNol7*z~~SWemG`OlE59?Lc0f0wm9VgJ+|oGu@1orhFhrshw0Ho4tWv?E}R~ zj#C2zMW+qv@F(Bw>5CnRv{S_COr(wJB2wb?R0^$xzd7s89Y#Ct`W>dp!RCatGawp- z@3+pr-0WA_?#GJW?&+N$eUM6X$VL@Y{@lo@xjW^Dko+_*Tbc0_@ioYq-0V*Nwbaln zY==^+9tTz$741~zutHCo-on<%s1oyPFAk^O(#j0shDZO+`S0#ZQwu{|j+0Dfbk$In zXo(NHr#$A{jPIi9to68?D-$!6{QB40YjJDxksI|hERp73<6r54O1^l_yDeNdw@aqG z_3l)ujNfHWgtYo;2rVIh)8&KL1Y`PRoNurvW?p&#==an`T z^&tN)w>+@?vW(KmTj^X>bMbciv~mjgdPmXKU>>I%C!940lf{ikrO9T=G``M53$hee zRagvS}xpNg_At%YX zswgt*mK~l~S}XpTQ$VS@$U3w&U)`Vmig-|Metpx&^PsH^*Sc|5r>q-SB+9@&C6Q5I zF-^cw6AQ#pSD|1r-mkblc-#w&;Nt@><c{;+y zT3WsuXu^*GO>9A)JL6%)ggyk#@@)JsYusCZ9_dYp=L+uefrrI|-f+MsG<= zkl$Jb@X+uTcLgvr`rA(^N^}3ZRHLVDprLIx(V9H}D|D~0K=%wrORLR&iv8-@wdp;u z0n?nzGW2m^b$VKDuB>Pd+mPpql4?f@41)RUlHj^hkI-1@owuQ)xiv@`+H)+XBQpJh^ME`34p~sxBeSuM|B=Z zp@SSGE_V$#vKc`icZ$8)2l{8T0zGjf7kS02!>=pAkovUy`v?rpYl*J&Ppyq~q~8+H zn?o2Z{idYQ@51dzqu>9)K!$!KDkkaI`U^w9-yaW+`b0hYX|=&4;29A2KHa?StP}#; z2dKutK%A{hPWC7$TtD2g-jQ$tygBY>&LI&Iv-K|3#n8W>Xa8AXaa^o)ZX2@!#;y8AES{Hik<{koFu(`lZ{PEWl$ocowJ zJ>mqhUC(ayv=!?LcuP5AL-tkCc$NFaL&)`RUi)@vEU&FgHKBrlz+waK+L+7q>}358 z#$nHgW*q>?Dmdlvt{3F3d62z!ACSG0Zz21#h3vVk5uG4A(?G_uyG>m(!1c4h*Ow4G7ys! z3^{jJfsJc2g6l@-U^N0ochbbR$vC`My&7oXLJ_j zk6!pJPJR19k5hjX>>@DIaYgb_^AzHdnlCX?3ino|jPp>nkavc;TZ(BCkx?54lsmL$;G=ZN-%x&%aE#5wVh(Z{- z!RP=&Lu(Zha6Z)f2h$JcFP=g@O23#K6IO96=UJS=r^W)MnN*h~Ho9I|{FK9F9r2?f zl=yR>i_C!~`~a2!x{B7>MN2%5!aF)rcmaoIlx;+X7B$TJr)p%~?HZ2cVQNkf+00Un zDGRWtN3f;slHlNj!Ss#({uNSFnoPtl)lY-a^3x`45|>ioxr?9nD2yZ()||k6B@KN* zxihh>^~a)S&WKpORie|gKz0EIxH(@=x0Za#YM>HnptWfkwlayk)f_v}z9L6;t#!|^ z#}3ij?!IJN?)0cItvSA|`?!ry35)*)7XMZ9L~*qB z=O~yCq+nY5$za>eP3gHBOnnN<<;xEfpI}r_Fycw1xa`$d_eAw?n6ZhufSF91Im#x9 zSz(|_;cnj%yG;@cCx}45-5>(dk|j{mswXc%NYb}HU{o%?_271ru|MbmL$d+LK$zPW zS(-5pL$ea%|DxJ~-rU?a$WpD^QZ3!1+9@WlQ5cInSA~cgsvU2sX5y=wdRpJQ+Wpr* zt&{9OYzSA3rUOn9?zlTV!o_d&$Y$yDYfB&Cnt|&BeX1IYGL3&1Xlm3w-mVG8f&~)z zAbP@WtP#doXCw<2{9MXpuVKBAMJc?|us72q#fSNDul^C8Mh<6$hewLi!WS&6x9e$V zlWA~gVPsT=d5y)9(FKf(10090a?j$GwHXAm1x|$Hs(C*%JXY_QM(SB|8xg5z$&I$` zlAGVwf7S_vj%~e4LdDt)@*9(F4cV1KzsSKG?fJr?*l4u;;fy&f-0gZs6Hsb(!c2@# zs@Pd&j-}MWEwKyUy@^@#_3nops=P|I0O2AyCS(;oFL*3iq(ne;t&N|@DqWKq>T2a&rfQ6FmWvF{ho-zxCIgg+mTjr z9~Wr&zDvxf1tjpK2N+nYNsQsu-|N+-6pPR+f>DC>nXi*d=Jiyvq&D09f(`Uc+QFmvz9ebJ;^bVO(eL@EJW@0f*k zc^(9U*kALUk0Yf5hz&x{bvYAbXTMe%y9MWPvFY>}QVw2gjh}=;uW$}iy0OA}DdcQ( z?;tBB4-h1amJXJk`3s53A9EHTmdsyMWnVe4PedZZBZI#Zh${|1!4-MJC0p>j_ zS`J@QId~Tb$sGf~45l^67;@fqKfY63W9mDh=qi}|=^Irht3c@^YlKqDZO|;gwBwbs zITpj_mit|UT%T*Ji7u7FN!X;bq#CN}aq}ADOP5YfWp3Mm##5u2PGr<@(;Fv)^Gbzt zSzbuChr$(fCH7AYHg`CZUBAM3?m*M6z3awO2~6bGBbQHO4L6m-*zf7Ynph-c0doz_ z2cy?9zKIO~s$4=t@Yg9)29mKLB)2i%AFLKa$Y2?lt@F(+a1Ffe-g=+pcr$7=J$$=O zrg_4OBGERX;>#k=biESGYFRx@{{Iw<`stdjJZL~rXHmu8zGgZ?A5Ubk3-V-Guj8r} zCG7UNUpmAa_Q&K(;H)Xsj3l;pmOEqoi~}kA#lYs}=P9+RfbktR=a0z2lt(E_!I9io zf)n@SE05xMdk&83N4V%;t76||LLwC_oJqy%Q!3VcM{@MZO2xcUMxB~p;TQAybiTZ8 z?aX-Ge7+iVj@TU>w&+~>(09s*{q3ol8(1W`e&z#=B6(pg_2 zKg0iFOS$uErIV<1{=>O#{?Eb%!eY{tAIR4}LuJD+jj{txVpz?*b88OjM{bg4j4`gw3h&7g&B{KC$t4DEMbH8Fkp4UKC_{OA=JAjCk!m zG+kojkw0STZv~pZhMUVsZX{cl_ocwJP+(-vevRM76Fzik6b~L50WQs}W4Wj-ZV3~0 zIux(UQr8cet!FyOeI^f9#=c2mJvY$wTj9vtKPG*@_~CxKdsX^`XrGOt;#X$Z2L?1*ht2b2RNH~JL%u3 z=EO6S)ng_&q3x~lAK?L1IR8NtyEl?DgNkmBFXlJxW)NYUi2&q~jdpzTH zd5=^v-iU<_v59Mo!I(WeQuwbiKzb*{<44kn)VVm#o%Vl1^L@6aI!aKz+oc!Vj$M8E z;A!IvNaL%qkTb3zF)$PxhZo;!EWuLqyIZYn8_y5Yb3AWZ&vvdom|`lgHk~J84l`Wj zD?WwIh?2V%JW;9g(GTf|;#UKAH|ql49P$dO^_(|@*JNhNZ+WxiLsaOwE}j4(;Gv-e(C$yibc8-&Ue#p@BiZ<%wosc$T9(dzQ0}Rlu_(q=6ZD+OURu)x8>^ z+{@S}BxJg?E$6AL_MVoS4iaba)XjQobU;r%?J>@{YGYlDIyLVh!2)P)djC+gG&dBj zK=-v~%qGgSex)W41X?Y%pNb>W7rbUgT3m=yR$*GOYyq$hvHrPIpBr0|odqMzOG+=JxC@Jr=^QeTTS3e|O5SDItHEyZQ|_fu*LZ?z&j(K{HsBipUz zEm^qf#Ac*RW>QCJ78A5aqw^Dm{uN;R4rV%lBR{)SAqQ*=E?b$Y45VdS$Ml6a5Zb9_ z+i#nE7te|@l#WWw*O(OiHL8pLg%YFPDxDS+S{NwAUq0aMSw z=KQ+%kufgZln5Sqijq|UrMX_U_{hM*cm;z5#=r!EGy*BJD)WiWEcM)NzE30n{2d$m z2F$_0)+5}vf`kTUY1-p8t(l)P1C1YW%~e*Q@$dGkXP|Mnf4^V&I<|fUD~qqM3SVJ1 zfkf`mF7vafu}~S!&!^?H8R36=g!{{UtL>lYT_fN8PW$(oR{ul$P4_W~2YcMtEh^BWKfB7G?^JN$fvnNznrn?Vs`LTtb$wv)r8?=1JsVA-bD_%sBC z4OXZg#UIJF!9c|?U$Maw%z zja3Z(gy{qtp7MqJtR{1`Bbsq#0|A=M(;!hiR~+D5+3k!5n{41=6VJFj`EfD}9qj0% zCIM3MzZ!9Ofl$Oe6jSeh=Q~JpENjhyi$DduUlBd*EA5&rwfD%Vx+jyGOkD13vM(D=Mp8+m zVSdA3?n)=A&fIgCNSAFPZ^hGPW6)(oOk?P>@kW=;&2}HrD>Nd>p-i5HNy3G5W;NOp z4gCU*Pgl~N?X{)O))*e%A=|sNLc1e9&%hherLmE#tXliSpBMx2i(Z#HQ&&l`Z3DPY z5^fmMa=URk86Qf_MB}VpW81$@t9Ew9D-Rnjrs`%WF{v-2LS>o?`Cj+7z`b#JaQ?7B zBqHxJ+Gi`0d2(sP;U3{$M&@fb@+GtOIsRtVKI6;h;hwdB&?fK)K>>^#<}{OS@ibZr z#U`X9e;Wf$KjoITwM0&%VS}+g`&3x4T7IZx)rcPwloY?Lwc63BGOs#gme7QHP-+9_7h@-zWASOS_Rn6rne(PM?1Bd&5%1=$JlDBC>^yz`G%5ZKbotte+lk)UXIX z?TrsJ_r0!73_`GYb93V-w7Bn!7h|`w*%0BE6|*kNixGrY)rAXK)_pPYFhKB$3Q9bnE$lvL_|wHC zbEz_{SVwwXbb`m%x_`SoEw#_Xj<*iG(1znN?r{lAOzv8ZH2 zRrR<@o5J^=^yTvVKs@rYAG(kAK@f>?<_v9Sa$@%66E5@-73vSF~U^@@r(1 z`uFzI4H}X5Pqwo0CPj;gGy9?Qr6%~K@3}x><3l3b4-G8-tM=*mT2|#eKP8Q)ZTy12 zgrhvSfk>1W;NhyWc+G+$HP%dH5PJTwanVo{$hpsSIxaf$uJYo|wZ9d@+uJiOC0I1@ z-fLR5V5pE-MRT(*GC^aZS1*)npB%xvO3Wiu71R*FUD>P4^EpyUqAOagH*xt4curo&HMYxObWV<<>!IjGQW%ev!g{c`|ktkkj8Q?jt~Kq6_l>mMP=HIgq$qKnL#n1kfsC zm$iBI?;~$fL3ku5Dqg8M$>yCGK$m@NsCOT_-u4b(kItn_vdK4?SZY%$j{X28&v1`F0FQN%Ufr(^}ycisEFxc{LMvxLK!NL2ebd#+t zmotP0mi}Apsw=yX1pf$4myiP^V6;1_NLBoa9gQiJ{igbGxX0QatkUk(3b9={rww-v zn$o03?sHqY#9F$K^SJ`1p)i&E4%b#K4&CSTVF_h{E8y^@UB)?ZvK_o z1Y`V@-KCa)tAqqNorfBG*`=n(%RsA%ZeFPr| zZ!-jhgvXUGgdEu6$?C5}8Td^90oN(4zJ#?hcjcAp)#r4(SLw^`oUZjT?GLl-V?zk_ zvOX3x4DcJzQSm;R2v_s_G;C^(x!-6)V!?HG{R%d~a`t=L1WnCF9#5HzLOmWkp`RLO zBCOwovHNUvmG1>!YvwU}De~@{=eRF38;r4_?A|tWe;XBqngpMApbL&^2U;@H!qdRt z&>rL$oPF>EvpL<|QueTQ;m8mwii}$D3-OZ4kF7GDRuv|crdudSN58nY)QgGyzzYGd z9jbM{O6AV`O9x<~&6_yp1{wIbm+~`0aw`yQ{yXIQb?XOhYtu-$_uzAa=V=1c>&gcaNQ^_3f_6VFuUJK{MsahP z9e})-W8Sy)5hip~^PUoYE_zOAT;mS^FCMPcti`D=9OIn-9h9({-)#!qqiP(Scz4XA zBMn^XFuBrnMfkVipU(Y2yVWgv&RWfc!R4Dg?hh~&4YIYRsvuMxEL!+|>29Vn z+ubRqWQje6vptvTiJyCT8?9X@UbF7KVY|${T5Pt8wv!C$POkm@C~;mf!KZybWO80D zzc3@SyuswFk@kVUX#?TizFe?!jn8b?d{lPqDynY`B>sE&Yt$u!cepAD+ zOK3Ne7S`7DNM(9Lh{&b`ihwc2Qnj(GRG~5cRRr90-;|)xsp*(*OVVn`HJjz`l7>6e zF9{D9y5Cn(e?;7{4lHO`hA}q%*wjU{?L(UO#$P1P9BeBoSlK`??r&a{x92?;oybyF z5TiB~)O0@Y9i9-_!C2O@b%##wF|xcOu+tXVDT9&cXRc%K+{*e0r>bA{<70* z`>f=NH1})t4#t>orMagYNNmq6;d#fR8iYM$daj6Na>S00v6K;gf_ij+{v{#8TLbb0 z3po!oy$C)05&d`VK192WVrt;-{Xm$E4_*>z9K(0+ObIl$Wtyw0fu<5h1gWwaVM_^4 zwXKoBHp-!}oZB3SW2@pZr*Qi}m^HyizUlZtk?M zFiG}D>+`?m70sr1noq6Jy1!Q@Of2hLZS$DR`y|_W&{TXqU7YR&ALoKv!ut zY8vAy0hX9RTVJ9r_uxKzp0_lIU4j1`joC)L{1vNnmYOB<(zWTCux&2u>{p||%*NlP zYv>R#u1SZN{<@A$DIc1H8s7$7*%G0 zgsi>(50Cn;3sU(*scQ=#5S}oXPk0EtGA~G7WNoYS&+4ATFHFP_xHlT~*;P^ZBJ;(j zKFAZTcAHKS0j#s9y;assv;~^Bpuap*XrFIi$fADeXAW&qE017?oH7CY8!#OCus|@jNg$%X3xV$gtBg`_Sg5PxOV)~6G+8bE#CN-ngE1F z!7uMiqQK5mQ{_v)xZ#_-pkQ>M8x)*#(|qQxYu}9?jF_>`ZdMKb-f7#I5Y0Lpu2K>_DCC*B65k3E_?r|wb2x1w(Bboi0wP>zgI|}W(!zE z$WGRe7;6^YM>$|=WoChU~f=(bZD*j!)KnRSAH1jDxlI^bl z24S38Xn^a~<27E7o&w1Jdr|>-Jw9R@Na-<$kRGOm9u$L-losV^qCS^ zH7F8d+_|?<`p$j1gayhff)nj41NO?&?>m-$;C}|AW_^I6Pt7ke^w~h+rV(>%Pf|o{ z%}_j&b@q_q0wUCfoIh+x*4a}@C-leyc?s(yxP>K+ZGpz))rV%22S9zph_h>t#W6Lh zbuEe8gE+9t%(4efQ-dKC>od^IpUjT2-y7x~Kyj)0tTwM>ih;*T*%>xBi({FsvdyW* z-OQwmzG`p5Ym>*4Td|H=6T#s?hz&fuSYuIQto)ZPIu)`f^&jTfvcY7Nwqd7?YE4C~ z9`W$c;*R_yy)u?r%yV=?(A!p-BZ_TM00uydec!<2|BgQfw%$l>_w)VKE|`*_TzADK zse&oS$c>kIw6yg5o>u5P)&~MN7#NapK%I!m_V|ODfqT9V6&mJdFnyh5u6m3NG*yT) zN@>~j=ZksTT~baIFBum%KTaP zcrq^tI~3-qcTc(A+sD5xTlU7=NAC6A9XzTOcGr9y$6)Ms!Y~Jd2VM`h9JwUIdSd$P znmn0uVA{gRBGTqkXKN{|j~G%5&g+prek=7xB#upfz47ag1vZ7TlopKt7@yC(+_sN~3F?!wATG_b2o)4FZRq#+D+GnAwa^fi?$x%Kawboj z^;@eaQdzHKhlv4(HBA5_{5H{6&oU+xwE1C}_E|IeK)i zY`WIt%8@<0aHU&tgI9YD{p~K}i;UoR4GzUveyrR2*DIIXQNwT*FqNX+AxUm}4(N zpmS6#;tlZuLr3LAj$Bu}zAQGD^gHI~rIFU&b${mTvs|5A_gG}@Pa;Q7u6r1b^h>yQ z1;UUPe?a`}w5&i=rMX{0VYt7j>9CS%_4wZ6E_%E^at)mh&R+u zBz48WM_NPStWy3K&lzFXLe9}I;V%cCoK1MWMDBA8)zSoExpSB9x&r83?Z? zhIDsJHvPqv=!0zfK6T#D=FJq&%AVG&mg^`_v^F?IN7T+L*MVAE=^rZ-{wzV$0q0Sq z`%;_~lHJzw$o!n(qPDa>|IV8CYH%IVBB8F;X0)QzeXy{z`vt!{QC0qX*iS>zR}jcoO1ysa#I#CxF2YGA1=X?eMPNA$Ky53 zEldw*M~aUL+}Dyg7E91eEesgCp^;$8VIGc4=X&k46~fg|I`qBa5Z`{RZ~x05jWbAh zfu=W&aNDwyq$mB3n^CguOX#Xz#VP-XA4-dJ!p8-cPs*59T$K@Mtmdb+X;|edT=XD@ z*F0EbnnnFZhXhGLz}Aa@Sth0x9U5@pE3iQC;ycemhX@6uku;zM

      pzx>Gdu9N z;Vtli%CVJ~vvJLO1eO-VAW(P5UW(N$!oCEWzU=+dO5QN((+7Kmj}_I^YmNWT51F+& z{LRv`$-$n1Cb|El1@3Tz! z$TGtzr)rtO+=kthx}bJTXow{SM@YvcgVo{*!NBRl;&KqKK%%tY?&{jKK z>XVXxD8&W%h7jD5bTLbtb%e#bY!jv_-dA@kg-*9>H7+vhs)#{OrBk+bFIgFXRt8OM z7R&FZ*lG?bZ*@iOWl@LNr~R_1<9WIh*syMrp_QGzM9F8)UOWD|=F2YkLq09Px!J>n z5`qixM|@d(u1>qwZojhp_q^0jCrih)&iF4++VSVPm(dbIs?*do*y$LdQnDqk0!KfX z+wMEYtuYUJC70xvFFkB=zp)j4ws9|FhSmz^G+fdUXlmkCVEM$1X+-BD3#-#=Z(Q3; zDU-@1NEYk}nqnOvFY=_GVjZd(n(b-7&69-~j_jLAJ+!TQs5wk}=*d!##LYLm|1uAd z<8|2m`7fEm_T>CBK7C8%8NXQ8S>-rIgI~5zk(Ru15Zi7~Iz^2BGIT>lk#&x4_Q9c~ zAiFW^bKGgBA0=fC`lLKf)JrzKsf?!AzSN=VhmP8GpDs-wn{2w}aB9=;e#F9KfL=pA z1|WWPiZ@YhCwYe}OaJM3PSC%woA`s~|96ehePx9@JK948tZEVv0C~Ip((K* zw)3G|_GKB+5=GSlO)8%oX`L3h7m9Fk(ZUIl*23B%-H)^m4J`eom`95*JP zA^)JYFmTre{La-yfxA@#I##vCNQmB#&&0Wiv|eAEs}7o`($We;FmR4hdaiKI3IZU8 z1omsBb=Jb6k=9#lPc`zx*FclbHCfTO!(%IyPb0$lZ`B4GHDiyo)&&|>)6R=;MOy0v zP4DVi!5`y>oyogn&eAh>{7-T}(mFTX8%Em}{|^r_gvg=Zb*IIueiAv9H76@p^{Yhx zSk<%Mmko(5r9HQyM==09wFdX$nd+l0{PnU}$rj@kpT*TrxXPN-ldE4PPUNq=Wcz(X zqGu@+DxEhN%Fp3+w!qR407EC}Efu__EqgM@#4@ux23{lyL`{<8?)-gJ1Fr^Rzu>Rn zV1Fw9d0_GV_Pg=X1B>sr-+m(caR21GJ34l+-2P4j56oEEMA9N{(V ztvxL|oFe5WAnDAPvLQUE373Ks%J|DMU!@=CR%!MF&SIkqyXl`z5G2^2D4|7dVx(3% z`wgqyV97f`hCbJ$aUkE)__j#v{Mt)nGr@1bK9Xbro>N46$=ps1;KhgG2gT1OwA26N6#nyJ@MHXD zuBbX$^{WV~a|{F7ku)Y=n8 zQKEm!KVV1V3`QF|PjO4XgX>BZJg?m`$Zi^BaITl)f<(g`m|CwuaB?sEKXtK4E{% zNNGs?^S@g0I920|_1)XPU{hknh)o{s$^J2 z?W43-aY3`4MM#W3V95fU28m=ZJV@&yXGf*8v(nj9>AYw4_cHYfixE7c1)FQ#PN`3$ zqJ3ZT+uS}+>m;U@+m?U%Gr8@)qqx~teg}wvo#uB;^40oGzodHjVq|LmAZrSUo3Ts7 zZ1&vZ))PCAuQRxnMoYbi|4LST{MY8D#~`Q$6JynuDTKQaR~?=SRt=>Ljn|}R)1z4s z6XIa1>-aaZ3P-vmGU`WlBBz$qN?2_sq;O}D!Snnq(xPPb3fYY^|1=`;q&Uhp_|k3y zmo@Gtnq|6nwA&^>7(uer^H0aSsT!@hWQlvhS)WA#?SLZ^!Nc(-M)Ixw2*r};XI{nX z6q^&47+n1(zd@fd?-M~bY=$;?gx{fw=igE7z9FslVxwA%WMxoOeuXM;8=&`&(%2r? zyH8F^UotuWqJ~2=YYR9ZrK*j+z2hLIQ63aPJ|MAflm;oJ?)xm98lU+{)UqQWo~@9mdhw5x8rLxm^O+aX!UeC4AF_RU566%OTPM8gwZA#rRtF%__B( zwFgXVf1b~e?%}U^n&~(*2e6A!>deb8l74zkw}z|^wh;&MHBE3Z8-|~@4W=JrnW_h+ zgY=w0~M6>i>BB+P+rR0~HB}DOir@yX$1$QX1H|aP^ZwTeg$!g62%lO-3d* z2VVr_mxA|Fvv5+eZjF4T%0St6tvR02aPhU_la;8~MpoXM_6<(yq4c$?IKM^}=h5&c zG$tDcyab@&tBMFQl0nlJU0ix=_=JW98Fwh6dBOPm=P;(daV@WE4>d~60Cno>-bP2y zT`V2VPN_HC!T~a)Ioi!NK^@ef$se*$U7@FZYgy&?G*2SA^zDrgP};{1G+KX>J&l{# zMfB9!wxK>98p1zWdA#3gnDmmPw@2J~RpK%qtP^Z&&op%a>o(KY=K`yJ{qke){5*J6 zhL&}m3?0S#D3ZVD+Bd6n^}r+`XS$ff)xGM zJwR>`)Fs8H+V$X3o?Axhk08TYVjHJ#zdC6L&UZK;SM}cKI@sbHFE&#kQ56L)SM_f* zleXBZv-auAeMS`BzcQS5WrQuBn@HN?j-8s7BIiXa;Ied&smAa`J3i4_VYug>$XFog zT>OW(hgtt&_nHncKR(KX+1Gah`>f9d`-IM5Klk1j2HVrd=KR%to`>9NV5}vfYmEQ1 zdo0UISMtXsm@BfofiHaG#L7P!!MD%yALg9)S=K8)nVjqnff?_M?3Z_b_@mZ-8E@73 zjV+do{j&DVs%#UDxht#(F(|TRGAIw4PfxjfZw@UP<%q9hX+~YL_ zexmwD?NzL*kqdKecnm=?jA{xdL+RVla5-qW)tPDGlS9!f3)Gu>sW5v}6j!Qr23FXW z|K`L1O6ZoF394;|(4r}H0V;7Z9B%emK+!)NkC zng$4H)qS1RFyfr>rA#2d&iV4I6Jw#=`8q6trQD=*)v1+JlnJOHsgQ;pIG;LdONVgn z97^=0jSTWpajLP#spMOdEfYw?t4ck7XS#dAC}WmlecyjaF%*;Kgmy78zQA46K%VvAVp(4oWYrxZJEt8o&usqkn@5Li*+>tv%Rdb==458! zp(AA0(j4th_oG4euyi(!1)>T_A;PBw-!M9y!9xAV=>nLVX;&6d5`-Gu{~jR)+v>hx z7*y^dlQj8P?qPzh!Vs?XHHCJece#0+_1Dp?zqS_-|L$-pZ%->b+ucPmNllrgWomwr zO&sYsK4S%6b&JT4bBFQAkMljub!VIC&dOEuit5l@j#!lwR5@SjD2C6oe|G-dUnK3i zKBeMhv8=0macJq}B`_#$=COWA4>0OwOyNp+>u|=rKBlz4t@+}c7N%us9sC7U+YeUnJ~-%3X}8O zwRqzFsG{}<;TXi^5#lOX!w=URUh;qFG*wq1Q|FlHyFWUy3tdrTc}h{sXZ>j|dfW%5 zn@>yMH`G<9_$EQbr_eDR7(ob&>bRT{aVT@)O@#614cGSXA=^b?%A5uk-^XKR(LO&6 z#U@c*Y)jp|vgqU=W|qgUNpCJIeq-UYWwC41%Zqm{d@_;6n~BHDiZ{>i>5Tj#{8v`I zV?m}<`@>9i!01bCpfs{ZY%zNz}m0 z8&XaC7WZuIBb&u;MM|77u}1u5`XB^u*;=?^rn zW_*#h(uJoiIx;4no;L4z_a0-}bUVUfBWgc#q;%fIMQysja2yZM9|Tmj&y;{s%YRdN z1z>8QE#)WM(1Ki`FL<_$cc>qw`+R*yP4Mp7iBsJ#cj%@xR-aA_XPd~@_TnS+iuJm4 z#I}DJvm;#HVP z*Mvdlm>ilc}F2j|3fLdkI!Uood zq)PM`9bcIU_W#HD<`yN#HKXAu8HzM!OGS;d`U`kJBJn7I=# zMN^f>Mq>kZEErce6P*NsE{8xn>Z;L6KgcX?+fZJ-ejynMq!6q0em=x5b6#{mGJA*l zQHZV)%Jo8ie&RQ!+S8howy-ZxKBFsly?ItZL^#9?eIw$|z9@-@>0Evm9^T3MOgyBE z&X&F=EiLjsW7QcojK50buMzX$L7&8lFnA##Wa!5_q+Fr1$m*Wfx1@|S+*_g%)rZJF z94>r;NFHMLa18%0r%cxJYcfkYRH8PZLjlhhVhZDXKzf<8xr}O4J8%*bzto`>I()|O zibNvY6?;F`rq`8vfj)jO(cxv$OEb&Z{Zh&a^|gJ}_}OL1c|l^dFn_1o{*yFI75J=P zW2FCx`we~;16yP?>XD7Wo(HSPZHA4zYURjwpou#T=I+JYl>GE!CM zJ5fsx4NY@<%*To1M>$aI%6^Es%SqD_FCVtscx}E$vz<&jn^AJR+lXcb3zyBEFy*!$+XY4OcZ~G>^{<^~73OTfLOB&%-!%3!SiHI}td!2JZ$?MH zu5Z_YniorpTNm^)2Z<+!v8f?8S2N`ix?L2V`g&$i$Yjfs_IIzYBYCmUi@{h$X7R~^ z2Udbo;LCxHV;^W1X z@$7ToE!24MK&Ve)FWv3l=O#W=#$)x@YnDGd&rvuKXb7A6{Vn*x!Gxgk&%o@-IDM8r zoWIz(Sg%|6jYJoB`ZrtKM*XLa8FDZ3)37So2Xde|9<%PT#J8C-jysj8!06xFctu~m z9P4}Iq-5Slj*V9|U+qN&)MbaAh`H`fN?I|q&k-+`r%ap7j2~3swlRqUukJF9x1A&1 zZ}(1RM)ae{h({ry#m`oYAHWdTV1EHoI}tD$dF~z4{o&qj4rbB_ZyMz1H%<9XhhfgY zJUL8WSMdE;)!s1WY<9?R$}{{&o{E>>RJEO<`uSDf{8?5I#LgMgnNrfqd7*T0u+>in z@?HTci_h(dlq<7SkrMAE&%^!~coI=Lq38dy$X4997aw!7gyS{(oeZ{MG?POvrXG`h zGyxF)>S~YzTn^uNBWG-0K1oabWyFLKv`Jx7FW3N>!EsCQz)l4zG=Azc%waLe$ZMhT zx0G+x+b#R)N9@sKelV8{OJBFSmp6)plcc7l-+k6Tmk0*3_xWSfXS2zwA-_DZ_*;4) zHsE{w+krlgjnvhVz>~vE8rpi+_T+CyxNr1w#Bb}IJ@NB-IyR?O{j>igV@|I>1AH2x z!h;P5dxZxEBX{PebD$aAfse%~IntQF1&LE=CzCx7K9~B7@au^j2cA4HwxCrV`ORgj zey|!O+5b*xr$#R=<0Ln`d>6hrdfK$+MaLkDL{{3@vEWdtr-3VlLyn%JHm z9coo+Y-9t&JCeX7RCX}YO^a-}Xw94f3`YQJ!h#fe@UdQ+dz$ANHgDBcZ)}{?Z)+woiCbw2p$FisI!N;{`8OF4nx?-`dYJnF#^u z`M>Yy<)fMB+0VYLz1G@muf6u#Yxng@y1e7SE&*y@n_aKkeEfx+#rVC2-!$O~ml=N- zWXLkSeME?+_dg^k0bAoqCS|cTG z4X>9hZ|umZQ|H!}UH>C_R~=>7`7BGGUX|TewQgH=qCXor&sME_)9KI8Pp>7|&-(I` z18+F28by-Z>sgRbAFae{CVf6!H$dT`vs*hJV8^55*HUJ753F0fd%r%)*Ka=Y?&2{V zZAFo4yRKr|`SDRVmb`w$(cwfr`%^khP#$l%F{kA9+3a)^8`nEMoQ=A&Z4XWCiXcuE z98W9WvHWqPLYyM`|75Q;W=Vc%N@W_OIR3c8@kiSH1Zj=`IW;unf~FnWjfX^c_HFc4 zrhTG2I~nEaT2RxDUS!#xmSy{{Svbn|A$(+|(>S|nM_#CTB_Eo0DOTLE{yE8~L=c#|H4<-JALsrgbK&ey6=NnGgGNB$LCz8~>-0_@u`YPQcU& z5lBPEJ1{$qLK->A%eusv$%nm}{|0N*_}`fS?g{2U9)kHV%LgQF{?q>TViz2CzV@5u ze6U%PAoh?2lM5&OUv{atTDl*VgJ8s(QKqt5Jy>h*Fsnsv4qGN9!&K8Qk*}IP6H~Mo zWdXBM!9NK_2dO1+6P7RLV(JCJHWwK%@{lttVkI3C(^j57^Zas{fP1#9gqKe!Q7nc| z%;F}+ZSKnNH(KO<KJ`jHuu0SkV*Kl}C@(%XbqNNv4loFL&9oyHA;^_*5w+;sz z97cgoMIu-|zDCvTN+?d)QJbow%X@QI6Bkik&dsPVO*`F;8d~(%X%Ci-SdW_nEfD8w zu9W*eEa0_YrCU3c13IxIOg3(*h%=%pN$K(n)Pj ziau2(;bD!(u^PiA{#$ocX1Q<;1ZimX&U{!sFqOa+49cLOa6u-8?V-&e3*77OEo|jI zk{D2MTP3~lV?Yt?shwo##HWSMQ^@bs$XAm$lgtu9_7gU(ta`dRI(P~u9|ldAZ& zT!wp43*3Zu3IA5leY>G=q-1l$Vab!=V&b1v8z+ThS^lBU)!w#4Qk(>dUDI;ctxgy8oojJEr^fYN7%Hg~};JT&m1@X&&vI3B`?b#GylvS}aPE_wfeDG6!y<$~C461GR416FW;fh(K}4WqD0935OXaoLrW6Mzx;SV&&M?WpAfc46 zg%&Ud<+FDQZLYetGV4iE6y2$r9}QgAZ=u9?bL_vCN(^-h@z@YD{6$Le>9gA?qor?5 zNTH4j*&0|a|F?sElYEOUyfh1LDx5Q(>3OObZ=puWoj<0wM+v}Abdw>;kx+P94ClZ{02cRS6YoP z0D-9%SQ&0w45YR6k45CO@ta3I_Ao4XC<-1%yC!b?2yqA7DyITD<@2kBk!p6$EGSfA z4b>WDEO6!8mb!APPvwgF)y|{9v#KF%nPv6shGMn6k8EZCXdk>&Q=R(ge%Gn_ey74c zbjn*pCMV_s(X=6WPXP2 z+!Z`L5Iij9fi4}s!hxoo0wk6SRG-Q%3CckvtC}vg zT2@e_->xqGCobthm%IspD#Fh6`!l+y{u~+fCrnM&pW5JIYVa^qjU)zC{=>ngoPw){ zUq*oS$F)JEHGQK$qt%}}S8hMQKdMjV>iIQ12sWkBpC-$?pwQ~>>d#ahT^&%+lt5g6 zd0rsElX|79I)2fB_~gsa@`h*sGu>*;=QF(kLC4_fJ)G!& ze0UvBIZmBJc5eG{WY)-6z1uGNOs=uMnkO$gE06YBU%vEkS}(VC0oQeVXFMn-!ZeBT z$SFPE;0Iir^?sYhV!%3ZswIA`-3h(t7YD)&lvsy{1rJ5R!)U|S&k z_-diu5iInmux6NIy%e}|k3H$isXmn}<~QIgs~UooS=NPxRyR7Z6K2U@k({FV5do<4 z!MA~W7Y{J}nMp@+rK^D!egleI78+P=Ss94>?V|Xb;3n0;@?ZM6m`WyVV5XHCaQt_j z&{Mh^sOQ&&o<@e!G%_sff_1^PA00kx*<7EK-K7CSF;x<#!fdu2~kFM=ZO_5x{S8^|C%V;Fs! zkjODTqvQzb8Nm%)Pq_& zgxYb%L)267 z`zNQ;je5`Ud&#fBZ}?#0ml17@t0hJn<9=-s-x7n(eFsB&a+PhszOE6j~-u-{red@I; zn3}Xe>^}RpnF<%ozQr`={e1CfzD~`UvB_kE22WyWZkwA9+w{t0($25xMnb*P5FDE= z>%v0IlbQ|{)_!+mFnxW>&O@R|9foE6^{I`Y2BiGc z@_oM9bx3NRnm#1M0=CU?`;^(Lf+3n3mB+#C-tYdy@y~p5SW4&xgVL4XZv9$++OEvw7O1;OyT|0j!kGNMF^|)WY$wU?uVDk=1fy9Igy2Zhm1z@X@X;z-$^)v(@Bipj6{V}9CHz7O;AhRC zH1OGKSvf_bUkL7Wp^k&TX@a}m+(CMn;0{j?0Jv!BS*L=YZu8rj`w0(wr9M;%xTVw- z5Ls#j)`l+AMEMrYZ%>}@1IbWOwl^b{a-=;}b)e=G!HHe{-P2>1HbKK7zW$?{U_H z%vo(q&-iTUZ}?2Ebm+`|!_axsJ)rZzq0DND+)rP(q$8BHk4t*PCFLvWvmxKCwEgvS zS>?KTn)QF0QXHb|(b8*2`&jSN+Gh3>Yj6D@z@wU`D8Y~8b zJ+ihdwMW)A`-L4l_$KY`{*%?KOiHkg-OUy!B75)mb(DC-QDW9>hW3Z<0>`%w-bKGi z(<|ye6LwRR1nN_T?7z0?Xoai4rl;6{4H6~^v;Q(lVE>hOM7nBG=4)$GEow|#v&DvE zEO&xkc=Zgg?TVh4IB_r>Ijy>|Mxp<+}7X@sjkx&D7&7 z!`@YP7T}wZyKU62$nAL*C;mUxm}hlzsbkmYHW_~Z_45F~ujcPbE?|ErzI5U@IvSTI z7}D{(9Q?W^-311iE$Gm1u)n_oe$O}j{`bRZ!;$D5)Kn!5O39FhiYZY5Dpu$ z%u7tWQe7-8O{V+0Ia`Y%X8g@+shgH#nvYrOZ$4pHY(LktWN6>VvGT(X)fa9wRNuZ3 z$9K}HEDe|H@3GjW&v-6sE)y_CN~sg$X7IoxW<=|Zswk9ZeN zawxWsDJ?QhwQ#k3qx@Yo$YI$q+6~K_Y1rwKh1RP~`MVn||JZuFI_YD1=PQQgW7uf) zLi>F)mN#)(cRH5SCOF5%caPi!!FS4GW-k$(j@UNq-@S!-hVU)~-vnoPz0P(BR;COd zc3Vq9sQ|%lg%>QNkr=Z5FuqRJx(qJfGk#YV@5;sNd*N;_U)4DL+Q)PT4rGL@Wsfof z{Jv`b_unKXF8=Ob+nRIsl{YfB=dOG^V|&g& zpJ9gF3?Ii}162o_n+Jn0?wblV_vL}e$)g8{=6+`L*c1gY9uT_epI|U?^}ldR%br0b z4u#-VTw+DPoltDvT=OXEJfw=v4YFxR-^QbK*XW!#v#3gejpw|jr%QGII|I z&9z%f;x)D5l1a4t88%ChD)jUy?C^ZHC(39l7lIIgI@r05p;dH-W62YIp+5rKW~!QEgo`HIU>Xx?Ia z-?U?3!^zR*AK|OS{hB10cblB0OD5%`8R{f}&M6eJ`c%l>^xlOYujv(iizAQIdPUzY zxU}Tu#!5R|Xe6JVBG>=+>;5YoKMn7l3Hiiw2Ayrw4ijmIRmDe8?>4UlNCERN>7aS{Q>|khtzH3bCDBq=01WY>Q)BM*qU}uiZNf_p}!4sF6|44O8m{-YXl^c|>($F5m;>=bQZV zLv&E{ma?3V4+mZvL#d9`*~} zxUVt>!#gzZ64e{;<=tXk$BV(r4-7qiZm-Z|#YpX5jbLq=-Put#`sKz0W3NZIAdhDD zioS%FtuBlbA8&J3s_Y8nGj}IzB8$!pXK^!C zbY_kAj}8UGJEsES)w6VOI^s05TpAYh)Kjn+mf}N4?-ED=Dwyz5ufczXI2}WNXYmE(3$EYOLF))Jjei*Dw`nJ#U;XFcspClg}T67BGQ~t&5 ztgNY6x}P9nPx~xlOobk=f~L6MHmhQ|fx80a&89oT#y9NRPWp!@pA;2DQ9*DwJ5+et0vzl)rS1m{F8xH{%LOs5Jk9;O zN?r~nZqoQ+SWgv*?FL#7VS`*~GOt)(cDyXL55c(bZ%f9{cCK!|5W7A=2H*aI{~hPA z)Knrj{}PDXF@y6)e(llHNTCSCtv{>fYb%gaTPObbVpiK4PVmS3*xZK+9(AbATz>nB z+$S!k+6HdS(>|zx#>79f82j%Ls=F^^u!zL04z6yVS;R4HFZ?B^M98b=s_^rZ6v zrl*^97e|;Iw*B_m@|%HlTx(vcXrs`~qc+n!*E;JRx6>p}e39F%yfZ7@n!@E^HhSJ> z(J4Y`L@tE>Isp{dgOFcRMxiR?$h*q>*(P;CF_%~d8}e;G&O)pG^-!~zAH+Ybl3$X8?l7wZiQCng3m`tr}!`YS2P8QVdOxD+h0^YXdd zU;}}{wna;;RY_yts#wK_ZOL;0%R7d`$!eauv#@u(L`&zgaLM>^=$1zXhZL?(oNdGO z1S*znn)Xwnxt0?WTs0BEe~RG$^BBRu&>wc=fq(sB4t~^)F;L%)L>KKwW77NeXEX;> z)OH`8{+;A*0N3IyI%H#Y;%qw8q#7Iha;?M0ZOOAW6UTOPp2OQ{_;@3EI!U0`;=DLW z5IHrGlJamU@tWb)rEginJF%?u3Fuc&@zav!>YKHqe8isltvG~axPI%e{t)jEcZv-nO6 z4Nz~LVAzG~zqeAUnO@pAn+~sdQRVh=6o4(WMMTPzl%m_zhLbK5HpJTGP~668IF7dl zL-UsrhUP)1JJI3>l#q0?HHrVkxIE(PrAe01R$+-HK_F3tZQ@p?NtB%j8)KV95&tKn zk}5BMj8wU%2dRQUK?;VeI@jRS5=#8pVBSTnTxCm-OtG?Mf{R~y{`Z_@X){nHS!OyA z0=Xiahm$LM@+JU^zbeU`^?kYG>PeR?MOL3LS0;4Hl{touHCQUIKM)6u61p>;40FsjU~gm|7U_VwXRR0Fy1dl@Y&IKX&1k z*(#(t!6{rRZu!3T+9|gFY+xPL62?vn8qUQZ-;Xd@=NmHH13sBC9zOZ>wC;!w1&xi# zOGEJcAG+Dy)nP|PvH8bnAaU9zH|@MUTu|zEqD|Y-zDFBy8FI&645jgXD&yN38b+p` zzRi81UB3#EZ|hNU&l! z>e3Nx&Zq04z@6#-`$0BJG=8mqPGWSO<57yY5-f7CI&rR`z^T@tIB}l6vWAYtb8qBX zlD2@>Pg3hhWrIC2;4DBe*s%Z1viPo9pn&=Wzki|#NOYoTLKh^~Mg}BG@lJ7&9ATYa zSXk^J8DXyul3_dtkUVs91|+Y=d`P^{mV@5aK1OzhW5t0fj93d9a45z5;|GS3MLtG~ z92^VNFw&BSk-|(k#-`x7!ojgSe4N?^hqaIahf=(w9ULe4a1=N=j!A=~C=HH#Ps+f@ zy7>V2**oz*fZ81tvV6|;;-T}l*p~1uBUY|jdxG$ z9ufKD15${z$}9`SKr z7aZ0?1{_N9svI1*|G+WURtHDiUL9lI#B+d;Cr`-0$JTcPeDrc~><%C6hk_5*FQx-q z8-iqLz)MOo{rO4Huu|wl<2h&!PJ`yaG-!^^gr7?hz{$g2usOEo5LtDc%VV zj(flFu(H{~@pF51ShDAF3v#6D_a5v zS^MN3@v&%73Ln-&1{_N9Zhpt`G0BHxse>bu21hszj<3F(0mpeS2lyE4;Mg5L26w?> zEo8u<6t92S+>40UQ@+!m;+v03Q!Nu}6H&%1`0LTF8JyDc+AA9MgO_?s9NknFhzyG&ufo zYz96eF9rBG!ojgSe0&y4!C@_Az@ZfHt+xyx9cMaxv^Y54wpWLb%{&MAn4Ag6Gn~G1 z)9#|Bd&I{TU2s?n8E`1YJI}!p_2HQB;Fz5T$ILW1o;xN3AC)f#_!#Wq*d0E$?3coa zwU7aaQoQwV8a{SbJA5=bI6k*mhmWm12l%MSgyZQq0(`_D-y=TG?}Ecx$bdsB-gpPc z9oDc}Lr=Ul4TyLe5Kn(60~zJ(17z&ufY==}ULGK1Sfp`mvP}E?xoMx)ytSJR4MY6q z>rsL7)0*#})_hrJ^Uu5<;NYgm_K1UXx|*-gY`)%$xaR*H5fvt5H;$k92YYrTc$nva z1j~-j=zU~e(EB{s{O)?cp?|9PQ!|^N>ix~UNrs-}H(y8d$EP)aTw3#EGMiubTG0F0 zpZD1NbGw?a%WS^RJJU7)$^_SYY_BK2XwRuc7(LY0cN9HD8h0{A--@b@Cwo=pK82epmA~na$UDHLm&X<6ZB= zH2+U~cD?_E=b-n`6lL`O=w&pYr_s~jHNU&w|D&&ZPrN&fLuy{;5%< z`(?D>nAZN!(%P@gZ2u>mFm~Gif?V&CCAelV@_74gGsQAM8bV1s>psgRlqAE6*8Y2Yco zCV7u33@45$td3t=K)jPiE+=ShIFStyR>jAN03`#CJ}E&rSPhspB?>n4AE42I@D2rt_HvHADi$y=C< z#RxDLjt_FtJQcWehB~LfrJMA2A#pvQO$%H)5^uCr;L=soPl-<G*QCc9BhUT6Dg9xq3QsWfx*Hix%XY_AD(7)ru zgmDgFbp0p3>eL{9>GO*HXYos4kEG(4E>DYJN@P~WVh~wDiLqmE)H5 zCaJvo*HIBpEY*ujS0J!neTDMhC5Mzi{fm}9o+{O3DU@QCSgIFd8~mOEL>n9X6%v>| zxkT>v71v~WkKQgf;|vkt>RMQxScKa?szQ%!jU>)Ev})P5)2o(wr&dK<4;`QA zzfXAC_FTM&>bUM^_Hm&bpQRN@!W?*b)QAY$=ic+uu|EUIz z)DZ{GIWWOFcyAmpXng;I0uk&Sc*1rb_f6|@O_9YbU!C)O3Yc}*5n-yf2tW%MA8aXI zz1iJ;P{8n2%-uF2;bMjj^MJJLO(B=Yu7}4Vym?=r`g2veDCK>AvR&PCjh^&euTYY$Gx)KBzqQ zSv3L3=RH6*6B9!gahh;_(k55TAs;HX%&&WmTQaQ(inAsSHJLAwz`fHuK9Z zs2h}DN26X0Hu!!qjSaqmhlwx!UGvz)aJ2NetbikJ$e!bd>?>ZM^~Upf3|UpayNq_B z)dGkUq&N~dNIBWe(agXV#&sqV6PV9d;f6XUHfqqARTYDBvd)ZE3&!md{s*<*j{!01ztBacdx}&ki1Ji0(+IU zC3)pu=S`NAwLHd!^#4qrwD+a@kyQvg0E~joSw-2`6RGx^ysXfFF2g?p7jJ2R{y3ep zQp0zJYo#)V^N}Mu4oE0pr&PtqgWa{E=+--$Mi{gw$)Rfu zIGO1j@FJ<858!$}{Mc6hZL7DEhwHx>bxXhE zK1cQzN*_f$y*7mVNW)e>gfE$#E2&Te*=sT=b8?# zcG!-uL+{W{jSN4-mFXXrzsU0UCx8DJ%9~1Z8?K1N`{7em9eSi~LZW|vO~;&%pJ0MB zyex^-t1}7b@2mbp=B-Um*QDK9@ z($Sk6HEhJJ1$(qXclmg}2}|fFw-cjJ1qx4vJERm)sOhIj#ht^u(`VSuJ<+G*Inf8w zgdS@s9FrP=tiUQ1ma@s9NE^+;C6N|61dsnrF%XFf;5Ah&xyHqE`az$5Ia$!BpD)?s zN9gL}kCGqb6bnvuQDj|t)6U$6tEv;{W`o}i;J2TT-}Axm6}1k(e+$iUh)3IyJPLmp?l1eXG@6HEgaXPJm z=1JiQ(`NMNd=ic$7CDu8l_>|o1AhXV7ar6d&41VqnzcXJ^Eil_-^T*u{#{TVk=I&X zH+%=AHRIwDCKwy+%oOM6RhEERZ7T=!m)`q8or&@OYn`yryzL7MF`~qTNr}6a4gv9> z+>j|MzPthqU43A84BfhIPmK7ZXZI{9)KDfv1_7E2dMf}Rb@VMA9z2U~*k`|HP zd79xETyW)-SBS2~oo_nwHZfMX(NLG1$O5A(UR{6^8;Nb{gryb~Hql?X2uR6_PkA=a zD@G)95UlxpF0YX{GrR){ zs*E6M0Td>I8aX$*S%MQf5By3;vzn=!+L_Qp&G#EbM5WXP_ERS&3j6-=;WN;Z-^&1F zSA^g({_HT++Gn|r{EN^$d3KldVRh~UGPOEUcp&$r?IliJo6pjpuC8~od@kdDdb&3v zz1IKBo^@Q7-b9P$+U8G*#bOO5dC<@_@c%Cx>Y75TvzY;$)?FR@TNU$1HCKsTG%h~k z=E~5oJFX5@#+ara>|lma!pEWLQ^1iti$6=jD;$)mUF?0LP3jxH$B{)?;8?;Wc(UT2 z#L_v>hDY@9lq+0AX+~4z}N(Z(S zRkt|#$DZ8leEY#y40h}XGi5)(v0i^T2E16fWxcVK-_T<%F@Bmj!PDFeVSs{#t#g5` z!gOf5EiG?X*&vLAb05}vEuR#Xm ze|#f`k;H%@9hggq5yoMr+`MHc5x?XN48^e(&Alap7OQnUq{p^Mnmk~zOski2DRmPi zX=b$au+JoIv0qG@Ds#-Nsm{JKe3j@kX)5*B++CT~aSl~Dhu(1P4yk6*()T`9Ne<6D zRD@%HY9d{BgeUb7qx*u%=NWZxe!xz@`*xn*}2=vlHU#?)p5KFxnG)9 za1FLLVqSQKA0fj~LrxZ+F4Ic6PU|5%dfPBS1%>fQtQYsw`Y)1zLNA5`)=pO=easv) zo2!=}Bff-==-NG&a6_H9l4In%qFtXPmt8fK^y`?cOWA_J;HzXR=(x0p($?Ntqh+q9 zBx3o}md^F6q9&5)k4LzjCG_3GU7iMaa~(Lrs=!H^9l}9vSf}V56jiK$Zym=dml$o9 z)CC1KSq;QD3{`B@FUt7Cmt zS&bHp!kf9pbM|Bd=6me(M2*m-c8Dz}EwuZ!j40=0Ta_3AV#XI}I&2Z@v6gUOPIF-s zFCBmeK~?wEAdNN2k8k1d{3QdW4Ct$0lSx%+b1(p^zj$OS7K+yJviICFb1l{u@4wsK zD6jK!I%A2XH1Kgp@935{0BB+B3Y$1G{yz7d>{m;j{VH4Qp*bHoN%@cy z3JL!gX}iI&;KC)a*${f{c3&4;R_83&$Yc#$ zRkHQEVUf6*zasG#ab|T%+tsfnuV%@BV5yE0QvPD<=VingC8SlZNYf1eyO3@*r-wU!-(Xv(Mdx={aQqd zxvCS_<)b@RMV~1PJvO^=LPxRv*r`6{S!ys{tTn7#uX77mY@NX^)0b+*Zns#uK#+1* zMQ?^jA$B{`ZX}L}K@wOs(eDiTH6<(d%lmLd~8`kiPpDFw7OHR;lzk+@lKN! zOo0a@IO3#nO&avZCsw38pX>&32e845puFET=ToEux$QX@4<8T-&j9mt=KvYVn;eP% zw_zyySK%P50o>kONwW3B+oLYU008j!1l-!_qB_d1K!pqSI&Z5!5=8(DIo8*2NeJ zLEU6f4?_pNcPQ_|w$DaORm(-~tV#>Yxy@kT^%9`=_*Lyj68XOUskKemAb(wma(m?T&+| zhGC{;W*HHQt?@=ay&Emwd;BgptHO^NJ0i%(7zr8HtsS`NbFy zaU}$5f5d(nB5is{d~M)2K&oi2c13J` zb?mK3{Gwsbem$umbj$6mAF5-2*LJ|f_>>_Kni;y0L`m{GUAR-PjgF%cAwJiJnh)ls zI(`u*cSVzFR&c0D+;(9D7FYeDc@vp7tK+9vmz-7@x?X`rz#t9?$2)8~ zfE?Ww#BzhaR>l5N!2~VLRx0=ex#E6Jt}}+m`$t=JTr9R~*ZW z#5Q>ed{Gb$$va4`jvs+>_O!zCrp`X0n_d%sB)53wo~{cGd$YLh=q(|!nw_U+Mb*L5 zeU^{n1{AkI^gkdnM&gUb+f~tjvE$K^qX~-3gk~4!T^H(_B@Hs;)Xt^Cj<9ha&H}yKo%!44jg$8grW0v(b!*!D9JlZ$}pI!)Kgzbz(Dw z^H+sTZ;Po;5>>deSy`jICv;1(WR?!Ft^EZV^F9}=#V;y|#AglD6m3H|KBy7>BI=YiqK1R3G(0RVVj6U0hgOIkGd^fE1?x zhWxpw+8n;QBDTVt(1PMEW600V&TbTy!BAJvZN1Y+tnSFWZIYgMze5tob2H18=AX_Jmsj(<)NRi?qI%IpFCT# zeD&A@zyqVc6qvJeDX%Lkn>!nRS`H?2j8>Tbs^eD-|L(ktBxhDeY@W& z0P^4IsEq{z~V$mwAOS8wTg1Rwe5|8Ga|-``3b z!S8XSPuB=uOVb*`>qr$L*61>M>_79({*yaV_Mg9g;>=CZ&l}E&*MwQs$@yoH#)t|f z4uGDK_>YNCP(Am$+fa|wWZ)0BfWc3C^?<>C))RSk zWX_sz|7q_rm_8^S0DB_^Z+jCQwlwyc7`yVlZ5;yx48HHh@OY8t#n5#9Wkg1_R!-U( zZJ())7u~`ryE^ughHN2fk1@}i-dseuGXr9`Tl%>FB6Hn?yf|CmeLS^j1(BzfZ@yN( z3<5i-hS98o55-#fj`oJ#1};$ix=+uNR7DtZ$%mL5ovgb;-X%^PWa} zkBtp^3gN-+ZgO4}Ni?@;Rw`(^GtUFWwu+0&e@@st`I7Z=v0 z{44m*)b=lfhTFz?<)Yi`cpVp?{f@?8$+plfzhpM<7>qGilGNxmXXRq@tQa33LKs%e zP2*#yeQhMrIw6njwipf8EamZvmtdX+j+XLfc#R1~b7MG|fWoo<%QdgfOkT^Us(7!l z@hNKGdlf?<{-Z2p09$Hz6AfEalC2N$qM2t2zgBz~9Fs{LB=end6r*Z0@5y!z7He={ z8ng<%iMDQF72O4RM1Ti3_qlfVwh4Abagaz}Mx~%Nclx3H-KTLsYbtpbsiH4weW!<# zx;d0b6dSt_kYQKPl+kcVwDiZXiJ|hUVuO=O^&|F%H+2aPyINDU;4y_ZP(xm<$P?p} zpWUWN1hMeUSc+lx1(u_7(}?H>Y8($ieN6qnyztbY67zVxIYLSK_=_PJlH4^gBl zwxhhcSF|){b>K5J2vaVBA#Q%;^G@!tRNU0cDom19zW>U+n^Z~3s)q04e}XFt=Bo;q zaEPYOnXELi6n-Z6%9~i72uf5^K1558v?lgfQf*4C#< zNhUy@esI19b|UwsIX1slhMC{I$3N-x#**#})LKhXJwU`&f~S@HEA_vPfU? z|FGPBNhr4LCxjC-i^=~7@^>6ba)Ha&lFB#C^7SL%F!II7hlA)_n~LE^IfxFs2M5tR zruN_e(f6Ob4}rW}|2d+>1B8}>p8Y;$SB+{O(q?$mQrRL| zVtkO1DcB;)%&bXj8~H3AG=(*Z$%RyoI(F)scZni;_C1{Qy}Q-3#DGsX(qDgv=g372 z*X(0$hevj%7G;l5f_WF1`He74Hw-lX3*EF*%ih?88gtVeFhg#dYrSu6*QgDyE%g@! zv2z%<=hQ|^_um){+pw7m!v3)R`1jyauB>hg;0GY1+EZK9Lt&adEtAs1GSB(M|FfnD0^E<=?h%Frl06ZgaYJ$7p;t#B4%o|zL~Yzw-}F-DFnJOS{eJt zNN5hDcSyxXJUN$DDY&a|E`CAz!SzSRDSb2~Vqk;*sI({w& ztc&>n3UrI%rV9NKO-&2I8r$@cB+emD9L~#c@58h_0x{k0jeU;*sX(@C13}HU38HDc zCbmi~mNkFTaAsBXnwqReRY%x42lTK2=-olQy9)8z`GQJA&3`k_aJ3Z$wXuuXxxPhP zS1;Pfa0G&`@wv z;@TQfTBZEmIdrT*^YVA+TKU+)t+Y=SHt{4OcNf3vd8>XCC$74hJ-TK8lnn9n_*IG& zmX|V3%4;((0!@j#?AK|1x0BV3Y8G(bEg19k;+oT>O?^##kz)CPeggsHmmt1BMRp^F zy7Q!-a&U7Sas*zncvOxj zLzj|VQ8<%u8?i&->iMn++xp&r`l;-J1FX^F~100 z4}psyFl!{L6m`SNvCLFsm z#v@1I-LpP4?<-&^FUf8gl-$UZxy-!IgY;Vq3vP}(@-4rp6;DmC@ zEPIsi%vlcvzBA)^Vxnl(WSls7;P=o8UwZfx)WOZNgCE6Ld&I(o{ew4efBm_QKc?~( ziPwsyiL(hg8=-=g8e1mYeA4-9#g28-`S9R?|K@0X`9YV12}XrjoQK78hyxW8=A`#c zO(wrc)01RB-{98ghqIzZKeA!ST5&PB(fZte(LpxoongP(eq9txi4L1|165=0dYhQE zeliIZs(h*ZDGHb*Yvs2(RQXOMaqMrNyWWP%QkV2GY|=RJ%*1K?M@q~D9=cWcm!Mi= z2AsP|tPcbxHRwE>NBGMc1~gu6xS?BV<_-Xo&b5uYy8wRF6gtT~PwBL`pKEVsQRr6l z3!#Wcuvb-r8JV%>OFA@-3n0sUeT$a9`hs*A^M%>0dSXk27x}_0)q{9b>0ZvSQDmC* zh%VElCiO3zSfXms_6n!#f)x1Yw|b|PgX)Wh>K2Lbt)xa`O-uB{tGdGLQhuVPwFbhz zH2nbY3QM|F58iFR64zNG4MZDp=82%^JnF(k$Ck8N>4UmD;MAoht*S*G(1Y?T-5cv_ zv$Vv3KT{ikmDRfyr`t*zxt{x}-Pw#|3PlrCt;sSZaZCuW-qn%V^VPBT>exm(L8>d> zEt@3&eV&@LQefi(A9zWfMkQBbUZ*B1;UJUv`&7F#Dzix1e6W}*m^7@WYE(a+WGQ*} zx|s?D#@ z=rdhtvfsZbw+2@I_{0cqWWBk?k`W1Gqx2&9&ZoL zYgLZKsHY=|oKJN~qP%Ha@5aK4c;wT(@-LR{w$pM>V!N=|Y;c4i`HIqUy} z$(e)0z2P8!B_dbx>LZE%%J3{z<#8+kvrT!tUgc-JlRSe8$`fa8v-KC@HD~mBf(1`j zM{hiIo3{69Jg5q>mEAa4mRlBwoP7G-RpqFE-n3l_l&0Ucgzm1%! zihIS@soo#RP0rOlp%V8kYyZ;nFPCR$HJ(x)KXA^@e|56Mj}@_k@sp@<<7fETuVI%+ zVSc?zUz(3dQMlyA83SX>w1d(rUo3}7tsZi{#vx2_OZ4YE_rVX? zXpZ1Fwzb6@Zol3TOWx-7=ht{F&%5th$2ob)FPXo0S=qaU)cJHw*E(UF&>s*`(2RJ+ zKIAQGMC9O1b*OZQ0vsNgBhLobwrL~dIX4PU|5z@#DQGImZrslh zzpA2e95aU-(fR-jIsf)BUPLofDNQ`F{)D2_@5L#5#$`^x2QwoaC zo%KPEhy5Iq$ChIW5A@}XYj21$-3F03UUa`D3Qg& ztyR+3Drs_+%!wpw*0&+zZ$`_4rgA3r9 zIPn*kFr^GM-1|#CpGv#O1fmh?#F&Vfo!T{38JoOlTV*V==&NuPMD^0&x?X{S9j_J5 zAfl~cT*@!;A2v=qH8^l|>rVmW=J&)TzMTp%T=v}(1iel?5+IA7-Sw4;nE7xG`o%A$ zm6mJ`Ex6Ng2t17D>#M`@iIC)g7M*{ZcNo+g7awwScbYK28M?p9wezdd%90mn4^~U! zbuFLKzmBnLtum|Y8S={WzKWCELHUPBQ_oxdp10d?7j-y9bF)!rqE6&F>I9_Oc@a37 z{;tD`72I3WP?NOYHen|=<*sdp8d0R?o9U84mTgx8!e{UNZ^6vh zF#Ks7P56t%e*}S!t}0m>nm2{C%J}TL?Bl-?y5*+24k|L_y3+g=l=-gy!`h6pY*AfLO96>L8D4CcJGJHp6PP| z*pg(cV~^?dRZ8_H*I@`zhUzAL6loTW`>~#c1so zwh`VJ+q*3R9xZIL7q>&~v;k%{&2`~;ug-Q`J7}?H*_bKr;)|Aw^DV~$R~PTr2IDFV zuvsWc^+ee7yTC4H@mtlo{v|IN1FSHD4 z^FH9$d(U3pH2v#U_w2psXIQHYtK5s$H&5#QG5_O#+wTVNw@SRvPrO?%3;Ba4GvHD) z+1zprCY!_V{iKul+$|hdO5xErLV&l$h9?$q0TH^8-woMlqb!Wk4wjbmJ+v%)#tf4_(NvPvI2O(71~%!+pO$5U zO*&KwRwMmJt}*-!zn$$xw~cpbkV6@=2x`GLUaPmGMZi#ZRPm1%{FF_)o4b^4>94gZ z{grd2(qD_jORMN^hATZ#OFcU|KmMz_#i5c0nZ$}YNiO$7UcCF{mO`yX;rQ_u zw+CrcfFn8nx2uY(5Lq_AaDFBs`(!x&JuS#bhw{(J3k~E15)Z@lP-B|uX0q7B*5E+{ z#!^gihCmqOo-*Y$l&|6gog<`PYV_iU=4gy07O){I7l$hBo6FwZ2P0-lv~=K3L@DrC`m1c2KLdT+71mIm!DJ&crENel@O80z3BQ;sNT*T z=RL-S4Zac37CB^*y36^pYits7ht{}RFCpd2i-CXOBntlIbkRvbEW z`mrX?p0SSLH91w;8-OgYDtjZkVn2HJa%kR%l*ZL{pYe%NgG2fIsPl{IMOEVJ{BZW` ze##P;QqYys>QaikQrbxgJ@%-TwvC)-5_Cso!}Z}fJ*dfxPwAJ##VnzDR|w)|TlR@0 zhMZ6y%I_648cE4U(U;cw@g0+n85xAKLVIiF?$k(DQh7Yhv%?ANz7G`AlHL(Ew#6Z&=YK zQZk;9Y~5Gx;gX%xkBtvmYU|f<$!F6C#rrRTYk%3=wGszjdN251mH1LW}qb8XK~tdjr_7W_8tH-$VVG>-$0{AA4HgOFlYD5|-6H!gIEJ zXs@BfY#V}{Cu?DFpK+mWDq%B%pMj84;l`( ztE6?Z^67<2{Jlbcr8Wq(#rE5^$aW=zRoi$I=@L5+p~Ast-pUQTg4H7R?m<2P1n!FV zx7PknwZAicP&lsP!(sbs+R}kbrpgdeuRk-jkRJ^|fSUKhk zzdH_L51T1!4_j47V(8F9CBf)G=iBVFz~QCce;KWp4SE4BoAnFM3Y6$sVqk#q z1DE*D9^u5J28hJ-=oT4nmXcflq#roKPaoDIjjP2HowC%zSl_Rl12ELUrkxYo0Ty(>ZVSY)*XFvrTESPj)1*iaRe+= z_li13$j;SGanT3ODrNLQn>Z!z{O|NDt$$5|hJV(l2Y66N7xOEKl-$Ljn5=!h(3091E;6IDVnqE^Kzp}7EzWc+f z6)@z3A@=!J{7*}kH5^Pits1Rbn9Q1CiJ|H{3e4Ce-m_lJS*gygNGs7Y?P_Z>;p)7@ zwKz%MRb>XBwLHadd5X&wr`<+^%4Ig%aYb6aGPkJ$865;sN58a>Ez`;{xgm_L>8}RU zoml@ngbR9!zFsL|Ec#olkmvY5HkNaDd8h632MBDJk~9u|>VPWkiQjbTej=Oi{gCox zUTBx&$T`deH0YlRG+OEw3%bO?+v_W{#&#AmPM#`kB8eksjEdvO#w$+AY3Y2K0mDJz zj#BZr`Vo%f=!i+B+3*|eERj1qPlh~IDk)@*Km^s;`Laft$e~IE243C!vt8h_*%;o; z)kCUG<>}LqY(g~cpNIVo>*Z5?BdzejN{-(QsBC__;UJ8jvj-p?^fCbR)$znHsW?8b zGWM4894zqeq8-X(zp1DE*i|{%*{gDn&&CVX{}_+#pQ9!vFlDEh_dUUo7*ZwDjRp?F z*u5B^y+0wd*a13#kJt>{ zh8J^v-|*4V(mz?YKAaaCUZi~6v|n^B)jfFZ392CnG$i(^gb@ z)F+}_*Ta&9-ACQoDRjhVgO2!!b>X?4Gl)7d^!7)t=jipTl_THQ$z&LZI>e<#Vw*(nG(NNQ z%Z1j76Z=d=5x8+36O0(l^5Kv1Dxs}}Ru$06EPZgEyYPO2YFYLk0WaHi(Ek}}T|Vix z`WDs9)Yl78p>UZd0Q8ARjdZLxUpB6BRaU&5A5NV1a3D_yiS zv_z!D>+dOl1$)}d3RLER@p_3^>yo-Mk`e|$BKP5Q-0baj5tYdD}7 zJ>US?;32TWoPoSQps0f#!R^X4jJ|r&IpUcY7$>^@T%9I=2Y^yYoo)B{u8 z^?k<_Oa8WZOmU|*(Tyq8y7$u?0;c%6#KNIvj_GIfvMQ%Hr%}cfRcCMGi0LUzK4Nwp zLSGHdJq!Jo$W^E0RLR*bepp4x#_1CS`G9;LN%?W{WA3dixx9G#3HXLq$IA;Ou;OPi zUwff>xnvjYy=_HSq)D)J|F+I z&g{kun2wImW2?J0JFDUB_+ZuuHBZuKF5+_6aQ=cSy@5hMjhZfs1*#tXwI-GytI5G# z^`%pHFkt=T2+CpQv5(AVY)QoRAOWqHH_s$DO`gex1abfd*Lh$=CA&`mPGiTf+;3z6?7N0kO}|W9@P(671P%>6H(P z8wcP;Hu(1%QzM?0zt4buc=5`whglN22g#iM_pd)PdFim{yt546nQqLe@spn#Kj;@(BO5ufn z_rUdzI|A++9R|aHde(8*VycvVb1Gzv1l%>f#BtYDNnGVH?h=0|Pi1eit5uDIc^`sO z*W6^9JEePbYsS%B1@FX^R)am!=QaD#MW4;|i!1UT zd3U;vLBdiE_|AV_kGFvWf{aWJMb0mg8q6raI|KX_u94UXMk0a=?=9OOYNATHNzT-) zy}{}qI#Kl>#bM_YOZAk=SFzqZbyc z9lc1^SQ{-}0f7DmY}ROO$Xbmo2ZHwtxw0g3uhKUC(L4X0p?ZbYn?6)G)38^G*NG$U z{_uu@JA;SrOyG~tcfVnL7E^SO^v|&jdrkkpslA@)|B!v?qJO)P7%zR{?KJxTCZPXu z>GUTxMgI!Xe|0+jnFhGvc|l>5>SL?Lh~H+F54~EI8}aM(ltFyt^ZE03L;jsAzIU2t zv~(r#`C5ZDo6;Ke<~=@>HoB{lKdN?G!?n+-C*Q0}UT95p(;9?8Z}beRmnzwDgz-d2 zuKnz?rjF%A?ZD2~>sTR1PAO)FJw@ktPhrcpjVR~7Yu9S;rde1rZsZTKPQ7dSRcOAe z?bnmZ_cE7c^Y{5Ydq2>hv-qO|Rqm@-ZogLGBtPjme!ZjkBh9@9*n_2Bq=acuZsHRX zqso*x8cwN-P2Q>%*;d`pyfs>S!TmzAmR?)Ab$85kA@%)mVtlrSy04)3N8OZluyEzx zVYQ#t*$u0jHoUhQ1FZI`_$JKlw<_lVhrQ%H?CjndjCXm#VHG-+M{H|gZKQ+%OP$5k zE+(zDX(U#0&o=)5$~*pqZgYqXzO|5tee{ynhNIcT=%sz^r_eJhSSAIV>i3j09EPg9 zcCe?SW0BC&)YXV@_e2SL{a}V6)v-1QI_%Jr%mG5JCi@^^cni?iNx!vIFrN`BJt#a#It`T68Ei&_21gD zuj4O~fjdsv&r2iox6sBQGvoKv<$Fiy!>#6Sgf_Kj`!oTq;qz}1`af~}m;7LC`=qYX zFo(bo&`A-vP6Vz`5%{c;-BeH!xK0GF*@eL2Gy*?yIs_i2ZW@8ZnFOX0|Ck>HetvC0 z;D$2iU+yhhCi+S>g|15lnLl|Y&xgLE>fMMBQS~&zH) zF=Kj_6ma}?Do=FAJAq%F8~cv^ws}Wb4$eRD`;Ftvuli_J{XXN~dq;ym)(-w(^?c+D`y|2)m#xU`l06{f!oxgEFY7n{D^{;ul~CnX9`D*z=!S_Qk5a(A-OS>nL>VTlamErR+_YcFm(D zn^ZP$;2Ut)F>jl@F!xnKu_E?1f~asAE(Xx3JEr7vP^I1V>$b4Npv7R1t_E28Mg#Lc zGtNoDpFRDohz$0+`~+vLJ8b4#qrLb@;;iE8?B$iAfv50T#5M%y<sIg4dSU`h2Mtu-r*U8Qu#;1H6aKI~A4Z+&ZOCOz+uXZrr>)X;`) ztIelbd(fn74-W(nk}$TnqvgNyrJN-+-KU%-7F#xQ)^IqF8$Ohi;}qG^(rc~h)8zbM z#hsUg8ggC|XBAXux9h8#EDsH&PPf^`b6I|Jnh7-dAFR^gP#PM zlc!NkI2&cf8RF}_8?Tm#F?lhg>+wn+eQ|$b*W(W?L%Vk-zixBK+cJUT8raDaCW`be zos8$MTf%zYAvgb@Ms~4_*y*kM+w zttz$Edj?4xj{hX9g9v=)NWzZ7CscEds%fZkn1Qp^Ley@$0eWwEsvkdtpE6+A%PPAW zD!XUk`R>kdJS9;SUD+gPh{4C7viVOH-UCTA`a~L8lEon{Uf<6-upq0#BbLl&sQ36! z8I-_WAcTg!@Kx@0sst*Q)(EaS_Thzk_o3FCO8_yGuR7@UA1cfI7X~pLaP%HfNFpR{ z5l8-d+1ffBiaaYNs4jjU2+%EOr=-@`ud|(nd{Q0tRvs(OBL07aA;JD5yO2WJOi0w^ z9~N-Wkwky)*ctHxk`I5H?Y(F0uQMGDBTTX#RY9=%%6;2fI{NdT+c22F`!o)YpN}g3 z`izxHIa-!41>v0)7-J7r_iDYZm?;EC8AMxIda~IEy;nbQ%Sj=R>!aAG9DTQ#fHJ|E zBD#bBCm)$#Y>T~SSjX|^M&)vNUtR%cu+NDWWLWU_xl#!nt&zpd+n~?x8ij&ztOhDf z7TR^_U5BP)HD#=S?=p#@6v$FjtPs;PSz++%Ew%D;lOk5!q4O<}cIdH%M*sQl@D=%B zaEoN8GG#nlhjak2VJySY`)sXUhOVUas!GG5=QMOPYjrV2L?je~#3= zfq9k_=US>D>T*E&y71lMFTd^}*1$SgAvUfk94F2~{DQF0f9o5*uk>}^Sr$pfHD5>k zl&R6u#GS&L;-}Oq5W_^41h%1cseypOVqBP-YP>IgDrl6h$YPx^}= zpYgX&f6)w~&FdxlP58g@8V1dd+)#9yG9eRM?Q4IOm!VIb&kdHG#q#REWq~r1E0E}Z zpp5H&Ln!nONz;0pdq+!8`-Ko{n>bcOY%tsrdqdN>-o0am*!b1>6%JBPcR$#)ypDat ziCKBxL__-&iIba~$d3LSE{QMZ>AIgW=9Zk`)|PF5c1w;{K7`|cY_cEo4}4tnR5))D^KfpqG{Dt&WEpJ=F71$91bd&=Sc54QK|bATBhBDQONa8>BBTQT=`hLK}Rx z{uu82%oS)HGmkUiVI`?hMfy(s*z3*{{R+bI(>NeF8_DaKQzp+u?ud~r4p075j|^EH zj?IAkXAI;1KkJYLOyafz_78~x~VPpOAojf^h zKzGvs-26U5+?NqQNQ3c_+l56uN(Y`Qo#PE+`#dafmjuyTVy}$+!utOzDRB9dVjB)G zlKDv?Dq8w8m2T1HlTrIdV#l>yIiMG6x=8TkwfUIQv-yW{PfnA`&c!p*^+z`jk6n0(_bBa@02`CQwQWKBK?K@#VEb!kh}&R)~^BU7mPxAZ0X5r2H+plXV)45I`x zGdJxR7@BtjADeazY8-BdK%H8}RSFCVWD=GBh)SDw3=Yi|3GC3JE)WRK>o4lZdwDge zD>h3pH6fbLMMPB%(~WbX8(&k2&NbmLH*)Lc>CrcFXvJoagN-7RS_7{pe{ao)8V^oY zJ-t@dZU;k}wj8)X+W4JRj+W^>_wrnf3k|(^RX7}agwUixey5(fvYLmNdB3~Vx5&Bm zKX0N;f$#v-IUBwC)?kFUk~TEMHc^V<$*~F3Qg|2OoF&5%J!r;|I&zKIAF1w|8DkY| z;8OdraC`{c6YbtHe%;gukdj1+5gf4Vs(3UWYgDXQdqLf1v~3S1q97u~yamr_iLetp9Y{r?I*vO3t|!M-==>rS-B8~Xee4kG4D;;&hFlF#W> z;*3=`^YzNMPgX}Czjl0(lUf6$!`5Q#ljr^Odp=huCuE-0b^QBB z>Vbdj#lKU^eqp1Tz^{RggG7(mR7gQwfig-eX zDydTj=+0?IV>dF@cCLFOU!Rerb&{!EzmYpOYxMua+`E8BRb64j2_!Hecmi?>AT_B` ziJ}GtO@Pz{gUrATM5TgaHQq2*)JPJD0y1F|U^)zrEw!lBQfpgUsil@8inReL1W@Fn z2vX&u;vNT)OXX_G_r7cIGc!phi2ncoJwFdm=FFLWU2E;N*KMzzRQMX_hs-+&Mgfw7 zy)S+_7x}kv6kq-KRgodUQQP+iN4@B$IQzlo!Kq-EQC;o%$*PqcEqaye`7LE{jn*ft zVS~ZaQYRWtFoWUc(&N-`u1%6#%CsPg!QrM&_|w*@tG*-?w{adKO^k&>g})M zdx@Lj)%o#!DVzmFbB17h87(Sz@_TU(u1iJV&H~VPv!WV4FKYN;Gn{~x1N`R*S}9*4 zy#`XO%dSa8gMq=8gn|_&z7r1YI*dg?lLL~-eaoa*N4Vy+PoStd^M*SrBb-UPa1s$- zPpJ#9J^&36`5Va2_!}q$WWt4p<&2KdL1d}zOO!SQfmE9v1&3~(@i z&TkSGK6K7A`m$xXF+j`F@;O7uYD*nWX2s!#4}yswlGiXUhAUNc1DOUCX4u1XXvG`*T>fb<9m<0DqY&Y747$7`x$IM zL%4S!$G~UvrEa3WTkdyZUz_-l{ErLno^8t74_<4%wZ6-OVm@HdZ94@1Yzo- zM&r=fdMt)5d)Bc}O`qI)n!q490$n2h1oNMCIWBBFuc7*c7saMtL{h_S#PqO9jaxue z;S1c)6xt%Guc1HIrA-v|kCgXE7W1Cf4O07Z&{Y>__Qy269Q)Y0@-*gqM5BF!vYt7{ zoN8VCYa^-ul2-1)tuVVY5H{AXJ`vop{-@-{Lq6OW)nc==?Jw-Q$^7j68D(iC(P8Cd znvtkMGRJx>I@XUd)~keU;c#bs%X3d_Qq`s7NL5~te{WaU-r1N|*XA}FGtZaBk2(JN z`_nHt|G2SD==aen%tlXiEOwwec|0lnlF9Q$T6@ zU7_&{s*J8N-Ux}~OT1YtuUJTU^wka3Cxr-wgoOoTRtMGC`I>}tnUW5s#YpPwLVT=V z<D$nQ1upbmwAD1QuKxjK(=l~hzMW}OT;%ExiZT2p)#cWp9^FYlgRp_saw9&>a z=RK=P&qY`(nxHelNO-4qbfaB-P5iVGpVh1Roa5<3_{%ilCyjG=kiR&*kV-2%X#2V| zZ)|!c&e6*bfVnVJ282@oCSD&%{*3*nr$Bd2VOnw=`8qJNG>ClQ_s-;7!4ug!Uo|fi z8~uR+@uR1F86J1$@#Ds(_~|rz{J)7kmhrd&%tFwMtM-Ylo7l&_6>#z2Y z2b;h=GE;-%O#LV7cL$EcpV;6V%k5l04hucB0)ESs4^4W8* zeCzzh8>n8nx)~5C&}D?rV*mP@sB3b6p)tJRoWVjttd3`AOpP{D*;bt6G!+Fqj$2!l zBzZiPYa$KsbyK@ABEZYK0oZ)u2Hd=tAx-+7n9T*}1@c#)_QIja-rP$W)(vqG#(Kui zvp>Em=9h)$3pk@bYCusBEK-|=XaFk}JEi|!7qU(TVGCBdsU%Dzz@EcA7NDduEJj?E z7+rfpNdieW*hk%SRbp^b@aq%)H#8g}Frlx>Ex}I1%055i4m_UW;cd-#_u+YCw|}sm z^$e6R#y1Whf)oxjZN%+NQF73OrvUXA$mM4-dbXqGBXuh04D+CwC?}kI1{Ndpn}qq5 zkUv79;2+?kEE-$|(^mm-!c{yKa&fS$A73a*7Z93G&a1c|6o`*;n7QyZs*!>fSz+A& zp;ASW^DuKe06AlUoRTvjXU&-=g^>H$HplT>Gv{(hzWo^a1PJk%LopGL9iB(wfr((s zARHtq&*99l)ta&Qf$RuF&0~F_(EWEIN5&tprusgpCo9KJ0M8_l*S8QKepM9s3t(i1S!4M7y_!?{0HhjU4HTVFn;lTNf*YIE( zbQ8Y}tqHVuXT$b(#7L&D%)=vsDV=x`F?}P!{hBmjcj@zP=XAE+c#;KmvZ80k!o}&gR(#_ARtg&Ck~r>?ZnEj*LbbrbS$(O7WV&5dr|IB8)0!|eO;=y` z{Z_jAsmA)dRp~*=c*!Go_vjg1c===uQ zJ$O*Tjo&4jAG?d3l8`G`Z_0>9Kf&IDur$UG4cbJ*ipe8_fZc;^wie);qg%i(a2&6& zZ9A=@8#(DJdTTfu+Iqy)nD?R68ii%4L#r4aTqnF$4kLNECDHUtxTCIakFmk*iU)u6 zNVjs2Stze`fE#zCdij1Y*dfZXFG9kLPn-Ur99d7E0FUE&!zK8ExB=hLUTaB2>hyQX z(r5!KO+yjMp2qy8IG?~y1!9;lAw|m*G9m6aI=2MZ`tp1?q1eH4qcD`ZCCbY7mTl-%srmu zl|1!0o4@6K#2Z_e%G@F&xGOBgYl4BW;Yc}aw;wkngt1WiUWkSA$LGjSOi4^kL(%w( z{A+OGJf_J5rMf9wTGV&E3=gJsLvC(cKHGU4DOzL34n5@5*e2*Fd`LzivlTpYwgXel zY{w&i5$1aVzc-#QuhTiU%ek@v$`}B#Sb*;dPR$3H8qHiMA7ujK7tL_>iSouX=Y2fE z0ayMIlmGLxhjDR;o-7kr$s7TUIu6vo7Bk2ENiAM^@rH(u0R|@DT`oJ^qxRm~^2CXd z5USJvNB-E41W5D}>dWziJ8zU@dK;(jI^=)hi9Ie_PXH_la0PDdGo}bzTVL3)g(Wok z;Bt_Sb{oR#>cPcu2L}3M0q|$8)rEY-Y7+`D3j*#*NIYdJfHnxpXS_J0BW z@ngOPy7csrh28K6+&2d>&6a7{{6Mn`@`WYx9()1*bzUvUtj6xVeb$U>0NS0s4}l%9 zQ0WDTE9hL=@3~ffgQc|>X)?RJ^0t>>?*waHgjzNnk*yCPpeZFd;PVSWM|aQXA~Hb6 zs92bY^5PRI`2fHe%hAMSbDa^vlyhi5@^7X5HAa&WXA-}DI0LSq#rX8_1|uHH_hj!K z5j-E)J%3;<6`suZI0gdRoxGO=FCYuB2VRFdX5hgA{W$8yztW@TFC?TyqmD)Nc%{Au zrye!7+^y>KTUs8oCSl0RPT+Vud#PT%8z0z5cQY*OB@Y9zc4Ph)^>_80d?y*JQ0%c5 zkI^l5xtmo`&z?A2}NRcCyD%k~?)az&+F%qiHx52CV)wkGO@h~*@2_;Dd} zh9@773A9Z_DDKbZeypDW3D}<(a?W5E^ZAMWSw5qikB)mIdluM$$m&s!l(9+b*?AXj ze$*c-3P#D1ry(;}dY1Yk<3PhuYYceUfIpT$k#wIYa1H)Daphh{lGgbI`%QE{zDun0 zHOlY-sZ}SofFig@21d0n2yKuG;MnMvi!UYo!a?(wQhwo#_@#`yDRy#u!!@iFYhyV| z*j5KpU!8o{8Tb1gg;-#8#$uInjLY6Y&)imZX4y)RtNLc06<)(dM#_rA-)(2YpM5M* zj~OZ?Wa6J9D+BLRAD)9u4Iq`<3PhR7yW3&aY%s8>BL4`<7Xw(xpa4*e4!i;b8&)=q zY}hoWkA8J-e}w7O{{6n*!P&CYe~fHNyENK^^p6a#W1<|Y?O2d5GrvK4>k^ltkhgx-Y4n$sp8|#BsB~96uuks)O(rV zhPUvIjRa$}4n_aED}nw+{!QpK(Zl8lz(m1h%nk?@9t!GVq`o-ySmE?I2$0%bODdPx zDcC}eCcVFX>lB2ggkA9p+5Zdr@vS|;*WY`J1o55pBn7B7^!XJ^<%N`+4}KEm|9>I;~bUZud8XIc3c_*}zTpY=ZD#;MJ*?G-N8k$=h5!0R>wyvXo(2uTuv{YNVrOYSh>tMNKZi z3US(M^4mjEMytuyc#Q7h{{=_VYVsF&3Z0pit2Mp9mAvlJ+yI`U3Dzo(K&kcV=1!&&U?(zYCQuAnUd<5({djo+6tU`+i}?& zn#7+&SU&965q?lWX(%0L@d(Zua=vu018O<0pgSws*{}wkJn;ZQ%VdMz z@}WchD+}vX3ch3v?XjiMw+FNC{i6v_FtJRBbC5a&PNTwq>S=#AH1qwTHSbjP1pM<( zmycePl5;znjI>9Ub5I4Pkp?B@Ldd`Ped6rMCHR=!T|)5=AqZmaMo!lrm59&Xc)iV5vqdC>){CN5bcTcplXf8ncAf)XtgQ(zF?>{Jub+Jinu0JWy z_2II|X3xX=+1@{ zBK~|xkT~-&8^z_Pydf9~s6MOcs7V3(-Ci_7acH@GYW0c44*4;SveOd2$E-D&j#dmL zY$>czS<)~zvb32hEA8g*K_k@oBWl@h01+HZYq*4dowT4eCtJm14Zeqrr9S-#3MfbG zO8$se0*VqaKY;XWcY3T*|Dy)Wq4A1H8Y*$mD=x48cT9uB3|#)zgfVA^%ibMBYrd=) z$h2IP%4~B595p(dl3)Ty99#`6U0CB7;(QbfMJ6D0ZygSNA*xR6W#NM+|D(e1P_7Q* z1Afk>n(&wYf20a%(ULe3n;NirP&b-4D2RgG4^Y{U--;l5w zN#ez^z}$l49k8HqocdS_y)`>xFNDv*0bYRnD*#)y4S%B0_9GHZwp#gp3ce+Ty-Mz$ z7|!APICiMvH$&i;NQSc^Ch&_fg_eNi`K1O@S03G&m?3F4I4v!`$sI0wp0+r*UOZN6 zK#Q{&)UAbC3;_k&_?HB*P4KVrZd+*29{*7ndAzGyRm{^98&2#$!pIFGevA$!Gif^W z)=wB-;14VfIC8*v$B4{mix zST0e|kUgQtrLOvi&g1&{3@v+>Qma5=V=#|ye0r}yKA2w7Q}%-d+qCE7x`JRKhl&04uPWmKR`Cr|B`sqc7#_au9g|AYODM%|fDqR5Cq2UL4^ z;uPdZoA@wpQy=Hf-aOpz-tFL@w2{HSyUl`gWv<7eTwngCyJ#_KH`3o_cen}|f#m4+ zf5q%taP(&}5{NMj+rzixHw+*=TFStU1xDO>20XuB&Nw~{-hWCt@u*FlSf8gD2S(%N zA$1UsO=(0lR5htnGa?adB;=!=jpMQ7X`j!eA7g*q2q?5@f3&UU#({@bp;#Qd-){NT z;-WJM2LTjJ8vE~lOU~iI-UIyCNukkY%;%Okcml~pn!w&5{{(plob}? z8%0kN5$%M_`77unB%gW&>Sj_u;3{MnXYhm0C9x=s4~K?YOl^KFtu7@L8A{clGz~gY zN((40K!0I5>bNxImWZDsyfw!2;$cYsH;MjxtQAOmlnnp?vr|LTJgF`yXkg|YIrj^?8O50WgpQ-6GdEKB1M3O8~FOF)TT3r%q1Ua4xPK>RzC zA+OQK$w;72AdwIyCD`zp?p}M{yt!GGk5P%PV!##P!A1~cs>jGiaBvA_r8)mrTf}}k z6(V*gj*3a(*VwH|`)i7>YQV)2Q*gfhxN(X4K2LTBJG3QzgdYT5+vU~E2oV^{D}~>K z6w8%TKsk3d$AH9Tb87L{jeC(?!4#-sHKKyL^6IR){qO?;v3ZXxuO8tX$a&^kxd+Kx zwTEm}phJ6PKAVO>%bF}NTLbi~2tm#xoW^EB55zt5$<=(0x90pco1ghK+Y596K;~(p zp@Cv5UNXPwI%~!Qc!X8Mjk~6+kovWQ2M%c4+5HZ#`n`w6|NsFES)XXtqLU zL-t)@yD){=4y)IuQgzWKbQk`2Y}C-n&4x)gAXQx*KEMp17*1~TZ^$Nzr%gK^{MVS@ zZ&PFQJI>ZPzgc)`=2wBo`1!%X9NmjBYt1h`$tUblLH#1Zm}w5S2T7u|c_#sn-3rsZ ztu<)p{V95m!mbEL8)7zyT9_c=)1##s3X9=}P6D#&#ioe}asZnEhD1cc;_0LZhGXGB zj^}HWN4UEzYq4h8HVRWT;LP#hDt7WdSXH$l!>-nEOSltR3sxMK7W7@cv|vAq2UQOn zX!gR&Zw25ifBbO6nxfVXS!O#h+(edI_%iV?n}v!_g)2du-cCG%(ZUY`766ifjPgPG zHF7!y^MR z2PjjtSqBJzH!D`JR`__!4U-<+23*aaW0=qEMSNLU_-t(0T6Q-N~-x_uP4V zp18>6e;?tclD1|#2jlC)P8Br8H#-=lIHS%5FUgleqN1Fd%uw6q93!n zygk;;Yf&G99*zcSX5q$#uQPhG(Y!CL8L528{zBFLlXKZrFmW=bd1FmVvNm75C%*mNav6u}iduEiqL7QIwB!r3%>+xlH zFy)5=r-=Ge!uu0!0xgh{S;XW3@HW)jo7Go{o`Ybm{wSaP3HiIsZ|BM9ZWX|9+@F0?rd|!gd$mlytW*!1mlyNp9`o{6 zd}3^rc}L`dMsX^l5Uv)zcQ0n#8+Vl2?MuCcW(@G1XBI5#PO=0g6&<+vDW#_(VVIar5r zqZWEV1F+({uyxHn3|v?<{s&?t1VG?ho$=8ceJi4+3=FycA2(TTqADfg!8LD37+f%!7x)B3PNBO^^e4*R`-(_gc zI3-MY58lJzu9z zeHUZG$vyl*7}GlYlrWzs6?=1YD$hlH*@@&Q>=V9Vm6I=bWy2J|IeL<53%rD_#3qc` z)s2PAfmHAZn-qj`ZC2ebwT(#bY%Z}ass^93C^oATc$7uqAd1t}x>lOv9YkANc;Fco zR88M+vD0Qc)@;57SM~BU&UA5>w!~x{gAUQ+ie2C6W3+w9K?m-CrI8;36R@3Yi9JsL zvd!HB|E<$dM=ai-+fu`n+Nx**OTMHK?aac29Oa>2E~bf zZtOcBa6PqT-!TF#*e^vmLWTS9_q6Xsty+ytl$)n(>&_UqK3{qPJ0k4ZRTJyZ>Z4-a zfqk*efPowyrR^gXwqHXJ{A|oSPotMO^UgGU9S{2s&z2ke&d5MkcTer7Q{VOkAB279 zBjCrKcfguigCfHN9lpXP5);d@jZVDRoxKNUoiqo`I%!c+`fX40YG3||Q8eqc8R^eT zi}>PfI=fZzg`{b*>D&+8pi|gaeu5{FPg=Zck3ca*VXAWZRJ7ytVeFWgbntsG ze2H5f;@ePvXgDI9f?gs*6XC-N*NI*qYcRp@y*?6S`;%$BpbY!R*{l!SV+6inOceGK zfwv;MKB69>`}bpg-2I5XKCr-Kb4MiV(k4p;^mDp7D9DSAeL~OwoioheKIinUd?E@5 zW6QPZf5H9rn(DuuNt_u7KWyq2yE~Et`c>l|w!yF|28LIffIdj=3%LAyV?*H47(lZcf}9M-`-Nc zz^4`tAP3)oP&RQYAwLBkoAI}cPd3AG_^N~kR^oTk^rpDgN(Oza#ekUJ=0K#4sks0Y z{A>J5AmNz`E1ocKn`A-JyC8%K$&UV5lPn087C?&J-0*ETVhhAd{(hp_RAS_c{ecQ= zyurB1v!-9>=foT_zzLB2A-_Ah#IVjp{2v111x2}hxk;6y;5nK7vnZ7Uz7J@G7c?i+ zD_ta0gZ%S)X)2Yul>!KMeA$Us){I{W-62B53A!6gx^scXt{3TUolRez(5+e=?M~?H zZD(8;OM0>kjGLB5uyiUfEq7` z9G!whtlhVhE=WK`dyX}OeE2U-iAclO&yIboy@YQS;VX+i#J7n!Vgoqh$vBQ!3Q8h~ zWVt2ch4!ImVT4Fz)8;=37@+NqPsIAv(&m%VQs7z94|B#gT_c+Rr8Bg!8UG_gj%R&B zU!bgWzl>6r+B@FnB+dEX4UPDpiMKcd|5E^7l>dpJ3F#*c|66Iz`Wt^n6w!=@co6<~ zQ;h#X2DOipxH30*kT(h@i(wqGlRSJZ*pN-3qbOIjzuz9WQ0S#HRw0t=_idJ90kdXg&>1 ztD~Cpy6?l^7S%?n5c1KzE%LWfMRCmMY7@ut{rOuzbgSNub|=)c|N6KtHc2SNcjIp_ zNdr;-7L+EM@wcbJ_L@;k@{#7$(u}{+KllGX`R{`S?C-4Qzr)R@9otY_kpIrt_OCMX zcQ9-IF@{LZ=HzN|u~Xx~IOJCB@;5oSE=rt~2#107{k=R&bn5fFY!=dt_3bPqLA2vB z34K4o3W?7!3liQvT=N003XQZ_`SzfM17>Wug$zlW$pM@9o+sPo{+mhXR zZ&|^gqY&aDotr-~`!nxX><9Ml@vo;#ZDgQ>1$+0@jULqSByW}bd)ndmk%9Afx$?GJ zvv^?A!$Wx=;Q?_BH+ix*jP&2W+rd8)$KX1)(}hEJp3EJtiklPH9pslngz32&@*F}M`h zR^F86$y-&9!??gKjs!$^_Fqm1VddOucO!&V9N%<*X&Ss)uB=-r{&>))?!Z690lle! zH+^Bizb${x+?;>`pHcqo z-+XF%Pd_X9^V|7vx{fAb!j8oJw>%J|r~7Yjk^hbx+=TxQI+rXV5&tdRtNCvaX)VTo zA*UMtThN^UK9z|7GUh$Xf6qrK!%p(wyTO0yy|iXJg#TvY{OmW@Eb986y#H7;{=!6*{;X3voeMtBdSMm{G{!@c6lMv&_&Ub`iWCFt?-}Qi_wIvn$cS(H4-QR)z zUP%qDeH3_F{$)3|5_oP$HhlK%_sfB-9A&@nb|9>|yZTm_VR>%nQNo_!$@oOG>Pdv5 z(Z4o~;b>&Ph%X+5=Vtu(;xC#nq%-i}|8M2rjo*>;Do69t>$TFN{QEul>+c?qt%otU z+KjK6JTf9L4!u{NL;MKa)12_E`Rf4mrZz>p5z0B38`t!E?b-Bq=dUkGBT@bulxAAu zua;^~7T>~ODgPeS_RmhOAzxMR7p>l}b38bM<`dH3LM%r)%l{%Dd{vI5imPybsCFIF z2?tY0{}%vwGJsqqYwchzMRd#RW}YL2ID`#I z;th8o?&Mz`PcsB{;8jz@NEf`6Am52+L`s5%^Z6 zuV?F_`%YA8>tm zH2fpv!u_h&OlAyr`KAFRzvcD7Gk%BfTK@Fpy=TqxrTS{E?9{}YZ0gCN+(;y)`22VEbZb-+h z3OTtLNi|@oqxU}^Vu<2xaIO3lVP+utk^Z6#u-TLhU;ee%2-iYjZbm554Vgd?YXg_2 zTGEc}>2uQoy7Kr>ip7ZTTPG)8gNm?3?6GFd#e*w&b21!7@%D$eM+Q4w=*-(zj(ip- zgcPPEL?=Wiw_ztHH}e*TN|@MD6hKhkMtATgjCOAd2Abv=9vlqo?A!qyC|pe)(jx6u zCk!vr8e*(&kQVcJypyrM3<)UeN* ztuxKQUjC-3u`=MuJEyXP97D((;jre_A&GGOX-Bb7jE8+9gSuBbb+2@j`xF^mng8^> zN}MT`_I>#!QzB=Oqx7+sFbG3 zkIp@th9MwfFJ|JP7aNjs7af1_i5Ur<*_ck3$YM7d$?)X$&8mFU<OQSl>u;os|`etVqyl+^aLq|1$PJj{O4#O*&Ss z8}++9)-Td8V$Q2gAJRV3^v9olwc%S@qb>JoVrm5eAzK?VC@F>WB_Zx(z{yJIvF#*| z3}@b3lRMLEim?D*I87?{L-6m4RMlL3K08|wDSS-V<)7XVQc}H zu`%0d4qTw+7X{9L9?@;(odX@_LZkmpT|7wZVZv1BIYegSqXUoXts$mEO-V0Hhl^qZ zH&2QCce4L{dmSPL@x_6`&*JD%`FVkqpZQas^$-48lK~u3KW}RWa7fL$K?zuUn%dH!S*KZE8I5d*vB{Q`4tKqn+}2fVwvB_XZVT=7o^mTcl) z6PR5uAEE91$lF%=1Tw=_xFA!*&;wPj4h+|wy~dNh2^aaM@Nl~;a}%ydOU9P_(+97? z_On6V{W){}ntri!P%fvUpyX4x9Pmnam&qvTiknf64%~iu?OZFbQ9P*z4Ns*9bYpbq zwC{%k*EmS7aZr_ubo>xH3F*;$W%PmB?1MXYUVZrk;!@dwSTTDuT=7%fU~@|`C4@H& zjGkmYUw+w@+#O(Qn#JaLeax@;fRF^n1JtbOtGo#3t~Hh>y4+tS`WLA;txb#2G|Dn!4rFGr$rK&N(`^ zR*=_h`hsD&E#1L!(3p0(aW-d0GA07-(RZA^ZB+35Ev}WHq--g<&S91{{ z$hh%$b!7^-?@i2w@Tojv zX`chVf3mR(>!srz_|OrC<`o=y1u)*O&L{qMcpTGT`t?D*Jx zp|XhcT27&i*2!gncx0{|9!zPa9+X8+XE?IiO6;c7KL*4{6Z3Si@PGm6xT z=qI%m5h$XO08#}&pT0Pz8Km}q*aA|HB=&O&e)=WGPaohX2bM?Thjb+;nr#9}fTgk) z`i?xC7&m;Y@$-9)pLF6!%YfeHORy6pg(}?6pgj8WcV`nY7s771DY^@USi|uDZzQe} z{GkW&ie;91=Xzlh>eW4D4tN*xhWt}d9s`(bfwJG3Oc^Rf{ZD8=@U zGYv=}wc>nY1^drfebu%9G(fso;l`Fr{_qW8Vh$$x?*!2n^&xKb{Z?I^!BL>glUONS z9}G1?gg(+rl@SVNE>WzumzvlMr*DeGWsU@8K7{-UWcI(R*LeJD7jdD1u|`IW_H46i z$Qh)T6YPEB-?-uhCz3Gs{I37VOL{XG&+6|paZigx{hn6CD!-u72x0YLQV7x# za*I33%nf7%{Xe~m0m@*<{%_M5>}KGH9S8`*qh^t-j*pTeoutSdt#qT5?1I2)0dRWJ z>KIPHS#WKV+>9jq)6N=*ZXnVsn@H6IW?zx;f)uEAmbFIsDvjU3eZ#VYm);>H9WyG5#@p7V!zz zOkOtz8Y|!m%H{qBq=2x!%QrzMK+uw^^c`sMzg^htix zt5)5Alxr5JV(P^Vr>;GvO|;H6UN)GlE{3meaO(6M#)k&Cs^~wsb;bFEQ?1%rgcoSk zss7NGPthQCd3QK9{+*UK^m&HCZKq#8xD5_RNV)dy;>zLv5_$PPa1d*7aJx!mH9|+= zFXK8k`sEy}<|P>hEK1h0pUXPiGHs%eC$dJTy8pyOgY6A;x!1w`bbrIa2DkO* zDtDmc{yQf@flB=nAJ$yn4^3rYMBw&h$A~~mGUS)vqvP(V1PZE}S(KzML*0;2f^NUp zRznWqPKo%8-am&BcZuTHD!AZaox>V{Bx7eX)N4%Imt(y>Kt3+t@#M;O-XCRJHSO`$ zZ7)--@GAV)8J7^Piy%48K@7C=j@+czIs+nr|DbhWHeeNFDWf1y4SMmOf<8rB9(m$2 zh8Y3q8q0GW46%gZ`S!~YJcFsd3$6lKak62pI=lv}Qs3HBv$G;oDzM?EZNW|pK{#?3 zMSm|F^PT8y%^1M#EBNREB+W4y$$k4e(*%eEse^GRA4dI52t0(#71h;?UW#pvM@gq8 z5AR~6>{v36MT%h2t#C+0-NwiO-zi6>-0%k-0_V;!|L3+PH=AyghG0c=XZ1CLBvrm( z>P1gpW9a9(iUYiJsKgH$P!5wjv7LUM!G(&nz>HS#7dzxOUl9@u)E5$#qT!0)U~gS3 zrLnB%8QzKeg*)N;Ul;=Q8?_8|&{ki6aSGcU>wSGQCZQ zC0ZeQr9S#XxN+dwG*VjNXX*IpS4aMSO43J6CC9n5#Fsxv#zH}0Y@~xTIA$z$|a-;#kZ$(`FGGG3w3v5B6RO*9$f1o}%#5JJn7wGyBtuNL9r4jWc+YwoWyhO)1E+-wU_rdY>s>4c2i)kL>&VdV!ja zd-6yn4p0g9L#kcip&48OeMoXSv~cIrs9kWD`HfyB4w|fAP@wFe=CW)oup0|-sU!4; zN1c+t?MOL*%k7bS?GD4Pm`uO4(|{!9yN)J}sSF|*RqV_E-4ATI7DUbiNKlI)f&KEJ zfeEY{$h$95qxcbh1P336RCe5#f4|ga4AtS|@X@i)_%&^P`TKfv@U+C#0qwNJJjn-x z)z=t-Ay{33mxzBs=FbrEBkgp-gUl>!>UGPz5IX%0H?eng&>%DL~q!bFk$VpFU(Ny zylqevHu)Fh{C5u!NiF&B?A!|T%Lw?u>?(Zl{&jTC9eP7H0AK#GUYsYmAN6Sejk(YPgph-ya%o`0Lf$7c zUWxVLtld&^NwhzR7{I?|6cy=maU&0omQkI7LUem;hN>PaV&}6fn@Xle=KR}hF`0AM ziQJ?&f56rs}rvVkFH9=GYKHl^XRHHJUjS&?$K2lc&1<@9vyd9 z5$V3n8JNFNkQrJe$fW7}@@beIe#H8elOs?Au`SG&Vm}L+Vz?g>#Xz)0<3qJuDz6py zoy&K!Rb?hQU-9_D>b${&E6;rmQeYDJQ5OI*atVm!Xhau~$8J(q>T0<afibO+Ndo7d2*`jpNIk;#l*?ySdFKx?g9$2K{UedNmhmBA`s& zKL6UJf05R8<`eC<7LF$g+0^G?Ey7f+Wv`G*3XZO6RgvOzretV_*9>fv0k*5yHoyk{ zMX*gw2iWxe?8D*!=a$$D;a9IT0^E^o4Y(02HQ=r?^#ycjGX^@RYHOfh0@k~NM55k5 zpg~unHUNl&9aha>@H!-OQt86YsIxTQ0?B`QzatQnXdAq%{Q%l;a--8CD}S!LO$`OY zLkr9%QV|ABywEsKHeEGei z{m02S$0Y6|!6rcYGFIPg1KYcC3JxRRK**we^R9Zu1aFkc+EKnQHADfl##_MpHHH|q z{y8OK*k#mUr|I)QoKurKk~9ZtOrHmke*yIQ>MvWM&oaF|4HJZ7^%?r~?Q4aML2(pX zFuNiP+hU^C9bgwRGTqSC#%COn{_%5rX$Be->Bvhok^bRLO{77oorpy5H7F?~i9#by zQdjNQ04-B}K&??zN}2tsq*Cyj5Z@s z13Q8K!#4cy21cb=ukT5nSk9g5VP{|z*5>2_$p8S^$i4BP)BlW~;@6!yMU178lAdoR zz#d7@T%U>sD0sdi{47wW7uhaH}=cI29e{IQnARNaT;Qs8#a$(;vgpxv`+ z$D`P!u6XotL*zm!_JCc?EylhgeAPL~RXY?SMPi%R1EkesA=`pnfNVQ@DiSgUu$$Qi z?AgANGb0?F0`zsK!v7F)w~QRGb+*wvB=s@ zY=?bl)YnBxk@IzqIy!x=2Tx)7K+^j-Iz5`VsP6Lu1D#Y^9+m@S@=$L-Y!@K-ViGSp8E5Dz@ehIq_p&BmKgPT)pH^Bi@m%^TT?UkhXH>3?{#2LQ)(dQZlH7rfU zs5G-bT)tcH4?NjdC%#Z)#|K%Kxc%rh=#s;JI1Au#fD~}p&!O9L`BQkU{K%@7EUa&SqrJd#vTK>6%jH-!zZXdzt zh`_#isqt}Ke;Di-t}TLCT2J=9BgA{#cdP(dVQJe!qyTj=X%4}NrqJP>D|tHtL%=4_ zBQA32P01lK!`MVKHN39D0Y_f}7XEg*mV97d;tyyjSE5c}H6-8c!-1gEDpz*BD|@pY znB&e|h4a6_&uPh%mHHBz;#zp?Ew1~~s0Ppg`C~95?Slq-D?1RqqJifE;c3_qeQQBF zFl(vdKoB@&OscG{tF(0ZWAt4}RP6$e2!ANK2UBmlSnI>EpIwcv#k=++yi<9~)`y$m zRrph{HxeT=e7C4l8b9xSD}F#RrSS9vN!r$*a-=`Zp9Szw-6^Y7TJVD!A3ujv$KAVP zd~iAll~UMQ)4)iAyp0?0)eRqGP{Ard1V5^={D$|y9W5Fp3?T>cT~rB8yzkRAkqT;v zBMI7HzYA3eK?rG(Dt0dcRXlfDVyd7)7m(Ma;mOAJ0dJ8o5ay%rB6$l}r~w*=Dt?Kk zNELs9_SPa*+}XZms_2j4nD0XsgR^X^nAp#ziavO!F5K4wRj78aw?Gk0tlxA6Q+`o8 zK90BCL4KLfRS5ZoypHmVd`3l%1>&^By$$#k5YYxCT-Eu^tk)xL3y-eO z@K{9=*u97L`x2L7<8Y(Hej@EVq0h+fzsv1Ez%ad2FkKMiPB0>fS!6`RGbja`{P%e) zak&IwVa@nJAVNzj=t{U#F=TLr9H&ms1j4qABkAB5wwB`r2l8|Eu)I9$JU@F=oGVWt zerY{_DRw4r2LE?(-dGt9u8g%R%rKH*#}~X>vf1jJ-)vc5WwGjxZPd_&~#)SBVE(UpCsD#1Bw0I+?2NYo%C(; zNB>&W_dX&@scm_xJJ6Qt@s7hwS@|Hz7d%aNE6@(hB0dgsUh4f3 z$a$S4r4!Vo&FYf7DCZ#%s~F^7->^kpQ^^_!#Xv!#eehK$p#Uo)KlF! z2#SZY88J$L5hf>>!uI|3RaiWT!ma%kn+vAi_YW8*ck@}vw)ym|4dR)~M(c4{-&Eo7wH2MUJJ1e1vy_>krf4E1ap zuon>5H8vm0WDvmnsB4zSuP2TqJtnb*(_3C%#=o>m@Be`81n>l`ol?r>GEbZr(o(IK zjNMUAFDNy{1e9%8k46loXBbLPHjOuNp!RZoClU<>yII@D3P%Yh%-AQ#s_ zMaLnp(245Wid5QoR8&WEcx;DRcEkan8*=GYCkyUY7%ibI?QJ*lReoT(IRn>nah^te zPv!5#*GU`|6I)JQ605EEiO;dxkS>x$&c0v!3F%s>IdC(U0TkY5CwXSkxgO)B&;N zpUe3P{wbfJrtR|H#E3T(z;snrk`#I(#o15*v=_sscJf|p?$1%m9VmcqUxOzY9;%Nk z7*C&=h6iuYHc8XZJ#3|=KK&Dba5(upUMIE7Pnz1EuaDi1*H?Rjv%R04Xt2iA9d=ol zuEY-=Pow-{>kfIoNuF=5XN8gSeEUjk%(}x)>(cesm@TZc31!!hx2~v1e!f}ko~(Tn zMnhJw)k_mQ0rXaJ2_ib_Xhmo1^?mKY*>I{Un0nqmj0NeEH7h%$wvN*j=4CUWa^X8w za>X1Nt!Wlah21djWnq=b*NA=D!N=NkEK#VIhzg^edEaYaYWp0Mo$o{y2t)^8t4d0$ z_z|+E{PA#q47IDm3txV?VH(7PPFy#73In#|edHpDNAKdney=(sPzKR*!LARmcC@q| z6QOUDj7ks?pn6-&9`9c0Kkobd0vF8w*6UwEe5%WETSf1NB5mPRf%J3~;*uoCU#DI< zeKMY;V+wqga8C8}{8Q!>82F|TP4((J%naPZhK_yO&LATS#iBs#LWJK~HOwP~r!=eP zQF1iq$L$6FTu{?s)gmAi)6y3<6a`wD^A9N9%9`~N`WedYgI*Kg<0*i535)w4Ps8Jn z^J?3Wxc`d__8i{bEoCOxr~$mQryM z{yMDMnJpAn#aO@${%zil`Z}xm01!viWJr`9Mo@}M@LnP#o4kjhsncl&TB)lq#tt6r z*kQi53C)*58Wta}r;D)e^T>rHjwNp2I&wKub)L)%yEXPS3X=yVV4S@bVA$ z9KHMarZ|%;3+asg_!LrQf`r=*G>O!Vll^dN`9sOQvRNJWA87D$HOm#bU=&h~Ib(vUM^7O78_{kHNd>OZ zfrd3n$z)4Xq@kdMe1*Ru#Y`@_8D2;?7=Zc^3}`kKSC-M`hvR46mZYRXd^Va_SN-BZ zgSAWwCJwu>tC;YMRwUnG$6gB)gkNyATm>h$9mf6k5rki4a`5}da<#;VUpzi6Vfe)- z=V`-2sp^qw6Ysltr`EsUf?+|6qA&gF4EPSW;J<%{uxlQ_MItV>UjN)t{zwS)ijBq@ zoV-5-)uHv|pHK@ZFiHcoW)Z}w%sl%sHeUGKw)4OR7}9N{Pc^8@`XoyJi z2@z=_zeC_&WIl7{bEy%;Ys}S}bM#G@;A->nyKfL!`ZFvDUlGAk0>`Ms4YH?039y2H zL=uVrn9>8J&#P?*$;#*TeF%M|vUtyRlid8dIZ^B65GbazF{CCZ(dXbXdVoZ7i@z&{ zd*{}OgT&vJ4ibpuaF9U%T>$EdhNWI*H^3F3JGT4OeaSuA;uYZt;GdeL*OLUPuI)~E zH49SJqoZHM88lvmVDHF%ao&-mKcRgL(gX{_+zYfXl$vu(@8uH7&lWn6mWehfQvT8?E-iW5<8fg zF0gd%0_((h_YaFOh6O^akvmDfHr2|?fGB=)l-9<|;y{1}ltCiG0+PN!dL(B~hJ7+I z1hP57!LySs5`qF)UNd!E#s&)uE)J77IEMB9JLPP; zM|1Z4I2q|9@M8Q})|#-x=vX{?$18Db2(;&&R8s%Dm>CbOTB{SsYLA(ajUirW!%W@o zj*xVe!&%=PaD{)gEjzDLzqjod=0`zjF<>{>@z6eo9U z4+(-0aCe6T%_Ub}hXY?djr{FBb?fwW@4%5(jfGN$_-fS*#Z&kV{P7Na*s7s`?;ZG< zRdWSj{~mwPNUO>+HWEUGk<%|2Up;W-D68fjl;qXXjjoU^2I z2+)^&V-EJeyv>yZtYtq+(2`z1D{@*G40l0}J$zM1VLuV1=HC+O%s(CZN9TVfUn0AJ z6$nQLy7t}%qdQhTE8;e`W>mjfZ5Uy*i@25I#f~Nib4U|Jw*sEFSGLz$?8=97U;+D2LsjGwlE{% zdiM!W!%>I~8nwp&WoO_=5DjoX)lgbJPiegl0h0fwOaHiZYx3i+;EkstW29KKj)NBM z;?BUiNc-E`8N9KMcPRT#7I=E>^z`@?_d&RDyZP47-I=>w$KG?bdynbOwl=u({%6(R z$1bS3>lulG^(%EvOOvqs3SW+TpoMvt-}(!y_HB|Y^zk2?xmW{X! zSB4jXoUW+1X4IfsY%2fl@aaMF>z>Ga9;jg1n7Zbbw zqixSvwJ+<54MQ$JV;>S+;aq7mT%C`4vB~TgD$!{CUU+%Okzfkouj;w0T9`$YzJ5NY ze1lc{M?Lhn{RSuE2x&rJrRXF!<_402A-(T9<|uy<_@^ZryxP+ekG4A%_`ioJGW$h% zExuSaDOf7ljRn8eCxzr@%>xRmPYQ#ol_ePLn)wUO->up;dM#mUCn&dDvmzvj7N_Ry zu|;U=6xN6{^8@GBukhEEcgm_A#=$gM9lKOjUJEDye$4o4ujdegT|GA$_IR~f5?lex zhuJIOpFk4dJa68N4^3)I8s8M@Vx__AeEUlI23zVE*I8++Ai$h}tbhsaCWISL$Q``3 zj+tull53InQBcn19FF_Wbpd!TINgsg*Ir?25y7bDC=zF)!1%&=fK3U+s)3?~R3t z=uju3ZuLpMN*3s0{$VEWE;0NS@|{>j13%(eAB~OmD5hvP@?FN-D$!Wg)!#bK^|GUy zt>B;WUzXqta=QVfBBbgSL8W_qNUw>?D!{%|$iQCg)d6@{i!cFP7v0`=Z$#4JId*RT z!nZHk*>0P8yYa9!7QVTr^7&>fjpu_@ughB?1r0x&{`Y9WdPbQsFk=X}gai$%`o1kR zsfno)DJ#0JMly5aSLE*+HjW9wqXRFE#4mF1joZXjMayjx^OZ$tb4iU1t`cUSGq%;I zrM7Hp2wwmW1&_-U@XRDJ0;S_LJo)mU*f&k9w*xBiT_R8>;6c6m8g<(_S;ZVQ)Y7ps z_<8y}1jq{@kPk;F$_CL|{BI)^B@AE6TMR|nBfgYR#h20?Nm#5N+Bh_4qCj8;A#0yIe!8z(CAtAST~w3IN1f4&I@7ejff5{u6|gB%<=0e4+s$ zmk8L6FO*#A5Q`JvJKnMW+r;+{;(ImMeuE*iC0lZ*T94+%84aLD#dl+iH`m<8sr4{+ zA(cpY9n|^}wxcYp{&bzz5THJokwT$3DE*lGoFOf950w5~>`%;B(f$wzS$T==dEBh> zel4OgOg(X9vd3(bbYxUhR7Qne^iDY0qoIE|SACk<0+Q_pH5_O^;qkUCP>-)6etnQ% zgQ=^3eYNmkHE007uPt!&))uy6)javMn(8Hb|7x$sRUd7s>dmY=S698CeePuxF92)$%x$S+PgeY~ zu6PA2{;6@rhAAx!cF!|}PcL2bzt~T)0o->zQe-&r3Z70oLribS6ERQGv}`y#F9R6V zDxBfg2a`{$TP`=wPEBgfNN(AQ7|E${8%#`S;x~A$o?StTqn=Lk8IQ?0QV%ppNV@1Z zh}Q!Zw-DI``h7C7qeZd>z<>DMzDE9*IM<6jYX4{#u8b!4Z`NdaiEXeO(I*g9T8b_G zrTJ!qO8qmQeEBbZY&NLgFW|duP|x5&t^OM~C`PV}T^-D$gsy<|tz{Ft`;Q?qk7+in z*AKKUIJ%Z05ok2<0Y# zUHVp6>2$E{JWU-5#=|+hTB5@l-}7Qt6|523e>IO{L-l@#Fr3AjPY2B>z7063!FWT6tUAPaM&Id9R!w&lvGY^F!po z4^Oly%K?=EFR#MZiHHSI7cAoI)WgtQG$Th09u3L|wG)tMzqU9Dz-UO7eUL=oyev*8 zW#KS`*$2dj+qg`>qx~9yx$xg)A{&{~B-pXj?dGVa>b&0G&Sd+lUQH+=|4uM9_a5dB zLtMrV<@x3idSI}he~0W}YG-t{{Otz_M|UII$_#<pI$wx~PQ-R8hP?^C#&@SNmE_ODEmr#BU=wBI0Hx^Qf75ta!6$FcrX|DgBF#oBi zKjd7r4G>}_B%j9%NW;arfB2x~J0-0)*~r6!)?m@6~;{6bj}* z9BxE6;d?>A6hCC4V@xt#j0uYc#}`$uV(%uh7n?P^Vecgz->Gy>6Uce7D%=YVg=8Pc zk}UM?z5wop$`Y>Y#+0n7z53`$9l^324N54>K|H8STZ4TE zyZR<$!?2G?0o)3|2_I4Ibb-4~0ahYDj`K6f;O}7XWs_q&%0Di^j&dnmF3Z)CI=k^D znr-aV#b#^S#QJDQe=g9@xnSzJBYJD$Yc)5?-dc+ATJ--x|2R`P0`@Y&l~mMk50oFtM?~yvH2Hg9VcCa|H&u#U%I@1BP&BbmzouV09v76*pB5B z?rQmcK^EOkng!~}Q*V_ksUpK2EKZZ-4=C*pjK!e|9lAo^vkXR4n^y{bfh%^YxDkK5 zS~Z6WLEq^fm8h~&?d4b@F3RAlS98qZ_l9l#c#O@q#{Ju7Ta62DS1aK&3n8Cg53WoZ za$rawM6BR;bv1P8DI-doAF!$1R)8P+;s-9(Dl=6rFzD#4#>;>ONZs-|M_{GqcI9F- z079>eI3pAypy*N53-=A(I=-`YhWCPg=jU|eaZlhby9Bi@+TXB0beY`K6C8Vh zp5sXa`MsiB_#ckg@7*S4;ca)GnOmxf*!LsIIKO-=;u+8Vr6&xOC@xOM@@OGu4@3K5 zBM>3{T>MB5jwc}t?}yC|MOwHN#MY0-RB8*G>`Jn80F10p%#Bs8I&&@R zdD@NHbjP*GdCOs{<#5h8wO>}I71H;v;U7MNN0;w^$(5Z8y@RtdajIQ@4DZByxBo@4!SS5hLexMx36^Sz zJd9f^u#dfct{p5j?=iYp8SfAUiOs(a(#(>isKzNY0uh5Q$jjUax+s<(b%%xiwG8#>65YRMMJ1=k{V_#_89bfJ!9W4|9dX~*RkR2 zVTZ+V4|H<=`t*4U?cRx^tT=Kz%4$1{2Yc5R#6?+!a%e_r1f%Z&8<&5z%m0y?oSqlt z8=$0ZWkz8&P?!18eU;sS_^DYb6YsC=Q0SeS)#koJYu;*})%!Hkk$-Sj@6$+Y{25yF zX~hLLvAKhfC3|qU)yyBjH17!%z2gYqFLJhF@xV?l=B7r$xTo50(z2-DoMWiKJ0-Y4riFXreS~EgPLRD*Ogs5e-~G@Q-YT z!LTvg!XhEf>X&;kD0Dktx`jNz&tU2u+ZmUtqm!IL?2mY@9)NuSfvgqoctWw)u}v^d z5fitbW5lW{IXnp2EYR7Z51My|^YJ*PFVV1OLLqzLkTnp41Cr`eDem`1lY?OT!p4&g zA(k+pAdeAf`c6QWSqdPD{oi+@JCa@s$ZB+C80PEbJb(M6Q;1I+hi2GBGjw@^PUHt= zw*Hy7vwBo0(Xs}iS%zlF!WRPm!vmw&I-2Sdg1sK^5PMebKTs;x({Km^w-pd;tc`5^ z*3A8A&d`6+28X(9Su4h0;^<$wIS_TXIS_TD5CXjAZH0G6ZeugeI53&51{%&@aHJ^Y zMPF+6eoPs8h3BpEZ<3ZGJ>&z-HqCx$YaXz1ie>k#TPNQVxB#YA(yNZ1SFdzGh4^F; zFsz4-7y0+0sn3zr&X@0bhx=_Cw|^9K#z@K=wSFOGh_$qa`~a^QNeV!4{2u=%J4l?rwM?pY2PJ=E91TCm9e&%F1E9^C*WU(m{ zpZ;8sRmbl^V-E@Tp7PU}>eN3IVcT7Z@&P=hjs?z2_8|w0`@dSz!#;;#+Fc}{K$^6h z+H0TIpZHphJc3tzq8#(|+p?OmV`= zfMhwiDCd8cFNDUqtyA6|73lH>6{>X99U2&%H8gJ^LZUOkUOp{jqoM|D35C zdKpJn2wb2GvYDa&U1Yoq@ix+aXg@?hdhwVflEHZ}I|%L6qpmz`w;vQ9T!9(0QB;)? zyTOj@?x*HHCyRwiXq)(H27nXOP=9aBP^)#>j~>xw*&fU8Hf1?Tr)jo_E;`XP%N|+u zAU}ht|3=2|6<4GCf3?OR3Fy^bt3n(s;3DGepg5%=d1!_+@L0ODVXZUoba^=&DV4^I z307j+u#hx?2L}{jaOzZ;7PEP}760%IUw-;Jy<+`L#`1>17ik5}lZre`dWC@sm&xq1 z@y9)qAaeR2OXt0EyvJ;~|Mt$j$E>q2e@(rxq2d0N&d8whCuyOcL!T{R_)dt{C~S)8 za53Z!w_myaCsg=(F0(qUD6xOxTj)&o?8O6 zZb~J>uVE(Er@TjJr6WJ}1^SRr28_eJ-o%X#A-vOw2C8A%yv@^o;tY(%-d6?@9{h*b zDBnh#9EO&%Q9blmIRl(pY3a!M5aLA^2i{)*WiuuWcZy5t9u(bbeggXZl3#GoPiQa`pbPq&WZLtYUr!%_mkwnY@Sj zKt8eJ<}ZdJ0YQ%#6;8?@g8%0f9HByNur_aE zaR1LBx*)jFs=a}O0ga~#5g|{juc4u`iyVvGNn5hOFRWuvj7J4zDt&|W$V;hj`Ip36d%r!V?Qn3?T8s8rp6f{0huuRKhaQ{eeY8&GNbBZ+ z1h860P1hkW7swtAgH#`Ppd^Q?(?T>!qttSIQgfpzfsB-0cml0GxIfRsLn+{J0%6Qf zAdbjGhTcOlBd? z>k*SN%i2eGoF11ZN3Qo5?nHC01Ak?69Hl4VEcFD7VGLNZnp~m1Yi&U(iUaK~IvJ2l z;=lcls!xB#MZC`qt{rC!$UyrzD&oQ!2Ym}>D1tN(bdk={W?W_?N-fO-U%UR(Loyw1 z15kYkH$D=sxg32kweY9l&B5M3zZfpN0iO{xF@CABXw(l(Si=>{3W6IJq8ag2Q1xEh z%9(e}3a)|O5Q#~kdf!yw&U@GLJ>QYUIhDCpwD%e(ecp8Y(lH^zHKL2=WZTN# zh1G+E2X_H3r;rIF&EFK!qgPRnMsPd-K#$%+J$lPfXek*{$_d^HJ$i>Va|FU&p+}!| zgu>5Ik(Na(mpjGQ>)wAcKR49gfz82b&%p+3g1LkXL_;^T_OGX=2=Wv*<~xzD543X` zxC3q6fsqcl#-dm=&C2~!&xvy-#{ay6m!+DG_z_tQ?y*37F2S^G_Tgu-D05vX`2wwr z-JtW?_ym_-G@e2eZV-^K&|3M4g*RWmr>?7qo(x%?KO=uFj{Z^`N9vKLM0FNW2!->g ze4{GIBA!Fl?h6s~ekh~R-H0B=|C+zIF$Own8sWr<(hW(IZ zKNR4BRGr3I1)xl&=Ir2t!Iekvs@i*TJ|`{7>IBA%a#mVF8lTw;o-_E&hVY!jXSQXf znX>r432pMbl*jko=DXCv_k-rU)Wi2A)UUyo+LzXsfEknT@r(x8|8B-_1W*Y+y;V*G zO8&+KnQB@&on8s!xkfkw?%jbKAW9h+qtmr|{Duf3(?DSQL^v9P7 zQWm19JS?#v>ZG#fcFsWcY!HQd>~o=qE#tH(&q}0+MN+gz`_UjfI@Km!Fno_L$VORk zxfC1?RT`d01Z>{sU=kC!tBr07cpoJ3f#T~~G?@D52rhcLnD0Pf?9Z0{kts}POB9eG z85RSqz&)5Pk=gksvQgoP=(iXZMGlT8OB{ufsrDaJ;D5siWlWZM$v;Irhc_aP*IA9h zc1r8MCHn8Fxs>-2vK5yxku7r#$X>vti4C|za!<+#=1jybn+{+8dv8dSBXrKhSEY?j zHirKXZ|?#hRdM}+=RqJmZ;*#kKmx21L?8i$1dMJl=mr;vii$uhDk55}2)lpXk0sMggKqVOcOi+zKO&ENs1=Z=GL@>mcG5-Xy723fri% zn`uIeE|2E{n7U{<%spKHep%bsA{vIdG`}pyzV@vcMXfFPJ~7X+r|kfg)UHPIP}^V9 zlC4dJ*!%O@Ad}N5wmd)=`N)BI4)X+U87kGO8RS$;%hci_^Z@3gRwPw2!v}jDVnEFT z+tkRgzps*Fg}@5%0eehsy+m8^n8~#mX%;bJ>d%4E@KDHPy{M+cR29C8Md?Z>h>_D} z9VH@g*l$$ySdlr>2o1z4U&hjUtK#PQLD~;gJXPTxM7gs0u^72>29qz8R%y9HhoS4S zmKqf-jVzL`N+&N^4B@YSpNVvFU7cLIG)Pn6S)>-}gn?_5OPBfWOBY?Yh;+H<8%UR2 z!cCMe{~CK->4Mwak0)Ke{wbu(bB7Y8%buF3bionemUK~%-~HbRmgNGivj`UK5QKjQ z!9-{yQHir?C7A+rA?{%*uJ6z*H4HJTiN+!lQeLAF4}<_m9}rU}LK;o6sqF;wtjx`= ztvLS&T-G2o6HhzVkf%PWiE=&;HpJXvvYiWl;QX1X*81I)!h=TTC+Mt81Jn0snzJ_! z9#KW`(4RG*lj$uH``=+?1k8Z2|GdZ!!){#D;S9JSXs6#XpCjxxy)tWlRm)BMGYQc% z1Vfu?Q`Q`_*)(%&HdJA>g(D)WY8np8cha7K;rSrhYB>GmV2B=q(6swzGYa?FErMON zTbDSyXwQ_0T~x$K#9g*zVZOG%F8?L%uK>MA?OS6RT`Q%KMn-N$Bu_7%1>_#2ePJ>( zRJUs|Qp4ww-rBJjh2F%``*ALkw4cnu^jG`$y+%P^{zVSS!vCDisc1jRmUr#DKt-2A zn3_W_LMlFXDn43AFnyMhNC^(h=8N8dXJ^oX9r$Z(4UEUCSH+D2%}A-k2#-f_WIB;m30@Jraxh=10D%9NqK8wpwf|K3l3hTg?5Lr_B|G)EnFED zS7OQ+7*L5o-Hgo=%C=b(H$-2&M{xV2RPy+RIYz{iq6&tl##(<%RO=rv@*O9$6zZU4Y?7UuRyWkL#fXJArbVPZJ*1RCRNOsoMFwfZV7sqs*^;J!) zUa$if`K0e4;&UHnM90DfcRP%%|-O4JkijTCdaBa^KM0(FQbD8A$V znK$)v2cujNc<#ZCp#1h77dO_rWGgz}YxF3HN3JRiqd>>5$zhd;=2K{IX7WE4NFSJqy5~*_^!{*C;Phf|OP2dIEM}lbF{!-`L{sdY(82KCh^O#E ze8w}+FVv`@%U*g}6!mxEJaj=l=OCyyo>7T!ar=xcCjCaehcpBivLk zg99F%7A@!us~|N!rWo}@(qb-)EyfoqW;~+Rc__tP#kw0(qJ8-&?$)Z~b;l8s;yfMt zOdqoqcfM9O&)3Rw1o;yvD|2{vWH<`T?5l7@eu*uo3iwwG%F}oUEsPO};r+I`u>aYS z8ZisYa2m^!VO9M{J6du6AJ4B(Y`{r%4~({B2HF85 z5KSfZ9Zv7g#)P>`C(Uh(O(goGq}-%ac9E19ASKSB@Dp$ZH3D+ULID>W8C;x7oK34Q z>6O~W;kB2gIlMJQTZ+3=z2_o4q~b0Wi6FdI59N8irMU zt-%4)Pl2`dpLcW10uJ!C<9;zS*%*YnAJp!jT77`?F?j!MJj&zVH2!T=ed6&?ZjI{% zoE3?)PdV!32`fvVz<+g>?vz{5Bq1seB6(Vx@UT>YfxWARO-AKrq`}6x4ij(=qsN_D zEEotEPZD3{hGI`+EhABvl<+x|{JXK+@JO+zsezFg@Zj!N>}_a7vLo&;#Whd`xc>k~ zz}ix*)vh`nzc^y?NksGAwOIN$L|KOSbk{k~;Iwo)c~^EvloP$^1l2o(Gt-SND+Z>E z-SD5tJh5uUDd{xC1gE9ZKLZ&!bi`yxV}>-#J`YNJ#LR|)p4n0*lP5k?Dl^eKx#U`w zkcy=2Kj38vOgyZNqrlkGe*%`UmW(K_>fh7kKWD1F%$eHpxWuwgo#!R7G^!B@O>J$k zJnmMfN23fgs#7Ei>qDzWPgF+{g3K0hgLrVje+-^JQ-Z;5c@=4`QN4rj?TalneYQz+ z$(8{_zlNTSPMXPkYBkZG0;w5?ys%98=s9Wy?c3@ySVYi1@FI| zxYmLAgDis+Jw0q&Q^S+>N?k4_Ri5k}DFA(bE&~*ZOTMnW+2=&bz7K&R_`rRzi$x^YQM( zfg0EpfTOOp`~t>~5MxKwXOP5>z^&lIYOU*3Y29wUsCK*&^U&hUpqp9C*Mlw{i}7#5 z>w3aT*be_a%;GJ&^4XP;V7!o%ka!{I{Q^?#S}J!13Zh91OW2JLzrc6iTt^M3w7m8R z1P;9Lvb;rxK!IfzJAT-+W<4jE^$d>yy*)fxu6}m}aU7(Y#=9Dzf3PmR7~Qm3w0as) z3q}7!`Z;aGOXORiN-M5rlQ%J?13p#W-|^w*x3t;?ZX!LYKTIVESHy3E#A;U*C5W9^ z?Jb)93>!XJ?^ME-^`Q7jy;qP!fZxy!=r2_LlTuV&0F1lttJcsI#F9+R?keBOUaXb@ zGcKyG2Jy%kABnM4EnF2xRGR-mJw`J1>O|qv)w?OHx{GZ#!CRVajdYjs2_cy|KU(0b)LT z#hpNo#Wm5;8Jug~|L`&gv6H+1p-P*(@(*DAkTbhCr2s9C!s<+7XKf8oC8rbyx;lfs zFQ+%g)Ik5flLM~4na;v`cqtzXk2ZJ5!Se_QkZo7JrsBloEv6X_RtP)I92)_Mr>*;J z8}P(C@b1NZahEuDrC+^RN7f5n!T9_Y{>=R7m-d~ zjzpLlt`OV)3LB39!upFx5>Mv_1{&ZYL(7Iq17Ytlrs3)cf%{Wjkbpj^b7iQ$l3|@-5%;{Y zmt?B4TDmQ8w~!gc+cZnI-FO+d2Xp+I#kOODvVqm|-@}x+|K_)rd?NsnZvsinHwRrf z#AJ^<>7=Y+?^(QW#}Qn#&k^jO=Pf!{0Gw%Lm0%ZEPl)8n4UW|9d|hbtOy$y%2jv+( zi?c8-4Q9Mw#=}bC4X75(#NJYrDFPs_-+)YX9CYX^r!8A`xH6XQdDCEaC@X>Y$pw1+ z{5v2*5};2Pz!L_eK{f^fc62qA*97>Jt`^zxikak8eYSI^ec$*wNiW{&k2l=IIEX|LC1@W;ONM<*@`3`Zft|MCoIS zrVlWmbw`P3LaM7crjC82jz4+as^iri66$y{BGkx89Wy~XS#>xgAIF@*0(L1ZQ4ZWM zxd-<)?y@gKaX?^|hyw3+oDJ60X-QX1gc!j=2H!~g@-Eh7HGBU?pv|V&dwExsnwqGsXW9mH5Cd;Ob7Kxg}g=EHdq}r?)rodItvjhxY#11 zh3Ft|pw^Cs81RV4`~x9Qemu?amw5v3o|=hlsB7}PT_v{RBS+#+oe?7)!P&OqFF_nY zUcUVbzhjDpIhxvcso-f2$1@M2W&Zh)M&5;1r0R0JSQwx~nSy;+IT1=nTvPC|`K+8q z=y9L1KRG&9o(T}%qL&`CP*7NxfP!2^sJj;>pa6q0j2Szu3UZJpE;v4u>fn;=a1>rq zc4ryKI1HQJF2}KT9dLb?D2;Q}1LsP!u^^$FO`UHJghDy4tfv3SqwTii0OqGTvc>nf z<@dSkup0wipDF}*4ws$Bj^Med#pfMLgZ)QqanlQ>p|C&37G`X@kHeF1kE^q%#)Gz` zxNw@U)v2qhrrU5c(Q-R%5eUjsT(`2D&y{W-E8To+N)|D5+P?7vJ`sR zpKYNpoE=-E*k>u)@X>(~#ZEZ$n&K&-uM2T{(rnuVeIMq^S`3E!-M&$1aodvALR<*rn_y-+uU$0)gga|NvucIlf z+{h6lP`Nyu>tYsx%8g7?Ij*lgB-Jr|UgWjXt9b&@HP4EGMB6QlI9OdeN{}7prw?(b zE@mg-C$lgupva#;o}b#~IjVMcb8Eaus%m;93wK;vW~}{$u~7T$B+&W5!niZ17hl4D z87G&kCJ2is&_t5Hof(FLt^c(XQ1;S-yuO3&~DEkv0q@6KvSzX2|}xC5jX=L&Mx2->MY#8_zGyl zPJf-Hwca)sdib+jsj%{Re*Znp;Vs(rASE7W;{-%)^&Ww!uWWvB0V+qg&x3kG?(|Cu zlXsQuXvD-eMKzrx6m>g?H`E3*UXdugL#i0F&Y93{KwmII;j`*CQr@s53U8#}tvVul z1Ed48JN^KA%{|AD=SZv7TQzKQEH*@Nb z^2h_$*s!`~9H=#B9(6k+)X#w{UE4ggq5#7q{Ek>PJBEGg2K-aIM{sQO$qOm>FrJ7H zD-m@J^~6P@zwrC>@*M{`cwVMBPH`7gNQ@9UJ8GoP2{sv#L_%PH8YU?~|MikgO#xKA zIpj^o*R40pa0+=#*3)CD)_2OKFq9V&1G-VM4g9gsG2OJ<5!X#z!b#|xsD4?}QRp8e zyMQAoeyW_*ap2EEh;w*L@lv41UbVt@J4ELtDg2p5;cJ^x);eckJ#{}CxUS|QzYd&1Zt>Kt^T1PA)o7lY1D;}5Z_(oW zEuJF8a35#zegW-oqQC9MHRN8TTeh!Qa`ll zPu9oY1s?+{T7_(_u1<~zO22Et74Y93%s=2Xp2y<+1JeH1@*JYUzndazAz6Jstj@OE zJ-mbA8GN#|gsHGX;Cd?5pWa*cNRONo*CYAI&>h9_+WMeasInWWa*n_bchi(r1~!^e z=V+~B!9W9XghmjRQ-asSzjjLDr$%LG)PGuF`a5tK&}|J=vlq zM)@Tw!k-#jv6yS`8Eu^q>7V>a%i8Imadx%=mrAirX-CFTlRgAl=uol0R9B;MEBmWIAqPZLGRz}+Ba%DPs~dDcpIgnp^rTq3LeR5b zqX#R@u>&HRb_#|;i(h{>3jF%i<|x0`BD1%s?mmlO*%xB5kxtPTn_u53{2H-HOG&#* zK5T?sN(rxY1d^96?Tat|i;*aPXq)0oj$8bx?G@h%#S0te?~(TT-zxU+Rtnc$Sp3cY z`L(11`6b08FnA}`O)WFqp@8#r=Uk+F|B|z$tA^>fCjAy2!B3tH+au4DiC2R}h~o6e zM)m9YTx8m>dLRlX7x2-GDC!r7XL4n{K`q96b#(Z__>s-g;xyG<96Jt)@G21OKny(}CPBUb z$0$8BtGDQAwMEZ_DD*6#H9gl~Z;n3#D`xzG^88^VszGrt@&VMblI&W=3Pnef==dYN zhO?M4{$Qo@V@TpDf$4iO{xoC!frmg^OfHN+dLT|1Z@dvF!Hgo)Gj*dT2 zVee&yu!7d!_|pZh#Ykbv@(#W|xNaNkR9ak^!h=$S)P5;#r%u`@@d#Np{XI%LEwnAWgB4o|RxqtQ^)^7ojg5YEVUXED~I;s{nR zj3b#?!`wI%M~?|O8Awj9H9rhRYYKm#*qW=>9IrLQ+G`E=kF{ydZqNv<=zR&z^=cAF8yepItLR-u{>R zS-c*lUMy%s^`Rkp!AR5h!yM1r(06q1ZUY6uawQsyR(_m%_~gDRt&MQ|)b+IOVe(yz zt(KNPf0!Ni{>EsBH3H|*f9|q6j6f+cUli!nf4)=o*9gJTn;-LU*#wCxI0dCskGj+R z(|03clc*gP$5v*+e#2+}asGV=25gbCff@>AXRsLh501cjR)(GxZ#QCtl;}V8(0?=( zekn>N^Y#?W@aSN0Lpbs9$-rx795&Q zfDwVSQ2^XqtKmrM*4NGX7ok;XX#7xvN9404ssq!JL)oN1!>4b+#pt1S<;BSl-U}8H zIWT&2fC(mAZm>o~Q^9lj8rWA-j0{C_v%Tm{41xvr(#X7T@gUI2AD)WRNi86Fi(ap= z=!C7u5w5}e1r4GnQ~p16bvv@9htxpE)|k210*D;2o>)6Y|LAv`M3}tzrhfZh@?xyu z=2;P4=qU&7!+%8do8=;#4ymIOGFr{YqpF)C9>Z!DUJ`~f_0MzL^79z%!)Mo{aWeqx4%ZpVe;!nmE7toZbzz zuK`@daBcFplsnb$++odgIK_$Q@A?@2-X!D@yaU_?57WCS$O6u{z~4>e@8D$cx76R^ zuP1-&HR;s7QT~Pk=oEDxXHM)xHj}@bqWrzv;a_XD=+va;FV4m}g zNq2K#J|YTXKGFifG#|YyskM4esE)vWM42NHkksZ3;~5b-Ix4vt>K8F^v;asjL+SY; zrz?{+uw?vCW>z1_3W4G4A|QontHhEMs6Hq)T(215C=X~rRk;FfJ@-O;i-xZ@`?)#? z?>v9Jh7Zby9_Bhc!FY=@Bvp3^X~N?lj?)U(@CDZ1gVRCpy)fuf3jGEjwTOv|iZ%wL zX)%Ih`~VQ3`|&6N)&hdJ=$ANv5&pq(%O)|RL)~yiJ949^R3K3&KUZu3me`C)LoCxB zM;eNJGI9I(k8RiW{c#5n_9y%%v1K(Li?vAliF1tr{X&xIT5y>GV&mJj8~P*Q6r~ao^!2F85U3q!}<;ws1iox>crb>H$6`LZg{6{ z3k$5FGq6F|aAVsVdW#;EBD%n;#kAG9`B%L}H+%B!x={I-M*C%+)d|+`o8+lSePTV=2FnW;gMehZvOQEH^O7=Hq0Z810<$gp!sgc>md{v6?*6d=w zYSC{|jYd;{Y^#3kbHeQ6nseH6^CU|f(en#B9YO!FlYa}yzXgQhsH)1v2YXcw>CaxZ z>1+fgRi5Dpj4i!n{PHw+Ty?gmIm6W#PwtWG4Sb`xDgY1L>p(v(XnQom)7(i@k*B${ zYXvxDg)JALa8dG@R2~jeV#~$z)A#)h2gUZ@M^6SUCujU?5YC7zAt3l@=IYM#V+w#M z)vt+r_vvxJtCN`X{nx^^{oLj3!HzicAv4?=rx<0bUQ?{4WnDFuW{w!<>kFcpSQU>) zp%}XDRW94ljyN^;jvLY7D}1n8_M+9L)yOn z8pxI;2i0>Xs-6(G;YAh_`s_gLCGZ#b$3dRt zsMAae-61Gr%r3;l*xw$J57WVZ-j{O#DP`47o|iocsh^4|Ki3?b;r{6e+`SK9;N`ws zg4GQSxDR7HXd!Jyp`);V$IA!cEXkw95aV6I8=GfKz{NxWnx3YuGO3x zKoa4S6!QgocGL>cmX9@Nbv#dOIqW2Tf34m@7>lnP&Wgj=yUE={%=NkB;_nbNP;z(_ ze|Mq6|G(m|b29vOiQo?cCyGCqvwsZ!9uoQRwYm>sEdGX^c~baGpgL<~kGb7xeFG{3 zX=YRwl0t7j%APm2oIl#`Y3;b`O2~gaWVqqDQ8fc!LT?~BKN%ID;>lA}gUA#&T<7Go zBfV-F!K7DJ>tG}EtVfbqqCoymxQ78#jA4gFKBcY5<7SM)kBv%76%b%wivZy=ngnv# zkpQo=`zj4jDEtBqZOPOqq%LmQXOcj2ls9=;Rgr|99o!6TiR0TSHuN(+*tJ`DCoy9!|^OgXzc>o~@bkZL();XL*SAw8wl9 zD&WyY99FpF=Yw4dUd;7~P&+4C>O?k%+MK#-`1(?R#{y#pH#$X@QZrsAbsAeXQETE3 zqaJ3ry7U+Ldb=^sR8#QK)Zf!nBOX^StzRL^o#m;Ka}eE~UIiZ#dE0Ip6i3)s$5({P%<+0&fm z%J4MjxJP(uKVVTrqZDMYAePt>|GWD3m>E&lLJOlepIAt zs{ev-!Y3p#-5Jqg1M}xWaeSP(KTp%o2G$|Ye-Z611K6gL;uGRCuzrKou8RDNC5=r8Oab9Nma0l^ zj3pr1CVhg`Edygydzv#{my>;mk$vHmkfbP;TM(Nid72U|i=KQXuF8!|jZ?jQ$Q2h{lMMMT7%FHP)&?rXA0fv)S-yQi}A4By`bf&3O&pGm17 zsA3Xekqb9!N|8?XY$Vw(kARSO)6iVyU~v_DWYZF#`G>N0^U-yKnlEL!rjn#sPA!uM zs`we@>_edb0S6?|(m;Cs=E3V%vLbhcwsO#Uxh6ZeeLl%#n<pZz1jNwiFmAzo78) z;A_wyiqs}7*BydMPmP_8bNAYsgFwyODti_#vs!pix3EFCP_c#SXd(2I*hca*|4y>@ z3CVP0-sopFCRTp^2~ZRI-&@nj;tbzi{6=a}`(V~beK1+k{c=RATg7zfmlWxL?QMkJ zCc0k)1_1=L2bBL_2UBCk0_t`-pZS+iQ!Nps*DU`A-GvG1bc>o#w_21JGjEQcKhGhF z#?MazSLDc6;6Oi0Uf*v~4IX(s6E=j?TCv4@5RS3Jd{c}aA#QAm*=Plk2Nk94mX(%@ zGAdC;L4+DqWT_}wAja(2om!C20ANG_ym5&M0E4aUYTk+nt$!Upzg;N08hdWGs<9xk z8nal92NM7|Q*nGhj+9oY1N2iKCS8Dju%=3Ri$)iF8Vi?L=Sz7Six=e}X66$9Ubmama;|TXPai^B7Pj+gFH}=$$uKLuH(9h6qk%LPRNo6Q>6(TW| zSIe;hF{p><1~B*De5=jx9!Wrb9U|0I6B3XHE$-qNC>nG3M4(I^nSlQyL}>iaN&pq1 zLFrWNzk@yJgA3y4E;nVHBuS%ER%lr}drwKDT7GbRPoPiO?{mTb96USVEaz+N#+JA6 z0)=>h9hD9C88`-kF=_A1B&Mwc@PoH^tVa6FV1@g`O+*u{aMQ8toT#}35;zj-OJ97ztuUpgwzrR?L1^e$@JXsVl zBaQ-|NJar`lTpBuWE60nrhpKSxr#Qv+qcqq8@rv2$55KGbzHK>|8X7~kNXQ^T7OSr zeCuInpFzy~MH%!K-N`Im5ffEW7VFCJUEPm-Fu%^nbA0#Hq@)gk!D42v+yjTWI{*4>VOcgB@__Ljw+daCXd@ z8kpWO8{RD|aplS$EFr^YoK4$d4iBQih=|=6IIwY#I;9&97DMaHxNi+8K>c|(0(PsR z$}|t=6lqMh zj;`&PL-JmIHwgp>b@;VAW>g?Xh=_T}aGD^|%V>9NspbxB|ETHcR ze;_}Wp}iYXeKd9x0&mfyH(2z&fz88UQ_Tln`hrb8e;kW~{ol!O_z(~#@(&h=^cCk| ziNMo5!rjfYJaq&%UoTG^;p*vW9_j9dh>`B@h#2YaBy(g;@p1Jgj(IREuuY$Lfpa50 z0EsDwpb?b9v+45>^QO1_FL7N?{xNdPSvnZ4gR^yztAk;f$BxNA7J3J8c6kJhY+aWL za-?(SV5ps6$DO?;@QxqH^@33)RZiPEB~=S-=Ybj{hajp?;I_m$>{zJkxP}gtjuy7C(;T6M!G$vD-LHqY70dZOa!&yhpIhwxw4vD3T3dVIW}Q$oe+H)6I+6V?nZEHSV3v(QEoTG)zODm^G;R&q&PnJTbYM$jfozH-E7Q#8MZfHdX+t--3v^SvW%$j{d zG#_aA#r}O#tDX8)Zf-^X3zyEY^t0x3mf8?A#N9WhRR_@;**_e<9pBDzIm5FMj(6+T zvoToY1w0^rQs;wahm;bk%N8Dk@Fz>N@H@-ZSMdK6SC8-jyf3F7*u2u+6S;LJU8isl zqKO!WtwVJa2^_b7Rl1sVo}i=##!&kBxy^?|43?59H8XkTb@#pkG`_cZ+~b|WdAI@=`!jR&x4CDe6??wl=x5wM zyti07U;h%_BlKhF892a8mBQV0kRbv30i7dV5~@U!lB)HTal1SOlZwAdzAs(4%+YB( zE8L%#nwrnJ=n+vkKVgqM19!x^I^!@FDLDno501u^QH^Ov<2@_#vEC!%Q7X%XWYS?_ z=#m(la6K@L&pM`u1n56R_V(>b%pXoexj5e3&hJ)fyk9t`8o1rEURQ~wjnUPTFrlkUg{V$QURJbB(`GT~kA}tQMnU6Eo z<~ReFE`)u=bq+jQcH=WN-+cn&lWW)xc;k3#@h%D`AJllse4htEk$;&p5D@jl1ks>D zC;{3t_ z8cq!Y3kpqvXb??>-lD7s6dDqxL3~g*6AIJ@J2eKJ`3cptqj67P6aYUL!}kH;F{UC9 ziQyHxoA3jsZ|7E78^)X&SC77ve+=~Z&=H#2qPv=*IuUdr(4g}jlwhl3fP5EPTU8>f zHY2Ph6&paR1>cC}PPTe$P}U}E%Upcl5rG(J)PPe^Z)Us#w*jCY6~Dl{HgM?-vCola zn2pk{@xLSHf3+Vs1rkC*0tEW>RQyU8nj9I~f(%tH09ufcxXv#P#|#GkusD z%(Zf03ECW;xyP(ds=5vqUYgok^&{vp?Q=&pehP>meZC4+11zt?bV2fQ5M7X0ux?PL zy^ia%7hC8k(p6scgy00{6v=9&7(&Db0vOOfkV|xs>%-l3qr}WmU002bkhWZ+pGRdK zKdYnAY0F*Np9jk3s)@j}+~2k*1|FtUf+b^16}zxx(4H!JsQ1W0XAyF%`dhL*(Y7U)EWv05!4WLZ!EkjS_2glsNFD`R4@yPHaP@<`L4c2x5pPi0ghM z=cBojc57_6$F}2yjlWdL%zZMAhxIZ^+n-Hsr|mu4mmixs6esv6;)qmY6gDXy6@rpx zkSoSpNXQo?z&~Jvuti@sYzE0^J_qPIoRlrJhE@lRI%QZt0Y$J2!yo}kB8ep%3&YIK zF2?L3=xC$zRMbfyie0qyBFu4@LXWT+J`VJr=Cc<4Ec6kcN`ey)V2Yh;R8n!kTfKhU zfj5z#p5`LAJ;eUSgm-B_q}Z-gY>*U;b?1cclkYzK@$bM=$q`hc0dX?V>FNEnkwzNRi$v^iaNETZyjN2Y*i|9ujKlOU@Si3njnB3$ zVd5EXdzhkE6M?_ZCbvwscE}U>H>zEK8*=*uM2l zd{eGRrJHZ3C>T{6>fmYWvN*%LJujT@-Hs_XIuYmaPSc4lltkW742*9{(+x$ssQ+8V zr6A1MhQ&Nv>xa5!*mLeI$((`e5z~{lXQ{;RO8=)$rz*aIK5u`B3MD@+5J$@i@_9Kp}hGBf%E?y zqoM^*Vk!lT8ornCW_|bJqMv8*9vSK7FaaY-eX}%p8MGLjKfev|(ecx}rUII4rFt3@ zwP^qN{sn$y(?CpY8uyu2Acxt;-s%4flE*q0h%GNXh%}$4CJBX*5}y-g`)R+_zD>DvpYTFf>-4e@y7?7eZ%b zvXRdRL_HXD`Fo$MAO|JiM zo@IUjJA{ngW`UlXT;Kz4b6ROhjVLX;I39LzF`Uj2Qa_#`k4lZvQEIpu4nfH8{SZvVm z_tP*Ah$08f4kHLHJRmYi;q&v4Q9ulh?E%>{E?o+>47=U@^^g}%T9H5GCkPBI2M>pw z(DOT^^7mS1bi<->6GTNH;GUvlq&fe?@i&~2Q*czgg$HM#ii*0$AI`$6YQ!2r8s2$W z&RR+nXRy?qKTg5^%ODSUni8C>EtTi#@|?ZEKD19Z<+$!p*e%I1%vU6G!xAOvKanPK zmY9~9iPGdin*o#tL=2#?6}CTsTGB*R={)t_1G@Cr(Xgm^jtG*Gp{GTNG{Fe_1e$_6 zLx?Ql2;<(fnGnUAdmAT$f8R?FpvTA1|0J{o(kMEXuQS+!}GP zd=bc?geC1b=Its^n2EFnPDN!k+|DS=eqn}-Bvk4a^Zj}=oQY6fDKER#6bbjKNeGW4 z#p?fkJSpagkz!hYou7#w^nQV9?gHr8un*WtKnp3lpyc4(ek%EpWLT60E{0Qn4Idnp zU&F<+ZTYdPjbfy6VfO_LJ?K^#kHUtQQFbUej=BjD((2_neZ?7sEB@q^>0iL`Z0ca>Q;AOdf*$C-=jKM^nP_-wc)#8L=wv&_z&>~ zg0%y@$33hIXcd4JL)Iuk@5II+U;aRnxtAFNGKOfO2@ zO*-{-Q$93%+-KvKCe7y;>2I@prA6|$Y&3jFMItncsA&AueXhVUkQVX>`E7uW{6N4_ zEXH!W9+MyIF+Pe9)OxVtdqzLa#x31=;y`dVK44s!##f4hg>c_6e1?9VZX1Rh=#7dL zykhS!M+T=pkID#sfkx53Y^?oMns*tFAUR+J-@}W#@k@#iQ-9O9hSMm>IfZmBQGFrm z%Fdw1nf$ojP)w%`g z_>3-ubD0OoO7S*zGw#_b51FfG(*TdV5L{mb2RJza`nSMUg z=SN^HV%&7b4GuRUmW? z*7})_b=!5OYw<;e)*=VhF&#IRaqltiQ9PA5<>mme&x>c)zr1M}-d*!>m?UEEJeP+` zq7)N{Zp5hvkXKGP591JKR`*KAdKrshL##E7UB=j38B11j1TSmFl`(15Im;l9&k6O8 zAf${bFG5P*amB1oMvO)TS%6ArluO`x5_%JLiXA>;o~`j)k1H`B>Z0S6l)-^JGE7+m zH}TsNijLi7ZO87mfN>-YG_-DAw||bCSUMgvWHF(;oQ)B%X5AACr(C@xHjw*utF_$M<^o>rhO#7=y`1brG zjmj;MITS^hVbN=nD~dUq#4-MNcdf*v-?hxsyu;m75BGNzctv`GQ{6T+s2J2Uos5RL| zgLLTAMZG)nFu@;{T$Nn#Pa#L_;G%gPf)wH&Z8Gim05eip%hIPzJAUh4QBLNfSdMeO z^w3r-^NVJW3%*k=&{BSjX5tB2%0qb4^~XErFV5iQ&^<7YoUS22_ds(hTuY!ov{+LQ zE6rD+29y#ze{ov#m%aL%HGhHqqeYaGmQURirGVccfy`aTpiHrUpj4mEWzAl)xtyHg zXx$sWiVYra+5y7c7dCQ)X9aM8^c5-L_jpi_>o2S zhW$fArMjB$>1NnsXtqC!km@=<;Ix?X?N`wzjPob}P!jV#S6IRgr zNm#44B1}rVs`&GEDAy5LU9i>{|G=qE-1@?C>Gy(m>30Os1`38s+lcZlE zT`4haYX^IGUw{pxDnqwI=;SzDB6k=uB7(4C1*c#6$3UN zk7K-EGpUp)NDYkO*_`ac$#1%Cgztcs9R@vZ*3oYn+kIh#6M{!gMr!k7L_$>3*%NlQ zZn!?u&gx+DP6h-&YWqSDe3#Z}{>J29_5k8+7(IRW(4f0=soMTGbAJ5<-V^FtCsAfy z|Cj4KnBa3wjRHdR-z=XHEv}KV7ILfZQ$OT+He4}6zjc6bHLXQ|0rD*VKum=G zVKst&VLJ5A)Onm^K-07tY5H#j{nH%JWG4N?s>AENsEaTy)Yjq7;7_CU3+wO?$bs*( z$3XtJY;=MCVJfodpCEk%N&Cg0z z5fej*6PehpU|qz%5c)f!BYOe6h;bpbkD|IYv2@k5C=6h!|Ohrgf)h2j`QS-&bFj6*I4~9<~1BOQOHDT{?>B7WoIT`j06(_%B9Jct1f? zpqUH%FU;izOI6q)Jxo=Bt1{3p_46rfwab37|2wv46R}zkOCp5MVfZ+7{{r&jj zJ(7x#dI2I@K#Y+1(<&iNo8*fqA|ks(mnD#AEUC8ljFV2V|56>6TH$~YR>xE_6Qo!y z1ghq_aD4*9M;t|%oT~5mTXL!v_@N1qd=@b$2{nCh zW!J>{S9)ryF{pw*wP&lhri!m}qbZ*-6k{$SZkAPi$4)m2K)7np0IPV5HlMQ+sZVp@ zigK=59O0V95%rwu8-0~e)(N}W95zc0uS>h z>SDk3<3u_fOX!f{2K#i>&C6Q!McuL>CH|RE7%~o&j7DB8{HV;!QI25s6~w8RI$Gyr zRM8Rm*$+*GLWJ3}Lj9tB*|znTetsvY1?@*!3s__RU}$2CaGj?@!VXxWTn`o}`AF&WSvuwyY$6=V9HMusKcg1a-l734 z)1AYwAp2GOU_Xm;=lNE#yb=7#Jt!8%6{zM077XZ`KReWWq+m5zN+qhjykd>aK=WP} zo0m-#=g0^8AET=DJ!|tAGbLi z1ikm1J1*s=Q;<*{dg}`yz)T%5QwL0_*lkLvPF(rP(r~~co*M9E&Tla7@M#g&=bFt+ zQQM4XC*`A3Z|mKvIREGkq8Hq`FcUnRYh~v))>yze;tr1g4zt+s&mt87Z@)`=}E4W6HeAt*Q?``2J$vaQ4az8X@=lO&V3Lh1&gp<6Pg z0`s8(nauXEtwyr1v28$D?G$gwfu-KYzV3m>%b#{$bQ*p;EymWYGr}3A{-d~Gui`Kk z0I_@vN^5lZk2?JOH9w^nG}HgbLEv-oJy4ca-W)1=ZjEu*7QnXj@ABqne~+`eCV};O zo+hkkRQ!ufWLD0B4v}s}2T3;rZ|n$FH=Kz~+9=;ilBqKbsQ3c`1pB0%GnTvz`*H$6 zX(Rx$kyb}oxUza$r430|z~kS&zt(*VfTxcc%kfL#Lq(Pf>xw>XR&dLAsJbm+Ja#2U#EpVxNR-Y#SMx zMB4^e$F4^kfl!^u%p6!}W`0L4IoJdoXr74BogwGjwhU|Aa7^7eBcgmQZw{|M<8hHeNcBd_y4kdF0_YyaJ<`cD0_wc1nEhgsIyvO!6_9X*F3+92;Rh!4aJZ1Snt{)knl zfm8giml`jJI$=ROX9@<}>ToCQw#U4nmPn56SvkwCehOrc+4X8q9|Df2To$;SO#;Si zCB$BL>LuF_;Y%x3dl`1fR6j`7l>ZIiQjirq)j za*YyYU>cU#a_A=K+eAUhlHVNp#XfNyootuivIyYdfHjXn#8Elrf_SOFvDE*y-iNR5 zOTs|F-}g0;#^@43E+~}9RsWnO_;e3Nx3}yX1?m2z@TwCD6cVsN3LCUP#3SP(DCf@R ziYL<%!?Orrb%TGs?`xbNeyPyk+QSz8{T5I`f0c;v7Tq<-qQ5)wF7)TdgQmY(M@{-$ zBw5zk8d)GZBn2J73h^E1xw{6!rgRzTk4_Vyzjr}@{|EZ3BmI3^9nO@a9HnnI z`*)a(r`uYqt8rmowsF^eX@D6VU>vTZ110e zAl=ovlrvAJ6sg|?loVca!nUYhJ+M@dBiBxZ$=~59`tVsNPIm)&K0%6rU48^F*&l9? zmo6Fj-@y(J_~N1VU>-$3Ce~Nv%O2OoGD_LOtv{r5l#<&m(bui}UxKJa$8+!$4ac_% zmuQ!+1jpGNU}2Gv<9CiqQCBwqi?1Y*yYFaj#hp#z7om}Cv(c5ADqH@@5dMQM$^AqYecR5^xJQePw1m+ zGup2ndh>*u^FeHFZL2x!7@7axfVoi_HGPKzb0f@uFpZ#wzK}&N6CtX_D$ZAdSjE(! z564$JI^-~2F4MuWfi7V9K~F%tSLIYX1BB=0?x5pO0N#D$gw41t*-XzFoNGIxm49(i zDgUBcYWAEyJn}pIDd^GExz#gk+N}z@thZA19}*%vi0G@)zRj(`-(=>^L}Ec9N80rRJVRz!AAb z8eP7VxTsSH_kPnFdMD}h$@I_oH}TTeKZDpQW9{clTi^ydL0fonUKI2aJ^uHn>W0%Z zaGwNcYuF@@xuDZu&k*@6r44tl7S`T*3bBhxOz(Oj9@tOprp*`^Vu4mne+W4S2!+so zcAAEtL*PJX98kRFR+svl;2VdV&H5S@KSBG8MI3Bp(5ZTHh9gkOi_PBV->@Sopno>90))V{W zAP0_NlAePW=aI+~8Y#eF?1UUlv|K&WtcK2ux_||HwqAt$L3-7QAh(xBTNcEeYJtSi3``JDk6f00t?94jO&{Rlb+OH5~VK<9kY+(8_mHeyFG z>j(8h>I;4^Q1{A+Vwsd&9UOsK;DLiQP8|CdQju8^(Vhw5!0r>FIrMy68s_|eMr8i~ z1ynoC|FzJ5POIP$0aV4Efy*%5QT2!>nu)4d|EMvrq)1XPYREDX?`N2%n(}PXh&!!b$(jXu&{2 zYlg*T(=fUvqGLlrQK-49vx`c*bstsQks!4L+eD>(0THnO_FZXCseXrdo^)39I383G z-Xb!adQwua6MdUqwOjC~_3s~}&63@mCv2Ht3;W`_m?rARZPNk=&^O?lNL2ObFW80aba|_Fc~*U_DuM)1 z-(Z$Im?&6n76$n}%Y;lSx5lhFyzBv-V~2gQu-;f(&Tk@EOm=VtWF|8QE4Ev^nl&u#aw`Bo$1a%sb&&%&^!TgT^L>qk$ zFx0MpK^q17WncjMb|R9H176m4WkK`p-o` zOJtGf`>!bHZ^eQ%kVsMC*yYpmhR^6=3OjZ_1sqGDfFswf^N9}4Rr`Te>ujSL4RT~9 z9l^)6<$Sg+$6IvuDHJX_jv$U%kkRqunBrHO#fP!@l=0D@U=9o7PzJSb7kU6FCp2{v zyb#%tIZ{NI*8MPzrwPzA^~fJQ?^`sA{TBmyhy^(tkbQ&)6vg9F_hb3pRhst|2eBs=MW*w9(**q_20!WINo;m} zE~|i!FF?pYcD$W&s3!Y>9bd*!cl<&;vg600?~2c|E|X~#;95HLeUqM^0O?>%_)=9?II0WImkGri*xp7Kh zEdDvXD{R>*D=u;bGWI{XltRd|c*x-Bf175(BUI=y`0J4a>lEtW=l>uU)L)@LEDe{o z+GNjBM&|syK{!v!m*kvyO>}+xe6wQEBcPtev$n97$r3i)4lx z!Qw-_W16!o4wd@DHc6;X-vKz@mJFkUjwj^>g9a^jVMztgo@E^t@r)uJJ z+N%D9b}Cd9;k;ZdB4al8on9e82!%M75BKu8ba>nWlo z#@m{S^KoAuH0b)9e}3H}+-z=2_QIa-9@QbYkeMayVIJ=+P!c--&+n$B2>r=bI*@pq zwqb1!1YARm!9JJ8TwsYz3AIvPwZ`@|K5Mlr*!|uq5PoZ#z9%EEfY{djW9c`Y^k%40 zFJ&Q1826K`lgw~t#wI77RMtkrxMtIQ%|yx=0fI+Z1>`qj`9bS4Tylt=u(9gJ{=LM< zCOoR1T)a-O$U^^YJ;ewPMXT~_;dffWUF#@fo4L%in;tSV#z3G4yWjr2RzI^%ROB!W z`fRnx0^|Mar(s$(9W*vfC`fr_DB`idXFmNi^z_kEP*wd^xHJ;j%r&u@C!jJ$4T;(= z)%AHORdm*DM5|u^pw2pA-LICSu#A74m9OppYU}Sg+CaOO^=n+6`W>WDs8A-P=9)Q{ zs25#u;^pZ(mZAZm7WDJ`%6Aj0O+&}_(3enzw8`}Ok0EQZNE#flxWrnWpYXh1ohMOR zBpLb>vQ!f{4H`G|o{HjTZVgdUUWz#dR(iLH5NZ_L<{?o+(Ba=vAj}SdIl3=z+k@g@HkefB@J4D4q*2XOJUZ z!L7GfjKu+xFJp8Aah&(-HDgbPZ}KsNJBXQ{UZB&y0l22<|3JfJ6KPlZPB!;M`pMEQ zC&cS!(WYZDtDk9KHt{>26x1Gm;FZKV~XB}CxRK*zKX8;@G9L^ zTvS3=^|_#(t~%u}=&C6npSY`ry>P;=niuIR_RqdJ`6PVne@+Vz$R`mZFglP3Ig%fg zP_qc-R;|3RG38eyEJ%QykL0g&*!;&Sl{~aTkrCM5sdA&RgV`L4|q;$yntQoBWWxyL(I9;hMj`1g<&tuP5f3qtBnPkMkm26CH;*KWsp}W+9he z-`K#O1`Dlc2o{nMER+LUWJB^KTw^OBZGwfe5SGAlVwd+dwrmNZEF*+5-SF`Mvr^v9 z+jU+sXK2``6wb&$fcXu)*s*M~H^kkxT(e>kUJ31RoxRn zU_|dLp}N50I7CSCP#0J&s$_(Td5*3hJaS5Tyv#aXduS6ZDs&h70WZ=d?+Z>X9 zf>-^()ZcyR*xr1hm&X;Xk=Dbf5ngNJo;={D@un__MM>rS32jwY9pVc~QkO%p;6$sg ztISnF2ixvJo$_m;fy4Py-FH0|(h`~@;1x?Yx8oaH$y8M39BQGNWFeE}G70@IBZ$zI zQj?hq%_p{eX^}Qp9J3qi>K#FSdr2{7T*323{Ugro^Y|f>*sUlHOBd`Uu@B${)zPyu zF}m|bCT948s%$pRoRCI*na_^Kmpr~KlwS8~Lm~*tBkx%BLs(LU#S}BV7oo9bvk;iQ zYP0Q^Oc#842Abe4+WkHDR=bBgf}3SkBI2AU`cI72>ND{HhFkMMFk#6fuv!7Ln3+@o zf$G~olAJVFsPUixnV+kE`)RvcW81_cEh6(*)uL!d*D%^&wOeX(fz$*he0Un__!`7> zw?Pdbta#PwZ6XpPUne?fe%q&C8wA!jEoc?y*8;6pf7xe2;{yROUcK~|hSs1H9WlQt z{n{wdo+LC4>!6NT7A!sx7UR{eCagxCC{xCL7+jdfUzLSdZ_$h>tRp&E3gV@ed>|~w zt3iN;@#$^i&y*qMJ2&7<9g(4@+Zf*tm~JTZNwuICSjH#_JV-(kVegO`r~)}LgIJG{ zvStH9v41_Q<=%YSFrlw9J9yrM&!lb1j&76esF`G^EZBeq$RBEHcWFa}r1-Dg1lu9# zm8XUW`GbnuSy2ZWGAFX&DN2KSwyP)%pM5cg@Zk*W7C(v{PV&?gsTN^)cjlSn_#qEO z{N{n}4CCr_vw=`IxU`K1YWIN9bu{%+e%E5(xt8BIoQhVLe^E;@4*AWi^eDe21nv&v z-8&)0sHj6VyvsX)zVt;L4)5|TL_f#cd6(zl@i+Q050BgjhFDyPR}s*Uc079Yc=GBbzZ0OykS{IjmW#FTU-Z7JW$CIWx( z|CP3Gvo%QQv+b5pw-riS7L7Qyr~wy8Nl(HS-sV$Q!XXyxm*GojTnY|&{9J27f6HTf zLQiB-BIwL!L7*rB019J)xZjB~fo1X_y{<6rmcsh*p_Dg3`DD;4>`RAxxX*u}dOQ+4 zXic#43j0ZMRxuhptvM`?qYkT43io>d`%eFX@N(gP79;-mbNb*Zng2a=NBr;C&!bK2 zeX((1m2PJ8^5A^w@P8PsrG;(NNC#|EWXTBMA1qxGxS|8xM?Ot4R#RY<1o~nB zwzmZbIQ2&|*c~(6L(4CqebznDb7zM|?$hx7yB%ks8Ll2YElzF)3;mUe1DArzm*>#p zs|rAu?1_zRZ{a(xjsz9PpmT_W8>^uH{KywH-Xc%bfXENXzXuy?ZjZ#X5~UOj{AyO_ zOsPy)igKQ2dN@3h!=^?#OCS=%Ba_6zR;&TF{YDvNQV2{8rLkDFXj5Y|L~}5(l;-YT zECvi`aKH*T)YLO&{KA(GZX@#LC;ZY?-<>AkOL1gc#oYjbqXK2>vR^&(u;8K~+HY2g z7H%vm)0MZXD(J6;!<0$UQK~$CK8rdnYMtWW!Ba=G@xvt!!5*p{d7%`ql^W}hpcA&= zxa(nz9(YQH#|J)hgPQE-<7hx-#ar~zw;aW={Fuu?Im5lFL z-+YcNXUYYV3;0a$BuY1T5c zCO4z=!MqtgzaArz+>EX&cWb3Vgj3)$JB833rVLzzG2>yed(y$ro)Y>jOLxCf@zbu@ zg>pp)Fi^(gPTCfnAvWo%HMXaK5Y#glQj9tsP2yim|EuLQbbX0Y7<1EB^dhYj>GR6R z4;nI6w!Flrn?zb|{60Kebms6P#@ zJIr=9sf|~&N$aEww1!&CnpPa6cDfNn0x=8i^f!kS)_+B-qI$YHGL4uoQdJuxMd38x z*<`*i<2zMt2_LpqNw~&Vjgb3};1jS3kJLTc1=KzN#3WkxBxR-mnckw3Z%CQ&*WWA^ zjOd`%G4y$Z=vJowx$~D1{gW+HuBWyBsfVu^{qv#vSW>zMlzN#^>V8!&5WVm#(HZ&DSMJ=4J-zkUMggI6!5S7 zk@RWqqXL&4luq)=e9odz-%6p+fAp~EbL+28f2m`fNuR_$>GN?WiP9%Ed2i8^|BBEjE0~l%>t3fO4f;G40>D-sp-*N|?>_luD;N|4 zR4WW?WOSo{&=tCWHQ_!cGY0=XoGCbh_opy`>?;EZZ_z-h1c{RIxRKcZ0rJL%J`xAER`6wt;Sat#9&tZQfFg#)e%G>t^liz1n4!SF*avl(r>~S?;{P7Z z{TOsIaWe!kg{Lf|;$5*!Uy%(m&Jn4k`ovVnhuv8B&yW^Pk(yv?zzbAmL#s6|Sz!$S z&)#L?7b>T@kB9oJN#t24%y*pg`IB8tg4d`Y-jWMh3LYmwnCs{hhN zNM$w=o8<_;!Ut*pL-d{SKbj*wu{M`MTWpV|5N>DCyV(M+2fbcse2w&m_RpRmz8R7J z!!&I2LiFF?FN=eCP;%VUfWTXHY6Rjwyz@4;`}qJAsxM!OqlRUUz}+6S7y$2!2Y5sS zY!ra?Uswbovs!q2-XpVGe>42D)dPg7$K|hT;c59f^3b@zwOdEvqHOXPC%^1%_RJ>6 z!|QH)#<5nMFYFpjyh|j=NGG&(LsPq%%M_xWf{?JII%X}}CyJ({Fw5O1WC-$gOoTqL zKedAA@{vY0a9x-hjBTj0W(@1|;76&so27!ENUGE$bXBd4Q0GA0C4q~ng*T)w?(}LV zni5{gw=}%rV@miozNIhj{Aw27F#oxh?;Y?phhHy)EppGui}aed(9hNn^@285sWp7b zn7Dv#evcYhJ(aw@TSO`rx!G*AB3D|oCbFZEt-uBcOy++v zpX{gYUuGt|nJL@MlqEg4&XgaEKrt_SP#p7Nvu~4{W#%g|^JSX(QV_NkXzCm$k1)tD zFp@3G4(t%fkLLAVO92 zf_MpbfAk)`q|Z1}gBU_pD`OGC0ngtRUABI+pSh&3Zgv1gu$wVcWJUkmv3f}T(?>`^d zIcLsX-+6EI&O0-|?5b9*8Er*VQK_uxUxsKa_wTf7qqga)wp>?jm)@=y$*n_|$JWOe zp%UqXss#>Z@wI)`#Z}uWPHlCFwzhBhO64s=o^V$y*he5RIjA7OSP`@g(WWfbroYUO zLExzqZ3z4tZ6XAi$$`Mv!#jk)BzK$cH*5&xAzJ9`Vzi4RUn4X!`2!%88fw~$s2_jH zan#>~>tL|8F+mX-F(3==AO@tf(V_jm&{mkDNm*4a6lz92KKLS|5`AH>>BD@)&r{ci zBNFHTZ83tf{Ss`2ZJ@1<1nCd=de0wzARti+&HdqPOMNJn)!F=uS2~oxDv6ZY4>HWW zW;p!wNB*ZZm~-}Ca%LQ{gN^=d9G8<*&EUoq6NjF#|1SCX617t5A7^kNGC2@H7IaH; zMw0hWK(W5Z06}zFK5q)JdHf6JtowpB^}wQWDI*$tqJ~o3t+{43OSN}PC{TEL(YyvD z4Kup{G3!O`NUpfgSQC`*k($_Uz-z%TuuRf$6M+`YnIN^{;v#Hi;CIY>BEvoJjgDzn z`uqh~|89aOwe%0B>f{achXWdqsoas?$;fI=U&g*ImeI1COg;v8?CsWrV-;gkde);# z&$^F#7UciuTK>%w#R{zGby2x!A6+IsA2xryu1L%0JSonZJk$xawS1ms7q_4m(Q)$G zA72`{tu3Fw@v?nRflaEwW(2{U)13k>7T88UAEft$lFwJH28b_%Inyd%!^m3t+TV@G zD&$MB&V8Mc_SW}->qsK@Kw4i5!_yz>*Q#_q0NMK;~G6jL3WMb3ei-7pC@7bk}A~rsm#4kLuPB$BMLV;M0x=M>&I2@`PH?6|CP{> z=qb6Dd^85JxFPuVGd-g1hhWR!h(^wUx`tqSe1UO8u)-;@qam2dGSv`leHBBn9>!Jy zIqWB|bq;gl*F88Nn`0onCm!sDZNOdy!Z}IWf#ZvnO{dMtGua$qvH)DXlKezafj9-l zSl>QM*v5vGFy1(i1DmvQULmLe2Qys@ScC#V6zCXJ$f9Gwjf2IKPi^3K1dChgDI%~? z`p+wX$4fXFQ@MaW2X=x98N#jQM;rZ+UMe^7+FPQq%mA zfvLO*Xwj`qqLzUs=$)bdurIYpOw5n5py0*F80DjxEK*67<6>!{FB~Ol`@+iw3&WLJ zcmoONagq%AG#?dtTi4-$xfyr*LiN7Tb|tkV!~a!@?Jxz2#FfRmKld?nFz2p%APLsr zjx|H`RH@j)Kua0|>#`RKB{mU|Ey4y-ZoQihE3Y@Sfy5w?0mC6=d?9Jv=#6=&wD!;~ z^@eAs7F`j^fOE36)fZmLI{b*n2EN@hF7&~JqkwK4SO|tT=nGlC&}U#$=disi6WCsU zLlZncJYgfi-@T!aWlhQ#n!*gzG782;lFsx|dp>CWS7vF{DLGO8;r8>ApX_Fm)-1lq>!`(h@_I&p;1R z0iVOm8HH{aA^`t5!uaGYK!2-Ro805WoWY#;K8cNwD$+GRe_ZvG#)mC)#)mK7@axhQ zJw&V#L&R$Q_#)j_qr|-v7$v|PgW!zPg86857il%W5yq}jlCj|^AuCq#$3^l607f!Q zSIG32g~o=7?IFZH7!lR=5C0W6Ol(%%Fx9a4haIK>hRLQ63|5r=i^#oQ_F#D!6<$6< zDwnH!Wu)jPp(*LEcuIP(0)0OA$GDL)kvo`^shb;`r%K~EVUCD^^5f9+KWV7gE@!Ct z!l7b!^iZ)%3>9l4HI)iAX+n}Aa#Pc;aDJL}`P zVPccwhG{T8b~+uVU{2Fc=D%=^(dS}pY)pX}9fqB`^^R&H{LQ7GoF8$Ll=>6lwUfA#J^N0bAg_#ssvr^S-!l_(ZD3M6hbVEIG!> zU&vP06va~GamIqDIk=JD;%x*7)bmRn!0m9NY!eFuRzY0su+4}X6Bngguz#34^RUf=AJ)#eSnIhF?nEkM^UvLJ z*dMkxF2Y)By1%PDc|La>@|+(RVeOgV{%&0}G4Az?Yu&G^#J-cVnkB6PWg`eXR#N=D3|Mnf+G@n?z##6FdxcTK^oOl;fR~M16APO zczJ3D!eGvU4@vmFA@1MVe-SF0mBKBBvr@!C{(vu%{3@cYQGX`;z^3T&nPzArY|z)s z?E$(qWgFN?OrK$GVrw_eBRb;=u)z*B5@cKc@wy1j-|+IbG*}8esXmNHF2Su7_%qQjq{qM8?Ey!b}W2ftptzONHDLSL3YgyoY>c^ zT2$e1ub#3>xp*E?#%z@&Rd__^cxcfc7$1Z6iRa?kVt9T${_H$5{?zd5A2~lVBL$Vh z#h->?;Lj?Cz#j>LKQ(x-#2iOHV`B|MYbOt6!NDA-(P@caxMPS$AAZID`=`(k`?c{D z)dMLHTNjXGz5UJ34n_*U{%G#TfPm548Xy?GYDVD=FC`eg;Q+xX_8C|{)SY=TaGpSL z;?A)E;fVs6mPZ6dob>`H5b%R5r*H~nly8ucdtCrvh8LK?Ycsq^&G8@4=UeM~GkeDjpRMFqT?YrN z8ULl2*SSKHJeU)CpOnTGDVD;M&z4AWa_EBMpOgMbGQ%k|s_0F5be}o~6>y7m+XiNCA#eu4~9gYH>(;uVF08Xb&ZfO&6nr=kt4UT|J72 zI~Nc{d$aMpRNL(4Jh}qTVZMum?dgp=gTeNsLmC$?E3Y^%*sVkX zOtT6hp+?LkEl=J~fSt^B?f^c;o!=T14`k3UJ}2*)q3IWEl}KnUuKW*n$||hw6!~O2 z>mVQVk(7<#@u=NJ&b+0mE&et9lLL>-RSF~*9*X!Nn^eGc!EwQteJq^?WR>|e9%_DsQ%RBn8*rhqMpeM}QpZqQ%e;Ogr2DH^bMpK~y|7z#~eG4q)i94JTU~=oq^8d6p zdN_9ku%=9Ii6^nnEA?2UlTht}6me9f90 zullKlWyTlQmxVoz!gwU+PWZ(QdruCP+0if@eY3((#pxTB)PIh@myofiV!UKEtziYu zb%c%@ub;k-)*h{XI+HBoy!pt|1n?1ZCDL@G+ z5A;kZ#u3p>ho|8nJX_GY@b}bbHUEI7nND_|NyRgZisuNvf~R23RMrPmPytW>NJGd! zVxb4m6k(6N&9Rl6z0>04*LqDK^kh%Y_>D{d{IKjl`uegq>LFzWp+RF9%a=I`=5c?7 zcyFspD$1scU~1)D==UTrTi!16;FEFVZk;;YJ?0Jlfg7<|YwRh0{C^lQBb`0W-g9xz+M{LzJfE2s(DixWw=x$xuFxm0cxc%lGEy1-=#$J!fyJPU!1fROG* zko42d$i%{6&aqNgH;DbhM%bB~vFu!&-ubNPx$|zK2&`66imNSSvPHSc`Cn!Zh6JEr3xDc^5 zyXgO^%7PW@E%qmvbFHN8jZt7X`PX>7HzIwOOgQ1hnjg!=<_B{!oJ{PMlZh`*rYmEa z*xq2yS2gS&YhpJfQyOaGi=7GUvSCO5I?c!*;By z#@L4QME((lr9#b5ujj$KW&4_VvMT1M7DLQWC4^d*fPLVYpQa$7ThB2FP3Qy7NM@b? zxz>_-%mjpqUjK&V=xdboTnMoyKsz87DXW6=Dgckc*@uq_uSV*AMmaB8wfR3{`l|&T zECu^QA7Sn0O#+FR`6T34$?xm(`-c2VJl4wCG8oriQ%^9Bdr-Ma&8>t(9O^jRaNo3~=53{H=q~4nQ^)5k9)VOE`tRYoTnX^I>!nm>P|4 zW@jV4aGf&N{ldMDRmKjPoTDO^X+6v{muQLloOyyH`W26$AZPIeus}nAprC}s2i8cY z#Y&izl{9?Ln!*|Y;pv!8m7<#-blL2@kFr#WbuaeO7hcNt__A^7*hd3V7=R~JOzQkB z+#Un;U0Of~Yi2;V*@AJAUOU-MZ@3q1!SFm+HVC_$fBjT z2$_~`Aoa=`uO?g_)A7I+9&zASs(};a^kpA3=AUp92PA%gIv>cV?12;f^oD)Cfq?Bs z?!WbVdj6#um`fA0wdljx@43NgY}C$Ey@Da=*`>J9#YEAV)FC9tkg+Q&`9K)EcU9QhT=Ljg*W zmTc8w#Q>x<0DxozNCoUal(kLlP7zJM)BRM+KJ$nE?G1hF4gFw--hs@rQ9Lhn&<_oU zS4t>cFUK0AY_P`Bqve0aUN!c%mW892l=VcP<#^|Y3X_ckBgJH1ZPz5IsPB+LQ;L#E zvY1FSRR{)5L#Q1x2iwXNRY(c4z*B&Ekd`qGx1n~p4Sk0T1@DKLIU2&T>uEpbfqp2n zo=Z^Dk!L-9kjkF*V8ULPf@WdD?$R(vKB6>C%+UE22e!mp@amZbP_PiPuT6Y!W5H|I zX%fH%1Rj*(;MqWP6KD<%WpTz*{cX8~u=YtBuv&<2PLXE5Ma4@@B+|;54dHPrF4Tc( z<4Y)XCg@CNttwVFKI#KdgQMvf3RsjgC0NBF6Nw^P!}U;uXH5_0^pvWg!cHs{6}C{+ ztzA|Uy=kZhM~SQ`#iL3gcC=N4H@(T`vW!yhU9i<)<7C)BtTl9Kk%ELHhnEuHyx~GE9L%{_3WBz_gm~82%PiZ(2Wu9}fUa1@o?!p8q=H%+ULT6ROy_C;F0@c07{&ga+Z*{opB_iwN(ESs&B^eme%DEq6ZYR7a*TkE7P za;N1B(yrHOD<$nyPTGJwEnkp!3DO>wQ5JrXGcN;6vKLlF2)9`YsA2_FSr0FctS2A* zTKroV>-jHUp-iK&YB(`JCCVk}YfSkbqnzM^)`C+)hT;jB46P#{^0^?L?4Ic6#blq8 zLf{sLvzdm-n(l}WeG6M;-Jj!*G1$3O;V`9iEfSF;>KKAoa)kNL8>7f~ED1qr5`tCh zbQ}<-s}u^<`y=rl)$gmM9iTM4li4k2JhcM}v8fCp_aM~roobe*yzkd={KdY`_Q%;L zPSx#}{W;~69ol0;>w-I7CJHy?ec^O(@cRKq#X+ziH|ThB_c4L0O0={~F;~bEOHu4~7!ch4@Egkd^E9nL{>bI6{_IW0{7u*f zI6j>BJ*+zwgta_fRS$a~f3fcHK`ZsZOBp7`ty|1FE?s?iMQ2hDpIt+x4Q zJnyYsh>FNEA0pwQ6!J2ZVzQJrCWvuP8Sy5FJf{qT9Ay-!G7420acsA{l;N=5KAP<+ z{(T5;DB!(suqVNskE=9)tY8QEN8bAeU%9o@&ZGn@v$eoriNIOoat(3H9J81)UTJZlj_+s;aqzCV7K0tnf58HJ7!_UHuzH6KK!cx3bMGP<=R9Gn?4)Z`r?zxKZF7El}E5r`$563QCRMm!md`6YR)?M-@I`qS& z*0;Bjev~i){VbF@npgM93q3ZAZFWdVS@D87KB-Yz@L++PSSaetht_E!O+pJr*=9jR zN)}{F=a&Qo){m1L1ap#|VoK>9KT#R-u)z-N|MXWOF{&d>SrSo}B^9cY6fHfzTuNH= zH-Z4iV2T|N`@0+^=65Ivgrw%O!JOYQA^lq^I@3`S{~8T1Bq!fsf4afWz?KJdZjh2C zIY}s%oNq{eo}HY{3+9~XE}sJ)%fL5eNVGFdmkf!q@{8h<^9{-0TcF!tDaqe^+136) zTn4@&!xP9*#Sa}2LocJ^xFZmQoXn+&VJXb{iWvU#bm#IZ2rbH{jOAPa0EVw*=%S2O zcqe64Nr)M|gpgx89YMo<1)5T9$|%(DHf0pyos==1@t}-S3ClAA2uT^s`R<~Or(Pmj z$o_P8##ug#y5!6HMK1ctz-AkLJ`yun?-%_~^l`S-+nzp>=|!Wkn&@*R`uO}sHlM|` zqmMNePDupbk?3QYl++P@+=YT%^l=vx9+p0G?F@=Oa;47%cmT+v5gclm62JNnpN zt{bH2WA_V$ft24NeY|KVSM>2BliTg@kUq+gp+owB{*5_5G*Z#O|6`OFbLJZSzPnNJ z7c|tZMA|IV*1uCoZi;9snMou_!SXl>GARvx+@3h+)kDP%n8q)0++IYdZ0iSpe=C$m=($fAF<{c-yD3aT`={7Aae zp${gsUcNa-ALP}9IB}7KL0%n2$hCrrc5U`bP%tM&>Qppxj2YZiXziUB$LjX})fxE? z2eJyuI~+)R{9a}wg5TpHoCU&l^>wCi$Y9{uET8H;w9lqL_e+v5K59e)aHxrY2o455{dw${1ZZ_sM zpj3ZIK5615hf$|k?2ISgKTxsJ>L2+M2fvh|Yw+1g8taJrL;~Wz81r;Gd+;;SNKUe{ z5Hi0#=p!UvP3Sr3?3oEe9y`j3)w!5HO_w~efnWa|2mW-ber&rV;9THc*LdY006o0FpC5Y>bnoHc6d*9hyz?gPyI6rb5x-tzOcQ2=Fd-|4 zS<*PC$)@%Q3(YcvIfJEzL=z7!U9&u*Dju*}=-eUxUzkl!EZ|Z_CIN*-VY&pLg7Sko zd;ZMs!6mqN*^8(?G+tbS$EQdcxW9eCt%$bXRYmzi6X6<d8dP}pko56k-w?P5c)-(J zXZ0BNojQ@L@e(v&C?JlTqWA;ag_3vkG07 zP(i*ol<$xSQWc_vRFYpX=kF`+5*Fo42`N$nJc@eXiwNsslt5@3L4Pw9DDKyu_4ZXGUrP-=cDGX(QmhW(; z*kP^0BNT2f$ph@EbnWs~&dxZ&x~PE7vzO|{zsq<9A0WRQCShgFS*>sX!1enC_y(!< z`$sq-#{EpdSFYa^eYt)wAsMm6t78-N`aG9rNIljJo&&`t;#8SbE0GR&(?aG6->3NP zqeXmcg;TkSbuzVPMptW)sJL-rEmWsbU#1A`fiiL`$}oRA{G|RNqvTc2D8rs z*1>u25~)nxc=uT;`4jxETj<{D(VOT{3w=^Usv(hqll&oHo#hWrsB7|vCf79|oo6Nt zDYtNf6f>lB;GGGQ;QV{i1`U@lfV6655_ah8*b%I}z@Zo`YNhEUJL#NS?ufQs=+}$j zff|6?7p|;F01=gkm+Z~P{O#02LH!T_v$@O*UpB0CZ{|w(*l@4J4%SOgqjb@AT2(j~ zTZZmMlCOB!AFB>!fc_I~ImRgeGpNK)4zGiJwjNIM;i!n#aAg4_FpgKD)3*2UytA^v zpRJ2G#tj`)26L`?+8#On3$AL z)*N6-j)sD108=72z_}u|Gj;Y0e39D2oRd+X*}5%ndkxKz)zT3L1fT1_+s@dq1b_vfSm%ffW(&r zTuMVcRSH`7gcJmcXT8vohB$m1qOJcF1Fj(~j_Hazt)%KxUGj*_Q?|AVVTtTX2 zmlfAGJpGvukI2&{Ta2fl7Kt-4j1YZ|Mr2g_*ZvgpbV3-$yFPnWR0hZknmu>f+Vf zwOeWb!mIOmUOL%$?30UEgToTnT!QcV-xFG=2(Py72QHo+yj#PE{_}fsTr7LZRYwgR zt0y=V8Ax!3Fc9k=gf7-$_4KnAn{7lJc6RL7YHP}BfA_yhV8MMLglW*PBKUFIkNqR% z>bmU76k?EVR?%y`+`1gSM=q+wA!JvoUw7FH0YlnMAz1=Gyd+CLFG!atnUZZY7Tn3V z(4tBSmQcY6=KSn2Au)IdQvneYQs zavl^E?TY=*GM1N$y@*W1zXsw33L92!J^35@S2V0=L?k!S%wBKIQ(r+--XWW@0Y>k9 z@eQsqhivsGR-3I`ah3b56xpQsUE`UYrof5--$cg19~|1(pGRXJd;055kim%OHILY| zmBmRVeu|Z!J)+^Li&F)*Vg4zkEC=6-hU$Ri%|F1VqOmC!^w*tZ-T2b5ug!K{$`{MopF5vwb=f|#Mq~aY z*6D~2wKbYEXIiJ*&Y#ZbIZs5EE-V8!2{B>+#QBqt^Ct|CYZKo+EjYaHmDd!*W|=@L zHGisoM6juo`O}Kqh)wqV3C;>EmYePVZ{|Gbrd-l=1%ojTB9Yf&aRN)0<0mQ6R}RZz|; zztUzV>-ncWwz2uAY}G+g^~@Y6Ep)w9GtuYy1T{!7 z`7krlYg{@@^FZh+WF^3z4sqt$7K#G4T+)N4^-5+N<}O8uP$^DkIAfK$GHTtyOT=6 zcgJY{2F$`#^nAhmMMN-2BEp(G{%HSF{;#lKh{}QulODD@EaxKw;RGf1uD?EF@rKDvE3XR>U?_&=YP~or79a2%~5G6ck=f@J!|u6lO^G6jaSV32SOJ zr08fHa8@iPIB^CIEU*slD*ZeL*%i|@WZ__voHX3gZwjqfy=~|@YK9-67&F6Tt zmIR7-#5}NiOTAbVXyg6b?bk$F+~fVg2vv$lm0~hz*ggJX<62}jU*P*RUZ-VigE?7F zT6V%o%NL|QRi|aEf;mY}S~k{6%NL|QaIs8O+G~W!|nA`Y_aKoB6u10o|KVoATN_u z;Xew{x`O7+Hh#x!22kLP`Cl{XPc;_|LMHgXJs^FDxnT5^&ddcv@Wt9Qh3a!h<^nET z;rvTg5X=RKhG=sEw#3F3l!os?H0_^jP*8^!12?m1&pz76z+zxMFL=Gp`XfSXFgP>z z@8OsF{)3FVpFbh|xOBKmn8~dHxuiW?>sLFVbFpnr_CLq$-*i+sTKmAf=NbMji9rX6F02;%|j9|(w7Q=w;FKu*S7-;#6R*;B7 zjuhR9QIhqgPUL5$G_-R|u3LUq4dD4Ft2&tTM-~yCoH>6-@^jJ+9RCg`{_sRZb6v(< z$j|3DDf#K1?oxhAYd488SF*(>{%6mLlb@GTYvuCt|IZWu#rL!09ocZ-fSTpV&!3&^ z$j>5-j`hxHm;7{hQlYy$rlW52EG4~6Oz8##>+rK@$M;{?PV6b9daO;Vc*TAgXb=Fp zZAKL(K{ykX1hP^7QAvmbH>jWfHNs9}P~&Z@J8#iFjsQ5v!c_tC#+y$!L$v zGk)^=6;6lYA{ORfTy2W2Ume1l{dGGTkqLYnlLTT1+*kDF{t@9T^=JVBL; zx;5r}$z9Hh=M67jst$-DRvyhVB=pQYbdl#9O*!IXq@!NASq$X^;D_P-v%pV{TANk9 z*c_|P`rea#~M>Qx&{AdRS-0$r)OOR8Q<0g zXZZbywiXI(j^{_A<)vsb%2;ne=hsV>xBxtZJRM< zl?mf84!Kgo$lm)IKe;->`rcU!2>y2KdlMlwNJ(ma@6|J0Lg>~@Tx{ZYQI>p3KrDi#0T)76S2mF_^d7b`MVHvE&UgSAnUC289h|LoX(fQ_-Q-O_{#;vOIv$U^NefNNlP6l zFNmW4lIffenn$cG+sC1x{|%u|{~HNmKPF_UxD+C^x;*L3KmN;jS^vWd-)0PiV}s!O zpW&?fk<;TVm|CHkMlF>Q;Fi6Zgy#9X;>8AtzzmK#;bxO{pePNB_ z^wQh14Fm#=^)$rj6C$|9oYm**BRsw82v4s%!qXp?BRsv~dG$!+@Fz~H_M$3ZB%|89 zb`K8^I#nMYB=iN5 zsZ8A{G)on!J}4v?L5Lv&X4lM`4Lr_=CPJsM5Z%zww= z3-rImlH~9wt-eUGL;u@v%(tXI7&$@N>iPlav;y~;t1#(Wy-=$x2N2B_&Uc94LMk!c zrJbje8^7zi0ly!7LgBY$wDJ2dfg|GgJy&&t-#B3z4OBoA{N5%vd1z>sZ6J_=-{^H? zUp0;bX6J)~p|%>U!s4fYScn{c&h2q(t!J`AQKDmq*eTXcLD3O}IZ)I@$Uma!bUYJ9 zUzy8p%ft_e?ku2uO72JXl@q_w=?;RL)^``U5Y*j`4muWUvi5=}xN&sWxp6pJF@^f6D`8r zF)lK{U}zi&|85`m7C%3pqShw^qWow_CD1n~1(ipbA3wN^+!@Ob%o~1yQ&w1~l@Q{G3zOp${t!2VP?O{H=h&3j z(d4+>c=VP+1;^r`TrQB9;+)6zWV#Ki7DWcmM7(&!d_ly@naJnjiNz%EOp&bTmJ%fYSZb=f{t!$+{d})XDt#+edUWcuGjS z`LP$H^;4=f;cg#1>4>#T|Luym6IE>`WCJKp%}?F>2LNO19}10*&i*(e5&Zd^WpP-d z=9#_kv9ZKN4?8@6d8bdKO54fi0AUKs8YKLA*h|FlIQKp9=Q!h|%Hw9kj#uf5B9~XG zOaF=y{fb{GqUS;qIc-}zgDf!V_^5*6|YBSCvL872b^_S8+tlZB!M58e#iNbO>2ew#~F`yFqXM@$BiZ3xjCq$ zaX7d1AJ@q+9@lmlZ+)TtFt+amnY6;ewr-hXFgX5yF&GR)Q-V2nm$Dx;7_9txX9k1& z@x>}bmkwtz$WjHtV6gbt7Xc3K36xshL;JuoFA?+T z>;u1Yiix)mOmxb~2UQ*3K5(Lx(Sd!SFA9m-2fis0EX15Y9Yyj_=KOrYeESPirKOq@ z%-Q6mrBdjmL=kgt0zL2 zZd>WY>f@3OVq?5j;3lpjvK@;0^L)=8-02M5#`jkl= zc*?3m36;F)OoqwS!ozlAYLSnSf8@1nGZo@VGl-WzqpV`hfRv*Y2X&nypZ4@~uzYBcO%b%Y8ht^@om*hFl!gVBR7fN_FfDqTg&{ zWUvKd@eTQ`+Hts@GVb|jK{I4xzXz2}l;N`HpXb~~XdTwRa%eR9PY3oDHP{MUM8CO` zD_qcT+|W~k(H(O{lu^c!m#-fU1%QDY8@hh>aoH zce2kN*hg;C<;#?5Lm!8wd#qWfcY+)pbPrwxMVGfH(Qnh+k*MgeN3;G|y zLBBIQ-wX9StK|E1geVpZb69L+nOsj`wep;w#xeu){CEIl&*j(BVbu+9Vl^yA-`MqD zaWe`ERE3Z<(Wu~Nn?Til@^W&5QLzh8CTdvDFp_-MNtlvewodI2W}NZL1I$^OYP=F+ zE?j2E9iRX>Cj9mgU~=`c4Bp21O{ffBJ<6yRezR6OF`q;43*TSQAp2co{&+ml=~)bk z9($6?|bkUr)f@h`9V0tSJ*L5SYYev%XEtpgD8&MS?1m6B7^~`qHMg0xYRzG^saPv^RYev{2jh>xVbh1=* zy;NkNqJCGYieUeUznQA#N>sJda}-szrwwcu;@;!?$PjsvEa+e=?x(IcBD0Ad;ogB~ z0h;iDG6W8O_~@Q>2gNR|I)%PSe~%YFTH_-F`{Wv_U5SP1=$}7wU8+BEs~wevC~t6G zx<7Fnq7s?PgDAK*Dm+vuiap)%pZ_)LCT(UCOd5HCW>59!z2RH2zOWE{AHyy#u6oZi z(**!BBtX);k<{vsWI~wLh?j?2`=K5W(F8dG?tcTzhfG{cZlBXznT3}aSF|^|Dl$HR!Sb!$!_CH2Bh7>$)GCwF*&o!%&sf$ zrt~Mau9_*sj}kz#b#$I+G2#1U5{60QSbN`SkK;jr$%Kl{>#z#~xq>+--)2ig=9N`t zDMZZ>zrKW613}n=?Y&Y>(~XbpozdsARM|ZE+vCmyUr>i7TfNiuEiTdl=@ITqg7LONfuGc9}A_>ABGc}lVj-*UBLnkBMl}JY+05EEi zqNxrSY6`aV3fxE(_3?BCjv~+h;PCmvefNc@WQr$--*aAnSj}k?8Pq|@Vac1P_aR`9U)F?I4 z$yi@#xCMSZ@YBPg5SDc*C%)SZ+26hsFE+VyfhWKYa$N-^nuj)L*BOy-5y!q1NMF=? z7&@acXo-w9$@n9ZF({Z`mRE%Pj~pAGFfzrL{i*cpa=Bduu$N#eIG;K#*OB zEt-CwnQ=Lc%DB48>HfqK4FfPzL@xH3)JtRnGnkete8WnrjAt9ubux~CVjH87lKWQ{ zXvWcmFTywykW?O0nFn>+jDsmyrBsC~o29IUa>@l6M~b9>S?%izy)4JS^W^0;9WPCd zF^+shV|_<+j+dZxv2eRmX>j&7(-<$DLzS(UIKerRt$C6`DM`?z9mXN&f8YXO@`U#L z6W{I&?y(7dZpS@#Pdyy>czJ~89@U@zT94S(tbvf zCLdMIQfX?oilJ1#&?aMHJ;x>T3ml>Xv$r?9b_Nz7>V#a^+D!ECea=(%S8L6DH!MCf zL+ibelNgAlQpyEaDHeG}tv7K;Fz5A~38b^xhXDGJYxKeC0c4S%Fe)nD5*E2!9>F5V zQFmFzvcNZ{i=K~ejzRrAdIUXXIo3Zs-$+Is-Fsb`OYa9NGsd0Pp zZsLTD=Rr2E$u$+IG%I@mG0UD^Q#VU%xcOV{H5j*lPnKZR{jy{+>5Vuc8$qCIIoh94 zG8A^qdOVnCMb+?t|6o?vbtr-!rI5oUxx;Z+1X?q~U~$iOsQNmh(YzN#T2!N2brrMiLnMpO#WSa(*XY9H^znk@Ay zY}_R1f(n6=`9)^rz46(81OZ$XZbT!;-G+{CZ@z z=Z9wYI%A$}I0#9+86I$F*I6})Jsj9aBr)6+7EO)eK(^daY@FZ*_0vk*UWgAiv06*oA13j z>doFf=X&6i4;yl`xA>v60i~d5_=l{OOX&u`eMKbcbQ}Ozd6klWXD!bmI)$?= zrzW}@!WjD``I z?>i)TI$Vjpq3w;motQOTYMdeko&oDhGcv^F3obo_O=F|fO;4JXgaq7N*gq@x zyLEw*9%Dl9zXsw+XuKRxxxr8Ca|12aCEZ^msWhHHCiH1;a8DDiIILGmDG(Y5s-(?I z|3-!;qhbh_!(PLGG-r#kC;)p`?sppkCEbvHZsRCb4$A(%y5tztaxzM2JX;lm(p%~! zq0xAPO4y8qO_H!X6L!T(@q#`LJeJuXx$#FFHJNBE_$A&TUqrs0iyF~W-1zp;26S(a zKXUd3s(t?K24nsiNUA0o{cDB=t4!nc8Gxoba58IyQu zOlVhb*=GsgL&+&Sl<+a|uKefdAz$ilF5nXcE)}xZTF`>1&W%a6(W~roND1e+>wzrkR+Pyt;%Xaf| zOr#8aG2!yaz!9qnXWZ==I<%U@lp8#BOz|)9+oL!izrBmcj){z}&kZ*JYNiM6LwhTb zs`!F2kzgUvB)6>j`VSKlW@g|$0UQqRKfwAjvp?Sxrs-q5(*6aIK8OtN zg1e&SNey!WO=MBhQ|X$UJgLf5_wu!rpg1pbz}!nO0+Y|jfp}&FcOFLu+>QwA>9Z+G zO^8vCON=T`*S<_#_=Nd!p;P9A$F?bR9wMwOb(y|UVY-_GcUE4iQ{FFowJFbs2rH50 z1=n_AJH0n;MsS2;)1{fK3+%4{%iE^dw-I6e>8zj9^+8hR%}$vmXSOMG3L>mu=rX-G z!G3k5W-4g*Wsx|anPc=s+x|zT|A%iVWfY_i6$=Ql8U01j*#fC`eM3*2r9@#hQasDr zqRA=JugF9jRsk^`15NsAG`Ry2;7`^)XDV=cZ-Pn~-!(bkY3Dhj-CNrwtg*HtG+}96 zujAL~_?LA2pY{6+{k}|x4@x}jOPj4qd4zFgGxcZZ#hNaU@CMs#-Hb;}Q$P8BC}z@w z-g<3Rg7x)zUqK#&A?yKFeSYbf#C zbyKMIr8bzhaX_!X$M*kz3q=C!cQpRAJO47=yR_FVP|Sc^5X9tL@Zed-{1=dKdXI0g0VI{d1R zo^!?{t#wg{b)2yVa}xAWPVXJrwt|=+G#A2dMI5 zHOG@5=Q}W1ym_$>jKfo3!l1yCs1goXa@(zV)hiT{*Aa{PnwSD{SU@q{c4jZQ%8OJwnV{9qHOgLpP00i%LRDyY_D=edVl|-Y5^rMitjBg z(56kCZ^0H^t6PAcG0D<8rv*CZ$L+Be=%_DLl(ZlXOu=qJy8Vn6&X5Z(V#38Uz=!)e269OpHuL3?s=o1JULY(q?Cf25xo$ zq+9W2O$O&PJ0IEb;Hh^eCw1+6bI*1zhYnp4l@LOp~58aZb{EC(=XBbI-=_It| z`KRKLWxiD6MwZF#TQbJgl4`qlfT+fPMjchGBi52LR7(O?3MRGuid1zBBgsS9k__Dv zjSttzxO_nR%dTcGmotEw$2!kU0w3?s?E zKM`$Nxgc`tzp84FdVTUG;_5iHCDG^WqahtUrCy$ifw%`Dr;mK?PzJnWs^WfhP)I@rgRHh{DJK zQx`}sz)#f(b%B}sQ;q&q8~e2RM^#sy{#1`Jh0l=zztYXH^rt3-su}1v(7X>vFJGY? z?R{`rfNEewZXkRWR*C(gwae_DQ_Hdk5B3;~H#T+|_MI{v0t10CECFO;ddk1!rA<(= ze{7h`3d4gQtpjOAk`LVi6#JlwCC6uGBFzDw9O11AYNxR!d6XtENw0G_Dl2c z{Lu`3Z65f9cIn_3UDQ%jXP!n^7QW}pF&u`G-gba^0{Aa)&F7D$# z>_N33O3wzPK%D;~r3m%pqm)BqSqiMp;suo&ZFm@_BN~qxVSPCW#8J)|kiQ^s*#_eC z`YPadf@PdST4-niEhN#ntM$WrWKbmV2i$N55?HQDKtvQsKtfzSTP^WmWD;V5OG0oW zgpMX44jJU`4=WApq{qB5pC2Zg>^}Ksf-KJs!ZSqm!lt&0UxmX z1As-1K_oc|oCQmQSpWUfJ@jd@Lha_(nxStRuVK72H+ZnGG4IbXxtozYzjWh3U$Qm! z#A~BLW!3Nmu~7jRtOr+eozZTwDm=>h$)V)AV{j^@QBJbqt5K1QLtM&63?6*T?a`7R zfzqU69HEJijG9qwRGfm(h`o#R3#0rId}%Ncg}mKL&Sjz-?0ct(?WJlr*4pH4{@RWP-H)p+7Fd@ z0AqNTeE}0lM>b_W z)%Pp$55tL)6~D)fg6pl-%z(wEOf%g3xmF-cc);%^PzsRoN|x-#d=mY_9QVA&-o!KF z@@rS1NMhRFV^~r#CFPIF#XX1->^P2`)=#-=3`>s9RRf6edkJ|eCuH1)EGZ=?cvoZi zZn^!2yY9B_w<$(>REizYwB3ckr`{k4Y@M{v!C!l8S@}+*A_ZA^m&GHse_i(A_#VV_h$DsD&EHDskvpp6$E_? zFS&u=0z>IPV^sW=dG$crSYVxo+v(VPlMMpy`kgR{!4! zVD=8WupMB4E=bq=E+z-e+<<}pdhu~T9W-s5i_!-!9F-u>4ZJI*+Pev-g2?)iHR;Un z!Qac36AGxYblB#%JZO>i>D3r!tlxt3+yVHq%ry2Avd>P#`Sqc32e6?Si9Ug}H^a%n zZ8OQMFUi2q?2Oc5J9%*JyTiW2ZAMh(SOm}FDaD$N*gx)>@dGy`V*%A&fnb_^-#MD) zV`ZN?%rvdZF#odo$D|oEiN8D&41KK|AprwO+GXUNeU?awo2?kEuzpt6!3ZVrDJi z6zKypd?P~xqYC{LTf2Yq+@4c0+>dNW7u34XSP}hzBLtPHCVe&WV?=RZO zcG2E;$Y#qYBHbGf(ut#T$4IB$+e3ZgCU?BMKA?&V>jfwU46$0jxY1XJ)1jLuU z)hUPr|LUOIx267c5Odh8Fs!!tX?UEtMH>|SD~hBULq2KW3@vdF{;`8*>@j|NGpzBd zuB*j75ii{}5BtX#9n@9&ztr{Fuccpm-)P@2UDx1`JE*JI|4^3?)JKhjdm}{SfU-D( z;D%73=3%{htQ%Nu)e>7>iC0goCshYVcHV*IpLNiIadCCoWw))fOd)bxZO_Nhj=nx*<#+b!;Iu*OtYSO z8grpY@60lafnFK3XQW^p5>{V8O6DetPhgyX0rrmE)kJbCbfgdZZC4|dN%oA_E&~6x z*8IMy)jE!y!h!hkAN_P_f^~Ts`Vndp{bE^Pv_~f5SE3bB8V6E1D@o<_8+yU)jCAYx zeOyDZ*FPw2Fb~8B$e)Ij_P00sxSZr@|B0%}@2eC7W&3Eyp#8^Uh{>;n;k(j(;Za#I zh2g}nu_%2kj8j)-QvYf-%JXSC0x~XVUzI6O-T9_Zg;0*;-tYSgcc)+y8^&91 z*+|Y}jS4OdLg~g#wqgbzec|JL;a|Z)6JA^OF%?U+f_Fd z-uRyy6_+A`H{8>^DK~}q5X`w?B+VGTFk4LBF&t)-K8=PC=8wpLM7&yO^aj37tp3_G z&Qzv+tK=rZ`gfiHMPk0OoS+FA!JK{BEJu05@ov}@Yimzh;q+h+sS!jS3yNM zWHW6R^_y0Fe;)8x-}~T+SeZ%knJ%`PDwHG-HTFXt9$+<5`oHShVyz-DF{`g;2(hP- z6y`STDwXgyosfkwVXY*D!IKk{OzUiwYK%^$YEr9QIzk;y{};(ymA=GSncbuhF)*;nLUVB^B2*n z2Tk69xp^e{FW11DSotwhDQjXB=EMPHEr90%vCaXi4Qs^020NbUkA3elJG3QLqCsOL zmvj?ucgY`Jwxr7+rY%WKio0mhV)+eIQK({cMaR+@SOZX;J;OGbefuwEFk_)H=D;Ex z&H(-?1r3na4Z3f=wl*99xP&@kSxy$ZrN+*3C5#Luu0}b6!kX7mX*m_6X87iJ~|U!!`_iVKi1A6@$y zrav>1&8k2DN&Uh6Xdd{|jP(BqM($*DZA%v#lg%Mtb5G2SF0O<~mH4%}twn#w{v9~& zOaN%BjDIgbmj8%a2mWm)Zb32NW^k82h?2H2RjC>2b(c^pX2>9YSxidK6Ww(O=D!mN zX^s%@z?kFBUOUsXF{x`0Gjew#zMm}L8(L_5 z&)z!g#9`HRp?zBjM`I=SzoAAzW`{4d#p=_8oRk%lJ(uEZUw1fFI;7`4y63Mzh}qd_Xkjo8MZmv*p(2^-g<8@m`qcG>uLin$IRRZ zo{&^>5&0*~%1OoW38D1`Ced?B1`|W`)q-Ytz&~y;2E>NH!vF#)bJ*s_^Ke%Zj84M< z+iB!3a7-tFv(!ov9YIhbPy}ekf`De3Fx$?#h~tw^{L6yVKa?>@L!biqCmp`6#eKeo z8LGA9Wwk@dE;@=+#oE?ZB}@3B9Rh#r;*@w$ZQbn#74FZ%__*}NwvT{X8rJ~fJ;)#1 zLovEiP-ST~1A6EZK7infftK{*RKT#9yG1A)`3J8w>dy#hhcR0#g%@>P*47yl;Z$?t zcWVPB-No?Icz$S0aCd#+ARM2?{?d3#Xj|~pCi*3J7h_LjpWyE1z`-WGvgokN>_VsA{mk8!+ymA3H{`}ax1gqWmBx?OL`=BxZ zWAw`2S<|EBLhP7fce?-r>@WY&^;C8}DE{I6;C~s6?|$G z&+AHXhY$l?jf8bpBSOI(MJbBEJVVhNcfTCDL?N~TQ2Ju)5Xr?Cj#eY^W2@`@Taf{dh)I0_ z%=BXZ##2n^IZv~5D*Vg+t{Q}*HVMFye=XdE;mF@yU6LZ31fq@S(9<}$8-Dx;K`*aS zvur#8shs@*&7d3E8$iP$)-8SQA0ad8=1{S@ zZ}F8DcG1lWC=E)k5>c7GX|@;ot1<5vEG--*AWY@13V2lGP2lf?cl!KHBpC(naV%Z6 zg9hFz`}YI}F;&Al`~V!36!Cz(A~LWq?vJlC<`FCX*&i7TxKYlBou2;C`~D&8ylY!7 z^$&i3d?cxtFMHRFks`jyW+B%hOK>>~k0yfy+=uUDQht@)Ckj6gBtI`-g?L0_unzc( zPK$vNq z;_wG>f+LL^|A7Q*5QPjh|M6pgT5u(^1K|om5;(XaaHx053~VF;6T`698}sKVoS)JM z+bh5CQF5gjxf1N~!x@<5)lo|g9aK^=GQ9V8jAZ3FU?((Mg7#gC+QN-_C${2LAcyHH zX(VE(;SWGJR$1H)zdcGubzbgQ&Y=dzyF1dy1^K`?5F9xQr(RnIsGl z43%aZq16mFGJFn@(rWhdwn!!vN+4y`5yy~R*hb-K>dUC&P zHLC3j60m8fQ(2;!yp0T`rhHIS0Y$zz)d+#9C`}f7TK9uO)`EWJ0d%<5N{u}x%VRxb zTYh9pdHhNqg_icj0i8KyC0M?i*J$SbBAIUd|wr3!5F&$z?T4Pa}jM#f;W$tT*rf_%qqb7HHFywnW~ET$LYF=-kW!@h_**8 z4tNpKR@FgOM0kifwXyTX2}G|zrj=$hUe*>=7G$c+7!##PCs}m8_2~CDCRyixpi!scbDQgO ze!o=B@1MXzJ?8foD&+jWo?%3XFhn)s9Y-_bc!^*Y2{v)giQLbO^LhWSwx;gZ9u-U& zsFHR}jT+_8NOYxu1~gm%Y!moE_U8k`6p&~DyYmw1Y57D~IY=OhN!@Ci4Jnv!ZR~H` zXSpY~yE}twT+*DA)&P;<|8>s>)w=cKI-$DJcABAfs)nnokwetb2ug%Pn=~>yh84)M z$Pi>%wr?O51vZQPi|0rEfP7$arzsyMiTXF9IDUve$Ef%iZ@$Ro*uaL<<}+2{c_S77 zsTh9&a!fx$E=68cK5(53_G z4IaWSs}ZnQ3D&?=ujtb{G!WVlhShrU+b^+5fhSr{>sdA6ha8-&EhfP0`;lQ)nJqGNoNt7iLLU;q_{F zReNhn2QRRrxv5v+Z=GcK@4at2=^wB`(XB?cRYXas7PS&o)*$f1fnyByYk7XJq%Yb( zaHJaFLnDh*Va31qG{p5EiTyrjmz+30l7!0y>T!CGFC{Q8JUOLuT=?abQdlv>P`pZj z)aUh#YWtxU4`5VRp!>uzCNLutFcx^BQbS8{wS+IXIj`w4b*NGV?s@W^&KWQS7h3D~ zeF^^-x-W$R3}qsK7xGG^LPL+!;}d9^WR#DT1U5kRmU2A>Z$}$mtU%}y#{34ubPv!T z_=Kll8s(3wr#VJ>5uUjJsrhW9JX^({Q*s(jNH*#Ue_Jz@18P)!0dloR?}+sI1{y4F zVELDpOaT6IXcF$#Q~HzK)mR0nf>vVHK{8nD=}d*vSU=m}Ia&xr!<_*l%WeePFtP-D zdk)uz_s?n5hEuWsP?Ob&|D_3f{DfWo0pJyIpe1J-TZLK)%-|{zzU!X(D=MS%Q?kU0xg#oUms{0S$rL+ulO3^ zba8&5<(I|drbYuT_Y~&^TILjA8fZDScx0gE^y1-xmNSd90xg4!&*Jyl#TkK?pBJAT zXgQ-8=A~1L2LxJ9qm9W^+>_r6jf$IqTZhNVca7jNXpub#=aii8i;O3K7yHK-06IST zMnZErm`-(=m)`bfsrDdb0XCO%iU3qfkHg+a&q_=PHYLUoxUnbHi0;ESi++Xs=_)n| z#55CA!d1)FO?qFA#~h3_!JHok%~mSW@Qc$g0#ljpk!`yk%u&xogf(YS`4l_dj{kI0pYWfZLv@`mc9v`nd?9f^H15obbXmF zY^S@ivvf9cEBnx-bY1Rwou#*yVgXO8HabhP2L9LyR;n$h_k#6zD9UADpJie9Cd*U& zx6`z6Lx%oz=y+ZE?>b9p_eVA+T3hY(H+GiZGCTcpg`q1ut+ONwg}NR7^WMfz`mb`= zboSYL9(@)_KiydpRl@wvKErxq4G|)0wgyYsWSyYj`{?i(9VY7VAV|j-suTSYuAXO2ix=!!_Mb^eIAE;o>k8S9T|(iM^Zh`DM< zE})J68|BZD%*KX&>zc-fC$DS9p@i!!>;Q$xz&<07p3CN?*^GP3HcmucjC(aAtdd6J zNWNy=1;V)16t;(*vv;?x%;{p>|J{O|JO52oIs)TX6HjG9%-xs>c-oc$>9vLdhzPi5-VEdlaf*@-bK%!@SQ7r)j9gW3q{2oa zC+1=QlR7R>SL>6}k-9MyuxKPNW;KhRWi^aw#nNwT6$U|&PcY<0s3l~Z%>bLAmfybW;H*aMI8LG9-k`G^ceuB0C zLK@An?}H5qEn>Q0PS4|rILDZw1w_+EfJ&KY#54{3vv%$!M6h#8A8g3_fVs=Wpms&b zx2|q1FxDQ9d_5e6YB*#;du!5T?WA;>U(>n#uW`J7bhQ zm##@;iz6`Dss4n1#DLa5&I1Ine)1q!&vmcj>`P)t$JvWGC=+Lx)S?U=iyXjocZ)@1 zQWLF0&F!p0E&Vkm4Y>IoZ52A1Rw1uI1iR*8;~s}ERu_wG83%#_HnZ|^1}8M4@rAGt z;Q+C}Ng>VwV&k!viUT~~weJ6d!2HlWvL%R<>;Su6wt)y`pN175Nohj*)c84lgN>h4 zUHJJ_hQ%fDi>Ia<^G$FKpy*P9A10hAL!hXHnqeA?l9@;`P59qrZ#VA$geV0R7OoYJ zrr;H4#`?lb6Nn7q<*5k#+3y=c?xW!zj#W|t{UzX&uo5rsi=1d~z-Bj6AI=965bm}S z)&BzQwdMs1QCS@jm8A!BZtQ0xDl3)4d-=d*=0YE4%90(AQ9cZyo&c>mxB zidxe=)GGI(R%8Xhd&B*TSF#8#@M<#git?f0mWyRSGHyXa#Tq`^gKO9wh79*z#jV;@ z3*`D6esUjwuXW^_EVTfo#^&PuW1P?Dq1Sou9t(O2)GydbWJsge*CrC@z7LwHI7c^A zUfPi*aslaAApw4b(9b%9lyt*EqzZxi2qyz{4if(yp>jm>s%+Nz=J$K<<>Iz-zo)_9 zd$I4;9D@tED`$bk6-}vOL^lA&le$&QUXK~8A&4^`X&Q5)W9Xg8HjwhbdWZ+1q76=> z17G4boGjS62oyo`&}~V2b2tI{Digs9+K0prcv8m(fhWE#+?|pJgv|zNSo%;{Bc_Np zB+^8WohE&cJeO&VFw*z&8)#BUG^xV}R>8x+{giQtADcHoW`s);Tas(tYv08FDj>Ve zMBEIwRtQ(3qzV25SX`H&CbERaP)tS){2|eSFe0hS@71qp9n%&Lidm_kzMF z`#MjJgAaR2k~H_`H&&zO3Gt~X;h5c5oh7d#aa?@jNyXtrIc&Y}M7oZP&pT-ZtbivK zrq*I7Q0f^s4oXI8za5^f!bI;?c@+isR<=VLy3zuNtLQEsUE?cBF85U@nQe1V9( zN9YR*B(B{F`ZW^Ycn|KudlCN4?c<(-4PKR_$4m9t2)|6b9$QG;QK}#10qIBLAvGq^ z&+hh+mbPwMNYOuM(?YH!4u`|R=~$#@fcjlBYJnwlAQ>1vmW1$BhKjz{r*jt9eln(-YLOzhEG2vtPe@j0o z#xt3D<7+rW(55&;L?1r1tM2*cgi;4>KrON*tk^mT$?)+)SOY?KkdLlVk9xwPcO}## zC_`24P}}8+3jhkUc116N^j8X5vg!|*Na{yhsUK~nezdivepJxKNOi-1y|I~o^e__K zZ@oz<%%&fG*x8iq_Q8KQ(~n+5g1h#goZX|)kIXbK*vQ%4P_n5lCMb)RB;)@QW8#qZ zK+t_751PxjctDDovrSRaT?x5skgpl!t|AXKkjtMjlV~WbDzT)Xjz5C#*5gT_6o6|j z^G=g_kI76hCo#rew5N>|!UNUsd-&tg;z4f1P9K~KOqt1``j|OAq<}elloB2Q-YO+@ zm;S|qa;X7j>R)wA+=Q|$*jvYL0eE$8%oAhd7%fO&X8**U(!RtPt@%K=H=Ex~j<)0;j;`s+W4H%96vjHQ-7p-kc6FuUH z7t%)`{{%LD9sh*%H3x8TL{K{uC)8{F906`7Y88N+A?30H+%)8A0dSDNovNJXKv(rN z7U63xM#pyq#Oe8u!+-pIGnlJJf?KkyHJE$7gQbbv*EEBi;@K5=^+@-#c z>_pusE(rYkh4_JUB8_~xgaF)%e$q@UaWDOl_iGdWOIZpF!oIk_*{f8T`w?uSu5ON95v(qa zuXc6weXHBYeQ}$vt_&z*49pq;p(9p1`Xt^h}z57VMR|0}Ew4l>g-E85k+4kr68V)2RCaQ@~<%*7PKr z7R0KGakZJ;F++YkB7dBkWBKEU&o-k~yO7}i=v9m^D}OxOmh5)s)6HmAFC@5!c5q&f zidM-qEZE4|G5oPs)C+5~ULz6+C**I)0$R0s59GI#JLy3*KYUopl}u7xCka$v4Woz; zxlN4H`e|!aRzRU6zDAm2Ba&5I*?5T%schKN@QVU-bVfZ}2rW$f8PG z7%p@lc+m%`{&^#izPeq3^d&qMINj@?G;o=m-MWlR_{{a_f2Gp@IhawZP=ckP|B9_u zdV-ks6I6FZF5^eFr$nj3Z~dYgFPC;zV!mJme)tf9r!#z)#Z17pK8ZQSL%(phzswN? z$^dec5o1!$*pdsS#P_8H!R;saUWAVMT$C{+xFcBd=)g@zvS1?zxB=$OJ{)M=2K43O zD+FV@9uD<9;@A-1u=WGWBXnEq_*2I#;QDJK85i1b=(aG&DvnNrk%+%7@s{R{OuRiR z!Tsuk2Kk1+^~Yvt`!W*T`~Jpx%!ao8r6lgp?AG_Uing$y=VAJDk(7%h_v4rTM>E+f z;?jQvj@1_;)j-~8}Mpm zNBwW&@55hM{OvEy(-*4Ioy>FV7S3Zf{Jl;}5`V9Kq6Pj2kmR1rvd2ydzYc#9KJMY~ zxWhQFdDGG~{@M^lXPMX~ZSzplTF2uv5p-_}sx4roPa}Bx@Ysh}n}yOV3nt3t;otuz z3VY(C_u^~(LCQnTkQ(r{p>?dL{c5D3#Xff!o(8e&SFs`>HhxczY#q0W6O^trm zAA!7(A6JV!_+-IKKEa>mnZbfW@cD^;7UI1^Z?z}?=?QcCDci&Fsg%ejo0G7rJBnI7^KR!NvyBl2a0{7UM_~B5|>RkNhEd2+jdVJy>l)nwJN%QUg3bW0IB^$@b z=WTCkdVgX+;XRML331>CxJ)QES$5jY0eRg9UvM9Co@JW|^;>1n;T%L$luyQm79s=m zMZ=Y&ZT4z5tQEKBh#LIa{jh ztrOQRe^uhDEo5V>mhdNcW9=RBJwfz)u$}=Lgnhr978N zxDRb#Pw^Y_Q90!!X)bMQ3y7S_raV(ux%>OS`Y5R%s#M@UatgLpx($GSLt?-87}t`r z)7mVD)>z?5=%{|77ZO-a7|{@=b?d5Rg#sUt#^1+n zcedakR4ZJYs}=c%-pBpLbG~s)9~Nw6*Nols$SE>z;eYP6Kedq1!wlKC`sAz z&s~M5(hBrB&mI1VffDvGFZqFIF!9015$FTQZ2`c&86F6dg#>%s3R%b|Uw*iOeNgde$Dv*a@6C`HX|UBG65I-Bx3?PSX|-wkAXhi*6=^440eEecY~Z4U?DdsN0HE`aHaa#vb3 z`E9xuN;as4oeo2vk{kR6b1f>>$kYk==~Q=Qrz=rOcc=OwvIcMdlq&$Cwd2n5@rfN9 zAh~wj6H46FFfK7FpPRp{c1Xo5b-h+IcStvvhl>t7i~bvP^-Y{+G@9~h^k6scqJa-P z`BRjN9_(yCm$DLy)6s+LBSXT8NjQDuRcBEJO5-StiKDT*u$0Swu-ca3DNj6m9wl&Q z$A6(&uhcM<;xQV7P;|;@Y(qR0jSOQ%XMQj-yKS)ObHrq6w<<=r#hFa2aa#;KRh#T2 zy?Td&Vt%R}YL1MTe!K{c3H_Iv&J89ep%V1&*GQGI@uVi(uZ=PR=oioD7?kQGeUx|D zCvi!H{RO)XI@XPkP3c%4NPK%uC}({rF@9$_XIX24 zZY+@qdCf)g_}DVp+cZA5q$4+LUyk;oG7mV$4L}-~yQ~cgqN+L$tmtKD5w$D~`+{6d z-RY6D8I8CBL8q7>BF=?^4jK3@F$+Q+q)NE|6iT96SO!+6B-@l)qU{d z27aH>#d>7Png4(i%dQxe-OfyUp5%?C{!}*N5e`jv1E9tJF}5*8q=jdfT0&dHH&qr0(PE4e8WL>DQ3FB9I#AC)(64 z?uGVsojX`w(Zn{D&->z=bRP_Lo!gxsGEjWv-~;o3xBnns%P4kB9zGHtOn1e0TquFu?ycCR%u2`09NB?pi65mgWhE+y|9I@rc~H3* z{CSH69N#9q1{R<60iHOiNzV-q#i!!9?bs^OA8DPbV@1eGT%py5q?uL{4vBXI)ymTz z>#cVcF`p~>O+Ww`#blai%DJOr8ml8MXSP1_Tw?Anc}@VKs#E3YZf}uq45Ni&C2I1d zChrAM=MC$@wJM(`%dk{1(&U_c0s4F>022`lyF-_$qC?Oi(<&ni15d+Hll@Rcaav$; z!A64U2KWsTeU3NZE;Q`XhM}+GO{>A38m9&~p%_u^i3!C4o=wDaygMOT_Ge%Fd*UhX zCnFrka7Yne0(hCs7v#s5w9RAlPLWzqm0Gd?rdv1B3n%2(^2j6ZpE1?``%$Qexwgu$ zJ+FxL$Uh)J?g$!Wjz)gOT(x&{EdV)-y&7vKlLu8fr;=VbZT2sGXbHKJx&0gqtf`$c%?`G#C8 z5)i`8YyaT#U`3ubR|j}Na=Yn7>Rdp`TPJ!D!tT3{aeH#fn?Z=D0o1^~P>MAAZ#ROL>0uiA6&=9mB0+cR zugT*K^j1Dkyv>>aII7m}pMmbH*Icut?rYgIsUN3qAh4g-^{jnR|M5$}9v+=>K90YD ztn(Tg!&_(EYmM*ZCjDF=831_@0*|?{o(F22&jU58O+FeZPypi2V!Sag;777^`#7>s zXZA0nks+bPJ&;YJ$c5i=>gfgg`@HiZ^)#)H@Dz@2sViAmErp-PcOoOCp7zKmHJpXo zQ3K{r(%-{+OLus_=@Ynro8^y}-+6viHC@b1bE;PA8^pLD;|={o^7;t&&D^8sul^7< z;r!L}b9nA*MMTce!GL~_%wC?GY-=jN9f(HyhZ5h0>;+HIrTW`Mj^yC#iVN6zGlc8q zs2Dnh(8*}zO4Qeu{(Fr7F#CepY|Gvkd4gJR71WCElC_3Tt0?addIB4zOqhh9I;=t6 zSm#WVQR~~wuC#B?E=&6c;66iGue?J@y7fSU8$?`72zD>{bKoQ@2Ys`LkX#}qN#9-} z2|}PqI=YljkeF;H@fLwe{*D8z-8+9rI@{>piYJZDH=6Hj&GRZruXo3p=Qriq z=#Dhs!_0Fqo-{z6&hJbvkrf350Y~bxSp;Z+&(M?Kapz~%^GFa#>F1$98!ci`z^PiH zS>B1<#Vj6!6Zm`y>*9ldoX?vH|Eu(O1OK>>!_<}P!1I;f!C^K;x>?92(0?MKA4#*W z1N{Wh;7s1CekdYmrS-&%d*&}yLM9=!l+Q_g1UXL0#|My#t(43>$?f>5B?W=7>+b$7 z*Q4IuABivTo}nBj8>r;@k^U?=QZyK=;|cPa^*}i#^@iV*)Ejv-%?(~!tba#k!( zoqfe!^ee6(MM^{Z9VpC5!aNM(Jmhm8AcYuiaAHK36O2rb9hdNJ@qwU*BzIS2j2RZI z>R++%EhxixUn6Aze)q~bk764b<@yNz~3qT-NujZ2DIthDF(Hx->XQEE% z|568Cs2{db8sUXN?LvZ^`W4~fC`g1|BkuIYpt)a`gZ8$xhhm>le>n6u<>`uXT=#r( z%qY46u?+Agjkn9fT_*7m5w5q%a*li{+>Y+{_@355k+c^D+oo*&Begnzwu3wrOk3w9u zL%?MOA!>lwpY-btd?X0uF1%%P8!Qnxq7eHh=V*rJzcmz^sWI(d4 zaF%Qkv=n3g=W@f|3$07e5SCsyp8~gD+74b z<}xI>|0R(vLJSeUpa71O!tjF04G0!$NZ2y3qEUuZdssM_jQV?0(J^45yW=rCMLOX^ zWVonUp@91%bRSsgG{YqSZ28{8b#V(;~}ufy06k1b*u(7^r}`_6KReEH>!DQW$o* zAc}C7)LM(m@-m=gH2mvGMda@@! zKvpbt77ju>-in;Xr{b+?ee_`4dvC!p$^|FZprukAnbp%h|4|4n@M`r;bd9kCC*nNe zhD6uP*~#KGA1MbrKtY^hV3@}nx61$>mc`|w$ebMIu?!tg3pgGAihe@oy!H+4cl<7Hn(0_oS`& zCKCzfOuR2LVV>CjsWtGoNuW)z>k|3oWu}D^GZ|&nk^)H2f?NNPEuuI)`kC2|3KG|;n zNO6Ait8MmVH3f5WW6|B0-D}VvDZ{EeQl!MHhWnbW#&mA0I! zdu7orP8h?`a$WlxY8U}?9yWC06aTLD-YdyGVHl>{sC=w2*DadkU}BSU^@OYkw{Y=0 z;F7^q2Y2=gQi~87)tfSZfQ8<6Zi%g_=5i9DIo)=z(L4oEE*xkU=j zZ+`>O?7oISMp)U3*VZYs3M-e*;e@v$RI9LZqsGmVK1Ypn1yl<3nT7?@=SHqC=(9Xw zV3pCqrrJk-uhM-I>Nll!1S#+-&4L5k0Xv#)9%QqVeoV-JP77F5BF@sW{Qo8a{ydun z7fx*%x;@oL=R#Uvu#uet;^B`|J3Cn7gP9gbF^)p4}-Q z!wgn96MFH%qFLwRZ^_L5_ne{rJ&3h0BuFu1_-29=Z z;=RmB=GcGS+n2W-ij$ZM>TGn2Db#BygqzVJe*Akfyi+n2i+nrUXHmRPl@PFAf3`2kq2o5K=@b0~7 zqU2w#K-{23KY`wJ#CFg#S{I5 zbFW6|n7EyHx#RKLoc6f8?rcG9l8?hrE=myhH%tbID~TD1C?t>=suLtJ`Fw)J$P*-H zgrrxg&*f`ny|jZDv_}sng4l?;($k5cVBy?PiMwh$f2f+WZ@+=a=v3WGQ4|cakPTvP zQGscl+9Z__RFg%A=N&j9Tm-e~N>l)eZer)0=)qCAoCEc^LmyBM&r00_--o$CPnk9( zO{^uEc0if--NvCTNaXdYH64B%h%^;6D_=$rTw;z$^648r1u*i~TlQ6ZG8v-J&VDZv z+_#r;-6V2fm3d&FD)WFaRp$FiMVr^zie67hMd`D@UqFJpTq-&W70Imhf{g@#4I)3f zhwg7`N{+<0(t7~~lVRv?5pUf-7&BMx7qrp>furaZI}Spjo^4(tz32)28ZA04@@-t% zn{!VY7RSN)6FBBQQfim_$P4i)g8$Hr1WvW=Ou7#8&laorv=*-V2t*WglEZm*f9^hjx6sD{2QfvHZ1dgG1?%}CSYftdlrbxA!&hx ziAP8be{x}~{@Y<91!~v;96L(4)kT7jm1s<{0w3h;mVQ$wT*Du27y;&K4%M|N6G3@( zV)Sr9X5MKs@4-_hl?yhFXg7m(y7IH$1;ILn)&Z(We8?7d{gu!zzF!eM)0|u)kq}-qMCSJ8rkai;3y@nAnDzP4c z7pTPA&#Q4zzpT8V2a?@fTjNpj0{>WApoP_sj+n{lP|fnh)`@&_=s^x|r@J3d*dAz( zbMflqGVYw){0t`f!~vg0SnX^7B4w!Di}l6bv9zyEt65PHH4D8GPnz36-XM-rSSnU* zwAgZ?YGGGQQB0XD;7)V}$P_!zXiYS@fhnK{!k*NbjYEjOA3}FT-&guGopc9Ex_jPI zatKBk88H~=lP6RZ5?_Il9PZ z8}t`LCi@mncJ2tG_miN|z z_I+HsB6r{Au4uV zE_wuyScUWi=7CNy4@{1G%D$~G6swa6Lcrhsp61(t*IF(|ZVfhZaE1C9yE$A%s`!R) zHl#xKd2oIDaA|-p%mO}8nA~bbQ;|=Vew+#k1K1NK{g^}gF^8vgEypr2qOG3Gg%hn; z%C~4K%Dd?rghLSadypGp7MbQqjGw}Yv-COEkeGxUmbcIDJoJk(L*E-S^rO@z`*4uX~o zXO6+&qFHBJ|MuaMnZuBB&8(jId;QFQ_V`4~TPpAng+`aZ(pDKMA2n=xbXhK(WKad|AeaS}@rXOZSEluxhy zmMkS~&6+oPs|m#*5^#b1i&eF~Vib`|UG0+1v1mZE+rTRFO)$76#ZWh~7@$hiA;f|{%>cpS z%2M7XLJ%MT6$~4Iq%)ZglPHp(Z3DuVni7tc=Z>uj^=xtz2u~-{@<-KA=K50H+vS54 z4u^l6Y+UbY#8QDI&{0SsXopgew2W|$rB4g}6kWUB{4u03#cLr0A^y`nbS2@-sj6lc zf0ZOlB3)&#w{<7w?Wl>^4jq{GJ>YNkG&B}Y+=v}AZ##=h^!KSJXnfpZ_%C@c0&*73 zIvamWoP{Is?a_zJlrlIA2WYOFoW*^lzFQF=7bbmq51(i;bOPi1P~8F08@fYh4F>)n zKz*(zTsG@ud|&S@+=*{n{{hrjkMA*wi3QKYy4YcMr!Zc(q)ueYW9gJ9QXTk1!z>ONKTHlpMEG$X3Rt{G$;x*hdbZ;zZLq%kaY)*)Zi zspf9?Fm0lMm2f;S9G{GT<+;J8jp3qqoys^IfQC6XgktaFu!ZM^h$n`>bTux37`vT3 z?KuOvln18%UTBBP0|A7DKmZjs6pZ~N2(zyNoaFha*pqN$hlf+b{qlYxBF!aSYY!0t zx4qP_0xs-&R=_2EqOmOUtp*eQ?I|mQE%>LQCsw|lfdtI2iC;M?k}?A##+;R{4Bn_WlpVA|n3X>;GiAkijRPk3|CezkA_Plf-8I@2vg5XX)2ZfA#M; zk6HUa7wu=6e-(klQjYZenwn+mZL@jM`r&Y5{dqS}- zfRAhCV<$e`GQ1v{5x9T*?$=TNV2ShBC|^aSzVoQ z2#-T&=`TPC$k^z?!4=1e=j3VWYomL5wx(bPGhUzfLUceEi+$+_(hRzI#OD4E=cc+R zK!Hz2R^eaJ{G7#K0@$GkRt!d0F2f2nx{uG*V3f-OAeM|qVGr$)l1b$E>su;3?0M26 z`=j>~*jkul79-hx@m{Pj%`sR9RHG^vPQ}o7@J8J&Vim8mkX|{u+N=6-N~&(|Nqis4 z?hIS?QRrO;D9rUHc7%UHYi&~9GCl*F*F!DUz}o;E5J^ghM1ssJFn`X%pW-K(QEomp z^IK@`%b3>j2t=^6=)q6gmFJ8TS+c^*lHJ$D3jp$TF=3w_T!C$OLn7yKf%IfP75L#f zp;QBzr_p^KA?WE!VVX&`9a<-&WROwvLyWrRh+3}jSHI>8Q~!N#zOJzDk10kQ45CQ% zT7`7iWpK-}F7eN$Zj!2#KFqqrZISFIY}LoS#6!1ZV_AFt6%`C>o~Yb(mr)t;Rs*tM zqq`_53jr$ye}bSjM+;HQ!^)}#mbv~d=dW2|xFiYia7hZRYh(!aPr?{;4uVd`05{t~ zn8~LGgP_K7=!ekfIliT{Bxek(UWA@=p`eor<^j{R zCn$)Hxer_}T8~CiaFk|?f>2L`C`OG0)nrjbR@d>tofGBV#A|#Cbg@I&sKIT|DqkK# z{QUvsLi+khzi{FPcz_^f4$}NnkH?;p!`O5Cx@N&X!)_&ENo-krfmK5?tIN z4@f9z=hLq-o4aH{hh<04;cm&T`njIB$NAy-U`G2aRh%(4r}{orY1{u0 zE=H*cwkb!8Hxy+0IBr0$pUPvVpG?OIsvL1F$Nrs9=)`B0x@9cp43}yoclWUse3*y6j zE4ExvD${^H9*R*8%(+jYPl#2)adShPba%&?q1%(^Ftr7HZJE-NJzcko?1|?;_M5Hj z3FjkZhRn6c4{l)gG4ZFt7-8k;wo*Cy(}SO6$$Nq(7GO8UCVH8fBa&j2;4%2$o)cfq^yti++dp;_*vm=wI6$WFwWv*yuhQ$lU zB04QOspAsudm!#J5Zmw05+x`TGHqSPTEo(2HCP|)yLx>=C}#(TIuqEmD>ayY=H=31 zjyr^FyAs1sM*rL&t^Winxen0o()M*lI!6~VCopiQP84``sN209im* znPTR$tSQ^R&;ZVnsO$}+7lex5(S!NcumNw+ak$|ZV*VIA7z0`~qRGXUIzuv7I!#^- z$jKT5a!WBW*{O=a&XMi}4i7-5V1B1<%UwhQXI#k!KE>#HWHRE_=BGXGH5dlN3U(hx zpu@+|tZ4Cr>#hpzVTLLXH91xD@D@%K066w!0>@7S1deyzUh7%`j(_-pV`^65xEebb zEW}FNGG*!cLnI1%k>ga~k6w^ea)~ZaoN^-hi-C=usj~+>(Y>6 z_VE)^C2re7DwQII4B&_Hz~|J%-NF4WP$Y@0I48bcWw+_#I!RYzUfBz4<+#zsGO|iaejx z5D4I3v3xI+o6~56EyFjbZZ)0^B3Sk)Nx1|OwBb*%+wP;?cAq=M^fHBuF*`iE%L^i4 zHuvSL_Ii^6I)yE_ka6+DrUfI55%wnBpGf&qOHJkeY0A0}A(M#@K`F>DQS{4`j4#vN z*ljKH3k2S?De%fp>jC;3cA9$SDezvVt;$wq$h#Lvs~@9M*jG^=C*9nD^61HSq(N+{ z@XE{iGF2T>UTFW9u%m;L!Jvd=Itjn-T5K;N(5*zvfy!sOusKd*v-m-5?8u6OD3Xcr zd*s<5e8Z9Wospx2@t?uDm0z(WTnw*HKu;9k$%<^kvyG4N>mV&f0T`Ry{WHbrrE48|2%CY1LgLNiei-bAM}7x4A!0r#_TUU6OuXkj^kGoqDU6 zs^h;l{Zm=`b&R~i{_KvFw>|DK^BgQs*niA-U-LXco(*mnd2Vyt;R*O~58Z+A<}di? zQ~Xi$8i_|<4Sct#f9^P9wGCya#Ly?X8FvU7`k#08@F z3=9+}SkOgMNLgSI^gt0r?Ui^UcLZZS!m%rI!?COL5QiLO<6xcU*b2!35k!k=&EeQ- zwt!G$D%|ZaRh$K(Ols8{_(2q*A@0ENR zABdi*IEVBD_#KUm3MayC!;J0z6@H^9<{WxrR!4fu)JTPPR#I1?Bk$NRIlrL^Eu6v@ z*sp8w!b+X$_IL{>BG4K4JBvo(LmF+XCsw^9Yk~EX%Kb|R1xW>o(?&Ek$^BNpZnkbP zyIheQh~Je*U;N11NPi$yU|&S820zSRPUg@V&JM_jKZQrb{q`-NHYFd#8)*Zfw{l|u z+m2-I)1Z(6O?HH#_z7I_ZlNN%-N#Ar640z`DWdXE(N|e`kNzIYcdB_wo_hxZ@fG|m zjDmhT35Y_*Vo-RIkU|((fDy^>c)>2FyXnoO{jkc||ML)sNsVLtEz~&RzlAarDAwCy z;kda7$?hWd_7ZMAw%zS`=(R#(ytxlRjBvD=`1F%pQK;k!>f-NQrGR%EZ9Z7&hE9B`ROAm zM<0S)emdese9g%n8Eyy9!%Y9fQ{Y@0pFR6@P@n~S8wk)bNI`tU{~%9@e|zu^|AQ+( zBhZr1wEsaQJi7@*<^Mq1|F8%1=61(c3Cc7qiG3d1o9WJDhVItTm@z|}QUgMer^snT zvBqHRKcU#ma7l(@>qW`ZD#)>g7sGH6m7I2)io{4@hb(0`N>-e@KnO!>lx(mdbM|J0 z5Y;1;oPNwe$8$MY)1DauWq>I15mTpe!pk}J5MEh7 zR$_)1M5A)2_9X-XPP&2dv2nE92ah&R^)L7pe}KYkApZN+c!c5)sA&3d9lscQzWFpU zCKjA3^dAD*kVqh$xD{4On9&~7AE%#6Gun{IK>Pr~2|vuWKY(z4ImD@ovO3cdglm{L z)OIdTxx{burc-{xE!NJWVOn@9Yh{K%X$Ht}`g^YZ9hDzGw_;#=UbqC{hTxyNGL*5o z9!ZWWn3xOH+6O&=qRSsvs-AQ|^rind6P>#3>pPYj@b!6GEKwZ>BY~fv_t&Vz-rNK{ z8&-+hwVv_I}rJJ zbX6Pdkb-{_+eS=DDpC9qI;@S>8Vng~jLH}lXpUNMFN7YaOWOsQGJAMwC@3CJ}`1Y@*#A&_1x`jZpJq?4sfcbNp|8GF@@$gqOFBG3ltVe3=$c! zjcAp86ahl^XPZ5BdW)1E%~NWta2)G=@ODz2DB6TQ(W&AoNw_1UGv?Q+9*&Pd^%s%5 zDR9jQG$Gi4UZd^fYX(GG-2kg5H zngSI}6lSeA)?jo`d*x6eb2Mq<@#d(#D(bbK!1q*Oiz_Ea8fl4<&s{&T52|OVfsM`}7tD4bXTpVP(7@O;?k3GlTU#NOm78 zN4M0WDnf#UDI3$g?DSqzum`PLpE-mOh>usWYB?Xj+pRdY5I;6|nos0mh9hm=M`f|D zC)_UBNC9U94DdN5#evNw0UgboOE?;yKeYK)ws-~3A42@#T~H}|{Rt`V%hz#!jhQoc z1<09Nvyc^9njTw;cSx`$d0J&$s)P{SD|C}onVaf?8gr2_5(%ImQsn~_5CZXsDF}e| zE2+6-5b7!n#I7EpCIf%xTc(H!2zUg8FvO(h5>6n#fbs;IQ0YR%ia`7?bxZ{Jz2ITx zzW)VqwJd@BpW*6XNxU2SS!XdN^@4#1fn<@{;~m znoDJHU`3~@?a6AXlxWx_2P}Z%3KkoRTVT<`lG_J|0WrEi2~_scQFsk>ssx=uHa3+G zYZ~bO>gqJlbblfrBz6%c8 zDDvTVod5Ul-qQPdxp3gq99L%Qvi|2$Qp;xKlJbMl^K^Oi|8Xrph2;-D;Z)_JeAV`p zQ?(uEd*h`e{$fuYLfkpQ6DM z={&Sk*m^tfkV+Kox)T&}pPhjPD1-RTU$r{^s3|niS181WHn(18H3sw|ME10Os&Twi zy%$3~mf?JGE?T+1^;Xtr>DeDxW=QL0s?oEd=ouEX%&F#%g=6W_MArVwFI$}}JHh_B z%4eBJS}&7re)kSRneVq=<_V1AR>kITMWAa5T{cvl&@WeOC4>RXtTkCCRTl2rNOi}A) zR-&Jy(NF1H^-Y+Sj9CEwe+^!JhYjpp)#^laLIeNM!QXIf^rszaCjFV)dgZyKKlf#VE1c>xFjvP`e?Qj0y!HBzL;WkX{zyc^4IyUv(HS7yCN&?EHmljtG6z=J8~|3G zMF4>Ru5as&cftCnPD9;uoa)Olfmx^t1`Li)xbs9sQXH85mg5(J-w8fh@pk#p7zjj$ z+#?&@MDiEd7mQ{%KK{Rzxu1GulC_EV-4bf5c$J>q`&s(abZy=2Q+CZ zY3q$^4auGR?J>JY)+L}CwE;FkH7XAD!?SYqhI_4|H&wQd`VN!0ihD+vT}jQzxcRwP z81Jrho<~Yp{Z3DnP|fHL)~Nd3gsZ6yZxbV_xonX%?7pCaul~={mdoNfSO`~EMw2ccffq_kx*x#*!SVFTrcBR&r#twvxEgm-=sfKAHY@>B(EL^nNS@aGdiXneu3+Ei* z2jb>5ISZ4KUuDKjZ|vm8T+dr@ptu~!cdCY<=Xis}-yd(J5BP$@)J4;wDIG$kNLwGd zFr1i-_=RxMTh5~Ipk>~8)0X;Gbp;Go+KUv-nFsRiSMn7t3l(Zp3LcSk`Qx?xRF*#+ zjf}&^JJ7D!e~j$!&Z2*T%%J{>ZP87fx{l!01Mom%Jh0CW&?d6j22(eH{xGXkJ%;VE zr#}>Kb~x%(=W7?>_C)gSNM?X+@?iiT%Yf_y z$3>=9ZK*iPU2-{*BYmD>mAE2O-9s@NkPz|Z-Y4iYk7iozB@M<9Zuth`xCWzzSGHg* zO_Oaf;RFjzWEAOy4K8bv@flvg)j0K&9ynPk)I-Q%frx(mv1COVZj&sNWNlUG{79HD z5i-Ycs1JlrBTh&W3>LykfFs%|CsXQ*W8cDWCjmO&k_9h_%4 zYs82+zoaHXgb3E-8v!J5A>xD)Q9JQT!d%F~fvq$!JHDBX*4IHuXIyKYe6KJ^9ht+Z z@H=s(xTd1uGQ@zWrGD#4oGy(;m0Hnn#VC7(mA1;E!=YiC!~#f@$Sh5Q@=KFgpnP`0 zj37A>{cefsEmJ}Z ze^vT){~F{V#W{vXqipohL#9!*C{6@xs?$c{GY+gf*b%o45*?%q!9*D@+t_yJ`RaSL zLpYzc{T8*+_&vF~!^RAu^6hVg6APlK3Wpw_kMpIHH-I$DBw|YM?;wEc8wBioaONCw z>YhCn?G8VhQFP^_Igys==Hj%bHKZ*U!N-{m{rzG(t}a8fkqckH;MB^Upz+ zE>B}^@BZj0CZOw4Ou)&k?MG6ZOhESOTo+u|i0Smr1Ew?k`fND`6_%#Em+2YI4roC* zsQem?IDWW4J4u13C2{ImK}y2dn?GIFj5e)8g8TkuM=!4H{(<#(+8UdlZzipOj0E>V zsqt7zQ!OM*JAu{_({^W=38UklQ&C&{bJ)b8omcJc~3xy@}1eCm(&Vc?@%HGm6LYOXEOu*b50 zcwvtj@jKJJ_?^jclOukIw-z#fCy&pBc|uqjB)LcBPcn=yZyK zf~F4`?iScx2*80iJ(i@hqXnO9J1gx&V@XG+A7+ci&x z-IZdivr}!Gw5OQ1(lkI`hiSWPhu?gxxXee}<_aN(;h%V5L7!qT) z)1evq2PNUqkjPjY-;Ma5&ic#LJnAOpx+!GQgMaMd#ZyxP#GeE z2BHJr;h2wW_9=PLzx3xF=mUO+=L!K#bM4PoW(1vnN**M;(*1R{~_C4RPWI($L?*y=3$3j1>r+{*h+aU0uy0T$V0QL1rj zlauFB`ZLpl=tourcv`LXu_EwrXVEg$Bigtpz+ru>lEA(CRcGbM9zsvsFa==a$CD1SUH{a_f z{hCVs8@JY$qS1F!$4PmAWw?F0)J6<%`2q^82f1J zF)4Y?Q_#OU)QJO(y>P0cD9M47cmX1P^71aMR|Bn*e?&?eI2Bm!_Gn=e3pSExfEmk8 z+);KmF}$`g!#H*)*pwK@$S-6#s$&WV=QjxOay+T-u9PQE2$H8BSwVWrE;A;xUY;xD za?GlBIRE8VN*8cG;qbGk#X4s76GZfzoiqE#YWt~yN_i6;)V%V`wS_Py~u%D;@JfiyC2R$us`fn0)f&7A{zVVYb*g?X$@876pD`Kx zl}Zs`(Mh7_K-w5Q#}j<3-el(xZ*no7qIXh$M!eo4x%L>%U?$s2fbf_C>%KTe1E#>DTFYGO$dSqF=CYtzB%uK+0hrD7f0r>H1urXy1|R zBQzYgt=z0#YrZ-_$kKw+p<+$|D}Y|h*kYMD$*Og0F2a@OF&1#-mM}G_iW zbcTxw^E0x8m?KAX=An$ADIAr%$i8*h+` zdg>cwqV~)~`FMTgV#?y!`|B*)548dHOzlBQTs#%pK2!9JdgIz0N%fH0>ztnI^Df!~`TOJWSAJygDLe8Q>ji{JeNuyw;flE-wqEbtdD z3v|M`h$v3X!5q=5E^rNM*#_Ta{$ne882JDtj?-X6a{929c)b3FR4AJ7NX9B|G(*Nz zJLc{W{^HI>U_2=W1T(XF1c1(V5vR#*NwChqI=#)k6Z=5Oy2b`#Z^9`e&JRc)SO^wm z$A}?9IO#W`VV=Dv8W6OS?=hza=C_@HwQ=CWzr8z0<;p(`)3fx>44q4p?w5`~U2~?0 zC{RC^_fu$rF5VY);;p~G*ovrcWxaHEFgVJ&))6g%{jbn^< zY@V-#(?;+iUGVuzM5e*&HDU_r0Gz>WK)HSLt><@emG{W^67`&7^$F#Kh6Z_7iDwl$ znCB`X|8pN{qx1JYjtVPKE>A7Y^@5AU)PSM02OPp4JP9hUJhesdKm_EM9-4t9Da-ut z5vSyGxb|Bb>~1W#=CwhkF@5 zkypv^p1juMd?-zGcW5^EMf1JEJlD#z&ix~v=m_e5!le8RPo7ruuzc4OiI>W&7~Lw< zuXE&e4>R1Be!W3n#jZCAueEaUG=-Kt_g~#PbJjSQoRi*;?Ahh)3-{L*!hfXu>uzO` z#)7@1612|+_)M5*0yn|ljL_-bW2&6%q}ji`Jp2j=BSYfuu9Y>F<}$Qp5c;d*!? z+5q{S#E1Ajl(-bScC;R^^V$#nB2_{*1=|)inAisQ`Y*p~s@#`D(3a*vY#?9Sb6&Mg z3Pp3&l`|Pl6jyzr=Uag}5)xq)R35p!4qw5X9de80U0{=709{WI`wr~`H(&;!n}8Ee z*0<9mXMocRfu!UIsfedy^MYg?p`#|nWN!=vTLd%GliX|DJTZlR+L_sKQjk-13$n_Q zKr7j|*x^6|=QH3HmlW;s_=E3chA{+B27iF$C^{`Es6&3ySLLaMgrtk4iSFG!^0aX| zkciMG#ri>f#+R?;gMrAk%O#;^H6Ms$Edw4{ZRFvyVZiVC6hogg(%JpYS2=q86cUBw z0u zKB}{A68r;XbIZ{Ivbk~!n%K>VHbU{$iUMmC1x%oe>r^sYgYe%;;U7{Tl{COVq`rUa z+j^dfQ6}*zuQ`j(*8&qqh%JnJ<CHa_&f{%+q=nz zI1vgbrGOJGI+vD_B>=>Ln>d@T*=nVgpAAM8>01 zt-FSG2P+$M?zwnEqJ3R(-JbTr1$BEsPsSxKz@92C;ZZNzkJ9w(k0L_xe4uC}stH%u zmB@LiVJEbX!XMXyv0&t-lwy@Ut!@B(AgGNX1g_Ty51vVfW3#^spY;joa4<0`CtUqe zkRXpgJD7H#lOpXOWJBRASAZ(E=}Xqhsbd0~`=cEz%m7N;EypZ0cTL@D z=sG7foO4h-Y*oEDEgB3KY+45b-5%;~qa2CacwA&2+QUK-+hDN3YLN+Yp=e9tTzPa3 zeN>r(we7?&ginD$(;|Q8fcd*l0GE`)8gs5>2~0KD6(Ut~7s!%l?VW%geJ9eFv&{Kk zgIc_yGa+>XGR((uc`tD3#_Aj~_Zs|2o7PxN6tpT$P}fu)ev;*qbbhht2GoVP+n2c1QiAhUE5<`IssY4z82^l#`t z<^c>_0X5a#qj0F7{Y%IQpVSWUxQCaq;oedHkM<{p6BE$>F6r!Q{6rH_Pidd0f1WCO za@F>hb5#<1Ep=tfWL?zMIj#P3e9K?P@C>{#oLyO9feXYw&@FJMfC(;JHPHNIK~x5Z zvp%_ofTMY@dE*BiDU5!Vu=#4w?2{EW= zn^lr3z6mACnW0M3PL_=sCF!gQ8A?*`3?&Ks1M@Kz(2@)tQ0Ovjq8W%Ob}^3Fr%&x5 zwF)PGLX~M;;*^srN3R*r21k+>ac(EXR&*A9YQcKyQ{xh&U^v`Ql}Z*SEq|ObSQiDy zkR&>+x>WTi*5LlVow_b%T$vp;0WV6~EiM=atSd1g(X&Y018<4;%oB8|p$d>&;0OD4 zF^uE}BF_H=wS>9)P=^rYM=fRQY19*pCjF6UK!aLVjk3dl>~ z3qbocp@xEv&lz`uv+*)V!^+MaR29R>cxWTqB-xk?OAqjQOwd&G5%}K40A^# zb^%njurh_J^(C81^O`!R&Xm3h_KFJx-AaMnp}!evm}OCT;beHV1*x+4AFK4hYIOe0 zVFLKp`L@ChNDoJ+d<-Ojt|1_ikiAT?q^1rtNQkihVUbIIjq|~Y&x6oe5lS-n2lP`O z*$7So{ZvA&K{fWE9vVJI=r8NJ>EY^}aLyqK;Tg{g0sp4LsV9rOB61?rq$HRzOTvGe zVnxl8m1#W!W0=3vk0oM3&)P&Urw{P_7a3(xl0DWyeU}`wBN`|FmEn9BRjDK6RhX{Ai4ru@Xypr>Z$AvblVuLj?H50y z8>p4m0*To+3Iv>Z>!C-hq-c%mMEiy|#tRPR(xLW1y+ zId}=0pbxxen8qC9uaBvmaeA7mupI4_Q9Rk<8a{;ih3>MAcT^fWe)y{u67QY?$Jm4KiV0Aoj5 zr)jD85KhTSEWhG6DPbA~loIk=P=ggG<*@u1T2X*LhSt(L6}clT(AIPl6u$|9L`ZE- z8%RyZ@c+NHrtw48yl!Io)CHY$kkaI$pMZ1;6*u}3uEw|@-KL2rK>tKpxca?FS7TlW zAxnKPn3!0AEf0Uc^HQ2tV>{p%v~ty`kB8v=i<=lLp8>FMASg=2CJQyj0#}BE&ChPa zg<{}p%L<|dq}ZDxM-eLc?Xxaqh>A7%Eg2LH)yU)O?P`C)nWfucs^e0?paJ7QK~fgT zP<_%`SrG6gri=MQB^oR8G$sH2F^$Ttuz+E${ZgCi)7nn~-q$X3vZ`PY$E9lflfu|M zQ;O{xV254fq>xRg?qCj0QI(Yd#6hGcnObSBu~p_vQ5DQ-d=aqpz;P>2I+LFGYz7cs z1S{d37ANmCtU6ACK}AB?8}Neo2I>bpSvh^f!MzUeX_uyLvW8win z@Z&y7vY89`Afg&--&6Ml03 z?x_SV$@fGb`JQ?a$v6DJhi=S5zk7Z2Nc7w7sr0*b#|da&=gQHqT*_KTa3ys*vpP<6 z-aIeKH~JeYjBDmP{PjYm!YuB7`kz$O8oXeP#$<{e%fN>XBzu%R3HQVji&?_#4Q^qF zBQC;w0fyl;LFF6@OK1ncNI)HuwtADwC!RI6~~OJ;|_A z0Y_E1SiTyagh{jx5AJ`3IaA|{`$rE#m^=<&9*c?|gi!e(WQ-nMAHl&vW8uGmL{*18 zpkbx`AvoI8f#=8uTp4flAVf48XT1VdT3{**U<>Xg;lvNbej)d_Owk{w_lGF>B~Ara z@bz2RQnOJdxhv-@)eaw#s~pNV(wnYGlxl~eJ@`@3L3$~qgX;1CIhAR_9MkM!-x0q8 zpNIWQ!RKM$vF-W_l`m_^Q=CLcMiJQf550;&;CJ_1T%U^XSpMv8btu+Bz^9Z55}^u8 z^6&I;6iH?CdSbV3DE79N?}1?7XX&E&efO*dAN70^^(4Lq=G05!PYLnp+HLNwz3G17 ztIUskt$e%usm%My9g}{&SYCnX*#9E0@M3In3p4|L>LI+OQ$yWVv~~L zBYACL-go3x^8Q_3!MV1%FUe~oU)QBGJR`55aNFG9$SZ5m{y&n=Rg2f`K9Sy^?8BT} zhdyUteIndn^+6V|i02-8$wUS0+>lPnc+>OA8vso>pS%xAFwQvOAGk2{DZdpR!ueVJ zInndpP`rHuLIE3cA=5M<->8OA;*^GP;@aFm(f(Pp1BtG)0`XJofvok&GPOPrHvfja zP@_4u_LAGszeMgs|B^hxNXT_$!p1QlCJYn{JnqAwY|LQKeH0?e+t7=BxnxHq+_m^G7&}z?ul}jwfO@(Z&K}j+gxlC- zuON|HH?xr*uEZjdQcE2%$VZ49udBuV-aRWi<8N=Lx(YdJaprSL<-7gK6sdyYW{sY+ zPsVAw9|tQB=ghj8-xa-+-^`_U2Ks~V-m?nu_e30KUU@MtH~7(p)G&{H*5a3wo$8*< z{_NYwISVI29l%?sJF)xb_u#S><{`?OqLQu2;|#t;Yf}g(ZKwPOh`&Xhha^WUszJY-!OD+(6d!SsijMG z8Yh(ujx)U)Ptqqi#V|kki}|TWHMLM;?fk67H|K-%b1UZO%k=zwDC&8O`ME^r=fdXm zvliJ)oM+#|1P#Fy@U_#O9YgU`YdJ;x{ZrHpzw1gH`UaEqXHE}|DTQYPyPFaI!GS6b z);$dF1;|E|@I^ETKZcGQ`!20kwfOwZ$dhEl%uy7-!eCKxg7Z)v zIlln&f{lc61csPNMVmU=I;ZqsaRv#0GNYhP)7*XNL$excH=wZblX1=*jpZGgh5p{ttQl@B=O1H z+@X&_5(9kIv*UmV*sRFKn$@pU>#JYKY33aDch0DvqK2t|+oM|lQ>K1I1Q^2@TZGM} zi5=!3i(bz*BRE$8o1vESz=r_t5?J~tsV7uWTpDk`v^3teW=zq#$fOc%l1H2Oo(vcR z{FPKT7S8L8zeUB)qnlIDqLF6;@eUoP+}Wlywt?p(yzm8RC2BFffw7UR#xC*1Qy66M zmReX`Gq2!6Q}^tXaq4niDADb$i>HYums9dZT{)1rE`>1b4rhHw>UMKlubJEbE<^>7 zqJk2TEz?YCyk|`bHuR(avrj-9+abYp?NRc@I##|eHHOjT!_mTK>HQ9oA0FA*YX7Ab z_NEv;-StjLXzs=<>- z9NeYx0ZDFM!=#oJBXISEQjR6Fcq#AH%1jCr?a0y&UEgIANpt{084i;yji0i#q;f+; z_{QDA#HhItP)G%91fX#A5`f{J+iRUg1OrUmQZsS)_A047C`*2@2u}L-sW2kaQdrXt zJ+9%p>~L@1z!|fmx`3c>(J4ejelF$B?uaTbA)z!t(2lWfaB<-lgi+5M`azIfJRUSD z$*XY?!I$dIAfLx6YDek56I2d|MFJ*-y2hN(*lGtlokTsT=#Zt1#Kk%8+v!iQ_A4yfU#TEc%mnw>R( zO|lWE3O5cliG2m~UGjSrznhZZ#Y5am+uY-%?-XIFpB?Iq?k74_>?>^JezF*Ly3NJ8 z@DM}1>Gt{j;h=rFgf)%{p}u(m9unPQ;K$ffb3@+8EI5({pUEt^HeHZRKV9(Sk5KR| z78IFI^h35!f7dQ|240UK)_wZ!k;J-TU--p3Pryq@&DJWL={S29m`zUP%;?BA72Ux$ zJA8V7iAEu8a3Sttyv@<6-U$MZYVArS9^gRh*wcBxIBjFk3~ zjsfTSE~)N#?|@%#?2>ASEU50YfOGabtrNd>oqaq09yj|G{OyD?ag;v?@41l<&NHad z`E!>Pf9o8{MFThhxENCVfiBt}YeeMFyw1*~Ev$A+3gZ0Mz_w)NJ2`>lw%OFroXK09 zJlkgCiv2iGC1-X&)YC1}dB2m_WxsRHmQ;HTyo;9&9UWSiU4u~l!KLzExwnw|!=ONd ze}LH|$YqO#?osfbY-iY6OzlFn@8X8MTPodZz~AyFISPah~s;I)(F(Z&}gascv}f=v4obS>wI2%TMTr=_k9{ z)mhAa#&|n!c3=GMq}?2hSF^zRTwwmxInoIW+=Kd8#`VA}Jod9uMh3>6y9f1mw?-nNO5wB_bE$QA48+FfrVu}}IhXQd z8$A-st{!DclqxAhDJ6?(SP?>&{zUvF_vZ=!xZqV;wQv2fq>UTsY^Ra?_ue$~mHaeA z@ir4wGdVXq;W5955>pErHTd%)F(2(!0ZM)N0VwBD^po~u(RMe#fG>zK(|P)a>QofE zR!SZat4*Z^=g~lot)sO7(R(Tp)o~z7?^L&oUyfkjdky9zRyL?|blDIyTYJ{{dMEXxyj-qDYMzHQs}Y1~D~3)QtpTW^+^8et&;nFS5_&JagvEnVBBQSz#qBypT$&$5vESb@N_Lq+4R;IaZ3T z!6Ix64hMRwW$dNs?yc$hc?&EOZg><;)udTLg)PwD4aBCp^6TG==H%3#8i^NN$5pKS z`eW5fBDCF>^Xho$GM+P&NtV}e5j^*vZrReJgL+&sf2;X08FmC0Q$g*)SnB8YJ1f3M zvv=nARpDn+Ju9~^EgBIX_8RBJu&|=770u~f+h4)yOM$O~Ie6dbDI!;?oD35R%)!ue zL<0U))bx@OjjL-(L9tf5M)o>J(?3pO+8~D+BN8DQ@cs+BgRIQoj;8$}RTha&F3hQo z(#^jgh8o!KE_JhLpSU1DlDG^HTUAjcJ__PTkd1F2BRX&lZGM_3E4{1K7sA<7-Js+p9G~_)~e1?zMIr%#QNpp&t;CqIutjDs(sV8I40oJe-=~a&DRfAQ6EuD zyA8mr-Ssb8*A+T~NUPX8WP#Y;FJAAU#8ThO(prJ``tzTqzivI6v7ax;0fVtWcSPda zBCYWq7)cDx_3jVDl?*4jjMw?gykEZtpRBH?oawg_gO4qazFHM8E>6GH3bpmh>BlF{ zzF1zTIyfVoKUJ-gJYLw-wSm9j0TT`*jgh%Vl05$|B>99pOp?d1G5P$KeoT_@KB~PW zU-Ov=khiBRxox$TM3S$_lnf+!h)RM$sY!C)3`z1SRtiZTDFz(sOLA!>c_~D;y)mI( z`f82gH>NrnDxiUGGL%GSbj5yon;Vg=O-21H9zZxMOZov{A#EfZFRaxqu2@;{dN z!Wy`~@*d;43G2gL$lW6~=p6yl64s!YW`kOuwRs^G)E><2yar)iUm1G~VSO24eIH?6 zCSiT6Dc#2w+M8M3O!u-&wna4~u5VVx-obeLtZ(!Llhpm4D{w?&U&-kjf~jizn)Cj7 z@2Vq_QxOO+r5y@_v|LeKR;>*~FK7$ix7n=VC}?teGo2W&L{6`t;^efnb2)wH$hLC2 zXeX3T=8c@|Je5kSZs5hlhB$D1+9#!wV^>pBa7{WZaT^Q1_qd3o5Zt+N8$r=xr&wdIzk=B zCbGO7?$diSuxxuHn&Z8-T_OTYNF`N>6UugD7|FL`1itL)Uqli)12<}~L;Qsi@eKo4 zd*|-@yv5`$V(k#%vDJy*l`V{`w$jL!D$#R1`f5_sGViplu6ucCul+YHJG9lA6aLzv zd$CVbb2_tXTD$qH`}cA?;3cC!Z+Q7X>R+v2l)+-oL^@U;+WO5ASxT&5ROlBI$$sf@ z#b`kq7qV*?rB*VCw3R`DnjOQ#fCpRvk(F&mv%m>!R0ke*ckAcN<9?OBZcWKk=0oWw z_58cki8)@=ZAdm$jWjK)Q(=|~@E`n{0FYPClxr2GIB?@1x{K42p~HAC`+t%DY7DRP zt%^|OIX-#Ve?F@9dChXhfP|iN&ih)*>R&_=2=+T@#<5u^cnAJ3Bw~vsVvCp1h;PZa z&22o>1wjHTAB^e*g6qQI8cSk~h*ctVc_9(gKV6q`ZOxz%5;D^g1nI?$tU^s(TZ6Du zXLGIhbF<#h^WVqHR~{+}I@i48ssXzm3G8RXO_Bv7J(CCJ)y%XobI~M;_uKdD&t3a8 zT!ea@eKLULcT2is>b-TZO7BWIVv`EV>Go(3z$Tl<(v7k5VTQuKxP0e4G?)c_mylt*FyT)Xg~O31OHlC=Cfwm%mTe`9gaf+|RObaPb|U z4!oMQ0sps|uJ=+9&GPuhz;yjBSF!TP56O&%V%h3=-h({1(eMXcX!z4}uMm9PXsBCZ zPzOM*&6x(o+SYxbd@k&ISj2{XM>gzg*|6>kqn6|~B>6!5Z1P^%`Z*Iw_0NjwL)Dj& zBm_4nN~LmO$U7Mr-P~T%CTbpE5{P0MNeYkP2sV3kC2aVi^P9qoE5*f2~1+;du9-? zeEB8FN^Gb}lAbUzb>f|Q!aKL`!#B|Uxq8Ci z51a4@t@`B=;4H(jfyG$!ZxBd^RxdMGL+`sP)qfjzFnnYGyN3ll^j7hx$@}&P8rQ!Z zZu>F*p1-JxZA`e-{oB9Hfcxt4edovOjLi6+`15}>zJE3R$y=loGVqW2zlJZN$b$d; z^Zzma;k&npiDR1?3&)|O7;S5^>`mEe2RnPS1U{0}Dp~N3zQDHRdZfI~@?vmRrYrjZ zmMUwnWFPD=1#u`!_N?xKlFd?3OSkz9JU~9{BDm&ji%rY+qqMhft<$na-aL*lH$+Md zGmS2Gh*>VW>Yuq@VUnEO|;vYhDUu}M90I8!M$DL*GVf}f(C=-K>~NgInjPxN#!f&b!?%ueolDSl63chtK+M_)W50z zXAPM0ZE55!69}yj?CL(X_qFw9ha3`~wG@EsSir4yv|zx8=?X6Rxx5!_8hZokJa)8K@U%D!wv7%qv(Ac%_3=Iac&Ev%b zcry7DE6X+egH(_-?HBwJy=U-Lb;03_w|c>w7iF&eIJ}; zV8f&(TIL1@#9_DAfb$-KB+1ZE2c3}POelqF{0V1(N(S7O%A9BdV+UTBjxA&M( z%Tb~=))BHWal7yA7Co}=>xU4OP}8Gn+tRNA4ew?$H2#Mt=PbfRHfcv>myaht2a<>y zjRYqEx?8yMM95V)_>gepQCuYQV>`Qt&ER1jp>Y-;iJ(9d4ZF-i_xSX*_}Bv;2)2mcJ@sc@C&dhK_icX4sko z4C9&slF_g8s^JIiTiCQLwzEg=@Yv4W+GAon^P`24LTGfgmtieC^g)CG$jLyZwbm9nn>9XP4S zL&ixLp9CkBK9kK!uqcM!OJp^I2}_Zw{U)%nvJ(axlaZ-yu~zQ!y4Q+v-Z0)-W#=0O z|G%_WjA#x?yhZE2nr`B+xwbQR^zymX zVdMV6I8!J)Q`MV8b^g1m`9;;Nmc+`RQbF`HCV9cze{yxpB$o@;ulUbA_BOufP)?i! z$6N_<@>X9`nd65?Xng3tOT*vPy@gom%8DLFC^)SM2`th10BzksH!SmeKy5%cS;tJ> z*0m4F^-m}3f636BOHW{Zbjr16J(n@ReG%V(PVEUaXwR+3Ld=4dJcyOA+D|0Gffjm> zdlDWb%NKCr{p=msBHfeXuYRiHBekMRRIj?VP`c)z@PY~b;@e{H9b84YMfjNydRA;* zSyUY!wt~-a=#sUn+15|cUTeLl_Qhe#WNAP1?C$L%J^r<=GAAAK7Tl;sm(U4M3!kz8 zp8-d5Zw|e$ap7H{E`o53FUw1pc|(_O(fK61x~7c=3i+=lW&BrvC-MaURj!5${8u^p zP5Qq$4D#*y1Gdku$xYUhgWlhFO3s$>lD;iV8`s^zoG|oP9%x$b_-oFC!fL><2ThLi z4rX{v&NN6q|H&zp$Z2|pkqdic(3}9=8o(Vn2`*&| z_-`G^ej@j!JPxOsry=1Jqkg$)WIH!D0lKP%1+kBmp-KstUm_}(B{CfGRdM3t-;l3& z6{QrE+ibt{%@b7(F59`6C&VmtA*zPrAz7>EOwojR6=72i+vN_T;3ghu?q+?FY3hYF z)ZDTzlGxkQ$IZ6Ebg}Kcj3jHd_LOl$y<&Fbjp!>5JkU^DdrsZr;_bS^*aD)e7I6$^ zYHGH7+|@#j&_+X*098X>6yka6W7y0lp@jgli<01?EVzhpA=EbsAZ=6$Rk+H2iGbB_ zGOrqI^f_8<^M7yjVFac$Zj63IRIIZv8!RtSCtuz?($_5BHDBy>@r9_CJN9c|lye3X zJ}|1UP`hHgx zzLOK-u~3o|;lF_!Q@`6s$yC$>1_^=*k^+sx{Ob8apK#6g8<*PxHjiyD2sbWO+;_>mZBNU_XM?ohCkraZYb_^;mUj{GB-E;95x)G2Pf$plSUPa4 z?;jkzJ>2+Xi5s4X4_CZzN!H@J2XEKGKJ&vd&4!#~e&G{vkT^=-LgS>yJU)(X?_0Z% z;UC+60ESPS2EdXuJar30pz?o{Sq5aqcWOfszZk3Z>uf!tpXc)Ho&4rblYLi=%nkN( zruz)k>^>Q~@d)&jzJU@>KP`GP-J;NXWxdrK<9>R%OaPSH&(En8h-#)TPK7-uLYMNNi~l z3A6P`ScFNm%Voqahvv&_2>of@iBN+q6t0C{bcwWVhvwdScx!XLkLJ@-#+MCysq%rX zmFKipUXkBgYei9OwH2iVf+;r9uOb;b6AZL|u&Y@$|94u2?^8b}eKZaF_el`&#cyi$ zx6JTkB7uO2VdFYCRI%3X-s|-bjW~fyWsb|WIE^@i!dUsv-fA6DXpY@@m`kSLt<^>Vk_6pf%C3$ZDeQy(1jBD+TTu1Lx4~Y>W~PZ3m0E zs6pV;Db|=w;L^q>lEQ8t>v%L`l=asrlT4{t8Ls(;W1<<32y8a`O)n7>JZHIFrUY;7 zZ(ZT;)&Fz;rj`#l`A+GSCDLnchtRIkD{710`MUNzgA6bYgSMtj4@Yex#JT#A6J& zyvr}UBD`fMLs~VMO7GaZ8ZPV`|8;UsxRWOLLeEsZ^>~v-eZ?LYHZRo#ZEuqWLBDb zmJ`{*ue|x!u|l!FQe#%qPyCwfG5Xw;WOEmSKp^^X@bNvfZgY!p3MtD}7vL5VJzpxdnW!&PNOWeL{Q2v8buB#*>ZP`Z?5P>4t z&ra8Mov71bl~v|tv-%kDDWNIMLi=^g^D;f7a@4?@%aXzPn}F6qE1 zR)ZLY=IR?`n4Z>4Y`|g@qev@;Q~zYKPt#n-J~IxZ3p0HJ8eoCEJ_2?%0|`6 z3K;q|tTHBs-txCl1_{@T`pWR&-m%0ip9-^lC@!Z?`b_BX{0f+8#l`I!HOt6JOaN6h zIA98QpmCy!LK~WbYbwe2dq!mMgw$jEXOVj2ubfG;w3~SGM45cni~E{YXq~vPvkI*f z_jOjGY7XyPQQCwx>dZpx&SdD=RoHR=Tp;vanhW2C787O8kP#<2@zGTvJ|C^*)4dOs z_+;D4M;T(Lw<2b?vO}zmt?ckKTiKyEG#~x=5q><;>D$hN+6kz)mWZo_|JPGnRQ1fwH(pnJ&5h%0 zM-0x7a=6N*+}oqQ0a9u}rkkU|qei>f9$e(|)`dY5Ur+*m$-F*4m+WG*P)6k3qF=_S zG4|^w?cR&7toMj3D|jj^8EWlTrkYZG%sYEvAlVqD`Xt2p`b~y@c-kpBi%P7YT!qi^ z0R_JB&YQ|284yPqWPhza8S1wOcHGAos3ZMEun2Oj{QNH_2iCRwAfM0$XTIt_Z1E#Q zUb5bNc|w=H$?`=aKfWRLjCwBPP4y1_tu#=u)}H!=^XA*E9Jw3$2bF@##kUiJG5xdEn-Fo!UT<)7poV|DUkw+74sQql0K8APy!ebmGyN_&B zG9YFM1kv=3M)c$@@ESXqr*C(Z{@U8goEGA%khysj3@_*w(}4y)M)k{usI~^}aT^PV z>{}ub#g&XCdZjNDf9fUY)8I-F?FEE=NWB>b#J9{6gJ;k6P9McHCPJBKSM^T!ZQ>c5 zk~W%iz%QHV4ReHNHFttXuiIGHWMh)e?5r~IV0D%aN__*k;RU_Z-^_%8@Q(dOm09q^ zzwe#?I*&<|8+?-JZQI!Payz&k+}`N}{PwZ;s9V)JBY_*NcauK!q2?bYofNf9l}-5iCIKG zfIS5PB8?ka8D{CJJ(mQW5xYGXz#V(u(jJGd_ z7_e6$BeO*;q;ryOKxtdvdqtZrk~J-<&ne}sd6T(T4)3cZ6g&Ea8>b2mSGVo2#W48u zi*C1S3tXStebQ6;?R%^CBDN7teG zq|I%NQm{t57s=4QzeCUU9)X-Qk@h#ahR+;CyAApbBSEkyZRpc>KHHSPD!c;&NiSR0 zC?0X#5v-2!Re!Vq;~SygVw+6m zM5lM?IA~xU##mklXp4W^*5bW_lS=uGFG5px?4Hi)lnm9)ha9_xw;@N)&@RYv(o<}Z zyXj?!kqn)q50|$6@Mo1>e7N&TJ{;se+(#eA{SWn}PeCSq9vo^l`=F#jy$F1J|xU+Kyf}zN~+S6@dN#;HNoYegiC@}F8 zRF3{k`y1R8_&4|e(T`P8v2WhZO`-qh=Re@)0RQHj*#OdtZ#me1 z^Y_1UqX+>3NS)6OsmAT*&FnXQv+KEkHN^(_#il>OO@II9Nj6L_>g(S;!am3hqDQvS z9{m0WdP^a1^8K6j**6Pt1}zfxg-*BZZ+?^g<`cbPTTsq2i~kAV{avox#0R(Ee(oB9A*BeAWI=4o@yO-K;*#(JvJi#-op&AC`ukuJYR^qFG_IeI zV#F_fVDSkzbX#A|DA4;#bH*k?TGD^DUgG##QPvgeK_j4!`t&zp%yf zV#M9NBdrMRq{swP??z?pxH;4H2Iyn2A-jDMp=$BD90pLWx*rPw= z&4K>S%CmTLjDPdc0B#QVZyqe?=4k)s-=*A?_&1;CaC4}CQ`(1{V*jQh`sH%I!#p4pn!xW-<*Im~}^^Qqh%<=>n$f?@&J4j;{paiC9W zxPn#dajc{#^~ct)m6ECe-Oh=xW#n(G9aFcnC_HTu@alHndFzGBudLho zVRRG`1e9EV>#bzlDeK1jMI=T_-qu|iur5_4-Kpfc+S0n6&qa$V%!~E6mXZg!tb5&# zX9HM!*X?+YVIKbvAz-nOy17U&u^_7_meUGOCcy;x@f4rtGF*+fOTF-}X?=Qm>*e`& zNp!<&-Y_nkpkY_^+ivX?{ffxS$W7f&PQOxckLAddK$`t-`SCPni>iegGW}NXeTp{L zLYcRs-^#qao0m$cP+7dNq$Bgc2gx9?eIz-*Vj@F6y0LSx4Ce z17aTP)9jZ4%|fI$a+XmmmA0s@qZD4|NHl^=60_^+(AKA?wq716n^b>#h&dyAv^ zAs60iMVR0p{h4O|#Gi3}=Xsi4Sx~$l5FZ81yc!3ySvwH&4l|e!1TaJW1DN{>W|UwI zujYJ1G_@D*6%dUGB4&%WeE1N*_^V;*ARb~6&&@zQAb^-Jh=&1D{JZNs1N!oIsq1P& zdjMKtK|aP`0pv#8>w!wxD(LZQ5?Njv;JEOhreGSE1^Z*n~gkq_pWJ>5?%x3jZ4~L&c z#Dq?@N^62j3rA^aPSb%W?4ukuQ@@BM!T zT=2`F_*@lVMsfA;90R&MQ)-Gzk-w>Y0vFi7a|9Ms-(#mF0M1*U@3-TM*k)AXB?9%E) zUd>Sx$@~_&fSQP}>gWkN9-J6#FIzOR7xX5parb>-(A^+ye= zZ+K7G@5rSDfQ)pds^dKfBdcEO=jVLf3Vi6T(9BHhY{cZ;4FQ8e`6;kkt1)0@hV zGCZH?drkTW4=Qy`Nf z#~Gv|iF5g6XufV3wl2?)3_iCon(O`SUI>g~*{rT8L`;gZf>pg`v$H9ks%`FL@I`G>6|MPTz}g`EFcP z9{^3aVWYc{)GbQeQ9D;HijuofkoY*=gJrMo;hz}xMPOf&jeV#s_Lp>leIQ@|75;nt zC-~3*XsgC@#=2$O6FBf1F&`mzi04l|5$_ zX7xKxVOzL4>1u*#F{01S{{1~YMQ9B1*2q3O zW++mecfr&s@X9ab#}>uxh-2^93Xh}~G{Ew*Wli3q@3SB64*|J5{5t)j2`F`BjnQf{ zRVsfRgZ+2hm7X=xlIdEc{r0KQ0c}AksIctq3>7Mrv_~eOV&(wgZCD@@$oOV)N}D?J z7F^9X&~CWorK^gBt{dKgortrzmK^ZdP^A~Ez`lI0jhoO*&>pk)Y^-le4auffhvxa? zySx>&Z;WWjd`*AAXRKN^K5M6=(vA2#9U*cJ|F3pS6}}X6;n~)hN%T2cl`7 zm(=8pE5igM?#v2Cp@^P<47AQ{c&zdFn5Mu zHR8vImbg@5Nav;W_KpaLZ$I*sc%D;nSm(G5vp00oTTH<5g^u^)=PF_%{WaxJ9WQ(* zjZmhm#4Uu{R7R96V}V6(swku@RMZ0 z?7vOcE(?z84pqI6mRf$2X{pauUaKdT4MQ=H2L`B{CnS<@f|{=aW4#ZBG*?hsX=~#( z#KXQ1+uO#{NRj1EEAm!T%4@iVw14z^4LmoBz#zd-Tu>t1#v&z<6t0!_Xzh<%Ec(IP zYzey5=BZ-$6?V|tTD6=QIvgL`sL%>Ja|KYxs}hAmu|yH^Y4>Kctv)Xl*rL=!gxhQX z%GJf5Tb$k@TGVeg-x1Cw=S%W`6AC7?KF5wTr@G^$7+4sZunrlCY}D@ zOp$hD47JlWN#q>Xs4cYz~vf;gZ ziM)Hm@Dj~gpk0|6^}jiR`d`z^V2*w!Ywhd{DF-86vf%eC;FH1YqbFymY778XH?VDq zQSyillXJY6zHcV-Kv4tf6V;Ik=mN)#r!3(li7-({Y*C60F@ zn71;5(FOYNo_+C#vo9uzKag|&WLXts-JrdaK7@^O8WfB~1{#nqlz($;?Et)GYhMxf ze^E=sYz2*HYAGL3O;Z|sw)|;c1|R7S1RxjbR*c@{fd1u@hkt|{PXz~kQ$%EwS~(ug zO#ZA0;Y4**Yr*vv^vc+GOMXRo7E#ER`4tUYqwKV0e(UY~ZO4!$TFJLhlI4Sgnz5P& z<=cp>1p1U86G_@tt)&+`SjkYPioCZV&|AqJOk3!e+pR4K3X0yBWXiBr)l|Rvf3`-k zgF+)uKaM?j-iTkqO+ZJ5_&CItFex7}h}U*X-YP~%@6o-%G&!h957G6Ey94^@dhkD@ zhuN@@F_XsnW|GN|PZLP81)h5AN{b&@grmwzWAgiXD}L$BrJ@WW-Q?HHi~CHH z+GBU^qsy;y!kJ5d;J7?y#(!ZSO;-oDoda~LT~I9K&Zu@ar{#C_hKzB&S}2aDYh}}1 zR@U^atPAwWE&0jwT5yN=moB5TMi%F@19?xwnQJFuh!zahs_ApR5Uns_NsaDIYqXdD zA2|FG=y6Cr@=>8qu5qKAn2!Y`7wWZn9HCx4d!X|eWNb`CEv~L57dHu6_t5OYaYwbd z&_-d6n!Z2(xgTYgM-nx>Uv+JhGbJjZeFQ7Ta`GzlL>Sm3pydh;?BD6x@}D}>wafJ1 zP-vg6`|(LBKZf9Y{V6BxljT=EPL_8p4crV=T*O7kICz0%vW@n$g zDI>UkbF)Es%nwQNe=#OD*z?83o9x$}_*so`Z_&LH6DRq82D>EfeS^RKC@3F%zjR=8 zrJJe@3qN^oKF7E(L0&oHvnqVnb`w*MNQi{bdO_4hu$(zmrb8M|_CEZE<0Yh5FNwNY zMP=ayexV8#(liLKIFy-@_-n#bR7VV6>JC=!$R`T682Lm&p_ zs^zY|xcD$crow=256wH>0w!<7$`76WiW|X4Vc(sTZb^SLGj3mQhCE~T!&eHT-@WzA zn;{U}g?npmUzNC^NVB(KbA#W9pk6A~Uja{JPm+B@<8Oav6EcHFX`1qEto*c>MPEFE zE=Y+D`HDMG*0tb?O;YIVSJ|UUerZMA#8+kzywV}q$3|J+@A{_jbil$3+{R8p+fmEO0Uw-5k(VA1X7V$TH}O}YDQopoiAJtc@3%2u zKD28ab4TKy)^Z_R*hQ!Nq#mt`6*BkWBum2v{sA9X6GmUU*u$-J?BhW`<-vB zn;E5@vCOdHC)OMvVYsfLr1SgVsdZ@(j+lgKNNo#^K`^6SbWq7b8kUUN5C|p=-k_XM zY>K)~G7f+I9tX-Hij1b&qtw$59`m!w>(qZ1Md~oE$#|4pCO+>vB4dE@&^aeseA(fe zkPfr2;2ul)nUB?=IACtPAu7!ksI!L{I#xvD@fLnP8E__Zoc# zZetXrXm}*^j$)s(fpx9-Dz|7ZB1<2`szRML*2^pW#6mdlvAH+^OjQ77UsH;K{V~Dp z581D>KO}7V-uEsOquD&t?6iFwx+C8Hj4CXW!Rqt+9wF@?;a*P6`W~wVyP+hqTg;S*vgIEnt#(8t-;(OV~ztQtmufB zFEu_#dG+sWDHugi72X z-%jZW{~>oldAd1Q)#i(==zaVLrgGT-F^3s*crj$%1eEodti<9bXOqOZ|KIkCI$wCU`dp-hY-qT=CkS z_^bSH_Tv{Sk?F!2Ia|>K@JDO-an+CP6 z`grtXPoC9Y`8Bi0h8 zjiY29jFEXT7PBEDg+aR^B>qCl?;>`;>fpTyMoE90RYnr5H+RQMlW|g8jkY-T1C3Nh zuzd$Mw;hBu0I^oV0JQH#ZU6#&B^kY%Ylk*jQm)!DkyvxCH{tp%i~<|iNE?P7w3U^) zG}pGGSqGjE+rSGi4qWFg|B1!|7G%3EVuGNV)+lFKk({qN-~0K+PN@7jRWdYdyeYSD z3<2GFzxYZ+sd2JT+pZ0zhiroC{4Y0)_1n=mc}1>BVLU~uUNf05u&EGC`=M5wDB9MWNPRg?iU5wNKvf(@YbSZ zc~W9UK~*NpP6dzHHY4vkM&FF~0l$`;tW#=A=#>3`ZgK9L-J|1p8hMhHCkW2Kdog_<}~$4Y86t`S+v(j>nPuAecDmK^l>@{@CzIJ&9)wZhMxHJK?W zWjbEU)cPk&e?Bl*B)^fVDf&_DJYH87x|&3+)y|D4!{ojq)aF>|nJ=31tjT`eemshv zI?@%LtH%_T(sK%NzCXQ~iZsQ~gk% zTYHiPhg}Q7S!1Y-Bqqwgs`#U0ZP>MB$TRP7YlYqP3G&ZOzF^BWl6xDmrOy&4Rg+yc zJsbW!UT+3(iGGVt-|vZI@hmKfo+%0j)QuC25NH9d#rbB zY#IfeHID-)!L;k5T+2$nHgyaG1TO~iLG@tPF@FOTl;_VVNdAM>G$p9)YpQJZRO_u< z0`&ErLq9p_j;xB_@gy7;0VO4I{ptlEvW@)7eOduwBx_)K7TmkF%roj z=!g;+tA25U^+WHzEq{9EMY7;@RSenNFU0t(=y>ttJDe}hucIxCm?OY@d}0SaFhdcR}}PywZxy$n=6&SZ;^tF*-mDnoXmUY4H-YO43?e>#__zpMl0;M z$1)8&isIdadkqieJ1@8R)r|_yV1LUI$K`l81B?7eOM|knmisZbFL2>K=}N9q$+N8F zZ!;zT7?hl^lG9zuF^8Ma`?Bx757cRyvhkp7oyv~3;1IP)`x3mF6IjOU3B&j^5!Zg3 z|8hQPt&lfHJbG1*hHb0%gKS1#J@pt6~ zfKSQ*HjsZakgsTeM+f{m{r;1e0>s*Uul~DrAW-tfyYMA{g80}&ByjYFEnZX=I={8Q zjL|FG zxdu~FQ=tJdrW=;^nfA9^zYOS07C7er9qadw4C*5O|Jl~YuQjl1S{onG_kU@B|MzyY z{Wtx;Y5$yeJJjzT8Pv6V?GNAWuaB3Bhq3GU(i3AxqG^pdPuo24IVUa z-m&Dg+!7roE3-%+me_|bWdo|a-!lw@OQY|TzZ9i}vJPGRcelP<#IdhHF)t<#W7X!S zf}Ci@x`LPVqx`!bgpAu%C+U+gZoK|CehJ;pP**i&DTPIgRVpNo;YJ-JFLp`wXw}ti z7{|YH`rD7c>xzCqmx@CuA`*%k&3==EVvion308Pk`!x0RBQ+ zXN?c!NBaX1`1blQh@b{{el9vPX}vpifDFnOFm(zy_f})&9SsPe=5;hpzkolRhQ?0ex}< z%>MtQPe=5;X=8VnKHt2I3I|FOF zU}=Nhom_agI7mkeQpksNsDo7VYyfF*2kByibY2G1hyc#_vV87hbR&wSup`41f=K zk9)B)xi?5}a^V#_ zNPqtWkQU}ToDOl2`Ys3{J$IDhG|3=!%Rm|*K>Cg#y{?#zWa#^XbdwM1G#^q`AS_V_ z={$q<`}qN#&JG}z3sRGVR3%8oJ|u0tr*&uV9pH3~gEY(_-I#%NdI0GpK|0$(YFP-R z*L%9w`9e44$N@_an-^Of)_Kv+8c0Q+dx~=`$n@GUn zT#&y&OK6E*X`XOF&em_z|HVx<&z`ejY`-&$7uqj*o%vM;z_t8lFS&C|uC4}1pztehGKa~S;!K;q%sEqxSQ(as7*8Uvo;O|m)04Q|EI4C3n zg}%;Jto)3pd;$$Ph5Ph=Rq@Xt(9v9b7t_nt@qemOqeK{xwIlfwkJvrCRBMmp$k}nl z{f5Q8%GkRHSJS-L&cKc7UYW~k$gWwl$Uj>e z57KFUN!{`U&zsVhSI0M1$5Y;WPbg`t|CZnqmHtW+Ra4M`f1xVATm&_`Yn4sFtKy$> zk^=dR`qutf*w3@hdZc)~VL&bbeo5NDRS6uGfN$W|^f)!DNEo-QXb-OyJ@=_%V0IHt zS7&v?$H7OtYVgP5dzPp&5KyH`tSLlBkh}Fd@1ihb?6;+3-9DOMjYAi8$Cm}|t4{V< zaDL+SCFduuUV<+Wl8PJSj}$lS7k<#a_@P&IvizPOFly|HM9|g46H}Mu4^NCF9+R); zQA+*$gnsEsyLV$v`6zwWLt-SMQ4>wNw*(hC#2~0&bGx7XL8gbN}8-WJh{nw)1XbQN(-y6t%L!Pk%~!S@?3s%;IU%AtIzW z1VSF5L|fN3DO=c}o`4kpiIo+|)!>*K{t;6vBKCK^{94|yT6TF2el42>mR=}TLD;KQ z;1ik5%c>l!C$_zhcG>$#frXx@tMz1(eaO;>4?wc!QuI|mhY-_{+17pJGSe^L+P!af zjQD=W?4UCRHPdvEG2{|1L9{C8wPlI!!yzjGaW z(;q$SFrDFJ+T>$u_dcc%f3FqO_1;;79H#Bbmx0;76TFlBIwtvb)L9)fi|yWzPdy{3 zgM=W@dxspfolxVAzux8!##jjZnVd8S7i)uyO{0;Zd%M;l>}2yS1mk5mK7V7>UA;GK}dt4!Ck$R?Jvj z+-Ucl0mHq5L8Y;)l%%OaCAc~u+^~aZ{`w6M3fx{Ujf`S0r0Y$Rr^ zroYvm8OaV{>;HQyPo9rQJEjRQaQFmx1XZ~7=>lk(IjO?1MNGDXfJXc$Xhqok-*jEr z$#!+}@H?AelK$Q~)TsenrG%iqVo1X8QkA%{s5<^OEB|CcZdqsksoo+%PHL$LT_n*B=Ed?{)e^ ztxX@_zTJvki3&Q#htiKb07At8CdOBoLx~8N9ZHttUIA=u2QR?iCnMJQC&D-qoq!`-Cc0b2?E~1+{hzjqAGq3>(!wT20twb!60_ zFgG<=pm^vEUj!=XtD0!NAwjU#C=;f&=6Y3RSa# zdR;tFWy{)Dk^A!c#Ko#Ci?Sgq8n_x#HoOOPOvcrf)GL!)I)GfceQxVprL)hJ?eP@d z*Y1~!mdI*S#>Zm*_9Kl}Y)DQ;_y;S}Wts3Jy(fF-xfB)8PVA+Ir4&xWZO@4z7E2YC z{|}<4^(DbHwXR6DiV)u^Yu=Y1G}zaZ$j@G0&pmu@+d%FF@(6ibyE_G4Bc%x^SLl~! zN^(R!7Y{pI)JjaqO`jv$NlwJ1?x~Xo?_bNDVd*~HNpfl87Z{TKvIdvIn9o&JbkAy5 zy*PDIIlYY|e6WObQTr3r?oD|}5CfE4xhn0j@y+!3N7eC_-tYEPi*!_m!smIHtylt? z@jiT~9d?<50UNuX4}_>HzE+)WdK~#uE1m((oYc_69DTYHkppUbS&%>e`=T#n_X8|b zXSnemfJ%{xY*n#c{i3~Py^6`w2R6wl)a3{_cdCkg)-QUrl_E;n(Z4!zmBMHJyUN9Y z$uX_R#H#Jnfz7h`#!!IyQ@vHY*zZb5@PX@6W7$LzUNF;!lC4X+)%J_M`NfQx#SN6U zVGeEKZ|iBWDWhswYaHWGMeCPqhDs!CVDH46>{};r@_dj#6%@p3#&Q(gWF_tk3i=v> z7gjJ)g%WI?o9Q4g^da-Lk6K<;K$FtKz{)^o9)eQsk9(`2NtrQ5A# zq}AwC+b5ONTLJ=i??nFiEBWL5LUC&BG|A!0^ibj#Vmpz)^}Qr;@AV2#lXB$Bve){h z69=Y=O7?F+t8t?~_QzME(fuPL{b>kDm^iuF42mc>eOOoGr15o5^EMVTjNcuJoGre_i;s(ZXWcBeo$nq^b|Q&M+eLS ze*X)9Xgk9+=t*9?1|2b>drj$eKTzxeQKbWdti6NoB0NgA#3VY&+2Ohh7+iMvabKt@ zZbP&3s^Fh9&CpO>X81!q`}I{@R}@+CGl9ucC-yaLZePQc5-vyoIh#aTUw@!%$uTVR z34`LL>CT|AQJ(}kZIzNY?Q{2`K)Je9B)cM;KaDQfo&GHVi}ZC;_W4#n{?&pDsJ{tq ze}F2IZGpCLtFFyuW7=4B^tSZbovMEIhTJMnJ6zlJzw|%*Snv3{m~6nE`avl;ChJO@ zgwAlKD|V}NTXJW*2r(RMOv6zc{ED5VC8Xzz?0%M=<0Wmp0bcZ`ysvIzawNWqH4_d% zP_DX6*?yeNLvx}gjxZwamjHV0%M!k9`KKVpI_|c`q?(B?^SPF zc)QMrG}m>Y$`Dc^EmBz{G`cSKVa_*rfvJr*XQm00?BskZ^`63pkgB{^0BD4(^@4~s zj%RYdH@L(0sAh|mnlT#^z&NOEnTKddzXUB;3C1^L>r7mZ_I|$6J9P~=fgJx&QjFUD;RD+gachSHV9?g4Q&sZe zz-6Z0P)kgQP>bv|3OzH;sYOXbz(0Z3E8&@U-F8v@fy_}5bFHTWhRv7~rQomlQ=7BT zU@C1FvxAFyT(A}A^wXqZ3d;2Z8kr*@^nqBh$%@S?wn}hCP(aJ@n5_N_&v=yrx+gA) z0y-xKtzi&wI_ozX8b6&_s3M_?_e;<-hf2Jbl3H!sT^i~%Q*YY3RQAGyaSCYO7nqU)Ulv0z;%VxUo2Cs_RDd+6=&FCMm|40{5 zx|hx&gyB>}6Q zzYKmke9!P)QNe*!T00r{gw-esBevg$)b*?_Rokh}UiG8fT2f~h$lA@ke#kz5z)r6T z=A82H)<9Ie{Tcys{T?ecdUL>;d&T(jDIW``h;U@A+D=>4BcrTD0K~m-Y6_MnM3=Da z&#KtxeaK{oic;69UnG~_pK`Yo-N^gY#jLO~)fmqQDy3>n7_1tWi|n~WNJC}5RXfW+ z(`Ap3dM`ZfTVdbM954f3NboFX8vvrV-M+f9a`u-C@Bzh=wKJ^&r!* zE_D|_YIsf-P66`b_!@go^}_WYf+X+P zj}dXPlSw5gr}M??ia)<7H=O*%mvn-6`?Ytio&)}L(dIx{%U3=Vx zr_DQ)i>CiqAJ+FB=P&BDE<5WN zRaupGY8wTr+?lCP(RufBl7eibUw&C5;aRCZZz+x$#XnG$^YTCW3x}!MDv)fUb&3bi<%@kNIN4-IuH*CJ$ zvH1+KTPvFjpd_KKlVd+?S4S>)JpLmcCvSHxZHE5-Rv>!T5bMhABFwsQ`I*mA!% zpxRa^XvUVu0NVS-*%|x2|06=S)qZ~>i#gn)N;~E3rA*@fYlc(>-dX>^2GjUwT=^HG zUelKbu0*+ibuCIXk$k6}Ce(49U695*ey!%-Zfpra=zEP--arPr)VHZBF#e=}{uj$0 zlLKVDKQyVcoOL1v{)BadvvM@*&8ESv)=gjqJ!b8zimwa|q*iAM@ zBEa>kcdIg|uR2!hhSRDzVe*V54s=j|Ak32aQ9?QH8#S_NFk||L8*acvOnpe?Z8Z$D z3MFVkGyDb={a>i5ell$vYaT0HG*tUe1dZ(GL@3@a8`XaY4o*9p<6x8q=OnvH7-Yt9 z9qhj%qHv2M3b%Mav7q1^(IYd9tu%n<8ExGcw#09J_kb}BI`GcNF=%f;IStF?Z(Z7> zHc!lTH+-2o4^l8EiE%A>VlZ)~j3Dtq5x?qt89`#iQhUy%$m&C>QjhV!N6JsOwo}g_O(BwMWvq}AWFui9z>EH>3v^P3nnvE zv)>9;qA%TwgJ8wBc1!OayjK1dR!qVT-?F_}^PLtX4-G!N_soY^o>%KUj?$mb(1OgH6QBIh`!I=xh?%eEJ?MBVuv40S z-V^Z5h+vH8vyb=cPxQrqJtC+A@1zaBiP9+Hg+XIr%lb6F?h%GSMkrIiCV3HP2eK<_ zdH*&cbzjBSiA&fgV|=0oh}ukV)mO%@a-9d&RK z=ALle8>#~4R);7Q=RjKk=mRSei!%lALR1};u2d7UyGm;SN2z8XqP__r`BoPnWK}Me zv`O`_v>|6_;6G|M_e0x)m5j7tE-m%)pJ#Xfx+%tI_7bWE*W6EMO#Ssm)KaI(aRDyKop^?LZwq(g$%u6%ww>Rh8rH=DkDl&$-o2l1<-G|D;rXv=LE2_xqDl65 z-i5pu&`kzprX8%U$~@gSt~M?|E5qggz7a0ZWB#+~?T&oTOvHsT7%VzpFdUng(I6YM z)}=>CzJQ#yKL4Pg?&W-cUU3G%jh`=Y^h{OHudkwlp`){?3-zk>pxshy7!PjTR0(8ARF%7sj4 zuQEP!3r_zRMxMr1lOS4@BgTQ!`S$C^Q}Oa7=#>$n>cMNm$v!-hHC4!nY)V+a$q5|b zrhRzfX?Fez3QAwfI>_bMJ9I`H$8WSjS~5IsGKL#hJty{LlRN(PJ*wibji6&1zh(Z< zm+IddlU;wLey7Hl=yjq-kxz}e!Wb#6<4uO+yWe2E`TV9{X z+`vE(f$=6T!^81+GqhX-)L@aSda!9lN3DQLj%witmavCLTi=l}|QG{4*3`BGKdgL)G1_ zIB-XIoT$0@Frt6@*8a3QzJ@wd8?F0-HDu?&lLxWT=Ww-HxX&{LSVK|wDwfB^&IDmK z>iLB#0=*0QRT$7Ex#=q;%ae@tK9L4^f>-R1`l%WfP}6-Nsd9C84miL;Bn4(JFslZy z3*Yl6T_~K13NOk{50`!%@_z%rI(d0FMO&-MBL=@7POgI%z|Yd}L{vWe9h0Hyf0soe z+o;OLU;XeS80rETy>puY(KK5C_?t{b|1&?NciTVPNvJ5&N<>Fo@1^HN>A)@91;t6N zzxp0Q3p99ZM1`3p$e+42)0OnpY^%)mr#I6+{<2luz?^e)U#HEzPYJ+b-ohc=?1B*d z*cbi6@~@=E`J+^4O_DAZHeO$9_3k@4m;v=x#vW?I(%)@P|HJgC^ZvRiFo?4MsK;KAZS7`%_sHV1YKl~Nr<@?uQD3y(@yZdKI;(?Y zXphn^Z_=;o6UtPi-df;;zu>3hk}l3KKpf_(8<5a>_RGEw`*i_}M1(G_jBUcrMEG^%9H|$A&o+% zuc>+d@ews*B*D{$Vbb=BUDas@5DJbb&U;g@rU`5_DL4{P=|e4>nBOx?ytg+9*i=&H zi12~7x}Zq6L_B?k&TG>r60EzSA}JCUXu zf=An zXDI;mE~v2;2XBOx&e%%&3<0ukr`8&8#4}h)Lu9FCca@L-R3TVP76(wR@D8PDM-q0F zy4HjW-iya{E@qa)!)+|z8+Dq!kGAdku=SGk&d-On5kZ<6GE_+CPP37!RW3{(60H$M zLH}+)Kt6EdJgpP%YqlQ@1b$selBlDjHFSp4jZ;{WnE!s28SYK4{O^OWO5WZ)$KTNoC z7a(C7G!uK{wwqaOpC(ESo<5LJPiHhR_nSd@9ec7Cl?DOZ~Lhh; zkQlyd25Qa}mWm_Mkp-{oZJ|_K{*3BkGHy0mUus(o!GL{hpZ7oVH*x4Yz35l_lz;$@ zuQ|e6Uk2Ot1b`(sZtO_2T>gFbZopZ|gxi2f;($iyFWmS)obg&j)lIToq? zF7~61=3CH-0yP?1a`hn=i|B!#9xwObD!Xw5we}t@7$E>}2mD=r)Jui3s@0Sv~;-8Hi zyeo?uw(|*Dzg+Z15xM$RudrQgR7<^N*y3NvJgQFg6t?btReZaJ#Qe%2x)oh*a2i>N z0l(U%@5YRIvsaoFIKgoca!)+057bAE_NB0+lxE3$fIr5kBEZ{K48S>thwl;bH)(z`3PVvDJBSq~ zy{P678{dM}emFtjX3QEtG6Lj{03cuEO?*-`@8peZR;^#V=hwc)koA`v@R2HFqb{hO zvENrlqznn@Dt>jxWhY`*9lJ=ZMXi8iD(Q%$;34}6B!gX%=s zF|=+t@B;T)bU>%vAg)&-S@E@d^S6MLQsiJbv@iK1V*QH^NMX*rme>9glF2Q$nQ!br6R|1LH>#7j*7BiMM!MuS*~K`&)qD`jwG4` z7I1I5SboEWw_zwI0+PK!*g*VEh862e`bDw_gcnTc7vDzq2HfmSn8rW8gcx47!-(l}ppodH%ZY>fX zlA+ZtufW6&-9^53-#U~LD2Ica0~mVV(#I@*>Ce>JDNA+MTdw`Bn1}wNGdpOSVQxdU zt^zUD_&a5_qYGRn{V4>q`O6!vom*e7S_{E6edKN;*=aFLaLc^@Bd3i2d8cqvUh2e! zSb!$d;584_vGI_&XF6%Ta^$X8PshgzW9)9c1h4yZW?$mruOLUri`DTJ>FKQ&VXK>{ zb;3Ff!xIk?(|)hdfNV2Y-3B$=@65HuC%s!TRAoII?!MvAD969f)_*@>oo=>n}E zpX&TGB23dt*VSb{Z3PoasE~(+0SbTc8zL79-hgs~joMz?#)Uj!3Q*GrdczEsis)mt z8XpaLnOzi$n9N+sv$>E>Yg|X8#OCIv_8UEyUn{saxR6q?Cmt6Jx^r$;P7e+NbmHgj zMIKel|L+G==99dGXlQ*F&aWucwS9^96HIA}dG^jP!}}-vdzDl9W`1=}Y?TS9?}iz# zKCW>5cqv{XDgIRyBuP2D;AJsNp0RI`Y^C2uA3k0j=)>P~6)S)I`amE4f_u}4KjFe# zRW5z#yKL$Vrj!SoP)Ul;B}vg5ZQmXdf1d0+DUuW|Rg$9DOc!pHF7$iJ`k$mngr9G) zKJ)IGha_Gk%*)hkeatDQ%#VLMUwYsQ4#L{MwTm_X_on)xbE=F$Rq%$4S$QfR3U+}z>;xI@s1M5uQT*l2`9`IG7CY~!x{Y+C$&Ce!f z=4XAn(?Ru{Ws7QlW}=3OIgukwQO}ck`M<4jfi|q`u59Mx7B71EP6%MLQ3$+M32&N} zqX3%gyavU|X_K9efXE#phm%y3H_@UR>D{7kWY~yEXCQNq3#$|P)oiw7KSj6N3jX$p z?ps-Z+KthPwb3D!vDMvxKbOZnqsQ_1rklrqD_VSQW&PwHH(eL)Us*SK&#RiE`%|ua z>Nb$9tUK*EHuzhGc%UU#n^bEOj>TZAj=$!;@E08>yD@yXTAU!mZchEK7RuaqV0Zx{ zRB+Gr-(eoGckkGnW9oJk5hP&y=R&VGO<;fCzdvO|O2G{ji7#nbU3-Xz0;>SNsqoeh zheFVuDLUa5z)YXg1Y=Frd3~2Iaz6ay4V}CPR}6v{_(9<}$bH%0D!8?kFykDlW`@YM zrZ92d1_EnjMPbtmsp&Xq7WNQ0n-Ot99O_yuW?fmoTs^#Om{h(dOr5_LXD;y;A#BWa z0=Dyp_siz4rqrT#4#&*QKhWQg6h8qnPK9p@fl>YDwLX8XGJbl@5_wsd+jBo}2Fzh= z%B-8)+K?2t`m6{Zm3^!QM5**KrtPGo>_W=PE}DajwZVmSTt+o|hyDqo!)JQ!75FzQ z;^q1`n{=~lxhp1R=Y8PcsQ;t~#!7!h_e4^g(+8?2+^XgShNRiI>_62)(G^M&>kf*b zILCRUj}}c)lBiX+8XIF1zh1Q!XT+wz?Y+LF=@nAMGpLqe$z$}@T%izCC~7U@gpU;7 zst|9fkeHyv>LYSI(1 zS8vE&C)8vz3N6Is2Mxs3nR%it#E<4F;&gZ#4fM4J=y;h{Pvxe#(%mHRjliq)wm4bJGV%JEPpePLI5!PSx;3 z?gIPEOtO95{TVLUfwu+!R5**rA&)VC^d#fT-do@(F?kXzcd^MX9*+=pG)M3Kf zRi#I=FBhFcLczUw{v~WKewb(V`iITY;DvVYPjA6z755^jBeXAb^~)uSj5RcpHq6yG zv8C{o?0Z&VjHd=K3Ev}!q8Jtqa>ba;No{Y}7s&}0)tp0_OuvT@Zs3(Z%J9!0&j|R( z_w+%%Qo&8;-L%!`AMek%vQ<$$GY+0n`$ub{)kqSCR|QQGN*D4*B2g-_nxsD1pjWib zu%VNM31qLUgX~k32^C9|((2#Q-&X(P?y|Lm+@^Hjpm#ALyz>TSckLzv8^n~fcCCT; zyY?W}(a-A0bnUipsg5=s`(WFS_1-;si@(3F;lJ(LU{dYOD*Pi=a-hqPEj_L)g@O*r46eVz-(f_~%y+wyzB$QI^oa7gMI$gvWRq3 zGW0d|?(M9wr%A}bYNYqCzsh>nOUy%fkI71S0ZXLpSi3BD>(bol25kslzjbN%=-#GZ zbh|wLZG?9!N%&ug^LaAwpP}PG(TF22K32eNHXoN5!aOyjITHWE?90)=VfQf|YRzDA zo0InvMD8Js{x3_qw=quasTg`{wcZLK9Fmb+V*!5Cw z>OMHNLl?O9iMK@h*k-iDI4L~+p|i(`3&yIUx&kk(^$or(b zQ}0ao)*0wXco=gF&HuoO4^?G&7$VADbpl-+$wj}>xU*!omzZ=2e4PWoY>MV>mUMr% zfzEDXNmdgptcfRQeL90ry{p=M)J3~Qu#t38co+@FJgE*3TdI8x#3O(&NSipSJ7dd7 z?bhVu*gT(IB-E(Dj`Mss`B?6ojTZkg1>QkFk3#{#JE#mT{KGpH%)fFc4)lJMANVNq zZqh`{92&_`&L`^s@4~uFB7cCxSl`B$mo9U&&Npw&D*N)sls&(bvZ^dsmF0_33%wim z?$ChLrHnWoINv>R{C}3?f7ISM;LryCgnl+g`KhOH9J2PNvjo0T|_i3GuK8_n7SAaT)`!~# zYf=W*Ke@MQ^FO%oE^v@~3(~v4by%_OSdhLL5MZ_WMZ@ZM2I=?=q~8RP9ucIT4pQ@# zK$_!2%5#t|yEwq=0`C^2=3JDKNlJ~LrFmy^7P z=G$>Q#MgRrDB9J5J7#}?kVYx0gGW*_OR`zP@YDI6*?kW>Mc!MzAu;@46p1Z?w~(Gy z-V63DXlyI%5g(UbOZu0YDh&Qe-~%E!-+{b4e|)9Zw_i7gISCQp)e*7syDk%v!;zJt z`+2Q@%#TItd%5Lw&>9OL366^K>Z!9S{a~i5PA?pPD`7G?)Ch;j|Hs<5z(-YF|0j@z zfQfenqCrH0jS32wC};vA8%*#nZX|$@plGqhh!r(J7K30-*hE>w)u?FgPup6xt*=&W zm3JipB!G$ptn%;y;^Quh7(^j}lK=O6=HA`A*#zkC_xB^&x%bY@IdjgLGiT16nIR8! z;+}=0(gzR>#}eETCKHgiQzk=k4_8y0kehz0UBh!~-S|YkQEBm1N z!~xuciFV-T$n}_5gC*-RJ%wQC5R9VL>f8?V{lWIgWUflKNERw?#S>>k6#k1<|MU=l zjO+XZ{LzwB-yh<9887!Z;+Ve#j=Hq@cd|TNjE!Fq1jL^marsZJykg>AGiLcaRs1$- zMj7syIMUglj(5MFb-UkPQu*7Yd+&gKkFTBXE*prirb@}jl*d33{ir>Xed`o%i zxViXPs3p*p$Tcs(2xEfC=EH{oGNE6TC#Ty*`%u7*-UoJ~XgZ2Qzr>V9nH2hV*}}jY z&uSD-PtdCVB!n)4D3b+Q!a_ zX?tl$C)w1=*-1iusU_&YNCX1H*r}1--(5Ikah~o1nRN zy{vTLd8CGsnp-V85Z*x}_3I5D5U7DTS*0u2uu>TUAvSYpBU+#m*;7(^R?m zfOE|;ms`qvNzMC?0d4Ev8d#R*!z&n_m5rvfZu&a&5nOaA1iI}*Pum0%r;|AfN_`n& zLcc@lSe@6M9qGI-m)&`XMRmQi-`Z*NH#x%JuM~gFNeGzurThhdzQ7B?mN{Qi#5`b0DauD#GPmn~><^%6QT;1|jbRFyfOopF>g_Hz~A=(STYr+{KcVI!jXc z+Ljb0TR=`+e~=K*N_AhD& zb~;QS2H81A*(nm);rKZ0r&#g1dfC1f^FcYxCzi@fh>1Di0!RjHG@tL^1o~Q{@#COx zZ7JDMa4<8!E0%)Q?c)UOn%*%qh_fcoHZfZFpS zL5+`s%7_J(VfM2?S;pazR4PUtpw5nf8g7FcOi+i;kyg1aP_WWmlL1Ptj|jLgiy|$9 zq2z2?y1A5yqGdR>lr1wauv_-J6k^Lhdf#f<`$(Ac6u6g>CK16k*N=~(Wo`jAD+&tC zb%Ju6*I1w|WA&c}HmLjvs2Kz$_9+sa9}6%_RA5ccYSWhh`}CoxBr5sifvvIjQN+K% z^{of_84_Krb4Ke0TIpAFYzhX%m^`vSxjS;auXI83KLZ&V+LLf68U z#QmqIV}^b%v*9CnhZ;FzgFz6i>)s7MaMd{g_;Yp*{x_Ue6%&Rz@Rdy!+UR>5g;-WEH35?1$1iczv zr7c*9-bfpxU=>-gdVxRMgL@%eZG!Vpz<0nI29pSe2tDr{ou<&TiHuN=@#)X!kqvj@ z469{Dk{8aM+OXaxj*J;W1Y#@9+k9Iv@7i?ifUCFLgx^efv( zGN$_R14}2|QwwxKyROm}_2^J&6oZV#>B=1`YXR>AKQsaU{k)1Joy$h!Z`ZPXpOKe{ z-HJ1e{CU@AUWK)GiTrI;9x-FcV-O58<*t43v@gPUoCqPawheTLk~kr8Jj1TIg(IMD z*8gK4?;kjY-3x;koamk5xt{r(Y(D#QNmF`|Ac*&NMVFnxD;jeYasE2)9a<=#tJFOSSf<-4&o~rNei5IF-?jOf z7&WZBz0p3k@Yci-j^L{7IyqviNqb{@kw;swRyRf#Vau{VjWk<`?qR;OnX;xHWZ@%$ zbsMSg4`c<{UoN1ktbWs_)v8&GG*aRApFY6VRxUzlN*oG^#HT;ve}P zY+1(|YjC@J5Gn@e7E5-~WL+BKG}(h4z;tIJ1NT2;U8@eb<9hfk{laM;cq1Pu5!@%C zYDrA76XgQzP3vZfH`O&MSfo)D#Nv^Bw<(K@OZW_8R^V6kjDd**(m0=qdynbZucHtd zu9P6ml+IS0H%VK2H!t@f3nrHc)gW>EJ$V=+VWZ!Wmqq^Q4S62^uFccY1V}u~!W~Iw zGGcM3{3<4!C68J)s9a+q%~(L12Fm5ZyRu4~`__f9Ri(}IP)-uHcH%kK)E~iPhx9|A z>Gj7(=zZ7fi8yxwk^J%r{#L9oG6~^&n!l7I{3;b|^U7*7a8zWs$OqCyV7gIAfT!Du zen>Ee!zzS{xJ~wmS}lkA@j(5E{prnZejr7!8U90vil;7|raidv0#T?*xjthI6px-R z9bT)h>qCsu=_v#jM{4sbntNgP52OT_;A(Tvg2N8ku^WL6f+!aHwG1MlB}i(OVL(dDX7z>PsQPw~(3WLry;K3C-v?bOqhmW$bJ-t>7oC$QH(ULm*3?1lRW21XM zswyFVIod;e!FZ%DE4x#kt5YachU=H7LT@emAJswXkVmYI1y*0V@fIZCYU$`U+|hpKj8swtxVd8b6wE#$DO1 zb293|?oZ3<+BLhAMOF`6ely=BT5p6`M(^oMJYd~?)dg>R%P9n7v(S0^={2)*(1AR- z23~upxF4w99}$Iz^+TWQ^)2Wm4Z3mG6?*WjOuavP$hGuZ!}x`wP48@8w?EWUpxuC5 zRfcrSzc1mo!kSC*zaE&AnbD$EUEUj&fez~+{Mb|pXt;B{W;&pa1hjf>?pNm%T79ct z*`z1JfpoZoHg`F{1KK3^NK*s>5rLF*!*yddG|rPxQ%IO0P=8F>qE_s;dUorFws9v; zU{?nsB1ID$1H<0~vI&?nW0@VzX)yoJ=n}gRHF)UaLhn}wk6Fq)bvYlOikV3*yMZ*Q zVU(r7MtPWh?IX^wEUSx;O`x0*IL58u5;`7!HL;F}J5B4~+L z3Zd^qS`k0HE_5y^03{KT8z1Bbrj0gt|G8MQGW3qv`Q#&@BUWwRzRkYGwLGn2?n-2t zH!*WCWvG}DHHx8#odq05*6aioz}U(F=g-TZQk*R&LB*cwkHf_4e~w{tJV{$yl?-(A6P`v23w@m8EZE^it5F&Gyx1~)RAPN`eo+;YR2fMJP_wg@<` zS_%6Hq#dk1l*(^L>OI5r5?V45wlQCwA`2wRM-Fc~ei?T{F8bId9?L|ce?7vcy#1TK z_01!E7^RG}E~Z*8LUYVjFYXin&<=l>>>c9R#7U|HuSXCVka!6s6#0VIF3V`GK5PvR z{6fH8&<%TKybU9k12rTeT}yqEu^$uIQ5@>fm3rPt+_D^{y8r0MFmmB55sX zy6xI1O-WAdrL=olE7g83kKe;bdsKN^(emleXz+n2;uw(^xw~)sgmjaTna}Tod%=TSb|s>|nK&WI;cV&{6t%Qc3mZ`#Y61DnGACMo4lbm_S;HQUpr3_vqy{s~Uw{Y58B$KgN3_VWrw$Auly%2VQ7DW4S`hcAtz z~^yBdlJ@Cd-SU%{SH10`c1p$Wa;;Bp0yWfPP{+G_HdvQ;ia^OD}IWi zXD6c3vy3>3%4bE)ip$elmy62lZf4tpi0P3#*PXev+c}n=NqOY0Qgnb*zLgHmsxav!Zm~TdgTg z|Jd>-MG*mvjiTAM0fCt$3}lb4tvn6?CL{$v>c3rEJfVZOcvh$WNAYTh_WFUu@58e& zMN0G|4qxf@nh9MQxrFaM@o!pE@bmr$w8hg>^0mczo$}%K&{iJQUO!~?I6FK-?9;;? z{0QDUZs88Gg^w9M`XE4HGtkpnlB6N+iWMomGwCH1*k{?+6f!Le17(soSM6!A&y*;|3$$+0BhYvBFGL|OtS;^tjf3}uG^U{4yEfDU@ zQ75Ip^Ey;A(yBxNK`?O~y(J_fn3rpdPlGrn_1_MO+8n+?q!0m5Di6MNh17K_fh=BL zf{?>2w8cH~BB}oYWZx1-oE+pXqy6m2bsA-iU9S#JgRJEJPkLEM;V%r)O zwEQ4STf0;(k;6iR5;>_xNxDSxh`~^UW6$)^0K0`s9 zLHl7)D`0JKUIA4KCjwOJP(XXN3G}T!@tha=4t?4sN&^bw6opRyVGd9p=)daN_5&r! zqKN+fKUx#r9BqM$m8WObeKwW{g4=KV-+kuH`=Q5*U}_@-_F(78Mf zmoAp4Cl^pW3I7ECi#JTFMfluV57_oJW}on4Lg7!~{yDQ3DmuPmy@xdzI+*UTb5N7i z*s>mGPp9x$2Wso{PgG;?_!>K5K^b*!1@~a&cLI*sAHoIq9f3IhF%w**wj-qH-yx=G zl@LDS-VT`Y5))e3St|af4&h~UQ864@trdsO=r_gH1g>t>9$Ir6E5|-Q0>-jP|IhUP zhtBit-LawCeg+?MfgB*uOslgLC6Ckk6{uT@{bPhhN9E3dEFFHB(v* z*G$&gSQ$qt`K;`>3j%nIUFrk$Ff%dty>URLHGG|0~)?lsrMQLDCuKKQ3 zKOoJtob!SE(s6{jY%Q~_o|{n>FckatB49{v*TJ~OvKHba;5cPd_>h4BfJ+i;#wseO5m5bYSm7K!M5*#!Qgld!y`gja>?~Z8|ss;(509BpUs8h-B4uo{J zBA4V*6{p2l{IFGVOw%Mb2BPl&trBzptrg`-x&BcUJC$){I;4;*{BXZ3QB>pW{Xoc^ zd4^*>y&*4Mu*G6L?;j$ z^wZ83F&F-NcbvKK>Q^uq&@*dEH_RT2w8g+0_tvS~tJDxmN!r8=hHDt`G@qIiM@0Fo zh`8=AaYQVzup<%MU9t_64m-X>{g=kqui6z^gDwM%xIvoq+p#mA4mcgEjRnGQK8GE` zI0kQI?VaQ247EPEm3j_zp;Jae3YvhrigJNeE)?C^p#{2CWuZ_o2SvA8eywnt$~AS! zi+HvCOds((S___AJDRE_EZLkwF|Z@DIrej=Ykq&1LPV@M?#;CpSlPpzlF$90YMoH* zH=K`ZZ2D5!Xe_ENIxEW<|0g>>vEoQi?ZJQUZfP;buaxv(k*+xE(W-AmC<6N5Q+SqZ zj(8XWmRumx8enP?V_G?}Ar)Fl2OMGK|V5QyUiRVbiq5 z`REa73Co0^W>_-L-)f%h2N%>LzP5OL25HI+p<8HP1)7um=^~Vs8xktWGV7~HjISaX zNJl!%WHl~-n&b;?018&7UaE@DWhwUf+}z8bCE0>oD!*WeN$|74ZmoWIQkU(OUvms9 zso$5>1^eTy8n)4R!~u$SR{hr#VS7{4)#K_RGow>C!U_n_}N@#t%KLpeijvR*Lh%gpUq`h z{Fk7w3e;-45u?ovd_Z_y7kq|IbA(a(-1mK_K-r@IUO#j=f}oBS?SL0wxaHwe#V~Dg zkMW9Orqo1|SmI0NPSjHMYMB&yr39wN6Vmzq`y)C{UjS{Qy4=>d%sL zR*WXPn6yiJm(9Z@Om8Nhnryy?DzwGE%u8{S<$CZKXB6SA^#@9{F^$2-zy?HLAnJ^` ztCt&?EfL}@IT*naM=ElJ@Iqp2Il85`cuwY}eUDUrK^YFMqLK?VpYQLl`lh_K$*wJ) zkrDV>bM&GonB6GaDxKjf=?v&~lypz4o{-V1Cm_V2jh+x1so-a6)#Kak2SPTxAAHCH z?ezmS!9riqs>LcJrzz>bW1+Sr-Mr*dCFkxKIj;@h3_(Br0}8rE&X=1Ph(iG>hJMXM90$-BM^c_&0t;gmQ3`ddPD=40b-8uO7tz z)(dHK<~Ms;&OB9pFgwYwRq5d$9F^{MJV^N+ju+-e^%kg2kZ9;V4))Od+T?P z`~r=}2>$qtM{^UtETItbVKpB3yWD-CHHRpq(wmKTNAo0}xrXwJj8TC>AG z&=j)q5-UWvIIcB|J`W4e-b62_HJE+hN6j_-fJGoT#}=$MAs{g{uQ9rZn)_#FUJ$## zxv-`rqpJ0R2lu{W5R8E&-q3_5?Y zw0JH8hoSD8-P#R1u=;Vq)&rXR+$HyV5)Nn+K7r^}?!tFuIGn8A@GUch@L{jEs7|}# zARn9X__a1DJo7?r&{s2)HTN3L{Vs0*8nk=nDe6IUe-$1cNoww`;frFvej4t>qNmzf zc4_WUagC)^q`C35RdauMK%2N57_#8)+Mq`N`S+cRSLOljmc81bPiLMAtcRQ_SQqaL z7x5_tPvKG8p#S*O?>ilN>ydX2J`DT@Uf=^-u^H}xx9{WadwfgZFy5kd?jemxhfiUu z0V&N55L^5mW+x%<7x=eNbHAgx-&_6Oduo5v6O@6#UY)x^JltRBA+w9A>Wesef&Zr$ zwhetZloJU?z^qsF#mVX`*|;u~x>7fR4CH(PNldv+bj*SpH^NmvexIw9QK8>mb18Qw(A{U7uu z&COFPH1|53!mGI(7#07>^T>yT=~1pP{@sCwx~C=AYVKyRiHtkyf<} zA0}*OV%32>ZR|R2(6*WAvGt)*j5sH{ID~L(D2Goqsc(;-jy|9EI)8HCopG^_>5!hd z-QpqoG7gB>7Fh?x_tX~6$;1J9Wtq4YekwQ|Skn)z*{U&q+MN9zlnDtLrymm6$8k&P zhbfWWSMOne_vFl{)#j9EX2H>I)>{MM?KWLnF>Pm`b2>G(1K&LCtEqn!OGgT134=zPxt*nh@~%nE7J13M$Lo0$E< zXYFULcOj>%)7f$y8h5_1jQJ53;ltfZ@`Fhub)!nX8z~_o3*u~UcyjutP zJ9UlN#Vw5W2YOiyQh)F%06-H{MiO{2(a2$Oj}08VT$DXUdCbcTZVGJ3z)mc}Ud4_KxKn@!l*mDZRr7;)6Nm8=?8&@H3bChjBD@sT|MO$0KbiH{q}C%%2`+~~ z`T@(V6;OwJ5Mld-HRt}@a&sd~0@N7_)Ti@pP-~yF9g{9D6mq{CSA6T!p!hxmYTO(!01gzyZSt11G^yt>IZd9PUTcC;os^MCI`l5ub zx;hF9!#N0uE1=4SfW=C_ds*;$sHW|oWWzg+C2OT^A3tifZ6gw9=u2ta^GH)X;Er-# zPk_?|;P!42@qp>z5tIgw%|?RydA5Q!*n*}5nmHcO zItsL@QD`t;oX~VL&w}PwEqmoc8`@msnCrhl+YHypGX|*vJA1u(dMWju8n|FKj;7pX z;4s}&$MM+Z!5esJ8cfCE$Gkj9J_%=Ua>I85YT&%3nS04$lBLVuO_t={$f`E${@OWz z4-B6~ghXCj=3Dq2M8eD^KG5x=h%47nKd&|?*QxnYXc&&NXk{}xA7Qn1#J^;1P`&@c z`w;5q_Ry@mI*BjNEUBeojw81D3VGIP3+l9I>ie$4K`St>@t@3pZjH4)tGK{Go6|_W znN$Ta+#D6sYjigP!EpHlheQJ-fgv-lb>>IUaE`>cH9CgzF4lpBPIC+fnEB{RwiK!G zJi86b{{56-V$XM~83%(+PS3hnuelHDGTOsDxyf*S!@d1R?~J#&lOBf(mZS-xs%AV63x{)$YS*Vp=i8>mNX)jI^PApS#IFATa!or&_v$BP7Ck7}J4c74<+vhWW2u1Q6N%k6Z4H)Dcf2 zX6VepSd=z@_&3I84c4vQaO+p--ydxUg(K%{;eN$Oa;){yVUMeN;T~V(#`zC#WBR!v zS_$`0PeHY6h<}VGR^?u<$#aNz^A|%re;xa$c`%NS-NOCk7uWX6?+Ur%ncgo3iD6}_ zPeLtL28|(0yWWQrT<|WTDPMb|6E{qAvozF_>yP+k{{G1(?n%SU8gG0wk|7^VSKzC% zCJeqn{~~18oGAG{^0!F-PLjW+JOBXWIgd7~0zlRkIp64E86IhW(t!;aMdJUc*w=!z zk8eHn6A*j)d2;Ye|34A3ze!8+jV(75@kOAL;|m0q$TjOhjnsL+T~9&7xo+l%k2JLi zO}Kh21gw$OHjBuWYe@6eX5puFTExC&WsqO#Dl!`drOc`oR##~4oVd_2`2d?$|9F+y zwR1)xyQj{cQG_!xuyQ!0%ReE~xlO#1nYu`QfwG>BkFNL55zF0N^V*)4iX4oene33@ zR_}3s%K29RIebx6g?9IT9nm@Fjd#PVgT{fVQz`2>-w>ib`EhIi&9H2CwF7uH7O%_! zc&u%+#osS$r^P+vdqq^frGFgPKeG(tN7SqiQUfsmg?~oTH$Wi?tf`>1LHzg!{orX! zCW_fv#B4UkqOBYCh6bRFGg)z<1D+dwSdR=GY0>6)Ks9A&aI)tx50?qgHIUtB+?rUJyIY&)!YAFZ_B$lx+2+o zXot7{=!n9;pNuiiIwvsvtu9n_E?+R6OVtg&;CAz0pU@2mWy^y?i-7dp3?5_(zX*mv z9*RBv6_F^d`rjm*;rf;RooW}di4$mdXhQSs;pSKf1po<@tC$MX=t>VZ*Susu50;6 zc-fzbL1>S-Xed8{y%lgma1_XW6#b&dpgkbpP9F0A^5>-FHnXq%)|tP@uh|2CTK5}i z|4mEcx=rY+=o~LHeq>N~VWZ%W?Z3>eV*HXch@S#$GFp4A7+j+m{mbuY zr~Y$Js(u?+ELA3~CJM=d!hS&^{N8&yLQ->2f!UPkx5P>uB@1b^2 z12u~lIaw91A_~M$h0L~%pkw}jj7qNU`M<+Bs6g+62=HRt?k6~E~=!$6!FQ5)!`WAd; z8hS-Gh$ycS(SWY#?Z)h1h431#`KLnb7)m!w|Co(=xL)JNeFinXKj$RfaIJIXF`xO3 ze8)M*oz{+YC(51z9(D8zwIECZ)kGX~rMau5opkI>;=@9;i4Ua}ut^edGNs}AM+r1g z|6-+qa`Xl^J7KNI%`*a$nWnCT>VPJJV_)@ObbKg*vR9yvr~~z&78rhA67_2*J$O|z z7HEwdU>+Risndf#0*8YiguQ?@60p!em*0T$Z38N$j+%l=M__o8T_H}c!c}+W$>wgU z3I{mQWUlG`9;e@krN#+*Eg2$V!fDBbXO8klR*r}OQgoYSA>S?a0b!(Z`x&z{l z0oW5@$iZW?;2#MRA-u4S-?TGWJt>UhTablmn7@31l+>SCG0UCcFPDR1YOt`x_)8_n04)!<3EFw=yLPIuM+ch$HOrqKGx3hxERLt_8z&)+v-l$ej5&=HQkz zh+)8MnlNr4d}K}e>a}_3V}|SQ*C~Fu2`BZ%Y7xKcN{C39DGUD>{FNAwm@}Nsj=!Y)V?Y9XB^^&4Z6C%F`V3r~ z(E!7B%dOByzaLKx;Ymgi5@?kA{8N{JMsR>MK@e2gmA1cO5zDS`guRi3ZI9GXj1Tvx zRpv~+?bbW}sR){#gJ-?F}uxf%Z?}gv%(nqkAV^W0Y21!{P+z zk=ncVXs_ri9k|u{D6I7C^|j%S_T5)pL&b4*$rVS=EgMjAWKfx`UsoI%>i^U{U1Eal zWli&TETfRS9`rqZwRCW|{LPTR&RflZIB2YDV zWb(*f9F<}W-!$8UoU*UeuDtd{wZE9_tQ|Y9sRkahYsdIFJ6eBfTlG6EPWRtqSY6Ma zPyb0ec&_{>zhL}R<=!cx4_{Mv>KN89%%M_w|7>Qt{9^4(eph79lV8L;;nzpA3BOi+ zB98;C;_0`X+NpB5=YY##s#Yxau+aC^Pk z<1CztjAQxu(h9F-ZC5fl}P<)!_C^^04$CT@rBaW^awA%d17 zR#@|xpPkI#J|f@0Ac)lTia~^hh)8h^BBNpu;S9>`PCSei>Y_E{fhIeC6C+v^N3Yg%gac@QqT?JC~RzO);MK9NxQ9Lq6+Szxha&EQ{<hZBkpxW zUC6YQEAlYpAfLl-K)Y)!8LC_}1sQQLWmFb0YmLgnRunr93+{PdSde^X3=3F@EGUX$ z!RlW|WdSy<`NYJ1IGqc(hX4UyElV;i6`I1%3x4Lqd4+dgl8`5dv9lq)Ut50(?ayI1 zwt+wTKZf@hj}`}axkMz(eCcIpKcmb-VbeVbB>VAJl&ny-ZBcQ4vPpHmJE(Ok_fl-> zyp*{HI-i25Hq}Q3T_Ighl=tw9<|7 zEeye|T7U;E-6mpm!uSJ4s#R6;d*E0{t;(fRNm{@FE?Bu9jPQ}Qa=>b6Jk*Tn&vN{Q z(g0LRJdFgk6s)^vGb{LDr2eDt5WJhO)&wBP>_X?sC)dM2XCcSL%yNNm&h8V@ucb3R zD5UhOMYqZ|B&SlcCjs`OAhm5QShcX?>TZKIyF?)#LkP(K4dU%Gdc;CZQw{y|PgXR03{l@QStg8^m3@Vmu zNd9YK2ysp=LuuPMq8O%GLPFMWfb;PF4$7e-o^WKd1Xu~j%?$GCMG_41NdwL-1C!IkOX^7@^>s_`m zeLB*~R{9M5>dOEOyC%R+Jk+GVR>iAEvRkqbQt68Bu=)TzEK8wb63jc^jd8V^hhKE6 ztI%(78g0}FqkYg1hJsR2d$~iPa&Ix!2~<=Of1#q}7vsbvdH<}sVj-B6NxmjyPUAk; zy!N@s0g3y+pA|VEQFLSAFwRJPheU&3p29ll^u3R;aAL5WXL=hRaOI}ne}m5$-GXEE zy@$4Wah{>KZ#|Vd0T(82ql(k2xs)M_B?E6Ik!2@5Nbvezexae#55LehLq1bXWIhg? zIr!~Ed@w&dOeU%lrq(OM$E4{VN6!}mRIVXiR`V1)Hp0dW?qQsm3=2g>s)z?a%qh#O z7&g@Z%e;!&i9`Kxc8opd4SuK}+OF3h84>uRgD-JAv&osp*Mq5_&m~h~Ps7iQ`{m3A z3<5TbouIwJ_u#758|t8GTf%3>KBmSz@@8ZVS2!^e>%DNqpzAjQrdu-(q2VxC4~Aw! zgY*0tt!f|4V{h&!zdcKPun|M1w&?ORZU4Tfq6GuMObAx+Q2oAScoR~JAjv6XE&B$= zw7D}-NH?Z+@b>@27yQP1=o4@KPhj0A*BArN;j%#00{}1z)t-}A(K1x4ek++{PX!Rc zu+oB^^C8$1g)ov5y@~(v84t7+qR@lgQR_(biE|QZ#9zddDRFcMA>9x|&O~409#qpo ztNKKCur!5IY48Sr@&)%;4G(S%9j1_1f2sDNL;}ES6-{LRR$Vs-uBEXpp*-IAWi3S{Cl zQROo;^O@ZjB%Al6gJiSMh>)!G?)FGV2t^2R%`{)*(NQqQCW$e|`BQ4!eF;L`W0Ep@ zHa*anD;fPaz**p)F%I`_BKUI7Sy+AryudN{^etgb39+Yioo*Cs;gq%cXBFY#sCVUi z?)C>NS#Ej=Yb;CAak2jL4iql5u{`XM2kXm5KD4Z6r+H*9OhopyeB+)?c@;l*x%ZU% zuaok$ML#DV3y;9dKZ*T=FRpt}#g{+h z%v>ORYqCWt0pyi8ZX~EC`Gsn-8NcA?wm&F-G9USwj9-bk0zXv|%q8)TEMrk8OIgOr zQs#HC^sNI9mcEo0Vd)>Hw#!mWKd{%!*bz9KqE*q6q=eCK)N^)XArfp@RU1 z5k_oGp@Bqbqg*mG2G(0sOQR4y3rI`CV<(E(46HIt0=wsy4?~-?%(xk*O!Dzj z6=u9Q9yrM)4+z7_1A=n$fQ1}9n7H4;gE6>k&ho|N|HcEr_FSQe=vm{pG++{HkwmGT zs6c|^!!PU;oXA3azJEfA5A#uc%JExZiH|DsqD(o7I*U3{XBj8z%eM0Wc&j4n?F}nXFj5yj^7NRK-5`;sQ1G!QDadj>MY}=I`cbFzipp` z>c#E|)eCR;v?KOj%O2VvI*1)%f`1+ARLrmwJCR^R_=OEwhhH@0pVL(**u+OPWGj9z zLqn)TRgo7nO}t}6Sk&1NmT@+O`5g^;_FG3o9@QcZsVZr&AvBch%__u+VZikTcbT~> z9mDNZdA~`t#zAynWGoFR1TVUy^|QqQ_lS#{xa0r=y&mkpfiAE310Y<^Oh3J zaHqVb#M6sN8D!WTKEs#mDo`1gSs9iwLm|9l^CwVzAI-;Kdwr%sdx*P#wYeIR$UUIV z{Sle9hj!vG<0IfwTaP55HkE;fRV(;_2E$z_4IWx!HP~l0xVy|I8P7Z9Yqi?`n4iXQ;2g%~*nFU`)4HN37Xq^aZ3h^6^A@|F7R$i7*%YrHRTBEB(9I zf;g#e?Tp3SdjUSHX{ zr~05Dr#Gaoz%%JT3G|-=`pZHp*5hh1fFbHc{(9su791q{PGV88LJ$8`F`{f>HB;n0 z)FmHF0FPx~@8E<{s;g%%^oa)@%w_cNyiBegCU3Ddu zhbvH21XvYPomi#YM-E?X`5R0K8H9BXQ{5>YT`=q=MlhnDSLiVCpsrh&6@A)vO?Z#K`VoW;PkL8U2 zUHjXFe;z>kp(iZEIg? zE|a?v>suZ1L-OGg9*X({dE`^@DE1PDd)9LN+)&nsm2{=BIpOg_IP6*8sA}kLO^=lb zA>Z0?W-aYAl!u>sRaD;i4HInSr~Dw&zYJJmrvs+f2vD2~PYSMzjxx>JQ(CEg8GoKJ z;`)E+_Gq7Piz~UQUr&Yncq8)DwX8?Q(bpnE6xh{NaoFwes&2EUXjL4oqYBvLt~l~i zJAze%D$Dw}*$Z+4yN*>H{^@_!0i^#zR?;p({p7>>`rEdwsQ!0=tZnpLcW-APkBAG3 zB(s&NWIkd{8zXqfj1@|Lr*SSB*o#qNDi*LXJ`@u!RsaDKQRS!cb8hNOcXEK>eT%64 z1wN3!jau~!6sbT<#sgh&W!R+9i+sesQ?6f{vmb0~St|R&>~-Mmo`bOtjDue3b2oY) z+;s`=haJW!0tS9#WPt_g%HKH%)noq9>mr8r`Djt<2s)a*V-|vru-ib!7&p)NU>qTy z%xQ>pq4xpTl^H{liac1*fFy6FC>3MWnzUN4Y^eZL?a^oO7eVc;zYxdL%%6%Tc>{+% zg*|bi^G08Ay|-aCJDPV(xUlaQpE0(=duV$hqB`gEq*`y_h~&)uC~pPp%lmf*{uXNa zU-@#s@iwfHlG>P`yoa{nRw!>ny{c+gVc$ky->tsB@9Mc9mBGADo$?!O)50*mKl>mo zNC%$Si=SWJnrx}*F=Si0^AghE>}8!v0NWeU>7ZQK&j%%#Uky}LgH=VU6>KNfV9!f9 zgPXlgh^Axx9YHG*s%^X`o@&4>xSCXLjiurG(`Nv6A3-&El2v3*YD(5%Fh4m`3q= zxg4y5l692r52v8}Vh)tH8VTB8gV@=|#M)ojrW`y_tG$c5GsrGC#0oLz=zZ8#>e~NX zh79(8egve}^%jBx4cBMt)t~t4`#13_w=sWqmD zV9$dLh>hVIZ(xteKkUp10fU_eN&=g7N$bhW-6WN>ET@ApFNFL;dSNN$^XNly3=N%c zx6Zb20;?1Co||j+{+rMO@9k(o3bfYgmgoV;ReG1LU3pA?`a%hn;7@$0N&6!n zr~#{9?^TgBm{*x)uf`(WM@4KIcM zSY;%SxTCZx^Le~AO&s}PMG#q`Iggx)NER9H7`h{1Ad9&A7Vb)r7B8Ch*G(R zG{Qx_`I*-dHWL$>a3XP?jf6QX27|fCC+Al&lIx5#TB!@Fx1tkKC1QXRQ<}_k}`bu#aMOlUq4iuk}x?oCUPbn)Lbfi~vYf02)}Jj1Mj zGlhddISi)?s35bK|6^wSQ%aElh39 zB$a$!&Sm>}`;Nj@LHtM`B{OI*I)25`$lr!Lz0;5+khXYv|%7xdo_tgtzf zSn<$%FJkqKw2H4Sq(Fb-mD@I6l@LAbPuqVY#9Emo!?;Q<;|FVj{7UBpE!a8N zm!pDwM+LR0K(+`rtj!Sz&L{D~?Q_eh;cA`4lU|WF=}R=OGoO-FHby zwX6mw&l0>rv5CAv+zECZ!M@+5sHFq%o&d`QOtMsRlbglaCvZ zZ1Leq%^(2+UU~=#E}kcMs5>c81eoT#-+ha)0ek}m&amMr>RWtkgJq|)7WgK5beyTZMoUi2k}TzAL!^OTL@40Z>??8Yz89^bSWzHE&meJl&rEu0^Gi?G(q? zqkpzv?~kOuu~S$-*kPy5#z?BcPT~7C`EQ?N5W)O|3+$YK?BuUu{lXel^O6;6aU0L{+GlUhTT1Uj-ZK6TC%3FB2yQC~ zeo=8GdB*U(;1>A5KZioi3w{VyS8=4n^xg%*{}lA!ke9Q0M(6zCcKH9^!%so*-GboW zaJ`-UFuaInK&hBR9K!PR=lL?Pgjsevo`$v*7!xyb)%xK)M7jh&LMg!00;SMPc{z># zNxE@;2dw7J$P;U43rzv^Rt{aKPKSsE_k4@>Z`^WxrAT+am`=(T5R=LZ)`mS+3IlWK zv7tkuolt*w)Sn;xC_Jrd^UPa)#x035KSI~_0mB06zB?Rd$Me%<{@V-CC|?CmklrBX zt!;zM;}|-W#>fEx%L{Hs#3xCB(NJyKWfc7qHU~VY!>>$9YLW06&&r-&&eZH@X5=$X z`GVkXz^yBG4Rn(FG;ux1J?zl`t`(iRFw3V z)$l|qNPlXG#3%zlqx2ueV;m;o#bk_W*!n}cYRwX`LKq+JD3B|UCL~&TYzH3UWHdqp z9-S2)XI*IFF|iFiP9Yu-nlX6LiXaBae-e01912M z1S(lHa_^r%#$GpQqlnhCvcD5upvna}K4ee?toj_vh?ZvKO772@EQG26pLx;QCRyr} z8ZtL^jC^|seS`k{Dcp>?R2-T!cajJy(>aofOIEahP^zcApyQczngs8fRy|anplL~} zXaI>;eFZ)=B#7_M6LH;rFov!>__H@6!R3sOSo2ic7~FoFPC?~ag*)|CUK0yA8vx zLYD^H*NmkFGY8kTw^a?8*c*s~iFC%BZ+u23al8Ei1z0}8w9X$4{NU)?FNfPeL zeZvwmd62@M&UnBapK+CYw2^|AV`&dUk&NDgQ${TOKT-M(3x8!4*A$2y7DA)`gO+4% z?oj||r|9R^*7<^H%GzW-@gwQ~fn%Mu2R9J8LkJZ+HX`tKGIM50&Lo7(wYasp!rxrP zifz<2--bv|to!xIqL?7&X-nCyY@UY#efzVDrXE2h3_ti7EW9b?ubwQ(o4a=?m6U-U zTpec)VPDD8HUuGrA0WijaQ#B^9fi=EOC&2vjgx(-x~HP=1=bX;UIL2+=ab?D$|V#j z98zTN<%6t31ow;l^umj!$@2Ax`3N3riDqkAFc(N{9><|I^df<<3WdCvIhv&zci}*z+MnwDx?lDAbQVcR6yQ04qdxvzn>mmZyFnQ1^D{5PDon@GP~{DP z02uYV($yB%M!o*)WWCEqZ0b@4@DFb13=Tr}QJ# z6@wZepXkPjjqu@20(e4NHX!z8PAVPFZulpL`o9e)dmC0kzqZsO7zX=G8I|qJ-J;F? zJrZ8n`4JTg#iGqE=jZ-7t8g|ZphvB9^HOpcR#UY@7|uJK)hRNFv%1NDH|dM| zJIvwo&*Tm*n0nn@b_Muy{t7Uz!zqe!T@>S%JRrvs$@Zh*=Lp9(TnPhEo^w)6I_+Q$ zFAVI$;D?Ck@nSD9eKEeoO@Kzv#)k||!^SUP@N-OU5UU<72B8034xmO?1ynSYk(&JL zIG{Bb#sfv^GL{}=m4>5_vUbjhxYC7fm%fyxPqRu(FqM(IU`1SMt*z1wwcBPcKsWXw zJOC$cc0tmiM9m2$PN9<{CZjUM88a`nUK9{w8EFBDp_yswgtW#;n` zS+#y!{TmeHIcNx{v9unn{~XCI9e2JuR2O^-9+fjgR&qE{}jo8=6X{QrC_=h@iK#1+=Ly=9r@&SOll{&!~d922!e z$y|2^v<)zneM6j@0PF(QxZ^?2R**M**cx&XTMD&C@;HHu{+JyDpYsw^2mGa}lo9wo z1PPwL0)c+4j3=m2;Jv|B@L@{aM8Q80H}PW+g>pY3>O>AQu0+fo;Q#IniN)ZI5r?Oi z4||i!3729mu#RVTHun!TesUI-N-6rcS#Ovy4={sP2o;A^NjVj<8#A5|&QeaOvCrKpKdutPJ=NcplA@mkt3nFU3cpYHCr_IdHwta8+kDcr>6-4O zO)Y8jF{CG!HdhXbq0OL8pv@bnDcYo4v_YV#>ko@Sn{t<;O|hcQ);A)wQCXw3;j_6O z@h}k)n|NM(wBevyYQ-GJ3Lnh^L?n87r0Fq4d$y8I>vJ~r-P%Ix{@Bt{^HKWWO}EBq zzZ8VaM75tCpO%~Yng>j3WB(QB|E5xoU1{W1?xnwh%8`_%a+F_KMGN_i`9CYF>J37a zVD>Q@ZzkZ4|3Y&d44Il9nV2>B#OH=pMfl%Jv+I`9G{MebV`Ao=p>Cw$RoiGnRau4> z9XX4y&BT>?h+f@fcD)Jb1>$1`;fZ6#wyuIb5a3uwBdSat8!{B@TfHVm4h~uJkLbZ6 zfjOD!33D!&o?#vwks!fg)JI~cu@>~8!+ofa&}>Xj76?H4&5O+2-TPX?15p-=LFK3E zW(?PU9HEYmq%WsJieWBp7HbeJa7idtxrPL!^)>5#1X#K8(E3~cJcRf7jFE}5Oo2l? z>afb1bpQ3_Y%xv_NbxOSs0JgV zViewdBX5pLKc1giK@vkyrbzhM-SU=O-7yFCK%lMoF`9UA4I(yT+l&!D$XA^dLuAzY zmB~yRL$a<1{a)Ru=r@H8!#awcaV?_3=(DXrUhlG-=z%IJ8G22yMSq;6D(2-96)2T4M)I0|L1b!f74MS|V z)8|UU4rb{hZ1^WtL2y!a`?Y{|odpY{xFRI8S=3yce@V+tF=YDNE|7@PAmoPADAfiBP&y)4Z|mriLyOmz8t)vEtYNN3}15^Rsl_;2%1w zEdSi4^v{(vc+wMa&hm|~aP;kph|!9)y<;XY<_WHuuf}?vzg`RHwTynFzs>#B5ZYb7sf*Mk zaZ<2z1OF*H;*9%|4KkKz>Abicl9j;=L(t4d#;4Gqj;#i;rn$FHSb*U*i#iC7a8y^= zf1Ni_hvshe);EvftBgV(%Z0%X7fUC><28pm;|x7`Z!&0b75H}DOB4d|Z4CKF2gqQA zsMu~C57@5@|E!eZ`p;{y;}#yp24(EzU_Ze0^ubhzE9A|yJQ#`4 zNX79b(d}3InbQ{?x)Yw3R-hTnGT0U^ ze}k^A{FwXj{utSLt58vbfI}PM0!?kW6nY>PyV1^$44`+)-4{_&r8?D>bhhn*-WV$#bR zoRePjVU8SPIq8O4uQhK-#{5Ih-sRdN=Vl$6xY_AKzz_>`=I5AyWV_V-<7qY;+6K;Y zSMOIKx6REw6`6tMGB+#!OJx3`vPS10d^Wx1j`_zYJ)QFpVMyf~@<$nrIExCg04o%s za}Q~AP55qTUBATU!>X?nWb7LZj_UAofiH?USEHTtE&Cr%cPzvm#yOB!zD866iy2AT ztZIo=vBhj$qC6eduk%GsTJB(&LdZ)HUhGJ6`*KqU;$2y15$&*RX$FyyW78mvk0c|X zOsG%Dw1<3Tn(*K3wdSNbx2cPhbLjxb__$83dH3UQ$h+P)@0KAb$nyzFd^FS|ur|k9c|E7Uzhc0Fh7IJ}V z6{K43I?IFU)yAwMb-N+o2goNo^EM(8?kJXw&04J1VX&vmLs$~@Lx)@Sq{_%2@F_>2zNDRlk+`Mg~LC! zYzO#%T?fVgS_@_Rr*8eL@c&1}|0x##{~Y1J${XcBpUwFQk%>4D`kdY#|2Yv_D6rIw z^#uH}sB@23sFPf8^T(#nR#w%9G6R2>cXHBaE81?(vxL3EYHShNBZhL#xO7SoF>BeZ zG#*GO`9MOt_*QhY4@q{A@ZRkpVYfs@!so17u}{c#_Ftg>4j)hyELRkq@LYs~Dr=O2 zd^ShVa8U5m9_>-E7Hfl;RkR~V1-jB83FeNKCrd1|*5xEsGe|}GhGfL*{)|bsms52A zecRCZAuX`JsdlCD&t_JjFx&qk+y6b=Z%qni1i1cB5fZ2ZQ4;XkylT3G1lzl}M*`Tn zT#}psl_Oy(+s%#s7%P(NW4*>Wt)5Uyt2ke=Z*e|R-1;I6609&{e-PGDFoc(NM`P7K zTbfxJFte~XGn$GuxWsZ*`umw{obaPAg>bbPIDib(d_bmd;2-Sj49>PZ7+rP@gdM>3 zZR}p8QwgS%HoptW3p)tk^5o2&yyY37bfK2N1^9k|iMjUZS9n2%sqSxr*8Dwkm*LQ! z)Tdcx^*ic&I9c$cBE|_qJk%$(6yGt;VvXU>Qa#rPHkWnfRNm#w-CTAGH7pPftVv!C z6D*&rN~yW5ACcgPJ=i0vXRq~UZ`IZQY<){u?~7%nu@yYq6>C&C;DlPqC0nnptF-hj z-*By|?*U)m2EEHsE++6O3JVNsGsf)1KJ6`L0k+RMzBq6(pS%qlmX*aA`&Z2mULf7# z_g68_OsV*^sRJakMyq1rj?h}pjL1#B2_N#7SAZsYD@Ym8`V*hF@;hsPPGRn++N0FE zAf#4x5epY^Bl@{Wfi}HSS}5t&@;@xpR&MuVz3tIteB=#%eM_+aZMFYQ?#4?i$3m;h^3fJgH;7KON$M4dpV)78As7vJVQ7<8y6fb|UKsr(Hmc z{%-pB*oSYUo3JLWBi@3Ft-CQq>+?d&$Q4n4AWkQ#r&MtF=<`h2yGPOgBL2Vm_y9K* zwvKL_Ar2KxImsyHt5WNsLk5k6gX!gE%8jN+Jb*;nc3eRSMm8jMqW^DXLw=`74BFNG z(aY%p9F0W#9>4*(8WCrr$ZpH1`)bifymh#o~Hncp8*#czg|#HK&dOl*{E4C?2`w+?L7ne(t&!fw;etbXef z6=I5QnjJCH+TsXlI2HTPwlPvv9F}TfdPskkc@brz5u4((Tz1FZGjE-G$K;IBaQf=Y zCTA2)zpdns^3lO-JHb=I8lrW>YaAx>fDzS4VTe`)BPQ0r_(DNkBir>a-UHp6)s}xz^k-uxG!K@8Qa3Tt83(g`fQ0k_ z+V_kvlDj#!%ifF&#{FI z{|d{~uc$a=yB~|_YlM$+QGOzhZs);;xkFz31w^?kTx7kJeTG-R=c^e1m@l{P{?1-? zOg>h3hTMZ3r0|ftnE-`{+=T?$1&lR4c!TY?{KFFzF37{ZZk$gAza{*mh)%KPDhD#} z5v$lr;r@W9F#|aCHD&-&$L0IY5*ednxQ=%A01_!CWn=AV<+v=qGLADMO7x$FW*^6S z2|ii&9|;)P3(`*o>A@cijyNSj?CaEN=b+JdV{D#t2ZZcSJc-5jb_NS+`5!@^4&g|k z2d<_m;xT`-90CV4K^g{T!p-Y3FU4hR%0G;I#1k)3i>Qdqz@iiF8^ki3-DQJ4AqUnJ zbNTe*-(mSwR5Ds`y^U?X<^LWT*Lo$FeJPi0-^>|kTRPk3X4~+`<@(_wpRZ|M@klH(VbcxCrr2l6OfY@9oTsNWSLJ<&_@U73stF?rndzyUR!~+=ky{otHsUfbSseWw zYm(+-iVUD4+82jonlJr16sLofq~9Hbg-jNe()5GMyq(q~x6?i(x6@Wq4GI5?fuBS7 z*!Yc;RSiK9)B=r)u@<2dLG!jnP%;0Hwl{%~vPk;JlaP_&h!ZryAVi~%8ssqHkVJ?i z81xBDAS!AUUJZ&ET)+r35>68*(Tu}r)>Ri5b{7?QUDx$QK;hK{kkgezmvdF{+8##{ zQIW$XzwfvDdFIFg>ihruk@P&z(_LL%U0q#WU0t1w2)yw9L|k6}!7r=^tbwT7SxBa- zT|+f((n7x_4u;_H3~_+{Zef%#Y~`omHwyS=l71QN`wR;|%D^me1~pq4sA4hv6uwG+ zakl{OEXf78nu2Ro>d6<$YM6;ta%ds3$`Y*pA(Z)R1QDr!SS;^Z^$!vG+~5Yo#1JPF z#ECG8I{Ig;yVQGEm|PP2E9=a}`Z%|@({qyhkx{eV@L?^B^?kTrwl|wyA@kd}>5$Ki z*2k^RulNuntPQ`p5>^#Ng!Lkt2Wovo+WK0gt*!l%_P5Qyb1)tK4F3IV4F9S>Sp?w# z06)2`O~n`UqDRrs;osKigQZr38!Jw*YHrfr9#}m^t@_nntX-%;`7e~f4d_m1Xk%;b zZw>wk!XGL(Cu6vBROF^kMm3BdoBA96K>XN^t;dgz^u{NDwD1rd{w_E?+Z>11>hI6` zGb8=q9W^ra>_Pkphn|g8G&8m$I2NL@tIUdi4S%Z_V)(lo;ftQG4h;Sk{2e9LEe;>Y z7G5JgXb!F1q>gOnrD$dc{L2xs>u-(!Zes6@()^DZp%lX` z-Q5jxhaoi6s*WK(ZDZ(yda>`}(>3_yK7%6yTh+K=3Lmj`W8JE138(k}5HlPWN!L8V z__QtL-;J!_70Vspr=flaW1Lz+ZW}}ANPN?zZTJN3wDHRvqxzVRh#Te%tM=<-YyXqf zz5tByYv^CztpA^k^ncDT?f=%=e-GP#8`=-zmn7HYGUUT&QQgjBFz1Vnw>c$B&}zsx zMukQE(D$R_haP79P+V`8z5%5eKXfDGhrS zI95i)(U%J>fImn63jJ?JEv@KJxU$8ZfBK(Xe;V`@21N51<7zw+5xLcT8oGE;8`IF# z7&WR&XfflY3asF70RL9>mtm&)3-F5TuoY`mPY3HA90*}jYJgggJ)8)4&40q;F1>ygIsb^z#@C!S zVfwVuKdzYmslaFx<(ILPec!34>39**EYD=c5pGhS4v6NV(C;HX^*6!h8I4VA<7YhS zbA!+aV;ZypQBqPUUqO^}^v$IqC*7kv?BI~Mo3FZnOosQ%_~LF2_3$Qg^<1adJuw9O z&EpnpI1Md>A&aHB)J&K1n z{LbnkbA50s{>AD)+Wuu}QMXX8GqdRBp;~fuj_}X#g`<7mSACF-eL+cN zoG*FQqLE$IrODV+ zDuc0QD;%NV>xeMbE`~kXUFiFddg*iB721|1<5R8tZOi`9i~Z`X7M-FO`{m{=Wk7zB zI*!`uc*8yl-qn1vYK=a;n!?@12pEVA{5IU9EF~$6s6CvA7Yo`j<+{z zpTg#v@9sxp$ojO9b&*NV*81lf)(sEtC!TKKGq!Y zOk_@cU8;R4Ty6NrudUztMNIvkNc|&zdHv+yR@#5F+5SOnf1rY+<%%dHnI6Bh7XuOa zf7r2|fCGK{(5a@1=+}D#VamMR+oFt5C=-@HCy}p0AMSq`2JB<`w2$Re{#*8cxsp}( zpv7Mqj05W@l&w<8qB6>&a(0&%LRo>r(WfpkX&K}agB(#IbDdAdidPR2U}kS_A3XW|b{A_9DIVspli0t6{^bAv zFXlJLX5H54`EBn*R)d={lzOUX>%0{Fzs_$LP=0a;f%d`I?6N+s56eVVM2t)Vozgz| zYx(mtcr-+<9{%OCsGy$Dw4}h#=FeXtpO?HFQ~&jm`Y-uK^|!`6IXvNCy1p4YA{k?SPa3d-_X2!XirOrft-^@fMeL71^<+ z_Pfvf#k~a|A0FV=+l1KQI)GF0q)OCgsJi(giyo~RI$6KtfiLv_b17wwTnmZQMMtfupK0g7A>?;YXvY|QhB(>9%~^=JvWbnW?Gp=p zW71AImX{!UTlRZ30RpAemnYtv}Hk(E?gEpyB-g;~Fn~Zxh^U zF?eAn-KCdgRs#nSuUAb#_}nHSdkmnfS^zrG1Ar!(fbh9ZKpk}h^WiDAetKWFudoHM zrvME8GbXe`ljy!J5t4_CkSAK*BGxO3LC)4CE#{}--nM<;I1V)b6xw8eHjDgYo$-=; zer|xv(YCog;IDT3IW$q`O+bP*4_)mM2F`aVbfJ;^t>b}XJiHQ^hro149S?kt2WTdV z=OBfn(V`0in=4@X^Wl6w|7fcDL~*ni7Q1YDQjWUHJkx3f>5tnfiBZr~&W`NCYs> zU>|e&c7}Rc{t-a9hd{qtLvL?FAFQDRdx4%PnE!^(dx2SiesnH&Ec1#r^idXc6YWqR zOMesWUjR;F?0=63P^UTerwR58Igm~4dE3p`*o^}A2av>I9|a%y4-xn#{!SDAxv}`$ z1^+GFZ8h=l2K)mW{=-Nh5Tv7ank4@KO${T>kwm1=)<8F!MCmB&|H+YdLg4`2@k|k+$Nx;ej8~Yi`peIfsz2NJi zK&p{qsFVXh8#oY#kmm~`FU-p4h~GmWR$jL@rt;yD%9C~FJ1W|)d^4R*0_khNYQ1vA z4AT_`Y>n4m%JFMfW=5PTN^RcKNzE(6%G_)z^~bTgzA@*f#&R)|r-3UB?gA36o5)NoJwnpYUxzS+7? zcdK>MQyJZlM#2T<9@MGcU9H>4nGx09^KtX)&Td{^6yrE_UG_HWYEV<@l!n#qM5Hi2 z3;pHQ5p|t@rAC@rt~8$qo8SAJ&%Mm=7ntw6OL|b9iBxMa&GcY#U{;TvgPOs~pd7c% zg?#X@g5JV~)xC&48?BW@erx&6fGp54N+_QVu3<2V@qiu1ot$AU1-0a^oLl6FHz&^R z@#cLqg{;tzr;m*QjP*VoZrvGPx|#A15DyaKL3Kdf5~sw4@=V~XoK*yiKC0BdT91@x z$EoKpWHb?0j7C(lITcn+FkY61I-rU9Dlo?HmildmFO4^%u2=Q+ZV5mo^8J{N@OxWj z{XF|96+wxAGb|H6*6x|CFrO%3CbEqi4W?M$pqV0>=me7D9tksjrXJ8XsR`0VN*ZBl zf=9K7ej@NRX+|RnAoh{MNPuX;1_Hv}tsCY{U`{%K3N>^1!?Aos+C-q#4?oVH_+w*S zmE-Y3=Ky(X40b}?Sbn|C`kKhEIo4AGpK`6Ics}8vzQC!%wpyWcu=$iBPeaTnT$GJ( zd3-YA!!Q99NT?jrrrI#<3H*1 zulZP>>hrHpkk6{W%I7TPdqD>e3g{GEw8}{bY$LGBIRiHc>a2}{S9b+K12|GoY-Qw^vG${ zqKWl*<4MQEIiYS<#}hrL;b%tZ^s3`FPka14pXYnGGq6f-NtVY6A4Bmcf^W6qENE&h ztTQ-?F3{CHiNp+ZD|2n8w6exo3QWaQs<#oC_{!IVH7!3K#~otdGITosF3i&lm8 zn@Iidh@&Ft{}3N%WyQB(u!DM~@$))3&~vNTYsZjmzsi7M>Iy!xGE znSL3(w56`A$t|nK-1A6N8HIt3X??pkWKZ?Wv^01 zAu@tDudjR)v5u-or-iyoI~FG~K0szzKHdZ^2=cL%`~vw{!W8n6sf>^^d9lhl z0cnfz^{hB7P7$eyyFNq$ew|DSm~;S1sOVnG#E^dT72gaJHUVF>5N{>u<<*6CCG6!l zbcr`vLSF+Q;_Z5@12}5R$@>s&`B5Y7Y!j7cqO3q4)Pg|ES65yL`F*bRe{BUp-~^|D z@{fS&Il&b$uzchCcH`W1w4hLsNF9!3cs8#2*ern^cggx~gTs5atWZj@!op%M0S|~& z(*u`7G_C=A3`g)Ry1CyCs?`?3~5yq zD8L0HSU+MxxCGA#wc(5hz_s>lu1>=8iT?LXz`rh#LZ&awo=}Hu?XISV3;lbA)-BS= zRB`niRS9>K7Ts^%-xZOM&x&&-fN5I*i|V>tEhvzmn%&@(9`${sxDZdl;XuSWC<9^eV~O)N{IJBT zaBaB8$IMo790zP)568eZmTQunrAcxPZcH;(ev>3m+AslWNEpGg{ zB`qjwFzDx-K`d?85wjPU#bCA=H=LQ6AuBuUr`y7qaZbg{sLtXWwRzylF>4YRNDH(7 z{ir2oCu>(@xHRTKnc<_Utq#C{%;nplzK|3OFwSS=r`mx(^&G6pM6vt~5=TD-XX8v! zWI52{m!99&pnI`CK=;te9P?WirzDO~OVHGGmZ_i?Nob@9n)~$|FW=Do&`t{w#BytTYHc|$oMp> zh{~8WRWhdDEg5OW+QEz)-FIqZ2Xt_*QC18CYo56@hBfEmZZ4BG(==<2FC%NpWQOT2 zdX18)E~8(Ihy~Zb$#CpN9u>ek3IZXbZdh+6a`_yod@w72;x%1)SHVB2)BDXU|LoSb zD}RH|AyWC4y|I66%NGc%ICHR06k81|vZ#WmpG3NMc<-?yCoBO+v>zYCj^Od5VUfbI`~GGZS$v z$c}<3_!5V-2U8B?q^<3VQR+4%5D>Y?9QUumCz_xie2G7xB=$r^^`i*tvjw465Se<6 z6ROlEcYA;5E1(ASz^&;roI6_JLn+oTm}PpvW}U(;_??2^*cRL9PD2KLWY2^E)npVJDp&HBS&G*+jSybj;c;bqas1*`SCQFAJuKc2V(SeFA#WP+ z1InrAY{>b82|Nt^MjU{tnpq61BEO|&x@&M%CMb>2r1)D-X_ikl1|8_)iV8b&j^&Rz zc~ZaelTI+F*Eo6WNLv;R!Bl#J)gK#AOLuUT!4RKX4xkc6Rs9D0h5nUB2z(adP$h#pqoEzxV8HF2K zH$$;>ImgjpHUO_81~VF(u)Mzx7uK-ZkmUK8c&DGQ7mvR8-|o!Zfq_rO%l;P#$#4NE z1jCfuIlw>1iL0*%r1|Eg*-a8k90R~w2P+=@*@Ub$61juSV$iIx7%=%z$_MryAIkaA zfCn;MC5BQJW>hYG(G{ialrrou+VyM$MEMdZmj%~H<{ZsGzoEEpu3x2@`jzAU0r>2A zP{L?~tz?xDVHP zem+GKx(Q!B#rTkc4^Qe3e?Wry^@^%vi5{$rZ^UNTz=!pxM_A@UZ9h0>6Nu2@2A1fr z*YIn5373_<9bDKEck~@?a(9No3|-n$$I*gYa!)SM^+NpF8>v2+i*z6SI;^2-DI^EY zfRonq5p$VsKKpGc2{Lq3B?+rHe%n{^^8RZ{!tX&vYQnNUYp zFK^+?sI~QOfvE!mPF!Cjp~iZG%U}Tt8wSlz$46vV1GvKqqV_fg0vsn9eqkSwU<^4T z#b`9z(`!%m;a~`*T%f~Zsmcv;f;bR4P{N-7o7VNrYX`i?t*>|h=p}?_4 z9D7CH1~BSUXBB=!x2LJbFfgvsWV4AFW*BQGL=3zVTsr0m^aT|dbA{#DcET!#GQjF8 zahGOVvA@i2-33^0c-JJTTYt=;~j|MrSgYdy3wNxdc>x_%AR!h;uER$>UC zw9CIlBFBkMf&kl{kQ!J)z6JWgPXImX=YzI@>ia<9NrC7!fIBLX(%rNV&>-Sn47Mg; zl!zP+s7S`II__qmj&aUP3l^?vq^K$h-i16w(EfVxPz5 z+qx2yANmGMA)@)wanR!?U>J#@#%$==Dr7^1H1@GBzI!5UJ@6zsdm`9;E6{+Ba9I4u z9kpK|Gp*md@Y=C#bXwKXb~E}_9TizPnzC>Q%!?SCJCTI0#aGW&Fa(0d1_tzphxsA5 z3b*b+dXA0zFR8-iU2e_26E;X9pEM0mtyM z_8*aKMcc5H+`Kb>5=J}|iO@%1ETuoIJ0OA3R4(^s#p?;!9xQ3@Jc<>b#{Xlswb}hl z62^O#8NSn!oQs@QXlhNIa>DaK_aFRC&Jj}Sq5e=D9%N)o|8aPqj~;h94Qr5hI0~k& zxkt+nN(X!sw+CixcLFaSO0Zyv{L$q{Smie!LHWX%@*|?l`yWb_=B!Di{R8!9uzJ_q zn7*hMJ;dU+aB)aVSAkm&gq2VpoCHtm;Rw{5uueYw9X9 z?0JdhR1}Z>S=_z@3#o9Yb$1dssmr)yNCUpg#x!%~GkTiQSS7955Z;J~=EP~{x1%u> z>a`08iblI|l&RYD*{Rm;0y@YlZh{C5oV9owv{

      A!}5>1Pinx83p9sM!2^J&oCV;k#lGGEz`rHa3g8|55x4>D zmk<8iHn%%kQ=@^`3h=Ek;nTP4cE%?F%5t+ef@%#i0$1rOegbXmsg_=3hy zl81NLimyNx2<*mJ`I3My_Te2?<4ZgF@}~YW?uvH9JG@WJf5UL!lQJB*0kDl6VYV3F zNdv$6ktEJL$b>Bhfp;Ld821n+331E@UoTLXC$hmp%_b6(Lk0G~2KQt#cD~3paCgT` z!QFQtjszppAS^R#Od9s@Fn4EZ?taZhK@V#k<3PnQcfNY=TrhVa{izMmowR>a4*A&H zg+FNdCs{8jPr=>!s65aYl`F(?VCCp0Rz9GidF7X#r1D<6a%UTrN7Z#6>Z(_>&B~yE zva+||ZC=^NksxQEY(Ah;wC$BXXj^BqI#X%>e-|Pg1c_-@*nMsD3WFm~+P=N%(!LMYwbnlDFAhEr z-?1~=AF1lgKRx-!DX$M=|B+8!P>2!-iMFHqlLqv+*w?pvF2U+Bo@ZG48u7S}{QbG_V!%K1 zy@;$BKTw4=&%9RA?y@FwIdY1#Gh}!La!kVmw62qgQu^ zxfuC4+g@Naw>Yv_H@rn8DHu+A~UdMru-Qi(IYZ-ZAHy%ied_Qrba@?g@EmyOiTWBkF9Xw+hJ-VGkb1Qq(Y2L zs7c}W<%oSl*Eyz*I*;&jjOFy<()VP%AV1~pQ~24cd{Gx4Ze6qlUu?0NNc)L-KUN~T z2%9H*xn|z>6fjdPMxMiHa4f5501jRnw+?AxU_=w*VQws{J}PlJysv@mc+oj>za;Ks z@9U_25}B)V`g*RbIu`F4WdyE)7O`{s1<;iA`F|^%<-=b?ckM7yTLfXC@NHRFcy<#8 zshLkNGEAJTo2am0S`7Fuq%^hAfY2bR#+iG_G$hdGBTF&gF(}2jz6eSVyb3}%^qson z8xe*(nXoQgbAFU^727QJENWI&)U*a_&2!RLQ$7^uh8%%~kPk&zgCncM`$vo`7p5r~ zNhUxmbS&%LuAu6_AOaWR#l8=VdwyEvJ)Z9fyifh4IQJ_@&C~eh3e1FeMAP&;S+){b zxOf@wQHwI}uRxh^Cg_#6Gz0dP20-Luo6V+4gI&a%zSvyTW&jjikOjDB{9{^t=r^Ou zHN0-zxs2a77`PY1ajh#bo!qWTqk1M*V&?u3#Bxm{9?AI?q9$`?T8A2n0xRR?!!e_= zX{hVGkFm#+LuyyyBbSY|+HkcCLI!NF{ZF4bHA+Dk_>*g(Q_GGTw5xIkbr~8LHxIjp zOU(}487hRXhvkDnf?`~$K6sW)fxALci|tOp;^zibq|W||FbOD9-spMAz*Wa)Q`woI zil&;iCNY@=in!P-+9F}8%MTI;6KJ9F=iPEZ_~ce3*v5yoMudDUlOWsruO-_CBqzzn z13EBaaZyo$W#BZNnXeJThA=S1a-|=wh21@0f(5?1O|MIhBFKZrV|Jr@6RCiBmnS5a zZL1@s&GB{)K|V>44A}eg#@q0^Io+Fzn${NkK8E}v{|30_P*nYs=6?>D;=rx(;HM#p zh;RMz^nY?BloZy@ab7KajkQIXuNMV@!CBHMtA|d-*MKD~jiCsLxMnk!v4dm5l*NHN z;){JDm+xrsYDA57`S!g*?9`OA=zy_H9<=^AR^DvTpGV=LRgoIC65VvLb>SMd68)=X zeW8Et1m_WLpI#2Z0Qt(HL+7z7rjW0aLUxgEg?0MI70N0OW)3wikLQbwlWP<3z6M_o z!NaQHO}0u4vLfHVLR}~Y2*~9-VUAy{-yS}IG46PvC+Y{yhV*w~D3`keqv8v+8%8m% z*BMu&9V{HRdmxO4*EBe4UZ#A4ox$;NEq*y3*bgWum4GA3#g4)tK)KF|2O|`Df9mLX zBp-QP7)|9x)ju`>gQCX&*o!-Ck%$E@Y`Ym`f_%w=`W!W{Bmd|?qJt-T=0C{7x$7PG zPop%#lKK8|tPG2$vXOz5bB&%q;*Rzv^MmCjc6A6?4?;u4-(uYhi!Z86=F<13kvJFs5@1!$yZZpFkB@p&9X%#{T4WVP35b87p zU+WMsS$K+Y?Q{HeFcNmlR-*6FRk#QcqIuxEpM&;S-=gO!l0&Y@inM!OT;BpIVa4y( z)8;(HAV^Qv^>%5iUST_uSr3&zkoR3arFH8TgnIQqLWkFww4{T`7>gLU z)E8(>T$m26{4l~dL@mry z!C{g%+N{tNE;9lIBL+HJPkS5L zHd)g7;;zq$ECbK#u^`EBW`gP_nIHr8E{4t&e57Ru=jc$WyoB zQElvmz{UiVfUdI57G0A8AOe7==9_?MIP~TP!hkY1lBJVFDH>20JZkwd+k$2zv_3J= zIDZT_0rEhfH*ZK7;IqdyKohek@Te}eV4X%-`^QlW4r6u*0ed;dco5N>_uU|?iQc_2 zfZTXgUvxB^*qMM9!~*(T44~)3fcl$&y67f4@d)|3&;sQksNxt62ox3Ysts`ChHN(?BrZ?*|dlYLGY+L^IvB@(T>Em-gs2-wbxfu;Jz0O}tG z^!o0Y_WcEq>LLqJCj#1ab4>e!rU_PK^yNUSeUF%c%=T5`5$)Rx{}+h66VO!_pq~in$W1Zr z>tF)X{ns%J=tDW0nhg7jjOF+6i1rvVunDr^}r|PJq^+@kXMNJl1EL$3ssEhYm`G-tg=T~4)s9Q(@G(S zip|QLIAOUKk7z67;$p`D{0UAsQyiA#7E`O z{o8;ql8gO&ydC@8wsauwnRui|cViY%1i;ci4iJEWq$i%G#+Y>9-szyht}N1^16XJV zp5=ansraE@p<_kBb{8QHHzD=Wkly!OkX#zlaDnu27*d`EX#gSJsUc+$(s8fG=^_nj z=l@uc5;UYv0;w`f zw;s>ZzPIp0ZHt%oJw!-%n2<0QNU68?XwnCgCTmEa3#1prkUq2^eLzSLYDoEn)ZK(+ z9u}JXiUsL>4N13eLKsr>_6^pszV8oMTkhAiqEZK}3i2&jJD!pDIRvY;Fs$|#Rws4? zt8e3^ea{n8tqG}%hV0c<|&3mt}MX7({StzxZkp8M6l@Zcl6VfFb((l|B z&4+17n*~x$7}6R-V*kB~ALzfa8deHneN(O5XVR+oOBPm#pO*GLBCvA8upT5V-oG&q zKU5bDX;VKyde(%*!3at%m}x z(pZ7Cwzoy8>j;VcHv&J~9ELfLmSl{dLdJ6*Jwx` z3F-6ubo(yTSbgxS1?j8B(!SvWsc#rko&{+DA+^_#8nOUsp$W;9RCm@|ke=3%Mhc|Q zdRgtel91TG%kcy4Tlrt1m7B0eo3NZ3tGMA7tQ$0}`*yH>3&OBw;91%?6+hHHfTUaq zzQ&n01HRhb;>~#$?#Z^_m0+G7h2X`UXZ2!Wv;d;|Godj?{ka~GY8V1#8O|>_{Xbr(02GeU_4458xRL6l8!L$PyM+_LfK3j?C!V#2KT|zn$r70_7VBLa8 z^^yrI5wO;bjzP(7g3*edCk&=M6a(faJgRaNj16Gs#DeK#g3;PoUjajHbpK(35p6UB z6W6*15FS6M`K-ey^}})YV&02*Pt7Moea08CjpV~XgRqaOdk!=OUq0B=3l5s*Tf6@e-mElXRB=F{20CG1@=&ih(}GzDG{znQ8u*lt-6?Kb z!LIxk(2G0hc%@&ycj9gY z``0jg2;LR2rNaxuuD2r9nRFL{0h{iY0o#R_ll!=Fglv`S@Vj7Q*;lJsPE>J*7#Z`$ zh&>F>Nh1te_J-5yU1Axq&-eEd`DV~IIEPld(S|o~<;6tgG{bjwPUsBy(qiqyxD)EJ zqpThgzwiXWfg!t$zUJs6Sice-iV8rxgO0|urp+*5 zbyO2ywP=AuPw2x^^kErKMgMbIR-D=}OUn=gFaEuc_Dj6*=4D7#*d-G`AUi4o|MNlp z$hy!5!&rYcO{qAGa<#$Kn-{t$rad>JJ=j*=sn#B0dp<@i0qIMXvR-3UZuoB^f!F4c zz@V*AS-rjmS4#ohA^|7Og{{+$^@oLpq3!_|tu@!CX1pSrN&SOpTxcd57fAYySo-YV zyb%I1h1HC{B3p(x&n^%!`p6DASZes^ zJF5h|k;(OuM4Q4lwUuoS;KZVtf%ZwY5--)g%fFI70&j*pBRrsJ(@mo}H$%PmFA~}s ztgI2W;Y0BCR<350u_ohpFveCEyX zvg+5UH$OPg6k5S}o;q0hCJ8;c)*Q)t{Jw+EMjasFWSE4JwTwd&)R3+8Rpzk@O%|6Q z+^&hQ#^D<$t2#m^< zd|TALaJb;$2bJG62Y(mb)Qj>p+i^n&_7vPNkiSr2J$4q%>yd^23)gDKt1uaFfTNzslvZ0*N5ga~H8^YOkAwA6K_ytd60><&RX_PM$2B4d1=-&+w33b_eb{PC3 z;H&DLl@;e1W`dPI&S75keksRVnJR)TB6{(HC^P05{(en6xX*MENvY?2X+d_1fN{cKQf3psSnwpg(!R(|}vd9Ltd|QjY33|0HU&j9>7@NpC8HGT5yEXpd)Qs_d z?C+WZ>|lW8HEQ!#4EK#3?sC3PA|~&YA-~NW@-d0-UmwL?GaV+`@Q;M}#I+x}XL|mJ zD5Do>Kf`7qNPgvR1qZ=6C@}>jA!QFraK{5z31V=iS^MW#C40_QKOi@}CEh~73i8Q>1`#Y#SCJl3MPs|m9)l7~qy^p0@Un<(jvsDpo#gyQ?njQ= zGiCG3^x1(AmiAka{dw(iMAx7?A_j$uJGdAHfAU?5$KC3(p>#o^rPXgaJnY8j`|w$v zZGJMi{!TAIDd|BYBve$BzyCNaGI-m{_`u8r0OJ{zl3H7L?rq z*Rmiw6Vk3OaZug3LGg92K?(G!B8El&#DhitaR=>1e%HZdRbduHe(*_MV%NHHU6H>l zTzH6ucQr5}PEFWNJ}APTg1m~j;_THUBdG`lY!8is7V!B!9Pr_J+Rp7l%nBI`G54a@tC68tO0`d{)(O<+&M;0m%*m@P}ql$_Mw94m+7 z{_bIiM4-dDX>CP4UstZ_h0ab7dhvDs(a=e@(>cFnsq%kD4;f8UY8fKx^;Yd2mb};e z`HvRzT_ibK3JoADJ=O)Qq%A` z6((jx3v?_P3Z#Uzx6X&;ZgxBjLq8gr;v<6aO)A`h2uZFTm`GE0xO}*^Mf^a=_aMn_ zE_17+*o=R;@*C3G<-{agxFZc+z5|_Gg3irm{(8@8fRGXD0CH!jN04_Vm=HUjdhPd@ z-=bAVuYv)Y$5d_H_qcP7pi zM^166-UFzuj{&hcI6!rDcOu-w$Ngw`1rmQO4&;MBpXkn}z;oO6V=_2_SDmg`(+;p9 z(8vK(eg1O1-v11)7QYsBEBhflIg#SgGl*w%i!KkI#~FnFQ~UJh`(buW^;e6TVDnw% zOTbJaT2}CVZqhT)PmgodER{@H8;}oVf(K`({<-uX_@g8(mL&BlBoPTJhhE{vqP~Px zf#_ARXr<-PI1xgN12n&Gsp)=FBPaGrE98W`9uJ&XQtFgAl4~R{AIeA%)J-ffO!L)d zEbSR%tQ_uB&Pj&fY(Vwe#ej}5<=J~lr`Wg6sde?HmehK`<=#1ExZ%&Yud#%AE2$no zDU@un>t6}yW2b+;!y5z(q4yV#@^@ZMpP#HzfzGRo14Z@%Ga^Ke`6A7FVYvJl10{C& zkKuglpQL;b-{^pIw+mkO-uua#pm8~A4Dvy<9UVw%#Qt|Ta#sJ*{*>LLeJPEj1Bs1b zIXgb?E)HDF`VtBpUEny@8P7#h9iH=(Lqq8WmO*K5&IyRm`(9t@cW?{auWopc;+FNH z4=UMb5Y?<112&BgVi`Q=~JE`tqN#bxAcPV1Ww6C;>4mPzi`Rc9h?>I(d{oW%VfkxYhO% zfgw00bzidJF-+vifFig}9fB0;eF!dOhwP(#y;qO&%~_3s*!xg%U=5=}qu@U8{- zT?NnW1pFD35Rbp(5)z=lFq(>Y5k4|-6I_`l^oz&e$^8gzy*Y)Aos@8h@t(s-M{Z`!_c{@SB z<$%9Qzva(Sk-S&pXMOX5_ujge1MkhYmcBCDqWnKcCxYqQ@c%TgkH%!;)xpS97LM=_ z**?PW-fkb|FWjC?KTPjo3{zL2vkzRe30$+uKEgj{6BxwE!euZyuG~)@-VGed6h~l^ zv7`NSg2^NODM7v|AL$E%%8#QfV+lrjX^AU$ufuzueBSNwCh>EC|b)1e4szNQgO zEkB;YkFXaKzB_8}!y8;<-=imV^DA+J>5{^nJ)Ueh@8ac<^KeiVY3K8Y=N$F4=a=+Q zKRKsKFgoJhk-b;PAE3Yuozb!)=q?^`C}vMnM32KF zcLF@M_ztrsy?eFTo}(o;*bdT{nM-j#j~P)pgzMHhDf1S$gx`8Y_J$sWd9)tOtd4U# zqr*}<4X@em{wnlELDkHTO`eaDbi(-v&yJ$NO`U_KRIQp;qiG%Ib^%*-zI=GiM)%h^ zKk*ah-KzUK!Y%WV{OW{X3cp~w?F{)B{D{AKR$#Y6h;523{`_2i;_WuI$9lU>ZL!|& zS8J`e`_&uP+l}f)>+MGM41TtdPkmRnluxr-cRV$90m`QpTEF@Xj0gF&feZ=#s(~r= zD@ozrw-wJWq(}H3ZhpIvipirw{#N3zR*_t}wu_#c9)}nWW+^d}eFrC7bpY!x>)Ls! zNz|3PBs$euIB$Z5ER-=>%j&wg6l5Ko(+wJe^0_)Fhc*toAr&ic1152)RW6BXPnObJU}kPxT~R`TIxdC&?X+W{SfYNln9U9M^9 zSZ1o3bRuVDD9VEdrqyfNK{$tm5L3-5Z^F~dO1MQgWgjl!N;I};vq>#tW7DgzFW+v# zL!@X%)at86e541+IY8B*zakK3KAj^D>!5$qx1e0leJ=$A>~{%Lxg zJB24IaliC&+%LVF0ghofg(hd(JaUM0mind-sqA*FfcglEgtY>2K?wjoM?jDRNq^;! zOG%9^f`#M0ECPr?h8Zh`NZ?2*1xNN_@8NiCV@h`YBEQb9+?20bOk_YD3%+Va3K^ns@)fs-ye#724cCOX@;wvWY_$5I`hLeNgPNM#}%1jh@7s z?V%J}*b2P+9FbN*8eLEYPCnu3!KFfhcYj0G(FTuW1q5DH<5x%=pa?BMC_A-k@HlJ{ z*k5|9MRx|ThDOpSMcyb-^_Xxd!Vw4vCy+B^&bn#H@~*Becn5R?XMYC1@FgMenJ zw0raLz<;mgqboD4kwth%pLlV`mvaBJt{K-u?U050FhP|@Fl zCKwl7BQrxxcQqS}fUm}`YSDkqhht8pJ6o*qbpL*j`Y=8*peBPc(7(x1_HR3k#O>qM zA-I}hjXbswSH&aJs`5T*k5z-a{Tt})IP3+&9_i^gu{!6@yG@%XGWSL1x)JeJd9Uld zGS!B#Ba0~J$;f;Aot_R=l?f=(fH95UP5P-fN)$k)w;jT-s>*oSxsU@lZ?4NvfN|Wm z7q1O(Wm?=koRhWvFn5qa+`qRs zB-SVWi1FKfC3e0Kw@D%T_wU13Jq11s>kmx~!rxefGYyz2CbQ?{JxmRfu5vaog-2l) zD1;w6)|~uC1LEh+<}?XI2&c(a&V6Q{gUo>cunBk{tApucpFCP{5e-b9T^xn;oy>0p z%uJN3MgWtTTJr(S^5@1eY{uDOZu-^>dYG|TrBJprV*8U4Y3`y26*} zBp5PF@;J4Bslw^x8*vJ3;5@MB9mW33@W0{3Z8J?CTwi>W!WXI~k-`Pd3uBG}TF^;| zTU4*B(YsH9aXnc2p-u472&9iqM?ie^f1G*)!>k^I=_!7IVj@b9e^@y-Au7;+4RR?h z;tM40dzs!HdHa#5#5=xg@*c#1(fKheLMzf`kaL~Rxt=-qO!!Vzlcl04>+Dstimdpn zwdL}Dsc?_We-(ISUUGX!?SC-G7F6flU2(@$oC(Ck#DeO|#M`DjYX8YERh6er;QZyN zcLZ%;h^Vmv8qyIPF19OFtK#hie-{bm>p@tkm}3XKFU zza0Pdrz}JKu}TluqaHhDkrrgq@^|bnFQ_g)Wf|fZ-IeP5f1Qd9;U-y3W^#dg<5Wet z-9!1o!?TnpMcyOvbLqa+vnWu~R1`?WOqBjw(a<;%jmr0TZgyMaR1X}CKWx2fF@)O| zd3e4C-$ zVrMyN(L=~7`d`2{?Cd`D-#Na7=0=Eia4^h5BWl!Ra?lkT(MB#d7|aQK zb3E7^B_EsjMlZ};rFDMH^-+=m6_g_$^Su;hx?cIKgrm8nim4iE%MNN%GFo6gD zz}^EZ<#U&I1rVeeu$0GKFND49BBU2{j@rsE{xe+oc?3W8&TEY`4yEy$B2z=4e^FKwarpzqAd%An-_=&I&p6?lpsb!XZ${ikTI9Zdj9vt*f#n|DHxLu|x z>$4td_0Vs;N9~TZ^ zOqlK|4kL?3Wk^HJ2EizhX+9@2#d8i)<|hxaaq^5+SIO|~uY=toxllvmoD@_rWx~|y zo=*BSXYf&~{B84(W7{eE66f;Wqh;Ko-l|#c;_BV`ZNt;^-_}#WL@XCw? zHqXfFp(GgeyMn6w5~q6xM`osGOsH-?RRxiGxmi)culuQr!zpHnfROpB83?Q|x16ed zyfU4`UFPc+LJeQp4)HtWME9paVFj|-P5%I#s@45PJfFtlPhrH!wdSwh3;lf&(!hv zI%>}a2%UTUBu8x*JV}Yk?x8^j^t1NIy(cg}X*V$5ntHc;;@zI96N+*NINjZf-f&Nw zIsVS^lcpBuc6K^yH?bNh8KrM=t&R!@zTPjcsA)@a?teW4U36^&RKpA35u~Si&M&AQ zI_(a($I}f++?P0QDz72I{8X?CpX21(Ef!*CiT2AB8{gOn4~?PN+Q3S%9EO)0%&?zg z??Ao$3@3KVK8$QiIBo-ATGxUQYkUYn4tgm{vos?)5mj=1={i2aEuIc%xzcvyt{Y zOqRfzoJ-tkO7g%EJnSU&T(kL<*unq@P}}CdfnBET!obyU7gQY~R_im+*NO4N1IF9+ zh+oxhMq+`tA)_GYhoTfp;n5oDV#iHT%=E~gYt;@XYKlE`Ju-0z=w7gsM(8o0<&Abx@gHaO|rPv z{uM5q!Y}U^SHOF_P?{VTNI(0m{-VE@(kBPDf5c72CM8XWIqIsz=)8b!QLum9$_$iI z1DkYjRv5VNop;v3rS?3&3)u21`o*oJY*)!p?80|A~$u?O`d!eFc)Kgqg}DQy{4i z0fAH{;tRlEaFP{mO1w)GVV@YM?GwFJ!IH3j;-kZrVfzFG5DaJt$bX;qQ^?)qxc~1& z0l+fIcUU?L0-KEhTu+;J@DanyfH8n~DCBOQ=GNJIu7S0bPVPVMH5!j2g!68iTXV3W z0sW3k>3SCD(icSy={u51T(>0tjaiofmfGYR`_{A5{<~Xkeh>cSSK&{+%r9!;UqNf~ zdvngy&zk?9X8XKf0j=InBY=M(aWcHZ@oxkyxqIEc9m|rdj%7{jRCO$O#%a8LD%4ls zAK3B7O1f1sB6qSnumR4a9SlDpc-Pv|0_z8Y(C2qXz_4*Vc;rDR8fE) za<2uHRL_}!a3K2k3f=hHCB&Mr*Zxo(iEy>d&wQz%8r*lWv)Mr z>mT=aSLD+DHyBw%FKXmc=Uxir;(=T=TI);uQ>?c{Yg4F7Dv(1xQN*izHime++hh(9 zl>3ure8K{bt+wJ5>KK16tl~I3v$9HBU#sN7x^#fpK<{z&eh;X{*@ApXNX7RPLi_aE; z8a2);en-tfIhpOYa|9!}EXJ^vExbw0(>WJi_ASILLUm!I5D^P`GzM)2JnV;Ynt=F) zW0v6`n}&&?>HYkgCQldU$T2w?5;v3{@$HKt3F0@4CWhEwoa9{oVQAtkyLwdKP6lng zxC=VMu51LVArVk%rrsod=jl_@=@X%orVnos1AWRl{>wQ2(Gdaxk(|=Uc z2`)TgUfpi->dFYO?javRF2ToZzH>1lfUXx5RDYs5b-M@06iiOFf;E+)W#wp@%ts^^ zYJzaU#CwEc;(gySLK#D0VHfW`%Rlw_Ky*cI!@L`*`k3{&CrP~EM&n82#}h{N(YVJ3 z&Ull542Nr*k!Su|ZT5&%w_bWi6%Y8fsTn%{JbOB|y@4H&(Ekz6t&m?DS?u4uc}j<2 znkaHqzo$;sCDhk)j!gXfOWKbfQr2*d#f=U@w)p7p~fZ*zhUCk{;h+X;P#|*G(oOjHK-^5`PWVk#qJ|=P4 z|GEWn5tTSO=e;y#DBiEr+o+l7ZJeJnyiM&KkNkxU;%!RsI5bLmLEcs*^AA4PcECeb z?xg#!4`bL_Fzi|{_`#zE<%y%dXbfi>9W`$gq#&VYMB&h@1rBRarTcbl^UX}CaMaYH z7+!cL==n`YGvg=sJ;D1mmWiJ1s$BPdXRuhs0QXIjUgo|gbO+1f&DD}#<{pZ4>ZD5d zpwLJ(&W>}IZ}R!hY2&9Dxn0~Dp#fM~G9h!8Zb zYVRLgA6AZK_zM50l_zz7l=-_(Z?4{mNfz@r?Sb?!I>>N#a9-K!beTp`Ur>? zz)9mLd-~Bvz#57%#}9?Ad_q0<+6LZ%gfdB-*G-(O*Rly~tP&wiA-XJA=z<+=f1Wd{ zbI6O1+Al@698V0DKufcG(u-DFJWBjrxoM8t^;VWX$kGwpTzJ;m$g+}U30_UCt_0g+ zcfibUPM)xd0v}J3uFzc=Tt>>Wt`y@9t1cWIbYBvrBd@N4!b*SDqXI^n`|wIv;hBMT z)osu8<@#*!P_FNE199>L-oy(+m8^~gW#2H`P%`IQ^I7@C&Zg}$xUh<{wBs`w z!~kC@xK!Y`ircQVl|C5_-_H|aCIl#VxY&zdEd?}Sd;HG`uW&FAja#2@Pv^Hl(xw&t zk;P6Nt0cDpY7PF9#1(4olb6xd;v03z|AJbkz`y18uw05|PW0dX&&v7k*{l@jjqhPj z^xmFexB}5$eI<734&Y&){MiVP6EPrx>9tIWg{{W}jxOTL06D54BiS4kY)u9!4u@dfY18#pd}C8J|~>p;5gxKFx~&@J2dRhNz=9&CJCP4ezf(>v7bakP308 zg7xt;=i{1}?QfL0LDl0l$4KBhSfTBlUY@&Mc$fEk)nSBvxEHjzi%9ort{{bsH}Y8LVo z=Wg}Ph_3hAV!vE(R_rfNW<2g;2vaO}$)L(PRi(@C9!j{okVNV>Yv!#fuwW8BqCiW6 zE0F#_$SUi*;@n-HxzTuxEB0pq2eiLZxBoMD5yB_CB$%@L$Hr5&U!zhiN&4Zbtz(o8 zr;Nu0r%*aQsxbcoIfO3`B!y5U@`@9{%RrfP(bbgx3y43)*J7kazBM$iW`7-;$z@J7 z8@4I4amg4FgJ@mWBiX%gkw2jbr^}0Qs~6;NgF9UKz!vZ<(XU*afVX9OuP<*^$G-F2T)CUzX< z8xv;_?!r0{iyw9ViUW*~zY&iZTXP5`7gvNA#!_*SMa2NHn+^_!@wB2-NQRm(_K1WTy+)THV-Q1yOP zTkPAV-dzTBpa%~SLc8uFP4_rzCq>cpOpZ&({TLGLL3g~dFUe>*-0g4^0f2)=ugH0YQl>CZ4R8x)~?5751wbjQKbBl}7BPB;`6 zXRi--K>a)wcHQeB{7gl2)?(FS3MHs#B>vPd_30hXOfv8cfNBzHsw=CgX>H7=Uu^fp!CiIQE~r-4T+b$p|) zM*&Nz^WD@&`$QuMwWgBMS|K`Z24|Q|F&K*Jkn72O+D8l??820Ulgr9pua|U?x8q>d z!Z6CDkq`DX?7eVVnNLdz7MLu7ETzHA4n^DiBGwbyXP00P!t$Tpfhek2;)x!IB_6dm zF7YJAY?#kyn5zs)SIL5llX)4Q#YZ*`Kj6H1tA08N%0ygeal*N#58;~tX!j}?Kzi+H z0is4<8dU+ca8|6g^`udeYN>h3L{^-TmVy@gmuRV8A@DeGiW3lvL`h+l$$W;4koVe% zObu8Yk&U-4!<-R+EQI(nP>o@|oG;1-5vW5`2(^kS4RzID&`vk89@`6$(lsUyiv$Pk zgUUh;C~4HVX3>gt({|W8agSGYGXy4@A$6e4F4UoFI(;kaUr42b=J3P33{6KDTB-}( z-I2RnT7hRb#9O}KEf6FnH2J2L@QSaR18f*5|1#1#m-7~N`;q?&9W}#SQ61p7BN^w* z@|~jS7VoBnIwbgaD+b);4G8(LK1UIzo>E^KYCzXSnW0!bNrE4iKwr2c;6CD>@*>Q2BAhyCUZ+Cs~C zwunW8e-aE9>CFVh=WUPp5bs>7MNU1x`C;2G0vXN~tUF-A&4oAu75Ub~J}RxHM!8dc z^Wp)-$vT2+<2*RT*rhVL9)>26B73{~4&U%I4L=osnzaMXZh~#zv^|wTdSGb7B~W!6 z1VyZW)a)+c3A49d{@V=9!JhUm|AoE&TY-7#t_+ud7Hs0ZoxD^8NFdfi-ufH*#mNx| zt}AF%p@D=$lDb}*q>Id<3%k`mwd-pPIo=7PzstjSia|KCDQ<6Q;yA-Ma& z{4rk_3fOvg%|`smN64KTa`+ossXL>j!kg!o+D@mUA`IXwD-WHEnn3XPNe{ks(Emt{ zec=FZvHk$^(uJl`pu2p}RSC+MT0maVT;nURL|nW;C7LTh$V#d^%2U{SXXeDs$$@pR zou?n%U4}Sea)vc_jx(Xca~_cu`d~K0`im3`-6yH;LlJj}S0}hLyr29xEb~y6 z<_?UW)lJ*XO!4j%?|wEm#U>V8SZor*9*n+nY;G@%ne^FLAo|MbOX(8v z+;jAXumD*AEP!nQg0usIZR{KB9hjFNB-1b-NRv#GV&00`Jk&cd8-9#v6MBE_eo`sM z|3Zg_LwGn;nUCWI8J06j4rF0Q(>4rYY?#U4Qr46s>u$v9< zgygGnmdZ2cR!Ma|=s>WyG&W7B{s7orXB##D?dcp;OSjr=z$!qJ`WP^Yn z0Pvq#9BSerqjy;+=I22I`wkPfaBjfX6*0?Hm!6Ocfuu|91TWJu@x@dHR)C39|AwG0 z{g)|i=L>;kE~7zMijZXLV)*9}^L%24vYIYNCV#W7D3ayPOBOhgXlBD1774#e6l4IO zm|_28eqjREWAHC%Z+hgntTNAiFNAp4Tr>MweG_=of|sL@B%wf^G#!`LWCT zp{yTAtRHcxMDipPFN`{263o72657|l(Rxx23Q(Jnp^n~Jz#)NNs6wiC{7HAh8O#*0 zUHmClB~M>08Tg7R`RNP>O_vZcceY1=yVtDfoqJCDU zvGK$N{?{m^Zn%R=kV#vAQ4Z|sE8?En-^Fl@Zd6B)9+ckVv?ML15C)AygDeSSTV}E4ZJhmVW_Nwy|Et^W288vdCP**9FR4*Ag2O6Yi_1Y37Yt+tXenp|D zrI1wv22)H8R*lVSDwYL^nVBP=h0t4qCd`v1cveQM=vcV74w(ce0bTx%LcX1L#1M5V3-1vJwj#fmY<=ptnUXB8D4tuAcbdMH5@5% zq*;kLRtZ$B5*$vb>sw@tbDxf1-S7g(#p3b8!U6g#F4q(TqITiO`Ns^r+J-zvfM;el zsIe6X#CAG6DjS4n;*o=*{|9e3-ou(^dHFgwg;LuEMkWN#TZ$G<;W70)f)PI84*&Q zfe(~#G4PuYg4W@y(_#u)nVJ`Fh7{t@c|_IOH597O1%Ll}ej~JtVE&2k{K3c0fgZ&EEj(FO08w@1WN4 zM<80p%nai%)`I9JaQ%3E4(fX&(g^sQJDs6-tVXy36P&xWa&;{^sroCb)ASEm%oNI% zq+qa@<^3XA9M3EFzr`yAEE<+o>=@pN-yrL(47@*z-{@ty zBDwt6iY*Ki{D_mtUa`>!*N2wk4jV<9nmjw2$7#q& z3syqJS^d#GJvD#b{1={@2=iAbRPYP8AsJ1(-Qpd@mKis@-8up;0C@&YuS! z)$`{Af|?k~^!i$i5OcU@({XXE4uXD4+S5s-2PbOC33fjf>4QkaY@n7tsi!&e1Pe

      TiU$Wq`!&9p_pP1`&4j?4@ z`jf7@6}vXMwn0cdeMP>h*;O1DZkVdlx4uIQr7c)EG!71bfFq^RiDu~q2P;_Ghs4uM z4MRclCyM%Q&mO`jfBIjLz*(tzQE*G0AcFM>Do~~9iYw2K>5A_PPSO<*th1-i3enE-)9X!tsHm-#|Iy=-wp_)=mfNi6`^|N{@=4$>j95Lpab4bT+7!5sUlv zZUpJc0i*zG2!eJ|I(*AO8<)v(i@Z7^Na)svr%G{V%zWjK!46w$$HH57p9y64q=TBOg(waGfL;kqg(i+ApAZ#(9&OJl+DJoZ+`xM{29J5b>fug5IOrgP`pdrRM7uA((GB}JV zKDEnSK3-ure!Kf}P9Ug&MmRtGDm5y_extnDUxHqTfBDC9=JI`gbP2gQ2B1%8F`!4B z`(Eimvb6kIVEuTG7z9%960?F8F54U|CZg;m;tF6IbD2t{i%VgAR@puEzyZ434m`Rlpd!W~5aG8L;(Q(c)ICnT|zJ&zG5!EY3(39&^~iu~MKA^O5|BFsGRN;P zf&Q``p^yTpT}}d>uAzW_OOeLgh4c463-N*fkG6M#kFvP_{}ae!MB)YoMbR2HYCyq& zS`!6LFz7}X36?5WYN=ITiasG7eT3pi(JG@z*bRO z>#h2%i;9=8+*L)lF)?Nz}L`4q!EuC8_r)vx~q;_^xbOo_X zS9hAn1I3N@&F86kYs6|Yk?*(+sdd?aEUDFNR9b4aTPe-Gfz-OUt)Yw5TJSxIfja5% zwamM9mI1}QPHTzU5{s8!VvpWKe%2{`K<-ytR@=7{H}Ntp_kF5q@C(#xZyqwPK=>aX zv;c#qCjW?c8MzEO4ea7ImusLnizGg*HEjJyF!gL57LAg_!4z;ONyz(m+5NQg3@U_) z{B72j31I!cM(dEYm9IV76=T=jBat1tc>=h9@vto1-*(P^aDP-cNP`5a6ZboxP*pwS zewd%t$NjUGH5>P`f1>?3+;hI-ZZ-3)PtF!XwOM#yCwNpM(C>%BufwzAIWnimAh+z_ z8v`R$BiVpZO<&HYRxfp@CNaw!Wb4$ev-4_V!NzvIb&SQ1-NF7nT88tt=2cJIaDx4Oh51a z8(17Z9L#-6T^kAeSbs=k+3@;4w&Y!{BcG?3{2*H5UWn+HqX;Co>|gvEUVrF_4UY}y zmyW`;ruvO&<17Y~%8ON;g-|s9d3@6W?tBh#|F_O>&n(nYZu`}zvT^5Ebido>xwgt~ zO|9lzJKqkT)kkkre`+wDSIL`;aaZB+O`!F!MeO+-dkuobP9gJmC7F3M4Vms zb85U_F%w@tzL-pz0A{PPZzni!%@kHsP)MPwico=~wOUXLncVeI62<^5tEe7`iQZ(p zIf_@RmrZT6P#*>sOjXFClMW?G4Ib5NCTqok2fKHDN#sAO75ZE9i5Y;cL`6An%bUQz zU&^J69Tw~Z_2Y;zF)AX7CB+NKF1p+!KmlnvbbtK`p8T-?@gk)vUFWmfrrX)IR zt=nv^`_6UNx>}Od(T%%9Gu7m8xR>A5%g)9X_>D`y2{+FKplK*}x-YT9HUZL(=|THD zTlWhSwpYP=Z^X*90}?MRr9Ch zMiSrMOY}5ta zPx!mLno#+=`smee`Ou%9AMt6BaaDDEtBx^!+%2CwC1@~$%$vu>-|Uv}KMZdfong3M z_TIh=(<~gRMXk4d8m>Z+y&jUM;o2JTwo>u;G%OR&#Puzqc;2=_!cF|)V(nqb#Od#4 zoD3VXJ0YzkO-578n~IBhA8!6{eI)#F5l`vQty9Yv6pzGQ5N`gN|NVq+-_Nw~F}{oP z)J&035tSpqI_anXf`EHw!}jDD38akgANuqwCJIy7=&y|50Ib)=V&yt&;P-0Y8g-J9 z|LixqGpxLQ&Y6+X9W-%9Wq9cWd1@qDOI~5(X3m;htdP}3*gH0D*t5_~L z-mMA7Xe!c69rXr$ok4okJtV*0Y4Fte$n({W&%e}T;(yu_gJ6?N86Qh!g3K2}nu_x+ z#WYAd6@hvJHJBt=tR)=W0-BfcQ~cG5-#Z~1lTI-APWBP?PvIl?`oD>_kL?iu#4Yk~ ziGRq{srh9qQF9Zax~sW$vYmkx`5p8kLSAy2=hW2Bn*D0i)RA5Pp`TH|RlHHiwEhxg zlkVHmC)Fd>+WM_~`r@mXySA{jf$%{CYdKv(GcmwKjf&8oN!H}FfcvjI9S+h>jEokb z@a^>!)XK@Kim!aqz$2>!$J=qCCZmbPeIhMq5*q@_RBqOK+6n4Bf}4A{_11&m3AfveJZ)5?gYb;WtmCsNG)SZdzcq#2wD7jV^E%A)=@@89aTpZaY+c#&8Pxv z?c%+27+6uP)4pP9wKEM}>!*zV_4nb6O+?X#Kkr=p$91;Eg)d^)&<2!!KasjmaDuFX zPD4)r$doVN4d}0j_KP3Xe({2x-RVMw-Dtdr@fm){{`qSk^c`RMn262W97kS=tEL%F zA24-B+}&W$E8L6*@o7qnlCPB%`_DD1)h`7B*YY;}s9y>@aidB@qE?E0DwVt~9g|=3 zr!6gia)i`*+uDpMu<nztG0yLnN~X)ZRL5A zHs(B`($(>uUg)5Y&_1g8EU8guFqT-p@S}%LUAdBF3wo+hM|1(o+;Y$|B?NUygs!I< zk@!Y0S1ka#WmBYx^^x-R;amSGU<{KThGLjX1SJuA;TmjRemlLByEM@9GFS$R!BQET ziTw1g>ce$rYUH`FwjsGz6+rn7q?z>nI|#_+JA5esu7Bn2;oApU|8V@UrYXRJq>yzntU6N=ARl|Se*WQbU#L%^E=#q zsP##SQsy6}Rr6u?L-Zcs9|;!t=s|nNY2MNm#fwQbGj0)gv#GX-XJd#8xtzjq5z>8* z&$pX8@i(86!TfZm|Jxufrs}CE&F26q7t;b>QZz0aKc>?tFp3xHN;24bgwG#U9PVVO z-25Z|+vdMgl~y(CABSVlu$tOTdJa6NNVZ6PI`l}z>q+@9$L@KSmz_SOzGy`}e%gm(kY85sRdzcm|LN14$2qW;lTSH_Abola)S2_1%4qfSeZwVYZBls_EVh&}u=mWF z>;CZ%f4>?Pe;52+32oD0hz^#KdY9eg z_7LqQhRwE)#D=;d=%wUh0_wu#S*tOHx>WaXT&^+VI3^^+-D z{nVzC`Y-PW;X~JoC7whg>&UfW%IneU;bu$PS*t4L3`ASo`0TAUpC~2(JuFYjfA#Og zN>P1|rit#w4iebFqs0DPmR>%9x6r|(~|Wucm6O~oDCQe2)bU18O$3#wX8 zH#VW^VjJ)AqZHHy|Ali*1!gDODnL>6p*U!A@M$uL9h*1;7H*o$xTnGb)G58vSOK5O`BzUs+nensY(E}s|R%!dbjg9jXq zvD&ZkP2S(r*kvHU+59Yp{Cx~mx&>MK-cBDH+YPX!Rsz!_S7Wl)Q`;ir{9MKzgt527uu|MFiE$WG=pw_XReiwtOZHJ zO;E(gu3ZmUyVONBD?M`#I*{hI6bw0sW|W7HCeeM1ZVTk(82E_|93ZJq$xA~ zBU3)#c~dZMcNjRaq(BJ|4nGUJ;KwNu-p(5jZ1_qt+Bm#h8;OS4T?3`^v~BYJ?*{E- z{jPR_Vu9&CerO%`9{&+iZ_)v@&pYD)GMSDjp7Ck$)8KbY=&cKk2LD0Q4ec3y7@E3&O%$d0~a1Hj{vvEvI22Gw-^A{A~N9x@*UKq|^sYoCg zkbT(7*va*wNJAHxWaQ({Jr=EBbpM%Kzx-BmYTmYpHR@sCI_uJ@98;0?pm(@Q;YM2R z9(B$q>>0^QpfImE%m(IZCgxW7XI<-xb$?bTeS8?uFDD4EMF3V;bHA{pw z^6N_bMc|NvwGk5ukCIsYosbu$I>dn>-|ZmZ(*tCwIc7>}or;%gWNK_z@47Mk?ZsY0 zOK6KL_;L>g`TA@3^*23y4Gba`G?2YN>jWjrT#51?N@)9kkT*+P+AaJ_4(r^Ral2?5 z-_rE{c%2*H8sol)eY3qwr!uQe@wu{sR1RHCCH%6H_6{GBG0tiq!axHONifbCqkM?Z zLE3gbjqjoh8&L8)`dDJ+y6^99Y6#>>LAlQbh z)?N|8_TN$BbXTIZhZ20f+kL&Kr?2uPnJP~bZ{sCytn$N;^4OZZs_Tel?tZ%c&nf>K z@aL79p66{VvRV4!;z3HWFIXzAMCJ#CN~5KCdXt*8E3pE$uU5*>^z@R&pTo@)^IP1D z63MCSUuhxiwpWE${;(BHr|`}rXdVhD8g3PJE!5a!CRQC&tEhBQM&&YMEVSpKQEYEh zkN^nz3iP$!2xmp{HUpBLK~~Rj6i_{Hr?w#H5@l=HxnpNwO8zLhfftp3((7^Is3+>% z#^7YimuA0o6&uSbRGz4xN7q(dLC7%+JDv2tVPeR&N5a#PB~4mO1f+~1k=3R;re%xz z!M(MvgH>cu&vh_AvlFyXnwFZBMy{jZ4Ea~@dPl%DYreEHmC44zMn4z9cHelPN3!{#_Pnv7qKnewSX(zz|N7Ry0 z#UVizEd_^<68DTAKoW>8Bg1)XM4h-4t@ZhLdd1vA5z2$~b1cDk+h}!X9Zsw0Qq9kA zbUhKp;UxWm+Xc@AU&ULk z*9-{ldDRE{mJif`@xDR>4bX_Cgy8{r1_M@PcD+1+uQ}jq&4jcvUj>m?%M5U25SyIt zWJQU6;2JG`NQ4$l!OikJN$txy8yMd697cWSUinH|AS+j(kn`X8Akc3;qaQtvcZ(iH zT)5xk%DK?WnA4lfa7duns68~weONoD)OYE2ZD1v# z5lEbL!=cXeIdAQl5xGIXWQw$|&J;dD?zjs*Ntd= zQeo;iod_auv~t>@d^A;q!qGQB6AUPRjmD=iE^EH0I)U)8jY2d&t;ir0`4DVq76%Yq zCXH|*ct8*R-Pv-aV*@|{%SZo!N1}=%8>vkA@ct)iYAG7c0xM(Km#@4dtZt18+Tp`Y zm5S3{Wd~M*Ms4^!`Z=vxPD%`6j1ZYEI*}G(pTo7G*}|#s1Ag){883nne-s%f0-wsD z!=_bqUd(u`cnoID5jGBh84vn0%=pGXx(@vL_h=BpLW<9f(0A6*55KPK&>v!DK4a*2 zT)Us4-*EQ<4E_HE5d5KUDfs4DZpe+V%12M+G2DC-yGlYp5s2`SEu45uFLpX_3({R9 zsqbCKKI!R(q%?hu%#}!}FhFeLYaS2gbL4r1_YVJ^`omG*5^|hP*MtkiCkp2v-Q|7d zX30F~>zctNPi<<-+A*J9TgL3M7%%31RP^4#`>aS^(Tv$sS2BQqVIRO1%cg7lxwp%^ zAExv^on(jI@o@5m&?HOUX?*PtO|$1Eb|svY+XkLZiE8ABx8r^a1URj9KzJZIaEA*C6QSWcS=P||& z;^vU<{o_2nW6_g57cHq$7v3q%qCrL{(y7O(ln5m|>=<4bxf(zg&^SjttT5CUfEU^rJtpK~hOg;s%kyGKhqp zYkcene1QqCq%p0`JeUM07jxWrz4wEe#(qs_*|ZT$N;FnbEpx5?l zg+biIEpsk5KQ|^Q2<$13DY!oCla>dC>uZa1Pl!88&dDup@sx^5Hb>5>F8;_cgF|sbr{}Nwl>nz*PTyr7lUPf zAXb}*!hPuJm-p2#%Vd_$0*>-K4_kOY8|70_XE3bf^B6KZNymPD_WAmAtXt{x^}jjy z-#TA!@K5Z*do2}(ggANq8=8Q!>Ha;S8{MbYx`tZ$@stPOH^4j4c9F=T6rZTN5`vZW z?%+^FeQ(_~mMGXhD7eWu?{c;^0bT@Kl&oF`tz|q4fWsB^6VzyUO5N23KRO@T?u>hD z%$Tulu|UNiwypb}vV4*8bhRU3UKD`nrOq&GiK=6*nh;L~+~%E{BQ!b|Ggj2EFQLasz8>b^U*d zVoj}f&FPE}t7mWOmpeo3OQ=7{OYAi2nzP-w!1|y4x)q0`rFp%hiHmb}LZv!fwaMJ6 zSKjiDBniCj4#X)WMieA9QUj~e#OSx4J1^%6jf(e*=N$PK@gVwb2+DA@r^rs$L={sl z^oP?e@>k14^1544+(>qvN2`gJue#;y7BIFtwkvnW$tHGn67ugHo0>x*uk6=dig0W| z?A_qjAS?nLvY4&`8i^0`l^*x(U5S5-H8nNBm12C9(dr!WseB4Fu;U0sGR{A#$w|4N z+bDClO1L_~km0uj6+(&Vp`@}{U%@>~fTpZ8qlL~pgza&oeQN~<0#SMm} znzU)PG(dvT9pCO_{Ke!pB)0~Qne(I8)KxmqbMLeIqi?MmT)OTqGMJbS~wsE?B&Sh>U~2ZtaVbh(Hh281)b ztcUpETu_);@jr>ST&u&%8 zXn(Y$g!qqgpF`rBj^rzRB-+p1v&WVHIefd~RgFW4=KAyBxbkWVXX`}^;v|8bAhhY94jOD}@A%_CQj4zTJ z_G5AIqm3VGn#mK$SRZWnkyQFzqf)-NDTSwj-sFTN2cD<-f%j`8`=N;Kk;E-qVxzy&EUFkG#JcKdZ{I==zRrA2Hg>fo+`o^0s`_yM z3k#Ezpis4UJ}-POl2(!ky?+iqBf7d0-!o+veV)V7QJP|T;X*_n?2{ZQ5Y~F$)dp=% z?qvp!#@nKC?#0|B{mQ%fT4nUdHlu(~2aYIwDx0@P#J9S-q6kdAT ziIt82I;sA(WPvy=?r|p*_LHl0)6(nF_-3z^pRJwLZ}j8cd}b!~C;N3#5w!nN0yxJ4 zM>EE-z$9@3EKs8q7O)f(Wuv`c;cv>}?`qEv*ruJl3tD;B(9XB_oF5@=Z5h~pYlHO6 zQ$g@k{A3IHw$Rx*UT&dNIF(COqEhm>5){tKjr;{$#=3Y43n#uo?cO5|!lYj-!`)!{ zT&ud4=iVv~cM0!;E;%-h)VtFL-0b`jx>}9Yiocz)IQsTige;bLvi@<)ir@8lYlM-E zP)8v*skn3gp-NH7NkzXkma=}bl=YK+$7F9Q>nMBAI?GblT}l&#IRjqz{iW+5A9cPu zwmY}3kiWe-dCI*qb_2@!j;g(9WUi3A`q?31A?ws8Ma2y_jm4I3t2f?g9MuYxXrfCGcvR-j;gcMWv4JgCQvS{K`MXRRtH3Jq#)<5{%|jE1+J z)G8=a#zest0|fVuVm<16iBg8&>Y;g-P4dqWhOAeL%rX8;bHYyVE*M=1ErnV%$S$9c zXb>z!tKIpkmU6}*XRMDGoS^-sP?aUY1r$5|5mN!s*Ac-E_{t`? zda!r4dN_Norc7HsxB{K42R(Zw6C?;0_zWzQe8@_e_1npm%nK&;#`~n^{f@O2BQdQ6 z;-%aETj&ZWU$kqbFz(0iI1g;vZIZsIV@n^&gbQfFb;n!prdqO(-W^Zx@ULj^+Pz70 z_TRl~nws6cldZ)5x;L;(_tNuo#^iC*<=OqK{B&Rab0;|EBgb@|-n#n77hUYp6Jez zfTJtXvC)}sqeL-Z>D}o2`RlD@qo_|*?1+ilM0m&%f$XXOBPRL%mo6O8ffZ1}&SoC$ z=L_U}-6cWhG}QEuO#D1G(TDHfmzbWTZJP9HC%C;N^Ias?#sZCSjVr9jkx>L z=S}h)W=C5i5d5d9SX%<(bitHd6wdjY{2sYjak~uCAIHkBa07$M#gXCW3pJ_~)3gPS zs)VVVmrd zf8&j&RG+{X1XJnwTr+mD$WZyt1(& zZ!GaL{BF%WRs`$Fo6!BP8pBWWL?4{=6oB>8EnwZUChucBRL)842Tb%?dF;bZ;b~Gh z2LJ4J12DVmPbXd0oqvCHqVeyKNqXX6MmvKs-ZHuSEiR*jf5o@rU$Xf8dq?pg;Rrr1 zw3H>OQBT0Xj~HLMx9X$iZt-(VTBwxx7m#TN%c%awfWNx&uT__pQ`LSx!;d0z9U%XP z{O*}Mgna!29Xpd(d*olpW09~=T~`FMqC5V7VRHRjFrS-Yv>$`>g4hy8KC_Y@D4?f$ z$Alm4cOmz6vC~A{i4Fr-CR}uw?j|{qhC~w=+H)|wch2U<QeD0?oVb=6#mf0=2dtfAsoyT-hja(Y&zhub+1n+ntMvo2h_+irGzRNCMHz{dZ`K}I@Azlc0F5S4NQJjnG&IY zwhqhjUit|-0xod6LhxXAE{cNvd}6RU-BdSoa+^m(Zcg0^q8im}8W`y^Amt=~r+L@U ztuJZ>@(ZzCceQlENq!@o1i8a0Pl?fgT^`s$H@_fr9)<-qjO$<381|a%z>DS%@9x1) zlTikI4UX=t&EY|`B0QuBgyd_~bXx7u7l-{<$HiX{rVmx-P=nt}28xnT$w&bR%_70f zp=aSQ`4L;J1e&w3D{aKre8aX}p&XoHIN2(cyEbo8KLUD!9JbptbY&?q9xW?Z*ytGq zX~>}%zr0zqq(*6uZdL1A3jTI1`eu3PIg-HD_QhWZjf z2phJ-^=CX0qIDfas_V%=sRrVYjYbE*d@Vz}t|I?vdsmQm)EQK6!OYwuS&=G#GF`JO zN~oJvv)x`y$8I0XoC^3Nh(IJ*qBI`Cz2Z76+dmqwC{hMB6N<*3%}o^Ea=)1WmZ|+$ zsq=DDMW59J>wma;HoAf^<%XV+mjDkx%5)-Bw@!_94=6mI$}U-@-RxcP_t zQvV--0WW`w{sW`X*xk{BH*a7k8AJe}aaF2zDPy>QF8)tC9`Za2q^-wFd2K(+f*%n< zL@4Qt+}rh`P*~=7MerLoF)HkU+3s+J8rT{|^Ul_&U%?9g?US)JzJ9lCjRWqFCi2?H zB`UBr?yc1jnb1&uL}PBp);OR&lDN!ljjBA{zn68yevT29TeWcKe7^Bl%_7mRV&_Mc_#4_*I5 zD00mzN0EcTd%91*@88kUf)^I7toQN0e)~QFD@JyccxykV1V3t39_gnqqB(s)zp~%c zg5NA%mG{L;#1 zj#0?9Wba$&G1CQx?ica-$W(5ekm3-l&<2@Gf+sz^g(PzG^-^mkOIZzBN{lT_m$=Jt z$XCjn{{~YvrXa9dhNT0W@k-W11Hz-Z`Y0DU0xrhUcyK8%9OAFLXU86X?~05tx-c)dksf% ztr>?$y851If5Z7N-Jmwdwy|q^1KZgN{!De-nYM#nrA;+Fd$1!A@AIZ2ZLF|OGNwe= z9iY%$T&TSjYzy3CA`1j$dD8U_f&bOP>>?#Xe?AmC{a^)sNfcNwbg$>7EOsCZRccW3 z8ry*~|C`~A4dX8#AjSr#1$TeU=faPUaaa%BnEX3lZUQ7PxJcH4j5x)FKM!byE5X;;)%o3;li5E%faKc3&}()i%%by(BSwttL1>BjedA(Z`Nb(-<5vCg|R?XbwHF=mU4z-h+aeC^*$KKO0b z-8*cKnROfsGijPYvgq^u(Qe!|o2bc}vP@JlTc~TY=D2PxF;r+a5o*j6R=D!Q8#-y( z)z?YO+4Tk#n#mtm`uw34rj-W0%dA@~+(m2X=~+;^te=na%lC-t3_9Iul2v-R51)Fn zM}|-()Z3N5m-~Dn`hL(z0#6c4(L^mJ7!GMCi7as89G!IX$&I~whGw;Q;+YbN*)IjT zRy~I3G`ETf#VOv>!!$JhM}|cob)-!nlSg%NnMl*Vewh5+@BLWkk_K^ zH}5Z6ZiL^nLdxQt{n&mw~Q zOH&^Oe`O0V zG5S%G)E~`mG*#k(`1ibV^jp3?-279@hL?UJKfLtjgW0{gfGZZ4UUG<`u#r#EmVv+h zajpC+3e9z)IvjnPBiVQJPD@W^iIlId`~3Wg#g|shpItmo*F!|B=0}S!!9N|Y)1AGS zQfpYXE>(u`QsvO~T9?dUP<#gvD(0^!PLOJM=}t@UD85UO{TeVtBu2l#mHuGMZGID} zPWxsT*EZqYc|pHuB3fKKu6!ji#S1U!7w%tGT+7wQwR>9$n?AevM$Vu-LWxL%_s*%F zlL22H2Xw}Fp=xoyhV6 zb%~2{WPClZIzIVe9!4D;8~vy&UmedoSmp1dJcB#(6{EFFNRm~E99|vgUX|(92wr)Y zp6;S37zcLY7w_&vQNy3X#*rzYOg?=P{SMXnG)_J8KMRRS3pZKcl8^pWUy2jKy89KK zqhP%y12-s%kEg&DbhfWGHbiG>>ieflP68vgCZFr8st}zw7a-5>%d9f%x79zYC;x74 zCDW0UL}=IXT>1UUB$*y?k7~;CBA+89CKA*6cAG<+w}fg;gH8Rm8~pHXV!$5iXu`g5 zRd0YL3Kocy%h%U`6E3dr!xqto6cj*60FeQ#9{Tu5^zYv-b_?Bn!Alg(INHA_0(}|v z8*Kb@vWA}Xfo|b2sMVGfwmc~G+Jzl7&qV09mk=1eEua+vkF$DW^?Cp3=Xb{x^5o}x zUOdrL;V*of(Ozs@g=X0@>FBHmjC!kzBOvTZAuKU)v2phc^|Q27k}s!J=(AS6EK>GT ziO~{Tm#?m_{=Ms}ENyi4j)HVo$)~RNS6AVGxgfJ7;^tnhp6Du%UPxU{6#V!_u*$Uv z3|vtPe_yr<*w>Tqqk0XEt*OXZi*$O;dH*;hv;RUTfM*vMCHr;3gzNv)ZhT?a8{{jl zKXhn{x;BaaKYE($zt{!u>*f|^XZksK#O4v7CL8tSkPy`|li9+amYRkW=x-qCSn@lE z4onC_$FB3z=peJu(d#OWe9zd}F-*M?aJasdk+|(I!V9~E!V7e;o6SyPBmzciddA2L zefNQp-TPI*v*-h?1nX;cZjyRkBlbw z_JyCbM;Lx;w;ULL)*lXjVh?BGXMJ#;PgK+;g4r}_Klpj-RKw5JFZ@5_=l=Zv0Dg9e z>SJpfML!MVuLh~eHjkma+ib%GIiFlm)4{cdtue?r`G>TJn}5Ow_M7Uts6O9y(vaa1^-EzH)b+o2)-LF!u%Wg+zk!_r74pO8B8a*)dWZxU@vHvdlX zP8#B{3PM#!V&IZ?QL0I_NtqI@7P4vRQKA_SYurmak?8J0_Cg1aNxKI*ximm$*4(d$ z{{wyxo@w~K71{KE!taJK_-%SH3%_Td))l{-C+-iwPo2^QzZ0MT&*67|-hUdu%S3Yf z)<4d6^Gm6uS&#Eek(+CM{bT;2An<};IRyIp$Kjzg0!tl%-u(p-xG(*q`DD77DEJ(w z%>GaM$927XM$ta>kEdM!VYV*%M_qA46v^1A?~uBbk)anDd7X&xvGwZ<^>xz6`bZy3 zeMh+di>ZlHpnM-ja>#d9J7{XGi#aGaFQXT|Fdai zly;wN_pN$#GOBlJub$CjldZ|PWGb5#4@m!b^g=^P;ii4jM~N^(znuOttsfXU@fTSb zdFYrlM#v|O+&H0=KEPgO?&$I9oAKVo`6KeK@pRp$zeqMe0{~14nbN&PPd0k{5+g2<7nx^@YNeZ*S-lBgj zB$bhTv89AsvG-NQ4O-vbTxYmjB1urb$-gL;vl7AjXLhzGGDTA*MuSlAzQe_z-s3-Y zc=WZ8hLh8HB&+D`;PK$maUL@+WX9=mw+x!3@_UX~|E1?73hvsFMrTdtBsq;qvi9Gc zBvSRSbNM!1Un=VRm2=tP`m za&3+G`yz+S3UGPB`ZO*hnYf$+E~gzZE}@Tq9XKA7&viqglWzxzzYlIQ{FOZOf5P95 z2Z6uS7G>ctd16=m-4xw7{=RcuC;ob``_JI-+<*Q*<8S5=Xb%y6gRBqwBZ6tlc_Il_ zdRyQB5IWb}*qYKF$JJZ5r{^Z5e(Kxb_W^&p;NSe&@F)Er;m;EM!JiF(=kEQtKYZJJ zjz3|l^!mMJq3rRImicmtGru%%dmiM)*}JCSD0^aHo5YP|-uLtje;zEmR??ne?;_#3 zOp_`Ym)4O89U6kfHv9+@W5vXGh3Fb`u?UKTx3=M(@5krj!L7gd93z@C7-HW&)js*T zb#B@y#G}`)tj_+m2K(2cx-lodOR9)c*@YPA3dY&rpmzJSyL{v%KkUYQNHgs(PQxbT zwm>dNKVl1HP%cUQVdsmH@KYv?5_`YI_u*(Vp9{0X=h%m)bmUaG^1^xA-rtdS0;%CS z(C08>4|m%ji$Je|k*xGCrkUm|SDsHR*t;`eTu&;~uXa{CHd_GwzJ8r;6w++A-cq+q zBD1vKSBD>a?fe->X;HfAwd$4Lan+9n0rbb^wx{~oYITd2*2h%NdmS{KKbB!G)Xs4c z;77EzCVwli{&N$z5j_8d$kLCc&#Bp)Q{u0Ivvchr!W>Hqrjl5Xwvg9;ycYb}&JS$v zRbX0kt}+DG=~?--|LT!yOWm@g0q@jv!sXZde3~Z=<}Tw$PO5JJV?-N!8>d&d{6W-R z-SU_@e8xI@*AJdL@4ULNg_{+$uW@d#+PYJX{*r&?ITGv03pa1(m-5t}Sr@kS^US~D z=Es%6cesHG!p(Ek6karvvcIz--1MS(Ar5R`W&Bcq6r9ksS<`<7^ZyUwhD5;s^Hgi*r^h4#cx&+)$RGW}lPd|bN?YD}F9L*v~$Ser(;s$Q>6xXN)FO$@O^GV^jAj59Fm?85p9x4*N;`7F=McE zMBmc-8IOklLF(ICpFGLt1!o#oqo`#e6;SXSncW z5=7gTL8i`I!R@=~J-wZ2z`;$cbu8G~a#zJiT6}rM4VIKKk7Or7s!P&1+9dQfq-{hk z1&O~-N7RSrlGLB&t4Ci?~IUW2(6Sj7eJe2bl&^3WC%O5Gil zY6*S%9c}m=yMsjWXfjG=AjjXxLUb(zT+r|TFmeK<1W4+NoE46E6IVd37ZpC|$*0bqJ0{)PDb`tkQwP(bSBvLQ=lCbiYFhzq?Sn@Socx2P2VKeP z0`}LIfi+(fHIC#`ZnCeL_WHhs>ylc&RHPxT2)sYb*qep~s*5@{L5H)8Blg$kl1V-d z%h;VT0$`_YM8^}%Hynyaka9rYd;T=G>N&|ZQX;LaiB2E;&m9QPmV$p-GI}qG=||qR zZ%8eIeF#)m_Bluh)zmH1y@%d^uOnII??bBnwtg8T-5klFKiWZ09Q(+;^RPeMU+4Y> z{3B?IP{z1v%N&`4LNS|Vgm&UOH$altXKvy4cqx6*cv43nKNf|?wjq8y?W_I<#}w~A z+zd3TeMWpr{0mOS>kCbo;?@rry00~n=1=Rx-ZMi*>w@BTT4zh}p;~x<)CY?@@Ds+( z;(e*j6=p?oDoOhT^7IJG+A-4flW>|ZVlDKByqAfGCm~E$ZOZK_fPV%|Eqy1L4b&O4b+dbOr=6ougj-kbK=k&@**wk%l;sadfMU z@6K|>Rbc&O#%dt+olaTO*&kC?w58xKOZXBk-%Kkvr#MHtK4_=~SmJ!%8)~i(k3MKJ z7FpI9NckqXx{0nQ2sJ>DIOx@u47`{`;g935a@9Lt!|rIhcfmIlck)2s))BdCbU&cf ze_fR=wgz-cT^qkA17ADuH*+-1p$GP=)?{f8W3R0G$Ee&ol^grXDo;6z98Y2~lp&4P>r^WDeHJ`d${6N{$D zY`|>7B~F1ohxli1Mz|f{YM*^c)?G2OpTJin*ZL|?S4T{jGmoQ)VtlitIa6y z&9D~W_-rFl(Bywx=pN_r7#n@H+Jw_(K(_IMZ}DEoKu2He=NH>~r}(`=-WGg;53MSp z!H2WO;UGNMyXG0zblr#qH$la0WEh3>&b0>7V$>2`ev9lqled!(<`=85 zV3rT9((>ULCk;AKc(xdf$$d@IPKmUf*;o3fr?+t(9QS<-hkMr{q|2`9dJeZgd*SkQS zR=0s;0+=EJ=HB3SZf)g6fTg33fWD7FEeHaI?(yc`zpVpv+^=L2Frd`%t@~7i3nr-U zpxb0H)o?F?H1qp4^sKJ^8tbM$`enWPjsPR^UZVj)pwysO*WKLNt1ItSotP=MV1jeY zJ?2kWP955*4w%XS6}VC5l#yO0LO+V0W_5^!y~4js)ge3~@xF*{zofWPnUJ*=k#N-x zjg(%72IFv~Uus(VGWg)Fll&>P;!ixN`4z9c3gY?@9Vq?&E<%`%iKM&t){AcA;{wYfR zQ}Rtn!x21dK$XveDH7?*UNspgruZ5C1EfY@8JgoA^hIzA9wOjD<7k5&uPcOnM}goY z&lG||g=6w)Jg-n>v%rYM>kGp7hXKaYb>sneehv0+wAL)}<9#pjqlLTEFSfwc_e7|* zrW13LNJf|qzP#@cz1h{qBRIpcuu|yZ<(gpKr%9BiqiAYD5|#k$7kLtP(onCFR}{V1XmS zY99ZYL%uL!zrkh^KQ!EGa+;g8+}1Pkv&ZiX8}qk1Y<$NWazNO)Kw4w2&U{e2V{Mv#a3;EG1m-2z9{x3^B3gm1LKQfYd%jkW~;-LY&_Qo&wN%uj%^RmMZ zHu%R6I3M+iGyz|4K#*H5p4A@JpX&|R;nJ4S^U8=$g(h5@>NVn1mL7GS`3rRQ2du?} z_xPqxgzvk-u1^6axU&$!>fHAVgR9%rR$#BU)Sq6MmxVOWN(h%sSM8DVm2d5 zyOEr8IMG{^%gfXVe>u3yO#rCP-mh-f3MOc-Y)It{Ccf*g<>A}D!?HTO^vvE5KULrCC2z73dPICcR%Q(A)-nB>S4hH>y= z(dy4=i`69>A$er;^widjnfmU!&N;35&TeyBX;9KAV<#Z&huF=26dLe>hkvX=W{zJ6 z0enu=Tl@v@h(D)=vdvBY59O<&!2x@34;fXADbk&9OMq*`4AHevxC{O;Ak^^3ye9laQ%sm<^%r)tO z{51LTwl60hTN3H>a>xDBMqj8kDo3K=*Cy25_Lr#6hy?)i?Q@`i zI|3Gg@vV(}Y+Tp$XZI(@GBAiYzqA^9B z$}F)p^mdlfL^NR~O{i~MzurGd*#!cHYmz%FP}4-5x8sZ-xq8|mBOdHTts&WXgTVvNhE*CERGkW&3f=VyqDEooH`cjz+t3L9@N>4NW zy|n9H7^H^*>a+@qOCVv)q1rMm@$z2I6hLBtL1rw~Hd;yY z?X*1lZ25Ea`Yic#$d-Rg{y6*U6iw1u_V-}@VCIzXixru^8-?dYD3Y4a=C!U^cz(pE z-Z`|DJ^Nv;kC6-4fKWM~w^xQ&7Iv(f+SywOj2e96I*TE|5c)qz~&dB+b*==Q@;lGKjjT50i@jbrBd+{mZfLGzA z%E8c%!?~ZC3NA(3#T#usdm8INa~T6m<`TID=JS>HLX#0EleU{=mvz=SPlT zA4yE+)s9yb#&nane7+`X=I&L=n;Es`1VhIE-Nf2@_b`ix)=pmV4tg<@_>&Dx?-^5W z)=x*DABh07;)B@ygZ^ax8#fw#66(UuN{P@fz4X{Zp$oa#D~m#Zz-OOA{lT5*7x1Eg zF#5cgXU1mk`5IiEMPZpa#S1@e!`u3VPo3j^IHeuWHGev1sH4t_P-h}k%%}LrtnbfV z?MSoKNE50&nlGYC3C9eoypKo9ZF?u(az~Y0cVtlIt9;FF_n7M1U zXFL$biop5hFV7vx8sTU(ywd3<{4JlwO;V#8V{6+h!b?Ae;^u1n2xiQt{p_cgDPcHO}?#Tnp=2IP7a-_0AKfRG zcEPp|ewG_^BNvtS5Dq7xyr|W^-tw z_C?Nr*IRkt@qnGDbH7txPc2pSznsd#x6h>WwBoM6VS%`KCSye`K(P_(TJ6k{$X+b2 z%+hYddf^G0!0cR3O;-=u#Q(n6k&d7JBW=%H{OnGF5IR+Lyj`DFN55`$oVlMmhGf+7 zrw6*#fsM5yr;hm*eCbRBv~skGsrbt-h-$hq9J*KhzPgBvQW&9**MLuAwGbGij_c2& z=B6jV!WN!+~1kM(?lzN!Le6?I3sH0Mjn(-bYJvF}dH ztsf+#MLSOrwOL&B`*{9unQ(1v_n=wBV!IEX6^`xhQ+GA^<)QBK)R$wskE|QT*ZMC+ zV$Q{JK#B%d@cp7$gJZi-f}Z^kN2gBbW!>?q5`CYyI|k^^uefi`+btE5?J&QxSkKm!SH52+Fr2v|KWY2`~S#d@`bi zN5bRT0}o8}gdwrlgj-P>TU`?=-%{7to7VAOhbtkq-@l%QZ!b@0N3@EKQEdGr0Tq`o z#w%}$Ds?8+KG8%TR@6dW7>qOS^4+S{BGYEyeMR|f?9MEFEclvX_fKEO|$RC@>O@Gx<%CesQ527p} zTSj00BC}S@Syzw{&3+Pz*L#q&kF?btv`mzi8bZFkUy>)#Ssf(g%ehKVTFuxv(A*mD z8QqY=yws!Hf_LY$-DZ&Fm!Os`l_TrH%^w@p)$V=J{1w}i$4WD{r?7qs>tfgwJKC#~ zYDe4pj`?in=*F^J!VB6mn#H}})`fzBt|v#RU)bp4A4lWQdHGp=a6;=$1e}9yv+s|& z^UJ}H?e06LA9_T;LX_J&FZD`eL*I`2KQ}fU(oz3hG!g0NO0jkFIL6hSGV<^-OoP^mb^W*Ml^2DDnD3!6NJOpdh|BJr6hk0my7+{Yhw&z2_An;BxV=)(^ME zc^_U{*tolI-Jr(Z57!?Jh}@aihnLpo#@^nJYEW2zkZsSVj%eK7M&x*XE+^XZgW&}$ zF`#bHuD+_b3o;3lQh#W8>A|tr_creOXAe1yUTBBv_x5mqXYj&%p9hD}xA^6nDtsoR z!V2c8*si{F`pUYEo#TVltA@)hhRe;7L@l_q&c(MIE(Je%*nY|9nSJ5UkxUI?CcfN> zvB9Dil&1XH>)RW5z2?(QMz`}D%R74Lu)&Fezx!2LpqAdD3+ozwIwT)%3 z)eknJn4}QgMj*Xrp5NHeD<|EGE(9_FOsTciuC={-$hV9+R^;k!;ZDvpiEQM-;d3Rw zGDt*jO96=-5|Bu1>Tib8mkgtudcf$&t{BZi?>^}x8$WX#ewwrJg9E(r*UU+cWe@pG zQvrVV_Rv>$WDDyDHkR+LFLXF*YuwdHzSgeXmBzzryty16mdmfp2;W3cQ-Fj{K6%}6 zu+?zzmmY9%>ArE`}$PrJ<*2azxj$=Na-Mx`b9?t~)7fdoC+S)I;qjR-xe$)g2J)T)u(e!EE z`>D5VERbBt|1I2X(vQn$KQVFDBcD3_OMZj@Qc3y}N%|7iivhyTZ^s+rv8U=ojAK~7 zKHvEQ={|pA@hOt%vTvQtgjCT>VX98zSERRMRS{Td^b=puj9u`gl0>NJ3GU%4q-yW- zGq+g~t5fFJ^iwdaljqkIC_QO@4U&Fhaq;|`a1d9jvr>nf&S`A%Q{7P7njE}u+7qe| zOg_nG%>1@UXkuo&QF3|?eb)X{?K^Ydy=SH;o>UQqaRoq6eo2oaLj%jsIjc zEHF`_@yAH3Ka77wYmF(97}Ils7_j~zJn#yXmG`AAk=eiDYhFEhV9d)|`u=SKBO4p7 zq+cDh+M2r1hh(eYIvpyLIVJwW@_ryw{tu7IKhI1o%7WdiNXC{@$G(wN9|+!9xb8S= z=@-6rwgw?F;S=mn5$>ssz0og{+m3SnNu>Pa`qLyWP*|!&#-S%4*Q)+y?}{^|@tcWN z)*0$3VO3h3fz&d{x?**B>8LZH*Sw>vj$cEIXGh&OyD%pbTi5RiQ@Eaosk>0B*@3l&vk11O-i}q>2-l3k)>0YnOOq43 ziw2VvTAwal21mSb`rwKYq^PgyFMy3VD^$JkKfOej^RH8sq}?nJ1&kIJ(R za?gkyotc7?{lfFs2&TeuZARMU)m^KVhrl`cz{G+%WZfz#3d4nk4^1`$K&!{s1cyz$ zO|NU*rvd)d$DE~Q^$3m09WDpP5SAovQxj7DA&84$q0s?N`|(}<2rnIhs@QkNVX?Kc zY8Fqoxhgr2PrSc&#?b5cDt_$B5BgOl@}8{R^jg)BwSLwaiCKOT&H1SbU2|5(KkUq0 zhk0tp^`9E7_xmNzT)OG)Av=5kGb*qDFrrG{52ss!S%A&9yy?TkOK;50Y+>FEGl?Ha z3-jt+1r+)07UtFOyM=jmU0Vo9wGew-uSnvi+(_;^j?0C^F_|;gR-HM6gJU=K;w=oUv(Kz^xPAjbWVv?6IBtCI9nD=o_WJe0Q{~EJzl#zB;+31; z7&`=J+zI@jsCcZclv&`+dIxcyLHw={k%yetq+$>PEU!9u<=E@n9k6!+cFaAMo8BB7 zUo&>d7VdQh-q{)OW^z3-)whieFI_eE`Zia}qf}la<34uCs!sczwPhP^9Ge)E*_LP2 z?Cbw&gZV)?w$5*qL)9p@4=Q?9=Wf^iQq+A9nb%g0svFMh-n<4^)xAyrRW|PGJL5Q) z>nj48xKWfgs@@Pr{0H#~nXa8NA)2VkyEu_|1Ouc7uY4am9kA3;w#lJvfB?i+(#+_n znNGes$SHt0dIPZVW;6xBP<8G{W3PYNAs__;itn%7^w!w;vtx(6ZtWweB<+{~d;oYB zi$b;I(8}=AkF&|VQs)1i;Th8^-NwPFnb!XqmsDQ=zgbjID;%O~**WNUHj9k#tYesx z5|fLkdk@u$v$JK#V_{n0eel+M+z`~Z+#ass!Tp+KuiM?jB^h}%znz=THX`GTSDg89 zBo7!S9Du$-0qeiF=S|hQ-hF$Yhjhl*d2p{^%6$EF#)IZ39xqMgRdB;c?%4UPn)k@E z4dIRYoXjPg-mHx8s%ZNl50+%ZYGCmRBe~pY>8K+sStVV>vb;YLJ7!#cX<|S{<@|H1 z6AiiJ5(CPr%QsK|HNL*Gr?6;fDxN3w)P84Mhl_TJ5hnhs@Of$Kf*~pn4fnQ&N&;~PI5DJ6Dj|2?s0NsAMzo0OGk#hfc{T7mz84?etq@KPZnm20a;bexmwT^-*gL~0FT)y1v=7~RWN7}s#D zj3?VhzcBphfSjq7D_7;qjytZJdj@I6IoS<3!f(Kxr)KnTTDSgLZPtL&rMckJDcfjc_z^QuMfyIgs;!6V&>Niqkcv3XT7Q?0#JO2RBY@hi3Kz zX-Q6VsEx9OsHsA~tLoOdvGXU6=tzFih^u|MmIa~@@7&j%%&>LBa2{CC^h%3&**6&K zV(gPM%B6$l+l7b&c#bA2xgSVlGeg>0RcQ*LqvTl)$03*4v}^oF05L zP&fcr_g*rWO*rY%;pQEjU6U>yZhntnY>W1L%(T2W^#oHOAOf?RlRtx(0}^V@myxp2 zw9w>5WcJs2PXE4B^xu8`EBy+M?Q7E5>PAaZtAmwg@T3xGIMAz#(5qfp?DVQ{mI(DC zargvPT3b|GQxWe4{4Q0(4p;YqK!Tl;QdD0KcqKv~_G!qmy`$_e-GyJxzJ%W?$955Z zeUUFOgkwJg)jdeSU(mm#sq-cW*-88MH)y;m@218lLVsJqZdKV;Znx?%z~I68NX1BW zN>Hh*9*7VV8-3eB4Z)6BiO#fJBvQ*z;@$iT>m&b0+21#2>{eO7Te&}6a@6~?9KvM& z-sElIXKR&qZ5VBQKP&#d8()shXnadE*VmKT_|y1qs6QRi*??!tlMI0NHP(?E zmga23I!+(Hf~SbBRMM+&wXJMKo1?FDuXiXbvXzf_$3SXgiHZ}1`T2bXf|OJI*9^8F zruQOzM7n@Xgf9CNsDAcJhiaUqKy|^Le@>s41=YHRY_P#$^U=izNu!!aZ#!Vki8%Dj zTR?PHdo%dLRzF_vrQHx}Yo6rOSt}ifzmVe(`gj9lp3omhCG0gu%3rM?Y(|(vjK24H z(;n86Qki0FikM-Q$+Bw=JJHs&m$FPBae=K>mGq^ijmy~5VQ6M+2E7=x_DhwQ*U{~I-|6D;HJL+)>un)n_E{8yGQ z=m26pqcd3|rt3oTcjlUsC2YDbB!82IUVneQ5852`iAd3oKKM0+)d)PEBw!7~S;^5# zb(52QN!{lr_udN8Z(WgfoDtrYtdx?0!64jxmSt&8jBXO#-f#iyer{}ERHnZ$k76Mo5Wr4^`U_nlkFPiWvyYQO$v{ZdjzSg+8+Atr3-yB_nq%GgRX~iywPEgE(3W~1 zUFZ{h@MNFgX*&-64r2G_z0^C6x3GKjdgCovYqrXUkb0Kl@UzJ8r-B@AZZ+&3NwY5! z_Qnf)S2*kyfvIaMx?m52ypVU1g!XQTBVSJ6KBul8qplvUt`71R;F~Wze69DwT3o~DAsRB*To;=lw{;fUUXqn+4l)ZXyDZOQFWS}>Vn&2xJy$ze?JZYn*|erYN_ zieF*?+e|SWsxjdpC7D78W)xKq7M@Y!5Z98MHdG^3C4bAMAY5v1-%X z>ObK~8tXsA^vi*##ErRxzIA$f>QQc?)%;Ta@!W@J9>$DaO4OmccZ1Iho#KZ6gD+OA zuZ;ANIQjcNBu7t5)RQ8~2P838DVx8xN++4@EQU;Qflh*$4xRs?(@9=B&gmrhcWTZC zSEaJQk)yaVZEORGU+_lB# ze}1-hp#yK?@4F4WoBy|F%hRqX=VSVgZQ6?5 z`b*_Z^kt4yT{y*#j7-K= zcDeW-eWMgzKTmGe6N^jeYl;na<{!{me@Lsnlw-|Y3o#8I>+@}SM&4-oYG&^ZsR2$9 z`yA!VhiLiAIj7MNj>0@QQ^wzZ@=79`RA<>7_Azv+2^;8Rn@UJ1l)^rHPiRQI=-u;E}8rq z3IS;9sGlLZilVW?e2l!2NjJG>;Gb?Dk&`@v7g~~+dF!}lPua`hFF5XS(>x~I-zm$@u{P@L zFvK~lK$A_3{@3**+^I2wgIC9K{&Nc{*@wQQ`n#YdX6D3xlOr8u-40XsosNIa+6=c_ z;{ES>Z6zkfqS z4+!@pq9^nyqD!5KmOadL96Mim)#RT06cG=(wc8-;k;(1?e!_;8n_jQ{bY)}xC#`TH zdP&Es)DgbrD%mJ1m-kE~_+fs0F?{E@cr{ZxPQN3?wXgeGC0~*gOets=dKW(*Obp)G zhkUL~-k&wyr}-}U;pE#frUYlN{~$!RIEvK>gwxUUC-*CsWF7L69JSrvR^<4PY;S8< zUN~Xl78KiHky?#KtEjPT_|(>L^DTPrAkf?^ksVtjEBBlqdlMu77R5w;1^@O>lSe`K zkAp24;0{w1lzhApxAG7&4>b!$IFUS&d3$v0b@;A}^bp&dJ9mKbNBFkOc+pr^8g4p9 zU&=oU$F!sG=D$;U6-*pVs{7ai_s!a)TxJ)w5M|dgHXlxF-qp~{EQZ# zB2}}9t>f5PsIV;sO-d4>fBbi_bv*b8w{?7?zjb_qzjb`Pzja*H^VV_4TAbNTKYB5o zcn48RZF!~aZIp&@-NIvV{((2;;oH~pCYtDXKl>T&n10*FC-NfLpsJ8$^KdT5fBARG z`^eL+huvP7+O^3$2~Roccq_fDa7kFl#j2W;#(ss4Q)=a!%uPQNOWxSW~qh3OZ`^FMJ3g5mkdj+dRA|I?WE z3-QRt63tmonN87TXUhrfWA8du$U@4LIV>%KHf2t1FMAit&o2HU6zDyUZ&_yl4(ZZA z$)+Cq6})o&yN5}#$Mq@8J+s_F5}SYIl+AApl)%zi5Vt?QyVq>o_wko)Jnx+PF^zL` z&%uQxanoL|WQy$gdt_zD`7vyuxqFe)z03?yp6O{&VaqmM39)V^E$v7R&iEa+t0DmH zf7CFRv0vTalq|acqVI*m&M`*e#B7NHjOK$h4WUe<2Metz)7zm&Z~NmevPu=%0{V-L zhPvR%QWZrBV%Rp$IXWDhrOBLLa;(5y?1$I)P5#9OMLXO~H7j>wab$pGDKD#>pI0_! ze%(Qg^~Uh+ZwXdnRgdm!Wb@Zz{B7?QuAi3@)F3Ll@C=A~PGHtpC z&+X_B-gKQ|mzVzCe4ukpBN9iYx7E((w;N@zWk$Gey&B(^dyAgtn?-8C0%y9hr#yX zHVnK&d2nJi&t7jqKg<07K2BH5wEHN@`?@@^;(p0L>&v13mvwq5@E;!2L*VoATPw50 z`vqxhhSWamCz(<^dEuTws7Zd!oZO=oK$3Z-*8i+O2IT7?`vCFJyIww}(<_YC-f}h{ zIv+C-@2_N#CHc}83%%bj%4|g{h7h&-r|!RgWJp&159~`1#R(PWNWr zpN=6g;Qd+Yn*`y4K~Qh_j^!$f$Gd?je>!~YO{&WFha%;x!nb}+j|k!#^VPN_yAC!b0p9JP)*$Q*!DXG+>nQHaD^6Gb0; zrx=3$BljFxRl6jorwCB(6WW=w_4ZcoXZ!zndlT@es`Gz5K?Vk7oPb0Ehz1QBq(Fjz z2@sjE$OH$8NHq%9sE9#P1I|bU)PzZtakv^4tqN_aT5IdxT10UPi>!(PT0m$O+&JT) zjXR4azt87A_ug4D0o(8Y`SbAP-Z}TI?|$C%o^z_8+FtzwT=RoQY1h1vqT!lsx#ky{ zkfC?}4vb!Q9$VY_u@=&qyk_-G&0GZz;c`emto|WKua_H;IKMRkU9*<(UsKY&Ws@se1}-*90zA7OrsjuF;{$b*ODq2Z%GUDyjrGwxkzvkLfZsQs z1o(B`ZZ2)a!>{Pe)JYDL|$|-`Z1@o zp|1sE&BfckDE@KVn1x+oTzx?Bt)=wFL>3UB9tT+f9HP|yaK?vz6bas>M(+Y$VtPop z5L^PiG7R>MCootC2Maxn)Kb_1u!guU7A%^2fCH4XX>`HZ*);sECcI4vBCVBXqew2! zf0rV%-3-m+LIx5Pl;q@`3XD(nloIT$bQ?=nKfn*8yPZT-bgunk&6myUkBE1Rm!3Z^ ziI-auWlK-QXJTD)3cL?c&?)^J+CF?7Um@c>^iP5!_y^QBOU{wP*-E(C6B7^|0gO${ z(H>-SFE~-?ORW?*$}*1^E;hK?JXsUqfjAq3Fp3@?Xr3v;=@qfIRc#ti5@Qnx8PxtC z>lghYlWw$qC1xJDh#;X=7i*9aPF*blDDrs>`VMH%gt$WAA+s9%XL#9f9D^l&-v$=I zAsR2fs|7PGAS`Uzo+$lOxANTMCMctSkS3)5JCf>0)o^=UNV4MQ?5Yl+nC(S8_+Z2r zqz~9Z{1QTZD_r}K^8Bgt-$d2+t(@EM(Mx=~anT5d>!KOrEjiB{|4n!7WUFI|=YMMa z{W4wf2dvOk0Stgi9)1=qNHZs$0AZ<`2-Qu2UdwqZs|C=+^Ne*P3J=D7K06P)t=eHQ z+(U_J1LVAG{Pp%SW~mnkorWLx&;$-YD5uNI67uK>2j0#bD$9uCXq>7Hb1%@ZuzAQ^L@HF0J|1ZWnWF@m z8h>|a{8f^_5QNJ=)^QFvP)v*+VYPEjR92}R*ur9e*ZttG?P6h=lmsUAkv|a{PQwO@ zMQh4!YK8GOeU^;a$O;p&_qIUnZ**o~$eWAs2%{<&@oy4e)7clk zw*_Wzv2$CP{Yt8a<5zRuMUp`#9ld%(yN9ddkFDE(?et`Oj%~2qJTUc z^4yKM9|0%-iN(yu!{KL;qll^62ADU@moc05b zvAiwu&#b`z6^ZzV8M3w7$n7J?$fP9a4?Z+A+sMt5%)(Vf?h45us z#96s|UgA&W%-UOFNDK^ECdUf4G7K{O7WHuq@}5^x5j8$)>{W zHC%m3y@eYB7uTKutW9|clb2KSHP*!5U+>9~C+ym61Pddua{9jra)c*2c`U?wHSQ&J znL~H{1In5J(aTn-{6Lvh?yh?T=nh}#M4ro+VOJj<$Xj3GjC%~NXxh_;WAB4#dP$yc znob)`IWpvFHr**$6#Zvn)9*?giI4WU7c+@>i=;?xyT6xi0)z&!2rj}_gR z#M9x-xU{b6vJ-xH_3d)1!0m|d*aFX4C+iLi;_tSLTh6_4cLnF&XtxRhFdi&Jc(WzG zW;+gK+CPY_WKEB?HxawhK8mHqs88(<$B!y{U!soG^z&~5zh!)_CL&Dcdt)iFdvo=n zp$MD_yB^KrQex&~^62$A9?{c*&aH@6Qtu8>&Fj;!rkV~DK(i-6d?MDP>fdNF(X*?&2Atb=f7jutQ2*cGim%#>!0V4eAKeM7On&}lNjD+5zay3 zWWkxVRoDZL`^T79s31L4woMJ;;nr`b54nu!L4k$LYg$wAxQbqpG-O$T6C+z&pvwSQ_B^=cMf z^Fbn?JSAZ-Y#Y%KcL0c3Q;OWf4&klRy?jt{s44il8xBM)w;b&{-+`?yceIym(QAtv zR9h_Ew)L9{lNbtwEiZ)|eC~;>cwBciYAV4tnZ8@#NF3?wy~AsqItVLF*knqIM$z3EVEIf`#(%zsZS{NWc1npAaQ~1*mic-j16(|wOA&;d5})PT2t;-lS|@P09wL3_ z!Ct{070|uM8}35%m68a{;2@VXiyCE;u5MX?vT@maopw7n0s<*@N!>Bv6Zt+7Dlr|U;UoUar2C7+WiJ=>#DK&gAFim^E+#4J!eEN_ArsjZ_L(l2itzkX^OD$-41e!=FfO?rA!MdrZv;uYv0KQAF z1NcJg^#P5;K0Yb}tZq8%$6m=m#`Kzk8I}G*(Z8qb)DzrwnRs)*ijRk9R0cZX@S4H? zQ|jfHyN*{}B4wz%PD~k0SlGBPd`lnm-p2idrlCjQ-c6HlHPCc}oEE z<1qbdJiVb#2(He2djcmflVKhr&`fM%UuYW5SFyE>Aur8^r-}lw1V?*OtroAuLMV`{ z4yGG7=@-wnEZAQ3DAA{MB)85i@}QmnO3 zCNn~D^)dRK#0ZheacfF3>4WvNSZlEI=V6A^QO|G!SYd*?xx~p?fxC7C;m;tII?D3= zh6o?X-PX+AJubI@rpzI3%E$hd=*`Gt$QRL1WuEb2HRl<-s5qmDN{TNe^Ac>B(7Q>{{(dR3PfB3N3`!u{ ztwo90Sw#`a|B2-Pm*j7Zhgb4D<;PwvKdz*P!sToP3>Z)32;_&BCnn1vn7Ki|Yu1tT zFS#CygqKbHjGL3GS21QK8?Zb|4no)OOCq1B)pZjd!O&=*n++`5nJ z=#=;{jD+r{(QE-3E}Wcmfe$8DJ<3u?h%5kAme~u$azU0{{pHlEH;hdihe4@4*`JmL zbp|4pd^s14DcInydy0dAfmDejP-q^Nm*8|maJiN<(LBUwj-#B=Ep3!QQh15CJOsh8 z@he;}Nky`ev7E@p4#(Z9Q+iS8)GiZ@E1ctv5j}!M8{eY@!3}Td-bJCQU7XRAF?u#y z#re;0MAn${2?~r$-~bW_8j<}#C{-bS#AtC>5c{Zoq0w`!x40{V2C#p9(LX)Z5(FLT z-c7-sKcC>vpJ_ShT~5{n<68C(c3D5GchlIrX<5!_=9thXvv*@49G4){r5GC>2qX(W zavJh_j{X7xVuVH$0;I5o9a77O8-qfhGei(%Ak>3v@i3s2W}4bFKeZHyTw~kcyEJ`% zr0Me+q7L-QD!rgjd4f1rNV-0?osQ#1`MpR8jzqHyziDmk#S?yh98-!NAA1o08C;Xg zV{UMf{C&>}0g4-PKB*A)7`K9h&Oj=@@R`&vRql+@a)nVfD#E+mjzNUM%@A-FbLN;9 z4fw)PJ#y;*(wu63G%XMdyA0&loCRLMU6cTp?kbJIQcar3B7=ZAgQa_O1jx1*^@({v znkp*}A)-PLdu;8e?%H2KQu@N}%m{_lt#gW~TgOQXThKbitp|bSnp_H3&F;W{ltKQS z%dvwE5xv7IVX&>SxS^pQ)V4Bea>FiuMjqszV0b}q``V5Vwe2{;xR|8YC0Nw3iHy*G zdrYfaa!4d}f`HMA%h+Gc7mA z)$%CGYTl~#Ir>k>_UyYbiFvOVCNaPZX7gT5p889dz*7kJNYw5*(mQ?MI~^9mqIAhC zK53E?660czn4+4Nnz1u*Hs)}7Odn2cl4#9Zb`$%tcggOjLptOv@nf7eg9L;nlVT$C z=i5^=O!7o#wFK_BS|gz#`>*WtJx_!dL*PWbZi(&R6h9gFZ_-beppB9>O5*RI(SC;P zJ#I(+Y5L`;|HLl``s*Ssb`pJt1M;B%^e$CyGu>jXAARotLX!6P3fm&8B0fmmz33F= zGy}yEipco?AKZ)5S)2!XKEW4G9IFea==flF?OQ~4;kO8?laCC{^XtofhEaa+xz&!% zt6CR}&ErjcX?I|^sSnZvVm+4}R?5?&$$+%ZSCjPWG1{{sf z$rN#LZsB4nw!`_4j3&>l-?$yB{E!)S@9n))%W|U=oU$A$gj^nWD4GFeHg@1&nF}Hq z)Lj!ncTEKO*CrD|HHO?85d;wOB9jpzfFL!5AQ&W%OaQ%$*>LbH&Gc4lVZb$Pzvw4%$PpV9A{&7IPwNc*x>-bTwDoQ!Z zd)drq-SjBCX<&99o!rd1$7m)up_waEH*+SMA^*=yZ0V1ql3UuiCTT!sz$(E*|Mw&D zWBL+nR4FjGyb5FLY_@cY9@7(plUuqfxg{>FWe6hF$B*XpRLz8Tsd0}%g)uMJ}Y><@PheJp7>u6&icOkQQX zjSsJ!9`x3H)qOMRXZdz#`HnfKV4Az`c3r;Ge?jDCyvFu-@W_Oz{5aBo*C{MmIoN-OJcs&w)JKZ(i8Ua#lRVLb z{zyX)0xsDD%YDz{6o!$kjlyI|(6CnzitFtMcilG8gW}%P6C_%3QV`QQ0U-=I4~BtN z35r8lZ+QeD<~1CgiVTd`A5gn>*Rn=CTVf?vG0eEAN6Kj(a#m(FIw7=a0x#UcTE=ec zfP6w$d`V&$#@#{aGkQhQ7Uz=7SO;(`SxmP*rwJ>V4i{zJ8VE6|qyZ`NvcY#|DjmxG9^h~|k4Lvtj0<7h*H~q|*)pzd zRm?($>+o2Ni>p=1TyP1sHtr{4zy8+w=k)97n>Lg?VVzy@vq$1Xj@h;KQj8$Cy7n{+ z8LoTKHA=85`Yb%?%YfUlMB7*T!h{f}DECTXG5wIO)EULCa8B?$2zcN&pbjRcT7_UrSkNO*SBu|05G^dfeqj8+#+ z&DtF1@^Y=)jMWYoU4Hl$qzt(N4;)TCg}>mLKlfGo(Z$+DNxegxWpUMA?MHYD2Px~N z$$Cj+)8Wh^0iJZ7IaD6K&clP(TQEDj&fMhLgLulBwQ(2v4xbI3HS}MYgc@C!_>8WN z6O2i_f<>3SK~xR!f%bJRlN)y-N2Ax6w3jzduuAjB33fqloEXmW*0T)^zLH>|GkEu` z{%9PB$(xrT-!O}$VrImEE6mCIVyzw!Pu7R6Qq*Aw*wik~#nnd!BjmgeC+rV-xM*k^ zFj%)O>a;R(ev#(yfe4i3*siYqCic8gLXE0 z9quwHP2Y{Rr~3iikBfqOk^kLtQ272wzKB=dgmhM_xvtnpH<0zYa0~MpWXP;spS34d zc?3>DV5fvLY*5*lZARGJ%;~eLwHtoI>rz-tw6TH(#81jNXih^@hjKA-=rlvHIhR>kpM> zwmQHt6zR^Uk@2t zy6Lgn1~$$-Z5LHZM|kRBtFVLXiaRl)=7PT1WQ5^>KbE{Bca_fvTZA*Ge~0{7#gQ$9 zUbpWXq>X2q!S98K{rME#uo6Uj%Bdj`T-)K4Ru5qU#12%N%*Jdig{8x(5)Ng&kyDKp zas5`4&E4=1Az}{#7k|{8`&q+HfR?Ehp^+$@xuhyu1BT{H_>Ezp7I7k*ahdqgfW!=b z!21UCUDlV{dW})obA7Ol+qjZEMW={Fsl{-mc0Pd**l*#cjDR2E6@gXs9cIqO`v1-y z)WKR^ZC=wK_n$ez1BPp)R0tzt?BB?QVnkGk5y2@N#2nn7YM2DTXok#C@80=EGn_zm zZ?Lay&3EH!gbTs4y(qk>Er&M-4dJc>w7jw}e!kX|IRVKW*$t|~|I`=j0lKwatMP4R zH~dkrV7odOVQ|ZA+z>E-`VZW=+&}`JVx8*35XxgI4@>!R86!KGO;WJ68*!%^1nVwv zrAJoECoAEk^vIu)pw6u0Mam}m*Q_O1tWhVWNF)%QYVtIb@gj-mo5}hpHaH&0ASF0S z3C;=O>DgSihIemN2J{2~DI{#)k$nBNxUKCSxg+^__akflB-^!8>8AwML^M>$(im^r z0+B+#FcR(V?}2BS4=2EU80@ayfnPQS!=P~2z9e+evM%sHPV;RS7+YLZICI9W{y@R> z;+osrUUze#A8-|jT}*Xx9xQ<7ZDbv=p=e3yOU}nCq71c!^OgtW)gqF02LKIQj~d#@ zyc35MQD5SH$b!Gj!8@FYW5SNx@IDsHC4Ir`H!$6R15h=cPtsu%IG2bejUf~G5$e9I zx@aO^(*iT3ZXiQ8@ZmIraAse808#WrU8k9KWvHj@x^!tbOZz!2e-D1Y3af;a0Y;d;*1Bgg~SQJ14$( zK7MO48E}j~!te&~s2}f1aD}vLPw9Z>8CM@e$8ZGNqLLM+`pA@)Iw#)Dii?l?l2n#D zKF(TqqcKl&oFcOUPfoaZ$!}}DPG8o?MYl?Z$ghx()*_LP8j%J4y6r3;eo7n<#Wf>x zrp>r|re54nZmc9+0=H{p^HylCQSnphWvtv>bfTMqa@ks5vZ}TgqpXQUbUGJ7_e#l0 z9?k<~JeZI-NZKN)g{)#N=b4>8PCF$bER*l%tUwP*2VICvZxL=WA+!%Cji^;}jKX5m z6VMehd9evhhQvTtLe!H>@K(h)nKak*dis;6|rdD9Zq1`?VRNVsQ=8#NET$+rfZ9_2+~O~TN{UVZQ^ZLeCbb9C%cq&wWB`kt4BiS%qeZ|f`(cH8^5=lTguS|{U$V8Ng7an-0{AkejtDI6%b3iB* z_N%Zy>{m+!(5|Axj$RGQ4ehLbB_|udFRRzR)K)Eg$nAnO|Wn zn(L7RhD6SJ)dcz^O>v^9;bUdL9avsEnkAby}&&alCe1UzEc3Hm|M zPqY)g&Kqt26Z}J)FdB*rh!9g+8jdwL(FcU%{&9buglN(lgz2x3!*csJ35DaJV{l`o zV7nT%$V)w5C=7`v3cd=kS0!VOmhpozCdbcXf;)pNiS zDyn88e(&WIzgazhlc+RHn?zc(wgE|Nl=s(UX;Xj#-mqsJ-~9?)J@G%73&yy*V57~| zrJAdM^CxmOVhpSxO)$2(T%=RfOoYqGAlX%UX|!JUS}*LFo}>Qu4Dx(p_iSMUT4-q! zstYgI%nR&uiX`S3O{kcC6Y<6!3CQ&okG;O~WgE0ybHF2je@?HPfQ9J`BgbUAGP8y-(J$dWlso((@jVt{8AqeYD1bO1o`vKT3i0) zYV7v<1F?(ab3`zBc|MA{xQhhUG{>|n%=Wa58Fm_F47NX1JyqJB&HxDhPD$7!e?b|^IEjyD+QKU?E`@PfpcLh)QV65QWl~R zdpJN{z3D$Dy-M(hUV-5r-P7S;h9{w@p#&uwGpU6pBZZVjRNRz;^kMGrI!h}rB9QT=>>B;2 z^2FE$AohasA|VsT$Km#fk<|tMyH2YqkhOQGJckC((VGnnM_IT0wCJfd1+oT@uXqj( zbh5sV##eT~ig5M7pSd89XxCd99B;na4?ni6zy)+_XW%UITdB^7LaaP=e@%jg+`cU` z0TX(dD1V`@W9H68nmc{P5>kt}Q2-{;L~{bhS)!HIuJ}-Q_dPCfOMY{G#1Jqz244#K zasPLe)s&?$VsO9$;N$W?!2UbM@vCPeM$wCI^E7Fy+-1ne87BLTD{yX1-f3ciPbbE%n7jYcW8Ah*t-8G`CQ4o|!ydXkwy|?iFJ9wwXm=P1l8s4{Y zfM@qPsyNt?jk767OpN|ZSO#a(tO5)D_Vs>gs&Fh}mj>9uh+k|Px_;jND*m%?+;ykI zfU&l6B(!E`j~v0o<#obZy?a|Lt`^m$G_{zIJQhc8wp_Pf#J_keWP3JcJLZ4<0}#i_ zJ8!rY8n_bE_esdq1mA+(akOCJetkbLb{}XrRTd<0wrqvU)hk$|Q0CIS*nFFA3Dz&! z(1?>Xmm%&Vb;-mQ-KTt$6Y;Iirg+l+TL$RpDclSY1w`y#&<7oT7udBU61B}!P;c39O(nM2EE78et^f_Il35t(dQTSGN(&a9Be^B4m)%G-Xqck9BmX+jpmYEk zerls=MmL%R>$F`XL#tWK5o7NEN{&K(4%aEF zLnSFCWjD8cA>F)ZiP_DgJMlZ#!nu{^8o;Jf~2ixuiZOcpStiC^bRUdx3$PbfEO_`9w`e}dc`Eb$}HG792?j~ zr>UEyG>yJ_SZx&gTK<#3Nt?>1n-87ez_A!bPaP`K2j^4N5z-WOgfz)xsZcnFMY2$p zM;Iz^h8ThKI4_(EP{~S<`er!2->^dnb-1Y!25@l(&!-D#p8n=7X|>n~z8bu0o_uLI z7W`)b_3x3d064?dm4}2-3@xq;K5kP885p%@3ly`NjVWsXO}dOG_R@l2(ORp_D*_~Ms4`E= zfW~!-`c}%A9$#&Lt|tS~08z_lVGkl8*Thkv74k7e99q;I(!2v&5BDq}SzcCHFB_~E zkM#mNN0;@Kf>lYCfGRV15m>=G$jDy#U2CQ<&8bGyoB_Or0j3qR0g#6$O-;E6NG11< zB`g4bT>%V1WZ^`ES>3R->doKm5`QnlvmO+1#ba}@Dk#?qtFH=416GiiEGl7RIWn?h z7GRWm?L~YsGWT^k9~EGwR!~Uw3a*dnZRTd=7l^D9^z+ebIH(GHHR6Gl9dj1ARpWQw zBrfUt&9$C>Y-ks&!tB2iz5D4R$ckUT0~*6}4KHbev5F9^(5~jK*dsMkYw~ajI7rWL zAz%R90`@Q_tLI#clV>I!&>UXR+GY2}i;t3!VaL3f~oY`lRb@6bWsA?`s2JPxv~;kf@a zT61!c>r=04S&$*MEtVXJ!}PK-bVear#!o?xZ4axt^E8}!%4;z}&`9~RLQuuY*{%Mg z#A5|ZZ;;eB*i-~Lb{C}UjxR(=-0$E}F!gXfoW=Me%7}A*ZA(gVGFT zvCg7ukbw9Yw8kW%5U#peEH8xSGzm?~h+WeMK(iD&F2f@*z@(pvLf;waZw7)9fc41Y zIcd=gS&x(k6wT5r-X@zk{)9)MpSlJGr`H3d=(OXVRpR1ZhX?k^v?ywFL<-WMUk=j0 zERsz6uRJWIPi4V@`EYU%WczySx9WqjTbcx?0fOomNQsk}C~78T;mJx-UsnK6Ahx|4 z7GJ!@_&lf{)?et_j-URMneYt0!`gZckF@$ImL@llk_ZEJ^F{2a%?pSXgc*&|?#0K2 z-aP*~CE<&mB+1^sa7VF+PmtgUSUj1cgft_!Z z=Tv$*9Mz==nCYq5B_BN=`uv%4yg-}J1{Qh#jEE0iDrV>Lx4K$lX=Db>LrsfWfWB4J z#Y_cgDu11#@=zc-lyVmd%(U;^%K;fe6GNml=TH~&38SkMVz;sBhBrw>M}f#{KcIo; z0X^*sTwH>Kf=a>#6T+ShoHlei4Q>y|SJEG2-mD7#LJ~(Bk8$Chn5=4@moaxA;X7R5 zobSf>1Z+0CM?W+G_`J4XC?yRY!EIRZ^^8wPQCz*Gr)1cVVblvyeVFP&(J><}L)b9o zcy(vM+X!`3q2I;ZS;Z{iZ!h|1ER}5P*4H&2P{$@O_V!_MzJcGd93nC-G#J;cr2FoQ`IKuG_@DC!U9ghm7F`nV3tRXZ#@=EhdLBj<3FxIg>f+;8JJ#Wtx?w&BL-v@V?eSc24s6lC?_ZSUh)*` zf3E+8|DyhBNo%9w*%`l7{*+HC3D|jC^)(lbD{}{8r_)%YVk^- zpD{WlUBIsZ^s#IQR39dkdPPyq@?gaGCk;^hFB^&3r2Toq{a|$Z^{a(I=_W&C@C?AE zNe3!)r_7LcPC*f}!f}E_p21eG zm!C8pC*ljCi2vRFWE&VGbjl>`@~cpbub~p|^`28KmW1kyc!SDq*PxmE*~}Lo>t;;< z%m&x{G$htiRboq3>KxtDwJlrHE)siK$7es8Kb`;c_-}h^FA4o~8?_AQYeWGbE@QUi92vEJn~NF(|5&M#KY4{AY9>CdtJ3pQP_cHGSVp6T0Sr z&@1SBFW~|DmM7@AN#LXXshp3{jx8j)>O_E%4^ssQj6nn0hsEI zA0o|g%`i=M(>B!bI5SLmh^s&h1cso)DwN`(GHt6PMVk+*9b#ucdAGhgEN;T$@jx%_pNNS6w63!%Kvn4EJ} zy{~Y)e>hLJ`j*olC=(CaIM2#NE5*w$uo0_%DQU$|pe^@3yip5bOY5ZH7R1cC64Laf zyk7b#horcQdNaIb3_4!u=!^HjS!(tuODs9|lk$yT4fjASjUm{jC^TOcoU;$YJV2=+ z9)YtlKeLL39m`&kNz(7};A}O%m<0GzYnk+1vsR%u@R%~dqeUuDh`ZfbdwBf;*~=T&NG)BLfxZ7Kw_;dp5h=5paZU?P#UGJTE$My3yA znZTFJ;o676-?(4$3gQ+1Ga(r+h^>$!G7&LZEp7>&De8|>##Pae(v1_C!pzBd4-8?C zs!=WDKEa(N3iY~2@P?RZeWLlgQG+l6XvD@jU_de(LzbuMZN;Ro$UR~^H(CoGdr=9L zgy2K3aVW%Z)yJfotPhBFtp=PIFW(3Th)fvMks)zcn#7AYiSIJ?_Y^`Pwf+`9UWSff zpZ|Fn^QdfLC>W(qwq7b0D%1khyVoPav0}M$|_AGll2zVG}?FTGy-Tus`vWS_p4)go|*c2YmvmBBHN(tMs>8 z7tp8m5EkW>Hca&zGS{+1lF0~$g$~5k_W^*I zW{#=L)diR8;C2cqOTnwJ2Y=ZdS(K!1WPZW>x$PfobBk3 z-{APK+6_%pGdj}=$@FmM^G}1N%{x&bqz25TvBTTXY2L=EKh<@JNf}Y21^%nGe*63c zcJ_d#`RBAwfPOoOF>nr00P>(X%@am>#f*x1!*pjawZrxVz{t<3A?9~IF_%Q#dEI%e z9a#~Ha;FWHE9gtv175j}~==C+q`YsRnxAR_>f zX^YMMw@Y?Xk#c?3aOqPkoIv#maYpD)Ym@rpAO(SNwH`ryU<^~#)=LQ@Gu$tHaW46j zgMgrcc}m~vEoivk=Y7oufvYdkEyE6V1kfFo!LAst4jd^LLvE2Kv7>@SDjhPzHV~gK z3pPks!`Z61`ROI>k6%i4rN4npfN?RF;0-aFo5Zv^)K!8F{Lq#MD}ljGi)h~xVA3dme7;-XGKtLDH40xk4hP6MA1aeNBbyo49X_Hh6yyI5>JayT3caOiFje~akZ7T-g;Sv7YvDw)#4R( zFT?}?#m;WPlmAFMnlwnK`?+}rccfD$;j(lbjIURR12# zj9(mT&5T_+FzTVd`|tr{@G{PfGYX(YHa7w->+SHJ{2T0wQIzKJWXdAtHL!=_+aQt5cN}YCC3EVzLA1YU zd{ISKIP#s@;oI8cOcHnPT+oUgqZmAj@acsxble%^#LvGB^@p#5f5mb2`S4GvJ(K83 zj|C-^Z15@`(wlZ62fp66mm^@G+@0I;mCd_5Ux4`5$U>P7nQlT$grQUQ>?zJ?8;CUy z9L5WdXQgW9K+ZAE>==+_gWw=lM@FEo@MUcw#CYH;2BKtNK47!VY4Q9*du}m^P@-w z{IcxbUiJv^Stw6yp5u69fDIqks(f-?gtZ81W&?a!EOIL9TCpH4EnD>&0fC8Ho6K58 zC>V~5Mnh2aeK%Q9++Ae~ikKdN_C%n7DUdF^kTSwnHJ3?taCEDx<}4HtBxIq_gmW&Q z{0G*)_v_TGole>Q67z?#vMy?b^T$2CnexAB5<)aXN}9!h>4nz<>#G+S?3S9L^x&>#lMMtb`I<_ zAdLH?G5@spPs7_d%Bda?bGpfI!L=D{R6o=g-6(sfso#&cf13VN^ZbJfeYh9lM&nCJ z3&t0p0?@tk;SGT}C!FMGN?AhQ2TTz10Qg7{1Sb5*tc#Ju)!&-*EHemQt`?q-f`%jV z;}DeBqJZUqs9KH2;K8M) z1P$~6nm7HE!9(5LwY~9s#o6Th{?aFNA_(id3~;=BB$$5i1~5H#mqn>~Kt7iAB8#o>C2+`KJtQ%orLZ)u|Z`G9ls{RT8 zb^S+9{h9sO2=)!tf?Z=vBe<#v2)<-pN(4VUy9I(R|0%1$`5%Bk9mg&3JAPkl_;qee z#_w2ZB_)1)j%k74h0*^4zk7QAO!$}%Me#khE^dWDuYVsqoldXD__>5usM($tMid?6t7tl&dWMBDFYsl`|NMz5a2aKFNMcUAq#z|?Hp?a+G?o@*r27;?< z!>%q}2_I|y7AqNtPR8t@H^Eu1Zt82z2GDg*1t4sq4qbno1ehL4O(EDHzzBe!!|nu5 zB8y{x#m_E$423Ne)aN}NALF6PMj1lct))(aC`uGT>Z_471`={u#S(L}_s-*Zc+yV? z$Wa*^69mIm8qGs* z0Ab-qtO2#W`McyMaveCrzWKWXfjV;2W6PVrPqi}Jmp4waGgpX~f3Tbnxux^pGtHXq zo4*H0=E?M@@%qLsl0gDm0Fe0W8}rnfkrXJsMtn|AS|vlK6<7c((4%kb+(%hsxHfIV z!~T+r@YJtQO-*TlZ=`3^f=Ik^ig%5FS(<7c|8nsr&Ojvot-FLR{O{>z;{RLWG8^?E zk!&FCCq(J1%ih*Va|j|`@BVmPq%FQN8EJo&I2vHMCDN|9GTTUd+RoepX~XQy)}_(6 zOJ*Bs-6cb6q@Bd9Mz4E5Z53(1K!gU6mbvk`Nc*@)YNSPG#A8h3XOiYmkQKt|IEMgx z)B>2GM6TcV6#hhT4{TAl$%Y`f4dkzRoroV~I>6lE$}Ex)JiLype;Pph?9Bw+r2X5* z4cIXyLmiw!+&IZl*gwK!;WAXFM9HMY&PK@&{;l*|aEe?Vg=q*=V zZce#=?7sVdhW~8B|6qsK;Q!%4z`u}@#WDDw_|N0Q|F-GL@PD}Q*zg}?m9XJI8YSZ3 zf2L$e4gZ4$7X0t~C?2vc;6Ly)fq&N8_*^OB|5@h$Kkx^fK>yCx;Qy;1N&hPn;2++7 zT=@SmEgAlq01@V^t<%3%!iN7E2_=cqzhp=a|0-tH^#5TzWLv=h#ZLtOkFJi-l@k8f zb^Tx9-@<;0*Oa55;XU`;v0_vYFrtpCvrxG$8`@X0C8UAVl^j#m=&~HuuR9#Ex zC+eSvhaMaLW26j}kPZLQC_(y1cPM|(lnkl$%0b3<2>kE+r-rQ7D;E51Ei;g6$LN){ zDn3^X{_5Xd;-N17i{ssIm>~cE7x)iv75-O$C;I|9vA)xuWkwdOn~T^^e<)N z;lBpaI&tuSQZl55e-*Q8`o}6CZQ)kn|KeVO|D$im=Zb^>EuH^I_-P1pm$TC;0` zZAXu9AwvSMXegS~lDe1-hek}PL;q3^C?Y;Ieq!?ex$Iv`D=NtB%xqgxtL@A!Y}`xj z%$61PFf$vOBEK;;!E5j>010yv(Cdm1__~UYhne7qAhvG^&}4mic!mkH$k!>%BfURl zL?Ud$uCveq#2}pv@btth+IVH(kTm5!z`7h+OtPC&AGk4NeKpx|vg|LzarRamhRXwa zQrTMMkK2Z${cPGs5G(u>GjYPMOMaZiaLqAz$a=m*g|dJvG@pD9fGR~tViWf0Q|y8_ z?DgR6cQ35zRLz_7r+L~wD`g)5QT$1;&o3}-azyRH1>kk!vh*xmHp=xSY((>)2FM#l zyWcQ(QY-IUaOv1b!lF=VHge~3-&rw*r-w7_0t5$U`{YSIUUA{ zsNq@YgLNc>^Z|}(o~ftX{rHWID4tVlqfxv`0P zuR~su?^c1>w&D2v?Dp%GoY(Y0a>!uf6uVz(vz*=C-Z$ z2XG@HnR>{R5S5%C6jpjLvT&EEL#|l~oaL=Kd;!)X{3q%D)f^s+Ujg?D&}dp*-(v82 zZO3upb7^Occ@_@ju!egK_?*MMW0Ch~!sqo9E%-FW&}xH8_`d}FAIE#%FbJ~}TvnRl z3zub)oO`8Z=BK^p#1MUkqiR!LTJdWnc&wkST$w;$LP_JSCNaPLt=&}07u?#GGTll% z-goIg&p(OpKjxg{ePMPUo-H1Hf>R1`wf0#ulA{^1k-V_c8j1S$^(Zdi+JhUO5l!#I zCC@SLFdV;uO`D2mF#ahWE%44tL4NNZum8vUF5?@D@x}8VfLx%@F|;Ix(d))}`DyBf z6&e{9Khb##k&&VP*1_zh%-5oSvcUU)?jIPov=I8`L{LL2ObT11`e63pc;9XMOwdo9 zeQOz>IeG!N6Z9I4hv=u1fVPOYt29_M$cCC+%rP?%=L$LFzq_uWsDw-fz) zps~3W=n%s^0|QiM^y+Z}NDHgTJg4YPZqP^E26kVJ&&6&@ocIk*rB8r4x&@+IOdUCi z=h0Z!HpmT>@tBw{>rHtM(+&0ADw*iHpo0@&@31S5Ce2jgzK!k85z+pL3{ORsHu~Rn zFZbjf13m9nQ`@!Ir&hOhFZbpr>2bl&%}M-+Zj_Pk%IRgPB&79;Z=wP5hbkEUvv+?1 z%LaN;U3MpM1OpYoub_*+QcgdZ0JkpoXZ#(@Q$t^9idSMBrqHz@k&R@l?d@9NQC15g zR~!=nHhpDLx52H4KVjF+zqIYIYw-%yezz0$*Zm)}4M*N*Fp1D{+8=7q*_yu0ZM!~n zBl_nUe5L-rfKOcgsN%~{XGw$<{P%+s%6DS?g(G5(6K=Xwe@ z*DCy$6@n)B%bneeSJ!S61M<&ERuBIRJvUsx#XDO69ZRkRT$-EQtGYLD#*WidNXztU z&SUoJdo?gY*p{8AW;+n5aZ@rdHGfEaK;jrtUG~Z@?6={#y$-Tz5C~o{QrkXQ^xb6B z93NK@?Sut$5XJkd5uqDu^Y8u*7z3kNOb5)a$_^H-w=z%6W#-FrxghuC*&LB${;O8F z`|KPngcL22yfP0$4LB4GVLYrXxIRNwqJ9o2&O`_Qx79;+M)H%#Ml3Ksq)7+ouB210 z=73%ed(MnS*Uysm?_i{e0(mZ{8c#0nn~VDArPVSFglu5ACbr`tNwPYM<-xEM^aCp& z%ZylwRf7cPx?nxbBOqfc4$=*6P*o$isEC6_&;hBd90MQC-T=tujN6cvIsB;b8gbi5 zu*#2ZEOUPgfa05n90NGh{Cqp@q{IJ!HGuOmraVG;o2LSWXG2-eg|$2?7YB+XJ{M<- zBYLew4iUiBlfKZ73Alf+ef7Vs^<{3Ikkt?Hu7^Ppx+@6o6|*!n5%_C=36U*0Df5Pa zM1+G*1QM~DiZg!Ip+17i$w8vi#!~Se2d^FZp!$Tvqp@>$D8i@=FMgXj~aF+ z@jHgAt86#8wo+#I1;UA?;Oau5Fq3}D$br(J^eA1;>kRP0_?*E52~at%oIocW=!9G1 zZ{|Ij(33qATkpwBXP7Vi`=v>M*b^BSqJxr!h8MbaGP`1H4%X9C9P@4}-8 z{=4|Tr*bMG=(GqwA2S$;@C?D&b9zsuVLlk9A*$b4!NQ`(hUZ3k?PjHS4>1 z%CT?t){c<}U_%l~?bDD@`FV10rv~?2O z@q>6jX%L4vh~Dny1)l2WZ2v#;w}XEN{&w^?*5l#wZ?s0@Kf}FzzOz~KeJT7anLn1y zEa>v%bj5k;xJt^sU^$#DrsOeW{rc|qHseCt?dH|iyy4mCdOnV~2gt>&pui!Ylu~7E z008PE(-~#S_>j9LklKo@WS&sh7=dN02Y<8)Y~c751cs|ic&8LG-;F&piqplvvD&?$ znWkCaP13m?cIO~hbZb6by&VZ654Ewb1tIEXGJaW_IEtQD7f$h?2!;Jaese^G4FZN5 zi9)c$LV0#VZy^UDyfUs-pZ;L?wx**ulQYc+$VY6^IDyg6|L^IIN@$_ZP{)IX<98hmBhs|4V{Z zxoLr!lnoUW|CKzh>Lv78%m0{OFHmzvw1bjWr|xGWc(8Mq3& zQH}YGzaeoIf%Fjr{0)x>Nj3v$}ZUd%t?Qu)n(r|ySzpxd@YfU8SKA# zDm#bh#;NR)KjAQR^!v?e{XyxvoNB`L36Xk!Xoj@=FpgZ(VdZ{HQvp(7kf-{nNP(k} z0^t9n9sTd)uPFsK3ojnVrf>Ih|H;k#p6yro+rbYhfV_|b$h$)>IpDOc*9|pr3dlqV z!{0#AfHvHl0n&(?CVd5$L(;0v2MTDv8KbS^MePqdxEuGG>>APOvxe4|! z&^Qyq9k#1SiwT5-<^raAMyC(Bhh>;~BjF73igyXA!hte0DYMjHTqGSFcu&iqK!P9{ z$<9%HNSy)`$ph;Y=S5MxSz_x6}>vRmd8O+%KYQ!Lj!NFwR9KV4S{>CQ$6HrQyL-WDQVp~K1-57b3JH06MqZXEBSF($*O}ROL{{eb_H4LedN>~R5!MI4qqYiKimduY8g}m=UTGA z=mIS6?z&dX{)H?fvj6*06lSLA|A4U+G~7@N?qK#Br#5Q2|GwlJVC$Wbk9RP4!dET# zIV4l=b5NA~*xze7HjEtrNN8oHj{Jx_hY@Jj0_#xjp%3665HYx0oy%wQDuD9N?(XGX z(~a40)4qo^?>=XLaCP>=uFmL38U^sie)bfH1SCePVcH^63}4hskaP9%+&2btdCAua z{I@9Sk`9^w&_9?#`2Ya$Pne+~ez-l-aX!TkI795|j}|}stva#3@>ZO%N%5-Z&)1SR zf(JlyGeMDPqm&huV-XLH@l@5)to$D+IM;a#x44acgy!-Q=Yqay*#`F0ZpkJ&=TWYB z$bY#|ZlSNS|MN)=iCoGil)@~Q-`3sO99jQz-&6MM!>X1CW)atGq`O*zGr6do5dxT&UnZY zOFx?kfT~?O6kXkV@N?ma0^-IaMLB-lnb;3u?EQ5Wr&(3RR%z5QDTtPERBqdK7i6Qi zO=>JBI{>g3sKTms>@9RiZA9#w1~uWc=PMK1k(X0JTElk{0hD+@YS^@IhJT`+jon2^ zgkW5S0QR`+?h`7|VdI~D##7v|5TBl=ZoiTi zCZkpjhwG29#hnju$}y`5TvCryRyE)9fM{-v0~4$38MCt9qp5$rCyUkK{CgJA$4g>d zIM$!OA`Ba5iW-6v>pa6JA2?1t3>5~nIIB*e_#?<#C|5=&qMwwAb)5X zLHr-t+dBSYt75>D?5BvsA7qsTb3=%53=o1Ef4Lfez!ty6;ScDym)~N8nQ|auFg%(z z)_ZGzfSm1^NPlQtm>gr8Pg}s3Q<}dGLilQmS-=+p*S-8y^t%&Gqxm^b*hv}ch5fc= zbm6c#%ZSq1xB%Bc&(Fz9^SUQA308P1Bj^syh|0yjAfuPTK)CC1+Knl2V+vucn5YHO z_<@ z67)70jvb(ge4)J%{*)tdifwVZ zYToBI$g&D!AQMP|e%y;5A={v)T#fL;4R>7czGtAc23>|*RX3RKB5&^va>M8ZqbnQ? z!l>e@EyoPaa1Za|n# zi7_QT+6~Imys{KUI0myuGzxEkQ(+chx6t;f2nEl`#U|vr2$Nyk~>6FaiH7!e~m2%hM_L zb(uL34YmY^&jA+BMHCEJ09waLFB&~xt9eLL%kf*y!drce&ErVvyhv(N0{kN@Wf>x# zWfI<{K9U8k6S2;JQYSd-)IE^lzf$k$Uy)9MgWA zKIcOH{de*`xUM7foP{GUV4opp@$7#1d%>JOI@jBAxnSSd90s|k&0j!s2UobQfn^qO z@&`^tg=zo{Hj81=$|AbvkExnJJW28^dP<5Z6z6i7Vx11BD#k~L>25kq|3QaoBi*H& z2@3il{4i7}XNgbsD`tr>%csop5rJQZdkJ{_=msLRj4GmbtEdP{LI^N$5~p2L^|UJ+ z=L_4M^3{+Sr=Tz*{otX#UDF_botYR5}is2LUhB5!yT#wsk z5WHNsO_+>=O_Moj+G~tX=llu&M=^ik95u#+sw@|?xA!V<`qz<_W=T{CdX$9@^k0XK zY5A_L`AO zc$PZC$BY6I`j?VDOJ`FwU{;w9L4y73;M-)bQ|mr!!Elk;DH#n?8-|P(`9QLOY^9Vf z{OB%Vcel6i5llX3&+-C2_5i)Tw_~Q3MgH;@{wUXabi+|kZM42Om)Dyc^!KJa`csh^ z^WFw5yU#fxxCV-Cgma8B4il`j;_8D;Tc7PIIO5-oO5W7A_HwZ-w_^Uo@g<0agddu} zt|L7r>DMv13y|>N49cZvz*%g12HN?IlJsaFsIF7t zZd6y_b$|!E;4XO4^{BB}0#8ZhxnqseM#8T+c(}uyb88NxF3+twM%M?6L)*4~JkDra zS{!U>oL*mC*f_ggaqwXCZFR4MBAcUG`q4SRL3}YWCGV+i4xFMZn%#k!Mn=0%uScri zrBiQ{2uH{$dc7e8-v>u~-D6jC?mQC|kzfmFsB1onr?JSbpvnZy=pPzCgEf9YP>l72 z{g#^$-}@ioalQZHYrX@=-LSQ#Qmn|y}t0b4$Z#rz{?`z>`76~gG>PLBI zX2j?t&Zi1Qg8L~XKYSrAH#@#)<+oAs!U+kexKA>qM#Z(vDyTU0rv#82j%QvJR6KBB zLV64p6?+p`4^$;CZ3f}8;Yc%c=EkW7mIL(%Q(C<8#ucp5VY?)rh zpID!(ZbMKHgpZq$wl>q(HF(^=gG0a){d#cuAPy^qUD47>Y<*SwuXwmqsAOS%+dKf+1q%p(sz!^BVIK=k>o~pD_9s`={ax`F$1Xj}W`lC~(5S`A|su_&h+`Mu%f`dew(f?G>SSRJsI`*mod z>Im2o0wO}Hh>=nmmCCn!fdob`{M;^ZF!k&+>Z*V$BAAYUrfybm-}%gim$v=mqZRx4uLSptJ8 zgQ3eJ>`5dyZjFQMiz_sL-^(i|YYuFXk>DUWJ`MAU=mSmknq@6M=1LQMj|i-_4w$s~ z-jV~F?db?vx?qg&0x{~mOY_8*xo13@VwVI`@0wP&; zh0#GJ0GgEH@P1aA3E`FGcVFn^3E?Lx8ic<~ft|nm(}co-fr66I_mL0LO?>YdINSbSdG)n7@_QC8JG#qxoj>44M(Ur) z%gBsu6O5TT%@Ya_xbJ?|nU*%ry?o{f(ND$I{~7GArGFi7L*2Ct@J7W14%A|yB)F2& ztxe#({03j>h%dAcdmGN0Y3|j-{iAhUKQi-%{#imSm@#P}rn2bZxMDxvXl?O(=h&qv z6iEiYFhGFSD|q#HLH~}##(He)m{z!3Lk>>&UiX^vzE&>{h;J0?2-nG3 zUBl&l(zU?lR;_dqqaEbc`v{ZkQ-9tg7ZyM6pQvd{~M@#5x!cnK-j|KvuX6*(% z;3G?wsz&cViV^DZtzbNwS({9!0hn@1y=AP2Mi%_0vjGx{pK?O7_A3J1it-A-C14IV zr}KQ$w?vKd2TnlA{Oi+0(xTUSgUxN^=VJc66h9q-5_~oIa~!|&mdxgEEz4iR9DVHa zKK?ufKTnYA`tv7l+Ra@02OQ=Y=8db6885Nhmi{xx3JwB*!1bZ}#&< z)-(e@+rS_;G7q4>=oRpf1&=xc7b4*kCY10ydwR56V5nIMe&`zh#2jZcht%){eqwzX zeLbrCTEp+`>%pg_ucWAQ5;vhthnlsjuaEQhhVJM2Bf%o?nYIBUgdO@dk0;?hsq&%^ zNFy%zRo%$Y7&zcU_moTNj#9dVH}ty-mg!m+s*B!ae%C!;$)qc!=M#|Q75=mQ1Ucmm+vNLZi$jA54gT3*%rLOqobX@W$N z>Y=b^%DyU?1wC>^PbRblw*4EyR7ySjF7gvF8I=U60JxlT(D> zvfky7*^Y@)JvsgKG;=tn5zFg+?L*`1QA+)lF)!i|nDH3r{Xa*^BL`Ymc zm2ceSl~!;zt>9c*!FjZT3w&@ldeq!4Xc(eW(3c^zTI$Gb>PT$tWM*h3M57>c#PxlW z7nJtzL2ds&htb3S)iU(CoN9rEe$viu;BP#a$#bcmQ(+1#=!ZG`jHK&`EwR+S;mgpf zId{YqcRLoYX=LqB@(Dven z5-44mVvA+wp?=Aj7SYP#d%cvh+Sf<$KVEd>w8Zptqd1ke=#lrO7D*CqI_;xI`dBI8#Vkz{8zWfF*lJ%kJ4G zQC9w&;!Hrp@wXk|lFC~WxTO9On@hZ!OWx{9EQ!CY5-IkjgFImMA;ysif0R6;`J)=6 z0+*8BFt5%WR%Ff^arHRAgf9RwV;cda5G>Nf?wrN$?7LZa2gWCv_M5*XcW2-+y3^L~ z&g&1S>W-#k%Kt`vB~+bU&k41zI|sF1LrB>P4-oZ;B~9na*rxSF``EI6HZO&+joDAn z@n^jK^du8tKOGizcsPaqG=n)}_R}@^nP5K^^E=hy-X)?AsRVU^C5#;{m3#Fdf@tiB zK&I{zfy{W~ohpxUFJP+mVj2OeFs`EAHRG+nhjN(zl1!xhA5@lE&TyRcp{4UaO&8JJ z3tdqMyT(LwHEM_<-IOvm5&S>uz63m~B5OM=tr2ND2!SX@gG7id5|k}sG;G>|fKgDQ zI2aKzDrk@dqKK221c^;cKwOzoR8-t?L_nh>2(rkCEGjsRGpMK)gM!PjD*4~{RNdS6 zcDfUkZ|3{{c}Du?-l{rlojO%@>Qva@wrB3Fg>wz+>pe$jAtArf>yOGjR{w;3^a%Sy zw2wQref*rWfRfz{NCDRWq@!VdKz?EWR>=D$5<<`QfKBqZb$rR(SOojIobS2nwUkyb z7=H(k4W(`Kl}nOV7*sL9fi_uz;jvkPE12~UJD6K)vUmidSQ_1w#RIPh0M9^v)?ax) zk#!N0bup6Fimt(#7}3!~I}J6{uJ$H;MpxnpZ!av%%2ZCSAP#!oE4I)7-7M!n+ENXY z2#DzU;u_(u3}0OTIA2Soxrytagx@46C+L>`fsSs9!k8DKG1ck=dJE<=z7Y#-nwVbG z7jaCbt3n{d)KxNWSCG`Ma55TnWcd9K0jwb|jL$>*&pqR4~W z(r+jpZj(-!tw$4=x)?=Ld)Aw=WR!G0s}o=>>GiE1OEk*TE3EZzj3{;HS9d)KQ}3Q% zjpnP+{Awisl=)Tk0VRQDLi4MZ{4+Ga`tbpKesvEX_2K~r6hYA%Q2y46OtA-)lU)Of z*ry#|lQr%^p^-tPP?=*;k%vnAn_~s@MWtyMo)1-0L$zRvfCggtt(@9e1|iA2c6OzGOr%+uvw}%3?GJ zidi^_g#)$DFKp-^Ovn5ja-I-U;&D{sRBb@8ZnO@)`l@SP4EX#@n*k`tUcJa`Gl2a( z0sfR+tqyAe|7RM5RW$uG-SnGyNdSx`z&KU;woAT^$N=3xc_#$=r=Rp^_=9rN@NnBg zzs&!e6o4T$F^bdB)JNAO~$;@&QP8#Ij_`nJ+%>p{gV_2tjaxg?m{>5 zl`lnUjLl{E;rd1C;YPl)C-I0UTm{5I#p1T+YZAYaue$Z2Y#l}cF}gk0WB&FB;?`H& zhM;HIT5vQr*TvD|%5gsI0Y*a(e)eJbE3^4RV zQ)nAO{~FSNjhp_@>(GCqO+R(avCfdHx-hs#^y%|*n|_BXsUcN{MA^S;DE}DsYYNui zUHR>>9&sTt#x7NyeMSviK;1k1iXmwv-`{~D^fv1E=#5d*uzr;e3lR;e^UXyw_k6XZolO?OkU`%f_B)(Wpdri|{Y4FdsC%zRp83Sd2QNrmf zW|cTk-M7Rhrb`rJMqlC}MmR5l447FU)1A(0Nn!|&#AK_#13QZtU0(D1?qP=CBt{oU zw3ym(Lj+=Qz5Gl&TVEKVw7)8TxzWn%fICcE`o|#jk0jdO1lryNn74v6oLvJk=D5{t zlX|6^YZWX}x;kl<1X73o)aw7@GE4oR7AIQTpB~medL5b^O2*RpE$RrPvGpp>qt6Fd zV+xy-?{QcvfPJ-2jm4=Re@D}%(*-?S7s5K&xQJ;CdWX|w2Gjdo@BF3_Yh@u;eWMJ# z#>Lm;&wYCQfib4r1s=dG+3|U$ebHy+h7YhZLk;nvH_@x_#Y%XUKvx`={c5`1@go*t z)gvu&5Pqx+bp5Rh1B0HM9!8|)dsk``8Y}O-jaS(w zG$TsB>c+>BbIxql?Ip4Xdop!zWck=*3ftMLTib;>rSk_I*XS&=3tQQ$zu8V9Ggexz z(YZ$oU}mi&|NJ#RI0%@w;7`~WmPLNUyJ*Z|mR#o)rTafpMxlA{zD^4*H7pRE+)Yp; zUpIP1uEFl%ow5H>1~!*`uhQ~`keHhs@`a>grM_(TcQBHK)Yl<#nEzRZ4rm7feZg0z zbLKmu!Ph(p8MV*RGQzSV@gHAd%P2L9jK(w#$p~AZMbK|GZ5s)TD5dUJaa&5aNa2XV zu#K(4b}(!sDQpMBe%^$@W&Hyh>%74uK`s3RNXYs})^sg}BuF8}_BixkP|ok}rmPY_ z!Ttw3pLs7P<}a@q3CWeUhW*CB`wje;sjPbMX^MdB?-BWb(F5TB6IZzS|Mfi$^8cTW z>+=8b$5HwJidEd^|MyZjBLDBU3fufIk-|3ruayFk`QMvGh5vt>=H#s9@!9;JSR(wt zBG*|;8@O}+5}p5-)UW>u4*gd*{e*crx&9ON8lr_Ers@Yho9+kKyIiihPKO3s|Lc?n zxt`Z3#C600;5MRrK8nioepX?d=XXfqh&*p$6}EZqmBKd9zl({k^Y3o8c%E~IlbbG{ zS8`48z#oO_pO0}C6Q+|haccQu!+Ehy)fG;Qq{o-v!vAJJMB{(j4by-{5$E zIhS7oLt_DL;@jLa-JrhO%vrq5E$HqBJw1uWE5kGzaU6SrhWr{dnwO^69<wl+yH%q^PZ!j)b%c>N(aB#k_{zhK;tRn1%>o2V!OXd(J5u_xK0y>ihWu z*|FH`ZF(0@wj7EpY=)D#r!L1#gSYIl%yIgUz{kdtGJz>W{Uu=Odd9f~hi+WGc2* zeRYXz^MMO%n4IXWERMw{P2cuKPWozQg|y3Bzm*AsdyNU40ZLRdo%}QFBRMR4x1#`xoYCsps4;VKpM z3M$7kRxLapACmO_kxA-x))1W-xWK6s;l1>wXPvAPbgDmf4aiRB;aTK&HRK1_oKMKy z3~ZALI1H3TQ^5n>r2ew5ww9-fK@baadIF~XBcJH-z6MPXww~3x$F*=Bvl9`dHYCj= zpg1L}5z+SJes;L9{UdvQAW$jGHVE?=45{8+jvfpX*cp3)xZxxZmxSc&`9C5)m_wuD zNLIzaus29D^jufLNtJ%4|2+DNVcZYJ7^*X$sUwF_P+@ha5V?-^#|s(r5M})l!R9N7 zBvupG39{L_jBDwR6~&yGf)qOgTvqVRA!sJ6Vxd`3Gz)`4lK>vaXM|Z+J9fJ!Xbd4T zn*@$tz03;af`NJY{Dmqzl=~> z6?>S_Q8Gv|Ec1tfR0|!0mlas31APKISDzI<5?Y#jOAtlEoas1ylb0Eo?m(j3SGN)g zrc$$zAW8{Y6<=bbwY?zmgGPdyTO@!B5V42+XTK2vhK%Mh{M#2i1!EKsb+*hbElP+f zz)myze>GD6i&%<>FNKDySb<4_Y#6r9Ax<*jq<~ERGAG5-3504E)F>)D3oX;@gqAcV{ z%nXb`5}#AdftZRPvY148BXR;Ue$=)$QH@4;U~>N_>Ona?FnMIiq__ys_HzSy6wQ88 zVkM%1l?-Og3e04%Bd@c$2I0qgIkK2x<{a0v{DH(xm@j4p6IbG=a#-4@g}GU2+Y5)| z&W40xX+si3^V;Dq1V7V8B4K1^;JnPhZP3vHajIL5UcuIu)?UHZe^Ta_O@_{vEbS75 z_|dlC)Z!Eq{+@)tRag938OB1jY(X7PRX5QL(ey8iKtI-!%Wz!xa24ZUW&1<yJO!^}N}?o>fpz2-VF8ghhZgTJ6 zYNiOSGSAp7p(*hC>h53vsOc->7!D)Cf3PJ~jJL3lSHnVK{&N3?1AMSlEB(uN^jx~_ z?tiu$$m~J;zxA&?bQ05QBLfT+IT!zpL!~U#i7A5!7EYKVO*O~0h{^O!^9b0w_s3m6q@r|pUTXv!S$4^~lU@Hgx~wg?gP!ncu$*>R4881c2t{^Rb^PGa;QF z(}w*0*l$%mPeM0Cf6k!&NaZ`MYjE=yuKelfikO_IFRn!RV%m8KmkhK)R*l%2X1I-D zOAUg%d+g)f4AT`Ra0+@Z9)Zbv;|pMRU_;Otr=e_6tj(1W91o!34S|};$vjC z#%Wlp6codamYtWz^i>`d^)1UvKFzmmJxvz5k`1Gj<1k9%f{?@{)#g#Bc_Qcp-!gm{ zUs;XQwvKQ|*VxTJKu!N^>aibU-x}E8eK;0Y_$OR4RhoWvHHnYBzk4ZTSM2@WpSYE4 z%UaeRg5F#5@G_V_>SE_NF~jQIM=TAiv%foKWVr8fC(nL-&B3m_%owWEm27SmvR2)6YXMvJefUV69=qh;PzT~M!obUB^)u>6+HVj)}4Rz{^9 zbt@vBWWy4{iWrKBwq9nqle$M$3wpZTfko08{q&G0O9w&k``6n}K~9vd$yMJ_FwX7c zFC>s9;>P5IR$+UQ^kchlo$ccr?ZVdf@gga#V?>eA$}a_==hB0+{SsdW{^L*VkM@(o zTucdiU*Wcw_W02|CqPK0$lhyo_5z3UO_CUYnJU>If$gm6+>pLE1 ztt0gt{t{MZIO&jF9_%!4O@+F(O>?Q+XgD0OZ0tdKQPgeZSK;b5St3+gW(DTTiKf6@ zP6D_DRhr&O7tX54HhH_UDz>N&cKJFQw|^HKKOW`#R!X8ToV47ceq2V5=@12I-4+(Y z`k3gQAAmT)HDL>W^_~=##V0Vpw~P#cEyzYtQfF)f^71;E1S~p{m8Gk5wG!e|XGDLa z%o@ZpU^(KI0a~`YNF+I8|9@T-K@JcV)bhJmk6-XkC(zO0KM+h2&#`c1R-fP>9Ch?O zGkH>s95%{ia+Ms;3`J(3PnIKP&Hn&WK;c@7K@}fz{cy(tu8PQ7Ad2u9A`-5kE-y;~ ziKw|v-^xc?VUbqng%2^IS#D?ssTSTJnXIr=t(6U}-*bJ+oNrxErHp*OmB|q3o{=Go zg;#w|{vlu4wW7;9gh~w)4M(s|KfE132%3BWkp?HZ%mNh$Vxz@7&v^?6>3^Ww%Zi!eTy}LER0^^=lPIF5GcngzJ0h>tqo0{mDA|-bV^Ue{)l` z{^HE=7wR0lLLG%aPPdKA6SK(syIt?l`0+Y;geYB};@ z&?7IP?YW%f7Y(AHaY0rvz6bXIn1mQFF^ag4`eEvfFSw%~BlwZQJys0vu^u(vfxX5= zebI&N2JQ-xI)fPIkPhkni_vqAN|CC!y5rg`M@ILb+o=O#{vW4_V*dt+f=EUXeQ}Pu z2U=q1=R%}c8&e`xR6=YbSC)#YY48sb)X?i{cqW!7Sio_ajK{^!w?ShLoU1j)1PV=@ zV4KI>DCV)(&Tw@ZDbY0%N8?zluss@IEQPhHOD#?R=3lnxsSJH(e%qI}Fa!51NZ5!T zdZ8v&p|a@uZlk!EMT3cFT?uhI450Qqp#j0fjSP_pdY7eZyBEya<~ zQ{GQt2{Xbk?Sskh)`-2WWVfuxRhX1iLGugyz}cvMD-{H<&u96{o)_WjL)x$iBa<)U z09Qmk%%w)=sO6_p&d`HfjUIqA9NJ(SvSsC46k)A4F@O>?9?vvKsD@qzQ)<>c@dui; zGLtby7yh6DXBWF@JpK?P7W9nIhuW;{;ZmF4H`#_pOdR*G>l&KFpM`7ADX)UTASPdL zVry$tp+{FgM%VRL4UDb~&q-117|(+HldE{m$)A#ofuL&b0Wv}FXULF5(*P542{bEc z)x|ZtxFBy-U!AN)jemtO<^ENe(NWN=>!hTZA24o|pQn&VfsY3;zKFq5a|u;DcYdhS zsw=2v2WdAJ00FG9Qn1`D3?|-iwWwKkKO*D)eiU{^gq)!o2LTVZ41Nl?SRotCqA({4 z8=+wSn0R4cWbV}C}QvQQlkQ~g3^L9N^Vq_Su* z@wt)IjBp2xU6o6IT_%F!8E3mFK0LlbidX$ToZ>GeswE=D4_bw7ia(aZ;%#N4Uld9K zY?v4!(daVWh%GiXjunFOe->Msoq@-@`;x3|>i*ghLZM!dw){)Hzm=tf-W-;MHx}Kk z42`6!-MtN|d3E0?x=nMd$Isa`e5Jc#uR`m)R{F&yx_`=0I)vrS$}dyp(dMc*aJ8Gv zTF;QLA@}M|+EDR2bV+M0jYD*4NSAX-3>f6O^kzu*#jY;Nwzp=smW7RI6u;gcE?keq z%tRFK8&+XkxCbQkM0yp4`>+%cbp~#bEawd}oaU;aDN5aiHct!{1*uML&QoKhDE+OV z_Y-W78QYgb$zo=P^=0i;1-(V1DE9Pgduy@lk4ItXbbgsrW;Ub%&ipdrqpf3nO|O4^ z-A)4sgSXchI%|CW(&)q{zDI{xEah4!b7znGK`djL({P3S0b2}{t2g^#smCGqd%L7n zMN+nzMuEUfu8zQ6hel$6ZEz4anaAvL*rZ#qhvHCn9NJXhGQG>~7?3~CgYKnvcIn>J zW9V`4!u#LGKU_9ibul z(8mT|*pR%HVGnvp&e22iCMhX;3^rm&M*e!|kX$7G*SP`yuv^21Gi<-763&-pzIn#*r*U-@=^d68N${%W`+uvtji zFB(bzpQ~|y9uK`a&`Il!S&dtCiLEypA>I%^@FR*%MhqQ`mK`S}1{{-lg0DJ9;#Tyk z8Qiv$SixGqfJEWF(GG!cxEw=yP#C?U2po)mVk#n10=?$)ry?I#Y1>x9VtkKZ>z7}B z%y^Mt;&7Zf;w)|jMJL=VSxshQYWG%hU+I0blI5^w#R0YQE36y@-%2h9EBwJfZsOpu z*B`_`>R)1BCj#s&&202E#bO{v(`=2Fbn#8{n>(<3CPJO5Z2Q1b=p7jyoKON8BSZ};02eAX2B^JBQOw$v|=mxcZjV zc5tvBfuUk)U^|m^eCpR9k{_Y? z)Ndph1zA6=_|(VfVZiT5f#1Q~BD~iFhVDP^_|y;P(uizOgK)!*;UuW05p1j_&$!a`%RbQdF;aYLCyA$#p+8c5YFk#7@ym`+jb{ys zPpvV*^hTB4ol<$HJ6R>@)E}Qp|My{iK6@_5{*v7?j$wUirwn`M7vt9f{tf?EY(fAA zZElLV5{HoaUhnT6YAZL`ukW#ds_40gQo&?}GidG;iHf9ePw0)3CW zJgh)TdC<=5EUC%`sm1u<#|jpmbKR45W`CTju z0|9Uj<=vG6jXMsECQ$*7!F=~pH#F$`~C3W zG|Ws|PD}DvG^xS$16F1@swwQ>xv+n;?SOdm^TCMpd3*l!_i_6TqhhvfWIl%7j(^B`9%Vru1@Zjx$?`n zVJG}u{x} z4gP4DZ}30#UwHZ`t76+A+|XOGJ+lI_AzQPcHqaUNX6Vcc{6y3l_2bmY>Qen_Jdz_En(v@D>!Cwh1qS!nRh_GK zNN0x-y;+1B@<6)eVIA8D#DM!*L7hHT=C9KxK{C*rBI*r9EDQG(9Z=bcDl|ne@|VhV z-#V>KIV_w_Wujffe1hPhPa7+=K3(*f)+e!gwmxC$2DQ{#yQoj|k{6&(X2oZGneW_F zD-*bx6@Q~uD5@?)F(IJXdZ@%hh!Vb5m!oH($(eYDP9X?Z?><3g#wBNEuG~ennvgs! zbLCf1tKIU)aQp$a`bx@Ng14D(qqb42ud)JXmRwG?+RH1oIpyom;|Yg`aT{;#u!@}$ zMT`*Q@2NZr6`?#7ZA9e>tv7NO-&Z|T7+IIX*47!n-oX8woZn~L^ZOkfQA>8GQiY&m zGL?ji=_%!(k~6ew6~EaR<+T6mE5Cbx%oBo7&Q8YmJd)o^XstD%RIh-`l}I z68Hz_x%?xAe`sex7iTqE9cm;w&F|E1{wT0wOH>WSsz5PuztaC9BCL zoL>&i(-box+G3GKtRX(Acg@uv`Wg_oqXE>niB&#aflUr3ksatE^e(E35Zu)UQPDgf z*9PceTD$+;9{3LCjN}S$Hut|*aUiX4d1C|vT7rqQ&gbOHtUyG;gG^UXwZ=u3aZQuS z1$G#+6xmEI56HZ1iG45fYXM8(V=;aiMxGFbUq{C-TwbA`f|F5~SBYK6!$JhS-SAUK z7-&3k*7fo|h@S}G-QKE9A*E}n%WtcvLsf5!dVB!(d0{ed8`UQI1KoeL{9e?i82v{~ zGE6izhFhdLly4x;>PO{MPz~WF-it4t6yqz?Q4M9L*S)2CovBTeDg8@(zs%po{xg*g zO8@zs0;t%lFU%T*q{W9%4Rso7v)yTSnm?q|NPn<84LbwXT3cUjXenf=0U^^^^Y8jP zQ5_`^9+a#mYeWe|_jI2jTj&yK!VJOaGYbGmRnccbpK;Z<2xR)D?E0VRy&NINnykwUT+-0AT%5wPT=7FmYs>qu)fth0Gp) zN~qHm3ztl%(LG4_4<9;BF8L=f*@KRqS(wYHNfRS*Dv)?+tn`S(_|ZMWg?%9LD*b(Q zM+0qS`Bb_Ry@f#K*G`2G`uj{4s;ewiNnnx`4owa)r~a@MAdW?zC3@N_+69 z|A^KuMQgsY^)#K3x1S&&+amcbOU@@Q@FH^M*WhN^P*_F5*|`?LwBa@g+DCX5K30an zw9&B)@u$9J+SsU19G=C0(MZBSW7o%R!d!cb#5L_-kSB8B$|BbqLJV85d{2>4CCM(T zq_8ijZMW(p%IFqH1a_!BU)Hsy{qkW;A8g^WrBl0v+tOWc*0rT(-C5gGwKcdKNBXez z*{mlmDdvdV>zMU=B=obx9id6E-I4k&EA}t`ll;YbD)s2ik<6~Q^bgV<%J36Ou;S)p z6`D&-bm?i`GT7@Kn{_h3s=85kdbq$WD+?VkLK)#3cC9Rn>JH-K`h$t@lwrN0_)fD- z70~C8JLvPrr(*sDKN8D#p{i;GuP#*sR8O1W4hfzkYIe+ zo2a%{jmWFVxK_U&zHe`Fnd8@#|DE%rjc%w1^|lw5-adKQce`b#`xx~tntV>OJ`HUp9apaY^RLRZAKaYX(?qK z`TWY93eanxUpbfi;22;NFqkLl75t$0 zoa>*+ZX)R^(3QbO_h&QJD}P;; zgqK8&q`B29Zb#C*EQKTH(ivbC#>OYZ5c{hBQdn;ZVJ)`36tK61?Cs7hM2PIWM_3Qa zW}U5Bn*_E;$Y0lu#yyzWrj@gl7Qm0=ECI}PbSCZp{RaN)OAYD%&s3 zyE!>)ZOLhAKs+zubRziwU`uBy&Hvl3i_ZVc>0r3?L(5dEl&Lwb^HJIA)>bIS+Z(O( zQAr%YWbBer3|p(769&E2r&xt;#=mYC zt`oeUX&1H>f2I`Hkpxiu6e$44>(~#+`KVOPFWX6BQW^Bl?gF;zSe+!=o(yyXlQuf& zJqPDGVSC!eY1Zp+!g?|(F0^T_)U`$u9MWNZ(Zgippc+%%@K|i!KZ@&<&tQIp;mKAX z${ot}%jf2Skk6W?F8MU;-k^M%yc#Z_Gs;9hS%JHA=(;-(6n(N-3gcoLE9AMCUAT^X zp0f*E@`;tgwtQwvfoSrXR!TIqeD<8>kPos6L3VlYn zbx?QqKpZhyoo@m;<#bH2*YmKDI3jj`b1ghwB2qsLn`5g>$3&K7*rIy%Sw z|MHCpm*R(fkM8_S89W;+X19RhD-0S!{M&^P`hghNKsPZo(B(!Edaswlg+8)agdS;_ zi?s^d*7jm4tUD;efxdZ>t%(?+ml)re-=Qzyc{1=U=pZi)i7F<@~{W4A*p?KiGvV zn7V)4^2ZiANx?`;YlbyQPHnB2?J_iA$zLL+sRWRJI^}-^p;p)(FplO#_~#8A5AF3r z9r;U)OGGy()+!v5zZ4G1|M~jlFA*Uj`G?BZl|PF@{>g6nTVeS6{J{(7gW}`d6i@5j zAjJa(uJio$SV1fz#ciy@HpQ14Dzc%o(D;8pM~dq^f3WLL(h{F2Ba)myXdFwj$ADIn$y zxWSw`&L4P9QR*%RuQ z%)(L-cdq)EOph6NMPRF#n3$%}5eA$WGXU#aU?*!(%>oj8{lW-9A@t372O#$Um-`6E8{1 zR5R?D+TacEA}g%2?nIlKexw2Ol|4&P5aCSxvNslG1~P&9rrOPwKz%?1V7WJgpsY=7 z1Z}es3vV1#M!ZPPkl)`zI7fhQ;icU4ENmw7gMVDuAN#(o{akMK#^Xn?`aMiq%zczl zg5wG&I2B;Rjgt!s$Bu_CG`;?o!Yln1J(FopW7)6b*sl`gIypoIX%bZHsj@I>C9ZR} zZmm2z-&wH4tbg=EYRnrjlHf5GIlorx8tarw#Y7Q&?L4_poKB}`c6zF&g8J_`2oYR6TeG}TFe9+Cvkd_ z!s!JZ5zH*emJG553)2X+lDr41;|OhY5;*fpqMMH8Y1Y8bSYHl08MHb6P_~2Wc@mB7 zTv^o5+P|WX!@t7%*#xei@gIN%D!hm<=pA($utr4o81ur@@hWUeG}=dQ31}Gl%veM= zgK1YiNv4Hju}3phW^G1-S&C@Vo&yTjJY_ZI?9STc#=#yZ=tV?WXZ=^m0INQiIZbS} z-;o03sPKO%F%19lR|5b3|Bi(JqffZ;pI@Nyk0pzO-nd*R{tc==Pj7(#Q$YFJPqT&EITUx%Q>1vT)7VE*OVz? zx`j3COSFOoJ@fAZDNBFSq(GG&s^kkJC61)n3()VjtAo28LS9D#|GvaU!FXGPv>yJ` zpB{w>tzS&>2O2O*W*RE=5BQ<98|Wmt{s5GDliE5E+fbZLHeuOddvpWsmwm=ZR6`FpyH0-Xf5GgaDeQ93O_j+Gu2qHK6TdYPi~a07*yE+u#ndi-)*tYW z`dHJp5-&Zz@`Y?Q7{3aaB~*!^VJcFIViHW-?N@-qBY)H!#>B?K;g=qBE6dB1$R>U9 z4I(t|lh5|bPn@_{STIB5s#J>7bA;gm4KiQEsswJ5JP!Xg#zGEq3G#Hweri~@Od^5J z&_TQ-HSxu!WDnvyM&D6gC*dTmUy|xS+$l51GF_fy0l=}pwv3E#Xn)P*Pr+bIn@2xm z1$h^U!#GJXP8fWo7Ab-X+d!6gfm7y6dr0vfxnP|aW4F~3?tgN64DKJ?<|}V3>Twt4 zYh5amOYTEom}CoPJfCJ97MwW|teIt9VSn8&HRc@=c4rYb72t8CwR=Z|-A2oLiI(*? zT+Hx}C2MFRwvtt!M0?$k^^@{hWR2DkibJnkWSyrT zlAJCjA|Ns2IaFJ%8MWk-}mzc=qFJwUEP=ae>dI^8JB&pWel6)knv}a+A=;7o(k|+J0xg@Vy3)<{UzfV7x^P_eA4VqufA9l+7CHkC7AP$L#Xh`9DHZJUHBK-S_9q`>3aGUdk~EgnAFF z*qVtHWwZS{R6|5(*bRm5dx0p;BS+3he!_zKlqO^jWbRGCHmqEk!61cq@dA_IB9|8x=~G0so+Bjv9?8Dphu*D)B^ zXGjc2CXX>l0LE^Kg4M+)1c@211T|8KcfSx z(btppWecZdrV?-}m z>t8c=b@%->0ne*TZ^6r=ghqE=?px|_JToh~t#4^YqnU$}+bGXmjGjSH#he~7RqdgH z>gPwRYkf-xCAU@g&XZ4xn5c*^s6I8H+NfLcNpRGhxG5+oKR zs^{lO{cHN26H_&aO+SMAsx>OqT&;ror%dkzUp8Sb@8Cxwbft92q5ygI7~hmG*f!)(DU!Z zw|x!&0sBq&Pr<3aRbX_j>eLfChvB7SQrt{mL=h(w%uq*Ay9PRyr{>|1#N1C2h2|*I z(0480NhgVX;R-VP75<0cy79rk99-c4kO~|oLhYW%!!_}5pMjW6xgRiXbK&uFN)G8O z(!4L>JuE=l<~Ng2rzVz9#dxYLh{M;}_*!s0#<=_N;4eAEFY?*Hb`2Th_ho$o6`pw& z&c9Y9R^VrRMf_a+l%_v5*C@F64*ZSSu3-8kJV3tJgHh&s3gC)H1kXVl&v*iIqu8uo z6nD2bDAwQs&Ql!eq4(UE!z(16rJ`~az!@Kc(8%N&bo58!X6;!K}~2X!%U zBF~c8t!eo|BJu}l{Ju!4gWop1st>Yir@xM&lRvW?UVizLq2SEx`}) zdmBHc>1W&cJ&nHwzdzwY9dGcv@Q4$?&2t35Cr_`#zlZRuKK@O`cj4a@*2Voy5%B8= zz~JBc_yK-{@q_vAY>R*0@VDTXj0bhYSk1p9E1dZC(D*g3i{Jj!>c?*zz6*Yz-~sqG z6Ccto-&Laozt#8wejnhcH2wSgEc{-_--6$Zcu;E@-~#!|u|r$Fb1H>@V+q6EKSnix zUmpv<-WtE--#osKe1`%s_?Lwr;CDHGO4Eni_@(1-!LKJCR43pkeHP>A;n}~`R$?0M zeLoRQpcPxs2U@Xpc!0S&8CB5oDfk(`*3%w8F=+e8AZSPa5o-7GcqgqNxdN@PXGBQQ zbH<*oGCqHfi4rzvc?$(*Q+XX_L#s6XFQNLLKc0#)oxOJo9#q9OQh&hQF09|q)c5N8 zlgurwLGKxu#RB$;JthI0acoWegC_V}{DVWO;ve+Wt^GU)Zrq1EH7>}vNL=EE^*{@; zc>1J~v~?@0VE@Z*>jwNSc#Xk>`hoEgLC^DSsob=5if-v#IgrMdX6csVrKOFtEUdg% zOHJ9*v$~~Rw$#tGgb|834PPhx!NS7;X(@ibv{YudbU$07|8p-M=>O=pTC=S^|I+le z)@^nB+_dH0hxs6Q^>}yE*Vk_AA^a`$-G>L&Qn&PeC0csgw1gBm#Hvvzi&HP^mR^^Z zz7JURy=1ktkS(qKgK(;tEsZuU8TxKnYvD9jx3oc8T4=YliY<}8H}L@arlBo$1^jQ0 zdl|C)2q8TEKxaKZs~w3t_yb#DpzUgD2dWgmv9>!%jzcU4b_|dz7JsTsG=+Jn%&B;W zz7^#W)4~bT!YOtO*I!Ch?G~=UpUSIS=xDb93m&6JxmwtMFS$Y-R%E+ccol!D4VpK* z=2kMH#^X;_p<8&;Zh-(5cbg zs8hQtEKL}JzeRpS@BsN$jTT)fKy&I6)7I%g7^uB_tJT&Ox~Ty;}&2>v(btP8A?Up{n-_p`Ycu<{mOFM&Tsp=mt`li|Rz5A=s zS0gPowOjgkg-`1|pXfFQfTF-)vNio`4@ch|4mZrC{!B59K!LR@iYLCQPq;G#uTK<$j zLC<-1%lW$Hoph$xdOC($?qIk4);$*OO{|s=U5J(+&@JDkTmGYNd1rSE=QeiBjnVRp zs9|t^&ODZ;kF{H_z&pXYm@W6yEhp=i&(tl?uv&(GJ}vA3XW)u?UJW(mGI)oNXa<`ZT1Jsv7^*5U3k@6ae}{?6A0wfo@tz)|o7tDu^y%OI+djXmcmb32lR zy+gyUM(8r<;kh)uS2@{__$5h#C;#Y@Sjy*|(jH zrVU!X0aE?YjTShjm&T&W6PhF}cYCinWJppUpiCJMSW-p=WGM;Fg_e?1)C&w}33_%t z);Xq%K2MMJYP$gpvrT??J7`)%vA0o76=}fn8u0UYMSdrtXnc&t?~%I9Kfzd3o8c(a z9Bb-Ahf39DF4FCcb(A^FZl}2}lda2K;3#ubGql6;ODV~r8pD$cfOU$a%r$nI)w;}V z-Oj#0hj7lY${6|Ug8$G3KX4R0)hei_>N1~e;+}Jq`Nc+jgf4T7Zl~N)rn0$(cz0dq zOWn@3jxyP{;-09>=;6?l?kF?nfF>g0RNXQm7A6j#R>Gi9p+hH z-7MWw`I&5KV+nC)OVjbUv{Zlx^{j3wmo4=(Ep^o`6@F^rG(fjhg=Idh|Jg0QX087{ zZ`S|NRwY(!Mn8qoXssvqyh&&XNL4l3KW8d~PB3+;O=BAwRvYpA@wZ^}JsworNTF*> zIk0)@Bh8`atQhn@j(a%u3}MN?g+m_*Hv5V#y51u;w2p7#L47E35?o#40c)+lhf}eZ zHs!lI2OG>97GoCbTf_SQ{kyCmP7GgL<%LzP`~jRV@uv-qWdIZI!%Lf%P}qlFJ}jaf z3*F1qO4B-WORnHF+4aVii?St(g~b7Q7?Obb558mHb46(RQWnVAL>&FsY26`Rm~=qI zo9YShdmPJ$X8%EUjlW zi1q=j>1GwoKtaFZ(-6OoZ}X=O$dDT=Pf&AEB^syH$g^E+`pVkkKW6z=CD$*%`S>0U zE6T5`n+vhX@_U;suUCFD(Ae@T5fK$3|1q>KrLfSqv?w*B@3hpyoAJ~GPdy5+#nUYmje1ZEUjyD;j+w%?^fzSKt9kCS_ z{9AO81u#I8IBdxKkp?}R7$7AVw?8X3BkMvIvaL=naE2bJJR2dgqM?uwb+(0{7*l!} z&>F;wR2Ram65|ZP_a4EwglPUA{;a#!#h*{_wfXb%S-+J(;7qK)qHD50*frVWOK%FL z3nhZgeZHlcjY>cF6(4M5i`ySSz0%dOtJD=lf%L@*eeVc;Z~Sih#<=J^ zSYgw*G3B??_j~x8ca01F?IHNX|10okUgd&+aAt`9PX7)1{a3r--yVWL{J#P}oc?=4 z^mqKP(2w)`4*PR^2>$T@3Vb!e1^?iT5dCNVF8Ytv{%y{u6nJ}tNT^K$a<;g4^|$J#$i<^DGU%JC0vA^k^;Q@--|`I%|Jc@RPdt9%R<8T6n1 zrAL|;`0#IB!5z%E$_r^H`IerOF|#1K6A~m1Xfy}`5gqX~r12nxNSx_gdRdd1Ba@S{ z0=f8AStopzKS9q)r&_Cd{<+^GR$^pwrQHI#>!qLW9fQg6QoAQQ((A zsbNizqmTA1eC1D}s?0A%Y}&b{Qx(VgB90~#ja9LfU)s9qU~C z^~opsmY#o3Mp;qn!x&Oj@ zQJYV!d7Gu=;vbv^-o{ajutSM|EI;VXGQ@Ap_aLMMq{A6n9S8gv1aq+k5ck9UmGBb8 z?b#%5&-+%>@~h?7NXsuwQ*HU}Bd^hNQW*_Fbt9Z}9JER=w8+YM&^xlm-lc+!5K&wA z=DCtvx#*%#uwwtE2-ay378~aeAahWoZhn$WtQz)7$NTKUbq?#FVHdUz>tD;l!T77b z=gN;9VZG!7dGsTGzD)5^&Kuc1M|gMQ>6WlQH^MR<;IJj5ADuF?WC42_OO*y8bL8&4 zKn1f8RLYs>^rh zGEUJl4j$fd?~=a-%ZYz3!&(9rWbv`$kHA{szrSgN_|HrH zefZn`BTRQWf9uBnaX41PHrA0c7T&2dTo7xPl20P)!ga!@ckTW$CAxexeGi#FSdV;` zocbT4Z~h5U=o{dIcue&5Ij%wZebnw4=!?!@qyM$qp{j?!Baa1sefG7V>3dH5`pqeZ z*#C%qt@x!|jN0|K%f9~nRfG1m{Y??=Yrk~j8qvP)xzW_H?d#cg;X3y9UAwSlUmLM- zF#eEOQn9al*4p+p`O7Hw^@WoS@2dar*w&%W+3ea~rM@3DaWN9^la`(aihyqyi&*OlWU+SeU@$e4)sb+%Q* zwyzuQ!gcKHSi7)gU!P#%VEm(ENyWa-e%H3It3QikUx&6fg8DyXUq}7BLH(N7>i6l_ zf5m_8)A0E4(Mi7#|Ay_)5zV_g_GhdM;xXCRZ4J}+bIbn_eLJGjcee}TG0`^_bGHWO zPpw_hexrSB$i9yHxk32z;*OEO(bfm1nZD<=ubnJl{}KDT{s-9CJit1UDzMuKb##IzZ9-X1~TwpWQh)@GQ=&&K!{+?j~g?)4$93O$K_T?Hsm8thYW{Tmq{ zbo|ZD>@%tCT73!eY($9;-jk0lvBci^DLAgj3ivNAWYYziayF~{IQSe`CO4;`uO%w7 zArk6)s_XG}*j`#|SCB0;C<=Z&-wr&ubt%OReuGVX5Z2BS-rCc>r>b^Nzm~v z{}K{DB?(7YzjxI7LO|rs;_nQ!|k)EvjKH09eW6X3z&@WMpF9qahk?M4-E>%m{=ySlVV9fWmo zo7KNHhVK4t@v5cB52t5KzsQgAJ+PuuOQ5nL{#*5-V+=d=4sumD@qZ1;52?u_^)KxI z@j%}ri!|vGcRxgQ>Wap7NEcaI_C;%Mr2RjU50oMj{Bs;S>05>fZ^S+}uZxV@-pD|& zc{S8cRvG=TvQ;7CgTSw!{!fkS)1SPQS^A?JUoHIv5ZI@R0}c!IopjZsv`-%2vJ9tr+bfm7)$yVA%kPoL8r0th zYmrgZ4)T}Pm;aFbn%6}}C0NjZul_bPKbcxrX+kcEHeU0N)Zu^_ucO+(Xb}EW^+-U& zZ+$HAk}x z8{RQ^Z&KH<)kH@e&PAf)TuHt!_3+`yx)mD9t1ovB;=b}*@u#-m)#LCONigOe<>Q<2 z010sU@G^AhGYmY!09Pb*E(qiMPij?DEB_kOLhHj77(;oAK_8S!u+G0+6j#_qJ%G|U zDuX<1m}mQzUJ5S+Qv>)%eMcnWCdZ|j?fVXG?+E<1CIKNwN1fy1LiIpRm+04IH}1Zr zaeZ4AUM3@YU<5oz(7^)*aBz!~aNs1Vu(y+(y*%bL?}x95pnYOQPGh8?1K?puk}AaK zXr~<1!-t&mse8ZIl)-NN$XoCf$@sE~9N0D#FGj@5nGfVk5dL1*B>K4u)zJm9=F#W^ z1{1*RoRp~dt8s}zU#%9g5v?Cj>G-lD`l$KzQS+I&Z>FeyS#mLc)%`du%lxn9H>0e2 z8d=p$d?ZrB{wf8fYiw7~H%D?RXj2|LOAcnCw=YCK$0dKl+z)SaIgDhha%8nabl{kE zSjEKwhg^S!5BcBxW`+6U*qW34!BH3!kzRG1+Rku}iVvA!T%$A<`8>CDMOtgRf|xrq&>?EgbKh>9aa=#2(_C|VtmKUDDDAis zZ39U=(Y9(U!7)fW=tp8wSDw2{-b>;F1E%1dooaf(rIWp!F>g*mGr!~}onLY_!^TQ> zFBV?uT=o8-`9)erCh7|1qqp+VZ^vv=Eknvre|fFwZwo5HjEQKAF}b+^ves9AFs>+*bCCT6$9Ln{Kd=g4B`%$eVn5`q2QP&@x zFPhSGjn}8MGtNtO8hZC9m^xw!dA{lR)T`F5ERRO1ROmZBI|8fA2 zwelKCe9o6cvcO1l2TuECkfB^SJTJKzuuP>|AripulP{Sds1sI_(RQIGT1Q4*4+CMfFYVYgqtVqcCSrM3K9T`M6g7N@i0O4Bb8sL~@>pairzwuZN~!UX9& z!>XIq;c$X0vaQ7Si&)lR0u&JvT=7FVhJ3$L-GYu%85%RhXI2M)c6J4EPOCjuB1~=H zp49dY0-AvF8`8|qT+0)u5aNVn|C&L`r^m<@q!RhD4d`Ell)G<+)_~%aWJYUUyuFvCHK>)CT7qq!=&;{1x~+m zeLRSj8@^C`88L!XZZe((y@xV6io~khja=t>ZoUvXK%vTd0bTe1!+UCw{~+olK>Ek| zz%PNe59r{ZfVT}A!bK;ofZd5~GnlyWou0_A09N>xdYT$AdP`D00thwBoKA(~S=-m3 z?jQMtkw+MLGsXy+bUKdcOlnlqo+8aq>nf;xc;dmSf4XQX zJ#=0{>(WEr3!0T4y1H;FnyJCuWJ668HW-T&Ge{|4lc8o1SqR`Fz6qx9DLX$#h8Ql} z7V%0NO%1ZqAQioO_|F{M%}X+dcMkycc8m|z+o1m(9I?Z4kh)=!V8zkT#Iln5063-)z14PUm`xP^Fhm-LZo2zsXRuLMW<~8nEw5)6y(491JS`@AC6zRKW@qmlt~JP ziBnZKJsK7E!z}Sseoxyw^$i{?(K;SPYCZ&G^q7IQ zbEJh=KO_E3`v5oLsZuosMQp#iUsTl>E!Fz@xTY_a`l$#5=3lX}N^vpj zX7yF=VBe_PtU#~Wep6zu9~S71|NBetOirjRI9*0Ek=avKaHE2~W<9Fs0VzN;6~ii9 z4UT9;?=J}qn+}Fi#+c(k>9(qut|ITm3I3G+GpROJ!9yqrefyN%PH9!A)kmT9?@QeM zn`9+bs*=NWmdb0<&C7R8NwVe@x>u8z+Rvg@(6`gj!)gv2RLKT3E;zqb<3y%rwxjR! zQQ#*6ejIrl%f270I?)_}vRE`6w~CFak!S|W9b2=}-GG+QdMzJ6+W`Og4{D{59heJv z?|EBW(^O!#PThE*w$?tMB?I1FtPT}}n{ru_<~1hvRoa8bf<%vfs^DXgfqO3ou-joq z?tN_>4^PG~!B0&Of62kGu#PJqp4T5<;D-dl`}8`Qf&AqSNE*EtmW;PRtb;g7V+LsS zuPSKDJuG!g8&`IB^iMVVTPOdjn}-Qg)Bk~{A5>d=L?9odw71ZVBbxGC_nQ%Zj+5X) z;H!TSI~iyO=P@z!R~%7ye^gV8{12rEYH^_zh>i!ff4z=G_j(6EH5oE~I4F-_tiQg> zuV)wmtW$pmfnH|7zM}3(PS3GUuGuOhl_P#}_sKBukuPoP}3v#@BV&RP8!; zXvz-}{qMad8qXt48h4c4{}-M8h_Jljh3BRPdHC8GpY< z4BHO;)bw`hw|A5NvYB5_g#{D(4v!J*_R*4v)=jTpo1R?>mt3ojXm-h0h6$qCts-{s zzhwm%CRhGgTdS9#uG<7YlBzn;`9yTzygvPIAdHW|X+L-ss4!D}+& z8kMI1vnM^f6Oixh>A&RbykLLAgIdOTji6_54(bne*Po7raCZI2?D`X}`r}xCs;~T5P!M4DCm9WI7j`{?E1gHYViLV z4{ATd8iJlw)(^PrmpSYI^IVJm_pJJFvHmh$fA1*LZ|WQV^>6Qh|Cn7rXw@%c{i(YC zV%9&=T|eDfe~exKa;tt8>-W+1^I3lbk~@%o!@obbcECT)uAgYtZ_WDq8Oi|qSwCRv z8~i6Z;s5g-i~g?`8~*(R4{DjNzxN8#Z|XBCCFIu!Ni1#oJ!aQ`$*RAQ^{49ki&_6f zcYP+owCj(t>la$}C$N4WT|b}oHz1n?={N9aJL{ij*H5?V_hkM3jEn&NtRFD-4gaP& z`S;Hr7X2Qp{x7ePeqDd><)q(T{~~Ao$L#tapqk{>Th01Yb^XPxf1;^x`2TT|Lw;lI z`VUz3XR&@CT|b}oHy~|tiMdx-#e1@yWtOX(QnuP?qx&&ENN7v71 z{SC;=K>7{;{@~Q#)9m`wt@;J5zn|d|pr7>vroN%Sr;GmX7X5>*`scI$GF^Y~2-5F{ z-^dC7F}uFks^66Lr%HH+H~Xc0==!YWonn?f*8&}!&%T=r7vrQRR(8!-tX;^;F1!Q% zMx9F@fNq^7)%$IQ$gMQJvkmi8G%q^02@k4?hWU>dHO%cA=657vrhxq6Y!EB^JF}AI zD`6t4k*g*8jf`JaYzJ@?b${=^&%pf)tDF4IH&~Fz5ORftgLuap$eT3e$%NcOAWvmg zZY<48mX9uC`9@u2fS#d&j_M&vHA~aer6vccU(mV``x72i8x3;L3!2z<8e|MX&PN`K z()6Ywkn+(5l5f;jHUTtO`_S{6zl$}<1(yP3KLNQ=Dhf#X z=mN<%YO(>DphbH7V#D8?Y>)@hx=^_n4{D$WnQTBV(jdDLtps_62HD4ed{~3bAjlnek=Q{Ykn+(5l5bQi1Jc}`a8T}P z1;}PL$VnE+Jc9fZaU7s>^&(AWr3U%IB>)Fj9o zEs(hcS*k&fGa!pJ$cY3QDf$fo2!Hz-xIJ~hDSXs->5Zg0>rk_Kp&|z#J(*xN$e~OWGO*D zDDf2DsRm@823bsy?F3|52&8;;f#e%C!hke%u3Tv79AblPZ-Go8$POB0Qv)(rgY**Q zqG_bEB`X^K%2yYE`9}D=gYAS!T|L{7x}{Tyzpp@u!ry1`pq@L38UgRUPiy|>Xvp_x z0rJ@b`5{)-`YRt@#PW?AZ-B}*I6?38YsCpJP5*<`B!354Ao~$yZw<1o0hz5qCJ|)S z9V9k61X4b_K=O_HiA{w1X`=!|=eHe+EJ60SK=vibRT2QDM4%8VZnp0r@H` z8ve>x7k~Li_&d$Owfar6fqNUP8~xn|Aqsyt;z4C<$ej)33=R2QLf&{giR~jO%U~lP zUBvQ@I?ez!_TfTYu_^Z9*E20*@3cTpCdg0ri%6F}rHSpUL9Q4AkfR0UYN;q7<)aHE z->CbEb%?*O-)2DGYlA%50vSh;*J+T049HXsau`9XB2sxND;oaFR~LWzM)=##z%~3G z)4{+!iPa5%UxD6e{l$Z--Y3Mq|D+~1MMK`23COnyn zut3HTWD^Z?*Atq`1P$^#KS0hDkUw+?@mIdO_{%rK-zv5PQq54l<}L&GFRX6(`#4lp z`1>FpRK>rAzc(4kaT@YuLT(|Dr?RT%uY7b7%QxyG12j$(`*@lGnl3fT-*Fbm(FEB> zgWSJB6C0~R#t`KEDdca{5J>sx0?9XOE1L+>Imx2){WFLxL7ruSOd`mqBr3#PWtZw-G4myeOcPSp!SsHRP1Ni`E zf|%U3BIK6~No-p|S@c&vx`^c)^);ISvBv&xdDj5_ti45SQ;XQc1i4gVCcF+`= z!HR~z^3}y(z7hT&W;-FdZokvO{V^%T-&ZWi&k*u@L~zjmeM}R(Q$v1jFdz>X$jew& z>#uxt5z9Afh5>3WD%oPufB8oEJD;e7 zzvd>j6IL3yb6MT8zn1-g?N6H66&mEufdDy8K<+xt1}Pt1Ao)hUMyx}0_FG{< zJ})&1@>5uM0l5hes#Jpn_Cpga`E?LO8(RsRraC4YHUZ+X=|B5J>sx0?9XOgaK)SQ|?GHAcxo>=U5NK!fxWW0x2I|Ao)i9#3n$ezOcso+*||l+jc~jAg{DQW)tKp3F+`Id_+?@Q-gdd z10ekZ@>Nze{FSdR{_>6Rcbb7~T%|j#sp@U4ZuIv;3vzEl&eV`Q8_2~P^0|b(@fH%> zM^Ki*Mn1ZTN*W_kO7&mK@KBGHIY+gDkN?77=6<4RY6mn#vpv^1F0^oGBoGNC@#)zPk9!H^Sd4wgXbldU^3T z##QcyBV0vo++&gxo?PPi0ljU-{@FmT%NW2B?|T+;2Ji=~9#Y zU5L?B_&XmDs*MJ@{{c;`UxSPx$oV&uzfD6R<)aHE->9u@0(2Ualt0w)_x-j+mLMOo zKvojuQ;55O$uBb?Gc?HH`2d+BAm^~6(O>!M;xFF_edq^9d+1N5^t7O`((+!p@6h6lA& zf-Jlb&C~o%)gTx21IT^?a-mcdkn+(5l5f;x1JZ~zuZ;nDlMV7x3#6YQ2WpVX24so` z*^MCA-AF2Xu%h9we0A}cZ-l>x*-l8VZ)F;|KgNgn`!5WlLhL7aQ0pZ|!~6XGn%E=_ z`L*)^dALAc#;RI><)e#OzELv_P~#Lu9O z2Zcb&M;A!GQLPL}Gi7|Sn*rI(2Kk%?asfepDIpf#)pIqKaT??YX#klgAUC%T@mIdO z_{%rK-}yux{55iI5pUqmWp$&!eJsdl6Y`B3@(=?#Rzn^^$lu>UVn?y6=C6Eo5z9BK zqXCL%PNwes#TcbTsY(9+Ki4F@t$gA{yGhL;Q1~QP5<58&dm$Qz)h_JuW z%GLYpuRo>S4k%ZDyIFE4kZTC}%v=$BLCB?@i9BZn{Jm1oFP4*zSVYV&bU|Wu)6(t{ zg>L6ci2Wz+PT1d%sbLnLqW9DOSCK}LX+VZDGQ&f1(m^6(;uWd;{9hYI_Vy!3T4W-S z%>`LiktYOM8^~2pLuFkQs=u6d{6&QQEkZveRriH|%~I~6x}LvRXp_QX&r`#!KFMNd zy(In~74m{kL~h6AMJSc|%SlHpB4&g_^<;DIL4^+CO87h5BGZBFB*;dJJRrz0AajR9 zY`BNyq=Q7nl%fmLsq<)bq9V@(W3WIrv&hCk?)*2aTro#f76@|PZwTpQ(EDy05Bo>!DozeTjhV z?@W-3Pq5fMvqkJGAs2Qe@)#x`sRNf-EGHeYh?tcaJc-ql&D$*%x|Az1nZhkH6v#<} z9Hhu)f=mRmj2{1_{jZ1Qq=Q7nbaat%7TMa5e3v#vta1Z2Ocg<%$`+N21$nLmAu}0y zv9{+gXB~eLVSjVckN3HW9imbc}Z3OO0%I!vC7Qt_9Qj#xxY zFNNwu7ai@zR9CKqzn{~-h{YCC!!#7+m02P-Q;-2bE}^F~Y5(gXIq4t~F@@-Ybm}Sf z-S6~sx~CQf3*>Z*oC4(XFIZ)UBGUw!)1HtKjGTu;oxhxQ{6&QQO>nu7TJ8XptG`Vx zxgp4{gj`d}Q-mA>^7^3=+lYtE^Ouv3SVYWebm7h4v3Kf0J$9=V8)uO{fZTG7#V*Pc zf5!=OStKE&8M%TB8OccpiHJ#7q@HI!N>}8weq?)#i~zESAj1`zB*?Zv7SJQ5wEsn+ z`pa3zUqsm7GW0`Ib*tZHq;fCS^!)vZ_MJSL-lvAy{W*(WlPO{og}nK0BKKwTR+P&8 z<)kAP5i?VvdNUyTBZW@oN=&BbEixI%fr9L;$iae)0kUWa#P;-%oOFMeQ zimd5J*0sn$AWs&t%KR5aWj{ggYe&c=Mjou;`O8_yUqsm7B^WySt6TjPd;eiR%60y} zMq6F>cOf;*NFn!DvQNnIAfJC6Vh5pA{NhBt^1adcRby;N|HB7o7hbuBlkfVVN zWaM}h>ip%b<1ZrYZ?tmtxTY;pZU>aBzk@8fFUU27d}fA-jTCZe8zRq1fWKF6@r&i8 zBNh>}3tf;{-Rw_jpwR7H39)Bs-^pT6Qo}6#jQyRg$Ou8E0U6533=hdk2Z@M@SEQa& zYc*43Z$EOnMNR>-xge`5GE9)Qfn4<%RMthI`pa3zUqsm7BJ@L2_4;i@pmGmY_xx>S z$#p4(L z)`aviaw7`WU(P!IBEtTrDp&VsyXARh`uTs9>-;@p#qNjLSRr>%a)6LKg1mn)#CGN( z^T~#jj#xxYb%ln>{`Z{=D)xF+EB15ho&7DOhBsJ(gAyRsr@`H|x-G6~3Gf{at-1wr-!(hP#i{wP#`IqUd~2>TnVTs_rn z+o9ZgC|7^W3BqD8Q^OR0%3=>q7qLdjg%Ly^!{j4X;1Y}Fq$3s)vl4?RvAP)6KB~~A zT#3o_vPEVCIZ2R16?sCCi9nVOgxKL8l9LV+5z|qTP34f*J*CLjeq<|)3o9pTO2uDJI${wqy%ee^)rD^;v@2J_-#Clx0c1l#mQNG01%eC!a>?)DZ&eS;Ne79D zDMS~fQ?HNb^;P7aN*FAVUy>kJd6XJvc_FKut;jq<=CmMW1S996Q0Fga9e)vFe-o6e zUnR`4ThRe1SAWM^@(7Sy3AvtnlaSGjT)~Bmiq3*kvv;; ziwOI>1Vi^eH>2(MCi79Q^Y=LEVzGy*VMYphfRZzX91rsO{t!C|rQ$Cq9kGa*77Eq# z+qcE)ZxgPBzY{I;_ds6$gvB0D6|rf8Jn?HnrZV!>bw84m4iXWw8KWkh&1C)ceW%DZ zTnS`*>u&`7O&8=SMNSdqXdnX_IUa@TFJ~Qp5n+F$m8OcX7i29(CJM4PkgI+Rm32|5{&Lpw7ZLWi z2>p;${iwERt5Oe@dH%j+$umJ-y^qDt|AY8DSjY>)h}@3Ji%=@_my?cIM9c^my8CX0 z4&h4p8*WeLp*Wd$5@bt7_7h|nkhy&!HrzvU(m^6(O3{UPNNd$qosL9_3qVw1zik#&~zDrY;{oOzfGfa?=D>71$eSkD^P}v`a>Mv&< ze-UASLtXB3mRk?y>hD9Ad_Ty=dsyt5Ng_5v$c0UaJch|fuEHf2%SlHpB4#B9Phxem zl+;VbF6By0rn44#639t{oUF(&K_&uO_AtZ__mG@)kcgO$iquQ;JE|zMwI4a%BBuaZ zMUYh$*;tV0ZYN|WBQIX@{N=3UFCy%3F8cA-hsv#$y9wp$ZzD^t19H}G_IFl__!}(b zWRUAHc`{1HUrst=5iz|KN^N{-eowy#nV(vgx2_<9%Bj=$|=Pzd+ ze-UAS6O^mZ|4v!0QU{=1{e>(D*Yrdp8o}TeJsQ_;vw_=<)kAP5px<{ zkXRZ7{4MrB|NEU4`wsQa$hW9rwtU25cO;A03xZtsD?&yyas?MMl9LV+5tFP)x;zK+ z>;0z_qm$Qz)h_Jt9=!c~0sXU{m9@k6Xdj7s? z$$tTP_bwKDXo846A>_@s5xFmux1v<$FDD(bh?to!w3~%aq{) zi~+LfA&BkiAvx(F5iuc()caU>`1iklWDSc90P^HNSmoLAqVj+s_cbPD5+e_mdj4|O z@fQ*HcL|10{_6K8Uw)>?bw0{<{w|_}$dhRfHOxpMPf&7!kmEr<-wR>~p;Y|kq$3s) z(?X%TY3UQL2ek=T!rwL)*&N8r`7E}4oQTa6cdrEsE^zNB+Sg#{t<~kZlyXOpvvKT-6gQ z>!MKo<*ef`BJ6Jw`XQGPeiBhI>d(I!HuJDY_t? z>hIoa>hGCvFjyelTVw=~J3nBRdq<1POhK-zPe>mlH=(F0w|qH4x%E)4{=R6*FMwRUgT-F@y@*W`a$!9p zk74qWb8v~pa?%lth*^ojdz0yHyBS@|m6%M!EiwVfNrIfF$V5RV0$COVvBNziCmkdr zrlTTt{Vmv~hqSdHd5tEF_)85_MUb@=IarYA>Jl=Okr&T;{&Lpw7ZLV17yXb_eH0<@ z9rbq;%B{ba`~t{X@3X)2pA~=m2{{?$I!vC7Qt_9Qj#xxYFNNw&yYeR$+LbHeZ@5K< z0@+ZIO%>@AWB`y$y20P79+Hy|5)o5~E=Z@IXKuT!{_ZKkV1e9CQ!G(CQUp(taUZknY{u*kS9)gThWP~8w0$I=%D%+z_{pGCVFCy%38Tuiq^cwr_ z%(qnPrDD%td@h+h3FO_mEcVbdA~sCOo9hs{FO#>TROT-y9kGa*nF`e}8y{J$^LHv& zVlvgY$XkIND9E9TY%ItaAdBvU*q$DelMWIQ6QW4{9?YyzWKBPEHGMi*Rs7Ojdj1#4Kt_&7q0V2< zI{qTU{zfZTrM9$EJD^EV3hzodnrUkp~1B z24rp&#D;rFPC7_LOewnXbmo1dI?tTKV1YbHA4pbNKn=5V3#;7wl&CBap;KG|^65sQea zu2B839{*m&UO#EYeoLPY7F$9MbNFv8_V|+`cAFsc0tuPG$b2qjBqtptB4z(PiQKWii$#p<3 zeuu?gN))lHgj{$Fk;gFk$iLwdi{+#v77?=&gD0`NKPw&_DfcIrawR6yJM_6^f8U~p znIy<*id-hhL?Fw41F^$BBqtptBBrAvb<5JpUPra|BV#Qx2FNOctfk1sf;?B9keQ6U z_@(DBXB~eLVSjVc4@uSQi)$lP>L!${zsKow$zl&v!(?q{f9DSsf9DE08RR-lo{UoQ zmy?cIL`*M*@?RgxsoiXx9@MT}34bSAgp6S1JQV8u<*ef`BJ6L1a&`UvU5QE^ zfO7TsBU%dB-}k9uS_!#>lBWnc1myJ{A+`|@nddJj9kGa*)9Awcuzqt!p~sF}v5#A1 zJdj&9ve+F%MC>?0E~`q&XhyE!LPm1ZK_X(36{)xE_SRK@pY-_C($?ZTMDdY)C_6a#2tVuV=C4kBQhAL7u2Y$W%t2`rMD?q=Q7nY{sZbr_SFyf)u%iD}j8{A_oJR zF38!6j1uH%AOjgW9)&u8IqUd~2>TnYT$Nf7s@x7JSAVb2Qov%*Q^V8{ay=zS3b{0Z z$aC(7zgLR)gc)nCp!{vyKurYcvZ*0fS5pj_wgGnV`W$gx5mpyU7{ zcLaHV8;I@9L*|nWCmpefnCc4E#W3bM6?^@t75f9NJ}kDB8s_jC7JGc4h`ma`7YWb* zUMFM%BlEeCk(_jph?oT!HTkReAC|qW$XR~mJd4Z(a+n}TDe{6K`v7U~g3A6VRDU_^ z_=^bp8>(F07xvzyAJuv&SAUyYazl`dSF_klzZ0=W$b~-;c?^?}9Dz$LmXnTHM9fMI zp2X@!%>yG<>{718WXh-2hyBf^hM6SDX^K1{$V4E^T0`t`56MXfiHPZ_NIj1~Z?7*} z`;kvt=zhmAVP#>TfwMLM-+& zHB8nj_ILgx;_m?=Cxcvv$&*nk{&Lb0i-_r^Q2l-=c)K3du3QO!U$)3>AR7v@sUiym z835#xR`9o~hvcM#M8p)L3(~3U;Dk8Ux#v?17RdG%83E+-H(BM{cu|=r$eiy98NtYT zDAf7OS;t>Q*xv-@>T%7tKOZ{)N+k_kf^7;sfZNx+7`O8U1 zEF$JKx*)L%9crP+{%OTNVv!F6xn(7b-7!GKZV=?MYlMtuJXU#v8m5OJ;}p3{kZpl1XbF|=QK5Wr9#i& z7cKb(kaz!;#UAP}VwVYd^Hn1EW%5>(%KYV|BNh=e(}g~4p;NgMlj(Mg3;}YWAcrb) zu^?lBENTIv)Tu;g4gk1U^k>`ZN-zx|FVmaxEMa1kv7bI5K-&ORteEIpa?OX}5uM&y#|5 zH`w3T`ij3vf=mN4l#v-8l9LV+5fiUS{gIk}f7SWh+mCE-kr6;P7i1enCJM4PkgJ+Q zWnC1iznpdaMTGq=LO&!`_bpXtEBDYRp1(V2sb#TSs9{#W&SE$95wU}Xyx?0Rw`1}m zl*;_&q$3s)GeV(y)8hque|-p7!rwQoOS#~g#Arbu5Ohg z6O}swSTk;r?V}(3G$uUCi2=e}B5ZjrD%qJU8I${wq)fKAG|2|l%^Y{8bEA|nK zd>F{Xud&$U4~y6+LFQc|WCA1exsZ{ZbdZRc1sFB?tA}*=QAN)3BP&_tRa)lFFhPz| zWTYVb0BORYvOfydU(P!IBEtTLDpx`ai0|H5J~^%k)aLN2^W zvKKC~SWY@(5iu(X8>lJ5sOYbpCXKUVw=7IHGkb(lOErQ$Cq9kGa*UJBL4aN073cI8U= z`#G)dEVhsurlBC4Dl$-z0YEOf1O8U^keqaoh?qij;jIrTqZGMk4+ab5c#BK|a`~&Q za;;BP1_(0e8$w1favlnG{&Lpw7ZLV1LAg4Af45QR?*NpmzvZ;Zv)IejFs+2#LCII~ zmrLpSUy#=~f!IboWS+mAbi^WJPNNGFtCQ)0`6~9i_8Xc%Mup5;~^1yL6FPN z6Ed2SE4Yx6oOF2ZsU2Xdewhbr=@AY*_m3WeC79+Hy|5)l)kNPW)kfrUDcYWk7a z=!C*5FHpmre1%n>eNa>$5ahnIgiK=O!H+zDIqUd~2>ZJPL-(dq{kbZ2KFW3ezG%rW zfIL#j6O>#anVAIkW0@HdCqO{_sT!~VmaxE zMa1kv7bG@J{QY*LirvnY5c^L$udvvUsbLl_Vt-%jA^xrsWEzm6jLh(moOF(HqD)X0o zb%u~WMs7r*`pa3zUqsm7ROPDF+pW|IDA)OWizWX^=QI;b+rFcqIU|AQ2+-g8EH|G?pfUyMckqSkfYW5aKYUFCUepjC1+Y^3!=AIlIZ5NC zzt36M{>3lE%s!|lm-KA>@EUa~|3mB2Fd8EMsCw7Os4;^6e(}rf(~21JX^LQH5LW&^ zYACZaxSr3C{0`^%AY$TO^0C!Q?(HXEq*EbJ2}2FjT)1tNJ5IQ@A$L^+p8qJ+A^DEyVQOzU7|QLiLxkj=zY={8z5dsJg3^I|1c7|2tc9 zJCI|AJV43)gxnG2{UH$BnTO1iiIa|4L`-#s>i2iw*^8pFmp5OQ>NE&ttL2 zyNXz!AoETUGJ%o#T*ydHI!Hv!0*spc)zA5+9jbGdA34t=Gl3i?$We-n5o8}AO+BdW zk3#jAvyQ)ru)m?oRjKz|sr68<{x-Gbh9DQuWwDp;6R}Z3E<8!(F-$)4K3rn4oOHw@ zVpd}CBv!w4`SBGMyOb+2f8U|AFZ=rzHOwSIPE%y0AQOQss|&HiJtQX`BqFAxBK0FP zHBFJN{m590i~+KWAZsZyLXhYFO~_0}Ufk~a%UQ=?MA+Y4^g~khQa9T^_qhq>>hBRc z3A5P!)G%2uvA^@9#osU?Cxcvv$&*nk{&Lb0i-_r^P+gR&<*3-MTnT^kEixC#hJtLW z$i{*U0CGt%{H^LCIq4t~F@@;DTOVGXt;jv^VX#0xYLWebTt0_YuDw@O1`9IhOF~94 zavlnG{&Lpw7ZLV1LAg4WIxkl40FQ{>fZe3jc4$bvdh*&c=JFJ~Qp5n+GJ&<{z~eNU?HSnL_o-oa&t|cQqD1TkA#XlT->)Vlq8$ zk?}wd6y#7v8bQVYSyUThdwNJtI!HuJh$40W{B#ZVx27L?k+uq~(on;k%x0BmJB!K_ zg5387A(I$+@LkVe&N}`g!u~G7(7mbjewIp|k8+*A(=2%s$RmY3LCHsj91rsOS`a%3 zrQ$Cq9kGa*77EpadY}Dape9@if9qT1tw3I$#bV1liP!^zJaLSWsf;|e&5z`ygG9t^ z#;8fB&fklVslRKu63ErGJ7Is9QNyGQa<(E11UVYWKt_&7q0V2KDsNM=T;{7rG#^x@mcSnI6>bTnVvN zEwYTZDQ007`}^8&#NTa#Oan5Mkr^J6lMWIQ6R*eyvLy^@pgMc|k*^Sm{hbSBb3wLI zqssQK0cqr>z+KTSyHvNs!YNIZlv? zK$ca9*x??MlMWIQ(@~LnN`1rb^IQ9o<1I1?$SQ)YrN|^fo;yOwOh#VZ#Q>}6`0tPJ*dex&%DDCA_2>o9pTO2uDJI${wqy%ehc z-rhx_UAYqezHE`%KsFR)Q$-FIWB`y$s=?o?9+Hy|5)o5~E=Z?-PUAk-d9-IE1`A{> ziwpyDc{;0Hd$*|UC&-+`gp6S1JQV8u<*ef`BJ6L1a`ja6r#~xq0Ls>ti^-HZLR8?4wzEb?I>xBQXC?r0}s zV+6VEQ$j{Fas?MMl9LV+5tFP))%mWyWPH|-ET-Kbt2{vs(?gJPii{FuTObRnKxKOr zs=u6d{6&QQEki#fRnKozo>qS^z3urs*^^Ouv3 zSVYWBh3ZY~>{AMz%9WT*wJfp&oqba`pFX+61!LFQ{Q^2)Uk;1B6_9kjQfa;O~{S zezBZ%#3EvLp$l()sB)(s)a_gevCms%GLQ>jV1Hk0E&g7u$``9?K!!3h!$We?K_X(} zUF7@WitO!2-e!@(KsFa-8%16aWNjc!MKo<*ef`BJ6Jw`XQ;h?q}FvwRPw% z&)>Ic-^u>2q=s2NmBnsqC1Q<`7aSmRJ0>qesmxzaI${wqBNVFZuW7Dghj1nQ?P-zG zKz0&jH$|QhWEhaSKSFG{hvcM#M8uS$3(~32Ipsg2$TMp&SRg;64JWHSKn=6=c~-eM zLR20V0{(Z6so_Rb^Jwy{Y_P_t`E_Dlsf_CI)9(Bp;KG|^65sQeau24PM3|^ogn(M2r*!wK9BanwvS?uwaBDO$~dHV^Oz{q?qWF#jY zBqC-3Mos?eKD4iWWNwxp`6X?2+25noFvA2nN|AYj>;t6v0V?~WQ2phs<1ZrYZ>Vy0 zeHdcDAFYRS^>?f#j{v#&ITm}Vg^1lIe4#tKbrg<)kAP5wjA5C$YNzcC%j- zE#*o~rn44#639t{oTkVPf=mRmtPEm@dq_??NJLCWMbdL4xK8ywtcSF!<*ef`BJ6K2`XQ-$DnDT_RX3sBp5H9F1;|-{V1MV|DgG`K zax%zum^>M!;x8v1v51&n3e`oa++Ngl!^h$%!Dq*K2~c-~&W?OBPz0{N&#_5*VH6jr%5TvW~#WX{Kgj9}zE6zcrttm7{t z>~Df{^`m;H{a$JS%I*1$_Vq0G3u>5FLhhjCOd*GWy#5-*HsT@k{NDXVb*x44D4&;`}EOtk85t}B+WqSx2&Bzs8$Vg5)NJLDsB6WReYp>s)^&^{E zWMd$E2r^EQQv}%-$bzd-*&c=JFJ~Qp5n+GJ&<{z~`)6-ON6Mw@r4^pPTj^4Q{asHD zvwISYJ@ji4J5I=(cN4iUleeN&<}W85v51(N3RQm>&ryG;awR6yBNq8EkOKudRFO%7 zi~+Lf3dHvGkeqaoh?o#X>i+Dk{eGyXA6ZP760GtBHO$ErR(ZCWs7w^(z5+rfG4kMY z&tJ|u{vyKuF2T^rU*%4--1#Wi`8(N?$ACOi$P<)2Sjh1ppT7*TgHS5|a?%lth-slv zU4M`KRsC(kmGHNgMOFdw@htCcQG|gx*%sO(kIB#Kn5~$JPLLGa@O$|5%xD)xjK~|wcks1K)GFiEx85A zHH2JG$uUAM-9_X%-@)H2ulvPv(h-Y@*@Z4htol1+g^JzIl@OaxS1&9!ml|eaGW+{l zQ}H)SkZC}MGBU$Ma?(K}V&WC4>+c}@Jy>r)@==TI2V`?WwozoHAZr7;>RYI+i$e96 zvyQ)ru)jsBDZ7mB9zMf<)kAP z5i>%e`cUG-wG}#qE8*`CboIjimQurX5@a_;h6yqZ$lOwh4fl|obdZRcQglH&^?TeH zdr5xgH4GNWc@~)olmsojz6MEI+cpMf!joCdi433=m`= zAk9Un?2khAm$Qz)h_Jt*%GLWjNBb$a9?I3<7YV{*U!aC59?N3C4;8UjtMJ8Y;fF*X z!{j4N;S!7Gq$3s)vl4?RvAXGg#QxHXrCf>0^f`Sl8CggTGf9vyD)NFL6M-zd0I|b8 zBqtptBBrAvbsennqUvnzM;@e02}TxB!&DLE?TR#lJof=1GZ}gDRnK3}I{qTU{^p_| zlB(MgAVhhJw6Xkw*m?0OXQy;BQqA$w>!^h$%!Dq*IstIhEi`RbYP?Qp2X&b4}KlqWm>4eQH^Qd8Z2y(b0w+XT>kOk+UvONmb zU(P!IBEtTbp&yc}UnSHHQ|_f#JbwpSa$k^l|DMI3X(VDd2zm4SMDEMvttgfG%SlHp zB4(ySb$!S;>hDyp#AG^a*N2l>9|j6?vLaUrG6u+^vk=?ULvqqVB4R=mskfAN1*^`Q ze&lqEoC4&@XIW)cMJ^NMzU_oeV&uWap1+)R{6&QQU4o&Lzj`Wvxw3NSqg>~2kR?|K zd8CkMH57jr3ppO-^Cb{F2&LjLCmpefm=+4vlX-~!`MD-s34gz}$Pyqgk7Tip6ggLr zC*C7uDkD!V@*_FvAQ3T}F>2DO*KZx{mU|6X0-0rzX+Wk6azz7CnJLK8Kn5~$JPLLG za@O$|5%xD)x$5s5mDJx3C|7?QS#lkaYY4fulGB7-noHz4XW;LZg?_P|bi^WJcA*Or z+fvrwKNTo+J6A&NTH1>7hjlqM%)%u0cWZqSJ4KLbK!!3h!$We?K_X(}6?wNHXOtv;;iwOH$gnme>p5MalR|$vy4%AtE+O$P4~X0{(Z6so_Rb^Jwy{Y`bbPg?E-ll0+&HbN#aGM@_>$w>!^h*^M9lfQbOyILom zzq96oqeSkElp|U>;)nCp!{vyKuhALOrr5^UaT|Jbmzgr2y z9g2mrRK_&uO_7%hq_mG@)kcgO$iq!ion|`mz)_&x>R^7`Kpu)dw4V!LuB{QaDCvA>1XFbxISO_7ZS835#xQ}DN{hvcM#M8p)L3s2`t zd&_RmTnrY-@fMi`(1+w7ZP}v@Z>Mv&PC7_L zOo$@Y-#e|pHT}p}>>-^CY`t4H!a(_5@KJrADL`?WEKu#e~;7Ii$e96vyQ)r zu)js33KVki-@VNQ2qJ)wNVPao@vEqSY#@YhaY3HO%<6b z$h>ugOkiX_7c!EQ4iXWw0HY><^;cH>0be~0b1agufcT^Lx;{=%qWZAzUcDRS+q=Q7nbaat(EwZ&A zdC)FN1z3`*2r^EQNrF8079lekd2y!aFJ~Qp5n+FG(GN*&AnR}Quk`%33FYeVP)i;N za@Jt>_fS<4n<(UDkn1pcGD^i?PC8-{F})P3*T2{LC5AtM+$ z4~05^IqUd~2>Y9$TwRy`*jK000Fd1VnBBgkc|2^r1E6@I4U-M?e8^^_bbQK zLB3W={EZM~43I^KA-1Q7TnYT)n=S zcTm@*4k%ZDyIFE4kZTBefRY1*T>4ic&-o|(y^`h^%SlHpB4!u5AhEhA)$FZew{s=L z{*!jsEcRn+n1ut_-{U`u*sGP~`ClMI8JXcBIq4t~G4YDj_2JJ071`U59BGk>KsFcT zC`DcnWNjc<6+&fQ6so_Rb^Jwy{VhU2B(<5G-v&)l?xAU(zgK9J&0^0}!>sPlVlQ16 zu|~)XRuH)zlNX^><}W85v51%v3f1|WQC*=!xDx)(w#alKI|*`{B2Nf149MI=5F73x zIq4t~F{S9jo4>EtQ{-dWZ`*(;LHs=+x$4MHX`GM@_>$w>!^h*^M9lfU{o9kNe9r?dRX zcWEoe$PLsm!vy(GnW)SYWFH{S0jTVcLiLxkj=zYozoE+2`#Zl$R&G6%tG|P2U(e*e z)G)<;S?mK!-X`S2*NHra$w!`tODvX?j#xy@N(`RF>X#-#_WA0iT#3o_x%IaY{!S9) zC*OiNrA$6rL)-(2)VQq|vSW0kuJY9$T>UDy&fk?g0Ojg0);*rTlR$1Iv%hMZ}y&7oON|_Lu$~`-2sGyG4cox#eLN8>GlIK`#3XA)^_& zf(seRNe79DNmiuZQW|ByGI`dIeAgm30NF#3uU-*9$Zx;J&C65#G=A}gL%jB&nmHEp_M=T;{rb6|h ztetHXI+ZIina*0VCn0vAAm6?$Vv__J17y+15Zlv3a?(K}VnP(D-y>|Y&(YNMBd1&B z6d+H=vda4unJCD8uM#qekq0Mx{&Lpw7ZLV%35HJoDmT`0=c8QbZ;&Nd2YIBBKm1O_ z4i<7e$mjP!>>!kiznpZ$B4S!7R2ReK0qSoPu7tnt{JrdBv4a%ZPmm{;5HgjKrzZK4 zoOFD24vO#Ku^`tiCZvy%8&RnK za@O$|5%xD#xw?P&^D`=S0?O_AjXswwb`mvAtdKvvC}M+!+!5scyCAkR51CIkoOHw@ zVyY`tzn@?Gs6ww#uwoy#$ao+R_hhlZRb-$b^A-^@fsy%K$Vg5)NJPv6jGFwlzkjud zB4_!LuiI5{F;>B0g8ck~s0re+}5`!nPx)=_%i{VnP#AM2+O9?)txzsR| z1o_Q3BKCqH6M-zthuGmBl9LV+5z|qTdPV-v%h zMa1+{s4hxrc2VlemGJj@i%bTxp&(y6Fa91CWB`y$cEaDP9+Hy|5)o5~E=XqsuC0Ci z6V#1;rS1myJ}LTn=*GS6R5I${wqr_lw8)&0Y#_J=8tjj>|yvBPC7_L zOo)p-+*Oe^{mAJSIR(g*_p{2!6}e21`{ofciIE3KdH!JuJu}!!V z{(ft>EG5{oT<*$Z$0~BJAWzICWGW+1{oaq{q=Q7nY{sZbr_SGR>nd^$R|1)3k!e7t z3-X6zQJE>o(Le?=ay$xk{&Lpw7ZLV1TDiJ^NFA=+4k%ZD8(DH4kZTC}k4jDxa_LJ% zp7TEZz4EMIEGHeYh?rgI!do9+xBhPDN{C%+H~Y)6*R^Fw;O*>4fa1bnx);Nv?QXfnnSc6Ok2y9 ztSiZ-C7J0;(@FYFtkS0VY18Z`jQ4&0g|z2u(UnM~`$78bJ?MJCBPF_|MAJw~y4=*f zPf2zBq$ZYBpBm=tds$PWk_Hp$pE*Pt%cP@8aDz1sc1eTHI*gGVq~Bq#tJ!>6KjgSJ@-^T$0ZmK_#gQ6jFY;s@ngIofqHH#SW9sQp3F2 zh5ZXtQVfw^2I+1lE#@lrFUBRsn9)j7|9(|PNyGi51t8(~YtNzv`4=s$cfJz;qKFj% z*3Q2}RU3~L<+7qoC1vTXh_Gjbt0SzcyRE7gP<1ehRrOXb4s&%Ym49fHORlR&aCQrWrY#T%pz7gv(7&4pX*^RE6jX=QIe_#GAsW54`prR8qD?1 zbiKr?+EK&I6H+}TH73#vAl=5KKYFCbE~&8@q$FLJQXW@QUq9(nx>#Y-UTT<@LRxiF z{G;`%T78h--Uj~~d!%5O6l~6+k~Hbn(kT0s@2TN-PNaea|0Ym_{LAeG|JH^Z8k}!> z{ssEaPIJ0`NqO<~yUWY>#zv0_4w}iQ>GZQ?;iz!ZjeoM~7tN0g^kqLB=<5=aGRBwH zGn|g*I|Xf-5*!mn`rBkrsoy2Feo8nEg#E=}U{4qg zE6i`ti2pDslU1*xJ;l%c#{aIFyJk#XXMlhB zPXpxfO`!47q>3snu;k2H-^sjaSx!BX2$B;}f ztD17_^r+z}qn`?T`2+fZ?atUe@s@4;_IT2fLW{)>bQGAux0K-{TeW>&2{~Uo_CLLM z?X6|y=@%+xRvYy={+va%+v&}wb8s2{2F3xpuaVxhOQJ4SO$zJ{j~%$-F`y%kO0^=o z?O>`)!Ao2a=r4HD7QBFhW>i4y8}Cm~4YliEmCtqk`@TrlzxL=Bj-}@}-f7MT(aQJc zkN!2omwvTr(2H-u-<;Y(-R=u05C4Gdn@A`2TwE&bq!*`$&W37Vl-uJ*YEVI@V0>!yKY%d zht`g5*;#slvnjfM^f0wK4pVz)nOKc`ptnBrBlT&$ z{M!IKL~jwLw+Bw1Msp*+nw=YCDjvY<2~=a}#&;E8q+PGjb-Ri+(>hU&J2$Z_x`ZG&?Kk^+qNwtWQBRf501X?4eV~0a{>g68e$Ht61pcN2{*y%~X8QQv z7Dr1>Ol*1{op*3PFQ@Y?W#Y0v^mVx~HBL|RkA%ngvT3P$j?PR??)r>Y2D-jTZWUl& zqF;=fK_B5s^w|zbp^bZk-yQBqod=h^>C5_vUiPAwX5`(paxJ6*MCR}S+T%aJWB@@q zZ<1Pf5VVX&@kp|sr-d`S$*V_sI1kcr`21wb==YamO#e=>W7_?xjET;n7}MYBrTMfS zR)Ho1rTP}C#HVT z=a=aFd4oSZ!ith7kiqSABn|vxs;U?@_`8477y@YwZ16YPJb(-M&;Nb^u`+;5<7oiv z=oh5I&6gjuZe|m)!V!KR19-8m4q&|u;O+mn0Tdi&2gYLnZFB%3{sGi;2T%nAsICLR zL{HD}x6?GJNr&aa5B_D{|1puz$3HNy-18^-6@y(Ro!5KP%%bT<7hrL;CC#Z8_*7f^ zes0}Yw9^jYuZ3yDO&tW##v8w#g{Kac`NGn>j(QY6@l_S|QSrV=nCadIa}KjC%NLp6 zwL8C+PWFIg`6AGu5%{7?Xjd_XUq+hRsL7c^6O)p1|MRYj=Pz$FtQ!n`Do9F%38{hi z*}XC9X*zOg^eSef6SX8hKh_;arHPyH!E z#D9Lju|K7^{MY;`7)t(}T=Pr(X*1}?{#0URet#si2eS2`8&MzCjP8Ljq~|h!oAr2;f?3d=4$^ne=>)VKg(DB z5`WG@h6pgxw$_Js{YsfNqU_8Nq_T~__H_u#{RtC!tv*I ze(O#A8I2mpp9JpZ=KdsC`LFroOCW!St^6hatQ~M;f2QB*_%of~dJ}*8pvLhhntQpq zKk=3SYyLz$M*j5p>o4(VcK;ju^JKW=&y)PtoA}cfHI6@_+{?}V=~(H%=1<_G$W{ch|}_vVg2-TAFI@uxOw9DmAwjb3i$v~I{R?8jG+y4qc2(q zm`ksdA#_*EhdWWfr#nuSQaa<_ZcN&}Z6`M8*KN}7ZHFsxN;ONn_pXVx>HaHT)K9y2 zDBbcT6_K=^kJ`y)L0dY|^;b;Vk3;Fw9(SK(GAD*NZNIyH`Ga&NOZOzbciUE6)DSU|%RaSwTu%Q=CEc-W4(plOGrUPm=JVlq(7kN)t5;wQ zg_TN>pe>Z64(M&&vp$H;`j=cSLtOXtYh9-Of&OhfEf)K8YTcFcE8IH!V`cz6gjF0ob@}*y^ z9F(z?GI%|)KHYoGp#JImZ^~2(%1D=*rzcjY$_G=%k(7zQ@6NXui=UC)*pwFBSAFTL zKSgc-6Jw;8t`sY|hkBTj(vII-5Ay@$=9FP_LwRQi-pMyp?S!#YU{^pTz-!}65?rel z%dOM0%Fo|AV*0(2PsIeiyo+vsUXIDQY;Tu#fE`n-w%=Vs7j*}GIZbN3-!9-?+&RPj z_0&tJXnOE15jy-?AMjM5o2N|R19g(#37ds5@PdV#HTsYmX@-HHE{XG~LvWawGW!tW?0kK(mw6Hw!WGiZY zM&HQ9WqlBr^@%xm28&FvZ^ogZ8E=sLI2tj$>X-pUPKyc%%J>F;VZopdx(=YFdhk+S zs`)4XR5UK->1|XWhh+?x@~_AGmug&=S9ruB#!R{$i)+Ynh zaEn9c-#_72`q^&@{`Hy+JvrgY^#YFik4G!G-Kg#v{sdDj`)=zxBMgE4_69nCv z56WQsNf&Oez15fI>8@AER0=ds@7lT-CSzONtHrHo|CvS4pXl)ddc0stc)v6{pyW1R z7HtvYxVy*E-Jmk+j#dJi6Nsk&Au3?vqr@7zpT1Oo3@nak$42?G>(b54py2L-L3Qb8 zK7zY9rvK6?Ry^qcNHq3kb&taS;(6*X=eKk~zxUC~liY|VIqfg#D?PG5jO>pfKfN~O z1e%=h?4dYGrzo;n=HC)5Rq1Ex;EtmCPikn{z+t8dMRW4;@TB&KN~-wE=`Q@ipgF_w z<}5zr+*gPjlfJoe*)hR!*@1D{{Q~>UIFvFhmcHsp?h=<(kc%@At&P5{`~SSZrcw+(42Oa<^v`dz zA3u1tdq$P?u9^Ja>akg=F(vi-KE|( z5)+rxAb&w?I&L^h^pB6enkYRqHeiQ57BewCM)pp9=)mSw`@{BVS_En*9cV}Q=Xc=a zkIu?@Cql;)oGu?vd-aBL%+*W(LrHN@T`6Szx6AyD#QdbwCjOywG0AxzGnG$~k7KAk zp`tOB&wc2(soC@MUtmg3wZHeKPw1zAqWF#Prc>8A1>f<2|5HdGyNaja zC{xPMe#BusI0ct>$6NWtM3YTU!8G2Achh~me&?c2Pfqmw8}|Zz>G_fN+(eq7j%=j^ z0mZZs4b~HrypccL_@D-R6NGQO)B1h!f0&C-!q7>?h`Gf}D$W*f-L)<8|Nrj$iKJL^ zH2r0Elz)QZXHNBW0O9D~7{8-o6sfSO2{W(rlOz7?&)4~_H@W^CjT-0rJb`<;`Sp47 zh5z8w|KIN?d_MAL*aG&4e?!WR{aM@X#{Nv_=UDvyOy{@W#GgK>ar}wqUT*GB{5StK zezjlzX|kKON8i*Zc|WMgBCO$Nun- z^WAvgR$i;+`#*l`P5h~i8poe9dSC@hdoZn7jeqt`rQiRZ`>*+9dXhg? z=CVJHvB=-ppSb&O>`yaR=AS>!_^mhb=Ukni`cs6+FYu?d%H1y$F(kk2Z3D57h(z8hq)-Ivj8$Idqt5AMlPyhQ0Db3Gk?x6-+}{(#<0ky2<#6 zy1`b3?~iCtPx*VQ;ST2e%`}+bNiTIO^s@C`m1Ux|i>CfA_EQZWI?zWrcA$%T(#6MJ zJw0RnU3^Es*c5s`?_w=k;C7LLEw#q$-qI1_w#zz#f@WL9byIot(Z2Gzcuy9mTJ1Wn6o z)&54am>M)ys#QXFkI(}c^w9CScj!?LyvOuFfIgS9fie@#neyVd|K|f5*#AuGOrI^< zS&gCxdui_(*e82LSf3fEQrhGGC0&2k^JUY|S09xfdmycY!8=XQ*ssdx^0v&}MqPs$ zSh6XO${Y9T(k475KQ=2oyyX48)N`OOs|`I8*(Tif`y4tQ>&p&A|8)OlT1&bDPN}m^ zf5dFSwRQn?rx-V8I&ag5@B0VdZST$mZNpP+WXVi=Y;A4{-Oj#Ng^Ka9qF}?LR7_7w zw%?5pFD|->ot_`K)6DnLh%vxm3@~WMWZHpaki}#E$3?r{9MXS(X8b`jKIG3{8vP4@ zf-=^kkxkBA3k-U3HeTdZ>+wZ2KA+{`1>5weh_}$gWhE)w^v87i+(WOPv9F?kL$4mS zBK|>7+Lb(P>n5PC>o!ab68K>dy}H}xenhUBb?&1pR2Q-h&#ciqcV)nzpY>wqL#`LN z*UetgbF%IY44xkkkP9@~=-6U@G`7d_KAj)*EP1dmdoWE-dY+o@=qFv0sUpvho7(`B zsdD}+J5}Dqk)ZuKPnNAbSvFR%-QSe``6eiG#z089f7c}>XvT|3)3v#;OMGC;RBF-l z-SNRG$$TFvJH9bJ;7yNpKOC0wBt5tsNl#KorVOH16vp2rH7cbyy@;V!OiB#3eAM!# zbi#;f7tc@JU%)fz7mH3gPtHf+Dxdy&fd1Dz(j21n4WFF0T^10`H1UL*(Uf44Uq6 zPkh!#Lub$E23~bvcK1NKNkmHu5e(i!SvU!&FX(HI)4OYuA>$k0=l}d=&%KIwWEGSj z^5K3u-9MAjm{1y8$sP73jr!sy8a1{XtlyOVp~5g*QP^ZnqexD*r%sFCClLGF5b~Rp z@sZA{y>bQJvdDgqjc9+FzOSP@8D?YFd3uk|mg)JJL^KRN)Y<*%Q*(OPuSG9Nu0oAohI3yiSBjKZy(e!i?%!;l?ed8Hc9Dl~m()Mo~(4;x9W@;Ru!{;0V4a z15N*k7F7SyJo*M^yB@`o7tfa$-%0!7T|L8l@IQA}7_xT|+mhh&Lv!gU*5#i{@a53^ z`SU|RM1XcKJ{gkA`h;!)PB_{!z?|z>T)r!&Qro{HiF++cFgX!Zegh)e@BAO$-UU92 z>U@IqVTQZBHI4zy^iE^mB{#CJ7EBD7I@7QiQ4@5;OLd6LIW_;ea1&8b{3U*mOZX z+zgIqKd1U~##NB8cd*=E8F*4`uIaeZ^gbZ)c_5&E@IrwNJ_;TOiu-q9(hZ{&2RRk0U7hH~J&ioO%13ct3Aq7{6S^8Rzbre4^87COiG3-Dw}TD^l%7 zpI!%1CSg518Ena~VU7?-QG^3mNLKWG^)Uh4!h! znUroEP;uzz-|vlIw#)jV2jEa$8EbWB((Q&IRfP^CAY>I9o0p$p>n5YYxO14tkPkALElfv=13D1H;23;tIuCupe3sAOjsp=&0A8E$`F`iezrF*Bzj z)u5I55@WSqeP_*MnVdO9#A`8nBx(w+-<2uNuasFX6xu+?Y*AnfDU5ttTPjK>A6Wy4 z>N2*c|91-K0y`@=peahl_iV)U{_r){i$&Lqdef@rvVoa27dOeMrNaN5GxJ>lU)q~z ztXogLw82qZ&^{dGLpFx8iw$CH-^!^25?Eb;+-r3&xC)%!@&SaF`Ll7h{gA2o2B3>o zk;9C>L;tL^;owN@)_Rq|KoNu4U309@!NZfChpqJ_D0OQL;^(#uOnB!$0ni0D(y5|? z8(LSvgPu?-xV-Y;kSM6%NW~$*1{`A5;0gCik@c&4+-?+U2PhEiWvn-{_4_#Al}@Dc zAA3Tb!GA=6nkff(o-iAT+gDZ~QFR;BZ`W2<*k1Vips2=bgqC0@(lw^{|GmkC#1VmK&ec!LCKA+o0unxf@ zOr<$E20Dezm+J6TG>K0fE+y+p9%`NUalL6R^3S;kv5#qi$tAkROJv_jPmaNb3@qq8svA25hRA+$Z0?pRKHV&p z&e`);SI>!ukwe3#P3z@*IA7ST%Bi`C@0531J7j?BH1Zfbfo_}2QZ=Ii03!Y~4PU}7 zF`SjRt7T@3yx>ZA%lZh5Rd;NPyyX*$948zGl4B--P8>fo$yz)R@$u(XBDwVhhvJXr zJ6ndLzFO8uGJXK#`^ei6RQ|#EVDRa{0l8WMaVA_qKR4HUK=~y>+4+nDB?k*-U+W>x z02n>nx}X(!B;UgAP1%tW*CKMQFE>$J>dR@KxmHU&E}OY@G}g8Jgv>9u1^iNs;wDr2 zDkihhUVOHQSKuVwx@|`@j8ccxFHjJ9|0?~lo~q5ezYEAHBBG0xmt-dW;s-Nj(|fRj5GYXV_~4*d&*R$aINcbUT;D}Ery+kWbr$rv zLX*-dwk3{-*7QEP8ePH;Qx|HfLy$WMx_LWOH@atNsrbfQz^G)Jq2X};0bE5YBB~)B z1TKsxuyy_W&F~RPa!4rn|D~6|T%{U?a-A-JWjmWWJ|kUfx4`hq{}{~PuVvH)$cd<1_cE_3bNa^<_GrN#TnwNU-WF6b0Z& z&a+pns57V%7mGCqVc4=ci}2toK8VOU@FP2m_!%73<6M$NHWZcUMsk?S9+eSr)2st5 z^QiTu<2g3S6c^cKGW1^=HXV`R105^Utate=4TJbW>)66vp%#|r19egD3H=VK-A}3A zZ}pN2(YtW|)k3;#-N4@S?4_*Jv@9bz)>ia`tNlo+P`(RC0%%ny!eX>Nbo2U-r~XR{ z&@upS>yP4s{tysu_%})gFx%T;i=i{8!_S1T#&w$;_9~(g^^39jhwS$7<6(J}!$-$U zye9M+#`AQ$7Ru-A8H?r9rvA(|WD41-Y5Rx9M|A#Vf!>}Ut!uU;LTb8HyRe~>|5fN4 zGEhoro%*FJ1rR(k1(3biB=!wH4lGvaMkk1+nuI zoj`eGr3oIL@S$2C^|(**b1~Hh@Pc2hTLYp@D%Vk&K+Wrh794cb*)|gnPsTdN90Rp; z81~Z|@Euw4V=kPC!2nKqAa(_4^Njv05p7`XR2JAU5P5Xg2%lr|eR_41R<)GynMnm- zK*`N5S0F(d$%+`#Z2f(tfb>PiFqBm<$smf1_+-G84mao}p+;p!ig^7Ss^- z99qBHN?vCy9aG4RoZ4!UfapJ-KY)f#{1bZo*$>YHxdKqNIE)|_gMkqI23HaaAnCs2 zE_b5Pp+emb`y}nH;r{!#(uowLtj^ep?{X-~7F<}{1TP#Th*LML)pcJw=MUU>ecbpA z7P`;RfS+xjpK%VZ)Cm?m%OairqwCm+zO`+HD6heQLnX@ zEZ^~W8EkX20iyG3q5sU-{5+kDH)^fgY}2EDd2E4E5c7%pZTjy z%6B^TSGuFWV1p&faV?$bG8)%wvT0n@I?dRxY)3i-K2w}#C~{d?!LzqA?9p{S&`Ex?em8&X?gsS%HT73MkRMmcKm=!$IQqxqN8o~#I?)9 z*w8P@(9hT^LiEG0Fg}346AlL;^f~jtkK-4y`(gxr%5s^;gOiS>1xj;UTUr=95skP0 ziC7Euybs9HS6e^7z)A6mS{8_{#OA<8?t&{%Pz#;}Qyh=(X*ll2&`Z`kQ5*T5@yoFH^Vhgd4b`>l;hAboLSVD=(+2(>en!2Sg+*@Li_+U90}Tu zgo0;VVG&@=s8~k8zL+3AX8z+C%lQRGEthZ%5D(~39tOyWnH+f{Gr`(1 zs0H#3S=Wr$BAc7}NkSjmZ;yX;#y|f8%uDs`xSN2s@1F(QTqDEFus*G|`)|`k$5B31 zSd4H198W!Z{?rC-)^to!&)Nt_dd4ro1o#% zUb#%LSAJ6EvROn^d6&v%mAokHp@+h<+z2isUK6?hhMRFv8;*JcRO%}Ps#-ARzaB>2 zm-RjVguRSqe^dOG$8~FPUj=!%lro3_Ai}kX&uUdCjQV=x zTe{u9xSwHnuG%3M;OYe#mG~L42xz_$K=;&QdDQA-KUc)(vLQ5s&b$cm@7o}vwFxcn zijm+&VLJBzoDvlf4C5}9Ewt{F5)b^cOOqRT2p4MFFTl9mV~{c11Yn+^1xV63EU70pLV~OYyYC_ct^lz6byXW3_ocfCstFb7cG1(Eh>?Ybxyh4B(Bp zYwLFq-mth;qF=4&*0^Oe(#HOqfO$(soeG|mk_l(-Tf*^;SL}?a{RzHU#`~c#`5w8- zau}z_Giu~sArM@ejiU&Cde-JZXlPC#G*Zx2x!e(?<+Jc41!;LDFUo$&2srsSvK?P3 zHVF9gd>E{MP9~jCAxdP(+L?|DL_g4|o$`W5x|VhHL#&!=1I9<;`oGF#WFBNgus(Sa^jM50wE6&cbRni#q=%*z z>!w5%wp(j{O}4a`@!(8flrw<^h9*NQV`VLp2Ni$Xk7M#aE138n%!_yw*C*>6CKqck zW*~HBX&`h}Nda7f&LcyCl?^V;PRBNq`lNuY`%E3S7V@%L_L&BZo!0FX zI0WKv#;2QSzgg+w*$FDr5~tsT%P2vK<>fYOg`uS5c}r781&|u0hq1%AJU0w1>3V1~ zur*S2{$N6Uwxjct@D14-+=_2aId*z-Ut4DrezkuqREYfRh8Z}q5+(o}KMcLtKItzk zr90q0y%_sUz|^vvYer{fFN&r51iHNt5;fy8Sgve6cl!*OXwlSQoP_#J@QmPA-GhuK z)OWWZz;yynG&JTCDXquHwb>2$-D`ujrG-c@`Vy+PX;tsy*I;AUvZP>RN_n5wg%R>nnx+fZB%~P{>8}E`AD)ii=nyDvI zzYarz%<=f1_ZAwUcrmOu#POBr?;4gq{a(gNm{i9|Wkh%*M7x|Vgt-xRHyrKSaDL1IDf#z|cR;HM?H zQ9qWQ^D1C$3>dqdi9PueCU&}eV$k&p&;S~+bL{T+8>{?S3q-+l=A^(JTATlyBk6b& z3zIz7RV08qNcH69;Cl(aCQPi&D^0}DO&#)9@b|p`)Z&8NFSH=Z&w`$H_@pwLE1!>NRLZ9n zFg^*OnT(IEH%l=GNXrWt zh?W2*#a6V(fNi^`(iFPvBpYZLlDcpH*IKyopRk z6Pn1eUK9DBXCWV@nTi#qxv-+y*~5x#%o@EFQu(a-cO0rTVs?^EqjvIaBEw}T>-d(7 zjboLaB#MZ6fw}#5Qeabdavggx#ZJP!uE?mwcj)g-E-NdbKhi0M4Y;Wc=CFRBGx7zS zi34=D1yBlCqkgMD7cPX~H~?NRFg|1n1rA17IzD4)fl)WiI8zD)@kL3r*fDwhJ*GHVMWvZ&;|?Yx!`PTz2ys=#tx^ zOWxIj52IoJ-0>Mh0^-O(%pAoLcm{;3JujY6pC>gZl=w0vnf0brTsXK^aFL3Y90o30 zzRY(>AVg4MF$=|F!ttrf*o#Lf?L@Y+n1NZan2qUWCky>?*@D@u!P8;qcd?y~u$}MY zZh<)pw(~t@JNM&8{R9rfE3utXr(nV#RsMC)xvsfliA0<_uv6vL;Jaf)v088-b|$MJ z|1n0Cri5HmV7%+7)I7m{o*XtnvVb$T7Z@7?KwX7xJ{!}^2Mnv)Q+BD-Tz+)*0TfTq z$dlGwxq;TotBgD#=C^UYR{cvTKh=yzuL|!tm>AY(SEli0v8vhrVzr#0b^Cw`p z4)hbgT&2xlj&f^Uovl@m1-)UO#=<;ddpFFJ@qQq54Y+Ez7Gz{5V89aX2^d=)hC2Kd z80x+Z7m`KtAL-Z@Lrs)o5eLT#U-3kdnYdYMk8ObV0*n|-jimwl!x8EV018RDCanNv zXa%`{Cyyu`)&DBSBRB~s$|Hjb``hQZV7F=4A}lz^%5SXp8*OpPBLWD>rpSewZ`SyM z-d1D>%phkY zsf5D=l3b_FKO4Z{s!*$DaHlomw5Y^>PWWFt%LTs>XY7mQ3Cd&BA5u+@s5DCDqs1J+w!&iOxLWB4b}d4`T8r;l0wYtH?UCy0oX1Dxx2In zeb|8+Fz@af$o*QI^(^dKz`Ux1%HI{_ZqjDW!7ab>Up?z!!1#B-yyvL@;D`Q|pLFoA z{O{m`UXg;tt@PQxicClq4uPqB56EhbLmnX&;>}$5Mc|P6XSi@B9P-MM<{WZjOnjlg zrb!vavE-8RE-op+Zh%)|$$_*RwdzV-wKl63`TmN>FsrwE#?R{g!_8+E=`5*;VCA;*$LHUt3rJ*exKP}}E#}dcCio-GeAFugs#gCoxJHY=zF!>VjYJzw!5=btRVt@ijQ_aIscg5IZ9-_SBa zMVealPs$#K3i!Ia3l~DmZr?ShrPn{%^X{>hC+;Ks(Wc_{hX8+HH~c@HmOOEzMOp^- z2`wwiuK^w5FvG>{EJVG#laTQDFxMoZ$PfI>8Tj5F`W2B6jQ8P`Igy`mJ(A8!NxAM8 zm^UIo@c{!ADy~;w?&RlU+6Fwp0XxeC?+7U|+EarseuE*CwgVP_ zI6`;QS?MX-=jWk;!9-ZTy!_O$@PPW4j&fp1FoGaEZIO@1`e6s}dOd zfd`~ya89T7{TR#*0dxzuq6rKYYK||l+Gsy2C5v_$7jhVXZ$NDO>!FgvIGMe)p2K+D zj$tlPn~RvnICsAibHu|H2<|in?^xfhQer+=AmpZ}17D*}7-z4ekpf1gGWMz`a_Y}^ zQW^Z!`YSuI^B8=@dRlsn$0q}GHS8e{(*bi#lmFmu|H@B0_=AUh`p;^lfM% zZ*}#vqY+~+%Sf~O83EvZ39gt^Mn0&e@NtG|+m}U}mu)NA&W;;9uyM65{UK#sDrvyl zHl*%K6G69rQdXG zA4;V!ptSgyqx3(YM^XAuC|QBnPKs-no-Gk0Yf zb*KbO=3&xJE4lw_bn*=7$jM0aqTD<88!gDKexd%429I7|whQuu1LtwN5^Kdrr|V`> zhx$}k85-Wt$-_l9-XEAeF4X_A;L-H5e+Q2aKuwi76yoDUeay-kAKW(}RQ6aW{@68m zlyzQ5Q_5@Os^naq+I6P(#NVzVQg>Q^kP{SOs-{h`} z{n%U=-!mNX_?~R6>Z5pNO<2yn?;%OO)sU^#_(;!;WJYK1kzRO;^;t*hrt z0RuaGM8uO@2&y&X@S2qiEEe ziuz9;kwLWan2bQLEq=3S4&9|sSUTQ==g%M`Uab5YGigLAJe6SsnT1FBb+noyGzrCK z*(fPTE*-Dq4oyO-S}8IalTbK;)7y|kbV}70bLh}mFql(%ZY{lvgP<_;V^*`GQ@a9N z$Ns=)Fd2+g%GyL-ez7`VOqPe^Cbw-Cp1FpcP1#^El=mjgr*+NWQ0Sk6Km0NbpKkSY z%A+3jvo?CrBIRd^lAkfGVw<_Ij^IOn*6|baBcG6;opS&2jJ@~-&N01a@>9c~n#<3! zD)7)HofQwUxssp4e|dO_jg|cH$~p&iA0GKpOV~)eZ)15h{fU zp+a^g^_R#`CFHLS`FViyQ_`~htO#Q6mmL>B_iO*z*4%r)spO}Gj@UApXMm1Zya+{6 z(uN3$_)u_AV2}yH350qSU>{0Pr~>GjJJJixX-x&WN3_{_P@ls?xBTHq{qZOTaROkd z2Op1Drl3M~gxMc^b{%>9Mw`Wx3Bvx|Z?!q!0zUy(tM9;xC;pY6LC_8j_V?O8((Kt0 z=PfN8sYI;85wS1sgou55nJRQyi1|^khz=k>w%0c=kLtA1Nt4wAwBDWAIHYmfKh8*Jc3kk>h`(60PoMa1K7F# z=ZX+wFpmi#YW-@c7l>dGq6kB6{}My}`_eWEQK%av#ATl<;fU3pxr){nqfhI&HxxN4 zIRMB}q{wmf6E+lbsG$`(WMU+Tz2Z}+hFPDy9wP@IvFdmO%5(08F;b`z;z)tr1D``Z zVK)K2kzK4%!{_ZB0NjF%DPzvX@mAo01goG9rwidUu6ay{m1XLtj=^|97!4!?YaANwHu61bbSKpj zC*q4)OWvkk<&hczyr2aqp~x;vbdt1mE?&RUuRn?BOGb$o3`5ElcwxJ4z!KtNhznkt zf+~8xEd^(};85x!9-LLHygK_F6&V`xR_GnvN`ty{qo^e8Mp2}(jq-S@kGK85zKBA$ z)Bi)^8ySRV3@%`CAT%0o5nesAb@EN(`oYSqcf7wt_d|o1Cs2d0$XLv|8>3Ji|M17) zHSE8`={Um+>rV=p!@<1>meg9ey+(f60`BD)678vpIe>=)#^|Dj_O|Z;Q~XUd7!o9`XV596+vPBTRW0^rKagz^K(L$XzuF zdnwZE?{-Sbqt#3oaWXG7S?b{H7n(nYeEAl+)eb>Pb1O5Y>HT zT68G%u@2`e<5fyw^F?c6Ls!EAy0=IV{aUsbZl?mMlSivEDgm9N_CEM0KsuN$YOm!D zh5__y@Le3f4@m^rpKIX^V*3Mk$FfitU#&}lewU&Ta2fojMP~~HTkmjCZFuU2uIGL7sA~`5COP2 z)1U?&QDObKR<#NppzUbLi`p5;-Ge7O_EY5MOfiw!HNDRI6;{maN?{8aR|<6U!Ew0s^0=uC=G~8bQ5rcjyaO}D@6G0STLtF#`JwpvCAKoZ-7mLmele!% z7}-L2gB3;8@8HV9Y{*qn6h7!(QlLDA{+sX*3*y@5pEsre=ImxL7wq~${^mI|Cde(^Y*FYVEbz8k!9cb(&e<5e236 zQDrMIVl@?Lm=73zFnB6b<5caN;}EfVJfny`W5ro4h2YVM&6W27-76c&A`7Gwwc`9} z2hknf(ZxgfP5>DH`VVVvEBbS$k9zVQLLt=g>K$aoZFZSps5lEN*d2&8c9%RtupQD(R9tivzl zM9izom zfRQzXz+XN}<s#~P&TD9C%ZhizO*u@U)dd%ITx2rtjxKjJhT2rJoj@x*B=ME=3H7f zsxs&2oel+3u2%;Y+78GF5YytKabGI0dU(Q;|pxmq`4Zq?A%(LooL9Snh zz9`1z8ZtBu1tlPpK$}VLjED2|c5nJ~*vPFk^pnFf(x!@FM&VmYL0=cDM#)d`XlW-j@+A%{#L1zI8 zbSIi)3l)w>j1zF|)+rrjc3)XwUIT}8^;TjB?~2UFc>*T^4LApw@@*|b_cktt^Ae|K z>xolyD5E9Po6;eFKgH1@8)_gLW+4JOSVPc%(Pn*($P-z3uS|P^Y@Y$&?7bd*vnNBb z_Y&#s$FVnNB2&gZIbU+>Jeiv{EJtx_s-REpl*Ncw?ZSw+am3c5VO&U&zX&O~Q;wBM zCtH#q@k0ZD=p~0}%k;^YbLxmYPzEtGb-d_A(gaU0lnFCZHbI^d?o%)+?vq)2LNol; zx{~efNEsioF69k!)-&u8^A)}b-NlQ$**6*@*i89oSPbr4t&UU9W3}p7-t(*6ORTi=#)@erm?uKyWRKYMf@t{?z8b&(u zmJMU%djf;^cZ~t&zdl>hdNJ>TRKig0R%P9;XjPS2r}R z*|y7<;KDi8m-e|16L9P^?Q%95#!Tvc9T?^8bj8eJnbVJD<~1ks4EGl8vZZq$I*3@u zp5cul$}&%-q0oRJDU(cKu)e-TJ)A($V3X#OJIth8{(hnOXV$c{grDIUwrH1&$j|Jb z{gPkT@v~iaS&$+6Z(~##6vz;UIJ3uKCT{Rmm>1x^RECTr=Wkf97k@zd}?Cmf5uJ_o;1MAk8mD^45@fP@BkhF{?7r?Go9b9Ke4&Z1$+qg z3%o-n_(R)FAf8#Nj1gsmk57eGIsJ=x2DnUsf_WWY5=Z}qLPt4s2uoz?%tQZoIsG`h zyql#D#um3-o&`{U&@OY%!Uwgp=HhvTnHi$A!%4M6eE9ASQ0vBHbasM+rU)1~L0cN) z)UBDT*n@rE`3QmMWBQgga(5%S6a^i{f4c1(_g`W|Bx0c6#Ut<4WBDYv3$Mdn}CQ4%tS%q?0C+!i^ zw%bGIU2#flWEsYb#wd|LMcsB>Ow#>TLGs$V}Bh<1AOP{Z^fX{kj zIg?f^{R%diL$&}Lm{0OTbkfJx(BCRvMm`j)m(jZGY&dPsS%g>8V)mJ!ZKuT^5%!9u z#hepCvj89}=Zanie^l4ZIE#W`tY;0$#($&^XAvA8qj$VN%a^R){Z`C^2rSg?93;YO z9W|4fsGNE)F!U>M0;o}E<-h90#~}J9r-i;T5l<#b@)NrzUqwXwT*;&_P69)o{Tbzc zIvUCHe#k1yZu8}Rj|B=((M*!hn@Q>_?d(iaH*4P`$Rs7%z{q<_FrA3xObNF6CqYH) zAT#+@NO*M@yq6K)NuPS)eR!p!Z*z!m0|*RAL?PC_5Erp!d9vib!u8#(+?GH_NO!1D zN5+cT5Yp%d#!zrDjo)=}+l@COdb|6R7+gq69jbBgC~2NCU{48?Y=7A1Hy{Ph7nBjx zwK%e=@<=+!$MFzCuECJ7P)Lc#4fWj(80sF^P)LE#j}C|tF5!4N5P7o1V*1yOfsq*n81h}#<3J`g%Eem{6!H$rz(H(_#h09_qR~|j8`(! z`HB36e8O$Zk^5B{+4w|_*r_xJyr%oAeuEyXLy;|F*DCyu_|NEM?ZG#o)5EYHEa91q zYQ?SE>`V>?J-!a}3w8S)^ijUG1wzF>c~3VdB{Dq@#h^NOvYOTB0!8+rlQ{pR`c(N^ zi6+olUGRk(n@|PRdAt5#Lx-{pz(QK}odfwRauy)69Y1G$yXsop=MM7qk+HZ6TerSM z;g&ANv_FTw9Wc;Vh4V&2+DBH9Pm1Z^EW{MmvcZYFBx>iQuYn&c^RDp2Kwi<`g#T&Y z>E8v+;ZOlmInkGeAI6s0+JK!ZPAwg2UcOT0j?<+5@e-;FM;78ua@P0r@otm{apgc6 znJHfsBJ_})+KKmslpT+PW}Mqs&G*lQ#ePkD(bfnmte|k+!X$BUGis-rO|s_+Pz_@~ zil1ZI|2a~K*ph381pw4DL-yEghCi3q_QFTA($I+Ri-HYoWKXNsS466Zaoo1h3de8H z;tkKK+h49AB&n`bw3pSn> za0D=^5Y(&hsXWIJPmF80^yk5DK+?q@#v^HzfEHDt(c*#32Z^L;@qp^it3$g>Q(NmN zS>KzKdpOwwn=P<-s}7`KHD?uUyil9}+9^z~pRLXR9oB!2fU;;{egw@}LU59l5WI9g ztaVqL|K-lx((TCsb4a4(FmaUiNM!j&r}O>L$X|BJ!M?`OwGVf~NwnK=gtt~b7cD@j z(M3oLQ`)FfTS#R;aXqx^&pz-V28#9P%N_0!#X1IxRdl$`>!;)c~AhvAc?BcTi>BhUAzMit6aF@>U4FL0@ov)~j}2YI97UcSOn zlKYe8d#QcCyjJy~Ox2ZYZpXZzE5f{c?TMfF6>qmZ@6+b}z`WCC-kjlWD5ncs&pj)9 zxZ!__{!*gdD$9y!7kXJXzpK4IownNpCG^+Aw+JOXD`$NgW!!s0ag57Oy^K3f8h25J zFP(XQGuvQENK&rNyBDI>G8+@CKCqHF1S|l#6RgGk8_nt?{9}OJHM=}u!!h_|nS)%f zWAOHGT1Bo;n2N}42TiyA0>c(~hXpU+9v#-p%R^fqR`IeL*2Pye?0RG_>JfsCz3`HI z@F5*%;so-T8eoazl>YQ+*O%!-L)Xqlh8cm?uH^%5PA~87oYj21eGd48BeF#p!Wu*ri;DyQB~I)|T*&WE@RW7AUhVw;Ur>l0LSgjH1) zbu~!%y7E>MZ$Jv`h8)}&fQPMTi9`1 zoQyE|CFfEJpQp|D<6G2$3O1gjRo_Zvx=4*eEp5)!iy6Nnv3){p_3DJ>GYLWY$u_0K zu_NCR=<*V}3kV%9?+8k>6BHJl46&MVCin?x7?~b0uR(mPAh%AN-3dcMzdv+D>GyQ4 zdUgg7D*nU3r&{nI04y?7)coQkQAkC}6e%Tx+A_yU`XC7maoYRw4AK9M7(=-0>Qd&| z8pg2z>`?*>qgh>7r#z(ZUl&GzlBr{L-Okx=|G{w|ti;U@Lq89cIVQaYhQ5^yontdJ z3SO|-kDeXflkkuEM?Cyx0zq@rUI0)W)9!Gy^bBrB&u(t+$1cJSJ8RZS_AHd#fq9kA z)Dy1TP=1Vg&bZ_lb6Z(k3uNj^`~0FnI)~HlaH^aP8Jcl8WEc0V3c|`SyFhvst~KpaK^N zDo*(e*-rw?>!ec^RFp}10?Yi>8e0vPutSP`#PZ`tRQ^TbKEa`4^Mh!4id99l7?XCn zoK+oc`@MWyJa6uNjo`IpzyBPJac2$XM8(40g{zCCv2DLkg#Dg|HXbEwQ_XcuxEQW@ z)fe?I&(o@N(mB64Q#SpgW2xV?>g{JioUD0|+v@6fZR1qjc!nZfIL%IktlzOU9-niU z5T8+5cZ`>H(=1{$8V5nWgfN2}n+4J|S_a$~Ej+j!3;!9hP#!=(0{-)^$-^DJdCOJK z`B!xwc;Im~{Mn&zp~@db0~1?jI`oB8R#cn6@CXb$FpqtD#t6hbldj4E-}^f%AuKsI zLWndF#P4+;LjyHhBRJqO&1O=~n;30R2az)I++9-EiGanV?2Hr!W0jPZDk(dW)3oz9 zs#hgu0=7rY_^b6T=WdG`AF)2g4Lg6+9{DQv%2!5Hmdf9Z+v34LoSBMO9sJw*o2Y+0 zs?x!~T>;Hbz5ek)Y3!1(9%$p?iRSVJw;5groWtfa29E+qp_UZ3>Ty7^5Ak`lj^S6G7rnxcKy|u84_zF2F_Vtj`C9cjc#&>3#r9$vr{f9w zP=lkU@lxC6Zt49f*vH{@#MCRS9NTz759+DUA9cl-+r^*2rAt>;9kKay`Frtr-1%}G ze?~RdpYM-hQuKeZ5Xh~u7D;0le@;W282;dvcyt!lXS*g}=_su~`>{ki-wO~F)^O>Q z3bYWf7>dSGW&L6G5SSPYadZ~=)~&N1y98R~w?{u0^-?69{*xUC(OGKz!?t^{%;wb+ zD6Yqqq30HIVbS z^%fto&gTs-!yXenw7RMvM|E3>7A~&1`w%4S#SQTsvG&E7WSt5E08j?9MLrfyBTu-3 zQS8#Iv*t+is1>^nEj%32Tw}GUtr(=Lz9 zI9%@eDg43-Fi(bi-Wn zJA(MYS;0f;Wv3(1Pf~omAN0V=JBW*2~$izu}{L^z_vgM!xWb!Dm~mFoNSlSnn}}N0z8l6WF~M0PL~v} zkVdt>RD2b#knd*71?W(%q11Lv<&A83id>TCa$$&>j!Q2<41V@UK>YAfez23; z&L?pV*{PoD&)ufYc@sYuK#vT=V&Nfq;qCtxpWh(%4?Sts4RAuaFHfufH?F8GsxxVx zk^ix#eXDr2f~fj&yvmMxz5xEZjD6H5*sg8V#-m5K)@l5_C9QM&lO%|gt*Id*8`Vxh;s1`F+YC!U4AdxE1j*EyS5AmR3AONkcG*6g>Wsp25SPc-ZI zX!E~l9l?LFahz8DCIu@#zV$pvbu8E4-=cyR=GBvORr#?3;L8o}4h)f9ZqAvoov^S~)72NbuhBU*nPx4ArnsAg2Lql!*S z_3ah?WFL=dCe3{ILh7IW!kc7Dca#>7x_R^6&tm>(m_LdCx%qKUS#+Q3Tj@Rl-s6Ar zSL-z*!q$C!M9J48-fge`tMM}L$NQ-N{?9`R1duKhuv*f8cgJxr`}1<|;YFO1TmRkV z=H4hxn(``;AdkJuvBeb`^M_D>)eE~~n0WsE7{~7(JO0H>Cb{a<9=s4^g{^p^Zm7c$R%} z@sAwFKfC}j{vmy~7XJ{K+>5_oirhsPe~+CFx%=%`O74~&L%CD@eV8Y|z%kz`sEF<_ z>GZU-{^Q8C33xL_Tk?0^-kAK&jmqCuzmLkF>R!p8Ou{37{MG75OxW_rM-+TLc(=Xs zx5O)dH%1_TkG&PoAa5=tSS`rk{M+N?kNtW1W16&e@y9r{iSb8F{`~EgziC?aGU7g7 z{>DJ%9Xt8cs{ac2v0e5faw)j@mSrBSfs1E8N~|d^c2`4=z0F2iy#1Iad>pkO+s*tEy@^cIIx+N_ayDdIF4AG0Iky&{|@>l#=p{B?8k$@ zi}J7PTk)>|@8MtmYTZjj*!;^!6#tIn-S+ZtI-0qZ+>`$T|L$Jup#<#5!QZyRzgupN z<6rjY<=^Gf*2TYz(55B+ommNt{h$e<|BU_i?-RT64E!KgvB#`_L970jIKFEI0}y-4 z3&6>CZE7OQy%UG9+QTkVP3+jNLR;ihVE-a%|3Hr|C0CUHA8fo|tF9np#ZT{fxXZ^* zKFeI;&@PIY=~+HU*!f|qq}`P{aTi(ZdspJk7beOj`Q^M6JDaoI<9>gAtl(%8j6 zWF_~^~T_Yxm!q4rdrUga+9AMHa0YAQi<3Sa?UF=4r(87zOKbp(&EHvO z5E^hNgKO`9rG%Kf+$h9L_=}lz)}w%D0O6@k05l@N_9uck@}1Rucr>LGI&^|-(pm)g zt_Pz6th!bLEK{QZN6$y)uU6qrF#+Zys=kgl+bh3>(&ZmK@Db$q?N>c)4*y_>*^2!B z`9|`&E7!;Vyz;w9+PdU-8rsC<7c6f(ZNa?kj(RXJ2gWwo0sB^>AvRoliy*OOgeS&t zgCbxpt1_e`A=9H%Cx!zEna%10*OVc%p~FMt!#pUvYk7`S(|VFq)7r(ZX)QY=5LzT_ z3}-`Fx4g=M7nL7ZV2*97?}%6P2FwXL0pppBG$0*k0c%x#$sa-4B!O&6PkdV|I|>ph z!2oEa4#0f&1|)3c1iaA#z&+`Uf?9h3YnBnPVJ~?#$M`HJACWijC486kM;l#5~fA^b~v3n23{wdgf zWdnW9SW*sgWwp;jl5%H&gIv2T(#uYyen&E{3zBj0e^D47wq7Zx1B`TNd-6AxUUgBp z8|otTl82X|E?zL4*?P~3nK{m$?IGLRvpcW0xJ#Nw^Eac=!lNrZzM!YRt*W>4{;wB3 z@BsU1(kcDZ`1-c5$2$7U@dXvVqrTwXCqkj$_JJ}mJ1O;!y87RXOjV5X?_UEI1c zvz0=c*ghbiLH?dNX_kd0hx}1AO{?kH37k$H`f#OV`|JdV-1dTpBH)nOb7CA4Uq3SL zdWR-)DOq-HbBmpl9W33DTab`VwR)kYyMEt~y%6}1m0T0jG%b|7iRM^u8PIWXPpm{L zTkPmW9XbzQ>=6^Dbz1N(U~71&+bq2D>Y}n;dhigukQt4XpxYynh0SNIuDn71ZclyGUbJx0@2Y=*e#W!$ z^n0$Vb^1;FMI8OurI&uUO7o}|^rMAG3;t-2Nin*j&mzb-o$r$=`SiReCC@-cdj#rc zrlvFhvw8Blq08S4Hl>&CMF~SwuxWr+HFOOPO}rbn-@3}~Y_0l)eX*9?xBe=h;;Cgi zzcRnb@vT$shaQyA8p6{Nmri0mQc;WXnrijjE%#rg1l$~@Mze2{cc-o z+p~=|EK=((IlXQ>2p|4qJmLQ|D@J(tHrCnKlIX6Dy6mypHr9Kjb#xo+)o4Vz+hHiX z=zyAi9ho05M$sc1un@vguGYJv6&fJl%jK%h`YS$N+r6!!7ZbnS{f#o$)JT66-o|b1 zmalxj$xgMoyM!>#-1mY=+AA50`H9Wl{Pfqpi@%VBSLDdLwfPx19Rsh9ujF0)!vWMQ zmh-#juDarlz^sB+{_1?NMokx%3?FlsDhx@HZ zWnRHn@WI@t$On9@0*+_E69K#>0HYWki4T-H@sQMSt@AJYya`oLsL0@hP#!)A19t!MEEs$PkML+1 z7ze?M{US}iS*wJyQp%TY731YVc;gR-IPq085i#aP_O2iOze%UL4ysa{`R4EHK= za(`H@qd5A^ zDk=Q3DNl~DofwYX4C0OoUAwL!uc||E(2?n)u>HnVU;Rl~@I!jht$~j5P&Nycenm3yi(6GO&MKl3phE*1aS>kC5N=2SP4D?}~?8 zW`xsK*QwK0eC>40jsc|qj37bALN#El!tZeg&y6W(~{uW%&yM& zc@%i{z8_^7G0pz>Tu1TY;YfkFmzsQX4$r3;w}q~nFZm=qk2qGJHyFo)BFEG4&0=pg z!EZ~x!|d#^1A9 zjgKS3IsVvHt&g9r#=l<1Kgl)zC};dDIesMI9)HiZt|*}*`1br8{@VKZOC$-H zvi>xg|J2z0-@zT3|5997w_$uLEcMnG>#_4e;Oju(meiBH-{!t+ytES)lxaQnM_|TG zIdocYU_FqLNy*NJ)fv>ePr`Dk^)qo-RmvJit!)RtaSh9dlS%&`7+(B@`UNckp!nyg z;-9qGI~ds>3@{$Unn`aaW8>S!o5ZK5&H=xq$|txaQx9FuxO*869XcHj<{q36o>Gpx zWT4R1Y5WOCHg}+HyE8+*(=c|0;NamC%6mIcr?>qy3UYnO?s2Fd^-2BqV18(y6l=QpsT*hV);`o=PvV+sE7ez6BH zm-PZXQXVWyn@w{FyRjl;FTT($!gO~3mfjt0G~5T$390>VR10fyte#+g(`5phD6{Oe8N>sJx##@c??knB+2#z&Irdwl8 z{yU!w@bs$2M7~m39kN|Nn21Q1(d`%ls6Ys9UxALoWjzpv{pPpqzrf8=X??ldQ=YQOyrT(F1%7 z1%?kt=E^BTI8L2w8<@zK-?Vq1TfHvfam8K^C86kd`Gc!dxgspZl3oZIo4L)eWLA)n9Grlz5VmtUfMfT~40tNc_5)o`t7-g4$@pZsB%4HT-N?WbYf?D{B z+o$ba4`gu(D)FyLz`3^`p&AoEEvs@xrU@V;j|>jxKJB zq=B2Bc|>tjrHmjaohPFM1a81hODB<=ka_LE_#@cqcll%|g))EB8pTnC;3&UY*o4;= zbaIw__{Qg-9a0jopp~#;1{w5dIanNz5Q!F8D*!Gt#Y{>28Ba zA%|+j53~=F!)?DGNY=M^!M{tVZw0-{KcZJ*x3U?Z8<||5$AF2RJ1wpJG6IlE0J8BS zZHSB2<1{YUcuWt238Ar23)j-=8iI=vX~55^pEtqns-aJnh9z?P>ew8_|MLJJxf4dn z?FTCVPpILAk#Nv|K`~Vi(ERn+2iO`pHcrz<%I}^sOxBQ>DkKgfQx^50n)bWt-SwpyoA zcjKT?4WC%rJDw2fYwbDHP5j7vagMyu_g1g}PV&K3fEmF2Rh6T>g0gPPrRaS%+=4zI zUZmUt7`KZ7BhL2r*CKGmr3#u^vq#f3I71X$KF{i%6iz(VN zk$6CcHT{~B)f2;&hsKvBRUYbFegztiFFOu@`<5e;C!Pd`zmr-J(Bnsk1)VNcK zH%cVaNEP*Ks_&^7SoP|<4zK1}=eavHb3Q;MPh6Hav!N2#_jkduf?$Fj^?8)i93?I| zD9*ZV87h{6#vCQ7x$F3)lwS%dI}ksNNdeAb><*!a3N82*=7rw7U6w~SJ`R8TmRIAP zIX&xez#RJD0%N8B;7 z)u>5(V^wp0lxW?VI(*i@IU+2)DH+`ZIFXQ9lr8>31n^4;kZ#A z6n}u!(fXkP&ZjcT4@0!2{S#&$Rji?#r9f|8{iULc;LSmV5X7;rTB?u>{Yj*fHECY6K%soxv!pGewgJG2Mi`oOmh_1OdtW&y_+;@H&v)@yGl;L>B1=Q-uVt&(e) zd_Gw;+r^@f>shtn$fn3ns3i~5AP5@wPgv7@%nxm~CgT%2j;Wavxom(Pgnk-_FK)$B z|1-C~3rCi>eSWOcFT@x03+B!xKJ*LzB=x#G3-Oi1D^z^vG(KXctol;LSIm?SA4xRn zj*}Qo$-j+Oo3W$`_|7+f4jPLKz}I6S;Yr$eJj2;3AM(RU`GqvnqK&R%BL<*`;li>8 zNRt;;lgCt(lcmWACC)g$dUlJXk;69!6^KpJYN-ZQk zfE9+5JE6J;MGFzuhut(*^{e?CnkDSlUc1<*Em-TT`o8>JX~DLjd!5*qar+4@`XMVq zLE$GA|AA?Ehd6^ufkQy!Z^~6!Mh-_n(qn9TaM1BGA-Jj|GWn{5shQT7GL=hTe&o&s z>i66;evhlNPT5M6W)1h7Sr}Uk&?}!}vdE%!?wPEdU$u-%e@W9~Yg291UT=N13Rx)bfWvab}- z#w3ec(~U7$r+)b>a(oJ1aplIJhTw|*h5q559HQUG30!xs3aOLet;cwNFR;V{RRU-01IiQ&na`qoeN zm0zCaUtamZYdcanRN`(fr;6Bo<}>mz2t1hSkYe29Kdv#P6F|r3sCom;cnHlBwBYU7 zkHlb2w!ko*FCwF#4^?|W!ZB9HpY}C{Wu?S&Ke94+!{>v{V{cRbUxuz7)z^53UTwwOZah06JIRTtqGFT=+gAE|mN)R!DfUzflYC`kU ze;kiF6js@DAhQsB+SF3NvBq!gA$>3h9Q?)510lg2@a9kWck8W3hY|)J3Kr$z8-Ym) zBaH$NpVxd2U}!Z5>rj6*#wlq4GTS*e;!1+EGDvV7p|ltHYCo- z<=Z)yZL%G3tl<0yzYHX9(^nos>1myR<)OjwX98xohy7bWDacxf_(k_gFGT_*4KB6d zrGlDkvga;PV}yVS`k@>3;Og#y&~Om1bHMcPD=;?rS2hj~^g=Flo;>P5xZ9t*b20#+ zPowmWVi#HF?f{wkbOl~soE0UL{WH}MqM&3k@F?j35(~E^u7d9XQ$^48KwjHas=TQg zr^Tpr?Imbzj_$ytK#_~uu0jXqrH^+3M5hTv4yASrD@?5Ilr|t8It|bI{o=Q#4OkJ*IBys{+*G))eapY{XKm$yTgFEJ z!Ck~7s>J-gwiYC=V}0%KR?Ao}zNSAyE}`cp^vo7U+~n*|rEKmr;)b z$=pJaUk0VNti<3rl{A@)kgWY+K(N6zU;~^kJ7XW-H7ou1I*LrUg7e@Wykm0mP}}?{ zVY3An(zaFEo{VI>zH(8eh0qqons$fbB@s?=7oA1nB(9!ph8SUXPZkq~CA{)q_6#N| zT9@71Z*0aD9{n@0AL-*2-#MMZ6deGVSA5Tsu51?Q$ac2)_EqAW3`B|eb|YH=rXpFc z#z`)p(#6Tl@(YT^p56N%8E83=1%`cl# zDki@RSjM5q)X&kfdy@doIDy8IT}o<&^aGc)bNz8xU$CKlEN%%dvrE(3u~w6u5&Ez~UDVx!dTh?tt)pqmTiQILtY<`U7CqGsu>P-qm5Hgp13 zhTTsZ*|)L0gkaG`(+GML>N~X ziK2#Z5P?}XJzkRjF^(PClJpka*%V5TYE`HNpX~>V69u;fsiHQWK<1>is&zbV-*L7O z|9ix7wDvk={~Q-QfL}RU^*tRe%Lm+AR_Rx0T3A+S*}*?f%R2H2UHe4j1URT<0xfuu zDN5M5ViE%}C{eW>`A4c+0amHn!PKr^=SCbGTh+eR0W|18O{rNh0)3!3H7j;kkx@9x zqh_rNS8bHt@y_)wuJ|L{dEKM; zfF;qdb%HM7uqFMd!KbIQ?3g0B8E@;jCtKTISGch0qCX z-jaUhQ^#1pmT^fW`gJ_69Q`T-wNJnD(U^Xf6_cY{W%WZFcze@%c>nqoVkM?uAyM*l z+xoRHeZe+-mB0Oh6lzVsK9tGU3&iP!KbDrKy}h@C7F<9)D$3`1ruuYWlwzl{MwP18Hjps^&hlg@scGj zowaHi_3v_7yE2}S7f~h?t`Lr|gE@oAih|dh;5~g`JY&6com>8;3PjD;0WTd+A8bNv zW+1X@KLRnzs`lh0lp4UwCAvBq$W)%!Q^x9O740_NTL##(R$=`NPkC=a7T%8s|E&9@ zmm^K=4VPMw*=Iet3jUQEA~XhuyAGZiZo)CP4fkjm?(MSJ>a|@rAD2h{2lsFXF0?gO zDe}b1W{Yf8`xS3r}ZB3Q~x4^Z6r-)UF(?Xa`%(+t8G~x)yFowH{i%K!| z(S@fc8Z-V{TL&oC)s54rs?`^((1r5IAc^SiR7;wr)DDLI))~`DfXN)TX+3>rVM}fBiSA-AahitA-a-<9*(ruqN(G@Un$yla>e@|2U z%-pw*41(Za4L?ow8I94tqW0$_jIviATVcO1I97{Oidg7yC4LL>h_&bs`+)j<=Gnz* zaOx-!-eru8rck6FVcsjW1vRLwMPd1Vt7fVkBURfzSH~xdG)9{;CwF-a3dCQ*pSJXSz508#Jz5)ffT67fT^oit z&!ECJ*s`MyJ3I{Y>_d`5kjmgjftos$gJtgG5d32IO(GVOoN!*ESTOb@;pyOl8zyZ; z)pthK7T&{FgEy(k#}e;n@vyNOp(kiStH0nEu{a(4(Xnmc{ z*@=a>tD+1Jh=&n>_XP*dD5P}bWYDUNN@;?j0nS`pbrX&3=_>}H^2Dd{K8|xlF|Ia9Y-TS zX8(Zne-m;)+06Z*7?yva34CP!!cZaNN+|3M@osQUw&X{0oHR=#GKB$St(Eg0s$!Vq z`&iP_%enNih9a-#ZI{e`Q^|YaJCCxoegUA{R*{j>5d7xoQT4?)0DeGyCv+;{PvEc(brMNq`-XXD+OjYI3gz;pYe<1 zOyvKdfPa8Bi#!zfGO5tN9r#_)8h#HSbO1lF?+5XFLMy;V+Q#oKz%K;;PNYYHUtrp< z?}>?u)qew#YS(T-!W?P01?Dk=m1Ri3vJxn1{C;TiDd&CBvcH7<>bOHK z<5xDmyr<;*9>52JGf4~h04YMBBvc6@0=RMXuT`K5pMX0YP;(R~ykx&E5vBpv|JI_( z4ydnv4N%`Zw-r!huATKlW6L1N9Jgs^8hN`sQ?Y#FC&K=vM}#=fmO#V*m#)uGTrY?-3OCA2Q zWIPLh3I~a3#$v%oyI?-hx61$MF9GK4V|XoZR)93rKun{D;R~IiD#d&lWYrWkT!PgM z9k0>*-9j2u8jv_?-v4b2d^32|bFATN*Lb`9mMfwm!=vVXKt48h&|2^=}{{#M> zarn#PKjWq>B!*1bThz{B@)(BvC#NwJonJlgP+6;KO*c-Iy&vH0tgf6m7H{pjqXHv+ zV!lP};9`>NsHufw1B@B3x^x%uO-%bzEkP-XaYPb&Bt`;(16)r>9lLiV(? z&r$#WTgw=xlLH@Ed!>dHoAj=ABXs^pfytxzjh$~htEX2}obhdN*r87TX#Zj72%z>O z^PhI~D-#UC94A?D^*Xg|x-{>*dy>_o>^4T#RKXrkTA~_)&u*#`EAQz9JyBPpxIG=% zA`|DA`+d-Xnqe2$%BXT*F@+qs{}odSNGr(a(lk7v+A3!8{(tRwyMrM2{mcS29$rud zGp!;%mc4#Zm-T;ZOA&%UdErVI?AOMPzjGhQzHa{IAGI~zkv_bW|K%TA<@`gRGVj7a zWYbyvLpG+Tf-B40j)!;VHV)KGSQFY2t4FLK@#%<;bPoOzLVZw%V5m_`N5P){RNj+U zm4YO;ey#KOz5?{jTiSHJKj!B$KU$qPCzV$>m-0CJT{^Xx6g4%hjCe6q0)IZBj@f3_KW&&rsQ_Zah^BvjVlSL{N&qe2y_iO zgWnb#SQ+G^4c2mA;vsv*fZEQ2(acQX;8{s)&kG~Hn1JNv&KuFPk^`5Hd} zS1W%kT$NcD%spx^6NLe;+@=zLs8RkbnYy*$D%U;-S3&ZHL~WrRGytyL6MxIzA*$BA z1q-9Nqe@q3?y8D))9{ni#rEUGn6(1AS*%B&Gl$i_a0T#Rc0O(wZAif*tPkP#=5S*f zyG}?m=V>d-Uh&GSz9ky;XLHK#`RUv7=lVARK{_SRZYpo?*`8z zQJa3h4||Ro8+!M%IQ{T~fQxSiD^sCAI?Br$I-`tT2Rr+txXmm$9EJbfc_opr%TDTe zX5Oc>3IX$V9%%ETf7!EXDTbLcH}Za_iov(;f5#WPXOg7{+*!?-A$bq!RkGl>!5771 zHjUWCw;B~gV+7qJ^BH5r!x*V$e}ccHz^QwlYBO`@mEY$dY0iI45AM_zom#Q;?mrkm z&C}bd|2Kba{h!glUF;LOpM~TS;iJ&37H2AO{=tqb6<$4yK|M78#hnFTVw`~ANdtN}PyAoB zXERxP-`?^3)%bm)D}EpN;A`Pm`9E@K+6@7BD*$B9W<^wKiJ)0mh5);w^xN!t>#!T` zd0zdQi2KN!oP4eoYFF}yOR`|dO5q5{w7y(Pb|XZZ1!AhO2Z`BXzeBbK9i{oP|Z zdsRSwUR9^jC4HxEmLkA^|M$^3j~`^!h?De_@IN0(W!#?LmI_bY84Dr%W_76B1OX`wu$~; z#fHdDXY>`&+Rj;|e2w#C`P$)lsNQRTab*6HJkX%%^t5wnYjI~vxOP#KyqvhPsqFix zcrTJVnRbHwL9vQABXi#*IzulO{Dqt9(tp+@-mm`bZ`I5GO?cybH7TtYeOQycltbyC zW;;+#GPfpqZlUv!*HpAe;@VZF7-^|Jg_mmJiYbj`JIivR&-_>=GycuF@|i#BwlrJt z#Ixl>SgA)*rWm;b;<)PK!}f6vbgpQK6b92}pI~HI1e|zoc*KYZ8~{ zk58Rf=+FO&nsE}W~Mdn|}uj=G5oe!tq&Xom<6& zSm}Ej!t1I#cdrb6kFCro+9%y|Q}UY~)2D*B4`a#UpWEGo!9YTI3VZ?w-e~>eXZq)` zL}yRCW6YS|7JkCIL(Vs}xvtnAVj)zuw(nl`ctrh+Z;wP;Uo?jM=6FGo9A3+%rXn4Q zUrFpo4Po)i-t0R*dCGwC$=HB=`rkJ)e~jKFFDkB%|GT5{M4shE<{xIy#+Ae>R!8Rc z*AMa9r&L{2`liBXUF2uY(C5dePAOL0Cw9(*!&-o%X5K#<&old^I{x`yjT1~j_qhJ# z9LqWrOF);G{CjLediSo=>rOd$wOKGf)Hb&w)%FyC~ z#MDde#~T)Ey)0zri(i-ck3yg~o!y5o487gok{>d3`gYzK z{Kl|H$TBb8+POv08@h&VX{LXaA67Zt+Nwbn>tNN%+-mtGSkgN)R5>wNb0gn`*cqd| z$4`B?J7QixK1?=HMJ5f{N!o?zW-ddJ4ZNx1X2n7m^0ZrSFgPT9h-f%NcBt78w= zu(xcn{lzu{Ug8K|FhyY^F0+NSL`SyWW5 zHacvfriwCZqi5SxE2ERmLNKcHH8!LQK7LNw6BoKPO%y5OF>=nUyp?i# z&RxL3kSf^u%3*v)p9&7R-R5mf$Xab*1m9a*<=ogkZIy7N_qAN}t+Ika|8VVidX>sM zayq$S4x?_3A`64gR1W-a)lF6nw~+4VG2?Ue)xxHmzlIq(Y_tsrn^fMb56Bh|@>8rH z0SdZ~M~!{G_dc(+Z6eZ>WD#xI{&7_aAvhQ_#q~!}+jNRJ%)ePsQfi2*!g@vAN16Od1zV z(WPs!5loNF-o!wEpq?kbz<#p*?ZLE(!95C&-#=0OJI@X5Q8&FgzQ_RY9N6{S z-#0H9*zY$|^fIv9evQ@s5qrR9Qgy4HeTPs!hH?ZI%ly;z0|jY6s!UvoDo*<++U*-U z$i1Cg32K-hbdrkL{GRfA=?B7W<#X-JEwRL#{$f{1w@2y|$8O56szhHLRYEeEo@a!bV#P{$dqNBdM9H znRm>D2}_D4`?Em+V{Ib)?-@@EBdt532?vx%TBmWtqrIB?w&u1!UX!{2Df;(-$b!?U zK>-rAfz`(JGnN{D{)Z>$e5YgbyU1r%nZNhBrcge3^zfYYVkv`UF82S9eTxq5+{?W@T&0dvDYjAj2aJBFgJpt7rZ+N!<2&-nfrO8O+0;fBvi$@8EQz+? z#Aq#V-|KN>*VK^sJ;QU*H*#l~VwUo-n>&mYD$M$T>&K%nN{u>Umr|BoYmyZ8cbsDg zIP-b;fh!xxb1HAYhsc#7@ygDXp@#fJ9{d>o^hdh-&!YbJi>yD@qpUwTZ&GW z>CKuL@~3rJ3!sErTUuDdpr(magt1yL)i|u#g$EIy=a0W%E=lnjDtDEAsW3Q-EwvvZ zvpVLLE2%y`LH-9@NH`Zy%!DF>CJ_NT+yU-SAW*ax+^SG4)KVqIkJSk*!~V0z9gUG8;| zj^*#(XPa#6%g|Rv&pHKbCO!$OTZ>h3X9K-^=|J*Tu=_2tu+(I^aaeII)wfLhfYaDcQ3LKxYyG$SAF>o`4ebF8!@~QQYEIuo@ zgG>*NA9`#}RT33#c$-;4PJ}|s$nl|m9^$2@k$GV2wDBIB(6s&O*-RD|vacMpJN{CQ z?8{k~vMb{Y<(l>m5jx|J;W_DM^L4DHyQZHnwVzx34LPz4*7?tI^-r@OYc;+v;Wlgh zG{*PmztV%<)5oGHdNR5EH^n$i-4MD)+%;!&y)o*8!|HTRg;(@dhAlETS@!j6;Z*ju zj`>Y7);%6IvcKT(e=6W8lT&<0G!ma=EPU1qM!@Lj8girf5?Bk^G~(0t-6OXyV~dKC zR4v?>?-*aVQDiW;rzc}8aBn=@$ewMSX9{pF6DO6ou5PT5g`*tm@!Mrge`4o48~^*0 z7D(~&nZ(Oeq${N`q-j?8t*%%)YiL;dm@8yue_}pX{}2jhJ||?f){uga6E5@Leb^7? zSBx45XX-EGsCI3na;{L!e9E++;=imTo@^|6Yyc?n?=>4(4nus+VHP)i>;GoHpd}ht zRU!lH4C)Zz^xrLLd5cVVqs^QZA{F-aQp2_Xp@OawYu%4G`QbRjzvktDAJPM;A)5=F zetT7f>K5Y!g2YU<(xP?Jbj66%@H1Gay74+jWE5vz>+bA-KTLM>a4$K?OBAwnlJCWz z$-rE3x>c7 zHMV5Id0fOlUd5{E2YTeZ^O6HNHQ~HI%%n_#6w-7N@eh*-Icv+t zc-MQgudk*Rc%gHBlK4U4s7(33b(#zVHDUI7zx`GT>m$z!Q-wsmfOLyjIgnSk@(LO1 z@W;8=k;R`V#@HqvknGm;9nLW8kzr=ldmo`&fw4pjgWa> z@*E7386~kKS~u^hQ%aaJz`X1a|IBY()myjj<{RtQcX_?*Zq43ZzJYdzQ*h=d1PsQH z#|bY;SLvaFJL~)gJIbhm`I~a`ovQd8t%VtnO+(O5g{o&`HwkhlY~^hoWcAzyQ#nfS zT;DsT({Gua8Gm()Pi=KZG^|zdJ;90=LJU}?PI@IwHwQb>NO>h1Wq7m7U;L1U9upXH zXC~`V0w#o6%e6+rpxhg@q4{ZWKET^RKweGE;E#)`i2C z^1Ox2t>{qvkC9fnih!n&+tJ+GT2!-5qgwdVZro(47V^rl|TvJ8hBf6jtG%fz2>y#CMv;{(2|OArmu zlBgs$B8fcLAf4ZiU*&CuXd1b!6oOTUi?beKh$nmr(Olbiq{&utKuWqEiyi6vFp(WcaXOU)1Q2|EF#jAB5I z$$mUV5M-uC*TNeFc~-2QagDw$-KLokJXk$+=~!%X*?#N%zmg0=K^%G0?+*M4(vVRv z@pC~*{@ZT^LO-UteLpWXzL}hs$OQg{O&^K;oawiXw3Eoe9V!s0pV0hR=MO|hWO0W7 z?q9NTn0~2?&5?~qhrg>F{%XYoo_GK^OmnTa!ho|n7@!={2U=!Wq%X!U@M`fMfiX~E zAG22PM&|fasMXmp|0>}TrrNF*g46;7TDX%%?IjPi49Kax&!5HO*fthc!p%xnHps|Wi4-jsOCzp%J5MFx=IpDSFoIr%9W5R#9N;!};+cs# zDfUwaqbid1XfUXvLjTd{vKglR#*jxGe`o>;4E2J6?&;6UyqY3f5nYo7yPKp-kWzUc zyaPZ_UkN~|g1c|igvTS)>`(*ALe1c#>`=3)Uv4O3bY-yV5^r|zX%=sG2bZQHfs#D( zMGH0CtId}3%z9Wb7M{&pe=TBNqjo`0Nk$E&$jr*nR35KfbfB=ZkK)-J*fKl_O4@J4 zdjB?pNz535XZ=l?CR!daKqq=$pUgG%9C3g!J7w7}%v%$oj8U%G_aM5wmYt zq};!h;_ZaJ@r@0p0Cz&ukA(;+7WltbQ_M*E$HPdhGypK{j#UUntXh-tduAbI1#qsvO1*kN~v~10Upq z_ADmEAeOAh)4i6Z`&i=rj`b|cv|dL2p%dc3L5(?EyvQ5sv1H z)dKF9yl;$R>UQl^$J}Ky3Rww*7RKiRdn?H5X|bXL8KqnjwM7=lSY$u_Ckz|Hdh%GM z;bG2K60f|)N@&g}D=XDp?60@)Z0AK?nUv5JUe?DeFAeLqz`=$(3ra&*@KfXaomLDt zD_=)trU*^kd-2L+I!l7ZhH`@n?E+H$$rNk3t~iGf6RZpKm?p0&K`SyQF2gcd$(-BG zF{4nC#C^#VsvZ-j^G@Z$r1VR_6#=aj7|k~U7e-AGz%BY!bS$$yy#5m_vn5|h1#zM4 zQtp8=+rDcFt3$2Oc{Tks7~McKM-B5*M-B5=oA-eq@fG>lFB7T1ePd^du6K_AE_eI~ zmZpMs_z&ENzIqp%p-zBa#@Ys2Y8+OsV*>1?fFnibTI?y_iJ=tx7?i~{qYNL*=9Agz zRcwi*J~RSZ|4|e|LYyaiX%wnaArSc9} zofkeQw%0rQ2OMWW@t|L+s~LOMH%*@alu-(WF>k2@Ei#%Lz>7sjKi6h19e9ZZU>d5Y zK$M0oz2C_e{_mgeoe$FI?m~4KAszk9H1D>@%Fv3JE{kX-+8*2=vVr* zj5%ri+YJAL#7^C3`pt59o05aG9M{o-c2WTv_-4n1ke3N^J?RE5#8WkbRy~^n1J3-j z2(fGV^h%%@wNuJ9a&(!*cv1-c(b07g1xp@~E)fkV#=v zXQ-*s?^;tIK6y;e5>KW6NrDhc)mW)d_YMFYGCC}Eib_RXsT&6oUU1RHsE3u&{2*p! z(t}6mXmCswTsB{(M!_e)Q~M8wHRZMQ+rr4-;>Mr%wzdELJF%G#P)*ROP?nMW$MMQ0 zE5<~mpt3^_Z?6#8w*HJ7iWw{AIQb^e4L`2`l`rzrKgQL1-x*kd%O^`E9%U6VFq@0T z%M8r?^mBzdW{W{);lhM^AoKOJ!jL}m)ui$Q&rT= z1pUzedRmqehSlKm-u;U`&JS=3B{?p?O@N##?3YMN%7QjeqfI2s#1zFL$Jj)mGi5mz z5Kna=?y333mw+exWYeFs;p_GMfNQ?hD}D}Q3P!`qi5ku4oP$DU6nH+yF5Wdh{42V& z)_%|P)Qs7o2?wKkVR$lNRA%%E9)8H=z{|#&!~1ewDwbXICC+aDD)`?&qWGPTHk}_> zEdI0e1Ak}d2R_iL6+7>o{FW#!JHg?yY!YlyH!u3b+pNGyznw0`XHkJE zf|op9Sv>Hcc@?J>HXY^Pw$ca&Ct;jM7VCH^s7d+qGmEudq?$?VxDpnhIO<`w^Bo!& zXYbGU%l@|usj8$6h5O~5-RW`X`d97jCv4EE80_E%ON!uT^%^_MtcrMfPSaIh7%|ZO zZ7OfW9}de|l2fP>ulSb?*D}#v!&+3s%J1ac^OfHz)HPmtPJ!gJpO@H;{XMAH*ZmV; z2Xa=YLlcIg&RgfgUf?5}2^D!M8J3*M*y+FPw29`tr|z@9#}tV$1BM*gW}#eYLZCAf zK?+&}$D3~AmCp?jEJr)DRr-$!BtZ}GhFf3GvbmCJS3eFGtgV#nT=xHbhOYW-nM^HV zExw|;hXL`EC$q_7Ev4s$Hj%@>7Qo>z#CIwHgMXlw4=ve%v*^>=lciwfb!S@*r!TRJ z$5Q$N$`Ie9fZqmgt4p^M=vo~aPd?hMUg=9ZSG9WR)^VwWa*6zDEWn2Ik6~|ubPW|V zT|BauR=BQ=mOv&dXM7u7vJnMa(s2tQ&u;hEcp*D7+884AHpC}lcMawIny z_!q2I1z;On*JA=#TUgwD{tcRrKvL-!P&m~V}bnpZpO_xZazlldxHu>CUbYN#?!#x82gsZt&Y$eNZ;G+;GELu+f4fq^d7n@44Fa#JU87(23 zRSaJ@$9EQ@U%U!0e|A5-b)3kCg)cT^aI4FoHP-1TW3^A9ZjBt}uN$9K-n+;ezK@F$ zc%4U1Ol3A6`qbD|-+gEdjC8`Hwqk9xT@H6d=}I}(pa;h9A^P;^K~xWHXInIuc$OnI z{1pVmRFmI_mG-6sn6)0Swvq)WaB1Je&D^vG5CBZKVyT1jV->GXJ1JJNamEpz_-;c0 zmX`$NS4HGy&Ia98rwi{A(nE28y5nqRVnZ zVvC%4Qjm%B@oAkCjaLq`R-7`#i_Fr~%l;=Dh5gr2o{@#`0px7Pkp?t?YG;g?|EvMt z2+|fe?#`DpJa6R~(t1Gre<|cJhx=qQsOJCN|R6TS%`M&mwRV=%Kl-;Y4ipC*kLdYsna^7YB z$C_?v@RXMX($tnzr;ewm4AIu>ayEW;#K=KhvF@5f2*~;tNUjCRPGO@~LMaIOits4r zhnq}lwyA}-O;SJ0e2*(4{<}LR=|g_6OZM1Q{f3P`{yi$0Ecl`OEZP0DL-;I9abhR8vQc}c*)ji4y%~g>#jMNIJQCBs+*9>(g1gbxOB>oS&x4U;^n&Qmpl^m z5B^GzWVGyk=(VTadKGW>a%O@O+Ch(glX0;uXZB#c126u>i1AmugzDJz&-&SWDBKRv zuw_?9%iv+iCOM!UF-J23xMunx(Hl=WmiJwTaT~TfwL2Rdo`DFrEZk(+c8~T#CY$`eO z_aks~$f0=`3MT!59fAfS?=iakER`K`gL^q%QIm3?R{qNQ-$U!>q9tV%d|oK{qqcnhuP7zM>QL? zZax+|g~HW@(njP^DvEH|9*OCf*` zp+ZLU{6(M#XgN=5&h{4WXP#^rlG#tA(`I<3pk^x-W~_*ht5bauc%ovr`;+(jM@JQ_ z|LB5}_B^*1Bd$puzi+4#)L80FRKj}WVGgJ|ONtkrkf^I2#i(eTT{7Uo!!Ic23no}V zIGlf~V&crm^#2$-K;E!W;=RbKkVD|L7UfdVV|GZl0I&%->>56A(aTasl{r}q-UWI^v3gs9U~sCWxe+snvs?Hdw=3A zQqCNT@lxIh;gSW~jHdQ-Uy!mUN-;8bBOI#v4eI(SF)QO_xsLl|QPo+S-cZi|8^99t zfMMuzY3qEoSV+@F{)+qG?id|8hX~0N=6pUq=i-{=iTv*jVur|+g#|;rTE~N<0HVxU z$Lla@Gt*1_E42*DQX;VgSV+P`?89I}%9_=p+hmgtxra+y5y+h!#)slw>@NjvE%=<5 zwhM8yzM`HsrbvtWb%QTv(kLTM{dMiv$m2`P@#b zFw4Dq=!>*>5R)?E{6~*iKYGL_Ri3KvsG0Z9%zcoP$%SB`J~N&{26uQ%5YLa8MVWYb z#CpEruSEX*x%^Qm>J$3WWD;qk-2L`^nSUWy$Hx$?(4YRBfR7`K`I-Jzz|4-ng7|_g z{xaTj4%2IGrZe!sTVd*o%00P6=KYT$+KeW-TQIMRg8|SyW$1}d;5^wMgK83YreqdPr?eazcr=Kie@!)g8~)Bqkv56Fam#z5(4YRUqS6 zu|uOQa}zf?gKa43Lc#Lm?wgf0rER)u&9IP`Zpa$rsLe%`|8PVUl;)WEM0zk z-V+D{YI_5_AE%w76X&`%Ft6hY-YY@ttNeR5{J~Uc3#YVdYh4Bw#dj0Hjs2mpvsB)T z_Z+6_?QIj8-uf?xmIMC5O%H_nrPug^to$n9krLQ-ewF)x3`&nd?O9fp_5&1*rKi|D zQnL(2oV^G2$7o;YB6TEKHP*6PvwZ&z{z5GdvYoQ^R_TP~z+pc&st@E6nb&H1BG{Y* z&Fe(-dbiR{g!CO&Wk7rXkVoH!zFJ+jO^?aDoSzF1L_PxtK(=2g>eSKN49+IcJ7fEF z#WJpMKawA#`GF0~+$?p%E59Hb2u`n*QKKA9r-_BA&FL<`x>!a)?5>Na^+(fy8k8Ye@|NEk95IS%c5W zqJ=v%&9S9o(%8hPHCx6e&RVmLWFt}B`%4r@zZBB!S!z=$|N1* zE)1X(m)8s8IxSZkX6gNu;2cENL?Z{%aCKrwHNr+mTj+sS9Ep~rhl}*fdYtT*jYf)G zD#7~iPx_xOdSPL=LC)!i$s&AwGdvRdFa3+86&#|>iNfvxv5_rW;~msKba99r6{);I z;(oS@JyZnJC`8Z9C^o+>Q5Tq-9qhX6SPriC7Q0rw8o6l>Jz#v;9+~?$?u6sg?ZWKo z$+OmAVmw|x}GW^i~Gw z@u&x#t+q&yiIP+W5~ZbFYdC|fbZre*@lE&ZHQksZQHr)PJYFCz;lTxkKNlBl@b4QW z(FqeD$57uO6`zstid;Xe8Y(twTXU;%zW=i9Gn#T@z#LmCyw$!)f}{o^n_&-6GlTLmWPW8d!%S%GkBQM(ke)AL zL_0~f3(55%p7gD-LiUT|Fu{PGvc|KTijN}kfo5iDiVa1YV~NRSc_c)d6~0fEkBoAubh6|REc>t=v%av%8UFI z22Kr$ewRV~(6x98QhERWi9H&wM}_WD+C4g%M~v?~UkC?#Gs8CjGFz_6k2JEUPau0b z?ey^kxF`(i9;{(|ijnP;McOd<%#q+6>T%Q{cq-S-mS`S`)C zuHXh{VJa{6Yhvm^swV|qEBocn;O*fWeJLCGI4jP{pN(C%&A;F~W| zG&!4_(~Hf+vr|4cDcf9dpV^nAPqiu)w%7Ydna^Dh6q0^emqw*-=o+5aigU_l6SKdq zvr2!bkvC`>L-6tJ_RlHD83v>UpWh-gXW)lin!XEz_>&*d@}k90kmg?9%XrMTZ4IUj zf%lHN@j21V-1ta^>A1L`5{5K%5uh1*x_bd1?pDv9M7-lR_5WvuSR}jG`66_o8QA^< z_XG^2J{H`c~~o~kJ| z6Vgo#tB0;to0&H)Zw|2K*WcGZ9Ft!TQ$daIUUNns_G zcflQ5E3W^HNI%V_iz~+zd#w-1g#1Eijj3o~o51|wr?k`&=PH>UohG*5i z5=d0&5i6v%nS4E9B{0>T5Ah#-ibCOvVWO@qUYQ81_sVURt=ylYZ#uCInX(z=hd=L$ zuupeoJ_PZlGo5~cixs8C`Y3Wyrq~?x`=^n4^0_hNR$zUkb)fyIE#@`(4^aJ)xt1yb zFwhzeWiS$@IsHHz(Je-Drd~)o*Us7(eWa9VLsqnjF$$j61r^n56G|2)uhdtUvI~k4 zY)m05RID_46)&-e87##r)_Gba*(wAiD1=@?g z%s7lnuM)qn0e$0Pu0$kH2t_fmZag-&~XZY%0o_*x54 zq=XS0x<_X0z2e`9{_x}c34S+o>sYW;^9s4e8vjS$88Bt%cq1GYr~4R>I{muH2$LO2 zSsU=?R^eAipoKeq=j zdyj4yzcOcM3wUAK|2#KnaXA zCE4TS35Yv>FFu}mJ|ip&3;xUC1BoEQK%oMU@_DTE8A1&dkK#nTdgvD71Ny*!79n8z zW#_-ij}?y1A&0o}83dMl7rnyL^4VuFy4ePGQK8JAZ@me}ahz=OB4_{H(D~EfE>8gZ zm$(Ea6mc#&*Mdc!c5M{#^ZRA!0Xho(jduj}kVTXJVMh0f5)S`SxxV6?8>C;D+FAVh zUBg-gB{*(2x1BNxOpQkIXXB^j|LmHIcc)DThqMg3->NAMa!gcPcpl!v6}mu2Zq4Z|Y%4 zJN`S-;v-hHi2s_!e^4QGKrRg2639M5=ydlYP0sHy-VDD9=Axaf@y$C*od3}uxexpS z=b;nD3GPQPe#V?7d7^y zF5)9D5^iy8$YUr5mp<%A>aHL^C?7@UZL{VyN1C_ZX2%xBAA%vUy1`;xY)*S|M+0re zXP4wOUdggXI;^Y=9X7cQla(**epel{w4UVP#Q9^BrC<+1y^Rl%);5GKmU~)B4FO2< zPqprYzD~PoT?2Bl(J--H0siC=HMAeBHtVo**#GrTr=V!JcD{eaA4PYO5VUE0kkV4q zsD|JvE@GlX$s5_d-(eSa1#)$K=i~@s3an-&PecArNB+)6k6cnxQ}IS*?%O~ouP6#) zT2W0Yg7AipQRG~CGf`L~I*9EiC?$@ge%;0I8+{%}u*^!HtgioDzmf%G=PABDR#8yF zP18ix>ji#SiHxLp1M{al@3QrmBjtTD>}b+mQCrfev*0$7|J~otx}iGkVGLI%UTu%q z4^cNN>P~U4Q*=TnelXzQZj}K)@Eu(gl$7Lq+t>`C~!)m4vq+p{@uilzxDUl zzx!3wyr8BsSJRqtVNDBNO&42DYu*Sk^}VpBvsBZ)uBLj`G%~1Zh^y()%sz=zT}?Y@ z2ve<@nm*yT_3s02=-(t)*M6$&qvKrvPI7g9!Am${D)w2#8wioxP#=XZtvPuzDOU$4r- zkvm*KTNu=bS)QyeW_(l(^BDjU=Kl^dM{v&673>u%SC3La^yj|1OMKzqIZ0d712oN9 zv6RQlt()#-r8>KxV)F(%R^VW{#9*<&MTJmgL)*T)b$wLuMV)Midik?mzk9%m0vC$p z-2G=CApB+kp%N)B{tjnv-6&S`l8-Io;x8xHuQOc|KegwHAL=>zUp56oKUbyN5B26er5iFaRq+B|Z}o(8C+nF1elqA2{{Kl|Hv0_DzZwthMY27KtkoZ4*ELCQHuM&%$8Ko*=)E(KS+Q*^n+ak`Lx)CP1=a>6||a9QX)Xu_{y< zQ$Zw8<&;3$&0J(ScDVIim1j-Y9bD4f&eTp5Hj7pbLjhhZVeRU%9m*Vti|y4Q5Fo1! z7OcKxQG@{e1B=f8@dJbayv?1tIj~Am8iu<$D}+)rQJY1i zI`u#(`n1O<5*t5}2)Ik|rzcUPCepk3PxK4&=l(`U)~@pBwg&61UXcX_NeN$Ic@YNo zX}D5U_~a@@h#X)u<0pqL61FoTA?EQhKb@@$XUHS@-uWY=PwP^ZK+!#B*Rc>shx^WC zPEzs042}=j*}lJgY^f8TZ2{$@w+rR33mvGSAP5EC31d^p25W>$ z4qO6PnRh2ZL>R%r@)N8vu+4@>u^UAyDzD`yI~vz3`lL}jobA@E74M_L1DyHKx4lhw ztny%+b%U@}&hn<(W&7HCTn2}F1V#q(vEiBvaCeMS?9;Y_#@*mju?{&b@p#Y);k&vc zT3nr5C$CeVnZ^3L4{=f33YzxQeW6PBZ_0m$r~NGy7w^x5ZuvP(#wxGdEB;lAG1KD5 zX95NiI^3|m_ABj;IaLC*P{wti^;Y8bSq!1yILOzSmt z>&28)e$Oq`?o{+!gTO2*+6aJp(N!wie&01r`K6PEqmt3SnE=fycAvHWHv~~&-rZc| zI}VAoYMYwdzZBn55NVaWPS#e@rIr1V4 zUdj9&{I<}sZ?S7@B8rGzTa&nCYf=?KlX79ozgBT3mQ9--3dF^MZL1Ua!o1h$ga591 zXgR%r@8j3?>l0t;P4P zfs3^`Mq2_syPH8D+w(1|5l0dcw!1e;EDJtslvvIdFxa&%L5GTi4i<5Z(cwb7E(}id zS!Dy^I)CIsH@?ch*xBsDVOAOpSZyJ;>7Qx~@h$yhwStmno{vfvj-I!E)}GZXpQ1w@ z?UxfD8sBll4f$2(;ccH(1v~W1$=sRao3g>UHMNQ)v7-MZBF~y83ubY z=8c87|X*$7ecjC$T~&tth}4|5Juwa=p}x2<1W(vyq3@B7r&$EzNtA0dNOD z#dP_+7ESK3*9(U=*zc(d>cQ^=hm%;fa_woy=4eAgj(^P&OohbqJ>&xV9aC;6iLQdYcphk7613&G#t#t6Xu5Sh_fHrUHi!10_ZL)DxOqT z^s#-MptT>Mi(M-23yq0;Izfy$z64+H)rj>Lrid@hH4&_jpRW1=QO1RcdLLJvs&NOX zs%p8G@Pn(p#6jejjA)O*(2kl*xyr8Zod8t=Z@we$!ihe5ss93`1JRBu`Or0=shK9>G{q-Nc zkDJiFuTDH&ogjjp=~viVfW5@8f(q^m^u>cF+2c~92I9Z?t%j;w?TvJR`tK#qsTJF( zS$56U#VhZin}IdfY_N>++7FDS#$YCFV``-i=((T!3t1av*csoz5IKeDQ7<{BUI*8l z7MkbZn2N1<0DyP4HohTVd7`zTh>dznd0MYDcud|RiZ!9rA&3cTO`NrHo0t5#ae=ka z>?Lm&Z>gcGu%Q#ilJeu>53?JxkK&cj{zbh}Tg}!M69{YTmkQHRR!vtm_L{fst-f-s zQemJ3yreWA{iClY6vC#Y-6>{z$kDfur(~s^Io^H zR9$X$E(_Opxf6MkVlD{m}NAc%P5Dd!z)lR0j3{X6-;cT9)F<5<-9_hjt-`+0UVh8?=rTW&rb9M^$Tl%Fv zD1#yD;b?f_WzyAL_6;0V%uo<2W86Ee(uu|F%HlU>7wu~1?RmLO((4LYOStM{Gui5O zNi-D2D{p%?Kulej{q0eqBsJtWl_x`uu27`U1O%c}*;%6vK4#I$nAeQ_QAby7Mx$pi zO!ORJ1G=NV3I%TB_+c{s^A#8Dl(D~|DWiwmR%Pko7(ob%n!a4K=YVf4C~7=jT50sC z;1v>T*eXWc+#WT_+Pdmw)Qf2Rsjhf+`Vo>6!@Vio^wm--Bokirc_NvmUWqtOE? zKP^8RXQHshnQX3QSq$vIeUxMi@buTfN@uvv#<}`uMQ$5yCNe=U*b`x}4XQ0V%*U8Rir@#SBT zpRA9U`*He1l?kA#=o4w3ixr#U1vY{<4wjBm1?(Y>?X6u*oz`3UN&@S2b&Tct)+ij> za-H%>>j)`ys*r=5#UrbsA%`_YcQRUtr1P&rp}zWlcLaU*j1bgM2+GFKI>I=Fk}bfV zX*htA{F@<)+$dnN^@Jgyikx&*S-w#1n4^dZA*jn%Hd-Lo!syy`p~Y!EIjluU(q5&z z0@;(4k*cwlV2^U^lsX615$0Bh;?xPrE9ukj)+bkk0C2(=kRc;t3q#R@xig}Le(}fr zx8npW7QoNO(^`RU)K1jGM{A!BBka#T>#&Wgmgj5j_mgfp0sUEL-^u+Xom4YhvpwzM3u*ums}WdLgLwH3 z)x>+%cB|vZ+&>uNnk3kejUTj&i%i9xDlFyVW#AK8)gpB z#fF)qSBOH`W|?88=5`xqPCKcWVP>;QO~x8Qa_YrwVz4@4PA!F!^Xm(wUeNFUo$q81 z{IW+LTOR0_G4<#dMGw{oHsQ^;NzaDkzJq+?6h6F`Zvqm{q480G>+)f zU|?yCvNoL+s(AIl3f1~|rcE#5nn+E@6n&4y1aqi!fGK2HBr+ssmgVH+zu zr}`dH{n=~P%RVR6?%kTyp5pnFWaF_=eASU`eEVD`RWuZAv`bIoj`V3+e z|V-;EPRQv8tePfC7 z7){Lcv};al0P@~+b%a@DP}=WD=pAu-tUwUofc~*4%%}W^x%J!m^Oyh};m*(8WcrEo zuk`XJ{aLL)t@fDwk}BVMM8j|Rg{_F`Zp)jpzl*eJQ0z~?QvJ{iJWL3QUZCNM)35qp zwm|0AkAEctqicS3yo3$O!Zrc|M&c50JP}8D;|QGKjYkCz@V!#MmlJ!=7v{ho6u7@h zClu2nB5O6Q_#8*Fi2LhISRb&{s4N_lS){p)&}-Du#*vxS1ubta-HlLe5N=#HwL>hT%{Hd zx>XLb)~6)^;F#Xoq^a|ai&Vj+vf(*?UgIah`WRkOa=}~I6sM?Ud%p=vmk9avaazzv zarGAevJjcI`iw6?ih}SOFjRWLb*8KW+hU-)FmlSa0r`FPYL6wQX^wKw5=|dWs!|_7p(lf14 zNTAe^y^ah}>OUxQcCEnSQO-^ZSmXN}T~k9MnPN>86BU5NlIZ3M4o8LFDyt?nR_8_! z=SVWb)Ug!RZcNRvyGH#x&6d7)$tZ9<6bRVSzv%^<6@mX|Q-ID=%lzZeQ@u<6wU_lS z`DUM`2lujQmbF&y;J6fn{R$rEqu5?((q&~30`R0qog-lx{O{s!E3?H6j5jy_FtDWC^uxZ84inHVF zJB#}5t2TG|yPx_IRL+1v%Jqt6vtK34({6I}HxA@)L1RSY7k7s==0(dtZhEC#{oS;v zf9$0_&?x$Cf__=}>V7NyT>~aI7b<=Q@#c^JgQ|}@;#-&l>q&e?;c_W#f8CUH2PnvI ze=e&MhyR-;YF%Ssi2wYP#eeR}_(uHafg(|=pz8ZaBl#BpIox9Y_B_+#KOfUrtN72| z_-*lZJI=89y1_rBTf~1pNqpUJgSrlPbyc>9buB*1>Uy0b@ycy~4C{KC-xgoDh8usK z;x35)R81ELHL>0*sNOmeP^P9?VNH#yX@RRLs+tA|HGRX?w5Bbr=@3`b zB&%t1rlvDhli~-*a)bUJ>FWCD66$)Pzr$6~zsLt+T`wJJ{X5v|D$3Ngzv@!_;9lJL zTW=HtDE=s}1ek~Xz~TqLBEH1v|2=5ONHvuq7y2{q7AmbW`)aXVD@gD>f;%3aS=hu* zF+~t+_u9B(@h4Ac%Vak`4Qi?TjO#3?b`^)Zp&*_T9OaW>sz0!Nos>vD>~W6JU$KhRtci_oi<1YAYtbEYxalMRRt7}< z1dTz+3j#G$#!aIJ6^&o1ysQ4r{N#gtXYf&wT;1dTAZFb&umHV$9Y#V5UKxaLemdBw z8iT3{?J_cZNe9C0qk@;TxuPY!EEHFfdXP^_{C5`!(b_*mwxxLGyN_mCDdS0*eQL%+ zng4`+dLEF&JDvS<1{(QqCTEju7x^jAboit0sf@JX4}j2TdN)q9&zkDSme->c;&iBz)4%v?y*F)&^GQC`o{x6$!h zN^8cxS;dx)M3a@MD)Qv3IQZ8V;W9mvAU2n=;_v(OEt6kn14vj8{l|b}v!Zqi2}i14 z_JB)q8hmEK`hF{FuT5xibP#TUTZZ!3i?RvgIKm9&Uh@+<{_f-KV^8#9^wJ-yt`(8$ z`~&Re&c2a_Z_tg%;=% z52`HB67H=q4Q~9czS?)hw@ZW=rDJ+b0_@T-;Xn!YDnvnmx4dOXhc)+wHJ4+}<^2CP zM^NG}nggspvoC8Y|ETF=`naU&eERt3rgQ1t=e*i2yLa}Wm)`B>dbe9=?_mGlnMZlm6Ie9lV=HJqLwnR(%s)KT> zKV!nh%$^9k7uaY;PVw_+_d^xoA2~=fkzx|wRmZnYo~f<Q#kvk{$sTDMwJF>|k5{gv8jNVi9cxx#LvNkUqL(=Z^TFA9e|0 z_J8vIF1WtGi$QAk$E7`N$9I1p?!Q}->ue(FScc-s2Zj4Ho;t*AqU*=X=Ii^A1~}P| z)A?=o)n(jZUv0WUt!J#F0RYqf!%iE3meH_B*~v@6=?al~zoM9^bwjU(52~%{4Fa=6JsD%d_C? zNA)%K%=Wy_@6OkE10IuEL#cifw2uU9W0jW#()fz}<^JUVecPSlP^c3eBJ*mXolbE` zkK(4YduHEUGlX6iig!c%{ugfgL60!*O)UIR&I_p2o>e-CZ|`1yOfTgh>Ak$-msh#q z##_~!UF6401!sz8A8lavkD%TniQD4eV{CUtj_>^v@KZCjg8g3B`*yRGt^i|UWsUkI zQ~tT|eX?i5wK`|TeK^S>p-$603^3xeM|Q<$7v%6GYyXXQeAB*|$%Rd*s zr~d|Au-irScm3CRG{sL(%tnHg(v-9^Q+4mU{WkgS!5{bZl`-?RL_U!(kjyL*=3aPEIDANT&OXZc&cM)`g}?^*uLFDYNzZT^N?haG|SulePA zS630TUhHIDypB4+qU8O~x}aZT`9d=%+wborwbA#>>R<8|_22pbS^vllUk?As|DgWv z{CRIsXBYi<&VNqd1$XtN&m&)>{QLjYv;6e0QU35=`1`moDbMKAMgK2Qd2A1c#cUL8 zIXgtb>I?%&zun>V_lr)y`GJ0WLs#^huD1WroNy?(ZT8}ZH@fTZzu8EP{+{xHxc2l_$~&M5H&ZfT*=@iyb*qG?1CTbKKkE57hKW*4d{QvQ;r6L1i71^ zbg{Up8{Ww3<>J{vFLgXXl=C4BS^I%37xSiKZGi2igs--&lCRAP@e_PW32Q6U(4$r| z3q{fF@#klm@&V9uR;Vvo_z}`u)OHXd#Qff0a#l9V!pI{nAKu89ZC~Yo6#m*A{{E?& z=WI5-fj{Fj_{;IzT^8eG_;dXAWYD)R$h&ryLxFu~kkWU-!El<5m3k^lBr3voC5r81EJ|Ev6d9!duG%NroB7x_KesfgbbF_M?bUv| zSLM4Y=QA^fL)Bx~UdzAVOZk1jM)|`Z>e>E=+Mw(If&KP_UdrF{73H(>|9()u2mVhF zE6Lzr{Qrj2A48>A=WJdi)s9$1P6t<}^-~zFK7k%)JtZSIGsF z{E+x*|G#(i&)dY>tS+R(kmiP7$ z{}90!_Zb9Qsl@chzu-bMx{sfqU+?5ot=0<^CJ6=82eS@kv+{i&foKFaHs!aJ56?O& zuPYG#p5xii_Dn{Rh<_sUZO32F^ViIOyNQKMW(ehyfGDRK40bM+66{GiM>A_;hLnou z+}bxQsBV9Fu%x!T$C?mA_%{_|CGK`SG09GsQ|Nmfgk7vRlw&aDm4F@pu0D zB{kV9A^l(mvrbIKpZ7WbJVZ+bb2e`@Vn65t`QXpB`VAAjVb8S}lGqn1ajhCe70RJE zT9=023i*OP^qOI&>-_PxYeW8U`;HXrw}=nnl9~fTF4_Dr-KFAMbpck(yM7o4_?^9l zU8_7LD)NcDxOlt~pH{D23f4RPhw4QAO^uvrWe3P;f8FY)zHr@8!CNL6Jq3FbPIRhv zSW;D)c4zUpb#>!@ED)fY5zv{#>Yf=>n2Y}lq2-61U{U$x>f1R0ga>wSPuWe(I?VDr z)ou1M?@z{^m5N2t83efWJ;sDHVTg9pU2pRkdW>FkR)~zONG&VWxyt0keA7$9j#pz( zf3bVhpgAL_H%_~>>GezIT;KP~A2hxE%$R+0+t=}KkEZ9m|GnypOB*k~qM=dpRdHO? z<1N?cU)%J^Gh_D7ZU2pb**FCB=`fdq_-C8rpV7M+|J+E!(r+!g!aurJuY8)nFv-+m z&FoFupM7x&N(XtHic&yS1||=>$^X$yPBa>{-;Y)ikyYU5W}c$kU|S{Ns#xbm#-Q<~xs(<1)U6sH z$c_k#;LNi~sV*oQ{6ozLz;8QYZVX$p^+Cla6d|DJ6^;oSHW2zpTRT|z#1mgilE7u( z2C}NitxMa91bqSjEnC@ua5SvFuUE>xpOpvm0h?7PBeob{Vld@(UL zpPJ|Xf3*z4Lcki19@@gg|0UOj{l?oE^$z${5&j!K@`irq%|Xi+=ghcXI){GaI)HH& z{f_vwk(=Fy_F}Etg9q>^(G)^-tT8u?3?9L0bM6RTusH*RW$DlMV_ABl!aF*Nm=p+K z%^Utj|KWEdclDjWYzi5`duz$>=OJRhFrWW3dGFjZJtw!<+$7TAZhZWQ8tHmIJMLhX z$EBZ$*Vk*h=y}P+9d^IAV_l%1Wj)j|9}x#?O(2%+qXaeDBH6bFbtR00QycvAuA0S2 zC>nbyFzv!x6JPkB?WYVdp&$M~t?bx=RJMPQ%I?pu4ErOMckX7^#`n{QnKslL25{z| zn@-cH!msq!ZbMtf{*283w+hEsw8(~TmbbRqBTmyam7Rgi3MxGW0ZIfT?Qe%gS0k8P zFrR2E>eRdO*SytFur&uh9mSrSv&4xfOt^Zue!pa0@0ys$4F>=EGhCV~*z1(TAVf@( zXah|!5l*s|mYhHgEJRID%2!);0th8%!vced|A?#M`H`-MDXM|7HgDQ;uy|O2#m=NW zllOHbX@)IYoLkL*cyx%W_cEwrAVWwP4tH^Wl$I6T8SA~Xp!9!`zhz-ANZED%7Gpe} z*VeQ*XF5d#`ykS~5!id;&7L%Ow(dW|f&v(P{^af$w0e^h%Lpzj@l)=r{|>$ai)M=w zrz{L5Pld7*qy7)vS1rL;0WPs*+*cF82(<6a)kLa=jB6p4_tWD@gCtETA@DMZnm*p! zr9m>T3UaPEQLw+X9AeUc|4-JJoS^*@K?(d{(tf$PCJMPP-;>6V4I1xEg4EPY4?u%Z64_MV3H5+BBmk{Eqbi?| zfFVO7LSDjmOAaRH=9+iuUpRQhD_{DNhAQG;Wi}*~OCJDrQ8S zY^DZSpnAO2z;`NyD)f0|@mdtrAO7b8*mb{`^oW6RqYTswmKaj6JINunPGHpo(R*`& zyf}c|%jDVGr#s}iKu&)Bce;Q+*g&^J)^SN20#w7_Z195eBlw?@rd|BfcE%zCf`Jh9DL)7 zkyJ>s&zHe)LKhg?6Bz&;{*Q6`r%W)Q6!gbg2@2)~>u8lmnFKQt-c;U=ZOm7{^Coh~ zt72xq;7uPQBc3dVa{m$xp1{5%+IikH(56io;~SN*9Y5#>ZVKa-Q&NGpku8%bB)gg< zmLEpnN%dfFWweMYl+C0;*LdaeL7A1&W<9Xo9?cv-F`=Vb2adv~QFES31HPsyft zr{)ktmZXzi)Q7E)KkVkOw>kU8=FiMuR{^S*3a(g-8}+*v`=y_XIV%#bNNm$*3G8b* zL%cRobc-mu#h-q$;JSiJ3r_EUG#`mvOgL-J24?iP7Lt40EFC=!y%ivk8hG-@!}=1y`I8K!Z zSvV;2Ft6Eo%(Eb68%sk=`HgU;$npEQD9Gf`-_7ioym z+gK{ErDHe|Qe@5IU?@@puy3PckE3(^sqNZ?)va2Q+W+|EfUIdRi-b;o-Vji`p8q^x zFz}F%!&&x-?|o`#W0Z}LJ>n~{r5=xhGyHRR&i~N(zsIn9YL{l) z7iWgNE;m;HQSdG!-c$`{`U6a5k87XMpVf%}*ln(fVhmkvhzYyrOYNb3 z|2fsr1}K~glh6j5vy-bx znIq}zy{MK2iUZfQeP{1@W|>ZDl|8%D`D&C*e7rEp{v5-75UC;LcL6HA*LY3k%mf9v zCuc-wJ>n(C7lBG1368i$elGQoL!ePX8YxyCA9N1?rX~O~mWq}D=SgfCba2A6Rcy1YD#D+i@<7Tezt5*I0$p&gbV>`mFcV5} z90q&ROZ>M;aR7H=2zUCDjE(BxTkYTjx1IcJj3*`zhyb)*iBKXUXnlb%6-Z0VXfvgL z0wl6AyaWx1nS}zgs-|D?)ieP8TN;1o%*X_@pTt<}OTb{z$+j+R@%Q+b>v+^~l3_t` z<=;e*nCq-f_n?nI__%CNOb^KP+_9qTe{g;*ZBEVD=$fCvG*BotyF39=b~rf>T}++W!=fcxFr3!VMU zlg6gLdcsLUvyPcQMvP%h&sgM%2^jKL`QQD*^_e&DfdXM0S%24N>0;?IFLipZp$BY) zigJsyZ~q@_X98YTb@hFw3jvKcC}0rLpi#g9f+HzKgQDJGqH#v08g12B(IO;(;t;$E z5W~^b;#8@%)>a%^sYOKLZHZ8sR6wnwSjVd88dOlL48G+1{ntL{P9)Ozc|M+poO|}! z<63L4z1G@muRTrvVXZH!_TNl8F1ql?eQ0vXlqi1>ul}To$B~oXYq@Q-ciOs9wOhMS zevOngyFI zmK_OHgx>i7&wNM!4qo)!}#{D(fSYdi;{i(POQr4 z$5}#JTzND}!IU4+(=S5dPU|=~#Ube>+t(2ex&sxxhG|-^HS>zytla z`PFiuzt4GY7)MT@nz!iXsoj_+UhWC%Wbw*s=3wNj#|NszYi{P|ZN?V(Mx=gukvun~ z_3tvI!sL+rzTpTGXJ$=)=q=5@{13@zyRk2$tUSb6OJ)VJe^6p-c{j8hNkZbQ5kwhk zpXv(jZz9x2qtAcXeIkNc?#`bgnBh*a-e3OKW~LQ9Z38-;)^zwhLcrauMnRSE(F(1# zQ=Vs}%MsS`N)9 z3K^0(n#&NCb(C%^3e-IW-r*V(bB!%X?G+y1RNC-r{6j{!y;rpUW7>(uMCK-An|0N97WCX4SQS^RC?hj$Jed@i)mDIB`$W+9eZ&R3%o)F|^^ z@(Y#LP-y_x=$sdrVEPDfCL}A+1utZ7$xo&Lmp#&609`l2{N#!^QGBe8TV-OZs4^UO z2nk9uV6A4z0Nc?jYSDqTTiLIy;nh*oKNL%1e5FKF;8#sf;-`G)lX|;i8X!oHzgIN} z)1_|1vuOqo7j`yVXw^DlO-tOqi$cD~AD6j!9d}Y#iQ=zou+>qFMaVWs3Hg;)lLg~l zr`|mOY4?fK_zRF@jR&-JVHJjdZLIF9FD;kZcc}+cFM|rP!mJ~MVk-=PQ?y7(@)%4E z%YuJeixQ+yni!SY&(EGy7wK{I`48;!q+nnTYenLbep!`od?ToQ);gmSSuU^{-BGVM zRl~M#CBJKKN&&>I+5YcltE6c}UZhtqbeHI3=q@ri{euD_};~~as;$xd)8qP*0B2mc+p_b7S{PBj(*pVF(6R5WE z_)(&P)rmi_JlF((FN|mGxUvgus8G+0VHr9av8SL1W^t@B^IHl*Q)q)aTRKBuD&Z!+ zE+5rl$sM~E3^f?z`H_@qO>9C)1W(6DV7>!&|W3xRNI?i~tnJga9dM7zQHTtke8q&PW4Ar z-phUT`y*&EN7WZ0hhg-bG&NAH&45;sZ;CY&npeLH4;T3t8ALeGrt`QcgA+Q`AZ+*l ztVK39Rt7u&;y)&mZ&BIS`M>)rxT^uW zTB?3dUoPC?v*wTy$cLq9z~?{AX{y?he;y{|&Cw{Khdh4>o#_2X65=BtouaYmaM^>r zqiuO3@8(BXo&#mwDDu^FD&i(W(zwSc=c{RW{ejG_G5emvS_Ee-Z&*_reLjJ4=Y@ju z=;*haS~#w^5wp(Hq}P_AN*d>jIw&un%VQ0y`&-5~=e_ccuRR5hX<(Ah8! zbmH&kY6$E1PkL2|om*I|Tr4)|osl75f!os68Ms}uJ&D`l4!8GC7CbmgI439!dV69w z0lhB8pHbQ#hED~t@!Pz)9sDw=S;3%6SSo|57s#Yl zKDsXyH9H_bZARm`#eOswYqNQxg_YijXS(IdFAo zcymo2ysD|-iMeTdpoo}3$=cCDg!{znZqPU1f1&9UY$PSiR0^*dvoCm|&6?BY(8mPX4q z+w^zzQRd}df01H}Iq%aJESA-h1OhTUWF5r8DjVE67dETyKF)^{Jc`Tf0{VYnWE6ND z0(r4@vE52dTBAVNjk+vgj`jC^M-^w1V!)N$HHzX+szcc;#UGz`1st;wL;?^p8p&I;QG22KuHyZL!J+kPJbdQHPemz*ACHqN_Ge%4r#zQImgeQ&>%U zUd6Bt>8tp=n=!zLBcpW(pN+K?RLnqU+H_d<4}mw?cUW`v-YsV<2EedZe=m|rsX04Y zE9B6=5@Y`O#{6_PKZscO;L z&V4nd9U#gYPtJfq2p&e|kGa!9B1wx@UeVx-Ux<1)3;pq(J!>vbBQ`iom$97I4JZPh z9l%NR|7F4FJtur&*7H}lPf&C=u}KZ2gITt|drT%{Vzo?z)z)wxm(k!vDlBMWgF8iT z(|v;>x#xvd_#>?Sx7lGt0$~k#;$P}dQuYh+nGON}srGnqm`ea{ctQGKV!X-QZB^5J zivZaM)%!DPKs0Lzb|`A20!LqqJ>?Z^DBgPOJuHNY8nx&}I_+x;?lQKl{66LFD7eT6 z^8aM6v3O_t0d(RvS?Pz56#CGV6M>Fn%LWnXK5-{Rpe8*Lf$YiLpJ(Y@AYf0V3ws8q zV-StbCfBsj6R9=LpgMiI zfX&(a02YXZ8m~k`jkifwm3>f&o%F^|Xzs7MYp~@AC%qvr`WLO|l?AO8&y23d39JwbWq8Qj2?m-l+u zl*$tYg-NGI>j-dn2BIl7_Kw!crBeE1d|O|3{k5ii?f>E>x)$VCeX1w1R{bR=Py!_W zxj6%gzv`AmBCJee=l9npk!V2{Gmxkhzs3AS+Ct(AM|N95`SxzJ0zxy zor_du5`~9>{7}_tVgLvNhQe6mFWuU>S>a#OPKTDR8*ZX-r2!mIDf4&g8!Qb{Pc_{ZkI|pa!#@usw_^00UWvjEV%5|idAQ*sE zmWWB5W^uqpe!kYM5-fo(rL3_lqJQv$IDwyP%^2|qWB2OIuvPwPZ)=jJ@yPTkDA7vj z_M0CUX9{DSyXr04O)I`sOA4!ijs2Jq{*Z-1r8RBJ8b?)$f67nxkn%>Pj@edXR5Y(7 zC)%^FP^I*euNN!Hl$fWHGW#Xx>yY9@yq9^Ssx)0XPyj6xlc8=wK3#2jk&&N5Rb%D) zi82$ghLMqMs`}$KyQ8YR&Hto5s@fMLV?b3e{X3hgO0Du;sp@i7nWU=MKW>w%bbiS3 zS%2aQu!Gu>pA|}n8496XHe(>I_WqEB_{fibt|3T=d7F3kk-d@Y`N8^&H;3sjM_Kkc zg)u<}cva{L`t1GxroZG_(U8@osW74w|FL1#3;=xDX8TrB-hS zrT!}hJx3wbuHDF$6nI<7_ zAtOiiyaNiYK^ z)>x;o8@$K7KIJxOpIXHL{0)05;u`A@(}GIH9Mbfs=ID&QG(NA_Qg_3PV zQUVmrRr5f1d}yMCYqG`NX+gC*Wmsz>x|cG#nO(a`bz){-%3tG{V>N5|YItCj_whj; zdx)ohI~O)G`wun?#+*XS%XF?(885QnO&nj$#mSp(-;$oQ6Bld&N&yQqYfMR?v|vl= z{eCvvy6Z|93h~c&Wn7QRg(hTNA-p6O2!xn8EGUxFZGr^Ywd+~G!{VBxh2#thXoE2r z8K9?D8GK2oqDB#JB~QUoD@SSk22`fg0H>RI`+ewUo}(exs;r!6CR;-Psgk(nYH_uu z*VZ{&|J5Ee5Z1Wz1C%$c<7YDe>Nx)Koq7=<%Wu&{m%VK!so`GE^&n*89@@)USHqc8 zd}bRtM(OqkSK;5JNL&lD+Ak}ta@VS*R7VZZzg_ouNm#y=olg~Wvu`IB9*4Zd>;C}tTq9SS;OP%us>!EvUhn_uacCOJu@-ZH zf+Kc--q97+IJ$bU4}SCKhz_&qYQLwm=&BmyRI1krTq(h!X~z)SlmE&lw81}v&}#OU z=$u}z<$#zsWvUtezVnYe9+FF|)RCX*U%yfHjs5@q%WHV#er%7CpV%W%P}+jLHWmjE zv`PD)(fSDfOBvM%kZw6SM0*HOk+l&e8kxy2{s@tuDtSMr?MkBcm&^YNfFokrr7usPfMk2cic|)CidA4>Xlcqjb$tno%w+<;-TFLxXcU3Xx;e{zjV1~ zEE1?eo;|oUSE@f%;Y!7pQxM_rD&?yU!0Ni|Fy{Yzt=l4td1nP}9${3F6KnpUGl@%M z-@Q#=IHmWh)@k5m)u4jC_I_-@y4Y*J{&KhE-8j8$;J9<$cWQL0*lD~N3n6<_=thK ztl=`Wta~g6_wll#QH(@Wm2bcR>?q2=A}m9rd@e}NllWB3{G;eo=hutD5b;Comg00> zdAQY1)6TwM=3S*}Ue@rbf2Mp{w6bi)TE;>``NXSel>X!fBhD}ShW7hN4!p0S_a`L8 zM}B%~NSyETZua|s^25!K#W-UaeZJaFMYujllmP4sc#1yt{{M$Q*O|pVi$3?(W(}k^ zNbt`hHN#J{qqeDrANFBV)aKTYYcnYBMs-z+U9HA@-+crt?1W2%U zJ*Ke{Z)Ptzi+-Zk+oHd>2EB!b9e( zka=I=R2)btOcilm(eQoB4o{g!HvercSXuzhkV7u3lw4M+IFEA8xj3V55?O3eMrA~4@bi(Kfc4-BSC&xUUCk+)qO(CnExL=%p$$nh^5 zBB2C-Q&c?MuM}dl?l~--33VQR{L>rDdN2si*BLq%n3|wIKcs3J-XGQa znwpu%S5@MZTHbNB3`Uc%ASd=#qv$9Z>hS;do%j+RV5?sLA3x7ryYskDaKT#bUnK`P z`Y&{`WR2~^5xv*`}HJ!QTc(n9z#AF|0cnR>8ii;I5zocWN@X zu8WRJ08qH5491%YwfkZjKgbmf|O>MU*kyS&e@M z8%hS4fCNJNE-(Hx>YZrh=2{a4tfSI784Lev~|9N#(x~VeZ-zVLYYi~wP|3EXZbow^+En2^jWV`Ff zRrN9cU2G{Ha00gHzSy4CX;r{2GX7hC-Argw6!UjW8%tw+WRvIP6`Jm8W`Lz+4hsoq z>b1dl+CAiC3M)f6oUnUlBPl)X12OyMDA;e}#Zf5mdB~P2rEs~6=pi24KPpIS>SS&D@ zP`ETctqK%3+F&9#{u9rkV;?69^~eX$SI=zY-&lRaNmbf{VS|TK{`G^z??Q&UyZ*U$ zv->Ge(JD7LWLi@zLbkeE-uTn1a@4AVa;(w$1T-!uFMgzZTQ~)TkoYrnxC|@HA{&^S zhq^I&Gw)_yL2=mT>>b{*AFm**p)(7Rf6oixe_CGPUjpl~LjZRU6#R)P zk^;J>uE?im`q!1GNvwrSmSYO#SUwri%F^cdyPV!|ZpWO{y8al;CcDB68L$htepsZm`P77hp zUdSo6>x|1AR)?SbtF8Q-1fLG6BQS@sn3gqsnYio=BJqqqoS}M=|JiN~@|Fd#zx74p z-pq_`{wMm{u+8A-GR|=s&r`;EWOSVLfQR6u+ipZSl7|T*m9`jh4#1)dBHjG%BC65H zto_H^KGOc9^RK;97>#clEC1(;n5REfRaLvF7Vtx=2OGxCd@MH@eREz`c8bQo;2g=w zENpKHTevGNmZ+ukM_z9HFS5BnU*l;Nd)m7(+piro~wM6{W57Btfm5=)cs8XlfH+Ecf zx~k!Ve5uYC0G_QzXPof$Z#-16wiBb3x;%hf1tvXsxqp9=zBdXQ@#SNeT^Wnsveduk zCiTu7>x4g90h2i#O#GD@S@z2vl#wL^Px$wB+66y}t5QDe+8=&Dxj($)AmB>~Hm0qG zVAInh0GYinC|t=?OVc`gpBwBG&n{eK?}TWxCkrIcFn*^z;uM}t8=ZM>qZ0)6Uce2I z>ARfOf6_7$RK;|5RVmV#R+afy@q$3fbyr~;SD(rU`!UOMY;arB{;7hH*ZaLkL??3! zl}qwht)5Ks4I(29zZk;^D?$b<&4>4m4!I0m8NEpJ4%URzjOJ!rCCS77k>9#CK_hjp zZ$~B91b^OYr;^ym25lc7a+WB_nOY@WPW49@>W&FrMiPK``f@>i+2~pHLY2bUi+D;% zD4J{)RO|3hb3D^;;Xys{S3RM%ABRZ;mUCxm0~u7l)QY*DsJQ6F ze;jrKZchGv+qjY7Al$%DP9i>P3mY5jgu7W*7r3)llPEf1dwVFl{5L;QfOlv)uy%X3CFQLSlQ;qpY4mxsok<4aTj!nN zFG6(Ce^pL@c-WiMpMl!zJ%w9kf_U=v z&5P{68jg27?vX;aEq0uejE|gihDOV-F{`XqlE>LmF)8=%*AEcam=kQo>JEWl z*KE3bg;M;pf-=@}>uMY@3RH!4%Jw7hQ0)Iwb8;(n`ig8E>?}{=fa8TL@DKI-QEOWh zCEQcg_JJ1dkiIld(Vc(Lp`u^yf7NsN$lR?({jzd&I6(PR#2@-xdXfG|r-;7|(tm}m zPXT_V!OSUi{|C~4YKoD5?4hP#M_ec`0P=i*7+ttez~7k+(V6$==zcwJ$kSWh+3ag1y5!NA zBqlfOlUPBU(TxIb}(#RIyG^F z@@r*!oT?Mo=&iB$2`^sTA^v;`EwXM`TC1y`Hy>wkj1SbDpeEa6s#E-4s?d-u!r!ippHT&;c%GF739HUb9X@OP4Qq7Y8M?CRqtAE@D!~)QTfnkfTEZqtEQn#w+ zM^3=O;G08{BxKA8kUccN{(erC7<>oh2NGJ9HJm97sFtOq`*%+?&N$=&#~Cdz>*WNM z@giLl@VXKsBev&A3pc$5zq{MucJ<$C!}OExS2m?Ds*w}9vXJPej45+b-Qxe}VKLG!PD{>WS1q$x_tVn>xVVA8g!8@o?QSN& z$96w6`7SJQffLecL|e@y^5v(di2Nz#XC@o`{f&K@&U2Nt>#$A#t6}8Qtz4XzcDP@J z%Mf>koXRi$or7GhK~AUjz^To?#ti27t7gFV=le6jcEN|qqX|<3|G!g`Fmn~Ab3Uc` zE&02H*HgU>UYBF?3*fcy-?QO0$J%jB;a24r=bKN}iR*cDr#RAQir;G<)8tIBFp{%#Y1b5O{Rc3r5`d8 zVf)?U@T7V859wgn`=m(d*=$ZmK@pU(d@XUBA6{hOVLvGKZ1}B1@qNMMXoAH54^q!_ z*V)`Y``)&t9@Qp+zip|F6eBbcCZXxAY@pTb zIeo-+HRH!e>lA}LQ&Wxf7!2tTFog^I(<*=UgFquJoT;8J4FDu7<_`c!=f__2AHLSW zGUA@L!J<0ofBTSejU^$|`}6i7b77MplO~8q>u1XcCA4AsTNh_fkD8NG?4(k8H9daW zo9S^jZ@3t{V{G18o3sJhIXZI$$tE(%__ARj5aWO^miA@-19CS8Ot=TnpRb>3M&k@F z94xi|7!F({TJYU4{)JKn{t*8#Dmq%`aAUNt0!YiiC=8aycNhk%C)QjMtvi7)q(o}= zo<8Er%f?Tt=}|ka3+adMirFIdGYzww=gJ5j2&|cyT@+w;{_Zea*09lEd5vNAvN>&I zR&}(GR@YJzttZGV-KGiRwmWt~>oa-jXdUo;Hd-GnNujktd4<;J_W`ZbcngOP$Yo+k zKdsm?TGt;XSH9#x5|}49pbZ=Q3p%hA4vOQ)E)w|XA%OOPfCTP)pk27m58yiQzk%xn zu2O{QcK=n|a8(`c!_~EvgzF~~DcXeVVcsrq{Yf+(uB#Sh!}Zh?Q*a%oyn^fHd)xiJ z1N07TGEQhNECf8^3C$aRt!d%5^`uG66HMA(M9+AhMfB>s00SC?tPU7JfA?Hc_IOAs zCVMP6A-RrPbs2v2O7VZ+b9d|LRq|o<`tSF2avfd!Z1%{@tR1(G9h)UBy87jJT33gX*!96fuz2NuN|~Yot`-Eh6L;`}pPpE1e$yYA|$#qQ`NM7=663JH5ki7QCNhG^!5te#|0;W<-K8x-S z&$r?s3!aafpTzU0&t&8IXV#R%^O?#Io}GL-jrtQmR+8iQhZE@_aRl$~{6g(^g34@V zu<;kx)o$+|ow3Q#?^rqg6Ei=V+*yn6-2;H4HX>O1~1g=VvSuKSHsd$(H8@hk=u zD6ydw7sTDzGdgn$K1CdR*a>_}xh*?7<7t(MZ|fGl?H-oGlm`*|&yG>fe~9oYDMi!$ zB3hL5M!Ozww0AjEryg@ z51h7}lRTjnOOf$~SUcv1){cjtIZXb8i#^~Dcgv?ZRCfC($qg578nZ^7>jrvd-u+Im zw5$zsW&6BX6rOTrdu0z1^SKIEa~3wqSM0OdNhA;`dX(T$^$?b;g*tJ(){l?CyBAK z1|vHP6sl+$7~A|;7|$NFGw}8HzuU!^oBtQzn~k*L!!wcAw}(Sog+p3j`)o*a9Rg`6 zAr5Iu@pBBzf!R!k_0byv&oiq+g{O`5^-c@ETB7qY2G`wWB(tvGOqWZx=XO;$i{oI#xn+CWxTRU zc1AbTrHev%TQ$NN$JvG^H}j-TxfYJV1X}{}?YYtV8_C%eycSGIJH=B*^5_Yg}MvN}4WoXkoobSdkjw>c%J9ew`T{o7onzWAjEFxR%AwMANz zn%f!5{ENC-;scyE(`NR3l=-BSszzxpG_W{k_HlP-6UjcuWfI9Z-5imWI3oGxSba7k ziK!~h>?DyW#s4U0ck}vD8I8UE7d-}%^nNOvNbXV#oPTgLdzu-Tp^_)5HgT=qvdtv{ zru@}6LMo?|!{{Hbj7Ypp^b+5O{qGJfZ*DWk%U!#lD8_B%wG7{-#)kE>U)jO*(CUr- zk44T=Nk}+ljgbS^Ir|?Ev;Q6G4qTQsH2eL&_|UYwJcGC+wG^c_xu8pIf$%xHa6xJV zP)=;{2Q7Qy?vocez&h+~-n*K6wEOguPLD$&6AUY(6E(nr6?R%YI;RF1gZ);)9P)lCrBY-K3=yKfh}hDQ9h* zMeE-YIKBRN{xK<{jeatlpqr0UJC2;6RDPHq^tCYpLC@8@PK8PN&K|SBLFOWJpm!z# zV4~&G@%It$(hxHA=}0OW%Vx~#)Cq9^*(b6)b4*%i4h%ZuSEwsJt(ZGwEJDiBdo~tA zuE_eeqY`ZF);@W~zHMRC)<2!Er=7|Gn`7I-=GRZc()Oy)K;~L@asy8!X{&YMB$v^WeKJqE6q^C3?K^cYWLDF^bX5`)c2-E$1>TSshUnScOx9qd+ zjE5T2yQYz1;GEsQBDFV)l#b`FGL_1HwTD{VW6By{kxF&Zb*bZ|_oz;Gacuyc;e@yAprKdp=BeSEnaA5aGnD%s96VH%GXV#C`9yAEC*P3yDow4td4*ta#Y8AF%thhA!Wg;ana>(@n0*9=EmVtg> zL5&)*{CoIPm=Ht_J0j30b83i%qy~vE$4UVVX0c3vNBZQ29=exnM6Q|%| zY!SA~h_4mgZ`L5Xp1#R#fIL}POAqBdWKR@;Cf@OPfyHpXV8NlBFF51VR-FSOHBGhc5Jk&63!*+g+K?D`etG)3#)(1&O6Xwng^5{u^}1%YTl-Gq+H zmf~dis|kVtY*|f(euNjRE9cV{6WmrS2fJ&W*x{%KI#{cG`o=VL>00i^ayVzZSA68y zBQ-a3#x#uU%KaS?|Ar1?->FV@cejaE$tw-EK^PF{uzuEK>SK_PzQTzVB7{ETcs8{l z7H`d|?#ExEz_c)&mO*YnrtWAUDJZd9U(2YODFU`4T>tY`L)bmDL0BRuM40&B#&<%T zwR^u!bjBc&NPH7bj90`B{efUO0LT7dqoc19L8i)$Wad1LgjWta({G)Co-E|s3Fwvl zVy$oyM2q~3ZPaDT8=UvXKZS_2p?{dpKYJ=neMQN`&$i$XCTNpRJg1#>=0NlquS;iU zs!lmu|DavjnFc1eC$GNaQ;v6@TS$Q060ANU9O~OND6#IS9gS*S=4XS6aRmg>&MD< zC%FJUe9y0YJ0z>;@g8hH{+{D+UmA66DiM9*1*AXJ0@NIp6!^#5AkB+2gGz`G1${gk z&__X%K5kbEhvOj;MU8$_r|p`za~6J`$b<0Y(HV-lMX>B%opDN;a-rN)ddPF@CyARu zs3V|l$VWTKCi*!rNk4;UJNm)>#L``01b zu9(vtUAPK6^<|@Ur_lbZDRNvxW|1SS^RS1he%Zuk-fkpDbe1jXN{=^+7h$BqAp#ir z&%X|7B7hMq%UFTAQk^XL6^Zm9>UDwFW6{GRVhiOfr^ES!L~H3zhii8@q!o#~4N8r{ z`B#M_qQ5gdTCjKLIRda~sOWS=2vtc@zZ^h5qsRf{l z$eVo)$PI4|14Til#LXZRXs-s9#cxEt7kG`v{|7S!lEdhtj_?m+T91p?J;n!q;mG-0 z_p2a!+ui)SvWe7M!le?qdXcW6Y+a?Z=q@lsY`~V-;IGTP(vGDan`7~1bY&ZE^#0Yy zY-%0(zpYxsh=0H}snv%&_hs*x{j@$kM8%S}Yy^-ToZAgAaW?q)!5mu5VB(`%%e)x9 zA5BG!tL}bkln7NRBfZH7-s#X~nRr3uA`uqXZGCl$Yy|Strp?M^d<`!AocTxmCsnng z%qv7*v}}v|WHl9Us3uraU16R9i8MnGBg-Pv=jx^p2oZz7YWx-d4{tL-p|pzYz@5dKF^ z-`XKZ_~^ zB{ODmVyt8_`V?EF4!9C(-saEh=u8to)IJ__srETN znc4n|p#4F#|6eq#F2)k?5KtfbfHe;R1N?$D7rI}yllJ5MC$y~V83Jq@*Zc4o_TnM@h@@V$|JjC^^D8^c-xolA8ZiMJeZ6;~0 zfj==&q~o`ffaZ*1`aoZ62nK5WV+5vEq#FvmoyX)Bh#}7blNa+*6qjPW{YJ{mf1M?3DWX-G7pGZ{nv; zUNJ{LuvEebt@q#Hr+*d&{4!TcbEug_CkBZX;*h3Wp3s+{m}-$4+m@jv zpR9E9$@!W^(>E;$2;=WogK(VxqpB4aC^1Pq3q)Yxyd$!4Hz&Vg&8q*kKjYqY*2igWN$n|Gm3}w*C~OA>((Taf`BUC_WkGrUziSTS#-=>{?ele> z!9V+P2`b7HUtX}x|NR=jwWYa?{DaDik0`8pt+b)Au;t}c&F+`eAAcz_%)Gx2RF74c zD|8eQ;Gqr~5p1L`zlTQaUj-4mJANP{>dix= zGY6;*E@{UKH5e&#TX1cOB1Lz6*E~SJ_WyjD?(dc6<@Nu~-RyU<8gl>E$f7*lzAt0x{~#$IeJIJUdMD)B!n3QwHOip zYCl9g7)TS<}N*1fE)Q2J&KzrU(e8o+c?D^c3hbnedk?AAC5Z_u`X`8 zrC{P9bq`&LGr!-x7i(^XSAarR#5esfE>&eoMOXJrZQKmk?!zB5udVmj@Dodj-`Sok z{T*Lw{m`E+{0TDsk&oG|-Hyci<5#86ALH-BQbFSAw&#(}pHa{@%u5DX&4(C~Tok3t zU6#p3i}`}N?cKoFy#9Z9r8)YecIsGC);qIzR4J3!;^&%snh7s_GED|VMin5 z8Z($`L3o*b5nTz#3V7KtXDsktvrxfUcyAi(A&R%-tkA9l$mz~dXW!azZU!7;y=K4iF;6iMJl@H zaAp`m$YeW+tvES{hn}LZ4lkZuz%Wn85o%R6_pfx<@oB|JTy^UOWT~>O+Kw3y8uE{dVIw@1-BS-!my8jW4XUMb?(_ z68kIA90TKXG~n48Ra|_LI1h$XdMdVUXI+);~Z8mURg6N zMuhrUBUEyeB;#m&WT#$%weqwu{>}#Q|ErS^n3tk0 zW_y7N1R5H%)*S1+>*3ghm5Qwp^{VsY$L z!*tk#Q&c2I>uvu!`nNq=jxzkpB8iPP`u9EXBxffCpOv5P(b6ZWqm#z1Z11Q^M$7T+ zIZIO$K>BHXTlXo0`P{?6V%<+y zg3W10t53~&mE@?$={ef=TMvI4qW$^iY|y|lQ)S>UFB8OM!WA%_6(u?Q(0OR7=3+5% zs7R>9A=X*vpI8I$_(TG*7x}wN{V20k-!@CtsMLH{szIf?1f@9FptepdYpbmjRq94p z>Kv7N!rc_hb{PTx4?=tHW{o0lr!Wm%e`%TQhv7&uAnf^fb zRhobk^e3j*5=kdTwz6u150&6M#D$ZP#U3jT^vOI|PT(2Sye!gWA8O*|5XJw2sSM}- zG{u+K3ao|{wjyf~CI+dEL26^LfAP{?#$*DKDwk+Zp2YF(vUiIgGWpUh{(^wOREMM5 z`cyqMJa&+K$$yIRtM><9<7i3;ZRp=h|9l(Y_(1o7GOnl}#(MQJ6Hyc(mwRw?C*IWw)v(@vO z|IM^SD>u9y%2IUoj|QgBSJ-lGJL_)kg+DBhX&36JzZz`%^Tn6DRk(<>p_KH;1PQ|z z(K`O>9BX&#`OnbX_{ev2)m1#5O&IIg!Y_if_>10?G_HZhR&e~6 z=r>(8UUgscivT~$0KZa$Ut2b*iIcRPmD2QTvaD!TU63>C91m>Y#f1GdQ|N6%r_ z?sc?)EfJ-VR~!G1qcWo7_}BbTI_)$iHtv4@MrYJ({8{_&*#AY1Q$;KgmR59LhucKf z{2HS9HB?p-Ii^&&P$ujA#$f0q^ptBcU|~wzvL8(8AvWuVD$JGuX+pzzFlD>PnKL1K zGJml+eQ+v{OpbPwKA8{8m?&<3+=Mxr@xg$kurNOc%`(Om2>NueNn$c20B4DB?Gvs0 zE3ewbkLiHG6Z+QJf7TW}rbKv1@YVdb^|5$!v_4POYoPw0j3lf! zMd8pjJ`Mj-H~fap$>H~|;kT1NG<~{QbvFKCHvVt_VB`Oehrj)38~+uVqAk z#V2U|&NuVOcf;{_PL01ua{T$3G?UH3mEJCawBmG#r~tYZ2vW+(jN zmW*M0x#Q0zV%KRyjm1~$_XvJB3Ds_aW8UTaD;A|sV}(M`Pn^RZO4_;>{xtdG@XYnM z4*c|gxIQ$0J$I%vsyI14)s(HJ*&L)Sqvw%2Wni zi{xOcpzHv)U`w1xx{moT0wYLM>ya>+VWgc!6QY}!~Ck4bj%^sFvoN)wEsWqH3T{?lvX9~{Iq z{t&%wxp5E7+pJnAY?9BZ8OgDGKv2Iq4T&KCBKl2n*fZ?zhOV0KwEmU|MMv3BSL=HB}{om_Sos)u8%$NT&X*BWaHn znE0Kf`NbbfSeHqPYW7RC4DBm?Djtn@tBkwk8 zZo@O_-};@1u)X`0IoT&b1e+eR|7bxoY7}~aWM*JHq;A8H zzhlvtnxCelk_V9k#fvK{um8gFcWGbDKeVr&iBH8ErGV|n-+d8;P{2x}cfZ(j2=Dtv z>sRpINPWMM)Q=XazYD1=8-c<s&}n^gHzt5G9Br+k26(=SoUj;2bQBj>k_Ar&|1UO|`77nB*#x)Eu+< zD~gtR%P9J`HT+V~L}Aw_L}4aoi*~)py3r8x=@+CE^OKz+W}>oKF-NuO1nuc_ja}J9 zyBP%i;JaxA4bRDab+RL9SWjJHtt#Za#3V=4Q~d>pg*4rRH2;eCQZ!xZ@B0Qc{rixn zEBtP}yKCNTDA4o-f6^r(O(zD5q`gSTzYoHGH|=~XPAR>$DMhq|9_P7vv~UT+>6UkQ zRVlOC@5@i`ekycNp9+ru?y+0`8&JA4fkMy!7yf&}tszldSNh-c-;?%9=fC&Cf9Gr2 zP7=i>nX;TXk`!8E`e(FGTS<;S zSBfr-QF*!RKXLSFb6@mXbQ1LW#JTD8xo1bC&s(h6t_=6{4x-OC8E*G?(&$su;i&2? zhC6*i$Z+=^6cXpPr1>k~NfBp-f8%SJ4EN`}XEWS4EV?(_uNx8)?{~AtSIyr&kv$R+ zSsH(J&i|XlG!%SN3uepaExB%2L-{8?w~P4hgCDSa|FV_)uf($}*^~!{UR4``3-PNvK1-DUz5pNP^~pCg?bJ%+Z35 z)x^)=;G|gpcYl$t7#6YIwZ$E(_cyM2;Ixo(-#+;(bEiMB?$s72FCTXs-?XKx{n^E- z&$<|h>cTFK3fS#%G~*KJFjPS_jQs3{>6j;X55aY*ZHFxQnNrz~4b<$Nbsd^e2-GM7 zR%>URi{hM)mcDEmv_>$q|FkE!498nB<|r5atIhoUFPlY3i}_N<`&Dq42%4;5W+tF3`f|33Hs}SZ4vg21rT=g z8@nZJ*1rcH-#uccw1JoaLyo>j8e?tSM%@N}x=%sTZ?zqfo-HTxGp8mJUD&gQJCa-3 z4Ot}8dlpRD{z+>OHbi=AL!{L#8r5c%b9F=g}{A`9qpthOCY`PIh1e+W%?o!B;- zeq<%bGn>s??nMSa1DYNwb7%_o7v4L%Ei}FNG-%rIpSwkq|LwfpBWYrrNYeTn_`e?} zD_VR0@4-eq!Bz$RSi@KGPXhgVr`ukNvc0rQ+e)Swzcz_!y|tj`(66Ewy~<`-|8LI5 zyfozPrYX64>p_|5kk=-5d+rKG*RrQn8oXNV5jyu{IpNZoa|T88nsKpT@gj=}*CH(C z_=PcmVH^F;{oK4ip?3QfHOI3Bi2ot}^<8c{T!#g|SLy)$`d@;g)a05f`*!{SCCC5Z*oe#N*1sJ;c4VnK z_syupeSg4e$~=+45Ccm(y5XX$Xw^SvKOz>;nJTw1d6AD$b2NW8mO{wb%t5ol1dsUE zq=Q>2qppE>TT~~YtJn|Lv{*rWWG`i_DN`0|jOAlCSW;N4LU>JIPpf7^cz|U8+x02gpvs@O64~HSQc2YV|9)O$oZb_F=;#Fdp7@2yvDNh3 zi`@Gc>eyQYNl64-QhRp{EmXA1pJGPNqO~RggDS&4qhLi2w!Ml*LoLIkzxo&dq3x+@ z9$jXMFXAt`6W6z8fz$j9&R71(%}a*ywhN@TI@wy* zqWV@vr24e`M0R1{CWKPq+w7bj9SR5A{C}T`*aY~-3S>BIvEN{uE#ck)+kvjSvc}%E zcXF7xIQM!U(Ru~Z#g7`VSVv#e{`4W{_h{W(x}^$-2euAuy^8N(Eg(0P=IAiKlzC_w zfUox-K0VOyUO;9wchOjMG+y+k>yO+t93qL1#<9X|bn9fgm;l#NQ**^Um_|dOPpH0E z*ws)lnOCC8kj+Tt%7vzaTE*$G9idpEe?$zckA^(~_tR`}-+B~tBtAn5P; zj#Iyw^Si)OlaReFV%l?cL9%sBjs3Kcl-?Znt>5=(P20%C`54^2{!jc7A0zq}^DnE_ZdxYD z%sQ|1d(?Kf7y0F7PIIXA2lfrQ!_B1m8(wZ_zG_|s+tdqw*Y-3O<%iqU6WW-dNbUKO z+SwD*A3Ba-+Qw*|cJyk8AK8TQ*E-d6BUDfREd>rzS3-S?<4f8s< zc!!bieziM_YPjb45(({(P-iPy}v{ ze?nznsdA#_=0+E)!HE%SoxFiXywgoXYJW6@_$ULT3oq)ZPY0;MzI2FlWT_5yqC<)2 zg(8)?z^b{Tnrcpg?A7`DjgxPQE*#UbcH7~)nd3%&99eT1uB=qECOD}U|A1o=&9RQ_ zRY}e8v@T13-PUrb4s<%lnE+a?*x|zi4h9u%qAMyi1L?_{%0RYjAPw)fC;}J${zv0S z*6#SDbt73091Nnj4db`qzzKp52~NGZvyT3jf3VG*R6H`|TMK~Lj{auytq8-+6hl}z zWE<0ZQAGVP1 zi)HFv3u9LnLabLG7jpCU{IFsv<23kw*v^F%4}a0WWL=liDMiiHzvb72>fgp= zot6=3abD!-k29q{9+k0Jes+9Pd@V{XmId=zEH7TY`^k6wgS(%6ziLx_4fcl?8v(YX zKi3m&zE1Gea(4@iV)$zkFvdA2v3wGq{Sxcp-Wn2&i|NcR$fVCDpunHl0uQY5rxaOeit2r@-F_KbV&1LX>Rt<1t0Z?qGf; zsw!KSNaIcUzu7%_zG)jgFG+p~{By@R`9VUY>}wC{iG9tU$OcZXUt%|RmGS;Q-*sNo zS3YC0#B!JAsEj4IQqshIK@P1|Dj~^a*sABJ@gR0zYjb$)NQdB5u)JYgDN9N5n&=(% z@Hnyh;j_-ghr!!_RcZ4_T#3ihe@5fa^2h2Hs9H*#(KtT8vJCcGQP#lSNozSgtIZT% z5}T+&#}+4W#(P1&GHa>r!ZDCCbnvo?C5Op2!*12-H1clj!e^G+GcBq22*Im&^8+}AL zeOOXm8ULQ6zG`hDfPPjk>@;P4h9`4PAeVYXKjv8LCo{Aj(`n=M#yLF%U3@&l+!_gM zs6=drgCpz0I_r+PbGXjyE48Oa>_+$e5!93z2f;vpwcDrF5FexLiO=t1DPJnNjS?TbyAD0Ns=Qte<25dVZWB5A@&2P1LpFEB4xc3)vgelm;TjUqrocFs+q0?*9$9=zVx#X?%O1 znhQirMTS}K9O7=3L-go2DX+Y7KzYLlWsQ!$u57};iD<%Kw zq^`u54^K1i`B&eU&aM(a0$ACrX6jw{PgO#SZi{tO4t<=ysQ?-ji^|s%7G+OZ(Qr#& zVquAr4&6^$C?x!#kLb|k>=Hr)p3ggbP3c|cozKF$z2ju!=IrcMy>H?KwGiLgXL3QP zpYODl^+YaIy!(ZgfqY{lHJ@A}8}1J%F}jJAHSXKe8SYhH|Ee+)_PFNIIu_gwOq+Xu z7A}^59^z(+b$I%6jRVLSyCiCnkjN+&*>kQ7LE4NI_~oMMAx8uJ^wC&O@j>xVn-$H>-^x@?5O(k_j;{ zVB}up@h@4GPr>|Dx3PL3p|VnY0`g=DkGOt zRamosR0UPiXkCz_!UbmCs?kZi&r#>SWA_jOs7~qXF~^71rD~>eVvf5O#z5aV*P%i~XMeAg zp!lLqU4~RPa4_BCu+UrnWf7eibheZxu{NsR-dl>Htg;_z&xXOyqX8S=eKwFKF2b*O z>*j#In6a={ojBIn~eA&d&kGYtWLbJo-t*snd`0A$C8)_ zbLWG9QtoErPe|YWUyU(Lz9vWgl2R=G!ujj3qVadM@;847muCUe(P?$Mw4tnLUa7Yy zrfg?4Ai5Ff;?K_E64^5EqWtoXETQiBN||?gL3ziQv?^<^>+z=y{5Dd1*h zR)qV=<9}=}8*X{<^Hn9Fen?-|^rs5NgZl)o!TH4J4Pp)t;;=KL9kOT? z))CIe1|2GbSaoJ%sDB?SY&b9Mic$a2A`xnE09-ov+~8XG*@aWB_>#ifv}!`5%NDc4 z*a{zzO#B7#EC;gIrH1cV@#dSyi7BvDxGd4UPSKuqg=48Mns-v3epk8Q1^TV#NH5aw zS!xo{-eEp9!9-pxX~C}<`jtC{lN`s*Bn!V6^Fb;B#u_{6Fl)fglgv>EROv6WQoxDo#O2cbms$m1{FPTAcT<&{!VO!M+OSUXRRhUW zs~<#W=1?6K!-U{I)>>A~U`7bTsoj3WG+G8ZOP?W}vHpZTY@uwh_>`OuJvw!OX_I zK@H-e#>I!6FQg}y0HwU|dNO?`UFYg2>$<)rZ7#=L;<|3oGDv%o_od}*luI=HrZTYq zzR$Ggf(g};ja1kH5monE>=&P$YFa#TXyxjM(%8NPKE1eC%_1Kvy zaKXR3h4A_%>Hen0p(WVW=|6zSOUq+s40deSZ;%g6Xb*Oi#J`)g#N~mQp8@KPKN9~k zAHcU0&kERH zN;xC4zu%qWe#!^!1yY;5*EHXqWhyiv&;NE;NlWshozFs^8&4rtB1%rAvN3t)Usb$v z(&$+8``Gl(?J9A!D?xVFOd1?({)nWqql=JLkA|77(_J1zZzI+$3}Wt5nF|UK{01T3 zZ1CS)!135u`O~DS3}Mkx{{=6--#>JIVlrE>n+nuFlyUxq=f|-UDFnbpIe`3|PXOf5 za?zTy#W_Om?8_I^Ov`hrbL4C69Qi*&3De2XzGyG=d?X!(+3S2*<18&|j6t*#Ekw*Rnkb_N|L3*^lGh%QoyB}1zQ2y-yWp( zEBD+BILrB*Sbb~FQKpqCOi%Osor&}mi7k5KardwEyOuM&!dFY<%Oj=D-*+k{kWKmE zcUlg2CA^AG=~+J`>)xg7zb_>+UHRbGOPl}QiAu{FeulOi|Gwnbp8}ug%)4!Qnd`>I z{-QcLHKrYu5B^>v!epMKGOsf&5i6%ZI3bP{00N#cRdf-vyngNg*6E#;3ISX?{dT4)E$%va((+k~u; z{z=sDsc+jb3B6qB`UBZKsT)!g4^#}e6W_9^9yES~8eB6*eKQ*F! zji?}fB_@=l>CZVN+d1N< zQrp+p3RDv6&zGP-??~y-6CtK{_2*@TU@`rIB^As2`6I_dR_Uw-mCXVe4!enac@D8Ei@el z+J~v^k=FMPrGyK&^+j8}Pry`#a8&p3i71(Env$)U9$(FyB{Idy$2@%aLx=htTgK zT`I2?umIjH16rhITAEa@Z=qB!{_()s63nGQAVz|S8#Ds`5#^vAHLDS z(b)hiC08f`DM+&TZI)%UQmD!VaXfY)s*7S`&}qA}gGY<nI}e1(*5!C zL;0I})W3d@BA-1SIAc`#d-56!g>Nkb`ktsZ$va@{mHt&jHF?F`QE=XJGWXYaQu}oS zGq~@h{z>jzlH$IPd2ru0~SCB8+QrhgKDmvjTI_sY|k{r`C)d&J*w*S9bJu6aaw zNjt4K@wAL1aBM1jxmWh*!+tCVBbNTLwuq#Rwj!gLafihhQ^-H{05Juf=5YsmWR7GFG6Th=90Dc)41lh8 z)~ZF?on^9uDob(3$YD!c&fu%f9CG_-zw2_bc5!}rt+NTGwsEJH5)f2wI%XactXr3+ zRcf{^j6;Vx!l++*%kR~Rsm{D}Pk;5-5EOQ!CGNieMB|xk-vyTV@+wrm-A|vN)usbm zuyA6{uG8nnER7^{0@?hzHd8-T`-2?23u)W0)|I%V=Rs3`Cur*AgN>%Xe313=So$!^~yg-M_*u3EU7n>J76X$7B)#e4~zrt+`=|}Qe*0#m5e9u&)j+axw z&eZv@Xq}>;qzh3xREL>&oqE?esmjdEld6&mT5S5xK>qqR@uiKxPEpy3wxqxXnc9-% z|M@+MQRcE}yN-bn|q3sG*_RqKSwR zGnX^%!gJhWWw7P)=a<|ZL?TJf!K5pNGf)N7@W{YQYh!91gIN^W{sTM4|#dAhWbp*Uf-Rzv;) z0ps>b?FbmiHzUS4`2tqva+CquqC$g-GxK~-t; z#r6}k-kZlB&s`C@oVz9_9{sjho8kT3epb@D|9V*U#TdGfS$zVbs1 z@_wSlW-`UJxBphYSnwL1{<2tD%akwr-MCx%V)B2%f4_M?#eb_>2X^q6$wSx6UBcG2 zt?37?ZlC{tH@AKMtNv*vf~c@6?!td<{MWQA`><9+kQg-3Lf_As)F17@6vP#$$orB& zEX-^?EMGx2Xz5o*z@jk0yd}{jm64BW5=VQu)xN)(Z0(MiV*m0R(mS4oVA)rk+16bW zQ=B+DYhej+?Bo;0Y;0qU(7$}%_7cm5K#{G8zSPgT&vAl6aRJ?;Zem~=7F+q==nO6Q zBIKBSH+{R9!_8eea7;WE|MPu_Rt8w!MVrQ+R!tEvk`sqL>`yjim6vXT57jTd`Hx^@ zf7+kEL;EvR`a~BJ73J7Juf9}O_xbjPO6{iijWtGgZ2EZz|BZ9MXjK8SG?Jy^1;Sd? zS2E%zSN_(X@f}4s<-~UsM<1jZcf$0hXh{o2AD}43&P^5@OtJJKE&?|2x}-#y#E*^7 z-#8^54T&eSqz&0mbh_Lv;kqQ6CEOH1>?a-c$`Wo*mJ-t;SS+1=Wl6A6INPoXq|cKO zwV}2RqEziYHSSp`G4ek3&tqfQp4Ejp$;DOpL*m>liF336uivYulB(wv)+(I$=U<<1xsO)v^#SvR2K0YEIUV3xbf1`=1%F51=dxx)-z*H{A!ML2 z98eP6H`7QwvQGjA+sS9u5Q-l$z4`+l4ZWMj~ zlkOAy^S9e1HqrJbzQe0Edu6qmJXj3(DH8k#xu&?>uu=DfF4l=PzwZEMSgKDqEYI%KSo)MTL~r7@z`haR8Hvs`;&WZ; zK4pK}=|-E4eOiXn&Fyx0t53_p(P#VMg%RK0qoxO+dWGe;+o`RrKGh$X(Wj4>W%p_M z-MjWFvi52$bYB1Y2NO;5qu+++SAWB#fFcuj;OLdMc=FTHUr&kdne+!6;nbyB7sF!| z;rW58Jg40u1qNp$Dg_>i+FKRB_l`2j;WHLWTGyfwUHIcpCAF=!(YUUyDf1$q{_;}Y zvasjyE1OQKTUFCXo{Ra2u4mq5>Ai|^FM_LkQ#&@bJVE;Lq^mFeV#UjD9vq!{met%G z8w>%zlDzF>O{}BN3y9^%{K6hiql+ybCmcT$mBZq=LcGR%OgXl8NB8Q!{HiIp%!{v6 zmb=K3SjI1xR?RQTSJRaIBrml)a-((fOV$++ICziKy%cKdLglzUEC~ExJ|3x+E?W5q zy1O$K{g!^#CAtufmb)Id&bGq~JjB0MIRE!EfE`Z~I>pNkIsu*?1{J(OAd zKw)s?81Z}elBc5UGepwCUrmB0Pf?7!W0*B*SOWCpn=S<@?9bK@r#c-Q*9nxNO(f7+x`4Q8E4-5ax7;z@<#s|Q`*=D*%8 z)%D(^={h?NhTp|}Aou%x|Ggrv4<#{K2`ZN_}7ecq#6WPir=s{&9zm z8vmYo?0v+F-@4_XiN$TvdkETN!v47}pMUJBHj>N}+tt@FF@K1-D;rv$=;Z_c;9sGi zeJow}Vt3h(M1bN!DXdcoopEzY#{~_8(Q4iFM}DN$xY6 ziuy$y|2a6xf6n^UX!Il=0spx-jsH~m4b-U9SO+_jKFDR?M-LJ6%cwE#~Z4 ztCLK~Xyv*woIF}~Lm(hQ5yW>lP6302Vgn%r@XN%`Gn#u7-jp7Vf4jDO#xe>=0tDvw^V5cK!-)ZJ@(*GNkVK)w;<%3u>E(I| zi(0QjmQ>;2V=P!uq;hzwV@a8qJBq#wb2kMH>9C2TlG8#9@y?7nVWb>u_|Bi!F`N?z z(WHNbwIl`*R~%0m&P8{@aPI!4V@&0GiRn+A6yax@eKFQlr1Wce&t^@wfnf(m{7paK zg+Hm61-6}>xNa9F6)?FCZQqXO{6m8KN9+!cw(lR2!m(61E8Y>EVP-bF$;#>&VZ+gdckQj}Rz&p=L5Im4*3xWMG zt^A~*d<$WVBcpRThRBgHR^7h8kSoH&R+7*_H)-Di#Wq-IWk0mzHq z?EmvRSx&NV%~&Z{ins3+>bC0VT7I^P8&d-OimThkjoHK#cV%ftPEKXjz+$1Jg{&HR z!d8I+d9I)x0=e;~Jke^Wv8eytf6*K(-gfh;WsO}{i@$w6xvI?D^V`zq54xPucy0~{ zY|3&fON&?C(x<#}&(-C{&DAeQf4fwRWgaw{uj6vb->y8NTKD`mMtK-bP9>FRg90XCG;DGM9f`t76dmJ+QBe^R5(OdHiKJ~>qvD8ze(ocVIO2$agQH=Q z%?(5)5M@=VwsizIw$c3Wd+Ofqd%HWJ&i_5n$D`@KeQP=UIaPJ4>M(lb^!8JHkNE&8 z52y~v@AGs$EM_gjdo`&e#2GKkr7`Q}CiIOYZMM`OJ6(`)jn~1`NMt+^Edru*dFRQd z4Dh#p_guP`}fz`QAjKzN`nKb8XH}YGDd=dh~%yQ_RTPG0c zYz(!;HA@J~K>>ooUb%QrC_LGB0f_4fj`@<^Ox$*xh|^)hlGM_Y zcXxKO93l04Uv| ziuh*~Ehds67r`O|?AC*4Lp~QvRxuM|e#-Oy0%yKfpd5-TTGmYKix3scqgVL@1Mh6w z7eK60uYQ6%TFn;Vh-CWm-LZi-z-&*myg93;V48+G{N9{pOKBz34P=*S6vH-ltf?Ns zCnf&CnhU`JRk8>!#3+-Wfutn#$u$pfi!G>6aJ2)u#Nxz?#fTNFSuh31piNSZEF`ta ztNiTku6rs$BTsgnYwk1>3xr?7m=cN$`x3FgHzSi%2;W<7c*^UFoACyul038ejP-k( z6pi&i*M#DnpS`Cv4RNifNdf*=HX-RpW^KUczuHjm{HkwV_x>X7oBc$3xWv@p6@Xgc zNEHKu6dsn3l;pG4=&RI+M zx<+-IOL1GOw>MyO5t`g>lBx#4Q-N0ynG@MGoCm>uLSzlMRcb@MSa=Kl$ zovwR*Xl-o3U5`B2X8DQVkUF`*8z#`>`^rY3mn37E2KYI*fdbqn%7XdXAG@kPK(dX; zr_HB_OvfgrJ!;uya>z(kKkzSj8;T%^@vY+cL=Cx@`;xY+AM_{Ez|Vqs4(7UBr4`%?L7;leZubCCcO5D2{@ZL);oL4pYC(deEySBq7}{ z3qYbPSQm0)$w!5FFT4L)?AK-h!m#U2u9%}SDkn`b3aioW_cc^xCEz4CfWl_UA?XGn zvH9RYN^v0R>3Fs0rR{52mypOH&smF>gRO;d&P%0U;XsL86V+O_`#F6EBu24QZb!pH z5dyx-aMqrb2J&fwB(_#aZ8#w!Njo8*%W7HQcbHe^J+A9!*Uj<~AYBjvo)pY0!1=S` zWt4Iu!kg|2`7CiKyX1VOh+;i)pC()d^a*7WN{h)PsRo7IZB|$Exm22geA?vhDzm=f z1*B|1=07SA5ZW*)Oyoc!B8T~@kPro{JZu+?t(M}5o#eUFT_iMkkYNB4thn}qfoo*# zg|9={d23bF3orbYm`A`jOphi>`ta+d0^zg4|Ab@`BlHFQMJS#Chqy6>QMheSgZJ<$ zu18j3%Q~dT;;s{=;HiQTM2iT3K}+}7;7IX8Q2JMCePD&eZXbap} z4Qh5hn58oo)!ENrEDU)mBuyYE6=;q$nr^k*M!yjiJPuk$Q>S`3&M(N{%~gFy=Xb*EL^y`O60lZ5f`ku zwI{Jfvq5~SLZ~&IY?uSEyQwG{;bRQeL#6_2xIx@6csxtOh(_ybVaBgh~(ee{Hy+^7%ZbC6nddDJTaf;r!JVk0g?k<;4&cVE(Rk!_p=seVOkU$$Jw_&dX}Z zIlr-es+_4&3j~<3pi!{KUcdZ=y)0Q9U~2*$aBVdvwC1elI19@zIPC7?7Z^x(Vn6}`qh$HCGTxIOM+asw&nDF5D;dn2#Q|l4&{bCp&SqPj z-g$Qx20rJ*114}?aoU;Q{kuj4M!k*6|5K)?$iOtTP0KIdk11)6zvD{Zk@|8j@4P?GPEzHU8uGEc5$1Y?0+x zBT(s1#}`Z_-}ZG@f+#)q2YrkDF$jnVBM=f{L@YpIv}&kM_mQOG>i_PDNnAFG_-vxo zN7g=DhGt0*(E3by)=*&X+ckF-e?X|)`+(8=h`u6ty%Fd#7z!~VSu4a-q6mm{_z4(_ ze-AmMt3|H@WH zm}G8+MPkgwqxr$u;O7}!g!VCLDeVG3+X`nqdIlF{trGuV5Lr7lH~X6DG+<}-F?&-<$o1r^P;(BM9yjj? zv=VmeRCPJmKk&y+_i2~d=^lIzQ7Q?o*H>>L^`h?28i8dsEG|tU?{MK}^!;m7peGGi zL0Xvwv{jX~m0QU?n3#I&x8Y#nKVVy1%L69|z8iNj3a4(%5ho8Ia2* zT&(R%uHjaat`IZnMX(F(8DcU;bqrF#r2LhR@*pFCbKFseVptXD+FKy$D)g@kH-M&S z2HfN}oIuVfLWSLGfutN@pz7KM^?8V4xKnzdgiFRpxNH+J{7%4S6UES8J$e4XI!*=g z%Cr7>R&DTTV+-!5C~)v)vdI@q2{eCrB4_maH&^%csyEhcF;HnPf&Mm0Q5=WzOi_e? z#>sz`S$M?iwu_flPs;T58{Q8 zLl=+Y^uN$TvMRHBy!#BMYi3YspgG{Utl(fKc$FIcatO=6C?WK#I6AJ(RdIAoNhf?O z=^lIr`+A{V25sHEcPG*^`uZ*yh?+R`cHRXXE~cU^OtHKW%!d+(4W zhHWNbM%NuowaD^dnGBx=a#E?l;yWMF*BV@~vvj9xPQU%p35tBA8bACb3LeTd>*t)h@n%57qD=1HlB_V&!q$M^Ph7Ky7g#U6JIgiqY|I28jmp#e!~EXZX=$Ago7eS7ULsa{v3VWN z6nie;RWtT7{!*#!sUyHD~v)6U+4v-zm zf7fRw691tU|E<8qO(?*U_x=+v!Hz4NHyP^P_p8wV*dkZe3v57Bo}=C0M)|}&(UiaP zbSpU`Nw~uO8)1Gw>J%pRe2!*TaX;4#47y5@uEIk9-svG9s z54^vGc*Lb%Zi!xcV_N>6aj+lz08e?lrYAmOgmv1w2MPxd<31Do*s=s=sc zh;Cf>aHwne#v)b_tu)}eb2H5_0d`(21wBHsxzCshg0TGs3?8N+cqm8kV67#RWZA1` z4W4?9lT6NInN2=o#DmOR6C2+)luv1MRmdvIyrr}u$vM}w2$iD284t@CAY+}N;Wbrc*Y z*^x)RHg%0^Jqr6_Hu5}~H0o!5c0YINHaSyfi{;bopW1)WD5DQ>nA;Fg7cn`_Is^}K zp+tO4+(5JedygPQwDRLUEvQ(J8~l z19^0OUv9vGPGNTyXqL?+%0yRv4L6dMK(89sakb)I5)LdtlC<6k2>bSd>;4wD~ZaOQ@I&G zC6!zW`^k;g$N*-!D*#HTM~`P;snZ$>@q>gG<`;r%EotQoe(- zwaA1*A5P~JzoFq;naxrHCFm18gJ(&>yGy5m$VvTcYeFLt{J;SH9$FgGH^>tKK+{h+su5RS z^c#5}Tqg84-`(hZ_gC9HA-lTBS>R5Sd4(z^2|N`i^c)CF(Zp2@mIo3K7|#QpXBmF& zfu548u^xz4$n-!{u^6qrPa!tWguM?e5{AX1W}E=3kcMRcDXkR@5d6_%9n6$M-+LfBfk-?8Z>vU8}8r+^(?3YE804Y=6XX(TQit zA;2nm*ojP-#CrOy-XSq5kCthZ&lCFx#%nhJ5X$`n{vibl3I6~O0JlQ_kVa%PDqGZe zb6P&g`K&fDX{jwZ+v*CX;(IfEr+%vX>wxU~Q4)^eGXpHc0h}M#uu?1hkjWoH9gM(O zc%P%l;>V2)Ev`o$AMVDGA?{30I3UY*-Kb=yDc}+q58Nx02>2RI&*We(m$S+PN%>S5 zy=0?d6bv59VxKctY9X_w$Pw_+MGZx*%TbAFcySOLN~i&(5(`Q5aSB-*h^#8HyjGbY zErCiVP_VTgw9g4EId;#%waA0vM``Zu+F%X6o#m;b|D<9Wik;ZYd^i)cY48%f+zycai_AqhxbVd0GP8>#SZ- z{&Hm9PLfU`ZMmr;Z7u^Bp!fesd{W;ny)ADboHx&tX46S)a}EY799D?kF< zx8z-ZwQ5))*Bpn1V+9gXZL$*m=qxODO^wSju@APik>8xZd`{a3L@=0cpo|u?QaNHE z3^Q^uV{4@4HLS|VS&b!#M#eJGp|O`(61hE+1+&VUSNHY7`grBbm{tdp<-iK3`#d+# z!YWm4MXI(HSYMg(XTSwpfxttWM4bYhb}rY@00jE8u^#N#AMNvOI&45PQhOnCxc^IZ z@6E}VW@)?THK7D2qj4<31XAwCqp4q@9;TT(@R}LmR76u$01h>6Dg0FncTxWsl?6`A ze+T2!_Cng3^hXHXun^M~i%COeH3>UZmaOTAjG=e2sB`T%8pA@vcQww8S?wo=NrtaQ zC`tY8DiT}HioXObo&c5acuqqWAh-l9epHIKFno7r)1Dl2ItYKcp{Eu0=Ws`0 ztI~EWxTYTIj`8PJr5#pYgQ_7{~7tb|~f_$&^z1|ccfCI|l8 zkeQ%Hfu?3m%Kq3As=KPV^2*wS!nHp^aa-+mtlctR?ab0atoh$+tKa%x9W~#>qxx`S zbiXy|c%rLnq}lPmrFsga{Y|N!O8KVbbX?5(ub{phP$bKmI_qNw;v;g!LgO}4VUni8 zZDD9WaYD0>tqqNV2Eg2=uV*AKnc>>|owe&&yJ@`ICA#0A=UP;F$60e3Yi_(EnhNN5 zM(GIl`KDE~<4eDgeyJAzkK<9jf|_zteE*GdCNt%K24)T-_y@*(SaBq|Ok`k+)mF*` zX)7!P2HP4Q3k79(its;Nv(#C05^J_ZO<2Sxy&9Ku(dWig^G%Kbo+x# z&ku{UH|N+r7NAX>?f!5W?SAklv7o91 z{xl*V?_)M69Djuk&eOYX^6~K#$ckCXVL<;{;eY*JhkOhXU~KZyd3>yVyzrAHA8n*~ ztbBZlEQ@IQ@cxQ@G9J(kQ&}d>00xZy`Z*TO-a6!9?kjjye+2+5Fq*N^3`WIO$$jtM z9Dlg(CbMpP9crz_qu4)G2mQu(kD}l3Up4*eKaS8ZfUA{a>37X88~yTd(eKceozb^R zzlD1o^gC8TTx|5KzciM9H~whR?>#9VOTXt)D~f*V4kWp(fPmWw!THHwo4BgZGpP!} zzDrtU>^bLW2QjDOQRR~_EgWqi!gE#b5n^5-b#ZV-%H6sy#?NNlG?}$ss0~^scZ;Is zq5t9lmWQ@R2sz@7c!W&bX(QyUwG>2bHlydeY`24m%Vv{^ph^qOkE+KcbA$6*^>rgA2f@l8-3MSjJuUX^GF{A}jZ0=7Eik0J0bp|JZbBC@`I5!2( zl&^&!MbOS)5fAOIpId0-4xo|!>w)j2T@HNL%_6?0r~kVoWH`|s^u2}dLMa+6FeRuJ zg>Kl*t4Ggr802c(VvDxFvFB&fZuSFyu1cN{1@q~u{8_%>5Rq^3#achbsKHhF8A+;x zCrpbRzS~mg^L}*DGXsz6T>uJtu011)p06E+3|+h>Ld=Ba@re0xy+uq6CePeS8S04M zLDTj-9WaCbJI+VT8TesYPHh_?ECLCnLoJ@{p*|&-8m0#IhPe5WJTV;6G%D3 ztZC|MDjwB!G4;}sLlI$=H>V)n^8@J0Hp;2Mqw0?O$X{2T5uB2@g&g=Z%x!f9jC%gV z2%{#v9* z{2v~zk6~3=8;r`3gmmn-l6IjP700HQv@*xvC8g((ovZJ%W+HCe@whN`G1J~f8WOc z*W&WO&c^?lpV<`krX5cH-)ZOnm^l3ZHq3u18i)U=6~+Gu&;Q!n&hubjC%?6Rj)>uJ zV9aLCpCc`&rv}D6S#cz3dU9aQ+xRRKy=_leHb$^+jy>4!(P4=~v|7N-05a*NSv z&T1`LZ856BJU)+0d>mAt{}ZTw_InYk?|C&I)nEVAM)eMJ7^}cp(>(rA=b-vHfx^_f z^G3%~eND)sdWIB@rFtT2HA;0PO<`D$X=6PL^oWz{kp3P*<65fHnZnrwSK4u`u8{`ivAsb1pQyx6ruk$OXAUg;3qcv&!26h|Fmrm z`fr_1C`|eX8A*bL`?E`di z>A$_yqJNsRT1!@2jB1qslcVTA|9i^+#t8lQ{39OyU*Bq@e}`E%`u~94_nc5SCs)P^ z6qfvtiX;EZqJM@IjirAgYBfrKcaQ(e^na)%LjPVN2mRCVsICKaap`|KD{A@w+ELAi zN7WD2DF2-AcMXCieoo$t!1QMFL-Z?1^!89ZN2`J z(oDcd{=mYh`fAfRdcs@KvBUprx*h)DFqswA@aM+Jw=KRY6ImS=hUAj39I`qLkE&xB zipUU1rpjA~tBp3Rne-omN7BC@$sQ2bj}iPk#C6R#di*?bO~j_8yckbn_q=bD*pYvw zO~GWTHUH9ivqNxa+)jep=3gcbjTPSgm@(DD>yhHI!rKG28nrFP84f}})~N78f=K`A zrB2z=@;iN;oX$Qyd_-i?`AbqJ{RJV^c#Yjkk0|GDEaLEwU*D7 zwGsKe^>6XybLhJ^`CKrH@~IbeWPWwV`wsc6pByEhD#Zo+0KC4ix zQTbfd#lh|q%O@_^w&&NF_O*?Jt(f|=$yr3UhB!J4yXUoxtV|{n3Isb8s z#n%V-YQCEG^Bz2M{sWk5K%zMNAS>$e>xX+B5>bmsbsg$){5mluim{^={N$H!MY#It zbMd%(%SIbl-z*?kF=fS()Qdd2AQDNo6a-9H`R)0!*5*!3dund(yqUPha&tLqHOkE$ zr#iU#lGEBWPTx{Z-D!+bHGOa2?VxWF9#vD+BYlrC zE#Dr8eEk*ZTlMb${(Ze4W|E>K1tu9yBzX+4j$?M(RW<>ZYd7a*Jai;=kF5msGdbV(svH7wzTs3`9m!h%s zJ(PVM`ktEh$LM>FrtjZxBzO{k?{v`j=;uP;8Gtx0eeYmJEx)gzs4e<_3Xf_y>XE)f zu*~P6Z=Wwf-*^5Mp>Nq!@#s6|9UFaLn?U-eYy03^@1SpRl8wIaXT{R@a?F%!`o1Ma zW9j=SYBegq|LXL|=sQ`{ceM0L`ab=cgT4>p5%Sv^yp2oWcC4uBJJzge%5N?n)jq&X z`qpE$$wA*udqLkD-iXlmCqwlys+335GJNhH`p|>Dl+TWBxvGjdxn?>JW zuOqIp^xcMhjYjEv^rSyVU(^2HCw-E>tF}An`%gTAz7qj)T>4(ZikiL;m^DrLt-zz| zj(VhTXQmX`>Dy{I===P#2z@6!9*@3#SJ~+M8nRZy_Ti>A4*G7qmP9k@`|^NT`etKJ zSIh7Jk)pBmEkmtF>HF9Ae~i9n{Ln}GBz?EnIq16ykD%`{^c|PJ2d@d!_iVGKN#Arl zsx_!b`mSW^pPjyc-wFDTd_6+nLw}7&-*?}((Rb%Xq^}vDwOs9>?@ffmqHq4WvGm>k zu|?ktq-ZRCPe!dq={vaHAEU2ne>W8oJks}$Z4UZgi$~CRA^MI>-v?Py%kPJuI_yI& z9@TZINBT}=V!xffqdy0IzkDr1-$x&dN8elCveEbIkv96iSnHr~OF_VjfBVPM_fE{o zYWdxHHF1rl?{d^?l)gJ${}X+0mOe?}r$2Gf_aQujzC+GwgueY*QPcN!v!*G(MR-(A zQIGUJ2B+_!@7ML9Z`D5|^gVAuJo>i&w~f9H!)^43A8r}nt*v1GF81=_kCh*AelJ($ry$Y!-CUI` z@abAsX9PyL&sR+uB|$Ey$o|S2BhY3dt_w0&1urxbw-{TF$c`>7Hy=ytkjqP%*1l%4qd^;Eo`A5iBlmjUGps(MB+R4f?xtvb)%RD#vtMF-Kn#fnLYJJ zBQWh(9>=WD>Gyt>h-08Kp|yxV!5`ySD?Lg7DyhZ&H|qTPA++ee9qKjcV-1d1OI9sYu(uYw50hp6d8Kna7d3n~ z^Up7(5_`YNAbpW?&Oca5bi*6SB->GV;1^9v$e=+?(_HMAHCF$lxjOWk3jwKBPWn zf(kA$SwAWl&0_oZ+y(r^KX1;9QYQt!Jte9iRPRf`{+Df>eHsB~4EYBv3HHBWK{5eG?98A0p%C`J$o>TbQ*ji{P9MMoKvvB@ zBHwrr^$(FZJRs@sFt+Lj{HdXIfD+br2sNdZX$d0xw`zhju=g=qC~ePL|5NG29rvR! zrQy5F$!%o)4*dB;n%*U~zySwZ23GJ3e%^(j)v0Hq*Yy>3_=*4URq1bN;bmz7#H~1B z{wCG=VCmP4eiR+<$*fh51Gb|$VCl*z7la*dRf5T8Y~!m8;fzJ}VD%nklC+NM z{g0AbUF7|{wYYwS_eMx0p6Z520@;@Lf0Ad!Z z8pVcc!Y>^M_rtJx{3&aWOooj}S&9!=6)%IqRzI9agmZVbe0Ofg!=*SsSB)tW?SOfX4QBP2phv4USz zS|14^usa>sJx3@)?ZWt>g{f4*Em5iUHvhR6%{cW(L>e}o@{5GySu>5qC1NKem41r3 ztxO~ucR{%3-ia3Se49MIH|Aw;^0>xs$@jgRkNaa*9l0>S>-N!sE^YH6v!`+cE=2o) z2WLDyEn_*M7k|WNCQtT9u6uY*h{uPMZ`O-Yqkqr^dz-k~2?t^K-Z9DY4fJ2eoTCZQ zC0BrXPP8R(Pk-SraOk+A4$1}dbl$J-1ocs=71sDCh}xyYb(rV88vd(Oc}nXkL_15h zFd@sLmj@qY)xHdsa25~TO1d{^{-4MSL^`8V=|~^|bR^r%Rles>v%a1i9N3q80etZAXHcYs%?kEe=GO*fhjOEa?9O~pnydh#=tPzW+uX`ip=jI40UT5);uBR_Rp&r6Kv*-K-Y{yL`0yhMYt~uGn@%(>r)5mTRq%2cnR3n-|*iF4h{t~R=e)$PkeggaLCnp zxYgj$E@M^0g+^CwjOua$j~Qo=d0rd?hLIFM4dku%phn<3c9h;o+iiFtodpz8Y*kG9 z;vsIY$i@2P-}d5mnGxeCPi?uWUXyHCMhM4?;06N0astFo>X`Vi4jY5CQ=fwKK0bZt=qTOdsYQ+D-+}>$+-8pi6S-LNc|O z7)}w1U|VEN_>7ujf;`3Wn?f~bEoE&D`WGnn%6W#vK>O)wFtE6owpW+}zN>Lu>KT`s zN;ftw)CRX*rg8o3n41*gSppE7n0{*-Hq#`>@A!{_YrtoUK|+5TS$dQxoYdM3g0%(y z5npQ5z;62Fg2n+!CK50Qh^y3%iKq;)K??o`W~Bwk#k1b#`tCWf-RX?Y(-@nlS?AMq zGyGSe_GlO&oKw?&7aL_6?zvajCEy%_RXnFAL(Zt#DreNZZwsx${$cvXXdkvHy#F0+ zPUne;ZTmO$|Cw#-)CP!k%IQ54RPu9s8`dY>RyujI9+>#HN0mc;JG$inB?{fpToVu- z-z7roqWu$uAN;2>SH46cL!$+767Wp$_gl&^VErJJtyQ-!mmXX#hF{Zfyry4D{9A=ejy9G zF|3A~e_wDC*s*@io~O|ME#&$J2gy8K`24}HxwnEdobBKZUz2J;tz3%76bwJi!FE#w zyA2XsA;jWuBwgq=@IJY8nDY&qOb9)OR;ymb6oYQZyMlF^m-clQ6=ApqLH^2qsHEh4 zLa?F;+$>(B4+bhA7UAE>LqPSQhU#du5=;RcO>$L@U{8Uh;onn1kzewpp2;dS)}viE zV5zoV#Tt{|H6~^-R1Jf(@NWpiF+Tw0s{#y;w2Up$IRBbhV%?AD{k3U{xq)Bqo(R_uQ=(dM z_b(yTau^ej3=B$}B_9A<-KM`rQ%aX^!04?4Fu~Mg`e!){`{WHK@-D-8^r%dU2rU7$ zZAwIbVtfR2D;^ef->8X3_xu^Is;^L{QBKlAhT%UUCnrR6ve$lavfItkoV+m4!AT5( zZJbo?JO2hoLU)MS-yRao<~|pVne1Ly>p|%VBhSCvRkexroGffsavJTw_t#|b?{2(T zHI8aw{NwVkvy}af{0p-8-_O6=2L;RLpN+;+Yy_BR*_I~LF>!%A#jgZuUittL%A|$b zs1#uAkp+n#G=Nq^PBfaLTH-`*MmO;d1guB_0$PMt$xa=C$M$VdlZB9$-e7K*gTd|E zEol>@ZaST#w_3I5G)9IK&8Mw=(*C6Qkm*lA|KKs)g%I`zv0t=*m`G}SzkyMRI{zhX z^Jiyc&ZxB08`=eTysGD!u&&VG;0yvBxI}bj`WQHYrlmK&f!tpF*m34V{Srb~F({bb z7k`sV+r80Ozxm{WGZR9?MLv!+FCFv-w^pG-;Z3N}4@Fy)wzazYz6XjT=!AD^`-VP6 zr{h}*_zkzq;4nIv@B)Tdxk!RTbOl>w9`a(4i{)TqR8#?eB{g3I|NZo1mS+f@Hg2|U zjiZS1oI#6+kr7&kvwh@wt!#z*XoF8iQq#;ejWawU9qEVqCt1Nt!>;lRU98Gzkz&RptL7+A`M%nA6Q!mrz@o-@vTN&d_Ls7i^Vd zzAhK@6u;gboHlwWE^xs4&bXN&y{tpYE_}8u*^a*{C0p^gRmuA>oD9T#hpjn59cWM_ zt%)KtZ099RN7SXTFQx$Q|Ix$}`^SdZk~JNe=?9J9VvQdtI2l1A#uS-kV=nnxz=2#F z{mnPiT^KqQ5Wop!A~48;${eGs2A3cN+gP*^0pi&{^Tr>pj}7Mix45#`$lhAIS%O}P z$jv~#Kpp*h4=3<27stsSDarUZ^xO(41&o^2m9tyN2t-;{2Y)cJj*Pl=B%O8~5@`Ho z!NdCvq-!z|0si=ta?O$MFe;2Z*2DJ#768L1a1@7bC4HZfjra^&P|GRX0yyUlm&82x}nahF^M0+aPwz9nV8n(N7kem&4$BBgeyN zUR10WZFZ72cMUV!OlfPinZ!0%FvA4rvme#)rW4)_3*L0X%La$(2BV-|{5hemvRXdv zIXq(@bRcITzCb_JLfv?W!@BWQHZJoLgf97b7JOYalNKvviA(^Wd=|IDq^VLuj@uYwM8x5qQfu;B&^Diq;BJxQ; zmZJVxU4K!eey-I2TeyCeRez>ce+KJA$O<6Og=^H}gZmqT`y*=>l#l7dq5J8S4U9eb z$8TWVh>NwLzee_$WS)6f4!xd{iqvZ=<5tx}?P=hBNNiaT*u^!-=ua8wgU%X_zzBsN zkE531pQQiGqWec@CzTF>)Zy}oaml59IBv$bRNVRLH}L;Bz?h5am0ZMEW709E1xOF= zKMqK*A8>%=bM)`JcRt7%3xiCLjsXZKmEKJBFg)d9g0g0$yhrvlKz?u&#l=)=X!fvF z+VxD#N&&hn(scZ3WM7n8+E4unrBSrIS#&gu0}qbP{a0Y3cXUQ+3$^*H<6!W^cXkYd zBTSvw`pqi=qT#oANDjKHo?;0b4&y@QhHofnWI=`yN8PHe?WDbkw*#l0w-86W z-j#-02hK{s4uch+E03G2A9m3}DZrm4edzdtPNkLeK&`OAGxIOLhExO6C>;>~R(;{B z`h~AyJF_&{uP%hSd@4fi^1*SCL;NukN*1_4m;t~ktxVv7+F$*8KQN7djo`|~7 z@dPeP^!Req$X24mC0Yxca7eA1q&gTIBe|Nz+P^H-{4J&>D5536-Nci${*u4{#Oulg zbzmM8j4?Em3m8|IwIt_oi$@65=lwq514cWDCw;px$DO+e(+n#w$H>RGi5Gq&T0jvQ z<>pE@0p}%zZ-zBxwu|W+7z`wtn-UCGf-FgN$)4e~3dpr0aIF~OJE9QTytq`E?9uz} zdze}~g+lGBx)6`TltK6smTi6!``*a<1%Q-z0G$K-e^$`E#D+s6cWQvue7+t09URzBPB?AJ_9CsUz6+d0ixtG;-Q16DDnGb!n;>s^~^qxdij2%&iB zFN7mY;8-MZJR@*eeRYgy0c`eux769;fSnJ*pQ!lJY7>HBX%RGuUTQ;G4`ylfj=e&! zgWzLvPd$$uv>K5fb=OxWF+&eW`1QPi^Q7+Ib?*aOKR_P4rwrRa9*6II2A$~);h3l=2pux-*MsF;F6-duCC86H%dP#rE#_%Y! z8pA6%lF{TwAf@LXbE%4_HV=4_gHYU$U=dH43;(w83zIm(J1n}0ka`I)<`>GNDdI#y zAK0^P8LZ?H(B|^i$I{=XW zX&<6wk5O7b>hD6+ELn!%GKkOaGx65yxt!gk3+5Z88#AZ%c#sZ z47eiFJWRdY9a?K*5vCvP3$+hWgx80MhFA;fj z{P~;kKP!I!88U>(g~iEBi|JWiYjql0Dg8-L?+bI+M?@4YCmTNJ_yoaLZ3*u8V9VCX zWWX@T$mDZrXImrj5l$k8iktBv#;$*-!gI2KVeeL#SIlvs3-XxuHG>wNUIe8&w-8}S zQ%QI`eD`@Cf3r2Ze)bluWChx668w^-*p1@xzBrCn9L+YHooRsLj>M6wM)k{x)q zuGkzC7?4PB4r_(fHg=j=scyD<)O8xV%rW1rycLfdNg#|9f)=pUt@{4CE2p za{Lgfy|uNj%>&qzp1T{@lS1{O)(2JD7tA3_keV0_GhhgmxHH7RMe09n)yEQH()DJ2 zl=R@Nq=9I`@S8}_Sz8O(5NZf@2PcuxLfy0RRegP-HJXpuSoQi&yM~C32tF-=`C_?; zMzet_2^75G8~CDSSnSgs@$KtW89&vQco3;$D1%%itjgo|?jFSdn3caV$4WLCDyMV~ zm8;=or4#4cV_boSOnZ`w>Jx@v{QI%bP00TT|CAjc{&P+EI~dm?IaEFP7lw3}7^`P4 zu;{4DEEqydB6b{^W^Q*)Xk|p#<9!qQ<)Qy9N=hc>3@KiE7U51Z$e}oaaPsy@tjtqgE5D5kV3gXYXr6q^j2qm7Q<#OsJL=314*tZ z6TI1U^SPq`n(@;t{o_jq8Up{7fIpY;XAyp6r*Z642^qw#bsYax;0u8&AW%qoy8@Qz z($t~8gCltPMvQ(xXzF(n^}Cq*?eSj=lYcV?zL&!O3~vG@+M{LE{2$iz1 znvzwDkkVS!cq0=ys*6A1G`(Dr-PxL|&$OoM@nv+D>Wd=8B{~*Ympb4M-K*`4^p7Qa zXa5*SVqFFEmzbYC3HLXL!7vwBF4`r_1#;I?2EtF2=ej}m=v3GIRahw4r~|GT7(V#a zPP@=Oh#xrv#F2MXUd!vZU#%+uM!g?Vci6d^kMO(heU<{?*uTSi5E)+b9O!T^W64mJ<)YMS2fA{cGT zB>X(tnt)lKq#ysp>)yAhZ$4un#0u8L7w9t?tG3)vqmglXM*<|bHD;%Nfl3;F3`}F` ze!MvorG4zS@h~#sY>U-V7jz_#hU&$R!rh+2r`R5Y%(*jBER3LtfHvuc9q9j_GL2$d zG>UcI!ze;P>?jthmw(nM=EmtTjAAOf7=bP%e(a2HfM#1kGu1+~MEVdkb1gJ=XI(8c zb$q0TutyWuLUkse;^4Y7!p`Cdt_YWsR&EEbf0?dv&5FkLn{HuTp%ivpi`6RTvWS|+ zb{NJL5oJ;#yEqqJ08gyqgJYQ%p7W%A!4ul5*{M4Uv$H@IvLh44Vl`S)XkrA2kWAr@ z0ZO%N*`>+V1p{kp8WL-a1}q{4lD5`iGW#D$!}R8yES)0JS`s=_ag`-^hT%cAMcXSO z7EooRaZ^oX?<|^zY;x8l&jFKd;_WLA}56Z?9)HqNH-0g43i~Rps;l zfBoIG4cvIXq!Il+mL6t!jQ(zBg3E8w-y7M*FmwTipC$|s>+eEo{{;GbBRdM~@8yzL z6T|T1=+dDO~U$npJboJu=7Ovd(tP+-~Ze}{hc74#?#-6(e`omH~$0D_jl{>y4M=jUuMi6 zM}Ij#v|G;)jYm=Jk9$hY%VNE=DPVqLiyM>ewC_DEUN{+J*j)JJLo82EthcU3thWKH z_RChVrf!Pnz7cJ`&pM6V!LBfC*BcBtwlC8k>t8UxevEl5Q0ij-Mi}Bb_25WBh+ zT|o+Zh!o^nR(xF-_9M|Cr3}W=)?qhvD1NzEJ;1(f-NSyW8Im^>({*s8BybDb6@V&& zHl0>;!m{V~Muh%60Y}hgRqcZKdVx-8!>FA(U`OLDYR)DRjAuGlGG9N zhWRDlujhy;oDVua`E+rk_6>V(PGsK>Yx~wg+c!O`SnRGqMFaLtK4IS$@Y$4UWJdU3 zpRBJ{ty~MS=QfP0dX%6bjDglOybmOu{vib6$SsYSx3Ottk_dtpL7S|*Ls}4uDS7O= zF|)Sv19b5hbOBlClsGbMEwlFB$zdTd&6=rJ5m_(B`Lz-Lm#dd0%Os}9;NM`)BB;@X z4M)GUf1OS2VnXjb*n3SQ=#6AQkn^JBp+^Ju+513m`OShJZpgJ8u+#{8rv0+eJ1uOy zu>U7$$M1bU#Zol5&f?)-2M=knt{?;h0RcOYu~`02Q9LyL6F|}WHIY49MyoMK(rA7E z9{PFzCc(6$U>Y`BJ*AUQ1i)#uU>|K}>i}~=OjRyddnF?zmX%sc!(vK%RmQF_Mc3>h z#$GMz7=_AN71zw*ZnZ$0NDj){NoVBzCcKh_fT8fXuKCS#M z_US8R2gDDuR&c9b{8zT|Qx66c-ftl0lOX|^|9}`^C%IhfEO&>QhRKNdA&Tykn?Ulr zZfrz!H=h*dtKsxRhI*b!DWIgxd`yXFdnmFOvi(!hK5S1fr^rr|#>LNOp>grEx))T` z@l=+KKZdX;Q=SZUrX<6_6WO{9QesU6b0Y{+aNpVp03Msvh~R$LK8#?l6Tw`ymN_dx zFq0y0?+uEfCvqsWe`fpHXdei+cgpNTY#jG*2#T2&in^b${mDdrBRewj%T@W3D&y=? zw8t*7Y6B#8%?*^;eu9EXEHooB)Gtuo(NaWWDG}baMRr;3wi+FWWi|L(Bq!hQLAC!J zge?^Dh48nXKlTUZvtd2RyW{#s~yjw7F^6M!SvH6ov51qSi|G4knVM<(b93{^PacS@o$vRb^pV+3~ zi0F!#bNpJZAj zGzTA2){ld{=gaCo4_eXHrlDSmyST;(%))Zbo9+tfY({boQk*Yp!hF+mk8e1ZB?3uJ z-s!{mx&9jAUK+OPT-cVxbTK~JAoYx_8t(Sd13&(xQkWD2U{~-xELX8PWHtftxAqxD ztY3lm@~VKP%H`{L|Cm&tfvMt#rkGR&5DmjqSym&%Ghgn&^Q9Tsg2RnimF~^#gnkA# zah@R9fRz%gbu`1ay{1S?a4jD_$h)!GB;V*kk%kggMmv(~ad#c-2a--%3nBfnNYHEw zGz(LRrVMYT1cyLjEcuJ-wOeDkgbko;V(Y)8nXdrZHuD7#|Ea#hBLC$DzQO|k<>P&Y z<8ji5uMh)6EPD6~uLO=w05sOg8(AD7LSn&=KPd`sQ6_!$l*kTiV_K)eJX zvbPHSYLeB=8pr*&ZNf0u;SXIYXo)9DOs-EiIYj@>;e^LLv8q-c!G2{C$j>C#Hz7l=@myQ8d5o09YZBH)mUG zB7<=2P4iHrQQ$jt9y#hEoS9<&8W@{u_>j~8p;{p68M*+L8#z9oFT&Bkz9t0or5_Cc zsotEK(lj>XUyVhvjXcGyEIE();fK^igsWHiz_!Bu560?Kcx=#FD^CD z{(%w+B;Ga9rd=MtK1NABXf=SXpc+PL2!ePjrF9XI$Nj&ph+AvJ_h;0-2=}*lgyJQm zQ`}EULd{B58=1rrNV;d0j9(}InRaZgR1?G~Z1(XhpVjL^0v_HI7?&v9>yzJrok*w& zogtrq6Dx7A4CW%*RyC?GbIxT6Zi*zDb36$9SScep?(xq%RL6Y;L%q9`^Ac-4fzgn> zH%*1xiL@QScP$!2_Kvz@6~uCVrCXsp{v*9bF<^Z78)Y5?GJpjh7GR}tD#8WbQ^;+7 z160;A3a!wtdcIE>LWF0s79}f%dYI2-`QGnh<3rx6-R3%B9gZ-AGQTNZzD3jl;@jDJ z(QrBM=m3bj@iYGsM6!eSako4(kKF{(2!mLIR~kfqvw?Uc+Eq;=AZ8N8Tv8Io$z1nq zbSd*q>CytRiwR-}f(Wuyo8V-STDgYbwEuI~9>xoM__S{Yq$J{=mNv2t-JE}TqEY|U zitXAXF6Vcfe>(jS`KOhwwXxkTh*{P=QC-(T`>P^Y9?coGP*2X=Sc2nd}kp(df_lcOT>zPrO2~Ndh)+HzzjYe}$UB z#^!(dlL|1w1$~JEq8DP-sAr;P7X8n@X~&zO`RkWA?wgVYZ1JbH04I)b+QzgNK>ZY7 zo3ydJ2Fo`UgDSVMyNl2rLdxbS9gZ=)IZq~$K8^b(bEaJTCUq@4wL7LuB)R5zj_CsF zAjUD3(;f7*jJ^?eOcI|Rlavh3{8V9gz&4!Z9d=GpzG-(ef*;p6{mk5wc)n?|)H$(l z`pIhGc)sasX$+f*wQq{JrZU#1YdVX_1d{gu3jy}(33N<-rH;cf$^9`vlCp>SSJs7~ zm5Y7l!7nYuBRL#XrvchA{lgtL`{jSwF>O3oJEm2w2 zTSkp?#GhDWgm6J9*=9ZdYo`6HjPC+Tp5=hKmxehRF#8h-vlw3~K@S)n81NT$#a0cn zxF@tv&@GptN##F@X++~BjmSATn{R?WH4WY_-Qn$a3x%w~88JWp;7sG6s9rMT1rwi{ z%Ye^>al(TZz-MK{9Vfu&zK=9M8wfxYKJ$h3dT=HKvgm*kC;W_02ED4IXu=86H9LVDK>1s}J=uA_FW6 zr^*yG^;-|lkTWqZP2mu1H%j27|4?h|A>W^j`5$S&rN?(MlOXBQF2i{5m@3bm2j`e8nHE}&DsRgY~p zk=vG!q*t?!ZnLS!4|iHA19@*w!+(iv`+VPM5PVc>o)0HxU4_cYUWShEs5!VklnV&bs`jW#|!6iM)z!^7cdkHfU$Fq4jSD-h}-Cm=e?NQ{k^0EW;`YQ!^w=|a25sl?xM9zcHx2P6`1~f~v(Tt)- zn(;SBOi&o6*;6Q@X~u6hnl0}Gnq5jj^`KwIs|AGcuoN8cESuo%MBQ_E)Zc+1zH(|9M1+4b>emwm62qK;t?bo; za$RqMlJdWD2{~&v1E6GJZE#?nK}yb9%V5Diu)gm_Doi+XS$OC-tnc3&Xf%G|xtqs{ zUv&PV96saN14;BVIIp{K5cW>jmb9QeW^k0jkEUP&21RL*Pwcn)o;$((laVwjTj2e9 z$*$$?TxV3E=Y&afj_yt<3E^X2V#ycbimdjdvl<58FiY0XBIR9VCj+}p3yzJ>j(+bw zPvALsQ8@k@noN>@BYN#ytYsDPm&h!nO(>2~h9s{j@19V4j-KPC1F{CrI8X&Mp9=sw z_EF>Dh@`uIzC*5X>HksiJ1#SF>RTs(z*m0WrgwtM8Uq%i`C3$><74yIkkO#qKJOn8 zuJ$YiG$f15;~wEitG@n_>0_N4Hh~_dPFtPW#;E9J%gg9x@o4eetzaR_ zv%EQN;KV0}?T@m=DhjoL^@IW*_$EtYPue7I{AG zPykHNvpCj27sC~1=g}2DBL&12>e`VEA3m#xH`v#EOqrasmZA#n*Xfd!JcYv6lzfcs z*5|6A;~RR=Ue}4eUd1Elf!k)md#B1rqqK|3FwNRSc|8Yan`F~J(Oe5 z4aszu)P1q;0;aLLOp{PY!b$vS)R){h4RT;AqFt0VUJ_{ zGchIJ!kaVjM{)xKGAcRL5+}VUtNCC^zW>yb{)x>-`U;zcutUh2TQ%qFs~SoMWB&UG z*6f6uI4lv!qotTv*lgr1OjRVoX|al3mAuS{duKr2I{fOv zQAW=k#ik>aB6Tq1#$0sSdJ^a&iInB^>=2iwf?4ngmY>P2-E1>3u&O(=hekkdI(N|i z-K_0f7yJN4ad=TBN|I^~t}0${MEX|a2a^5(UzllDg^-rzFG2+#x=1X;ZoEN^U=0fA zX`|?G=gryuy$}^jpM{ipm=CcJ_3voAvq9R_#?5AT5TaYAt^hsdv!@K*)BSqJJ<<~e z&sNo&bDQ*t=-XT-lp8Ie+XzfUXHhhz(*UmHknw>!o9QKi8Of@r{*uc4I)3%-kV_(D z%m#tfpOt1Hpa<4ilxU(ODN={)IGRo?!8x#Qi(a8f=?3^0wPzTBQ!Wsfkb}FW#F{sx zWZ+G+`452Z&aNoFeGxY5g2UPta$!yEljUx$4D zp+is1Z+WT49BudtVeUlx3>dELgJhE!8nzmVxpgn9)fy56`(8IQ$Pm|OnHkuF>~~%F zKZGp}*nq#G;;wE9C0~zpEjI=YE+YBzKxT2G)NU0H`4hBlVC^ZbLU zd@BwR0IV5Z4f^vm*Y&9wc&PSZMCkOPyjbZkQlfdjuP`;#CNEGf@4p9JH5Uh(>3lv< z_Nr-TdH|y=4E-gY!TK6?R=ckN8B`y(Ee|+=a-w7)Lov+_7Kf3&M4Lm@Jvg=q_sR6$ zjMD&`>We0}j0tqWh-baw+X*^eh-S5kR0CchH7#SPji4|@qHc>t!IwcAE&)IW_5Kfa z>`9O_5{}J_3dguUu|!Y)3_&U-f)8yK^tN`cpNkAbif9*T*a^7=AAJoTnE+gB`GzOC zVQIYFj5?bACmeNr4v{gVjvAH>B;D8yQO9bW*kBI`c1tUI5mlm&RnK$&ej$s2q;bQJ zZ_$hC@1<#~zPUc36H~GNzKY^h>8_CG=Lz^WB?dH?qaVfdBQRfJ#U1nGG%O;^Zq!_~ z8ICz_iWHST;=~;MUHwx4k(gsQo?~K;uDTtv@+rKRnB!Du%)#H)eYzc%BTFRU`0`sZ zeP+O6m?+bn9w*=s`^=NrFD4Ud=50~O+S9E4BW-o$!S{xbkw>}i%<#1cHOKl2(>%g~ z2fO4#d?fG~Ev3VOM?V%1Bz^fTk2j!ySeeV{!!4zR!n%n_^ucG2jx zeQ;B)?|SXbm*6K$u|BpG%hPp}ClNUhre5vuV(Qf%$j7r?9mk>TLRp)8tRxGj%wugXH(@K+(X7~fNLseE4%uAZXtHA}VErAS$VU6UVhpF+b>?8)Ba z@*ZORfme(0inb583z)X~=&7{L`_x0NwQVlS^L=L8W+@CT3WF<99nud!jX4+k9fyFK zey5ZNel+fP!e&>^{VNcP*xUt(q@1h5ktf<;^M0xgO#%9e?x(WE%8V@#G}Q{mR{lE9 zZiL%sD09yfy)nlK;;9uawF+yl<4zaIV-0KJrb$U>qExdPM$e?J2ga=chP)pB5l7y@ z>q5XM(2PTzA=~T#G&U@|>hX6$eEhh?Z$m3)WMO}9dx&jKzW+KL26s!kCy;aftSp?R z^h;?g-r+=_n{Rt-QBUV=u<)hwT8dk?eV>fnA8fX z)H-lNhos)SQWHw9XPjX$7YOoz$r5wQsR9jzAS2rNTjQylABXd)B1yu7qrWNYjZExT zqYfyDK~h($As^L(m52;*^&R_=4$Kx=K+_Q^VT6qYj;19pjbo*v;8IFYASZM;2;sjD z;m7svau6rggPh;okr=AOZr~)LoJ}YY989e@N0~&FlT;QW(p;o(f$BH_2s1sfWW>ew zz?mdn!(v46!&V7VM3ZWr;F6)y>r&U=$PbbEOtKy z=wa~};bTo+U_zn=0w}g%CeLOgkxbYM2pYRX^iW`S%( zyo?vYLyhN{>-jA|k$22*Rg`y2D7|%EZZ`~4kbTWt=}N{M{+1ZbWZ=MqbeukW@UAQj z+_JZqBKpRRIZl+pkCUOD_^qTx|Btl)$6c=NK@0UTp{8z{lVHdFMpLJre#As4$n#?& zCe87U^ILTwtPU{`nI?|X?E_Ew88AQTG3EEi-7D}Z10phAzEHE|OD(<_7{hFq&)Kl? zldaRI&ZUFk=~IDu=FnD8bE&k#uNu(09O4hvW$PdsOrN%Pam z9*wxj?A3Q)rR}PJ07hC%-4*B_SH~ItSsd?7_z4>h1CP6(;;$Gw-x$E1n;1u2{DtTO z#j*mgIMjL4TwdU_j8BIwhjH<-h+xn8AV`dXR#!br1FnuX)k>*fBQFNsYpa9&7}^XT zuMZ=@sfXSi5)|Zd-oz?|0$?xaTC6T;N|8!|DjbdEQdF^SaKsf@E##*K^>_Gy=t8PF zQ-yv4Nz;CG;&@#(?9>%1u%Vwqxs8|RYzS07UJk$*5bHA zf+6@gzq;UjeB@LY;LbqIofzI3X$d96nDi??Le7yd$l%#_pf8WNV*;gbXgc=)3WzNX z-{l!Kn2CU65I1s%K(Ij*O8Y8|bKtBnHx07U;eZpCL0l89uuiw|$dky_fnBnt9=xqO%PK~txP^0a;?tO}}lk@%z z-~j4sOF}iqObrF7>Srta`ebULp>JZ`ta$9R4D~1ZWGTaNEx%+C{OhDcs}mAS+PIca z807lb*U6K769!EJrOyIe23AiPh>ro)69z!$4dlP=GF4}S!3#I82ETWyl}t1VB#r+I zW`fT?mt(O7QVdC^T+Z`lnHxQM{KNw+>)Tf2T0Y)=miDicyhm>+n~lF$l?}(=%gau~ z-$H#SJ?$HRb5(ADwF^#z7~t_rSLGXG{AdFC!&R=zMfesRr{7;wb}D`>a#cQzA8YXS z8doLtCwQ)Yf4!^nPF?Yal4&);)A;M0qpv2E4Zz3C31z3?V{t->>Hp=ok}<)bS!K@A zB?%=L;^WnXlC0o9X@Abq*L9tx2_@R%@sstR)_Ac8At~LEH>YeT=_m>U z5>B9kV5}t?q$a;gDSO;qfs#hla&dRta`E+TWe5uS{S`N7a#_)=1LnabOR}!Voz>W4 zvB-*wi(Fv#Kgs`iPHa&k{}=iHES~(oqUHZ# z%73QFzZ8or|129N|8tJEOLWZ*fS{0(mWgE-<0C1ttXE|Huvwz3a<_h;gs-3AYw&Jx zK;kcyPR5V5`h81$eVy;Gvb|49EIS>=+Th(|x>yRn@=R#P*P<13j;1D-%toPhi6!Mh zuF2s0Rf%N-YVdh^qUc0nV#!tVRB~DHSGHsIe`R9H2q|8Y6Z}$la1Efm&dG^1c)5#o^-|!K3wKJ~$TFKZu@NPJ;eHQtc$gBI)TG&X3MGQzkC;VuiIy z8`@cHpX7v}MgDBPxiyxNBE%aO9fx-9K*|nS_w07Eu4SGNhw38HClwPf$r7K=cnSDf zOIw)KX%cFdkF!cK>n`sn4V`lY((nyGu~3c`@_gThe4I9niJ#IRy*Xo~-R5W);TjrE zQ+?QA_{J!hJHrzgj^Uh6k-~Yo(=udi#-mNGU}#WFM3GyLe2I}HPM5BecnBzQzAckM zENUQ*K>~;e+ZueUJiWK%VM<+}fVKm9nV1t!`aT(g6`1KZB*{VTdw|E2GN@^2BDRvj zNQP-YCnE+vu1!?WRUe1#!JhEe+7fd7!$W!X_-8ozJm;H2eqj7lz)y^S_*pTd1Ex(j zLXTveLyyOCjzs#AF;1blms?o|n8@Ek`CBZ1%W*F?ZlefDEH@ut(Fjh-lWWxi=H`gN zmG1L+gTjZR-?%?BQMZ;AKAYbd{8fYUCPHfh9Us3NC+dK>cuU6=NO~ZzZ^B9p;{YA} zlV*_bS2f^I2VkE~l;*4@hHC^QI3n&2=1uS$)LGJK$|z|R)vZRiUx7xGq8kBbHOMGc!q2P2M-Mo0h! zwV@M88`_CpX2ym4iHakR%#1n+DBPK_$U38dTND@6QLAlK)ESmAlK<~_s^0FmJKc!) z-sk(CKhHz@UFtnmb+$Tn>eMM78|6Y#PmWGyZSu+LyxPJ$G0%amblRyI>h2{m4dfBB zwg%e#f4$A*m}ubSSkR$=YqgutRl6yBv%I$4fS4=u-e?8PX)5w9qY~+AU85)*IDmeg zdo*RG0#_xM(0>PZSyx)X6WhyhRhCC@6c}mUte?>xRiegG)Ib9J@QP+xbce<|)19HAnDdUtphqcLpEOveiZWyMRd;B(@SRJ}9%5 zfJ9be-fF?1Wy>cerU=D07Xpr$k8-T}QD|X^xiRZ||4phf3D=d0d%&F~;ku|&PxjSw z&yXA@00vV*%migt`lNix*__v@MjEQ&!nh8K|i67yLZ(`7HT- zmbww2WA&vq%&yD83Om)Ez^QYcURkK#52vLpM|c=}WXNeMVe?q2@c+i|^;e`jzB-Ew zj)B)`E(+!86xCm=7Z4*Zvo4ghJY_#xhnjZ84&PZ_!>_?BE^;q~Mh8MfF;)mvPRUV4 zU{GhJ3A-ey`AC zhh7W&#L5-8*tu^0D9+X>KQ71=GMwPb4Vgkr0RsuVH>xxrN#WNIcl^)2ZG z$Udn_HuX6^sD(^z7^Dpp$jGi_0%aE$5h%O3fFyQt@$UwtT~HRhmepNVB($flYB@Z%UD|5z#y#_OAP6WuF( zAMDnV*ZF&^#u>|n2a-+6P*2kZ2QP@pa2s@=!~wNwJSO;9hbkvMpnzb#jyZ-g*va!A z#=z_&AIF?pw)Q@I=R#wxQ4Cpet*#{e)&09u`#;L;`Az6`ME{WFBm;)eC(_xnH7m(Q zC5QpY1!`;=T?0}>qD&Hz)I53WYSto~;ZU&}$2-8VS9gjm5{=cU{LlS$4_lidB@L3iOW(+M69o&hzZwi9zWf{GvLOi>@fr zzg$(tT1@|3>So@>RY!&`sRn2m7mR517nBHKNPnqYhD5izL%wUJ+HS)})tZKTvG2~C zT_T>WSH5gl9+-47Nsn$=`zC^pO@7SFf1Aa5d5XZ3iAxEc$5vX@5_R-(dvrj8Tq#Eu zvcVCLJGHSE!#n`7o?I0RAB!Ap20bqQOgAf?$!E58Ku`aDDCr0RTA6E8z^HNI#NR= z6fJqEws#_b-EUaqs||cCHBvW z|0GUzKB`>x74PDzBoW-2MxOXy2&TOKI6xITdc0IG!ja5Oi>lN48*wy9@QBU3#)9$OR z5h0dWH*`83{(a;p^Y5zr4F4|ZlZ1cw?K}nlKK&RP|D*hSDJoIDPyw`N?^ynwL+Gc& zzoS`Ggn!TDU2^{ID^O$jm*2PG-w3zXSDs;K*W}zgX z{Ojpl>&DhjGVYdXNf3M1MA-z17e~$1al;L5HAJb?$ap*C#sSLt^y@QX2?}vXM z_8z|nFwUHu>*iu=G#geT;bD}CKlVn2tL(k64~;%$_l^Jlb=|*G_OFEFO9@+D#`Z(= zLYZ(mJ?NNt``IaoS5;qpi!&Z@Mi<&7$BuCp=x*K@MvEk@f)nRLyu1?a=9~R3@PhG5 z55R&(;3dzF7j-%H1z_bFq~s6)VjqBWEaC&YAYV{YW=BabQ4;UkQ;n5&l!V&ZF{1VF z6T1H(;%%@2(0`0sl3R`gm(Ul)BYp7{SEOptaYNS}_-7CF&}@yWu?Bm|Hp-r?!7|L3 z@p->x<&*hY35=%RQb5+0z!@bOviORQOok^Z14W^mGi!-dvbb}KX7MbHDLHoC+$Oe1 zBketkl~CQk30nW6MuvT$e;6Ln6Zm-Hw|Mt^jcnX@F3;cVtZB#6NNGd)$F!oCb7`3P zL3b+kvrfvtw@u#onGBdpkJxHYfIWNbK!7vA5^O-VTku zJumilSnTcjF}Dm&w|d7F*6RIp9nHIICqeA2$HX5TLe1bI{c}AxYXWL2++kV(0%j=R!KFQNcGU#}z80VK(bfKy-GZKHn-oKi09-VRr(#?E{sCecfqJlaWkwO7$V)DWW ztxdFk6ikDiENyuVXjf+-f~{WINh`SsveoiC5@R>C(T+_UBIQm*EFEAudnI6%67h{T<78s@JKz?RqLo(V7iK}>LSduC^7oh*Hk|5ZsBiV)3nMP zd`&YdGx5w>^CUmrnQ1QzDvk64``>j2_IJ3_@e;bQQ(o~<&>F)7eV@Rw@a=GzE+ae_ z-Vk5Y?UmiYKb2Lv>g{g!*XoO2_FG@m0%tX|@cWwX(Pvo- zdzA``z*9ZTHGd(v)bZ6@QT{4J%V$m-nzFH{wAhJTC`KWbz5TgjVcF5*5yG%pmbK|~&COd7d|>tu=D+P+ z@;w$K(8E4Gyum?Nym(#8IOn>dea2RQRrOXqG{QYq*BiXSNrNb13wfzO&*u910b&o2 ziJW`f!Mjt3AHf2-yDqj)z8&ffUXR>1vW=L?)kyUQ-U~Tk5qS`4|24(9=7_VVGag`= zHfiz|3~ zK5@N&U0SmhjYVrL7SX^$i%e_WXv0uv4L8Z^HaPufz+kl6@gA5#U7e&ASi2we?(^5B zgx-gmXV@&sF$GFm$N@U^88{XpqMwC6#CtP%LkY$qS4Pp3&L!Qf4*}H=s1Z7T7<%@V_~*i^KbKxgzOu^(6fcWP$n_-n z_?fmoDSjqNq>O|n*zq&!ykz)cUeRyWqYOOLm%ozBy?k07y}S#TM(N*<%lbt2Ng}1M z?bie4KSlF*ir>nk?U$ucK(Hfxv|r}aeu3#?7LK9LR|4Il@h77gH9nPxjLx(Vr)izf zLR9ynz40-%xgG=JbpCj-w0iYzt@Bx$I-g%h_onF@w0a_2OcR~|0wFSP1QwRVy%&7I zsh4^bXC*@C|9P6`18}uO8arNCZsP+JmW)7;D=yT00L?y~a|Oq!%b@T7m9DvZiEkrKRMXUD3mj7dg0bJHu?CF`g2Cr6uW*evE-va zI2-X{RMg{sq;B8O~Hup&H}M1>@lxsLe%xRxL1X zc;2f1$?5w16scdArwZ2J<16U6$Df1dTnJrj(~MTLpc7?&P5sc?rXOy_Hxa$~UVZ3p zd@e}1I9@;WM+4CRH*NZ12A~@KVAT`hi2dh-BYKb{YCjN;cw$N%M?C&eLXOBE9>)!C4DKGP231rezclSHl935>A4UVAARJ~{$TeP(}I3?Aa z|DkiqU|sFZ{8aMS*y{bx>ix8zYG-DTwGwy8^pocCd~fi)B=!f3Z& z{{4xw=3xLR4&K$;3vPX&PHqZYiGKCwZ%0qjR`j$ezZK@jK4;BV@UyW`_{EZYt@o`9 z{RdB?%<9TWPO{J?RGRtkIhPir6gSCLc!um_Z#=07yf7pV5)VVZbZ>6Dl$)^Jp8jtk zKh*h{F|vPNn9GR7@N!0}H@0~L$XWI}=3%MeZ`gnPC?Dn(EY?|`z=3EmwtT0ZAQCL) z4qlWA4<~%Hh)xvyccaX8#Pq!iIj{MFm7=*GEsM>642vHo^oXUUP~ojuvCbz|wj(Wb zdesHF+lw;OF7VblzIpc+X!A}7VN1Gw(s)Kt7r z>(2?o5S}MI&eBAgtnNSde%6c;0gt(DSeTF?QLr`Aq+NxrOq%VG+KmGVv5MlFC2;}f z04sd`^mS+$7VSg70|~8iAuittiI%6~g5!da=oXOZ17w-jq``WmPTkeEI9Lc)49yuy zuZN8;VWidpc5b;A&HcygcCw(DC-6ZGSs15=vBfy3Y-HK2a(+e0)+9kDzf+S0Ehb6+ zc?~MPgO%DzlA8-^+|Vf0xDr1yq>ddMc%!i4%QSHGew?4Y*SX{&uqbffwe#4(`-T2b zoyGZ$&Ly+)5JYK3qVyzD&XeJsl(}58XrR`6S?lrF3}r4C@Z&VLQMmOhb2P9FB_6~jGHXYLT;exlNSIe(V*sHUW_G)0_UUfvT z)Q)DrjOkPMkMyZq(mtK&pQKNub2<2Pr*rXZz^E4|m@Vbflc;sikT;64JH?X<3+GKs zMEif@PHpl87l1wX&AEj3T?xGrK715ao^OC{cYwrd%-^CCN)wdDn1T<2SHg@3ypPDI zDBy^YB8!&t%WTPrZ=IpK$SNi?^COcOF_+8`hC!e4{GP=e@o~_=7LNZX7DdN@xoqSP z%$wvA#W$;|xRfv7RZjWxAfFaRpB|U8GS?U;mkpd?43x`8US`VWPF{AxCGB3LD=O=cM*7ES^y9oTb)8W%lKIds64xQ85er|y+mu4Ga|{w>;odX-OrNlAo{MvU7sOvh$zWilE!dJ|}j zEHda9!Vr=_`UE6Paz%Wra&dVuCfo)%3>|I=F^r{g2R`imufoHITQ^n$)HvEFt* z&>Qr{O&aBUuX8a^3NOyz=Ulpud=go#krf;vGDd6*7O^@X+b@Pz&aS!%j8i-WX{?VU ztLDD(!8E5kI6Zsl%N!Hc;t3x&m)9e{cM3%se!{C{EJfb0ecZ7M;AY1v?4iG!QS^@! zLCqmMBco^q3>(%%lL=xSC6Be#qXUJxR>c0f^EW$}d?kFO^#{h(R0i2n*%>OYvzSn9?8HoHtm`4gV8T_e#xS9-EHmwNIWb}a z2}^#{k|nP^2P`QS3QPX0vz;Yx?vZ1C;CM-E>d>l*e-kFdk_xF!u$<4zD zbN+HPh9?g^MV=J@BzZFGpLD5x68DmbDcARG(Oxz1?g&#h%B3)65SORLl+{erBk#AKV3gQ09vbdTVq(0_52U@>P|A7rl%Sx7WY_7~kYYzWI~&&F}b4XNeT)_9(8Auq6|b zH7<8g_#%+E<&7`h{b6`t0qcw54Ooy%W2Ds{=*I(p1vkO4%5(?19rfbVK(}M~@fYlS z98Ig2w!MP~(ze%dp`MjM5O#!7L+ZVWNF32ES%eV%TT1)4BF{+{=dUuuS|E@}??9SmYsl_M3EGQ48O5P@RYXV-Wz;K;C zC4(K%^E?eZniG!qDwX&OBANmzF%FV4he?^kYBCr@=YesYY#0Pw>a*+JSh~zr9nbuv zISexgmZr2%E$GVmCHLDS6V6zgo7gFUaNtTth9F2%M}fZtK` zR=glfK)6v8fZFhr)<-*g0ox~1*cyYTMcaryTcnoIQ(Zfu1&4sIG|6C=4 ze-ZKfAo3cW3K;l5M&1;>*Y&*yHPT`MPB#Oc&3{F!A05UHrc@tr)-WTc8@69Ae)UoS zRl9@d@u^G{Kn@9wn~wM~ zynl?QMa_ZAGxeIPw06-pc0$kq1Pb+G=!11s5TgOFvW6c(co5KLFQ4F9iVX%s zdoI##Hbxa1L%rjNHk8KW6PJOB; zOK}OqT&BON3ut(q{kwg&oz>g>Nh5?Up|3ivt7<)oK2V?rQzs$mPoj&p{B5Vtc!}(c zr%!KZ3;LKQAUG4OUgDAzHp1sRkIgdEUBuCT#DNJDGodKVQ;8Ei6){1&9HsW@-ooP7 z`XMHO1FBdwV;-rkz(Mgx{4owM?><891Pf52FA6iU{}qIQ z*I*(v^XuxlThR^#{ycrQUf&+g&x4&NKYV8jbeX^4QR{R1PXm`_g|Rb8KEF20WHG*l z5YXcay0Aq1qrfaWCs#s-)OZ*A0*zqw>&E{>y zU8>vdW|>^|^QTNVcNR)9>(BUQ9DrxoY1t`U?mZzu01KAzy^o1!I`8+|wS#v)N0TMcccWTTi&QJNmZC;eAVaxOhj4-XN zc-=A+uUn?ReS|M1-vGgm0a*S0M{u7<0OzQXsqb;~I7huxhcAI;fIZ&bxqJ&k!}_^{ zrLZv3>JypHrF~cw@4!q~U_)qgb|bC|`*D6aEks;z`!xxfXwSz+;Fqi2{c5=J(V>lft?Ku(rF>5!fp55aDjY8ygQV8}Rh{nG*R=3bVI{ zncfoSw>fcb-1~d9@m7KN=JI6y-E*_F5qq8D+xSF0JRjlp7I@W3;VsbcvRcBM6b~<# z@b-Mc{$7+6-nklH0vx8s!z&|A76`n5{716>GQI^gNr1lx<7tvXc;^bdIB|DA4=BW@J-2humydy2ye8&Ta^^vV@ct) zr0+q@fx`%)^cPG{3hxRH&+0Fxj+TskJ1CBy4}JuAj|sfAr0`D6jOnip-V^cgO4zAz^^ypi(pP{T&}eyM!ZJ#+7jIOkEK^#$`Ux>0sO_?4>UI-jqqGdeO=WD zJLSJVk8|lx-^dR~;ZCo7MQ`Fc(p;IRsiwF#e`#+D<`+T7!@YpFF8?517uFMRIKxe% z?0J5G75|r`?)-TKb2d#H9vFiH?EmcxXs>=sXu||rBCR|qA*}oCP17isKEN_xi^v^2 z=Bs0iVr<~{5fCkW0r2wnP{GSP@%j}jekqk3mTGZyQ{qoT3tM}Ul5u@ zpxrLegn#2&b(4mb9t-Qzcvxo<*2@Rk!vRTQ_0+I3Vqtxs71zuCPXg921=ickl40xb z*9*3?VqrZK4{Hfw^%q$8Cxx|0!-~V#w0Kyru#ayc$kJc%v!t*_B!u-%JicxxtboA! zt`2=few0Mm|Kd97WgPaOh=-O%Xrl$%Dnd&L>oE;04*OTf!+Mh#`{qOTvNS2Ii5gZM z_S?n7swJ$a1XjnSuv%+aaoGQ_cP?wBajg}@ z{1^9{Vg3?o%v^Q!PkM~cGGlz6x(WL;%^2VQY#GZs$PYY+YRHQ+mJQ*z20PucQfF^N z8+#k5B40Wa*vWmL1bL)38FuQY37goka|Tv(V^nRh8{nt|gfoe763gef7J!~kf<5j? z?5Ey|vzDG|QMy!h$>BN1Vh3rL_2T7cbNzH08pF9G5DV|lrlsthWxw$J+B1-x0CQv5 zGwOMSsvwdy*y)QOMxv8D^yJzMBT-}q#M>D)@}|ThAyQC}U(>`75G{S8cMQrRgENNF zOf_L-%mB?~UZJ~@3oLd_w%_UTc@Hb`A3`5*gX;q0GfWoQh)RBV89q4#-Sy*;3}c0l z%CQ$1kIsTA^xQyUpEdGB3+GEP8%&{e+4)}|?#nM+s`3wD!MeWp=+gJ%M{Pzy0O05Hs*TCneQQh3w0s*m7_)P2>jT&yb+H{K zp^kA2HM;*MzXE#AWgYZCi~Y|dKV+(W-G8{n_z1npROQ$jji%FIFl_}C=@ z$EQ&vBTxMX0WUNMdq|Ry$=Th}bgRi(XmZTv^T3Fh7N0u5f^Pq%WU0hHSlC>RYF#a{ z4?|TlD65;9v(DPzw98rZweT1g9KgFLu$Jx4-&u7#`u5SAkjANvB+J(7NZ$Z4+Bdg) zO*HP5D?#j&OEwv??R{x`(USQsF8>{>R zk&wuLl(fomrbycIm-^~zsxU4cSswZXm}{g*Euu7 zRi1hk=8TLVSa)&Oyl3aNoCvSc{~-K!9{BCC?i!y^|J|12+R_h1>t7;l_lHLXt!?%K zt%YwAt-tq0*sj#B7)sR>62c;x*eRupq@b`J5pB!Nk)`IEq7W9Ipm0sJCnxza$B6RYyOqJo&G~H^fBW@u6ksU zo}qe3k-EOGNc=&kjq*cUyt|qMV$~o`nOlEH8ueYSOZ^%@YJ(JT)_i2poTtvN`ie(< zV*U#HbaPfOH*Y{^RI8QvlgPw~^<|`qz7-@Z>MA0@)F|)rSde$QR!#j|V3ZKO-(V+b z=__EaTn2gfWHs-r7jFt<&{Ro2c%8R{)@mX|v{5OO}s`T$l8maeDN1s&g9Zuu9U{tvp}K_4}GAEjW` zJrOBz*`>gx9z*mD=QA$Eo>(4+d7X6+jJ1LtMTjNrpQMl`8A$0iNaw{v>PSe> z2&9apklGqZ88%3tX2i8=%R@P0{|c;a3zPM4Bf?)~zGj2<+jv-W0ZVljNOvcNbf#oLNLeG!L!y61z@88AV$^0&Z){~g(V|J zFlMAcnAn0Z(HaaAvoJ{XV@r_iHg=Gx!d4You_kd^4iQO52vAZ!JJkpQ|346ur>Y*e z4H51*1l4xZ2r^@e4MA8RS&$QhpF?ruGtUQTz%w1=kDhul0S{y$v zkE^qH%I}Koz4FUlI>;6mblmyqAZ);CbO*lY2A8K~M>fvqa@HIcoZ={Alvf@4ea%_x zIDAl+hgs`r1b#yQ&m-T+o+=GB8fzzC{dzolfjwFc0L5K_Y)UQ9fU3+M=c=t3zzsms zth#>0Di-k_pTMqwe%jbh2hEMKYOqeMOg9G$>3h`$HPkaYO6qga5(FaMjNX$L;SDQL z&vgfi&=LmH8T%43Bg6L(Kf>@e9HiI~l5Bj~fwYrFunAx!x;c3_#blX0t4{S7{CO@r z3`+q~P8rUO!gOb6S2}((@tYa$#~SuZ4fGC;B!utIWgMM;yxld>Ovnt87HuQVwsLRe zEDz82vKokU)ZUT9*BID>x24!r&K(*)0GH(ajOkg;n)2UpKG2@C2kd>B<*nUKh!qM&VH>DOjmv0T@uuMdS8a4oW8U)lX=ekWomZHFiYCB8;V}I3v0iHnH*rN?7 z$>d_r>Mghewo8!s%7x=OJH6VT$8+w)so0nRGvw48>{i$T=LcecNhL!!Yp_kY1|L}) z!4Qu@(g+nm@KTAnQN!vWthT1HLgzZox#|UY4B=QAOh>{vr0Pbu^!Bep9%C5pYQIeh zJERza5eS+%08K=zp2H7zNP>gI#r7VwPSAt<32nnArU7-a+!VniPo>?AoM-9`ppb-o9u29NO^c1V zk_%;B9K(e>Xij-YFem3^hv^eKtS*%(Nk#}-XUs3p=6CAI=b!O}#DADiOUW+?s-^uH z{rcY+K1^Kg*|mdGqH(p$viX5}0W0ZP4h>f8+W`m`ar-yPO$yE}04B=_w+=@b)}870 zpG>WM1J?MikjR;hX^3Sik@-|AK53HP_o|#3e6vY7-i_niaUL~hTWU6uilnJHGZY8C z@O)bd``TPYo%Oo!zWymyeGSu9b+xn?7!U=IsmGR)WuYvjZM`7vLw?Q9L5a!w_JR&t z>>JP!J#ULA(j{A*>+Z|ePj}?Pb)ULMFm?VBJp8^<~CvXs)TtUd2L%+e0fj7(_bJ!WI zF$(=wN4@%MM8-sT>qW&hKdE8PMoRn3FED{(g+=YQ}-GR4l z{C$rl9niM3SUh)Z|IN%D*w?2MtfW-t`tCv|X=Z56fdbV11Mbzu<b!I0cgj-lwYzS)Au9eL03~FNUffX54{_Tn^OzFi_*T%PW!T z8OL2t&W8Va)OOeCR8m*G+e8-snsVSi$7~!<06EU}T_G+Y|K52~l9onJC zFUHrcfM{|QAw{cqi4eh=Eof#7-vweLuTlIA6i-m>f^PO=l{eZTtT%nU1bwV)9n;6U z+llO!eVpmC^-+#4JXNpMOCJ%7yQ*-CY-EYX<}yv42fq?Xw%t{b8pd`Bp`P|U0ncrv z4dQtMigB7L{loBYV9f^cjna@EqD9dJ6Q3NL`@`1NzkROBnUAhkw2JBK%3mh#>Rp%G zx*ERql>PkW7aII@fG>;%Uzh}ZFFW{HZh?NbRIZ&{60{(qy(ILLhr?u1@cIKkeb9O! z6oZZx|H<=V#B}XnULSfaZo*36DhqBXP=RhJ%rQDv z_Q&5&RUO$nD+}xfup%VJy0yQuU&kq5cTAJD@~wYxW29d5uTCS9&>8)uW%P zf(?M>@i03r=7S40My!ub9FKWEGhA&!lOH1JIB*|^yt!CZ553LLFakmQ(8ad^7{}P? zcm)NhKhKnnI_?ad)|D=1T88+4kyzvM$cPu%Ynf-&XVE-!A%3Qg`=iXEy@83)pBsK* z_`Gen4dS0KA$M;9tKpyu(APR)_aT;o{}H}Lj=F(LSZp82IEzi}s-^%dLG+)6cFD8Y zjVkV-Hvc952T>%%q#%V>^uzLj4wm=UU5@1@iJ`&}AiIvraNaVS;n;dFtq@EnR8OXL zg}vY-eyn8MnDIdoV?gUOin&GlbG#}+S{h_$2=vA1vg&@lEv!Tr3v8zmGN00cQdrvY zz~gg%tfKE|%GU-<4Gm{K*9M^Iqn9vJj)%qw+;SbsM{ zQOjmPD586-1V1+USixa4Dj)g-$Hs+_k87}qAClc$a_HDy86rcD$MMdM;J>5Hp2`&L z5z!z|jAk1_@`y}S^af+p)siugVgtrAX!hLAq!}D4ZE;5SuksVi!V)P2NznKL7rl3k z%0l0&(ovdpU|oamMcYUPh`F|5Rd;3-gAhocCU~P~x9<=9%jxKUlW@h1 z1JwW9{`d4hc2u~7$@TxwV)$E+5{?6RQU7C&KB@jk0nz`GQr6Dor_}$Mmj174q5o%+ zPB7`T{%3qeBK^-&$@Txp)7Jm*{fPdj-seWsyVK#i(#orn`j(>t&Oe%O4FhL(`tf04 zplujf++zs+Z;w^C5QCV3z&+#*Bss)b;Mx4K83>RGq$}3c9WFrdFq9hu0ghdb4g}B0 zQ60$#f@^*rkp!q2XNXQu85Pudz_uAiyKdi(EijnGdh;6=9uBpEfs=4x7}dot69fb8 z%7G!3l0o~&cK~9cZ^6J6XALv;>kMmk)6zY4S7dnV762cj7(rL1QN56{$(Da)=M9G6;U8(o zlgiaI7Xqc&#wkfPTw+W?A=2R`G2&(6?u1xo*;0AkpiZv>dSD%4W6^!b`~{T)Q`TLf z>n1nCnlcUyV zB<4a|hdH6SNtHDH`^Qk3Hc`4878UM6)%+!k%DuIPzEQRPrS^W$$J#Y^&G%h@-JL1$ zIbcVFIS?494uC+Atq&obvODfLVxF82{HFl2ru`P1n_ZglMu}{Ik5_|>Fjb^|x^X7z zs_U3d*NIsBP~ch8uFCB6nEl@~XerY^0gvm+ggHeOUu+=2;9B`IV&RB>j@tiyTYQgN z;faB@t3R~aLf?+ob%8(r@&m*1;GnQ_1+B>Tu{L8bjU4J`9h59X&i>}eL~r&-4N zF@%Obc(@2VAF9B3z#{#Ru+Q;?VyXA%Gc*7*)U3ELzFP3V@JAEHG2Pp5w#<9FTu#UFl$ZR`7#Q-AtD@8Rz{#Psk-&lkF1_Ycfy`G`rMbT0ia zX!SMadwM;apRNv-NO!taUSig-uqrH`mF~7agl%WsN?cDG?#H`hWQ~L zRl26YQ<#}u3sra+XNuuDuBZaxzD|RC3yxK9<1voxS>QIA#bL&d5?HoyT;;@Bf5X<$ zSod0oqw+Wx)Qprb)umMHaKTD7_Omcc)s%CINK{?dA>b~9NfvOIiiKL;)?aXid`SPX zWqh4;j>dbg*nesPy9TgmoLVl8Gm7)$S~XXut*MetYHjKCF#Y z9PzZayN!9qsOh@fkRwKIUO3^rxW; z;5(Ov%kcgdPPu|BvR6ub@SVCAd!pTSh^44>5vzcBFD@>?x-r&d#N%^iW>M`pxbh~# zGjlE0Bqv`(egWu_A!-!$YedO}#)v4AxOP&PX;Q22%GmIt>{ncK%9lnwsTx$#t*1S&B-Q{!Z|7k(HV>f#P$g!aIIlKdFBSARp(Lof3QOn>3) zMcc^kHUU#R)9exzdN)bxcTtlz|NC+BZSwp~V6kq0*$Y*fKQ(*pVEtqMsSYHs*IIjtsgCNB&WX&^N+e~szkff}l7BEcnNRXZE!Ym>KSlni zX&VGDI9~y!vdp-aqq5O#nO{J+Pe3pK*(_txzvQP98a@Bpxl>`5f9EgQc_sM)x|>Qd zaLIR?&9c6ReCC9{3*<~BKCuvIp{xx zcHaiZh5eA}&Ud@-nIb6FqXmZ-fEs#yAmHy&)fGTEGzj$NLYfiGNpo$9zhFU$r3_uN z=It_T-jk&<2pd19+s(XM{`u~dxr5z-UN)@ENBdKD_@Lb7A6tz~f7`NnU?ZaT{&02- zFUhc_@>0-ITE_$pWeC)TvN4uW0lDj3u2URO`!`r_Kzr2crVPQQwB#ZTlg@Q8d`9#t zx(-(tb$9tr9-cjB^XL6GpX?X-_UPOF-(K|b56vkl?Ot1SlD}2m#H!Wj1EbkuY1gCO zu}`)Jj`}}u8}R|S^S^g4<6!|vRFmpl@;t7b>)ffXhHuhD|G0e3sq@CUs++6&2k-LX z?o#KH)j&;xy0!-IDno&O&LvBe6u{e7Red#_esgCgf`KBfS)>9N=g%!nQY5WvFrZMs zpqO)RuSCVH`N_#v&Ii__LC$saTNMSz`EY#2rOu@f@Cm+0oKx%jCih-pIO-v?{BKQI|f3*3n}wPmDiUS z{2^stukwO5IPaa;Rg+^%;r;XS=7p51Q88}{UgCFnzgFJAlv1U+!0JK4!Ia9*eE)Gu zW$WP$=CKALn9+aA3p%G7{1miH1%3(~slZP`TB_+k?i1jrAU*QF9p2OH8{4{0sRlm< z9aDjyf=(!v5I+SOsqA^@)Oh^NNY(h6l1luPN~tNSE%7s5-poji$IlJ?4*f5a_cx@* z<7Zi_#!oQyRQS>JyOro4G!@kSZBVw*&(OHWrJnZ+S@N)Rb4gkAmYV(dz^g@Pu)GeI zOcxskIl=$=&gY^dwS7xP>4I&Ka(X8ZM~TkU2c@VrNVA4)nDrZ>Ked7f=&5DRduk5c z(}lwU?AS3S>NBNPZWcu&ep9a2%1<`w8tqznn9<5n2GITcRf7I4gdMEA!bm3e2NRxP z2_DkeMVC@TY=ca0rnu4mNz*vWdD$_9uc=l@CQEZS@fLkzWm%ySEjnhpXj^}gO=ii?ztp~HnaGrZFzE1Pu7p}CfH48! zYD-x$4hFux-dB*;`nHsm%E8`%qcyIO|3o^8DRH+Gt&qzWrboedxPbrTL~mvUW*Ry` zER`i20_lh258OR)P;sIE<9@|~Js#&Pp|*ubwqzAMi{7mdpNZuago^X9aQVS4f#h*% z1-yqDj5M{viyWBV>lkk2y8CuU{%^PRIZ ztoU-b^WFy4Sb<;)UqMMKX@*{R8~i64QQh2l;4knnGw zD1Y>iEH4XbBqVz5W?V%d?C9%3bE2OIfi2EgzHaL}vLnmuEZUCG5b@u@b2{-^E=iX~ z;m!NbnZe1$j;$2$mt7#xhMVz6{rVR;r2++96f|fUNA_D*{>w)-aqvBf^VsDP;sDo> zZOR|AFGh%yt8PKVZN$k_^Z5V;L0=N5R6vNY2-Vq%<5K5IQ6kZgqpk&s>8kX|=grda z^iVLK8nExuPi5a}`p_T(eb7>Fdj@@S;jRGhrq_G(_sl8t2D?u4Z2lz8QwnAH4ay=Hz;V9X(k7O&ec#N&E42mF?3f)D^YIEN>s=Yjo%!=A{kJ6%AB{ zxo9`Dp5m|qbN)Bw53?X1%yJl)^~5sxmWC>QE^5KQ?EFSFWroH@wTW*3Y|US@*#0uM zAF2U{Zbdrco4ZzMV7P6YSH)Uyvnr4tjA?NcTCDGQ9nWeZa6{k{dM>O<4wIkKgG zm^%l&hpuxf1KP3cjtd!n!SUz7Z_s)01g08}J0?II?&broXmfTr^fIH!gkLVpgnGbu zgR&Dd%`ERkS9XQt_njS~CBTDvzN7}AwTRzb5ap%VmgzgqUl(frf`D?N3vJA*wYEP4 z@P@iukbiX_>Iru0$V#x3TB9Q|xJZW3={#5U5#~>W0uKMeT{j1+_8OUp<+}4Hq%U;h zOcdwRmxT!?q=z|J7rh1o1@=IGZsbIAAzEE`E&f+hg(IjeFdNEd*ckR6!B?%Iz;*0& zN9it%76hlCaPPP*hj?-a7r6WdDN=f1Ob{7p81b)8moeg(oGfF1;JzWK{{;L4!XIcj zZ6Y{rF3S*zfh(Xa8i~#kd|2dO*-UAfevJ;0C6y0oXGzX?K)JxwQ*1(}c*%_hV zMVNy4ojWX^{(WC}>_< zSHVbDPNKP&Y9)Vh>T-2!6!X?~TfOPlltTY2E)c!B>b&B>7RERh2TL994bS~v|MMIT zPY7o3_xQItJe&XB%Cq^zrNu+u51&&UENNvg^`#dlxItNDdiMR>gDA=3A#Zv%|DzRP zS`~W(Gof}M_6QKu>)~EGY4M{u&aU0DmBN zF~eLmQiQe$3=)_PTK_Hhx`k3DCbDFChURLnoGc&elGshC`9DYwkM$1{hu=G=Hq_Gw z+XCz8yGwC(`)=p8`^%lfc2~7paNc*$sk^>+W^~JW1i?nb_RZ_Wn@ic1@Zd!qF&9pk#fVEu?H3ungt=K*owe9%D*SS;oe(u zj8+@$pv)bP(;#_FW%d55gEGH?C?56(wyNLUgfThT>6?EILW4v?F&Bf@_^>}tf9WUH z4tlL{8cP=SVV?^>MW>EV(;7+2 zSs^tM$<$CpAwp|F7s~w19Zc(hs60f|s5}|?Wac2#e(0k(T%1x^RpXb52^$sB(1^%@ z7dKXM{WKkv*XySn+k#Sy4$UXIv3^=1y4UBRR~L0`h47#!3JSh)sP9)3BW<~=7*{kS@b z3Gfyisf!8lR!o4EH34qa6X4?zZj(C7a_g!t9wx7Tz}cc z*7|OF;n9XH1UPO3i3^>te46fD{G?D@Z`a}$$enVJtI z>R#3cwOXqB&*K|ilIzL>p-w}fy=7JV$f2)LE!5l=33fG)h1uy}@aXz8P5nyhK`0&W zo$F^`Tz+(WN~*K^h`dIuEJh#4j*kc7e9Us555=id^__eP+7P?my89adqPT8SMseMg zOt>l96&~5_tDL|QrHr_5wAFxJe{P&kNHZeXsbUetGg$EK#W?vOIO54OB){LrUmij0 z(RAzyCjfL%11QN9`vbAN?;;qYrrBA&hgKByO^USDY>5Gabk~;Y%Uk1FIm01=BHF&hl3y_^BPI4Nw+E6M;-#Hj|neDNnFC-+DKe# z?&Y~5aXvCMMoGLuATbj|&@pidNZdZ4NenfNgd?|(h>%#91c^y3Au*q*sS=+8<`+Qp zv5bsNaIzG^v+N7Ttj zkeM?+0D1#g>(PcKsBXXn=|BUOX@)R^3H<zlE%X05b!C}vUYiWpw8c+tBp*@_JNRh)~ z*27>R!>tx$8>Uuyv$;eL>VGbvWpB?~eU?0mSkmn>q_(8nZSLi{A^p#gv@c5f=LH$%*vr2ohY02qwZnlb#9E3MCTaoPv7U_5C1;Nf(z&7wn@qKMaIXYe;@e!*_JxF;LB<#$DFG5W$IVMVx)`0$K$Iltam5*aKA zqUBhX!LJr=BhO(>T%Ii?tb4IRdObfAyYDg(A*YRnt^1^jVhmmbc9jlyIDdE%%CH1FOXlfNF%>YkpJ{~5k%^ecI5MkS}rjt%gwM#a}$z4J7ud{{{PeqV+#MwD5oaQ_1ij;mhby-WH=C@QY2+)_AOkzsO)-_?Ga0u^!D= z0%vA4ub0jm&l=R}^Kx%(uZfQ4(!LWCtZ!cG5nVoXWjj^Qf{rNk=7GR z)$$`ea8*woi4g%1!P@;IsC6&a^DBTo$lt*C)PDFodiev9_wm1cl9Z9qN9JJt`r_nP0g34MJG0vyd30n zo4hD0Fm_40|D`2)=a z`?RJo`i*X<-SXiRm5XmIQAt~wR8(k7fjGiY0a`wmZB66nz>rAGG)LNvA3jmL|BYIV z@e`{9f86-_v z>1w$|pnqcABO+g>tz zjl8m1Ep@MBY;5DEE`i@&LuhHVY~V*os)rvKE%vc-w}7jpu`jC-%o7HRtmb2M8ODTG z{FHZjXyp6n9qsa+N9>hBxEIcYaF4uO3pbuZxF0^7tcCS^MyOD-8R(iWw<;(BGKk2~ zvzcE;i=sUcXcoozhq;Kl5k)O&zIcUAnq&L6Oydv&E%*y;mu!J%n?CSE^r?%%{Fcnd ze11yDrmRA!rngQ{X0J>b=KjAWzZZUF$?pZY@)uk<$dcc4aBs=)S-4iu9{c~B{4(F4 zU4D1mNAa=A@7w>u2SyfS<#)kA%4)3q-h3mU{fPX2@=kL3y?g}gYazdXdIj?P`$_*J z`Q5Vz@_TvF|8@C&Dm|h6Zkhx6oj2Dmzl{Tu%kSSM8YLpXe~1=sA-_+es3pI1vD6fC zGR6oXw9G+KJ*Sl4xd=k~@5=9}{r?mB)$3~?VBp946O$^#b)ABz$NH9?bhJ6 zSh;z7&Uq3;f`zAVEn~NF7f6297)|oPYh2gIFjK*m+WFgy+BYNiaKpnuf)}AV-nv>2 zlE|Jjr_c;|GW5x^4Wdx6jPorVaWw$x6#Mx^A>cw`V*ElG`c6vSf!8Ga3KntC3M9tQ{SS#p<)2sEo(&pC?gyS0Cpk2^tU#UP1V}}i{sSitJ*mMWe zMthmoVzZpjj@}e8%_7t`22qz0J@a)*{^2>-q52|k-C|mv#lennH$KF%1@!)BJ)PErHy0f*+rTIrp z$;9X5mIC9jN9zp(w2v^rjyV`4F(4D`xZ+j{#zTMsj>9@b_ZIEo{O!c0n*PA4lzUyq zKN-kn$q%0{WLzff8c?kRwlM>@YHai8%|Ih6hSAgdH{=1-kfSM|N6v&@4EvxyTqvU; zTav3ShG1GhO?tzBCjqG_duVe5;K9uTc%(l*pNj5#q82oCIx2;QeG3*KAAE-+^x25htjCqV;K9C7qga1* z2l_6>gK$SIw%m&g_3UAe&k}LTSW2KR>&K!sGbG3syEogKu-kfw9v3F-J;5pUZ%7x#tta_{dkW~0Tedix%e=>3b}?mgaZ{o$Ffr4`U*0s|=?t_;hd1n0KzUzf)Cv#6GlUutqoy!2+!r z*04E2JG;!Dhw8e{V`{kij_+{A}N9l?YsXS z1o1iUz=(_8(OuZEV5jysotpyNnSuj`MUEy}26erKK(Yl#Keb28s9X2gxft<Foa1rY?S+k%$6}b9<;w3Svv9o3xLQ`2^$@*4Q&c-W z`#w5M8UR#ecApx59~Ex3F~@b>I!8;H`=RJc)(^uxh43-_r{h<3<42f?E4~bL&5leq zp$~u-%WpQBLQOP6@Ukf05FfMZ1c;diVwU`xmSahqJ)s|jJ;RFq*x~!(OF_fMe?`t_ z@LNrdRBicwtU02UG$p$HEqFn@2@U?y-bhbD70@>>pu-?|(Kg~6b1(xK&GfM%0HD&f zjGDuIX3EMDEA%BD^&;&cR%PukW41R=XFdX<1(NY@PX=5q!Pow6a+c2zxf2g?0KP&kQ{*hnM`ylV(3S)o6 z>7M2-B7ffex1CGQ#+Pi>{4t20>EUb2pLdI|DQjNOqTr233w{4iox9K1)T#1scviV1 z>=mG6B`=T)}zHRU=Na||s;6z(~<1L44m)VpXKo3jK& zbLjyT@-{%kKJ`7C5UZG`^;LoYj9vRS0g<-g6-sVokdJ zmEn(iR*l=whh2|Rrt4mYr##H21szk@Vn;_$xz@6-tzSetO#s3A%lHot-c>5{n+y_|`bgrS~ zH>;9SQq?7cgeLv(QSu2QD~^(gRpB!E=i$$_($Ax&b5YZ|X~>jN)JrMqWfXPThA_D) z>hslAuWC7m&BZS$)0Fd)h+C_Sa*ka>{DN{mU*s#)JE7acGGF0;T$NoBiO*WcBc&G| z$^frW1yFTU1;{Tb?3U-7WR1|AA13n8v#q^g6^b?k=)kKBs_y2XGvD@w3?^i<3VFCz zJF&5(fLxrHT63von_v&N9l_DU6oBWa3?ERz^Funi36+j+)~8iHBU~4Ff>)-7-UQZ# zy^jg6IvyE`5WPXP>6wK%)M-}Adf_*;Jx@pI^K*B;*BpvCR4OBv@}H?-^6>aVIkEQD-Vo>7e8ND_jL3EzhR48{jD z`R#IXBU?xwyb(x#@JXIu4b=8%*0$~fPB3&?Pv9e(Cp*zHFNQPzk_`^auL;=-c7=+zOrgErKuG-) z(fGuSDFE`xhbY7kL!Xd|45wP0>#bWQ{SOW1>_R4_7V3%v9|K#Hv+u+D>vd4rv`+@1 zR6Y5E+-||B51k_)W336*U@RTwtht6y{99Xzd=s-n{)#8y;Sm$T+G_W3O;}(4yUbsH67f4%G3~$H&s7)q%a$z=RbeqH?;v0Ow$(WN1v70A& z9~k2ut80``6011Sq!~gzg2fK$VKu6h9?oLjkY_eAG}Ux)B|a+j9Utnf`6Zt;Z?*d8 z^e=$HVsX!{8_>tkb9EmHh<)R?7C>xAyt(alDWS{p5w(pbu%;8`z5!+3!8GhITw!eB zP-oSeFm z_AvjXbIDeiW59j(C?wLHuD@S6C}k{i2z(HF;Zy)3dXqXFWprLjbT&Ilz6x{*y_E$~lKaLowU8=qN>vkf20{Btxv4s6+8)CD7~ zVIm4@U~j^)maZ<){8jQhFTYi<;L;m7$jd*;Q?Vdd$y2#}1ef)kH=e#R*=8e&!Y@wO zm<+vv1N|aaWAwu2f7q&n`^j?g{s$sFSFpE9j7YH>m!dq46)JHvah#^DMve>G^?(7| zjT^FZseHdSyM(`SR^v418U|K$eQs;*xKcUiUWPN&QqA*VrtMM%~T7>8z zTaO(7*^rKGT&u?}6svKqY}q!88EB2t<<=;h)yQu({V^-LY-y|%HRun9{+9ZW0aVr) zgU!>>f9*~!MI+wVQpC2$D!<^{OFdNUrv3cmRn2lGY*v!TQ^{^Xf zMD0d4GJLPWu9%H0@x zQ5*8VqdKdwF&$ZomV_>?Eh}>PUOqRbql}N-m=IDge_`ow`4G61QOu~25I1krAmbO7 zLB^Iv3^L9DA_iHexeemRiRz$R1SaO2(g|Cctb{2q%bw&Xr z3^yNy2I4Q>J`baF+B_S&AFOF4vIdZq0%_Lj?8b7jgDqvR9el2YEls<1&hxZ2of^>{$VE6B3jX97Vl zxdcaaWwU>Ewr;kDtv|8ZXEBD?VSf6@Oi|{xQ^ewJ4m;hMU92QLYA#d-Ko23aj3R1 zG>0DMXw%~}i$mo@RJ)e|z@hvwM9f8$qh(=yx<*?V2T=kB$J#zo3&ZHfi3QN1IRpd? zgT*4Y;o!wuH}2%isD+X75Om|7YvV19oV18;)E`7G4Bo4rlG?^Ns^Tq-f8Ui%J({UN z6g{Tb#=@{z@5HCnyvDl~J2kK)$r@lH_C+oG7G*oJFY4IY2I(|31MQ3dd=3Q6%q9Uf zyG88_mVnI*%ycT$YND(U);n%HSLR28i)-&XKLTc{+1+Kbn%({H&oQNTci-{n;4$3c`1WK4 z`8Fk-;XD5Ks&07l5uWfL7nyYC0}S77R>Q{=>^twqktwRzhge`yUD3?&Ls7fMx}yDJ z&PSMqX%n1ZLb$-1Y#)IJ%`fOCh{d`IMFK)lGD7ToUsJ}s-oB>vDxQ+rCOjDTRoGg% zzD>A~d7o9~D5`4{?&NE7RXM!4!ug~PMZxh@2d?6t`|-TE=K-L7XJB99CU(yA#y^Vt zzwZf7&Ti($#QuAWaJcRqvz;*-u&0+TuPk5Ka8~;MhwgsBs1W{D-i<| zp8@W6_oFt!OCqpT)_o+H!b+MjpPuDX@ivbSrlAe{7(v-prfH0b!i=Dl?qztE;|Len z`!d85`|lVrXWjJ1jW@7U*hrm$8-0~#9?#?lJDsXPrVm zU&HIf@(KAxL;~dxgQ$1NPAEPItH+W*PybyLg5Hi={&rCQ5Sv5+g6N45HtL8SEq|{+ z1>B79qva2AOeki8nV_>MeeM6Y zW+ahwLLcG4ke!_L%2UKnRCmQk&h@$F%uGYuwcLNQle3zs>~Yo6S^ZBT3Y-)ONKX$= zP0cSYs~TPBE(7+5BE9gI9NI_F&#fvu;%{1I8~kmfbI|7@BYH;oeyTxSj!zFQgcSvX zu?@=8jl?$LJ-IRpy5(=F9uc8lhN@KqWZHkv6I?8k)j96sCcL^aWon6jd%bxJZ7N&K z2@?tn`fH$kec$8y>sfq{ygZIk{~vW<0v=V7wVeRL28kVzXcQQu1`L7{5F`TI^gWHITf{HAHPFO|)Zh*@KaKUw|ZB)<^132V= z-&1vO-|lq6@_pYt&(EXjy7$(4&Z$%9oH}*t35di)IW9ly)P8KR75q93@-XC=GRQ&Y zh!~4aPy2~QUFy>340eJ(C=!f1&H9xRP|jD}VFtx1{;?E62&- z0{J^h{uavLBKbRof29u_^j~Q1$bN^8C2{Tqn;9 z+fU?q5&t5p{Yh~v7n|hCaVwXaWJ=u1Ws+^B{9Pk|ck!=AVl4Qo?P2(K2FTa1 z{F()1DAXm_uT=JPnmq5epVQ@ekNwXUKCspI827zwIk;sTr(a*-HMBp{!ro zPX3b7tY1lmPWPc$o-_GZ!?#3U474+p$#V|=8u(6^7enj}<6imi-ec<*n7ey8clW4Y-z8tT5vGC_@f5}>d=7$XDp!O$h@JPOm7|Z) zlLqx2GN&?)1kQ(keDKS|ib3b2WMvwoLl5x{YQ#|#cdFHw`dUX`f~(x5;s2z+lVjrJVMOBzlgRCegGaa%<42g ziPsvO<(r6#KK9(Ov&<8}1Lr@aG2DxiZ$i(jK5s#TZOJ^mtsQG(58oIR`Pp;BHWWb| z|2VsdzVjRok~wkeApAyH>}M3i%CHSBvDjz27+Tu&6Nkl?%t;Co;z~6Qym-|K+Vj=BJ$srYpRs&84#d*^@<5J`sHbHtB2Pr+C7e2Qr!40=ucdV5e zaZbi@)MJu@kHPjQVtg)wPX_N1OW+=l&k*yB4Wx0i+Dv@XTKV?I5I@ZQH!mQ6@n+YEo+BGt?Kd_7o$#|}02Qm-&-&_* zu@RlM9LWf?@DAp}iyNV^;+Eh%Fh+rnKZ&?hP02^Pf2-{Ng;=g?8< z9~`rttGF6|kfvP%6X)+x94oqiw5vKFf0L^7apy@&wPzeyVj`?I$Q9jok=1tS34`B0 zV2EfVhf^(++$IxpfSf>c5ftE46eynp6=>YLD<5Xs;MZMQjVI#RU3oWBBIc#~@>_wB z@sp3AG++KW{G|KxC*h|jg6HlG(onnhJ03jnxV@WMF(<$v4lIN0(^b8NgH2)^PM5)Y=f9HX?_wM4F-$%PsIU|cxsv2CR;Pn~zP^!Ny%AJl)l~>V|CEy{Oeg>JAcbi;A3(#9tWhFt@7Lcu%-7%Z z*+zj?g?mK{RdAA2FnV0NR8YtaMOFsi;8p;uTBh^(O(Vt318%lVk7-yw^8|FB>m(2S zw=i@|%|UN^s$%^;*L>$1#qV4{0Eqq6&eM&wGmR9n5~@sdz3@AQ#s(02(=v4!DuC_l>zpbRGi!jU9*;ZWh4VX60CO@| z!@u0K4hO%#Wmxd*x%}wiSD=UA`vDD~M)1qjLmz!#Q}BEEM1fymbTjb#S?77jAi;*; zh>%;s**G2N(-a(-EiUDs9iN(o3R%ys>yEmGD=pMIFDY}C8 z`O*AC+R)@%qVwdLM#B6<@@W2%uk&=5JTdr3hW_5he2?HC;6%EnNve&`_GN(m)f@3- zGm8Y?31!!T&GeHr*$jLvkn50IHd(V7!ODycM3NRmgw3d59&utl*v+0a#P2SR-|IDg z7fOwb4O=t6z%Ogo+@|atgEF2^IQWWl!jS7@0l#}!4Epb_GM$F^^%mrM&VOTAGU#tSUsptH< zsWL*noX`Nb)RkqZDY~YiQj_K2ZZ@v{3BUc$-V!A6?``O&5&Sas&`0~4 zg5Sf50>8k>X5ja;&hw5zf(^eBLu114>8qN6UugbO!Oy|}dxFZLd_ZTvPwieD|xN-KwRVm04{TkLJ@%_&YTYBMTeS`)sPkWg=^iBt^KhL-@M}!)$c{Z!AJwrV z?$&Q}(5)3MkF;BBzGS!BO1IjG{b0c|cFoJK4N3~;HtO1)@C%H9nWJkLGz+mS(KVc} zJL0~jO5ZGywRH5$C2q};Ap7b-)BS25lbdD(WR)$B6lB$3I59cpRR_4R{sm8_aU+7t zs;M12smuYf=6lwQJ^L>HNPG6mTU(;O!{gYV;+i1)& zu0+>B|3}=nROy>d{}KIqS*RTWd9>2K?@Y5^!GG~Ny0Ak5iEs<7qXADctaLM<_D)~K9oF&67gzyFX$j;W1>%$>jyR37* z)~N~P@(mOHyRU96Q5tI`)K*>SSj37gB~bX&&WT*eXcmC$7iJZ%TG(oF?Ea15|AED> zzpgO;Qwt7#tywmrEm=eJ`Ugkz>!&_-&ZSvP97G|0RGYE11$*oVEzmy&i`rI%1NeJt zf9>?9`aKRTK+9iB5Ie$;ZMex>e*1;01qlqro0WbaL z7s9AShw~@Q>5P~!6&Zj#-Vv#S<~qSH&Vh3q!8aOGc$d@elYiLhQ%pIqxdzbxD7`Ph7AYmndI6{zqD}*65?F{=^4nk_>d1GFWTcWh1Lq zr9a`9QF!zr_#NufD5yT<@$1}bI}bs{F*sgd{&& z)P#TrmDP|v+$(y^Uhze|mB#_(_t7d3uNC99WRSG8j zkmmqHdyWiHX6=Jk0xKHIiQ8NCh*Mu*u3;i7fwtVcE3=VP`cZ2owpfW>NU$sX!mjZH zdYUrsYE0K(ltmEv4AcBi;Kjs&0L45)#iObxZ2>?#;_DazC_4lowje;+3#11pg(eW7v>kBPU>8oC z)mou>iJGs+qx#O%V3dquFxHJG7+DTeuoxZu^|7<#LdPNT0}@^a>95-6uIz=@1XyKO zqTEUZkRa6f#X2Jl7x1e`5^7M8`591SHtbzW`Vpk@AE6c?*!nua=G_D8`&YfdYydik zo?OkI_>()J#t6`L2Iyehrh&U6`>TH%*gY*h8C89C9bnfPpC=0J*k8b_C1J3>B`5JcEj6^wfboHas(d$NN5GEHQ z;q{HrLAXPA+dpwHQ=$3IRHiGw4hjwH2$+_ z5AmGrDSR9Tpq~6yfVl4xb}I2S-M4ph`P8Ka>UF@<OT+cd*dG9Brng2Ukxg8xzQ9t|?^^^sghS*B zSgP9LrVed>66$dwvm{cGK+etyT&naU!;DFM%`LNoYV9H1Tf+%?uvDFU z2$De7Xf9Q{55XbSROx_=`&k=yX$e7r3Z+l=BuDt)Py#_;_}~goSl*4F9 zr!bvkfozYJAkUT#Gybb2QrTrtq*U+k_f|^{RhD4Y_58)>40*;4A~M2zOx*8E9die( z5t~xE{}H%fb-RYU#F)kGU;uKiNgn2T<~PZ6s95Kb=8;Fj%KH$6fL@A>GkDQNlu&P^WqrYFLPupl_0TZ*GBme0@B=JCZ!U!MIz#b{Z7jb)N3^ zp6**cYwO|Wyw2nAd{XZkwY%>(4WV|c6Ld>eSQRNYOZ@N|8z}d#SJ%N8E2{2aM6jgFuPV_fI~4(qDP5O-tT3hAKT0*}wT*_Cxmq5I() z=eBg6IuBlN>RkNM_j+3mxmVO$Q#1k60Ysgnpdi4#(@BGP+;8zE^x93ca`GI&8|K-U_J0Ax!}{EB;s)`TuCvdhhBMh zoEVq6KV1XO12!~2BZs+H!0hZ^u?a45|FQfR_Mh#ZJyV1G{aRs-LPQ*WI`$MZ){AKB zc!a49L$kj^pmsjGA|KIh=U2gNxU8&I_G9mwaJ5wFQb|AIp>tCl4Dd@bz;AkstbP*6 zs^dvuHgcLK(S0$-%{tZ4zwc?#_KT{T>F$*h*TZgSrIvcF5fIca_4D1|g6|>~jA372 zqwxci-xMxf_`^cba0Nfsi#LxO$&`-jR^YcxOpL?^|21XrOTaAtFpE4q9 z!;p#UXNRLIPI@(l6;;&Znv-34l$s*pw+*Dzh36xLdJ>b>^!%e&NE7pq2g*o_D}M6Ku+_#* zmfDC}IH8x|B?EBmo1q5*yqpjKUZ@7B*Vi}(lp3aR4k$DHsJnRMpR6wa5e^*o{tjIe zo9JIN{GsOD2#SIFZ1}^)H;3u36T2s5Bloj%+C`BwqHca{IL=LtYW&ILFK(Hewbwn9 zJ~p{HMB~5xKe;$$rZ3?1oPNj?zZdHc&I3h45plz}_1?$(OQ3y2raKW;kMfN>ffNCe zW{LUVQ6f~s*+`x?W;i)kGr(3{{yr0!Q>#rKVMV#M|@bQP}C^qvuBMKlE z|1CVH3HWaF0={H*nBS{kx8Qr4nc&XqqUPiYQe*U-OprPGqrjJQ@?b7v#74}?+=>GU zC0+6NgwkH4d>!L+S6_1DbtOY@EH25*+ELmW!9<3{y9Sll-(H$TKoyhh3NfvU0`M2o z6BZ7hE7n=Fl|kKM9MRJilJ;#qZ-~3ZHz~<=iLX@>L$s$;;D%=jN!Z`z;cT!1@?CHB zdulEZh*JXmoHH1XICK$tZIuIy8FuqBtHZsCe$>-gmBCTYOyRscEEHZ0k;R@L|C9Oq zSdUoqcho)B{5?RoC9WbI&f(_oi?>_-ir6}(!r7vo>oRntFY?I|z?p?^8(AJ*0++|LKy zbenX)EG5oe`Bx^<-F$V`Sy0xH0uS?oNBi1)e7BxFL}Pr zpRo9oG*AipwpCqu3$;Bj$KydkdS@cwUPX3hE%i%CPF_?~?Scml>d znEVO9M{OjqOn?bP&B3@msC$e0W-sJtU-D%prvP;Cjc3M1+Gy_JQ&t0wQ(2@tEf5kttAR70{Z(Quabp4;ZvSU>Z zB^@b3N&w(rov1Seumv*<0w4w!iPcQ2JE8lcn>YAPZH!+a3F3^_!ynE=Aks0XYJAcu z3^;2fuHsGDSff3up?5WB~N zt2#I1x;I?a`8KZV3|d!pZr4|Jf>}X2G;9l7%qR_#6jK8@5iSD#OpPJsIuNOW>U;y# zl6I5Sze){$Sw&KCWiu$&^24thz7F}2Bwx&vUS)a~AeG5?7#-ypG*e{c(|z!he*N1v zyyznNGu-6|flu^v1bpH8wIG$D>LG++EBSsgQB>D9;0j~=d~bcSdp6ewEaDwY`rvP} zyNc&22!lcnph(Xoa1Njq7*j6VzyS#@STP@_D<%>1rHdk`x_u7tz=i z(U0#(sv`S=4MZb@AJ4_JU~vW#YB7CPFvJ`V(L<3ihbrJ{aP;SGs}j_hH;(JuR@bKH zxrb~Cgb@FDo7nxK;YdPvo)-Vlz4Um;DAavGgQMFO^(U8%4`940C1+!%-a8FjM4d2h znIZ6ada^wfU&A{c#hQf5R6`$OsKka|TP$>TeONy+SWPxWZwgTkZbC3WajTPx2wbol z>kw;jJ@$p|_3Mw+{iE)0HxYGB=ncynPCHsTds_Wd#kZ%?zxz-M!!@7m@lA6E<(#4%8|hnBJ=bjLHFiJ}XFa1%AMJ1ydkP_wpnLP(>)#JKa@x@Vh^uJQr+X z0G&ILjfdkvA<4&Iq&XK*l8&kS+e>GlDul5`MPe~TU0?}e`Xp}9me?C$8W5p6aB4Ssic| zQ?-8(Q7m>MOfN{g7%M>;BFKsTVG8K?gF6lVCT~NkBKw22Lcd^3oAE64yA}!66P2(F zg=9sTIY?RbJED0O#5;m(?CWr9XlD^bnN0}Mur`trZIV4?tB+0+)xE~xhn)Ze?OM8x zq8FG&vKNNQ31<8@<2`_kJdgqakK<(=xYqNyP=fmLes;b-5(q^9T2+F18EBeTe<^N` zRxj7I+GugX3;O>ky*YU)iFn3t&7&6UjXS^jg^g^fQ0*FH1vZyZ;k^I}Hf%9afw~t; zz7l%RkiecE`c+E!*(FMsRVevy<<9hFety_Kh zIqchlzlsBx9jp)*YqrKnG;`Pr$SP+w5^;m5`^1I%@U*T6p^d$OcwuhE!6wR8Z^4Or zFRx+76$uo6(0DN^xInmGY3n=?GEBvca}NfwSDl1Tvb6%;A=D0}#^@3KGxBj;F{e|p zjL)0(f!qHqI;W$72|rw~X1#;@AYjvV%7Pp`mNf8G5x1csS6)fN$>*5>X&N`S!IKFa z`Jpq};WBAN+wJ`QN*?Tr_%{TZZoLfl{vELQ*H>gOdXrNHQt6N#^}!ur!fJNl+lJs4 zq-e1*7@o0#h^Nd{eLRS_6`fQ$8cbWTJpqj;wIX|>R3`Hm5VH<9Nw-w~ebxkysuR5h zUtlDFNER#l-A&C>*r*ISyjJ}(sThp)^P+5uVSkl72~ zL93c5_bT6KKuyKLcz4xYa#0_Hy_0)Up2iRgJwBk4dJzuHGC;jv_`i7)3;*%zr4+N+ z*Li$$XC38#tZ?qC6Qwd#1SSh92gIciE1sM8O+|Ro!Kn}wv0~<@c&l?j8y87IC^W@M zWXNSn#P6LbV==TctdTq)O%AWqAh(k*fKP2-^vPQIpKBAj@Y^{v)V!tK}?@4r+sO^w+W^=hv7Od<4m@=?Wh19{JT8XB0aS z?LnP=eKQCWwIX<&QGU((W$xee!|es@7YEDp3oH4H^-F%SF4fBWHEFx}%a{cVoG+}) z?sQw5k2^RW zhSe_(9TWOru$??#u9{<($+&Coj58=Og0aic%`I~fZb%bF3@A8n((%YC>yvxdlkK=i zw!9r;QYZiLiX-S*Yj|V@LU4=%9~d&nn>Li_Dx?6r5DgJo`I8ZUaDSqE_CE9qDY)nE z#V4d(?pb_?`$4j{xM%l86W;DHPj@~sxB5fRuRAQ#{B8;(PjbK)MLJ> znK5r$Dq{{V2aB}T1LD7(dsbVlZb&7%tB!}+RDf_cHffFl2wrw*eB+hxGVQbI-m7DH;E1*gTN& zr-9}_il+H5Nb^%P&1)j~N{2i5vO^m`a*iL_a;rZPn&&)edi+6k0<|BR9CBwR;bUD` zNlFjl-WCgXA80R3f4?1*(Bh?Rkz53@0|%K@ngPGBgyEkRfiERy;s+dJT-wl~)gKJ1 z`K}f0IS9^GjvC|gFu!M|yW$utv140Yd+W}_nb%pzju_6Oj;O@Y%LGre{rX8V)l7nGP4i*L+~tUV<5dV+?5M861tUi z3RaQ#2>s*Jz>>E3d!f6k)WXeGFrXX*ZkA32qyL?~M+r#oL+$zbpr`jx=5lg6d}|Cr8g8 z-x!ZJGtnm2`$LleWGsVN3!5d+=U&i^!Y{5gKYO}kMcVH9b*E?TK{!gl`?1w&5Wdvl zE5S!#|KY7*Pl8^NYT>TD0W^wK%aVcAB|W&r1?yC!^=BBH!14q^oJ+FIc%wZAPm;4H z=9>rNr+aoTHkcW}sypoP0t!*8|R~;i&`wJHHXt2 z%M#ZGf4{TX;*(qKDWO?bpA0bZlvaJRG!w6=!OdZfAlL5sD=0=`@eY13p8pYmk`Q!9 z11QKhM**puFGs(>d%p=tnZ?a1&^REa`iSzyul}(DsKfCO1FQp=q0v${s`*}$riV?q(Y(pJc0rmBmYr>cw5ZR(G!-#a#NwVY?ocMDw2uv!DE_b&yg zMzBFAs3uPqx|)1-Gs3}Z&)SfB2yRTc9@IVaP0Sr{_qRO$j=zi8@Xd{{r&JFC0CU$1 zVTOhmp~?3#n?|w^Z@v397C`+)&it4T$=c63NugXM;6g4kVx@x6yGbR=X#@&D+G+&H zC?oT-6db6{mJSPIRlCI3 zu{L-0uFv(qOZ;gk=C%1S_l+~mzr5Zb<^H|lkp7n!|DU`zyK~=|Wd7l!^=hE`=XiCY z`R91m&HT&j{as%CfxI?f=B_C>|ME`%QXHuZp_%5n*R0EBs1M$@vo2Wi6YMT)zio-A zFAZ;bvVOX&w|mydKn50*R{dc~zvCIvxmvk~R@Rh!LU$d*wM2di4nc7*VjA;)gIg$6 z?@7qi?`76Nzt^+Jia)+4t%l#J-#;iB%?oJRwS11!?>`+)`rk|tnhenISwn<=KZ5!_ z1wId|p&%{#eW3?&j*Iam%Dw)~?FL}bDEB}>3B2wx&_ZhVTV0~r=YoN^AO|>$di_$V z*4FF2?9j$dh6U-*5jwpL*PJmoIz3iQ==9wn)VgQ=0d0V?M4L~2GOW!bFe61iTbH-? zA0e7SfBzWr2U2a^vp&~CbX#}jFX)))_t5XY(chupO@b&PLR`p_p_|j`VHnW|%WNfg zNptt?@-D?@{ARHsgC2$~zDZ^GpXI8s%lMZ9p1_)zus0a^WZp zwiDVX|7nCvV$h5e;$vAPF0YvtJy-`KPl`a~1#IQDx2#b{m}R0y+3T+wi~oX(ZuCnUB%Ez!P`LO0*)U+Ex9N;jj`+a%nXghQ?42~%z zZBgA}-4bws*fkY6NIR%5tFpl1)Z4M!L%g3ZKM)WsjXj+WJ@pU6BS1)Djqt(uL?fJq zpGF#?sOm0^%~l10f6>+zx5S;=VAn?4`Z6!t?1eTDrwc}*={!5R#4l9Rot**ylSp91BAJL6HM%Q+P5qNuQ66 zL@UW?MN~vFlSJDuqF^%Tae;|m-v{92uM9E|x2!WrHRC)bCQE5pebku;+Cm$&_YCyKvAjo&GXpA*1sdw{nki~sP5Ll%c4pUC2z zy}|oXG(rr=(q_c)M~8zZI@ahJ=$z_C47XT6mFMtEXk>6T5$6{4{EOV@C+9Z{p`nQ0 zY-jP`n;-`xczfac7GN_j>IzAu!xV>4)4QYCT2q4ey^T-cIO4%f!MIEq`Az3}dQ$ldv-xAd|5`g!~P-S-belWEU;={@Oxm z=y3aMw*k2RGh4pgzhVfs^7tr;v z5n@T?^E7?wONAQkuVDpjhrP7u^%1*j`!F(mh1gbS2`MEqR7i4xNy3<*<`A9^IpquW5n8+e2Hx(bzPGZEU_g#!`+=6aUG>b86<4+VGeZ;6&-g%Ux zp3UZ3*rSdR%%es<{UJT-8ZDS(2WcWO95H@qU0(uJGX5f$5fYlyy1;PED6O5;eS- zZw9)Kz;L6znUBSTra}Vp><6O zL)B2ZY+*=*pefYPn-_w5p-J`ps>2IGQ9wR?Olk%nA zz`JGzaRqA?dnVg8%q!b97NLtD8mEMF6XHb(eR>GSsvh30k%=N3n1W#}r66cvy5H?= z@ZZbrX;LWasVJ*c*0SkW_P07yfBioL*s5&wzc2eA3t(I= z!C#z9rUPI&{|13f6SsjFmQ1td+a$z>v&D6<*$``P%O(n9Jp(qxZj_)~hVV3H{Q$Z> zDnNzzw~mCg?j4AJw`ISN9#U#dNi?7$_Q#t9)~Rgt!DUgvin(bM1*^DwZCDMWcz>ju zHW2-7FA6Wn&fo8$0q8?}^nq%ja7Nk4)XM^>L(Iak|JdsgpBDQnXvovl6fszVW2%4uT+QKJ{Ogc}|8$Ai~l%Vr<{?8P6wZ==4Iq$q-&Bq^IV zN#P9t2q#|;CzphiPa|m*!RC=_JQ1~}5@4u1ryh5%d)5|!z*6JR z@@q9NesX}DD!7796gi?lIF8$M&ixd~yGD`Qk_EVqe1+s|VkH<(WE43dQWi3BOeZ46 zn|%*e?R#&rNZ9PY(SOhEzr{x76>PHZB8 zE2ltd`QP4O`BNswSHF}X{lDK|Nr31G&92$~mEHZ(p=;S8t(Mk-`uEY>Jiv?U+;%j`k|E=%1qQqmsIJIZiF%y-hY7p9t0$`{{9Xq zLB`x2LY^S{=*HZWy?OS*joV0H|Xwva9Fe8D-sBb~He<$wTb`$(+zzxF{xQ`wM~NE}xC ztCxwQdMSP|o1qfGz$ODgU=scU5x^B(M$oe@WDkP>0h zN9P)w)IaNmcE+QfnCLR%*ZwP-6~FH2&(@j{zXHJp&@7sfzx4UF>6}g#yRlMD!I>+Z zU&EioD=*~HT%J9HpGgiNhDDW6ICyqE&P`37(jW6H)Cwo(abz~%gClG>d4%(@XYzdP ztFwyD`R;Ximh-WzkWlZ8M{oU!{}`?7PG{X2R^5nZv8e>-*b`1d-HmH5l$yueH5XVl zU&5NF>Y76Xbj>NOIn}Be7oO>w*W3`R=5A7RLzUI%-&r*$v*r}3IiYtBPE*OwhCd-& zoiAzl4iWM=Z-s6r{vlj>b>fp}5DqU`btXK9XMw|gNT|xoi8TVcVnhCV^;$oih%APH z5{)Vkjy7i^6a##IXzeK}hliXGJ>L}r5!B>G} zFkcWA>eh@^Jc=jmYo$) zI;Tf)cNB~bd{H4{h-3l4zXPO`G6COYB-#fuN476L9;ptQBRj+bv?-77nerX2@+{RJ z#bcEUV@b~U@&46RXKWV$`oz+Ui3X2vBxtOdkav~#cEWKBY=-3D0|kRw1xY|lo=lfL;7np81uc0`CiK5x5*sY zMu65fb7b2_C1Tcp%;hzG(^sq!428Y{NOzUy;FveQu>fc>5e+idlwO88bSFsoX(78v zG9~@&OecKZm6bx`n)E>96F@N~B*;`=hHE_|5R2p?N2_s_NT=h|E1C6$BcCFF*E-pOpllKazZS4jWr(){*rC}!kI|^q~}$j3AS&8*p%nAl=XwfIX|swc|`P) z1NfwnKP6E%NXqj~PR*wi-Jt*=JZzhRyYwnzV0 z>L0r#qW-JH^=JLB)PLfO5%sqU*T21IGw=as;VIHH&ExNxX7H-rAuai%3cR-%;wi5x zov|O$-e+$DCq}YO{IsiZf6t8l3Gvg;#ZRmF(he)B1_d*j-NZMN@9wHI@k)Q}gcM%7 z;!E4=7d$(P7i|!6;Xf#?Uvfdw^3ja_iMsxFcKvnokqd&9Ohn1`Na~WS^~)r?{^#`z z^jyR!o$EoowCcYie%f$!V0`?vRQwdgmmV*9LM5CZ@}cxv{pKn>O|rj_GvBX>FCDJG z561T^loKvx*o6TvTjutyhEZ0R?ix zByqyHt8T!8!buan$|*v{#NUmAfO3qH{J~v0hR?uX#r|vDvtPwqq^_8Dh4jB-|9GIU zVt+wtN9j|rGx1@eFMu!O-BqpePJcb5OHVRD3IxA5)w!#_KuTxYuHRibtsBc1T9{sE zUc0LpZ$PpJf-mZqS6i9>te>xOSKVi23Rd&ojQuaiP0PX0i*W+s#c>vdZVP|z>Na#l`m>Y?vN()VQ3Yw0X ze}3>n#QYt?YDHdDr*uEM`HN)|ivq#~Lx+GV+loKFFC2e7dGe0yp=6Y_#j?>3fnjR7 z{q3^|Z&S53B9s?qy+oMxbB<-fPI7$iS)Twwpu~Kx5n6vGFOl`7>T7qEgg29YQc~ly z%nZ@m>&t;?0}FAxwt0x>oJC!?h)PN!&FGnok1LyNrz}dx?)6&r@*}hd;0r>iAQ%ee zyduhY*ua4f%hOa)aU_h@HW=gbx^K;0`(;ZVX74PXKLoB?-u_-_+*+;z{U(>}HO zTn0a3@F7$MDS}~8Y`u`*=U9k{a;Q@?&N6smNsPog#1d4%JST2}fuFmo!6J%%LKHUi zAm2CUzok&aYf8FsQLiX-#g(=K;&7A^vD#|GNJ?Y3Z0=C{u3%`RqhgbcRex{R53h1Y zZN%l}o1}#V3}AD;vkgt(t7k_vWUbp)OG4i_qLm2!i8Y_-@nvxT3p(8(XrdzKm*QTQ zND*Hh>@4z|tzQC=T989xL<-J_<9l=Z<-x8_ECi=mf}81}rq8G7Akah~*+ZNSXAa+; z=w%s{k!$%B-P6(1Q+MSE$*Q$sbh3n0GYpAQDe7F44{W+*V2lad0 zRnN-zy9!wU9R=>Hhgtu9rtn-x{rOh?NQ^2_H<>KgI_fX7>Mun7g{Z&CT}6Yp$9EU@ zhfsf+yQ)9y?`;a7?Wn)lsvn6_W$FZz<+yPDbLR*5^O(V1^&yrZ zkMB*IQ|;A>{4MKszH(PB!*})4sTzdON@k&>nE`w@L->nMOJpWB6L}{Gs9H+&c1?A2 z7ddh-l=Mvb$(qM6?y5Yg`Sq22(Ei(RO1i2q+dtQ|f0m>DrBaI?m`=}S3Dv@Gf4}6A z-p;L+^voLh(S;xyF%|J+?*CLZz}v?(xlI z2{jXWIsTGA8A_U~Oiq;g%PvXJl%K45{8E|=@YnNo*6aK!Y2CX9_Q!rIOBw|eso@P8 z8t8kNPt*Nhbb2n!s6^zAoXxQiorARk;~9%_(GoT?r4%Y> znXK=N#EvOTbyW64LG8#1v0VZn?|rikyndgwGK^ukL$;?oVVAQ?fH_JbbZ!+LxkjxUGf zgGPU0oVLqCXu=^;wv)jY(>X}smV*R;Q=LBIIKRHh9w)N42muoaFvahybL^q!vtu9> zmS@ma)+pmWAEFk=o8oC%?7}9L9xwVJ(Uu#JmpwxK)8EA&Gzl<0c%~k=&`&qe5Bd$0 z0>=hma|TF@sk*6DG?gA3v;&%GCG?EIP{Z#$^3$mJW)c;T5xoJg9EyO2>^An0Z~%b9 zU=cwI;CdmEf?huOfN?hgRT0w=*-2e_)ou{U5E@kyJ{q4Mr;^q(fV9vV<5(BpNSH&6 zVSqgo1rb%bLR}Es4&cOV$cF<2{u1EYqt4|6J|rQ(iwU%k;M7Qp+~r zJn4bZ38)M>!?W6RkuD7kdvYqW_e^2?9r+Do@qi|T9z7oEfIJpKK4l?)nMb~=7p00R zpn?kA{1J8!Z8yF0Tl7?^dAnsJ4JxU%3nVV)xaEkOEW$S-T%v!3HSHW-C(Ad5Q_^)(ILw{h);5%MhZzFNe2}#`U0CzU>Jn}a?yIV zoy^9^5uE462yjr}J?ke3I50N%ZJkqoC~?}5oXUMArw;Lt`W3zr@wW}&%aVS=--Fb5 z5pYkP*DXE{i*a}ItYUU8hZDJsel&BCCG=+$N-gb>>o1P?RNtBt^2_Hys1WZbmiEf^ zd+>fFdReDjxaDZz6`FETl@7&%yOmBwr||PBszafhN)ZjZPTiRqFGfW88(JfhAm;WH zhL-7R$(q4jG%^6*(jU6V$t^$Xg82ZYKXGgluN)GJr+=J3;j4Lw*4Q-~Gb;42D17Yr z75I4Y4L$XM4~C%p<+@0GSRv#+>Yafa9qD0oZ2#Pe4r(w!H#i^o0N3Basdt@k;#FeO z-iG+*BV1nhl3FW9%}D=1guWM0V@8uZeoX!7)X;TA1rPxCqAu+tP;ytz}J~;STYmz8T2xv4Q!wd_Z0956a3`_ z?+6RZX>uDBN1d7?DT6D>FSzPDYeec@-58r0(K!hb7gj%lCwRo#r^+7G~3}~hn08hP* z`4S)oT%2&2G4>)lIwdxf39f`YjlEz-B{cuPR`|ntl6O&@8!0n2~__ zs{Y?-nl0pz@{zCGFQC~kUe`P%U-OVb*BY7?XWwwx)Iybc0SB%_7$Ps$n=V~H<^J_r zE&P^YX)6b_2H|d1zHDS}SZf*J;4JR0m?Y{bNDUW(bc`QVejssL@=*VTUqL^E$`8ih z_C8;gYzm!@-_(+|_&c%mcrQ3`AQ03684uj#u6!Ef(onz%Ui;3Pzjp*={yxx7&)*{A zj<7h>=a|1m7C=;wucKgb>c0Vtk5=jV3s`Xe_M6-kEP7@U7Sv2MAUc222oT~W14q60 zVW)xr{Ea{)=3@tEplt&&Of3j)HLW7!%Od`BZq_z;1=$_EmO3YS{ayP(enPru=b@F~ zmwpDIT~XS$H}97TzCzK$J|3ix7gBQY7$cM{{yKIr7oP$cV+MHr1@Yk%L7RCtFhF|4 zoLwZpC~gi`kfr#$F2}Nu3yt#Nenl?o$?~M$)ste9C75|(jKSpHlpDVn!$(%!#L}=0 z{X@jwlGM;p4HFu!stD|j~uU8q|iDorc&m@Z%OLo2tHeinLuPi7XEgJR1-sv%*!)0}=Wg@@)2+KMLW2S)CNBqx_*dv7&c#{e$BpYr;WkOgG%$ z%?kC@OF}Xbi*;#v_`VZKx@2tN$Vmh_)|2TJcPS5#jm^YFKE5bQcJ(KG{~jh+1|Vhy zJzlo-2Yok4^;__90(M~i#Hyg>ICT=54lRpfjq<4Z<7-+zE+Bsdf8rl-Doo|+;FMV8 z_noHKs-jRE;1qYGtgYTMaPqWkssH09P>9FNy2t|638XXx1&wXcR}6t{@3gmrBgLQr zUKqM~;N;SaSYj|N9#~&7HAQsDhcHyIUY3`);vr_>9u)Lnza0qf^EC!Lu*6-tgk-|& zt6PrF;S|#%MGhEF-6vp4VDyL&;}ez?=h7?*`6$2n69TgwEGfrkNsoN4SrUW?abiiB z{Ucb?;MX)u0;eHMdh$x43_VjEx6)*)+r>kL)6$mkX8lu(6lPEu?YQ0!F)3oK@sVRC zXwJfYx>10M&a_883Brs?Z7RKeY(fjVqpio5ed4Pa_+OS*E}*8%1r|6Xdn4%1lnKt zgF(B<`r%bMQ$5*-PzC{-mFWJD9Nfx6yfxTgCWC6DS0QVtF~=7M)cC8LDQkfVb3#{> zV6iEwo%X3(iUlQbP>V?|nm7G<r-Jyy>6tM~}rk@U98|wBsKDc`sny;!hnHH^-lD zL-Wn?r}MBBg9jFpKS4L(A53XsQpKb=FexqWQb8<7v+C&HjOERM_s>U*UO%_Iv-)~3#7ye44TQVdSMy}wWmqIdZRYd{l%ZS>&Nrs zf(&;<+~R%{J){HsWk?6{gY{iaoTW$g6spqsf)#p1oE+I4QQ1A0*tGpZCA4df-e-sDU9XSV zY5oXGm;${T^altEzNd4Ml(U;cj^4CFH3Ef6Q1)u_=vQDX|9**VMMQfV48~2gR}+wO z_>Qvz)q~zHD4wo?R9%o#k=;#l3r5f!Zbu+SAVHKsx0uNM{)CcGaS_A4Xrv;$eu7;$ zW=Od1eD%I~icqPPCGCC5Cfyl9fvrEKH=1Ylja25~I3v3J3Cg1eY^>G!i^A_iZQoyL= zMA}KWe#uQ@&)V;@@n$O0EkiC3d^h!Xt{YI7;<+YaHQ263+|F|pv~l>7e~0==xPSt1 z@;)(|Pr}cU1L5%0gZ^?CRw-V)A$tg*piB=#;^zumu*NXl<*B|L%;-M__8bRUog9K> z1({y`+Jnp=vL@8t%X2*OmuGr>mtaQYdYfq=qu~(J5apMeo~Jtk>*5o_j#lH7zGTvK z`W{@3+@d1;FH$`&8*<~ap_!-@)ueiQTmtyucjNFJ)L@HlV%_5UQ)gsRd9nU5{a8Eo z>gM}!s`LTlb%*GmpbnmW1l>R{>cvOFm_633G%zJC-;+DRJKzJ%qX6-Osw3?V+mDM) zb=v;6Aj~UbEs>gk4AcArQ(+1i2I#Md3l?n)Y5;X}guAIaj(JFW-{ZB>AW0>f{=nuy zFF$NMM*8d5K(BhCzsg9!oAM!Xz&?m$>LOkkja6_0Np)3=P1_vR3s5mxzfW zEyDC^9UD!YRO!KzSj?em`DMXI$S=J~&Ae|Bx5(c|!B@OFNB!K-BVY(HsD{ z1-yjoPA8YCQ}-aQ;=qaSsy7HYw6?!kd2~pzs39?YPC2LSaA0(IkBglh{2 zbJGj96YN64j&cf=Fc8CM@E_7Z!g%zOr5~#|_TGmhzqGYjU&#LiRB`J5pCj<*PdI(Y zS#j`B`C9~<28?YQO&Q$?Agys|G@(2Gep#E&kHZaU8c}8m#qJpnLov7jJ(jkr*9L3w zo6n*X=>6e|n4eA0D)g^KY^=z%!v3XpQ;Ws=!#LUm0edme&PRW+r&-m&8iAn7H~P`*jA%iL_0nanbK&ty-NCm>DNA6$`@ z<2eOZgfU5;55AMY`6IE#L8}Y)eTz>K)|J}Q6`!P5cR)73aon@uH z5uHw$h5D_CX52W-Q6H|y)_q%#A8Uv5yrmn?5&Pq|60m_1Onl#6SS_ZLZ=6q#4aNZR zL>pYrXMbP*QWpaz(BD4n@8keEmX=Cgp(k{A@u(8e*U)`d@r&L8T3&gD8?*+VGd2*+ zF%{Z;og-p$$pg5gfCkmi{ z$`Ya`BA6ta9!JFrn8VG2N+=BH<@9aB0EzT(#s+p9AfXS0rWg1?PN(1r#*WUbd}=O8 zVNpRIS@{|jMsI$O{l$`;)N_Z32+PhHd_4wK!}CP*hn@sv#qI(Q)v`aDE!P}%O6l$f z)i(#QswugG6?;@`yy6%rT0izERNM!jAZIv~M;aHQ7o!TRxS8sg)NdOA)-rD6VDBCG zX>(ooC;VwwgrQCltcV6Rr1((RwJKmDh8R)Xzk@S|LyE_;5~z(1=^c);q0LCEj- zSn(Nn5uw9DXUCf3Kg&;z?$!h0GEMNG znJi;>>qE066v=-MH@C?93smN*P84xS-8iHt9wVb|D;*JTQZC#v%uV>L4xXaB9*~b@ zw{^n~H{6Y;%tBoTSa>>IritM`z%ur5laFb*>b*NKQoE9jW2!{MY)AymEPj7v@b(D5 zxAd}20#a$9# z`-00?@^bz_#VMrlS;XmAP84Rr$m*^-9YPj~r_H;tM_>I&^s=;e2+5-9W$BfZiD1fH zSVtDJTCq*fm13AY+MXrmY0hcPb7SFJ#e)8X4h7KQzJHiBdzqApC8y;{-sH(^$Uk^` z-j)-v44x*%;NN5|ocY+3G;Nu+Gm+)P`~xQH?=H5f-B50-lu2bazERsxV*e7yVE-;O zod8mA13(v}rw;ywb$g-I)HHzZV?E)v(czmKwVf0?QNu>JjrC=sZvAT6JzP)wLalaK z5KaO6!4WRQnlNtc>|_;IS+zV<3uze`-R4Vyhie`p9^M;lqr6-YniT42BoRK#`mj2g zqtZsBD16*2#hrYU2L^FWLR&db!81qg?Wpk+kfD+jz9)H|18@m`WSm@&C?A?q3w0^*!bifT zn&5@AS;p>v?uQZm#}tAd9ARP>1E%=YswsP&;yiU<=*gCo2yvVd?Cy-RuI2kr*|`Y& z3TG+;d?5b8wGiF+^%2p%>N(~^B`InHUPH-w@lz3dU&4=Se?66)(&;)w#rYP0>o^T3 zO6%LhgQ}vwW9ix2&Xg*~4`&)*lS|IS-;;4RtfKyu61SYEq(Ip?v$Nolq&Xayx@3<5 zPB6i;x9IT?q7gkxe>C@36|-m|feSsv_%zV1MXj4G5P0Defxu$?C^txo8jg-Efnvb_ z0%k*LlG%?wklEP}kjx&qs3|g=+d)qlG)x-1UNVZ^wTLXu+8+jg*7BER*W377waE;Z zD8n0vrM66+!`wDy{kTXNY5z0X5qW`R>rc*M8(CXQ#vmwQ$M??{{^Z5;U|4fIzIT3{ zH><8>2)yNLCB3U8)9XKH3d(r1R7p>-Kf4%Zyjk@nsYuVa%h#983*~8(Mp(TT%LqD; zO1qFdVJ4q=UY2dH*1KEO&G<#E)Nc-OHL|VhU5lG`4 zYnn4{+kIHhbaUfVR(gJ34$%Yi69W$WZ_ot*E#^~R0dcKKD+iYCc}ngp^JC{l1Y;eE z33SA)P+OVRav9L{)bU5iR#ltaRl*8oXGA6~kd?0*1`8;J1WXZTMY@eWxRV z-=pfk3ct+$3!x<7|9XB?@O!k4CLoLcw!YK|e%DCh*zlWR ziW~S{5YE~Ne!ZC0hTj)&9U1&i`S!mGzY#sc@OyJ5`QIGjfBl+*-*{If{2qO=5&XJJ z;n?sy)f6}IJJ8pj>W$#{BRyGc_&xEDBZJ@eum7v?YkPJWe!nODRw04}_@9g`CjS%v zobdd;ZgC^{eRG}-l*ar|{6@xc`QrNVdN^w%_$^^p8-DGNkp3S1>c0xV&FNwI{cZ*M z-z?#OeVU@b?QmY)`|LIHzbfH>y_FHFNq?&rHG*GPDI6Pqr<&px|LbK>^+xdfk-jW8 z{6?=kGWc!({J#pnwq3*U`~9ore=~*u$+%+jKk?8B)8C9|8^Q0Jb8VnB=6~>C;qkZ6Tx{lqo%>NhvT|>{Rzd0>VUG`}+AY{ig zf*-`zL$vnLqy== zEM&-WfuYzmzN7gBG%Td9i>V1GjD zhg*>*{C4x>;^quV>ks9AZALnXqtjjFPL*dDTboB5H5L3M$4-JO6)zQi`~mv>rIKAN zE*Mij3?Jh-i(nn4#YG--)F75I_LqEh9-er?K>s3{B6i6-t2nOrK48vb1vpO+ zLN0@+thk(S_EhiZ0fTvem1_0u_Q1tRL&|ayFcvZp9-D!4rl#)!ROfx|(#Vcdq(5uY zQsuWK&4u%Wn2~!pBloCJMUaAX92kb=M2V%W%D+ZCSNfMpNk{mv9JFJX|8t}AXw^R* z&^HAgd9| z0JE>ApLul7nX!8hw`1TRsqck1zgVzSc+3XfuE%#Tegh;oFw!J>e@_}OmnUJw;Wwa8 z7X!Lp1k}GPVX;LK4~qaGtb!yF5D4J>Jm2G7vB7>aE#nPmb_b)G4sdtVGqcT1Wkg>diFL&=)`>fX!xeDGI2dT!>y zxH#$06fOf44Dd8eKSdw`u$5AV<(Z}PhPeh43B=j6RcM6k%+e3lM+q|bm=#$ zJ6a5oa*1PgP{d)7vB1ZgTlypU_W+!mCw8`&?_?^PF+m{f-4Gfi2Vg(Y8$5;-XKWya zt|vTekv$jj3y{<`e9SPPz_Mmen{f(-**M-@@~~%IMAJRSF?)X69s&X+tmJoDT9MGF z?jCp;_yg5(!@tT&wBSZ_(*{z7v%G_UNt0n- z_p-?g`kZO;ugCQufCd>9$diK!ek}Y8WX~?(qwY$jW~EsF=YZ4TeA=wpZd^iB_(?c+Md4`h;z7u(x&D1h$IXb7*hunLtL=xq> zXSAj@5~y$&Ux5Ds8Qn)}B%vh}(`M zf7RO=I~t$Yuo@J|M0vI^{ln#BkDywzy@gI1$?4)dVizG|onpmc$LaYa;(o@*qrSuhUuMR;v ztB&J)pW}Of6>?yF(ti-=9+`5rDh2!H1a7^+9To9?)`+BL#xw&l*kBJ3LcCh>DJNfkX88YhDwto;cOCSrLBOeL#L zT(y*}77N>tzblrtp12iMLB6Jc4p^;zBl52}oXk%vAebRZTa@lzJ|+pGHXl;4+Tytew20;jj7YQi0 zS|ZG~-#~F_TWTz(Hgus6+6yKahG0ZXJlgf^&@c0u~-GJg;PPQT&&ImjBL30|X<@{_s0 zRj;KQrKvGcTKXkWnl#WxspPRy+D$q_I^R(r9ENL|Rl@hshRL6U{qd;v$4KEuLaH9* z*}w53vcMd{b^&)1Afiwq1nWI%N#qL%>Vg5uXJAw4GwW^lydMPSCXcUUE$`1%%Y{}y6jUJDxgJ(m#;;xg z6{BM-1)A{Ngu*2Hju9@YLskD22tND^g1LiHb4qjZmsJ;#+(YR4Q77K3lf)lIN1J1} zxCF3rX0|vc)oUq4hNxGG-0B0?0xlQZLC+;V5XhkNMQLunAehaUndV)n*^8QM@SNxC zmVp zrVzP8XDrWX7bhAz0nwal+)20PG&{W+vV_Yz@wH78=JwoAaz$XlGfa=j&!7)(|$VN?AIJ?-1@-WmC*5OVELlfbaCz)d?Ii zdf_{Ca~8fs6scJ)v4#LfHDY~3T^FIWW)2~#X^aFS!G#a1*>FJ%T z7oKH8Cb$3@@XACDqdm>;dxM`q8U#G!7D3SBspV~mUKd==my9g8&OL7vL}0Hk?X6r` z+i`tRTAC+of9aR(CdtuTy-WRj&F6I8tQsxCvVPAlK0@dmBcX=M!xPq;z>yOd`uRl0 z8Uq-&5TcF-o0+=oQ!`Wd85z?2v^e>NDv9iz!o|dCj_9>4C&Xw0iq zJk_v`Ozj9_#Q9x{KrRsyUFv4>WHGC6OV0cJB;1r{%>Xv8XFxv|E|ry+or|0Se4{E^ zm05P#Sr9X^K$zJ}E;}DWbUFw*NRc%8#-ijFJ5Q&5WkFwi(Un~GqWkiR=tH2CB)g*? zBzyliLbACe*{#7ZNs**gL|WV&e1+bJq}8|F^F9T01Ff!WnpQope{Soaq}eNk9foN( z0xw|oq?aQ_js%W{M>Qgv%z)oo0KIR)6yDKGrvOnR9b9F}-qHW#*^!-W-sKLv%0NL;{t0vzdWvZpUzD5j9i)?!DWEh(g zl9DK))qB}_A>pj|-19!*Xwcb0QbM^rjMLG2@*O0Gy$=}e@YU-ZW=Jey(>alS%34OL zwgk!-w^%X60>yWpQ+$l>@AYc+PWbdEp>c4VEj$nb0oO8o;v0d>`BJ^9-c zNP->MFZKn8!|LjTsfMulMtuYyk>Ck@qfP%}Y?-lv6B!Yr-(nzQ zN(YY{RXwD(K6I~o7QG40$*tax^Pw}MIG7soW+R3bye)R{RO5ep+gR*@Xwo1;FKXWS3z7Wn7tH%xaz^PPUv zR+{`VA8^(DaXv|Z#_kOMfIp`57yMCveaQ=}(I2SDS%Y2fnM3%^4r8*<)-N+@#6bQjc<9@?rP=rwZgm_*8(9XFn{w9QL5@QL3#;y4|!byHWO39 zHxPR);0TreCg=#7 z{AK9qK;6-7`C$*T_PS?@1r6kYuC(go^$&A_5)fYOqIM)xEVz^UxWFr~gx`&2wigJ^ z*g(J`bQI^Tftq=z;~U4ytu9zY1{#?i%JKiB?M>jLDzf(B1ZW6L>>#Tk8ZbzLC_zON zAY(^aI?zZ2lxR@n0z?NfKtiH`29f|xXpQTrpo5CrxS`;J_|AYJVN(_z7MW4Rt=a|! zb(Ces{GaDk-P^a9p!0t3_xnNm_U(JCPMy6@ojRrFBCQPcn~4u?CDq~8hLo}>rYWe` z|Er0>$o%(!YtH>W!QWl4hnf?#*5e^OR`2O7p8=O=3??ckuG_CGPgp-7|GzcI2^p3} z-ODs^oXGjW6KVSd`jifZ^5HWT=vHpBTd5X4nLXF{ks3!tNpUG@q0yes)26mJ%aB!Rr1 z1e8T8Kf4;*yAz(RJl?}yJq11#3xr?m4P2F2XU=E1YjxBc(Vbuq<)YyxbUg%-}M-*Flatjk*2)P zGG@#b2z2Pu^E$Z(&$`A8N2C{(BOy&l$I%MN|Esp&^L3S1FWKIMXaDjitO8EBmc~gA zkzhH-_gj)82u?~G6tf8!9>5pKw`7Z$4Izk(zj!w%eWvodPTsM=a}CSrov=CuV5kWf zp#4DdU9alH%=5`11oV{i0BFx>KvlVybZ2(YJ z+bBpA8;7(*&)33;+>sVWWUIV*h*UG?MImv*!xns91wI>-Gm{K&YfL)fo4SwU6~^QZ zcg0}R8yIGn*%sV#f6H!fU|ga%`y=YxL|`bYSd|hw+>V17@wR!TYZ3(hZ}*f6o-4+eZVv?3}nj zzf>Is^x_8r^i|hH0R3k3#(;iVvQ2aeG6MbhtT;e#XPL{UqQd0zC>fI;?_PBXmvt0| zqjJ{h!eTSugTi@NaF!)D2QAcIhT0aylg(|c3o5g+|77O9DN*k6Mmc+^-aV7EK z+$j3(gB4N_7m$9o5dPe(G5Q_a9VvtVyfcP=7G$o3_FytB>LUJmp77Z6zeEX!CnGM8 zd81*xm@xh@E`rBK6Gp@b!b&$R8pEQXyf_xh7)`Oxg1bZBOJUviuQS6KJ#TPaj6OCe z3Zwq}0PSFb*2d_vrj22Av82R=wOZ{RF&K5Kuoo;xr{${WVYnJ@)x1puapjF3<<>jskk$z2yHZBY^%nu`!?zeXN1TY(SLmKg;6)ElTUM zJ$RC5JnU6jaw+=jTwK;QuD@P+jmTc&m&wm+V)Xgwg%B{=VD_!E`rta(8Tha@%DDS-O@ep zF?pb{G^_IX#Ii~18y7sO=xX)a*Wu{WQH|d&GjDDK&V~(Y%5nPI^f9ZDG_Czdl>gVd z6^A!$l&)vGt9hulC9tkP&9*A|pNAs|;WiC>Hi{W`r^RCi@$dG{j$(+-0Wd_(m}Y%$fiFc&r>;crpAN=1=?sz*+@#P4~jMf}fcbQ-=?=9Hf?ZwEn^S z?&_~V4V>r&|7nxH8eg{6sef3xlJ7KOZ?9AR=s6=@k&n)_)X&s(A>P7eQN-(VRy^XV z9;N!vB-mg*cgJr;JMAma->cTnr0<#H){ z=ows|L=T<)GCOEY4=r%$A?-iC3j$+)o6q?n0s;J^CoJQd(t*Bb8`#1dD2EsRqkG;Q zi-X8tV4G>~8i^_e%A3gVS6SR*elIHG>`;esaaYuo5KA<-W(CsurE6DFWCUviR-o6BXEXJ3*cos=@ ze=$B21d|ZOv*HJu{-<*O9hd&ig#MiT+w|WXMgJSzHHJSl{a=Zq|74p#z)avD1_G!} zni~F?ZusL`xj(o?Gs7S5N^>fddTWx!ALo`hX&8q;KDpa^X|Da!(c7Ib34g4xA1kyU z+Y$TNBKxrm?Z^J&e2nu`Cm$8!1%0gHO=k%o&H8f`AGJ9n9v`XpM z^;Z2}lM=xQrn2b1n;Z89#V4j^x4A z{_=?&=+S+bH_+^2tTdUE2&_6Ght)S*ziLoV;Sa*jstZ0ff>58_U?dn-pX$$0Z5V$6 z?JJxn{(-e9)~CLP&#j#%8nAs6`u6G7J4;gn(|&=0O`Oq_?tN;gh=m7-FPC9ryA4{X z3$5mCAQetO3fKhl6TSX1p3rmhTc{u88^4ye3iS#M-(GpFWqC(7a0}FbzlMHTQXm{v zICZU($2&5+HTJAlMob^0am17W=bxV;%=_G9nt4GyIza)~#iu!#*FIQH{Lg{YH2=bo z>RR8u=YoH~8m9R-Q`^TOKNfxj)wkz#vQVo=Yb zK&cl&3h`V>oc~l<#5r=h5U16nQN($yQ#|6Rr%Iv-b6+J0;~N@5n3sNtB#h;MXQ`*( zkERO?YWH7M>^O|TrVNCL%d`Gp)Ilbpf<&juT216(h30XrgbZ&M5 z)>N>RDW^0zTBKLCL!C-R>EEt~Z{+7;btyizTnkrlt+z9kdaBS-t$WhRB(%p^G~}<) zFzLasEMutoLo!sV4nkfgvj`Rcpd~QBnM35OkKvOuaZexo!DC=p6@Hb6QuoN=Zv|)N z&{zOrPXn^=sNx_{=*|ZrcAWpw89Y&c7brP*u%;y7r3-rCux%pnX82U7bhT<7MR>~87(H#&nGX>c>IH&`Z_4zlbD;a{~DLePF zC8D>C7Z^2;wAtpa()(da5~!Md24fvPR?WM3pG$XIO>6oCa`I){?H_(agR%b~NGBel*z3RfFmoujhDk%@~BB`zG_$vkkE$|8ceq}lAh_3 zJko&&{=bLqCs%hX2D^5sk&kZk_<_7SBoU#j7VN4F8AeImrBkoe-%j4VrC8CfHPhw@ z@vbaLTY659Z{L#mhz>p_lFIW<_Uq(^YR0za99$~ndP!%k1W5?6Rw+N*1*FlQC;4^EoL#CU{un6hG!q^N3%D(=Qcs#JTt8b=_u~G z2l1pYV-vGWGj`;yJ$A{+?wh&Mt9lov_?JPXQylTpLihacvgC8Fd;b5Rdqhl2J2`$w z*mNas2Oq<`Ocj!G)F!I;YPk)%I;|2v5_1*&QNxduX`A9iCdA1KK+5cCDB|(cA3(-> zPZHq7Ogj1T`5AZ#{Gzv{fpxI-erZC)J*+`4ZY2X}&G#pqRQ1MdArvEWX` z`WTK~x9?h~z6F3w2(`d@J;TwR zwwRHmizcP&4v$>)5Axf!WCS}hP7@|7=kEjkzXMm9z}4%w16Q{V(zqfxz}298;^69S z)i|yKk|HCq2a65gxh@{A5bUR$3i{4;*IZBa8wOj=U+_C%=Dgz9DS&y^zzETKVon^G zo1Fyaz3*uHdc*W>9tURinkHZ={2YyL&R>Gja$|bX}M|#DB*)fO~)jO|7kWnWr;+j|tKcT-|YcIqKeX1L7rmGNEfb={@ zmcm;|;*jA46w^diYjT(@8Gz^jAMC7v&h)Z8IP}fJq=?1$UysSv3*y= zej#phdUkH*3D~@CkV&+UFR*)$0U})WD0R#C>ObLoFx?nD?RqAv9pU*e zx@JX4=XwNf#jwE^lb*A_dhukbArMth8@2=M>$8jwEH|IH1I*%;pfk?*}qM_P+E1;^mI0CAnSYeEW>Z32BpkkR=%-{eO>PJL^wCCy=kZk`z zkXiE|qn9mIJ!_6&1`0H)`V*+b7ipkCEh^t>lcIt8!%2X;APT6#W7!MEMnSXVUhR=&W)4_bxt&}?@R)) zWfw+ZaqzroVAt($9N4#4M51uxRWZQQsZNxbRIx9RT)%);#h1qG#Ye@YAY{RU<^fm7 z8*O`n2W(@~{yIJH6b7K_Z#u=Se=w60VhQU_W70JYCmwa=KNhLB4lq-oNfI@f)T)^0 z*mF($ni>-m%`Q|xP`EoOUAqU{@gDc z)cPc#HPGRo)eH*=b{RGaxbmMv=%A%2C|{b_CQsRTO&$;BGoAD(=5}p_$yVQ`g#*&A z_qTlD%kI>Wk&<*Vq!eR^W>Q*!Uuy z+0W6WM92KL1x`lzsZpUTA(E!gzlqRD9zgpZvG1GQ^FGAS?l;>Z@>|vc%ODMTzwF6d zd-Rgrs{M(+MC`xV1f~7-i17)tnq%Vdb7%zUw5b?r7fdv_7-&UrQfM#yCw-mD8!hq41r^!EuI%NbXe)SN}}u^HUxK%~as zR!$J3>K86at3+=!8VL7|z>-l@U+oAF=l}B_#N%+inxQ@z@|#l2$Kh|Q@;=D5D{ak$ zr|Erz56HWF;GaJ%%PGAm&}c}v8hROzC6}7_%WfGN$i>>!WuDMO))T>zFrUzgnb#c}!$4_t^NRmZ3Gl|+4R3`j;C(^>?{y@G1k9MG(r;_}Y7&jTxQ7eVwh z;pmTE1Tk;cUWOGokBm~Ivz^di*5951vW6mcBL(Yk9a?Rbfcxnw^81kLeP!!_*fQ(^ z+M`~v0Q3uwzCe1DOu`zy}`OgagS1 zG~klckrckK>;roY-=f0dNygBcWB9Yh264vVp3e<#R(t^CanC;pRA4|DR_vInjx})y zF!Kb900m7)K#yW(Aj+CP_9+LUkKOoLo!XQdJNcZubs!hM4&9}IYxRGi33{@D0K!AI z#$I=o*4VI{`rwP#Ct_-L8?!BqwuN5)V2{zuI$PhdnP9ynkC;HN#c{7*9?fyge~2N9 z&}7}KtWbgTpYTbt{P>EVr-kt8&@LX&yR6^Zs~=*Q+A0r za91MaH9JY5dLXdJv&&oiuqKE7hg_S+jVYzsMsCNZ^^KI-tB)F) zl?Afek&Xp2-5$M)Oo&f-m2AVO+S!Y@N@m`{T2p4cRWki^Uc-B2?Y1}#=bDY0%}*zr zf8)#EJ?)Y_vr2}Y_IYtu$$Z#(aV>xNh#>%vF5fYX#0lojog;3&O4_Gq%z0s zaxlbZCa^D)=tsdr^qmVvB2)q!*R;&%3oNJv`SRu*<0e(ajVVR&ZHiFhB+J`$ng@)l zXEJ~u-ULvtYJWz15~Nr=0@47l!3(CyUxyZ(m0g7v6VRkRJ*;EfXxu$l!YRMec3->g z3DIr4%0}n1{8nXN;@Z4-a6yO>UmBUcxjgH)VBU=yBpT-A$aW(%u@fkE&Y_A?!`sX{Xf1qM~Ym4b&G7)^%~X{{z9Yf zx!ZtK!>%3*TP8^f5@I!4?fwz;4|Ge(qxv>Wi+ZuWPS|#+VOyJ7=bogog}SkI-k8SF zmaA-d95yABp5GX719W@SuRLyb@DA-5^;?|z->80=|D8uM;5p=e%>T|f>HH6U#-IOj z{Y~lhw-GKd*PMe=EyDkjiQk$}EVaQc1of-amdd9t)x%1bvSbx-wd;b-s+XsUk1;=w zMLr?>W=Tfkcu#JpTw_c8gQf{*p)@wC>XhLe&m?<0O}bsVlOE#01Gy7kg2dmHWPgGrBU1H5$v*zPw)>YGBD z={qt%>8krK{Q|=ug}zb$nJ?P5kmIr5qlKPgh! z6y0gSRS91QehM6brdQ>7tru-L?GsA%9aS#XKQH!(#!r&G-#C7bF;fNI<~zCt zygNSpUHCb{w*#(~A7NJCSNcxgGyGQ6__|NOA6|Bz$|u8=L+E!3ABkca*2e{BX_U}D z80ab-(1B?#kXJJ-QlT<#XKkDO6;Nv2sqU|U#LuE8uJDF(boAEXYnZ@XkwtS~q^{QA zur5MJVub#Nl1RV^`X9*ewXS9ule+i45U!Jt=3!SoG)jf6QmhnqXHgu|niZ4Cvn-e? zycTfzv6!TOx-kJbnf(C=3{qgp*6Ytrm-DRwWQ8{{3OawA8u@4G?Fsat5_h0C2<8H^ zY_01t_6jnU0D`;Z8u2mOMPOzc7;$AmOd$$rsWJ%gf&*_A>gd80@3wXp={gcSYVtJn=!!s&?Z|*mJX~Pzf z?~uN_|C_mH<@X|7bG5u=uX1O}0d1fuSGmvQ!@#VTDrn-IbF3~b z;m>yzV_!;ybTRK}$!9V4U$$_BQtm>On?D~+lA9Uog26!u9uxwq1I!=^+>xnPJ&p^8 ztc|Xmvz{t6ZWu^?Fp~hrhW>)3NF8y`TdZqGenhF(&jgyqAJ~aEU_POTHT+ge#7a|P z*vgl%@+bC$CkctnRx#^ubzp~nW1t=uF+$R@+L&4Fb{wDJCHm=!NC7v-Nq(uhR z?r@7Dv_?K3)cs+-uMi^i+Vy-K<$C#AZStLL1(W+vK8O&L>2iB8r6PHpT$3-$F0iGd z_jX7{O*cx#cbhnLkqWSPSd*8i_nFlaNd6A}YN=Q!kK#lE3Z35z8KB?+f!2uxxUcS& zwfgm{ydOxg$W9g=xn`a@k)U$68etn#dn}eibyF<(h|tUXB&wQ)W@`#sv=+4hs&pS zTZ0bOxdNlB`KhpmxjLV8VXo~AXcpz7-h>pnVFh7c~n} zuM3(wTTG=E^2LDbrhF6s@2c&c=^Oq)XK6z0o$fpA4@l1~P0wCO&tT}!>pA*JcD4^H zm%*p#o^RQQ!4F2aIR94O5e9+=4l|HfRX;{3lgm6|SHM7su4Y(WX;lNlI(R`~oWR#D zn{0#*u0W3UqKzGgDa4#>I|Zth{w9s(BYyjcybEGeLJ#pv z5`s>EA9O&tGr8dtft|I-k@&ouw>{p#=>v$Obk$onDaZoOXplf04n_$1BV3e*oeUm> z<*liC)CAkUuRe#kVE-Ba#zV1svNS$s%BD?I+5ztjDd_!)&h3T??OtAq&yWf|l&sO1t%Zor%dV9sckgkA=umnBIJxlJb1%mqByts_Ii4^|XF-_i?b=4S?R4#R&H{etD;71S(@F6~w6xQt5-SsrFm4>EfY)zSKM zYJB=|fa&B2Nu030E6 zM!ys80_oRI(~n*OVpj-l>UXR*s34)MI9G8*qM18?_1_Fl-zVKboC--p;-aM%57P7v zeiJ36X)3Ad;=iTBq_K zf~IVZKaCSkwV84fN(HAlNh4CI>9aGA{6UbY0I4@E84ByqhqU}be|9_mzC->jsUuNA zV`;;ZVJkt9^O>(!GXf0%PL!#x56Ju(D${-h26E)l^nviT=N&;SBKa9OzKJ;+T-c!n z!(vT%Ln9cl$eSp?z`*rC@6aSrxLaR*l#Q44L#&?ssGhq?NIj4<1mGuNo#YPpkS%=5i;F$f z>BOm})2ZL$DDnSBwzD3fOs`dk@8_qe@CmqVoJ+zgT#NVaKc0kX!a7`w_vVNQFz5e= zb$qs5?~mYsIRBSH2FxcINt7A{KHrO&&{BEmT@x_fqsl6X5na7J)EcP`O<;&f|3TUA z`Frs2pdRH@unIqnX#<=!r_IpwbF5@{uj52WT11`%mMgqi>qp+lw6~$3gZmJbz=}BD zGR+6Mzkg5Vw61Q@MECsO z1gNmI9M?622o%QGY>^%x^k3QK z`XtIO2Dgu$rK$LRch zR7wO|1U?|Jn4(+at!?hDy$-~j2EYISPu z?*n%bc8Ky&0&O1#A+s@;_(Rd1w*~0%<`iATr2={19dBU59)c=JUS5M_p|7`Jn=mTS zY_09#q2$~EN8VnAm1cnW-bIeYJraHR(4NTuqBBQp#}Eqgzux9(WFB3_d9+pkq6qO< z42$^6!UQozFH(BXLsTY;5xn*AS2flx7P~al;u~)O0bzxbhMZZU8i2(PXciu0hk}pJ z0{MZ|Pv0^~1uL{BQsLjNUikaaN~XJazV5+i_kjGyPKM#;NaJL;<=djz?a#QOM*kNb zon50ly43DSZy-Vbqx8}mtEfrDMx7o9>LXw9JDZ0x=;y7yBgt2ri^Q8eBus5{&)WnJ z!QOyDr(h?2X||`bp-1U$ntyOTzN|Y2k1pzv83TJ%Hi-H@-_jRa$v5PBLd%Gw7pF3P zM(_TJeJ)gKyvr!^=3$yPHw#eY1@3^JxxPWGv~_-C+Ur@y-bSvXAeRg0vXXoIWc_z?NQr&RO^#f_smB+&P_at!@M*v7?+Vip4;Sb*4r6juunh zZ%*r!>pxue^_e(k!s~wLyB4`WuSxZ}2Y(2Z{K~UJejS1p*qt~hu!XshnH$}+BAUAb zu}&w5+Sd;t(G`K4dm5S$ZZp4=trc6F;m$8>i_pEh<}3MGVm{;3ibPSWUF(@7E14-s z-7Lhhh=V`p82}y~3aW{CMcS74IDcB~eDxF`UTuk2?F19?|GS;!{X*yamk-DLoAyV) z|1t!R^XD}ffNE6&YXKXg-AoSiozGiN!}bW5=MnN9HZ))ZGc-T}uZz_20~da80> z;zJR6!!Pm~o&VEIi=ha>ob{9o%ytYGZ@xS1pX5@Di+EUC{7PxIm8HdPB|Zg>TP{gt zvqsLWZWx{TjE8N>Qr? zdi+Ez>UmtY#wl&7b7Yt&MH3$SRop&qf{23y_-{8 z`U1(v3VMS=Nw|}O8@S|lz4GF-64dJp4>V$E9=R^Qp<(;M#SUZRh(`ktRAGuXuoH^3}&ph`#A(*T6sUzKk zLv^9{L;4*W(r+iMRH&tW>En8X6@6gi3#4(l0!YdY3jI#(GiK{Af&%hCcf#-Cv=8{V z%~qZKY{gJ5DXTXWWv$s~03+iyOm;=c)KIGKZvX2*;YROI>B=J`J% z$YKsL(xvD}b^bPf3tm3y#EGVd|6QWf)JlM=75T=K%LzKPEx$wC{*7OOgTwr!mVJ{K z)Uq%0!bBX@;-yAeijw8S;4l=I(g6wRhgY z8dyCnljVX?I2F}iP+@CI*&SvsS&ZPc8ul6p0``)5o`7r_?jE;;?O4oSHh9Y!zDn zM_>?fw>$0zWUQJ5Ofa?sOt322jqpKiOnfHJE-~S*9w2f8=@rKhOXRL$_t4YPnMzn9 z2Eb0PR7aa?56}}f{Fc90$67^J?h2}Tpt0V4;q!fU;xkwslXX;;Gvs-qRhIOhC;d?^ z1zwt*(8%xVqM1al4ky6#>nM*)_CcjQ9^Un-6DO3*ya4|_Kh>6k+G&{fUJ8ZJGi-M} zhd#ysE3y1Px4bnCNFJSv7wP};A^LwM*1oaOod6}!ZGAVOMCZ~*kyFRA$VXcLzM^?) zI8{&tFXcQUO3`@e9fnrBM~S7VkW`)Z(+Jy@m3dNJn517`v%1U1Id@5~hEk|QipPi-TMYIO?7 zXT=B;=XvxQ!xDC6uA*F{#*|}K<=ygZFdFIuZ% z5kv3L8J$V|?1^RJp&5b2Y_KN(G0j!aG_c zHJMNcVUt?@BJcxUEb=3!&eFvx0!^&^1Pw&#PWcgqWrE6jCLRl0M897=&lMONOt6N{ z1|42%N;W_&@&2cQ3*^Tk;Md`;)eQKJv*XJhp2ZC{#{q{ammZ0o#^3->5Vbv*I3oWd za%)%oLolktEy9Uhh7EMcK}W*_?RPQ?QVAqN^xt5u^!{><)CqAJm|(slRfnOV5%t{r zsmz{eUlsmLHn$_StDho?F{zf=hhu*=;;WJ=GnR`vQak_2&Y}VtA&KH&25a*H0gQ$x zlY*A7#6nem_LjTqO!{F@2RXMrRGgK|`cnX8FT7L~huX^=15_!KtzO-jZ zK2Hq&4kjAOBbAMjhPt0VeWPd-S`Hn|n9sqqoEsFyu&2o;XR5sd-Y@=Ro< zc7-Ta;W?3^FUPi9Fg!TKAd2M>@k`l@Lm`k zAD5cn!MAWq_v$A&P`Fl$w2y~Ko0Z0@@2G|HcJc##rDr%&3*;5348dVR7F;)>1-?SR zEXL!crH6m=t8%W9ry=H-WpXF}%uJPCLY9JMdPz_GO#ZdH;d01N@I=&x&h`W;k6%ueL**<*}`-kT)`4P4g$%& z8s3YrNUtqJ^Dsv@gEc2yWz`>Cd|0IE<_{*J;SLkzquWG&VC7BM2mEFUX&RQXjgqax zU1+GXYSkgMw|nZ5>3vB!(s>UQEnQk`$WD+LA6qTqsx@UrfNI;7JrF>}| zWh}Xl9dOllb685dYO(U4rY&U_EhWsCtAbkdg71lENvPn8<^zk3hBOt6!-a7dN`{H- z@vBHNJE!}XwRPB_`^s@y@2bfGo?OV;lT)edCs@-MeG1yFFa!K zHI`@z&$RKC^1t|x1XlZxK!W7VPQ%LbrJeOO`&M}!D6?nTFUT9y@bG8=%vttO`x$GN zUBhPr-L5-@M#k(|O$ElxxvNnes2!?)-uP%^%r8CoQ7rCgN_2kLcfXClk8nUNk!s`b z#xn$eT|*K0OXwGkzgzxvQv4O(8jU|6@`ioLX!ZHINu;;D-rVQ+T2YD@@CKf7;IFy; zjEz4$Bf3Xw4s=R(XrIQ>sJAA`YN@sVfnHvy~L z3U1Ne5Xe0eSKFb!VRcimDx`Zfpp`%`Bxbw%t_k+pwzVES#)9Sh8hC#3$>ddY--;pe zai_WON*w(c1-br8|Nf|6-}nk4dHDA-Q}w@;MwEF2<`awC41{@ERc6ldlwOG9-J=7% zj*Kpxl(3j>VBlUvOIYX;shSA&U7VxSdwAXYWvj#^Tu}SW)Dml+2*uF+@4XXL^{Ltj z7E{zbxI4WEjNo~Sw#S|<-t!3b?pj1p&D%y{|6i%V z{_?MheLH6)B@8yG6rQ9Nt8XN;L$7`t?EjP$2m4m!`K=-V0M8Qg5XQ=D_X8_+k@>y% zpyBvvh@z{77N9LmoZKW8I7-?uT7@Sx$!I#S#^i*?0LgQE7-$wYAp7Y2eRs_Y&V4O# zi${gOtR6u0?t)v*q$3u!bdrpbU){^4DXOjMJKxcFCiox&&>+o(9v0J`V}5w+!V2XM0qT($O5$?U+owcv({pEln{NCvf}7r}vxOjvn;yMM%QBRy zCCkq?kH<}6-YE+==9H*W($a59R3oh9z==KxmpJM9D@NRrIQemv;H1q(Q8;OJdt96> zOOC?H1Kog=%bAK9matduZ44(hH)@=KZ!DbL?}~?$$ib*X5TH6^A0wUU>6fs@SSLF8 z$w?Q;X+KPU)`1q_uQ>;olg(g1w7oE&Snl4#`{7x!4~Hs)zw@*;xx0B?a6cblxP6nf zpjW6_F_?uNbs{+IM+gY^nZ-kVefL?*oR|&T0oR5P!KWE$!%}D7fF`->+lENDwEcLj zjs{#^PY2$2A*G3S1)Rsp)kXIZ@3I^u((70b;&;{S2I9)>9@fFg_RWBOYduDWZl}s@ zL<+nry&12VD8S2@8z2gBI+hc9j(=F90DVv$=}?(O0leO-<4xR)hC}9oAE}>Oy$!wM zYGxS<`{pIqNtII@DHue4A4}0seoNS}<^r;z;dG36DH_0YvnSiksDHCiq}sQRMNL9i zpk_6)waAh{4HE^s22PHeHbq2@SXBwq{<}#dcyZ1&)m0BRNNB-B13*TR`mc-Fm1BPg z>c3vEnG`q*FHJ>an@MguHtW3aMAk<)0ST?piS`fQ6oidEKQ6+2e{2k4U$l%x*tXMv zu!WyRAne=PlOt@OB&UQCwk5FoA85IbcQHtvqZ0fQx5Puo zn)3j6O&eplb?dn)>SpOy!lrhgFxK1{)Bt~dY8H&P?i<-0*svuD9R`8^O|ru>-2W2O z8N3WD9}Mp@lnZvRR_!l%3`@U0Na({sgh>dfv5Lrp@ z8&_6RiyM=bx0=Vw%F`Y7{`$gyM2O4k1t%AmmkPChfiocbWy!DoK}VUPN9NFhsfZsD znN;8i6@o8h)x{8811jJ1S&r_Ly5Q3oKe>*{*4oHGPo8zEadj|1d|k$T;dyb#+y^zZ zjsF~_P}jL)$NXvs=!aYPMGScJ{F4uO^)-6HnP$K*{-==vJ5^_yG>Uly!~FhEoKfIP z-Hx^zlSRqe-l4W$i#=@h_@lpLe*&&e1a3Jl<2nx}{&BHZ&IoqJS)u>vm$)-fUtn39 z7n4&x1%0UvWMR%hGCW;~OnzbtDxcyywDz%HXW)9c4%Ltw*3LV@*(m*oBNQZR$X&dE z@yo~S+fNS1{IQ|14SKl|)G)*F0m@TehM*-KK zb|C8mdr4NEUZ=f?!!LMo~$u=0v8$b{On zn;;}VxpEQ|afhemqubN`up`=O0#kSi!zD22V=UsVVi=Y+REt^5i2T`!@{0?BO8O@1 z>6ZoN?`FhB`N|s`LAe@{7#H6cwgr!VzbhKozN#2pV~>L*K9NTe9~&rnH`X2pC$_sE zYXsYQ4eRs#TeSVj%l_D1_17eESq63Y`S;Rw=u6#;?Srt-xs?sDYph$0qeIe>U$d|M zML2Y`Ahoo4E{(D9nFl|YdC1G!N2pFy_=WkVOXUf@r-ON@hvoZ{G%w!h_jA7nG}vX% z?N|k12mWPgmHa)BJTYBkH3hfv_0=z_Qx~Om=2!5d+(srGV&@&UOu`<*X56H~CpJp^ zvYg}kJgHX#;_rV4PQ&s3!Dra48%Su?dU)(4~s|_{Hd;2N;DRp&1g(@8O^Sc2a!eW4afigg)YMSW&SUXQ7$km zEl~n2IHmIEA+ZVwq@`~{^ym4HV-G+cs$KeVc-a!O|AzHMkSmlA_Z~^WastC{pZ{yM zvIMAQEy^I4K;h(=sR`5{Nf!JU7f|tDg?7j0G$SD%6f$C&8qN|*T3`;DKmwUOMwN>r zO3bDffW)8Floa-YDy`k60a+m*mspK_q!B8o&bzMC#;{+=d-? zelo^9h@&&Z;mX9wS`Yd}CnNnxH-lS>LsCww%K6*f>I(N+$+l#>s;^3V~WWhvffuiSGz0>GQ90O7OY zaNHtkgT)*0FcpEGzs+udHb=#e!$Mf261Y!23p~J)d42GK=bkAX!LAxm4_y4B-M);S z-Uigf{wQ4M+XgWa_t*O}whLOl*?S#molH%#oa3;30BEA4gcX>6USQUk)^;$^ztawE z-+lcFuq((X55^$GntSPn4I$W;FVMcw7btGH+&_8O;miHwcOAVvaQd#1fkK7)ceBYb zEr$EY?ouIe>`|ZpGqo_EoKYVtASr(XgV66MW*Yo$6Tl-01r!+a$h1t;h=X_p4~zZ@ zJ_EF41sqEJL5LWxFge+UfMjqvey~&t1|DhiQ0K*(pWyV%hw&!d^8s+rd~llJ%IN%P z&QHEZTa7k@A28NWadvNJ{Fhwr$gCG7Gz$#-=6Kr3gGvJ!#PFGTr{&mcF& zc=t||e9w`_6gx~ZE%7Pn9TvEK8yLpVVf%622bru0Jq0h8iO|hyCC+hoahZvbYWIwc zyHEGH<4(J#v2m|H8h6~wk}Uu4L$n*||J`}=vA-}? z{fy6jEK-9F=Npy(3JTC#l`Ee|)hhgCo_a-|5+D3&T*jRYsf^x)FHR&i1@rspML50w zJC{rmnLh+$m`U{wvBq+R8cX$st1P`91`FjC`4el$RLxZ$h@?7Hp$~^eWI+yxmHc@~{D#v&*8YluF^9c@HcgQKRY7Rso4Z3UHF*R99Mx#KZv&-W zrdxkk4~=S!nuY0&Q1epAi?x2=QqvE#nhbl3HRvKvi9IA(Nn`c7=UPjpq-efgEu@3= zBK0t-uPNHKTvK$Cp{PE5S=a!XDz5P^kgwAgO+FBdG1~HSL%x{Ypee&S7@b6fXi&H7 z4$<*7`3*%NV6hO;OA_ZxPzn`&glgbt56feKY*sBJ{XBd``}ADX0!E$0L8Wj|@Y|TB z4|Jp}cdz)k)N9nQ2|}X;M9W7vjbC7CGBc<6C#veXK0lX2^1IH@eFh;c;V-pslg1r{ z4N*so8>pq*e*O#~v61t0dm%x_$`X^bCOdfzfoas@2VDkB2OjKykoJ=YKa1&PZHFQ9 z(QPO{?8#+)nPFgae(v)~Bsp304s%FMNRM%FuE)2yXMCKS^K&(RchNhpIvByfWL*#u znq-WJvE}sWQ*Iu?ORyi!l5%;*%{BPjsvJ?ZHKi%IY&rb`=|4zMfh+3mGPy)rD(Bol zCZs*I9(n-}Cu6dQHp*@vX`OTPfa8g)@tY(>9_>-ezRoQ@D})*whJK5$L;Fxan)ikT zyxZl-`Yz~G^v?4IuLC z>dAj5ua6f}HQM7#e6K3!mFXhL+`ETKV1gWvB43ni7^rH+j1bm+C`dszXYm*@tkq|^ z7_iZ0$FasptD%ph(?Ig|r_q>G)G<6{RJ*?a6U=>2;vs;$))>?;hogZ1Issbe$qg}* z1Ms2AcU0y4G|g5)7;*UQX|D>{wGcjkMiiI5Pvdp9Xd(7ENJN4TnOY@&n*GMX; z9${DxIB&67K(&N)(vBzMvyLOv%1GVU!zl^DCQ>I!^Z&oJekq`S$)|n+Mqqm7Ko@WJ z5%;_;e1JL(3~>ezcR6ivVE8YxK6fl}#$F!p@-a_$*%lhg?A;zr-fd0(!?)7zAyhm; zec>C(Uu>I(67O%<@3$;RoZ+g(pbLF48#lb$!UK}rFxn#8eT#)?f02SOl7#`bz!L)= zb`UL`MtbS@nrLDw$Z`D|uygg`dI!;}a(q*5I^nr6owC$rgNZGQsl{fJ%GKu^+sm>> z!j%_J^(9?tQAGoTYo+l{jaOrY`?CLD2%h3$msz37ix7pg*GWLh*;k_;*vt515gf3LrJAh9Idqmr+ zn^K+JqJ17XE2-L6y)VoITSfkvF$B6ZmAnIoiho4Jk@i^YNkXx)Qe2Gg%)OEPt!jO$ zl#sJ{I(#?GssfAp{LB~#LUmE*QTOjd{~q?A#r}ohU|>$!z_P{EUC_7@;G}ABvH*_9 zu4t#fMS&4E-)tw7YA;I-jRlQ%P$MT?kPQ4CENm?EOpnCIUkc$*BK)wz_~%K|{vX0{ zfIKggr*H7Ls`V+fuLoc6pP+4I_%20Vy?BPfT4))2koG;mPjveQ=&Qpi30Q2+-ho=} zP&qpQsiP0>2(UYprt|HlU$Dub^+zwQKQcLnbdCX1BfdH!VdMr7N1W?Ds?RwzgPhsH z>`?!oNT*idBN4^X+*Kby4b%MaY$xntmKECbxrm#sy%f|>;`^&V`Vt#8s&BL97#%i& zr2skd`Fo+{bqEMhl44%4(eBcuyjs?A5U73uGgviu(}CbjnRDRZX=uE^Kn3H$w;7?k)i>l;CqBfqNBw+}VMtdrQBv#U#E z=g(;Q6K5_qe_sN*j9-=zW<)YElQ!ZgiTom+m`P*As$G%f0e38Gu?kGWQcoli;$zp# z{SK(`vcQ+t3983G4r%_&m{6(3hqHxdw-W18z8_4;g5=UH;Ex< zrq;<9O)b?g9StrlO09Pr+2@>YPpPRmCK{Dre~}b{~M4FU+E?8RiZ3L?8Id zW+$^*`5`b0Pa#CVO%)7ezX+T9IQ&tl#DAqUC3_HHBSz(iFs@PP{3zqeP!a`da2Qq~ zZ&YzrPWSLTVDV8!@($Xw-YHfo<{jL!gr59mIbdSd;+Yd&XzT@n0M z8fAZ>-niLX``6oa#wVt`uD&bawtkD`#j2b!#YSL#oTi48S5s7PVham8cs~K3DQrk* z5U2EIg+$AUt0y}_K!OOL#sqc3>dELQDUcd?qens;n5H(^jxM<$h@4%_B3@12Kf9T zEV@=L`poHmsUJH!$sb&A2(0B>Qdg@E0!x$OWWc_rlC3fYDtZe*-iqc28`O7eA*}eN zGk+n)a}Hro=~1R;hL`A8HKc=}A}@H3(mQk_u_EGt!8*6(q^Pdhgv&>*e?>mBbwM;9 z`rA%k!O9SJ;&6*ix;j-JyrKxs3gm;uyS|^mX8DY@E#kW@-B=bLNF`cQVQ!s!O4Pv) zPBg&&ov=9F!Bmb*=3nm7$rHEg{7WtxFnMArKLggMowt8?4^HNb7>ec+23LFiFI@8*kO@b8RP4PgiIuwUf3L~kE!KT@wZj^AW!wr*nf%Z zmeU6Z`$@2Fj~aQVL@_*ETM_h8UbsZ{HrnDc7jYSS1aBpmp2GPbTXfg_fWTB7HP@_?h~Zy5Mg7gom=rFUDV#w8dYPv|Y9Em|%Ucd{O zM|jxgv{dX~xVCIM3Bgf%tFjRv!$}SGxk>n%5Q1N7PV$g#5C=BVF$&#iQ%_#rJYV?Nz}Uz^3^UI!9Ij zE1ehz)nd0!lO8wdBQ^7ysx znqvZ}V1(YZe_V>qKv@2V|HBUTlAP|Y6K7ebuMX&oUo?-Sj7j!2DYGvN(;!iOw1MLA zkL&G5^rKAxvk?ciydN6zAE%M``LQt!$S-CUG4ch>uD7-ej`V>3;!ivk6=ru7M!Z{< zfAD3@NN+lu&I-__9zCRC6BX5PDHdk1SQ?`jWZ*V-FAT$}2OEXkp6AEn_DE0QwvTjX z=|gA^bD}h(kS0$d;3^8HC#;4>Wq#4>1<>|^Q};R*!-?O@2mMzAg7xd==R}GVBX5+ zm4VM$Pkg}t+{hT-c@#6Vi=q%lo2uW76Sq%KL>_u-dAA{fn|?upW8#cY@Esvp)~`8{ zTDmn@k4A8r?VcAP)W~KzicieXakCIBov8X;7c7A)z<1bDa$m%3`;D7ma9~h7ho{Si zG8TZf$^LRNti$(c!^#f8-(6`sz!Ki@+&l73^ms1UKTc#$OG6x0wfYyj3UvEoM)p|UFILx5Xq`tdwpd|$xt#_!0o{SN6MgabnvYJ<}esK8n7*27dU zmUO@ccwSnhX@#SK#ivi)_gZZEi2NiDy7okjoPh#+q~Ap4UjvQ;9MXz?Uppi3rd7&Q zD@B3QCGju?s>rw`my3500hL4^#mXDFEI1(}8cr?MbPWiB<)B<1XnzVbFzeV~_7?Y| zdvKxsl)kyuSe8Fh0Fu->Je86>X0h!?x)nlFU!Fr<`U#@-AxtT8e(7H+CRXW9Yp@R2 z<)iocKm_PU-3Z1ltkPkzKn;5_)-gWZvY`pfr2{<6l7%R~*0WAbC26!2!wB`ZHLOl( zIvegxXrNAq+{gi2Qs1yfHds)cuwa3;!a%o$@Ds2sn$}MI7jp65&?;Jse6$5WBN5Mr znZcwG8*f86N4$*{<7|f3R50EKzo_RV!^FxtGv3BfN~y&o6M#;fe;aP(D4|AR5=O~L z#ibdL3a7WBL7~IJR!-`0GzT$&G9xS6wfdnO9S&2Zr{`A`IgA+_QLLRm5s0%LVaqH} zg-`d_t2k&mB2f>zU!8I3G%u>}0CRM|ccNeQ#+O>e^DPo$U3vht=+FDp6IRjFP(Q9a zLA5%0Ya_}??WC4qG;4>dmrGh4_$RoIYwRTqiu~y2dZf`NU*e#czjr-)()bYP?+dj3 ze34C7rql`+t~}i`@KRb0_V;?0<0I^CKUl{TCKMs&WeWEWG<+KYphD{|~c1 zO{OdC|7~IWuh;=SkTh)&-E)| z`_J#{bIArVMRFq+8S6LOi;QOcbJiclE0!D33(CW}|Dl+k6I_83xB_V{;Q*wT_ZosI z(J!?B|4E$j5pE@ye!w3}>w~R;7#oAQ2d7{S8pl;(8TOWNC&UK*$Y8k(e_%I$kJv-- z43@P-zPTnc5ojBWNQk=kIbtEXpqh?AhpXkI+co^Kb3OKrA&bjK0-P#P5B@q^b8bo8 zZ3IGmGx(VBcqDEBzxWaV&YXtx3%02DP&YlC^8MhZMo=p5#D0tqgV^{_%bn;s8zTuM z|KS*98oVUGgKZ3tY%F)U6a39`C)5YqwdzO@g$WtT6!ugGOW<61Xi|tcS;0aE+uzW?)txil zy~w1ydv&_|cHjxxp6Tucg6ZyYvfcTUdh;wmV6xqr)Q?{C?Ns;Wcp`KOJ)*a9Wnwp0 zbn`Q$x3|7|kc z1&hdRe@Rchfz3KVMVVMY=)j5F1xk%rE%1TfAELQYX9&k0$v|_19vOz|GJ!fk%X-F4^>^LP_62Y;MUmRg)epPNWoTFc^D2o zZVXyR96<;&X(fOT&cmNUecaX8Bhngt3}39=6!3kdmchs{$h#VsXdwO1Ac0@w6vkmw-iF=IG zpa*+3WvGc`?oiDhXDLHQmKJsmNkKpG_7peDjM(12eOa<|PPzIRh z{}oOsbc0E_$^NkXPU;_I54qZ~`(dVgDCytd{hSez-QU<~_eqi6BNysnrpB>k(P34K zOSJ(ar>Uz7S9Elf^5227n(jRImDP6T)>_tQf&z)xyYicCLP{ve?HRX%FnJw zVpQPHUvR)z;tZtJC6}HSx>_BArAC%01`cY3{x-1=Np)pCm>vfg$`g783m3N@WPGLD zALYZU=7pehsjKq%fU=I>z~y+>YoeUi?>gpbed9R4Kz^4QV#RT5i06Ss*2wfH$2Vho z)Y!tq0)KrteFQ=m=Oa6<&jRuw`AGG|I1B^v%pa86Mj@i?_hw+VzfDv3n|Lm3OH{?N z9V(wGX8_G>gN6oiKHo6|9^Xp|-Wma;#{a#s_^-`}T=BeCd|L2AOf)H`6?ij_2v760 zPTc-wpLgvEu=A%#sXxCer+;1~FLgW}kYQ!Qdk!TPpY_JafC zjVjDTdVGgzoMYFo>ukyx0ioxl1thzCf`Ko!{127KTa|amm|LN2`}DJe6Y-Q<$4AfP zXm2JgnW5K-gq9euyJiTxvt;HmF38MZiUBbxbqpn?XYed}8}l0$eVu<3hATDfxjhI{ za$2d zCVJg>tx>_-om~uk#o2}OMfCqfLRv)sh3@JD=q1<;{bLFt__@|y{h=Tar+*$K2rZ$} z84HdJ0tVIcS@am_*5kTsb#{|ue5K{Hn9ett6=Q4ujK(nk>u~bcRzD-H{o~r`*3_JK z+)3LQAet1!krTl)HM94!v?NwF2263H>)<^IAlndQPj*&bU{EGj4+Gt5w_CB4=Ux|| zB9MFr65cUk(^6%T`>>ji+%PRGkpF*K%Jm4GtFT~1$p1m$8}i|0euu}4nY*X5B2VJa z?i#CjN`75sg*U-nJsW6)+;sNt_*|==6gmM=awSkjthR_;WSk!b&XW0K;mveTndwzK z4$=E@cxW6#O=AWd4c7vjhAx)elTlFAWAT3W4zGI@?0O6Oia0TTPiZSvCQ~5E7dwiO zZ>s3gj301Rjav`i14;0%(`ys6&j8-AIEVU9?fZ>{t3HpLletv_Nz7|dlmWM)m(d6+ zB-g@yslW=T$CH=1(U<+6d#=nJu)8)eyup`IkD#f^an9=wC;9Z|JV#~TqeKE+hV%`C zyEFhD%;hXWORU<79l?j0-ph>9#7of&($;bAeOdDjmwFRJ&F~j5^grjTTc|&9`toVG zDnrPC`w~nl_Yqb7?@y(^4D^fS#pG|u%}WenOBkO*#MEu8NImihEa=6WIj6~T8NJ1e zkiUl&G_H#O5qC9jhJrEn?@-HNq3M=1p~L}5_0 zo}_NJ!MgLL3SR5?OKI+_4q^>qGJ^Wx-x5woD}__Bv|XE^a|)YcOFY*(Qm~?dLf=Gr zKB>sVfJ%GgW)FAukI>Bg*VM`!EzK1>;GSQ|p+@nf^gPPg{2R~<`qS7!kz zZ^I_@c2iD#dAbqwV=zOEgYom=eoHO2)V7VScd@EEG&>fZx>;wMGDZXdfkfF1IeDRp?X1{BKBX5 zC$`^g$GsfD;(W0v5bHkxh;ttxh*+P5mI8agtnJp z(7Q%hAR4_paY~AX-e<@C7J8q&o9Ol6e1T}-TM_v8?~lN5&nV!n^OJ$!6K!Mgn-mFs zU^twwutTn~u5Lo28|hn!PgE2b>0j#$j7}UCI6Vat(iQXF(s6_j>!J{f^T3<98ejGY zZ`FHE@)Eb_R%RuXZKND{CCYLFi9D|IX0;jPhVZ7Ze7^KU3ax zS2OP|;%!t0VAGPME$M%{k>DsWyv;LLUT^WtkCTLF+I$(sGfQra%QMSXNAb)9TY&b< z?~CA>S8^KTnVJ-hb&THPnfq5bd4@$A{ChFp;Akia8{TKGv*5im;T{rk18fA0lHL}*AqhQF-sK($TJnEzj8olyeYK^&s&5pQdHmBTmO1y@xGdBE z%_zjCZ7}&Q`)Y|?n{5VW5xH^oSKHPxI`@oMoY)QP+;L8w+s_7i+YJJ=`ezi-731Rp zt^MPfZ$v?U>-%7do{>=3TpY;~4*Oi#Dn{!TzwCtCp>=Qn#;J9+f48_%)hkL^>)*GV zK>(@_!t0$(M~Q!|1Tlz31q8?AtxZ9OHPf5VEx#RqlgquNFSD%M2kz2gz(KrUdQot( z$deZa8vCb?X#ILG?ty8-tyv2vq37{dD&nrt%#Y&|?m|!KLR_6&c4b|VySQ;ZvAlQS zuI&gmwsg;1D!R2A4a!fL^t1dYA1X@=?$bB11uP#ong5N$UCz+I<8YS~_!&I~GereU z3C}AKXhTg6dKIGEkY?mM)z)qMt{0mBv`^C<3r*aF6mV5vS(=FW_2E zz%_Fn$bFGNf=M6lZ<8C(g*UI{tJ{)dsD0;)n%c$ic1tk3@p{xSu9qWl0Ed~R;(aTS zVxB^d9Uep;lUj`Yh45n-y7fboA0vKXyWf)y&@RNsv|AV5Fdy4UQ+3krvDC+oc6k#w zyWcz&``bJ894}={J8=TNA8WSQ>Wh^x&VRlaRdiY;Zv=9_NE;8GyeqWA@C=?N<7;{9>hF~xUEeIRZ{UlI>H>pDx{LA=K5@yWgQ>ARygSO zy-^%=DUQOnH|vKvX!vVU9F)Bl9Q4z?2o4&1L1P?rj^wk@;k7->tQR6Uh`5NwWb{aM zjdaRF2YV#j#>+_5o~V&jjEgrCqyLsi4d>Q1)PIq~sX0G#IF|m)$NbNwCBk9ri=U4e z4+Jtvd!4r*h}C~xPc-IwI`kjog;6mI1SGtHY2Yq|b|s9BND`JnbapO+7VbC4c1q;> zMpbTe{RqS{T5c_uQAyaJ#QRvIO973k;mhsUKr!(gXo6;PC%eP)e;1a4SL4Ef) zlE7pM?&fDT52Ql-rQ1qMf8!d=dWwPnFz|~DGp_voW?aFc(EfT1+W!52q5ri1E&a>> zd-_lKzo9=x%BH{mq8`AfMgPzKf2V)&zoCC=LPo+WDXRM2Vw?WUeuMtaEc)ZZqW`Cj z(SPjkmVfR*Cl80^{|3KZQ*N(Q1tO9AQ2$!>7Ufo_|<) zzb8hSX!-kZ^~bz#{u}=JPfPGmYYbey@~Fi>X-}P;f2x}p{+WpjGmaE{9MSqi5vx(_ z=dzYO3&l28$qEtjyI#_`cUM2e3#@4%lER%y^UtC6L*fC~GX9A43pg9I5FoBaNwucq z;P%9nR>Q1y+Ei}_Tr4bl#ILG$J{!gS+0<2Q|0`+GcwIGZF)Z)O*bipY{zzX?e^-5N zT!_7;3)fjTgsXpjVn{6U9=b)HIfm4_-)BD_)cDKf{3D(74_NzB?#pY3t)5sMn3=*{ zHP)$Jt9o}K2mf4lh1f6fa_L2kB*QVk2Dlv9+u*VZ4guy$=5BS`zX2OpRgPMf&)^Tr z*?Cbnum)n6LbD#Re2ef{C2v?YYh=K>e8SmL_T_ihKO1$L49#8h3Gsn6!gN_5ETO^y z8^|UnuHOV)&mcCT?f1S}+A##~bczd@O6s3wX!>K0p!bS9c8d1`Mow0s3>^%X4j5mR z_LKh~b#DS6RdvOWCy>Ylh!Y^uAfN%G21E%6ngD4h5O4-2CM;?Y)VN_(gh(qJs#kyeYhDxiowpzqWYXX$TjQ~|atm6L0!HT%BDfxfD=f3x5$xNWj@Av=z{b1(J zy!-Au_w4uFbI&cBf-G3nKa-C>WBFm_#BR6a9D&2ZR(#dt-2ez8mQ!!F6hZ%m!%FHdt$C>T4A6y8d1pkOPw~ zjtKcqyi)pa9cNT+>t9gH9J0~QsbT)3+tCT9ID|A0gTb;Rh~jkMP?=;mmK7H3`#r%*vIY9!e#9ZDC&PuGIr-c}jYY^j zr#7+!s;X*zz8(P8$&IRd)e5c|qnwFWpg#iLX%;I}f}&4`+Hz~76PrIyGAloQeBqS| zCH}6j7bW66jSWuk(WLqR)b2^hX>GNlZ_^tW9!aplta(4eJ1_&!2Gz2x1I;);>;;p- zN!a6P!2K|JE_jy3e%8O?7FUejfw5x~I5&bKf4s<+j2YlG&*ivr(sa~Uz%9nZd+(XBhbdQ2{iA-#)}T~S1jLp*JI(4`;WCM|ng$oZQz%{PQC<0vBh0Py#9+T2MMq8MGCF>wcuoFyny@OxuO0`#Dikf7RRY6ph<`JURWq|r)pjZUEd=HySNeO9jN$>cXY6geZkJOl z${wiStRZ1QisJBlng0G#CJ>m(xjc;()!c4JY-Ahb1J3*-_C*_w&QK39=?tvlR}JTY zYN>&paFnqE&NK{d*q}EV5#FFbQ>1bda1(1xJmi=XS<4ZZN|2Qyd+1?f+fw2|10LTY zeIMN;GYi<1zPS+OQCO+MtbM$egw4lb!*dB!|7Kx%RuORd);s$jayB1=7_WCF9$+3i zDB3xJ6~CW7;GYLzx!tw3al^Y7D>s0dK*Ye$=0-+{eY`ZZ{ko>xld7b9|n0+_+=34!<6Ie zG*2gfofgFU0AOnhhx7wGi#HCZ4LNCnSe_OE+N%`AZc)qyr z>m?`wj181k7aH!(d{v?jsr(@HcChWMTaclCA#63Rbgm>ru-+g958?t&B}-BdP~^aU zhn?DOI3p)17rcOM4d|}~3Y@SfcOEc-2;cAwvxri&$f)8XL2!+8c1rb5-+^aZ;Vie7 zI2w^iWcrO3!aer-wHQB!jgH`FSW&;^b=ZM}jmho|NE>B&Isu-qzXZ}irMvweL{chB^xeJCK z`h7JK2mSsSKcU~{6AI@Ad}kUJ37K1r!X+Y6Zd8}>Z4GuTRws{i#sb&Wnko3(x2A~j zA<@9z@C_ejWP0XqKyPp>&s zCT0jq``ZQv?!j%YnYtj~w2GZHq z_(l1JnWRgF#6Py%m%Is24F~?3T^!P+%o zR`xd7moi?;AxN*oJnoL_hEQLMy-;Z}39FMES7G(+bhv0#+ zZwioQRpx^JKoz{&MDc2+AQ9XN%?0BN=*DZkyE*%Bc55ZAu7kUkGH$*^OTx)Cx1%=$ zY-q-p1jr!tGqSAQkkdMOjRkuz!v3ofNYpj zPkb2!lzAmU1cpnYqHhLi3}1rSa-)oL8d6sIB7WCj{hIDXYWk_z7MO_IJ8+9CO0=Xd zjnEt%2Sr}wGw=#zSV?}ed{ARx|L;3WWiWNS(S$+tP+OG|m_s!nvXyDbC(ox_G7VB! zEc~?t+;dYV_^UO7zb?a1utp|-ec240T{~RuW&=CXiIhZNlh0)ITt|WnsW@*x9q&I# zE`CA6IFSDYSj-v5V%2=*H~EUC!5Od@A<9@R_Owf}776$69x zSWleAL_UrEYaC{LF8gy6z|ST4@B;oVF4N~qwtsvEO95@#W3VfNFo14<#-GwbL*xV} zmRd~K!(=eirUWiUHX0cO%xCB~^2ZYRKXil^RpEk~+wCiJxcjd!Mg))N*R&YA*x7eG z#G{)Ft`cT_YG!5_NTZS#-QSN82$TJ(^no7(+Ta_n#s_LynH8@>M?^%_?YZ$q(>qBn z{D>Knr~j4SiE)xPWLrFKEqV0_%SVZ-+VlGr%1x=I3M+@3^2jQz=3UNwOVJsUD*5s$ zmRo{$A-AMfe?CA}CGMB885rS&hnCSnk=o~xm7L@VK1{pByMf>0 zahU}?X7sc8N3x*-+ro_mc|+ZieEX8~z<}JQ(aqdHC)+h{;$ti~uVr+7l^kJ|1<^7t zts!lU^Vt#+Z-zppt!YG$qQ6-m8}$?WT#uvsaLn2cGNwenx#JrL7OzD8#=Hu!$7Y8O zt_LuddKk-jPM`Q=IVx7U7@{RfJ8GMFCPKGTbQNFqd6Ltj@b>a2%_5fLY|!Aj z-U6pQjT)K`vy|gAcm^|S=zkOpK@O<5AlqtVmU8r>jglg*;G(<2I8f+m;Ee0L$mBi~ zSTpdm?-hlg7i26M!{#Xba5msp_$f7QaRh#faM+%SAGK-Kbo8%y7%0kMHYZR7J|T)8 zc)&tYoBlGMH=^>=OyjCIYF&SM(f=3~ZO3OeROqD9# zV)9e^p%A_#%EKwMmVDkrK$d<(1V6p?tc9#xg{%u@1ju5MvOvI;#ZR^Rxt}XE!2rfV z)1hwW_;WBnR>eUt#Z!@3+QC*>Um-e8o*IN!CYC;35(i6QB=9~=2Wwa&{si@K4p9ZC zvVtnYJgx%XHR^sf5l33;pTTxKAJO=_xWA+$A}qB+HlZ8mR;c@CE)vicxOYH;et0=` zw&AcrIN_NlfBqZJE;0YmS2A}~oC(JBaZy3%s9esk_*WV+A)%Y4gaf`8>pPgf7v~@P zh|j2BL)!d}#qq`s{kHtWRw={Phn^75!!u8Wh}2Y}^#Qm=QCdt7l3!s5KE9B?Tz~TL8ZUXz!Ea_H#H{p_g;QNf6FJP0*B=HWyTqW>!jEM=-<)V zx=AuW-b>+g)rg#82MFRNhx^sISfAu@YRze5va0I2bNv`W z)l%2qMpT=T&1Kp0vvKU@KfV|Fkz+4WScP#CEUYDeeLv)9HFGaR`uL{Rmi!p{_{Wn; zcaa}F87@DSdQg%>!t^o0cKbW4s)s!2a;-c~QX=zL%|({5Vbdv7?p9 zj~rF;czxJj_q`nQ!i^*zB3|5H!}>Tt!qk@(PMX+2OI=l|aI%G8foJ*Iz)910A)J^6 z(ddh4$?vWJTJB+XXGjP4xYt69p@Tn4C0gv^I=B(lP{mX!wXDA-DJJb<=V9ptTEl5t ztDeAUByQ$dZA{GkfPO=mS>lb486-Y_49uAJ9k_xnX2~2NXV8lZSIT&$*3MG6qVckP zM*~+Y4uo*U95?U}*ByU<9}rbh9>G7wPg{sG^zWLk7XRSMaQ>;)pOxg2_Apc{Pe=04 z4|pmPM-$m9ihs7DRR~MhEQ*6AQLHV(FB#K>eT?E5TE=J;jDvqkAp=wI}uHPrg zDGD!PM@i3L7-taXRzECpAJpIN-YR_8eyX! zjZqm^%+hU$T-)n+z@|gJA+2(lx*|caNy5Vp-kQzo zia%9*a5}cLLtr?xCBAy>4W9x6w^n|VJOASa>4ksA0||k2C`vaRLE%nS7lq?7zK>O|@n!w=ahfRHW&!o2grzLF({hJ3s=qb$a#Ow!z=0>qs zQrai|5M+6uW+fQQS8z zVie!m+8@Pddt#2_tp#yL;mqG`UvwR4#G|?vmGGkfK_{b6zO7-!IIuX6*bs^uw7yZ? z(6pdH;;7bqgiBFd_1}UAMX>09u)8IPKqsCkgh$~4Ad+OxUr@tQp0SRO+)FAOd>)S2 z;#KC%I5=1ko5XGBu&q(-v3y`W#NOA?7O{8U55x|i8iCk{JGGBkza*A0Twyv@!XDLk z#6v7nVlJod;C}iReVKWAL@&f8D$+0_R_^ltoMgY7xn`GWBXeA>n~M{-L0W$~M!On& z@s6g}qYo!bY)gJEHZXzXK;Tq=$sj`yiH$)O$AZCppv2l-wqj?~}fU z{BF9J6nBJ}=QE`QyR!qo`XSyTh+1D9MV9sMgUHXI`^`VV0IVhVrQ)iRud6kz1u)SF zNRm)Zb{e5^XQypKX38`@_m3a8j z6A`=K3I7!-Tu5@L=XzYDea#T;h=BU`sc*9r@zqn^3tM_;ADqg1gF|y2OD|~THch8i zmDm_;A{5vNJR7w!lTXgTyu&|qKV0B(9g*9y1s4;OO8n_9jn3vTy1JS_wz*T@b~S&J zt@(@2 zMJaC=X|PX;!1;P)@xZ8VMrHu`2V9AZS7AcHg1d`+?;$>Ps^04K9_n!CY51GyK^72J zv4aKt$>UI8klS&nqj{$Xz9f0hMj~eRAi2HtG8BZFoPGY%%R2D$yrq{V@^j$QQ&7T) zosk+ax_~4R(;0(SD3zO>@Z;2kz?E3P5sYImI}nba13%#BvH029A7S!cT&F9;N^f~| zl9cj4=Dpa4F#}6Ni`;{ou-u?IUvp}h?RpRQq?)jg#j7%&fCIHO38j+@6P*RXRl@xD zVpMQ)Ypb#|vBamQP=k;~i78Zt%vhewF6SqvQ1S^IT8ZzXE*?X7a`A$B(S!@9h6>^` zlex3S^iL@fNHoG9eW#d|TSaq7GpJuaudnrd+KS$vV;2aF@hw=5XKyXi>z#YUdRY_J zi@Ke>w)>gLU-Cf9Y;J;E&>D1cx+Pwi_DD8irT0q|P^39M9@`sFBtA>Mq+(wPV>&e) z3XV4VZ)^Cw(E%Qmw=|$`pJe8nJ>$V$(j)ZM3Zn=pDhf}r>096V7c`ElK}g|(E`Zo# z-6?rnuQM@v1(JTPlv}i6BQ?t57(MvLWtndd+Z<`%vLC-l_+THc0=yz+@1Gxgb-a+yN6fb&qNAC-Hly!C@S z6-Cq70KZgF8&`^aqO`K757U4AkI3`7|LG5z&n8RG(u^Re*{ac^KPsLK-Ws@GilXk8 z?G8rvll@vQfY8%K!RCerX#kg}UTVeagH_MD;(a|4LrqEx6;@OiYpxB``4Tvjwi8BIKc4>L-2t_Rm@aWB8+YT{huJyK_poDzI2f zt-plv?<10yN&ZTH`sA>2Xo^wv3AcTOLsT#|SpCz?1V*xh<4tzkj|)L9-Ts3%Ax@|0d9b>;dF4Cb+zZ9rn8)#SiZMH(Yi%2+r1+ z!wCM6N>eq8UU0b^9H`Ec--3(;B*&?HI(7Z$Yd`W`?r$d8Cd~Yg_mIZ_ydX5h`YHZ~?Ebb!$oQ7i*3~-hw{zTxYnn?;i>r5y?8__HEWLlhejF z2fpM_*2_xD)yZ*R9^u>i;cc{ybF0n+b(YW_$G7X%w?=#mf_5b^W|$6a(^tI-NVLBg zt;V92evkTzP4VEl_(|3u_-mACk>6{Pj*>N|=N`CzDVJyiZ5P{Lo_{H3c?cZuE?fsx zB^2)bY)sz|#-w~X{bC<(G3B7v)rv{WR`~a(eq+*$HW|ZWYF;81VP`+Vbf>4l)zKUv zfVIZ~pWvlo9B{9}0rDJdyl|72Jg##D2j~w!d;$yrw3#Hc7~t`ytOU^iv{>{%9EbjI z9Ebk$oI(Ge!st&T_%;Uuk@R5bmzq!s%bFz7Yq3VSHLEaTqM{ z`0MD@Vu49$s4rJP87z>;pXTAGz)?7?T;8ZdHzB&)6y4X191xT27cZTk0eYy&t3`Mr zIFGLsf;0bc_EV(zi(qlG01`A-C(c5uW%`h%=_t(63|o5V7lC_ao3wH+V`@04g1Fi* z{ypRTME#v-$ZwcF2A)L`g|HMkH9!2A3M^`VC{x3A3ME=ik~9Ci1s8E4V$o_ewyc~p z|Db(|pO5>FIs0#OHn*Y*I<&aQv3Xx zDpRT_FzpEOuU=Mw1HW3quRm9F@-9kVr6;a}|Elc6II_2-Vlw*m>W}0VSvmk8q?z?& zV0H9A%1J7UT#+;O2WD6^c5|-71VBt95u-@wsUr8E#C-VlokfW|Sfv3|FzhAxi%ct9 z6KwD`ymF$VHny`nf5U<+F*|ghltlOt|DNV4c59bllfWDH#g{>59QJsI%Km^w zti6RMClw>{dPyIOHL7cRn~xZQDRTc^CYjgTmjVbzdC?8jpouhBKigu0e-QXtu!Ye4`^Ksj|xntC0 zva3RN2BdcZCj7}JCJ+qUfQdS`ReWG<3+SaS3RA43Wi6oXP`RJtNBbVM>4rhxw>?}{# zPmkIce*lt^QE(uQglr@Mn>)3+em|(@dW5d4hvLfKFoeX#{O(Vn-{Tj5)Ve8QQ20)z zENiHk^K*-smfVX?=Sb6j?KMS~b@hdkUHvwxuO)x-M;rqR{Vk8$+Itj@|BS|Znlzo( zUQ_03mm^iXIu}=-8}Z~kKKbrg4yAK@Poilln?5T|ySCR9$==o1Aj!LWu-f0=D{{4f z*e7z7e>Or=;>_Rhmah<4*T=|PQrde9n!d)Sr%BV)cAIh|;%%+PVZXBeCws4=s1$@t`gK;$D6YImPMW~GoE1bHymfvB0_`6yqHWr7I zPQfmt)S6SqXwHLNzfGL;34f^mATR>lhs&($?Uw$=SF8;8!wol9h7rU@*b`AY9H3Wy z3H29Q7quPhvme82lwag`!Y<2n1H0Ma%2&J!Np2n78jw?zwXq$TuFlPM2J8zra!4Cw zPl}rD<14T~MKfdG2Tv1YkoEwLfw?kjBn)WD4`)~=LESU0g6RL1GnHk43#u~0?plDD z?wBHF70T6`$W!}i6(r9d?b5h46Eixb_rO2iK+=U$!n9Q1bS_IuQPRi}gaMzi>OsP4 z7!xhSW0OcU++8D=5lh{-0qkKi)JU*({njXu-@5}K-#eNhtGrVfvIE}$WUMcSfL8UV zn3MG7dIht?Fk@QkJ2wc-h`>jqT_Vo!(HT)|X;Xyt#uw2nsWw;X~TI706>v% z1J1W_K?FH93Je6VLD$3fDEXhq;6W6tDSh!RW){(R?0*T`?CW-7;{?vzbXH>jI`ShI zv;2a~-y7#JG`afkmt8@q{Vx4G^C#skI3+em$K!GqVKE)2mJyD`RmxKmE3^*j=-x%qK&0dBQL`A>!JVO=vUBG z=~qn4{&W3$c!|k*4`c}Ey>L%V&KsT7|DHM`gO$L zqV;S4YvQn9nAl_#-4~%>Gdi}>uiA`w`gLhV6v#ET0C|XjZ0Xl~zlyJ4m;5zazk165 z8~uvXJi)I!sV|o zkICheQ{!;CK4p3oyEx~7T{@18;PC78NDdF_*DGFC%o5VC&a2`uIQ8qZkcVjfdSkeL z9j)|hiqfz1zcuvhDErGpFN1!aJ_glO{uZWS=Ym_J2}A`uih>6PI~lw;4_OFQlS^pY- zz|}O*>u8UK-lQ}s(7TT6Pi<~w^dQG;l6q5`kou!#Bz0KyU{)84$l=k0n(GyX;V-G^ z!SrfSxbJX9;XLIdF8soxFxrK74LJ1LR}_UY>63MSEp_@di^68Wz^RS49AE1K^N4i3Oh$DohHG8S?WsK9T^&tj+Ejd_w{lVdt$=8xeT$^0#@Q=xBO5kA5wo|lT` z))47G82d*9Tt#Ys|0uWgsd?EXhuhx~3@^3XJJ+~bp&ff952sXJ9vDk$0c(_TN>s_c z6x@3;lh=};KRPYJrKPuU8uK9gM5yV8Ff+@i z%-NUT_ZqTgD6hK$ty6CUXKuNWB(yRQb3P?!O6K8G_6gYnL%=mxQzgBpq_)Vq5XB3r z*;+yJ6mn>cJvkU}Kh`r|ANYiQ`GLERlfZX4tRQ?`$&urF_sBHt3r)hT!CZGwzJ#^d z&FNXhxLoCJ$2F`H1<-4$&n{8skwYf+3^ETp$x=PbB=lgB zdHB_B(Q)=HpyOjEGQwU|DE(RZar@{P@{&Rah-H!a^vmO*gJiBo#9y|}sdz&=9(fS4Rhv0>S|i`C~N=a>vr!Z_(;XRe<1J3R-A~G)bln4 z#A;9LBXgr3MSb7Hp<(v=g?PGHo1C2(n2#sOjCJ_MDaE44ixT*KSA1`1_1r<}5TH<) zgGk2cIVFZvIqhoz;@}?x&7wvWKm718`N3ZQck~ynKoE;&su1*X-~e>Fp>L3uCI0<9 zJKh+DFltk!p=kEOm1_m7PCCt>U5C?w;KcAy9cY8>S)I30Vy zq3NBu=&*J0kI@}kcVpgDfrD_yR`Y6MT*O7^nT-94O&EJeeN4ul)-fJqUo)*OV;9c= zW7~#AFm}a-sP4-c zT;%z?1bHyE7X0h4rnaS@#pdw8$m!t7q3Fx)TTg=^JV&9~#S#@e1OG&z8#&i{H-N>@ z6nr*@jHmvP#_^dRV&E&RR9WWn&HsD$vHOGnFWASwf~msnuV~9( zU*81&T0MyTW!XpD2krCM;pY{9K|xrG^YaOD`0E7iN2|1rl@BeRo4jri+gs*#LVWWJvz z+B(WUo>tZt9Vb-)9nI%OsFA+!w~vnQzgJ`qw~xn4+97kuK9+M5MEeMjl9>zt2kql@ zIPd5G=k_s0*~h2hIw5K(_VMNPD_|d|;{f6lu#ZSuJ-&T>86Za4$9L{)$3DL7&OSe` zeVl4*t6$^V$F%?N*vF$)CSyO8D2)B5J7O~S$e-ddcHyOM8T-5&z}WhL2*!54*FIzC z|4uP>xP3gUI1XdeJ}#vsv}Yd;E-K#}gNvf=<4VrjqCA-x_AwoO9mhU?`<$|m0eptr z$J-Zkd~xifnjimxLA0p(u}qCoa@xBIxfPXJcb=^0-Xj)nBs+uC#}YcZ@SYq_?RGRl zoj9J@>|_<4@wjkd!5fFkqKuWhZ?iM;Z8*O>f>p-6I;^%=^PG`w>UwR0{n04Jf-lB>ziEiAWA9)tThKs5yE21>E)@RA*Fc*>yfhCjIo!%qNhWMkAWDj|< zdsUh8S_i_Got^o$S$Cd>#YriysE=!G6?8e^&}P9q$;SD04!3qO_E9;q7GU=;OL<}F zrDVgXcW^oT zA3=T{@+hQ^qPy>UcOvpCk(d&^1BpT%F>wKMlXpFeW#Aq;Vc8T`28DR0RzSh)aC9_M z7IO4O1z`ykKja~2Hlnd4kbEi$Bxyj|{Ki>)*vhwvd>D6)97qAS}2XI z{E)~-b%$rx;D9q=YI^kmeDN^)^3C0NY@9r1Zl6OaYm*xyLvXm+z7S@9Q}}ShS4=NH({~aoj+KHCOkH~ z=Mq|(u*|O4uY!qb$W|r>&JeS@K5wCkk)?2W!J+kg)KA*;B>6M6yovd|R`8kosSbf3DQj*ERC6l(*!KrP;ip!(O< zD6RN20u-Y_HeBJPI~TT46({a2tQ(QwdBe>^?pp2=`y%K4LeG{uT&+l-k{~0rF5ZC5 zC%hFs2OoC%UJu?+{ir`IPuc6GASgvu7(g9DV!@`K#6x&Ea0PXg1cut2Ou{($HMba^ ziNqg{9ujs*_e8PFs_$a5%X981c3C+M>~dMZ2zFWXb|kx)i!~1Y_m4+#i^Sv}Dr&wQ(_g-}=FT4eJISi)2KQje1zxE6coB>iF z_xG=V!|=k@wpS;1ssg_V)~WCMeZS%0RlW#rFtzZpLJ%IVvFs~axRImAo{4qY4%$Kl zL(3T-maK9tYvjt0yYy$5wziH$kq5Oe$=nwq#$Kw{A%%7E8OX_za#PIT!=YESA6)Ce z6xET(3q-su{G?8)B7W5PQEFzur-C1;Ewh({##SPCSS%tOP4rKkZSk|D4EPy!dKi9) zD7@X=)_ec!?IUYClTIKZ3Qx6;ws>+OKUmb`$|bu3ijS!)5IKp@Jgk@d*jiKFv)sDj(y#qFO2qchb}oWIMy zXfLyK;4kDA_lK7{+E&~jvH3}9u7mHpP&&T2@6Hk}si(JK&lXZH+3o9y%1FMCkl*?U z`Febo^IS&I@ws`l18)Ul4BquOO2pXTxpli#?!HD|WbApv3-Qz=*-ge19JRisfqReC z{9+^yvuAllcBfE=Lv%r{EqH+XNA~LVr)>CV{=UOy#R`=T>l)CB=IkSdV7Oi`bWZX;A81XyR2xyr;Wt!4y@5K9_4GA-e|lWN#Mql{pxDRV-M(4G9(W5 z$lbzV_J)P>6MCl>1tbdL`tW)sVDxN84z$-l2!j*6p)Kc`s)&6)jc3}nh~(ck_mQs< z#p0Hng!wVZSTs}@@Uv|Oj5N*zNzjMx7c*WwgJxXmGD_TDj$2C}^As#TPk^C}?!u?3 z=i$GOZmYjGPlEnh)RR)|rhcaj{K?ZB z$9(OFPsTyB?itk<%hycIrvJ~Z%n+LAZEPRSZb_GMGr_?`^OWH+&}lG{MSv84#>nk5dJ;`6;4^(}u{RzFQNmnzvL`dOlqwqsu)IqMp(0|FZ{Ff(KBW&S5 zCnd@EoHFF_U#J$sbuJi`wu3e#fw!>QPbfFc*ioF>$5;<(F*{^mGXj zbWKJCf|{G#N6?>Ekdc(Xh++bLp13Fuc2ssXHc_G;JI)8&a!l-hrny;&(o2TI>bgQE zm=mFqrX+LCIQ%BI#i7oWf6AD;;_q!cljRQO{voUGrX11{n#?=lUIga%pWMJ_I! z-dcEA{pn%V(!&b#uM#1IYX85KZCs%?#7Y%&WB0n2tZnXx^*iyr2_VcYVWBxC)RK6^ z?OoY}xKdwAexbGpJG}(Ih1I;FL^&jQWILE-vjulitN9!kR?cJLkNdFAXFw6APUSlN zjZ4`n_X3-Hy;b=Lx&R``zIWZeZH2A$A5j>h;UtC^a4$h%U7>^@kg#na2{-v50YwnC zH_neZ3a95rIz2{Ozk?YRm9G4w_T`Q2ib<-MN?*u6@Q;Vjv%}s{f;%icGU&(kpap9@ zkW?~lp?jt!PuQfK365F+tb{cH9N7O~J)8p+;$t`pL^TZRIrLwRk^%Ssm0XBg0dwWG z(7%Bn_y%}le1qU(6t=TFGFhdKn=(m{@!HUCAsV^a860ciC9Eq(j<9Lhpo=TN6z)(C zUjk+;r%wcY8wH1yPjuJcL&Mfc3w!WbeSrEkX#Z>w)F90z^-tzCHvP(gIaCaioCmG;307oE?G^vl>(%eY{#ir;y!`D_IxhG`2L!h!`Sz5ykU6r+YV!v3&R)? zIgGnrZQpFnTdqa{zY_CdtGG z5C^L=)QrLUufbr&hu;603^gV8P!r=0^})QhL#=lj`-4ZE96_~}e`$ZX%Ou&w*bau_ z&d-fM+?Wa*{@s>FxO5xv2iY|A_txT4xg7fMaoI=|*d!!HGY7-UI$l^G%hAujnaFPI z>`{_(0%@qK9g3`}D~YfD67jX%u)V2T@|)+vofr&CsFb*4`s7Yuqo@mZ<;ihTN)7nU zU6cBnn{dS3OVNGvyNXZC+%ZmknkIWG-UKPcQUEp+2YP+ls%L*nT4oenO}0hS8pq82 z-7hQz!=|9QQwv`Oc;`Zr&{ze?p_>BZisaxHz1NhW;u#_gxy8x9`z1<%-q2O~J~`k@ z$l~AElB!rAppHl6%RIjs>jNwOM5zjm;y8zu(h~c_sjq!bt28sd>Xp(|Rd&O@tgzLB zcof6=J{9edjQf+?O`kUK`!o>}Nkfd*0sq*UpL*NbQxoQ&gmBA_;KdmK-J=Z+XOi~z zWa3V({t;wj>o7FBcT)>I@}BoiMX?w6mP0Q4AHJ0%t`6gbuLY-I#SAN;+vLcE!d92} zQ2OlGQBKy^qWIeE2s0H~D%QV+XvE}Qz2?T)H~{>CUW~HF|4;GP5A-Uc&cAvjyN*~9 zzCp=qx4$D?K8Kul^;a~93z=kNeNSw49f@59)hL2odQgfW7xKsI5#pa4$=18{owv#2 z2hLt2Bf`^Q@2Ic*BpT=1mvFThSIDJ)1HTueC>erK4&3+BabjC!B4XVON3GK*5N2m6 zcK0aL-VE6*+H3qYa=c92=|E`7d)`M2l{ti8Ei?1!1&ZS#8K5-U?HCQ^tfeSz1umwI z`TEZWUyB5V_9Qs<&z2J9QOjQ2&ZV-FtmzpLAn(S?MieVPlw@YBrdUn1E$4}|~+B@`{i-*MW|&Q1+`KVJdn z@YZem_M>nRP=22aa5uDp1e2~^`pI4x00a|H#lj2x1FQbF0WF*YvwSWqZ=1ieRJof6 z$$%oPUhekyu=X!Y{^?VI04Ap>4dv@H20T5L%+VVs7!_eUhxx^8+>?j{WOnIq&k`m; z8Ls;5I)dGbwM?GRg2Cd^Z=RZ(5WL4^4*3;>h6mRXuf;m{>$CH*GE_6r-5+NbZFTu} zSO+w2AFm}rrNeEr&Q&z<&)Od~P%Qco{DCa#zq^Z{Tl6RJ875Bpkn6*RDDbITH&pVm zjJ}_DA7Gt<$e6}I;F?mk?VHQ%*P;Pz?&&z8p(e9P8wWwazVDA2e^0G`AHP<=6YR^g z79>uM2HViUR)ga5mn8<8fC+5puO2DXWj9OV#zzwOdmJoc(ncG$xPMr|j65)!1LUoy zM%`ujmnaI{{Fh@GAgJ9lhT$xATY%Y5a>b{@u{X&_>dpAD$|M-= z5Yf!vK8Gb7yY>Jb&silb(6#gQM*6OMo%si54??|H)@Vg)GTh&TAE`TZ+D=q%W38 z`3LkZr)L0~^AyQ{aP=BFat*Rgnl-%U@fk=dkS+&aNZ=GRL>dArIU_%KB?u=|jFZux z6Vx&m{zBC+o9ANM7b(4HUnB`T&?n`HW8>84*$%KOBYlX&y1B3hI_dinaZ)QHi_d|g zfqXharqT`QEX7lVo-ix1FIqymI!;edTRn}8?y0lK<$48OaE1f@?9Sf;c#hNEV>}dcQU=V z`i;RXG9MuS^|~rH(+FzeU+#&|J7g*H&z!dNgEH3C7zCP`PUO&|``Vcw{OZc~=LgDv z+gL~bL|Bb~FxBR)fa}SR$)}r4`-m!Q0#kh5%|IEMvD!-YG%AY;o#~UeqpUO~GZE%FCN)f*7R`}!k4%MBD{Sy$pa-{|BjW|m# z;hdWgGR(NiO zhvKE$ygdCDvInvm+=eRa$%IJ*cn=zx)26GwXbZUYI=2ohveY=QB} zoNXHeVZf0BGi)f8c-5(R6$dgo_CPlOE_xuFBu6EDAWvFt%z-?CHt_G$(EkHjs{g2g zm@3{FmNh{AnT7D@uEn25a*~Y(7&tYj@_NM;u|+npt!*xt((gZ!Wxe|#H8T+5hWvn^ z#P7tE$0ldMV1Z(*-MbO(z%>$Ex%N-tu@%Z&9Z?GrQ*tM0eaYZZ%pWB00*Vpm0J2sa zgUQHIL^%;xm_1MBzWZ*LPv^Ow46?eYh+uk%zOX@^iS6K6Bt`F7oL<_F#c9Jvt=*sboJ{%9| zzy*$f@`*Aq4|hz|myBUd&NT3kWY=*NkU<4mC`^(ArapQu!gXtyU;{gK;!d1PMwK!~@3f2L;^ z!W~KPOos_cO~!}4fguZh(fAJ`p9mb~vv%SZ457Z0w_x5XLea&!87XWMAL<03;c~oK z8H30-(IJEz;D*XG=n}XJUCZ%vYJDt(vq?oKhO=DYZ1Vu%Y!MSfLpZy!AO_Cfda^Cf zV4G{9JrvFm|D2lj|C~*I9MP3iG6q}c)6BhqNsrQl2R7(8|={TMtv#>$!3)j zF`?jNqE~z^G zQ{fdQA#DTx?QXkw9rPVzKghnw82{U_RZFC87_~G&cjW8=+{|>epUK2Q9s9_1W@?Gbm*{layDe`7W!KuwJk~P)Z z301o0Q9~^l6BZtUW}Op9?@)hgHmO2qkEc*-eg2#Qm0+gItR|)xZX_WZacnEJ=|!T| zX4)Gx-tuRx**2XefQ#@Yzt11>#oq8NnsC}p$7ZK~)>xi0z?iX0;-YHJ5~xxP)f((P znEbEz5=ekphkx#lYX3-y9ErH{2G9KTmo*{Ds3+5*w~v*?{Z5ZxvjI4$bHn1FjE$eLT3{ zs*Hr|pFLv3g;caA<-d<0?^%-v2|5}oa*(LV2ZiFQ7zHy#J6%&RYH*)UaX}pq2djv_kMC@^;|f;$rzWx ze=@%{;R|=$UwFjOkCxm1%`9Rk+-+ZGwK3iHH_#?{DqgXuyQv?=_l2Z{yX`UfG!_G^ zWQ8z+LOe*k;p?ja3hVRtl8Y^n8@&;t5L1haE39{O6Z&|I!!L?D4R?LzI*$K)9S>-W z@P7mC`oH7b^M8%{wG(XMq%Q9Wm(zXEN^QxL$0Bi z0c{c{s#psi{9~}E7$g+61`eK6*4QX4OYG!2^WU{=>%kv(?_Xi@VGW9Mu}PFmSJPBx z7_P8C>QOYoRhE4bnMu|U>#CBm+c>zEMYp-FX`6K(+_%v5Zq1eG!ns!74FCo8GPdab zSAW@Bpz2s7zT!QahyuA_VK{C>PYcc3Om|9Fveobc6R{TBZVM{7T(?$;4Yy7}FZ%Ue zd;LQIRqdYuVyM5J+IYlms1~*4(?)T@@eTb?uY7{eO?k57vpoO(Y1so^jpq5^Vg~HA zyT9ckm-Ljst9oEa{xPRwz3ff5lhurfg6b1@sCkjQzbyMP!h<0re<|1xD3Jw}X0@~# zNt{L~n%!=|pxs344v=$&nTxfuLoz;h{)czi&>-+4hebb)1I4~!XOeUK$7-IWC0|&m z#`yMHHO3qw+(G@%`mIZv**8#E9zH%~tkJ*9-^CMCiB^oG!kzzi@FL|k`o87!`X0D0 zlq#qp+(!}=zrbOWRS$U#L0@?mh+#)SLl_3^-h8}Vh(jzAr3h6_O9A!ja1CBNiqp<| zA+5@-O-U@y-)Yy*gDYY8vf4A&ET^S(K$B~0uE*bVYEZfPXus;-yskb)@Dum~kK+3v z9zu!D&pqAwo9x~{;NhaBy}>F|I)HZr4`5vhx3LxVWxk0`7NW_fq+Dd-s3z5_$;_IG zXgJ+-jsc&v9jDrMHQPGTHUvM+{xxQ=8LA~5E$J2U=iaK{*`Cv+s{mT!wW&sf#=uXA zPvec%#{Ivk`^d1B4jKa=sQWliQ-Wa7{v!GP5$m9l0GqA`8lBj02bZf96^2@ied}EZ zce$Dm{nFKU3(6ah*OIXAJNg*haxA~zau*1>bujio5lS-+qa+c;GL&yc@bwQZNr6ieypMS{8C5csNjo z7z$b2xt3~8J;B$D{Jd^o@(ukfgbn-S*q_k*cSgT|v+;f%3i1SAOAwub53o!H{(x#e zA8)}GRCBhvs;fE;>wn+#)S_e8S$YCJsL`iL z8N+jIzbkb4R_Jnl=|WS|zym2Dg!;|J<`8;tZx^SjmMP4jfEt4;KHPD0dgN3i=^m}8u`)7p%KJ{mhm-CY3axDGpj80@jszS}nKI`Ct?E%+B-bQsRlg0styR5de%l&sQoZ;Cl0YvTSS%svXt%qK}a0vF}!8ERB$c=>!!6z!n)?Ksh0n*IT_4 zzw4d&j6|t$Q$KtiNlF!qGs(RLhZ{LG$ywZW5|Dq z{CZFj28*Y4w>uK5`w@r=&Zc+V4K(3=0Bb(YK;`quK2d=izQViFiS=hGz)KsznfYeW zHgFN0shxV?=iy8N4Dy)g6!2IYayGpMx3gog)@Da09hhJjQflxHeYRw_NJphMCIfp5 zE-{*d3-iLcFi#(2G%i(}1Sh63H6Ni9Ru$w@2CxVkVt;~4#>ehbl{o|&3EV0Z%=+fE z(ks;6SQOO1{Y7k&1!~(Nk&@5nm3&r`KG=B6KR`^aHQB}dqzPM;L@{8+*hb!TxVhgFmdfe$@c_tiAjID_(k$8O>kz~*@99rp4J}JQ zRuVS+4xqmf=tm`8_KzW`Nj&FAvKhiNj+z7_vd$Ri<ii-(`x!~a|ST&_TPL9!Z5{7fJSk@y*8zz`ch6HGY%xA+z5jUkkMsKf8 zwOE9%Mk;dhqd12zm;~p%$>~de;>?@yvfyIA45c1YAIA4!SM+`lF7%C4_@>l?DsVlz zt#IOm^-97=UkQm=s>4fEhfTD5rA}zu)*ar02hA?~Z0lfjxd|8gAK9fp^)I;g7F3yy zQXe)O-NQz1_1=d0>b+%rZ@Ky2GV{If-Xa5ud~cT7WuL3fE-z!3`KrtA1L>C0ZPrq+ z(upBv%waT6EFx|7bQrwVTky{Y6B`4~F3w~ZYsv&0e{d_P@(7i~geuR3$`K2yyUZ^8 zY)>?>u>}|UlkC!;n!aW_AW0pz2-{b+)JqD~3v&2^T=NAv<_kW$IcnIlztNX`urE=X zWxeSed>2xFfeSrf0YBRSK9hZCnSE!PeS4$(#+raHS(BbO)f;H()4-l#IW=VCINvTO~X|`-*04cHWAB37nTq zj4Uf`WXwOiAbePX8By+nz;|;beD*bIc|ANAL!=2KVNJs^T{h3KXgJ~D>PJTis68o3 zfR_nk4D#fU%LHVIU&n<_e|$&;WV53nQwE0c*%v|D>;`sN%N6SlE%DE=$(u=Fqr z7vpmE)wnGse_~)kyyFOQ2$ z@*17_V{<*1>KUq)+h{e;X|%Y?0R%dn`Ik6}zy)Q_{JCX7;No*45m;*Wj*D?+`i;09 z7lC)>h9fYrCu%}rVJ^fUb8e014VKI5f$FY|?~b=Y!2C$r$)A_$k+lg^)b?|hzUOQK z6{YkQt1|L_G$H(I0k}UlsYfw}y-X`3ka`A4+c_jy+=wF-_ ze^7c#eW= zi#`f37X8!|OLOWS&yS#MdK@f>{w!%jTk53qOp*1Ri7ODe62ut~KAe;$AlMCM|H_5& ziGlU~^TOc>-W`Mg?Tgp8$6sbv3AH&iIW;=9`MhXy=(zv{sJqrA1;ADMGShPj&`y*? zsf+?4N^*$vnmo$a>^x5{2;~5w91wl~nbL`+J3%a^J8>~CPoII?@x)2Ldtmrjh5t`v zf9ss;nD|G+Zj@Mo7is}LBnrC~Lnc=wYG=PlxG{JIH!j9y=`Z1ST)5vmHyrLjMHsIr z`PkY%eMCK2`kgLLG{blngab_B(H9Lh@++@1=>_5_dS!V^l$cx%nn6@3BTyAJ4p7VC zxd74vL8x(h`m_E)Um3Th|MJXn<6<25XW)Lkfs6hd5Ha?yVPhw&s_{SH{`kFW#F6}Y zTbmI#ULc^Bnd1dzO#Unau#x;ZB#b}L)_=%~q;3>fzKh%O2B{zJA2GrK5hE1&|8MNi zR0WxZe+a1JJ6zEIjA#cm;(ux+bg}Hu|3p4sJR=f=Kz_J@3{7U($MKnB-@)bca$?x`qo+smH-tpNjf-(P;D6kY2RQM2^qdIT z-4WC`{QLif{+XoUwDe{aeuuULrha)OjN$lY{Na#_Kb*lR`NDk?cR>81jyOmBK|T?H zXYkmy`S19PbPMb?lFiDT%{lm!>?vUp6-u1Hu?aun6zl1YC`MF$lGA@#8q!7mm)WEN z_6c)8ms?9dhGq<|mr<6>xdv3B@EuPZz02^xZ+P#!1g7PgZc8eq%HXH*%0Tz?k_bV?UN@o!M9>{W1u7EbfN)?QEy~7wVY+gdb9<5M8fZ-KKk-dRX0fXju&Go{OkQ;a5=)@`sp7WM>}v;8J$TpE5S||m;m>QLAsinL;cv`dfrFcm2jTYb!p2s=3sta) zbD?P)w567Obxy)-NuaY+tHxo3Ya!bSM9`bxgmrR;`FafS=uU>b+QI%ryq?$>K`GTc zmVDfb{agCfeh9T(7)yoovkx!I9ZW}K8|gC-@3-TGU0ZNPl~ImP}mbjKQ{Kaej|-L>wh zqq-xz@+WM-zi>EE?)N07$@>%X-rzf%f|zLrT)&$pFuoUQ_#}SK+a%QU-pMiaX{^`U73Jk5@1j*Kr-}$dt4C( z`k}knqc${?zgHmX1<>nHmMVo?${)d#@=_vBw!o5Vd;`!Cp{I$#T>av#c9b;%&JA2| zXlzBF$+ABEpU?-{iWBn;`dpC(0_9o+6944HsI=x(U}$jTe?}#}wuHky9*GWAwnL&} z1mK0c|1A>9`1GTf{Ks?>`@Hh>_Q`@vrmOG&u$Vy!pQWk0IAn36>=f*d6ThHyZ#u*)4u%1HAV*5Q=C z$PdxyEhp93hQ`;$1|nO^&4O$RtBZxUWUCqb&Gq%gYTz(7ylY9-cU)y2sE;1h4!IU* zfLw`qb8LxnMo3h-AyE^I7s6u-m#Fyb{erd}{c!Kt6cRvl0(0A;&I!^-7TQ6BnDhZ+ zCmx4B$SD$kGJ-zWrVD-cEK~GBK2bdSKx7U2!i`W%D{EqXtI2VsOxdqmMZa3=KX~l?1OGyy zt3F$(VQwLUT6+Q1At_f2mBNJXUjE|tKfG2NV9Mb3Kk=9}x|h!wmTh2Xcm6k3W2qoX zU}gN^LV%AUfI(4^??DJYPUHDMQ+=eRumzg9eAqH5`cd%)^rIx}8NLUEiM|I;J^NID z!bzkU&_iRD5vM>b1q%69gp1@Q_l!p~(6b z7JU^eoSKsgay44sVoaQjrP_ecBLa_n;_o7&lxKOktK8d@>Cd z2tWX7tXCy+Cw6bZ7)-dwPM- zJ9`l?0Bl$dA30D@mXJj}vALYd%ESVL#C`;v$J|07U~mrWV~Z5^zzMu*D(i9xbVW>o z=20^_`Zqmd6P-tqu(R3vakd6fFnIIHU*aQ+ zmSsTK5~xZF)DM!*&lcVd9Vkx#X17ukWkHlC!V|AC85w=QZbRQ=(D(GsMIDa~M6z>x zvwD4AS{yo#5;`jSu^I^i1Hdr73Fuc~%Z+%k6&*3_pk)l5KOI8Wy~sbctPnZktkr~V zX9tUX9~L6v3HjMVGA-#06h5tzTp~yZlKhADAlS?6h!WMvg^YU99`xlYhmasl1L1jO za)XqziY-LWu3xGlK$1$2q4ojRV}RB?j6dzz@GN4t3>1J)rNdED&BkGXd9G-hYt<>G{nVE2LmO74H>P8 z5<{HkC1VIb-VqZe(+f8j*^W&mQbyixA*HYtwlESeU=lUr_@n%;YkQ*{7PTy9jq!g> z|0L2s_FzNwueF96J49!D&wMNv@%yibD1%}4JF5!vZzgHJg8oH0{NIGb9ZNL zJ}G3HI4OrDONpF7VQ~~%S`C1klA8dde&Ypdk~LRZb|ZjwHb(M2>r8~so7oQ3;#y5WT6K>yt z+hP8_=}t8P>v{^Z<>F&pzbmO7ga@9Ba;N;0Cc}5`#s%Q6-F!=_l|zfKhW|OI0JzVk z?85`+AM!0MX-=gj=!LED^de-P%#s70(av^em0!}a9dJ)@f8L1L@GYHX!50rW>_3JQ zwoz=-IIK(xbC!f3^}_Zb3oceJ8qYUO_|`n1`KO(UG?8_7P}28Yb}c_O4`0iHP zjYsr#cl*m6D6otSAh%=y;V(deB4svK9HS0F>E1 z3DX#VIj#rx<-7b7r{N%(9pgKu_Z;s_?;GrIRuh(&JjY7t#!Cxix?IsI(VPx zK_M3$;VVHugC=kUNRPm6kfN}m8pGp=t>GQA5x-%>`;!zgi8(x*F+4u=-wp4r@BSCV zyBCxgz;>+ck#s1TZnU>N2OLAySXJAMjbm8v%rCS?0f{fk&m+3#dx2)N0!^aN**ckUEd?8Si3f}IPn8-!7U{-vHz}9iEn<7Oq50A z;_{cETe0tu-i*u_^jM4y@E|DRb0e-GW67VCcjw8%P~bIylop&*%)^|0BcRr9zhydD zptDQk`8q7LkAn#*R4Cf)pNbgnOG<{ck*C+ASZ&hjZWKqC^Z`n{!8(j!h$LDpwN6Q* z!9gLGTPBhkI0M{KoPTwmefhmK1L2I*lhtG(Fqz;yO1R(+lD&oavqn}gBXjW(G}J%5 zSqzfP+XNlbL>q*5q5;6}WBiUJ^ZkZwjrS$tAQNQF0X)?$PGy(wACcDvr$<1vm`G)$LP?@js&Okf5@JW;7exaOgtF<{ z#j2r%n%qhD`h~!$TPsAcWV3zIg>OSs<{zGO9m87=%DbxV;5%%F*lzp*Cis(E>9`q+ z(jX(@=MyIDkfEre$eRYdQpN(y1PV^r@SccK1xVClel}I!f=YMWrd^4Ua(UPurHSeWFbON;$mG~uXyw(*JN2a+c4kwNG z4eb;>8Ey^`s6TWDOWJI9`J|9ARW%=^U9ethauc|VTn6n8CR$iQIT+&73LRv>G~B>x z*>R=e0woQ2&>;_Eoy>R$MCiZ(-r1WpYy;8gN^d(|>!8+h3RqXHD20&yvjtHw7AA zPfQS%r;R*U?B2k0#Xl@=_}Y_2qX-Mw#^k|24ooL3_BB@wb^CPv{M}T)YOwwZ;kx1! z!44w1iZ9qmC}1&|sV|h}HW|!?vJ(Ffb>9MK)wupY)u@rOhZ@r5sO%Ct>8@1FWQIN2 zqY*MHBuNO-4CzA5blL6Zm_z6YC->Y#l9NOCl1mX4@sk``+qk4il;;2azVCY1UVH7e z_TFpu-sOKjM>Df7?|R?oeZJ54d7k&CbW0ahL@kH4$|&Lvt}m>jPa7EQ*fz2HhHiuSpa`L}k73icvHo8kOVd&aXs;g!v|@yUZm{z8 zTm1}6GUpl&Q78i}Ek>a{2Z>|(QsxLIj;m=)Nnmm!T(3;;fMECLm`4cy()MhE4CIz9 zO;pj#cedvIsXi#2fkfM?s7PWSp3qw0z8*=aI#8WegOwn{mRb2e@a@dLPiQjw!MUN` z`K^~mC)>~$HX98!;-yc2LeUqZXoqIL!Ta5DKPAn)9}Z$3TuWej05H8p`|M*>iJRjr z1tcgo@@QVL*x=CfDw{Th16LTpK5mAdDtJf2T6iY!%1&;CPOif~W(VhdQiGU|V?X9l z@XH_3vLRQesAX>o-%!~fRWVgjX?HY4^M--&*Gf+=!e=4`_^*v|1Xxtr^r&P7SZXW4 zM}B|+j~kUD0ZydbWAw0t0IRnrE5N4sOoRYSKGFp!hJnJ?o61NNcV1q z|Ehjf)s+1UZ>lJ;B5ZF51e-R;JjA-%FShc#?0d-X(~&8XUmwKD;R>pXsfy|fc*Hh4 zBz#hhiWH}+BCqVUNO;c%UBWF8w$LQX81!rd;}L$cRm93iR4r0bWF(a%c2`u6&=DT1 zh>{UHHrtiw$*&n6>Rr@I$?urG%g=!QzcNL=H~FUodhdrX`H-Tz+R)4~_)LWM4_UAG4ehTg8~K66 z`bPDMN&R*En+f}yLH+kE>Z;wh)lTa!4?*ibyCOvb?E7N^0(}1ek`>@5KUf5K+y}Y< z--!_500?ll?jp4Wfz?A02(Q?x+))BlF%OLhEKhU6VojUNjr6)|)u790Cd<(v$*SQg zlH{)M6OiPHFOrm`z)xrzz7?U5>)zAFxjsUigCI`n+94?={5QxGdnm+}XQay~1&JAK zh?lz(-$QNjy=sTTcc05sB-Dqi6A)_S&yy5ts3$%XA&T1E!H5Ks9^xA7`Vzd_KG~^3a@I0m!*k=mxf#~!HPenGqpI1KN z!i-zXs{EDLWODxV1tM0eW~?Na;r00WYuJb}!|bvyicli6En;XF3H)#jwI;vS{-Kw4 z#Ce6>(Q^>a-wttYydSyv5|QXJfl z{)v-2HVg;iRMXmcNjtwGw!>AyoWY2y%oY`>?!v^KhRnB7C4G=_>Ndq6`$_;fPL0za zMDk@zBfNlAAYscPq|W$>*t*GqiD=|PF*@Z7zO@w6@GLr$hgDsfyJrmo=KGfBwbjqP2lf;5WYO}8? zomMiO`H^5TrcI0=?ZX1J5ps}UWlNf(!J3C{MF}&QsSgYsUEZ(bX*V!mihWE=s?ONOq)CxL7Gng##)}3~^9-zy3pUKD5q?^Ov@3X)GVA*`w*2vXEWR~KrS z7`+QM{R-^(#E0Q8*4m;oKf45Jx9sCEsLi9uk0M{Ddr;#dDn&@)*}$d41sHVj>`LO)s&3V#{8L?QF>TaQPAt< z#Dc8)Vpozky}e)!3$Y4YjHKXqkqX95F+3*zt`N^e3;~V==Y za|fl!zx@-Du~x}sKvIHPgkmh6B>HGaL?0bbx40aTxtd@jdA~3uB;v@3k$Ux6Up;C6=F=O#$aR zx5RP+Io2iTc5pB~G!=ewY)#5gn$*FhN&KCf#GBNl&blV?dW0rDh;T_nNv}R+(xRhO zl(cm-S~j>iMM|_7@vG*0KUpQZ3B^Q^&uee85g?z>s1`73B%gwyFR=(ynM!-^!JvV% znqm5hNFc%qE^TED|4n$D!+$;u|Bc4*Urp#tM4#G)%vvM`oXH~kjuUA7z+gV9&m4o# zNOkite<{tDr{Y(^oTd=dG(LN+p`LXz%FfWP(d$5Gg^rsTOEl^f8A396lp}G9hD79O z8tyF&z}>=ptKUPDK0~Lgk>30zY^ZcHg6ARQ+y~kT!jSW{@U6+n%Z`h?JZ{LV|{(f$XjLT3&*-CXQps�s#@spGi%e+lW&5u4gIZH%#S!l zS%FMbXr;1nO1JE-RI>W}D)R_w(BIW?U8%p>ZuEE5htP|!3f<{1zYtG<$~6a=MJ1D<95Ye*qE3g9tU{lMBV0+A;7qtyp4n?6EW&)f4GV_}3BR z)u(QN*q-&7;3V5nguQuH01&pwa(1WD=aI7wJn#w(v!02F>KC-b;dRje=W)}F_g7jYE_WuLg|FhlUhhKuCS` zo8VM?`;S1sw)X$+^k~u~jH4U)$$u%_MSl(Z|5kchJ&k4-_?hDdKke7j{^z>G55Eu( zKW6){JB%{T+h6$qECN$?xSnG7S)Oc6YPZIB+7U0?5kc7+RCwo^Ce2NT2nHe8mdaZz z|DU;pGqA}%)cx8nJ~nEt*h0%{dwq%LY-4bz6cn83IdOQgzf@mJo4BwEclO#jC@ z?NAsIz3wwbucKE%8NTl4PJ3BWq4Z(H1JX>Y9j`~P$RT`%Y;WhHz?OlPEjwbu4OP_N zF2i&2N1jd}mK`zSa12>D3*8S#7dr=HVYeyVtW(3bl$;J5e+-DA|qEBjt)e~4YCuTt8i}?@M_~acC zdZ%8~KZilY%)-u?S=a#sGP|H%`G<*lg)iNz<`s^bF6R|~A+Kzx@=U(~m*m94Lj2~L zd6szOs0wchG#bb;GCp@O&e|Ep`K|02Xsy%KCj@EfWBPdVxTQRz=q zS|aoHB4|#1qqoC0nr-|9W#g}=jW32CN7?v_w>dzQi}MLiOI&N2rDSO??YuxD?fg5y z*;>QU^HeIT{ZXX?oy$Gbe=Qg2Y;~r*vIY9(nZ6AdB|bOdH_yxs;vwMEC)#CrL^WD5 zT|gZW#?3HGybMbi4TyfSuoTO~%ohD-WzjE>vgjk<)bX*kyE}aF z8;Kinj1TL6pV^IP8TyR-vpkEsV@RVkOtv1{CNdJ8?G$qQm&wm4Ia6(si zddrd$x9h{&!Og38j%QKJjs+E4%cST2FX%`9jA33(Ju_M5|IpnFtmht=@`hoN1^={o z&ZNo4`i*ZEtN8;%yO`8DzG-%0m!JP{?ezO_L>uWa%q>wLL%;v`@S)Rh&(v8&I%m&_ z_#IK><=Qy(Q`7>zGhTY71L+KF9VMqticxPDL@f&Hp9mZduT7-JFLA?^K5Iq}y zAaTpBZP%SSv*BhDdj4f#@WQODbA!ToV}+x|IbZddN$ZVt{7dIHqCSRxXU;vS`fUnJ$yhfC<);1N__UZm(CyjuwEAoW`p))yubutY zUWFQ5+0mW$vZTcAx5&Q?3=ZpMPq^o zBd55>q@&{R9q-Y)Z`eGdmVQQLZ@29Rm0T7xufY z?xvdUH;d36Z`kiT0LQR8*)ZbFqr-@cIl6Fd3=anJ(~?I_mfY}P+Mxkr{(&~PgGt?! z$hCz2T&T2L46JRjVyl-4ab+@kDxB zT#CS4Sah8~)cjRJ8akT`@rC&cG&}iBinI{ z6y3frg3i#cFQx6qx(VtKcev`HY`C0VwqDCbfT`Pg@ht4TcowN}<5>d++9I%dbZVvb z3uy7&b|(E#(A=9LW=g(`r2Bf6f)9OYK~cg@o6D^uXOk~!%!as3Eq1SDiY$` z_X{3PPpe14jMBajho&ZM-|IgI&A9UfcUa&TT-f*ix-@~Te;=rtWkkk9~ z0b|bZpLwHcX0|cDl=m#hmzK0O>31^ry%iD&5$f#DzK?^;l@6_*hG^H&>htb)(&~es zOuq}nn~nzG2g|3Mcl5vQsA&n*D9XNfoe!OUp|v}mW=XZO@4~JlKOQ#iFX^Uzv2NOT z;_nF8y$d}&>AH(&VA73e!lwM)2k;b?{`oN`r8iu7|I=vYn&VA6pP)_u(&RRoY`U`M zazHiI41-nz1cnE%J3DUXzdw{7#h8S+*g!)5EPh0`{jV|qMFiBT&p%Fs8Kr%122D-a zzPEo8TJmTscUa&TV%vADL&r9}v%O0jMyU20ZLsd@(bjVvd0y}$W08MRrP%3&kt*L4 z)8z4`qB?7_hP??di=7Mgg%Xy9o{^JsCtw80#^bj5ouPlFNB{OCE;aOTWxz@Q4uU1V zHPSv}S>08-ojgOU7J+T*_3!|!7xi#2atTro1wZ4vT#a#q8p(-Xi}B!N(8ZhSyjcMmH7^Jb>5P2?#g-H21v@scK0-ZK82E(S zHE=PcTI!^)haDK`ctQ*vwd_&%DF(aaE2xhqJ`D-Jq4>I?peIb{M-I^h+go%675Tk2 z5&C)V{po4^Wr(k(UJ8x$Or1tPmNQ0fJ`90*^$k?tozxKSl4xEo^xMCoqBl2_Dk`3s z8s79Z&I&GOuK9|yw${hT#o{5k*n*2MnwiWGMROxTb zJy45+V;UnmgzXnQDCCT9qHhSHi47sjIw|$#ye*LlF{-gML3r^T z4K=kxt;UdVEEKCUv>Cc*C#|{Menb^-T5Zi*ajCTx9)?SyR6Np%zlH&CbkwyymHoi7 zU{~ww4xgPK4Qh#s8SwdEIX`0OUmOJcZa2Q!(C>R4+x{>AEt0GPZScQ&10 za7Ibg`ntNh8>xJXf?$EkIE&5e;Eqt)Sg^m&I_$Py&#H^D+zFw7q4uB-p^jh)p@}vN zeVEp>I2jfHOiy<_fN^!DgkpSl=$%fAc<|?k++CHPMn8twSulp~#YE1Z%0~A_MSJ-V z>hnXE9PLgES(^KZZzM8$*cqWdEp0W94|vGifi~GZ&OS(YJL6bQzGt^Vg{TvznHZ6v zbC5O;_Bp8xKdGA=qx*>Cdu%}Qsr=Wai!`f5o*ml)Mu?H8s_j^N^3dShJb$ zISTs#VV4DL)Y6L=EVN6{-@t|TVoXlqb%MmTPej&n> zzZ2b_jxc6645@BlWc&~{zOw;p9K{G-X9H6&G;)V2mgI^JFs`H5%^2TXqvHp5u&lwT zyzEW|@F zE;A6z0Dmj9Gs+Gt=<>hn+leC;L@XBB7`UpU1Py1BY4zX79%%H8#A0ie43Lkg1<+iC z%~zFYPfv+aD^&zhQ1QRgBS?kV-*A3pnsdE2fFmz-`9EOEd{YDj zq9)RxHens}FPYM2zVo|_O&~Y&ox|=yuWoK=!niDhOS+?#Pp%;md)qruY2+9d>fav0 zxCQpq`7!7NY+j`1U!9@dE8=M-%G9k7dJ1M*XcU<$f=REq)d}?nAp|Lvbz=J?*RtHMDInwSv`b&xkZ_aEdqU#MCI?;gHM=?S>A2pUWJ#}ZAo+m66D}7 z0j;MlG(pSY&pLOLKPNUYVJjK_`~s|P0g^p`7FMK3gNCsJYNcHSl8!BPLQko5>BbJnM{=Ct`pBY)8O-!L^hE|PWHWxf- z@Xux||E$y9GrlFZs8n!TOQ;|xB?GknU}5ZnB47mK(_yti{4KBB!fFij{-mpG&NpGo zpsN>x5MqZ+6Qoi}SE1VwfI|o%CgmSP8gBDv?@UP#{yvA1G{V3q#vUTbk-Y8lXB+QG zPpfwz%qDMTL4(jW3C4c`s7al=?y$x$xZteiGtgjpW{+`{&5`_WppJf&4gE8MLG50} z57_Uxu;&J&tnm3iGg^!De^hDF^N;4?39SY0r(`+IWCZY1_jQ$bH$P+J4$+{CB}2J=QhFNvE9|RKbhCekRWWjHu2|Kc0Y!=$WVvS=w4rg$R|&_AVog8- zIv;ya6CbSn7El5DNbGI(?sXK4w8}B}wrUe=Z>!Loq#a{GB|MN~-quRwZ~IKe_bf1+ zJ{6*@L9% zE%0S=aGKI>#WwteJ==6(Z`Q03_C>B=5IfIR_85pFwRL|uD*UOu|19ns3ZG0s(+Cm2 zq0StmOmKedH6m_Ly1lO+w3_&v;Rb(CO@bn{`PCi%_yrf7vz>z?7RRa+zx&KD zy2h(uKX@|+zmSSX`T9|XyK&+j4l9fr$-05SwUqhUM3i}vDl=N?|HJz|aNkh+WJu=$ z1m{BU_4A8r5#NVI=$(50*^dZ1tpCFgs{Y64pWQd6N&nGmbcn3%pjN}5sh=-uuo4^`-VN*OYR%ipo6%w#WVeGTp^;WJX0(1t7qoz z;t@cqLnNeXwB~eNEvOiEGg|o7cNRz)uNsiT`tPB%ua?(OA*P}tzfcNjheFId9 z5R;od$2K4uj$kDh>!(f|2CWmZ|)|L*dMR9N7cSGMQz1IgT z)r<^-gubX+ zSpP5NMd%IGb>^4(P^qZ+MH>T+xbho!+Ru^_=NH@k%icre!u`vx zFyW*|`y)K~VYpmpvxdw5r*I;7H#8SluAC-u2uvT5WMC=2h&nHzU^8{A2s_JbRN>)Sr z2i}eb&EnCJMz^m_ph<>7?n7j*Gf2Le_3CzhOGrfAsn?YKh@K66tSoZE$03SOb`N8P zQs3(OXtgtcXi&T;{+K@s`f$RR?$E)K66X)6{nP#gg>ZkJwfZIu8Ik+y)M(E$!|Q;m zE)XD=K=M^6zIasuK*6VSkQqMB2%qL+%ZY^GGZ1e_!{@fEAg*7&Fu^CKoKt{sU2={- zZ^mKh-ZF~vxCp>guTP6$))b03KVag3LkJ{Gn_s#lJs4U(T5?P=bll7_vGzZ{QqPZV z-RcfU{6^v|gZcO2?5^QneLDggIRYP+87(6W8Gvz=*kvZ?OOOeWrgV8W_V_jjgzEIAh81N zqwn7d7R&Hq{tHW6x7iUer}F-@xNiU^rA)F9A*yB0m+kx~5n87nDUj8pa^e=0dd;V0hwuS=m6_kH3HH~dQCETRpD^J&cQ^1NP*-7J=4 z8B9Y8f<@9)%7r>8_3HPa&#UN5(#?d|zNW;}XUr;1BHfQf9Lx zwE*F3^>HFkxJeIpbXQJ08D$Hu5%P=JANQxB5Y@FGoA8qi;k<{4)dCle$vNx~+U@-G z=*`)vg@KwQ^9~_uZWC4?6B@XnY)m*mNc(?=)=eZFQg1cRhE+B`9JP{kCzLaaX|zkA z23LOM4lyh#KGUcLERaAM_x)Ue1(!Yq_j@r7--o~F<8N*OGeDlkJEXfd^h^l_>rzhf zhMp(qQck`Zv2+uYdHuM~FBAq=sZbso=&5*EP}%d|4VZEqL1F(W!N>I7rExC|IrEO7 znsx@BDqm5T^lshCs z^VDn7ei%6eNh|v~A?YCG$71nMwVxGBed`YlmHe|9dhUvU9vlp%$XV|WP5g=r{@H}Q zlu}mgrWCA=lum{e!}SwOYpc4X%9 z{m~ad4ZeQY9b#CLd;XcH^UqG5f96E-&(>ZN3ReCRZ zBSm^moNmB-3epx2E{j@Z$3LeIg5aKAXW%DZf4btIKM@aG;AGD~*N7lK^+=k83K&Sr zKkc9*$ufQ)V}HNv&Q1@GZl{Sy{4*YU?uvh!7eguTTk8%@{E7?y8O*R>b zQv}MYzBn8J>8WB65*LfX*%Lc*;34o&7tbR2d{_5iaVn)OV-OBji^XMu)#305{@2t! zw(-wd;GgC=thK&~fg;?u01&Mc5Z*VR5AxG_5Y@G74E!iO*N%VQLnLegObq_%CIb4@ zqvmYX!a&WD-47~i!W-$Z;j#Ir8+t6Bz48a2kc;-L6W3$Se}PGL=AW@tJ1hTaeyG8f ztK1=mCAs4t#yeGH4g8#epLEeQ@Q@|`=_;{cql3-GZlfc4UDcsr-si5J44%@n;!kC zkIx(U`JgjDB9n>-eb!8D{OlHSa_a3zeVBIgPHX75q78<^gd9ld8YP6*;N;3;gDpxf%aP;R)kU-N01GMBUKJ``V3_7Wp99 zwMz}8CB;z8UxeBtTVMmP=>4BWz@K{kdJ6Hnfv+3>{+Gqqz37j4cC9x2^b}04Ge0$> zidy-}cQ%w@#ar&s#gg3f(-dew`DwgB!9(6{QT(*z6p0%vKk-R3KZ%lT_=zQ3`RRR~ zpJrJ3=|?z8RqO@c0o>{mgy;XEK=|kp5`=fiD;p4>c&5+7MTx_^@SA7mB>Wou{B=ikX9>no8uO{!wpMHjH%H7FqA7Xm^7Zj z)L5OYM(bp?MJKDm%6yzBATkS$+etK7*@};v*-8{;!&WTX#8zT|J5R+!I$sU9@D=gb zhl52ZiT6B^Ww4i=TQ-PryfZQF$him*#&gC(WXUjhmPbL5OgJ)yA+h`5~Kb>gDKkfP` z{LFpTz)y1g^Ctpq3t;T|=NgeDNWI=nLIn)O6EP*P*}CVJ~in9gW35Tc~$d z{`p&P;O1X1yTc7jsulkX*ZHSJ=bsJH{8RZii3ThG@KH1Wh@x!xhebQ{&sZD&St15X zppCfa5B3L&Y&d9<7uC|EA7g*quTJCsxI-5h_=(r8uEL)e5l>s-WXnG-L`op_XzGOT z8)(|o(g{t6GXCk99wc>#p(p>0g`OwKKbv|0N9Vuj4o58C1^*naJFZ4PPs9)K?~M3| z1(JUvdB>;EWYCj(e8|i{Em}y#)s}zuA%3dHUWjLB`GeiiR)Om}262?i_u@JTcMh>~pRhb5cnN9v!a z;@^7w5a5<)3<#x?f`okuwMVwV0xJ^_ zna)2D0e|ZC>M58#164O1a|lrtdwl6$5jm%!{TPxa8|6al&1@8N{ps1KLM@g(?G9J` zf(t&nOAH8^;vq8?v8=e`OMFOCk#=uW2|W?_nBpM8OObJq&3x{%wqPObmS`UZY4_8u z*^hWk+=V15da^3QJ0ifoLC%{9CThKfQGR zS*r7oDgRb^lth7*fcU7HfJ9L?1jM3E1f=KRp3wOx*M@(VoGkl-_Z;J&!E_RdpU1Js zZ4?P@ITA2Ch9DJSm9kvbRlf&fWP&=-lEk#k^+?%+2?#%6<;Wi zVdQ(5TBV;0jWZswrea{_q;@!*x52;wRtt`*sy;b7qdmHn>?%fbI0O$z^U7B_omB!~ z9v@W{2pK&Zx!w9d8Twi$d1=`ZVpuP>uw`Incy+8eji(_GfU63vLo?7W9AKR%POvT}@D@<>F(TDk01(GP znt>N+D0`j{ape+kD&TR(IA78MI0J{_i9_)$#HM|tdsjNdvhsq1a5%6${>^kmbvE8h z^03wV$R^l8CW@cNiG)Dv^=2B(paGim4tD}gn)7rF31i1c<3wnkhW2B8gTTmwPnIx0 zwQmc+Jo=zJe&QEg@Y4t}u;UOPu`C%M&8LLfCk&(|^JXCq{ai%J8dr<+A?5njaXGA3 z8uTAS6DHm$!$~`WGvus;462ZoE;<|!?SK3MciPXAq6otv3Y^Zqo?Kw^ux_DN&(jTk zhS2Uey?fyyasIX`G!;rcbtx9KYd1AO*1yi20qNbtHTe$eY>DALxUSmaC5zdNo9j;&AT0*g8QS&MkkR zC2sOi;S73QaHM$M_5j4{V^JTb3hw^OF4gvYb4dEcdyQOyLUgT`5TX5{X^4BBaTd-` z?-rqZ>Ty;d-#2jfLCpb&pyiPJU%N#(n}+rywQBGW0_)2x=6%TliUdbZ!(4~?4}Ocq zymzoQ?=oLuGVj9GgKZX{)Z;T``hac8dPAew?(}BRxYw%OVLJ<-h|PB7nZp_4ge)hF z)@Y*%0Z=^);R&PL6tFacM)%#2YZE7o@)`qkK16`+6n|s$A18p#WTKn^EBHS_WJ%{>V=}!Oo z6&Kugix|9dh;>*N87Ahm1U_WMI@AAnt#9 zD`NfB!>k9su3*Ob?RyU)&>Y5(PDJm9xkM&Ql_QZ%uKRQt?pR#*({Cx~vb_y-E@PrG zHj&+Q6qM}yfIA?w{6vZD3#97I+x^J%X|koPSrEx=slwBIV#PvcyhbwPLnN~WIDNEOQb)uN5 zAC->PcZWQQI9m(nQJtoBYhyHj*Hqbj-cSV?yG8~!S@u8~$OpTJ8>cEGahWs9a&h{0NO9AV!6@33xr^ts)YU zEDX=jyJ4pUlQmb!C(XG+QIf$;D#(!~n}SL7KYGDa@i~XuV3C%JfDIYE1OC89B=M*p zbLnPTc5VIka0q3@U6H%C@@0if3m7;5B*4f$A&mWvA4eHN|BPa+^ULqV6Y#(8G+-Cc z<#9Ey;ym!K4GN?3lQMo!y)J$LbE|Nu-T&hu0%1)4`;(PQeak;ad`xYd50n6n#)%R! z@{_kTfWrNJhdUIqd^h}uaTBG#w*1HP$baGV=RdxV z861)Pw*YW5_^&>izw36{eBMy?bmqTIYE%^ev7Bd7jx+xu^0eWkCcrP{lhw*J2 zu&XFh=qp$`JZz6cfdNcmn)4!GK*nW9*LqFrIFM!f5^zF@NfH@dKD!g+uNB zZx0a&WAfh~Rx0%^{}>T9`EN8(k|_UWK;eEK?+%45-wpqXu^UqkQ^tR$^;IlTuJ0XB zyqSn_DR8Av+TcUrKVy7u$u|(j+y^z;E3+J zmCcto1b^A@-uJF%V9hwM<21hi3f_0*y&eb`qj|690N$H`_fo=ppJNc(f;ijpgTi0Z zqj$sbeFJgc|M4S-i1uQQADk=l1*u2fWw7IB?z8SsF`Rm9WxoUap#Zm)xx*bxN{szr z|B?1I=EpAvL>T`qAXI>^vC;guU4qHVe|*x+f1)HC{$t5D{P(dQ|5e%XAN?>Z|LucV zMwBZ4!-x2${f2;jh=0rbPxJk@#{1SqT{C#Q9&YQfi)Vy|u+77EV!RcpR}Mc|w@DwI z5rsmV!G%>K&`!M;Zh?_i7!>wZo4f500@1<$T*G)h4b1l$#=^;b*+7V7KIT8-jNeW8 z9oq2gP3|zrFSy{oMPiW0#C@!m+E$5WG48AIj<(R=e85SkJwBvpPh0bUl;12b?>lfF zi_*vMJQYuJ;6Y*pxzB~(DJJflxEIaeGgdZVlBaw?aG9~w;FuTGCTHW`md8&&D6e3r z!7Fe@?r?T7e)G&cAOA+rp6~i~G*A!xhL7Kdk4xe_HtH?-r-+{n<}~)FS%nv+e)qxK zDWT7YG2(5ZPuNcz>>mC@dbGDCDxk2d{qJ*rMhsbzyq=PGm8MQ^5 zLVtSS;10VisaE_s4{#%Y&LQl;pTnd0v(r`yOe=r#Ni%726tW=WJ$i`g1yrEiosH()qXaY8{^rnfJp1B3)OZj>qye`@EI9q%!K_C{*pHuOw)X#mR4IHW| z9<`fQb1BByEx@zq&v!(`o_g$k4oj%8r#g%&r{8?tN2Unin=iaU;J`-ACs@{$X(7SsN(5ME0wX%Ip=}f~d+N1q2ke(Z zoc7`e?36>qda>81Zv28(OGEn+kD7Tea(&)fs;rguW_$}Zs5jgl+E`Lztf!}3u|5y` z*6WlvR;N5)H0AyAo&=JW^7yEk@6CR}2Xg61JR8>rj@RAPVLd6Z*9u-rf@u#(}vZ_pXHTxMW0o{qQ)2H}5( zR>SPspfqazcsCKcr(QqL#`g_;9{Dc&`Y(ykZlAGgX=pzpZK`5t;K$5{G56Qn@imm< ziec^$$}hO!!?w&v>UfIcJ(eZckLMDGrlH8ufSb;Te8}L#Ztt+TSzg{(#j>kS0{w(SweOzOH zTsg{Q{$}40BTZz5=5T&?EAFQxzuFID@D?E2$A`~|=sNY9_$F+hfy9b6PDnfmD+yzb zPd-P_Ck;4!3sJY3C#~a?9jMG!ro3z$G~m+`cQ|B8i7_SmUnfhkfBtYlhxyeKLI{xS z6-}1!uaYRUk|iHClcgxihAdgMi7fT_aGOq-oh@`J@Ik-L5+9!PCB(A)VpDv`HywBP z8owSza0$jUPZ>Bg<__%pKa_QgQI-{hpY!&`xSe3ECLd5ml53Z)z;;F7j+2WJzlKYuHv4_;bErw@i|l|Z_qRhv?28x14Cny@{~p#CwJ16FOv+UTp{^E29k3_-#$yjIu$diEQ6$ zpV)d&u|F+5Iq`M<(?!7vSz^PZt22uNzYnbJ+YGJ{2`YOn_s?3Dn^7wFHn~1RyMNmvb%((R0xS57 zS%Q&}^uVqr--eojZCH9yWoDDSij2Zw(hpE7Mbr@j7`X$-*FU;oZ6$8-K?vB53MM$|I@j{qOp+|0ttrbkrNMI$;F z1{)p0;gor-ytdh>W#{TIe zHp4rq(zXsvk$n1LMBk=sx1r$?T{{yFptb6J$hK=yzc(q)oF@ic1=YlXsb6vts7|4# zm7sYw8&p){$E+noB{?(<48`BN@OD^u`|jPs78u=Iy(D(`Zt_*0$L{r1Ok$6lkYLx5 zRoX-h{j;bR!l4n?U^S>Yc}!}zs*zfXyP_3k$k>-QM2zAavlXg9#=vWke+ zuoaQ)zoFC!t5-d3Bg9n4pBgcRu7okR>0rz|i$wMUx&*B<+i0QS3Q$5rLz zfc+#C+`fYsM*#ci#ff#Wr($9Pz}6mzKV}sMKWHzE`-FDoyj2ia7}f3KYSDb5Mae+= zCfI139v^LiG~>r5Vw^;u`WNgkn3~TGtZZ5*ucGemvpm_Eb)qS0Bziv@-XCm0iG_u! z(OZF!&{MFlCjXi4(!hFsPuZR4$@X|I{>am5U0Hok@Bwt`ZqHGE?^rWev3*+^+y>TT za&A6viXj`_u+n~LbJ=rN{MBbW?(`Y$NHpPr3Pp*E-iq8u2m9?723Q$?;P=o6u%LbA*+(+-TG)pL9l=3z{*DT@+#^SAon=1UZZ;K zpE{n4-@)O}WpyWBhQ7)7jyCs=)}LcRddJ|7xns2Yvi3Ljk6nB8FX~?nkJ99NUJHdz z&Qt6L{MmF(Nfdez-)R%ykM18niT=p~es&4`@EG28cc~ewm*9MPT*=uhuV6;oIk+Nc zsP@Beo|&iN-zY`WsvwnU%nf-Ty820hp{vQY{WNfZ4cvC2I~$-oQORY*+xx&9oAB$M zqEX8|(_fw~uCzKqHfoD!`oD2SHtIh7=9zi7c;cuEZ?Q#?+G!kO3am$g>SlyC%y}KR zb%-`q8HFp~llkGT`9{kVM=8f}BUR2GrK74s?ZE>!`b~kAUVx?bq;|XXbYNyUT<2&xmUOx^VmD&B*q@Cfk2T z-1b{6LJ8C>IaIWP5w@`i9juCcgBWCqBvU@58|$+?i@Ik;sh+kNE}(&HBfh)q9TDH{ z%QN&lxi(x1duxO20?(pT3o0-s`%m;|{){o+;bv=!@zb@UQ#^}GdB@x#(tq7YH_*zT ztJlIN<%MgWC^DmDV-L&FKVfuj`lH06QG)-)KuTnn@HyQ+J9J4q>D>O=oQF_lkC{bVa+xsd_YVc7gIHr(%D= zfZ23QXDdw3SxqEI_6Z--VKOjyVV$gVgWc(N76mp~+IRA+I$DJOaZRxiT@G9gwOe;a ziU89Qt+4@2QSipBqTrdHHa{rJ=@e2or<~QO`oLq~)Bf4uahlQBKUMQb|11g`1 z=(*xoY@jr87233?pV6jNL+NZ7U7J1|ZGn<@@5<;t<3kDc*)1>g<(z-_iVdfvsp~eV zunm}sf_dn&!;7XaExn1`l8qPrRN-ALk=TRG$*yHq@f zF6DDfDDr)aaj9h2TG?#xGRR@v=|(%FA!t94#Lq_9X31usia1aoBnqvDEwt%RpA~;i z#L!Ko&E!LF`cr%HC84>;_K2&w$~@OD8T&KT+!2S@pd$qq?;sXO>sXv8I`w&PGi$?} zFEu()Jc|w#&!Pk6vu2Ie-g{BBut)c}EwmuB8}O2x0`G@~wCTxgD>4h;W)&lQk`I}C zG7QQ{4bt9Y4|1%2?R2~C5{ur3s;)iFP}QVbMEr!>qg76@44%pTBRmx^h`xK%J3|NJ zQv4mse;DA=K`5RYOA4;eP8>&`zpN5(Rb7ppltEwswSri;yi;IA5{P9O!!spNPJ(_`Pb4;n>)4!Q?ayf()R9J2JcIs}&zSpD#s@84&^vY5RMFhI zofBxT6fMmqn=U8QBsvgOCJer*J)ep(7o{23X5}MWr8LCIS`{II)$|A?Y%nf(ZoQ`U z&J8p@!uoCUBXG-|ouiM=Iv~uH>9Zpa#%HTS)2!e9PJ}Koo2$36AXuQ%cD~@zXmLGP zEpCJ_+gb(=T9=NbBfPf0=<_c-T?I{V=nrT$ANrtg=bKaDa$Hmm^t;;_UhKcliR|G5 z<>Va4f!Fs$bfl!?I8@Gx+YOcD_z&lUDdDAX`p2I@hCdJreJ_ljNh69QzMU>bEW>Bn zEhxt>A^5C~ z#?pse%vJ@(bc^O#+lRW_=NY&gA4QF5RW4s}*KE-jfG zReBWm)`pletggk6B1I^>5N1vc=I|jB6Xp;P;Utn3Q!+{qhoP$)7;IVx{QXf`JL6V% zMybu=y3L*gAzbdqJdedNed36aIbvgHxtY5B9S!9;J*QKMdtd~?ykACb`mC)*1RpW~ zx8x3!FB6{su}IAS=w#4+QqD~1QrKgg&Nt@PKrES6BE+aE>!hndF6V!)f>c_8i_8b$ zA(WSMK0@_TEEQ;h63q-W8&BhKhv&Wgou@nUCjZXj-}qUDpZLUto}5XCL%PIsh-jw3 zl;MkOvNOsKE9ml0^(a4Q+Er_Vf7%CCOY{&8`)GvUVfo^;Nqj#qybX6j#XF@fWDDsK z31*kgL;jm|VutF>g}lISC0oc6F--_1+Dz-f{11lybn0eKHg&R*vUzABT)Jcbo}xa! z4Hni0Cp)bU+-hi`g08{|AF|?vBRB#liNNINrvZ}^!ekD*Tfn4*{T-Ark-yIpH-&R0 z?p1hs-S*6ZHX`z-=tf~GiV=ew__*R#;$!P6DUw}3nBX}0s0VmZ*LTubPOT|B*#J*W zhFYqX<$h;l2|(+iuLfy6JxQy7bTNCf2E$S7oi7Cf0>s zf&B`*dJc2z*#A}m_gH`yFX-SPVAj)Cz?fgxg0;4E*S9aBv=OSbsC>~{-aZSrQzG6c zVQ+2pYJ=6L?P6SMspuK3$r~p+G@C`(PdIFUpC}9ZCF5^Ah>q;>(~BtXT2&lk*ALpp z4(7!82x)>dQ)?H!J_S>4KmBJdC17Y*li8?p4DC|WHa!*CDJH%WJ;AWmx_|IbFR=aX z9mL7{*lLls`Cg-IjP*^Aqb$f*YoUsRIPYi^TbvxTi9dbl8t8v=u2NUnXB(9pZ!u*e zzdG@Gqix2Tku}ewVg1`V$ce?+tKC5Mp+$u!vaCH`y)46u8xF)!-rt1#DFItA7-xHJ z8yjKEp8O|j8bjNJEu(xmQMk2}JwyM87AK;O$G`*E1=B<=x*PGFod0`*gP2)idv(@6JktkL*mRO7EgO+@{* zt!*9J&vG2v&(5n^VbgxLZ>A~`fc&vlY(S>KzO9DYw%54%5%#Uy-KcatjT7^h6S8kB z=L;D`o)6-AhV5_TAW+uFUZ4+D89ij!w-xiHee0u≧@)GPXDqvu^?DLvr?Q5RAKx z<_)*AZ*$?*TW!*}PeV>4TI+IBfkg0T#M>2KmVzV3J0tw(B)H7ZQQ2qhM5TbR4`Tcp zk|n?1&2k&6a-(hCjlBQe@hQTeAC}w3;Wy8$Y*6J1zK6Prsg+|QP+9&|v|QFdh58LZ z{e&Bfc8gh;c+Z>`)=mm*i@_N8@y%@GP3s8UExi5n-;9P^b16z4R9aW%=v>UlJOd`y zMknSFgl20Ld@{P-o1aAW2BCVg-Fi+)*9VpmM<0$Qwk7Ww_$f!3^bhv6GK$T){J6OI zNzU2o4QSa66__V;V)EaEQX}%cBO@ep(-TH3jDG#^6KFy&qY1i3;JpZqIQAdLo8k83 zP0{|AruH|B+y3f^u?+a{L!qZiJ!&_g;C;qcD8>xHpG(vX!0*S%8Gy%MBCcQtAm+bq z#zi^*?|uB{nYl(hg!ykii@DJ{KW>P@5a6W8A;8~SC>iLp1Ldm`G8`9{q4DyWeEC1> zsD)|J&M~`;j zt3mtEyl4T`XAAE<<hgszrYLg3+(9nTOZ=8?Og*o@yEwxXBr=DX_{;@-od?{S=mq zx_8D!Qum-=)8D#AYTvc;8no|uTnWqX5&Y$uIY&GN`Hi>AZ^FN$1+eomPMEzs zf(5U8I9eR9Ka6^HRrQ8n#Ce-|&8!OAD`6+VFyOcI#ou$39Ib}va^C(7w_O^dD36rH z7`;YC&i{DKRt<`+Fc|kxbi3bv2=zPNsJ=xFSVT-U5c!3KPwa+sezL_f41j_rXBnD+F-(>La_L-DFSAKuuo#ouXM49m7DYki>M>EPk;Qv1 zdJxiZ*x!pAdMy;Mu&-E(k?O6)#(Ui0tJ8G8F2saw_ZA<4^*2i{uj$LmQ)^PZ}1prS_s_97UM};czf;16yhiF*^J!o{+?=5R!Nm zKaJf9DWt>E%&?H=P)PS*kg$;6or<@uhGx$k$mph{3>hWr@g!(yLd&3&CXG_t3JkXz znIq>oOGbs^ie>n+ZeENDa1h%EZEU;b_*i~YmhlI51LB1W#S#d;cBqlw# z`C%AX8xs_s+w7?zBXNjqtkA3q?|iFfeZawtnD7&?LO|kGtDs&gHw&s61O@;3{Df6& zEME`i{HtMHNm)$R1L*eTU^yIC*hay!tj^2}a^NGv>-haXD1YgZhS62iD+VClGuz7| zuzAN(V!w|3qquItW`~O$Vv<9-lP?F@Eh+9f{6G`+foQj8Jn!#rY@jbWQCtKQ9LGZa zpj)UZx`h%sYO{r!CKL5m|7`tiRCE9;s`5WH=%Ns4k}Skbae^QB5k8d6gv+8Ob2|(C zy^$)=YL+hN?ay#Ko&FDuv5n^RvYMuG;V~Y=eS7;})bDho`iB1_HHSsS*PN{c4drvw zrP1=aj34;)2qm9jPQM0mv6Y-7bS$74(+ZX0kd*M8H_T6fs)XLq4O5A3n5wLXsfQer zAnuMZ+5wYm&hPi{Tv#vj2(crR^lxuPrD2k_2B@>1-*=k5sF+KuFNU8M%9reS zY`hXYUi~)^uR^yk6*T$ltxt$!1SzC2>|VKs}x_5WrxMcNOw3zyoJOW%!4*pH=d z?8np0X-bXZdkz}&C?#*TAMXVrfO9faB>=RasW7wsXecU|GW*fuCMm!8_T#8KYGXep zvVXAu*MX6cW6b@(l$dL0KW+!k9P~sxZLDZx*nZ4$V?X{CU=N7JyL?Yo(_%mFr5uAf zZ~hs#o$l<%Ty%GG_G2V6XbzI${I(m}Is|-f?8mejY%KQu<4c%9ZZm28>q*d-=Jsb| zo(P=~w!?bVV%@~Co~3j-=W=FyBjzK9s6^{c0I7|FOpbpOve~zs2~}>WZ(Fc zsVG*nao=>bJUb&rEx(!O-E1>9iIh+(Y=%}n24%zEb}*Bmt-tZr1oU$CNsvMWSKB_D zLxcu%ZvP`LdKCO>XC+F2CMTUZO17-@4tDw!Hx}Yn=FHIPe96Akdk|&8oJW3-+rH|q zX2H@KbczOq{%RAUaLL(+e2hRj$OQIb-?gYY1Tw>oeHbNjVzcE-Q$O-ltbpUjvpVZ? z%bcaX<=`dx+cSO5d2&qdJ9!o3m#^VUc>L{Y{NwVIznTci8h(heKE0rV zvj@08(~|w$RC*veF}2cZAfg7CKYp9+d%5>&Z5Ax9gfVrN|HNxhKJex|Df$K7DW2lS zPOU_&TqSfCZ>f$sv6tR4(=RWQopO=9f=(&I711eE&%$q>nf>r@REKCkT#wpXjoae8 z&`;g=rKlh76Jr436od9VJXLC_Ff68%5F!o^N+_VxjvOt7?Wy=s*H?%RlrerZBKny<8Z0#~)Z$ z7}(_xe2`c35j(5)N_IIJz!Wjr*6LIl>+Ss|!CC=-Nmpz&Y^Q_v3;%xNDA6Tl37bXj z8mM*%NBlxPab&R@JN^qy1%C6)ydD2W z1LI?w(O}NQyAu>Gl%~m!i<6+Cr*}P;cK=n|BTeH zn?!@3o}8@ssl}cYwSF?QpJu1;D|p~3vWt60peT?~{2=jr^mBCw&!UJNiLJ3&4i_AV z2=0vQ5+&#IT?Kk@&V8#l~U4ENs}p+;VujW@^iX>$hRC@KA0q@+X!QQ=bg8S z@sFQV)bdMdzs>ex*?3+^iQly8GAX(E_TfD^KGmoCgSlD0U|btPeD)z%1#?Dz9~VB! znTa!iC@01E?NZS^PsLrjjVN|uBeY96!UJINB}Waoko*+PnOq&WnblnqwGuKv3jIsY zQh3254w8ZW+d2#thZc2kV=K<)&TVH+CtKN zFsGFk7hlPlk>6lcowQ`ZC8B+vifOtT>EOnU9L?bdVn#P3PO#A4A$tdNx_%qCsV*Fj zrU(s_Gb3NX3_3~X{t{G~O610f)Da^Kv*k-LA}yk#F6!q{P;2#xPIedmoACcIzv9=v zrcDBj2xb3GDC5@eQUst+VfUP5aL>g;JDBKEUWf8Rr1udL8y!JP*)D8|wpC$uoT&WtR8RdrI7Yc7(FOgtlUF@_vMLEY%Ic42hD?{h_% z2L92_jvW(gJuhdK2%_FXK8v;|AfIGr)l`X5Z&MQR7e-mBQKG{yL{TubD%qA7yvW!u zPMv!d$ZVp#Fm|+ghdRqHaX1NF9I*;e%Y>wyoe}x~*2}4fr(Ym@xKr5T4r<2lWF1cN zDzl)>gdUt=RUPKZxaeKsUn~)sNYz@$4bfOGcm1-qR?SkOz{X;S7O|7f3MCutpTC2{ zU1qosFnut_JeQ&%wtvjUHZx002l9}vVm2MwU7z?_;qBa*@%9i*g;}ayJcvD}Kcn{? z#l&Y-1@*)#U*n#p1?bd)m0nES%=8WnWFBR0mugS+Mt?bIknQ|QvF%-nan|1Q^JS%y z+277|6ey;Shj(v#-n*3jY!>TokzkD5k9;rL-P@W7gKYxet@;>I3NrAsiYYbKjB9a} zT{^&bK5}wS;A_Ylz?XLizTpJl1{dJd`g35%XsILcSf+d6g>Hn|wwboN*D`IjN?XDq zkNAcY&h{)X-!7`N7E{m$5O?{3cM<=cC&d+?az8|*SbZJ8H6MmT?2k46NNLYxuIqwc zTt32U{1_kNWcDfIZ!EkM&#D=K*!)-gt*k5NGBrdrcs;WPB%<VtS3R7u*`A}Jr|#PcehnD@HTo=oJ*s6FB(NNt`H>1ZJq1t7VF7OzpHd`PSh z5Pu`T$7k)f&}t9w2wP~0`4JFiQCB>thnB|q6x&CM{YQp=nHp(^{(GIR#%dOg)fzHa zmY~A&GB~;H&>Ugd^Wbi zV*Lcec4}-*XFH9ZbQLuAw=Ys8<4a(u9h6l&`dld(XGK+GYML8G9V!xAv%TUaDC!g? z$__%5k&4P|6eS;`C_C$-6wlfyD*V%ZDsyGHtNTV6zJ1_$8-G=v4vY>V=Y?hPwX8Yo4-&?ww+~6YmWqy+S zVG+lPY}R9+>EfU;&;cyhL8QmBa+du$zP^GPM&uWaVyyZ5Wq1Pk#{HB??_pv0OkP(V zwk*COOkg6pcFZ|K`ko3N>O{|3ge+(=uqdLI-k;vwkaR=Rt?no|TsH!|qEvPLa0q0; zr%=_va)to&@yzP{CN*t^zD3P17n6B5YHyrvNY~ikX(~z*{G;vLqO{hu^O?g8_Zvmz zmecFw1ftJm_M|%+UWSt*zgwV-Qd!G+Zmi|s8Aw~S^|s3))n7J8YAZ{1(AH~M14|h_ zSjGaQj9^aFjd5k$8~a*iV_$C^3W0pL(Xg+4Ccb_B zy}uz{!@jmdNz%T~MR8Jh3EI95N*#hCL*3Q%xif37q3eFUV`^iVjo(8P@E*VsUL(9)4s~p&setV z*1opju#iRDuD%!z-@aaHETqd~?FGApc(J^HBHw?^c;7l`oW-g{&!y?dQZjO3A?W2ZA@#^!D#c{9~h>U&j`~Rv3xy{d3@XM+T75@6XZ&Fj1YpL*4pHO`; zii2Eb{;xM025lej#<;fU01#j;UgG+Rr=eiR`iUu7=JgZ5{!PwGepX(^RQ<1UCA@y( z6a3|wxgP)OopgdYeYY3(tx&G;u@^wl_q@BU26LV(yu2e6ILh8?N80q#XM^zaMR-{% zy-jXm3j#dDL>u|T$M7EF^A>nBC3a>q45dRyXgzyDo-yq+H|1eBjdg3ECvup_Vqe#s z50Ug=r;DVDVF=5GbnA0H!P5HX{u|Ls_TP8%D*CS&SHk_*AAfmf_Qk(Z{UP{|_RsSD zbNKz`?ulH-H(V6~m#(x8Wsxr;RyzoO4W^+l>4Cz`ln zk3JYb0zzhsx6l`2h1etYWM6Q7&BM)QZ>*Eo&>KNq3FBij{_@Pc75_%qx3Q>d$HBgJqOrDs>5n43T!xqBJHeb!mnG0OGOt~`Ekj<#aJEy|jOm6N0$jb^ z(8*?wc|gSCCHU%>>uof0%*U{e|6CIV}8DYQ8OHB;-e3T?b@JEE6p2|X=MIlm86Y|en(B;AYC;v?V^vUFu-+~=< z(%xH7)n&L;DXAL^`)PRe!tl@A6)OLH?lQBQqFg&Q)p8giNG&z?XZp&={M*p*`#EpF z8COUy{PRblhspcrqcHyNAXk}x?Sz&=+e_RS)M*?qA!qR=`}yl%Lt@pXPB>CCF)>JD z?A_RfyF+W|c4vLm7MJ6>8Q~V}h`^B;Igjj3IU*BST^QJ6_#p6$I1r;X#@o?$_Ox@L z_piL2B7@NsY~mnM?fs6Zy>ztI>@+o7O`pWNSy$m=7j{-VhC@U#OcD#zMao@7O+w{{ zn0smb4Uv{mq*JlgLV_aw58u{Ju#sQ-ra<9m=vyfg>wksWHQC`d9BzowXpa5Hm_TRR zC`#*j3W`Fv#GjSyEOulnH)u5H{lbB^{)|vfS9$_RI#uzKWOZ?Q1#W!s_d-j%-nXSh}_U zk&Z0i7EG_Kt?nNf(^Ex!DLg~WzZn7hX?4U76t!MNHK#E3ghjH7a7ix8>S>f^ z^<^L8?PGB}B@(<%n9Q&Z<@^tQaD(*7`NM)lF}0``yF=`3C;Q-JgJE>qwOT)I2copl zL$ojU35z4B+^kVmbthp>bQ5HrOmWwlB0sk8b;IXvhNpzjYc2?3Zg z--lD?3xZeS&##K=d@lbIdsFrq7-)I~mOo(5d|_Zeitz`&3hlsXsm*kGaf~dCihkyH z6Qc>a8Kv@&^2o!so9Yda6?U90y^}>IdDwP$j_;bM);AL&pb}PXX19DrBMWyu@Gkt( zE;U{D_;4uncn>t_&XrT}1NxOS^CfN#QnzM9m#uUWD*HWpcsE$A)m@faAMUbLK4K}u z-DP~Sne~gOI(-ojSHEbfUR|e$-PI$VPovu1t<^pk!z8v+#lsD(5C6^SVRyAg(a*nN z5#Ndi&h@y%`tbcu54)>JI-f=x*FJA)%*@&J?yU5s7J1~=!>0-#=}jl z51$<4;T_LeTKFf12%K8@hV|hMP7k|l;a}%zi0|WPEfT5Dbe71|)`#DU@$dxe!~cx& zaFO-lkxmb%Q+klc%4aO{*ot8bCk=VP`tXY}9=_K4@SQOp?k67}RTZX_K~9gSQzGds z8`2&;-y-en>pDyOBBMxMn+kEU*Mdv)kpg(FCGj3#uwPET{Ubw93IT8pXH5Q z|0rEgmeWBj&Qz6A-c_V4S{V4$v;>mDR5n6Pf510>U?Bhfy>J=_^n|~=ETe8|v!b9c zt0>q3>m=zwUY}LnxS-1qRn-mj>s(HJSYP^%XKF4+1i8L4tDs9w z=sR461hf&`_SPVND&Kot=~dx?&)ObYBaZOXrH*cw{!s^4+mFs+W$@kVGJb@AXfry8 zYRY%ki56aJK9&dN&{L$NstPJ<%JQ{M?PYkNylZCP%xjvtCMSyvZ&e7vwKzsl6sn6{ zj6Ya1ys&14KRCX`9~?f~b3At|pi+JADSuRmbgw_K6%m0_s0)K z{a%@lT8yeHYXD9Aa&L8(Kk%*Q8M?j3AE?$&?6wcP2Tx)9d{ei2rWRwy45KNg@{58G zF2!{QQ

      waE$jt2&Ds#3Tu(KXGNXT`jAxXYOKmAY34_)6ddC72Ro_ zj`Wrk)cL$1@R+!QazwBe*ipFb`+E6-FVCxN`D0O??*~?P>|0pAvVKvW{r=wDJ>@)2 zq$t?GxF|RvwP5BPk%CUZ2t;_`kS zr%@M

      SD_KTw=Yj8QkMbJTA_A8=Rusf1<9cJdRZYsk+AR@8i`!pZ^rx}xK4!b)v}Q19j1 zTJiHCZ)ZUhqd^m^puuAi{`-UTra(=LdVlXJpCj}YpsqH7y7AwkBEBchkk*-ELPHf-Q$_{9Pa~D&Ct1oMrUHC&MxM^ih6Gt*TolD zsN)e`wNc>hH{fmQDG=s9^fYx>;&pjp;Ijyv&DKW)B|ZvI+BKju^CRD~9l+RbkzeaG zJQ19&yvq&Fre7q>jHGtOPGM@79foC`LXpB0FSAcl4x~UKm*Du^qB`ID13M(jTK46M zT7gD=i-MPC7X^nR12vR8Hi+~S^@4cSNpZ3?_;JB{_21l+Up$T+-{cspvTf^x3 z{x=77(f-ob(IjR;k#RJ99S=`|24~>+ylnnaqW{sFe~iW-G#`9|Dp)LjV$fOqe8M|i z{Cr+KM|B*_zXM*cKQP9d<%gZmRy1$ez`)ObjvH@)_G^!|CTYvc6qYaR%ufkpTmvOr zD~!)-8qr?pJReWZn=S2f?+u<=r`FU6LrcPoEL^K@BV7r;#t{R4f|4!jz07l0U!91u zXpkX@X0(1FqijA<*|b?v?+>}oaG`MXstXmJupQFzgJ=6CkTI&m@o4Hsj^AuWU(u{e z&Oqbd0YvzM_y)wrvMF@QOA0RwMf!a}Wm8xrG1wm1fc+n-)<^)eRwzNXycp9&kgOLq zE$&?2?_YNiDo0W@vKhYCIIga8d~0<@8$D=yjaKiBeJE^}o?$&dOZA1K0L4d9t`&Mx za-teh)i;cJ7(?qY4gSD7?L^p2Kdf;eg#CGdML+gHxjyeabl#UjaOz?4oG3uN7Wsy={7e5HOaAvCsEIHCm*9mu$)8&&qSeEF z!6E4NVGvVr5EOw@!a=G$OHCUz91Xz;BRbz&>0uO?kOyAy2k%;n=L>_mt$DFmVX&lw z5Uc2wvFMc&{pmLu0}rZtIR3E^P=1EZl-uX zAJ3x$Aa-^@#GAqJo9Hq$=xDq(xKlg%MbYO@uNLD~^S#E$zui^N5$&?4pbO0XGVS`k zrg|-H6Ry{!&)JR`_1e8p7Cu@F-M>$78|~B3CqJ)28%tGLl$m4WUepUw4R1X8Eo%+m z{moRvzo}9ogYUM+sp0u3+>m+Zw$@VSK1fkQB|ho^5B~z$KL}vn%TPf=#o#EUm6zv$P5-*K64=S)BLvbC;znz>O>H z-jvr^sjMmcvTr?R%D$}9!|_|$F`n09I~Ga%F=b!t(neGE<(AfCQNfHA_`kWdF7M!* z%ka&NUhndoOT{q-NFEhO?l>#zIVpG>;$Yoys1cLj|;p z|3wbw6Ts_mgo1kNhi@WJ;17(1)bTR(jFz!7^9VoBHrPt}&(&i#QAxaBLQ@O<*G;I; z4?8ecyXY3O=_Hus%BIKrdVe^s4a-BJ8&QW6)?wou`pJBP^e^tAQ4~LH7fY<{-i+5r z`vN;TDeMICUEak-=%n~41y}z46!a;X5MO{eB6yM#?5wRhF@~{bg*%6^>xr<~vVShD zb^mlg|3L7fe}=S12X!_&$iw}466>X&$3sFdKTx|~()Pl25bg`R)3J+g9v`ENUi%v= z&>0nQ(M6(t+C=g3TJ@8h-`PHHUtuMy1G~QWp6tIfME`w1miQV?d_jvI@=g)z4RgNR zb5y>!V+64JLvaU`kof?tLC~*3|Bt%w4vebG{!bua1a%@sfq(^rqKgWO3SvnxU;+t2 zKt-?wR76BTB#L06gffiLEH)H(zhFhzRo8+D77zriAT|^gu)Z-C7FGmt&F}NMZQi^x znPHx=zdsb1_wIf7o^w8@-E;5lOU9L#R<+J9>ALaSvxzLqJS9pn7~lZ1u=WdNt%6if zX(Q`D?jqOt4iz<0R|;Da)WDVybzz|mw%{bbZ*_;`N0mOFEQ6G5RAK)e25T)pIRU#G z;@j3_eA$~_MRACNO4vd~y*EI95FV2qQNy8_#&{x1kgdISL!LK>#6a6eCnVrblKjDj zH{rbqw^Ay;7=J+6y7<$P0Ce)_%Ur>q!FNjjAW`JUA3#>|r@hpDfnTS70F zqU^^XLALhRCvCm?BLiB&s0p#D?Tr%wBb91#$eWPv<07Hfl~jCm;4(~{fFR+|AYRM zhAlgNFG#0zlkOCk@}RJeEV2ld^6*PO=p-NwY(ReKNiXK0;)^eK2@?Hpaw`peF?~ z@oWJ9p?ncIG4a00J!O(V!WRL9VKj)$F+k>cPt6(QEiFtJ>*Pc0Vz6+}q9|T-a9Q$q zbOQcLQWPP5HA!&8gRe0!5*+pMA|)%~9txZ2@FMR%2vj@pc8N+D%s4O7aPl%YC+S66 z1N$V+N$b{5;NY~{iqVok9=f#=$1?4S5{TIHWSCiyp<_$((rft3sM#^=v`P6h#XecF9EJd^Q4ZeaP!p=1GO zm@e&^2%lfFdO%)Zp+Fp-iPa1gy0pq>_n;`(2-gH5%&kgJE`)i(AV4%2HJjagyaWN) zLL6BEX&P2txo%t`{RLR7{>bn!j6)7^A382YHHV8o04x=Wo-~SIj@}C1D3iA;tHrpn z6_?kXt@~);-$w&{5C}bneLNiB$FLzIuU%Q#A`1(>gnw1*gSl@E2g(oNz)t$LDVmIB z6DS&CrG=RVtm#x?k{ydOUqc+oLBQbbv{v?(+=C?WA*KbLLat0*G29c-`7@b>8=dRT z^w2^k;SO|x7lES0?;vmf$Jx;-7Uo|PnYDv|aNs48*_%j`$m}ir!!85GRKAn&t6)Dh zFgP6NoqpYf8({L0--vj~ff53)5i{bWA#N{)LFixU|McQy`9N{LV&0gp-&Y!>r{ky?GTK5yvLUpIZcfR!s7U&+X83vZ$|{ zMPoEfg?*Gh5uidA0sV0-Dmak#aYLs>p)3Z;ie#bf1sL95P|AYbL*K%dgL)5c%cT zak#HwD6~FJwY0Xk<}JmKCHOZzt~hNlo6Z|tF)2YHJzTL#;w9r%L)1E)TGI6=W`SOk zeh|E{;S@C}_0_@^!+H{3v5yV_(a)JdeyTUg*AlF>4Hq8SyG4|#k!;5#G;&dps;sV} zxZpi&PEWEx4w@QaJUI-*Lwy8u z{K1mx9F-6-;fvt~k^NT=*+A`!LCm&L(i)4wPy#U$;fwXv1>1r?D)(>fxieRuC~+j2 zA8zg~aSrB3Gh_CByNCYJ5LS7Ez{s9hBk92|jmvsF? z@^>B{2rWXvmi$Gk0sLhyV*7sJ?={mTf5n@$&q||^xiJ1zA};=NG22>H$O%h}Uli%p z9*Yo%6;<7U5}JJM&)ylD(wNf|5>u6RFqxlU(sh}HcX>@`nh>F#h7;)JC}zNjF2jg~ z{n=1y(<1p|PpnAtK}T>VXc*HbU~dO87P@glCTQs$>ZG+$C-_7rK7sW!)xT;WdXo~w z>BeiRHD__6{9S6PzGDB4)>AFx^wfimIRV^1i2k`9=Ty6@dXtivd1}HHyY5XBh*5Nf z%BV~G^Afo}^#`zr(GdJYkcAMdI=i;0>#ET7+wnZKa6qVb(r+Cq&RSU*s=cYG>XJ;1 zuL$zd255&UXbl@}gkfJc6=V;S^(zY-*WyH2zQHNvLkSjvLzmQ3@lmWj)~7N+*T>jC z&$P$Juf~7e_@&9aU-+6qmsyv^y9$m23 z-)UW^?KS(N(g2k*rQsDQTRcYBhZIl#?`@F&(2SQ~#HXQW^^&-#U4j?Jvbz%0Wy$sL z`}3@9j_uC8a=5b$xA$_6i7jp|YcIkt5Wjqp-|lasMJVs!oax(o1^zILjFK@OCdkiQ;NzcJ4g zs;IetsOJvu>!B5g->JC?GrtlukA|l2SYc*z3mZQn!ljX;$igXYF%cFRZi1keM$SiJT`Q0|yX5HaDBhy9;n$5t z%WBUoIsChls?)lGDJ4g5F75h#X!>W%Gf`wU;OdOxWnX6X4wp1Nj5A@AvhZb1+m}`i zZGjzUQ%^tWVwPZ_GV{i!Eou%1g;1PX8b&qG4r^p5sDtpDQr6ntDaOFk88M%({kz<9 zfTlhLd5Apu@U9GOAyMf8F{3G!$s5DoQ3mvjl;{t&1PQMdr2@JVR; zJFiJmxCy^N6gFPl(RlV+6fSR|{hJLp(Z820Qz1B{9Q0qi9~H;_c`~?zV!`Ji^|`ej zN>6E)vKnma z7JtSQi!NRqk-{H~0!gjsmTBCUhTnp~%I$?he?5Y#$CAh-%4v^CFDjkJLg`?EwJfq< z0Py7m#L=@9ZZ>R z*gM>MpPDAc;T`Bl*tdx&yn&Nd9PV0BiIVT;mtL=ETaZsv!W$403FL`VAkna`Xo&2a zYV^KlZ%O1z3`kieMQ5^F>Pux&j2@L1h`6)!DSGD4TDgrk(yTGfPkU&HlFUyyWK@(? zHE8zp35d@pd?SR44~rt_v?z*Pb68R2hV~_qf{rB-6n3%ZL{?yRS{j}DQYKh7f~Ja= z2R7y}EW&R>g$(5*3{*yRZR8v~Fi#M4Kqx5Z$+^q%Yx|((P0vqi z%;NAitt>T3;)Zl#8*B{N5UL!60*Io?zghKRs&6aBKjglN@#9f965X*lZX#+s1u7X! zBIPKaeOt_|>vy3k4cIVTJ|0$qrHU}nS$RdZZ{jtSKK=k(-Ksder6l}QY4|H4n*PO%8Tyh-`x0z_zSyE3Y7uGwl`W+zRXdP|a4)jo@P~3aH}GXS$ueH$v~~xP{u~ z)p6%Hjpp<3$E(<04?#E~b;&jJlUU|K@<0kmbkug}4K+_7%`wjg_>!QHH4&fFU!p0Y z3QujaJLP0K6LbF3!?lN~{&UrI+E%OGrrX=OSoGVKky|jvLmv!z0si8oHfSWB`;^- zGjRm`azicm2PL9kpQ>h!(xu-LFZvDpFX*?qA`r>Ad|MLqJE({NKMFSYXpcyD*z*1AgJorrtQK2Q)h-TJeebCg zcwFbQ(2P4C$mB20YvnI%p?^X%ZpM%DY}Il2TWHoO{NHM)xaQFRzky)ij}3%vqY(7R zChg5OjL+%@&S}}?#gVCNjx2mBPID~yn5>chqtPGw8~Q{q>R<4OC*ykaM-SNs0HuGk zpno%n0379KZTQMV@{Zg|`M)L*Lbm(4ZbDkWe48#6U-`*F#i1V={jn1ED@MOwkZ;^K zCg|51`nNvl2j9~v-!A%T8xUv2nzd5L9$6=NDdNw61tABH351ZJ{g?zHpZF$SLRR22 zapKtWLv%?qwjz#<{XjOfPcI_Q*$yH$9UTY} z?-7Px^IDHhk5y^oE51&bh#m2nI3j-Vz93@76){2c`S|w$q!!lQQz*~cjBz1iUYoeX zT?;UCe&{0{f*6P7gS- zv^Wyq9a=NkhhQRWubHlyo!EdO#)=s(TM#;u5#NuYN~W|5rcM};5t{xWaDnX14TygI<4JOFn zT#*uxp8f8BtQ;SU!*kYJieJ8rkLH7nj1(9jIs7Mo`0w zvitL!^c|vIq?5#!wn+1am#fW-OOacG>c9PVia2-jiKNNY<@FioiG-cJ`L9x>Hfyki zCI9xS60Fa+(EeR1kMH~M#G4qncQA8P+4a<2ruX13#D>Ggw7AhA{RB?PdkELV&YMvI zvlREUIjYx&L)_&(gyJ0}p4KCY$<*i$zJ|4x!|*;2)SF1=N~`wDQalSSJTrghjd^G1 zZ(oIg`7T^^yxe*}3kg$DkY`9#;)~56xKz+k%SBP-<}M{w`T3+WlXfJg+(5VknM^E$ z7SyieG$=#ysjGvKxh}$Ww&Al7yb$RfL|&?oGWQs9Bxq@9*AUP^QxhWI6fIn?OGsO z%dKpP2roBLmXh=k>s^>9c}B%8c!=+kr_uSspeNQ9)-|66fuxi1sW?sX>09WQ?o&Ig zZ)(wZSShK!gSArfer92-%0ZLjsW(AzE6>GW9jjHnS7mhrbMW&}Y=S-w787Tp+{EJw zj*v#=Gz^bFVU^{yBhXJaa-2dTa1o9hOoYuV(l+lan+SgX1Mz>kmtoNfeVufXz9elP zd-7h88!Ro`ge=tPBKSEJ!B1)AT#Tz(x0>r<--f`xeWzBwZ^I*-G6@3Q2F;rcx7 zTWe|G#Jb=J7`Jn=!1o@O>7w1ggjG8M`HJ)v@vp)*)*-2@5WA=Usax@>xMa4-uZJp& zrHI6@311E(=XHy7Dk6EUhgFwO`?}(6>tx%2cF&sQjOf@gm6I~YHB;xO@U+UTjByRB zOC#L54qQVxu)*&ovE98Go1eI1Ah*8b0(v}Tg}K}UUnzc%JF2miOycpJBWK54R+Dx- z{(FeY<3j^+SdYVmm>+bycrQM!OP){QQfS(GU>p#sM~DoLEt#vTixZ=m z`;$YGhX@v^h!VY!5=)&ATb0$gZQE*;1z`RTJYvW+z$-0$tRRJtx$vmh=dm`w0=Xb_ zJSaqGf0xW`(K3^d^;j)4{5#iN`H(VGB>r8Q$KT^*=3a7;GE-LVAv3$a!&I&-4@72u zLri6T&v08gbh{@o&!U?+6LkLToB>SGrxXF0a$5Huks^C!=${DDwpF{>@rgbp_O-E& z#Y=ICJ~*o5+L*<$R`+mmtY{1t$gnt88(nrk(s|oINO#V!3gcae-n>2S&kV$8gskcO zoRqatWsNYPwm7lFUqak}$ra0TBb}KU6=zucs!>RfMX$3u&EP{~y&E7?=TE5cm30ZR z1yHX4VVNPe{<)lV#F-X!B70-~Q|7r)!`P@22U&Qfxe{|%`zvl1+omc*;);vor`eVn z5964nHO=T|sBOm8*}y8k(w&F8Ed?=0W8oei$SS(Mh_+G6VxsL!zvc=W{ND?`RGK%n z>3r}LtP*5r_QlE;wG(UVi-S+Fkoku=hG!M~pNKT0h7{Juu#S!V0{Z9$n!C7XUHzIz zwsjFM<24v*3&oXxH7vzMql31UQ z*FI^;=M+TnLCI$UOa$dKBYF8;zFEp=w?V1NCqI!`K4nn~<4k!b6!bRYO`Ngbu~${r z(Olp?Dg2f-^;J$^s*2FU-X~4knP1d$-7CUCzyEE~;U5)M^%3ir%PLUL)E~7P`Ybke zHXI{;^jmYYJ+sDN7;TC#BX(qMmNgKXzzGpf!y6*KFfg4=G@jXAn*foV3k*c$xJx7b z>s)U^;z@ZbF%KpBSAbTaql)bILhrScoG^2;Zry)L8 zXC>F}#q^VHl8+&)b%;>piBwZ)}qx3ctJ^jAd^IHqYoJtR_%EmudmE`FC_Q zMrubx22OTIm8*jjp0h9n1Cgs1#rUzuRrpXt z3CL`BQ9n9&Rd5p>v__(2rbfvy+Rr-h@#%Un{oHd>!w0{R7#}e$ZtYNtfKd<1BZLdi z4pjNdwzEPxC}43$QdYrY4-xIa(LUPOh-ezRT*~K>@D>bLvXFsIPCmb8$R3Omk3IS8F+@kCxh=d3e?TfOfeFT2L z&?hzNWKZ6UvLZ(0y*9{{b}S9AFRN;j(e{nXTkvp<6B7ixEtyU z2i=t9T_^&58Clj^dDKtgHR6mL`NWi_S~Fjef-BY^Q8jA3D_qVX$M!pYtdXLJt+IQjYes>oMgg{^%&BP=@Y@@hupyC$t8!M^t(%v_( z1;ck1B`=qvq$XAEEzm~o{RVKfx}x!feW|{qYakG;Ry}Z)aX9$ejROz=I`8GcKoI>3E`otTjOOMnrz%L}NisvY#+x=^HpvsTW3N7r6Y7)mng*8QaDRDb=-gz5? zEy7>}NOivrxWq~3cW%kV`m}5PB@DkmAiE6x+!LcP!a3^ky(pXx_u~PP7zjo`4?*6( z4*k3U0^#zmzjzbuzTm9XWRpFm!oC;%l@+T<&s+ z8(<*9Kd~m}rzYL}NV1xj@|UZ$m0kI=50%^~iwwxl?i~>d7~ARMy<{Q3PsD`V1d2UZ zfsV`0G?JZ;quc|Q-f%AY1V??5hX_VJy#{O>8UFquKN&vo&tC&~=QnbpT!IqRPmxpw zsg0W)pWoo-W0wZL@O5zdKLi)3FVoDf?pv3E8>!SrR@iqImmo4M|?QR%<0M78MfKi;de(QFI zUA}NW){iDW6&xE+#UPBV4*kEqD63Kr!~Stq2=2rg)*Vj3>Dhjj0FI40f3fBxzfiO<2O82L_8KVuw5@%tqv-j2QtT*e7}()u|J zk0>CE%=i!EFfu>t{=F#k&iL;iflV_y1gR(L=e`ifB=z%GFDd??l$ylz6RGIuT?*HB z{med8asvKwCjDcs|9Seyxe#7a-TUQb9@V{VFbiu=XCuPtILfWz7f6ZKt0zi7(P>Vh ze)J9aLcz)JbU@w6@00iLQTcT&4mt#QGmK_H^Nh|z;#_KMsjtV&1am&>)76&EBFKzO zXCJZ{?7#Pf)FhZa?S{^F=<0teUCjeIsiU8c*U`0BJ*qLOqxp~H7a#)9AD^0x^9zZzH1_!8P`W$w7NP#r z7W1vLN|f@Vy5{bNg2=h%9DzPnS*>s~1tpp7L?t!8Q<{n0!&y!FGnb_qDGo>Vs3Dr` zD4u754EKf^X9ds{ktYZwOp6xai$=n(ymOCASo|X0aHHk0Yih8l&!K+`|M$V*=y+cyY>Z}6#;5kTH*|Dif8T(HpWpR?VRcQ=1!rg1*j?%T^7~vpRge(U|T4Cd5 zN8DZ}j#k6PzfEfz>(`30LtX8g*JTgb4au#KW#JA-_(`8?ZCIh4*ZJa zG!MA+Okw2t7PMos(q7l*tD5`^Vm0~F(or0|YV%P)s`P?X$o-&@d9aJ@9|vsZU~EDW z<8!6q{cu)8ycX6Xp$X`ThqhQ&0KY~Mh1kvMSxdp>#HHpXsI0SOesIIzgOi*4pdt)P zUb~GQdpQDoEKh9DPi*^JaPxcyJ_Thd$M^wt>gUc+0TfRim70EL|9(ht?v=9oDFvV{ ze~(BHWBJvwU~n2JYwWfp^UdDjX1H2CUfi^p!SPjFLh%AmW{AE5b8f_kGWHELf`<~m z#JmIl550edKFWF7xT z>VUtu$M5KQ=*e{D#Y?#JWH`ECk&{u;phu^#YbNpts21XNRkIJvd$ttGDbuLft2v}n^ zp@I}3<&B)f*&}<p_$)F+VTxlD$8#9*n!jX9fZLmNmJ1fmTy#QhOhbUFnkx%#;w-M zU<(l}E=R{L72@xJpfY?r#J_Q*83E*B_^gM)8xemB{2bBS13&d15crwc%HSs*<5zo+ z3ohdOF3g-^y@9zp9a6hqk^1JLB+n0-&JTOrzgzYqX8i4+2-~&RO>6g%w14m>%=}&U zZvn*AZU5%c{ zv|@^WsRqm@f&qCj854Df6|KzUZ?rUgi5{b+fFs`Z0?tSZC*8${MKR2ny2E$>4$2iD zY!DNu#d!&NcTfOXCawH-Z+-Pj5x55;VW9t!7?laW`rNojA?3&kIM!DuM*`C$(fm84 z{n>#%E#N^a_Gj_^kcpF;r-mkeCu#e$o+?9D5;xc7-G%rn@oz0@CZ(}0Q%w|oeTWY~ z;k~zg!35Etv=8?3sGjzQg>gMQuxjHR^u=Tss89`++F zG5|rzcTbGN$oHrlC{lZA<-sA|56lcsyoXc^Vw*$)_NNu-{b{S@@t0d5F0Q49FYX1y zFKCjQY_q4tvYq&Bh$86i)rdL36>-wfz1NcvQq}sN^urS(4wvWrc&{l$pP?a9c~8IP z1nX+*6i3niCv!lA0S79WsgeZ_P$Morr)m{*ypBHZVjnrW57)sG*YWYcb3E*dGl87c zdc{~M42dm~KTWYd=V*~P2nt`{R@v}%z;!WJ?t$Wk_>_bLU)`s1EP+fjnu$p=d|3q1 z7v@8SEs5%X?^gA{2c(8Bej+itOdX^+-)%0{h(j9p!MCj`_%I81U50~S@HQMFvd_`i zlDp8?$+|C>WZ%!n2dl?vnvA&srxa`LAc_3FSdmMi{;YUvV2p=<)DVL*_T#u~*|nGb z;33$1_I$XZB4rSad>=kbh3Co3_k(vx`Oe)hHTizJ4*8~6&rB4PTw+BS$t|uSJI{x^ z^cu3l-)d|vs_LcAhf{U~Q3Cr#8__>Z1^bUK^RXN9rRPK=>m(`@i40R8KYups<8vGP zz>E|1hS`F#qBFODR)!v}Hyf!A-Tv9}eEzt44zR_-lie{R;``Afp+DmMw68%AkHnZm zyM8T#?_i|w!5KD)y)`<<*FA1RJoZoTx|!n%W}=H>d1*$*8i9c4{uHuhw__8n~I`oc=#Ugm6m_whc{TibFVjFJC!WC!E#b+U3 z)1bP@4spq;5^q&668iWuJt=sE#=uo;wp-c z8VUAu8vD(H47^h>H6*a7M0y@qO5;qX(~d@!s5m8Ne{m*L?HTG!CZ7M&>_mAi(=lg? zAJ>Lv)Wa|0L>T0sLeu_p0#Akc3IE?3!l^Lr#n@vph}DV;#G&A)hcTB-%tZr59Ft_4 z8mw@Ajr!2h{A@OVEz=Jz?fLjY^*CMoa3p{p2aT`2q2cs@M5G%GEFOf5VM2_zhV4aI zc;UZ-;|XS>i(yp#?ZaUj6>;a^%>b`osNI#%02cgTfTcw| zSZb{w$GfHdg6Wvz2Y+mg2a9QHz+$bX#&kfXH5=cf8@s~u|4zf>@#=Ash9!mLmk=L+ zJ8`%0^N@(7gAuDsF$9C3$fcCm{~iBo34^_W@G}94eZ~*-P<03#+3ZV#%CX<3LIf&) z-=OEHKAx%`r)wV?!Y|kj`>p)a;uenL@Lh40xUOQLS!Ox(Hw5&|Ws`M#}Eo3@1UaNBg&aLg8YPqvrFU?h5m{)*%aI6Q0vR6^8 zSA`N^Y!SAe!dVPVuglb{x}_t$l7>jP2J<-#>oT;~h%n_Fp_@R8S-(iIrKk9#2LQ~w zDgQ)saPklTAtwKW*!3Qh|AgynGJX$6{O2P{Xjl9m=c}%VV7avaArryyd$(;&n% zM>WoQND>}B(3!RqJxSCC+AMd+Xnc_`X1Ok<;ak|CIaz5#5_9rsygjM7f7eeKKwBb48P&W)a0B! zrEectut58;K-q`YPW$jB)qo>f=)>{8@q-44JUvD90P|paFo6T(gIyP*8{*;RHf}up zaV_Vs`*Y!8BOeb^kCO@@u*j!KqwN*kHEuM)rgB}nq%LE42iYnQ^?!*0jojZlcL+r` z7%>@yPZ}&tIfotZF})w}D_xCQPJodU`voC_Jh2QpugpBy$^>VFHV#^m+? zHDLUZ?>8n*dFp?DA$k1|C8z7>aHc?CoGI`cwoWu6tJzV_xxBz$7kY?DLitJsk)n?J zt)i-|1HsUNovr7}$W0v@$Pz%^e^K}~#s?xi!6rnHeTR1=Zmel3R;WKxPL+~hYa%*! z0b}JD(5E139Hn%2PP`7B`{F>hXD{I(r0SsAjRhz_D#4%g zRC!Yl^ro$>X;5eD-4ZF~&aHcV)4p|2^rYM;t#(UrttERd4!^FWWm#Vxs=QCwBHSK_ zqE>s1Li;h8{**K{d>q4+2t71P&gHCm`B#hjr*9QX>Qdr@WL|sHc@ZJZM``%? z=)Le6e6a#j%1~kWU{Wa%!NL9qe9~a0PjB|@Wi$4G|0Hb&4Fv?IJa)glv>Vro&_9q# zM^8ZVgfYVcNV45#Bv?gw?kXVV_^&r6O?X-i_Mf!HSO;~WrB7H4iJzF+U~e_&$IM17 zAw~0{%?95xW`pO)7L%n(8ID%25+<}CjPSAM5HHgq#%FEl}j{`#~fups+Il7cG-{HdP-q;+7G^Iw;!S>5BtHM6WEUh9`+-b zdPxN;{`TYfv+&+$Lu(GfJ&6rn)$xaZa+j%9`=JhC$JyY9`<8He<^o-29(rup~UJ+1WMa+klr5KZU|S$ z3$Z9N_mcqaM@#4sU#uAWVTp)35W%UAK60K7EAO5`VtCn)y&ivTE0ugI$4+}K3cGo# zL-ZLKVA_uyNOF?)qw^&|%2OY2Ov!$*|D^3lKcx=*?FYM~{fM_4+MX!;!I$jzW7lb< zTQc@z+@NX{8aBj#`(NBt7U&ME4$b&|A6cI}Oa6xX-0$&AtUmWM{3|r;BmCb59onzC zP`@R`f5cwNtg*LY=c#wdfc zLmXewt7CChAr6(LhXwz?tHg)XVj_DNT0=>(aq)Kd0|FTp+?pyQjt zCzEdR#av|ZYJu6hr{T=Yv|C*92l`E(fN4?My7bIZ=e> zfq){q71?luiB>21Vd78r*#vzPG&i3MKJR=dHB_*t zWGs!CzcM#sePuXAmg_6!LUixX+u|}e*3~CUX?I#1zG}BNqAL$;!>(=CMx6f{s=QO# zo4yWvL;q`+NXgxq$7i91C%8~z{pMjgdJX{Hmc1RI$6B$w|gH1NwpEYu-!^DeOOK`!QCj z1AqI$?&{2s@g=+c$n7W*CG3Sl3|YK1N&B(ublQ)SNKe!tx@`#7Z(yHX`LQF<0k!78 z5s3Y02gkvI3@X)21Sn$mW19%ggOQJCpc4!xK0R)aV#1?7(Pw=nGr$=yh4oErKUPz& zoc804GVuAuRjHwZJ?)nL7^v(=Uu8cmxBWQwSSjsJ`@vW3_Cs{#VL#Zl+kWWv`En2Y zu|%ZgAa{6H66p?N|{K>vn-RmpwpUR;HGU@1SSYXEbXV)(uKC@c}JJNu(EW;$cPB(i3syuwFVFR6Av9fHvfLID8JI zP`f&+$16ot9SBIGXW@$mB3HE|>Gx6ylHh)kJ34b*!A!Ux)*NU*IzoDrv>zYz0H4cV z*_iYgXg}D0()MGkQULz;gWcKV51oXH%U|&&yZxAZ1nIW>_G2Q9Lk;fY^NT;`(&J-& z{kuP9WN0g5b{zh#5M*odav&z;e&Eyr4A1*Tt~?@{b)}abJ~w*x`WlnF4>q8LfBKP_M?lkA03tbSnswUj~qrm$(N6&ewb^J}^tPf`UVH@_hlVX)HnP%!0KdC5rUGn1Pf0Y6*$9fHTY9;cfD2EhTN4ulFNKacV8^;RbzV`6O`Q} zG87jDVt)+qQC4*$&x^p7tT;EK<`{Rj_lXWt9BBn{`vd zm6f9jN|as3UH518iR*oYxQNrCOs_jaIzW`Fp9es7N?TdQ@6shU7GhJHiV+_07Naz96_ zu7Jc{|B{eMraFx(m)}X+)^t(Y&O|N{byHN#o@)Bjo-Cz2Ls+wg(BGPufj?E!i!T+a zMRzND5a}kL6Nl`UI#0F}EAFDJY1_wPU4-^!5bVoC%D!}HT~OI0qj$J-YcKOsDiR9@ z7cc;_o!h*8rB#5ZdC7qn;UV=N{?!H%PX{CS_W{*L?q6%}C--|Sm*wSO)#L>x^}@e; z1SVVB094(J6I zJhikOgH1~dR}J^`nNLdaiV#K}H)P)?dHwN_s;!T1OnSP)MMM9I3>H08c@^zOgdp~9 z?bZyXt9Ga>1lMZhWDpe!gh*wHD+Ku)uMp%*L{PRuka*YY3c<&~H*sbHW7vgBVW%T zeQyx;Y4#pPR0{Q90nT_Sta}`I9ro$NeWVlyXrHX)?bFBYAyxh6Z%oNPvH#t)Pv5oT zY;h2hvQJNIil+EezY^J}XGNSG%#6pvy3;_2Jy)C6Le@cb6`MoUqd_cXmuI z_+6E2DWlG;-0ZgC^8RzBkR_XkW>1NX2p3>%S-A>k;WjZw!=LLJ%K=3TfTs9k#AalW z7Vh!@zNsTk=Hx_AE*i<6ZP6ZF?@;AOsyyInXGX3S6`P}KZ2IA#Mdp19C?q#H!j>9% z4zz8r{X_R*>{EC2LHysVdvVk^x0TQ5s^=Z*V!l}GL|A2FDor8V`7tdI_C(hu;DK#} zj3t8UK+uK#|5yz$@Ot+T&|z=ED{=kJw*7;{*E6vGv|n=|{Yl!d&WA#xp1LPBbg}=W z?N>i25G|gb=Z~>BdH&d1g*<7$aJ`T~pggvcZ`tkFuHVU0q!-x6+kUY*Y8c|}*F2m3 zI^_^d{+YYw*qG;X9W83wO>~w8gv!8En>41RkJjYO@5)NC&C== z;q=DA30n_*(E#k~U3(E=3GLS%A`TBksYLt1{3o(s)s#`E{aTj`E|=b!8p7C9s`hKO zvR_LTisrcN*Q%WoGtM<7zG=5#q9+gg#h(4_*Bqz)8brnBuwN@%fffaKXv-t*7h7uJ zIqcU*zX`PQ7E@!trl1eluU)fsFAn=PR6gIJo(E#TF2G`ghj-|(U+qQ4ArMi+`DaM4 z8+aYCV=uxhvHdzxWEcXObaX2m0NSsCkp3j?*SHptsGqA-Ll^r`+J4Pe3dBD@$nN6z z=PVKstjwzhuvDo6UxNLLoqx7nVo|)Ru%_);QCO^Bv2_uu6^1Jq9nRINnKt`%{lS?0 z*4sIG`9Rno&oj}i-o(BGj;FBwGidK?x1LA1=CWHEY&KCfOVe)EBJb@$R!E<3TpsTp zzL5om0!k$l1Jn_Tpgwy#K5X#yRtDrkI!{7-C?oVm8|cD-3nDc%mrjA z?b5V-4WM5fmXFw! zKBcYx^}nQgFw#03Nqhs&#Xs&Pa2osWgU`((vJYm)^WZZ`izll9-RJA<@Y<7f$N}K< zz0*^}CVNW8=85?Oist@;IRF$BkJSVgfH)p#h)+Bo@PmY&)9~?4yWtZ(c^E$SY%_eQ zpAxyp191m4wbyWm?PGn_+*s<+B;5DeA7q&_O~D2Sz9AiqruuZnjMo%adB6FLf4(5` zdW`%Pc%6%1V&^MX;a{OyGw^>G`uP2BTimdnu^+x)Pk-MD>MQy5>qM)<37^DV-&@C{<2B9s!-)jgJ_pABfvp{4Kg2877=1U2j1ni_}KPNN-yMLLI8b0<~&oBf;#uqpe=myG=^wj_x8+{b>3t`PBEtz`R1TFoMx)tt7k zKA(5jWX@bZ6(-Z`s5tAFnDI0Bixi*_*f+G7VV}Ie$9^pd@wWu-tK0sesWn-(OxONF z!FYhnW&cE+9E`NhM)KC6Yw@>x4PAvOqK2vW!PjO64gu+tdGH<*+rRM?QD@9|$Ufln zy|<)>E%vlq_HPmZLHjqJzyOejEBhBKhqw0sMqOu0GS#(f%sEK_b)z#)&=((Cj&oUi3!zg9Is`|hT_qxZ-7G*3MZ#C|=1th@)r z9QNxP5mg6+u#WhmLD;~r{1Eo1@32aQugP13!&g3RKke62$bO3UYjJ(B`=lFF!x+Dl zwEbF7MS=iNT;OIiP@+U$fuvBEx#-Ir_=TEo%6{=5#(sr2lWs|!2;p&6+*ODkYcAC1 zL8$w$imGsFb*DGr09rNQaj?P);o9mgjd2A1j+aOrT|$}g+UkFzwaZ!!tOp9eKS4Q! zx@ckdiW<*{I;a~;M-ub_sqSxnwLxkBP3-u8u|DKPkrfC=du)ZRm)6R=K4cNa(P^v3 zW`N5-j!z9o>?s*rrNT6E{?Hg@riLpsRqi%Z!@iIZahfTn+7crP}V(^;iY#POQ=iC?p|#@kxrZRU%~;tlI>-Pqn?!M^*W zO@=k}`T!%aO-Rhw4ZEjAcpQujj=~p>1-tt*@^df1t~!B#xU7bQ3TC#GVEbvm4g(%i zv|qpd4rW(Wq=q|wCu#fDLa7$d_=`Qs_-i1+g=)ugg-ceCDEq~iV86tooAt)0q?>wA zfsf3U)h1%aO>{MFyVq5x|3LIsQ=ueYti-hkzH}wzkGnvO;p0e*=koYKgjU+xInR?2 z`4!@a_4v;|f-yRP^mlgG65YvUsPpkHeEi$Bff%-%p+y`BsACUxlN-Zu>U#4anoV#@?q6+&qI7ZOFa)FGNb(e zV)aF z%c$rlT(mz*!ta-azq9u7)J2KEkJu{yD5BEHgluvC%oSOs;hkkwryYTFm3l<_bu7*N zzAW7Ah|=&otkoU{^f~N;r+l6$g8X3Qb1M?wMm}4;|NoDC9`|K%^7$joEacNJm#C7L za(OAGHV0BAtb|=YM{a|Bes@)B^2weO$!CwqgpMWQPs*xVAJ3z{4(E|UYoTfjD(ja; zI^ee-E1F`Q(nrY87$*;yxH?W|`z!rLC(e1IknLazcI$Pp1PcR&wQ-6uJvj@FioVR?~vYjN(YMrrfPEhr2Svf5;UkpvYPQO`?kp3nG0xat9b+Dz55$ zplcnR}a@{Lfz{@Cl|J$O&w-#0Pf|Xl_&7|<7vT4FGvlik{WPm{Y zn(MR%;uHSDtqStZ=fs=VqrkG0I2?vIaqi`i9QOH}E!sX0zA_N{Y($pcgRg5b@i@Nz z00cUR&X;;sb#CP1EB)^c?~=7sm)E1EKj>A=5|P45?acV+4&PWiY*k_XKW<8MouiGI zfft8Ya}sh(7C8LuU1fL7tXBf;@L#9te3_KrTGE z`m__q?L0=!m%O?90*Gla+(e7*kRPa@H(X}qR=Z}qm-)R2n#Ef~FNnkMF>fa3tk%#; z;x`wmM5lc7gWml6=UX259asYfzJIBqLlXG?M$kVU{2m9rf`lZJ`58@&?4|rAwJI46i{=Xd$22m({IRgTxl@~J4s ze~cb~vVjgpP;L7P88;q#Bt&i=KB;U@Wjpu=C27? zr^P!G!?)&_n~~SRC$u?_tH9gzCX<87crc~Nfewr>S7a;W@xj*=Teb>(@S4q8_v;GD zduGdut3~n`R9sENFS0^%BK{VdRe}GzWX4)6Sn0r2?sp)?-IoM{saC+c2d1`yh5LYo ztnaL77>cX{qA;W8i{^?My%w6W6(GYeZN8PitPjoDgkR*0KEmHZv(}0?4y??}caYHf zbiH6dn(K#l39vT2fya(HAN4Kf{J_O(&dKAD3z+c&X2W3{2#tsQa`Ktv-<$Vo{&kYG zZN5YP0{$IpX4_oMHl$}e$%*10n3)T&5wn#K<7WHgY8zUOgLld|nC~+e8F5cfwmU@t1dU>?NzQU|F4-N#hmm??d0oop+g~!AG^{B+&^$1v5ICErPp`CWt5GEGGYeEah z@j)CbhDkS*{;fU#`qY;g_Az?c$>PpMlNjibUws7p^Pql_Q+S^Jz)gL=l#u$6kGXc= zGiLub8~ZoN$X0q{^f{320W0t!vq$C9aTgcPEX?a}XMo7BS{s-?lU%@4I~UY*FOTs^ z4Bwi6ff>2e{(-aUO(qAE@!-l~4ouMgiS%E*{o`wjFJ+Mdnc2M~o#`T$hSxf0i2CK% zsqq{NzUL;)Z`r^=@X-UX^}t7IWOR0E%=>%p3VPQXlg&kY#91jb~;aR+0v z$r!3E7h|jjn2PZljU9UG3*sM>2_)h21Q6{3n9@iA7_)Ebw58)ll%Q+^<^)W+HE#@< z6UUVKNcxdbU<#ix2;;l)B4%}4j<=jv<=f9Oks;@qi8$~x1ME%@KWl*s4<=>1@v}iB z4CC>`*X;Pgq4SwJF%XqfO~gswL4sXU^kVr>OcMFea|1z9ElA>rA}$DBf%9V|n4T2; zdMR(F0@DKV?}zfTodUWUmQnFfybJz`caim!@5W8>MDo!Au0uZq8}A$73oh>!7f*0; zDJ2(k^k7;S=fK-@;0{NCFQvq?OJDOsSm_4LXmx)hm}yBN{j+FKr~zM;T?wuUq)i~g z$_2+N^Ck(7VY8fb;>Xi1kcboSf@9)ca7?}%$Fa%F@U|0qBR|Cizw2iv=s@27Ktoz{ zj-Cgt;K9TU2lA{-MS?FLcYMjt#2Dlpc$*I9>HTw9u%0l@<9xX(pR^I@ADj~i{%!$b z{P3rM_o!goOL>zN@aEy)aSC$`T?xrP@ebH0--%<}<769`;g?jRy#sOoTo3lO*Ha3> z1B^ZbFnRE+qf_>t6=}P8e(|NG`1R3JHK#wOl2cBh{P<(cs$X9tl<7&}2SAB0;)u42 zxERK22}!IONdOKMoGZ-3ZSJuc$9jVSZ!F0-E1{ zh#dO>TX29%AC}-0F{BA`VS_w!%w&T~kr-;$5{?I!&U)8xR=;<+S!0@PS)wA(D>L%s zTttjca(?q61j>K%H}`XXvt!-gRFmrw>A^f$3*^CyB26&W`pHlAE}+yC>0HMhcNzWD zMGb+>Nb`*1OYujelCV|#UJ=CV9Q$g6Trkw@{i&UF&HD$UKtFm{)u`Ym7lwUTB%3pK zHzE*!AB}DGm;?7(J;t>J`nDdob>?+ExWVV`=tQajo8ZyDS#wv~znn<;8t<;~)yH?q z5uIZ$&HS8qkQ7h71%)7TEqxsK#jGYPi zhoRZxG&H?zgV75fdK z3RF5QKrKgM=)jlqo)+iW_QM(McdEbNDjw1hEE3OfP$>TNJSDmvjI_uP2upq5O&FZO(o$P z>$`n_gFGRO5M>owSp0OLca%^PLFX(E;|L1E%d{%&QTc|P4W@$pSoB*W%?5g_5qv|* zvl3Wpbb(9s(1k9WEsAv|^w(f*x))50G0{{!p1uZ_d(qi}u<$gD)B^yUoB$}M1E|ob z0l=5&X&EuM0U$FO05n?y01T$A&(v%mL)NNmJmlYR6%Pr3@#0x!9)I@)z(W8O=_lmB zazc!B=KQgG?@Iaa83^%e5q{Po|MemMlz zlQfCSh2Ti1SKrsb-zZdkiKH5?NG0C&IuHAXm(e>N`f)eJ$YdmJ!`qOs^LhkAq)#FG z9uhXw8GC&P<{`2W{Ilnm%Q%)d3*}haI#<=%jZb~Sc>Vrv~y{RjC;xV#XdQ)EYVY+&#qK#jDSoGOA$IPchtddN3 zoqzcz=sV&pANq2j-t;}6gO-t?q3?s}i}cOa-KiH0{-)ps(-adP>qQ1cmvbER*l0YR_wxa+QNQWgBQ3ve3Tuw)g8Ly$r*fJ56=V1lU71Ic#GB| z&fbXDIgetbNr+ac^7&*Ws5>;a;;EtJldCbYqYHclh{N%uq;(L7CI!gI$58ae^}Br4 zn~us&eNX{j!1)JwuE>}~UCcXRe|pjTLC{Sef;QZ#!;V;Nrew%-`zny9k)DuKf3XX1 z^4t?6kHObj=!^JTa;Bn>OMe}XH?Y2?o~Nn54u!t(7P9g<{q@5`$q8Ay`fJ4^LEiZN z9mlT(eIGx=NBlTYZ~C6{h~br??^mx&`VQ9JIpy;;ya4&^rkZ`+5;LE?kdHrBkJH51U=Yv4N4J**qIzj9jGw3n#7)h%j7k6J z++%-r83uQ%9y{hMss+(5F8O+IOgLiu-_TOxZ&z1MPN)6DE3|*=d7azUbb_poa>DbV zKs*%9OsAr`^jY_O*DNLf&45)5sQAww>f%2U?BqZD+}_3T-_=>o=A(VoD$2SrR-+qP?US=-2~WWm?ryIR?)X<| z)@kA`P_3hrYM(ykrdrRJF|%bSIjAO^+NlQlS~Abwd>=NSVwyV;8GQ*)FH=ubP&)~$ zCpQ8+iNx&IYqXeMa-}5UV)+ZICrj~*l(4h#x6rK9#T%g27^l*D@=5n(TX8yfb#~B7 zHnr2r`s@F>8-Kn8jR)$+ZcpfCKJS9(foP}20Ei!vY?YVqLOoH)29A+J7MgLva4BQc z4bW`3lV%hC>7Mqti!rSsCpu^*o7!mx`5OFpck@Ttysc^O zROvJMxIP|x>$RgH@M-C_=-8({ZCs86TGW5m#3$V2|L#Q$aOeqo`i@*DyHTskJ~f?Z zOFzezzq+0MHq!l4U&Y5Sqxt;%PV&2HDy&hUqKCp_*{7)aTnQm!&F5KhChqEgxT*2U zB8+N)8dY1EI97zBnOzX90Wl}XsONcXm}?q3{F^CwO8eJQP1m_%Y-1}=eYXSpI^X$N2md{)&8x{akH1id@u9xZ|1VkgLI#64Kk6> zw;yl7pr_4QITwXBDGaGx>)_)7W)BUbicCY5cL=T*^5`I&Z+pE*{_d-VD*naLq`NN} zkCt(aAM9b5A4OZMt!e1OKOfhRP1#Z7b2MZyJt~X^rfp&Xf^;mcpVhQD(ihc?xcUx6 zD2*UFUYR!s6%}!$7|C>=&tXhFed#&Tgp6S?deNt-N}a~^<9%!{2vmjTxyCq+>9^6` z%$?NfXHTKE%ZnNGJgD{Iv4JRs3qV>ArC_gh{RPwFDn+%b5_+1`v<#!lS1poaSTaOsEVx}{z}*9K%nP31gJ(%fO@dWkKTmd*P%v){piNr zkqOkwJte&c#fS)9Z98Uu1;Exu0U&{Y4rIguvkb0pA>o)l$!OI zfOO4%&>9}PM%Cx4^Dj`&6smk($P|{MgiKZD&2-Atb{b3{B1+VWrjRAk)G1Tf-(#m% z4yjc+GHGgcWoxCQn(NJ{U;m5hFF(T?e2gKNLr+Zx=hM_55^aPp9~9S&Ku-uE!D zXJU}n;-j^KHhxMkBxLT)V;4B`p^-S{p|BB)x!qgntqnvJSO2k4i>x-xHfeZ8p zT&n3+K0Z}FPSam`1=OrVHGM6_23%9Hp&SN#FEbMtpTZ;9uDghz9sCHxf*3nz2!mP+Q=Hb5q# zPYB5=%p1c6@xBlr`+L^-Scu$QpA+=;KQ;c3)Z~+*!`3X^7~}AR?zmgg>CC}yI^B)l ztOIpVZaQ7Z=l^aO5S^}ts<0>2yLT+EpVe3#$Yb3a!7!m|*Yj%a$o&bc_Ow;9&Szu{ z*GDw+K2~o4)JV-C5M{lp3e38H%k+osWOo? zSu1FgWJTjyjC-X>u$}j`5#MyFcdcn+lI&p9J&mR99f2iZMU{Qf958hD@ zNg+y8%j&a&XJPlwCE>M&VNri!4GyC_(C#QL4U`&j60yUlwa$U2sOjwY7{Uo>8WyFSN zj`2~_N&J8_4x02B#9-IqW_~rtCi_{d0i-W2-y_-wnD!&b6*D*|ggB`vi4*3c5tM{z zdw+cR&C-rJy2EzW}zl z^+S(Gw0>A}h`~>KfH)mM_LGhCD#Z+?ewdk(e#jM(oZvqj`sjz}NkXT7D1R7|zoCtp zUkdu+8*n#0avTRZ`;p`9sTeJ=FeerL(1ea8Tu{*nCD9&L(4oIVJX(2Q!`ENPfy0oV z@enBVV(UN#Q7(1)?J)T?RgVrM=)p#wQAlRUfT<&^I{(=R;ZKZkv73-(p;vb<|oA7^EAT8?SKuDKQ(QqCJIk`n30BS%S z!vTzU_`a@^lat3~?oKNIpWv7uy;t6Z-r=jD2-sU6MV}P85r}0fDrq$IFK&aoQ?$~I z*xFw+;;|CRh{FbmUr+#$kMmvbz^`(pF^s>3W=+Na-Sp^84eC&1ll~4a>^dkAF5E&y z*~6d*tNB9^YRnpVqo8)Ea)lC5uD+yzx~pkGjJ*lq_0t!3-yp%zB^CWVM5!>*2o4*P zYYr_({W=(tOU)r(cV|ier5pSgm;Rl89|S2AGv~@;nu(uj;JMGdIlj5$1$Yy@x8!d?L-e%F!65k|A0U+F#%NboAVvx1oso7=L^g{zkU3&VV58&)ajw`OgZ~=xEspy9jn5Y0DL?dtga6EjWn!`z@ zl1Q(dqR0s@kHQ)$#K93LoIe{nVqK#^fN~xv=Qr=sV=x7o0`?B8YHlQ1a#GL{RxVuu zkcEvB&U`Fo#4+)U|B8u!vTq<0zep$qn}(Ro6a%J{f`;IU&R!0~$)hFV>edh)5V_W% zJRu(?| zT}EOyG8?0_!diXE>~M675}S-vG{wyQ$MzADf_3YUAD|^`x+LvkAipI1KG0|WsT2|?x_*yX`8Vvg|#Y4xevuO4<^^6(G#$>XA&b97daS1~_Vx6Xu{4KSf`Y36E_b@d|n3d3(%GcT1SJ4S0lzk&?XcOqiJnydJ=Ir`M0 zYA8cCk+|*Og?lRa8$ZXFSY$az{2NQ+;$7{p;xHQVZ=8h(1M`<0L@}twg%x zc(ckp{zfwLC6aNb__zGs>zph2-`ajRJOLDS`hQdD|LqEdbZwwAJcM(-Q#g-N$;CQU zix5sWb_i!px#U9ox`fl(jG(N#W+X*(yryYiLDP8A z3V^8`;ONze)cZG;Gby+{iA+Hj$}m!sIr1Ev?pH}>VzO7%27vhn_B+Ah0m zbqte;khMDWA0iXuMEkf_GJi7|-EkAuJ)|+LuCSb#5}MO^Vu5jNBLbM;tLY#NwNe56 zMaycln=t9yfB6DKdySfP4>=*tC}Wc|A(AMK#O&LO<~P4hpWi5uJ5MXF}lZ$JY3i zhM#<;Er(|c8z!-vUH|zanB5^a0j_=$eD@$l#8;G{R;QpPt%1z`NfMa-AuA@T{9`wa zU*n#_%AWo3&rvu?c_aFGgbR)RoLq==I`JhI^{Gryb^HR~T^II) zOHIE{^3bo(U5`m0zvT<9U-?c_`gIAJ@1Won?Ci^*wb0tG>-EvEA0eW1=Qa;xH*?WV zAiM9{0JDA)eDb-9h+4mnPes4(VD3zk!06Y@u2cGT!%y+T%AUQ2)fz)qI!M_X{aE*y zKAigXzZG~q9*A1D6!1@x~WqK+i zIt_gAB_QO#ALy4*xjv_Sf=Q_;*Ft6rUHgBp#k7w3K?^LX%09gbI+c)d2!@?MI5!D{hV;R8(VhGXE)Pc>DE~N8y>@d!1L6VYdZ*ITFN!bRK6cMXY|2jAnL(h!zlCPa$Nxb~p?@i# zM{Et@V6OJq#G>8bVWUCW&EI`di%MkqL`bYl!7~2!V9Zf${s5XwIrngSA4XJ1r#Jrm zsh>xo-3Zk#P5tr{^74N4-=`F$OsJE;rN#h<%2UzFPcwDskkQth(mmfQQdBeOV4t9C zLl*HjKSHyuYa7Y7v*a&e+fn#MvaJpN7MgW1{_o;|H5j_i`O!zO#z))gk2;@*`7}#C zO^?d(kEavdcK`TsrV3Nj zL?rhBi#tV2@Iq|9`r}Z^3+!K+F|n28#xaM9-@uJ4@r&Tbq50Tg=8opk9-&lse-RZ*^uJK*j9f;2<{s@JoYWrwe~7pFfZ1fw1Nj=ny~F^ew{Z zh^$o1MlSP{Ag^cySNsw+Ka)kCa3#k7%jPf4TY@&8W#&IK7I2WK8=Eggb6;KmB0No< z;4tx37Me-^tETBGqG&DLBtN>fI2*%Gm_PoPQul|YqVAV@qvOxXqFYa4{Uv7F%=r)n=mO{an)Xir`*87m zE}p0Ee?JUiOwa%R3F!1A=RRjq_F=42QKajbfuNmYBk!8gHGNU5FpgzMVv)o+L2{); z*HB{hLs-WuoY~lkhZb9>(B_&`8^<)pvRWaImEaPKtW%H$VOS?A4zD+U2dpcxYVCws zaOu~FE>--^{Y>&VO?B~qV2B?%7ZqUm3H9rHO26i(qF;wFLt$vBX{uJ8zzBAxXv#DC zY*Z}@@3g+6(l<2iOPX%MK@CaL^kKGk=Rbx*f4uo=AO!70P}=qHSmq28OqUC~j^Z~T zzu7t}A6CB}+Lwr67KALpV|0SlvqO;TYJKf3FEqeaqF3pWA9egb`WS4q&5?F5zOo8GAb z>mhKH_>8`xBt0V)Nk5VaK9BwHgD~Mnn6MxSRStXg6ZVj(Z|X*0kwm_n#V(HE_Y8LU z;yPanAHwJN;&~vsfn4C%+}Vk%og0I{yuY?yMn$hUSK_D=j2W{N<><&b4rjR>{!NPO z3VdBI?#d|g;CI|4orQ~RQSsi574JPFm*bzCOEW){{}LxPb}PdT>AWwu60Gt#IagdY z3KtC*Ewc!{&P$fZGSO!S8Nai@c18ClcDdV^EUy=t_n6i|{VGMpe0Dd=RHBul&-F#v z0ubKWskYPhBHYSb&HUHo6?5-9QLlDwrw#N4s!q>4vJ;ZID?2T9zT9c4 ze8tg6YCq$P{heQYrk&3h@$!+*m#6u?oZ2}4%(pS@(Qi7a`YzTyJgJJ8yE|W=@AqWAFXx}9&Ht^_`cB6}wgAaYGOqTy1&QBhGrK?y-kFp(LUArW*9;JS#);Q}Hg8o>ih zIEG;~>$NDZ0-~aeii*k#u0)Uk3LWG^z`&hdYEMVyFZsC z-PP5vUcK+VSFc{Z_V`_%_g$W&>h9RT^5LZZxAIH4L91nC((?eHD801hbGIZV6*qQx z2284M?eJZTn)62;p3nSyOLk+Sg53Cd%CXW=SCjo@h_jR`G3KtP)3Z}|Sdr_eZgfyR zj*@&&?&c$Kbq8Jy|F$BjLD4C0uOrp%?FLV>2*(*Gq*gc2>v^EMiE^1|L6XF?%k2K< z80^fAwwYIApRb&*XKG&0nt)#p-CzCNVZ>98v@04DT#FcoAqnALJw4~};V3WDyvEQ2 zm@do-iNIS&msd~WYxt+Xm3wbZ>5s|bT&tVc_A_w=HaKeqJJ^-EMaD#QsB zUw)y(^DE?s{reZ(PFeaaoGVtDFPZK1R5^nT2+C67NGxK$a{F$wA1S@`GC@ZZNY__K zs++nzd$E3BaL4W%m#5nQTK-Y2^Qvq!uRtCQ7fX!MyS{u|CW>yf(S0F&Naj8Ye0WGhCjXZtrl1%d;!b`#3)qlh^P%dtshO{LZzPSc`$! zit2_g&v%1;_G))>^&nrrENAK3#_r@}uFPGw(jE|9x3_}80v=y*XNzToU*gM2Aiz+`WARD9jg;o0u*I~^0K z9tKh4B_4-^*W@;cqoDNCwTmeNCzG-4$K@%=Ca!q?y*gd}jgRoIe^xR3lw;&Yj*W9F z;kZIs$jUk5i4 z`nAvX7T`>`xI4(xk$)Cwjqgci3sTE9w6o@2hi5CZe#Lox&vCrQ>De4q3`-O}D3KhP zjQBg%^H&bf7Sq+7ztNg6Yn(Ne>LT2o`Gd`u{cBB4zSn-#ow=^~8 z*4BKat{nHB62S-phc3^r{#&4&<*x!?BgCIi*gFfWFcwzfJ@8@@R`)LN!s!rDcjkUu zDL+I*_IRpwXkO@qm{e8h(X1GTLkl^ZieYd`!{CBp*fQC&VIU{U!zpR_e}*&j7h5SmKLf-TAi@SwEO5BaKJJ)#*f#G@UiU1s_Yh*b#NLfKN4pr=b#4zNh(VZtpc|KpY}QLxN!H)n0cw2&&Zr zw{Gvf0$gl@P8>DwLJu;I)DL?H{{5>7j5Ti02U5SfGmqGO{r*>juaxb{_ulj##P##y zFM*C}Zw1j&6-37eZ6lzAD)LAwRprC>AH`497o%G7^~xYycEdzFJU?>laO^!m5IF)7 zb(U6$5>a9nYSxgEa*|far=d^SD|LhD6_0fz(mcR+nS5d9R-5lZ2o*j`o@_&+KPD-Ebmkw^@dxFV7fBOa3Y#H*E>Z3;vzOp+XU+S>w;Sf-zE5bfFg_AY(dAfN zo+b7|P(o8d;@!TsS?A+YAdM< z^Xhg~`g~AzD89%AvI;>0Bes1hwqi_>KQ+HQ^CMen=i@c-A(ZYt+d=&^c+Mu`w;dGv zB`*ZUq%g1_GF9&I4XANsR@!EHF+b~bFR8iP;rmOn6DITw$O3qw(s2#x*b3PcI*M1=G;ZmAQ?30!ZY-NUN{l%&EZV z6^G{|nhsy@-B)x1N4NV6`Ce!i_D8v7V=~{fi9D6PD`JVa$o!p$#iS4P^}`n@p{0Iy zc#inXr*Re(@#pJ>coZNF277M;5(Pa_*WGgd7l?*_|8{xN|2}?} zJ3P5|Fy=aYn#1F=<4X{C**iNtMfPrf*Ff@!cfGvp!exKttAB6nR<%4JG z&KjL&n{^teea8MdFhdT2a5{hbl%J3SnpkJ$d-xZVI^JHgKG%LhlA|)$p3O_SwpMr9 z9pYc;oANcdWP79a=<>tw!o75O|CCmpf`3y*gF^A|SeLKSaWr#bEO4lE?ISsYu@2AG z_%@jDYF@iqz9rfJCn^*)$>x|H9CHE3+=EZ_k%V~B*yU}IQ?r%h1r2Ns9ymDiK4e4z z7n{@ZM#Qx_NcnxHRpY)83{xA6cA^9ESm+ax`TnsZ8s8rUz(d%s{h{Ok%g}<6_|I~W z81+bpcQ|JII)ncX&4ALUDJ%iWP7kn@BVR z75>d_wBCK`opp45{tL$ug|4AW=VSfOSC1-Vfww)^c z%UbI?smW3Yu31wKk?T`&dn$9_ ze(JeqEmlTr&7PFkNL1?dV`+DsJpEW|(MkBN_+;Cg&>e3`{W1Mm=c4A*k7XA%WLMs# zwfIlpThEPnX9eDw)aQM^bB%asunGBNo7J7Fw{$-=+j#I7JOa0XIa*e^vXK~v+xYSF zQLv${bG;)9u~v|Kc5vczJzwV3Y@=-w?R_byxiTxJ*okW_8`r`Z4~3}tx2%xPkkI8! z#lvmB32k!a1Ym~RX3#8Cr+_uIWEn+Lw{>&)3XVH6x87bvq3eS^;k4s@J5$|43w3Nl z9ovKXs-5_pulF8E7xJgXE7^pZ0pcxe2Es7m=*5w|m1ICc9reFFMZTyHuXL0BVaBsD z;|`1!tN*S3_s1#rud~vJ=`vjfAKG_^*A)6nfbhv06 zT!c|zVwj$m^CODGlm3T7A<&6oV}3u)srd+b zR1IZ9a6Vae#6%G}iBBgmA`U(}eA z!)Qh*U$hYmxSEdgqMT@>>|GN4%VmjF1{4djnY8+?S{IkEK%a!^6bENqn z6V+vGmmQ5WmgfH+IsXRzHB#cE^7cQi&$S(IN`PP{TU#IAQQg;K;H$Rx&mSA>`_GK&{kBF+;BTxnH#4F3jj?meE++sxZj5|c&Rrg{Op%# zq<9Sv7GjfyYEmd%q1m&^-~yT{pINf%kABF5pLg%+ahPIdx$v_cs*%URJ_j3io)-}G6TE4L$8MK z(TWaU^H!cYVqK>2Qr@$e}iyWNOiEDO`;Jg3QQP7SPVP;A92k}XTu^@uDQ zB0gQ!Hww8pUpmc#e#tVY&;P7OUnJtNzZ+3-bD~jJJxkGVo^PEq_RnvH<@$a1v~7?i zLjgtj4NK9C)&%%6dm4ZGl%EI%bi>~+xyUcaR#Iz(p|f+uO5Y_``uG=ELL`jsd?NvF zY;mL|CH36a^KiAz?OBI%vrfZi0E+T|#q)Y~T8LAQm^?Z#co^)Z-6*YFh%mEY;-8R@f$@jKx!_coTCD83{ zjr_kXMBv??eac=iUlzC?^M#M3BkJ3{A&LR#c?Vvd@9W+yrz|fi-<#49xXbr8Z|2Ud zxP5|4iHU{eE_$&PVyuXi;mAO*yzOLS;z<17 zy$j#v9de!1_VTtt4coRGFswe6Fd6|#_V=^7p{SxbSHm7p1Zxba!bbT`*Sjb%q*h}>9*T*4zEkG z&Abo->h_-H%G_hSZ%`{B#d~dr+l!roA*rsj_c9utgeiCY@|B~a=5kk;y)NvDQo_&P z

      jrUe{k&P?@{r{z%pTn8FYHER9BT3R(}$gfp4&Z>heyfL;`k>Lv%6pZWB=vkkl^seHnMmPOs8tUCC{)6#x5KJG@FeJPdy^4nu-(@Y?{|C0 z0Squv8%aI}OjKgCN@AkIc3K%aKo^<+vCZ1rg4js8$yu?R&}f1=lXJyC z(gyjO_bI)!e<^X%c#x-8lj_!RfWSs!f2aM4@$*WjCzH_+VK4A7?S=MwRjwdsls9N~ zh|@Pu5fm3XeL2|_#HF}V^J!#ooGQVA2N#P6@g-yBq3!BJF0b505LQo}Y#p1)R+arU zIw03fE(4z*sgVZ}yltCtw@>WHCGRBF2>$vSZ9KVWl7GqKZ!nkh+JB} z+0Et6=>e1o!RKZc1it5*z}}_}AX2w*hx1%v54)es#G+2LlQ4?mRpYRI}`})7Ps_Sz{+W5zeXbS0vGW1<@)4%XOqtz8&044%(^1a==TBA5{1B|W9=LD)hoC2Wk;HoT`XqVOvO2oVH zOL6{Acw&mO;2Mo_E@afnaUhn_uBL0AcNCS_>9nl?PM0UBz|R@v?bQ+cWUyj6HJ=#Q z7B8Y`jK3RRAx^l2ANld|ek$%Oiwl(_6l8Ub>ez#dS#^Zq=;<9H@;5LM?2kO;PJG|| zr%rUpgBR33L;XO_YK9aos?%+=0|e7mmWa%S)6132F$(Fm^kwF{^bmiIQdB~GQ|cp(NLL^F|m03 zco3bD(!D9ARk|kQ?X^x6GI4b7DpX})j5|3a})# zLP74e_1@nVB#v2NHVx%Y-|z-9e6M(A@33)SG_I5JEcubvZ-oF!uJ=lFe>gfwoSuVN zn&-fFx_v1Z!DbHh_Bs_18T=@xrvXaaHAZM893O|fU?8_WUPl9|`oS{p#}RadD?_fUTcbE5i7SgOOOiqHg>>KO--h$X6j&HJPWYf4qv zX1Dr2nOD-^l2=e~s^&nlQvK@?ezVQ}0smrBXFM!C;F?dv=kv_YVAi7fbu^#NzBkP0 zn6J4yq^Be5Th8QK!qoJPF0bAAOg#;>9{PLzO{@#Ds{hbPTsX z(P!4}`6f7{I=>v%)^eubos?9B+>3E3(0{JXAEt~Do>(Tzqpi-`B|SGAs*e-P`eH4?kKrFB^Ts_$ljio2A@b z?ks(;0q6IJDMN$fQxxN~o$$&oF}xC)x1k;=w+=fU@7|Q*8M(p{p_Cs2_f#8%ao1Pz zE0@C^LGNvk)SnD)*hd+ZORzj9hAW;oLWc-&rr05a;=62Idup?cHgwd~b+OyCN$>d} zq=0nA^abU@^18h_sZMXtoEj7FCxfGV=;1oj2LB5fCScf?@lQZ;2ax#VL-jWS13-1` zO29Y)-{_Y_$d!lQNZ)rqC*T~n7aLG+>|Lcfy}j&M8VRke)E8A?@j!cwvMEMcC;mba zJpYiTz}C;>pNReKK;oDO>u)0d4PQ9|5^zo;9wc~t1|*2}H%li}f0qpVWULRCjG-bv z{kJ-rj{kgTn2ww(X83Yx_H;b-@r2|t5`-m`>ZRR}k2L`OM!GI~t(?V39^>2TmZVZ^RsBMNtE#vHA z_T^M8B63QnUY&GD2}w#JN!SucC`E6;-#b~&@6L*Wt}rV{Blp{gKL<$(l!6sZp?8QV zux`6%D8a47#thpvEW;ur`5y4iiRl06@*U;`hKRNr|EyiUOWJ}1KhH~yd|w9N zodT9k0rRFWnZrc{4te>pAp>3YKsm9fuAQMXwY4)-GDMU{gptHa3I3+Kw6C?nAkN1i zDsvnDHtlYPjDovaCm7z##eVMnd#FW~u$Iu_%35Bb2YXEnYl#m(?Z%dx8s1WOPCAgT zN4;RKtZXFOAc8xGTS?eaNCj+|48!ACFw1R@Ps1Q_dPF#4|6T)b*xtB2d(K_<5!r_; z5q5h7pO9SZf95P~Bw^cOK6+tfI=$a)!AErg>G0mu$K}h$PM6$e-~a^2k@?}-guFhH z?HMT~kAO5g7P}<V;*1GTo6DUL&X?G7!N!!>dGxmUU?%x4J_*k)AhZwL1yX%&MDRNx zg6~P`5N)RidjhJWjJC=13y2HRi9@$5&etM6fLt-fVQ)>t{Oy}l&#JH=`HGpTe^ak) zR>9KK%$E(ID3oG#Y%A-BUs2?#K$p=03zh}e;qoYCZ1lsf15Vf9&7*p!ORu{hR_naP z!?UNOpVXv#C&NVF0294;$~D47f1_JtceQm&;`!>?W_nd_<*F)5lMv76p{r2X=Z+!v zxw?e9v%qMa-}pFaoK*`<(@P}jYDe)oxA!Eqd=#@gh&QpBgx1`zRY?&RSx}?I#VMB} znILc%JOSY?(Z4nKn9ghoL0UA+Y~-=W7i#mE_QTH&+5QuoleU?22?W)v`*YBRQoOqR zT8Q~MHnTpc42>BK6cmP(6mxrTh8)?EK(sD|c12ca`t-z)3?u%%=9>SP0Q%?d0*7sH zPGvQU%IQf(E%-Afsi;vocI$<^$U1U3ma*Et6`5d8?~p!JnfzUBqTwbp3wDUV@xgWc z49T7NjN;3M($1Z_g_0Jw-_Z=xG_hTaiSJyETT- zub06#@_cldBp!iM6Oy<_CyD%>lE|Bs#0`oh@_L9QZr-Ly;^@!JBysRb7~jSjbt8$w z{|TJ`nZc0HeV-)6x1suMD(LJ2I_qmgwdB*pE@#9tT`Ub$g&vO3SDIkZ-KSd@zGy-1 zP@@y7&Zm9C<)>U`HH#X zCWh89IjOjqBNg%O@S(16jG^Y-TjxWqMr!zG)3C&BsAw&rXUs;r8`6XG4#Eme?xrI< zt7#dEVwi2FM_=D`E`dWOQh=q|WK*!PGYen|-9OF$AIRQRtV4?$Vm^WF z(LgUa`XPWZ@eEnNF}C^tjq?u@6NZ)vP)eF-=zfPxPndnvZFmSqEi^a+cc=#L`Y;1m zdaNV&|NO_MB#>7*aGdEGu2HdK!M^SK6*GEG3{(;;d_iqkv1Z@0-VW-&`nGQ$t`(3i zoM;MJj>!UKLoy`)aTLtUn5;wW3EQ`s&?g~qtt0#P>k*Jxd|Lvga21?T4Y3PW1?Tq< zVBbFY1>71iDS_Pby(cj{N5!n-l18&{XOhZAw_2x?nB@yrD}EndTklLiPI@>s-S z-wIvepr|}QnZDzeQ3&_9|M?1A8ji9V*L5f?2K|>)vpsxWH|8+N|9YYhHSyRv7d+$; z;FzrCg!W!+(B5~d+S?@leTdpS7d~+o$V`~6n*jx-A?JpbzY}s|^$F(x7t`5hLIU|T z3{EqqeCoxtZ2 zDboc_YEb`2*uV67V}wltijc&P(q^GC5`9v;_WkuP7!daV{;Gpf(D;OltlX^wSt2a? zmF@%!9V+h4A)q6+Q+N)LTX6_NCI!BS8VEs`i5DpZCYJc(=!2MxJ-1k&3qf;){9s)u zHFA{XEDS?KR+HC%Ph`coKJEJxc=h_Y1oG+&P_|JPoKylW{5GZQRv>G9* zK@5$b*!F`Lb8pgN(TYLjCxR7b=mMms1~IT3s-j-;>8i#MDsQwtopIx{1%{+q#se?@ zLGWqcr{HtJs08wA&zo|sw!EQY(JaJQrUo#hhi~D8#9+Y=zlv$Y20~|+l`yQ? z*p;$o8(@1QB{i>XP0?k@+r#OtTx2U`el+DQ9+d_Xd6?=0Kd2p`P|FNDWrv?V#Y# zTK-0z+RtTsLF`!yv12jzdf(rh0B2Rhr~8FJ2tLccQ}B80dh3!Ow=T%nD&O>q0X#(&|` zlG0^=20LXH1Kw63S?*9km9By+1&xLOG7S%CfU4ab#$XFShSHHpi=259^ZtVCTMV-D zx&+Eh3k*ZU*MVn$PkgoDj;6@vQQd#q7kH|+nV&*jm^~=Y>*x}86t$iH4cJybqVCwn z)31~t^E|v~zsBpj#PGU^d3cdm?8VEat^E;L15>osqlk-|Z~NIu*4*LNxj-zl|A?lx zJUq>1?msCap>a|6p%u_e_g^F8qWGLjaw@8JFf@uh@X)m+qNApvQP&>IKaQMgn2jSe z%J|LsP%E{eH0Jotv%5L}pfWtnB*|6NywyajxHbEjmvkr{@bvGA(ir16Q@;YQ4qcl- zUS+|F$COXK81rwskYu5%FhjWQOVH_#flh*lJ;iDW^S#%dkqU5NEy?qdszF=<4ac&E zNl=0;$T=OJV2FWiwUo1-K6i+^Hl*vNwbGV`_=??3GQ0z)13CmqP@ z)G)4sh7gdG{I660vpY$D?i%aTBs8!1l%%Ku7CZupTx&~_(*tlhHT$^vss9(qt37^` z^115&T%AB(RXi_k)+E3}*ena{!{Jq!(NBh2r;@ni3nCh=aGUk%l5m^FE`ob`Dfz0+ zN(DB@r>4Php++tZm)jGFXuCq=FAwa(P?};Wbz!^$MZkM)mMdoea{o?{IA(}-ZpV$E z7oXGN$M?h^1V8I`DEP^`DuKM30ry*2E>p8L77`m~wmN`N|Dy%gi6ng3(+Qa^x94cS z_pUS26!Vp>vtJd$e&JlIV!tNAe$k%&7`o8=(C=I%?AU{Y^ma_N#y%XM4n>Gq$20gvSCKv%ml69o~Ghpib+-4>wO`ukAb2n>7=)lnM?WA-0Me+ruS47NUL zaij1o3`4VGO&v|4UzsKe5#M}8+Poml?z{*S<|F$1l0D{js6B3$Ok zHq8M64zpqHVw?CFGTny_WTb=X@#g(xpCelD?(HLk-vj|=Tss*pby)M(SGdE!OV&QLjp?#1E!iTnZpt|4{9R>cW1%G8jkwJ zn(_4PhakBNNKRb*;~zTA4R|mT=33Rq`M8K#(8~HY`uVu2TfnPBS6b&)+=$D9lP%82 z0TCAM*C(4nWI+r>5^<>laXUgwDukSmLt$-v*99M%5C?p;eeOzs-rs|^%!S&}Io@lu zl2j;dgqnFcLsur=Kyl{t?&J-qa@2;GMd5p;u!5nUhoOKp;(rSu{$ZunW6Jqo`2m=7 zQCjt7u$mc*rKsU$rH)Fzr~BzqaA7z|)^UE^h{}iLl7KEoVi#p}l-W+)G=wB)Ti&i-}7V7r7S}-3IB@kPnIlgx#>Vc)N z$qK1)R(!sS7$zQzSU59!y$G$dd&rIcWN0;tZK*}KrQana3k30asC;6Dc*0*^t~Xk; z4xifnU|;hFAdSX~RIvn*5s{i-hRrjPIT2#30yCi=pb3J74C-io^y_<=#Nx{mCv$;S z59zSFU`|43SD3u$Te*-B+|_2>w- z1-goGe9o*KoX{GU&Y%P)+z)QWw}AQO9k6b4AM31(8xAX>Jj4{!CxZQ+tYO1@UnFeQ z%WB4ejaP%dn~Z--`mFkIFZ~;gJo^&sjEvVhlm{ll*QI&b0AC6mRsFc)N%Y}ZpWpQS zKk1xtv2{9$6}};|w-#3J=DyiM1gPgD*#*PVxm?kR{8}z+P|+@fKU0#58;>sSdrL9C z3Dlq*AN@=ojs44Q#e+q2wn$4V%3*3QlWQ*!6+xQPG1O83&wm@^dcLc49iZKIzjQai8RUoRkmvvc) zS7rmNJfZqM6#w`9k@5c)czO0k)_EDPA_e~8KWmya?4;)!04~f@rjp9i3$0U0^s}d! zEG4#rHM$gpL(>;G8J$zw_pik#;lvCej-xXomaf8aA)w~=4hI~cu=95YGW-IL_**Oj zpRg~*b@V*yVv;2qLH$jK;)aG;mzGrAD6i+Y)%Q?4%ok566@Rd7^kdnGO4lw=mH*p= zM?{D~h6;lR+&nTK$WOG58k? zL;Z^_D=;qSd6NG+|ANgz{EMxsLYpL%nDj5?@AK@uN&lim+$*#5dPM(X)!hpIyOh@I zUtB=)Ug#bqFE0P0EfiH9_!p1A2BOjxqO6<0yh4~jtUjdb;$3P{~&z|bc zzqr-lUmR%yw*r~eCqpboaVrIWf?}UP!z6^*=S{*uJZ$GP+?(8>LU|-%swfYu&D1X9#LJ2Qd2%DGD#^CLJG z1v>kS`Y^SmuI+jeGkQ%7R1(d6K@7J1Pj_J2YSyxJSR3_YCZq6Pe7~XU4CTwpINI=3 z7pBzU%QEVhgbPIJT)xb-Fd6vE)Ee1wE4Aa3IG{4M+wjv5fn~UV6Ygu)GoG}zEl?+# zNKn()Mg00ol2~C+pyV{cFf^3yok*1ZUi+&t#y8sk6TEul^aS#%szgkAf8~4;@rC+J zvh=j5zw{#nHf%F>@(ZBzKv(N@5@+nGHk`@rQ*N7bw^FUA%MH_ksH5wE72Ap^G$vQn z(|vz@P=i{jH>iA(2ht$-LX~>D6*Q~b#wkQatZzf>>5BN-h$$NMHH40N9<2DfOAz?a zb`rqnsukPHBv;h|!gOmnbtY)}4`$aHcdKaW83@p9Tj&n$ zH*hTt)>WKOCF<*{K8=gyR(7^7C2`x=78sR=`~$ZHr6Zx$3PX3U=(PYs!pHt3f zEI7?Nuj2KV1AB_3eO(DyTD7lJpT&$GI@LOr#64e78}4=Kbcb)%K&IK(26!**>omN1 zeQv{=uCT9vX>V#@`LY=7>+{cGKz6m;aKw3dKLz(S#KmJ@CqjSJxqba^2}r!5ll3`? z8)eVIan(>Zdkj(b2eGejJq=#h68;eTKGHQz6SIYHm!4@z(P=delj$y$*%Vjbp;lTuhjB=l3y2s z%Hnp`MI&ykuY&umVST}kLD5L4MLog%r>DTJ0T~J8mT!VYdx-(s@O3<3*!o`Q!h}D=2^b0ItX)r!(=JZSK9I z1&W+@6J%@Ht@Jx?5ZD#@Ve)Gd3V!qdj3^!#bGu2MQ zF}&|l+`k$3H4MjLM9TwPZmQji3gZwZ9sEID4J{hQ~xZ`90KH7 z4`Hmy7^@n2dc8>qkhM-UAZs|*)}Q^+2jW+&nniSnJM%3Ia9=~R6>A(rxns<4;CpzK zwRy=g<9qajpnOkL>#`6xzR$uiG<-L?<`0DLzJCL+UOy>;ygGKhT#+us;Q>s&W{snK zU-Xf35SbPOkpwsUk8Xu^E^np3)$nkjb>e&Hr-C_1hfG63Q~@|OfstoPS%Hu*%J+5e zm{XRQ#4@a>qYP_NUzcx03i8Kyvi@3JDd-G(j@psF$7_^fj`+4xg&hX1#J3)uBifiH%^e( zwwL4f>=Owan#KvVh2p9W*|D#G?+1xZKw|iEK)M;~(cL<$4C#hTts(oos}hQAWA@WR z%#+4atS_VFN8IR>`4Lr(63DAABNWSxh;n$c(|o`reEmBQ6MAtBL=xHTDOR&>sE_;~ zioAZs+xk!8@IRHrJ(i+cNcHH1sGgh(#OjVt{Om>3iD;@6H0Nyv(5Of*AgRTnD%rNb z)~%y-Z3AiE6&yat`(1HA2E!{Xn6(p6(}pR)l>Swn<}dA^3)06lOrXrY2xnTur_cRI z!RK0!#AjB61oCRewbJtL27ZL)wNO8@JqYzbl5Cwy0+cU^!Sp^l1k;8@3X$aiODj?# zkPavhl1s&|<|wo4U`ejef4hO-h|_8z_pD(lWHoWZ*J<^a;{bDfY>MTOWwJxhHU4Ks zX@&Hs@Gw3l&aFb3e4*r5c-E^uu#g?BGwDK|yhz^>|7A83guTbCi$mNiU%JE^zFS=R2f=sleG0x;{c4?8apyNB7fAb?4g6WP zzmLzrjHbsxB>~PC#9)6<9)xK#>0nXtV_J!VmLb!i8%eg$gn((l3%#)9tD3{za)@X zGhET^Yad8-n0@U4Lj8{(woWAB$DZoQz8(TkX*(gq4+e$k6wfDK=UC# zLGwUF{Sd45Ia*Ew_dGva=U%+p4f}r%X)^uT7ZD~?Nmh(npJVh?(7ETJbvg-Jz99yi z`Slf;N~~2UF%ASU(Ke!@S^+Amy^C}DO&OqMm(^~rY<{-F3qUu1O+`ZwLp|E05$nejQPM%Um&t9iBSSk>_)*lF}>z|%WU0Sv=H&w*h9ozKYS05(Ew_(-4nz4_>vOP z^z)C_XFFc03}k|64b$ziB4N6o*R+fe2wufiKeX>1;NI&$B#?W@auq8qY-K~bS~yOpWUL)#cKNw{3OK7LsOE6_wt{SDZy$i zf5Dde@)x2f?aV6zTR8pVLRk#cC71JM>3aflp(}0p z2DO!DyOo02LJ#589)ilo^=*DJSh(qcW}j=@LlHPJiz#zM2&E-aeNJrq@LTSIGoTL* zK*sxH#qzQuka!kItc|uh+uxZ0ms!KI`;tglPK5u=PgI4PXQlpzRr@?~3b+@jP8|18 z|1?M1=cPcJW&6B-GU&{SflgwXZ-~J@_oqDtct=LD&+Jm#=dFr;F4x&--VNI43wuk* zvjy$5zF);Yi%ufh=WVxP%o@C zrlFuIVVHglZnlQ$J1_d3FkLtH`SDx9y>x#9xi{j{TI};e0)xej_4fJTM9?{5uXQ?! zY4#Mmecr0r=M9Q|o)c!DXZDm}HQHyk)Z1s#lZkz1&yno&a@F!4hxZN3=iecWM*0n3 z>+Q4FDhB)f@&vH(obT$#KF@@kY5?*H*yrXXarS?#&vM+p_U67iEWda`BrMmnuPt<5 z-1d3PU%@@+w~6CkdEkC{s`M(y0%?}*^O>Y`(KpuVB$oMx80_=nUYJVQ=K|P28V35U zC{!u4!Q=vZh3K<-5EstVX?C%YUIRmo+-ZWCFNA&WX?p`6`9tSP#EW)HcQn(Yd%2;@ zM;$W{n=hX)x&=di>1#P;(xNP%`MheL&x03!#g_u*IPcI{ETNHitsy+8W~(|9JRQDx z{%{=LF;MpoElzeK`Bf{Rb_{?PQmRE^)%{~63Pq`z-^JY5aD!F#xtTEFbHX(O}(!U)GOZJ^=UB48}18!0xyi^d0=d`qah^;XWW* zbFeeI{Z0^8{g=4#+xI3g@Ac0U$h>24PAR8p0GHk*N6UY{5k#iNKqSG-{$nu6t!P1E zkh7y1WcEpej1V)eDGc)@7-q#F^Ck>(OM&nPXG(Ad4={XOO3sW;^n9G=>REAsHvR{Un0 zy9xh7Bi!@p4fw(Hi=j#YrzI4fV`|5nfHePoyMlzpWykl!r!`XmPswPIRv{LL)y6e; zW&SW_gwXBPNNaniG1?$;`}P|^&`&$-T!u%N^IOlGk?WI&|EG$NHN)XSyzhrVZ;-92 zfOPxsqymJ;6CeIZ68}5uoOh8qcML#_YQIy7BcuI(@GqdVMGSOO1+b^s?e}uUelJz* zcS*SYws)22Hrj7C)!T2;m5Kdk*GBvOiDJK}8}0WUFfiprB<}#~4G8zg+o*6q2gNLK zC4Gau0=Q@33gJGw+%~g0ez(nSjDG=m-?oT=SCX*XyrU#xcfDTbzkFIhX8$n!UNh7` zt)bp_TCS*XT1)+nseguC9Qq`I@|y+HHRN~b{5v7PuKf4D*Af38Cy;-~;QP}4mm^EW zs{J1UBGY0ZlHh0mvDp7JFq5$VNzv>-`;_*-T(SQJLHo~}LHmEI)DXO{T2tD8(Y>_) zqKk<3f4H>&+vUvY>_2%YDCLZ-Kiuj~<*eZO9zke8>9HVO5ZrrYYXZ4f1t3QC59SbOM*m>)wV?CBht}z&ieOK%`v(gZ z|6so2A504O4^rAo^c(#HHr4wFqAL^sfL$B?g9D0xP-yfIuB8ov<~o8h@>Df!FuiY5 zQBPGZoTgI?1OEg*y|?8H^`I6Xf;OQxsP3gI1Mz^O4BGL5hr=Gwlz`JWJoNaM{~A1S zBOXw&Pm-b)ZWpWZuXJ%lrU8+0X4~xlKHXd&n64K1{UWpV!j+`3VzYHwi92A>1Y~O( zVecuCG(tVc{KRVECFx*f@lrR?b=2{^B=;#_bmYTUf+;F?j7q?i+$ff zU>NQDgZZGdMGSNj)9fjB`(Cct_c@Av9~*Ap?X4wTjrN^Q_4ZwKr2r~;G=H_7T^sHD zvx11a4)bfaoj`x8ysCO z=0^f)mhJQUL7+1y20Dplz99zt+@A&&PVo-KDW**f+h1p&(mrP^_IY~HKJ%t#pD$`D z0WaF=?6c@z+Gjo*(LQe%!c1=uGt*121Sd~_r+&=zJ@8h|;2hKXxiKl6@o(#M9k-RPY@-A8 zbE%O4T`yMJc#4d2ppQ@S{On`6rWE~&l54aj7kqQRZJlrNDnjJH!BM4s?g6A(w$Eph z&PA)O(@8Az4Kdi~#Vs(2u+Lkg*=P1C!|f$BuGntx6AZWWre>cXYAgZI`|1jo>u1ru zw9lf8i1}| z?);Ln=)z^R4abvn2h}PWiqe;ILrt4_`>r!y>yQS#%8`+>+GS6C;KkY@ie80?=KVIEp`hDuzj(PAbdODgsxCW4FNB?6mH&nIDS zfGUimb1HLBJ3g&xbz{8O>G`lY13S1GGHWt;Q2ICM5tnBVq`imRvm@UptBSL{n)t@@ zNd#M96Gnky4dlm`D*&(pdJ!WPFQO1Xsfh~UU1&gi@K-4`yhwjRG}iou)pkDQ3@*Q2 zcs|wW9<)rRsZs|%BsIr71c;R1*>L-sr{$C-Qz!8`x2HLRbDi0*9@pj z?BMU9;{Tjz+?2y{yH99($eTzx4+HUVkxx z{5uAZmzX?a-M&B43q+>HKqT!5`;WoCw>plQ1S-}j_T4mK&OYUWe5|q{?-pE;^QN{S zZ}1BRW1gM&RZLN-i|*xuTy%j2`Bj?pAoAA~=V8%B%wOxUOwNpMNzNXOUc_*necoQ( z(d8Wub9$rBoc8MuYdXkN6xEu#;iiNb)bhY!s01^h#t{DAaUmve=s&GXSiDvt@EBZf z4WV})`kfG3H~#nIJ;A;77ZS+55jDr7=b!yZIXAAV5B30^6P~wDCn3t7!px~=MsfDw zLt08*eHNTAd&2I3iQ{UzK-j_6b_aeMR@G%cOY|96)qGSn@wAeBRCPy#re1a(x~eX2 zOv79~iJB|JXgEI+R>0hF4)!%~pcqa*XJ$AN3y)?yMeJM@Sy=;b+6;{``nOkJfVrx8 z&iY)%Z8MvIa1D`re~N_2|L6W~%k#lE&$Ef+8}h%79T&!OC6EFjXdlanp8s_o=-l&+ zbvlVfz99y4`SoE;BEYybnz>}3(p(lQ<}xE_E_qWkm)n1kfaQI?xfI z7KaDr!zN_io z+&k3+V+Paj)tp$=nxuym79EhX^>e+J^tK8=$v*f25xq~%d zt~OYWEXod6^K&qhvll0jXPecM3A>+w)5VXM0$Aae zPF>V$rO0UBl3=FfD@FY&a0H<@v7%Pa9_s79{Mrp1DPClqBO=6uH$=Dln51I46#fho z6H*Ut>_LwBVL_$?;N77jdOA?6>JFE;KagE!=QXZb*@(!Vqaa(frLSv5c2gQB#=G-S za6G)mX)_LY)Iwv7(>hUebyPE zGdTu2i8;O@2K(NC1{wB!el+{eK4tz`8tpdlRsgl5H zhx`|<6q-%#`{C0;+-*+;iHpm=S3v_A6oD{Vi>=%Dn?aDY?^O#DC(VH_pj^`h$=@YZ z7Z|ftv|}FJ7^Z<|#Dc%WoC(iJ@Fzn2zboc*(c{)R7q=GO3$#VE@+-cT@To&9|6>!? z%1fq1vGFH&0YCosn00=LwLSWeY~veaZ7=gP6f<9CH1jirEqT~ZI%(!ts=&@BXcaiB zW}eq*=Glka=(1%=p`a`6p!R!*zVB|X<|J`*eB)Rg@1oEr}{Bs)k z9Vo@1H}JQ*d^rtpKCe>osr4V7ezp^+>=FZa4_gMIHxgADsV7V8GJZ6KIP#;yR_ae?*qZf43`_+yZ^LdX1 zE0-#J=Ilo?@PSe`mER6In<`-qmJ#ZAE+_N(0}soY2VJw-OhCZTpw3O$?gafI6Yh)_GKHz9t`0K`CF%GqM3{p~-OxHm@H z*-{^W5It#D8+9O*Qt0eCG}3M>`vN%U=vM;9Axr-Wv^j>42i=(gZv3}A__33f^F)d& zW`^%)A1W$CGthZN%+S|)>}#pkmoeL|C2xChTY-1@f?wSNkmD1=ppm6U436$USK(>bY7P}&0J`pj!_}Bj@gL}{4pE&Me{r`=059R}&diNk| ze1BFt=uD1*PAUMtAqM}T!B?0{_y>hi`~!9={eumPe=tYqAMkF_KREcA)Dvt$|3Kfb z;va}kBKZdow#ArR_<|-@@ekNfB>!Nk&OaE!=Qq!jbITj5QqcT^IWhVNN$hbNdaT_) z_@oV*7NDv6(zyJCxAuf-3gHvS;2-3IAmJaZ@+MB&1IZv<(-nI@`8{>T3Hk@kTVo<; z&rKlDHUo!|{eyC1%;+DCX$2y`_E;y9>VZAQ?jQ6}{DW?af6yn)KlpXK#J$l!U`xG! zAbK+K57=`g|6rlfKXB9j7;O5mG;rhNIXeHKOz$7C4;7WQ`Ufr8*Bq@cqkr(d4Y$YP zc76B<>%Is>eeC{$ixgJQwk{fR`?oDXwubowAN`(~kJ~?J*%I9I%t{>hu>W5r{ewcl z)3Sdsx&`RmGt)YqQ~-QK4F18_pJFQEA2?ut)o5JU`EvFt_XkR7_OU;(GPpm$oA3{0 z{r2r2N;M(cDQbXjg6LlE5Ae~5`vX&&W60l^$sz0Z2l%|YKX9j_8oDqKpj_u0T+D}G z5f957!lL7#%r(=+L79lv-VLhe`)2589Qsk7m#YE&mO=3R8=4~i=+DxTtY{4vzOF=# zBsHd*j*M@VW5uMdI7B+Jeq|AOW@ngsknvU9Oh&#TJ6a{#DEr&pIfCa(txHba`r*J1 zoqpK7`46ohzCVfce_!Ibhw~qBt0TJy1%#N{u~f18w@q zyF`&#LXaJ>PCS?xULv|?t>OEqKQuv4w`e`VJ1BSH)Q$Fi@eg@_AnwUL~_QKE< z40+34a>zRWfX}PpgH<8h3oGm;Iv1f0pTA%CJarQr2ve^Wp-=hO1*|+>VVgbZV^OO* z{X%&KRjD&^MHZpIK>Wu1JKNmT@jEMQaHY?I{h-?y-4~c5qlCVq#vgH{Bn%ncf3Ct+&gKi zb==0QopJsHetBg7;)vP#dVdnAyzx%!R8qUJr`Y|AG{wJ2Rs4%?;r_+cwNh~y{R=kL z`xl}s6aRu;8~uw`$#Q>UlF`4|O#5ZP>&}`EN&c%#6uhF2Jv@3mhl=&$vlZJ`s2bzS ztx{toy)Le7Wqi&yy9cgHt#KxPv(4>{f1xkdPO+*lhVlI$-=XRYW6Yv2Z@-S)_287? zd~!>8^aiCNVwEwhN#-91g>68gy7*D2EmAsbyiy++_JK}kWL8Ad8TGuU!TA@wdRfyO zN-7h-bR^IJDG5zcR&>Mv2kw1RoIvh%fJaZ4WI7R8?tRguxI+uh!C@x8P;2VQaQlRrm?nM{=U#A2+ATZc~!}OyU;UTaPurMa|P5+P14x>D;{*{9uySn10)^P^sB{a3jTD^ zHIB=BnYkfM5uL#Ls5u8PdvXHNv>A@C7C(J)_3xyMgdU39f7x;b+;iTRIPRhT7f>JB ze<>lNjq#Cgr1I%W)~Td2Vox#oFCx7n3C;!6D~6y$C4sbzS|e^%HtVH%~Cs!^u#fx{Cc zc{kVb_Gh?V58e&!bKv}SVQM8-|7PVO(0CDOOqhRjCwyW}rwm*9JL#0V@o%R77u-8E zK7riJdRO{4YXEtR{>>*pgUEsyh@?tk|1tPCSG|pS#16}RdL6)OHwIpK)`7Z3(F|c5 zG<-*OmU3W&e`x+q|2L%K(Lc@&8QJZ6o`e){(g$4h{>|41CI0^^XGZ7Wum{z@sh)zh z%qe5UhOAnXA3b+&O-ec)cZ^Hwxe@L>Q?*3((4K4jfo1G5{p-_kUX?&MdKhe~_b^0PCLRX6HhLIM6%S*i(Zg6qV*@3%oSj2SCE@5KmDCY9 zLI8D(8^wMrPjc{4r7&Sn;9b)R`*O$OiKA}Mdng}Vo>TLQrWm#^6^dcwDA5N~Ek*B8 z45D|rCZlF?LX|)CnyAB|h#f?<|n6X^9TY6RIV2r@RDz;*XE?-4Fh~ep3SZckEx% zf9MQETl60usRog0F%U_O!Tw|LA6mUmXg*=z05?6Nzra2jA1Sj>5^lykdk?^0@gI0o z^B)?#B-IMA$l`r+{ePpJ8J+*Y9#sD!P#%nrh_sF#P#fyn;4kRH zziSjbSYhW4Wyd7_$?HQL4&&Y~yan57W#|}`^CbALxA2Qx7PVFTZiv3Ie(_I3_qA`t zd=da91%eWp6B3ty@z$H>x+4bvA{PYF|MsuC!Mfzf9al{T;hN^y^UvQ)a|opo&-u{C zeoW_#k=8jEx6Z8uIQ3x+oM64PfmlD+Oc4h~GKf8+qjCLS(7E$3*6F0$U{BT@4ZI)r ziS<8ASe|eeGSo-iLb$~b-sqoe=Iuypfcdx z&ERbipINj|hLFa9@4%LKuh)Q^e*bVqA3QAjaC`gX%R=Fw1?MV)`e4r+LLU%6GQR`f z4ucmz{0IHsqV*e||H1nMalamd5rJo33sVXhf2^^H?j-TKKUm8LkI%h^d`~AtbnNOpE+p|u8ik!#qMhf8R>+AgI8>(0M zZ~hV2C6JekUO8R^nu&!B1k^B=Q7j<3PF8Ta0X0$gDyL1q;n(9)pMhfA2gLec8(~JL zOhOFbXOsOqJ)g6f3C~$c_nej6Ip0=mE zJ)2N!#p(GCPoiDmcIXAOeMwF+NVe{O|GEdc@TJwgszR)*)uWlHUn2 zy85H5Yr_rqD}%U+vY2^sH<;ONSOS?j5pF6Vqld~gmrp`vEP<2;APIcyA=3zSN_!djsdZ2!TYYV7D)& zO-@;o)7!QUPiN0({TI)1>IctGVBP=nQp#$2#!zjMPp>}DdsPosN@DXtzFv6LkZP%| z(Zj1T-Tfux<;b5ji>hiWp0Csfz=R8Mok4}@Db%B&h~TiKIDKuKl{LVKdN{q!n=w35 z&Y{So?!$Zg_bv=#&i2Nj-qVj}JKAmgx9|eCf9L4(slzuIHKZzvJ242cR4jm=u$PEL zxH3_gD=>$uSI1C4S5t^o$VMx~L&86wCM;t5w^y0+jC4ie*=WQ^w8(~*hU)kNOj~p8(fCt+ zMr~5(cVeRA!%=%^9utu$G3Wy!-_m}i+s%i~N1_Z{$alC_7_$ok{`HVL5^xu^mbq4# z6rvSAdcuNGMAr)USrL?RPYXdg=r$D;(gcpRkE})2NT;R``s@U|Uc0J}*wqON%VhFb z8uh{A#bOxenh%4`qfETi2YX%7^#RsDajS&EK!f@0FPAETZo*ktig5^!~vE!mdh>CD+>@ zUIBJ5(J0^7HaVxPfy>$l{JUp)9{7HXu?GvH&6UZ|M1_ZIIuAgX#!}E1)e*aCi_C+XNHKQy8Pm3B_$d4+fY% zcD5McySCXkfqY!)^r*bD!!~;euE+s8!~pw?7Ol$c*+zcuTObg8#g(d9pd+=JQ8J9V z)>}RT1Dpdj23Q9$lORGRF9Lv{gn}^k%!$i0R1&yY<;)LL_?RhVVc(3+F*kwOM2y z7?j1E;BkD)Vh)smiL&V2z%Y^)90{Tg+4?;|#S*izqBI8B-bhIm^Pg9?rsz`S@})45 z?;I@h)%3q_w#fal5d&m=M7Mv(&ZFlSKZ}R`T_QfIWdnv6VjIsV_g)!%XFMBi&|iVU z@aj#pOwRPn#r~PCY&mVS-iz7z_v1C?4zNVp?~kUOOOEy-M}zEHw^`YL%Ob7v>u_wM z@WtU94)c%raftqW01x?_;sJ~M2de$IsyjwOwV6msfl=P~J}RYT5_}95uByMr#(F8C zfZ#yh6%ddLet&MQDj@HEAoh2&@`7_E61SePvs=A@5t@Z({mBuZ z)a1kEZLv06sp^AJb0u61muHhMV!-$a<3yCs6RXvCKCo$`aB`++CKVNh$i*v_6L4m@1YP_w4<;lusk zO_cvDH2IHjTt)Luk?r>0iqDo`u6%!t`)6e@Lh2X_-XVS>&rpP&f^7DG`j9XH`Io5% zfP0y;m0th5Jrxu-cEhd2u>HZ8H)4F}^w-8`)jhC^@B5&cOlESV5#LS3a6)I2jWCm` zavgT_rNX(#Or~-sQzOhI<1^doC!)E_+aOwCN|l@wGy6*+?DVoNQ z0W1|0h=ft&1g1YICh-1#`U#Y+OeT=sa00#QH>(dsu;m#4R)aC$hgZcXxT~N@Or|l- z07&VdW&JH2m24TD%W+x3xy<*DPfZI>C_l6rvfR<3GsH3-S`W#cbh#$E@eObnG>M7L z70Bd{?3gqFG`Rm%#{DNI9%N%$U7jWO49F_+x(3(v>d=3FxtQiV`s$}yJcURDp9&o< zHXevqc4HPtPvW4bU8W5>9IocuKoQ`&Q!K>Q{Yk16lS$4tVs*p=;q%KzL9Oe_ROdH2 z74w_S`BhYJg!zSF&%;CYirB+|K}5uk!vvosZphEYS{na}e1!>0Am*LGn2^DIri;~Qop3^Nj_y_X9+ z`#K0BZdZz*C^~CY(-Y^3`Tgo*{rt*Sq4O&2EW1%tcG57!u)z1_?*hPY_0a=WF{v@&sp)UJO=5`2MDh#A?AuH{y_Oo56{~=JKG1Z5s~qv~5QI%Y-<& zQO!>RDd{lbWxoDREueqx@Pxc}fbq58%&B#>$`JFsd1~<0;cblpH;ie(n}K;#y>S8Y z1-(%u(lplKtEmw8wihuX+0^CnGlw@D`fW||Rr)PYxxua`8^!jSEb(RLS&+40hst6M z=EZCWpWj!Xt>;r{7KZN2kR;zM3j<$;l_sX}z3!SVaELf&6r zQrQi!<|L_`A@1Zaa?0|OoTc|7>q{o5+(r*=D`!bZBJ9ho$o$cLa+(ju%b!x}6y3`O ze>#M`zrOgBidUNmFbogJO@U{zs6vh*E3{(NKCc>f# z2bozeLKM`0HO1#>cfiR`@I~~WoJVe^OhF2ip<4>vQk6@c!2z_!XYz1XL~v!9xXHg4 zA|abUyWu*zpL#LVO1(>DJI_t_lHm8*E7OvS8|C%fSdBdN-7ZhHf5X9F5D1#56kmPb#IRnwASk`cd3`nu!B@E|IX_Z5luxJ1-;pAx;OmIES7zsR zQ+%C0-H5O6kPWAf&=g;fz5xnb=_rf~U(=wmYQa}Sz>8S%Q#o6QSQqL-oe0wY-z#U2 zJuxYAj>^N`Q}6IjS|X6)Kz|km!hr7SFF%~)jf*PuAHq~#A&%b*S!wTeRf_Q ziEIv3qlw7QF)mftlc<`t+Ws%3mH7E^1&A34V$^e3EzhQV-&9?Id!( zZ#c^_jeQ>OuJjq6`!Ry|KgE4bWTYPFlFjIclJ(4+;I#0(b-4GP4Q*nc4K$rR&@x2d zyPdNxox_M3qS8ODDDKRb(l1rBMP-&K_n+PlaW~D~O#h$m7W`&Nu8n#?ZPaUGf2Hc& zAiJMB%aq+D-IU#UzX``rLdX6xty|+B_r6zg`)1s(3x=cqHME6^$Zarc$)R^?EYNC$ z{Dq|KIw#10C(krx06Q~f0OQwT5_b}NEz|WnQuG=%x~)q1iS03Mf(|j4x;12jCUyBm z7NkyOq;9exRW|NF`j1Tw=WCN!z=8YD4)XQNGfeqP>P-16xhmve)W=0T>W7z?qu+CM z{Wcc;M&>N%XRC!2w%e!08>AZmjbjH^^Jm?s6AsiW^`ZnEWO$eDBZ?5(N4BQ2m*b#Kz zsFH9_Pkad@4xAa}^yaRnoF>J!a9UF$?b+ueTAxOBckD&nz8$yggvq-hs3u~zlrY!% z75xYV4sib`kXBKjEqSjGCpnhIW&&Bpe-aD zG;Mdot=0t1R<_29Jhi6DHaHijF2mp-vj-V^cV|a{MED8_Z@uvOX=do%Y56IN{Qd9(Ms~~T8oO4Ayoy}!l_Hau{V36F z1nQ2RN=~+pkjcyKm~j8`0ruZi?LS=M-OBs>y4DdEuZDs#StjW7e4CWpyxSpMBGLDz z5GJji5-v_3J`ef^f1p=s_RcuKCm`kN2~Kle7+uy69Hk-q%GNzv{=T zC#zNQP@~dnWHE;P;LD+SOk|{-$kfZoy2)brO8t99K0aK^@q<2P{Gsx}K7#U5)iHMY zxRw3y>#X&kzFu?^8Ck-Ah)-Lc57?P(f9TVTk#D$23Q4a0Iz5-*U;7u(TpHBQbI)NM zU3KHw(ji1n&`EST8O;v%oEBun+vuQ{T_8i6!WEc6RbEbPt<<*Ilrvf;>dp~rCTiO| zWhQEq>%!+^h1MBMrYA@mHCW&vEhWmA5`u_ukVWMvI>CDVrZ3C2G4CxDotC_0} z1#8keZIoA#x%$%`O6KZmNw%5a;t$*0FY&M7Umv43Z%;F75Wq8^!N?YM3i9uob|L(e zokZu~*GmNdMrge#+DiMrb_E)s{w?k+{IjmEtY$-_{`CEjV-tL8QaE&&Duw>rC1+>I zD=5DW`(~T{5iZL#;7a^vn_D58K@v+a6CskgbwW5NKYtpWytZSIlg%b$M6 z)ae_Z9O@sv%*N-a{f6gBu400q6e~p4@n+T@E2-3Y{1y91_ zH$OZH`ffQz%H>D|QWd$B`PF$|2jmiEgV7y|8#F~V1BhkwR@~A-eeyvN%Z(Jv_f@f6 z$nH9zJ5`w}b^F+}!ozaPh_mAm8iIn;FLLv*n zE?wUJKsJ33O_gkW-qs|tP_RR@Jg2hlV`{fpwH3FDt}w&XU5|lURjr&DU_ZDeL@L3l z9`1%IZJgc$q#ZwO-wOV?y%=Gcy}*z~ME^Q#G`JPH;N%l&VnD1giPHIe9?3XL_1WnM z$3hvP(&ReMFW-|>^RaZjQHFLDs!o6-BV-5Mg^Z!vq)>7}{6JHS_~!z!`<%8KzT@ND z!_ZtN4y8$cyA6osZkGe&=cexlqsSe;DJm1Mwdt71PIOGn`bp13_N-$f{Ob;=L&3Zq z*+q@3As!M5ALuNzsnP|vDqlSF%#%K(aMpjLh;KRzg7bl#XwG7Sj z>&fagI(}CFAowZMI5lDXWT@ccmKGA8u?ZvC{}1IsxyK08zg$2`r{m(RtkDE&z(mId z6ZCCm@}qra_JxoUZhm$aBA4-=LF1|KCw60!%2E z9mFDoi0`p5$@R*UQP^i#UVn?R#0T%!Z#EUhB!d^}?|TEdW?0`{`FFsi!lsxDZhLaR z)j~Y%BHw36DW4QO26tOC^0jNeH@6MXdW6^KAuE|Sk$ek~Z+O$^kK#?&s&CSKJ8ge@ zHSb@7`*pI0UIaZAS>=fw;~#}|t+w~TfT`=2<8Qsk=WjYPoL?uC%D=S?E*$>clsthu zfb5Ir4HA~731%F1P#gyxM{x!j#zDcsC5SBUK}Atq zP!Vn$2600cHShmVRo%Y5(oGiMyzh;4x^GpTI(5!}{yMc>{0w}=@6|*1gntJn0I8xN zT9z;Sl!p<&j!^{*UNew+2DuN|C-9<6<4`3hNBb z`+<0th~vFA*4CJPKke11mHcOW{b0qb>m{Hx6`YQasuIG1kvbjhuqR$p#+w7wsX zu7il}s0U%qfB|`;?VC064*X!oWhe$8lVZ3l7!z1^*jTu2N$6~A!o5&s;8=UM#h<}# zWrtu#Sj{7KjoTXIh|s8W|B;PSO)M1!PEG@k`4Bf?^<=Bg(*yaN}z$rq} zqb93I(5KaXG_{!dNF8ke0$Wl;NG4eyP-HOR5`Fmkg6j`Z!-8X~NDV&{Q5Neya*AL_&@azdEz%~njC<6y zs7G>9>&ua1QUhx{O-gErXHx#mvrK`{V_x`D-Z@bzke|P_vP9}eAWRHZ0e^a3tcZWMh>cv_4j&D<-Wa4bIaD0b0a~of1}!#JeyVs0J~=?^Mn5{byS9y4l*EZy zFH{r=aRp|Hu)r)47MLZ%#=)%HgGH+cv%UhN#4@l|d7>6qQHi#rl4P*z97a`t=F7ja z^H>g+@Fz9IGa`THTvH$hR;l%YGZIBBYcJ%e+^p|qAWJMAm3Yxh#LuP4KvhdbN@hu< z5Kd-<@~erVP}Rr>>++@AP{p5(bs>ayZ~rS5To;=eM9IGI!|7F7RC={~KB_$n)m90; zdKiciOGP&g6f=rLuV!icTATzY{>1JrleyfPf$$Z9vvU%KY>$6u}m+4wK)yWs(`?+8$+_`pt$+500Noh|tv z^r=c~m7g5YI%yU>;J*iLXk`uB1E9DUej>h9 zBTBXhj?q6j#tnb#9vt6ChpF*B?Hn_{_u!l0_|C##t_3sjUx@kNAJzCeCZVEUz@n%Z z*iUU>XQV$fpr1w3U1NW)uhh6KE~oeU*5&%X_xj$J9Q`U49sCoH==+hUeg*)JV!2Ms zi5GB@FQD!SynRfqo0R` zFvUR>AofUMkX!pj#V0$qX!N`jjn|GkG{t;#D9SQc0hIa1pA(qHQi7JT#cLB6wsM{KxrA#???y*c;ZI2|Pfb~3s z3kIW^9t;+yQo9OUwtH+kfQb2F@n85=3e+(~RD-^qI zYK2@?HGl;+pg>jVvn0@&gxDDtUhm58~K&MN(^aXkCZ9HkGB3p(^3D_i27y3MmQ?1 zLqMd^aYWW*`XsAt8&Rb_rhu}UIT;f0)P z{M&!ytC8!MNlYdhfyY!X9DEM2h^6+Gy_9DaBohjH^+6%1R|-YsHwFV<9FX358r1yM zJ{wHcWy)V15kZc zKu=&5fF_oz=A7qP|7cAwjCH=)r)_s+GLXKDk;0#OWjU=!Cao;4-_{#3xxuOuUez0I zLFuJip^%>6R*^#fN*3*aVzK{T6cxU?Ps4E`-3^OME0cy}t4mK*g(SD+K3ESNPu7!I zmyK#{NC7cFIed7_RCLz6*LFwNV2tZrX!E#ls7=gMvtV3ZoODuT2YQO^pulX;UP}5h zAjLSwE2Y6rTvw^W?TKChRSY|0{-cK|#Z`2lHY86HAjtd&;~VyWNiW2dSizA^3H;w; z$73JvL81-oCy8f5F21m`;MEpb6GKzh59cU5Y@Gyn$@&Lk4e?9LMc~%~T4C@8;R%yr zVu5lSzxcB;u`{u`?9Sc9uNK5FuYW*>!7#iXA{4{kGZ?1#Cu{t2vHAt5zDn@xM|fr| zZEfhDD1Mb_vulC1jgPosRo;( z|9lJdGU=Nt(#t2XLnn+`({$V`(-77Hqbe^YOCG{*>V~=vgs~n2VI@uoV?zqU_{jlb zjo49Nz=kl^VC;)4;wODgg&t1`^ZGrouMij$`Jro(A27x?C0=er(UwxQ8WR+A05q}8 zZN%B47FW??ZB4C{05NMD65XdQ(NKD5X0e!M}1W>{5VEEM1*; z7R|HBogogVcZy_k>73k;zmLWkM6$;xX#U!Aw~c0e z#8}%oU}M|9B$~xzV_ctmSGGvq)`u@F{5W!Y-3tv_&+V!r-)#+GiKV#jx`>g*NwO}{ z)|W1-O>k?^sB^{o-uS|{J{CV>0JY~Y*qnGvHULF0ncMl(wl}Hsk6%}jYU&7zIaZ|} z)e&*ChPBohUc%b^T96Zn&f ztH~hY+YB%0@8{H)khx|W2~|uD52$8dKy|ga5X0}!Y^=)0gTl&T+Z}`=$1K5WPN4y4 zD>G<+536Gwu)_llDNs_|&KjM;{;MLq0yf(}+`aJ z&mTH`I3I6qXL!N*W$9JWZ90ml(CxH{=A;vA$V=Ufjk*KqhB>}BaDU;cN@bFNW?>}x zC8@#+nBU%_w&}8d6}`XbgfW%Hp&&2 z)PEq3^8_!wR*fh)2qU#f(S$T;vX?}E=^pjVi(``StO`260lb%4i3e5;*fo{eVH{SXJ# z`)Nd%OS%Ou+n!&&a;40#dTpy3O$Po3?ioXo)~#)oJ(ndjXHS)Iy2>quB2M1S4_!I= z@d{YQ%^%t(%b$(O-lPu&HaE9FY~sUx@G$qtvwCyN{B7dX{I=HA+ z!te!j>!4A0jYeH76m^~Fe`4*TpL4P!e|!lMl9idP04ub!0&Gp4|KTS`R-nyga{lLi zJ1xK}v`q&dqsDZ#92%g5h}rWa(v|z959OVNerQ-??ZyE%j)o$$QL_i{?}Mc;#WNdo z8dtPMR_o9^1lcSl6qj%n8OvXs1WaRnXolOiefwI9d85$JTBe`q zW9kYg*uD7kbNIPRFugUIuLIL@|9xwIQ{-+2_+xf$nFjT3u|Yl7*@KnM)d0w@BGzN@ zoORiF&W04L<|hZ9UpxXmee-P_&RIh^oQre{&RMD8s{(YXRsemz1~7hO0R5-osCy#n z)_~4u44~(}o;aX~K+{rI+7gv&>nEK5_*y~r!ub_|hFBhOW-}Q8SJ4~V&&v`zc>tC?D3W{PJd=A-9LrotUsQihsQtG_RX8Y+BR;cwqj#>vgfxtgH}`y%q!sS zvD91ERJlq?GEhF6@fCza3PtP>7#9lVgN8yuuf1VIIe!jk=`D;+x52}RFL>J2uhFRc zg`23>c*nfL$9d}zG&~qpg#bDDLCDt3fAXo*@Klvx(S1OkSgO7@)4>m0lgLejyOYH& zLt=-N%z}4AzQD`c)aNII=^Gg;BJVGL=VJ74!0SQ#+`pj!jh#gkXZ<|&1CV?tbeSab z8sK@Xrz!##;?+2e~=8ORb<^)Ipm{e>2c9 zj-ucm4g9PFL}vSSGTsS5*$Z9>e=h0>2@D}o;Xyvq1dminRJar96=Srle3$qF8NLYw zCNQXg5ICr#!8jRBlS_?1s@56=8?8zE{T;6k)cad{y{h|OLT1l;q0PEHMD=`%8LYpw zR)e)$eS^U&#y1=++>d=XKDrjn#D75#pMLoWinsGe7l{BV*4p*PO?4Qt&mXqI6Nvx# zy-E~chwR-kHLxCS!Y_*42PDn+uzS9aBWse5Bh~{A)xgQjfc2Ol!n*940UJ^wgr6KC zpb#}7Uu@xwkU z_ug-vIg;yK^LCx2Mme=YzA^Vtzk{!pUv9uB*MgVvUqqkvFA@st8ptrN79;WuryOPL zY&YXn;wh=2`XZ0uL!c3$EQY_S^|ShF=n{r)>nSjXKz*cdXgq_Hh*s8_h;?wY`=pdP zKR4u8GXQ@)Q4K($`bM9hy93`U{ZGax*MghyU+vB91Q*9a6f@rc?GHVVE7g$5UkoHR zexU%v#xny)Vs}rm4mavBMN?4p2vM(c5o|mFD#jRDy^d90+9jFzwUI#&dX_>F@hc-V zem&n0{q6R$9l!Xq_CCa~m*{^g4B6`k^H`!5O4x0HhNh#KXpDzwx-($Xz8Ex}=gYh- zy6GjmF_uDOvCo&aWPt}F3fPBea&e1u$gKUFz9?`l3dD|RoA^i{JW?gVx*YxxWAvCm zO;`REd;N^JztWXDBootiHbS)(>qGCa{x%2w8vi2E4%?{Ac+fUkcXrG}f2&#UER;ir zk66p1aR+5C3#3LAh&?F7S)l9%<5S@?rgQl7zwmRF3`k2-YGlM(y=Z((y<{G>G;VJ>GCc@M>nsvBOPlnk?t2A=|nme=|n&i>7-JL zbX_#)@*9JEKlDM(6Hv2`bn*<$pa)uzh{r>Q=TcfoIr$WiugoFVb1d9d71q~Mv)rb% z7UGz=9bBDoGsUnD%k`?eSnSY$q|MM`$`V?nU7K61uCzV@4H{8BEVf=16VX`KSB8-I zz;gva+Ug65ffN8^3}3ajq{+~_idqN!%hE|jI%kWi1F4pny>xPZVLNgFEy{-aZ!Uni*RHM_EXDgj8^qWD zl2q}UIIA+>5G<&iWa3*I!zK!G!>vR!fo`)AH}l$O#8SB_gw^WZ_Pj;j)^(rz^p(>a z>6*nrN(8H<_rI4N>!6iNO zg_}HuvCmviFs0PYzv{2=+y;P%fjZVxzy0cbKRxd6{7zeVRx$yjZJoFlKKq}xg|pgd z7GCg&7#80DC(&(|sv=nn_h-6v!FboHCmsiGM@K6a2Lb~C2C+t?<*zVm_(w`o_|KpL zS}cWt`=R%PT6B%zQK$!d691pE@t;2j@qcFcfN=B^~Rns$ohWeuzwJMps#E7_;bc)|GXhRWokPAt(7u$fRiR!TNwq=J2}gQ zJpM%P6vp3NJPUu@YD5Z(UU0&w7f%@V^4EI$7#tfqK;8@rZM?V zi_Cu17V+@u;SawO>*3_&sLrP$_LRScX|;YVvGH*K@P|Lc;zv}4Bqueh-t%~v9J6Cp zjfYEUAk1q&5X)rW_-|20e@lVUxboYbhgFudv$VpWZYhlW4= z%`dTqZXf>ei*X)4_*hsEOJY5oTo3>MJPq|V3Gd`T4#!sC?nlEka%Y@}{}cZ3#c>`k z4u9Ak>*4Cu9`unGF36HYvGwuc(lC8Yi1YB@!ynF$^Y9(&;jtybaB_UC$E#B#)mb;R z{lH(s6nMtL*xJ56{Na>15BF9NJM{PNf!I|y3a|Qau^z5Yh2;1wtJ9ueE0{sWC0n0? zIe>74u>`(TY-Am>zG>5PD>i}CdHn?wL4dse#f2&0zC91SWO|G3n2%2AHu-;nd6~r%K#h-{-l$S54-TQ!VcI^7^Jt%lF;*%K^~GQDngD zQ)*2)G0%TF?n$~<^7najc2236=fB3CUf!^8*PZ3~LH+2(Tym*Q@E&)U;NQGC+g)?+ z#L5OrOil0GwIZ-fDZy&~;g1!b*$0|Wxi;8*cxRM2+#y3|edJE*wsGY*+xB9NI3{Sd zd@>v1msa+vUsufDml~*F=4Fqh8*vw!*( zi7-z=ZpAuS=SU<<$Cc#u-0YhDsEot`ym}XRCL42n3<4oPu;edJgUlZ{`}{R`(i%}| z|B+aKINnp7Khonn1aYi;2GbTlv}KBEi@}MJm`K<#A@7|VR9?^)Jq7v2Y479}XC0V* z{@Ef#Js9UZ2g>Us0qgYzEZ4=KRd{`0Sx z_+ijShrX`oT4wKGpE{+k*FUm#IS!ePYzF7d^N;d)eINJrKQv#I^i^Nj`pCYipY-)T zCf}eQne6#?<*wUPJID9=pyF10^HTTZ7kBENJNwnTd8xm6dw%Jf-Gip@?=v{hKOig5 zKgN^Wacgez@VZ#_aV>lczcB~13})$@>7GL0*~eTF@-QiI+T7Il^Lp->oXrF4rF3Rs z%o_Q3GrEg0qtc7JuRH}NRQ_jWLh>B!p3mj-ChSjgeR%qDS#01T)&t_-*nWkE@;dGr zSe*8Sr#P$3v+m2<9^ZRbyHOZRf(2wUcI@$aJp4{>Bk_3#&pv9^K1mU@X5F06I#oZVZal`}<)qX2wx9h+bsQ_soT-Q0+3TA@XIc5h4cg`SufjbX zof`11=3f6e9Kn7;a3ysGXQP#dVX<7?|gr& zck+6cPu-2c+IMjQdVDOK^p#g^F;mjFzl#wA@ebm^V+SiLEbkDS_$yY9{EHi|CDe>V zsM!E3Mx5E<^)D@isp|Wk@_O!Z&3;Hs7ye!D^?hOd`|ft)-)omR{aXi|t*bZ<4_#=;#zQ*Y{~u#~z0ubJ@2CIK+AWPHuDrKKFu{9z#n8qGyhO@qF|m$9I`~ z3UVbQ`<{Ns$n1(ueN#Wr@vY%6dH(5Ho^^X`Q{{9>WKzD$t$kYt{)hW-RAsq6e|F72 z8_ovk8|?89&hq*Pd%PWg^UT@rTKELNhhyy%zred9=s2n0=k+X`jOzebX@|sk;rJyS z?q@jMg>B(*(;uP&&F`;Z3yU}!Rs>+xUU;nX7Udwh9lsw?oc69~-7YxU56qvf9ijY8 z-SDGV54E3(?}?w~+|B_>)X(a1m`q@>LD+<~NJ5~DC^%Lsd!(pN-R83doZm*aPMqxu~q4R;Lr4Q{D^%fX0G z;g6mQta;+?+uvw(C`PL5I9%g>oP5sC;2-<+AFcUE3iC_QE}x*) zS@JKg$&h~^cOQ^{m&Vabo4mkjq@b#sN)L6HRkHFvptuP@NNxb|m02a?Do7zy zDpaX@J{T{a!aXh`>EJH2&u@M!U8NCKqq^Z~jdw2>Pit+yu`JJL71r!-KZ}o0HC|l& zX~x2Y027Z4VYUMWMpF5ziH%S%>?LptW(Gh8EEiZ$!vBQc2e7^(pG&RxuXyrkp~T=C6MK>gTTrmFN_H z4V+W{YsH&U|1Y=K*bLX)007c6`_)1ZOmCW}nE%13mf+jmO&joE4AzbAi5qj=$cS#r zacA)>T$wY|?UDa>k^he5PtYx@D$d-=e|*E-pnf^-0?IhfQ!IZDQx&CJsp)(KwXs7U zc4#m=)P)cCP;L3~F!J|2Dud3z#Q8Kj2$q3o*vr8l5VUEY*?S7tTN!<~iw?{q@~ae+ zhs|@bm3XE*o)WkGRuQR0Z}BzmZF!=^H*2Fmv-T{Lo-cPV6-DTO{R1#C50>&P|BwvV zb7yDm-v}z{@lVPq#}ehT9S`_> zqR0PyDJ$C4zYG4sl=6p3=UbHdCRdI)>_{vm_zo+MClTY-J&wXbmW=~~eR^eWRS%uu=zcHtN z1@<-Y33eh2=Hpq9(zV2Xo#m0`fD3iMp5=EIoAS&9{dPxW4Zeed?=von$2;JEt>O#? z&SxBs7BzzwlJ8REGH~N3~+}X8KR4AQ^PY9*^@U;h1E{p#b>wiH^QcfW!D=9^P zN|2Yqec~gtviH9txtS3Ns9yhwbm8kL=PfSCVp^l5T}n#Vcf0N{KL#@fOmi_~M$+=M z+*!Xa0+_hw&6$cOF{vzR!8UP+S9AW0SL&b~XK96P`7c;}Q+|&lLXG+FD)&hIi*Rw@ z#xqkcs&HFst$qm842_Xy$oDsC+}D4HUb;V-i}iW_!0uACFu3pG^cDV01`d# zdVQkl^^kP*D9^Vi&$l&j{jbvfw0wW>)0x?54Wm-28rpbX>ZcsWJpawibmSFZo(iLP zyT!k=_rIFvnsW}uCC`5Q_JMN}=m(sj{{@k;!;zDnm z-QMEfy)Y==j$h>U{Khr+le=mmFEZ?=l-zY+rVaFY8@FapSR~(fP2&!E#bcUb$I0yT zKNv@H2m_qixLG+)P9S@{TXrBHusZby9Ps4`$dzI03mG`|mHzY`+T*T9M*AH3@+o<~ zp&7Y8z8T<}q5@FYV{?ly$|5CQDC6q!Uz(1r0jFBxcE!C$r(~G(%}eHU{;GzI`F3UH(0`TzjCyDjnomdG2v*;+qLbHmz;d@&(@UB! z$T-+@E@lY2pOBbOvuE5;!xSiME5A6;cO{<8Ja={hzJ#*+C!#D>HI%@iN0owXsFKKL zlog>Q--nXmG&r};_-&r=4H#^$kK2m`zg8ToK>rJAr+xhch&lBIb3h>S{SE48?=MZ8 za)P%w8>(IBntSaXO10+&7NJ0%AL>O~p+COO^Is2By#xQ=gf*h8GQ1tJgcfG6n>?w9 z#a!3n^28!kfGT=^?V9_`OxkVQHM#3{&}{2LlMBUc`A5dU;s!ltpWk*YZMN<}U#oiM z$LIPEX!)&PJvqPLl+vl^gHJ`1^OeoD?9r9P3klJG-KFF{fHuuY6epIKGssLf6n3b z4lgSa^S>A~yjxm({I_@T`m;fZaBPW7Jy;?@16@l4tESb$kd0@kV&oy_ax2*J1Z04Z z1SssUJ%EPQz1Wu3Xg~8t$~pZPI~}vBIA&ARPd=pNH~lj9X8NZPGuQWn0ZXG2C6W$t z{>x63mBFHWrjQXFvT7q%FS;9lAh(ayz_e+YTm{a(Eu<%2|C&OW22zn&T1DpjP3c+@6Zp@fdQKdl0N!rpd(=#zeX%}5PLCo&OlXMV*^lsm+PtD|U;h}oU^}`X zZ1RIU3!tde2Ku|TLhenUGYQ+EI*Ltfovk-xmW1!s?8Tp-(?54IVhHchz-k6ga-0IN z1~sq%DPdn5f8cJIPwc*KITkH>(UNJzR2aXnt#n^&CD7LiY$9-XtiI;+=hyYmmF(*S zKha@FrNMW2ne{en$oKG_Ii;>S55YDuVZv?lj81rEC7nf_-rQwPWL8_C`H5To>!1vH z*NS5xU`Gh355lqry#;zBUt&#PVnnguVa>o7XMFN}@6(FR_zvAjrgDi3%x0uV+t zzqr-0$mS39r2#_}kOdt))UiPW%&@6&;6^xrlle0T%%m;0g)KH0Lwuj67J5GTopf|> zz$`U9mDGPz^d&_9@9wL-{yS5^rwXe}|6_irM*V*|{fPR{uSfg8t4j3$0L(o^|3kjj z`hPae{t-rwX#Z*2{_E2IAz-Ba^UXbS(EfOXowM*T=BIa7Nq07V$H=!zTqDQd53Zru zWPWiIUPlPmKqQXu8hF_>*i*KDQre*6w3D)nQU>_Dodm~db2|s7)(^PW1&Qtm0RB%M z^tpT0^dc3#a1ILcXKVjkdAB%$BHnvPv|*_VSQ<#rO;-2eydyX%Q2a`TQw)gVAAS9O z5IP&w1`W*jr#1VYcdhZ7ogvSg`#(;+ycWO7EL7j<`#3fNDY6SWsMsf&L zoarRd9NyF_(wpLsC@5QSBpsyoM&wEg??_3RaucTdxLe>`y|+px_8L|$sfF&oJ3aA< zJthyF+Z&P_458RtB{vdGL1T4P{v@P99mjX2qQR@Gs6lmzzJA)ZCEVl@HFI$*+xzbJ z#5))}a}ms1DE_))Pni9U4^-a%Hl{${Y{(ml^Hl*Thu|Uva8jkdn8z5#Vx|PJKY0g} zN-vn1OgPbb-AQmT*KH23pE_BBY@Re?LmN?zZaE|MYKS`oGLvqWgci{;}0AIN3p>6p)em)-BZkX?cDunB-vz0PpJT z=FYCzYCzb&U*ekITB!BQ?YCCNI0T-A)rSnj)w?RN$57t?J?G&t#$z*n$NOtya{mAP zim~VpDXYg9_F6H0p#_vrHv5Lgj3YU)0nE)hG<;BoiQnKy+uUbvDuq)PW*NB<;WXj z-GHlB{xLAGVE{MZx7g){Bvqd8m%wRXhnf7YFDmT!%OKA-QVyPdJhxtAZgpoTW;XY0egR~ ziY+C~7~S&+=lJ1<7p(TH8MA%99Ty$KOv^z*)TfuV72feP2JgVl>Uw}*XWYR<=#IpS zT763Zs=^X^&wq(ULt{_`b1e^Oj=BwBq>s+&rO<`zxeK%A&vf_C+P?|;wfpg+xb@cL`f5K^0qQ8? z1nk)HqDC`u^!V@W;VsU}^6I2Mr5A1+sqM3n+D2NQ70bFoZ)CZ# z)zS@F{i6z`_kBis{L{yIuv7#?veBuK-JCIj_JciveBQ_N5sUM<5`j#7#QBJuvDZVN zk03SWsR_L##37;p9v@mP?!C=Zd>0Nm43e5$*ch?xfa|%--2L~jPb<%`mbJ!~5&jAM z!8cP~>??Je>uZ+l8;Qk;%%8>;(8g#kQCBz&BhD@E*0QK>t}m@+yj6_g65IM9zIk6~-z2u!`;3ix^qwnq0xP{J{*J9vnpor+WDE3Do2Zijl(v2en@alpK*5LS1q zu-e0fRp;`4{~w^zS8j*~d}b|GP2P=}Fs!ns=*#@0Rq&jih8?ZQmthBZtvvs5$kn7* zN%^gm2Qf5cn}J5Jm%oP`=OrOWMEeY&tyBP&?FQo!J%?l8z!t3ji~R-m!V>K;FghX( z^ri@_$465|xC$N*uKCMxJ6ZnZpJ{*mQI4Ew`{Vba_V=N-zmNMxvA;Y1i;f+*wo2^p)or0c zT>59t*jo8?(}#N?a*5WJ>m7u>LKhn0c|@cX)))}6!mOI(w<)g2Z7(LT(^ zi49(EoY2Pru??c@Yk~KNVDE&vzbFk{qn&UKM+RNCg}CNCh#uJwrlw4t%()ZZzZ@;U zT^HT6W?fyyJu9z`sLhRIA#N7v^a1SB>`=M!J#;rJjZb)oO7xYYAk|TEK6IOkiFr$n zlFa@j-UbC_O)?YBNQUuo0J<7JCUIQ}_8f^}#L!g=yp=KU0M43WF#9knmO{Q8u|o@_ zaFbpf!A?zk7IPlud-kftw^*q+a36*DN==8|0hfDVI-8>He`W@~PJ8OC|p zGH!^#rmwZOI+s-1cYa-7WndYNQNnr<%U3<6iE?GuUJI(iHKrkmm{v6LLFr? zm&9C8W=}7;_u)L(fa0{;NF;H6#u|;u5++2;M;Bm1ByU>c)GOOR4LhcAl9^}nQcq{@Lle zajelxVK-fw_-I$c8fE|Bgm)d@yW*W#-pfh2FD-%nWyyH2-uGsl_s?N!y3IIkBz~W= z%i#BtD{4enfqq+*=kBvTSH}0q{yY6^jOb67CoU!Zm#xI}UvAAT!!Bx z`iElMBCh9PrNnVGLhobcfeaWq(oQovFyX)_yv1oJc>M!gn8yxMf86HgT0Yd zSAg^Q4OjMr?NJPa-sq3^WYIsbab;o36A6vN>Xtj0Cwt?0gtQ` z9&w!kDPo}wAsg`y zzO7-Tgz>2=@uL9+oi{phYfFgJM2}{IADz(^JNi#}BWP@)NxW)_{zs1=Uw>inWAvyR z(N&->{E(4}CgB5DuWgD@5_u%JH z;FOWJ@9LdLJh_7oln|ege?w)_3|AnejxPvqTH(}+W@t?mq<3Gi)<3Asd9{>4^j{l!X{2!(?qZ*1D z|Cj0bKVQfH9YlbT_}@e@q%glATKuOj!!Sf@0EVzejUj9#HikUA9fQ~fqE=D--&k$& zpMuUCnz*%9!Y5SxM^}RJe|^x{LgRn6;78bsjqLMr&a-Yc6NoD#5WAM|I?DikMkg@_3XuoOG*4-EAj9ndi?J|myS9A-xd=8ArQl-6p0uAC+he= zSjYcm;qgC%zN=!ge^M7t=P5jpsh_WJAGJ+J_~Khm*1JMCO&9)J~*2S~*zr5bt# zclk$T0Dk@uDx5Uf_TI`cfD2&a%Erw6uS)s5m!fXUPkgj1VUue9|BAzZSG*j{fB&EH z_ftNwXPT%mS23?DL9E<`-h8M8QxP;T$jA->bzxY{prUbLE9|QHWhDjb{*$+ zUxuZ&0UdCNs3*2BA=~%){5>H*XXGUH+*we_ za&S2HJShKm*~;~Tdz`pBwj5|zU#eWa7mmL1*2h~KNR)o2zeH)LEAv6RvJ^zktO)*| z1IeT8-|tAF9{1Yb9Gr^>_dyswk9)7M{{@N>H<3MO04>=Ig7(P$c^RCh{dzaoWpDz` z@v~B@dVYT6dk}v2z{D-0vi`m3C5L~%y|zaEyAts^=UpA2*AA!=T?NLzh*9_V>5^aU ztplG*{T@D*Q%6pql+86KP#T`DPN4jzz9}19;+l8xG;{vsTYPdY2;jf+-q{}TW7v_M z?D^moxgKSLwIIE4gA`j=bd(**|peNhAq@F~K8 zlmZN}7Q3TSfS@&mvzB;lAgD}OzYd;ZQ%5G`&Pc`RIk#2lWw=M|B()v?F*x#JY`p4VQ)~0?nqAkULo)3-dI636p^&Bm# zFMA6zwo5`r`bw9iqq-mvqxx$&-nQ8e>zBhY>Fwv;EvWR0Yu@AS1(i-5r@q{?JL&)`!#F#|DB#7y;k1sae($ z8NmSfPzX4j5(6BT*x;a+ou`@!sAGSP-rs!n8w_wM*7l2P#MT3Ip9>;`wejDvK%qwF z=?~dzlJ$@H_<7#z7~E(3)Qpx2o>jB-rMMf`8N1`G&p-4U+?m~DpX4mxR4`Mb4#T1cFE5-WSv;2s|%k)7I9na(ER+`l!*B`h1c_Q z*K^%2$ST@DTPiRge8Uaq8EOc4!mopBl4%`xVIc0ruwR0DCD*_HvZe$-kpn zIH(7Y3xSX-;}E31DIs8cIq$`kD&+CF~!s$HT+%a71c9RyrYZ=79SF z8o@t89KR~|_qC_YkM>I3LMk(-@U95@ytVKjvE02zm_s^=7k5iK_g|%^xaNF-V8Z>L zF>V<6X&n?c@w}>27>@dD|A=-|;aoPCnnZK53KO08{GN=`te;i z)ep6PpwR*TrpjY7t}bhR!EK4BFL#$}Pj99?oy>r5KI-@*ojr5GnFVlHd5f~j=i}|u z+LNUqYL<$?6xfGcUeCNrx}kkq@H^yUkayNX%mEOy8mK^^4m=}-2t?U3EJkc+%g7(O z{t$nD+=4>ie|F+FQW;;*dLroSqCacKUwe|o%F{n8pothTy9Ag2FWByOmls6%y@cHqT| z+H=ppb;G`hP))%RsxMIM{R>Vvq51-B(7Wt{48-dToU4VbjqzG)hnKT8+$)WEormKo zc#)&;OMT-E?|MK{ePnO;Qp8PX zCO-0&@Mf{k36BLm+FJ3KSk7E6lle-l54xYz>w`-=*NCnH{T_`UzemD|BjWd+&tfzW zo{_kO^kdePX#8%~iEsJxU)Bl79uMaGXLicKMNFL-#p`nq0Op@wn5Epm53gZ7?;-IV zYwYkE#PjhT1{M!%hz&Mrp=yT7fX`gwk? zC3;6tFj1WkvllE3+vE%!2}jU`0yM~zyD%Tw~{M< z(Netq0&fO7!D&K};M7PY5E%G#ik`e`7>IMer7r|l`dxc^;?`3MEC`H!#DN1(EU8f( zh{fW8pGQW_7SCX8??0_(w3PK{70t8Yqt0j^XMJG$zaZaF9TS(2-oyHnjpb&Zt(i3( zdEW_iIX&YM0_M}Ecejc00Pal+fGz&YoFg+VnxJr3Ll($f85T*^T??; zE2C>m<#25_=A3%tejOg|-*-&#Xmw+goo|c&@O)DT+p8-R&aZ>Thd6PS<>#mWljDDC z;^SW#FJAgk(2Es*Z2!~mtz-E(xD8`@27EGNPCk_0s-mx%lVc`qkRUiG|8lvy|Kk*;YZJdE z=yUEYB^sdKFgju;b zdyBe3XSbPqcL-~(bla|;U;s~S!`}^Xkr3Z+A0vR zAn5tlu0Q@xP9K_uODKMi`a6bpYulR9QsMnF)P0=m2RwfduUC8Xu9nmJ8QSZed-R@p z3UZ#2gq-yH1E?up9LE*5UGh>vfU)Zh8&&nT{7!N#U+|k*Hgz_ifjZjSe>v!QQ^;oL z)UEk#bV@xuw#$vl3L1oxr)ZZh#Zo!f{+lV6mU;U69l^Nn#aX#*|8V=BUffF7xCk%L zTqQ#1`nuV-^^#IJPt*nJ^$Tuk4f}_sHNR>N`EQtN*tA)UXmLs?S&nmNzS%O2%pY6V zj0If)c}=z(_HE55`JG(N5nunVbfxyDbMxYZ_(J^-q}miefB5ke(BANqYesu1_bUFp z4Staze?E`$J$q8(^3m^De>}g7e*R^?#5}{F4WHKh`I)~teasDkXzVN!mp|{oTe0ch zOSO+3IN4sdBLA>Pf2#b9662MTQ##l;<+xUlI*0qC*5kIU7PzLp%b;SnTnRkL->F4; zee+x{?jY5dqneHExQ`C^IOF|bo!XhiSuDro@pQywkrKWsQo=VWrQlCs5bV2>{yFV& zjNlKg5+A|JFyKe-3H8tI3;)Oc^Sr;({#(|J_6in7jgPK5ML-lCBPZ1XK$lNope&=& za)Rj$l)lFxaGDlao|uE1J;T#1YO-c5*1S4^zRM!9e77!|mba_JWSi5mka!ZO#f=rn z=uByu?OHwHoUuQzgU`5l7#4Tjbi{6cxJ*Zh?3obQpSdWr0RN~fUir?{uEv>|G-F&- zr@--cc{D=qDvj{c3p5h=9J;_Y7^(-jcoZ(H#28TAs-D+BpfyXdB;td$<{W2p3Rcx>Zo}Y>JllXKjMR$-O)z~IG--nGuvm@jFb-Pv zKXS(HA&A>U!rv2y`VUYKKHj8?{dlYs5=))v73&O#3o}k~n+0Ch_9l~oD62AKYHS1T z;A)CT+q*NW{C=Hj9>Jjd@8ubW9bZgVZr6fkMl~@=N`+lpH4A#*& zG>^Kx`)6l-&w)U60x1HAQBI5LaQIP|bm7prN=7^qr|?^c#`hUpo&HE3J=MXZd!JoY z&p$*?y|PQ5)I+(xCTAPZ3irYwisE&aY!?w*+C{`>yMaexpJ5(Y#rMlBe;A{6YG&f2 zRf$+G{`dAghyOL2Q=|S@iS?vr zqr?r#g+DJjo{p+HJET*2ELDfto_g^yLY@%u$K7kRqh=^aRr^iLt@pM#{WMnGq|7F6 zI#-2)o*A}`#8}IQ@vk%tPi4cAr%rbjVf;eRo3Vc~7Y@%m#hD8?cn~8x@3_QmuG05E zP;PU-FId+kGdZ@dnib1gt7S1cELbi}kvJ5b6aNWc9C(uw2b%w+V}tJ0Y!sZ_^JSmIYe>P(;R6BDklxchel#>Wk#UOk5+~%5`!f29zUO znuhlZkDc9X{M33y^}x%)YUfl;oq(r@%KZ72jFc$_Lh#XSUhyb7pTef;UwGj(-ozK6!Kr+cC(rMKlek|-Eobzse%XIwSav#rDgC^@$y?p=(m}Rgy*}-sE5i$*8EI- z;*acmiTsVkfjnavG=4{`Wd4QJ4LYp^#QBpu;YC~oYyNF2hR<%gB(Hd=>>t`P`DC7^ z0jP2o(SXvvhJ z$?Wz0J`k4gM@>&+(NEt%%oC1Au;{mZycxK4Ms!?D`h5RG_duzckTN*fh64r%Qw_4Z zxw;aJAy7J9`=rrd1iqEu_CJhogBC%Tuhp#?T~2`+GAFn+8uN<2FLy;TxFaScT%p)$d}ljpEdA{w{K>XM&(03IIxpLV(H?&dQ&vxz_ftBe@n% z8c%NHU|Ns)1)o|%RC8jva$GC$)vXbbq~0%*%=`~hS@UYwhzCi2rZa_(KL4Bidm_=% z&i{PSU;kP)r@y^Z9Qso`5ghlAET#j7zjd(#W&CSu;xZD2Sd)qE_I>)88Jw)%2oQr~ zF@L`a{HmFXGm2l`JoOmEuVA0sr#2O$geSm_G(EXd=XiEtok7!-P7Tz%2ISO`VP%ST znE9pjRP9hAUCEk{ey&X+6ok^05QsCUh8Dwv32iF{Pq2*|*rDkP&mH{mvdZsJBGROl z20eNRdKmtqCT;wVjq)L)NR~zs^=uGD*cQ1C+alMY4AwEX$jcv#g8b&MUqss{f^`YSG1M9!s)fo1&(D+&Cm zeTTxI89&vGmfFLMnN3-iEdLla6Jxpc$Hb*12C#$)u3Vo*Z2rOL760HTlV;9Cs)B#Cr;Lw&pSaCbCg`TP&)(C z;EJHR{=eoQv#03!&z_pm(i2xI{27-l{(L+cV>vttDTzO9B{}{Pp7-Ehnr4Dbntu#| z9FF`)x#AyuBrg9b(EKAy^N+>w-T{vHs~-Nl@_qST`96!-e$VF>|KKO%_Zub|{?QA9 zXy;!g(}5g+KY2APRghoY1WWC;kQ({qYvRK3d=o`lYD6LgcQWWKNE6e-)zSj)KmH~R z2#z;TWaA0opZ>jaOe8Sx@-P@UBb5o9$k!|?ada)&v%mUKYdx#Saf(`a1!F zr*#Qgtm5DHKHxaA1@j$18?t(4L#po03(iAU)g*!WV|Q|8Hot2De?7{u$Q*H zZr|>HE6h?}+A>majXlCkTQUrU1TSenhT<3PCVm8$O-L7rBkFnNQOz~1BLzQjFO0^I z5}*L^Ltn!R|9e8=hy1SagGFro;PVPU_{sS0oCyX$4)3z@BXji^SAxTw1$dCRyNnD? zSyX%wo+-T$wOIc#6-3NbTJz^6`sWa)5b26X@gf+NzZeAns`B~E*qb2v7hl(i7X%iL z3}S}$=J4MME@abS68VdZZdCkX?arFf(%4I6oMYxsTN|Ws9(8-<28?6#BqStKu%>w2 zfoH<8s|&~0>d7l08uHx-4F|S1FQK^+XMgwth}+dSWv+Rn@C{%0;F>cSpIi$D$P;+k zLo+nxNQKyMeZh8D-rXeb$}pah#s z%B?AnDHxI86pZk3<{wo)mJh4>2R|7cIUkZ(YrYIZ$jna-gvbja*uf*A$ieGT#}rdX z1d4pjpNH$8E6Fn2z`GP!IQC~%>HFb2QQ9ZJs1cu#_&I2p13ea991A^aV)fjYm;Y~D(~!RusB#WxCHPQ)kIf)nHk;7dC3CH&=bLxL}t z!!B3B83(=udCFB|<^8XpMJFmOC|Ns0RGMj`azNidGgzUECMs6rM-;%w&kA5z!p0Xq zuJDDQ48DANEe2pDM6mN4ABErxJ9s2~d60E9F?B@X%XI$y)2FJ51X)TlFQ<8Wu)!RC z)Q|7|i#D@K;zo^)*FffM$Q((es(w%Fo_q(wbjpi`F#pfiSN?jn;wLRXsTnP89HjCa zB{(LU)c%e`V=$Iew5am5?1I=j#)CUUS@7+TsFi31?bp=g7LQIv=O){4scFH2_d5zoF9<_AzZ-n?+X6f~ zKJ3v>IC`1L!Ju59oTNmq`v7*s1x90b4!Rw7r` zdjz0#Rs?5c)Kmru*dQx;<8p}H452Wun@mbwf=BgMbpEX2 zCO7@{|^;YpX*`Ey_Wb3%MYG?Lg=dsqTj6Qt^zA2p!#^WIO~;wp?_fNukXUv%(JXVg+RrldP_U4s1t%wL6 z{_2|I6Yu)xbtzprS8(2$tEMYmORcNqUWd#vC@=5Hz@Zq*fCeZNwd2QS1P~|Jx6YiG z!#&zw-`n~MZNnezTR8uTHEip&E%sDKNquzuVgE(d!XFw?#Cc_jTT7+=AN{abXD4L+ zulWB6+yCFG5nTo9_KD9QHpA#6_`?Md(|Z2x#3iKfv!>+uL$vqbOibmx<8gO79E1mh zSHgERsR(=jO^J{K_=4=*aHKkdckSLf9R2w2E!7Ws&R&{%!L7<8pK4CBY!k@9CN~Wk zDGD-3D&+k)#YBwE1)H^B>*FZJCrLV!8|NKW%op(fg10XW!-=ZcKelTqWWMUn#OxU2_aR0;`HKV0n=PQ2D1>Tz!KWG6#t@~e3TuNdDTS=ZD?2r?< zX8K@wg5JMz@5N4jkOqP1hAa|y|3(kZ4^p(Vk5n@Vp2%hVwR-u~{6T(K^9L5O=MQ{d z%^%pdAN7&U*G@tU4La6Y3>tz0apR;YsfVt3>0qBJ+)yW z|4^nkWvtYjGSYFnY=C2b==Q=-g{a6yVXoDKae4A9xZOkDiH2U3x6Sr@ke0Yl`s682 zI}TiSWH)PeS7;Ir&vLv%`Eq6x*a*{ zTN)kvM=OONE&4%w_rFv#+RK8~V^pU*-ygy|+d_AhmdUOG%nO`*Jtp;qod10>aXE=2 ztSLSh!7M~j;|qv2hPNZWitFxf;>i;1w3YDR1$hZ`_EzSh)}}Mmn5#E+n48%jcJoOF zb8|%*YcR`^=BhxM%%H_w-v;Avi~&V$gzw;%NgPQ9&*_7U$r|*)1!cI^^_|JN!7U*; z`)l|O?<@EEHUR@hjb6sR~-q!($UEr>8ximPAq ze7^+tcaDx5N$)>zLDBACo48$Rt_VGB#yC2zE7+7)pJ=-=r+!+e81J3Wg48CLA@Sdu zae6HLsOBwURfQiPXG4F(|5G#iOM&Nc+vQ^Tb%OlkJj(a%^NGtx++h95^AArv{_#wf zlYh7&5QD4~iN`-mw6jjs&bk?SMJN9lJuNo>U@wCFgMS72N9~SL_y-#?{DTcU_y^ln z{DYqy{Nv*bIsR)R_y_B9@{hLvw)qEZAdX0%(0MkM1pgSv7Qb2@Y_T%@W5sFFaU==; zvF!rLGZgY13D?Y9Ix2%8zhT^h2!j09sj={*nm2q^6@EN)KD3wlT+L{&v_m5NqlBIk zerwqGy&>mK&n7M>afCG;iGO6p;2%i(3IE85;2-@@iOxUxq?3QJhG_hQEym&>OJnd4 z#XAfS(X%SUKR)OM-CVpXI{#p6A^c;$hO}`S(n=Mi8UEp$Ed1m96%qV{4-z+|AaFw} z3gsUZKMMcoP61c`y9)Wot?i@ZM$-J_q4Q|}5UnQAqZF1CM2{TYwsyE}Ed2N%;UA-V zLVsKTRWtf4bSwTb5`LW^|M*W2$k#my`G^~=KUw|(rVsz;x!82^I7cQ_@*j}Hk^fk! zoRyEpU0)fjowbX0*7?d=?e&%IH`80yiiB(RB&0t!n)C-dQQjJ-aRig_2iQj=*K?z~ zS#w*{=u{ylKMI)qU<-zPuvOv5cK(CyD*nMw4*oIfT#o-g)%ZK|AFR&FKc@d(@B}C4 zfFb4z!iU|gjhG_+1E#QLoTSsjMbCengBGuLv?%<8FL@-RQT1Ih7$G={E=g$$df- z5D*Q>1mLLW1P&G=a7ZNp4ptg@1owrrAlSJOtjZD}zn&N!Fdhs`m`?TidE zXFA!&IS`4lkwxONjSTIX`}A%OkMc~i4eOTcLYao}0|(t;KWw_eKWw^jLbFi1F`9IP zO&Gc%&6<@KwyBr~KRKAjzRu9@4NofVI+zA)GE8Gq3C`8Zf#Z+AI)jJ)*16`*_NfEM z={w~c95}uO-|#@-*b>*AYw_8&;7a@#i!`4;8ZqhdXq*w10B0!c5eQ0u3i`?uK|zn6 zpad2*j}A9U&?ZDghK9<&;o&okwLu&1ziQd^cLJQM%8yL%1nvFw zc;Y@?8LVDL zPxz=YK5pb@6_G}WOTy4(I6oPbN->tZC&u6>dclR4vx;D{t<5Azo;?l9>GId;{DiHA z@RM|nf|f?XEI@#RpNt#xX$7uHyH7*`+|?O#E{M*svv%8fh5{q9l=|W_L&QX3S#=k{TIb-0U3jQW?i;PKV40lyUe^ z68GbHDcYt-Ys6dB`8SxF!5eGEak0Rrnv*HQZvGj`Zsh#~iSwIA9iTnm(i+iTpj%_b zZwi3{3G$l>r$WBKUlNy(7{mIHhTrrM+)-H-bNi{zdlq-!+1|--MnEL;8z};}VIn5z z(eNh)30Ucntz`?{1=_RMw6<4stUp{4pWm<_HoxH?HorO770Pd}AirS~hTllDhTpJF z#c%k@!EZ9qC(Hkc(yoKwuqMrK0x!YF3VWnX5ek)j6HlLlCOX7yV#=hc*Ooh_uR}08 zg7kV$GlW&Y_2*d9+XsLn_p>x($v-+uR)Q{FnGpeG;+s)-j)R{>pP$WjL!wkIQFSw> z<**(b!S*!xJrS(3^Rq$iptskSB#sZ2;Yw2)X|BX~yF|R-ZyFsmJcqNQE#&K%gnYy= z))a#y+3)uQm5F3Y@`k+(&63I@Sdz@2ti#7fr%HU@NtIYnG^)gQ!>Q5|O_e-HLzNb^ zfsX1t6rC!uwIHx!FUx!ls3SF?u2g`kQ#rVww%4T!RVhp1c_~wd5*zun!A7aUU?Yo{ zpUN~3KRK}R$JUVQ<_GNq!mI(9D1dc|qe=m+$SONHtJHw?D5@;6T1M1qBbC{BXCD>1 znL>QCI6>YedWye`2IqrT)Q=8WivjeA%8Bg1+jcU<8Va%OG`HRZ6=^S(pWpokdo^e! z=WEh`C%|&>(@O2Xd*~!+FY`||qrK8&6z3`hrZ_oQoc+6pPK10@A4pt2VixOSgL{H0Q{M|`pN(pm`mB~S1pH! zvMxtLiJhP%MY zLd@1azDM@Yc>P)F9zT}Uf=gJ^HS}7#3SF>qu7O8c!#dF%M{uK6IUlv;zF^Ch;62yX zi+~a7zmT6K=5GsILL2q8Ox4VMWd63IZV*qby|rV3Ni{EKRnh!yPzz}9wR;oy)k^Un zH~}!kz8N<3{l;tPFA@BwIpph@gnYyj)^ue4Qz+OGvWg}A2O$%3JnY^Pi~poX=RbVj z$$wZ+WIO{_q1|x)bDHKqBae#zG=q-n{2@C3VQV4$XS3!%i#5#c1GoU*9QpRHw7%R7LG|*=j?e`0Rd4jxuZ*)o3(UCwK_+PZe z@IR-7l9AiEwx#hk+WJ;M$Y!m(r)K=%###;pSzhrQ)V)xSb=3U*@=q&09rgNFqo&ZC zZ&A(Yts6X#3Dv>yZzmUtv%WPU6Y>R$6PJ(p!TMuxkvQvHp)7>!T`A&wnvLvi;$$Nu zAQJOGd?fDr)=2HH9kja^DtDFjtv`4}nTXi8gO0EtHXY#~HXS+lR~lV#JB=h~*o2`Y z(yW=|uua88_{qUUGSDZ>zfft{k^f;$hKXDREa@%$Y0j;$L zv}y4E5dN{YzwnPA@3#2|r6T|E`tyMuAsmFIi5;vh*LR2-Pj0nWkW8aUNz5R0()RVHhy&axkmBBahzGEFv}IlhMw*VKRnqED`=`ZT~(N zpj7jcc2(t9&pQVCdv;dM=&t~tAe_XxzcAu_b2B4P$`mCf!g7QY)}vD*tlCbAVEsX$rSTa1 zY8LzbTYLQRheYra^Dl-%&GqYXT=Ei{G4)Fh3bY`CgluxO~JA)}JgtAs?A0xDuKt5me)8 zqgQJ?`N=sDiTM#Jg18)We@s~eVimT0XwS7ywpVMcTY4#eLU|D!iZGUN&pGe9=5T!h z8{+UTa})#TkVRNl)xT(Wt2 z{u|xR*oh+?@X7PN@7U`W7zBei5Xmd?2Nk)()AV1@&4P}l)&=D9Ap>Gfji|1 z#?Z`(`&{4F2%2OJHG5;u$rUro>!MXKrm4qcTWYgB-ws?d0{;vwqJMxr`Nwq0^KHv7 zR&NC2jkmIXnm1?r)MMyi0ls;VbZa7D5hgqUCXDm7aJY4FxN)3pEhc-y6WhR=^n`tz zHDh;lswEFQ?vi04q7VJj_&cY1Y%Vvrx0YAs?aQ>U%5(QbZ*YaoZeAg?Tptj1EUbSe zSIE2r7;O9-w7Te4f{FT_AV8cBHiCnTvW=IkX@a4TyXONe*`>_@+X3dShvnAB?!l>~ z7od{uAA&orR;ja)#l0EoAv)#s__9hsbsoXYALpK&4tHUEx`r zClm^UCMCIl`0c|mqTDGpqp=@%DSl)n&W}1%zNaQ9E}ulgqvS`6gDFzYh2F z_&&6nLL@r36p6==_Gx~!Qv41#xwQ`Rql?c9Ivr19EBpx_$EKd_{0;xG^EW?#Npn-k z$>Z3HkgyFyrlehyz+s~*fx}M@D)r7msCU35rC!GZ5^Hi260d($v+{2EFWAP_4z|&| zlap*nn~+NS3gt*+G06rl|Hd``PU>YaA@Ih|2sE(yqhu|U*q^coQ(o)3TN1aRN??NQ zPiX|o~DSv=?|ERxP=hsQYtw&;i18FpVgm@8-ni zBR;UE2y&rFg=2qiiJ(E``jCaVPI9m;A`7GV<^NIlCGb&I*Z&Cwh%8RnG=gZrQG=oe z1qqub80rKjBm&kbE^z@-sUnNUr7cPjhG8^Su&CIgbwNc%K}4Z8EV8M9qKKdsH=Hpp zxTC1~f4}G6`{vEenTpUquzJU4_Mx0Jq(DX6V40NwF3;@ zY&UW$M&~O(0pytzq&dyU3^NzKaG+NsOIQ)-nLhcR(UJFujJjGu7Yo^MonyOV`{vfU zpoXpm8oJUHbeTz+yG{tBSNxQL%%+wyn2Q%688!?_NW(}O*sxq8C#k|yyJEmWjD0S| zBO?)5Pm&SH_U~XdBmR`S)ih)T@*C{I-~scK{_n+ugx`5WrLo2z_kIiMbsU$v^csMu zp_>1yoM8cc7TUGGR-9=6>o?$U@>QwxM@%67ICCm-_P;u<_*94wnfj?k&PfR1%6iGvao3u--3s?2cmp!^@c!51=y&sEio^B%2>bQ5>_lxh|Ij?< z2K)mFLtEF|;eh#sazQ@ZM8#_O-uN%<2>9V>HCJKgC{z{PuY~V%nTkL_#C=ITfCxJAr~wkF zxr$eCKB)82D(|3ph$l4$WXc6(G{R}H;cqfOqQRy@gN-U11{*d(u#qMKHe@0A%v&01 z+IiA3T^;_usCB;Qj?W?XmgtvWcUFy;_(x!`uCW0#&t)<^qid`j+0R(Z1ePQ?ufdd@ z){N?r;QUw%z9w9jx;ZoiV7h=`li)xkrxjWGOhe6@4)|2Y2i+YRYGcVX(%YsmPj0@jvF zelu;8l4>L7H{0ux-yHJ^Wb(iTsmp|z#|9cBzp;<>3d{(P`Azl5b_8q!_UQN~zfnaU z@|zhtzwyxXG2)vKBnam>{SR094Y_B2Gv9zrwt!4ze#76`CJPa4ax~bevSF}c69gM+ z5@16Xf@i&^k*4DGIQh-fA3^NLo!_|m%@;7G2Ie=1lCL{QrEU%lagl-G*OuSh^veG@ zzU=q_!aMuC10%dN*ckJh^-*`?C78eINB*8WH+BB#>!e@*{HBs~u<`PnXLs4X+YN@8 z-$<4C`3=5%)|GyXE2;FIQ1fwTr9HnHl^y^7fA%7L|3Cj?h6Cfn_lKHpfF!{HCorrl zcu5>fJ~DyB25tLi$cM^r_{15J3^gON<9+JCTy=-ku(_6*6KUy1pU@L5s(<4ieh$z; z9`RLwHEp)^v$mH9S>htj@q#n9W2RjuvynaLgd6erRC^`{zoWAysd?eBuWgX+N_v5J)97izJHWzNupp3uvk1M0 z$yo$~4(EB$ErTQKbJ1pROZb}v?F_94KnwFv7BPiR*7@pN@f!0V`-bauDRv5Iwt%-; z=9bPU*+0DUWoPKQU-^}F*-NtX)w|z;7%m29$(S!TD-j zmX|17s(Ra=E&WicoL;KL&z3N=1Q(|BS7_&72H(}$Qn05hDpTVA3ftEj*^h9x#J`X& zwN%;CTmOm7med_}wroinHXCHvs>+r4WXqMF+D85B&e(D#vTJgs1v*!fE+}9kaVt?0 z;*u!M)rk^+F`(jQ3+sl(BuXr65~aDt^-Pq0d<#S;fN1hW=~Wgz)7Jj}CrU2vF9;pH z(iyVqF@2p+o)(v+Zq*Gzs|#zwXvO)X`~Dpduzu%+sj=4Qf8Gk|P4*rb>E*!BV&;!x z&QDFDZ${@%!^!7sLsRFI*hNZlawqHjR9>9S$)hu;%$UsS(dEvW6HD4NCsJ_AoY-P? z=Jcm@A_->R_a}2Y^$p18nIX=Z6I&CDH#>DIHHemL5M2a(v1Lx7gH+}uuN6SChLt(7 zxXPUPWPoY$>tNwTuwXK$c7yGi6T6ixbF$XSE+?%Iiw!N6I9YFt`F4$d+apZc=cvTFLdSs zkzQ!_iz>kv(l>&Qq5^Co+7`HY|<&tDaRlkje# zrGHSa&mswS3$1V$XxGotu3xEKU(Sbr-Av6SGjDO)U(9}3`-}Mp(kJz~r@t?y*{R_Q z=b9vYViRVrNt!j;6WdhT6Q69^)A-jQ-P*xQ`?l*IKNat2aL{Il^4V8l;YY{k z`^$-S=1J_@w}t$coyH*R>k6@-Ysd$&;9`qTRJzoOZ|CT@jgl^nTI>u!jnn=^2$D?ZF)sDdtB{y$t@k*MmRe59!x8KeFdV%LJKBzNB{>xxq;|Ke~IMa(5}3 zXnrY8yZbJE-BrGFcgc@l|K(jP%W=w&*bgf|;vZIibp4YK`4O8i`H?hh@*}pX@*_Uk z@}sgfknSr3l=f};5hT@(LZ!llKItRbV=V&nh=9*TFzg#oVz<-fsy?3f4S!UMUfSWDB zvgXGx0WZMUo&7C*OpssoCgY1x)TE&e$gggG${F6~Dz~*J(I@bdQs?hGJhBSxbk*$q z-uHvO3hT0vt@RTJ6xkYi{`~5dkXxwlfx)-g3lrs6K{{}BezmCv{1w-OKjIrHCC{%G z35rFm-${OztMjX1ocyZuW6t>%%iHrS(s9bK*lu)w^>{jQXQ8_yPJWf}Dxb&y0~sBi z@0?$;wTS#`ZyPo>%e`F#ZXVDmBEK5-BT;vrDxd(3b*%h~6;yu3r~iO+;BN1u!Gy}M z?(3uR1D9|tksjgOS%6sbvaqx zDHJy;v&M)2dP$8BJDc|P0Mf#@TTy`Pf2S(`8YMGZ31e{DE9ID(iF};#YxlpQ!;8V$ z0hq-KwFc7`et91`p!gM)nKg8L_|yu>t$XhSBeypnRr%R?;7f}6*}>$`*DH1Yh+m{% z-~5cb!E*)COkNhX8@y_{JwN;56a^PjB~gAhMZ-mzhKmI`w)MYn6X$2_hn1i44=X== z`(Fw!^z{BAQdy zUzc%&eD&rGROk1F!}YQMl-RoA1=KG}R9}7J=7@~Z#ewtE(Y1+3f&uvDm7`n~hJ&taVwKK6Lv ze;FTde;#r>C@*#VX~>9w$%BdVyRig-==|=>rQq+1lTzo8_()30^Sf+8!`S>TQ|EW< zqXon>`4WUd2cO2g|e6mF`x44Xc&A56^I|f&Zs1O z#pHh|!ThgBW9EM_mPX0{7NfftgR=vY|AA=>-@Nnwm+|eXXCb%l#~&EEy?MXN{}us% zQqBL!pYOQT`6IrO{{G~Dm2j%KyXC8%iOB!DD>#uViSoZ14JXwaPJ#+fWPYw^C~^MB zepvY*{|M)Q_eAD@@_h|9LF|yt>}=NLe{56be|++WcginX1nC}+u0-X3q@?q|+KCuM z?m0?!Mnr$kP?M~1dzJHiosr- z9Xse20Pyzo4Q#xBrUlA-Z0#7 ze(~?|0Ox;X|5m@JAiU>}IWWSjfTsX!BJcl?*}t`b&J~?o-T5T=Y*PJ*grIr=*HaMkiGjI;kq#pQLK?LI`J% z+c~LXYY|D+GL3>WGz#v5%ZHPyVD85R!j8Tp)m#;jf;>gve;w#j(S&fri?4k+cKD6g zw~2>n4DJk)>mfRxVW`YCb`eNc>@uo52rVI@4ft0NPhOJ#-~EtrIdt%`kGSr6M) zSr4CVS12qT zE|A8SKLvNFDJgla(26yzDJd3L8{qk5AnMr%!NLh(K?6z0^g}c*&33a-CH_H~#r~5G zE?N7z%=e4#`VCD)rA-%-<~yAX&8W8pe7jt~ZIt!HTLR9YRNwW(M;-uYUBOwhOs^4k z!G~UjF`Aqz*m~yw5gf@D+~sMKmf-xdZ0nkQD6i@AUy?bd@RkAY+tXdsD994un(&TJ zwS(j$@pk(Lxy$D3`NN&r2S$pw`G2bex11Kv#O)vesY`IfH20^i!T1jO)y25G|5JUJ z9Iur(cK_l(q3hm`T&izr!~%e7qF8-80&!Z;Uf`a^!*NkRzH9Vqv42QziT}o&YR|L{ zuBz`uYCj2ZQgoSVliRzFoPu9v|6CL7GI|})!vX`k^1eIVH207jD>TSbW<~6x*O(gU z-5flJcZXFTO59LIX^^Zcc=5i>{m3v(2bF1;BvA8-fUILeC)GZ$|oXqai3 z=-b>9OM+Le2yHYjw2>;2HYAWK-zK;`qr~@9X<)!nxIcTae|TO=`e&uS4o8*vUW2Sc zulQoTcK`3cz8~7W{E!1;b8>#=U@&ia@37nAdGCSPm-#$w$g;7Fv{>)G2L;03n`r;n zJmO!+10u!HtJB4E#bdR*-avQN`TM66FQrqb!Kuam?Y{flecfwM_^2{9U^G@F?_YB-)hbuL6hXr~-R7xPY zSV0MZfX9wn;Y11I(0d_>JKNa>p~}Zzqz0MKko)cMby>-daHB3Rf5OPImDeYN*!VgH z(Xn$IYp*&7eTDwYJYp!>^QK#n&OsmP5lBf-e`Sp%t+^szl^HQvH1-~_`%zmxS!BWo zK6H}G{kz&SH4;~co~i=A_=jW^2RgK>YJv}y`+xAvY?!t~?W4&~Ym$VZ4d3kH7IZPc}&2Gx2 z-dVyM$mr+w56zL8d(J2JT{)qZDPCPWNG|{3?{p!fN6A&a-Ol!vMYG4aph zI$&XzLN?oovSzu*QdvCxM4_jzLS*vzw!kBT?YD^9E^FneHp(JOZ9)N!kyZLSY@wd) zCZ6}2Xy%qoN6oOaQJNt|YK9cGW=Pc1OpIbS%?7K*U{xyy=cA4eCw;h_R1Scz(8z#G zI^n3ndmz__Y4EeZI{U)d{fGsv*oE6#r|1iL0w?p_9vu_*U;{fLY?iP+h zCx=l&Cn*Y@q_oi4iY4@zaB%Kj;P}l}je;ukp$lhUsECLL({8FyG&s^=dpIhnXfUQa z)Xc$G4vmfnDf>#vosh-)mPvi3K=g&rYEfVCm0ar4?kgD^MQwj-=BPFbBT8+g$ZnFN zRvU?0YSTeHy#M)cdjB(+ZG>>}>CMhAFyA>Gm{Ze^d0{443r;;KMHiS0L|_=m6WBpI zL(m9^gXQa${bx7|lI%qZQtCsHq^AYRCM-e5hJ*5I@VhnBLY;~fTTgbehP8`ck7u=EoX6kfO;{PqIBIw+(N5^jTR8>Yp#Z*cYpk8?;!=ns1X=)lD0 zvHlP%@(do4fp-Vd3Ap+Irn1t1*v@!B^{aet41hXKuECdeL!mdhRT++aB!7f}iB>3uU}o z%(Zs=mr9u^EfD$QGe(pv5~d*KEb_&@cD2EwYs8*s)m;cUKG`lnsQ>{A0SJ&4A>|_X zNbAV(A!gF98CX*OaZ`pCW9&FpDbd_NXQpZ)6f!N_1WfZx@iBSG$*9w=cQ(u^&On`T z+v47c?uh5-`_5DG)$ojxe7hVRnb?5 z8J)R5ITIY`g5$=>++}|3%gGV)9E>COrA=EmrG2Km&e`BPaV72ZBP8jt&my;XKkRd_ z4@^&N5^J9#=64wNW#p+oI8>m;Tqa^hLSTtm?DL70VxOP?5@VlI5wxTNN87ZV9s%cfbCoY!B=I2VSXATn6DEe3rzOh+$^ z(i#JOkslunEjr-uH?Z#(uy1fK27Vr_jGen|fOL12Yx<+GdHmAlPW8)n*Yr8~MfH^a zpzcR=&HSsBYm5B^kY0p$Q2(jm_x9V+;SqH^V({C+KkzvkQ7Z`0<2QGh#>MZyTpQsJ25+d3 zba2z=qkhKTMtrDL(zd_+f>V=)_(dt851y3$&Fmq?Aph||+j#OA;6(N7A0Qr-E$e)bU52C@orV4!Z z2Vac=_Mv9u;|t#A2sno-jxegPafH3QxD^~{g5x+50wEUt zmuX}8!uF<0ka<7?3Np`v63)b{{`G$`CQOhq9VT2$d!1HL^~0o#I5Ra;X|V zmyiukf_LqOgw@UcY)Na*qh)GM;eY;Dl)W5fMV6_?ltcmLgsYt0Cm%jt---NTR<2*vxh@DhxG0w%E zO?a|7&I5mu`@g}h84qjEAt^2Y>e@?e#Km=DiJxL8uDzxR#3eso{zE+a5uPIp42K!u zY>wK&TWmG02(}+`jolAY<4M zIpwmmZiL8Nfah>bP~~DWDT=&On!nIItYlO3zKF@DSeY`F%8)55 zvsLn4%zX($d*+`_>Mvob0RZ{<8-a_04EbSsbg*IIp zAz1^yCH_Jf?m^gpQ{$@o0T9d-qecQ0#sH8BEcZ&xV-Dz!{fV&LI?iG$OQh6fmDcP) z_WHg;p7zG|;JjoH#jeX?e=*C+{^H14%oXkmE%q&1?8_{%hhVwEX-|vQ?*1&sYNa4V zDg+=>5}?(RXKl6Y2CWvdmHqkFc;FFBJzc2Gh3>h`7sK#-%2P3ROs-(Zr>S}O;UQzkr(qw> z`KM(8gHJOPxJ*Jwn0O(CA$c~4-EP2O>@zI!z2o(LSXlQ~%yiI;lOgop=tU!}@})yV z@lcpMX)n(*VB8nxK!Xi}NeVisrBV&4z_htPD&wGH|8SW0x{1a7FrIv8k4^xSmHkoJ z^`$q8{Wu9-nDB*8q>chbh(Ve5cBZ!Y%QgYJOPaz?EGhs^@1kOqB0QLue0-sp_D7$_ zm^LetmQ;j*S&^nqp4lS%f@LNGGrQyPMXOkR|Xa;67(mLxFq2`4Kv>fP0U#l`HQz)*iK+a>IBqTLfm4 zTDjyK@MOtDG+L|=qlM%jH!X-Ub21e+^A|q~n|ZW_uLp68emsdo^dxT2KgM8v9-jto z`Wj3~CwbQVaT9a{^T#&@8wI(~go@%Jx6YqW6$6I_YKe>m(=cqanrh|GCJRw{v5%KPU!8*fJNq+V=NPDcFu2gHaNI4N8(p1>vQ>FB)Iq^J0_SJS;V<$Ovu-m z;L(_{s|n;`FrhYB`(W6P`F#fegbcF-qBt<%l&Thm{y%4w1Ty*~tLA3%rX5Zx_I2oQ z5^2fjj-rH@xXXFu0$X9!1#t+BY!SMZ7Ljn1lhDDipNMX!(&Il|i5{=~Ft*2zvj}-; zhv>JRJp~#TfDc=be|q3|>oHqmkELbwn4E+TKYKrVJn{>}y2qK3 zJ#LY#$6B$4{>eBuK&5;9?Vx3uh~+&yiL}hN*k@@QeI_rV+>vp@<4Md77IXmI;ZRIw z;W7Y8TJ4ospKtXpJ-4OT7i4^?am}_a*$A5yu91u|HB5ra?jq-nJ93{2S}OFdH&`;J zdT>>ZK63N5!YmVxZ;bFiGpDt}X-;d|<YsLN9G;028@PfABO;!x2@K$+JOC|9EaIGvied;Vbqm|p%^yI^O?T4 zxNqsU;m%fRdTtOUVrBZJG3a^U_w7Ab)SAvb7cN9C8T@S*GQbMLC6$`KcDrBH21m@Z_ddcp8XA|RWmt!_ zjPA4L&~>Hp5Q|84m>l1Oec-_1%LQo~LX54GW!Xa!dAZ6nUb`y3QFm~ zEO%+CRZ?nUTRHkZyR>3#MWYD$tgo#|L$DP#Oj{u%VOuE}7Lh+%G=?9o3l)D z#+esi!u)FI4oXB9M7wH#Ow4vNtQEj$8BB6G#(`vJSm+}8dHZ`Qk$G~u$3Ft=l}p@Y z3Xpn8k?Z+0cw)U~O4_6rRV}JL{sD&|@0)xTUX0+2Rat41E@Wa&+9iSW^ub9*f~Bs?A5K&nv*~Tn3_s#MM&miXS}fl?&YOcbg^Cwd+I$nHN7 zdj_Btt4wv154X<6Lgp?EA+q(p+TBAj2Ld5g8zJpQ=*Rnf>YUFE?|jL>EBQD6O#=%c zc;l%cLj0F+9Bry9L}5GN<( zpfG$f*x;%SlMqs_%x0+VjIN-+oTD9pGpvKm@9b_o`SE(KpbQ=3z_ z6&w>qjrX6r5KMLllZ`MJ{(Z4Clx%T;5=_h{gpxzZ*Wb3Kh$Q7AJXntw-dMZv_60Z0 zi9r(bln6<#up`O&L=w_ANJ9D+j<9isBZ>_RM}}X3KD_o8`=F}ZoY}$=x%jWrxX5~F z%-{&0MT;6ow#eUAZdJyZ!Ynsir3pyqVFF|>_{TqJt)KB?EQmxy$YbY&Q8yUX+dUcx zA)(J2#0u8Hr5FvbQi4&R=rg3kNLXU>OseDf&7Cf9j7?bAG_sYb4 zX1VuDB7>zs%Y0-b#>~4^XeK8F`0++t%S2oABtjXj@i%IXg~Z0S)>PTB*4QSsCT&7% zY}2LYzl*f${)x$@7>E7!JoKz`Yoj=95sbv?#C~NKftqL+KCzGeF9{uXH26~d?|dT# zuO-&!G^0F`2k3Jn6+H4M8Ig+rcPg)yVt_3ORZ3X#8`adMMkHX)iM)3%KEl?)*hFK-H~XJX44Vu>)nz57Y+xY%0yl<45-p+6}XO~ExS-rr{_RZBsoYL=Dx zb>n}mq?FAkqwEX7MR5D8VP!wG&QaMET&n(e5NTFfG@}<(J{y78qw(78U`&3)!Sm2j z!`59gPj~jxa);Q7WLJ5eiJ?*Jv)$Q&hh9n1OY?ztw1gZ0D8uNk4E$|{O^m;1D&5KN zN_Q-3T?WYd>iZOYGJ1P>xQXAL!H5CRx|bc5$4)wWD(uf8einmvaLqYW`DEPP&% zy1%n$R_{mryrUGnwFGY|#m`FMpd_{eub9vxyjq?a95h`iB!{n+LZpO=pR8`;C!dW< zT9S!r>x}sP9j{pBs1kP2(JLKXa_KP8>}hDm#?QO?zAfH2O8nf}H=aw*h>f4iPyN4% zpZ_XR@w4;Vq`sG}zeM z4L@H16!YTN7IkL1)xrCwD&5I@r8_BNaFg{_{N$5y($U~SkAGKN%ENqIH_Q@Q^0NTsa4dPp3Bj5G!9E`So;*MVOCvhZM&s4 znWNc#i&C1rR!Wl+Mro|BoQ+RLV2g^u!tr3i1iMdHsNE;N&2rAaEOKhVI?`+%KD&kl zK3i!B)UC$;HG6C;<@=5LebNh$&Dw903o8P>oL#5VIlv`MJ)iP`!R}x%X@HYd6WV6# z=@Hz+eh}hbIKW*zMJZtyizy{YNhm??4`gvYKIEg(!g1u`;Tj`E&SKlVhP?`V%^#Mh z<~5dvUON-SJ%)H}pnH<NYWK73{R5bu z_@5MACl9jb$YZAC+> z$JpOgzu@wKL-32bJfJn6Tr-=v!6Jz>?di765uc*xdXP<#iZdsm^DzT6Z)zL-EMV0u10W_k3Ra`Xl zCZ$SwtyIYx5V~5*W^tuTJ{eWMF$gS_fCZz(X{d$QX!={@LeyZG5}rFtdt5&s-} zy;7~{pt5DrBaeES6~8EKy#sceN)P5o;&9VqZAJ0 zf?FpmrO0cg6xOhm!s1FPd@_D^|3FAA8!V7wKEA^u;AzIXgZ<}WDEE+?-NOa%hjaVk znXaXWA2qmY=cIn#z^DxFFPeC)*Jtel@RH!V=h!E;%T@0JAZ>FS$pF;E7kqU^EQG0>IjMP@qr&;v4sG>cv?Io3sLy;Gk zhkiKLF%+u{Np6J0)Ej!+lDk<;Qu0x3fzdIvMw>&nWe(z_YbGjlkk`r_Si>?07FXuL zCu0t`_Xi6HfdwT)-lxIc6UWgy@}NQ6?HQM%DA!+hF19vOu!Pnz?}Bm2e@XsvR8S#0 zX8h>l`+0A=F-)*$6kzzSbupY#@BVt_%3@an|#n#QM;_hbL$$E zx_p$o(N<35`u=%rkvqZ?%t)2jpt!0A?T^P^ME-UxO3`Dd@E{MOX{Ol2Ja+|@YKyAv z#w&Y}*UBDP!}3@bS02kJV-4^20So7Vg-DM*md244>9NnSXb%+C`=0pP=B`9a>;BPc zD68_XeNP*A)!MPn7hQ}p&_CWghugxg4Gg!$@6het9JK~?EyTBXu#p00j3c@f?06s< zOe41>aB~|xT#^HPO6BH+xu-%f?a>d$I<<9ip{zW|Y+WQiWa;r|1>qD@9%}(_h&Lw; zy_#z5xbQKR++ea#KKvZ$a_6iu>f_POtjV=L%tfxbWMRJRdgUHY$alQT5WtpNwuo&d zY*ByLm5n-m*EMGJxuQ4v*5@gu!v>B%n?j)uqfh%CESJKzDWnSUN9@Z4>$X6c+8NSJ z@;voPyIU!}IBsVvm!@X9)3jd7sTY&1eiU3jPV{m3f@pm-@!Rx4KD9o`x?LYTz7&1z zd{h(AEkPe_N$Z15IO#*rYFm>5C-g$s7A(~22%i)(r(zTW$DEFd-nA8uaG|S@jPMUD zB`w&G_;$xB;I1XOi%v*m?gyaZF9Hlv$K^V{t&favgRY|BRfqIN)8xr(T{P``B+h}; zK$kH-t(%BLrp7}&auYb@ym>h+HcM4UOwun@~=^k z$KsYODZFp(73aOc*h)k7KyC9yZJ5=j%*0Owx9++^{N%fbqWxsYbeo@$W$h>AdJOJo z2qV`b+{ggrdd85LrP|ypvwc!QuAi_-Ye$kmuhYvlJ6`>%a${8Y8}(czA@q zEdL4ahyRr3!ICyEi1i;)i2cGC@f*q9aUzQQZ|P56j6ybWK-Xj}6*A9V&SEMbkdh`p zWO0)p^4Vkr8&3iggTaJk1oULJ5%etC2+D4i2Hfont1{fs)vph7fuUQezo>oYP`~5; z&^P6D#;XCv1(E~{%qrN@&PR1iCiGbAbA@<~^Vj-)17pv0C_72)nJw;wvxg7{{S&vM0Q_&?!;KiMR%SapTegFVGIa~EV zQ*^e#OwpH_zpxzctK-qym8P}WNVb{phv0pqOlEdCG(uUik!*6rb-ux~I^w1UMq+xz z9ter)`CLdnCbktPiES;|k6ZthQed0s4oXuvc_j+Q%!s8}32ZN3q7*Bym13oYQ7o(1 zcHu5wJ{iSU9Y^=T`qaJ$!~VDVe!Krk7g3E}jGVZP_P;l0#QNV+(g4=K4E>C9K;ckSCR`O}j;C1b=2?^R--x1m}yX-yw8*-Vz$*%Um;fH$s*X9rv zd4|2X@Ae5eWT3vNRg0~OlWp$m z(OfXp4Gfu)FeqRoEGHfFfwS-5r}V7hl#K{O=r0>1+tLu;GqytAAY|QtY`JRzn^`_z z<7dOt%IWRnYj0T=w1=xtV8pXTJ7ie21_pUlA(X~k58|y+`kgIodvIqJ^~sXOfy48? z{vkOQ1?3$}qCJvBUu*4>yaibt}h%@XWk=OBdVM}xGZzPDj z1db37;_hlALQx+_q%TzSq@59HJ$ymNQUEQ>C$y8n7fRje&Bl32eZfOv!50>Zu$H*z zL;N;h$UI+s;oQH+_yP;k7lZ($O#(*L+85X@`T}O_!ubQ*gDLfX`Y7;s9QZR6b|)D9 z&{F77Bu>PjDiwn0k0efl_!@>_FT*P1Dd&e)D*h}`_@ss`QSql=!uX@G$BIK*CtjRz z4)k8u4c$KFzU1)-9~F~8QRU7Ol)~)+oEHkmpR3PP@rQg`@rPxMhq0b@r9O%23*Uw8 zR&(V3STgkBy_SEGg7GiLpX=wu#2?b4a#)ngk%lx1hMh}R#=`j570vWVGmU|N(0@Gb z<+rrrkBK`b4n@VE`AWYE#2UxvcIKdyf4nD&&nnT9^UM4hU^SRmO;&Z>= z72|VK5t5gRkUT3!`5e3D5Pu5D+VZ)LBLC^|5U2QK2D2uvL|lLKpCiFQKQKUk)pI)SV8gnwyG!{;v7n?84I9q(->*^R^kcyDDRD`ryG0GR% zt$6Y0B=Yz89821@smGu1nm08542D(4L$K?bsrWNP;Zq~WpZvqo?ZvZGi9bPE%&2m2 z(ThvfKr37P`ErEvLGtOD_J$h&u#E9A*0bUdiK+Ob$XfpOXlF3g4Gii0juec4;fCJc zn{TIoHOHoKY~449_%YB1J^C7pGX^OpzbUNSVjup5=l{?O=Kt<$9Q=d+<7sbM(`4~y zuME*KW>ET_UElFff}C$uC&+T!ok@Le7lntovtDa<283wyxemj{=gtmjpIafkLIb!o zE35$_0u8XTq-Y=(yG?)nVPNSDu+;FlkMF<1HJk#E3M3q}3kdOg@8kdO~l)8slgt*sShX znQ$BXy9Atd9ntMUx2Fe1ngEDGXRZdKgaZ!O-%6DCkyC^m*R*?qr5HEsDuEI5 zQ6yHg;tpx*c?CSt!7%s3@#jh8>+yi)U~E)7*xI7(3{25HB*8wcGZfjq(eQGK|76vbUDs-y4QMTr)lRFI@b+=`lHvNC>7z zW{J7%s`~0?czg|0X8%e%pnn@@H3sm8?uLcLvz~Rozwq@{@?x^-f&6R%@2H{jy{Fmk3b1IDcFcOCv`?>9N*k$ufzsZ>FKR>dD|m9v zd>Q|R#*V)&Mq|=4G{zRGF>+uTl^Q=>~d?2Hl=ZBQyPah*|^pw z_6Ksw+xkAy9S5U7EzzIGu+Gq%P(eHdZ}y{#|GE1e|Ccx}$fya=b#2g(LARw6|Fd-b zU)GdPjfqcSWn}yxtYC$la>)5dhJGonztP7UR_G@=g%W(Sp+qmT^z<|fB}hS|L}&@% zXG*`cNwQv1f70)?2I-M8q$f?7JR0*$=h^s`R3(<*LXOw)Qp0 zuJ{cjD;rRw5hBVQm`FVHS^HhG1fWv8eU37)+4UXqCYWWqq7^#%@zf+8OmP&|M}kIuY{Zs7unna@KH2owiLB4L#nK;X zXk-BW&?16Ez6OW=q5ong==YAHAGQxoRO~|}V@xiVWo;jqljMg}qFJ`=BR22p%^HhP zqfsKujo-$Hh9~xjK3r9|7zC(K;K%iAW~iS40WNRB{{J;80*r?V(DTc5{O2@W7y(>z z|7YjZH4K1F!hp=(u%NLc60uyCl#~_m$!0}wHU~?kU`e9@DHs$uho-4Xik4$ZVxtRY z(KSh}r;=`z33fx&IyUSDSclV%;K2ixF_2Gdew$^CF|c0P7_5+>$XfH;>oUO5ATVT% zL4^d_-_y_QZ{w=u&hxfj|Da6SKpvi8B_U36vrP^ir9Iz9d=m|%V&naVZ0Mbv8wK|t z{wluywtb!~-Z#_UUZ6BQyT0*0!NlGTP0`8kZc5_qOWYpH4q5&l$_~-R16_r^J$Q0| z>bB!u*Xax$-?;&=UjLcU!RhvKjnIJ(NT(S4zMuw@!YAsyzD*7vU3{kr_!|lS8X@V* zfuq!Ww!54RY`rmV@I_x_F9rAE&vVZeFvLz79fS+0x$tavt9~g4-{8v6z$>SLBy%De z<0V4cL@~BkEBMAI8)QC^PJHVOzO|c>gpRzmSO)4CoFvPvUVi~plxJ6w^a0%x-k~2h z7~X{tIppt$W`fV%V1Z)8Q0}krgm_u;qL2=KZL~AwHGb$DmxkVaTA9QdaF$wFz~&jz zHn#deLN;eOI$xaOwuzQAkXHw1kou4`>1k&mDdh~vkDR{NxV|nM>p$SJ{$VHp5jIRg z|Ake?Q;;jD!ce9HspMg3Om)mg(?lD6Hvfi>54k>BAfgve0l09yyIt?#-`)j64R7?B zcB=A1a>_s?DTLI~qh8kI_|OVQB%m@AKH1!?ADMdYI?KyQ#dz6iUVq2)u4ORl#9)LS zm|0N)iNqL?Sc^!g_8VnWZy&{iRSyM08?ZDulF(eLqttBwy_N*6Z5_wM1`1?N1(;PHGg5-1=!$ zbh7TxO1KSZ**>sv3Rs9UI7Dx(_=Knoc%iUzBwFAVGHF|Uy6Tiv<5Sm*fh^wLk%Ng z%ZG$)ZgERbaf=tnS#CjI}Y5x640JacZy9P4YMu6Q!0Un4Rsu7wUOve6lFT@%LPU4ScZxV8dv&fJkFS zDVd+#d6M!+@@fs4q`Zz)tYbMF392Z?CtH-7{Uexifhm&N$e)})d*F|>1c&j{5p4CIYZ?U{N5drIDfI65#p@EBkZ@^t+_RtVm|(V~ z?+@tYlB<)rBT_~R5K5mf(F&;}G-PwfZ%z<*9D0T2j^x!TWkfv!AL;3oktD<8Cmsnr z`fL=6zTfPQ@4;zHaM}pj!?s;fu_~1V69_;|-)piMnDH zIu9GIC>k9KRtxk9t?h=4AW$FX7T-F{Bx4XVSjL z_ovV|=>BC_CGjV$KR}ku_O?^TO!*;Wn?F5xocPne(Uw1@Is22;hmKfZ`x8k=`cu>4 z+!dpPoVB2M8d-he%0|-ER0uX=asv8E#jBQm4K7Xr7t#5j<9!;rfDfYC7TFw(?QDdj z@chJ8-Bb0dt~+2k`oI#u)LiI4+xDsEUhS)z7yB~W8?z#B)ko0_Vn57G7PvP^Si)F? zEQTh-Fyq*5@R4_v(e@0FWrt^zvV5hMEor|~qn6p~l-#FKFo!BN@oaWT;P4jqQ*w}h z)c&{xVc_IF(87~rlb9_AQX+R8SRjl;4|(Xk&1`Fr4a?u_kN4$FcENl(lLRCYCSmA< zgrlWxZXChKc0Imz_z0lKx7BEdb;{a9;!St%pZ(>3g`O|IJl6gkkHH0He;{^U=v|@J zWIJqswa0|}AA1b02cUT}7(ABSh>%k7?;MG(_xysw@@l3wn+YtH{Ab^@o7Tr!i5rl~$RV0RUr? zbbJL2xgCNJEXe%GwLHr8J}@@jQa;}x`cMA%6MV=>KJy+_l2>j zPb2UxbZ5yh0>`<~4ds+_oy_8{VY%q*n8+7Os6)dO-%utY>#w9?a$uor786KR<-mNh zjUPvbpuNo(TRAW(nDHY%`dQ_kfe0cW4-QI@pQq;m)klQ+8#~ED^sPPeH*RE*vSxV> z*8;Fl5Q6j(;hek$-+7&!BVoSVVRN&TmSGKBwRHs!xK{1xdx{v(y0kVAg{bBfX1cF{$o-uRoG^VfRY zC4Xa9UCM^_CT&7*(kArAHiKQa0Io%G-~9n?sl)r${WML{9gaV4x~Ngqb|%c*$v4+K z_$IC=(f+1=G|D%}?uMj4x-dn*EZ2UyNAL>!pecXJXT&c%9}(l1Ij4UxDIasLQY_ zQ_Yc#ntq75ohI?^0Ewn!@BI*Z>4;u1_N%-{7l%NYDx2GBaLu4TL!O2mLQJF!a1^}Q znvM;Yb)ssP2%o$ipj@`Zv8JkV0>7Z?)Ly+vna}K$Rv>LYonWQq z!d>X+JLO4y8dI^<5I4d>CG_dNk!N8J&8Fd~pS4a|L*~!THC3#t?jPfm(d&EfgMo4| zVD#x8Vf0B&v&)I}8uk6AJ4mgiMJ?uj?rZq|vvV57;g@cV8my%qAR31YdE~;ftzKED(a>()8#04Ln}Vnqm3DBMf0-Ub8Z zV8Ez$z)+)FDxF{S5tu;)!p{1+#C;o2(16P27l;VH6AoU9O zSVn0mF^z~FUP*Z1;FRP4e{AueR80IA%4Tki%_$G(lg-2P$@Su4mWPu3d!K)M{Hb^K=;6aRY_?{EAk(WW4pApWC>j{hZABxzV^c(^96 zqX)PBJ1YK<-Ou=+AeX=MP4v1AdXq5zV=PVWFo%~^1UWs_VUPcqw5|9rbS3`t z$=K7&uN(jD56bK=In_a;_g6(UE_J^XM+e_TUthc>dPp!C^n!beBOw7_cp@L+%(IlG zHtJFhj1PCOh;J$DUPu=6OZ7Nmyt1X)F)=@SDPPMog?YRyx1f`sc#_}*HW_ORs-)r& zeU?FMHk>#rQ{jZXRye^DmR?z1;RK(IUccCk#>b*@6Yt$;$o3V21N+L)?xHp5)P5hl zb@_$$eV>OxN8xv8ix`-Qxc?nRc>nvEs<8&DbKQ&1;XdKQY~3dG_C_#}Qn=3so)X`4 zb-1sg4TQt}v&~Zt_hX+|<|XrYq+-IoP&V^-Y|hNz@!96mXOiz#f3RGdG_*^H^LcWo z^iHx`@3Y+`RV(qnT*rIK~MKyk{AS_qes~utMY2GEE?B>e>>v!pCtwh!G8l4|?PrWnkgq@WDtgl$y-673 zale7EFw31Iu^xFlRABSn%QKYkN-?EFDQRLni|bt7rn{bOd|^@8cgLP?`7ZmK#CNUf znb0esbD2daI=*k@>%n+k|M-3fRM0R5?^+sP!EKkQ_+G9s*)hIHOyfJo_eA6S%^T76 zA!n$77k?_B*;|2*>r;TaG?=*nSzCOc)f24lFr6(Qmi@Lw2C7xU}Gw@%|I*^_Q5;8>~ zk@W>K1bpi8jSC-*&BhlzW$q9^8Z3EW1J74<24}c)MHMkoW!nI?DKc&#v5fJ25DC6r z7zrVfQv!WiWQi`)z%VieHWY7}=$U7dWd(mR$f7K8c1%_fy@91Z>wCl3qnoc4B*7Mp z$)N(7Kh$|aC6s2vmR4yBTk^wdWeF=UV0DEpd@{OxYaJRdL*t@BERrFSK_{Wu=DZha z)6K@N_8qJ2>KFA3>?(v`lwG}#C)dn(@LwzpZS9w;37pHe-#p#mno1)q1L@DVOZD3Z zYX8<}qml^g{L@0cm&S2(+p@J_;S{itG>wqZAx46=P}x2_&%K?eWWs60Rln_&e40yT ziT8JPeHz^Ie4IKw2(l)RAZZIYNMD_Q;*$+H(!n;)Kb>YF#}tq-X~Y|5SU_%72oi?P zvVl;QG@?MK5&XrN%OfvCB3(gQrx7e8X@qr?*1Q{y#r$xzvY3tP7g)^4_(fg6RDk>Q zw&5?=%q{pYa*+G;B?lqYq>z6cNjB~s7zrMcd)Vl zJis;4Mt7Azk9rEb-R}~csdDExe#)|MH3V?ofTXapg=UICwo99BC0Me-%94FMVT>3D zl0|dJ*7KD{$)~xMl0Q+uK*>Gui-Lu2cyi4=9RFpwAzf{7(v-=0*naKt5^T!2e+3r6 zpNz%zVmF@duVW2Mm{@b=sR@9lnnMx`OTJnKB3FWlM!D$JXEWaq!TUxrmJZNtyjU~% z36;xat4NYOmx)=YSdw6#q6PbLYrkZ9jLd23XtJOwu>H2IIHoKPkK-r_5yJ zN+c<5Rw_`#0;4oW7x^RzpKM?>X(d?ts;`Abq+qb<6OBduO`8VU5dW~^mQa>`34AhU z(S>B^f-Fr_SVV4?Yd&hs`(Sz!G{N7*BW>L5u0gen!`!e2xRE=3dZ7ZoF0LyyBX5D; z&#^*YOa=Q@E|Ro#G>lcD0`t4zzWhjdip*^;Al>b{NCTtWL$IlM_V(5SE4ML6tj%f% z21;0*49(XNl%*_kcGBENYbJ#mkIMg`li&790zvq)B=wIK(!E{yFIGKTMnF){A8CoY zmPsmz8?MiKj7LgUx5aacxWft5J{pL;9nt-ucGb z#!C9oO7K3~P-d~Y7BO{V48_8vQLM1-)HvDCK)zk3-!{-bsve8Ve$@CwK0}mn8fDqP z!Ne(GBBlIi4?PC5_DDd%>InmiE&usG<^1Ond;UYR)Dt%>k)#DVY)9oke6ndU9c&~2 z>22wcBn;;KLM~xU!mTnUVbtV5LRIpgY@Pq`7h_b9tbjzig0jwkqzw9;DfWf!6H{>G z7)?aX>S&K|i;b@#fV^B>2-0)dYV`H4Q;0v)YqR)s%5{${1a&@0B|g z4H{PWEl0KMR5dlz<1^RoH?ihlv7khh+sv{6MVJ{!eP}XJmWTgLR zHox~|g+6H!=!3or`kZRa#BH;Y!Kf$kFSs0)wUw}bGW==H2B*i=iH|=!UqFRFqJqk& zqEn(3eBB4H>pvTG%fA{p8$^5xZGxr5iE1joKAa7RkDn8hJezJ6?KtoENGK<;uO=pZ% z$cP?>!tn?V1}OR1QgqUNQW8kP;WB83X-vM@#S(Wu1ZRVkOTMH%bX?tC4PPK{@)~^} zKhWjg*3=sh4*PIw$J}A2wTJjNUetH9A%hVd+XXqct3PJWrX4?;9W~jq={a<*_{2uh zUq?8m?Hr-?#lwWDMhO{Me?khW1{JhGKpXc$197RSJSyEvH57jC`#jZr}>dnK6(du8Mt$lk@^Y+?@!!y7h5Kk%RN{qpL0B0^WyncDqw z8$Y5S$KE`Ad{Xzz6&9Abr$91v!}-vn&HX<5Ox&;N7|Z?0YpnZqJ}80vaeZ@~DC(D^ zH645dkPSmoY*70jd2sZ<=x|%|Ebad|OI6kNxYMRBgx@gLUIGt@6KjKa-K*kkP-!%^ zI2-Ya-$Y^d>}SyLE!`=~#9^JNaaOYc5}t;@Y8E zCG5}~Hp=~mq-=|{D;IJ6&>u`0k4B4T{BW-xKai|W2ual%jFOf*M!_eO4qgqC!BDR1 zCOMR(3sL*IqavaMeByZvH+>)J~c5D)S04_i;OxJR$LEu9* z)Mvwo)w^j&`n4J$vV^5zR#*8xpNxV7PoeQlG_JB~f5&&bYSf?YW?ylxKC{?=a?B13 zLO-?Jk5ivfLAft!E;+`~jC$LdZ|~M`8>rJu?uiQ7*7``opgs3Vu+SbXq%c3=byrg8 zTjUCX749@fa4TX5hkcT2u+F$!eV;<#UwXc~(nM>Lw49smDCg#r&AC5bsORTK9j*Nv zB#d)EEY6J|%xomNG&2K2Qf3DB;#8c>Q-icIfLWj$Yyp~jW`JePhRQ8RYA27p57q3k z(1$5#21DA28Cc_UL=!#Vt*HgdW z=ZZO4@ffZXgguattShLMlE(O=_(4xV1XV{R1%UNpgXg=)%UolN2=9OSLmDFADc9eN z*Ou$EqH=vc8O`7MIGSyPW{vBA(8Y3n_A;64|B1tdDCa(nG+*eZX~y0UbOhhugZGW0 z?a-xA%wX5^SDrei@W+=k({?YjJgOc=j)nCK&N}G1*U+U}73YXc0iecn&Z)cf&h$Xawv`O~M zRB*K?hICGYpoDVsEP&ir=cFXJ74AwcuY7hCa;&Bt!;re~{V=4)zt4hvn)@tLyG%tj z%z=qC49T+L@MS88+{JwHHx=msyuk^7!w<;r=;*wzgu$ZvC@RG$5mP7lAU(_Qx*!?u zzU$$aCzRGhtM4Sq?H>71WY4;uKY08L-9fG^-m+#7{z1u(Rh^iJH>umwb0_nsz`)Lv zdw|s1o;A^hd)BBTQ8eoJGg@pH-Qr`D;0ivozQ~F`Dg{C&uq% zdUWBr@e0?EYw+<%c9i%A#v_fwH$)fCidVRPeEgoJ!S<>{qxyL6g!r* zUg6(U9!0oi?~&Vnt?Rh~HyL_-|3&72gd-|T;6+&ll6h8E7T2vq+T-e2o`95Yz-+ivB58@Xuium?i^AS4_Q3DmV-R%xmo;vXR??XY- zojJa?oi}g}hA2OIeQyUhtwS=0@glM=>*h(ON;-vNo?DF}iAk-v%B3zVG-;ROy4d$V zuOPFsX?1;|*H>9t>KpgVUZk_p46hmf0;Y8 z_Ta%iKd!FDuj-8#x#xK1cD{$)<@gsOC_+LwZKrD*Hy)zmq4J_DufYSHT0W0 zte;NZd)TDWVOF9$7Vl<5l{?0EQ1gJx?8pPJcc7ZkZtY|?!XJad`#!9jx+gtWijC7) zAd&Y59PMRDCqufMV!OAuqj_PO3Q^#M`IUVMQa z=iH2a4gy!0-|jDbto;Vg1?+Y6-r81P-#V`^6nq-( zdwm}T&-}-C___q8j`?5M-x*D43bUmTCH{MB@H>Zy9El9}k8_WNP;v*mmUb@uVRibX z=3ak!PAzVlEzgFxmiW)}czrtt`|q8BT7#RO?=BzglV=V#W$@|SS-i5gsn@p~cY)TH zq}L7&4Cr4xb#?QS^nIK^+u@qpi}vpyR9502Qb2;9?r(bn=QQX13FfC=vug0(gQ@IF znk?LBk<3isYBhAbIDKnL-|Z6%c~{c{`5h|@^l{&MuWu*MB|_kV-XrgY4c*aB*^rdu z3Ixhw*`XL5vb34R!}$~;fQ>Y4p!>d|feZ|l3buGwe%KTj69(69;+PRf&e)zo37^Nq z-*~fy$LA@VI{AXo&eRZXQ0i6n~aFcFjp4YdRml_gxN__)575U3D z^xL7n!}({KRroKNEJ1ELx-70+#a%gIsG5xUenT_GzSqJg`jAFgWqhGCs}K8pf9N{ov07O8tj#F6mo4`BMbhZ(1=Fw)Ao@P;K4oW_)_nm^h)f z#J7g?Z+HGw2b=!D>-#ylXD!WJ9zT)CdG0K9#p@r781yp4fdI72>z_XbmKyf&&s|gR zrNKi|zFJf_{@rb^`1hzRhxjx3E2=g&{tR1L&-fE|baGnkd(Y9a$0F{W|JB|S|0Qsb z9&Yr+!w{2&cskgBUiskTFDNf+I+qSuShu>!Cr|LB0?*1Xn^K{)Axz|aSlo1C7XF`I z-1kS-t*+2+!q)4wV1yLDnu?mndRd3{hd zZnwc9$RFWcKi&=JI@v`*srSWvzoVEF5wq1@FK{m91j@NQ-M_(_6dYC~-1zsJbue<4~(=6wSy)z=W{aL_nE}5*8hd{bqa=IruB-U;_sG{|pD)RvPGV zWMNg4QeW#MOZ;bN!ToU8@$j%`^+Gye{T%i%OtQfbOZ4u?_O8ndubeZkx5)m zA0Z9dBmd5J&j34~^eqxW_~`p7`1z~wA;3>1v|l`RWga0(G*DMVRLX`WF$yb1;W|Q4 zB1r6&iK!)uV&5&UfLXv|UCvgL9?s6DyKq=)8Rnw!T$sf_*6TlV_{VnqL4&QqzvPM~ z2^jJ_825-f*(;GD!dP3*hOtg- zt-MDc~0@mP-!9kue4ZXkvHc^lT|5kf^MQ+IGe0P?|=XGa$ zd^fvuJibZp++gc_C@#Lm>P(i$&$oWQ_2X^m#G8Mudo|*J#r?-*xo+c_!!z~s3XgA` zyWA7Ne{hxX&F*~pug4Q;Gw1efsMzby_XIjVQ%r~%=`N7#u^*2+AA zW_L_JGHrQt&{bEOVWvBP>cQ4yK8ART+67#aCB3H57TN~({3jrm?}#JXTI}2u4CRXc^oB(kwuX^AE3}| z@ktk^1;3n(!;OJ9)1N#P=rRSRu_(9RHEke#+Y3SDdVObP;{RDw2QJ=Chr#|6uY0W5 z*Q&M+WF>zDk9&~@e7?KF>mQL_xVA}J&zjn^JwQd?($AhxT~mqaPwNQ`c<57xTCfMX&T#JB4JsyOPK$~wD9*WmOmW)Wd=s0Co+;`PqmwEgnVO_XrpE<;Qp;hEA z=On{s?(En(sSoY1jGX1MzpGC~{0nrMCuF_uieS4*JlLtVT^7k;0c-qC)wt5s(Ed45 zRf8I6B)}cGOF^(oI0$$06?CC&9KKC?e5-8<{Lc$%AnAssd+8y--<#$na7Zd8kFv=3 zqWcA*+Y#t(#)n5`e=VRu_$RbIj?TsZprMM|rk=WW9?YQJwgc?CmUhUW@^j1UTUWg? zsl$|?51RO4ZRhGKKew5*W6IAtlisR5SZ0NwxH71)9A0pFDd}R)!^+2u*%54>UWCjoqLd19GI^*y0Z& z8=Ji(wlSrNej}A8@}Y?Wc+HmJ`eoD-LpO57u8#zop<-=5$h)DQHVhc@z6d{P!f6A$JalHr(M`>2Kqq5qe7^y%Z} z)N6(4dw5xqYiY~EsT-OU&A?7}SitZykMBGfQP`v)o7 zme~@1If7;K5&wp=vmPj?49Z!rBccA=_6C8Cw8n?SAUM`xFqgiB5ChMfgpE^u*ZvjL z)Fa_C{^6)}GZ_c+_T0c=hme0OBwSt17pQPfzNhIq;1&P+OEW!w+|qSDly@fLi>L3( z372}h!x-_RJ1$Vgiy!~%S@|1$YmX<;y2;dm>;J1w-BsHxxbPXOqcq2Jd?^Ux-*sme zpebk*^?m=3x3__hs<__A6Co0mxIsXofNV5MP}D?4lVa)ydASR_5D+1}RN@PWiZw!l zC?LTNnC-Hf`qEml{i0QCt=881qX^a}fJp$A0E&UM0*X58`hs9dfR_B9=ghskcQ+fr zzWn)U?%jLuoH=vOnRCvZIWsdh!?F?ajZ@pv8>^$5C#rl!ZHV1dk34)FUW=^@4T@98 zBEL{;U#63{spKshi2c=`04qS+R1iH~_Xw3^fe&wtNJ&TK_a!L5KWL(7E04PBT%(iM zM*zm%7=cu9p%4rxbS3&o%8%-}Jn?fZ+d>M*_}3ozjn#b0A(vbc9gwSJ08XPwYe#wt zGO$&z+2Yt;I`kZRbmcf#KqTq08We$xM%gJcMQ+=yM8vo0ErEAzW#H;)*`;1o}O5X9<=lT=0X5gOGM} zv(s1b*Je?2UjLNra4)xST{gnvj*eVPc2wYNcYfpIH5K#IlghFY zc*`&XrA`Fl;1e4;k@OuPWBR8la6#ZNHR-e-bvi}{k_tp1VHz>I9Y+neQ z8pgTIF+EuKzlB=9im78P|C#*+tc8%llP0H2(G$Kp51sABS<=~Re|Sz3^ee_sm#{d# z%`pOhssVB9PDPKCJIAUY`nD9hs(uI~f#_&E1F)8#$J&5k+AIL3XaJmP3f?AtwXi^J z)Bx7Ew5|MZBRChqo^Krwt`smZ5Y)C#1bT9tb3tGi_UAtju9kFZ-CsRfPBq{S5;~aD zAFV;ZZY^MaaIw|bGi{w4V0P*(vFMPX4Eg|_E`z1_A~hSO*F;MH0i`1|%lL@s=aK8y zfC4G`->N&LD^XcEr$bpB{nrP_VS2TiT6G*=(?5ta7%|+n#z&P2#^+e}Bt+Ay&j=V! zbhdQ*>9Ph>QCV`VKw|0e3>%0FTX@TjO4P` z@!LZEZQan$$adE6EpnE^YGIHJMNwh}3MgSv(HblD_Jf>(8%8!`{_WQyU!pY-kt0R{ z1M0xi7KX71V5nRGgM+b$P(9Rvj=vlN#?U;_*KcN3u&jR))cYh%KyBGELpyaNU7Uub z2Z2R$AF3B$WS4~dAvFT7+mE>g!{zqPHQ&T1i&7Ji&0y&{5JvEYWTDY$jhxB(*x z5lEIe&~*DzQ}CKyMsP7EHxGTlhIK(zyISGX%>OM#2&xv*0_fQyggX&lQ#XOPJYS{! zs%X{IGwAgA3SJiooWMyBcQt(V>FTlHG`GdFFCywz6d-PX%l^1l9sFH;8AYo4xg&!I~uDC4*qN*zP?F+J+mGHei|j5UuY7USS{H=WY;qmyazW? z>>fA!9(L)(bH>DoJ-fmmEY!R7442np5j6X^h$>BYS}A5y>QCMr2- zY)ZOxrC>@0utYadO$T)sK=*pntib95?`%)p1)hIC(go&A?{WM8>4hdkA6S^hPOwfo z!3~gpSO*{>H)cQ3P8A!Sq+>CsK zJ7#$T_aprPCxbRxB(Uax{^juf3LjGOmqw$DS~t)rq30m{#fi3R4PVk|Le@0qiUnZh z&xAr2aoGR^qHJ=E{VAC^%~Hta*rdePr~rZMfCrTB=SIn>Cz?VqXnx7t5p zKS*U2>0~_gStRzKemwL;;}Z_FwSTmT1}G**!2ult!xOX`2UYWVfY_eiHombL?eZ*tKol$;uKCdfH3guPqiJDjsA}1b@yO({?mIW6JK&Yw!@1hyEq; z$C0WR!V6<9u#;kl85n_FXRD`*TZ92QU;tw;iNAV$@KM`W#|3!%!jl1b-Ecd=4w)Jk zQ1*}yYQW-?l2eH(d)Vesua3MZkzdBAV&oTd3L?b08*||)98;^lLkuM%q)}uMA6oH% z9hdN{3H-Bpg8?7X1NF-O0rB8y6{0gsl-lszn&G({z5Y$=kIY^o)pKZ5}4YQ)%sUg{0d)) zr4g-edHf4JR%QQ(W(Ets(vKeIqnr3B0HD4Nsq58ai<;ZQKebma_qu#tI^(B$Bm(QxPXwz|rBHzb7hgd| z1lH$|64|uqFeA@fuJw??({OkI+KMhlcbwDN^t$F1~`RB9Q(fkJIXKk@mfU z8)Gj$OX(Mpa{KJjP){t^>5B*0_=MkrSG^ER=NWl z+J?ff00u_1n4nOzv3Z9~#bQoH?C(_U`yhsmng+t0a>pplDO}JGqw0EBYFCuRl=tP! zF%tBr(^G`OEz0l}%-u-B$}EnH(^fKzgAXt{rVO$qkQSPQUV?osc<~oGeFfJ_84Nm% zY;t0LHu={__?Omm*dPR#IO8CrvZWi#kj#*F=?sGCcNs2K=)?_VnGV22b+C8=s^@*I zGiKgj=zF5^vtt!vuDy2bxgO2zy9v$zU3Ny2Ezrr0y3XLaIe4FT(a8Rgq17q+*Vr*6 z3e9qXv*EHrcc7Of ztvxLXTHzw?eKKMS1g<)@1U{(m4pn_}f>+7JI7`FU@)O@7|Mk9PX!)`cXL317`8gYK zDL-8a-;$qq?u*FJGaBZzc9{Q}{ERLAugTA_kR?C6Zfh?;pWSU%^qLQC8Gogd3D+h=XT)6gC}Sm98DWh&lhF^~ZEk7}TZo*3JB*yrEF8T;& zeiGa^3^!z|x(PwvH(YQS)Q|td-c#eK4B;32){pYodm2fiog~rDwRjHi?_K=GR_Vj& zt&6mak9IwrwYk|wpkOS9K#}~VUitV{?l%3zMowfRjd$O?NdLj6r76!(X8-B;0xsCx zUEuBv-(hzE;rp3y0<32$>KXjuOq9y+)qqQR0V3#}9t!|46fl97XrMR60JVA$FxK$s z0U{|8ac{Kf6wU&}TY|($GEz(^P&w}U_xca{pHA9iEPy|#H)*EfcmM+=%-?-#@qb)a zyN*Qu&ps~yMZPWveE8s2ZXMyTzKtBLU(cj2&D#UJ!CN%ViKb<1N09XoISKe<;^bGm z{K9z3j%s=D?;JF6NY$@-5;>XnH@PtX#t)kEt2if=@&KAJ|7!J}?Z_H_$P{*IUjqMm z!#;~_=gjVh3az2G_Mc~35Km73fFySQ&_Ay{geJv7O}C)h@>@8+^rD_$IuD~b%r9{^ zg7Zs_yavrHW@h%tbG@@K7mMtd-&oklE5@Uz8i8@CdN{IlTiFBE6$R7FN|KVwE;jtV zZp59hVEP)WD};FqCgL}y^_cWsFbenT38vm)tq^7@R+?}naEloR`3;Cp$ErEK3;p|j zpY?b9zcn0dzV1?ZsK)7W412E{kiuu-58{Lv(6@y#9cA5Dd;JZCzPtGsCQ(q#6Qdm;7y9<09sfM5{0dpUh!rMDYU*mFl%n^SSV=vMbYi*) zn$hjYath?3T5u6Um#kw>!IpYK(jJA5H6M4K(~Z!A{cifzprr7%8nVjj`3b<9B@=^} z@Uh#!9?MOs=t?CuoASADH$xKZu&D@&RiU(NwCE(>-!+Nj>^yR*s*4BSI2{Ym+t|cKQXxV{t^ZR%`atypopC_$MN7Z z{3w`~EAJ$O$Bi~LwQWVVw4Otgn;H{V4tvL)>>U*EKgd%7hGi}MVTmIJO3GjcrGYPk zDNpAjtNIGL*UJYYD;V}&xliH`>gXOzk#zqNX7UC-)`X6faU0koO=C5DtBYxBxJCa~hO-u;0694Z{ACk2WQqCsV6tw$p$Ta7TW| zildRautfG>^y4JxuRQAi9NL#0k{PC6W|TM=qfImnDChE!vw2w6ox=$rYUh}AB#1yZ z5|W_ytjU@f`zKRj>a-4U4c&w0w?k3%vDWn#pJE&p!T)yP53Hl}d)EAjjwFJNH+Yab zw|_5K1t@U53^*PT802RzZ7Yi;-s?F&U5MewVQ^`hd$Xz5{9hCuHFSoZ=ApTXu-Ex7 z^Da(g{{p}mYj|nexDX>I!eTRS&9~aCp}b^-Uy726?q&=@qOatR_N77Fmr3l`OTHAD zhkcQb0Q(|WOY}jV6eJ#pPhqT+!BoVT?&%G6fD;sVD#!cGPhb*NkZByj#e1qr_5GBZ z{c544Z{CIe`n2vxK?+YW!`HzMwC_{9Ee-1JnFP zNo6^rfs8;ODkk4@c0>`z;5F-f1=W9|i9oov@4E17>QBoszwvQjPr0bI&&d zJ$GTLwGp@8>Z}M7B01{Ro9#jqx;L?GQb5oZiZB2u zrjG2)P%&Jv*1{4hzh?#wN~%7dY? zTBfH%=z!9+tkm3%*w7fbfq#7)C`tJ4a;g&aU_Qkf8OSn(9N!9mz|Y0++1X}kM0H9G zqQ})A)Ncv!bISb0{|djGOYDR^E`Iq5@xvO>U`k)CjJ5Jrx2yMx*x8{WqGD{(Lv!z| z>Gn!B_nuD3IP)R-=U6s_sx8qRw&di93nw`^oU;fBUX_168%cCn#JU|`8j>TpJ5A06 zVwYao?5NyeY76xJIZmv(!F8T+brx|dZQBv`U$7WJ6cdD@$nf3oOe()Z)urud^A&va zdrB_mpv2o4>I|PlqYRZe38KwxI`VIA1zOB0gegvt>#MgwF4O=t7iN{n`$;?6D&Y`6 zE5M)=Jk(yPTo5Qrw6fKGNGs7%hseAG=&NTSv=XFD0wP=`!pS z2~X!;EC)?ztEmEYa+3cT#*fWM>7`ik;(D7cx#fx*+i^}@5J}<)-4IcTam=KB+OO>s zQ@UWEs)h6~YhOHQUg46h#B+E3+xQFD{N=0)Te4@=yiQrWV^V5@!1H2L=C`(@^z>CIR5ucSZ zk;_7BJ|CCRQ?*){EZk6MzQwg`GFes&hTU=-l7=yMZr%xoO1n+x%WQG}=CYLBnrbBT zaL%$)$fw3!|3O<7=%vXeL^{ZDpKhA=mVZ#YA9+r800A}j3ZCIpTCa%A~63@M$&AwN-CVQoh%nziZCj*h9q_xWj0Bk9rX4=LaKe);{tCvvNKDTeFHh13&Zx z$70`;cik;J-B>INz~0QQV}hN#n&ZT+9{=Ya|3_ZzZ1qGJW^rH@+-^1lyqv}^XQ2cK ziu)?0FJ@q;kpoQjuWC^xYS$!FfrN?@B*570$4sq1659_`?;~5dm{f}Cvh|f&6?}+) zFpZ-K23-$Yn|4?_A-RQ~8`DBiL+WsWrSAqY0)QoQGxWmmWr6u*RxL|G{TurJ24SSZ)G=vY!mi ziyb}?pW7muwrn&tEq3QKYir~+nDQgG7i6iyPjfrF*X5f+NsRGAWP@qfX93RkOww7S zsp^i92+PfQA$>YnQNl2Sb5JohS;D>0pPBQO`_Q!NYER%4FUHrWdGgnlWrn79NrG4R z&T}*1B4T>vOy*&?a`ne1B#B@@IGTD$pEhouz|eGW&`1UsGdzJQsowleb0;xCS?Xce z!M1l>wNwNLZ}uPxHR5e%+*_&o8XYPHY$k;=5;H_-5(8Q@gbK=45qosY;_K=%8}ur;L|6k`b`B5$3l^C8{304LI@nWYWJK*@{kM-& zN_PvX@HK3te-iqMgcK*CeWL_dc;?uiPQL{MTdkD})yOZ5{<1z&7fJ$*#eYO`jtO<) z{-<|#JW>ZZBn5t?Qi86;m>8evYM&BDOtZ8i7p+btBs0uZ`y5EDQe? z>pH}Lvus8b70ptdZ*iK_>BM0H8J(TBmMnY5l((U>b%iwJmbual7?B392M?ybw(sJ| z`mon7@1In-ny9$zYoXBE)Z@!OZR2`wQ%10a8;tA5_1hnoIYT9I3w#Crr5beBYdQKl zBK=$SkzAHZ;9O@2(O3xf*i=t`?c97a%|%T)pSl$610Gz*c9EO1y~Ppb z)jeO^MMyI~m;8S1%zKita<5KeTf43KPYxTkSif$H^+ZdoCo=zWB}sw_HA}1~rb3j_ zJZdKEspv=2$<%A`<8t6?O`u-mHY-x zF42n(EOqp^Aqc$wxrR-B(_9iY7Tepr|9@sL=z{fOt0kSo0&zsnoDx8&DTp1rYClF~ zs&BgJ*5EZczJi}gX-qPC(o;j6JW%CGI0a(vcd}F&BRC9yC|87`9_d`Nc;SL?6Mo5!lE`E7M0@0lEqQqjrX6m(7>~_~NJuZdm#4ET zp-Mnza#)wpWKJx9Oggt zqpyzPQKNqJTm5Jk9-;hN{qS-9@NItgqJFeQKYERip1>p1pZvl@fk)U$60XT!L`<1Uw{EWMh1s8~)uw1m%nzBfmIrF(NLQjxlOKLG-Ef+0f=^ryei( zjT#VU&O6>Gkc=FtWe~$~L73WoD)DQ^&+(RNCqe#!Jisx6r{}7=g1(8~FCf@&OCQW4 zUUWth*uu|{qEa0nKbMG}s|pLR2q1@^Ri2tO%Iq?IvNa5PJ#7>^5Sl;~oUB?mRo&xm z*Gk7Keu5fwD?^vIYvA$eZ}?;A{|&5(da2t9=^sT()Bi)G9cDuRC}t<1zpowr$>$T% zKj|tACDux!C+SbVml}RD;6j?k6EI*M&x6wXr~?K>qsJm^YX8U+H8XTcJOjQL{YS#u zs*41#Vl{6vWTPv~E94dq|*E92<@D>2T;S3v7hzc2mw4?9sa|3mrzE3-&061={j{GSl9 z{|WtThEV=LPayw?dYy#)!`u3v@_*gGNq^4Iy5j6FbqHb-2;p;6PhY{ukD4Q%E5beG zxPjf~_>t)_+}Y?D66L(yr5BlP*v-D*7d;2jzg>V)YQ$V8wAOLjN>a?!b3;$m7Gas* z*7E9jtr~TLwEg~L0{bB*Ta1Vvp+}8*yd7`78ho6KJXJ9vF!aow-u6?_V`gKLLI)H3!D4?3JK%pQ zGJ-q7*T)uub~o(FGtmuyjZn(*`6>z0+2k(VFc3pEx)P%*dC1vx2H=O`!_aL}ero

      `f{?b<0-JL&Z3c80RdCVnsb-;z%KCkTB%{ns9$|3Cb%ifj8p|9xzc-{yZ^ ziiVuf{-1Ip!pHkxr9W&(_qb*zwm*(#f7bFHgFwN4 z7e`&9`Bo|}H+vDlP!$9$a;OF({J@@vYz^6FH)c=}M-$N!X3{PyR^EaWktnKG_0A5> ziS>r1VMTrm;`Ik7*Fm8YCR+R7!+KWO;0iH(Dv(0s>Cz6>QH zGdYl%>Zh=BJdD&p#v*m)^I?gM04z~?8iQ+W0Y*4jz|U~J&V5(;%xr;SwhH07#+2*K zPnW_HXO(9Ai_($i6U0Vl2s*>8BNoT!>Pi8!n?N<$xZwP~pRi^rOfkhO^lT{%J!lo? zbJg-AVz67AM3~DQe3|Dfctnazevu1La-=NY>9Ux(Wqfz7Sr!#*YdIwwq*(gY*?N9T z4Y>^YMcCa*Ca|rKeD`N3mH$BW_fh!2zJjbMrUJ!3l$e4d@+&wA7|ZrxUri;Z%w}RO z{ZUJVtS0%?7nkdVrmcQ7UhKbz`oPL)qM`c@p`eG(N57~*_KIofefJ^ScAFJ9(kU&B zIg*uX?w_az(w1Kq8znMR(S!YV)*@IML=a8(#)d_H<4hDo{1DneUB$vo|4i|qyt-{h zlg{7K+w9NMxg(R))fu{y0cIu8cajnxhl+YlP)Rnwf*O?U{0J(uKGvudzXiEP7TW$d zda(t$z(kUuJ80ogHQ1Lf?VyF9)+B17+C|tmu&gxjP83(mZZ#Wd=zgUJYuIBtg1zvI zc-Tal^0k2A5B<>s-;Ll00DLuDof?g{BvPy_fAnhdnxDqTmf~X@a}(#WYyI>(kbta| zP(Kw@KY=rtGUIk!6?_F$z=bBAy^cvPkH1cxm%=b8CI&I1QN$P}CTAr^dHAdnOx346 zn@k%^&4KBgJbGZ+gyYiOQJvW2U|QcxV!6Su&=7d8p6E=yn%G5$TwQ#ZL(#T{TRWtY z^uOk-PDGy*o{unZajfsh3PCFP?$RK&8YYT&=!JqE!)MQtY{8Vj{{+)Ft0l!us~zae zjAhhXl8J~CR=-6jR^Jq}_p=*4e*|*_XlBB|TbwAU*1;!i;^3%9YgtZx75jM!+Lun= zBR0i9*f|@scetK{^EWZUbhXl9-&EKzYqMgXRcZLmSctK|Ji+I(icz^vVHlbUsx0}E zM>BDWmXp_@d6htIX`UR{gmaoIdHxIZU@DR?4BydH9Ls0nL19JyC61*xO1b$tg%$TD zUs8_M7e`Mi>+%MbL3per-IV6JgQXy4smn~f@qLz#GoE|}PgiQ%Q`>hH`B;JU7)G5D znhuzlEZIN=*URqsoVUrrFHWTnghSPAv@{#FN3r|#P8|2vwHoIemd(U!sX<)}EB3D7)eKNc0vYF#lVWQw{2#4Gh@RXcW2f2vQ}}@j4nS8^nZG;2k=So?X=mFsk+y z=|Q^&vIm*_Bm&z8N*)Y2v4+F*Y(xK~H+t|{P?xs!x5`91khNALzU_%AlK3gp+t9^b zIO=ZEz@d&+SDxppI95=u+yl3JgV!O!X`Q>J$z9uettU7o*_*k3Y_N0RFlL{34bR<% zxg4HzBvw$X33LoF{W*eXjPm|nc}6KNyVL^XKdxx6o3`&sl2 zD)1t3clbQH{3^$)Zl_foo>hK{MJM$SW`PI#J$!BnXqWZ~ zE|}bilZOcXS&A5o{0wh+!N6M3Qsll9w&oSdOzZ3dgIY85g zh1jQBc{S-M3SS*~Nj^N?{7|PkRhk(|%of8e5|(%r${NiE!qC;3OVU8945>aM`Grq| z=2@%W{qik6B`JOvqiYN3C?X#_@O8-c|cSZ09S9c)1kJ}mtW+m6023QiUbT&14) zJH70;9$@V<9*~!Qy=LG|Qx{sx2Gm1E)VTDro#;|;JgmKJQ9_82ApabihHD0XEb!0{ zE4`eDN9d6aF_iv4b)4C@L?(pdvXbaRTyQo8#D#JwHyv~u75@Vx| zht22f599kwQOEs7W7Mv{e2ldhZ)6hN`2NyzsAIvB#?-KsUG`O$#;(A`PCjUFoWeOa zS>`tp<5YQ^DoM>$b;>2C*Asg3I4KC)zuiszd|x{0<761{aUfBUw>nn__M9@{h0S+i z|G$MIyI3_v*$vKz0&`*iz_FASxTPu=)nI1>OseBoct021-zN7^83r9Dx8XaI47bU5 z!o|L|JS4wVhk>&pTK(_5w|RU&DA%mPvjTfL>+aNvB1YZq?&mg2^}%JQ;Wl<;x$ z$caEA@%|YCKQk77uX}&?BZ$)}ZH-X~Jqcl33~KU2%3l{#9-IYx4P;6E{(g(2vibl= z^yqVn>xmra4CcdNnmCG3#SJA$zZDlHreAnzq<+V;4bWh~0Sb%@T_ImI)q5Yn{`zX| zyXepLuGF3s!C=}VtP_IMkGpkWGyNy64@OJAg3f{|atTv<;5RqhD>w}|h_5#zu>!yz z2QYQF2@5l@g!PN57OZ(1*6v<}wfa7`ny@~^Z`l*^J>00DYDl99=>iiH$MAr3$0`fb zAPwnxf%M}Dq+eQ)9w(%cgcRuIyrKlHF5m?_O8-BC3gE~kc(0JNGwBmLf%!R$5QY7J z?|=%BJ&ZEQm|g-Hkrxj$2n^d9QBL&*fuqA^fNBQl3j9*edI>n+Lm0udP2!AT9Mw3V z?Zkc}6lnl4xPe^S`tPPEh0jCxO_djFg@D_l9%Bwhu;4koRu2jOXmGyv1Hpqj&{lN24*^$?>zu!s0=p!AKIq+d2MKq?VLk_%0tFYT+v(Z3!_K%EyZY)75&6M~cA^BckE8RC;j zJ~CKk8V5^Jfhc1&QGviY$PkDR&GqeZ`>R;=Lx6B-s#?>eDW(VC>dp(G2saW^Mua{e z3bd^q(Z{juO?IPL`xoGWWj%}l60b(5T1PPASi}7J8T!C_F?wPqWoyUnYFuBjTCjNx zWgyvFLQHVca5E-DU9Mjne4P!Ar6Vo3!gz-oZoOm2ayZ-+utG$Ntg1rvTaIETl3c+dxiurfuwgpq(?~P$Vu-|aZ z?kMH8{6YE;nP!#Y$8BO8xz+Od1Q{2bgMs)N^^4&<)?@Caz@xce3Gf*F4llr?#0d1P z6aBue3@bLpSFY37CzpyvMB{VfT8P0XI)yFqGrOT)i2F_n;@ zE&j&{qH6UitjtbpTOoaFKQEwFT%S_eOqUC$Ea@p->cG3qe;);j{KMi1PD{@?x_9DpR)O1zbDDZ$Evw`{su$c71!dDEOQG zc^Aj3lq@``O8FID+H}G1`@;Qq+jWe{Z|wdmfs~dfegvF~A~^m0bBsB-_x!`SQ3HXI z<@i;vS5p8pygEv;*gH+1dQBf&ACVDIHQKiTLp1t37`20I<9ZmiUtD2yDoQo4>E<=V zygKC??7Phf_MBoQBOMOicau>YLLm;3@c&x05C6I(8JW8bKkBqz;}(n7`4HeEPr)=S zo|dP!Z=L!HUSLBju3oo#uI{rl`dIzrWc;&eStc?eIr7XP+bhx(H~mAUT)w2I5eVu^c{AVT?vhG#g8$>KI1RCGhV8d z#UC5Y&e*TlN9>HX+9%hp2S*QYNlQhPOcI<5`Rin4vZZ8MH~c(R|0LIX7+b&4zu0cd zY&ZSWsiUWsnh_z2a!w{ZRrj;ou}?>`xbIuE#j$s~{nu#!yOcI)7H#+}MrJG6O7toU zha(;PDPluaCvGx$gP}M&9rPb&h7jXiXiZ$peX$vIkc}@ShT-AdiwCYcfEDpBhj;Q_ z9`8z+g~1B3O#O6j)#cwQ`Wf~+Wl@1~XCoFm>@aGNTnm~Mh-iFh_&#psE&{$|F5~QN z$V}YelKA1b?(KWrnT?z!OUDGzz)FNY8rC`io56ob|16BHOV?w!iOxd`yEYE1>O4fw z9&Z7!Qy2Lht0r_qFFIz_wskU+w-~-Qrz3a=NLbm4_jBOIw!T4V+I}2G##VKdA1ct> z&V}le*?-@$>?tDW`!a_9m`)N}T5Gc~HV<;YhEeD~tgl%3FP~({-)ySE5`L7SF5pL? zGM43S);k0hLxK*4&({*FDPRN_B$Eo~;7_-V;kgaNx?&ONQ5@s9cwe>4v8t}Ep;q+| zW0Qu+=<=1b?5#upIJxti(-O!Rr@>4iv$fMD_mGfYbC$sSkR6mLX?g0=qq^OiDpr%( zT1M6@KtXjGeIzW1U-l?|;baTn-sEZyo*`W4@WgTI;`fXeNws1DPoRrCv%%f9iIhVg zHKct?s*!on6BwDQUwHg3bW;rF2h+z2|2l0t#6QvD?cl&=hfD8&cQ5{i97CT6|@r8x@A$;Qq?zD^EBKs38%&m z?sm(Jq#548RrrtW0V_Kr`fU~P;Nx}Ck9Xgk;A09E?DvZ3XR8x^2DQ)t^r$1CiO{9h zKn!e6ESA|zm|0RpLtW0~C)ofb zW?EXbwu_=4YXq+(g05HuF@BD6qqQX3e&C0*kOjZf7S_cUvdc-jni9qD&o%(SuSg4( z$;MPw8m%fA{Zb=$HId6>J-QUBC-YN7qJ@g1g-E|V6ThAd5hRL;FwIj$*62SYlw*=F z!&W|0fEB47Q6V@uJwgPH+2zDctflTGQsDV$fpyUW#43lz&)0g|!iM89^@1o?58BE{ zu!@noyl7=NL_Zens>6a_c9Z~u-l@?N=SNErJvqkS*Lpe8vuMU5u{>SYB|@}MZj8_) z%AJUaqW?tMzdHJ`Ya6L<>9=EkN94i%(zct#;f{lZ~J1E9g*@o1<)nW16CP z>XZ4=1<{XeC?UdOZ@c<1%8l=S6m2e0%Fx^ta&_EACq=P(-BvzmD2*^#kfT+x3y@p?tixp|jfOH39#tEl%wE|5t zg{5_B1TOn7!AfC}w<1y)h-s)O4F5?@jh0^>EiYKmqRS0Uz1%2*1n7i#siLSD-4zAJ z@3n8B+o92-HMOInwj-Kuwj(E6SZaOIs{RkwO^qFo;L`$Mjl=vu)c`*?{O}n7UspE4 zGTlFpRxrv|kBOOA;WW*2i?Sw9j%~6vdU3Bc!tGF+g+*0qhgE96*KIA=dj5 z=Lz;0aHS2Fia345jsS*e0t!Pw2-vq~Kru;?XR9Y55fu*Ix;BUpox^=TGLgx+-e_rL z7L-8BtTVdqh^(~;aF;SfLd-=8M&vC8$G}^c`F1sbN8ZXWyfw_XH8F4H7v2`hTkYQ( znd^DdGuChU;d;#qx%4W%iCs81NX^VQVt6hT` z0StUYKft)d=8(tTa(o=%P#(Kx1WGXin2!k4H&?hf=7xPJm`2?XE^NG`Zl4?Bx%v(}r zham_BfVQ0PPOf!#=MM{>GxEfOml1hl!ArNE5MH`$AciS=!UOc=_3rNcl`hcD9~LY? zH=kIr09`*JEF3faw%h-{2@BP{?e5NBfJMmWuMB}~{;=QxvVKB1PPZS2b8Es8YI42X zBpUIxegO`ln(v$fRenUo!EiixEY0h9u7Q7c@z0n1b1costoPn|sD~%H#hqE}PX5-N zx!#L*WWMc9{=kiQ$)8J1;_EB0jMrVOaM|UCw0Qkrx@*70<(Qjtabh6o5zsJLZ(yW) z{Ke@W|Evs;f4;LL88YPuB*>I4qP7bq@2t7dXt@cZQ)hJN6SA65AUgU9 zWR+6n3lO!&=#F(ug(d@U0xk6uvkbVu&dudeb!S;1-5@(_L=a^J;z;Il&4m(R-ad>>vK}UMG zpB!{d*?7P)85<+^>;I4O$W{;J*Et^g8PMlGkw3u|{#;L4)SH3*gAU?>Ug0Zicr)-f zZR{Vhb(7P(O*hPZBD4UszV z`-_3-WWwt8)~iJD(nhRLKV<>Y?3|_MTpmI5)o~Ft@pVcgzCPfX#*TZEbuF{iHD1@X z4*QnD4_{ChdJh+X6$2kZUB(w%PBG12i19}Rye z;b|Zp$Y%d`-^YuwKhq07&Fr5=nO*SclJQBy0-b+eh@%)Dk_`d;JAI!l=KhvXlj+mI zFD`-5%np4Hk(1kOlISiWk>(&t%>O}Dj^8hhkhQodLRKx8!L)vh?d%7rDH|ymZ4JgP zH7AmSBuGJZXeC7-5}Cstx{(`(Zi1uBAqhIaKNQgN2?qZ(Du?fljbI|2fN1fsvd}Lh zAKx1N_?ftmMZ{-=!w_+iri@oavep3<+($g!dB9QJ>_~@TO|F5MH8~!wM~WQJiN+>fDP^@Paz%hbG(zjo}Ph)zDu~ReRfb z@(S)kz41+)UuXTK{LjN;x|sY1Cd-vVhZelB13EPSNcmYt(8%VlX_p{-gY`tyva*r$ z>BK920#bHeVRqaHu*OI{R@YnD$mCn>`C=Ew&#yrdFfQ%Rs3zFiPz=$9XQx?!!nEmv ze_Z|?`m4P>lyN+ax??73PVRg%&i_HP(@0?M2*lyu-bIps$Mnx0z!cP>;s>tg>=;-8 zjsOul&z4;vU&w8|frPqo&&SZAuqNH2QJK6T5x>y?4 z{p)+RpXcwSv;B|>{tH$XG~Tg)+9hA|Mc;u!ga zaptFo+{9;*#()p$MyAl;38BM5eRz@sb^#t7HnDnqgha`P#h>sl&-jJWg3(PQX<(KK zrVKmK8}3NI8LuIEq&VBk$I@NF_@_yI=?bC4mMyZeHFB%%(>62@^g%yk*8>kAdzI2? zn2(27;ttdSaa=Mq2W@~cX+zRzva}ooQF@{g7EyqC&n2}`?iDRN>2SbjafXM+5o9L& zA70?&bWIeq+YDYDLL-Kp%e4VJ;38rlNM#y~nA1=lW zF4lisU}2?&Z}VZh@SR-#Lox8P_kXCd4DA~sAb?I`qrTlE-1A)2a=rY#wwCY*>*JM0 zo`q8Qr*_iFz0hY~$MuKLflotMrr)Kg&2j1a@@p4-#xp6z{p%RFVK&^-E!`hd~!Y(IHLP82NL}=PvnynFX9|;Fy*^Xu@#VG77_(Pyc|s1pG#eY zZpxFZ7NS%8uRLP-uYn8MNFjs9Mp5Qx<~HK2VYYw-Fu zPOBimYhXpM%I9iIG{(gvxAX#pbeclGZ^I%x;RFjWIRZ_$c=6ka_*jLjRUfXry`?Dv z0G}r=y>#1R>7q`pma)F(OA++T;ZLc5oEIbIqThA@Xg*|bIVqMA>Jn+b?tks}A0yke z6XXf@dgk4WaSXt=a-6tUl2o4TXdSSWZjJj_Zt4Q zjKIWH{dOXzFNfir2fRN$@_r&Z>_m9@rtnezmmHanq7I)Qbzrx(9qFFHh3+N)6Wu)oIPXPX=S0z2k;5r28DzuI}d|}H9ZmdLOgJ29L)U^i8 zObVR?Vi#6*_xb^}$x2DefxzXh#{m*=uu}B}6R`Y^@`LeZ{H#vIR#~P)(juqszL1p!DxnplQkMG{IBJU`Rrwl_&U#6(k8Ms)aX>!nhqv5rdO{8=BNS~?RV5>v~9-v z%kE?^=NG2FOH^1}G>2K9V{MIg#PMXCo>XgfyFtOl!7)V-Veb(F1^4yS*$V84l{cIIct2|4*U zZ&5sc&s*zGxKdb zy>yTE_=;In8^5t*tS#aVacD79PjeH1v_y-r<~Qc3G2t9?-)%6 zGKT4G?e}k2M?_R5%uFW=@(OFl7Wg*Iil5*Ue5x6Vb*woEL)Jtovw~UswITbuJA~d+)_d`z`oD}H&VopcAM*Vp z_}NfnevXOTcsp*xi5o>&+s_n=Tx@(ln3DMo*PrxxSnDYa+xq>vmi?8dLq30lHNSLp zrhcEpewmF|r`?WS5I+s#X)tY>6u?^aVLzZ^lLhVQ!1e|0dFt#mY6?b?WbOOe@+sCl ziTi^2Zhy)n4VaU{u7~sCa^b1^yc)VotyVr?Ym zx_kw7`K+BQ{=I|*87UZs8}Tnzusk^Fg1#`;t9L@X+Cra4JG`dP&j~QrhMF8abl z)5zccz|GZc`ZPBEZ{NS^l&|>aFNX(bYkoDxP2acuJj*7+2=(p%y)#VD7cscQsBkjxHxpt{|-(rHn#8aa5V)={oU9e zHZr#xU7PUSz5P>f<_GTW`@EU&hr6YTNaQy*pal+(o-n#SOHyk5&>-8Lm5FYRh{MeoUPdq!~ZfVB;M#lDU zjLa4ZARM(!f*g@k)}taX2^-7Q*RY-ISJRYY+X`#`!?BEmWAtALycNHpkUEtYBhl07sxI9~?Zm+!VpLm{ z(M2mXzF?H&=`N%Qbc{1P@)IGa|1tGbJ3B)jG{AH%}P(Hqw*ZS2Ej{6@L~)r(PJ^(42(vw;yUQht&2grEun|NC3=}IcK&QrKl%cxbm8It0#UCJ8yhusi;$Ji~N{JOF{YMvZIa?*K33fEq!v;8=U4D-u9$ZTnr>^~w% z;TtL;L^d!JhDCV3g6pm@xlo!ar_86S2SIE0u&nN~RoZoXR;7cQa%bZJShq3n$unt~s zVqI)u{c=ikTODOA>iZl~_abesI+5;X|M}S7kf^!}-7J!>?dypDz5Hz7YLlNA#(i)3 zc?{)E`I(il^uH-T3+R@eSbjR?#>>x8Wa5bYnCxgLLdkpWln*_cP=qx7C;eyi-?T8& zf2He6CywjC*Eibee__%0rhgBVH|ej&CMx}J(*LOAr0DOvES~=BkSwG7FHdPJOXYgA zZ4Rup&v!09HL_ zjSZbkJfIzBk&UGWl{1zVdjg|T=Y6=p2lq(C<8Ff+Rbdq(LKsypoJYM0RXh}5aMznr z!0OhlS#BVZ>SpNA3;C93rCw;oR4+cqGvuT~Kdkk&L$$Y{3ZpqPwK{B`iY_MW8>TkE zpb}ReY?q+c(gd~6imO$PY+vWEFNu<;N7R->f7$Bv9Y{8Oi_?>^O-AO{Du-z|i=exU z<0B2q_jfz9Mel_i?YrQ~@xSc*^8bN$L|r#1+CV!^S1@zJr0MtMKRl!V0{@q^L$$Y{ znu!0*n)q+YDbQ%H|^J{uS2#e;(%{XYG9KwaHnI<-lRguV>L$0E{qYv7a7>)+P@i_ zGKc%;HtYGF73PtTh|gjcEb;;Q=NeWuEbB54qQN-5)AZ1=sp3a+(sF~^iyZ+;Iaicz z{RSpx+acykQ1CrjmqkdVYZRYY^@_tHmTWCe?aB6uCYx=2@$-lUuKS^2O^+! z1q@*u7=j2lB14dD#BVWn8I3^*qZGlEF#w_lc2td4jrQY!gQy1(Csr zOOHh)pt2uhAs+R7wK?D{Vqqr(Aug-s<}hSzI*uiWL;vQ5rhwfmgTYB?b}Ix+{evkc z{(AJsDo409w^?o2Pa?*w^^;Yy#YXUHz2|li>vCbghseG>Pir!B?BArak&*)j>>a6B zPR&QsgX+n}VOXal+&~fpOAG&G{vYeB<`Xc*Ms4g0vcs*Yj(i`F2e<>ottgSo*wJ3R zv&@uE-TyaJ27F)6V*j`1H@J^?WPU>q(1?0i@OaQ?>G@2B-vZAEkuEw}{?9#uo8V_% zgOn4jq4M}|%}R$hkc5Y$@V#;|tzV~RU63ptyENLdhg}fu*ho9KLIt2-A7-9luT|*8 z-V~|%q7xs_ssPIE)nW;>OuJbP)%%0?1n8s#3A+6+bku%nH@5;UMO$5HYqZ^HFlcZS zp5LBf_IeYqRi-i*$c_xk@ zUa@}^C{u90DF!%59%h-F!QwETE$Xa)PzZK&8Q@Am63)HFuieLDlIn;vB@!N4LNc zII%rS;;yQ8TRY0rTscEkHjAt2&$*KJu2y zR)PDZvMcD<52)N$hAf!0=dPpnmKgPV^&vDmb`}q$J#2qkD<@0y6SO0t6E6PA)^@E3 zjf~01tn1~$qB|t#ANx*`+Rizz+fd&H*8XIuKq7@z;fdM<>&fi})oMy|3 zR3v@WjmxP0ypxBE!;p=9Sk2=g)G8N26gbkZx(L?ElOz#`)5lwR%wFx`qH*9$K{JVG z5|Igio5JWWo5BdyAqrI5oCk;7RiqU8`Oy54~GDN%nCqoq-2G#P7hJy}LYeiEng z*Q*H>L4aGYMu}xK+X&0F60nRV8z?sM{fP3nU`u=Xd&o3S@KY&&ty=yTYx!e)xH!Io zSID1SG2_k(xa?R&CBLBqIa~pLiW~+hK#An=ZoEiHi6Dp5ls$>Yfx;`L#yHvQp(PJz zlZgHg{YE~Dkv}hF=GM1t@^|$QwfqUdSox!$!j|ddo}pi&Y) zD>xxQx4#k4C^aIHq?$Xw(d%FDag1H(&i}T|OJRgW!eyjvy4GciKs?*a6M|AyHYj4Z9+@+CCs0LHm#w9e=^SEl+_43r}{eO3&+2 z)(d*StGm7ynz=1JTql(v^PHoo6O4Y>lmj-1=W?t%6CCF<^`+Z9j^PdF%$hYYvwTJs z+H7x6XiC%=M6izD5dV4H-_VY`jFH<9$7Ni+Sq&6~IMCE1!bruXF%^fOV=Wlcr^+0b z99GlG2y_KKkT=Bbs+MlU)L5-G(-p@h#WCwR}qgc-;C|SP!-e zjhu$_&dR2vc2Iu`p+cmw;t8hB;QEn3ueLSQF+}aRAD43E;5EUy#ypkwucvNfWq%#8iDtBZ^AML``xhc;v|)N@I#D4L4MBPP6fPbwl-DmuQRzH`YhtX$Iu5fh?ygV z{{orC_Lo|Y7jnkjgAN4#gOp8Z6Zap{K%Eq9aV%kP`6ZPO=coM*jF)wCx7EN8T-0?8 zcAAFs5OxDH$hMJWtHm0P2Tq%JF35H|$;PQ1rc9#-tm}`?G~!VMCvYD^pLZikr8Wc_ z?R5K&q%KfnPKCarR{m>2B_}H zt+CM$8;fCQa*VF}Vz2M!vTqE>o13wo@>C5?Khe3#TN>1!wf7Al5Q_-OBWal1I z!%bysYNJHD=D`h#$rpavUJ3Vya-p%>1%4_8%3{fvF8Z!;f%ABU3(Tvlsx0en`oDVb zqc^ik&XZFD^Zrm6f)4lL$+mz5*Q11Ad<3l z>)CUnlrYS{^RlPA(r(khlzSS`0D13oU^1>PR zAE(=XVCfP%`r>p`%n?6?+qxCMhBG9xFBkcX&q)-S)&2pMuv;m?DU1Lg%*8jjAh`B& zRt=wWHr>zICZ?(-noBj4fgr9M#s{66AHgbfS{;HyN~tf_P~_e;^^l%$GlG-gs7`m# zuhE%Sm>lK`H`o_uVPHiN6z-)IKB|erifgix%KGzX6+ohEmYvBT6j*N{E344AFFD)^ z?HN`zV0h)eGDx95=9|IOTiB%i_|g*?3tCJKs{PDPn zt`&%U{R|UT1R~`eLIPBe?Ag^;cZx6u^X-l8Rg^W9iCRh0D_i{xdwtU-g~hjmv|=i$ z53@rV$o{wMeEYp87>R$}rIkM^(k}iX%|yB#Rso!0_#VI%{L+E^97Ci?pu(J&Kwqd9 z5b)n{LL+#Mg#|dKF%`QU_a9a@E$cGeTsW-i)~rk6-{81JFa&C}&QbYdkLh2+7zI+6b63zK2JaTwa2nzvLC0Vw!MCyNHB|kHtE42B3ie0jk$X00Zn!rN_Fa z{sH%heE3Fp&@J&d7b?m?MewNA{z3n49d7?&iKJQMes}(1uYU`4#TIY=2W2ya^ zN*DkyMUp-uAxZ>lquRv*mWdaGh$~54?Hng;Awbz%=z;%M>OtcHdp?-K34*J-iS&8= zvr@wuSQv_Jq7Gw!BrnZRNc|RRGH`tztFCfY<%C`YQ%L`nnoaeN%Al~x42WURH4Hv5 zg|}lNpnMRj7dCM^iILD7LA_nSv$5%wi|r(|@V6p5D8{f(aXkJxSOqCzDOrkS5hD!f zI!Ky_YUZLEhNedU+ch9JmLXYq&RPgO`CqsZR&|X1z>6GeFiB{L*>dI}8dy{UCN*OE z4+>BXhVy2Xi!#Y-A3ujac#*VW`zVI9+BGu5B&-DllYV*{m{iTPN{dp%y^J7;j7`z~ zA9|5-@EMa^{4Lbw>2U4+9{_hSiJ55JuZK)P*DN1vWe_3NGXrxFAkQGo_Ys#T`AH;Q z;R4oWYED$eX-R8+@KNSb0Cbn6@PukRJc(Qr_kl0@-lK5%?Rln5`Ioohq z73SPbeGw6D^i$AA)PoDnz@}65CgFRPd-Wa{lhYB5m-cMM`bM+%l`##Pz}lmAk41wd zgXt2fn@P9Q8t#~(p_#4Os!mS`ud@wa?EGOfQzCR~z@5)N#<7ecWu$#=Z1p<+vddk+ zfx{cGW7yxk!CPv*{!iU4e{=i(iOlnTUM7OK?8ZRH<3H@){;@anW9FI!OOC;n+2dHo z1yEdL?K_IEn~~U6yC25cy*=d3-08*WDZjBi(;b*l1CxE&*#0s0j70KTjs8aAaBWZ5 zUE%Yw!aCW5FOh%d$^Tey7tccbjqP7}GIwF5wQV&J)@~s8%{S*;wuN&!%i(Xr{&cz9 z+%4boymQB^O-Ax&x8v0sBYD5CCE4xY#6hY5J9rUrOn}k7XE8f|;8ssC>r`+4-Z@>^ zH&$WQ1y_n}hD%1-Xz^o;*&6DqltvEW_poa}C4CJ(-X8S`Zq-llCpu2k;XF$P2m$@}*b6o_ zI`cxRQ2?jC&!$wsML~r$GEkwqkOy7|jkyPY6pb48>5F7WIKBRES=#b>k!|dj9O?e2 zN~iJqOJEk`=59ksIyWt`^m--vj?MCih$DS{bJbWY_tHduy_oQY&0L?wcIB!*Q@$m(BMmF}wg zAts5yQ%JDRPuaz>p3JjL)CB&wJds?hafkw9N)P%_ydJ0+j@oe?6k0S8EjriUqHnWw zi)Q_Q%$*CIRaM#lXM}-Kz%wc;UdW*^885v<-WX9C3iTX42S+WN!fGltGO|eqBn26m z0p>Iun@r2ndg;yHs4S_>Na=Mzf&mN}@G?m0c;Cl^hG;TKuk-)@p0)NlXD(dy-{=4N z&qvw&?7i1o&wB3bSu`7#3f%h`tePW+?;Dw_J^KSlILRW#*>45yBE=}(n~%Yw%aSc zyM+_&nqPa! z9_NR3@#v{lygx=080D6-FBhj$u3%J7T$QG4s*OI|e(zKrlu#*}q5+kXDYov)WJYB& zt2EP7oldeNN7jXv|Jvz-7vl#?wQgS`d0~8E7B1zknz!ua`J|>WQD(6prMUTdt*C9a za_;GH;jfN51dV+0^0Uc#NrA$xyOZ(5RGlk z<}*UlxCtP{W*1<#C&8{K@vubLsODzG#HOZ#Jk-7EFgcmUVel$j>I_X8Y|4+r9NaG~)2pdP&^E~A5 z-0Bjt(^<=5d+UiQpuM?=c<~p&?hpMW$L_(cqa&o>qER0WAhEFM zYt-hW0Uz66U0Pe^{AgEGykZ@;1AlLwGQKX*lr>6CS zg{en1WmuUokWFTizV-eAeo!)x-b4fFUqY>D$VXj`23UIjJoAIyJUM% zAxpM4_>EF(gzSTw2Fn{W9Wih968IK3zVGPTyfN`>xu6;+ZXl_Y`Lba2eNJtGy$t$7f2{DmC%4Qn!bz-hpgTTZxnwWM?Bl9uyMnn-n{Km1WqcfQdd-%U2!9-?fLzq zYwg-Ny2`FAMo+ct;?Xr+i5hCCW>G_p-SlTs!)5$viKcG1*V!#>jA@#9h1^Psx%?K3 z7jDM7x1={xUJ(zWO72LBzQtC}_$=gp_eXh5(>_uJcTk9V47qTwLCq-KpoV7!t$Y;K z6s8@lau#0VS1?o@-l32T7fDxs{@i0mW7;=;(S*IHpESL0j+O=O^D z*VigO@fwJc%h+aD?+ZW%v(7#cu0ZYQqsene>xMnXuE2F7=@y#`$uUD6gI@KDzv8qj=;N55R<2R#)V8us&mKp3wXaH%kbRTrfm2Yx$C{vHO=7BO&iC>Zc-2wP<0{n`P~7p8156H_Y5+ik!+{vWqbWz# zONhYSyPP#PaY2bY7jG&}9zv7O#dhPjBmWJJ;-1MwPtA&@mVZBnOGtctd)?PHTC52t zC#8Y|;lv!n&Ui8t{EYK&V)AM zYqRd%V%0Cb>8p!|>(p0Uu8VhF=dF&?A3SV~Q!9fW?Sjk(6Kyfus8XTX1#i!Ijt0nL zLk4FuR34Q61;hNYe7!Olv7U632osNOGInP)gdlIa67=TX+EwBGY=%0sFrOo3g>)Lfq|v^ zELC*)ck@K;rNf;o)1U1S5mZJ~foeiN#1gI$2>{Ue*;x#cHkPdLv1bHS031jnT0 z%fk7jrh81IS2j8OB-1Q)hQAK!h+o~s-Y0t4sfVE%f~XC89-1fYwiWVbBDj|Po4pBi z2!HxfGG85o?1F1s_BwtGX8mLzW3}{6WR{1cvA$Oq-yJF7d+g6dmdlL6(S~o96wD}R z+6A|0R!PHof8QZFI7E9OLGS_u5}h%2UGTsof?yh|Js8t|WU`s=LUax8=q5nV}j)s6Jk30d=9L z3L`_4H8ic=DxQrcnXi9=czQ5{!J5KuRk=B#!_=3&`5T6YijzMUq*qEuu#mDV*QH*_ z4~mxbL3#SOd1+f&L~Hz8tH}uRd?O40SEh8{_7Y>Dd)-)t@o%yHb~!y3%V544U0VBPBSC+t_d54KlTA4Y**AqJyj^T{!B>K#=VhB zPKf@DRHlJZ4tg8Bu|Y!biedXG6zD^(V%?z|{;W_JH@s}p1HEj~4S)6$K1Nx)qP8s$ zn_#&iIAR#F*zL%+L$xr{eG_ckM5`w?Te^p{;b-v-q*h9E)^Xn9Y2(GvT22#d#cb&rorYMb=E}dPO#kVVKr-ZdW;_ zze{N!*__(DtfE_RVR;r_xle6!pNJ1UQ+KvPnPbG)go5jsf^ebCh{iX;&5!1@2j3}z zRUqx{*X}t*+r53y?w&L0Va1r;PLfT^3du)e<4DMRtRJnSjkekW!ywwtM z(%XAK>7_@o9}nHtSCg#GMbe}{%Cq|8Mgo_}{(mcvyDmHg?h2cO zH`OcIO%;--Q_t1s*yYTAH6LXrhdf7Ez32q$^gQ?0!TYaK0d*}6sFOZ)UCWQDudTaG z>^C)BL>6in$Bt50!RxjFz+riMN}&#oB@{*;D3?cK=tj~- zF;=`p8WXy~qbjwl&y36NgZ0K-o2mG3H2{iRxk`@7WdX@T$f3zRBtKW&KT1?gI(1f0 z40|v#5X(t*B^Ca;DU0FT_E%jFy_9r)>Ic0wq05>@vq`(5_uIKI;+z6W))0_>VxIt#`=kdfeIUTF_0l-u4ADZtg&N#sSIxzW^_5?B#KJt* zf4NB3%XbI;qR)GBd-Ei=I2#|bx+>VbAj|4M@29w%`E}}JTsSKv8^-+5vvo}B*U2FH zTp`$Si6C^W9sJQ&3WVVBq4-!INax8etDsT6kD73N7U~K^Oi$gg*f1=IX@^=25oJ3X zq8n<3t>t)?1?IU+Xq#(ob{7u>wiuaPVX}R-%okriiS^5s1;8e~JA!+s>>7QnY^RWk?cH=gSAB_)x1!K7j;{4MRd0@N+3byQ&?BInPH$K#Q=R$uw+KO8>|u zmp211Up2a%1;0^T28LjKDSu(MnDof=2f8gfn2^Jua?$G+|Gw^2&XUaQ%L)wOv2J!Ue4S-0hPK{bp>Pr_$XKa@XlryG2|WR%`+ zstM<*ljh|-*_GblJKpVNf$FPJ>8*TVZcv+U_%pId6-fEE>YCi}CsbuYaHX=}C{{_a zB|NZVOLfDa6^m`ko9)G+ddXvDm5UgW_`^|k2*qV3!EAw+*CewgoDbUm_u`T zg?#_PeF+I|U2t_!_OPRfJ%R0(P%yY%pFyVFX9wA5!^R)vHd@dNNB`_sPW1$z?o)K_ z|MaYETyUoU21(XxPP$SZ{KS97Gf%~Ns{>%^!ynZxefi@>zpPmPbxGF09x@2L&D&mE z$ORUesw*sFSI9EUo_lm+uccC;ff_X$?9dH=MgvFbBgYr!24h|drv6Ud3l*<7b*!iw zjE%mA==|7LCs^1|RjsTELKr*o;AyNF7_2ebZ2ehdGTb7#-fA^YLGYztu+W+8(_s%5 zH~{oYG$3Y!;^6$a57ibMt9J~yj2!VJ(p%Y6~ zOxYz)&%@yZ)+>dCPXw^~X`jHZsyXkwZA7u{JHf7&i|yLyyWjJj2BG89FQ@`4ZsW>M zM(_MwFO+<$D({l|vCn|*<(y5*cjRT#YRTUWb14{M*SkLk-)R%&TbO`iyR zswogFvWaa)Yavt&!1&we-Z;-H&gdI8+QO${{1&%C(ShI3&bbZ2!hdxbGO6Ev+{a_6 z$@GX0%%HTFo{M{z6~MIGkGCNI8Rv@lfQD>1RrSE7I6Rh^Vn4MKuO0zzApBPAJ?m5%ldyB9olS8vm^k>F9BF{WvY)Z)Q#}81UzCd^r0wdxs@2 zMZMx&@wIg8Y^A1}&90FxFAZw{2y5Dr+4yE^nH{(+#2;B`(%XDE;aESysynCQ<-rzz zdACS=2H1`OBZ6PQEuNj`1O3^@4{)MN-^ZqZ9{OjGSM&m(C-}>M3N@-7cErHn* zJn>~wV79bKxCLhWQ}A4W^9R591z<9NAe&$t-uan?aX7D)eVmhr7WL^={{B%8{&O7v zz%bK*8volsuOavxY5cwV1|#{7xXF)r^RSN&|19I3BTu)>$TPU)_l|iHx`uq+b*hT5 zW!p$XstW5wgSP85QX2Ng5mv!YyNrC3OZL0q8kkJ@sLA1D<&$0pdu;&x!=;9fHG?&O zDLPky2llhw3);bU7V{dvj0c!rEq%&b>TmzguqhzTZwfLOOW;a`rx8JPVPBNrz85xf z_Z*Lr&%A;@H}|hl&eT^*FcRg9d6XP+Abrn;Sz1mZLDW|bKo=l z^<-how2C$c7=(S^K=s?S2=n+hhG3kq(C`Ag48KV$9eJ%V|BC@&hlhr9*umh#zwI$f z431imkFmbzm()4_%)?K9{?OuydJPe(jbT@NhMlVH`C7*ZS+1RZn00fGT}Ix*r7zb8 zuat>FKf$^Z?U8gHs-0}CV3>kWl z@0sW$D`MPXkp;^jpYr6xJ>%p&z>)0{Bh_ZRjNHN{pHv}7j+dqo?ZwDZfmub_J6zfC zxw7B4vSGX?Z*bgd!{cDrNg|l`zH0s=^Sjr9=9{cf)fSAGGfp%Q=NM1E9IUPF(}kaI$_ZG{{jdMa z0*P^?jJy=$k&E{lUf$0H9v`v$|O#wNvZ)T&|(`e7ocCH-;LvcG_j+n_T+C z))Xm|KK%U$SM~u{_K#N9Zy*Q`v%w$F-$$E5LZ9{E?<_ka!PQcCQRR?T<#FdE#&J`= z?r>e3ri9cVxzE6W|Hs*-in?LVTrbOR1L;E0nzvA#c zZ;0W0zFkH(aOn@<8I#A}xFR-IZ?#;Eez+X{z(H8aweo1B4OkoTGz^M&8{BKG*{e9B zG0-($07AE~& z;@>&9JA3Es%j)-IU%tUK7~1LvyNsO9r9XbyHj3W$k-sxt*|S{Pv#spj?aTL7$NRJ| zQ*30=%Qivb-xnM7_uFOUAGq{oDEYU?jdaw>voAMp*o*vL`lDV<^?vNjFZU;e$&8tk8ckL$n9e*L3vrmN661x31yEacK3#=l|`+lvQ?);PyiWzx`#Z=%}yS!1DViGq61Q zCp`w1!LdC%atV`V0^I)z{+XW#_VV2ReT1v)&T=plpatg01LG9a(8(n1Z_Vl#g+Mgh zP5f#6Ny;CXrc4a&J4zbiqz@E4R3wDtp61ZHxGo>9>`#7kPk2JO!mGot1<3ane~;M!+A(-J4^V;85FiBg-sei{PdkJb;<+hD6W1YJRsMJHLBGF_q2RUN3dU{H~i! zaaX0>*kdNz?8?Lx*M{z^=bqfqT|GC_(0ys0?&?07o{c-((EY_3gCFFkAQR)Gx|7n^ z+SBQCM>KSQea68L(iHKX%&86C)9VgN$L!_I8IcDMQIVs<@lQkdERu0~`Cy4yUeW$P zTl3_d*wsz-5In3q%<`_|siNvZrxc{;>+|L-Mvxx!&?($^Z)Q!)2Q)ut;4^t6@WUd* zD3ZBcZ}n8$3u#V8Up`d2-@>IQQ25B+RgZm}g`VOO5*`~}2AKzk5t;+%3k=JI)P{Gy zIJd0fo$48fEvKhM8HfGlKcM=B_)ol=aYp#`w|ZLM@Xps~9J-uh`mnKxwnsL+GmA&Q z?059lA&imMW!TL`o0bx)lHWAKx`vy>mD~!%PN&6PuAP*a##~B;mUYt}to;Rb19X83 zAa0cwmdXNqsb#rOv;>tzWD<*dXh3PDY9O9Eawq`soNajABYGBDFqL;>H>YnyZP>iF zCJ2Fl#WiSFzVkmXI8ob1FSfZ;blok}k0}VYzWO)-y7jivl>0PHpr6Sz(bci1$E?4CV-B!_aZdg# z+g<^>)UY!?>-te`Mcvw6u~4yoqfny3?*jX9!`1FX6&H@>+|twAZ#ahU98(6br1N_` z?7yG;K*7U@8NKhf+2x5w>V&PYIc|JE{m=1nX~@Ujo7uNuLgThNHU(3nOU24L!=hzv z%DEAlIjmI)Y~*pf-}UE|&nSiegi2(g7k>Rm>>o<%f2;X2d9s7@bh6XES#8adLMAKf z3_|!ydn$Za{8Je(Ttod@zWPgbtzyUAgEg+VH5gh1Rj;RTR!v^bIjKC2x2}5L`^ZsQ zJ0eacYOgwTX*g8qw|u#kzqW-EM{AMZ1RP%W_*Pv_yh3(tFE8C&brK_%ylgO$A}7hG zy&)X6n)X)iflpFmjv#Uze!_h1Kf-sFM(8l5GMCk&s?mQJD{F0uHABv=zHPn%^M);z z3y{Smn^XDEy4UNW)e4!rtfa4!^CmgLdwDr#lFcgzRBe(M3bGm(n}GGG;Hv$yM4Ca(rt*h z?;PT-QXp}a`P@%{Sk|K+F8~5n(&a=B?yu^8(tv$!L@ zrZY-1&qxgOhV@KKl?ETWu8-eilPJIHnIP%>%Qppm-|>&!s7l$Esj@OPevDo;G<)jPMSt>x6gFEun)BD` z3K7p;5tl#GOh1y3u@6_>k&s5dAO`I*xqg1kvS1sBIjylJwi70eT2tBdQFGS!a10lg zC;UuhCA7@QWS{lIo11=mb!s2PnZuZF?{5fX`YrI80~Zm_N6>);Rr zrdvOL?kTpF*w}MVn=yDfNG!;FSja8Wrx<%n9F3LA$1T^f2YQ2LDh6^O9>Msc)KAO0 z`yBMaSv_D*e>pd%aP$?efH5ipzOPdv2u!Kp=m1=zvTG_VBhu!m)wTs0b8MaMbV!B8<6D#^=F@ch%Goy>hbY7fV+hf276 z;0Mm1>d*s)YSbcD^9rci*1cH@ykYm%b5BISHSDgg`*_1{d}*`!nR9s&S+E$qESIC) zk~yVe_w>0(H0=I5Ulj8sb1V<)24|)EA_{k)tQ|KF8x^0@=zr=j1eyQVCL`8kT){pMZi+f=_*L1B2(h5`e;sFj8nLWz#kJBol-qOrt=KbXXuNqSM^S7}>lhLg$(%#*{4+(IxNt4|JG9LiI{kAOMjjYi zptBHO)e%F39~>Y`71{78k&1T5D%MT^=)|T^6rfPzoM=?GGTN~6AaS=lvm!QXUAz#K zZynn`_U#-H+GSu5Iaj#t!JAzDnG6XIRtWW{4rhp@CToP3sQ0xkOvE`DKUW@4KkCMTjg8%CGkHNiWP&#Nq$MKKyOGZT5NH zjI#*Qz;#+6z2f&$#Y4jd(%?5-BK=*GP7KvqrefA{VzPbHtMzO)b)z7tn)vq0!pI$P zQSQ`}c7oCOKcs)qeWnVf0NFq8jbjUfF#sYt;1&5p zHh4%@!8~(+E9PMoK^!QWEZ4bSmeg7uJkSUR*H(_88B+WzOJR2@uZuov%1dUN>Vr++ z@9t&*ls(GF>8?;8Dwc#ftWnETgL}3~{T+GUK$#^it%YzR^kYLHv<4qN&C(t3KEFRI z@2u&c%IU3HVd`Z&^waGBHSdAGL-2q4(D%tX(6@bn=zIN)Y11AWs1Ec`+e<<)GmY8y z&!_z{(yi!E{euD}S#S5i8Ar_j z_5WkN`Y&3H?fxH`wBWcOF!Hj$Cd0r{D!w_ieu4_?Wf- zIohY!J^e4+C}eZyOqKxdF67i|^JP;-naR04VafkP8)aSabA1Z;I2-gR9twVXJ6aNm z5l$&Q^11%;lfJHpC!_T{fm^>bAEQF>&c-Uqd)<2Ul)o~-SYkAH%l8$T*~D+zr=5{+ z{}%kQN{cnox?$|y>c2&6V$euI5YTZdY2$$wmfD~q^*OVpQ#mqv_TcGPr~gT5?XS{l zAGsEysmUyeC#eb9*_40_fAv@4<0`x#Vot4msnmJ3lfOP$uxW21HKXlQI=Mtg>_Z>{2^I3Ljk65@rpv_|_+NWNyH z3@KJleD~(AEW{&vLX5xSAT^DpbK@GW5NN1JA>~PfKWzc1iZ^CMg`JsewW|&5M^iu*LQ@tx#X zuI1<+x>h3vP^*z{y|8IpRB-n08^JpofPn^kY+4^o*G8K?=gwPwC*MD!VO7s3>_);k z&Gz|btDnDM=-CxKk$gVEhEOldNA3MR%T5-oyG22$ja_W>!!cKw7D(ED<1u!CG*n|$ z)Uy%di}L{w58}J?bR|{n>7dvi5#DTvK6~srt3kE~JGgD>PubZ_fq4(PZA8V7QOa-o zO#gCj^9S-o%f(dVl;2dT{HAF7;QUOIJo*3Q`BZE@+lMlM8r+}*?%L1^=#N{ZH>50rP43He?#t`=Qu05)$8@r{0z}yMsx*S7SH4%3 z@g$+W9&T0k2c8Y)avE%u(mxm-8rJcF70=8#%*Joq*xn#@MK`geif3*)IJ&k~&UI$U z93Ns*{2x!I1jla#>xR}7kiCV_`5Bwy%>$p3f3c%3O?Yu8i*SZ+iZ%~_3PUw>h_6QD zzv=x}r0MXj@}G{IjZ)2m+vmoOKQ~Kwdab`U*IX{;o6ZHY=Ei&g_hb{W4- z?}Yj@vdE6d1obtdepC*Ph>u#8c<;@j3FdJYhu1gn{#Oslt(5G`Y`Q=wE=+@EP$0cD zF>qt%5}djjgT`(K|K-kq9R&-Q(-(K9DaLF7eUb|%a832blO_4C>r@ENQgcUe8Pz94 zkx>^a*53%^JG`6gzm-H_KvxB8Z<0*t7x@i#kNtcjSQg%H4SvRL%YmBG;QLn`xIm=W z=aSFhrXKuLElI$p=pRQ8^4djx(QiIu_f#d@lf+RfRZbg=$i6Z+~N*qY2kUqsP1eN&d1*G~gz|z^ro2>@j>>6&LF#R2q~Sqcq?;&(@b7W{+3A&e z!at~03e8oh@tIWwN2+4!GF2Etpz)btG$mo`gM+yk1&Z}!sVfFvoEmzpG?{$0jT6w8 zzj*k)S1$gklBeSY$`2=ySGT`Q3-cd!mvC0=fZ$iy3k@e)XkMidFt3<}odfO6ST?_Z zF>{#2TVZ0AC4BHwvML}MFgqbxTE6T$ijMK zP{#$aX$*iHva$470AhQs(WhPIkN0tI7aj2#NXScIOa>#C|U*v$d>f)9@5MF zi}LJ?;3XxUvEB-+{u#TKu@5e_TQv9XU|{&|?%+@M)JD+1(QT^e=M&ABt}euve&|N; zAD0WG;|ygoOqeltG!pYvYZz1`hDU4&9Ry96NChx*mgt*Rs#F9nDmJOokh)q!>Kcux zm^Y?G`pUc$)q1LM=O0`o258t`-LHR8u`V+ISmO{pxX@cL4?w`yI>w1--MQ@CA}`0N zCv=S5MD?UHNW7Hgg_D1f#|w&2DfjJGaSg&|+AaA^w0#d|o2)kS1QY<8Z*E@2#v5;r zmJxz^D!Plk<#$-HW#v2Y1K}B^VUzp_0;Xzwr_9O=qsifzeTgpMlt}(YXbK7d;ovY9 z6}*vy?bbWIwFFU9gGUmIE-#!P=N3AgV+YgusgG z(2xiMj>*MDY<^_QzM|)$fA{~4ey6>drQdbm&%@FG5Axd9dZv?`vOo^t*fyn#fB)x`%N2;46s~aFU1BO{@tgfUpD(x} z60bP&3xh5zm^+9G(Szn384Tpu0R{WUsfa%uJf7SfYkw!si7N9irXh|!PL!dn7)Zv; z2r)hp!)x}T+r+3%Snt6)zwp(_{KNQKTl05HIuYhtnQ!xz!caNCT>{i%w>=F0QI!GP zXxrB)VAf>6Z+EdTfG_2@_PUo@j3-}b+j+MA4YtGX^0@44{0lW1E88MhW0QTjDOR>Q zk^FmX*R~ijX*nnzJWq_;qg&N^X=>;RQXy(z=a+Xx7R3gs2_;<9iB_v7O!D&Zq78^S z*)i7sd}FhIGJ8=)vG1{N#0nop<4a0wiNdn9P&V1{fYO~6lmojw2mz{abEmGUp&wK6 zYM_Z#JQ|t*2YJaP477I||LOF~`FGp1(2BZUjbdf1vdvnCJV6h{Xpa)T&< zdxO2;yE#E>z{D^;=^Tvt)<<`OyDWfAzV#QSidw_+sA6>6-JUU&lVA#$Cu&Oi7}w!$ z164oFn$_wKlLn}|t7QL|XS2X`-IfE!g=tjYu$>w@MHm;B%}!jP5ku&jRlE_If3hCH zb*|~g(e(mBHpDWiwqQuenCf9jZg(3mDI)1M?TjYRVA6xkD!J;`O(3L)j_qVfz_!DJ zEH()DsmQbe&fNx!A^;KZtHp~~JH)pFiq1u@3?6$X+t;CaeRYUu2L}gs+QmBjCYy%) zEJPq4BkmEuLw%$@jEjv_<*)&U+S6mhz9dFJz`mb`;s*q{-^*(qV2#UxHRC%u5_oW; zyE;UC6L)%S2*#_E;+K-uFG`6ULyhG-c>XXj)mlCKz-qk!P@*r>-vO>z0f zsevC5(md+O^VTRei#eM{rVXWPbi8kQ%AB7$^t2gJJf*N7%f{P z>NW`;8eFPt#ZKFPJib$cCWeY9SH;R&HSTQTy-UVOBp>Az>muc3Bu2FfcMe!mGf;)a zlv2XoMSiDpxruMebI8M!v8pepj;V}s3~h*6)RxdD_Lg{d>RR@yvO0Ck$<5+fydE9W z4D8Z^@ll(jg)s8%E>pcMEsoaSO_}rFckxH9+db`K@F{ZKg3FcY24XI@>yF@KTs8l7 zE$`0aKAwC&c%2^_B7E3>2lDxkv)fG~aS69A2jKrn9al;bXnyRW2?yj$h`lQT{C9NjG~C~m{=uxHO#P5iap9x+W^!uyp>YZ4$^3}Of7MAniw;w9eAqH} zEm2CA<8B-Dk(m`MTp6!;Au_*HWB_!OpJ^Fuz-&r3sD?h2>chK!K}x06%uVkxKx}JP z%Y8VNr%s#?S$Bi{;aM^vRgAwF*xphj{Z(z+;u+2V!1{{s*_1R3vNW42uE)oB+S!>w zLFr8nR&k6FQXUL@I@|Uy7w5GtjA<(b*>vc8A(?t4pJ`HKyps0Z{KgLQ!w!VL!7Jw- z5KYa$AHQ$^UjE^%tbcf2F@&18U2>-oo2c_{ z|GY#N=DM-1iWo;#4ed)w%jJ_zklq|;&+qq6hjYE+%_lC~Qw9G$KYK_Eo+&FM?&7nH zi9+WE@mkU|R5lFaU4Lp`5O3nWF3wi2FT81xx=?Gf3Oh_~IH;si1x^1!yvqmTrZEL3 zGs>R2G!ne{tM^{H7`IBg(CmrTM(5iALuPIX*Whb`vrG1nFZD3RCE6cDJnTeJ(m0{FWvd+2~Lfezq&}eWD91Wn{f8v($wh7 zW$$G&V(l-6NUp^Z#v*YN?cbO``}^!6kp|%*eH}%O)G?^gaB?20ul%K`;TfwR65mPj zki--J4Bp&4PbMxcL{`To14Y~@)t*YV!Ql5$UA%dkA}gu}Vz#Owlx&nk;p53C(cj}a zUPsD`Zxjqskm5(?e6mD{kCjy0-pO9kkwx>&1;y)mBwDt~d7A^HI1tfMJLGSvYEF1p zr1wJ>>0K#fW0kt<{U@Nob=QptV-;O<4->mf3=;S@jf)0Q5l9l&u`jl$xtJxW{9jel zqNWTmk51wznE_EhGmK-ptBYu1-Rp8aBuKG}w<7abP^0X<1+g28S(XZ^3NpA1pS2zPeF^51i?{|-` zw>rXwna`>Ga(m<$Ji!S+o=Q1l?qCtQQ9z@8tF2>Be zK9AWQIj?afIPebcTSsi`M_8GEhWYyBW%WtP%GbX^@+#!M`?0WnQn@0x-Y6HK`Re~Q z;e0+_qe(-~6ijXorto#}Jr&WZd`}0La7&~T*CitVF1XoVy&>@OiQA7s-!BNo7;>x z=>*Is;Y>B7vw{y{7u8+Lgz_h^n7&ikK_UN2Uf05I=@%GQ>>Y0&j52^ijFh6gU`8i# z=7%j@$A@Bi@n4L?>to3QVgrG?95qvrVT3zP+k~wcUC+-;k^}!E{5-74$NycSu+b1A z0Zc@R6-9t)$(+%OHIZAlP*=S9R5k%cbq6-I>`bICExaUkMnnm;3qK58vE*>g`^DN{ zNidbSP^amV7sm*9U@STC^h8BhWd18sg_`Hv!i^6U5{Hiy8mU1M%WFq6<7{2vmNUdh zt)b>3C9p}R0L|0siPHk(JLDiNAhieI218aj)kg>4qfN`3C#XyKc(Kft3{ z3ar6MLg5pBj)}6zt`wa4&%qv&4}7q!dT(&y7PLne-a!$0hxNKDZ2*NRLR*`j4b%Vv zl$%ow8z+D#gpLsy<#J}miI(^znpN4gAq&IfbF;XSs`~o`Q&msSm8wGT2JwjWRL>+( zje2kY)YIL@Vk|L?R!f_pT~=xQ%L{!l-CY%28N++7?)^5N$8{K6dr)Pc?9lB6+*)<| zF^(T(QL(M>N4RSd%pg`uf_{M5*}iWIMVAM^EZ?6VNxzay_mX~Sal!MC$$gx+eTSj+ zUS}Or{))VJ*>e|Nh&=dm!3{^4d{&$}>K|3a%}L}uNLlW0x-0^i8F!8T-z=8|gas-- zZ?$U21K$~Kf7kRE;iAa=-QRPdTH|oRQEowOVxDP8uM_E=tClBL=uexPMNlSB#~tki7>FO zp12SL@=hNuu7@Y@1r~^_1ZKn>A6#s;1<=JLG^2nyt z07pA2uf?-8qID7z(JUyu<0l^qH_0iYH8VffGuW!0-!c=>pgnlVQpx?CLoQOP#+`i7 z{%^%DOo%92T8EaUdXchcs8l=^hDxzA{lrNL3px_BgbjCV#pqTlAyu(%VqTndgItr4 zp=roi)t8ewQyKXXHRj5S+)M4ry`$@ObrI4f-1do(iuq%sHnXgad>ucXi^WH}O(kUBWe(?%Qz> zed>vSseU^mYVHln&62dK-{|M(`s$}(;pI4a^Y{n-rQ4bO6Hl%WKB6CA;UCLg#6x8N zQ2S*={St2Xr=5qMvS01|mHcD_>E|Y=p9|dNW|w-MbVES}uXfn)TvFEvF`Hslli_;u zx5%$2Pw8w{Assa56h-Tos6eXdi^mcm;FE$sF}qg~oc==>u+dw4BGc|NGD9q`80j3UMPyCHFisn$qQ}V`~wHKRS%u5S@=!O=0&S6R0wGq zRYg-*_J~$Zp|aqteN-Z*#XAZQ6VeZ=YEf16u9a)>eVZ%}M|JLHS|Q?GUx?9IM-I}{ zup`fo$m_`O?tK3p(ZZYCs4V!}J}Oa1aIkY7LA820@k%b1(N0wm4gGh86qawsfpmX1&ahNasY&TmNuUB~w=Ofzckyk`rxR582!3J}dzjz13S9~;$6otL*({gFkYK%BHc0l! zWYV1!aoJ>$-R^)YBjC$4ei$n2B>BM3s@}!wk>Kf9V0AFuDWDLDdb|1wy)b5@u^t5W zxecKV@h}=Z_>vP9LtXwG@k6I7%eoA1ykd0)4ZfKB!Z!;Ro2-P-xl^Wu*{k3!3pp{u zbjM8ikW#+@l~J?CE~8GjvCFa3U6`eVii6Za8ou;H&1{_IPzdAKzd8Bqz5Fd-p7HOG zQ!L!_SYlzbYTQ%GU{Z zLmvxu^=f)HMy#8)@ebS&gdH|Cc@H2+f8F(>;0~b(wy(Cf-#@oa2&u(rp8y^d#{ zeHgV5lCro;IalTin$A9{_ut%QcxLf(Be*MBMnaI7bUsz@s@{TxyA`LA+ zQ39j&Rtszvon>XmY6|B_mhsI1$-R<|aXUYt%n&A8hcnT7IrFT?GtWAOdDbnF#>Z48 zrvDJU$;?;HerFdnPmknL;=*r>5^f9=3Sxh&4>g^64h6wYaCkpu{OZH1+=6DUKCEy8 zp4ALKQ9HM!`J_vQQ~x;h%IXDtul^EWmnW~u=0tLRj00&jcAu3<9Y5C16{WsV7)u?0 zhGu;6Fn>)I>6iG}%$=NXDScM`%(#e-eB;nO3{1M!d7DNBuZk2!Q2`5V%KgChFx`>o zMYCrf{zy!ly{3k;%@y{Kibqg!@Mh|OD-z+1iORe5 z_!d0mKGPTGMfI7($Sd_o@E3`&oi8<>J4>Zt{kT0O)t2>d?p71bKjd~lc2P_-F8I#z zUXrDQ5UssTFr>?RuOHvx#-Fdqi=4N;MZHVj>#&pZS14tM54m1$?^oDh>)IBR>_H-H z#hY2l?sAfC_?@>}6|yB~DA`dYJ8F_W9Lc`CE5-`8#?`7c+@%16=XWXi@sK>0{zkJC zY6Ae4UPhTbq5f#NC|oRi4FwTu^xyb?N_nwnnOe9{L3UAbl_UT^p>cG*K+4JV6>@nH zAbSjMtAyoR33Prp2_i^}X*yoE!Tc-sue;R_2110Huh^PqGipE+FVYebIzOz`*y92q z|J5P6F3bMj{4MobpTn{FU6(YsQkSH;I!}ftgrks3YWpm;1>+8=3S)IPO=5%?FWZ>i zKT7f2l?Jk82#{;cb+QN`zc5HFQjL}E(5xb}78n_D=B5(N$+XE7(j~#Ph;`Cs?IQ6lg&OdowrnB$*@C}CeAKIKx1<%tW0-5v_~OGRfVi9 z&KL`A?ufF(ha~6Yws=K+Q7v{DlM@^KQ@<9VS~MLaqnw3KPH<%ysbg!ETaJy9jlS>? zHqJe_BOduZ8!DdLk)Fi^HuuhXp*9(~;36Iq|9vL%?GJ*UcYN_rlXeo0~DA%EWBi1);(L(}I{(Q89G^kNF?LwuSqt zOT8>t=S$-8gKpz(w95Ob(?CXYnD8OTs# zTttqkXCQgB|15G0^w$OZ;Xnb5cl%_FHI2!gWS8hZ65k>=I!DTa4%=WxuD9^QHiJY& zp18nuxJKo}zVdO7d!CtjOtg78O!F&7lfygU<{ZD+xbux*(|E51Rt5{s)h(uWWpIve zQ$?rCVx&gCwf^LS;G&67v6o((^b5qe<&cY;>sl={>{Yh&yKz_#Ui7uRWp#I`!mn_9 zAR0z0u`<{;-1V$@-&Whw0@A<9P3(D14zTYBM6J2a<(iCc~{I*&naTKp25M~ zEDc}LKKpR>FEU?Y9S)UDn^@ZP1#mH`?DaLakV+(RCPzcr5Y0kf+4x?AD6VN=7_d}> zTWF+aAylogi;I(G#>Y|@Tbh~pr%nt92kA3A;|S#~%4J#%JeK&*Q`I`ftx5N%VJ{Oh{c*xp4{vn{vE z8BLF4h7#Iae1H5o^1oUYc3W0qx8k>-g|}}6KjhYZ9z^)|fGI0)HOlv76^T>~mkhV<6CJuRUA&d<92Y_p+qH56K-GODma1iOS|j(0-|mPk)Q-VM zqIIU4hy|0dckw8MR{2HA_30ISnccC5-4eZfIiWBQ5rfVHd-|8Bsl(;MBVCv7&N-KF%RdSAImW_fL`CI>)isZxiF#_G z*JBl%ZY+@&lB*MbCe?HO+2U3FoRz@~XB`-?2A?T8AO=m}(CsYA#q$n{I?Jxb4zF(w4?aY$AjFUTDZ%^_{N*58-fM^$j`)_q0 zmDND--;}vd|KKyKi1*ONGip?76E33WJj*pHpOoXNPOi@p2Uw5zvJ?VyX6)d2a&(8y zMr@gLvbKg>sC};E&7+^ys_})S@oSm?*4VBm5~H>=KDyztG-Fg4kv;5w%8mLTXY@0_ zSzjjGV`b|T_}|)8j(O_DsP(bJRq?W?35UB3(G4VjpAfIuQfHhrLRf>Hq~|e|EOU|K zy7zoXO)qw+<8p<5`)q8)8sTByMn>VXDrrQm(Kz)?=|HRM3*5SpI-%R(2>aEcZ<>_J zmc-U=1^+j@A8Nan+ZF+Ym$8@Z6&tCV;WPCp{W0u-*w5^r(~rq~Ms)o5Imdsq#DBHo zzuN2w&PSlcg&HuD?mq`pu$jIml5ON49_fByWFRV2V?1S=EYCh_yT3&8@$`C?h7-rh zBdd}In`#bv7~@ihFq@hI7h%j|#^Kke|CQs{;McPqx8k^&yCw>vG^A{$>zHSuyt)a~ zUhSFI+s{O3Kc#>cP^q(@Q{G#R#=h*5cfr`#WKquzV%>jZL^4YV)5eGB=?z^jbK0mN-~e{JM{dgULRBTI~l@_~~nIv0FZRF1Wxx3iSPhWA%L?2EH%6 z-5T7(t*`JHzI|_O9Sj=sUYYuge5TGDMgITK-|y_s?7mvr$3VA@5jR1t-)$;J%3m5?R(_! z4;TM?`TO@yf1|Z~%+F=#+Xx<>phT!+bHT&oH)>iy>l1P*DK2*6LLKrXmY9ZOM8dFb zZZV_o^nXfu`Naq}evdVDIk)2UU3qLg=ti+|crJ?#X?g}yluayik{>9zFqVqi0B0Nu z`o*`!z>l!LWaa@@rF>_!Kjy`hqJjn(lW`UwcxOUv<*Vl;3ZITOJl~oq+d{~H;)9j6 zpNLH2nU)-3(MZtRI&lT&svx%I#l)z`6RA&(MzxVg!1R;jxUfs+VD{)2?S+GB>D=hp zb%vkxLsS<}eWp91(2VRueAFjU!SdEMy-pvon86?JV_J}%@9#|ifKLQC7LIKIFJf35 z8^PHR=BD73iA2%n!=lZf=FR0Ja3kC)KKL-ZPe`sK)A$7DiB~>f8a)`_R*NYO@FaT& zrY!wExs(Gsg zQ5acJ%$>G-TA)o#6(3|QLSS!a#!WgfiBMFQ2Lt2x8=U-FK0mISn#m0d**`HHOyGAG zy}r{8Cf4**$PWt1bq^;Ugntc(Cn(v#1Opn@P`}btqPpfrh>y#6VQ^!wvvTA=>xB); zv8aNZrvP9Fw?SPM)%E_4=1PoJ$fNNrvsC54PvazRzz<6i=MEJTSs;_{0B1^@9>d4R z0N2pxciza6Ecoj;+^&(TPNi%TmYNh{$j6|@Y1TBLs!74AT0?$ufg{spnQLOH_-IqC zQ)#Z5<~Rj4_|m_rCFxx9lpeq3)12@_LJz=P(AYiWl0@?y?H%(`${l%#yS>)2nPf{dko!iK zqgRd%GoK8(u!f4KQn5uRCPDb|@1tT{L}mjSH;Tq%*ThaF{-)UV%VGgzPxz-=@aEX` zG+UhDA46Lg6=5R&J#*xI$|?rv<|KeT{Q?-HpwOgB9n>t4&@ zl9lAjCyrT1da~KQN5`%UhyNFh?dD7SOR0>KBduM48^PTpCLxCK!S&_=Vbod6+S^_*cY>N!ApIl&9 zrU^Hk6j~EBj^M3Sy_$=cdQcPzAL-6ISg?#l|s=;$`5}fmsYkV-2e~ zsqr5BMljkp)UOXRN2rBO+!1aMKf=h*K1KYg=aZX>cm zNjNg9F}bx@ae4l+-r_<`$T?qLTneaC6tk)!s+vkG3tj$0mtBdb>LcLVVZRSRUQ~k30!`Xs~P-EJirn42X4 zfV`8!|2CnC$6RHG{yd=xJcMdY5UO!Dafl_KbwVRvanO390YEWQS-!XUpfi=2nswCqA+rdoTs z&wF(_m_IY@^ekrcoqm1uo)7qe${0l}-I!8w`AS78qY7gZ%Z$4)T#c0Z)F9fWBgaXu zQjn7Pq|LahM3}i+WjQArCe|ocIW>LdoBgB?S`{sCW(B6%kG)+kZOZ!87~^?W8S)8{Q~8r{JJi(tnDK)A-G4&33HE} zm61eQ=c!elRx6wA8dBGhDOjiq=}U*b%~Eob7+imH;b*Pu;H1y`G!5TI!Fy zQ4)wM8UH^$^B86c|E6tMGKt8Fmt+>=g)gLIT3D?G6Yas-$9NrHDm{iGw|V5*iWMpc z1|5zfk4ur;nqPACg2tUrhnGr+qsUbP&w8A6c%>p>QE4s|xk~U!P5ScuWr^7t2nUHrBH%&q6BptgGWkZzif)~2ixt-p#i z{L^rF`{-5`CS(w4{4bu!3@D5x$>`usSe=GJJFFQtowRGN*)jT^`WPt?0l9O|(G0f9 zjp9dO%@nIX@u(e-2)e3RxKtvnl2)<8WG@>#GWZmc-VsglPcZ#hX@Rd5jD6d3Wm?>O zMXof?d$Ti7f32z6%Q(+4HE*>L=y$HleYbn3rICBI2^JL>& zh5fOgQmdyTxSXrMYnm<#LXg-|X#4esAn|IoHE{Td4X0wL;W$I7=l6Eu#ANnM<#j6^Mao4|DwgTus<}jM`luafp9}6f!Rc;C|K1%CnpDQz z7-=Ub?v4}UNlhAjo)s8H6Ry?@jCk_s3{N%(gAP}vx4Xe;Gy6M!ra0PsafwudF(HOq z%qc6d!>%|HT!WAN&FPJC{NN-~xbaeI|M~e=do(#XQxr6lj^U2_9hy}?4Xp=78@fs& zscWnp@$q0nv~W|jo%|*}Z+Jw072P*9G%tQ!l$XSm=-PbyYWv-M_v30;(VJqfvF5@U zQTSMMtR&WaPK>i}6U`qh3BGFUlvX(Pn+0)TK8Qht-skI1>)YkqT;J4Yu5TO8%j?^H zDhS%te7yOC@#gDL=rvy_}jKg_9jQ4y!h_8crd?qODlkQeY%Irt=K#j}m7DWBUAmr6C zWw^xx5l~#FdzsMY6}J{>43q|-BRfC#ut$!-QbyX)ajYZ*AZ6we1785gs;c2-ud>pzQPbek;6y3LVWtI`k!x`48zo z8pea*bol&FCF*b)cao!(`TT$TGsN^$Bd_@}>B&on`y(;TabXVCGSX(tF(jYJax3Ky zR@&6B@ntY0aPA-`O53u4ic+x)j-g7R3C77CthAY5*}|%{_CLl8l>fIB5Z(BFz%WU{ z_6~E**rHHZ{6D*5g-g&5aLoor^#I{=IgY|7(&4ln1g#p z@8E$%s>BV={gwsBC}bKTNE?EMXRD&HLf2qev4ud@Fm+qQ6>r{BiB7ouDb0$!5v>2D zQ=kHJZ)M0;Wfv|r88*T)o`vrWQ3($*K2_>7@3MmjRm6$ohZFKyhl$K-FykXuzb^uJSP^VQ@|n!>;6Y0}L>de1I$AhA zDY>xUUT=oYt69SlU^twu1yMhHTs>sz!`9%YPr$EyB;U=?fs1lg{6zocjZbd0Ov2`5~f7z(703vBT`CwhsRDEg9cPJ_*+B(ma0DUT6SBc%$QZ50OzLYYkUK9*d~ z(#1G#cydiR-w+J{u46-Mn66X{0P3qTKpOoF#@&9xVX+JDQgK%LiJ6>$>ozw+4-sXUts+Ry)YgY$^`P%8V#v)isT~os=MV%6> z>h8y_D>&8a3i|1BhuanAOoQXcEA4sX<7!%DxS%(l9!K(4$iM~m5R^2bRe zlRx^(5n!4KFk36;I)gub2k5EK;7K;R_LCm2q=QR(%3ybXPGs?am_LfEZCWmr-u1I1 zURI@wGhb%?u~xF50>_=cIZrePT^^2KlaKTi#WO-ttT#**{i{6`#i0E%r&t{sS+3=s zQ>pCmme7j`AY&?3FVvD$sz7_>(ns|~$YnS6I(8>9F;rx{_w9TW69!E~Q{&(l%8jY%hu{x>n(Stg20@?JIi=D* zP8Y85KAsDii9X6Q7Wax?G9oSZJJgkV14D-;Z_M~mtziH5G`XrO8=wulK0tt(K!j1lo32xvfYe4rgUG>@q|_d}%rXyF`dv`Rci-ughT=Qxl0K z$Kl-LHQ4Q@!S==r{q{EL6p&9G$~DRWXXT|5a@WxV3) z8Hcbwo&8;o2aQ764!s72<#cjyct|8)6^vGs?T}{RNkZ6~nk~)kocZ0s=*9bDyPRE9 zcbu~KGyNvqn(0?ZoU)%SWq&muc{mKr?$af~FkpemfQP*VS@5%F*Su_wdSpz1xh>Fd zm?1Q)|M$)JCzrv8ee?E`=35N0p+@+3Hg6sDd?{8?2ZNt~OAOe*;&j}U0cP@`0b%UwRsf!^0a|G|fm#UgE! zlLOmg-7DGaod9+5>{GS>c-f9vLu;|$>^R!6rYkmTN6X~qfrDceTW?_d1lg}8Vl7T( zFJ=v>>bgo=w9kPJWQ`Czo5p~)VRgAyg5bAW`Cv)`=QA{PRVI$vmPpkUljJw;e00S| z6m4wFONmi`PaMoKKxkMbyHgDfiKnh)wtn-C>oUhhQ`5Uiew#TM!`ac5X_S)0C12FN zm3YV|8-Ltv_qaG)gIaD~)4@yJw(NT;RPbDf;|ttfjm8XLARf%sxs{LQvX6Thd}n84 z`rgD-SC78a@82;HOwHRaXF!uPow}y{73JwvgwJBYZpeF*hi)nZ84elWDamkd>&PM3 zXxd=dP`eyCj7!c?C5ivBfPGW&z&r$!W$WL5OO2v`tWso5UWLsqWFf11N({U2rA;LnZEC?&;UEoqYgeMMsxkYpo+J(~4>VbC{0 zMxseDG76LOmF{fSH9P1Ft{W_G(|?BMvDbJv?(+_tP_~d@r^?M+Eqt4^YkemBV2Vta zuq*iBs5)XRE)K&W3&!kVXA%z?KV0_0)*%IT#H zMx*BwjUJZ?4v>SB3Fo)lo?K*)1ru+Smh|I>)C~~m?b%<-Hr;&H<}UWyi?wGG2fv`3 zm6?OGcLTF`#o4=(>|LquB7fc%Tf3T3hVn8wfA3`y>K};}zL^-=ZRKOOW(*;B0yfLJ#r(DEa+|sVA(z!}ByrWxOaeF$fhoNFo4Sv|>Hy1TQJjFOtguf6LiC6w6AXoD7#3K=bS z6>ZsujG>JQkqDl-hAPmHSy7t4I!}}?oYapfsV;)%UX*GOr3sXAq7)3LM7BXEMl~iz zgsc&xOHGV~mT1KuCr0)90X>%6)zc{_Mjx^z54rgX`z$1Z z>yEyCzGDbeEJBxPSTjO4tyH0bF&f*H2aC4sPqU_1``K>k&n~AwlMJ`epH0@Edq>yn zivF}K1Qu~@odH)xO4{@rQ$Ysl>?sWLI2b1RQmlP@;^3DO$?eSjAWr@caoVnzE4L#~ z{u$!rpCL}$5vLbpYyaZKi5!6E5vSGh!sjywjb&wz#{$@1Vo*%dtm{3-9kGhXBMnLd z3t>`BvBQ4*U=<^bv04CfDkFn7xAT%ayUOB|6;I57uMh|gJvjR=_}0T5AQ$li8$I|Y z4T-vsOPi;W(w+QAto^mb!T(4k z|Cb39(B$v_4|DGVS7nv;kAqx96Cb=ym|9>|P*%|71f_K}spr@^ifNOLR!(-YrbbFo z8ZE&C${9RGO*3OzGfvrL*_7Q((d?ioU>Cvrr765*&+*uZT8WtP|9;ngp2GnTRPTS@ zm!F@HJeTwAz1LcM?X}ikd+oJBrqlef{A-ZOdydw*WMbcg zXKBBHACU55>$C@v|DihPSKQTt1bhm6Yg3CInD>{=TQKes|78wrVmuE%eSf@30te$} zY4-D%hv@CMOeFXn&?0sYBfbaDQ%bprk%r0Dw*9Gpw=t~ zDdi~BOX4%of)$@(^rZL!`DGX*0lLun%o-p|Y3dO&y7Z^82H0`{$f(I>4JJnyRFKh; zzpQe^&Ia6pw?CJNL7F}~;BwcreWFZ|HL;Hure2MWGQxzQ5*y&VJCJe3egc$7 z!W9NS9-sBK4D3ocTJ2_jjSt8@u@w_(M)X-PmjN4a2~gZffA|czpvXpWa8KmmhNpr( zn%wsC#$Pt60S_yRC4hGVZP;YeA~odlMkFkHT2mbVi`4l4T?~j&aJWurVV+Zj@lQ7A zxL0Q@;a%H_h5N@8-jT_f^2v#>h1m)(=~143JdOuq<^THzuj`i4o` zDJTA3>`!Wl$%(_?t~p)tH%=>>gI`;>rLRHL*0NHW*ekw`*&v(etP){)UL?Hl@iAwdK}41QXy1d|e1b(QKS`ic!{ zTm`vl%auuAJR<3OvSB`cORFw+Bn{^#7H;N2Uz0bRwF%4$Di`HC;vIt-%}@q0w!sm_ zEP;~wazzQXhY31n3Et4DvVyGy#t zpwN+AL24LL%W#@PnFYbcx}aaAVqnXLET;*x&AA(~DM@;UE3H`|Fh=_bn)__nVrQBt z3-}D0cv(XLWc3~N#RxFGR-}P9hvhe1mOB=V1$Z+H59Ew;{cxxDOu4pvV$$#~yTJCt z+*PYMx*(WFuvJji4D$s(i&(vwv!DPZxf)x(O|b4%m8kyC+)TLqa&4|3Qnf!@6|>em zTh^*-vuanhS`|Ky3Nt-RgY+I?skUbG;tu0?N>PK zD5s|dCe8Il_|^{|Ff8RyI*?Za@?HWDolMUF`_;H6N2xXPxYc*$17)yd0GPdz1}pn> zOfBs0_03(2%*mzzYpTR|V6|Z@Qc=+eXpa%gY z_%5?>Pi_?WFc(P=2i(32;FQGP!Ant7?g;1)2sEg@0b|uK<8bj`3i68pGna~yma&?9 z)GVvaRB8nkb)XgY=py`++i);RuaOdJ6Nx!r33RIEz3%2L8TTy`xo^(-56_3&Fyks2 zuiU7f(ujKOniC_FZHg^`3B(VQUjst2Wy6?(F|*9d|Lkhwjx+7e?e-JvF#N-GE%O)_ z&=1&a5i_$7RnGpx8ot(W4$WXaZw*AMvLn9!$)1hCDRU3Y6E(12fx4tV*gmM(ozFDH|o4eHJ zi=BiNLQp|(UV%-WU@!`X%E=+xyhMCV_$e9-A4I3vid6_VJHU`C%pwr|6y(~i-ebCU zG2)HjDYJA8=EpPZKZnt%roLR7t2Oj4m@DAOaideDp@1q}VBb(x&&_TqK`{TC0{EL(+3t970vF-?cY4G9EaiYT7sK8}cm4Uo2PUdLaFUT0{{!HIEuE zGn54+SRr4D*TUMUAs-?RJ2#PWD9i8x|0!HO%48a*7DSN&Qf2g`FX8w*LPF!CUy^>Z zbpwlLD5)GgZfpjulvxRZk!E?2{5SB>9iw!txCUvBNT3V&EnO}7a<%FRb_-!*hE-)*Xfv~wLv1a<=WqqF$H>jW&L2|J z$U&E}T7Ji7s&Gy7s`D$ojtuX#2ejqA)AJisbB<`s)k0L^W(a0aRuj@mOdqykM0(Su za9!gB!Hl&tF0!Z8&;i|i%%3OnY_%;QWIBSawYi_8IMqImuKM1dvWY8ibm8>f3>z<^iA@0m z*@SK205Q$t_6k*U!N9%K_X=zthdOb*3u4(Il~-O1c#vNfPg1{q%h&eAZT1v|5vWmz15F(W zy3E+C%{zk9PWO7NxvL$XnP@I{irHKYte6>PeyqZwM6I#ptL6rbRq_C!YmL(2_b=fA zZ2$dou)Sx%zo#QEFYfCz#k#H7a!naWy=O>rZ8?91@sR8r8*=-F%umhp`#jtr*!KB- zVlZLg+t`0F>bY`8Ul2K!gD4r#9BB=FhVmZDk(O@06rT6og_-*6@_}re2bEVR<>PZa z@ph-W^<5dk8r2z|cGtqLw<*ugdi^mPX?o5PXG$Pf$FxF{s5s&YDVkCGJG0xf(!>C?B8@rvm zuNyFzlbIUqC*F%9%6a#p3aQ#XS^f_Jnl87q8*G=;Y?!= z9_Sz5u^q(2_}oF6Vj-p|a**&tzh1>=L(ql#e*({54U~MwB#By3#AWxy9j5!qzzDG2-+xh7iZF zQ!&4d;{zGcnR3{f0)O9L`w1*Ve2>hBhgpc7Zx7$f35?=l2!A>$B{~I%Mprenm?EsP ziEFtisU-Mf;bgMSB7z3tO^|3g_zU}IoE zz*I#nyXYw7B;_UCq2_EZW5Aa)aXOmkL%_*davtRnBYI}y*xH?tF>2ZY?~h@gg08Fn@9hdWa4s-z%t2R zi|cB!8+@;@i_klyjaA5zu}_=JOc2)4AMF{km?eny=#p8ddvz8CSD zd{QIViCmRq^cUJ?0aCI7S7%A@T4%|`TI@p^R||)qwFpCPhv36nW5PWgl3wkFwd_Hu z4AuqeVT~ZHm(~BoZn97s=H6!EpIP{IPB(kg$55Brd`WLbH2s7S21qHcH+gz5Zg#>b z@rd2s+W`9A+X(iyIEQi>{dpib+w+)&vro*w6)@ zvdxTd0Xa2SKKRA&AoM~qBv&M7slKwnBmz&2r=Ii7Le{U0#_8imdy*C-iOQF-YF?Lq zb!Hr%z0!BSs8VRUlawzr_i}94k<`oTM5U!H6P0#O_Qi~^y5=C|m;7Fe-y!MvX%TKq z>7z}cj~1TUAK#I9Y^73v3GBLLnuw|N(WX=V*=QN+;uzrM4eo19Nj3The5YET=hS)y zT*XJQpRn?u&uG{@9r8^iR59OTmK=?h$0mPY#8{6=%Er4eSszewjUZMwrUbd2)4t=% zr21%z`Y0!9ikQ6)4>EINLWm$b)DXuXWuLY}gFtZC*f9yI#R(kckKugZM%%1|6yWu&I55jwt)wRmihRCzo$8u9 zxirlS>nZ%-cZ4YiW__miR*zwDl+oMGW04MihW$5tpX5TiSs#YIl!ufwSP!^&5w3_o z#kP}qv!jSh)cYv5#)jA2*&UVm`*Q#XhztARBDFdxptVsIlhJubg7Y_ObCXyfJbREi zYL4LWbbESKiK7Z`i|X97*wgn~>!&~{y>u0b4s&kkrGTJbD?hL4BiJg50HQxJIs0i9 zfVu*pap>mDRjTJ~q_x$KRqcR(9>%}sInW6b($g(}RLQui1UOD||4qe7_T-}70$gDb z=VDD~@cP^=Oe-Yp+DL@sigc1z13U5l5PdhcBEsV8?2i%qK%z+c%tt|rL!l5nDZ2aC z1pj?Vms(Xfs$@i!F|uS<)lR85&1=kK_!jVB%M`?H!S1FIb~|e0?4BXDuAx2I4)S+I z`Oep0~3ytoZ1GQ32%4j)Ph^B-A|jWx-h7B#ONjccQ`ze2n{Jzdb_B4cC5ti zV3V2TeNpac%Vb~x@)%J1?U#cVu!}BGv&c!!Ra@%S#L*-Sg>999U#@sjO-;w@<}!B{ zY95c8&1LRO{|EI_B4uGMoJ)I)q}vX!jyAd+0ZUq;Y>bdY8epST;ruoZ zb46u~SXO^pV3Yc+iEY3d!5r2n12s_0WZx1;4Q!|0h#t8O2E(3N6GoRfHew}pBcd#v zT@b=siv*EaNj2}Vl4{;zCDpvcN~(F6z&q`OjdtbhcWNUx+Og@J(OKcUXb>P{mZJs> zLT!y*a=tl$i3l0l*O}Z3>EL^VMp)B`?FrbrB4~j`4tF;wNW^83hESIdMm$brc>6f2 z0?RvrwR=j~bkrASyf`LsJj{8WnvaLUNz}G5t!OutSTJ$P!cZdHp?$k;r*g?g=EvE{ z>{sRggTzQ=fDuN&6vSc!&nJsDcaItba1qy7v;Ek&qJodOdpQ<0n5?vKV94^S zZK^XBK4FImF5wf(WCx?rK>*j#TS2a{+#Vo0D6v|GhwlNQmwGTNx9w{3(N;iv)aLI~hPZ3X zY^caMga=XWkTER+ER58*L+dTytvI~0S!K1jqy93_m%5j>^87$Cm!>+!zkFyj_^cfd?;IAuW0Izx@wKro}e<4 z)qgR8Wob{@cbN2&7uq&G*la3?UphygP2v=c+m?myRxwA2S}F~*bdF^kMU*a?n#^8i z|5hpg@=&@3kQ_n~Rarx5pDdGSbMl4$tH(3@jnhDmKh=NOW$Nq1AFLf!%7;S+i06l3 zfCi~Z1x-`0FOuiymD3d!E|7}NP%nyWiR-`s@XCkVDXPd+M$B#8nox*aRE(*G=QM6g zDehz~A24wO$%rc}Y?0&Ce`g@ps`KB2A;8Xb)C@G- zmx9cG!H#CUmhiK+9VLjXwJK4x4paux5=ssVwOXfEpp7M@9_;Sk zShKT;iEozRTfay(AupOz``zU|6f7-q;FixS(Y@qkj#$|9QGaS43ibNMw>G#FPafI1!#=%ZN^OD0pq)Eya_Y$ZeVGAr#ucO z526x955>DiyqVccMuJ6gg+g6nYGPSbUm@RR3LFTSpZZNg8TPx-Q-nOg{F zJaGJ)@ozU_{9*hS6E(~)@_EJhm203s)bN89trg0lAM|37Gl?5~fymw>p^H4#aywpG zsZWo|2~-^2qM&u%}M`02kqmBQI6+6iKcMp;HS|W5owz9P4imzJ>?|_B>uPJd|hXKNaaHzolknE_`yVkyCpCfTIywcFervN6BVd{wQ!yz>;Zq#GfLDHgDsh^faD%Wz& zz@`((Yz>!?!!x$Y$3yt^5`t#C@ac$18i@_%#^>&l>OA1PK$!WH6$G5ZxyeQzjB4(te5v{9|r|!0{a}QrVj66 z>)2B^>kRUTyMOLmk$h#j-CGrbid`gCsVXUxX<^aQN@bO(TJ$p{?M{AI;=r6A9X$oK zs4?c7+bw0pfuvKgFkfv2jbS3Gm!Myj>43~y!q*rg*?1|-2EDED{2c06(=CeehRLQ{ zJr^-SX>SNxOhV}@Cvy^nN&J&)EEyh{8Ag3GIqV)M*sSDNv<3t*>^&e|h!o``@)Kxt zo}+DwT4{9pe+TxJmFOD%r#Mtsa}`pvgTSIr-I1GU_ppy49~l*S8U4d#uhE`aUt&|r z>;{e)Oi=3rvnZ@`<(^F^&ez<7qJFeWk!YnT4MB;Z;i_5PG*=NGebJ&hL25elw*D!I z)UWg+%>beWlvIhR93i>Py^-?)bkCP+72WB{c>=YVbf4T-9i)Mj1DIJ{Qdz=EP}u^x z;-xieB)-Mfc=uxirOxtTXAI=UM3^0J!`MxhNoenjh8UU%o~Y8dWTNIiiisM4;1I$7 zLjUhU6rXu4_RjhMw*Vq*g$vbjOPxB!8d6exq&feQ z+Btq|XI#b}R@B4t43cQnu(ZNQYzk9I6;#v!=yirs1yLxmU2I<-)*4&nTE*ZEU2e_& zd8_bXESER+oZeo7TS%Ipv$C+@A4>FM#Qe0C1>fAjVmsxp86UN(ZT~tgToH;Gx^>bq z%8gB-NjXemtAwbv5lsb4QMgj%*m-sdd^@9N(`#i3SXG9cm4evBY;z+R}G4=`T0^JZS`izVT z)jtUI(dOI-P2tG+RGT*zH}(`Rso789JidC)WOx=LPDZw7+xBpr8tm2P48W(vY!b&H zg%ihMm0W3L%%ZOu?n@eH@%9uinU_k67Hoo$fI2pnS{YiCMk5RqoAFS3fDo_wn+XA@ zvmTZ^u$dN09I)%yCuEj9-?z9Uk1NNPQpB`Bv^k8Qq{z(Y7a3LBJh9jDg7AWb5b7q8 zrN2-I5h84HWX^b&CGe(LG=1hWhVV0xfO{@5x=_kyL?JcUkaAvH{J%_<) zeaP8$c;h>Cid%xz&vu;O3)iCh#pzC3=ldAHQkxEcO|cJxeVZT7dM}AC7-M=zk!6ZB(>V=7 zi^NvP@Q6qR0{I|;wT*#76n!$@H%uZzY8YC6vA|Pf3{+Pxf1Zt7S%cqYbi=Jt`3|Nh zcj1rezdwPAN}PLOk_n zotnSYkjo1WF9Lp?zX%I^%qvEp*bC63is!A-Xw6@&pkm8gtIQ`Wu85bWc45(E6oR8OJ?K)ny4|X-rNp^EU9t^AD(L;sN8^%MUTo zh(AY);Dg_Z4@X0tT&?ACMIYEtoQ2aCg9~i2z>2kNm}_1=qvo-}_L6QDT>Ch}#^I@m zihV@}O*C*c3Z|=tg6tN>{p&cmzWk?r_xV9(s^+5+V~l)nc345hBE0*VD+$_ypUG6% zpSCKrU&nIwI6RA!@-SOgEcWX@AV$IA7?J(2t9+JVu`qc?h?ZPeCuQMER+)k;Pk=U$ zzeVR@lP)GaI6%2xn{&Fi{A!*T-c=np#9y7z@pHD~SB`&rGSi_`k;nROZGJrOkdruN zyQ!b~`}|{U4?{ayuB+wfnSlO2t<8N5bxE8KMhMkZI!6kIf|B40Ub13?yhm<1)WaEz z&iYI|sOIwIxiD#xTsPZm53#ml){52>@D@m%#x(B1(}10w%K4pE_;-BaEO{^qnV^%B zoSr{~J2OsWR?PW_=HlVmz8VBz!a&S@6ugl#w|S}t{zEEKvN2&HzYFXbEdnFhS#SV* z3(djS0vo<3?a9^(It4q#-LMbP95w>-FNYOT_RYluBgsrt8PjZY=esBB`68x^K4s+m zcflaNO4%wPSNd9kLMvF_Blv3xK;xi`6HEg1#SB@j3zX!Se8A$}{sWV-c=rnt>?r4S z4@naG`pWSQ4v#_5BGF}?#**bqq!4!mmHPfB=wk|wXZl!@r!_UXhCam_OLNa|4Z=*DpTkCHu%Ko=Hj`hb28Gtkz_5F&Vf`(z_ih_z5T-F)OkhZ4P%Th=i zh}14TPr-F; z>Na)@;bvosf#F&q=xCITOSzmN*VSr};XBps$TTSL&B58`Ku`m~oU$m8%<*cHj!h75 z96+r-@jWI4B15pgcS4(UV;n$$Jdoc_j>A^@FT;=_hpKN8c_;-NMpvt#*b_UIVcc+? zBN1mUH#j^)uHug?Sik$Av*aFJ77O`s4;y%~kPexMVHB&33!FIR%)+h#Iq3rElGeuW zKWygAc6rC76=}zgNoK=s40`g8>NwRh`+|TvJxNGQuYz-tC0m>GD-Bp8Qvd@^=k>>f z6?N%M*~U|<0eK$EVY^R+{lvfR<)<+%*yapB%?8p10OjH0lx~bgB^HU9*GC zI=BH2W9`(!gSQj)JTi@9^LOXD`WxjuW9oN+}9H^?Rz67Fzxey)@s@Z80J0+zZa2FFhI7kF3eEpH41Yn=eM4M zpvKR+@eN_(7;H!;hGX4#lMw~LaLmjx#ZEbCdKYpyOT{c(ybChppf#Fm{PyAiFn2Tq z<2ws5fH|P#MN#ytJoGk$^qRv7U|}Zt`@SZO`~*R;=cljgr0xPzd9T;ia;ZF$>@D zpR6%(TEQ2lcpJl!-hdzByNe`-`Enn1?##e?!|_H6I0Y3EBrHUbrC`^Rpi;=B0nDCi zZf3*=9e#)roXsAUPvGzsfmSE;*Y_0{D~ia@hL(+xPgqBw1#^!?3xP&wg-^_4mmakeoc_8xeA6MW61NnW|nGYhamFT z_(;cD=_fELM=$Yk4DO71yeneo_c3-pN7BKvYpwYu`?r#HseXMu%~W@b%=Rowune8y z^XAA8h05;!u`VDTg1f-l3PxpDJ}}S)KWq!anO#6-S7>s$f&ep0)#*_2h+^waIKKe+YfoJ8Egiz9>^FSBz#|Ev z#>p1C??4H~u=CB#@rV`>%DgLPHb>7CJd=UD-oVoDs!Z@oh^;UQpDb6n-Q{Z8cFNYH zn3dl}m?h%$3kWm#r@DjAE$q8-WMl|4os}r2fB!PY^iP~L8`vqoLA+onQ%0%L3zWnx z4kc~^!t9d703#)D3F2xqFcB5fc!lyOdn<;X!*kL}BEjp&hE#h}?f2&e8eh6OsBu%O zdD$SaAOx2G3q$&eBJ;hnl@WqUctQxcY`ixG96|j#0V+8@WY6pRs8Po5AYsZexUedz526 z1GlnzkV;9LPF}Tf0Zpf-%i@CBcm{e+;!+wGff4g&TsQ|nm2l|^s|Q$mVhOAsU~P#d z@WXhn9!z447UJSj!gu8%E8@xW?5eAZ-@AunszrX|0DnV1%)bIZ=ci*!15WLWQ!C|q zJYv*xyJ7VfeodA2*HOYvY_Rt1NcTIfpT6?-{_R_}@GPwn7yHp?MhsXEd?3WKyj^AIq^tIPsQ}%m7 z<1P57%{>GLxxbbhvI`o2iGSMMo$}`WhxRNlXiTy{outj(Aa7nOxvVTO{7VZOb80is z*5kAq+{+mlT>;1L;HvTTTpz)6DAB~-!cYp0G zSAF0sXdHBR;#t!lxWD#a{TxpfG-h7wkDfm9{w;&oJ~FzXaoJ~EVy2I}f6Es$k9<(j zSQs}vX1eYEEq$MV63c70u!6?P+1Ex-zwG`kt~HA;FKDbe`*g z{_t)Lcm-Qngk|8P;MHSZISrKe@Iv8gE5?=;dB&_-u7#$`fH{h1Y}s6PmgGcyOD+T6 z#s&F{n5}KCoWmm_M`A3Wodh0)8?`ew&_w|Rm8&g}Qz8*GXgXb*FhlmNUDV7pXKp6! zeHYnSdFohBq$Q>SG>!mDrUK;#1lDugZ&+z?ta_fE-M zSZM0IW(SJ0dSSs3!jc}GU4`M6t58i>o)czVoygosum|OL75rdaP>Og8Pt+O%ry+X= zd^PT36rC@h7+o8;sO(JRQ9#l(O|fqBScNBc1wRLF{J<*4=Sh4n{gR-Z3Ig1 zu|pCm&X8vgfp*xJk5d2vUOmBU@=8qcTAaUtGdk?< zZ{r^K zB~nQFEVvGpFV8A9HWVSt6G4vjiA!>nIWg;T6%Ns3Z|-SmcM9Kz8z z+j!*7RPrdLw&m&&=NnHV!`gMNv6;4s2|T%4z69p+B;d~@lOhX2Bq;vhs^hM7)8)(g zCkHJYHju9qkTL`UBB`^;ste>Y;6hw1$7+?4*N>l=?14&)1wYj%NKHf%fT@HdfnkGS zXi;IY$OVTx3CAK~Er7iT{}en|2nUk~%y?z9y@NTUzd!^%WF$L$1skE8qn1r4^IJ5% z3~!C993|_>6KpvjFG*X%g)`tYqAA@5UyTdSfWHP8MnDQ#7^NPuWgH$n#W^}&paV@Jf5Drx$lOx9)xFOlEj z*v6GZnk7qp%J%-5?Y)c`8?!xAdtv7ws#6m!w!_5i7S2Bn6k2?FNIsysu18Ijvj!`| zOi2KzYoCDQJpmV%gP+;V_hEcPHxP%q z1Ta=zgfP}#T)p6E1A(;V_!;xxQ|cVZ5T;SUK7y_` z<1<`bwL^+3=|pq!4fc^C&!#hj36JiU7xR;1X!m1;hRGF+D12Ws^sk+SkPC1DA)m#? z7rY$cQxkkVm9o=gY{$Jh3>JUaxvk? z2Q0-8S&;X2<~<6MBjw#P-r%29!eM3o7?~}gpQ~u|jIfXp8`-Z=9kjNF6D^FVIzDS}R%5%y_k3no z=pNH2;dx%DWsKShv(D9kBbhFiHf(DAe8I9Hjnv_4OwK`c14_zUD}V}u7)5+Tn5P3j z@_`d;0Rx0kA4A5-dxSFv;b-i4jswCHHEwt~*&$K|FjAQONEKWA3ypIw2*BAEgwF*A zb1>a0nWX2r9?_pq3fXcT9&Q@Z8C{V<1&Qpdv0=P*ua(5QnkJyb`V`7#KoKscB~BR? z66?LaxY%M&8%AP@QQ4bQ0+hh?0RD$t6g7%TI8b9Js1AL9rD|@lYVKET4sOTLErH8$ zChH?-qav#lIX7Q}n!-NhAOAo(-!u+Q@E>g;-pd4!RtF!{5vVcNCm3qHM=ypUHxG|S zF)InPzA)zzV%#~vX#9beEfJ6uXCj{w<}m94S`)+%N0=c|)mO-y(P*zl(nF+3Yg8u? zn0LsVVcsEchIxm)8RlIA@3arFGjv~b@csAp@-L&Ep8LX`;fI+JA4*eN+6OD14wOk8 zBw2Vx;u?ZIV*BJ-g#wtFK|jDNL@1cyNN}}eV6^!bz_0;V ztShontTm~TN(*}he}^@%_}$Wc){c%snFeu42~dEa)-i{c01JoCBxIYyw8QEC1e*!u zeA5PU0&%j?rGh5i*=(`ZoLpC%vn~cOV$6+4A-a_3yCV7ZVg+>hVVsk`Z$=bI=I@7C z{k zk_Hqfse-bESzTdv4UlHv8_%v$ZL`bCL<{he5|%%bxun+C7EC)Ll6@c{?{w7V8GpFG z72@OrcBp~+X=#%mjAyj}1_4?&{iCRJeRSamXc*9tR_wfdxjrLU6S^vSHn|)GXAk+l zhCThWc;r2tm-^#8@?`f`U$x+ohkNqZw)DzR<&mFBB4g%i)oNSZA@wPdfZlG4C~a{k z>_gVJhwuo-j7ShmyqtsVr)1j&W@X88oo~+4Orwc> zBdwvdw1(1b4eJlEGC&_vIRPb`eNDTanghOz=aUxUJBQ}Ly7n__aRwA(9oUC~*Vx%@ zZd8^`(1^d3THxOhI2!Dlqa2^%3?9T3%PX0fxhsuuiX_yzNZ$UK>>baqpv|&{Lt2O) zsTS~;0w}5)0&JYW(mcQRyPR?KJ5OORkbp#k1f-~6A|DJB^QriaX}d--(fE&|W6%j~YxNNe+V80L1@ zb)B@LKZi8YL-j~$h$)mg_r}@5y=$;Oj$;slC*RM0!{Nlqw?_YfG1J5OH-^tL03vwF z6~hNtZMkxDtwH!5*54PgD0aHzbZO;BhyU%GzDO@Ln1mD)2DY|mz0%VUS&mJ^fW*h}A@j9FdOKg;5=zoZKs_m#F7Y;K^}eRQ{T0b>mAiZ7=BJ+^%O z9bvAa8{b1Uxm|R3)Ji=2yCKQqGTaz1%>zt`Phd?~nKhlSYMQv#s_9x)(|uA?exRm1 zt(tz#nr>rFB?R165x>s(<2^`jc7c^9gN|c_zH!qZxG)3rVZp=I^hDv?tk@9fq8sI%AIM`N759y}W7?3Hsg-s#4fjqbaT#W>v$ z9*c9jbB@L9eKG6Z5Xp)jdtY}|Mn2x(s*dGRKz$L8FT!UZFq0W%t)m0w|0jI?P=7zd z*N^b^``PfZ{Ex$@yP6WTCyPKVp(LF|7A2cWm>Gh8_VADFuB{k<+wgyT7|FmiBWF_3 zBHt<@U%Wk{TfN=gP3VTy53UW0bOxs^z_ewF9q;@2H5_M z|DXS4`1%o5d&)-^>4HG~(gg8t6GXMW&gBoEb%XF;GXd=-kvp+TO;}KS8KGdYls-yJ<}$KNaL?kg(Rp88IY zk(ZV7a(Im0Jv@e==EVhl`$(MK{YadA9UuI4Jid;XuM>j5PQcd*@^y0X*U9)gS-wsU z{yG(3r^?p~JQI?1e4TzTA*~kBs_ibX&F)%@k+Lqvk>S_oUj#|tOc641w4xQ;7_w6j z|5SJFKpy!k(L+0+mQGrn@P+y;1WyOQqJErySIgKGXUV+@a7E-!l=wYw&QK=3VX~VN z9b8(I*0d%L%w!ZSXlh#733ox7``ZBnus#*bEp=ANf^qW0Eh_#d#`yFOQ&IcpIiQ8p z89zHHDfh2-tdIGh3Wm$N7x;z)zGUj|1nTYt3qE-I7^2f0)Kij$;eutfk4Ogh37*Er zGOmi`wl{hjS6eWJ+9_P>n@Rek)l`AhBaqIspi}v&rvEZDd^ai3NIV;ece5N1*B(H| z8@Hcf$WQ?!_!l&T@S1?I*aSi718xbnZ7lj+ZT4S3EA=NbbPW2Ii5x6rg7(##K<}hl zt@~ePa|v8u60F~sCf{nty7^ApzY^_(GaiKLfpV}f6#t~Nf6yZnsj~D0bPdla<5#YV zxS$>}-k%tZwtp#Gk2mdK^2d+0e_81ElLc>*-Y%!3wP@KGZZ+y(CG82Op9rRv{}cSc zpl#u|W5WM7e#vK0*0{@R^vChb0R7NCAUgXm-s-GW6Q(4B;+Z<|0mKpS?K(-(E0D?_+kHrXdlbe*3d~kqtRm61(a~{ z#-mnyJWdV;@Xo(Pngaj-B>v_23BkWD$B*z)dN7@3{k7k!!1$@Z%|u*{pZNdo_`zsu zi@#=A4T}i--xxnF@FrWt7@e#}f1JO5l6I&}KX48J zhbrU9NoUNc&Q8c88;+;!o= z|Fr&(Uv92{{M5GVr~KCD4&j`=g$}{W>~F^+heAp0UA(wXMr(7qlioFS7a$MIjnzGU zQu_}KLmvKAWKMBarsBnUcwuaOR2%|B2dd)dtKyxtxn7{>8v0zIco$VXU5bN#eH!|q zc!^nj|IO0+0bX1uyHB6#8hWP`)$rvSe2JE`k$;J8Bebf|QWhR%7XGIy{E8~9O;2?V z9cZ;1<(9%X=1Eaz%*bQW<1@%(mSS9ig?@=2GZxO;)wBYeZNrSGc!wasFk>F?qHzcP zITQD##<#a%QoamsmuAgj_FqY{c!@y3+&q2d&c8*K-~PfX7$`CN%Ff$n{p#YB=kC(o zI-bt{cXsM;!f$&DPjULnjN7`O*m?N!K6r}PSEiliZMyHmU*3nO1btMLJ#j_X@>)zJCU z`u44#x$k{;?=*ag*5^Fmbj2I*Hx9rPTHo~d%g6WL_5#~O>r0$lXWoCwLmHmY`fzte zhD(k>3lq)=?@OsZtFWE{V#Yz)BBsAShDZhWImzk zr!(e`z2MwC*5CHewu%9!fa$L~AX1!tO~ ziECcjSXlJNeXH;zo-S#4=7&d)|9%Lb(BRQu4Y>2_Z%4n3Cp1_)=it9)-`pJ==GfqQ z4_!xI{OH1Y9XeLtz2fTwf>Lagut-R60h#Rm@0-B$jX zq6iGK_VdT2?OFLTssT?{++?1QIAI;51l2OBUh*f!OpTpqBrE#}p@q@8F_mG{ru;V2 ze+8a8Yeh_8C2u-oe4LAS-OVqe$npr5E_%`WBHB?BVb`i0Zd;_I+5Qrk^R5iU(4XlKdNz(?g;FMKKK?M(t41pgD zPf>;Yqc99mj{QNZ{G?Tbg32$p%J*y4_#{;xE0xzLtMXT>^5a)s8C3pmtNfm|&Gcpa z<5l@VD4(jz4^ic_Rw0R40P!TN{K8h{vsC#jQ62-3@Q+aC^;K|}2Ff3>TllvsudDJy z^paIxe6JTY<>R8w%iuWn+&TimrPD6vvMAj_jKcQ}UVyrcUQ&r28e0 zN~V;>JlP{0p6j8wu$clj+)3k>0!lw7BZnJX%3bnDuYCDdJ}+>X%az$27R!sLt9bD| zD_~@N@d%=RRptH^~E!|kj zc|1`AUWWU$;W%8taKw^-;C}5>b}kT)k;7i#ZEfsLZ|nvY3M4B(R&l0iY&5Q>V0WJ^ zBmBnKhz2WF`h9qoX;k>eV>Q(pudT02KhDH>fqo2{gUZxS^)LKCDg3>p)Eu1Axm^mb z;egB;2KmR)Cy!A%9G_ZlH+hQAK>`&UYUPN1ADt_2alaJz&HEqpf|Ha8T9L?c&#m8^ z`zc-fBK49hd+8cNn^L(A!!zR>{lw>b`488*4#Gb419JWE_ zexb_6tKU8g^;?4aZEL9ClGSe?hx!e05|)Zkzok1oHkWtU+B zBAa$5GWnEuCHoWlcj4oz8!<(}545;+-SgxShEc(7S$^`mg1!7wFX`4-*Rc1Xn0)Kn zI~#Xi+)0oT)P92U65zDs7r}9Jk1CG4kR?5_-8Krxsbz>i_GGZWSpxZ8U_Y?PShEO) z6pCcj2Nk(BxCl$!z!HfqOLPt{aY4%xG`PueYR03cS#z8w|F-g5`0T+uJ!F1961wnP?<_!drv9O-&DKWj^^=44fMnVd;tba5zzwN!5d(Ehl`&S!mY(YG9bO zQU5)G`mbqKznD@75p;?A?+j7@QpZoJKPpiFo+B;cr{QMIRrNOwI}`q!ep3A}_p#_R zvsL{x`-}@!{eKTpzyGEd@axU?Uk+69$?iB!o+eTBiUd@&ZiP+$Ql+kwligce5G(Te zQ-IuO+$i~!sN_=?`xxxcKNu_7WSL2vBu`-vV>)6jjPZd_8ZTD5^*Dabg??a>h|zb3hOy z+SXp)fNU}~c25>YI^%nDus^+qnGLu9LGf~nCQ(AQs~V(ma7)u>Q_Q8`!`d`iG6zs3$Q1$9~i=X!AI*61n6xapnEr|O9tb=SUp{$!&( zbEF{bTBwV)UP+^H9fUj^S;IdOB3};wDwWsZOm<&3rb76dzqI-c;pGg z7uoNwiY#dKdc&2C&v8~O>olh0p;XjfD=C8YSG%efUNXyjLaHbDUKBCH{b6AcrYb*O zu`*$~&dn5vdD7M9l>zYb-U@9%zyY6wm@bX_F9!xYLc{P=DfFjt%_RZ;i~nm7|EW(T z!dR5L2h|f-&+M9jcBK9V$JdkN>y1A>OiUg^i;$J({t*wd4qGLgzkDjk{L+K45Yp#6 zj2|s7GD+)!j?v;E4S6?(cL}`9<6WxO13(c5L`pEGLg{bJjEnv%ZxJIvggs-Si&S*K zUna?6LQg3jRG*TE{fWd*DvY$buAFLi)IT-YavVNj3bpuRFf_uzmI z^zBNPG+vYms})l>5ubqD;CC>)qo9Jl1pNe=qZR$7C4ds3%idys)VAQGP=a-NHQ{^j z{Z{Y=;IbeMhL0tUPCpqwOh{V6mtYaFJ@^t7e9v7A`1-VlZyf2?OvIM-V@cyK*%;7F zKXKWBh^^^ob%|%J&4Q{W(FO%~s!ahE1)!9Eow@wyP>#ios$8;XGh`uqHpul#E{Ru0 z!9$sCjOHubuyHv*Emnhj9~rLTa04;G;I0=;)K!LI7=D+VIO`_Cx=Cfx5~Uv8pTfFw zc!rfCNsz9KELl3D@iS1C6^6egboGE`x0f?Ia z*ga!nB*R4#+e7!-cts9nr>7u~?Lfg`|GgN+Ila*gRM&?rZfrwxS59rDfUC@lcdCE1 zqV>21S`c~iH&y=HPuMAH%?;(`S zYS2n_PCVYGnr~70@O1NDWDX>ait-K!8xooiHvU3l^C625ir{7^6;!a#XjhKPko~}K z9!mj#PgU74o_kfoulXKNS$_e#~3X{PsD(ZWtC|m||W%<`pr3i}(zlTf%Gkq0ZR8)LHioLHNV!qUS8c(PlHW}bJMQ9>y*K`%>xPd`3k?XNS?gP23x!*PTlXi8w# z27n=v0SxF4V7vm%7Dr-@0E2+nuN*kPK!CwfN`3{*UPmIxpn%zjOdJXrbaViiJzy9# z3Sg8}%uLqH`qo4(KicEyZRkOSB-_K~ya55GF#rsS3}C>1{6>J;>`1H=90C9a9UTB> z7Z?VO0vM$YGSl_4_=1OaZ@Z)aQuH8>Xt9R_Q_z&a90~wKA_ExE9l#g@OpPP4L4ZLi z1QY`V0<+PPh(S)uR0|mtFdJn|5EyiH02qwi3N#8}Y)a19^s?cdB3@eXT4(&!VRA-S z!039}nyJ~D;S*dvJ5bJKDPXenviWZx7`3J-EvWrS|H1c8GB5NpY z657UQQUDt)g%BI@LY3X~{OdD5{zo^6{Eo8b6j?)IliW5oQv%pv@rKwelD^69bjfW~ z2l+1TI5Dlr8VZ}#wz0_$V1wl*VzWfBaUJ;Q?_Vp-8QF1iUXe8vHtB6+lNZ1S3uMG* znP9W^)UXdedv)2wj#Cthtf8>6wTX?A95g5?q0<#YD+HnU#`bXSE(f{s%;MMBw72tl>9g^-A43n5)0#6?lPEbfYT zFMVi3+L8`bJVMz}2tm8Fg^);Q3!yB9P>mpTUE-+)RTo7p>pjZeL@tpk;iP&O1o&@^o!B!a|32ur<`a`l4H z)HxA#V)tEr0e6iy9%SC;+z?p^OoN$K5zsz`_%3a8?B zajFW!Nue)Y6^6wDz3ltTH{Vdy_5F)FP$3C@L!njLE?PCgXbA-btr$V;!s-hrrYH8h ztOM1O&^HuX3))3%XE0hq0YQuFI(pgH7gzk|`-cWOJ5V_ZeM6zOs9m(`g3%HR2wL%i z))(*m`GsDw>0>)kMG1XFp|zx4w2WZ17V$yQ;=-F=_W9&DOU6y>dQS%`Dxq&Ew3fAt zR(&v9LIFW5S8)!9&*@z>=n*VZbd5=mpB zB@_^}Y=YL^5l0>WFg|>-1ND~BHxybm?V=@;#zIRdAZY1=R(R_0)i>RHPDf6sgubEB z+Sx8zB55qNgaU$AmZ0_2UmI$&OK!rdYe%iF772Yrp;gx|S|VvIw1fhJ)_6fHb#Xi?Dh`STSDJZXerIq7Fr@{EVP6If>ySmb#cPOw-ycV{!It! zEun8Hw898so0Bb@{Hi8fF9-z$tvo?%MeV99vKKuN*MWLV=o<>Hn0C?9gV7QS2wM4q zR#naB6~8E7+_wYume4m8T5;{7l@*MZP(aWs7PQ7L9X2NB!K=>g!1e4 z7%icIpj9epJ?nqs3&#u{v*QlaTSDJZXeG3Z)}&yxgaU%r0zqquzHsk*tCwBbfqF~m z8w#!DcF~#=jFwP9&{`yDP5w>w`ggkZ@4!fT3$ix`?rtW{+~Hd=5(Om68eThE2~|! zN`ui73J6+Ng4U$V&%S=@HU(Cbf&!qF}Uy0)o~~LF;hF-RHz~s+`|}dQ0dV3au&aqO~L#Euny*RVQdApF8>d z#-=r;9XQ_-`i4R)yIr)F1*0Vt5VQS`C8MC1W4ie=P4|tg3dHpHS!<3a#RH z(W(kYODG^{G3UHq_WW-zJoM?c7j5i7y(RPwg;r_1Xw?LxB@_^}n2}g7>%7*RSh->@ zTr?fEccMt>8w#xj?V`0a7%icIpv80A^|EvQb)Rg1Z14hzH(`i4Sl zS-WV}2csnv5VVp7t$!}4dU5?@le>1H-V*wTLTg34Xf*_*B@_^}QU$FyVo$D#TyR~F z4%Ayh-%x0I+eJ$xjphCn3J6;1f>ys9`}Z1r*2DceP;Uu+L!njGE?OdKEVP6If|gCt zDts*R{BLLMN$x&m41aw}if-&{CSIEwn_^SZE0a1g$B8 z*2RzC^ZoNFvpaBaWRcJ}6k19%wS|^Q8VfC%l+5b<$g!{`p2inURaTWUGbM5nLQzF{SQ+ws#tq_*k0UBMZWc0 z!hE=!VXIi{3_FUu*^?^PW`-f%_bj9f!r1`{kw9Smzqe+hoZyATFPv!y<+J|y2KP8Z#-8}GGyI67 z%U90u%X0LG=2TI{*4vo_Z-=|{>vlPfUX>HM%RU{KfNa^a$QOo zVc*dMaBYspPUnj2Pt_YK{96yWc+5waFYN9ee6e2vwn={MPN?wm_(jgdN=JCDo>)o1 z_!$7(gnK6WPyEaR?3g3`q%*wH9^MF2Z0-fXj$I0R>{>tc$U43m$~O_#n~L(=x7Goq ztpG^~;Y)EuAnyYaKiX68Qt5P8+Cd^Tw~tWS6NPj~yF0=^a*#v<+p&xAjS1C0Kn0Mt z+7l}*kd8XSPdUR++QUx*fUN}Sn_!T(5~Oc}KzeLzO~wA(JMF8-wr2w3m+m{>QwN#i z9VC;GX0IZX^zd=?-xoSIR!c8B(<%w^QFP=HK!e-}eB7%b``DTI8M@FB4oWqGiPvx2 znwelS*X_}j!d#VPuJslBozb5NbA1w;xrAcqM8L>Sj7)NL*@1itd{)#-6Zq=^96C*y z>lk2K=SXC~$!GoT(uX*(-I=)6B3L~*3;bmdZ}<`BGK9Ha@shc2kKSrAmtYU70cldr zfpa#xY_el4;DvC#Jx%!UxW!yx`9!3F*r=0y!d!I#j3dD5u5emh?+8B%&H{hw(vv@d zxo+8NfVsBehy&@dLn(R$vQiO@V_+_vQ~8A*T?KNfzDyKGJJ#JEj!pj-#g2lxgys1e zyO1X@S+sI+Af5z&A(I7|Ya5yC+hFF}M&|mqHFMq4=}2KArp8#0?F+iWO(US za}3HSN4q-{H!;N-yA2XUIvC^8WUfXcz`+Q}K655k2y@kg>2&npCtEXZCUe~qT_Ma> zLFU>(Y4E8q*QcSGtHUK%y)f6vHDs<^qPJPh_5Y0Ia&D~$b8Y`WlU&=$T;ByV*LE`3 zcdePr+3DE-k>pyxHFJ_MmtL@*ik<>%z3|w2@>nH>!Y1LdO`&wtiA{b;;Fc6q^{Vi)uOe@%1%DRH>)xyA1CXr<+iNzx} zM?Hixf;&%{CJ5!V=$PXd!MI`@knQ`?hO(^i0%j6yC(}|wq8D0mrm+Mghaf=};P26% zV$28@M}fsAm{MjV`v#h}&@nV(Y07hjSS!CKiFp=1ZW&X4@W?-Y3CV|*4 zFpkVds0vN<1@@1L$=?2!@gt3VOgl$xKH5B{G1Ji6p3z?qnned9fn-zuRWwW|5=QiK+TtcLAMe^wg=IU_mZO~J2hUM|;7wDdmCz*%Y zbuy;!W^H-@)Xo0HE!y&Rt~wlg-CPu+X_wKXAJWsc&OoQ~+wLQrEoYj5L`QmW$=X_e zWGM1uo~^qMqG6<%egui4KDYAY{}7XN3r~s9;^Z@#8C5|Vriw-lsk$fXH;4NmecLYM z*kmRqM@Cl#EEBAzYRj*+Z9bB?!&VHEndzmIhtX>t=D)6)R6L(Avu|~#wtQS_lU)wU z8Mb9#X5z*hihGCMpe^qPlVjJg&AwrYwV7SyrM=1P$XGXf19O}NC>|<7tFiDn57T1) z=T`Yy_sMA!W*KBJ)H6QMjZCZdN2ht$=}qN&#z&9G=_S3ZkS2T+&J)e?n4MpkXj6>+B`#x=B0$KA(@St zsEB#_(Q~ZDmx}~{$brht_aGcnD@wlG7WuJ_`;MJKGarueZIKwzWHe^<8;_q3F>|i~xdzR(#9+-+W(bi<5Viws>A$Lth_; zs@-Wq@CjZ}u7q1WKG@%vu8nvi*NwVY`$H?pV1 z6Sb|jFIrNE#u`;q(3B^(obQn6wvh9c$1*{B|e+nUW3OEc;j`E7AN zEE~F8HMCh8x=0#YW+U!ssLy#;L%(1{uS!F)17GI2b0Dv@C-&OE!QX@XJdz|E93gea z1q1)iZUR5isxx*eo(1?9abpZtb#^!FoP;{>8b3zroWeRMS#_?yAc!DSrOuc@o%dOF z-oZNe_B1JJLttG9tL$tEAmh zP+I5{d%4x_g>3hJt6lC;5hkd!Zn#}Q-jMa=hWrM2wyiuz;9(JC$-Rm{_zv*c2#-!G z*eqz4Ck0XA*ixnIF@2C_R6Kd87=n>LJ(CS? zR~0KZNR^6Tz1CubWUJ!ySn-Rf7?AH7PpUD&DvZTsfDaz#Q<0ZE5Zg^v=tX*KckGip z3F&yN!l-$87Dyk*jgc0|oS^1tEvVoiUWfDT{bD!se`y6$t`wI3=6S#`@)&#JfQB3WQ=%Y|0tXr##71?~7hc@QF z2B3+-=QEb%LD19~6_W6lC0scD(8y(LqAQG%Uz@_w{}P*5=Ni5z&A)j@^P~@i)}SQa zGbqWT&KRXX(ekx87Y-y!MM7lg9y~k8DzVElo5@<}?a`L&BD z7Cg!p6z-!ATe!a>2gI4@PyWdHg4*07vSkYxz`5Zk`rv%{2~T27fPZm*f~60Z9DzQ# zp6}1l2hU#<&~ z`GBS7iQ0QzJkPIxLg26tPbs`rolD_~UHc|wZtR3D98-}37i4wRSUmf?Lm`dC4bIot z(@loyGpNj%YSzUw956QDxPAa?h{4@-Ro8h^*NUsn0UvcX>*9&n-Em_)rE2=)e^Ao} zsA&~dq_HaUhbGt1!a$jY@0smCjT^K-fu)+q&iq5bzjHJG)ZbYF{rzAB04q40N}&k- zEqdHzUZEk=<^B95U9QhdHfWKe++8L&Ed;FYDNN!o##J?^n;-$SqP3XJQq@xG%J*KY zV3l=439Nf?{5h}gZb*#`+r;Rz|Fm_=!WHR(biz^v)wbL$vTmqnaPZoz?;^t;K;Q?| z{a##+!=C~aKtR(3rEn~R{LPaZidDf$Qg9p;sk=7@t}5A_qS?^v0>Hd{RR9>Yc$E|! z!Gi0IeV?4BErRn@JWwmf%-xDMg%8Tx!X#Qg@@<0rO_smV5(C1= zO|Xh37)itf#)@=>>*RUb+?QD%Z)~_~%kAfReVw)C)ukNUm_XnV1=!UmaDM2!(t=)c zEoMxZqUmlWgc6ZF|M3{>9qvl9;&ge5i~5lEFiwb-m$;ZO<8eA`f{uj4B{$$wu6Mx! z^`jDGk!rrlG2vR=4KZ4eVKKPI;~EdB6cZ3S_n2fY&c@$Uapmtey`;}sV<&{+vvYL! zZCP5}aQ=)e-^2Oy6x}l>Px=PdG^8tphw<*`fj;T+tDrtnOskG}Fd4a^g8a>N-%ZzG zDDD1Zivd1wj5)vu>|M$MUQUsGM#=Rksq)h=G>cy%TozkC$146}Tg6wLM@F0sxl}65 zP0j)p9JFvT4>5cP&#=DLi4s{Mw6H0^*!Ql(I^~y*G9G`Te*4BbkYA_VK(8cr^%yWu zNe|r}r^TTkdVt<>!$3@1yld!-3_1ft4=MsFJ_qKHBuwl-w*&v$(6ONS&j7MiYYOBO~c|6Bs<+LBBUhc=A4r%u+zDdBFIJTUJ zVU9;5k#q`Zj%HRhbihC(6BU7TeUCP4lYrR~xKaFB$%b8rv&f%1`4gNfHvS`Ed>+wK z@&}A#WWM)f2^($&dx}?2DR;WdaR!1ql)%gPHV0EH<1_R07GzkjrfcFR9QI;|O{tCk zLeJRs2%0gEnZaVc%zROl0?&P{X$K6xTo_cO0BXdnzkJ$!KPn_loC{kATB#?TPuUez zfKvwMdn#^Ao9Vz-;*Ev-f{DS3)+8(tgFM6xqb15HC?0~+T{VCzLHEpLg+><^PH|Ri`C=-xhrCUejn6E%s zpwv=wU4AAll;rw#n=GREV>Ax{avh#R93~NmNrtNwEGtaniTdkTa2#Awq+Vp{D^n9v zyG6%bJXg-9)aRav?GzOS%HfcD7>to%U!3!zPFD9sP59;6VaE1#C|hZZ=}A7sH@v!r zjs{`Fa&hpU%sFHHv2?-k!MKpr_C)>tOSD^7sM^)hZenVe=%`C@MrI5ui|BMt6dLRn z7P-OJy|-#Kf(>}04qkyqe`_}S|MB)N@KF_K|9CbR*g)b24Hz`Yu0{=tl4#UKle&u= z++dKP5u>1{RFSr*5fX?38c4XTVKue(t*!R;Qrl{4TWcwTc*&grDgji2Xt`BAAt(V< z2nhLqzt5a=_L2?6U*G)w7Ebx*>Re*qPeu zNTK_5!k(bR#%z)1>H#}473-M{c54SBu}Vj$LBC$3pg+Z~ z-nd9nj;SkcQV-}+!O)>m$aThh1N3jw0R4fm(6vi-%Ef(}fccfs@gV-c?G~Ya1?sB? zt!Pj?A1z^~Er*JJMXF;J5MOW!^@Ft|ferZLU3i3kQuQ--1Am*2KW1VK5$k{fsT)xq zqBxKK6E;GsZz!e5N_)1nt;{q&b+D#1q3qD+wA<5}jv z-y*^JuN(T+7xSS8`o^#==!5{@;rv}N;m%YrxT@et(|v~}(q@qFaOKNr+*~Unz&PS( zDg2+s8*Pk&rKO|Ih6;uExeD(kmm7Gme?jox(?q=EOuV<_S=MTsk3r4F#)(Et6{;n#v{XOZ;J`worE<3PjB2TnEsY6osn~4kO4ZUBX{p?7=|ZEWbJ)@( z)zTog^!cNTx=R#JgO?aM?R#FRYicBQmzpiTjc1{51rpjo)lzL5T6#urNkzMgPuw?x zGK!vlQML4QY3V-~8`S-TEpdH(I}+&MHOGZhrEF`W-qtw^tCyn%yJWZaAl?KCh3iklm5g&P`WXHU;d8lgtn(^FdK&(0BSIjGkC{@9bBRd922;?Yt zb(G82;zodDclCAADrrU1DlOH3GYN=q%vL*6-58sNYZ8!tS4~D&1*(X3doCNZF5w1MBekje$BasnzNz!iHYN!8C^lN3JPxTtNQLW_5k>9qyCzZ`fgP}8TFG@{S;N- zsp329@S~0T^Fr!7ReigsdS0>A?{?ajegwz}Zk)p4#_*U(=t@R5ey0`e&yp4-PXgqz zr>RBDX(GbpDx}F(l7fK7(Da>pK;tSd`=IoT8G%V^Ts$7d9(2;6o8ieiJnJ@3^-VK8 zzS}$=L@ypl6S2JG0=8Bp>43P!nZ)9s9`ccI!^SPHAW{n(DZH{3ionBl)G`P>>_nbc zDkBS6TeWptIZ}|~_-H>CW>Fk4%+>fltk%b=v@h+nFG1?#1(yl+kakLR_7y&9}Rl!ig zU^8~qYgbDrj*+!2-@$aknu`T|6Q9)s4Oi}haK#OlD8rr^mAkHmky~sm$8^s6Vs5wy zeR07x*qMvnC-8btGD0mEU{=`!SetZe_YoS#$|-@n%S_P5dIBVMeCqJh3pM3v5JBb zw4)yUUX9<&IJJfN4@9AHH(Y5kxD&K7D@`Y0+_?cxK!hSy2CN0X!|F-c%tX-LeE^L8 z#mb}5pN%qBXVrSVhbit^orogaNzX*8ifX$R0~zwZo_xjj`xa~&N#I@BFH^X3f;Q42 zNC6yuNEJ8?xeIWBQFg1x8;AA33z~-liOsqMlFmdD6WT0H`Fb3`iH;!Ti(u0hqX@b+ z44kY^+oCRcNscfkZ@p(!XOEb?SlnW@5A^9sDe+Vuan65OkI5^86^9N4Lkw7}r*bD) zLGK6!i=~pZEtr^e^j@gy!Xp)u}xo_ATP` zV&9-hs{|M$|)Pd^bzTTEPtwYvJ>xj$NZn4s zb<4ZTh`(ZK3nuJH7ba{KQdf~umC`E3#J9$^tRAu!z0$dwHMNOcOQB^chn~kEVBu<= zNedfyq7*g?Or#(>%N4_nFuKGf7$-Y&V9Fd?3!LtEhTvr4f({Ud7*rCD*2eJwY#f7Sj`k)&tHzvXaxI~n5DO8eVmTS{G)m$lBebh`krlJhSN z?23r5s~AZ;4L#W8)+-8UbA;kybr6Q4$#l>ne%Niib(~goRct(V2$tr0|Y*)jJJ1yr zp1@^?Ch->?%HN8d^U;LGR`t+@$i$wSe2fS-%GZ00!Bw|=fDx=zjXDG?&6dL0OhOB8 z1S@q{Pk_O73zk!NU@>$L)-?BFT~da%#R90o&#MQ3Ww{Y9%UZX0r)%L_1}k-Ych$8F zaC>*xts9(BP=+gs;$ zY)apnzJXcZb#?29xgB-s8`8I0j=8)$T$TnvsvgHa&W(0in%&+u*TQB7C3SnZ3D8e; zpxXrKE&^>M(2v~?jX*oy-fp*dg8)71b~FgkF1KTy0(uk}2+%GA=)YZ-dO$)TR06fS zEKP22t7~BsgO9qsn*``)9q1+jx{W|v3G^ekV<&-XZtr2Yw?Tj&bUTg-&;z7QC_U)* zb_vh}2GGx3mO4PH9!J^DjdNKV-QE`0!bS!eC0oee^*T^63GCfOpe+RYq1(|$pgY~( z{ci6u0lL@iI3z&Z-Ht8=bg$ccK!COzKtFX^Y5@sRRtYo#%yxTgT?-o+Oq6UP(0Uyx zm;|8f2(*?!x40dx1ls2Ie(Cle5}>=?jt&93%k4OzfbMpC+Xd(@1L$^iC?Hjjr$d5a>}ID3}DGbp(2ZKsUP`Ed<)?_U>?dI|S$_ZpR)0x{V?y?EOSU z5Q4PL0Qw0!6p-*`B7r7>*=}#AYhfLOgOV)-dQb-nCIM&{fp!w;Cby%OKq1&$-QGO{ z6o_mWpm@1U0o_c2r1WkwfNn#F0#fxjYMI<*Fx&0bTnlR%1e9zc(7ifPFbO~p5U56= zt!~E=0!5XLZtr#hy58;BB0$%XGNE)m1(HD589>|6p@4*aZvwUZ$0>q+_Ww9dAgn*Babb2F)EhfuknQMY$c^&QdaE#7VEt#um)B5!XL z!W2j4reJh$L2OJ*n>W{K4rxZl?Drv^n;n9mH4J{K3cqOL=Qc+_!(I0K=+AYA;1?GL zztIXmEAjJ~ih=`Qy7x6-*rkZR;oermly`W4253; z@hdRZ4}(nhyZXsRF!Lb%lEUDZsqjlAeubu{V%W%j*HpO$A^0VS!7p3kmqh%EOr^#^ zko~UIatlN7vxmXYsqjlCep5~T$GDFDum6fd@Jk7UpIhN)Cw|4I{$rTN{?~s~L-0!t zgCFAhQ9q{;zq?KS$Eb__um6fe@EaWlzkG#XD)F0P>c18QQS5*HcXtSWX<_gyQ231| zeltz|$C!xyum5I*;Fl2wze0sy8u2SJ^&dkV_P_p{8G>JC82pM9ei_8C)YN~BSlIvi zuOtM&>@fIERrqBRzj9OmF#uuz>%Y85G?bq22n2$lt5uq;tn<`c{1!b{y7#1MS_t`Q|TatM}%VX!P!SQZdV z`bJH?$cTFVt`~(dAy^iL!LnRoSx79O5-fFp69eS+yLJ@DgkU)}43_g1mPN#pK4?=% zGTvRk>quct2$sb?v6Mlk5S>aypA|%PrxqjF^}DhZ-h?1}cNj#efE1#|MD%$#Yx_TAUZP)qEthQqceyow?<6e$+&U- zuRF<`5JXGDAWBW75S>XxUll}k^~p$Z{jWaBn-D}x!yrm!q!2A3qOS>}x&xlE-TGgH zk~blUmWM%<`bZ&KN<>!(qPh}gw6^|NqU22oqVvNbN`0gdEhnO@1X115&-iQouSdz7 zU_>RHa~NEoH*uX$T;CF0bydosYW=TD$(|5gMQ!%*K8jWnz6vo!w^q>A6)JRM(LeLcj+Y?<5N`)@zA-dlPy1L$FkgWdKyW~&^x}sovqRT<4&?P-Y z_lTgY>sVLgU4uzmwi>xq;Y$vlt?~)#(`#pY5z006h{jGO--cwGv;WBkM&ab(n zaLUb#zbKq^^WrZGr`^2xi^7RFFaDx%>dlM4D4cxr;xB4JvfGOjaFxwY-lWdsbGAje zc?Rbc^;38Y8+j-XCrMWbBv18Q!3Xesg=g0C&aDWP@?;&gRn1C>h^QV=eP?v_jW}&L zF0Ohq4%^*`!*-K#*zV3`+=D(4e-m*n^#ix!`rrrdD#kVHmvm3ZHL3LrBAOcO%Oc)y ztiLbfqsIDsB0j@4*jT8!})I~kSNTEj@{Ap_N+}&E?&quuXB$=0=Ijj zzyLx=;?S^M$6B{#Q`5Jz4xHv#3vjq}eVY^q4jb|C3G#BipSm2M0tH^n-qLiuWb0AE z;~)sCb6dJ{Ek|9r0sQS*n+M^D7b$2T?vBdOu*%)(d_FKZc5SYAt&4Y{&+FVxRB$Kv z<{>U#gpSt(n!eh<#ckQ(cI?nGJ2(tit=F@{w48{T4YNl@kU6Xz*;u#WM6ICpq07-o z&KxgkEf9SrAF=VZY z?|~Z-$xUBN#8~gKgF=8TcYx={9or2MOxsFePiQ96}Z8-{_ z+yW`FLrU^9?20q!A)v(`a%b4xv0HJuux)KLPHHk+7~=xpkDq9gV!#NUB7$-d2sF6C zuRRlN?;Db`JCdbMN%=6>@nMjpbV51;B;|-pj*t?0Fb4mEG5HxO?%0jGq~OL>U0hwf zW)uYsNr9X?aGG?zk`zdhWx+v3gDVGgFym>M(0a#eTfqXzUL3IK69Fd)~l(NgaK*9{rj zAuXeLJ48$NK8rbIYewyoO6s~kakT8-bKt`M*BhFA&GBv{)iyptl z))+>YG!wwVaJnSd_JJWG|2MjXL#Ll~$wz(DB_4B_{XKZ@31%?plH#7aq*!#x1Y1)WT_U5YGpsJT!?w|ol>ZZ5a(6%Kl8^hKOJ;mCaGKt-e?XW=RY zf0jFOEx?`0o-BMtC~dYy$qM4X8jMpj5@IQHSRM4=XiSXd=H`8vMT;eM`UC-`zc{ zsOjhf7vk@M1pG7Cj(;9aqigM;eSE;KO^gDUJd&{`rr@jcD z4sZN5^LbNH^na%5_cvXRXSv_!A|&vA{Puql8zWSK76;@y9`hq1@bTeuU=%$0_B7SD zvKIH7XwSp}zAyfph3dBRRDLMUEA2j9J0fBYZ_@PmaF^e^uwj7B2`&G}y98V&ZsKq@ zEW=m5+HZc@)@@sfRL7HkxJD|3ax`w|{VAEN*QCoHT#vvFk@zQZh^yk5ZSIw> zilery7GlvwH0a zdTo32i-_5`;VXLJ&^+hIww0y8#+Q=___meVS2-)XZF5ECpuK1YWw02ji=Ia6`qbP~Q))LjUqIgl$@lBwG;4LR*X^uKi&0VI+Hmr7+m9 z?&t0)fA@T0$lob)o(yVew%JhgjX@;7fk$n+YUr+j zh8{B;%F`Q)6O1l08@jPYH6-`<`G#JLN9eb+Ra1!pO-(SGB7Mhr^{UDFPycPu_qPc_ zXg!BVZR0M4SeY~4 zZ0P6r2hlebkD%`w)l^16Q!8q8X&`-P>#Z@MNoCIWpOHRXLmI#5uWZdq0k`8))8)5e zT0jC97sj;UmDccg(wb9>d?};7&J1X~RH&D<25pZIT6^Rv?|1T4d+eU-B1{V{VQ-O9 zZGKEwb+L`jN$HS{pi>zo(J9i*D&KG}8WzbMpSCNdxok6$b z`Y$K?cYqX2)QjOV4BXAYdoO0-1{k20m&(`<(YP!Ntrqe|B;Gdai@D@?$!hef`3r_V z*mXi%e!Ef^m=YU{)#XK6+j4RS6IlDD=Dlx*0+spmMwqfueu>wV0 zd&>v|v3P;0zO5Vgu^7B2%2sWb0j1+FM&tNBMf-2Jq5Y@()c)zcwr^X)IW@F@rt%tf zbW)ASmxxP|K1MLyYcX*R^K9xO57R*14lq4^yHwR^SPjS7ME{u_7Q`bJDRcSM9X;cDJeM)@$=FLy_2 zh1Gf=h*8y^YjlK?uRkdKXHdS1DPNGZsk~qfSMBtIKQ6$I8L9AJb=1H=lebWn5dZQZ z{O33W@po$Da)7^FW-IvT`(k|WB}cec#{&-`rs0ecy8b;|r>Gbd%?P*+OI!3<5Ji_8 z6a{oXl0MIK6qdA~!sF9_y+#lM{c0E7FVuqfj4YMj-4T_K%a^jY*dAX6HDX(G zHyh$be9mR_Q}EF#VoJjtjZVn-#o;oiznqRtK$0@^*9WV@AA>M^q*)$ zuis!>@-|Ed+Q$izxxQl5|2}rk*}1+M&!K-@6~|-doQ4NfJdTPFqayCKiLxzT0PLpM zC}6qX&pI-5eLn-R<1uq>NWGHl-H+T{@3D@Nc$C`m0^{9yF@Ocqx1$N`?5py9w@2k? zZMQ8tAIRiqePUZWM6h}zIbphM;j!~Cvn~D;tRwK_iqb*t&mxK1ydSJ9+P1h`ICVUB z?f@d+@guO|Ic5K&@tC>scz%U%h^GS&Ku6DBXJijz!u2+JK4(;}ufVK-G-mDqu;rDG zGmwjl`t!PusND4bxavN~B4J;??#kS}s7@e!&ybklI5`y7R}KZLzFQx|<;(QSHCLwMT$;F)mTB>>A*-J+&6umiC8{&3>aU=!z~Ik0KSb1d*}0 z#RNCqYp>&0eqQ%Px%~lXfD5&P#7n3rplkqzi-3eU+<)A?nabZ6e|jM;(6zj`Tpu(G z8#$I5jIvsRQS{53dnxJ}wT08f;q9KfW7jg!g{755Jrc88&CeUOIHQf<_u7VUyv38X z-nR6YxX_KTX>)5Ip3u>(?zP_H@5+WdtGde)5pE2e3MK;P$y>o!Nnu`jN?kIAgAU8c z)J+H*+2$E_h@n=NM-n>N{WRHzi;14c?*#9b38U8MLHK>Lip4ZqT!Zx{rdQf4xF>%8 zP@ud)yWpFTfx%NMbPDEG+kv}9r1a-+brec{k@Y-&^Rl+jzAGR6FL5usJ7rwHw-vDtl{>?C#fgV;>Dfbv&>2wM zEbZr`K9EBAmygauM4OdpDUbL48PkOVKW^FGXLPqe%R3xlo)mC?1urkQEuIcuayZ)- z{{=v5K+bZ(8}XeGe+>j}0zp5eYSsxdBrC7GE|j1NSsP~GB4i*ugGosSDf#=szEhIt z-4;jz7NP~5yU4}sn%zUX?d`7wp&EebUrEiW5w+336&~9q4*^@t{~@*)gPivBptyo0 zC2o3+l9kV;Yn7~!pQJLcyPh(lWaTC4{Rvqg&MtN@%TKvJ-`ke&-IDL!Wk|}0<-mC2 zfxh#Xqb23~JntuYxHZ*~6UAi(|N3S5XCWBpw)UAaf2a$jdCTMBHtGPPNc$?QVeZ*< z4u#QKlrJuRVziaR+q$&__y;;>Z<*Zbc6K^F1Xw@)u)M+2eayt1@($ME3`BJNNVAF!2VNqVU@BAF%njxoNoV}&H237gRHyt;8>DoK(4n^D)15)Oaf`%rCNEy`Dnat=@e=pUtvlCF4jeS zHg+rno^I3Te8u@n@x&w?NTn(al_pe-(QmT`EH6;|{AwxqM|Us}XTA#9I}~VH z;p(=ReeKCQF#Ejb=s_2E>@l0Sg=rqH9zy=`1p+znrW3r;2BO6tBl@O!l#8Gdjs9)F z2HG)nPzO9K|G;_dzu-L<2#Gy?oyZSk4ci{)9DqFntJ^moRtMJFUmyj01F27uf=$vD zJ13#y=*6XjD~?`LI-ug{rDYDrM=g6>Zou7<{v8AoJfSPZ*fglAIC^ziDGOy|#Mm|> z-pAe%${~3s;K6LZBu^ab;@tP{z$U}qAB~F0qsiXlZ^kofgU2@y3_9vLyn|OF=lk+3 zd5*3;3$EUkC`{h10zRM$Z{-b(Q}5XNm8kZghXT3X{x9=F&j8*ssrcKX_*)$4-!uG2 zpz)3PQ4umxYWKan8&uFk2Ls4Xv)9Azo>aKdUuPQ(Qurkq!=b0|+=qWBm-jnm%GV>cy-Aqnk4jbZcR+IqhoP@w>Imy7#f(dArE(<@@1?%y@u5XcEo6jsHk>>fZYN{@tx}N-Ha^W%I%B3 zOx$IV!ct(UeK~V8X0o!=R0Xz)@}sFdWdzy5mwc2{L-NhJfLnRQVtY#NCl{+B4Z#@B zX}5+Kw+JOlCnnm|BJ8E)1dUktam z@8M!?B8dS0^9NUCj)Ci<8UDS<^zU?CfcBhK;LAety7FObMCm0S@9hxz3)vDI8k-;u zC1?YFjfVU?qN*D>AksM=-xpLp ziaSIfLSR=2=+4R9oqR<8FI?e^dhg_8$A>Ik?!JqR$fYAWdFI%iUV1aZF zMU}|;gQqXd93ymhSP_vvI{mxpHN>}y+kz}%Tl89AX8v8&G@xb_?5C_}{-vtdO zDIl2&CnmyE(_*9~iXC=Ddl9Wv=KQ6BycZn_!5nMvfGr9V;Rv!rr1QONwTFMDMA|zZ zQFi7_adg$~sU4@I5NJ5ULcjVScGy~)pmDlXf;kvDKA5EE&k`|-)y0HD z0!EcaH;*lXS%YN(Ek)@+Z4EZQK!0%9JY!s9N-z|zp5=>qY%R3JJ;RjJxm0P1E6+8Q z&djTNC>>~t$*hyE*U=~LVyC_nJ|eSc9ny6Oi=Y6yup%1so3`#%kj)6%%rD}B>zlLi zTf?rkiqeIOOVXy#!aMYgTD@?knAH9xE(#Bse9ifHJx6Edz7pzR_>uSzRxA|)2_7QI z%-dF%L~8!|v^e>W2Jq5&X&%?06OZB=N>n)p#N}X1 zdN=if9{q3z_Do8UhDGIt6mNu-LQYh!Z6upRdk1WfcOilK1yNiU9%1f+7_5~#AbS`x zK>vU?Igb1!E(Ap{D`*1B#gs*7E;d(Om9X<(N9s9Ay^ItD4E~u)Sbe{BRUWzKQ9J&1 zls=9(pCWhAoGSJH$kjIA9GK@FKf-(Gqi5mY99z}h$kE?BZB>lF*l`Zt+-0j8kF@Dt zt3lo)wyGs(|AbdV*C9`M~mcX#^o-q(NO^^=jyfHm+6a#K1lL1L%j6 zT`+ExTwR7ZKCrU+kzR!qxE<7kVf3G?>Xmz7dqiJj_*>Jrw~vPVIlZ?1HQ=xcQ&U9y zABl}G{-}v)8WF{OzWmqHrqXG(OjD=bFG@$29tzW`RF$*gVlzTIc^n4~l=HFCt@I-} zM$b&*Fs|gTq;H{^eo*l$>l1ZRo_Di3QCsp6rUuSW`VG^&Yue{U;&*e$b#D^q4z2=Y z>oCgyV^gDCHo<-Iw@2%v90aw)Qx=Zm*r3XKk$@Yt!{@)wF*8UgRP6<{%=NKt@neD|mTs(H!l8k#Hw6VItkdIwJ~rF93hoHOlk%_d zD@~M<1K)(Wk@T%4qFO*Z2907b4a;UYOsO2P`LDfj*4FNDZqaZJh07B^*wa8=T$>Hr zFa87j&KLjZV!FMS>wdwil;=sDFUI*3oIpEE((0Y^4C6@2a4U|Kz!bo0TzmteBfeD_ioOUDUubKd%cZ&{zJLk#t z&F#0t!!Cl}UcmiGZ!6+U0uSzCCSr;+ISQ)~U99x$9^q=?U17Pp_s6|)wPC=?xJu`I zR>Oi~x&fnH3%d-;Z?<$mr))!zJ#B1sAlcMLhPr|vvOEJd6}u1vn;tpkes@*Yfmm1s z&p{Ji0E(0*N=8cC{6vuI)?SpI?|*$9fgSn zl{uwS1Iq>p5H!())ds4_qn3vnY9#m%Pq%OxfJrh57N0%flngDCB<&*X8t-b5ArM+#t>p`2hjD8A3J_T!rO;Q2IUir?=b@T2)LK;8)xAW zn?*bD035LU+&#g&9$}yI>bkC-;AqLS@PwZC-?{0V;meizv+{&xKGvaATsVcqBO&W@ z(c}b>WLXeH|FK&Z&iTYsg>&;w?)F&f;Tibxu~dZ))pFq!ItQ@CrdG+MCQak&5Zr+s zwhm2VPvJ%$U!R4;gk6?dqw$RsmOKZ|=#LhUr4zhH4)-1F^6A89KU6k))EOtZP$%+` zocEx%79&iY^V@KKRPqjRrTH39oO!pjYv^)p4a@wJpH;VDLN2%-i*qcLFwPIRSvoFO zlOE33c5_RBRynXwBKE1=+`(ubb|s{Wj(Yaw*3DLpUD484|M#RyANK#r+%oR z7+A%k)vA9ID1(R(jEN#d<^ms;{L#n{(T~*#{aAg5ry83rH(1Mlig2t+o~-huvbzWi zicpj$P}rhvyG;h=IGu{y6G%y_2cdvG)i)+-Z>rZ9@-=eD+HtfLze4eNI8?^k;q`%7 zXb0fmL1)#5(^J}tX@O(~pHG~FUJCra!#Ll5HTQ2J_1HcHE$Yjegkj#qeE-A?(G6YFotiS>U3^36z-e?J8NtD*3Z)tm5Jf2`B^L*dWqt?zKYi@i7A zQ(cbUo0n9EowRbhGjpDuD}<1K98x6xI3l1QRga+`$0unAZ#_x(3^h=v&63bQ9jZxj zNXggsp7TeLeAyN&yIRSZZSiv~UtMk|{`2g%#ZSodJjh~s8XTDF2{yD7_IJ6{w)g>+ zQ-G%e+u|SN33L|mJ!mbmEuN@yZo|`Uw#6Q-apb}STB z5hQMOYP0krl>x1Ij3P+fSfEXmBBgg5coZA2k+^Y&mZo0AYb1m3_7dYY5;vA>L)7aF z^w+kDgbnaZW6%ctdRAM` z%e~k8m-qMcF#qZkpT7C@oWjcz=!~GRp&;y``+)jNzTc*BRPHP1{9VHNyMzmCG7S;Q zr{V`lo<4bKg!b3>Kki-|ao^onz#sUm6sSJKw%%J1U43&je^umhsi6XoGua{W!`(rF z#~W`k;(vd@qXDWd#_!hSZ%goT>OV97xHBmJc$HEA7%&Q~ugBlUn4gCORH)DR+Z%<1 zTNAO+SMj%tq4=?v`XjWWt(F$%^JJXF->zU`hZUu@%aPI ztOC<E-C=>et|Xn2uAF{3u4>b9-;Ecpt>C5c4xT+z*gbJ1|N`{N~E8so1Lm&y)y2 zo^M6$Y<*iIy1Mj?XavsS3Tt!q5hae7eeA{ErSz_6NyM8>(C^LH?1 z5{`(HDd&kW#lQ1r08?%m8Nig#^$9VvYp>s~caBUklpVpw-hP|WR{_J)Ov?OR7@}W% zF@N|M-H%xRYio{k{yl{jP(7D0Q6ZUto=a-b96+e1<9|(1VH2woK)dd9-`T1KkY5JEW{tz5>V!x0K=Vp@aW`R)mER#~dIK9^}B7Si~^|sEh-RA3Y9qG~z%b zR5*|e7YCYqDSDvg>;E(@;+_fBSK@!w{#vK3h{M9cM#Q48K$(PqUhf%ophpO3Y>TaD zW@VRi{#>G4Zg>1kD#m(`1w6N z)UeB~q(+#Wq{hdSxArnVR-bGJ4mh8;nFycie4cTL>aCPo7WXzYo-=Saqd31o-CBJg zW<0FJU|+96F(ZyMED3e&&f~iQ6O8hr;^_6PL39AUhLRnZ7%6%|y_??U@PUf|=tijc zg0+~cyzu_Y;Xmd1&PZa6-BjBUbUrJ1s)J5fLBEFM)%3}|@QU%@gT}EMe5Xu`e3e7FdV&sv^o?`q@^OW1A~|6Rs19M!?j%+JP?b zI!l`?ecM>yQ<0P3SgW}lbtsMZxOQZHU45L(yA9EH)9c3imRq)$*i&2%w6=}ck+?1E z>gtBT)o4M^rm?OhVyb)V%b1 z6Fx3B359>gxU`o|_{lxtTYfd}xC!6h6Moy%6+boMr}TvX_rvaL6Mkw>`2U!KuUHKF zNB4yP&eo}36MkAx_~#C(`MC){qbK}dKKL~7*ZH5>6aM4ZJ@iKtes)jz4(p0M1O9*j z@a%0$fp@d(FgmI#V%quVeCKj}g0gs(lpDJqQh=bnE(El!je$6@)Kihpe>!Vjj(T8> zQlq8RHn(N7%lk=PeJq56rIuSJ-G1iyxUvzj>g(!G!!HXx8};Y4E8AU; z^*|m?B}%DHZp#*6RM(IQ`A}%xkuc_C6RlJ!6$Y)F6Wx&}TG_p!weX7<+6=VDCG>_@ z%dstAns}x3hSwMG?{b)UW%h>G#{;iwF!74(4X>r~AAMuuW$z8IuM%(1HSx;m4X>E? zJ+GK}S$o6l$nW=mZ{n5Q8(!NYAGp`VE3G%Y9?QSTXW*qeJFpwsw~!=C*x0P2-FUP^ zGf-V{s6zy|S=uOA3%`4CDMboufx3d@d@%J$J>}`#AOG$?yv#&3Dk>_O1S%1cqqxk^ zkK<)Ds!>Z(!<xUeWX<=c0{+sPz z;AM7Lm`CQnI1(?dVPW1g`PD|DB!sifTTQPx;0c${9rcYX7JUQux1hCT^|r1SOu$sa z{{40LMc27v(GEI(J&I)NMd}A3OZD=f&U@-Fu2{$hx}QoYQ7=+wLze36tml9Ey(<GEJlzRekiR+2Wlkden5r|7_Ph1v!v%fnKm*}3jY`UXraUd@C zp14eW={26{}T&@^FK)q<$q#Q`JeKG{7-JQCidYPv`Dj_ZPEXf@3OVH zz0RKgCr^<7DcYz%FQmRl)yMVK*Ci%rv zz~Fv>{|Y{E-G7BuGyPYOpcSp_O;RwQD{1jxkrFNri@7;g#PtJQdL>ElU*UUD!++&| zn7zegU0B9Qjf=;_%zx0ymWmDkRdJC2szmv(;PPUVe*e`G7qFNuSct=HqsN9tPGQs$ zlrc^>>2|yFUo9;GaKnFfH6FxXw`x!1DO=sz{<*Q{Q}Q7m^U8gxwAAfk{Z|wT@n3ED z9b7ek+^1YM7YVcDC;vOZRr6QvT z{YL<+9*qlNRoIm%&Iewv_gSc0Ypg7{PU4wb>rCj}wV5B7l@|qQq@d-iy5D3vN=@q;8-s_wHYn}4H7EpfSew6PY zLj7OG@P8GF|BH@{VE@-V*6*|b3-T1~|C*z^s5k!?yl?b>6^Z`~A4(J@u69xyyc>DG z3Li=s&aEQk;vtL^jn1w2_;M63E<2@jYjUV_%kXLODEMA0VH9!+4zE%kTzI1n@{Bv- zrgJyMm(Z>AM2`XU{}w!+Uia z9+a*M^t9v=DWCp}bC_+CzdU89{Jxc<@wYmG zN*)^zC2(NCWn&&3HsuEr*GY-%)IOuu)jeAU+8(JM2d83wN;cgr(Y7ISX6so6!FL0u zpr;fR!^1@sl!r?pBOWde5KKjfuE8X5|B65l*G|4c^H5;=88+aWimygtGfYj%#$>db zm9=WH< zCN(M_E{Z6dCh$_^-_+_zTMOn0xXq#^0mqqD5~JZklSEqe*aS&ra2TV%)loIw?O2tf zsMYzgu#xPce{IiI;$L$gNR7}A-zT4PYh!-e*8Qdj1++il@R|$+yY`7ob%4FSCX9pa z|3~>gE(WOb-2UIo_ZeA`@5le~|03UQGVuN%<$IpUKxr7|tku^aDpNzW-^V)c}wGgyGm#+2q->H{VgetS|!u z^+roRlzC;Bbr$^61x3DDEza5#1Jl>7slXz&BiiNjSSq@lvvKCLWz?qHE_yf*Z*pwI zaiP|6wv|&85_26JT(KL*Ekn|cWW|xpS?lqAL<>r+Q}^@ap>K^I5$!A78w&1{PUNSF6O-PcKukCpwNXsa9w zAUFC7tI}M{E`yP5!JTEUy7mM(*>KPc?=`3vHk*!S@jfyaF2K6IR(N^Td)_g__m{bs z4a55=R5Z@Vv;Lx=f}ib6Q3za1xd2E;cGr=!*VI&WWzHUKTX|sF)U-rgzM}aaY{40r z?@T?9_QAhvQ58qy>hK*}M(WsQr4fl8@6aAI`J_FC5~itNeHr(1z#1qGKWl0`sFzn< zZd-W`-BYng-OJAK;6$98GH?W3@{vnZtK8f*soNQ8lk>-wM?n9-C|thzE6@ikAqATb zi|eu@$+5*9+pugTy3K+QwovdZPHrt||e2wn4OB1vjVcPJZ0;UNppp0!qlt|#qB#i{<8=7+-3)nrB!wtM0GONzE zh$BSpiFgxJm?-j$s^=n9?eu#b_&5|Bu3||R!pi`=3_t+^o9^0HRMsIR`XO{&6o8GC zB{sa^MlY**1F#`aDjPE!w8wbLP1ccWe+Q2>q|HiL0LXoH&}G+L*Yu(}mj%pI6*>Ke{*TTr6bgCPGwd$Hs zew~X0lI<@aqRL~RVRD>a9@|rJGh%Cjp2WI(l-~fgugX7rhAQ8H@(Fr*c#_fbCfOuu zud74(7MHh8m9I)r{WeWW)E+Y|r;i?jnCt7h|`RQ{8o*T-n-i}V+!#JMk5B#dVDM7=r& zPhW%s@K{S|NMkBVuaCjRZ2*j?9-82Vj&1jgCIB>65dwsN$$DjsEN&2>eh;;vDnl&* z6e|OJoqKk@GKLv2XZ;>JLRE&2C`?IaJ;7aAm!en3n8TQ6{T>QKRffXQ`x&?^zNPAQ zG5$y|s`pSHsxFj=-pPWxFm1G68RF6hen}4t>cX@%y)s5-ANVExDyF*_SoeWj(zSxPuq@T0j8(j`4Bs0+&ihVm)7b+Vz{ z2Y$(T5UCWV1q|gr@JqT@a2KW-5`v-J2Y$(T2sf15T(K=Q<1s89>vCi3dZ@8a-#YsV zU5!a63k|}(fH7U`ip5C-*by*Wwy~8^Ge@-|`b>ITh!F`07~GmG7Kbg`I8YsRY$eqA zQLTt#laUg3lw(Pvxg50|v5t1O5^55uRz$;z00>#a*nr{Q;)-o`IW#iYv5BpO8cM1a z(RIC#`yawx5s7dL;D<0*L_??&4hLw0zB9LXmGDDYDzq7?Okp3Hb1GVqC#a{h1C{);8yQSq7U5aRX6m3Thg;(Rl+H`buvxR2Y&Ug z0Q$hM-p73(_|@xh?*qSjALV`ESMP(n5B%zVO!t9by$|I+@T>Qs+y{pBI+Xjsuil69 zsrZGEqn15xOS?qaK5m{`>e$CGT<510cn5m#iuO*ldT)*MK9E4yniC#CPw-}Ze)Sb~ zWu}`j-}h3=5nQC8Hv9&Tpx1QYvKTrZKKs+?Mpw@MCM5T- zMFjTR#=0wJABn@`tWHZ~UCyl5kw|wSJ7?AbgxJ1f)~0h z7-~BqjkZNM*5&U1o&}qmn)V-Q`q%94xTfQ?4qKX@9(i=h^U~l5+gH}69cO#rTADtZ^%2_x0k;IUCj_-4 z(`c_&+RL$h%Jx2sM*Q*}Y_1WBHZ*sP%^k8deLiaon`=Nk^T6itykP$}WE#!wWOIA& zu{Bv6T`~Jl@O5od%>E-t%sLD{#mw4z4p`LD&92l*qGP^sPmHYrb>jDb+XSkc;`ev5 z%6F&|KkH+u@*R6vufod+8XKgqTtoNoLzSkcp~8q+-=fOUSszK2uh{QSbU7I3lqy4Q z&44mu|4vkCXu>a{e1j?@W_>7C{zGZds}xI>5g-NkSaO0 zMl1UFILTKXjXsWKAD;szf_8ML!s>Y`pKGhNqW?NrUUek;Fp_=9@}L6UrOMZ`JmR2J zNbd>kD)dq$dx;gcONSH-**m2|UpqwAiQw4lYlo;Rc2?=Ws>c zni`I{0GdXJrHSe@fE;I7a>$_?5FS91I~+-k(9Vll&=NqLCoFML;0FVU%RdEi#o>q( zB_BZH-Qg$sB zuX$V~ESccdUO$;jm!n*WXr_OHQ_JZGT~Y6{(NJmRbeG=ZwtSi1=8AgbC6)*l#q_Oi z%NOYzT~W`y%$LD(nBENABK>1m)Dy4rWw88FtBiA|A9GuFr8l^ueqGBVVa69f=u5|m z>fPyGuBfGrEEQ&Ov6RJ6OACwj99g^lwD6ouEN+@qV1oB}>}NsRvdM8Q7DxMcK~g;^Y+7C5 zgZJCm_gU7M797VN2V!AR?}ohQv#e>Dff?S-Z#gFUBB7V6hZ7Y&USk z`+jT_3mdb8<1_L0RW>()(TLKf34RK0w5YPmNX$_xu#iV7XvP^wTnvFHKs4*NCE@EiSLc6*UQGeDD`_ z8%`tOFX}-YE5KjWLpUDrPy&_|wyKv7;ghdT-t}B1tivh-3j*4bu=x|h*^z3!6JSjy zhP5WSK=m7wcO`|hB*EGyzY#exIh<|G1+L$AyfrPX;RptQ8|k+kug?f)AO|dv18n8Y za5M%`mmQY6;01O7odx0O~bQaMjIS^dN=<*DKgDl6i*lhu87?pXP^Oh0W+-Z?5Fd-p6BtK0FoJxbIk;Vo(nEXT~vPcL~ z@ILv8N@9UvqA*PMH~EQ5W{D7@;DGeglg0wU^nfql2F!~YED=nU>GATDlgU!S)`r80b3L8lZqR#D50*PPPCjl&0Zg1C=MU{fnd=9Ht=lWM=mtEqqF)Io;iN3YyDN_7v34N0AVx;VI~@VGXgkPC@unEJ$DQDJXwhP=NJy3d)~F zIoe>SAo?}c97f_PNM9iZO?&JVWUoT$QxN=?YVd@!SRAlosh+&kTUkRav{TUjAq&z+ zehT8-P!99s+EbAJDT;*-Vw!NuwUoE8sRDXO?bu*F@NOrI2M=l8pff#9->^vVm=18@ z`$zQ=mg{X)f6te}>PcMxil4N&{hBJFr)8+jGQX-y46+Z^q(Ym_ud9++BA766ugR}} zlUX2`ELvlJdeT@Rm>#kQ>dthfWw1ynRpv&8pQ22b3)a1UTC({vSnbLdhhhy4e?L_P zEE`OfGQa$E6|zV$U1EFr2`gfWV8Xzf20vL-Ss<7!T3vp6N?0J69I zcu#n@dOz{v8iQTfYG|*)b>v#cptkPzjfj=t|Fqfs{$$QI`1S;!i_FBA6ZncDNj^l* zy157;LHWU0*3HFbajOe4khH%=gj}5(ct4re8XNe*MaN475b*t_1j)p9EEid0PeEoZ=Ks#WMpCp z&)d@C2LMH@=gs0J9?LyZ(UH7;^^I3f!2<-F|3N&6?7;&_d~ZDHy4B#p0B}beq$wW!;ui3r<_9ui zXaEy-Z5&Sd9@Gae%sCHS_{YnkTv+Xw1l$I{I?Ch%Zuea6mjq7|ZmBRO!DIKVR+10} zE_i|@!Pz?(4ox<=ATc1Kzf@ePE~F$}LrnllNa%|suq-}d8@g-b)QFmn^8+}t@dJp( zpJNdj$d}WAw^CBex{zvj#GpmcoW7Wg(Hpqx|L%Wo?yk&<7w8 zWAvu1YWzo^q3e$&X5|q?gZd*83DF-@SRZG5RMa+Yc@)&)Kz#GAt3m3&IjPWn_`Gj4 z?qwaFqUFUw%3gx3N&T}4s~WE=8?6o61XS*ZuTwpLQcah4&EKXT;g6Uq-Tu%nk08@*4BAMSSL;Fk1V~iA~-57mHU; zn&!U{79S$w{`bY}7GOG(0Co%wke`x15&6KPf4@)VBC0nQTh&xgoxN#Dt{2e+HKLP!l;; zVws~II&NZFQxJ?LW5g^k#{5Vah-d(e&Ic0u_q_nO$SMdv_`Sz_*nde4V?C7T`I7O$ zs*d_LPE+cGQ%3h4wH{Z5;;UHbG=CJ0d`HU!UmR}g#4RH7ef80(GFz_gjpT^wh(Pqf z{iTi$h{Dn6vT6Rz>1DUzi}9%uk*6d+pc+iEkhKadO0(BIXld3tlOVGzMYo2i-`X*M^7&3(*zLCxKP<~-Fgcf^6B>i9eP1CACW zl2|;xl141}dcS=6rlN0c2@$p-#?=qb1g4({1{H6~T@(?e>&PU0DO{COfo$8#XH#Cm zZ%q}%--iT)A3cxXiXTOk4npSQMR@3#L!@f>T9-P;iF#U|@%6Bb&u8+5e_7XqWCz}8 zkKGbT3xbAe<;?NLbgoAiFnFeRFEX^AnB}s;K%>{KEuab&_8(y_foerCa*d_!aAWk8i66Y%HH58 zadOT<(E3^}?b}V=RkdXZ2O{FkAtv8kS+ZYbdAVV8=0}BN<_d7JF_j5r*%f8{0iI>Fs==ma_kbj@*a@o``eUFN_Z^7*5nrgv=i*1{udI!;GoTv= zoQ0QHAs79SDvfQN^(5nx1|nqzQn=t+yBCZwybJ)xcw6ore_Q<{1zQ%?ozX@+_#QBPCUQ;mAMQ9Zq;o?PmwRXt^> zr%v^Bp?XT-l;Dd$OFgBjr+D>Lpq?VsQ;B*ybd#b_J$<2`UQ93CTJc2rYu_oP;fi)&d^%of zgGbP`E2nVS`Ft!{o+%-x^SMJkQ%s`xyj`AG>9TSF28`CCvUGvj!K{C&EM02eXV!}< zOBbCr%z8p)CFnhmEX;2zFHPnB4~xxESp_Pqidna)tP+(qi&tOAvF2xb!Wo60Lu zc{`D(y{xioRMrQ~`jyIhO=Z2stVJrTRb~B|Sr4eJPL=gEvT(nM%1clZvzWy^Dl1K8 z&1TjWDyu+c{g_$js;m-~HIZ31l~tp%a*zf6a+Xm3n##L~#Wa=GsuF|9 zR9USms}fm=PsY5pG38NrL|jNMwKk?qPgdq!di^xrFL4XR?TgfJFfU zU1T1HKAsKT9&)Vn|K#kCz0%vq1e^Rb# zK4adqRvxj~7EQrxOw)FjhuB4Ecl*mbg32e_-rRW>ChG*-o4X?LXTe`A{^IZ#kH0hU zhcdg)#NTlIox}3BCu7QPoW|l2Nd8pI2`B^aB^o9{;c>TCa2>MT-_N182CxBJy{P^B>|=r z`yvV?+DPKc`6(kE8=cE?_F?A53oBk6R!Oq=Yn415$##__Pv2n@;n&Y`Y+4q-0uNQ| zY*kkST{Mu4zq9do7XC)!k3BgAe_+QR^!gW(_yeAMPQ%|I{0+t*aNYx)_YA;aTyxAc zw1}c;>dBZQ1(m&Xqe@aN+$uQ|$*Wb8eU_$@Ly){cC5IxJEJ?tAGUjwi0);1ItSU)9 zoVbCM1ED8lzER0RNbXh1!AR~@NwVf+l_YE4Q^^5H)~h6ia21jsiORqM!8Nls5eZ#t z;{HG8z6Cz2;`%=uvKWwX!y_0ZV9-?(MNANEqC^r+U{^N~m0DD6L1>C^BpbkjvSAa* zx?Bv3iiKaLiWXZRXpx6dO#n#%3kg_xseoF&%W4~?l|Zcdf4^t$-A4%4_TT@5&xh>2 zb7#)XoO9;PnRCv}ToX+)k_zOpSFsERE*AV-vvB9==}*Sp$1#{kg^yC=2n54))1Jlf zOU4?#H~2FZOPMsaPiO-+*(x+-JiEyLMb+YEe#8dA=m{m4v=b zxJ(kxm4tJdFo5evn5|mmf~>C$pV0&bIj*u+tD><&U5l6wx@M^BC`nxP%JmJbJ3xi8 z=&NYVh#L%O?T@_FV$wmx%6&5#A;}N>zY0|ADY%-tn1Qg5BKGr9LcWY z#+q?lS|*1Un~sWnqZwTd&GY5$lN_`fUcJ$@8V<*UvAPGR)ue&<(o>Vt6F(RqJU?%K z3D!5-+8gao{nmJ1^5swYV!&8rO8Un=lJ_(I_)d1#=BKHgog+C9s+>Dj&P^)kS=xL9 zS^!|470KD4a{fl;d<;KU{jaOMcKC|Ghbik+##t)koeCr>uTa@Ko7q;WY&WQE*Qji$ zxx}hjL3>(dyI5uGr?Pd@=AS3ouHzAk=fctQ2(#(->qo+-deLLFzCL=j#Z=$n5(5FCkr$G?YL7q)VGrwTI~P0`&MiH3TvDwZ~mnH$6)gHryRhKFK;M; zm)3|^W*t%l{401cx&XX4kJB=~3(w}`S@CSIEANQ&=FP`^Dcqd&FrGL|S0|my<(EIO zlxMIv@AvX>fj93tc{tabw_G01QrEY3)7B;hkWixvzlFlp_BZg?xO+L*v%EVAZju3) z)tct(0YFXT?cm0{VI$raXOpj4wMcyvsY-6a`7yw_KI;1={Qj%h@0Ub{{^mBMrSY;Gll zvF@L-Om#Yo-AY^auG#4{fIl<=ot_b?H0{NAk@^l&+375LeA0}YqrP`yqn?lbeudSj z5o{FO1UoXA=9P75QxCN1c|1s>akd8L((POG&r$ZRWsfTPcb<}e!!8WVzttlDTH)q| z`~&wX58rXTi~Ku=2g<)Bf#(4{W2_0QuY#3!K+Hud4pR zQ3?NN7}9ZiFzNq1h6nWTP&et{62iJa7S^3%SThu?!vbqP#*o6*KEe|JB_52$goIfQ z_Oq?yw;0btTCT?`AkN6)ljy8N_=LG2&T#MvvM|m#H~cj@{I#?773(*QX59aI43o=h zWm1Yvet6>iGUJ+9{Y5W1>^t>S=<9n*YeMJNY}8NZStf9r}aUymEu=l+-M*B z5BEnZi%!F{8%J!@^Wx6kURFdMXexW1%oO}K01Iy3VR#sG{$oda<7KDO^_KVB2#OzF zykr}<$*Cd~C@8u%|eqlb)-$DBT=fBbNdy3aNw(=%{L#BHd~DQeuBoD$b&(j_tB$u zQVz74Xwj7YQM6eocy-(0>x&_cv9gaMi$w-Dj*waGOk@d;K_+$0gE=NEwjMzeP;HJ$ zIy2Qx)oO5p{jXXF_FvmW4I;fpsxd#BrHqy?Q8*<+dt2z^`iSg48V8wLX>6U0ihqq# zdN6?3R91>oirr0=KKG$QX}_C0La7u1N>Sco_sV~T(i>9#eNHFJTi86XIhIaCq3(R+ z^ea~w1nOG{d*g;0oJMOb8Amp)bU2wAhd<1c-?>Mq@i$ZBZ#KT=ti|*9fmea4FEq2+ zXWR%S;WcP3WS12rF?f)mAnva0kfIn*tOE0cX!ns)8LSwsUJ57_6U{>D;&Ae`4F$Wo~;rH2r-k=E1_XRPUjHT!sK}k+Dj5*~VOPuiwX|m8E zbz)4iP9k9ifAyQ%aMpMN7A8GV;fNl-yt$X(fr&H8?eEqjcoh~(B7a&t!{L7^-pBz8 zz(Pm9)UY?wgg@U-1&im>pS>3c(!X%iAsJ`Phd{A&*kQrEZ*wwHD5HkqVmRG{ZJ`rx zA=hANoHe2(f8dviPQP-2Is;wVmn>GT+dnO#f~E*%tlLYLr+t80~c=E>opbhD)Vimhfv2zluC6Y$rH)-qZoWS#O zKU9(_diFtekx)xy zTGQsoahoOOwbOXJE$&2a=&DO3mgZi+Q*Z?q-V#&)p9O zc%tM7GJwlpODd}_DSo_$)AYrmM2k%^ryx2_EL zn=Ch3YRlWy{-ML|dLPYnv6<0SwGboff+|y=kXr63y|lhCwbP|Jg9ed1g-d^Jxtz8-EZG-a5`H-3*DpSrRe@9QDE@? zvfwT(QaYfD)zfg#!8KvI_4%LC%{#_)M2&wTx6YRy{R&-+Wo;AxyvN>Z44X@wT&JhS zhg)IsGFmg(8q!YxKA`?4wrN*!d(=nqs^VGeg6K-o%&yZ%U}(08zT9MJGJ{73tTli+ z;LkLGgA=i8>u?IU+KQ#w3FwLDl#sh+W-rdW2r1c*-Z?E54r-U(=ssg#o8iJA(LBvz zMq%(JBIaO=P3T-u(c(pG9_sAI?H0V{1CuDG>1LyBCQYkR=*MaD=GuWBFVahn6kydj z^1WiEipQK~fZ9WT89GF#EVI$h6D)hFT@9A9NZJAL132zEm z@Tjcg>YbUpqc1o=>D1G*!D31`EQUIziTp0k-GPaz5M?a7(s(qB8HwGodKxBlOCMip z4z2@b*SjGv*=`b9p?|sDRpj;`ar+P99x0G~;$D#a(Dh1wGZUe*kjuZ-c5CG{<_Mgcs5CaYO79AL>Ea7fU>Fs9rlZNV}!9l{SWXsoLpnuK=Lu|#nI z?Yg@`wjPwTo!q(L0T)N&p69QI@ilWAN$88ZO_o; z_VoG}bQ);U>BB~JX}s%n5=E2d{NRXx$Y8sFmkhQQehfBWf&@}cP)RzIrZGvWc?g5su(&M-Gy+u7C|-~ zF7U#lbQbTii3`obXur7Je7PGhgRGaI;^ji?C9^lkZ2~pkoPMU;W+HtV+q>YJ#Iba#Vga| z5SH7!XP6u&F}8ph+;qjUtHg#m_nj{EU|%>;HWI%7(N?$SMjp9biAJ8baX(-w>%4*YzchRQlMW-W* zZ5m~@DY_Ztxf+sJzX4lOFx$6Z%1I=qv$Q5S39fDt%w0Pc%-v(AnywVgNx_}MssCCi zm)4w7EH?`XisioS-I7A|u4A#Ra#}intp3ECD3w^=+v(qDa_XN0n?*E^+b*K9suB`w zYTJ9J9OU}<{v1>if_6-O2Cpud1XQnKWD_byrCvnRLENYHbj}gPEiWU`tjGRFDs< z3}-XLU%wN`^(v{whonO)X^l$y3zHgD(r;AK9wxn^k`}3?x0&>;N}8>bUSiUtDru@p zdKyXSpGq62(yEwks!A$QNzSCH;&^*C44T;#;Q&In}syPqc$w!UlqUjqmZW zEC02Nycg?VhnAL3`7j%+Oj+O`Cp%ZQX_X(~!JB)Tia*z?mN8xb87OwpdE$_>u63mE z6Pr^{=nLHx^t(!x_Y|S52bZhayIurO%wIgpt20;%C%sy(ygFh53O)hHPQZ%pQmVD} zhVnZuMEU2<^69Gl@t#rTUyLb_5=&X4%q(I0k)9tLRbpmLiPLHv&+?a>bQmEe zJ!$ICGn7To=+g&_KxClEF*5&tw9WXm6H_qvlCt=+nqM?3fmOBTxAKcvZt$fVIgBSB zrUlHDSr7xPNi*#)+JYeOh((c9OGHKXtw4?~QSGtqKx{*9Huf3RJN+M7DGMc!tD3MKMQARm-n6bD7o}EWcBY zX%7)eRt`~ZWO~DtEVpf$6?s`T5aW;H|Ht_(I{RFCe< zZvnhD(YRr&>Xl?v^zUcVUpY$<*A;A`2qXPf68s}yg8m;fl`9Pas%XM2suIiozeZ%; z>69vjnYXQ00$-}#j>{;&$4fug1DrfG2wZvwQAq|~jLJeZR!{n$T4)!vD=-5FO|4`^ zdE=97CBq0@FwP7D0T~*ZLASR&jr}tW4|p4*3mLv6sR_h5d+8C84~YU1mqdo?l1-)n z!;vmV!rMgFEQ~;qMXRLnQcH%VEN3}w`N9=$O0XAKQ&=*{XRw0&f`wKwyPkFqxo0(> z@w)=QxShT%U&7DW`Z#_;sTHUOCKD))pVo2tkRNBSocSw(By2b@y~ll;#RU_r+?9480dZMwIb0p!k0X z;0!2sn|^1am#LjyrX$X0DFROg$^$Hj zK%_5~--WW$?7;avsO5*De5%zP{086SLd7o_`7QJTU;cyi7hbCS*k( zjR_M87R^n!aSot_J@B5l6%xMqQAbE%Rz^om>j()G3FmYV{Q1~5@I&~H#fA6r8{7@6 zDHna0S@E}wJDI|5W#m}NN!^H}i6g7D#+BPR^XF7Pq!o}XhzPU)VwhsXR2BdlGvt>t zuvmt*c>skk@6tYD0jQdh7(4-Uvnc?XWV9NTe@v|U#$z|${TVFCXH7)cbbH(;S^8wp z#A>1U*Rrzta-$>-V3JKG9aKqYGwH8iSt~E26XYspCqxUW(A~Z75M6u)o|A)xuxK%e zNUa}4ck+D!fpHJ!Zk>Nn(g^|i_ghS5EBl)Q6)m-+>1bOx{2%e9t(~+g@-0hbL7X`Q z<56XUaYqpO5Px#WQ;tlDIVZAvF%if?POiq3ifP>A4|{p||B|3m!5p5X!wH;YZk0Fr<5 zM0%XD=Wo!EeJyRC8=>NRhEt8oV*Ezq%vL6p6=m9M5`@)N(Ul_X~S`AvP(wzEr z2#wgOEgB1HjrEx}|95;?+dI*F>U^#89~_C$n4I2I6UxWAvCr3?yJc=d_BSDyHoqJ> zVHUzx^>H?v3cJH7tLv8*2P5C{hG>(gG+pK+OipaI|9y&$BF2}D?frn$bwQ zQ6ju0ycPo&=O>9+9)2st@-+Mb!`!)6Wbm&Z$Y6Zx>@P$xk5h?NNHnH0iL2iO_`dNo zdIM|mVywoa_y-Oc&*L$A&<(GR8FVj%_s^*DwU=xiyFWoVK$gjR(m6{ZKYBvma_OTj zFs5E96D?d3Z@jtR=mw65q z=5s266z0?bic@qgCxE8_KvlgPoaD{P)2g;{e4MG)U$D>}ECisa5TJ}duzp04P9t06 zkc)jD6(4&w^I$r{-Q$vxZOjsrtmxJ!jW^$Df<%)Uf=zPSs z1y_;kDiGM|-$h5LDQDP8bPb)fzJG7&niwH%su|_Oj96g z^M7VatVCOp?rbdZp6oIcF&oE2X?T4GuXgpCRN$+98$KiZ%n|si&F?S3J&Ey!`lv?X zFMRAWqZeLLs>ME|i*MW8sM$WV8&0@DwVi@Lu>DQU8(g7r zvcj&czg;0~uEalJfGIMQ^t%0m^KhQQ1>`75o-8F*{NG9a#_U_U-ij6o`Iw2E7`J;o z2=R~*Ali?bKIVC1nN0)?#(7vKq4J|+1}UJUiZJBVYxOZhzo*nd>ir3u5Q z?1sYXZaL1jdVuT{%oDHNzOwAX>I5?p$1`C461+f``C!GS>{?^Ueebu$^qc3$VQe%R ze?LmuC67To^0ZR!&rH%e-Q$Ui(r2|Y!>t2V|kemBVXXf=c9 z1J$VD_Up0UhH+JNRsTy88sOB`udDtY;0vpbmmEj%OI0I|Vh>9xWq4X>1_y5vBO*@R z8BMm^B*q^R$*soFV-!GbTGgL8*uW*TSllb%C~B}kNG43*Df>fID4?NLDyVw@ho9&d zr%o6f{F;(R@Z?+eQ4~h-FftPslm{BbRC_SL247$Wy1jP>mK3xYB^`dXU!24vDf}Gb z`DwmciE#*F4}(<2L-(TKp+Q`WaQ&z!t+a|7@4SvuFroov*j@2LmpfpG!$yddax|2i z$}}!P^psM(8c%;f3YdKfELXk6V3;NA?`69=FJQ|UhS)f@KwHHoqky0m1&C^+j4op! zOsROLsU;>ykIT^}H~P$@bIJsc z&Q3J8vPg%(ey4zKd8Gqjy9jK11$Jz}f~Y6GYQH1yO*B5PS$nOAwxq6dJCS5xie$rA zv!AECZBhZDdP*;CmQWA;Pi$aT5_D3tZ zn3f{osS>J-&>ca-(Bt6|DC3a`J0eBn+ZqXby}X!BZQoA)7A3!2xd+QGfRo-*HQ#*+ zs^)@0km-8LiXXFbROLcYA==FjaYjHV#?cmjJp!PQA^>^BUu_mSd;JHHpT-M>%$_m9p{sHT&8^ znCGwrCH{(Y2Rq95x%>`Cs3}_RThG*gW)uK^qSHTE&X>df*94LYgTUTremc--|Hb3j z=Y?%~c|XMilH01FUq1UjyMi)49z6FRt9{*q8u?ZFmDmnr&hI4ic_E*TjlKh%7PyZS z>LrF#4|ZlMpibL@le{=uMElwgIRa~>GcXM%f$!qyeB!-wNcl%ZEk-?8Ykm)v9B{vY zCdvF?z1=r19`Q%>Sj8a^Aj`6jMZmThp=VeU3Q+%E$1uMj{5B53EyzpVkIhLJ180O zd^&oDLf(VIRGgN$&s&4s8R`-O>s%{D1Ws770 z55|40Ot&vM4?EwJ0RcPTH%_E{Lok7C??{?c0qulZ1+q;1K-;Ts#`JG0UeUjP3RLeXPytUA{aT+_{ZnG$gKyctRLHX@9%i!=DX-HZ zHYWri$MAqvjs2JSWIVTvc*`q9y5un)V*;k`3{2fwTZ}C)?c@0;!K==o*qADUlJ7RN?slBd`=|*EyQK*0U7Nu2<$c!5UbD3R2uefq$*aVJ%%2-o`Q9u))-2ycl`qaP z%fApVf4fzFoK=1{${RP|%JVShhO-S|HVEIm6g(K?RTZyIKowt%QQbAesFq>JI;h~w zyEa_*Yd^~J{NW%TKwlIV3s21X;F1CrJmv2N#1bP$a54j@H*`GZ!@I~S2qR5(MWC${Pi}}DV zPa_L-G2^w@&^5%T%|SQqs+$>-MXW>qk}O}|?WafxEX2hIiIb=?U$eV7J!4k7q#Bn9 zvhu#IHtEyvUB!0FePOtN2mRr<5&ePojYehP2(md9Ux?1`e@Vr6>FQU|1;v7PGJS4y z*!>n0fAS+v8i+puCg_l4*FKtlPTWQbq=6-7abIG=Tz~8K`1|_G_$yWfm0b1t$x2Ro zPO_uWA}yb8GP*j^gRY(@&P$a{`EwilhjE5)#$`MC49#_es&n^S6qd%)L^K8qxK+}@ zt?b|yGRy@f#e*q^#$vpt6#$vWUkPH>S54IIOQtCesTbCYj>bJ$0`Y$hl z->J0X@O=HMg6z!pOj!&eg+RBoU4m;ah z+-4R^)NffOrSylJPaMwowxt*Ktu55nZ7=Ze@SoiKN#VdP{==npp+s%nA>4ES*dO~d zOgk+#Ut8ODjkb2gS#_T$c4;;JH!ijbs`NY;;D-?KMBMmrh!Z^T8~DYz5^}G`c<;C1 zyH_o%a%BC(_{A28K*fR!!0%u|UUkj*MY;JJEGWOQsVzmi@4IA8zaIGt;an@8Tj4C%AkklQrL1B#+e{{xSMJEAxxA9uMKjvmOs6T;unw%pc{S zu(EKJf80vvHU2p(-ERMGSKZOhWAugHyr{IGK4AkzjPE;JdBrvLg)80cQ?Lwwos+-T zAN>{x20o6`WA)zt zQGp3d+&FWam6Q)36_~QbSx^DT5Z(r%_9Z1~N?hCKaJey3uA3j<7D~%PFR@VJsK7l- zoJF}GK6F*Fe`j=mMh8YbJ<5O2lENbWe%omO;HQfx{|SNin(rh!J1XGbnJ~)lUg8YC zih6*VC57$E7wUJl6;J-s<@+c4ydGs-b$ws zgDu_u5LU6q9e*Y{6_Ug<0+e7_I%uyTqtRfN#YG_fH952!WfTSg4h>t9U(mL_c=C40 zABD0^R5(^wU6=WSnM#WETiV#}k^=Ooe1a4#%-!v|u%N9DrAKuFa#VRPhgp7XYin`8OHtudOwMS*Q=gE&Pwq9Xq#*De&x0vQRv@Mh=bINCpWo#r;^M1 zfOwCM3XEHV1GeLes`ku1983p1cttl*w=!Pbv9HZPt~v{rgVLI+wuc8eC+~w*Ik_ws zb+qkvPp-e_lHT*-ZI}-KVW=;R3|SjwMu!NMk%;R_fFD@q8z}j11vq#c73^ZZApY=a zS{3{6yAj^VgS+43c0~34Qhc{wWPBO@B*jplyQ|OKRo5vhr}549NHHUb7kE#l1oWTi zPrLB4oc9>U{PlZPB05iNZkd$D2NX>u4V<` z@l+1?j8ZhVPjMz>@C2~0f2kMci!>W*}B)tww!Jg~uKYi5}&x9*(f z%lr1LNtmBHyZ!mILR}z!5P!?K9o;^qA_I8bX}EjxWCb^byi8$YRK_65!u(O_=z|@` zVx*Ks03$ z&-nHqK>SI=Lob87n+r}HfL{<(6}Aqg)#Gsge(u0U?!bMZ(au8u_9B0M!QLZ90~?F{ zb)^M$Mj~?5Vt>zjYx~EIhNmnZQ5W0s(5(ktREb4h8gS{?OrOL!1dXTa#iK;2;BJWV z5k+WE;$$dHfmS(2r{8qU2JCSLdz!^==LB0Lx>gKhm@kSyXkZ6_OeBAdCw~Z6Ohc7$ zA<|pyo0S?@K7p+Pm(X>g+t0rXy486?_XEc8WT+qDN9du~rb}Y|wHf^N{KIhGn&q$X9x|2rlH9r5TFZFYe@z}6tGE1oA(e(XScz`4-ao!J&v1y_@=@@ z+QuRn3e&JFSM%L~44B9oL9r2z(f$dI39h!yp}lUzU%3NNKFD>5Pdu#o(vY)QPuo;X zU8bNO6JY2iOMl4Sqb=ap5Qwh$xo061_;tLHmGg;g3=F8@ZhsAx9;d%%1%LFVHTd!6 zjr|*Y1~&EbJp@iTY`nz2>GrCJxxKLv(r%eXh82&y@S_+vG5NF49RIUvbo1{f+29;N zH~`6(57wia&T>XB0~f)tMh(-M{bko*43ca>gbmSlE)D&_$rS<)b*wi|YN+>Z6xY&@M& z81ehBJLW^OA^I0w_Wk^4in;ym&powx6lV}KM4vfe;P*BEqY&zy!EbN-98FS(=kb&UW29)6aIFcA9G;ITb^lzbY2 z0SroIkQ1=JNX!0k$3(F|%=Xd#uree=6^pnsyo>$e zEh`-Q)wwOas7Wg9*ptGQiDNVGbL&@dF|Pe1=qTtVZpWM>W&tY zmk3O(OJokGJB`aNycqEk@sbGnb~$)zF=DssK0dp&?pPwGvduUt^;fIa%wYq2bwZBU zWF=OQOQM|m%{C}Z1LoBG@^&7xI`-zz%{IS=2V>Wc>M8SpKX&efjgQwl1+W z_w4en0cS$)^$FUNS_Je&k40b|>tgu>?AGYaNbp#+c$=PMcHdI?q!@9 zrVd18+<`~Xub)+Mx>WpvRJ zFu;fH(AHgn@t*B3Jc!qX9Uw@Ye-1uHjrRr$)!lEKt^3N@ibom$vrn0bQSF;A?ej*r z?+4*`m<8qs;ddhY_v5JkUCsWnPZtL~I}&ogD~Go*?I01ZciSPjt_yY2o~h&Bhlm7~ zPMsp366IeRf5W5kyOUOj*grw~V(C;M+^MLC|Eu^P8)<4G9tHocEmm`-sqOKv`n_2&pWl_ z!IZBX)Ic<6C2S!_F!)2S@u>W=u1&#;uhM<%zYKle6byZ0T=o=3>0QuIBM4OO;|lb& z_Em&L{-J%efA>-H@4B1A^6xg0e}RWZ{(WXO(T8`Df4{^7<==X=5BDnqn4y`lOj%kb zd(#skRr@GdV+GduFs#vpMKO6b9*k^43UiNf$CDhNa*$f2JEuLV{yhqmp4PwL9Ap1x z=c@i)p!&Dyl-0j^w@Uw77qfp`|6=v;INqgy$MAsuEn6r38wX&ShK>g))5x__X-}28x*9jg!Gpj)v8NXs}2=dUd=DCUjQ!29}A=*VMxUmq(VYE zOF^m)0@5-Q(j^MgdBZJ8&nie)38YUywfc8CA@O|Ji}8T|ZCoq;^AOfp6IQx{b^Af9 ze>W>wZ8gNz(lD$Oc$fbD6%WP(gcPCQvrB}2w{m&LhR`F>%5b)W@t zVu*&~MW+OkjK&iO8R4HWGYz`!2AIh(lQBJqPpDXVCa`pVli!TGH!VM z(C5APRlz$_cgDqaLs=9iVC1vZ!m@?niU6^9KU zn(t!_5!KM~@p>5=`dxn6U}|VM5MBzi?ho(j_jewuP=`cqR|;IT_7BpOK4=QM8HMx> zZ`HDx5kSPYBk7-RJ>4wO5bZ=~rrf^l$P1s}>=D z82`WiU+4dD10tOCzsdh*8~=~;|0@>SBCYQzn}jRd=}>a$g|>qyqo+V z`C?RsQ)lDJyf+n7-?Q}SfLq=>Jz}2dH%E*_;#D$)#@g31HZFVnD_I;vJz9ZEcNH~Z) zVD*$VzQFh6>4(2bo)rAGdvNWf2ViWwcs>u*NwGq6VoJqgEgfPl{LJ`vX!!?>_x`{& zt};fztZb}YNbJxyfvzP7|8XWQK=3~uxIxduYjc2sI)JNQpb0Q805lMD7H0c2V+Y=G z=)zF0f^%qJoim7sA*Fdw#(V7ElL_VK6%KanSzcl;NYc^n471(pIjX5A12IiKU4Nc& zL#&nnEAgdLp7yt^Br5u9uR?5erN3Ag_VtGB`tao`Bi+OHh&?WwY9@~VMh0sVLg`Tht`Pt zXJY$9XKn2aTY=0eG;Gsp%N-oMohJ@BVLo>b#L;&NXXBiBRrH^Ei5z7F7M+lZ3l29m)CCS-~&CQcUj?N$<_{KO=oxoSk)`eWfS1ou95%a_b(P zJlx%B*)))+T?%j3Ep((tXOaXt6)sW`rA|v}-hjC|&gi}xtmJPrI^#ELG>8@6SnQAH zGcn>|eEk6X`iwhc`41B4oez0DN+GITHdw7B&L!FOq*gPm2lxLJtMyGKb@os9Pok+A zvg|nC)%pex)c=3SR#|Iy`lTeOr>pTaVp#-F z&Ol8%)!YC=u4|-!&iaaK=EA>i74!n)BLQ&FuZ$q9&rl&tCx(_pYK=Uxer(D@QM93i zZE&&;PL>{@y}c%MHY<|bgkU7it!8!FqD$~sjSuj2y5_qE?`}Pz0ZtTJV{t>X%ZBGJ zMYcMG2Ap(Ow0Y4sZ2|WsxpG^y1t-~52;B_yDH(loXJQSKcBMN|oyxaBO(K4Z_3>U8 z&U-2zxZhP#%VoXGR_nsyX;*Nl<W)a3CQDSPr9b;blPv zId~bn5FpVg_fQJ{1DBrA69+`NarD6qsBSER@rOOXPXAMElY-%YiY@Zx#qXO03a1D- zw|@cK$N3}pAvoWy%e$EA;l+YbF{Y60{`#8WAMrgb-<_aL$(BNHw>)XsUSXD#ZxS_z z=ViV$Y)I$JAiOB{2LH@w(?GxA4S*COocW~a_ZV;k`b{PMCX#*=*;kO0QO4HUC^)}? z?mh0dpg+Wky&jwe-QgV*nDHtdUL+Zxf!h^*aq@drJfPFRJx!b~5PRbs#n$-*1>bB= z&?=Xp5a+aMlqUHaTz#WTaSl`$?Ea8FfVVsI)?WvN`95MsefUKe-N@ZzIBwQ=WMn~G zZGo+}KwH-U}<@Q~D=t}bRb36$JlgV$XWc76ND`sIt4UlPbNTGcA zrz;hGlR1&YFT{*sLJSOMM9&affQ-Rj9Z}z!-=_Vy>7N=G2Mc94tIyw@eL4py{!sK+ zXgxFiZ?WjViFgM69p6v?0J4SYKXc{}qL_ZItiF#f_l5Id3laY%I8>QMCrhs%u^qmt|OZWl22aXss! zGkz4a6;sM@v$RmVfoQr9iJ(YG{Q&f3q=5%M9*GyT;ZWZa16AG(W z@Ual6&xa2`U7Htz#~CM!*Vkg@gE~zPuGmV(mNi6d3MTgr>G)*ycwt}Ln82LImNEVj zjm7?tML)wy;1BzY^*h>JzHigZE*+!elRozpgi|HTpb0tWY4d-Midgsb+V$y3qp@Zy zI2dPrE6D5Ai*Y|{FfPU)&ct5ig#LCLUS+I9EsF{EF$T_6BOAnw3G@j%!>1!y^7(yW z0P{1Xe`E~?d~jNDa#|?iv;b0oMYXl7i7%`D&Wi8Y5N$yfLCCzJ-wgKH>%tW19{9eq zVjJ1RY1`&HaR`(c=g3CPMGqc^Ig0#OoO?t?{}ksQ)fQZgti`zp!5RlKE{Zej$Yid8 zO$a2_oVg!)#>uG@2aHmxCY*a}LIs?S^4%ys?I*?f&s6wCB*}G0LD3lff=uv z(F*5VFes3-)Z$1n4Egw6u*(>eU9`2rEqYl(ezkNSyn>bRsq`|O?^r$t zRT*A?v||17sI;v2er@egbHL0jBQh|;l%RwF@>l}F8t^0@XSie)f8B~eFx6=hAQBW{yO>=FBXbxT0AD=846MH5$PhbRmDSk6pLMnzB8O zXDFNhfLf^RToLIT^_$svkLsRrc1+iPpns7UkHzx05{h7FQ$|8s>QBXu!-O$;&s&c> zT#q@mR}ugEor64{`9AvYa87=|VExvtZd=^itD9YQE%K=#v#}72kY1qI#34x4zt1@K z!NE3&G{@ch(m>sk%=al{^0AKXq|Mt1R0${y2&{vr|I?}8@=q5cm4KYO??(DQ!yb36 zA+OUDx}$7*q27D#HTtk8Gf!01PXcsCj|NQeX8c-3Tii=n#k;LaI!`a*Xv0Eq^C^x{ zbw`5lzUl>;)4eS(pKv8A;ndc+g{u5MK^-AW~XY%|w%r%Wgnd4!s+MVz`3bGgJ^7ED%EWNS!k2Uqz{_I_C}~K$l2p6pQ;; z>@-v;3|P=3crUot=@(s_bjJwBsXE~){?la`4(S{=7?b<(5;m^vkeBfMv=OiEM+>Qx zZWNTCHe9F+r3V|L=4mxPR&xOpV}Bw4ObZMjzI9Su)i>M_XulYbhMP2Wkz5S|)>I)NW(@0jOgZsK3JqX6Ok ziD3qGRh;qy3)+IOQLq??bu9RZ4|)kKYgF4BaTc65zZPkuw6!qf-~mVW94*hb;%{lQ zp8vS|UKwZOci)k3!|>q_uhc5jk!-aE>jN0Fr9s0>YYM)pP1Gunp$RzW2TFJgm^+8L z^=|uNCFE%7g1qA#*I^M=o(LriHlt7v9xB_VC}&53_GB%WShW~4TGewxPcdwX_`$T! zW1042iG@00ypafApw)N>Ne~$h>{_Zj3iEcOt;reaKj>Dtm*kLd0@CdxKgEd@zZ|`% zEszN3j%>;YMF<}pmSK)DDCTfSC}MHE+-2^mElP@HM3a3~Xni%XyS=|EKW@ z$WGU`1KSSBSYCJi(#IglAQwo2cWsA1S>YD?YTnfTi0c~S)Nw3$Zo^C*qYOn1PN9eP zA|gj0hItcX)0un1^Q<$#t7<8;pCYD}Ze~2jP8;_;fDo=hky+qO`W44-7GJOL_QmZF8`a%OgmllS8)H%~=VdyUwh5<6=vfas4 zCGls1qX&mvy=B~_AjH(|=)=aRgDWzWEnn0}naxE$u{9Yo){Lj7nKUHJ z0%Mr)MN(0as=Wrm-jObcY0HQILjMm)|ACSJcm2QrKkk35))^*lSiZrG4eu6+TbdW= zo&Jk37lY0N(ckm&{{sK!Qfw%}(}k6LW+tpk^ql28(h08+NMJ&8;t!{{((oX#O!_RYi8c+oN0x4^+D}#D{Q@m|6?e(UiA4;#ZGahX@H{>etecDMu zK(hy6@BlNZ{|RRPubT$$}(fuO<-P3q-0lv*%0h(Uh| zUQP>c2#=p%qqpEB%tjos&>zzgJB@+p#5lypYwX7wj;Mo~4>$w%$8W+MlzG^h36J}C z;cKT3)B6SO(r{l-PW zi$W|C#JKaG=+P3q@(hwei3uei{*C@^yzzVccTY)7Gh_QVSITzWzvDN?6h!~(9wUAB z8yoN&-9P``|91aqJ_Y?SR__5@f_|WzMZal6zlRw$vLJ=|GOPGH#ZsixoI9`qyDNh7 zj!nlE18WPrN&{NZfV$9mNM-{@q9JAj++E|nC((d9G+;Z7*f479bAr(0|b zh?REXDVUh{8@Y=W9kTHoO$XauF?4vW!&PRqe}hW&nfx23i!QLVmbvunJ6ZBEw|YN_ zGIyjeZ{mhY&^{1Wlyc5B>CpRYsFgFUXuYWCdP*FUjq4?FriO)(h0uaCMOU4zVcHVJH}gH0qhQCr?Dnpg?fB>U#**j^Wzxvpb(8XY(caUe1vqDW8q>g`4%Ko z#TJBDD|%Kdls6dn$Ywh8jKzw&4AuyRY2rpNP=-KdWs%zUWgE|U$NZy0e`fY)#4@w6 z^Anwcb`>LJnIDbri_kR0m)$N(bx8)4>f0W-HuD-Kzc3j#SQ=J^)d9H&qPN^A!D#*^ z{~l5PxgKn5#TP5s3i#*5Agi0df%T1oyXpq{S-l@WaLCrJ$L3St(OSp{ zuO}$0K_?t(blDIEQ>pcpgoYrWn{FVm3@(XANR62Vv;x&-HG+KB{0`8XPNxtjTPzT9 zln`Zgaw8~V>Nu*@HVim>! zhzSZY0PyfBj6A9^N)E;GiTL7wlvoYVjL6Ep#W2_~fjI4x^fm4{tgf=SldL+?ZQEmIpdVN@SGAK%m06Z(6@L9I;e%f%O4C~KCJ!`D z$V0N=XJO2lxol@D(xbUnT@uxfadDyp09G$|EauNb2jl$nt2a3wm)|uG#u@Q670TyM#jg$KPyD)RvetyH;663xJ6sqaNbR zdXe~;Dd?6+2w&c>UY`V3?FX+tiN}A4I=kYkbReW!Cba(W++)Q(xe6?0O>Idj$Y7Kp z$vE3V+L%03v6ZZ}1tP|6gIYy9cdnQ;wM7OXga2u9(|p6pCxPB@mcuk1Ui)x<3j3Gr z%mUwm>3Vbx+~KO&oPk6a7Zhu!IGp%s_3zC zMBdG@!H>~nqgg(hV}r1q7#r4@81q5&m~b%w4Nabf`)H@np$G#L$r$%PqJ*0{Kr**E z{jV$GCVmL#z-_FOgUD^$=F2NxJxSSJUMJ7s{4EUR75FIf%|||&M@msA$Tw%nSOzi5 zA;r`b8Jdstuy_e}Q07a82QJpU%Vi{&;(&tk9&Y`@XWMST0mX-kvcJqe6#AK~qE)Sf z8+)RVeqklPaygt<;QI?A)ZQtweTc26Us}uM1CCguC&FCmk|4iT*&0jP>ZM>hCg$E4w0=b=*f0L zFpK1bU8=;5wMss_mq@JWcX-|Y&lu_99{90ae^!mmtyreG{d*9oL7ch$hk=z^WG}`o z#DP_fd}94`P(yLj57o%_B^8~Zh)QHnEzj1_>NACVuuiVXmkvewE8}viR$xlfNRG?FSMswO4`P_zq?*ck-EB@aH9;?-1eQ`fph>IQBnk-9@u`cRLt}z33ipVz%ej+c z1l+UGu?PPKX_JFtRdRmm@!*DL1%Vno8Pe`yj% zE90_Qi2p*}5sd+JgfYas58;hXZvUxJH{1XX_Qqqe|8K=S0Ae>Tj&?C{Y7hBy2 z{~j<3p~3&iB(lqf&q8h)zwTUF>dc)~ z3wzt&$9Lm5jBoMpEAW4X5?fg!uyjAkm2d zv^8PcjzbDXT6|2Mk4$D6!*39`AY%XDkl8;><)Iw*%#S?NX-UcZ$PPWc#GBTHXu1 ztpjHC*yiQ8xHpN|5H113`tZ~83pty4kwO4dQE-CeURd*BP?M5s9RUjh=5m`>xe3A~ zN`Bzj6s_`Z(JN09hPGgO5+LcfU?%^7^KkBdgahqYlH;gb|4jz!cG3!LyUHXi1y-9dvqatV~QHLO?cgkEu_R@4MDNg;H8Fi z)n8|)s3E4~RhE*7XW(kG*_aJAmGh-!3_Qa=IDK0>IsNj8{V&gu=e0#Ivr^1KobSo% zNBE0IWZvln_*zmPjF&e{XOu3YjD}hikEZtIZrx?pzsO+M;Q2_d|%( z0y0D*hX+n8_w>MtMB4oMXN#G3N^e`pfjk^aVX^svHh+ToIR&TBdr=vjdEa`qd1Dfh zO}_;-K{=QC)6#$3%6_6P`m-Hb&@XB|PSC4SewT=@4}yo~4E$PRAK{EP9<@h}=ZWf- z4c0Kcr{Om|o_msqnV(ArW+cU?%I_vK=Nh@NH9VdrW>a0_fbo11&B1s+g&&URR{34y z_!hq$&;P`)jAyEGWS$oMhIvF;F05qg@UzT;S)(oJ(=}3ppC+=m<_I0xD^}ht2`_HIV7`q?RG+AiY{;oQFZr`PXQjg;^lH z&iFI37zUDzP6#&OI>SpEhHE$(4B_3E_ulh_4cpuBG6A|;W|*q&Askeqo^j`u{{*I* zn+WlW2T@7YcFZ=ghfoQsLHjka?^ykN6)f!3AMm=cf$zjeuH0sq=57wh$W|z+#nT== zgW>;#)Pg!7`Y+c>mas5|bQpoSKhfHnat+}N{-C^dh(C2o5IlbEyB!f9mMKQv5G(rc zR>AewmBa^3%fo$_0?C%V@vkFZaAv8MP*E?4(uYq#Ho^ZPiCP;RV1vP+){IyEz7%02Kqgs2KzGDLO1DSjyZSWTd&5kCmx^-PdM z#XNvgOe6P1K4c!i^=?=q)Sv zq1#Z8l9WnxF=F}zR%t@1gu7;A{0cEiP&_wuuoz!oHs`;v5YL54<@$$I#3Bpdq~h=SP)-BQT6h@prO zn(}=gM}rSWg{%4J#T{1j8Ip|$B;IAUBL8Zc2suSIg2A}X;{5hG`sEBfD&GR@6a}9m z1$hhI5Q#*uqJ$#_J$%SK=%k}7ayR5$lvoG);mB2B<>tNBBkjIhdHB4rPlxRtf1 zQ*$F)ae;7>wYzes({|jMyWev@C+1W_fsp_X`zGW03dIJJ2!lXQcpX&-xr-b^A}20l zlm2liv?GqyO>{;7gw4(K;;*)VyD+HFtYDfx&Ej(`$t^zD6Rws`N$v6DmOjc=l*G?K zHYD?aE4RT74tF6cHFGZmQ(XfO!u&Cm{ko4FeGqE`OFmd?QD~eqa2ob@g7XCP)E*;{ z!v;|cTd9Ov*#T6X)vNk=4*@7#V_ns;Fbu3-k6bwa{+UT&VR!))?}ohq7nHHttD{Ca zdE|0;?m=x{8%Sm9CkP|g7JQ0#cjlf5pSTC^aoWBnd&GqhIw^w}z{n^9fahgG1Qb$O zp!_1d!fiv|z{$vcU_JRSv_Sb8D$8rzc_qaG)%ygIo0xkTWF=0g$ZS&A5 zgct?v&xX`6)~a`72w#HgMHC2}pNb?dARZ5=8i^`N=x1z{^zG6q<37C5rT7_sjY;Oq z0lqB3A7Mmeha{`8CfMJvGIRZbxrUf8FYtxs71(p|JCp)_Ja(+0+gf1d@#2>294QxRJFV&iROOJm1KX*QpWnjFI^Sn zE!PO-cas2l->mmc821Vc#Pl^8AIl?b0SAqrL{i_iQjZxGcmyY__O6k1G%jeoD33we zw1)H7@K%VRGKpf?1?Dxabd%jEO)FjS!7skYLP!7BDrKBIMuAoF1?PPl=VXBZms zHMt%^cGLFf?4*{0mi5DnPY{S=|IijqpzMg4BKR??anw%!SqRuKdg~3zbaznXyixCk7BpP!ui- z`kBo#(d(3Wt%|!5eR41+3y5QVVrNBJ05ztWfm>jS8? z)H|I6cUkkXZ5w)9DE{s0 zi*+a56I2KrT;?`(Jb z!2W~$6Eg>#zP6KrSFx4jaf^~bmmv-go69NZR^k!Aru<`koF$ANkr%ax3hmo?AHLyy zxvNDS<#mBLa(XP6IOVI8?Wdghsv}FjiVs>toSlAtfXRY22=?4`5l%}8B>ho-^4^l4 z;cw%|9kAE(tv3qOFX@G zH^M$rkZ|3qWhKQSi} z{lpa*$GiBY5$I3&6(i6tJWy3ubB9Tnh!Kd%RN*P*!=iN-7HC!(e)Qra$YWW8mN+Oc z+8Kko$H>^hv<1Ods{o6Y2>{%Vht6aU^4!Y(BRE#)JjplOG6eayBS=8l1?QLW_!(bb z<&sIJB<|NgopMv`22r9l0m;UzzrdiU^F0IyD1YuW8wh!;wDl1JC#qom02 ze&LGtq;*))MkE`fkUdt0gOkXLNQ~0>X`h19f2nA+J+VH<74p#jvAA=?x0FeHkGTQL zJ#YsUesf(It?oO$aP@}6=9t^6Qr>uVm2%ZuM5Wl z^qF*E8Q&FKIqYFYla5BI6628^H2@~6S8D)F!)xpSVE!L$1vR}Iwde!}KplS;IyU2n z17M5%u5oO|F9*Oo_>}>$4G(0*TKuxRGRV~csIk(?p!7z#9pzCBihd~prBobod@%qb z#_^^3cw%EzR%%6I9~nHX+snIRSA6!TkmjLDm|~S{^)L(Je5{YfwVKvdB9h@lwe7^= zA3H%*$+qAXWWx;@aINBebKdm2U{KIgO#Nhh2cc9AoWrD5wmM&4%cGMZi_Srr2A0v2)~BWuf{3Jxo%&Of z%t?74^@}?&;w*(RNk>*=6_aRMYQgu`gUXJ)ip?;`7-&HznGXw8@=#bqx6+kSEC43GRW89ZEy(0sw^>Y|K9p78kS&W*ILC7`22unJP=TQ}UD7 zDnG-&#SfNn|KwZL63&iU$CtOuPgaE2E2X?ASP|luAgv(UfgFF5pg$E}$L&LACo&t) zO<=pj^8nUyyXQ5F%gj9;sTx~@!Qb2!#3z7S2=|B{0`H`j;q>xb6{ z@0k1NFo?qp#5OU2zz!f^tvVP$Lt*O-q};sg7GU?n(fDy<@2;;G0pjx!`GxyOeidL> zAYm)#2lSTFhyGnIe+%?4m;Y&spp&zM*eW;p79h`tplYUKDrneZ1tf z(1SPwd58360LoH%k4d*}(yz62c_lmg^0WnHU+k4P&3(AdRiB0b>ex6n zKXJsE?H^9H2JH`BL}X4RGIg`0ZXb6HD7kC|&XNQNPGlseQ_b(Q5q?1BLU^QNYb|O9 z5h{gOh+H8tT5yCdY?qJr_u03jR;+A}W4tK+pxr)EN@q(@j= zo?`j?r)X1hQ;tUAEib9M@6--{pN>{ekYi)5#9G)iXUpwnh}|6TqailG($ z4k7M=O#DR0OuYP3oCx`&=c9O75K12ASzDx3J08AEDP+$XeKAO|KVbiv*%>ZnhXjcd6fhuQ0z@;I$c#)N z0%{c0Ac(A@21qb2hk*&m7#>DNWfyms_1MK@7j>1}H6bkFP)I-y#a$7v9tQF9`KB%uOu}05GE)kIm>`M*l;VbC%%^Be-z&gChU4?c zJ4UHtdqFQFj-E|9q4|&VSOe0{ik{AmWfEOzTi&WC$Fga!n;lS)=*yTPrQ49M>>V6P z7|(-UisP*(YLk3}tx%xbTk+C}E9Ik(?rKTb3JRj;hm!Cr@HzCyO zW2|E-b#yeY{kwwGIV}V&P0pIPnG6T54Sy0suglq@vfs))wd`S;UYD(}kcY2vdg?8k zUxOdS*4SAA!Imn{!Ec2ENTFgj7|IiadM8Ap%edhLgF2 zb*7x(3gLzx<01))4aVFrE4i&Vng{ihzBrsr>2S1tXM zl~z6DHwYJopJ+xpQkW#P0>lr^P|+Ek@Z{-4&hfL;_7rZ31PXu7x)LCx)?cqD=da-x zt2XPB`0#n$$aZhepDVO-c?O-#!4L20{1>kPjXU0(p_`?}>}HtGTcr?&G5&^q7L=8c zxvDpCge+DwcFZUz|9H!uGnW{xy;6Ed2YF&8fRM{ykzZNf^!VSijJ%KC$dA2+s6rP( zqger4k5Co3%btqGkGJg46bNtGDzc@w>@D&m76_Q2TjLz)jVC((0NI*bNGaGPtTDa9 zIsZ#u^s3-CogDwBoL(o8ZVT&Un?@NimmtyDjC59xiEybX3;O3Up+JV`fpHgOngRqD z{C+Py)#httw8ZO8WIiZk(Sl2pOHc(ZhFp&^AVIuEi0^_ieo}1{4P(wFL}^m+5H-ak zE6x6ZA%*WDl4kSGjLv?cf-hs>oC(l1aD$5?z!5w1s!12sW|Woz(5)UI2rCl9jifT* z z-mAm1Q&-YBfX@6Peb4Ou_>7c9NH;kQE(2jZ#@i6EJ(mgjOC7w_hTqhBD{z#*6I%Y( z=)qkNKQAYj2+_=6a2jPR3yxV~QrP*H2#TW$Bi;&@$J~kHLx-w}55A-PZplg>1g9x> zVFa6c{fBvc=@QBW#ZbzlLs*`1*vL_|BX9zZ!!OonK0`5PQ;icCImQH@Mz(=n44#Jf z2HkuGlL?qx8i);}DOcc^!pzzcQ6fHO>=OFrkpuKHO~K~FUm;o`hS)$7#P!4-iG#4? zKraEB4>N_82I246d=$g zob-UxcK{E#VJzKM@>9w5nt+0!2{m}!fgP5G8;!97Px|%{ju7*}O%Q;y7D%JOlgteP zJ6CHrJu*3TB_T)vSvjtcfqdWi8^h7-0&ykv5AkB$Ey;&^+>w zC;jA%c(%K{wEIxt7}NrM-B8q8|BS;&5lV^rJ+WT?BH=S~K_;^VyVcg7kt%^yf>FWb zPOzkPIwP_t@}kR*cCdjvu(z?;1S&Yr4>Cb9twPq(yqb3;lbnhnJdM8?!uh*svEH5l zjo_BoPs_4UDL5(QbdJZ1h~Ya?-&#u!Dg4Y9G{o{0b{3>6NsF&K#pM3OxLvbUpOCnluA9K zTz;gBdXmjWeV)xleF^(Nb zF{=umr|t4cxSW5L07V)9PA_ME@Ir97WzpD?h{%&|gJBkj?(il*Fw%&@Oi9=5O)ohB z?43)v@IVucRYfpy1#TngN*xhlgHnyznV98CWELcmYvfmNPvHo52>0f|rR_QJt{>09 zyAR`syjv!}uO~0YFBeDI)3P|a1Q+a-Mf`9~kI|O~VmiH!;mf%`-f0{ejnSacQL5C_lk^#t^cSZ|yPLZFC zU&+tFyYK_%yqk9s%sJ!PFmqBSSVa&y@6D_696RzrRE!#UfbB>3NLxD%&jgB(r{QWSNFSg~pODDlI`q4{# zv>J~h1`*g)iRzi|k)s6bOboPv=RR_FYUQ_^3{ilMi-Cs+@fiFA11$yfTkbYmI25m) ztJ}$0lwX4eau(%&TucW49GWqX`f2tsSm;XzTgS?ch(@d-zUMiQ)7$o|Fb7jY_ThAM zc-ap_uWkTfbhh+YD=XII>&ebEDMz+9?Dag1SPnZ_Pj=#O34ajeAP$RGF5deOuJwtP& zoNHpPv%e{?Vt_Sht{%^pGxFs6p@{2QxQ2?y^lKWfBA7I6>8RruM6znwprLGm3qj-mgn#b})$w29-{la){}%u58e}#9f5*R^%lt3+x82~g z^Y5NvVg9X-xZZ$k&A+eWsy_e1{_oO&cO(7p;y=i@>sH_CzB4Ya{1}Jh)fzFKa4Ia; z8)qPKYutV5f}<;}5q(v=q3Un!gCwz|5r7$fv5p@>K2+xrR?yh-(EJH%WoHv5ctem` z6ORH#7@X=!j=t6L$^R|+>01Q`T9a@CwATMI{l9&aRmVBxN8|Co)c=>&L+xz(U$8re z{?{$|zeE3D{_ff3=kcq;^7Bx{^(Ud%U8IlR@|6KpyTVe6mx%u}$ z)&DI+b^KTO_rIzC?|aK?{<-!4e~W+rSNeZO?b-Qv&(JXcR!3ZKz_qFWaaEsxq5nHH z;N5fU|M52cU((Uk|GR1$>i_4U|DWnf{cp4J*6}0J{~@fx`oH}z*Z=mB369t#cUeKA z|DYBB;>P~bg*0!W)^Bx}1UW=#yAvZQ@*gmDh-Q5)sK!b(^A*qae$_ zYjXPjnK!xoCwuLmTzeD;fpkO+GZHyg&BPL5mxXZlPsG6vYc9pbxTaZYA5D+XN_%f6 z{(LmOSzUGXso=(Je{FD0Rv5!iWMTV%`4UNWg&qF+Yq)p5C&!@%-_}J%15TF}+~Y1idWc z_#N)CEMjCV#f3UPkOX(Q^(X22llk&VaH93eudPp}@srK`q}nkL*A*}%aXHt#^kuA( zZ!iyY{OgrbsNHcRKSju4#z3PU&Pd`CDD@g3K@#yQAXc#eQB9?4%aXeYu*t>$o`j;4@nK?FM>x-;GWJb?My5+osGGP z$nIU#qTlX*Kk(oR#5DG=+lN$IF8@~NYO64#W9U<%f3l?55#?NP9qR&6aSDOt`GDeF zut46&L=`>=w?xsexmolwu*TYviBYQE>!3z;W-N+;*$VT?Y;a#9o(&J&{&-~lV~PlU zukK*fOm!v~-w@Z}Sh1@U{A-!g5%~xKv`~ZhP^xHu{Rce(WQ&EQgqp0tw{k%@mRwX= z7vcj1`YZ52!sqZC>~2AIaqlAz)Cz&4`%t6#dUA<;g0M~c{pe-zrkl~+ONK*A%{J?F z&(!}16Ho<`)Gb)U58?53Go5-jvQ)m+TnVQm?j&rOrHc)tS`B`Wj-QPyzp*u|)8(o_p>Cn8l%JxHMlDYxUF!oRh`?Jy`7X}ZMZ&VQBg3)7YH#CItcv0 z`z!@%Dxip`(OG&KGL@TWz<0p;(k1Zg!Abc9vRASc(5tQMFc&mGhE(Nsi|t+*t+%-=O0brTgxo1E9~58iSj@(IE^hKN!S}C3EkKg`g`^g z4#n0TP13O;fET=mYwYDL3@1C5k}EK_?po0^>hFLTr51Gh2)mM&iZU(TO_s>xS^~=> zmc@h80C@~|&eF~JODT4iiWd^X-&T@6GG8}N1Z^JvC(zd{NA^yRgQ689UkI* z)@JxY{z|Scr1G?sDTOU?Cely%Xzq0o{qY`%{+hp1^l>h@+n)!~?>KG(lq+~o;;7@X zg_oKYH>yovo5*{%TOuEqu)k+iFeMVPU?&QEaXMxC@qszR_3ix1aVTGkadCC=# zwm2wVbCA=RjuD=OU4-%^Y_8jsG4(emw|xcP2YKO)WTdy@xbnSD+V`XeUdYE1U&C`p z(U@GYg=hj0#!Yb$kW>eVkth-Hn=IgA0XE_R2b2N`0)sTkw=B<{&T#%)polv=P&9C1 zF$c66R3VufjRgk_TXKAc{<>=J&A@ffaCAi9zi1tdLe#-aZVGioF^4#-BZ}1mMzw^; zw~DR0Bdki{Yx3>oh$b3>Qths*aGyoM-5v;dUkbQ~0!}jP^-(<6^8+{Jdt{lH^1Th? zHwswXZi#VVC_4wuu0eg?e@DKX;zP*y%%PYqc$-EeCId446_iX!ra$893C^EG;-Do@ zpfud;FmJNBR8cbhvp`FtqYv^8f<>7==12@-D*>7ozmafTi8eTG zC7&-*SW&n7U)>PLZnqX#uS*guN9yO%#@uers_N01oIv5^hoUtgx+AgsaP9!F;evuI z!8^ncKwIL7xjJr3T*!2OBs3T_Ubhci>Rd2DmY&Sqk(Qe4CJ!~W-8d|qvHffUt78+` zq!s)%Jm}O~5R~163z^y>4rFXpG}m`P>Ua6ZRK|g7-WZOnvlC_hx%@?&S#bIWvgDZ! zuOq!QV?qpRc-``JPcghKI%9Xs7rSkyR^UPIHbF>S|326p*av^ij=WGVF)Y=pj<{S4 zJq?C_Pi@DIyN(+?&CE`|kD}etJGi}rxn}?LeO+D2kiLZ<1fIqfg$=Vl%Q$Buk|Z^y z8Ck<-oHOt;DRA_=#^(dBQNW5!z@QD9=Ct!^*7vK^X9Z>V z+b!v$v8nmXpof|8Sc0)Y66WC#!0LCdnVmc`$B%%(w_#dOO&)=f4C5JvgW!=_PzJ4i z9<7-8jOQ$kkW;p)aOK$ zIf8RAGiHJ*YqQF(P~xvzuMyLVR)|QUAK}eaDmfXIQU5ak^A9j9NMkQKCD*xTZ1Tt! zn#twoPvXdC3rl!IwtYxTU)Xco4k1@f?;~LMN6?oxNRZ+ zjV(e)?`OCjjCAhdLenr0L#h_Q<}kZVe)XIna2Vqm**&x9*Va2s5(jS3kQX#hSTn}wl1qT5ohNEx(VdGx>~Vnv5)%S@ zi3}nXtJhKKCt)9;E77T(6jL7?3Aqepm8gn?x( zNnqLFMV5$0NWve#Z-@P>omnGA0gOulC$D0wgV*Rf;hmmQInL~V;`x;Eh7@J1WoXxfI*CeE=kaevvVM-`NReM}v_{^WA_Q1RO+H>7mE@kVT#iya4X8W)4z7kpTmn@UxNd%OCj6|JCX6!lU_3e!ww7qi`wKL5)ol| zXg{K@K<;P1YbW+==X*$Ti`eqf`#>4Evt{}#F)XxALDOT(2m`0dF@P8T({Y$-g(X*9_a%={cwaVX~M>)63dF_$X`?Uj~1ooC_J?>MmEka=`=|jHd4q=0t%i-b6!}PBW0W)n6%RXC|?> zShM^AFHXbof5tiZF(NW=^9lR_0uqq@nW1I=W4iqp!Ysc5f4KEzr1^UdAG+`d`xB+? zNp-ors!^BnX+5)B{cviZh*~V!FrLDb7`PqgxfP!#$?NQUFs$LD&rG9y`o1Ej zGC$%8+vA(SC`LDic2=0DDVF7>MA#SaIp>Sx1lB^TB;(y0G7R5y<5*;WYn=KATN--+ z;`^%BKh)G^J8uLD2fpB*5OqgR*&zI*nn=X~gejEWMES~{>J-89-2UP5K_sNRF&@l-^ftur zU?<|c%XFINvV&0r505NJ)ctmB#--9{elPmV7}~^_u^N;Wa9x@N9qK&^XR*#HrajfO zo7Lv<)J?s1q5%(~{=n%FDH@smSp4ONRSNo~kUmLV14<%IQVAV2^Co9Pa9-Oifyh7{ z_w47ieiiVaO~+jLib3$rJht5CoB3uq+5rDJ#&tMkv4hj}&frE>lP0Ej24tSTrW5po z8$`o~P{$WlnEzTlTV6#Sk?1jEKrE|Xx&q`F9JJ3lpQ@ACqQJmr(>TdNvg9xiL)Ud_ zNtK7Q97fUY%Lxs4ulYA&1~Tt3rJA!3XLikG->IhekHp_5ToEWtPIa!H8|_|Dw;rXV z-pXV_XZHT!11wkcE3?FvED*~AG_Y7eN(RSh{}9S17B<7*l%fRrLf*;;LGnM&$Hmmb zUY$S-RR;nB6kl+pIdR1Nm%JisZyi5Ho}*kerUj#frXe8M#|@XG_ZU}+~mJZ z@*iYtJd)u^{B6;Fbnh090}?wgM+1BP1`Q0YbUmCMYF}O?m*uGmjH(H9*~Zr++gDnt z+mQ*(-PG#Xg~MujM~=@gDQ?2?(OJp>4Mw@ny{lwalRib0N@g|fQ*@uuECCDaJCtBb~#zQ?(s!_{_E8^Ib(GJ|#o?!2P*;?D=&ir}`A(7$L{I{n7Hv z>~%dNb%}u0Yx-n+Rqbt6`R!E|H$@|ZY-Cv`lyny4vnQ5e{F^Rn8V`ofh>8~k#t?zO zK4oicn=>NtDWgKdw14t%k+hGsAwWOE#q4ej38CHbM%?#M3L;YKWPj*e--)`S?zRH8 zp#lfY0)<%OVLl|t3v5=#Z^PAaF>(*p1@E=@u>DSa|8#v_gb6V6$b}6mZ+GSjY{Pn? z!cM9-?MNnBS;S<=i6uN3mb0lSx9eJA6v0z=kvPAa!7o%EYzJ2dkN@@^YVPt^BKvAK z{IEvr^Ue9MoN90<6b$nhJ~Rdw%=E6;=-l0Rl;gm%rbWY%JFm+Ha6_CvTvF5t2H~U& zn&99TqbSz37Ooj&6k)Moj1=xu!tmtbZ;bFw=Tz{`%qMJov(I%Vnf*(G<{Quf+9qz%E0KIt z^Jb)s*!xhmgS2CTWF3{KYDUrbpMdDs3=s0w7(CGDJ&w1wWa$nXfq}T-6tS``gFax7I9; z%QDBWV)u#kFpqPWZd59Dcg`S;W-UinEAm#^w# zm%kd&T>f`meBbOhE(_i;BjKuSW4t439{e8hIHBShK&Dr+1dYo=gSoRZi@WlNWnm-! zSdhlraQ@&2n3A8mb#EOSo7IrcCJ2zmn+0zezT8rs^?R<-L}gOb2lPvobN-8{ zk)Fa{7+R~{y|%h5KX2lOTMs@pcl5EGiJ#=8f9{GioM{X?AM^I?wv zb5F0gJ@|;HkmYp$(G&fhwZ831-|Q^yLh~oIoGht?Ffq)6F_G)8{J06`emELWy$b7u z%6kf1V>vddz9svLorP>o1DL=%F0e7bz%H;RmRu%1w-+0^8%jl%aTlWJFbZY)Pa_d& z7R`OKSn1Q?BIiQxQO7#;(6-seZ8g*{$e-Ne{&?Jd0k85wmry>KhWod){fPJH-`_go zT^GFjLxZOnYj9E}mi6nLrB&eFoQbDNR_Cf8-4pk?=WW8H5~R|FU)Z^L0B*AUU$}aG z?~48~{hJ44U2l@xgE;AFN0u?NQ&#$R*Sb#ZL}yNbtL=50vT?N7BPSR)VBGS73x~o@ zJP6nyK))iB2Bt+1I+rx%?8tERz62`ap-1YgginS{IIBw7+s396+PoB@65d;L29<#7 z-t2|y5*t)kbdKsK+pGJ-ixJh`b(ZQzvbq_$<{Gu(};a{nn+Nqq_6$)s2pL|yJ5>!veDIS%jI1p?4)p{+LmJ?-EdA`w_qVoDd(+B@<{NLEf!au}gVP9= z5sz=Nh`Ip3;=fRxo4i}6I^YkSXP8E+mz?|SuJL=9{RnRqTtsxnEqP0XWp(RR9Q#>< z>p9K5#tqS2YLT>_SkmHPy$o*{=b}#{y}Fe4h90M>FpBlkmpS0VRHPkLiX5NA67!`y@oFW?C_2=3ow@@po} zG!kaf?&rSYKKy_m|xvUd&WFZ5lIBQl9XG8C^~DedXE+!D5W3jKuiu+tbj&= zlEPY}LuJFHm1Lnq5hJO;;TkeKR#%d}2ysqzTLgaKJaledb)XggF8E>Y)u@+M4z$cVm1xl{0Y<4iSe=D8ZS&IUKwGj_QVE zc^GvEF2oBA$*}CY7TvCiC z!VC-);1|3d+XH%S;v%hQwK&jht{5=E8Y8uAgw1B&t5=)b^x7BCM(DLSUWw3aw)T6| z58`ke7)a=s0uX*GjXc;!NH0u7B+;c0IGh6tR0XGTU1k}{XD;fpBP(z(lzC4rc~Db^ z6fMVNP-rR$fV3@PapUJClF(;L7Q8BjuuV-_AS{bbh5p&;N9VM4!NNcskC6-d1a3yR zIv>f#B_(1JKFG!)!|Rg?7FdtX1|e%u#cQNvi9Md)fsO+I_jT>ls=vL(&HjG5&iMy!@yJ6;O_xxqp^dl7^neP>apoQc)0 z^|blHsx_XYfhk>luOuc*|%c;cfmtf_Xes%#(ZS)HM7-_dbmAACB4?aMaTOvAnfpODNP&Z^2Ww2#?g&C>=4#N9@h` z)uG7Yo--!6)*1d4596TzB7$CD`ETu?{c69p0q_6Z{=*ng<8+Y46HyNny#KdZ|;A1ZT>{0aZ7{fA?&ybee=nm>UUt1&UM|4^=n zM_doVHK*K_svoZEb1dZRpAES6-1`sb+V&qtC7JsVS7iu}E-nS=JRQEO`4FiazZ!@9 zt(dxpU##OtB414{tmsQz#QojZpAd|H$Y12Yh+_184=|NNzDGE8$0O z3KuO#zEX6r)IZsEyb`hR3y$Cx>1qFQ6WzOx)%ellqZ{$b^G6eWFBmDc=5adi?ln1x zCj$PAR$iEb_pp9raI8uNekzF(d8s_a zssfTmLgA+N`x$2f;u^SVy48^Xbo(WSzXthRI!9wZ3cDpX+STtw)*|Fns6$hZVOBGz z8g9o2zxQMbq9 zakXQ!dFjiTlQIEQ2<{@CbWJYg!0|i0lAW_lae>D@UN6$u|knNCZMj;C^dmNA&al$nl}^{iQe`C3633PTAxn#0?is$M;x&!KQ?= zSZ@7Bbkl4iw^cQ}4%V{~*XAs-{Qio+8cWRQpEewzr*_&zJDY1zAWPXo!?sRdm{Ay?uhp( zt*!ctLhnaJydQ{@qXeRc#kFVDAhjnJ~%ks{_3H4 zFZBKX?NIw8-rw;j)XxQMwKw$srHJ>VLhs)Qy)TP+f5qeY9;_9mo(R3aJL3Jnw%|Ry zlIZ`?`w4S;?{B=)!hfKC@5|`igBn&M0>G<|ch*5KBCmYLW?XPE zPf}leM}a1b`!=VRSE){WpdPDRr0&mKkY3i1zJG^UebwE<>Py@U zq)%|6s=pPSN(gD338{yM zMuSX@Qjz;P$3n={&5n=*(d%=JG!gX;u>({L+}|yjvxPj#^=*p&OSaL#QU?2&!=}0KaSX( zEj2zq55o8sX$5kiP`4lBhhB7$uQHwl!?-+Bo>`N(upywHu+=_oPZ+cwIUo|;Brkh3niMZGDhYRrMK^sb{H4q6t9I77q zhbJX()$t>LqY}X3B&^7flNzK#{VQ?RoT|vh3V9Q^=LkJ;=DrW?+NP1n!46nH_qBc{ zCGl!y=#?&xOcY4v@5R)Lv;+0Q-4%$jYBC4QD`J50T^RySZi-dw9yo{{{09qn1`(Hl zAPpF25DJ9Micx_hLJ{g+f(lS?-U-&r==*ByJ!+*NI)2v3NEskQ->QCvg8g;}CHsPj z2~9h!0|BE<8RU^4{8W=U{W!CP;T3^YGLWKuLd4#Z$q-h{tgnFRwtmRpEy?E*a4LxM zoDZ(V83U7d6QM%PRe@z5Y-pf9@XiDJVLl&D(GO7si$#c@DI}$~fKs&o>JWk=H8HLg zk_mg36!FzHnbU(aA0W!|WzF1Wx5lbj#hQBSWz*4zKn)8}EC!xMTqneQZ&w&!Vr7hC zS&*03QI83Ff9a3{%0Jm$wmdKILPnGL!c2?<;rPN#HSMSt2uO+>C!kDY$#Pv3lTLTM z9GD`yEKOybWr2h{#g~yChMI~eNm4Y4)uyUWX3-RGAAKS-)m>)tCXO`$>0tlA4V5w= ztWv_vjVo>ceNGzNNIcgl)}P-qVr0A9W$e-HNvCQf;XA-XW!2; zMI+4jaJ1%TV#jac(30ZRsKP-Y)6gW0Asz42GAb#ejJU7fHph^z7nD;*D;Z71m}Um4 zf-eBTLk31ug+mUgAHa`#hXA`aRb32G#H0f#BCc5Cj>6yTIHWV)hn0@jADwsD^xF|Q zbt4I+=_5x?`HoEC_zw={AK+IY_B))}W21?l907-?Di*uTP5j9#5Q{X3LD97cTt{Mz zSh#FrisCfM%CWTsw8tYyQG!Xu)}(UbJ(|9F)2t|d-ryPcO}x7(cJe&D8d&HB!Hlkt zRCS8to>PpPSmL1&6stZD?5$Iaa#26z4!fr)mdF!8qLEv`XM2L3ErR8P;8UtlG8oH0 zP5I4SkwUFHa`_zqqhadxtI>r<+&eHQ*`Q3e4>H7Y7r7fCN;ky<09SCZiInxCDjoMW z_aMZl3(++2otT5z9;tfViFu2;>4Uwmk+Gv@#*~HLhWk!U+Ggvv>+5w}s0$!;o~al+Io z_swvp#}_4*6vq}8nTf+!@Cz#>55&piss~l9n%5IRaZ|z)c;hBvk=CK2u!Xwlw8E^q zD2FQ-EX+>GQV+l0am#Zxt_B_6-crru27-3dW1PT%F5Q2zqoFmp% zK35LqyRvpUWfNloGm*RiJ}xF7XVMP|^u=8Xqwi4NZbz!+wCnF~F9Q=$qo-GPRuHw*{+`7)lj;F)`f{ln6N2==z%-3VpC z{Wj`e0fs<`VM%ZmVHk~@baVYJJZf7l865J^kNIEVSTgs>`YMFS3WUe-TG}VkA&+5> zO8OR1oJ790Lx?8l=@XEdK>>h-3dVq8VrUH9w3O##1Xn|u2@fWg)gJG zz`|y~*|D*K-CU6LpMW=AIRHuM6L^ykK|)a%kj5#>KZ1H^adHWerJ<9@y^a$}9t;>E z@;nRk8T}uagYQey#ua5?k+dncJKRzPr}Y>BFU98o;5&u&hf7H~U)9gtsA=V|LQ;zZ zXdjM|dmoL&9|RnWMlf-K4#}l>6w`}XbRntC#7ksp5qyO0Vn-bdi^{5RcQG+h^^QNGT;JAKG}k53+u?LDS2+eHm&uX z*-&1lrSHtH6qB1;ST1OV$;DRE3n2I=6kv|eO5|Q|za~5k5jwFHcMA_^GMOi=G%1dk zJ0(Ko_0D?n|1D3a{b|Z^*>%v*(+VJ{Q^1~Lf2aRz#x1OLg;Y|5?P(T+ezd(k*T4JQ z__M&5aiFcmpZO+#qTy5rYSqUke?pis39x{oGGhi<^fOG^9c7Ple|JoOuQ4+AT4QKS zU&bPV*BpJ_KNj2N?h+u|!OfW{8t4koi%{nP5R{8U*2OVF+009W5rZ#C8pYoTx=A^U zZYTKCa3o*WQRqad>V7zMBWMJfot6h0i3p#WK9$=@pXL2*^nv`YjkoAiUw$7s+&Fz8 z!eRQrj2 zbB%KX6c`X5o?jkp;r3PMt0xE%#)XVX^EPvUf_AjuV|2tiRx4;GbLmR>cLVOrWtddu zZxIMw4S{CZ+OADF+HdChVKV>}gP&H5FDI94c}TZgyt`er95M$H}sN*Z0yyWY}Qmf3{FERKukc8YSXgQW`#5ZcxY zjqg@ZVGn(4*RkHyN{C*e8kP1khp5m5a9h9dUAeBF zT^O$lEF9R5_+TkHL|Cax^GaiX1;0z}_;EEG8SNOEh`b8wd?&`9Q1!x!QlD6C?4cy~ zF>=FU62)O4O^&)!hc}uO5p2YitG8%Mnx?TEGS8LY{#i1iZT~YjfRHt5DKFz&;!L!J zb*B(5Fg95ay$5B+DGA*m?95y>xmkdVa+r^E5udDzp{l645G!~gIg~K<_^`bYZX*uP z+9X%oU#k&vq+)iMR*tQgq>bE2Uw|0qq!!{bo6|hn>%a~HvY5V*HlQu=RFxYvfs#ld z$QPUy#50X}!ouelc!rn*et{zSfulColJ3;=@9`8~+ZrWnoWjbANud&xLYYKP1S*%v z+4w>6KSg z@2cU@)@ZNj-yygzCwJBFSkkWXj#cX#?^y1)Y`kL!HSAbZSatt)()|mL;<^m{D=DhS z6zEHh7FQhaT!5t_Sea1y4tG!J)2o^873(fkb-s+`785WeVSsCYQ!)L7@j)lIG8yf! z#jWc20T4DE@%WB>kOX+MAF-CUPQ9uD!6F2pgRvH%8MADFCgE1?JSc#wFAf7*^Be%l z8sV!ZAY$puc#MFszaC5KaTk{m6!gAO*^&7NxS&C9;OA(CSL#N@UqBkv%Aai%Eu^(F^O0h zCxm!`@PRk{50|5P8Cuc!3x}2S9P$Dm0CR>o9y}LVp!r6M+H8 zuW2&3-W?vlywRI-u-}CF1LIR_0s#Gen>d<2%G8&^UG>QBXwny5#(|5|}t!aFZ zz=xKa!J^LQ+$w9-dK5}gE#{wx68@dOPygG$(f7U0zRxrHU-$o2R{u8`$aMezjsjw{ zPr^D_BB*A#%Vr^hsyLB(NswG8eO5}*ZP3N3(8Z}m@Ez6D#n~^2E*=`8i(!Jg%dUxc zmyJwR7wgv{Rh=ZAq}^)Qrl{t4ZP8GV{Hy?al2-I3uSJq0Fr>c5u#YjieGlvQxyj#| zx~J|Kg-8OF1TK(9Y0A6R%AP{d?q&l(Em>|hN4*raNH_40&*`p!)X-i>q}<17U^laY zX`z*{^x2xR^uWfZiJ*$UM?AgMd4NOirn{#x5!GzXoiI4Co56^1CUpB#JF$Cs{cZbE2r*BnkwG6IAG`&PVRRtj zhNWcctVk&V7Kl&y3w+VoxD^{16@j?f4c!lV=84o~{8%{6O!3zv+P?ZuIG&VT~Wm>cP7#=w8pi8wGI3t#7NgJDXhNyR^ z>B|HxzyvD7vJrtvDlq8>O!@+Qxb^@T+l8T|=Kevl zWuU^{>jZN(AO-8SMwe!Evel|B$O#c_y@8>7Ku_K zzBz&$b1j`s`}$xp7?KBANYn~sQ4X@WW7wfOSUA(83VV>`u-Ur)`Zwlsx^m+smY!vP z99RV!!tGWZRX9Rpg5t&M`5vMI=02lEJfy?=+|v`Jh7Ur*THOZxhB_5;4oAtju?Ton zz3%^z9`D)7xd2tDZq}eKuMg_*R1*}w`*fKZC~1c%?VG6uE+3scr3z6({`ZC=L68Tc zM)FO^^0mKG4sF=;S!U@sh5tmSWMBm+nu45JPM^fw^EubQQV6kOHhJ%}Ysjm3#urzi zr+!)_J$0``_tZ3%d<%OD9PT(3qn}-+;^i6Vp2D+G!=S7>m3gQxc#Cc@`6)wB%=R2I z=XV#9lI;gPMM|1WLhR9x?+!Qra6xGDA4yO>{uX^GVwC{`gYcPwliQW6`qe!7)WYfA`HPK8bTp;gSI{NdoG9&amR`MWLzhYXfyC7HCHVk2t#MKYO&cM8? z0_n0bJQkzAD=x*3(#J;B!eu4?z(VeAq*KtJn&rpz4LyBV<_}w9oux~tF(B-@Toc4h zci@rVjDsiH@g;t;`yq8YvY32{O{~G*;ob- zsEZV%bT1o@tOvxg&o zCaJ^=YU?C9($PWy)ya`U_-oMpG60&9*dfrk=5iMX+K7tYdM>h}&bp%WLlv#+YF4zc zK}GOKAS3Ggs`opVI}eIC1su|g9C8V0-Brxbr1?N07j?Z5hHaXYImb{4{N^`wR>56E^E5>hsx-}0SkVZ znW{;%WEV(7voFjCM%*1UKuIIxhBVzviBN7yRpjmk9a+`dmtNHWi5crY9&j52TDmKL zZi3&L?%L0o^<%-C0+aqy!%@VvH|1{XELcIX4WO}OW#LS$YB$6b4Q6N^)<3_?2meS2 z9|ru$xV#kgmufN*GOcc)$wB=)1o&XGlb!*E``}DCXt{1w))I9N{}BzNU32&VlQW&Mh%{t-HGNJG2N+IABI%Q@Aq~1B5|S=I*g$zxt|pg<>TajM z*f=Qi3pRxY)tMND@ej}b5>^R(cLp~3CHm93P*O$MEIsH@86TXb-=OJOOlpS3BzVW6 zR+BKlgla8LO@4-`NXcXTy;?9TbW#WN;+uEpq6 zf@|crt#;1mmlD2%3-`3eJZ=!iebEy2cP!a>u(>kq_xjhN9mZ>&j9G;+i2 zbk6?^-sK>tN$sJ@82{i3mS?<4VMmoDD){nH0|AT1Z8o~l^w zpP8JUzN6^bMu`PqEd~7je~6$Xgho9gmo=&yzql9sb(UNU4PTMhpy4TXhg?=b|1Q^M z)foJilk;NLl;2yzkNB*EXWF@>>`+GdrT36I9y)E_Ct+)Hu9OGKhx)xfd8B!okA20eJ-%lT| z-8^MD74B-NUO92Z+r3&;&VVbOI2Z7J|F?Cu;#bc^_fiGv5!BMW`c5?OHs#qYtDh}9uhN!HCR7ThxMJBDZcM=F z1i@-bb9Wg+@N(fVv+UoEv>-tzJwj>A!8;O`16?{GMaXVA_$w4NGD`b4EdN{wl;`%m z$nr1g@=x2!pUcirPb}9|J-a~~*x7*CXPbY)sLO)_MMzM+`B(EtrGHmmhyLwcZS}8; zH<5^~xBtkw@Tvy#)3|*r7V2SkCPWDC)lBs2$yn#&KbVhF%GyE)CzRb3!%-Z)*L5{| z??greyA+=%IJY_1f8EXRZcTA?Zes#=LdBM#6EswLlV;wenCm~jk1+Wj3l@p4^<~6= zkq2F8GSOcj zS$?H1f1R!TIa%Pb-~1vLxZBPGTEB^F-4;KC{>g{@OrZSS4*8ix`I$nRVNvO1jB~*! zW|w4^wa|oyqkX}ncu2uArzSrhK>Y-gE_~;EwR^W&g>Qwx;2H=u<=m>3QxZPtn$tf%_{lm zaLBg1<$JlmCc2o-h3jez8{m9DcG8mMF_QSRZ=;z2_Xv-dmi!0`CxmrB{5YtbH5h z2Bz0)7`e{XuL~6F5ABwD8Xqtl$|C$?n@15cCObyMC5L<=WAG!M8MtNOoY@_`oJT}4 zbgU8Q%yY>lgb;l=$C#r1Gx}^iZXLOS-Xg@dVMfRRF*Z)mW4GRJ%6QmIgAx+RMQZpq z7vm6!mjyRg%^IvN7(fgSNOG3;0LOcLKgG6VqgFAGB(w!Y!W;V;E$b%m}V zO)3Cri!|L~&ehS>3p=cGqPKhM-hr#Cg+R|*1(v4xTyk#}YT5qb#fYQc=cg-}YFc%ao3&8C`KKj!UDo zTP;sjwlphS*03_|?GpdX`d{Mk8u<7xQd(^q7}F58R;34vnwM_lE`uihw)wZ(e8E~j zyo?q>Kjc$Cz}=}9eRN#GW7x_6!_C(C~eBmp~peUlMd~K)x+`i zv&^0nwXLV4oNpGW=g<@IO#bvBG$p!A=A>!ptNSj-a_uF6&8cR10e$anAJ(yt8K_1L z4M$v`3~mSC5Wal-m}=6vZ^mrMKRthaO#vZu4+I+H4M0^j{He zU~RG{?@adbZqn@I<{+D^*Hs-yezMv#Kh|u|O>nb^hE!eCIR`n%qrZe-(0_r`XK;L( zj#AAZOyXvre>HADlFX^JPl{$om?7hqf+BPVM-JXs--=cl8AmSE6igJ4A-_*4YhhXp z6$$93<(HqqxU|^}7tw03XA6El9@W;j?cTmcs(sU5Ee8#>=uB=zwfd1?Le9W0yKP4j zYWkhl^aGbqg{FmkrJ%Mv*mpP4zPlN^c0BF7d=RbhE->iAwrKeu`|FnHfde6#mb*8T z1~CZ*8KAp2@UMLB?v=QQ+<2x7DTYqRE%nPm#F>N{_EVZnppy>F)C{`{YAo!)1~0|~ zTg|RC_PFs2Jr$RDM6+um*)^$$JalB7*6bRu_Bc#-eQ`Xhuq;4b&pFxkh9$p+w~9E^{cB<|G04dx&LAP&V`d; zb%6$HNbJEUUpCkQ4o$*O*MRt+UuF0-wgp zwKUo=$rXzOX~ebJ){-VawMIR2Lo5|28O&N_wT??YnOx1w1tuQfkJ?82ZjK=MJ$}S~ zf)$0;zum!Pk8cxfw7p>y3O3qyk8d+8$clP4Qjf-K~1aj zq^7)jHQ{L4FVy4EBjx85WaHsqB*@o<1|6**7XoKH|3V2SB4T|*bG%Vc4P@R5)5Vtr zUDT}_3+haKh5SX^xHYz7cJnQccKh;?!b`ieb(DNltDH(Oi?!e4IIs#e4v`B6&#RKWhp4W#8UVDMJaQb8)H(vc$vnQg z6Se>s=3!IwSOEUw26kfC$2<3os>1otOxDmzAEGgHAYSj#uiwQw8a7x);k~1%t5Ft( z;|J%Rtb402Y9C-K90zP1MW51B&j7BV zIE%oR1rmQ~kF!iet21>Ro*b^_M*LWm&~K?}C_+tec7jZUZNTgF^bl+~e(UAyHT^Us zp`SYOkV(4$+n0Gvy|8^#@r$2$ z{yd$Wz*3k_C(7@}- z!B(ny|9{~d9G7r_Uv4Flt&Egl$wI_FT9Bx*Tu)?fc__FXM8^s!k|&3GR8QWkz>gsMafyzoS^hC{!>3 z%2`%`YE<)nY(Ew<-Y0|#`BDN;ext8z>JWsbr$Fv9E9~@9c?Ty4=~ah~my30XERK(5 zZ21*>Nk>=;8%#kV*_viDm-!^LCmC^2q3>}RWjpCKbH6gQdNIQ3a)B?)vszZy8v8F7 zC#SNcu`xMKehV3kIW_qh)z&ffG)=*>d%##0&H!Q}%<|jkXAGTX>Y| zWWzX^8{o>+1DvFegpHFdsY(b!_vmmHo;@c2AWen)2#k+pJ-4dwV{>I~%KTWF zA0Lum(~)6$Tp;tEoa+y_m=4$Jz(23$(65g+3AC0KqI!+PI^F2LY?l>>y#@QEiLO)v z3|L8^7E~l{0nE;K(5bN;W;l9bdW*ngT4PCKm#K9)iUfn1j69roh)IDN2n%qq4Xni$ zZ@X3v--&&kj`0&7h+s)ZvJDeFWPS}`qwyZ0oi&g-tb~=Zly7sq-bkgc00tb_ zV}q}RA?quFKNRqR@l>D&`0-_NKiA|(VS`3Hj1%AD62sw-V=xzT-pY*6j*5JYNvI+o zRU}ra_vS(6tf>#!yw~GfHF5PFNo5^+{-&ON4GVQ>ND}JUe;>^0Z;~-kv1O!DQfag= zV^nQEbX=0VtSwv#&UhF086j9L-i2*O*lHB-O2Kc6=pDd#yggtnSqK}r`Nl`_z%!yVbUeWLP@-`^ZPMG+Cp77DDe=zFB$k>O+YMsPd zSaUx01x_CcTx1P|9RHF+h7r-d~iutTxg+xK| z)V~iQWv>dP3uDRNpHwB;-1DF5>)@bkW~NIPF6&!e~Ejc`X{(hYgP!P0zw*L zLQ2w*&abfgZ?uLqP9QA}K^kL0x|Wdc0i<&5g1_fj9w_hV1m`{fb8m<`{^e1-H?wkm&eX7O6Ig5C0cJv_8wm>mmKh^)p&r$c zt|g?4Oi1+O0n)bnEv$NLNEZp0-y4F|)#CC5a`|u#Df2*rPP~Vlp-X$Cnc%Cf1V}G8 zdNv8~)rPUU{jqrA%jhByxes{%Jlpo&t+-WA-H&QNjA`g}!jgbjO|8_na zNFd|iu>r}!t=g`Udo~gXG3k5J+cq#AaI1P~FhA~%Xi_Y3dDsL)#C#dS?EoX4bRbUy zG3mPvx8nc%osj1BNI0B!s$nJ^suW+wvmrQZzOo^+61VC}4dlK^AWQ`c`krR0a&)(* z@AwdyrEl86EWoWArNN{`f?=jkwb}%tap@QWve}Ny8^ooh2J-Q{5rm;DKut4&w37zy z-j*Mt@6RnLzM(z!M{%pF7zblGo{j{=HmFN%xReo0QD^9Y_D9(ujITPk5tQzVJgAQz z!p?EWiP|WEnXw4Ztzv43uID>s(^9*-ghc}oUukM-m3#i!Gu1l0Esl~6rz38XD zxKLmJRxo~%kQSJbE&;}Xw908|y2TpOMFMH(Rw7SGT`fong!E?(DW8yrn2@?_NRDa? zr(qh>r2?rm1gQrhF+XxATu{C=tk( zknzj$M?91G_Kc@+rOwlU%FrPjS^|*XzoN!*vlZQCfW&j}nsBe{W5(fqDhE z%4dQ?460-Q9?gqkP}wFZN~|yAnh;VRZeT}grKl_NVVp;x&fqDO-LH2*9ghfKOe)>7J=2fxK+=ZupEGOe0Tl! z-C@F_;Q2Bphp^iIR~w`axK%fqkeUI~Um8H_Y(moA*Chn$)~jrgM&VXDO-S$$I3_lL zRC}4Glva$p{}FDVf2OKY`-ge6orHrgP~#jSe4gal85 z%Z*I?0i|kyfeU+ zf`={?KuF`Gr|HnNK}-o{%FVjfw@;wWJ88V4%`5Q)7+!8Q^K#VCA2q0V`b0K!XH~x0 zZ?hh?HFGL%RVAoMAe5Hxcj{&mFq?U~@|lo0J|X{o2+}q1+eXOB6}VORn~+Gbml{Ay zHz8?)4GuxNbc_vB7u>2oCZr@ln$Q5!Q5uoZ1zLiSZOS)W_wD^QNT1+VeGGa5$ZQjc zN%uJpEIF+N7?OOI01%Q(yFv2yCdqlP`)Aft(ESFQ!=U>LJO;`7TXgS_8rHu9x?gW% zMhnoFaYG2RW&>@Q9UlP9JQ}mZ_)eTX_yio$nV7XPF>4>jj8#T51Mk&m2!~LWNgAnT zcmkyQSxEH*QWpWZ#(%@5nr0fajg|Q(&87mCh9;O>8|1p!L`pMP&k$09-`bFRAGfNLM(S_)E`nSM zKuY4T4*wkBSTTXhAaTMS2y3B=^p z^b2}oedjdt09p7 z5Yvdm029QJ5Dw315Eg*P381eA(9;eeo;Z99JCIa3^`_N`>+ArA5x|$_LWR$^*{HBT z3IJX+0jvuFh_VCt`YHf;Sp#_94&e6$FwF!|90G70Uqo<%B7nO!fJt@$cMw3T3E&C= zKqKH@0U&b<=`erXBriDGoKxfy-f4!O7#UtX=h(<%>T`MKSWyZ4eOA1dSnm4-#Fu+p z_WS&PGN%|ak#ma88}q@voC#cxd$Hdy!3FqxIYTcD$5_I;%!FlnnS6?(3h|B`q+zX^ zL|DZkSbxU7%ujxg3w51_)RK@sMLaO|i0LJ~bDD+KkyODdTd?XIf|Nn5plC7%;6gRm zkSZzwX}JlBI|zZv^XFNRp3#u*7D%6Lu-Z3~kT^fN85d~Z1_o6ajzYp3Wx|5pL0A>H zTeGGcG%TmUS{8!UoUn-1&$k1sX&TaVJ+SadYU}akbO)?WGX-;ONm@T-f?(d7MUF*l z^3C_1J5j%2&;4YC%?ygxI>wvKvjy_ELgRM6NK;BreY;5A)VNO^vgyf%xK&QjMZh$n zg6fXXxrw8g3U`p&Z8~PP>fW=S1R1azR<2FPy$VjF!K4~GDK zh=!Bf;mxK4rv|swj~1vHf--EN#J^)g)3frSA!u_>+0eQdx9TzrmV>ZdHdyK#nz&#o z?LPT-oz=cg>uiAjhFkU7VzYhC2?v$JS zW69zzc&Y9KSa8E3ypd93-^w#b!r#GPM_X$YO5K z{B;2?RNFG))a`Eq((@)HQVpm*A-*$8;>#M+Kj7HM`A2L2Kla`PJjx=LJJJC-GW`_BW^dvwVYSn@b2 zd6!f2XB3c<-?QY^x?~bd?n9QZzhInG@>!N7{T{;w>K~-bevgGoY7NS=)yHc3eX`WH z`U5V;2y}b_VSmJb99U1`UTS@q^8veOORJwDq#6T>>5brul7SY|91W?vKw7=nQl+DX zltM^PX-K7nG{`{eZ6Lj9Ar01$dj5_$RXdQn;$GU<9v5ieSPiQiVSR%XT(<8V4Qt{> zmOp;v5{*E|H!l+#z{=3=`|KPG>vRq4 zZh=+lz?wx^BHy@B=W9sq3F)(Tx_x;X(#3-$Q=_}j|q)$nyb{bOs z5MS#TwQl zmlCVF4y-@nUa-0g7wTpW=>$Sbjcwoag|>YiG^C+|)kp_Y0kI;b2I4{;uOV%F8IWE( zL{sW)jZ3*fc1HDd6y&zVBd-B5f~i*z#ANDYNGOIfiJweu`fDjPeRul8Yl%Bo5(ZL# zc7rOhQ>jZq7?5cP-l)ZXnYQe>c!Nw^w!LmFKE=ncCOgxX-J7mu=g$-Hhe26=i+k9A zcG?%XR1*bWYX8OPv_mv*GRFm_a@?16L1>;k_LWXM z($|JxI6)6OSM+nX2ue+(U)aYivJa;2HGa?pz<+c)iZK+d+B)wyN4eKlw98t=-8H&=82R|=ZqCE zXo4z1d(dm0{|?IRY^&M%Xutrzf4S3&*mqe%nV%5H^cS2aFiDy38T2HL!?;kLkm#X8 zooG?Ju!x>NPCdgGI*Els$k$NIrO;O|5I4fG*jGH?upcg<|5@9`sEwUfraSAZzZfc`j#9ixKQV7NbL#fvt*5xu}W7gwpht}k3h$_1kygQFA-8Z4XOTbfHcoQ zGCt?1V=PXO9V_h{E08|@i*4V9ghc%~92eC8cS!rn32T&r#h4WOr^^T{wijzyF9@u; z4y>mLi_G~jF4WB$(g}o=Y9JZ^>zfm7`#NYyHA3}~4y4;jbwVn~g*skC+V)pKdX4$5 z@Rw5m-1 z3wD3LJz*n!W^{VJ)#*qX7(k-jpS9AwT8rOQp;z~9yS4q;WL|BHd{x&+f2GW;UHIjU z4(fWLj4&&WFjm`n|*^i{yHPr6DkW6r{`y!)U3k^f{q=N}+lrYvj(q zL*ZP-ENXB~TOi{v`1~1G0QTzMbPQ?Z%yfrwt2P4;FuVZYF- zsiaH6U_7U4Emd{$Al3Uk#4-!n%OtQFfM2^y!wPonkEk@DjUGv{yg@3X{qf;m1pHiF zsPk?Ul0VWOOtIxB4T*6XVC4%4B!59Jzt!ja&dM_%Ps4>eRDZnmFOnZM&wSope||fT z{MN3Q{eC8q|^65ghnuuJ9d(jV<;)43`R@kpU!d>+jyy+CW*j8A?3g@B-lDbmo zz9ZhzaR_$tpXZf`chs>L9{LMzcOZ1by|ni*hQ=-i1OQl3Oj34S!k<9L-3VFw3x+$N zgc#bS4%~(d)d!z2ezK4LFZjDeo7VPEMoeqcn~aYk9YdeYzWWW$JXoOG@u#)cwC*dG z_x^(IPmu&-IsvQWj?+;a{gf@ZVE>k=MZ_|gdd+j_-y!>Suk>a^gB>4VV97cH(Q17D z{Rko-6qqFIPTULfJ8+@K-y)EXA*7}z4Jk`Qx?`z@l&m2=BOP?E1L-k#5dDh>ae@4N z4eI`}-II8DqKp`-;Uz)ea!yJicNs4zl*hHp3l`|{|Us=@x{o_z4$m1o%?XlxfCRQ zYQ3gGJ{mSiUd_?#7toEx%yLiH@R}iCmKy2;!V7kM_f+6{1}@r|4@nO8zkEm=f?8%i zA4QTL`onASVGK1k8ER}30CRK_x1mP&+9+x)kskiT6Qzb4i`c_t^rvv4&a4z(x$h9@ zg4K<{5nAOif(&*%t;Xnr1qurX**Ju_wCW$==Qvl^jx2xsD!DX0vNZ%vI3;A~-?Zmy7e_W{X8qzU@)byjq$#lw-N7_zF z){yQLNas3`W)KqP{}x<8{xzugp8}{C45$GbshfYaNG(1>ns<&guko=`)4Vfm^G;&( z)|CsP?j)qE45ZUEBwvUs?+RUkd@K>C?Tk!9I#HA_Qs6H-qD$#BY;M=VaqYDljk zhKl&71L;K@e|<*BUk7Pe-#-ahYkttAI#y$K<1-f42Zu}hz7bd%4y-Q-i&*^&7i#w; zY2P!1RAV5Ss9wQM7SbFIX{bP2{ivl>frT`XkegFk_zev(g8?I+zCe-`}^#)aqyUH|=0p#Gao{b%U5OdVkBpRDVDQ-Cd*Z>jP! zfwBJQaiQ*+2v6bqW;6j>*`v+zqF%7GDFQC_9@t+s$E%&bHh2dAM?e8W_s3jRW$9ea zz{#QeaBJ+7#&5JS-X3UzdU%9y(qkw7gA71Agc$!i0AK2&0h;;cCvdA=8dh2qtj0lr zMWv&@^+da)8y+czkkAdh<_J-;Gy!N-$3Z8f&6(N_9En%z&uBJC&5UP*W)u>fIkM^%w9EXD5ftj1>u&d@uRQ? zWBO_=o00V^H(+fEP~xs{Sigb=B*<-;0LOI%&M(jJS}~X%lFc12a%6?fcj~+nIbH+j zk#MuD+QBG)DL#{PkA`D&^}*?KAjx5!`d2-4bnr`+l3)!{Y!0H z{$Ul}u**42_jXgY~Vifn6KN*fHwlG4R``dH%_WZnl`^AyYVG(%%alt+;*4861 zF4j(FeS!TlejU^U3y$^v{6bGIEOTRFnFp(@hd?dO!_iN56yP*9VT2)Ns4t|9Co~mf z{{WtUbq?<3e5TXm#4q9bU`KO&&=s81dvo5q;3iM)0CPy#Nvte#NZ3X>By3$=m&M%1 za*jQLY_w-Z3db{uuh_#WP-UJdrF3q?%EK0Lx-l+1fo?p;BF(ipC5yXpCv%VNHrR9k zr?OC&`LPkS`s1?(uWYur;!(kC9uX1#xfobLzuB`XEEdJ!Up6&2Qg1g@g|*N_u)84Y zf}r}c4o6)Xs@s2HaU3elM1|SQ)N!m(Q@zP+s2;wLl*thco)8QkvHP<;$)>i>Uk~v$ z5Sdz=h9zMGz*i(}`0U^jef>><~ zV&>+5MgL#ll1g^}0y#gB@_i5#YmHsz&W&c5R?qI>{)AXk4UbKYA9~b+2wjw&6hZLAar;<)Cy3^m(rlN;`Z*uu1 z2#;L|3XWeKUa1}11dny6`6}jw-je;y9Y zsK)8i)$1KU->C@mFONmnRIyxC-5X97Ej0@?O2z-#S5l!>`+D_#(F#+Qxc?jN>%Mzi z>bEb>`BnOD@=fSv2;TK{-0;VGQP&&)ba<`aEiYS*Tq0t;;$K>f;S<2*f|^a4E>I-O|LD%Z~;46)DkZ>E2wcXqlXd) z7j>e=Ap9gN%@+Mt@v_wV*GR3As~G!KN*qeqhb6>;^cVXdW1nh)1%}H|(mB|F9WBSc zkYb3;5gO3eS1*=s-u9vHW^D6-T|Mcr;R}>j!(Nv6rKf70?csY&bEJ-$2%rBLW2+(u zC^oj&EKq{63r+^U=3z^E+NVJUR%u)NRQ7A^Q)2z}fBvE65Rsq%X8*AAF3rw*IB_uk z;dz7p*Z7C88Clc=YjSd$dg{!B)}M*_@Bi%M0qx_kInfNG^78*1?c>&3T~~DfuE_h1 z{d;Mm(G+*M9q?Z`>YOK9{{bt>iGLGYp8w(a1LLy^qA-(NrBd8TQ=NWiG(#lPAS7-# z)#;2@^#+f{>lV7fSZmn6YS$q>c^Gw>Hw3*}px(Xw)(m6hR?mESBMV`sLMk6}RXH^u+{PybpaCjIl9 z_3z^9gW@oCSMGuN>i>cM-REz~Uti?>M*d2ufB!GO95u`0*w>m*T{XWkzMMDXm$;9l z$L`}!eEE=*TjfJJCHj9bzI@yCmi%}1NxzZ*u5Hy?kO-LMz}|~K34S>9m;c^8m!4me z*n35-_?tCWv*_Rd75?STE&aPU-h zBq(S0{AW1^rAXqu&;^FDIoge3qK~-zSK=a;r=#zreW$i;AIGmFh*_S@*C55C_JWLG zLS5Z>f+1`iuHm_KKn1gkXGF{v7$h9~jdouj7eBn6KUM$JW&j>b1q`q#%-I3>6ci zs!nW)TlgWtM4b2Mg?0<0I#B3`Lxbbv*D?G#!|*23TcjGQ?=>%UnD4}HQ5Y_aJy=5GR!%?E;R0d z>?!`YYi5`Yh-srVg7Ia4W3sFI?|jb*NIg;4+3}UB z>$v?Etjc_i=@Fb<4bOjhMHzJ_eFcL%J#+(#X$yB)!I@$rwn;uiE#0G%Srz z1U7=koxa4E%#MtD3iQ(A=&ic6LgmnAZ0{V!5wVxTACo~l^qS2Q5sf6#_#EUPuA6qo zL>~!~>FKwQlW==BdvLxu&dl}%Qw~@AYBqxw@H{+$F*vt#3|N?OxU)7gwX=bD(h_u` z(91jq|I`$5$qAdGF70c$BQzmFR||eu#mY~V*Z@Md$`kNVMOZ;VeW!*E&}V|UxL`}@ zrlqNlh-Qmk=zl&s`TPv5W&pa0Wv$`37Hlj2dkg^uztRKZ7fvNs+3Ftj1NELo)8vQs z7hG@O3goEGc%FEF50K*_PpzTWHvwuB6Hw32Pj?3$fMXu}81qs518McJ1KeP-m;c!X zi%-;qA&>%6Gb9*xJi~TPI++q9> zOy$XAHf<%$3~tp|=Mhe7U#yK%(^rVlUdoTTE&8@er9eZz12cQlj$%MQJXzzE5;_hn8unk^Vgaw1aBnrt}gg!Q2t;-;v0?O;cyGe)N>yuwI3a zMX+`iby|KFXT&V+MUe}32lm$ay?&yK_ zXW3fdTY~*G91S+AR-*s_dUI?MQRkWRH-|CAOszw3zLckSA{Y{0m8W*N+f#e12U*v7 zx%FzvCM_Q#RA5voIv5jvmw{vV4W_Km($N>jzXEuEiqRJJcT zE^C)QoaP4#@${W__?DaV&*pE?{9@78T)97L%O^dOUZJ^Ae*opVWvILmC$l({yRBX7 zE({Er`xDGK`)42WGNgYF0eJS$Wb{w@&7jo%=F3ano@N}iH5e@$?(yVrp7c7f9fD)( zbslW+v?ZOOBu>4D!ex%W2#oUh3yLR{8b-~-rr*I)&_2Sf{g{SAW^M8Y>cLh+LS;~0 zbwY8SJy}A!dt}*xgM}tN`XHM0%&*_5iC;pERvN)t)8C_RD)xkEXpXYu@^aan6Me>@HM0{pRvHG)4D@)!Iezu=E0xK|w;+1r;@WRfxD$!l0V zLD#6}Wx-TG4S&Ecu9MTZM9PvoVx`2cERix-kgNih9s>UHH$k*rT47cemyhBH$5T$-1%B;T4>CVtIxB5wjoy8(AILMf~{^F!1QPKZ*Se z^%LU{V;R_l6Vq1ZqVRt8WcXit1tNt6-DcPli^chX|2$aUDAm_O`(U}dmMSAG=(qV& zrVv7`H?>r!p0n1RKqCa5zMOQ{tfJw7Rr*ha-J6&}Ts^ffY54wW?xgZtT5^#1g0&Z; zayj~Kq}x+F4Mh7r70T7`C*UAmi{+pNXKM~}>Woy{VO_3!K1$U z$f~-@KT_4{r@gk~DXFXdtJi*ryn4g=U?@I-n8Oo+Qr9{G``~@1ZAFwji1iOWEq*sA zakz_V>+L`mE>QAdGrc0@drPrizF9 zbye@gh2Sr$`745g4kHLh5!Z@drhJWx)5qC|LdG7i)iTC!w2akXTk6PIv_5|DERnE? zK6Xq5`X|IRNXjN9sp?)SUViAcyrbz5F2TKtreRa25GU;Ph+h?Yf_TX@~CBN zb!8=v-HEQrquL&zCM_kx7}J-NUzV}%*F`zC&{i#5{*u;KF_uuBD)_`JFiSAD-zc(c z&pZGLqNL%OPqfrVqbZ}4C`C*A`?*oI3(*ciehDtPF9#p+A62cUjaIc(oE~G4Xd>&S zj8?V$My<@Zsy3!>Y78|X!;0e!IqO>cpMNC-`FCP?fe-@yPk5qGVAL-?cQ-dvKBA1- zF^9mI^*MSQ_a7kt&0+d7m8QSx#ygJmH;u12^wkb{6wVr7hes7hy~+(e!iW2tCRVh2 zwIi?F`9Z-4QyE;Lf0T1|X+n8C z6zLw?;<>$nMsJ|RO>4(f7&*-Fz&|ctMr^fyXsU2kbN&>HzI;kuYsd_9~f*m&&B_0z>8$L&273$bPQk=)A$RSK9T`WAazgu)ps>!?;ezHtd8K*)UV@ z^yNecyGC<^mLP&>uZY)*A=%^DL*|uqe%GwdD90YLHCtUZwYZ1b(e6e9O@2OU;*N5c ze%BV=wW)^P^}6v<$T~laD^18ctC?6~U2D?Z?dWpNKXGU??2N4H_@@-KW!-GQ+>)qY zY!_+yn~HWp{xASSPA26KevqV|a;=lDB(N8!^r<5Bp_&cd4{}r#&;aM*Z1uF+#hKOX z%R6xc4DyH0K_x9R)jZJN#2wL|%*bmh(deRStP-R2m;faF$F8OwaUo}k<|4j0D3MjS ztuyP>u0h*M**2X!O2o=I49G^alemv=j`Jgr(MXFk7$Z;ZS-}qEz|o1J;(0dhpLz|{ zWkX6J*QL?%h`}+4hZtgxpyga?`tQ{AM{hGI3HpQT7(r3L`J0m`pNPM0Dy|`cpd$79 zfwswAiKCh~gSc^f40MJkcWbz>rgm<bnHU1M5sBodC??lhS4sPRP{G-j=hF>Ys$Om}I z4PN*UBwClsGIR8)mBBeumiKzklKb^;EEuZr6HoAdT@Lpa4IXOqm-7*xD|-nfM`a5M z7rSN983z0}*Yp7VG(2Iu_+-TEeeuMTt|q^UGdT+$DJ_LoanWAOr-8!kIxOgi=8@ar zDDtnm_7sHDhRO#w$_LnT$CL;R%fT)l_AYn{^Z}%PqdEhh;8QgG4mb8ckgu=PqIoAbc2jU5@RP6(GUxf59tgi68YTVoYI25Md=a z7RTL^A3QunR~!(qSqT{q46l!H6|x&65g8Bifv9Zs#avtqt#Cab*QC;$ZSltw)ICQZ ziXWg^Y6p5tIBCSHim{y5AjF=WQc57aFc9;gCd z6g~b*@8WtkuC-7^dYbQLAW5$OUV7L#veMJ&yyEe7h_3P^&dbn|pl>}s2?g+nT5duV zNfC5UT{j8K1)Q)0rhkRLgSh_{VR-^rbs!uOC`RMDuyNS`5+{1tBZ%2L2GsSvN;X+M zsK+|k;15X0ddN`q*it>dlKC$^?bX<}0_3}lyI78fy8=mBNmQL~l#YM));KKHgWT*C zh~eAfG=IS@mjN-2mhcTW{jg~9UR{ga6BaKeRmw;esReV0;*#082)&don0pJI3O_y$ zhvQq|(A{jfiV848@FN<>-Og6<7S1@R0vojMM6>Ob!b7c>(KOjAs#X_7VSba&Px5U_e(YJ`$eZP@*pIgj| zk^`3z5&92L;RRMNLHgZk>crDGH2VUp)LY>Fx(M;(ygtc}P|2WTq(cZigTOPz6O(y- z=!~+3RW-36Pc_=BM-Ecfd9FSO*;jr+wJeWFv>9k{tYCF_>^EX#~6YWKlQ;Oj( zmcW7l3spkwf~mXrqbq_(eftW$q}0<|^OC}8iK!CmlF-2v{vD3CyQ6)}scbv_xM<)0 z=4}w|0zG5hdIOjX6KQ7|>gba*+LLavC7x*tJh04LS znY4NsCl~!IAnLePC6bh3U1UDXmaf+J^VFE0P}jAKrvJf>KZ-zqAkNVacuzzvkBxB) zqh&ba!L~uqVA_c-&v;EN8hrdI-F8YBM8;KVER_!aS6dH>#wX$aF3$cdF+3niA{02dQ8>N+bLCyGV&Ru2Y|Pm4E9?GhsK%y@yX=CTgjUBzu5m$pm(D`ky z>T}Uc>H+#>_yS@DqRjSX4bv947BdR)r|F)6sxEpEY}cHuDm)SX+Q*GbVdr!;G|-zy zms$fYm_-?A-m6te6k&e*Fn(XX%2o3;o|@`(Oc`^12u_H9;?3VQX#^6}tRpw4sSD0G zu5g@DdU01vh1!cl{K$H7X8g$Xj=&nJFwUQ&X~08;d?j7kP!BT`>Vp-X!=b6{pMa+s_AF@EHB*E_+3K3 zfV5~M5vk;vXGD!%!ltO5?Qlb0Siq;SzpxpIG;t-tFoZZRuym%6?Itd!FKsWY{(_J3 z2mJ+y2{ITUh{u*5K3y=ujcNlluzusXXoz1=NC0tfGsCG`M3{64vr`hGn{*7h;BjdN z-8|#R8!jLRc%wMrPFQ?3bW#ilTy;SyNTxZUdo%}N{c6^)>VE;$YX6(Gmqh)qTgd6Z zw{`Z%lJSJe}m>1zLQ&? zzpjr;z(}wd_w=dAHdFtoeA3B!@H-&5hYya_n6wOLOqyKgVmv)Ib4H_2IsYfP$}K4BBI)mRlcsQILdO>6|H`Br>K! zK_!*YvxAp3yqIKLD;UBI!dYGaMvtU7#hC;}gxIoF1m%S;Y@DLdY!E28oCAU@p%nBq)&*d z*EMu4_7)rdLlAZ2cJGhZBrPlBYl%UjErJv3DpjFMDcHso6l72^ z+aSdbW=Bhh2Rpv?6$k^R1V(*Hno_s~Rw@Z;omxMSeV6|AR#$ZZ`ZL_a7ue(r?C=Fb zo?64#)0dOo#hHU@h<)e{o}VtR>aN?TcmwM^{#((X9rK2@38V8T(yuO%nks>(%sweL@svmJJdo+BZ*7# zt1g|w?&vt_JNBE6+EtsOr3u2((^0v);BZq=fT8L}12md2vO6X_j8zvdAz!1zP|Ljc zknOZ^)xVtiW9hm!P*9`})Orkc;0dh_E#deYjYZ>H#>e$YY2#1-l<(o8u}FfEQt11p z#KWYh{G@td3FTPFA1FsEH7ZB>MLV^aQH@|6>A^__!hiIrFhs&1^^j=y8}Jds#5mvX z+HTk%cPt`}7~u!uRI4=&TFSDS)8>{ToR_ZUkzVmGhXa3IkGcw#YxwXgmue4^#1Ujn znhz~T{4*hxTCva21M>qtTN!wmp`soi&SYEtJImObQnsd)#D@AZuA9FyjfcqlD>ITR zutRDioH(t8Skk||Y#G>VDn}aN6Z#7!zFMdaPa5{>04tYdX!p7sW~}%r2~?~dGK`!h z|FPBrYPF};w@nA=Da#kIzFC8{zn&!3PTrLRVKO$GLVh;lq$FU-mg`W zzuA4qnWRXLJblPm$(Q6fBC2x=K#Q*owD3eQ#OFBtMz(q~dPDr*d4GcLfNTUlw*4vC zOkYkUm-+gwr(W8##naGqj<+|KR_M57Q7}c$sSf-L(@5Bs@}j5T7yTg^!&(v-y7-oP z*P?^<@(lG(-nM2ZyjzE;E)t-EkWhk_&w>M?ZM0E`{>$I(nz55^14OWdnz58qZvDPv z^lQ&nPs2WBQh!I)#VWkPlnkIlXHe@HZMW6Ms8iRpn~1@K1DAC;grBioQLqD8-yDp~ z0MBGpsK*yl|K+CsGLpFp_0Wmjv&qxYh{|`-`(@>XNDU?`7tpc^Ik3T3yFj`O=6M|} z52nr*WB!nsC^hyg%A~R5;BlZt0MsO9GQNC#3;O3@p1@LSOzHdJmB}Pf9-!6v^0!ay zNclvQSz#Ed=H(Ou8;#b64K~S+K-zx||MRUf`k%Ipe6Rw(4r?b^TU8N6vDw@388*F{ znpHM3F!kiLk-@W0_7}V~tP~C_{7f920&GVH&N?}K3})MX0mO`v5vxxYCjRq|`~VTB zcYJ{rKIjixWnW+b1aU0|F|e9l5Y04n)@XTsXsmQ$V6QLmh59>{Fop#+EGuK)NPn$! z&GO0@#uv+9@A40UJrn&E>cbC$sh>Rr-tPuft<8M={sZwn2_bz7G|0nR+ZahTvf+hq z3FGa}U+%iAFUFr<=+XRJ(<;6ot5(uAT!}A5ckWf?U#)4buCEwnjId3fGdyQGh*Y*r zNf)#V07wx6B1PE4mY+gXX|-^Ec+KHBzy3jR5j4go6hsUwW9gAeuVCVr=Pw06Mo(*< z0v1dIgoJ|54q2y8JPMOj3z<>|U|M+R=w{U7cyQ}QjS*Wop`~$G!JEXGKN(J7%!8?S zUr8@kGd@QP6Np$n&{P+FPAPy8mH_lhb)E)uxdF3_twQaM{0*kAd>PYj0K>-0-qndL zy?1>NSTM{FH=v(Ujr4`T0fJ^4h6o`jOMyb9&~^7=q$VB+1z{e~KvpX7IR!2}z8Q>7 zp&KS%L@Dgo$aNed`fEMGUhvNKkU^dQ)ceih4zHzZB)?qV!{N0v?mZB%sU=L23+z&h z@T>Zpo5%56M@~woRfASTYB`4z*_3ar(8Rnr*9yA1RuJp8=pYq;uPqet6GD+oZ z>bo3Tdkiu71$;WpUEvGRCp1>a*;__#^%HHM6U7H5bj2W+e}8g0QvUY0spze~A~|bq zC{O55ayU=KPNNCC)Q;ioae!uF5Zd51VKrTnNNb1l~ z7ww;@vB$*32MG(rvg1_bSABN?vwg7s$#!B9mmh_pgt1975ddz^U7!2oP{`Pwg0sZz zO;@=+{WegETZ4rV-&w#C3b0W%osR`T=s$Fmgzq^V8ZY+H$7m~NaA{-FU2Zk%QEF`x z3tgD!Nybd34_Kgk;kgnEktyyQ0%5IO#@wg1)jXo`7k5tlcsRCIHiNdFn6SK*Qc_V_|5S~HP z`3Oy5X_yt3mJQbGeY9?bmcPMu*KRy^&DbX|50=7niw%Vf=-N!Zqkwajw_hy0=uum) z5k@@qW6g*jB3%p?I~EFr$=zlS77O@-K19Q7-=IEe(KRnU@_uvZc+lANl`ax2NSWC; z=?yZmx|bzVMa$5&g-WX8DMD46=kmQMvge`5z% z^`Fs3u8Oz=*}CQ9KwmfXs7!spOc_H?YVNZC&+C(s}~~ui*$1&Ab3n{P0Cc_BWCJO@UN&nLq3%Y;wYwtNaK(xt85Lai1*sKqqW8&@f?HoPs%x`eb3R1}X zt@OMC9_GJ0$e%Eat{MIL1`Iu)An`yFLOsE5IrQJxO+~X~M~)(SCGyuS3Q_Nm7b!e( ztCqqNN+C3xc81kr{nlmPLZ?W2fQeAe)o*ui(cePZ=xJCmLDyHXW8kSo3&LBXlTo<7 z;Z6v#Gbx(UV}qWaH9HilVH)6k12B)(xrq!LsQT%*Gt65@VNCry>e8p!V2V-)(@@u$ zF?BtcVd~0O+pm%)H+>ps0Z%IcoZbfKNM_f!foPn^SvUq~Vz-Fc)oQ2<4AcnjbNTiL z{dT5#>)?LGBGj2{>U40Y{k|=x+OLi{khRs(kX7MmjulyngoY*P5IPU;xz<0BoD51% zI!FDGHKZu!t`8sM@i#PLbYRxX`nRWfl2>~C%Nh~Sg;ehL`1hqv?N*y}*o2flZ&%@8 zMZ4S|L$87jk-Lg5^>;f1Oyu{wFkXVu@RNU$f0yj8+FvyZhb0x1<`?n78Sd&IT{UZ@ z@i!-j5hf})FHgT2Ux&iG^#Yy3z%Kvi?R>!woqYN4y5?}nbYZb?y`IB_zSOA^@(80@h-=IvhBV_IL7T)q^7KQlYs_b8 zS5z5>0uWDhN^sfxW_4sb2Y`6BS-IqL8!uCEDMO>pYOf2I&2OW1X|7;f;O$y`77vkV zIHM?OFs|FVtDDRJ1-rm9K(5%?oN~^d@es(^rwGco5?r17Efqn zdodR;+ah1gzpw3NFLn)U>u;#4+I!9vjPlnyc;ob#Uw17*Ys7g}ZKn^KB_N6$k#F7$ z4e;_t+^`oL)Hqz#fxcqjt^k!Gb{Mt?2V_;{C6y!d*pnvo;jA;pNar)8Sb^j1!Z>p0 zy7ll)u~hc%GfMTWmR(D%Ze(Ik+qaWIB}DXG51R+Cw6L-~JUl`R9wp-w`B9H%; z>?EH0qE$xBUuLx=dTtBhd!V+eqAgCI@m#kGh^>q%j`ukSe2?`F4#LX)2Wd~BfORe!YI7|_MqA5X1}kH=mvR;b&n%rlA_hYdRnaE@lX zU^ydJ=z0SUGiYvb0P-I?TZ^F9er9?v^tt0T@ zA^(UU9-xD&lWa}SCovas`h(m?@9o`5T|C#li>^$;*d(IRHYp#n)F>DBAM=AjB<2Zc z@Hf6T%^xWcFw_Kddp&2{_y?A*nEqu6h+c~E>Nt+;5n$x}97jx%sYMe-l_?c$b;A$| zb6??AdD7uuZJvZV?X@<#*P-EvB=yB;`oaZbhH|T!Dz5>#9 z-=UGyRw9sbgumclr?TMbG}$F!hQslA_5t1}X$M{YB>6L9NF*M63(GnT<0 z4sYx3`XjWXrBXxSDtN8MU=yIs2K%urovnrESIy-J3B{gG5v>QQ> z8!f`ANGuP?7(8MSCL>73GTfni9iFp&!(UDR5t{xWI0wF-K%T>v_=3#w0v z>VmQq=>jiDK#el8_XXT(-s^Vhu1MbKFBmQ5(Gyb{WthsIn1-I%$et*3b#CYJzm1;w zmbaCz&TZHe#MIS!a5{F42&Se22PB75c1u;|7rHY_q%LR}WIU~(ipfGUdk)WSMsy;7 z-Q;6D*S(X6-szOhb(SA{0+ktpAj!o=Q)s60Aig^#-(O|F*ZlLL<{wC{)$i7SgZ^>3W?jek zIIrQ`zDdnla3E7VFnA!d#^8OU-?6%2ZTwTrzXnt5AID?sfjNbTy@;n0OpFH6=4U)@ zFU%MPc*duANS5M)obr&7D8GlU#x63*_ zZPDaE?#5Ft^NWFdZ^EaAS-`AgeAy?lAwyi-bQDpKpXcFxK9GL&i*ferZzZr_eF-ea zemyr;TSLcw^*qe6U+EuP`*n!Jgb)&{+{`GG6|G*3ev!dLto?^dDHUx_bqB>GDpg{p zjflYMxiDYg1J#oV=`GB##}?EN1d_qPVCweSha-N!bvlK2G(nK}G2f00Xp~b-KCiFjx>Wy6h+>?P#EP@bi>QBH=qB0^Ip8rJO=w1RU zT2&KwC;}T&WutPatPy|43Qe`;qi6w7G~A=6M(7!ZL;vXz)=*JYDeMpry9=z1x1PrT zqXeLrUy`jr@(fh-44WOmR zW@=Ge#Q(3upC|`I>!11L<0v1TEW(|CGVz?QM~?aBPEP1e==DG)c%;*SQf>G%%uY8e z)PQF67S|47hlxOCvA^KU{w#xu%My1O=Tuj^)uAl1!d*g`{(^VpeS17WIm|B}hBBo% zXZ!K}|7?ESU51&+0Z|@25kp5>hGG8s*2L@)I#%ea+xLRjujtw9$@=``uk<99qrWOk zk}CR9F7oPHZE&y{ni)GFhP%K;1U>Qf@*J8gCQM>gF$CC+qcMs(gIIlr)CI7@AFi6? zabHzgmQ*oL2^x$^W7Q1EGaTf3_XIQ>r=kZ2qY88uq#%q2>MQ!c^O*Y)7+&Hpm@h>^ z$%&=mE^z)!VLUPIsW$)25{To+qa))#qQuaQwA57-#HG4g!vBH?mIeie1D9KY%Q;fP zVX~x05P|FiA5|h1Oaux?X%u{c!9c+ioJbV7Y;>|g!G9~L+57FmWvK4fJOr4NT-E=C zNIHXHO}S_)wstK(0Qz_9X4Ai+gzJx6$OpQy){}`I!S+r=&}{e}aJAug1XGY5Ze;<) zQrp3YEDX1$1PyV93^DSj`R5xU;LZ~A4`TQH14iWhIlFx3TX^kS+_kC+TSVNA>#C-X z6~{Zd_bTrS;6Xw~)G{$C1{am+%n}UsyZVAhxz;iD3=SZ!cev$$viM#^ z1X4mrCcV)M_4p9V#v1g^-oO^M0rPA;gvre3=#ihU0tuh8(n@Dp_&4$YSdp&zT_B1pj4`QP)*liG|MzI*NpR7EyFZSZaVY#cA z7eHqJBM4LITHK|osZaUkh|jbyFF=2k=T$Y0t?1}Oz64f_jR!vA!_3VXI5wV|A1hMp zFebiL@^FzU9})8v_0)R0uuQ;3-uWnVIG$&f8vO?V(Ix2@2X-?dA+Wj#1r7?5P~n~1 zaop+R4o7M#2>%KxK1o1|V-k^K4M=f}B}Mreg;i(v!D(7hZWsbtOrI$QrWoL4wu)!M zrY7PC>Zd^;w89c?geBPjlX<>lHv2x4vV)4bEh)|;o7TPRw&bxDE_E^bjC9I`NZ@qP zr{JtcZWGn4mj5$xwc)!g=jmV0Uzq&~(h0S-{RzzE0!Ct@ED_{FoS^_C8@GYz(JsLP>`Au)TW^N-fIXn&wIVGnKxva-fK-`Wh zcrL37B|LUB39kKWn3jzgZU*$rq2*s!HD#8EJpG`0n;dn8Q`QGUMjHgz=oir71AFAI zTJk%B zv+wk%ouaiGGX!%NZ%@`9UU(JquC2RR= zJ{b9GPAp%|zbs!*9RF+NYXMl||D}ArJnC1;$jToeBOoq9+{kZ(?yXB`f(qBPA|@(I zOrqw`$7}ne?TVSOhJ0vwvGe41-rVeP2f3j=GWJJXo|uVk+Mi+_#rYNTao)3#kKX5K z`OpTB_UG)Q6U)aD%=FOmLAyhvwFtiv`y(J~EzWWFM;%3|A|J)^_NOG){vh-y_6IRX z1R8079(u-+k7DK8pyfkXXGmqMHAsp5q0g+6kK<-O*0Jktyt62!E|fRP=Ee)9|J4ir z*FJcm#{b%vS+4!BeU5I2E1K1s|CJ^F*9N$vA1*V?cgW7stDT*r*ZG1e$q3rg)y6{2cbpfS$eX`1;;{F!d`ZjrCo(GH+Divi8|^e9b-8b-rM~ zwM7`J_e2J|K07|f5Jsyr8?j@vAEv*ZY$zCCQ4i# zyJjz#U%v~UtlocSH6o)-ff3CMJorlymV2;2e>n!pVL8gKynwXGFBmqeAULh(_&TuK zSl6sVNHDIBb=Ay)5v_x7+;%FwkxfXoU3Hh;obR3nN%4h;X#m3=6o8Zf0;UAuSCwIU z&Qseh%U3%N+YRF&XItKuv)`HWB^goWITz?MTm=6<^iM!!NUntQ7Z`|Q*vn))YBA1R zRLL(^B{Fq=zT7M@F0|~Mi8W{hP}?4ikmlol3Nk{)rZ7mmlYz!&HFs;X-VL-EMd4QK z6D{9H6S~+M_g~E3xxSttw?_luRGy_=c!&8T@9jO+haTj80yOw`;w0zIA&Fp#Z)9hHc*D20mi*@knOENC8}9Dy$du zV)YZyi@`ZU54Gn%sTVb=AyJsMGJOH+R5Gu-Dv5nyI|hPN=gRsx5A#70lnmvH z&4WV3&ob9B{D@q6ysKtLJXfB4r{&6hZyY37u1D3ZviX)JNr4DU?tV$@3zL0rY~R#YOL(l_~i+X#p78hiQh4?*`*U*nk%(Hs@ikk+OUCCz*6GVp#Jg|es z2p6npxL_sHHzAx>2mR?$boj*6;ye8AZlwu3yzKLcyM|U+yWr(2ED0Bo(YU~2K7Rw+ zUGoJmSXq?(j=vyZpbnvyVnap-Mz>#ymuvBoDv8Y|OX#S9JgUbdGf7Mm(05}Gga<)S zeK`LJ*a_sLgXVare5=S8rUOvOlH5VZ7%|N2=P-WlnlYGevwsC*YIbn#|030sybmdS zc(&0*6k3Vn_Jp{-}Ee|3DHqKz0Y zG}`qxN1gF~r%CF8LKqjM$rbp5S2lA^;SFB@PstO&juX#0s^U%EV)%c2feGbowm9b(*B5hquk_$x7ATLw!CcZJ@SKjx zVsKC=_YaBsgK|LN=6n`}Z4jzKyq8FcIigxQYM9S^J@d?YYgyibiDy0Q%$cjJ*NS&C zHA{yAN`;Dgxm*>$MNFUs-c}MkqEcLQV_pEXfUV&{(gA&5rhFlXk>>yawlz6f*w>Z% zSM57VYmxbcA+B#mr&4H1;ITiQ}6mST@0i;sFY^Z@;;7iXHnoAZ@(YFpWZzmc^iI4Z2E_y zh`4DUDfyFl6>ev&Tu=yAbito zZ2Plh0Pyk!!oI*}#CP|dg;F)mt{Uz`gc+*POZ*Hg1fA@4Pw#^qug?cu;NcByEegCP z`^vC7U6Z;HaRdzCT{RVeZ@0tA{asQ1M=t+>s4tLd2cV(p_-x7Ttc&|wV8hUFH2)1s7`rQ` z`V`TczMK+=_{Q75{C~NEw*m|j87vt4BDC_6sLavI=%2A4#_DCLO@MES9VR)kyzDYy;6z})gnudV zm+hhc(U?i7Ew**OfC5d_Nl11xmwj+)Roq5gYZhLwYH^)dtKai#D_T7d2hqf8^~fFd zn>oMa2pA6Nw?!ZT^_yrf=r^s!%r^0u)N{@F*yy)5Affr;y=PG>VJaPXIklUDDOG6G@)12o0%m#>ba7bW4KmEUz*L}1QIY=iph6sApr&r zRL@rdpmN>rJYR4m9BQPgtF%(UKa*KX6Gk%Y6>s28OV(>8)E<)6--g!vfZC2UKuDCA zq=KvSdFkP^q4*wnfL_tN)O{0F+8bK;=~@kaHFkEl{wOT5o&#GacyeewON2|Xl~MS_ zNJ}Jh3~M?u=vWGcC!^B1Hc>HDzY3))tAVLCxC??za;r1xpHo3qQt47x9*GOrV(eZw zgsBj}b5-w$v{y9^sK9aq*=EaClYu9m;4PqU#7{$7!a$s%HA3{d?jD&P+bnQVK?5m5 z2;t81L;b*^+E@as*;;;RRURutDRvvZ1DH3n!fPNmd!~Bp!omy{2#7lD`GtU*-cEqC zgV@9f90Zd1`mH2%(lRQUFr=C$;kBbGsIND+P&R-?WfKiRmbJ1s8NZX%@L#Oc z!OG~KXmA#vULz2FMrbjD58$h@zYeAF6n05HplGo0>_siW-yV+Uc8vv3|Ko#$YVt3( z(9E}5u3d0iLbFm5M@z=vLCM|fB`5=P`7|z#<`wrfiuX zLq5%9YMsN)Oxs|9`2o-g&H&bzKY=Sr4{3~^p6HM;QwHfF9R_i-VJ)X8vI?v6`&1k) zt%90tP<3Z(Cw(%xArr0U6gz9X7j+<|rZbaiQkmQ|Rf2~r*#BF%P_V$>7b8g~e1YTg z+r%Q1E5{@sY-+|;;s|`FAkhbFenX6ZH)fV^51onU#-~Sq4)RtbSu@tvhm)XTNoLKv z;RnobFyZ9ff)`sMel4UhV%|)CZMvpE+T6$j=<{_*UZQ8psF&3?>OKJr@jh3iHxl)fA-~nG6e**Lm6-2J-Bn;z(<&H z@uH_A$9E=U6$Q4}zwl?cXwI-mm;nJ>r2cIuk^YU5kvO^A)uYI)lhGn`zTQV>ms!KL zS*^fL;&D>Z-!xg{$4Q}=V#(@InEu0TJwED(5C{B+Mv#I2!!G{9e~@2{hQuUr$pW)h z)p9qe3;kPEv))y+Lb``U-hB%hP;z zM2AHX{$)SY<1axAk&nUe)!4TvKd_p@S-}pVES#LE^`+P@D3$Q@SGs2HLDfw51zTtr z$kQ8{MhN8LxmS|<3eIZkk@QAK+()d&l69y8SR@e)D9xCQm8t{-XwxOrm$RpspJ)S6 znoJxaV;0Vb*fpFX)+`%Dh)2YU2O%@P5l;I}pgxrzHsHAIh@AG&xz zdSTVimsNBSrxE&f3(5|eeLXxLcJLfCoR5g9)5nWgKl)g@RxL-jvVXY>d<+RxDcd)R zbHyE?WR%7C@GoYSq7K5IEltn^SqLTRTgOMiYKa-EZ-#s<&JoLnlAto#4FG(8GBPM# zvpNw~cGnX5sC)gBT={LbN}}I{w9+|;+q6=%Ydx$nF?X!7uCUUc!`eFTEaxPQLfl+o8(tWs$tp13>(t9~xl6r(Uv({Snvt9tE(*M_)vhmi8?m2kU zt}b%TS_Z<o!yuIJ`CS%>jr2Sm^ zJT3K&G*X%h7HPMYcvd>wHy91L<xu#8s=0IloG5 z>y`oS%PO#BOoJX0*r7rmLf1>)>O!S}jxtx2_ru?-Ts2cD3#RmIJ%OZpC8~TVm&n-H zY=io9^lNUK3OF}T8HK;&%TFNvZbaBV8Yt%GF+Uakl`OxqKzXv58XEojAG%K_x~d=4 zSLGE5S?UJK+9P#%bn&}T$kE@Zzrt1X7+|v3q__C~z`ccV^c!?2BE7{sl@9NiU3GM% zs}O&Xs&!wbhV-|MSozTmak93bSHu?@8u{U{i}g?mS__<|>1{TTDqpA)@++q^C# zu{XiE&+u$PRz1qHbwMJrsHzOT*U4V`Il5wF@2}ZJE8wXqTzyR$+j+7 zwca>zDa+QHEE13ZtgIwg%{HjRI=+-&2 zX+ea)@vchVNkkm663|yi#7ARrWTQu2su4Z<>Ig=U?C!tA5j|?Z=W;}MxPS*=y)J;T z{>@x5KX)a&9H$_`oSV7>B?ydfKw$jRl_P?^diV?8{*f>+3;&Qbk?B#0jbDl&(YuTU zv8{*`wZ(>j+azwJXABuS;%ia|*GLRG9+9H!{CXCiw36}JvpQHLLmXgUh3CH7QiOxX zaRVIL63eatFVC6~9%iyEY@VEx93o6&x9yafYYQwPpj@~=L*S+?LWg!yf zHW%T(wQSZN-hRxL^X}Q~ZPNs;tdz&Ofc-u zC?G|E2~V>@Oc4co^=``;2jqG6%wogvb@*8Le6GD%XfNn+k>Obc)sx{_$TB>4X5qCk z{CsmG3{MDrBMiStZY;xdjVXs7X2Qo89FYwE@a3zGk-wo>;utosiW0Am)(D|$ZD!lZ7@`VmjgIBc{SX%j*HUllDXI)W&C1VA2 ze2GWQA-+_?_(o*?S|$2lWR2rXS-*C?t9l~{Q`H2Y^Eq4$310Cg>{*Y=$KvV{xyr!R zTH3hDojAU!YC4f2q06yBQhkWs4vwCh<<{%j&iQj>JzLlIcHkkpIeI5`cQ}RC%6zY0yQXfYadJc$#;BA!4k3HC*^i}mY82+s4_Ly9UcpDX zVF7#;I-rq(^i4~DB~G&Udc!mvFVU^7L(4B6T5fY_`2p#;4sI1?aCJ!(|bMiq% zXt-Gy#!sQugq^?LHN%e!CLOqD+<+?#n!#S+5g8yspO<)omDqyTL^OnK7&>Bo@r&ql z#%CS_JdELC`sIqZ!2v353}`^;&*p924R`ASiZ4 zd2S5;H4~`c?eIqi&DGJL4J2FI*N{@=Pe#A)uA$yIQ7&G^ZhACs_oam3X z0gMAv#>}0gUpL@2@dqr9n{kJ$@(OGr7d37c|1>YEeYLtAM$8WbCx_w;mi#isIYuVM zLn!TZppc%S8bgG$DMsI9e@QUP;i{94Fd&PJNc*{CD^CYTCzo);Ifw!#|b`v z^*5+UCupkmM}olVtb1ApPA^Qh{>y;_r%#SZ95_Aox1sz$7&r|u7fu4Fl+WAbZkL*b zUv(1xNU&tPx>BBtF3*ss5|l5BTn^S{8PS;X1|dq=<9b{s4sLw=r^GHu=)pY)@IbVG z`y&M`?tBlfVut+X@0;4ilfTzBgE^Pj9(rr&X>uNftV({N2Ivv#L=?9;Q5ZZms>jnY zoCtROsao%z>SiHKdtg5-HCw;hZeF1{ru6v=vmFG7Nf3b@ELeUlJlky4Bc5%coK}mG zsOr0f{L2IdT;LKeYAIaQGOp5U*pV_Md8^g$p8SojyZ!?Z#Iy}X!W@0?DTg4%>BI0k z+|w&hozfmxPs_7^;EF!Gezr=UJ*^GlX4j0x#3g@=Yu019fcP7^7DR^H}c60OerX(1dNjMk~8-x{ncn)ZAVho()TZ0qW zB*UTzIXKm`S?zh9`~zOwte(@CoFaS_m%>VE^k&oPF2b*!nw6=ZdO)*MiviN=7S1gF z*OhvHk|##Pf2Hc;{G{k!1jn=v){z;GmS!$OIrK(PiEqH!IB`mE{OwXi>tJ50+;g2m{46Mpr|hk9Hw zo#qh;O2j_-o7=i(3`Kn=V@r#O-U&gcpO$%$tL3JLz+2jQO6EcI zI)@h~Ao6f$icZiXIy&L>sU3_N@btQjFwZYUFYiS%x6ohR#w-iWxkBi4({z&}iyZ`x zZE*Zz2cLjON-83Wv5D)Db_ODxWe#YRL?JMpX!6zDhVu}H*msi&LtuAtb>m#dAPgqx z3Y+V~)eX@E=jsNKcnEx?86Tt5k+P17VLPhxf6-Q_tm9cEWj%(S02?Xmn#!A;l=XR^ zV=&PPbaO;jk6*Yi3`UJD)`!M}jOLtfmsrl}5ja@RStx3l4AX=w!!SCzuL@X+XHaJ^ z=Hr6AQmHw|#2`)3OSkNGGa|4V%lPHa8j+u&@L4Qmt6LgThaSg2csg%F<| z#6*#Qn}0e8+(PnCWi02EhUj8v(P`{Thgl555c!1^y@ zq2bu+FP4SWE%0OyhJ$1RLydSDxv0APn&?05TWqE_RBqH8^(h{sGqHc!x3>?5Hcja| zH0XhC+k5C_#odc5I%xSoe$bg%`R8v+spyI86Dzu_09zZU_tg8SGX5blm>^W@7F5Mh zZ-e>x`E?(H{G-Oa-*~KIY^m{d!tek?8C$G5hCD{ zTf?XhY>y-bBLI!H0WFe)VSC_NL?;KIdMy-3r~N!yK6*=@{vSmYNAyyMlouSeA&Am| z@XLk3GLjc84TA0`?vYUV7~}n*gKowV1QjFDihf-P0*h`af2a&x{sM*cv*|z#4^@-PGT98 z6A)vBD(Z&wm+5ekO$r&8eNNvwfp!KiS{Z-gqRB7#r&6Ay`{WnXGxGaTRuzA-C(*RY zRfBRWZibMJMY_ellgdTDt}4GAH$%(E;O`Zf$qRPBd(6>Exj%*nK!4%cP1xEp*u7Ri zLuSXmN_j9*KWLY`UPJ*C4X)}7(})rDA9;Tul3a_$njca|Dv=bQeY3FuLv{+dJ`S>IJl*{~E-Xz-->& z)T}5U)7yKmFZo?$48{1EB1qGhPXG?c1{$7B{rrw=)@Aq}Tw(@?+cBtHdI<(~1Hn9w zr>QP@x^*`p8ZKBH(ZwfXIJV>f9P4p7_Cg<~uaI>>c3tSR?0V}o&8`@nx5BO^Twqkm z6<@Ku%J@$VzY4Qnfw4|Bv(}@P!lQKH<$^;dxlp(uv)1F+GV5AglUZ4a%(@M~tuQO= zPt34SUI~Vsz9*hxAO0XQ!%ksd2z^+X0f%AH>Vsw2^8~IiY(3D8XIM5oj$zq4!>}ZR zFsvI4`_&Z=!`9ynQVvARcKLc}=RQM{po?eac#BAKi1#PTc%(oYda1qHG&|U$PPgsBf zf`xp~sp`Z&%cK@Q%N>6Jn_T)sJey2;pKQ{O@sz#FxM9#YF3%=y~4u%^2~-#<^xKU`);u$@&vf!)MFG9C5_L zU8{yaLn6~VqI|1;PxE%IIu(yGT1D!m%9cwkE#1QWAoIR!;8sT zwoW$RqkOy8%b)fCG57BAQ5M(#_y!0pm+)+WKoHQNL4%@AsPl zQBeczLKM`*O@Qt4U{q|W+Lo%d-fC&3h+s8b1Y(t|7Z4Q`TW4KV)Rt>C-}n2>JbTFn zu)ohAzr0|d+g#3^bLPyMGiT1^2Rd9(5NxwNZQt(&qP6s2apEu6-VYuxY#+D|-2uKQ zP}bMaqSYSifVF%JoZf%+X&J_oUhsx!;d^p@L43Ie(#ANs&s(Ag2Lu=Rkd^~EMMwLP zz;<+kv6SP$6r}>wr5P}B>s>hwz{MrYxDT zb2vL6E+&6~tIN$c2HFDb;&F#tNcKPdmbffH--t(z5LI52xB_c1ld!Nk5m6{M`UY?D zHEk>luQL&7%LXC>?e}a*5{y8H(#GykXub8fzPVQXO*%)F4i8SqHq(>QUv_g+~<*3 z7>W!OJPXu;8ETicU=nB!n-m;8a01@lI??s*Ft5iBjFnM|Mo0;OTxSHQX?h~6NIabI zmeF=DYX8tX_#K{m2h(>`tkgJmVif~Eewbx=i=A0Uuj$$dE--7oNtXKP2#UT?j(t>I z0EBmv+1%_*w_9WCia1l(t4HqFTwObZYAYt1C1rMhM7fdGM1vz#P!-*a?(4^CgZIt@ zX3)86fj#8lV&2WPJhsAZC=tUR7xM}_fH!*JF~Mz*J#s9@n535@2V;%W@#6OmOy;)T z?Gq&$u~~isC4yq@L9x4gSaY8Scp&W5cG%4K?HPemaU}>73!vz|LEMzt7r~ciO}qo{ zk=_?tkC%I~i8aytG_)wYgDHE6Q+9`>vb#BD9|G&3?Ekh_HeR+-b~@o&NEa1r?z39T zO>LLX@`HDv>W%{cJW8U_n)v=4U(s9Ey*J{e&%P8+(9Kp`!L^1!9eYCfpOr$Ow1*E7= z3|W;q7|lILH`j1aj}s|T@8|mTx74NgKsrHx#=Wc!f28W=7NYDU^;+WXo$v9{0Rw+w7k|yuv7I(Bv_ymP;l1ZwuRvAHmjxJ+;ODsB?c`& zH6ut5kjaMBZR;~Qiu_#r7e(uGPSNdIoXG%kR z+L>|gyH)5j(ASgtn$Cf`W?hfE`li%1`UL7~rk1KB!Il{5h!I{Jfpz;!07Y~Cglb1z zNolE{#8nf~R2X~ZG4w)fZdCW&RQ+T;UTXb>s^s_5N_Is=eg|t)JCbZ;YoU=Wp9_@n zlw1WyI6B)Gbm0zxJWy1K!H8D-dy;?1yFH9Y%s?XSA4Kq#`0$POJMQnK+{WEi!Q~i8 zpx*4AGYxBl+S30x^-&?y4Jh*1WE#PcA*ZGA*Qy6eCTsbe+)Ic3i{NzBw*8j2Mk-vQw%Vf8y0#3+=km2X<@1uADdHyK+7f?Yfs6ryhcud&37M z`dbtWr3{}1{?K3^V^BGp!Y@aIr3V$*S5`f6g6%iV6j@9TqCRYK{YK5!&t$Hp@K9?Z z(1%TH$wnIzY^3?8D-7t(^)=BQu+ zIfee0d#weu>0t9FxCFtt=Idm0+QG-U1YFhBCGe-{N?=7;tuBN+jsLRn8wUBlfm=u0 zL)-`-&Ph+`kk*DTmFcqC^>jV=^3d>Jbe^LUr`?#U62r2KHsQo*Y&56jqcU5OtQQ}V zs^5Enh3VyZX*|Gx{|ixj;bi&;Ac4F0=iQH+*17>lDy{8a z#ED<3w!5tUxNI=#cq;F{Ly2PJ{B`At77PMG^Nroz)0(>upn{Tf+O^!C)#p!P>89<2Pwh0yP5O<+43aw`=!o@o$3bM zvOgpFdk@5K?{gAF)rdrbml6qXOC&fgkzg?rh{*g%l{pDMQtc86X6Xd1Z7ObC$k2ng zw3MN1wNgy^IrGPmogR+8ZjQa~vdH9|vbs-#*aSiUdYok*aj6%60X+<(gd4rsvsSHp zW3#D8{n{x#_E$f$XO|TX$qlaag>!Rbue^bh-QMsJIeFYEw;v1jctbeAF6jhuHH}5G z1do*P9!sc?ZP$8gTff$FcVX9HH|#)kdy6i0^OSL%6rM;e?VFMe1(n)tF5~Cn5XJmZ z@zX1ffxRM+!8Wlm8Aj;vX0^s9*0JDUi6b~`okUgHu}p8M0R_NCas$`jm@I+@hMZH- zSpl%=c+1k}k*5MTw;+Lpe5Ex!FZ$ECKAwPF-|6viw5vYY*&EK-fETfDm{Pog8}&5(M36n7*$cUN7I@dTHpRQy2ooS{dzBdSFdXnKfc(ear(b0e%*Zu}=rA% z+6;#z(pC-vECEKmSl`3^7m;kzRFBtV!a(vK4!bF)RW<&m7WfhQ51S~y+yHN47D@c7J=`lPDl75XFRU7#~LXwU-n7|W_ z&*kb5aNv^m5nXabxj{<=s}^hw5cbi=<_Ht2g9(69b=nk-FsxuW@q(gXw!{_v=T>Ov zo?cXvYWB%o7p^G{tj0E1EMRfTnYz**Tx$VbEv|UOt$BZi%HxIq57*u!m(lX9KSDm# z9J#2jrooz5gHfmENcq{;$w5CB2+|SuM7Iw^Qr&dskBr5d$Q>SUWLma2(icWh`L2c` zC>oG}jjx1X|BiI&NmFEf!MvXte z8O;DXoMynj)UIVaFxaWn^3u=%Al0h12vDT>qrDSw8Tv6U{z&>>c@itG7>cziR}IP9 z-Gno}VI}?x$>3leXMg58Kh0F6`MX~dea)V9^+)E=q1c*H5GeA%bhnDjR1T$IN^1o} zcKXfO`?4xODc$|8q(lGdf6LoPthz4=v7PniU52GaVj7ml7@%1iGYnzr3Sj%Pj|JP~ zaRIh3=M(t+&7K;)fjmGuG_M(?Rx1!VXaZ)M&ID%AcU`JuMH0$@SyU)P(Hyv0{sM

      0%NO?IMDo*rv`f=!w4+rAkPkbbnI`3FR<$Vs2hF8?g_5Zb}yWDG@uu5i9dhQ z_Pg))!{hVb51FQDn>Fus+%Rm};McvYkKkb2uf1uAOb2@ml=MdR>;#^t13ifiAlspt zz`V3onkfx7PTps!GRke%7=+V;G+5n`=`YC$(hZ zaS5YIGyQ314tN)1nxp?y-M_v;D<4|jm-5xpt4*n~#&`*$U!Rhizt*Mdq!T-{1)Y6b zJp1eM>~AFb_fOFJiKsuub(Z=`wUE>JR6{>mBG1OVD^gz0Wo>TtgZD}L7jN`*sm3vM zKH-`49KX0V{CXL`bQnjBQMovf98!NV3$h1%-FTAgrCi*r`pd~0R$brZly`tb&!OFafVjoFYo!S>2dbe8o>)oIa(auC1i*Y`}Y3NM$ zfDgVgY7@084AEFNRv&f6E+v4(!NJI3jNr~ewLBmmXUL|ndL1nD%QCP`sLJgMfQp8u zO{Ivi?TQW;W*}aO&e#xSIScS;*f4rm6GrFc+UCy?{Th`?^+Mj5AQ*P~g{Yhrk`-0K z<>XsB*o3Rxq2kQvz+?46ph$vix?@=c7_zETb-IUKvQ;NeZjqh7uMy4pbUaIP93RV3 z*t%!Qum~r#OtXDBKZXvE;`Fon&)w|WrjywN{_4Y^i=dq@jIZTrpYz30f=bkg+!fQIkF3t$2|;#t?)! z;U?*$(k=jTPMAI0o}(&hWK< z_6R*KIL*haiIcnxkG}dN_y@3Sg|BkMB60!nS1UzeUQ1`Pa4$DQkbx(te@K3~tZ$(< zUJaZjxFNww-bkru75!M%KRWILrpXs}@flwYa)~__Cw;;gMYKW7R2w@JSJbT0!NKUJ zn8;YLEHH?*oi)H&yN%!-3{ zp%)~*vyW+kJ_ioKfSXVb`o6?FUUoSrXu%(nm02>eiWvs3CM9};)PT~=id-euLmLn>Kh$)RRrj3-v*DE=cZLxd zN|)eg22KDg!rmARl66f?D;_lE_}qFM9HFrww?Xh~PFRC|s1Hk?o(WSCSk-T5^{`LJ z_!=9ZX!n+OB&ivp>l%40g*cL^4HPq|@d{MNjUR?OIAwsQBv5fFJ}~fMx%c3jNw^Q* z=#6CkYWPGDE@Lq+zQ}ZR6Hs}3(>olyZ$c+?N@)pziTH6GK;(!9wAMYno2fO*1w`2k z3ufA?Zk+f&2ES^&14lvu?k~U^Llb}&#scdK3m#lO3F(5Ptd$>ip57UAu$__9U9qm} zu{2GE6!0gD)3{-Qv33R9u#LR#W;a`Eu&pckKWTWN zBby$Z0X&b^+3zX7H{7kktHLHpQi10C_3 z8Jz5kjDk4d(S%Waz7SgOLxLrLU##dCtjs zfuD=K=;((HE;ce1zgIR;She0$9pUAapVULyCvh}JeKZIMcx;?dFZ>4ZQQ3Z)$|mTv zkpN>baDivpldJKZ>Q7&SFY>0`xtYYY;G7CvoyswgSamTL7V*et5k?cnF(NrQ$}_v3 z!_3(@`!-L`WranskVW9i!nqm5E7w}_$B+JAK4PRcVlCcot&tTRP;b2AG8${UWk8Ib zHSDx37}2%_Grf_X{>Vjcf8 zEQ`$E0D~gH;38OnsTyTOzr{~k1dA}`_+Q~Ei%iO9J9Jr2yB;;|dP2(bMXGXqk;*&_ zkF&7KydQ2KF&vJ)%xG9I>m7aEwf7A-n(y}7L)Q(=lKHcmy+*4`*@P9HSgTDRN~}q2 zp>QTR%d}Yc zkxV^(gymvhwvm83N*9$abz48up;jLvjjF3y0mxe|SH0a%_!`e7|6;jf4CHsC~h z%H=jt=Cv}RwMluNkV4So4l^2$UXsHL~9Nvqskb zII@Nh)yR7IAIZpa1bJ%1sf(AZ%9C{KpORJ}rCgyL$@S&j2DvWF-H0n&zeTRt3d#3q zz0Rjw&%E*0Gb10Q^~}YGR$EW-)s$0OwqCdLi|2JK_rzQIzF~=FuP3)Mi6t_@5})3i zV2M^3V)3E27=rVwz8Wce*hq4tTo>f-mn-%<%XL|<3;aW*xaEq?%(xOMI-f=g^Tv_F zjB%teSDQ#-Yt@5f&F{q$tN)~tbtsOkKO2^q*O-i~W3U9}9SOB}e(Xr>FXlM_|7?6j( zsN2D8q7ooSS;X&Qkso!cpD_l?VX%{Sf_o@~=YQ-fiLY8h8>FObhn9M0p zZ?Dfm4N$HRV9Rm<$G0^foE-au9;Rtx;{GV{q^gJGITp>ak-As#TyJQYD|q7hd79&> zh`(LlsK}gl`J*C%cG;sNBiiN2iK}v&bUqPgKPqFLdXCyvT|;ol2?2=p!wQt&f^Lr7 zb4r~F*HbRS){SCa6eYlpMgKfRM(G+=o#pb!RE0HEi~ACZ8K6<_cT|mr&xRA^JsM> zGffCtjrysmx{#g)O(jzm;(@@H$n|BdA7J`dF3(!}s}+=Y&?7x<;mKLI`*Ii(wmM?s zv>}8$X_>#-5E9{+i8N~q9PB8b;h9+)5EFfS77Diu8GuDDn+5+EryP* z>e4?@>TGtV3c}*(+|7_S=nJmCkiJ}c55OGI9QIbt19tj?%d%XmQw;KJLx~$A0i2of zTIoqB-;FmOyudBBjf=)|0UG+#jBQY()5kO4=Fd{{*{$X4ihSx~o#_;2dN?&xMQfSf zDMzMEo$0f2$aI6rgcCgo;mvz!K^Db`oDIhxs9A*aH_W(W`nDEJD0C3YkwrKV{ILkAnpxmYIkMuu3wTKBTJ&X^C>A%R=-vpzXecYbW6n zyoVyWbG=w3E}4zVaxbtE_V99}TBonbLps>}fRhSj&fHHfk|9)wUHnWV*m$ryV zHV|ctNlA0*|A^Z9dVl!6($L;he4(Sg0-2CMxan=xadysE(lciDM%>{q7^-~c*|4uN zVf0U6K_;Eq55IkaU45bR!IBTHt&a`D3z$|HAb}V_Pr`4f8R=z_lX&3Nc63Xo8(F(6 zaFNC#4TMkL4?MKs1}y9)M)d|^oKyyi^>U=HNCX6mLEplf8_b{V&hv#%m^t7Im1BG8 z<5TJ}KKHTe?!y}r+O?8a@Go*GyhhL|bG?%vf% z#_la(VI(Ur#Yu~%OVCU36V5+J)_xMWi9iNB`Xb}pF*L-HG9OVtKA|quq9)o+F=jRZ z0yf)=%Az;J5Cv)kdTJbWgM$UoFm)!-fWS6Rr9<{5R|@L_i)cZqlxAtH#p{Exp!oGi z&fam>M0gwwYQ!awj;dqV$jKFmdKOhr_%_S>C~eZ6MMC;veV|diIfFYev@JuDP#kX^ zywlOTg+a8gKs*~naF33?4?~6KkmhY*P$g42wts+2^+BN6C8S=&+y*KWg1S>Jg8tPV zOHs0J0{MxE6k?=%3g6^rg>$n}lqhow5crcR$Tt{`FlL#LGA!Vkx%jb?9~<}pSt2D+ zXE%vuT#F3P!O~v7H!?Agx)B!mMmh_8-7Spmjeph_D?JE~feY`y7CH-jIXLsio{-}N zFfGCUY`Q|wMS$yjSc&R&rFZqm9lZAREnd4n@;)PZ&!Sy`@H1|dJ!+3PZ8hHzXiJAy zA*gZ)5W-ug&+QK5myH1$FV)VAw!{}xlKX8!Cro}z8fd1|9*Go+<$88q|GW1!syUYv zRC}G93bK$rv^(o9+K&U*AiXV5dkgN3Ol)~B^6;MNai7C`$%5|L22P8m&U!Wb`R3SM zY!jPqESKiMe#4-A2A}G7dT<;Amp_-Bf=hua1(yPw#w9_EYQkj|18)hb$Bmn43c7Cy|CIR!PE~TxLfDzf?)BzJf5+JsQq&P|>{V(1e(KxDzq zz(m}}1gKJ5(Y;_Fc2AjHW7<(6&oAdrlIt=t`qKhbiD$AX(^FEh=kuBA`Rp~%Q_ORP zd3Mq(G$J|uA@l5{cQc=HQAZdttB$ULTvc%4gG)P89;0(!;VHlm9}=De_U;kRl(Y6%Q9b9KCw-oIcG4H}8Sycb>7S2x--rGkN&i2#p#R)9>0fai`b$oszkr`Y ze`$cGzrY@+KcFD}nM2(=?EBDPJK_Dh8*ChbXE#GL#D-B{(>g~DOeo(_p}(iDkGLCm z-N^I5ux-`o);KL#z4-uG40aKS2V;5%w?tKdh?uCa$U-*=ITsWGt+zTrWm~zx0b0lGmS;2dis4q^=i3; zOw3RWSysrU_Y%%zz2I-v?>z7vkPPD%GeIgK;9fPAbn(!xV6N$5Q)pzMs!Pmq?11~21^JNu)KaX zmb~H0MjKc)zdST`WQ^X;+>ne7 za&-~E{yfSWBjrLiuRrpHW&$W@^+-)Ayckz!mBk;q1u^C@ zZb-ar>qK5Z(>mmNbZgNvRW=MBC-D!jjpm5zGmLg z!T|>->?@+nA$;X_a9ANG)C_ECN^s;@4X?-xbIOUzd>Vq%&Ny?BJ`t#boHB`eT7#56 z9jr7C;|dtk+qBVJv}WdP@9I5pZ}fMB*t@D@Hh@=eJ|$)RD_56+AppYv508A|8v{8dKY_t6n%WF(&=|k?Y*t8WgJKYfuNhlnZA7d1~^ z7zoAn=F^JZUaUy$ju$9ZrZZ>YGx)YNTExPRuD@Q6$g_Fb1@LFSiZ zSjoHUHeBn`+u;I_29`k9dZ%EA#|*@pZ@>WNwB*x)@PmKs(d3rU5B}BJPBSVfv>ZQp zwYW@5$GUAI@H)Xoz}QJJhKWPGZ^H<;mRI%#X^?+XR2Scd4)PMqIgM&8Fd<>h)V$M> z84O7zuDSp}>hghn(8mepv+{@GKKzK8C>MvTjx03tHlFktc z*g-Q2dXKJ1eTBd}&cmuxky_}pD<`RB49nh#52H7P0QTbj06idb9<~U={uy^nAGMJJ z!SG$pIF00PK~4_-i#ciSK0X0<13_Vq4SMBwi5d3>vZ&|8Or&f zo;sQ74f@Y#3GWEn^c&{Gz>OUUf}hz*iGk|RRJPf*e64&)-NxaRs_H~!m@0^CHAAXk zQ&2P*6YXL7(beLAU{YSlls=?%RQjjz0-AwFG7#Yw)mL3SSj!R+7fNmPT^xVbQgp~0 z%8&V4emq7&)%N+gZVqCYh;kk!`v`tXc_W%YNfoW%wS({i0ls_~RYt=j1AZ9e+j%&F ztnJFAU>dK)45k8(@hdf~SSB~%u<9P$lb#7`> z9dcNlPOiJ)wgE|Ret_%(pIVjlI$m|5x}F{(PJSWV14szjql=7wK_LuEgWU9e)I3Fu zKm~;K19x%80iFj&VtFT;5=aW>(jSOQNTcxQ(E)l>-b2!0rv@kvx@XDF5`L2rPrb23 z6o7yBrvl(OuR5L5V7Ej)sZ+gbQtA9y0AM+GddWW_67uCYR02HtgrenstY8 zSt}5bf#s&bx!K~}?7_d;d+EH2u7qN~qyPNc zHkw>5Ne;orpeE?jD^2P8i5Yqk&RnLp^>j`TQ&hi7uzzq(%klxzb2uGw6;8n@ zfOh&)`Do@bd1`fX3i_yFG>lYMa7LHo#VC$fTuF+|`5{X0_CtTTWD;kyb(7Km9Qn4N z%{Gjp$}erX6^qd4h@XiXo0}~3*k!U4Gx=!G)@7ic|44w1(7Ni>`ApOoAL?e!W0(cpr3H(tFLVXEuMi%vGlqVh4M&O<=`6&~n0PoF zWv*p}=kKsp8J^}cXTZ9qqbU3A^6#+V+hNufq%R6=KPwZz?SfF%yT@|8)+^m(C*eg0 z?8viT?H=on`*eJ~t~=%ok?tr?Z-UE`&+3og zPP+WTxOE59t>xWgCtELehyO8NbP0Aq)vTziPL)zo(WW*lB1e^wIu)c-ISR^r!2gfD zNu%s;XmU_X4mE8>Hrgq)7>AX1#f>Oiz5P&|FbYt0bby4G3`IiRbDS+D^_UNEPl=rO zOqMEv%Z7W#4x`H0r{%{%WGgo?| zUlOD>XV9SlQJOH#TN8bs?2#xmorPjN&!=7j?Zi%hurGAdbMA*uD*6s8#5cs3UG)f} zK2;a@#3H&Ya1J(Hj9Qlo4$JC_7op;A)2_yXR%dTGy*-}k-d=p zzoZ^dW1omv-l2mYCzz3mVblQV7|{-67LWldQ%?iEx4=Hgg>=AJ##M8eN2Nn^&HP<| z_(S1G?9z#|eCSZ0KrRT89fauz^WUGl%{Is8oZAYCG=%~`1CGW7FavpJEd)9!H3<%D zq2jKUL;$ut8{<>B+>HQK;^eR2s3Smyc2L}n&E0-G-S^2L_+V=PdIv&HnxgcFnyzpK zdzi^e4}WALMAtYEeX<<}P@fGV=^);AVY?5TjhF*|?mK;_d9#Uft*}uy%1($f>b3c* z=9FW|Gh#ZQ^TT1S%QZ*c)AH?K5?nJ&BDBG+82mKo;EX&F9SVd6DgmVY-Vr#%67_O+)lYZHW1Gz1<#j$`{pO=y@<0w|*m>ac*s2?iXk0(YZ-V9mY~Q8S;@-mjQKb3K7Fze29g zg50BKp{~~Knn`RIqF%%FGI~Lo5S1C{o#Y@t|3uT_dIi|oL!;(=yaac|+WVRsd_`L< z`$>y)@=GBuE<-f8Emml<2QDVJY=K8OX10;*GwHtl3C_Qo{wA3PQy*i5GR9C^eyN;D z*jaAi^@a~(ch)&Ln-V6b;Q7=;y#j!N68(cf(A*@;kC=eT@CQQ}TSIo66#Y36Ma#h+ zrgW4furAaoZG+_$jn$S##sk98$M;}-IpVe!?!s7zJC9X&0V-8D%I0ck+mKTp%BdIC zMs2t&X@4jt7Gz)S?5R1j;?1f~a7?zdM)v5T^>1!18|?+AypeuRqtvHBmh-?_v(Vv$ zS~!QZEjz2@tC_CYo#gMDBR7hfLyj~+_pIM%Xx!BU&r20@Y_YJwK(Ztlnx!v4tCMo1+GK?WY0$coCC3+I-~T^ zqH>JVJ)H6R=xY>*>&28g+6!Ube7oi%*{->REQNt$3OR5O9>SXhEII$I8(JnJ20Jh> za>o#TZmZfmm&2~0DJd6iFa~Y(VgDcbeCB_F3e!UhcBw;@3QmWy2ULB8DL$1u(Z6TI z%TvPvOjvdMq#c@YA|EmSAI6xG#V*2j`6CFwGfod1U>}2LG-QfedWz8qF!sDo)d>a; zS*kLdbR)$d{%Qg$8@d}81eMyui>w|JA=4Wfnh6?;*B;B@Keea~puv7Occ2hmnWX(|1cA`?BAofc^1;9$xA0$^w1 zUO-t-qd*nnN;148q8juLbSHn|u9t~vi|$#;NBZYpqy2NwgM7ePof&QHOwoa%`c(Y( z2|{zx3&%c0KmbM8#R~BrZo0omI_>{Cgcs}&%7`b8^o@0O9=KUUJa^a8LG>~@*z-Fa zJ>^X55FpDt@QBau-@`u`c5*WWh7YPC>`O$%yPen7Dtk3WQ5N-lL{+#}E|pcX(FIWzL^xnyR0BD) z337uo2rKje%4$*4=)Ne42D49q9Zi1&4E)FSLJ+mFO7^OaC?M`X{@N(W+^%XNH>1P1 zS7IV;bqPG%AB zNnynF_m5y%2v+bTT+wO@#Q=!9pwynXC+4ix) z7_|DhV6+1mIN!Hv3%RfMTeKzm4Y;Fvm@5Dl)BCVCqy?r2ZxBlYBJadsPQGU9jP<1* zZqP=Bq}ImUx#1PTik<%GyV6*x2A%XRt5iejNez|7gGEV(v7IS)J^~8 z?RtFMz-16;#o&iB)z;YLSZk*bLj^D{_`|Dx;jeMDTPb|m*q|XOjPmg(tS`J(D|TPZ z0Dsz9fBc))q|oErJ6dk6hlvNky#^*K0P{>VwFa^pLL@J0iHdbJ;RY14M; z#=C`!vqqo_!XGuPr%em(|=cf)!p!kD}_I9#YMpPQh!H_{SISpc~imJ<9|H;gdH2jK6auVQ`w^>3P*G;;5s zPQV{EW-6{uHXVeu4*Sg~Eaa599J5qyqiy2moLb@;q7N3gUEu!&id*e8 z;AI7G60Avue+VGl1Vj&VtmTGFN;Fu|L9K8RZJ)6b+<3QC~D#qVFPBx?5ID1@U zP(>U@bKV^!Cgb~FQz&Vt-`O|IrT(*2TRBb=oM*hysTI$-f<7>EOf3>8yphOcQ9o3x zOip7TX?QYjAAy$O*hdcZM%Dsmg>5c;E-WI5f7Tu=9`=Cte}@M{Z}aIke3ES!Th(>A z#l)`-3zhn$TMM&FlCk|sxFc!80 z1(AUB8JLc_yztc|Sohxevqn@F6T`T^MmN{a*uI5>!W>#f?_&|6V$W5^_Bn4co@x91 z6>p5E(O$Y+a4*IoJ!ygpTFCrf2ZTV!f=2lFk6_pwU~T(t4CpE4|4x^`^h#6yea*^0 zN>_srU0A4nU?f2mi9pV=@a=D?Jgf=^Z0r3EUZ>kJk({{BPa zg!ZN2F9~%soE8LcntxR;LLjE!@N*NNT@CwF3g(`8)xq5GP0cZP&lSxvCoPq&Rh!kg zvxqqaQaofWXC+QgDCO!KT(ia*1_Z+9X$Jg(Q{L|!1~laz0%NP;LJ1rZ3+|h*xo@$< zeXzPFp$cvCsGgk-l32SZ`bi3Y_GtW|D^4ZP;Ky)Py;ZlA-+*!N`f7IMGz0E+H^s1l zPfx9+XLA+68yQ~3apy)@KO;+xYnO#veFb63P(Vw)8Th^VHURH4A-J%R1G~ZO{;H2NlohUwd`? zQF+{c9;(WBA*fZTD#yhbqj58K-LAV%_BMG7tE);7Gjn}O3DipdCMD654b7;oDwQ;) zX|Y~<(e74SMqz8sXU9SB@#3Z&aj6<%%m{B+-Ni5!|IEszQw_sp{BF0msiY89fdX-8 zfU#_>=;FUOM{S{n4_1V1FOPYSmr~>{yyqPh5c_+glu1AbvOJFLeBE!p>81Z~@1#k>xaW<-rJaw~rxEyhY`nyMKb+nOqx&3q((t z!29ee=D%zkGSEw(!m$Gz~hSqJZ_HOFt4ed?~8sH zSf1b?D$~BAt+RUgF~p`a83R=O5nT_%sLY@G;a>9=5rLtE_{WHrqkf;BjABg~3@|y- zr;?CO|C~d5apD0A`I>#~WDI^#&8uy$P~oJD!|cC=?=cNvUkBQA5@29YJc={xt}Dzm3o=}JWLEh4yK%>mvm)d^x9X!-y-;~#?b>*m#R@S7VQZr z^`~-=-|hgTr#IWrm~2I>XAEN@h451W894^qLxV>$VajY&X9qdk#78*;ZilQ|r-DmT zA*J*-_>zNciel!6FjUf z-y5Eg9V*^^8Rc_Vtq+99xM_3P049MBqL!VGRYEN0wQL{Y0a8*)yS{xJq&+){w9=2* ze`c0q>;Vi@!Jm+=U{X|yt`G?y0t%b9zSM^ZMYLf#?b{x(_?^Bkb+uo|nWL4HHU1L8K{S+^?>7=Wy3Z`Qz_PVaI-ii5V=x|4? zjv)!Xk*+j-Eow-JFODCy6%EF(Sc$sEN^t8AcD9yxjSV&RcZSOd@>?%3HZg}f;;A66FfM%xdR^4u395ep*)`Z5%);X&ImG#K#fg2N`Az80k zZ~`@JqNnjW&^;EwwfD>{{Pw}BJ0cn3`1u$E8=Vxqg0_YkJS)JGB~e(haFEk3IiEhI zTx|8H2?l5BgtykKqqk~vL^IT27MhUqI7$MWfYs6`v?^kz0)KlrJ{5q(ai#*XE|?0O zezwdanz(!R&eU92w3_R0%(Z`rIjItN zq2g&{AZ_&dQa9oSSImx}$6bkgb@8caD0M-JqHVkcOX!#}z*;`NPic66=wGM!5KG=# z`326HYRK_hBR0tyQ;p6UQ;o18Y=eW+CTG3Cs=Hsri0tCQJjPo2ug+LM?ujenarh%R zI|0XUV$}=>_0oe7tHxiU{ryIh|6u+IiMk13>v(aig8koZ07jp_bEB zz&hNk&9V_bo8QI1LRH%d`|DVJyM>@2Q&e7wX%5Ox0g`= z&^rktPw~F2?(;xFS>!Hsk8yr<51fD0*&klPPYjfeGoU}k3KI@uQ6u0S1MfSyHN-@l zpn;%%VsDpvmcEowaWt4R=MdK%4T#xS@ER>N8&Rrn!$@ul$4b=s82>LtmBG$s;ky9T znGoBo@JmzScKDHCPn$pdnc7H~5}g0qRP8~(ukGZG^q~_+HOjF(m$)rBu~YZKy_}^* z=y9LN_fO%Tmey)q{gEe(&xQ82;3gxcbv79-k$b&0&JSgc6D=RL0PZou*Z^d3{orlx zBxhT^P4^KVm^nlhL`R-g?~RBtgiJZni+us@f|uc4L8$nfQPNg#_(dUPcORySuv(n0 zTj`C6sU%eVh9tvCgu|=!v>f5%HmmgmD2TCAjPtkT*04#G{wfyOaM@KPRK`a;;*n29tf3TGeRpbqI zD&|tjTCUnU1Ds=LeDRFv?ok=C#zY5H^cPC7yg-nV0 z=p@JE8S~d)Y5Q#oZ1J9%G#z;0aB?3d_?WeEI&cL5Z7!DL&sx8`O6zwJNK>JlLp}j` zEUB^u=xz&gs{z+a@CJ^l)~6_)EPV%F8JlsaE+tO|`wWwDn8O@>o3$`TW`d%fPYDZ^ zn;wsF@LDm&jo($kcZRE>70J$<49$^%j?k- z2P;9D68Q$HC-cDQO^{0X+67;ur=uXDuQ|W&LVTFE6B|pDioyy<)(4rb7Im^N>Q#J= z?n0yV!ERQabQ7#U;k^^z1kP1;LYv5J4Ds0W1ijb?FJ7KxBA^M7knYh&j3jJDVVT_v zZi*1<;BV}YnhpT~+{6S=c|^QdULdRo_s@b+)K8~SS%<|#^26(sEykdMGB}kfB%#Vj zA=sykyoc43XP`6KSxugvkOoxLn}Kp6K*9IjiSMbXJXwE#wXN^pi38R~Y!l#cGYP}Z z6bv_)Ws7XVWPp%-$jZSY>5lh-%at(Y7jn zp%d|t2b|ep)gh3ngb=gtU8wJ%wm_EAt#A|E3WKxBtW(JDLQf1?l$g#6-_Xa-!hj4h zwnJ2#t?Js}Q?Y@s?r0DK+k@4#zwrfUS}ObURC|`24HJ!le)b?f&fhTyBv^HOkSq@CfiqKKUB1M?n$`cKD*#i* z0J+Spl6vLnhG2h!ER}&Zt2nJipGIxbxdZ?VRH?f*zE+62Ov}$Jf6AhbDL@w9e0%h& z;lSw}Ngp*n0D2vWV~q?l@DCKPMi@dkZsmYz^ybJT@ys|z26|5W-Wd;mv@hvQhyo$B zLypT1;anHGK5WJUN_=|g#Lv_CAzKJhfIARcQzq^Mv3f9&)>ZuiQJ~^J5TEZBbbTQg z`ar-`lqo}l@$!f+66~}>Y{3!a_vIQt)l4V&8N6HLCvDpQjvtoR5HJsf=PvgeNd{*4_`L<)6qUg;54cHS|JhqmF1D+u91psB^|^WKd_&$msu`M#jHy z2Qok&t>8SWkM1xGf%r~CB?^evW#BQLje#f8Ls(i%WRO`V<9r%nw|K7|a=@?&w`@?q z(Ec%2-8KP9_`+e5X8iH{GlV~G{!J2p{QU#L(kpV&{9)D3ljgU@5^C^e8VU2`Na(Xu zBjL;2j){c)C$%eu#!)jQu(Xy)XoErt`k&s6{t`Y4^k2AGpkvqrIM)XeNgv%_x{3v5 z<(J4N!lB+A#3Z6YjbZMHSIa}J8YGv&b2Z>8)W`!1eutL)WprJ7yh z=PF-K(q=-{QGWNc7$a!osIC{>{xR2(+rcfdudaF6&;-(=>^<~@qVx-K!B!OzEcehR z6MqpAr7;MwF&z0Q;L)FNKtPbBu`&g2HDxfr(+g7eRbcNZr zGJ{{kS>y2{RDAh`W_FV9$Fpo(xd=Dv9FN(yGE!16((@kBeG3~8Red9`-(&xZu%U1T ztu5;j%u#5q2F-atKC4JUteyV)VOT3h-jAM+T?uBrzP;)T;G0Eot~uC)@o)Ny(QFZO zS*f|+{Ir!^mm-&%t215AOz+jFRJFLZOudbcSt*#Za+m(j7ZSX3g73LlCh`^fUMBKW^u0{vt8gF7#r#nxmm8*)8zz(+refhNk)EjYaiwUG zQeh6LH_uWso|l+s=A*e_DXyX7ONOyGoX3J#fH$1aG9+(iiJSM5FSA6>r(hl{vxG}( zu$BW24T4>m=CFO9+3oZ*-T+3f-A{}l43A)GXivQJ7JV%Pj=afA!yBycF5+AQm=oeb z5(u%N1_}{DgF^xmh8#mbG;=WuNT}}cPZrA~T#e1x>Wt>#KeehTdE-&<;JGrkjl{30 z_wijrJbG@C4uyxBG!W46Q4@Dxwf=<|BP`TVHJFZ4z6C%7!gmn@7#^yaT)YRtVXgcW zN5B16-*uYN(HqIE=j`Hjs_%88MjPfOGjpy>ZmYtTIVB!-F%Dv6gng~m9;W?x5u_}g zZOw62s>{=S5g%@9^&u@ltP}`D6S3-vSrpEu7JOtaRKEE!UOe$PyO0T+w=+q*VpHic zSNo&Wm=)X0#Udc(JgQH8Ik;gG8!d7Eq$yo7xtxxrANaq-XH17xzSESUPrk)&nej)t zAgB!6`;92q1#vzA@YMpesl>oY!GjI%njk3uR%WO)33Uc20cL{2@!v;uJ*v;+(E9gw zt!>p{2$8T23(R31FAK390Mx)388=mEpmpx)9Hjn0`Le~K8}TcpS8q7a_vq+)_GidS#>*2KM`&p z(?41JJgh86uOqJyy6Wt5v!txBj%n0tUBEASD=A4>JiQ1ie}u9-%q&V zaD5Ut__qpT%H%Sx3g>6xFl}jD+YGScV%@yLc=MjbIn6L*NdLb!-ah&6v~O=K-2c63 zog~0#VPEmACaex;SaYih1P<7=>fY)E8LEz+O=e5&WjrkpTg{NtnWz-!o|McgTh%A` zu}vGikuhz|HtHTGicM=Ad7;ghjUx+ST0ki5kp;UDxqM{7=OeN08bXrn!Sxnx{imZY zEb64D;V@)_o!$kwu#gYxxp9XzEvh0OzLX5vxO3{2TAY#{Afmrv!}(VCm&@GR@MQQ} zd*Ytgmn!!%0VxK{vF2U%x$NuyP*1Y4W+?3Op&Sc}tKLRiB0H}xG&@6s) z%1Qu0QG!Vg6UQetpDfn+jT^ICbRAVnmumx9YGDx3Q`GPhZsFE)8rxDiiE%`D+_oh> zX(x7q(5Y(-A?9R^s3q}_QF!{Dx^77hOzPyRT;xn_M7wm9zED$k@QMT*By&K)0p}DC zeMidcJE6FICB^kSA-KFF!3z#VH^}~vroL9)QJNMQa{y}(yZv^?ls@2HXoh-F->UL# z0`G`RhGcgT1K~?N$I*uID$c=KMQ>gKb8*I*xCGB;Ae>1=)D))YlFnAO^fS6L!Bat~ zY(9ajCeaJ&!Lxu+o)6hwcmbkD7+Z(*8cJ+~wd)1zqjLO_YqOpG1(>h@0Yvemk1ob% zU*u=-c`C~em{Z9IA?Ch%=iNPH0-wbIKx@<5b0;!967F z;*2G2_>x4S9O~rVuc@0JGbH837^ps8f#zbF6(qV?E3jbw47e7=XmlL>$sV6Oj(1 zdi$Be48kDFQo(2PAbegaXl`fSx>S}kth!Zb5epAK2uS|bMI|yA)oY^{YXSGb=6F7h_5Eo6vy13}m zt0PAe@~&W8io}D5V$0F40OO;KX(IL-WE=s=dUO-9C-1U_AX*!8DvGWl)hPPt!cf@* zau0i=9J!Z2pP^qzFN{6={L$ER_e&%4?iasA-Wb+`7vj! z7hoK7(SrCf1N-GYCQkr}ab&m1GnUhFl>?;YiVh_JYm=VFBaxu*Xdcpc6>%(67V3Ad z_}wIf?;N~|)=PzmL8!-9Ipv9UL87oOx+x&`muUq?72N;;j*rAHE9L0HDmm)0LYgjE z9RYVLBNq{whxi?ZOM^LDF+a+chT{8E_)gD_!QO~$$B^ziTd@PlU4E+! z2M}s+OzepS6xqn7o4G{FGr$9D3Mez}#rn?nO4N%vY|;az)4BKAs)^4<>&dTYxlvr12t8-5JaS z3@sK6Vf?&{A_Q^t@Ej`s_h9l}9_1?&z;DGL&Oro1*nDVF84i07ttrD{>nX{jCkV_< z*oDus;CHhU=9ANQlb3aQGX6_r4+J|EG(?y29z|=L17syIFYuuZVw{*KtD&DF08|-+ z#U#vG&-6nA4)oVTy4GWM0Pk{bv5rk}?l7MZjB=O<0i)pZZLBY-iCvt~X3KS%v=~k- zs(>>d?o&I=g;-PO3V?wJ%@J4}%W+Clr=Cjx3(2rTG8nG0v!;CALqwBIiILT9nndOk zW|JZ{lX6i|GoxnKXh$wR+Zj*1q|Z-|-UBE>#6LV0mD^ zuKRY@Xp|AX7?8$$08rQembZ^sbz;Y`vxXoAoFuF|iW#rt(*WiGjB%XlDiY^rlR(iI z*b3l@RCI90gmIiP6})_bD>4mnHy>GuO@7fh`+O6;9j08OQO3_si3VlNNmL1|0CfTh zdL>IpLfMlY1!Y(7*C-?Ktfw`&f!Q5jCSjIqN|>oQ459IiQ@hv)g*WODumPFcqipbD z{}&-I?5u~9i)coK=7l*#iI;e;E^+MtmomOQter~`NfQeDQfV-RgeU>OA|i3#JL4qW3)+fKljAS+||&by0gfI}&|Xtj0k zjdqMW4!-9T=lL~dY44%W2Ma^RTXOZ-ykQ>e=O6s5Yc>c~!y6&EL_ZsL z=q>DoUd;%$n3n4qb_3EB3VtZiZR92z)Nz(1;<0fi30$K2oAByaKt(y-jYORU~Cq! z35sT|tRng#8_?_}0#ayu+~A?89K9ePJge<-eO76US#(S z`>!F8y&S8MhWO&R(SR#Gh2lU%>EmozaK{KrM3&p4|E(3`Mtg>TDrW<5oiAY3>OTm{>IEv$|N<8;SyBV=I+6j@`}%p zEP+!-TFb}w85!P=;9RGah2Qd7D?ft+`P!T^YsAO(F}Il08g=8`0=aGvVl2q==pLs@ zs{Peix2dNw7v_HxHV#HV?gWzw1h=FAprh`|^>_)55pCuj5x1Dv@K)&eyJoX1x8if4 z<%5pCC?;8CX9s3>-BA|gHjrp9jS`e)V(nT-K=jTKly%07P;r+W2W4q^7L*;@36$;q z%Ao8dNsYMyn~R}ni!@t5Q~x>fV2Dn;G)|JH-E6hm1{a7}F}8wa2Y;*)tXreIz3O={ zxks?+uud|v)Pt3Y73maRhNf`?q-3)4S%Su=l_@uvuAl`Wx?I9(M^n!xF3C z>5YAXxn`^1p&iuWuzqu7Ym<8CKX1W#dYf8^t7^oLFVuj5;H!aOj7_#|U&eUh1)gY( zr6eh}JhB9ugCP+2B@!n*-#p}4SR5^p!4W5>BWDR2L&yB&WI6f=81pR3$CBEn-~&*n z=h$+%IyRvBi~eDS9)}6nd&~BUQFezOWT;AEEQlw$I(8w#f3yfC(VGLcIc^>VBktxw zFj~5KaO9Tp@#s57>&{`7;NhoCRctIJVFj)fKy0*ZyXB6#gdGNwU;FH0z{LQYGX0my zKL;#r24IKPcYDw;u+c~s<9LtQ>zoraDOp@z8Bof?Z*sS#0|;>GK{1pWOjVCvj+XsC z8pHhA_yXwMIP}9~^z*W!s1?fN$by_ZSQQ4Ar*P%8dk>q2@qdTZ3w1``KOr(v=#1yG zTcQ=C?QUm|ii|(A5D^0*V%^q#&*F>FkMV;TjFM5Fh5`)OjyNI0+zMsJZii*`SmY~l zsbPhL+0;!m69(ibO!UB~eD>ozVTB{9j2v*!P0&di1r}kWd|`OoFN$M`_=qm%`Z%WG zRBkv9??*v#^&DI381+z;bI$1~$c_oKiu{=H!W2QANA8`EQn@FmUs=TKE<4McU1pbJ zM!u3zxyr0E>~Nh))E5f)SSKclK;lYX5m96!rmBnKmKG{b>qkKd=SN+(H!NkxFp1K7 zCiV@mG7}zQ-9DOK;HPDZ0zXI*iyuy2zhAQ zAOTw-^HREI^qDw7y82Q z`@-LrF}5!@$i8gWK(NaN8OpFz8>FBqBziq85I_dc_wDc{_^WAsJ;VCj6EK0|-e7;E z!s9Rc&#^5o;5w&jHCa~?>5PV*G1WsWIwbu`;WxrNdfYjY|0DH)|Y z;Iba+#zd~_l8uP0U2<@w8#d!_iw%<_bphXYTZG zRPTx~+K(BSdV{xi`p9ig{EbyNrRXAen8+m?N<07$)Z~`LgPY+V_rtHZGG|xhRC7}^ zjc6^?8f2pX&R3G{t*yv5CN*0|YuO^KYdtby{hYf-;qZ^q+>gyX-1JX>*F0{e$yblP zhL*sw6e}W30@V+zYfOTjmRM{-66wFQcO2J0&x_qI+CMLgI!4XDLQ(?bHTjhOd2$7R zlM>`_Q9aPHNil$Fw0C$x{Zmj@tKImKFh?>-Aktb{spLQ>oNRK7s$Yd)*+SZtTS#|e zo)NskSwzS<>&PGzSnaFZIn6VH)es5RqJE~1hWIwg9g5wR%p!FIE9GkOI8G4^R9N>f zkADW!&+f^O1}exNwu#&~MXuUmmE*l`3I;Tk80(Dg;+!rd+ix&Glcv_nRIXkh4p00; zxOcSXaXXjn;aCE_QsjNzYe+Bs^MF#lB%L*D~2WY`I2_diHJDMIGT2pv&ssFNI$LgvMBLn^MgaCo^bVHzf zO(DYt1~c*PhG17cKaNrh0_DXW4uDsvMYAydFzaq=9-}aTUk(X7FoF+4f;|XLV)SI) z*e=%d{j6{dN^D z;mVv)@wJk(BhF0919|MKJar9HQk`9c+K1X$`@#HvAo;*Wbb~`kGTQpE_eu2vk3`#v z9tyjcVfmVM>)eOx9sXTo zTE9X-lGfMG*e?FxYSq7w-Tni|Yd_aBPo(`1^f_MpJuo>$Pi9vt|53z^W2(!-^Rw8=tU$> zD(~`q@SWC#2DJPW89GeC`v=>2zUq;7{3Gs-PRMMppPDB=yWA|3HRyl?DDdN ztCPB6bJI(>d{%dUgbpvmaDIqrOzE5TSmrlEv&S@T04da?L32E*2SEMUY3Qvh0W20H zN34MY_%*uV&TdyD;>d_2R1eM`(<+)^4Ls&p-20W|jm6Oiv1KE^>o#%2{f#U1;Cm}A z>~M}3T*7d|D+XV=Vuq&V{mW*RNN-W0?y3cg*7vC%RB~nIDM@V1_mDp9|Fm;ZnbQS*a6MBXFmd|iMHFwe&`vRzq zFXvXHmNAhzLwK0Lr>^N;OU1w)Wef0nkQefytZ4IH&U+3TOb+FA{E$3tpDUwhaR?tc z&#%X|EYh>AXtq1xF4bDA`1kUIoN|9y-SUEQHPVga*ik`=w+Bh6`c!fP!RB)imu5qS z)Xmno;{1~R*B?PkO0|AV$YSkj9>E+0B~FP?z(>|1R_IPl(cvN(<+Or)#pKjnm&mnk z0Gx^)Ku|E3F-Wm!9m*6W0Yh+-M@d9Y4)pdR*?v$=|~I)tmqAEVHjYRh2QY4{-^_{RYmSG zk#0q0k=X$976Gy`1_ohx0Z!3Y|K-HsYXv)mk2EXQ5|H>7a*YhX!5INR#ekDfCf6f; zI08mv)*l^)my~d{ESO#cr$6Mx{BaJ>4rs!dIguvh(;b_EwA6nI-z~BZD-nZ^8G3o23>C&Ta+bPfdRV1&M~X0+<5- zHb;_<9)a0oUO7NdFY(d7>MwfTy7vWSFoz?Kr#GRFPZ7h+L-z&M`v)kHTWD@WN(@th zf5HYS@YNgqhDva>SL?)4t=Zc1O4_Ncnb%N;Nu)Kpb&3V zeXpYV>0UR73G6+UQ|*rFZjnoUOY0(Vi=au|P7k11_2<8H4%VioIKT)c(abqzf)W3=TtNErxRi2pCAC+v(b7Q+K& zJ)VRFt?}wHDAXF+>euSGjJ9*Q1xdq=@DKcurgMceh1Hf1IFfE*-+T?X(BHAskZ8u- z(x02d2__Uw#OdJ#voL{;>-bTme&GILXZ#E=m=^6}S_BugGa5Vha>c^9 zDd9&u<0U-H=jb#E3z6}Z^8)ope};Ejv6>33gd}|EMp^qvJVSR--~7#}2+_{S5yu1f z$5nwLvV){0A{8OyL1gHLFsS$&M$FB&d5nN?w1ap+LrUTI{*g0I1VoOoB_W7T^Rl1~aVA$W6e394L?tQm3f|1lCdx zzN1g`LtO*TP`9&=GH)+ zNMpV^q9roDoQX8K{=uUhx*LfD@I-sv4cU!-{h zwNox*hntAyh|kM>e1%yp7+VW%Ntv>FysuR&J7$nrc-}CX*VZ^v2Z(*Hj~qZzG!+Pj zfrljksZ;Qhn)55l{G)?EnOt*chih&P{0M~K@Disf8YI=zLl7E*S38A8x5~(!)NEzZ;*YW71}BX-bfGKQ z7ZIXE#gC;Clyq;nH$)x|I(hsp@&RqyCD7JkTLwH(0%tfz77F|1Zonns?Krh`g&x$0v0sEdPS2%2vQ4r+qZ8Bg$V{@&L9V8-)qC5+UIe7?lyIVl)D-DR z+Kq;(2?>5^Q&**>oR66$Bi(tm3nso_`nPpN#`m z48O65OWMd-bkr*#%%)X%!xcbPB{+8fcR$x0>mkQ(P+x5&#HIO2SttSpV!1ky?NU2> zK(3%jjX!7x_^|J)L1ug6N*IW6N>>1~$;9^vPs|S$KfuxvzY7+<;d!xvetT3NMpgKc zsGGK+p73tO<%~e(CXBjZ$O3849LAN{$RXIy7~YLj&;Cq@Gy`TMeXKph)bW zkQ#F@f-Oz=HMbupN*QN1xVU(HX>0uUm1ve$2(isa$LBZt;f6~JfjZ=sIiTUM&^`Is zsGN-tqMu;vZ#Uu>t<$(14h&5!1aQ~Qa3t^YOpT#xX#i{`vZHGcp5$h~bK^=W=!e*G z0nG0w-;X~7WW)ZF$Jq@`$T6T?vnG6aSumEqp($J}ngTKXcE1dP{*u=xS@)y?Dv zn4S(f%0Y5X^uN&|#(j~}9AD)BarZ9pQB_y}cY;I$5+^E`C|H98NxT&lY9d4vxy+C|1E+&vZ~xtK8K5 zzrVH5nM^KF`#gQ$|L1-Ae8`z|&OUpuwf0(TueJ8tdtXrO-H{6*7)=xD@nX{cSSVCc zKypW+Fkd26Vl&{sgVmtpzjQ=7L|g3G3^@PTW8iS+a6zgP?NQ*J%e&M!+Irb_PP)o! zK6=7^MEwP9&dNtNzC1^i+ILzrA(ve~Ohap_l){WQ?FFkfyH2ND{#wzAzn}R%{4K5? zrf7CU9h)m26M)5uMp5!W!GX0C!wj69Xw3EwUF+QiBuKK)r_sdetyLV#!;aRR!=9zx zvq>ai8>(Zm6#{vPTHpL_w@-}m1*!f~>l-#cd?jT5=_qPtJd?zQ7Fn)ge7xdCTaXUs zZ$k4w^qFm#6`6mXRWG#J>#Y^H=9%!0SHmlJo!YQ9UtY$H35o96Ouw-BXWFSl+=4~# z8;`sA>r(5!i;AY1*tBqGKQ>qs&cBuSGRYfKWa4tlVka&tDS=q$7qogPI1T!uJ5YpfD;M$4a=8q=uzm5%$%KQCl|kwsHy!_0LAdP9 z!Z!PyME>H%ehAH#k%`Xtvd`TE+2>?k(rH}_mBx7s)h6a{$Qa)*c>$Qsavewe-zs$d zzx+tkA1~SXOmdLa0Q8f36stMK^nw)AX{MN{kz^@*yU-0xD5hfnzTU3cj4-+0rLN-H ze#K@Z^QjcF^fAWfX@GHIp;zV#p5qs+Pyq^ttzZ<2678n>N^72RBS*o}8yQ%ii;fAwHD^gGKwtMYC_Oga~ z$N$#jZmCD~Y3&j{zU=Z#YHI&eUv+7$*HqWf9+K@S6n-zCY_&lEFXM`&8F6KZ{j>L zen;b1mXi9qtw%I=WodGwJvqO$%F<%VGufRxx17J-=9V<0GHVA!8rEk=V;2)3dB|)4 zGiQ?t$gcBOyVZcLk%4&OS>UHNxMU{Wa6S_k8c)Vb~Zb==HEy zWYy-CTeY3cns>(_NGzD{Y}PznxpzTw!gKXAerOHTEXdvPKK-$DV_?n8`z=UT{)0G> z#eZNtXTRIl`NV%jkr>{bu8RNIJ@FsA;)8N!2{2ZaLnwlE?#yfFMmHP9UD%Q^%L8`n zwsPxNv##yCbd*OQ_)#9FkArIOYSD*5&Fp=^C_z@}k-n=bV2HtRu~a>Dx z(UW>0Z$np9y@S<-L>z?cr#5E^ z*p)HfuGlTQ#?Q{zShNA4hkxc){xM;t`MWjpi#?u)%U%v8iW!um43N?ICFr+k*?Xae z*KrG@*St50Ih(37Gg?#ujxebnq~@@+P(A0Gy%AddwtL3 z-JF4%yldnE!$Q;hp+?0OH6OTB*Z5rgoAb#%tLKjQ%I{{|aZxb( zf&0@_dPV^hl3|WHvRI`Qje!CR3J6Pi4+b4PwZ!gysF^eplx|8-G^=#!wj!Ct#SxF~ zK2kmT0}9xmV;kQOH9c+${Q9s^W1{Or@?yUbKFxec$z*@?4}*U2`)Myw2F-Ma(m|h$ z(inss$g~=*K`J!)_=;%R?oeVk?dhbVTO_6)nAMqp8$GW-le(%~vB%N1~*$x{TfmEfW5kLSqi9hs}_QPK8XU z4dk?(zhn?$gxDe0qI6MGxF+3eB)GW?60kmC-}uLc|AGH2{1F(D)d^{P;>e<23{n9# z_m00+a(*GKKr*NyJ!hc&L*cEYQ07%Zm(-e#-c|RwdDYBb_-74ikT=QhBqL;uUI`Q8 z1&=RQ%lx@$@UTePi=1Dl{D7!6oKnNv@BY^tZetujntV+paZWa?0%l@(I9^Ph9dM=T zgQo-DyyOn8pPihi&S_6ZqIw*jYKQxDP4`HwX2VXUtGp02!rDf*EN2;WAfL(Aw(9b1 zG`U-Ot1S5*1bDQVq_Iadj%~*pEA>m_Mhk6D<9Ax`1^O>zd|JOQ7@sOpzLhv17hplJ zij-}-p%PgQ(0b-7qHImQ9m`oC#wL*Y_M?>V3E~D3Eq8ey$oK3&QY-FmjLKMW5>1@8 zWI|$K7UzHHgXY>3C6ESYEZS{JI5A;qI58S{AGHidA_eK0g=2j9*u*oDGX^LWv(cB{ z{fnPZCkHJ+v>4VkM6ELW|K(dstKz-4Go;{uU&8rI>qECK>W)Ic=4l3$=pYuvoRxd) zOF?o`=J&%tv-}dA2*#zU)aX~_#wOFhN-MZ+M7p}m4@K^eJ%D--aP!B}vMY0ISK!i4 zVFuGyk!^~`QrhU2W%2Y}p}@szD7GtBL%N5Ye$T-F@U=nzFh8K;@tIS^9vWLB@q!2o zBqH%T3;=@MJd$PN+K_{!Hd^f3u8mCk{&7uEKOUsj|BzcHn8>^7;=m~W^B3fC!B|_Q z75p%^SaQ4ShRr=|BQG3$;D`6_^*`I>f3`r^M9zOsg_m}X#zLkF!zo5!_WYz+i6ly9 zvjqpy9!sLk4W4*Mtq`bWgBzG+gIh5rU=FZviL-_CEsZkY+r8YCm9@m<;)e1aUb_A* z?qQ+TU#Kee#9QNkW0V6lqgL2EP&o65z#W+5*{QkE39lqfTtG`0^ z>xnm2-&juA3gXBz*)rL#Dlwrob#yp30fu!RH0K5cia@d?dJAxWjMI|og+JuM8S(Dx zh;j4T*|6vZ(!b%dHKF+n>6A$9AK{WUk&;!>YrIKSu{R?-Hb++OIkjp~>Wsv|!i=%6Ge0 z#iM=EDiiwx!ub`LbG+Sj!%2*>N2BO?EOpwnjvdf6+6Zd1?J$d<_U0{ou9f{eLQTi0 z`{!60Y=Bq2T*KFM_TL^8h3%rlc7CFe0`Ek@W5VQfiVD41_lo50+|O{F7sNj%bEI~r z!_wim%g?Y0jE2?q(xzn7*dL{Sv=0DIu`EbUU88BLegBQvRrhc_0z3H*7*G`}tq?DP zGsSeaBso6!9%xapM;P+cG4Be=sc8kpJ_&nz*Sk^+{8C}zTAfjfDlaVcBCgb>eyK?+ zH6^1I^+OOOhjMtG_JjW#!r!d2v~P<^fTG$TzjaO?*<=1Wc_*{}xlc{MWI10L{kiWq ztBAk-YuWexBD#=6^D093u1Spz-XF%EcPh@dR5uXgrcCld`d9I+sm=Zq4i8MhwE7;J zH9f5w?0dpowKD>`auaH_y&Z_9^;Ly#fArheY7inlOuGe)(a{ncz0=E;x6W1p)v&4d zoj-^511>e$jt5aOYforHXc7zIBM4K4K|Eha#jHw#vxtWRUvWsxi^x1{!WF4HC5KIy4uOB zH>25yFcnLK;`G~4_yZW~1OrMye^6IOFKjetnFQ0!tY@^wol7FMy@dN9WI{xf!;b8) zCUKddw!c#}II5fk4857Nnp3ms8RWN>{oN65#AHR$VwGUbaV2r&UE%w6#P;v*lbK*E zWqenin_}6(uJk=FB?X;XuUZhwQmxTjz>SudSLjBN>!w;a`b;;#raj-`D>y6)#TXf? zmDLBed24x(A|;}=y3UcZEwb5RRhnrMug9HTvw|uuwxwytz=}^KXLksgrF+KxFipGf z<^;aUF2cu%x2jzYu7CaW_u#DQAW8pLs9rJ@Z6^2@;(s^h5xai=^>1}mK%NbKgNII{}}%fCf}>;GwheNIpW8IG1{G6`%*|qR05JA!;|dyv^F{Q$7~K_ zyq?ig9F&uIO{5}TbAmVsenT1XcovW00*IIx*{cx>Hhm5Sk+V``BSr};EVj^KD#n9D zcbWb-_b8KU6>U6&(+7+SvM;u)pTH2n%#U%)^ z*hlkLs}58|ql^8-o7af};!8K^LLI}yYwPt${~F52LP4#uT3fI8`p4cLiDkNB;809ypZ&ig`+2 zOY6$=-0AE)rKFrdTVpt2v2xx{tu_cX-a@ z6be(+!OLhdl;2JLDB7?ur|kx`)BP^gbHyLz-5c$gSQPPc(7&OkQ!p$m=arE>KpMhu z-PGUI{f1D}QTz9(@hv_x?rl!qK%qcz|kC*F_UQ*AJMULtE*FXzVp_{t`(EM#$RKnF}r| z8tSjt2)yhX4I@f}!G3w0wJ$FgJM*zF^caPuriZmP?>@5i8+dhc)5s{(;Z9 z^)WNPPvk6Mk52Ehx-?&D8#SkJqw(9tCz{F_Ruu=2=!-rhxx;s>qX|16*Y%|1&!35n z)}}_nLr2;65@H)gLgsB{eU|s2@;@OAPOu8df)83_4yLjZsj(x18_Ku5ptfKYMVrMc zYh}MocJ)UPe8(h@Td_XT*zMvl3I@~?h0{0QetgGA#iCn7d82*QiwA{zkUFd?L86<5 zK$zJX{(@KYQ?U_dG`sT5fKSe~5B875*g&9nBr(JIj1)gM^=k z@*4~WG=!ajothm@EO8owsL+R1Y;V6xK*XMh1#hC2)P=UigbA zL;O}bk!W&z1|Y`xZJc}p)ks53u?4dJ8aVNPW#fL)_+oWtL;33)d>$CgsY>deHwDW{ zX;|LBq%UV?pPox$Nn%iIO{^fqPM^Dv@ z+QIcVcbm>~Fb>bqH$}k0$a-N)kq}p1>R6JeYtfqbxKuYsj>G)D`es3x-qNP#O|QSuzHLF?QxKW(i6ac+e|- zECWX2E58KU0g0T3DJUMER9KmbvP_gK!sy6`Y&Yp4T`coOyrx3YvZq50x9UftcSI|E zCnQE6SQYQXdFmGpCl!o+LJlTP+X&f{?CkD0)GQ_bjra2l4Yc?=&U2#Vezm8Qfksj2 zQ$|s!d%}dZV-Cy}X&cIa|D4GWVa3mqhi07_>vLf05Fk!+J(2`U&3t2d4?u=MXHcD{3wYUEnu|C;uI%6@l zdZ+!6mV6bSI!7vQib!HD#>e!_MTyp)7!+XlG!$wzRG-+78b5tj7%)`z?#G~pj985` zs4-=u{1lNf)*?eGteU5R(#PLI*cI*23#>bJ8uPmYJ~cb;CA}R)DjlYlg8xN`L9+!v zyvJ{mIw8i9{7vUrz2eKBb1q(|LgLF#4Ls~;Ir&$jSSHpmjX;&hXyT2NI!y9^>mkVh zE+Ap#7#<)Lj*YKqDDP>w_6)}^4kxct6Af#_-jKyFvAqZLQ_1u62t28#?}w*gwQ(R` zZw-yApZG@3GOk&*2Z!g8iJqU8H7A!0)8wZDB9ZgP@0q_WE2IbUc#D_oy<(<`oOjuW z)av(UZ+pQVvyLCF05ww%SoV#oRP$Hz=(j7Pv)$W@cDMX6>M9L$qDY0+$B(f6Fd)sU zh2tIeI?fZRuct12G^|r+260U-IG6`MPoz5v1P`HO*RvY75J97 z@%xldG&}zM5{J+1k3D+Y#6db(vLu|lylibz5su$b5RDIx#;?f@HCB<-7H*iEi#>Fj ze#XxtjyRY3D;fJucUw->L;e=VzLkeMst01_t~u7P(OC{IbgEq}W<+J9yyzYFZCh^N zSfWZ$nEHq*Se&%efI;C9HF1NnxsxLAZ!>hbsS4tng&HT=yA}Q(#pna_MKtUT@U`V3 zQkKqM2vamU-jHGZDRtw|aMO^-gx8Mu736(Si;S4JegE=~2BH4!`ddvUc*JNkLBS5q?Acts!%>)sV$kU+eDB(t~jPds~1x9A`d3IW0M-{Ebb_F`)Zh zm#IXDi90RK5W5j&mut|lGO>Ru$Lme|qEfp4o2`Doyn3h>{o&q|VBrr{DcUDixFrH@Vzvz}D=|Z*CKeUYzy5+#WVeOSdh(y~ z5%%C1Bh=hF-BV_Ru8Evue&{~g#I3}A3soyJurzQJzW;E-U@;Dq@+QOxw{0D1<43_$WCHA;^85ixF zuvGUExsyA*YrYFUiDi0a`eQctxEg2#`tSTg7@MviPd}axtKEPn5V2ap?0_)lqYl@6 z(>uy4nN5DIH;SLjK#AVzh@#T*t}Kowj=S*y?SFJ^hhwTj3k$Ly7rUX#;H)vLGz+ER zMkMx0H1?i%$xzpa%~phoQu;7&Jbf5G)b-&M=W8x`D&2>!Xxj!zy7z9P2fFUTACzVE z;3ZZ~x(9pvJ?Nc$e^(u7Gi9xpa_W+%(s1j+pt;u&Fc2-gr+ofcN`mLoI(Er#fN<-hqf3xrF3j8(|^9Q4uvWy1+x#>0S z)MYci_|GWfZlOkrY;!n%QbYMDYll(HMXH>`xfD>--luN7D-7!235SOA9`+4~xea5} zTRln@y5V2`?I@K@SV^(xpOtA5d%nJISXK>j0AJtM;WKMtmfTP`uV9M~F;px*vlXx4 zzot9FqCpgZxO3kDAVnz4ccO<5>@*4(~Rd^lh0D9 zYbFN-+*5TEA>Dx7dkQ z+RKz7R5^}b-@`H0Hlr4JIC?Y-MYPu%W0<|H`l82)Qg&Kc^6%x1@qrc8a)G+$g zP@}S-nn(B2Jcge-*&5qPTXMbKgV19e!m+zH@hsdLGn;_qg|g$a*hXFp-0{L%^bWBp zmPBEqim41r?wJKnj6CB{-_p5G$x0G3#Fm1P{knx}R_!$~&@&aN;haOz7KGG53kv1^ zB`z}&FbEf@d^~fUzv;vbJv-_N=@o`T8|U%Q`i2wt8v)I(_j)UfLy0B3!(C1!SeMLO ztsXKXzzBE}7_y~H)SvSVc0%yUyGxzw(;Aqk2@|e$x~{3O*Cm_?PZ3o_GBzjulcvc! z;(islKX)p)_dK{A?w{SU58Q7#Ap`eQAuUn$z{cr-`N7H#`4=%~e4ETNG35m{{Xlqh z0GjxR!0s=w&pF6}4YR4s{&wF!z+N*v1MCHV+!xrBm22@;!G_^l)O?x&gDqG5SW+Mn z<1h+>F7qxJ;Kbt+I%o7Lp~k;agP9NWp#0;;f$*I%H1QMFk1cU?MAi@jh5a(n*+C{2 zj0DwCB|Xc-OtR&{9hRHot!-&-gGOGyOZmM6>%P zC=KNkt(v`c_0UC*W^prq!|^910Kr^Sdk%MTSP^WBBo;YeW=$@%^m^SpNnV&f0;0u# zU#IekoY_yfNjrV+9sjneZ9ld=MX#_r+qdY8{8yJgS#Z*AQT5MpHIdPi?GU-Xxei`a z2x}{Sv8${DysS0z>U9Yx&PME_zQkanl0y)Kuh6Am zoxuP8lK$}FSKNAs_}4{l)lH$twquxX5@lNNkS^3Dr++HR)857c9uS`!?DcpjlZ_5- zz={7~u+dk=(m8Q5Ufg7p{g@#ri>Zc)oj1!!bfos8- zqH%}-3Q%0@4as?$TPf0JVWdu~!c(`DS$W}co>dwsJa z$0lg;GpAvCPGP1Wqi$Rs@hOfoiINUGx z?-!`p$KIbwV)J^Sf8lH`e{jY<)ITjyDqgaW>z3ESDD>FGqSH77tZ4KpwQL&Z5=4l8 zg_=I$ZR(=nQSu$3@4rvJl5vx|FL)eoeJ&Lv%ovoqS^iXTqx}W2zk=Iu*}Fh8CeWud z>C>C()6-boOqV_)l~%G=y^5){BWuSW$hSwWPKOC7#Is*LDl<+ zx2_SN%7?56MaQpFAzp1a$FJjzV5J*Fjb8@?{L@CZzv<7<`dvdqjkbT=t|LQ@pJ8#k z{FwS(jOed%TfYmlcr8Cj{wPo@?tH%Fa`A3rT((urUT*u{@=clYP{SV_PR3AW=7qh> zYvdc2zk5^xI^wbJCz*UzmbTQiq<)h&jJ^V{u3l{YY2jlyl&|5-?Aig%dl_n)Q=!CBNGH9oBa^7ZR1^w{NAqB)=2wu-wlUxoA-d$GhY1wq*{-MNHBf%IYEBGDx?Sq`$eP3@hX@xh^ zv$6mg9MP|$bWM#C!K+3vgfH0NsT|}~D(81S_A!KiepH6a`P1+AHH6>Q`0v*^K5qUX z>S9|l@YFau)abYT^-OL1?Ck%YoCc!}gN$2$;0?%kRQ&>js%?gBxje#T4>h^-x`OpcE)h+tdI23iyv18`h%@M&+Zg1} zq6puFL$+R0khL5yJImX8yn=4*MAc~afTo4}Pn}mf{P^1Z`nqnzoc`hP3(A@)p-{ND z@HM(4k@wT{v=C^a+xZeFzSOi(&JAN(oO80VoqOjN)v^OmpD(q5!uJbew>vN3%%wiR z{Xn2*xVk$D*?N~Wh~J1ZnHPXZ6MJ(w#}BnLAlUyik@M0tP{Nu}4mNYI_}?A| zUODh;(FMhr5ueOnRynoB^Ga)LrXI)ULfoZ#aezi?4F~w~hC?;}W8%2u?1+uh8tn`` zXA~<$>BcN?!b5Lp<5b1F>a;bJt2)(-`TPC(-%YzSg&KQl{PCj>;f9-v*>Uay(I|dF z1v^C$FY>1t5;-Sd!rX4(&5$)H9zVO-_E}K`&-dI&8n#V)zrwvc9a~sr_)113r0#lK0C^*2AkNx*k?Z(JyS!D;Cza zVr-#5w-D@ScTcbr)2L~OW-Z4pMg6$sh4e;8y+7}Q55_&RFFv?n-aqGqRc##l_g4)5 z{e1YvwSwR0(ECr@8;8!^(*c0YX>RJh>)OJ{NGVAQdiMMhX zTDX^=;hq>W^+6Xc2!1?ZsH||?6v9Ayp_o;(T}i3n8U@wGx@Ygdr&z+0c*u%-6JLTV zF_)Q{$Qh?s?Ij7@`m2tC7FK%l)}nN%~Gyv9~uxKuwu{ebEMtHoBQQ`Cyzmq0K3u`KwpP85u-ll~Z>Pz&Ixkchq1u7nxvO1y@vtvj1*67K{0 zQw28zsCB%$pgxfjqswc^WpR|QKUwo{S5twY?txD!I|bXUB^sN*Nn~(drWi!cDHBM| ziCThCbDKSil1#yT}2)OLR@-453BaL6j$y@Mpz@mgX23vi3(+JY+)h*j}c!rJiyg$2o#{^mNcYS)Eh+xkL9zhwfXy*$2AGff?xjYKgA^-Mn)_S^;WBfaGKL%?{zO z7LfKg(4%LT2@>47Lb^{3Ud+{wtxEIqJff52--Q~*6v%f|Dc8V;SabVgDqs{2w&c50 zT`c~yievY;aNAJ6?dJl&FlZAqn>EKG<1ep`Y^XPGJ;UCW4f= z@3~(Lr20Nr^(AsnFC_yH?XGIQSAM{x5MSZ*yt#e%!3bLp z%V2~b{j41$bO_GZ*8SgPd(EGDC!7ZemWCI8w=K!a&5yn%S~qNC!ftv|VK|{bd^61S zJNi*f_7(&gjqANqSA6luMIijPVfAHMwWs+C+NP5_Pa>_|NAz|gSzo^}V&^P9iVjHa zbRB^4tq%COrymcRqkR9&X`xFG&7gkKPuo%dKtFka@o~>A&A($9Yb~=7Ygk>pD)iVU zkzyE&henxS5xnSFvU!!9>oH6^zW9+A(1S1Ip0__EsT*HKngpOGs((l{0ccM99gJZWDcn>O@1 zVzJ8m52Uo&O<^8A(dPq$FS!S$-+s!p-JSSj){GAGr|?EW3a~|&*&t7(;q*j!NByqs zS$`j$SM%QJ!kV{yJejX$Dsd-;^Z|E_-r?B1P3m2LijiLNr&!y5iDR99nSE}+wmQ9{ z9c;RB{M*CvFI+pF_TXPmvREdgi+R+)s;T$_Yq9C+Ia)-f-&EF`nj@0nOoS_JoqIe| zK*Ui;mk~{~5|T&>k?*j(NbrC7kRVM}MPn*ZN~J?IR>j zZuk+~$A2eEh2yrsiy8RJ(=Q+lF!BU0p{5wGpxO~cvc5({92>^_?uANltnDrG9icGz z*HTJEn15s+%g_0T(-;1#tlq!yS7mk57bg&hN~eqcV{toukxn*xb|!hj>2}&A%2D;h z>VT>_0WWI)zit2eSMxw@Z~NCjWD^Dph#0GD8R2H=x^^!U%GFb3?1w3$^Un$L;pn?h zbg=L7+Oy#6=D)Ksfs{}RlV36YuM>UwW^I4{Jf8PD4@@6w^4DxYRt?_(1XrH3L-TqB>SgD z$78$dS+e2(3Z#E3{=+PA^Zvtc_#AFVkE$tit@%?qt&7CsaxdM3&|{c6f0B|2w=NRf zljqaIwEmCyDGSOW-AOx#=D$Riq!ReUtnSHHK&xbJqN@shg`BzyNk!3^S2h4(Py6xVgk{(loH)T;;~|bS*b@Q zFWPqG%Hv~_=5mN9{~W<$Uc%82G(Q7Plhj0`?}I<&R}n3m;$5HRyrKeCYBS;SzCS(` z>6JcH@a)WGgdfQly6rUFjmuc!!q8BAdQd-`KXR9N9+2wYNza zM+*X9AX}0LJ1FN2#Af{c2M)$U2V>4%`+)J7Oc>w)Uf09Gn(6xlQJ4>JarTqeMyKtq z_SpPC`8eo7`mgrtp#O%qK(n?9+$a;cik;tnHR?Jlb+j^C!XAyTcHKckuGvQiJ>;-JDGG~-rfE0G#wJ?q zizUf+jmN_5!q|*8Fs?9+8Jz`VY(0yZO#UAH*(i+W|XXTR34vuCLBLX3wXKd)gYVjtl_!_K@=qgJ{k>bBro zG*Y|jpV#^(v%#U;j?$ZDS%s~w^IE@vjG^1K@jFj2WasfK#FK7ZQ#H{1%0r>~k5Z22 zm?Wb4>brcyXoWw1WeRS;-WfFCbbr@0|Ls+KrMbEG)lk7(*g~s`ymv>s=(wJVohIp; z$muqmxHkbqe!JLsdj4ZXU$iR)huH_(zblcmxBxUZ|D6hP9HuefNq*HR1J3fRT+z1t zD&2d>UM&+Xz%etw>I9PD)A?2ZxUXv*pPjZ>94+{v>p$uR)_2}0398zR}PxO^pa`x`V7E@83Mm(dbGSzt#b!CWqef@uO$2C8>z zTN4)?l6f#GJ%E}SbJtrA{6f)=sT5v2!aPv{P~LYQdQ}^l*W^iUGEsE2>DO?1YioYi ztX%(L-|%IdWDAV&F0(z1R%)nymukpt3fDnmu z)j#2~7elw*&Ie4Y@7G$tdsNM#wnDJ{y6+cc{RtzCn(*hmnonM6RU#a>+7-;E5K50{ z!PI14h^VF3s5W>@AO}mKKc7 zcdMF={Mz)e{ktpnE*fxjm?d|$hmq$nZW>tN*Nl_Zl(puzdRjt|Ffou=ib+Ob<%C|ZBVVFfogddJw$jrKj+@7@5t@5i5J z^8v-z`J`ABcyFC1f(Gjilul8Q{NSUG&bIT9wT6foN~z)#!xWzw=B?t91CUT>+l z&_yE>c|U)p$ju#q|EMwKM>Ooro;zNR5vx$SL|$W1#5;L`JAbT~geOP6KzM0RQK6g` zDb8X$DMPL-ixXCty5NBs?886n`1DO&3SOnlI=6RcrH^Uyct)6v-~c}zezv->i#_nV zc5b~ZB@agkZCihM1h*J2S`^kH=B4qKWF;+zkx*if6e|MO-ly6wC?Tz-EiFV(N&J;A zV?s3Y8CE%w4TF-f6dn1d3r!pf)xm3C+x8@Q8x> ztSOTZ&W*SBG7)5s;LRLiHgwMrr0?i+@~6`|ylFwY>QX02ZtV#93~cbHuCnzZVCdya z7l1M#Pe-oYd+Efsd#@33b{y$lP!V*`^_^oqu76G!0Xv;fTMYksqdsuHPXq0ZuD{_j z#+>?Hht8VJSfueuzt3W<(l9liIOgfZF;5+Re9b6gnI|<*O-K2P+eP_`J2~t^FbG%~ zS2kvcEqixjQNAK%8@!pX|Ftz$fWMY5=R&Xf-Xz`_^LvZl7qB(g0O(r)3jBia6=2o% zc^}TTz_|)I^&U`{0qUb)8Bl*f@nI$Yn*op$hvX?fy+xnogPm!fDIt#j7diTq)}YPt zkbf8|*uM{S#Mo2pi4B|H(1%`uKN0k)&Cc{ZSZ9mX_I5<9fFsylFP^vf7w0L54kgv^ zu-CLmsGq1*E%HwB2iS>4g{fmRKg;~B(ny42+Atrgh0+?Y7Rg!(&Ht`AkVpf-4O8?0 zfS4di#~cPd6VBcspb@=~yqX7nkR8BE8Og3Wk+)i7vtvmB=(UFm(AuVOJm>E`q}hSq z1@_Dxk(6qOVz{Voz>`9iTEIkU@-a{Y6z>z@q$ zEW|3{A1T$Ts+qpyi5K;|hP}1xp-)y9{o~XuXlJF-o>gG|Lx4+42bhSHG4YWa>M#rx zvsgd)I<4zf(0b)=nhVW0_rvu@p)83Vo5O759Uksyper~#6eudvLok2}^j1RdRVBbN>IsIha;ypSl zvqzFmL1&2mvrcF~HX5aUnzKBu(pvD&0sRaDflF>%kGE~(=}l`V3Qg(PoCI(EMUGNyL;Tc2UHx%DEo)UPdHOHv+riZDW^3AUN zU9S9hGRvRpYJ6^)we`GR`flKouJLd|dIXgYoqJ}(&ZBCE@~iedYQ5QgGuwSLC-a-6 zYq!*uD03xF&MdK(5)C^?hZ=uq1gPNVl$x7FpVOgF%_+j6EHPutyf5We&l;3iYA*Gc za;aw>!kye{cr%oBW0BD>Q=Jhsca(MX>`po0?d703z(LbH1De!mUc2XcdLE7U&C7g! zIIrFFJU!?2ff=u@5$qr0H#3K{B!b2$WLv!{C4#1(Ss;(MUWG7@N>)Z#3YX64 z)^0~L@YK4gKA7@(CC6>9jbwalNwlVuY$(7?a%I@R5NjumbZkTNAj0Tjg;du|5~~@A zCNciBzsI1TIg07Df@sNe(Gs?^+U_%SWY9+w5+ksODE|p2I;-9}KZ`A|I()Asr@Oo# ze@hlR^9NkbXy4^E^D{%In5u6R{4s=7hk4PHGWARc=|>(Zlg!Q7%h~DwU&y;{*oIh7 z$EZX8CrQeyCGRuTOr7njOQ2iooa9@TjPi;17)})sN`7|-=U=!pQ)SK~h@pnz?#&7A&53%m-2fTN@p(w(VA(g4 zN_b`DJC9m5?{cA<_qZhG!SLpn?#-{>qP7u|;FO2;&<*CBtje}`*7?%H3-h25^=Bky*P?{Sas)noX1%v&oobqc^KWpqTB|PL7m+FjTM1 zh1g(u>}0gh9HPKMMwQQnvyq66-tktC*so#r6eMdq``1mz|GbYsvXK{Y?I;1>1tU7K zd~yhaY9pQF?-#@~9oD~(5f_uts!5A_VXiH6G!bQtLq@DcGlQ3igI_$}xAb@7g}gGm zl%H&u83iWCFFMU}m?A%p0fWR&H!`M8Am+b3yCN&c5S_ z=J?@btlqq_b}1icm*6X4qA*%B)OZnNXh#e>-KU$=hf)`lq&R?nPEpwE;gr6#(hKlD z{6|ZTsz0_%`A_U(5S&vWs?=p_O8+A;%4u+wBtNHyYbh=yL{~PA5ncuevX6#`%X_*MFc^gj7ha3GBw*GcL z2p0V6KO-fiC((w2sT@YZCbe?t{nHh~v7BxLFCf`ua=jmaJAC(m3y2?RlhE=H`RUD6 zB1|IhSAHW)R56V#RSW!6BlgU1XIA-dZVkxzpF!pKs`7QN@=Cw*Y1+$eMo=>clRV8~wuzjB zshR%m#0Mu^-RGw3J|U>PM0HPhbq^V#F4C$g>YftR&E^u0!ydb=tIprRRDDDFu3G}A z*Kuzod4eC_!B%rld_K!9rf!7jWdB;+ERpx%f4jM(MBcR@7twCsH>{@L1U2OxAJjBN zH7z*H@8fj=@Ht=TffaO>HW}( zoZ?U)kx^vxc8cKs$^Y?YTPbDB0RMp*rM7-XDbiKQ|F9xMU6Is%ZEbzID=0G3iX2Ii zhVlYo=5h>yzHhgklXUb=qI}nmNkFOiWe+-t*0MMiW%=iPLmK1=AKy|uS|$4 z__3U0xTH8xr~CwdpdSWQ377Id+<77Wj{Ev}-fF4oRo=qoKM zd~ZSl@hRT3=&3~m7Fmg8@3jq4=HDDGn1gAARTYlxm;yu7T5Oh{z9R>^^&)A*9Lra`Cs0E;UZtC@#n^429oxcbR>krr{zP!f>6`#_Wo9Ox4OBwmeYK1 zE%o{H=F-~hxMk|}=5X!h-Zfvd?wB0l*`D9LsCzv+cuhyS&g93LrQUJwHH)=fUsvb{ zJ$f2HCWO5MdEKrXu`dx=XApYBhPLa+t+M>A|Fl2UzT}^zUCz}ko1M@6s+0Pk9^Rp$ z%y!ltmDx_}p`b6ix@!O14bHe!%najF2AwvKTB0k)rLI-+sfATd?}VD<;xnQWqOrdf z_BS}9NvoLtVcmef#B~VeSLEuXlsbOcfe;IL$!|Ll!VI~@&yo3RcJkv zLBx$6^P&&*W{U3xYCxqmq(_^F!3XUQbn+=QZ?y=v%Ddqv z#XA~X1iyQc3jz@AM!Yz01q-7ZD(O7Bj@EXgk#hS=b;nU3}1cwK3f@j|}#E zCRv1z64p~(pPa(2Fi(!m&|M+|SR=j17KIbX76sJ*nyAn444RX8xh@>%eZ%V9Ro-=K zO4a5YF<&uaZcG!iiy!|k`cC|Im-H>?aX{aVhe6-y-Cv2mKlStXzY2YCYDm-f%p?C* z`u^MSpV2k`JWk_(sPO;JSHoY<2v*To!he1n{)7Hi{H1?4IsH4y>0i^k=-DinvV zY5f}x^sm#o!I4^$y+ic5Gy;i+P9->((rJYt92V$PcPgLcb92qN36hwQhOTcTqKTk{ zFOjqJx;7#%EP#kT?)oZ3boynozh(hlE&)bUXGp4_vWQ=8nu9bWQ`!`&6CS3O>%m`I zd6M+Cis@#W6vHG{iL!1xcgs9DpLFw9i;}Cn*Xq;V^P3}r?$P|8w6b)!(*Qs7wQ}Aa`h{?C(tG_h##0`#}4kz3@dmi{GE@0>Y5Xej?NePkh(oYS`9 zpm3I2c^N;j|CODQ$Qcm>ybHkq@YX#m-_p?<@XiXr3!i*cR(!-Age;4E;7)nixmE3f z^A_Mtoeo^|Q&FrPSk`^>cB!E`OB%}a(oj8=0xHFl?&gR0-l+!ET=r&KKH1UiL?0;i zFhHFf0QL6lA+Yrb27?*~1*2Kc(7Q#m-W&`(Cl>{bkH`3tGo0GIhx<8mfbpXpV8&k! zyC%>1c|-Y)*9NpYFn}sYP*ppqB8@^Z=}j|Lzm(JbrkOE8ioL^THi~Rb)_j`};uEJD}QOs%KPL zbPFOResK=-m>bxF*>{-hV7q_J$N)9%H8a5a4)f)-X7=~wzK)>0(*A;@3`n-2HWAHl zPBr>obDcLF@+D_7em0c%O{4PXq>sufes~{{7vVkqj05A#L<&M^PhQSTn{ zzji(m|N8*2eUY8d9Y~ebO2e*`Z>h~B+<=Dmgu7<$z6p1XP&i5`0D(`m{S60;G|(ye zsf7W};IBQ9Bw1%vd-Ljm0Ty{a)tdO>EgKEh?ta=)Z3?W=<5ZOJX@7DLCWRm0|Iq!i zdT_LsR>(iz{X7m1`3M#aYB(xM&rgiOt~(JoEt^~(<6U$Fja>i zKk(`7tZppWGMKvkwp&)WpHQEJiQQv!&ekhnQuBnZR=wwklBjCQT)=qS-=&nbDh7tG z4dpAY5{Wn;BdW<6cfPu^;<)whf=qmU^@#v7#0Mk{Jub<~%A07!fvIxxp@rY(t~dNR z7+;N0o7ekoDmEt6b!{jQTbmfpas{9;*D1sxpM0;4|Mbc`$l5ReCC{yl8~^qw9VC(S z=(R)!?_2?S0K!Gv@^;-DL6bvdT#38d zV2u59);f|`IBEL&+ii5L7fuhdZR#2p;wN&x&8<+cfZPLvV&3fZ`?E9NU%QEFm`^7E zH~oHi#{0)!_etlCO20oSb>~|2kd&=JfmD zX1u@YgP{K9>GyYKyua&9-iu|t2h;Dro$>zIcX)5X&DrVqXJ@>xNWY()em^|p{Y?s? z8h)eF?+?m&KXgBonzcV5{r;m{+VH>OaxwV?gi{;IJ z2Nj{P>P&vvL$A5a7$kBHtXA{~$7*aYhZUJu^N4h3F29c1Y^?T9cd^>FRwolNIj?hX zto9;5ym6(}6z|~Se!CxCRoRx%{F(fS#-|O7 z#_LK6zEng@-l{6u(zbLdI_RxPVgx>5bs?1$N8>~G?5_n#eYbHT%JzZ|48tysf@nRh zDNa2_i8CnA8X32?9r=c6Y;!cW)jNr>k>U$=7HLSI8Vzjz*D`UL{KW2)fklh?fL%}( zpIjJ?rJ}K2m9ZD1u`QLYFKVfe*XGF4T;6m*Q^&pWZu~#@`Slm3tM^PvViym{~jA+?~Q)-T&>cT7*sLP>m&jZPoP-4w| z5jWccsqqVo<(HS!^7T0^<#zdztO>h-JHwBI6<_t%5A1}GwamfvmRvNUu%Z0C%X|%d zb8+$(o<z=)n0rCox^zx^TEThWCh(Go)V2$*NMK7vKK

      tw1(*~g*zYxJY! zpXcF#K0N1&}7e@(4#o-PGnt*@n>VV`w%S&jqI3D)uOdmaMgPe0%&Xujn8wuz^fX za7@vg(b$Gc?O+fb^L{ZD+5b|}bAQffDo*u_CN74UyD4h+vZGcVg>bm{V;E})CR%7>I&c+7A<=#H2-HjX_oxYSNOiFQX`lL&&J2#QdV7Ed$g}jIDhpB2Te6FBNrgn z4kE>O*SXaAcF(b*HzC>Bcau@2lJP_A+M+C*u(WH8?P;{WWRyMM=zT)s7&5Gb&Wr8Q zN+*AtdEVR>L>3x|1M4fit@%>Y!OV?hv_Sf!Fu5ROvMD3Ja3tdq`q$~#_VERIgG(Wz zX1H7I8fA*>fo?2CH-;VkSD@J){iC7iRt{IKD%s=c|6)~k zDq6O=W|WSRs@KOx7jLYs8SooLvRinieXW++HE7iTM2%;^9gR(@rvFh~G+p-E4gHKh z$q}?2Q3}rPNbIj;hrg5J^ehzh`l{HrNbE1Rl80>pq=z-oXlk$`4GU3qr$^@&S}(_5 zrU7CUb;CGGkxbaJ!%?drP#?Wk+4_n!ps0k3Vqmz`;-As7O`+R=%4nf3nj{5^U23ZZ zgGh^=h!Kv@Du~A3CP~Faq(!+u^;D(&?od;OzNaU_Pt2&4%PKu0?+Yg)Yw?^iv>38W>O*;k3tmFlrcmB4y8p7M4hDFi~Hv79%CkN|(0qlkqcJmJH3` z#E>cE*6DTZ#c0XjBOFRrl0;VgR-=Rd9*w;b^?N9q{aUa>w5sgG&>|xWqR+@MO>EM5 z4;59RFyrOjznnxHhkyFTq^z1;(v_3OL4=W!b~2VV(AQHqh}Xj&VuNNLF|5hH9njzD z>ltn1kN*jC0s>g7Mr@Ixg5PdX|a4 zTmL(tpUqcYEKbnj9dlV^p~#rOLRZImEINw*-76qIhsg4047Y%pgC^jU#C!7Me|Vlq=h2wwy)v8t!VCN{ z{qvf4J3r09t04cwervGumh!Xfp=MUEu7?`v^Wd)b4nc=G4j13|*B>GC(~#^JWr}hTts-o$Cr~4C1Vwe7b9En2`U}6 zJ`MBu@}ffNbp|R^>S(Y?Y#l~?rOsoLf`K@dt+0zr4h{6W>Gb<4;j8mGl3?ld_+E55 zO1$lPlhau4MX&I5SzwJQ6KPe{aj3*Tj0m~W8 zDAi$IZ1R)c-M!a)Sh^Qiex2^}mg}#ZcifQc_fqn1ZxpZUrb{h@1un;=lH8{ zb(THZ@ID%xtwRwkMZfB_Hg|PO0T`NoUC|f=8;YI5yDGLd%5DntzhD;=`D>G8NmoaB zTe3bpZ;v3XT%o@hIdA*D61sgmalJs^#ODmf3^38y+1sI}J7qYK!4zoVj0#|`Hd;_eRqX8)OVIBzhBo^PPv)Xr zhoE+lFe{PMT`g0*3#L|A{u3h5Mq0msX{d3k)hp9<-fn$AH?-VU^Qehm>cRk^aH4lN z+dagLmi5T$L!akoc_-CqzApo-Hk7E;y4Mt4MklB36V`LizrF`{B|mPT%nzA-8Z{;D z8@OVnN7=KaY(qE{-B2apZL@rbszG}uB)Wf1vp7PkSLBYAeNr>sM3z9wF7MYTN`(ehyKltx25_e)Tos1D z4NR#c)9v`x+v9e`784ze|61E?8O>)U-xbhJPm3x`^b@LV=UQ_)#`Et#HtATxrKX1! z*JK@TDB+o1UUu*2+(ze}!L^zIS2eX!q!YNL1rl;mOW$-Yo!NCu_aE?YX{q*zV2FsK z9-J0-2h2WE51^@Aqh+a?Cn$TG^FNc`yhp`#7I|9X^bip~>gafT3yXxp;rzRtu6JPQcODeVA zEp!&An7kHVxtmxFO}!S$elc_e_HDH6)tW1$P#35xbT&CGyvrLaW6WNrMKY(U4rTa7;6sGiRL-%ahRs7|_>^*d43>zrE=O0u1N zgg?y^F^Qv#?{XSL;oKg7sNexvx$}05Kj!9Y`=gC-aTd6)yTjQZ%L7|X88q56JCwTq zBFRM-f0}%~xXeHETCJKjs?EZsBJ@q9j9|j+(a>4g;q1h%TFN$Y=m5sc7H$+&oP`l4 zD0QC(eX(xXy-L(kbhiQMgOSG(b@>OT3m)d;oT)S& zy`4QA2{&8o&N>tD>R>?$g&NX-;Q) zKA`3}sqV9Yo?hrWH%{1_rl02J`~3U-IsjX_N?pJ=eG%hmY|T=ZE1%3aqV`k ze&mQ+^<^*5Jh`m`Mk?XA{5M~<8iI=)@RTA&&3jLOwklaoKFTxR%lyPwfoHt~iY!iO zwab6rW3P63H`o<#VWa2Sht&3(@)zv+R_|PU`05|(!P2|UZdSURn_LNZGu>{G&{w@5 z^0RAq@XF8G1QC-tSEGKu7~YROF8ZXSGZ;-=UbMwIA0gBZ&c|W^P=2X(GtP%yQ7_Bv zx!b`gP`cV5ZIeBB2QNlp90{QIt=wYQhkUgZ7}Oa~ihYP=FHr@EgJXe5eIZ?8AGQUJ z8~{?U)&S+#@f{h_SbRS*AmlpiyDo+eWE|~pwmf@}M`Jq`PmBG%3NgIBo0JNs_LQpF zOI0P$RF$AtUh%iOsv7hR);&qSYeMt2T2hAi453>u=+T?hthhd5M~0h-7FlnPl(baE zo{8*uHL`LSvF?=<5`B7B1>P;bn#~Qp8jZn4FPodIGl`sEP$6|4AENvc%c4;6gH{7C;mX?M~vigzV)27H`WFH5hIC@K3xP5Amru>;$aLK*|z4ZRtR ziPQU0!a(0FFf=xL>uo(iqaWh(L1jRHEvX}Xr78?zYO7W>y-rGqQI}X{q-^8Nq0*Z5 zRuv=2bDXKp91EdDnIsSB@x0ZGxnOB97xIk7FAEXne*DocC1-MFQzs1>r}MK*>CyyY zv0K+dkC$r6J$=t0;BDX8wb)7770ZVlCOAvA;vR_kg7%ZMGZve7h|TEM#b@qR*Eej# z!6$W9@frT)WLF(R{@CUR@zcp!7%c1(c^_O9%8SC^VupwDHfKMj zt{lj`^zOge`j|b3f;#yRQRP4Qb$!j%b^K95UH7@Vp63(tAI1lDt>xY(rT@ea@3*d| zt5wrjzoz3{O{0Di)D(3!U12pXO4szwpr(nc=}K2qp=#RmJ%`^huBN&72Q_tbHJxEK zjY-#Zx@r=BC-VdSI>6QS(iznC8^5kXSJxj$2X#G0;uf?DSzSBF1^D$)T}q1klAICF zr_@L&+Bd8&Smkxw@gnP2liI(!i+&3pb(NpoNAsXP+p>~3olgd2RK03h$y+Ted9$m* z^}mL`_W9kKV!~8|?G+rD=JY}$C-H%#alJQWszebMBXe8%H#LX{Gg`3UG-f5me06mC zsq0ysyPE)^CMNs);Tjp?iq}j>z#7=UVR)hdmsh8-}^7b-|^@BlAm;MCV&6DGR;f~QV0H?-N*R*^)&&1 z-_%yR6Mvtn!fPvveP$izn00*H7vk?i^|w!_KEnr)cBjp4)J&L zkbuA6T(&R%&i<$q)w|~JSr>E~yPIAJ&IccG52WIJJXEnMgPSWvEb_zi2A!(3e#pgO zk2*-?<@3NhL(m~}ZWJPaeEW;7sqc27S=;nm7wtclZvVl%t^J~){oOR;+W+Ax9olc^ zfw%tP_U-TaaG&ijJ7_3YI(rlDB@xY68jK?B2)EyyBeXw9{?xTuA3m|BqT3&r?Z?1p z3-)54C{G<)7t(4qe!_jz(dy{;@R$V){g98J?$yqi zpCo-h#U_=siPsCMI@$Y$QMM!17F_H6ZF{1FHbxV@bIA!Aqr{qZ-gW0_^B#HXjJSo0 zYj7=%Ci*ZBZSzJpOI0J+nI-=kj_WM8`5b#4$kF_~b>-!!X*netsrJMM;<$%f+jA2uxZc#PlCPr zu#B;fHlG2=+PJz&{#58OH!0irLQR1g)zQS^7gV0XiT6W(_ooS2$?sFf%-MAONXb#! zuQP4m&frklKG}RXi0}0Kkg>6sDjVKnAMuap_N1b#s3>)QWy`kiV?&R<#DhsZI4jX- zBDY8L{~S(m{W3eW=pbt4`#IU!V@p4rdDPg_S8g1{n{J^+TCRFJ``u@E)A`i(Gkfv( ziO_9Zc)Uzoai<0Zcmz1yTVXhS@W%;&Z=K+G5*_<|C(6r0FO9@ruheozrH!cb#x`xf zrDtUAQ`j@Dsmm%G_RO7|Tlq&|%u4+Sz0gYNTo34^tkjsXiC<+Ea|SW}^M&5rnEtXv zWr0y;jk^o%LB2g8xS5se;Wtv1{gpgy)Dxaxn?5uMNErp02B^i|%zg4ky_~~O6pJ{y|MPA&i z3P>tPv(jWRh!&gpBFNGf(-`}H^Bx(*%5~c1jk!`Tc!gVb`3_tn&sD9ftC)Y@7@B{$ z)#bav*iQJfk2=6g*z9k;ZT1)JjmBnwI=xUKlZb8lx6(T@EL{_XrsZ|3(iSx(+f~Iy znyUCgiZyP~mnHbbs<$fk*T@c=#fc1hQSs>(70lk_Jca5&9!P&6bdR50+4_RcvG|ly z&cDw#j-w6mCfO*BTiM3BJyG_p$)~aN)U0$0Q$wNoZZ^RkZiN>)XPdjz}Cq5OVg zKt!@XH#CxJ3Ytvu1K7@c2cW9>H$mxI@*K&n1w~H{NZGB6lx#qj)6o_p4EMOOP&P3K zqI9euT}zCP`8y_Oh`7L_6N|=MPOgF;4y8$9uz^O@yoH+a?^-STo40zCjXF=+MO`k` z!|{$e9&K;L8&KB58l8%D_>8@&UJ6;thxcc$+N)}{yOKY^kAEVRiafbEg!n$}P4oVl zcuFn0I0RJSlVt7Qq7ZKU>?5vf*oH$iow1GavqC(^C~5PMVqLP=iXm85__EeNF^x?q zf(OGlKc35P@0I)5x;=63ep0=}fY=dF*&A+rL#l53r9NP!tX{MKQLOOE4&4^FDsK8R zT(*a4$31JtWe=8KnG$Je`7*L&Q-n>`D;u_Si)3$)mbKIzD=sOOsv0K8M7`bO&6h7^ z4N99^^-@xdg5$ffYxJz6){Hr++bC$AK0K=eHzu6kaLn$SS9v$*z0_)RdnD(0*K#AP zW2JW)zdH7doZ&WIY4~}Y-|N&FN&;SRCWjMD0Q#g{k7u-}OP z^f!v-eeZV#S#BZ0TfdY=nYa8Ui~oE>R-NKM|HZwmq3V7@julI*aH&CJWTbXz-zMDyh)Xy{QvswQ_ z{SSYzm-=tmNBtv!KVR@;Me`?ECl1H37+;)Bcd#c4*)wR3^l5Wxch>9QzV2TsR#V{O zn-;P8y+v$(+eWpvUq-*0zR3e#d9@oqfwL( z(Fd8O*wthlc<;TP+1ZjpD6B6K@?jEWl#jkZGQ*~Us*@*TRte8)x7@diTj81*S8ZwNI^R>HkE2)N=5R@ z0GFxcUu#Q=8v<;u?ud=S|G(wW8{f(#ck2Hg{_GYs`u{=x9Je)-VE;eh&)O{=5&A#G zy$gJl#nnHa+d>4w6Er~NB0*P$iZ&={R)}sO!Clxu(5T2of?`U&)IbtI^!$K zbLN~gXU?2CGxJ}PPiU5SPhdc^{WW^ie|@1nviAh>+RyDZw2WqsY=r1zuaaG@+HB+l zk^hHL3L2kGYtRdB?xOM_#t$rt=fLGw;RJ@Sv6BP*AUPXMU&-j7TE2?^Ty6R)l1yL8 zzwkif2YSXd>)#%914U70M#d*5&15Sv>YfzQu>nEbudqB{{ECR*7=_=y^(KC=Tw~#P zdrSN>E&LvhZie4`H{19<|M7X?XVEIUniYtb3VbUS_)02Zy^k%6iumG$d~pP_$ix*GdWkpBLL*m>CGsOwuhW$5`f62^E|Vt%k^7JLQp*u=tPGd#j$!yS=*G{!K` z4M)8tB1dnsL?ojBd|c28D2g}#webJn)=&7Chg!NRUuo?BWtSeye5|ATf)`IY$-vR1bL(H7lq z^&~#klSut;Lj8a-1eowX|&Wq0dt6JEH+dC@c)la1C;U9tbpZi(@OMB}1n<%eHlsmZE;FFu$3cOB~AM)^M#`>#tGjIaz8 zKeDwE2>X1+0khuWHBzLI8Rw=$vsR*_LSOoq+n{ezEB9{4qCf+uurl!V8;_T`m+|)&e_|z8rt$P=1u}nC+{X{&-&O zYw;MxP7;|SN|d8~rF!NnFFFi=Y&FT< zxPqKJnAQa|TUZ(tT{`BG|h*Ug@m_JQ5zG}e7t>%}$xWX( zmTaW)<5pZ7NC-23$O_oT{4oxN=ok(K(t>MeoOU5(bi}M+im@Bv9*S$*SN;gsjPRaT z{0hx#&Z;L&R!RR}){I@P^bZ^p(6HlBXLX)>%MY}5Zl2_Jw&^w1KirPCiySQbnu12I zM6HF*x?lkN;c!Q(E~3+pd4@|HJyX#=(fO$~$-c=QMAB*7#(WIljlz zOz60n7Gi$SYjVE$=^2rNKCurQqU_Rkip z&t4yP9{#y=*h4*mE}UkGnq_!#?@nwwU4#KtE}hEUa2oqe)47a& zyAh;4I=T2FZQZRY`4#!DJ5q|<8(p{TY`*bx#Guzm+Zow%LO+M9u&Sr}uU7lNqb#*I zHs?Qzhqc15ox-obi63zr4;*ueACPqoOH`94jKBEs?3mHMTJc^psrl2t>S^}C zx5S4p^yp(CNjTy817q92ffM$G!HKxA1|m8>)`z`U? zGfeQ?`C=q~qtAlhm1o5-yCr_K0MstQZTDobuM&UEz5>;oSyl`aMR(+e`>PR)petZG zHEzbdG~x-cRnPnxm?22&Rx$HXp8>@er1*?4e{w?5I}Ql zbhsLe#wxP)30)Bu({r@$?1L?I=3c_Z)!BTHdF}9XaLZk}LELivkc4r7W7qELKAHE} z>x#qrdLNxX$`@xDaGB-KAzo}(+PDqNALhM+{883aXE!h0eT5ex^v2l<^4&0tj5Z1p zXNC}`^$60y`5(B!L(1m_Tvpi4rPW0lLW;0XHL2XA-`Z7Mdtu3`=%R@wr(%jPH6M1v zL;sOJRY%%+^iKH7+g)25?LTz$1+{Qi2$=dpt2%;6>|Xd{0>0?!|McdnPupE^zywN; z0Fqn)6itpQ`QuK3;8YHEj2gpdmaE;!85AOO^w2JOY#MH|Z?=Sf`OG;o@-iHYRRr8@ zY1tVLmat53*=M+r{g)R15s@5VY_D!sG}bl3;fvY7;mgJI_`bZ?5Q>66IXb*X1#5}@ zzfjt!HGR#UQu~8Tkq5(xX{7TkjcPM=3%atwxb%vTczzN?x5@&{1QyRU>XTLSM!I0|0+DrME1QhszS+` z<((j)lcRmy-KIshp^q?{vC5F~ciAp&kyH_gq2Jl1l|3Q2nkyn^L$Eug`t+{f_K;w) zPF=DPZsI?TV6nRS*%_5zGDd6%-Vgc>W5ha*#BCS+c@ZOaDtf*LmlIPFAGUi&N>Bd)}%qZ85QEe4s5I25TC`i%8ZQ-4A#QK z*Cj=aOqKBxE-NVPQ0N@<*p@V9zhBeZ7B%;I@m5o(w{Z70g)l_UeFmFHk~G(kX0T#+ zX&zky`|QvQ70s%x&ACXB4g;~{!auASnm5Ly59+{KgsQJ@_C%lY)SdB^o)MyD1vjlG z%`yV@rEnoPM!8PU$58c-XsrDSZ<@OyqsmCm3{{TFr1Z12I(%k~-Opt*JWU~T!LxFt%H4(eq2Kg5EjE_za z&*##nqvrnL$!nOz+zprK~xuUKP^ z|I_>t*Qa>ccerVvx?A~wAES7nC5>bI!G3|2MVKrDbu)qWK`uW4)@})-Fpgek8TIGU z^vItTn7(TTCMeS8_5-<>M->X5&jrt+LZ^x4ASbTSzQ$P|^4m{-G4t3phq*wzL*d$SM*!|e z;8bRl#vI(9s&EXaA9bi^#AjWl&VwyLe^pAR=P@LF;d3H#)t;(D2xi01sLFv_JVYuTBJ)+q`MeF+vtl-dUl*= z?hitW`s*9Drz%N5)&F3lNh67B7{pqNl=oXyiUF75!sS^l?B@L|shlF>l&yPUGVJhH z9ge}KN%Mz{*5j6V{grV(2IH#e%M#E6`%Bbl3+Iw5I9^=U+S|8bq&_qrnWo`;rPXQ=3Teg;iU%bxJsPU?t-Rir-?exm{bXl)HklZH%fuVXVNVEV->R zYUL7f>IaN0TuPl)`x~O#pPM=uEr~yVc>rj({yI^#dEtNW% z^H1Z9LEJ+RgfIR%n?WAz#CVBK1;cl6telF^rOz41$kkMCsdRzFj||~h61FcIC|#7; zzx@6r*p3+IDgC~25C^8clODssG*AWZqM|B1fWyY7JDeeV>@T!16OJQ^{0;_n7mN(B zQOW#KY>TvSlM*p796zgjMMg=(lo@du{;ES+`q;Pe@Zy;tguCJC_*s0Kf~U{Q)AeE2 zKL(8#2@frmJ=7{f$8dSp#@A%(8P{$4k!ENw?no2+Gh&oS{Xz?eAl(bS7NMLiUDejwhlIC*GrF$ z#Mri13|0f7J}Kh;mu~~dHd2Q+JzXyaT#J~q3YHpgY}>HAQCo*A#7~@KeQfjg4WCxL zLb9+YQ2eBrD0V8%cXiR86v8@DMN+OHG1yu3NE z$jkz4zrmi^r+eZs239ij2^=LpZm;`3E+A`vi|Y|JTJKbnt$SlLN?cLJFPL{R;DG37 z@PoJMKP`RaRI0Q&f3sY>z0jE!W8j z+QL$!+kaXyDLl||twSx{q$Z1GEsDbakTR}mCKSTgq6of%|2Av6bV*pd6&JwdK#a{= zVI~-fbsy9eU}SXhQx@CFXfk=`EHYSI^axaIYi2@gyahT$p*uf8t)GT#l!6N^^}un; zbbcN;9;T56S%mc<%OM@l+@sV+s`2drQ5)F{Bh-ef^P7+@sy<^nBEZarAa%x6+<+n2 zUjp%QxKK)C8J?~uL*%^)S!dj!J~qBqsrvRF++h2u^~~OQ3O7yKCU#z~rENOQF|~~- znv0t&8qilX$~&|OTIrcrMbC7A;RE#^i$pAfPy?19w(NJWU(;I2{2t#~{?m4<|G-Fv zJss??lza>e=A-=l^lKe6`mlfPjqUz3oqeM8iubX14Fz7LlJ~I~UR39t3DXLi82puKXLW=aR8-){gXA2=ZI=g#R zi;u|XB@9rr6!|Fzexb>{`PlFF1^AzCyOT#eRbR$=9yrm%)BhX2a0*WR>eSn#XJChk z%6WCrW-#!2D_{51_i?KMtA|$|c)K^u4!k0Cut^uUwoWYiEoVK>uAhHilIEIqo2YD4 z8;f4976d58DMk{oST75!F#odT0<5RPR$*P}FM(F(*Kn5hA*caO>tDc{%&3WcoD9TN{< zZ2CufehYC#T{=Z}$o@(RYGFl`E!`5)MX$9+bb4Ees{U~ZJG-;fpZ3oi5H7oajMf(F zxQ}E8`$yuhw5HWREI)<4?WuzwtKq7|^{(U}o?6iSpZ z+LAD}Jp0E3Y>>L6D~gZo5tR~MjhAgJQEl-O^$v=(805;(RrFAk#K3ODTk``xZiv+fuhIE5oJ@}LMpq3y7@wc-s+5w^6_?~TBRGvc;kB9 ztmhX4cNzEN+UzPIKcs3?Z*j+rX1#^<53MZI&29D;FH3Lnz3MIgWAzplp)YaSvh}rp zrFH9j65q9LpI)M zOJ2dR*R@?+@;h8`+^bGVRws1kiH{C0wyy6n8~EtPdG#mWfNJNG;=03}3&Pf+-o7}i zzUu`OMnTN6e;Czne=H@2>kn&E#Sc;S`2~zdx`scq+2^4j8E4#(tbBNBK1+YjH2k2LZD{t+FRgs+DdbF&WhT;a!*` zuN?!~N6p-Luw@807;z&$(|m}*usdE%BpjT^)Ss?>KMB(na%P+xVQ%)Bac<*t#G437 zJf5K9jB(rLY*+~||CSr@_~?6K*P}Zo`~oda`StPC)Q)G2sdN5;&mHN&i*Mb=lW=@v zTy}J}-7uS1Vm;|#Bp@aY-XP;0q#NYP5P4F&{sN$Ee1(`Rb@eY?DW{_G$X`rp3~`_5 z7BUE}pUj>qkycA0qA&0_KAy25*x9`>Nn6)xcs>>+M~!LkD6aCUHtPPetw|ugmxrzKdiZCzJZISqA)9ML*ZW}$#>8q_9KaRy0 zqNq+7=X>MxT^Bbau4HUn!Ayn1s(+TlC7Rg~`TqKp!a~IFz<<~cg4FBhu=LRW#kf&6 z0j)~C>&Bmn4`d{oR=vf03t^JT8S#GRyq!_-B|(hfPDlC!i(G!Rol|g z3l3@PF#3%&SE++%T}e}w=UhIw58KAUL~Vf%4bRS~7Y$EQ+NB6OGby)sl|{Ku=vX2} zRMnq*w}6s)WHKC(_>roZ69_ORJ}iSNp*xl}bP?pI8F6=Ge~EQb72KC01<;_ArvD3d z(+i?cehgxKXO0j3XW}*gNanAnf00j@)u5YB?!yO_X8%`@_sjuv-?vN84yR7;_h45`Pv7^kA4RHBd@&mVlxjZaMQ+T8=ni$4&vo8J zJ&1+D@FP)O;=Evd!t;S~1UjDas-L!QqO*s#4$%eJ>&1BqRUUSBzzfbQr_xQ9tcJ1V z5u|HNUbXn{ejKhP$d7+5rC^_*rXnyWEc7vkKouHm5h13wGI$VIoG+#ZmG&_K4=RlR zyohf9W(LAY9~>IPO@oHU zDf}|N+ZJ7vl@a|<77EYTByGtX0JnQ!4^EU=@-&`cTYaBCbb?R6_XTg=7v8GxQR4SL zJ^gg*D3)?%xC3s!!VUJr$8ez@{ZR$%E1drz`1{|*1KJOrMnw&Sb$MyYslJ8R!!vX% zFkSc0k?_i_o0}V#8EBA;7@(7s3;6s@*O$ee^IcWN7vyJR^KQz*f0bRrmlEU(CV(&0 z_jcu3en#o{*E%%60Tnk!cTV-`SO4jR5Bn~yn|ogjupOh%y^kKH1#x&Z^}Z<5Q!Cqm zue0=_oluJpK-4MPlFeuk!oJsV0Y;6|lcsw8Tb{+X)TE`i?;a56)ihd8d+0mpH1MFb zuTVaAN6PoBisOK+Jmef%|I|ovb!#blPX0E@-tjpiXO3fxdojB2ocp$Vv?p_4lm31eG8{R03NDG z7*f#rg-t?Fx?=wlfPhR7I&jq24_?iGzhsd1$iI`k%z82^>FE82#wmebL&KNbF~IYQRECUh8u zmb}&(BQ+jxO2o+nBTb1IuC2?x&lClVevMjLCuRlt{exgH)u1xt`W~qWZ*1`neT+Mw zj($PE`tMzQ*vV^M=6z=VV|2(E=s4ABx8E(%ML4yoeiH0|;D|H5+`#j`tJ%!f#oa#w zf_i@pc2>S0Xx|eDb~YAG2l6pR51{WYbC#g2CVb3BMs)tGbVW^e@5ioY?QyXK7qq%q zGVGVqQ*2&zy_w2jjSvw*+X$?Msc|r-@OxEl!BU0(fplbi;9W&CrG2<+iyp!j&Wg)_1{%oo%6R6vHYq8;f@f5 zBcr^*+z+EHf#8}x42uV(D0#k1Ak+Wqije1c-=b66Q=1XudU6*pmv82_ah5QnoVVML z5}I7T78k%xNx4-5JyTSbDa7GMlR8WHiK=`s7fxX+Owp71E=A7bB&f?x()$P}UsiRs z8%>A&ZHnWr=>IBv&ykrg*wwKNJ9M|%jrKmFGj!1EO=)4Mesn!q0{`(l7-|KK^7_?#i53iVmaR66#20QJ?)$;g|`erR3Q$HFn;|lD) z{38e{q;Wci>C< z5-35jn*7Le{h;RGrGNZEi5`y_L&&(^_0Nt`B3M6>@~Id#|D&*qahe50rqef6umg@- z_JOywQNe3~hderO^!mSte*Fd|BD3B%jEWi=Ogch!H6z};=tIh5NAJlGdAWRZegz~l zBXBA^um$R8uJc;7nz_zFqF!^IgMc3nJ1Xjs@8Zq!&Dd#j7u-ZRltS+s3pDXQbOKc5+K{kwUFt7F?N80k^$hbw;Kcy?D6ymac@J!*1^FW-FQ*@>?3N3+zqE=olLsH}Ff3mbn8r@w2+BXi>GU0ctfB!;`dX zqXXztVNCrks!04Nv>0$V!(QP(^IqT%)HvAy+z~%7aSw4$$hXlG@TOm(;3DxWTrjkS zU*QrjmQh_p)SCGfO7kQA3dXMAU}rVUtz=_C`pvu^<)^TGxJ~$j^5L{l<*%TAVW{X8W&h zgLooXSeM%(^8U8z47U@NTS19f8EU`{a@jrkY zP}Mx(0$kvr-T2$DNCopDY9b?f>7R#y|1Fssaj*FMSH)isv2jy|+#a6BtPdJOw@q0d zU!(cw2nV%A=t9irUSU5@_UOe@p%v!bD z%n9PGbSzThY|=ImgohOL$3Cpp*wvGpJ!bdammOWh?OJ_7IEH2?TJ`}JL}^PNBSioA zysmG(nh(1lz2}2lUd~*3Z{gYKIM z*9TUeW92!7C-g6oIv*V5c(Tp7UjlMGd7i60<9yL*n4UZweLap`ccWQytGpT>!V-gk zIF z_uRIl9uCvl(=fVbpUgKY>P>L)eSY{AUA^x>f)$Co!hIOntAZtl{f^=G^z@S+fz84_ zm{Yhfn1;jW3w*(ZD+GLScY?Q<@PhC)Xxmt+gpdf;K2NXQsZPObkrS5D?1FwphJ7Kc z)BNeBpOVg4?(Zp(MZE5Doy~0?7H&+kBAs;$pA z)E(D$90ayKJFwZ?zg`K>X0P7s+H9PBg8&**l;~|YrkZO8WFtb58I6G_)f@nUd|2QQ zr85qfQ5B(QNHQrFpSlqMHoDP=X{3d#@LY;H=54Grw}jUQg8-I7N;FHy5R|I~juBxzczSW{BBPg#TPM!KOSNR%oZ| zupDLv=tU~vT;4_;?%{#t;Sy3v2}IcCmeguvgy=Y_=%cvgj7p)T+l{Lvtu*dM+ENUS zYkt{E0z*%?o>Xb2fBvE54`@6Hd4c>NI zEldYa+5NHhverJrX*0Z1T|9v#CnSXgM|+0(LDS=EWA{?q^r-kG!t{Vi2?MsVSPln9 z!Bm$8L@^#HLVdY&ps2z)wiIY(2R(VC^`!XhK+ZTUti)V+Hu)0RNF(!~RotrKV>U zW24Lq8W9F`wYKQ*%s7}(zCaeOJ%U8qf6*^k=`c*|m8H}$vbbI#c*`_T zaB=~FM*#}*i<6RFxU!D7>}Fhr@BPOxg@n(;?In>@D#5>cs*5z?4atEr+-TQ-0yV96 z&CPiVjPlpfWrK|PUf4(xheSh~A>Cam-CNzWqiG{RqSd-Oqljt%BO2Gc^L~PEx<{ry z;#t-o6~1`p=eT=YuKwZQT8ke1f|0;c4E(;{fb9!{g9 zuy`D(6&$G^VgVHPceY-Tc>UNFrSMGkc{t3F`T23wP*Z1N=*vtLq>BibzUR~b;CvGz zp{6K5kgtFYrqg@<*in$7?EJ{zHW3i$DfWn2NcS_ufw+(Gnd;ev70_nN$k5 zpPIL<8jq)A&8$Nf$?|yUTf@M5G*X60WJn>OJqv*~z z>2hv*n1@%MCtb>ycOvIt{hqyN<8x34DhnIB z4fF#!!b~GMLSTy{cKd403T%Z!XDOTG|CJ>zMHI&AdWleaVKwv`>VNRhwU|gYo5}yM z9azX&hnco6%(8NgJ%LEY70Qy}QrHp7etnfpX>PwVQUff43dNEK88hk_Js3wf)iOr2 zXr@0sXFofZUTE7VpQ4R`Zd~iamS2xst&2M`jN!Cn!t!o-Cp%pve1I3mW6LmX4LTl} zEq293N#>%Q05-h%VV~JoVZ)0K9{;v@(uas!mQ~Z0aZkCN|2E{@{snFEcbr{mHvdaW zuMkmOY3@Hz<}ATIqylTt<=2g>^p>j7b(rYrYhJryO1Lpbj$Y7_1EPW7g^q~%bt+EN zIngh1bw;%)6O8%j3%ZrQpj`Tb?w~Jd98G{cn#0rRjm)7p5+&dnuaN&H!NucW;KpR% zL7?Sx-5IYfyBWE|G)SFA(mDDv@h`wU^CMi?jt-C=m~?wMfiCt5YyB?{UN`e=vM&BT zlhy^t&o0M)TwC@@4xCJK0h>s>I6Jtz4xVKOL zSpjSdU*HSzFZ3k;0^7n4^*u(dUe_)w3hd7K@Gs!Blie5Ujbq(dJyn`FusM7ih`#bk z%93KhbLO>M!>l>Rie3A#7I2|mOBdQ8y3nqt3k?H>-ktD@Mv$B1N?5~|*B`S~Q=Krj z#>AUrXbfQI-^AlDC=J=JJ@eZab_{*X>%bA{7YU_X`;rnmnoFB3B5y3o9 zu`#=OoRTN}G{?z3UZ$y4XZ%v7zQ7UV7Ii87dlc86#;sTg>2rNPZ?I2>|M9ki%I7+x z`GY7J_U}-PJwM9O?|d7py35#6;J zyF*i8MnzJtiJKPXEWTe^B!)&mB#|VfSJua1G!8Kvj0{{V%aIfnZI*1jS4MS0wP=s= zL;Eac7%{H0E*XDTtBkwJ4&YmQlpQpUJL$-Dm6n@cHuO(#;?WkNXRS=))zKN2@DbGnf`e`>L~UKYuRhyNoelv;oB>y;J!r2nVWHZWc(CSICKo6J7cXxeujL&VE|)dzy#FaJjggWHpdg3 z4mR%y3ApEn3TQM6y(f+e;4g>T%c_rwm8|E#$xW=g5C+T)V5i`q*eWfQQT>x}fH4 ziz7xC*)Lb+Df4ioFUS#Be5a6NCcGq$Z(fEkJ`n>Ds1__f$Q#AQ2e^$gUPs_LtImbN zpbC!IGg)oC8NqksDhcMdFuw~l9}9gx#pBZ-ID@J1Xl)5+!N6S<0Qw01m@R#f%(jP} z?UaaYLjj_oeWYX&VketVTBWohi_R~9To$ikSFB_aOPtOsi}23wE`sW*H40(x*{F^9 zsu|OBP{DYdbJe&Rn*#Y+cIbg7v9B*D1}v7RY15Z*Esm_0ufNHMM9r5dS02k;v1 zNlA8u9D$IcgkuIAk+A@d#1#Befwu~Tj|DDcE;Bb3W9b&^NerFArv_u~A4Mx0zYqmc zXS|4e@y*s56Xek`<2IxfGSV)GvNoIxOg*iw#ciklysBxmy)h=E=QUPQvQnfnH&q@f`irPBwguTg%m0r zN@S_C1oeZ!A6$XGcK7z>RE#;S)EzH9jc1$j3@aeFZ3cFYD(n^Ki=`olfsGk&vPobc zG4g|0g_LI)V=Ly0oH*QJDYdxw;l4(muaOZAeFvm2htI1dRhvrDzQn0(HO3cVC?FgF zcMGi)vXlJ+bK(hSk~8`TmPB?kCkkdVO5~PFEQx4YIjir`AK-m<@Lue`@<5v1{Z}9w zAWmCaNd={pyfxhA%mi8)R30O!F@QV9azIPsQ|@z)fNychUFeN;NBz+*fW|>*Ul{+M zjy`kDBA5&t6?&A`CtjJe^a|sS(5RG z&$0HyYWtxg~h^4i;W~L#g_QL1pgjkd7sUh6&M`vq6^JN%nwN-6JIcI zYs+xF;NRpyguvPZH3+lfvY2#kK*~jqb&-b)N;%(n5QX58bfuFY5Of?;`il4++w(L& z*H^0Vbw}|rtRE>j4pPX*~qSaqYN$fkrDSGAN2p8W8|@Um0& z7BJV+EwhnSbKHRXGJc4f9D{~V?XeX}ae_CnKa8P`>i;=^<9`_1XheCZ_8#o7=O2$7 z?APKR9qhGtba3k4_|d`Ky%@CN)gZh=EH0#Q>R0iQx33c6ZT|}6zwMO3cB2Emz6xIq zBghx{C@b(@c7W$wZd^&#|4CNhFj}FU%tRk+UQ_wC+LApm>@b^EbLw^^UDqSA6-+iG zB{{zE`s<^Mx_R~4i28Wfr@e|jQNP9hCZVCMa&SKEnoDq&!mM^&G9JF3EKrSVr8G8% zY@CKR)(3|Rpd#`^bs(+v30%GED>CX3%A%aYOmATO-H4?F958s;9QiWLm6Ey-(K|AJ zhRKo0S0#7_7kY@jB)c)dTL(@;ck&@Vq7cGBwxnG0KTK1=YF{H!k881O4ze5u^Un?Y ztY+2-52j0C^m=SVW1Fu(7Vp=?=-uYg<1oNqsqjX#OE4}FjO`r9c>_B_|3E7?jzK4Q z1OM@XT3#KiQ5q|=qZ@F3-`p=Pa#7VqfuQVJq#r;X%89e?c;n$jJVyK3Z+N}{^+2jb zA-#2&=M123e(k~v1(-x*pdWg8Fb#b*Y4IHLF&=t})U-g=L)PA4Az+9UhFOU`&bMG4 z1q^%t=gD%A?;6zyqN;)+G9iP}hhp87e{(YCdoUY}J|x>!rRj`z^93*TVXYB&P+TG> zN9@iNd)n}l08QzXbYhT|G0@1O((CMOiKJ;L-NtAklQ)9HI z?zf)%Kt4?a#;%genhYV9Y_z1KHN0bgORTBcDkW7}bIN-*I|A0{9~Y*yu!Eh^zL?dq z2Jv+MBqLart5^tvi8$vauy_drRnw2eO%3hF77NWRM|C3>r^GatAc zbm6daY`YloCEjhoyJ6+ME~E~{kksdNO9m_Oc$D7D>j@4zfbQ@B=3;#Z60scf0CFsx zIY#ew>*%2K!06zE2cXX99!T^BaODf&%Aa0dE!x``a2^Qb*%71sS0ry!0Xqr@j1C~v z(E(%%yW@aAJy*eu3=BGeke*))fHhr)zQ}mzw`6fG^}k%z7;mU2#$U|z1@rj|q!IjY ziwks=V%8LHDOlG?;i}VxY5TQbSJEA&CJj-0@jq-td>C!=H;}f9KEwH65Qlhpa?U1XO1?NWYXejC zA0F2?+F~wP^5{u3!Twrsz837yttI$DVC1jiNqD0CxRTa&9zft#VHt%D+ z+=|O{Fx40~{amah{bVbx)@-w%v_Ta+qU?kDw_*RIZ)VORZG(d*3^%TPC~<`QaDhx2tsp|R%gu_-VB zX}eJ+mqL%VxNL*@s0GKbZhQQ?DISb0J?f@f4!o>pDRnbNhbu;<3_m%#3g(Q%x-fn4 zBX3Q@kP-$wop7JvxM&!-P{tgllu$6BdS=r!HE@G?330;WxcN00vsq(Vb~{ixi5PF) zV*H#)pf6UXG0IFsOal5*SZWvI9XkjDNc)2Mpe;O#HAILZgHZx6Rb=qQW=}L?MeAed zUJ9*@Bf&FDPS4iLc(A->|KTmBO>iDNicGlkZaQ=w9wwaFfP8CZviB*vvt#@QM5vJT zUE|W(JF)*VypqG&vngbAromxYfSeMLh2ZCLb#0hLXQvqZ*x?k)$(SXcP6WM~fSlw| zSq$7>w!H|$X0sS{(^9NS4XfsA)*}aWm%s|ldi06#g7$xcBCsvo5kD4$FF2JPGtETy z_Le=5p-5;Ldv1P_?K)K4TM>z~KGMD?=V)b|ap2={oO<~oX&||9Tx{m5hQ^A|;d?pQ zpann$lSdO~mE0^>h9W9x;NBXnu1$ndJoaN6#nuOk|1?yX3rA4QK-B}A0zlQ~L3K~T5~{7t5USXO!NHfiCRF%>x!!!Cc z63GThFeacfoI)^d)VL1t^ETU&(B%0UPQW9pqiP+!e4_FvOL z)fx`-vC5jm{KKemR51>dR~+J71M@phvgi=XFvcQ0hMQ%pf&?E68GgeS;th^PbB6M; z$5#mX(H35bah*5djh9H1r;rz>8;1N_24e$|$npxDS5XK?e&o?!-Rng#^!8AYGz{{@ zsN`lNua(NI1eGZ{O(U=A_d>{y9#kVQC7Lqwif2CP;xS^f{9Fx2CT&FsnTO(CgM7l* zBGhVrqSQb|D)kbSQC&s;=7MBYvlW6?tTwkH9jW(1Ix-QX0f>r3o0G!_;D zG2`$|AN2?>P!IGDBm(b^olDLAp}m1EzTh;B<1p)v@J3(smmb&t zx$vP`;XZ53*1ySgA=bSED)^>HsPEEXYwEX98Ld z>6$`Co`wNOp;K_CqsNBF-n^C&dK+t+j*d@eSRJ4gIh4D`QZ@s>Q$spTJE|d_53@fy z&roYQq+^qQjs!)uIT}?%Id2wGMEzCf7|;C=Msugl(Of0Vf_N(Q3?H`k z?$-=G%L&;wnih?l&{NJt!3_ON=*gzh961=Ou}5>#e;OMZ@y0m%24giYjR)kus%iYD z?v2}!DwEHc_A`E75(xdfYCGDSMOkw{>8qCRI zP%AW!nns2S%S0Esc+Z9Wc#Z1U(5Rze*Jx|Cl7^xpAJ$hk6c?u$d-ot{6OJK|j&T7w zc?eY%_z=aaq+vETJHrLm=V6K{#E3lET>|ZY1s{lkjV6<4EJaQf4VD7yDNV(KY(B$y zkXcujJQD4i1!KbW6x}rNps^ADor)$1X!-CM`-9%Hd75zp=cNE7nJTkH<*#PUV~X3A z%!zi*+(kY>n1mdqTS%n}xcLxty<IX>bej7H@{Tg3=lF69{8arUhJty#E*90wH)iN-!q_z2M&F$=bZrV1l0nK#WWVF^9VCxN=MbeD(lB@j zXlK#;n9-pH`s72%#fd)^;Vlu}BXLg_GXsh29w;BIl$i=lCbbddO%d#m2|4ANgN;D* zZH-_Uevk}S3}0$8ToIFqDVC|az<{vKyL%joSbq-rR8}>=BIB3~`v}rU1RwT96KO@5 z^j@?AKc-pzF%7_vl>vAN)Qu|c472)UBlH4vrttqDT4LxaQQ}JSX+_ma<|?d}C?4WH z%v=L08l>2_@{R5o@)2epzT0ORxdU=wn6KiqNUeRmp^=hxy(%2y^wsjv^8G1!L?9<59II zHe3>{$#@)e7mUYO>y+^*jRR})&`$UjjYl`Dog+65MtiaS5H-X~@FDhAtMusn3Vx#5 zaEzp~Mu&hdcJC8*kS$)!wJ*C87Zsd9Qkv`D`0U_S*}+FK0rI`J@JYP%VL5aE54?>Z zcu#)9jZwUP8?&Ro#>9L!S3n)mmhiA%ZzI+~?e@7o^=ZCOq2;{&cX?$4vjf@DUuL^b z6%}(7l8P@mJ_GU!Pg;{A0+@oNfWRIBFxBE9j-Ak_+Eua?ovION%*?D>QHmuWvmSIU zGe2+ew#01ofzjE~J5>KE0c|gV5ZQs-;(h(!#TR*={s$x!;kG>7<=A&QxEp8RjSD0C zQBetFJG=s+I%Xq(o^>#q(JGBQ;4<)NzFMpT$<~K8n#P~E@3B#O96GA1qMjr|KOq7p z7V3;K65ww=IxYU6bOdLK7O68*7t_sBXBdl^!m#H2QcpaT@#SG75tm-fJ_UaUyZBMg zZ{Un1OrXsDk|RV66PKEi0ICmT!zic3>W;m4*k91%-oeBtR@d=3rp_NUn}{OX2o5H>9OkHV9sxli~Yawpmq8Beu6_Z*fPt$ zg_7g=g(b1UFdyOkZlhZ>B+XZrl5K&k(76dom7g{D5_()TX+0GOnOG6pA@YZ2c-UC& zr>Kc3{6}0;i*rQaZQPvAr(EhJ)2-RiakhVp9{rhAditPSy}`N160?Jyj@iTS3b82` zdgOzlurzY(F~sdvZ+}30Nn6;H?@iN-icSV1;GQ*xNh9$QS&q-5j6dDV6-8Rv9efC3 zbW5tDT}B0cRq>;OaaDXls8PXQRbzsgRq>bzmaxLk#?Jvy`cU%eUqf`nCeenWuPL@c zNBKy)>3RnwQLoIn#Xs=_u;@1cC7y-=BrM>UE=K_pl(9Yh6XU+A=y1Ro`OwVXDpMK2 z1jYCP?zpiRIewg7&;!N|hra$LcjOqbpu3`IC9x)51P{NlNCMKB}1d zE1GVIE2l21BsnQiCD{JoI9!4emoWjq!gpU_m+`)J!*ffja6@;e3#nzl81HRU=!?OH zy0PDbQ+S+@v!)wl4|W=TAB0}PHRmlh0@|2~AFr&XG9j=~a-o^ibL2I0ijuTxPEqBo zOdBlBg9V)f`5q@D0BzX|tcreDw8wRza12|ud=8NoX+`U()Swrf0(W$ zIFTp8`3+m4z(AUq2YiH-Ji!Xt3RcKAp0D6u0_SOKPIZOJN%KnKov7@@8( zc8zv(VN`Xb*$YrM6K1(uQnR8a#x$yG@tps}(YTKvnU)qG5|AHIVaYpWcqrnVSbhU< zqkN+~{<;&^*t8EUYwVd3u*UAHp*3dNh+KNgkskgqDj+oGw-;_hKBUYcJivNLu9Eeh z-0zj?><f{{cI;k&Rs5dX5b=pymL zePbM>sbCTk(-oEl75eZvw-Wg$ti1SaeG>ZGYG3pj93Q0OB2rAO3TQvf7OXHTAjNdY zGoxuY$lCntwl=pLNEjT21a7Iw%T^vV35uZ0#TaMeRVg4#O-~x!f^rY*nT4T>LapXj z!wH&yP>d@DGctteo+T(^Dqfi$G`oM1=!p4zf!av{kb^gIf9~iA*bmsDfJVeLd{2%i zOFl1)D^9u6u)Yh%T9Zj+Ep}7*n#h}gCh~09M1&2S8PkzAj=Ga%p#6}@ht2GVH~8k9 z_CwgTABZKJBl9ushrO~Ypvi8NS16x^u!t+jS`=bhgf zstYl{FythZ$u@WV1lRezs9|s!nh0`%|LvDtQwS+BQnVYn1FCtgIocK%0EC|OZx_%&9&_H+{pP0ApJ zy4gA1j(eey4;RMQjBd~!tC*AD%qd0X^u&`^PLHXaE|Z+zd)}f@Pb;SjnbRLtPIogW zmzmQIDyQoPVEbH=0Jq9%y_+~Kv~zk5_kz}n(v5!48I>JOx&Vgn1@Ry^MsKKJJn}Lw8_7uDT<7KG&8VFU zYTrNiFaGos&!J}6zmPIH`DzoRJ8)rapTTDEAhf(6yL}j^a?n?E!}Qk9WjtZ~n29fs zCUPY(Y}q9N2B;Fnz7C(qVnKMg*xNsxHOy=N;!hk-4Mdd;EKfpIx>Y;+2k?$7R&ZoM zXTIpiYNtl@zu##7=kVSGub(d%hwv>Q!?$u(_!i)g7e0cqqt_Sgbpn$%C-CmU6NulL z%J{7Z8NXHYJL-UTzCbUD-#TE_6i`m3C`7(tUa)WgY+FDEa!)WS=!8Fgxdjt<0`Wd4 z1;A=iLh=1Z4AmODrQ^m)>Hre|xN%f2@wCo3+;q9u`k>Bu7njE3SFA?U6k2DD%_dq5 zcS4UYjXoLYuQ5K0q9uI9sTjB=FGCOF0_+6Wpg0CNJ^BErC0&?qmQkr2IpK|eOMJDF z#1ffLqR7KPMIJs9_+-jI>dklHdNw(}n%rXh7Piy>V9lQdXD1_|Iv&m=_1;xKFAG6L zg}?A2+F^9iw;4e~ahq`nNFnzQjf44pyzpk9-pPvqq8$t%+QEY=)mnDCfbx09)|6=s9#o4n<+9^;F5tuEWh(S%;CEhiK&tWW?f(RE#T8ARflf$wJeS)I{r`Fn)pGf)Yxi5m zA?vQmNc`zze+!nX{`uqxvw!{y7e@aF$O50!JrMi1V0|bq(E(OL5=Ov_!JM$>a9NF@ zN%KlVKZ1C5SG@7p4O}FM14X%Neg=bqi@2(3CM~$xK8&SH0LGz8IZ`FRIN<&X-eCEB z0ei2U$ju+~;4_*6q!7?@t0XKCZFdr5GpY_bpmk&X>5G3u>Acuniyv#Q#2=mr`iIg% zaL{7;ZP>;@#~MmwM>h8_D8fGaY`>x2d>=H)T)KtSuQs+qev9I=v2_A`g1*2(jE2KuuG8F$ zo+{C+Z8#KL_){9O9@+P}u(MC^eG12=Ahs{*B1qXT?zHMFZqM_=e4v@RLE9?*WhhvL- z3J#r#tml?k1qhpqA7cYjCJss98wu0~cCdYg218sa7}!VL49~xi5}8Da>?RVKOo>dP zMD{Zt$}-h21qIULqqN{_Z7se=Og^HOVBna6`I7(Xvsvz{fiON~6+TfaZV=pDP;vX1 zK*e#x9*?e4>=ls{g-wB>0VaBMF5%L#-R&rR_n@@_(6on%+(VdEL@xtF1RJ}@(xuK-NXZGpk@5xRJ>T=b1Sy+oW)$^B!nZpy zHy-Tz84}cJxpM|yQ}#UUh3@g`z1;aD0=eU3!VY;#$PrOEt3xQ6uvS68)C?MceQdzE z(C_6_voVxz*@ptEjjU;$J)nI#1XmTthZ*R3R=3gARR8l?S8}G={*^dr_*e8Fo&Hxd zkH+-g$!I6^AH}p2kH*1N%1P!EmYnRyz4(uI;DYnB_d-&1$DXI)iFnn_i#{9Vu=-Xj zueA>4Ka#xaE3CYJ&Ad9n7qtu*M%_J<(__r(J~OAwR89+?v2uD)<#eCq^opI+BrB&} z=CnlR7w<_~HYX^~H%a z$)kZ^ycqFC!R7d(9SSpQ)fad3i?WC>O7@uMp7DzM;)+;*`Y#^`mEm8(pj7a7#PmYN z5apZR&~u!KsEm(|2~(&v9l2GvM+FmZ!Y`!xW+Z`xzUlZb(DhOz{`BF@P83BC++)&O zPw#>Y@L$0f3H;p(ezL%4DEMIlA8W(kXu%H@_=9=pRetrdvy{I=!SC5h{NKVa@P8Xg zAmMqq5`q8kk@(a7HvH4L7yO^V1^k~1K1uLDQz`I`NCF9mhYI`=B&fd)e*pIaUxy3S z|NQWewc%UP@8D#q{~8n-On63>|E!c>s>)v|cX%7Q;G@DmjLIr(qHx4^&W`IR4Q!?!5^;N4RHL7Q3sOYjT+^+6Iyh`vea zAA`i7UcJ<+|0zp;j*I-PQ1D3te@4~6QR;tK)&Gd9zYTxDg0B*Jk{UAa6xly$rB>wbR8@>nbRr|pO)(1?I`hP3%A1nAz1inhaZx;CKpjH13 z7W``hze2(9c}L_Qzm$I@kbgLeDgWX~_S^7J(~->f`vfi^{|Y`yiJf)dG)S(jN)vf3u=L614v&c-$-c;{x?Rzw(DS!8b3z zr-DBh|6*GeYYg-Fo;ZTLC37y3`f1?2xOseh7`e+FCxd?OO@ z&!zZ>1p04@RsRFHSNy{T;@1`Y8sYyl3jSGvFIDgh1>SGN&#~aA3;cxhgCBl2_?`-W zxs*R&mA^pBpQ6gYN6L@2;m2F$kCpNdj#Kp){+-#V>W>8Vzd_X>3F^Ptu0QTo{c(Z% zEBIU~|0Y%b%~F0}RsN+?zTbxLVU^!S%AcU%2MPQo3cioPM=SUkfgf(epR(lVxX4dW z1;0k{e@4mQvm$?`cn|%%5DEBi!_TqcrwjbSJ5~D^_>UF*Cjwuk;5Q3=^&+eO8!Y(O z1b&5rUoPG!~!hf>hpP}#{CiutN z@Hblc4;1_l-mdr$kq;((tmOX_k^d?s|C^Qk`>pzKu;l+WCI1S(NZ{{Q@RJ2TL%|Od zc)tyQqXj=u;3p{fHETtG;g|Xg3G~;sN`8@`|F_}i;9lu3T%i9~@XMwA`KtT{QvMWG z{ykEDtPMZjDu1k$e^7!R97*d~{uxz%qm+MGm48IauU=@?|A19~os_>q!4H!1FHz<9 zk@BNe`7u(y--bVB>EGj`eQ7Zx;OfD*P`M{9|qS9v1#x1pkA#O8o~3{3Qy$kHAMO_!xn&F0tx=YOq=Uaa=(E zEBGRTzgxji7WfPWKTP2LHvEma7yJj}0`*t$=fZ!u4c`L)p67>utPS4+|AS*y`+rU7 zk6+Rs3Fwbt2+9u<^nVMi`fp&c1o`(GE>M33pR``u&zl0@hy?xTAb~%E1ooc|e*pIa zUxy3S-z*;>&_4?P6M?T%@S6pGxDCI-f`3imdn)+lQvQ7WQvQ%Y{=gr~9}>vF4L{!E z-&o<_K?!zn3=;TD6nr0nk5=$80$)Afs{bjg{Nqyoit~f_pACM3fQ7i{4jy9o@>?rMhkwRz^_p7xvMF^H{loczZnU}e*>icmm)#^ZTKFz z7y0jk3&_8MPePZ2{zvJ*M$vzVmHs=T^q&oXz|wzpO8=Sg=jgv;o8X)GUk9_L{>ue^ zK7QGLkf8lsr`it^wEst~`j5xG;6D}@X#WC_C?U)(<7Armu7V@DJvKLOHvjm$IPw3w zIa!j%NQtz}av#_B$-;?i~osVe3#TcqvTXcVfU=S?hKjB3(dl0svTd0m&>$8^WYx! z>9=B2ue}R;WO1jzL-*MCGA(LkI zXa>O*&o+I4ine%)S>TN^8UD?aQP`xJs5uKWE9C?TB3ce+KXCAFq`R`C518|#-qKT7 z!JR)3hlujfT+BC*yeON82`Al_wP;tyCek)b%iI&b2(NyMSL#v526;iAf#Ol2YL;b| ztu5g)5}!Vv@iVB_f}TR8(ZHcuJveb%p)KawdYl$kb(Z>ej{GiszhL~pE@FNVm;>d! ztAO$qq>tvm8SudEjf+ONfp&%9{cF5yg*VBA_=ZlAWo0coI4{AwZ40K{8p96>{r#sG zEQrt8ghHai6EaFqH)39Z4+tI}nWeuF)vvJ;hk*0>tS%PpKx_RFAwWVxkWk@dd5|a% z&}b3zZh~Y-Z^3fIxkIp_k>|907?7pt_7`>>^7km|v|#f?DDO2mjTK85-fZF@aQYP=6+gLT{t z6swlY+VzwUW39U3^S{`isQD@CC&2SnMbqUXTuRjbabpfHD`W<`DVD6oHf>Z^X~yv@ zs41Jpm$ld%Ow>wRC>|uW0;JUZ*NL|EA5~j{sr5wvi6(@m;%f46oG-c#^QZ4?%kBoa zw)lDcQXy#>=AkNmK_A37YRguFb=u;Yd|#fFh_!r5X2Ne#nIf9JDZpljf zXcnSdGuf-0iP4t5g4e?l0}vg9!=XxMT#4VeXMsG3FL)BKq#A-3P`V!|p`hyjc%$^y zQLi^PmY#WWY*bX?rJj4gL+tid;V}pySvROa=}%Nm!Z$;ILq7WIW1sN*JWPibUZ%e9 zd7R-d_?|?lz(>gAi!aASg+`!BqJUZgybt0O_EP{Oi%kH*pHSl!)N6#|$^d=!WVCNp ze(9OF32PR%?4gLlE>mE02(}+o)K`Dhj)igWcne_OOCy`GJAoI#&PxDB;_0g!qX_UB zt~LK2yv@{0p2edKfBnsc50JO$JV(T^-^}3xuBCbS1_6oM;%JtQ?$eX8HSXGFKK&Qy zA41yVBa+7|cXVUpi1G)!MYG`nSo-5>Xy6%vI&a{B4=4VxKc=`8gt~F1f{;G-sR(2l zFacy&hQN-%iK;W5AqT}ywm(GP7bu)W{*P-*zd!|~U-t&y31e1VeG@Bq6WyiU@(>Gx zwZ*cLA}s)HNB_7_pQg~}89-S$TB7PydkEM8OY5;hK|BD4#`kl{X z*XO~}+4}9+edk!Sx=C$NL9CNQ9i@W6FLVP`B^2M(3#lj__aO<%=?lTZQ`Dn-keC^v zordSY{<=ZENweQjf8qSht>KBt>SFb_N7LKQVVuD*I9ffAiFl6w1E;BVZTQ#=S|+4E zhVz;AxVom&5W~{*>&r}442_FopbDUhu`bb4#l~HTD#QMp##p3=&%DV*3JPF;S}p*% z-$<3q8mijMaanO5N)`5F-}BU}ueZ5HJN4_#>kwOz+!Te2>FLWmaCdCz2V=z+PMzbZ zY)9Xdmx0h$fUI#T3I=`NvNUzu=~?o3*!d5!^ACO3EdR|Z=aavOY8DX{ZI^Dvmmh{| zM;#;VXX!OE%hir0WH2LweEH<~D=6xuOC8?dqZ{J4xMm@0GbNuWOhX)|jKAD<_XOSP|6^E5dI9Ml>-{WjrY!G-5|-(mO% zcT@l%M|+aZB% zJNQ>MB4F9S$XQ982pq4TYUaT1hQUer!SQysxz?L=$nAEuxLqZG9ERhy@x$hPgLS0+ z36A%Dejj6pwt(*Ka?1;*#9;}gIKYMbZ7Gy~h-+Q)ak1C$+th^uAHrRI7$j1;CbQl= zw_FLO*h;%5aBtE{e<6p8oGM}|7cMR$ER-z-b78G&I`R0kW&emjt1EYjtf6@DT0`7x z6eQ5_0_&wxd$*t3e2kRci$^eC=bOic)dfXqpc9-*y%5JlF+4C{jo;8}KP)#Z%HJuwPsbpr%`#7tH( z(IfF;yAALpy!N4~!fRjgJ;a5jTsuK=p)WuR ziVH=yxbOk;GkmNiE=;baz|a}gqbI5el!gfk9T3rups*VIM3|sZOGzO|2?@_4DNINh zEc=T{3MqaAX?6#QJOn;R0sjwwD?!2H#iO@bfwp;!=Rlb!3N;jAF+dW@u%e>#@kxgc0UW`^!X(0_vaW^P5v4A&x?C9!-=| zMNWYX0?%B+2B;Sp01I8_z8E|og`WR~;|mI0kh3N?)&Uw&imq286QT+H*+?I`CO0+8 zi6rzNQGKi^Py_ZK-(%rHPGhzRPH1eewqUf30cz#mlPaU|1zL_2g!)0=$%3CLhJ$nP zCNfx(P`?Z2UwS%Z{410sWDgWXIvFh)BwQ^O2o9V7S5RWeDObjdD0CGb;IG!O%QZuD zRb(C>{?}Agj*1$INBFjh9aBzO5N1w~zf$@UA1&DvJ1{$EjshkwNcMf;_BBZX<{hW< zeiB0v54^AyGt3BU?mP-jy=@6ttYKsv8nnoy?Y9VXeQK#T&7$;K3P^+Y5kDz?GONph^L@ ziw#=!&qxP~#BskU0E!@rTn(e5N8)a8wLB>2bB$om5?41-XiVNeYc%OB=sr~Bxc8g4 z*M7JCBwW)G995;ss{^Z9ay4{8o^i65UFwJti-7jX`0umC+ss4s539IGK`k@?dJK`bC?x> zraXn4Nk#Ao!fzNi^N${XhMSrCdq}rP9!BXGCt|fn%7>PHB|@txrWFw!+p(`qJ&b*& zZ=BdyK84!Vyw!7f`-QC$|AR=1zBltzCWnbwF zRI5D@RNudi1tsglKOdnyF{fe`Eg#4{sa0nGM3r$aGM+fC2a2Rv@@=x_ z?Tj>-9Uht45xSjP+;Z++Re&7Z@}f4mjBBw%zO{@1&oZMlt}F<({y4;F)wHny*z3-P z-R3|x>^5O}{M_LXJ$Jg6XH5C>LZk1XJmXSlUEoYlWWKjmzDFYStqdH4!Uv~c#X{HE z@)w@8g4Ei^1lT|1zAfl4_aD~&F&0VTc7&X_F~*L7uAZt#fpaks1) zfvENSCAg1v*Dn{8vWnV9QV}z3`@j}uA0YpuRU7!_f(qIPj#1O%e;iow=Pdz`-_)AF zZ)FSUca1RjcR;z=in+f`_?6bSfS(H^nR~$>o4-E`wFEq2{QXIYXotVwhrWdP`&{Ag z&r|&UHYA1d_o-69@b}672Bbw;0j>iu5G&sPqJ8Fmz^1m${bRs!|0-0Zn0qB(Me_IE zwzSJ%8z@BnZ)1?ZrddGXi{$T5ySm--RMDV(Ez2wZ`Y`WOTf8L#u=lhuY zeR8){@t5z*no0eb@JzgxBd6(m>|cmam$&Np65gUZ|3Ig zX^ip=B1g_@^KRToaVe+%`)*L6W#>hGFU&YOEpW>zQGs4ThKyfY$}=u|MB+(vz=5TM z$B~f{JIPk+{K>}3p!vIrA}De2zAMnlp{K|LMe=E4q2b_im=_N1mBbc20{8%C;*aY6 zCwW+z@!|8qAQQ1)uMwj_pJ_P7YMh0uh>$KdVI(_#N}~XLFox_=Mgb^k_$lNtEl`u0 zlTKpUY-ZwVp2eTj@gw=Sm`(|bE#No=kBWTOc0Nk-*%(skDEj#l1{3r%PWR!y4g>!+ zu`9fEWr=@*4`00JI6AQ$8h5pIi0o#(%gMj%5HLR-#D-%ZP(^&I$i-6Ry~{lwpD@Tugv{LZEwkFWj+sMc3K4X4qGd?RO|C#Z*IrjhS@%a%S5p1=-7G3{m z#>XA=-#k8wzWy5wL?jKd$m^{(IUD|1I+6K5W5S^%;Pf?6C6R>lX6g z8-ipAe{*GjhqO3H^Y%cLEeI0p12o`cON`Nv#AQ(TxIV1ym+da=XVUT0U( zq6Wi4(Ch31%j-JsGS#W;NaikRoe4)(uYEb42-{#f&I&e7sjVLk2 zNi3wv!J4z>Kg&OC7K&@tyg7mhAC&+434aU!uwOB&mhb8Ru7B8qtFc56?;jR_iHKE` zp*w8lA65<+$lIoHgD6$$N#h5b=`NGxpQAJzfMVWMHU zf0zl(kB|&U0VGIO~Y< ziD0aMJL*JdmNR?0?MwD8A~o+j_*D%Izb&i;*>secj}n&gqd>`N&_|b*iKw*+S#o^8 z)gQt=Z)I>Vn}1d(-6)3f0ZwNxBMok48E`9Ww#1b%X)@CF%D+v-rJ=iakyyn3fQL9w zg}sL)p1?>DkyR>Z10E^`f)bsl-dZMd(l6Jw<2?1{x+6GGL2GUvcM?RSp7^muqs|hf zXoU4??(ctel*XKPfcJGCh5PBVVeY4j|A)aTLN@wvhR8;BeE8y*eSZaHqpwEWve7Ge zSNF3bV6I3eeY2&OAMiP(!1G}Q?0**jJqFtGR{YcW34exvibwzcc#!{}mQNP$Z8JW@ z#{Ze|`C;#W^Z2O!?;uo{z)_t(eAzr7l1aI}Mu-?#Jqi2O?TDFO3M~GU-OQ zkS=Oi|5`PT|0s3c8BuxYcwJ8U!4cX#dcX3u9Itb=d1P7n$&DmDbG)mYK>I7vHtGle zmY{j*vIeg&_|Tc!Liz%`j60P5%$?b+RhOwI%HW^pZ3OGt0+#o2@wX0XRx_6M!=l02+yzaoRD|Z);S1&mlw6uivEVt;QtOh2p+Us-jJ_z-sZPt z{nS{33tXCfkY^7Zjs(Z_9$;UWCLe0ac?-kj@Sn`C$gu^>XD_jJL`>_5Ur8}pxzi~(Hgs0j7kh|F@)oR|ks0{o4J%t5io6*T|A2m6j zF<>UrEKfc;%wu`3O~UvIJmMc5)|Y?_6^;xQ3Ug@-oQ9-N^<)S zSgiLu*t}Z;Q-t;Itn5#L3G^SbcyDFvfyL!{T3l=d$*DLfCqKY{s|v#W-`>WwN1XV0 zn=?a;i)3|2ttbEOFVpG!=KVW1)PNfs<+I<&miinX7XN*}ig^GJ%NA_;nFU>mv!V3T z;W9CFg35X|v%(P^-~Z@K{(JK>&WHJ<_IKecKUKD`z5Ql9pvBQJCF+|Kww6h2C|I`A0k z2rPC3HI)9{E_9~LIJFps#u{Z$!AW}VA(R|3)|kqdn-AdSW=CGyPkB-ME%dzsZlQ3B zUd9&9a{zYmWsrJ-##HoUedM*7UTz5z6yLX41i=n4cHi+}06@*+NZ=Ak>fl~g#;d+S zoJj9L)gV78*SDL0-H2Pw|A+}_y+17q=}N=4?O;&R-)F&p9*+Kk@(KL~h$jm9<@KoL z=(dny<>7|!VA&pS>9Hh*E>x&Uq2=Fpj9Q-l4OneLuh~cRtX+3Ac=(6An_(#Sn#W#b z3mzPD`f8E-*4o}?#gJ!fFA&b%-vHrbH30-QPm#kZrvkBwQmGuBVq5qqM1F>CZ!_AW zx?&AJ!wS5pAj}+fFXAHP4%0$E6AhAl}f?()3 zc`u;d8-WfTY0Q(3q@Yb>$y|Jou;S2w+kn~UDxO;Jb&(P&K!2+Cl;A2uU<9u0OC0;u zXosKQva2NGzbq>t58C=$pG zz8=RK>Hv?i^#m^e#NdE&C=w~AP+YivLh~ZY z3`b{je7}n%bE$J2B$?=-B$I@+3+9(4M9Gk=(LU@zyL|x}Wj`r!u=z=7J`f*#y%evQ zORe&+Xg`Y|8=u{E$hv>YX1rfTb$4jSR0NGBI?n0Xpo_zu0{w0z!jjd&HR+RFUt`YF z^`H`N?d4TCGIkQbE|{0r1l?14&W5jY(>}5AU+h~|DCk`SR6##S&M!&mfR0AHCpG81 zAj3D@V02BWmAHK$5Rxz~AdR_#`S0S4#LmL25OUsCTXhoQz zjm}LWLz`@wwG9wnQ&r_@@?c?KV_<{1swcOQ-R5%Z`6`|?$32H<4!-MXBxXN08V=t- z;t1iK(fPjL^t2E1VZ*EcaRfd;q;ELnGKP19e@TmMnq|meyke9C6F=67S?)Hnqq%q1 z=4RHF!TkZ6Zd}}D`2aQ^hdm~Pv7Ec?vR&ebBjD>ulxYPquwiXe)to6 zrT-Uv@+`P3h63Cl+c{s9_lc(TQ|7Q*`+QONhRE|jyEgvk=Zgje>)(2pUH_I<5%pht zRP`U7fBRdYN0Ivdi1S6I9 zIB{{ZGSK6TPL90aG>=;$;qiZnA4|TQJ21Tb=SWt0tnyDGr{WLbunB-LTsTjaXWX<6 z!q?T)uc7F&&4T~nU#4G_)AAl=FIl5c;T%hnf&QP`daS~CFA+gz!qu|BLU<_Y zAt1_N!On2%v&cZT{|wu0t7CZQaRMi-r?q)iU-SHpk{xjV<^a#%h__f^BKL3Wd<}H} zLHXkarxHNQ(MhDYl|QhJiM1doe;`6UzS@^Rv<31>Y)s)ij&S(-n+bn#{^mRD{LONg zlJ?>F`k$P?Ng=hW8T#aA5qh4&Lk_x!zw@B`y(;}arqd)*qTW4xmxJzgtwka^=nnc0 z8R$(dOa}TMPGs;0vE_%Y^19aCB+t#17}nCwOoRvA54-{|N3c|c$q%QRe^!69HC&q* zqKkIuDCrA?f0BWV%@f;D<19yr4GR^?pK>uZ&|DyiH>Znvx z&-_+3Qo%D;1+#JVCOUA8@WWT35dDwfj9-Cdn<nhs zEks0w6om6Xlz%Ev?H|cM*C72c^3MfGvb$k-p)o_rKWHsN{yEW-e>#WDKkB9e|2WhW zF67uIkzo%6|gq2wLTbD)$r24YNqNNbx$7R3qO^3@h=FDsdZ1$hn%hT;rvQvVnoVVn5Kl zvydatc#e^X_>1P9!Xj|Q!Pib_Lv$NMZXN`#)IL6g;~ia)CBHFGwn`C5_DGpBIT_Fi zOQ0|c_#x=K2`M-UkP$Tthee`!SOkYF+&EW8}(T9Eke#)#7Jm$S{Qy2@KA}qMw~x+ zT9sU_65p{CT|UJ>`0tc-+;pIO&*e8vIM6zdP{`15eQ%hJ!$m_YRrxBrJbCo77+;M1 zjO*FK0^B%&LC=P>dHsyhYjV@0X7f&dcr4a?=S0j{OSD#CJB2pY3Hf*QzY)#KcFImAxio84W1x2tiF8s;y;Gz-RciKhfu*ls~#I}?*Y=`s#`b+<{cKT&U{kPc9#zyMy+W7bVmBUB#iKy)8-`87v z1IsIy{tw@B+0pDm4Xt@f&Yv&`5r4LB`x7(ncVjfzm z;x4nW@#%`sX&v=);P|Zg^8e`gsP%Cn7>r09$ekaiq_vD_wkDUdom>r32mL)xCqoav zRSxDn4VFc#{*l~{GO0nk1?r?+sI++(WA}t>(_A=D!+^x&nUv&sG1$W2L8Y~7@>$3~ z;arF^ljX`8MFvORQ?i)8g1k6P6^Rb5W`230k7r0T4F&269 zD^}eD&Xd<^dH40#ygeoEz^&-$+;rr;837M?l*9{O=;a8w5yK>j$zaSdt2X~vXaV5` zOvU%t6Hj1ja*#hn(n2I@RsTdjBzHiv+ZY#P<0sCXXbUE?tGM@S9zTQ*e|6kK2OpRi zWeUjG#(wVhy_27|mKrK|KQlk7&YiicWE58%6!>+x8in7F-`JHzh+hE0E?7vq4lNLJ zaC0c;MpcBNQd|5_=#;MJa=u64?Crpx+RZv!~-kP~wlPgLy>8vpm73A!$=s5}LA{#A*YV z%jIcqOb;@>6qX4wwkO#cNV=!pq}o6)3npm~j%vtSgshg)3*Uf;)oGIDZ>HGu%R)9U zb%O*v>Q+$X%&BM*Th}r9jjG&Wkq<0sljoo#tX(TH?_%we%QB0!4&4#oN8yi5Khek2}pcUt&6Maq6Ey+702zdKFQ zaD{T_wNb(WEaRFo?}L|`6+cSiH;em8Ht0Y7*Ld;I&t@@#N1$!$oYQw(jzrUd%CK2+ z{~Q0u@}r_(Ihcw_`B3~zMaN_*pTyHt#6&QQt^D5_gl_Ft)TbT)H>%>b>UWs_zwQ5a zcBK5(>P%GpDI&Q{eijy_dLU3p@>`_&_SB_f>Mt7r$L%n?|%M3MGCz-x^EGVYHI=D-OA6xw7s|`0)!%a-;uP6LLZr z`vGTgon|H15M7)zoqKG;HG+RKYFv^R$q+>;Oe0pX{J zf_iUbMr?VpMF`;Yl1k(YdC+MKo1CKFoJ<`Oa*1vbDp z%Y2^>S|nFn%z6o~CFObp!K0#Fr+$2Nl*@meMYcr$-`am}+gOnbn)vX=`x+>FJnpmw zi3+@n>`{t2muv?OP1(Sy`*lpYE&mGq!vTLfegB|Y;SXSdkrUs?q~nPW z&{M)e&-JZQ5T`<9O%MB=aVy`MTzIUco5TJHJ^+L~{+VF_*??J3fp0M2OCWr4gb%}$ zOCKGuZt~q_-{uxvsmOTm>Vz@amI=;6bJ2zB(|{NzT(khXh}0X_Y7R3xn;%xjcn?_z zWfU0^9JSre8UCtNM*t--{`(zZG!9N%!O-Dw z!~EpK@J^DVCsCro_`rwBpLF=)RsP90qVJe>@Y?JsQ z)n4rJ=tBnkkj_4&^Q+RBPWj-qi_^)8*eGY5&qQXeI+wq1oRt7qpz`UlxU)C#6@~89 zcCX)Z88LD8-CM%O?=?G|@(J}zS-h9Q(~(CqN=}sF){UNLk~hG}uwh~VF3xq13(O;% zHxBnDR#gzOuppD5zpTRji9UI!vlIrCt2E{uTo;3w%vGT_V0ST!>d3DI)~GCmr2PfUv~ z-?wrG5F~NL+uZ(#X7gbmWA2Oi3st-x9v`C)BV&F2EO|N5-qjg+Zz41B`Y&xc0M0>* zdG7i)xXJNI@#jF6w&w3$aFCJfkNT6^(E8)5!(?Lp$x2jf(}mBr(g}@La7-<3j;9G* ztL7(LF$#TqqyG@C%cu8s;g;sgXUS<->qxv{e&2-rmQ|Sa+CU>`J)1N&13FjCe&~LC z>+&@qR1Ci7E&>qlYL*+=Qs6nK=*#{zOCYJ-BeMu25N98pD%oz|6jG^VojruX?Jg`9+gbh$_vtb^q#}!oXX;t@N zUF1hWV?q@)FQ=}t2q91t1PrlXxqa_qc-8#)D=~|-A91p5XTVZOR^AgtjQM;KB(cXh z5NKLC15QK>gdttb5w;|D3Gy=>?hHs9*dkN_1w`nE>c1kQ9SMwA%!DMcGbn+biuqUa z*De4MCV%w|s-J4<38+=8%h0&%8O3r3RFSQJlKTtpvnI0oM+69ZAue}v{1m)P;9W$+ ze&dK*i70is)5}&=^xK@M?EIE@NH;Jc#iR&Da?yaoUO6}OJ+=gUr2Rvb$@`UM!t%e0 zhxq+Irrsat!}l2`A#e^BZ;gswfCouRc0M?H5Tc=86<=w`bFMRjrf{s;uzQ@;MuRCg zfB0!5^b}3zH+U-i-YPM$d+#u7cQbK^spDyS;Q^^Q}rLg{w@3g_3!DV{fd9Fb=Fe|L$*3jUz6af$p%mW_zv5J>L~L8$g`G4e(1 z-^zx9{#AXgRjG{t8!1N%yE;Q4bOkbQ1(;PAnHFx|M(i;&6qk}>Mx7VrQox+ibZW#V zKM5|yd|PoTF+;Wv!J4#pGIPnmwp}%6t!Xpu{tK->Wlyd>lKmuzpMaP~9?V;|>RTl! z1jsu3*N%NCG$ESOqW>6giW(sQldc4sQiP9*~cQ{D284R zdcCEXu*_d(;}aB#C%(oVDLDlX-S-);Hi!MHD?(rsz=7paaCzPN0I-^iaU9vRN9Dz; z1?LvXu1VE6s+2e6hdf-*n?~n$=5za2V=r|3K9;=@6>vjjZLS(s5jmU!ngnnlW~a9B z2XJ!Wf4I7Mj~tv$wE8T{X?*|{j62a0CSO3_dPl9jj)HsYTnz?B)FVY=Ls`% z2@;OS|HV;bjo~S z`Q8yTlG;`w0J%`UgI37{+3ZON=|T^b#{lIH#}T)>@(}-pu8h#C|B1Y9Ym;teey`1Y z7xm`*HoDTj&re&QUw;rMkD!-u_gkMI^^QC9JMGSgk%8L+XkV@~#hrE_Kl7t}&GnJ1 z=1J$H9E~)1z_*|nxLkL?1Nl)0+?l)JOrp4c)8*T#<93}TU}?y^m+HVs!Bp~0+}F}= zRMcw}E_11+2o%IETx^TMcN$0tN1e#+r_n|99T=fNHxQBUUy^15@~{>*(Ke6*M~}A= zi)+^Z#YEo8MS~MI=pvB%V%$FnTzCl62}FQjy@d<;{eE*rnK;uq?GE6=%qf`65CXV; zd);Y`oO^e_y<;H93r;^&SrMfkLGsOCm?#dwv{Ir`P;~sQG&I`~sX+iT(89V;$x+<}%_J-2@>24K^z(MtpyXit|2lq>`m?Olt$6VLhkS5xWA99-0JDJtRth1#J~OnE*Ynm@9*I0 zzKk>%QJ2j{)bYTt^8KAc8FxO2*ccjrfgjt!y28P0MZrnf2nV#>-pi4%2J&1 z&S^i6i}q&RWS<^=*a1-e-+^vL@^IWO3dF~myWMOzFHb&Md!wMko>eg=u#m-H@~lvz zOYs2wyl$NAAHR*}21D9KO7#YfyhBnkCIY+4q3Ve)nSf!!xBd1W@^mks6V>85W=(dq zLw)4$1Vpz;^dX6kQqi5zya%LrO?C$d#rXL5pAj(D8-v&1AkF6znE!g zdZd$J)BIJORcvS!qOr^tfEg7RwOu&OPvMi z?qX*-=NQ{evGR9->kZ|NLbq=_OdWDspSQuNGbq{E>+pS>8sG&}s!v6Ve9`7O1afg2 zyw~KM`i3~vTNs_^`$ArTc9Zk8ya3KLeNk(jw#F$3M;z#(mxzwD_Z@-^2G8Fwtd`h| zqup%dHEzZ{l}~dv+PL(LXwi-ni9Xp(KY}wZW44OF*o-dBiac(^! zr~aERd7VGbGoTuZl8c+?Vj&|=``|u2O`=#-%<5LjyUDGHP=r$E9HV= z&9yC%%(ZZ_icq|Y<*+0t>~SicXVUvy{H+{Ke+&w%z-X`#-Ja&&9;@LYE;K*>Q{I2V zLr!IczyHCh3^|n1A7m2e>7a!)ulRz&CI(#++{|DOf>7u%cs7DZ*!eDyY37`@j+C&jCe$^pFmKOA{*<&PgB^(R)@!m7Jw}_ePg>pWN8tP)m?b z)Cv)J`Y9m-&)^Xx0@(n%GAhOLx;ra?8e6UB@|cGcP`)e`CJpcNEh^7 zs~!v3fT4ZQ19B5dXWK``ufh5tEy=Jb2aby4Hp+K{Unao|=m;1i^<|R%Y$b)PkJ*E! z5vAWycU9G+UM>PM)wYtDC&vF0CraWstDq#N+l8Vq^tt#Hjg!faJTZP6@>5A{ACw4v zpQHp;M0}rQ5+d4B6VFAxAvN)Z;om2@4oP83;)w5)=t#3WK;$6sk988@_f_TtZp)=G zT|NweF(d4yZH{f{`0)AM&naVot;L*#{Nsj0a)6|TZ%|N?4X<{s`XvPNeA{yB_s8Mz z3S0>3>$yd%UWoYI`DMpLyuWbWQe7OhasX&^jclU!JSa;>BH3H;zB}L`V@7e)Mu_Rc@>Z0|`RdY6q zew*h5;CZP>Ay>~NP_vmJC~M7cHV5_J2=Q3&CV6f)-?N?#c%nUXh4ucL_5Qp(Nw$>! zd=cJ{o;1b3`X@+}%>SZ4Bu|!o?f16y2mVYClhcm9>QTDSOo}4IngD*bi{olWk4ALh zSTJ}a5kT}WEfXB(X>czwJ6r60#+qDbKah^@WzLi3H+3>NzLS6Jz{e@ScaX3Cxt#q_ z`0|e39p=wdz$0U!oDB9}OTg0Bx@SkT4vc-PI`#zXFk+8KSuPgn-cXtOe0#Ncvz`Fd z4o^4AZ=hF+2NwYP?tuPR1SHb@8(>FkCq@Cf{y<3ax;qhS(*B6$L679M%xlCx8;b_f z)`=WnbH$|fE!vw2lfgaV=tJy+8GYkj63s-eE4EdUd1xE+GU2GfOmm55drfVILQFo zWPvu>g7*0u8Jq<%YH*Ux$FJqU6m*OPw}TDtq{;R`?LAq*y?B8P)QWmG{p%qc+}H3f zO+SZ#xxPu7?ki3AwVF;>O?S7N?rRQ|rV}DtcGxZZueVy3`J1I$|ENY892HR1d- zr~GBaNL~L#!1S>$NGpo^naf|?*y8`~a8$z9wg1n!zxfuwQtew}6xUy$Zii9tx2qpt z|H7Z8pTjI$&SCDihSV6R``|ukoZ_^{sxM6v-L*HfqbYmqHAwZYj%zTB;{hrya|vQg z*dn&BO|2NlR%s<1kD&%VQVu1GvmYz2(D?3iHZ7CvWpE;q7sf3Z8)T9Kssw?Xx{O z==6;KX_ZePz{vx%ky5$Q(`~8Jz{JP-pja7PzOREv6JBZVgG1vUv`+honCO_H?&-s__vAiU|BBx~5Zqx%KnUTg+bT zKL^Q*A5jHTDm?Hi8DttD^+Y)+k?qt|bbL02DNPbXkp>Qgfz z8cTGyt%6Y~i`s_VkJ@Uo&cI^`o$5dmRob#tOoJH>G8x90nSXo6>L{6w1poP}R|@{0 z)ck_8ps^S$Je}}oQ{sV4w?%#5`0ghG?F&xeA*WipT%#w!a@n$BGIF0b85lkp`~F3h zvY~u+AVJuS)6561j_l#>Ru8k^ZNG<><5f-kt$&vu7UN;}Fqn3}O3Q68ZJDyvADPmpBSywgzb*SujnBZ&LchZ0TO+o9e|PX7i$-BUu$!fD2#t8(cfB#i+|3@p zNp`cE`?#BZy~o}cy?CdlH|q`rc)tSOE{xa`RA!E~>guEF>iN7~*X63Nu~OFq!MZMF zT|9+)9s=fVs-{7#Db}hfP1Tffc9I2ES5;G@)HEhoQ@mYM3~L&wYD(Fk;8;Oi8nVtT zxlEC$41Di-v?UlP&a6BM%l)h_Wadr+7-L_gt~6$>!j~QU62Obqn_HkeCc|;k`~2%ygrjsgRi_sZ0kXQ(iFBrOc$E_0b4${SH(4K9_vS z!Fy)6c3Wk4vUa!Aw2uOr4qOeU+(7GQAYcba0*3 z!Cw(DpH`WQB$F?g$+R62?I{GzR8{kXJ(;OXFw=u}rdnp|pfZ(7rf+_+hoq93IKHzG5c(+oCy5gz z-`l}_Q|-zov9dQ*rV*0qfncU9>`Y^r>28&&zhs&o%rw%@l*vp}Ri-S-G$xqoR6CQC znJ!eBQY2GaFjJD9Nn@t|DpLo^6cfzUftfhI`_{_%?te#+@hr*q#lP)w*o9OX(VYmG zpQucY$8toM1~YwXXZnDdUQwBzlT7ynGp({SEn}tyDw83ZZV6_3(a!WFGu@yv6-%c4 zV5SG`Om{KUNR{al$>a=X@-maqF9d);eN?uyB-_EC?fy-*>zc&6_N`WRnU8^!( z(pL~amk;02gN|l}K@GjG|3jyDM|0aQ~Qiv?O*_ zWe)aH>r2XfxZ57Bmsm#D7Xs#5Rpd(Mtr6}d->EDjc_v5U-Ok^5AUvsICSsz|XE zxiMIz$SyLGMXpsvj#WisR1vonIXhS+&n_~YMNU^mb{{W*?cl>VbdVJ35G>N4McDu2 z5J3M|$<&{s$|S2Y9i_~NKiU01w8rZHZwQ!cQ3UdNKL<1!PHaCSEcXM$>_qGUj7jpL zS;As$`&F?R{mkDk7MYbI^2yju*IcedWGCobZ!*q_ua|K*PJ9UUd$TUL8;-rtZg>G3 zKD}NVP7(Py1r7E`TYpn+O}E-gF@35n%E$e=^C_t8rbpXNn>%_*%jc?=&y|nd){%rZb>SUC9B@nzf?M#Wi>`d{@v;^RxbDcYNcdYnYwq>lpt!}k3r(p>Wcf@-J!|9>J@w0RM}JBtP~rp z*qL`&e8(*an0r?e_MkjI=wZm?@4$ymSSZCmJ&r0M|Fz~XN&i>;3X!;Ko#$3Eo2g_w zQ_LH9Obj6~m-M+bVn4YCQs59=9YF>nMWnmG{eY2#egN_v9V2}OLHjvg%_@#3jhZl~ z(>%vYZlrnva4Hs37)sw3W!AK~N;HX)L6he753x^t6=wPD!-@c^e{JQzkjrZdTwYNz zA$a+&o(^*gZg}u!ZQ4ad=t2M!&>t)qo}s~u`5cE+I&Z{(GPMt|RtGy7d&yi#fv2G? zSj*m`D1nG;NGpLYsjehNeK9Wkj?_r2vT=hWdP zn*&o!z>3U)^oh6p|0xUbt9rUE3or|uiZF8UT!qIkl*kwXBle7YHOC5E)Q#G62!GDcVvyS%B;l%+C8`Pl6;3(4$H7MOCRE$~kFLcpJ ze6pD9y&%Dxb)ys!Gy(nvPj#ml; zF|5R9nkrFfl_*jrqC+K!jpL*QY{$gL-{0nxHi!fV{p+;~50xK)=!SLTS`l%r824++ z95>Wz=m6ZnI7|f?jk|8{?O4&9vjN?$z7j)@^h4&bjIF2}7J+THh@|ReF@?;m1+&1j zDhvN%&A*^^aCM~ke}mn^7I`9`#E%&;-L>c6jp011gKB2)h-L%Ni+8s={~?;BBl&lq z)_(h`p+y$qS1w&QAAiv5YhZ=6CoQcPomFF~i@LWo$)P<`cQ^y5S|7i2up`$;)z;;m z5S#DYtZTXO5XJn_I*An$v2b3u9PM0~UL$cD6dcI@Zf($hkJDt@LfbzYh~wgoD6kg5 z#TCE6i%MrXnlXF!5UjYlT499@eKu2Ray0jJm(;OVY7l33d3rfkC>;!ZrsXyZ;>^Iw zz!?x5w1?wCUk<4wI;5Kg7jjVomDZ9>3L4eIbF3{MiE7f!d7yn{qLDMz-=L&uHGZD~ zNQ@uwQE3`UOMsF>%agoWYrf;E?np`(=*-n@J_Uc6HQ5Q}7=@)tF(}+vo{9(m5KKpq z_|Mb~m8yqQOA!QhYiTT>j}X8BxxG$Wh)3C4DaPV!ABANl}4py zj+0eex^F&j;X_)Joy}H^wi+Tc_5L;k~}5h zzm39E^Dg1<8zt!pxWE8iFH2yn@O3Ii0KSL;&oZG1QS(_0z;ZzJn%WFLa1_iZAvi0h zcn@{)oTazOAR;=O85+x(kAH#VP#d(t$-n5m9m^6CV_pd#Crqi6AH64J-qi)biY87o zFi_fa896bon)xZH#Ep-{8}!^&>pQ<Ojzv{V*~NP1huWQeIsZm&0VClV zV7w{tVif8RjnMo3j@#$3r}yoc|2w=ju#B3_g2B}C(ZRBD9;@P?Jy5Qi@+4NI1}V7w zF~8RMJP8nRb(=Qt9tP6tt%T(qJ)DQz;5O!~@!AVl&$VttPslg=M%B_;D-qg3`Xw}p zctWgDQ&XGDvK?xrVV`=dS;|S$2g|Aw{;tJ=2<=XdLx4>JL=|e9;yAtL;v|=GC);%U z>eVzg=X>keEQaMS2fbi_-;)13w1c~G+>56;RM**@be(iSj{<1(q|Gda$cureYjUF# z%9VY(YO7ZHk~$Ff0M(PywY2T2b$HTTo8^qoq+in9D&Aii9p;^5{od@Rw!-rH`e@k;YPsq z7iX|NTpK z&J_Bs-5oN!Ue7NBaq?{uydwY8N8Z;iV+YI+mTqiOq16cKzUE~_4s#~*z}wBd z6;CN>exs79KT_p!Ueqj*Z0l5x2FbBo)iwh!wL&J%WBz6lM}HK668bk|JZK-L5r!qw zz654W!333}ZJC=8%{5)&x zTdf8bh7n%`g}=EP?W0xu{F-+u>pA2(n}8&lS6cNasrs{8a5oI@gZ8bJ@gEkMis%~I zcL+ipK(J2io5uzrSP%|@%ec1d@3U>sx!D&0eUH2+-0wJ%sC!;(yc(w?eW=N!wJ?<$B@_V zmcVYaR5cV3gc`WDeh z+lBwPR7Nq$q1hT}ShIyT6GY1TL;i0DHmb<^ zs874N=@B`@#{^Lyca zphD&&s)?}3A-KCRrkzneM}l>e+X1HkZnZ&rkz`D7@*e6uGpQDcQ_?&0y|PZ;5e`qZ z??l-W1J4USsr&sO!TCPal@z#>t0gWti-P&s-)dUVrQo|Q-;jQA|oJI!!dG>%5^2Z)M$0#K<*jRk~gHz&wDB7FL3g(KG3nG+j2Y6zX(z0 z27KJQ)>rRco8oQ0wq(4w`PP!NYrV~-CEb_CAzfC-igbhmS5q*oLkRoxB9!vgFHOMP zkc}%!nS7p|%>93sN@op7zm@4Hgr|>J>0qgtek~s0W@y7+#YwWLBZeF^fJ=yhCmCQx zb)(EV-0}|;>H_C^z4K?@=F>bmJndMAYTPyR9|Z--(U$LsnTC^Cs^ftnLhs3K?D)5u za@^&hN~qOn&c;x+-i#95TXaXU81faCRA zt%_S7CO%j8F-FbpgWvR$KDB)DoV~0YiyK)leGUhOvk-SH4voaCxROnXOF>*I;*M2u zYftPAef}~{y}fMqqF=L-{O`+qWAr{)MlFu{)j5>56&Y3#n?K3%*)Z^d-hfFBr+JZe z?yN}f{H631y+#z4g;m0ufV0>WZTYuC|I~pp_G0ew_)Rb2@3o%cR*w=t-wNo@Mcl2P zo>q?%AK!?$la>62lu*ACcb^c}uf$KklYZdXtvql0n?iyyLJgy!)^BT%QMFr%-xv6?Sr^n}pm|>X1EogNJ*v zy5Ur}u1*P#jgdU&cMQIv3W>W2ZYx?gfDkXmr&;Wbfk^IA_ONnVS<}Br3V}Ojg`CrGXNa)& zqNe9T)K4O3J6Ne=eDllkX1b2S&kby%s;&&zQUs^(&K;P(laOHgL2)_cTp+$?9xt*s zk&4yaTSCmne3!GQxuP;`f1=}9Pk&L^k;YbB7Z4`}VrFz%c6mm+=T!P?dEZU(?kg?n z;@x*^NvwC@wV-0`;lI-HgY!Fs@RhIA5DfGivTk__6XfmKh&S9XRgZf|GT)n14F7#( z(%u*zC-mRj0>;gID81y1z`41`g-yVO&NGtHpa<^9xgh_1kN19<;%&L6tgE+W^4v}< z*>d1T@1cn$Jy%L&k3p&mV+f5LtPPtzL^jw1jPt{y^u{_78-saR9HQ@TxO&yvjF0tH z{LeqpVr%|KZq)*773e3NfO+vQQVHHf(efb~h62&;gXsXjQq?kNoMLHacF`w68S#nl zvq0Y_3{o5+i4MRe-c=^4vsk z^MsPKjDkmS3)hTO5K}TR&=>S;+T5<*=37dRN2nw*(8b$aQqs-aJfoyDa9FR+Z1QM| zL+ycj{BNOmsMYChzHIJjqoAqQyRXxXL3s0AsB-PXb?Bgg9HN!vNmT6R;BNipEZeY* zv2v_SB@IJTpvc?oDLJ1s8_X|&#$Y~~WDn+pAhw8f@+;izkT0wWV!Dd`1q=j_XfwwR zVL7m9tsEQL%1N9EGqWOW`2EjEDtguUl3m95f_o=h&OU zB5Wz_6&PnW>y;Y~H;2DiOs{!cd3Zm<`~zoDKLUuS0`~!X3Smz&M~W{q8E4oo*P3VA zuioaulKxe7v%lx6Gm?MGwjt>*kg&YB?VWk%FLSNd0}H~jl;bxezn%7148)j{zr}dN zZ!!vZs7No37K6U z*(MutIa2~Rn1c{TD}6CfX#^?7OhOD2`+D~d@_gfMKHalj;uU|q|2xc@z>dL94h*+P zYv&JwwIa;f)3(-JkKED_QK1vs$3TDA-ef*GCwwxGWWQcPRd<^?R{pC(_8@}mjTNO> z3_@8OE2u2upFfkNBa}pXxYooqi2`PNt^YWr*XoVlaaI8Yi>%-pZ!tr9%{^+PyhrJZ z?qM@}&1<4Z!f9OJJ!=`^U6H}ub0D4Eqtr+D5D2_69=SH-!Q+G~m5L)f19eJP2F?s* zcPx|5zD<;W#se$yUCXLTAO%=>eH9tks!znb%7Am<3z4N>N4;RE#R$^%*o$a^9P!g zX}y;$kXFuyH<&gKt06{)~6RF=_e9!z58 zgCA5&&z*HhDN?Ls*t^<{ZD+6hw^+>r|a! zUr#61d~t}D)z?Og3w2jJT3lA679qBnwm3!Z8l&2ZHuFLdwe$=g9}7(tg&Bzl&){>^lF}y{l*pOc+vUJ~tS0y}jYU{$QCE zRlULL-bBBNzx;mNyvI2R7ToQM~;hxp$lR7FIB^sU=1WxO22K@f=NbC%7V4LbY4VH9>J@5 ztEwd~SPMy}xrH8t7z_G|c(cw8)^Pjf5j9M~t9h!bVa7;K z!2ivnvxSlM7E&aaIYqoLEQYVP!Tg5@{)qQs&O%5R783sQ2H+m_ms26rfxj)V&%s>- z{DGKW0=Xf9+Llx;Av;d%j&+Ja5(C+6GL?9RMM#?w$QI&ovy$1cm3s=S^x~3h^Q=$a zw--le0K{@}fq8UHDip`0d&M!Sm2nbq+OTv5;U&8xzDg_>r}QUMc&8NpBCK1%p!9D{ zDSF`DLLC-6o8`H{>A;fUEnr+4ycH|~Pjk;_sxyiaH7_i|R|cLU6zWdUBl&Of z{_S?gx2O^=SVl=1UCSaV18kWi|7eT_|HoUPsc}~1=jrLz2#4LzsfM}z`wy=Kd?}oN zpd5c{;Bi?43s5@0zc)J0bE;lbnxJRSN}%fjd|0lNdOWO! zt!1vAnU0H`*$7-a>i1%YSgUY5YOUEVSeY*;CAi5on3sbrDAF%|CEQ77ziHMiNQYTR zl0P1cJ&2nOsQ$|r7rncRIR{0YgCb63sSdMuIfo{Av!Z>|qPjRyco=-&Fyt>MVeI9i zU89b$Y z0&z+8Q@#qvpFH7zR+n@9N;!TQI@Lc8A$!6hB*b*-eN>*W2Q{7Z`Chfvb6fa$vWv`U z{=+W=^vl()hmVR<^j{@^WF=eUhl>P8!1a*ZtLi^Cc(jfFXQ}>|0^Q3Sq(NOxn*0`- z&#U@YU*CGXA4Lsjyh@#HwPuYrKqWBdPo{vXTd9IX#h8l~w*eOFjR=dblt;cpO8)K> z0np(mR<=z{7)s5QrV%An_--+Xb9|Y%=mrxXF-D8{#z##%o=nTOd0{pg?Q0XjZChljt zcet~~!}Hb)!6&F`1CnNghUsFt#gfAPhD2Ny7wjeNpPQBab1RXsVi#wE{wt62X;@ES z;}VHq>|83(1$RJD*x|r z3#zOunImZyK_CLNO>@h)f)%g2S|hMPQlq?M%rn1}T&_tfR}hc4zlH%(rarD?8;`#} zS9x+giWc;W)$B9|%7O`XvNw9o0_hF6)9v#9y7b1p5d5EjT8v+1VUj>CGMUc_xQPwd z5)it+aB72{>8et{8O>DX?h;(;Xg<743ctsz0wq$Ny2hRb9w0nMY~rWrU4n#h>5siK z%#Q8#?kF+YOq==#DtAs=&P<`0xOk5Pja=Klhc?znI@gENs$vu)E*WHg0ASg(xM<_9RYL=Y^saAPE0N{U_ELcr~uVLc3C)Ag~!hyH;!s zyrBivViTd63LGKg;Gy8EfiMQf0-9Q?9k`YX(Mplx5zJqvSfkcf|EX2;%V&TAxM1&( zTq%#D8m@V@;*Mg!Brv6<^c{IKcwjJuymj#Z#*Kydwe-i0g=obwWUFZ&x1l9?CoynX z)i3Ut+#BHC&CIkkKZZl>h&wsy3!R1Ln<*4`{yu~ey^2o zQFJ5riwl666iF1#w%6U%bGYurJ*zS3x}I&`m(&(y!GH7?-z|Ze-N<^d_etuW03OAt zGo#VVd><~csDrbCi_Q#3+?7K#+swW3sF1wYPyKw5TDA=+{^wbl-__-uUwi+y_icM0 z=ZAM*I)HOfzRgV{85f5>eet@CH5_sh#`q?rfc0EOCn2R@_&{5@1HgCynn2a)FGXh?&7Ag>zt`$e3z!+_|HRc60&2)_*^Loe%{xB^QZ97@#9N) zE#^f$ZwCmnF~4AL52nKhj}jBWxcq9Ia=WdNVA!8s;Y!qTJZO|u3B4pgT@iK=tJv&k z!I^FL28ASgD5iyNpfH$t#ph<;&;}L!1MFE3^Y0u*3F~nFofhe~{XDU%*AjGaYfY*P zXL9OK!@U)39t1}DBeFj#L)NQzbVGi8wojRq&3UQ*7Jh#Ry6rkBDb%8=fpzK1IBrO? zQ}`xgQ1v%BsIj`QcOceu`PdmaDc4+?r28h~a7LOW<8a0m2|S`Y5xw4K4q!GTcFxTh z*9Ykm*$60uja-CTy)sp=xhtkHb%SctgX_Oy_rEp)@$o&+ILYD9ma>tam}o3UeZhcjd8QX> zRdR8l5nF+~e<2^lsVOOFe+cr~_Wg;tTM1JG(!c9u>8|G#&IdLIP6nbY`8r50 zMds6A3e9|U2w-|ahP4e$owO<*ssT(l-ZE*bR<#~47>&{x&vlq@rj(ac zmrlBzrNMJ?Cq*d+O*Svv)fPCIO0apx>Mh}sB_Pa@+PAL)&WuXM_OLT?0~BoVAC;C9 z&ytoEU(Lo9wSv}y4y+yZnvrpV4w&B{Yen)!2JKNb`iU>$@LoR&tE<<8jN~jwTR4wq zd|FW<<)iS@wQWcdNotDU1ASrJ%?B~0PtA&dKSj}}`GnHmS037vm$GD$9F23eaW5Qjr2=Zj;zHy*p^Q1wLsbZ>t4KjVWvGY^qA47jdp82#0 z6KN7p_msrolnY3ClX=_H6 zEr&j9QD4B5gLLF0tTC%t&7lN)N97BU4n5Ds3Nm7K=wHoAF=_~l%m+0d2wt^>1BQJF zK8m`pBaWw`Z$+Rlbnbv}4G05PpSZiSJ|k<@Kf8&3qQ4N7l8Zu+^E*It5)mF!Xs%bg zkeks*1iVIx3$B`xDL7`NRo;nC;~=^Jl#_7EYb{MCvUMMiHat}48u7QEV(qzR%$4Y# zk$CVjE?8`{J6~q^5|F2V0*Hi9kMn1sI-N&%jreYeGhabZ{U@n5oRm){@l6D>jZODvO?}CxzbOGA&Da#( zw-29(GV|!`feWE)1IG)o0fXEIZDB=;y?PqA>iy{6D#5=O}C-jZi-9GoP%a|?E4%dagmp-46fg-)OfNO;B( zSwIA%ES3yI)1YU5HvPPiMs$NBMaIxG&H&+buZL^^?oJW$u~>LhULXd5yXyq*ZVbIb zd^iXKw!`ST2$sJl-59^wo0TiM2C(M)XMy4F34&v9D!93if;Ylid? zjLnAr54T0ylT-wGwwQD9&n1|o3i?-uCaGU;*d$e@s7X>K)bw10Wm((aw#Jc271_&N zKfe8mBH6@M%1~wbr`W8wOq7}*%l`^vI+YZdKNwhWFw}i1(u^Gf4hg)KE$t!z?<~NT z7_iUcTDIWFK6P}jKpQkLXXJ0Z(u~TS8jSk_ zQA&`0;3nxi2TG;Xy8u%#zp>vIfQN0bGSels(7uC;aCREf5;;Vdk&Vlzar*Wnu2Psk zjN8$efZ12m@eLVcObd>>=GSlUm=Bu>PT;ztRw?;<%d{@==_l?L1Wx731x7)NA%YY@ z;8^hkmgO7kxGW_WcuLZe4!r|s9nv$gCG8h}6e{h5{Q9pt@_ccAzkj=NOw@=iLvcAJ zaEKoo06+5{zr?``DE$+3EaGzsYKESa=%VX$|Zi531((YZ_(n7#!G+GQs8FcJ;u_;+lg^xHiVTP`(BdTR!%1quh~Kyb43@ z<0T-%3-d0HFP^rT9EuWQ!nSU{eupg<*kZPjM(lB1rQew?Jda5sC) znZTBW(N*$`s|Etg4D=t11;>t@FxwN51PhR$?~CAf2&%>6H3_JU*lIUtezDbu1yarw>AwZRS5uzvsjF!{45Y~5VgNA*NNK~GL+Pm)4C zQ8kif7d=6+8wKdbW)3z+LB?jeX7)o<~!|iADf_F%9DxJLczTK_| z#~^H07IX8gQL~~ZPjwtM&)}?Fltkc(lORv5dB{eze`2t6uN)ti-YjDS{+Wtac2_uT z4wAbjj%=ci>+prXZJvHUmArAN&;^jok;UHf9~s4^0AI$nptt5l=oD*X4&Kbq68xS4 zHZ=;S3!Ks>mVS}7axQ7n>%WQt0qTy{hIjX7o%bY{XIGc6Yj=Mh_8ijh6*IvsXW)h7 zC8{QjJ!)9sq_zb5n`rb3Nt@BCrFiQFz8O6tqC5oSg4ygsmPX|{3iyqbF{>c(Enk#X3(dK zLn0Y49(C*!lpidtB}8jDRL*9#gpmmhr>JlW!|5uV&M-b6q^7&c4s5pryX}BOh(Vif z+{bPhiv?rMq6@&gCBU)?JU}^^W~5nGhOjit`Vf|8StYHZk{4xaC9Tpa`SJd!^)6-b zzQlT$a(J)9JJ`fCIdZ88bEs0}xme2Tnc!CNUeakP#slX9&BhBc&%2}ODni%eWI>-c zed3|bV4q&kU*A#**QiC05;=wt-UQUCbr;at9KJRH^R6|b-TxPF?*blWb?yHLVKgFf zf`CTR8kN={V1pG+#MA*%CKw=iBVJn5R%wn!jgUwbiiwjbaTrZoY`q;zTWxJ?t*ut6 zcq#}56srMmDAuC2`c8utwJJ!D`G3A^?{_k}sqJ(AKOW7zm;LU`T5GS{UVCkZ$#u*< zFYX{+0eZP_0+IPQ)PmJY>6(f>JT;4#GXzJ>5OP%ebApkUbqx}f&g4;Cx?%oBnU!PBvgfsfkmgiMl0aWh@^oHF7r1tWUhQv; z(rf*Vk$R(g3Z(Q<W!!gbp8M=w;cClVSd zltDt9zcC~%*XO|9{W3b;ry`FE?&pfAP>0ajEt|H=Rq?)alj&btzd6>J9=-&thS(>5 z8B6Mrw-B|z*BTc~xF@_CF5w18{>!O1J2V;uel^*U69qb|3Xh)Efr+JGoi6oEuw~jS z)`J6;fF^qFLTjzEfL#kYZS$3vp{Px;vD#!*{r*|%9glV({&3y^eY`c=Vr!T*ASh^I zcnQBbZFSQ)Io4-vD8M0Dafi}19D7jWjcSgjkHwB!BJDZJdeW^tDHyX#rcyphGLa#Z4cG6ReyoYu3Rb8?-Bn_9+@q- ziiP8;-m7Cz{KtxxkPf#~e(ZQ^K1$ge;;hFc%I>w2CujsVlA*>~Z4g6GCKP{NVSK>5 zdaH3nhZ<*fQfYF2`Y^{>C(;Q`2~`k0MeKAsS1(|Vh1OeSCcyoasqFx8ySbHuz1Q08 zK0Ma<>|RcF!9{DV%pZ>Ldv>cyKeNxVnT_k^_RP$79m~w@A?NlpvmO6_v;WzxN{eii zZh6&4S*YQ(MavfJ;VYbG~EOo1+^qFXCff+*-lIx}>l)!h>tqk*D;cp7XWH$I4lfYZJ z(Tr7bMIkllM#WWfiGQgtbT2{a?4p}a1Q7RGDpa^mhVw}OesTUpfx9}3@m%*3jA!yg zVmw+yYZce|`uD|kydU_~n(j>J*z;gIBndvXo$PKDo?wN?$m!b<9Xb$Bv(0lF>!RZ{ z>RogwoMyGufAY7|YCOdnZ17F&2-^s2ewLu%)R20W=&d`AIsap!5Yasb+dO&LQ!&+1 zBwXU%!(T>2@t{hj!Pjh%Q=C6P&fB6y+4)wU{9xwi zju*Ds2ZeSY6zhXjqTJ`DxdmoJ)V%wsdm7eiLPTTCKo# zUz+tqUD7*f9 z849Q|3SjY9OTDa*nS3};xS)SbU?U+>!P#BkRPs$>7ZFqjV^lsBnSz(mzF(>M$u2_p z*^mq&5Jb_F5dQbOev%FB*at!||M!JLj#m3xMGIT41O#i5ozMcg3mh%f2JIJ7v^Oan znA=4PRggk8(QB;XAtKxsE%!`;ZjoU6%bPlbCH!%Mqc0a{&^lQ?k^{6aa_Q(kMdP@l z`i{JGlqC7E0$-?;4}=3rK5UR0)q2mURi;k4UlX}fPV7P+FS{rVFN#&xjLiIa>T;CJ zX6S}TY`MEOPt_t{wy8|&*j9M;yCmJj>4ZG0NDX>-dMdUpWW-XBSloIyo;rPpcRolx zGQVV!jn>5E+AT4;Rx&Qb*>hJke0ZvfW{7-tnbn=0z%R-Ne$@ zEnvhRnf#yJxdL0osq0~ z>^^z;)U6q*A&*T@m9Jnh10(^|MO^W$1f0I1+hERy#QPe|_Tw4MH^*lN<6UgkAD@9gs{OU+lgLQRE@mE}8Fg)sME=y~MqBO# zQ|aC2^}c;nqtHferZZu8ZAv@7k&3)MK@Qkp!>=Womb!w;WgcV?cqI$Z!}zUAhjkNa zaOB5Suci~aF`byQ>0~7pgOE>?6%mMF{Uq}yM_bMqqE7l|v7xLRe#k_Q~0-AhJR(A{5uzkB5wpEuT4hJsN-D?4okqf}`KzOz+I@n0FAFdy8YS za8hyD=86GNB+A~uL3{uef426yrWO>MdjDbYkFPQHTGv;gmswL6GwTIA+lp|x_JI7QoD9S zo{?H3q_z%_Wk_uuq^5b3MQX>ci>Iz&-t4J%-MpCxsbQSk$vwcOtAJ zo{LWPoh4y!k&K~*{8(&y>KqpK@i0s$#aHWUXgOp(PC;Q|?b3R0yZH=D#D>Wn%RiBYHKRb;Tuqc8IuOuZQUW(UvgnX?i zJvDbxQOMeS=&<9?wxGX5T@{ql*GNkZSzvNOffW8~bP_Fk3T-h8O&`$SxR^QBau$WH z{q$2T?uDOquO8`Hsd1{qnN|)~D^6E(HlHSrAVCC&&5I>AuP52GXmi&#E0%||VguC~ z`E21r^*cmhpHfS(^a0e7RNh_1&OTLP@!EDPD|^Tpr&(6Dt7e%QpdyuRDoW%LC*`dK zH(V2I%(IMfx_2%SiPYI(b$d>gihOrpjEY|=8d4;z4_Vvg{HN>1>PTVc&0eDW^8E^h zDhPI;zZos<^;VVof=UShd}_XG1He!=W-wg^0DRa*9Yt!q*m_xoE&v7Ui&W%0V>mry zh}l5yy+J7lsMtk*cu^Q$6my{#RpdXN$Ydiw=i|eXj%?{sHFRx@{kF@1T&2s*%$^B? zod-K);sqL0{!~M75!cqyB@C@R$$wS3(ErNc8bY5v+96ag)kvF-Kk`;BE`&opmh>*O zy#0+m`^3`rAz*2*mxU!SUhC%p!3=8L+|D?IO5QBxk^bqr z&0XfiA3mBZ{jcex61>!Y7kiZ0HEjO=E0wj&uX#==|GezSpGn7Y#bIhH4me}2wQ(z} zSKEv%=Rq_NjH)(5nQUC4#$6lHG;nPIyxHhNNFOJ!sjrhD5&08M9Esvz zksQJ7}nluXzh>PcMBkdd-Vmly|P0KKjY&t*@1T z_;UH`e-Tgg>hu9GR+O%ve~yF)VSgBmQq;skEu3ms=v4mYQBc>MyBu{n5^|ceWU&>O zv8iK8FcCu@fT*gPo~q)sg})ABD@{S}jMQ*~v}ZI6UwhAJ9a4}!0xhe&mBZy<2sRM@ zQX%Vg3Sx5~o_{tJJm4w%3iQRVBC3gH#_^Vl+;ST+0MF{&P*%YqQOAz`(lYnCHV;CX zvdrsQP8(MF0^UnNtT58)($_Zld&lPgGd)dAO8v1B8iVi7)m?lZjs+ix(?gh-s0;Z{ zn8)0;P1{PYt;)MY0$w3X=j&SgMeRGsmgRK>YtcE2kjeUfyO`6?(80 zU1l*3fcd2hvjn=T$q4ikZ84xuQHMs-X#60udQa_N+4@}1xn6S3C(rfKXKAkQr&651 zWzs@$2xq&&!OwQVp=-7ms{NFc7WPFd@;^r~+e?mjvt92$8>xjv^q(OencnijXPfQP z%2x#sDISbmH@S82@pkGMx>h<#L}ivll0h zQ-n!P2F}veS4@egCgX2}xyYYYU6C5zdRlVPrr@+>-KHHglT$YBR9w<6f>ly&Cde<3 zY2!ju!Uw@QXNT(?>J%)Zn|D*4!tlj+r%uJR?Jyp!`=T2#T&B0jQ;I!X2la)HosDT1 zVLbg_-)>Otf4SQ^ubvbUH*McysJ+K;tMk9intfh7DgVRkk#IK^!O{vrqsgmzoGJeg)o6J>W#!T)1lJnzZu2 z%5K4E`|+r#t?zVf?j)V~k>~)GSB$`4)*fwn*ShB6>_^bFRs(a<%QcQSac>t|jkAkY zTu_g6JTcz8?bf2b;KsT^YuTw^Uas)>4h(Q1fA7Gv%xzyxMuvQJHlMknbq)U!xBemh zW#Y$wM*m`~3%haHz&cw4h9(L4w1sV%61GG6yvM@jZD7UmL?4du@f&|`@AM1O!PBo% z7oWnfWeS1!5+%mj+JGy5DiwHJERrktB#GQBAK&0&#ejH{S>UT;7*NpwNIVAluz10W0 zcH=5tH;%u&DuPR_Z4`fL5Pva}HRu6FfjXYVjRcb^LMdR1YhA}8QqN==Eg5;^L#V`5 zTd~{tQLms{HS?8f-MvTj+WAJ%w(qsFkX830OOgF(Oa<7zwcz>}6oXKAg4Vkro{O)Sll8X-(mf6eqc-`J)z=6()+P-0r+gR;6ca+KFoylK$C6Os3CF*EIKV6`(ogBm z`lIw!k$O~U+U7vcnG{AeuEKEf%t;*>GIQhU&*2>Z`wu^9ZUo=zHZ;KtP;048J518! z(1x>z=l4&P8~tZzq6pT!0Kw3|LR-Mi3pz%G24ZAM8&mYJhoSWNpjh_L@yNPOFaNoN zqSz3A{mGTXDW_$r=~?BD|A=xC$^}1gWsqWy7}x+IsFUi|wx!5CKtub9gGPga>tq`G@l5m>=qu8eZSQRbGcGW!%zhKO&* zUuff3_BSC7_|64$39@bk!I6X<|HR2_$6t2$g0JJ8%tYX8bKc9!5*iGS9YK8EMxhz> zQ2+`w@)0j@i0x6 ztb#leWj9(oY!tPXW=o{jF`QEkSMb&zO21sF=2DRd9>K1ETcKt&4Mn^4ZDNpOI5nW*Cm=Kf$;;mP+BdP@DbxtK`j-~iAc)q6mnuQlqb44}CU zqWUyBu^GPij1^<&`*m&fmc#;0>va*_Gu66#N(WOsLlNq;<2*t;)iNK0$3CyhdM{(9 zAJ67S((kr8{q7kNQPcM2P@fhjO@OETFZ$hmdhTTsNhkI&#;*iDEJ*R!Eo5_OiJ&_@ z*(Ma2u57kC&y_HB`asM1KYfhl{FedWNUh~z&QzALmK57}PDhxYw6o|cyr$7{3MFH_ z&sltgFInFCxN4CErLf**3Kz&nr56k<W}Pal~u?|wd1qKAj!ye z(7V!4jQwhNG3V3ngiEefcqSFWUghN-RVS=s(TgGD;w9r97~z* zS3@mVV)^0Or9m?R4^<-=AF}^cDiv8Z0^@JuXc>R@ChzS)SYITqZ6@xCU(Z*g$ndF! zCc`9;m75z;{C8j+7>A>z8-Un95(e@L>0 z9`_G_>LB&Rl?6Fz#{w!@XHpeQ9>1{!tVfr-c37W ziaGtKzZUpvh@EI)JjPQ=T&TBRLRhd94Wvp}MY;kupWYF5m^R(4>QX<9I|XkZ=1^F` z{@c%xKlX}6J>uU|k-v}kF@wQMYy$k>my48OH<5*Jot-1*Up9{m@Hg>fwG|n1+nJDF z-v8dpPix-y^Jc?eznJ;x2JV&oq^yODAlE(#L+XN3dYi68j&&m}e2wR*=dEW-%l>Uuv|rM?cWsj-_xM(&}`_XFABS9{j2WT zKScm^NEo~^MzaXp6E^BEiT>*lp`hK39 zZ>nxQc`6q(3W9^&>mz;lmCZm&bsT_;fN!CP@2n#~0lve#4a;_y*?8?~k?j;gX=Yf>V*aUD&84>J~D&GLxlr&%et?^)P5!E0C-SF8_9D zI0dI3>|xrLUJ0dF0H)=XQ8MCa%ga1bLSkz_{gl(=`=(w;zgPVKk$?HGzmNc)E6z zN$RPN#OO$TO)y3sQR?JMgOBBJ{*C2t{$*b<%F54kqtMi}-MlI2uZ_9|@cPZr=hb>h z->R)|A`;&@1hwlNZ(QeUMIp6boe~RCS>*>H?2!rjvb4a-Jdj02{S)V!YK}W~AkWapk-(O$gTU7kMXsN)+ zsNKluiEd0^sUVU)!hp$Il9?@$!X|YK667n!zaXyMKDPfSAh}7h1 zVM-WmkJFSA=JAfvZ5R+I&BanVXeA7AeI^&o!<{ZbSMJlu=kT)2rNs2hXKV#)g1KJ~ zms?&d+pPVCw>5-_?6M(j$mXpC{s(wi_ZYYdN%T|6CxM{QVR}M{>9G#ef`9bdZ<>9P zoxii&_?z|Gn|UT(#_K^cze4-KTROwsF+e2R{5-HSk>Z3*CU=Y$I$-@UE6rsrL5pMc5q879Xtha4U+@j@(p;it>5=(Rr-I1}4}`&?PJ z{ON|@kZaX@jiH#_@u&`q%-nu>Fhl+wITYDL%sCwFO_^f&EfIgFB-&2!{Tock|Jn|?R+ROEZ_VCEF4aiH0iV&=%-N_?v;2@=)>E9$$!C0H^%8xZMIPr+4gIx*pw5U*;hhGj`Zy60bo}?Ejzjzn6Wcz1CUh4@}COI&i!& z4=b0Y=Ct>Pdz<#2vCo+5&Jf~aS^@lv_u6PKdgy6vn167;>=E^8pGB|L0iV!PqhK7a z@A&LIp(i0+=V^V%4p)t*M4|ACRN1VbK@_==M5#1CVUVECaOtV53H499jaIh=#UoM!I? zbK!z*LISkZd$BqgH#8fXJ?Z1uy?Kd~4}Wv~qe1Yk6%E%aZ;P`;2>jGr;M-`wz2N)K zUBGwQqdnoP(i*tF?g3wxIaAM6XCva-%o%$`ps?qLB0$AS6tCuKDezm;$h_fE#0*E_<7{}lu6H#Q&}4) zo`|Og?H`*!;v@YPKRUV`?a84O1;-*aRbr&qH#Wym$c(vJL!R3ck0 zfdw%{DZ;Js5>jqyBA~+tX$7aG;?zt4-kB_W?9>D5%-8X}u_bZ&zMGe6`6NdCkHv51 z)v1SCsCxK(HDC)>`Ba=)KdE5pf3lrunrU+zO5xyQ}u$jIjxOg{HcE(eJ?_!}qdrvH;e zKh?nU)5h~OT&2={?3sgrKs>)=C^x_3#`!O9J6gb7Bz_ACb?~!6JRQgrLN5JdbKOy_ z{&sFklwECg8R(!UQWZX9C4;JQf=2~kKgM>plA!1~p)^Bf)SDaBF)TqfH*IQ9Mqs=C ze=}nA1I5gRV&Kn4Hh5TwZ)deMv9pt;j)V~=c8*fsDb(Am-6qh3n@IE z=jrm)5V~UdLXM zAH&p-z3E3RddIqsBgTKwrc`%%FDwdsF)q`Kb%^l~=Cs9{KZrJ4Y6|)|GrIvO2-obS zLKa-`jDm$Z06NZgn`_R}MF#RBJ2C*q$t5DH51_DBv1_(&h^K~d z1ZCH3J=K%Wd{!sIY1plA$}9d(9{^eKEzK_gGVfe#5rSY&8L@sQVC>OfgU(j)a3B)s zO0iFV-yvWun9EJ@rb5SB-%qKIxbpsI;=M8x@G!R!y2e4BGM`Rd;Sly&lZ zg32*7pb(+-%MO{sEZ9_f-c0D9o-F&t1D82qLM$HhF-r9fu=*ElNxtjP`5u1 z_NYHB`p^*G;@_Xsv}@D_^@y~{Yfm}?bB1P{G5CD@TPXbHv!4wDoB{5U*K*}>WtNP=i3%UP^8F74I^4=(BUAh>r7*c;6s2WH8Kg@Zy!|E4b$!NK=n zC;zG>|0*T_Dh1zaeZQN15Q&}Nj<)=_^+JDHT z7VY2VrB*TY^l!I6tKasATKi@Fwm&*-zaVU1p=|&5_z&-Q{7^~a;}fDSOSlNq?~=GK zgnwcu`1!Ws$GoxKW`+2N;IoL&Y+_uh3z3~AGBdL4&UX5n2*I)acJ7}vp4d6AzCnBs zV(iuf*=Nz~-ckQFG5@LywGXcZJ|g?i*!}~D^#h!a1&N(y_4ADD_H5maf5EqCd*0Wq zU4;hzJMA+6`)im<^Ud|ylP0+D3vj6>&-uhKGK7KKDF`R=AR2`zZd`f0t1A9PVpqGY#I_J@K1TLeGq1^M&6Ze|a)M@;4eMjDS)_3qLitNXC;-9MD8^dvIqH~nV<8%L*J-FTi zYtw>Dj6PS-t2WYvb@oe|NQW+#>19*!qtEpZ**~q#Zamn36!i2R0@s2ey4p*BuHn`b z)(ig%3F}uq1KAvX^|r4QJ1?l;%N#@7N@X}C_iTBf?*^j? zdXz2aCFOjyLWOk3T$t0ed^xdEcgk*T3wQC1`-O88Hb@gd*oJOwbOS&^JP=CaU*w33 zCwoLGCLYV@NH*n|PiYT|_a4H3y?^^`kx*O#dKQ?6`?pcWuwo#t&=-5dI~zkI!I#6) zO*d>$fcrv=_c8D2ZkW?1S9d~A#D?BZ#A6R-eheDFIn0pl)J+E|1{v-caP73N{Sm#$f-L+ zZt~@Vn`I$qC4ePVaB9(!WLG5MtqpuWdV|NO5F8Jx?siD65mJk60YOkK8UHx&`CN!i zLyM1v@oN?IAB2AUt68pK`O?cW+yFA^=1YI-ZHGT7jKGR)Upmb>M|zDM=|2?4=1ad6 z!7RO!Ndv$4BtcZE8{#AebWVP7T5r;c84Oa!Saf<0ep$WOqP5OqNhM3J=9v+bUU`usmW9Z_cA30wayY+Ytkd*LTy>gig;RIt5I zO#OKXu~-KSNe1ppZI7{bm^Cbdl$O4nWS2zB=+b@!yt)I$P5Y}rc{^nkhR z`NKq~d0uwodm%52gnE?n*J<6zO@XVh3z-7>M%nkct-eeFx2N@XpE0-DrJhb!7DXRC zeGh}rMz%SB_irfjWxFS9J%c?tmM`X@7GyF4`tQ2n_c_+Bve zib?cVw^)<2ZXd`Pn5DJHQL#X7!uy5dRV(Qy{t(m{4zKy#E9_L;Wu0@HPF!cX9ndvK z_bsOq;C<3|s%2JNu&0IEgdkXB``wk-CtEu*pf;@)tSu{+0OWdBk-SFZtVmujIB5UN z&Fa$!<2z4b>EUwaOIcwr6rqT0uMvY|o~*}?AV4YU_wuwpk9-amE_bJ5Y~zdaggfG) zjcXn8kO5D)PlE~>csc2qp-HL@Pb*hEWa(4U)CEE!&07V4PTi0jfrK4?hcwhrpGbbC z=90PPir`9?izBo=PS!n@&$K!j|CQz6(_`bC773^MP(y|gi@=)t!P8n7?Vp>jL!jUnt{~y*2LzE=q?C^uHQ>2E zr>9e_kH^RHI2702NC7%M(3G8kuGqy+E@1Sc*9t{t><;;Gx9>ce2>3#e$YzUv2avaq z)d0Txiz&6cg1ar&KUB2+mUe)1GsVSiZA&}%`ds%r^b0L)({Eyp$y2}777dEiZ0q)`NV%-V(@QtijYz-6*A<9; zy;jfdm*N_FIc5XBQ7AVRupeHnqh^YX0PPQ-*dzg43{*R&{P_6IWLEv{{0HJ<3{W+S586|nmo$qc|^-y>m$>A8$`+wV)4y_3; z`KqI1l_)278!Vm?ELVAmHf|fe)QXML`85HV+9zqxf;p-*CX{Z`lT_s6NyOg0*yikX zUMN*oX_;u;5}H}5tb}H|501*$;VLNHtAC?VL@^x%Pd8H3=|jO|*KSgL>27{#>7TEm z^Q8{?{2j!a#z;ky-ZL)2-%Cu}=JS5)9?6BL8t5A2`maLn3YZLEo71Jh* z)a@Q88-g(-1ub_#gE)!`i$5*5-$(p5O4l5F2LWnroWobE5@p*a3b1_Q;2BKWrD4L?5B{tfs0;5v)ClyNfsl?c{a|#>4 zZesZ`n|})xy171Q5BtEX(W&Flo*-Bds=!)v!qsv^aDgWd-XR$-Wuxn74neI4-p+7o$GWH(NDbfMiow!4Y$5zt0q4%V$t6H7lJnxOrZ$Nk95i% z;;c5_>Y8=O8<1%{Z}%gI=S*)MQe2TbJNLBIiNIu4sbI2idFzzo-1M0!Xht8mQCIp@ ztxP9A+9%p_n^;WC2aDl6GdL;XRcNFlH|BJi^^MEv90efA&p^su?;(f35MAD+6VdCA8<||=&3IeDEmWCd~g?fLKbSxz$zPQ zuAO{%7~s~FoFtlP-+6y)ZBD-2p_BTWw(p=K$(KOC$QS#CPC$cfEwoy(Bi&`p2w3IUy%T2VjOb{UV zESG56yIfQ8LZL;>Crh$CEdgmZeds}R3_O-$;H;h&h4MxMNHV7~RIy;D`B)j!`BITP zZxwq-e%-c&PIvKlh)DGQ&to(6zKY($BeF~+JqiB0m*|~c8@wyjh3E1Q+n1 z`OK^-?idv^`sLID{oST|jMckB!S#9oJ{oziS_CZ==B?vDkSxQnV_Ucw%H4X8U_(ee zyj<5Uor|OKPPn$+rX5F^=2U_ncvHO7?Z&@?k;DE|q_uykC(?esr(hCxovu|#CkbLJ|q7y~oJqi8QZwg5#AbKlK0FR4Ks47qF8hG`UCas0J6%36>C<%9(60mDvwB>#D zP0h&*D&SNvUF+s#wJ--HnU}{|&&-I|=Y~B~2z3{XRxgp12;NZLaZparfU(oo;JSj$ z`Y*RbqAkrdm`+G^B{~Nz+Iv!C30lY+w2-ZA`Z!b%qt|?>*8=};AIFq5sa_%2ON{|QA;-hg}z0gXB;Eon*xGx z&Q?HbgSZ9X*oJ>cnsG{?fE;Sy7-`<@z>?88C{WyScu1Oh8|_#9IT1 zhGHBH?>`_N8vEZNJ$)X6UYNP)IEBYf;j4-2KBa{oP;=XO^*e(M{1KUS!-kxtG-BHM z5kJk+&I5I~X{}h7IO$&B2QIHQ8(f^apx#*h6RmzjeWN}i1+Muv@->z8Bsj{3ai%6w zB}pmSy5m$69J>d1`bls#hU@A5vr-io=geCm{~i3+4kofCjwZcz=W@a^{7lh4Mp z`0OFYe#)Zq3>KedeMqB2#lsS1uDS`q((Lq9-1Ik_de_RyL*Iu)oA>0(56bYXkwqC9 zI>&OFPbaJopE`uQ_H{#WUH^AP#kpVX$#qKi=sg18MY9hE&Yx!oeIYpn^=ZjPdsI$K z*6mR>ewEh8Zjk0-YWTU#tKCPddQyNWKZ1isdbG@2e-muXK~*}yo;aG9Z$wk!F`1JX zu?^|7Q6rFDPGnDH8f9*d)|_hH>E0Y>H(s(2=f+F+pTFWIyW~@PA{mx?i}lPCw|?9X zR=UT>2Ln?;7>)zCS@V1Nn#|=J$D?Xpze@8armU?P0{hr_NsTdL&mWCoy6Aj(G?>(g z50@)JAMs&~mru{+Q;n{`)}(_|d?gX9WZgIcO_jWQud5{LD%s3!@OxLoewi9fl^N)3 zKnT!{=1dJ={#mygzQ}E`z}3)R9QHx6cERdLvj;LcQ^SdVAifXdxD6(_8g9tcpwLs3 z{|kLBir7h%{cCJEk{xe%>&L6y25&1sBo&EgYEjHvQ0i+yy`qMPt%d^p3uFJJ8XzM> zLgcr1lenbN;1U_itDxy))mC;Z&#g>Qs|U$&Q$X+|9Rrgd38`hU-TOlLzv9c_o|@-s z*Mt6$rB`8RN4D*wh{rM4LS%*K8|3@oPR#{w^FqEXoxVd+&-2CcTsm zY{}??bP8%y0sv_Mj=x(IkK@eKgxa@?M;1}7VaG7B634Or&xh=h6tz*~1WD9QV?rR~KU(A46@b&b6@@Js` zseRJ_Kt1i3{x1o^o39PzpMn0vwL^Az_D}yt`rU#jzVlQD(ElF&pV(LE3yA0#{4hAk zk#jyLdOKde9q>1y##lqQxe(OBTZ79=`asPIFZ4#uwH`GhQ-_+Lg{ZkBgBoMTaK_wt z>sYM1v7|9D!~rmKA0TKtM_xY|Mu;WxOUV7O~kgnaYt znSNVE@L#^!o9Aag3BM<=EoUHRzUG9ZQKLFKy6PV-#M0ByIW69V$Y76!m?4ImnIsg+ zs^m$lWL%=>3zzlF&X)E7?KdFq*N3!e z^+=;<9Dm%+flQyYzk1|z+2ql2V-E;8{cF1>SYmrDdw-do+$atPkdY{hBoA!SPfj(R z@ToixsmRE&=w!#?SHhA!LyBlz2ZN;|19@&`f)}rou3VybR581d^Y2DUOR`FKpf1B9oTI_#eFPKq<7B}AGhg#M2OsvX|%?8@Co_^P#64Fky> z+rW<7V24GeST8E+MSE9KdQqufq;S7bv?lnYib7c2E|Qd;4d@r->sX-E6JjGLK@nMmLb;%Puo}Qx?GUoyl0~9GAoDwkI6ALzk_rqc&9%M%HLPrF9eh9_vwyt ziLz6yBnYeD!3X2IbzlDB^9ZiU^tShf_5Tq15B(@& zR4gty(!x{10Mf3RA3U`w8#*12h5JkY44yKe7!{nwgfj3oThqc zMI0;@8T6pvf4h~051xK;FPwOo)8D~jz8nJXe9&AK$Pe=WN$aV+y>FIhLB68AKOB0# zE~TwM^8-E2tDsTNe=AfqP+nvT_m(+uA{W6^@2ZB#bw}e1{<<1Y<$do?eV5DC<*qX5 zPCkk?56T?ODD%&@Z|Y1(d&AQ4kAt?PB;hhR*4dY5vk;iVe^MSX{S2yHZ ziG`h}Ke1f1<7D5e%dJlb!|WGUFJ8dWm$4$?nnOIs@ObA`o3({XFw?qIu!_r_ASsG` ze?EG{`KDEfBj9ytf2FJa$>1MK2O%0;gpe?KOvP@~y|(#1M+(iIZ|T z7QS^?TgQa9MA^0W9Y*&_@z$$t-im8z1iOOs^rdctS-M(3$@*>k3sL7w=)kVgc!QpG zL6mPrh8sc?Wyh#a&bKfZSq%P^IVBXIZSZ;ON|fzu?OKTvN@T6#l>`H=T@LY1e@=s< zS3qtL^X~^o>Rsy#W|!|=A|*ZOT6@0TRY_C&LhiR!{8l9QQ&wLNjx1FC&?=$^ zuq1V8B-a^mZ>4hz{stW2 zZ@&zz-JXY`KT92O!XOQRrtZskyv@qFa4=@aZQqAiJ$PBjBt{-AYUXfT+KA<%U&1EW z2Oqp8YJ58Qhy9w;;wQT26T*fFfb2$01A|iB=}!}PJP+;3a#D05^cVAIZ^J`EX5l+u z`bzYMChMI=ahSD5{GHgE@{)qel3?jG5iPRTlg(245mb!gLs+8Rs>}ISp(l6q8+_yW z2o@@3w?>;Umb_84;6|a-02T&%XV%xcJ=J-zF27y0WpDA`RAkttu(2C11x|FR3jSC{ zD|+$K5?<8%7q#o%`gAIC@@5yGbDn=wL(!*IbebNlkL9yi#pihsnLjI@yFMqE2Z^#< z56bY!nt1B~^bE#W6Vxe81cim0+W7jZaX2ns;i;ASO_W_^AMJ~-7ZY5n;;p3}2cuQR z#II3>juYPav?>_u>sddkhA*jNQlWkmWrzEA*H0?Y1I{;2U0E=Gb1;%m+uHOo*``j) zss9rE_=5x0N5tPr;>R5Y1Of!_SscqFqZ;`*c*9yDc5!MEx6HShpie&jRODNu;Krw3 zB6`caASdL;cUq0cY3Y16FRlu1p|V8THC-i`y4k$AI#^(B!;8OSg+g9zqYifz+~cso-=UoZtL)AzE3A95D=>-39f)vq4e7UtSoIv(mOvrl{VX&DZ*IF!m;e z(sz@KLBo0nqTKYpy%enOnrS?lpEzLv)?ad7ES|V3p3`>42%YIno)lP6zADZ~;1;;7 zbVeTwH9xw;H2coM*Y97ik^agg(4QosCW(fUoVsH*qFM(e_5nYlac&Hnk8{43xOitR z{Q)Sa$4qA7%^K~Z5L8cMZ4I=f!0g1je1)07(f9;nS?&B=o1!VlRBa7R1(W+%Bu~vX zTve(@R=~y5Qju{jz!Y`|dSR|E4h5KQ`JUVLXZRx{@DuZ^%5l~bJZhvxsL0UV^3;h# z6J>uMVbX($lA-Bu0&Dckm2aZh%197>Ld-AXQeA(pcPa6H;jpRj-Zi?G2S_5t4)Go(juM7+IFBkeP0or7xuVDw+6De+&yNct!JSmG_J zYd+-Y2B-eEfhOKarAkG9b10l^DOJI_?%F+!TH>q^{(ZO;n2>fcPwYHsZPDh|>3`Ij zC|lcAipigy^`{`XMXe@*-Vd!1?d6N{Yn_Gu-DZ7yI+$S@RAjtLEqy}GS%Jw=y55lCAyFj)S-lM}m{LM9 zT_F5}_l&35GnP8>bDV!LOjyJxcfQ!y`FrMeke!@s_8$Yk4rU>J>gv$CTWIRlV?L!r z%T;Rk<8J&#zEw>?DiUq3x(Ib(;vCWDo%^YMqHqnMUEYO;VBz0{A4gn#i4ZPZV1?~4 z20dXsVyjS<;}u%c9tRQF^H^|#DzM;vxqrsGyL>Au{7kg^X915&AUmrH-doMN9@UAm zd}~JWZ&eomRux38Y`NM30U?tO8iH`bN=JiunJ>Y>$2?sLjx@)!^sjpx8IC`G-O*RA z_#=vv{xA(26xX~&?1*ZMk*dKz@SW=oJvE9#Omt%WI74&%&7`R0Fr)JE8P;iqt^^R5 z11MSDc`C!VMZq^VWax4dgd(R1N2?{C4hbc7$gB54sE`T-aqynTxU z3<&kmQAj)}(8r!a8iK)g7dc|_aOuy%ZQppZ)9I$F1T4f0@qa`!OivAEynw{N22Z?3 zZRodJ`epd1-l$bh`5#t=A4zAI7miR@U8ZJ2G9QWm-uS9U@q$OLXmWNIOgdy!4SV=+%?gskHp3cHk$Z0v32qG59qmZ4ScDbtgIBds(6ztykD`*u17Cv| zeDUkT_09WccmWXT;suq#WrB~W7l3*Mf6EG^I6K^wuwC2Z74c*7HU1lVF$*M2wDOwN zI*$yb2Pas8S;RIRnt7KmmsSG;1pSNGq~*VSN#*6#K!Et_OmWLJo00H#{|D%^V_@6rNQ{W$=pvV7Oga5JB!2j3P zf`5Sx$arxN_`m&^UhwZ2l9>s`V5K+wSNd-}{8w7}Z1_KH1qA;eX5MAN|2AHKBK-d= z^Hs>EYg~=Yg320jRsc&cgrzfY%Q9sPItGJb^2bheg^NI#22jlStq>EXvIzTML{b!t zuu{F<+wiAHy5X{-2QD4{?i4TRmOokelgjzXSAqNS7k~pE#M+EY=S_VV?MmkA_zxzv z?jSoX`@*KPbcbEBboQ$lS*tiI1d6YUCkNPmw%~U+4aiB9eRUr{bIueO-NV_=v7qG7 zbWt3pJxrhpYb0^9TY8t{W-gP|J%JGf@s)l^(0_VjFOwl#z4!SKPjmDMRn8Ub)*lTg zwxn*#} zvcaWpFI#7jYKYc@gJ1gFZ#H%&b_~F^KU$AsN(YH*KvU5NX+8QNt>Q3T(ny+t#8)L;4Bdc zXu$K!8L|Q%^oQO6+zJH10|m;1f_s0TO>CC=Qk5L2N)Afb_Mkl>O8&Dg&VP9b5()p= z-D(Q|*>e4+{4ar|_t|r2-mA5fX#3022Vr|Hn{6H0ot_ar<%LOdrLo~D@2l8L)1#-X zHmP6BU+4a?3t9BUbt$4|#W7+rd7HcC75Wc3Db9fyXoEV|lY-)o(Yf!H((SZZEDv6pa= ze^9&?X8rTFYL2aTRkNA-ANDs!pQifR@z$NUe&v*%t}zN$&{<`0j4QEEpJQ|#>9YN2 zL3^8w{zp2{{Ik5zalW`d%L`B&4mS8giyJ3YZAVq*-PDX18YN8nSL>7ea{k%5^cOtT z__+W#3i4eKM{5jlpPG1Ul=#oRLh8?zP@D~2z7V|O!!;28)E~T1Y=hr%k3O{3+!?U* z_C5WVr;7MfiwlBZ`_HOZdgW+H(E&M+ejW%-vZFYsbISBSZ@r1|3o zMOJn&4+`{vC5*(X0{I%*`-cDTMSbyf*blxePYzD*-I^PHaLTBY+Tc5$DG@ikmzm3n zhWtGi4W83fde~tcjiRMQ(()lr;du@DIrS4<6;el#Ir+#OV0CB2!wR)T?E_`CFZfx92YVZ5;S^}!4`Jaz5MH2S4XQ$=0ktu*|W6={82T>pGmlL+Fn2#^STc;vmAF?l4-=0~-`gS}ul`dHKZ&avB>kHOkyqeaku#X>Cc6*we zR-GvOcBU;;f2T2z`S9uB?656*8n5L;4D!bbJWrlPBekr5hu=-DF+N-qjM5iL&;6R# ziYfNbc8`BRg+m>=C)>RxlMJhyWOO&;zwM6yj**aT+V1%5J?5ns|8@M>1@dd%s9k_& zJ!6agzGxZ&x?XV1oc7Kj)%>Qjv1*JTH5jWEo3x9Y^+{?(^71#xR4q#!@p{DucrE2GDeOdlpQIOVNY>Vm} zzY71>H#I+(`QU3UfIaPA%5SVOYNcw6Uz#vjG_4hgvan$Wb=R6+aQAPs(IMpk6)#-Q zOJCnj3TDYaWfkjJ{#iOoC;SYu&Y|n`kF~*b<}bpLcEedxkUtzCiqAOGw52I{_8I!* z-Dn$h4R7t+jdt-6+-Rpz5hC%cLFh*NiPcG5zLx~@q$%e>VfZAN_pBUg3$2{lJAksg zBdwAW=14o+3c*9*E(6>O)|q<8Oc|@bxn+Q2E9Kp2=C`PlO`2dCU{4#3)?#@cl<3>e zlbMDrON$8|-8v{kVMls-}L8#+sre-Us)kTg`bbJ1EQ?m|_zyKi- zL4{eTHOMNx;G{9$>MEv2X&IM*<{c`)B0aNxA^pwX;JW)X$Z)=&wnh^ zNUUv?{>r@2AMjVGNLfvyzA55sR}IBKvG5F$#Os~s^&*MY3g+-6@jG4jOA@mOLlVbO z5hQWi8zD)wS)E1_Hj_mXR?jFCndZxN_C2gR;uOx0Mh<~-5;_J0Y2(49rSP0n>bElfb^iD)n{ z1S=JL(aJ9TcD2mZ^^xL~!pxG@}rMVyCUG5)Az*-CA2#4GQJ0>53)IGh% zYN8=MydN`G^1+{(;-Fm-p-K{zm1&-C` zQeRSu{&=BPnoY?GgL`dZaF8^8O5;~vhy&~dD+zW^&b9r$BmX3bh5N!!C!fdWI<_1h z-odFfuPcAc>x+*u`L`nv0_41#yvGL%Z7+29O$6_q>Kqe`tgS@Z=8qUA@kO?k&FHIj zm_*TELc=duZ7mPe3S4b8|71I2vVjYZm<&xn+Yrc>q3DBQs6=?6?gLJ{L4z|{lXX@y zM0378Bat61I6KF@BlP+3t2vjw09=g!fEXFs89&)3J44<{1`Lzc3MbzMr#=4^*lX{2 zr;EOV_Ero389`qvl94ai-RW=yT3noK zW)Mbl=Vr3zH@8rUkrYCX?RVtdo}7=7eJd-!7Jkh2y+fzv%uEehZ7bmr$SpsEnT%B9 zn73KyV=ZvzpUqcw}}7U?eGa<|sf7 z|E_NRa%ZCKVEe#mwo#qJiN@4*ZjE5a;}mWENT#5=GCjFpdE%-f4vD2+l z&|g+g1Kz1ap8d1bjw%*(4^+jDrPtsC%?b;w3HGH*^xqFMC2A>=6&6?@FVWsh=YWwT0Pl)LJD06l}TyqwN=O^sXUe<(V zeX#dzeKO|6#A(Kr3@O+E4kJ?e4ISnl)MBB;mehW9M};pEblYfn>bZqQb^_pw1G!&b z-UYd_SN6ojuU_(y>&Ert!CCFuTt7JVP7kNH^wxe=OH-i)Kfk}rkwl;Sy9{WO^ovGG z@MEh63FA6N|Gt@-75PHBYdTadAm@)YB7k|lJKxV#~{RLj2cpr zm#474Gy4=bKcLSrY>xFyM8yU^hRflw{K-4wsT|njxcF|6Ng=iHN~l?xgBtg^}&Iv zEfqOt%6@!!{-`qYcS$7V9i|7&yDEHWciP1b4W#&-47qQ z%(unZ@j5qyQy+kWfG%(eMB_VK zKV~6pQtLaDTHl?-Ld~3c5#S~ck%~M#nIsqQpX^3inJ7EQnq+Oq<`C_g5sIfIJi)9g zIMN!om?t$}9UNy5BA2PEUr<$|Y*<)}Ev2!1gzZ|cGq+qVJPii$k$av(zsJ;RU#%fH z*`cnBG@=i7mmP}JHPVnqFa2X7g-`)2+$p}bC}28KP|hRxLV;#Lp%#DuRGqe=G1o1H zx6}o~AjR-+`JtNC7qH6$jki#XLdAkuXSn;p>oPYAqPJe3` z;L+cVHdFo=g5PG(U2Z%P{0_T+!1Aw%;1&35yv;c!8+pyG^9hj=Fxvd4eE`xlx3n3y zJUM{;LQQV<4=OXuFz@f*a!VC4aQoGtvs7`QA|M%frN+msK+XggDXUc~Z}Bp>;!qiH z-8WHo!9PT7Q0S?)RI%9N=O(Ul(20d>4%dx9C=8`9lWZ|jw!jabl~fqfc!QMm5&xwQ zBqLXGN6cX%e(>_-RZdrTiux}#5N7W-{h9{27wX0+@sQ+xY1^xkj2uBNVUxpOp~*r@ zXRMFUTZ_I5P>J2sY?+3nmo!pR_dE6L^%M;ox!^o*QcRZcQkrR-{W_N$rVWe5;_-&O zOm5!D_b=}1%+m8mT9*_KnPPFx)e7!3h&cvoZL3caTKoNUi$QM{f2P3o11JnsPMl9hn^5H zvaBg*Q8~$Wy2#yY@@UNXxME8=3afbkoR!09MP^h@7?BjU_>q;RFFB8UA7m}&VJRjX z^{qz+c~Cwe-6Y#5lpIcOj~?g{L~A7du?SdwE=2o2dov1C>6Uuv*!12V!CFm=WZs`^ zG#UO9(v2giR<ax5Hl$>?ZLLnh?$h6*ZN3mCqD;@_It+%$$ypDJt%tP z;i8Vj?g8~DMjy;?{HXTogBwe}QFmHn$;Hv;V|mA;X!BROux!_jC3SVP8%rAM<~5dF z8Et+P;HJ-VHIUp$rwdTx>iC?dl5fnfKd`Z3k1OhjttjMi7~bFlZg^ieKiV=<^;0I= zGL)+ovA)VRTw?Xir5>9Z{+!WFJy%{5ZFzjNb52vkpvx|;pSmKyuL=g&A02;K6hZ#d1ccYe>EyBvh55JuxY5OET)6^&mr$%tsaq=)|amslf zdxba+x+R;A($95C98;S!e;obf8vU$o%=W)~TTJ^`?h^7dI#+0<<*mBNNs3CQ@UcHZ zQoKzX2T6+BE-CB^2NU+Q;mx?g$%|T(7hepz!cD=3)Id{ig7O0P7_+7%{ z;-@s>!cKT;pUQi0?BO{Eo?!3WwsxJ56xZ3AH@t2DtVC<~o4Poa=$gScD#Wv!^vS#( z7rODtiE-hNwS7kWFZ`Hly2hkskkK3Cof|cmV?x7+TjQ&DpX5}m!(LKJ6AuGkQq|R3 zT*LP>eyG7GBSoi zgkK)~=bmzJoIXrNetr>Q3nIp>PwC;?#KpAQ++WGL3Rh5F3SCoQI% z>=Ob{*hbpmay8;{#M_bEzcj1OQ@eZtGvGTzcd{=`om2e);6DFY;aoe(fps|OUvTpo8bmIr9a{)Z`fnu#7V@6$Mq^3$spo_Pzz;}2z$tcvN zd@ZmN|Mj}2h^?(LRXM;n-+7|=LiW#tw4cgb#+D9^fa(aEdG4=%R!!ADpa{aexj4V4PEwYBcUdOPqd}e*o@OE ziH@KvvaFK~P8*g}k#k=s!NTu!WH8W(Y21K`VGq?9Y=5v>;@L~h#lhb+kW}Q3*RlGp zwBv@ogFZEDc%tn2*ZlDD9x8saFnG?&k9g`VZ3b7az5A_*EgZ#oQf$c)=#~ttyD4ll zF>Zgo;|VqCGW&dWJO!}^dyIk25+A}=TBTppr3@RR+9_3ITO z&kZWS<4G?4(+roDedzOVPZp6iZC_=uxW}pRDgTRbZnx+D%nj^8GeIn}Blz&Bz+hCV zxmE%a_WUZnfeu+KiClFXl6%6j4qgWHl3>rl+@|vW@^!+Q4HGi&8n=0>!n`BDw#+-^ z<9WYzosNe>=e{^XM~7Z^iR_2gy{SE%oFBRodVTy$p4M09FbgF=yu{^$!h;w7HND*4z6_avpyjgtAsClS#|K- zGR6eC#$<&E^4f1d)2cs)Nkr0s%q|0lwJozekv+Z^C?TGt{zKxa3-}nipR%fo8?y(22T@rksRDQEq9$ISoR#wlSn3`Zz$f4kq29E@I=>T zaHOxxke`n)zDr>2mP5mFF_Y1b#_qomgNa4<`E>l76?FVHq8WQ_+&Izt%swX*S@8mw z|DwR|gZ$sn{k#*J_swbAb<^ByQVR~5)7G?W#h)7XVnSwSZQhcvXx3`CQMem2>k8U{ z!-ggn@?m$X_xP0m!)w4<{^KvY`DL0L{+C9LnfYbEcubb-o_TgNzZJ}{(1aE_i6k2s z_@$>Y@U)^aMWgF;OvUQz`J$n)D^UCVuxY_4A-}Bn-9t4%zlc^bCFi9S)u^qri04KN~ zn$l-Xv~yY5T!T`>?l}d1lNtUD!K;SVH*<`Ttn!af?T7fB!p@?t|KczMsU|KMeD_vQ z^aO)TvNJ}DKzvp~7WguC=l1r+TWKdXGJ`wud!hPckK^$ena%4c9feKmd(^4-OHUyV{jP9Qi z3}(4V0a9CG!Ssn0`?YkBtnEL*6%zb2F>P z=fm!rSr?xZ&a7q|Z_xa|Z(4rX^mnLP5;yeNdB8QT-Np+P+(WKfXp(s$KPuPrJ<=uY zX~FlAYzJFUVHKP%uv+@(qw1>*_LPgaS}xwIisYSU0#;Dp-IT3peY>Ldjf&Q-6|I{z zzgs$^EvHh6=}*n3J|d2xaoI{hx{Ys;(_cN?$!YPH&EEqPsj&_d#(dO}xJR|jVSN!? zI?yn&{z!)j$D$D3f85d&6LDn<#ze$% z;ae@sGsU1K3V)$A1OTF@LL0_4!8PGwYs~XAH8znd$H_QfMry)KPiXyMr<>*Q0B!jg z5%#yoEdR&P!&z>p$+)^S(b@iuS$Xx&MA=I(XsEd)(0^%X$DZ&veM0}+X*IZXx0?d$ zvWK-n{SmjW+%*gScBTODypu294&aB6ae!a0FM9+2{Q(B}8DDUKw^GuXDy%ooCGMuc z80(LV_mO{y73n?MpqHyW+_103`J8`c9}SgXR>G*F_3VQ5e6der_(f`Z7z_k~;!o%5 zMc8qh%gMZ-HHf4~+^rw&Pkc|SBl~@MGYPn&&FeG*@;{As`zt3NU`&XZ_BoT1H_sNsxCt(?(Rl%|zGs?{FWYwruc;7*-z(Bu z(s4xGGKE;U+K{`2E|+cG^vm6P(7Mxk&ALxcO;@vC`^E7syMLZG1MXdtV#$oWI!08Ic6IhQyUK^ zOzxWva-KHo`-;*hqRoY%KYb*X_|nmqgSesK;#y+sRN`ZbrX#L|w9xvYyj@;uZ|g>- zJD3My<1Mdn!`sJrJEu)ww>-%c=spYr2$!>**#}mii)D7aJ3T)1qa(i;&U~pe_+YkH zd;D1=K97H9eDNRdbKim!Y5wFtKYvU8Fq+=Wb-V7gIc@1m*EJQ2ww&y`_RaCG<70SV z?B0KO_WX^}mVW>UeScXu__Pe6jHHb`E&UE6zrR5QD`sdhz1uye_8B3hJ8M& z%Oo%ZLSByFwTp;}f%JNwtOD(JF!3V11$X{Lft&QmR^d4;!V4HQ7SNzkW7Qf|G!df@3i5&v32sDi39hL^jgUwb zl*E@H&&S2MRTQjor!88vh$t>$DIlT*v;xK|)@@?Y;>PL^{@?F8bMIRcP}|@C$47JD zy?18r%-QG6nKKo~^ZjG;o}iytRI{7pS9u)DEJGQ#FWGjnEH{JXtkrN6+y17HN^#^MlZMe6W-R=`iecIst#Dna=2B@I)ki5ZwjJ(Tkw_tw zuf~&$Ft|9kDR{Ge40V4v z0YhRX$i#-|0a`jpJwMU1y`>NyEQNpbY{36FxK$&e6b3`tQiVLh#5*w%$U86`x$uQq zLbmzjmU!rk)h2F8q!P=2C_VmVZD#2 z6mDlP&sA+d-+FJH-^2ZxU_XM!nN$V%2PKHdE&a!?cG(x!--^UlXU2Mu6x7+4lnU}C9`f;e zHvX8A8<1lXzRwcUN-@bf-~9GFH=8^*-z@$(6$+#nYM(F$@t)!jIRkL!E%18m8w4O^ z*&u&f%k>xlIF`w#J2Da^vZkekW2*c%xwYQ6U(41i*jg{d1Kyk#?656d*u0XhAt-%N zSKVK-=pi)Y^m~`ekKb-dlTU1!i=;L%;_l#$e0) zq^bs6V#3B_wZ%{$$FPdX8d1>o>=?9)Xf&K=%=}GLkE1%5%ycSZhef+&6yabugyGxJ z1E{Z=tm*j9JT=ZNWoxckYCa#7Y|%k6HA=0*p$E7de(`NlR#6+4IZCQk1~{V;o4eH53=#Q8^3b$p8sh0Ht^A?hT9QcpuO!4LGGBBeNp{FloKOqh%| zwgCaMVlqNu>l1S~VdMC&I)b7TeSf;Av+a|sG; zP-YE?!~o?wVr^Liq8^S()My#eCiy7D80DAEZ(Pz5eQ!U%G3677#%Od7mCW3PE9F^( zT;1~y)qbShS}4zLh@~g@-oX*tNRert7`scb3jCpO6eDbxAl-zk@xd5!O+J=@zLSL? zZy$dion$NuBCXoUtW)ohZPkVsWVEmI?Ig?|KjueVlQ&2NZ|MsbP{ z>~niUI!j-5BOVZM6w<*+W)9(>MuP#Z=}-qnz6eFWX1J;daDW$%USw7@-?Gbey!^-Q{}PXXNxE^F+p0{){Xi)oRm}!s!eizD6&}jkX4PPF?<-nL zxc7_2Y*V@S5D05@n8MmG>qm?%eK5@+N@ z*0&uq=BESpyvx~JJ-cjkI;*!V@fm3w-EvJZ(sp*zLJ?^jqz<>E8FHi2HqhsK)Y=OI zC2fP$QKO|_yNgFc-%sR}LgT9o=)F$t=H~1UxJ2gWWbq0W&8q~g)b%9~00p^tB1(=7 zEI+opKSU+qd=Q4RILhH>Yno^tf89rH5wyY51Uah{nkw~bRi7XsX6>CQNcrx+;|%uc zScm}$?}){A1RY3R%x{iB+Krno0k_b3r!zGrk>!Ex4xqE0-Jx$P89oUZSK&d+33zZ7 z9<-Tm(T{1(`i`(o9`dW(FfLBD=i#xBMWP$d82_42Il*tNHEg%Av|B zDha1412VvR6U)LaZ+Hbjw3yD=8C%|j=YC90**Nbv*?aj0%2(rF(h!p%FsRI{VZR}{ z+_dKoTl%eH-j8vV4!sqNNqKd+12G&}Y*iU|(>fzfp9jl^8ByO}2x#mWa3wjrh( z1PFGm1lnbu+|Ret%3Y6CY9)78^F0CzkKqy&^4(00IZG|Ed*hw1;~jwUI=&Y(KrtsV zJQI+uXCsd9@#A!Tq^Es64Uav4@aGlq2Y28b0J7ohd*Bo+wYm&yHgqh?m}jNb3Vf=Bp9&XFmx9PmHKddekZRr;4zRIs-*sZ2PSPsN zhm?_$#&rcHnXaTHF6m(X9LsEGJsz|XM$ez_3ZrA>BN7Ob1zVNyC_#EBQd~WN4IpHh z@23;^A-t$r%oo}R>Q}sQ*Js=f;~ONM53wA^c5;(-k4qpi4P-vK&XP(@$F!_zt3^W2 z6FFs`{-6&Z`a{SsGB-!!{-8fJ{%=Gc77HpX735%YYv-^59%6zc#MfgDoBFL{!5#*Wef~X%ZM{A4F}L z7T*!jL?^&nnS>)WWaV>*spby z`Tma@2A~L}y?1*T&fn{Rl|xnral` zXB*|J3Ys&RCb{PfM^k{&2Hb>au6_wcy5#Wp9C>D~-%=#ef)$uJ`UH#5Ot`iUzfpd) z%(8+y=2A)c#rcWd|I7J2m~R?87@3<>%`2Esu3&~LQVp2RGDEaSpHnVMdA$IoVvDFv zE{0DSa)_?qn4S+SV(Zx)_@kVpRAs0?*gvY#tavplpQ~BMUVxAEW3?&f`#X0@biq3m z+%8vPmY9#5Q2^%9Y|8bi|Hf;I#(Z`bXh@%YGO3%a?D)1|SBt_&UfX3^r0I~8GKGpx_zbDdN`VK-){ z=;Nj*yQk<*MI7{G&btou04gY@^8)mM?G56NMoZPNl1D_n2UGf+*5d zc>7#63caW$TGMP#;nyZ>fQhtQ!LS;o%K!daiOsOh)(6A=eg3-7@Gatsv^onXmYIV) zE3J}C@65&nA0D)^Xg2kAEt(6TC*#TVsw5b()2kA5A|pkR!w3Te@54Jo{j*JM^-7#3 zNV6x3%{{lkbpsJmTtm89|)0b1Fv~`3NOJmoFPFSX(R{>^`PenK?&L|g?lj|eom1Rr6vtvbeS~aV;+wg z-%c?m)fDOh!AR_?`DOot`q{oG$%ymtKvAYI49!6g>hrm|} z2#UW7RtdIPH6vt6&_v^H6-QZGjR60YilgbRD@P01ixh3oGJ;K5-s(eA1z6W0$N*_M zNbW-D%Vfm;*ZXU$Q$*v4?ptX#Q%JxEK87M%kNUz?nAC&huplr_UO3rAckIyzPQQ}J zKspmRESh+H>qQez|Em%*qX}C$?J(EZB&@epVOmwqInadOK=aofiDu~Oc>mSgzlot4 z15h+$5JdCw(!QV>j1rIL64U2)7tO>+QUbo5%M%dXZ*QwKir=@`qs0Bea@y=UVkEy~ zF6tJ)iN@^LA1*ei&^+4Y*%;g(dSP(gWN>M03Xse~ceBHV*FWpgX)c~*wKD&I77OI6 zei{vUMSFY}a@W6a%B$Ha(H#1|W+y{BDiCz8(KRu@Uytc05N-@Qm#HBa9HV0)#KPQ| z79;gvU6ufe1A(MC3rfe|pyLP7$ATz8-{7S4L6hG2Gj#kI@Fn;RkMR2l!(Ls8SPSL~ zG#4VWhY-mZryX9^_O$UeyHbd97b>Vrs9gAr2Ng6Ke@bnh8CuQ$Qb~Xhayg^`h7`Zo z&<9zVXD{PFmGDZn8eF&B%L0HYl<&KLR>kbHc? za4eFi&h>_)NQV7kk!&VSA$|vEdic$?_{|plD}HtVh7Hd-OqSt)60ZX;z=&GOtY)OXDe_Sy0?Rhf}>%=jze)(TKFrjoj)&u5(+X$x1Mz~;_*hk~b+SzO| z=hsU2?jpYSGND`M$#m@%=#i@*j_>;{^y-G)@x3Cd(5pB8?DYzzV}V{geG>7bi*9Ad z{(gYlv70RZZgTM_kx~-#WTT^|oYr3d4EHa@plHI0Fs^_GioF$&5Y$~K=>K;_>t661 zYF&zI5zmhA;vcX$>gI$9ddhb0ws>XhqA*Sz95^bTY>+>y9iuXigE+sMqt5YDo?4L!Wq~m_c4uCc`p{F)8iR_ z1B*y{>(2Hy#Zl0)&+&dG>hUXZ2Kg>NI%arRJZ?8jxK^tfeV3Z7{AAz8)-~T1B4CeQ(hfPB+bK1t;Z-oyY zdY=Vww%YDs!@CbT)Rc^mo38~DTGTpoku+P9}y?G+}r`h3{6y+4_rREI`!`tA;Rg2mu zXo7lWs-^27^O9twC|zL~M1L^aaZeLFDri%5xwuP28$gLn?9oxB$UWk(n+a?zA6O2` z5f37q)4}k~!4!XOAH1L|ehwQKR>PO($&I(&=b0Vw3*A5g$tDB_D5k(99;paUCfMR_=<`M5J0EN{CZz}z}^yn7z8ZJDFg_)*mNPvV{ zW#glV2W*V`)``RgQqY+$Y=r(-AzumdaTh~sbE?@WXrlqw{}7g-;ol7ruDOmEkD1VF zJo~iQy7b7!kc+lNOvSZl9eN=5|Dv~;KTVp1*|mA068ZC#M%*vEJxS^T0GDPyzd&g_ zt-fVfd%GfH0#fzs2Lx>5`Fqi!X(S?8Q!viW4|m}ESp2P3;-aR+hoFHrY9`%&0c>*5 zTSrovj5?A1xJ(-^JmCq;b(b@VrH0rHC9bhxi$iuUqq)y4y_n32NvY;Pj7v06&#&V< zc?8si8WvCrp25JK3@TrdB!sU|tWHcc1-zMM$~w55fnxsn%6zcX7U8t2ltl|iDtv{l)y+*>C@CLsvin$>vj zq@R8a!ogvZVV**1+b&QdHo7v9;a;uN)C@H@2yKL4LB<1inxAae1Z4%!f0ozU#vQor4s0fb!b1-^ zspR~Xs*RTt|`ieGq90jpXWYzPEeZJM<3BH!QD5sNRUt^zu!9PQ#u znRVxAOolGL&;lWSG~ntkzI=Ez7GE}^FLv=o%ET65_6$y5eEHxJq8RFb&`HRyDE6(y zQp{IpM!P-+uD%=w6c7+%^Z|>|K;pkh|DYGC%|?YgzG0(4aA^$fghE&;Jr+N<6tAI3@X`D3&80GdS&(bgzb!ui1^>DY>P1vRJ zzueKcm4eCfee(@;_gDssy2{G&{j&?ycL|=gaXy`V7_E5bSDEui!VEc=T^ZI1fqixh z9`s8&#qloK7%trv)2AQI4n>Qz;2-7w?|d3=Sn(4_xzk0Q<$x)=1^)eF&mJ)MND@gS z0R~_$6u|YU?n&5MBN+WJ0c_`fLrPJDSl1t9eVG@{zDi9QTC_8O>4ul&(@Cp*j z@;X0f<6%r!a7J@pDM_jttq4vwxj(kx2hlDZ4p9VM z38n>oE+@D4$ovr8ii#{xJQ*oYkF;*k9WMlkMe6xBrpetob)UvMIllFOfwSmHR&&%E z)_oe0-DbOqpR*=_pdOyACi5a>Ks}8Ft3igGlb}I1w7WAxZ8Wvd)=>h4H$&5pa)1p|UO5DE<-xBYS2Dk*T#56w$135$ z#Wp+`T!HZ5!|jIQV)G0~>v-Y8jIWa?zVE-pKHL-07WV(R&A|4y@xj4__~3jq6_prX zi+%T+diO$!CQ+V%l>z3uy_z@$EeMriK%_D*unU#hs07NOIe4BJB24miHzs7zrplr= z{;4#)-GfBrFG$1d=lW^OqP;GS2!kcsXEndbK5NJn`|O%e_GO>Vy7lMVXKQ-9_St6( z{|a{DCAIZ=dxnBijCB`|ON^66~{Q ziXkq_TF8!jwa+(x2(_Q)UG*k|ufO0ds9`(2!URzvCR z_(tHcF|*oe--HXWzn~KY;X*uXW1rod>Dp&$(yzVQXU*3De(l+32>*8Nv&HNHBeI+> z2b(|tbFT*3zq=(EWTnFa%%1Ep)NCW!S#@E&F?RiZB477mjEw>SU1Mx$(>{zbQ-4dM zDRvy}gAe+NDfUmfSW_&xi>WVa(INUB{k3~={SQpCntT60nq;#RHhNI*sr@xyOg7i{ zB4AY>;&d29+d~}EoMC(s?Ua}eW-_<4v-GBjy~XKgydm^+Y_0#&R5IOOCExV;^4vON^)n>KDucTY$KRf$G5kC@y~Z# zuJ`sYMi82E%?dcI;7`YFIErfFc6Km6HX#1Pv`VsC?~Xan>@T&?UZIVe;6IDyht%9& zaH4^PC+FnJU(e^2rD671r8D5V~Tmv#szlfx|hgah#r%e93hxh|#Nwz9$G+wrR0Ma=+zDqxW%-g_lM7-uYRcJRJ ztiS`iW(qh%r_zn_oZlLKge1%sEM0Z2CvGGeBbqJ-FeI%C53{lBkJ)C|6+{CPf10(7 zd01Yjw2o||C z2(b3WVDTo?WdW5;`cWs*ar=rEqu;yJbeAfa{|Ji*2%!`IVzb0bxD5?}RJ%A}mcJma ze1tqKu~vq|3I0mdZ6=E@;E@nC>&?u>CUVh4o(XFcv!w|eaU3}pLg{9=iL-OL;r+H; zQzG>>lG(L%Zf=4vO z6TYPwi+4>l;iBoo(iEf%6{N4h0cviRw(LG+fK;JBLWV(*zBFHeu`Z9muv@X{kDPa> zg@w1|d6$G-XlhG$ARp9WAbn&YK$Q%{l&lC=^Yosfjd0PU?rloB+h` zbGU0!@U^Fn=4wmBt#t|AH|MiuR~Ip(`>}X$I9^ z_>q`GHRSYI*SQCrao}ror5bI~wnzLcmt$_gJf|Wx<_8`BJZ4EeA;r)oG zbhXY*oF@{b{&*FqMm_|g{Cn>^vY;kH*$m}JU{FH)!M}q1vQjrQC%!I4abH%h=X`re zoGk7lwWnKb4iF(`wrLv~@_oCfQe^R0b#|bhEM7g5Ur(H_KeG`cj5(8IviPX63Q#4Q zQHfld%ej^Z&_@VY`2XBb4XJ8nl4x)#PEbUCE%{*j{EiCHIfRYldvd57AJM!)p}L7L zFhvQlcO)j$M@Mz~aS9nJKvkC|Ujm^F;r=0NDg0heLuAi*LUok zlsOZ^Q__$wt{IXw7#*1%j84Sy%19HpiVwn5ic>1j>5)OO6|Ak83ES2HaV>nqxO3~3|JvPB|hZmt_ziT8qkIdtH9p?tE2J2TRbx6 zcS<}eQM&8NqNB1+@wIY}g--RwA(1T|_uQfoJEKaeE$ItjP61iI0n14_+~=~qQ!DQm z0R`YuWJfO?xx7!xYj_3uox@Sa^ZJ*!TbvI`b)Am z1RE;n=TxJA%wM%d^CmqCSxM&$AFF)oDWlzH?qvkX?Rd>8pfzc0meJCc^ovPP>=qd@ zd}F0xQ7+*$CUsJS;o4BwVSaTS~+DzeEm^Vn{| z8vl%~`~fqdly<{30Sa8w@LC{<4nU!hc6^Uv*^BGLUjHZ_0}7VPDHbf;YLXD?TV}31 zj{&t6M`?b-eORrHy9pYNgKoPkwHn<*7!A3F{Ki{%);#A%u*}j&fL`6NP!-#+@WE~D z7>=^Reg&cLmbc-mFbj%7+{+k+==fG`2C@eu6szt0Uphow(X6r?6<|AXqe563j!)JT zkfptVD|5|xBS`2;SVs2+pcw=&L<}a-=6An|=Lmib<`ievTiRKQQUBQ%vPOdcEEt{y z9dtO<(2INroRt$+um;Z$BCa3TN$B}ISl^@BjyL(-|F!Ev6ysgQafz zWwE+6dCv4I$5}kTimQz8WA>V+mHWh1&PM(>uW~Nqw?^hdx`RHO&y9UMS7xqnJS7_M zUt%6qaLRRVUbt|{WZUtxsf(T4^39`Cb5KseRdo-)O*~l%qV<;nOUMMX41-%J=|VSQuamRVedU_Mh5NhX4?B zKF1++hz;S9YH8>)X^6y8#c9IGDjU*xn*E}iz`=FKvi(`oiu;7V%Ejhsuu?sVQhCRm zb{ui+=@1jgC(0iW(QZh{UtL|*4eSvBf8bmW5IxWgqJO(Hc)#dvrFg&?5#M-Wws9`S z)IAJtkw>De#J@6${6n?A8$)C}AaKa6a8*X<%7U8H`}FyJWo6%MYHmp#J67G$f#n0c z;nbgul#0XQhVI4qsc3p{T-3Lk2X_>5NCTXKYgQoL2))Foy@hT)|CV-(UgD#4X8uT1>)|Xzvpl&=gJ2!zJMjF=@shYmwLz^t{KKf2v8HYe)Mq$ePWf zr6PK40G(^1_o2lW3jFN`b$HcQ%DoM+3Fq@18^`CImu}Vn(wS8Mx?%>+It77VuU8Rf z2w~U{SqUB=%I>89_ya{ERiEQ4KN;XXj=`h&TmzejfhV7V0&2v)`Tb)eTJAVZXC6|9 z#`M+Fa=a-$NSep0hAUitxD}Jyu4u%wqt*VJb(tE|93IX%jq@d8w>Er9q39FR2kdR= zguF4Kf(?F$=Oq+HPr+urb0MwIEGk%C`KgjP_Y0DH(eXw!2>G$-us5+Wy%K9{WC7Si z`XSe2759bK2Eb$U_X>|vz@rpSNYj&%q<}{~noEX<%>N!0kW}W31_+%z}bgm-F@)`F{2s!;p3Z# zT?(HJ3ZLO%Z<+MJ%(w_1Er2^naOaE-nosmOmam7c;LZ>tp$*%a2uUXl=6309dh>S* zkPboXn_AjHVg|lJRVA(r(?=Q@bT)h~#mV7UrG{HDr6`g%huDi{d$>(IwcwZ+D~p zyOQ4(EAKwb)5YM`gQR7_Mk9OVrTtfTy7`pfaeV&+=Ygq06Tp83`+^#76e|zPqvFzg zvrc-3Jrta4i$Gm5g!4`)z^A0DlFq@Y0_@bCez+5%?lzRz8@tB%H9s!S#&*BD7Tm&&mL(Yc>by z?}*IJk+@cfV7Y=eg7SQJPODn8ixv1YKZn z%GeeB!+h*HL?p9ed4&oJ4IA$2%+~K?Cdw*Ehv0jeRXIwkkZBj>4B=O#vU8tY_pD`p zg*Pfjb9x)#2T?d*t}-`sld<$z&mf;@zYP-WvyvGEc#6(8u}}JMTq}u3K1Dhj0z~RV z{IfmqKh2uj`FQ8AJqLerx+XHh*VQ!o?-&Rhm-*p~Pw*e6rxat1!zwc{MO=wf8`*c9 z|NJ$jpBMgpE@9KsZunMTf(dQ|Dr(Y=O1SNB3(9$Xqe~wGQ1=S~_FVuV(jC zi;u1I*S$~dIO$K}x!wOkV10@$AL3U)MjnDa`Ar zpbxSdUFzG|at3f{S);BCq3)!oF#ink+exr60aVkIeInymPZ?w97wb@;vDZOz@ig8z zzH4>@C?79YpkzsFzI%w@x9qbFY0;L4s172)WUVBYQ12<$F`xvy%7Com_*UW}?o*%X zih;#w0TOCp39sS8PsUjSxFra+=Zr^hwnIcfze=_FmP^l0qxX*kD2kR8;}C`t=s7bH zPC1M>BcD61bbMq{EDjaCF<~Ngj6f1<51rQSh?-Q_Rli%h1HylCRQ+n%;Uzf#Z>$B)kf0cb0F4-i zkDf`I5W~=ZyC~9#d^8;TOz8=}6pEk=P7%_beVkepxg;&E$jJm|Dzwd_NNQ~3-Uw-L zO-wosmqKKsjyaT0U?SvqcA4nwBYV(3?=SdCuV_(WAU1~MyBae+zpNk4dR?g~O-rMYt6VnheEDmY#zeR3G*8<7V|=fUX7TrjQ2Pglmy)ZZdw=SY#+ z%Ab=;Eq`{Cr{@Hy#`5JiJY*oIYN8nVzqf)_Pkk+cRlk5w*BoJ=(HJ3s+}0a#50XCe zEu}MgE!N%Pme!O^~SW!aeV zSB&Z#`O|K~aw(yxp%p=gPi*sp`EVxJLc}-W+^DDZ8 zg>3OmS&S{bg~rI~?Qleew%{bRK;!;8uZcLH=GoGOn|BX`GN)+$VN&0&<;xQ8uig6I z67K%CG6(2Rls~>5bGsZoh%Mn>aqbsts+I#TVzX8YfD|cM;7=Qd5RPF;AVn?5Li8I`4BgSuVyg1XFfMV%BQ>b|`OA65T? zx}w#PTbrDoNn1rYcRzYP=K2-1#zE6d*Tk!qWl%jE;Vo{|oT~ zzXxXUhP~lUHg7ht3fdQ=@|J>>igDzEMtO?eP`qM_2vbPwNoYJCViZo{S$}eId%p}q zi_i|`K((i~X^OpUJamWRb{l3^R!lRF%GQ-6obUZ_9zYy`|L;ZR&n&ixlu(C5-0sI` z=;bE)3WN!-vX}OfD@jezff=n>QCtE0X7s6KNUM}=!V8#4C8z?k^>`^y(GhGpOXgf7 zp$pd=Uq4EZL9joM<1%c=gQO6bTymn@hv)6rtu2rid?NdOH9m> z_iplUE|0Re-7$6b*X}1)b?Dpe*7ee(@FR*Fq17F!Ucu@#2gkYfJ##Q5l?UYnUEz1y z7Z84@qKR0n&72{eaw7Z-N-7H>AsGk)^ViNsnPJgRMd2z2*UZ4(InfK=!ARW{7`j2A z3U*O0CI*PKgm<06Y>2ba&hiOfYpf4Vr)o43bm)Yq8LF`)-@WGY%m4wVF5%^c3m+{d zEJ%vEEt^Tu;T5@{-$^H7>G%WOL&PEWPX1PrVP~>QXj%3LSM3jbTh6x)@TQQc+YXt{2&ZTnCMDAY|0MFcDDU`A!Fs#7;ctq3 z_^RDx6*0HW^ARC{H+@O~B|-pmFK>qcrr{fH2w;L%pDxw8(^v>#tXtnBfODiW)*4&_ z7(6K1Ep472EZVOPIIYo=3%w_Sv_LPwNs&cx@&@QtaEk5H4mdMkb-RbW)oj?L}Z=+$ZU!vIMmucSxxRt%wPH>rnQnK~1RXnd6=8V}> zwD{B1;gJin(}p{lunX?F6o7(#wg2!)uk4nQaLyJ*euN9ADDsa`Hn2;7G}EQN$@|L8SIA!x2lZv#>ie>QjJgN*-gXmllo!pM1_b3m-iAMU4;l>n^D6hF5>IK}A0W>$n?HRI?%E2( z3p0ri+LQW_)w!+rkXq#ysF!Wtc@W&Knc(jCc3@%QZpKTZB%VT|uWGp*aEJeRT?OI? zKu)xYWX#}wj@gV^taCK|0&>)_$IfjX5I#Kql3>Bki6QQBIu?8S*95n1#GzdsgNt{Z z73{Mr==6dM>D&%|8zKLi39BTqxOQ0rs2G8?!_0-a6lJ-?jKRY2?P4IQQ^0m))55PCYGnIGYa$p|G@R~oUujW9i9Aj z*GZ=}Q_D3q{ZBZ-Uw1j-HmM_iU6>3w+Mi>RL3gkVI>KMU=O?cA0ls-M2oHQXprtMN zPDlbD1K2Trnw0|Z9enc|h))HZf{W$}!RC3QaL+k;&^ZNb)V+_G)Fb63X#s&)B{HY9 z9xDrC(t=xG5vg-}wx=LZe{=^yUig??+ys4^o5J{BxArym57%uHLnsdPA3?RX$gXW5 zcP4rTf7i(`ui-53j2y9mGLRA(M}Y9e@gk)8j=Wz4egIHbvT(CGdn%X`NmKTdHL%tp zI_F|b6kz4%^Ot^3W8_>kwxdoO^WVROj^hJ_9xU?;bKHD+GKMo<4D)F= zUKTEjEGde-Q3MAqpwoZ{qHmd%gl}CVmDWrX?>nrEIm*V!%;~4m&Wdqp|MNCM`(NY| zL;D<*GF@L)W}7065{L1xutwaHEl=IkCRR}?faOJGAZqlEZURK#oh$la5LOsR){+$# zvIo!+BB$NcF91S;gZq4}gYtp6uAB%3{cK`S9`Wfx+@le(ka`g6L&^?Qs=PGxX> z^Ael-r5&mx_;CJXVk?9XVgCz8c7it4C$XVl+MW0KQODN|=Up6penBgK&c6jdleMY( z#HKj1#$PhBiN~Nn=Oi}Let)3gI-8GYHzBiQ&xeue7xzB17Wbx$z1`0&!7b$bE?o5e zb9}$q-tK1})A!AM;P~F%jujE7w{JdnhMM0nS>w72$&WUPwHDY~J~NiLPivh9t+V!T zs59Tz@tL74QHMVYAL-hue0HPOx=w4&LM_@SlTZ=j4^fS4a}({MF&z`^p>Mag=fYro ze53jg?xaV)X0w1C#*r``j3c>1d#ofXAXhfXRsCbN7&CM2z(Ei$Y#hOaj?C#nL{QKLiWjp*v_*Ya0H%gs!C^TVl=4X(<`H{^xggvA>S* z{4)^p`0Nupfz4gS_cCGkjiT-QL%Apn`Yjwx8xg_PWY^zgfhA*pO?Zw&HM&2LxwK3g z!H;tJf$^xQWd0;~Z~#~}JAhCRaw$w|2|}R=;qP$aoyCM&U+S$=PEY_%ZhwL&se-ZZ zFa&X^xEI_qyM$IZDx2qg1TND6co1d+bfk>j#`RYmBXEdV&N5Z8 zMe17~WbYzdpjRkC1lcvq8u4%`fb9F94oF*6^*AR6?&z>O`QC8$S%TG-8j#xoQOQ+l z?y$|1N1&fh`k6~093nw@avql|ve6-kCvoRe22GU|?tS-47GCW39y2D`%rYI33`JF# zG+rvLU|kFQ1P{OmvtWOr^7242QM~0~p!iLOPy$2Q^?jRPlCTEHH*p(K-2DbDX|_hSr;V4+owGju5wJGNl1>_kAbw^B>Pb7S1{L?f8kEx=8N*AIMoi z3^eA3pV7W<>5uqiL-bb z2PWk!dEnu}hi{Ss#q_vfTAltRMI3)xqUflaKUUaoDkUIiZ`1k`lUA8eilBA0V*R$N`d=T5o zbN)u%1f=_G!-c1Y2!2fQL2XFTtEX=UOvYg(APEf&!bKjGPk1?^J4hu2Z;u3VQ;KNt z_C&M*1a33mvNi>jS=pQIY)1#mr1LW7==dynDYJF|`3vW;1K`tgi6*VW`Fg1BCfv8K zn`rvwj8KXemdXXRMbze*H=b8`K7;-VJQ?inuj3gi3eE@dOTZ~x1#sA1^p<@1+XGz3 zzvEGwZ9KYAlB~#ar*4Lore|n3OQzq;AxtvdPGWy7cN1jU-2^SYIJ`Ah{xg0=Cd`m8 z4+Heq|Ix~qINYsYh!^MC7ctyrcLeVG+s70Se`UE}^Fa)E53Enb-7P~s+~s??%QqKD zr}l=s!BWY?9k3vQ_a5#}CB`U?Oc!ZqU%1;*l#IK4)K0`5=UZ_1skbQVIpdTN_=0g5 zoryok_wsBEy5GZ$!uq2$4Z7s9ljvfGNI@ilH1|ulu$xlc+vBt0^w#{zP+Jujf{uW% zQtenM5)gcqE55dwmlR*I?U$$7&#V}jMf#*11#!yel);#3Mzp+A5cZHnU#vzcd;{*= zAA@%A$R`MzCTR>1C$&>*#A6)(81=Yepjs^)lNiw>l!$@VXX8!4^K>2488SL`KbBVHg{b6I$x!4 zo`8_%F^d_mzX|5#P2MY7SU} zBB8p$ChJrjd*$#Gu;Gf;Cx+GPqweEsb&RpBXTZ(7;Xpo{4u7FI1H;sI6eCgWI`pk* zWGu-S{HuS~QlN9>rlm3I+JDvfYCV$AGPvu_*vE7-Q41zf0;S3Wqk3`R2W)Mlh()xt z+$|2*c;w;t{|$bRQv8;ZKLAz!0ctrwcDzcpw&OdomC%Q4aHC1RnqaZc4|uM@xUH!O z#Dn*GmAg)o`u2cuep+Q;I9M2-Hw+1xheZR~SO!c3#h(E?=dD2^E<%yawALlV0Q(cN zzyJ%mP{=6|*8b!#NM@z!{(GT->;I(`kgp0IYzX~jiR1938T7Ra`N}>qgB^S zcqUvDX7yJ2>mY@HIpJSM_?Hp>^#XsIEg&I`SA9|lUB@~I6OHY`1|wSv+9aP{hB(tw zZv1DkV7-6FQ)nm@Ogx zTToB{f@m^#jTID_O$qP?3Lu&-3N~vIUyBw&HBR;%-(R-Hp&;m@0RDkV^$LIetgc+R zo!C3H|Nia1p#5|V+6vzj+sLnQ|5QQ(@`}^6t*5xV(vQEwvb%0cuWudWN~7OG5RJ|- z2kHQGj1JHfM5}(p0IA3l1QGW4-n9|u15;5;@~e1Bf%C>Yh9b+MtAkiD4}=O9-}<`= zlS0nf9fn1_yb&r`I-x(=56g+Ny0}rLo6|3d-eSI~^gG(^u;#n9!U(l++Ha%oq`Gzh zxop34BcaCat#_K1Oz>D3Oxzb{+IM}o#zYs`3=0cpMz<7qbHX0sYPt`qd2~p7Y)DMNYQBmi3iIrJ5-gIvBAKG;H<&REXx-Leqiqlx(Ho zZT}2$bOIEhsY`UV6G270jR|lwDv5qIcr6FrmJ^cW)c{FL+B$ zNa}QGtsQ$RB-16^p)nAO1_B{Swh$!SR6Z<=D3^xy<^#Z-+7ricC=k3DO*xC^=UE&b!M*;YiwoiFkkk-WF_eW&L% z5L|V8{8J^O5a^%72M}8F0;mwY0b7TfYh};wo=V^k@>tMBoaWI@&sAJnz;tAwjv3AD zK{#s#Qr-q?K--9{D^YxbX7cFj z1Y>R(5H3iqJcAw14Z%6IlY?oew`?#cT`R&h z+N^>Fqyeho5QCm@y-SPC`9zDL8e`oY-}3E{JvVc_&~K%#a8>!xGfMfI`2F_4p=Qfl z2-~V>vuPY(Mlvm(`_(>Zsig^OB$2sErr&{G(#xfvLi0rRin_EU!8} z-iCXlt;dqGW)nwmy{yRbUUPF6eTvuA`yKkB0HeQsnx5i%EzQ}Ntl?tWbBAbgLMFKm#0NEVXcVBjDZcBC+Fig_~+FI^WL)$=Ca11(i>{*>T1{XUnV z9jHa`j<1f#9l>21&4A1(sizr@m;ld=rney&Jw1F@M}HlAgI6Go;Q^!G_SAWqtQ$eac%$hKG~w|Jyz%|7_Cr zg;M381_BT33o`|X_6o{Zl6@toQQl9t>khh}3@)m?hA9^+O5>rL2dK`P>_T+}cjUWJ z{q$i%)g|YonGdlP4_oO<&9VkOUP^s?2fk!(pAHHD){EiL;lCg(Q})rn05NZM>%7LD z-X(tlSNjLQ!$k}s0RP|(LQX0jZA_o=mxvThmsQxBXd>B zC&7=xD~L^DO_apBb2#7pJoN8hjF?3Kphj%iQIq5hv5RI-@0#h@YYF*VVovJ{_a*aB za3rX|VgzHY!CbUoFDIe*p3g^-#eMh4nmb9hRORoiQ9p?On&RpiNj-5XDHghLC_>3P z!uZR8|1Ap{j>lIO!S{CT;!tE&(YB36i1!KgSsCikC>esG`fZXRm_-B>=O>F!R{o5~ zfyAKs-@qPCqaQ-!eBteH-mWK_F&bq2`BxABD)Wk>&HhTUa_w6*0UhA@fu}9 zaKjF!27q{yhz7dO;~g^$Puufe%>QilWqO`;rLeDDs8i5hz&tcd-Q`CSLV!v(Wyopx zn$vsA#6BsKyV(3gvX!{sOA?3jJsd*RT$$-|-gc5j%`(y|daVkeU2z(9dO}}&osTWoOAC{wWU7x?3Vp?Ox&F}3Eg}JbwNHiz? z)V`xp)y^~lLNF0cA8`66l%!Cm<9Z8z(;kPgO|%Cnu2I_Bps2NhC7r@4H(A{{U?IC> z?%K2yeQ~k5kcC`pD$Z8PL(RdJu2$VuAE#Ak{6WdKiB%KLm0I~|yjD$UA8<}fGRalH zEc&>8?A!QFou5D63EvBEu8Nycd6k^>~2Eip>vqAvr&Ad_qMmU-(-MN%_K!|KMgRwVzuG%5+5| z#g)nY>V3Qd@~$U|1PF?J5+Bg!`E~(#UzZ`+4Tb&*VL)9r0McgSMv8r=Pm6HBhOFup zV^RIwJe_FcNl6e}VovkcQwDc}j|7aE(DuBu+iAN$@<(&}Ng+ERni1aF(SJu2zr#B_ zR1PeP76*#LRm}a>gW4;KwHv$b0n{eO4Em^jov(d8hqHWdieJz6>Ux3t;vII$jqv+y zgkfWTyK@GT(Lv_Ie|`2Jp$K2zgyd!vHc&nRcN@4g$f)NGI^B z`lgPLJF?sBg4r=iJ&@{D0i2;@_KhS8lgDLF<+@^i5q6A_f?HK5BNwFZ#rhH_j(B5D z(?8p1brJN;G?~|uj$S3$U&{X<5sZoX3Bf?+Wb$f(@O&jk90pJ*z!V*hKRkiM@%5V> zhr3)CcPf9H|E$n+{o{!(N@JcAA6Ulus}~7@e6mgnB%jy`5ZBrh@pq^Xo19*Z&ySjG z_gocrF4N&0eI38@aS2S3;c*jk$R?f+8veM}&QHAHl)f7^8wsCmI?FDyfdkZUrB zTuAxl3JhD+DJ*@1AY3kfe{+z?4RNPY@Pb6;xqQoPRVSLi_69L>*#Gdd61#uXy(1!$ zbxe%<=(EZBW z%A33vqn=F5^6ac&^s;P|dx3&mFyc1q6!vZMz#TMC2>W~B=FriU+a*&6=b!Kgr;W9z zTc|6KsEz2ZC?P-@j&5^73a1(Jvj{)ye+Dv?{}yfhc^H}CVkAL4{2#3^+Vw5qcr1_x z{s|J|++K#nz7@m72`ebBW%4tseuO@k@gjoF`Ie z+}jCK$MJ3Z4E`vg2nWb?MVtAoQl(lDd{PV-v4mB`@{8sf@hZB`k{74btdn_H!qfn2 zCuY!b&}>ZQ{Z+dWJlh_U&6n%jM`+7)?O{;)YZx_3()pSsNN|%%quDvt0Ha7_yPj7c zbi{qhKk%rRP#%>QLBAfmjprB4s3F+FAldapoy-B`7x>_OH>ATLY)g0!kFoXaWU1y( z!fSDS)sGbI9KSXlk(wAycw2|a4p|nGDlPA#9D0KJjqL^fL!(ieoiFB!%C-%JVM(xH z=|r4Px{`*JuDf!!?lb-y5GFkof08NFT=-24A|7V?Vcb6>I{;HKGoCCp;VHUk> zdxn8!w2T8R69k;{$HM?E`Un`rKU zoIg;`Kxn04T^WLYw+Y{vAYnjJ&_W4IE-K%f-)RGRvTAnA5i(RNlm8~Z=coO1`)Zx> zDgWK~6+eEp511PE*{nDA5$*#B=;gMaEfL};`-=&O?rD}p>}GUr0s zOGHtIMiepsh{P0KB%%+dM4V1g`1TKpVz^+XDuz4}T0q!`AH^w#JWnyKzCqCzfGiJ+ zVki^WZFE$&o;`Qm`P+eC#t8Lo6#AX&iOD40P#Uirv^~`gK}57Ab0Fc7ZQfqH7h-s! zJ>5V?_-Xv^8-K#z=v@5ygot59v|knSpY`GV8DXkbYJW&FsloojNy!|Yz}~C5KXp3>uP)*@(tv*~QInjoL{iPGW3N~P5Dyo0 zVgsH-|Mi%1Py5S>?qcM9y3qo&q&df-Jm2qMVx z0k@9Zzv6tUlh0}WO4gamI*|8Z9j*^Qa6|^;AI39;bhKMn%aOj#Z^$@p>=@vf2vv7p7GdxQJ?Kx9nFO>n>ioBjk0kk5J zhgTT*y2CJV@F(Iw1G#*}Fw+tc7P5GJ#0mBhQgIu>I1jHiFnTs?k>aoe0tumT4kZ?Gg^wCPN{)NK6hsv`X#B`k7B;? zabqfbSKpFa&fOlb&HYYHyb=HgW9Q+iy(GL8LM+ z8=YxuEtEoT(lI?&1?|eJGM6OeH+&D$g44V73#5W@bOpn_bM-D=gZfy!2X5Ehyl2|O zXy5Se4*uFqG-THw!n@)7X~s9gyVEMsU8Dew7G(pxoo-hWTCLZb{R6DQ({B7;`FHiedc>(+8(vo3ASmfD)E4n7Xx4XY%w3PXo z;*rJ89an;ul40``_i-p3k|s<19R>>uf3>(>6b`x@`tu}q2oy|YcqojNwS&T+_pHL08oP|MCyv6&*WeOJ@L&fYFvec6aHETc@wYvpleaY zB+XDXe@n3t$pBrE`eZlkdg~=&Z}VArn)C&B20GcdF~svldLrS7;4Tl;AwTlnA3^+( zPw*SyasdjiE#q27za&0|(;rLqLgA_j-L6%mE*GqkyCI?F@xe@1W_{>p``^MvzmU&dk0u4f32M*GvdY-T^kB6> z6f5XmpO_O`oAy{QcKT5TNSt$&d~Ufe5Fw>IhdL9_%$2)8XMT~EQuZr}x^o_E+APhWIH7 zo=`F5rd&E}7}mGDqiv6D%qc&94!qhxlod~KysnOlhqpN%$*x7G45gxTEBt{KkXUCF z80gQWavugj2ErK9I7}#r3|#S_{LXTJqX9v>)BC#*RY9=0x#rScd))PN*e`EGl@W7| zsE%l5$UiL5B5DQlPh~svFtD3NNP1gj|0YoT|LYls1oasewv9g-bEKE`dA%RO2B_b1w%_K z)6IqUBVlRW_tf1Ndf6X8`DbRz>&TlKJI!*=PU7M|6T#0!cDYX1^bRpJ zb+Kq-F^!)dZRO_loDfKEp=kOW!@4bbl z|8kAW&(e0}=kD&F{M2UR(&(BWYi~Qv0%#k}(el`k35gdgXHb@KPm8b`s zx2Ya%U>~6ei-|eHmdWcpJ!mqK^F!oAHrkUPx$cjA`GVEF5CkkiHCRlkz*0m@o?K^J zwK(0Tg|dZFE{OM}2A20j?G@X5HqQG}TuC5?-E?{n{Rx{f#wkW)ag&d!Olhyq8 z>R*h)`vnBF!@ z%~thbfeY&834G5Yrf@@Z57;j2>v(Vnad$R$gd0hiZ69$sCPeuxH+BqLv#GDQn z2ymOxC_1nN%vp-r%<%J*-~{~l|2_sO8{!o(*N8&FEH1u1C>8XbmK)7$^RL$wDgjzL zLDFk+%hzq(T!haCb^fH0duldwY&32fc!hBzSB1-TD^;Z*HntV35M>Ea;LS?ZCD&H- zihIJA_X1If25?pd*KzFE zXM7V6UywD1VL0DHpOgbg`oJ0qL9jNH_dkDtY6!Dgnw6VS*_>`C2#GDv)rC9nONsYT zU|6m5_JvIBC+2AVb1+BgEhmH+@bbb%o*N}D=EkI5tP}9WFWQW$KYuJLA9|({L5baS zRq!tWjQN`tn+cu5I0A7ZVa>~JsklGDm*^5sxFdbfQ~7WRzfiNeNia574IRjbm2!`h zVR)r0?{x|%SYUJHg`17u7Ko-_cLy~p!#J==ung+-!Ak*sm{y$l8 z^Zj3e8%!0X5T^?3_J@|``b03|9nSSv8(mTEP86;=Ciy@ZbKn;0)9LaR>hJK5j#E+* zCUI)exp;TX!YJ-wC(2DA^cO?O3iAAR&^B1>VeDFSs|Qk;vh5M!HDAqC49wcD44G8? zHZ!{$MyG^M^%CuIElW~x0tC%V0fIkVq97n!kZDjzYhe5*ar`~Le^$pYB_ao7{Auls z|9!=;cPQV%N3|XQzd3&2_jTG?=@xWD0JDt;reL-K@$N+kT`K_ zm~z&J{rMLhQoZwlinFVCW>*Zr+#mC>tKFF6#n({Q;n3g}IA=HNJHU=u=+r5^>n02q zEv1-(T4IRhsDARPeh_J}yTh%%zK!)rVc=W@1f(J> zQj5RhE8Q~G?NCNSrSO&xpg+2ydL zX2E@EE*hn%s76ak^fN0@=x6?1r5`ClT-?*SE&bfELFp%UkC2^VN9E9>mNc$&bUkU7Z~sV+8-c|oC>#&O5Hn&!kESV#G4^PhcAF|xP# zanaVIx9t)`WTlla_i}t{^YcBvRb|e`7a*$;Q_e^t_1;TmUVm`P!RstMW7xr88J(2K-0WIQ?85A-C_m56kl5P zD}8g_4bm~!-N28~aLT1Aq2S^NOU+4e08+l!egM0!EzIKQGfxjmHhk_k@rI8!tN2-j ziAbB)lJxRve`~9kKT*BR^;vE{Q59Tt0ESqzxmxfvSDY#|(W~Sh6IZ#qD`;?r@jlvP z`;-e4Jv5AOfij1!mmXY&v?<#Rc^WA?QJ!ui)&u3Fs>hL@#!;XUI2wIcx(#BR33^vAy^z1y<{mo{vbto8X2?%01u0f&4I&fuJGtEoTmd1 zQ+9n(!J6ArvF-SbP{f3=e6x8D1uJc^r2a6!H{w0D{SZi+Sfv{bpRH}KI1jDm!C94G zvEL%}KBe_+Gzj@>W}!id+F#set54!*(DZP+!srKcn+~99^V|Ql-Hv^m(db}6K-_W) zfHzuCv;b&*T77fzxJVc~c%5TLTvThvzHcDDsrEt;?0|58#HJsGp%>vTym#0M1a}Yq zza=+**<G8@GJ{u?WQ47lHmtPHz|1O&xZwulpQW0N~3Qp!|dEx!PeM_nQ39gJ5=lc&p41dMyt+Rq^WsJN;AF@(uX6jA(CQ7owr% zvOZ8P{n=nD9hPuCOOy|8Z_WEWD~D6gBc**;NUH;yCF#%x3&lI2J3pyJ&TqK_hYslD zAz$Jh(APjd!2jIa{No9AayN+Wr{8cZ##ImrP#|LnR-T{ElQ7KN~HJ>s}G*_z|W^A%b(*+A5^rGXCHOJ#FPiDpCDw8 zGaop1h-y2(dqVFRA&`NU8(W}T z{^rs$&Y)QX2_7RGscF@x@TpreH(c`hVXD@_w_cykchiofsJI;4; zH3HGYu7jNF}iN#s+yyLmwwS& zUo1szq{(%5juZwqvTP+Oj7r(Kr=(_iKdi=Fd(ZN`&&M?m1Y^6aV_&LqeY@vCi@*8o zg=N7+KVR0F$@uI1(O&U)95<=c%v%Z@8S#%`O>01T!u$XF9&rZ*f;C<11u*+m7KB%$ zz|9insn|8zW*pq>wbt}s1KSeUlX0cpavZMaX#9~$OCZiW^xT{_Rw&~Kk-s9rBb0cv z5Zy@GM~JJ&r_Lts!kh86v6wPD`~!+Crd?Q4U3I|!WA9zSqpGg{;eZT|;4s4_7(r^l zsPTdX3zz^Y69k#yL;|7&u{A1URMZFwMnFuM1T!5*qhgCfD_%=2D%KQHsO2VC%T2`q ztwOE3$DjqZ8i*zT-*4@G&deke->m9$}x8 z_PH=LL$0gMq!<#?DZWVQlnKH(VMmC2Kg=6V<7K|7z;*T?e@lZ%*4dMTxY`nZMcSdB zVpH#JA(~rVX1|mO2(LDRMmCqO#3MFjua9pdnWS;+>)-k{{P&67MMBI5bi;_ux4OQ5 zEh!D_^TmVoVGXigR?ij6NgjSadCWa}eLcLs@m#pVRUu|W7=TdL*Dpbz)cfjbd*sf2f&7T zMo2Ruw~7s7rrnH>#;(ebY1n3=xX-or z6rh2>Epg4}<>MGn0w9^1q(`|j^s5*s;qUI-3SHG8&vEnx*%ZmC9=R?~OTyJ`@zSx`7B7%i*((QGOBn7NM?J2S(^Z=SjX~CK zCU>9~@i3a7Zn{vhfjwJa1Bc?dOFQfQgGEf_1bt#DKd{V}Fw2Hg*yhDqJwB};$}U`q z^ylfOTw%?sau!1`u>Zv(#@D*AQ`)}5-r{XZtzpM0cqR6qyhZd4uSl|ZmHrTF1l;|2e*0&NT# zE(#U1ke6e}3m>lh$KUz*EdvLL3e5Y$nD<5IeIWaRBb2ej=~r+pB)39;@C<(#`ORUo zksi-6{=gPNar-me@s1u^{U}PAA|^Rz0NQVM!(I)b{X)8qY*$skpk32Kx)mY|VVfa? z7$n2Bn4~AJ0?nxL1{Nc@q_RMJ(m^-*ML(gDp1U^;o)RB9MzhlU-W{uUhg^l;7jUQ!3h0D4k= zk%DJoS9|spMD3NJ_-9`d^RW|M8`tPQW?EsqKBdq|DL`5@P~Yc$2KB(W{t)&-8;;YG z8O4#lpjSDR?jz9as;1Jb4aTNB4ZgOi&<Ws6q z)Hop{>t&+iallr?f87Gkk(U$ZC#=-My`IEaacHxU=CZUkyh6Ck74{P)29-LF;<;mp+9XXU! z-n=RVA^#=sLBpf5yC*i`yp*5T^Rp8?_1GHzC=Y<|%T%4NOmL6A)EKbG`iG8vrph`H|X(5us^+aJSmQ!Aa}K>whE+ zMauTpgZ|N=)q8p73tuNOVML|&PCwI%RDQYo^dyygI`z69sW05E&KDks@!Vu}VRl_Z z7ND4t7#JPd264qS`K{mC zam8md5mz*(24&nD7Bb{&eTw>h)pql>B`6?n`*QqH&vlc}{;@`XmM=+JOL+w_yy_HP z;QDG^fR$KaC9h#e_wSJTaE|<*pSA>7Yg0_s@kIRsO_WgQP4;0}m!O)pTJ!zOPBfbK ziFh)haCSY}LTHFp7l(VJ%ONAT;y5{V9>hRG?JKsw-mRt2!o;W+ z2SB#Up!|sRY@ssZ0u&nmvc@oQD1-P7s!6q!v zw|KLgZ(Q;QUK9|B*b?86e9W|srW(xX;yE^E0V9;L1W?W=7U5g~!cpx`rBi~bDpMvr z6#fc{r^lxxXbA5SdmHN8!#{qV)HC0xacH#uYvfQxTHNfJw2JkNI8AsY(scUrV0Q|s z+@|$%IO9YxH=H46jza3Z5zqQyxm58TVBAw8V<&-(tm5_<9VO zqY>c;#a`@_6Dt--aMN)0PW5UpU8>09kzLCVnaQ_I>L^(8pI588}cdjqzS zu4axz`w_h8vYGz67e&Jtgg6B z!=HX$3-||J0{>@%8vas-qPASVtACWqTca_6Boc`1SecQ7=l5W zg+FPt1?tv1Sg-(ge$TwnB+S#ue7RMJ^pEbL9~Qc$0ph$ZD{9^lF40wJAPIkbG#%Tz z9fq-G;WYQ>z-ihkJFsmV8OkOrQj{^CEkv7dX+-mb;nP3#g>xYWy8exbh7K9=ArK9t zO?`zV2#si8kA#Tse}hK!VL%6nerBRyl#%}vAkf94;&!Kn$zd1-)s56hOIvT^HbRLP!%!s*-iQkbTbs#4>9(Se;SRk zPs09Wek_NbnsoHrN^ zvX}^OW;L3$!quZ8bftx9prWSlRAFZ$XrIySH8f(lKNT- zk-mnUCfFKZrLiT&h^+5&kr0j7iSUsiH^y*F+>rm&|9{?Y6A(y0>$ikR9}5QNsp5s$2ccF0eRWo4APfi zkZPh+MmVifk5I~Rg!vzm9`*PxvBr1ta*Quk#%GDZ5nCH@%JFohbc%aYj&CT3Zu3WM z6S|Yn*wt!YkrwufBKykJ=pand{K+jK$;N@Mb*3F8t%ZZhddMKC=(Q*-O6(L zVqYFlEIvv%kwvlln-Nwx#k}&Lm=pAeChuv;2@Fkx`12zAb`a0(j)mC&5nsp0M=+}Bkzt|-FkN7`$mbbr&^-VTi~x6H zW)eXLitpwY3k4|67DhVxVcpZL)6+^W@dpp6&fIC9Gn+R9{LPL`X$B;I<);i~gdF=P zM&-aM9~-;Ek^_*h``3NigejaW@jdSUJqC5OT?8jIU9y70`S6@}y60Yr1`#>-G?gD6 zR_b6`?iIfO*Dxzr^kX#S?7xs;u#bfW2@mF9J!Te*uu+{}p)ex@)9Qpwh}svM@qKM` zW)g~k8J}1>Y2aMwq?+$>?ya^nqztqt%h1j!pq)_&7sl8b3-+@sR6npY9BRf({H|k1 zK@=7@JPKI!M0E=mYS-FN1(UFku(t)V%PvB8>CZ&W0_@L!g#o{P33w*t+H-6iBDd$u z#~cg*LDOwg&X=2w(l(+_JjnbC4Dxr4Cq2kl_QehIk!3Q-&nH9&dBKYqB+T0AAP=q4 zx-EWeBxnSn<}@+G8EeH+gOO?yVP438_;6k**C|n;_44F2f0pZV3>{m^GiJD5cDcnC zCc+}RTIA0tNtb%5T(#>-QLs?%&H8wpk9iBu!3K-0&y>n7K&U;nFB%gS2yNoE=I>Ud7b$jS=e>Fx;wh+?7v^8aI#nB zaeibY=LVZGX%M^E?^Ht|P)Y6SLiHkP=9}q>)n=)so=M>lsyT$ynBidL98Rx?sFR2$ z^!@{&+C2?8#Hs}RV4aUuD^1hXWNkmBa5=6bXy`1Zk}p@7q?gKRCm~u&Qhedj=mCNv zUttRcp3oHB5gGB7K;)gj03yG+NJHduekklZIy(*`zr|{cRvWw^faLBfYGAU8ZD zkQ5yeT8BRC^?&C4hlk^ngwlX)O+|0Cf|H7EsmtCgin+U4NNH z3xZMsAcq2uhZ*$OB3-W5lq(}j%cUViu9;sYyIADNE*9WkD|#gpo@O2pn^V1=oU|&H zwZiz+pP=aQ(c|KuH}+w?$B>aZ!-L(3>+H3tU`<{Ly;%j(X&~InJJAzR7gV)E(HU?Z zV?smnQ^&V1pm0dEKQVJUL$2?}Y8v%IB;A4VqB<{K(`Y`K22i8hG3~ejG&EC_SH6TF zr@m)VmyXkInkF3eMcc|zAz)0IqgyCjdle`fHFKn|7q3px<8rP?hU(UE=7NS1b|0fgfpZ+ zQ=zK^ac2o7`*lp$%MlfasfCb-)$Y z&@h_6NTOkEQ8}&zNPu@hnI;5}t9^ht1U=~eMd2zZdqvhTNd}M0d|~;e#WdT){DlsM zy)hgG|Fl9BgpN(C=SR0_|7+=v#b1SJUt8Vcwv$fKej#HsOZs|6Bp|(?Mns&<2sk5uufl%9~ouoIRJlIYKesK5j7B(NJ zCejPod6uE&)~wAAO}m=4h$pSKShK!a;UD}wK8nP!_-?5|&tL+%^}Yp7rXE@|{ifTl^@81B$&# zd07{ym41*LOiQcZ)m%34{)gLtGQRze|3>@S@%<<6Qi!`$$zR1rwqe(Jtb&8v%D``( zIzR4{EUty1x&$95oV7Bqf5w`>kp!st`E}&Qd!VtVmR$qmE%{Dd>bv?vNvh*y5)WLw zeIg$i?zoZ0OeSN%UTCn-{m@|G6)>-BRVT;_Y%>?tV2A$DOfh;zG5!ISS}I1iqTZAm z*1We2MooFZj05Kb!eUB<81qca??19TfkT<30nDG_kNWtw_qqR(8Zw>ZFL=V zqAQ`~MZC}!{lGFjcd1t{dLOA^r9CN1)489`c{D4LZN>=f4nFk+}B;Dt#sFM z6HB5BsDY-tmKj{HrfN-BY;ALi7e6h93T!yEU8i8Du>G(x>v0$o@Xt{n=BRQ0k!apK z@kr0;aAt?rd6EaU@SES3-(lCMSI~r>Z(JN>f8k!-ViYYzQ4Cr#E{n`>i!lNLUYPGXLcVd%my~X7}UG!T*{m!JwB(#XJ-S|3uGO;hhIxSp1TmcBs z{fe+7HLxv388%!l)aI_bQ4}6@Q4N9C8}$)CIlCp)&MyJf*3}!Rt--Jfwas#k$!(>4 zjDcTou@p4?qz(YVIu`tPTED}t7e;FM)!`94Ttr|V;0@|HV}Qq~1pyhz9=^>6-WsVT z(Ha|g(z$rxY55ezZ@nZP-f;$wF467ZaTF{5~ zs8TdSx)Wn31o52w>?q0~ORGO2Z9(K0S`DI;wDG=2gipQRi#RmX=Aa089q^B|{nq%k z*m~WHX?E6{nRP@LzuJPaG>gygSVRibCc0&QUVaEd3mgz*?xinh@S0wHol)k(z!e+H zfGvoKgip~UoItyV0>sB%O3@oQ6j*=yCny9wETcm6Mk5xrX-lM#tH&K8k9+b$pBH=T zeW0o`m^}>pl}yoKi8kZ{N}m5F^aGoR&Z5BO&<1oHcU-VT2`993!)&U56&RT+Pgr)^^JYOO$ zH-E0bq>>@UEe9zUSndy zC{2AKCxjUA6F3U-{S>-Zi9HZ0()j_5gM0XH7XJWbD298w{LNIOj|joud?yH2>t$x$ zLr9=jE;!>fY%7wYo;xh1?!QZy%4D-%@WZ83a2Cs{{0=WpKgYi_;yY($R?cArgF_L1-e%HJCQ{}^7lW|Z10+y7 z5vI?lFToQi@fkR5&o(R6C&*?L`iQZDQea`EuGgtb`~vS*g0Mgad)0doO`16QQIDEj zYC6rYc_P<9Mn|1tEb$xs9;h^&Z_0m}UIUc^Y4t*6d0BLUSRvaQBX$1sqq zZ!9*8j!4F|9bvS<{M852XHv2iiDpK8WY(8Ls0(gyMyRh}gD+vzFd@|F!5$Y6-`k{q zGf+cO$Ua@wO_OiCA72xtSN0#@#@N{bpksDgsv1)g3lw%dg`Q<<z$ zh+l9K|DfptHeJXsGeP2(5}H#uZnhxDX`?7k*a|ix%dmch$kHPmC?qzwu#X?8x?_5a zF-9(H4g1>u%*1PLf1Z!2QrMq9iYwTkUS7lI3jLWc&uhgVwa&-PYIM*0J7}BgfTkR0 z`U>Q#%QJ>sj(b1qQ~z=DNF;3N^affrG;z$7;byg+(^@E)X&PE0aB#gojJnNCF@_!K z2wtbB3@*nzB>GZ`$>-;rAuX06MrMme<48icttLCaW}3937^*E>3_FHY z!Zh#B!Gw~}ILPUmvbF3arfWQUy5_zG=pjbB1|Q|d^X+&IyCM*r+(#X4{PIe)u^S1M zo08BSG%-+`z}&dr^D}-6K(?dO*eJjzDA6faG88MFhA7h0UFkByN*SRw-L3^0g6M82Na)Jfcn*~094t57Jy1QA)sdbDGpEtk6>WfA3qnpKZGRB zO-W9HuVgeyXE6OPEn0j4RFJO_m}vJ`z-lmTjQ8(-dc8;Il2rO_3(MfaqiG4(zY!&0Z$8Q>ip-)ER|XwV0za6K-MnzyjQq~ zi1|L!z}7Y7MEPm4G4N|mux_<{FEUtvbor3zN3Z!BA7vcJ{^;+Y6GG{DJ$N4L%zDB( z3A;v~VwUEruk%Qf+Is>pC;PfU!Fmz@?HnbC<9{UFg&dqR{@9%}`9ytDLz*?<(9|F< ziA4j>g0sC{+cah~!vg}FSO^_hR5+f#&G8L0lJSH^xT?8#Br#VNuS4_qP zPW4S*ExA$Oh0fHoNA;)R&xq;~X`|4sTVlGk=LK{t)pTo19`dJel|C6)LSuOe-kWK1 zoePPXSRf}U2D`7`4D8PT3$SZvD!;UfLy?RF@*`{@WGrKiq-IY|e-B~#Kq&e8y@pR2 z<+u1$_E5G)N;KtV?TfgmTtLVT(%|B>a=H59Achwz1A&{g|dVb@)6ppP}BNHIVT zhsCJY+CA`7{UD9sP?U{h-=?$%#oQoHYBhq8Sp%9@>d%a&dSXudU!Vwg<;R3OEXrb9 zr9~u;!zeH!)MpCLH~ZdMdU0O(_BMVnSpjjG^$+(v9<#wsjEG!caL<*Y@$WkWgFPjK z5yTGevEEo!&^hE(OH2chKPl>oU_uI@ zVOoa|#o)U++!3Ix?*$Ckr|?fA%+$Cm-vR8)=U|;?CG*y81a*T?ZTu7QRP=t9f--;T z+`b=-gGK(25upon0{?1*B)ZTzr$4Jti7Th#U*+hOyNY55C>=T=iqfU2n8(k+TMMP+ z-yy#etd`sdjErICXehZ*u=?r>;g2X2ze+d&t;^8@(D@7%br23>*mZUa!=3Pcfoy!1 zZz~&9`H0r-8(uX14bmJfWKUqrT1`t^ameNqb%lVOp90xi z_OycRkN&{#_Gk^+K=sR#45D>*46|FPrk*3m3CcA$62%^3wveWB)TzKC!Q1M40o-3Q z8xj?l6852F=lkT!Bel)&cZ7q({&~Yt;}+Dg(6N~XH9Dk$ICSuddR@T6-f48?+vqre z*YW7!6AK+TTn}^%e!mrT-x+gj#zO5Fu2kyhJ0n!3C`Z)G`VzZ+bkzh|O zofLlv5>xG9W(XQ#icFbsE06_lbqsnJOHRkKCA>v^rvzd)d=)*Odush@0>4R>gr9_uf*WNLwnUj z)h#ir&b+Aw1|zpv0V9ncrW7T>k5R{>m}fJBZ!+b;YSs86LnAeEHG4Pn=nHVNS2mpj zo)9;ih9Q+OOf?P$F*hv%sG#8yv?A?b!^06Es<7jq)4`NG+ZhA|vIo3MEXu-PKs&nd zH$!z4cmg96AwayazxPR~q}v3BN(2pKfQE0Dvp%yJJv68$pckC#RezpK3iyZs#-j9|uG+Gr!A-Eotwp}2r^2uJkf;hf+F`(&zfRGE_64$sNt-fgkVJIQUe#Ta zY-G@?gC6iX*XjX-AvoYuVg}q*Q_?X|65^yAEJ4TOK zC@)oQ5-4G~5_x1+=yTCJ>8O(_bvRr@t?BA9Q-_bpreVk0EY3eRwv9^KpGhkqekRUA z%<>2NpN|E}AauFK`~VvYgFX2Y_AhR&n6ajIw(lfqVmwx8w3+0RTm{Xavwnu=epr5S zL6G!d@@){ZUwk1g-!6P# z27LM0IQe#t)YSuylW&c)+51@e*6^auKds0&$#2m+Nu)rULB4H>)@en)y(W;|BqC4C zw}S&H-+E$vmL)kyTKNI_b~_u2%C||l{ZHiEqKO3E587uZmT#|V`BupJp#shi6(H4g z;{I_-l(4A~B7e99Tf+vosqhvUv!Uccd=(manOvaD`){dt~fOcXliV@Bff4E&6MDjejZPo>{vwus}x%|P? z@$z~n*S9P+J72s8JY(yiJfy!>3(9xYhanQ6)%U8)4*yGMXXr#|pr;0%d<5}5+8p`l zX;^-j(Ecb8-Qh)-^Eo=$CtH$zF!xbMp?TSYfQ@Gznf*J||IM37(r^2{(DABX^bMh*Z(M4Vr7vEr`_!OWBx26` zPCc7RDMUa3skT#UO4|8ClhETjLVrvp(kQt`0`@;RrbhhN0wj(NvdlSKZ&^Pm|7Hw< zZ3jYUk{596K@5>NZS$EM^gF3h%NMaAo!q%9wHi(>x}Y<{P}r&VOxTG{t?;Y<6{}%$ z)$(<%wjZIcrqXieAFzBGBe&(!usPH|X3@k#Jom$pTq0M!%Q>UD^ncweu0s#3RB~-} zVhz<0ypqgX7*J)_`EXec?zvo4FarI{Xv!&X7*=|!q`YGL?ck;wU!bXtd+urMUwA@O zE&@{D?encYHZ1VBHoi7{rqp0UvoEyNaX)sad2pYw0WuoqZs4!*gnwb@$G8e~Z;{?l z8y6%4{3q`}hjV+J>I^%^+~`VD9gb;%S7_)0WTLL!DL}s4Pnjl554isC1rh{AntlF8 zKa-YWZ%y&qLkL1~x;i?M7n(1A?}j2P{(n?|4rG{o#zs264bQXPXx!qcX%)Q%p{lJr zq%R*|spTt}fcE2hsgyvzF1pv2uNX7!$AwZ_-HuXg`Ya=uGmwB4 zzCLY;n)qk=;G=v13!NW?#2v?0bbb=7XJlKA$wU+CVty{{sOrbzA-_beYKY3$A6Z`} z*U?Qkz8!8=SA2G(H>HgwON+oj#o9CKzeNoc>9J0|1V$5Y3D0_q7y&jLRCoNWNn~Fn zvMW{kc=YjPMehCx_|v5g_z`)! zuFCZkZZvfO$@1c`pnP8Kc4lSKz{+hKryuMSz8PNXR+30ih6~a zBG}WO?IE0n{g0xBQ}HB401jskLPE`DVFbL`ONxth06b&8h>PD`ZNvrkKkeE2+&uyD zzr;Q(#WFdS|E-1|?6cZu2&F{!Sx6F7qW0OWcQkx`arRk>)Ng5@Hxv!mkd zvw+l1AU`HCpCisbE0CfhKR{H8{LfJWrC9$nEm|iXbrSfWT}_>+|Cw`<A4Q-bK6&%9-%&wcq6jKn!VqwI&Bf!JAY)X z9(6uNtj6lm&x$q7Z9RI`>1O6Osz)!cf*!@>lzamE8;5l0WL$|IQ0!(KV?%zoq4dR) zp|E50jSv;*nqE@t9$iJPJNMV@MO5ns?qMHXf5A(}s=z%ef3x)dwh?ifH&-g!qJl9% zMs8Fe4ni{yxRHwYY$+L|c$)=oe5w;a8r(!I53L^KMQ>Lh(Yhg9?S5On{yRR1s^M+F zGQf*f!oRs2&4e9E=@{t{q-$FK&99{}I*>sBK8EgEe4=&lN$b-(KS6bpEOJNO@*llE zC$W9od%w`XP9*&S`bQ5=ME|+}bM${^4E-a9skZ&&MD)K=)Bo@|`d{3F{_oTPwdwz@ z*I`F`z)UgpKbQ1xvY6?g+i4+)ta)SUAB3L`!gtN>fJR^!C#lbVuJ>%_CI!M1gMJ1| z>1=uqo^XA!l00$OBEu7A;r^Jr*e};kyfoSb@f%H+<8$JeVt~|a$rLV*ERHEUNXZj1 z#Zjpf%M_n|VVDB*2dmZzNZ;e5C|lG%nSd>7rsCsaM+BCcN<-SG#TE}r;TX1XLw|td z!6lHt`1-%c7sme0)wo1^Cz^lJ{{2<)%wg=SR{Xz;I`RL$knx|GKlY##C*qH1Ko#-! zE14e#y`=p68RQkizr-9&%IT#d3ff}#3QP=y2bR9-g9&@q9-5Y3;=u<%dyir_$wo|f zurZpncb@~uzlhvO3-Ycfh$ewNOo>>BAXT*mwk*JF+w`Ob(kS150p`bA^}T7|qSwLX z6Xp8C&C}u8u$a6rULx%KcI1#%nSS#(90+!{)*@f z$&5{zB*g;f)~*LcTOmE$0&Zap-I<1$NhO#1!uK^X^fOn2+kvK2-E%qB2eE-rQDAKY zx0?HIuW#+qVS$6E`q~_+zr?QLL^;Ga;J>$X&y5IutwpdWTD~31)A5EqC{uEqxzOT^ zHGl>Wmf<6i5u7Q<(V-BlwdZLv%H+x&*Qd1Y7MXhCLiyIO zlmyw}QO*C99~?GfK8HckD`o8iZf=e~ufy|`_g-%wdGf>!|80K@kwUVz{{g;Poqvda zuZfR8S?rv&6JfIbO5i)57^Z(Z_;JJ13_Qm9r>V+K0Nar%VP`eO8czKJyHhbgw0}8X z>u=C9r%XZLAZ?kWktyespWoDzm|h;va0w}#KQiP8%op&7OdfMb05A>&mh0NRsYYei z2BIqS5_pfMBnz#z3q5QKxpcE_$S4Cqb}@zL@3&gK358{S@NBB#LGf)m>|#S=KHM+9 z(5r1Nh2A};&}FoAGid1+UJF7V@)Q-~PX>%X@ZySn+0g4fwu zTCe-SH^A=o(nL$WKJXS&xkT}SbsD>uvLxa|qS?uH@o}b1)ra2Ym*T1HA6jD5w5W3geUzJuk`pO*_QoQ_Imwi&g(?uAus7 z4gqwMCay1rjL*PSk!P{R3(M-8$C3L;ch96M?$19~c<|)7ng0 zvmS+=>K7P3M_<1@hBf7<=FgY@L;Zuz@}UIa*mLa}z6jaRrIg^p6xCy!S-LqC9|2>f zT8t}s6zFg_R0Yv-y%XZ^SA!%*{aw?1CTRM#m#HeAt05J^yEB$-)y>4G>lb)w#YLuR z@(T^p1W%F$!QUYjTN3<;o6vwJ_!Ld>IZ{%{J);G=XQ&_Zi($vbY1(v!eX~*k-;)ob zimCD81mym~jZ!zG2gY{C$5C?ME`?(hlTGZIYCSq=5xdq)dM&&DO>j90Uylw#GNB_; ztQ7PAKOv+}lJdWdp?pm#nm$Z?6fm6%+(Le50Fm@(L;|Pq2Rekl0O3GO(=wn%unPIm zM+3~GcCFA@C7P>Bd3*@t%ai^lU|hhqsDIvkhyWBcU_`O;(Ny)Yz|pmoO-g(;94(w4 zA0JIuH?eR`d^7{fJyY00;HKsRFg9Ew-C7Bg>hb@-o}Y6~K1e6ypkWKxKVd>CQGE1{ zLgG6bAD#5Nz_;YbacnVO>f3B#=jZgj0kz}eqZdj^;DZ`9VSdg;ezAFc^y~S8#uLOx zZ<1=Q#YZQPG4atM2lSw+|D?@?`j6c<@zL8!W?@(0(m2I;v((iCj+?(8@-y~6cK$k3 zcU_|FA_$s=c~aH+0;SmaXuD_~5MrYE=-2X{*!k<;-5DR9^ifnEycHtQejq;jA{&av zM;GDNk`wI>u3byD6!54CwHk+C?@w z8jn~bjf{#i`~MRDF7<=I^Z%;B#QBe4Yy2I$p7@IL_pH|hlneUB@pp;TZ^_?zlTbU3 zzeh{S6Y=+b{9<$d?y9SufWPNTwbuB%5=#!nznkCcYzeOG)%(z4}nrFf2T$3w8GzAO`Vwek1jI*u|LY+A3k^z z{JoVOj`H^^-2Ny0-8hJ#`w#j1&t%kQ=N~d;34NarZza|2FrbY%Jj|%3Nf&Z``@9hW zVEjwZvMeXx%Nper2ea>lIGCVQDr+opuwq{8;vmF)o3QKeJuMp`7%i;D0oQHF94R)K zf_=gAF%lsY62Tj@>KQ#vQ8VIz#PEGeq^$^v|0VL_8Z0+d8GAL{ARiV~*{lL%HJYlL zq3$RkzN7MC(ksF)B^SlXhw)OsrF`g%M3Z>=aG{huk$jlQFE*DCUsnnWPaq#|l4`BV zhsmQX{a>dCP5m!zCe;7zwx$0`UC{p*#>t19rEUWGFyvbHK2|aL$i{|l62{ohIS{|8a|@K)d?C@LQo;r2g~5Bo1A=>Bc_!2PFEz$tqDzZ^(d zaY)ww1ec{1(ya`eD{_&z0!(tbyzo$YV&g~HpMag`A*WkPlPN#)DO8HE{c{)z!TrCj zzfiVS2_9#D3%2bFnbs;c@FTL}9%^6-vP6BDMM z7!j5BI`edP2wC(Qa$Rlq4XBlk3z!_`!*j-3x#)(mR<2XyVZdBvHeBg_$U8B&8>ag-vy!<~Dba-AV#jq~Dia)=vs_BDw88aW1+Rm~WOBs?S`3MCgr zhr|6rR%2%#von7oI)$D2i*V5=;cy=~EF}T?G$X5~HD-Sbf7Sta_%*;IFLd$xywLsW z{;bt$OE8|&{rda0cn8nika8jtjd#^mhl~~s7g^E5uD0SdTK_yv0LJeR6Uz6|e)45q z?ZetBd;@X^iWg~>XX`+LZ1BSKQ~hwvb-rXeA%oaVzSo!K^Ue7&7-Oq1G##8W3r~(r z?@y=Q;|rYyR@*c>+$iR-PSj@*ENwz3A=3%K==Rqmi-T1ZRjW8(2qbo6A(|;_!a% z{1md>CH_StL_-bv106xQOoc9vhu?m5$%a~!U2?X9c7Y&O15cx>-1Tx!{g4RLV zfiho`d!A&#hCon==7K9B)bc$9C4koJvxf0#h3g@4K7kjrYu%YsiZK>NlXk|UdlOM( zr<(Y@7(~;0YlEmrw(Y)p76mEop_pyE`{ila;A6nG^iTEFwFgM;5>B#Qg~Y^eR`n~a zUAw>b>$<*GGJO_y6<=fa4~XvCJ?2K{JTOMg_G3Zi*U@4xe1;A(I6vo!9CHR@a9P{Y ze=wNW>~%d+_PXBY3#J6J=g$-~lhjlgKLK5+Dli&r`EBWI-FSN+o>e{2kQWVEYnau{6W0gfV!!gze2WTIhYJk>YW=aO zMaVUd2sQmJCE2v}zeIn7s;(8Pf-goI@VQsGwwGR)1jnYIdqwgF{v4lniF-w_H~I7W zw7%{Y1DE5cx4IEF2=V!X9_*jN#YLRYQAe)Cz&Ck403Mg+(`tkv+w0iZ zslduwku2&Z94*5wT}$Pb{@bjJ_+)?S1Q?Du-WBXI(}#l@YOpCy=_$D(53HIuxfs&$ zo^kJxtI!Yoe>sUL>{pG=&Q+IaXjmGae8owEoF9?t0PspS9XUOX6 zt~!d(1#oBwKrHzjn2uDFxgjR-l`49Y(DJH$J_9PS+GCr$YJ~trEaX&m&5yRqA?r`` zAqs=}#N>kz3zT`h=(A6or zf4;0MQ?Vr(wn*Xh|ChZ;3|1wMpXaxw^87Zpy5}gnXT8)&(5KcNBKKepM_(Yw*#5NUQ4Gb7My% zIE)Mz#jg7=8+63&uWap)DCZ9lS!~iCL-d>7Lrg?xfO)M5lD=*tger^{$0UY3q0UL1K7E<@9(3j4YdqvLOH zsB_R08rv?Ij})S<7vB0x=aeEYyGrH7eq{?+%Av_sS_@P0)u>-rQa8zp+YoN7|1S=a-gI90?aS7 zO9kp0U8)GBiczW<^WQ9`*GJ?RNvR^$PnRn5g`OxE?pnx8AiKT&+0L~-(9)8q&=V3|A_F3zAuQrzlu+%&F}@*!|mSZ`)4An6Yf`H?U)uuAu%LEe#6@&|v932V+ai86V&l z)n>G%Gd0Wa>J!T(aq&5`zX1?zub%@u6ty<~Q@PVgQhjm_@;7Yw#EgF^WLqUl!2jWU z_uNMO{6T1_!{zTc)pw1KR_Jd(9*U9oJGSvA8^ynJUz>H>{tFyya?h*6Bk|VFCav;Y z>~qy~5x5fjD|leN3AbWkn1XfP?A8x5aS%e&_Efw?yo4oS6uJiO-~(+#UDzf$Y1Ntd zfDa1<)2*{V)G2?8SBC|l#zJTdYw4S&Oa0VF$z8}}tBDFP;(ti*IIK)otfncP%XFV{9lKFO~uSx$^uRkF; z-kD4by@aL|mZ!aXHv~{kTweXdIl8O%*(Hx$4IBGx;MTTjRsA)e0!3j*;I9mz0)EJ^ zHI@s)GFl+zL*$NQ^N?@Y^T-+mrqYrj4O6Tq0{@=F@lEtPlMs}XJ}S9ed}z8y=(pnd z<5TB`@4dg`_{u+*omx5&xumCI7&Zg>vc7g#b)|lS-Q*A|9C+)O;P+s$lkG>o!?TLx z$A*4!M=9n52A=K$3{a=?bv#G^f}2$W&_^8LqH58v1O77xsJ(QYet*3X$zqpOydpvtb(<XR6DD_LzV}@Gvg(=xJruyHH>4(75 z{aBQz3f5Bbx=wqDnJ#bM3B1H)x-9Y%=X3zYzFs7+MHz$Gd_0+6V!_x>O%<~!PzB{} zt@rc+(?wDx9?xcuL}OlE#)@G_{u*><8!|Yt|A*9(xCU6r$qx8@!JKsL?XK5tXR5ZQ zV~{svVHbR$j{Jn5-%S201b-F9Si)lE$gU%*V=s<}b{yylj+R(X$X9~qAdVRM z?KrrvYtkywfg+Zvkm#k%k82L!9sUW*iA&w$Bhh}RvzO2cj!@!O2Q_c?)4mwZY5b<$ zDk;aQruH=GiOdyAuHiqB08SwPaDGWgte*%Cyhe>j7}zmI?#89Yo~w$mj2x{BN$+Re zBuDGGe3i36AoHYCLk3chDgirsUyis@9WTq(snoR`mOHV3ohr_f%pPlPF z>3!F2qQi#kQxQ~x6q}jq4?B8}?SkDYHrT&~oC*Ph{gVr+ZZLmRz-!oC5l$-NeJHu%G=cfSPX*>*$z1}N zi+o1>tg-@fmm)z|?<{9@j^#5zgaEHw>Pf=+XuyUESy6v{e2LZ{tK>Nrlh>>&C#b|* zngVK8ZG!Zc^nPsp_rKAWG!k}P$yc9N>sL!r1FvW>;#F}wyxL}7Es1+odRo^cwVbbT zKn3R%_|F$!E%OSHtuNifRs8l*B5N)uK<|`MEoVt6;!J)YwY|8O^BI0~YDIoy^y~}E z6_|3ADg4KBoDq=zqudfcL%HRqoOr^f+!{QS!C=^%&HJ6W@*mr&Gw%c0U*AeGei>J| zaX8EnguF&35e~=;*Xm(0RRE{o*rWQKsurV?12irVK}kSFmifZ^Y1+oM3J-9u|fBP&2{m)MkH!TGZcHx048H~2W$zLGX886eJ|5-une`^t5 zeun7(3~O1Q@W&8Ttl3z;5F>2EA+D6c5=3T$#jthlwR|Eof1#?>6z@mY{s27C^%n$B z2%GU?Hf|RyvNf`z4{EQ+-)Se2ufvXq5M@-kOyoqN8mT3PbPe@zjYy28RMgo0Pzumg znm2{OMljP}$$v|x=D1?LHF(%Hu^zeBDQGcjDXsM*@Mn6j28{lQfhTw6lPBuyT_5Yd z7NM_yOO^Ax7rmi-E0z`Tg&~>V9)tjZFgQlD0KJt0>}}mG?5&f%)&3_=rTfEWy1zwM ze?Quf{&FYlXn#Aizlc9TkWPbsndu32nNkxt)~2+RHtNFzQy~58&%lxQZ;GYm9&rpP z9~}W9xkr3O_3LGhXkjdVc|HZg?xUds+xkPJp^%3oe6-p9;LW7k3lJ+<=f7aHZ*9Xc zU+;Cf;j=vb*Qm{#wl~$EZbGY$8=;_Vv6>GBsE}!y;s`xS}~QKqq=3etjxk1Gdd?V40yjKf>~LQeGw#Y3tvlTbo8f##&uw&8V&_&z`fLyo+S2?_!iu&V&R7XZOS8SljX0-5) zG+VL8zq3vU5t(kv(?0JxgpBEU?=*BX+-u<5sYyx=`?Jv;h_CGLswu-6*@gI7ymNv( zt)E5qCGfAnRyZ)dskApdP>IrErf?t6l)*g7@D6}Fw13nWDjXt4B>Z}2#u&vbj%@jDSB2<}*GVlt~f<$Efn1|gh zJsOEfq8mH)`h#0>PJ=$s+n4ph1Kn-=6~4|xOWC2U59ZwOp0^S|v6V`<&N=1BE-dZt z4_|@Zc}BO9L%$DmYu(`P`d9F7Sn0VsevtL`oGW}y>wHZ(D;(e0<>%RPutWCLR~!Fl z&UrJgLz8D^jLdu&yN@O+8<_~#H?L~VoMeC2`q>_|VePLN8HP7H7T|$VpAwyXlUvM> z@EGvDY5@fpeea_xh@UkUp=$bki35zEzXrfF2(ENc))}wC02ybJL;*?16fQK(;e(KC z>-}_#o-L%%Jlpsp9$ygVwX8j3sFC{`2FH5phr&5gxBr-^o1LcpQ#FbCE#Wc1a063F zSV`T=BF1gXP+7cVRCF_mA_b#Njd5Mnbsn~7IV=%ON5pbr%=wyMaFDH?uesQ^KbE7I zx7s>hvsR>v--tVLAH4EcAEOD1)dz68SC|^mBx}$Db1t-i)GhnN$$R%f&rikS>jbNC zaB($v*+xjB95uLmWHqk<0p21o;r1Yg;qJ^SBjm8K3~%sB@qwVqIOhX7Ih)T!Z^R!f z$?wE)j<>qyA_S~YamRvBIEh=Vrn1F!riYpROPOO~5lzfh(~s;?n}B{~O2~;RAxvRh zoKul0a~S7L$*CygBnEbpbe#3m>-4EAItL^czvsMsUU8qSMsQhSi| zp*1_a3Q0yW9pU^U>J0Z{*3kzwoFDg=lT)#YC9%ENfXDi2S1f!Z?=%A=^RpP&(*8x? zwnCyA)a}7#`b_Syxni{WTo>%)u2D3isat74lUVcRzE+H95-W{oA=5(nTO@yBsye3L zi+Pj>mjfDTuON_Je?38QE=>;IriZk~X5F2=PX4Anj^8Ofnj9K*zAhJb^g&C|e?4(v z1%&=Ld!s@>XE?M5cV)7L{#Jt;{e`|rp4;`hkV#=60P4xl6kq*wt1()LQN$;Z-ry_2~M z*$b8>OBeBmC3#aul~zR7F4kTNBuY8n5q^cVXwnIriVY-^7&$1)F%gTatd6l1*gA*b zlV}oy@^gtM&i;t5Kz<%zUxLfDIS1mbll#SHr1NE@BuR~7?Mjg(J?L+4s59q<5f?yG z2`7qc-1BzOrw(-wWEWmXQgq}7JJ(}(yB+GrzB`+8$?KAMVJf)iJ#LlHu*!E~`43co zlxGqkX@^OHq>bDVa;8cMQ*2xpnB!^huDSt_D~3@LQNFmV#^8QR#RCvX?yAf2o7gGJ z4dr?XQ3TH%PaL3yx=p=$pLUwHAkryxF!M8IFnUcji{Fmo>TM6WBJB9}GU&-OUt+{= z?nI6b$+05cJ@&kNk-ASZUi6Aed^8`KwAV;s+3sGx7R=9-?e6g{eXN5TA(gC7OvB86 zZ>a-w4uMlyrzZA?nj{6MVWKa|F2Juty=wmv@7*h=-Q%q;z6T@8NBw+U5yT%}=nr}e z1KFDkjI=B+Ftc%|N}CAs2lI>ccNXhvG68fgm}@|86Ob?dsV-(AH)EQs}F&J%iV&3vwjB*{PK6i zK$3h%Fi`Bn;Y(KLL$Uf!Qa+$@(IJC@cPDVrC&IuwskB&&tkBiKz*ABO7{E*_Hf$?H z03G=kQtWELzubNu3;$Vo?_P2BJ=OUD|J4A0KEQu9z&{D#=X7YUUCjc&k4-{+LmFHy zIG|7}%K>j4!y$g03&DgwPCF$r1L#_og7G-XKc6RnQIbS@qa181)x)bLa<%X==MW(8 zM6SyEzs6zub-8)1JxIz&=##muHZ`>zF4qOGHw8riqu_EWh%+pCb~RIhR1aP7$EG0rL3zB!v{)`z5;nMOsHGk|<)pN<-p6JNjx*IpIQ8>Rt)D;B`dK&x`dI)C{md)%?*X}L%Y`ZfGnR8G;hixT<0g6ILjOKuyq0%mBnOqO*}D z2^}XXmxy1s!y17;6e$YdS9wxr9Vl4h_{OG@>Z_%MKQs!8`TIwmWZ` zUXqvPEbT_G!Fl7Ir5$t1%Q_V2xEJUXpF~}=b6)1lU4kAs+*MEFTg;f6UgE9_;&=JX zcGF7d_#q7I2n8rnay|859@aIua^B$lJFL2%f9sZ%8#sDqNr#*_z-X{<>#yOFQvEPq zM1Q_N*eywls^=TFGzAXB)a0N=rNd~;bgy6!z{(seH(X8YmjlO@gv4{Iw(y*)Ej*`c z%gD+tC6j4b>i*~;8614{Wu@+m>tTG%7sAG&p$VyeY?2QP14hp2pOHM9ID7-V)_cJ5 zjYQHl6pA)H`9ThxiwaJEQ-8;CKE5NVx$lw(4)8UE5UE4#gGNq7!0IF!!RlO&%X$su z#rSCfxdy)pWOvm(mc#cB;3_f8F$i5w@Z@0^`#|>n`C>}saS3Uc+`t-86%PbZ-!h$s z6PGwyAT%bG_1OVfSGb>sgl9GW6{vpGtS>YeE1gpV*_TLjI80(xO60;)jl5uvs@6%D<6-*%U~>Q>wX;26&YY6KbODE#6m`JOX^7-dNb&euNbh;VNQ zUuYDdc|)oy+TVo3qbo6PJgjPRSAE4FVB!L@b1|6-Bx9{5$w8%wsp`k5B!ypL;TTLn zqmkUPP67IO62!v|9(pkOzHqyaf$Y##0yrEB!R)fYCa2npVQP0&=xhJIqDQ_tL_H$m z5FP3ubr-Xt0$&)9?PsF1%%I>FX9$ocJlg zg{c|-?I3>z0i|ac$d`5^)G<2%h}REde$vrX-Bkw(dB~e7@F92*BeOK`zLDc|SG`S4 z%xn)#F~Y!lrJXdEO4|#DF2*yo@hi3g?6HkUq>VDRQB}qIWvoAo^$il=@B-#yU;3H9 zge?3#y!}d|MN#&_TtVo%R4J>bSp~aEK@XgpuiOQjQ3c^px|^3kCJl=PEs(4+%iX5O z0kb^4?@hl!=nYP65Ke^dJ$q-zpw*K;mng0sFmYvRE; zJWyqJ1DYiFJGq`YSN1y)v)NvJ~5Mh1*dA*3n1du@t8bVVwF1l^@x`{{0p<5fN^;E~iX zoPZ-3_sU<9IT~nM=7@Y4QX*t9{;(zkFWdG}?;<=n0=>dqKenZ}*BnsrKp$t)EP&*2 z9KI6PU~hpd6r~N+=YL6{+BpemGlN_ss0)n-gl4AN0;o*=@*{qzsq`vBE<-JykD=ff z#1ldbYVWaKxHXfsmTGz|*RY9AcGHl#(JU3h2%y+*Xsl8a#-LTrI2wyYjy?v7k%DG1 z#aIk#{1s~a6>ug5f|-9po=t5b8bP65b;>?GwG0MLuf@LbH0nZ`d?izv7Vp31iwg6O z2{WRv=Zi-Hoz%MD&v&da7Fh%>lPTTLRsroApiAaL|zC?)DTp>=D z8)RYRfTe`BFc2)z5_OF^!?0sV7J|DSZq){dE{}mq!s5LscQ3}+c!fomUJ-|0wJ!x> zvryaIP=Pl$wlP3keXtAqNK5VC|D^A_cT?nb>t+&P#^_ zAS!p@b86kt07Qah<(PZkE>Xj*Xb#B&Sl2t*_X1?htXR)!OnUV=f36LpH=i)$5`z{g z32k34gSS%Bu|BI|fuFt(a>M^xDYsCt=$ z4SpwPoq8HKHIbL)y#@OoFe3r!EAg#@HiQpGZ)YYk72`#4dhO+ex16UIb&GaI0RQU2!CoQm_X6iM73J`bxQ%@YMw+%{@<+mU*>Qs z4y_bGF4O!D|DAlyc^|-(nU0uZ*eoTq&&Wu7o!r-ImkWqjxEGCDD1WWVpHT9cHPK0$ zPe^8+P*NsoprpwNS6x6t(=BrvL|O)N51<^KN4894vIiU6VUN;q@{m6=ooPHq9!@^r z{Ps{p$W%#zYJ^xLCs(s7I!|_}HYdkpeq@O}uGQ|PrGe3$%#X0FJwL*dW`0D}Q!A4s z25=P{2*;C}A35`@7I;cH13I>a@V4!vt0~>$@?S{@#T0L4#85f1$P%)6UUDyS^KFIFGKRT0_kt=V>+P~e6 zPB48a+KDTr6I%0#e{}_hj`fWh2&8nka>uL{h1Q}BZN|qx)kzt;1mZXGFA-0Qf1pE# zUqaaEUw_B1<`N~*?4AxDUi*)eB4KUh=R!Q%CL-sb58#0oLEktr*os3-L|HFOTgWR! z5U-@9I(a^V2L9r-<#IDWjf+o6<7?!;Hf=Mmr171&LjGuVBR@#>@?!~p0J#SWpp+UP zA#%0PkNr=7Lh6+1Xx+X{NAnZbbTpfn>F6`ebhMNUJ04?W5AiUEkmJ@>Q8_nvAyAx* z589K_x20)q&(VOAa>{3VlS(@DUo*1*?#MA=8M2eNh}vro|7K23j}wTIDm$y;a_edxn*TqgWUk#U$qwViX94?65b&H8?VADr)%=&#ut^d_w}`3)+!O zaK&oYZ)qMaM8^>xUV_W||E6aA!F}An8EO$ZQ~2PtREYNT1{zS0EPU9=T3>TZDegk232=HGWY3uew?E z+j}1|{xCm{1u3qIc?I-};nU`;?z+%F4(LK`goVmu3c=8Xat=*{b~>WkPnJeMnx)J0 zTP$D0YuK^jD8gG@{9!Ey^o8|@Rj1bxwg8c$5t%b_-M>PsZ8-IgBVR*TE@Q4IN)%~d z8L0KChMVMTojC-k=pvo}nb}f5?&zTPW4@&y=RXVKiQ~0m^y5Wmx0Ifx-N8`f&hCQd z$v`Bk$W#&=h^8F1*_UF~AE)qfluP&qEU^^VYGlvJEwbn2itIUFAz^f}sDxqhSe9V< zC`%wEN`O6Ivkb&uzT6`v3RjA~Lb-1y_K=@t^ z{8{_lRdeB`K-9ATks0{?-^9=qbmiz4lrHU2iW9eIxRct^7wauPsJ@vxV+h4({0#(%nLq5Fe&j*k+Fm-}Xd7bs$ zm=3wAJ$>5`H2nB`lQ$h71y-Q3cn!>f5^3N6Tg*>EjSMm(3Go{o-9UB9NKWuL>-(y{ zbyw~X)|&(Mctr{bH@#<6e&P4QT}*?{>mHmbYimvcXe)2U=IpjNQtb`)E6&v4_gd)oK{Z}I>q6MZ%^SFF2 zmVFXs)jx4u1%7XzhkoUvUxDo3|5(dUO$!{bb>0L3eWWwHY-u49Xk zzrIXK(SlC!BR{{u6o)Pu3yc&;TkUb$1-^4{89PvrP%+0h2Y=egBiYHTTI!3 za9N-6tM={Kz0Ar}1KAyy91+fuRyIC(j)P$4Vj*4W>OdT!=DRERF7 zW13VMEKa#s%`5KLn0w9DmIhs{-$M>kR?_^^?`uU~M&;m6zOC3$hs%0S>xW%?Uk3r# zUVD;auH(Uz6LaTaGaGo3@&4lhCqMrGl>fM7G+e$_0nit1Eesg(-we|1zvDk%&Bm_c zVGSY2`7cEU>BwIi6UY{%7j$oF0k!TwP8zI$#F2_Ch$CHY|3BnEPB(dihiR!` zoDH~QoJnS!PPzVH<3Cn)i}fGBcVJBPmSX(Jn^EF_(0@!b*?OA|ICpAr*2(Sv??0Z5 z8yfW=YvcXLrP%m8&VM}Z-|-)NFFh&$an?1|f35|)PUJuC883xi*?p4!<3`=+Q+Fox zA1jemk=TFSzOfR z^k)dq9+1q@_-ehUrSug4u}f!c1RzEMeVPRRJLwThB2Jq{1xE23r79W9s`TB1Bt|528=(MK!5(VYe z#t%-)h=P3_Srz9l+Hra72mQx|+JAgb`;Usm5L_k^2L|U4$h}S{XM`#VsHXo&f01)e z9$XoZPr+5(M%s_^g9fDh5Q{YA$apSl_6(i^&gJxsZT4L1(*EOxPs4v4Ig?PK|M=p0 zq?CC7@xcZR-}sNS_&dgbY+!d2_>b^gbVvZ!zK+P!9%dE?J;<+VK7?!!^3&71nE5mD zA7>i>5#GY;v~pGpVS1Rm-bk)QE*u2~^UbsJSCO zk~nqYPdAw2Ut180nKZn7&vC)2Gg3kK!H7KGpyvhcec|EK}b}DvF&&0jzzKCj2el zmEQF4YbiqyvrgWD#PdDI|MaN$@%Ds1=CgK#mXG-i8w9UFsKoe~$d$2t%%8x=oGR52 zbQos)n0msfJ_T+j{l_8FFa1zm!kcE!W+8yK=Mot2uSzCqudN*{Ptz@p3r>qMnix;B zShYh-$bUG;#(JT^!am@uQ2p&&!Wf?BW+?=CfQ;H=PaF7|?PY8TkRX2aPZkqb^C>B4 zyPBYA_~>WQ)l{V{WxULM^&p!zUMBqXW?tsMAVA?|ev6CoGRZTli&1|oN#8KA*Wd~R zd$Zie=j+qU)Wyt-#%5k6y-fOv^g1=~>j)gJs)c+GFLMdog_o({*NT@K^)e6eZN&zK zi}5n2{}wcSmG2}4of&4~TJ^8e! zqGGc0hFCEP!Nn{Jr&F6a8Eny>Z^2NzVDc)6qZBZu@i5e{eJsNv3%r0$UU3ACBEdd`FkrJ@rpwP4NV{c z75H1OU|G$=iv?6Pg$OFLc7c?ymDzT(b`kDtpf+w;2vcU}J=C=y_lh%Pu-1K(jt{P4 zY6UDEh817oZ*h)ng9cN!Xbh`*kQ>4rE!l`)KO~`mS}@}mn(4*y4esy(Ft zaNu72HQ4&hJ?}5#e@coMv!_Gjci?j}GuvzNlXTFSOB8l^>foSlW9B2qP%XSbWgm*B zMRpoR8^U$|dU|SRI|*)S8Z$hfpaJ^mr5P?&)sCHfJVncCJ} zH5fz2a;(8aht{~O`VzP(P>4+#N{1kN7I`8nALreLR=c6Awi#L9R<~D(_I$ZbTY2zH zQRIEG?;J13R1I8&s#vWWt-735Ar{FAWaT32-^R1GB%<`7BwC0oB+(MNHR=miut+8_ zxGuIp#2eX~#VL$DXp{GraH2$@`g6)vThUn2rOjwABx3+NB2Ko zjHCbawJt=zb^jNe{#)G^@-tEm1Hk-QBPODy|7W59O#U_ORp)Ocv_YP*_DTD8TsK6(P#Ook)uJ7n!4AD_u%q&DRP)8ghtI2*a$l8p}SwISM z2Vc_~U+^oDpAdJDVbdU2{||R>9vD@1_K$~UARuwV5(q*xXwYa~f@>nAOcZni6N!o% zKx?ds(W;G_ND#%uNo>Y(G*xV|&~IbaN?WY7QVik}mO?-)0jwZ&NnKA2)`(jWmG9^C zJm=n-Ndm^U@B3T+NbWs%o_p?Dp8Y)MIp>hCzA^~0-Z_6Szrr7$>%(3$9A(pV>(oGG z(1u{{fsyj9K&bBqu2bzp1Rc(I{J?(bREcaO_w?uNE&n;TEk5Gx5)uBQ9bRXqwDW~_ zkXdCtSmLaSn-M+@ZtCE&(1M#^m0^AN{ZkUZGf4UtUw+PJZ;;{fj58^m5+3wAIaMVd zICv2V?KWf66ssv4zlE|#Y$X;q;H#L+nCx9N4fue@9T`ONiXg zcz_5u!Jkp!nX|%Ayhvsw0B_TX%Ptbt@`AbpOLpGT7ky zO74HC@JIL$tU`H#E-X__)MJ!rF_Q;SOe|-4qb~~=EG?`VLF^gm*s^VhL7&eYx7+M` zf6DM4^!^sr{e|K z&yUFqFx@Xp^=~{sn?r^a_YrJgWdpXDg{^oIIp4=^GS}hO*-8O5Z%?J3^%Ul;umlc* z&&i4}&anZN_(AgMHN1kPd$3lRlz1xq)t}Ssjcmr(D3{T%VUj(+7>BTY{~?u}MYIp$ zx->t&j*?SkGC7pAt{f{3T)hG(FF9V~3vx+8pgE>H<{P3_% zP$g5r8`FE2?}9YWnJ}Sz+re64R=~}~4NrE!H<6RmSt0t0qfNM9@kW@Am-OomHsY>; zUyIDZ(LuYs_dL#C(bJJ1p1uhP1~%q=mV!|v>OndWrVt2iGS||yg{D8*d5@CqQ15Z_ z3r&{3=B>_)8?TsdHICaIEg>|RyMBHqsNclf2coytxcvqOWaaldo&SS#q1HvZ6dGkZ zF?aOewX6T`Eb2H_dz9-eQw1(!uQ22UIlz6$@+Z|Q52w*evS+wVGlv~tka;`y#+@Sf z_`%&_8!FZfhqe5rYCYR)DbzOBK2wPvTr2x!>IsZl0%@{A_RuoeCpmk)5mBy!$CC4r zoc-ZJNUJJZM%wcaM5#3E&!Ez_Yg{T7h^TTqPJ1$?A(mjjGo&-Y4t%>4!EU_;1j`8E zyau#DHvG)#Ai-)dId?BX7X|NtV<3QSCxM(dZY$3Z2i9T)RdJ-*CDTF$su6Wi@soK0 z(aXF*8wJmSuRzAYYygbSk4XC7X655IjVOcJ+sJRYuk<6uzuhQzM%3trPbMeG;_i@a z4FoS((*;}EtaKWv*lW3x(4>26EI!h=Y?g_^*Uq=ZUz=az>VxN(AX0IF=#Y@{0CsYm zsM>IxC{=gjN~zj{>m+EnM#{R;KLGd+lsPAa6HQeCpdNvCw+BLNCWW>XV1Q0Q?h7&x z2psv@=kxO3^aXIkC)_cSw0nC~ zgG5x)97YWzD#^!Q)l2J=k|IRc0PMPmr`KNw;e7D%4E;p6772jkH;ZEJ{2Zabg?}X0 z+Mtb)H<){i7l^C-6L7?rmDT$xtMeIwfwXd*B1m_qU3+`kcD?9fKh8t{zn6~uYg+&5 zQopkkjz@qE<_GkA0*Q}WkZL|`QS2yjWZ5Nu1ZfT+OAYv_=3iKg&5`+jB!qwf-t3LMiyyqfEV0?)i-K(2 zmJg>6cBEiRijbYx&l8t6wH;5AEG13PUBNLDzm?WY@+)O#5d9oB-ajJ4RQ@0mYX16O z#j#@GSXvWU;?814F>+$^mu&N^GX<#*{Dw&7Y`lh@pO(Z?P&pWzuAr}`69{I{Nxj%NpH=-KKwQ5-H>*H zy4NnOe47;8g<5%AnP{xz;u7u9O@B}-5in9oV36%l>@j$m(j`05VVj>~sMc_z)Zn;2 zNCyL)D%_*+%-?iKT$OIwXUI~^goRNun6#H76D>BLSxF&CriVD5w{T&2P#3LHe0E<>5`$lx3S`X{Kw$3X|T@o^_h`*xUj z|H=`NMT_?bvP+#7En?#1Ruj}+x%e}OPF5~rhvrNS%`c@McW6ezU=aInG2e(FgGA^b z<^kTrdWabwC<7cGDkc$+Hw9z!{uMGdeZF$W#xFI;khb3)8%x?FP;W3dUEpNo6{`T)Fw ze)um|vDI-aDN%_p`CB1O9f?n8o4+;F%^s!s9d5e_c2_!WW5_@JtGzs91oVpG_!Q2Y z@$8!fFX{BlrI`hSbcw8Sc&%TqBWnEvSWc<+gSoQ~Cg{cciKu4)>KJIAZQ$x5p769R z0Up?Pk7^ofpG$yzTpQ@~%pzW7bAcU9z6{D4)ZD^?aBuI*+fm6a1HCJ!Bq9(=?Rnh#^bVAE?O9V^|pOmpJiS|UL6qe{#B9x0!ruU;n zp0ALdE!5MZJ7F;Auqv<@!nvs@7DPPhV?eIsX96(*UWsSH+$H@u@DhK?eHS1zx}*3B zXa62I&dC0~qwM}Yfs1&yr=zl0SEDir6;>vnWYnbGq&qiRxbcS}X^DLm$vDCnu0Nmf z$x8eb-GTMyaCM=zi`nrF0f|sU1q=x_Q3>1JfwGs5R9j{MBg^{zD0~9pV&EMYoCBYV z-(?d>9}$gq{KJf8&w?%l*Us*;**LAK>g%c1*<)bXMb0QG0_)59xO}pA@3d$z;PK=1wSs&fI2(L`z&x7}{4 z-e5nyf+nZdPR|GsMGGLQC)^#C)XO0Q%@2w=pETqm0HyrC49UO$c%qR1tGJi7F4;o# zbYD((?5e{3uPb`HlJ&#CLVY_Dvl&%3-hW>eOr0&e{SxQD>sCLgLD*V=jegkDSHM+1 zMTXYV7=EW<`g?V1n`F*lg5e5_Vy6^42S-9i$aBQp;>xKaxJ;!jx7ad0)7X=ljf?Eb zBs?Yea(xJkE$`7r@h8*(w z3UmA&x}&~cn%CofR1RV1VG_=15^J0Cq|`jtgouBooB#--74lzr~a)C8nvDqECe#z)Do^eH^ilqqdELU)6UQxM%Mfaf*oQ-P1>=8E!&ob3?VLwmFw8mP@{kT4?8)vcV zag#(MhzXqXqxZOXqY`gm{F=QrJpMKi?jy2xL;)O;B5TF|^WO6%pbEmhg1PkxB6I_x zK1{0q57X;4O8o%I;trBU85s`Tucr3XufXLo9WhJR*m#CD{A0xs+}3&|u0lOD1mq@O z_FxpnL+oVT6>EYNBN)Zu8*&vQChV}kR-HBkp}Xg$UxD* z6j$FgDT}a0jG?FPr z?4^+F3Sr=US;2HMo-{#l&cB~mlnKwWHYy5VFZdCKUuw$^Jo!HZRm1~D;HU>Gmq9*y za2@mO-VqHOa)L&voV(#CC2Vok`chmFMx~KKbA&yBfe9_1vHvYHF+>Kf<8v^vY%(#Q zKLWvs*UauOKunk}5<16(_Bh5Qfi=T#l_*zTzb4;Mu=`YYVGIZ!J0^sWj>!_cnvGqx ze2$4KWPO+@ju|JaSjz51K_3HpnK?;TK-)$&Yom5b@nA7au+umzgk=jVc}2N}S4*|R z$&%%hPKZ!+_rL5E2QXEMrGP02ACVtEH>)5#3rbdF86-m5;nS#D!MArkeusK>4E}!5 z3;$;I=FwVd|GFR`qxb&ZNRaFxGqv@hKPDjC)t?}FTgZ_%vU}G{>%OS%G2!>r`luJ zak`e1wj~{AZsximG7}@D6`)fH`u!i4pCh?HZzx9~{UqAcY0v%kFpMx#9yf6b>b@<1 z7ws*1C|h^NcaZ$=~=0FC5}YVBkT16t4cIC|Jn{f>v3TC)&^w%Zp(xH z4kr%}ID-8S8cgP)3GkTMbU?SIFqI#i5C4K(<#*6K92KOJ>-H^<0c*U@7uuFOCZ^PX zeW&_CO%wDZaz3r|m2AmT^hn1H+TP5t4>e$;`Ps``4wy^qik2Y&q$@lnQT^b$YJ9R;S9&0&%-k#CIO^kZXY}0 z@xRNoliMfL5t4dvufkz+*JR)I`_EcbCK2Gd*KOc5~U# zE@Q~}BfI8Ov&kPJ#d#;M=`>+6b95_^opXdEsC(abh*3AQpRhyPdiEg^kos2zAQS}` zQbt$pNff5KOocG?FAC#Y8%m4mgez&G2C+f?N*7pI3Ap-dVI|;7^($MhDyZ|r7yE=s zBhL(UH!MkEc>zuqc*pz)*64F8gWIr49abHzA#4dmyREL_-phc|ES--QfJ#3JI zL7egHgr(doVWHj@Dnves#<75v&|nco@2+I;%7q#*i1?%1gr!0>tH1}t&)-FjZD;vB z*-h19<{?6f8N`lvUdx6_h264x44!gAiz`*@i8>+-IzK@UU4%}Mg%Fz{Y%OGW??d>$ zJ$qlCYP^?e0{9;N6JdcQd{N-v8~q#)S1!F^=l>eW2G{%L(B}f$-znTqs2qZKIuH z0IEG&-%P^9y5Igl=zYy!#QYb5@b&2d=CcpIj@8StJ8gd3{G1)$n(y_Ywt8nmUT|Ws z^5Oa6%V1#Ng~Wf5FW!63!jFOQ+4v2Sw{OZgAcs!?a;KPxEbYWX6-UauGCtsw#F2{U z1;AaXE(M|eCcsd{n%&+S5>2qZm&%}G^GPY4N+75@&UL3u5F6S#a-A|klu~usXBJC* z43Z(6AIk{lWn$n!EnE;|WKhJDvmXw`VT>G)q@A<_v>|CAZeg8RAC~PoMc676vpuKC zT!XrTxfjTH1)>lT?uriTHRl2%5I#DXd%OT8214mv<{Hi@H=eTirWwQbU}pD8OoS|U zef1$b;x2Z9m%2N2wiC*(bNS6XYf-{FS0Fq)qog2wVnzXOk_&3yE*nsgv&UOA0OSip z0rB+*RQrYri*7^k=n}u&ER}(9w$?1PAp#ncJnl0jF3tx*hqi0}nic}v9X0ZHB_8DC zG>rW4mC5Feks^gJco^%WAPfFR?kij@;#u*xVF|0#`7ENpIk7yz@6{7_sxf}B_E{bY z6w>x;j5OQFGq#D&p_jWhF?MHCg_Q+l>LlJqT)}#qr04{MXaEQ?R>A%^b|$HU`^b7m zpmwNt=9MzoAx{qNnav^bg<$@;_!ur2_PC@V^GUir}yPCLf`Yt`6_=LWdEy z{ooLc@P)R6Gr|WsfZ&~_rdEcsD8*yb?8>!i*YHfY!Vu{VeKHw%>o zb0aKaCtXA^}Je*FGHIpHQkxtwtK3n+EV36m(Fgd6S` zPs9hUAOElL!sCYtFFdENTVA+y=RtU(`Tbe{$?;H4N&xb}y7KKkK3 zGs1y!jF9$`&$W+aiKJ?ePpEjAI%;7bsjWlb5;YKt5OFg?&=moa`d_iU zvBG+?t7REPth`eBUm+6HO2ZHW_{`(ufh4G{B$%6Mi0UwxoK=%Vs`;$hS(7f&`&0(> zAgz;yi+Coorn7&(Sv7Uj+z#Cdb;8u*GDejZd*Y8on^RE>#9q2IRSi0-tTgEOZ3R;k zi47n)O(2R%mNRX6C(2lbY{o@aAscZ+nZF2E!U;UytG8vsv!3O+(zQ-Fey^U-;jvvR z<@i8W$=wa55WHkMBwHk9^6XT61X`jssxTKO?yV<|D2o1xYL4$I z7&KotlCZR>#G@;!DOy;|H>ol+jJ8q=&K3t7!-jD!rHPY`v4Ao}Jn2yi?@NEuGu*rh z3@Xk%k^O~H{5%PQ3idm{OA|$!@n6T!)&md&eHpf?_*wGKzl)#0U`;>!*=7XqnbZCi zhn#PJsGR8k56HRns;9%{88TOo699`18d=G*l?-3Q)h^7umNu%V@5D{khD>htKxVI zve@+cqA*^5-@I@ zC&NV!;v(<;Cr7E1?OZ}T73nQ}(C;`>ToW`G%9wRk8~3$=%3nL39ZUOQqoX#S%6boK zKaWLS!Q8{;+uhsGedN1HZ_(Pq2Etm;qWvuSKab;YPX5n7uzjL4z9f*Y^^Dnbt>=dc zWp&1E^W-xqNt7t(s&jse!(lrkzeRss4uX#&1-QTmqm)9Ui?Q6unW|b(Qhn-B%pow~1A+nZAF@B2;MWljRkwsWnWKoz>sPgNad`P83$gOB#KqKL8!!-Ni ztT`|^&-Cm5hQir24(sfpRW{8EdXOjCM=;VBe3cW5mOl(jPe2l2(H zGHVV9kXs^?J-kMePWv9S;BYy>>P*3T(d^>Dd8kRcCJNHtE1NLN_(_E5NVG{LH|MnqHPYhfAhG|KayscsA?K;{eUC6Xw( z#Btl|TJMp%hO|a~(A>hJ>%fQU{;C?LycqXc>qER?@zrq@$7xX!&)_Uf<9%85^MCqR z(mee9V85|PVV9Uah(2*#%5m@8`I`q_9=`5$nZroh73(;EfA`kh%HhKNL8H{Ad$aZy zRY)o{ULl;cbw)JQaPm(F+4bN3jDH5A2!;8G`xWN=e!|6z@8)iRGW^6G26@tEjW$GN zH;+%6gee*IJEa&mxXcIcE(|om%zp~) z(~a!@_;ZwSe$tKdUVqfTv!l&pekgt6AnF{${%1N5B%j^ut+`z%`Bs@^u9vR)J!{6| zW76kWfyZo1;6S!($k97^qT{m~kLx(V;P8i9Ni;*kJ!3uhI;_X8?>(MTh$g9u@+dY@ zKz|l9FSJY}-=Lx}0*)^J5|Q7!>O=DJNf`?`xKd>)lrn-#a18*Dig6Xo&R~Y*hIWPA zkerc==g!Nbip!DAVBw}LgH8bvj{VJzI`{G|l2sW(Z-OCPXpuDY}#A}%Q&YZ(AZ%3Z%4hMEGGd)j#(nEU^&TBd|rbM!E*RPvK$4wPfQoG zL4s3|Q6#V|L5wI1>yLrw2*<*6pkv{6yrU;T$?q`ZI@nLU{J^*%T7yw>n8{XEttUQ! zDeamBJrDTo$NsRRxL}5Dm+4SyQePqyK~&BqIF=2;I2V;7!$Tyk7ak+NWpeelGOV27 zWH4oVNN%&M{0}?{n@4n#KWI}86=~P?o|HZMdE|S zJq!SGPXe3RR0cNTDuGQ>UMM)LQJRXk=3d!E^%h()>qd&t+hFw-5~R*qSFq@;6Fhd-+ilsIbqC&=bqC&=bqD@Gp7lC# z(1_>rLKqH1P9Rg~LfqWfiT?41!*oV`z(pD0)ioRtyT@sW%l{!-1q~f)e04Tkpq7}V zfKgzNK|Rr(lUQ$yq%}NG{K7dQ?{a&D4F;v0ZsycPJRRqPGH*SeWUY%eohdtM>Lse@ z)N!!ot?&%+c!|UF%)2}ZwZ36~{3&DtYG{%Pci`q>(fww?f~Gyw2njm(nJ0KmN5r!r z6JOq!NuKcizi?2J_<=fBfQ0hN!WOLRahin0Oy^dZLjL)Kxu?i0vT01d87j<%{*ELI zR3rF={^L>dp55YzL$iXp9k20A5C=uk{PHORH51$AcFC_0WkpVY`F)5k@vfYCb8XSh z(Ao;|3*^(xA`Eb`KU7*A%ze^*#mW7*fdMHPibffVDbO+eCG1&=5EX)}!q^|SQ|zDB z*HTSzwhv=_63n_MFQlemeMAvY>I1OswjZbSvs|haIDN^C{2IF}BT1*;PHn+v`k}&* z>@>^G}bC=d1?s&PEm&| z+OhPm}kh%8!?%g$!rnspz!c+(0)5O>MEzp>^#;{9P_=^mn(i zMwsLiW3o_^z2Ns0E^@Dw>Q%uvzh+@$tetL^_K4?#zd|=Wo;`}BoznoWBTL;slIn#{ z8>JInHh12JDucOK3LJtzZGBkru8Z#Oq_JuWq#>}{PZL-WaTcw1atd=Ze}nIZ@f+4+ zht7?TxfVO<(6!j#`X!*O#a?1Q)*g@Z4lT7_|{)e=LH2gu0p+&FS_MPvO_*T~(GC!|zUDC9k=*(ACl-jHR`OqK44*Y6xBJ8bS?%_%ww6H64b~rjIdhSnrP{{e#8lSd1iX z=l$<+U)K|3$g@DlGx5-?{>)FhxAT%h+yVprGtvE-YZHMERePv&cHN(8c_5IVIw<8| zF|M?WL~KG|DMgufQ3b9-dYm)4A)d)i6VWK*sd+Ei+JB4Fqxcof{qhygO^^0xI%{Fl zn26^z)M!q=8DdT@8D{GsLrM@wy>?)M~QrLL)uihDpLDA$RZ! z!cMg1M0A~H$}6mrCF3G;O$Z&T9l18&6L`S2*s{ns%OJ>L2`8eg>_UciMbm7A|6q-g z0irCfujIX zCcrrt>pc5tiYk>+b1^Alf;^(Rc=eI20sA|Sq;@#zWzL%fW@3FbYB3g>QU8ZD6?K8O zZB|Cw#D)NunsEgq-6_R`?~P35xMJK0&hbsR_UH66+CJ$ipFI(3i=NqX1*P9O$za1_gaFHiD>4|PZ#6fH7mr!63ED=e}(DzhKs#m*B~PkUPu13O}4(iueaU` zmzPX2K?__&j6P=6N?&>tGp~PX653$%k9d=6LidC<)W0asI`hJUb;M^ z&T*t2{JMPgxC3p^(qvkHu2V;_1^!a;0Pfio=ML4XUX^1H+3D~M}HRm{=>X?#y5(M zkPow7QGBeI%Kyu|Rk1$9E@kuN`JkHrJ>P#xiVcJZttGFj$Gxc&AG9hDB%Mk$8KhGy zEr*1YD;NT=U?CM!UZ|=vP@mu=oh)8aCOpeNT&YG^-vEhqD7M{+TpTiSRHr!Nh>o$@ zXDPlA-(j|l2qu7@j}}O^^GF0*|Ag&zZX%aY{$%laqLawwYcuWnbwz{cY_{7vAk|vmYGvRFfD}3a!(XAEc z8VR<6oB|S$y#Nz4TAcJ!NnC!ph=2| z!Idi{7q1ZG3Wi_-l*t4LPNFxqOn8<%aE*m;M_*#$J8ap3PXzo%WI|w{H%!Wy#(z_L z$x!oCa>H-P4J!xDP9+PFim}aS8tGMPMJ#&)0LTSdE1e+8xP}I0)K1Un8~P{^+7O6f zvnkI1EC_8j7dQ5n(W&D*z=cJ)VgTx;h$twz!aKw(20+2013>WD0U&(r066gEiW~q3 zzS))?_!g8!PvX^G4aHWF!EI$^eTt%*d64xGRrwtvBFjWomWhv!VB(O-@6ex?%X6Dy zAKtD;l%x8S5JJ^@(g*hw+x4SaG1={wJ!#e3N08kPvv8L$nEPHMF&dd|ZQjZ-Hcudt&Q2LFWKcEWrmI=bLzxD6qZ4?os%_|YpBB{jE8LYI&T&iOOEVm>QvxuX+&J-*G~ z9e8K{9r$lE|BRT6op~7+en4(mv)pu7C8>+g9UUXK8hAeF|Jhb{iE<-kNW}i+Cx|~- z@SQ@976>SV+$pk0B#`R4c74rVvX?8UOtWz2HlS<2E9;<&#Utj zgI+9ys7_KMLJP_qM1sc-dXX*bpzG=h5kV#eh|n(e=<*2>Apvb5u`R+#$c8eu>27Y@ z0wSam7;Q?&6>Z9tV&`N78b`o3)uRr!iQsILGqG8=+}$iN9a?mV$YACGpJsH*#=aSR=m(p}YZ#~;;IKaoL2m^xs3H@;(2K2BqZPnt zypQbw%g44oO;?u>J=P9&2az$T z!`35lH0qTy9rv@@u@2kmFvMU#Zh%W;z8Cg+ByHg@9sTW%)$F_kO;Ih2*_KpcUPVp8 z+-IW@u;*eGw^Fl=-=doEAc0^X#;I<6pQ_uO2%#jX>Uycnb?xal-KHF&>BF0mzd82$u(R-jWo{45XU>VtuM-em4&~<;WK5 zneFh=oxlZ@k#qv%YoM?YZ--k!YZPxD^0!9cm%Q+$ZDgg%HK|CU!#+(pdYR(jJ%fIE2@Y4hu%d}uWdVt%h0>cB` zM#yilPzsal>>1%H`0B~&PJEbx zNRp${zGO94IGLMR=){SOF=oTDmS8>_Ae?yM&mB%YP3jg-T!MzhaN-h!WY8GklcEsC zG88fAw;e4X1}9DwAcqgj`EBR%HxdZ^t3P7eWp{)?hALWgW9bc<2+&xI&-UDaC{3#EI$?1dr7xT5P$2 z??Z&v%eAM5LOY?W){~dPP-q0deP%pR`2JlzW3A?$*&MZRR7Ssj;-C2nnm1+I@Y zL0&0~J@GI$Yfl3h0a@&FUcq8{rTWq?&!G`;{FmypfoV`Mmvde@eE~Uhx3Suu;;z3C?j8b z7S=~nG0rX{Z+*n3$0~AKSnS-C;wI`KL&(zXg~t3d{TT~odi&w3t7hN3bs&|n5d=_oM^=+h$?N%rJdk?K;c+;zb*SMJXLP7 z1)sGqw&Mz;5m~WuPQ*D`P_ZuTXOl1G;7B1RUz$`qJL9{OfoW3h4H>yewIrFCCLu@V z#JtMeeF@H~>R+L9M@=*XU(gOG@gl#zi82WyBH0Ekl$g`m9T3t{P{bL=L#u1^E3s_3XI9jen}fuhuTP`i*N<@)=Tl=?l{UN zVk5!Xs193RYRieZ3N{`g?gxAo0AP=qh*QB*+yQPaI@^!a9meScWRaEST{k()vV|5I zLsG%OfSh8KCocN52lykJkMlrefbGfwl%PVU?BUdTS5CdzU$bcyZWEqE6$!{UwE0Dr zFo%bq0DaOs`E$X(N{ox#)Hyfx94RhozHF}9AbX1SC;Y`@yxlgo73Uh0JHoA)wH3; zQ_~J79d&|6tQ6z5hpt5s-USk4?kubb5WEKFr`pEl7ipwQC0ox(mHU@jrP7VSyV1r~ zxTg{HWt`RsypY#`sg=W7Ha++bbk*q@-{txdf`8|bW`!EUI0XvMi~P_nrNP{Bth}y# zL;!vVA*#^K5)j*T3X*MY)AECBp)__N_qVPf6T}>T*A}e6S(wmfcp#m(+m3Xf%QvFm z)Y{9g3WSf##|kdu9iROzyVbt{qg2#3GC#N;1BMU1$Fw86%x};|sT%&&bbK@+n0t@B zKnH6oAGD3g!-%?{PaqCiMT{#!U0+9n}9ZrqVg>s?&A- zZtG*HPCouK+~ieH*7%XUAU;19%NeNlrQgVO20~Y6wpFlNp60a6thy5&UfVVYFPB}# z7x_-vW%;2$R-&e0Zmqsn5W1qG?TGx~pP;>Av_6#4f_=cZITIM2EWqQ1%j5+PS0*3m z0rVWGEr1P#Z(v52JHh;K#QD?(H6Jh~%U9l-8Yr3+40k#KYV~+m2ym%$^KAu!ql!U~ zA^o#LZ}K^kLzZ>oUUJBGSM9-EdQo5fa+0H!JkY;S%Yy!W_!jHzVA|L*cmn+%IJ)pSV&bFTz!3q}iE~oz9KH4Hn(N!obQzT|D|r<}Z%i^qR54xJgMnT_rQJ>6JZ5b9{X z6*xJ$8leiqaFZXrBO^Vb{AhX52M;WC5ul4Fg*M;?*mpksfH~L-j-+$&{s_*2>)09f zF5FeazaU;~OhH}U>V#zC&l`B{g$p26iZ*Bn)pE2K&+?bUl6srLj~jid0=m(c&TB9? z_g9<(Sz8xi8t7bGhth$NYrJkwG(*m2BsUnISWX z5Scpqv6qvrv(_IOJ$zgv*5~@adZ2BP4g2(zjipEH4dnX&jJ^kSdJ!6KR*u1(K!2PTu~5yigmROmJGX%Z3FPD-ZEn* zcP+NE-DUtAOYF$~#d}93yodoum(UluqRa>Bid=Q_kkPWpFE#`Yw-ujn!uC|~3G|P# zAaEC9|MTN6y66jqsW=`iQh^Cm9gFt!ZKPkQtTBGUImg8K1$C0uFX&^;NyPJ`6TpCf zxh@84qsRdEbqm1I-hc#B%_8hd9+DC9Jn$Lvi3~(bgSodp#-@pD5b`h@&{tumutD;& z>l!>yfPwaQnTXy&qCLK)PfUuuWOHkYgK!An!TLk2i_j}jbP;~?OMafeIlDYQF8>A( z;TrdqA~{(H*@-3rwN~RjlJ-&=`h4hIeyCxCD^lyIlT`Al>oA;H7tFm~s_En~Yy=q2 z*FmIxfYsqeK9TsL@q7^HGPK9`MLaFbz$jLKO8%VoS}jy}iMAgp9}pfPZKC7Qjlba& zlZYyVxgR}>A&~sFwnDm6v3ausWN2kQ^iQ)Jfh=;S%o@U%BVYsH(S7n7-z5FtVII1b z4HrM+PX*FO<5-_D2l@z!0lA)lmSt74IrA7Q18*W3QY{`7gcA|-gk*D#WdrLZb95V) zBBB4ZzJ=={G~u-72l) zlL~>E@wl3T9jp&pLINJv!ZCvj*9(&6xlw)UKMYCFnNtt+ofVFeq64wsRQ61_4rrPED&x${J2f zO^btpNxUPYQx^J^!04!J^0Qa5#^mmEg?ho{{Zngnmp}_@fZj{rT>+1&iKLA?)e8>= zwrQ@#PkG*zz414*mpOvX#`sHB>uQUncuNbLK;^I0h#&ITjtMMLQM90i!BQ)n4 zIN_3vN<0R7)bdxLN1a@qFl?R^#^_%nLM47-!iFLi2qr09Sz{rC&N^o+=VE$2prCVe zh!HWJ^il?9{AcTWIKdwk^lXBU$LhPQNK1a@^SVD@3lbr1*Wn4Kqg`E| zg!*G&{oEf44;Sbz=a+P#DtV=4v3;dCHC zxd@ufR3S)wEvIR*dtj#$4C;;FJbK|~m1gzQ7&ryx8kb-lHQwOlSASL{?2Ym^*5=^YB0Q>s z&SBTlST74L`~_Dd5Kc3glGX`%z&1tPFURk)EV?jbungjbsMv8TURZ>gDrUJus#D2@ z%(nR6LKR<-*g_*2Fx!3cy$hPH}^+`ZU+2uG4PKZ z3O?*PVtAC6lSf)_onts7KfzrjX5Bb4Zns&M8k1F>L*SrL*t0byTG9UDohmZh7ic}? z1E^>ALFy4=N@c|nto6wCuJ#xtdGKa3X&?zkkzh2b&ojdhQky1-t+&wV`j?$| z*9k35&o~n<*F1jC$1%tjtfYG`^!I#tNgV0wCps46{oQ}sdZ4%>xbf!bkGy~3yolzRdsXW1IBweTJOcImXdY&udb^gY{0fYI2ZgK-7%kYoqbe_V~ zxliWV)(vPTJ&5EtWW|+oRnIbX9T5)Db#%g4WYptl*u-jIjAR%Av>crcP#P;Uefb#L zmDCu%AkiOOkbGEqy8pQ`W6G|(@tRx9{5gZm2hXXRmw45U zJ3qM3Q$CkCStO^}+*($C6INXN-U3fECOwNE1d~@Yh<1sz3=4jPo*T)wMLZv63AcnjvA|jWjRfB4;?RR^T=m`7eFEB12z>`%mUs=(&tZV?^Z{0y4d#biMFI`du!@d==()pom0T*WjAZpR`8R@|PQ2+%{ z`4z zsq@yHi~>ime3*`0`5+m!Gj)FienC}z0mENe(_W0voT`exs0jA6x8|=h&iybCn`4G} zl@A5_S9kvy+tTO}$UGdc!teH4^ z9A~rl#o6pBrf)V>HFq49Pay5isBT8d0TZnRuDiyv;~hePQ&NP6dH8fxhgs^3mt6pF zuz;PB8vXC*t+|U`RvN{LyEC1Gv!*< zR4Z^22i8?h^~5ehh^Z?u<$Qz2UzX^PscrEm{*wg74W6}sy;{b8rT{>vgs z!~VEf)rpZ1jGUG~ZAl6RRkIb=0+EzWiK%c%?KW5S(-gKl34k$g!4>^6 zQp6?&xnh$7ue2Vd3^ZdST2K&o2MdH`p@Mco3B_e8aRtQ{8I|~r!&gkpLFOCjxX^QG zS>LGTivF>GLM$Ru!4qvLT@W#P8cgd$2;%FEd?<_mV*zxdOzKAI)Q!^lX{Z>NXQX16 zGWOmFkak-4Btu`oQ$J4g_G2690wjs$Z{fb1%_sC+;1Hb=U{8OJV+85Y0W#yxPwRY0 zTePd@q`2OIKeWyQadgve=aK4n4{;RZ`Vbu78|zT$NUG>%=*Squb2zD$Xp3U|g)UK* z<}pq=Q~e80xBVKu8TvC+Np@@)l;~GFw;V#=t*@I-$8>D^_}FP`o$U0A{>4W1FRtx_ zPE_q_WM4r14ZMQ*c@2*5TMn1J2BrEz-$Zis=@h3y7QAYGBYu#z4ZlCQrZ@4w8Bb^c z@)h(DI?}D^4NrJA5XtKm$XV;X=V(4qMk85#r@xvgNmKmcwBPk- zz=@@)i07!uSRLH;H#!}hOafxjT!`_U0W{+N)ln;iHJ_fPu_w#f3dWucxfk3=*FW6o zlMiQckkoPFBucqYKm%)V0xR+24a#h**>Hk94KwHZvBX7{v@>VOxwn# zG6sM%eV<{oQm!~onU*DS!T8?21h*97+FB&3pyMb~+RN%^IREROr2-OIhj9)-ZiQ3M>&J0shTVwg zxpUEh^1tdJ*W;T+TmZR)Y#RO`L%j85?Tf&0h@YuZD2OBoz=Wp9$x9!#@E|TA2xgZD;crX*@N3%(hCZ?Qh zna%b;p1-=yQw;9lWW;qmgveH^Z1!@&F1-#vCVexwf!@Rz`;E} z$`C9?;9odd@jLhh9I_|k=inFc!w!?1L~qRsbT~L3`N5b|*AEeb-iB{YL<5t{`mX|1 zLR*H#I4nTeJ~p2SwWS?O0A^mZfBWkYB@v?>BDeQ?AG)k#*RR}X&j-!6=YwMOF2=CV z$MLX3?N5j4PuBXzrdoTlr&fjiujKz=@>&)>DicjcbBmHO?`HhdLVVM|qpD{n=O5A3 zo^$Vj>N$q<3e_{yRXtzX7O#40wdPZ(hS9H>W8;cZlrl+Y#7+z4<9yfE;m%3yjn2=_ z7*Wg*==TPUCgul2YCW1IbXt{C(X9wr&j;dsB>9xAlxqs!v8*5rf}K@Op5n<54Q?9{ z2yMamT!tO-Hd|H93-7b%eBlJ=g&}QNo84i)19+}w)B+$s+$)@zGq4*07$glN<>oi7!ux4)`$8*W%^GBTw`HvX(sPBI1Q!*uMj*puXuwd4s;ij0rnaQF* z%~#-s7C2kQNW_zKHRkUqz991lE(nhNwHdTEe*Uy2H1^k+X0R^3+km^e=(LfoAL4k> z?9*Z=^`I)8x+uRBKi||J?D>5!>f(`+mM+U^k+$0_W|p1jz*q7)WO#>M|Lr6EAf@UL zT8-9DpK5 zuF%L;1iC?6w#~u$nF$M01L0B5CRN77uy?J$$1IV})3l(fPm_X5Hcb%vrf5<)`UTeO zo%hWSS--+Y+kpfC0hiWMK`-SK@rzf+15e~-o+>cL_(Z1owEit-emI*Y13>x zq?3oF2wdQAVVGMDuL(YGy_O*m{#3+&N_Fm5GI!$?3pUHY zjG4vTX^ZxiMuLQ?+Qfw0l$hOY(MDe(>R~%7d?;kIU_%&)#^xt?*${hqj_ew^!c=RL zA{H{`itHM^0zVq0Y)wKKXpJb-WL(56%7kY*zNZM1=W~QG)Z@wpQvF?>H_;G=7XE6x z?4X!~b(Caq2vih=-g2-OTQj`X?*s7)!aqnY2v1GNQvR>5iSFM-eBf*NRnGpTKHni9 zKQxjDLM^5@h(YutZ_NaY*1ozZUYBA2A@ggV0rb9S0kN&q85k8X{eb4PE+i%q%`fEL z#=J~?AHCP}Ba1PO`)YyXuWcocr+qM+I9>!CKb3VtzRUJNALG3wDk+`a_nEP%3-Mp_ zU4bYDgp1`kX2A3T1U9bV{EIu;ILHoIaxv#e?lS)@B(82Tt0b^PaQy{=?X*Ks!+IVf zl#AyzEMYBA!g{b2QxHA|=g=djXE&pj-}2U+3pR^0=IdI|#*Lso(fz+h2y0qDgd(VM zEpPNmLVVmWdl=<#*hy$P>1ICX`PJ}H0dfi(-0M<0I|-|#+n|Ge*4ke_LQWCB5KinTdN1N{K*tj#3`NlKWP!5i2-goNBN_W{!Fo+!LJ2zJ zxjB>X9ym7>NtZdJ=&9t(qQwP&A|!x>O!5cx8b$tqRk(<5d&7d7S-3zsV2hnHgDW^- zyA-h-O|DMHp6CKRT}|Y81SiMKwq?Sz>_=IUo}yH4C`;ug9XA+Y+J`g?Rn~F|90dZg z4`{D$NMkoJWxCs5Wh>UxG6igjWMrd!=GWmhRTm>!CqK_^5QPG$2pI^i!RF#X==Flo zPR1+MqN#z1F8I@J_nW<%XsAKD{9ly?va{(C)@#Kd*H@`KP-WQY>zmG>A|C%MkZbE+ zAsL)Fk4Oi(#{Ej6WP6eT3g(yqQ3+-;7$0U?CKzrt++b>Gc|e)2&otHhC~fFTl9F5*ylagMVDo=S>MQBL>Hz0(7HJ8xQSTPL++`c+W5K2 z%6yi}yx3STFrRvq$#jT<-!_B}>mSM1XEGDSD69dAxj-Zsr;E}_H$F_rv+rO+PJI~+ z0nBO`k?~HOOxuGnXqT4Z)MP0e(;Uqektj;6k7fyQglZ#OUBiY#}k{-`jcQ_|E!BLMW!B+Vsy#Cn_d_;vhU56!C|4oP?kI2Pk- z@?W9;FOHbmKd4K~Qu<5Fh;s0Mjidj|wyd&q%do$vo=ropIO0yV?%S#Q(GlY_{$zS;S5*qq)%1f4Dwh_(Ys5KGS`CIv4$Zm4>;&IUoMIXRcq-bfSkM%>l)l$b@o zAD_{4f^NN_lXr^x!|aR>^-m|0(^u_LaK&o)k(`ToH zLL3_VHA-*_RpUJf7ia$jJQD5nNVJ=0sLwGp2uz*IRx~|ZAIMyGx`Ihu^_(iE7n5xr zJhDBKRz4GAo<~T`;&UJum}nVUZoAnvfCNH40?35vw#^Q^vqyJqqoQI;?*>LtUyB z@Jyk8KhUEHxi;64i>g0c8U{oUqFuxeF&5Jtpt<$47Q`&=IrE{8AdukpAaOmFj@ZKW-mJt@k2FV>NS+wm8=M=gzB4@#~wvRTQGu(RF>( zS=CfMK$cm_UO`6B$E|Nps@3&P3X2ldMB!1&8Y7;Q?}O%-kMPQ1?jLSe{w3?1qCX&X z7n%;GqO-oqwQsr}h`z-{-)t^r`qckCze-!ZlK{}=TX2P9NZG-GRRyv0DrR(bmEc|| zf+Wc3TBfe9lD~*b^b{)t9~9Og`3298-_`y4r6f;;rvF?Z!Ra+}L_#8gVxkDzg-t~()0{wK@lJyU+2M~>8zrknF zBjLd8{0p!<|1)5B#={PFlWio62d`5|02kvC4FLWwwz;|aC`$!V%Z!AZ&N;Fn0dAO; zj}ZZW`fqo4VYzWS6!~wH^50S=9@T4?X=EAr?{W+&NkM1QX0t%K8P92~>BJ-NiomI= zFJoLR|7~bMe)vKhuy%AoI3pvFGxqTNF2p%poL>|kx&K0h2|Y*(!)?;D|EJ z=+S&Hf~W3`KDc@Z4RI_<#_u?cgNA$Vh0Kvc~RrKIx2B3(k4gu zaKec%LjRprIvqW_5M}h>LgYJ6?hl+3w-eiRl)gq;!%J`<^hH7eeJzr2;CvUk;(Qlg z9TK7PLt-MVOWlODQ36&JbsH)W-yaOu?Ki{dzN8V{F$KtO2Lla&c2}rYU^i~o25HFW!WMUj2d;^M0(o3oeWMMFqxxkCT zeCAy4HuNVt+ZVB%gCe#sPWu66v3Lqli{DLW2DV@_zKcPLcye+4nQ3^D0%?pui;FW0 zbK@Q=mt{I~0ZZAV9!Jx3Jz2KZSW0VUPtEfgm23?xXhAdz01}PQn+(&FXyYeB5rzeH zTNcB~V-RivZc5Uk9usv_%D5u>8?W>v*u*?|M9-%A1gH&B7N+Y@FW@7c*Po;Zvh*Y? zQH&sZIv;bweI!A`)6lK+2frAJkhyJbQ#el;IE44AeFwKsx(osP3ciu{^*$tBkhy&_ z8M8*vM4A~&hd6OnG<%u)s8isT1yW~l>=N9w?pbrfKSi^G}o5uzUPBz=wTBZb)cCgu!4 z0^!Hy6=;QSQ1RF$9iW7oP2L*8L2B87&}`Vhn3-ZS)_M#k{eVxt36`{WH3c>|<{wu= zI&po0P~|t8zGoBXv3|He2RE)GaG`cU@(TB3eq+rKgSz#T&Xy56z^MAvwf*3b1ESjz zsYGz3*f|aqS1FqEL;Jw*LOaOvWCE(zm*6)jsu;S3-eAo=51Or)>4XihMfqdW!iJ(UMh`=`XG6&(L7wo z$w>O$Ahq&$N=2|}?wiA@L7>!mu%ww5xMmwSoz< zJ3$kcWz;`P#xX$er;|x?gwuRgGw?&qc5$}DyemN?)=ewh#owCEE^|Y;lTY$Zf#GKH zjqY#GX7LU9?U3mt7rL)F=_DUwbr`WGeBaF|NgS=^19yw~1S}U_CNIOKKQZPwHUls@ zHQgL94bu(2=s!zwt40em8d+t;(|8lCwZ+d8Gt*W~p`V@$NBgdJCs*3Sl_Ph5IG-4U z*py)IR>Il+;Zh-o#@!#zC*uEDErBdZGx@00n;3JBy8OPIzhlw)R*9?-xBXm!boYnL z07UnPPa&Y)AI_i54Ay{!B(5}*=mTMp%WcU#nQdTQAZLTO=GV}AA$VIKrS=OEz8p{# zA*G~{7S?e_;458aYDY;pS^{Vu_JP@bpHS{6iL`qhEngFFQN)!}o5uI%33+azNyj&d z^ZFHajAOKiGaw~{Uyf)sFOdit(~!MfH0y(l6+Kxnx`M8r`|fn@SVn498cHPd={0JF zW(y}%ldkqYn}8HG|ESASn23k*@s zC#I2g$ZFBVE%%Y6iwr3Iq#t!P`?^(ns|RD!p-g}+Q8~s;bQ^YC*Si1nSam3>7}-1O z2RorLsS5n7M6?@Q%-Q@9T;se#KaeZ*g9dqyUFEn^KWLINws7N0(X$g*L7sHyh65l^ zWJEC{QUwr|Rfy##bpTtW4qRD>=m%&D8nH(8gGY~q@s{;3)ei_l{eZ8;=?8bTTm3+d z#aR8I$l=D+4}Qd5)xVSoOs)nhp9|(5xRR6~rzgPwGLH1Q#cY?W6_BpJU}an-+G@t_ zq4v1Dd>oNq`q}At0;@z&Z{VyIlK%BTuvppZQlH!;vyY%senCX4nGzC$yxOA#nLq%H zeWCzTkyL`5Aq0sNaF*EBFh^9{1+j={g9ik81nUJsvKp5lpIl}M@?i70P%xYX$q6Q= zXXDx(LDutkIFoVFJQ4@1QZwRHQ_?CIYL%TerP%sJ1GDOqj%|#ZG?400R84wql2wzI z<2ltMawoxATsx^rO&=dXY993yi@LOw>JrA-aIi3-WRgUi4qm}7$cCwxR!?N*k(BB=Y zk27Gvh5WvszeB%y=tQj`M}8~$YGu?DN(EXRYc`pw5yziAWw z1|B*pIrRV~=iJFUE;-lgH>F@i!dNSvn>yT>PlLi#4^L30N+?cN1+S2@%CF59g)#?h zo&^h4D^PT7buP4pkXIdI)(1L0C|d{e=7jlOfd3HenW z37da5{+22JhF30{xw!t6hDmrY|8s-)M#EywM|QWs@oNK-VS@wL?ILKw@oxkoGY;hU z+FnqzslXf9UJ!Xio=fTFwto4cZG7?SHU8%kKL7FD!_mqqk$Bj9yPRGvY+EvKK1x^A9o%k(eeHBbIUtTpR_VK6?D)3666bwW|Ei4--c8|HwMT{M zGGSj-E?Yue+(dpKOmljr9Sdmzk*m{mYXHFz1Hy zMBN?j>_a%LvI3i3{k~(rLD+9}UvY%}2E4-IEsF7E+yQKI#XO^4>*TfWqh7CJ1=R7(EZ)V*cP^Pn zJbk{$6DDDw|4QWhCpnIM&yi|nwqW$chP@VN91AXyg^RKz(JD$P@4Q4(2R#+AHI zCu2Me|0FW>-jB;6D4p_!Jb<r(h(sXJ;8`( z=ca|@i76up5vl@Ljz3ho@lC_Js&eD;;4I54PO^9K?T@oPL$Jn|J5IZrpt~n!`-&d9f za>eEayXGJeDLWawJKnbI0#{PD0A@M+3uIHI(=>v093J_>``kY#-kRdy`cMCw)}#E- zIVP+>GJ2p4YCYdxl`!C@+K(`E{z%`ECZ$4%?BoxW$OHo4AwggiAAVs-*TbC%L;LO( z22xnp3A7U*;IDliV&YB4G=j$#MnxF9iRzM``7=HC+#<&%I9V#qxPTKQMo%q);ym_z zVuo^hF!3CoSW&k6HML{6->7zMrTp%|b&+QG0o=UTSEN~EJ(@Wl%?#!~Ucm2*ECb7p z%CbT;Kb_x=lVx)SSR%#cYjOU0K0*E&zT_|%3bk|Poml(z9D$)oJI?*h5oyQbw?q2p zKMAnCtj-Z>A2YfH!wpl&HD0->>xwjwFgGs>Q3{9{sfP2h3q+2{l?Ag)~A5P9v0`XPNLU zx1h|yX2Yp8$nP*pcS_kFtp%ghpd2+yV;kujpieb}yla2hGjS*Kd-pz`zVOZV=TKMV zxwa>7DF5nR|9n{@dQi2eMFwJ-_{wQQ?L?U&SgBP0G3WK{7{;$%;NU^TmGUq_eqSMH z9#Ir9qE=?I5iiJ%JGU}6h)=y5#8|O}oL0GYF!v2Vi9^B~wSEa}sZRsl_r9-9jUycU4&;j6IaAKmXG2` zlTi@W0rnANQwp)!AhB)Ap{5c|Z_b#7|5CteT=GTKDF9vA=_N9D{x(oV+Otd=aqFCA!d^OOnP^Yrk%eEfBhoV=aC5HR)@`kN$f(r`aEkm+7I>lVqRm^XSS7*&s`2MMQ0>!!U=vdU@g{r5D8A zc}9M9820}nUfQasmRJbR_?H`mTuwJ67YV8Yt)xhMpx(M!c0L)(#=>Lckjb6D1(^&- z9eE9y2swDFFq5G|X`xJvB78H@yQn*L-o3CNt~l&o_=Fxg=r%|`Q!!aZLNS>mL_!I! zwd(h$T2mp9HDrz`qhM-uQ3Md2BA^M)V43hN|L3HL%s5~OZ)^m=SutnR0rLQPg`Bkf zCp=UBu^2zpab$r}j5GjRb(>1U>}~IvqH{uAKmzrfX#Vlr)V^ONBZAOdUZLN}6$7_a zo`X%xRfQu5RGCjo-3u2dyu`&+C;Ko4---R&n2i8}2aZ)fN1+NvkSAG2@^KzVzHScN z16dOY59dNG={8@|YfsOpAP5!D20R49)t;K1fSCT!8`NJ`UkSSq1TMdUAG2=p+(ESN z1_x|Aj@El=zGTDd1`M&>5EFsWCV$R8Z)5~o;0?}@b`07ah+K%2SUbG;r~!{^sO2qZ zD=-(Z<{79B%BaT^?7Z2W$d;4k;n=H9JO&XBc)RW5d}JfdM?x&)y$-a%)IfXl>l z=$#0FRd*NeF%}mUvs}vGfC*$2cn&;KzZTa1k>H^)o#mY}Wg3{s>2Bt%ArAK~Omof} zL_BZ8M)AlJ%Vd<~%(PFN4usYqARM{;7iNUmw3=qj4M?)S>VSAGnMm{<#+>CSc* z7TH1v?c>(JBjq`Vhal!v4g*7?6^i_IJ|4BM5+IEQ4TR2z{%~a>_CN3obW&k2B9Afj znUe=`EUdt=ndQx@WM+J7W-^iA;nvS&Y5UA$xYa$akKnGegfkiMcadhTh25CwG5e#g zp&^9Bsik|%w9gP;+INc}5LVnIgkjRG$lnz8#B z0*NxK&U?>WLIuO=lK#KUy$O6()z$wE$km9%L;;Nh8f~g^s^CzA7`<4O8%ZRhtwF5D z31b}^5j2XH-~~*)T#Z#Ling?B#flXbDT=K@QQ`!MR#4hUv<^FsTGXlmwEVxnwa>Xj z2B3YO=Y3v3n0@y->+Eq&d+oK?W;VT`syEnc7$=$Nl94wL3M7{6JLc6*NG3vDutn5H5NqUqMFOJ3PGf`vOrB{pB6jPyGG%o2mcJmXVPa1{z|+WRdba99O*`ydBhtj1 zp3wYbkCwFHu?M;_@wzh>WE*&^t<)y#LAcKmS~_tPwAws+gex_QKQ$~~^s8^(HYyf0 zu8s|P*M%D@`65 zKhW>L&8kWvKS=-dQGwvmhA0T%-g<|XNY*{t2TX3T?6pi)7a3geUpjC7jEy- zc%C{NoE-DG`U%v~30Lbr>Wr)B2Zx=cU!~*w9^z4SkWKJh?`a2$N|# zGt7P>%aO5IG$659i7ByI<_T9D`x_kMV3Hcw-`9ZHh3URbyD&Y* z=b^PoMVhsU82g#=ec!9}=U>|>D-oIhcskbCqA1)glVse2Jw+o_==u)xx^@prRY%0{ z8-jo!=-LJLI1B@Fn-?L7N{zI1Yk}vXTZ@R57rgQ!+H?@$kfC`sQE&zioKR1B!Rx!( zq%s#ZSn5%8tAYUcesos_0VclP?|nFt)hdAwttF*H&axfP&w4jMk!`hFA=uRUzI8zc z13pUM|6CMcxBmT3=-1`>yUPQV>|ozKzi5SbK3*-oZpz1o^o?_ay`dnbyxt4qoIS~FxjMIQWUa4Xe{fK{Xgiz5!2cjr1cl&IY896ZcAaD9HA^f_- z1NfbNF|9RPn3xiD9l_S3b6*?tfY?LAnnYIfWs!DBWYu;^z}mhnU(k^Pv-kAQPgZK4d;wnDy^hyK`DaO^FyUB%5mG#YP&(2l1z?%%rJR4{t>+3}x?u`J> zng-l#!J%Kpu&x!^Z`xyVMC9>*V!e2N7(+jp<0(t#0SF6-+@OuKUeiVRC{)Dh%$pWx zJbafX&cS$&(Vh zUlNNSP8?o8on_yI%^1&CUY&iCgO6?6KjjI78lN98J;UB2Eo#HfygPZ9w_yC`(T3W~ zQ2?l>mX3{QIdFV6Zobv=(*083gu8hcSb3wtkjk1c?#CRBRyYaWO%4K71Lk_~-X#Wq zvYUVWpJMQ(XBgH^HzlGA46g9+#|7^CPl|8+FKnuKl4=;jP4c9P%CeP^qfX*&MVqE1%^b>gqV`R4sRfAu{? zN7i^C{4EVB7Cvie0DBWLTDV%INfn`S^0jjbR=2o0kI5h>@)4U7BZAqk?{#gy(7I}z zm>=5`U+K0sum8C#?F*uUyydTJg(ZQae2i^V_g<{0E`4?dw}8CGZ-p8T>H9gg!)|AJ zTu^rRMc%Yu3yNDWCZPCpJBu|MV)m(biW71BP6U@!RKC-*hYm#gbB~Rzg5>5_OUJH) zuzG$^WDQ}Rt}}GWQA`*21TA+PdT7n?j4_n1Kax8-`@I*Cm>xlPe87pnQ#ctbVUkZ>$$E-X@`GFWc>6T?pJ9e zQ-6)_M|qcDy3_j5F8m1(<{71Ec)c58-n7T86uW3;+HX~e{0OIo;lO7zfJ=Mj@K>uZ zja%Ypy&JE=s&ZlhcUt&MRp9Sq4-ULrPo)UEe}y3k2R8HmmBT_nUHE7>tHeIfJFA6H z*nF0{aVW8pPmqDrPf{Scg4tjMnS<*NPS3&Feh%6-2Ul)_DjJtssU>X`5*%G!IwGGF z%{}6!!|lUd3<-rV%lTtePTSt;?^#)I&trFJW-%sStH;Iie%9iy{Gl;{<+pmlSuO0Y zf$M*BSFmb{C0R*?>kaq7gIZezZD>3j7s(|D1q~ljU`x>gckj2$U;sY!hmlx#)LqL{ zje0kEYnESG)eFo^_8D+1`6cHSxLzm5_|gc!`td{-h7a zzwnq(U>~VdUplmj(lfY~+jUJRrqp^b_5$0VK0l2A`%BMXoVEIY#lLs?eQX!~{W{H+ z{Ch_o7!V($6wQIq*nBwn8)3?FSEMwx9rEw`_wFT4LYH>?=uUU!YwHvL-iP$uFN*Q+ zHC@amDRE+@JM2`$p&h!Og2!fdvHsP!?hHKsJ-!(?O-35;K-K6?FVg`Z26->0vkp*) zO_``ca;E}5u=01OTF3F|rPtxn<=@Q_EmY<-i80rvH6gpC`n^Z&{PD(^*M+JBm`;k& zQ^2_aYt^~Pr;}*fMb}CTT3Jk6y7A9_V59IQ%ctpHf%{k$)gAqF>jH3EC|9OB0|oyw z{BtK7h@6?uu(z=3lz;9R-fh;IY5&wGq589*iUY}!Yk@NpLv*dg*l|53L@*CoSlWN= zuQqq>pu1#)x+n+Tr}V3XACs)u=dw#6|21n)jknPPV*D8=up{u#)%V(Z+s~X%Z0qenD=g*96t#iN@Xy`Y&L_eC zTh!&MfNuSB|Lpy9mzf)rx$U$IgJ&M-*W3%qXo=cP+7Oy`}%6Dc{cCGef|6SCgamv&1>~G74W$oiLiby2>iy#t=z^s=uJid z#)@XJxr4Q>+obtlaDPhF^S@>_pfR|#0sSf*6?H4#o|AXOLCD9{{t1o`c{lvdUiF-? zt8&x6k0yZRz(~jXqjefACvQRS)BB9+f#LnoyafXu(@*Y_%UdvTj((n5bV%NUBY(+H zDF+9GdfQFTBmRY4EJw z{|l|eCbsO&SO=X5uBMR3Mrn9HQazeBl^y|Hdj#xxB-JkM!KIN5f=U?rLgx~AJp8B~ zSzbk1UjhFDJ~{@xpbOx5d*M~*$J_HK9L}%2X=cGm%7B(U@|llhkG~`g;CEn8Ex#@e z2Cr4O)KSyhhtsMju2QRH==T-f|9t0G#oMD3&MvJ7X2Q{_`6-nlDR0_u^kp)#BdvB9 zQI;>|sxF!f)CxUL4m@YyF`dSaw9i#qqN zSCY}atEIgtKA{cOLrXgMfYQrfL_9XQY_s zMk!x4ZsjUfsTWJ5bsCy@>B&L0OQW@Vz&V{{UG3l(-Tu_+N9npQ=2@keWQ@kJ`d~C% z-V{F;C0&h$Mq)`I{1x*v8CiQ3WHxr9ABmVej^m|^Aj3e;!QFG3Qel>=+%5lHwrL!~ zImE$Rp6fh=DaFg(``WTiDK^x4yXQ7pOFPTRzFU{_kDo97WXi{~Vu}Ts5fm0=smxSp z7{^F2tY@_7z^|(5z+DsQKx$o_JMx#JDc`|o*5FxjjlB=l&6pc`65z?)`~C!;rTi(L zFI2A)$|-+}`#$$Z2|SB{3$$sZrt_*_461r^|*(%(Sr$R>TH;xCMv2n z*AO>88F{p2haQW1*zmpOhDW{HQp<}HO!4mZD`?l!Xn_GNjTR~;{;@U8gl(-!KE*K3 zH&w^&^94;z4!G;*OhaSkAkP2qtzNKe9C&wQu4%H+A0^=<_X*viF;nWS9{6)!a)!o| zmP+RDnAyZ%AD3?8?FZ1rL0vYn(Q2iM+Lzbe2nser6UoZ{G*$!2{^%`gWsFviNy9^H z9BmH5GDD*7djbyH@*aFf_PO!W){5+-uKdq8enyW>la>6{j`eIyC$F{n$>2X{N>i}- zsODB59#b$YO(2z%xqW}3b_Q!auxcKKVK|o%>`6B+_>F(P+Um$Xb|5Sg=(QfIodm23 z_D_3mFSWwd3^mOSehN!C0 zpuPNnmvnNnVxPqvecVyR|C(D|uld0UNmQ<2sf5U{ZtMGGM1>>=jQFM0=XZ>48e>Ed z8YxX#A_|jqyKY~YdDZ2HdO3UAXSw&k+mFw3So$S%e{9ILlnOh1>#uKOe%8PhnlxuQ zv^rmuSKuCaRU^%#lnTkxevxs z&Um$uH&nPGIJ=1#SLp?qGlx!ejOrV@hx=o>-2dFKhSE^A5R_)2%vaD%(>Sr4Z| z)Sx=0X*k#&yCI43h_uh#BwzGtKlY!fIwLKm#BN;Eh5v*a>Eaw0c+x9ex~@Bx46P9Z zr>td4?z>u|*87#{jFsG&_ec{P_g5X5iv|P#Qy4d_c6j}cF`wtjy1*9B=Z$?J=P^b6 zxfa@Crdk+Uvu8IhmmluBv?r6?xVWdRZyBh7fVury6dk%ehYvVe+dLJS^PuJ>`$U$V zuN_?oy5HJEHUL7%E|;3`FP!REo;a5^Bm3}q(;wz>S)zXt4mSlj;uLmhm~b+)VYJ1| zzezD`&;-PeVT4DIwnIX^lPYEigFvX$VQshlFW%mST9FBks&xrBolVS>3sOB*;VM3% zKigJ8HohTeLL|N+f8wq%JUj6XUkwo3J$bw6NtK7VnT$kk&=IoX%;O~aPx4|RrFJ@L z^<%6W(t9MW_*_9LpDGY(+es^r=b5q5^u#^bChiturH_dwF@DOg{O-&}CF09rh^Y`R z%Pt}CeF2AmPO^J8BBx!9Wn%fol65840*e`}Oh*7;*JuD3E-R*PT@Dj9ij zA9R(eKM|)Gc+a=_44}fIy|+thUacvzT%^LH>4|%-RmO{_(r`{K)aVEf9Pu@{2Z1x+ z;hPNfFkoEZ1Y-t_iwr6iEyTJlrM?avD}`*gf*b zRi~!SFZ3p5K4>!sX4coq$cINl0#hzj&+EYb5BmxC5745uIJH3M2lSco{X@a`e*KEf zh@7ps5Ptny>~?;U;usTN4EB4YhzhM?bjcI@AJDQ43DX+K(it1hdjn7b}w5&1*! zWjWon|5yPa=j|lbK34cb6b_QieOg~E(HFAkl<_xzLNW8N?8F$w^t+H^cBGiVc$CcD ziBFnZn|v+(i%=y0;XNv2yl9&gjK8clKa81~X2P}@&6?ZJp|oi~$qVGyB7L)zLRg1H zcVbDn+s>NIKCBgU^w5k3IT#H-$BiXu?AfYdcj>R!jiXg{6cHGYlDU&^*9r!|{+3um z$Qb{)o(!n&K3g0hed~y{r;FC->HDwlq)PO2DM(tMR~cFcDZHW9p3g9SO!|4fq0jf69%RM5)Et}_ z!pn;BWxmEJTR&g<9^FGfe@SV^&WbfUTWg}J4OY7Ma%`Y*IMemo-B6wx7fKdV~5*_26qw3l*P9z^i80;AD^MRBi)|)3f$Db z&If_&KGR_5d-tscC!>_VXztBV_STEM6W&@#O0x$HpJ7V*v(|3$V*4THZ9iiCaK9d+ z;mm#N39mUD$7W;(@lL{|MI}ioUteNyD;Ib;6(WHz&YuC7rIdf@i+<)5|B0&8CzVQ* zk^7c+p_Hq7_vsA3*HkV39hLl0E8HFHzhP?SE0i4gw>Ng~;q`WQH>zdgi4JadU+VOG z{At6?9uxQ1=as6lUZ2mrln#)ovljb@Qco+@e0yjYA<(kR_R6K9ue;y=;l)i;p~d8m zo)*3BBYiBs)}8;Zh$;7v3D^=Vnt%&@59_9DJ;ztqOx>DbKaea<&nRH|S*SbAsNy?* zRF9d@5V65+z&a+kyH%NKs#^b!s`C2`p|z@kQFunHmz1^2jsEBRfQ5&gQ-?>+2oI0k z0gjX>`jw&oYZcF-5w%6JfRd5#-wYcWtaj5=mQ|v$TXN~U#kXN;lIcfO=WbYQB$iM8 z+!GX4{BFK9H;nOx%+U=E;z5hm=-Gg5degj~c9!vv@~hBK8HwN>XF0i8^nMA@M7|EZ z?83?}>K85YPn-UReHQu;d)yC?MzGG0JawyA%U2%k)pC(QI1U{G`3XD$xcl%qp>*V# zvr)>Au9i}MZ{O5R*GMDJH4Cxqy4Tq7>wtPHn9r34Yyl9gwyXdMdg4y7kHWdvuHo_a zO{O+J%wVLA@0WTPYUAJK-Db7%FLqFSRb04d`1yY^DPZ|L>whW+LdO8bQp6Y7#~l=L z@gc8>H>e~ucs+5Glu}}Q}O$T>OC6y>wi(BO(S2`M`M%H$Q#t!bcBT8 z2{2H|^~yc@R~`fk`Aos4!~XQae)O-rX`{VHJ~GtER|92ybZz)!oqZRcc?;udhk}4J zRAn5X3d8ACi4S=p(By-Tc2}S`*65g%YSNsjBD9E9ke(F^&Wr6Xqs%a5fdn7=Q?B3q z?4e2#t2v|%-8mcw>qi)xS|oj5;Cblts$cnnAfMe~FZrb3JK(~0im$bkPj7x^wldJ~ z7lG;a(>*GBu%JC3-3*OB`#m96?i&4G!0)Y6>~o(K7Hm&iOr}xd~xYIu3oqV&H(=Up&gSugu4I`~r!Cd@BnEj;uwDRJ+ zS(!(?97|r^Gd5&H-t=#oH?jSwyyWU&)-OXzIv&amK@;iG5o3LiYCG9bb_;vNrUk4R z!XI$Xwd!OgYINjUef+gN8KtUq`uH!?gW=%gh<%)U5T;OAsXjhVA3qg*Oq?9kV$x&T z6n@P8fv+Q2n}8(#`L?2NJofDf16DN?Pd*@AmFQegs@1%?M5WSr>9tllY`4SpVn1BXC%P@k4!Im3 z#g_%`;tXA4rpwEI5T45Tq#Z$5+hdJiyH{2%+tj*Jd6+_zMm+T6g0k3DC>QtB38UBCFn)Tw9L=&p1DHhXnB!&JQIc7hl1gepr>lrVjM6cxo1XG}A&i^J`BZ%5*^= z{Zwzl=))sCl!JBEI+rMeR!~_uE;LXo9j7`|hiJSm1Mf7*Aus18pA=O{voz*CTh%qL zcDs2-GyXSTS@n;xljwCaa_1FYI7SJ^4ZB{-s`m@=3THBM>3DkYPFL?eS$3j`1@T}2 zpk`E5nI!k`t+_OHVx}t9RXH+AfsTF?%Y9`|AEMr{JHZjB8d|via_XF5b%NQQDjXA5 zn5N%f*QpIgzfbGqqk@mCJAJ%o#>WBuUVL+kekbeW4L?c|e+T+qaedI$WaNj-q2Coi z#!H86quw46&@I#&9NI$shm>n1T%#5?wf!KV;X1dI1|g(jKf2g|#@bU)$kpzXKMTea zvhClyHF^U5RCOliM|!Cxor$^O4LkIGm zc<)DczRi}$dxCgqZSmuJPGoOm1VVChOg6OPh{EZg@m*O0?HwNyAJC;&-qg#a#^^nf zU3yPAjF0ecnXKb6+Snf^7v;+)YW(x2-OPh=!=}{rzT}d;sppYtz0TOkI{V%&LX(i} zBitSnTb#CdABmz}(L>|V!9%aI4b^nL+gIZt#_kGiM1~bJ5Ojk*W11ReP@DUpU(YhP z&4Kej4E5{vo2n?&Tn6BMnf`e(_vuP$)~nJGpkJncUevt;gc-LV6HrJ0Jbf=^dOFS> zfiiug6_)bPV_vXrXZYuh6=)zxi`}IvK)SSS8)9$>#6hixnDVjCJ;DLiZpUgLtElU- z`pVj)vHDoQvX&#Ku`)|WZrh%*`srvP;J}6t!m)bwU)_(@vy{a7mox+@!dUgAGscKY z{QSyJfx&ybzEg4C}+PB+L7LuT6n?hrwRqh<6xRNr?Tu^?!N z?2qg#ZXX-+dET^tLes?U_=Lm=uu6_uiD9&LOuqZ`{_1(|r}s*RX^9O+O1Har1JX+o zm19YsrX0k_jkM4~ooQKDL-fde2&8 zCMj!;*_I6)BH2rrr#zy~gHfRt7J}7Tz*=P_d$sDQClyDdNgU^u?HJY7w@Zr)sRQZ7 zMP{o^ud(qRYiy^T!MP>QO5&1zw{j)%++5A)mRAz9SQK{J6-Yl2|6S+L4-OOqoAR;m z^<1yKCxbM!S7{WM4lf!>(&L5UMWghm0z-ME|0qQ5&7-`itw#UbSOpibO+k~k!_g)zlDGFxS0FV!qnTBruf zYx1;Y4=JY(M(0+4$B1w6Oiz3@B0lH`mn-y>MgC>~;3XdfXq}9F@Cy!a9jk&N&YJMp zgL`p=^hz9h-Vqj~&SuxHhs*up#E!4B8`k3ai?9E-J32Ma^S3?x`w7AO%=Vph3++3m zQ~M71kJ~4ykj&k_9y)w~FQM`}vKuCo{WDpw#YmIRcPBiUNqwygQu<7qvivW<|Mrk3 zFutTdz5k|RwmC~i-WmrEo>uNjhb1b?LgtG7KvRb0{gYZbxNY0~io{CjykZ}0_=3J> zCs(x`F@|}0OpEK7g(iWIT7(&}pgQ2ETC^*C!3V0}mg0%tFX>q9YK6AYwSiCSjj)%a zkx?xnan^__GEe!C7q2)=)qz{st#QsG5M3DK;?BRLhR!eWYABpvYUmqZi#>E!Z6AJ- zaTWS(C~JI6SHOnMl`>C?jZ7ZXq97R~lShzhnK{GC$s5@?yk*_U#xq;mTldA*%Lbo{ z`C9%jvtB|!&E=u+693)x>1`+TCrNEW8B2Dr;5rtltLHor%yH{c1Rdx&u|Zz^bG7H6 z4W56_vEiFrG+QbB(^7=ZLVG@=sF_syYm4Rm?Jv?_SCcmasr2I06N{AB0^JaMxcQCB z@ICV@ja|0#I z%A58}o>wGthRHItYenJ|O!l%2dHwY&d)bGV_}D9v8J%rYWM) zY(+HcE}$g*pVJT}*@|e1`vDN#_Y*HYz<@aMPO)CEayO_QjjN1*ZG1tkGrR7lf2tE5 z^r~IuX5s!Us8FwRA1x(^P9>2wh=Hw0MDyiww0#BfnWl{c+fEq#V(VF?oe{$Lwih9c zNsZK>EaUBLjSY8!kjTOE`~rC7cgdKb;OO`c#|Nra7MiI*sM${Rs8qAyW?#dcRWQ6L z>3y2q+p>-@uW;tOi|VNfjjDk}-Wgt(2%a)3eUmIft2yXjULfmxh|pmRjRk}g%P zSx2>+P*j`NqGkgd_Ro{-ZcsQu0btdmu7On_xLX#hR*hW;T$^&QW^T(G)Nb7}cX)vI zr<+*)dKPdp*U_Rvt%D@AKkbyl0+cG^L9sXlq&`o5V6=Kz9;Z%Hu>?DSj{;giUMxYn z5Ey`?DIeI6=J3ag@JBOc+pCuF$7;_87$y<$Q+zZQt!1tQOhCP5*&VZ#IBZIpO%H|`A+G@yc;*BMK0N_xc=Mx|E+~1VM$F2TB5cNf6}W(gl4=p80_8tBn>0|A8$T;=e4#vv zF#`Tp(fE?&^Ttnl((S25F=|rxD@o~om1UnUs;R!smUzDy`5~MKY4}AjZ(=h9OR=*LPxcennzu{t?OW#^?LMobc+( z|5T(&G&QUeL{qCnM6PswapDP`00vfaWMzPL^M#ZjfT*X=o$!X70S4?9)LKieKc7Rb z6{?j%nXRvqcY9|K?mo>y!0$9b0)9XrervQ1q;VJGKYe2D$T&Q6;WM7I*M=?m&L29t zBRu!|`^b0Z!e)I0Q$-tYIu2F!#i-ig*N1<7go+pHK_d6bzNfImvb)vB_B+nOm@LW~ zdumg9sr$m}#E$D)|Fmoqms1NY54#A64ad<9 zEKLmp&!h&yr>Oy+Zr|bWpyy1)3d`f*N~(!iYk5Br@_855=SjbHd;HVO#}z@tR+G}O zwU&Ll$XPnyhiHdfJlJiv-z~BexEfNel)T`TuT_fuRx*o*|HUSQY@X`QA};F`kbAm1G1 zrIK~jBjj?>V$c1^iF{U*PwTUpLnniS++B00{}e^`oE^7PkzF{`6J3t1kVqR8-Yx@( zResrd87uuY%IY{+!b*{u^0Be0#<|{^8vV6|9!g}@X+$KWEk#I^N^cc%%L%)NRC=qB z+vZJLp8Z%C{^-Fg1^r5t!Kp~_vZWOKjptB;UFy)p_8l^v-1fmbD+0t1b9 zZQT>cizaUiT=aJ4fXW~p<3b!x>Yd-CLI$}Z<^zd9kqM-v{%FrX2(B;Df)#S=T_TcX z2M3z#8vZ4Rl+X(UpA{S=<|QDV$BkxPRWG?uBLEEZ~@S{BcR}CApOg)h~`c zd-Hm1=?%gjwLM;X{|6ckRslE6;gP(s?$8febJ*Ib`-8q*&KC>y1zjR6(&QTBubdjg zo)#}X&q^S`&4Axsuqz*)Uc)i9fR{QmJHE3wg;spANi!RUX5G3gOxp{8etne$Tl| zK8A!=O2yM#BK%2g(|WoQ*$TVxdNahO@pRNArz}yO23i` z`*~#{KIhxvLU5!bZj^mC@Fa%B*IH*Ht53ze5MJ-5Nlk6x+&eh9{XvcC%mXCg^hV9i zYG%rFtR=Obli5s=^}$mhprWHPZ1$mZ(~jqP1ARzGXiOLXO_;;%d2faS+do62k{QC} z`_KiRoT}0AZm#xHF2`&m9;)Pw#T@}5fE7oLIVW@twTy=a<#LmO1y}gfyV8CnF`r7Ta6!U+)+p+d#kNW{gsfS~3r}mtz0XR^#6F=|> zouI>ifl9gm%Zf5~SgpOJ(EYXAO;U%vaF%xEEUX=^#|={FG+y z!8|TXxC=ZF;Vzt1zBtH>ghUx0XYcm!5$^3a7M{c;+;f0S3-?US^~S18#H-j^na)@x z2kv(~JzW3v%ZjgD-lzl5GcH8(U%2hoNq)o6CO@QG68`<#I}88NeubgY%YPk2miHms`FEiYJQiyTP^jXTa2igf->zs#cD%>TY1NuWac)V2}H>l_?K_s zvf4xY46%^6;EbL`dhC_AVDvU^n1=>`HFymhc*p5<(6Q_!mNvOp?o_lo3_OzJF*8@v z+AH@(LO*(#KQ>g_kR$8lu??}F^dv;7)G??ZN*efMK1bPxC94UIBhq0IDb1jr;v;mz z@PiB$%?K8U#;34z=o8pZC28J*;YG(yZJyXyWmNHif0V(=PW3ru-3J49Zrdh2sxb^Z z27^(EgAg{Uf&HIn)vV*Uf3@f4i-H;x_@d-Zf11bUg@VO3^frlrUwPB&kw4~eqTqs8 zD5JQ6dDChnmqI@`l)r`6sI%coqY5SF)M?G%UC^U8k4({JWNS6DRSfF8L?^*NYH*5? zGZ0nYoOLcX3Tz+2UT~YRGIH!7M9q_f#DVs;CK(4p_@_Bgom>BiCR~bZ z$^rk&zo`A@F*i>w%yPij6Su@Z@{0;d6z+ewZx9!uLyVVCiwsa+__I?0`S3qB6Kwxs z7VkIfiGNY*v(OX2Mny6Zb8N;kJn`%GAax}6*e2qC*vB0_@tXl_D?s@&`S*ME-Ya(Q zQ)RNeU$6kH&}8J+4=F*eheF2AC0ioILWbiRxC75!dn2p?~;QsNDhS#r~7QvgC_uT6nSYGL{ z+OUOsLO2l@YkuF4P>YR&cS(kOossVz-bSq*@WNzT3vV$1I=8~gid4uU;adCcm(?k4 z^T_=JZBs+rS>lM?*Xlb)U>&KHV?m~sV!PnLPAX)LyUbK3So~VleexHtU6?w6B+OxU z8vd_ND`d9RYZp6;vXi+Z&W45U`>z%dV;$KNW&4qB65nK+WhLl#TkIzdn#3({i#=;c z6tw>x#2>eKVco?aXI-2Mj^C`A0F^bnQXgz~ksz88sSj&OnL});_P5&p)?zOH$7$&x z_780bUhNE|-TQztF3kG$kMFb3@Aenz1S?N1G*ppU{YXO#j9LB2%ZeK-YkYRtB0l0R z4R!lh`k3+cdcrI>kTT0g^(^FO+T(x}z@&Q1;}#)>QLx&}tX4*l<}{{qt7NsPmg)eF zUMmkAJLxdj^WjwB=q=As%k-_9A(J1iW4rfVkPCzSQ?4A!DO~vZC7?x;KMli+3gOu2 z zLEN7gd5cc53Sp-mIqqxXuzB#yJRnY#Qlt1;4?*?fulCfe&vs*@{C7``a%o=LfA?xW zDN78(S72DY#QY;-_(#;G{3Ay3z9P|+JL_=a{aOCD6OR}+Wr*B&Cmw{`?$x;MPTaRF z5zFBlUiJ&#?J&+><=wWpEsDd=G4W$_CLT!zId-)W(M?W-JD*j^hq#2*6}o@c5>q

      uHv8EYw(K=D68()pZK8DHD0lWOKYInKMkH&>vD6+Oqg8bB4RGd+`X=mRDn=q5-FQrukr#RQ=qK5-y>_a+3ega-`a;CT&)i$=tGH; z=ff{g3`NO(`Ybu%kB3VT{HRdwcE@t7&q^$AFSeb?eLnqPkC)!$KPzwiQL)|UQ>-1R z8-MF7tPB^~JzrprnF}@yTgX(H1bX4g_rX^Xr-|EqEOg_s@y~j;MNF@k1k>O(zHIBy zQ+xTqGuj2_bBSaUL~^9MGL3S-J_VH9l@}?LJC{1bqGJB&s8%N+kHx$Bo-i@NVbYU8 zi)*@`dFIYqNh7zReYj#hJi6P~tQ?hY%{SV4%WBOV3w>*hx;nS!7wTDNYx;XUY?_#X zh@G0F@!6xB76nW@d9Ah-vuuc?OiQ>F;yttIxcC=%kFqFmube4|Ak+g()9<7B<(f`(Sa#b)cZM z2#jj>5rHvMF}F&~&$rc`m|HdZ4B?l)AEs{`YV`g^0Y%136Dve>|H=I@&*GLR|IcZZ zm5AI{k;b0u_5^!$`&9~;f3ZN=0}F5;zx{70Ktb#wnEE_QlR(U&UwN2U76y4SbLCse z|EKrEETjzVWAfcc<~NX$%$Kn4?xvWoWd7l?|M`1jWJW;dcX?S%fE81g2w8jtj4dc; zul;PR@V50L+>ufeID3ER1CO5``?}lTQ4DO99*>e++~mP8&k)tSlT{-$E^?sg)O|dP zM&qUK)f9^QGVKZ@*)h1bC`VXP<9`=mT9+knhOe9Wr7CInxFP5lC#4Z|{W>_hHkDHd z`sL#uL8ETu>VL!j7hDAmf;J0XXi6qRDlgI%g0AL$VASV6>|i@oZnXju_DapGQ$~>b z!XqL+Z^FWQ9!m4nLusDEPN4=$px;#Tej*ILyYa8S15O~!gQN}0XS-zsLnF$vC`liC zFu%-J^#WJ*vz3z9N=5m3?h;Q6}nMv6kK?@X29! z^`U1kyC)rX$?$#3n!AmN5?p~;+D3MZ2arXbq+Y$1?Hz7IpT)ImERozvV5%qev^|Dr zZ9(&qf$Pl4HKO>h*)=vJ`L0_2z|~^GM*M*5#<3Vk9EE}~$$n|e=`8*~xp31;`3y&; z#Fyy&SA2yHC>v8;A-j_OucaWP_P@#+d#`MZxYzH5+NQ0USR?|57jP-yJHTJrO{$art5HcZaU_EV@~TtI9k-U4PJ1X7rdp}<}Xj2FMIhVxR-8I z(YT?4({TGr%dEnG`x6SNNE}^}zwqOe} zQZTR5vQK-rAh<%c@}Rc|lT-oC1S>SFrzYjAg1oVaOw^DYN&`T$fBBd5jsK^2sxrom zrA=_lCPh@byY7Lu62{wSC-N=BhRI~J&N+{xzoxXd^bgrjg8Qeg z*HCm9|08fJM##)#1SC(y_#{u7NhMEONR6(d_SehjDvNm*Y?&noe)>kPX9U}-F0j0W z&~{g!D;}`BtyB|{D=hb;f=%460RBSK6IhsItjj7^J&p=d5ZagrI+3U$VHo)Vv{s{~ zCt0K6+SX{ewi+#ToI|QOWfWWDYE1H&7)67^x=|cJ>FaYnh4{ubL8vmJep$x6uW(y8?{5Dqwrb9WAFX?A-ae=K zpX2RkKlApp)z;6sflWL}VI0n$&oD8g`ER%Ud{Y25|2a%46XgfWerTlZ$4r4HB2CAo zCI6*&Bl&mWc}nvCe9rqUvWX#m49xU?^Tn-X+p5pARWQ`luC1}tk8Tyc`13Jq^gG2) z{c(NlV6f9|2Y+Sf=M&!-rXh0hK5pam%nIQRQ~ED&fBPzL>T*O&Eb+5KY;W4jjLk{= z*OzHe^E4A%x{S9`cGYBL`l0OG^`wo#u~OJqE&C!&@tA7wNqg#IHCwxFW^t-3aHDTi zqlLEVeZ@aUQ~QczqFSCwZnut5K(Du4&v&(-C^VFm=pvL?Gk|tK2Os^jA1(T6e~F;g z&8pgV5-BsilNfc6Xsl=}>n|=#v&gy+8L;`UfY5~1)%kCz5+kygACrP_)IX+UlEM33 zL?2Z58UxS<;@PQp`R1_A1|spHdA-^F!vj)Zh5LuaDv^#uEWzeslL__o*5UV?;-#NG zLpPf`p6RM3-y5!G z`U)-BZ=vR(+TBE9-2an?r~)F#AmG0g>@Km2*(MwbPzQ9KLU)Vk&%+BSi0NW%KHg?=0EM#TQ4j~b3sl`rEiD=!-XT2z#BQk`N#S9UJ z3oRSC%)!`Nln*pq*^cVTi>Vp!MD&TAm2Xx`ekQ35koA^&%ZL;K z1U+TRYLe%)wB!Dt;h^ywf7?plchF@Tx-HAQ@1*blY4H5*eb3+8)quviUR_QGDWf9( zrEcewioX?DJ~(v&e=838+iVIjwx;p49}87vA~NsjG=JOaKKNT-o~QWRWA}Rg_B-8C z^L)OrPWm8n<|)pyvGjeB0!M7_55RxqkTwA z7_RL9+^=&Woa*_!Ox_uV^WaOj_tP2*^U44^(<`IS^|v7r8&7l3i-)GTXQ;7zuZ$A! zl`;Ex5NpvI&qd*1AyAe}hB)q30$j;O9Q=NWi@@A|G%sFy^CGp!7%60#W~4DUPLq<& zNY6E3W2CjlNK@B-)ViY#JoG;o8$H6HGui0j1|v3FVDECo2#{Z5viWWRZ#TaZ7ZuI9(L9d@dak&r7#Uo2HHpY(t)+qf0T*qtJWG61aZQ1XYl>+ozc$D(Bo!B( zZK>Bp#YN{?K3ii=bJ2BrJ7q~bNx(%PKMowe>A$v;i+)g}QQIOH9oN*l#rtdTE1I3M zPfeD)_mq!qu?LG?&A7=vWhq0~L~~`Q5-w>7*Xcd^c2cq29@4{*L^4%LrIa}-r9j$` z*?eg~{O}AYJu=O5cW|)W4m-ho+{Yzs*g%Ep7GTKy@}7Ku3CT&a;1MOETI{ec zmc*b+=iQfJn~-asjmX_*%>ucaEsJZnrJUtgs^yI3y{r;4EhI1GDo{#Z@X8mHW*xeO zXN?rL8#=aJUq~pm-ci((}tg=DhFqKWDGZdUc$f-LQ3w6j)OBDg{M!c#<`CTqG zu7=WST&)@dsn%IK-`fBZw*|*bys2A_5x5#7B2!-Q%J(3(#<7(HUPqd@gX?X~0i|HG zl|0C+<8;K|^&pYk_C_Vg0?MBdnuVwNDpRNVzS|)BgB`m)Zb+Txb3tFNUKXpOZkZTW zujV6%H0-N;?$7_)1pl)GeHYpbEoy>$Pg3svO?lIosj&&zCJWVAA}2ArcjGC&xg$&K z=Cm+SSlnODS7SQ}gL)dF6Nu~G<+N1jp(pNqWjaU#Idb=XhB5hQJCg)GW`&aA1S{Dj z0m3m;64bh*DJfq1oiv1GMTR7(aRpW}lHgyDtAU{;AezHc=vyx#+SjM4btVT^8CXgV zK&Z$8AAjm$K?QQ4%IqhLPR5DV znyx8J){+GAZ)XD56@Lp049&_xfx)5ijB@<(ivNBwfxufw)7&`$PbyJ!p`s`$R1~x9 z(^*@}qEHX!12&3k1TLzXP2ZHS4DuQhVX+!3(~G@F;LWjowqZRj@G|@Ax9qPM35Azo zJW+!5Yg)CH((j{lgezN=e%^l4wcRYVpvivH?$;M1L}*h!76;P$qFyP&&r+;dXU0o< zO&lS%)TB2Is2_pKs4NqZW^K#_1NV|~h9((#_FmgR-?&27djmjfV0$MRRU6SGgMz0l zQGJ+HJLESlE^j1&BGxt{?)=3n#QV9Nh&wp>^qO#Kd2&=w^{;%$%U2w&GvjF7Z-r4> zM^H5Zc8os8zLr_P_Sm?mi8DSgOaHAp$w$l~QqH;as-Vs7PHr6D(%x3@mc&t5DZh2R z*=sT1d0iB#hsiGJdvYWP6PmS0@dPS_3S=0xJjYTN6@$X`jmpoR5o2{RrbdCgPs$oU zW8Tf0hJLcM$_M@YpkB=wj;SR6&m(FL>hQ3rH0Z0N?(r#_^NyoL<^NTl==&N$XJQqJ zvS|5`71!N%#Z|H7Sv@NfeHV{wVtsVQPrw`lqdVYQ;{6a01dMyZAV$}w6{%TVOHL_O8ybo3yr^St)(BbTR#McYEoUWISjgP z=-HXL+Bze1^BpAg@t?kdw(zl|jh8TlN&ZO9GD-u_JVyEk`{MdYnqMU2KtpxS!!RsZPYL(S0Tr2_jbF1xKua z%D@Y5`s?;w-f_Kj^8rR#kjkAW^_>|3k5WgRBOGy__zUX&IrMeX$!kQsZIB>k4aR)153(Sf|5jR;cezb|R zphl*=k(ykT#+c>jo3xeASY`QON&+_N zZdl~oa*T_qEd?7U!w@uQ{L%!}XItT~S zcc!KB-3fJ3-lX&t4^;I#lFC&8dvtZNOa)2*0jaM>#5tFYo`3> z5BTOTn#$-S%c|8uy-E)JkrJIEQxG!_7a!eY;^8RdJBF=*Nsi8uNoJMX;aarBb0<>pcx z_kX4#>aw-*I(MTgOrVX|8W432l3gZWE9l?bu&i_(D2CY{P=IP5Zq?3sg5B4#Tt|b_K$LSOd-uEi%;?%3Txz{z)hgqH@;Po7z@D; ze11m2AIgRhU-cWzN)?H{hsB5XoVZ)8@y)WtsR;i`_{g)qeT|ppiQRQF@l7BI68K|d z-k#daVGc8Gtb*Z&2Nu&Z*%EBHVf;4S@JbCgE(AsS<&CbQ@og_(H*&7k7TJFglQI#* z{-1W+dah?MdBE*uywYLO@SONxio~{bih-zi@Ryv{cg>s;IK?HxvxCXVw+H#ldj>o& zD|N6mK!o`wXBn!a(DO3D-2u9MBN^${jtw9G`gZZF_wUnmc4ewwbd~U0k}S37_Xh*E z(}PWFc-HAbJ#o|RBfpmO`+jlzCevVjy}`&}ePQZdczw?}-fh-geMIV$&|H1EiVLNG zxbN4&NO2rIal^gpX$K>P5Q}&V7%5)4Qr*R)iYLY&7wJI z${XKyKTx}nBzu_uhOx@M4Yq^b!rQOEoB(uaw{Y9(Tl5$a=WJS3k@yaDgBQ>mg?Rj1 z-n47speGD|pY>ns<^0?%4+&k{0&&gQiMMnzT8M|igvHuWZX!coL3`d$fC>0PO`M|h~W`ng_7O1uFCh_#N6Ob`eluO z342UCOK4|#V|8p)a?f`wl4I%kL@R!~QH`g)+up|1zf-}={WIV38!0S^xk~@(cMx{< zYX(ALSN}ok!-@9T4{p9@iKNInAD8LV@ABkDp4j5g_}47>LpfLGvHsJ`xxCyOrN(VD zik@y+pV`v=uF`LEG=-ew%bPyL#~-aTQ8?GfibTJuC2s}?d!E*B8Z6H`kkkwhmdEfw zYFavJHmeZH*%Q$kZ05R!pzusQt|b~4@{IeB?$OlRi4A zR5v9JTNo@)|5P9z;t{hv!3oQ&y^j2%bY#$D0v1=;RaEkzy6ybUp*p2BTLVMa*r!e0 zgud3IFr=>t?>Sq7gw={uS8H)ug|=UT&QBBkl15bd?UBU$d1Ra-rQr~c)o7CKVk5i z)_153*YCk=TB#s9PBn3{~jvHKy#~c75W~{tu@I|mM6}zvzd{JBZo~H zy3alrT{iL9VfB-GPp~t%Ly!urfuDrs_IM_$hOK)5PifsZQOC#9=__N{MeklLsWlq_ zLe9LX^SI0gCiV9?;32N5zIU9BV^E|YoymYTbw3@~TNi`rn5ayL>1d!}rek+D3*47& zHXS=o4yWT(mA={OIG!Tor3axqx0GU_Q zg-*J3CN;|xT;sk}6dNY1S~CkTts#Y%)>^jXj`fTHEWMpBaPiI-Y7=i2f+(-r#VMLC z^{hpjt=D*c>!jJP<$YSS&1fF_cYJBD*pTIU$yI`x3id7IM~VgO6=!V4Zw~&ZB5@r& z=hA|TA?*`c=V(KLs7J@KoQ^eqQO@e@d!;R#rZ!JFAg9gtjC z+0XdpHP!w1KvV7YlzN!Ehkk$c zC~Z#6vwR>{F~Y4NFJ;td17q7-@=`_}Da6fojQy>#zjdgJZ{?>|#S7-3D&_;3QWe)+ z?N!Csb5RvP{ZM_DeeKj+HBH$n;-CxY9D`r1G{e70RO?;VGyRK7q%~9pmuT=Sbmcr( zJR$AMIqPa&qJh@(ww|MMMDrG$eR-_0-MzcB&>4%fasQIEEG_|;AOE@9*Wp5pD(~pg zp!OlYaggBtV{7cNV%kWx{!WY-Sp1!Py!~XOIfoAHPc!g*$GSYmN;b1dWwv#>(w$6U z@zSHx5V36Qa?BlUb%VS+3#g<2w7%B}et4c*Xz2U*Thx&h`Z8+S{?m&D8sKk>vYHY3o3oUz>m!0Ps`~x1iE|c%BLhZaeg@(#v**m>yiPb;K0dFQXc& zEmPFv5OnC&kdbDb4>=gE7vuJ7wF>%Lp%nVElu>c^+^;7@U+tFvcg}~@=B5elhQ}ea ztRvXtuk?iWlRgmIG~C5Kq5b`4&3}r}Y^P?a{5t~w=|%dTL2TB{F8rsXBDXqOk-Y<7 zqqs?$%#OG+AhTVh?j}ZXwxOO5+Dc{WFu_84F=_j?5_~n#+$f6lCoy;3#anp~eMDAX zn|hreN@Ur0OCYLG2Qa^7Cz^eC-}lVEJL^5$|FmA3eV6jn`;E13jrp=po-vGV3;_-i2n}n|Zfcv+j>mpHx}=_$uP>sXY3O zRL?xj5lyqBBVk8H_F)Hh6rAN)Uo8xVLfk*}D@&-#zMhQSF%yY8{#}!(i3uSiT9FKf z!I)?EHrMl%6fgaK8bYip!|ANj-D|bNh#Czjl%gKL^e(`!vF4v)tmtfmOtB)SKjnXX zq@V&W6m=u?y|_?#771%@)5`_mj3cR0=QQj_OK#%`cHaS6E5LK5wSHe33Ccbem% zexUHSk8K@`V*g_7F^t7l@TV)fj*}w$RCQ|qt&X)UEUM5%;aq=&0~RF{gBbT9OTCFi zEGlaG`F^Vk6`+#5>Gv%RqWutavma|Utcl30IcXO4{%sx2M$0evENW>47WE#!*q%j= zNMx}nuzaa2`mv!9`=9!e!Jn*+UGOK!-n-hQ+>JHyA-CF3ygALSreB_QzT*^}jyVx+ zo--`}v*Sk{$V=i!iGS4zfrM8l=rXSLy(bhjk+7q-pRMtm-DSYG&ICY=u3CHMdtR4E z_#z!w8~r<3U{U4GNA0WDAE-(A_Mo`vtP;ap&xd?c#>SOf^4Bh`;`ePYvyJx6v@GC! zntt$otTJBO>qZTt>AhA?V`bD9ic#5g^u&E82N&7}YxDb(oG6Wo1@lKiI&aAbGv_`i z7VKBWX}By#90m3QV7>fYq{}(DUzKaWTpo>%m)13^CB}08)YswS$l0G4VY$! z`T|Gnw7x9~pSa!aqtO3ROnF!PW;<~tfBqxK4KN^aHnUOWKzmRy@Kx+ibJ-!B`c=LRU}S$;xCg=wK5q z8TkSux?8r!c=Sh?g*^ITs~~eVld;*R*10_>691nxT!Y%2wd&Cm_r)1%2mJc28#F*D z1cTUd3*vL`V*Op^em_P)#;hL`82V+3T|;0gc0FBi0lThsGgWk;G@_=Zj*Ik_{ZX4W z7o$6&H=a*o%wi!8DoaFj*qX_AM?b1Q=bn0qKRu;)8v16X$;hs|6LRus`|WvnD&*v| zZv-1^-7%x|GJdVT2k8YVV?z*y9kd^84iv`!rYsR#4ENK-X8igNm3o;K5qn+}<|D?F$azUpi5i25qY? zcKHyYU+QklFRzgw(-)?)>qA>7?%ZWZ3jemOjPI9nI`;mZ_i6OwAA_Qoz}~QS!+3^k z$pDL_?_jzZT+>yM*vt2M9kWur7zpqB7R55yKb9O1n_sOLu*A=dznQmN=pS4R_UcqX zV~gwkd&Alv?<=e|CM>m;)7f9_)WbrrhIkrF^41;M%b)V2Ir4+zUck@gz!7DC3#aVV z<-4JS#G~7!8GQ--ox^|oPSxn!vXMeE5C6s7uBU6*PUBulf{?_d@f62%jpTWOJSzA!nGo3XK&1ee)sS%aD`MFAj zKbRU_$+M^(^NpHpau@taEz&&1m()U2E8G{LOOs|L$2A-t%rg9;btsF;jP+EysUc+Q|z!r4tfi*VIYvUqtRq0Zm*xQ*IL^Sj<3&|_}z3s%pefq z#J)ZtCRZlE*aqW{70Qxs+`P%!+2TI?osq;zdwWLi9|xL5GIII4PK4ndVBKz;-ej~y zuF!^*i`YNF#pm8g(FI5iJ&FhhPSIfF=IUKa3ON6%wOfHbaQQau?8Yp*Y|j%gGz7aSotK_h2yhveZsI9E;99 zRal<2@I1?ajbdu)P>D6ZL_oFfa0AB&*xD#HXOKZ>u00Pm7->2EQ}048ryuV&yY_r{ zvRbO*s;pkDSHsZ@){GXenpRj=L!-1Z=iF6V&(U7U{q`-pP{+j@C+DF3NTU&cHhGKK zl`157lDL^u9^W4|x&)+PJ>{O{ed-@Dd#V81W6!rg{1?}GjQa+1cvXccCise{zHTWw6T zneX2>;H|Y8=DT+uCcSmbaSIqZ=3Snm!^L_W4 zpz$&&cVNB?3_O$hK5o#N%=a;a5%ayn-f8`r@7JIC?si^omiwNUDlc4Po~!b*7;i_; zTMFkr$iC~a!qj{#R_A*7+s1PB)N^C^sWM%#-d{|G^|m6tZ25Kk$Oyi9m>NGg9sI_CEvcz<0g>=8=L5`K}wG z&%5Bcn~guP5~t4pUou+HT@T+xDDNGAxs}}Yf?|!@7P;$|;}7`tk@lupA4Ro3V)dav zU|vk~Gwbt}I8AH{f{gOCP-<8Kgtqvld`=w=eHpgG<3T)m7%A`XTW5 zVvTGoc_g#e+KP{eztG#Zf8ig=2H=+(;U{RPP4e<}wV!Gz@c@`<@YwWa0le!R2JOoi z{V2v3^~jgt*8$dF@3n)*_ZP2tqsUCnQ8L&rOPUuK`dNnm*00TD5&tc;2?NG)Yc?NQ ziTs`u{!ZrZw{9=MX865bCZbB2g}j%u*IH7B21emGb@e-5`s_qa44wy}bG^C5>aM+< zSkj+`WHy+hlxu@uAE*7xE;c>v(jJ8LPe$$&mjMsh3iXyfxAH*PH&Y&yiiDlPEGRH8 z4d&pl0(XWPflWFx{G+}6`grIdc4;-JI{Fh!R2G{T@o(vauRp$_=Y$J|1hv$>x0<^`jSr< zrz%^2VAbcx(r2`WjfFnUAC-c4QGknMfIW=4xMB)sEa4Ih%*)9 zk$Y%kGPfmAA@od5Zc>_zynPRWjI`ybDb>5s#Nm!wEEVD{Cbn~ZlvlC=*4OXOmXx1! zJ0D~J!_PTZh?7VA7;r^f^gV5?w;vWCVkcNn!42b@OfrYC?~y2ZgLA z1LpIHyeo7iCd&$80{+evSJt?pOn1W#tfZY4jc3Rtw%VJ-l2(*VVyoNRA}$Xk3S67z z*DU*Ig-+)7hQj39{Ecm#cQ;Yk7?#CoKr(l`^$gg1cXXB&+Bz+Cv3-G}dB$kLNEoe< zxUe;^^B$1)e_E*4yMWB``#%eX%Z<2xD8+=LROZ2T_B`M&@VOStV@D-5mk`V25<*%I zVmMO6o@OS}{+3{`Y?MZoya|V(4x3$bN_NkQS z4)9X<>hU(i?s=sttsTp-dS*dp?bx-vTVW~2HihXdH?P!;CF@uQdQB8?wMpmd6GGnCjheLPXc576dV7TRqxwYA|TopC8cdK%XS~d!Z9jpo50mJ zu^8nmgM1IAtl!O3d3Up3`2aH5tBZN4V7|BkmnZs|M{W{{si&#YPqW##e;9CwW-G;e zBr`eHItr_C#-V2dcL+}Xiu0jmro)I^RZZe|0 z=*qPxFB5y{O5-koO}NA`5uew$r9VwlzJtnL2ReS|>cIbJu`qIAfAzxq|5*8%8+935 zI`s^ri&12}bgp4ptfzfhH9kGA+|PRH=85Q%gB*JfBdyypG2w{xsBJ4d;U> zf2S&IbTjpI)%tAT)XdgPu+I}Nhb{I8!CH9aUihge>U_iXyG^Nrs0%F{-k90>5>_=r zL|g!zh*|@td~uN1z=?SXPK?LiZ_!;gtC7jv13yQ&MQ#Br!c#p3dh$h+;YnZp{)pdA zX~kX}ECta9B%HR&izV#`Nzj*w{)X-$EYA{#U0%NaMfdlwmLQ(Je7svMX3EE&`OWqI z56DL`Ibmj%rQW?*^03D8^No>99@dd(5^=?`sjO$1>_?N0*KPj$EGZ+YTW_TxZO}#N z2ys&UGcHro`hzobH)=hRmNYGu(jBK#D32v^R_eWEq9l$Q>7KvHBYswvP8&RSsY?!Bw&{gvlx;#|aqJdQE@9U5 zbx0nDxwZEnXquC_pW)wf&c8NE^6f9Jlhb|Rz-WRkuAH!=t#8VQtjwGC0WMC&zHj|2 zY4`YL8=iL;)zdYNdJ}1QJSM8)o3bQEqDWZXAm~;Wpe3S^Oc-Zj@Te< zNM_dYbF62!a0F>5wS3#Ga?m@8w$_@*x#JD75_iqGD3<1D39y0SFC^6EufE zR`5ew>(gt|T36xz?X}ip#tGlDb=KWV=nyBNcT$?6vs&$0+{9xg4HX%rbXH};TZuoA zZpx+Q#!Zr?KPwM()@!veK-|_FtUom^W}-S=-36YRtguPH+s=4Fn`nkynO49C_$^PegW-|N3M`YiBO?J7Q=bP!{*}r_K`w zZd=~SCR<+=!yMh|x8VEBHibJUOP^;MXR27^3&S*|y3tQ$UhDo*rnTIFmbJcCJTW52 zsMfFX$W|w3YMhdR{fzjK_{O}NSHFK`b@ zU0?t5!L((2N=-GyT}&IacCW-vh5gLt>rBR&*Dk*g8`2DD$Q}wN>FLL+`VkAR?vNsnXlBQI;w@T5CHjRgCs`XQ^WScWY>` z#DN~WWy)kNR#N_FS6sqmocx3)W8j6caIrG?9F523{Lf}lWW0208m>W;EbPfXrgnw3 zgB8md1BJzD#S-|R{X#EUvV8AwHP)6ahY2jx|ExM=(Xy@Jf<;TUE6~@rXqjJBuiCu} zn)N>&w)j&vB5^|dh{Ra&LLfWybYO;<@58==&K}I$i^XFEE*{g&fGJ-a zrMa96UuB^|L@nm{-3@-@(>Z<|LXmb zui$d$K9b8L?7xcmCufPk?6iK==EF|w$83oG<$RhBJFQRr7M7(mf>lZ6dP-t_JxTX7 zBqFD+NgLXRYHvI1y#9}d`&+|^UsdCAp@&uGSuwaE7N&(kfu&)nY9SqmHI*M)9W@EH5mnMH$aArl-!G)CS)h4y16 zKV<#$)h5a?{jR{cf$*vOZ#VKO^78 zJ?z~E8ybc~nJx7KEE**Hmxr4Wz**CnjoB(T89C#Gz{V6y(jL3&PnM<+AIRQNnIq`% zhVo=&e{FO9=3(hA7~tYVbMmIe89Cv%20xbQ6CaY}^`E?H7wHYmChGFH;TLyvO*=LK z)(nOIaK*Id=CvA_m)!$bdzXw#mFR)8P5=n@JYdCt7uii6k=y3dq&%90|Nj`_5ndVQ zMw{P;Hbo>!GVZ4bixT9g%IO6DkHP;8*!JTpd6K$chqbWRUxwN@VKc^K*)On9SdQ1~ z{y2Zh&JPW0JkA*#s#H5#V{PaeH-vY23&vj_ZK%DRbr03l(y{T_S&pwRZ;V#QOJ7KR z6FO%^th~{fAS-LaeYLDf$k^@5dJeDBfVumIb&0{r;PHQo!MWEP2JiPTU0v7(27fZe z-ftVc-z)|%_ONe%tFpSoU^mM{%@3eD;O||>cZt9I-QPX_dZGXRA)&AM+x%)0f-ci5n9P5|nDx-ZpBbv2GC)jl$L75Y2QPn^tUbxs_V0*z&JfsiM+02$i@a zZYWi8X?@e6MQt@eEC28BIp>|3EC{`yd;Lhxd)_(kS)cRl=Q;n))9eaYCZ#ehgv!`K zHFW<-h2ZU$Q2WXu1=faRa8on#lb7X#*03R-RT3Qd4t~ewP3plNwPGcG)Gf3~qF68~(?xYeqq(~6u4CIvSm zoTytEXW72vzu~vKVEnF6+#bk*al_{7D9E%WW1W6v zHNco@L{2ELOj9FJrisPfSBT|HtSkFBlkQ05p^qgqh zzqG1X4{M6HDWpWKy{YsNEq(LOZrQ0uOFoWwRI`dAdOsb)x`OBFvse)Pct0Qms(xn*8L|fW}Fz_P0tNiSa7f=`_VyfrjXq{m0^$AhPacO$bA- z;Jc^3$N>XKZ}y{XN3^KxW8DTA54sM1af^Lg5q;={(nAP%QJn<}_=EvKvEOMPD9$M8 zIWL|TP%!l_zUvs44FY3TSM=b&;-P8f#3EgioS4vksy;4+?*H*4`6o>&=-De<2dal( z^E!BG-<)b3tWA$cufcz5mO)$7qy3>R9r@`p?^D?q-l|vihqvk01!&U5V(68C?Zi@{ zKMn@=hpBDk2jO!ZYxDP+*3H7+!I62ru_M8AuGIUVxl;3(API)^m8K(2OMv>_?b(ro zjFIj1I|l>*J}5i*&5(hZne!dDZ`=RZ^S1{H5VwYZ`{LcL@wc{cb@sR3{x-t#5=ICl zOyG5tjWI?i9&wh0h<*2>MMY|g)qvjO&VrKiEqPqGwL4X6(l9jQe`flNURtSGJTjvaCWx@7>cY@29e zU&tG{EDy<)MvVl>lqn4YRndL<;OB6h|DfUa#QJi1qrv>?4>J}MX{dmKg!DnQnPWEQ zG)Qv z>Iiif+O7WQ!B$3H^mJCv7nRChIRI(YF{KL+N7M(>Poa6-{ScY$0nppPgL9!O=T77b z^n8Cn=VuN!ak(Vfpfs~eP?^D;v;R3HKbDA zt|JZ2e6nGxz3SxSNa+UA!PF=Gl}IYjPU#?JrwHz)dYEr%7$yYOw&nfiP+4t`?GF>8 z&9X>U_y8f`|3xpNTT0E?KHXCA&OdY4-9T_q!}6xV#P*CFul;kyiTK_EzZYq1*q=zG zT{l2zf2_UJ5clCWTHqM~k3MW7QoLX~ZW@9~7>5Pd%xH;g*DI#Y5v&8 zh?aT5KI%8`1n%g6Pp)Ghn;NUuJ~B0y>Is8RO512^ti8M%%gUuAkI6&tp*$(EJdX_p zZ&e+sFH19IeM=oiND(f)m{NkR6~XPS`kK_aE%DTkT4}u|bqU#P>L#~+&^(-&uqAm- zJJzI*r})Vw9X-P)CtsbMe4{4yV^{WDEnEgZIeOx|)zK4ICyqh+UXwZ<{`?v_8s3I( zqgscg7f;f7z)Oe8jD~0OTfxU;g(h$g{CfYd&T?PXu)u6`dQYc>2$3%DHZb;HiGXin z!dX@`i1O<_1;S6atJ+lI+?BGKxTy365#V&Wd@-3{+aByDHxFFZK}5uMf3}s zFE{uZxdD>y&8hL^&iKDoGlG8hljps!L`!JPS@eC6L9+If1Io>YlW+YoC$>mSKK(h& z_eVR?2pLP{{PjQ@XJP+d6Es>^MkW8|x?&||%K5Ik(#Mc;-q!@_R5%N!5AqG8R4R5|rg^M2E-OmEaYRe4gJNNgS2mbWS{V6*Gzak=Qt_xp?-m(nvKIO`m-&nyBUi6*-3WNqj!EdB?<2 zL&a2Y9M&VY9Uazb;?V7jXq&Dza$iN;#`8?!XxpJYuv4z#hOc1b?QSK7jXDhY3x^$o zfdx2MpH1ScN^Za(4jcbu{MHa5Pn`P(+%x#WcbhoPrn=jcZ=fotPqE zN^#F<2pxE)*T57}Q}DHUw7?bx3dPD-w5fGHW8;Zsb>YX3QPKC0 z_4&R&p8R1e0YL(aNg)9x zmfgBvQb3F1msC88C1QimOB1Vn9w{MSdwI<~h05P-_&+O8xi0^m%Imu|zP#Z@X($0V zEAw!5(N-Bh>hIKd$&t{-8ad&51{!ZNsB9~Bb03WepjIlly+D2H2a!42qg+T0Zn6&b zE$s9qi}wumCBNheFbeq-W4#7*jxv1-^Z$?SB4h5}hF@pS)rVBZ@qZf_RR8n!>`e8R zj(~`n1*Q+27qczJyp+dNhhfzT#y{zlAr;~n%LJ?C>>;lViDi``U(rw0G$h!;zUZS2 zfw9xa5}7Xv^&risNM>$6&II5iy#QQh0`M@E>^W3y2Q|8m2B(6hMNAtYrW{FEiGc!n zk(b8{OdkIV{#Quk%@;Uny!jj_hc}-o8NB&4r{5SLe(x#qyZHzwdN&{B#O~&OC2}|K z)u&I%kGS8;mOSj16HV-Iou7~$P`5C>XBGuTml&$w|F4qXq}^ujK?z={kmr!sO}~G! z70mMm+11h~q1Jd80dKS#O!Ik0x@-9%(p?55!>(jOEO_;kTo~#OayT9bAIpXA66+hp zI`PFu_2x+UpWla!DtcChMt&;<)4r|DL;xQjAm2b&Ie*CC!$MD>LkE}3wo1R z(xJ^&8W-*x6AOBd))g|rSybIKPGwhyDv?*L5Gs))ezQ(0kt++d6;>AT;%B@FhTHfA zPsLISI)%=zRbKP6g7!^)!xqN_EE6O;EZ7};aZBcqkkK#o*kHOAH4O;heqZG5faprM1HM}Cc0gUWQ0^uOp75JM^m+Ven!m`%o2mQWcj23^bEK0UYrR;9nf^8G`>~4E_zKrD`h(jd2Dzi(aFEMjPLQ_7aIyt?!M`&Dw}&rv za0}Y=a645!HUFlJR`8IbK7iW@n6~se^0>7(YMKSnA;<$h%!SvE?z6M78q)OKH0ONe z-((&f{CuQ@#d$Ve&cZ37vE4(rm@)~CV&Wt;nt2?JSGh4l&h4)Q2wnYfVP5b7p52KF zr%%u#WxO15U|Ja*CO-~N?!Y_-U)8hCrgwKljd2#upq`gk2t~r;%WcuU|YR_1_rQKkBY&R{v9~KNNGOokAn~4AMwr@ZeXd zKkay2@hqBd8<3seoP?kc6Q&`W%N9VwXL ztSrkrt@K+GAg!R+>PVZTf?{R^(xg;D(@NQRf^@s{nyX8Kieni%F3cB-9&l#vTn_lW z*F5~haUVe6IO6j)B=e?&^^QY7AK07f)QOz_ySRjP*tEBNP&xf4ivsUr6zt)yp7;3e zO@6ET9WCc&P6kQJt|wYY2AwZ-Ht)=3@9&t)yfl{R2}+EHsrFu8gdVPTAJD8)E+m*$ zS~R?Qk1EM>7oU&xSB3aDMZ? z_)fI#t9E|yz3#n8w>EIKqsl{T^#--!Ck60c+=&eTgKrzgTA=3y&mG!i#ljmULVslv zBg$pQtdMgmT5%|d#E9D9NIUuteu_E5{$_E67*M3{N! z+O$3Jrcj6XzoNCcer8Fncd6rQgAM0cxhLOpilzZKIi0f*&_YwK&)L}wZ9qZ;7v5qLDb zSHj^=S-d^N)fu{b+(`alq;24c)e;*E126i8dK>ghescN_+B<`%su(nkK9>k{yH^mn z+Lv85=#cLriooDQ-musWxlu!=w!&{O7Bcq8FdeD=C-^uee`02RodyrEGBr$6@RIB1 z2Y;eXlqmLVG7A55q)3rWb7pVmusfbi_ZC2Z_zVGnhJtzS+Xw7hr{|6*Pl4IEDg5{( z+4a)b6bBdEm(JxkMEduB52XK9x>L0THc{Tv!4rFmn9Oy6uHb#>rR+aW`*q52EvCf%@wzO_9YRDGw`Y5y1WeVv9d@?TGNq3 z+IMEaca+}1xPqboX@ECI?^sd$J~^cv{`YWwjMvdb?90=@0;`F}nLYzH4?XUy!BfM; zj@o;8jV30>tpm!;Ds*?vQ)*J9o|~#(+;0^{YLZ`;gWKw0kqs}>{Xo_PbL4}pt#tR9 zc=tV{-`mnH3w~H{>(bKM^cQ}|x6m|(hZ9q~8h=ui*i_Iog1<%4wxzbM3Lmh>4^`vL zFOv}Mi3B5Q`-zD$YDK^uJDn~_vY1c3sU29}qnVu-J_HVKyrF9g%YU@O($3{_)lr*o z)-FSx^(6Fk=bAn|&l_{;{lU}`@8inv^jWrm*bf;`h+T}^9^1XhH9k*`?+STPW11C1XzNaL#48aMxv+xO_-{sq4Mj@-s zKgte%)Gn_5J`7o`l};QmNGDXewLiw%kNo}q?4m#Z3LhOufy|y6a<^wQ)-%K_gipIzB+6iy*jL#gNyB5 z7QaKW`eUW-yd6I^$+Z zgFlu#uGzRCHcBsF!!_rr3>KOKO9w`6E#|$rWEGFXHJA9j$}3;4?>sN4e%S9@V*#1u zfO^C{tG~fGeE*0Aq|3_D2REuJZmc3%9{iZy-LbvQm}o*>aQwRM=g4YU=eq98KHZ9c zvA18pDx@`gz0EDm*&_O!wO{|wP1cb|7G}53O*5eeBdIyFbsih#!md4dAL8M2*9oWV zevrcssT0bKCs{ATYO>NRgCcpDu;K+uy<{kwWH4(XH3zvL0#PR!2uXQIXetP)B0I{Db>+$;TI*DgO#O zb-B_^rv&v~@_6R_zn`YJw+KSq`Tv8|b$|YUmNXtMMOcdxs7D@CDSwoP`#;=h z;#($yXL=>iK_4|2*^8fcuq&VL!3~0An;qT%&4cM?op~iVd7RsM?E)Wmo)9TJZ=PlQ zTlqsy1O7(a&XDfEW#!MF95rz5a~a682NhrG_EWdh-v9BR+=c?9$qf~(SUjk`|0z2+ z8tPD-{_j}9Ok#b#^nWNX^~cl~?9@hSK<8*SX15eAdA4PE^R-ar^H+QQM7(lU^Cj`r z$p$ZFcJNECE$PVdw;6l}k6oLI4@8$(6~#dvb)eQ0(2ydOJIhUbU2NIluku$}83sTt zy!uzt@B)v>mPEQ(QSS}_$JIgphyW1%_qH5mYdln18U34ipJTdXDqBw3U*3wQao?O? zO_R)6ORugyAk!;K=k_WVOzYdLRln@tEA@v-kP53|ZSG2R-`dyXCY*VfN`KYq?>9n3 z0)KTHq%HI`!lwuXh9%%_*YJCya%eOA&PC&tv|vA`&a?@^!70-AfN5fp&u*XObg}iK zVfq%)jnOq}V`O4Sci+YjrXTd@5rXebGw$@iR*3--JI?SBC&DV6p+@w3yel}(7i>{) zTGdQCGO-EgYGY2))Q~aPJbC3STL?6zo08v@anQ)g5`8jzMJEY%l1b(v71P$mBcaQJ zSpQh)J$3YRiXp@?nu!ItQxtVnV+V`2y>B=V1!$G5R+l$5f3FHd+KlFJ#&Nrdr@mbh z%sq|q0B+^l9cA&#*P@AwRbld}__DY2YtoUMpXUH61?nd!^LMC8Pc1k(ee^Dg2^a1! zn9votI}~)Ehaw=DwE0=Cu;)olcl6}D9-L1PtZ_LwOJY_Bn&khg09=`Fq#u&DeuG|E1?f6u71X(8jfg zdEvtX9>hR7kZ~XsG^;o1!kefiD?d4eCL{`z<^8K`T*32wLDi}ipKq0FHxCGh;@ZP5 zCGC|X%8{=f17wuyo3ulrp?V-#*t`wk$c54Y!}#@78^+3K`$DZ704RiWFDX~#ZeJu9 zUiW*NUL9w>%7xcGw$&vEQpwlGZ5j8eSfeGX!of1}(*R$Lf{XtJPH>O+@z{|?7usIM z!Qrpw;tTD%~3}6MIDxterg>ma)&~mcK7$rH^^RCI!`J3DW%d+t+DrJ*d$Di zW#H{drHtydJlqJWlu@fl4RS=)1_2??KgVDV)?USwgB)5C6OP?aplME2u5xptQvIP5 zmFhMpDuRF7SwJh7j$EOdE?cV|5t;P!EW7nq*DiT~kQ;P{-KyD1;uL5|y+qCE4}e#W zI{WxqoWYxgLrr0l@Emjr1%)ZgNTK89mR;&YAuKM9DKAdg-t#+qP^4VN#W7d-e1*?T zX@;vtj07Cz%4^4H&Gns?=etgyS9#U5io8u?BNf?0OZd>vgR0VyP%%NexjUHRVhybt z7<6q`X|q+081gmtJ03-*zhamxeX&JZfd!1*#m$p~%w37V<%jx?(rl z70>FwimSiso$@NLeAvmbyh#)}<%=}Vobo1F>=kq8*XOA(skvVB%)Lm7-XYPpz{cRM zw1mP+kG+3{SEYZ-noCoVjwGLevI_!&)f|B3WJmLN#%)P{j=xb=@}sKc$5qKsf+fF@ z>?d|09l7W)K+?o31xcgIs-y+EZy!NrRu}WjPqou9{G!FEw(t{Z^;hdgUyGSm->s|J zzXzO^W8%0ctCPLeg!W9n>d?SEP4(;*^GVzZ>sAdTRbwdXy-tT|^-c)1 zU1>V<&4)liN7=KJCqrH)xVh2CiQ39`WG!8HiYTLJKT~7AU16SM0`8bxZwMarIxlQ(onj4?7u_U&p%Ume-cgE#FJtB3vA8 zc-w_A!O~qeJrf_wP{kY@2-37TjCACNci80T%3Cv4c=EB@~Pxv`pzAq$FcUTpI z2wQnTuFh6wv8}v7ufg)L7~-Yz4+=IP?7CX#yIM~Qq%~M}>%kiY+JY1n&)q4FJ}(e= z`?s?hdm|hk=sdJLBH|NuYBvO3MV;D_^xwkg+kxeR6(<=QAN$y#NbRE^fz%EKxZ~-5 zX#AP){huJU|E2LUhqBX%97KzbE6~J?#PM9L=LH&3Kk_Gg<$QbZrcL;05&5iUBbQ7l zPDZ-${kt&WK3=7bwL$T)(}geV%_6-?7e1-yyLs-7ppy9{QDr< zLl-}*1F^~R&%Y4gF?;<61I~pmG8FuCKwkWFnSdKy&=4|K+EfL+6#ragKRV7z{BsF; zTNcflJ!o3&p_2!2OzRP#vD@VoNu7<{|1nxf%=qU#tIYUk)gSWD#qPOS!SjuOwsPsn zk*aCjDr!naM$F6d&!b<2e=eZ44F9~-5b@767o5AV+nB=L8c!D~8*`OqITd56iFbNbAy>jvl`5NQUjhE$1vU~Bm!0Fmb1?Fhi-=Sx3Y zg{$sm(K-Lk_y7(<+aYV4sA~4LVC`|XDgOR@C(`E1t98Es%T#Dy(zqUHIK>O5dla)3 zzyo^=5;I0ehNY5OPH`1F8OJFG8rSR<8%UPR!@6;DYIF_L+e`VX5JTkgt1^ZnipVfd zl+TuAK%nhyo`ed-;>4dq?kS+*;PoDpd!lVK__@FAgZ>9t)<;r< zUiunnV3HhCc@akf`sv|fj_%!EcqJsGo+P4K71T??_Le?KlAXDuEtu+LH+0Sj)MjNp^ zB*k`ZwJfoTEnV!Q$g!rb*j#7UVtcmmdz9@d$kTRJdF9on*+9MrM*m-0+<&VY&?Lhg zAPMFIi`CaoDSMd5L(p=JZSfa=<9G@E7>9s#C^aT9bfACU6%6bwcW9IF%C~f+=LPo8 zY<&dNp-M6u*E7!jKiNLoZd%sxXr7kBmV~9yo>5*)qNV9nInek5OWmFl>#)S~Zf^-} zy2xi)hun#SGr0dYID_w3ZYO8(_VVrH3^o#3dl1c9RzE+_F$cOx7v>;PkCO`>fr2?$ zXL*Mc#Sdr(#19mZDy*btK>R>4sja!zHM98k;3g$f+mWT*U&hy|ujcF2jqkz{r6ZHl zg?YjG(*-gzG(NR!9h*C2Xf$8cd*5T^{(h(1^_;Qm`9M;G+~0=?@&)(z6-s2v-akBS zBeA<||5wX5F;7QRFe%ha!_=zz!2Z+f?LX%`bX4nZu*k9O{P>5V4aM=u;aLi)aek4{ z$=>8^@-G|b>=!NEKX9n^qDiO?8vs7iasJg3|7I7>ft;XXiurhDES~%u zx#o2R)+72L|MUZ_uvxkw-MRkhEw28}bW?nf>xlf*dy6z0M93Wf^nX|>`KP~bzvlX< zzs7Ha`lp{+kFmBM{Ga(G^iRJ>)rslkv=hv%zceo=koLp;K7M@tfcWw6B1sa0@lPb)WZbL47b9s3VK33(;f^{|zO2uPO4w-6OzLl(?uRKzPM#iBPY zu>qiHknIb(X=nJ&{GEdhZ!<2yH|E%Y$`>x*OBT46c>3t)5);nZxz25}{O5Y^2~NO$ zqvuYuXuJ@-3f#L}q6%*TLkEX#ABML1AOCx;)VAff%Lk9c;q2Gzg=-TlT4lecyZXaA z7y)Hn+L;UZ*>q$|o*?k);D&>q!2&sMHSza|^2re6@hwlF){`|*3S2v9D$BClA}}JF z)YLVxc;zYa=uM*yv&+nu+LQCtu7P0JA7I)`^lrJ98ucv`3D*Zm_x!h3K%D>^@eSrz z+#?f*S}kay;;EgUc#I5P>k4XqLM;G^D~`XZj*fxtVm0ZBLux7?k6!;bD=8r~b;9Qb z_F=HQeWg|t%ZIv_D_@&2+%*pecY=6vw!7m9(np-M1#Q$h%tAc*xPGW-iC^bR7=-h~ zNw4TlOqj6~%Z+>jPuL`Zx9Rl_)bo08_cQQTcDanhUyr@T`hji_dlR$hB7Ots`YB&4 z`|!*kYe0r7xuDf1#qQtT)z@#Ru~7)qumFRt0So+@+GO!>!7HJ4xnK*^MkAXuxR5^` z8WHryQzL>zrcMs?XAF;mhA+KDUQ~8#QYv~Ig zQ$2hzmXW}Rx19cHo|%4elVkyN^_yFwH{D{uky&*Bq$++bGjB(x)f#YA-#tU_^QrvD z-I{;p7EP>v+=5P9CBr4JCo&h^1NvB5Cl;oUIPG67`6Ud@FL|9`a+dmr5!%@V&d~A} z%Emn%Uy|-GS#y26@HfX;&l2=GJ&}XyQyHs3S%7`F4F=o6DR!#vbpHJg8i-MidZ)h1E_wSqU^8pm=wn%9`5cZGPYGLq5wfGBB}I8 zQVEGrv}%SVMjN2OGVkQM=tW--{Q}r>7_1#Kk!BKlS>Q-W%#gIx0bt|_l zhEz*2q$<_-me1;YR6GiGTSHx?n_FYLafYf3WbH%-ZZ(TAXT@uYW%CrypO|2mE0+d2g(i-F$ZIvD8Evjvm7 zXel{dK$BshiCn!hnEslO8Uebv|51+_{uzNsRhijv*f{RD;MNysHv|?@!WioBIqM4- zt*;Ois$oLKf?!4Tn}luM#J1MWO{$t$ZAo`?(-vE+84UgEVthYZK8WVkRIZG+{n+^9 zV-m+&RFEmLc;Z?`1(8v_TF3T`t~Hf5o{)-G>C$Yrd~fh5cGaG}$rJYBew(M>;0cJW zj<0Ekc4K_ZPt}e*aA47Jt4z1GehdiC0e6Z~tLdHNX)|%=h9#h_an*$>9FM&DG zDW8u&aO=`2x;TjQkANsbc}r2u zD+L3(Vkn0x{=cuX$nB&HeesAPlU}ZBf(Wip!XU3KvpHX<=f`-?p+CYRgN6?cc70G_ zylqDLdwpVHh(4{#&?kRC&?1|Wg-$&VeOh371Q$z@Tu4QaR#_g&g;exNV*_phIQy%s zvu2gnRU_|VIMO`~m7|{73pboO9U>wSJYg~6iV9I6tDX5*?V>xYCOpCZi%k?9qxq=iJ zidlB4Cm@R*VPXufSdEM4rLq?JPR+$F<7vE%wc2-$^2CKWxZnq7q8F?}E;U1;8KWY2 zZWq^!0&DgT16_JiY}uurwl4N3HbV%{N|HssZEa8WrNrk2=?uN;h=Gge*fwJ$LCtj` z6{7qK7TY$|esje@KI)RnYOdnSXeTNI z-ZVJ~W>x_TV5#Yfh+lnH6`0$j|KTvc81zCA4W69rj*_%$4j5iLDZ}fqED;ecB_g6y zR?rng^RE%9Y-V^W`NhMN7ftTKv{#@{$TeHX10(L=K0FZK5A>bVb&fgxn>svu{d^`} z`bz*9nr}o9(X;2OH~=q?Cp#Q}jGNOnYEuTYN#)p(P~MGgnp?nKht*OVRuLvWN9aglxO1|U4sX?Z^Y@QenKwByY+rTM{l)yLkb8aO7g z7;)Ki3?S>ZH>#7J+`0!#RzsXCxj?CIe7s1E9=W!4=<-WLv`IujSU#8T-k3Glqz+=^kSH9_o2%dCAO>12NjKbSmbevEw zLEPW`5U2Q_JO%2`%7gE%gexBGx~~!a1AYdh#R|gD6Xk9vYYuI0=8mAAXWVkshX+ur zxVHEYqiL{e3B$MJw-evS6wo2bK{Fx_y!kMg?>}tveLq&rcTX`)H~#<6QXlT@;&FeV zXF>q3oLELpbYlvy1%c_v;SpHxsCu3rTlRLydS7fcnn2C?a}~99!MRjM{QIy3Vg=Dq z3M~Fgfd<$ZwfK-TDaPrW#Du-ABnMHMtzldOom}bkuhyr}f=|qk!}#ydHfkL3=M$;O zOO^_U?+*MtrGmzSyPtwRRKu2&$}G%K0fJ0XbdCsDb)p67XAaJxd7NRLpvi0Iq$+aG zoF8i1AZG?>oEJZRqj+a$y%NeV;CE2I=&4K^#g;Di)_-T>k*P;pS=&{`#d2s%E3fj( z&sQEJm#&NetSd->vXeR5KLxCEa;PW^39ODm+HPiH^{M!T1*9M=KFK#P-7A%iD@-jfot$29_@-AaRi|DyEg%~aE+Oh1{N{&;wn`8QhBzGKwk~Q z>lR59)-9tNux>etbc6mxV(!~8Hg(^3M9B>fu>HING`QzUqS zQqO;9*<~+Qv6h`yZkznLi=qPkadEZArwE0ic4~2~A zsRej=Oiqo-=qGC`$8OwBp7j@kCOP7d!~K|kzrSt2-vP@%IW>tL>-)V8PG8_KpUwoY z4|CjPs||KL*{!(_a5Eg2XDrFjqZ$ElFLj6drAJhCpE26O0XLj;ixomUPDtSrIjvMo z)?v1PcMzleAnN=e>Pgv!4VLZi<(QRO3iw^SP{q}0Aspo!eZGX$cA&N^wC3O$j@HPu zcGvwQppU`XaZwv*Jra0U7|Rgc{U1hces`OwjYlgYIJf^@xHXsHT>XRt?#!ihvv-H! z6wzRo;JosB7D%)`6$xgYb?MZi0Y3D&S9i-GV{jTzbW!NiaM&1!^A z2Rf*?fC9h=KfKkcK&%imYIB~B46n|(B;9D}I8;=7{2TN7jjfF|^l@;$AtKt^n^{(} zE2Gyjbl`<98@2B);F#-A|Ky(5-FM~<+TB;$>F#)q6J3ld2)i3h{lDp{xMam7j?O6q zMO3GbE0HTbxc%)l#K$m)>;K{haYUTu!yXpI+Z`9xp5*Fw0c#EA~B z+f@j-rjR4B!INX$_THn9P(DKP%x_T>(|GyK$#MhpP&&t7$|6@R-B z0cHdZCnj8Om1VTTCcxCHDi;tSI6==0sWy~iV8?W5+8grIk#{%CfgJtL3D(<}UKLLj z$N0U6)jT*)wet$`RG)3oKysqnqR-4+M%c=H1b?wXVFG`~iqbCptG_;d1a*knyX$cc z+!(5RtW-v!S!)W-VjZ6*zN(6Ojb?3-R>f#DIW_JSX9OY%DyF!l5Oxw~v@{*rJ8vhl zW(J)Fkv#R*t}S!$HmkJ8EQ}=$Wv@@F4a%+8j;#{AAT~+JNmx$2PMNP?STQ6IawBgc zzP6(g<@yD}C{7CW8nbMF?aW-SopI-lgicjF7rn-P-lNy%0|di(tY;j^cg>-Hc#`jd z=p#?^T}c0z(2>ZIjT5gMVGeau^Qvxk`n37)5F3UT7qIq0HJ}Vb4 z;OmSE$K0+Pn~@7o9=V-z;axu!{A^p_IQom+r{I6SQ`+9gf2vo#hWXi`6z0cL&vR@4 zXciJ<=~wJ@_zR^Zg`h8=9_*)eN_aR!))LTD*xfC1Be_9C0R@~vpw*GuuY5~(>(_$&cf!2OhA9`qjK`BF>mPQ}d)9l*czjH!TxQ0CHuJhbX(e|A zE)t8wU6|!KonE#B-)qHn@rBV9lzTcuH-42by@E`4ltsy~heCj_q6> z%9#;9nA3=vV|4v;q zbodi1)(;(;M^JFFN`=_a$*1~$8}=RDYmR;A6%tuu8eU@hScXREcB0a*$DIl&TqRrF zZ?y89Z1g@-aBDc~rWZp??sxl&W;R4-d(rdMBnSRTMvHhGON6iP%n+eMwO$Q~cq7Kl!@S0@Vb(Xp# z0qU~hKQP98-m8l$E_@kwd7aO@E_<;G`ena^KXbb*{MkwQEdJa;4*c0mVlhmY1sep@ zTRLkhJEQ3r5k+fo+#&P@D#Fv)LubXS_g_9aecqOu%D1oBi|7GzsKL8p|87C<@F~ff z*L!<9gI_Jhaq5wpp;K*xqFc#JKJB#k9{5dwuc!fw+CqBbvrn zg9S=6xEOn z@w5{-gMYl|6iC~}poHe58%+T!$gQA4|^6Sdh| zEbk8Kgw7l7%rNrd%+FlU3RHwO6M1D%68p?>I6RmKF` zM(aaFAuA^_lgY>Dti~$Mf7Z(Ob31LNc~fWx zPcIR?J2zwFua#ffm(a986VKb=`0w$!i__*b+H}sRw_5#1Ng$88I?Z@+6O|<1Q%KJ(3(?K2>o9MBke?UameClAo(qm^mCDsdn9|5XZDpIV8vsj4}rRmxNGx?(91pF1ZrITW7C~wbRyggCA3Rr zg>B1s0o}b4EPC=?^Nft4vT6RhRn;*E@gdK;j4Mx06sjU`zp!9bWAL<-esed{FT|I9 zXHnZgv#W)boWvkK&JI^MT{!Ck2+A1+j4|mw5Wc53C-SC4ye8oLMb<{_2R{-hZ(9s_ zu#ek8#!C+W&2ss0mBrKg6Rt;GDpr=NNjd>$kx?IA%AZ-K1@;#utC-W|$WpsRE zSM@mjGp4Z1!CWjHTy6MJ&jaB7q`qNRR6rZw`anLeJbhAm4YQ6^9lq}@DD?__z@2~H z{_FZsYV)rf_8Wl8`PXfJfX586#!p(c84c;{UkBoJ1{Y7Ry|b+Mh&$Z`uZ%!8{fY2= ziiu?(*{>#+VgK`DS!n-ziXTllbIut~J`?p9s_0h-jxHy_!pG)Sj@aKK*M zVVq`g>{nKV9K(05X5$zd=~qcl6oOr%t=EYDovIQOPRJH%u$j=5p|{1N6;xWwunc=y zAuw*aly%pR<4dNmI~|WpMK8vnmyG3%0&%|QX+l{(m$(zhxVC`HBo^&I(BHRQ;rx9{)dQ^O1FrVaco_Ch#X>_xB7&-ZzU zh&|f^Pins-pXLd#u>Sg8EOQa**5uPhmG!Yry`!O;4-R?DaY)7b9gJ5(+J2+cTf!lg z+v~-~&1-&Lv22%BJh#g#ue|GW_K3UdvNtpPE=xXDmqQZgiI(rA6C-QcTkh#3?LZSK zXPqPZpSOL~KKS+b1%%rs_V?g3>`1)MS6p!sRK8eLzDQIaf~*@&Cc)yw;LW-&pBPV# ze1hW!PsA&qzWmU5YNt1A()n+4|J&;hDJ2o3lOx~kDGWZu7o`R*-LU_seyFMh7e{he zV9>-i2`=Ri7+L)j*JAL0b~3li-4{U$Gt7t4|L>HxI{o8NA@$ko4G@wG9X|{4*KEr! z0rHbNg=N(|3vp}x#0F^HgwV@K#Rh2IWOD|0t7uUCngfdk)THl)_yLP0mUT8+ecq)! zVBw1S`$vIf6&Dz+QA)nk=WTN!{AokzJNq5sZ=L1)M@FFU;sIm9_q$zhT2+kRw3E`C z4$H#RSQ=jF>yZE)@)um_YZk~m^&R-E4(1!~s&_~;%tvm-gO7jjIq|fWgx2^AYi>PX zr#1Y9&t9SV_c1)p|9FVukC&Q-KV(cW8p|=)FM|{IS5;}=W{g-j?wfl!q;I9;I`Ofs z!BM(jW1y$zZ?O$(|Ftp~eAL{auC@jZ!Cg1x0+xv3pz&1Q#dDm+=>v8d5ETDe0!%s( zyn6@6GkbkKQy>+%I3}sUl}f)d&)#R5uTX<7ZsCF9YrjABOn+W(h2)2`Z9fQstW&|szUIu5sLr$Ko~JxERAL2poY=?^79 z!C$Q1pY@|J8*J6Btotz78>~a9*rR5#vS2SOpzAb?U(vQ_3!migU%I9s_=kB|IAJk# zd|KS6=t#l^rIToceaG+8riY$?ua> z;{~q0>H`K0cv9D2VW}3HmvPTvm1P&<6ulL!PELIT|F3nycX5`<`0uTaw!I;axvlfR zb`pXiF5g-4njvc(BG}HFrG4@cjB|qPS~wX&FQTcPW7*fYgK1T)t*-MJ@;DxAE{8p( za!ous1$u+R8rM(E(!Z+})Uz`gDp3DxZ0TN2~eR?$^rP&hh-+`qT-KA^0t+AWHus zbR~N`N7*CV(l(Rkz={_l{!mYjTibn!i6+uou&Xl?6$85^hW)9CfqB!DpC8D$c)vKT z{JH9m@#P_#e~tzMNVeKMm@%uCIg^4VSzDW!P;Ou3+^@=kyiqW(F)fy;lHrdrHXV*n zgK3BfE63>3@;Y}~f9*#Se7sG74+V6bd#aG(O1v38Rq?qL5B}D!trqDjWiZF%Zkd>{ z@CEg{P=ML050eGPcZYfDM{Q13Nml-`kLY-4Vn76v{hc=5o8Tn-Cmv$zJ#IQuvKDD*^FEr>u_GT2rJ*yec3aj?YA}IFvs0pF)tewr zm5B-CRLM8M|U#LmG9&EfzBY!@4 z;b-c%Nk}h0uj%m~qW&DJ^s3H7bb$(*kmP;}9###=NW!ZQukABAb++-3;KHUICRe^2 zZR-RnojC5j?j@vONK`|HeXe5^nMn~_IrQ{7rB%mEgot_)7aenJMEZYFpBG9*BZAvj zJASWR?SZ%}NZW7Rif=^L^q}5|+f?x=+-H%`$9-O760T9X(CI^J+hWUmrWpKQMm{T) z$s%+DnP)5fVfUtgY=t#6 z9#Q@g{(Q#8n%Qlg&yd#8Q|C~(B+gL#E|f9Ci3EsemAW%p{*VT^as7X=r@vYv3MOeM z9U1=v9KUzhi&Wv4*H6KLr{x(<9&YxGOtJjgjRgEy8BD!X1D31L#Gmq%+!O{Pu9`C> zG2uA-YFKr0DoCz6eN|CVW#!$D6Xp~W*qWEHCNdU0Z==}enF;hRMxVEOW&(oO@3@5O zhc>|{sfqBwMn;m{swjZ|d*=2n^I;fKGhBc6LHvJN#=feEUM#T%%}g$|Ae!R;YmrRF zQ0ds5Xq`iscer4hyl>>aR=LG~M^9_NP%J@oP*W$d0O!h(L?oI&Lh zbH`I!+YAc|ZC@E&b%$2-`QS38Ihxo8wbsX)Czxpw*a?Yd^svf=CzGH163KlrOG_P0G%BEjZxs@M`ioh`fznoA_rRt`g5M_v`QsQ8|J# z#)ke5IHUd=mje!Gm()&bMt-sp2ONTV(4|@;Mo_^gkFl{1R+lJJtL8vVr%~cGSfPEN z)U?ALWE^nvZx>k2Ep?r5Dve?ODUx*pl&fh7&U?(E^$s!}=2Me3lTLuhukNBsi_ejB z)_SR18H>+zm$l&D1h**DkIJ`e-movcNXJK+PwCi$?+>Z`<*MHKAgTv_sl46<=Tar- zKeFYlKISOvtEe}@QPvOCpCwkbz^gxH2ax=KwtklUbE_uA=|5Mh?Tr2th|8S6epaQt z{*wSoG33wNcw_ocr@zlpf$n7V1-t2KNayH3Yh;I${&Nvi3qsO758|TJPybmL>Ob9? z>P|kg9kz-G=|4X*-hbM~@bByl{hVc2?Pw!*oM4nIb+9j`Z&hlIQuLo+$g_-ADuL_*ryYI6-tf@Oj|`<+brOIF%EC+3)B-H(1`8aV3xCL2b6C{}es~NeWGc z7GgCY9P-rvh}BS6a#@YA%OR`by6n!Ph}Cdi4pq3`@(in?E@xSd+)jG^CkU)2ecTYS z0uCR9xBxr=(T`VdjHW-)=@Ygs)L$1q_RbKf{QVmw+v|jc*a`O_)dUy+@x=`-UrXNh*1(9 z0>A(v*I4)UU>2K!bu?`cf?<0Y47eqI>3!&tQLBN4`z`S}(S|y+=NC6b)9<6eh!zdi zoUGE^6dhNj=XLJ6M9&-CbGe@LsIDe;JbjdJnh)uV9)8d2^wFK%fBv{8rC@S$r%vLR z{2AvYJwk zrze)=3Pi>%MAm&epA#i+E3zV8R z%s#DU?lYfi88Zu`Rc&y*SRWo%a%0PYGfN@i_BXGD-DQd@2&N^WM^wUw0L~Wv70&J? zbt$(23Pwx?B|_cf`jOT7Nm-v7+% z5kiq2sya2Yv^w>5&J|XaW74TW0(&(WsgbvJ&N}tlW8elUm2+AlLb&_pFL6M@kP^z2 z@C2pZzx{f&Z9H->O62atNZH+pLGx)5jH9($E{el&`o0`k%mn8i)SUaD2tLSvZ>1BZ z_2$cZ^YOc4tPS#3&J7`t_{2PK9rWOzF8Ko3o8HlV`_?QgA^hE4TEws%2oium@|9?r zK+tF*AgEOG)dEX#1h(J3Vnva9hAE+vL-dXNQVQ_eQz2%Yxwlp zNA10L(|E9Auy2)YTD}IbxoQx#R?R}W))J5+kf=#f1LUbX`MNAiEV7S|CH-%8;-5oj z6>x9+cvtm?;Hj9Zc15<`1oc%XmscnML>G5#KEC>QRCB?_=U?7bQ~9;#!>7-_y5O9P zn-6TgdPHOMezdh?^O(t%2Q=?agERRB`GNT3GeCM~Qut*}(vGh$q4&oKTC9oIRB8wqccvG1jf0J zHA_vRh#Z6bvQx7bhmeI))4!jsFN|AkTiv9yAH(8pTcUGu?)!K9S(SV_TsP)ySaYrB z>yqZ?6Ig}(i!N$DlKCIjysIrWuXoTI@V@EG@s*uGFum{)J9~uyc)2R+=oz6zx6D!F zuD-?*uEwV0rgQ%tbsiShSsK$}5x%G1t4~NBRW*Cd-g}>W zY4a(n`_hY=$A{~i=`%mNK41F9eeQ``-Gomt_@@5RVdcB{%6G656QSSMe;Nn;so(XV z`nTPGk3UsWwCy1eo#$Q}ZTlt9t{KxWwB1Httwh^IMtn=rwuFjl1sLnq+R`)rz`nyW z)|M)Okv^dm-&-s#%v(?w{_-@c3MrP3spx7dpYvqXs6ppyPsn>|afPDl-9?&t7?G(=Up)MR>OLImfNfKWt#b7+6m@ zu%d8a!`;9RVYt*H@@c=Qn%|Rg>vvAH?E(GLI#ZS0!(%uDkHp9Xdpx|F8R*muyd7Z% z*74_Ku?MxT1Gd+56SM$)BhmtP4Vrv_B zP^cKV{JNLY_4E{4Cy-&~W?kwjdn)wDcphk$$q(=&Me1krbuXm;@jq8?nbQfr>g+i} zaB9D@pibKGU&FSv1T)WqEMr^U!GmQ_WYF#r3xrPOqSE7PKHoz8MUdf~mDctwaoyqR zo5G(T<}9P@G~dL>ZpAYC{0`EeAwt=ldKo!2m5R?S!4w@t*O{)Q?3>O`YQYWU09&RXhfIHf2tVfk-W1t&R9qBXqk;KRftUsD|1X7#vN zO>mA^7Z9_ND-4p?lyLu({|rC~G?3)!W%gN_KtpeWneF0FoO0qZ_9=rcTznoj*Hd_| zTJk0Sa!w^!e7kd_=&+%4jhKN{2wtK=gr{MF&yXP8u4-7@0-IMSb8F4#+xu{h-##0W z%P(?;x=`Y$)jorcS#g*TRTtb`w|(nOvlZ5C=#UzoEA7`;+M93fIeHl!HVHZ@V0g*C z_HY2S!ekfzc$@=Bq5MX$@ z&8x3T2t;4H}4CoJ?60rwx0kQ)B%JWbIl5wF}Mw)c90|h3#ssYz;at?!G-4 zTt}1Pk*&GDfw`t{V{06+aM!%Y_Ew{)lvG2g>J5JL`O8M8+(1gLe@}PxJh&ab?64kq zce`J{ZoOQ7`WN)_lx_5~?N?jt9{J8v=G<+52bHpy#jM<7o97z8 zQYv z`@_l54T<*HTTwMqIQZj2r@ZYl@Z0W_u7XzSC|4;(G1BYv>wLbzI&z0s_B(b!CRc|S z7WZ*}*060bc0qm744mAU;By*6 zRjPr)>=l9#e1pPJ5Lo2YsS4hjwoe&tKCdJSYZ7l?Z`D}~&AU@?uI5dD1=z ztV%T2vYgGA2nFnC_*OatscGZC=A=IMQkknAsX3ou}2 zWf`qJ6>ebUGtOAs%D7of2Tk^%Enp98G$m<%VPSCNSY`A*C;sSI94 zjnWx^p}ulMYmyboky}k9?sh$Jkg`-HI*DiI3A<36{cO;csfw8S>3jiWLNT;-sJtd! zJ0x>H@P+90v+Vt}C%E-}IVZ)Am3QO|y^~YtpkchAMCZ{HQ&a>x7MF^t4ogUWP4c4Q z1vTjdhZFzdm&Q`nBuj_)>{yfhTTSwv;ODrn2q`yIr>eR5_No$A>X4=Q+@+m`&pQ$%Nd-AjUW8S0l*|3_YM+Edu+`^~=kJo66c4e;QT0x;C-hK+7~CIEuw9mtAqLzy@9U(N82MytF`-;m0xZ ziS8(fD0pcmGZ-=oM6%Y(ve zd8zx2Nf|cw?akNdX;ttEY49O`SRza|L84Bd^VH4hhb+FxAP)cF>^EbzT@&kppNkk` zT7Q65LDOxRnk$5SBAzJPCE}D14{W1Gn%l(#L+c)ddo;m=R_F}%s+;4f{P2Tsl zfBaBs4;8$@uy@m;U~MqB$o1IDo8VEt@UX@Ilxn?8xEN|80wyXh>d{K0 zq8>42)Mu|ykW-ahO+-onF<1?)T3tv=H1foX22Lrg0)M}C5cvDiXSNf6?{bEpaW!DD zG3bGWZqd!mGRQtN-y!b?v=|`ob#zwD(;B59Z%d)}8|=N~8MGkAGq51yDYPI(q=u)p zQud%>+rxYwI)LW;OA7OXr#6cJl(W$x_jn+sy;uQZ`*AkfsYL+xe2}j+$JxkQ@56uz z%wpQIjhXm6jiH;-o8kkrZbnz$=-rH(MW39Gy-9-UfJi)(C}7S;v$T_Yf$y{TN9&c? zjP9+Q9Wc8>DsDW|d2VgVpV1L*TdjSRj$FPQ4niOHuEaySfZ=Lumb+;BXELxl1kTtm zY=g^9h#<8b|8w}y1`Jq)VS6$Xu*095+h1iL$-tESHVTQ&cl$~v7V9drGm2&WdG!iy zJ43+ULz?5%k)Is^?%=kXM^-q@2ksDx?&}+^f-MvbUOXF=l8!9=40pe;GK|E84r|KJ zgwlBS9X(CV{o;e`nX1kW~3uu`Ss57@7esRz8zMS(UB3FG#BO%xz|QRRPLFWOFckYz?0nk193>1$HM zs}dDN=9VeY}=JQ zb8=cC^x?UWbLj(|0CBh3S&lxG+^K28ue#R4j2tp&HDiEG1jS5|4T2Gi=%p@`e`yoJ z?7d3ovx^;#h&dYZ>Q7bCaCo`mj-JVmNNg0^xL)12!!N;KYiIQN_ICSLd|)w% z(CCYO+T=bJ8fy%X;gmD1qxW@0X4>x^kpahBi9QE#RB$&62A6!ph|I)~ATp2R^2q&{ z)}9d=dY>gSv0&(B0)J7_%)y(_|62nyA|tGxLu49)7tKdSS~epxFIrK?k%>C6+6suo zJZ!%)Kea_2p2qx^AHR^sBr^4dH0C;+5uKF^X^iLv5?yXEyc+wgABpkz9qnx$k`3m| zdg@1Fa8-%?;a*&CZ`)u5=D|crV0!QHv*1or$#I3MYMvhm?Q6RsOPKAfg(o{<=_Wzd)TmSG)8W9@x| z!igSr>UZS##q5C}f1uH@*Af#p-74tcS5xe2D9~)GlISjIoOzb+hv#CVXleO;xpZWl zYC2G{Y8hXBaNXT*J?qpCovSBhJsT{$w4Z-$sO!!8SF5QXu85Z#ej}Pnf`9#eJ^#(iW@t6{Pe&X4$3Q z_OQ6$eMJ6@4Q;Eq+U}%n^(F4}f=cu5{ktlnRRiPHj531Wan;5aU1xU`X1=Cz?!{_% zznvK~P0hK}wWj8bw!LK)fY>F^RG0MRqk)Bd;h84jgY=D^JxWGFR8p++KcoX()ZWfiT13f0*H7%P#fok~`m~k6kgx z#A-%WTr(W*_Y$AiewV`g3Voza&zhD^ZhKP4xS37#3-}5)9c*vLt@if^X6JX|f7$#t zU+J#DVQx4}V6&6N)}VK#M&agcn~9pguX)2c4}kY9H3flkA{Rg-*TvW#~B-tQok z>aie{(xtX66ZBlnbARL_HmW4nF3mCf)|+=OJ!t@P5zQ=#KGavkd~a4`B>d8lvG4p* zo+q={yERy7b1W8CbFC#Rv(%ko6zeJ|HwST2v95x0BMzO+yFGM;4{La+7AwYd;`{OJctTpIm=1FANwvsY-c-2qj7HE`Cl^*NusOnuxzvaC9}Vce&JvE0gx zF?XE}6*dQn{mv?Ep18VCe6HW?SG4V|bU^DlU#Tf?I-0ozY9eyIU1WJ9<-GO=64UGK z$6pThH+$zW=`s|0{mlr`EJ^2B=h#k@O0*G_yfv(Q8J08bf5&J_J_&OYdh{ zc{IDQMQCUK^JcB3DX}SCTa5i(vOU$p6bH3hN_K-{!WSXSK;A|@wyQfh)}iHa<8o)* zE1YrUPkXSzKKqR`jtG}z%k^QgF&#!0sqBtYM5iO~{aH4~80V+{A~t))kJK?^v%#QQ zHoG>s{e107VdM;({Szx}=i9ACaoU;l?RpbTw~xGu&-m^0?3-ME`&=s{etTl(w@{^X z62E;RyFD`VNyu*Rrs~+kj!*Jh9jy{Z!;s@X7NySXKh#M39c~xW?ZLRVF$YO-DMu+zPN5OH`2Px0B(^ zXW6q;uY`QL^kZ*$&b*V~2g4p-Q8NfOa#yK!W$wS|i$m-Lmat*4FAEf{3aQgk9>5T2{^%}19KQ;{z zPd6R@`cr5~0mIiUY8tfRG>tVN-*WQe%QfX9rX}|KQcr{I3NO5JX1Y!+z z6#npQ7M#8~Rru}0N94`kc*{lCrLX*ow_ncQxa8TE;my0{pu`1*;aOVW3Ef}r`^6RJ zATbx^qvt?%uTzb%O6sNqyYvw^w6byU`n8ZIe%iiFCgApxw6+f$jqA)idLqHC-)5c} zpw?d~9t3Hi@9*=1z^51Jr*z~8n;GMXK4XO9XpD_AT`vGvZU-f3e;~-rqz& z&&8QCv_*t$YaAN&h<$DN%U~5UW%vsscfo;`~vxa(ykWGPe2wJzqPMhs8r$VaW*~&j$;PGVPVORZUGHx zt?`2p)Ccdgg<162{tg@3Z#1}0W$^pm7{LUR0 zHH~HcHvZ_0%b(8OUxkM|SS`?m{jQe|RLIkk{?DVn0TcG+uY?o!v+}T^D+imdk9HVj zy2LyNOCGf8+J%maN$odX6&w9@h0_#Ho8zC?4tH~A+*gb)k5HG}@aoLYS z(m)EVb9k?paBfMB`sr60f?PF@#JA5I|YD}tJI{_B&|u?;opok**>6JV5$ zy*)oD-$TA($li`{=8O|+hLA#dK5S9r)eGry00G~02)Tkk}_XX%` zsx{}9k#msC@w;JAnPptXU>rhjjw37 zq~=m{le0LZBtPn1@GJVt$^`qIsdSZOqd;Y6uh>9>T}uR?IWN+j7n>MOJ-K4E3qQEe z*ZICLcVM!#WR@InEf;?9)2-gYBmQ8O;}5Brf(Mk;ENM1I$%1wuY^ z+d%G0%yV{I{MwvWw$jCMN4lo9jD4D(H-V-YF&$V}g~&VDkO^hJO8_9r(!$1iBmT?m3#6T!mWVbO&FVYyalnfI@9&>dYwA zOg>rrJt@_wJGUuGWxyd0vF1AIfrzW?_y2@D*WEwlX6VeoJf|620zv z>CG6hkzRmbdsj+O*!)%YNI+iaq$sV&mgnQ2y%k@!<=DjgoSohj--0#~Z%rbkoT*-= zBR8m_q1KRLeT<|o>UnLgpeh_stE%Q+itArN*-?|;^V*se&Z4}WlDgP7Of{M)HfZA4P_jDN zw5GRbRIvP1(HA%X_d3{Zn)wKMk7w^DB!24Z;X6|O)4`ACi@G`SS3Q)x*Uwo<#ZRVq zaF1Pz5xJIo&4NuYO2KrVb%p+ieivCZ*QxOwu4OPhlurE_lTg`ok4;`^oSWJ} zZRSGc4J#;|nvd*AOt{28M0I*|U``)STl@RI38%bbd ziF~%xg)f{h6_c)j+}-Lmj%R@_ey)m1Z-NN5vi{d-CahfG%4P1?cBj*1-#0H3;wLV% z!t|?H5!*8QCHtLya&xWb+4M_4v62LdnrJX?Sd!`NJ_wb!E~W{-tFoqLn(LI|SI|iJ z&ic8Zs#h3KiiGM!CunMwAOI8*VjVWN0Dc~Q=MI;6<@3?>PgM!3^cHPtQ$Y}E9;CNO z<4b8;<+jvx@9Jgm<<~HV`MjHw+UcuY-2GKL+2s+K>vmIV-DF~vH-6}_ zm%hhSBknwJ_y4af#*)WHOpFu@GIYxSXYO6#t17O(|9}Jn5>HUUDAERrHQqtR1~K)3 zASaq=K&w$~jd;U*l%z&MpQH(x zyhpI*{r=YMeJ)8ro~M2P|M&BO%$dE{o;`cby3d*!kj!E1u%h^y1%qLeE|NAx6A&`R zfh&FAjZo3A9*|@Sc9&I7?@P1NT0V!CchI7@=xnvj3dbFScfFy}_&~&pypQ|rInX|9 zOK1BjmWSP`=PG%w{V3`#uGLE{t;JIxc%MR!Y}{KCZTC77KSMVEvDN6`pf>PxIXGlr z8?S+fn|iPWlD4il?wFo!f~1AZ{7d`J-I}(3{!{Aw(enSieX!zV2KE1Y``{xP>)q@F zoiNJ`R3rwo1!UvwgGzXY1-6{;`C^h^1Zwud4}AN;XhCxokzMN|pS=-Twd1tO>c!D(QoX3|y;=e-rmL5YxAKU^-}k6r7TA-i`enWz?4n=pH7Mzq+w5+t zez}!Lx8zy`o-=e&Q7$%64NhVH^}b#UJ0XB8oFDQU45N>cp^|j);T=MC$TskjG|Me-w(B<4%;su+`3F z?aR5nno6`jW9~j;ri+tGNAYf_m5B7nQ;-}lUiDU=Gh+uHB-UC^{mj_K2l2V`L0R9< ze4F?Fx`cfREmpYjMe!{OWa}wRiIjM&u6TufZfx-QVS5Z;eE-uNJ!=}dji(aUrqc%{ z@iW7U&Ufk+=!T0#UNWC$fJ)}FAzS6u5JT)fXMncpni-&rzT-L=9gl)>=4Xl_Ix`|e z^mE@9Rf{RMD9Yj*d%B-&P{n3T0GGMeBtYNYVR1@m&Ik#t_@TTa*lTdspZSH`hZE|zm5J(gKLd9C4%*5+G8kFg7xh>na?|tC)!Wv7oSx0HlMV-HStN1O}QhR z{q-FA-^QgPKO-F3#}=s96=xsQT5NFU&^;2*H$P4%9&=fCJ)58*2&PQPXra{l`z5l!}xGh3Z+aYyTd0FwUbUJr@LnYGC5qCAkmHN-*gIG%_}uGy97S) ze$F3OzjzN(2FAh#u>Y4B3kT+ZnX%CRK~I)~@=IDUXquWRFc(fx{{{1`$(&INw6@6MHg|V#3#9Pis++7QeoXJGHbe$3@V*+)GJuCPG%GeNH$-LUS(& zo#`DMW3SR(iD!Q|c)~KLir22PVCEa=>uEjXf^69vmk)Cd8~?4SQ2z9JYJ5}ZfoB@e zV`Cupgoz&{ono)jov`XvU8k+5xo8cTEpB{lDpnGW&O4WkP!n-Ij;Sd~OsD~T$r zM4&k^H%%r)S8`p5&r?ZV@T!lbBpI=Q!jchl`5~*Z*&iT-2X2vH7rdS`MTPPdoZe^m zSto9C2m!A9a_w5|z9Sy3%&+i{sdFC^wl^&__mB@Mv+7EJ#r#sY+W`$bFt^QuIv(*m zAT_3XxnIwsGzyYuCPZ!*fZ}s2`jFof%RcEJllij01nc}<79c*Qd1Btl=PO9*@8%Gj zOg7^tvKc>B@}d$MMRdAg*^C@RtKEJqoADdx`$Q+ocE@saE1AuxxGLjUPB!DOx2Xe! zWMTLtjv@^E)-z&wg>0dMun4W(JMKs3=}#KWOc(}AjU_V{+~_NoL^5N)aZ;khRD)#3 z9Y=RdX1wg1IzvXSTKj&^nRm=9q?_S2MqdvtyBO-iURtic*R5`$cy?5aUB((Jk!zWL z(uWr6|_WlFiw4L2RfXx>GdlDZ(&d2rk+iCk?+Rp30l8q`X#n8Qte3SI| z@boW7@btwzO;#wt|MFg0@g)x_ak1xa!|TgF2I2So!20``e$VE2ldx|FT8_M;9`l`v zj|_9T#um|}3q;)Ws>zpoKEG7+Crh02I71v?w{3%P5?$;J3zSEz)fYM=1m5$gOIe75 zB}_%?QWhDE4qKn(Mxwkstn-x=2=adT4UiC5NO`k&mwvAe7w{U0)SV>MeVg~P zjw!qEtP%af{93;SQI4_;Td^ZaQ^i?ZNmg-id#K1$91`xzj9{$H5Lgvo~m?|)(IH>)pl3v{ZdDDSVj#7#EEZiAn1 z&U42HJH>z$vuO+O!FT0vz}+P}>~KmBy{ls9iFKjbB`5|W(rUjw%x}X4YQ&~l{EVs7 z?=@mS=#_t_f0UICV=G z+IYmf?*=E7oAo?ueGw%>d5KlsRtuuU7S*A!X1lJHQ%GRJN+r~)q`us*s}CACI_5@N zsZot~(REOUzGOu*H7d1x7DCecz!hQ0%~r>KupP!-|Gm9qTyMl7d&jp^u`iS9P~Cq0 zKgPe;a~KHQ1a;xxTi%9$zfYDm>wl;B#J{hdlH}iY`u+b7|L#2d-{aq{9sgVY?X~US z;otgujDHtqcj4cu!+Yf41Ap^>k$*Q|^ZzdY?mRW%-%#T~4lm2Z=}epW7k)No;Hety`i-=Ay@T&sJ{ zdYJBg^tSpy<~~O8ES$AOQut^l>YlqyDDSci(_iU-|H&f6StLg^=~r4RxJ>(aX5kIE z+z0$t<2US>GZAOeawh3+Qk(3LtiDwcoJm`Uc?C_?7oBadO>6~_whr@jdo6k2M;Z{O z*T^7l>RqLK(amPR>?AY7pO@P;O<$47`-Tdb<0LPEi0P|>^7FnU-n*lz?RFLB5Y6E1 zY7bGE;erOYWEF!ORsESMInuJmo}{~wn4H{nrf3$9O$e>=h3(H>H; z@11)m1(~0nI!NQ2mif}-u3HB%G1|>~S-)QKt0jr})jT)9wLvU{2y9g;7lcyrt1R&` z!)c=c7TXLCmx9t<6074<7(6Zo@Fr1&cKac`+Yhtln7>wDT&MCoeb2DI=)ww7sfD&& z`xe^LD}vCLnzzsvp>$iIX>jq(CN<tk72G<$s!-I6-yulX$;_d2`_1dsm(zf8P0` z-jjiLwBBRgQbHR`tcrDOr8_Xiq@dO3Sy03bTJ1{p5qJ9Wm{m4>DUGS>sQd$UQqjeydUElkqouelD!H`2U^=5pc z^rf9aFhnZvxh(?;&miBut-lQPUijN0jD+6PK4H-R(2>wTn(qLWDVlFSy(A>a<_qqK zTOx#|F$O?kJV;rhMj@22M0a_|ReK^+kS+q21{eLxgA(}$TLQL%7~&%vD9|NAla{Rz zyvNN3v0PFJY?y|+V`GTC(pZ_);lUGZf2h#xPwe_2+ue^itiQWoXwD|Pt{wh*hh{fu zxcPuudSIK06*IA4%p^`RsY9NvgX0?`XtBWGOIr`N{%yp|yR$TxYQ9$h)NL`?LjcLfD?J>g`9?K89MR~ZG5NN zGk&6)Ed?vLM^I=f`8nS-D9xXqVs}&LPsea?kMpPf5|0G)r+w8N2&hckdx7NaU?tdC zl>UaP`pzyZ!9+J?88O@NljHQU{_e>4s?tUEE2XaJN<>nwB~1<+H9k=N-?5fWuVX8v zYW_;^T3V_vIxh(^U5Kz$bV5vQz~mJJ0cErQl>rf%hpc;BR;U+OKM2BP9;?pTY-xXk zN@#tkKUnQ$_QBR;fb=zgnfDJphvruVqoOpHRT>NDD5}m8rmdmbUt!XTxJCOAN@JL2 zumSyXsP{!V-aQSb_#ew~@jl&?R9~bro>{(`9ez%--!4Ls2wfb!$XEZn(GtkQRJIdg z3o@zxH;{g&<;%Xp3Rn@{z&y~_Z#ijLCN4#1l~W=OE3CTGkAyFE%k_Da19PzrNk4&0 z`l$!1PxtE*0Ma0-fRrwWDp42AVil0FwPX`F znHZkDOB3(sL@&?DIwziw1nIm$e7)~E(L-~XKO95+t(db$qwf|+U)6EIe?LkC^7j&F zKer#u{X~bn_z*W0#3ZX`bmEySpF=Kw{pZOE*u+}id-NK!@7+85?7N1SllI+*E3xl}(0IbW zn{%qO@AO9R^$I5e7Fq8(FP0Jsu-vNT0$aJ%8N0|92j=ou#qk1{1SnKVUGS<$D6#Lt z6lULzXg9py@>w?#Foz!LD+4bGT;bm&59mzTkN?_ksA7m@}} z$@er_m25~Wm-@Twqu;IWHkeSq1g?JMsH84<)$=ILzFXtJIExDexA%JMj>%(v`|k2D zx9|S?Vqo9x{8?b%Rh%cn=xX1M{Tk$seRrbD6#K5(dU-GmB6{lPu7%BrcH@ZJ+$q>!_VqZ|M?hjB)54|(&p}=}p()Q{0jLg0)+j1+*8*eZ&36DtJ3sSbf#=Sk7gda~SNZHsOW3hfVmwVd|XO zgrAh@^Ak29EQ3vWutkDi5R`8ZRw(~_1a-xNlzr_OOH!%X2ub-8T{nSLnjPVxwG_sG ziwx5Au^%Ctew*1ib)WW!GF@_jXm5!CedNLH#+1m`oU!Cj3YPmQc=w(P+c~0@{{;$D=?^GEM|M@DvxA42Ei^0(2 zjsVB+S`P($xrw+ondzkYEziwQUn@aVw@o@o#zT`zj0Y{& zakkIUi6n^Lc_Mcb5rQO$_a4MdIFQbyEI?y_jFT)6BDrSI(W~EWNJ-s=gxncw-Z2Bx z48Z8?^twC@L;v9VR0&Gp*Pq{Q(Bmzdwzj~y!VmGxIV-Rld-0uJ4+77AbA4b5YNbOo z65)SYebIzceV)0|@P0%Ygz=iN&Q3M{Xf=*1_V4Lb~_vQ*>`ybHb=i8mc8J-9vvw^3(v3?t0d>v{pu0PVRyr204PHw9QC3S^WmtJ*M^@uC$ zYWiGpc~zF~kl%37a-Pi?wN(zLo~vISepa`tr_>c*eq;5t>fw6ex+^&4hpT|YB|U+U zs4JXt^$k~54|U+x2P{W1cL(fOJ+`j!x~r?Ms6JMJH(y%))!LfA99Uq@EnN@L-X@iSretH=#eef?@ zie;`_lk{BP{5>M+AYPmBT-F~i&xNc`^^%i5YHtf?RP`Ix(tauzB+hEQ{^vPGm7^;t zs$5DGRi0H><`-DWYJ8P2lmnaVQsYoe0+*sHgRZ5h1h2Xj82*g(n&tXM_z|dQ!5KVo z66akNo?)$!hU`Z;_)*3W8Q7^JRr8(_sgm9;lnQCLT0Qt^cU(-RH~d2Pot|}s*;7is zv(u_8%?Z_bX4y;JB!v2_Zm53(*LSHms%NOwcXxsBS_p5ILAg2R!~b-$Ob_>tz%H_c!1@U#r&OIORmG z%&(;d`;ktNAWC=C1>KODGoMoC&6Z;A*!Qvvf;H&_(E}95fex>b@Tq$kCU=2^J zS>v>^VKMo!rLpmOTInFVtMu-PY^Ah7BaN$1~ z55cSM#v=)zr|aN9fG_at0em5K#-sYHdWnG3lgsGpsqOcGm%Tz|u!!16<@0W{xl|1P zhngX>WK-d5R4*`M7zRv@G^p5{Bb@vlgnSS$CubDxn` zK3#`2>e&SF1C9FNK@~G~zwYt9%%#ETWeqj!=7T%jP&XM|jU53<~DIxVmRwa$u zO468BB4Qm_QuGKsmDB~FBy~1hHRR59tbja>SbeFng5+Vj)w{~WLB8Ctw6`xbPlQg@ zT9vqhmBdF?(kTZ9e=-o_ry8!S6I=Yc;8pjiJNc#&i}6-UGX8s(Z`FN;uZ~kp?)9+0 zXvvYjh?{KPNQ$@_pPGoPKFwai2TI~h*I`!C@vMM_@=Fn*q)BS~()|+$D3y-keDSC8 zC3U{|Zv&sQmM$8_|N9d1Kg8eSs2UWuR(`2>p`7tq!mc{V?_B+swAP$Kt(8vn$Q5j| zx)VWCi_O%Nu3)M#!u#8|6&LAmSBh1XF7U-#s+(1fXK&Z<7x=wb&fsAmq*`6F<9kkA zzKwwktm*Eh{6qhIfC&ow)ol|!$vA6MiE(BnJk)8|-C9c7V_6~)^mh)W?6F)*8w{bt zeh6RoW04+>Wj6gTX*vDz0@yo;>j}&0`(KkI7tg%wDYB&=v0Uyl0!IVF5*3N4qNOXp ztDFfxKW3|bC*q1O9ohvI`;Ph)`+uKE>}1I;1hdn-xLyi{_)6Fh4gSEy`WJweDnqhn0{=Q(WR70<4C zCDF>^?)`c8{DP-+U1~;W%VaOxrK$wE0+C^v{hIA~aWRfz@%Iysp*erH-`GRn5SlG~ zg@jMtJ1gSNH*`4+#4o@7<#W}at%mTYd?F^u zJo+BG_*0TE>x)9xr=Eh6f6I}!D3Kc&;p52mDtfEP{{UvDxsq}=K#liX15cf!UTV;( z;mBVbjKY!g?H;~O8S_j2`2hEFcaH(d%MuL+0m*4<5ad@T0+N=hkc>xuqp7~=7<;Ts zJW?`;6D6ac+x&e{nS5;N?u}siKrwTm&i{W zEhs-KS?*2Ja*3Ve#8)Qv_*B) zrvr1sS?W{Zfe=?+T2gfS8s6{H zy%gS8bnKPzW`1+(o=$gJzuv`1exdHvZ_87B1o@>uSZR#cg!}@?7>Uvv($dJml*>_5F721{E^-m)wCX{Rndf8A~1O=)1%%+e@{h4`_Y7w zQq)vR{PG`$^WDTRgYcw_`&qm|;1EO$rNs*<(MC+G*x!i#Ef=XQ;m+>eTGw((d~o~H z!5Q9l52#h5l0tAL3;1dj60M~Ly-S=c6mXXvx9T1S>vM2FhK0=2+}HOn{N5+84Wx z&@llDtd0WkH^*9-ShpA9j*wku5KArkAY@liHw0JM-|655Yy=195>_;bGI}I6BwbV&yy}ud1YcSx zY%*CS6&M_XGkD-Mys8Uc&ov8<2#X^eUs~Z&%(v^#l$1xY$m$vaxHAGVu7?;gshQt- zLT~c7_ChSS0m%n>dVmkwZl!M)@j+XxPR6o&(MCliX=hUiQWfVyi8Rq%tVfbXTgyG+ zuR=*WMh$hVMIy{V@Vu#<0p;a$j$TFE!4NPqZLAyc0&fxj zIbVAR@0i%|d{qk%Gy5AMv5M*0a7M|P=R@^J(!G-SIlW3_eOgP#yfEWb8C{jcP=f@R zPmkCS8T5j;-}&7;rc|xUV#Qlu5cgJ`89%kvZF?IUE#ByNc635(CtEArl%*M@m)cK( zU5leNk>Y4MGYfw|NkDyzqhSv2EM`){d%mya?e-vC%QV8aT9*1FhHT%t04+9W5Qr>& zHG^F?4ml0vbX!P%QJDSN#*7C)y?G^HA8PnLQlum{q%<}S3{2sE$(T21uxB2PPe2$> zDvtG8cNTj$cnvGR-~fbh2Kz(yVRd({R@hBy{|@cgW*pCZ&kj&8TT7yEddvCQBz!wz z=SAL0C7AZld!ma#f=NI4`&XW>pxo~Euk^D7h%dG>k`h@PjC!2GAd%HZy*M^VM>8Kl zup~@aDw5F@n)9aIqS%o7qS_OM>CEEjpbm2OUh?X|b8&2cJ)qU-?t##pp9Sz`0sQ`g z-|S5WUhbtBP0?<#Xff-LZPj}04kj$_$YCzyY>27uG^G>>f1%mmpnhfDe<`zI_6gzx zt%2lF-f&>lKl!8*_FnKdPH~ntZ0mOa>au&A9Dq2mp4X1ZjAyQzP5y&7c8<;epP+BU z)V2s#4nBlC#JAjAkjXf4If6CEE6K4ey2XIaSAfXN5~eo$26@*Rc<}z4ao~y#8dJM6 znE7usn42-Rk4@YQX8!ejXxYs-g&Qkx0;#ZJB^vT()?kjWD2awE>We-fWdzTSz|tx(Y2o*5D=w6$n}#0u~HJ`RaA5+Lye0keL! zXEYve4>&Y(3@vEv?LNCCTAtOxHesA15Z$PBx1IZlkJbSMKL0e*a08IeVU`8vfL?Pz z6GF=_x@kgV`AtBh%gfOw7lGMnV73Cx{y6b;xjl^_v{%eeyka^JAsd+NoftdV?7wmK zJ4tFbHHjJ%X-8uF){p5OYS1AlPVMv8`7idvsWv`a*#yP(@CEOni$svwBVSWY(o8C6 zE{Tv`lj9iz#W1Hph8w**9el;jE`}-jFFnv?Z`Vw;e{6yLlNA?Q+poOpVD0U|HVZbM z`M^Yy74q#j?+t>U-Wj*2PJwlyCX!OG)G}*S;UYchQyG}(6Kbf2L-~~zntg$I)&BtI z7RJ?&&8kLinGVk#w|1W_o-K*xPK;gJXJYg+LTEuE6Onmt$p_h>=JEYZX`_bQ?2-M+ zl`LU9xmCP?{WDs`wzTRte^1QYrFU-k1Hr?7TE{)*hN;J1*~?MrI@^(8gp9jSRIxDqI(O<{AH)R44X7L! znzy!NpNXSTsp^nEhG#gY`6>FN&*7M6)1S@MYj5jwb7=NleqnEv#2z+|Dv5TKz{6s) z(%J7+XOCNXumIx6zPe%%8&-aCa8*CshPh+LgvMF<$CpGsqAO2w?@7UV(>ATyRlgl; z-wY}Fe7JNY_xOFtUmA+8u`ld6RDFqdunh@OXa5(&<9>x3KCQY=rnh)sJvLduW;p|Y z?|OOo@#elUh(b3IZ$cSvAgae`0IK@xddDcl?qlyW&2%VV z=5wm|>Md}4msU)_xTbzcQ?V23{xy8~)i;D@UrUV!{qZ$9Ya>5NFC-aLFrx)?YoDsB z{%WE9RI0_y)^fyGo>#C;wrK;er|YwKg=T-KAI|c(tQ`y51-r%gQ@kH>II;obZ<$|m&`#72FUp2DboZoJg--*Xy? z+xl{7`U-xL;gVUspBts>zBWR~aE&$|;I6K#jeD$(Th+$w*?Rs~JwKCQ!5}^v1|JrG zJYo~$(h{0o%H0nw+7f78H*qUIN5 zbqvvyT-curUSXmEM;KQ|LU*)!-z_u3*m`$Y!iZ;P{xET5Mk;A6dAJACSobx*zZ~c* z3e5E$?Ocz(8@06?J#^u}uJ_G)YvhaUhqO3@!O|g420!2R^~Uu*nF0wL4lJ_F=qLw! zx(};%Qmlbhk0KdzbuI4Fhu!Yk5dN=bbQcjxU5)dZYbj=OrwZhdj#RJ;*OWk<_vx#t zs#=4cD|a`~)?COnMs5ojKPTLNb?O2e>E})t9Qz!)!M_v+G(T2ro%G9u^?80SQ%HHm z^_{(D^{+kUSVZwEX(_Thf_+u|kTO9gr|DhDStw|tMa3BG@z8f?iQIR!>J+`twiK`G zJZ)TkTd$H{&vYCXiBC`(+_3kr9+qL@31aaa=jgp({{oQ#A_?q!wSjnp%^!UIC8ef> z8l?SX(UeQl6&R(t;2i#9kS*!Ux;xJ{(raGlNUuU@M!l5~51#!zscf+evzS-Y5+Ch% z<$Ok^BE~bveGL9cHZ*pT-t2=e8g+dD*jTEac(#6=BjL2;aNMOc0v=HBV z(sWw&R1MfjZ`+l84kod1CG{xs@eX?RMJ~?EZ?=o4IGMO{1ccwDB!dLyKk-SD@@oZ~ z=t>|TQ?Ht3!&b$wOO7Tf&8)&Csd@LmoJw25QVMM~wXfJy^un#*ZcF6H^>X=f%_g%K z=PLzBQ?M!(G1y|)6`~{hwZtk+bWkdu(PDMh!BEOx+(4Pmvcj2NY1X&LGxLgw#g6?B zV-0vM*XoNF9wupF;aJzcg=6)KARMda(-!v_9OrMGN@Fi>rm!VcS#q4wX_q;pQzdll zz}z}Og*XKsBG6h+!>S8j_36|J*j7+r!a4XL*;#M~58QHfgu3AMTq||MVVH*Ohmt?+ zM>#)a4H#R~q&-S3w}nSUs(MuB;RdT?XaVmQ1~H=EN2A<#Zs$e%&Q40cGeeCM$IY^m z*>;sQ?!f#M6#6G{^-sM~e+6&f-34Bry6y+?S$;i$&!ukJB){c{cuEf_o1|-^T-8_` zpWS52W%kn+ArojqTQ&}}bUAkFngVOEW#d3(*V}zV8Cr=+XIT_ zDA$6*;@HsQ*jY+;n@O_U43gbW&kK^>YP^R>I&`+`GeGACO3=B*sw>lW>eSmE*t|q? zo4|#>0G(}q-HmY)zChPOX8=FauLtm9>PmJqjuLQsvYQl6nXJWdyRy3Nt0f%mM>@Mg zIJzSO(+$bMX3Ai_(|nR3#F|fh8r3z*AX5@TxnOSZJ)H=OQ3Vv#Di5CSp(bCH5+;-bL)Oe%hDsHTHT~ zo048NTD9wL7jymHE?{KPA;uH9deP?BoBaBA)$#vLmPzuOjG^pNmW|qt82d(VKN~Kr z?vNd35^TI3_&RL3Zi;t(tQ#@fbie_`Ro!#|^9MV5X>p9SiSc+3rw%o1yd*j$OH%MQ z{QXT{;d>f(=Hv(y1{)1ByI#wK%rB8Yce9^AcTJE#_wO^e(4iOjDQ{{pNO_ZZ2~ysg z`7J8a{Xq06GAXkw5J4K`Mbwko5%V?FzA$o;wO6drdChW-rnKsx*1(P?V3aW#DYDhzp;PL<@x^pVT%;W_`kS+SZ31?lV;H= zxp1~l(@K~{-{18X-%kG950w9QoseSrZwHHFy5zt8ov#n_-}E~r|4oG7Q~q0-rlV`Q znaF=rC0H8!4`a?`{@X6*)=hs~{@Wdr|A=;62PTArm9lJc5(yXA*F;z(I|T?9$+~1S z@=NA0De~sE>3L=ZAzi><=UbkbYmC5rh}=>Z7I`NqCB|gy+F)J%;0NxLzg)&qm9R%m zmlU&A|IPV=-qx=t=4%Y3+nU$=0rNh2QTWV!@f!M7Ouy=jesz$Ozr??l8<(=?HR9bV zoXR0grkB+VJh^}?G3TWPT;)DE9n@0Sas$m$zy18NEbp5JV*8)iU1gpHQ(j}Zx5wPF zeu+nd8Lz%-&S{yHld!w)e=XGtYw?ILYbu|mQDArr6u-1NkUWz5y|~eD!gKQF^Ofz8xV*Zsl>7zB^O<< zd)oiR(+IfzPYf!NRR$fW?|NG1pgIc9fw|~}RFK*EsGuh9tKO=Tdb7d*Pi3bR8?v*FLaRTR zpZF1s;d0DgS^z0OcFJDL$X?G0hniJK{pXlt+LMfI|9npwW|EI>F8*R=S7 zRHd9#N^?%_y6^trtO_mWm)dpT{lO>`8Zq@|kujjZGWBOEu_W`Rdy?Yu-A2UYK|m(N z5P>H|Bl$sVz4d<;IoM9dCcnHDx{#2ME|bR@;eAJKa{0mR zL`6JB6C6T*M|SW_$Sbr}AJ20golb0Ld>))|#E$(iE^4`$Q9Op--H(-Zpg@yUrI80# zy1rkkvV~HrQe+`jsqZh14e+M%knHQN)sVk!Vp!MQ(S@QeN#9aFe# z=Q@w)N|YZ zaZ`+2;SDJ?61;J-BSE_%CpErbR}#Fg&5@uQ4oGnQ2EJXhc}Ws{?&G(1t(}m678f(t zOvpcn_c#)Z#7-Z{k*kHIFkbqj{W8cO+kk%qf|wgUvrlY)X!R^*lAR+ta+dT}NoZMB zekr#nOPrSL_{4t?)pz81$$ zl#QFPGPSPl+w)v%)pw4Skr}9TNA_K^s|0>L;ND%Uh0Dy#DikC^zEwz7O~`g*Zf0ys zYEX?g)(|SUJ&_u8kOAWg`VnnXtb%TvEk*oahh)0D-j2U8BFYEyIo@m61#Dxvto4hCVWON-qsLZi-!*XHnr}M}oUcznw^l?pwv!C$ z-F=er;k%0*AKGp4VWxF7RTaGRN7q#~AMoJ;kMPx+s!#Bt)?a>*CN*=V4JsjpJf&+W zZ1q$PKGA486r8XZlQp>q_jHpqaXHJ~x_V1tEvAm3KFp=so_VupXGyyPZdDpOe^t zMfvqvB+WV#N`YgC{GT z5?j#ChS?8MjQubXj{i0S|E>IDM{S~&`l2VZG^!SmcJ12~k3yfp6pxxuo8mFJc;@!Q zXsqLRG#1NTJv+&5lW&La4x;e{x2<{45uH8=(W5n?p@uhrDCM-N(%B>u|G_E;m&S&c zj2X7;@N+N%l(;jlp|_-tddi`KIQ*PdbsOAzvopOJ@LFzpYep)MxWO&F1yN_+Dm~8!bBWI~TLm7%Lld@C7rg3*G~Us~bqPJYkI-wjx<7Fnm}rn$rQTDw zTEj_#wd;2AZr9-ZeIJnPyv;m4Oy3JA>HA2laz?q8OZ{*vE99-7+|Ewm>T4m=R(%(| z>JjP|>^w_hEIvXwg#Q-|a5LKvp4Vkrvn&1GC6>B*GlaMUbK4`Sd4a3>3jcLE ze!Y@9^Jmj3Z2qj=n)fHYgi^utTnoKWJAzj|5UtA%rE}eVqQ$LNcixfsdW+R@*LYvB zdtNQqycf)0p&@%Aiiwi%X|pPN$x8H+O1{T|IlZNR2weT}XiIg$tKLc7(DxiKM2ekF zU6#ufT5-LI#I#x6$c(B9+&{j!K*XJk z@I70VDQdNiM$+elT*k^2`Iygk$j5YzX&&8exE!(UZzkZw5>%D=h}aF5fHwMs?@Hm| zav{@y`ZP-BQl(uY)39i?^5ul%Ot-{-BHbc8M~Y=}9|?n0#S(kXiMYhJOGjS_cc*Q; zXO6bvn`3rsMt-#e=6E)NY zue$o6_w0=*O8VHTz5Ne;^na)se8)jiH0`z{j0!XP9n$=;x0MSis@JkBdJOrW@T*ka zyZdm~U8(6i7T<4m%J&x0S=~01JkiC@5l8th0n_sPw_E93EGT111d*jlCI(iLi-Fx@ zm!0RTm0}Vk;D~sK{qNo z0j)FynqR7b7G4N*4&4G;8Z}g}1~Uj~31{BoeH=SB>OP~^M9HYlx2l^m*QhO09ppJM z1gIp3U=_`><#5e@#iVD2A~w@y?;&zi*2E<_FSS3)#*JqmHfMnJ@6LRmzH=n8b1^OR zG>cLoQB8`P0*?sru*~v^clHyG#<6&S)%)`Fz5)sCk&>H*lAB@4%}D!j1-ca9+V1H4 z>zP8yHhqQSv-WAww@Mk88?1CO&Jr-w=3lS1GN5zc$K}3I1m^6+u&IP;VXlR;7zc{} zRzOayT4I~%(CnAF>=M3Nw>0}XYDAZ2<=d*I-%`V5yk}<8WIV8W|BR={aXn!&{@@)K zXQ@aAN<#lSAEwz|prrRka1~wa!ZJa~R^cEJ6$Cy81wG8H-rx1^>Km%F#?{iXs;Zo| z{VaQ%FEj=hoT(aJ@|T-qonSj;7dg&XED-u_SZ$Q;IfaTw*_&)l$n7i?n$#>35e zC$WIP1m3uQ^63M2;FD@|PgWQ~*AH1;FX(A}!1uvMZbMk+z zp7+BS0`iX1g+%yb8sUoyBo)orVcH0qDw4PddqwNMUg}z ze&G*`+{$KJW>^;Q{jgk@-^Y(@)beaVUjbdn*{stvQkOv^^!8Yd>@c?<=6|f-A3v{+4N)RmlA9NO6Wh8nw zDFy92gbkT+Hj{csuGhL=Pa?;Hz`*2l;kIM>jB(2$A4?<2e-n0#XAY}oHl>gb))zf! z?IctbJK#C`R%5=Fx>3Jf*?*f4-cw^;P#Rk1vOGh}=H>s0`^H`OyB~}5 z7q}lQZD5JVll596V))Cr=!S{WHz!8_J~6t}`;Ku&I)B;Z8u1bM*X)nIkk1O4lzERn z>d?D4LfSUCZ@*yoGi+{s^HmH>`ub)`>=wRF8iIlL4MD`R1Px-jnL@7aA}igjfrQ_M z$p;;e%M$te3`TiMiAH%vr>Ldd`Jd~OgM62M^H%NlQb6mN!tKA%TUcLxB?4gp?YK}8 z1`iv8!m219ZfC!Li-JIrtU#|q4w7V{Wef8y`539E-YYq%nNqS=-Iw^4bc_znS5$|U z3enFIt|ieI%~K${Gw!Kg+*fRo)A%5e>+oK*s5xO|oWI@~8JzHL>zB&{3D*?iyw1CK z*wdQkr%NrW#1362bzBjNjowk^{3gZ1Zuk}adgNJ-U$H#Qv(hOy7v|~hHx4%jY<$2m zAVE@GsH;B<_|Mk2-jU@+o_7S2NaOmW_A)z!_a*{!-ot;wg$e>4Zge5+c|M}{9C|Rd zk?KfQ5dQK$%;LM0=>0d83B;YilH=4Q&a?%{mzp9*>e6p3e)>P9_9Ig#;AEdPIs0U* z3w~|4!C34j(y&iFs}qr6j78|3R(JMoxRJ;N*C#YKe;%7yudQbuBf zPnE^- zGxgi&guuvVr!$swvQE4-b{QEkGnE1JAvvz4u|xC4IuM4VGhwk(`bQtfA~SXZeZIZj zI-L34o0I0yrEGOdk5d*rW%`UA}hHA(Wy;*|Hu0NE?FWibcHo4(a)J5*7sw#=#qDXA!D40 z1tq)aJH^tl&H=mFW9B`V>DX_pv|NNk@=C0A)STPOn^^_RovXiT$sk+QpDuX!u(p{E;jm>N+*J9z+(qLbAlfzG%@as^nk@R$hr*2u=M0F%@5o|)WwpkSC{Vx*LpCCezQPkpVRX>zE?n!n z<4z&)de?GBqw*7~j%1=%T$WKqo@w?`uQRyN;dHa#+TRt%5IeSJOEee`h?M!_+roj4 zYA=?Go85AI-$?w_z8z2w)&>5*mekE1ZtD3=sQ2b@WXwyU`UmX7z<;HXvNxq|_k^tD zp5FXmcZ6)|PQNxh_;mbJRo14{ag&f3&phi3==f_B4Zo*t3Fx@N8s8Hg&!EZrqKlJo z)?OMN>xy@l^#eK{CD5j7Fd;&AbbNzuLdSid)u0(253m*!=}(9j(x1L65_b0UR;5KG z==cw+MW2z(XfH($YxbZ~ABG@uN%gJNET*$Xmjlly*vK}1h<*4^e+XgmsDMR>8w^(7 zM3?nHZemc};NIc~HRG9o`TL+?A&_e(u@>m>MarROk&&t(i!+Pern;;C)l`MPT z;u*6&H1~175BmJHy5HLIa^y66|M(Ub%JkFu2+R^BvdofKXF0RPpWj*=&J#2@c3o#T zQ19l~Plj?Y#B$(u@c5XIW>o0Yn*|HQ2b;ODjxs*_Yi~g$<8pAPOdvY(ztl{w;#YmKQ#ZUdvZTFHFG%(@A&i1}UMO^+t%lcjI zonkU2VA{x~4WV~Yt_|6*=k_#Y3jB_70N?ikY~1;qz_EWuV5Ly8D5O zaEPn&%Up)qXOL}^cpqX8cB`@#QVMk!Okhp;k($##YC_|A`A2K&?ila#{{|n7Dxx_^ zPLp!V(_}x3)0XKG#XpYXuO135e zh)|bZtf1_KMih$GUGP<7Tw(AFZ8oEEuD|o@NV7QDznC8u>9sNfHP(Oy*U82M^A$sA)UCK{ z)>|hNSPNcX%aSea02?-iX5T;^Nv$_9n^xg!m9930nz&SbCmL9l$+ShsKJ5Rh(BSNo z>~7}vtCJSV>osVJTv`guDeuEg<}t=Dg2VcTQ#ow#j9bM>Wm#Q0Z14kD+YP=60l}-u zHs@HeNCq*OfM-E}Bd^g3h@5xO+mbRk2{AI}^%<9Hy91d6OyN555g)zy&v4$_f#N)Z z>)eY(&w=^g>F^cbq_E}Fgt1)^q}V?zekaCbV>;IZ@@a~dZRfu=%DId2Q@6r^+e_mI zZY_;Z>8vlh&l)>Wx?L1g8a;38_TuP-t(_es#KQh%ukQDnL*DFNXm4N#76;A{Xte$O z=}<$X>9WipOivG(ZsXhI>|K{%+gpfw2)p|LrZ&nAHVXm{@FTqpCg~|5m zv)|#*DqVmo3C6qJ zUC8mqTFX6cWHi$Hgt3;`$mmAF!VtB>UhGVCePsHY@J+o;+O%=eerykZWbmRDPM2k# zdj$*0U)tYPfoDs`gOo)#*D18u@*uQT<{jbSGBlEiMK!3`cG~>}9G}K27Ju9D0}rsK z|8bOiM6cE(St{e1n-=x3Vycbi@IS76)tw_G8^Sx*z4;8khh|sM%oe>lo_YFDXeNu_ z!EOhUxQknJ{`0H5yzPV3hhhEg;Z>1%(T`u0DT;u$$9?%Y;92ZMpT7fQOW{q)UBu%! z$CdxQJjs>c>4Ymo+zq(W@!ubM;7sod>&oCe;(N!HVLopE8yt}z)$dCgQs8f2@6K-> z``_Jp5+fO&JeQ&OdGb@~c0Z^bN#n^E{?-FeUK8-7{KKbu;!5@4QhK1>nQratI=lz2 z6!-~%dvTq%fz*I*l3ZC9OiQ0L2Hml4j2QAn>z6TPqehSQ7diL@Vo24!K9*@Ci!-sq zZ-zZGLd}aaAWvY84kK6*PWYO2e1hXkz$E{d2b}4ky~o^zoZu1fNnMCd=1pZ-f0N6x z04rch0?l{-Rmg)w6Q_*D1&g6m!_2#}XJ}cZ`!4@a@&y?P?cZOD`U_25w+H@J)>m%G zcxzP5@m8B2hABLi$Ryqc&(7G-fJ%HTE}duD1%hpy3N0@nHaVg_vMzIto_a)&3_JW0 zpJByedSPPgt81shX>;sl!+w019u}vKenFh3tbxD`dFbgKXsmeV)^8I|`IIE?NIXI~ zW$HUZSxS6Sqw1Z!OlW(_JI>0$sCL;RL2$*?pG>Nb6H?uSh(@?>bs5F8kzJDtL|BUq zGsGu4MFY!KlWIK9h=B|NyM0kXF#m@P%M%G!G)3wQGpdiqSzP+Ix|xXjSSRoKjq7Ao zr62K$aL}Jb`Bv{?ee~DILWB^BLL66HQ|1~r2`Vkbp(|cFUtM1`E(vF?rMZT> z;*At`Vz`Dw43rm-On8Rp8Rj;7+m;H(Jj3m8=^Jov72gP^HfwU)U-Ls8zW&z(<{vt= zdynZtbZz?+fCc_mDw4e;VLdOOKTV=^P_u_=OIh?0@4oM=Q-a;&w56Hyk@n(`Q?|mA z{a%x>-%pcmTer=$N_4TyD8+tv+J?pcHoz?Yx01a8taPz0g$iYUD^xhf%DMTcSUE3$ ztd$G%Po<2o6w`DX-V~F1;UI*?RBp$~3OJV)*SA;_npv07JYar$Kg4FQ#w52_gLQSO z7;iLwHsQNaJv-86oE;nZOliEVm*Kx;%xj@JWn5JtpSdiT`Eh2fdNSW|2~A4Ct)^CJ=Vck?3FPz@nl0qSxDep*6{tm@2h= zv-cZIo(LLo8@@UESm2sjYRv?z4>YfIkJ@qTlY@z+8?6;*ItSsTXTLye=Fqp~+*0cr z7fw=-$^Nq`VmA0`6_7TBy8a6G0;0kUG2232#mShu!yZ9ge~6!0&>Be+M8arlodv_} z@wwkhYU)?k^3H)=4>Yy+O+v)O_VTsa`=K_3j%7+bCX2TFhZWb32{W0 zUS7)!oToJn>zBLEeQMuK+#yk$*sv*BA8}G(w@WBFI&t*j{dT5yKXbDoi6`CsuGT`# zQJ{wPPZuY@@V#2TkhdnkaK>|Q?E*0(?Tk>v_0D|xM#>|zw(v-*Q{l#UEYF!}b@by0 z_a4a-@eKZb1H_Z+RXEY3dEuwPt9oL8Y9 zJb1b5@RR>^9ZvtYZXLcEaPJTE)LY+vaW9mMf%2G6i{Bfm`L9v3UuOJC{c;Y45RqcP z2+`hzB@&4UNAv+QhNYQBVSB{B*mH z`=ihJ_!De4Ra0*E>rg%DES4?~#RmG>-7*OriryFIxbf?2VrJfVWePZJTvEv__Jncr zTBZR#QSX4-3?u0l44<3yCf2w{fBY2(zukxLR2k1~SlEL%q278gUg$d$Ez}%+Z*{N! zxXv}D8|q)H%6R4n_x9jX2*#_YDbeQwdw$qbdtRo_na>2KjxYAT<;!-6^`u3RN0S`u zJzJjS)>F5^da0g+_uQ(UxbAp+*Wd{63fAu!_x)a-rPJvYn(*mKoX>paQb)|&c6=%K z3H%Yj9e#FlltzNmV&jef3eA5|YOT+I%WA=1kNg*V<4gE&>o0oZKlNd_-{moWm(#y4 zjsFDxVFmnGYQ5FU>%hz-L{MnP8z7-$;lI0%75{zodV>FI4SPxdL3MBSV)0+v67Cjz z#QcYfz<)5A!IZTyB))|&bFe?nugAhezRXlZ#)%x!Cr-S^UBK3Hk9fD*t9tSu&bBwE z`VXaog&Ql;Y?3<6c*=bF(8M=H4^VH>9p5zn;WOjXp4pX+zP&BIjr%^h z!?Az>Q(2UE;Xj<{fCg%$;o~+R$WsX)3n-06N9<#besPF{-|oZvEc)jB-LdG==i@(| zVJ{nYiSJH<~u=ilkwr^&!G9`Lj1G&Q!|&JBx>; zv^ZbkTTV`_{#0^;@W05^ab6n73APqkZ);rRoVk>9zr5p*5^K$WO{_IQR8f(d>s8@> z&oW=M&N-pft~Fp=BSi3xy}&u7$OXkvKNDb=srHQPgR=2h|7ee};HpCVBPf3>%g^6B zUa;EBdK&iUAc0|j0++g(^;=$l2gOKCV>9atHnZ+2No>=rJg)t9lqP0x39`hVUu18= z`1d(*sRfd0uOUbMqMzm`2Qb_#iNt_{8j6}FCb8D7T zGH1b;@&DR@{h<>rwnyUp@$ND`ay=ajmd&~C(ro>go&=CLzT{o`M@Ocf>Opn`xZ`8}g(I=q9iI;~xBxI&L)8{`y7n#FM$<3JgTlLS!1*93~ z+m%6QxZn+j3z{hxZlE0D&~1a~@aWzDrpue?^pTnYfLKKEXrLS`g9TtLFEB7B0VtIe zFYpixQX2ib;8mZm`d8hWsSS!m(+54{9d$)F9A^KpR5p_RcTCf)I4v{w{u=zzJ;j>53EjIlxbjR# zf)#Y{9nR-9|9wH8>tAcP{=NCBjqeVff`K3~0FCdK_1*jT8$aEmA{gI+GrRR~ko7Nf zz$60thx1nEKdhxhlss3V{A<+`p?=he^>3=`LA2cMEMsC|#0H1|MSQIWdkH0jz1*sp zOjgosm54P5mRxr#a1C~aN(Ni-s#p5(dPk)G)&kZ6uqlqLHP#okf1h%X3c;VTM4skY zLrzfyi~aIMKy|C7p4=vySpZpkg0>%d_SjxG)ATGG{F#qmV-G6)#$-f%*gL<}@~g00 z-}y($PgG2kJ_GN-)DLD_InOX>aau<8Nz7Sfyr6MqG){{||0_$!p?xm@jN%?E;Yf%P4)GJ`ScE6`MYSOtA>8+tvmPEFe!hEsj1X_~s? z&7j)}G9vM4G0qa6TU0;ZUTaDFVg*rejPY^zIm{**#_EZ}K9po6bKNx=@^B z6B=K&))T32@+WdS4zg^`PZo&kIL`))w%qHd21s#}%oNUeA=Z2jc&_SSGKPefJFz&( ziAFxQ&*G=xMhgF9oL(c3(bm?9bQIMg8K(V2D>Jv9ku(@iKMJ#MFzqM8%^EnzXl-w&3(Q*|9*16u!I#E z@b4_8kmS&2Qj1Jh=lD`}PShmg73&xa!8)R0)hks}?}?OUMds>xsL$PBYN71pLbp^N z321w@;h3$lSf>wNWj!I+Z7F5?sf!n9sedG#YWGKX3M?>UTQNg#(^zR-faUog3k~mo2k$*tTB; zJU2=WH+5mU!4NrUbgMjF{Fe6Xi~3kEj6to@G{(~v?<2m@81MBp`uzTm?V6Ou9q`=- zApz@u(R?ApSZ=WaCs;0=!gAjgl+SWuZ=Rm@Sx&>~vz+qBe4cwB#}J-te^(A-6rUzL zuax-0&JG);1NHlTep`SB%;7-DPwe@~z%#z19?BnK#9?~h(Eu~r+@Bk)@gue;{$7B` z-Nk22t;&D&*Z(dN752RT*Zf9lsa8HM2y@Hh*kX16d6oLPFXxj}m zD<{G}58I)Qx^hDFdBS_RBu*H?=x?ho@#T$He#wGb-%H|k6_PYfJk!&H+8)=^>b(^T zDi|Xtmi7it>F$Z;;HteMmi7-I%v91y_@@;K|8$=$BN3Bv(Zz044E)nv3safuQ zN@F}kv`Qkmh4&?PgjJ<9+A3qZ;V~X!gV(&$Seaz{Nsnsd9`+*MVC!54jk9A9Q?}4r zY}XIqI_JU35*GqQGzwpo3wz6{GpIaFs3B5=+z09H&Ioh&Ga)YmP(v{+Sv(%LG-& zyaSdxZQiV2Dgs<7!>fr*+34pTT3=ANN*M2Hp^U9BI9EtVd$g#rGi(IL74Vx;PFp9_ z@dAQkjU{ys`^(P)Wsq-;r^@$~bu!Ir@&KBwFZ!ZIoiMohYCBC2=!)0z1L=X@^+g*6 zYW5dk{`!LB)GsLHr0%RJKSRhK!Xy1F4(RvnitwfmS$8Ft-uQ+}AttfaY=)=6YBv02jpp3hJZP9Irq)jcyGhbWHtW4a` zWo=i)CYIB%wW?o3Z)Yw+5H&J&!rs7lF_$zR)&OUv4LihMp-HqQPh``I6N}!6`8za! z-TpI3XOB82onliNsv8r<`m?@=ZTf5jzsY$ev2g`-V2oZX(XTX}NUSVe5{s}Rzl`IA zpW%GqjWa6s#fx;4fvUA~LrL^`f9~SX?6c+#{u9$t2-OOgu0MLE$eD0D>H16nT@ZHZ z`rdwbi!BHuKZ7|*^*w@SFRS0?I1*V0wS?MqD5 z_66ORtfbi>ZvFRDLR$ScSo=Cq#B2a~x>y9~@F3fw(eS#|`McnIK6S=@R(_8C&9%P; z#SCHWLPiaOa{l##rz8htlhR_CFh0sta}dnTpjOQYEg_cAw!UGRYPtGVre6j6x*Snu z*NsR5>85Vhubz(Z{cYBYn*EVdiR0O5W|NK}{lAh;(WL^}A)etBdRwn0wa;)yw z5sOeIISg5q_P2(=K6Yc-@15-Y&oDeYjkqcFF*MuR6w^hN_Kp}^Gfx3K#2hYiGR2NW z^d`S;6n4!e@<)|0Bxm%jCw)p!#Ql$oIZT8DSAKL8t|*C*DX!?8A3ImxzC}VTG<%1} zKhXt7d0c_>4}ZbmifB}WFacexVN=w6YVf>>Yn>$-e-JmeNo#o zy)`ivpR(tEx%aB@q156P29%YWTKu`;Y_oSyqhQP^yw{+7qfnt49VmUUMdGd%l-Yw^ zSA0fK?>ZfRFnpnGT_7&x@*5*#J`BxX2vd*xwEbR+|1gzme$|nwOq@Gy>Bk!_)gj)|Hiv!EskCJ8-9J${}l)KqKN zS$8HmCst+#!-ANkLB1n6pnJb!9YneP_?; zW9P0{9Mh*mBQ0DYPY4Njckk4N`qkx4du3c4G;OaC(jLMjOf@d}ZTs^k)*n3NObq9Y zEOwJku$Y_x?|`Jycj_Oh_XX^Kxk*u&K~6Fmr9*Duy(#`n%}|qi7$BY{?fp8s#C` z7n|B;X7t2#fdDqyD^b&JU|ifpi1x1irNiY>432;+rKIF`t24iC@MMJm&wx2YIms@Ym5agvhJUt(4ACaoloQY8;NFz(Y^^+MpH;^lr_ z@T#{`XSeJY3fnDP@N({R0yvexiFehG;8ic6)O+kYJeg;8Hzg~c9BK81j`vZiqz#{$ zrLQygvi#cxE8G{=Sl8hxO1`Mks_YzZB^j_Pd6NTkOJ&s)fvYD?>JfFptKO_S^l33S z*A099_#9>zEGj&xxc=6xfz<~WKRIdQd6%3&Zc1_Km;u!TSo4)NZhXnas%shE)?=|4 zPG(qri^2QDXJ#$zmLg&<@}_SWsmOU0rF6F+eB!KIy@3uRdG{}lRpu76wFZH}k@zS~ z(G6?+?Y_tl;(rUXG#piO0B0$;asXkH(;A+aS^32X%*uoQ$$>XTwU4IhU`?#z|4f~k z)WYZJcNZ<(WrJ^MtCo&;oVzEw=j$X7B?7yCr9@Y&#>#ye_7T8pF_?=#QLCx~T@oKQ z>w7qmQYnvU2ZzKQe5d#JH{A652E7PlubfHB_YarR@0+{v%nBlp-q0@`^ErWMa8BrZ zmm-P?o889B$7KEy#(()D;R&-OCBJO+ZIVVVN*%;K*65H9rB@_9fV=N@#?PF?!1{xh zN~y`NzSbiCG`$OFDckh4aKon^cr9zat+&!L7SPL-!5zuRnqVL}Im@`jS??vWN$h}p zj%=Mv@88E;LDtu>BxOIVa-kU;8tk zC{DAa9J=(m7qO4^r-H_+l9C^go{saUUm}v0yL`uu@xa#~VvX);HYk%;>x1>JWcC}HoZNUV}q`|C^DpJPcj;$s5( zc7>8DvF7kN6y_Le??g6nuH5>fpzLabFS?i7IeO)aibGx?iuMPVyHG@PniQ zZ=+V^K!vJHG+4>`ElZtqTp_}Ycpar{cQv3UH$4oR$iK369DGx9&)ynut$qAl_e#`C zrM0-!CSfF6YyCH>C%_3^SixXw{Wz^Wb{kfw|?m`s9)R zCx&TX^{`(rqizc22zxONS~>WF;gU;!azU)PKz?Z$;r#Ts5m2`&O%t>%x8Wcx;YI#n zg6Y9=PB7UGMJ1koNR-2@1F_gd{_uio5rQ*B1Icv23M5lL?Ik7C$59uXa6NJ&*XV!i zEwW5qZc|DgTJro}($UJXv6LE9M!8pV-%Wxhv>Q{OTZ*I4N1`u}dcKPSaCwT-7CqQc zeAZs-5!8rt8ckh=W7eN4@5DF6b%W? zIeji75O@eakj7Iz*RN+74WxgGg2$cKMW_Fzf3gfNO*`7Ou+OR9_aAZH+afp_r<8Qh zvnsZ!mDr{#VN(ajeZM;bPwk%IRsWxKFB$S_6%u^o#GUQ=(GghpFRl?SZ%3=XL)GYO zg)YUjU(xL+_}#QO#(&?*BI+-VF>3yBXzFeZU4kRN{a==dkMwr&k&%Y0#m+p%{x6^| z``;uIx;G;Hh7HL1pECZ%+|mH$2JAd+Xf}vM`UfWvBDs24GDPymNi@ zVQ_qmSH8rj98sJohfr?mCi$Zxmb#e3M@f z;G3z-H6A7I(YGtquAPnapnkKpn#=KFhNDz79Hf4=ui<7-XeNrGNUjAWYXYaZK&{rT z*7!=WXr7P*nI6 zjZh0tmU};Wz>V4xb%{}v8er5~tV+UymF~bH@w)?a=^Ppbfv1j|;8hREN29CfY*Zni z9IN}&jF3;>|DodHOTMfd5OASV~NM)`N z!w^=%g&R&s$oDKLAl~HAE~uvGgfu)fy0g&xJXFv&P(IS%ahz?DbFI1(78cM@+W%`ap8Qo%bc5vbNsG_N-d*&xK%f>27`_GTo2Ud<} zr#ja(a<1-o!7%vc$=C{=QgO}H(>MLFd2jYrpelUVAynw|8#&kD@D@WKcgU03{(JAkUEqs5g z0^`^3jws1sK_%k1OhoMN>z-HsIi?XJIlLKyVMl@<2!&T%EyFXBFRSmt zD~bTXHtLQhvS6B({L2_v;fZL+93R#>a?#F>9JzjwsWR;%nZ7@tO=D)sk&a~P;_wKY znztAp@7%CRh4CYwAUl`wh=g!xbQNM;Va}@GjUEE?!c~Y|<8(OUlMkaX2N3Ly_y@_c zu`=}q=&rCzjPRXEULbA=1It9@E3b`2WR;Eu4IHY;2WoylR!XFHevCC7Qkt`bBTg;@ zGV{>j#=OPK{9eU`@hK76FT(b-?QbP!Ica~7n*mk9jKSIK)LE&f-u7dvroXT6tD`!u zO^=0WEojr&FHygFPlLq!g}67zHKzX4ZJsaB^>JZn!o|3^&Av}=;)rH8f!V)d-PxIa z>4A-z-Ka8W^ggKqspYYu=bzR3WGM^nK9b7yNzB~wk4!4S{}{~mNq{Gd=!N=0=6*3z zP{Mt=hf#>WW2g`fC^n?C!1n*&gsap~t!!wK7(Xz|JhY2xf2Jq7e?!-(1 z4=2uVB}u>4KdaZ%p0j!#&t{qQ%B~h4bnIWUj~~@;8wKgIQRs0qPM$$t$wC zDntwRg5YtOD zCzYzBP?}0*&A-ZfC{_ar>JY`cR49Wf)?o%acq`UEat2c@h9>UdoRP1(srI+mCX(Pw zRa~#WpHz)HU>fNK8+8Ba%x_B6OMtcPZH=7hwZ6^um5ccvI>^3;h7=|>dQKwd^a|Tg zaquU?BXIJ`FPV$kPT{5ieIDkRchU0As?a>aPbWjHZIa{=Ib}9 z@U@ySdGrz^(8L!F#B5uy(Or^)Tv7lxHzF33`@jUTvZvh$zx0hjE8yqDF` z$QsD&>d2xqcxpb7^_4_lH~A@x$Qq1!{_7<{S-O}hlJ?$l%qPYbNYb5BPw0R^E+)Wl zG}kw9tMFAhge`&fjqf}xBJc%=(rbMqR!X+VSaA>O1Yc`}QsYaDfu5+$`5UuHDELyZ zjOUpHRyY{7g}{?quEGh}YW%y3KS=Me**X0f&aHtDRc`Q$Z~@U0(CB*{ryIbz+V_rj zuHvZA2~^iaIyLZdviM<0&LME3MQ@}+B$;tl3M}uE*alMfK0sV%taZ8Y-!W$tCfsn(5~6fyoNkRSpFG087Tz% zNfv_rq!a@EWDf4_#SAkfN-d9zf=ykZI!^X@tW6Yt(Q%5QMC4GMJXUM%M2jL*-!WoG zNpg0SrKpLwBhHRghUsgV01C$54F>O-NSY$5v0lO8K=D6aVUyM}gp%SCLikL^6D!3Q z?N3lE81jNE82_22Z4p*5^!I(r?o_H^o!k+|z{<;zRL8X_fEbe-A31=v(YZ1|f-gnn z{|nF43tyFzrMaiXv-{qLXY8}jMx5lGiNt$BzoKR~j88}Z;=+A8+;fcV)Ld#h*3zSB zBPr~zZMX3gNh6GO9Gr%(JiD%09=#GCSVJgxzM&ZtvyQZ>IcmLM%@|^<$(QW15-IMf zo2a|^7`u1n7yx&uqGqqcczjL69KE41EOrKqjZ|5DHWsT@krhH|nF5PMS@{>qzZhn2 zW?f~%HCV3rJeV_|QU2)#KlLgc9gmQ_^!T{+f*;d8SFV2e!mwT)zIRTSNHGXDhc#qV zF|`r+H8sCi!MA)xY!$xMsM`15rdO>-5!R}rKdxezE^9Ii^ zL-SlggNsb?Yn`ibz&X9O%uyaHZ?5JjRWDf`*nhRzT%LTXl<`BMg66jrG@xnV7tlN= zx9il>5B!NRRE>?M$W+_{p-6Hjqxlpgq#J+KM*4r3&<5}74@{v9R;&jjb@q1P9RXA%q^@vmg##sst<1D|B(OOnQ z5AtY?x5~Ym;7*5i*^7HL6()}4uZjX6LGhL14fRJjQ2m{_r{yFE)to7Jnb|nrg*nGa zTth>Fd*eI4hBb!YiyFUg~IChl@_E7>d8G$hl zxXNc*qiYrab`1Bb37SWsIymByErBMWv0(fgf7wNkpg4w595lVs82FXOkbAv7l8u3T zX$JpINbD15R@DnL7VTx9Sbuu8KG7(@4K-3dBI7%FXHHkZOiIo&M_Q}x7dT(B20VKm z_nThubr*cU1}8SS81{>$Glar$8Kuc>qxA0X>#)Fwu;2bF?DtkY#(0cpT*o1N*t7)^ z=^eh#euqKDZ-BQEh&mQ*2T`_*_0NDi|5~`cgqM(k{-_Ds&N@Y9@kr&{+C}9-EQ2T_ z9K_N`ej|o@CDDDB_K&S39zYUecW49Uf<{m-a)e(u0ks?VqTTXbHvzRuZII3tWtc}yvqFG=31HAHB=OKw%SXD)Fv2}L$nY#Mbx6?9J6 zC6<-SZ^%jVK5Fl3OU%*D=k{E-3q1r}_kXPGWN6!LnV?fndWOf!P@=3YXVFKtgB9RV@tjN@S zC?!mC7I`6maUTXc-Y>^J7w)dNJACN4acE$$&)V}7l2B(Fk$?zikyZ0?n8^k;mm_?d zOt%EvIm6hUubQJ2)U4Z9{Gx6<<@W!Ny?8!FljXq9wb=n8KJYchC+|d;*cMNW`nWBk z8Hfu#m@$SXo?UmC>(d=pTPIZW!*8%r-A7=5Mso$2e`tx&2XJM2?@=ti^#5`*d|(D@ zuil2}ag_I|2yE{5L=Qael#jH$2ivYcr{wJVrT&x|HrlyUW<0LFZkK!rAt%Nd)(?e8 z4vDb5`ZI&kBkFUnIOdSi-N6Q`bLbN|`{IeXq!vWe_9b;BFGguX;d34@w(Le6ivU&6 z8xZB?iHQG#@Jz-24@6mF|GyML_WxseYw!P0G|D8@Bc0<$7ix`=`JEfT62F`a$?t&ly3AY< zzlslZ0xoxDxHDho8v(P0@{Tg$TKLB_GYf@e2aZdVSyvX2ADpKj!W@S{ zKe~Lz?Lp9w+?^aest}B)ZiS+c5$%-$G0*m0`JTi&O5BGAzFhy4NI%fI!4K6 z)kYz{|4fx?EGkT?nSv;YoS9LR;$fXwemEk7z%&p{E|1!6VMM;l8r%sh>2ci57X@3| z{@$_R7zUB>MtWhm2Yd{SRQ0diQpORBbNVN=0VwR)&7H!-H+QPRuck?8gBm)f7j{C| zfu#z}%+ejsLjjP^dxxE2C7g6~dGNxDT6y5lT_V*CTCr5n?fL}s6i!_$&L%d$MXj$^ zeyVEfg3Kot%ldaNWsddlD0LRo?IO>JakWqr*2+j&1Qw6uUU@Ku(NePhEo|2McOO9a z6y$H5Vk8AuM9sB3HXRmE`T)L1Cu_?zNRG(v6Q$bB_@Nhhu&kO+OV|fCY@<-((>It% z!jl;GLQsRG3at6#&T8rmV+nbo2qT=bzMm`EpA68@>p!lK^GPZhY)KeECe9Qz{b4>R zbW}V~S)@z0=7CqpFuVe%!? zGzH7lBmkWMA}SAzh2R>;XFPEm>7Zc?<%JnpqzN#wv=+~us~f2O(Rrsbo%wB{x_PH^ zozwq=S5Vs=H0{Nc(6or(MWAZ*nu)g|#i$CzC~tx5wivfYXUL6%h2(dkm=ivx%+0L$ zIRkUYk_(1>OAfU}zEvWH^!io_?~VCAsV%fCTT)~2fCneV!MaKMx!8ejT*CA{j%zC# zqZ}w)wxlRM%n(`ixDdtxxzafF(5Vep`V-sw5b(K;pKyVZGV0^DT*7-9>Qza#5&=%# zM7eIv2M)(V9rv=|#J+h?O78uU$p0`$48EkO`{jSbyU9DKfEv(SSbV@tSrSVOo|F?; zMxyAOIr^76Zz{)>80-%xJ07F&ohN+w@Y5ZrM~^6@`75k)^g8SfF~de&1%ohiJqglR z>j7~Uh*Rkkr*YaZjZ)l$=6f6x>MvAvTw8byaaaYu`);)D!SCg&ZyI>lxmv|UPzPHc z;`uH-kYzgEV3cKfDW(HE>~!Xj=RF!MmDY*C+g%?@@W^&50TJ(M@_l0-AB*@Ad`Hze zeU;FgGhej-h2v05oYJ{$0xQGALy|=A_=k5n3DmdiIVi~CY!Pe*PKJnhi1`#;!yQ!0 zb!C1z#vrLWY=jUZ(BI>VLLnAz$Nn0r%(ItK31FnaiBZp4HJn}Mjb~~z++oop2kTy|52zq zu<>U~HaIEu&RTeR_fA*%MrTyVNasa0aQCgci@_ZpCO9wZ995pjF4hzAL_LNkDSqQm zd=;U5IA2WPhD`*1YM6ykohj(5(66}A1+=+TmbI?tkJ4~{^!X2C?ms`S$}i1o7+3)? zVXrzozr>k@#}Ts-e&LE2^qDnA0RUFS=8t6aM=@t0W=edV;k>e%-J>OsE59L-X%ks>9^rx$Eb`(s}ke6sXrThqf!#Rz@g7H3zm)k~S~)J>GnM#SOsSj}&^ZCjRC zy_NWNorE(GME8=l@V3L`829-&gpYmJP;?8+=MIR;D?ZuCt}KM6?Nw_u7d)BdlVmN zZjRr|nkd;MQ>-FR_@)q3jCp>?c4t06u&t7A!=z_2X_A1yydmC<##xD%D4s>UEMT z2QvKV0z(-e0oXdCefCalaG+MwO1w;r< zS%P6S3k(yP5-dOL^AQT-<6DJ~`&9qG5QQZ^*k2JJ@(X+{mglPDDQsZw@5WbMoHO`I zZfu9o6cda1mq%#E&^LeseFI{VwxD~sxC=_9J79N81EHzQo>++Lp@WUXsG|+2OdBFO zPu;W-1RLF_!ntR|C~ghL~>MUmh3rik^*xXtb3y*k7iN4cuQ|(Fygn`pf1*<om=@kIX-MX?TX2G56L4Ub2IW0%w0a*y13x;tE%3W99vcJWKI5w{dX)44Nnkit0zHtxI3z$hP!YiQz&qU^9C0Cf{se56+&gV5jl4nT9^dVM_cENF4(O`J02krcWTN&gj+qA(WFQ z3?^;_6~;xgizk@h?1WBO<~BRQ-kF|>id7I7EU;hjQw_*q+mp&KP%1{h;D<3@e!=!z zsaO7fL2Y+RsZhZ$-~vNIIz58k@CerP#52V5h2s`3f!yZcmXmT zv`?kVKE15^?^3D;?9*EQ!am6_KV$1o3d>5Nr@WPKKL3tA5U0m(zsC^<%ks=@id6>& z74jS>_!j^<>^E{A+_tKsql;(377mVsHV7I}MM-_?CT0pxE(_kGdvg+(RR*V3l~U0Q z_A66Sup=FI1a3+y^?C$d7p~9n{07e$t^R{)pK}-k1pgurNjjstK~Ho$M0FEYA@uPa z{+hPAo`^s8VT>~FLj{>3E{~4(_C!239s1H?4qkYgjKj5VIZ-z-Z-%k;@KM^rS@VP4ZegQw=D@uX zI3R#J>>F2`k{D6ZoB|ljHXZRHnhfc;-+h-O%=o2{^Mf1s0v^-NU&CvH!_*GH6Hem% zFUbUh=Pq9#qo9XCR$reiD(6x6#_pS`M1RP0qa`vgA4`>_!1tSq=hIU7e#l-mf06tF z>x-_<`?%aoFe{?!D-#GVm|7m{ zcWUh8jq{R*X7$WV8tKemk9TKjLy2D{BO8Kb!uk!otiXq{KF4{jf&!%J#v3|%;>DxsY#RW z9Wy$6^jehLk7R8a*nGK=Y(#d{)TFWF9v+*Wl$TR;eAeX%!FN~I&2Hs-k53;Mm-V2l zLsWL`u&Ftb4~$3NR1V)%#NsE&{A1=bM3*D$LOP`~4b5qBPsGu1YzMoU6@k4>uqM`y ztm4EPHhSUnew+^WkBv5Z#%R?LdskG>u>8QPAy26v69xs)4NL^VKZ$PqeFg#iNjz2% z8?zofY6%~Hf@zZIJ0rF?V`E_FxB~3zIJ4gnzhWVwC}Y*7x>PbtT~T0_Nb*lc{xFtp z;$0s6hh-D*J`Qu@z)RY2(>e^6Y4pKH!c9yJlF>jvjBm zsh2mo<^#@o8!9en`^8Lt{Wglzd+26RmT&ZQPr)BmUr_vU5KV%=Xw(?D^(Ef=A@WgU z+>7Da+VwWCRQ>Nq?NEO-%V-RkQGeu3Yo6#T%)#V)YD{{E_0DPSL6zQeJ+vdO<;k@5 zCvWZ5Y<+t8r!M!O7fhLm_`0^IQ}e1E*`slJVHGaxX5Whq`hQ-KeR&c5bQ%cS&=~%1 zPK{IZFXgZ5JD2B?)962uaSleG$g!oIzu@ZdhjaGpph@!#KJ5zM=jyQCIgOvOk!iJ& zOh0_eP)uAh$I}kPq2fV>1J`x4)5ZS%8J>Md{)>Px`yt63e#hknq#!}h^3kpj%p#wMXgyQsBZC44N&Wd))^8r zqNY5|7~Nklh6Ra5PF7f*^3TfBR4{{-NsemGuOr1n2)_JcAj_{l_KT_d0uw-(g;nJ* ze^4qHQFbMqj@7GGVPp8L(9vfq=gy;~TuoqW{paTJ2;bPm;HC|$FDu$IJ@*vTI?NA^ zU<9VpQm>6wtdS?;!d38x(vX=u<(>ObYs@dBK<1{RC^;g-yf#DT6ITZtS@jAB5nNh)GZT)hDIwv3fcE5K~a-eE-@0eG~Mi?ra$ z!0*i2dIQQj6^w{Q`w==RMW#+=^A3whzZyGel(@c4&5wA-sHHjtXp88 zuu-~J+uv1u43_pEi*prri-9MW?!qb!Hxw@ho^en+)sIbgw-DHM$aNWOhWx3*8S`BYIy( zeMW+({hICqg+I${NwXS4y?$j8Tt@qQ)igC^p=gl`Ltb?eb6X? z{qKax&VCq2Es%C10JwAN4b+Pbvz*29L_EI;A6RaHYvYccdn{4ntH21^>Kh0A-Hc@` z48Eh_m|=c0t>9Q1!ZL99&<>9#7vqDrgQ*jJ=x|#G4}MVODe2v=u87qXyg3QJmA89V1{!~#q&Lu%8Q znx}mkf1F*>!!J-nCMb{8(b@GRb@p2%gKE)2CNi{#WyNPjAfx-@u&)eNN-x--Uho6O zgrZE4Y!n%GD2oEfBXhD}rD)Vdyt`iCaZYb*GT|3f5NHB^wF22G1x+iQgoD!`fiqwh zQO$05tlEk18zECUd6&fC&zm$P%$ctaJ5oY0<|D5n%0NWIv*ZdfrDV=tZg5WP0uP!q zm>AuT^`67r>SJbu`)_OFm!n2sTj+PM76|>R0zdUcw2#7Agx15H!yEPwHHQ~6 z5C7Et?*r%No}2;w2p5gRs+R1EN{eY*rZ-47=L?``vB)>#(Y?0B8vO)`F>v3Mn8-J` zqmTW_08TJz##i=3t~GNYOwP?FiYwL5%*{2;XeCf7mnNuiwX;yLYngC zY)MbV!LEAz|E7ZTT9B5IilZ}pfARwT{mInJoo2oKCt<2!X^y z09r5EdmPX0;3^e@Q1sXl-?hOLC+ClhvgMx%;i3GL@mJoU+7PEs1$l-Bqhp;dxIS$uIneVK}PJ<2d?H zxJi^T+bM=emwI^&980V!xr&!_ptQ*nRtARNyi=?OuWMPGrn-c@xynxkS~KmIOK(V%cmnD zX~?za#a5P*uZ7Tffd<6mSaC{Wk7UGhsZc4YtD4*qXFQ~6XJ}eU3A8&&>xsB{7jP=r zfkHDKHNA~BvrE3%RrPKsbbTMLh5(EfAMb>7mIn&Vzr!<;s1T&XCp7M28nEM%K4<2? zBdvbP_-Q<+$kloP-tFhK`Q+D8eoniv@7j_Y$6t5Km;I?u-up|VwR;j+!@PJ88g=(vZ52v6;GMVZBL^fDq@x=Ez zL>>7x4E4brA46^Qui;~-5%4Y3CS2c{uO>%QI6|0u#GsH0mWeiUa^zdNSNr}c8)_vt zAqXDeU@HtpH~1w3UROjz{BSY?gH_pIE%N_FoD#+vcp{em9fsm6L~#?;`08ZpV5G;^ zeWnyI9Qp;mu!m~%aakQy=J&rVdUz%gBT4r?A7K3i2dfhC{r0Q%1huf@PHEpygPki- zhzZ0b1S3zK@sNT3S_(d5?2;_DbkE=~zJDxCQHWklrF-jg6?8!Rz?cq7#X=fKou82( zDY=Y~nyZwybQ}R*8N6KgF?QATLb=>2tNSv0#85&|*l8*sh?qkT59YxTaydh|xhT3N zH9_%nx)31EKm}Xg39YNi3VIw(k^pQuxb!|rQ+fVcit}Kq=2uqsP83zL@J5b zW#GsktWQ| z!5)y`U}HLfE&i{>Cw{@)paC=G*S6!!<(~U@lrp7*7k#&Yp3zfWCmzdDIP1#6KkH6k zL}Y|+4ChZ}vP7tFrdmc0m-6O;j+$~~y2sIIYh&z<#iu73iNrp12vcBDr2i~?6f;BU zBZq+W=PixH%8$aE#q~j4vw!>sw}IuRqjXg;5JzcZ zKu%)ls;s=H5}OFM0P(P*^32fdXY}vKLU5{!X~&6*sYg`Tu}r&d`WKL<&VIIbB8ZK* zn!?U9?0&WqO<~_C#0-z18?*8w^gf@x$lfPOQuFP7q8a6(d!IVIW}{c@eb~J&9f;oN z2_%Hx=cTr0?{laJODMe$%J1F#WElI9o;ziOO@U&2_dbJ-HK35*=Wjyf+xx&qd|}L! zGVM3UG)CD}@AC+0ivo8)-AHD2KRIMJyPt1?1L<{W)8#^eezuO=RKTG%Atl>^TBf@n zYxzL7V`{H{E$KjCieL0U%Fg#yw%dcT4IFh?h1U~*JwY7(=f`f+?UPMW&m z&vehtKv~gU)Ba+877>%!=*y7#1@S5!tYy=B(+omsO2%PGagkgj3DYfC6Ys1 zUl=PXqxR5HASRb+-FzK<*k;9$JaCxcH7)iDn!y+`e7hPX z7fBX+8bD1ssDZyV15o5O{$C$Q?5O!M;lykMm5&1!&T}m^uRV@#>p3XV6CtouiM&~k z_oUm4UvqBkTYc?LIna$30G7|}vT>}3*TfhzQeLuEHl;uI{6rzWM3k>w44)@rJ*^8m zVJr>I7B|57nO|gp4kVOELph5$n`&f!u#@v&DsG12io@|io``%ftN!=->QbEX6Qp>> zFp(lpt?^8Ou{)#ure1E!kKF*yB1lz|!!SiIJPv0m#YQh3GK=FC;wP0mVhW6a;I%vD z?XF_Ku=s}nY#M%BTsTBW%gVd`Mv3P=CJdiK@I<_tXbA`XhVd0Y;XujQ(NFiSL1ADC zL=W}%H5o4c87zg`1mgXMl8Y4I)JXfy+Zioy6tV-S|Ec#!j$@}5dVeGr2TLIV_RCvE zBg{>X5~itFW=zFHPrnvKX@wbaY48&Zwx$)7;joqTf_<_WliiaIUG@Pww%?ya_0fH~ zQ!=}#jz|ryFg}YyhiKfupbZSHu905`2&uMFqbr={3c1;RKidellNf>h!90M{LWG3! zJHP`VWLV}>67lO2Fqy0h4!Dv&6Fxu&Q%93Vzr^65!jy&lv3!8KOO+2$o8|&~k|8d@ zXtBE5mqP0+7eF9aKo`K>nf1bag1L_iE<&fll(tN)AT^p z1<^0;1y>;VS&H5?jy2oLr@O-tLE#sDT^^G_!1gGwzD`G2VhU>f zQ)WNMz_VqlXEb-Ma(uvZF)qV`<@OTbw!^Osj8Hb&nEwce5YSq)>+@33fI&(!sH7vD zNWVSFnD~n~qFE8BEf()&cxj(OQhsgqfu@RIdY;KR_}oY?QHZw7(Kh zf;@*19eiaT*nZjfw9s&K8Q;XrL2*%jIKIdNAibAB7+|mgoB0gC%RzuaZ}wL0ChAfd z`w!RJ81Nwzf$RK@q^uIbcS6^_Pi$dG=qh|iC6z_@+e(U4N->o%_g^v!7sVUFWRsXE z!Z%ZKe!xg+>vlh&tucZ@TO%YVI+Z$%y|7kD&WVetmk291*V-36jX(-+N3qu0jf|@f zK)d(dN?z=A6;WulDCorR*J5;*$Kt!Uh$}OM^UuXdShXvq>fV%t7Bx+g`9$sV;lz~J z6YE+`w=w5u-Nxl54b~J5L$?~aOA90t_Ni`x+bR6US~`t z2+%1yVqYQ%usa?icdq^%3+pWhNpuG69iuaNY6sWBv7wJ9?zpjigb4KDAtg|>Wp6}j zY`n#ksGMQ&Sd8&Xl#*zYDbaenAkk!zDD;3a7L-qAJl7v3mrhZJ=b=i8mK=g3VYuS^ zeu=$)dBe9@zib3fbDd1ux5VVvUux)>kM(yWcn-jo5i zlbv^A8X8J;b($zw;R{0A;=xKCGGmcLT9Fc|S??#^4ic$Zbf)+-w$Fs&z*ZF72CF#y zgPDaclz$BDS7sNSH;FNS3j}Y8QeiEZA@QVhZ;Haqum64UcS=(pJgQ4rG411zm3~O* zzWa#3epmxqpaR1LniXsBI=gV%Ar7_KQ!0H&p@A*V{{xeWP@fy#&><0 zAL>oK`G%ZH#vJt;3m5A3`^z+=dYy&W=t}3^(HlN!_sB@(=uUa)W-1kTDF690CwMPq z08sQ%TpRa0Kdyp{Mu1{mKK{~)+`f2p3EuJ#*SLj#-a>W0bq>*Y*{{t5iJdP(MGni6*7o*<; zg1b@Q5qETGWru!Gv#{N*9s07XKc3lfSHC#-ed2Kby-;EZPu~SQ^ttlT2VJk6z>s7# zV2-d4gB|GP?u>6^9Jo*N%j5%{9~LpnZqmZRDf(!PK1k{_V@-YGjrs_6>-i+({b7$# zt2c#MW(`nW?>T`~V-X5yYPNEIBxe{b1$cvHQib@TaoVRTa}LeG1HpTOk#(hb6O;>D1Dcn z=ycqyiw&=IY-JO$$p%|cPP5gZ3Hw}sl)2Vd-s(OGm8HuQF8(yk4rUH^ z8bwN@{_%~fk)*&H%}DaE(XhIzM%JN|*R(^896mML(3IcuL$%>qFn5n5ez9p%JnctM zX{>9Xwq-pBWX8BAyFu@9)bgUbJJ+8o9aPeHvP!AId-5u_8v-N(SD|wCeJb~T6E+vpl^l%Qm^eak zRi{Ppdm`>bPUt^kx4>{}XAMthuLlOV%(5}qO7fS5$~=~sFa+||H~jd-xD3KpNc5dW zUP};T<7fw3hJx+snBRO8pe>SK<}7gPRPif6{1;$-s2W&R|MfIW?mm*pJ~V-SXaWlX zjidOLy2`|A7QVfJ7enY4W0Dw$wNPYeA*|W4BQ=hGL}_6X0iwFM)WP@`L}Z%w>U4Xy zmDsB|Uwaj297mjsX|EE{Gbf&nXRhqk-tYel5!8dOdKoBH|F2a2QP>?6 zpL^)Pkl_~FLss(p=l^s0QFP*eCSOnSm1d6|=5jt(YP7klx(suQA;a+-Z5jUfK4f^s z3|ofNulJLowRD?kOs?fGK<@#>e<{XZ2hU!Ng5UBITb5pGX`1@9O@@}3jQ%o z5@w8*EmU)S>@lUs!{pCG$dEneV)<1QkW^aL6KZX3_*R?m(V^{=G$s=x0FZh6Tt56PYp5p*R<6{jWZR_)V1vIGaiNwE24DH%FSx_ z-P!9(`H3L2h)O>Sm43i#jpnF43&Giwlso@w%t>RZ;YqMKv0n8Y_A4~_kc_NzkbID18Lu%qBk!@({UN^!8`syWzk#yb}%)rm18RYvPm zx%pjX1kZY^m605%C!RIOhs+1-d-!aY@$)oW7y6ML^Jk(B3BKBpV01-hW^a`UOPi#( zL#peuRRP-X*!};77F<}(Sg7`oQ0+7WS$uXg+pCPKe;ErdQ9v7@Gg@UN>$ zhnYJy5y|*RFH5}>T$@v4!cD;|+ibc~zXG6V558Cb^JL>t$v0<`-5rj_n@3n9{b?_oB5S^!~zmF7}@{OndzR+LfyW(BHy7yiaP`*1}4ZlWetFC?^YGQ*+By$QzBjCaeBaLXk?%zbLFN17DIfX%*dl~{ON7>v?~y%! zNxt(wvE}>rOdt7vogsBUzS^(uPp%9o-+F%!A>V84Y#co#8>PP!R31~jQ)n&u&ffi(A z@}0BFPrlcz2q@pBi$civ(;Zeej>Avb`g@7W<68ebw!ah5K6KZ4So%9*CFJ`HBD%fo zZ{I6}%D06?!C3a81u28cxAG64{;kbdzVh|mpHrhXT(2Peb374u--ne^*;88U**#b( zdn=y#A`mU&rRs3qjRnxe(75 zVuRmz*b*`I^4r3~@nH{s&i88hobR<^*z#olRD!p0ThWNf2?#|ZJbQ=so*~%QNjFdso;MQ zZzUBx*vzV+;`Oc|pBV2Tb9mB)*=7Zo3rn^7Nl8@wKAcspezPSNRXZgc|*^&zDrznkFd606V0QGzLSApV) zHrNJULlyAO$EAQc{sb!%IQFDI;4w%tCNNKfOYF*TWKUG=Ey=!VywtDBV=c2@eIFpDa303$(W?DH_IDKfQnGhb>@Ve- z?2#7x3&M^w86(2MUS#u+Q~aaIUrX`dGuhkF)Y` z6pa7ZV^aN!R^Wd^@$a8#@~2w)f8CVT4^aMhz%OH6W5nc2*u%F;sO;yZrl2mwg;4-P zj7d5PRiPxuw!F?HYDuE|L8RtaXEU+;EwY{@!=O8*6D}}6lFVXb9G^@aVAdNgXw-y) zZ+t`);NRn=3fTWADaar%2L{O69Rn8Q52oR9B(}kX3~Up|z*pXY7zi4qEvXb8l}SLX=HFT6f9F`8|0}{T`C}OFo&Q*4qRM}HYcqex8||4t z0A=NWpOybMQ)^49cF8LL#*)7ZT`xiz4%Kj|`RS6eB8QcubvYVIIW3OW9 zjXEd|M(h{?TbX~~*sT0)W{&Z3iW?U)zc29+j&;o66Om>*j7Dd~P~iM$i}CvZXt1=x zg)v=mJ*l{EdLCUV0ctpeYl6iUVRHTZ-{9(_xMFUSyncMk?11--U|y*f*B%fHus$W% zWs0kx;(G5nGq0D0tFFcM50h&lxeiJcg`=jHD>n*IuCp&d+YWzNWSTlc%XD)r#UnB$ zov%#!#8`zg_{sEXGAVpaoT^z{T!P;-em5cK2J1J;^Bc4;Qq5ignqIQq0&RVCCALu~GQi zSbVW&h8Hu#2*q`Y%CJB7sAKvGTpr>2J;tou(LZ(N4&lQ1Oad<)35x4q7S|x*Dz&&i zG`Uuj>v_es{RS!FZ7(9P2gPn%pb$u(4QHCEzJ<`#XNLKJ3H+)sH7u(*br zTz8P`YQ^=tlE%`n%zCX7uBH}Ody}gTx&A1ZrY==nDL;XWGL-%&S2zz{YD%OAIVt~B zCq@1xEsuEyAhYh zI3%R{&#lv0#Yae~?86|u7sB2oOe0~OS-xT+?qZd16lqz$`)~pMh$S_Z$#_I48wn-t z$5arg{3kNmUkx*VqmcRka*37yb4-)Kc#?$MOhVC7iwqbaOIvq*O|+N@Q>C$tFa;lkKVIyQky^f^hi)FN(S5;rCB z^CmGWHAX0(wJ1|e%66oD*rYTbknA6_=mwf}>7?sUI^q>6#!8A^EXq-&l=jC3+n=}4)HX{us7J;9=+7P z!-@7B96`Rh0R`2P19dW6!+XfbYkXg*`72tmze|!_B5uC3BU_Ou0>kAs zPr5~Jar1FP;`QPO-zhn<8+V&!pUkqim$FA(b1llXZ5Weif5B6jIw<7Xiw$vRawJOH z*eaNH;XVIwnRt?@pU(EdXBz`QB?7NQ7n`ckllfA*3|XOANf zjN-g{9CuyBQ_@{=n^U8#bl=8n<9I_4ojMtI#ql_e>z1O03nY6c( z_9oCeS34#?-YINmdVDMA>gX}N91!2qxw^?vUSf^Nxw`%Bxa22&TCn}Tf}CDPKqbST zTg`Mu@weqn*G2qInCZHhzb$6E8f;GO8*a*DJmYDbbe*m3fGS5;1YLpns8M_nKeE2 ztLFLz7se*V6~UTfr^t`G%QVu3Yn8?IvB|ZOTu&;lJ*tF95FxBec!_X5ZgIV6a?K;x zV8zu|mGJl7;9}&ijxW2DmFr@$jv}krKU@(1iuulKq@b^H(MSA4fZYs-r^S~v2=osPJ?KFkrFu7`y>n+7~vW?_*X+F3_ls5|3LW^tvFItqlabZkS zT-#L%U$(fyg=?h6^|r~im|UF|*Cxf)fD5HkuN~OX=uT;8ak)*d$>ee<=+Swkbkk_-K27S_*vvA z-d}U!n{DwOKc;1J7#GF^it9op$s0MUl-eD=gSETO;`+$sT1T#H6<4Av=hoR~?bZla zoW=E=$@L_;{*(v@$9t-TkM97N_`*|#>#)O=$%7`>5OQr)TyqsyjFneU;aX{NC7WE= zk;|jFnkudxn9o-AiWaWNEG~!1Rg+wU6xZTb(rWiU4KB)1tYm(yXr}CP(33-Y9!-Z?4#nsH@iXm5L#TBnKq|(x>9fL*x zEw1A~nRc8UcqIhS}l8F493*T&uZ>X8$9nA3o#noGJ-OOc9rT>FO|1GZeCRZDB zU8~Ef8|%48piMMHLy zYop?tqPPZ_GBJ7z*Gh|Psmb*Uxjc&N234f38Giq zaJ-j2J}bLT^xxv_Nlx)ka6$c7yzwf>5f7tw(X8Df;j3@)#hN)@%pAWj6Pff@ImRsl z7f((!#t7H$I;KpH9?>#6gbU*>#TBLUN?dGm-6&iOEv^quuGQq4q__?!N#18kGF-Su zT3kH~i-VA0zxw2pR z7V{49Nc(NT1==rDv2VIk^8Sjccp^@5!jQlPzQjs&vH0hh{Ie8)tm2=d_&tjMcXoU% zJJJ{anihYi$=^@$mmy#Rv(>v~I_zJyO#$Uk(G8!A3u85i*1}_he<*aTEV>0I-5kWSE&WYo{kKfKY( z{cbb&fy_Nh<=!`5<$jX&NAB+)MecL&5Z8T7SDpLuTCAxo=#fq`*V_ivH?NHiNX;+f z4}^)MlPk@P8#CkQ_DZ!AbhVG^j8mC$tjc&-N1gFxJ7d!MX3Qr>TJ?;(S{Wb7MZ0i* z`XDYiK8;m*f83mv=C)E##MUFocaaLhycshz;*MV+Nyz;C5Xlra#Qfys9;V@OL`9qP z^U;o`{_6u9B23lz2aCX-bRjN`Vg!Vs$={NYW1^3S%QivPgYNr{>4jn1pYVuq6n&z9dwwt<=6SiMElbCWr(- z#iN*5O^d98WUSu-T%dksU!i2r3eo-=rVwhG>ir+4wH73*WKRm+8jG%}Nf%8R6oC!} zdr*j;A(4(RxX~oLhGY*i$3tUStT9$f15A>hB8&rAQ3? zlLC5fmlXF~o$sSiG4a0$7lMD}&6og0 zuE-i2~1I99NrLO-?a#Q)76e=K>tM^YcXPqFi?WcO$j!l1P6YpYY~nfIQnua zK6gN<5Qf%9d*7n}@FOIxWA5F_r`j;Fx-06SfYtKedm z(Thx$(0dC9g}!Q%F8VTD7%fnAF-Y`(@1seGwLZ_mb>Cr&(Sm zc*sn!j0x@rk+N_{#3}vCqPy9Y+4Yp!n<}v_LbTi>8e|gnCQ$*1fWcEDQT0twx*^wn z4*@zn$c{B?fige?Bn^P#ZsqPZuTvXPKG*BAtJx z%71{)e?C%Rlh-u!FY6`s&yu_#_?ztfN$Z7L0`7U7 zDZeUOl6xMdtc5+|NS%svP-E2AmcnsS+!cooKz%JUksHR4BsS-&!%dM*6vXix_6iz1 z)7c|oUo_@_|70uR7!*1F!QT6lXw(yVqA$KZQtAH{BEN<_1_o)Po8qpw6DP@!19H@^ zw?QZcPSf0De6k(VP@mkyqd{@*l|G6xDTrOz_!pH9{wyLyoxT#dQhOV&2$H5bJg?;c*vYDm##>ZMA4TX=_ zMM~cI$hUcd;A6bzvGMWpW5h>UcN-tKNGfN*M=K^|<0BTg=Yo&SMHJonj*nHVfRCbX zN>$K*ocJ{uK6ZR$sfyU&lE$JgyXO1gW2Nv{?>{`7s4d?3m?e~<@bNBl^v6ek#TEh| z8-y(wJ~pk?_$cmb;iKvotI~e`$8Hu|<70cQRQTX?KK;i=;Z+s(!AJ2%mfjm5^My1N zK4yrNyzz0r%@YJ4{WXt`kEyxDM@bhOA5A5dGvK2x6SDD9iSnNdK9Uzwbmu!h=Dh=a zjFnJT=|6V;Y^h43x2ut8EZtzKir}O8GEtY6^L+3zSNN;rW6XMLi#I+-3S}sKJkK2c z@o~Lk3xSVUge@38UVU5RBe#=N58kAADp9e|3EH`heQvjgKBe844eh zn4>>F8Ys39_?RYa!SIp)rp8C+trk8$tgtHWhmU7jY>kgu(Nf_>Py67*ExZBnk@-GL z?~RYaLK+Gm-9<{?_=vZ8g5aZp=CSe7F`M|vy~W1IH;2yxAKO`A8y_XOJr{gbK2On| z@Aw$F4ERV)vG6gs+)@=ke2iLWsfyquvw^5f)>A(C7$E%B@o{wtwZ$7Bt%NcZK5l1@ z{`fdYK;Nw1F3x<#Tmuh?@-)!OIB}p^T_+tW#t?@DPVyUqENgsR+72W{&NPdr{ z_r^z(DmsU%LB{7TL`vTHsA=;A!N+mQ2Va%3#^=q(5g(b!HaJNBe&OA5k}1_{jPp7(RNwYpIIhBRNXcWx#A7e6$n(>iBT1rM7tEqpnbf z!bb<@=#P&tzdsW`Itg1ad~{i?@e$j>!pGy1W*~gr#$s!H^l(arhZg$aqqFb^z(?#F zmfjm5F{AZ z==|IZ{^JT^3x<#QziWI{wzu$ckE9t0A2+PBDs8l?FBR@Q(+3~Tg*N~` zDp#=d-uO8Aou%tR`i~z)O5XU`Wb*{U#|q73_aEPlB0geKKXZQfF-heN_!!BAYxjBEe8LAGC-#%SIzB#mo7&=y zkL^Mks{i=&9rF0Ee<-#P__#n6GZ;QA?{#}<*2H$Gmqd4k|$j^?rPv3>;cQQ6kU$K8_38Sv4A3EB8a z#_hS_BiBRGo$vVg>LuV~d7_1nhW`qNkBYY}RZ;p?OYm`Gnh!p9{WCB=-guMR;*F0b zLKzAl`l4~t|TrOz_!pH9{w#LWd2&r%lU1676A3RuQ zSJ($1C2z3w-uPH6q^NPw@yF{TC2xG>+dM(=F<$f7_;~pN;-l;u8y~kwDrdk)D<)*) zBNn&kf{)Bu6y5obk5vnRkD{wBe4N-93?Dm|S*jxVD5)Xpvg>gle5@4y>ivgjDYeBL zAG3rq6h7W%j{f-Quh>H1V}q~-!^fs#jgR6s7Cx%>T9x*jzuL`WYkX|KKq`FjF`xcp zqwogsuZowj^xpWGFQlRHF+-%}jgR|no*?+>uX${IOudizC~0luqp75F27J_ILN-1s zQT}tmNAe7c?tI6`yyt>jor0OH+ zk7Hx54?Y$NZvcGczRuEn<0D5%L*Zk%NXZ)?U2L8p__$v4*!Z~j9^#`I@wevqjd}Ll_^&cO8VO81>AJ4Mb z8XvR%Efrprk@CLv~=Bq5dH$DanX()Vj7b$t;Bi`l-f{zB8$Hqs;JBg3nD{Xvy z^Z8leV>=6MR&{6SDD9jN5a;N7_C>%)R5J@7S)T;MN6&?ps)&D;{D-K^fbl-~ zXea#D@!@!h+Tx9mx>j| z<9Dg>&~ZNa=q$Ve@DckWOYe=37*+HT_^2&X^2W!Z9a7y;>mQPjH$K8|BR-N5KWgIR zMM>oh{?#ldWaA?jx95V7lF1a^`Hqih5AboUiG_~=+k@ew_1`R25q!j+5Orxc)(0OA zg}*vJjuul}yzy~(n{N5w>mSU~A0I0eTL}N^3SkR|kNDXdAC-)+WJI_-I2V4ITDS6{#lg$&P|5%}UZ2#)Je#A#C z>SyBPF-heN_!!BAY%F;SO> zV|?&&Vl(-xhtR^SfowvGm^f*!$6$@Ucatx!@x=i=sQ<@$uCYz{m1SEqpZG6bv5~5>I1~Kgx~@ zK2AL7gO6Ps1LNb3dDIqfd@K>lQ25x#9R2YzUa^J1#{pprhL1zjH9krhU#akMxuh8g zAHTEM8Xt#`NQGauH?4?b23fA#*u^9;4c8y~ZTG88`EWsd&%=&#s9;A4ZZ1;fXtX&N8JjIUJqsQS>V zwBP*IZWdePV|%$&_}~LR{l`Y(4d7oDKh4s6<72*%hQh}Tk&-t)?zee@;G@6hvGFlA zjrb@*IHie?rjp7T@KKiu+4!hL`OgI($q!L<=Q}>;wQaA{N}HgN<58? zkK!LiT~-eD!N*+Tua1u~Pf=UE@i9^;L*e6j=ID=)>lIrFe7quT!SM0w;~F2ijIUJq z*uT!Iv>!fJv)CFROMZ|FZ@kY3AB%)H06ub`Wa+)}kt3v`@G)GZ?n%ve8)%jqrgYTg%&3kA2#;iu~2>(;G9u?PH&o2xTbyw2wLZ+o$o0ErfkKAZ)?x z)1ir4KT9Gl`*gXa8F2i^Vr%lOYe=3 z`9c~BA2UQs-uSrR<_Ut2{+h?e$JAuvqok&dkEW8!8Sqh;3EB9lMETDJAIU=~y7L_$ z^RU;?7|T#kg^yitS*qgKe=MD5sfysEc%P`t%7H%km@E9%@iAs9wPnB8`7tAfG88_Z zXO8~(xL&b^z{e}X77QP+KBDoF%WzMHkNt02mG;BOY8G4LW655r@Wuf?_*f*o0q~KV z$I^S_BS%O>;bXW+$r~SCY@Q(axL)(v__#NT_$Usy@p1YMR`3k?ILrdu_$b5ex!@!A zE{g7a$455y`WYDv^;Gy+xy(`(KYSEEZmEjkBX_r`%iMlG_{b9e>iFpO7`4S4A3cOJ z6h0;~M}K@YP;4RaF-_Ql;UoVc)Bk6vJ^hhA{#$Yu_}I<@+xRHK?YZEi z@^*^ue8Ef=KjM{6+e88nqsMn;3M-(QJ1VfKKK|Q{MGSsbuP8V8y~HN zG88^;XO8~(IKG$#3>p6>Y{BqxKQ=c?`I8y$sqpcVq#0=ZF@eR__!#+xRM_3y2OmR) zHvm488Q%K6W~Ggf4_-eDd@Nx?Ha?1R zdoK7WyN#kdM|{k~X_S~BiR1i849~B`JOU;scm^fZGo7amPQkI1IEm7gju#o}cs4j4 z=Qs~3>=B9UhR)Uf>f@7J7#T*?Z3|WJil|Mj|1~U#%;cw`c@(8SxiG<<^2}?H z70y3Lle*$6>OdlK#>10rS;XM1!nm_OtI*gr@V^j4ZG3*zXMW=UY5fyfe*|%!q5gjl zQ2(62UjG6AGxfig^*?#W`o9{W{)ojfvGCuvfB*lP`d`EPBP#O@?Y}5M{U`kO`uF>v zssGiiKY}#RQ2$o~)Ia;L*T3)oO#R!i{=c2E{x1ipKVohEs{UvE&(yy)>yN0*GqnH0 z0QDdL*X!TsTZ4?8eNfB*2y7g@ki{$VF!3+5koxmWv#vA*RxvhQePRA4kVfTlRa+za1{tEgwAon>qU9V})W1F~4wyum!_M{M{NK zl|NbdxJS|qgpV5}$VQBU(dr|qaOaLb_-HP?0q{{dnx*%~$H^BgUB`eR(D~*+ij=(Z zvB~BMf{zuN$DUvKE}r;^Mg7e6<;NtIGvH$+6SDDZ}GuL4X+COtZ$Y*$kKb`WAAfk!p9bo zk~cnHwRwWzV~*yr@v*)c@llERN)sP zQpEy2ln?l$;t#e}pWi5qlK2K!hX&5+3;4Q_-%}WiAdj9XO8-db^e6b#YZ_!Hl-Nk` z{ZUnZY1SC_5Qyc#2RjNoVQwRfa~pTZxH|NX%kJwcoSfk5@K{22cYI%|_-0|aSu=D3 z-5p7qp?4DM-z_owa^tsNLUoBa7|zvcsU%NK>XGW4yB>1bhL27KkOaTalH1k0eah?G zQyU@=)_=mI{_;mH$D+19BawfD?0(g1*-h25gDx~aLV`~|B)U3GjLN>!uJk=IY`;En z*%u))1~nd(kX_qYnjE6#KJDUNSmL)l)33mOt*F}XLKVN`JwH{5GWBGOMM@LOXF>cL zOYB3gNY)ZWRJsDBGboRV)p$YO9Dkw_8m|MwA~#pS79HQdfz=YyNmH#y0mYysRbFJ8Elqd zFiMaCCD^HmEF~DCm0(CnB`_v+_7-aScApp=Y5z>$_AiV=qoXJpk!-*Ik=fVcIto{4 zUFYhIn56zO*^OO=t^`+Mf7CuT4j@gyUSf}xo#p2$PKNBPmj0?yWygDjB%5C-NFe(qu%2bcvm+TR|RK$02M{l8)k2VXYapEe3{@2UC(Ye|cnFLdM4KC^=^{kT}hl{$y zijsQP&5p)py`-M?vg_lbep1i+mOgE4Te{H?aDKO{{Tc?qpJ~I{e$MGX2x9&}>b?X% zs_JY%fs6zsOxQGv)TmK|Yf#k07#$Sk4on~l)+nupst_yH2pNcgnmCCv4x`Zz6~$KC zx-XSht0-2(B4Kd>aRISv)!H+T3*y4on*Z~>=iHe)TL@jguYZ3nxifR`x$nN6_nf17 z=x*7BPwrz#xbSvmF;A^b!`>ttE!qkk4-4Dq0xXi>t&*b?>C z$@27I`)Sx|Z7^^#+N0Lv=ZsG2n==ylw9;syrr#flQ77{6Zn=qfIP4d(A^vKjhUw=v zC`OdT;fyVS{+^xhuT*zf0{IAf>S8NwK?zv84?}<9I-t1201qVcFf+{P1{kV38_znc zY;*%`_g5!%f?&Ty1P{}KDEd*E2{+^44*|#W!LfY*{W*c3;(E_UfhV7g&zYe3mkI@YHZ?Q%e8%)aaA(>AhJWhM>rWH`hCPG zA@|WjZYUM*2f0hfp&f&xC zOnkCN;Jfi`f$v}wPMl-lgMo($@Dje52}l=Ls3Q`AnweyD96S*CW_AvrF9p6&M+$r= ziZsG`0zU0y^ZkIC0o6E~ao7*5Y*c}<-@nI0ndqqMPfH-D<~}f?TAjOF*)I-(R&;W zOS+WzPr>`E<7d}Zh9(zQwtV8B1pTvG+Un1=5Nu(xuh^aM$#wS~QB;D90$zBuy%Af3 z(iqGnrwL(GE!BO$4$(nfvr^wKe7U2Qa*(UmoN6c%y}<`{t*II|}&uFq$s}MJ9DWu!67of-8K%HHhEW{6p|4#(PRusAFPyaB>v4<2*FAz0ApD zDqTVJMgmjXD$v{|(A<`S9KIm^-8W9v{t!GBV}(yU(4F5ySmX@OJTpk9HBujVq*J<*-t-QBl`6}~#(%6{9OzmL1`DA?Jn3-zbr z?!Gua`RbC`Cr^G9v<3+%GH^dXA=O>OKIAdCn{kYw>WLF2ghteUs5x#3R0QN*N4xVW zU46UrugBf@EWBtqUbLQ{tMDfNt#S9oJ8&4Q>w^z4Xc+U#>W@5H0T#awTxx*DhtK<3 z_pdL#2)qey!e_M@m+FeUZ9#M}@Z{1I21b4ckLe3PUepMhkc;k?Yw!&@8L2bQJ;uKv z>6YZ*WBH~3XQIdqw5t(S!?=wn2kqa-6!?cD|3#!ayV!q<(^PJyPJ;ep^yVDE47QB5v+y@=Nz* zo^m{y!BXufJ7J10Os5#;JFOqHwSH7lKP>8pMdsCzSk+cwXSTo8{Y?MHU1wi^U}JfS zySWAIXe=LE@0r|+FYB*~TrXcts6W23d~*HI8_VnK5074{^Z&rk9RCqbR-fBcUXQ>2F+`G z8odurb#-kk)G^I&-fMLnySi%J@bDIdGf$IaoqZ#xEM4SfS((V|z+g<)GweX^iW zRgMTs+q)hoIr%5L92p}HY;7K(O8;Q-)9Mb1rSGdcjEx=B`*DG zTrVO`Wlr~?d5N4#-O2A-ey&X;KR}cAKd?L7e-tE|($lxGw50yp#?qnnCsS^wN9Qz_ zPN+Ysv2=3%l*ZEf`oicHxIf2#R8y&umr^4yr6MntL))Gcd3htkd`R+_z;2iSq^44l znSB}?az;X8N{z%ch{Ti{iNPmGOdDk;@(>JC32uoOC1q1nVF((Hr;-WTvWEnskcQXXvyU zy2c7F2Wwya#~|coU;DzYZ|^xP%NsrjCTkh1rD4~Kk9uIFR0&dRPjCuPWMX=`v1Lf? z&otPdQtEyQb-#p~0xM8)_=DXS2Ichf0fgA`HE_N zI0U#6uvZ3`R|eOO9NIQK`1R25)l__yj%>!G;^0-!T%@e*!YW}GR;ijb)Jad{SaF~G z8QuqNF5&sPrIBe#mS0m?=*##$89p|9HSlC&*1|^2-M2Eh%*)#B4?M9J1}r>y`2Gi> zK0R?d0B-lxkPm^17aA!pc_8IQ(0W*!>L^@zLp21V5?`qBxdb*dCD?|#rDOP$9qP5b~V!h-s6SLg+KWa#%`t-v+T z7t+M^h3+-SJ!2sB*D_A#lORhCq_Z~J+!BPsI9XKi_!K(0pW!X6We6Q2N5qiU_U};w zpMc+pxg&^|M$!ttAO}*X!*gEIB0Nk%kRnak_1XKt_cAtVro-0?J+05S4mE4ZAxi{x z83w59T8~)Y5h%IN{>Ps1m(#8Ve*&$gUc^HD=j`KBsKG2mQv-yz!3+C$w+nb9%#4{L+KXqTOf7-#1_=(^1C!Co6 zLQ$@~aNsGQQ@7?974ReODRkabj1MpEBZHlE`eC_Qv~|0Ou2I{5NvF|Vw4Oh~azKz* zSYZwPi~4?7AKcGK`G{c%r^Bu@I`+*{v(}4SDVAFhfZ(|*oM`>V9B4ZFH*v)Md^2WM zVRRsr9i-Ra2!EE2Bi4piAx%5=VE4B=)TGhbcv*ANVgZOJrMGm{*CBAJ`cV~3x2B|3 zR#AqJ^*zL~MiC#+(aO16p4!1VnFS~z1-4@Ln`1!!;z z$ndjir3aJ(30wv5^#CB7hi*|{E(DDLJs*J|-a?hCjs9q^uX~3NBemgcZ=g-WtOlzC zp6+cQ{2;6X^uAdnoBCJlEnDrr)o^HB1CNT!w5u>%rSVKU&L?J+)9efz@9}_S-y~K*J1b*^dJ_wSf13eNGyJxh@0(j z?le>jG=Cx`umEr@qwFuN;D(pLDX88_`R~HAt-FVa zt)g5Y9&mscg@nqG(BD_KVfqPl)bOQk ztSp32dSr7CAhc0U!kg%t8@$0bZ}8n1K!lz44T|O~s-ve_0{F&+2jp78Rd#&>$I0vz z{aPsNBQ!8p=u}E99-N8NNIkOQ;LQ9$#gW%&rwr}mNLJ7t#f*>spmvX0*Aa!vo@xaz z#tV4=_6FYH!wUA8+!}SM&7;?KtU5C{8=)x_B1wDT1MpO=67ofHiZzbhy(`vj9do;} z3y94sh{#eVIxAw|#xJ!0`j%h^K8FNNMWO_2>e0?8l-~@E8Vv}1>``Bb(Z>8JH%lF{ zfOAwYee62BV7A~$ zL)6HZ$?oeFU-;6Z9ol()OM}z&`CMVKu3OM~HOglbazL0``I$NMvB;U3A0zE4FR7o+ zgt?Sy&(+acjpY;Sk3p`C{Pq%N%Y{*t2s=rXz41i(6FoeW9-SyNF=o=U=QQ~dJSu5& zl{$P2wb0m_g3bIeg5so=?YE_L}>adnk`k%t96dp@|3jLTBcB13R+)Cqni1MT~^_ zZ+PR*v#;+*0lbz1cnUw)PebAj2|S9`n#o%JuE2vi{v$IKYAT0r5lSQ0j{E>naI?!_ znjnBbN)SL)dYE-1e(5Kbn%>9{JNR@Po)#HI4zdjPUoG6^ki=Ww)`-Ip>0-?s2Hld{LNHXAg>a0*%bGCR3G5kMFBb-Je zKSHmDmcR^oiNxh<_n|4$Ch>RVHzIOczS==m*zaP>S0U{;WCDS?<+R_R743JZ0QP(G z?bH;RE_d4Rg3R{&tE~z4yZ;WS{XQere)ktt6YX~iTWR9O536akpBC2@OPfh;|wAfAJe=IP8l6)wGhZt}r_7EnDNh8@sKnP1PHBijL-W2?uf7@AW<$R>v`W`frAt79wOgUm zEh`dK`t}oIDqW&gdLsyEoC}_Gs&uVdExjZIy$6U&pUOX?()YWaG}^VL_-|5`EBy{8q5u5UsvPa}>>oMd*R|+T zvGRwh@9fm@R}=m!+Mgzt$V06!cyG}n`EkCk*&zLFp#J3U zi}0TMH*pz~&x)16K-O!_K?)iyMbV3_n^07%mU?JZ&_6ogX!`jegDwPF!SfLY1m#gA zDD#UN@g^&{KlX1jAJ88(o6m;_-{1Wp{DgdV4y`s~d^oF-L)WmTw1Du1G@P{mmTJEk z4<)nByC0;~yRN0OmoI+2r=X|N7oER^%Mea@sN>kzsmngAwjyYax5*Fy{ z5~;nI*nky_gchi`kv~K+rC5dfL=ULyyDyOeXHAVUpux$226Za?Rx|@1mSHpl_#VxG zTzOO&ut>h#ABAzyl^@W5%a)Pw;G%AZ{<^G}T;}p2ozi^3npoBzQHTIy;9vPg$-F3_ z<`q%^i^&TZlzP@VF$Kgt5%P#=i4{*wPk0c24AT54U`|^|`7S0u;5+#gUgDw6u*i=p zzPLIPbn-*%?<>SB@Od5Ozn1b3!PZp{ssPmD-l9g_Lb{ViB>5uzCCN4EUofgMPYZF_ zwent;*8$(e7in!cfgH}e>hkmO4CGr6V+DH`@miDGN0Wm9#DtWnk5cQTK1%9Q_0mam zwR+A}2x}k>%X8#4C+S3rHT~WsF%sw(qnp5OiaVs=65;{+X{4Xl z&#X-e-wd%y zM}Y%Yp-t{*rTJ>~AyF!m=-3r;R09v_x)erMJE%zd&A=RO%HDgZXU-|Y{Pm#!0si5E zPcMb5faF6Z7#N0KGvC3iA>$w`43XD)RPYCN%%{4w3sWj9J;`#Qt}IAlc4SuE893~c zeX05TINy_0Uw|qR7I=zH%y~ABVVq?$(i>mVK|?9E7z)hH-Wy!4u58|B;?}bDGtZIw zTgw)@zd0Od6cm6K|E?*4a13O7>7|ryq>v}Vi3WFp>}n@FP~d=rKj@exHi1~P8^y0d=L26*J8h>y=dp_T zpVR#6HbP#Sf}rCbEpp_65fS#fd<16Q~UoeZhTWDE?TZh&fXF;cEKf znxxs%>AQgJaX(H*wxFxQfV#cEMzqU;fau?z@>4CJ%c(X={>`|06B#+ z^mB_SyRo>z1QlV|Cx0~lt^677-=M_*#;Bl1odu<%_F~+BFF`{cG=@!Xf69Ry)nv|exJZ>A$ zkxS9P-T7S?%M9_=jFTXH#k4O8wV{EY_r`&4(rrLvytisxRJqdj*i2ltQ*#l~}ABc2=VoC9MIGl|hy7Y@57 zyy)=Ur7_Qa$m7YL8*${yniWd%O)+;p>-XAS>mTDnp(gcl(l4?ttsd{mKfhBB|4ib- zKdblPpVt*bRE&S_Sll)LeEv^5_0QFxz(1cDNbjE)<~gzWm;LjgpQiZd3)oka&Of() z1D7>>9Ps@Y{PULHDe(V?{c|a(o#daNVarVLozDF8Z?^&2TgE0MThL|yylr2N=>H%7 zdBpFGe_8mun1A`N@y`$S>blJQANl8;Ck*{2J`tnef2Dt(*t6?mnaMxbB>U%|aJC(J zI@ad|c6Rd@Ol~SadMK6wcc9ydb?NxT$tL(twr9MqZlAK=-Q%BmbNBr<&`nbXVR`Lhb zSrf(wX$sXxSFG;)$f; z$DZ~c`eR8L_^#95hVOD8s(ly2tbreYO99sXu_(`Xtv~j6e}<f3#sV2Yd4 z`9~Mlch5Kh^s~qx4`UM#!ykky=wI;$zeazo)CkqNK!l9)fP5^CBm{p+iK4nJ6`Ulm z6KxR|YX9HDu`}klCKGD!j=RvWyRkC3Hnkge#pm!JV=at>W?0s(5dWP=N5p2>{cKHC@&NI5T0YxiEw*LCXCI5G{45N!Ab#?r~N^ zJ(AN2YLPLCxM=>}LdcSEFz{;N1q~Z3A9Ay~c!Ft{IBfw&KAexI5x=2R>XWicO+b#%)UlY#dq z6bn@B+TADXVPBs-2x5rbfc7tUzoQaRqEV?sWlpa`fS0mMbZqdiQjGu4!aZPAm+NyXl9d8#I@1)H zM2Qyqrh_l3zL;kH!SDYz2=jAW&fH7*;&Ywi|I51utz*8^>(oSTeOzsZ1a>cpy#lbd=rmb2Us z6BIySt(F<9+hxpUy^OG5jr?IxG;p}j9ce2E+C*voKe5O8lf>2?6aQkK<94Xnj-I-O z2h5kE6I*yj{Lov+rxSl+_or}%7wtR!=@e?bY(o!^M)THIwxGk{Ve^dFuPdW5EM;M( z#_lw~utppIQaZ9)E12^(W76m2A$T2x2J<1tVe5uwu0Jyk%~;h{W*VB=+jxYTq;5ke z^L_sSEAJtIe7{Jk=|RJLFx^8TL0o}3A9OFTwwC>^yWPR8+n3otvE>+A3p-el{$%IebA1gxzSNHf+Soe!xVqT9nX|kV7kKCZ@`0EGh!tI)jc4hN_Pq^uRn zc}>rysm1kBs&HPu*>ixval27g9>W>`#q_V6#toM4^-I1 z`tA6iLJcq(dkqO$1KDow<_)1~H=%KNq=bLQwyoFX3ZJxO7sULjpKCFPaI&_$(Mys* z&{*4j7Cjp1+htuCy6Iv6E(Uschn);pLBrUGLqLeN{W(zvf4?(D1}C?6ZT@DB#vh!B z_h(5Qi`= z+JbDO@=P4X5};fvt_%{I&}4eIMapq?K@{r?)NJ%;*mN=vL2N-kdvaS+J2iht3US0~ zMRs>ZKJv7F){;Io)KAfkx`h5yU_s^F_e&_}r&BbIpm1y+*NX_CnZQMBCRY+*(aKn8 zW*hGjyY6`=jb>J!F#1QO=fM%YB9VxVC z!tFvcbE%nFhTt1zYi6$2%wy1~5z|bdwAmRJtfrPdiUzM%0)QT2^zW2!w>51;I!bE& z>aXbss>SCI#J1$k0|vTX_1q$OF?g0UTVaEq2qkx`s(x7W#n*ZqUhbmp(5!1FYhqUs zTMr0(8YojV(r!@QRmV`lZcv?fSC1^BWUBq}I|xkMZCA({XILb-!gbf39&?4@qF!`0 z?gED^1QT-Jmio+diS-$KA^{6HK%dzOug^<-eN0l-x8FJCGxD-cOHIGb^Z(w{kwehA zpholXO3wf1!<5>|9NUw!T!ne1i&SIiu~vMClCLym#KdY zTEOA2(fguPz+@}pLgUF|9Ab9_r2c>@!OqbKzE3cVL*eE0S#&w8$>$mpIm(= zAI;Q1xs;EG2fw-5(Eo*^MmnpcWx|>JCwC7^<^?>_Ui42++@|>fPxW8bKY6>EKNxg} z&V=BW@{afX_w`Q>`nv1#oMHaJedB+ifATg%zb)(^gdHaRzB>KCwSV%huevUU3H_5? zKeAr0A9(sx(iLg;&vvOao zJ*~$I({EzMIs$>%`t&){Jc;$`$g*WHWC^&*b) zvDlx2sJF!GXp3bNh0lUcE4*b)LD!WA&sbBYHezyQ1u4ml3t(J`DdhO!(kwL7u=r!0C*L#ZFIEy{ltd74( z(f^TX%P^#ACHb@h{om+M0}2SY)cP-sDn*X4!vk5rY4}@;S%VDx zZN?iX$s2oG!37^;WNzTIgcoWS+g@z`w>Ppn&Ht=WHB`c|*}>&IrFW6L5NPf$91iaO zcrkWs>LnaiYYnHddj|4ztK|)M^DUG-Nj*a+vo7ZmVxh8*9HJlP3JX~>#INJAF_P1jo${_thJ{;C;Ea=6#0peR2jf@SzXmGJMkVA<;(tNQ#rnbTk;{codK%AJA;jF=UPLQsX(fIU!g_NgQqRAcUXeCCcbOL!sr zJ4pIxj?vo$#>vD13MBqb1JccL7Rtj?dmESlpqoxZlIhxts6CiwRR%2bIJypO+G!CPDLCs1*98IWovRyQ@`3vR7( zD=(z0_H}g@+fCTDvqRTlLUZNEkh~xYO|)vU$y^=PHCK>@%|3~oDMV(jo9FVa&@e>A zNS-P9}$x_~PYjh(% z%*^5C;9qbf>p$<%G{SZ`B~#0nh^@NkQ|DW?%?QR6RO@GNU7x6>u)rNieFyU{oPUFU zqP<{e_VwH%aPEYnGpx{p1>{lK)p))ZqBGPCE}7Io)Ib(%jezKDVp1n1R`6#NLy`82 zaeFxL!!3-gq{ODnIWKKNBO{!qUZ~5xvLK>Ws)0)oAdYob=r$TGD-_h`N&DCO;d}#l z{1ck|4`dD<{RJ#X@!$2T;17JBx4=hwl$URpK@I9TEXk&4lf+%sWmyu}?@j$s!5m96s^NI0eEy3~1FR$}{V zcguq^IM>{S&cXkO7OSs* zD!=EN-)lH*Ed*ud4DfXbUrm164XP3!so70nPP+9aV7L>?LSkn&(F*m#2MA^#yYN{D zp=;13F6e>&BogOgL?vzkIM6SsF&f58v55?EfW%NR!mbOC2aJap7(I5SAM>M)8Q{Zn z4mC@vYN(=*QzS;Br+677!uhvX5I-;siyQQqX6g$qUp_5g0Cp;94gC~mL7gzqpbkyQxV}%q5~DTme9{htP2K7 zaDy;E@KvL*Oie;3imf2&St9Y0Vx8Ev2B(OmbX;|kwD zJ7K`gjM?}>XN>WuFvhS+^M^a*z{h6RpH?;g+jLy{(}|iZ1J{!)w7vEHR-L&=QUA1B z$j~ACy-1R*Mg50grXz!z$psKGQBR_Q+WdYB=8?ngAdB^lR$brtGzUmFeZG~rqQ0T{ zH*EgG`{Ywb(Xl15IK0yix$j=tAdig*+zd}uegi5%IiTj4f2P5e+d|VIVDP0MKwTd_ zfh74xbrVC9&jfBCz8PsOBF|~C+4M#;3Rnh_cfu!e><-MEV+-y#1PqzizPG56Fu=Yb zs=THE`+$j{2cDyNa}PlHcXvw@u3<~G`;?1^<*DKMSj~Uv5-j@^tQhH~gU1TtjI!g4MK=@`i~@kh*aeHX6)htKSZM7uk=TMxB};tiW}} zS^f(31XfW7D&9WY7%n4T!841asDHemZw;Rh*T7nZ_?LzMfb<8~Vyi$L5XHp*s1nGZ zI4fj**#GBEo%r7%V@frm0b4!Csu2z98uY5zKw*=qQfxBi4S7m1b?xE#2%D#mu_vlu ze+v^my?iKw*{}r1d9eSR42^w9MwLYOhYu{#>4c77cC+(=<$Vx9?>z+vecC3ZUONI6 zUmQh5k%>&$v?JlKGDL5U3=yvx+f4{kKRB~cCpsJSwb-g=W(fEGt>952v){al~BLAFI8`JFfzFG_t@{YESe$(aypd zQZSmuYQarZie<${De#pQyn%N_u{{tAdf~f-OuB$~Gg~{L5TSeI%dqQ!GaL$0r*4)2 zVt!F02C#xW0mI%or3!r)6Xh)u)Im*hTaBK;1goLD*T&)n4?;Lghj1|HwAPdf)#qGc z;*qbBiL!E^v47Zg(Wn^v@U6`|t-pTl+w_P@zAY(gj?V?EPu}T-kxA2lkyA2xf772m zDN}ykiv2A<*PH{I4$i%Nv~Z67PpgG@^!$C?&zuPc+ljU=f)s*MscR_@PX#}6we7Q= z5u}#C+sUh>9#ar~=oaMvSUg8_2M#!sU%*2fk>`6x($?=5(MAYIAU@E-IYkKZ;Xl>H zDq&guE1G4c%`~Np>Kw?(HI~cYx9L>b(!FQntendd z4%&%##bA_yTVDXuWgGkz@#jNcfR4QxdpDk1;x~KV_LDU>y(TxES~5M|XyJkTza#^> zn?vM7c;G|WRT2Z&Uytj3&GmF#Uu>?Y;QC{1LCpFHZmY(}dhSS!YagyRwdrdQuK#YX zhvB-=+(X#kT*}8i@=O6fKdo`8$F#)2+&{_l{v+aefiBrNGU3#c^az}+-@=0+NlDzD zg`+4as)l0Wf!`R|`LgrPHD5McU-JyRWG0+;<>gcTWWwp`-?~`CSq3jk{|6$`?KtoltK_?w61$Mu+0b zt)N6;_df1hMKXDI!oa4|pIvp;RCmiH+>2F5ZINnmULeDXO{JG#S%0#-x9?asaa63w3;eDUO|S50!ayo#UrEP+^t>&AwChPhjw>rLPrLleDdVSV{mb_s2#|9xzXV%ZHuSp8-y1vW z2&gUVvFJ!kFsvz+Nt;D)$8vAkT6dTycC@+!&A9t)_cI6eAKtjT#{ZGGY}>TUvB=3g z=L#4A1{Z!`h0gMYb1=?U)R3`_sf73Op-dqe zz2w;P5u7lu;Eo2^CqD7J4XXV6wH@jiHi>b#4eDro20ztr)@Al31AfT93=pq>OXF_yElJP0w@vg%`2h> zi17#hS=f(BtRdK|a(BU;eQ@Z`_tDFAMjv)fnlmVCDW1rBE+7A>N7b9$Fg#o_X_9GJ zmi@Okv(%)XxR%Ki)9%3Xt*l1#Rm`UJt5+@I5MIs#Y((3=*6#xMJlYKspn>nKW;H^L zO!zG90}XPE8mn_4$4pqa%FRqs5SDXqf6@v(buF1~040?gR5k#0v{74OQxymgey9cw z5I>s(P{Vl(ac$zCRRGM}z6{g^4(2@)_Rj3ay(^@k*N$x~82H^Q5HddGF!-&GaW1Iu7>W(&+Txh#N{gty$`0+zS>#Ag0`v9bdS!jL7 zr_f;BFS$NOt`!ylnIii>H4V2Uv7=FAR6vY2&Jv7zXT(TA0XwRc%CgxJu6XYvBZPK_ z&s7w)-r#a?5WdmollqSIa&jqN|6b#6*$P!krB7;!SdCqmK^gtn1tw-wofoXn&DF}e zok2p==bA*1YcUR+zaSaJ*`&;2*Vz|hW5(fEB61g{fF6mQht9!V@Ee>j?`L-?RfEP0 z+Iq-lv>Viwrvgn3Bbgx%wqTur|4}8uY`qG|YDdz>Z{rmN+`5F{;6KE2b0u6ib1h+Z zr`VevhRv!?eCGYs5&Lh*FSaTN#BON!%SZ1LgZnRWyedFQgMtK=-)aJ@{3);3hV1pH&SJZ}w zV@0zGcQdmxnK(E3#=CLCLK{)V2@6}Vy@F(cnweX0#)SzVvEr1-g!3+#Vf)L!_0X;0 zB^2pWYsfOKiDB0>xJC8+7`lib@GCoW;P7Ty;j6`Y26$Rd^e5UvLz0Hd=KtK_e-FB6=b+IO{6g<2z9GHH(1BI?f)tv~PY1Ew^6u7iokg}fH@hhzpCfdAaw z#)bw&tPk);5VDcKz(>rLzorNpXowe@m+%)nz@7sUqDA(_Vq730!JyRz*sDkl94=Y( zaetx|nK@Rl{b9MyoZn)~aG&AiK5(nMxm8BOt)eesSIw8G3?rpaC^Rp^XLb906q?Ty zFj{5UT)Z4Yuv#t9BmVvc{c`ygBZ_iizh!KAE!!~|M}SFlJ*BMk|8fjVNwSREX)>r0 zQs|fZ6^|Un!X6xA$h)W$(PJq;2>&WBt55Rrys1{L@@sQi!%)OSxn56@1G8#S#J^t5 zhuQwI0jz-_#wMtd!nj)=!p%C3X?3@JOuJx4zz+A-93{u!b9j@S30MDf2SxBB+SSzD zGlaswmMt&M67)Ddith$Jm~AA}LzVmwbuht=LsiuU^=mpJYXu4d4FWVos8B*b=9lgk z9_P|jddXG(E8Q(8;wL0m_4fS4VQJv+=I=Qf2pm1MH68q`PZ#+A@_br;)!i!|{vEuY0aS$ngfZjf8F`iT4FaS<{naQu^23jMuUCAzV>>wGm!q z1TbJ%^9Kl8BVf164!pLz6+BRSB<2)Bj@gwdw~dzP<5OTpVfud|2Y?TVYl+Y|(pLy? zQ_yazIJdatjemmvP^Akj_3&vzkY(JxGL;~Q_RVM0B0B@y zqc8274%ti0+c9n&**Z0^PQRU&UCztsX!Bu#EBu46Y}xej+6dAdVo4~@bI>#lpL8Bx zukugev-VMLT%~wyU)JQ!D#gBR=?L!f@*uxWVkbowd_kPb5w<$Gyv(uYb6Y+h<@pm_ z^@+KkjUUnP8F$sRay8&XTAK73B+6CZHsc}bKO?)*-{uS`ldhS+&o~&lJKU7LKM(S- z7U?la+?D4xd)(;S_#is}e*n;6j2e!Ch?4*487V8&DwbW(NDX}dKADla>1KpEfVGzC z8q@|s2pBtu-h-!Y(`9Z|AC(DXcmI)$l{$fRf|zC@)JF53+sB>t5+&IRBjp}0)i+Kq z)y|_}VR*@Z6+=ow#J%hI)?C&8lA#dRcb2CqO2^SN{fD<{{2(h+>DKU%z*~yF`v$E6 zN`VUg$(k|Ao=ZDi1An>!9ucrqCfJog-seC{G*Shj!x z$@MO#;wx~Vb&eIvIRHX>KyJqVBJ>~enNEIhm7zm2G+wlrFAA==9}xNTKz1CorMlOU z=a3I%=05o5Mm!ZesT2F|t4lcy*s7@_Y~^G5@!|*bhGI^`mB_S^dgD)q>C`%)Y!^ak zx*Z$qr|myIpGG=yeu6fDF9X~%wK|7~QX-A#8*90dK0#*ru7SW6;`oI^#9|#-7Q(3$ z0X6LU)g2SPcI zAg)yp$gT4P2>ezYsQ69%Za`!eqSHr?3S^~YrWqIrStaOyjo%9FtWvoZvd&&gpScx; z2I(t&@mqnE<&j(A7JSHw4&kl97TOF;#VxtUiLc`~;GC4qo&BvDSr^|iMCHBEB_=vn z_mxYT%c0SUmm+_sbxHp0&6bs7A!%=9&w+q%>E0r6VMg61Cam8z;0~SQ^w23zF6kV6 z+~n5gFGR9HzPI~A`r|l|TolsOg4cnMQ8Mjn5#>k?(Al@Mtq-R(zfq%~M8m`ucgscS zPobZd8yUI#%T=GtITL+KFG?_G7tN2sGi#y;(=p1e;qxKrx;=yQi@Uc_N-!PGdN5Lc z4dZoCgsnX}4AwQ;V%#TsfOHQczt>;UzAt@`&trXttV5{;kZLtn&~SmtllB1Sq)v2o z43t~-XKgU4KUExJ3 z?_qyOE&Dsphc?FX8zlJ2dKsdoTRf1C+btfwJobr{1?RD8M?>hln>gsp}sjy zGviQ!Pq?XBoEwD=k@I!eLJo;Uab|z+1B--RLXGf1 zb?{jLvNw8u=9vo2JR{Dg=j*1S5?U;Jf{)EJMM}GpNsFyhaj8E{)c4k#d-+=G$`1a; zDG5)b%gKjpyHI0=bttd8w=f8?Uz{}c&L&w?K4qYpw(I;i0S;hyALDMdz64-P7OWq|v&33{115Ce zz~sY=fXT7AcBTcqN0l{a!i4pARDlGU8d9Z|W2I}Mf9nQ~jNAbKTcf(ikU4H|U3m=D5rNW7HtmOWZSf6(-N1*d(JPRkv`ZWfoGQ`-R`sueHZQi~} zp0P_nW=^OsnfT~05jir|8Y!NvInEY?4;}^Oc6}(63(ObF9drGltOzG`;vtdR^fYY> z%h8N{B5SZvAm#+c|BZqFD`sq4$k?`!bLYna@Hq&R!g&`O z?q7jBG*`GQSK=FOUneHKJpKNeJl~*%?=R;20f_|pdZ&*C;fR{acL=mtufFLd*I{Heq-xqW=0yjN}?$E_#) z*XoR@M97Y=m$v#IzEBnVtGZ(@g5*RfE0uJtK;hIRY;dgY2Ir2cVIre|MExA2lK>^; zc5zqZ6!p{}oI=6~4pADGYsSOl2&Xw>f@3a3e$E1IARbe}c<>Jk)?9zQeq0t#eAXS$ zJz!5e)<^rR*S|*f7jUIlr$5igKvmwi3VK z8? z4}8?k7e1)JJkQ3h0sR|y9b4~e+*RSfMtFoEdK1?ol^-qkXTn3YKkP)t@QoZErke%; zGj0c;?aspTOkU3^YLGpea5#nfwSBlSJhZ@l?z>V-;!>iC? z3(=jgfp-RgU*~8&^F9EKL#F?fJ&BLOe^X2l(f`oRe-vlXsw+e16jX-1`M%)m+%>L^ z&?34M2Ed3D%jo4u_W=MlWW@sY!QSAujCY=4KPyW-pTfi3u!4i&J-Oac8RM5WeDrp# zt_-g5Zr|j^+{5s|hxwJ+%dC#qxHU)>6E#b6G@_?<5tAdkeZdXGA&F4AQj!FwTXz$I zK%3YV4fT&f;`4h=@ZT-LCZYUvRcWFbRmgf*6~Y=(VLTdMr<&`B0$QiMeBX1bP z^}^T}^b{v-@K$`L4c>vjh@S#GU2`s^Ee#Jo@uogm&%wxJ|F7Sy5dqqb2E zn?$2#uU?o2nZa5(ICE?J`_{4_&Io*(&5`*=U-l}x5*Y-?Ps9G5PRk16z7D4+H)L1% zODe+_yvMoN)fIbHzcLj0<>N7+i2l&;xuYh*ZH?T?A+eYp-oCmLiz^B%gX_@nmHdeP z0E{N(y~rEf?G1j*q33Cenpeb!j-FxvhGE^!@4`sigH&R6xH5F8O)D{)FDDqy<vS+lT@zCyeW*OrGq?3`u%?p(f!Q`;C1e*Ly(;Q(G`E zXo|nuU9xPZtNV*E8Wc^N0p}d*hQmbdKD&=pBw?ytX_8aMV-k=d!tZ+2H4eJ%R@x=-SGj#IOh+lcM6!t?EJaxYg&bRjkKlTMT z%L1i(58VfRjXAz8WYLYJ@ggJ&>lX{9(k`WK`w=sTh3KoAZnZ}DN7?4tIGo3|#ca|u z0Yb1v7&1mV=Ee~4lXmkASTK=4;^Qm%k{iE93ex>BmW25G4;9+p@+(c-L@F803lF~Q zTUfP2WFUQ-(u>{jfw9b6vifbFR&uD~R^9}Eze9d+^Ku_N6Ax*BnFxO4oT4*o-Oax= zGD_MEr~8-;|FMQcQM<~tcAcQtB&L5Cwok_V3O#QdA2ZaUVhcnN!hW{Y+sY6<+rFv{ z9q0|rf~UzJ-dKLDzn6Vy6q{E-=k~KdLtnfBv|x0s#rXuec;(PHMsmNOtvZ;H=D}5F zBj+SYGV^J?2xyE?MeekGdbLpa^eImNBnLC_>4hDc_;f6%?V+HwJv5nn$tT+iD;M|; zZT=mSP9!l;GWSg6Z~9jxGiL8uxdbADlkQc~t6g-1TOR0|8|?4QisKHD`HlO=Z%D38 z`JZ^0mApgx2;n#yB!r}sYsA+w{ebKOTa?DLi)<_VU1<&d29|u}&`(AV{UUlIjSJ3P zco!WsmBE#j!B=AuCie43j4m;#9MTLHa_Gsem8ieK{(PVhz?8Pg4Qdo}UL=_H*oR;> z+X#bSBU17OUvnmdJCHI10AKKLzTlVfA8h)rM5kIS(a2>?oS!+&n0d>w|OM*$;{gZpswwJ$Wt7oLJ{ z>A!lnzvo@{cO(a&jHC5!Nzndm}%Q?}V1pfjQag@fE-*OCvrTh9MbTl(vAvcwa? zTdC23itn~fKrxqF&u}nqJ#!Z?%oa?mSAyi+f{FD77}-Yt1aDEt7G_8a=2YbbM7k-Q zNsRY;b)i+iL(jzF?9K3aOgev*QyHAFe{N-X!2W@XYxR38g9q&&c?b-{bhVHBouJwF zU3K-#eC-F3Tkym1#@X4&`imyFfgQBQNHY7YVj9kLU|G@{>%tu~3g5xY(w_ zEAG*7UvOYtk26THT;WL!g80w?M*Lb;SzGvms_}5;0|mVOs=+j=u1i z4licz#|9_#${iaX&?`_;Dud^a4Ib1B`1b{JpdkrZV)Lz)o_BQkphJzA`0V-D&C`cS z2~nC0{swpb59~mymh>eGtSoA{z*Raq1Y=b?on`EW{$R91Vvf|yJ>6ujzIEVZalZ7W6EDOX_7FwZS3j(?}X`P=Mlh7`#=J>B_B|Ot3vLOLIx9C}xcq7V;~J zugXC$ZN?MxD&VB!i@8hinE5m&e9$2=oHZxGwjsm7BC;N~@kUI6-32 zSNMSZr1D$j?Tk5^_D^g#gMUJ_jwsy<^B+V9jRYFR5_bf$na-3@s}gJ$Z{;5tJZvGy z;tlJIFsG4AFxVX{1NooY!ju`lY&wZvXN7KW<4XZ`wfxS= z%s*0w_3$>dEO_9u7}!%QtkB?D*D~X9^{-{i1=f?ZUdAa2J@zA05hBE+;nyalTgFR|tvlrI%f~QUo#-0^p@& zE6^jI4US%H>-BtVeKtubjUI|Kjy?6p7i+ik%XXT7n$w zL3-?9Ey}+}<-SOhnotstJ9*XX-jw%7?~c7M`9jOz*W^jM{s`f%X_6=wwotObjw0;8 zI&=%>Z+7piWy_NwTk?o;hAP^bU@c`^2eI2h5{rqfCY_7bud$DftPd@tI)NZTEjnxJ zf5bJO^}T7oWNl|bv`80Mt_(vE;0R22LQDWqyW(!@wtT4@+uJ*dj?|QeDI}yVD-^gQ zYn=RZKjSI1dts7k%g=KcYyxdF-y!@z2eb#5k14Xk_&?;n0KFLK5c%C_q#P!utMj>! z8QPKcK4$GgGx+r-LXmdaLJ0F9kP18>SedK)q~bzBB`s8~_oPQFGBfiWiokaU;47qj z7SJ{UI8%j&L~KG0{kcM*sHR0;@7U(P5W0gE$ltj8V%rVg8<3M)6ZAv%NChN%XFBT1 z`K&KvNtra9rlX?3cQW7uEcX1@H}3r0Z`>CyTQUW3S?w!G84crcdHS%rLV#r!ZL3*# z8>&Q~N&|w7KP4G|SP2;r@;_U>F81w5T)YE04!hReh~zFj_)(Pd<0K$uCcCd|Q|tP| zkHxlQ|7jKOO+zR3$pR;@BK}Mq68P!?Un%h~A%9>=s7T?8d966Vj-9%gpqf7gd!vtg zine%-{}34PkH<-T#qH4#2f@1AwoU#f*(eiA18=02rzgM)`mVu0E-n1XBkdE?h(xA?@1DO7 zNSwEMPe>5_VuD{H=#(<%@-UvV)RH^Xqa)^uh~N<*R>~X{nFSt+jI_Bz`nzw`tBX60 zKdR-mK1Ly}V2fQ>guLHfi4bEx8zuoA*odf!^Js9B;M z{1jTmeU-di%d#*(@`clPQ3Ex7WZikv`8%eXX^J2cbzv5*y$y5)r)l?L4qQVZybX)E z_)mB*j)CVdHIJcr@gV-|j`#pS*3vKV{H24nlaMJ(d<~p(=JK~1EEz>j4#mGYFkv{0 z=_uL(m^J>SJ3zD%@AR`!}4`2GN5V~6>LZ_s|m!LpCrX6iaQ$8Bq1N9d* zC`ZRHpb~z{eEiZ}9KVFwM$8?oN96@cp_(L_=KP{Yyv_=xJ$dPikLbYdUQoAQS5vLp z|G2gzibM)WEZGMyt&ls>X`YSUND+q) zX7rI$n5IC8b$(KgUXn;PWg6ipq>T$ljz7XI9ASKWU&69gxYC}*@xz$DI1=)|#6uB^ z$s+yc1{HYLF2JdR+YF1O^pY54X#HD75$g2(B`x}WKGdS`f`5+YQjx@MqZj2`Q6Y0I z6B;2Cj%BjMaEzeguzat-s5^MVOOH&_^4Ar5W#bS|Np=K!O z5TW|dMX$b9}1ofiqlpuuQnm1t()9-^6#j?|h7s@oe5DoRvlhDbFj7|bCOg_a!gVofo!(kp<2|%uT zK5T2(`ncJPDVe6<08Kv_lc@xm|KQnL*qPn{UK$3~8_!FljXrH!fQ) zLRsSq=}&PM(<#RKLf{i6nElsUexKI)hpm@-e2`A<+Q<2RU&8x^f}*Wz`aGu`Mz|+G ziKyw zFr^_`YB+gQE1Y0`U|ljV;E8?$PXxNdv@zC2W(N+y-uCRA_3#h7Kr{(x#L?~0Na$lt1*XT% zG>^oSzImo?)0NZ5#PF z#Ly|t)#^EuA=OZ%YY}hMr7ds86Xdu^gZ>L|>bgAtFP^`&vbUk%#G~T$yXq}NKj}l& z#3NrQD>m`OaM)8I$Tb&{Z92bKB1dI=a#YY_pRl(NOaH zGt>vC&xzLuo5#ahifxem9{=8 z?}radbOT+j56YXNKe77YLrp0N%Ns53VT%zRg7$@J)^!;;1iz z6{O{sD21iby{-=m&`I^dg^ek+h{tpC@-EZ|pV0YJ18taHAL>$l@UH_Pyw&qk>x1{7 zV*KAyEDEBjK)|HygL`>CyLKMmy{4T**^Y4^Yve?4?;xk1KQ~v+f=XZ@QmTSOHP6_ zgk!1E!V`Agd|H|^M2#vR)7AQ*=T)*Hxjr}ujUCDLL3h7+eQ--Cxjq=_AFmI-ifgst zm^AglOMV-xVCP?%kDVF+S zWBu;{ssFtkV?aYv{f~Vqo!0;4(Tw#!J{}%C;-~*?{qNaiUceLWP5rN4^W(p){x@RR zK6-wC;r{XZ)sxHr3+sQ=yDrcFi}k;porZoB_lwi-s%8JR^}lIdm%^0#pZmu5(&UeN zaZPNYox~ED`$5es?E3T_Yy&j>OIm#FAK%i#$HT7mKZUvH2xZqsoqE@xVp7tqZQaO z03EBkaDN*o30T)CjqMM)V?XZtBV~OYULrqjU=OQQnq;$o>A**rFK0oxuFb&|<50ro zp&>!IJbt&8y<8UFvNAfG#%MS5~9)ctbDzWqDmdczLK!(h4W$e97%L6oesXM&&zSi9S6aTS2}701&!o^^ zU5o($+G_O;tM6Kvq`R9U6gsES3SEs`&c!WT_1|GwhOhZJEXNW>& z_taoj7=~ORL*}6da4J%MbV^rq*DmZr5zZTeFVy9DK@|HX3PcGBsk-GCMs^}29P`^V zW_<@i zFjy@I<0@?C@Zmg};oB6=5hs7Gz;nFL@{a;fru-&P zH!nc`2EB*u26)$E*ypzj1NMJ`Jmu;uc^o;6M_Ub#`hv|ESek}D_0ZkC8{4s2p(fsk zh2%T%$6K~(`WaZbX!jxQ{&ilKy3>A%6}*`@1uC9e%6DJ|oxH;y{uX<9J$7spwidY? zJJa}(?FM}~Y!BCHkOBM?`G_Ooiltt0;x}B8K>U>X(-}h`A5bf9rwaQ7C1X1rrV>_T zeBHmvZv!g}^z?$d>E~uZtRH(ZZcEZ#iTye=ll;Bp0Woxe2TrYZjn4c^tROlOH?iLb zh$YLC1o`TI8w7`0`=2xbfZN9&kMtc|AY|+hOvPVsI4=bTDzJq-gYZ6RNdJ!|jU|f_3eO=cTo<2@N<QQTvBRuTcUeUQP)Z;MrC4`D=3qCe*f+X+ z{&!~}lMTL~n#rnfYn>1amf~N#G(YAA{LpXCaX~(z?mkZN+X2>z=$hAiucBgXmbJtC zhX)s)i{j*#N3}`HJUy0_D=Kd)sOd7q$RxYIHzOT<9JRsTi^3P&7aRY^mq!bDP3H{C zg8$oF_~N}RT0W|#HIS~_v~!qoCaFgz?+N3`5it}s ze)p%~C)Hsao7mFB=;=@4M97}!yE+X5sU}EEj=^fYscDbS!m^hAObn6XK zmr;Okwc`2cdxd$tl%XEDY)>@ci!tK~*SE*|>x|6ynHfjSK5t!N?DOP3+vl8A0HYb~ z^R#l{>(|@m_sdeKg$(Hj8jE7_Qrls9+A#~*Np~zv+v&%d~wr-VG^1VS>N3$7mfYiv-uvG3RQG| zn(+D+SjA^g+FSd5iEX~IeyV)mRQuh2k)g@IX1|HND*sd5e!H=FoD0HfWM}bkTla4gREwzpon>x8FI(!hYY1ozfY9AI$h$7MRKO(xF`qzmFdV z^WAG>8uRV{X^NEX!T!-gG=hMc&GUwlj9+KpwAYMm(i7Pqo3E5WhuMrI*{FrUF*V;?onDM8hWWS3UcVfVU7dRK1pH zgSjMLf~iAVmfT_XfY5tS9cF_8rdmJ{`C>_i_F@UD_(xeEU@yT;y9#y6!>pynSD~VW ziJ1{K9Q`QC{bi@gt*9$!qvR(2WrJpQrN8W?>J)j1^_PvG4gc2*sAHxDrGQv}?Xr$D8ZyE*GTAdX*bj2lmC;OgLM6H5rY%ay=61 zvJLL=4SyxjH0f!N?_4XR4v!LxC# z&fX_YM_J!%?U@+$;ExSES|bZ#-_ivp<~yDLuOl@w^p_>ZNWK54r9TJzw&h6C3r7cD zFIr^U&GH?KPi6nK>7zkNz4#RKQ+D0=Ff5&;{4QLjg&(C8Hk~bfz|?*1^`{Hb-+}d~ z*trW?C>QHgua~vpL5my>tHs_x8%mPW#eqHY|ytWvHY=l5d|48o_qTROQSG+IGP8uc4{{JUpnhQ^U9;r{?sT=F>(EAIiC*? zezVl{KVeHh8n;f@pWehCKnPh{Yb>TGo>RoLecgW+9p{vTcy%hCPsA&?I-mHzTYq|R z1sYQBL4ReSqB}&$FrdN7fCjbe>KFs0ww<#6boHrCQ{RnaVVO^THu}TmK6=>wnt`RAPTY`)DImU9A84lIv^e2ZIYI z@~Zq1j1PkVTYw-{J-$Msg_xcfB9>T!1#JXD&uzzpYmuLF8x|o%`tzYO%+LI`Fkasq zb^v_$lgNqe`Sr8#QutT8@2=0Uk1d3!9`aJEr&ja5DQYP3+kbL?z2pSWe}uIC?fU$B z#7Y5GBJv~;xQF^At$OG4>$eSMeR9jqdkJ6C{CauUp#9IyuOG-odIO`{id9Lg)qi$= z-8*Ve{7IRgNv;3=^YiORVd0xPoDFjbo>TBmuK!6%>EA!UKJx56(I6hB?QwqHed8a} z)PK6PzO?0C*8k2)t^egwlfDFC7_6b!y_Ny4cD7_iN{X%3(cY z?3}m7elS1(T|7TeR|)(z%q(gnX||(tt~DKxVr#2jZF1Hsz+=N_47qg6O;t6p}N(i zDG73)e`pyZ5Mu&k6~S}3m~P%5v<6tZ9QgQcq>QO*wW7yDmjc-qB&$#{(7XSSy)TcC zsyg2%kU&_%3CwFmrR~-m|>t-QV}T zCwdcV8_vLc2ghJ(@Hp)Z45MY}O8alN>iK(G^AG;?9D1iVsZW+`#Dj(8U^uP$2ZxI4 z73Ci!ROw$>{HW$TFuhQ=fP9B6=b13eN$e7wTI&Gbcw~LF?GjW|JTcG_dRMzGF@j!IS9*-WW>7ei`8iv$vOzn z{IQ|TbWNGvkd6|f%-nbm!h4a~rKwEhPu3-d(pvEk_R{bJN1ijEwaU9yt@hzUo;G>|!FM*`JykF#f^agk8u#cxHpsKgVn!E84RS zw;;WO!$P7Gt7yD}#9F16I7B5h6pgYkBytd56)}LPw>SqtFrU_#?d*vdrQOq!JXY;V~j$rPudvt4_?B)lJF1isA<(dxbs+89WOi|Yju!*vm%Bq zhT?z0KX}R+#y{BnKHXC{E+QVs^AApBCQEDn!T$1ULjPbE-w*WZdCF1v2XDSx+ZE4?fx-{=qwu?(Hl5@ZQh@R7Cm*cQf^*wf(8fg72z-@TCir$HG|uVB-A1bP5(xDB&M;|4hrZyoGJL2T!rb<8%)u z$`4HM0P`Ug9VN<-h}nPRdc!yfAzxSxJ<31$n+t55O42`g6J#fJnJMt^L-)w0(9MH? zkds$g52AfLzx%U()UWKr7dC!)f_Me95t7bb?OM@*n(AjiGNhdqIPpCgMXPggKnzao z<=FHi4q4vO3{aegZJs}pz<;*h0jSqx^@>=fxjw*xNabN1^Ji8s8+p+p};^ z&e%8!geRN~9r@k&G?#<68ZUv6BN!VugD{EwL3Rw9GK-`-$IjTbA~J(8dVfxAe)q72 z!@{#Us{Fyz`(nNyy_;aZ(f&gLzD#{739ZJlK}Yc4-v5}~{v;0Ckwqx>QS*RS)*rp| z4JPchlHdIe@&|{ng|p<9!Z`lJlWhNC)~~enl$`%CoGM}bhw20}P*`4J$06D2YheRE zp3gA3`gGTR4@)_L1N=HZL%n{BWw$}Aj>FR`ZQa#&9K!OZ<1l4B4Be>ubYIQoqwv>+ z@(1@IKca2d;lIv_!Gci!;15_{in1t?d~_{1I{)D0QvkN1kLq>(7X5=|%Rp3tj14Dh zFGQ(r!>4`vk2qe4QuV8^wqfC%Cs!m&Abj#}Le=3PTu|)rLfHPnJ69Y3pap!6^bcO~ zR@gsy5w2C*Ux+kO{=o*Mf@#l%y6J3tJ(BYe{vNB7$UmqNT^;*V(IdW&W3VC%>oxrm zjpmki4Bmg2jc81Fn}wW_Z|)ep{j3-q#Que>gswsH5o-T~KI1xa4+A`u^pHTJh$kZL z`4fm1o7Bc78u4<;6p}i>LYNAyvhev8>aAMMRA6;Mt{4}~iZD~LW3?K+A`%6!nnTES zVxnLteuwc3+AoECE*wAlg=|unpBV!j?H6p0?-w)Gt zL>Uk}^*zZ?eKmn+PvraTi0(5YyANTS`e%P9eg)q$Sk;z)FaJE)02B_e0o;dCp8x%2c@kjj^{CgkuHvYXVq*o&UuY$N6 z&%ZaDi7Ku6_lo4zg#Nujd>{4axSKcG^C#}PRoet#$G_KjniCNOp5Iyj-nGXu|8Jw@ z{{e*(uG0o@b`&l+IRJ%Gt>tEMDfN_*j`g;z`eBovYf`JS!!j;NdL{?e1F-{V^F ztk!Ql>?8jE5%D3a%~!nBqJs0#ABvMB|ANxje{H%}Y3l&}P^|lLZV#>S%6od_Ha=35i}&@>KcB zF=(p&TW#pS=x^L#ZSy9vefIM>@R38{5nfcgDm6U%sIi<;NL5LBvYV(X(bKociHgIcwpQpHwpm_Xc_P&S3;}XG8}(`qp$8d z2-TzHXR)e>TAl42tkyfm#@9b*-U9rGx)xC%C@Md2Xu8)w3j41HmDxym9u7g`Y18kk zJBFes2r&NjZ9|7b z;r!Oey6OD6mGxRalzgkFI+d!S(D2F3&@P92G^aYLb$yb@nc!|?N*I$g;#9X%;xT$WU3m5E^3L<`-#!})rrG7(jTG4UYnmo>_r1;i$8T( zu77IcpZJOQ`4hzF>pAJtVXq5!XUOZUQORerozLXrk2gC?W9NUr2ZC62s1l3l-+>yM z*;RUhF^Nh(!fLg8{BP)2(z@am%m2CRcQOj71kx`42TX)nZvY3@d2;0u)FIHXvIOVb zw~`l0W!gGv54Aes*QkJ^tx-v>l>8AJRyZJsuv1TdzP&|Vm(Ky{GFnvWi>>OG@-nL? zqqy5x&@OXg@IXOf0sbuSBo4tw93;sNT%i9~q`M{-uY9Np5?Y2SZ`C-jYWk=D6`sed-5{>_Q80IP9TUrns@6IhU-+R}an0 z1|3d%#_5j!{a*iCuYV&a;Nfh9XH&@m4h&twEU7wm=Jtb&c;Nva;16Scv;xD?!6FU^?A$nk%ezgqlLQFC6zd3ywbJcU6v z@aaI>`R|039sOHK-Rrl4>R!}ZVQEN%m3OAMb5;EbP1t$KqXRvU=eF(9HSN6ckRe8= z7m40A|N98+&REh7+-c7nj^t{Zf|7(Y$`a_p^`)>56tl}<3|6eeVUT7ca;Du-Hlkb6W?1AFI9Ih9dx-^{? zpa~!?pDv>SjQ;5ha%|(#rKLJb!~cZzqyoTHuUHM8POZF`n2v zM%Dy7HHY@pW9%E;(6>8bWQq0P?nK}=@+0$Y|0fOxR8KA-j)`y#@1J%QHOQih1dD!M zrZ?;ZwY+}Rpguw;=v72!tOlshs_AIeTm#i}j9YCPPfLe%05d*c=*ueDIQ>@3{~p#Q zm7p$xL)1-&C}4KZB*K^uQFr5g>KG)dG~PoT$4GaneiyWB7a3&u{F!i&;ayxy`)V<_ z%R|JMLd3IlVS~EmV&gic|E#%}4d2B3r)QoE*kw`@V23?FK(4vk)s6Z(MWFVdmH(;5 zXw`0XWEW!PgLs-H03I;iZ~|aLxYzh=XaZXPAHeEGug}#v6qbJ_#?GfCIRfwNkcQBhZS;9Y`-{^@1qNP*P7drxCkL9Wz{LkNhpCiC;MgB_Kp`k{ zJ(@A5jsbp?F!1nVnB+_%@?|iNiOi+FR0GK;NAAo`fWOD99 zByq$)d>XfN2}+57P)cN5zO`80ky5GyCDhW?q&Rn!|LXemQGRc|du*U*y{~Zc4T8p_{HgWa7k$X<-=T&xorCpFxUf~Txx%(| zGiDi41auM+I{BWoWG_>DG-2SYEji9KJ&bcYaFTUw3{b_s39b^rYW({^;~!wvW_;x7 zbnu4-^EC|f2}6*$R6cQpMub0LP!aqAIU*7KA)EXm&&eO28>{(4w$Mk2KOkTd;tvd% z82;e8-pL;hAgw|3hs>yeNrRdR-cc*yQC*KQ^qxXHPS5`#!JjpioPP!Jr^2WL@ao;N z)r3gSxx^77x%bJK5XonKbch6SWRfzsO{A@S5af2nJPof>gL4<-my}WyBH2+x9o>XT zo_ew)$ed&F?W;sK2r7Amk+Y8H1Av9(xlXFYqCvmfyg>eLix5vlCO3Q z1CKf|Rl7MZ^ z1a9ufJ6LcqVKwhw(F`8$NX^Z`aU$}@eT8c#d zR};o>X7hc-Z<=TpC3$}MI_A-V0-#~UR?`u-me8l8&gdQkPvLi@BS&@7??is~CI80R z1G|@V0fzoCv;g2e;Q|^J>Y}{R0xT0ck3K&3*t8iZTKH;{f0qs>P4;v z*y~ZmZx(mc>yeCoPruiH>HP3vzp~>G6Q3jNp>rybF?GUsFMczzYx4LU$3LRw+dG>7 zl~KMK|D33b+KFWRMqxiv8_uUdTIy00|9UnIzjLnouEuYAbx9rzW8yci1z*IWNrOWQ%E4~jTFkpUFwQEsBYtT%3f$UU_}G=G@kxS8ruzI zJhF@aAQ&g>NoiV{8xu(Nj1G8GhA)Il$5V6e8tz(g@%M@l$l3bgVE-Xc-DjyD*NPTz zpjX~)-P;YpkG%)`K5$*?TG6eGRj_^f1!Dp|J%blsR1~O4fqk7{RIqK@ZyS3_KU)XX zsrf6ZlfVhGv(e|pxjis_$C6htQnXbK!zCsIg;MQGw=ppIS*)zp`1O>AkB9ixYW#`M z#R)wPFCq7{72E!&hZWoC*o&whC930mQ9a~*KY$&u*P*8;xL<}B0B$G34*1DuaL*}eZ6+e2c1!&|H5zV;QW zn42dZp=#XL zy+sA}uKD{o9^iB-@wj+Y;NoH{Alm`^y!%#0yI1imX1H0~KZ~(t9Am^L?b~nC8FnM7 z9$Iqn3T?20UDHH1(Mc18U>9x+B~`m^j8)q6pB-_&#Vn#Eir0ZR$r2=(vG}X#{g#WR z=7Romxl@M=qaRmqa4m3S#L$Y>*tvo>%f5hG2M?3>pBs-Cj6utHIK{Q#T^a-M>u|tU z&ERyEsb9O@er+l5+rA~y=kZ#5*Mgr!zUEdR+%3IbWWUDI@ipz;L~nZieTO@^7Kmdy z+-0VELce?DfF5a`{qA~x2hygT1&>cxxz@9w-y4k|QGeXFtwp8ZNaUiLlx5(r?yd#*%R?32#s2j*yJl7_ygcVprumOxE;;y6 zF?KTL48utN{8dN2cZ6K7tbBcoYXu%%=;qgmg~ciS9=@=+J->%7EbbutOo*6KIGkXi zUvY8d{(AKic)}~)?LU_Bj|}^d#r&h2{IN^j$3K9}^3FW|p>efdmGcj*ko;?P8MOd6HTNS0xYc_doGc>P2{8}h4#t1edVCq)Ix@XJ>a)8j zD~+8uIK4CQiwx6;fVh}f@JS#dP5LQTC-dPz#vmNjM;Z?CxW8NAaoL3! z>2`&O>sh!XXOUEVc~TJZWimh5N5$J#_SfVf6XRY>@l91_nS5(t6OI&)gkv4PH5|Wbd^zighGjBnnZSOUc@1#S6QkQQ z;)yAikO`F1Au*Z$_cE6oEF6c^=cMzhgjboon#?O?1yiN|xR{Pk!}`N4n(cw&xYTG5 z4pXSL>Z*UYg$=QL3m zSNN2d?BsZtyOXO&2bcR&x2wlcH@>s+on71Lf)=o2QWvcDA@y0xTOpTpCZt+6bW_Av zK|WJ3tx$Gbn14e4&i*Q9c255nT6b@U{!L3Mp8l=pM>L9FBUv8F?>YxF>#1i}UJ@f` zUz;IvcKhd1a`x~;kh5p7;eb=lj`~G>Ia}2UL;W;`fM`}9Pa{znLBErCLP#oLf5W~Y3}kY7^68OJDDH&~@L!u_i0;}55x%}x zi$g!$;HqYm@_4Cy@&rfQO%&*r#laUexT;^kLoRm*VsWX<4HUoykbNldKnF&N04m- zTxj!j8a7Xh{8bYNX^|iHwdRvPJ!C}|SrMj+2n1PCsoLD6frSO+BUnWYg^w^uA>oAJ zrZDU%$~FAD5_MaJA6-v%296h4gyYGr!ZBEbr|Gy_FW>s@qXq5v;Re^B9r*8~1TCdM z2TZBOA=HlcZy)X77<-K1!yiDg`d2~nP-d1QL@lp3)821G_cOA>yv| z1l*OL1hnJqOuo3FP0SPoUDb>KObShdZ%2WV{9z_6)qT(u&&;s`_>VQjLR#1nclI!` zWGsKCK4p3=a$&?%P=m*OYtm)W@uD%u)Y@|^?D zVTza(`H@up+8+Tv5F=A4&iFwFN2!9mDs9Di{X?cKKar)|EQSud^Ue((4bCi(n%(UVMu-Ki{le#vmU1oLw(h^_xX4ps@4LL|mq zC77gbV@{l0itOwm`L=bHK-$!g;pF|~e$CFHG?-N8ZenmRmFA4iNMjQ0s}eUu;$R{E zFjX)p4oZk0U?{vsa|!Z_;vs-a-JjI5*9Mc?U%VOv0}cSGIR@Z(shPcjM)D;xC{D@D z!I>`k2=IE1377z|z-t+Qux)I42&4pDhlS;Umq{!oyO)))0Zq^?Wdj7A8uImzx78;l z)PI^32py63Em6!LyiV(f=V<*ff`&{=Y-I(LMSmvacEgMBtr_C>;so@fmU{5F(FN_27@X)Z3{azg&zzXA@!e;5Jvn=ZCFJF6uW zNrpyJ5I;-a(-2Qn#Q;R>Ksb9}3=o1R#PDpVh}HOK$1k%kmo}65wbGElaA{{5%#7AHpa|c#8`6mBc9RgpUe4YbN+yY z*y^$M5uV}t5BkKOcyK_xg~q~te4-sKi>JYf zeg)e%!oO#uy`=QljC8A)J4fdlS67B}jc>uV8u$xBB*LSo$G13Wk1ziDtQ!C5TfrFe z2>)EdA1g78k@Qh5Oz@k3ul#-}Wg3zb$78GBd)C3-R{h~ie1A=`QW_AoYd@nuX8PQP zCZn+W2B-45;~uSi=0a)CgVOwkLSh?`+4eJLsw?#4M8|BR4QL?kv51!>c7|Oj`^YZ+ zyVZ^O*2|#P*cX)(|HAQeJ-@{HcSTvqzhfv9@ujAhp~IemgV9WU=_C#ziTt~lFK9LY z?iD2Xsr!EztJTuJZvMM-;DkV?)BmW)e@L%S3D?K?f4tns0$&Uzy(lKoh$w9-@hjyU zCp=P^FU22pR8Scr%&~@PAMG&tcYBcf=qntCm5ZN$H>iu&e<8csi)A0*qkFm%QmM1N znlS&axij7m^m%;iQRLrUiVzf$8FX>f`FBr$90SjU`m`>m_P?u-dhL5KuP6Aq0ISar zEkH$N{@rU#f6)n$TKkI5zgsA;Cd$8?&DR5cavHv7{@u#cqSqpm6qil$3obE-Ui{Y1 zPs;j8uSYWa|9><8&S&dqd+yQdE!5_W&(8hs<=^f3FnN4V5I=G)c!!i56~7dd>Fej; z&9~vVctIF`&kgvl=HET|*W|GA8NsNZ+ii|A#Xt@Hf>M+BmGQk0XKUymox!Q-7T8>B56|nJe4ef zzO{88HJI2Ie+| zl5gmrfkfF)iN9aflhbp5DVoW()m*NJEU{`A;0CgsTWjg|_fWD{FFW-x2>}8v`hO5bKoS&a6e-dB@n5QQ87b3~|R*eY&*)b&G^-{c}{#LdZF+PvZ zFRa6zS}vbQJ#z_R&pst_wPqarjsvWkJ78H4Ms>1PuK6$FVXOZt9s}LK$*OO{R>?Zl z)a}UV(N^XC$@-SYZW4~gl6~|n5?6iADR-qp^B<@YSA^}6Z{FS!8sT>FPh^eZj#k*2W;-jMCX5jLN6k)# z-LTwPFYHk+(z{sUl!&u~^;ooN?_kaS8;OK6{Zg@h$mBZruv0aEh1133;W4 zpTQL|`OlK?k(7TVL*6s~kvuF=>;94MX0pUEkUS}&ZU4wj)+bN5{AW7iGh!mcO=kJ; z1fEo%Zjb*2ctfzg@kvZUj|A_;3Dk(`so_6+cMN`rz0g=KjNG`Oj4d8*!+)#x^VD2p zKM%j04BrHAeqI6E0`i3I=bH{f;)d<#TiAYHzYO+sBM!u`}u@Bxd6UX zLkj@4$GLy)PA1s2W{YK1Q2pKeyv|!2X7(GE?qXJHS+uT>Mx|DQfnpEb3}vd*`#8T$>&A$U zFb<#g&c!&nV#_=Y%QDeEVG(l38C z`;_z+_Q|HGjt6#jh96zqqZ%yxIz)e-{TGad4)8lUq7o^pSW^NTU$6CxtP8L!3BOq3 zN@Nl$m5uV}S~YjVEKWNPqo+z##>z<>P*9a)#Tzh=w9P8pXwD%Z@Dz+T8)oy?5R}YO zvFc~4NkBMkqqBsmiPn?Tyy0^pOq2I^G=@CVd2j%Dh1 zh1xU;_{yu5h3KYMW&H?$18wqkx$w7V6J22hV-4{T>MzLi8l37=tRo-B?z%b$P|Hzt zoHvo?C0>ir8tGys)pd9KwA%<8Mw#xMz67D4#Z%b7_>}Nt@JhjPJGTR?30&8CEEXt1 zTqgzVXN{wCtp9$i{~`JZtiJ2uAGnC^7OOK+=_1k;n{ZRu6#G7|Rp+~D`$S@zdf;Ch zY<*bWve`xhj<2oy4)pKr)y%C$FYZ#zjLc2KEnsds?4q|CfFKtKOf`?|nzy4%oP{xh z+-2qUA?{-HJez;)27H9G0C<|$sSAPbAI`y2;6BJ5tOUI7VpS}+jM1ANsa^1}hJ1$wCXKs#gP3WLToA^s<06^{q_-&;g7Vg&ggnI-m6R&lqOHtA59EqY!; zEyCx4oERy~gIqrX%>*)LuhI-qE8jK_1=5Bd>tKNVEyMsnxg|2eJ_>>%qwM+%;=mVE zw+*U(Z#$Vu@SOx~MB66{3)1rfFA%=36kgE#QB#dK3TCC_EpWt+P><89J}|= z#}Hs&!ELp3z#hm!*oYq3yR6bbhl~)5sxE?lOo-$Wmif*{n3#UzW3a6bdSY!Wb^Rvi z1o(1ha10i~HmoA-tG9_KQTf#-3Tfh$oDt%YTHJWy=+rBs4hCCn-MFbr~f2f6gF3_j`rGzFEyXH0@VJPHh>YZ-UYPv%*#50-H zkc~0$iDxJ!wLj_~ao}g*Wen2Z?@U&FU~X17CpZ$Z`3kN}ORMB;m{` z^i%8CwFQn~njus@f4jb`WB#=LF=aj5gvo&xk#8y27Q$c|ffz`;bpYV;#H|J%d$4^8 z{*T^~@Nf$}nBTC6i5VIsP!Jp-F@imuB?txFqzDo^?5|esan^TD20YFLTkNk~ytXZ1 ziT7J@CyxCWslU~JWBcWu3D7_;-KJ$au+Yf#ck%#L7q^08VIbe&Jx|_#$+2ZN7SuL( z;@K}7&~>c+vT~~}x94gtqox>ZSCaW^7eN0_50@Mz3y;f5!iedCDNxXq(TGW9$ydw* z6ovL2MhwbZi8xBeh#~$g{yrKCWW30uOk(YrIV`x*m!k|s*)jdDZ^MqscWTrQHToq< zWMmlBX~qmZ2kSExxdM%|Y%``uPoR9Qahm@VX%64ijA=Lkj)R12Fs_+bJUQPVf&@)1mG)FePh2&EXChopSJzdZEBSLvgay3Z`&_tFC-klRr_Vnwd|kT zDpCI%+b>g4!y?jtdAKBOzub*$RdjnC`{f<5*;+vb^;Er$07q%Rbl1#{FmJ_v*;8rk zmtTGAv|pNk5aKQo_RGXS0zN=dh)Kii)EU6@eq~q++;`Y7+#eYZdaS}z(RzLo_RHxu zF9hRh#eVric(k_t^1|B~C+rtj^<4r0k>K%oVV9HIvS!j{otg&APl@h3rcS{7+#qWoJI#(V_XusUfCj))%{7n>C zle1r5I0C$dhHkPBB7|;~h8|Wybxf`I>q&w7KV-k03U2$aYsgx`h1D6*+M%03IJ98(YI8>lVUeSeHn6gzc9s=8yaj?Uy~Twgs#< z?Uzy*!`emp^E8N!dHb>{>EWWxf!vJ+`hkU!O9pn#;W z-0rB~fcjp3KJRNvaaGGfK~VSkCUe82r9j5_M%&7Pn({H#0j-WvBY@{p_YgRL>$4s8 zVH4_}{?u?7AwjusU*T`kxj4cfmxA#@klN{y+N-Y~LRQI2i2ZiK7pM}$M(ubnlIBvb zrrnR(hyFYSfmH&Pp=InT5`ndZ04tcOv>UWS{8rN74>;1YRsAJ$i%yHIZ|p4 zoVH#cWbg{dh!{zoe9vug*cR7(z{R9(Vb@_pnj#--=f*3zUT>}g86VCko3giQLwLce zS`<3(gMl+>5JB$)2l7Pi;r(Wtk^it(JoP8M)KRDxWdT_|W z3Z&h5psN^jlc|QYHT6?5OrWrdv$c$B7A9FC-w`R8Ka~7PNx|e(CIxe$JXw{)d#d_$ zrUy#>!Il{~l!FEP0Fz2|B;mZbaUH{LE_+p?Nrw&gJ@Y#M#pW8t(Zrtj{bgQ2_Dx^efwG{f>Dy^5!xLLM> zSHLA+oXG^tQmdv6CZDclgz^8h9~C(5(^S>0ib^Mfrl6bBh#6pNb{x#_4x;P^;JVJ- zQsa?F6Xdz;vb+XG=0w0-d|7V{sgLy$c=4A<{8)IA#NpLO6sWcOtS zVi}FF&j4?j0BS7;)i{r^XXC-EWi28!3iaU&F?>IG&f#eHJL8Z4fQr46wFwj1?|Eom z^Z%i!O$h#9Ecp10K930e-;%$p^tnWO^Vu;3LmDdUH?~JnoUPalPhULvP3WSDcc>_aQit6{K;y|2^={O6gqpxsx3XvjXq(8Nz*yqP$anuT=R|Go~3j%2) z2SauZ{{d!gb3JFy_dfuBwXm-(X_jG(FePg|>4T9yDOobRWjxTUEAK#KfPQ1Pe3z+l z+b~|dTN+onnf?iso6VOI?EplFa&zZzfO5S~a-bX;wicQZ%FR5<#MH_SF_UP=#|+vL z73DgR(eX}=c6GSJp+Zb8(uHX74oMfJAj(aXeeElJ>~HK!y`<> z%8lp`4&`fo_hC3);w^NhMiD?mh>@LZW6#a&Jn9*+} zc?k&5d+Le44*jM-K?+TbG1x%bCt2yxaa2FCKy1f2B=uyt`>&D!xBrmkKS(?jw3xSs z*s@wpr#2f3K0kp*q8}mKt0h1qa-DP!;rMzO7!`WdHG27Lyz64O4JKwJK?JR}djLE#Pm*wWeXk3GFM>>qpc z_$2&e6DAPA#4X_ha8Y>d6adEeFP;zoSns}Z{A2TQEw}&VD-t)NAFTg#NK{d@|7IwFjcWnw)>^ zew^v|b^T)pmn8-2|BQcZ!g0_+-(|KW1)u7ACE+=+$%bcSe7`$$KK|qWG4-3a!115- zkB#gFc)T^zz@r(OsIM^RU?e=iz#)IBpENT!o;Y)N|CS075YK*-@%6{}GC4js#|PNAlVnZFpUfJEa1@5&#xU$-|I}}uuwjDyoj1aL z#k-RBuZ^BR_JzO=!}Hs9`s}Bay7uYU8!rQ&2+dzj{~j^MBp(i6f+s^i zhJmBHnW0f+xhK^IXG74(8<>4h#+RV}+}P>JjU(V7I~SEhc20d$%T6p~uhom0U@ze% z)}J%!ad`k!{%Y(6zc4QUxXK901!{P7qx6a6x&`g28qFHFNJw4nI` zs}-4Ww(jRY54BN8`&W(Th_;v`#<739Ph~BPl0nS(!!YAkU5XcXP*43jW~gxm*L8%v zz&GCb?D}|Gr9{2B*utV8{P+aq=Pdr{D90Dh>k|BJek`fcI(UDP6Jt1j*8*Lirq%qe zl0^Ak5B~!8&AY=jzr!j;)-p?+xJ9=>3G&xr-0`xQi&P5i;vt_AydY|kROdElEPgmm z0D69p1Id9yup!t7aH!PYnA=AFR!N-vt=~R``F=Dk!F=OoWl7H3QqozC&dQRht9mu*oFz#o-fzzlr&`n}8Em4U?<(pv}K0wave8TpBaLMErXYGP)C< z&m-fD;@_^99sGOZs965}_ebr{zY+g_lap7AzYO#5a{>eo?r7=rgy0e?RwXn12t&2n_#ry__Wf9y0^{yMNC({QH4NV%GE9;op-I z^X~>f`1foaaNRopo)jvzF9f23zl<5G@Nd`4EXfa6lP4NY@F@8Aq+#(Gcpk^M=l!=-(s0fH)860<(8mm>_r827szfUv0 ze>48g$*Vp4!~A(Lqgdn8=e4*os;7$^T8{*wg!d(khPfJsvSz8&k6Pu&ClOMbvU zf+kyNEeP}Pe@+Jf{tQLRx%dAh>ff~?{(W+?>i3VQf_>lGJr4VR_aW!7wX>>q{%7>- z#O(RHD(bI$cDKd z`1$h~$c5=sq{%S)4IS+HYwFkFlHNG%dF6fJRx>Y3z^z2R<^a5Lxijp~w)t}ud;aau zVkR8vwhQLQ$e&pKn(R3=ougvU8=+*WYNl((lSeV^+01<@h&_TkAC-R1;W`+zdg8$t zAcR+aSV)J^O!*t=*B*>I#Gmu_+59;P|43@=02Argf1h`h{5iru(tJrQf4=7d8#>>N zKXdYGP-B=sZ<*)d&%YfU!Jo%xIQjEOH3|6hzWbdEmn45q;2(JwaZhu0-qkmNKaYJ@ z^Jn@;ZomkPex0;`D{Ol!USjXjO{{jC< zu(quk$LQCw{QK+sM@BBheBU}R!F;3nx8!VTpd2fPdd~3-~ty2mkitKLr2&@v<=g{;)dCzg;Vm^pBin;I>xg zKnzBe6SF?96-VnI8Mbg(cs56;f1@(7N=r1~X#PDc zH1(w*SldAFN%%)x3x3C>9pAnR+Tdlh!OK`pNGH(f zFp?y?#Fk6C>3bltoewhSUYui06Or1$k5`g?K))DtXr25h`|yg9gw%%`Q9cMVW2aEiDS1SWr}BxkuL^Ubk!dsibpkJ+A}D{c0{&a~8+Qjz!us^A8pbMh7

      }i{-x~9slv@iSj54Wu`RZF5{!kPdW38LsP}D@JeV?Zm)$g zSP<+>Ul=6GFCT+^#0d`x<)dqXT^}}L{q69fPS<52Oj!SiQj&B-ZMwe7$}kUxJn zrKBY7aTNk--A7;o$YTy=TUi18s_HLi<~LS`P3NQ4>9dN^4^Jf_e2e^7cg86<7k5Ve z>-V?-os0abor6DutW-}TAtXo-3egZqhG=Nv!&xSEcQWufa*yoHKH*f(3Ak3LT)q;n~^cb%9@2)Uh_#zeB*;C2mI` zJHr6TQIR)HuoANs{y4EJ1~S6GgMSrQwuVoJ=FgME@ma#B%q||Qi8GfA5J+ph1B<%$ z3k@R-631pD%bul>K$##FO_@B`r-v071Ih%mBl!rsa#AMXYg1;i`tmCjwhm-$xl>an z07|YHNGl%_hcb)RY2!3y$`a+0GKX6J&6+Z?tf0(vQYO+h&)jY(GhI_A^EX12i7Cke zIgk$$_FhjayB7?xmIFxF^3P`|ZELjepQ^BiUr!CcQo;}8<_8)8Z^@W~8N5l}qRw3| ziO}UkYH>TzJCvVl?>1Kl?$c5ZNE(uIZxGm59niooCLlck>!Oi&a9c8SHh}z;mg(bvWKaN^qUniZt=GK7tXgi zrQGC4Huq!x+Kmmw<9JD@6PYd3T7BOB@@hmXs-#d>0;rJxS$rSo+f0GA7(W@6aY`zd zOYuz}ZK<1AX`3Q0FOEtV5t}FM6H=SzI`Kf@8P+Gm-YbVc=zn*<&7;$h^?T>ZT!0TZ zhZdm1S=FmT?Pe-SYxQ}T$*Yd-pS>Hgg;RT6kblJ2alXy}+3&Rf(h^p`{N+WiR>PC1g=y&o#O}}>iv@+5!xE?-enJ(u<&@Y(b5}6gVd6wa(*JQk7 z_n*#yx66OxcQFd!FF488@0+u=<%hJP4AW-A5#&F?g>=IIB#;9Ay;6Ta00djKe zW!g~u4f+ifUW5y*|4PZG==DI=7_49+zuLJLJjlkdXOBearg{Y3FcV$g=fhDq{n;aE z%8eaQnZ825G%Y)x04mE(y{Q5(VLt=q&qU^@tgEa;i_xW`G&QO-U5*%o}cnWmuY zjIOQ~R(k%Zbk_rQ=)oVU8Ast%q2aAmOTk$7bY-jPE!C%CPGk(o2nRo|)5Xt4dYj(jZ>%b)Gw zYiekPlWzsfX)MM0_rG30fzK?!$3yt!6F&K)YbIrnuKwGMa>oCv>&h<^fWdBrQ7WcB zVAY^jeNLOA*TfTOQxHr5VjgJldl%R?1+Dzt&<3mR!)Q~m3m*kH9JrZVGX4=5Kl(Sk$Bf@&kH4=~g9WrOe$stf(U39i zRMn2HG8|2|>ZKi_;oLjZ9!}%0IhH&b%S#+f%;D!4g!Iq+7l&*y{ZF&|_qyEeTs=^N z%;omDd12uqn-?W6H*e!AomUpGGI>?PE2!Z3L0z?Bj|^3dPSqteRI#7-%rMZq-G*L; zjM&E!BR-r2{9Frur1`f42e_IRNuroMwuFjKDHWZ`V&sGhOxIez!|AT7-h7|itN%?F z>N|X#>&H*viu3oibh&$sjWrZwRD(*@N1uv8dgN9jk0??adHT-+@}#qo2;}+M5GV4) zwDxn|+VbeuesNx0RJ2-etw^_aeRON77o)Y*n6Vum>>L~Fy31}C8_}^pIFQ!uLcEBb zy%1Rj{|Vl7oA*Nyg>`z>wcN=!L`;SC_u%MgX%eDew82dtz*yjTu?P4LoX5t?f~|L7 zJWc9vXIuTZ(#LRcmsNiVRk1f(fz;zv^R~A|T4q}*S9yF*U1p?OErUxrQa30ybM;zJ zamp*eEI~nii_~9*6t-HKg}Q3G!9dclAx!&Q#y2pE|6=lPH3Sdiq8pVPw;BlW-~xX| z@KWf1(+oMj7}d1=DeYf}_8s%DtSD{=re0%tP`{*l16Hmk3{D&9~QnEJ*WvUV^8qwZE`w#T4ZmyuK zqHd0h8@dH6G#lctnF@!S!udo%*momwMFnqO+F#k;gI-9HsFIZ)^0bv z;QWewhugar)u6HAt`$Ao4X!+V){Hs0yu4kC(Dz{9;q3Bb@Y%V%8$L72JL0p;j2~Dv zBT%9U@1s7^{MC?pR>6ALJumU1KjM5MvcsZey*H%}YuRxioUxRU>a9mGDXdwp)gJ{= z^lTctpm0k^{Ab0OnlT;`M=~)?XbfOC!YV>1^DVRxQZS_30qhnu3<-w5Bf4FWZkt+; z*P$hK-)-#n0S)$)A*EK$G_+0CeTW4$9&5ANHGdD_>}bEcg#R_;F~;$j;!u!`u2I&m{A%#Ol_dK9Vb{Au=Fn=g*FT(!G8zHxl~QFW=}JCm)6BdzBqb_H>xO{%qi@3_x>sgB3LJ8j z$Eq2M5UX{h0PU|2EUURSp!f8&4Tp z3MlHvq=y>x#3t`YOT>Sx0QfNve+bWH?GGrz@`)O7;Eft52rve^+4aUSLRcv%07RV` zKbD~zxd3CcVO%pFFdsj;)>rt^t09&OQAf}saOe`aB1{ww)XAq1sL;x(zht2(ZY)s4 zlj3AvCmabM*14C#YeA4N*K$TLYIEb68anSoKFx(`dgp1%Xm4ANAPttb#*#^N`z~oJua` z%KU3qxA;Yr=Hd|B9-?Y;^J+-Hj+9x`Mv0u-5*oTKr%dZ}yRp%;&}dcNjP3*KoJ~pF zI&NkBAp6zz$Z=zI(tk)@$#ggWel-@~Hmq}QHn4uURROHw{|B@oxyXOO29?!!Gv(l%vnT`eLM+2tAL4d zTzUILFWhY%++)=@qxqeX^(axt5-rCcGOX*lo3(gj!&V1~H@}EDkR^rE5JU#jt}Y}i z4J9_zl%cQ9u6srr4wfw>pDUmF!t z{AjwS3}e7e#4@t^3mhB3KB{BIyb{kw>Do$4F(@v0DbNjZY%3ZVU{R0b5la7i?&olv zEWD`idVxhC!`);6@gxtOf`F*R!&Zl(7zF+swo1{pZfFU9f@8Vn#Smu&h%`egHVg?Y zHj*KA2QGf|= zH_5H_Jn3KpE^VYg=SG9{r@+<{ZPRi7cV}oJ&@Z+6U>_k3{ZcdyTJ(WwNV^3LLAS(q z8~>Bd$=skMnRM>$i#aZq5MfeVdd^68OJF(&e% z$^qTR2)cP7XPoG!H7E!Q;v%A9BPLVbFQFRj^^bs^H=-2Zlc@xWIaf*~^AO!8^9t(< z>!NB8>Js`!co1kG0TwYL-|~;};N}<%6D<1*unCN?igO{Fd1(|nR7xwQ0dTswztLnD z|3quDdA24ilTW#VD6AFnFa)-`?m3Okvi;*t`;Mlyl05QXHWmy2P6~6iV5H8~}jmwh_F2f*-#N{DRy`PSZgwMaSEu-D5?(p-JUn(okJ8A^d-BkTOAPhB# zmlyEk_xPKX)gOOof)W2rsiB#z@hWMNewws>_6)Ia-aeTl?6XP?g!Y+y+iJNwtEr`B z;ng{(RiR+sU3>uOECdI8#2Xmg9_R%EYKxT6xWQH*{u? z;JchUujwh*Nl$=PY8Mbx<0*!qMlufvz5~b_BnRpIYO4cmvuKM(%U8Dc@Wtl_@P0Y*!v<{}z_0bO8OVmI&xYu!6|LJSs|Sv^wQjZS218Gk9N4@y zM7h=KcIL=I6AdCGOx=h-1pg=ELcNDuUIYfm;17PU#orpmRn|2IzXuqZ;B-TzhSBU1+`?jb$^#q;?M6qj$HIMq}&@?YfEh3N4x!dgQz9l)Z(g|nU43V&$_72cJV=xO``+(O!KIo z|0ie*KJeJSSMzsYQ=zN+F!}~RU82Y9pa6vEfL@@0x#&yq>~>s$0(3=SxyZycub8mRkar`9ADEMS2YQ#6<9#VV2@pt z|6&a82ngyhZMj%)E_MQ6M!PG+CbT>Uj>nZ!-Roy*3%)N z)X7^EN>x&+(*T97L<8kF$7!JO9W?<5IK%?Q)OYqZo$RW521oXAT5T=ARow537Am zXOz2rO=p#N4OnoXweub7JPTo98~5+~yCCyPabAR?GEjBz+pZlnrRtwTm4lKpa1!Vv z*HwLlurcV}GPDHi8|LyF$FZ)nfdYc#Kf;BqBKeeDEHxL)*%FqMzjWiZjpIvs9UsS+ z@h6ilWH09{`qk*=yymIUa4=;hqmQ!gjqQ8hS8B6c}_P5oWfq8!;^ z@YakfDQel^^^YnUjpI8P?Zvw>V4;4Bl-7H$#QF+kxX=Iyq5|?s2e(c`q9s$-18r!4 zz*(FC8kKwo&{(LSoy_Z6eH{&r;$?&e^839ELTGghT9$Tp@qGgaBOw}&)e@piEkNRPWcT%l}%7V0ZC+K z8J@W87!4;ln2~>jy0x*Ok`d9`ZzpH?RZ4 z8`!&{3ASQr!mRb{Zp|C`j+%;6w6SY#mIaHMUIk5r4hfq!n19K&g3aNSn2tA=yn;7e z;WyONah_N2A^lB_Lnzic&rr2SVXg3O}hn=ot#Y^ZJQ&A3&G8n~C!WHeBpxD1-ZAIyKl4^*;t zQpws*C2KR3ta6;?i(FC24yfVN-J*sEDq7$Lbj|-YmVrLV{`KBKQOaol#*okIka)qS z4RNiwxVx_?1k& zzE$6%&(u!Ei3+e{hD-tK|M?;PzZ`T8{a@62=>HyB7yBFfe=+{1S*fo?KT>=C zENK=4)wE3NCNn-TKdbt`5aslQ3k(j8Ee|Rt@iu9RPbanUG*L&jp)kw-&3lpPoz+JI}rL)nT!Gs8nGx@sQEchniEx2t)mtp2<;M26LH zL#NK@$GC2O%5c}qSLe4MT>sbf;hi@QuK&tknwH zF3@V5PNEh#FT>k%@d_>o@TK_1ph5uW15s3L0KS|*0pRkgEwt+NtDY$PB=ATG;7jE# zZJ)4l18}wy4e(A~G{E_edJP9C!~(qasn=>1Y#0Vgp*_dwUs_?UM6)vaT3k>ItKea} z2G#g$f|)PmPho{sQ0*c8YV^$S|0QRBDrvI9;2B#s(`MIZ+D3nMch>9-=g;7rhuArT zR_{7bXtm?(pj9*t@|~08QN6#<%nl@n9nPF_EDasvMCHnd(FZowH1;*O@WAn|>Mru* zV*WU(HiSr#1RKIZvHmZl_#_~C8je6NWb|jFF}ah63nCJKae|W%Bmk#a{Q#%DY9o@U z8L^Z*Y)J@_*nxp48#fSTD+Z#5a^L8r5sB}p+sDNNDiCQpc-3sMUj(>?SHa_TAsdtU z5~t1cn`M&w0W-O1G8dw)VGjJoU=V+dnQ~xYCng$@$cRGno;_zb@5Ro!cyVaX(z@;O zVC!biY{ks^1Usm^v7??d-+}%zyExvgF$t9Sr%j`FuNDRWyaKJ@1F2!kh2&D8&$DZw z;fZMn1%Gl#!C$>g>xCW;-sXbpQ|6z+1vd%b>H~bBJ~c1jhG`LPNg)c^1W zREJRhoOxHwGy7aUiJSPQe9pq9EuYIq8u>g4Ze;DHqkcE@WaxI8;rvV4tgWsWsG2lN z9brD(w9vTDcJgWc(B9t&i8=+sF~AQ%p;-EdGk~&_DiUyo3Ar)C4GuEdAw*nx1J4O` zGvzZ|KJ&10{lk=^y;84U2S8`11LVQqF(m$wNEQI>?)DYa8ECYAc+K5WlqW}LD z?HsM6qA+jYdNu~-sE*%oj>ig*6KJWd#dV{9|7Oa zNMt8R2l9hF&;gyV@0qE2Fhs53E{QxdhFZI)Xiy>kjRPKHK_vst7q;E+4Po1J&g+Pw zI{h*P2Tb{cIMq4Cw!?mzZtrNeUB{=)0$ex+V1NGq48coYylOw(rg}0xcktMF(Lb|4 zd=p!X%+CS;%q9Pvy;a-KQ9+7u>NSW0J9m6dXU^?~utxbwf#RLM!znX+<4*Z8wT&nF zn$Bi$<01w(=FD)vf>je{CGR1AB3X{IMQEBEd4?XW?KB;L3+K{6b={Br!+g{($kUlR zb&Xwwe$<|eXf2zh9Cc<03MyroVSBw3r%-G8aW!$ux384)qlEGU?gIqHb!PWuwPOom z&}D8nPViL5X#UQ5orb;gzNV{ZAVU)mtKZ90Ejoy^R_IWZXLOYyCKhiAYhs_&QCn!L~}pa9+tYnU>ZVr;fnnPtwcvI>y<$#Y3mi+gxT?3} zd7#aB`hP9N*Y6pD-(`N2<&#q6^_)t!3bkc26d-gw8|;g_0s1%aEU<$+d90t+cNLSV zffTTD>^E$IDW+1az?@SX5+1-IjUULb)INRoXhfyqh+j2p6q&4^#}N>kBRU{P`Zp7g zqyXdJV)XJlf{yq<9v6uga=&VLRTeUMeu9O3et+DBd=+a&52<5VT6`}Rz(o#AJR$2i zQTu#F4(nO`EyME2rSdH2_P>qr0IzI(ey9H*zByCC%3 zLi3z>r~>ETHYTH8<6!gLax)?=Unb&V7ALIUCL?$Qtb`jaP@?es?_(&~$9$j#I}BXI z4>Cg}n@b7eWtaXhm?*mv@0+H_ZnLMQ()18|>R%uMvc(=y0ePBD_zriSfsLbj?5CPB zskb)@IB<|E9%>w59%yMcKzJGtn7hBc2?$TPsq-D}_MS1qJaBrb-EwKS9JvR&$7e$g zPH;5n4K?^T$K5)!TIy_bS3&k_|NkK2*yYDb!z!@e?9Ix9_{(1%(gyUO+RC#owy_KN z8)SVrgG_P0lak-P(Q6#}eR8Dy{(K#uik9E6UkLe472L@0du5JP5x!OVeJt_HR#(5i z{QlFuAw~f?)|ULf_DdtbdATlPX{2N@@RKNV9Soy8tFCL)8`qR(X3S?bX z+b~HaBFs<_Uvab^aaKt!EOONbJgk|$d^(fu8L;~1zOF_(*(B*Uso9 zEV8knumye2>g`&w9{b5h)p(ev(dEnfQrCm^wT)TOX24uB?*HAWcE~wLI_fRG?09%K z=nJXsb~9&4Gjn_Rn)2qP`(SzX-?@!cY#?gR{h7RmOu4eY;WOt=k0xkpH#6i z6wAE&-1J~J7D;smjDpAEDrV+fT=mI7dtF7p2@ZOY_f>kpX`O;(4kpwWkfa8*>175P} zdOh(VaQ@|IbZqDKuU2pWny7?diu_3Z-$@Md2rVpO?1d<0%E3v=zQyd`1n&*NVW!n=3^PcK-xXIu&@Gs zUit8NoPTnSIk25WcdMFnZS)ehf%7L@$FJo0yF^`l`!F&(xv_qL4!qyk0*qBF$+W6l zz-$8MM~m$rcFyC<%d>*l;2~e(MOX}>ge+3R`)cBNPWNi^ zx$z)}A=q{@3gj?K$YBtNFxgN7@Lx(*Vi|`61GRm&a%l`fOy>N`CJkPf+GF-?uYaf; znsBBSn4Rt`e0?r^?}D_+^v2GjpABOFHC&zI%vx_vhtUvKE^oo=@>4Z`d=OF%=ReDP zpx-Pk6|2F%uO4Hz30x__G;FmQ>K+~FmhP2M$I$fA1skUqgeVf|1R>{T{e>+UyZZ2%k6bn-gPu1QvDznagw+VKKS$68^fxjv5a_#|TRX;F%fU*3iM|}0gn>dN;k|cr zZcx|g`1W53=r)lf6+^_>SMrnEFb>)$)(2bQJ*+yz^=T;Y8>EuyD|}d5!Ax02jDl#L zswn16w}8^zR$x39NH$QV3w+=YnGR|L0m){r?Ph@`9mi4HnwPKc)2DurLme2Lc zyz4H@k4>ObXe?WL?&$S<(i_v152GY%ikU^Ga||no2Ko$rA57=e32RA{Ev&B@=#$4= z$Ld>B-!sss4{mAvXuc|vKQ*4kcB$n6N!;*Xv~FJ}$DhPo7NMULaY1}(U!4ZFv7>=( zLo~B-U>g_S#f5_WFLu}3eB*qAc%8jNejJt#no&qQwX%JM9poLbn&M1(B~!JRRUu?D zb2XpP`naarR5Q)sg!qb^E#gJK-v<5xB%Q($^8;hYN~i4|4c#S+W5(8_oqSX>hn!k*N69Hoc z#)s>3EXk>q0Tkz9H(xIM0Cz(!h)rzBZesp#P=}F=J-l7Qy`v;c4;1FpP?VeTb*Pb? zPp)XjVilN{@dEMyxp65#mn&P(_11J-g^C(?uc`&JICfI)Xwr{Y_#3_SzQPH!Bl+9x zF-TbhYa1Py@c+nr7x1X6t8YA9BEuz45Rd?+4jMJygB4B0)B#aXV9*F&g4h}_Xe_7^ z5{;lXIEgY2BdJo0LR)G@@f9moUPYi9E|Pc;Xc45-ZOsooTdY=2QaOR*6@0a2R|7b;gn zkI`H1a0wnGQh!5XM7EO2q2sg)O+s@iJrhnH!C^8wdX&ku0=9%cnHMJEz zLy@a|@l2|N;DDjXU(DmjKLq*Npq%&3 z#psd+QrA%QD)9fQ;Gut-agpjW3M2y{q5m$28I2VQ%7tGx39&H)(vBBk0XhKIl3Up$fNH8Q-Yo&DPw7A19s;yJ1GLC8`&o8LaW)U54Hrz6 zFGVoONamurm1Nz$lI#>qmJJkQNaq6I8c{V2nBM!K?SE3Ct8_t32^KiL03B5s7B2W_ zrS0fAU;HR=F5=WwvWr=Am%ao0YJw#WeK*1XE)-VzwmwhCb7SyGC!wlrTXVcDF&^=H zboa;qX#dq|{AN8T>FgbKLIuk-y)0(05USXNy;|}DAwP0SCYX}ku=|^5z-0z302J_E z40%Lw#SDv12UD`~{OC-41DOYh#7R!n);fCw8(Sa3w&#>SiSOKRP#%kknbaFQhsG%y z#f0kqMhGpDWn+iui1W!KNK5q{>>B9&K|z~?BO3Yk91FVCWzqNN&f-f@yz!3 zfw;Se0&%0!B$s;sk z=|d8#p zt4M6%D*}T%c7jW5U(CyeM7Km7hy(;!!YzOfH&G?{u`zjLxZr-NhDQc8#<8PyiPZrS5(QO z2UV1ds0whhf;dPePF}dc=Z;7>cg4dT*@F}uP@kB0nBW4ORuR;ANb2!FdqH3hA;UG; zx~(qEc!xbNgRf@*#eb=IakxAMun`{{T>x*f7QuS7`@3eLk9B602Owi(1E%nj-{`Ml znh>LTRk%W`1VPl`(2i5svNn|e@(dtD7f^yOq4>GpfE%Xw!udcCaK^8ZPvHL5f{s8ot+hPg--Fptl_72*PAI3u%wuv6Kn=FFLKn=kKSx!v%jX zXGOioMJ{XD9UlxvhW$Ox1>XGRX{~0B%)X3&UWnOu+Cs|sMsw0Q*Dq-{WRpmsCdCJP z*+J4V;ME^m`v*SWi{`|HNk3dw6R&^ZI=AYCf1m^XqvUM#ZDIX)q<`G^2k0NK<4-LG zxzGId2zP{)fKHo%dB*3zYaY2riVuUrz@tA?AY6<>kpDA?f}}v0CHT{{v-a&9&?MX) zkhdQDX37xPzS(}i%7>h!e87Z5eeKvcV)cd#-kHuW^q`Sb3r%_wdk_r<%yKNXpcI2m z;6(ip(B-}1zk0Jg5WgFg6fXF+e21=|iT!ya-}o87#`(Ma`f{uJ!&MbM7dysonsF4T zNDk~0R~|o&jZDo6(pxq_RUZYeu}VIi4UzL9X-7&M&|~3ZknQ4g%^=CsfL{p8Vvzc5 zPL{~9NeC+;zwkVfU;Xvj*?4Ah@JNx!K4hA#!!0I7rH>baNhQ#^Kl!EllxjfT)L?F85D<3K%;9aS#MpGRMTv!lyF3o*S&Q%NsoFJRv08*_-M0c~{yd2SHSDk}0&>5pg$ zgknQq{NCWS@%h^-(&08}hL*Z%)G7=J1};K9HPmc4w%%9=%CWtQu}#IZaKW25q>gPT z8i!{EV_TaTTWqQ?M5BsA>p~8)M8=npSbsVcEuCcXsf zbD`)84GfuR{}_LsOT8L~5<&($s>q%0=_lN2^&8Z%!5<5SKb7m#C3tG)=%Xw2(S3YW zfk!$olx0mBYA1)XtgkwhvHRm+p7_ghfa70|zm#K1xjCthY-_=^1luY}Wm_fYdV!wC zU&M+5`GQ>c5r4tygoN7hI8cTfNEMLWxkwDXs05ZnUJGRt6t=HO33B-oi$12Mmw>QYEnN*w0y0@BEV#bK_Lx@;WgaIju88%Z*?apoQ>2#z_l z9T1?eK6A+sOAYZ8yt0cz3|n9M_80%W`6SRLILz_cPVD&XYD}U({=^Qf*tH)1!68La zBD}$;u4ExZH737HC5rw4#sL*S7ENAkRHIVA{ zb_t%U7lClW3#EyfEqaD%6@V}_7jwT1jL?F51N%>kf_WCX6m*{yC#yoZ zK)rlI%5$^qaO2#c+Q$FB)A+EE3POW1;SM{P9>XI^ zAMr;-RA*mH%!t*XUibISXlC0)-lSWsuw@-|603}CnlUZJP0|wLFCP?WR@|-PPevgs z$fj#hWv!KeULEA|JgHcR24;wU!dXg1q_i;dZXr;MdxtWRm4zT8A-@N=oCqDGU&5C+ zEWQ;l;s0VQsU43nqeVMDKK8xSy-v^Ltr|rQ3VxKI9*mxUbC>dDbOSxGst~=LbfZA; z;xcVOv1nYZdw+?c>@nwxMI#;zdk~DBz(pDf*)oNlf)9kMA|fI25%gP#7PcFFo#QPt zhf6o>$f*zUOzWVWPGhYTFXa|;887c4ph?ynLohNy$bXiXbob6 zbZ&mjnudJ0wpD*mr%g@3_};9uf9s;{)czYXrhfHvd1vlaf~ zB+0ztx{YHpyMnd5uKvDkNci_zh*b*}d?vXS9xC`2I|9Jlf6_Wo!65~yRM53=3KjHg z4|>oqJCR@4Dg5^PVAap)II@JHFZ zS>?AK=up4dsqv3Vs$ZxRpw<4P&@UFtklW}N^Ruh?!a6jHQ&bH2-$cKtr+yKg>4QR% zP$7C#g*d!6{-)>;AN)8$m9GBKmBhkm1Fbc9z@-^cOQ@5yRx4tNNO?P54d%8xsGH5MGzHGc9VLf)fm97BCV6D}%612M$}MWjCNx0(h+ zPq2YWDBM3VJ+GV0;_F_(EDq(1s&S+~x|omh@knV=RgGgZ2w7?#kR6%vnXanQhBxv- zXXdy6u1@M7Crxfw|H#5)SO1vS6|g?~c4ct;);~s}Xgm7H*nX;i_*DN`_*9Diu@`Nn z>K~V$1aQ=+Axwig(y{)rPCjg3|M)(U4V^%8tpL?;lFlqy1eViE`C6T z9{%}lGcM;GhF?xRgGlZ{sKC`H{s%iXnw7JZv|*Q=pBFCJdMQDKIeBgl^atjb=Ggqw zr;g`1-yu~xRDy$uDUehnXe)LWl1rPqkB^M$!n28SWM8e+b5LQVe-}g%?w5oTkKubK znuhH8Ee+oXP8F)XQ6E+DQ5cUrR4eXrb3-o+N+De_Jmag{Ds>)87XIErd?+rW>84{x$1Z(hSVPI)*#Nyo6=An2msE zkEZvO1WR2opy~3BEt{Y{TV|hm)l0A1hFe6EyUxJ>y_H93rJKBHKa16T)$#*%NyWLujL9`fWmjE2h;dcAw zp0qj|y`PXvEtUrVp_~?#g<+hfjvti9oGc{_`Np_q0nU~86-Kith5ZsAvrc!8ZX4bs z{>N?+Qy3kLDzjbShq^d_D>)5?`7YB%C4;-m09m7=7#zY%IQClm@gfxvGmy}+K&9br?<%OZl|gI z-u_sM{2qBBvE%h0JajYwQlBOUQbK-@1uvP9#pD&_f9NOlCrIjJzc->;f6MBZF@GQ7l*1J9H;mxPU;6z@4+i2h7!xzw5d;8b06_#AdUU2t$otK zL0kJDWbs_VHxoF?MC8w{opC0~0Mefm3LFj-5eG3KiK!lQ zuqz0aA-S0|EV3nu>1FXrxS?+Gp_6gt(s74H1)G^QqHBcLi7{$(kxMbtz%ofPl8bzy z^b*>ZI7L&J6C5M?A0AC2Z@0{~>z=_Z3Z0lTT@e58YB8hQ?y^+$bW*=%egozQ=yw{x zf%yTV&_zg~GxcF)`JXM$nsZt9K%n=rJ+NgDUqV|pdO?Du0^-Z)hg>R*6d`@#|7J2r zQ=bOO2BKmL0Q_J6XG7To=RhVZz3o+c%YpAE*QW7L>EhDc}<17zs)>^0g$DX*)%Zq+mI&g=flH2bzWAsvUFJ$A`b|=C5gH)#1He{CEC= zn+V2cpsafiPxzxQPOSUM{$~+8+iRw+e*;H5e&w%u6rWIkMs8X~dR6|><(Ijub*i(a z570t5R`c$yU@+Lf{!0)Ma8B7^KJeFUL7o148u51* z4$76Xxw{d0#CV6l{30P}23!R20r3!Z+bc4J5p5hj2)Lqpmr5}1 zCl6ot2KFyQ`EprIpVxet{S4TTj1B-96&X?o=mIQsdQR0$h=RczM}q{S(*q<6jC3O~ zF*-Ls2}r7%IVi0>-@Zpjz9KlZ5W(@av+2|D#{kFI_Gvx9L9)WY85RXwjUwLIoP_t*QRy_imTEa}eEX~uwZkp42aAW1@ly8zDM=Omz93ZaUj zf<+H$tgYxZ)3-55Fcbx2@(NB~{`h-IbO6{O(ulTcoWZu(|esx(i1OiUI?-0k{*F_JBbs zlP|)8rslEa>!5ho!Iuff4Eb*F5#Jw5#tfweI)K{?G*|ti)lawQV-+QsRE?ZL?edvg z&c+~!g4pp+SF)G}e+|8ILSO!SxHN*LzXLvV?PHxJvEDA9sTD>;C(5Qzou0eg$KNrd z@k$EWv10hkWnx?a+C;!Qs?BiJaul}K`VE{@9)=80?%-FB(fMkBf_oE-G z>!lb}cfj-mTI?V{=YezD($6!@V>w{@`6aMtvaUT~`k5jYUI+B^_1WxR`}FhLKy(wT zSt37Yd$Z6_AFvkl*|4_sv;E8OfPOwx`f*4GVBP#SXqhkxz@H}= z%ajVjz|uu`ujYVE9$i44-S3W54cvszj$88q$6242$%b9CgFjF+mkYi<#)3$4pi&nY zKQ18B*lTXM;PGTp^d`Bs0_L^&|5#e=n3s38v752}YT-XD{NkUtGR?$<0pWl9C5&Yl zFztqE)xK#^_(8xixC!{>*0!~Ob-~p)XK`d6`&ULI@mJ_^EQ2le}_HSE@G_#3;h4F3p62L2gMZs^_{{0y(kne_-0fq{0l+^|Gs_TpY0R>pAi37 zw!**j0?S)Cv#!Z~Iu#|K!6!f9=p#=!gDoW_|v@#=rkA z(f9W4zsPj?OBO)>=o27@E9R3JUI`|MfxID;0ilEg1N!Sij;J0kc4Z`)C<8dEBSVB2 z;*&euIxrsD>5|32zP`AsFXA_=?}tPbL238qA+v#mJmB@kPe%~H`8)ooR%W^;dbqFn zjndygVKiYvSCRizlK)gXTpmyRiKn?AEIZU;3D$Yq48;WkM-YY5+y0?Uzy}$7bPaVb;a%)2vye{c=jg3vo~3G z7dV&l0={u10wPGT$z6nV0?5%Uyz!k)z`aw3+SpxVi)pBQ{1_FxZA8*%+f~; z9<;+<5+3*=I|wK3WM8vyJWd_?3b`aHLm3vo7sCt}Op}trjiCkLKWbgcfZV z6(B6d2T-Xe!h8Hm0mmXwO7R4=jea%z<-%g6=6Ph8Bm!@;SH-aSFD2@BuYBu{ZZ}7_ zjOi$}uiC6g!1~riO6H><0u94tINntgKa~0st0u~tWz|HP8ORiq2o_8wN5Hrm6ok2I z>P1Hd%&t0JIj0o(WKeTZ1kLYUb&a}k!= z(+eT`etsxIWQtg%DilUD3!_0ywFyCsSU$8t)l|ev91s0Mg!Q%;;=37)i=`i}H5aqy zk*qnE-d`V`%||)p+ebk4KJ{ur)HRz)~Fe%|5!84T@ zgk7e2HSU$ywejs(`{z32+qv#fe`9{YR?QDP4Lk+;0ZWON$g=Fkf*yN~!iwC}%U}IJ z^wfp-`2E#g@k{*QdmvXn!qj#x3b1ZB>(W{jIj%)f>{=97vvz7nvnYZmG8iy{Ogb*$#?9@SxU$HSAb)xf|){=$!7 z_~%irL_5j8HU1y{b36EVJKS0Pk39nZg^rd1bPoS-b_V|sDE^1H!oMIx@ZV=2_?LwD z*ofFR;(tOr_`mAL8_KV{f&K@$p?nqaMI`+Y2T7Y=68KQEB0MDU4{lW%8+zn@AOT-S zDhcdvN+E%sUKdoS_~*ct?eWhp|J5GX{gyPn{PU^zJK&%Dkw5P| z+aCPZE^QBfPuQoOf!|NLLCVZK3BSLc*fIQ8GTEdZwa&tCseIa5_)TSH9{5exdkequ zyc77XZU=rhzSl1NZtftzx1_}f|J3a7$Uk)7Ee+WJ1%GO(3Sj@2Kf9gTmw(8szr*9v zf&NZu;n^DOOYt5Qosh~YZb~C;>>gK01YRkOQ8)+aKDp`TX_U9cc0U-|%ukfnDiz?^k!fEL#_(NcoiO%cfmX7&)b{^Md>=pAsmHl=toCG7~y@m?lJ3EL`y9 z@$4cTJ=hL2-Q==^OczA^j;hxy#Q#w1#Lk#d2m^ZUXJ?L$_37bk!e$mQ0)}G|XZotQ z(Y1?0^)0x=94e;!K>U>mm^q_X9*&029{%##kylLSeN56|>WveFK`8v)Y{$M00N)x5 z4%s}{&&_iK%Ksk_uSR$2sO#1E#-z6pd2RR4J(EHYc1?A5720(H2{{czxGy>i>)u4r zS9*RtV3fk}b>K^G5eE8zuSrehb~e&&pvfX0Cb!!*`K?&vo0l9%s1BmbKq>a+6N(T|)EQ$&&R0mmu}o%_8pe7O-{qI6}al04izVk4TNEi(4$%ej=$rf0zT=v~XS^MgB$F2cyd1-a5DaGKm{ z^kB~*JUfjtogK3RD}ilJJ7|KgjWai6FssILFxrspjRmij+dRH#v(4!9#}Ihf9SPfv z9t8XIe>k>QRwwd*-xPWJ$9o`8SEg(JuRdDGM@#h49s1}gKDtjIP1Q$>@JRE2@mM*I z>SI&4vAtye@51jQ|MyG6qrLoJ?xEITE?M46(qwXGI2^YSK80Wd z)YW6@&mW11WdGYJWp2+Q>_8Z5s$|0cOKi@bV~X}-X!U7**%_fLB4loj$vo4ImBlJWuH>38zrmfzmFSkXcFn-87N+sPyLOH1s!{#s z&k7%mZ5oG!KkoW{=0{aO&DUxls=;{FZxmpe82-$MG5i6u7`NxB;iD5%uo!;w8;&M8 zK*5>Z#_fd*{{RwYkn&WCQ_O-vR1DIYD=jD#dP^0^JY8g)FV01RlhB1eF@q)3 zM$%gQXA{VkByJF%n-L|(>zZuwyCFH1qvT$PGHSF{C-)EsW~Xd*Dk~rerZDqDK^34H zoAr*##JPc)5~Pd}FE#`Pzn%X_1wDwFg@vNwZ^cAnVa#_&7CFfF2Jvf?RI2zHruZo% zez4gj{zw*B>Jg;T+N}gn&E`A$I4#)SU2dCiV;3vI>x((lPne>F8)Tmy&fp^U8Sl!o zOTq zyt|t}?C1Bk`+45(2U~Z)=zzLU%+yyAZD;_Ltw@@4)jpAwbwp>8G+2=oUQZ<5cdtc~ zakg?Iaz7l9W|p8=Fd*pdEbJj^751E87WPkVc41%RQZV)7M)hyYB8S;Kl#49W`4+QR za2L)up=zJ}wfob{@08OF!AkAy6#lRsuD+x`=O(4w@P$=mxl8O~0kG?)gh26UDhK0$ z^LVoWC3xdFVUXG(&p-K0M%8N!2RZy<<-wfNwl##u1(O}yRne+XZDJ|Z&@VSjKKj33nU3i!$u@Lep= z7ik;d)`ExVL~t+eXoe{nBxhAFh*VO*m?iKEiOvFYsUTX0Nmzu}2oDhcP`&(j=doon zJhBlml$~4!63eK&YEYW!mF9uBkVJ~Jv*-vEx@%;FRrKk1onxTxp9LJ!|B7wwV;OVY z?>O!vGiWnD##=Nx-}Y|;*g>Lycm;4{_Y$F%68T$(zv=*IgAR{l&;>*2+FPc+5ECFa zpy{P_beqffP(>*l%R^An9HVdV{DZzNiHu*S`-|;;-SZTM(}STm+9QU2+7H?y*`7w1|th z!OU?8zKq{&Ab>>E6LyVQxf8v!3U!!|&Xp2puF(>C1R=vTe!FbIlj8w}E(aZc?7*#%tR_0Owz=^0%K83A1Xi={;Sx|NKE8)Op}Ayh+Hn7LiGPUT{lx@?fuu-6c-I_r5; z!U{068PIlT7oL@q3N6%UZy++1leWUV>GoRt_>Lc&f@KeWA4UH<#P5piEWXBs<1m<+ zqxg1F4a^-Np1Wce5K_4cgshT))upmn4nAL znyO1D@J#>_-vk)^t5Vc%uMKAW??Sjtb(8T*`&cL4gkY3x zK;lXM>pM%h>#!Gr^oHxWjlS!R@RW`#BSQ-#JXb(@}UEt!-1mAATcvvTnFZiB3$8y zLO3z-c<9d6cnADqRbMavokw!4;q_n9yZ7~WXYJlI!+-1LblD33KsWLDt!qY8!=Z+V zrH{Psl(8d6G)(1{q9b~y3~d7+ptL)9Q4i1w(>zMvcYh&e=;&A(dfjCnj$)17mK}Tn z2*u*$osx`ap2KpBRt;XAXmGGLII&fO%9Y6Mh<;P9&BjDC5UWb;L~SGhA^r> zTqOAMp24Ox1rx6sjQsQ-C^H zT<)*_HSTJ|1wT5Jrb{oU{@h|bNQ1Q>J0H5+Za5}~Z#G3tt%=kF6E7OP4Huj!#WS4x zyPI&&fAo#aYr>DjM?(@H{nWwv7X#S905lLpAt*I>@8%W%uzXK8&bMuSV9-`H0VeJ^B<#-T?N>tH;x&0#q=JcRV7?$(!`;{HnY z!2kz{Q^tznJ67H2?BR9h3K>*ovB}fX4c`QB=(JJ{tUgGYie7yKc9<#)`ikBBtcu^L^y1bm1RIC2YC1>Yzi z4&)Oc`4;skgd&2H=HqZ&VNkI6H3_uXJWW6OcWdYOY6VWT)~q{8&YBBfpaT z0MQe;l9~UX%hJW_e`T-ggC)uqf~CA}tXhD-7_=Ltv{nW*zXm>!Y$SO>8&Tkxfrw#H zS8S4xEX1VskhBi>t&R{r-GuvApO_(kLs)hTL#u9WadZK)q%S|MtvH1Grl7zTD&I>y ziJc3+!|2!W?WP~<0iQ|=mrZ{8K1I3=a$r!;6hhg+`26FuE8Z!LWM?;TYRi3G|3*4c z-fsMA0Rha(7sWcuSo#|Qs3373&Z_Z5#E>o}zuveC0l3dmw7RZ*9OoV&_>g`Ij}*3J z#`&H6^o?iNw@|kJcLvccS!)o&Zq^!|QFA55Bf)_&O;FV&ws9rfh)Ek2=ZQ9%%XyF2 z*biWm&rCQC-HK&QeI^|fMDQXyt2jP}K6EvX20xx-fp(hv0w)=?Q~EE4e5#=HuzYha z;76Qc|JV5T6mzu=2vxr*>i~YDRZyklc@f~1cVSl|?qyZ|E4_d3Ik~U!)3*pXC&nEc zaNP59z5z;?m*dN;af{y-fH>FK(XEKBUy!=KT5Gx*&|z5zWsUuP27YI+*6$E=I7`2a zjsxAkW!7J->(1xbd7I6smhuf1Lo~XjP-)#eIWc%^%ckcKX5&aWjJ${9v7vkVWu%!; zep26JUK#;pNW5_S@1Yfa^)V+F!;N7*2Rp~^>;-kB@%E#vvdi}tnM(lm>biIO|aF;+tpB@r^v^UpXUae2RpIz1MUG< zuz&uFiQcX%wH7+x4@ zB)IqatM8#k0g18`x8|J>waqNt5TpUQ&dtt|>zeFbxvt30;}vacIm8%nPmr=a+gM=l zS)TVxadprp%k{=CQMSE!Z$5V$AN+wfzEfy*k?2oUn9^7X{v@AVSEyeJjcYmeKCp4J zF=>of+_OCISK?mSkZM&`daFx!;tQb%3IB(gKg3_n?XMwHU+@vfr*VjjQQYmK6PZKB zi|1M!7?uXb&P}j$d%@OvFZ2_?z;6(A{doo!@8=sv2n8Wms z+h|AeZ1wFuI7Cun>X9BRn0CP{^3%CJhCf2`5 zT?k|#-cuO4(C3TiL765WDK=NX+t5P&DSjj#2^vbJ24=Y&M43o}Z{(omIrJ29-&okh zhOX%fmq7-ALxE803Ivm3*npN2{Ka2F{HqpI^^4gEvEO?s01WF+ya=(3i?9tD#21=R z4WG-{n9m-al!rV7Xn`9JvS3N%609dcBoiJ9U&vYDN+>9x&`K9bS+KSu=6C41);|~U ziDoh>h~f@1MIiZZ!V<&TB4@FDukYvVJB8?D9G4wMygLJU@YptybY^cbxWJ6oAwvJ! z+l1F(cMbdob5m43OpmQ{zs73IE7aW%!qsw!caU6Jm~)|uSKK%8ihI&8@l*-_)Sg4i zYvW%^6cG&DH2*ipjbHIAzCrw$_RmUX&d4OeYRv$NT|6%v<&>lT(j0kZ0P;xd7N@Zu0zl~L3V6QQU99tCFWPS;J4if zNgSS?YHZXZCCPo1v^F-I8X1bm+PF%-Pcb&&%DTIW&{Jar{;$MGG&P3vi`w>Wjl(>) z#%7bn?-I7gCz1eR>2mf4lB-5QOy)B#Y4d1URTW9!i9;liFdOUS-ZlSLC|WTawH&-yq~w(-L`p^;iOy#sYtF+`SK+vRITVhDi>Po6 z?<(UL+t5h$uzulu;^OqV(i^c)_j0&kqeTh5Ljuf2SefjWqw})-eVu|baWDmIrN-2p zrQ~63MPx0 z`WM!Q&vgT?Rv%I)HglF+I_#AH>5=SWL~oTu|3s~A_Kq9@@-o%aK%&&YJT50y&#Faj zgPnaY)gTRo%a6tAt^8Q({vctJT=Ww&=Ut_hop?-ky<4u|jYdXwa53tG&>=I_CiFaG z&I&f=2Y+wm75A<(*MxiOR}H*|_jbpg;TSXEhnwF1>QMwpcyE7yjTUsdEIA>*65L_Z z@Fg6>bFKnO0TY#EnlkmkBhxoOiK#b!0;k@y-%bFH$jr-S&Gb7lsZM4dpO_kErEpgc zc8e5Zmt3GWU7%KiA0XFhQWM-=l7QgdXQtAOVjZ!J!=EH?o||38x*$jANS*FISXTqd zk0^$AK+J>uY!nonSBIw2Zf5NXSz1JfVi~`$?vplZ6|AZ>b21ovf)Iw+F&n*YwcgL6 z_EHCzZ^!}A*L&Fu^i^)r*9G#}y;sA46xYRkASJDU1`TmkLW{(@5NNa)x0_BC;q7&a zq(Jrvelg!NV^I|s2|9^F*wpDO9s~B~6%l*8|G7Wx)ib-KK23I?17^TlbioWHKQ{+@ zPAU+jmElR2mKaKL1vx>TlE0esQLLPY@65qll=E=flk;TC z)ipTR=qx}U52pcVftG{bMqa_flu{Bw=X~K!F{M<{CU$6XU3HNBLdlr-`jJ|Bq&6Y* z@VYoQFX`>S`ylEEvGh+?4oYjuZX_y8(TG_!jD4|#oV|f##|(9|1>8I{TR4LZypx5+ zzA@Xy_1n67t&aNHki*)mQQy1D>D(KjoT6p$w?8R>n{Yz_%Y4U#-YNHMEURCk#y23K z<>rehA%s}o5B{7-@Z#R(*ADIpF+QiF2??A&>PNlk{||9aUcDzVCkZsnDi22$F#dq~ zD9MeN0x~DXLp2Qh5VVDvjYU%SgDT-^^B=Q3E&fUhL!CQnBleu}L~W%5pvjGtqLEnXqtznJl$8Da=HR!=~aqaEl8LwYbG0 z*iUI@c>z72rHU;$V=9@wSA|+BvIT3nveOXRrE4j&xgJ{d`&pc^_N^0M=>w3`DiG!# zde(Aio*?do=J`39C-~E^APH-bs2MK!^h;tLem9pAeK0z?{#@^+{?!e{ySohCO|N3I z&0H&O-F>?E{92JK2${X14o$0JMHvk76T&H(PcE@&7Edq7nZ~jN( zf8mG3Ki5Mm{;7<&hyUB&0{*}6#Xp%4&R_mD@s9*l;QxzG;D4jyUzefp3;%;Uga6+i zF#aFOZiMqmS->;!pnwG|r<8>Me<`nE0dj?(s8ODSc;&h%yH2h!tZ_B>H7dG`?aLCm z!v8PVHQ8lyU6EbMD~Mamp)$-UPGOcO=WVq2EYJHUvL%$~a}s$OIjxZ!2H>&&s~SjH*A?zQX$U%-T%ohc6*`+-p|kOd4rn>GCfOj% zvq5q;-m^UK)kv@{{`VW&NE3B1>Me4G-Xd4%Epmn4VjIzN=meg#QkG|>0ejE#ywAmz zonkq-LJ#s+e?`%X+&_P{!7utpyZUR+mTKo`=SVRGL~!jQ@b}jogLhS@AMdYW$AP&u z5~`6O)O+PeDSpK3z|%=PO@ypC<^WH_8)%CH?pVh75q8M{oC)>V&Y5NM5Y$bKiX*t4~tgWS0-v$i&dYPFV=CMryYX!n4D0;^_~0?#1F(1 z;IP0CSgfl)lbT$?gojyDQ5{^RzA9g?>$T9X>)n2&`KEGQ-xAmuUAB?J>zxt1rZN zxsIqc^V8GJEq?YKu`>bfJbn}|_}QlbRBcLL*t{mZv1f^0#U6-5%I!PbWz}rAN(yTK zY=8yptLC!vK3sPGyubmz54IlOo9?gqzK?@J2oq0c=S{!jhHL#bhu~RN zW%num8XtZYhAVTsQhxYjdyu6HkG7fqs!pL&(lDk_nOqS!l`H&1az)&fS9Dd&!4H8( zIE7f=k0~?9-m^UK7qD9>&vJ+j?S!#}h}DJA^4LD+&j5e*Ik=0T%8r1eq+v1~;;-q0 z3(-pkL;kiC_iU#L_pEofy(hGJ?~{HhKal*tzYF|NVjZj!3;yP?D5?-vl8n-klekg3 zBb?X*7IR|OpA}2LwHN~Pl!rAmM-(IfVFwX_sx`C=Psnmxwe+fQ74ax72@t9paNEqP zS&UV4Fqop>XVu$&ldRfC{m=;di$kk*7R8_BJ#N@K$2KC_zJezafNVlZPXJPZQ?(dR zrG0m3@)h>az69-0YTG_~?QOp~m%NXoUCQd`j|vFas>C4VN0s}d7C++S@wGh8aUbWp zKZ1Ne3x9}|AQ1+{F2+4!bS^^v>nAcF5i|{ACsRqIMLOM^s-LZ~^Bj3r?*XSo zqt=b~VrT49_H?z>fD>HC?AjfF5gul97QUl@=V@^_qpvc0#KPo?SQy95IWG4~8ss3H z^W-4p2DI-cQ|+;si%*fttjt`yK_|T8VUfU}KC2?Z3o;4hicA7tQG=G#sJ|Cq#4hh$ zd=bf<$3#D4hnb#6Dar(Hwx{Hp?5XKbv1-Yk=J--Pgg% zqRAEdpIl)^^NJR<99Wp`A2Que$ibju3gk5>Nc z!uR=)2#!7!zMP+jKy;Z?S0OOu!!MUfo2%FA)cz-lG!kf_GGU*wp-sQCP6a21iHmoMxcB|iPO3IW`0T>| zpL9j}l3oA?(F5k;pOb+2f=OTE3Xt^cc+XvK@D+{#&Cip#LdyE0q;nk(T_-%tNvpVo zEijn}Nu-R5MD~*Z?LAn=)nCRXzI-};(Jr{}(B30496e+PA0@_8{}N%wBIp`?F%$7) zM$m~)E)wPC&Rqmb%d3f{IzFe%7i>Hz`wAe&js$t6_0u`l0)3Q0cT|K5SS1z&$GCxu z6FucsCwfPg6TTym=D%w`AAxD)Iymw(dM=<+n9GAe!@JXedNBTWEg#I^6-$|bT=Wli z2=57(a4l>yywhK&19vx(2v;~sGG!4Q$2AwPc{nm2EPzsASFs9-#x z1o420EJlFPiV)LzF*8rBpxwz0fvPYe=!#~rRP)fGRPOJX=O?t)AB3|)ic0QH$ zio>dI?LLJYAn9P>MfTw(QrjtoIZFFN42)4s1&rN z-g>9y9#%@)fOA38%98mc2l;D68+&%HKp9Kc%H1~2D}T@iIs0iR2!{a2P(`$(gd+_h zP)%TYa?->fh5uaj~yh@g%05xJjW%q7zpSFj~uDU?%U8R;~Xz zdO;R6)g0MqsHGnBKmXeq)5#3yNNKVwe7Znx8YQLabJtY8pbp!?y_TlJQj0TVBL2P= z@2xWa*8SefNGPuBm=T46OTEGqBiQIDcD`o*MY{KLVxwrAb`2LiB-N4I_mcggRzIyg z0aVW*YA`FojY?X@du@(?31JC!92O@>VUI&3q)|m`L|XX!Q=XiEd@IFTf1CQ5@UA(o zPg|9RR?oIRN;jV42?C)rh-U!BYEKXe#JlF0Axaqj`<_kTu6gm)A%h70=QA5dB` z(^A2fGOj-l@jEC8I3Ec)d3+V%Y{?<0bCc^EK$zpd01eC;PQv{B&%nFg-x%`>p2);j zRK?~crl7R5zcH$0wCBJ1t!^2K`Zc2=4?jScAv&P2N(JlJDg(UDHI=N)Zh4qzexi4f zb0~`aJ9sO>p*<1C4>-2)h9Zp|AU|$a%p#`!^Kn!^=m0+4UoYd`YXF>d0;krhA{_yz zaTkCyHJ8A7`%fI8gtOYf=JBTlHj>4NF`zch4zRF!P(GFIAUlH1NeS3s{H!ejobh_6 zz!Cd#B%cU;Mqx{|w(yxe_kRhWO_u^bkZWnCj7x3zK|Do-&$yEapB39XhEL>o0-t`Q z&352(t9;sN_>5$23HY3#cOLi*;S+&Rq+R%ojP4UYj4v(F-~!i8LHVHkm&FCVBDl~b z_v-LA<5v=Vi($Ca=P3iOe-SI3yLLA~CaBqnj1rT;vkQX=`-U zDv|aVDRp;kM4ln#J7q>Yky1!tM>7Gi+_Hqr4H=a_VGPD;j^{Wp*oJX({VtTA#6T1I zjeH{WV+fOBlIQOvW+UgG9qh_E8klUtH_V{MMcE7G#}K5@QsVgHpC^(&JzSppX$dr9 zC6URhp9V-Nk!2c!0EuMDeYJQz5*mp7Sc2;2$7ictD~zZp`cd)xadRWV$|GU95Y2^wQk%(JQfNvjl;I z0a5`R!`m8ET+Y*FoleqoWvr(atOO^Yh7C%InZL7$#3}01Jk)6Yv*nksmqq%2i zU~It6=YaBY%Q@)5!pZ>DT;b19bF1(!k=^||cUqRg{I*{5x?lYxfdZ?6D@5w;wgj+D zce+J1vInT*q7z-P*8GNNShkRwv+Z>Uw6(PzL{>dk%fw?HjeK>8yx3DrL;T^L#kfkV7GLdQy z1{{g}Ek0}C`X~95li*Lkh7t%7rk3$CU6%#^L=P>c7Og=cFH)8KAYsT4GAiXyEM%5& z7g~JblP?jpl`G<)a_uP5PHhx2eU_(@$NG8C;qji$(0#=YSWl}q0mqRo>V8^h@7+(8 zA9b*z8dd_|(-FB9SJFDi0si#HN90db*35G0JZ7r!Ckz`>SN@g>2&z0Enn#{g05tI- z1IluBB~j}{I87a<zPIw0d z%QV0b_75E6HhcrtjCr{zy9!`V+QCX;bk!`t^AIR`G2g@gS;cF3ufM#vpZm+;XTOTe zg&%!kK67|h_{-%Opv2K(%nN-KCszRB6k1$X~mxu_#h&dHbw0XFSds}NEYGRl z#4DzLgT3F0D|s}ZbId`o`+3Z1}^ZD+0bgjrIygXd<|QoT4I=wrOk%v;PJ+C`Fu*!KryA~b+X z(NwHZ{3V5v?(mh|#6^<1;ewxNWrbX7f?)pK-w@rFfr9^=A#xsso8Ix=EX;uirv!w5 zaQRhEY~oIFC7*-)L;TgxfPg5^N;%vz*=L44wMxLPy#i0YcP4o%!u8DGr6y}T+&skn zWmy^GTd+LzI{`h8oD0x#5F1*s5mN{0T!}!%1ljnU;u=v`IC_LAXKx^_TBcEUyPXPg z@A|AqvR9(hs-K_E6oT118iatBX>1hqT_^XNx@E?)4EF5o@2+u>x3f3!BQ#_kgdhhf zXZDkKuFwO*IFY*OzK^uYppRQN_h_wcjP%1PvOcbP{b>y#A172V(*vZN@>V) zJkD6Dy~A^DB7Cw3Ebr|BSuyXW z2k0?-CgKZ|GV(i2%Bv6KqXqYpiBsw->}n zv|MuJEbkq8roESuyRi4yOk%Yzz8_nnZ3>G+n_H!Amv!k@K4gI|OVe_5b?X4&o8{SN zCELQi>I0a=(g=LDaz#j!SMF_h1Nd3h=_mSYrr<{?HmYSjPN?{LYvJ16XO0RtbqRG@ z2X&!~zxoG!jb1K512`d2a;j`_m#I}(P%2j8o$K0mx!9p)h?8#mgj@{NCI!xine^$) zL@yW1

      |kv3#t4AyM)UmFT4?jFT&vSx_ZEi(#hgif;%hHz8?>RD@`2e_#A`%to_h z5wjP@fQ*l`90i2U1=UL2Et}m9@DRW9`R7e0AQ0p7S6`vO(*4z!;FrX=eEymZe2Oke z*P|CeaMFJtOTXhGaOda02jdYGvJ(AcrZO%7fVeYQ-aL3CSAgSdDIj0J<$R4(4hpe8 zTlVLb`~d>^&Zj9LV;8_k+{7Ylzd1Af*Dg-1`(TI!_!8g9XcPG#Qqw`?ziUM=uJ0X! z-h~UQ8`@5!#ELP}yO~Is*Qc@fu0a9TskTOdKcIQg=r}!DQ>_dX>yKDd7Dvb@rYCEP zWemoeUhIGJJV6(85HQ@+<>rGVTsXrr8XV)6z=vqSb^QF5&#_-&EaPw2(~@+>zKU^o zf`EPBJ_9Bs(r8e(rsE})pL@uvQaIVE>_T|=A>~-nn=xcMbwXFVXgedLPa6bY8tx!} za_!B`pPY>LvHpMK{_uDIgMz<9*iDSS1lSV%1@S}h2f0T4%}mxbhh^cVO5%@COd)HE zWlXOCpg_jDzORm8a)lIPT0KnH%!U@w*GODe;w2-qH~tb|Vjs3%=0m@oe`W~Y1DySF zbTZI3;#6$Hlk+e_Cdd!fM~Cpy06eOt4&*bvZpH^{escaUgi|=Fj<@+m{W2?|U-k$2 zLjIPrvyo*g7a@O3e1fmf&m z2H|TtyX+Ypm*vTUS-)2Tvl&WUcEH-7`l)WO%cAb5S*!y0MYbx6P)4INd5v9c_rHho zgp{+h5nljA{lB$Kzg$CEqJ#5Q8lzQK(Y>Pg?9`Hm&Udaj@948aVngKJL~cWu!dUk~y69apW;7*NX9l!*FpgzTa&6| zLoYwY29jUoX)fkeNy5iI?&+tLwb!LZHk;jc#O;8s&zyD>W&`H+Bv;IFV+!@m(lVV4 zp4UoAN%mym@Pvt~UnCgyUmhl-c4Har-1+UoOT9O=oe355NbDkC7-qng}~dUU?@C^>nGNU}nr@L?){*G`boxU}NEM=)!i@6TCt_}cwZ*yqen zsZYxkluAa7a_CA@Sh(OXb%_e3sT9V{CuX^%x2Q;l<+eQe!BW-<@|67-AXU{jA@PY> z{79(r<#y-fzEO|)C4^;pXksQOVMH}(U_BD|p6*953`usX1LpC`eF6qXL@B7s&~IRi z=wCdw4Qm_|E+d4x>1a>y4t_289eD`!llnBS$Kz*ncolm3*$aS>ZZbig`P-82l>=xBbJeb6s#SRo&)^z|eE zFYDr$L)~AA{z4s5`)&JtH(Sgszn(*YjuGF8{SH-?NZlFHiPr99FY@2IrLPlNV5CQG z+5}Ru&3M-4RYKH1*n}40R;!|a5PX4uz<(C-b8trKEuZEZooH%(ZSc$j?W+Mt3X~7{cUhBmdLS)Yt4sOuH*iE*nv{o zu-;@2fjumt_s3~|2&3O21SaWWglc$4)q2c5IL>jtp*D8&1x^$hRzLQc+7D&wJ$?nJ zo=o*I^dTwWp?o$m>@#uk4t5&pAVkVQ7XNkuY z`p4v{mZ)0!N8^7L$FkCgk7iwX2T(8#v31Y~{-m$PRFHFTp*fEbD`QM{KsaH>M=e?I z3ZL|cIAi{JmCSNAc+&62BQ_VHMFAJErkDI)%P3b#zsghQ&_tP-mdO$zq@U?2bM180 z1>X_yoEyKm6s43zpbNg8+Ls4R$(J}!oGsRP8ncJF~r)97s z0qYs%DRb*Bs7FRWRm%+1GDAIOa`I3H+E$u5SIZoZ-{FE|p0|@yu$Mmh{PAfts0t?F z2gy5NcHcu1A=1Mea@U(#$1wU&C{h`LT$cF zxtP-Dlfu7J`!G)8e@;GB`cbNIo9t_-lTE_x@*{BEHWXSLClbTt6tr>tcURf4wUa{*6Z^{+cfOs1$dl z{+cg{8!)FF<&!Z7I>^K_VW@AJCm;Z-;cl0Z4IF|w{%4;SMhupc8_au-zx_4K`S;nU zxraBN@#3#xQZ$}DgiB(1Pc7c^fxqSseY+4BJmaO}1}A!$6YYvUqI{6++gZ(vCdNU+%;*g44P-_4K3shW>Upe@dQ*qTUe`YWjf5zor z<3Dk2#l)Ex;O4A6{BiQ|q#@{^ztO*N-LNfu9OUDmeO%AS?+p7kSp8Kw_RVvObm>9R z0hEdqO2<#$2b9jg+6yJ=f9Li;<^Vf{U&S>p>?$t9FGb{pBqE^)5Q#ys#9SwTR&K?q z9_FAld-J6-{SxyFbguIYKgQ;oOYpkG`8D$@@1Wx2QVCe**Y$1sPX0YE(d|)*Zj+~@ zyA!j7r=xXj#2kfMmOm~>c)AV%x+kX^`J-7qspGzhfAY$d?zNs@(!cLyew@6Ij+l#5 zdf}NLfDEj=&4iv99E7qX{A}vki3JcNZJK3WW>Ct@Y(Y=Xz@BZlI_%34g?TybJOLkIHC)LYj zK%V2sT+a%8(w$AxomXFb&HWySj|F|60z0L^CyDo+sNef}oBHAAN%K_yxm4erY`+ur z{~z7|p&i2CiEQ-@e5(w6vy1)&eD??c!#b`XsP%$=i?q;aTX6CFe>?pD)9D8mXzC38 zjA%su!N&hreaG|v zKb?Oa(+T?Xke-m;YeIG#z2w&BcW3FZv+a9X_<^+le>?sCyXQ}5@#9re4+KB^li!_f z|KCL)oo)ZS9>4lWX1B5LIj@BO;vA}(oVz*I^vRx3frP5kui?kXqs)|i8x%1IUoFWt zbWEjW+Bo^^Z-EoE(c^+bjtU%@*nj5lI8NvR{IS;E6BDg<7rz3QJT0mmG6R3jEx08^ zh~MC~@ZI^}S@`|C@JIUc;>NY_#6CU-Rwx1z3{+t}iSxZqs7C(K_A41rw6JCOPN zA3{GT+(`b<4AA!Z|BnxtekOlR{*ON{{~!PV7X56$tONRaIP{-DKdyY}EdBnw%=xs-aM-dYv zoa9P4ImTpBb`>?iXi+Y9sA}$wKZ*SNn$7;XAK_&PTeKp9BsY}5*&jX;?S*3f?>j$w z*(Trl(LS3(`P(X9rjH*>)3BYDWRYx>_{hSbWRe_5xpkVn8`)rE2xqvRfS=0fT4kyvLkZ?_$2;-ae{>u> zqA@N46aXCYgAhdb;{RmDKRV~eV6>aahAE|EqRd5YH|{`2ltu-ZWdJdQa^LvFf8&GL z8TX-qZ+%Ymly7ljHWPyw@CL=?A>MuQ~D#s)q08ol?LtN$vMpb-63wdf4jOIuaN9N?+El_4eif8#)s^Um{Ah50Y;}Ja{NQZDG)5c7d4cm|z!j%+ ze(1t@W^mToQs^MMY7W;@BW)?x%2JKCR0&H3!T|EZsucoh%zmH|sOfRv#t5?H<@n#&ROxnp^sAN&wf19ukUnrPH~X_#uPIqgYV1 z+01%mmlCan?~uPV>iM6Z!|lOkiuqwB`Ar^SP$ezdOhPxM6Z;oe^+eB*3vTAGLf0jW z`5rtoXW#ge9%i)w9}3i$;)nTk4F{OfLk8$3h`MXTTLEL8mffC5V7QCT?cTky^gb*4 zxEtkYJ(4L$VEiO=Q%n3)a1}c>QW6$DV&LJ?ZKicAF+lzhUyZ{L_A&odKe&tp+-iSJ zl2c6byBo{{6eYUscgkH*XC6{I0BhtMZBqaqGpR?K+3?~zEZ_?=zVEMT z2J9dTj-S2fjLV&CD$Y^PAIo@ubq}z%27k@-L=OlUm}X8reslG31ScCue@1!T6APz( z@d!(W>wV^0G1fJ`H|BSE2DM>Eym(^C4`1&|ER9i3Od?9YTsM@cn;^|1jWX9r;%#0 z(}4U1A_sgy?uoJEH)XKQ4*UX?b&GUoW|^iX7D^KFn{E#)`XRu#NeI6f_{{5U64uo=I?1#iu>cpLEw?vbU274ETu7x3Hk zWI_&CxdZ$}L^07+#QkZ8`k$RSa8zV>_~XM0acHN1)n`3MeN`6-`NzCj+njm!@Rx^g z9{yEx5BtMnQu&MQcpzw%*-F(`ex%G_dBX0?50~Sq8r*7Es#yBEap}x&UHDg!1lA3L z6 z^Obx{Pf?b`XXMp$c#XL!{6ok74jR&t@=U)=WKz$=T0QN)ZBYj$eT+`v3<@Oc8L{c~ zLGVxRMMXky?B!P6grdDhQCAQ(nEGWjb(=5~`LWKF64u`4b%$Kf{Jy|WAATob#(Z}5 z-uN@^^EuIP_IZBYH{9|tq1l)x&N!g+>o|Xn>L&wr{w^S7Bg@pff_~zX7X=6f!E(8- z5OGZXM9HuWw#l#Ol9I52R4{-E6DtaE65!n4-Irr4ZWtsrU-_$F0bvlQi&;x-0M}zW z`CBT+yEPRe8_hhHg_l4Ft0vM4aasdXVAsjFI0YW*Sq;pq*Gh)&#GxRdMU#62)@%Nf zg<=Dypw)|EiWhBTol%bRjY#$HSH!Ph&IkZ6WotHz8YA^UQ6Nf!5;R=-4m7C$${> z5!4?`EkD856sRH#RRqWroZ(-^FV!YSv}L(?heZe_HBV?(cBhBa=P(lr!FOwdpNL0YvmHG2a|ZN09Xt72IwHhQ(| zh+^rtuYiP&>0`6}|6}b-z@sX%w!_jAmT&_k7{m+_1H=u3EG9xUC};;d5|q&lphiJH z95;jnq96u4LE7d@RCE||M%;CV8BrNTVKfAU-~s^^P}D)(s%=!eSil)TvX?J2uWVyjE9F10SN(dB%+AqWa>qj-cTg8B{F(ycXU6w&WfC^Xixkhif%8C)_VpJfd{kH)mq z+R$A?dO@&g{|Llq@XF9{sN$vy$=90A9{P8usM^7jLwFKQp^HKUej;zRX|h?hQdFaS zP|Hy(q+evR{F3O`OzeV9obQclNHJ+H`elo%BqpRqU4Hh_=r1Bi(%t6dhc>E3zYL7_ z(m6g)oQ|3Z76MZZJD_!p-o#TE4f~Dxd#|Kw@gB&c|0aWbgc%%LwwT`(rZ; zPx>G;P*ZjI{Da$jB+a_(TM&=tJUj2Ji9BTfi?yb+$ls0p2?qw|^uyn_%+%L8cz$I4 zhIUrf(`?>)wQ~?hU>e#ZlH7W&bMQow@7@Minae$;Gg2P%eygf^Eb8w}s2;%ivcMGG ze#bfe@p}gpW&8M;Sauvhs16Rp=Z;pDg=*GIonbS18#uEh4cSXE!J zy@>YP>GqS#I{jcJxBJ1GSc5#o-iEGL)k6G&==gTl<|KPu*!Pq z8p&hZvl{+yMT&H!RkNy6O;uFKF`CPFqJFKlbOXcdci{6Ip%DC&zVm+9CUA#tF=Y-e zZ@J|gpuElOGtf{d=wgPB1Yey_=IkeJcsFI? z#06Hf5#M5d=J~1oMA&cZc5C}qr*llIdAkcJ1&U6@G){7$72EZ59?q~0Dglexu1=_? zs!T0?8ZYUsFXPp!VXebgNv(I!L#=VqeGQD;*WIl3x~}zC*6L+ybtfiafxjBBuL-QR zMAw?mTA%LHw)bg*2SL=7I^#|0dj*%5=)Zk_!AuuD34r2a_eCR%{f|%0^Dkz^c z2@_CKLqG+|6Dpxd-s`+iqCR*aUW8jUjE6_FVLae=K5yQGcZwm%1D}o|c!-AJ_TSSG zgaPLyLvm6|t=6fdLT6UzK}*}I(>r!UgG*sj5yskV%> z2G2t*g32u7w#`ju`0juV8oeyT?c1f!=?d*M^ct2n$rAzIKB=wqX;f3nyV;D>Jr`2~ zM;bn$@7*|)$iDfW`e8bs_@0a>TV*lAlEEi@LDV0ZF%fs(hHi6C5E*zOB@e!q_6yz` z5@2|Nv}A&Kxhc#r|M6v)F(CoLWEzV-1XsAsLoPcN`x7Dm>R-0YJvfA^K;KW}#z$xW z1M4xX@-4hT4u?nJ&yr!$!~mz1?4WkmnHALFXGB4J_zv?VMKH8_7IpArr$2Ev)@J%t zX3YI4KYT?Mq7muf2>!2t3=QvP2xdqW672vte&_j$eAbKl-QbY^v%PETVFgxZRtO+a zS2%49d#A*lzYesa>WS$$uvZFe{84tz>@9N3<$>I8hs1S)l{F~DADQ%oy^Du?^0n}A zr^@*l?Z585*Z8_WhRFzxb`Wbv-d56?=`rBHYC_FOq;{?kBURvkO7QyQ_Ez!w<}~27 z523bW@VY$E9Iu7`{A}7Mu=x$A0b$En8&)qkYv``ikn^SuEGNTOnk}#%Z>kq|R<3tg z*l_-WO%wX`EuI$QzJDU(G-y;ycpY1x8EigBRYsjQNy0 zaJ9LP$9JY0$m@y^ssRxj!44>0FQubhnarR340HV}%q3@#t z>y;oJIGZvGtx>`1z^`z6jUM#%XgG0d0^i~bjjDW*3eOBi6L#P>{M-_5p9K%c;+BJk zv97IZkN*iRO6=1M#`;GD$NEcy*o7PwgijuhJ_p4+MmD`mtjffCYvD{_8_4H~XNhx( zBK8G5zHRQ@?`}U4jtyP}0`EUOA;q|_vLs_#wI}zJnRf;Uwg4;rf8g-u(AIf;pNRff z!x7IWd!n4>aR2jm_K;I;B}t^|m_3P1!P>69xM(0M5-1&#p` zHgF3ja>a^_;^Q+sSaNu<4;$Th%KcbF4DL zmIgN|YH&wnOx*L}n8x}%`|Hh^YRs7Gym>E{n=y^rUo+M>d4C=EbsI1yb@v!On%c3T zIp21f`U*4_?Pf?l8DNL6wR>3W5(vO*76s!=6?|VI-&3bHC1XazUWaxC{_*g>V33F1 zzVB#M+Cvli^@530ud;$h_=G#)OxcqBaO8$#S;}U#Ffe!U?bLTOoyA4&Y*HS!v#_}6LN7B{ z7G(t_Hb)3)dyS`ZCBebPSyVcgz@Fp8Cklv zzN*jvD*c?>qlJE6UjlnClaRsP74GMsBDb6_v{4L?In2&_I=jN2t868H3oUIYQx4)H zqA+l>KV4!apD)Lik+c1LIj&re4_Ow{2GX#@=Nx{f*mgHLo5YkOkjf=k9$Y=hh4uIF zI*cT=zm)ppTJA3a@tigv_m_Maui0OMVp@l--|h&Ul=@|og|yGxaA3ptavgwhN>m;o!d_m`ZSXl8GbKUGp@E36qf zGs<-)%98YL?$5EYd;)zd0_QV(M$nJ@_(-)VhI%Ai(sk^62-5JZ{SO0454okAJ?~gBFTM z530fW&?}jGXwX)oXdkPa`(ea8S^(P}9I}G%VPna1786_IL1En#nt>8S%FzPfUK+s~ z0=*Y0^k0~J$g&4uk|_F$V9CCofNMnxefuG(#Xq_ZSgQ`Lg;NkBv^9u4e{vU!qZRb( zP8Mp6GTL)F)?mm{fCU)*t8bh2*B-auR}V1(G=_li|=iG^5$*3h4TRmF#UCWr?kmij}Pk0QCixF%!jvN zm2_in)5Aid4-CJS7ZThF{u+yjz1#_w4`5%9@2kKf7=a$&R9-nRzViu4^Y6bHS`JQh zkN>i4n%Tub58@X$6!<WTPNT3HHRMG6Cy4>{^(6z;eOeQ9SrJ#R==hrTKoI=*MfBgh-7tV5$!RXrkf)=oLVj;( zGrz+tAhd+wAX4LWQ$`&92R-x}Y*j0FSq@%p857~16xIEA zt>8qgGE!kq;492Sc%4M~ze=x<-q-S<#6ysUH7ri4^4Jg;if$mGjXY`L%+D?bH){>HVjI z-1o|cczo?Mi8>UYkeTf99ian`1+^$vmnWhQWV(R5U=v3GuX*Z><6%!9Q~i!{>+eg` z^)I5~!S39?6u>c=a7-l}2-75383Zc}e$a*myP5y*o5u{5g(AlKN_rAyX zC3YSQeRYL!8+v5>H|#E4#BQO(1czMMamib*MoXkfvk@OT;TT8kg10#qV;(Ta^lFc9 zIy~S@uNO`3fdv$_VCG~9>o+RSL^d&5?S$Lh*d z>{I5xVO2dR!thMtnr#x)0CUm??HzC)s&Xswxfyzdw97jOg|M4Z?+9rAzP z!Z@+b)ierf=wcK%D`KeYW1)vg6xB`5R$Y3T$Nxw0lUCd$pmIuq8tE{E!v_-}FMIKw zyF<+6~}f=pXz^eH6^0_nZ1p7jA5 zQdlLkkneeCX{U;F2b8%6?W_)-1?6&3hhD$_WoMHNa#|lmTf++d3zVB| zb%0(L z!yLHIAY5q@5UUk#vit}Pf)9Efox?TVr&qo z?*hC9WKZCQH}A=79gIDU?>LBK=iQGF;vYh6hIos+O9e)X0=QxVSA^gHPw=53*p#sE z)bCRxxh}BTaUbdP8&|}Oz3?7xJAYV3PIlQD$o$u)qOrWxRnb_CEO2(xrSE}|!3xkH zYWazplpn4Qb{e!ZcpUzNgejGro%*nuskWs=f)Tv)Es1Y3@r7_>bA7yw56COg1F(d8Pe_%VohPnwh6xC`b z42>ITXv}MFXkb;a0-eza$>tK_8S^EFUsjnfSYO~AdP9M4XMyhr_*B&kF2HRTzE~x5 z7;=szgENq&9W3ZAhemNeZ5uajn<81Xsekp*h{>SM3l$^Y7#3!L8jVZwH5bVeCr}q* zVbZ>=(e|Z8DlRxsgN}(mihtUd@&x{ryw^AM(Y_SB67kTuvPI)BVM-MKih;jhfj5O%Ucvn zraID*;&=%VQIOrVqZ)gqUBo%I-fSqOzHud@-_a&#g@z;TWPazwPy+7b(@tMR51C#9 z=&B(h=#$=bML2~(6qlekQxOJ;03UK|=wpO~euman+X1u(CD>(wugk13_yI+f%^ zA1i>;J698Ua&4*hi$Lt47lR7gv;0y=Sn(yBU+T>lOuE?$6;XwKRLugL3w+4#w$)>& z{?Zw9)&j)pRO&*|q0IY&O*Lrs*y-?$ZpTiCmfT-7x4F+NQc06O&Hm6pNQ_qeyL)8# zi)H>uV~6Hh ztYFBuz~8$7D@?T<_q=k>Sq5{SQQ)72(Ac?IR-X#Ifz{E7d#7H*C+kk$X`zE*Wd& zsYSHf|1Fu?X(SwHAdtp%z7_!Sf}U+d9S22we1hd9IjfH@K4*75cCrmz7fG=Z^79a} z(z5&%83tm?U@>@Fv+*RI=E(D534S8cx#jouMg}_Z@DFQbqx=dEb!PzEP9nAz;py@B z8`6tD*)xX9BX1ZVj(pv)zdZ?%(_QEv(WAgWp$DCGBQo7v;E}>x6rIYIG88T~6cNlf z&^e_%j|>w`{32L3!>NizF!%l$RwMq^-t;8k1>tZv!5-C+vkXVVo>>-x$L*s8;*_pn zS$d=5X27I_!@Gfy4kpKxj-9mV_b zqsMo8CO<3rOudXR2hEpcej({`gpk%N4L{3pR~jZ~_VU=_exZk3==(qojUyDz?%hLY z8A^lUHJO3Mh>oCZWjfoNLG;0ewK%gv0MK}1_%pFg`|WUNO?oi>SsR+Wgqs`Fskz~Z zWNlzdY8xyQrMfo!pMhhLpVeBwchd5cXrX>5uBhMT34lnC^ahb0xt^()a+(<#7yb;s zb0Ed|opj4tg?ydV!I7^Clfv>9_j`*^0{b@uF+LQ}VsW^k!m1Xz!HukBl5Fgt)w_{< zyz*zO>aXZ3f6@BPKM4rtWG1>^A>VZ@x-3!m@C68Jl{~fTRo7L@+UCv#E;*cAavb$+ z0I}1pROok|yFccJl4mz*!BZoRI@=SvS8I)d3UeU{faWGu5-B2{`9+|Clod_BjIB6g znpDUy87$_=Y!TBU3h|3*@?_JRi0L%*C7*S)@Zg4nFcY|HBo2-N0~)<%)<7_I0=%9z z^-B`bWTtw-CQ^W?bQm6H?+)!@ACMGVOo}Zb!%r9fp43s(CtwkOG-H53pCDJ31$~y# zZ8<$~f233lYjDPY*5M~jf9l;b6iic?{ZrBJ&`i z3ic;b`H9N!kife`EqPJL6|vs}AF?`rNKV#_@q}iiIJI(fqIRIHDlSx<_znq6R1;Pe%|I2mc zViN#cX>Ok}IJDDG>>a@dY&UdO{bM-yjkW&a?uBSG{a1M;{Z}4l#ujYiL~cYtR0_HE zK?6;VJSz>Y>djEg6nYzamUaWu6K6@V_PS2oUxRIfBXKyrEF*w&#M6@fow*CS zf5sD4j2*_L>&qk?u@|rw4JOdR0zZ_QseSSUX7JSYm%k<(0*flOG(iJ|FBD$``zzI| z^s!rSV^6E{*+lt-r1U>Ye~ZO9kpu*|^dj}&!)X>hEMsFn3^Pi+;po&&&vP)fGKFq} z0(V%EJnz^?-_k+1jX&y=Gs#moqNPiqCHAmEJ#bt&3rKKc$`7$ZTOg{9(#*sV+z$Oj zw0Z>;k#5ygL<8l3ia=DzbF}~y(MCQ{J%RX07p1*gKn#Hv`Vax%?SsttaMRx* z)WZblBXCP1meDGOCV4v%&v?uf!yXsR7xtLksM(_!wFtXrCA~Ui`}CiH`6deU!43Ve zW+af2X1=Ad4E5z-z)+_FIu4Jmh8Sx6t6HxJdO{-FEbmAH8~||40kGR^H5uVsDGoQ> z1_(t|F%T@O!`RP?2f^=Kfq%2XO~#-W+^T*C5ma{#OQ4&XMvNURlNk4)xUEIb*ob$G4|xhg$pU z_NIW%9=%7}mUck<75oBOkU*fp2Z!*zW#-v)tDx$;pISv#m*c=Zz1eUKzEs*PxWEhh zU&a9eu%+K-Yy$$PBrql^ZK04!D$ES?QcO~9{TR0fvD`c7?lAS>7IWoo=CL#++Q&S0Dvk?G1Y(FB#wr$yjFg}?% zX`{NYT(J1}A6v!Znd!h{dOR%dTr2j>X`RHLIb9w}XUHR3{z%7^-11?%&}ED`JWj*X z$H2nEvC4xId?FRcG3bmdE(Oqi4bW`N(HZcM_a@l3YxNHpww?aoI_#g-ox=UIcY;qw zlC^c`Y(inXP8dwmHhul>A`%I*N>e>vYHA8x4WM8H z2Ys42NO@qEI2P8yeqmck#!X8Lw5Z2^?B*6+NFn>^zgfCX$jPdm07T?VU>g=UY&lAP zOnaJ^(EHqfycH$shdOrefKrFIph;FaR+m8F0i3l7FS;T=as8DAM~Ys5Ez|2SO|L7> z65c#P8Eb`(aTHvhxRDo68X9|Kk`QCTC+PYd^8F%wLHrE;mv;_EyW*C>yMm@S3x3&K zu;DPgm!HD-@`O|?Z1X8ox6(S<;g+=TSHCVlA7vJJk(#$s2nt7QQO0-G8#8U3XNbeFn^;slNLW+@ve@z%a0OZr^3On7`H<~=$d`^D)>c1Y zBy*{WvxMENR`*eZe7rKD-g#vEV zj?9mp-fgR9V0QB=WIV0=mxth~E&(EqdrJ>k^G}l0k2_chF~K%Y)Kq?gCRqFb4^A%B zW4Y>^mT{sUyG0Ok`15!OF(J&1&)3D?HN{#$i*H#Rv~ZQ6hQC0xn2}-jR+t{w`crGYs;M=qX z=U#nNS#rhvwo^-c@p5|o8im@HdGO=SGZ9~Oftht5hvy7<&|cWI0H~htAT(;^x5Z+I zF$dBh9Hgt!^!2ri@VS0`5a%Dk;6hNi=yudJgpHyF&5!072wYk~x&$DD;t>gZlG`4G zSVH|XH%}vemK>eCbRc5xcI%!^fB`ulEqk2+^J)bj%+B&=6EYmZMdse{2|U=VwJX}+ z1=q<==!!uvHcCm0Jn@igDF+V|$4g`*s#D#EbHo%k)7b`xA>(uBes6i#!w2uN+h4*} z1qXyPH5-!0+9NiMwYzLUUe82t-jvZ?C3PF?Yrg@=Hyz%tm2M#509)A7J1JF8KyZ4;R zf|$@4=^sFU7l!D{9t#Zc@Ivkz^KpZzkjs4)GDfrM0b7Oq z+5&V|h2yn4@7-!+X*w%hV{wAnWV+#Ko>5JnDglfHnjSczU$xBpggt6%}VUT?Fb>s6dEIFw?f z-9-y^)Zu8Eo%%f`NeQTIUY-BT^3}KyHfSmO`2kOYqk6^0HTkhLjgz`wtn0lgIfdBqxgXgRqm2WZ92E z*e?owO67FYB!rzNEg(I)AI!ScV`oC3taJp*=MX6KKF5(g{K2t95K!_+&XzUSH|ldp zoXMXj28Kg?sIR({dYV*U#Offw$pE~A4)N?)GjF+mRGq(6lLX*fn_N@$IJ=Bn6VhNtwh%ojkFR7V;lrD3<*-i(y9D7@ZaS zq*zCfe>~)`V`@5^lMaIku>zWdD6CSk!60W3lz%)-dpq@s>ds)ld}On#x2pPKCf$Cx z=NulnG?CpA8btmjvrB;#x3DfA!*^O6N_{H36e4~G8ksh7!SI`Bjr~1KZb)JGR9hvq`ZA~q^JCczmSfJ(u1~Qy~jS;BEy}_McjY>edXDaQl7$AWgfyJcH626qVD(sL@CP@tb5VDOS}#1R{eS zW<#o6E^kbNN*qG?@*KJsobRS2XmSP10iWF+Z!~igbt3RC_0EHYoSX8p-z4M=t{`PK z?Zkc8@Snz+^J*F^rXy#FUE3^GoQ>MCad?Ca(toRL`W3N-|5q;DJf=(q`*=JJNl85 zq6Ga@m|)eC4}~W7_hblVArw13e;$^9r*MiPKZ-+Zzdt?>N1dOqV}|R@i^|I3l($H} z<}9-aEg@5G!9_tCU!K)W0zCZ;JYjkE!DCu)MiQd~N(2qtt{sbX<{TDOPh2H?PA7iv z!JgAVD6|*(t1mSLFT8oFIW&E^=hOw?C4#*jKB#XHEFn8iRZ^Pna-c1r_Bqa-{pNES zVFoiQVBk}nO6Rq6vex-dIcO)H>g|-ETvq~o_KkT%{5Cae8bdt5SEWu?$pyGHhI5%n z&6!Ni2^rud?Oc|Z!Za8E zVbv9wG)92vs=7(4ZAVSZ?4umnlO6*hEOecXt|S{%y{w`8{rX87a&CN5c81!ItRiqAkz#A$P^xO1!DX`f0(tEv~@`{Ss8q(Ii&SXyn3v1q^0`L6ZJ2ewDvHFz*tk3Y2ppQ=5+5}tn>5~hihXlrwRC0>6!X=7mrt|atZ5D4>`z$`65 zpmw3}P@(^}EQzSa@(BAE^FaHyG1l=W&5fu?&Mh(kj1n&?V7tM@L6Up&bpjN`?ia%7 zuv5EZJnAQ&w{3}7c;Yx3fhHHcnFBTFr&emmkQzkM+Wl!Tek%bY#+p!4&bLjs1p@GiK$X~yf8F@q={Z`=7%8cBy?O55<(@y_Bo!Io3SpzKwussj;?qtim> zw%OT2IhnJ=zp4A9%-J`T`^P*M+}9GN(+=+OBv@6OgrcM%_iqG3q|%ufEjt@WPvyKhQDi&c=5!>IUM2>Xl%O zx>Zuz31~E7$cAyJA6K$Cn(#s{l%A%4<{%$(yB+SZ}&OB9SQ z)wT}cfDw-?Jz)H>D%%w%M!_`s9#Z^?gCoKY*k8zof9g*VGPdiyci=p=(@T~^!(G}D zd8mB5f=@#i2WG?Kqv-H82FCGY81}$<{Eqi$%lnX&2?krYMj3FNqfht-K0KOTDv1*0 zgl~0VE_7$CQ5x}G`**%4Vq@-a!SQYSaVq!|{5Xr`xmvGTedVw*vQHNqqgj^O>zcN} zeTjr%seN`K84>OR8LOQvSXtwY@7>F{H>uI5(I%ql5A!>R<~Q6a*bl%39%-uXdRpFMi<(ZJBhPNS)&7lWmw(i{_v-QHC zFd|&M;!bekNcd6zj2ZH8}ktG=Q=e$ z{tyS51?tXLpUpig4lS{-<05ijEfA^Ct4AX8xut?gH`W3m`|FmaA^+5*<66Tc{1+dz zf=c+m*THQYL65N?HGbtl)o;ab^(pc3yY*KGzyC4x>2mwN$NsAC`&U8a$Q4#GKP{nD zh!&(NMEf4RZK^s;Bi$W379d0m3cW2u-OtcF5G~f;<{ZFLiB>`*(udbaxEaGld%^vJ z>koMV8|Td*1koOB-x{jbjy(VfS4Pcy6 zy)%Vqsum6j_5lF+OMeyLM3osho>B75+aImz{Uk=wypb&}Q^a^>NIq59skoaV> z&%;D^CctU7gzoZE|r6GqxA7!2^yraulRZpUe0)KuM?q14P z*N&By&J}x|l}_mvQdsKm@xq&T*-3`NT!r{96gCPU)R{kM3QN6EN}Cl0hO`206Xa!l z{%=+~k+cK6{cHv{3SO(*J`^9xTzT}HhexcBWOLYS_4R9Uk#Me=V<2j?+A84~F?1kz zN$JxRG^}}@lsR{f;ni?hcKWH$W2SQDvo0C3uphh|-P*1*H;a%ex(7n)f?qcs&BHGK z)86&1NGtKO2Z|%|;l;NPzamgA+;2m}ZijmJciRb$*+uM$4HKNoE4x`c{_!#5>J{Em zgR579SBrkYalF|*@#c8kT7%8TeCvVD2z&E3oKS{9THIXl82)yc<#PK6^Ze1rkS{EP zW4dLF(67$Nh{a0=7B5-Y-`_C^v>p12_4fz3Nox+nEw|(+nmbhHP49v^PSiUNKIaaV z7qEk^zHV%eRkdeZGZY3sGh&|larPwOCWCwT5U~7%g%`xgt{~Vt42k6v=XV-9fF6xN_uS-fXkFI;8ie z)w6(u5d*q|&>B^iq1Zf5k=?|u*h#8y%aa6%7zp;EvR0r20r233s=NRsExWAe;GG(Js5#w+*V{4+s@q%5 z$T()dO%4-86Oy+7X3+EJJ&;ct&moON{c$M<*l=ZXi0c{5w?l1(IKew}{)xwhKn`G!&~|(<0h`2KS?_tSKsd2`aNalNb-M0SQ{{0>Ieu^2g&l2Puw293meJqa|Xl4(Lj;39RjxhO8==vK-@JySDmiIkO zLa235sC8_gg<3yOS_c#W@hq0Ghn~zw?m??+hzxd*x@IId=F`V&2t0VG=PrW*5RqxF5Yz>shP1^2l#ahzJjcx1>YrG zn~^Wz4@|=OmuQlW`X=&u1ZX#nw2PfK{P8DEd)JeIdrf)(?UV2kEZ${Ba)Pp+@0It%kou??3;A{^^$XpLu-<0@Z6cS@s?K41WMB96!b%wf;K} z@J9S-XP4&g78DCyH8--Gb94E{Nfo%f#a@2;`h-e0^`HGUgd5`ww@O!dAv9TV| zojWmb4NL*vOTi!14FQbaE*ImXgzL*mco8^{MIhfZI8kQLp5==OrFG}ufC&Jx?=U3* zoA+01i@dIyN9Q1EMX#+uG5Mf1ip(u$S{)+y*h$?GhEFBNV%#KohEH&=TV1XTta?!w zkm@L~mIZ9rCl$E&JzGBO%Fb2iqMs&Bp?)$!IO^^1Hen#62qLr)$9H%JG5UVM4I2dc zH0|{212_hbO%e2M(#YiCyj|?WecxW$Fj{$Y7{{d{WTF8(p4GSm7!HjMWJ7e zkNYzk_8}-0*3deR0kD5C5wM?XU}s%Nx2nglsdw(zf_l$SRNc`92x?a$V_oh?47|?tFU#;+G+@y8x{rV{t7g2z4D>G3IMnW~!4nMGbFA3nro- z-_xW^?|~f3NE~qIA5dLB^#ktCg?2VpnwwW3YH+e49CKiue&^18)4Jz!G+?bsNnFra z0r+k|&TZe)hH;co6YBjd2?;*o;5Q6-j60vy;}-vfxACgdSHQU^(n!pLG%G7!(8$x( zb9z~88bLVAQ_n;0@--uJkU_QtrvH}U84%H*pFJkQ_YUcA-6L-|fk{u4CYcn5iI%6K z5;+oGA;C#mm%t-v5$`X?d((V(G#}mWsc6@hcGa|ajdqJ_)T&AVN~?8icXabMX3tCX zHs)G?tqq$nqmjzj#?D_ zso}Lz^L)BlmpDYM=l4oVc<%wos~f<&nBU^i4ZAl`zA>tfN(1*54Uo8#9N>$xW?p7K z-u2@ph?z8%t;z=c;P#JCbMnVgWqg8n)v{PUXl}Rbh&CKMq z^p;<7CLc!j)>zy;8s&5iVu%hJEEcuDTKU+&D zvv2U0K!G+11p&xxgL@Q4W%eKWb4?qhaPaOsG72X>K{>|`71oD{5{f%p|L3+hiu|9u zPfPp=oJ1na!45|!_C_-2Jxx9FS|nK#Q)z)2aZEL_&sx3z{e*weC__#)%tG=;_4ij{ zjUkC7Bp~4{%soA`Y!m6hg(Jz zCswao{$Zv1zR>)VWqim5h)zU(7hz%@Pj{Y#(wzlaUcHv~BW9cPpX<66UnP_--HFpx zPi@hmbSQ&xO%|0Px{1OJP5^zmgvH`klzBRUUV}y2uwCO$fZpp%c(9;!hm_twC)G1k z1Fur~m_|JDRu0BzjI<7EP}k4ndcq768XAm2ZH4KB%%@3#^>8R2KDF=%7*A=cr}*8Y zDnXX-0XJso3#u5xZB;D?3s-Zl(H<8W9(&}G0`H;rvpeBa13tOtjONc^t$PKTSYmTj z(2utJ2%J9c=a{t-vZxd_aDH(Z)8)Lx0*1Vig+#qIk@o8y!~^WeR9RFa9lh(p@AXSG)uCd06TPVs z=!GBEwQUvf%aBo$zyt zS)ZBvt$V=x=YfFh|6gXuSZ3r>WD-JyKf8Y0RP{bEdW(ht~<{uSGG z*69!rIusoch5BA{dECBj*Ua`Pe-dCFv=#nSTu*Ur{E~5KM7{EIeDVmip(#TD<3Syq zJx(u($iT`#4JvriiE5Ny*c+I_ZB0q zp_@)A7AQm|$OqnvTt)f~dCXq^8k9gkvewU2xc<^!GarY@UmNSL1?gYg(OBA})flJocfK)9`K?i4} z1II@dJ-y&5n1;S>&Xr%H;+?4nOToDemZH0D)&XZU!c;>r4B_eWD2WU^;o-~*LT|g; zzYJQ_36fyKhM4M{2}hwgEbJ%7Q0Z|;siQ@6^w0ponJXb&q%tNI#tLim$$`lYfr2w2rTdURFla5-Qo+U_S zY*8T--=xIg0CszU)Qjzr&MsW-3o(Ns2t5_a-(qg+B3iN?fPyzC?g$U zIfD1V_~z6kk`T%1P;8^lF4GzAo)-e#{|T)c ze!nI}$$C>HM9eoHrTcL6yxtD+1?uqWqW&g4s{J!DJ*j`9Cw;~)xkBe6)B_eZr zvSc7Yd3-2G-I_^kD z-(Kd}wT7(?(ebyz6XO3Ce;`Hb(^F+2BMh9e11VOuxw0xb=Zh(L$uR zbn2}0^GB73i4ptZ+I~$Ux3*xvs`qg@s;GG~sL|_Cf8SzzMeD!W$q*i?rCbCBs1N6G z2OPo#7w#Bc`16V6Uo5F&tU#_0V(h?mpF4Kof=P}Y7^SkZ93ya~3n=VL0>TR-<_!)joIWB-}_->X~zWx;`iLeeG~H0(bz3rYNt zJRdgUE30*|IP5?Mk*f!I0WDVu!)Qc8C6rJxuQFA+hIIV>sSkYy1a($ZBpIx%QX#%6 z6=>(&O-4dq8E5$j`|1$(59WwgGOMHMsspUMi2cD&Ir}17oP1blOFQOsocCgA(3X;w zaOFFM45B8-Ejd|C>Z07bd8g9=#cJ?{3MoOLkdp;zIgACxogIeB2UhZT43sNHy(upr z_TaU;Yk=_9zU5j5)Jah%F9!@hHBA?I%@klIqIe&lw(BGuR9$z5d|oW-IwT}+8rz(= zWPY5a-BfQ5h))IGxZP#%Z^IXH5^v_O8*NKi+usSho zh7+XfZ~bL(?OGUIj`HaO`ybMyj~U$H6EV2Vc!Rrl%+Ur%?cw)HgEEyn1j4mwOr_{f zZ#13q9Wh!X9l0_mqtk)%Stt5*6e{*Fj?!zW3r!eccW7;12WifA0OKGLbK{xqT7-+S z*6G8N(LJdb3XU>7+x6c2ofFpKX1_3pBY)UYsxjT`GE^zxnhDvcB<<8ru9`@u)dfh7 zc8_HH5jzclvT)>5>4Oi!x^x4L^Ht7@fiqwy|Go3BxdrY3H6{sqCs>azV8^+lu zZYZ=TA*sx|#_`zY>m15c#k32!_I8Co7Ro+lSvXyvXF2(+oRiZ!KrXb4p_fYVsh_QPEoQiJm39RN#DAC#m}m001i^nk_9F{=o6b~x zLTHWb9qYYmw$es@`usN8Kg2a+R@JE>b!0TjfSAt0x}?smORzr)O`bC61dmwyiyL6Q2W;RLH{IEurv-`8Q!k+S`gS(<1)Z@eSZIO6u``H(GNsN!gu@6 z!maIz5H86=t6U;NVC#K&3T|OY)W@+2K_sQM=FPLHpv1yuT$7l&G^42qDu7?^YzwD3 zw}w^ioqaX$)bJPMe?GcnzALRC^sML^iRlH~Fu$c2+T$A#A47h$T`4aj3Tnw1j5QqR zw=};CkN^?xm<=}hl+CH9_TD@d;ss11hGV{? z%GCG^U^s?azK<>I_&>DWQQCeEkuvm&7h$iZ7~4m(K70c44?SDheb)Qyvj@Vq&fwUg zVfZIBKG5%SoRd}$-bCrmpBOO7-+>&*!dE#@Hp6-FY2$z=+kK5_} z{{T-)Lp^9g{Qx-QY$3H!|4Ci{i(=G&S?a&oO8wJY8Q)>(4uqq%Ji3W!mbXX7g`K>1n~s@$5MV zNnQ3M|IjSnSN}VF?l21u@ZMMnm`TnrU7qVD#&8klCYI`Q$j})2G2+X+BYG?`S zhc0tY!{0V#W@~FKCINe0N4VF8#Y{qwI-|qPv(_SQR|0|?ybWFPOM8CFK+*3Qp@$db zM>t;L$3jC`NhL6z&xq~S0x>4)d;}c6v7Eb)NpIr8$uOf^u!)0)UuwPHL-KA(BPmU% ze*`Bn9Jp~d0y+HdIlT)J#Gjq*P(Q4aD?x%6V~(6KU?*l+$D*n4OhyN>FR(h(HnRTF zp+8~+WCLs@t_3^^)xmMG=r~uSGx8of&Z;__bBkf;%X7WVZMFByJ~VNP-QK2lb27DmvI#p+9)DZl7B8); z?~~xlv0iN(Jj>|!CTv7`tk>EyYQ4!-*3~nmZLnuZ!Q&k|`!_53+ZIBCFMbKbj&0xV z@9wmZl|%yexVlHRkBzSGPW$dD-J7*PfR+5+fvS#kNI@OSu&X>gI7;|i_P2%y&*raI z)n-hs_0sTQR%m~#Q(1eI1&=m#<{sN{;qES0)x#tL|8Q(~SxajJe?+CbKSrfcR zFs6%vIJSQXNI9QK^kSzj1Ap7<{k74K{e$0ovng)eW#jku_?;Vf2EWecT`GP;vj?$0 z!A@J)zTRmq7V*}~Ty>l?2pH{vGfRSlcEO4GnpoD+T0@ky3y#HC4E-uJZM~#l<=|DP zvP4rJ0SHZ<5e{m;_6|)S#@7T?^b??@=A3jHqTu%&!7s-57L0L>4_FP2Z+P%TO+R{k z8mk!Jqb%xR73XuigYALW&Um=}c}af*^X9G>$y0VRS6QS_Pp<3NXOSYYJ72i(>S$A%PN&NX(l53lAA5{}#pXNtjoc(Wj|OU32n|pcSZjtGlNo$pdTRcn zd6@%gcdlR=oj30?Y0JD4-bFml!2FzZNO=b#3jrp~@TJmf9G>+yS!Jm|Sjlbie@y!y ztcf-FzcrZ3@iiq|Ro^8hB;W*LTb?3B97%&!)&nK^e-caY#Q(j>3FmD<*(JJc50ssR z`;G?I0)~8R`IeI!@#RhA#;oDDktZD*by6+n?-C6ih+u0=(1j!l><~y3>|u5fo)_{D zQ>c7St|HTeejrcCAKe}LflP6c=b>{cN?u`6O{a7E3jN8>_;AXP1~fHQH#IyYKg>q? za5+^2`Q)B5JW76$>CTi!9ag`C;u4cdDyW9!-tFDr2WkOvfKY24>4vMij-z%6#33A9 z|8gU|qh$e}5Eo4}q%5fc>m@3k;JSLa_gt#-LT=l* zVdWz15{*XNupbOl^c6xoA^~*PRaj-IUaW_5QZKh& z!ZS-4?hNA_P*$Tk^%HI@gP3V)xR?DbN&L@bd98399$RX7tX`dkGS-?2nP=wIgT_RI z`D&{J5*7z*q3qgt+KTj@RMtt8{=^y_r0_O%wW>0~<)n9^5B+;*;RxDz_#KDd`Fm$j zbX|zN19y?@VH_eNQD!6-));w^MtKXFIX98%6nCgWBRM4$1l)qH4b5PTI0(rC)c5$? zd2mTBq9w8Pm_gN>?LivNFZ0+k>cAp- zo&N5#)lg{8f#F(=zd8wXHSzl|%)kuk1tK(173MLUfgdA6W?uGZ#*$!kIA7p$0;3rLFCW%gIk`6wWyrngjQs+C9|vu2V+FO1vYMf6brsXIeNjz zy(Q4l;Ed3MuOz(S8~g~|GB<62o5OZp#9Fn{wf@^DRI4~#>%V_RtsGse8*42#waih^ z>j#EvMfA0Wwc4^41Vafr+_eH#$46Jqj$3sxt8S?gFjufvZ&RzA9^A%m@jASWweHom z{>WONpRG}1YT4mh5rfNMtx3Ap5Y~Fm)JoNT{d`fpzP|bkYV~6+Gq{FFP_;C=>bkg9 zpJUapUX#IXL@mPHqn4#>slTGul<2-Xhx>|v@UN`({;PtJ z7g+0z=vwbtp}rz&O=qpgQL8$}Q^gs{kQn!He9qkanz=IQWXqsV%hLYyoNwcKHngil z{8LxK_XDka1HE_r1Cb7J7)pu`p;nQ^93l!@l)>WpARbHxzu|`*9UPC;E!m;d=5^nM zTvBd0+=^lyZZX49Ywtbk5Psj115o=vOSmZVZmQrI$~lH|3c^JKXv^{0GP3D1099HG zWoevTbTSNwrfpN!Wuz8axR51?c8%X9X{0z_cuh-n@M>!AnPWzZzk#pdk)R6(RVfnX zOL6x8yH-=EHW+sMJtq`+XrC>``Onheh4V08a*Bz1WWrU<&{FW1O;Jg=cY z^QK6TMLO}b|3(u9BYI5_h%LhBIP_W{lO(vN;eh~A4(M|f;DGXl zP~Ew|Se3hIs)(EALg)skeJ)ytQCC2PVb$H(j_xpAI)ETt#>@E6CBhLTQLVRbv zdT#I>r+#C594pqZUpp6PiVzU)yqIz>sfly)RXHk^vCsAPiOsw?y&yq$@LdIa!W_dSOBks*mq+04Gvz2 zSBYhowPtW|cx3x@x_pG$uwEJ*vi}B$-7SM1cgxG95dUCasB>R!U^a-)%r82J5{PK^2V8yAvulWxL;W;O+poSqPmNn7IHz6@zhap&B^4}`uny^oego6)yM zmqXv5OBW(!p|>APnPefJE}_cNi&8cVVBKiFCS7qB2v5i|dT!|VUS&E`KvS{K@T zxHizpar)D5sS;ew#3Ke5?aLsjghI$#Nn|PvHM9tYBc&0GOxb7U4_t|2o|4MCqljLI z_6+&=WIdV%$q`zQ{;4)l4hS6j;(GLH;F`1q`Eex8kc)>d>Dh^h?SwFeDwxcLC#L{= zB_-S|0jV;g`JuD8m=r<9UzxE7GiwAcWusol$~v?^RbmE3G?b{0ubw2;`IbQlScdX! zGg|QdfD*{Mq$bYC0u+v2AZ~+z$zH$#bI#HH3(kS4Go*mM74Qo@Kp+F~3;frkSr%?j zGs0r)rJg}}Gr=iXU85Al6+|+a#F3XhMdX1&{_RxJ4AOB98Qch?A^0fk+QGq7@Udgr z6%;?e!^cioeh$X1gvQ%Dm|J%ZUCQ!8JQ0pT)3lGdm#yY7H^>`F$`s-c+jai~Fps*P z5oPHYq=d|){IJbla6inW%72Mbbp>nfVF)R$gJ)#&gkaT^?>L0*tTj zMO*!Jtt0oN)~%+NLGSABA>bn*Sj}4Bz9>VkW33CK`wF%X)r#nAK5MP3>T_fz$I^%T{-2lu1hd|#v?#>GR z$TC8r&#?8$6d5%*DArV~?KkY+-E#%1<2Z1aZX+ui`p>xv!9=AO;A7v?{?&X_hH$l8vl+EZLaa-#DjK{g`H7ZFe)2)mSD`>F3FA{HpruZ z)-a##`uZ^l-YkZcf%LK{v(YldkdZO&K{e{sVGQ^Mwh@7etV}u{t;~Z!nQVY(uskx6 zI|RS%L6(|ickaeHN%XyjJEBiiwdoC1sNwv}-cSSaFKX<9NDNd5dPnnfYygPxH%y>r z@kOc@3pvCW?WNp7&uN&DW}!v=y&|$df}a-rTeuf3{|Cq-^FTTI6GwCTC**{#%&Z`a z5E&{PNC>D{A>Z}+49%|Xz^>e9zh?rMeG8G&RrBk#>XF`t0e5u8-@c`p_}hP8O7O(d z_V`UBv6!9RU4EZj+6iy=;Z4cRmxMzWa5)0LaF1H#$sF$a4Sc~3sNofj6_)otnB=fO zDjEk^cRdb(D;oQj-c-@pzciPxs(Ml)`P0wnF$RyMf%3>ZQy#`AEzDIZPMoG)fn2?f z@lkgv|FJys{v(gL9(-Tso6+kYSMR5a$zxw)coMCnj`Dw_lFw(0J+>+b4X z?(QKyoFlq?lP;goa(AKl&Wgr!t;#{t`DCl|FlW}E{wLkcGTqFda`g6*2G;M33h zF`4q!^${MU5M_qP0`DxKG)@Ot4zqxlh_M#y%0@ z2^#ejIJ=l-Vz{r?yAKPsyt~l_JUX+ar+oHQ=f?fPcb<)gz56XUE_Asw1D_ddP=WCj zl6+3t?LK8kfv+*tNu%375$7|VPIg141|dh&M|6`3&XY&px$=kr)>LTP6+8`v$LYdF zy72fG3yYZ(kR;{UOk4q=wBd8g4w_6wyyWGV_uU&B&U2r%gJ4&qM1kEN5<`T$xuEWp zcer2p_YdA^!s`)Yae=?rO?aC-*4Vq1-6F0NDX_7#!hR56@x66tM^Xm@iSFXAPiWI6 zg1{;1FnYv{Vr1jBk%sn0p#4d>5)hjntN+NLZwa~{MH|gX1;5^^65;E%VFzi4Wg&xj zlWx1BGxm?%jJhlZSWVkx2|C73IS%3R0MTi~M-q6#cmF)<}5c>c`pf z;$PMIXrDgM1XbSnP0K1+O^nk)Z2aqA$e=OyF$_1*r`vnDP1z|h%@UDf=-ZpXgt^)D ztUz{Mk{Imt3i?lwTL~E06YK!nnfJGk#@ef=HgRBd6dT5^Mbd#Yb>8Z*2}ik+;r7-f zBbNY2UjnmG#DVc&<^EvZ6GSIm<$&5z*yD$6btfViu=Hjm+RMGugDd{}d3>%MeDdby z){RHVc1MpdDI4E|U2yT^0DMp{EGJLljG9hAO+%IA!(MnF*!CA4KiXG|6heKNjM{od zbr|_`ZAPIrY7ab!qp^m0d zabx$GMBL+!b1{!^Ayl0Te3O$C1BtM?RP94sc)#+mLLV5LR0@2}ugHp#iGwJzgT6WN zhP-kNIN^F#HK!TX1O}m8*swC641d!<>5a6nLMK0N;4;XutsGm+NJL|U;hX^wg*9^q zXIrGRyIRgr*hs66dEw5wPO^Z#;6EeD$b7Aay^Pbo&!{-F&xP5Klvj_g+ zA;h9&-~<+g~jYnt89a-s-fxX)OSVfzuW<(tgu&=7Ckwo&Ss?vSV1Yxang!fy;7KIg%WFd{0NOMx;8uf{g0QkDrGmN){xF*eAVsTSA5;%R;pqIhu7$TA2kFB}uyII1 zT|NXEayz+gSk~%IMrgoZp3a*nCQ_@-;ITJ}65!q?ddqVA!3y(X5xDY9Lpkc5>sXIJ z`jG5(bq%LTCIA4s6N8U|O+lzw9w;A>7`%_Xv`+wpO4c+0!BEFHno;C5xgnzkn@Cj~ z)xdi-lVrR7(Z7TlME!9_BwHL)e&bg81!_~ZJUe-nRb{d>H&uZlPupeKnjL3l}s zE#S`zu|XC_3S~_$fPHIKJ})RKN(<$OOq2YOr*X)|v<9Y=hM)h1IU1o}`xGSqgqqs>4*a>O4oa)#(|J`!_nyRO*b0trE&VcYHilxPkzy5M#6-NnT9AS0olpHz-MmCkU$|iN{QQ5vDRTNmss)(fvzcY1UmRV& zoiI6S{{DXBZ<;^Kw`E$s?M=kIEI6PzACPbR_=J3uCoH8y^4>%yBE(a|4z)0o$adRR zbRUG-Y2CCio35@tkpk%Me}{w_CejGA>1yf{v%VQFrKUhhs$@w=URKYV~9I&NK0grLcxt1d{!s~L$f8z?;Np^xB&`WqobJ~z}QahGGEe=1@| zB|JwJ>c$r0n1(cVdZ@8kPGcZzY3v%jpnpL(R~pgW@d(nD=4hWDo+{uCd4~Q6NVX5w zIp8&%9|NAk3)NY-ml@IC73ZTp7ly3tvW4qp+ z6&~&1?@InO_3w)y@+AF-k%!k@`jSRNKQwF|&IE@W`H`@@4Grt@0g8lE+?frO5c)WF& zqCKwc`TJbmWa(gozllzhskcaz5%XJu7iz3-?}>=^{y7cp!CRl82I|KC=Sc%!lGE7G z(_`W5ZQvWO+nW&4-r_lE55iExf3*xb#cA@DwGRFQ=b0&S@V5sq)ZhJrzxEOB{WA;g z3H{xp8~Y!`G7Gca7;0?2)0i{Af5!{rXOeDj^^7q7raJBM_u;z9cbz6raGD%?i!>P_ zUP=hxSl!;#i1yN)_S82eGT6JE#@>F(;g8du#+>=>ZQwh6w~RL>qP-snnDG+6<+{ls zPLsEVnrt{XR=(hc`nzs#)6L=WKI62fF4m2GiNI&U-x;CCRy&P3@I8(ffQbl457w9=CtW8^!nQN>n^Y|D`DDCP=e0-k`M`fC)Q1W=2zoIYsPl3E zyR?GD=vcSN5eJZQFRY~0VyO;qlW({DqUQ32AD#eQ$KbyO%fOL{>Mg)RZ+wp1*Iq6P zPbBToKangSxD&SCMEx%owX7~%as-Vm6(BtRiD@I(!voWFaJ02yO3uipw?|*LhsCi~^eAv=1yU1;?&#WK}`dSKYfE)i+*#16| znt}IIFdwOLGvNM=Is{nk%7OvjhqjWjCl+j?nSpZJBcp~gE(8ORUa-42jB0%myY!!c z5Kzf>0E3!HRvi(3%$@eyIPIA-&KZP#Y{BU(dX1_2UQ2MJmY0EVaHJ;M5YzVU&uqtg zAe;7W7VTSDctw(5+MRnT5(n1uceIZw^T0xcy_!$^(hq}XE)=`#=glP8chpU|;F$&{ zGLZA8n!dC&GiU?CjQK+b3g%r6XYur>Ih*(e^oeCV!sTvDPH+MruyEg$jn%zGvRwi* z7Wfe(6^@eI*w@|YOZB^=wy6@%!Y->x&G?D?7QRIIrMQ~sD&KIscs$>qYg}Ijy0yYiN;#^o5mlMC-Db^?FL%%_#@tfZ26lne~SS6_UnyV z#bq13m!mM-%ew<*Ky8*buO1`s8uMxeimTz1@w=Tm>zjI{<(Ea}WH1i()R##V5S5;S6cjJNR52lo0e~~D7ubpDx z@%?-aa?3-;B#jS)oR=Sm-*h}s&uVz9Zi?XdJN-5BuLf&i)8-lcP7VW`Z3DCM^Wg#O zAFkn5M8T^$+rSh2uh8_fL4Np>X>xjvfQ+)g<;3qDrl?qstSERt9s_t{-(JwbzW#@4 ztYrhsU6f}UYvcDA9WI4No1afwcv<#eRId&~9w44b0$|KE~j;(-&-}Xe?DmNE3$#*R`iIY-v~Tl{S!32*-`My1_GY#Uv<$S zJDq6g_v?#xlRFB?DEg(~feKBQ_MRUFZ!qQ=wSV<~i8QvYjo$22{H=5Dm+kwG`z>7;0^8$cp`tN82s)x zjZF;$yV3?`^LG#)5WjuQ7qJ|}qTsc*;R*hiNs}vVkV{{%RYFGrSswNea#M(3NW*I# z1+V^S8^3!rupTzBTf)HJ&5frY9tO-YiYw1{58lkY>?w^ zkg10V$cTUC*mDN)y9-186FLA7D1F#QsA%;X&OP@PxaCVYRDAAtY$}uUr8;8%Yb`G2 zu}a0)G-#!;l4aOo2=w_I_7@tPbcZo*pFY?29VT)VV~zZS+QpC~riG(vXwqT*X@;T~ zoUg#3eISkm4jrWqcj`29pe#W`gci0F`y8ZHJbWqe%g?RDPvup#V~nadYWucqBqvWQ z;Q+E4`IcXW-~ma*Ng&{rUZei}8(3>@rLXy|9RO~qJlYe$t~(dQa~y=I74jFjMJU^! zhxWTs&t{mn9jCz|ShR6@^fWRXCH{-*awRDi>jr%tG3XM1Vh(7u?}I>Up6ZWa7v`@q zOIe6h?p9qw7NoA`5BxV^bdgj1M=XdpbIaH%?@Chgd>sGr<%s2aS0g+@E(7Y%s9jG# z#r8#%ZyLN0#4jccC;yTraV5v^(R-rtJ454_dyx1II3RwXPu2MCyyAfPxu&j$HH-Cs zJZl{To*tUAU}_5`~_ z$i)R7e~iZ}e-a{oJP)(6$-#%~r7U)DqIU@gk&`EIm$O`p$8_%JZ}ffDo%x5ZrQcx= zxFOT)I{*DTbl`jORj4f-=LXCKV{-Z4k;LF#;7APo-NxV^y{-a3*ksWv7=a7+ubmUw z{|m0ft(wUU4MWxp@OnugrQbBN6~3a&jS-m# zkRbQGgVeL3eeaQmB255uCD0%nkWA`#j06D8|Jjhc{SEg5c^DzjA>FLhv@$}5=S#?W z8Zz$;2|u+AamwN>yQF0}sIsp&iHInejieVSK#6a3VcIDA3V_sp)st8)ch zl?~2u7QvCer{F>jWg>^=Xh%q2{;DAzqd7J5aU0U^E&}PxVj^}*7}CFSFOat2LbcV9 z8lDBD`390c2qpDt%ZBu*hO|r|eetBt^H&Io^m_&upx?48U=_9~YWJn+?mZ$CkfMKX zLEp}#?Z}|*K$r7C|6%8g9Om~7a#mskaT&mf4Qb>+aAc88nP(e?-yc@(3VbJPJqKoZ z^82UBJ{IkeUvo8f4v~{>2-z2tgUbFl90*19cW_jkrWE|#zz=X1W>@Y%DGZKzZkU6omAk+VeqeH3)L}7*gr;gzi~L|qtLXg^)eS(BQj!LyWkjw1R_|XN z-I&k{`+UUb^!#8cWw3-Y7S$1ENi8Hcz5IwI^2rtdnpfHs-<73QSo{0wb^&+^u$8tP{HsA!t7Kf7?-24)(m5@#NaI?s#jQpT}56!M!He3u}mGMO$ltRTo z!9nda^?&xi)KBkJlk8woRx3w`rVMa)pq*2CiN&*3qZaRpX^_Y&fm~$S!nNtl@!BdR;hy>1 zJFKxqrK378rvec<6i~-hAl*aldmcnQ6J=FL77EuwDRaWU%rCZ;>g;C94G*+_yHD%4 z(n$Z|=ViijZq9=&4t3bu5OOQ^qzf23@ahqakwq)DTT7Zv`eT-(YiDfV%5WEZOP&mz zxv|U3-8M9-Z*N5std+X;i_YexR4aGISDjM|{d)>=Bpv>#_ES&-tw5?64n34su&<=4 zO+%vle(*f4$Ta=~r2ns~CjOYv( z;l<0a$BuTD(D`&w6MSg5n*&MH=sKJN7IRD=z6D;fiBctlqbX0_1WS%YDeAZ2gveMf zxqPh? zX^Hc@D0+&x1nQ>a#~YYljUPQfvZ0v zrw;UYN)!3~9rCHh-U_dpD@2hJj3nxI9^XplOBW%8lK+G2p4IZEf;2X3HLyV@8i|8? z1|f3`Y7JS<1A2cE`WuZk`d$V4X8w=O={DPN(S|~h=qYmGPcaYtar0oHa@ULrLLJz@ z;61{chP1+_RYmz*CVf#9D1!r?SCs!=rSkf(V?MXN$Yl@Cy2QcbYI?urAZ;x^)cY4| zcgaXan1{)6G4MdZD4e_j)D;{Jyp(f3rOQ4sL3V}Fn{?UT&z2YeX5@cdr3+UB8FpIE zyu6;Z0C#e+(7tHE1vy$p87Nk(R!X=1_qpu0W=##Md`e2$2PdFvHD4E8WC{`4=-ILUEfq9;OGou~j30;Z7DAjM=t_^sWWpacbd>w6ws=fsq32`NthRr$ zF=^Z$Op>>T{r2;hPr8X%Yiq8pQl471T&nGMrdFHT#0hREjJ|qWziMe-!I;q$S&o)J zfrKXu3B5Sahjx^9ed(84W9l3=TVv`we(H=jCpTW0gl;(yzL>@t|72_u`nk7(eqBNb zMZej0rGJ5b6$$89+o0w5jOO&aQNLPYUWMt`_BPP(=w|dA|HYrAU(XBvEd6eemp>Rr ziUjnnmc+4JLCK9lY0^y*Nkk!zp{1Y)`Q=C7Pu(h6bRwjTW9Y2ZO!c2KVihB_5yq?Z z<~RqhA-lEw%D5|T{R|WBfF8)lya8wy7=+OfrV6Y;3G`2+UCM;b!)gV_!?Au9!kb5A zp`WEN3R3x&$zp16{)$O59gggW)?14LQ0ptOW)S{;L&Y1!8!-$lh_=O7-z5~^XUbfP z)1!T2JRZxjq!kVU>W$K7^VmPcvr&Bx<4PE8C;18O6`?WReiwdad^$Xz4{F1Ps}V2M zSKMp>1lDet$6^*YTurQ;@3|?ujox69#_;-lZFaHqo zRQWNyOBLWG5`-G>|4^G<(L@p?AZA2D?ZNO=B-q0~>Sp)MQ!AGV_>azt1Ao^IkmAqT zRN;XQz9KpJc{X@6%95(8#QT^|h~V=zKrk7qu#sp`)u>R zivC4)Y!$ngO0yhN#9p{#{282!T#Uwvu}0%ckR_mLH|Nk~v_pJ2mrbxeBb%+Meakzf zyv3NadO!*oIjC8+0M8N&;4F6%0i3%Z0o3~0qU!R+j^Df-WW$*yk;>jmV^gfuk&h!< z;RHt21)u#^fcQkk0P5$e>ZO;^U#P?~zsc2PZr}k9%W)uH9e&iMq#Dz@9A}?`%%C0% z--d$0XKN<&vlbz2draMcQ|tHijWpeuK-B z@GVNh9(2IGspKlHQ_CL#ewZ3fHymaS`I8lzTKQ5)MkH>=Pad>|SEVf>Z&Q2bYQ<~R zo8>s;UGxZMYulYcL{}~E5aB9FM6oYdyH97U?OU2FH`eFy8LAJS2@?|a)=K?-quobe zkq<{Ti;IYcQLmoUjJLsl9GO#p82j^Ih}!||56M|fsoqX@Vp(IO{2F5fGf)A%4v4#xgSn*J z_q9urH3deLY3lk9VjxWdbvTahV+?5^fF5;oXth3QxY56YXcO^#t-I0w^b7 zVcVI*zp?46)FNq5i+GT0&q_$rc?6lnK|}r;s2F?;6M~>>&Ksa=4^nkXZ-xNQm+^n? zBY2ybw9sF}H8K@Bam3wKk+6Lok|Lve(=mb!LB4lZV46$1C&va>fp;(D51leaz3bU% za8aMWLNcWPdMay{)xNa0=vikPGEhB~*y5%B-ZmK-)N44}GPn%eNU-~gYBC-yI?k=x zFoZ|3>RBvxpOiYVJ4S7iO%;=)?#OSZJ0-kHjRZx6BEiLpH-9kWQ`c1PHw*g+TR4g; zl7HZliT8mjU?(5Uss@TwZN*69hAxv(P`?bp0IQZuQz{O96Iw9EYo*R;YL^l^9{tto zR)fnWd<+`jf>jM~9)fH2)Yk}uaUaR$y&Js#cMy5T>s@p4+Qrv?d2Oo*TQH2{m7@l} zENmHZN(@`jOn7H-%wm`V`Pt`)utlObx+&^7L;?iIcJFmgS%UUMHYT!LVA!SF5CsJ4 zwEy*T9p8$ClboPHG@vVF>k5+0x2im`=d$gr#2kYCIk@=qtNYZ>ntnwOK>!&0n}5mIN!j!4LSfIU zUI)P*iLbU!%pc!LPi#5%c+pF{N!y}(>F!pE ztLud7L>#*P7a~hl5G4-3d~xvNFo@@!V?4eeaafm|SR8^bdOWfJwEtS5`CrQZiLogE zzzambwEb5^HnB3oX|o!QAy3bLze7qWpVFYW&6Wn9iib-~fz!8kNO`jtx!OsZ$bt~= zZ1heh!i&d(KJOOF!(Zf~A!_{#Vjey_QEOy8Hhlt}2lG9)LKG(w^ZPBM32wZ|Cwr2< zYymessJP6)5A;hzo_~hALDx_nTLZS1cojUQ{Ser8MJgjv73WD6q?9ja9!~q41I}p1 zg5a#?)PGm}PqY5>B1i@NPsRHEW}ODcue)#`Uda2L@jO8h%ru{hMy4P3c%klCjjrXR z(`47ZuWw)fNQgrsF%UNO`-f4bpu=Nc;+0;qPm&8eZXc4ThcqE6Loma&YtabC4 zZDdgGu3@{ehlPx}oWXj!hh~Y0p$}Rdd<2gTzcrgoK7^4Hv%*H*b`f(5Vjr>|mDt{{Z;|-DC0x-pTpX`2()0)3ttqLg9WC&@b==>_cEohyeb8=JPtG=*_{C zsRoG{ixVqprQUINYRX&V@l35fo-cINpt}BbYEw)CHveL0A5fo@8tT5NFVyro6n{o` z4GeYWJbMr;QWQRmI8`<-g4n|L&&a9mySG)sG0TxJw102W;fUJgbR=zm=< z_)Qwa#;Nx?b7Us~N>x!uK3J(UO$FJ}wdF+D1__JQ=4Kt)YRLdygP<27*Jms2q48V{ zlV~!^p{lClJqY!{sm)c@1z}Ys@-YFvo145tZ{#1wnFCiqmyXYVv#%2V_{ zxai=L`HVp-=>TGc`xZSML`TJdk))!VWhYB;LXrpYk$M}u_!3(IWY+JiOHQ%nH{t%P zK@u)DJ|2)QU6SKzN3bWtfdQUCmd+iJEv8cgw3lOpH1KaHmZY(J7Hf2o)+K_&!cb2+ zs*9j2LVUv4H z;zs_FIsjQ+wnvl1#+g0(ypwH;>?HnCIS6$V$Ly8)8 zEcZxZ{py(en+vOzezVA^G>dszFdz_6F(A}`B9PhA@=;KpK1>;i0%C1x+BBYMBTk+} zhL9-`yfo3&fZ)&gOoNW^a??ZD#|A;*IUUc1eU!MaNaRInB8|uvf;3io!?T<8R>@-^ zI#;XbiD)|PT5NpgBhlhCZE)yd2tLK8->{$G!?q#2&{R~jiuEHBhZURRAMX2s_KpN# zq-GQq9bz)R@y^pKKg0-SCI|Wme59x!kCi~nYWD4QY(rou5b6gpx+oi&#J+v4E1flY z*WPy9sET96ks3J!pX&Lrf|Hlq-t#*ju5Jo-F!N-NekjAuGpvF)zc&sv;)ED(KaOIg zJVY8g!uEgk1}He`)EgKG=bfV?b;T1jnCWAV(GGRQ-2!I#l+=hsu~YYAGR};}>H4FD zTjgc4HD+@a-*{{+Qu`5P(ymk|*Qy^M7sK3M>S6a6DYP7OM#3-yLX2VdsK@pssOfz~ zbnTjgRj8vGUjWppdYowb2KGN&7HjX~yNLFG_4yt9i{F|)GVDn75szRY0oTdZK%Bu^ z`MFz^{L^fx1ZzJz62aQ>513#r!?P&H$Si-z97JX-Jo+GZLoMtRw*E08)Mwpe{9ns) zquY!)qCFUo8vjc)p~}dTa`gn{hC@ws!8Pb(WEEq-z?uGc9-_Wnkj%&E7jBO^J=jW} z^tv$`CPSt7&uVF|PEeV4F*+$yP<%@f9D>0`)^a#ZYo$Jb;m}(YR&}COZ5(6fPeESP zeMnBLi_-)y$#3k^v$^@XA)?XP|CR3l59|KV+UXzbo@{;*l3gIrA2cZv+|}rIwET`t z>6go+Uxo|Mkogzj)yS1P*a7o9922QomzAOS$5G4XzO5y>92|N*tD1nU^Z`ff-U4SP zcj(T}K&XPlrP=0v?(aMJY>{zY;DIg!@_4dCJsZU?gEVaRQ+TTy;i^!&7qVzzG_W6^ z!H|f%cSG<(Q7oplHLFMj(X8m-70^9kAh_v~GoZsAzLewN36F?0&F-e9sg&j5oH*VY z2x%h2qNS-+_4;o_n&QwKD(LA0L)GK8Y>u%bI`=h-K#&aJ0_}nL$O5Uqlc~R)A5~Fw zidi5>?bPpo>Pq}MuRAi*cQSDeuCLRz0>vxfzzzOj3u^L)n5uU=ZG_6>q!5;Cp4Gu9ub|S^^a^| z>)TyIAFG%?RxxcQXoUA3bV(DCKjq@&)TZ%wt#yYZH~oF-k=5_+AdgO0Uu5X~Hf5@!v{e8vsfh`usBKQYr!Tr`8w(gS0ApD&yLf&~TE>VfGBn zpDt5#4|6imJlD8skZO~Wcp@qb`Y_QA|F&-h9X=~{zCDu$jW%RyOv>?Gq$sjTUA>Wg z6gmI%cCpjuYBUoWfggkzPJvA+HUEMr`sA;xyhg+eW=giap!=}nK@qecGqj+Iz(cP( zuGkDg!_;4lpp~h+8zX{dlh8ErMTlkS>Sh&G=?Z4WSFi>9uE;c0v?Q0Qp2;g1j0&28 zKT?A~Egt;hHvnGuTSOY{I@H_WC&mB!BS@>*MuF}bui852{lo>n{}Nh@T~a-txWLv$ zHiQ|83K;QKr+!M0Dz1L}D1SB6kY!0yA;L9;Kd)Ca$6r}rRGAIj`6 zyR=S1kI9(B_$;%zcK8~T9LCYp`t>_@(m4G}C8hN%HLd0N@kQ(}{VkIuMbSY%#eOcE zgip1{YdK!{3}zi>%cIWUNwlS(&00t3fq4!5!79X4JeD2;!YlvVE4JT$_y=^zvCW;V zeetLfuOaRv05As{279th&#;r97hUg};Q}50&3cV_MK1#Gs%jZSSlf{+&vA2NCAz44 zGct*O3G#e}c&9k(UeoU@O+OHfejW6ybn^0WSW*lY8jToL58Xj>>fTyRmqpN8(jO{S z{qPmmUtnsiE6JWi0|$#EE~wxQgN;C{Ha_sM9%Geyn+d8y z4Ujia?Hx}_GQrKYxB^8j$JfY27w-%De>g!48$h8Fkx12JNwh#E9LBTOOxpM1Xb-=4 z5?~s?&u}fqyI_AA(?^ZppQJn_8Nb6iZwDgo>5Ia7ebTF7#W#o`;5-8ahcIa0fVeVz zPyEyN5fo`8MH*E*$)UvfooRrZ)#Upz1-w|NX5h32BpobE!&ggilqnA28-Ou$>b7Y- z3p!mD;Kw!KZCu`R7>y948(NyyslEV%qQm3`MHVl>g7o8l&?Vs#<$nDFWwC-@8v_AW zZW~x4J}Bh_c-y(Zn-Xy8IBv9ZJ4lH|S=Gb_;|4L+R_-n4v3L=9EMA3`{>OU4o1L{l zO3%<^94mDirWWZmFXUs(5y(P%9y5?RX3u_$bD_*UyF3_eaI~`0WF`M5fGD0oTyz6% zjOqk*KQi6ZD-fK!rAsqz)1k?vWMwCxUuq;Oarsdgrbg=z3e*WCZj2I%(jTHv)N`Nx z871)xzP+*ZKi@Mbe#-26r4^or-+UKA&iF6os@=?v`r+dqmBx;!Y zcmMJEqg0H3IqAqhtzX9S{2fUAD1<%HlQKn#Qo%64Yl2uLKJ~52j`z)Vqe@U^A{7vN z)LuXL23_j?+FyuR6?2Vm$8HR3kL7L*Cu4E_8eC!hdl@H5Fn!eRP2A&bL_f4a!OOU2 ze6}wt$7XKQEujzLCzIc>!`)nqMzcuyGd^S^fSf^zCUq&W-z4<1+BKB~K|hye>GKB8Kx^C5H*mTjTUd*IS2&?$YyL zcp~T19v-?C#X~pZzT=p*P#^rJS77}iemhs5Ab&CVy4V@IP*%PDpnSF1X$0CdoBgW_ zJBx%)MyU)eOW%YYD7fv&aHr_9x7@%$%^v%1Y;oCHfYiL>7*Z44`KDIk%2#m54ThQp z<+u-F$K^es=5@GMLzwBod0CnBnn;7ms3|sT?v5i2F2E56%k>ckE6foF%Xx&shB{Ic zr!ru8)0S(ka7i_n2|{k{=liUCq3_qj#$8%u_182!7x%5kb+hS%Lw{jATyl^Z2u}$3%;6!dofere3C>upc!u5>kB8BnlXc7*sBnfp%PyXAkhZ~Z*Q=$>2el`4vX2LHTG1yWD z`PzTt0YL{R|F=^9yNBf;SCIdaVfn{>SpIQM`Oixx|6N^+FY4^yN(NvdrEBRoZQVbw z;eI14>Ovi`A`Zgupzt?{sPL$Z!BR0rrAR6sY*$<`fE622$;Y+IV#-OZs9;DR)$M+e zeNKKf`EiVCLEx(3j(s|FxRx#$#={12hKZft@u#Q@ zkUH0ePQn8Xs&j~v>OlV;(K*z~#RHvr_R{PqsnGa!96c_0r^xJ{^olBA z)45_a{$^B`Vp|}Hb}O%ctLX-Elr8p79_PeK$mnGmV(_HL@8bg5dzR@=kLO5`kR=<~ zA>n=5ivk9DvwFTAypgbz-#ZEy*#Cuxz$LM|&05_#MXjQLYdQYW9sXbjQ#jX#k2r0p z)7!2E0gJ?nF7D0KrU>fGAW_xR>mN7Mk7KcH`TnK!w-*MA^!3E|YXz@~#w}h>LQwH0wHV~Pn8_cMU!SWI>2vw^7vz$3P_6G@RRD4(x8eNujddsZu zd6x1Ow?558Qc7h+gf^{HIRSA+{Y`qC8axwM)UoEfb}7r+5Cr_byl|l5nosEWnL&|R z*G4l9C!gy9uhq~dwAEo30}bzGtOQp(8df@Cq4k)wT~!?K1*pq9HfwnBINfHg|8Ax0 zAIBrkk%!qMEaQ|29Axs%avXP0J9zkz59Vj$g&byxFdrJ3TDX;)={W23F7{JilBbTL zx!7u=mnoj3u6>J%C4o}vPT7DnC%pZ6jv9Fyw?Bt|P<^G?by7@LZlRdH|9MV$|8o>q z9i?O+DG4bO8_5G5h@0P&5yCDYoJb0lzJ3JHu(1N35qLy2Q9&7Pa=B{#0rx1i#jyfM)D1_U-Oly$>-#3@#2k^B zoX#g)%{V4ji@;4zXMgcXHUA1Ez8X6}#%Tobs>)sabHzE#g|8+X_(WZJx()@R>&d7) zI-T((dH0D7-OWoB<8*+OMb`xbI6Y`x+(Ntv$igoVQ{pj0vr#>Fr=Hhz!-lu@;3PgC zV0=(o%P!e`2GPf6@xAvm0^# z%T*K^JZasC^Iztxd}h4NMtzuLY42%T4l6LJv&ZUM2x4t_dIDXy!$TVPc`%hm9+SXR z_4({2PUc?$Nq>hA$fQkI)ozQ-yP~$rl3*YHmc6J zENog{n7{X~XNs($IBjm5Yw9_u{sPzHE88~}S*3XNscY(S`q8L1O#|}&U3n?zw+r(( zxqLioV2IVJa4@QE92^+6L4^n5Mfsn*rv3|@9}>87^`1f)NFVL^;J|eooP&X2QT{HM z?_s|8cU=)22c;koC-aGcs0gvKC|`}aZb+clO28OXJUB4X{{HK+XAKElw_;CG{_csb ziu}7#(MsHWbXV&l|L1i@`FqB6C~R6O;4=VTX0`XKEOarif0q}NdPmCTIuhbgxx}=0 zP_>fF4Sc!>y<0x}RDCO#QuZ^s1cV)Gn_NoSclA@X%6_z0Ey1PG{0H>{E@4YB;rV#@ z>H%EUQNqzbV{ED(QFrN(xF^bp8uQl^Fd&Vwc(FISf13DEF>N4v4*#IS5>{BsQI%f# zW!nHNeQFCk%weUEeuHCRI&b(SkDs`qn>vLCLDM?k_!nMEGy%emVt=S-cYdJvEmp_; zt_Pm+HbHsXM>i>Wd2;Kg$A@DF!Zu_Qcl1pD0V3H%1Sr7>ajRz&-t_N9rUXKW(dzD3 z#{MAu88A(m@uo>TFR!(WMu^=FN&-=fP|drZ!1QwV+rZo^{@BOvg^4Ww1zH%{MT>|5 zA90@M@>^fQ30D{geL8_~zw&xs==_jgth<-qUn@=wXy3Xt$1QYsxO(vq#wMzNdKuM+ zzrGwlIRET&gTdTV+;iP=JufgmShk<~HFf44l7u=wpdsz&{y&gjG{VCF(e2OC?YC>6 zo@ck87rOl?0lI&#TMGVOViU^4g4lYlo)>B>3nd|v+UsnFUvQ)?QwQLW#&2r4+UEET z-%r)#&xGc+9~6JIeCTGk3D+;prhM>1=(AIDRg%lczP8O;|0n9t6tYjf%qDv_$ZUAqW;`y`QWza>2`&47g8L_XI`jN5?7{eFe{6 zY70I$Q=P&Wx$BS^Jv7 z|JNmUt9IG&d7-|`PS{V>R!4M$4h+9C3}4ysd7dGe?G|@W?Pwj{c+u{0 z`r&VopETMRC+!O~nS}bT%*up*+=uLJeglIu-6_4LM39hNbYMO`gK4o#-MQhX`};tGB4D1`>X%LKUcqN>KZy1v3negA3~2rU0z1IGgIKybf(nu+3MTv zXIYT7EwGMGjQ`=MNHUzGIFlE8?4_etRAYWN?&1NeJM z{5bei{zv%#+9mkkN%;8*@IU^4gg;5c|M+ddzas(s)hU05J~zhEAMCST&pLV#p1?vn z4j9~3p5h5q&z0+jio@t1EECa)xS!k2G`#JOZs0oaSn7&+i0*>^>0)C_$%MecHw|*b zD#J$M-~RA(Yy3R_SNKh6!kO9-eGE7M5`LK)Kl&U0C-mF-$AR(V{;kpaKQMhEWJcmM zT#JstO_--?>TSbNC;D?5)*o1o?eDszgUA!~@O9*;eFMs<%WND%b+NtA==W1mKZXq4 z{0H_2nDC=(r5@-C3G+JjzQ1Xx)a>Z0T7;o4jfWb!7x`%3K6(oW-M(G#9H4#Uem68u z(!Ty^A36+mAlfIYGc(*it6Tk`p((wgZ>6EobMGV7wrQ)ql~9!4RELHu`e&5<8Lbvsob$*YnfDHr4U?0z_{FB1)4!9)B;e*t#9EcMG5ZrZCHHB)j~h5>s_kM`DwI-Q0rW2l|}8J_%g<4z}& zdhYS`+~`@p=UmS*IA5Xb5xpDK&(F)E0|zaI<(T;n!msE8I@3tqajYHSP=ogwK?$C3 z=ChN?=ej>5pLy#KAfMZQO)8%l-)nWfz5>y=ngyVfC*N_xl7f`GS|Ah4(G^!KBi*Ul zRowSa>F>AJ+uy&7t3UDmLjC>53ji{rL{mKhd}uw&HA7f5$&je+KCo zn4ZR;1GoQ|{~(LpbD;WX?Mc@Da?l@La1=EN|3Cqtf1$UtyD-}blXbGe?J22x&6hi7 z&DUJ7BZZT9jf#_ZY3zK5VTDj>itD}xawHQ>Fe@ZIHsR>x3sHgGu%hROl18qcHMK zpTc{UcO@a(`K9I~tfLT!0sRqD60Cw#2MkTYd^b)4448UrRuP?*UjOG_|2GKr0s&X; z6`1Xi1yX^-yw>GSMgETpf7w~MeBZhKe4nQkS-lQNB1X%~wCnrT^f~!tSM5nC&L`ZB zw8{&cQ|?9c767gnDO=U@E3$$FF-~#8Y`kvPx*{)_&R{8XyO`=Val8gv;TV89a=_WZ z{VS~0Qv!DWZUxp};vSrCBKE*@Shh6F!@VQhIo@lHAX2U=ZJ=mK-x3hI#l$=MRrfi$q75*uiz3n? zciTkznsZE3{x>3F+BYeYIKRKQrDoDih1NwamH|D8po|r7`d=q=hH{<1ua-0{@^V zh^^e3U@NR|?0ennrZ_PHneE0)ipTq5QNwn^9&9I!Eq^;Zy;keazJim^qsxKKs5*7V zCS(4+UjJIJf0H_%Suy?(F#m<@hn3vax2n*;Jvdvk>-OLgH)VhFGRrUxaEFWcJ0X&!w``{kM{swc_%kVRU#fNn$B7t5JY$-d}?MiCu_Wn5G< zL74JYGmRdC<_!oc1TmGALl`> zRL3;C4}6{z=>sz7FUWC16j}m00ooy|_qXibEUUYx2k7hR3=XU4EG16mr zq)`a2<#+*pzZ=2Saj9~)s^u7Q4$h0}2IuYyTws9Gdp)v>U-+_Bin_6s)7&f$QGuT# zbL*T(!%{6ghJeGZclb~gT@ni1%k`Pq!Go5Ag3qyn+tYKKr|AQVNlu~FHII#2fOmyG zHx@RnFZ^W(HD8_-|%1=0VI$^|pHTmMV+ zSpnoPM`ID`bCM74F)fJnMbS6R3#d=0vH~eKs&6|bQ9V()6E}XBSP99fOxhBhilo_S z{j*$Te|IT;G$gn1kEj~^+!D$0!NhIudn|}HkG7;x-F(&gQW^_r}LJphyNk1Ezqcim9?V+f70Man^t)lv5t6DBV&QhzN0p zTuc8|J7s$<)(CGe&@P5H?(6HY2XYhzl7S3!;D7~ySv(C@RVXnDsUL#N%s@J!b<_U8 zYwAgwzUbPcV51;kWnBNr=2q9s%Gt_ckeUV>*t^<$)>iY1H_(q0upWYLH`1+5-}5js zLv>QHaz6GdU~%9K7j`)vOaXE9l|Mt_?1Ka@ZUO8%f2@~I$QHY*vkDX zuh2_O_5KMvuS3_xS#Y~_Qk(Fu6dnA8SCQ0)5kt)CzY;a0o{4BOU4uMjvumSUy*f|h zhmgdIG~NG^r~_8#Abrv`^LCDiX}Gq_RujZ0iVJGaH_aFjd`#0_%WqFgRuccgUiw*A z%|d7-O3;-I*YdvQxKu2S~vLndGuY(RQ3BYc1I-;>|y zvI1l;aK`XK1`-GX(E}*;1UkST)8R&T;9(bXb?fR}`eVIpXvhzGN3uuHGRB8P19ii$ z1`tu#2OEMbKDPD0a-IO!!Mw)Slv8BT1<5Y6H=j`_pe}9S_-G@J}znb7WXs z^}Mj3t1|(bf~}o6jzKC@3j=s>KhkR0_;_*Bm9Lsh*Ap=5(xapHH+TdooERUA3B~|Y zSYnx9^k(gYnlT^T(0a1WUi`yjJ75bSWL}sH2pbkQm_t0|1dr~7O}io|hj5SzSpp5u zpMHMU1-7p629DEX*uc$BFEmLh<~Is`zqgz?5sv2BS@1MvSbDqURfW)L=S;L6w@Qjk z+=$CKQ1E!Fi7Jg3MT~f3H3917umd9vpuqtG&f1WnDe5)jQnuJ0__(HA11}iZw3s-t zUp0`aXp7+=#upK64hduP_3{7L*wju1ZtS0=k0#4_wQvxdNn2wLwY^YSu?@`Z9`>Da zmTjuc)(rhi)Cms@Ilj{4c2_N_g+#a_Bm`a|frFhGOWD2YzMb&8iZ7*-v@4EcM}+c) z@VWdu3;pZELq6yM@q-PbMb-qIDD!peA^uT)oI|W$eS8Jk((&62@n`i3b-_thUjO%n z{%v0WXQYqng8Uh;|5uC)bzWm|Bt(Azcf93*z#x28GlakRu$9nP&A;UT1nDtn$hcLI z?i`J@x(T@`8euMt2rkBu6-;h5G2QM2r;+EOc6NN^_m-|1uR}qLRJx|TB$pGjTAVEY zg{yV}9++m9Hf!eZJHVIvVM&^3cN4o`{1xupeL5R@2pbyw25xDgAFcZy+)*`>l%mDK z>u(Ca%eQEnYw{t`ed;r)YbsF~<3Vt`-}b=ihqv$h6c(JDowWEtf&=R$1hiLe{)T#( z*{oW#ml(~C-W}=zEps8YyIBQqXIchqdFG zMeTeAYffVu+VgSMV1K7}p+l)Uszko}q7^apc`NV7WZ&A2>S8LDmrgOc=pqm@Gn2)jht<|-&rwQFt zQssX^exLZS@$hY|?fPT!GvkK1kNlexJ~v^RpqhoATo>m$>9EXYpEk2_BvU5rN3aX< zOX9ooG40<19UorCFh|YqT|#@a(IxEPcDXm(lEdEZk^2YDNnFP3nyn+nw&S%(2C{PQ z7j~r0JC$MIO(ATqZvwA+`wc}%U{ND}u|x`|G8aP3L361B1m7S9G%!#8FD{Eml<;7$ z1$<$mxDtzzqrg0}LxUI!M*w{ngYWs6dyN(u-K-svZ1kMi2^ zF=NC;Rc)a6DnT6koT*v#;KS>N^CcK8usQ&iTH6Zt58*4C1iJMQ+BlF;u!M+n{yTR9 zL9+lE9UJ}j$9jC166#?O5>1%B_f~q1Q6;s1`s1WbG_tE{pR`mrQu;@54sozsdh6M| zVHtYo5PtZlZ;!_64E;sOW4j{6ex3Pp0e?Aw-Dq30wOgPyCl8_GfPDqaOko{gsYZFP z)eo9vSL=cPE89?swDA?xoFW>3pucsSkV9REv^fE(#Rq*x`D(umxWKIfQVw2zT<$j20N46(`IW3r+4-p1|9A$a}HFMb$V0g0CLNo6fl|;dh($s4o zMWYf5M4=${_eK3_96LKXb_PFW&Ny5@);+FMn++$fg0izS~h>7BIOrD1UK#x zN_t%cR{JMn&R*xtn|V*QRV?4n$nwZ=i{;E}Z29(o=nSl#+@+C4_ zzhEOr>ocDU#JEF6qu~_<^zPM_6?ISI+-sBg)jy!zsw`_OwIG}dQ^`3y%O-v@Eypm(5%U6^)_0Gm>As(MZX>ar7n z+TxL#Pe437xd!O)!^uRz)C;1MAY7p4t0zfPDvqo31X8cxhV(hmR}-?^)pCpFVZAp6 zZx*y2oz|g5AT^yoAg6AfMpKpjx)O@oG!-?;OQ^AIQ~)(b>45;J_FF;_VHRw947qgQ zZl}_+)v4`080wer;!D~oL@IsN?NX@sG|SBwsFXHGwLuC3JtHj0LZD4Vat|Aa#o5J9 zEYsz*xjCu_GoO6L`xN45K+2pogK^e_@?M>O0$+0C9hK13MVhT!s&3!QX4}oRn;+L~ zqj{+pc#zZUx^gSM;(bcA!Np3qFqg>NXq0SJY}8z`esKQr#EUsKD6T0zTa-KRcL7he zW6we06>#)lBOE=CKk*#BUqIMRvYQy&wCL76`Cd$GUi2ThHEL59a6S2;aMfJb?eFpt zSj{agO<#c)V5@1FZRudRd85bwV-t31utin31@XsazZ?X0EXP?#BZcD_0LHcr5W+vy zhzhQ5jRmJ}Js4m*4%r$mbp`~n3CX*R{xT?MOS9eaxF9qC!-?++X%$;#rQYmd<08k; zvEzFz`(6hBh&icMjVon-hnnVV7BRq8K+N_G={K&$v$%P+Cr~c}Jq3f6*;+Zf24Jr@ z$@HpYhaz=Ft+@su&xF%6fw>Fh`68|MTmwF44{DHSFUhMZKUcOv^zr9VFB}#mMw2|~ z*R+8;QukT`#9A=@h#KVUDGikllnz}VA?_kA#~pt@uv$^O|9cSZ4ESlZMSkRbV@3iz zftRGS0d0iyU!qPB{}P)|U>XVy2xD(^NwBxuj8=rMjVXtQz$r~yI5*Nhqd$5d6zU7b z)&a{i5at#82Mh9DAx6;aKI*3om2v-$c(KMtAUiI0SO_{57VE8 zFprtAZd6d2W|xBf2zDZ#@m=?o{~Uzi#C^p4>j{71J9WWd`KaSx_z3gQKORK8!r6PS z+B)Gxof|aL^1q48!0V*Lf(u(nWX`hKf-eIu&Et~f?`Vv1P)Dq~Bz)EPAn+6YN86@S zrS$#{QQSa4hX~Ht80~`7ch8UzL6G~W$GXfhcj7&`%PBkW_&Y()J3xsZ ziIFGz56lOi=;KvU8pSXUo4B2ReFlaKnJZO3F`AR8ay*mzIsSJ>4)AEliDLaiwLO%I*xdZe?f2}PZ!spYZ#;qNrJ}Lx%H(HmIe(Cc)EY+n zR!<;z0o{II0e_GuG+(N|lGfUb0loGD;80)XRNJ2ahzTm~Ffq1t#BJA(zUGvQk)Hgt zindDuF(q`!^)*$_F%`%Ni&RYz7&J4x2kwuXn>gg-n3!Bv8OS{WKi+`jR6*d^7Ou(I z{SFC$C5Rqx4<`U(F++!=JxyQP(*e;D(s-8L)+*)b(14f+pK zbQp&cQLb4<372G#@-@|EAVCYrC+9O$Dly)|N;nEg4m)89^uxYvA}47-59>+KsxC&> zriI ziBnEzA=2OQot;kO5&VZBqi?F08mSQ0q6x(~XaTkcglyWBP!{fJh>?YBF^$Nv8)X6X z>wCUP!!T1QRvL^Vh!==y*s)xTiovkDUiN>l^j0s`7w4(t-ZLj8RH^OfNfkf5MLc3e z#fFdcNqf|(PQ*sP2DnLh0@>_+Wy|Bl1nZYbGWD-_%qUHI7~BO8!TE-(ao7*($Kh5I zKjI`!ZQtG0r0$h{dShj<9xTCtOpR+?W466`{`)m%jzINaZ?tx>Bb;H z!Y(Raq}yDI^qL-j$B`XStSM^o)(!fQfgJTtKMF(o7jIA)nDm7%k%xSk4hp+TcO#yt zBzy=O@~=kfotbpbO>9O^?41xwJ-gOsOACY*#s0gdiof41KdVfRmIV^%LgwI<)VD00 z^T6{=fKtQB4$SZJ7;Hp!Jb|2Aq-Sm9D{g|bi5Gz*Jia@ftzA>7vTFKNjIJE%n)0~3 z!MtGg_+psU`*2G=S6mn2LPa1Qvm<)#L>>{x%%v>-BkyyE_UvH(yk7~kM zoIIUKx(`Y770f@vD7UtuLxlblB>Ms;j+4BQbWfol)nKC0gNa4}cH-u2obGk4e27Hm z4$hE6eHkQ`B57UrRqqB2VAR^(wv;1&vD&8RONfWZNtd4AGUrz~p#+oWci8qNoJ9oU zhqH)~brnJoe2;oTg3y#S&Yzh5U?E%{S_`Ow4H)5bFrWX!BoIx^>)CI!N5GO?2sM6n zaS;XrC(=&BN-)G9n9jI@&I$?C70WfG4hbZ|xWgg{A{#yf}({;>!&L4B|iTQ+M46v`R5Q@ z>iFI~kx=+yb$fiK9mt-)o%%=Iy+Uy66PW>8j^5ic!$JEd`>Xl#&=KVj3W2mX6Ogd1 zN}ogY%MQSj&4jIjJ6j^c5OZC_+wu{j6 z4YV>q`xaqbl}%`C-A<}jsOK|g$!>AL=^g;LkBcqJz|oY)qC}y;LGQ0s#F<363CbBH z=uwc(@Q(AUVuj77n_{}T=FbnppWSfsMnSA$!?0qkz7fDNo$?Of8Rt)ZD-)pF6V(3g zgdUm}rNHmY751#bms^u?&3goN?mu}%EqT@*Y`cc=A-2`1O{I3n4LH|bc;LZlCQHaI z7@Jis+5?UERiGSv>tTO@_{7oRos^02E)CzQYf(`1Ot@#)@DAhfR<|uB=2Tnt;fFvK zS_L_W28pM1k!jI|?V;}A~ z^Z+(q-Y!LXN02(qY(|SP%mi&xuj)kBI`PB=!4Pn| ztkjGe(wPBbEit9$pp-iHGkL_K05gM+TzrJF1$!C%yGFhWEZoB%|2XUr^YNjq8OyCN zgSHT2)P=futZ}$Q^7=381F1z`sKi3_Wl ztq97t^-)*C>D%8#jX>QQ>=97`y8k~w9HREf;vPsH*_b+r+h+O zdqwR!re1!-M&Con&-|k-IT1QawuYJQ8#@|p%b@IH$Zz&9$n@mz8#~w&=(NXcwcg{& z|IgSnJ%J959;+*MP&`6fgIxL!dp!P5jiEFK0)8Y){!dgpA_^kQEIr02JbY`1s`#95 zQGAEG5tnraub9OK9NA~9Z(cX;pk;<*Vn-6GW3q$ZsJ5|*nm-SNbZA2!+mORH8(Sqegbr~Q14F#mnfQZ@<>=DGyqChfkL}0e7_KnLrQL+q8`W$U({rN`5%>al zEB1Zoi^!Tmi2cC^HaZ77BoA%gpnTF7q`_6V+)sn|F56#&yTmovW~}+u?VqgMpUL)T zu>Bd;1=m&;Kt3xx)%BN97<$pM4 zU{rdPDutmKaiUi05b2p@gRh|a5W96`5?g0>Ka!J`FW$)xh#6XFT3t;z>Hb3bP?GM^ zG$!5iC~MN$gZK!j60DJXvc<;(ye!A@FT#hnx?OrRL?!>rm5Ie$`@c&POLwrPC|PKB zkML|R$0i7wmhi{F!PZw=z8@hco9#h@7{YXsM+`PH0Z4=r!`U=s$EQ;=INSs*5*P3B z!jr#wQXzY`(-UZon9BKxn=d^|mMwH(sSK9N3mqQ0_T=A91zfoh$HSJSR6Y&A3-X=~ zI^?XZ#|xlr-)iwcsou0V*pHI0@s}jIIQ_)&lh#I>0ze#UWucG(s*0Obwc>VE`HhpH zhtFPt5gxEU7aPV_DprNgj#TXBYWxc_w2|W)(Mp0vBSb@a*hex#OTvh1^`zS%*VNBq zAZ$gfZhoy9zk+8a@58!%?Z~v)^Lf!UbY}^P=wYYTx*bNNWUp8AT>4j0{_-)&n@1b zZx=5Aq7@gm79O)@kk#o}i0xoNlQ9yusNuRujE^R~0llXQCP9WdS`InX^Uoo+zJeZY z*s%^}Z_R`5puA$kxSF+EaPd(6yp2Q~1-;~Jej+YaMy5J^aWlF~#45Nn;%vm}cHV0G zx~VvPG2;(A+>ERM89*atK?d+fzk?81by3YOA)$NOAHmg{iL&dNE8Eu7w1)lDo4>|o zeF8c52D<(@p!XNSH_*C%wXJ*wy&Y&Z{F}nHJ}OE63%y-fvr=o!-@N`$3jP1;y-6Ll zooW-CD|{V#7E7Osu)Xi)w6$)Izrj@qDM%e&sc_PjP+m_Suen)90d+Gvgsluv8Y@1L zbZ(X>RHH`bGU#UMW)8NpwiRJY2up=#p)tU(-C+Nf+x7%chKLsWe+L$_HsM3%14|^$ z|NCG^yz}}+J$U_M@O%Xq^J|&{@wTWejVcjkc>(!JWeJg>6GsyOhmHE1|DboYu7TSC zT0++tlf;QzaV029`EO4`k_F!cx?&%OF^F}=+Y;#`+tnP5WZBYc!cJgLN>qBsm=a=9 z{7~e)V9uyLW+`l1#hsq-83Umj9O%XUlmA`$P4Fb@@7RtmQc3xLC5c>4mf;TNZ|u-` z-ODzDyKW&6rj^$GeGtvTZIe2qdu>$HUe*>3EvK~vkBim4H9C%|Rc9h(RO8D@P~o=H z3HpZJKgNy#e!yiE1F8H2)Sz2MMQ)dP$X>O@_koVUW~;(p=Z zDF0msRjgn|{O2UWcF{jIw$Mt{Lclhg*ye<>y_hWCuL=_Pn#v$YO?@dbrOB#nSv(s& zPt*J$`Cq5`KSA@q$4d$Lk5&=C{qcWcVyt9a@&A?o5I+fFg8wIK{y+KuhyTft{_Fgo z6vO|Xn*UGyf93y+i7B0g|2$tF9cmQ%GUOK>IyQfLFlDmDgCy$r*=2AeA}&%|qOL&j ziCPhTv*3uonS(b9xq@d09T8{|HSQ{!148!U^a+(MU)Z;V=Tuu>Fc=4Kictnp`2jN7 zo+LjYyh|8Qb#h9Us+=FMr*_tK#@+zAB}17d3*L)C8GR>ybw; zfi>v&WxH|KAI?RAe=DH8z2ye5c)r**@LL4PU6>^({Fk?A*nGR8??%BT00m0PRf%u+#W+ejrd$4E^q0EsQOY_<2rb?EYN`~BMAY9; zU`I%O*1Qx2U&3aW%VgXV+GhBS>KiVYLO>`J_Zl*e7J<&>Ext#tg#gdip8|~>Qa_Uw zf_C(rQC%iUldbm#D1}s(X+K#NJ!gwy%=stT^bZpIXMurfx-DksgB*3E*m6&)9$z9K z1P31-g3U>IgyEfSMWOQqFca=vhT#eJLnvk9NK`@B!^^QV2{>+w{RH+20X^!*Y*OdbpB%QHdr1C(f$L z<-p5Tc#UZ2oO=(^UNB8yB2p~=g`^07CeB^p?=rST_9p_CFpJW&F(`vtv%M`+Hq*mJ z`cz|FyAn7@x-V0qLGVo3PM8XTb`>MJiSLDwUQc~?-P5)pElm_w4qH3wH?zOmO^jY1 zV1G3uZBWsApAGmz8`K_2SBfHeyWX3^@e$1B-tz>h2z3HHCkxwvBAPQht3k*(5DN1s zb=sTcqPVjcm6}kP<#_OSo;0yp{WOo7iPKE4urEO6p(o$9t1e3CUAc)(hRzEE=Ejtx zG0=tU_{2?!)uVxA*TMqK1&Ek({;Fg(=KqeRNTp@E!g zfRqzR6_ZG+QI!|@MOSo&fa#@kHteFn6*)zLi}H#P>1kbr<9oaqs&OpCf)Yr_?*iPT zVdvm`f_sX$5FD5bxUfsw@D?hqGjb?{!$s5$T_f?Wh)wwod5B5rJK)9$eT&bIqVGN| z8dql?BlI2ej|0*7-0N-n9*6Hp-+h_#X(#jPe(1X#Y!$A8zN>Mq={te-FV;Xlcu?2h zjJ}6n{=d=pW6Un?hrX}L>DJHbWhZ9KKEOysnPuE=)dkzUGfMDHL?ViSB>h zue0T&6~3c<>^xdN{pkVyDcnTl14KTJ>VJ>)jmXCnxYqJ9ob}(YfxKvdlo1Go1k1(I z`F^-m3r96@u>sqiuP&zdO=k&oGl?kJz0gYE1pt(e1$a&Jy4m|Y;odjzhp65cOJbaV z5TWnH_agnT8GToejL>&OUKD*NV12w=+)aq|!Mp>}_pNJf`aX7%rtbv(>1^}qe(2i| zY_VGmm zy#~G)dQy1qhlxfQV`q8-s8>eHsSg(0TbVrbY1kpApO?R3Y+G#QC)OIX()i7$f!C2z zm^t+;Qq90-8toxAE}`kRf!6W44=FiuF$g+G5{L*C!_1Xuh!X+-0Y_tC3nQHUrTZuM z|C!0pQ9~w08aXHZoyd-=F4*yHF=AA`5%HDH?}o{m<>kshm+Q2}_hOV1t_NHi_!m6y z05Gr~h$9GY0fybvRF{v@+~lRXbzd!qRN)x04tMl!AQcjZK9uJX!xGkwwjpjF{3*#W zpt`<{<`}!uBKAwqATYO-KRAeq*=u!noZqHr{I90(5GuI17z+JO(5zUZDe5P9QN#q( zG4D*wAY#~l>U{VC!{^xHapRzZSfhdTcravQRyG(ikYp=XFAD_PSHDT5J++ba=X4P< z$JrP)Yk8rZE7nBF<<=oz-x~6ivrX3hXfM_Qc>{xS{;xNG{av3K-d1309`0<0#9+8z zAhA?S@3#>YXEK5%iZgze9ePwqtmpUrGf6&Q!M)!TH^ih7`o;{9Ajp`srZFC>Ynx-K znQAbmM3Z)Dbg?tkn1`D&mHz+1jqkqH@(+RM91+HMAR^Sf_+RL?;+MPm2!EhjHKPKT zXLxuBVBn54kMGwO<2vY(2?o0E5LSUtMDtM?qcc3vuVi8BGqb5AH>+!13>rwO4@pUo zfsrxxAhsym%Pj(a+0MNMaRzM~HW&0-12JqzUKnSvMgR;a7A8Ca)e8XttqBA4%*M$7 zlD}a@3_`=dd5-;uEt07(QcYd>kf9aEzx$F1z7b?>#$3gHpp(ftl0q^d+$j}i;MX1x zGWo!D-*O&ShFgwCl7i6vgN6)R!S1N((x zWx6N7Mkcvpi`Z+I54TaOJVd<*)Ud~wE37RvxERnvqO5<|YWs?qcunH|{kX_jb8r~5f#`B(k`GgX8zvn? zk%3304}sw(a>xBmN?|1@s{#3|2luZ%?P$Hp8WqO_?1DE9yEUY9@sB_;Q8GB$v?JPcnUI^tb3XG z)5Rzf#{*wIN4glVp1^k?Z;o2XC;+Zt8K@R5NB75Y;_T7_DhMz2q$k5yaMU+cymFE( z%6Zb5^HZgbp!%MvE7*MzaQP3H^aDZmrZv^ z&O&MXHJ|AeSRCtHQbl|#3xHRTo;c*`R5wdQ>BSw0 z5$tL?staf&_9>6?Ee{aIfIM|1e_%ym6{s+9<<_PFR~P~yJgSa;f$_w?Du}ePYB&78A{M6q91nNZ*woHesE3QOhJnEv5BLM|0SA9gnjjOD25)@ z6+ddkPjQ`T)5BooEq!7b`QBGyMxtG@o#{~~jvR=GzJj|2gg8QOkH3Z}=njBU+)Un? z4sbE^GUEEtC&!~7eVEUFbY3i&NIxQ&sD9MJfC(%S*x`OOTOtgmAN~9#o7KD@eJ>xc zQ#W8IHi{FNJd0pli%Xo-uK;tysX?#<(iH5!^A!1pvLd7~j_EgwY;x>EHwXPvbtXIr zWu~&8)k5i3KF%r2vpeLO)Fv?Fq(I$qpDh8dWc_yytBf1pFiK^|v=M66q-L1Y7Sl$N zuYFHzQN{BpQ5_i+QDuB(iV;?s(0~Ird4VuZoMB0;9}L1AtzI#3Vnx22hNCJ81rD6Y zlb^wZV7!oXO+od*4lVdmV;S|;y{5@^!7hocV#G{p{k4`T#f?8OW)S(8;3~%0rPFmI&;K{L2{MmjBO^$iIBNPGQR&k?GgOjDb%N5bw7#yNY`VZ@jIVoilutI<%|!n& zpT^4l@%mHrp9%KI_&`g&W(@j*_Wxw1!6?wjXJ;{}uj@?fF@8A+`5)U2vXA!JV+-}Q z>`5r242~s0eWyBomVp_HCg1-2FV5Y>_+L5LLp7$$JUkCwrq3BMUFLyZ$-B&L%w;)n zm$^(p*kk7!;t}z`c&BCECGmqU%^JRWVX>zq^uM++;{sp;OQeEu zzq#_FDF5rtPZIZ=*93=k@W1rOvHsVRnTGPgr2f|cxX=mgH(be&jz&|qokkK*%yKhH zHs3~Knly%Kq`a{EzqDgp9hWD7eeiMJ8T?)2&P0(tY82Lzl85M+JVx7c?3@E0j+F|; zlcEp3_2V!PQ7+o-XRBvf!GU>ruYd@fefp(XO29S%U-44K@5THP^D{_z+vEKPkwEMV zpgmr%fPtm1+ki&M@u$2{1EiVj(7)z~bb~VOK|wn<=!xDjLg|P!2<4(1l&L->0tar; zihq+P;RcCNiX+bkMTAlXn7R?&o};4MGf|*)HSK}k)NaaJQH|siA}dzCH1S&EWyyOi zC^&;)vA_d#RN4BP+7$i=Z({vMb)m&)==IPa^Y=S_smGUR#_5k6ex&~A3^?bPW2dzn zSeXe@h+_G0hN&#{N{nXFH{w6X!=EPh;ZKw4=!3+6Y2bkL znFQTmP5oWP@kN#TS|aW`GX;G#CNpL6B7&35l!i}WpO71op~enIW=cCo;xg1X#ai^S z{R-l%FHpVHzg$D4xGt zX-hPJcm3PO?|yHDe(nAmey1nL&owmw%@c2b;MY;5dc<1D{^`7eo5N@H`n3IB_7A#F zUcM+Sjb7h+EU>5la|g-kgwRz=3OwAd2mm+oGg&nk?!bJGiXQ!HeGd0ALyenmXv=TY zSX)MP{-bN^&II@y)ZO$zi&ZDnWyAU`l0S1-Yb@_Rm-^DJzBS>EC@j^E2XzbaEVhO2 zk6I)Dvnt%aK^jI+&NBl?x9#!9l1=#yyk-<@+zEJt47~l(G7Y$ezG1P&4Q@_ zf5A{@?Lo(Yt4QZIn=H7d$g&(n^vg-CGI>X4mtf39-y)^*Ja`I2kAN%UMRKOE;MJ{R zV_1SgjW{AW$6_MBi1tP}{+jRK!wTppfT=>O5%^L@RG z0gin9`OZ<8kFUI;Fn`bJ@oZZTTM6&x5AOes?Y=$7{DFg(diQQ%0^!uW)p}AS59do` zHqT1mGC@!M=J8u_mc+qGCeKWKe4xf`BKCv}8HK2j#y(_A+Iv9gJF_Na4bs%=2+0|d za>-a$Gp00SE$NyWJUuag;d3(ny5IQf*k8c{$aE=Y3?9s`Mg=nCx}ZG z5Q(wjq$P@u&cLib6C2e zJ;XKB;}5!eL@0XvF`xM-QT|@;i5Jj+U8w!n83L-g|2l=31ZEM~n*L6dNAH;X6hR{! z3F{T6>uT0ve0iUyzgum565GId#k6&MwRn)B|NQq&UR@@_qJzm(bYZ9#N-21X$uh>B z((!GaepSc#43~oA63Z63CH5a9^WB-`4U854FwF(Eq_KZ5V;lt?4#MNtNJ9wLsn$S? z6-J9i+GJB<=;^Q^X#W35yqm>uva$Krh~E(M#kqLvLmgCOPE!+8deN%d^{(1i@R39w z(B&LwpqwYrEf+t^`5U`z>M>R9vXStEA%?wo%U)x@kQ0sXC%Oxmuybcy^~`P9E>4Fu zAd2Zb$LWsG>v3n0wUUQt0}J>6!#}`o+`wSOHG|-kIaUqoj8(yUtJI7YAL#jLguZM>h8&)O&RGAnZtiUI8!PRgHVD~T1wF;X)mM^ zv0mA9k*9FP!j`1YT{Ty94iVp&?kcx+-aOo%*A&09w@UXYW=9}(~WOmRdRkt zz*LP}#+S%Z$E*9$n?rBp-9OG}@mqQuG)Ut;0PKiT_HP+=VEI)}h*+@BoLh`e08^sV z90%XQtolLO>Xw@3s%!D>I)1YppCMVYs6S7^H>|Gg-ojyzQ?1NRMS&EYyTYK28VLtf zFCnZ#Fvu6gsZ^JHgB^IFt3;QIkIN1{m5g4NtpgdnK^Z5`R@`A2JgU9PlqTaZ)OZB;>0!^GTzS2|8%o=x>e<`> zVef2#Y11dNrntCVA2OeWYRK7(*pEo`zDt92EHX00uoG z%2Z$3VmU6@i~9<()+z17l=HLtbc~jqB@{@x%Q<$HGY``YDI!3t@qd*$-zx398#Q!< ztU6v0=r!3s!b9Y#$Z#v|E+q4{9?6ZeQ3bTDj-H3*xP3+s-2ZCo^{`&(Uyg^4!Is)% z7{V!X9P>u5H&B8z&u-X6p22n=v9(hWddTU9=IXf&VX+*4sReKBJPsuxVN!{V<$V0} zZa^Z1A{0yFW763!JhS-pyE6nNj_V$i8a^5a#9#))fdbpr4-Df7Y*~L7qo$JA-^G|C zJb3&$A|AfjNJQY=hIbrjJ8jvK~!&z9<*lY&lk&fIHy z0Ii8093yH?MAM~^HRMJltL=<&Vbf$mXd=$Isg!a!ag_TN0yxITN;^1O4!U7`c*+Wo zwy`Vrs0Rqal8_^0-GZ!YqyY+*rwq8D@>$&BVhppgh+;PM?^N)Zj7fMgGh%{g+y`$X zYQj_P2vGO<$v&=ifEx1w63lt7mtTI>jn`L9i#^Y^JI`~ioPyx)sr9(u`&4ROWdH<- z)D6L*iSXFAns^v~pS`XD`L($eKVJrJL0f?^y4d!1XcKU8f}zIyNgALx>LE6ZTiS4i z6KKdGwu4U$F?nK$?UVQOTX+=5+%e3nb*NR@N#Fw>U@tik46m3IH~)HrgOBmz0`9H4 zb;qPg>(uB4EiLw8vU2Ve^Q&B>lE?xCYz&HP$m&mjM2PkpfuUimPRxsnb|cZ}zW59` zLhQ!aN1>eMZSNG6xA#H1NqpcEoZvzIXyKQeP^kvA-X~|Fz-z&nykx|tZK%o40c!kX zoW3**1DI)E>tT6D7$vWX=xa!coAKgZ$bqwPYyXi#a^c)qir5MgE`<>78nCg6^bFot zA!M!R1LuFd!9fOFP@l`{@>=zh4Wn}zLsCGEB$6@klE#BC@b52)z7Z>35o?72sOG&y z>>KV0E>l}DV-w7NHrGZq_X()Rzaom*92r+&dvm)y{Xfa=O8oOas z{}fOrX`D5@zu$euI+6#9i~F`Sx-anisCk9~P54i?Os{TP98SpQ{A#GrFV}8om z8>NqWVJBbol?`Z^9_1!?8``;!XZ&$97sOzA)SijmJT_=GMF7<;5<=?B+j!XuDaI2V z$3h5=#1@FD^@RmnX)>6)3f`S{x(x#c*x74JL|xpH_Y>(PbcO_w;fU+3*uO#*wniO| z@yK&_eU2y|#zBWG(S?S($2AXxkJtD&^2V6pLk+|$fl82JZxg#A%V1@o)61$=}zboma~Hg$BxoUP|sdNcMBt(QoX_IR2)y)pFUNb zL}>TQd#_=1;2eu49A!a)7t>s{)}RoyD>$@6D)<=c$?K=Hg0XEXm`1g!s#OiChpEBf zVP!To8S=l@Zg$eYH4P{-%0V0ciF!~WgwjCO-a=AM-%uy?XWOy95*>x*IB??k9FFDk zo!o+(8}xVISp%_CU|SfQ5cf%xv-5+__O^#5i)Gt`>tSqGv~R$Rfyzz4`ZaGGw-kK? zthkv*ci+R(eZ>X4Zl|L?^mz=*-T+UpR!h@>I79=RM$sUxf()qUJFiFLd9l*ohmaya z7V(qiT)+StMGpfZu6Atjo~Ob83=QoM*yKOAdp1TWdAB@a&naiTaR!C>CuJ$L&>-E zw&cu0>%x{os}r=P%+U_B1xKx$+Jx;<9tKl)SxzAp?y(#ZTS;MuJP4Pgc7$&wRj4Ff z-);9=Eto#0SpK~cQspo6hYq&KpcK>Sa!vN=-1r#g00c z{IT7mog>h;Dtq!@hK>K~v5)o4&wj9HepVfZY%($+xLEcGLxE{xi-MvTaN@>^zIn~; z-_Z3CRzT``^a@2_Qb-zS1F$k@uCj#)yT3iD=1s?ZiS6hhuZQ%&2qQG%+2u%(9~=1v zf*iAUjhV+U#bU;Ruf$@zpa<;_sHRdL*9A&$123rIsewB0=&N*IfrvV{GOy+MAqh6# zsi>FZlyGd*M7`2&OA8$rn2Ge!4iOSrnSX990a~r)wBYMC80?cL_QH_IsVS<_f=1e- z-HFEh$USx?8jZ7)W6&TF+uBs8B|<|Xj_hE&L|L{-@jJE6?p1-oWRm1qd3mYZp89L z3m{BNZP{Gge0wI9-E<))v#WK5!a$t0rRSi6XKTLcsazPAT_xTl?199-}aGEU|G zMpq33Zi|E6Wl+a!a7BS#BgivUBML48CT{WQ;;C=;*A}A_+p6O+eXq5I-#UQWc-_W^rI+;VGMV zfoI|B17{caT|M6F)SVVw;A61a#xhp177Jz2znXC<250qrA)1l4cwZzn%s1lA=ttm{ zY9ec-Co%FdpJ^dmTtPUn8<-E5n6)ns(eMUSR;C~fta6*H)f=2*P>Vpb1|v|%Om%=v zTH=ImO-qetO$2@Rni!s+VB!QhKe`-R?}NLj_1e3_anqMLg{8&7T!X*_C`HX}wdhZN z$F;WJQ{F5(Wj$%hv(Ae8uJI-x#25q}eSobGEy3}KIN7i$@S&Plk(itsuP8Zf@(P(i zMhZa)&N|?LW5s+#1t<6S;{uX0ybRM77koAS%A$ahJEn$-`6;>1@==oT6un9wgN#LYywC8j8_O_eYNCh%S8 z6($*lCaDU%Ee20fuzs=7Qd0z7+)K{d4qYJGxu*omxS(I)v@#+87z!AmF64juvKaESe56qzJDH3kO9Rt@;(CDL>LhywiWauKQDg=s z_@DhomM$*%disZ9ix{imi)amHrbQ zarLq2h~dZj-CJH^Kj7;2%~qUVjwWARWm_}b2@YS!?Dp9?mNnu|MsOz(vzo8Hs#T{Wi?8B>Qk4+Yz*Eo$k< zqNKb%DUp(5U%WZe;|)&osydzbF_U+rv^AonoIDtgTG+S|<-}H2RPG?UqUV`mr5S;Q zB%9zkL|lwL9lqSChNWfVMhfaEkMu{a>dW^N@CbVW_bf&=DqY^dw=Tww6mWP2F726u z8!3AF-CLKi`{7FM)HCc*OC&G@1Qq>1)SZJWu%kXy$yhjS`8flFvp(_q*HwxAc`oV~ zp<(bpMBU|We#!c871pNm<6|QZxBuv*YORK6wc6BC|0>r6-c#yA%rV%1RCx^Dj2>Tg zNm3gPJNx6s(L>r#`!FXU_)LBf|29B07PJh!TK^7&j*+h0CPc3%QnC` zevl1gTZ1<6ACU+K0I|#K8-Q|TZlV>g=)5$a5!Pf4|1BDVmHrOif&=u&3-5$i|8Fpz9!NbuD01;vyAaq(;5T*7aBgX51&(N<=^ zD-iI2{fbGdUlj*{>1XcFe!Civrl5OEUk_E%%&-LUD%W?JkPD!ty zAitfDzk=1aB`o8wPQgxZcxaFpp8qu8tr$Ad&DJKy3r+W^6AfMnLCE}5f8a&)QCXE5 zFA%XcUOy}WUgI@hHcq%ARYzMHoVLCZ#px*EMER{U;_%987cazwU~JoQXjos+8rYcOchC$$AOAxJrCo#*^BG3Fx!i`jVyfV`I2+rVp7>Q zXLM)_XjYYJPEtYe`$Q)rR*btj12t>Iq;>>39f#E%7-MnU7Rd)ok zU==?^r4Z8_T%t0`)v?%)?J~E0dm(w9<~imVA3jj!mkByJ5}Yw9N4=;sZj_90gD?;B zn(i4lu+78c4YtyvxLekVG1ZgVrt1Rr`0dz?5NxP#x^wm8Y3xAc_58{I)$185#YT{#HQfQo4W`$;R2FL6Q4qFR~aX0Q={DltwEEl9Ac7afLL{=G>~^X~!f)6g{*{{bi%l|h?W zeayjkP4ZkJyhr{cuqaJm?Z;JCOBP>cffqIr@xci!ke};C-jyKARKK_}ae1tj>iGv$=R^kjmy-15_8xE#js%iZW6)fEu3rh3WVBdtIi*b-W00@pqM@X%faJEpakp~N5G;4?7f`siFTBLM;95vWt0G|4yaotTBNlG;3zdc z60QhxHj(%~|MP zuFV_^v#v1k?YVh-and?YVaNCg<+1DS<(iZB_SQZ})#<^lVxMv8aNY*#I^!QI*y_3~ z19+J8qx}0j%<4sZm^e%wF?-m+fg@b=*M+;=X{@T|^GfjO{tm7=?_-iJvdVrb4t!Dg z^GAiN|Bb_OKJQSR{86|!l3R)jcDv?0i9ARd!K2`jxjMP1;Gk97 zp*dTpxbOb+tic^A>V3%0@mNj&8Yi#fz|IkJMJ;)Rk}o`(N`mCDvl}A93}XX0$B?-C zlzQqDdPv6+j-2Hof0mA_n~;5SaqV7LtvE}t^{8eN&}LjH4qLh!{vGQQSkVZSDaL{I zt3T^BHaH<8WnA#M44ZxjJI+ecbgRTY$p<^Q=5gtAgm2hD_MfZvTc9(-H#2#ltL9Vu zWPkz`T}+DN5`7O+ts-pq+PDWq2fuw9Tbs-Br1~sKV#vj*vxiFGtmRr8-f;)t)cSL= zz-hXsH`MYXs}x=HQQ^NYe?qs(Oe3L zK_ElfRxE_XAdlS>^e97$=)?3!xt5V=;DEsU+#184;S}rxOlkvfVub_$I?8;dxsJ>v zpIwE4&EanN=Q^J6;P1Vznt{NE!#*d5?19gU0wMZuQ}GRploO>=D36#nkrM&${^~L` zK{QZv@~Z3HH&+s<*LAKOsTyG<&a|b{hB(IH`YNzjKQg8POaZw`35WRTvpQ@2_0Z4M zFJ!jyLiw5eL37#~!Dxm3po;m$qA z2c-%>Jg3*7EdBH?KOg*^RE2OJeR+aeg~R&xZ>Z#^8y*6wHOs-lh(%8WWcE73L}zoA zi1*`|0_a#wg|=keeEZexe{g*#Oj9~ETJ3rftifQbV|jTtL#-;W#pT&mDU7nZ@dk`O z025W)$}F#hQGf%flT`L%+do!$cRUupMq2q|J&rcqU`Z1ScP2_ zQ&Fer|2qh4$7ZenkKr^oPrKTH-EMpXr_L+GYSw-DZLeZ^EuF_D>q9e-r+ROW4@Kh` z&HZ#3`%+H$5l|7fM|2^Co}aG6_BMFDLv_lZ1~X#L>mm1ps$PV}UG^BcA8~lbs~spQ z!%Zeub(x)_iYmblR@xWGyHK{iK_CtJMBWxtFjGLYtIkEUC!pD*>gpKkR~)S4!d-E& zo)I@ifs#_cdtU=9!;P!nl5kg4Qlf4oaJ0oouviLiz>|MWYv9w;o=Q7p3bTxAen9p; zIH%`giOueIE3*>@m9{TSIP#F>o6m7g!DQ1LZ_(wn<)aIuWKgBj~39?c_U1s z9m=W;3jpnUsnfYUlgv`rfVcHNiT?y5&q`vwXiAnN?YYiLs^U8~-gyc*Rsu|oaTuUn zUi%kfi5MIPH$vEw&zbX9kip;k%vpqa;wiuNRU=f@z4lA*hzJ539lbM#jbeKk z^qKsd_82MoM#`V&MX~ay_zmHtsir!zWQ_c|Y$`aZkOL-O{`{D(Yl-EezF$!OEc`~Z zk&!5?(E{zT&|NG57ODng4Es$i3k{Jsn}r^I8dB%r zUSXgMfnXb{Q!G_MB}piC;Q28kC(`L*Z$$Q}zQiI{@>EDWX7Nz!Sh2J755hH24$iH? z#brkRRKh&r`6834oTNd@Qsz;TKqh6b}RAor+;g{*($&syFQHJ z8}_v=8C1Vx+vA$e(;$AH!gkKc45`xB3e)77x`bt;;^$@RFGm}uiDgbbKQ{Jm%Q;{D z6Y}TEJ(_W}{*pHHhIqzV{7_rQX)Awbg1RyCXJ)ieJIphd1;9KNp!P4lW0=ReU%x%1 ziMQqnkw1-LVV?;yjX?hNu`6g-{&W?L^ct}@PyzY#<%4WV7FFspq@?plg*PzQ$e&T< zjHWO=`PK5NOm!9z*olrCDvkW%j+1+?#ZIMVmD%I5mV>*VD~G{xp!z_;h+&}IzqMtc z05%Dk`Kzcm9c`#yx>up8@?$^S3;|ltClnKY;HZE{(8O=!rJ6626UtH&2?8nWV@~L8 zETQk-#!P$CJmM6myMyK_s>c|17k-7-U>msE|BC?JR_l-Elzb3uQaW`iaeMiOCRJvs z0XVCgRsg=ia?EQ{hfX3M_L`#V(dxVKyV}tz3;RCaCQ=`qYtSNWXis!eVi_u{{z&dG zopAy1_t1BjPv2d>y?>ebr`q_VA#fb1X*m6a;B#He3j9AON1LLK?y4J-4hsBeV=RfUDJ1Yt1JoWTQ%zcC;Ijf{1VakzLVH8 zc2B$X-EvN1EPsW*uDJ|A1rOwq2eQZmS?uR0L(W}$^S zI2eMh)xYEVM9pp6(9ocSJfznL=5nwnyx%BxA9kH~FUcNaNEJk;V18>}CGzu!d`?tc zK>;~v!=8L4 zUw;C4sav~Y(>u~}p%>PmrDB*zX&ppji<^h*O_uzEL?e315--Ef!60WX5A;C5Z^@aY zADz$Gz%YNcYnk>*LfBT8!nQw6w}})-Ibf&t-$rR)uh#7gW-jR~A)%K7u(Zr>rn(y~ zbS(oonIC^zom|<||LHG)kDVP9xO&I;G{}BjM_<2I-F7ASLYwy(xquSspl{=dSe_-| z^w5~7&s)a-;rBPY^qB!>fAeO~f4skW#+7mM5B;Y%K<1$TSL*)%o$h}O5xA5<@j~2W zA^lJ4_tMk_6`f6P<2)C7qd*OrNwqsJ&mSb3F%(v4V- zm!!fC*zE@-xJY{licIbMRQ#|Je8}_7x1?g% zx$ohp2QcaBhu)+09NKx^b$!`VpV_%*VDoxydAN)XA$&@>Y|)Lnoi`u7p~SexIDQ303r2>J5=lU8JIT`s(S2CXg}1X=yvwh z!Jn+0?%1&#)w8J8=7hGiU8>ge&z)>c-1#lA(^*BSr*0NRCwiT7-1!zPzLec)tB4u2 zKVR+qGY1M;lC_+UTpM6slPtNkza-X}G6@N##HdVl*}*pN;7UFOuLpwI8zXq7O{_JG z<73$HHZ5{3!?(~#kxLqX>5SI#V?aIj5R(!DJc(H6V1hc?EVkEcELMz!+<1K%2hqHa zGT9;e1pso13KRokuW{8;P%@f57`3mFZWy&50*2`-zp#G6Dv}Wd^BVRefiy%|^o<-f z4^xMx9pLjIl9NFxSy~#@@}aJYQy=M~>r%TW>$5t9fH5BkB_+xPLNMhV)(*Aak4{;( z=$7ZN&tC^qTFqbGhyF+N7vqn1=*5evS~zoza&vP7pO$%I40DiD5Y)+Yo;KJKhR;!| zeq72?U^_J5#I`S7O<|Te{i{>;KxFK$alAt&HlZBu-zZq?`lBpef?OpO_CBP0gNUc6 zunk@!B=k_Av0^pgQQbdf5q9;chsNokFQgTgQSyQp!0(o$#X>m1Bwlwb2jsbG`hbPV zGte?LJj~C3(EzI>HYD(7n|S}}SG|)Y`jFY#ezkXuo;51iu@J%nDo~G4ub(Vs9KlB! z1iBfM&ohlYAEcT0*YZLpuG)A(3G9v7IlZSnD}8htT=fq=gIEIWl4F1@BkHlVdTDA3 zA`@Xd|E;bBwlh|>c?GE_g_{ zcEmsk&QbVnPk>%a=TU1NQ1c)knqQ(Y;*B%k4n$LXpq~1;p&{~7eRpP?p&=${=#s;o zVDo>(ze8UB|A~L6J=~UmcbwM_|DGKL|1LQBu>6~004Cz!r$3M9-+|}0%fBb;9^L$~ z&A)yAME=c?>f7bt;|8Epw?EZB|9)MYn14TGgo@>U%x5G9XAq~sehV}krOH&N)mLqD!1ObxfmwHMg?x?bk4r8ig3uo^L}mEW z990W{Ue^NAJ4yhR%l~NTCSi$i2CNuJ*Tz87vYSDI=W9rn0wZ1i=Rk5WqCu-ckSeJh z`dKu2#5sWP;$x%DX)zA&?Lu_6MXhBm>|4kW_ynqOWHXja)V*8+fr~&yn2=`nI#S9U z0cpr((kSMBH4kTKb=w)H-$E4$=3tqBuZ!2csBB?>K%20%T;UYwiwGXp^8pm*q3lyp zQ6NyEqdC{yhp#f)7-FDgPHL@YsnLTBPW4B2zN7KKfTnZ=!dd_#oS)FcC8W3q5!i^W zrzg?B7WCtB#VrUi5lfzV3f{c~?gJ*HT#h%0oeSrs)N?b#urU-)RGfl0ml;Laay&Vg zQsR5)kB4|QEH*n-HE4&6-rFEX8kMA&tqxILNDKUAyOBf;NZCHeP>yJhS`DIn->L`4 zWgHFd+;5JVN#<Sn5zSCMETb@AzmWjg`ngh~&ipwR!} z0c_2}OEn97L=A<2;*;`S-fMJ_{oM{EqOTFk9+ub~VMjl9c1lMw02?18{(*wcu0O6K zsf6>;_mUm@E{23={c2%GsJvz?0PfFP04^BGJ8gNLlG&{cQNM$5;CzT&q1$TyczB{c ze>gfn01{g|DnwoKZBq-P|2M(jdSO;cQg{aUl+^(g?Ps3*glpS>hilG%0;RDTj)Z1V zXkYxm{uEvvDu-ZFV3Q6I;CR5^H2oD7WR}^xSI&?Rj2+RxOYDy2k~bS55vR8TIKw7( zGa;B-3>9~TuK*!S7&_r6yjCd=T7)Q?S8+{_C`sBZGhc`ZO)1-`V zZrPa*E&a<*C@_c$`XIl%>+KvxU5f&}28G73TI@0&U9!FLufs)A5O z+qSB!p0@RhKOYC*>)=N=Y5jXS@?h>X0TyVJ?!-$m0oFf-B39ZnCukoAb8@gZ@rjHL z@`RZ{M)9Z)tiVc}ytxB%wF$Mk{3IwoV^{*+NJx>R48Gp<4yYU78JsCg2G}#@NfC}G ze|ynT&EL;x{?`2bocPel-}I#sQ?jP|8}r2ScLT9FEPp@695#PTcFo_?DZv>27T&iU zV<6k&v001LqqwRo+cb-hsDRPOcym z(|#5G~&ZmR|oGu=EuR3`;LY9%1Pwq6bc`mnT@7{`7?PZrv|r>Y1n5Oq~~D>KG3U^$(?) zTRg+F_prrO&ZQAxZg~QS2BxF8Anj5i?Y2>!0{1x%{+2Dne!rb+%R}4;0~eRqnngYB z&fT&6H~a#_e-P9H3|cZWIc}W~ZvKJG@EF&aNGHgxy_r;sbK$>Z{0aC63LWM%I|C;s z9e)k^I~ezed4n@jyagMlm$CjVFHcJdRCb^U!vUwGu|Yz1;vUx_yhvSp9y~~o0kf^} zW2nZ*0bkqi$D&i`J;Xy{*aXZ%m^@_XnUG-iI#On>x_g`*cq{yqkz>>Mr3C7=tPkvm z3sRGK5rb4_@2TskN$lejB<3?>|J-4ONj(z5KN*&uxM{kq60fiP;PSluNM&}&fW;I$ zG>PnyYvSLdUu#zw9cY*ug$M$vqX9YO$6~3&`7CLIl1yiRLoYPj+#$&KF%j=NuN|Rb zd~TLzD|PK~+E}aPKq2yAj0jvY-X?*gqliEpHYnA?Ek{b+5Nc`(<01mxC77z&Q}FFz zd4Qj{2$Mq4kqkH<1NV7B6Tk~L*A{_-KEfg|+M9TQMHch6#^Q`97LUx+f|$9~KAcY! z`cd*H#QqRC&s^_D7o$Al-ED09#$kI|D{MtIkD%%$!E96`EJXV>%0IKB z)qe@c4JTGXyMWauB$|9)@HGeUd<~r^$4#d6g~X@4DGK5y#0#|U^0s)giy&4Y42|Ug zyqv4I#aj;Q%Ul`_aF9cXM9oHtFmo&{7||iMe4zfw0Cvt&Wt6-k--0Dj8pQ#d%gA7v zHiFQmy#)uWU?c3~=&wK+KJ33fa((v#k?Z8#yLs9t;M7ZJ8|4y=TB`Qt)08wm#5h;& zglY)67khEaPFX*qIyp3&IH9YAMl-;7JduMhNv@h8BsED!3Nb7Or>EM?rH!cYg@Nxxhm)wJ~1)l_pl_&`Uj zPj3E^nYF5hrO4}GUYpSFW1SBn&c*vOmzrAl9p=N zTTSu~Nlv@>9lb)j8?R)n5;onV25Fqn6P!&19MIm!T$Ur$!I{)}5(CMgm6X~mq?mu3 z_d>IZEO-lZpr6PLF4-S&s2ADSu+!{yx)OcKDze>tdFWS=pA%bE?b|kR?Gs1t=31M{xrHi+6?6+GW<%3QJMN`<&m$CX0&b5 z|I78!XvdC)+B1SW3M=vBa;doPRO8y>8kz)MAljetzodT;hkvuE zOB#O{@gMtIEBr6UE~j|>`?Qb$fWzYd$3AUneI)po#jk(NBK_?E6z!o!7gVc1-pRpW z$B|%p@6@kAX`X9LM;cDhfLE5APpVaoN7FfBaEVL^1grOHs_nmNgSHpiXqLEN^&U;S zzvF4ocRfEWBrnAA5N|v~6_}f6QI!QtsV#RzdCA|eqxfeU8NUgF8k>I(U;o^=`YU7V|I3s}{r9^MLooGY@59xfX#TO~_d?N(+Yzpy&%y+d z5M$I%#i;Q$rI}5GTJA;cw5M%^aHT0Vn^bwWUlv{)ynr{KNV4aL5Dx%)`T{ zLwBtiONk!8_Fc;#QKJ8E;@>{{ztrzu!=htr{caDtLv&-zuSXXDHuyi#@0`8b^ydFo zzdQJ8EB&tfG5@iC=bC%O_QUg!!+uz_td;$6E8Hio?T2eVh}sX6g};sYZtRDrUpR96 zq50@`D5m2pX}>pV`~4|Og4uhTqz9kV9(2n*;S;3wM>}50_nOFhIjuupxCobYPAdng z*l*Oj_EGEFr|y>6MZ}LV==wd?VIECoeQ3FB*(MySCLzUgd;mgc0ZPVML z>1g}c)z*W~{@W2=twuB@Cg?#5A5reEbPn3&?4zlKXDbrZ7B&TGNZbErdl zMuJslq03uvBD9SGqXo{E>gj*QX|I2rL(Yd9S4#AyU=TZu%;9Fi3scAxCFVL?}yF=*r3uA!?uYv{d zC*rA$x+_7yxba%lK0ncA@9(LWsq~ zwtfFd`p8Umkk#ajr5WR!f`dT`Zx()0f8Y@9v+-6N2_L76(?t|GJASd(Kg;*)&~kNA-V=tG7Nrb*^>dGQMm^5Q%7F2lNbxXfG4ek{kN+kji19CSz{vk1^yEHC*YiM>A+(^P zA9uHW*YksV<8+RB^AYU5gCB!BlS=t*%=$O4YvSoGSo&lrk!Cbi%krqyhc7<&_Km|K z9LCx=P>k@lcLT+^x!?&|Y#e-$?CZh)n^|0N)Qjiq=UfD-lFXBt5WM!XkCFzW3wGt4 zI{cPXv1Fyb8BzqNSIE(rnsMSKFqnanTr@sBa=@PT964 zSyh2-*))rH<}_(sQLMKVtA)vwKl&@c%S}ZP!UBwNxNT9x`Su#a+LVB@WXQp*Ce_Hm zo{lqNII#JVJ=4G^z*KmHBRz7gbe_&Q)?}2CkBq|7mSgMAuJI>BYG7*TcJe+O7IQcx z_HhEcsr9({9h8D#Hj)a&!JNah9JL^^hU{wTkfa{CjVt5&gh*SawR=e9gO`-R2Jgm0 zBI`qgAbHe`{s>aYp$y`#l|zZU932SBX}jiR&aJ}`h%j`-SqiSL`_$CGb*H^RszphX+jl7ot~1IhM^D9HHn2- zY=@xhHpkmqn!ZnJ`eOWX+YPkQQc)8rzh}-N-p&bMY5DI#3l&!XRL3qzx9Oit3VD?4 zD5lBgJZs3~FLV{Jlu$39)XP<;{e(86#b&FkZaJaIcrOtsUJH@6_6besAE6sD^4sSx z$F>PxDwWLcCn)`R%e#n_==xDSb426XoX+Qm+nE$@i?Jr^bv0+Yi?5x`_ zn4@{fuI}j(+y3Wu`=wQoC|v$J?ML1I(FAX{5?6Mno}y(gSlL640{O+y1)w%1NS0D{ z{YAvaSUaFBG4-#j(CngIoed!*+)@}q_irsFxqlDXe;SPt{8Rp=oC+AL!uh~?-un?1 zz>#v41M~YYBG!gqOR)yW+?OZ!(jfnn3l5F6N#9`6$v_M;nMLk_(MU{f`)J7a)#+YVqHR;sH8 z_P7m9O|UV09c5c#_5y+JJXtUs6a(y!K>#}%zz`qxKQflz-)2x-5P^0{JTxz%1vRwK zdqmrL%Qizhb%O?W&ASFzaRk_LHn3w1(Yhl+^dk*#ehfVCI>1AZ$@dHmvezmD^5BK0 zwL|{AEsk_`NKpMXyiqamzFBMFsdwaN`Lqq#cr5+!ya20faDb$7XyFABBu-@B{L77>j{V5gETO zcdeS%5i`j((RD`h=Zx#Yn_1+|bn<4pjut?OJmj;t;JlP7C^R^^q+n)x)tO}39F7j~ z@;;i$%?DnGT2P5d5^i$fff)FagGm=Z#^QW~Mtq0u(?lH7fkRe|XeIrdI}ks6eJ3<6 z&fWXJ#&6iK;Fs|$_zgP({Lc9m`W@?9R-Nj}pP7pBtEu+n{`RS&HYUfCB>ZsVnMJ3f z<`i#WK(^N!kX;;{npIr;c~v?^JaknLxCvkU>r&RL`Byfz)EA+5Q;Q1*WLN#8Fp!-c z-fqrk8Q)qq*>EmH{}2>54PYyXC#8t{`xrI%368gr3!F9~K2PTI2!9P=J!BGKWve3U z=cL#MaSl%p&m}VX^@7cVg3Y~&+NtH|JPbzQm`)yrpkgb~R?aVIudDU}eg>jf0#P2W z;Vt-n`guh>B+?qbi&r%b@&-G>Ju~=Czk6tjC|BMt>NgA~!Rb5qN~8-b z@UKe;mu|$ZO7JhA#IKmTasCE=s`IW$(7@hp8yKShifznd6J52J;+4$|UD%4l8DG2+ z!%@39dhxaK=ZqrdxV92f}d0_dho#-mhj=Jm5`QxJ zvjdto6H}6sFzzNSN0}tmDVNii2g72MtF|*fk*K=`9JWc|36VR2ib5$#&wA9mXCN1| zKh6L#WZz-3SM%%i-FwXzr1qPK_a?`yk{v6aoZ?PZ>{j>#ztRdUSqJZCh?AK$3 z@udg#f!p=s&zdR`bFG-YjsOg^m!b88AA{rk#z!@;muX(#!hxiDU9tyK%>E-V9E$7y zTlibulqRHrldHMou{uk2y5mO#V0b9jT(z%AWpHicsm9*^Bbu;E2C_GBIcR*1)Pt=b zUBV7^p2TA~M}@#9em5UoT(w_;C1w{?+ z#xD{_s_DpTVwj+UI7GH)k$xKgndCp5^-8xW|70|lk%X4>lg=zNPri{WbQjOdmd|+C zFz02LOLmhF`S$}3hu>~I)zCBSb9GfA!Ka|FnMfO_C-!Jw=oD5O$yen1Z|HNqDD zC+^Yrx&L}D*vVCMI$ngxIY3Z;)mVDW@N6jbn(C8&LlW2f_O%gl5C%avQ+Zh#wEM)Q8??w<3QMlWsWli;g-^$D8Kg42{lUgAP9s z@hm<~F|YM-Hq&iWP+fDb@kFH{Rptjy3aO?D6XRz95dEujN`#Oci*nk5)Q|f;tFUu5 z?TMSbNX>i_kI**cu%q}%dcDIKCseR0z|Dv6?RP~{pjnN+NqXb*y$O3GAC;hc3-Eyd zUuPX`vc`4Csb99&9c$OoE2fzgcfO0qQlmy%5Y@0#nn|He7AXprW%1I!-TV!WmA@Cu zZ^o`s!+NiX+by(Y<8C*y9L`rifFM1&j}e(iw7gG=INx#aNL!`h_i-Gc?7${p47$^e& zw6?Yh?J(HHBcbO^N>wwabI!I+3pIw|--s9oRoeypy9vNceAkRi0Y59&J|7D+XC%}i z>@)EXO{&5s;tAQQu4S1s&!(DQn8n7-f*}*=;&&H9?#Sk+%TsVnyMIH9Dwl{B+Z93qf+6;=f3(ZnM5n`0-0Qlx4N`Z`0uT4an1FLQ6pE~)=O>rbRHTr zgLh)&-}8Xh?~E<;uMwndD_chIFW0t=$amGqh!EgHu@^CDo=Q5{V)kcYy|nfvgYORH z5jvIG1gjtsEax&~)-atDBk9OCmFv$xzo7+>N{ey&ykI@FP|yM+H5kuK8Nq#r+R%tq@91zdQ3E zV);yBxuBzb)mXh02F|-F3{Pzz@TVM?j}>WkUB8b&FCB40`obB|ne+z<6;LtGfI9i9 z$4?nZ-D^JVqw)9Y@l&SlqZc_Af6YFc*;CVPIRK(@wte(@MT~tkhAKUnih0zj_(HiM z$cTM3M(Q#4QGba*ab|x6Uh}*8_>b))sphjAwSBaa4Fzvi$kRT$g1xNA|70*S`yv;# z<)3s=J_&6(?=!+sy&a2)TzQ}s!S*hi-ybp*rKawdIZ z+ehgD%s)XYOKM5Go5X~zz;CQflF_+rHQ#d#GWK_|9)L_e;3%sLk#W^>k0*PC%t^g! zu{_O2J1(hn-22>H^T7eGnx9Y<()bO$QQs9W5A}TUKZ<_rsF^A{Yb_q324+9L2LIzs z6CY5MrqmNhRR0iaQ3X@Mb(Zsje`;lznK*9hB#)!N20Q={<> z>orB}ku*F)D-4~V!BcQdNN3s|?_4c-f3-Uyshh5rK3t85dP3*?yU7_x>Lpx^hfqN) zwX-fl>Z0Y^?4WHBH9KP2EY9rk20CR^2Y~9Qi66ByC?Pl(`2Y)c#=ReDJA<92p7@$> zHCh@c{|=VMV4wSVJd-N>bF4Rzn6{-M*?-*Dj+G&FM-ldex~JQ(cM2HIdlqz!6D^Q3 zYGpiE+6`6G$~g4}J=tr>#;_eCkZZJJ(9VRdQjZ`L*{l`L&0UW`ra&y{LaTH`pZaeK z-Sl4+!ur+`m3la$GD$~tK7vBjPS_~gFH-1T2wILlX=yt&*7nOaM@8+I$@pDQW`T`+ zDOGYTerWsU)34gGU+VtX_RE)F{@>a!%ci!nU+yCK{}=X4n4+Xt#gQxs2I_bbql2nGI>eDD4EayDbhg=o-*<~?TitDoUhh+Vh zgg4l?jo8@(Q)qJ@T5dTXhQH-?E%=7y-QL>-0%D5?cGjMDQa9Z4&;u2!sY|gS5(J)z z&(P)Tbon7%3Wrt!SVM+9(Y00i*FNSg5o1{Xq-gnJy8OT2?V7Yg7j%#Kq+8N!)cLqR zJGle)b#O{wBE}KwR4G!#dF?JXut&BR7s#fJk~%Z@iecxx=5%O{3@`;6FaFg=12Xo~ z7xA)^Ti4VH-*dwV;Vs9K7}~yhPYk^4G(1bgd#^9xvE_hQ77MRO6yCP)Y`0cEki__FCr^^z%ksxEw@ zE_{Cl3Nutf6mS&2;%_WG2r07uG&xfKCR0BAlQj5qc{pd;U167B_C3p!>!o}~q4Qz-HrXb9z?P2?0Ekc8XH)Lm^QHV8UEZ(DSL*VOH=0&}>?ggz z@>pyV{u&l3{}RfRc<1YqV|B?V?UFYB->)P71vdVZU$W_UlPQ0+F5g|3e-knKuOEZl zcKQ1rW%*pYd`6^v9`Uy_-KWV&tnGqwV0p6KEw{EFiTxEp@bY5p-&t(e|80qsKQvIv zzx`%(B))h{>+)w_!1Dd1{K822mvs448-}A!=jj`x<;O(IkKko|;N7&hexfjd7X;@w z-D>y1zZgqrW%@J*6LAZVElaW+>_Mny$-m&q8PRwGi}#5jkgE|Gsf#b$6)pbz>edbT zYaNRZVDaV`BkdoL+95p4VZ*0w0S^Y9z4?%sQp@q(XlOOgODSM+=pf@vE%!MX*ROG0 zV=r6aQJ^T=ESh({jF3z5g(9L{rJZQEF=%QjLqj{E_zDq-RX-97ZkvlccjKeMICtaB zcTp>DhTkxzjG_nePq~~^5KQIVjwm^AV0SJ%6u;^e(n+My8!>HKfrRQuk!jJ2KXB6LWE3janH2P$B>_?>$wz;*m>` zxhKj?<_PDl7b=cMy0+gBJ!kWGPhI~%_r}yeU)SGR*MH*vD0Lbij-d`(q6S6q*jOYa z>3M$)Aa3Xco4vhRNU~-yaAV|NY(u^c+myIV19)Oo41jD6V1NeD_`Sg-7QkWvpxeuP z3s`)uPpdi=RCW4FVdr}}1PCL;F(uT&w0|Mc2=)SS|9Lg&w^KV!U}=lEFTJzidZ zy9NHLiAa|DX<-YCZa~rMKcW)9`_@R&?fZ%D_=+$B=*GjxYl=1@SzR3|R{lFFHd2aZ zpvJzUtBo(i&$&-gF_X*Oa2c(IG#kjje>C-H5RkRp=x!IGfKq4;>6kPFbewsoreigU zM3D}#!^Ycm%v1>eE@hUeLfO2~?09DcbsG{cz(9*3;Y5&7Zcd;6KcvGJl8`E#-+dD^ z)>DY3^~a3t4NUZq5EDJphV2kAy^yRH3h9M@tA!8+QUQytI4H%0eiJqQSnP2mtE(f$ z%I8b54pI#COZ!I1J`wawJL^f(Pp(kp^=3#T{Rm_eGHLySfNc7uIZ;4ul%{OZt^~A2 ze$b%T@%r#R`S^kb1)Z37&lorkkX$c$sGh_5!8|MAX2O>(>Ve}iq^L~N#~~X1>~#(J zRv$V4y)(|WRyXW=qa_sjKDs<)_Rsf36S2mU!!?#Ht`TL?Si=QC;&Pq)6>GtkD{i&& zAM98)eCq6i+YmkhrPo!v3Lky9b|`n%zKmb$5C6k3a_18(IFK{l*pDY00o3&MI6_gx zh5ulus`0Z6uDoJ8&IhbKd3M3nYp0i2RjWK*@;Y6zW2EHHhp{Q^GIg~6e4hUN`CrZc zk>=%ylRq11b*mcUU0HGCEmLluUOvTJ(6j0!M0uo4n^yH(wOvBnovFI$GboCU!;i1v z`J~vw#%&})HrcOlm4c7=DKLF~LZfxSPIM;-4GBPN7E>;kp%4TfT9P;f-nA?#KIFaC zN|S4uC;4z0eAUTGl}9b-w2gsv%F|tw!abJ5L&>*sGIujluYCwQe(+A+za{KnFZp{p8r5{RlaN4F}{PN@9g6nmg}miWtR@itMp8*M`GozA?}~`4VzGTx^LLj%Ikc? zDl7YiZ;<}SbzhyTPMSSz!UY$dTbYXI%~ew>Q)UmV#Ix$WyiF@nb5dS&=xd_vKj5f3 zbM~;&BZ@ApO7YF?bT0b;IJ{pmZF*H_yich-YWA?HeCx@#s_s0L6NR5gVF(;V2CD({ zxRHcz=Da37zV6m%E_&D^#P2#zT?9}27q@AVqo?Y$@8pmTbQh0oL^ze-ea6WYGhk_) z!U8Kba``!4Rmws3vGW;;G)`NIDx3)k z)efVut|WPV5-#D|NXGJlvDzLr^4W)N7%4QqEf1kVWskubNCrsM%Q5@I)~A5P?d=b? z_kY>@!}Qj#^}a^v)5%!#_~8{SI{oX-Hxd7M<_Th!fz<;6Yxcq?nf1Y?Qkb|0UX@Bd_M54M96Tm*MDnDa@EKYzWjkz z!_k#9;yMLjyfV>z;G1Seo6)4P{0{53vg)7*l^b0bRNUOo4xOP)zzd{O}?jvRoy`rk} zM#zs|NJw_o@>cN?zM)sRYWw1sW*x0R4Mi|nAhQVN{ciV(z*iV$Fy1+c-Tm=H_5SgV z7L}KeoLr86g@g~Loq{i@xep%XM;t`MdyPo9ZY+Ok3iaE zcwqmFjLII~fHQ#i(2IZp>~F_!RSN7we_=w<`P`!{gH2-Shpc}<`D(7BerE5xbq*)Y zV5XZ7xt}+q2;Xu4%SJ3&V5MdeQ41X9cOT9ArqxaW@UaUWW4q|{(C zPayNh*VtDda##qP{R8j9X7A&NdJ&N(ddA_L+mlP41mPc{p~n*+Olj{ai+Y-Gc= z3U-$M%RvR2oL!|c?7#0}FoUXH@k#nGiAY$^kC3e17tn_lv*7-B{w~;W!9zX%$^qzK zGT@#AQQ!@P`CdL-G0d??LR(2`@hxv zTW<5O>rU92X|3Du;1Eo^TJYet*_LC+PT+Ar<0R4N_0kV%oirW}!DFlXz)LLBzFDWS zkW7Kze)n6y1s1Kw(6jqA4rMkDMM2=uyA=*yfCE&O;m|L@@RbgZ0Zg|~_L1q2@bRP*$65#Xz@#7U`JtK6K1P~Ihylu8TfuUA!NVI#|dB{N8)b@HSd?-)`V-L zc^~*G#-3@VT;oOSzbn~kt?t*W!!4;G*}z6&$kX`19`Dlz$rMm^t83Y%*{AFIgGI5o z2B$zwgR1DqRe7-2c)WMe@voIqdLJI@z0tyld)9yhz`wa{Lq3?NU_b8J#F-)(DM;0u zqH(Cm)z@JiSGKC!_J@Ye*`HT{Xq!Z*0oN3@L;cUJ?|jV}pq=#{ z|Nc&{yKbZG^7B0VpMj4(f9>y3IS#3vT($q?cN_(JGZg42Zj|PH@F?9KUg*`%m&q*w zZ`OKGDxPa)Znqqr8o0vW%H~7_@+?{zLp-05s?+TAWuB#)B=-|Jo^p3Ve6mzg4Q2eP z433ghycVuq0a`V{E`ndQ{2xsD@NY@mTwr?qs1#Iy`$3Cv(b2Z8z!;MgC~qUzB>{4E z2*v<(_}K%;Vo=~(T8xi7`EvrUtX-B_#h;gE!yDpg`WRR)yn)ByAX}Xm5r(+dw$9s= z&w+K`qj@|Ifz^4BS?@U?`o3N9GLkKxD*pXhw^V@Asg=LO|E#JRsKR|CXq}HLHY8F1 zib5FtmjnCF~dNt8?G0ik3J$?10BRUE1g_Z$Eu?!|IF|4 zj*sj_`()P4-f^xo!x8S`hL{4oCWBGdH3VcE{=w^WpQ&M%bclNF6NvTOm zv-maSmy(WCR(D8hWGaR+);IIDeTo6$c<}_#XzVo5XoE+};hDvpe)nHNCu5JoHjlMO zy{bCQ2Fl44-dw-CI+_)Dc=Ng2wK|^}N>wqln$eLAUV;Dp58NL+O3FZnag%Bw75fOd z=L|1u7)w~r%6obzg~o9n)@ls~MQ$%n8YkmF=EDigDC(U3eOHDgVK>f>Km4X*~|XT8yo{0BN9 zAklJuaevn&Sv?IOPcwi?XYNH(H^8QvG#NQhw=-sXHq zuzX3x?#Er_D)(#BS<2DePmN~v&}krahPMaGpK>s(m9}gF86CP&+Wa)~InMjp;K>0p z7(LEUEq+|fsd6J{NV{cZT#_f1=%uS&>)&W;?NADhX}v$$HTPLU^zQ*0*fZ+2_%G;~ zy;NqOIe4gxo@2O9bJa~M$gK8!l@C&S^n8_r661A=5|%j8qsRX$J^n!}EmJ%H561uT z(t@Ixd#jgT72iz)yIxMgiB4F$Le&{<3XR}A#rf$W9e*$m`XuHjMc9Zx*e!MFr%X?$ zfcr2zRo?2~-=T_9`MI7VmHT5+)bTg`9)*eU6lm@#HN&BHgOf0IZi0L04s^IoU{e7B zg8dGb1M=wk|2Y}*a!0uq;W>4nyDg&sfaA$2g9MG)>xk7_l&#cdS^Yp={i&D~F6Yln zIX?`!2tRo*)LdEl=x;HPg9UxiCSe)B5IZT2aZT9dJ{_roIFmg z^U4#GN>?+fbTgAmcRmNyd11fUsHWod^mtS;jm(%v{SXt$FpSS1=3vznc1elXG8VzH&Cnj4OJX@XkRS-eIJ!jJ?Qyj6?@w{nJcwp+0xJ`j zwGVHqdARV=U^$CK+cQ*?>)2q+kv%ywo9J)$;8#~&(VC%J_XLWLJkbICRK_)J=YuY< zv?T~iq@sihBZe`4GTn}Y(&Gsz{0?o)a$j+ieT!ybmp-~iopdvVw#Z7{qDL)lE8lR9 z-qu+gICL=(wPbsQlBJqqlg5#l;&<-=1#x^0OO(gTTAV+NNF7kF8Umvl0_H`@c)Zs# zTiv3nj_+TTMAxJJI0FGpg_+bbXqZuU^n|7Uxq-Fv8)9xiZA>D+H#KkYR4^gj9raXT z>1`tFjj~f95%o|>zEI=BiZ;|pze!UgA9o63EXp9{QnL_-=cM&7D%dz{6$#@dVJd*_ z=ht-B{{IGWuob}`1b&=> zAK!;SIz=s5t>tIv-a`rO0Lq_zTK-^Kru?Y~Whj3%hngpY8YLaku6zcaSN)NLNB8n} z+_9zZW5lMJ9c3St))3gSOazTEO=6$ zTTCy9;{l6vh2tr_;ijOh!eB}v?$r_#wBfeK$xOKzjj4Bw3-tj*FCwrc|vxz*iX%9uWjmf`_Nt=4y=!~mc%Giy?$zL3H?n- z>QwV|)$q>paHHS_m~`Q^XxRq&e>TwB_&(6-m>8YO@#s)F(&(rXlHN)yypdC02{sz@ zpuux-4Fv8|m~ir0N#m_v*n(G*Zlk+xGx4^#By*?5`1(-rBqG%kv-%*%U}wr z>v(w+u(}?{KY$Ouyn$7Sh(F7<>|Kb}A5J<8@~{^U11!;Gf1Nsu00!l4z<}et?Q^(O z9DvV}hAuQ5I(r=%SJWa9o_gHk`mp^F&0@SDYQnW@|>}P&3E)G46G@_1#kXp_|U%^ z;Ttxv>Qj-#tqOpvm)|`$vR`9FcX+h=f>IHm>dNogRYaLLbhB*1&YQbP-QnKy&~uVC zBzFmVFgy^#&fL|F$i7sw@XxEdTY8WRE?BldoeyCY7@P|E46QTmE4-@jK4EvXx7_o? zs@TpV9_gb0h9c^tkIhzBEhlZc$%{6jev~P>y9Z*bJTgyu zp`N4#$XDFvgg_^_D%GgVW2Gr)RGA~d5#=i9cN|1%v#}kAE@_|O3uoG$-AR8fOhNWL zQn>y$`5&6FrS_;@cCHz<5ecJS{gx~M6(2t3sxdsE-ctr%Hr6{l+`qQwFG<`~J`pj7c`edN)D19E>r|E-ncyo$3 zh%2esAuXGwNrlvk-j&S}-oSUVdtf`{mhlV*Hp-^u)LnuGSAA@rPp1rrh~$F_5VcfcmiV;8{B zkrPo%_soS_iczc$8PX4^g#T<;*XF6^>-8dE*ZF9lL099yVCJSl-0qP!=P8c8Z8#u# z7i86QI&lgUUFYJIOZUzEiTPHtwYX{y8n!6m0K%YxSf-|hIM4x#&%=b@^W>smMw;_hc1D@$LJYA zDN!e0gF)|iFL@G9k;-ccql^gYOUO~3<34;rEAPiceV8Xz{>wO%B2}i`g(~%05vsE5 zRd<;xy|Go6sl`(%dYyfXA}8yD$qF~Dh8@|W-rIxLqhqSk*S@vtiC3X4;{1-#%)`r1 z;g1=u`Gf7iqHk$Oh?C0m*t9IQ6tkyh8P!!c<^TPvT#-#228o%Jx&lgI$8_WNqE0{!6rIK5P=h{5<_MNUo6Kx zOL(ncX5F1MHPAxNFAK>H@TZ)>lw5CM1QdavIZK4D| z#{LCSkvB+o&_kSWP?4cRXq^=Idp2$-KR{ciO6qqnjONAYh;=%7RXww!sb#?N^H~JG z8b~iV16BT*D_B-tuliFjMkda*XAeO4?3zfw*Es@LjMCCrqqI~FB~&ZzegRkljXph! zLK%^g?!#=u+1)89z{BqdKTQNgLXFDK@wvMufhLtWzP1FH64K|jLk51!HW&mkY2dP? zmTl<#RoOoLB>sy*bg)W}+IJdJ*ZxN%k>(jQO()8RV5lW(?wV%AXZhWKe+<&eRT}^# zb>Ai2kZKr}3VHHF;{UuDK+$!eFWNSoW4@{f6Chu`DfQAg%z1cMsSL@noLz5Y%W%}2 z<$NufUOidk~So|zPjehr!9S8>F$1w`;vcNkGKh!(#zhOjz8JFhLRN~b}5`6kH zd!8TAdeAo#N|q8c)9Lx;9g?bbe4gcaY(Cp}=%S{U^`2xL0p+Y%Bq;v5fhb-;6tVtG zB=13rAUPL5)G0u6IVLP^pU=EbpFNNcijAjc_BR0ZyN{6;3cp}9MIFZJs@n&`FH3w3 zeS|T?9%Y~0{D)sqt{D{L*bg}VxzkJk1!F9>~AdhEZ zzO#-i@V3AuCm!E-c?8~3Ye5Wb&#lR0ad3PNW^UKq3*?PcB$B+||BtbEi;-)|()0E{ ztV?Fydu|e}kxh@rKp)zwb4Z@%uxD(DWRX0qZn9WiRj1iA4T8+d%&N*}R%S6Tb?Lc) z#*Fn~d1U!6*)Q~M;5R?oh9QH3JvQXqgJDbKfdLbK5ZW-Hu_41V8jUpm{(nX6%qsc8 z1=NnU){eb*?AQ@2*7{>bgDMI=I1@0_IDS?*Pr|+lg;lJ$6q`6XMediYDav+ zZ~QIQ&u`BD_+O=NxAtg^|5f$dRa?K3B4PiTU-eAla?i<6o{^;ZgD1cK$GpvN>mC&K z_kZ`vU;D#9_v`=L+LMy){LVCg&iS)>>&E|MT`^X7^**SMzn8|T-^X2f@moCm$Nq6y z@h-n}{jaJSa%(D+ihA<&H}C)P=I{T`=3o1RKX?DvKdyc2H-DM{r!S=z|0I_`71;AP zfAnYnBlRY`Z5|Dz648HmfAkZ-rD28>Kl;H()gcq6Zeu_CPycOslKO1F&bGpq-Tdo6 znnjP;2K>=4(CM=D_n`mMkN*092zWfhu+B^W|M)A*`(^o{EH}#Xaan%5EVs&Xr!2o) zl&^}iQIz{d*(}OdQ63cKVNo6xWv3|L6lJ$4kBhQbl>MSSDat`n4vTVBl;fg2Ey}Z^ zJTJf9^Nf=b!U~HvfnGbH4%k29$Z&;Gc6tt{oy9am|QpMwE9%z7h8yk#EE^ zPbt&so#K--@}F^^GtQljifaeQ9D40hdF}rGkVC7*p{K*(ki+nc^4fzAXCI6Y%4-`N z8yvpeMa4v)%f&%XF3hs_5Z_P*lKIH~I( zihR#HT=A?=37!qP;@N1-VNB7s+OS(H!B+c>LtoVRxV-kfOXlajHit2??FQ_2e^}Q6 zYQ!sS>%@1){qow*O$xbl`xXb4Z>PbncG}!!M@8Ei^YC3gV^^2$j`wxo?Cu4(+IvbJ z?Cm|}(4Z`P{V&REU+uttwMWH%HKYXJZBWwhHn{eCG>>bIefE%Vv|1c`I?x2J?KhzI z_xCw;_;~w#`fK~+gW_7VaiRlkv)SZuEVkd}Knu9mY9nj4$=B+fa-elyYxN}?a+lVa z%x!(!B^V*3nJE8w@kc?J-?L_(Bjwr^ULHP!H%R&2C2Tlx>c|dQuHqa{!?|i{Q zwJ~hJ)qyO-BT6tl;#R{B#TdR7HBgojj~tHP=pfmcf{z+x8L6^Idi_zCVvJPTBRyzz z!Qr&Q{Z93aQ+-({)omj^Ptgu!?80${-EFQmNOd-y4=jhaSO>tztygD?Da&ST$D2p8>5DgZI10G zIUjatT{92+H1(N>V>;T*qb^N%h7QX8A9uRQA9v`yGmpD8P>%gGj^kdlocVGfn!bC) zvEAj`C;cI1e$pRv?dI`Z`D|-7QAE9@f4er0&Zj+NE_ur)_aqJvQ-ua>Oyy;MHyMEU0iSxhJb9YA#ANx8x z-v6BA8TxEymljgapet_rc#EUoYmYVq-B;V#8?^cEI*K0ac%e7?$}Q@vUgsQosCq`L zY?m`H8u~iF*ha<7{8D?s_xdH;Low6Xr;W~_YG|Jgb>s?OkbUdi($eo+CPmUwB%1m>NPMc}bR(&LYi&m;5 z3VT~EJgWXJvHmoB9=S*9AaHdUr=6H-^oI!m_LfbB84jLWqdC+1Q zo;lzfaiq1^d^D}Iw0R^PMKjQI?4NNw9&Pye9Upf&(gt)K@T`NkE#ByW`u9=S4p1u` z`#L*n?CXe5m_cjO-w*q$=fge&|I8tMs+c*VPjRG;`AE(qdR8&hp*QKMcj?fZbR3;> z9H1#@IwQSlXVjZ}wq#~x)n?w?BHryq}Xw;sKZqlTlIUh|MVJ&heR zy-t^V_N3W4>OMW!UQc>>rYBW9)1#jjGkss%@3yFiey>SRK09x8@<{hNK?myC;_Gv~ zrK8GuLciwN?D8!bD!BH9KFF~<*0pF$9i??o26`e#%A?I^eWX55{H0Fl^~KDf(c{`d z^OScV_`7fs`3G&inhxXwbSqZPp3Hgg9T`@Ah?F|M<9}WUR70 zZ10Z`%h^Z0(cpsQ?U+$;7RyvQAES8S9(UR*%j3>~(PmboA5UQTLobtPD42ab=<8;W zHEfeGD3S$(77t@qgCN}Iw#-Ws8E~_kt+p=M?6ojoNe=o4N=9gHCAV)za?8n`+mU?X zDhUYAU>M_?nZS1!ZK5d^m>7$*? z*=LPWlUI4x9vo6<&v>Du`s}kYt)`sa(p!_zJGmUg7?)}Gd5`X1&Tcn)9bS5y*1~lR zlZ=NX{?gwWw^gk>9-LylHf9wGAAp=1Ex9MdW&87Tb{F+e77D8;>>g=2oZanq zniA5%opc$cW*HX;qq>rjgd+{}Bo~amvl!F|+ZA8Q}y)vPWN`v7f5T(2_~GX>@ve`?S+k za(=S4<>bW+C8I&3nAM1UK%yQ;q8_J2`gfKQ_klQ)b0^=ScHwr#4K&1%w0(iPVKIC7 z7%f+uJ(RHs*OVzBB6_l>p4qL?gU(15D)4M zZ{7L=p}L`xNBA-%c$`Y;ElRK)mC&-4$aNqYGwRQ3w5CX1bxI{Nvu5#@^t^6I=E^Kh zNVO}iM$Y5LVTbFE8$ZBdAQ^;^?knyb>tXg-y_lrad%EGoIXgX{>+~4-W{*Ac%^usy zm_1fUFJ^mBHKfhs04DhpMGvx2@hd zlVIC8{$G$a<_4QZdUbJFx*ds~YFSDWT3rQcoll zl*g*)+Nwx1#uvp!0I{fRfu|N6gs?)2S%8|n4L z-}~>A9IHxy*KN~HG^ zU(|xX{wE^+kkWf8-}{A-7m0tp9Q^Bgr0-LDFWsm3>5zX+^4IA(@6vs)FQ)T}|CsW> z|5G9V@JG=e-u?a5F8)DE|2U<8I?|6XzF+9?!}n5p>$|~koj85{tHIy<{U4ft_eYW5 zD}UMi^*;{&W8&Y>hWzzhr0@P-od58Lk-q;2k-kgk@BKlN7m>gCyTRW}`HLj~@c)GT zb$Z^1zaRYdRGxSLLzMU9&%blI?xpnOZ~uz<4=MflUj+X?@$d5aEKljXl)g^sy_8;0 z>Bs*(?o%ZGL*n1(^waOhbH5(x`x}wo`zIs4p7@V1QoqaTMerXPc=Y!UPuqWgC&|0% zzP}RR@58S}dhb^w{g~3?-wVC*I;HRb-QYid{hn`kFYBE@AK$n5i;-Ucze6wG`#X`o z?!JiU|Cw(&eV5XEDgBV;KNII)r?mLl#Q$FC$q#=!((8X1>BrrqPgZ{^?!Ol4y_HDc ze=ViUN&aJzez+g$y9bdLDc|*t#Q$F3_j{ev_bL7Ow?kh1pOM~6@^_g}Y4Lx>`S(8+ z@BKQZ#UG`9@VlXZ-~TU>7AgJs{M&x+`|m{haXZo?$v=EE^z^--kMzS|j`Vew|CQk1 zrSy7|zx&=!+&887elhrWzww=T&)-brOB#QQe<6Lhe=&W>bpHCk6#Tn?HPYf=OZom% zq#yp3NU#6PNuKU=FU!+)_fr1%>3;81z7I)$J>~z9?*A_5&-YE&y-wre>y*Fv*?WGU zkAEi8_nH6kr#oSygo3+emma#V@iuGPyORwzV5$_d>?90eBTc;LsI z?(?^P&FQ@#MS4Bk8-FwGh7T$I_`AX1`<+PN{m+R{@^}AZ@Wua>(q`&!eCYP;h#_ay5vh>Lukb=9+_x6RgrX`!vI1 z4x3-|9&_W~uyN2X=5BodCB_=5GmyeztvS7YD^g|^<_vz^E$8kxn>bgby(aFh(w3&1 zNQdl&LwW)l-695TI9A@8v@^3VHn|S(4aW0%TaqH)p zffGnDx6$v8kI4`Gf6zG;kN3AtIv!{OZO#bDfl_&iO1pS!PCI}F@Pd-+bDAK~^O(8(rc2~b@uw^GV|n2Hc?G-m`xJdm4tKtmvzIl(Tf4^mAPDs3~}IL9OfU~oD2A=vofmAQ>q&0~ zf9H1acfJT-&=2Q<)O7vui_P90rJmRz)%1b*uR6Z}&=CCGQ&1CTt4S}I@*-{b4gn01oAF6Gr?-$CH&ipSN;RiC_pCiSQav*liqA*dZ)w6}j(JcD zUd}NUDoABcU=K6rq$9yEbNI2o52>a?=bj%N;DeE#G~R-mkd8Wi-uF4)7%<%&nedg% zIpafo=k3P8^+q~Wxj>2leViUJ5dqI@E8l3qBS`JNlyl6iY7SNDNZ0M~y;Lrx?Lj@I z=GnAEsi5a_ZWkYqsgSu{fDnK!QcX4}?Y5g-zuO-0A(W2jQcnGT@HAQTd`hS8C&>NY zq?-Gk+r?c}d5lioCI#nHJ?(;osJ}AF3&Ihp`jvPlr<9H@AMb`vsKK!VxAZG zbM6)05g1{P$sH!hNv)TZ>N`e?mn&Y-&K%AslW0!maf*Kq;H#9XB^A)MrE~<2Mr!@0 zRQiq7dX02&NPUtHo1M;MQYJ9Bc8j@voM|SS=YSr3e!o8&F-04m>s^(Lv{X!0KjnUb7YAb>H_bJrUaQw^|#Ipby2uduQG zb5iL?%ITE*8!Xd(n2g%KMGF3~`LLKfY#Qd9qY=^%;N9*?`}+bhNZaRNQlv(J=9s9` zB-`9kqk9T;K`OoK^icH##>Olqsr#!^qcw9Kzequ9d~Xi4lyMHeXQYm_>F=P|)c6W` zHCFvI-G%;CDt+sera?N?B(+mbYrt>!&v>uS@E6;|jg<0!9qZL%j>$0BmvJ}l+qHfr zwSH9!IxcxCpD;Kk(dN3=uf-fl8_+OmAho21Rp*YaUy+0IsXmU!dzx$^9gZGQE@Byk z5Rn>3B|Uqn{z3Xk-a4tT;Jw6lB)L8Od?*xoU`G%fgo9kIm z7jw*~xg7!057mGAZ@#OkoH?e?c!X00NzC<6?hA1w)%d1V`dn$WTLAf<`dQ!lopd~M zeUl0cojVDHn^gK;{D5)CDSAGo-2Wui(@9e=2HzfZ)PGJ={SvkzYa19uDQ3V{@;3>z)qtbN`DAHR6jvkkHPRrd46|>D66-B0TU43 zQswN{4^qY-7mGV7wUynnPg5u8+rm{iIk5cRJp~s(M4)~I;PTH2?MtY>0BjvW13$^4q;FT^9 zsmnv^@)*a|`N74P%0I?D0p2F{#4Kst55#tF1AR)0Jygt{wub#}`lnKU6?{(f0v*2F zS<(|{C;;hGe`fNZ$9JCZwMUhR<7W2F^+Wpi7wLFBl(B~ram@!Z4 zc>c!sZ`y8$xRr^!nRw}GOHN5}SD9aqp&-zv>%`*)!At@Kdh_d_mh(3#&^iOf{0-GO zH9c>OA6FmI8z3P$rlN_0}MmX%NATMx25;AJs!bpp1zD z5k(?wxz0b_+I@&IQO<|Uz_T8<4;q+{5FP4yz(XGnM>dz|6-)H+`Cd8y2z4g|bUqw~ zK|K?av^MxC5Q9M?&cW2NO6MP)x24uiFjHm1imIHq1JUh4&~L|joyRnl`vmmN+c&^y z3PKf5lT_`Q*wjRzBvE5u(k|se%-ci2)SeI507>`)+al5@AeiZeB6#LE4>lQ?cpZf_ z@jZf2SRsqw=!i&V-s+R(oWgJQzhdn5DY*o^GKM-fAy0q4{{shC%|9Q+9QwS?etn&7 zsj!?`R?o2|+D#2298ro)7QfkqGkWKAuEY=AC5u&J$l5_kq}< z(m2J@4M2o@fe3#T5sDii5B-6uYKW7rW|Zf{GvFciDzzUZ4yaO| zXg?74)FdIgg739^ME_Ky-5oTe7wlRk&=Phpj`#ar-7qv#Ilo8EyS40D;c`l!kI@xk zaKRA5XM%8qnFxoD&Fj%}J59*nG$BXRgm3uOu#Iy_F&OxV^3CR7GzLAFP;IzHbnd*p z1l*}0_WI?#!oLXIE#@2h%)T>H%~NqZigytq9VNm#3LT6EtLa0k=i8Y_C8Ns>Fae ZIS38Fy7T^^-FO2qIUha( zcitZ#q&%8aXE>hM6y}g|d*0^9v#|&q2S&1aVvraKbt-gb5a>)3Sj*^nc@5fH2^_)vK!*GNys3Q@xbQMe7G4Dtc8Ej#?XRb!01!q@-#Fw zn)vFW30gmqUP!E0O<=X@s=i}SL^yIog!_t!T|AKk2y`#{qL`PdiP{x0YzM)-GF=ae z-4he3Jj^^x({k$kWLK`tybLzY+RiijeSQv@B|_>HLR0R{m(FV##MCV25BG20{rvXl z5KZe$2s)8s1WouVBy{(X#3PWXb&-d-H&^(f3?(&^a40y1Cm|(c!hwmB94jJX{-}Na zKy%gebREGP5IqB3BIG~t2^1}-@WJ`c@BvMVCdyR3gBTz-ncn9Mc9<$vSc3@1BFy6^ z*e;$|s2t;0VL}$qe7Cb7Mg;*W?Sbwb4U?fih+`3$K?EMmD}D~0A|ecJ5yUH7!WP)N z9Q?`?)APrn-jVoic-Aq#5se#S{Fs_XB5PlU-h3~4rm~2n)seK%;_EDYf&V^J;F^?CaUJTJ|pD5yF9zQ`Qw+I0U zNC?8i8X=GRi$4LOcp3tb(CZmAgK#BK710t-Vszltn?v$bu#*@jM4Sk%GqI=mHc3!* zdRB}e5IBE)LKD$XPX--gB>1Kfr!wUs`na-u9efJu{2;7bkl5^>mwUlb!YK$jCMKFP z0&#mDD{gXr!0@5?c}&noyp9NY&6a?;C4xY9OI*FmBZR^dh9nW_33W!WWyT*~XApyw z2ze!zc(jsaNYoH-0fEh>Q{aYJ1`uNu(fMdbA@INSb)1`dw1&{(AY|@aBL5>1JapI` zsNF&EGJ<{}+AS9~d>S4xWI%NHgploL2{B@*CL|h#O}yx{9%Y`6dkpvpLFD2VzSR6M zIiV1P5j{#0c{#c>Uj^I`V$i(r7Ue(+mrxNE(k)?7e~}3+>X3wm51J-o41T3{IE)dt zm>;Rf=?l{22ADlT^asNkt(y2#zo+_$$MVv4O@dyY- z4nfe^81+S9Y~6n-;zIG+5IA#jX9y1^xE|+1%H~fAEEAMs!XvE0E8PnO<+=TcI8i0o z?I9dyUf~KDQ@A2YhAtO1 z=JegNc7waFtGNW#!yT^OI1rxXD@^$cc|rVhR!$EdGuQTq>$235L21N5cGB;5*B?Jb zh6A?V>l{JpS@bf_;=QeFiA#-n3cxyy`x=cb;yOizg)C~I82oxgk9q}w`Yo1&LG{82hdR-KBAH_7P*PAhBDUF}JmTvt!#Tr@ zsgny&%OE?s@cIBK{7xBMwGE)x4sE8a;Uev-^+GjTPFj0Th*f)XT1hZWTgo6nS9E@Wys zqIxZx`!!d9%*LQ(H;Q89J)lk>4;qJ27L7Gg7CZ^RXjy}bU{+HGsS}0Al_(qYgvRr9vU-rW$E^AL3L%X`BBrT*3IHFGy_dP!@jhCTjPoK}Euak!kwo+4nNFwOiJBemI+= zB8nF3oY+8Cj?`iT2fwujE}hRZGIUOuWkZFjeHwQ()HFYnUJseZAC?#tF zn5*yav=6zj>SYI0yQ9e(C=Y2tX&9wc$PAG|F@Ab7v*tMDS9s%4gU-oFcR|rxotSz= z5C7a$YO$P6S_O(`q;>$6dH_`F=Z7A#!HH5u`|@*{ zD8ka9HSP7E81~s||BOMg& zIj9&bBs0iHS#ScG!NA@WH5|oV(nx~L({!B%)EGNqh!s&&+1?T?4VA_UQBC)KC`LJb zCsBaIGTER`ajlrf6ZMpuYu9QmR#mco?HRIujFX}~f>4&^B_4>15l0kLgIY^eYf(W~$xUnjA`Lkiry2PShx5$NOz2)2Uspwn7_n7yFr1?~GSAU0=oe zLe_fawM0-DPBNE*>YM5xpfzN_*o@&?sPiW7AThDE14cgk8#T`($ukSeUt0EuTCrsK zt}fL9qn~u3WSTNl`3@Lvwjv)?ypbo)zQkUv$;*`iQ4{5UZkhWz6vm%c%mqc$c>_fY z)@qKRq}PhtA@e7U=#=F!X@;Vv$uN5`P%*w0H7kLp?$_x>(1j@JIE+uI+zy!N!uwL` z6;5vGTU3C~HF_H^8s14w4y%eElezB#i@!#!#hSva)RGybbbCR1jcc@mvU$(i*cvN)xiMk?qC9Sy z8g+JA!-kA;i!T<`Q>{d^j5?&X>)Xa#DoS5HSJrU5<&{WKXAcHILz12O3!2*S>Ium_ z=2@1Wi!8tjot2SB4at>?`V+;)d<9XDHN9vmTDD}*ghE*6by2k*F$>tul(~mHJkXkh z8oslJC@7}pQlG}<2$-TK2k<~>OHCfFlq{5>Q^t}+3CanXJh`CcNJ7Qv4AoRmReRAI zH$4uDRjhg?sBokyfedrUq(h-l<&D(voIPR()j3y5k)5Wy$W0S~fvn?ETvY!MFI4$P zgY-sF9`lef#)sa(9(xe_%9C@98bwXMb7<;88tsuGi5eHBF+OBZU3$qhf`u%4tz`Rd z<51n`zbvuzXs>*Bm8lI;o>qfmu0RfOZNQp5^~0bPm4bH|6uqbNsp$(^) zigqB`7T-P2Mh!`(5!EtcjHIPl9ydnwnF?JZnI_hy*PwJM^~VpY*%pB69BP8<^NP9& zm8=4&lXjC~Kvw{m2+M`Sy+9GX74-(!logIOCigH4Z*7^f^&qO%KNN;kBhajUf?6tS zM4-Hi5m95QyoVXD%9M9ZZP12-!k|62$ILz{=K%$nlJ4LxM*wKn@=O{Ad{<+IVd{BM zUY19`WVJx)^Sdmjw2II&)~51CUJGH3$*AB3X~@vwp?y%XjIq+JOd)z|!j!F+qIR0B zmZB!7ddJ^aROn|@ZbPEHF2ecr^|>OvZ{EmWw*ac3Y$;fVC6i<-ecisehoQQhasFAW zS!ZtXilo$lfr8cGVveKm`cUe1kMO z_gwbqyvZV{4zX&G%)WYxrtYCh9%l*JMf+=#QDoNz71?WLsY4#+?9?CUJ_E^G>6BNF zw?B7TPo6gsWtqfV&!j##8EmWbg}&_XKg8B!Mpk54j%EGH-rlym8)RdMZz!}vWPZdG z0()5WNDx{*CQjvKKyJzT!OyO5_MQ)RN3BjzB(||J21o()c%qVuq)5ITZYCtIsSsh2c#C7=IYj39x4Jxa zpb34Ur|t9nnv6jWSuW%aXMK0)yP4ek-dQ@G)ymwS5kiy&OppuG|(I9dFO!Kf!rN*P&CifWZx_o$gx5)lLk=1qkq?#1T zBts4)>V2r7xw5Vj2B2gz5G9iVDVYpR$z-Z1Ic?86P4?5M2Z^5vsR{h}0QlT|{C!oF zoo>u5N(MP@%LNk|4meWxQGJ(0Mmw`~uP+rJah$Rc6G;w8MQ5T5ha!z};TVWiMPvQd zHOI>S0ZcyBg*^B0&>2uN$%un<8HE&yU%suGyn49fvI`SQKQc+smPYWpeh4lQ^}5`2 z4fk&flV=2q@H8fRxtv==CZAo>thOPEPwcY{^8!+?{Bzk;^?f;JHVEo==7l!YAUWAp ze3QsN!9Li>kYltGmKCHOdU+!Crq)KQX+xqNVxAXLVWEVRNP2Ry;WgGK{WX!&pg=V6 zYU;9_z)Ep5>n*IALyZ9UX$N@_Eb{rY_Gnpx0qpzNngkW?UJF-=M&^6 z(mk2IE9$L0iini42Iw24TS`&4i`|y3l1M)|q&xkynOL%I*P9I4FR5dqHo7)zgOqp4 z9V7*(q71m-`O8DbAb}Kn_oOYKq^=obwPfYZBUw@Bhhe+=0jkjl@>UfLXml-0Y zS;IiG&q})Nh>^_NsHh)h6%WazN?4Zl&H*}w`FWa=obi~SgRH)>ibC8O_9#*`+$&m= zNC8$GUw#X6n4+RY##l!Ec39p)KUDK%jX2e&RpXG`EPfVT0ZFWgt=4)+>xaP?xUZc0 zz|QL0wS~nR#L7V)5uEqs#zT?A;Uh1`uP1k&8MI8|8bIQ4NI^nsBs2IWl8}l=cr=M* zqz#hk6Sar%`5Edm$xtWzS9-;^vXSWJryAdSp@W@dZ7g1gWu}PbjZF z=?9ZQYTTjMK5aC|RvlCxlcuT)w&&? zx@NgOwjfnsNYcs=ulMlR^L_KsOy2Ra>;vgZ`pJg%4P+jrAyJ-8>!@US_qn$)7oJOY z(x3~xLc;S$s*N+H=kJ~Z7;qtUVDI~ zNr~A_(gXzsjyaMKx)XQJ|vC-^9sKla`Zf+ zokiyF1{o#_85lrfqm8=exbN?7Y;GbI>3u#-rkD3d0=pwNhpU6y_VQ(N2cEjt>5R=c zbbIR8{Zgi7BA<5DaTu0QZ19O>Hp27nBGGHszj*sYOdKZR>nYGxeLj)u^KLBa=v1Ge z2Rrrbe_NL}U;tLkbe5mA-{Y)if_OW}B4= zZmEy6y@NE{J4O9e?)t8_QxG}!v{X@7Z*|WJk_apf`DcR6r9l!I)n}=!pd^iUCLl0A zz(OqG`|P;&jUv<9mTy6w<+J9XiQBty z8SYNy4>3ppWe7U14H{qp`8TKD>tzmcMjq%!jORj;A^&1# zi-I0C&ez$(cHxHNS=KdBajogb{{A4-Kg3oR-5suLO{d;nu^9Q?1=YmRxnS7F3W_`z z4NiO;dneN#Ko-{hThGTQuWl9-nm$#@Z%@&DNAw%sxPmE7tCsQpOnZD|_I&|Wem|l` zp$CUJ;SPmgP#mEQ2Yl6q3d7m1FFc?=n@1{7xxkp5z5SpgY<s?v@LNby6D$IK*xjavAlW%TIKRTPZ(dttMM}FDyP3=Y`_kGc9j^A+Qu_ zt4znWu6mE-$j?ta!=yG3%_wM>9y)zM))C%zlLC4H_(DVzSrl9wj_@g||9}9}1 zzpyjD%I$d5aAg|s9I)~9q zzC{SR=D`<)EA86ahHeZWrO^L{3Paj1p>0*TJexvt^eD=y8LSweMFR+h%PsoO7nvTa zrReR*V;~3sh&tKiQQG%U--|`KeWJTuZ$x>tS)wJ_2RUmOALsnL7`i}mDi6W>xa2K% zK3j-|xpvf{e|X`As+5i4so}?(){L1!BjlnTYmsP0HEzgS?bWcs#;8P%% zNf-m$+TlklU(m&dH2HG z2SVGCpqX!FI_1Hl=){ct0#v;@Svf)%($v?iS}A7`j2SBGq%0JdVvY*4c=KU;{sPU-(Z)rpfPCBN5ah) zyj|ac`i^M2rauBS*aPeI+bnW`rkZHwEGk@Rxx?BPPIQdLiV@jmVI{D_f@y0kXaFP7 zAi04HiphvR0Iii*0dI(A+8J4rw1i))Z3&?n zYixg3G~Y=yj<1&;LXVjsHIiS@<8*50k7E*bBe!;st2GF@M2v5e z%(RrB|?cS)ip!HhxFYTnha3*-mPG_QHYANKrBf4}kVOc^C zDh4HbvtrJ_@%cB4MIi*A2~r_4bWzyW4H}YAdKi4$gwlwKh!eV~n81y|X~YEH1F$2e zLU|GsFpn9L;5o{6>l+yeGm{Y`F&Xwzws>Z`=8Fn6;!Iqg&fNLj@L3cm?v>8`Tm@ut z&E4r6#H*!jfwCp$Wff<`HC!^OkeB)F>WD?8I__cInz8D zuVd_M+8t(int`Up0IWjW!hljGRSM(K97WV{12e+AK7~PqMY7IdEvCPoR(^8pAJCH4 ztp_s`MpimwbBr^<7wy5i>|!zf!}Zu0io1b;ay$7KoY8w~?h%wKn9Xgw1)0Gt)cYt~ zIO5zu%>G5H12H%^TCx>qXw&kk%ydq2B^ns>#2DFF8HB~+09i8(FM3X#kse@7Kp$S`R}VN7K}gv8=bSOaZUx}UnQ<`4;tiu@ zK=s2PkGOl!#18CpD!n@bR( zRL}Pa7AY6gt`geFObqK3S&89priSb5h}BrkAys~8pcn2Kqae&Unh&!&AA)nBqF28qB0z zR3c|`Su@qwws0?H!V&BC0j6ktPO`26@ zn;>VrLO`dnCItoyFpNr_ky8?(N-!Bo^EDYt3&sU=U2mS8-pSiwEN%`r`# z_nQv)zrheZo+kLgDuMAS!AU33`*ARWV~*Y>xb^CGlS!dq%LB`0y0r4Ky8c9xA){4d-J(P`pu-pXU0nPd5SOR+m?%5 zGPy>LJsITXqJ8-Ma-ee9Ah8s1QLitsNLY{=;c`SaiLv1xePPG()r8hD#lsnl!SET% z#ogzVaL+{o2__}rW$qjB(cNGsT?VFFHmNhjBE)JyF#sBB&~eSAV^DfRzA#Mzb{FGS zJS&@-)U)CYKqW{YA4Qk+=g*TUVe@leLpIGH+JxlGAkE}hM2q$Z9oAp(YHa* zc(=g@Dw1sI*KV442qrpUeQ^()&S7Ty+J@ny7-HIdh@{fAu&Qc18L9IpF_W(`!;}4e z1l$QKkjJ&yi0-1%4u(c3jjD+9Ma`h}2LTo=1_0+3xSa9F3HVD)_aa4PEIJY_z8%?8 zEUqF9776Q8OpyRk7(r|u;~_9aq4D+9mS8-Vv|H?yB1R}%vQ+owG0{JT2`p+wR-X+5 zcn28ntA(mtk2l1Cs6B{10)t6-TrgfqMsXr)D`w{tga3sKvB-j^E~-J6I81EQ;b^Eu zKsH*jKYbwvI3PkTVCXTil0av)QQ(f3B`sp!jJ#=!O3i925CSF_aUmBI1m_hIi`s`n z1DN8976r(qCJ*ENI8s4_Nwz-`!s9`5WEOcmZMA)<03tEDdz)d{O_kWzUZ=xXUgoeE zZVi6U^8>PZd%;wrEQo5!3MEdUSaeucyM;weh3Mz3sxPN3JsQ8W9m+jUYo->(5O%C# zs#wfm8d_$;C~~Mequ8OvqsH*Do=N)?!vqH318fC`UaktUm&4rujyECjp#5psRk!rM8jQT6St-cQkS{}2+_{VOHUBF29#WE`~?1;h^Iz%bJRAW}L zXooO{sbW!Xr5X<1I~WaB!L)mm)*JAdM<%j)m`dF&0b*fNA2%-c)kHv&i$#`Cd9?Q3 z^aU_x49G4D*vcpljAu~<7#Cu+KHd0^7{JTa;$bw@I&MQ}vg-6T3}LYjX|Xp2d@Vvx z&cxP$sbd86#jWL^I*N%YGgPw}u#GUg62m}`x11P;4I+KS#Oft<0*u;V=)~HhVk94G zMn~^+GN3yS>^GYc)@2YzXYv5%Gnj4xx9ALoh#*fGM&Gos4hD=CyN&$^xMoav-S8;< z5-kDBnA+kXKrTD_i^36v`D)9LMaCG6tR9#&WfPOe#$eF*p48xscbf`zn-DGyl*%^5 zQndOrg8`a!2xp{*qK$@@aX+2Oo02&CX)$48bR+tl!LX<|7|(DeO%9{^@OWrq6bkQb zz3ny=x+)HZ$s?_qN75Xav}UpuU`9cqp}e_f(kKEJ^W-PljFEYbFpO3D`dEXqvSYovQLNI}W-Kx$gVx(eZFivN?U7gWr9gLlGj=;Cd5j1 zNU=!A8#8sUO_Ym8VN=G!_yrm>0cbHUoE_1k8MUZ97|LG_Q(`bBWleA<_9vlA`KCs$ zqz=@O%;fRMOah9R1ds1y27NYs+bxznwo&ZQfJ~-1qHw1;0GMKlZtG1MK4YumDGuDF zSW+E*rdF+=XIcWO`utW7cnU5fQsO4CkGTr>F(*7jX1wmA)mg%|z{RFGurPChE2VRH zKA*~&g0=)XkrQMpuk8vhgHCWSC&6UqDiBNDBp6B@%^EzI&>!9Nr8LR9gLx{>;XLN5 zfS#or)D=LKW>JPEoUy=lIV0RfFV1@L4!iMiuG!xoG}dFY6*vXNt?xM;Mw~XkcMuiV z0kMqQ>qjz#xK4o9Zq&TEA#l>*k--#mo-WdMA{FQ9T)4o#1bFG5!Kt=02YKg`?yoRC&Z!AJ*Zw=M z7jbOIX4fvx!O40^IkCE@&cW#%rPg)5q3n!<#ATQ(&gl!%k91B!V{c=6dMSZpu0hVF zO>}m_W8eZ2^IP)tz`DXgS&C4yT|0o}OryfOeo%SohOl8iwJ|@qx83~3bWV%&Vs~Ng z87h+9e{k6=j+x9ubJm#a51&4TvnGlFF}T>Cm5=Xp0!-6j!#Qzj8ZB{;Y~8AN=$uDn z_gkZCeo39XcuVN|x}Q@n>4%Ri*J_CxkF|kV3!H0#=U`+A5QOV?abF`=8O~uB5kL%Q z7sh5a{UNx3Z88@s3(mNg+P~VFkgdwWUsC_^P%Qjo$-_=SU)zZb>Q2R30VMRx=Y$zyTa?_eGReoOfU)#)OcY zr3^DsOv>U0T|F-hvi!D>yz6-85-euRu3U;9jDsy;%$!g%2LXvgDPxZbCrez68sfYS zYjqbw%*Ol2f>1ceOmYU75|;zDmL3zE&SIoM<(2@us_HJqJs+f(G$$ynr8 z(0t0G)q(d36Y-C)nvQjEmFe zh`9}dAWB0fElfAx#?qiNs;Lcg}Nt?)9VHMSWI{(|Y2om^hTT%oFs>qYivf z5FeZ@DTYz4Jza{BtlX#lDjDoqq6)knPmJg`tEEux#zKUq3A9`KYnyP&)5pYSCd_yZM>2f?pSz@0{8 z7C5jp1^DnhIJA26ji-ad-i;>DITYQiYQvYMwoDGy1ihJa=Xe*x;W!_}hESh_< zbRb~y0Xw&7@l!@GPJOt(X~aewIpY2h?7bDc0Ac^g%34aT2gfdMlAeRnVjck;f-bl{8#Eus&mX5gF+HElER4&k^~;H%c1BC&e+e zYO`=`A2|K=E5TZ{6Iua5Q_KXblxiVfjmP#n@uiO$NmLfSaj~TEr#zAbC(KIrL~wa* zfg2NJc*5)gA7DmX1$kSbe_|G&bqT{3Y1Se7X$pYtX4|bUgG1qkn8QZa#_`3HZNEwv znA0062rSNRrBJ0Mt$3T1EFnBrYvfF$n(tnwN0R4=X%& zNp0$W?}A-Th?p>!N3}~F`cpYy#R_V^m^}GG)#K25iYrRrDB(aJN|dvjG2yF#_joHh zeP6ifjY$_^&fD^c{x@X!RNKT^J1drCls5*i;x}f+^|EclIsY0(f(Vurrj%`H&Iv}Z zdcU@0Wn;|vm7k^H{Qb~w?8(ZPtL`#rPU$mgc=9pdBmJr0E}Ha?;nbMQxeGQ^25$gx z;cd0m$|R>YX%(0xn_{Ngyvkq*+bP91P8DYxq~hGfE6&(iaCyTcae)v#ALQPzKFf|G z&9*|wmh57@BG^wsVN1M-ieWsZSQ<}_%y15tj*+=oIu({u)u6x>EPNK8OQW25m6~xq z-qsxL+BjiwX+%%w(#U*?yHhNuKp*@!u!w2)8#iwi%N2H_B~(+aLPUyXYdGd~KGQBw z#qz*l&S&A^70X6U_*#MgE(;b>rK}r8fW7sNNqmmkI~6todwU9;fTc85WDo3}%Vz;V zswH!r^^&s$WtjDIjb#Lz;fn(Ho0o6(GJ zdO$uawf6i37AvfGUGE4AE%vyzF4!i01;skC*xfUT+$s#J!MbA=VA)%RK%`tMH(B@% zz$0#z*>;Oxu~?pbTp2lL0h;zN*lO*q&U&$*0@z$gvHaVfR%Te0Si_hy4_yKqJ35O} z{racZZDCDVY7R87ItxoQO~sB?v6+nbGX{aMI>%+6nscSN^8brKnYMj;lvaFSKRxG*> z736F2E(T9|U}EzwW|5hG68TE7X zx|V1wwOIH3ofr896B3teBe8Dn&a7d-OXUFuEJxH@{xuKS2vzf30cX9#wqlxv!!B1? zUAop_9TS!^;yEi;XXG+dX0an?4m2yqSu5B)eHEJzDHlbT$aa*fqNfs zfwj2H6{=&T1(qd6_+SxxwCst|Y^#*ZjH@lXy=n}w6t}^|nD@vCcE~1rR$s8%v@5y6 zLs%RtZQC8twpclX+UyWyZ`nv&`xoEtsj|vt8v5>|4Io7JdT+s|>3*AGnN1xhSnn9) za5OU8ij{8y>az?Ej^T&))9e#$+Vab`U%C9q5NLHPf95B=B_0JGHqbfdNu?)YWoZDq z3yR~7GONlE>pA>(YbP>4rd`P2#w`a{S+3waV_2|8<-(cLS>oJs-NR=8Fk1UGOt-DG z_=^drgAMp8FSblvGev0N5R=Rr`GG_1g%r=0^f>@yoK zTh>TV<+Jr#R3wodj?v_mm&PpZX3eakOHm!c-^S}lw=T@#; z;fUO?w(MJuIy0iCy24e|UNMJ$v{^c=_IOkb>auFoeJJ!sg`+umZ@FUk@MFoGQ8owg z!D`)OUZS~dn5Tk;m$6Ygtx03h_YvBgD#xEIdw}KgG)qnDr=L_EK*an=$a3ty^^6}g z!A*mWh}u9iVHG>YXXLB1>TkI*tr%g4%}!@`Y-j=vY_RMVeOej`)+Sp!?VP>LfFDx| zYU4Nv)gnVcX;=YfRrp7+A51I8Vmaes0f8+8fq^RzE&|_N&XG?M-Ls7K%-(7N^z(v8E{Ey> z)TI7$V)IAAVA0PI!Qz?~%ZW{>0<2Y^cc|yina!D5w#T*chQ+cVBusV%8-h+QhhJUU z3{^PMv3?w88K{J)(+oUhHX#qofg|O$XPG^dZ_NkALR1Ug*2ke@VHE)JyoY&!@oD?f zy9f$CO6-XJw&~M}rN>8z9cKxs1W10&hR441=*VrG=@+qS=N)hlmKZIAFFEY!2#bnW zI3b}t)(Fa+@FtDfWLArj~)mJ;N_Rp6G7%+Wx{9pdsz$-X!#q3c@JF0=uT#| z^K`4zrdwdrAgxpaXE`c_13OlRoUor=rh19W>d@+dZLoou5)v#Ywtd2W;xWM@R^CnZ z$%1{Bez9sfgEhQWZ!|O68qKgv9k?d^jEW64P_gkg!4C7DMq&XaWQ6fi#%<>955)>a@cq4NN#JkF%Ty22MTA;|g5D}3z=-@S7Ey({Mzubl5);YU~ar7QgT z75?27e&q_kdWC;~h5xZD{C|9f|M4sQPh8=DG#`RoKSk{_|2tRm|I`)!M_2eid4>Pu zD|}IgAV2RPxpMxeukhEd@Yk>KKYNAOuWjis-@jP9%&%SHKabN@{y#_+ny;^=3e3E~ zb^T?&_~bG_cZL5VPFMMBSI*zLa{lfW{^^zcb63vayTU)b!aupf7pX#X`RiBCzfOGd z3-?Ur_Fk;W{y;kpKSSB0gW>JfwFjRG%qUg_V21x`yukbvXa|4m%K6&~m@^W``7f@V zzw>emFy#E*Y49<4JsQj+p3nIS{OI!@7Ge>fd6g%jhVU;_IFF)MRDO63WU+Y7yb%FL zI8X}l6`V=TnfWPfRQz<5mU!1x#A!MIRBTq}!#U)KDwID#408O-mDrYx!N=-Ye8i5) z{05A?!~>dDe2OGmN%3SGVN`P7zmlS{cl~I1%JtL0-~isxYXwTdt1c>-G4VV+mq&P? z%>=KE;k?j6#>*I^gV%s*pM&S?eA?Na;Q~Go!Du5BKE}EUFJ#a4o$`wZGpw!`@Avol zw7~Y$d_L`jR`H&36*8Ev=i*Pj{4?>o8)1W=QXhbUvM$4<4qkMCg%h4FoN(_F5A+%N zxqm=@n3LTx5CVJx`C{4EilI3<(5@fOyCSkH&Gpe(cOGxt`MF#AzT#Uw$Fs46Zt%pn zrHHfOnc|7Xr0Klo7rd)-@PK`;PL?^6Ur}!d92{?*c-eJ=9ykvg*w0?F+J~)xb(WnQ z0?IrFZ|d)H9_!~4kDUW-($n=-=fYLx{=s+nnGKm~@cNND`2^p_f5^OqT5`zsirZa} zx5Y_?kBPm6AdnMv@n0K%*XQZ z$@y1mh`K)If0dt~cz#vM`YNA4?Bh~ST3iBk+LK<5?5C}UfI2K618*9&JJsq5k=Std)RVGpLt&VOn0v!g;2# zns{g76T%yl#Tk-<;&~M>*o5oHs9mc^wZCaTwdd-*W`=csbikI_>y>`MZ^0Ml*B8AL z^~#ORy9bb8KyC#|CjMEtb^abYZyju;cO}NM&7pt|W)$EZjR|_{c*V>oAE7!Qu;wJc zu`Ay{uE*DR)Iq+Ur|SL66(Co%QC@}?{A3|nxsox;6sNah&pVtvpIUz?ka;aC6Yu zpnhY0?G!bTmej-dL{GWC`ELf&Icd(@q{;Q zR<3}r5?+~xTb{QWiXW#9JkC5jn4p?kkL4`uJj2)oM-xB6Sb1N7tf`12@rvqEIE!4v zaz#MuegD>~k<=BCRQa8*Ul6|)nidE&CY$hI-cP(9y+O2z#;eryh<;No!4v-hR?JNq zlPF)pPZQ)^t_a`au;>u37jf}>Vas|_XCVNQz^6WpwoF0oqk83N6&muVH4edt&AH1T> zTo}c`tN{J8)4yQ5un*YSjOS^r^5VsnWBTobHtpAOLdA;SebWDC*cRtf1lWql)eTBH z)MQ-|{5C%+YWaj zZ+Ne@NZ|4c=1$dn9%Dbr^^mp+eH6Txnd&D?s1Kc|`#m36!@;MPpAc7gFO5cRc}>%b zfGTg#7_oRO#ANX%%{RHc4D)OqRmGC73|Xhu1jEez9n;)12?qQqKkedGv~^}Ehci=K z02-NF0LD|@p{*|Q)MfB~o+~tXT#vL}l6dYP`)+4kd&SS)X*atKI;oydg=uIAeI}mu z($&rl#YzR|#TH~Mr!vzg`fAm)%nUf6?NiA(V5@YCSRNKcu}YNEH>X{A1i0vKm+SVq zlR)-(INc$TB3uuz+k)wZSQbqC*$7@vFP+k3Urx`zhhSI6^-k1q+N$1e$F-d+;OWwn5t z3Pi|1SxqkvL4_&|CE$Jp8YLiLBFMkOUggM}q*nrC13(Lx1^x`_rYcE%C=2rLRiEZd zIQ{8$K_-_3x@t=BPYG}Mly}i4mBeB70x>~AbTn%&q@LEFZ9d?VPOH~gr=P~WrE&x& zk(5#hb~t}YU<)C^6sr-JH1RW%z)iqFeG({qDS!Rw8hPxc93fB^?`MS|V;Q6vYZCzq zh9<=&43u8cM?*wOBtbA<<+o})V;cpkak{5ACV*qo3c19H2Vwp@UIUW^o(ve+$8-)b z4Oy()42y9OD>@X6BKTI5x>2l)-JC4Y7<)+|#*Sdlp;_BYIW(btNuX855>T*EYT8ZW zl0e9&ZmJyCauuAG1vG`+){TF7eRAqA20R9uFto+E8VCr206}=UtZ>rA-$cNwQ!PWD z2#(t<8rFA7D916b5L3^(M}h(DwyFbV!7J8cxQkT+hl)?-P$$@YI3+lYpSGIZ8{Qt&QYNbSs-bZ!?44}+Z4OF8nM?^z)ZPXIoV-pA;^Ix zVVWVxKLeS3yVWU28{cZXTtx$5&-A>!g&*iHSGB70nO0EP`=(9>53mskK^XQx%hia` zVrDmOjI??g5ZE9`AOv~Rv0QyTwP=Ues|0dwAJdkTV2G6*dQ5_d*2)VfEr=-(Ol=3T4Vd&lFI;a?)ax^y#s z(P@EqtR{aw!zShGR$p`3{%J6o(B*3O^}>cfFIQ2v3^;P!G1Q5elYpHyU*1WJd|qZxrh0vhydeHO?w*x*X)o~NK#fVIZe;+fSccV83mGt)aF z*`Z&RO{w6?9DlTm|FE^Cofp$C&Jx(!%#kyz^1-KYk789$H6_%0$kVmp7vB;p=M92b z1c6t;hF7>5d5sSO@3JJvyuESEyL9}sYtK)Jql>YUt$kR5OyoN@tD?77FS*{#1+Cg1 znSM$*)2?BK3>B-GABv`7flK->d`Ry@P8G^4R1P|jEQiO9;|`0!R*3?(YbSRZ)m^Oi zy`iw1syC`!^(gN)7cnd$m@bENOgc~zIiz2J5pczmz^gXh`;uU??>_=UQs|fzG&as% zjWtpe*K$>^FVWvBys?5+2F&UHQmlHbm(Bsvt3p7|5p+?gYNSB0>@|wOU)CCt{z$=w z?onFNWdZ>(F6~{QVD|wC!Yam$TYb8X1jEr2U<^$;u_wdK^mbZyN~gEF3IQwNq-ka0 zgurfYwB1UO1Li70?r)WVKJV=pLol^HiUbr)gnxbO}Y_< z-Te%|MKwMpIYcM(Ta{B1RVRjZv8JhXUzxp4B;LU!Od)x7NN)c_dHiG7m-1*+-Z0+n z=yH{RMe9nQY(~2Kk!Nb2owlK8y}Y!JVoH*iQaDex=^TrHN#gi>N&H(=c~aZ=say&6 zNb6c6vwt$NsjG4U!&J6p+G_Pxc5w6PXGt|-W1C!8RR)r$Sk}TJf5eoKqJIH}lZ5iA zjcZI;%MQ1vALPlbO|Qn$+WahW-(Q!>&sF%`fc3a{kwzX%m^Ql0&6G!O_X#&J?u5^yJl1h?B|SB?R=MwaatKLpNC>uKu-2uGxN1tG?~WuR9%wup z3=_$-2D$?i;*w-D-ZWqJoL@`Q#Kt5~f}W-%sCeCnx5!sfN8D$C#QqVjUOT&LLf8_o zKFZN}NW!}u)pI-mIx>e3&Nn7)J zQxeu0Ibe?x~-z(~~su#C`1d>u}38c3I-d!?p1I2_x8Vucs@UjFrb84@~r9wS%L$vum|3BO0r9k=#)f` z0O<3Sgb$r`c)m&s;c}i4ojps8PGXM&WHV)?XIawa*R#|#B}saAsyq|Pwt&w`9`&3e`6M z)I6S%VErkbnI*e%MtN)qX^|$|p}IF2a7f!w5cr}z2|mydj%n+qi6p!B6G;p!JxZ7@ zDe!<}ej8$1(htOyJOXT~VH`5)AMPBe0$!#JYD+S#;MRKc4tXv~2osY8&stGmzL)Of z-x#!OnD3lI8LTAGQRK;B!{ohkI71F7SgQgYVkSs;*7&+R+2b!stTkkxf)qxcX>VsO zFbFD}X|Xge2U?$2S@}&vQlSpiSV(ZK^(zhs(iVDkpj2>Q^dmBxJ$i4s7DKHd!GxJ3!3$zp zMY5W?GrvZtFM)pmOk~}g?Un4emTP%w*mwFx4@XWtn!ev#^X;V;EEkR*>LQS@?c5{xjB*oWH5Tb7cCu%2DQW193W!^>+7 z*;0ex9moFhuV`9@CMH8d z0qBw-jA64y0E4~}9YGrmuNk_HfCSeO5_y+RCQbvC<34COt#KO4OfYtVBzvKc!C&yb z)&i@LA*`;<@4_X?11tp8F<~P!Y|5fvJ&NEm;}>gbkLU-_pKbS9<#Vw4^&aRqdwL-PF7FM5Zyfkf%hloPL!JfQDtSQPDs(!F4@FH3LmmU5! zw#%VIs6;*gdLem+tdkntrwueVj@WRtSOYbQs)%lZHHhR@myc0x`>~d`$l25bjB%_@ z;Us?HLK3aIoX+D=gz%=N(26yF{(uGSgfFDtU98b1hwLN`SQza%Nj7^bK)@%FXBuKy zJ4qYI@MC1@>3mDWWP11TveiV00|E+8zh1beO?NeN2!@K5$>_%L4(3Fwi*H&@@2mL< zsaqQ=`l}U6`YE8hC6{_G5usu9{aUm!kP6xvPvNq!-T0^fY!me`HJ4n8CbP+3^UoUj>Wo$(y7e-f zWf2XDh^ha0Mhe)q=rSB&QT8GnCQTu@kT33e^)RgwgK483)kGFy=!`BD%QO)UZ8}`a<@&pv3x@#YdUVbcLxsoYC3eUVO`r>7sLC}F z#hUxCRe*xV42@UhYKI+&jo)%i`4y2Z!bvWyICqz+TwhV|9{VP_h>jav5HFQ;VLGiR z{W>kmCg|4!)`)7z&DThWT*VA^kc+T}$h1Rqa(&5nB90;d0N7n>HHjEj;`h`iBEW&G z7giv|Bv&*aVcXTcraQ84Ph+XpOr%`#4zh$k%@d@3CyaAYD9$f8?LiCDIANfg%@i=pn-sfal{zmQLNzzT_J5ls{kxu_NY z6a||#xS|mmBANDDlBhBP{5hN}S|_6lwnfSnjqLwJ6w4^SHo;qBOd9aSOYjO|ag}H? zl~9QyLeJ=JzR;KZiOQ8CF?QN5%sOzYujSASHo>lH^|CG@#wBvac>!KTxm*&dd8*0j zLebpJN1iBT?FnOI-s+WH5^1aD7$tFNL!`#V0%F^STo}zS=8;q14$;)F#^+qIWc5<6 zT{n@WMB_qgB0L1O=m2G!+V4O2v=ANkr4$TkZ4M zwtj0JjT^UB)GCfxwPIVV*1E06t!=HVj*7Lv*Sx#;eO|dw|NlN7^+R5F&%1lyc&&Tg zoyuO!ff62z7a3Or^94+(8374vl+MvyNJ51w$h8DN6Z}g72^27jXbng(T|l>Lt_n$o zz$SRBS-70msONkFU{fKG=PRv81)|o3m-EAC%L0R-3b_jlNZ=tCx2bjxlmXmeWjV|+ zotRuK2A0rufcT9{0^714l%bFW(~zTlAQuLp1g~RYBP75C`JBiOA%QN{Oo1wt3mOYi zC*U%2jSx=~s?fM_f?V(>**FSD!QvT+ei@i!)j=)|fCrNEFHMDk1i^+RP&nybBM}rC zl9TSvSwv3&f%l=i^8^J=4V^>M2z>9de99`g7I-z8!vG{_5C+AfVTF4sOoIEcP)FC# zCY>Y8YKesZp&KKQL)FKV8bFvciQ-Zqa?#6L*0jVm44;ia%C({yys6cI#Bp?_7zhoH za{)p3^Z&mOiQ?F8O`SsAT@wjtg-r_)w7yw z&@N*V827a6O{Nu)K%&!NwH(Q>NR)Jk#(>QhI+Bny6&_{r--WsG!r37DpGdRO;;YdH z5(yjCutY;HO1i@t85awLwL^aaX<9?(WK8$aokX7blI~z}#km4U5P0S0fG4PXKqBAJ z6d*y5)WRb!{#u#t-WMbrOC{aGK@)$FHhmhaX%M8;T}k|l9+~d2``ggiuzES%;LW>T zCEY<1)ZshiZl62X9acJw1vqTLd%$LGcTkPca%lmBeJ=1Qu*n<=p0Wc|9*(gfNgR(y z!D?X1$G#Hs3C<_|TGFh*J&_&STz9=D1>X&aiGr(R zNh91o1N&3}Yy>kK+f~yE4#HuS|=0rMV!;!!}hDt+I?0Z&072jrp{DAWmIbn*7!?k(gVgQ3H*ko=Y#1>fexExuK_~a9&+JU8fgva$-tY1 zx;qvvYYln=Yct)SlVu^CMHB0HF9pj7BCBIqDo z2MxZrgejlZ77`qbG47A_8OXQK!ooV>C7FWnSm^9WUfEc0@M+*Ug7tzlzJ1gOEFcYK zJv6&qHv1_b8xPIpDq}ETV93(SLK-h;2mz-}!R3Tinx5vseB?!7ha$34%Ey)kZMeAd zg6<=O3bDAtR7b^4SEQ*@im}7E(MU8=8-X?(H~T^wDv7wc7t&yn(`H^sYn2U0q-D0J zAd;(q2Bt}=b11Nn0UZOSp~(*|!ApTMw54p#mAXNr)r~6>u-bbRb{f%$lSVY|We^Gh zmej{EA6ouX(8GY-wUlk-#T@C$_5smAbr&BivTrC)0)gNlJ92#(W5hyFf~h|gW;Y)W z@HB5|dm1h~QN|s1fqy;Q(LlzC`R%c2smVLiE+5b&h~DSp^+h7bF!_N^7Hq*EHlK zS2G{hK(AVJVNspdGo)vW7{Y23mr4V$J0Kh&`p7$)6>F?v*C zJ~jDE`Md>Mxv-PK5y3zcU-VoS{17DJX*8U|cQqeGR~$iGia|b-N2ogmG`K1h6fg7z z`0{9ov*nTH&mL}rq#8DOmZ77-W0%8jNdrZydKyIA^34uGK76KtZ)@=Rnn1)% zft?iU7pbEKisNuvpAW9-XgpE+if>+942S5J;zWeY*Gs*r4m+N84O8low>vXg6-&tH zXe;%FZ=_LRX8AO?O$Ia&b$B!jf9Jvfah;DlRmkPoe8 z*ipotHrU34bpdVhRxdr#0%mVWgLuh?)`&)L5JWU$(Z}KUvYt1MZZxE&j^&YojGV{o zC7$N_3)A4dqO*||i?lc&wmdEmX_Bv`R2DdT0`z5_(o9eV$?uXrW}~~Oq!i3jyqy3t zNlSsB0?k{PY`&IGgY8=}+37X|2!{X~?r{b_4Zu$GhOZQewCS)^$X-D+2F{b0l+J>6 z(y)x}c)7`-)K`k}Cv#RbOerZPyAF0q-30?s2U;(1G6-J4(`~(yQV>?|r6wq+t`XV? zG}v?vW0{HOLKMW=R5};B4Q^k>AQzEGkPl8lL!Uwg5=R5|D$U;(vgzhv9=6tQi_>b~ z!LR^YA(*3-`(3>Oa_Df;c*q!7YgYu4OtcQr)xzO6GdiDdCl+x(HL)!k^a;0>+ zs`MsffhKk}7}01Yq7@A^4LFzt_90wNiZn2b^z5_P(WR`QLn|?SfZrnm8il#=H7p`4 zh<(F|!Cny70Zq)6f`mTtIB@XPLD;$2bERMfI`06Kil_cd@s*vh$3k<^X1f;n?oPLnK6@cEyE!BezvznIxv!k;Nr6fYd-@)UMD+M*h z-(x&|1x&zPX*1nG%o@Z&tI?&Uw1cU~nx~uqw-n?`TR?hEf&VnYIPr}UOv8x`3X{|X zv|y7RY)%Mz%F;OG6lm^kTHk*G4TliS-7sIvaf?^LLg#cDLaW64l#J@Yt_T#Mlu{ zL@!8}L(mS$M=aA58(_wQfb8K6&q=hoO`fM7Zc7?eNEKfZCMOpL#kzLHlI|CvwZ!}x7MBqP4MEeTE zrTuHnP&*Uphl>FCVpNntss?vF3$aEV(aaNp7}~J37Yv;&L{aMJp|i>n!%G|-5pGCC zM;!%JIbvY4csS}y$Vfp4QX*Z20PCHj^98P(*}QWsM6uJwSQH|RFB+t1Du5N}iSDpW znG#_Uk*Uc?1tg~usRK197pB&xL^gpJD{Yz#t06qbj47MCGe zjVl`Xl$Z{OGyN9fJ2U8PfSlZsAR?R4vr9+$f#{F&YbbvYwEoH$t-!PS`YbQN$!XMF zOZzKwlD9_~h_CxRJ)9B8=eo#>Qz8TM7l~r{_}k?JBDmSXnnyua zKwJuYIRTOM6Zb`GOs#H#5OjPLEXav>0z%_KeG7>kJ--y*ndvbMd$1mCVY0D!TN8+~ zJBcTa>oH!m26Cz(h3&!GYOS5jC){8_&pHtyr`k^ta$1M+do4Ialt{+sJT#?wI40tmSpBbWjohWMXaeLFlW{*xQmGk!`|aVm7#O;TcPC3_34yNe{9n zq6_4D;N-=K%0TBX=>fKb+6f@N$Doo5L_M7y+&9+)+zq%dLH955Xh4ThM`Uf3Tn`Q` zW@8wxI~_fG^gc?&wNl;ci2M{oR?Y6gsyy(0@O)r!E`$r`dO-ADc$OL8j?DFFkWa+; zP28A<=H+_O3}92o-BsTMc8y>P9o$HR2WDjBiI|f&iFBil`4TJ4Qn2i*^vDo(y#tp3 z!vfXQV^G1mo%cBC~s_DGIG^OIpC4&3F3(ltqOlb|5C1}@Su?{6&8E0Cuqf^f*l_Y zp^T{#{MGm06+|Xr4qZP(6VP8*aqzTgu^w!$yc2^A+sLg@t=lNCml<-9@0h-X9H2 z4fQ%lg~~9_1-w7I?k@XGAh9{SM^X~UQbnj zRL^0stAsu^*kFZ)1N-C9A}9g&&iJuAeBl?=1w3L4)W${4RpqDyfY#TJ^LbUtrSB>yt_pdDN~=W! zqa77kC+xVem&fN-b%O3cc6pUb>V>0{{FL{`dI)PMBxcmj{GgYwh9{_0#b$XhWg?kLyAW0D6>oI$h`mROAlKR8h|H@m;36w?r`_ z6!vhL$^!&f?MJ3SQO#{qIJd*3mC2FfUZ-6SQy6nPhZ9-iH5wA5ZI(IZLtu$yff16Ti zyA5o&*|5Lh%Y}HpNx(hv%{utvjAqaL7pbD!!y#4;G=vhI1UL~xf2j?SmpLK&9w7jx zmX9R&bc#I2M98d$yc~F;n!L7G51R&G0eLgJyzG+n&ZQ%9+DmlTx=@UG0s8mvo-P=M+Wh=q2O)i0{vNo|cDi@=F-P>}G3g4oK_6}RQ z=@z^fyB#~sIc#WfNl&`q7ZhXk`>Q@((i5!;f4ekIvzC&cy4#V7@#_gDMCMQ$dRIz% z20IV#+UJs<7*M3Qd`|-n8Rt$(Pf!`<2y%b!NowA-ws)1>f*P#l$Db34JXykfAOk6?l0JV|X(6rg~ei%o_^#ofQrN^vh zIw-8N8~lm5Wj7DH&b1-e6Sf1F)cS23w7h`Rf}xJ_aPz?6udlD03u+ELBGr>U`2H{* z`S5!-z;M&$RH3cXlWY|zx1Kaq_P^(PHo-vAVPC%62bL^c+R_tjVLG~oLSTjL_2+s< z_6B4E&rmPGv&J8;{eT=U(p)d}grh*rDw;%g{J?31K!#TY3Id{l44(6XSS%uYVG9g} zR9hlDN$0d!BBP)J)(Ue~g$$9E<9R(6$Z<>;h;95Fy_6Q`rbHbuIqVMJNT%HGE9c4C zZps}P5aQ@1a-q;AvUr3-=MR>x&1R<#`EQV{P7v=Ip+aIS0=yHwSbq*g911fg!$Jlz z+bY|zxVj-X>D3xCkI%6|R4$U6@ETH7f57bwhCECVEQHCR*f5EL1bR8ungSq{D|#}? z>OwO4@(RhMa|;<-5_IcCnA#kN(aSl@(HcN+Cb_mfnVB&A6rkO;5_kjAkl;P2<|hz( zp%M(H)l#@w9mZYxHju@a&C^O;vW}d+3dxg0eHf}#vp`3bG)YHRrGS+LM<#_LFIsc6-h>b_TO(pa*v5qf==+N-5YhYjyP^_cm z4lM%kyldInpifr__BKXfNLRreTw1#d4AqsmSB)_>q~|~(o>48vBi$6b0=a|u(rGG} zAU7O6b8n54AFO#^Baq1ifCW{9-{|Kcvkj^eln1y37B8yqMQXXu9h_09Z3~&ZA_&;x z+(M?FsamuMKOR{ozK(*SCKTZX93qrYb9WPyzZ1x4i^Bsg61`o6 z!VwB#GIqXKxg8nDAw$+rSzfh_0=*$F3_m9(PlG_lfDFqMI5k|uh?|p;Th(Lm_`=&3 z&E)^_rs|(;Dy?1Vqv>8KWxXf=&)kDCtGN zfiIl?Msg7Mp6zX0;&K{CsGTzCG zt(gtp7k?I~mt56KL*oz3^os6QmGGZlz?Uhsh?NuCYJt02dx7Mj$Qivpg_X=+7=2Pb z2@gT?Lp>Z%*9&~?{>5XI4d@2W^@4pTxM`lI4e)@8aJwg7xY;ZFmI!lI#w0jmr&TvV=mvGR1B++ImQ@ObyacNB2ZfP|V&t@Y)T$EWKt*RdYQAvBPpD!xN?-PA!oAyh?Jtmw?@|Vo^CTjggC?&ZQ&C zZJ43AG%enHG|<7xXwZqN<$AL!tL(-FC;%NC(6mHAWpcsem>=kcIwaEzl}Mro>W*rW zL^sq(qU-t(G(({K=Fpm;U;=E9r_UvC1Zmeqmn|+34eHb5{LqyxwQyxauop}Dl|{q2 zfmee#G1G-%2D_3(*LM1CJSyLE&0&5oTD==CONV74E;pnb4kRi++f3>Vq7%o1m5%qQ zf-yM_b!05Zb3zm`#0X1z^F5LL1h$uhkiUix6_z)wSPsVkl_`5Vb9j>uohEcBU+0bs z7b9)f)14Y2{js9UaT}hF@_Kw> z{;Z1W%Msx(%49&-QQ*L3S3byj+5wksGf&TGpFugK#9+WA?ym-PC+$!aS#*4|&C_8S zu-QY*)YEks_)QB>=e4IclBav!ly0VR?dLUvZIN{${Vdx?E+z^m*+}##xx_CP4OcC9WO17Q681Wnm|4YA%CKZaT zs2rU98H+^fMLLD=$Un3k^;wFJcA`4M-M4W{0KL2+>7#1pGl^F~8RpG#tr z^|p{s1_&t>&Cnh!pS?4|t6RVyXuRQAWcgH3p{IyV4Ec|*f{1!>8{wA2p|d@|%F+oy ze1>cm&L(?oP#%=yTr}kV0S$u!kAN;QMl2NQm@23Oz2h(=H!diJB>aeJWadzQj7M^F zmbWFCt~>_kR7jTs{Dv3Tt3IRPfEAac`AHH8KS6^@=qPC931QApJTiPb82UL7rsO^3 zgI>LbKf)Kd=K=5{iGc1d^#eMT6L@hzg#!l5u8&&LLh^Jv zhyf~EYwbaes{%S`UDeC*jx!3J?_FSmOoOi;1MP`T6Qqv|=y3XX^r*$4@M0VT&|$kl zE*+TJ*aXfS5ZN?;JRNK*&H)xt@2riZ^ApO^3kT37;%m@AM~D1gS~mc*Jq|rx;N~x& zT7ov&(8eGzwI2s%_Aj{C5ILP&`A@v8~1m zif)wPHC;+T4ixQ`@(0pth;&*&Kx_<6OOQi;#|aS-=xtaPm|!`D31Pa08A1MH@M8sz zVN5XHM3|tw3PY`(*CtE|9W*6<^sO|xhd|jev7v)+f=NKG9oPE>fb*uovI;}p6 z}(qF^fE(p2@&BQ!tk592l1n&1Vo>Pb=*1qZ;SpE@~C(304IYjz*#ZUTZ` zMZD!XNT7`(ccrsWaMC`i!zshgFDM zv=2%7;{?bF0;+sj?P_-fo)e^SjVH%l<4i*Eh9rC-PiAlpwzSr@!gVK&4W#Hn0y(v5 zzY2siJZnjk4T|CfOeG3mn1ged6S#UhvzSG2Lg4exBIJ1@)b{$Q*PDVrs1#Q7A%V{C z%GTAi`g+{f0{xj1$a(>nU--7HPiU!zAY4#h;CdiX`T_)KR2uRDViyv~LcfsRb{ncTPn z!oCk*(bx)s`>&!eMlpOFoGx^p`;JUm}OSzb|2Zgm{?yw z9rr@qo8x`v0)H^Socx3Mm@f3-N|Do=dg#V zpcleIVMfMrAvFJSQM#w4`Yf@#1hhUnvq*0$&BbeZ5rW$^eQ+Ye9}OT)QL#mzJce53 z`UVc+C5_e9t4A(r9Dz!2Cgu3LhLe`A0G}{wHjom=O2eWUDMm@IFEgd8`jN6!d zW9m|UDg41wzbM62v%-|Do<%99q6I15<%`oux5{&v5~Kw>F{XG2Md(<-6x;O26jkUl z#w69_8A52LAtp*;L#?E*cQDGl*SpmEh6>k2_#YUR91+mh=`^A`9XfZ`Of)Z`G*!7I z1@)^a1s12q=8;L#*C}02&WmXFDRPL+X;&_#;K?ALqB2`F7U&&O?h3A2b}7zTDJ$Az z^s}(V6cgw$VG6A(mm&=y8I#3?DOn5%5qc}bIY3=$=-L9w;;#79wyCldZ08HcJ1OOJ z$`s=?Eu5F+RMC{+P@rmOQW~pNJoC}C1)WM#G8z(#WS=rzuA7ZY1B@tI7(Gn!10Lgi zPT3UJi0C?%s5CUw_@Rj#6pBAV%{@-x z`fv*qQvAvWR!t|)Ssk=eX46^pFhxvJQ6a+=F!jOmlc$Ja%_&nX=L>A7h_ew=h=Vv; zfS<~GPG6@*@+Wcd4)ASgH7JGZ5TsF37j7nnVG@7bMGD+=Yo+LX3+iFpDJ*S4aAY-@ zqo}Y-)oM^vum;tmDbyWu4gmT9CxmQf&#Z05XKAz#RM8CI5Je|pU#EhGkBM@Ma^4^k zSh$#`fa_4+@dTmXSPi9di(AS;s^aFZMk_$uRN)Ksy7?G_(AP)%F0X@q;|5fPargiu zvaozw)5MypCKxkRvEU}kzM@27ggqYromsWAZVBFk0;REf#XHcUMy4sKHrg2P7FG35 zF+PPR9L*iBCp@jkcZ>85++!#jS;N8yO&|q60Y@u(Lp9g8+Got{$LIP&)&4ex8Sp{@ zJR%DL+n`f`+cWD4o7XrM-%iQ(a}NeKHlYflR@BP9bNwL5axW)RLstkU`Rnzw!WNQ( zooM_hC+{iA7WkCp`9di1AqjK=)3C%OTFSz-yakCZT&Uk7&VIEBF-a$7WP@OmG564> zz$C9KWUPv8QfMWV^ix4Rsj<0vMN=zXe8cOkA4f@M_U1vApg|c{y}YJ;MFT!64^}Rm zCPZ#K7j6xP0$G_eE}PLLr?2~Py?%jPNv4%dTPRQ^wb#F(CRkeV$(ppBLyT)76qYbcbxDET zQmj*#qmiWR(IvS(TiAQ2i;=WI-e;`Et?alNz(vdQDkNv{RfAF>iG|3G;*$dDO$BRR zxVH$#H5+XraRsH-kn)gCV%`bD*lQkIASVsa2i~kWi8k3KfKuvG6n!86p(yHhjRu3VF?Yx$yb&FdMoi^8xS3#1D7Zj-8ATaCTEK%SO zf+TVK;K>m<*Xkv9zer*SQHhx({#KRdRuYO~5ZaVv_=Q{&jemTNC!?eiZ7e@5l1a*p zwbYf}lovgqpA5O4GYT9#n#8rqYgw#$_RF|-z*+~JFBmpyF6ct1^)k4o3+>m$T zx=b1eDBkPG-8Rt3YQPK!2M@j-3Q4H1&u?g1(bPn@PkP;}A3JRt4NF~;ko_JL?ZQvZyj0u;@WD8NVJPFOCRhJM_U)SoDD`lDK5 z%s7<4kcM{>nR)=F=_HOsI;1Uh(hnAf+Ss^vf@y*34C~i1X-H#1E8T`s1aP~-Y78+h z=^wfP)cltSivHP)b?R`XK_}9s5s=2wQBGd^>EB;P*-#g(;Y5#1%PeA!WO8XR_2PSS zBu)3~*_AB}T+;ldt%0HJ(x6AYuwzCdX(B;nhe@K9B#mS;GEEFoQIk~Cq(q9ja&LV4 zwBdOILoVK7DuZ#zP?#*D%cr5WJQS;hP%&zn!|AIu5W27b4ATP1%g2SaO!s~+;=~^- zY0O?DK_8`|b%nQ7RH4b6Ns})?7X!36PSdhchH6?Qe_4BwGVz~ra~Cfz&mNP?*6o6LUm$w;ErjnRe{QB#75j*+1WJy zC%lXUd%Iqp8-E()GE3esBe&Yo$?3uePv zjsDJ5<$FR%ODFNp#20iSlf-6jeFKq(;=fqQ(mN_j4QY}n75l_5& zi3fa%Wf$!s)Hcsr(b}}4l{F&7kz9k#tY+9lf%$+ZI;Ym*vFyS$3Kpva@$J%RbAkf6 z{lUB7UB5NCtJB)o&gl}YWF`z}=`_BTW4K{VB_D(Mef5}D`|G$AAc1=8Sa zP>3z2dqv>`4_eKIBCho)+Yw*VKiss49(d^QB<+k9t#IdHJ-l;QUB99QPC%7VT2|Dm zbKgo+QOz%m_QJKa?_dUixTHUDXmFmvHUaQ*5Yplgn2MV#{Xt-LweixQ zH$~8d!269e*Jbt(?kJrB7q`Fz32?#z4raphdi`0+nacrv*akQ4a|1FmoaD3%naT}- zEwY-%W^fo_xSd?y0)l&Fb<>L60QYDg%xQN&lbE&xP{ao-8`zhZxsV9H1JS(js7ffT zA<^$6K$A6%+)S9*mC^|f3Qc$7C0>CXKxX)UBl4CZKEO3*guwM zI5Cn?QmosBfa3j4>XJw@I%<_G)(a!jT17|+l1c-kUxatIL6j(#5$zYCzNDW*p9#)< z?%b#olsGgn)>Q z+(@izzL@DytXelnh8=4R!&QyWC(_K2b7FJZhvyTQR3Eei-88$~~p47Cj`gMNg;6 zAQm7r!8H+WIXF*~jlR&tKrzC>YsLegB?Gz$fEZZRn*dR<4br0tJM0hkCqOxlz zt$??ukeiU;bM|^BtRgp%_mzCqYIr+rZeS3sP*b-YgOOX7tsV)-Ko@~UKhRPJ(CDwL zX{gE#%X7GOzm2~&Zfp%^gxhRdTm!V+>;2wA<$2- zK|@Dz2YPohxUluGzIrO{RJD^JRc(C3$u-ca1+t@z^*JHqQv;?Gr;05C{#{;3B2ESC z1gR7B$d{n6NJ6_*SkZx?kyPji)bli4QiX|~s&=-dLV;iq7icGfYH$`VPUUP-KRawzU&>(Jhw78IW@_AKDiFp{tId8drb55_0pQ>SDLLz? z)}ho_% z1v~-{H;>lA*=`b8xt#*JP&IxzIC59EU_h(fS05(BU68E}xWVlBE}%o}(RqpSqg#Nz z?}UP*Ywi!pm`c85h;g6mWdj+6n2d6&3&ReRu~$4#3RTCFo#Ie`=ncn&7DCgskDXbF zp)L zn2{WQu#v1wPT=fvb%ne2k=bW*$w8;1K_ZTGm+agO;d4RI=On?v-V2-NZex^WC-s0M z@kPvZ*jv$|{6ia7{?=qDS)^j-`+{WjGwYTt+s;LrA*weB8mk;ny+Z$r>yAYSW`ZNH zT6lIGz29Lc-el%*ru?*)p)9UQD&^Mz8j8^sn@4RLUbcew?QmcUlIK&P1*B3LlpM&9 zprAEu>FyMY7o902d`Q>IB=c}B3}WWYWFI(ZCX<>=CYzOvGe*vXW|FDD!(*Y)Ey(oT z@`T0#=Z{(*@Wd&6_nC?)M*Gz(YTUHRLAPYj#&SqMSRe3q7Ne;*`Sb)2k=*Gj$l9)p}Lt6r|gn?wZt51iiH9Sv>96b=p{0izP zxd9A_l8_ZhF8pVirfaw`E4YCbB6wIc!95Ye3!z5EJITUR#WO0w7pxlPl9CQZ`JGmn zU~1@U`Sfx6pECYT`~a8k?I3LdaWhR*Vjv#%fS+)FF3`t}?&W}JAAU}%^g=NxVfa0@ZnRITt z-t~x)rP=Z&Jvb@G>6x(Ks+NYm%ONtB_v5Mj&_60y_9)ZlbZVHy{-UX(qH&FsuMJZ! z;cpOPyrwe)44*a3rn|k+d3r5nCY{|H;D)21Pzq5V!zF?TZro)^ua964UkC+&;Xc$M?GidwRJ+wYVV( zCxT#0k8C-7f!+K5a)Ttcl3#m60Rdk}*RJxdR69HVmEB%(3(RNG$Qj-Xh%>}+_0^Q+ zqy*j;kdqe72SIOx$>K6NEu}2aor-2VST-&Ly^D}}o=1EtT7{He4qi<>&*3~3t^``A z81RJt?U2t&2~NQ;*fPpy@P}gcbgWk4I5m73+W=|>NC_k_kjbH+iK9uxV<8zJi39-D zF^2c8l$mP=jWhwN1DOME=QHp&c~=>Dy^+=&*#lBSkb(ah54TdOv6>rIF6{^Rg%meK zz8z{S&IkC1a)>;x)cMh4Rbz~uvfm;X48nXvt3s#1p zRZ_(Q)h%E;Rl^y`X5@P0%+L(Rr3W-*5VT2E1llfnmPi@q1{GxR`ferz4p4L%f-+yO zLY+0)$Tad8aR%uC=gjbt*wO~gU|j8xDS_++2=5556ypps+TLN}IsDG12WVwgy;w^n zkU>m5aKw!sg8r2Dp`Fq(88cgR@QGvY>a+-Cd*QGo~Hn`IOJ0eFBmg z*kFTOf0BdTQ=}>ttZ~f&?bd>YpYS-BX*+`8Zq2BiM#>=Hw5>Qw4yXhg0CUux_ljEz zIgmqfM)`vlvTFwrl^v`hiQxXymP*5M2Ow4er5$mOfGNf~nB&c?h2C-PNGf5lnDZgW zf%bx%G^^5ObI5|q><^eZ)Vyb9D^p9hd|b}(W*_BPpex?p{2lNm&LIs@o|jRHI7h*X zolC3@y_+R@JiP^LuDZ5d?}?vS53i-s!f(dY^t3xv;MN7jtx0_#c8T-R?G9 z+`%Qb&{!>3Ahft^gZi=-Cf5dqYS=CrXETK}k**8c{r~dJgFS3&@ZCvKtMv0 zLQM-D-I#1XX(`C|vKpe~DAQ74Qjk6Z82Qc#i0 zLalXw`L=ikE52w&OUW#4*CjOhHH)rol=+^A@=BL}(JVx?$A~+fd90kajXzq)g&h|P z7)IVgsYtWXa85xrinMr`p6;VH3$9N8L8z;Z*Dum6$UA~8_@`#U=yD8VhX&(6QIH4C zWep6MhiK^2@tUyUz|AfppCzXT3O|}zs`O;CP|!g^;BO`iH#!Omgyse;U$SHiGqaEe zI`bNT6^&C4rc0hNU;eyEx zPK9BNq|eF?4m2Tr#G?_OaYF5Pq`xT)@`PJ!S#Afp@vf?59?>&%gMlSPVG{6Kc5Q6~ z+-(8Zmr$_8U}c-6I+;8K$`QQ^D%R29spjLVB#(E*>AwPJoXZ0oQ|C8tkn3M%T35Cq zI>m+SX*uCiB39!UmMaJHcm|XYO`|m~Pq^OLaxQ2ONmW;nHd^!>X^)c#P$ypdnTgSq zJdi{!rT@fSE6gMM1H2~OfDe`O6VIS0YaZ_~^pSij6(kR@H{5rCwkU7mU)RqZ@79F? zl5!$0n)y@Pqs4Q15eJlVG>`tWqA2pPi#*a?8aSCS9_O z-ySfhV81`K9y58o`#0QY&XyBSv_N0Xl*3;GrZRrIfA8JOQ@Fl@HcL6dawK6y5HYd8hfX&fEDe&!un=VUFI{2VbqxT-Ac4I1!n2uPE z*!*DtLksG${FT6+yT}7^?+q(e9}e=klR^{x;h%Yp*>Y6HUxL?NNWcV2f|9|7I`L$G zwLjfVVCA8}yg)C8HnWcnPUJyk8XP%5I~a7|Ah5Aya8jf|q-RY_Zr6k?peYBJ@g_6r zxm+ug7BEtG>~gzy6%B|>VAM$R$K-Zpd7vC#7#hx(fZ1y%pei?wf6H7+p(3eApH=(T zOkyk#)%h(`^fzP*_=ws;a#({n2B5N;0tT50 zh{}`{WXi-vWioMl;fN^h!k{L@;Zd1P*i0)*svwgUEM;cO?ux*Y!Y*(|ek+&{@N{Av zl*O5(#cq=m{?@HMa3?}ZOvs-cGB1e>QvchoT{y>3Wpoa*A%R*L?-MsITLL@A^>vGK zLlVru@$%ddRo8|ZE=g6TG#5{LolEhWaJgu%`dpbm%feiK@)BF{e`a#|*-N?npFS5{ z>s$l-WDPaI55O4-kIsbLMZS?E6!7HuEI2s@Ybvw7?b?-D3bHq%ALD9t>YMx{QsAUU z_;S>yqM(_$SDkoiY=+1c*jI<>@x?ISWNEn?d3Hf@%BJ{23XK_+8eOi8-V@YVWI>Z^ zFeF^|UY!9&4Lwq7`*o4ad(I2Xg8p!7F+5d*kA88$NTw{xWyOtTa`BfgRAE%^!bhxJ zff~a&810}Zx(p^6lHRdAq_G}uUxc!t&;keC9P-?O0|no`0)-;Tg@*x!Ay3HTorSeE zs+#O($yBoH#84ZF8*jPY{IZqpIhg$PKo6?$ZoFN#{0F!J| zI=Z?=L!&^Q_)A^3V46W2>}-W`4>A+<6Sy?|I9x!!fxvueMP=Hi-Id9P94s!4?WZ6c z6XI;Xa{Z{xC}?u_7g;GEL5kXj4asOROo%H*YQXzh`v678C@o%%LEc~Hfej;LE5`{CJ4$FZZWx@n~;Z_P&vvxw;MSc_=3%T$PJyF$NzBIql z@?=fwvMN}#K|Y-1VZQM1GM6vAOoz)=j*9d796tvICFAoE4~cw-tV_kmzrH+Pm_9xG zcQ&72s;nLPzq9%LTIGEHZ=cUay8;g}1ex|rbnQFFa;O@_K79FJ8a1A(8qQ(nqp_g> zxP33UJhQp>1Qm5so{?`l`03$}cabMPpPTKZq`JSd@DY z;IS3C-7`E-4s#ii5t)360EukA!bc)h>FXk&SNgc+Fm8c*g_F9AsEJHIozzC~L?)l` zBEw+G)~or9PztL&E21Kk4;KX*lCEOU=P94MyMxV#x!wk(vnsoLE*Tub0acMUgV13J zT?xu!m-(Qp4E|%Cs-MglR|F?tVKL7pcZ6Gl#Bsyk&K`i6lBB! z480uE);OaJYtTl+=)i?og;h)BsIpC1)Iy0%T>3oeTt+?Y z!mfH?{(SZY*c{(64;h1{r%TF;PRL~BM!CSOj6RXcDDCl!U@lE@nG`s>Zh3GDO(8WL z$x2!SZG`#?ET&a?=VPJ^uVCH=8S(yTQI+$9Y4iV>!OMVl%;3S0acJNZak2H7D>&y& zhjlYKn_yQB!ewgldXo`wWm)~mm7_*#pXP?jVu+?<;oQvT^mDOrat1lEBi&@goEbuy z%Nfl^xHgL?qnmZvoMG+p{B${?YK8mXfaq%nqLXFdTnYaa(Wbq`@(cr=yAp1aQ@&Kq zLAsqdI=hz53H7pGgl49~glkC78hIKM@44fZ5mWTrO~sB2Q%)phQh(5Y0wrPPxKK^- zIgwLAUi@L_sr;#mg3sx?lfT6Msh%9k$qO>eFq!5!rsUN53U{yy4}bx1L{ck;hCG2w zfu-&is^{|1OV-Mqlczl~SlzM}gDWnT6U1b(oQs-hI!(y8=&J6jOn+TNv79UD+%P}$ zpdzg-;0)l3scv1`xV)+b&#lVyXt?IdipqsqyI>+Rt^Sv+A}{}!tiq;qWzI}dVe5xx zE}7VF@LkrT6Ix5P6zn*Gj6M9#c>K6fPX^PP%V*1yzFh~Oja(ltLs2BS+SmsexBKcrmPFp7Vr;PFI=$C z!n#ZdaBi3r{MivT#yH5UU$4J9qOK=gUK|mn`rnXR=JH}c`#f59NcDL$8yX;pGJlJ> z)^7{P$d?~dUAg8GhdcT+USBCUTH}%{TI7;9G9F^Xnb)J_rHNX=6-2tKkd?g9IZ$D& z0O-1qSuS}KF)i9Ft{=4X`4_5S-`jMIn{#|w$_4owMB;Ser5To46LLRO7kiAEyxf8= zugjsl3$l~Cs}(fN6yxPpD_R>{mp2`^cOFB|#CcaF@2KK=!P0e3xpEl)#dS+Sm9Wbd zrK763xoWjnCX#tc;r$=;(%qlM@>b_zQv?JIT$O{4nC3~XtGaA&6UL!r$32@DIuh=y zR!tuiABe20Tcv+P-aUoy@Vuh^Kez*3=9jV)o$Q(!Lpvw4`a3+2e*n%skz-|+Z!VfS zTK2#S;amZ(d3=7{&39>rTld*)(ZZL^ut0%374!Z1%uc=+ZL==X;B11fR*1cu`U_o|*X{Gvdc{p9@-u(_V6$9=WCxp5_FzM z{?7sa*9^fQZeLgVo{W505Wu?Pl9HRp4%W9=O#ZkE8q;pAXL9?m({K+tEaqDh=)Ylm z7KZP)>-mV`p=MBYi!PI!TaV_wYCycw$dUwW3VM(U5QrrEauf24RxHjh*n1RQ$*Ug2 z<#1<31IVNiiIrA(6fieJmYViL7srXTS0sBRY7|^>C?}g;Zjg82_#fIBC!4ry{7}*2 z^!GQ!rN_;PgqdXLLLp7NTYXTG!kNjAa~Fb1%Q2!9Cz|`i&8{dr&3D!dLfUD2+@9{?7W6&RJAPA&H*muiQ18c{g<&>(B36uGb&wSJPtt(Oz5g~u0P1m zgs!q{Ejk`J%VDpstL(^xJW~~swfDGG_JDn|go7P{E8R?#pL-xHxoQKBW2l+TQf9&!3%%zCBrbHou>W+5DcK&F|-8HovF4 z{5&WsjrDCx;3JNW3J;O~RQt&Fdvv(aakTPqGCTKTG>6d(CYwZ*ACCRwgScob!j&JO z9L$Du-0;dR5piNdwVVL+2NsKY$lv=77UL~+v+2@b$gg#U0lCid9iv&t9U>uLa~6OtP&`A72la>HW%1DfUK zTbBSFau{G*b@U$@VF5s`z)1bXiT1;QcM2t!0t8ddZ_#!Mz{wvP6!LLh)etN3vJ(po zx{Dgby3>z>ZxBjuFUPi^34T3kPUJ(Ggt9Ece`bX62_Yi$ogpHV;1SV>dPI~EA$;W# z!Y4Qcd|jY}XU^?HH-)D!^vhKZr?<|?jaQ(XtDYjgt5XU$8UjCnr3md6vW@@AeY=;r zkQP@hud83pn{;r9$A{p;(%xH_k}ORM^CXrhgju>)9XE3j{uIdERrqWS(ZwuhQZj!+ zG0cBu1xhX2UHYs03Obmy1VugS5~5&ju-|gnJM3aF!SOnbuH1&B+$zb6O>Ge_lWa;^ z&SSDo2{G9ek6{}~0%R0WmbXkJSC5-mFdN;!p{uMwGi{rZhC>VXk+Ut`c#bmXSwkb9 z-r{YS33-U<_f{#)G#iu21(P!eOY1p}TL1I%a{A2mwm(!(#b zHgU;k-ITgG1>^*Y+xJ#OY#I#d80ZgR5v~{hC(t+>lw~!*3`kRDZzjixPKDbFqUL3% z2#hVQRyg$9QpYz*34zWVYe&SOLcb3RC1IjPKmpHmAkgilBjTEP70m3y2N;2(Xg@9s zrfh}|HFc%wM0AKJYtenh(dKM*>dt6TcbZWpfpD0Xa@Bck5X`kD=#D1%1~mxWmHzO+M;LapN| z3YW6}x!#V`y=Cdc>;mcfFWKA^l$I+J2G&)E5(}CC6_qIj#tXitz`4s4M_zHoeUtEV z37Q)gD&%DaT?nYLxHj?L67E1hQt7onmM7wVBWMpR6L!yUR1MEN>xFI=BW?q=W$MB; z#q~xPaQj^TeoiG zE-bx(Qucc068b%9BWG;C^K?P*kK**VcEwKLSom2ToIihW8voffmp^UcU!E`chtv2= zYhOCd!e2d<@s&mJ)%RStm4$y->aTn>UH?Dd+VLX`|Eb{Hi{LBI{&SOse`X-Jzx_|? z`j_v%*J~Dj%~+k$?y8imv!(X@XYX+52 z0qrlR@hcx%`n-vk`YT^c<4?F@bZ-m)R0p@e{q;2d%JX(O)55Ql`PcqN8o%@UrzctX zpGyC?cc$@uzd!h63;&;IrTuTF@qgOkg>NnVN82#I?V~jQu%3TA*}`9b9^*TT;G3WQ z_9P4c=u*b#K26s@Yo+%CCALV=c`^J4+|JB0x z_*C%KKTP6Z9&y!|7XHac7?!{9j3oY=1OB?m!jJp2)PHaqe`L!a-nH<@2)=W08vn&5 zw=cEu&yVNzTY1EflI{QK!K*&7@H1XvSVxiZ+rQ$Q8!Y@uYZza-Yr6ga_u#X)Sors4 z{^oy^ZvU=Z-+79K&t1*+cNVGt^P`X5-ojtFv-IDPbo(#6=i{p_{QA8a-&q8|aovHR zTKG+6{^dSPufNlpS8ufNTj}~Mf`947uR1JzFR8!1$od&}{CW3V`1Y%0+I2fy{=q-G zZuR%7`TMn6_$QTrZIxdChy7r%*?;ffCF8$adi;j`_Muy?`lr+}zOBgoTmQ(EYc2eM z=NVtQd%FIA{$$q;7QTYj!Cd<`>F=MjaJQdZ_<2%)XOZ@|toq|k7XG4lx&0N}rt4qz zxAlz{evb5C?zQyzw|;n`slWY6>hCO4|LTFSpKsN_;d5#KeQEx&bliX6vG89`k@4Ry z{rw;BcuBK`f8<`q=YN_W|9cO8=|v0Qb_3%(i_D*nzh5%Z!k_;k<16<_*Z=zmzdGK+ zmrRxRZ=e4DtuH&%Tt8PG$@umn{oi`}`FC3N*KUySFVg;7&z^sbg+Ed7l|$3tf7c;f z{M5qVxry-aBKU`P9QD41|FevLTM_>I@rIJmE&Q$0f1Q_|#T_C4Rlcde|J-=nLl*vq zpE96whxGUz|Lfa#weT;A{Zm<%?!Vh^>Gp($AMzR3-%;fI&sh5WA1wSnBEQ-%Pk;ZZ zKd;!$!vAe4*I#i+y8REfK534BUi63di_-Y#pJ=YI>c3s=hujxw`MvPG$;&PLeS)tj zff5XXK ze`k^Umt1z=FD?8Ooj*nN_is{*Lz^`;UeHx9Xn* z)ArZ;zYaG2KTZGQ`a7OU&!7Ly|Iu`-{)KllzO6|8SB&~isfDk+R`6$~^@o2CU%SS_ zFBko-a#XtiYCc+L`X9~{{jFkp8vpvp`}VQwUvvt$zq3gF*Q|fx84KSe_{!1g`fGkY zYn_Gv@?ELF2)_B&t!}pP?ehI?rRnki_q^Yk_H+NiEWazqq}%_4ah=;(^^bUr+uu=S z{`_qCG}C|b*?;Bxi_|~t+Q0O->fdu6<8#lYzkf#GuP0mhyQKf}J<|9chMs5g?<=>F z{u`U_zf*61baSiz(;kub@04Eu*X=UhoIex#a{c)o)9df;-(GgQRsYvw|5X&JzhmEJ zXIc1HrTy*ym;V0YdoQiF@B>ADRy?2X{{yyq@=y!^%D3EqZAIF@)s-7wweUX||55(@ zbp1nbe&UA~{u}ZCR`yKehn;fH&n*1F|8V;&UP|LT&pqN^3qM@^FS%3F^6RmR?M?s9 z)fGH{I*ZKTF;%aQvFbm!2jeTprN{qI=REKa3;(71uYQrnZ`Lr@w13}}@#`ou{)B5+;-wxT`s{eVx=liC|zt@Df_OGuENydPg~)xTc8zpY69YkzfggN5H*_1Ejtt-G8~0fBXZh{`rD$8jNm(pwEst|A2R))-{iReDvGqf zzW)xtvg+Tlgz;@f@Xw#sV){Qe{et_i;_USN9r;qT+5aaW!u3}UO84J+2Tl8))&8sN z7~k1DJ^zn=YR6M8{Kb#x_^0bX>h`^NvGCUkzN1M0y*crRru@EF>(8g>-<2z0H0S?g zqJQOYNUz_&Ja>$_{=fOPj9-!Z-?@L-QP%h0FZx4eF5Q1W=)CWC3%|IW$FHM^{kZy* zbsH^whpgX<8EO6H^_LFZVBwz;eEa=r{O|_`nf{B*HgNy7|1ym~aEr1ttorxaUcSEw z|2Tfzv;S$~x2R!!<@eI{fAQq!X8oUu|Gllq_>WvO#`GU{O8@28r|UoZN2}_r_8-2# ze1DPp|Mm8*^%g$ADdRhfeE;A7{B$o1KU?}ge@~i!oZj-P=|9_M0N3BXHogAd-u%Mr zt@_(!{#(&o4Wn?K&$>bslVdQbo*bu zX7LaUKSAp6%%|~t^uO8E-+n$$zW<7J``c^3+1slB6P>>|rN{4x=XNmtXLm^bZM&q~ z-@NazEv@=L9wPI%Nc{_^ANrt$uRWUa`76`ke{kIj)BayB>#uTr8o%pKADRB6a|GX6 z1b^>U+b*`+{|6nvBJJPu%hOM@@b4+U2>*HJwR3K?@DB_B?iidNzj3d>ILN|Zr~P+J zdj9n2Ufp(zJ;GF>!+iL{5x*Wai;%nx35@!RqmSp{*P}z*7U#Z zvYX7`BJJ<7%WZk9{ev1ApBs{{e{KHa%Pjo9(*E4LY5Z=#JHYI}w`KfuyQKB6Zu_5h zu~q+HW&GRwrsc;?+wE)4zkdt9VrF{%UAoo7>#X`$$^2=1Fa7;hRg2C2-#vcAxIDW4aCMXW_?){hhx$-G9^mdHvfK z{zBQm%kPnH|Bg@Jb)kjdLhQG;BK^1Li~E}U&sVGcR%HJDdCQkf|H*;da{sjz!QXjF z_nB7vpPS71{59$RE30hynT0<{;^*3n;Jg25{b&o{aJS6A2h#P=|NEF_7XIxQ1b=NB zzww#PO#kDrWd3&SmR|oy@6%jv)xYoCTz^NA_51!iqfPt!1)0B<`=r}{@UO=2VAbFF z2-lw*ou0p)`(I-E|DN83$3M4w`um@oT(_xJ|5394(pjYacmL@%lmA?#`yWN>|8#Jv zDSzjv{jx{8{oC!o=WSN|FZxo(uL%C3>Q$!yre5Yx#h7&ezkTI5S6TJ%Ci+`@k@-8} z#o5=qd_;t)m&!5g2uRdzwPm=ztn4QK?+WG%pu<#>Ae&(-B<4>A&t!cj<_!#$p z<-TeBKkj+-bF2QX-(!4d5&WfRzGeDvr_26pdlCM#`jzKyu|a(+NVk8)=%$@5 z{JFCK-dO}c=AD0UYvB)<{>u$b&;O6A4>9HMFQxvDaq0OxYqu@_Xw~0-gN)yP>F?jH zZvQVV{C!6y>RX09r^1ruyfBOyT{#!ldck8YCj}rU2;-hr?@BH8rbNyc}{I8?P`2X!Uqp!8< ze_i^o{j~J>tsURrj9=YG{7;?trSVmLrvB5a|IPhGewU@!fB7aQH5UF~I{v>thZmy! zw_EgE`t(<(|7)C(!D|11j^h^tXt@`hZ@V^BmTYPBYe=qzew`Y3(JbK!4bN{QK`VaO=&);M2 zYd8J(uS@;y8`AUVirf#){r@RPGymx;yIxT#i#&2$t z{{Ek=e9iP9T`Bf|ZZ!Y>vk@4GR`&~`_yK^Ap+lt`#AOHFytNsrJ z-%$j==U-Y)`}GsS=Z2@}-zoj8P5u90a{jZT2!6u1UteIg|2>J{sOXvQ|MT8E*yP{O zEam>I{7qW_X#Cgp=KlG<)jWSIi_E`Ep5D>4zn_=*$NYWi`j`D+#@p8SpZ*@VzoSU~ zlb(L|YYTtjwK9K-^#Ag{7n}aybuTi$^MZ8yZ+{Dq9~7SdKULxfI*QbP%#2e{w(!4w zpX<+!NYB3&t1mP6&wnQMR}{ft^_vY7t@`__{_|;?f1JDYT66#Dl@Fx-JEi&Ow%5M- zSF8R~kw5tvY5Do`pbB&U|F<%KJB!S}$L~J#W2^ob8hHM<-=7};?T22ozlHxs@RjS+ z_#0P$ajJ!%UM}*ZNdK)K^yrrs{vG-Lw)fKgf57kFF!}Gzs=w`@9{-mPzs}zO6ZK}iKw7&@cw9O~?weT;9{?}e){k?zVxvdud z9o;{wNb`@|PFil-?;GX(K*bel{pW=5K7Y=tzfts$jvLbWzJEF68Vmnl@n5#BP2>07 z^QOZs{Gt)Uzl-2ss=sxLg&!sQPutDu`nOoye6fYUaSD%rTM_x+e)e-E7XEY@zudpl z<9F-Y9j~G^-w?)RDgw}<8XE9R#0TaP-^^dJ0Q z@VOh)-#=lWS5L6M|591M`5V*qA9vPceJp&N%-_yS()E|Ed}$L4e}5hKU&oX*{@O!s zz0Sfvq4=-T_~mCGeSn4U6#mopbsB&F;xno&{9mO0%BgAmb5$?iW8t3~%io_nIE{b& zs$Fvy{z)0Xjw0*lfjuhUvhe@X`yYzbKV(*wY5#Pp{5&Wk3Z>9e$C#CU6 z4!O(RzdKjtU&XvM{@&gGafwy`qkTkwzBP?MW#dp&eoP+D_+0r9Wgz*doBXA}A6<8z z=|AZu`xl)>zWdV>-+!6lE51$FKk3Wv-&**0@8_~-tUuK$!xXPW+l`(*yL6`4O3m%Q_uRsUZF-%$iVe$)-4Ec_=TzjGtg>vzNY z{(rLYA4~leMerA&{eWrzoh<9Ob4I%V4nE;3Q~&v~;5#-;H5d~p|-`U{}Nq4CF%NCH+*LLKQGnqFH-;PPj)cl7xLHf{I8sy zZvP&Gx0z$L|BHKM{TCVkmu_q~_a8>e{V5$q@W0$r-b%K!FC^N-wFrwz04Pip+%X6gAq{pxW&Ed1}qeyb=_{~I0a z>MZ=tvi>^mO51NGTVDTf3x9&_-?q(7_uoA~US;yHk3{~r|219zC3Ckk?Z@0pvi^#E z|6aej!?YjvmHE?A1V5q2ai>_{Kkav1e|}+l{;fOm(yG}KUXXid<;m?xuqq)7) z>u390_TOmX+l2q*&rJ7!Zq!94|JYpiKP!sV|G+W-HvQ+FvVJRHPtV_%&-&gQR{Osa zeC~+!_&+}JK+}Kv0~!DJBKY!i|NW#@|8pY0b6cdxukRnK&$sZ)W&KnfnQs5C|6FU% zzn|*-JvKdl2R8S6!m9t#U3va>6zTu-J{e@n&tt{^lRqw9|8u?HSz^^cUHQ+J>HZtg zx$nLf{(0fQ72VSKVf(&ul!d=T=6`3A{$D%)`=;~VMqGvuNvrvBM1{h!}F&A*;MXx?(G{&z%vwtYW6fA4+fHgo^w z$`6=r=8sC_C-z!2#;X4U)nAHyf5ka_K5gO86ZzZutj#}_sn@Rka24Qt>;3OT|9%N2 zJt5=Y{>SwE8+Gg~(|_C{^RJ`G_pd*p+Pr^dQ`x_(JUZQf?Wc?|_5agE{&WAwj%ZK*6*ZOE&P=_e~REY{cIDHf2`R^?700CU%O6-i)58Bu?k~u_Y4d;O zU*}x3AC6xE|7yRUbF{Cs*RSHQ{Og4yEc_Q^IY&nq_3Qlac=fsWt@gJI|IXiS*RS|T zR{r1}3;*U&uD`9w`1iV~$&CNqN$mfM`RV$<9G9v|oOAwQeg7Kue^;gP_k23u{7|XCvMyc!&-cm?weWL= ze^m}m_usH@yI*19_t5y^XVUls$4>j)!q+{)>~7W=#X>9qVPoB2(Pg?~`+6=mt~pU}C}NDJRr;>RkMrQ84V_eP#);WxY; z@9!+~{cqh_V#aTrEb}kFC|&=GgI+ZG_v3ngWlUQC*?8fD=J<`$@qatb|H>vlI@J39 z^R)ff=`ZlQsUXNc~q;FF(h^4;J}XQKbKd|L0hf z|LFb69Yxyz)T-U*TJ^j8i;L9%iw!lV{q^7r+<$HT()^?IC&N0d`cF8L@wvuy|8G0< zw=Y`w17!Rvu1?S2%X8nF_VXI4zoLJ-{ogCUbhcIhp~64%&!+Laez>Z^!f%xL`;H?0 z|MmNqpKam)HdOj=Y>Y5*Z)sjw>ZYa?|7|z|GKpNdFOXue`Mh=eT?z>chmUK z#_a!~h2L7^54Hct4O=k&|If>qg+9F=N4{ z9$Ll6kAwHo=_yzJK5myhyQ&X>W`ChGed`q`FUmGT$*Z6-^ul~lNBDX*Jq*sX$p5#m z{Ii?Tk*VKV$rd=WXa~;kPMe{ki?q?D~oE`}Div4GUi@@6WZ*OSgZ-@Q;3E;osXs^!Fpu z_*0s`Io`s*+FkH9S^gKd|Df-!{l0}C^rrORgX!`6!_MnQTKLblkorGM_g~pwZ(M5O zKiBrZkd;4i`}=+J>lO=NF862WC#Ks!;({~3XW?JIgTFubdbfBOmP_W%0e-M+E#dv-9sb9Ea3`^UDdvhe#0 zzGFiA`=5MqQn`iCZ^`qg{gib5YbMMZX5pWb@o!(69{*g~Kh60wLHKvRA&vjl>2JSh z)!(W0pPz33@bULNYT@VT{9m8dA7lQt>&aiAZQ)0~$>W#5FkOGQS8lDg@SjWjE6+&J zzo+is{2U8E3&y___)q?Tj zA^qR>b(;TQzwx9IR{i}1-}%dQ|9`#eH-E73!v&weJdJ-~i@)bB{3G*a{C}0k-;&?r zR104N@&o_ZIWyh=S3iE=5DT9d{@4C~dj2#`yK=ULKT!LxJ>CAF|7GZb7XEv}KXQ+! z*Y74PSD5^7E9E~wPPhN+r;qEf>d(pdcU+mS|A}r#er(})mHAuoWP1I-^XPz|Somei zziv+V-;NiIKEc9oCg;!E4#@f+V*WGx+WO%ZelPj{%2{drAHRBeXA57Y@^5w;zuhxC zJZ|AvEamxIIVX*Oqv@94S@;WO{^u8^@!dWiQ)c0J(f0%HNcaDVhkXAU3!iiMkEZb# z{CU#d7JmPkCA@xroyKqb%*m$x)#nrLzs`Ho_%rU__?T6Hsm!1J!)g5F^S*zdh2MCG z)c;r-f7oTOon_&3`u@`6Y5YaMIDK;qUm^3ib3+>6+&Xs~3xAyW@7n*A#@{yM2mi3} zPbvR?I*sr1&-&U8UOYz(){yTe`5R>-(9`Cg|8F-7r%cT<7aQy)@0$|1^&?v>py<~H^wi!Xyk4d z{!_qr0zQ8KH^yK2=BdwG_$5>LdpqAw&)*sCr5h~#ms2*S0@@!=ub)GHxrr%%4!nuy zPy6X<{Ic?jGpzc5E&6l(erx>wJG?l;9RDk1{u{I$`l|Icr7|Hbcr#`T}l zd#Gu@)QbLH@#l2?A3u5dmR9}Cg#X0vcgFSKP(9ULzhgxIir>$S@z?yRX=|(g2KoN@ z{mU4?vHRbwqKXFf1b#{b+m;) zO#G+u`)P6efAzDE53%s0M1PClFN^Wh-i`hR-VK@V8?qh3WBkBh zl$-wFTUG!1DBb`0i60NP>hB@%*T(lJ$Msh%-10>Wf1ud^x#<4i7{6%1fSwlqh;NyH z{o2BRDDp49KRB+x^mlznTll3S|Kj_DWBlMt_F8Y@PZxZAe{hUn_rL;E zfB8=Bhv@#`7=QRPXPEPEsmPzU9_jUS;*S3?{TCZ#{&Yt7=f?HVynEv%*7q-z@vn&P zpDnKJr?l#%<|F($!9^d~O<8SPE zW4zV=HGr>#`s4dwWBifbb};?#X92z)@bUexF@D1K@0tGhn}_oHiSK`n@he}ybUUm4 z<--5s`(I=HoY(I%{TEH5KgajK#`r&;zSq-M{XbCuXLSE*j9<3x$`@>OWciFTY5yzZZ_#XxhK;iT+S|Z5rRvXV?O({wqcP z$M?_0?LTn4k5^jw(2*#A4%)4l~=Wx^6wUzzZH|x^7r^N?)szE|LX-G z-=7w@|D$XAop0g)Ao@dPuk`$RXu|oX|LXTze{}y^T>pc;*P7qoCi1KO!nFO=tJ_}Y z_y3>hf9*G>`|rJbA2jX1RXYEReE%L_9?)v_-vcs#J6}up-wRJv9cjqZf4cL{aY+Q^3nZias4A68Nb59 zKPK}pzJDvm@45T0=UDi+W&Ap#`?q5Jl)-;7{byCufARfOF@E=*_cQ(HTgdy-@%>RT z{^TQjTx+%e6tN%MW~SHgO-FR@W#KOr`CIw>H2*mK(9_KI|FH6(=>DX*{UaA{y~?V8 zz09AE=>DS^-?GhWbN%)d{WZRSD8~O|n-R@c{exxx<%Xo?PvcK-y3@k10slw-HrPMf zEZu(xZhFlP7Ji)0|LFdjxcxide~c-Af3Eh|fHeQP`^@LYSoL2b{+syzl(_!GUaB+o z_d})q@%O#S6z^}j~#`pUC$7cNNvC@C>`TH2Z@`&H}w%UK9`d^~+=P~~7?Z5lL!mk1S zs}kpLbbd9)PZ~IBzJ)JW|J}g!{M+i3oi|$eUc&!6qw~vg{U`0Y>@W*|k$!)4elx~5 zl&>)D_ZLNe#OD`d{63E?xXr4+Lg!y}ek{h{SUq#8h5tbHzasd)TO4ZoufJ0H|L-*a zIjrB4rvKUP-$du9;`YBV%`&sz?Wd6kG*W&sgX*lU@ z3xBBKy( z`on+bv;G&KKa1<%f9zj=XnlXP%J1m>Sd9PqK|7iH+nIuo&!5Hk@7{Q6nN|OPVE$CX z_s8eQV*KDml}B0liK;(E=XYcLZBq_4<=+u1|KCaT-_rctAy)mTtN)`2e(iUgU1;HF zs{X0xuVgsm_J7y5+nE;r&tm_@=ig%dS+70vfrbB}+F#N6w;2D{vdhfQ;5tKhoN2K2labNspFkhw(2Qfy47~kP2N!C(B%&@j<(}wQw*^QG9}J zW@Gbm?xUGi%WKPW`*07H6&%tlidCrlKKBo3UR_f;e&y`O=2q*-p46%zmOX(uZj5jA zus8{71r*PPsreN!2bx-&C&09*s+m!>is!*%{upVG94~~~u&>Mpm_Cg)waw+#jmw+r z>T6v;#LTu$l=M{1beY%Iu$wrCZIng>83>&U}*E|mg=hd`trGr)yt~7I93^h zp_b93plIxvx`rj?&9zOn&8>}f&9zgSn;YH9Og>vFU>#t87L-p-&TfX%YMY1W`OnF< zG$48qGy(@5tL5=89Lp?7(+!R<;8i&f`!IJ+0R^5O#!pzfm*(z9+r0f>e)fc8u)Jbw1Oqs z+A5>l+PJK?0q6OIeD%`W>Sa?KfiJYQDv#d(|I-YgFZ|PexWJ2ixS#TKs!l}KsdG)> z@ICdl)ve`n47j`;rguPr<(Bz7u3d*#e}nl$uDVOEw?&}W-*B=QV?Ew89MuT4t<6Va`9(sTY^Kec; z{gAI<;+(i7KdfbSLv{I)RduZgH#e?mnvh?dA9j38V?(*H<*6$gs)3;=|EGG5{ywtf zz4@)XbsMGkW2%1h;(;Yx&Zq33l)rL{)8E%GxNC@oAN&l%JH@}y75@42mOf+Q#|pmk zV%Ei?oA&um9Uo{^2Q1_~_6je+T@gG5&J! zZ*&4azXRt}yneU-zEQW`jaK`2If8K-pU%;qxq|-N{hXg%Y2gohgz=p}VgEo^_QqBf7#*?Q`!y3%`%_U*%8J-@gpbS0?fDzEM~8|7F3oBQ5;R;vduZjk>}wdF0(a zE&NNmKOyU=~Q>AF$;)o*|N$d;RJwnN_tKLXZI<^O>1*5jUwcj(q_6XjpJ z{-;5FS^Ha?=iVvjn!2jL?AoUewD2?Fee(RBCAlM)r1977zwTHIzbVYW_Pa`Qlh4iK zeUC8x%S+FH(c)iQ!S{C>__+VhSa9+MR{ej5`*AAoE6EKxDO-Px|Kzhb4zch{5!)8VCb-Q128_d7$ z+oJh1^KBTvCyV2Mb=!|Fvg*I!w^0B8fIqyk`!B8j+v{qm|M!LUYd>l~j2U#>J<$HX zFZJN{qw;t0b5Os5R~(OOF1O38Pn1Ia+r<618u5Q9tUt!zvi*$50l#I8zZS+X|Hnf7 zW?HfQ{=EM5^I-jMw<_xY+cCaty`L@dcWW^}8*$Xd*7)6r@m&T!E~n;(gP*qg?{6ZL$=bk^Kbrr_R}d&f8Q@V|NpUe9`I2VZy(-~I)C{p0Tbaf8zDtmtdQX#H$8!}<6oAODq6(jV)5 z;JP8_%uB(a@A&8!sjS#vl)nC+tv;wn>2HoS>N``8^#l~o3t1pT##WSmA0_|jk7@mX z8eeKo>337o59@^BypSC;Ht9*}pKPw!pN>BNj-4-_Qu<#g=eLce{g>vKT-hl73%vgI z9KsG=uJZu9A&WMDTZPh}rJUa_*I9rbWY-Ea`13WN^iQiBuit);F27O_c+!Q^FR19- z{-pJ5E?LB%&-k3b8*4wrzkaN<0J|ZtSM0>chxzEQQ?B23oX$VTueJG&(jTY9pC;!i z9qhXYJ9RFQ5nM_~!X5N`JFj|Fov{JCysq2Bp7+wSUAR)3Kw8 z{$`zz@A0wUsa(Hv%P7+RwO^b`N$EdR{O>l=|7OoQK0m?d{CCy(KS-ZH?W0QnQ2IY9 z{{-Fa#|J&s}d!##Lns-jVK9A4!zf!Ir^X#Dq zX?ruLETyjvGoBy)7|?^P+_GO*O8+;-f0~@<4L!&#GfVLCl|J^jSNx~%qRY?oHz$($ ze~6O*G0z?6h1~ve`WDprk1OpLy&c_t2;Q5Ny#5`^`5h+uO`os5L!E!QTK}5pXY6yc z0;Rv;J!AQ+&!GKxqQv=dO8f259YY(fYQ~E6@81-FO==1+~tn%-a{_Qrw z(t(2G_?^~2uxtX^er~12uRT4T|3=O#o|`&DRbr zjDK4g?f<_||L~B~|30NLe%!0*^FO^FyN1#qqTIjO3ee@x)O0(@`ZHa)@%*mlbo%97 z5ITuE|K>Bw^#{}E-_!H_RZ2feFGXMWqa*Gh?Qg!|<1>BYZ@5zaVV)fHAiK1i&*vBV z=ucMkF;5P9kmpxTI#20;td#$l=LS8z_}R@*nezpa=PO{8_U8?XCFVA@>P~9^~>j1+Gx`fA*O%|6re6 z=s^a#*Dj>=rz`P~arV%I?Cw7HC#9cPDZlLh(Dh$~0%7F+M`k5{vCj$43)yf(KeGN- z+fTNfbo`Xc)RWKe@`=CuO8MtB(f{$-p<9&x6eayJ&K!0_{!y-e8A`vXa{XE^+WrfZ z!^r-Fw~GCE4vOj;h%P<&hJw6G0q%%kn6Wh{)W|7O2U z-ai!IVyr(f&K!D>HD324+fSpF@&n_%p$EC~=W6{Z`@_zP^P?2etBoSd{~DFAll@Os z)#KQ^P4?C%JcAcSIYkUs=nOk0M`v!^4~t>{qsv1|FGXF_c?$b zWM@}WGW}1>{11Jz=O=%RJV^H6x0LxG`kGuP9p{D2@pboJ)b(qrgeLUOp1(BvcLQ1e zrBl++?DCX>oma#SWas8j z=TqmucfgZe8tgagKhE*uD%t+4F3VrUkC}e9)f33)XKp3_%=({e=AS*AvOi4TKjZvn z{m=iMzPpdo@2r%6X8q4i<|pCv8-3ERV`gz?oZqbfx%G!5`21`i{m07noAv)?Ptjy3 zrN36zpEy6(nMArnF5X<1&yV#vfA2g-`yHWl|Ix~y%8=#%m?)#ZS^r~?Vp+-l>mO?= z`eF3>?N6$a{SQ@!81>EiFN=QkU>0@#qsJNb&H69<7yV`|rN1{W|9di$&BXrSTUDq{ z>91=O?9mfeutLbB|1)3NS-U9x9CM8JJ6_QKEB5hA(*7n{jQaWt`u_WAr_K$j^LLix zS7ATai9*~#+K;{^+rK$v`xp9V{ZC&+pKMH>Uw`H;zl8ry`j3*Ne>9iUuXE6-Z`S{_ zD|%iEO23V&Z_@uW{6c-Q|8k~M|C`z5v7UT>xl1WO%*=3%Z%x7cK?~*`TtYeFJ|`-6@D#1K7Sab)E{;^PZRk@Sf^>L8(+LnjURl)$G`3k()KqMaiETS zgMOpSzfPs}`TnME3;Jhg)qYLsm-vyjnf3>1U&JPS{>V%DuTuIW_cQws1Znp}6V@+T zsqc@J{>v@Qey0C#L8HF-gsa!ITistjX5&v&sN?s4`{^kaXr>sRMf=f8fM z=^qNxPWjPacp+Bn)_&wmb8u0|7!g1`mi!N{#9GW>_6sT-!=EACCq<5 z<4<3+maG1Akk;Rx@cFZJ4L?BnKQt&vvlIGB;#}`}_g=4`K1iP=Nvc@I|10*h^gqsg zpyWR_{XQI!wKPk=Bx?HYVES$g`pwSGNJXXpYc_u0{)_MVRsRo+NmqsP-_v_c|3r}1 zbdb@1>h)JUU-1Za{Vl4qb6e1_5!mul&H`C#jnMQeI%^cl(}S^?$a(`Kwd@%fa-Wgua^o zW0&VG!qVSo{#R9&{`z(Q=fC*6W(g|&N3iDvkYIHJhc<^TMx4&}e+eEzxx zef`7Sy_mkw{qOYU%>Mg9T32QMse1iCeP5|3b^TukvG`^B@4q&dKdSx9T3s7Ko&Nx< z|J{VXdj3?a9(+ul|0{NW{V(71tN!nBQRDf?r~Y44k6r)sAgvagN5~Jvk81zCad&f3 z_8;Z_FaHE-8>9mC)$tFv=iMdHB{ok3sozPePr)?Xsfb!pC7Jp7cU$wtwn(!^u`5&?K zy9s^u{1-0F{fIjMi|tJRZICuViGQ{HXtuRWa;p7RY6kP)J70Y@{W5eu=AhDVEl)o! zSnHsqpK5>As<~@W_8%+3%HJUW`Vp1C%0cOC7g_oR``177XTMIAeii0FC!w!i|6gC# z%0*rOc-DWUC-FVMn*O#otA?@k_i6tm?ZC<(3;K^7L3OD3S@sjNKe_Mu)qGr|Yqx{c z{nyBP%>Su;_0{z2mi(LVDgU`wu=A(()mN{-YTj<6sO$gfE{k6a`n@0II6+WNZS(>6D%zJ;CN=l(AlyZ>{B1#5#DhaYD8Z^wREmx}*G z)!6mF7pysy@<+Y?65s6Q{ii?7&*tmDxNn4AvkG^+M8(ga%x`u=UyYxeuL|9x;^!IDcM|%l|1Os}#Mi&@iJyO& zzMIfj^Y73JgJx6t_a$%ty&reAX6fJQ<-nHg{66vXj@A421oUwo^^1PQpTAT={{z;4 z7|#12vIlENm>vAU`BnRiw8+wjvcCuG|93L|(!+#?nf~EgM;lT4sfM%b&l#*0k>hBg zuhkT*YhfuXNV6p)b)RJ`ZE|@o6OFj_xlDdgM5{%wjmB2{Q&;e7#FpqPZ&(#jE)5wN zqGAFFH~`YPs#wCSHr66n`ij(x4vpyBr(~p9|F5bZEx%~S)?BQrvlRjd_KAw-OW(1@ zzG{<;oyDCt&Yh-)fgu*N^RD|?RD7;Cge`bCXb@YbjGvx4Liw3=XdOB%;++%@64JQp zoA^$v>w7UqE%IuNKPjTsGYb#qF+)O%RpFFHAHB=C)r-GAr8r0DM6Bjkk4)qK5p22E z7+qPPk1qw-t52l&>uziv*Qh>G16ex9!+aXiXK)l-qm?i7S*fbdVxdP&Pr24>%+Nkj zx+i-0pDuho%ZPzp2Jx@E@NlUwJuG9ZWXr+PeBniJqBA6q9gkqX>e$)43ZDFrOm0yq zS@_%ihmbdHeW|ei%Ja2`CxtS`Rl2v1vOx3wN%zkGcBS|OdWhd*-2>;&#PP#YjpFNT z`PhH;nzUc8i(ucCIR1!QdQUd~APiTA^{ZyLmVCLtuv^Yw$M4K!r1FnFODnxg6%-V9 zviL~Pf52ZN`Pl!=DaRM8`U+0dlnQ*unaYhg->vXF$#thNZUf{0RDG2nr11OBh`7)B zj}`tWCVW+2<@Zs(=$>rv2+j{JVf4?pCjL?N6`bZ&zBqfXbY>nu8x{Uy*)NR!JM6!S z_(`Scs~=gj%y8`g<3dJme`$rkOWLpcU)49j_y@)Ri#PP2#O+tpx4!Hba=eW7Aly5I z{SMEk1pa_8<<>4a`TBug{*jAwJj$IU-~F}V>N5ZOP*KVQo7LG_QS z?=dFc9~{3E;-52(C-U-{f*(V_IIf`h{xC5`bpN!qW;_50n| zgrCwX`s&AY$`=g^q?pY8GhMO&W?k_^wR}+Z6`ZF2|I3_zT%`DiOyX13SNTJfFFvXL zyfOEGf5rZJ(mxLAAG=%lM=s~7P~twS{~vl}+DdM}Q{kU7v0v4XBa3%7<%^H1eBU@# zk|bfSQpWUMA?>$G`*mr*w;ir<@KOE$+DxUkbNh!V_3!T{_N)5fLdvkfM=e#ZDI>Z4 zCl&kefiLGh>#~0FR&-v1@l6KfM{REY%Z0f8F2(;Zz?c3({i5nCI4z^{#lx4c9Gve~ z_(5&N57qKP)mLyn>$?v9)3KAqXBqYWuC%FfJZ(vvUOG1u#Nd~ctcZ48yaj?3~B^A6my{brSq_-uNu zWhScpEa?^&U|xdry0!R0`a&)mdyTK(;gf%>$oRzmPVO7l_;-`TGeVYs3K<%&)-V>)%sEMm%wTUxU)3Y)BaTYH+o9{Yvn}!r5_dk_sd7%$O}82{^`Hm|DlS1 zlGGDFQ0uQi`QMz_P@UqJljF8Exxc9{`#1dZgN-Q?+N$C$e*bGz?k|?g`bAUjfBo_m z|2yU#jN;{w+P|?8^_O!0<(IFdf4(p7*Wl^fU-ADPllb(2Lcd|et2nd;eAK7TlD-ZF>hKQ7rm`PQWU>5mV;Lq6>LI)?K9 z^O_=1+^dEE-KR!*&hL-E(eo=!gFO9Ne$V}vQ`#SXN|etXPl_L6e`@zdYkXbuA!<+j z#M8gGQOUo%W&bVqAGTk%#=i@&lxy~V{)?x4Q}|((gnyiJe_UO*5B>QEe#dD_o;iJ* ziqB`V{88&)t9+d2(6_I(_o z{O*+f1G@Oy^soB=wd-ch>^9~6pjKgx&SP=3n&H_<)} zlwUGKrM{l>S&5&m(m&YW(kY)K`Qy7~{diHz%6o?K`N3hUW&V0B`{%pL42b!pk?i(*O2@Y+t!$`RtbEbBLm^ek?7&fE-=29$#N0Y@@Wl;b{>+ z`%KC=t9)6!Yq$O>)1C8oN`7fs{**DffAq&k|8`G#9S_GJ;p;nvxg@{RIbpxUDSn{K z{iF4(A|LqUtN%~ZyX|Ej|4t=--bekS^slP=(oC;FzYM-8_eZwNJpRKKzJ?1_;@=-% zmte>pBd>nS`N+R7W&JhXDSoK7A7ofdim$NCufnC=S>QjuK8&~hQ0a{De_Cn3+Wz;) zw@EJKsCWPI^?$>TAbrmZ{wb6A^v4gCe28*A&Ti)U3+*eEKhh-wT+;kE#zly;8Y=bR&;$=IQHJ;^$|R`$sn9Ho>E!^4}e2-?rrTJCycqBa`x9 z)mLyD;-;be#|7I1zCJ>KdIP1)P%3!s- zc)yNnR%RxTAGLh`&7}TK=GCO%xa8M6rF{EcjY2&BFUt5&aaNRXPN(>Redl=38~voH zzx?q_OD@Erp|yAM^wkvqlt=n1^@~5grc^+=+HHvB{(r3SYe~M^K2-H#C!~%yQrbJe z`IY-0^%u(LZ%p!U3PoT2Xj8tZcXhbu`M4UNYb4(x%YVDiuaa zlk!2;SIpJy$`|!JF6hDep`}N9{saGPGl_pyU%_ell`p2>t+JH+-=&m41tyChs_oB| zioW_$DSot5pM`AY?Q`|{_1|uxX)7qoAE)f!^T%(fobcei?bAH>Bup9D+7MFfz<)@E-=F55Inr!gskz+j!?33XIDsRAreEsQZa{cLW@A}E2Leyho z6UCo-BOkdwZ-I`|A<}-V4;rZbC6ZjvOZn$X86)3epO7f~(>CdNl;U5p8Tokr9;p4@ zJGIS8@mn`H^6`8#P=4L-(vj;Ert$8tAkr7lHv{E2d^3ey|1DP$qy4x~3Y5R6%zkox zu|cYTc8*C@`cAuchTK0fb1kF&jzscDZ5g?RO5e2J{b_{%ox2ief5<s!vW8~Lb*@w{It zHoYHFZbIf*{N^-ef3v4h5$TKP09eNq|5YWpkcF~U`kLZTya`PsALqe;RS7O+Q_}oE<8#5S+vNTX z_0{%6Inj;|)c&u2+<1kuf2&eHIJYORebsk=M{<45X^}?%*y|;Z?`~fGAZ33cwSJ!^ z+CPEDPwh76$o1Ky+A8)-KK5Bq%N=}1xdS=6`{?PE{g;*awBbIri0~75sstA@>58P| zD1LS&f1#ZoX#AWX5Kittbxx*lkS6?u{i9LNsdnQt?1sF2=Owv5Z{7ZaD@uQjt(7I( z50K!g5?shuwf6D;8K3)$iMrs!e(XOGsDF-J9{P&nuaWszQJ@DJ|40`<=gSNKJW ze`vK5Kl1+0;TG*I_*<3mJLK}oEy(yOC)>}kKe6|B)Ar?aQ}*|e@q_sH^5s6Ms@?bu zyCJjM+mr3{&@YYYi|0s42k=x0E@Z{kjV4g`C(lFk1I=I8p6BdH@fUq!-*nV${*}cf_8d5lMQcSH{{{wJqlC)zdY7xKlU$o+!ghV0UGZExRBlYI{H%l zG@Xom>~9`u`|X1y6UqIjjw$uKO-o$+^U3|jgDCq~$JLJxe)*U`r3YC5=C%D*fZ~^s z`-igp<>6!gMWE?h{q&TNDE_CiL)cq?{Uzel)=k{U@N1$Dq$}jsiQn=05kC31T7)ru zF+W9{8cSil-+>F6^zG|06o0-_{&@LUMLK(d${TPYvkps2#?NqtkNGKq)-MabD!7ia zzmihFV}Eu?#cc0K*bUk2>@+^V%*X#FQyKlA*#6b*5vQ_Kd|hcjpno+`|2Q^XB-=j| zmHHig%mec}M0o?hK(^CfZj>S4fqM z&)`CC8~TjgAEfbFnjdKTp84ev`TTC1Qhvg2>;n#aRSCNx{|P$$1LglZO8&zBS~!o& z#b`_Mh?FB@? zK%o3-DOZx^f2Pz%z9Vhoo{zk{l=M5w{%%=}{KP(=nl~^%xj$8ZCH|4Ff%>P!uCu8r z`~OzTXFUH3ls|9qVLrasCw^M0<B{|!zBY08H`!2- z>_0!HmY>-Z$Dg_4$z;lYTQQ^m?d3%LARnl4gU^T?$WPyGCCkr`#u@qgR8c-af~QJw zA)9o3LhjF4d$f^ne?L~BGKhW-m5a~dLbe!rk=#E#XGZDI7E@~3uM3W0_6SI^(IF9vAks;^HViG^+vJ2PKoyo`~rES-4?QcJ83)G zKY{koEDCdz@xNW^AAo=KOM%({(ThPO|Dw`A06xY+#B+(^E&Kwx_TqwIDt#X)^)L8( zw!rF_cyt$NK=kLmv1ns3^rx{Y)sKd;=Hb zEaD*zZ^4BuH~nD>ia$~5|H1gNK>H`tEeRsWFRfA17yLle_x7C~#VPxzD*gvQ(E7L6 z+Nb36yQL<4oX6nwcpu<*NO$q=$0_?CDE$u@cM|CMkjyRf@%f46U;@U^7gX+Fzz@{_ zgN976O!052^{?FjIZ*#c_C9)m;xCO*>R-vnb>Mnc3BN=3+*mCM#SiVSl+TIeuc@Aa z>|f2Tw9mbE%lR0p-S`Z3gL{M)LVoIq4tpu|GGSqrzTQ z!fwbnJ*!Nj>|dtzPl6w4{Di;V{hH!;mi4b{KhC4tjnA+f^6;=BvcC{`p?@zuZ4PQ2+1v@A4IjKU?(=_)@~(s)XMm%e4QE zeEz#!Y2UgMIes{(NKG>TZdb~G*Zx?Kse$_c^0#j?QvT_nl+X6svVT&ZNA(Ln!!M9q zf34S*;$N?2EI%EY$0W-B@wf8iqxiSm8u_@d3p9S#RCq+zk7tzl)JG+5d_vbRXFs6q zU!t^szz?*2m?0!DIlekZNnh9T#Kq6U@!?G<`==^=+&2aqp9lJWFrVTNRmy+x1HFGN zx#q+jivNB&WBh;{sQqW!rXtJF8@*{h&V&4!U)=X%oUdv(KErOvQZ;uhr1-1N_>D&aMM`iXvp!m|g5pYGlJ;LQ$zP~vtokR}$Un&b+oLA__m)E@CqTY}eDY#CS$?io#<##fkS2Ja{A;T> zY#rtQa9KW}{|ekd%ePLKW6AP4X?s!rGroh{3O>dOTD8CJ{KMqqGNxc>?P{9MgEMPVslj_K)g+T!&Tv{M7HwUW#A6j)(a-c66rrA0)J4QvAJ2`3!!b^<%d!ciyM?QHuY)d>N-!(>G7D=UFIz z7o~lIe(ga0v;57$Un%}s#XsOfTD3p-lE(Wf{v9QLyxai$_hKBErc?avO8hwF{K`Q4 z=g(c+OV01UszJIf>Qu{kqPk zUKBq@iBGJ<8mNC#Enc{i;+Ip>7ksZYxd61=ATzk5n^OD<(tgzM;09VgTzmO2C&izm zv`=g@?p+N;KbDF4KJCNxyT`So_+#VRZypr*7$<0zf9OWV9u)sz6H!0HKi~)Yd}sgQ zCpjqoTiHHQ`N+p+_N(g`J@_Xwl3KrL?;SR$=0+0l`bF90dhY(#FH-r_(oJel@g2(< z|7PHPo4hbccZI!wF#mYh=bR_kr*b*P57FMYZxHPs#I?lu2%G!{vi)Cm8d3a>PVqyh z?9Xr}lK)kP;(UI$kNvrGiuiFp5$!^KW8&;Tkhw`qiXUc^{MLeNPb7c+q~B&z{BxxQ zUvDe;&P4Ki_AbiDC;0g1K@Q26>t4AN$q)PabykYsM8>=RRQTU6_vZ>Ue!g4Qg^#cE zu|JtiU;Vro@8C=%zrfP;k0}1_2GT#ZVm*QCP9(q6nBf&D{+Nv-{?Xs2%l*Fs^-sCi zKWw7-CuRP^ylZ%o{P8>$-lj8`*4c?iCg+d+21YD_$ie84(~to z@qb&%w~rP1%PrT350pQCS3~~%*M~n_#=r9q!Pn*fzk%{oUyXf9@xPGis~r;lcP5hG z{JV9xDgGd7KjszdyAv0mwRcZ@OYvJEe%8tSWs%=rgoXES&kZ|g2eb7*@deiZyeHSE zb<`03Rc?!X8$ePn?>EaC%+~+J*Wllk>+{=N3cmAuYyO!Ikd%8OtCkFA>wn^F@JA$* z<#ShQzeT=Ff@Jb(vojy&&u6`Sn_OQyS2Mv!y{`XY&3=`?J0kQV#eXd8chtM~MDpwB zDZuB)`Pd&N_XkA1ll!0A&kDad z<^Gla%1<>ut0qs)?~i=!{~P)Dir`~?&OrI$ss7{h?|k^pdWsasd=$)!_QzNMKk((| z)KvM_rh?$3Kfo^c$5izZcaRSG1~T&;*WLK`+vWZOf6Mr{$@^)$%UXQeBp>4Swm;v+ z=c9bvA>&6+DV}#ZE%MdtOI;}_DdnHca(!mk4$;1HTjZO9r1W5lSkD`~RlZcSNqJ~e9o|3VwIBDt{ilU^ ze&O6F+n=%=QvEA2USX5(AX7BaJ^QEN2jI8QDK5}CO5Ps@$Oo@eh0T-V+YkTmc8gy) za>)8Ok^Fzw_pV6szmw&UOY(JDj{5VDCes!2cJfDg;`3k1{aMz@_M7drh<}vR{`d~* z7|8D39~tr&@^1(1A3ay}hv`3!@@V?wyCfg&ht_?+|1iG&s9(lNKGsulTI9p-A@V#w zUiqS1eEwtEJ_(WQbGmYg^wkervtM>wXpqC3#qjZO-uQ1Q_ZOHa>qqUH^uI;ECYnte zWb?L*`TPqnf2S-zH%q=Nr!3zr@>Tz&Sv{9O|MK$TpW~A6kk4bCa{nWL>8t*K@7I;e zQRQceO7cSG`tx?V{=BL$lhG?ez3;@Ew6{X8Q0?29Zt;JttBdvR{qfcRXBcw124(+2 znZI0xWcxXh_Rmc{<_2Z|x3Yb1UoFyCKV~sL75|*ue0Ep-^hNphl`Q`;p2cpFk8=~=sqq00q#B>&p1*8IrEk@GLc<~F9l7N`@c#HZP9$ac zlx7pC`^Wl{kLN|Y++W5Y-=^@d#T+!;zr#N*Bp=Tcuz!s|zC-dM?>@{wD8Bzuzq~Nn zf65;p z15MxOyDIYM*WU66>HF9z?XM@x2f07HU%pWD{;hpA+Tb6=|2A3v*x!@>NhH5!kxLQr z?Fau$x3nL8d7tXfe%))ic=PRlch*ql!yM^<_Z4Bk+ag~*|C(AaUQzYqd>Nk@m#?3* z7XK>0;p!YYDgJ2bf43a>Z@0)-%jd6p-JL^~&kH5rmPMwoMZQh?AM*Qc|M2lA-uOiR zN?lr1pw4f{dNkY?`3}j499;EWOng4d&*U!gLyT*;pSR|Jsiy4|>ROS@!}$6DUi)?V zd~=m-KVUp2)~!?1Ph#SPY&SfX-|TiKDHET+Q??%}$@^bt3)#Mv`{(-OJ0usfg?*Nx zeqSx^zbxb5)>5{wE?M)BF8L7kMz_jC<*$o~|FW`uDEH^JYCrB@3Vi$MLVW+Aecnh` zaL$g>e%a3yC_hb(cYOY!H+{h$+eTa=#!F&cxIaGp0@>h`z8_Qh_a*js%OUfZMf+_4 zOL_5G@U-~$qx|&VzsvdVcDX;PU;AZzqW#(Q{t~`^k=H+=vi+G{_Wx-8g#X<1Te`-HbSD1JMIKe({MZ&0-R;OK6JqoTX@i|iHMqh#x-Au(;D`$h~L)H9+_)WG8U zpqPQ|`{KIc7fsdw7ttCD(7?gbF}?ammF&@PV86jJy`rPS2lngUt4~y`n24CD;(CJr zE~0ns*RPM(s3<$<;BGPc7kYhtaIff?{xJiq>fK_7=-v87$1wX!))BI*-aS$;8XXl= zlD+EJt*S@%i;mK}^^A!2fb`*76Jb=*$S8JsQ3Ff16xK=o;yQy@EbkSAqX$KFk1847 zk9{3Au!vq*{yS>mz%a)+>b`v= zq9gg$A`*mT#>9Oke%q>NRG&Ufp?}?81Eadd^!hZa2%}M^^@xh$F48@*=OJ;s8im(l zU$Rj1_*=C(hS}DvXvfYToudCg)``qO{6)UPzYgtku4VZv8S*dc_nYkg#WpiUvu)&E z)j=A{on>h>&GiK zN2U1s!V;QuehDuJZ<64Rlt+%1&YnI=lBDYX;FWqYI~l(fYlp_?ztn~O?&i7JW}WP% z9IAglsG`+i{s~t7v+_3M%mH8X`sZ<8O?xK~_n4dtJ??inPv-1nzhLEa){7a1e^7qj z`J3(UxgbQ#Z|0v=Wi>~sGCq88A!Dn(pNzFn%HfCL7m)McHMyZMo-=!&2b=7J1TN(5 zCdJ74Wox|qD}{JYjeb^D!Y)W~AzKvr=`dw~J;i=-wOpdT;{6P;l;A>6{ri(+6#tbC zku2QNZ`^8z;0CkY%MW*ZIZiE?7!POF zKjTIZxJ=paQ24G5!hUCf{4qVc^Y*__{wk>O^+zHuai49~{yfv?^YNuV{3Xkk^p*Q7 z>5;J>e_7?HvaRCJXMOmKJ~R4X-T%lc|Mu2)ynoe)-}Vy|zKlz&{NK}cd5_}1FV|l} z{9qihx4*+;{5Pn#qbi{awZ(M*qY9K>16H zSNVjpKb_nk1o;bmtTSrW{uEuW7ozylJrw_>6Zd!i_OU^`5OQJ9YGnUL4Y~d;;>Xrd zJm*LJL;8!KmG5ft`K>ePdC-qg-~% zab#BgpX|Lmy(s=M6TUk@{;MZb$^NB7-u(-V_6OSk@Oi0AEaPs;zDyz8GB{R2LvzxW?j_f$HH|BZ?LE~OvQA7B6eA$kAx zaRlujtkY@LKi_FTl&9=}d56WloA+44_?-g1@mOq1Je46pCrf>VgQ)4On zCo1hv*bRyMNPqF!w*GbU{`zTAI(<<-TeZJx1$RBl{+6R_(XS&z0}v2NXX| zF=P6I4{4P@#g_RR#Sdz1A7FF^W>|2#*|m8JMY=9uvB%jXyt?_YNI>%rHb@v%R2 zrI+vEHo|_loF`}1KQpT*;p6{(_~q65MedIf=<}U_f6RM;;$M{e4|>ZVW&Z`M@w55y z!4wq#w9Ao=y$dE?WQg}i(}>wu!&1KGd%2y*|yB5L^{$D!N&tYZf*83qHn)a z_s63=9IN&Zo0cS$vVVi@pYh=b__5C?!gmJ9x8*$e6=nZiS^lX0!E+d^{%JG#1M>N1lq`Q#zAm4`SmjT@ z+xk<={;?)}dw~4Si)xYULuTqM$_Lecx10xN)&3kQr~O3PU%`YQ=>1)ie@AVk_=Uae zCyVwu;?pVT0a&%a!t(EOQT#tl@|RQ21F*`koM|3eey%V{-$46sFRaW;_OG__uHSC- z56Vre_Agy|e?H}(LniiXF9Itc>a3j2*T3>9|8JY{u|B6&`%ivRpRaG@!{4Ob-ywbi zt$#Q4X_JBCZ!;->90AtvJF`?G_jfpB!pHrcRsT#YGOP<_{}U5F?(eMfv-BR&oZ=5O ziBDUA?b{l`$xl)I^CtB#=F?iW|LYI-lh0>gkEF{_$LhfDzxHkTj_hA5rriG`J~3a{ zs{JqK|JIrEPqG%Y{n&@fDnEGQi~AIRpVGdC{n&@fD!)PfWosyYimtT%?mFT*j8(o? zWd2o(Uv)6e$Ns-4NBy-wZ?!*6-oLM%Nb|A(uT}o@atF!rOX-`?e58X_{`=X3$@WzN zllTGOs{fy+Ts4OBe}swuvHrhR{?3mdkp08cOv)dOAG6AT(|l3^%Ko}0{=s}gtNiH%o<0ogdJ3#IqSD?MfU+n(Wzz?*2`{Rc6WdC7r@BTI7Jg^`6)@u4TN&oUW zBB0U-V+dl|SHGwLe`=KG5cLP{o6n8ardLxb~OUoFA6<`UP)P|J*s7ECt0s#pZ{)3I11XO0Fw9Skn)b)@%*^^Pdh| zpM~N#FT>JzRfrZ6CSnNle}@zj^Jn=KSI35$Fxx9t`^)QT7gPNH%b0)GglJ>fI^R_M z*rIc2_IAGUk9fujGmI=dn9VN^QRf#=%Fp6|Et{Xq)|sRD>)I_VMolI=gUVrL00}eWqMY>WYXmPV*ANC zo@>1`mBr7!IB!mu&#%3XFnOc;r_Pd+O_}}4)%np&F0k@*eTeoxTL+r*zvE^y&2cc9 z&skKyKC9diioc>QQ~fSP+rTb?;$sfBdIFVSY0A>}l>a9)s_XxOA6>U|e~LeH3oG9? zhGVe{Wpsq^1I;_aVJzI@EzcRwhl*@u;i1Ic%B5h1=VPpEj|Ju(b zSpDX^zJU+F+mk4Y|2!=#9}?g@7~j6smk+z)A^VJr*Qod$aEPVjwh*m_V!ziv#o77~ zQ`lk<%AxX?<@)_sD*x7;&e~Di&H1)stRfrWpFgDdOFQGIR?DA^KQaEU5Y5G^5FXR; zYdf~m7s>|r6z{TM-mAdxa2>G=3%#QJ-}Vwy*&U({Fj-&1IXFyne+`-!@3AHBlcqf= zbTjiIr`uKky=a2p0`R|9Xe?sy9 z3JPNFkHGnHo)Yic=1OuqRZvj2{z~~=fyHP1qqN+=IR1Ckd)5DKUk7KP(wE=g>H9;p z?2nA)Grzxc3=7t5$E$0$7u9@Dq4HZ7EMAJ@zhdnZ2f^Q0ndLjixBpyS(=G77DVTQ! z#h=UWUu*|Lv|>q(_Iu-VWJ=Bct!k}r{@vB7$4QFcbOyWhgXVn4sFbXIU(#+CnnFa!Dh z5y~K~dC`uQ{$H0~3Kz>vDNB0AtvBXb*Q<3Mxg=ElPi(y?d}IrGMPt1vExc&oi2fa8 z`t^>AF4;0_P}IOrqas^J^k@<_^s{~gBZcwCHLTdGUE=5A{RZ`l>D4c~2)<~|DU9e{ zysB4BRNp~eA|qlV*h*MKBl`9!$^UeTX3L6o;s5Kx*3%jkGqg{X9{0~dQ3D3EWz(X% zc>d9aFJRRwju>xkvyu^mWBSGP?cb%WSP?5SdQjh}L4zWCM3rnkw0~5Qs=D_V<#gqr z4BAFnzR6|M9nn zQWERi?fyb2Ig^Qg%hFC`J-6PZo&y)MNrzWEDgF{xKJmjY_n)cW!HJ}uVsM&-kP zeL*^nzi@yH`PKTg!zlhC*6+j*=hU$tY06*2`0RxPT*%l@9$cXKe0?&0xTJp)TBnS! zRfYpx$ZWf>R-pKNeKLON7li*4TBppjR+;#@xBUfv*x~}?DgI~j`G!7C_($cVoOM0T zq45_Ea3Q}tzPJ*_PjOCY*i(u4H{&}W*w*qVTk|0 z`RkjlY)A1^ZWVmnfARej*N#X0Yag;T0QpNE@C#()Yggt|{4=cogCA}KKXCi&K5AZ# z;@_5h$J_Y!2hM-~L*B;}KPa!rU$zr;`r6nN1=|4DPTj%cpS^IvFOZ9?KC4ghcgytE z-~Dg)f1Ro4L5jcSnXt(9Kk}D9pWB(@PvGrecIfTKc%-@xnh|qA!bsJPZ@~>-Q8I8YifD3su?0OW% zAM~5haHfj&yfNe3=atd;3kSH6U5ZwHNb&jlo&0di^39B|v)JJ;9N**mc;#eY^o zwtr@b{AI@1iZa{zOCI1t)_=37FU6lO_U~j>c>I2Rq_6W<2F4Tl^rzLvQwJ|FE*XYceH zf8hWZ^4~(o$oS#?2mG+77v)2O&xzTyVjSQ?meGobQua4u_xJp8Paf})Dj)ax-uqb3 zuYBA8mD)CKO!2ex`(t*vnh5`Y5o^3pb`4-{>n0(Z`UnlGz?N7$$FL{6q`E2^>rWC(|^uODW ze;ka>UpT;p?Aj~+zZ9R3U*Lx$ROH`;#xXeASO6U0LZ+Sf-6V?7$1m{1?T63DG4K}- za3KqCuA7D8cSPTF=2(xasr?nQYfkpU0WM^*lUK;{XOk>{Y+(uehmVusFC5@Prq?cX zr|j=?NN6~xi1Mw!otHmx<%8Ao?Y-m2f+&8z(}Hgw5$k#5R>tw{U|j;d|3ojF+4C~9 zzs%N4Wc%&$63L$`>=*pF`mqsn0Ltcs?!QuI&ri00zC9xNdbqH^=^$hI{H6{o`}jKS zp%pzZGyAm<($}Q?Gq!_>f9;}3U%`*_f3c&i{BOa^|2Y*rFEjqIDX+=is zN9E6Jz=$8R{;T{|JTEi;^sUujQ1oa{=xw+WZ}-geM<59 z_#=KeW&TZQ912@fQx*4SC~-v~4JUTUkD9H)1`i*_Clx1s|~Tfj#H2x2x)Tnep@fGbtIx z@Akg%kFB}LU*FU;md`<~{B*Zs za3PcCI7{YVKK_m$dPb3dRX*x>J`Rt+aDWS0Dton9%6`xIJEr9D!{_7h_zMTPkblpr z9!c@}_&a{M{qXrXJpRG~F67>?`*frDFQy6&$0L!xEjAkOPqVW4aed12?`N4kFEjr9 zOBtR~{9JgxAossj`TUU!FV}FG@vmG?UxecG@qPSo%5j4Uj`L$<{cyl9kki&}d`0nR zDDA;NUepmJ}e)|*Uk3auB8eV@i#h1e^ zHAl^a`PxPHjGMpY0lOjhZh!lT;(NwFaviyUtkrRl;6lz#z2hv!uXJ7*WZxq4Z({jn zs($}D#pmNI`GNg)6U$$l@u!LuzlpTpIbF0r1wXER?oP_acRq?Y4nSP4&-1m&(~rpX zb;pDFv#%KU4e5#N5__JcqE$E916{qtMo^AUG&eEZ}0 zxIeNLeqZA+9EcmpGt(!Pr|jqBTlwLV@o9COE4Yy7ZaIoke9!n+#@928_*D5QANV*| z{=xw+ri|?zLg)?-&p0xALr^B>neWk6F>R()M!ER`S@0TV1HwkkNT01bLB4_ zup9F1qCtl#eyDtYs?QYhqw)*q7V+u4UrOUI9N< z(#iu|$eejLIVgU6@Yjm?RQX6>=Obo6d*J{V@{^w`ll5t>4o2JMqWB0jq_06$}>1ocfXoahwZ>mKz=eE} z<=ICRpO3%hhh6$Vp>fz68;gwtT*y1kx*nnUeEc;(Tz>d`9JXgHw)nYE`S#_{h3-=P zgWH4x*0WIUpU^>+KYB?vK8L+y>Wc|3X2KfgliPssM+Ng4m{yc0-vwj|7LY-{1nrxm!tT6egHr8Y@&QiXr2JS2Jvg(=U-KFlqLHI^chk^?r*Qo6F~gf z*&G4>!hyJfT$6r1d4KJhf54O+(teeX`j^i`;4d8DLiVZGbpYibKL3CpZa;iJ4}rgM zfD75~aV&ZN&gUQS!}h-LznT61;-~xCxn%!#^6i4}3K8{-n1>KoKJ({~o^*YZgpD6# zFL}Uj$gqoZc2oZOK*o=jKh~qE&T}YH*IN4_BH#M96u-({VUWA!IFfHGXpLXzm%>hp z&*x|G!zul*+HW>b1Ac+5ljadQKJ6Cjmjbb#^QinL?3R~5zt9)4Jjh-+z=iy=?QXLD z>6xFwl{HW=R_}BWegyt`KfD3uMS)me?e{#zB)K7`>O|{>-F5&VS=d1qD=N%Y7 zvpPTK)4Spq`WDgurt+JGSWDjw)2r8_?Egfz-)vzb{`vmi@!MCaQ?ay9AL6%ux${qW zUWz|b^6g1QdMmK^!-@b%KG1&k;y$TGk)Q3&XfJyHrapZ{DkJ` ztjgm4DvST{{M#P9m;+_zlR@A6Mp=8K76hZ4sapIr0McL#mD#`{gv>)YCp<1Cu8#$ z4sanq_;O%IiqGc{c@DW>azgWnG&YwA2e^yMF@N zKUPofkL~Oy;=lATsb|e{|1|?;l_LT|-J~{DlKt$ncuo^HcWMzAZEy>qPpR*>C@h_3yD44san~ z)Jxry;%m!=hOvV!&I8}Nni&++{992-C8-o#!v zM|nQG<+|D6Ok(TS@FT9~75~X9gtwny`k|O&jPDI#>_5Ms^{+ZRB+;;Lk~+U*N;Csq zVD)43T$-zR-1vNzzhYU_{S=>%-?q*M_E@BjkBvWmTVGs8TCHg+KS%F#uPHts zzwPqF$M|jCY0j@RcBG5q_g}@@2VW;_KgMr6m&WlCH;{+kG$r?kJju!fe&Ei>F87DW zx?5Q19iQPKa3PcLjz~qVU-jizM!r+!%Xsp~-;lRDxj*fCh3{7QSm)gzzvbzb+bR3^ zvGG>%{i9bG`2aku^N!DE{%JJ6@*;}Ajg2Rb&$laltn==V-}K1Pkre-$!gnfstn==V zKV+4I+~4fG$wvF#3Lopd`{QSLIergi|8EN4Uc=~rtY7Glzvz#8vpoyRg#`~fS3 ze?mNW)hv+yiS@)2)-T68bm}^cC^sRs{XPDp_@~;6`1JBGh<1wC?+=8(bU8jzDE^m)$%0IW2^4YD}?Zz8_;!VlIPzzI`V4=hr1+n!`B&j%9ejU$ z$M)8jDgF`u0Gu5tKlRaye^!n0{NEqH`+-X2`uAzu8TodFk9F|<@e9>+&!Fso*51f> ztNeA=>|dTMV?m0aVz#k-z|gU}0=fRNOZwj%pCgTY ztmE&GpLgNKoRok1EB?_J8{;2bNHhC8biGUN-!e_^&+N6ozR~|!r`{jG(Dr=f{_O{p z@)-~kN?-(H{|;C^A!Ks6}~3#%lz>RRX_R}<$ssLcPf0FMgH4zBYvm&cNM-{ z;X5qy8@E}soZ>H2%71;W;(v?$v4`)Sr}(Friu@I%g?K^_?Pc%&^H;?A{IyRWt-H5^ z;wK$vkjb){#X5DYbDAffBw0A=>oZb#kVsO=Iet*dEt+r?CM-{edw(766Txj1C4qM^2n@b zQU2|n(>RJ*~4^aL^cgSdxm7`eLDl>Lq6{;}}C zmk+z;e#-v%pN6~tqxi9M|7w+w^SGB-Yacc})}=AU|5n!TW_*3AHU7^>i`S(18~xaC zx5)2$FD#bgZ|Y=>ANU1Q>nO?zfBrAMsSmmTUV$nJ^Kl-3{GT^G&OzBWw$hVN)3U(Sn@e8!GX#cDU$hsa0F66uRUz7RQ5h3^}-_&{$pZ)pg{;k3asDQs;PpSrM_l^j_c)yUI>k@A%;+ERAg$V; z$mb&{pWzSnxiX$RoAJY^FC+Iy$~TJkkNR90&z;Tq z|8(4bi1N>eCVcg|GM+n|@o&s?U!eHsCerq+&z14q*^IxvT-${dUz{W91jeQ{p| zKAt<9@&C*>nC!p3DB~aXJ9sFU@!4PbRwL&>WchrfJDt8NAJ4VT?01c?OUCCS6aT2s zt?^vjjKAZzmi4LhJ#4~PpIhU(wi#brcb1IL|4jUkb_1Rp!Cz+lLzlmrO4(ml)?aG; zgYPbH?f&a=)=}Lkeu!LO*Nl(zK$_X#_~;F?f2M6`I)1=Ie5(6UqTYgxowW4_%Kp3q zXud;vu8il}X7=anQ+F=KZ(zcADSSNFHsxRI7f$i}nDEgqhkx)~+l)WBd5WYIzi_?^!myG8Mb%IEKD{>A?D zI3J$NoADPMJV^Ryph^9xKDWkmZ8LtRw6lg%_D?q{-_+;Uc&=^65AU(MFU7xW(*9JR zTkG<>+0DEA>(e%PxN#c$?^kL&PPzx-A8 zLt{Kvmg{69?mua0}bxCk?T#?>!cQT%kDoA^f=H-K>wX8d>i zE|B-{6-@Z*xCe}jFym+ZHwD?hH^Zd;;8N_zxCk@;=Q;K~qWqI>w9!Ar!n6txG`TETK&^>?IyykP_d5mMcEa&9+>imKae(Cc& zHU7U7o4=s{#-5JI@=;yiby-p||J2@qt-V^seEroWU)N|z*&o8zH*o$OXFp$ml^?q2 zFZ*>b0R7Wq&5NewThFZhnVYpD=EIDCV!ZwpY{KIoM=Kd8qy=-}uwE z6o042_II_w*BIZGDURWxS=(!VMu0 zE@bD?S9t%P5C2WUB*LUhg6rHTq+U?rrZkkG9%$RGWr?ZDnF=wg8bj_ zH7rB%2euM9NRJlJpTKt(QtbD`?{s@=A&S4{Ln9yk0`|fR-;aOZ6x@57;?K=1_^$88 z^JMV#B7yO5SF6#2;%_K#MTPx(>5-oJN*z2T z!SpRYE%h9VU;SfYzpa62XL{qmnBa%Y_z%^ld*}4=6C&;*?;meDmg1KzA^3Vq;eX^` zy}084tf4_Nr+BUhT*!(i&W@(|1wJzJHM!4~Tje*L9-I(A$zRL(_$Z(J`#QDYyLO0t z>ur~p5ca#Ie}Y2iCFuXiD*Gl={3fj>|H&xNb;CdQl7acBWyZKHZ=*a}_KeV&bZHk|9dWgqvS1!SIjuL)yOTIhfG|&G-Q=HV|??Q}pgvxjk=elFGALX;N zqGG?F_DPnOi{DWEzB2wXj>7pw1k(a{t?O4cv1AJSP_u|G64C?Ws6d3S>>pS#pG z+K=?LS5f$W>fhMO<$3$xr~Z0~_M2S4+ErDguU=K~=gIQ3aEj>(+TS5(ZQeiW!`~>| zSGwe*AHW?T-_hatDT=>ewokCWG4hwQny}xSfBodI1)DPS{%s%okIMQH>+6DVuO1lx z>Yg)v{+$nhhV;Mtin0Bm*ARTG<){7U3>w9+E#n94>%xAw3*ye^GeEPjxANq^#e;cgl5S?Y6-9>w161`{#Z9KSIV2`0$Tj zOX2(R&!&BB6?uZc5#^g)Kh|6RNWRtjeQNaI{P~)X{Z45=)(3|D&f3C$FF(|oVEq_% zYa*Y2;lrQVSCl{crC3iz;~XH`q4qk0?`{9H_FF>bTb-R7b&CJ9ET6%LfAqQv-%t5G zbm{94DgHLuJ_jH5uv_K(v43}mS`#S#*{-sDmg@(ie0J6o_B-R}r>prZmRDjLJP(oWj58NXg1@M2U z{nOnepV~iJ<^S4+zTx>TG4*rBzR4~CKJ@&BdIR?XAte`Aa2`pxJj z-va`DJo4lCzwE?Ox9Q}!^E|&qQ|TY0uSdQyH_Q6}rr*jR(8(V|{cpy_aQhSOTgNLu zj(;{)Y^C-8FP}x1-=ONJwD0lgpSmH-^!@MnC7Ev(m)DMA`s{QGeA4mUnH6DCLCqK!PKQS-U z4tVsBBmddHLn`a!*YcEK%$p4K&z}7ET2DEllV8)*eh#)%`G0^%e)WS{`oF;YHP`Fp z3w3@y>IbaLa=h~6w6Fde@JB73{Cpjw>jzt%!(b2e=pU#2em$V((>nPLPSgCGi2MmV z0)ssAndkE8$k7y9!2oEZ6q zk4DSKyfkB|M}C~=@69g{)AqkjRP8H)`EF_+siWkF`p4poudRQ1U`3t&HC6t{{3U0L zYJU!s`iJ^wN}SKK|D@53BD_CIjDM;q|3E&TFM;76`Kg_=l)rpsvq3ufZB+dOzhivU z7$M~++J8HBeG#7j6QlnZs(poif1|r<|10^S{`olLYYhi|cR?qAuxdYqIP)v+db`vdo&3`3`C>Ma^&0Z0J;tMdYS!bk?^JHe^WS3f&mlGc$NpZn z8&D4gGNk-a`7M}r|Ms(;XKA00=ahVLGFrYdHhc0v>r-NhPX8*Z{S)xWcd{wJN6~@W z@!58GKT`gOf9!Em|4{jjGk&o(=Wp8a!Fw^jkRjV8ma0bsisAzGv+GRqy#k>a|=xJm`O}d_z|jp#9Y|>P&M#!~D{hFVXzK zBzgx{{&Cd&QbXOz=fQCB&JXm;cTT-|KhHn(%I}(w+Ru;1&OgNce4dITuJ(uNhWc!9^(DyIT-GL;y=rDz`P*QqsHKgqX$;6F(`fDm_g~|>WrT-ZsNcR zZRJ%hBlLOK3FFfHkGkIQ{_>V#=_3bqO`lN9pgV_+9#YFlA2)8yxa&#qsQwvs2230{ zB7H)i31dd2kFIl9`uOy5_oWZ&)_+Kc^hx)R88_%27aVtj*N{K&JZAi`3B$&WzTQwD zbYm%^R}K0d>1a$bZZRef8$BUo!no!}o&FOijF~VhqhEs?3@LQd_<{XLj;zzZ|L8#@ z)329mMgFd-F+S=i##GT;I)jBaY(U0yq-iY|#P{0$0+Q~$FMZs|{uvqRgXCSLnnD(R z;;7wJsy%Sb=n3f$OsLaF@><4#F=IwvAF20^hUYh=cpTvk>nA9@VFQiuzMPVMYGe!^ z*?&l#Tj-xmwHgD*3>ep+6dg5+TwKfOa}Ux_a>^^=kK}K=4ox39l5WUoJ8WF~zzM_d zOTS*_OD|iPzWFOEKP5BNco@p(vdz@KpO+H)Ip)!YK2VXHhR6uYsVoKIUww7`kN+Y0 zxfXilKT79I**#LlRGLT5Yp`%X&iz2Wf_d_|#_zz>sye5sd=?REz6<7;|L`Qq-;^YB zK0M7;#@Z&IBVo;CEay4NAf; z$7c-mdd0Xg8_{V*UG{G&7DC+g&n_sGXS7my3?-46qD!Jl~J zE}nlAqyO>BscyZQte!B|m$PI=s?Kr1dS0rI^2RX{HI>9ap;_wQKVC%S&aJ`Ruzj&TKCLoT>^e_QSOKu@Xt zLy>>5j|1d{_!^lnaSgfP^KL1)TIZj>YoqnYJ`Ru*;+}IBAQ!yY-c|K=^8X3#ucXS? zYS|vdzBPUva>1wn71WlmxuNqdWI6DY=lvXV!4KNE2X*?-^gLg%4@Jl?$p5=C-TDKc zLoWDT-?X}{lP}c%hDcxRLjgJ9-u)^d7ktCM_lD}^_wuygunz^~f_wL?fL!o-#cLhZ z$v^4w5B4d5Tt5!E;2r+^Vk@2e`n{s_r{OtY0rI{34L~kEu7=sUNV90OW#u z_Zxs*@N*kSe4vwGMD1UU^u;~`kP9v_zM%3G=z)I{6bk^0AKqsQNH5H@BZlcaytFHEtT~`s*oJ* zv>1M1x?6tnIs5{?xBt3fI{8=C`8Q}k;C?(012@ic<%XW`svQTp;LDEXeM=|*zJ+@I zz5c=b5%3`wyy&DiH{O)`dgU9RO8@w^uUc3Ai|60OJb%aDEz55_`C_f? z7x0sR@5X6A=;W_b`;#Jl{q*SxH0yZ^OX-v_ziZ-4f4O`ZP7 z)c(tmk9-4;@_=hU|J+w%BF`_0@qde+(*KZ;bjACev0dfQj*|PyA2wjfPdfQK7e(h! z$OrfKYoPxFegSXNbMs7{{K;y6BCq}-`JR3a^nXAu_!l$(!}Gsm{Ifoed~d%7`ad8S z{KLFR@Lwm_;`u8v`fu^nZ;%7-?bks62jqh1y)MY>OJn5! z5J$eZUjzLgkPH6L2lcf3|29?q8-D5Q?bks62jqhHOuJf5r~imJ@=*@pFZ6#vE_nWd znGfpZ3)R2jr@yyf1N|S63;x-?b*Jm(pN&(#y!{&J|A1WZ)&qZeO((yE>c8^UUyXOc zKj{B}T=04q#4kGe-5<|7|6{%?2hDaksYr=e9Wdd;2xe{{gw+r}wYZrtjo9 z^1b~U=>LFR@V-VSuWyejU+1T1?VnJ)LA8U>e*n4QbqklRrIX(}PW@wf`UTK`0J-3M z1|8=83u5#i6GuLtTS#B@A3!enqOL!GqLcqZ9QodU0rVe0F8G7@HstvMG5Ws}Cx3eT z1#H!S0J-2f_VrEI$*-*X2mH#Hw_gDL2apTia7D&Ro&4OYf51<^-#(C#3;x0LU3vXR zjDL!&{sCY4o_+!JA3!d6@{yN*)X6WqIP3f$+P@F)0qT51$OZo_burJciqZe1+JDne zfA4!W-oGIi{A4SqqgH;L_JjAm8t>nb3%>o?FK^Y!zax%+P_Dr7{tda{Q@0|E-14qY{**ZW@xE8%{Tp(@Ykn~9 z2c7(NapZg7tMUE~x!@1o_o_C1KaV5d^1S!r{Tp(@KQ7VZDV_fB$EiPq9{G6Ra9>&@ z{Eti2L-TJ2$uS03k>h&(JC4s<|Ihl?d08iaR&UyyZY4&?X{`Ag<@fu% zd_SH1)@MlTt~o;P3|^!By-mC4)yco|1^GNezVUft{y~a?pPKu`F5UcrYTL*s$9Q&< zd{2d+tHYuKnQko5SmOGTXR1Njj-!o@$;zRF#+ z|6ra>&-{?0-N`>gQpM*tNDSm}?|hI4s!=|kk}NPkL}~#eh1ha=UvBb$%>0vM4QYSI zk*Q)Zog=K9e`5A)Agn$O#Nja{>)~W!)3r_4(wkxV#n!aEvp{lkZp)*8?meXc#8k1t zBY(Fg_XC8!UVD(P;KNp}U$66jFYwssu{JvWk0w$5W2FkdKT?0pA2Ty@3X|p*8B`3MuE`=u*M^#F6luf6Ej>Te z>F@l9%2#Sw|6qdpN6O~-*j2N->g2y$iON^buzcg2#QfuxKcoK=?enDy&3`p=h2>ib z%J=$z%6CIEb^brY^LJ+TxWab7g;;+HJ$t-e~|pykgqAf zV{!^RJyk565RK>c&+czZ45RteG4nH@*+~A$ANEh+TfKjdl#v=EUA^-6-gb14&i@CO zk^Icm(9eU{DF42n8t2o=zeM$#9ihMRonHTXe@PYm^xyr$z*ai>nNvysC&Kz$KJu%m zD%?;0#Tz&`GY+3V?z#Akz7sttk>z!{+6X5Qn|bnU}Md+51G>l4sE$NGfo>V8M98$my)eUq9` z9FSAvSGNKTID-lmDZxuXkth(>(owk&7b!uV&N_(i$>m+r|X^O1v7R@&c|>aoan;yC)w{wrAoTGe)GVqa?K@;>k;ZP?D_ z6Mzd|ueh;6hhOtL`P>aundM6I;=jO6=?lriA}l7NzVeeB(R=9iTbg2^YqZtyz>ygp5bKl7>-U>%t4MtB{A4&O*GE0}<94K6E~ z`~q;n^Og+c*5U7ZS4s$Wm+cxa{*$BW`(w$%xU-x~?Vlz4&n8pWE9X+8_*LHQ^N$Wc z@P(9Mmy`bIbrzBKKg{hO-q$~^flJ)5wKAwa$VL4eM1BEwgLm8ecY7WFbd~ZJ={wE5h zKgBH~zW`kDtzWjuufyM`>^BQ#jc*ec6XWwa4nc}D`32yD=g9ZRL>>Nr)&5S#1)2VQ zK1-zi>~H%k%6~UBa%pOs5axJFl%98VV-A0K36I9?)Z+4*x4v{~1eU z`b+!6@1gwscaD?2KR0yg(SUr<75@-6lTQFH_`EJtzSZGhxF`i+Unq$mYrkEjkzj)T zq9~<3lTQFH_#1T|epZJcSRn;iPe%GbHvP?#jReze_fmfNB}F(CXYvcc1s}TT$5J}{ zc|)kepp!pkcT#3F&r$wMq5MbmZ!NlhfYKwC@*k0304{jiq7~ZwZ?2XStRvF? zwVwBkPbmHQdGG8m@%70CUMb|%^|A57u+nV<|9|ND>y)DBU#;>keZ={J#u=>IV{=iyU|M2)z5ETa0K$S(jFe9jK>vJSuCWhuclr2P^l~e8w&}Ks3X0&b9oTY5jK-g04{jp z;d4&t@Ok``1IAUo_P2kS#^=6H5$5Am{}82oKtJZ|Ido0r7k~>sw%3(Mb@;PyQT0zn zz5PYrBHf0Ozvnb|>DkmIxBOX8H5N>M0l462`=u||;g2Y->|ZMDKd=AqY)%NnX`JD& z#x8Y#``XI?$|6ss>hMpg_HXc1r2XOYhx}*!Lg`P0{Ad46&m$tg0K366-+O+w4*w+@ zpXOj!*5g}iD8GG1^?i$GF6H@|o)zb*J=U_BONrvocwy3qI{bR7{u9vf4|Bq_dq>c`s$8R|}YFs zN&jE?E6sXavG7k~?X)0K85b@fa#6nfwB9!4G`$-lsbJ$@8QH>nA<_O;q3V^9Ik{A#{y6^F;BhPrcMYhrg)3 z^nY-U#J}W@zcutHKXFl{LQ6 zxq)B;zDaQ=zW`kDhnJswLWjS+mlYm-YuLN__7;i%|Kyr-29(q5N6*l0HO! z0l45}jekGT;q&|s4(1oK|HX@s^2hT$n4;!+(6wIxF8FgBRy?M|zqgjew;Rg*=f#Kp zW-r1gg8e~?Gx-JJf?LHm1$Fp&)&BcpuEc-bGY=*e6iwO7z#hLs9aKS(Q z_kL~v_dJCkjDv3#CVPp1Z&RGfF8~)j`Njs?`sV`j|Gccz->OFVL?L{N+eCf=xZr~i zZlA03f4)Z2|4tlyyE@?!0Y6A_Ccgk&@O$U9TB^fete#-j)6)KtgQB0m$p23LhJp$B zq5)wu`2^sCU;X$gZU4^(g>THy8ecRdEF$0=6ld}azy%+(bHOg1{lmLS{~MKL{oDB& zz5PZ09^1hHBM;zKOR;1P8@u*6X6j7KR|INzX042ublHeo&EoglJ*OA zzMh}`ftv}B2>2GonfyWsSN-7S;wQE3&x)fZz8MEU*pBi$5%3*~Gx-HC{+T5wF6-=n zzn{bps{HrXb3WczPx~u4j{Hvqe23ype!+`>toiUabol!ezIi5VeDi*?p9uH? ziZl5IFMiKXMPJn6XC$lqzaVRT!=m&j0=`LcCcogtulDA@O?3D?|CNKS+F#k72P^N6 z{qM#9@I?LkI{YN{{$-ZVbcMXwDmwpC^)DWO3cr8%EJyE~ne_fWu(V4rwYs+VuQTtL(vJUhd_&=HllIT78*P7wTPbb+ zq4B5?7WKc{}^R5T~Vdn{2v~FspRSJ zt6l%v(q9xh`o0c7Rn31fpOxu9fV7D8Kgz%HZEnGY{$TN4ZsC%T1HAUPKJocs9sa9o z{15Bkcpi8pexWo<_b({D^OSN4C)o>qPPAv>8}Xhu{0Olwj+tI+e7mwN{}Mmk|Azb~&eRo5&rp9HkN-IoXYvbP|G&QCnb&pr zh385Mfjts`FkMFGf24o#`#gdP{h!XsJc7wDc=3N-GqHsZpVv2VFi*((H>-6Hyw)Ld zodd6R@C#o2wJ+`)tHa+!>jyX(l`>r}@x%G=e^viY7;I;o-qm;J&)%hhU!7L)npTrN_f1+h{ee-uGdJfV2JJd;u;{UXH+zg%l zL0TWeA=ps*-_L%V)+I2(eq%hviTr}s{;_=ywb9}8`V=>)bt8WG?m87-n=)NJk15V; zRr~_*@%`&>ZQ=P>#W4R9`!{#kB7YI=HrtJO{eLVi+W#dBL|;R`mjfTX#lmh(FN>w8FiXS3e^LiC8?_NQT_y3`@JwBIV1DwzBN{0=_8Ug0No_$}1? zx3Du^QC|D=(j$h`T~wns2T{AiQXl?|L!$W4uROL-htKPyIAGnCU-{>CQcNiS0g5yE z1=tOKed{)zbodKZ`Wt2bZ__`m z`TP$*e{=T>=Xa}1vY7B(_}ZXrzW{vjZ+~BKRA>JL_5NwRA?sgWhZfoX>q1$apZ8`V zst1Yg=JqGOe+MYeHmS%_3dBt;k@+R%NuI{ifMU;OFjw!7kt|rTeba9Yg@?YpLuwO zD~ZoLiS$4EyNrSb1yj$l+){o}=dl;%6S z>x?TD6agZ}7bj^xP(`{X@(aKPpZUj`vpW1ss{I@2H`^8Ehi_CN`-y-rsuMPoPXI1> z(~Ml&_s=zI{6hq?#@V%-b(WF+pZtnp&ZhF7JIy7hqPz~$ zHIrWeF8H~eRg-l1y#A8|)|E>9@cS>yzj211y+kPgCdHZj0&u}ECoNo|!$4P2J^ohC=yUxNF)>G@+k zL*pMrcpe+u=$gnc02h4skUrY?@1g4X@2K*}>u4j>AN~&YE@yvOD{{G%DE{Beix<%0uQ@Cw zU|n%`*8wMrzi|5)?fidUAMA#c^7-?BgiuJXq_>Wcb&1kJN7^F9r*aQy}Rr1SG+Fo4J!Zp;qy9YrWpLe(d&@09vPfZ z%98PWYGm{uH$J^iw{hv|wTwD->O_3yE)pKxe_*;XWhx)37WqqceA-~`BHryl|jvI=;z zgC{SU+l1C{7iq87@8bNbzLbCMjY;C<4$HmMtR&mfvQ;Gn_{lm_a0w+J^_aShVZa67 z@YK)wboi4=;{ctX^;hm`u8g1${$Gq+AB$CfK9=!1XxCW!?6#iQvu8~9%Z zFRjqwZ?8}L!$jblY8^4s9o&oG<5}|mS%3SXC(7@z4S9HfsnCcY){pc0WxHpp!2SSP ztzR~pMXz5D(6wKH-@zO2>|IZ1{|{7uIB$f{S2L^X(;w%P!7i+;OBDaH!|A1U_@zIi ze6%@?A50KGw2sY30oV=RVE36yI(%z2mH(~b^V7^~di!yH8tlJ`=e5(iM!x`D@P`@} zucO1C^Aq_$0za4_zMyeLqgUeicl5c#JwMJ{|E2FI`?p2dUp+DV$5Qz>XkDXUfZgC* z&)?7cOU2Z`_Y=Mofgel|U(BHUZcp6)hSO@!*5PlW`8&p&5%yo7nEgL}Ncr|c;`TSb znxZX#$7x!I@fK(EH<&~AzY}49g81>;A9(J7FReNwS+~FHj&(8(Q-mx_Mz`tG zrM0MlaZudY8U4B6K8NzAaQ`Xrf0?jedwxyTwh}j$-r6|$;p2R5=#yRi!4H0|-9Pw0 z^CUj($N6m7&k=awIIk_c`0v$zO1r;vM!9JJ12@E{$@dDh55TjFe_z3U+jZ$*qFdJZ zf$#n|_`?RbJEOzDA#}cqOox!&j?8a?>Hi!2DQ#Ad)Zx!i=N};bz4)TDe6NMy!L#fC zN2dL@MTfsH4u0T&g#T};bnX7lvzE$dkDvWG-vD-lXV?C>CU0u0v)|~Rb^bHPXS($Q zaKW>Se|ym``E~fadt{9tXeXZszy;4Pej#zGunvFMQ=a+)>ntWe@m+C-z1U4<$+N%Tpm>W)f*>dIrQ!m9uFVSUGNgy){NFY|3*DU?Wmne zVoC{#6KtS={_?&K9MJy2z9R02nt#9r-|^$zl{)+Z57Kiy0^e+y7(Vv(&_KH%;kgI? z(Gxja5q@L*9`An{gl`0s1k&5tBmEG#OQySX9XW_X!4jR5XeyzAA7GdJrRE>L2Y+no zYVG^~AE(Iwgb)9ljS{mT`*>)e-H(6^zUXYHTXg;}Rgw08jld5kh`*&hy?Oo-Xw7d z<=+P%`|qRtw>v@Q_S_!rl`uPy)ksQ=TBzz-&f->(_<72TJ(|KD$zv`uIK zgDA)YNGgE z@;sZYv;X_8l>SZ_-@Hk0zZZWsjXxM)Chq^gPket#hd=uZvOfYpm>~XOdj1+G6UYDU zk-z`a;pcBc_5ZgK_P0#Te#SR{_s2)O3;fE<-EJcM(11VMzikQMIVI<;aazL9^;E*z z6Q{c|yq72X{)KW6{^Q|gx9jXTR*?VCC5ZuZEf>dZrMG{8(g*qP1}cB{H~#hm7ktwf z%}(m@Cw8ZH)cG)eFhP9GD^hC3FyMmk7%^$Q4&P+^Bk)Z#G5c>O`)&Nxexb$h zO!!U&elS7&y9qyVTjKZ|Rt_1evw!`&B+qZM`{#uS`&%bwKjyLd;iH_O{9pY2P3`z6uivvLrwW|o zwVodHk@I&V*Y8;mmI%!s;;}JB;J_greo>mgWc-;V2BZFKtG9o! z0)qY7#qTxbukJehmyc8W=Sdd5w^=Si&FvL#w``xFpGIoq{~!3^bH=`-egEJ8In_T!lEp;W?}N|t3OT_3hHWVQ zv#9@IH~4FfemYP7kLiEK`?0?t|{&|_h zrF7}v{S=kI(#fLdf2O-ag16}X-}6CP0AYU*n!6sjNcH~^Ie*DLKY^wmjh{4rVE>UL z>$LAbdeBIkrzB?|X};)l4}N-A|NFa+891WIVdtRS#+*Q?W`VTrzZdx>6?4{ z;nsv7bNkp|6?8gm|il4vx|>$w?y$@ z*|2c24u44RYs6RMZi(WL|8}%?eD%9N*M^UApG5IXks1&iSHG};|i<+?7{eoMSFx>pM+l9Lbu^};Qtvh zn$O3KDgRG$|3<|4immWvuHd$w3>eoi)HU|)#(v%E;}8Qb_*-ZGy-SBbnDz&DJ`VRU z8XfiiNB<`9v2QT;3l0IR2ynrVe!RVt4nIi!8^(b!zMUXG_Ral=sx98H*&9&rfUl`G zgZ&>$D7;^HEluzDpCwVvFFg%An<|0!?<(J~R?qu;W&U^6wO{#z-QdNZu2@)S|DV*q z>Ku)*zf)rV$G*MTuh(loaKV=~FQ9GTHv69PUqt_^ai<<1{i}uo!oHE%FVc(ez3%+W zJ$(LY%=vKxOHu#!nsEBr3g3G_@0-Mbum}6*1)I>mmBkx)e;)cBem^t!{^xc6pF;Qs z^{>A8iL8H&&U*V9pM&B4r+LpbzmM1LVZSQ%afksIynml_@96L+|3vK{!cTon;@dv> zyl)c+!~HJ==C^%1lJ38PT0(tE47lK%U-~wO4*w0F-x|@sV|3BmKR}5#6i5F~`aM*C zj*XAMv{m1AI{bPo$fk(?4Ld=6?3?4)&jY)`&*r^(u?~MP*>6PjFBo?vW0k63QX8eR4Ff816kydjyW zOYLEc`q%%=Ngq5KKm8Z%`}l1g{?2yf|4ZTbd)o&e{R_aK$?K-3B>T31VK?gk`oF)t zfbe75{}0xt@_!*!u>8pOKgyR)djQ#$N(%I67}ZJ%qjE`s_xk`{3%d3O;Dc{k--pN7 zW1jzyzsuz}Np#q2xgzXtdjIpjIUEf4zYufjwZoj0Eb{f2^^p2F#DEJf-kE>54!_<@ zl>S$fLj4QI-FkfVF909@F{USm@BCTvR~>#?e!r&vg^}w0-uA)gb+a4{_djJhwQe`G zUR8bW$4;+ryGr-`S#pu`@t*MW$LKEY_sZe->m>RR{>1yWd0$;&X3!=QW3=mc#$Y>>At6#n}Z<22P)v3GLYvkixvt7>b@w##* z-YzPbP|gArXF@r%Db9p|at;2>i|2pQ;q&`FhoI_L$m%_x-}NKk^Z8vL@7MgE@4o9x zaWU)9J8T$SS%+U=PEVpULS?@4;@{3yC)J~YJIcA#it1CVUy88ln(5{=(w#Qtvpdo? z5d!Q6pL%-ZjXL}rFUUL0i&Ri4a6dw%|9SsEcbs%Lb$Af*{(s!BVC|~m66_DqcT5Pt z1@APjiFW;cr|;z*Rvi3bu!dj)zPYo8U;@5D`Y<5?7ku|u`L+B1KDArk5sZT`-Xz&X zz_+%N{Y1bI(05D-zy-f-rQM|Sf4$}Ej^C%d5kLP2w~+lrz&AIO{Y1bwNEapq;DWCm zT4%5hfAFXB4l^G94#Fo2;Zxis3gJ^)7(@ub1wWBFU%UV8d|JQYhJ&*F``IsY&;y+a z_yLMDh4AToK7$AWxZoS>{qca#{z=MyD~|ovJCxo;z!z_mtwg|g=sP9^;DV3M|J>&~ z{FTc7U>tmNJNcUk_(95ROu)D4J0=9+g0J1urHc-~Gp(QCVCKtoIj>XUcU?Tk(2jK` z6c9{k&l(RD5KN_8Q~Q9%aSi&82?4m^S5CdE-GAv<8o%RUFOc;g_v3i$AKrgM+(jEt z5tU7*`j6@#yDOc4LloK%?{4~@Nd@47e_Wwwah?6$RQ>O$^AEWnB@!R)7;|?+!PHK* zD}%cl3Z|Vml0M^UKSGK#ApjTro@z&~*Ws6XL*5ano9RZp_{Q}l|1qlH-=h8JiLh?R zDAMTB9{(@O5AOaqg&PTz2>3yYGllZsb%alZ z09^12oBC>>|Hq${ci2m1{|V2NjP(CTnzU=3qWxC#Rd9))N6t_>500*xLiqVB&^hfD z03Y-G9sR})n{@uq(OtGb#8FxQc=5R(Deyw7F!LKO?dnPR&(mID1q_#JJxuz2%=#HF zK>^qe-m&&4+Wl`jr=}QEB`xMzr1bpLr@;?y*aKWFNx=VZh&E-xK z-{_d>-s+eB&RNRuM8J2>(=`$B&0i}BCIsMu-}Bbn+Wq&BekboRi%I|UJl)9hXHt{W zqItsB6dKneYM7ILKYg zzsWnSFZB4I=b-wR`Z2^CKK!~a*=Z+@xA zNBRc_(fbDx?6><-dJw_>AjO#wfD7Jb|MKT__=R@MI|3_Y`SZ(v!9FCP2>1p~AY}r+ zNpU6w;DWDjJm^my{tB8u?}o3kwm-Om@QHvgUL!0b;2RWYLI5uK>PjE>)!|oC_6OtO zn={EiBH-Ip7MXw_q&O1-aKV3D(oDPmQ<`f3+6!g-%j^H!DQmg!pEr~j0V2GAS`=r( z`={BoykJ5AE_lI8FTbm^|6q0Lf2(k&d#e{el>c6*{6_@)0~_g@2=-ePXF>oj_`G#x zwC~?%6uz-C>-=YIq4XsJzVQZK69M0(I1>VJ!5=uXYq`$;UMl^KMSB0!(s~j2iR#xJ z^n4-O#_gfO)E|(Oo<~GC=9Je#iZdYq7rg$tOTBgYRn_~qD3x{ocP3E%Mg;o@CDcHM8LPGE@A?{O>rg!;DW!oX>VN}ekqmzot2Nc zxBBHji|RHe;5&WDA4I?xeF>XM1>l0u%$uTZfApOvZ*U%&=|*x;e^})E7pK29gVMig zX_r>e^MJ>d0=JfSsS~{#$(>;3e?R`Q+vEGT@xX|Zt!#K3+LA152o=g4rUdZ|M>jRNc@6S zrMUZ_-BM2&M7(a0ukCjATzZ7A%^@`JhQ4D$04{iN^OM^B*I#TZ?YEap`%?-<o) zwM@Z;`p={|6Y4*Q;!Fs@1)nhOksEdP7pbK1GiCah_Tc|Z^)L6g1EiI@& zsD(Sff!ha0x#lkU;a48Mr;iSQn~?b8(Kz@;37-h~g0Pu*eg)&3#hSb1hyU7~FT3gR z4<1!_RGi^P{Oq?XHy2F6H>(gH5%3L)Ga%Kf&5n~>-=Z#C;N$j?@*ix_(6&@ApjTr{d=!g)Y+f=n7qS`gD(z{Y$D*> z6lVgyMR6ts;DR?l^n}pimr?juJpAuSHc<$l;x_B-Ke#&U`p2r* zLNEc}+}c7g0pF}o*F*@w1^@WXTo-is)=GJY@oLug2lBKKOu!cuX99j8FMUsh09^2A zYCNqS|Lf9NKL5ojc(0_}tLp53K-K?F9DJ)c`JV{* z);)Ah1pENSnGk>rKIx$)U+M7gZXxZr>Sb-em_V|LfG;M~H4*TgNt8c{5P%DQ@4mxJ zbohr={x{>4KjTL7FA?yA6lVgyO>rg!;DT2@Jvdp1e_G*Naqyid$UY+ATThbziGUxV zI1>VJ!DkfCuRZ_aFNGhBgKs}g_7MT!oKN|W2>1rYnGk>rp1<0|+Wp7#|Df)ul6Cnr z7ZM&3@EwXX0Y6A_CIsMu&)h#zyZ?1-Jpbb0izOtR2>3R|nSgImoCyKA;HP(u($@bS z)$_-SgKs=S{v`r_km5|hw<*qq09^1}_k46fm;ZiI{r`amvi$Kp%E2=TOH}V zaU#sCbSTb*`IS~D`kn{@xZvfQ7Jf^IzwfHL<7bJ_=U+y?e`5SA_*DbJl&gYj@1LM~ zl|)~s()%F2kKrBE55K_3m7{d{Coal6jMwG+x5N*xv%ve8<&b?uc>fAgoC)t=!EfoB z2myA3m;B)E3Of9*C1m~Q#K8}etxUi-zHUJ4-XriS9wb5lF1WqtAxDS5PSyWG<^Szv zqSHSqzk1&vO6RQ-RigJT@g>c_pg0remm0$wQh#_uz{iY#ebQl!w*0@4tm^;9GW~fT zX=MHjrT^WfMUaTQSb5(He8 z|2#VHk_i3}Qk)6tA9$MP0}&wr7d&J5bK3fMi|T(c>OAV+D)GbfxRx%8?q9i`eulix zyx{uiYd`$rt-l+mv;V&DHl;e`^}B{1rzKKP@D<&8=LYACIr|GUcGLPM|Jo^ z-j#O*&r1CJJ@`{{%JL4IQUBqZ_c7-8e|uChm;CStFFUE-|Nnejng5KhWdFl}$D`9f zl>dt4q4PiUgyw&VqIm=p=6^Z#9TNiV2LJAzr!AfRXVv?s(OlZ^hi`wFM=)XjnfQpX zh=6ZWoCyKA;2Ga0{a1%ybC|rtX{qq(GBW>Tow)N&Zo!24ya6Y-V8S};AjO#wfD8W7 zZOgRfFN5|k;b2|R<6|DNMdyt&VLo->d%`EeI%bFBObEaQPag2QcKp5H9C?R%QR1J@ z8*M+*-}oW7V1mCLiZgYtK>dF-zdT5BCIsMu7dmm{k2?QvQtyAk-z7fJV~+Gc<}q70 z*QE2-Yli1Dn=}!Gs43wGAEN%Z)-?Z!2m!d@O`9*$?!RxXkayUvCH{I!j!1miAFNnX zFd_e0H0PKJ{s>T<2?4m^r(Za$J^y0uQ}Pa@XQmtR!#Apwr2e%qzEPE~iGVLC?vhdf zxZtmk8mMjmZ|p8_aN6kYf4vFyP3NNdJ`b003G=!gtAt=eeI%yQ%2p;H{GB&d()K^i zdqdt}wbkRp|AKta1pnIU!pl1JTz_yF_0r_?Y%b zp664G>F{mj|952j&uf3^`9H9@u!!*d6GMvA+U4S*=bugAF(JTi@W8zVUen=^Q0))# zmrVcm)uYSb<{PP)e-&=uBEP{WOR39;pMSXa!|$Gv)J%u}$sT!!*qxrWO-jMrrPd+|41Pxf7+_FnnCE^+-Ipli#> z>k>bY_}ZwD*Cjvv$sfG%v(EmceG0!%rW*;CVf(}R?@clZzGcqmA2K&46%tIR?vMW7 z55HNphT8u3_tg8Ryo_9)f1rc( zuPBp4Fnvzf_CqP5H2HOh{N5>-gXV+LZ&Uy-xP9tYZT-J*uDrqCApP&fpF)rH$n#f= z-yEIZA10Xo)gQQgRp)lOr7>TkE(BpwePd9Z$vuzoF&clPI1>VJ z!57ULYU}W;9#?lnoWB~G{!{3J%Ns(X=dl78yxL_)JO3zuK54(PNuT~-){*!o4TLit zSLGl2^vSF8AARQ#ApjTL+V${Mo&92!x}#5||HJi9uDa3oZ=%-}U^8Fn`Q8t|{EUOk zbol?O=f71@mVaKy6xsiRbxh(qdJq#~J(ELmreI~MkCnHeU_yZ1;GeE|M(h9GThtwe zB|e`&7n%RrrNK;UUzbgD=|%dU=N~xb(p-8zOW+}oW`srpWAGE&EDNgzjApjTr$lO=7{@*lJ-r)?E_`FX{ zr2SKFkobW*X@aT2wCMD=Xq_3qf3S`m{O}Jq`+T;}{w`qmq-%$+5e$zWe|LNB9N~vv5FR-AtosXR71>__UZT2vj?4$B$-t*}lL9Gw zx?$YYmdlL;vfRo~!~c+j~%d8#I5Yz|N9@y!kLYv5PiYq=i; zTFKwbZ^QqA3;xk{D{ATR?{7ovYoFmKjtrI$KF&`9{?z9z_XgwhOm$~811|XfmigY( z;lJ9Po+}H&_+qZ!{_Ns=^IwBWM|pjDO#bKff5!e)A-JT!;IPbpSE&9Amd`0F=TYfDPj7$a$?{J4zwKPh{UBKI zQHYGMZ3P-SWfwGdw72-F<;sbkAU;KJPyDg+ne;JaUaZ2!+Wv(RqXoT z_UlV;C;LMK6sZ5FZ=&~!KB+>ko|fxRdH+H~34(ptM+JD+ep-)51YC#WObD*6@T{(bW;_ZoV+7ZLxIyF&dS&n8c5tJ_~{`PyXnt`w2O z<=9sX+`F%q_ZsJGc=hn&clte5yT8`>(D^}B2T=enIPm<=al!ZT@OLc!Z+o5n!36RB z&T;X>N4*0-Jos^8K0hj^{^j+D#>c6leXX)ue`uEWtUoLhz5dWC+sO4H{{t>~-Dkev zMEE!22gv{PhS2_rfz;6X5!SQ%{D=LWsw)9Yzp~tzdEE?%jNP}pCQ zo`25pH1YQqiEsJf|6Mg2AN8NOoGJD8{71P5A6Ua!NcP9W^w2zXrGPj8 zCx2!J-1Jx9!~eYg!#*m@zWbG0hal0y=eK(CAAHere;(L3T}g~)Ui@`$PW=zz$CN)_ z|6m+Xr8-!qqj&y2zki0-KlCUUwf@2BUM_0=gP`vb;CJxR9rE!0`7!O^Vs|Eqz*3|# z-Mv_!|NGC3_J5+!f8b{nxvioO|FiaVc8VRwxBidtH{O4DQ^JqQ|IhEI^gj^ZUreZV z0MG~=`<@~HV_iV)`BZ<ksTNQbXr=SPI{p|GfCEYfW>Z zf zE_(iy#PbLKUqJcKI2@7xmn3Gt^}6LEScV=SSBRe6ch!`(Iir@zMSQ4mj)v|77cLi*(QboM)*1 z=p2#%6U4u|L*g5%y#QQr_#ga{FQ;++7gPU?p!{#AhwC31|~YefD}5PwantjnJl|Hh1tBXszO_S1V@#hjt?Czd5<|38N;*Hpjq zk8}tB=JpFUbm_nACerk!ln}m^ApVBt(tcx5CR`rHz3q>~Uq4)i(;q)V`={P&YJUt# z6^|ED?HIKV4E_V>b!i-`D**?VS#HeOuW$e0KJ{~9uFb5Z^M9lIRQ`{Le{K2T^SU$+ zz`syi@C{zw|Qc zPq9+squm4U#YaEH6@$tTjmKdgu&X5f11|XRmb(V%@V`Gw`R|J`zLg+;y#5#9f)82p z9`}F8*k6U7Kh9U-{Y}M7di$}zDg2LlshE$7d8mH&_p3Zudwy8m{p9}>;r&f5AAIa@ z3j7V!)ye%&r)Zx^b7rzALFwS|K0zvY^Z)I)F5~{MnDU>CT1sZG9HH~G#43IM!}(Rf z@A{GDBH174%fA=@^XBW;=zw(+U|JC9DzLos9F6=j< z=Ha45g7dss4zU0HtCo8m_$o2`?_K?55yFqDe|Y|{@iVm+zn1k+R`Y*@Eu-iE3Nw2C zuS4G>Am4*m+wo9Ww%wjlV zUZ!h**u$v(`Dm`t`88slKK;G;B^O$*WaAb2dj%6>zy&|jw0OD>f6Ie(%fn%O>;DLU z#$Amwb@+z~Kd>{5FVs9hlzZ_1U;Bs6?0%gN|0wnU*{j3&*8d3KTmOzSTeZ{GKRo}@ zru}`*sQH)S=XZAIKbo%rHMalv?8H3{boPJNj>_NPX`%dQsr&@LgM0n|7RKMY$a*uB z@l*u)4*Y}Zb1LZY&vO2|Cr1chyqZ}4kB47f=>d{zhKSR&op=$iQHO)UaUr!0` zZ*2MCV}E1F{qQTxMX-a3^*_J2Kj&t`j~Rb@w>Uk2uTcAg#+*0+$8@jg+1O^LjLph) zxm8Nmx1sToZqi@z#y?tgn=?u0f1ZD7|DGB;Kgv?`Fp=)ygOxt8e}$@ltbjiK;rCqX zz8-rA@%b_#|Kt7V=nsVdTMiL?#ge~N^B{o>&hsKU0RPA{mU|69xEB%sQ11gj^`|5E zFuu3{W8@{u{};meRyOf5J{SS*M!oiTTfFlJ!jEZx@cd8v621SZex$7Ce+GAl=U?*N zPlvAY{=;)W&3D7|FTMI49`fHE{Qi^S>Hk_Ym!3bha)$QTw$waG_#GVkYs3HcX3K?e z%BcM50fgW2@uDXV7iD~J{}<1{G%lxx@Wn=b`S;?#yT_8E`|H~uUi`lcZT^e$e+>Sp zef0cE37=nPC5XR6)qj5NA1{87FWTqQ;b*)=`2BN)?N{><;dgMa{S6l>`_;Tj>5TAy zFaEzd-{Ywf%n+rcnL!NUAvU$~5<$r}YH(5rsP<168viwi z<`9D}TkhwU5B{Jb?$;swt}6X;-k|(8{2#dBMdxq1S?B*@?@|4KUHJS&u~pg+zk}oa zMA(mYAy^NBbs*3n7b1#ZN?Kh|SN@(P{6H~UPlESfg^%(BZh78+YhSRWiG-*w@s%0FTxK6H4hfJ;9mUPPh0LS-gY1402kLe^R?K`_3s0o=ReQ? zHU3V;&xGZJ&+~#g!2dU>{A#z>+aH!FMYow$@H@u$j=%BzUpoR{ys6LsUi@S{fBWe1 zVLy183!{F~<-hlLQU2Q)KHt$&_|P95=R4Mu=7>L=P`l~tWbq=GOFHKy5=KW|6O|9VT>4_t7}{{sFl!gc;k7JY6bd^-1W1K~2q`ds9H z@ccu+nWdZmbgGI(;C@IBW@G73W8L&DukE$+dwaR$Xa^xb!fx<4_WaG~TgKGC2Uk=1 ziyZ&ouD2iK->^UJecAtdocdwy!6~99KcCW4#DA`kydkmv-}?Ft?fIS#;oF~t$6u`k z@t02{d?#7l`j*t=x(x2eNfwXOwK*%ie?9D9_tHBZb@rd;@!un1eDQW-_K&@u(x28r zd_#V)?oSrOS|+*U04C)F&WFGSui9$)&pQ0kn@LW@_=DwxkMW0kZmyuENWG=qe&Z0p z1wULp?*SeD9TjQ(aK20yy=eS_$04v!0*?cU2gn(o&|vo? zE4cpkzW?<;P5FNcY8jHL@IAM?=TAkR>y7?TyGkkHlr1Tqr5g;|mqXARVNtGRjQ^Wg zUe<-`pV0e1o`1Qf$$AHP=M_FI0MCp1-qYSKqCU6BKkAA=eFwjT-&ykf{W|;;_eJAp z?3DfoE_ghAu}!{*_~8#+QF65ozn<6rYs9zi%i8`Q&Md8|!@uy9$Nu28*&q0?ywA`6 zw3PEFb@=7xM&qBqMtuA4Xngd)fS)RR$UQ$C`3&n{20tH-pRw!O>^EQ1r$6xO)IO9E zX+Pe-Z}-}Njri6v`P}yNf29Kb`bOfT{H=Y&WB=}Jv)}nA+W#nb;H@5Mb*B#hQxE?6 zYs9zy%^Lsg$lKr2;os-+f5yAlX1{SY8o##x#f6R~e|M_dg4|?$7 zckqXsH)s)wkMytfjKn{=!*Vsw*rT_9xKI6CNqug;s?YzxfA00S|Et4auKW-D^Vf)P zzLquqvzsd})8Rj}MB0z@oip}k&;Cn4NWYn%J>vS$ul(&^^;@zI|I@V+e@cnz?)~Sp ziC=Y@#JB6r%o4xz*?za`@E551ZV4$D{p)UNsKc+8De*g|NdITNmp%Kv^B}$H?cu`}e>U-pEVo<;%hA_=z^_nqK~((@|KIddbpFfuAba)$-!ZbrzwWnX zQO|$i4<8+ke?FV|L$@mXeeyr-f2i%TraJ%kRPAs0KjXvf*+1=4V)*rM9F#|g-^Ek^ zoX;lymQphRVIC&(KgvDqA35cVYC8N!`bGOcL~G3)cnhgkF#fgOV$3tJaqWqP>x4BRJSWmj6=P1OEAJ z;-6V2?GLDVz<&5cPW0TV!=F7=+FweIzhoT9p8a1d`<(;P^}pBt*Y^HBQHQ_QgMa=S z@r_Ti#y{}g_osCDA9?UIKDjpg199+2|C6R|e?Fw1|M36$Ys9zX;7^;;@)n)_2UPnT z_!$SYXMYp*{I|c&+W)VXdbYm~{}xsM1OI$B@y98A%mYRKN4W#PeRH{9I{eB@W&ZE7 zO_rmKL)o+c?`PzF#^|iuzm@;qdP#?0K+Wq1{`qX;_fqB09-1}2llSl|I{d|||ED+X zKb$@L52^Nd@N9JY!|&j?e?L3w`G@*%p9lYZHt|pR;G_Kq{4!rnGuZxuYWx-W-%XL} z-&KwOWqhi)e}qbB?|A1$H4cyZA9%n=ew=#f0k`~>@QnYa+#mh?Iq!r2r<(8Kop02B zlgxj3{sSNNFYqrtvH!Km^vC$KrP@DTRsVO!5xxCCZj?CQ`BvX9iN=TB^@I$D;s>6X zy(AKUt{Q*-OVvNXKktL@yl%OYy!dlf`wyQ3AGomp{X@H+iNuHf>2p(Dxxml(OmF|F z-z2{Ck<91rP4w?q)&36FnBjf|e53<@_ebTu%^1I)N`JI}H&Oj(q=)DKocF=M-?m&) zwwj*=xoCf2{uu1d74Fh^e_AG~X<8ocf3H2wy$1dh&&m83D*s3I_IvX=@W-nB@3fTm zhw$+O#jDop)sDvB|KpwiwP6*FztH>x9^X%;Klm*)zHo{5)iTq<;|qV#K3uKSLi>=~ zm(zsNHZ8O-rFn(+$)ano9>Z&#d0V&t6z~7U!FW>IUC(Ac!sCaxC)1br(cX8w{}U1B zd+`2GOqlm!(*93OJWm9BWkv4C#Tb#nt6#3<$<1~8@%~U8>^S=I{!mQNkN1aSf__1Y zGhM5G2XA<_r%u0=+%o?-Ntv#m(tqLk%Q*@r$^FwFBYdLLcS!#@vuM96qN?f|KKreu z`u+*}p2#nF{kQFv<=XRA#?t;SZn!ARE$<@}na}t<=OCqT@QoTSVO-PLTthHneAC%P z`@0ZbG3fWS-pZlhGx-Ite&vV$_L0timxn3|gJk*P?f@>jCu5}zfi-|`nv@6_pc({ECOJwMZp@IDlgXo2>n3zga;rK|lLlx+a2t&IZzr=w3=+ z9{0B`{%Rgw{yVPp3&zv$E7FfBq~EusA5loZW27I^wd(g&o%Gvu`i)TavvorHkM|FW ztY5HCinEQ*>m7n6cHW~+fkS&WUX&3m@r=`KyjwfydjF4Oltm+ zLvbd*;MH&PbIsf8^yB>%I2cQ1`^wLM#@a@L3H}SNCjSt@fA+dYg6Y=*(tm-Cnx z!K>dxS9iUm)9=SRs(d6x`Y*QqEG`ljQK)@Nagzw`Q-|VAL2B}G`9MfizsJiRyrk2w zwMyT>aVmHey#7P_8ojB$AVT_zUX*r3NMDEIOh{irzjet+L9hSPmfT%dr{5KozQH*9 znS{p#{cMUeLB9aSnV_FVaVEdu)vvTwxVBEe?kK-qGF?%A<=3o7`Vpc025OQ%M8i{M z`yc6vtaJ0|$g zm`%SY@(W)5tiFfN>GZpPuapq1Alvsmk23Q47JA?Kvl*?!X%>3l5SOXE5QW}1u2A_P z!aff{iZl5IuYR)+eUPHluk3y)!QLp_&-JRYe&O<)Nlg&me;(<_`@i%2(qPk4E^}C6lw~_h{p=)3>-_GBYzM^?4m#ST(e)*@p znOCRZ@KegdU!;D6$3&+u=Sn_5&*;^_C7hoZ=-WUr;rzV7J#S}^$q zuYNaP-)p5#Kg^4_Uz+8L;(5rC`e7cjF|>?edc&fh(R^fkSQ(cvFF7!{j9|k2WQTss zTBPLdTXm{T4qcCD`R<{##GQCDMQBhqP!; zGt*PIlfOojzl@SDVc!RXu9-Slko8S~e#_(+y!zE?SNR5=eoi|j;j;9f)GypWG^&71 zU#mIkN7U|Z!l(0s9Evm5Z7r{@o9KI@J82#{``2kn-xK)-uYMSd`FCwfb3wEIM&WNzCEYOj@Cn`tzgVUdV$RSoU`H5G* zYMuWTI{ofFDt~XO^9Q~DL;f=>mn46M=h@p7XF`6oD9(iZ7@#u>3;t5>TGi7xMn>Nn`C zPS5E4x1fiVVE!q~2cMs%E5E|7O_`u}$Y18N+JXuGa_BoIlwW5lT@(2Qum29(eO}k; zS3>o_*z;xi7)$~q^}{+2yG>qtU(6d?&mr1UK_$YvjsV4(u)ZTmaVEdu)vsXA2Vd6d zH)F4q;HdMzx_JC&Qu!3r-)$_*=hC#Cs{VT^pKyqHA1?72)i&E;|2Zyd-VIxE!z3j_kkRPxW(TebJx3jKuezFSeSReUabCdQN`g z^7A&4i?1J~eSYxxI|o~hyK_9U{F-+~m)}92`s2mc(fP9l6*#yZ=?3TLvbd* z0KLHPZQoYg|GZd@&tM+{oql#FdLOEg=8~)5P{OZBF0E&{`!fh$CNAvhRnUkIK5taS3<>p5L=_2c;xloy%Y{P!s7Lvbe7kJrbG zP2^}Mp8&nUx7|3jmQFvOKf=LQ^H#E&M`B-!o<|~RE(zMtJdcD4?LnSL!sHjA7x-)C z2Q1L(*X}(j!7ToW8S7U)fx5_i9o50{JwDbcH;6)_zNq_`Y~o#}KsCeEk()IDg)ZeFn3Yn89(En2KI8rVZ1*DvpOfDC3 z1mmA|)l#rbUl#|9%6&Co@IVvl%R!AvDGpT|$hW)fw~+X@`aWx|#Z>m)81i}BF&W!J200Ym*Le8IdLiX?X|1)8=oIh+U{k`)%*-M1a=5esl8|3!t&zapsNT24A zFCfc$wY@Wm?8tkS3q~sH^r1cG3H* z75YQ|ka^cHPv=9vfc*Z>|0K>I^aRxpyf<>h0bfl~r|_AtfKLc{0M~P3iGSc}+-vnF1ZznlXJmy2XLbj&+nsm^}CEaO-^osAa??%-bxn4U@-;eR0Mjn&ozy*0_kLzY6 z>F-f0pX~~Yl%1WItUuYV8r9#(MXox+=^ED`xa^|6h1Z2@0;tYGh5x__cz(zFWbvy{*_Mcl<)_=K|b8J=87c! zS@Vf+NvJ4X+N@106$-kITbn<@ks#b4y%Ypq(iRX`g)JEj|O7+uHs-KcibCD8F?K1PlOLwl5 zo4eKb-=3iM4R>aqC@!9&qvCm(Ww9(BWU;4Kg{_6C$$WypSH{5t;}j5%K4Qq1lpYm189pydzIS{b4>)k1znL53HB3EWzhYiMdGP+0V-Aw` zSIK<+-oj?mUZVE#mF?hFpm0{X*vCY(REQ^LyS zOUi2{eP8M;y6;;rhgTUepBaVBr_p)OGxg-B>IwVCdYR{Rht^$M$8)+z>kh4(&P?Br zcK&21${#h&_U8x5{(>(HL`7pE3h0L%H>|rZKit|ag||yfaR3!8?ikYMt}TUCtEIS| z7X1m-E=23W&MgJ*Zyv2Xw2pd=U8kk6X@AqP%>IwTb;00{&y?Xc|(*BC)yJ`#SSB3A9US@^$ zQ$K}I)=#Cg)xQu2&2rU}Ii79BLLDwzO;g)VJ*hzYgI!u2@XsCX>q$O)zN z$K(iac393kJ16VUq`pIqVM7BgpQ>om_&PEx_{!bE z>i+A`chwf~opLGh(fr|X_U_60!~ESg@0gZ9p5uJuv@KJ6rtw)E5BLV(zD3P1ux7ri zwt&y0`hn+%D%-|d#9xIeU$iu(pLhkX|nZu)e*1NiXe?~*9KUdVu%#UvEnaqdz(QQ`Lcl>-QX2;8y8l2C( zIajDX)5;f%#h$)`H+AAp!ciR3t{^DDSVi}+~#=S21lUt0SAjUT>o?W>TuW> zwnJLHfbCt*|6G1ww_(xUuG#|otNe@XZ&kj)_wAf|$@(+-nr+naz|Qz|V#6o#@HG3g z_yF+T-nYg$$>$h+XUOrP`_{0b} z+aNprl|SsNW6bO+%swtUjuV~rYjDn`MK5=2$_BbB7CoU0F6_1 zXxydyPgCJO)>NRMkZcnTmNpd^bPnHBde1f$O9qAO!Bb5|qp{(-^+Zz>FY}#ki?^Jx z=F5Ikf7lV_Ux(+&{$39C=Qqqwe>UG|@!b-{i~2pnk$%_?iEzlH{v5DD@!jL9T~PiV zDBG{rg!#kSJ3GGW&c7eM(XmqU6*3?4@2a0ke;~f3Jl3BS_(E<>-B&zq%E!I)hoh)Lj%0M>(Q) zj{KS7msND`Dft}cL;G&!J!F5cQrYs=6n(xX$@-Jy=B2aMzYsqe_X!Rb$TySU%q}k9&YLh=P|ke z@lO1$4z-V)?WdD^5Z`O$KhgU0Q}}{jalV$fXbzwCg!AUU$l)!u{=z34?4hL@{@3U) z#wNXAxM4ZnCteTvoTkb8Gx_jcHNoGN#n}g3FyYe@IEfbMU2 ze@=r=RZKV@67SD#K2LEyt#8y*aC+3Q5U#b3t)WD|h5WYiis{n+yn9@=6XwUP`y1tt zVfg~zNA*(p4LZ1pe1RPO)c8t-RHIA1$QZTtBH*Uiz1;E)5<{Pkx0X{Sb{zqi7x zw3{XC&*b|Q&yoDyQk-Yz6RujUN`Gd)S@qQcTcrLfSbr#ADh{Rg=eNW8U4kt6Tz-zk zca6bUyjb(0{mRUz*w5kx$Vcv<>`A_5%!l&j%I@_1HatvUci-&vH}4>Ae?do`jyUi2 z9PV(qsVD3QyMx^Oyc6D)e5;rb_V?@xSzJanD@8(9FFfjr0K5)Kv*`P@W*&rzErf; z*A4sIXAI?!2%ocmcKUP5bUa>zve=pOcaQ6}AhtDJLApY2x#D#>|5ZbAud8-K{q*hu zls`s<_9qU=j<0zO=4h|)6FBpY@96k3FKwFs5DwY(?_Z9Td=~TJ`;a5PrSk8id~prx ze<^&|81=tqFEEEuzBIX+!ynbxnU;Ue@X>oLT9tJFy>2PhuU6*>IQzh4{h55IhuTK@ zY;*ey!p-|E&SUWcIM-ji@~3G2K>dEt4~g%m8X5fsS@K=O^#kvYc=@u-ch#9u{=vQ& zCnGFg!uEZ8z4nIWD>Ce_oZkOBYeN0G&6D+)x0~L_=6J76$-n0q??qr=d{{ z8t+>u`HBs`hh_WKz4T_BzfWxyWyjYorTyyKm99E7%AGVmgd=_b^gfXN>l$`sKBVty zyHNf;zNToze0~Za<`1*^x=~MYI#1;gEpFxV8Ra(4AKQsmOul^^e=FzrY-k&NhjyU; zIXy!@r$w^<()he1cZ|`RwBD)1OsMe0BD;WdGfUp22r& zXVPDUFW64Lpqlu`j&pXGd^U}OXic`?UK$`|6%_j)blu4l=1r+|A1*K2>BG-)8zRJ9%-4>zw-xbpS0G6 zPYFKrnel8qEJsB9cgm}f-^Fr!wG)1qcA4)^1#-P}_+2dbq;|rl?WPOQsJFb`{*k{V zpE1_2+!$EFv)sk;KA00fG!~1Lf>7)3dh_HAW z^2O3KTFCU>%;}5vmqD#4e~gY?%^}Hr^1EWv+3H`2*SHm*asL zIOd#YN$r!P<@4poIbt&F&r9Kx-xZV2R{u0)iTfe?&9$C5SRDMZs}@}jPt#vSBWnL1 zPn@pWPtEjQSexu`e13+{?vSiMlkZ|*bJ%=6>Lm2H3GGA1bz(bY5icPB_S*H<^)h`6 z7r1H*o{w(LrS$!dM(kfbMTG|`eDb?z(%I@?h@L6WmuGmc+QXZzuQM%uEsh8B??=yj zOY&LF2m3qb5NaQ~FE2CyvU_N<{^WPhq_fpOb|3l0xBJdF?KAGW_T;o`p} zUlH@6{pDurAM1P;&JS%JmL1LQ*i~16auMmrmz5FV!uI(?Zc^=&#YXx* zHj{KQF<)T*2tS3d@3T5;o6k_W#8peyy=5Gt#q0UnPO5tTwfHFLu~qYVs((aB=EL*l z3bH@vbLt<<^LscQll5ov;rYm%@8r{2t~xXH2R$)PMwsE=$NS7p>finmeV;H`8}f<6 zv*Y`T%V)F$;lvqket(4Y!*YbzcuVa<;yoApO+!t%Y?DM-Pzf#Y?BaQN9Ce`nQ z2lFzATb+~BcW>kV;c`1J@+l%{KgU&z-k#HyH1jF;LpbD<*L)O9UzE@C`;P8_0ksL>@m)%@heG@FQuu~T)4IUVty z7w6rL!>bzKgZ&{_d^hl)r2N}*6qPSOh56S$DsE3WUh+lrZ`UKJ-DWtAv;3@<@IR=P z`EINe)Dpp(TIxGgavY{l>w>nM&f);bxd*R0Q|ixW{h@xfhaBHS`WwR69WY-m9}j8j z@3<8Gnd3&0ejHs!ARO}Whd&uad|QnVSWE9eykBy}*IZw6ZLPl=924Z%JL>?O!%ydN z`%X*B|Ci;8QF6zLxtZ@3%JFb6jrZQ2Ovjhw>kSvCnBH*yr6(?;_gg!e_4{9l&stv~ zna88`fYvu#w4J^yAbz0jYinh`qv+7O z_$EDlp}$Xho~Xu`;WCgvZs|br)~_YHzUZn=e%C9N#1%t!rTwI{)xQvj%yQKd>UkV2 zj>mK7^;fB&wEPP$$bnz%dt$VF0pGsgkeyf75O2Jz&*vPS%=gBzn!wgVz8_`rqj)&)b~llrSP(s$-!slSjf z$dd0eLr=Kw(~a=7^fmcDdhL;4B;RI(?`8RX`Ae9-Zny08mo`4-X2UMi_)PnIb^gGD zB>Q`U?9bYiBNlRgw7O@<_u)KOsSM*#pugjq>-tMo_J?$Z>^JxrHU7=IPsfY?Iqwo* z5aIK)Cbv+Dxy@< zjx1&(L?jq;0Phj@^3obcjf&I_qC4u(E)Uy9Xy!A z=|0&07_#d@d1ApK5{7QVhO>Ab@{YVFH%j|k!0C(f<;@pJe;dO5>oFhhYmg&2KAUCD zr(LxKJL6!1avR^pf_|_aaw0GEXW9CMmupBqpZQ8w&rw_C_lqs3Kw$n{`*^KCa6!uN z8cS!Zf0_z{%V)Fy^9`P>_6YXX_usViML6tp(Ae?qB;P9LL;b$NMoNdJq5gv``Ko$; z^BYW8oN4;A)Yi}r>wM9>gXH62f%?H9svlU(@-q5!duFFU%sYyHLWmdb<7nT2ey|UptogoIi3heAWrs@u43!=4Hlt7jpV~E2pZUG(K=a?)>PYF46iG z_^u>AFT&?%$yetlSDoL!RNEQ&UgZ8^=6ufB4%v|xAoCu5X>C-0MLd4+HOe2sdxaVO zIVWbPzrlC9>J09;WjLjh7xViM@D<0lhAZHLys6XKLz4Jzmg)OZ$R~RJ-|#t%YO}oU zo!eCVIIoHZT)x!qM(r;_$meCrclbtEMdkjZuLtp#aJggcr}bKb4Tgl>LH?)R{7#GM#Pta?|Mp@&@49X055!Z<@m;@V;l^nC zuHgIc6e|C$4F$Xx*%) zQva7AqCdBHcKYkM*yWhxeBZyR!%@EU;Jr)%y;;2Bym$U`qkOpk-c(Nc9&vV4EpK4mdJE}yNtsr-xZ`C0Py;quR)9?u^a z^7AkBS7>ly)#3&4ck4TNiR7z$zpJ+3`O=z6e2<6sU#Cy9{^Yy@(%I@?h;ew1Y^d+E z94r zOZ|1^^o9P8Aim(qybPb+H(7rsAL=hYx8pLlnDn}<7OnfYPk$TRzIJ_7f8e`-`o9D@ zq5gs_`Hp!*a|ok-_a^4^ZrC=Tsn?HRp7BUh|M4?kqVhQ}ekr*uA#moJ(3msRi~Ux0hr z(VNSn_6Pm_M*W+tf-rrZ)3VdwLcWig_V+B;Pn|}Z+q5(AnBix3`DsOx{asG>=S28K zzwG!j-`_ZR8cwO?7{0H#?R2=Aj@a4M-!tbn`YuU-=aKyd5k4;4{PfEO`1i$!Ctgtf2d^Q!`9oyMK22EA7Je`f1$$@Lt_acW^6dxarikR{(++|K9sit`;a%hd?mslV>Gl>eAyfAiK+`bPNN)3eiGn*HIqb9?RY zk;y#{hxbZ2Kej`n-i-Ch zAAZzC>aV1YE*EhBXt9axFT&?#$%k=nHkX$;Pkk;IQEx^1VLN0#7FZtI;y({1-G3|Y zp!&g*nwk5reP*)$3-CKZyYSs*SvpBTSWT%y+(%59aKH~L;ejl6koD<73rU||AJZ3=Og6bW-k-p znwpvKD_dtJ^U3ckOJ}QpAs*-Zhc&W{L$tU6&zIbOVCo4wH{c9X$ny1JKRh4hTk(Nz zf8I##L)O*#89qNtzWjzdp9Q_*^_K^}bQMD8y^Wbs84$tH-?4Ypzg+SaKA?|>{uZ1< z3cwd2DX{|vpY4P`TW)p&&6EtGRqM@T+@x_?}gpW*Ye zpfvYe|1jBz>)6 z+3~%5zP4kB_vh1yUb9@a=nU57j)e_|L^$N;0hiw<`T84tyY5frON7tQlJAn|Ty;jX ze{tnwI^1PDLHenkBYy~oe&2lHzvo2L7xk->d+7cf;d6#(r$6LV$M}BYI=t89as4=d z1WhfP`TFC@9oEY4%R8(;lrM6AKYw_E81|d1qZpCQC+A(0&Q||IpnW6wB3?fC<$9r6 z?(kt5Ve(zE_pDDO-$;XRf2zNTKSMsRn)u9eI|IfGxW7TaqmJ-Z{h*xrkiL&xM&&b= zFL3tR$@-J?u1ROB|18EwRnfi+E{;x&{C%g_lkRWVQ~6>)n}^**kR_k{kE@O`)A7=} zI$t9^yzk z&o=lPw4wU_p5aw`S@Nan?37+-{`6IZ^SrdN)~Np3D~$4QE{%Wl{X8*YnLffE zot^&D`mbFwi{s(zOw%92A{DI*QO1?_wTgUaQy}l*By=WXNzkhSjOV*!jydTW8{~6yO!t)XO6+u6Ykr4=o z9Qa^IIX~i7{lnT){objcD;iy{%YEy7%~ykCf^4*22iP2bIXy4gm*$FR52yMC$;}o? zo>$GK^=o#fvi{s$(Y6DH)BLukE8&2SET3%jz8Zgy{YLWp^ZD}m-pR)gFOpED*o zeNDbsXX$wGoXe*Z58V(CNBUtqq{R!6vo9%7@24H+D`)%b)|B$^^ECev&(9=EllkPl zr_$N#KYe_t**~!=KIm`StMyd|9ZPE7UrSQEsCeBw?{(xT7_=@;C z!FT;mEl0}q~OEv+e9)SRj|*%u`1PtJQPovr?bcsC_|Ep9(W|FsO?bvXx( z8$Wi!(DBwJtGhK})cNB}$B*q~m5v>C-r%vLhL5w(A3na#;9ma%3xQoXfJ8JOg;S|N#;o~NZ9zV_+I&$#&Dwbii;bavkH;$h$_Wa?) z^i~jDW?d#`B?Gk?JYoEp@#mGEb#MpkpmC$lKYR4>5u-<)J#u`TEJsG?3ZIsxr&l9t9*TgLrAIku z&8;V-zhze{-}CZ>pk?I^E^wYveAZJ*^XE=wJ}<9K9hu7a9PyFQ@I6m_kP;w29UF34WatPhj;HtYwROVpa?5Xd zKXfxapU}J`_AgD8FMU{VcPeRr^4)gV+vUE}>9d9PCh+|*aq25cd^d04BYxHWRF?OW z-x<%%@X717U?vmq@_=;$JzI4uQnorK-5zQaHrTwqZ6V|uwm4B=Ut^bloV}jc&f32+Ot|tDq z?Uk=X`N1cC`>XcK|I>>0r*T{M_q0wP4tj(9@xtB*C-DuT?|(=a)G1R^&ZAHu!ueI_ zHX-&~=_%$wOZnyfY2RD&X>LtR`Bs-x{(d7*xcgbkmrdvNZD9$A{O&*Mbx}meOV18m z8Cm;-X-Rw+GoSyy&L3%f_O+If9(?Zg#6uo@;y-k5^4-qTJi%3#kp7+5nXintOV2LD z#p@6B?~*uw{V{U>2XfXOI(^gloPuW5Poi0d&#%!;NDn?QuNjqd%`$w}&dr4M;Ij&8 zojjb$SAO&*wk9h=bE;ojjbW zzgl0fzCDR=F+D#@XRp}o}%)E{NGeKx&<^Y^${v>$p1A*+n4`1 zl^^7Ps*|JUeicg&q5B7wF%OgN?3TCHe6S|pasPRC=On(fch!8((lW)V`SLU6-u5a!DAkIHAP z>$7cr|G2W|go-3S`yG9R(^ThQ`JJOEU#ndxeP|vnaacR$dstNdQTjR^+bNIvk^LU+ zg!Iz>g7K98w7>KfJ!$>+d|~x$r+gaU^n2INOycXye3rFszTj{=A9?UNClDWb@c2g% zA9?WjC(=53rx}&+HS>hssh#p^d<7?#ewM`dB$t17v9`Z7{rP?9eB{CBpG@oI!58!; ze)8aRPiZHl&+zplKJsv;{k>ni<0VOa-+iNx2!7D|dy@JQnCa{ONcZ<)?Ue_gGrYZ! ze!rS@{700Yv@E^kmHE{j(O!A*I%m`V!zvaa0NH~s)Ro;;k% zch+r73X=GW%k>d+(}3eXYwr?cg4^oJ~_TzI-keAZ)=>n9BUpOXD-K@-(7GxkG^5~R(o)Kz2VvM@=={6fp5)gD^@4*J=I?GS+Y0HSzhF~a8rNEVeBXTTUY5l7{x@3V-osa@ z1vyS9nm_yp$e!qaD>m+?ynOzY^O;+lc2gennp?D8ddzR`(z5iJ=iJ_~n~)yPw7(it zD-+AVejD`>_7aXk7)80>!$v&zJG_;W%}-AzTchvnBK#A zDw(e#-5+o+XF!g4+78#P7wJ2WPlxtt4We(UN77UD&k?nUMYa#rWvx7;nZ76VUD6;) zf9B#;AG-g_@66yDP9=Q{dLF@g*P8L;_1U)O zyWKr=Z4#e-k3Pcou2c(6DRHBGJ*jAx?N{FGbpI!Rl;k;!>Q}TZeW@jAd@$vYH|YLP zz6tTj{2tJ<^pek~hfrrFZ6^hHRiUnSb#TDHHS3ci5imL7c8o3(`WijV4tVild6 zJor3XmL7c8TeLrUIFs*-uA6^I(x2?#Cms5`$$os%_Mv{HFQt$Cnj#?IvbDB%yP&3! zzDF~?-72g}?H4u0<45Urm$pg&;s|XIE^U(@&g7f1(}kOp_?2RM|Yfe;VJG{ZE{o#3%dD zNoR4tIjz5{`Rsa>zU0B@?nU|~4?cTO+D<-OzOJ{ozB`Fe^9CL08vH;`?#AJ|ehZ>rcLij6Q$V>`3{8-YerAxW8f@_URo~ zUr2AJ=l5@FKGCJVP@VznvV2Xdby|O9 zHp)TDc4_H)sDB|AQM;D=Ri2RLV=yvL>{6T7sT~37-2q>TWoRFIc)R$*i=7|_Zz!6wWpEKw7<}Dkno*x zfVS*g`dbp;QsT4D3HkhL;50!O4fPkK@Qog}efAd|Ozo}Y!6(|$`_2~WeDj;WpvGsF8vP?H zh|i1gxi=*1Z+rPfd$KoT0-r_eqIEjoyXUk_EdO3Pi|lV)s6T5~GT#$7ZlC_F(}{&V z_-tCXd#CeFp7{B~r1brc_`C?8Url`W04iU|gU_L5aY{PhH+2phlEhbd%>- ztUozF!1mlfESFfwgU^=h=Y)I>i~?}iUA}FfG`_OrUb4Rn!}$TkoMb*ZKR~X?$=u({ z9(C0jtkb8(&eVS&!YZTo!J&Uo1T|Y7Yq6|%Iu4J0p#wvb=CN>9-KeWe>4Aj z%D2UA-XPz%S)bFhC16z90L7o_}Q+J8(hHsrS-V zN%a?ZG2PEMhTr$IZ`Arjy#;b1R|HXi0mpI*aH)M>eh=7NohMqC()+Bv^2DuAXnFc; zTHZ*{rPjy9$qw}l$UB!WeKp_8C{nRm_K&AkQh++s$#4YnJG6 z>+vhp@rCMNh(5RLaQiqNZrU5xA%7ZOJUhyV?>EjlP4jj6O~+R{SL+X4kZF8hKgS#` zrztY&A2hjhxrSJ4Agvmxqoimo3@W{-b~HsT^-jS_=0Xz z6_UwkuGd+%syNDr@jERBXgB6d(3hbfzws%)zlZbAUodhTuGEKV7^*+$N4I^ zlh5P;pUDk7Q_%E>b#Om+@LgV%59Qy|a-9S4{nheYwoiYbeBH~Dy48G!9w~uejADYj(E6%sepE}%683$!CDCFay%-fN@61A7=k-Q-9!soU~!i^e7+7=LOyJlqG<#VmtZv@?CYj zJtCgIkKuk;nOr`DOC3yqQ*$1U-QQ3?zc5eh58sC^xqbWeSGbt@jQiUlaC5k+Ka0V@ zSnmkmKK1_Nj*w5j`|!N2`M`VGhk4~PeXR#v z6$JacnmX77b#gQFFRi*G+5U1i=;NSg#Jg@$JRIqD8}E0lm>;V2&SXA}Yr?n)@Og{ld`Pz+@6_S$K{{VsIDlnGL;iKhjAzvMN!m_PTMFN! zj*sM;l~eoSAvM&p{Il-Td^*<%dLq(Jj(>_if1J9`RU4d#%6JbgFdoYOpbO3O(M9#o zk>jD<54#A9JeH%ViI4c zC3M6QA)hn9n)LS>@etEx^nj)G7m)tQi(8Y2rHmdk=G+OTY6!|P<0o1}$I$4JiR0TG zqoo=IGiLOK!^d`~(It9_iLpy79*hD>BT&vbQ;wuLzN9OSy1@vPPI3gzMPtUEn;E+@ za?H5#yb=yi$@FhUzWI9XfA*sCr6Kf-@2AYzna0n~$rE_~@b1?7%jF#*<+uiEi#CUU z@RO^Sf@RY=M2pLwjfW$DR_+@G2S{tsBM_^t)g592VLUycxd;SpQS z@3FLDy}14H^HJN?q`xmh{aFi=`Q-fdQNF90&zyfGZGI2Dx3QOY7Jl2#A~$wbLJWCv z@){Z+UCTAvPrvwz^xnLNsG#=;HRuO>*)Tb@XW9Prv$UVcd&1{jTBm+(Xq&?M<+^)u zJ5g2|KfZ+e!C_x1aURGG^NzGAeYbkQ^=db2zlpRDIrnM(!EPYYK2*ZjZMF}govPbF z-CmT|PPCNXFUj^S*d5aUxu`ehw)$d4=%zG1<`~t!+h&RiMEy#>pSJ%Z<6>t&keol{d+R74 zzGL9_()E+f@e5tG=y%ZJbot6f?Nizx(%0hcUyQ#%&0or^nfZB+ru^Z(m?!%4_}(Ce zufO7>YvBk!Ov%5qZ+6ul&>zyV-)>~*zfwQFi%54DkiR|oKAai-dFUbfHru(i8h08S zDXIsbwhHgkgU=s2e6+kZw}^}dJ+yHOSn^IH`(ew94< z?PutE$b;X0me$FG-==+~2Y=ubFZm4rB3dV(=D-a(;F#sDllVUwsbg>&U8NQZsUB2A zg#BCl9!B~)lk{~5jfWtA)p=B=Qhy)kP8$C}UY7gb`&6%>ZPE{HMdjgpR1czU(ziXD zqNVYb_WZ`mKR#67r>q6EKlwBVZpafSoqIqM|K`hd3|{#aYC+cHqW4+cr^L!)A^n;r zbUk@g4m@A1ytqLKYdH01d7)VOL8B=xf1&qa&Y6nUDPrsmJ@aAa#L+L$Rl>byJx@CC^_b%~ZS;`Fu5pSfPP;f+i`+tv* zuRB(JJzM@mJ2p-1zgS)<@4A%cmy{_f`@z%@TaRz`nl_^`h~fB5uQ{!g$N0>kelsEc zBfT`AzZZ?)BtP5M>u$YfG+wTm*hHs^UcWkN!XNYw`SrNrB1!*e?4kL+diuVY#vhza zeB?3y)$dDu>)KmOJVees^B?MK$b zqxrYyE80G+Q#uIgrTu#&$lhsL`j(C9`sMgET9$s7&2*nUoAL)OOD~_hCAr)BBW9P|!(&5aMtNz#9J`o6MqZMMzt*`0;-;P;NEb@Jf%y3#s%@LNZ9 z7Se;?JBGHC2fs_p(x*9aL%x3avgQ)A z@!wEi=U?k|%`cxbqxavpyHom8d1L>V#ygV7cu4E3wnBQ?gZP@BiOBEhcti67zzsPe zZ%|_WxfN@`Sw2HWVe*65`<2EYl0Tug)^AYWR!9$icLO~almB1we?7AC?n(OJ)Kcr; z+qi9hv6=KszNjhl({ex_{NfMVPX2$ze?gsJ68qP0TB1|VyH(qd9N$)hg3#`9Ql7R~ z|JL1v^y}&V8MR+IJ}<03)yQY;S z>A&(A~n~E%wM7FZ*qKGH2=<)^&c7!XV;>4 zjO5Rx`hzCX|C1=OWPQLbq<4Je&GB-wYg%;w=6xwXy54}|l0MCW8}gI8e@^5-aGj39 z-K6bb^N05HH|fjTI~*@^&`)ummShjn@qS~DiErQa>iGJTx5U@0;>Y&iRzBE=^uN{k zzah-;*GT4<_8c95YVRMO-zL513=Y?&p0A;5X|((=KQP?x(>U}|hlJ~LfAEUe<5q`znvN zNssR!dUU+>_#R?F`%0hYzzsQOX6}k4{;wD77~Brq=J#6C`N@OdeYcB{9{fQI;vo6d(lpSJnr!SB&F=`;Ma?2}J(;D%h$wbhqN{P%yYW3W1Io1X?x(T*X%y^{1#9{P9x zqURCv;P+^o^xzM+bf$6KoiqGG7Hra|IB-K=;~zC3iT{iZ9Kqq+=J$J&zQ{xW7QOqH zKEr7P9KUD_r+_&wSteMbMZ?2}J(;D)?z-oQlrFP^VsaAxW9GtGX2y}JnM!7tvX zbCUmHsU{A9?Wm#4bJf z-6q6K9{kojls@Fa@6oZ+gJ0}J?9!(=a6?WX{oULo`;q-Wr1QC7N}B%NA~;Nvh?7W{XL}5@YAwK9{fHnOP}Vz4LP^_inEgVZMGk4b`|#1nCyo<_#M){^x*dz z5g+*sKP|iD!SBK?fgAGGR_-B5{IY+GbPo4xNz=c7BAt&s_+|eU>A`Q& zvh?7W{aK_3zeCH?gWsiP>C+szA#b|z)n}6U???UNf-)6V8o%gB=OPb&>wV%S4}SMh z;vo-ykG4q<{@^f5Kl0%BXkY2m9JnF>oO10>N&HuE`RQG~ZGQI@;v)}!_j6h&4}QBh z>6<+G#TUdz9{dg+D?RuF+E@BC2X4qw)Anee#4r1QNauFmHox;HwGWcd@V`O)A`Q)vC@OzqkW}MbKr(t@#@2uCh_C@piY-<^Vm^Vb#%={;%> zj6NUIkZ|GCcjj%{CcVGEem-=+DHPJb@f1Z%&+FEAh01@x&zoM&T0;6XSHv5@|M1_% zbE5rg(7$!^wbXt*hvL57RYy2)=zKs}%0XJx&LbT)KPzX>6UV{gm|3n`L_ggIykXp% zI^5^+Iu?hg36uZJakouN;=h*ot@r3#BFt~C%#I)ZztN8m9PP?oz1V7+lHh;nEgg>Q zvh-f5|I`ei9IoS$oSX{DUo_uU;S+iM+jMFHumD*1cNcU4HqyK|Jx*_ZlE&W-f{ zd^1`9CVvO$`O~XZJov->Oqd@6`v02u2S4f`*6i?jNiQB5z_x_`C`dj zS4H8h()_wrH|%D$gfdbd{g9r=GEcC-)-%qJ@8O7omcoDepv?Ouht@4xM|oh?Xek0( zPjkq3*j|49Rd2}tU7pdut8@e9-)BHe*YZ}f{$>AB>0m!kJn5=+^p967^tZqWN6fby z;q=;dn-1v%*|7U%>iZw7=DX^+HEjQ9jUxWY_ep{je))Y8>A-)(fGKJn_MleiZ;uD# z;Yk1MZqVUQJDpw@4oHzUheNJ=>Y0zF{j8hssx1NczyIY|;y){2OlmMyg?n!&>)+)6 zocj^Ge7)*m`fIS*Rf|X$= z#eJ)_eu5PK`;N;|r|QoqJZYw@mYk#F<&Sw^hW<@{=#`_}N?05M`D^QY*GvAwyIr*< z;QrT*sr+>4`#5mkd&&C8_i@1g?5#Q;w~4;b;`n)w>u`))g#Ixvly#QA-Uc`zMOqvV z`Pqlf_mTV!m>=`Y6r4u(^JaeL`##S5+3~mD=&CdLN5$=@bcqhfICb#Px%SRamudeSK5-QZ!mHB1 z$$xao(JLi?N7g_1Yy2(mS)u-eEcr1%tEvC$;>YzN{hk>2RfFjFDNuiIO#IFZ;rF4u zHQDL^V6Jaq9$8Li@hjU2>X|tIg+}=H+E4cu@18F8Uux+8@ssHLA18+P<9v`E|NmP5 zru~Rr%72pl6Ak_~#P3J=tq=eI!QYV+w3y|qvo@*u?UBx?|IGZE?El?-@fOz~f)su^ zuY`2{IfAtL={i2_sy%`VT_1s+w7yA)BmY9b9Nks|$HD$`=6(LF)c-QpKkWaXFR1)*4m0V9)SFd>$v;W-+D>@70i$EYj^EI<^Ox3 z{+*Bi9shglHK#R9m-A`-;EGd+Ye*l+oOfFOF8NnM|6Kps?>Vxc_d|Z`lYhtm6PGjA z+&DkRw;~++4T9RfT(>ChLDN^=p-`zxt;xVgKXjcW^`A zSN8lM$aeQip{=Vk=8^U4dlll3@`&HLB zEF6#`kv@>0EZp_&=>6B_`p@CJ=FoS0Lw+kr=9m4VrGx&D_`p@`L3{l?qE_gy8@HbX zgLHbre!eooaa}mhl;-pM3DY|^OL~5H+YtY%kUz+hf7pyE>Xdj+#QFc(KOT;lk3BaY zo{Ixgq{;uztB+4h;vdzW?B^| zls}NI?is4`uYZrLjzIn4mIy6>wh;KkRnlT zLQWdENR2NKnBV(ew|~m{tK4rx`|;Lhr~izd7|-vfoq+#9E>9_J62~EY)1)b1Nc}gs*Hu9nUwjVb z-{6#p{eP34{)-puc<`Ky^O*S;_Os`mdVg<$wyUb@|29Vm{ogWV)E`m%FM3<&-%n~& z{=Fx>+d1o!`Q^AI>H2fLAFg)QlKK9q8`{ZP&#+^g>krPyI$f&LKe(~q!NYc%B>9)I z{yTF0zd6~zH!`28C@*}Q%rEDKlMejmdm=>ep1}`0xRUu{Zx#+nk=TyoYmYp4oaA4{ z{CNJlWF|4w_p6JS>iiXC$-j}?ul!5&^#a3uE{6R)&h>4y%OPEGoGC+#&|A8GeD&2y z^`Do>e!TJdV)E~r-}^3E|ML5((n0?>@pGcze40K1|Iav6$K!IiK1zt?1LNVjv7@$L z!F6NH{IC6eB)>WT$xBK19 zveJ>4aeQ;DfA47diTc~=RDZU<$jN-a%lk3e{`)?wBLqLb+hvxY3q4oui2FhV=6Igl zuf$I}ev8A?1dhY@L)SOy7kz%j{p%(wKb^H9zr*oE?~o?H$%*sa#GK%V{zg9Hs$CFX zmHvx3LdaLz%xx?6-=FOV-{(2|dCI>(Z%rLP@&&kJJ4IH^?dSG-dA+osiN^PR6LesKK{jcq?5ntxILJhh4H z59>pI>z8Ey{S1D5-^P6Z(v#~s$fr2}=Um@FIIb)03a}lr;k_%COZ}VQ4=>%B>JLAK z_pgBYaYc|r=tR-`S5@B+cj9%S7e?aRtZBKK>yaDp=elPqj z`B$+0;Q8e&%D>k7kl*_?S^sk0Q0ZVl^Em&SK33@; zN5FojP9mG%kR!Uj=&DW5hGhP(9rTglAHw$UUmt(}JO2(H59|bX+-G?_+|tpd{uk~M z-_$rSzpb=?tL+rE0r#&*mQeXm`hVkHSA|;}llk8`R>ueaFK6lf!Kt?jaU0%Ca=RAv zS7Wx`-#b&6w@4QpXUbv@KsvlJbMd#)@*nrF1(#C!*+*8gvctP`fcj_enDa6=Bd@|A^>zwAC856b`9{iywCP(daZ@AqW= z_uvyE|E87yExBApKCR0!?`Zjt>mS|d?~^6}T;|Wbf28&Y@7H|MW0}4#=a208PkmSK z4^Akc?_2S3@b6Ybm)qIee@BiG>9lU}ZO=vR$Km#$>sHhK{D(q;?{`~&CiC|(^gsAc z=KQt{=t`dL>u|yKPo#fszAl7U_2j;SWA#~1+jY9CfAT7g{hOl}TW=)$`6DO8A7shj zi|Y^G$hiF<`l+kpwXV{7DC849it_&!eZ5E*-n^B-bwl>pWpsH||K-eo%Pv%Z{xjtF z{>o1Oht}8j5UiLHJ9iyCKVGV@%i^ui;Cd(N@~S9y)YdCD2f>bp&hu3NlXYzW6S@8W z zlN~>vf34Bl9vD-gUkdE1kT;n9`oM+bOj*JKHp|i*&rto(v0sDL+WwCw`?o#~^KXzP ze_H;vo^#bHa9zcGLiZ(P|w+>FcZ^AtBMK~Zu;<~Z9_2S{D zNc|VG{!#xQdJf&c{-!=~tbZ#fJN|=ax+-e4C*VB&asTD_qvg7`EaUc4gj+ZuMVkC0o*cC*iGTiO zRDX6N^`G2i{mbvtNC*1|zw1{rtx5W#kF0sLP5Lw!@CL|N-@hw1 zeyuCT*@jsa-2B7@UPu9QuE{$~1|CDE3wH^dcCFO=yM6Wjw^$vW z{%6|HtaE?so@76-Q2oKm$<6QwS@NIE<)O*n2<^IDe*=Fr4#)d1D;-^JF}LR(J?}Vq z|E(~_9}Vk9_ussb-z&&Y|4q=&+)v*xfb%Nf7epidoPu(&6Nmd8j_bm4rYzwAo8>ES zu8g(+;QsqgLu!932>BiU4iL(HNYj2$PY^$q#ZKMgIajS)=jm|R$t$dX@5AiwzqoEh z-sSUicb4{3W|aTx`$cVPWbDVPnVtU8e(o)f-+vGCG{3t!eqGnXt~k69U?~#m1DR8E z=-<)$o6GIbC$6C~zecG4AWQ!GZ)wh;Q#}7ZR>1XY4hQFAu5Vj2^!1whH7}!x10ZjH z_Eyz@W-jX=$OZ^V;y=&@O!S4 z7u7%N4_B|FJ%$uy?8m8<9sgVWJcaTE=V^}moALf4=N4D(;&M2y3&)w#G0e8cfAq4f1&*(SH3^09qQlPIXnI1 zdDgiho`1c^TzzJ~F6h5}kq);8mZ|Mk@e3TNV-vIY`bf1uuQAHc?_Z+)J0m}||6Q`< zPb)ub|E4+Zf${s=k+Ybe=Tm@Q8E-3L;EVl+ocoZ}e_-&pzgD&%7KnFw+^bbPng3nt z{~%p|K2z}$S1mc8>-#JR3tX2l!ZYuGd0ag9Pm?CUH)Zrv$-mCv_wS(mySYY&KlmT> zqx?zZMtCtVK(=Xkf~r4kW`4AP{zm1GSB9q~THZBT|3iy(gwX#R{657j|L^;+t9C>< z?0kFMKP`Q_Og8xRqfPq##REEi)c+UB`tt`h#b~sD)=B0cZSeQx`WQI*bi(|80{G4E zCsbws9XUcitvL1R``1OwAGCk&^Z`9z3@ga+TXnPJH~Tq&AMFzMsquP(i~Pd<_beQc zB1`ze3D;5nzzwnSn=82e?Vr|E|NkRD!yjbH{|T4>-hpK?g7IIvY8}tHJ$P%au!wNKiZ#vT1U^*zZYcqtv#~iZ^`c?tfBGy z6zUZ|x1U>l{yW&-5MG1}OOd!f$XCYf-&XRM8s*Q;CsF-jM1dH__st-Mf7sdjM9@F( zQ&y*V{RiQJkuK=3XdCsV6#PuN3I4J3+uM?VqQSp#AIj)why322$@)*@cmI$0m+zi) zfaG@#{<}}5=idmw!*-j;ih)ey5B|seNT1Go{71F_lo|O~)*rk-L;YKOZJ+*4JAwVU zDfY9y^#|mW$;;lnRqB5(^P~UvrF8$Yt_|xCK??r_jtKT|)(4=c>h8bYfFrJR(Z+s~ z-(!BvZ`|!=y8n(U5EHom;MGsozsbM*OjpJ1Iq~x6E`I*~j-&3^h0%ZP`Im`*?@${~qh$WcMLI(8-;8!zZqLE#rW)ahxw695yYT*D ziH9TO(zLJF#vJ3+$WbGQizxL*G%6V?8BC?oE&J!TyJc>2j3H!E##TF_!U7F9> zE2MEd^A6^{LV@c>`Sj$M!)r?ZHTSw|C-e`n-=X%M?+e7nmvz4NQ}{O?mJ{Qz&(DE= zZ(R?-nNdFr8c$b2IDgKrly~~lJO@39pL|76TE9JCSUqVTq~o{ltz`0#cbcu2{DHyW zm-xjGA-`)S>%Y4AofAmk#0-A_M4GpW!b}Idhy3=}ea6W4W%K>+3VJ^A&Y|{A9-n46 zOXipJPDSk}ZG6<-xW7IYw=3x1IfwL59{esXdkOPQfgAGI;kEur;{TlZt#dJYbJ8V*%5 z=ZSbY^oM!B{4<8b@{eBpT9Cwl74dr!etZA_Ex&zI zdts3WzeCIJ;al?~-Edh)u79&jO{(9N+~=ww)Nk5+Mdklxq5X&hlKJJlS<(D^CD+63 z`nsINc{1a6jC$B+iyk9roTm7W=B2u;t(rGc&U+frx;wuu4$sIEUV`j?%}%p(BlVk7 z?%$R_k5h_yDwrQv1o^}Zu8z?dPdW+johx)cfZmq#dq(ed9o~a^@Lm}0JP7B_8Bxwl zkWcLLQr{?lIrDcvjR~2*^gykDa6?wbAEfZRPi>pOEJGY$=+CQ=4_* zvi={tAkJS=v}5{D<$r$L`cJbTa6{hMt=&yY{CD?{^Ov^RF@EdO6#Z8d|C7(mJSU0& zpdoSo;)AM}-+5uj^gq$a5L1u-eD5ef%Kw!{{;k|WerHLt{yo;e!#pTI(f^^;;KVBI z2J-hae!e5h?{WXylFQ@zuV}er`uDh;DP#b%{D+-`ALT#7!3|lLu^>PExU6ZEzmT8L zKRh$eU)pNN_{EdS`VSu8w*AoO*%Dnj-KwR7+;IP_vMB#LE`J7I66Y^&UA_EPRrfFE z)U@IMTwa9iIQRPtqWlZkerBH-=davBekVo$HrF5OGLLCLuO#glg|Bl+vD!w4dja?44qx=on{#TzJ=Pzx$WBm5h$@UNZ_ejzI3RCe0 zH~4cdn@||#U-$kTwdcVH#OrUx#XH7tJ)6uQu>GT)G3_Ufzl8Gzrzyixnn_J(T#NX-8IDc{b z9piUW_^rqEb=74KlixEqv0A|kkUQ_@jE(ZI;{N>)wu*}7xVr1M5F#$ambG8KaJmeQ|mvCenu6RXfWdlZ-ALw>klppoyn@*0~ zPx0Z^%a8V-H2!iJj3H5PhMd*3_R~@R3bvp7jpvujYUYPsrSYdefARHXuJ8J%M@0GY z{F{4TT>lkERImP#f7AF8Zm3_B1B>O}NBy}u%I~uNn;OqArJZ(+-+D2*{v)_ut_O3N z`L~S2tKy&f(ZIW+{1ch~MWg+yxO4UL+kF4sUVfB2khe^)_h*zJ_peH${iJdS`JI=O z^^f{b4_2_L{}raGGe|ZXje-4NI zt*All`Kv$IpO5c{hAvkfQMrTsK?=Xi>bm88o&37 zwyW*shuuIPc*E%{qWrKQ&nSONyH+nh%AYj;@)Z3ezhLvR^Cw*z<;U~OJ4XI3K6=Oa zZPs%kpD^?M!tK%xI2`3C>dzJc4e9YZp0R52}fO^~J4X_5=MNZQB3w)vJH6n%aLp zcR!w%q<`DA|DM&$?<}ky``Ogx!kv@&-!j@yichFse!rUdC)c^;i6s7dedFa%Wi|7o zU(>(Mzenx$^s`C)n+^R}oLIg3cewrJ-|}1SyADj^Z#pTi|I%L7%Wp5P9{ax_=sh@z z|0}co=cMZ8_o|8i?3Q<~PvReGls}c#%rCfK(7&~xKHdME6y-<#;d`V1Qbq6T)xW=k z{3UGGkp59yzK!x%aQ$bH@&2N;q+fl2(A&xq&W;y%^O zA5;_nfRup978eN0rsgZ*l*_e_Q?( z&2TD{?5FV9xc)0ntzP}RJIIfAAIMH0|JXaqKatD-;rqtvjy#2hmU-k0uX#Y2}{bAYd{Ys+zs6X^H?Z2A&J?@v7X8$Y98!xY;-!0^(n$N`g zZ_nlad)3rT2)Fn>$HywL*m*;!q^k?&KfCWi7atTF)@yN*h59ObX(O=nn`^rBd>*BJ}pRN8DidbnMaKR(zhV_4{$iI2-sQk;%-M;ky z)Ad(z`S0}Pm@~uluNV3U#KsTBiS0{&Qq~XrUHQl9|LntM?`NX_m)QE5s_jg_yXc>_ z|8e?f-TuI{ndt8q>whczY+w2N|CD}F>*ZoU_`_?x!}R;2KV4$;&*kTBU;34-Ys#uW zLSMWYDib{IcPD>!Y?%JFLjTCv_@Vgx?Mr_`zRPE$KimAtNTHwhtgG-D=*l-^5=KSZ1OM2LjOonDB3mp zb^JL@f4R_qW^DaH`Gwn;e*YhSe~-66PoMeCJz@IU|F(#YKZ`HgzVxf5|E&F_-qRkn za%N=ycDcy^+L-*Swln>Szo0*x{>SD2#x8$k9RG}t>;J{uSN`5x|4jaTFQZ+wbnK&H z{o(uXFR}4kdEf0zfATNrXZ?(~|3xvxyxi51@f+8_-4vU@D!$~O(I1GO6iB{Y|G@dH zCW7bsjlWv|RwdzS7r*g*QCR*X<@~Ge@%H~8((j0zo@)_{of`IZo1X7^uT9&3Nf2W(&Z6Ec6Bjs7Juy`huiPTD1BIj4r@&+`XH$LKG< zeEZTL{005l#-HWF2<>BgE{*KpuaNcsGh^>BRsWEF?vpK$eA)i6{mdr+z7%-O_Qg&6 ztOkuD>pz>w`0f4p`9J0VO#W)Q9p}X9=lDO~|FZuY8>5>}(oK8O+hvD@^@sGUnEsSs z@z3Z_{2$YQ;)H89XQKaw%VO>SmH&+XU^~;#a-rR|y&w60$Mxs8#MX~h{X_bl6@RWj zg`ybo{%a%^CT5q3SZN=;Vf}4k`3Iu^gJSy^DzExy^7pdP?{Qow^u*~e6?}|*RU`=7 zUp;!#0b%+F$@sH)kv%`;_}rl;M)}p5>AzI=$8+4p{Kn4q%wzHb8=v*}ny zBGbRc@<{u^@wYw_roU9~=ice4DE-BQ{vQ4DbJ|J&bEN+}ODE}%^P7!+%ANM|n%C9| z)6e@Mo|N+^DgUa!N&o9f&q_+pTP6KvGcBHaPW|_uw|JHp`LcJIe^37YEYIY`_Js6*FXw-8Q?zuR>v`Fq( z2!#H-2jKkMJ1h^H5bt_Rzin0ZnX73NK7X~W(lZ{3L!;+cZ+*k!lZRP6>0X9r&O0Sn zC2JHT(PH%gjtqA%%2iHYu}b6u7c-8yX)mca?o)Gqwb0M=<@^4ObII>c)9>DpnSL*J z{yEPNkKa!azjuW6Pr`xy`uy0$nnRTPWj9sU3iRvqW8n_qjvLa=^11iy{TgWcz3H9_ z%KHV!zp9ioDo-t5WBV_4V`lmnAEVD7&QY$3tyGfev3Y3kvp+pTAwS$wmnZE6l@Vm{6^yauxF(+d`?t!+9!r z!Z9$vr&7s>P+rp=1MO~xUMz(kJnk4c>Re@La;G>-!^$_sJppb&+rz9|`G^l#bBc8* z9&wZg8q!TWXmH)AO!Qy6Z;pxL-TUYCyUUP2fb=ImLVf_!A1ncXfCYIuhF`S?v;c-2 znq&A=3*ZLqy42E3xlcJS>dr?0<}P1en~DBT|FtpvdVfy8x3m@LXqBQrSk_8uApMCq zS}6^bzxN-62T=ZrMeql-KS|{M8r%TNUoC8<3V%>@E z2oK;n+yVSF^s9xuFGhNJ)<8qLY5(!TH9;o&4_jhmB%i4;4|%`fih&UQmC*kH_aykI z?P_3tKIqvBeiFMHIO|wMdk?K_pIr@nzLQe!Fz|Egt_GSo2wyK(Da6-MiF*Ka_yFNG zJP)^SSN-#lK7fXF)1LO!9~tHU8t!+|#{1RMf66>ff6bKqb^Ud7bCE|Q18c<{^lYRw z6hZ!)KXpMP18v&EjdsO@Tf>gHr@*@%^!7z~z#j)$|HOrjl!l96vhi6TEH!G|`^jE^ zbYv#^@BXF4INa*b(jztf>Gr21va9aZ1@Q~fFXLGQ4e6%6qU96yGs%DPJvN4O)SuJuE^4YYkp2XoHKgcY*HkG0 z>G$BLAshV;!fGJ>0iHF`kZ#(mN~Sl+ME@VhLEtdSdA8rx=gikqc`5mi+ztAF9rWYB zI42&kbTi}$efJ)P8<6mm`y!wvXvZ={WTJE-3~p?t#brWafNp}!#pKct(s zw@0rQndn!4*cg70nf~EuZ#2EZu#N`EkMkwQ0f0W`qA&3G0i@qs5B>n#i~fP#XU@w+ zf3G8~{1dGz3?td(ugr~+#VPqKzatv{wEPqL8IYns2mJwHd(r<}(dw%+(Vv(iCAQJh z->XRL52}=)x7LPyL*uMcTs6b8)^=-LU7`Kmsrd#5?PJ~k5LvO6--|ISDo!+9|?{c3ttUt6M!)a^aD^ zQTMqgM%|+hjk@2>i@LMXf7+2puFORL2YXokSB)VEn7IC2hw-m&FWg2Jj)OiKcU`yv z{m@@&ccPw!;`-6@7%TMoh_B&s_^Vs-T;IZr=-+gF1-Ai1#kTFw(C+tqo{9cof{ozq zWZNHo4|jO{GZ*ZIOKkmvF?8vrpJJ&`!qe?xg+gAbZFFl7|N4zwJqdtqyHK7%4d;|smW4Ou}3!pgEf8dcUE;Xa0m3o>j!_t*U%CD zWiS-!?}_v^h#}py?|h=>rcCsY`NBqU4+ztr?tfGC7J^;?=?#{3!~09ORD18&0sVj! zy~{x_U`wm0ex&F}S_uH@cX#ThG|-T4+Pw!)8<&ax2Ugn{{*Jc(TKR8Ff3P3u1(1IC z9pnd~yxlHv14zFQKMm_%w)K-bPWt`*;13}E3B=VvL%L~~pS|$9O!Ut!fr4n$w!&D& zH|qMErvHI^QNE$}{VC@K zMtjEJYkrFjD8Cm8-W5FMmvg^_kIk#F{Kz8{bL4^aFZgc6$D01~$80*J|J>Igzlpi3 zyvowA?#@hqc_It_Ewj+y*5dyT{a!vgcQN`kJ8V9DYv+gc{Y`^}ey;zint=9T65by~ z{y`S{lScmOdvQ9B^lb7!4Gm|by2tS7zKr4h)=I*YuVe8**=w7L70H7m_RZZ7nWN>O znCck}=MQ(g1nuzjTy>Ib+rLro%Xde(OAzl!;9=9mGbDww3P z*FNVNn|f6$bbKT8x{21qjX#h5;Jh?-$avz1eA9hu{ekD}`s<4PS$_-LVg7$6TT9gC zdo#;lzn6vE&jIgwCTZRm%Y16Dv3QmX>u*nyf3Tlzm!NLOaQ?{u2JfE_;+;+mTO#UF z?)#r!rseMm{l)VAu3jD7fA?&zTD!_KG2Qzz)4vw_8K!@=$e(g%zHLU^bckpDdpZ{0 zkqDH(S7R6DdySb)O8zW|vpbB*#r=;5#^=wQ42I0l%~uz(-5YJ`mtr?MuM@opkcU6Y zV}XQEPOC`esUJ2&u-^L^f3DrZz?qo;(*1XG4cq|M=K#+d^ms#Iekg(P8faKQXxBUB z;oJ26m1P}}%GiYKGqqp{%q)`8GZjiRl`MPd2h@*mHn^O_%!ts=P8{?}L>G2QgragTAmvuAI?}C1Bzcl^c{h9UW|C;^;=yw1#EN9X` z_4Q9yYyB^uZsox5NAK@~Z$hu-s-AUhKkAOjOn*;|>$Fbwlnf3XXVamc3tHX(U=&X| zfBKQ&6l~}i zwcoi{cXe!-tFG>I<<(A`KMix?fD8U2#MPIVXAKd*dAWa|^72atT%6(RWy6^({Lwxs z@3+YP#bt7T$K`h^ycg9{A3fxm7{LQp{&^Cg_D9kYmkWN;eKtJXb3v;s1kZb!DSxg< z;df%{$3&?YiNkEaP%H`2pLW^NPgiLDSwG3<+f&-l8}9-AXXGij*w$-rY-ajh-zH4@ zcN9HwzKqu22{C+u&@)B!&Huf^V93`)k9fw-@e=htVX*0+mmlx{y{^B7LMQvL>(KxD zhu2b9eCC)_O*BRNIezxe{&V^p+Gr|HKk1Cq zpOEm>8`_IEepI6AcP4u_gy_$XGa>&ospaTvvd~{}y^Tit&*%6--czivQb&!k=~K=H z;!*xo6wh*rf3K(h43c=X-6da5H}V&JPZ_@*_728xGYZrxyNdollv)0#++ib<{!*bw zExlDzwAQFsJ^LW~L-~EQ!s3H2w!He;q2+{V(XANzC}n^v@PWApP0aZ`>vA3HvqDnQCWBZ9C~m zb~`Qh%oD?te$q|(=c$$T!usQh{ugz@`@`q?>V_s(jzJdsZ>X?5lK#FEZNAAamL4HT zB^Fw|GsWtIu&p-Ax=H6PDICQ7$+lA>b7WsdGH)iMDycGT3 zBbntNr~h@K-+wKtKjWl53?`ZuC}&6ToNq~VtS}hTAGdEiY(Ps*|CY&~ z3D;BBza9M}^rugr+JCF)|D&1d-yiqCYg2B1l}hRVrp*19FL=t|m2oNisX|F7rB|}f z)e$`TX1Jy;MxLbUFP!3;5PW}MtH%$^^3-FZKg!Qczg}0P4e4*ee)euFXXA;VdS_WV zus$;XF3&~r7`7R6(CjF_zTk_+rvATs)(!7y`b(#H#)s`sgO+&zT9Kwds3!fKe+v$^ z<9W$WvHb~}MD@SbPc~ob5Bd6WT@>#~LUH;JzP`uiu>N!Wb3_Bs|7Ctk{@#S@$$xxX zD>pSWD*xR%PI%I`^VFZeOF!!^`6y}GxKh*KQ{?Z7{-3-F{a5!i{qDr-(Lb8w%m>W}oluM}YZVNs5h8mvi~>0c4k|EuozOdS8^ ziga8&l|5te)PLq*!Tx%GTQ1~l%!@WW*IAM;`ZNB=Q%|^6(;vj>ueSj8_nkbog6)4b z>5t2qOdR-%rHAt*%s)PVSX(0e<$NL`W>O)6Z-S-hW;$cNztz!s~-KiGER%@|4?av zh^PFTOt5l`x1U9GES}>%N9d(3PSt3~9-a03SEbDV@crezHF*F3PY#2rAPfD!#p>_V zJKJ(+y<-Az{qEUEsi&mB{pu*5`cV?YQ{IfnbXPwyq^fR>8cjL>M*0{22Kg_|NqxWY z9?vX){ry6la!K$$k-u_mdm?DHd9-IA1z$rvPLc5v!{-UUXl68gP2$CN#BM$F#|2t{ z#HrSb{!~7W`M1w&Dem8Kr)H-A_^YDyFWA${pYP*Lx6AvUd347|``?izHhjGPmK`j3 znQy23$sf~gJM_e3>*nM%t&r~*l>d&qqWxKJX)|G;s2=_6R!8Y!KCj#m#WUrdW&BL~ zSuPKp84aH+2_+;V^=#viy(Ve-kCgh$@!S5np#S{5l>CEg(qI0ZXL5?KpTFfTizl7T ze`1p;oopvJFO~2eDolEO-!C>Um6|Vpc0>m=|1(wS=lG`z`jdD&Cq=(Et$OlbJKN@) zIB%%rWG&891^Y$yCtLgTk<<&eOOB)#*PnHj7w?!!f4i z#sic;Q=S^bQ-6+K?3t(xPyM0%9Z7iVL5(|U{aGvW=l-dJy`Vpnb5rtH)2m1S;q5H_ zL67M8E$C+P$=uRw&-j*pw*N&!FUJw$R0n;rXswoiAo;TXPU!~vS5Zos z|EVVZ*GT(MxiOzdN-h1wGvzjWTfE=I>N({<^;b*3m$c*XT9Od?p#4kFH_Z2U=2IZ= z@8_ZZCPValPgPI;gCCH5rQKt?Z;GC9o`>@P{2Lpdc*=j$3xYr1mZKvHQGZB(({^W% z3b+4!|7xZ6=N(E3eZkY!qd(jH$yVxlY@I{J?pFTJyS84F&ds-3d?4#3NbgADgLaQ; zz59ge_oe^p@HNJ7ScJ#^OFdIP`m3bB2B+nSv~o;Yi!G%?Y3m2N@P6A?-8UwPNyRg z%A~zwIxMev`|sa%>gY`E|HDP7ziUGJKO-~!x%F%qra!Wu&@c05q<>Nj&y-ITJ!iYb z_UFJ}(RA4U7fFJ&XFcjn(DDyN{%n6*EW!Bm^n6wPyiG^V%uIjrK9&;FpRN8jnc}N2by2=l%`*titmr>et`VH%2SnpNI5=h<t1}pOVh*Iw9=S@RFTW;>Awt(3<$}d@jD5!tKA*$*cnne#bh} zk2@(3{>98k?BDk|d2E<|u3tI@=imAv`rTR8qra2T&+m+qjp8~hNBD}G3H21HZC(=M7sgNPnlb7Ed`lHn!>|?`zI0HazL4Ex}ah z3H^F$`d!f&<`+W82zh{M|hwUWu>GO6JPs!Zb%<2#6Ctt5}9$=%D zKlQCpA{L1Kq;h6!`b&lWq@2HW(G6&St_$^cb28K4>3T~c<=<+I(0Sf1B;DAhPYeDq zi!T-5mnD2s!Uux?=nos-zr&Uz>2<`Pde&)j!py&w3H@Auvb-oWaq0y^HXxx<&OrPJib| z-`QEyUlF5!^?)3e2+^-z{CD&Ze*MqsPy9pr7rpyqo~D0fjQ(FhzaOGM_?PtmmHho` z(qC-VN3k64Tioz`P5*MCKM?)NKLg|cqYKp1RaS1^OPS@r^hlc^_5ZceHhgfh?We4- zQsV{hPmT7!Ij`FAs-4w;Muztz=q9CMjVt*3a&mZzq^s85@NB?_|cqS=lrLB)lcc(WkJ}G#%AICl<;aA)6#S)>(!f5zX z!8PuTF3|9~%`KWFEs=nsVc8WNwjmVbEs{J69mJcmVst0Gy?KzyNi zY~3H_{2}(d?a@s6yEjwg^WkwB+BjCg-!nGfXZwopi!Vp;>>}IGtsa2FDFCvtNB*{NjL54($94!+344Mp1m*9 z^y@v&K5%jR8;YE0-PvKy;d=divFJa?pY1@u*E%i#;9t@|ob5~>+fLRI0w{m~hmI)k z5dA;G4T#gvawGi%e|4_a^q0oyf2lM2->UqS{&)-io&1~2_$~Q?Z71XOJHJByzoh9; zK$m>r;`GP$=eZWQ9+ydf+UWfYYigzFcVGQ?^mAWEHvMrof!?Y#{r>mZR}WmA{kz~sIP!64#w&?U|+z`&>ujYepeKS z_RYU7c~Z;Y7y8G_`sey+VEw^tC6T7kPYmsgB)xL6ACdV7wv&QZPv7gAN8%~RM`L(L zBE;8!77M;y8jgh6iwd4ttLd*4`sc{`tG`|XnrG#v_Fs6fS^1N0+Hv~1{x*osKd}9A z-?r^)fzWfsgPwUJUp}X}k3Oh%ZkYZiBLD7R zg8r2Sisz@P#hK|pNg4#|PoIgB?^jmNl8w46Of3A<=3nfBx-?LA$UV`*8 z9@FhUt<4(HUnjo);hd46|I}Ja%U8!?xsp;stLG^>&h%`M*!r>NuUb6kPbh!V&2$g@b!G3mX#WSr z)<1kc8|`O^e)W3w=ug$t4tAWtd^X5@l-tqb^TgvT&htxn^0j`nr9Tin`wOUpG300M z?Qa|!uD=|Ajv0*h^G7`xwk?S-0tXPRd)od0Qa6!hojJk?9STX}C}mcKriLmSfn+6K?K6T@wI z=;!x~V?e*ZIZeO&rlm)kXN>r* z(e#JkzvBBGC77Bk-?dpUNM|<`u|C&AT~SlHn6u=*M;Gn@b9)ZNuj_vRw+}btG2Q(d z9{8cAe~!@4@$=$E(0{zVQT}Ra_2l17>aRb`zBe(S)Vl6*ASh(Y<$JM`aS`R3YKH~S zbq`J`u713~@u*Fj{v|Q`|M&^K@0g}Ps3!eGKk-Zs)Mw+s&s~D&JV}bq0;?wsPx;<0 zc!sCmIFcaU!Q5ld)ATbR_Fvx|g?9eST52zO@9<=Q0ox7Qdr1{9mjvS9>6q>tGR{$r zY&nwt>5qCQNaB85-%0=aSr*TEb{znJ|lkbaqb6$`!~X79TGo4%ROpV9j_wMojpQ@u~KK&8+By#8o-;=6gUvb}+4N5j1a z-_e(~H^B2eUAQ&Wt7XIc2(Mu$h{oH1d9T&*2kiMGWV8|c-B+|X!1FVc2&>_#gW->P z#l#x;1G1Soe}lWttC@*E=P{dtTeHGE?2U0yCjR_0K`(&(B~J!DfE0f{K|g@}c?hc^ z#oyWR2arE?I%o%wzW`x1X#Vv0I?)^a0kWAmfBUYR^*|>6iiJO?mgR51Ec~fY+9?g> zFL<||(m?)#HE;vSU+^*90P^R3)=p_4f8IK{0p!m?+8R>)t#79ifNUnt-@t2+9Gr>2 zE*RfxlbmJw)8`23xU3gVc86c+J?Lh5YWdQrJ)-U=dq%_WhzjrO^GREFF|gQ;hQCGp znVvq+P3Pye>S93CmdV8V`(ncPO*8TL`6e6NIl=O$_t_Mv^!ZQjZm2&WmfZ2jW=4i zdmrKhvY9x4$G!GtzfAmHi~VWZI46erOPAlrJuH2cZ^v#?cS7i=|FkQk{;!=7bsunO z)Lr;g)Lnda)LmWvrXIaAWBq%pgYf4MH%aMr{^9bg^&h;S;rtKp==}`n^Lzb^a+TA4 zKLc%19;z134~D;nI$Q8PQxFySLR(_qQ%e!)6H|)P_6&iKn4U^^iW| z8nEPT^Bd>y?un-*GVymh<}b8K6y0jlT7?o3V+GJ;4i2IKY$c}GvNlL_?rR#0OZeo3grtR zf9^AI1IV9)XAP$OF8}xCcl~!QcFDxwRZVUAd2Ro^{G2tQ2SEPZcR??J{5fmk44Gk zAFMQxzr+)u4?zChsqhDozhDyR1(3gB3futl=i^y};cq*%pHqJSylp1_7SFKd=Ui&X zXNO_PP=G&ccwMgO=0Za};4c6_DYM#l)a zVrR7f>u^3Lo;6%}4%}ELl30oN1Hct@uYw!E`xV@G+Tnaw-MMBq@&50EM&Im^iNC2g z+W6j2w*2%uk^+^!pJ3npQ9rK3_~pu`26*1Tx~i$t!18hMtRZz?{xJ9h`t(73j0gOI zO$}r_FF%2>8hBoQ63-g4nK*wRHy@Yr{QQN&pZoKl^QZ1XUI6mv;aLOu^YN^K{P|DA z4IqEcz2F~^jX(7a(g%<~56>F1nK*yHU2)_2naXd~Y@33+yVcM5cd|LH?0CuPUI*jp zI%+0fsr9(YIUa7n)LWwCsncXU?VJvOz{MaW{Qg+`WE^tlEr&n*4ygUZ-vPBd{vFU#x9xAd{N8(`ZnsSQT}J*c z%Upi@A|ahG&8OXLeWJT+kEpww)HnLa&-ZsaA^Z*L@1`rxM|*Qlx_|!=@9$y%Z8@`; zIDg+t_KorLclrBiJMs735oc}8#9zHpRvz9y zmOuR+B0PU~2KonGe-h1W8TetRXniU{6V9^I_F-_F@Vg>Bpe^dFZa*33S`4eh?o!lm z9bUD-ixc3fYixP};%dldbQx$v`{Q*b!!z-B`=vIVKij^)TmI7JHx=_snzqDGHI;@Z zF>y>%$G0hw^jRqrb$n2KFCGJZsS77kyrRpyL8~Ub>64HSoN2)c_S;Ll#56Xy0+m z;%hSTw|SOL!0#I7FMa+#`Acp&SZR0}{k_8Z`D!yJVgckgcoXyj$dC6E#+v~0<1Fol zb1MGiJbQ#q0LWkBXSe~`4Edt{<0dVYztY5VwIQTGs3BQMmREPyEV_lr~<-Cli??hiU%8;$=;=V<$tjlUxC z;CIL;Ha~3ES5-ak86SS%z4UX8kIw+nViMolem+;+v@g0`-!E7rbw2EVi#-z}IAOSi zv{wB4DEpc7@3rCGy>BrA9UEMYIt%)MMQw?*JE`ETPHH^do_3!DH*nbu)202HTlZo8 z{VRU{`PW|}eeAz`arzLGl)J(5XImY6X1Mlv5%Zk+_@ms8AL*I!{^Tfs?dpI&d@l+v zKtY_-IrV)aabaiWpWRvQf%ZkckM{|<72H~%^?aar5!}5yt4jU;@n|0AP&+I4Ea0*j z(m{LY(M!G$-!IDV+vWFSzyQPZ-3vEb{#c^4v)#|kb55O`hnjQ>%rCBcc*wI)vGq(m z*D29vgz=|-eLvcUcO|@IV`u#>79ZL_UNEI@m_MFhmh*|_pw1XuepP>yzc+sIOitd{ zwj9adTEY7_TE3}ApEJCy+f4B%c&DG$UzSTY23_$e5xa6=;?^*KJ!OCW*oLU^Fg)LW z`FDS>{Jd^fF5C}6{^~cicz?+-lRo)~?>}&iuTt^zo>?y9y^Te_81BZK>sE#Nn!Peo_XZGD%96!->`UR;H}2L(EKX3YOck*$JzSJ^3dY~_o^B=upHlP&cGlwW=h0O z+iP7gS@XwWrLw>3!5`5+<9t?{#1H?Dzx?r@Ns8+u$X}lHfByYZK1RK6!}}*#{ia@$ zKOelg8TbR|5p&0}uRn?PL$$rw`q4vXVtmrCmeSvCYvYe{eRO}w58r9kA1!geNlSIf znJ8Ph6L9-8TB=uf&N1!)?!>b#)tt@N-%*b8pJ}Of9&Ozo+`&^V)q@|{aZnO&XWy3U zxYw=Qui@ZozLx6P`)znP&rxn=%hWi}hdcRX%Lp&pLA|2Kp2^oP*XyI==Y!pc^+l>@ zzPf4a5EIn-$(A4GL;EJ2@2c-da3#TtnVxxayI6e_v~orZUdAbmuS5CoVqS4bXRKlD zoEo=yaJ%K5)8m$*=+oh^`+fZ$@7~f`CE<>nhB3tA{s&yH_kWZ;;Ta#UKl-^X&hKxN z-an*%&di_Q|CEP$Ls!zxwtwsP!6K)7Z8{jv7{mQTYD-6z*xWI7Z)*~64?unt_U1TS zx7`mS$)qgm84(+Htk|O4&-nVbz1Kqz+t*C3?@VUlPtRLuop2?=6%Tmk$&q{g1g+Xn zh~ioQ{)<-~2luFPoZV()bX?tbN2HDQtMtG8h_t_(q!uuj^towFzeB(4&d}}4+9z%P zTz|V_E%FWBKOSt(+`gQEHL>~zhH}Z`ip4e^wj<1W$ukzub#at){9JUllks!W9Z87g z>CA!tj^0*38II|c_C2VdE25O&a z!zV}YtTe0#L+(YWU(X;tz#&&4{Xg)%0?!(LeZba3|9-duG~|o+b+@cvn2EpL@3Ao) zImh@ntltRtgXg0k^sYsI54JI&`PKJXI}f)p@Yuc3@1A&ngImLidcDjAm~R^2#=vy+ zlY0Iyc(jdy5&e-K-sh8WYq-27!sC74#j^(ey(!S^6Y;E}!EyF|Uiobx7=Re^MY~<6 zfe&TkPxtTIBxT(4XZ^hH>%;xL?(4(-yzcA6{k)@`NI&nv9q#9oaEJSO-PcF@dGzfm zJ;k#RpdnwhPd)gTjQ3y9d(Xyj#t%0SdVNoA^aRvTu3ric!1^12)<3;|$#b#Z2f+19 zN%(2t`XyC@4iixIq}8v)!C1Qk*fLD??Le$|0u+t4ZubzZUjmdLZ`}^!YPdlBRac~^ zK@9n#J+Fp3IaB#v{Em&_jIA&a`Wz`t;imZea18iC{qi5dIZ%KVS3-aAk(T|`oIQk| zaX42A!24h6e*l_xeZME&jbuK_c>v)7zwUs{ps)TzNFR`MgiVj(XJBX@&d*Ytp0_4{ z>o#};GVwQYmW`2k!}6!UZ-(pNl^B5N@2$*l65QeMAM;B=|Dd!#zxOiyQD;Z}+n1yL zX`JroAATX~KJ$&Jo9jcFUN-)Qz1RQoO#H2H1%_Ze$MUDgVYO9yeO4*j16}{UF&IYy zIL`9Eg&V;8!jt!7-#j4U+3+sHYT*6b2|R0HeM)SA8?e3ZuO7Pg%DI{NTPWq{TxI#w z_oRi(uUkHN$MGl-!V;c-xz#$#QeInd|C3P)-)F0MAbsYLMKsg4j`aa(To;Cb%n5|!4 z56B3xpcDGL(6}_Y5BR}2)H}h#h>NV7=?hzGsyv|iF=j&IkFUb-w{v9wV{UEizbM7| zfpRaBTf_2+Vl#$zv2WehSE(Bw^$a38Z>aT<-yR=Yyc1Y_6Tx5nrp2oxZZVi*!PgjV z@%~-5{T?Lv|K4Zuj^IZMo>q}O(Eja>6L!$!&*dG47#~OGCoX>*^4YDX`s@|Y;&Uwr zxe}lDXDCO#zpba>&-uWH_ny*kc4<>%l4l%FOG|Hoc-m3k&d4i` zl>c(0^f@E*;08|L-|1sKkqqDlj)wA~{n&0NoU6-ki{xJ_^Jhaff1l>3_)~e+<1gF! zDH}!Z@q0=*{v_TJLV2!=zo3yy&To`DS0#8Aya2E@&$Qpkg^jS!B+cJcGAj1C+g5fB z>nGoDZ^ZiY;MZE}jy1MilfobMlJ*_P*ml-(pT37Hkxz`x=@;^6*FB3fH z`5B)2*^J>&$AAFFH^1p0rc2C6>n^z`te@nsa3c7-tw7b6`H4X2C114bV}3##aq4msOmo%dcRvXHeu%?_cqbsHOJa z)s~+x`&h^qZN0BW8}i5V5!{4rFRX96Tvcz2cf_OFD9=3cJt!e~?$4*3`U?JS-!o6# zcT_HTT5I_r_IU-<>*(@xq3Iom4_0sFWjl@`f&Yoc)rvG@Hflqo(`HQupE#t z+DFFtJLh4~q|EX#4*axY`_k6(S0EmPzxK=%%Y*vaPSW9dDorGOpEWi-@x_9tMgCkt zeB0r!cQt<{lRblRR%2iQGpHTj&qn8(XZ_>W&deY0Z?nEwI{k=e;>71)c&@ket_?{( zI4{HfevXNapBbKcVmd{FpCNn`Um|!~t~?Nb`+NPjhRd%&%I`$H-+G_rr|ze7cBmeI zr^)v{?>$>i%y-L7&pfi63dEzu4;JsgW&3^d9lxiN{5djypghQjB&W*cp;YWQM%I5s z^H)CEGngjweeA0DP-YLM%TMi?nLplNXMK@`$erb662(u^)1G;x+{wrBGM`AiV?tr- zIu^cI@TbJWyMm|HQy$3Qn7h}Q`9b;@OaDIdan!kob5r;8C9BEbXHw5t9!xiN?nCVR z<#jTyAb&*?VPCeB-`jF!IsGu-Ga(WmSiCFYX_d=Ef!HtXySM4zD<*pe!}-rw_k(_3 zSfHkjviP8mEg`lmw5LfEWPLG(PX68aQM@Dg zvRM|Nkbb5}@U-ZreynXUc(m5fk&`8!jIYb?#@OJ^ycB=_PL?k6MLW)4w)5S|w~~F> z%zx(vHs3gZ`GRM7M_F_63L8FLH;QJ|FRw4VD+$A2z+&-XP%rMmLBRY>38M95&Pz=huy8q zFFDyW7@kjf(~T&SA4+9$OsR`hLUk`vdy{-fO@F;{8T}cr3WrGf%w7kaGV8 zdT-_j>tlZz7WdQwBYOTLfIBfS{T<0~fbX1o@sAi+Z1O$jl|@O-U-1;r_#~wLJg)%n ze_w>|e=D^7Q7>up{y^)i6z8ww_wNnmx&oO`C4cez?#N&KUN}eSj^7K%aushyzKCD& z$!c>xEd9%+{Vc-!Ljvm^Og` zf1A6vE{I7oX%%gw0Z4V2?yISk+E+4LP-U&(jz9E*1zzs>mXV1AW4aX>U3maBND?)NAX#Cf|{ znela%)V~s$|J?m1^nX**<>$!#SM1km^L{__H|0IgrrgTX%X|-d*W#0%qy1k=sil{A zmfz(2ES~zz@*6werbGRAn1R@&i|E%YKAxfP?2_z1T(#w?N_ZQZX2rtC=qok+wil#$7NaZ6BWnwS>=wx%h5B-azf6x>8L8$za z)#UH~MV?8@d3Gq1H1>IHM`G`Pi=@40c~GwoWqTyyOC&X(GtBqD(nv1&bSiF^_c5P- zR~jC_aQ%dX_gim|n(B^*md>DA=JLBE)<1L}G!OQ*2l4M~?W;%uk3@&5`qMb1*;QT$889FSGjK@0yvv@rPPX zv%WZbN9JGIFEd@vM+YYkHz@M)6yJxFR*sHD;5qx`o8@wdq))!7hs=lR(*5f@H}=!( z&&sEI2F3Z$%l1S4yDl%azT9h`nZIVg*p$ehBk!ewoZHWQ*3Po&E1B13y>X?TB)+CZ zcz>J??@IUr!E=6|cziaF81m~1_H*ye$op-9)W7%EW6bhxj^g_AM2pP))u|aRzenW# zR@JxdIx~-dN1>eK^JI=h=s(soPb{Zm!5<;|>C5*wmaBND`ghj9^LGr^==wKS%8&2w zJ#hX@a)YH^$8~qh%pdRnu)YZQjAyc3zf2ilOoI?_K;?$#IML1|xzCm-4NwVYgN z`A9r#+bKs9qMTGCi;tHd^^^AbLyv!5^S55gZ@siH58eo#&SEcz#GUH#$MaL!-jlxv zg+Jn{pKB{U6U05mwmXhQ;JJFlQ$OS9YP%Ai7Q;D$IP|Xh>%!$%A@gT?{e*jY`h51J z@W+0ZHqZC(Dd}Zf-}>u+JQKo+t#6IrTflk~UXP)$9%GAR=U?>N3I&LtdoI~;Q~!ol zJZttJ(VzWauOrZY{+M3B8?>_JN4{uRm%kfje8zgib}!B!%a#0LCL3$J)BJfk#mWON z8-Jz32*hE`Iu)F*#FI}gYvs6 zFU6m?hvk5L(T?-S{?Ch@zx==I|3utmPu)6{pz{1piwo{UqdUo{$wJY*b1 z{wCyFJl{{8NG@pR#m#gYpSOEM&0o3j$N96*Mq>Q(Qo8({y{pIHLa87A{n7V_m5+EP zXP#S4{@TaJVWf-WFn)h%D0IIg<5kte>IeB2@6`Mf>+1;z-F!>9eOV&&*TwH*{_~Yw zbs5Kpvd^F8M*FfNo3iCzsZuE?_H)d4zI+#9dqF;mp7Tr)h9|vze@LD%%=k+->PNO; zbFBP|nSt1hPxL)iN4#eCcRcAC6!lY|Ul5$0K3_SRg+HFJO#b-(;LClj%;&7nZ2IgU z3dG}wkE3|@8z0w{`ghT-CM4yt?gt4kc$TXqm(owV$CbZ1RkttPA3*+2`5F3IzXpS; zpvZE-a-+@jm&xDwB{qN7eKL5zr{L;&KKT0-8^XIp&9)ExLeCBbBqkQBET^yhB++)gP%IneaaeXY4_@!d^ z`g!IHy8e|+xAB(C`hrInqx=?dl!CsZO=kXh{;~DN{D8baus%sP+pMdgzODG$=F9Mo zL}>kf6wi8g)QeHPE8%IO+m4taKb=;n>t9ddkNP=R&tLymGZi+`HZy<4H`)ZrAKwR( z(`>zA0{kwR_{_E!O6cHv8UIs@uOay6(oRx8^90ZLFU9v>!84yh^3Yf8uOE4?dAR-b z<^AE4RhS>_m#=!(vF()GE;D~T|C#&^ddf2?Cs*7iIaq65mBp)hHe`wTPW~{8cLm>c zlf@@LvH6z@zFfuw#3uw#%aI4_?LKFfnD?WK>7MZk-!GbIp00mRdrKGF71}Sv=3iKT z)HlgaZLj-9uaf%5{=FG95Zj5_Pj~DWxqmk)??-Af0xrr`t!r8NDcPq(zG&-nDYUWN zEA{zU&$xpv15>1uH z^!4IbeqW~RU*TjMkM(b#`G|38E#2kqW&9v!oouHuAx5A%O zX2%__cziwIh7V+%=?Z=2&s#kCK2q@O9lY1bz9bj>n8N##61VT18h=uL7uIUBS=YZM zlWlrj|I%z0#&V(c1wlt!Lgb6KUSAOA?+R(}5n=7i@D+Uh2zf`8{qxu+kExYVq1QGvE`37lJ-vr*z+}9 z$$tmg2d-|6wx9b3o(Yj$Jj~dXuReFf!8w1yN!YgnNSzCQawp{i^m}{qYOJ$91^xh@ zv*DeJ`^OLKq!O*r4%Wi{*fVf{`e~gY>!|5|`-#72+CRPdRpdLfmeTujcEHX6%Hv0T zcj20RZ9ltz)V&E6GrW)G=2Ez^4}@`QwvD3gO-w2-dxk&K0N&D&v-;@XI zuLM(Hd^EYOu79q)|FQiHaxi}J()ar~T`Yf=>-0W){eBy6U(OW1xIUBlaQ!^rkI1iz zwUev|wS+HM<^lNKn)|r?D{=qN4X8sXKD|%UxeDiw!Oi%zYtJZsUcWzZe>mHh25V7o zf67n2zpMQ$f4X{TLtFEwHQCijm^bA;)~{>J!D5wqfb;70qx$;F&e8g`tS-`$`sD7A zuhtzB_5baJXnj4bLDcO?hAhX%y$77C%WsRk|8ais3-k|O$MpW`r0^FnKb{{_F6nNs z{nOVz;F%QJ|B+tqpY~SaTr_|_k3yfDmc+9UaD)!($M+Y#aBTSfkNw}r3lVVNG=IVV zw*3Bzzgwl92p)-!U*dc-|Hb!uh9d5(re0<17s+4ZeeePxe*vC7K(X-Wh&^UYM{_@w zIB^!)81p#h3$%T|r1|p?s2+cDKA3Kt5Aqk62l+cf)(Iuop@PB0%P&|4egNdp(dVea zT_hPgV(+@S8N+CI4Ig&ZK_E-qTrr?pxiI0+2r+&j|qeqWlio zyItQ*`gzum(Cbd=@=F|8J^te5A!1COd&6@Ln18%nS$=<|pUwv;uaJIvaJzuGey;dx zUU7JQ#`4R54U~0B^XJMri+@%BwwHeLJRGhg*hW9!hJFHAe$Gnp3wMzSl;!x$;MK=# z{tBjh#)tgr^CP{UwNmFZIC9S7|C&Gc>v8_{8I=xz{OL0%JwUwtE@(21UhSsDCAC{Y?Ik z`D6RS^%L>(^T3Y_Ab&|b`+zuq2Vb^#?@avZ^QGJa)BFY9{!psXAyl)hBF-QR|?dg;`ZQn;XVQHM>>2G?f~w(m)r2(t(cjBy8z=gw-Me4;r5Z< zz3psx_qN(90e`+PCE-?c3snEEHoRL=TX_gi{%GHG|Il+X?GL|fuw}>}XXnAXU#$5| zpO2Edf9#9)DgfLy2Xtcpd-5CH&jsLqclAko+;5e>uPgaE`~ker%12xcyw6H~h429G zcXvK(uQc$yf+WIfNZn`kb$gWn{BW=xr@9+(-xna8A>XuL?vQ(RCjQTAnq!g(8r*8^ z{jr`hT+XMV+{5po`aIjP+i!t!e~t8c46C3AVSik$r`+??{_mU__21u%y4%-`y1OHO z_&r(QUtrER#<_4lAe$lIw2MBdyD1a@d95w~>X!bLzR-?R_f zH2(HX{9mJN`8)kA|9Tx!SpU00-}U(ysx@YK0X+XAiDwNw{~~D9Ole?y;I(b0H1PZj zuN~X~-hZIlBR#+j=({-&1J6Ey?V8)6nbN@aA;7Z+o`>Ofgg+pgA>XujsoVeZO#D|( zvMD4UwEXMyKlB=Aw)0C`MfDR?bP;{M?!~A(=gO#i?H*CLw`cS{`alfi!upTnnR_YbcwF zx-%F;!Lx>&a9)&lJ9yS`63W-R3H>4_PBiowVBJ2RHB3Y_ot}rV8csvMr`-YkGz=YT z-AO!aI1KOUNmL3KVKrnkEO**Bl=SPJiGSU{YvUeb%m2^%dEM8C`+42hNBVj6<$DeR zAL#dWKd&L&&+EQE+|TR2KHSgizCPT~>%N}#LHF|-!u`DN>$4g1O?&N%h08PXzwr{A zLbBYJzy8h=*8kT~9%21__KK+c@GGs`3pywbdk?ej#QY9Q!|Wc=6Py>#G}cRfa2Iq? z8a5w}{D-IKjh{Xl@HM%~>_qF~ z#%8&oI+*c;x3MGE$#+cMEAD)U^OA1ts5*ZH|E+0$_rmy$yldMemf@#NaIV-FUh|*Y zn*Sxje~HW=zl!%0|2c9A*&l29r$lJ$^<6S^rYU~Ta5H<09o&49ZH=5QHINBE+TQBRpXBUVPXH(b))Wc zPmH=p9U67N8|yEaZ`>{s#RJ*KeDz1C8+G|Nnd})i_t!i(1MT#gd8zM{-fa(EL^MY5u+-6WLf3D}@egM`>?w1aF-eSU&-ap29#?5(p>P6{j zi&x!j_!1Lp+aD)}dV4_6i!}dZCws<+-xp3g9p(RWPHKO5>GiUnH3FBIZCvYRVq)E&sPIie53jI zrr7x0KfU<`^w)3arS=zl$5)t`asIh~+Lv^*?Vlbke2XXD zj^HcgyE5^u1b^(NX!zX)KQnKLd1ClI1RuA^KkdERUfMp)e?s=xnfrl{3GpxY1joxi z&i||VmX3J;_s$B>kV3sB|HahX*!s04>uh-P(@+>W`f{6oP&v$CsOSD67Vq>OZt#wT zk6WdJaK&DF+==G=ckeOJV5($)%u`EH|0ki*7UPvwn5Q`Z+<)gwxSjU0bR;jZ1zw@4Bi^@nGkm`<_an>UbjV-FYA_>|M44bc(v4~ zL;fc=iSk({x%?5+my;s7ryb?;*jMbqpFC9+=6|ew-}-Vf`m`qsQv3J3lQZ+r{d>No zx37E`=Dez))kPu~Z*R*F%lYQfo()pp>T`)ixKH{yrsE1e-oLUu+r-)t@+Z+!)>u(# zTs>;ch3k*;!~D-#YrpTU8in#7T#&lI!aF51|EJ8e>G;-Cx6bqI(+oRq6EuWr@lFSe z?^(n8u-_)1eTA;YTsI*4>AUdTG23c=sE)TYn&Vx-_x`OAYVHue9_ygQ!{^FLPF zzx+9<|H+(Gbnn#a@tc!&wqj+{ucgy&a={P2~QcIq; z;kkdLNbqrMt;l7$*r(3g_-&Z~A}RldSm)#H5-R`Gs>grTY)gkb{m;w4Qp$g-j0+sk zwhMvKwdrM>j`OIk7fS>mFK6=cpOrQ|<+wt^$N6XdV)-BX>6sfe|CLj1{Iyd4mCr+E zH-^gp^vwKo|DZ1!@%=}wyd{$L4KLdC1JT<8@jY^`#ru{~+0aaM>jYcvOL^GuksTyfZTMUnkEd=vzzG zALW^+`1<_#J_GVUo9k#qF65K#0^bW9NuTcpY%j>?rVl0G3$0vAC4Af>-$mjvZ)xj8 zHUCK||6(csC+-EgcKlfMqk{1ErW z_@V4ypnmcVz4;5CiOG2p%4PKj7SD2~UT|NZ^La<*f0o|Yr@nw2xNQ6SguK-EOS)g3 z5^T`#|0;I=!sD-@{I}+$_rLYZT>g6gLmS`xD#iU_ZfyTsxwMP%{Ttct8%sRz*%W0S zf&8B%(r`H#HXJ_VL&;MxSn_s22Oz_N8;$2I(pw$aa?YNcY z&+`1bVHEF3gz++-VR*?#eIVf}-(m^B-zT1Z5`Ce(#5-jX&-8X!*zzOIf7vt}pZm*? z1^>w!HPZ86=TwjX;~%u?u%0vHWsh1s`6&>O__>XRf}bS%9B&uLiC(ZDCI9<;YSSma zi=-2`7@qjkc4$04Q~e*M^}l9_|K8Q({}maZkx%Bsb18@?|8K}TFXGAn;nI&1PklK$ zhIb?bz85fj5i^e2asKb^^t?Hr#bfz@W5@r!2ScaB{GVGr{x|&OnH-a6+#1PwYOFmY z|F^BO;Ym07-|NRHp8W5oKdfjYdhQqp%1Ykb{ z-!nOQi3(%al>BIOf1)q=Vrl1{PlgG`T3w`FaAWhrcgVaI`6-ZC&K%D?F+An6?q`c< zc*^BbdA|s1+Ht32VsHDiXACvs#ad1D{=Oi#zi;Zf*x%Ps2I+|7^~uaX_b>XAZnDId z56gks?N-;~y^F10aQqM)7{zm3aP6K^d_zfSj-p=zdkQB|K1%oL0{4x{*Y&$lJednXjL`K;(1>;%Xtp<<@w$ogWQfB=~wiSbXv*8{QTCN}2x%rdho!6@1*He2MRQ(oteIWUVfL2op`{GCqCLysU7jhdU(On@W=Pu69UfjEz8#wGB^sg7@s>B2E2k3o0!3cc6x~sVXu8&f1 zYvB4P4{2#Q^f-J!ZHoJT?u8rBUAy}rz59?Jpyw6P-^;NtXf)^p(2#H1cP=<#TqgeS z68;03e{=9XD$IX(U4Y;(_@b_XWhfv|FM{|I0RgT9e(-%)t%nsZ4{#dX ziDU7-{%g1ant%Ph*V$Otz#m9Y-v_O}MSOskhyH$^M1C4BJjcp2Kw28E5V!jc(gQru z9{#uwNo_!U4PwYQ?IU(bs7(C(lWhcNs;y_|p`JqpQsv(tN$Pza{AO1RiV=3}`%tu> zY7R{V3_r|%pJe#HctO+8N%(2F>>BhpRq6Ef=Z3I*HZs@Yo!xd&8s5Gg=~bk|UvgwL z{GO*q-P!nmwD!Q3nfPzhF2_VkF0lHq-}811t^ccdX*g~t>z^Ef@7I7ME=TexPld1=-fIVa_!a5hf%E`d9E8Vt!2b7muLJ1&M1qS^ zp0^`BV0+#F^Jvr89?QgkE42UG1if!H_GLwy|MWh%kF|I-{hOc&fR*_Oi}LXCtbz3- zSp|IsX#F<(fZ*o<$e#y44XoeE?-3rr`tAM*eFmiJ_fK`PFQ{&+e)~ToKftseQT^Ko z`WMy@!vub)_p~p$ZT791_@D8d#Hee_-}0Ys|5E&I2E72*e`gE$1F-%(Tj2(<{wIC` z{Q%bg#IJAzw0!jX4)q7*2}srd|H2Jm{Z~j^1M7bhX=zB+|KE@|AXWc=M|cfl*nZPK z5FGTzsu0*i19A1Fi*Btr0-8Z4D~{;If*L;TA+z&QWU01@WD>mr*D z@6D3zRCv8$P!wG+=*HFyda?C_Dz;uw#nuZ3_ce{I7fi&~3kGo0Q15B48Zc~Ey#F1@ z^&foyzicF8oR&V{$-69b`Rn-~ofa%(c>jYlZKz%rDMoJP`C^pQgJ46$`+9D?XkR8YjjT8|r6F|K)F+`G0XLU%r3;un_vcHN=1U z|CayTgwLSA?MJ9TJpY>e%8G<=^6z6GnF}EQ4)&}DaMP5?1Noou$<{k```=``XMFk! z|I<+Z>VOdcSNw1JFR8TjaQ=_{bKes2asHjv;P;(0|32IzOC#x#7kppU=N(@#>yo z22VaY&&Tz3EXNKqze>DoVkyOY>|ET@mwc&_as*X*H~?-3>2aK`@6hxRzd)#>UGd}i`I*MQ zJLKk=kY3XAt=IX~!5aX}t*8aO^*JehyBN^>e}YvQ|6hUqH-LM;hPyZRY4z)3pxb}Y zo*a+&^GmuIxb%Jae~R~=0dNC~F2MITxRaOT91=j^-QbV@-Mz4jfe!tx+rJ3u1M+)` zKb~E{sd-rc{0ZKlukK=C#5owh!tGs&`&9rRy%-&Th#0o9C>PpaEo^XHCizr8ZlfmU ze0M9KIw|?oxEcC`{W$Ir&Y`9WHXct?Rm=|u9HbVyPv3N+ zpq<1I`r|%n!0V8&PG4Pw_<$>}hJ1HUk1s8E+x}86w2Mx;{G?3s`Q|7a*LlmzN6(|z z3B6x8MSaox+1&ruG@$pB_@AQw;LHIHdVigZ`7-qrT4I3SPonqJCBB9~VDf0|c7H&8 zz?lQ!MtpB$O#{E|1h;-)$BU*0y}v}|VSftl)X|{#lj!h1)_`mH@JiHQ%=aW~)H3k< ztyVr-M%pww&-yF)8`xGf2GdjUrDDG@eV6yb{ZFBMe@NVg0R0QpM>3zRuB$LHkb1<{ z^OD-ku~z#2F!??zXm!FU&paj$jrKD<=Y`)BizEWqWfRYSCf@&)Ncc;Z+4LEn{5>q+ zYlttC@YyW-(=Oh;>T4|@XNpaq_XiwTfcMko>GjFZ^_k_v^~sdaYfEi9@%x?P-{A{{ zz=h51_?zpN3k5$<=CjF{Bl!5eNR(&%UL?xxqR%`NliztLH%V?At6VUB#s1>-+P8-F zr&!jnj)Z*NR_Xhb+#4!PjJW<(S3a!=SUK>$r9kq}CZD)G9SQ&H`<{7n2vygs@n)$BjMczI&a=sdSDtUrB4K96led$uS? zLZK}loLN3x|IPY!%p*2s^2G$^JRHSSfA+aIil^K&%bNh%CLM~c|Vxc6#BEJK$Tb7^7U`ZET8g(l_BL*Sm~LR zS-z5uYVlGOPdQw5W>kM1iO_YVgnu&nez1q&)ntn=mhk%tp6`v6Pok@&-`UO=lu7t( z7UjZp58vhGDPj3c75&-cZH#>;VZL&mO+UCfvwV2}5aknJ_eVOC&wA!D5IQNJJEc7# zzKKLwG~b4IC!F8DQkKZ&h3A2Y$G!}W}RC7&ju*wpV6A3W+PEuZy| z+jKa;bk2O#slBnkY^#+|(#tHLUO0C^8_FlXUdDLh#~JOJM|W>qj+9Tc*gR2viBM0% z2l9Qjf#83wDdi>jhJqhE(=$)*2{!#kg0B*MaH7RG$rFz()>Ofd75ms8H4|a|QS$x$ z!y5X1CMPxjriNyg57(blK9_ys*_1b8fEF@m{_I(o;Hf8#ev0CYCC-l0J}U`dD)`Rh zYCWbH8=Y zT7S=arfTon72aLDs;jH2tFNr%+7ZV~y_L`Mu>bd!-$DBses82)`CabP^!58Bf$~|d ztXnhF??TR-SM`RRKU;F2ONaYAE|>ki8|s>Y&pCcD&grMFCP*W3D>>wPfB%2N+F>hB7a&)-#|?XkKY z*;vLbSsyyz&hCCxuKaP!()>ZnKk_}tk7l}j1LbeYDO1BPRDnx6{d#e(et3U>=tJ1g z%Z1hZr{aqI`r-a5>SrgdU-rW+$0q%~p6-zJVS}uOyBGhxd=P18W$1~(FRQ>_lj;Oa- z`R!IY{jk24Dxc-by3{M(ieXFa{%h|6mrkXAe_-7AxPRrWznJUY@2#f^(&hSFr2K!? z`FC4df8+a2Y5Rgpwl1HjB_s-OQZ(FXw2>{yg&T08PKRQHL}=d{&wseNvj1^R{y1FWS@5 z-u^hR4CsmZ<=pU=C|@ou`{{D&;|@#HmD{Ch{aJrnzj(jiM_=WeUwz|17sGpCob|{! zXPcb$iwp7lWj|ulw3WpI^wZ%RSdVDi%3?_w=n`FUAGqT&7ap_#4OBwE5}ve%JaGKW8owoIfcv5RCddzHkMig4 zmq@P5ub-i+sB(4dx8Kk(w|}nG_uFP-v{C&v?!M3V!gKC9e(*H|o_oUgWKcc!+W*bay6m?DOBuuSP@-;_*uJ@DREQ%( z?NwICx%ZB2n)?1i;oFmKz>K+=Z=ZnqcYm~{!<(Fb3SG2nJLLHvtCXLek5aZ-^K@vv zT%Rn`fb6*-p7J>_&G~9ngT2_#XV3Y_o(sZrPB@>y{@K^x9WMxNddVs7elbY-?pMOL zZ78-T&TV!>uKldm_oKSM0hz&gKUVjLN0s^YbJX=NA?jyK?}uma*TtIuOf4txJD&1? z)%l9JfyFYll+R&uDy_y0b$KI(tC@@s$W__QBK8PhA$de`?49ffvc+(q}} zd1gSaevIm8+Z$!QrqJ;H&iLm1`dLuu(xZNE(0RY)BUgUS&Sb}p8qKUz{jmJh+nl+f zjT%iIYhBO&H)e#6qsT8&KHtOP{8*{-4=QoLJpR^|r%d@vHDA7;TCV)8dt;rZ%S1o^ zjL=Gy>G;&5x@LYpnNVTF`McSs(V_q+VL*VueZ z?0;-!{U)?N{~dSVpdQAmU71Urd~cQiqKiu>QogVJsa+l4%yaT($`8~Xr0(kLXMHdF zDOdd%UBBr24ek#E>Q>Lsn~4=R27edbtbWXr(8^`?GdoW68Nb!XX?~H7jZaEE;>w@3 ztC6Z7t_OK4pIrx`-m>-Lt9-Uz%9W2>jlDK0edaz>?EcI-s-Ggge?8@6ek^Bx-kX$P zKb)UmrRnWFA+$cP*wu@&&DFY|MZTv2&)*SRANjuWPo0$J2g=_xC(U;h=1(3>^CRP~ z&TpsrvGQ-2oaQIWr=I98-D>PAv7bTrIQb&ApLi4^9EL%SUjF3#`l)-2Q#kd*c?>`E z{q4Sb9!pr{`V-pEj;lkPL!$g5&F^;Y$2d+dR(>+u$&+8A{HI=Ye6x#7zqj&7s~*hz zu08t7e>B4{Q~scgTiWNMn{xZ-GVPy-zJ>mI+nV)@;MV;5;ra#jvp5QE4lKWBXFj;g z@%;){e(K?jiOTQl?z7axYRW6$(}afHotCG5mc(g(smh

      3Az$|4h9#neODn^^RYz z@{Wu90O?70o|>zlQq|9ya(^F&@84|JexNG9e&k$OxmIaQ=S&kC|5lGOYLzpowK3;P*V z*VMVr=_k6)>8GB?qg&?}V`}3sQvPAuE}})wo|Rp_Z-M9i6luUnU5{Wnsh{n1zXAE! z{%Nn)NoZa2_jGJ@1zL|fp26dpy_VF)Iw#IijQ`fg1i*>?!N$J%=;Ssy|FKQ=KKkI4 zHpT!fmqs`HEjxOI?4RZLTR6We=f`^UYxd8@dX8)@jYwDa&ouzgSN;mMpHSyTm2Dc{ z99l2=g&OcbJ%{#ReeUc+E!P}%U%maE)cImFb$w^jb9kP^^B2FLoZOzjeerySRhr%p z+;^ehTUNH=yr{4IG7a#~clFNasY>N%-Zx4cH)n7 z^Ie*a;rvy+(Y3om4cJrV>->n!c`YE0j+7MsopZytVx0?&9-%s$S<<}4A=c%82w0*IDH9N!e zM#CqZ9;lxOUvT;Ien#h;VGZ%Bfh3zqWnMBhSo>>;qSX|ahl&#$)r+$<)?+qL>OY}2G z^~3&o?``n>HMZt_k0APM`uR}p$N$0oUgmQp+nw^MpX)Mw+RyeALmQRpP;YHAd`~kt zNWYs+dFt&byT+wS^YMn3gcrs+{`(adCGZvRuH_OlV~%iFrfe!}U0O+UNn@AcX` zJJIaS3%b6;{Y%tO;Ul3F(e;`ljnGB)9864)m$G)~sr0~>xb)Kt2BM;hviiEzpZ|_K1=;n*P9mn zsuly^$T$Do=_V%-%yW8?d9X&Ne)afC-j5G2t(lLnYKJjUZS42<+FLw;^Wt;gryf5H z@_65tbLQt`fSEfVEbm9gZ(+Z8DZV!WG#iNfL(cozS2x6X74M&$-t8^c9pUDWgYDWI zLAV3*$9#CS1HK;t>~@BR?~ZWbb(}9Q;bC{k0#|*I&cFE`>HJu)SvRY{tB<~Taz6dZ z^O?Q$xlEqJ@Dr=`SJe^vz<%tYeyPPd_`UZ1*+N)8(D&r@{CIJvbos7AL8wb{&30+J zxN}gdeH>Jtg*6qrbHvq-_3}rbcka4sLxWx}YiE-)L&Cd)$Sa z;Z3pGq^TL-*U`b~rbe*OI7de#ArCY_2P^5t|7dCimA9$Zlvpn;zUyYS#-Qw7+ zd$l(yvs`n~e#JGjFj4?w++Kx_@4S_PH-&V#4g0ASFP``2Stt`$$xWRg_4_a_JX!(61 z;tF^^gNHCd)7l6Z{r5pyK-X?AzZhu?%Ftg(`}X#SJWz7D3wPGDdGi9?Z{&VUdKH>c zZh!Fd3edR!B}iMa>Op6(l+UX?FthrbuwvQA`SiCd_1DnpPxe{l_J6$p`j78z1ib$y z@C%;3+Lgz9Zg0GYxVL!~w6vdi-QE_wAIFb@2D10#uQTnR_vi45y^SDyf3ChCFG6|% z@5k|C&;akp0rC=z9OBC3Z9w^e*Y^Kw`s4VS?g#rldArPiasOPQ&YzBb6ZKbG^Zs!B zpliqVwPNUU|H?w;|8MVK$?j9}G~a=fL+cAZcl~vV^1Hr}=5u7ieJ%d#z9xCAW?xGT zIsmqG4bp%zb>AqPo_fAmrSluD7C?U|Yz?p+$%lJmLJ)8BFPB*zaP8)G@t z-!SDTiyYrqdFn63cX@q)@2e;9N5GaY#xGWZ>zBRvRqpdE=coHEMSr}ZUiJL6Kga1$ zx-q%v%KUU4{6&_FC8KGf_5HiePkTWd6J!3F^V8U_Yc0G$^Mq_XOiaonWXuCCTYH(Nt*9xlIHuF zq>qu#7w>11=KGnXXJ*Eq8!>**yK?RL zA3Oi%xH#%e+pj$T2F+^rhs63EjA5<4=yHF^I^}2gy(qhSeT3^o90%>d`6%6gQlb$? z-4$9N=NsoJ|EgykpYt&6ceDFRVwKOX9~u4KhyLi&VfuJHwpTypbDvVN@-;cT)KY( zo}QM+h|ON(b)K8))K>m&s#o&sD1SkQUsw6B-5y#WNG+9{j>Gm@Y=C9XWC!&`fghcaB#6- zu3o=XzGp*?sb1ezeu?s{*LRg)s(h~F`nrzWTlq(Q6j~qc&sYBaOB|p2E>k|8tp3LD zx5KNVzlwWYyhQa^j`^ox6|Dqg;Yaf8kKccx{`!|WeRExa`4;`=(kGw#tNXR`bzRca z2tzw-I?C^;{GJ7AekbLZ@0re*di{|57WBP2>hFxE>2#>4nCWP~{WX0$L)8EGdLgh?kme!Q!*OX}k@eUF)TLp$@gu>XC(oi&|9T)w`hKV09N37w2 z(_~Ml*P+Vylu!8)%BSPBP;=f`?Guizo2$R!djH)@=8tpUAM_t{F==;n`TpQK&0xj! z(E5Vq?sqWXmvtREy43NDHQ<`@u711~j_)b|$4QP)J7c?h>B= zOow{SzE4NJX5Xh9uIbQWJ<@IeU6(WD`HkN{;Q3E)RKosn?nU+aZ;$8KAJg&I&-$1miwUZy2Z-l#mL@9gzonvSpht(AZDlcDu-U9m{{bH7dV zS#R4j{oP&v;Hi9DO+T6J>a#@obSmr6=iCS8cRWVyuX0vs863Y{`3T4#>sIS8e&Vm` zueItUn(x|$%f*=6^mk;}jgI}$Z4tT?`g&x^m)km>3;P0 z?_IvhQI0=U^)h{h^7XsH6&Zc8d~`2Q_N0JYP;7wG& z&>_MFzaw1c6a5>IK5*Y&Zhk5m19{+Hov%qIfCdgY)IC4M6FV5eTn&$I>|g}v==^Ii z8RY>kKE=sLHzOR_bfKezN`wQ4YkJYG2nV)wQLl9SeEMnL`RN9`YYOWstf#C*)#%5Kh0i{Qft2Z$X}Zapz)SoSWWPnebEgOo#ss z@1Nw#Z+EWHz^oR_71*Xk%)BkQ$I{#^P@q==H4?^=^#mc4qep=R{ z9Q~_Iy4#EISFVP=#s?P~-Zx}@r3f<=MJl%w?A44!`>oa5cteYgyzk`|*2ZSU)+WBR z*i2pI${T@>PA@iX_rUwm(63jgHO`SLHow(&bO<^GJ?2X%Z|XvRNU@o8f}=yweo$;a z9;V^-AV0X+Tvw*yp#4*e&G8d8ygtHDDXv~m2th}GFE*#a{zEBWAi2Voxch?Rnm_FyVhMSED!=oLZ0*HyW3aW$ z*H`|wdcWiI-5lk=vN5zi^5-hQ<=Qk~Z!4yk-lr)4u*%>5dRl(I@}F-o+WI)Ju~7M0 zXQ(pD)qTI-qcd~$J6!eK^dr>Q;5yacmrb6{uV3!pr+&FVJ^Oyc+WuO;#V(yf&A zmQ$wu5juY3_c5qH4X$>Us*mn&Bi@*otKW?}{y(_`-j9HOdHK&*STF6CZdSk37KK*M z%j{2nRi9(B^KU)Bbn@hv*w|=}lN~?NbJ%?47rf~B(ONgY9Hji)pKyH24_AI)>RrdX z?pL6%o1^Jy`jsl*R^LZpd1fkqwLa%X$GLoCJGgy%cHw+4)CL`48R_S|5LBsq#;(a(vop znetD~@XM9|+(akObXXsKb^Oe9hO7Mk8U6_6PtfN>_9re?4a{*W)z5fWTrtj1_78kNENSN27t_r?FBWP*_Ic4${!hz8>+`#~e!REx z*XF}lB%gZBo>T39oiY8VyL5crujfYpIKnc+zfSYbIzyE~x5Ia@ z+4t)ySFHORuQ>}GeBY2)@RBP5?Ut^LE9|9ir^TTq{e4(s7yR?{j-Q=hS)%Qc=el@K z+fDpLI%<;i((9+}?gazVN=#a$=qTy9+nY;Jo_P=kLTXJAJW7rYrhwfIr&B zNS$9Y_g$koIOj{9SK#}rMH+g+)1mcIkDl_g@3(YRKHq!iIQedj3v-_%_})9i`QAHe zzV}X=@4b`ed+wz9UOQ>7&ym(*RXd*giq&l}XCHe$-w4$&zt151W1?1t)#o#N%bk8} zX*{~C50G;+%Y^dtvjAt)?BKQ7Q zrTxS3dteuM|AJSz!s(a&0^JL)R|)MOrm24Y)~+2fKEKZ!_i+6w>!(ofW5FY1tZ1P| z*h}YY{R5r6r~I#VT*3FUFYLcBc-!SmexXKqP1l_`&se1VBXs;r zdG>Rycwg0gsrT9g(t7bUorz5xKi2+=dS^Rh`qX=OeNIWrUHhQkHMwf%kQ$X)-u-`k z-(2iB%GmF~)>z-d_W^lDul_at{%_lF)=sI%tetvV@E0@nM?Jot;Zu)iz7X1&VMdQV z&vEq;=sfW*HLB5^oJ0GdyQc2Syyw?+|H8>f4`E^nm#h;uF*W;V<$VD;Z$Eww=feZP z*TwuvUA$)+&9d-Tyw@V-G$d|wdgzmp61c4>=m@w7EhL0;y^<6R*Stiu#_ z6hM9_$OEgk(exl20~--;)9ZzB;4{o;N`4;V3W_{8F7x-m_Y#3mG=A6v-#Y|~5iarL z?nn>lv9rcUc|Bmc%okU{2zN&d0DkBXdOXUvE#v_+0QQ3KjfK6D9uRayINnD|`rvzs zK!nFo(Ra`SVE`}cm2SH;-~BY7e(N6RVt7wD`(1uOTE88SNBD&(Ul;svU}A?wE@&xeDXoZL{CMJFF7*`Ex<_``O{!PS0qz_M*%8vvJ(Ky;^EN5M7D#V?R9i z;h)k4^?g|_b2A2%GS5D8f(yS7{dNrgT*UK!t7Q(9b^*J+<0{zC7q!f|bHV?6ZBu6v z;-664^pkmaq>Jb#g#2?tBRwCcCF%5nU50Q6fR=PZ6g2*|mMI(!_oCX>`_^yh> z6*oVB5Lz$ixr#L4jx~<&f9%GcCCWeRTgT_~RH^d&)pg||-&a1*XXZRdx$=3QC)Xv= zyzIq!Ku_E4aOJ;|gx1G&93{F)^Ia*7;eM=S;aD5bX~}x?{$u`h@2q{%;ko+Xq|evg z<{|o-h1KUfC2R8QpXWPK|6E_9o>_>$JsCQ$&KnkMKr}zi_mqFIKBsg47VD+@I}Vyo zZ z13z3&8^)~toBpn+oc&j7I$Lr^Xh5LuwQaYGbM?PT&!>{_i+La8rlMDp?(|EfN!Pu&+v{nr|p=9g$Xw@r5GCz*YJE%kYj z`z*^<{sKNHYWmdwPH(w%XeUEe{?_9)U$uYM%iN_-p6vyXb^q6^N<-=Hf9Zq;x%!`} z`zwz<8-g=ySEm(x==7HD|JyVvurkztb{>ogbbKeYUiRD6Gv`gn_cQ{}2aE1@_ExI= zZ8CcEl|OV*XnoWJ_1t!|@-upVdtI7OJy$)HPG^Ko)tG_&{-~zoq>Q=!SM~kluh~EA zjqcf}ym?2i{)_c|V|hP2X^!_J4tMpQe3W1RT;HPpXX<<@?OBU&mTP|-|CcLgp$1(3 ztSdjybu3c;16^Idyg!yGf7RY;esAS3tK<08f0^K!VV4fS&+IAx^@)xj>wTa4yJxNA`&!PORenp3 zuK~>O*m&9$(SI~Ev>|*y?PJV;d+Q5S8g1dz{Q4iTqm!ZjeeLI|PbQF^_pGA_KgyE$BYTto_Tr zNV%y0p>sk@vp=^4{;kq_A)orZN$1m}t6e|uX@pNEh1N%T>W%kV^7(rQJdu_!({yfq zQTck`9HjikpQri9E58-ji?yE*lz(^TzB63;_h;@eq4Kxnus->FN*V;m=Ieiwe_;M; zbz$}VLh^ZqO){&0&M#2^|MLE)$G=zq6Lxpyq5i7-A1x=_(U$ZdY5?6YkGT7gT>V$* z{WrV^^D564nhW^+`(=LpUvRxkkovFQ$FJql?95BrpJ&%Gzo~L1i63|UjHeNT1&+`A zAb;`PzzM1d%$qnv)LHnn@ z`8PWL2+D84EmMAPb-$c6IQ4#av5r5BAA$Z&&G}l%SNZkN_baIXj?acRWsWyA8`DSc zgX9-zK%)8~zn1cO4jb3!3YDKdx2;I|PgaK3$8))hm0vN}@p=B6r+l6Z=jpj{CCYzH z)A4nj!1}%Wc9#yzL;bCID$Vyboh>;`kNK^A<<-k_?VsbHU3|n*M1I zEGNtH|9Skg%fDIw(=&hn6KXmCS^pELLI$aO{=!Svi2jG_`!SVj|CP{xG`i;ey=22* z)Bhlyr{eP__1|WBXuaeYY5?bpXm7OVl`3y^d_sF3r1Lx+UvZ}KZIutkx#wVKB%_^0Rh zn9m+wSpEH-;G6vV=l6Hm|7@5N+C0N!ot>}%8#vC<@9!AxfbO5}AluwkO{Z2%oc9cW) zdBKcyzt>|2${(I_3zepOVx8|l&o}=s-;a>X*Z1~ip1B!l+UG%!>wNc*nC}LDY~<*; zb~_^o?{~C!csnClbE~8MF71p!&d=gpySQ~%V7&tC8vaoT2R?+lgrDrx4(omG%+T!} z9dC{FfliAxyd2@ct4E-4h%a&EYH>TBS#W+&^b6KXfq_S+^LuVT7jAw=3j$6>xU9!U z@C$lkpeOOYO<1o5n zcj9m3^PcZh59?EM#YN+-+xarlf8A>RbDv<;xu+3?S7AL!){B3HAK*T|#OrAU`wqnY zq!rd*w?jBE=mPX_=i~b+oqAgAzYM<*>$~!sK&b`>9Sp zq+4I?^x=J0Y6M+SpAr`ShV%1)hi+3E2c?C;V$zL40|(*#8GJ#x+8>AY<+mDH>?;igbo@~xi-SPR@8Pvv3UEEvx4&#;@zg&0d%r?_ph=+g zyP$#BATRn4K8HMTsHBhh2C{;;H9Y=>ggH zcxWAjqx`|E2nT*Fclmp7G%|wip#Sh|*c%Qi6qq^AUikZdyUx`|vI^w~cv0_kzpr!L zvV8it>o15D>bi@pvotgHs_mcWbH-T67o1-Y`C*+k+O?y_i!V8Q4tD8i1O+I9*iX`{ zqlKKu>Aj2c@7B?xA=*QT{v$$K0>2Yztf%t#{8}G{$)RsPRP~GWeBkAVntyM^2VUO= z@lhVeKd@=qUfz-ZrU2)I`6v&te2Aliy-;4@6Acdz0u7YTcKOG9;`aiFqkm%B;x0uu zkxL(d_8`B9ysZ97Up#Db2>rLHY>5Kh0i8=gqhEmx%JchMiQ{Qm9*rgpz{c^5%GM0=C8JcQTR`-{-Yfwj!pSRZHq z6l2h|@Pl;vR+;$ctEW`m2Tof%LB^j&_k@-+NY}sWbSW_2-1^n;Uj@HZ*zm129$mg4 zRI1|yuB&F>zsi2Mo$Zh7w%+k$Y|0#G@;wT^ALVJj)$5O$=c6HYMq3F!$8p@4{l0u3 zP3Pz?Y56^sf6O;wDxJNQKW$W6esATE*L5`J+gJJXGVo4T9UJ4&{ z>62fg=@i}J_*{3O{wFPR{9wMTUti@1|L*uqXOQyu{UgmEs{H4FOY=u4KYO0M(-MxP z)pBxtTdDH=eRMx<^_lcPyR-k{`?J9fE><{@-*nc(_`{{sz2=~h{ z{s|!u90NM&5BhS@z>_MUAa6mRlaN2+n`@9iAorVaJnkpwV>}7S{v0W92*2R;zaf2$ zx1!4s4qTvgh_nQ^c0>3XxIc_X`oJ+5f7!lfG-zNp6llk%7vT2+Yj$zziHuxwzi~eI zf5rhWJ@3CD4{YgTz0mb$?|yQ=`nlm)mqJn>9WyRJO4rXZbWlPe4P1FiSMK1-M;cV#i}gbHvHB06 zm9Ku}`Pp9j+$_(@+k#P~Y@WZJ%;|0fr=G0#H5W8+es}zS?5|{buIBUGBi)S;yohkI zzi?r9i-IRy{9r+MBRIH+yPwDZ=#KNIyPMv~SjLM?ui;^7`^>%Hi_8x}I{Z_}^ZqK~ zw_!XXZZZqy1qMLhLYsS0FyKJk&xPi7EX-8=(L>#hV2IM@KF9;v@!3MuhsY=MkUntV zkaT*g#y>f%7rNy~jQSy8{WN~TMNI~bx1Pf;Gp0FCZ(#jM`|z+|Je<_aqPVN-b73zN z1EcG~9?>46+k06^eSST5e{tfkRJ98hKrCsFlB(F6UYk| zc5=Vhn+|#4a2EKDeuw5p1vHF&}9Q#vwe} zjNkVF$^-DKQV;J({bv-7%Dw*&)%m~QpU3a5Dl~^}bmNYswyURYG(O$Kf&$AabB_7= zmeA6?@2R-qye#>&k0!d`hkVxmJ34+LzgQFEd=l3gJmqs9k^J7u-)l-}edL!bfAyn| zpIkfEa)v5@MjiKiIi7M-#?=47`N(%t#`Ig6=8w^IZfucGhohnUIKI>My$Y45Q$~-v zAKd$mC+9yUnfF^RT#fz{lVF@559{WyAFfZZe)gLl+LSqe%Ir>2J#ikejs~2b;md7H zu5&dV%ATj?Z~~)_=UWYF@|Ro{f#Y z<;&CZCCVS8-v?znrOIz#FP#qUWw-Cr>GXOMd6u6(4mJ>M~&721$M+s~>QXnzfB z>c^}9*Xn2IN|#P_3oXfI$nVD`QyicAo38akKJ_=U%B913b?WabJ)e;4Yo1HqtfxLQ z`zz*XJE6T$e*-gizpJKm+_Rzev7P8Nl3A_w%yLrS7rpM}$@gt+d=fdsXS>*r`e`!G zN|viUouUHusXKG^6-#paw{^O{y7$@W?;ABRZLV^55EtgJA36V8F1DX7?Jp~TJG63q zo+z@EG4Ja05YMgllz$eVlQQQYj=Vjz5=^I*@{!{wuekd6mA^^*TknAi%b{KJyM@6Z z*YgA_f7sg4`q;0oR{njOFZW?3%3t}mOWe(%bY ztp}c`8ntu!@Kv7Ysgh57{e7CIqx(O~RetTaj!!+Y-fp`s%@0(5N9_+OKUDdrsl4~| zwU#qn`4?vHKUK;%1|Dy&E5X>`>jz1XkK)H;EAunml6@V7kT!HifdA^bGpuCyIaiFc-rJ#Ye z`#Rb?yO|Lz)^I;S`asj3n%*%;4`?u0<&T0q@Ezo3e$+b>G|&X|(YfWR{vOTM%}fNm z(FBUXc;3J-DB4leKNmD`AZ}<{OAq#CTLkj>F z)P)_rfpEwQc#cNg2G8=W2uq6YyM(7=FRtFmDg% zF`7}x5BT&;#NQUrLsz0az!&{do?npv<)DEVPg401^1u?AUqHBD)Y^jQbVQ&9m9t#9 z*95;8;JF-=ug&1q|W5pen0p7JbY_MkX+~L(}lur zw{S(ur#pC?_uk1JUj#aTZPzb{6q?QrN81=)lkwJVr19y>x~5!#-Y1XM@r^gcwObcj z^PW#U`x?ul{qVbbyf4r`O6P}Gj{OV!N1pdXeu-u<<4z~fbl6XQzERWB`oX)BJMf-~Ec?bKC*5wb!Y)JAU*u3=0>k*IwNJ!F;Ku>^W4G zDxY;$DI-?*tqte4&8@!@?tfVT`#8R?8La#7lBW6VZ}9alA=Y0%t-qjzC3E3@zYm=! z^W5@=-oIlVN3lNEXnl~svx{vmp6Jraj>oxg%iQY9$@=4Sad@t?8(-7eNz?I;b>%Eq z{uwvB^n(Lkzr$Z~i^@lbyLzos`H%Q~sO688pFHf+iFI5xQ~BJV$nwuo{^z$k`CyH! z?}f_GI@AOC;Y*LaP#@<%l<4yp*YC<_V1E0mn*B@Bw)yLi&&RC4<||w|SU%=cw#4yS zA9Xa~Wi2=Ph01@H?-%Gef#ac3sxPKr#0(yB>65>$@-NNE7b}0hmWT3fmCxs3@;&A6 z_)%zmEN5rsSFxT--E%^T@)uM&`B3>?lwW=R@jxfPlk!I;PCnM(+g15lCsGF8sV|?l zF}M9K)$!$f+ZCATr=0zNE&f{lW%pw-|Lk)$>nYLaQuZgTk6L$!HmY}rvq$RvtREbo z-zD{|lrhJj@A`R;|ER~ezjyNFm#X}Fo%b?Ph2`{C{ufucbU5xDuKbrKIX=rdLirm% z46V5Fr z_@(GB7c;2qa&CH70lvakGk$5dySv|dExQ`Qq5?+;O}iSw&S)^X`v>HF0J%5&ExH5#r(Pd@?qVg8r*@2X7r>3!1jQ6~K1TIujLDj#6tSrB^Za2%yjotNaf2;(Jj<7Qor z;Lrh%_B!DA0ZAr)&%Io@fvlh(#`zMT*S#6q)A4$|Ez$>8-Jh0ki-`}3YdRx6V8jkC zJZOUQ1H4#oboXnw%f9*QFFMP`i0*Uu0U3W5;|=&CO^D;q5MwI=$CnBG0*)`eZ82U0 zIKB+v7s&WBdJFU4lZq`mVmuhWiSgzw#TF0u$9Qcadf8ji@&JxM6T}s8{OL7E`T)m| z5&QyAWK)+5h_r9A7ghmM2Er~Z$A(v_2ZPc!&P$5G^$D8J<^X?g1Z zk-ARLl<%$bz8oYXmyWZ2OW^rI@ADj=u)cP9F0>M~D|9>d%6|6(-MPJX(ci^%(CqD1 zs?R;lw_N#$>o}17LCW8fQ>6j4gBQ=e`mEgcJ4eSybM8j}b48u%^E<;1`RiBuZMj&# z4?GiEn)YT1{9C2tPx4t`^QJp_wqNRh^0Ug<^G>P%{>#$xzH!$aO`m$E{ulk|q4kkJN%?O)o90he z{wJ%_{9Bd3C5PqZ@7ZSJKhBr>U3i~Mr%dZtz7LzUE;MJTy#@N6SoX_w&(MrmzgwFB z&Yo*mr19D}Ry~~Qo)5QGe$4X+l+WjjOFO6KJF9&5TsuCeWzV%MRr&0>cDpM7{LJ$g z?drj)p_PaNSI)gv{sMhI;(P|}YO6_3p7lOR<)=hxK879knx5eY%I|qn+D?Wje@hPI z`6}?ly`MCb`dzK{%l>)QKX5NySiAcDN`Jfj?U(OYvVQ+v`{!U^cVA=uvVSI@_4uFO zKNn^y{_&Y-Zo>L}E$-jr{KFf^V!rYYyuX8eN3F24h3(C2mmarIxDs}7Y|TC?``n}Z zgu?H;n`>`L%YV}d&&7>vtiO&?`9tLyHrJL%xiRAr$ zVmkcYm(ui9bkLL)chF-P$LEx%%tLvwZ-+A6cTRdcJlB|aYr=m<17w)En-E{#yAXfy zQ+G25H{RsVn(wX$9nhJ5v(nMJf2UJr$7U*)x~%o?`!zaG`1K}%Z0}X6UhE1*?$%;Z){Qh z{IsmG34lHJgx;}#)2u+oK=uC3RR{+-e{Y^gIB*Q)W&dUfSpoNJhOdGKSWj_``~j&4 z*&pSjEP`QpUbW{nA`BD$)%!O+>}$9^@+XZPQ~NJv6r5!BIl^I$~oW9o{w0kHrf^%BEWMI6Zi#k zE~1a~NaGjkS=e(AA@41(XE8w%{}t`?MZ^buctt*eU(gF|Bk`X_e1Ppgc&VNdT#j&Q ze+KCbcphSmFagg+^j=1OK=t{E&mmlZ`7P0Jh%kYimnh}&mO&oixryHMpaI#RE$@Fs zD2ssY-@q@prF&Z6!#g3pv+#QmCfM!?7jBTZU{4GLa_y%K_QJXq_j0k1oc8<~27tNY z{SH8RkUn|H&0efmxY4pBUA~`EiS9-&z8~cMFMWR{`yEo> z=8F5szN4*=-ytni{`Z_O((eQX%3rAacR0T^LirOi@|DUrtzG(*pQ-$Hb3^MRKUO~9 zdm?|e^7-Bq`5TqrYGr7Bd@km`u35T{L4E_(Gru2Wy1Mm*hRQFIen>8LpBV5>hur%0 zw0^(b4Kno`RIk4VrTOcZ>#wZeTdP7z-S``?u`d6eHZ8PXu1C^7Zk*`&p|0;1YlP;L z()@MG?|!r6doytZ#Jw9P_WJxgC!c&U#?p!M4}I0~DZfei zmHUjga-4@LQvHp;)5-HWw^;eZGxHm5mH*sQC(rt7r~H+fdDQmGA2dHL-$D62*DKWd zQcwAjaaW-3k)Iy>cy9fc>-@8sfjau3(8LdfR?^=kfBnX7T|%ti>$QIQysz1q2X!7G z-stLu^}BM3OW(V3j1^`5&QBbl`t)ol`jozDJ(no|Or2Ncd{n9Ov->H^lz&P+mk#T3 zkn%6kdXKeT3|Id7YeVZ}J^o$!71Nck@*|Z0rP>wC@1$__xY`Npw?gH&q27A9_UN>Y zqsuvus_9p%{QB6X$aJcdzfs+#>VDFEkGFE`cb$G8Yusw+a&XP}b-i8l*Du%KS-;im z%bD-%^1PbpTUWoDy{X>!p!2vOeF&I9*W{$S=i-PM$@{KJ&bbzm22%yLbi>9D@;$)v;j znvzK;(e#^XI@ISnP3u9t9m9h4nM|1$-VfKO+EGi04Hahr~zVc@ii(#L>x-c>V)+ z)bXjQjR!^GlapO|*c#89!0|mCZH6KoxJu^@ykqhF3UohI!_P)I@Px|8g~$(hPU!%C z!TtL<`Jgdqpl+b_)}R5NXAoecrJxDJ8-NDdDebjD{y_7?G=3w51K*$`U_z{7ek!1d!8egXF%`W^9m0InZL@C&$p96gWx0NS(H3FQR_quULp)iM6- zC?CM}a_m976j{y1SlzWV>{1+D)hE3D`Gu?41$sri2LIJEx|&v&LAJtH9J-^+ef z@90vCZpVYhd_!^+&Nl)4S?+nz90_^gmu+zWSPyx`6?}oD{Gaf=48K6;tK@tR?+Ang zy%sxrH-iu#IAw*SgBwbX;1~@LkHL8?zy%CH58=Sw_`b08FJ2YW19sE)WX2&q;HQgS zdf~~453K)M(;tTTz>^w3yd2@cc?WBHmmxi17pTdD{rdR*f(BOO1Foe}hjI!x2WnBT~ipK>04!CN)+1qb&@=f4T^t|aci*i$aubWD1FY1O23_$CkeVLpa& zy8I3Gsq@sr3Luc!s^mpw~*sF1^TCK9{8`nOI{;ag-d@{3-vja>c*^92syU2Id z7b>6c&&0YmMGibP@fx##+yB6$Pdp{)#j`eupMph4UT& zevc-89p_O1{4P!W255lar!jBhfe_$)Y=|(yNKClOcV|5K1u{Py<9vk>vI2g;CWc>d zAo?SjAB~Z>fZwx8-op730KaSFy^Zt$e%~f|2j^n|{LW2)vI=CrSH4FRy^G%hRDbsd zdHDhuu9PQ1m_X)#_>VFH;SmhyXRkRHJK;Q(n1s^^E{j{x?E3H$d^|Kg$0oTvG0f-Oqc`1Zn!1XgT5ak0d z$NeSuektb}r0y4Zo{{x5^7y`0bY?pv*h8K_@Ov39$8n24Iv3%&b=Cfa`{dSsPERk^WJ0G04 z@+{YwrL#lpW4@)z_vSc0?_-=txbMp}e>at{K3~2)9yD<6uKZEAhStaPuzD+hFa5pV zv12U9SN;*7ht}r}!GHr-nf-6frbVIkv7F_~_cP@`TKVxqY576Q&wjrY&B$J#tP8En z^aD#7^NsSUx1q}4qNDY^Q3V$5_We1z^HWv&eW~I9K%Jb7_rIs3W5pF8l;3{%eG%FZ zzZb%DmNgr*$2+0*az2Q5QZmt{@9B3$8fb*!u+dIr-?|aMhPjr8wnX}oYZ~8m?;rNlRJQvBVNTlhNYI_N0UZWi6 zob^&@JzmcW>*987ui46v-f?=aqx_Dqgx1IYf%zRZ#qo{yV}&Zu?`Nkp40xj z&t?DW=dkQ^m#VkgNwk7ub^p=$@O^UopVg};TUj~(D7gUV>onAMF))AsbJ%6Z6yT5j z56{2hchQ(}>7$|b27R6VvwnT$v)vVIxq4^#p7I~i_D=Z{;Du|8|C7ru;wPx{)W6KeaKsri^VW5clZjJE~=4%tY`y}A}ykCs@Z-DdjVJo~(1@QSQ zhF>7hPx5|OJQ?%*z{2y<-{JkIa3bcbfsUJy5#E;yZv_o>gF=1GXZyFcvUv4N(2s$h z0vh1_z26%71DwAP;TLfJ-n40rmx5~M?*sS+oWD=t7jXXGZ;SK*&fh1uU@jft^H+>8 z!9dKxESRR&?&?-Km(l5Pa?zz9+de(%(sVk;P(L!ePvAe9?nyo*2OI)}&3Fj36GXF37NfsbK!F4WN(vVBuAG76s z66pcIuXN@0V#EhzJwVFmFNA)9{ho5=3m->$fh}FME4t4<`}-I9>}&C{E`{Xk3hR;e zA9n<<~ zxp$f#e~7bhr>)JKJD!rJU+wPXlU^tfP4*^ik#2{nzM$?)RF9(W3$Pp#944_Ubh;g5@VW+Mixz1UIRD z1XGLfo@bFc3H5E|qax!0XDMxNM|!}OupbEz;TJ5?_~9d<1)Vf}F8o00c8*RSFEWA) zZ*#PyA=l^({aUFD_h+Jfz>XJd{27Q398sQ*-wEwY(lN78KA`St&_BM*9W-iUk*NIz z1)za1G`;w@A|vS9Pt*Sn=>umhc63y`i4n}N>(;Y^T8Iy9M0%3GS&#gHI@&+^U!lCf zrHF6s{}-eWEO}qktB>@6tI@wnxcLF`fkh2ncyJf=4;=inqrKOmf8Zq2uYd-sc5vb5 ze#8e3Y3gXvfm|J*bp5Np3FQHJ6+=&QZE}tox;h$`J3il}^8;Uu!tYyJbAC&5tQ%i7 z*LZY!ehZFbwAZ>hp>;VA;J7#+;7!Npb205Zc~Ir=A8SQD``?&DI*qoz=qkrAQU0-f zU#r*EmQ$*HzVDjs-EqEpoqisq*hz69BY_eII)en-!D^}_NLsk~-WJwI5ej6+)d@mjwA zOYBRoQ0+?WsFSH#Kd)+s_E8({w_8t(1ryNU4#9W|v|#)&#FhQs@8bI(z^T0v{*J6a z;QJrIc6*{*Uyc1XPar# zy?H&2fc=5++YFZde22RIh%rLx{a z`32}dB>m`Z=mQ95Lm%VOsOR*w`1=Ti>w8raXXIA;``<(Qz_O##zi-`+(8u*P>3^-^ zk&pC&BXIwebduenAK?AFqP}UMBnm&CjKV_hn%J^ou(*6MmSMhcYKDOv`sbdy%l9eM=)~bz(YvWQH!s^9j=u zcWj1kjP@k_xJ64N_&F0^Z+JR>G|RO&i6htU82`)t&QY-EO!$CI_)RaT<-a~DP5(YA zP5*t2qk}g1y}-eZTzUM)s6XJ%O!=BUo-XgM=yq8)aW6)D$))3m933@jX#{`A?LorB zZCe@vuR`_E9kKO-2lCn9^CeEuYgA!9vVU-UQ}cYl=YimS?1uxm{uaY8*m;0!ujY!z zIA0L&pW*lVYcL+U5H!H`wCDote*?JRFdmNhfIJ`YJxTc;&vwK3xpB?<)>F5--)ANx zJ>cE$j!v$`ena47)mKo3@&R9|ygwED>wwjroV>TFu@MaJ;b_TAuI&0-a1qLLU5$OL z#q)?fZML|;*eaNrtLn=Rj+C?AlheRvi4y}(@9kL*|U z#~?po)TORG=61*f!}NJ19*_C}Mh~O7u0Akx+ip6ALO&ow{~-KVeMjX zeg*ix1W^6F{w4AQZbbW&-xq!jd0-Hp*W~+b$+svU@cYRqZ_fR95UN!4?f(JY0K-7% z_OILEelF?Je#>`A(=UrXV?Q3lIsZbsq1vBW2|-{R-0wwSVKaQ61Gp9TDDx3XJ^UVE z*L&0o#xPvgh$A6=2R{~Yj{ixEAKhKx(j3D_~u z{u<`V{WYYyzlJpT*O2D^8q(ZfL)z}IxvZxD;QkthbAJtK?yn)u{WYYyzlJpT*O12T z-0n{y&HXi`eRP#^PIVzW!(LUv`rAl9T=oyQb62 z_kN~1yXNLj@MmRwG z^)5j;K>H2h7tnqa_yx3I|5AhjwBHbZiw>x-Uva+&Euj4-BR~VRUvn7-MgZ+MfL}oS zjo}y2e!a_4K7jTc!Y`oxCh!Yrzy1{{A3*z!;1|$-WB3KMUvCuB2mVv+*IYID%zXBn z{KMIA_<4o(Y{`DjMHmPGwBP7n_yO8)fPsO4_G?1O1GHcNzO9Xb_8ZRJ8t1`nU2VVK z=&g-__8X2tI6(XLkhg&L8(+P(5zv0UaR>)!zwtE)2WY?XJ)i;FuU~=k0M+)3vW5Wd z*B=i*P;I}++XraB3Bm;If1|%c9{}w)z6|*Rv|s-!#0RSF_d4hcp#3KB3uwPS(h|^q zgXOw&KjV?g>0NQVW-y)#>hVTpiRsC=952O$LtNPz7 zo}02~KKq@*@xwpqe|dkQ{gS5rlBWHVru~wp{gP(?OPcmen)XYY_Dg!)xfsu4{+TrG zmo)8{H0_r(?Uyv|mo)8{H0_r(?Uyv|mo)8{H0_r(?Uyv|mo)8{H0_r(?Uyv|mo)8{ zH0_r(?U(ew%6^&Nzsi2+U07>;KKtG82kn3V_$T8B+-rP*_8Y)2p#3KB3uwRom5>K$ zzY+Wb+HV5Cfc6_)h4cX0uRjs}2SEFc5hkGhCX>)#0kq#ZLSF^YeoYnne}MLzAg+M+ z8-&OYp#8@13uwRIXxv``+HVNIfc6{1FQEN;V;~REe!Z(f1GHa%EYb#OzY+Wb+OHXh z@dZHp4d55heq-?iv|sNUqz}-3L-+->-voXE?blq3^a0v$0Kecr#eQ%5;NTnb+3z+7 z7FYxJ5BOuCed`#h?YJg7&_|e9A{V zS?tvX^CinLpMo$!$2~CL@;$=WBOEva_xt2Egnx~2pz$pjCSQQ{s+SQC4BH9eNY5Zl zF!y+*zZ~;pUm<^BIr0mx!2H+7oh;=0l73UrwYpmDjOX*f=+pla`2!;d;P*kF!57FMD8l?(g!%Je18CrCna}$H`d9~j0KGdxKR-er zpFHb5SpEIbcqB5!)!P2Aad|#Vi2g;cEuGK8?^A}GDx9GHpFSnDKJvv3<(hF@ zXkGKGwGmP zw^zaX(7NGnS6kP&|IuZ?8(N>&WSn)&lz;lhG{0Q=SHI@?+{Zge`SH9oAIrJ++D7v= zns1=|Uq1}3&rjU%8m#;e?sEKSo-5C3%0FKB$;6t@5aqA@o6`^X;he7gw{)K~^M!fY zYvuCLc~oyh9c8*rPxFT>e`^_d;YyBk^*BQLeN_+9ZDTAaRQ|VDYI%Ni{c45syJOP=)+|8ID{0XV)6;1_Uwoxm^P_}V`i z@&L!z5&Qyll6k$Jgf6Mn=H#wFkd|>^c>mxDz z0*J#7aqVbXp8ewL_UFE@LO$1 zhu1qZ@xo(U=qe#HhuU*;NxK${yoBh>&i47{t!5RqK5x~aDd;BkKh;VTMzg9 z1{kFNh;ZOx$jkX5G5i9aC*uDET>$od@{tIKUr^*h{$z}IH{tgHk0QMg;R*Z#+GqGP z$^&eih4R2&%`eCgxCYHe^uY|hKW>1cKZb{$({$Yv3+#E*4DYq8OP}=K8F~WjhhgGQ&d|Lu z9?uP5G}8TE@}RxESFv*GcD((?m*xGZ^6sN;2;aXH`}Z~!n$@p|mLF<6fQIcwSK37h z`h8#di*60AFPKuH9Os-;>G<(pV=bddLsRW&W($+sj?6z=nA~>cfzEA53FuTix;4{| zKxjHwfGS7 z0cg{!sl|v}&^|B2^Z#y5Ek67L;Uf{=8{xn^jnLnNj`wY9(R`l*7rsBjfgNzaFp~bB zNFP{*`-7w(_C@}He=yRQ`&$dd2ljxxUl09pE0iBNYWo69dp!^zxZ!xnH$nWCh!2!O zKE`}aRE*yT{D|^-jZnUwkw0)Q;!C*K9r1yU_y1My@2>KONZ39~L_j41A`RC#OgYt%u7c2oS`|AwC1+Dty_g^CSQ-lLY;DI5* zex;;-Q;Puiljvy3%SI>Q=l5KAuoZqk&<5vEMVJrre`{j#^-GWk?fruHUx0mZ9*2Sc zli!{eQ9+;lS+Sh>!h|G0Gx%0<@3&Nd*7@Vej4J~r?oYp;FZ zd#!a&W(2QoarXQCaf}D}8|zB;dfy)U103J2rUhZVR zy1a7z7W1z({)3A6^y69Dc82jiiSO3~6Q`7?Kd#qifcJ<@`O&$I|>!)~n1vm$tj2KA$4pO_OUq`jpHsm*(0hZv1r8-FvylXm4r! z3#_-&cw#y8*?v=Ag!Nha{cSJm_2=e!>i+Wl=B?%N*k)%vxcu^GA@03g&v}>gzP?L) zn*E`)yw@ntO_OVZ^wM~W`jy7TzpMC8W<0?)><7ks-t144^;pXPT61~)Bj}5z@6Wz& zI_ulbb1&=Py_f6Y1-iUi$^+}(#dvI^5{(TC?)o&Eh=aegp6&RX^*PrEKksk4GXK7k z@{(`HCwqubyct)Eh`?QU?lt|%XMgrq>+dGsr<70rGtT+eN_>eS-!I^}T z-ap*>u$8`1H=(^ew>&;pk#5dIF8i^Y-=sg>d%2DhFYVt8EAmHCD@*yWuSoB1DNjG6 zB0f`*|1aMy=kKM%O64C*N0i3j{ZM)Q`Pa+iLpWSY`QKNOKYU_&dSq64{N9TA@{#iN z!xibLSEQeMR5|}FPkH=374Z{hm#1^wmDT^q-!nH#_K&_(%hzN0q;mdU73K4acA31} zE7A)U`Tw%Iod5p*^7ylh%Hwxb$h)T^p09|X_RjMB8&58eKU={cYAa8_`!MtOyf^3X z2P*8dtB^0hH{{NN525e5_i`n-`nYzPyFN!h@f|<@&4NqaX@{#pv{zsKz*I%IG z|7v{}o~$ifpT^-@qjY^5AFMM<*QfoFI^+N3`tu@3(-2GbbZ?A))}Si({o9k zQMx|!7u6Z1>(jox&L~}ofOUtx>u@jhAbU()DRPQ)`s2Pjhyi@vqjWVb&R? z>(jos4t?;=_38Tx?I~Gb`I%;T&qU7yBKo$;^Mr}6z-qjY_G&a5;3)%q-asLuFT>$5Pg zPOUKs-1X^Rf8BEXC2!?F37x_IIC~b)k!_VXf4OsxaxAHjd#z<3I2F(NMos_5b+)>* zmpJQMlZ~e?cj#~Yy{t}n#}y9U^WBRS#XXnRT;mfd^yi^#0z&;8S?w$BF~J^GIF<985_}WMPJKHd|{RG zj%D;0{ySfS`pmB~zJk6g{=x$B{11>P@{#9D62GU)cm(}c{vOxdhWxv#lz%?=BIQZ^ z@hYPq{Z!7UdAxRVz2SE$5I3HwGIk?h)o%iM_f{D8^g|nL^%4@YD6?2k0;2`EOLIzxR>+z8&O$f$<_;+EXBI z(4IZ$qc-K)=MaCg%J}0tCvJS4{KWrL$MeKJ#ILk8|GC6z?}hdB2lCAGh||COktg*x zJ~7KMX-|%HiQB|;)K~na#!pGN>3{m~{w?Th&y!BvexgdIhLP9jqmTZ-_5xU$Z|dx8 zsxtPz{^og@zpl#o0&$Z=O47|-m2p~${*`~U%DC^uH~H;5+|%;E>bH+Rl-~7L`mOr? z8>(#R-@TFFxmn7)Any9XrD+uQ^Zgv>@%LGPSC*B2Zm#6-v%o`ZXb<**`ElZ44)a;` zci-OG3da+-887o<(gnoj@6~)Yq=TPmd7k&pHUt}(?|J@y%Xc#Apc{XU{qOYur^yT6 z5kvk9%%@A>2l9SR{x_`O(`G9?&wP`=$1*$N2lGuQZUj-Z!27Ug@~<%-3uY?})Ukeu z8~aEH_1H5Kw=W|dxPKpKu0kG=zkieOPs#VtA7JcC+Vd>?Nk8=g6U62FN9-Z;gE;c# z`%~;IiGv^SWWEzOuBANiB60ct6wmeK2kzg?8M{aa?%&JVA0t0-|6Z=Zy}%d_N<84{`7U_0LQEF5=)^@*5Jr zk2sjc`jGE)u{n4JPZKv!IodEEqC6n>o&3F7ek1(@{y=&mca&k@06(|`wM~7$%a`B> zdE)Z@F7|Dt1NnX<`F@vtj5LsBeMtZMQp^W%9&zbk&vxnql5;749pk+fdBC^cSr2*U zq98X9e&%EDL)?SoupcFEw!jY-tbB9*$Qql^dXjXxm(RB+oc0vj=x?xmb$R-u0qQ63 z6MdNafZy+R_=c|0&-=mgu)GF~0 zm7afc29}C_NA5Omv?^$ayFzI}bS%OV2|&6HCuSITK6ILpc*m z&qFyAOV2|&6U)v+;_~;e?s+I@V(ED(XJYAjC}(2nc_?S%f39Qx%K0qkBPcx&ZO%mZ z`JwSNGZS>Mer0?LKdMr2pC_8=8iLaEQ_j%R^Ha{y((_Z!(9-i$&d{>+lX&U*DeLno z*1xfb^?eIxF(^GxCB5`Km3ZlSD)G|uRN|%QslpxZ?*ncY<2j3ReRLUhyP$0 ztBtq4aemA57aM&pH`Jn#`ULBh_fvhtEei7fXZ``s_pL1oIr`J{amI6Ji-P#G)c%%e z!OzxW9M67Q>VJCQ!t(v|qZRT0ko_8Yxi3;an7zy4H!o`8{rnaqbd`=@O&nbJpd&v| z`GR}3Jl~h8FPI@+`p(=9KR7z=$hU83;e2T^K6SPecl)>U`wxs0kdMCYI}3ThBrd## zvuQ8bfjo)l{ge-8W$3>WfAv>;9Qo!K$P3P1_;3%H!FJ@{X@a-&s-K{l}H(Kd&OcS&`q;?eo>qe;`~@pHEiEAFk++ z^DFo-t|;#_73upb(%;GYlYaGVWIlqMFD|eDGw{oN^Bg1{ymFi~pUf2F1>V2g;Ww_u z@d?@=*7I#U;|;#@ypwL;4nMd+muGKcegTi0e>3^PwpPu*7k<#)#CqcQh>bky;0pLv zeRAXl?_ocX`sYTOFJM+k=MR$~G*#>mO^@jOw~!yC-|58j_flVw+^f^iB^~S^b>!s( zq=TyYPTWIX1h=DqNPT?!89(sfeU{M#`MB52)Vu3SzrSo!f4^}4HO`y!k9y<%&fJa8 zK2+;u$C7Y9?)#m`vtP<*%hR^H`mR1-UEScpx9wE7?(Z2^>4be>u+^PeaQID4zw_%3 z-Q~x8R-b?FFQ+pN)u-)e<@B(o&$`B;7oK(GJ2At!Lf5DAeZd`CzDv((IcHVS4`}+- zby}i+-|?WP|5dlkm2;n_UtTEZ&ujWke<-Ivrs<7Wm(!op^am>BKcneU*N>v>Q_%Eu zg`5{P{SQys&Yk9eS<^52X*nHpLVaF(q?~RX;m{v^vYcL}=?_)Z$Nj#u+@0n8?)U1Q zmn)~6TFysrET_-c^r{Lu4Vr%7o^t+Wn*LY?zem$gnYGi9PwpqqJn7K%;?Es9=3$5K z)AU6zICS5=4t-M7@4Qy?YdQNgz4cXx?tXvz0Zree=WXG~j-2~6-TTLK{--oO{(+r_ zd|dv5rg!BXe)s*|*EN09%MQKJ@A%J*BPF+Cj683vt4p7w=`VlNq1&I^rP57J-*UO8 zzvR@@{T*KSz3tq)FI4;unqNiUBB;_d_xi{yr}w>;{&U?Dhtb#S)LZ=jZASAO`p;do zukZ`bgY~rvVhGm|9{y6Tf=BX;e<;k(2ju25c(*M&e+f=J)g?A8cOkj7M&O`hY7*m+{Vb z!4JNug-UrTu)tK**Q z$PZHdeUPO4K2P~zDCo#{r2X@sf7kk4ZkqZ4^Q%s}LEkDMUOoq9TuZJ$KJ9_wQvK(6 zt^fS}&(!yqM;HUWI~9NKc1QogY*8Qg>i#~w?C#<2KFx1@s9a81(|`2Aa=NYQFMQXjPvMF4 zRlTm(^!+D0{BHdZYWin#4&D8G9#`Mkwx^t~&Qm15^an@2D<`kzJfp|OH{+E1n5Lhm z^(dFWpy?;pIr3fli<F%}W2Uq^7bpJY__pd)4c?7@P z`{w@TyTjSP*oM`|y}J9?6QD!GEJ}C7y2~4a-DC~^vZRf)bz@AKB?*9=WKQ7&Oax{pM)IYjGsGScWeGjEB2{< znttAWPEJ?O)tdhKR~&kNzH=VrG~JzNhTeA$Xu3PkOg*0tYWkczZFT3<^v5(krtMg_ zo&`;>TqiGTdgZ({j&Kqx*W2-$Ub+5FO*i#^>qa@|J3&#`8iEbYW{$hZ^oS&mDBXf^CPe6mFLGZnqGN+xcg@1`BA0! zi&wYoRQ=wgfwNLMF-`i&^ zj(lyoe%9ye8A}|xW;ec|&wKNKIs03cmVbWHk>k<)b2NRY{(DxJ{$5SbzUJ`zp1fF5 zj@NX{t};`&(S}y)z#MH`_yqNYJ@8GlV>!2o2I+{T+sBF^?C2oU)1!c?$+`*I^)Qn zI;hXlT2B5LXB_zx1NC`W>t`;#O4Glh``>*(YL2G={)(MW#yY3H{3(k1+^Y3XQ~#Z} zsp+fqK43ID{PQ(^oi5jv&!6R}&yO#+)wOV+3UD9=}-jw-;}-6~(82Kjg??6J5f)MIUy`H6Prg(vMal^HyK&Px4&_#*v0I zI{fL6-mhFcP_r4^uCmo_{(47_yI)Oy&7tRRI$x!``%xx5>RyRzgOeW5)5 zieVmd8IaP|kmi)c?3Q{TnwCFO?TUUTJ)ScFGYE9o>bmSXaFUx8A zslU*4t#=&I^k3`qJXdh~;h?5ho|AWIx>xJ1?)mvOO@B!H30(S}n!eA{=kQC;xZI`b zRob8F^53oL+g`TSolCz*)BpNfIsINu|NG{0`S)r1fa}k=>q14jU(>IA)mC>N-473F zdQ$6yZn+O?`UijD@VoSfH2rk#H_Pk(e^}EO)j9QX^|HLCFVyz8OMgt$|5!nPO4Hxv zmaFAIqv_}B@pA2(f~Nm6Z>zh!9`_eD{lP07x;uYf*7RvD-?cAa*YuB7%v-iW^;u9s zcl`}Hy&!Pi!U6TH~)aMZ;GC{0V89M&fj&Ob3Sj(dTB zqZ2opNCz>A&*u3%_kx{Eb^0RGK_BOVl<(tS@GH(2iRZZ&Y}D!YV!p2pY|!NuxEK6P z&OLb_Wy!G$^7lxxKNN@y-0#ctEk!=Kg#1Q=bnXTB6F1)}e=kHF+@kx(UPgI9{yxDb z-B?b2fqb7{;XkM!_X7F;yuxoNznSvEtDILxKk~R2$oJ{x=kR`lg*+hNr)Ti@MCJJwHQJB|7A>bf^hb_+!3yLV z$oI9=zo3P5J3{|*FR(dprTzskaUf=s^oMT^{J{PGKJ~+aYv267KAU^NAL*~c%aq?i z`QU$DiG1E)@^z9QY)|k$2=Bkx>);2&$TvPn{nk@I@Xk8A;S;pKi#Yh<+mZJZ`oEj@ zf}`I7KkGloz2G0xUgEwU9ykEMy#HU|Uhpvdp7TlXCmk$2--#Ev7aY{`eFLO}wMo*CVSaHh_#yf8 zpG4juaUk#i$bRMC`meyfpoO@s58o!r1LxA8@_moyne-R9K;pa)l;>V>?iR{pJPMo153-*n zKk@u9>0s50^7CwM7wOC|S0{N5dG5Vjm!xPP^V6kWoTh%vH#dIrEXptOf9xb~Q$IKT z)l7N**H0{$Z_POU?u?Hslh&(Gfhi!LNtyqAe*3GP?<@7MEYt4? zeB=z)+rw{r!@puby+`qTRLI!stLtBx!+Mj?xAxiUn!B6{Uh-M`4O_)rKZkq1J*NH3 zuD$5ddED;-cIh-neH!ku)z#K^D%+y^%+K5E>XzH*kd6DbeeZjIm!fb?sZVj*R@Z{| zzq|C8u5jq~*%zpEm;TSgn*ZlcyLPKozMAW5hwhfUPt()SIds=Aa;7@=>71tL z_dEP9{eY&oURzE-sOj!=O4t6oPt%`#!QpqGU*{bQPL z>H4^Gp3(F>zu@q@^yf7Fx}TNP3!1)Gm+Sg7exd2BwcYH}f2rx&qh(`ft!V$vuQYw1 zmhaJilz-Rs136pWx%@9``px-r`mZ(p@fnBi`n`Uq>1#FJomVewdiIYFzbpTBO~2>o z4n42u;a@eq_bJV<=?3dsK1b_ubo;GJ(>I*#wAZcAF`E9$?`@SYcd0YqT))V;mXo{l zLY40NMP7K=;dlLurk3OS=UhLH>lb-W_m4Y2UBAc$M>_Q}H#qae^^1H~&ntI5y6*w( zub{6uQdP@H6`cCG<$5&zGVRB*3y%B_O+WVs4!`R!ao+>Du)^=PQS+Zy=hV}qpVRv^ z{S)qUI6Z&DnqK+bT~sIed|!{d+iyut|Bmh-^DJkjyZhx<-CoykbU^cGE9eI`{W`sG zxcz*e%YUD(%6H}GHT`%^cjb#pB%e7I^w%|glU~2>{4w6<@b~L}aOp>By8lUAG30)_ zOI@op{ry)sbn|Sdy)OM2{hZS6=VhAzcHLfcceVSfV!JpLhkN(8rckAQC3}a)=X>ac9 zPXD{-Lfe%NhyAQW&l%3A@kNL3$~mCv7u@E^aqFMg^k+4{OMgn!ulu{L?(Ewf`2|f+ z>wUxJe^Jx#J=2lzOFQH1?t9;lYWi~y-QC}+4%#ZG%kS=QCq1O;n%~{W{(4zCzq^n9 zyY6S7=6Cn8_quX)ecXNQ`;V8)clWWpTTjjJ?qj!}Q(k}15vtn8W$r$Fr!#*#H2sOI zT=@>&r|A>!`?)7M^LA3x8*>i7=l2fX*7P}AZ*l3nHT~dS<^20x{tEiln%;iOPE}!7 zPEOOGao@lBsWUDIH2rmbP8qr%4r+R$&XMDe`+b`JRqa>K>;8XC)92{-MO^-;H2qzA ze{;vZpy?+ZwNuqI{|l!dUexr7a~--X=VeV_`t@?Uq4$qQ{eHd6KS$H+-Evns=b)+S zzb!cZ>ApYOpy?0)w4CnI^qCz_x#kUyoIXuIW89$^4qmLllfYWipNer4Y8(36_}!|yuv$?5rKYx*;HJ9M|-uGaKRb-C_7oYVB!x1Dlbx_ch| z=;P(|gPQ-*%I8;_e)U(Ja@}^_uj#+9apbu42Q+=-yUXbhYWmH(KVANZH2qxNpDz7j zO~3N`aygG^`U4emzOLz^!{zPDYq}aFg5&kg9DVK0z4}7w_fzfrEruu`@t@_JXBnsK zbJeH)X!;m)k5Toz*Wy>(sO9~~6}Gy|g`Ih=$;P;*yZTF&PI&NYhu?h6nMZEDO8s-b z#_BTvoY7SM#@~yHZ_cx*y39Y9N5YFkMvUiT<)Cea{t^PtIPazg+0|} z{<+*G)n)#^Q+7JbH+v0W&SzO?&>oCoVmBU+&}k1 zb(w#zKzgZvu0Vg4`R6`eUFM(j?5i&G&zXGLNU49$ysWy+Kj$G{>YuZ(L7vQW?VrmL zFZItAuB$Hd&)L^km-*++1Jz~zIs4Y?GXI?C%hl!nxvy5g@p~G|KX-d|nSZW8dZ~ZT zyra6zKWBcey39Xk-dSDdpOYUeEA`Li@2)QM&*kr{F7wajAFM9(&-or^zLfaq>_@80 z{d3={F89xUqq@vLSK!A(4w&?(>z|vhF7wY7_E(qr=R9AmF7wYBk5-rY=j?COo?-SA z?Vq!sq`m8~VYPoQKT}=ipYwdTy39Z4xvIL{KlfC1xqt3^)n)#<+z+bD{By>S81EAQ zocy?3sejJ*Om&%m&St%q`sZ>#sV?)+`JSsT^UoDtqP->lxjg$(sedlFyxJ)B&lywI zMyY=;|FdeN)IXOiu>Z`WfBqZ)oOvznJ+a*1^?%YoXE#+F{}caQ{+?>%U-{>JOR9}h z|D5>%--Dg#LY$d}fs)_~WIdv%mOGCmn2uU;K&oC94$v zJnqCj=dI#9$yXWY{l?)p7p*b`w}^cH-np=CmBQA`sN1pl>$Bts*Do;myJI%76ILnQ zLj9C~+9n;0N0GlB|8pJkfxI6e-^XQ~1wUAIn!)!#;XmeH;Q;BcP`@qY2T$L}^QtrW z`&H5f@_Pd2kMLKoqCMan#C?3d1Mho|_&e~w zA47Y<(s$txrak7dv=>}hbA;iUME<+U4{rPm{PLx-?+#HX>jcXkF9^!)eX(w(R=P?BD^f~-K?gdXi?$poxfQRoz^ccT-o5P=fzlZPT z@)(UPow!Y!;LZ;_`3u|&?v?V>jMrtf4@`cP{$%`e%mu-5%bfA^eUkQp4DFHUNyZJd z4_t_Ri5G4pKX?N968CT~$kQH)=in7QMR^i8DNFE?GaY&MXXp>`Vak(qJ4YOR^tU>G zDRFSIEaoj#Pi4&H0k^WWC{9i(dm?x2QM%mWPW)X$PZ4H_A(#x zr;-lhHvG(gb20S=e@DK}{LC>o1xe(|eDPdEesJWe^f%92d_ShYz#7U|@fdMXWPV6I z7a>3RIsGMZ&p7$PjorGx_K^C7d;e#X;ge<-|0dEhkm2Z@`n(tglST=+fA zEy2SwzmR7jU+}Cu-`>r91Ahn~VVGybe?0tPb;61JxEHwZ?-ce@9%#7L>2Kes=`V03 z&->JVw1_zPvaBcR@6XYGu!VHlFABBf2U~UA=3emn$4DQ8{{Z~p+0Eqt9piH|@<7c4 zjyxM#f?u))duXp`2mIibBPZx&BSGW zF*gKXq`W-!$(=wP{EhV|`bS|t<%2trmzU?8qzQ7=H;?|~si8b@!V}Ezi%CD3bWl%y zjor+zQ)rKX@sTfWD3B(&h5bzAdyp+?PSRfT+oTC1^sl7b3y6agdF*IYUY@c9_v!NU zClUv*(Z5n3lY7Cs^NI63)pHW^!CI*w@^ah@{>J){xIx_np4-^(nV)tS<$-|Z?Ekix zIQW!2|75-UPG$T-)q3Kr_rgNj15UYs_Hq6dnuvoFw^2UpKgZr6*!5W*XD;TzR`e}N zFPsNISSI_&a2$9$OorC>F}E$;=BPz9j(tZ*0K!>w>#x|?qMvzffG1y z<$SA0KDZFWw{SH30evkvsMDEfhM)m?w(LijP(Lt9ePuouzDE1OFzKrO2WUT-^A+bj z_uPa$u%QY0?5760fWSP-iM!7~|L|9xehcY>|K{WBUGDYTQ+FobO8-jYKah`a%^r3A zF#6YX#`oUPzm8qN__JPeDNCVxBlDGbVbW5Vw}!aQe9v17E6=07#Ph@j(+r1v|3)DW zKWLNliuLYESPHJbmRpB>An*6c?_K-;vsvMz$55?RM;V@fG%H+4dAVQF|L-P0=%hXc zzAx5(kEQSs<$E3@{avJkBQ7KVDSSWR9O?rs+9SW8o&S5Y!Y1@Rb0NRy^dFQ54v&-m zo3|OpJQg1K4)Ss*yO0`~>_<`2A$=1=nn%zUMIhQR3jp=O~Z)V2>aV z1W%#8jJJ6e?Ex2_M*lJ1#?{CN|3IGc@ASt_#KBGIOCF2yxS8_6ru&h{cpEp64sM~o zKE~U=5&7UIDWCq%@kOA5+o`WDa(4XLb=`YH+ZzUbb?+wZC!5GX( z!F(xiEB$>e>0r(+%umvNAEUmYKz@nmKY%=NFZInO=s(6@AiqcC$&$a8{NNSoj~M)? z!4G~$e-y}HxB^+=9O|E^JkNgG1LXIMMFQ|baR~ayGaMXK8EsA#E)5_@C_NS zH1Q_l;IHJ*MJfLyD-_-vqkl-xow7nfeh*32_nXugJVAaVNqrutKH!HUk9h7d;{~Sa z?*irLe?t9%{C<-BK92o!+6TTT^MUdTe;_~j1pR4lga0q^gSnJ%Oa8a5PWq&}RV ztLaY=MISEk`%j)`>JLo%+n~P;?+S$m9rp~9E+B3rKj)`C;AG?#i2LFz6#UF@5B+2B zr2Sww^~o_F`Q4Ncwo{%lLHegj2j>&_5%*kyY#_hyB)|7lxMqdIf6`tP{WSLl$^-2- z>C~@q8|lEcXA14KAGr2Mo_oPwiZfq<|5*4zj{diad+I3<+)n-MHrWrT5BQ~&|2^7M zOMAeAGs(Z0`CbP<_zUA-Aiup7esBPJ1@ae8Lq2F*20!~jei7{jFC)(;zp;e=1oJrB zO!&I1Tr@1uOrQk!k@?w>L}l&e{(OB4)#%gf%45ivOd8lC_gXd|AO+t0OgyF z_MJQeiL57`^ay4h<}?nxLnF( zzqQ}N_=B@3&yfDAV!Xk_(tpxlN0AP$W<8kFUvFpp!Rylg8S3**>H~gD`3C)EKT7$) z_c8KU)7~|-7Zhl(*qixv)ECrjrai|pAA0D2a3uPqr2D$a3$oN#^lLLgeE}|D70<`X z4{%vJ`s=5W4{lpdd-~a*FNGf%CUNv1-(|=Hwc1|FZGa!h`(y?y}tKbK&{b96G7Wgv!(q3~d`N8XyZ~lq)uAo0bTk+(GNB(x^Lkqm%94*h-NPcj;mgm_7 zKQL}{$y@BxrSCZd&nf?!v4vxWI@e$8&qkJ%j{Jz!9hZJ$JpY|7+UuJ^+ z1bhs8z|+L}o@D<54^X}VzcGqDV3Oa4-#0=!C{TWZ`Irl^H-ZMz^ORTEMH+a8^gQ_s z7ZL|eBL8XD!}+uaq<%+#P@a7O^#@bykk9^SSd<5j+k$-dzXJDy3*JHg*O0%LIG8_| z{KRwnC?Bk;r+r@JU5Y&LAo6lQpuEpe9$11rV=3~u7c`LH_%rFBB^~sVKTm%1D%uLZ zMSkOll*id3XeGao{PvZ|2g}IsBfs%E>I*iK-&})y?gdYi-$(x3wbT!ElRr;>&vlds zCb38J+tl9P&(lKh=O&@Cou8)HnZ0@`Hbu`u>LU zzDjp(uppXkJ0`)&90PTWTK5XkSPi~q+>pLe>>zlZ!lzK%lD>~r7;BiA}{V>ji2 zs=w;EbTp`Y5AzNC(S%oUs;8~1yKi8FFEAF~nnompRBzjEQig_}=}G&D3c zHf(GdX-G7r8z!5UELpUyq1kM1Y2IR)E9S0Pv0_!ryp`t4m8({+TGhI!b#YryTcB;U zEzy=bY743?3CAu9Rq^{fr0UX*g#@1w4rfB(}qPGmTXwMF|sLg=9yXB417>oupA#cbZiiNg~t{EL23ymel zGU3K>Q+QE$ad=61X*d;G5b2BrBcqYz)^xNn+7w+BT^wB!T^d~;?TUt?k!U8Cj%DL5 z@t$}n9*HO7>3BBLn}{ajiBz&L8A;n-1N4=u3wV9J=Mut%q(qbo-&N9Qx{^gNN=o^tD5G z9=hw$-G}Zubnl`24&8s~fkO`-dg#!@haNff^=W&0=k)p07fkP(zHs`Y>5Hd#Pw$!D zJN?P&OQt_H{psn?Oz)e%bo#RC%crlHzH<7r(^pMjJ$=pewbR#4e{TBo)7MXbVLCUx zfBJ^$8>hcGebe;K(_flCFn!DPt<$$n-#-22>90(Gb^74+9n)W%zH|Dn>AR=znZ9@W zzUlj?ADDh{`l0EEryrUA`lFXUdikTdNB2K^-?uJ%;-V)$_vB}0E}gk-=JJ^~+SW~{}Gx6G}tuW4FR(`?qHn`_du zPv$f4Km5UH!Q1fSYF>SQs0oMZn>u(+vV>7s_kiyImi6E0q~q@iJH(~@ONmo}Te=H|v#t5$i^ z;nueGt?lit?SrjdU9H`Htv&6nJ)2qw23v!{)?}(RJGOdYu&s5lt$nb~JJ`m3IMUv3 zwTA-j(Tvxe?`<9Qwhwx}gWjGE-rhCdfkE$Jhj(M2Hy-q6{A)rZYf_Q5tJkmf4zBGU zTsvs39kbSEtd7=!j`l&8WrsiB**@4gFxVNhI^&sj1B2`Q@pZA}x@>e^HoksfaD8a1 zYtZWQC%U3mSH|jY?dxt|+}*yUyM3^GV14(%V7EWn?N4?4r@9mI?o^^XYxT4b_N?jb z=^gCpJ)>t}u*cuinO8k~xVB}uzGZlL)o}d8*`_(W_Qayi z_hVg9wD%P4ON#cViuR|A_Gh*<&pzt}(;u+>!AXB8?H{%LVW?M;@t{9G=8sSL zla_yCawIYq@FxRfi9k3KNJInKWH4w2Lu0{EG#E(*BNM@RI+zHALRM(Z3Pr6@JQ&LO zLz(bsBt9DRk7kl%UTbV*d@Nv&g{-kLYbFF6azx^p zNX8luO^qiaQLhyZ@jo6Nv!YQen%EId#iAK2<`2aD$ym~gWv#eB9`{egLsmSrJsz>* zk!U=Ti6^$lvsPljN{nnxjE*K!Rx;3%3`dd?D;WtUBNNG(l}sd)&{LsgI+Dz!l9{Pg zXfzcXONA4uXe>2pr2|$vlu1*|@KibyOQ*x>>_|ErOJ|emiLs17n+YT{iDb5+Asb9) zW6^9pIN?uCMEu)FQrnZ(_LMalu_j~D$yjnK6rT#Er()3^>F|#2ThE<6`_SF#nTOIv z`|_fFMbW;xXkSybuPxf2E83qg+SeEDT+!ZNv~MWdHy7=LMf+<-`_7_$f6;!RXg^Zi zxvO~o?ZsV}7I$4;-1WKQt{aNG?k--muXxd=#fvU0UUYf!qAQ9Q-CewRU-9Bgix*#3 zy!i6s#a9$}+r{1I7k6J!+Qw-hhAwRqLu;x)PA zH8&Qoxv6-~&42j%!)nu;%l1~!{H>64gSCoxS<9zOZx1#F!Q*fMK7Ov%>>(~ z?0K{6i7z~5_KECh&A_*?vuDjhq4l)(EMzq=45ZTw$0DN(!P%$(o#bEF+u5@Y`a0-#!;*7kMwdHZ_Vl}YO(josPm ziv-5|BFPXNv~~JW@8Ids*`uv~>eUZlzr@1{t3Q#*^i!t+PO$-R*P4Oee$>AyHt^`^ z06YU3_VetBHIR*gq&4X6?;fOo2fZ5y2m3p_2m6P-gZ>eV9o`xw-ynGg!~V!%DjOP{ zO0wavSvCZH2>K9vBD;TZh`Mipwt>BN1N1XG2RqK-x)E%GzDcg|oXP!}%!@OLpSfel zj(K(FJd{lNw;5IQ)ZzFE<}lmV>{+pvSv3>0x3EUGpi`VRe^s+T;I;gLAegfJl>1gA!rwFpe7&SOI^!5j25CU@=$%mIgxcOaPgIus_bB zWCbGJM^b@6A{YuJ;$wkCa*AWh3QRUG4YsCILBAjq3R0gS^OVEO3X(q<@pFWQxK3C> z$`5&yeIa-_1~|*o9A=zmQMsl=p;$T@qV1tL*Hnyy!Eb>v&N(YY+e6t@BE|5o_7!nZXMiEm9O;^V|QgzG_i9Qrt8$BDcwO8HSQ z$1xKjO5LN>CCd7b!XKqyqqHGP8=~Zia_~nZaSV(2c$E4_sed%#4|0xM9OPD%^}|t~ ziuogP&U5ZF;TUpap?Ee%=h9hLjI|bv1g$taT^#i+&Ki%y8y`t0o@D<(#}Ex;Q8MKf9RnnS zAc?YJC9~=9Hu$$?6PXnKnW8UK^kWKHETJP*1EB`%fwf zFMXKGj!dOTQsZgXZaNSGQx+;&CLIcZ(0H1B=r9&ajFsLRNvC5O3nbHtsFhBnGHF!4 z^tP;(PKTPnBD%%`A#@$C$wtrwpeH4cA`=gw{#Y5x$%JCbOemenP(~)gs3nqCCKZWg z*vGQ8Elazy@MTHQGV$m_D;tkYW;3J9vP96BrY1?tYtpC4or=y9AH~9&iIYxPwAdn8Zk;6CXszfP1o6>Y z(JZjl7Gbk3mSBkr7K_;?cgwhIY~Zf3N$wUcUQ&lX)LbtD2+(Lm0Cw7n<*uw3hk!0f%th3XWiDn|xcLnCu$`vThD_b@Pww&S- zW>HOot=?#4tW|c^)*wbfYc%3dx3b;%TNBAq3!^Qe{a86D()3|-uOgs z(km?9R4S43Dn3~VqR?1tTDu0kYy9l*Ya*C4YuKGKYlL}?@U4|{*ZN~I|5_2XRua~x zSWs&vwL_vEa@Q$}Qm1GbolNW3c&8_9MhI4HY>uS@v4v7I}xPy^v^p>+#Q zsaib}?NL!Sooug+YOhqXcMPSlHx?T6_X>_03bSZQR-YvFv6fMWpkc43 zn?)tEPM3t!h1M@slOWVD_3LNjiuFrsze;7H2L?J?>l+88l>>cUor42|oSp-mM*e|l zBoG=9=7FT2yKSkAH6YngozR6kdi#5nMunCX4GsFoQ;|V`ED{|IGo1z{+n_LuuGBiz z)7jgD##Fy-NUAX;4IGL`67eD781#JjX?gru8AS`Fd z-5GMXQSLU%-6m1OH;G2ONmQ~;lCVi7h`ckUZD-1Gi_T@8DXC{l>gJZ3^p<%w>3Pk= zTZUJy8qPK~G+~j~qieO8^UuN{IKeM9^#`&U{C13tUsf3k(AlB|CARxzy;0HeESr?5 zUcm{`zfip5Q?N)ue#}{=hgp7EjkMlBy8tPxR$X>-&+!f9cR z1UZ02KNBS_jE0sT4~@t&9g%}ll(IBIJToE%jU*;JB-kJU%!$bfYlMSpd_)Qwkrg!} z=ZWZW1Z;C?aA_+b{SpWTBT-S>(Aem!Kp4M4ARJ2s17YlRy1=W{Hwi*kAe!LZiehQw zY)GU62@!=-M?f`1wIfKyvw=hwEik#PaXG=#r2#oW15%fO9A5-v!%(+G0knc0jI^kM z1RR*b&}b-y|03f@1&oOv7)uAYQnjFz5fmu|M5RSRjx#GLXHKY{#)PP)3TTx?VN{d9DlopMNvV`IY zO$3a|_BECcFpX4RsmoX<5U|E3P|!rV#48gWC6GH=A7Rn5!;)9jOne{|DM}`;8%8lA z`f^0t5TOzwf@G5fizGle6-RNTdE(d+Z4+BQnPnHtG%h7r)I_j!aYQt*h?F5}sTE1~ zgfbB+NHkPS)KhD#KO0K%Y+%&dDhcDVS&qwW62-J-T$(yQ&cqlO7BnI5giq8}D=MQe z3M&CqUQ|}@GAN^gPy};>`4SBV`~;F3WP+f@Dm7O0*$K=5lvpzwN&2@dJvl0UiZTm} zl!iJ>Aj2J1MM|GW)7ub=QiU!_??z<~MWu^H-z7jZB@j|E(6R5~yn~830#l?b(iy4GF zFCC7v2Gi^v+eA}FMIOr_Ad*J0madC$jZFCCQV=>bETX~3mD-&!JNx2NE_*^G9+y_4 zLZerUqDeqh+AHd`1eBJ+zZcKov5RLCVICkvBjfQ2smp|@=s3;@L@}QbEn7^-gsdnD zu;0*{6EcevvK=PI5^)QAgs6-_LQX4s2c=vpl#se4l01G89bFW4G~P~b&-M`cHx(%aK0@1xw|)Jvl6iw++k;4mbJ zXObz#QgnI=NR=X)*P+xlsqQw(yG>|JfQ%(NzLkG96Pg9aAzL#ULOEAS#@guu_q+2*;rakb+W)9saG@0tk>IQ!@1k$Sbohm5q&| zf-`~BBhXm-DDeURgqaS6L+o<2Lu>_Horq6|ViAH#?qqGH<(y`CF)47-N`S!-4Y8}q z*_~zvN7FJM7!$By#H+xcmRhA*$rD%>m>$U}M*p@fG^rmJ#^Oc^urEGnPC=3zc(1L^uEv3izCkj{!c&ZLM6!dX$bvLXdz zsD4>iMoUa0YeM8rpg>zV6tZ{~Br0mkgb0|B9NVe*-0c$Go{D5b+l4k+kC%N?#&=Sd z{UkduCKUGYr0`8D7BRD?#J4jg4uUC3n39AkvC+h~vUW(XiFIY|kSVZ3Sat}DSXq|1 zYeyquS7B4FR!&=`N||_7QZ1&aEdgaxtu)08gk^Ph)X!mu(g=U`jtHKV*O2s!`IKFueqX|%$+Od``oz+ znptCVq(p0K>T81Onx>%naZ?#&JQx$#YfTzOjBs;JFm|%Z5o(@1@1zwgjrmxD3uf1u z5!A6dll_g54o5)~XYxW?;*Ty&h#I+QxjfTC7XMe&%YmrOBdc{_pmS|ct5V>Utz@-g zkW7S>p=7nHy}lI}RU*|IXPTy3)sEJh!sQZB)|1tmW{t&L)jZ@eST>zmO}8ywygKC% z$0Dm~bjWIJ?P>FNwTahua~o=&Ki;M^sy3No;@lmN`P<|nt<{!@aZq4AWg>yLR3e?m zeroG&_qKbxcy`v_xuKJL{}_8tJ4eEVV?IFUo5=8tse`pPj#D{4mgVGT!NofiPe%xab9={BG8~F` zu4BDhodaj%KkigDRHm2JIfmCJ)T!#(sp{Do&tSQ9s@isD#jUkYNn5Ax*Y|cVtM6Cg z(0V_9hln!6to7l<*6~Oe-tfVWE`Mw!=;>RDe_M4Z#vC@yMF-zgpwcD8wY)F}64(HK+85VLw!&6Pc7^{P7esyZvX%<4^J z3x|7Eu09^0dfWR_el}!fl3D%i58|3`A8PaVhqlsN18p7Nb`xi`w+%C^pU0&GLp)dQ z9|-tUiTHqOwX(dhu;lb0%m#2$OAQC6m{$R1bXkM_t?gcGP}yvQ{>a%~SYM1qW-t_G zhT^0~)lgQLH7MJsGQqkxiXqlBfF*YNke8>GxGYq-h>%CiDqN<* zXVBgi*-}Ot4@zZ?qrxS_xW_TkEWfHPAzF{BjvVahIE3ulgyJAi@JOh^uiAq0$~l8J z!ahJ4=lQE@7sg*4Q&0>x3saxY^=H}mdA>Qhq_N4rUCyWxWeh3X4ZBSa6Vd&!=Az?` zO)6Y0As#1X%Za7d-lf8R6=I!1!DPdrYggfr3WF-lN;stWhZO&i;vZ7{8ypKzrEXBE z8bqVyIqLV2K|^boN?y~+-SlFeiisKcoc2B<6rE8y6sj$NweNkG|( zih#MwAYh>S0^=B_X@54UEYqMeO))`bzf~5h*s0lA978qchmsh_CQ2kDNJ!#k zYfxdM3Y%28NQH}4xI~3ZRd|{TmnlQm3Zz2#X)y-a!vkq~cp_#k*0Iui0!ph==T~pwKu9;&@1{9c4kAD#Uyiy+5Q>ahc!~SkMfuV@F$@T_Ra2%ps+@ zhO&WrJe`E&DP>4wPRkiI8e)IK(q|!sMn~nm7>$f&ai&L{`zWJ4x>em{;gK56#M7AA za%PQk?kD|(SqW)y3cUgCMhx%?F~d30Fu?}pwGGLGAw2qFbyo6#2&*+rSMu`4SSpcCh7&TfZ1vbGk&zhQ6A70tRmQwy$jjp* z91IaviAY5DoQPwVtG>dpM;Rn!rzOO36p1C7X=3K1Pm7%|5181sB5E8X$=WzW!22`l z@rbgRBHNg<*!K}k4++yMoWRbP(|N0E%T^_MtD-1dUmiw{g_ysQW%U^OgjosC<{s-P z9&MF&Mb(*zyPES_?ERo)@Drv|nB$oIJeU$6YNHC9RJcfmi&eNpg-fIUsYEstWoJRA z@|8s~D73%8aTDMe5PblvMa+BLG`uvz#HU2UEFpU^55LkGUS4q=4vr5%jdfIwHLe}b zGD0bZM^x}9L^s2!zzP!oUpf<2^E@h#{CH$07D6CpzLL@P*_i<(duDEP8gwr02LHQEIkAPiAn7|R>&#))Ql~a#x zjyfxk0^wA4oWrY?`p21d63U$9I1`URD8q|E;&Bj{gQ6(+Qk5*Xdud0!2?9; ze;)GkU`QTIOoS53f9ANGcyCHl#f@RHiL!!}H$xsX;(AbC44fCL6daSJD%}s43!4!k z25LeMI=mM#KkI?B3?Bqe3_Kh7(<5jhJm2KuV|)t#8a|8><;j4;eJqYIgC|_dnSsB8 z6T|UjNEpwI;>%#%dFz(mR!b9yh14XaR+I8pC{IPu@mCPae3Q!JXCMrya64fp0$r_| zlv*_@wQ7`G!|`SiqV5E7YJ@_BSkKsXexA*Xha-)PBbGql;Q=pCK|;*BcuK7-nf{cn zRu!;I6!iUcD9Q{;^Bx?&gHVbF zF(qPgTq=IXTKQC*a8xGgHsxEvp~2R!LdKDM6hyX0lt?B5?P4OMPl}%L2xLY-llvz+r;=!Z)3WvkbBh+;%C7FL)*vMeMQ|QWbY+pNfTlVkVo7> zgp`#{s{5qet5uLzt3bJ1%=Aj--)W*jm&mEO(MIIhAdpW^43o_dyxT3OZ-DQ=Hpxi2WSnw65 zvPyf&in3y5)ru3# zC{OSblRt{nlX53yGg4vFnothJ2_<>Ensw-HoUPkKsF2CYdU;?!spymHNyMbuMJH7o zC)Lh5sb&c8lEu@_lgfKKsrJK3HSRoVr$l@{?DO(4z1hTgWo}PxtB*!T%=yfE-lkI* z9+1nUcayi|N7+VsKCa%pQx2Y$ynI|eyBQY`_7LyiDNj$@46@&dPbcah6Gu)c-cl1Z z;*gHWCTVovR*t@T?t0 zC{$y%^$p3>d;N4>UU2@(busLO<0@cT^EDc4dC^`E@ebr7exim&nU_ zO$(PST)c3RbJ4M-PV6-2vdp!=t zn_i(FXsq;zyKCuU#}{O^I@XEf4bn~?%klD9trM(2f1Jr83cBO&39d$);OXCL99#Gf z@c!^zBD5MKhMCjW+BZ1Vk0Yl`Ec>=z-k&C>2GnYE3>wEFB)*_{dnBctLHLcZNH`|i zP-W5KxQGuC=g`zZB-oZswy_}FrZ@r;8OJANwL8MvL+o0iOgnT=^LE)F#w~A8yD4v6 z_iW&uh%xTE#9QQ4!t3O7yhD~3y$L(k8=b;f2zXgOm`Yxz8Cs%Oo^z$GHKl*e+1pnttndY987j>pLAa{8r9r{Sl? zgy=#gp;4_59x3-aXWLHgCMkg}1=FIq7i>baPv0O|aSC$$Oxn3*@g6!4c~iZP#pigLtX`!F#vKn6j;5Hr?d^D)EH1Jq zGYva9n)|&Q=s9n{Q&7J=y6{K)*-IeFZ)#esE=!imWzjMf z!-Fx24T|&Fk{To-iEU1sAWgd|86OA~K$svv zVc_85e|f(1M(6%K%6XFWTM?OA1xUTORar@(P?eQKtQ9LFp~QYtjDRy;J5XKXbT9mM zIN4Zy&v*4&LWECOHc@|)7McI}|2I1PW!j(r8FRm*(*MxcC)sPs6Xt%cI3Koy zV`XV;b)|8QPbq6P{24^~V|6$kw$nhRa1WU8HG0jh4cM_ZG!`yS`3Tg5T|0`O-S{w3 zXGV!LQ#{*8(12he^M;0lC&UbLyEb$Hxip5ijqWW6XzgC+#F!!z=uz!!0lnJ>jUv*6 zgC^DM#zbA@x;40X`sLv|Yc}xe$+927Id!m^q(fCygJh{PmpIthZ?OO$p{uY{x=nc* zfR-pz#{<+2gU2z(BUBduzjMvJDYD7vClfu;!Gw^QuU*g~{evEwgMLT{eu#rcKL@R% zIzUK3M>#7corF}aG8hrI0;G&P(KT@f1IR={=?nd`Q9=V2iRRe2C! zfan<}W?wkxw9|ajA`NkzlqMmA58He-QK8`O|YMDT9U+$1EZwFp#QYf>S549 zGxY$d_i#(X%p6AL&5hNTj6MD~^uPIN42&#fDYGhi3~NCiNwl2POOo*FK2h)50g%fg zYZMcV5)f}`#Sg2fHab9ccoIWY;+(il_Sx(t)Ej~(99Xu+EFn_CLkguL70E6pPph4= zb`5ku)LZext{>j};jEqEjp*=&BN;VqbT;mZpHVI}=YlV`WXsvp+;u&E zucqXG9r`+Nxijva(hE>3$e!n**T_K#45j=Kkj^qd(4tr{X}d*$Ve>fy#+k@34)@mp zNe~IW9}UYL!HXPh8oe=;y>sJTN~)IaSFdiKO~Z6!ex^W`A)hw$06I+Lh<}{sqT9iO z_2GnD8S#?3LEjE}KU8WV;E(RB-=dvBsQC%|^-NUaH<9M#`KZW$8>2?p86I@TR` zi95nPF|72v+ZslMJ?z~2T6HTePk+Z5u?cFIwe`iNUPVI9{cAH;PmyrS_3~!0&j-?r}xZ@llX^4*w%b*LabSjN@H@8Hwdgg ztQM;@+#C}+v(#rd7KT1H8AX~L8JKbr>NT*m>cF7Xffm$(L8$|SQU|PU=rs*WI5mw% zJMc;GFHG<1FRmD}7y{H|csjswITHmWQTwRIY;1lOl5R~ z1C}{MVj~zT9Uer1X>fr|MmJDcgSLVVZdV|oEm5zG@m^9ge+OnTP0%Fll1g zbU@SS+KahlBnIqqQ$-Du+=qYVO0VxNhF7_|peH|(TrHxBj@AIuMMFe?iy4-H)N z_y8FQ(l)`E5kJF0Aud?sdef%8gd=m*qXUep`Z0a!p_@JKB17hYMNTV=yR-w5Bs9OD ziM|xf=N*F#bWNkzJ_mjcAr%wPO2t8FQ88P_!TU1ls zKK*v?8#F27oB6qgrNz%EpiCo$uIc;I)%mZd)lWZQCc({&7nhcaH(B3UT3=k}&BCH? ztu~sFcw1{*IxZWRwzL?IBnJ?;wzNS~fc5fHd3kknb6H^~ff#F5OjA*Psth5euy87p zs#p6hJBstF?3d0e#{`eaNixcI4Yg%E#EcA(5f64J#E7e2&By2WPL9tj2gkL&vjfC6 zmBT$I^Q?C;*lQpqd>+A!1>Q@u5kYi&j2J|HnFW}TeP9p83kG5nZIsa#`*;V>84V;I z&>A}2$NLSLPhjk0U&<352|mpBdGQ0-7cpT!(RnzU%%+MBM6>M#!pk*LP!&}OaO42Z z>JzPsYlmzF3W|Duhk8v+l`w;t0&!cqk@w^lIfV~-pACi`+UfnEW;4|L$?uRL*( z@NRN@)BTV=88Q2zizo<1&H+HL%ba{*O6&2nD6DrZ7&@Ne>o^!)T37#%1|0496UzzS zyT(rh4BXTYy9k%;dWTtitmi$%@DkFIzY?sgOB1NO%NV>>z^;Cp z%UM9*Hz8{YK|T@4mwS z?D)&OvkQVan68=^_lyk4hzpisKiY)41Iu$TXpVdO4Fy_XmBT1udQ5d zKO!0?Jl{j|nsM-ACS}e~W+&M8QcZ2fA;-;yZSU#P%xqkFx zv*pLuXFq}ljMuqu`|*JVA7=uq+BMh?M$teN7)0Mvmi6B@qL-K4b?^1Lk}_$tk3js(>8;S zRlA9{kJ+i$lzFdJT#{#LqL`0%>bpNcoaxOyUbni9(b+qqe z+rY7{L1CCu!&x1eAMlS>XHCn9ZzLpPF`Hyfrgr_WIdWYIj>&5&Ihy7cgGREWG(o~T zB5!0za$jNIYh63pg$78X1GGR27)95^c##7K;G)}uwejbW8c6eDi!dcAo%p!5ON;Bu zv}--OL7S1919{(SIBv?BrS{TM?UnTgum+<>6~a1C>tqtZfVjRjsONoFNs(5_s~AhFboKyrjwp!Z98HUcjDj2 z&g?)eV1tfKQKR=G`e1;w>8AU;EwDEONlQn!HzUv&Ptt9d!4j}^?Xpbytoys`nLN^E zj9<*B3XXsR>0?;6(L4+1>wR`dgU!vgt)*~W4#$;nTn)#ya9j_^jd0uy$1MeJAb@=M z{dq#NsAx6Pe25v;7Ln_47*sugW~P7j2X)%} z>6w@*>j`~@gW$P0F#OPvdW2U&u!ImF5koI*L|Y|F;!oHz<^(yc(<9fF;Eo8GJ@nlCGv#1 zfZYXj#c%+oVoWYEk2-3-F@&mqszIps*Kzy^0);!pgC}8yX%zrMJTNgSS`T@S;nJeb z8^figa9j?@m2g}Q$2C80+MzVu3dhiIG@IymhmFTF3pcusC;$BQeK>l5k_Kedn*dnD z-<#psB8-6l4M|+4ex_?EIRZ!89e|4g?&qEA6KEa8$^y^lyW#qwUvU$Dol&SKA(>qd zY^r#W;o}`}`{^tk3GIYcpd&Jo!U9RH;qPSxCpd-~AW9bh{-eOF&2Jp_s9?|G7;|Q% zWBn}w_wWs3jR8$e$qx(a92yrK?=X3E^zQ?t?E7>RwHMu_#ou%cpTEBW*XmsPg>*D> zietDAVqw-Fz~mjK9!?X#U%aq?2|*|TAHI&`lX*UM1ieu6WC;okBI1hCDEtFfTR_m% z794?WPtY5kXZ};Li=qpSmffAS>AYGOUURhH=cr5YcLue752?gmx67gXBmyMhzIg*2T&j+;+q z*ONY#pUlbfw6?f~a%br&%=_Giy-#2r;hNyOd1KdGFP(8yw99S@|G>h_5(R9r+tR#} z8R=b>N~XycS|gyLS4{Juvk-Lj3iMq16c!U*RX-R9dYN8e=dKY*m>^ zJ=7gPqnH>q>OVJbc5wpSj-aUbYCnV8nENSIWmaT+bRsj*4egOm=zPzH1mI*3EQH=? zXu3$EY(RL`Lq`NaK9&k>Z!{F*s~!~aTb2I@`NPkO4Vq-{&Q6ZZfBcSRd{42;0&bPV zgGx<>+WD`C)erwIzu%Rw19P#yPp}?(0{P9ygW-W35s=<3!LlRS4-ua&9bhmp$od@$ z@?iCpJ^1-6_aw1&JlBa83_6!o(zWZFF;lYxJ4_?jj@` zf&4qHY6PtSt^|rMkFlpo)<)_&rVGn~a2y{w7Dg1#%?+VENC_>(9n?z4 z2Zx}uaaD%mDH#ArR?^Q5mzkbL0PTWXqGn9Soqci&fUyy*kvZVeANee!$D{Pl&bpl& zgP*1fP;w~C8c^RqQI4#$b7@d&Xdr1roc#o87)GpNg^f%9IjA`}qqq2F9iD*(h1ax9 zL-(NuXx;$GBnyyR8k?iWR4kV(F)yJbQSgo=RJM0qIjXAgL3m4rBNaT<1*CqV2~SJ$ zh48(w>4kI#A`5~`{(NwmVWdHlw$HGBH8a&rbhF!^ z>H_9UprOLWv0yS9=xdo+S|!aUVa3CN-yq<{3x@JkLmEM^G4H-=EcitQauoQV6dGe+ zm+Rj!qB0lARud}3#SVQq+-y9un$lUodtfH|s{ud8S{IL9i!eZjFD#zZZW5VVsHec3 ztx`gB#?Mi3hK@q`Fz$ToA0RsSJ5bP+3ASSaw#63^hs;oZdYF%r$UojIrf=)aG89m# zsnB+Bx{?%3NLCn}?CY!Cul(!sx8qY64@bO))1r!iERpAKk*o6)=1m{=o~1fy#z$@~ z^q=fApi24!(=ZC^A7xC-;?6$Hyx>2-`PMK3xVR!AI~4;}`WLa&nmKSE>)08@%t2xd7+bGA$L z+)oBtWf)n)fWxfOR(dK6w}h6)$inuefb~MboZ7EQujd7F>8W6Lp9;DY022^Tk_)8` zFsnpQg-JrZfF6$t&)bpoGndj@8?07 zi!3b$x_y3d-AzLj5ME#P~0z1{-< zF+ahUVlbd6L0L%+BUwi2_}MM=hTL`x03m@7FLkOO+mMlDgRd6@(`)O!U%YxV7*QS zENmkFM?^m8DGV>kWi^a%M@YvU1cE5mMfoWfQic%)tzS%Q8J;XASZc^DFy2={mI|;W zIN@kuA({ICE#-SPJ@D}H$^T#A#JW28&EY45w*FT95CtFjFcR%?S!ujfs9OO{V&hmC zMx)li4E|~SXF=3L5I!;y?$Dy~%NVGJXEi4nptXW#tb3+Oa0us2%fhzSm{thz#s3s> zg`7{$(Aiun4~sp4=5L;lsU9yU1;2T6mJyLjUNN9*U5i{@+H9Ma-J3)YXT`znVdZc;94O$?Kond^Pr>eFN0zL*{U~^C#)Ciq#D&$k{TmzI=3;yz_CFb;3N9bN zAF$p^<=h!GdRW&43YL%5X-e;5 zg0XzL9xD{#YAULPq}*(B(UkKq6~Rsx4PFB!5SPY;O5Eq2l+z}zhY~{|t*i!=u-?r# zDAy2n`~ZIy-<7T3Qwr3%Z!U?W!>*X0`;(PST7|!VV6AlX^~aK}-)4>*D4^tV?V2}U zwX%m-qcJ4hE97RcEWJy#%{RA}mX{Yd7ELuRkB%jXUMCsZnq?3Res-pfZL&VPVg4^b zf!WA!2v)9#*m#SOmuMG@9@BaN6zDf$0jXb;Z-{4MVN(e|298se zWEeh5It?!15ss=)iYw-4OYaUVqyjz0dVJ@)ElgD_t*^$CS=#US)B~}WUl`0d-XkrR zdy3Ag$LH@)jw-+4McJ!SsvaF4937k^fIetfF$te3{p_yN_fRKHCm@>-=jW&HcLAFm z_x2Tl zBpBc&0Shk)S$Ij%!b`#yUJ|$vY*|_qy6}?Vg_qJ_4SQJKvRzN#Shnk_v|`s&Y1Qt) zN_kzn%31<93CrNZm zF7zIAC%zleFgPpm6oWHh{OGKd;9bDC01S-{kAD?J5GohVQL?&=dNN59o&^hs!OWd#O~JG!eJ~|QnPzFy7IP0?lA(^>sAk1WDOK3H8O|!v zb(lyVwc^-}|2SH%`&EL{>u%Huuz}Ja1534k+UTpq%nqvf^KU}}Ommi4*coj$B4|6` zO#r3;hRpOIOJG^VO4}s_Lhb^P+{;`7x=YJ|MVn=08txb@Hk)4Ay1Dx%JUtXYuf)__ zxJ5Bz>;v)wP`;HPV7FFN271L+mf!ei=@tv*+9t9A5aK-qU`8#sk4r!)w$zaze?S%A zd}C;h9NYJEt%dmi5Ri^iM=xFq)zIL>=O0jpNo+;p`cFTW><5Hy;Qk%`K=GIPnxyO} z_Y0S}W!y-Q@B*eO78z5o?7=NPagH_WD~oGO8zC(*&4UMjfqfm`SVPF>C{>hB>bP=# z@N>1Iyd6*!Sc|)dm7l81%cNB4j#!vAxyaJf&5IHP+>BCTvxuiWC%-XAoP zP4`7SJ52art=ZM%%I;ycetJ>+AW#s(601xouFV>m8SZv1#^v~w?!a{Sjv#M>fn}2# z)8Cax@mVl{V9+BhwcPrD{r*I%rRpv_?r^sa?0KA2bd^;4&xZ~845j2F0WwR&&!9QsgM67d!eB;|B#aS?=S)gR zxE;vQ-vVA9(XdP@yMw38=nbhp;SZ68VnFXW8`nT1vbtlDca2=FE-BX`UJwv~Q?7yl zp)uKPLVOq)XOaaFFv3DtF@z|}_}^s;#2i*}&x5#B46j?Vn{eUN#-zU2?bkmvCj3zf ze^v_oCx`~zPCm;z)+`){DI>yI;f*O;EMDlLVQe z-|x>|5CMCOusVdIa2r_R3=zOP%)(37?S6-*7b#MY39PUHj~MUfgQJP6y%| zUbXk^4jki@$v%nxE0}h&0);rrz5=quG7sS1o>PFH7fEHn#4Wp?#Xp4K9S?Z*U{92$ zayPbNanlDZz)m`%Hl_j!5&HlyjP+Y!pLfTM3EGWC%oP=-u(X_^Ik1VLcp#gl9OM*g zS31oE*g6?PA1!O-xOMZ*io96(GFboybsXym*DNC&h7n_tn69pW!9U z3`xxA9=fCRA$|PWiUXgkn`r1l@%Q^wB)2TJZrmIC@S?#FFRtVt$e|5Bj`X$M#9vyI z+GN3}MH%nWeL)dR(hPZvJ894uI5iqAAg3lc3COUwEHsPZ4p~FoeUF;@TeJA+BWBXd zSoO~dkcMb3Ed(K=%U+g1aW=f{lKa(*_TIesXtkEw0XuOt4^s`rVd9rN*klHihDcxQ zj8CLc$5L4x@am;#!0RW27r>D|fJ}q6l?MVh2QIyUFNh=(ol`O&9C$(YjK-#sjgD+7 zj&Y`o29?`EKQSC=QxJI<7MQ3*QQAoNFzhL6z>5|@Kv65C#y{5@K9|{vjUQBh_NVY@ zA8U0YIkKStNO0pcDoQ{edGX#Y%Mj6tfL?gyG^(@nXA8aErZGeR)E>v^C^tN1y~5 ztJ(ns5{0Z3L7uQ?9mTJR2+;@N@9Cza^2*ZhvB>fji(9K(0g;Fdc|u{@EK?vx{@4ET z_`LmYaPogp70v&D|M&kTpM?XAF`1U-zQB>ebHN@_zJj-wYbtAf@>DI>J><^7yCTz` zoh3V@%g5Y76IR0Qp(qq$OzyH+9%DCJ4i^`YOOEsu$3>}+_M{OIh-krnL?f6~qgPtI zUMOX+rflA+ph*G_(j_J5#>l~m>y=dI2_#wa{6g*?F|pEX1H-OY^73~Mlf+rF!&?r6 ze$;>*z0%k&*{&$_B>rsu@UpDCBG)j#^KemB;aw^k5j%LPI<`Y zS>?x`^^*+#lI;IbE?e0??L@SH)2V38HWDLV59OVEM|$4)kfwM7WQY!aNAGo|5agzHVI}2>4Py#BwoWRb}H#lcUCaT2;+)fRTB6y8-9xO8!N{ST$^77V8|GKh_cBID3y!6_H6um@9 zFwcHRnb+WesP-%=eEpc1{H{OI%Cg4NxkSB8O1ifT-$1UMO!A%A2;S&HTdm zFF*F*)(M`1u7Tw^JSEXFag11Otm^`0<^$NCduSjUz3;lQ5E0q|eu)Utu-R3%?|C8_ z$oetU8Cn#)cq%u&jNTs$%syl8l~r6WXgRFRo`Ymim18BY%>rf7$FFiH@NHIJ^kr1# zu!=q_g#9+SJ2r8lYq6D|#tY{s`zMBqGUCb!1rBAIJOt-hkdBeM z#B3M^CHuIAi&u><IzC3M@=x!5j%ks z7B%QRx3g0TbOMCJ#Yx%>5eXzIDSXBRI*y{0&@q0--9Ki*1#IMHBAv&ItKqgf&0U~X zMcE)n9ro@Z^55*U4k6F1FUZ3NkKA5MV!1oUk4#Y^9gP&jMds0Zy;LYKE2|o5pHTK? z>>C5WUxtw7=b~y%usoKvu}myuq+`foFXH|&7ABMdDFip(paydHR{}umW%7Ci4229W zl{X9Zn`KflqUq{+|M&6{xiGs=UgpLqJCR;#{XRkJWea7)%Wbpv7POn7*fQpEvo{<< z=}FdC?-*bhc#!uQ7)cQ51Brdv8_vo%q5Py)u(ioHp{en{(dm*Q2Z^nh`!?Y^ZUFtH zF^kDazq=`^?diP;+~6{yB2*SclA+u$%+G4abId}(4%!(5K1{6IfY8cV+LYDr%PXek`b{n-cq5%{kj>Kd-@Oh1NKRV0Q{2q&+`mp`7-mv+ zw#)p8>{QUG5n<;1ps&Vv>L3Pn5!n>1Nmw%&Owa=uQmrGyjb8TjfGBEEi*#+kP)1}E z%cK*d?G@!d0+TiFG|!N$+13u{H8hChv#T7R9TjOko76kpDT;T~glo}db+j_0m9mWL zO9VySCXs@|r8be!bDI)P2@FxjiQub~0zsOihrj;KKPrz^<{ukmzQl2BzBUOR;gO1@ z%FE=MVWpn*AK`D^22f6fxK6QJD_Xy#pg+n2K;}bvWLyaWX+0{GmkQk#!3Cm9{Xwi8iU2J^OVt@JpSYum@*pMPqWRd^+$F&XNbG}TEY z%Z;c7XOE~u6Z3s0XJ$Il4wLERLHkRV$Xf%0BSdzz`_iI8XbJX1!PH=S704rkQj_aeA?Yas{`3vi`la%g%4Iw>@7vNEQrAv0DNvxGrx z*ca!hV~?^sG1B?~>ty*%?dIN|U@k`|k3pLKXspRD(@A2t<=?@WmnSD1$*ptgBcS?J zMZe0nw2F$T?g(4GBa+n&!6MMQ)Ja4bm(cpk^W_87PLL-U(9zB2$ZOC0tL3-^KAB7F z7dOCZzkJ+hdAn5@boP`W%g-aomlU!1ZxQuXq@ zrV+rX9Sl9phL9}!naqymA?J-!?$eES+BEh z65MGC5bD0~%Lif@>f}6@Zqwtu5vgk=mxwe*_YpwI5oRC~4o4(+enQMb7uG1#pu@cJ z6Aij_BDO7^$ixpmD4)fO7=_KWa5Eu3;0}>~F*)<7X0ANzq@7NLQ(~kwc_^9Rnm)h9 zbOUB?#he3XZ|MV?-)vnV@1rM@TiV*(AdBPq;XZ(tWPNX0*l7QNd+fv{Vi#wJ`3b(7 z78V%pa27Uti0=`?bS_jI7cVpP-Io(A5xCPp$Nli}CBZWQCfHN{X|B;tX^f63LyR3c0L*PH|>g?6%q4NV7c0325y7euo{6ujb^bc>$?IM^F?>b@# z+p9L7=nb-<=jft@6$}vsamzNY-w?o;fgiCxrCowGD`U2xU&}BK$d6Q7;g66EGW!$e zq^lU-vkr|vBR2`;u%MPrUisC?__F#VBE))tEY}=IU^0lW2U*IhO_tnSfa4HL3GLk= zSP^$N%s9zGl$;uB0a@B2e|a5bK`XJtG$(57tRf+2JTX_|wl+i-`lo|6%p`e@?SnNtc=9WDtxoJ;Zz8=ZJ0sm>>d}J%6xe3-+^#wq?rSc@F zI?rBHiy$}PB%hx63LOzUjpa=d40h6Exk9a!OyRj0;I*_wMDr$nMxk5Fi{WI@kFYG- zG#clO2-(aaY(0 z98_d~U*A|=Sy~U##;|U~hUwL|5!uo2S<2{A+3?MqDQi4X`axw=ArPOmO=yRi>qAm^ zh)cV(UA2fWh&*vf)m}f@{f{!Xvwj(2Uvt}1t2-7SEkP8+fGH=P@4+~-VvyGR&i>{T z^Pz!$7BktYVZnA<*GN)qjslIJ&Q5(~g};TbafZ+Teb&dAWizM!u0X9Dp!*oDZYB6a z>9VC@xA8aa_7sf@8KlWnl|}l9ZQYq;HWX>`@aAp>c8_t}OTq%w#oqS&ZQ>{xMHC9=S06$Pl$F>3oq zOaejHgyj^@q-@ezuzl^#TplT!j}BYGitqGMFsWT=9{FXkcFX4U>T zS+BJ{T<@%P!%L4*I3S!wh7!Jk^Aozdx9+J^IQ7~yd5WGy4Uz>5A(~GE_#605@`feL zT8Zn@nOQ-8W+JL&T-#Z)uJr`DNv<=q$wRI&f48;Z`SI3`XWqKC5Zdm4OGbL-?5y%D zws;?fv|Ff`m?TT)d~jv*+^^DH2=~ykdCz zanV6hefp)W4q4tev$BOV_VM3yKfK=lap6_@)5q^$PZ{YyeE)X-8DD zj4nzzV(F-|=VxX*l}_zU>_{-Z*=0EN7J_L#qhd6Z%t;XcisnkY0>)V?aB(8_Nw*(O zZl`m7Z#|}WbMs<)Ic;w@AhI5_Kn?+(FVgZOU#=n@_Z?jLcgZ684jl3wdNS6*Xe70> zeZ)%ya0jyfJ-!R65_d_y)W#iYe+wjiC;aVNf1|_arenT-i}i6Ofe1y}FlY$~XGHA{ zN7QR|5XkV(2X0(j9QakR^*`O9QO{>S5TF+KVAe+?m>HtoWzTqCD1`gSW)yg>22y)o z6RYSmmVzsx0+?YDsO1~velx$V)F+GPMSHhAw>kDL>Nj8TrTITdJ z#t0TiGOokfjl$Nj%(x9@uT~bS_W>vPSwszzEv4T?&x9f$n;0AdmgUSfBl-Zjr5o_K z!jODn$D*(Ks|WJR=z^Zacv8+d8SUx?cBkK9wSxelIs9*df)~&1Mm&ABd%rC^9*d!1 zwT4Vnm=k(qnBlZ>$-5xNnsgDEScZVonL!|4WYj!u#^;GC z$Gs>aQVf$8@u4_pOJ%^vo3|w?VsJM-s;|Pn2cwp=A-hvXqIY$BbDow2~#nIvGCxV)9?$%v%U^|!LO|N6K76(K7T4>LvomY)k}GW_*( z)&YiMhb&OqRv}~83OEB46%mAkgLHT0y88g8@By~*sXT95LPbIOnLve zKB!wT7h6rl0uaN5;p8G3+<#Lu$TwG4xh*2O`Hoe>-CXNDy7HhDmS1lx-W1Ck!sc~P2|uZivHh4lL`H4aH2M+#x{ zF&XvUfHH97{2TU=;%>xltEivx((ROntnJ(!9ml zup$$$!VKlFZ||^nurCV6`>>;f54cJX>3#$(Xrdrdt^_}TM48s!{qkZazyFOrOK{^w1MTPIuxfOD%v&eWyRS$O# zmr_3)NT~PR_&|y&vZP^G=*l|~wA=yA9=11LpaYUlTX>-TI&^n9wV&OI8FraM#R0_A zpZzP-2xD2TDBiq)F|3u%PBpsRCIqY&f~c`7kKvC@c=dPH)XExJD#dB4sjMuZfz z>;MeB|Nj)(dFSnI(D7kb1Olc*7>6|~*dV+VJI#?F#5~rj{C>yxm1Zv{2o4PkA}DrI zPHTlu$f%?mGXa$+WF_F7ylze2nW1zRl)v8X=3SP!)aWF(K`rkGus;N7fDnIHQb@! zK)Km`#k~INzSU-MHJ)VvIz3E=V(r`zMXMq7!}m^YeHJQ^1cli`Gak#32#*qGjg}Y- zURc}oRJ@yuc`QSR>)kRLv0=Q1a!-aIiWQ_wiC)bqb8A?*U1{h9J!P_oQy@b)#k{(| zDSbP4|842d7lC0%0ANWi{q#EK#}ad?|Lmtx^~i)&YLb#!%{gMA3uWI~e$5|V&wopL zly6_Yz+xrtuG1{di|~8NDSU1nYn08L@9;P%Ry)cEEOBS9APA?>;(z^{e_9>L0BGR> zG`c26A%Mbsl~d;|hm$0~ff^L7j*Fzd@3fH)E2{bC<6li>#9xuzEG@3Du9qiGg8p=B zA!+QF#lpj>M;I?{3nrw~<>}KEo#x@ltJ9}z)2Hjx-`$u#-JJgLmQEGkYH!8m6dBH*mrmUVH5 zBBg6?@*9bBTBWR4Hy?jb0O{ z4OJqo)ANp6uRkCZ;07UKLB=m5mzFXYA|Bhs@6#Pozm)#@{26kYbd9c1`zQIA;yaXI zXYA6I+zOC5vhSe=!5uJF@dstv%Z0C{0mEFDl>bv~Baoq%YEE5&H zw7IsiwX_(r7p2y*>sg?&oPr9LRpys??+QW%D8y3lI{rOLaLGj=Gg%gbKZ{suW$?c8tj z2SnSR9!`TO7Mv7H>~R4AK(mr;mLOXxoMZfpUEOt+9iT6+Xfu8TUyQ;Au-hJYS^C!T zKysZ}*ntwR^#e)E-}lKT!N5!&1lcA~);DT5eIC=w&C>uG4t@7AQ_2WY$mTA7KE15) zc|x^-4&!Ij+3@+=m~BX6|1}r^Pg1Wi*|3*uA&?m(`uI?9ruaT|eja#%sGhmF&ka-k zJ<`-`@HnVvo%`O47AsZDG{gXi(cTO-N>A=Qc$c|F3=I^YLa)Q$Sm;x1n*=MNYHpxHpJ( z?vsmiv*k@Ya^7WezT~_Jw{>3C!j%C|K>|82_y(#^oKN)!&TB5T0f~~?3RJ`9}n_b_nMd9I-0^Jb}=3F&`#Lq0do?Y!W3kg?7bl~97taXd_&7h!`L_qLe$ z^}~4r4tz0O(*GXLx#YPrVF^SRJITN2M!70zLLfd;okrhY;YHB@jWmdO--Z_o?KSOJ z;DvYlKV$v1pU;OAe0)!rkB?<30(rY;tp6AP)pdjINa_x)uFl7wuFi&^t}Z5@uBzFm z7tuIiDR16xzsU1E9S@i|*qc*?l%oXELD*TCvmKoDO8$u7!G%BOP%%T<&sp3_t182} zfIAcoTReXxb)8(KC|2%m@aTG;Au1)wl+}R&t;?C{M&~0}W|t(-vvc2;EbWm(%J*wn zS_^a}lN9gGXhy*Swx7jF>Bx-Xf$5LjeqtLm!}=FNSv-%ZES+Nx$OyD^=+Y>9$l(&~-*s1s@>$#YDA}^f;rIxC(nwWQ zl$yK5dB9UcV@>5jF?}&n?P3x2kVTfW6?v+b-d?HTE3vry{5;s52^o>z9Lg5$%^oTK zu{O{o(vVNm8~Hhyi1Q8-3Ru=h);deKf;Z#_K><`R-3betB)L(IZS5%)(jh2la(|*- zA6|!_O-50KHFAHS!sEwtFp>F&;(63c#q$`(63>Gh022#)2Tuy!oZvtiR~oTH3mRV2JMl71uY*zoZ093th`?l%JylVkQ>+pao?k=||P! zmD^e8`caaUS}qR86vAZ|+K5f8{TMwKd!66Fj)htm&j&OwUz8q2?@NHhy@Cmm(0?*s zgG=%GyON2?w-rJc9I*%jld%2)kyn}Ippi~~q4R^&ht(Lm8P3vsEzm$t3(aNPriebmD<}3ToL7VVFP_t9rvA=2HF+SF zLxf(*PdcLI^hhz>i}NXsA?IQwQu{|x#=8=mL(sVrZfRCEdC~Xs=GgvYE+KR=RLmq@I+(G#l1Iy0|yWYJxuhu;N%M66~%w6}Ry_4Ou zN-@R~l^RV-P{he`h;M+c6f&!7=Rqxx1|!|#4mdJyctMg8+myE848o_YEVlV492x*M z&shEBOM;^ZOB6grl>{!W6xCwYW0Gv`RqMZ=T%3_<>+r}#ST(U#ZjSA|JFFtXQ%n~M z3^`NY!5U0igt?APp=%7@_ebZ`UwMDNJ5vE6A1r()qJ+vMjn82m9f^6@Fp&8>0w~IP z>rjy^ygX$W`HYpvOJXfcsJm2Os-K}pIykHDAM7464-;2(Dhd1I%EolX>TJd4+T!#l zHrJMCE7oQz)@Q%6KKqsRmD#U+agFtZk##4WEKDvM5Qoey6^Ri-mH~4^c^GnXQ-z?3 z&@k*nA}glSw3H+0=!m&c{^N#Tk+b<=N8}s@`4<&unw-zWjOO`seRGZkN2gUxd}Uh5 zq`-`0UgeDt^);5QDrzk0d4=3hKGMCfJ0?ZD#v)@8UIB|}Avhr}Ou_7MiI+^Jx_1!X zQ;2S-b^0B{CCpeCXEg;i?^kPkRdOOQ6NT$|+yO?jWPe8&2Q~ZJ<b#;x<)Nr(y}-)7pi zLw1SiDUBK3!Q^XG6-e@@CXL~e}-tQn(A0!*xnT%c#L zk(0J?IVSxK@gQS!%3PsH$a=5mK7ZPI@$sL*l~w;(Hg6UN6ARA>nhW=)w#|@{ao+7e z%hzGtkt$d|5wHn!VyvsebS2--J$y$$eFQZTXl^95*h^FfmI|z)*>`Aoi1~Rq0gDj3 z;9q5U_F5*AFjxE>*?uki7ws9y^8#e@Yp4^(&~OXc%Lp%$jtL9Y*GQ?#%vEKoGRBC> z%u?1Nx|y_P_6gIL*(VU2rB7hlE3AUfPWXp4&&QYOBkVQf9wU$p;f)C<>WXHlJ2>e? zHrkp1??&f-L4q_sA^8bfsVG27_H?XB1~ul1cFMRV$^^{R?vD7Dop3F@Y?k2ZV~l0kIcq$ ztfB1frJjZ93<01DMcXF?8qE>;AM^k(XDdF%3LI;0T_gdUoJbg~BdOLz(zAO5qNqWO z6b;5sl#*;mI7-czp0*D-8Y9GG>jPoA&f>It2vZy0(0-Y}dIT1)C#cg1n9=-5yn~HS zAn(Mi)rgjC3SS_XI8fbfQr4N@!o2$5#m!x$>}xljuMvZGI(2w*&`gUJ-Voze=Bw{%qriF?va-fClqKtgrtZ-ETX!VV*)UPry{^;?5A6^Rw>P zGOL`Rnj7?^nx}=Ca4Y2_+Xo+GDzZel6gA2c?#$g?>}^>3*WBn0ZY}v}0SNP^39u(yxxpYl-5d8S^l=}Y*?3%^^&!~wEUWk9t7=UXC zU;Qy`1E{|^&?yT%`Tx#7)MTfCQ8bOfr$_!ps6`t%Ov%<*Gw5eUAmj6AvBuwgu|~<- zG~kgTGXdY5r>#F4fjFBt=4)Ht+FV>-S;nQdu})kKXohX7B%>%qm&+)dHpcgk5cJ>g zv2McEt}Mgq?=>cLHrDETg*~3-lT@4xHo813m>%53r76RvtT?L)TsqP%IuD#j6oQ=( zD#Ol0@TLi?@{?LPLQOH=!=TWGV%d|AZF1e1zUO`6!&ChuPIQ}eHI8+PiFv#R@>xLJ zQu4@vkRhFWYhq1q;T0mnJ!oU}?vOZEWdu8m@f7d6zjvqahbKZ_SHw+pSV4aV^SnmH zL-tZJHTx%f7s?8p;%X|2BTVMhH?;9CHb3)T$cv?PTr^|ypFyCjrszSlbX@6zfHg+<5>n4qB#=kUi;9%wbyE3wv&h zudAUWj8S8?{o|ms$YUnJIssfoj75#mY2n$a`BJzyqh;eWGdePAW@K3>cca_s_Bnm` z3(iWAl?G!?!f0MLzPX||#f;!7f0n2FQiSJFqEGCpvv)Q3P@tA_YY}9`s(=p^Q(2@G z@jS9sr|_oLOaaa_3sf*pp!8qtnbJz|wH10@e9S_stq7Rt<35$}uR|!uItd{G7t+?1 z=`;S7^ch1yQ;5fErXWvV6ETm~Oo1MuAfQD7!Kr2%!l`B&!v$nyU-UZ+HTK1+8du&$ zUt5wFh){tlPJv_F)||0M!DHK{i{qb;PcDz^!4q1aYnk>z3wfO$Yb;@$<7P2Ba>@k7gI@lAF@?s@>)ghI}LX? zZLAx)s70KZ@~-&~@!=5bA@dyNQA=tGxMMl`uyExMX<-Z}HdzAq+BM~n)B z&AA{o3|kr8tepm-l;YTV^&Fr@COrW%re#ke6MZk{1DX4biGd0lcTVZG)!;qwNG)z& zKFuoe1*cN9k1-YSkO}hC$w~T1kd=jH;5xV#0~Y939!H6|OapJ~ur|Nk6=)U?ADUz2 z0l3%~GQyYJ%rTRmuV`IZAowe4Sg?FcDH*h#rgx!qWk&`0`= zb^+!d8u_=zmhe!vpt_aWjluYrWY40A1b2d&Zfa8i7MqG{Z18pr9Ni4=Nxdp(17w>; z_%uo%u?da({zxXUpt%zowAYG%pnJb?s^|g61(bn;Aes{9L~$Lvk;r96a=Id_A}R|L z4ihpo{=kG+>QRP)xSza+@nC`HLMW^@%wO~)h{t2#hQvimSRHWDLc~_R zl%v>dG%ZYj26hYmq31F7&z#e$(>0nlL(O(c>fnIE+-p^hh%@=I7>ABQNA_m)iqhK& z0129(WV%lH24JR|M^@yCHkEakPl?<`=pYM8!aCU)7hb88$0((3FVeTLGU({9OMj*s z%?##IfGT296uW<&v9%zt1<$+ZW?-Ppdh4|qut58frG5AQJcX{#BpdWtBinD#;RXAR z5Z%N0V}|54@V?mPq_ZugvM?BSeq3H$T;3K2lir{J!a`h9p+=#SQXr}yaC0c^9hX^C z8kPl^*^kkonE8P;2d9O|q~N?Q)C8}2gkqXMwrvaWSfj=+X)}85fv!n5$Q(5%JXn}r zalA{M$YjYHMBg+2lxl977wrT%+RRMA$R0NkHiKrFX^Tu)xrPx{^W0}-jCh0SSYm}W z;f%5|$&m@M(ztsKwOBx z>CV8UJ;XKQT>gdNmWJbeja%+`7sUQ&^c__k1;#*?nftffR(1 zstWL_LlT4OTdnpVq(vjO)|hB4nJptQCNCxuSn68efR~K=;;~GR#K!`JvOZuLL9-Sp zreaxmry$d`FUjx_LAAGXftjPjfs9}dc9K?ak2XRXh7s)sLJ}Vys^7>zbc7i9ZgR&j zN+Q>j9n?Crpckr~_s&&pR2i|Q3yX#2H$I5>oNkGO{aW1ygJTk^RSxSRgOWU1vdd>)+E475#EUh^S+ALd`zM}e=2Ij^ex9vD#39gR?-J8h zF-%mYwbQ2+>)|qE#R{~tJ?8A#={591mn%S|xXs8h7HDt!u`wO>gAtPnqp|d=|JDmT zhOmm7C#ry@a(qMY^~_5}fJ4V*|GG=hL_j8H(YG?e^qzQS#1642#kAS>xYJ-VR29)= zs>*w`RmFREJc&k;6(o8+$W7DBz5qi@i(ghP)kpz5^E$vxvpt6@<9S52F#&76cN}H3 zK+NIh@B)w&JT<(QR2A?~f=PVJs>q^Y>Gm9NnMVhMDSpvlk%5`?DXW@>K~^=5gM^G` z;GC*v@SLh<0G&Z9yMy$L6vE|Zt6+>~tBT&S@I~4nJy2dH4_QdXQ0QN^2?5^IeYFN1 zF!P3ZJafFr1qGz+_k+#*6CsuH`)wZw^&n!p0ISjodye`Y1=Q^6+t zfB&C5gPN*JLF7OUqD@p4nC9r;Qk5GbTHFCBz19@A9J-s$_Fw_Xjj$^uT_)MH)-jT) z$<3uLXPBb{mX@tA$N)lx#A3Ps6r1s*2RSwR?#52sYVNRoVkb ztTr28%W$$feX9Oepz1FbMSnRWRQ3YW>gjRniykzFg_eX=Ex;~*wyAJ9hl%Q_SZQt; zl6P&=pYgs0I7j}ulBdN;=nX>_na39pFMKSbK7N&!GYB55%rP-tC2t$oGT?__zy6kI z`HTPRZ{(NXVFF%6R0Dm=QK23k>V07G_fyB0~4YLOrg{dK$z+)#Qpl1`8 zh)eIA8c5Rju=ka3a z_!QHX&7CEM#Tb8_S4Bm0{H<%SHlc;;_pz!FlpCu^;2?dZ^0mY&bMi3_fre3Pr}a@6 zVtr(5P*xm)TlHVYRipFR?cd!^_xl7g6B->^&IQ*_I>uz@c~R{u^%(eMBEObT*Hhv?k-u9UPM+% z4`KX(&>*oWYWk40!f+(R+>FfNFSI(|;%A~Ta@e@CvAnjtwTQoOb$w|IZ_4`enjCwK z^C^3v@&}M$G+nn_Veb$L5)n%6Uc9$`V&qYf91%0W3pg_8g6cpieTO<$b;;kMQ-Yzw zh?n`jrvL>rVdEnP2~|)kT`G+ zT^xii@jx&*D1U|uB#UV+L=TB?QysUeM72OncIOQNWdUza!M}I((%kXkh|?Wz`ioZG zVqF0z@*AO{oRkm0;ed3M|AxRLFob~d=NvuyN=y5m;JC60mUMZ;2Dy@^`a$km%gx9C zAQYXoep8EELwnmR0bY<+9v*1BdZodm#WA3o#kP-Fu(*fLadMdDx=re)AeG?Y@fgfg zXcIMAXq1DNwv{0W2h`sB68$Y-7V9)QPRQdehZe~*hE<8W(H^35akZa4QhLgrkk9$T zwG1_f4j*_UmV59Wal%rjjc;lwF>=D0s1f+7>AFV*-Q+6$N`FzEyKD1zNu9e`3(riQ zhiD!#8I3I?kb>7H_xoK9LsDq)REV9UOASylO8eJD7h1uU#M3y;3w3fPd7Z78GkDGF zW&oSj%^)_b^M*=bOn7Y;gsN^9g{Ha!3{~AM4h^tv%B>gb!X^DVignSo7wU9Lisua? zfM-aUb0?U3b%@d?Tbl|8oKNu7KTnUDU!iNO3L4JxF?02<{pqUGFlX6SZDavzj3M`1 zxMzV)jK|*yqqKn=j+UGfGIV2dNftAxNhNzQc;htdH6iBNc;VX8-%Y0K?(PfgC`*o0 z?YKtJu))|P4uS~PDZyc=v}KJ*zG&np?lA>Oi${o`Li~?q7Q#85)D~E`38pb1x@<1z)lX^Tq zoA=I`)x)us0!7)ICq#?jiAX_cv5uC&?&UJ{{p3=F_>|%p&!WjPc|L4Fo-x>{oCMuv z0r(j?Vz({fCd@u@StU;w;#g2AyRw$tFTm)K=GP$BYtpmC%!0{J!e|qRK}Sc|XomPU z$D$+fU?gAPbls6Z8Iso&NEBV`(dXWF>5K$~=6CWb zMH68@ew~tnkZDpGykK{hYu!4czqK#|6?B@wlZJ?C#tU^JzAR4D}uW z>P)b?dw8<<6T9H;7c`rvm9tva>T2isL;Us7hR&9T;H&$lEQV~jAU7`N-jFSBq}hDv zvcrh@n?cjk#u8)ZyyTQP0tqLcfu7{lS62Guab@m&hG53hvQZ)@-|vGiNJy-S*A9kD zo9oN#t7|yzmRA}-BtS(aGs{e6wILgSrs=B6BK|YcLPasAaA82LqsXq)BCjHo00bZjx%vuXH{_ zhJr&ts@}7As*uD`2_Nc2M&94x1guvjJ86*yeNSPRq$i2#IkyS^Yl;JyZjdu(m4wgs ztXq#_3c`!26x(NH;sWZ;eBF~aPgmBe%2qVf@-@@vJhnrNi?h(sDrd1_UReN#Rym6fHUEDBa|@L@&J9?Qxu&4&43*P9%}^P=nioNF z>A957e?6@ty1X#{(FAVM6@~Loo4KakOLb4iH0#k*W>rO~>7{9TfhI6)L)aQdxhxJT zw>>Czb8YiicFuw&p6(%6bBimjPje%dwfU=V>uGzg_37n{7yB67&w~je3QQ0pmEXQ# zkEFU5wTyUdB{2Jt+$qY6SAgcvqB-rt0;A0$$ zVN~WkjM7Qp^-dj@)~3@chBnM{QRp06`3N0D{Fr%K6tWbATJ{*&%*bInfLiEU1ysm% zGRSI;p+7m?0AYhfbS`_GMbNNyGVS(*pudbQlPY~@urg-M8ND$u=*b8y&7p~kH>qWJ z;mmd;!cp3a&lgd&g75&!pFtA0&`v27et?^n}i8ZI7cq7nOAIWr#u(E zd){SW3}|;lI-t&IWZ%pBYn2Cm(x_`W5B)@;Nrb#}QSKPNLC^S}7Ufc1a(vVJrwGwM2AwEg65G3|QTSunvPb`JGj$JoPFjp#Y4eC`6N zF~V7uc`HaEY&R!=amF46|JR&*an4v5=05s7xU&3F>6&IG_ZGuuen?-=BlhuuIXgsO zA+LI+m-tGO(Jr>g0+d%F?MCH#x4GBa&#LV&GCz8bj#WgD>r2a<8!L+&8!KA?DP`eE z8P|)f(VGe=ST3LGrP0yOtSqoHR#NU+GtVR2zCb}Khh)*BVH!$Q^+_&>DXn@3#}5i>6F(V41Ast(R>P+b+?<6Q!LltpPZ4??%=pu+voc>(bS6g zY(J8%aTUS_9KG~hv=SCOPr&DHDRdo zTbzEWJEV5XMO9S*XE7H>5zCC3+kJEuTIcw=3(ZAb{ON>Xj7e7ia0kjgCHDps=FI(` zf(Y2AV#fV&rtDlYJLKcH8CT{%4l8G}rp1T0N9nOrzKb(IHg<4SYuvIy%53Y@8iNw@ zwHf@vGZ@w|qfcP#3$USWY0du`ol;zk zA|Qtu$Poa6*XqO}OuB-hhA$98u{MVY!VUDenJa|a8Gxi(Z(1K2{%opEH_WBJQkyW6 zKAXOq?l*uB|L$z9|DfL=PaHm*e$am{)cU14VTWXf-7NBS0K?E!Y))7OO@7FmoRv7w zLYQ5dpO-8o4ZUq0H0c%gj^)n7 z(jqt@Mmw>}At=BoGy5Mp&$h7ewXf3aF{x^zMJK_yFsDoT4TB5*O21`4s@k+OxK(1g z^px%(uFn`%VO17cY z-Aai6@LDaUs)U{6=C;!vmR?zo<)8$O_st5@+M%0Zcd_K8S_vGPUPre4QOlyhW5}FO zjtGBGnt^TcCM1KI>vIG$GvY*xO_R&Aj$fkAtFMzbL)(NMm|H8L2SXtpZ6XI{gxMI^ zIo>?ATI;SedNi$0QTrE8JKnqlO_UkCg-f{S*N!5p8$k+lzNvL$?+Y$DgIZpxz<_S6 zUx+-jY%&IZK+Q-exjFhsWW|AVGtqIh14z`w7VVXU#<<9LXq{qZfE>NPS|d0Ewv!wE@#x zzQDPbyUe0d>^A1yXU|GG>lTRDlYyJ}YC88l;EYHsl8-dG1N-sl5)0DEaNDkX1ZHgO z>0^9p%*97>*=-pt8BB9zmYTFXG>Ge_L=XsR{=hY0>y4i0D? zVZxuX=UDr*T!RGuvJ(#7X1bP7+WHxCN5)qSR7Z^^&OjFUf*`Zq2Tysom=ItN_6pe^ zt@l?!v2Bg-@;FzF@F`45(|C}5BZ8tMw&jn=M1>b(y{yR9(QuDY( z*tOqbT=4)libhk8umk`lM+|23lp=9Pr5MBJG(>FLicWpUe#{&LIq?{3IGp)OTS-tM zx~J=)uP$wYEA+URbZORIJf@98Bfr1}Mw4nXA|7g-Hqt7WW33UZaVq{g=BpQ~E#1F^ zzB*Y-HdojUWMzGAWpjONodk^1Fs6OCruzSz3NtT#d^T>)f!|a%ciG4l7AKj$GiJ8* zjIvqfobY{O_M~=nbNUPA6{)3(Mtm;7AwzWgdCo-#VV;|@x=^aL35=fM`l+r?SQloD z?dnwYn@!;I(koo8@Oy5}8T_hPc;%_jK!c$#0SP^8)ihVt~M zk9MO%-3+!J*=-0CFylqsF=tO*`>289V%(j@@gz7*^d-3jacCMD2b_zZrJ`tVR&*HJ zml+JKOo#�bE|}94(vj@_(QIcxE5_*32tLlgH%=Y@stT88e~VM9z%8=fY88jpW9p z`fD$Z>H>C5$swrziSyMxO-Ri_{2YK3d3>V)0w(|m#kO8@fkf^=U& zysG{RDMx@;%4sgMJ^(t$mL`;B`9u<_ zMMU%v!(&Qi8B+2q>!XZJcE@3gRH{d1%H|uUo4}aw_P1Y{p;VxRby1UGLX8Dn=xesE z)xk-IwT%18gv+*PX|(clR?MvbWUgGZL&I0lTEKL^`YSPsD>v#%_bYu)VaA z+sHh8Sa+Spu*sOa23?2G0K)4~?4;EE~=@oy8#xUTY zJ{iPPLQa8NSLcceh**e#Y*8h=4D%nw>JZfygB4@-UHOf>LYPc2wqv!n-hFaDL7*m9 z6V)MaT+~i}MXyK~43fprL374I3PqD`%2#RvEDK8^tBJbrk8~Q_|1LlvtEQc2{v;`$ zx}$RoaDN@+t|K&)@=7-xu~`r{CUm1z@em@RI(mHp9t!znr)$%mlyeMMgA)2wY*MV3nyzL=npRLc5;6Nh6cF1N&b}}WmIUmq>xvyPdM8!W!uO=n2y|Jhp4qv1!C;bE zdqfN7kPp$QCI6oa1dP#B!I=~(lEOwB0^efW^v1tLeZ~`i3H#JiBg1_nfQ)ZoGIe0- zGZDEN9+5yhd&W2<*NUQy{fX5zL!@CCxi=FW!%19UnvdaeB0dV!j2wEenrx{m(Y%5v zURwf7t46UnTg@ZoU4j1MT~v(#$@=W$nn|xT|7K|s5Zb*vXSQMn=~!|D2e$>h8PU7O zOQHJCCDS%lN47<`XSz}R{;ly%tai_&RVg7*s&-hRDP{3#?kV4>AY$?bnT=nm7AQ}t zIK^<-P~M)WXBS5fYHve~O5Cw&bR}MjiwHn7A*#Q!abOag&k9wUXe2o)@D;@{ zR$h#4idZq1*F_=a~p9G&bsaaN+ z)>f96Hka48R#rEcR#z>prgo9uSYKbm{G_L2**6^uR(o5N|Pebv056gG+Ln=mS1roHj7XQ5lb)}zLg(y)X!%E9l~ zAdq101!6@$EQ2iR`Bd*xt8+_*8!mPLKp{&sh;}wc@<>eJ18VFUfu-fO|B7vTJQ#b@ z$5}Ye1I|2DS zXZ2q}dwKmd+_U=h1UcTDuFnCV)qe%?2?%}-c^B%ZpttJN&la%vRDA(_Pt_ODH_cM` z3B{IryG_^Yr!Q(>@1Nh!U;Xy&$B&=BpZ~~?(q4S|{mXAbZBZUr5^M{bAiem~#n^mS z6nI=qM~2G{&l&8HDN^u?xut-)ef@k7#$$yG5~R32E#`Gh+Yja{k?BfOx8`kO$;0z7 zxK`Fh`JarSop$OOrebD{adnJSDXXv#NX6IkP!@Q}X7+xs_DFs-=I~P>HbRx&iGpG;V$rDT_<6Kr(H_yuyklgVXP)JXBQFv6b{n;@(!OvZOFS5{QLlTO z;m9U+0f_^!bwh&5+`e-Q_ak_RzUkp;OWKB^;*SO%;JA^K$A7 zY?5YAF^@e4q@#I)>Gd+?nzz0hy07`C!#y*MEZZS{*Qf_<*G^_O%}l&g(#RSyp#IV) zISOehi8`ZqBxz-AXTbAB>OHfEhLP!gzvtN*@v_KNqJiX)BhwnmBN@OE*hl9C<0%3t zX8q_w`&k~2Snu=DNt^umCWedk_8~dk#CY~*-D?+pIs7XGe8vaoMQiUp@8}43=w6>$ zHbs-Dm`vD&uEMUDvZ?IlyGxGSF#kEtE`ap?eENI>?KakO4d=|3S6^Tze}N;LoaCK> zVgL4Hnk8=HryXLUo7i=Q)V31gubr>hv`xfy?nd5X5lrDvRC885oc z^1h1)w}4{`^?y?@-@5wb|4-c8_QjDT*`9ZwUaUSvmbw{1mq_spqFSY)5K=L%2L@27 zYg7!4AVIVcNs%ClF4cam`~H5h-Tyh}?h%n0AoZR7?W(&ZNRNn&@NhRfW_HZ1*dVqA z6OS<&-#iBkRfd0yN#KG(hVw|m-AA->THRKcpY0caS$nQvnf};tkmz_#YZn*wu%j>8 zz`>eEcB(zLS0_vq=>S!|*6Y$VV;Ur~fz~vpCHP8EmdZVavXHi5B$nNo2)BvyHq%}j zoNx;&r%41aszJJTSJ|Q-aCZQ9cYgq-CB?3(2)ZyiH9a{svpqe(JTmgl?o^Pici=_wAMoSNI7ndZRd`NhepC7nSd?O9@LbMp&}v$LeAEs&lj zO63a5xHXAO1Fa}>HcQXpdM&9oDgq$nZrqVTmwuq+q#sAYSt zsi5*fEhxekX1xqvsT_$CCq^Q38W{eN8yfUV=V{c1mwqo&1=NC?llDqa=^w7bG?7`r zy1eWigjmoDL@g8TVIW6aDr@S|-u_AJz*ZVKK3I4DCbH+e)XO*bF{F`LG9h}ur_Wp% zh{SDd9BjS4G#Y?Ow?05zQFNdB(2C+zH}Dre)~+3Kq$_Pqn@pZctz)Hv;8%P*cy@e% zZ`5zMX;3_e?(iSTGv@p=V8j!jF@Cak(H(IR((t|%s;WMoS)h4+VrU% zU#wf30mBcc*=-%r>@r|`10`Yk0d-WFPQCLqz-tLZgL{&j?yAiaF^wt@_^YDVp!|fGv%o zfy#7Xz{W(I)leU3m<=8%_f@kSngcb%p*c{q9Aq}MntBaWqi*Xp2I|IMW1w#BH3mYO z#Iz3&Fd5ZA95`g~C4;8iPkB+*z)+|$4V3#CKBG({*NiVuXOsb+u`v)g7JuV1IHkPe z@w?$XTqJlq7y9MN-rnh(Js{^$R_IG-5@-vDOQeLTf5N|X{DHu6e<;vKv<|n(kFg(M|j9|lBXiq2(;RNoEd9Rf7}w%6mmYmY7tz+ zf~0*E&PhDWPO!=Ypl4T}hzQ=DZ|<}YkaAUwzJXO~&FWKD;6u#>aQ*WkzoGZ^bC_|3 zg(>Wm>^Rdi-&&$aR1ddzFf?%`@8$t97*iHnT#DH>10l!zz|t`=$mLe*k;DG`D&I%N zX4WF(M^~?ISHGp(O;+J%#N@h)(FwZYb4Mkp?OTOG9bm&QOaoyTrPV5rb&Xg_#0b#V zJv?yZtZXr+(ooeU^FZ|-Odx8Sw}o!!E&3HtMxaXj0L>f&g~iC)FxS(-5rgk604kcB zODXFqhXTu+R3e>L>8M?5Jb_`#eyiq6zoof4=^x>9ui_W{9#(8NO~aI6Q{|kpJTT&{ zQ0R`V>*`vdXs{Y}jtJhV!#dSiRVqkDVi>`cV;~4{DT-GN6$adz54jYeEfNRpeOh5%oI-y-juJ4 z&Dy6gN=g*8Wtzq$ruHwyDmEAFCsH#{=hS;oWH1 z*3)zI^VG4bS+1VM_baC6f$^PNw z6_BK{?pFqLsjiUd2=y9IKlCq;SgMqDK@x4%qb{o{$5Om;lIvxn`9+L<$oBYXnFvSd zc-gfGU9B$XaO^JNhFGY)1abj~A==tIFc7l(&E@$~^WNZgl1bwdmoJ63$Nc{-sG9pXf0qZclwFcBOEUf7^8g-~$tma}Q*$BmQ8Xd6}+B#x0w2at9 zZ8b%k#%rKn=(q><_yT1Wg1!z1PPswio?S{czz#Jr`E z>aMsNR_iq~(R|X@D7kFPdgM=z<VaM3xq^=r6ocw2*h_pR zu~UtpA}BRv<&N0D0n;MNk!|2Zyx|d(_DeqK9-gM2=*P~+;qtO!m`Y8M)h8)gP0Exo z2aXvERc50yKch4gvTAl3O92oy8UtOJEh81s9VW1v@d*lzaHNVoYc%hKoLWWZmvn@71FYCzm9iv*lx}C|?@ARIIf%@5O^tP_ zpqaU(`R>>^PVD0qu5PW%rbGlQ>{Yis(@v5`;%VHCL-(g0t$BxXSK`mEQ2T+~>V+qW zOt=)vkKa?=G_ry_;{$O9aBlVYCot$zomT&jPYK}S7T@3^)u6?A?o9R{$fDnH1(^{bF0=Kn#s=@7y}rr8wnS3XlL>oKYa4ECCR{pV?bDLwP)5R9wLBG1ckBQxY>pMW`W2?ndX&Ir1Y%?G zOfeSRPm;HwylrG+&06cGjlf*L$2hBv*zVGR!`wG^)wiSfk$Q-a9>| zz>y_oO8j=;7|Cbj11${}XWn2=h(qW7w9A zVq7*R-C03to^~(nRXh{hhEb2x1!|tZctn3PSLJNC0mszBkNHToar_pg1<*|cN|oi% zY9v_1{sKv}>(qO}By;bbjw^`|e$w{`Bo+_ulfKAAJAtUtjP1=k9Nx zfB(NaW512R-kbc#&bJfe50{t6yMKE4`aj_lO-wxeee&V!>B;*$dQ^QA7V%3H)l743~(BOP! zdxcjoIcWvLT2Zm+^+%nlh~6d>rfIEze`QSOeR=z>8Mf>#3O(4824sY#@|ml^ncWe~RsRiIp?34Q&i%k5PC4zJD z!!bn3$jA6ApIjavsD4QpCfsO55*=bho2(zyhe{O`3iCknZV4Lx1#Xv99=9aPk{KvM z>m%AuncG9CF~z}K-Mcma)1t~_t>WoGjI;kSDPRB+i-9M1JsfGDV3smzIvk_M+2 zD*rCPlT^rK_r>9mY1&up4<=XSRF;P@nwNb(%UeKm7wG*MM19=v%BPs) z%^me>5rll(FZE1Hz#=Sr7QjHuPqex7-rpn2if36!7UrAZ1Xcai-y4-Is3Wbe!eUht zogsexeQ7AYN-APDUS(})_$|xdE~*el46{UwK|P!9ZS2=Zr??8E3!zuWkl-UkG*kb) z7`RYju5qb)30tH8&R^G_um5$prvfuh_HU|Y`OJGn^vpwcqO#r+!wo}?4I{b{OAie1 z;E)QeNK&zav|Du=6V+~zSgSOLf{&T&XkMOb1xnV%Pr%CakM9Y~eZnRQ;3~g6&&%>P zT#{tS1WZ@11xLuDLL=|Lt1OvX^xj|#c5yzdHgx)4c4zG@l20RDRN-Qq!}%;;fj%Qx zhX}JUDHjYDguq&!!!-0i{(C%CBj|Q~6g-56rv!jZC{m9Qwq(4zswj%$Yuj&oxXMqU zFf{V_6#6k*%ke&l+!8K?ySfUcAG*TlHrXiVM@;LG4bA=&92RbrL8)gZ0 z5SEeDgex2mGf9~&T&45=)cv{pbBj~ci;FY&XO?ELuBPXwW?jl<<>^y(nR`aL#;x5IYOp_fzPq{h zbVcM{JhFv~ii37*C|E|d`!d`d>z!Wf&ds5;wt_1%&%(&68EVN2TO*_H82_#vP?EG- z+Z|Oi?c6RQuu(Gz6X_ET0X)@d?z|NhG@QYRxF)3K&{YbwWXk6TTfq*4cG{`#6KEN9 zQRfqmL}QR|)~N>+Jt3b2W#GNF3oL%ODW?);a!oCgx0nJ;TF>G(m*7&wme!pe!M^%S z?@B3N*WM>%qamSmpN!c$qUlLbsC3x`lq8jP97iFO*u>>9}ak{wprUyl%R)ZNK8 zSPBird3mfDVGbK%c!~rFq!JsR0=V)8et8qYRC%nST?JM z#!_&iT(fB#H7%g#SknY*jx}wdhIuq(NH)fXEXl?g)4@$*;>5fpTc>_Td4^#-h_4(z zuUJ+%-mV>si#NWnoENuq?HIG%7>mQ>o48ME?Xv}=Y7)y*9*)vN@O3iIyh!bAJ))I{ zDy0K1kB@L`9uI_|z#HI*=g%WrOl`&p)>IW3M03hP8M}@7VjxO@(8`7ERIUEK^8s}O zbK({@mW{2teU+`n?3^u@4;)2mqyv{_86BaY38&<=E`mVeSj|ukcA)+n8a)y`4OXtfIUrTVUOit4|q?pjMN)B2T4MI69fY~D_kvkdbIz; zkz|m<_adRuV=bKggWg4D0YTY|Gm6Wyv{w`Ql_jdFO-}Nh5*Gcv_wm0U z2maX4D-cu54P|R#Ef?xmMM9U&l26HoZ3!5m@~tz+ejNi=#F)@P2#`l4wT|~e(+fpZtA*@_Fkc;<- zXDZx+s&7ob#5b8Um|}+G3TNaumcuUj+9Cm>>hPDzi+^?}+C12fQm%`zyM1XYn0e;f zfbiX^+=c0NKnO(XGR3qCw85OzNVyF&#YNzSD+S}J5^oj^Fp96ny@6ZKhP%t~$ik+6 zLsYcW;tXSN9F#LrdA9v(&`odHWLNkBVX*c-@(T8+wQfJsd@m{FCnCl*#z>e<)k=KZ zR*NZ~Hh`YsRkRw8Tk-Pp{3RB#R^iy7OY63#L51|FO6vB5nkKJMAu_YKfEcuwNcNMW zTh)3B_{{?Zoh{0}hS%rMtRp=v)1$X=8P;rE^^2-=Gtw+o-)E5#5 zPpJ8OQW;Q89&&)dc$EDYG=fNKP@*k@1dQG#IwPihV5PpAU%S$VWQx32){Yh>EW@4)x&w3R5DpcETU=_fY!8zIP56-nY-il z*TbFC0oiw_yUk(FPE?TOku1z@WetaCWM6AjDyc?c7`b}Vo(`okScX(L7S$tdbZo8t z`^&ZGtI;}bTWN6)-~6<;xwZb{d0Wa{ld2~|UMVL@|A3GET}-3{Q}_l9+@8eEb({E3 zHO+`!ma+^o8UG67(BWEJkX6rG`$=?IU_l@CFRV$XT$<7_IvbvlmfSa`xkdil94*!6 z7H8+DmX;RgsKtRTGQS9&&s8|8=4E(jcKN;tiS7y(zRLE%3YO|fVa7bzO8)@tU%XXh zrHv5=bj$`SQU+fZ`c9T9aGJXO_=%$J^-xlU?r7~-CJ=6*TZ+_Ii{=lw66CZEmfmoL zgu%GpHG@IWt7Tec0^KW#?BctVmsBDwOQGl8Vr7l;4{Mb!6kTfCXcRreEucY;vv5q?;7H5_WFdA;Rezuk=F_0u z{(%&m2%5zbn6YiJj(S0w%`@Y)0%{u|df0+!3=W$Rqk}aYqA@sZMDXPrZ(NWU8;?>S z%oiLUEHJwf?MY{r!F2t`Wt)RJ;xl|^iur7#n!7Kv^!fo8&N(e%k^dq#pydZpm&yB< z z)d~0opt2fCgJ5*2G*I{7#s+_*)e4A<_=+gSkI}29J(aAYJ?z_yZ!(|AUc`dUrDRA= zX$;CwS`N7LJ$;ig!I8C3vIzpLF-Si;n|{#ygrOfh_Efce3zC%6pa*l#1@#_1YPxvtQE{Kc`M)ZxRocCMwF217aHLG5ZEBrhBY8M0HH|M z1b9eAF;2-}lgd3wA%Q&Rw^AkFR9SvX{y9xw- zJ@V$!(_jnqt_EMktPO$o#LiOeY7-4XMHP}^&e?_}f?3`CZGw{AXN&W~e*L}~R z=PYfcCvj&X=_N@jFKL*cXop4)tFGuMK#F8a;${(5I^u|yz=lExt_AC` zMwl}-qhU0NUE&^~=~R`xvqx6BvnNNw8+9{i*lq|~S27%i2W?bjzrpZeZt1~}-8+xL z^7MPDcOxIP4LUhXHCh?8(b0&4)N+bE7=*G$u|9LkYJ-iEeT8tQc!;(8=|QfEUo%*g zO3G-;H`&cnTd@-UG;JO2sch0v9})>kbVNyu2f5iXPs3Ye+aX;5_lViv@w7YPy>x+~9Nt17-OI;U_5Atjj zZg_zM&w({W)S;-(wCI(SKNmdYC0B+jA zoL^B)^xlCY7#aVZ(YT$O@9%n7_4o$hsiXp?2uDh_uxX@3{S3J6&%V)!xyL3wS3LUU zm^#kT4ImS9Q$k^ic~opISvbjaSZe=9RN}fadNF#eWV)zYgI7f6i6F32MI!B^y1V#R zzypNaJR0$ic$~_72;)i+6`pDYVQU6dj1F=Q1kAWyVIoyTcZGzZ1QEjjkn>WKNEkx0 z`bCQZ3 z%WCKUdghp`0X;QI%n{+=lTo68(Y!LKfsT^8HCv*(kI|EE>_fnK#9j#sZ9;(HmO`9i zgGy4d3sVXXAP~BkRvl)mM_Wi`K4v&Fz$w|iq__bh>E7S5f+GiNxGI4Xv(^VM&bEP- z1e1^!7d=2oe1I&AcwTOD5dN4H_GR=`IcgM6u%*i6T`Dat%4aaD)!4K4dR0$k5iK}F zvZOukj1BH+y|DZV5+2}brW|0m7B)(zy3O$hx$1oHV>1zD*ivW~BONgn8is^HeQ=&K zD{9ytXhtvUqbcj&tSEMhZ?*G!>aMEa?fmvzlCQm1?$pg<RqXe_#GWs(#iiR^i z?1}c;Qw2*v}O3n)Bj8UBVhl)U?O)LS{V3v{gyS8na= zhnu;`^|O;}yP)F{^g04io4_~?R|vI%Uq|8m@Nj6?g6A8&rnr z*zj;%zkK)baGc7gQ2O$EYD?#r8rrYK9HAZUKfDCHl@#jm^)xhG0jtiA93hDwzQ;G86@@x&pu5b`erp6Ak5hrI zA?{4z*0(sexrJR7_uBo~JH~MzRl@Au=ULI@^3n)p3KNl)?sW3(->=;FNv-PugVW6F zJq4|F#^X^mk9SV)Oz;Y?9lmS~V;s|^sdjen=Hc_3hkfz%u6lJAP9fkJ>`K!6d2oeS z)G-yL%IJ3#8$0}T6Je+H{VCTlDk?KUCcxf_-~ww;p2^^=9xIm}!;{s7|L3T;30Oq9 zQn=}W*nn+}&g&fjU+LLXGC1_U^sIF1Abq0FeMtq=iSw68-YED+kIBg%Uk}D(<4lS~ zXQq(UrOJcR&JU*Tg&<(YnJpKWCM9s^q}K>Hf$La$G}u%Ib!zy+%~~-J^ugPTXc|aC z{%1ZrJ(%pDx_`6`*%Q`U0_e0^Ekv3EAuBFT>oD_I;C(BAuP{1ta=jq@8W{(}FDK1Iy%t@`MwmKQ6krV*4< zN)M?c68C|xMY65Ecr4>()rqhPMrCws89SOV)quBE#Er|NbWSfU)tzgjC%`ns!~530 z5U50BgAsr`gn!w_jappQxxbwMa#{nxg`rc&xWu(~hdkmj%-`E zrvT0bFnU~QIW1Q6y{HA~(pMT7GsWqyxMA`kNe$4B4huc~GC4W<-@wKH?d_Yv|MIr? z=6}V8|KE@$|NGVP!T<4p^JivhZf2S!?m6mQ^S`M@u^-2Fu|yJx9&-K^hL>USrn z+}@R(=PL*G;##YLWVicvq-*>qIkS9ZytG9;I_S>g%|x(> zcQb)VSFmo7b~cb+&+(KD9{11V6aDroyRLr{>}YXb1GT_sbzEA5oduw^j0<;`@g_1I z#hxSML*TPHK8ik@;{gxL-`sx#owlI%#&`>CA02Pv_QrS%a32P+!!GUN@nNTS>v+wr zJv?4HwqI?numlurrrQDhgH7koStl5ZrFd`Yb!GKT#HH^Rx}Dp*yJG`t?TK==3*`}# z^I-S*lr*7pv-Vs))~YW#t_a!tk|Wu&7!G5XyU`a zL<3Ub2}F9+_$DGdjU$x>P~eMGWsW>B{tAaiavJyc4=9(PF%G!$gESg4ph21`3gFJ& zJ0fk(@*p5y-!z&PmdyFbXfsMnwKZ@Kfy!7o%G-T>5%DnWJ=1L+B6p2A+CU?_b+5W&w0vk$pv18tfaj^^0?t1WuHpyQpk@jbsg1aY+r;f>JX*k6L^Af zlqX;5M-qu91z{nn7j!)e8cgE>Hgs&>m|kX7EvM-^G!?&+YNx6)I9^szSMMk#~k zE+ggoaq&Ri*fH`c2oG1|qr@0dvu+w!(!x#S0FDphZ}_X1$r#GnO%7y`B#gdc9J(6w z6h3k7fK12wsLD_`Abt#jFIfaPkB7-{c=1v0|NT95ivn7O+UK^gVf`T`P&gX*JGNoV zp+K*2;=dft4Bvd^>fJG3cEl?`HxRYm z^$n%MqvDuC5eNT_l((A5&Tm^HHLIlv5b0h#BlgcEg&J8)x~^D$wONQdPo(0yz_3GG z07T$x=Z?&ZJ4rG`b};xq96~82ADBOCxrF*D*;$wsQ4YaD8Dhkq00-{EC_>F-Bb^^3 zOlAHS(nXz-n2~ILNM!C&=a|>zM4|`20_so;?n=SgCXPv#`!o=KY6*TnrFqroW_EFU zac*X2ZfSmY-X)n9r>ExUVA4>bmu5Fp(@XP9i__CHb2AWYoPN9-dv?t{*&a*~91qw+ zJk4sb^j8(RUI{jsAbkSzUPQeRbhyQ0Xn_7(#YrmBj!SYbpUD|kJs&m_=}mTwTtl7Eq?EGfG$#xvBi2obSXlFcE1?(P7WpEL)>Rn zsnC0}0f7!5-RAfvY$=a#Zc#t1+AaLzfK7X2>1o!ZcumGbs>raPyV={zSl_yCS3f@X zaUz-Jae!t0z1j|E1MyI~mbp_ zO&ul#Zfq`s=bl&Cd0oAqoz81}Z7^4Q(>sLh3c}0iJ1}0b6esC6Je)N1q+%+vASmerT1pF%f(lA+FE9k6gC%!-kehV$U|QrNi@H1~Dyu=bMjqH(p z{Aur`i{4pf>_I1a=wTwITGL7Z@Qq6G(qA#iC%8KXy>)EP)uOJIdne!&2jpd_wJBko z^xF^p12TAp_>(OpARkpJ{Gol$`CO3_fT!9u=xB5qlcWM1B@s8aUCPk)>@i7N4^$62 zTs1m)4OUZsg`M()NiBBqAZJ7KX0R&~NF)h4jwBN6g!?@C2@&kWFb zoWP=~p}f8VAwur#;B3$XG|DBeWqjy9hp{Zrdq7b(u=wltLz{h284w{?Zny&Y==9OC=UR!0qHld$NaXd=(cNWe#WL+QrQeBEd3QXt5Lx?dr>;$ z-!IGqIw#5jHu&5cDzf(Rl|eatM=7GFSx|x)>cx!+`dGpr&^WcT0f~6wCBc#~&$Tn9 z#_Bns(l}oBL&#mn={3pd<9;C+SwRiO4OU+~-=@w^RA{Xo&|u^LW$ouUV0M0fW)ZH5 z3ZYKTPfgvQxz9%nGt;z-TypK68{OycQO9pr&M31d=|_`6$zEuzZwIS9@G%KRZUKK& za_;UHp}beC0n*vFDmdUchC>|^#Q~-sGkKKp#MV$fv^PrK8p^o67Qp9V`|TG@-}&yN zFr{|ak4|w%VB1kC=b*Q1h>khHGG>27t;H&cYRE$>$py$-9(`^&B^f-g^}J9X%pibc z9Y8mn#mv+-M`U+#Iid-GYuGffIPkRfhz7!KK;TxW-#DTb>kp&k^%16d%Mn8Xg5e|L zR^sboK8BAdW6VeDUSul1;bn+c1L%<0RN}`lXOCaKSGP8yD=n0bcSnk=5COi3wN>&p zLtC<*&=M)+7e|B&kyWc5hYLxIFdxyUGW0GXbI$?+hq@UUi_u zEf6iVA_bKz$h##fORiueZA!;K*Fz1gkdCN4eD)w3nq2nN3dGhu zo_lbiA{{IMB_3%knXKDxkWi659^?I0&$go8^NMZh>sC>qLR4g^jJZVF>2S0MTvDXr zkiA`?@G3H-4ainl*n*q)QA5+gxhU6&BbasJ7FHM1KBQ1N;+cz>HZS5RNI3#4?t_f4 z5&la#LL)jtM>ZHT)e-h$wtY*WQQQuwq14VDs#UxQ8!*hvp7 zC(nMbas=<}d~ayW9vfn)6j_(1Ms~OAga&PFIi>q32z7i?C!kass0QhpjOv2vZt%8d zQkT6yaW8|;jC5RROz9Tq3qU2`y%PpTzKfGVv@GA*W{M zrzpy@u!uL7o@x|{bXk^b3c5t+@*pcOEiFwiF3n9t*qDN@L5}3?EYNd)c6M%VamHDa z5B|wNukEPa89GbIc>VcHs!md;$HG3ckkjf=@%#;W_*a~lm21-19BQUHZh0qqbCv=a zt+1+j2&W;IfH?6(T&01$+Ck#zAtNYp7&o=}VuufD@y50u()7m;AJX*5QqY_J8E;@2 zMj;qPV6!0{nd>ZUheNQ4lA6xoCE>JRy08DU^W87M|MJ@}%fGz-W#{fMpXuH3`j_!v zCLa89y7TQX4zcT9RJ4Dw$iO|G}!mJk<96}=! zI@hW1T@ zU_pL@7wtd{zmkNmDzcN#+aLtjIGiZ(#N7zuDN#*`7G!zB4zPiWG_aRUxUxte%uNym zc?DQIL;aMp@d>j4zZ^I>hiovnqJi}NKjT}mBdWRo zk=o=`ZJP9qG6O1l5qJtW4|+U1Du>F9evxS`@g^@Hw7uy&GyJEr( zYUY|Edimlir5JRAH~k}wm=Z6era-;fLU{dEN8G{41ENc=j8b`Z3>i4v{NMez zs0tcd%DGk|m|9v+|I_9J+T;5VkBJ?=;igrkEV&F4*u@x-jYP(l-<`yT)ULfuXL=zn zE3;w4uG-S5(nxd*!Y?`*K*OS=(B1_lg~SxjMb`?-E2Ll9b_Q6cy~@ffpvB%QJi<}g zyYum0AK~TbYITU>61^Lv{tf??A$#6O=U11HFZz3r#iX2_0ZW*5VEDrl+NT2K{eiW{ zpu1@YZ)VBj6seqzZEU!!1Ph>>7y0&aVmP3jx zOAN^-CAik11l{c#2x|DXep-3@GBqcXVIT5qFNe3YPayB%0kW}9O_kf}K=vaOs8m@G zjvmwKHG9o5RqeqrxyL?;3|3kG^*|WwmAxYQ+<;}%c0K5xnUo%yL`6nUd#-U%_q!6` zIDUWmo>xx!OjBQ~ItWi#so|%@0DB^@cmCiOSZj7}9>?GPy*K;BppGy<-<`Za?VtTh zpV!L|A3t6FV{UG4YU%#W)cqw~g9|exqD?OV>}D1g7H8<6SQ~J9?@6LfhJ&fpDrc$pq0Y zZe#Ps>KY}+pFipRw6eLr^25`$&Z8I4*Y3Jru6DsP^)zHnH33>X{AxMoi}UVSm3Y{^lw#KV`bdWW)TwJ$81xGx5gj0z*d#O!2QAozPCc!`S~ z=cj~Rxy{!VtVj+{mC!RrjO4AiyeO%LlDuUZnKQWJ7*$=k{+Pg1K!c|WaLFH}YqE5B zaoJ53$JFqjQaYp`4PBKW-8=U&_wIfC__6zOw%b2Hy7$*-Pw!3NzrS=(>%jC~!;F%6 z1#%dWZ*r_>52f**7)5^7iE@yv>=ZUm5#ykV<{3?CTn@P?l;*JWudtCr!s^nf6_+n2 zSi=(2kU`7IVYsI4M>U$^UJ{v5NQ;>`OLQxB2vl4sqS*Qk!Xx1iU#9`jFin(Gl}h+k z_zXS8u6R%F1X&n{fxots((@T~x5P3J)Fu6b+3O-w34|r?9H#rVVm5+vq!H7#!C-K0hwJvmE|D2>P_3l!WFdU{XM+m1x(Jn~annRuV zUkRrPinvut$3#QPHkM^gb@)PnGl4>dooQhiJ!#^nkd0b`@=J-eN}YRfg&31#2S$g0 zJ8UD(8e{SL4LcOGArjzYWbug6{pWjQ1Nyoo1K(4p&ub8}=|`(!$l5W@`UC`6H&X-^ zDS~K?dMfE{s1|Uz)G;(KNOs#(%vaGVR$a_4;)xd)E{QCxjqEVnFar`71d_@yw40g1 z)|*?Hn!As~ZFYKA8T@jS&Cbp)(4J+%8T>SpM2wI_!Hg9hQyOp#I^*P2P23Eom`0o^ zr-77)(FCc`1ANhq6jhH_ayZG2 zLx2^sBReEUC}VW&!!C7Ac0&a1rfo-74CN7BwKRF1nCglX9gs5BIH$KSsz~vNZvvqF zfZM=DWVu+bVOG$TeaD}4X>%#)Ez>#LR^cOi$8RB{B>vYuzRD5{Ra zL$4>XRmv^Zqm3!bSk`z-8Bapij>S!+N<1Op z0+Fy0_VYnGX4m=iH%=hZnsl`texD5RgY>N7G09IZQ&qLE5@jHlX$2MgIwbJ^{`S*H zIX{08>L*7?nr>5Pz({nrF~W0<;s%gpv2THlixDS|PA!dBWAek}*B58USjw{kvIyKX43 zcmoWquB7vx?p>wHl`UVpQUI^66c{F7iKHfKMQo-dmgVe2(1uX5|DyiB%0ac2xwY|% z5;AM0nVkIjKo427(IrGJ2BLO$&Sc>TZ;b8I6t4k4-=9r>FIv@ETDHrbdJ!oWF(Q?@ zO<`V{l}@@QWZ?D_BejWUW_OBTj@;r@1*pX{hj$Z;_F1hlNOH$Duw##u_|1IY|pgA}Q;L zL-R{ncd6q7Notl|jm{A(XJo(x38_{TcY3lye(v0)7=do<3 zr!lsbti8B2vp6+FYlmq%%W?Sp+;sHh9wB#SiMU@cK1%=SxkQ5%t-^%`!y%R1iHhYb z-fK7D39d59p<+DAQsas5j2+y$86O=%4nBjp$z@uy1lpZR!!XK6)!a!HM7rL^Lm3q_ z5^1D5S^=fzJPxzY*uC# zNwQ1m-2z%LYkB&~4*-{t%XSO_M?_?2KASj)qkyJI3L7NJC)QiYdkwV62|M;79V;$n>ryG1y9BvG80tg0aH*VyZ!7xp;jCQ7lYX9=+tt>C}B>XKs z1`Ai20ktm1;l5-)nm^Q!?dN3!Z=8jq-B z+0${=($a6LYLobKzT6EUD@P{)acx1%M??posc6tjiCd!aG)pw;kTc79%_$^#NWB3? z+Ijg922W19{D&jy!c@%{Z`3{6k6L{7S%T=1&o0jOjzruq7uV;igqyOG6Um8}9`87< z+)!Z!9XKqKeCpHvF}UG`qRQ2i^i?&Yy8xXhdkE%33NORThn9Fsthk!s0@ub28Rn zHFJra#+_ZHYT13c`wE=Bg|wzJL~Isq>zmA)BqfwP;s%KP zW!F{4Gvqg@{Bt_Y{%Ef-9t`KIM52 zCjAvHYKikk+9D3;w?+0e&Y+HZbSh$W!lJ(w(Fc6$IfZQ*HwrCG(38|M;JrtWbVqxdY6sRna$wNjPxmct-r zS0EQY)F>Wy=3-@ORg*5U_XhWma@JLoBu{7^ZM6_}8*LgRag{w2I3!S_^YD{tHp<0S zSR+LSQ9MNJJ{;?fh9JOE0Oht`xHjtGW>p|I#flMES=^5H?eR?I^~ zF;U0?Z#@DxlKeMEXAk%QR0)3nNMuaARpuwOd@Z;XP?fZ!@vEpiPm&Xl+u@<)uyqBO zf-ZTg;8rwr*ocK%mZ}2KNqv?Q=BPdvroyirb_$yr#|⪼5h!H6R9^{u*WP`+zPYu%Tlk{WvrCK6HW!y9Jm z-lw-%??Nqs{QKvx$EIcvb_~wOUmqX95I)#>P5f?oj3m*@f||gD(raPqyjRH*-B1BB zO4(!foyMuhVO{VI>|$-XY)R|)$BNNJhrBmcU~1#M_X-aUdYv?~ps5veC>uY9Frr@} zECwBAb9eMx*QJw`uYh^qJLe{#OC5AAhf;a?BzW+!`;f|YnVaFrudSQo@$ev1ykZXw zeN~X@7v9H>(#~2iJgskJ1I1Fi-LfjLI4a&GQHyYNaa1Wl`#O+UaV1T2q`6_5P0J! zv9|Wh;aAFXLvbV$#oo)(>?b=1SCJvI3F1s)*X-VIJ1!z$MMhhoH;>!uU3`@*k-69e zO&3of!n5g3OdIcqtLNHQJe9T)yR*tKNX|RHvBv8UoL}w`k)FhIH_63kU-a{BT?u2K zJokn#{;_p7+Z!7gKo`Y82S6QF z)^>GVO^i1ql|yp8cHH{2ji>9Y>)X3I?xAeY&6E@h1>xkZ^O^+ww;{0zVVoZ9*zslI zg7*m#PIKe7&}KbjD2F#^=b(l0pPR8ROsll`(#-7A+|vDpnZ>2qrRiDp1c-e;0dwc3 z1*%PMod}R=HF}ypjJW%7^cx(p2Z^mROQq(DRiE5Y=!i=R<#>K7FWp+tl5dm2>AmGHrFf)b&Z?s5O%B|9(`zUV1d9)zFWmyM|>wyk60uxvT)nU zB9yEe(X+OJkgwg!MIf|{nKYd^3c>BeD~R{!f@iJS3i_4^Ey#a_`~X3~nZQ;;|4kk3 zn+lD?PuR(!Vd0NxXPLrV?r2#nqDSI9JT2M1Iwu`efWh&>saxX!L<%WM`}*wi^vcpB zpULguQWP_-k>XD&3E7e1%;Vy!iOs@?-%@54df)zS7VdudS5=G5G_Nm^%dNZ&=)ZKJ z0kSllDp*{e*D6LRu-!;*)uX-Kd>WBb)~V^UNq$Fd73N#(ShX#gFY%J4tYsPGP{p_- zrFf9dk%;v)(NumbKrsmi&{BXhn>Q8+>A<4Z*29_jwQ7yp!K4us@TFTQ`eoRul;h$f zex>UaktRZ8kY3NK$dea1pNLUEt|3u~oPj!l8s>InT_c~4Sfr6Zuzq@R@3Db1KiQcn zD%Cv}Grh=E9~(o7*%8PHA&Hpicf4K0d$gH=UY2?-+U?73CJRPx;M~dne1X!Jf$#B^ ze7~qS7U4WH12vzX*;+-8T?F{CRunSy^`MkxZ=*^vn*$Vm&Lis7 zpnb1B+t~hjw?^EVUPR--Z+4$O>>8>A(=Yt~%-kHh=>9b3%;Icx(pciB1rAqhjk&2= zN|32V-vYJArqE{?G_wo$qb$uVk#|)`?zox`5&Q#*st8m~lteh&|WN9iMuc3f7W`Sk$ zH6+7fOBD(!v598E3EXvL0ZSw~-^CLn*-FwY`Jt=2a5;&PbQIaKd=2_Rxf9F)B}anm~PAg!cBA2UgZ;w4-WJUeUH(O9r>@#n}zls!kNz372#>M2zW1(yIeCZ$?#y(g)fjh(7$ z`Ewp8(##vRhiIggGwf_;k@`=u>Tnz((W(I4`8&f3S)hnN;yAqe0PP^W><~|%H|&7I z5Wjg|>59r=l)aIWk!bXreYt8 zs}PWx8F6NcD3v3NS&;@RmdT2?#f!rc)$&nZ03oem-C}Q>oMx$NvOGkl9qrXg_|oZ3 zRiN~W>vTa)3Ml=L^`BgZ>9%qRf*KlCLHZ`~F-(qHjK6l|`twH&JSF*Jw~Y;;2CTB+ zu8#yvIY&jMZe%Tg^G)Z`+A5V9cmML!?)vlX7rS`5s1rl<8Jv#} zxvTmyEP=5P-_-snBc!uYl?w<*r+4;89~w|R={8<{s_U1qnBs}4tO5#<)9{sgb|bMh zj5sz<-K@spgmx%e&E}VP^sV|fpDvB(d1Z7EO!WGEV%7QNmB)yd&K}3 zKxm={;>7s$SPI%b#YDtWK{=b^ZN+rt0_I*>bux8CgK8A{E2OKxP5kYv58e6tLx2Ap zUN3b}FB{;z=ae*Bu!_ppoR{nFF-1+6UWk?ASz`lO&tSt!XMGPaE-uq1jHm*?_R2L+4eWqu(qCyCk=r3us}E0L!3 zUV+RNk27|lL+kx>;zfIw>HJj;W*Qqugy5-DQnGdWPGsHv=%&4ba zRUpq0y;5r1;Qa2o+$~PkY^{&2EOL1k6y4$h2f>$33TLQv2q+Xpg>$4tJoH#!>5b(6 zigs-a07*(kt-lUIpmJy`C2nM!aY!_!KRUyyPUs;YDoZV33z--3!%=5EY%r;h%K=RT zRW`onfqJbt>*s&)-{CQTdHMLD9Y=Z)P+Y6QM3lou!WO}u3zT2d|K^m_S@Ejn#Pvn1 zvTNUX(Lcq(IWWXMN4j8%Q)N|83KUGp^S!gSTnkG~aS>9kMM9Q#ROW3f{~RweR2+hi zh2v%6MDAZ}aA1fRID#C$77siSAc!z7z!+57e=!qz@6#oEatC&!pwTS7<9ncIqLeKlS#_W^TH}Dof}(W?5y8RL71cGHSh& z^j}wK^QEV?HwG`C!%+l8@vk^bG?;69k-W}%l?b99<7-Y5t z0|gb$r8OrnoFjVL;0#3cS zP(&6SLPk+lanp;p+hyNfApjn9Zr{G6Mq-5RvM)eXR3T(L`-UCKMf*KgtU5wwkHwcy z>avdS%duVsQf-Px;|nqvV4Wq$f&vibSZxShObiHL*s5Kc*uUw$m1Cun6XD)R8FRTz ze<~0_H}1@u)3G+?!^>i~OZkqFo8{OrXwxpJLmJ6>9^)z9?sCX2Ww&-+6gsN}Id$2} za$_9OIoB)HImdUun|C-^o>2AY3tGp8nL!q^ry-KDXM~ z?gw6A?V*wrGefd46~2wNov)T4K0ugjB#%ds(R6vKO}@D46arVNh%sax5keH-f*W<& z!vj?vbX!3B((`wg`%tkIi*3Fu2Pu=aI}p9OySexA88$xF#&Xrv z(>Y(vvM_%N{#D$y^m=MEXN9)`OM9I^L2m1=pHdWvM+L*!$Keo{pG&rF3U7@cU)+&W zr!WB^Tlnl=k|N&83bEzp*pdSYQuhv^yGVMoisTtM(kx-6^5iLFR=dRd;ixZiNa7F= zzwSIuiQMW?TsinULnoMc(p%g3*fK21Y|$~tkj4iSG%{3`k|dHv!V{i+Ke zE^j%TDD~wW43w1Bddtz9Jli!#Yn!#0BE=Tcs`ZGo>jy2`&5 zqGzfj7FBCiXGe1K0Vpb>z3bKeWuv1|lXGy0iBWa;qdtNM@?+{b?S@Y{+tg>69i)&% zuq(3KP4RhA<-kzp(S5<7L6l-r_KHa(aOZ{4baQ*{A?Itx2TpR+9zWvFXzb1Ot`gEv zG+N8E^s-RyA8a=QnL_n&D=}bTA1cA02vR8-o-{%_T2+H{RGx|}Ju@9*LE8V3k51@c zPBoOfeQQDWNXUAq%5OS6j0OL4leuu6Zd#4ll+c-!Q&M~J?U~-$@Ky>n0PR<0IT>aO z7Q=OQGM{kd+1o4Hg5o%KSuw;(yz^oRRHV{W^8h2iLlcV>(HnQnyBuxlka|Wac9Ky= zs1S6|!j>Pttb=oqmBj6+;)L9EAai=eIdZ%Wtc zpWcdTZta+@{&umv5)2)?x{(WFsyY$%-HoGt9XJ6xd;(LQ`r(A!Q`|Z6g+W|ro}1OT zY_uCdtCRVKjHfzXSC&<5y9m(Tsot z!3PCoq@hw#0eiplW+uKgoMN-t!;oX{uSvCe$qJ$_nXENtA-oF&O@vRB@-vB>sHQl( ziGL?)$l=HqrTOt=%DrwRsFG-!B2VBi$?pOaN^m#4vxW&Wk=P{RNrHLArXOtgvz?Xq zzYoRK;>$@P4eLf;bU%RsyxHAhmY>oYcQU|&94Lf)`2WlloTDqMy--9p+alML^B5{f zD+hEv(FfH*8fESfTd$ZgL<*AZhU!^_caDB%= zaroueYVy!=sUw^XfCQ6dh@M6KQPy@MD8e*{jNyKtdk23fJ;9je0Oz)M^|^!J7+}mA zwsvd7O`b)b`zJ_qOiuBpCg0pPUerlyrME1j^ zb|AnpRBr z?vwtTM~1G%Pcq3h5uUMZnifEkl=gIeK~mafhU~*jWL69Lc4sLWCHAx3gdKX*h z&)$34S1W_Z$bbDr4Tt1JiI6h>`#WO;*z}<(W4iu+dprtu|2h{VS0Z*@m0vI z;A3I4R{E{$bR+_!tPAV4%upNMj*ZCFQ3-R3t?(-JKKFSa;F!Ze!Z&BiQW!b zc_ySQP7YY)oeOJ9=JhTw4&SI@x3+(M!(RtQ+ETJba$0A{#m(gvzl}}bi%QFaWU?ls zPF|_{ZiY|j^B5)_y%ybV(!zoemh%hgh1uSIY={jr>dlXer#0YO3m7?I3%Oz zkdX4}hw%w~9Y@GF=l}|%MEiW%TqgX+c@bxWZLY! zNS@e1sitJ_b9S~@_A8zR87jCVeif^H?AO9Mt3cS;zI_FP%%zkF3xV4pl-Cnr-Gw6# z`BT2kU{lE-Y%c(4CdbdSSX0^%tY6g@0hNdx1V0!vPP~-VkUCCbmgF_KkXL&~3mfB~ zwP|XsD3F|&P>^%D}}Xh~%!!>($PfN=)-pmldBpxIC&(uj%Vj}5=DCLmWu)A!k zg#+8;q<6^7U8=en<|pD~&&}h4dP0UqB!<%!KwD*5u~W7i0znW6{88NJ^7(`}i`O7g z6zPd;f`IsxsP3Zo0~oiZl0=feZ<2cBGUt2eH)@~S84nvLW?%w<3ceH3a-+O!S>eqV{rOyb3=MxdLa$rmNrf(z^ z%a(VsAIy+!d?p2P9eD^LxcTFjWoMRw|M`0I+ntB6rzY?3=&#+KKaD?JUgpR7^y$R6 zd_ZHH7@T}?K)Vt&Et4UjWn${FSSUC5}(o(r=fO4@fghwpxF;Gw+U>WN`NJAAH;fESx&1dQe+kP5xM z_LWe!mQz;C9{A>oks7lF{8PbxZApPX2k>*U%h(6U(X*njsW>Lrv&0fTC1Q8Ps{x28 z-|68N%VSGdB0MgOJ~OBV1=!uO#Je4NKs78Sgn_$6PxIh>K^wcWBGD!t^*fZl232WIJ+jUp{~>?qf= z3O~7ai~?m%og|sF2j!B(g%M@G6au)mR}RhMqr%@LX!qi*8=Nte@wOtTNQi@j;J&1y zP01;=)hG{=YXnG6@jBBM!YXSv%)*7&zGn)zrITH|#S^S8iKM4b){35R*MDbVTs~c= zT*s{;o6~Cf^7Jfnty3T?v$3-&T9aHg$Z&iov6QtiO{vhF<7u@C+Cgj zf0}qWG5)%@wo^gfZ^5xm;tEO)ZTJTFNL9ecCVdAa>a2g@ol2+Z9^E^gU_VVx``c`ZX>AuB?N>>z9>IpY9eXwZrbs4o=#QT|pF7=d_ixGU zu0y=yeGGjg$%Nk~?CBx0fq2EfL$ijBWv|WVX{43vrQu^SW$dPE175FVgYL6{&@xfN zWs|3sPnKQT(t(8V_}q>B#bo&s6U%Pl-q=BR_J|Jzos^Z6zi+R46$TZ41%CvVy-fAi9C1bt@V>F!z!1ufWPyCR za~Ggs6ectWE)=}{KMN32Nr|9kafb;h%co0+Ujr$SdFI65vb@9~3RVo}9D1EO(W6VY zO0cG4Gxeka`Ji$^n6LL2r`4%N2r^`y6-zC#7?T?Jw-@)0iD`OHPe*+om{dzi%JAq1 zO;g|}rm0FGm05_}5mkRd^hU446wwHO;|tZ=%^kZ~{}>!}*uj~!2i^0a^UXIYHP;9_ zzd8jMDUlQU`QY$9@!=x46HE;^j{tMP7ou#u7S?p0`lEfIl**gnc0|Np^t#%%oZwWd zWi*+@nBQYK=Hv-Jkf4T(0CopC*gJBUVlUC+fyHs6d{viw@YLikS|OV@!~GeBd1UdY z56TVxh(wZX6O|3G>9BNBArid^&aAuNXeHrPeooXL_gb!y7B8KSSWHTOMR0MGTL>YQ zWKfq_6qF9OA79Gy8&{394EUKgy*WaKa?Vc3nqe_3CGMMk6cD(3d}?$aMY8CWMS&7u zIXr2R2P4!MzR)22=soFal3y&5b9pwoqqIP^wv0}lYxY4qNP-!zhh1MlH?Dx@fJ2T$ z003=Qy=|)#*DR5Roh0aTC%HUF(lq$O(V|f4ky%xdIA7?!9GxgnS`)#Aa<;{je)pEb zDgoJIg86>a5Use9zN+Wu0-f=1`L z+15simw#=(p7d?9SJ`5EgtE;&-4YFYPvM@@{JMbUHG%774X;GMlhvr5yoL&UK#2UZ z_s!Oe$J?(~HrIZ6b}TPt|M23MS8TEV$3f@$_Alx9pQ5_fFAD8;{sTAF0E-dX6#g1- z_^+GCp>&2VQG;aSfSkoaAUaHm9kGl+xF1CP4_9oP&4TUvWwRwG$cKDmz2cmq?LEMQd0DAAZQn2zlE=`j773=Jr;y_ILh^WWAOtMh zx0(N7x;y{fEht0pU>-f#e)QcfSB7E&9F%!}W` zDU+U7fUZs8uXxBCwxqT9u}t;!4ydObc5CpG)D#Yv5fx!ZpY|k3;-U&+6iB^&q+FKY5O#U8N9_ZCgPf-s3F9>Bn7xc<=m2_C^9)U zXXM*d=vcL}yg;)V)d+!Q8yFcx6$P#F3o=i_m`bjVYm4C|#jJG@xf0_^=}*|exLR{< zGs56RV|0u>x+pN#jGTOFo26Cc3dc#l3S-0QN*Jf|B5CsxKH>aWPL;acs z8xd-N*l;R_g@zsr1ItQG74^4hswvA5-=FqS z6Q5Z(L(xh0kBt5L9h;GF%pXj5T|K8*8c2#jyqU|ClABm@hgko-J}fV|)0iXYCYsDVI$bihyb(y&lrot*a&E3DCIGztihHW88} zE=88JE#$C^n#iIAA|IG~L!06V1LIgU$Ye4k`R;P3 zfgDQ>yu=+chj!Y^;<|%mqxJ|E*Hr^1Gif9;1yp9chJ+qYcYtke$0-MwOoxbC%l6LS z2m4kvi5{d%m*zC3Zwx1=jKchg;2A?S{_xXbV5Nu6SmAvQJ&jL<6xXAu^JTXNVOf_Ixy1(~kADiXq?eX8=oxDHopZ!Xg zwaX75KVAJ}<%iWrYmcA&xc+Z{dHU@6i;aJ$naj(cUj6mw|45kHMv!?E?mG~!ShqTa zRMS+cp&df|W>M4>eYQuwTKFjM*x$M>EX*2Mv(MF@D?*U{5RKG$!ERZIU8fxSWZ-wI!h%a zd901t7LxRwn~nuuXs--T`Z=YdyAlOnanDxe+dum5BQqK+^!!31K82z}1(Y4q6xkb5 zwctytxtIyVTRhOaM1h?0FSfQ_X7}FZY5iB;y)CN$IYpTx6$a#zA&CL=l{+-OGM5o* zOjCMEK>Y3X=TEk%=K9y&)fdlKUv6%aWI$TM=Gw}$tp=v9EHi+lku2-3zOpezy9_ZM zv0y~slLA10K6&wM?b*}yXY1R<;&6}r4N(grKI^A@2XquZQZ1)vPI-TN4BYwr&xqMhwC(DS)23O@ujg-EMQ)7TFkhOug?V3S#3) z)_U@EVZFSHyPxAUW~4-EXz_Sp_c%|wkcb3pl*oK=)l@2p%a^kK@2XOVBr{)Kd$Fm+ z%yY9Z@@CnxWh*yodfR3YG?r8Qu1oQ&CWB?D!HtliZdqPF!G7)sn2f=Ay7$6$h=z+Q zMIcb=yEy(8V9-;z>Sdf7o)C)%TSG|bm}F5<`7Tgmv52HxLvCB+jO34kWGUxsEr_bi zEJT0d*V+3ygx8#cEV>m30v$EViBxmp2=#vfNPR}UpX{Ir8t(hj@xot@`}^XAc!lwd z7GJX-fnKzAyq*4-jm(!60$V)x`jDQh9mY78`E$&MMmgqG#BPuHGK)!y>6>qO>AtYO z9%|TV+RL!qZTO?ZvzX_p6oT5UoFaAlZFj?I{ zsvQsrMtMvWgw}6z*QgG0LOOXCaAaYR+cfFk+EVZ_+z2i}g%Co#M73z`g$DO0OnCWq zf!&0|*%}Iu=-))>cwA_5w!0$EOCwYaKT)Yu=qwtwq$rfOB{ja zUZoevod49Vdimft^XRF#%lf91-tej0HxEu6GOwoWe3p_sAP6KvL&XSJh{ zSoN_*NxLp{t0kXu!YFd?7zxuMQ3>vY#_u97F|O;-C{5v-Ukl&U>C zNepr=vI-A9xsp)=r}kMzn!5eP*81ENZv@t)hyrP2uvEV*RawS9G$B(mqVA%p^db`a zVGG`jp2j|uC4+uU5uikab9_LqK=iPSB}WLG2){aY;1^Jvsp+Y?CAu$9jQ!?1xXaz? z!S7?gi3_wmH9a*m+`9Sq&e(5f#|Qey5>S`?eTUyt36tMPw?V;}$rmCl${Uk)p;d{* zm1>d`D`OR%@!N0SG+k-+-+%w@H^0(D`eY3{w>w>ZLO{4akUi1#p6+yi3P1Jlzu#)p z#+~H{oqq|$#~l4ue%iKy8ajBTBshhV{#~`LdGoJdcP9VQx&6oAepuQ1ardXS&8>Ax z!A<^tyYu;T^W*1_U%Z~$@zCVaMQ66NvqKn}o}bq+ZO|(p*~5q}H!Wjf;e^4n_Lo$I zcz~wrKii}G1*&+Dw~D{JK@t2)zi4BRW+&;`>zN&kW=7SG4+WHgf|HgJeymW3GbL$8 zOvID^(eeH*H~WD3nDUNri-2j_eW1BYU-Dr5?%kuBFHtozrGof7v>ehAW50<93G?+c#<1t?v&(dZqy$L zdLV)Uu6&Z|6}$-50`98xZw{v=w>uxZC!Hs**h<0rVK)xge#f>z6g0QWTP;43K$s>` z60G$WNc71>mK)%)f+x%0p?xJO^izt40W&`SGq8&%g35O(HwH6;U*iOY538vHVB0F( z$^WZXQVz5uc22stZvEW94AjKz3H^2U-yd|zfV8SXcnae=^vqTF*CVv(a?Bw#!*ry-l>cT3ht%?ZP1ny-iDy1=_ z+b`o^(jv~UHk1X1XBx%v*xt`m)d@-!Vlx6UXu4bH6xX9}MCR1EB+Mi6U}P6XZ3o_; z451(hA{)zcGbR@(Qk`KPPOS&6-}=$K7?dVQvSQ*UIQ5y2c?d^@-jm;N- z{W*Cvc%s!O>jZM}3iO@r5>B5ZYEjW%vVVSbZ*Xt_=ve*@?4eIr4k|Jc0k^%(|BDa( zU((~3r>S6D_zets#-PCtW63WoQSA}~U$#lp5^<0l)KpAc`Wp zDGmGV-BI_b-#zGkxR;~G_vDh0T=tc7Gud>TDRTk!#8M|jTJk(obRZtBw0N*MsDa^# z0qfdkxm~|$a_`g*oqyFJ<$!gG?-*jw+a9Tlr~N3t4Qk)Nw9y(+5O7;FHK@*0yoRM5 zhr|k&3yZG!hLV>%706ZzjL>DU12B*%o(oo(peI#8O+Yo4Au5oFBouQT`=YvTAekkm z75IliosbH;jF-?`9}I zLnJH;)oA%dlpa|j+5nFgxKAU&N3ah9hm2;AH>dIhUVgoUJ7jJp;jerSoto%rUXt=Y zbUWMq4zxWLo)Ghh_#5J)DY8zeDG>JH`0eqB$CP!sxIJ-sDl$)cV!b3@nUO(ExfKNN z8Shejc7`LiCbLo1g+XChVQ!Q-(cUNm4UhU_QppUGz`2y(4hKu7G7LkIs7S9&V9^Zp zaHXafsDu!iNL(ZW_=!uX0M#I`3q8XIPpLA#fd*TVy3p(^k-4Hch7e$-vh$_rNY+Lu zYJW%;AWQK;iYWx@y!GkgX!6q}tl7yUQjyiG=5+GO50m{*V&;=Rd&=nXWP()e4*yD} zD;5STq}TKBqMr3n_jK$(-cIrxr@h>oyrd}+Xn%10iD%rW#3>pvET)EvIS((5Q=>H@ z)<%T#GU1GcqfA}}{Z$->_F(4r)U=e>rZiKRIj!~z+9Yp`*jkX#)|D4pTMNcKCj%YH zi_;uN>S*D95t?V)jcmm3kjIJ%Cg|MastTW}C9#)`g4cTGUMk(rbCt!hgpz^@1g4TA z%o96Q%gaQF{XRv-gv>+XgCF;(s}lK3DekKvh?fsvkY#+SuhFIG2HW~w_qeZ88(=tt z*TKEm`jh1YC%zj6Cj;C&@?%uJhUJ)6g7Rq1%gT2-5t;3GCi@UBc)UB4lW~Db9+sPa zpht-$BLnRiwB5|qNx}m?m08p=Dvpyf>Xk#IvB^`Cown`n!NuYD?PoB2_O9-Bre-Gp zjdeJ+ATRjr^3>eMv(B@v?c3jV{>*y$9${eGVa%d;eS@|bpU0fASbjuGEO(wcm4_m3 zr&@S-fGlpZl(5R3&kuND%+k&se$bnBc2`U&Yj&LEKO)8BDXuJ#MroYec2?g;!qz^g z{6zk|3Pj^~y9hz{pW|1buX=;er=L&zpW!)BPIKaqwN436(Zl=Q6N3TlF^Z`B#PEF1YK%GwC%)P(5Kkf~-F5j#MF@j^c)Jt`G z*s`K7ZjrQ_B`+?HFDTQ}!o;l&{=d4eTQU@I^T4w*T3~YsX|cMA>|+y!Upludsf#^| zs98q=9NyU*m+iR2Fw$(*p^{C2ef|3O-tD`c+iz~~?4*Ye@F0tVu;0tgb(A-v!tf*Z zAT~&iguD?XnSdWI4w`v*x!*yxVUmy(zC`}B#p{rP4|zPlkG4CBw8sA*Zsse=x%S~C zaWz8IB}9ZWu~&rUqqcY==)j^VA*N&-XlmaQ8&0xNt`=C{?)8ET+Nq4)TdZ!}X@4BI zaWg4UOU2kTvJVk=j!7J!-Y#AB`Khz*g{ze-OkTo zb1gvO(m$q%Limnrc!ia!sY>6R7|A3=$fG6?oM2ihsgKu!)pb2DFLLalIIS}I zO*~c^ZkXd=W%KF9&`J}v!^B65Ig)mtrLhBW=gr*G{h1lhUf_18 zrW7NXnw^@Pnx9&jTAW&%x<5TNJv}`$Jv%)&JwLrLy*RxzeScpF0!L$Nmj9};s!iqSG!uRw#i%62+s>P37t@r5Fmlj zV_JZOP7+cr2&Cd*QXC9~5Yo$&g63OVOh&nk|9|`aq9~Peo$s5zdnOl8#}bt zP5;jho5fOR#Zwx>Fn@-Yp;2N>C-%h`>D4kc@G!g3HCMtf{QMwQ`al2VpJ7v`JtZ|Q zJtOHcGb=l1R_?op^7o##pAs*bNa9~}H;`o&FOU4D1}o2Pwb z&v&aH8~KC%!ul^3-R^m9-gVvIu6!i^+w99*pI?1%@a;2hI_rCzpL*Y))q&b)3qIj~ z^^|KmzghlJ^w*h}ZXaLy$$_^Pestf_jZcjIDfI)}zP#+tzBd+pXxB^YJ~QxyP)RtOKx@jXwKC;zftz7{lCh%r1|iQd;C8+{f50SZ+Lw4 zk16kO_|nolysyu{zUMn@Kb`np&J}H6E4eT9v&A=`{r&2v&-;scuynFU;kIi`2Xcd{=res)Umz%h|w*_v+pdw;8YbVKpFB$Gb68U(NAvKKG8q-0 z>aiY0EO64EFfS9%0kBv{+-c4seXq-KkE1RBXpo_FSNI&tyKrwA>YVP$cT%cIsU&nrlE`q9S!noQeKF3 zO?>uUSeU7Qrkkuo{Szc3M*aF>>PO6p(UMgw+TGeMTWSYQleJ*@l1j{+K0;tvrAv0k z=#-k7n8cO-gRM>i*1LP_X7X=qc{)fI=<{J;ulJv7TN8V=%Ce4=HfkO87RP_CVOLtt z?Dnk@hc%Ql3ZsY7YqTBUoqw#~`ZZJ!v-CnT>96(gZ)`Cp4VuPdz0}q3f#~6R)ryQv zZyjDvs_KnXB83k5Nq*w%IlVYu*N0V4G9lIjU|n}oYof4x&Q$6ub@P&`tdu6^=quMC zfpy6HZ1f;GGMw^})OkHr)PiyxhHk7~-Sy4wqGvL?EiNgR;iq*nj~?`pVm&*aCd-R- zJu9-JeV>?{sU(p`D^(?0rb3b?5n2aXNYGL^Ivo@0DUnaT{^aGf{;gZy^Xc8lB@``A6*LfZ5S+oYE3S$R_NdH1Y4ixs+Z5igP7kxM4N zA$1fd->FI>^lxyo=eTo)W97ul))^1VR-DkHL@&jJ={;2@Y^^otoLDEDoTKa2E_$mF zJ^9|K)8o<|*klsk8MnB+Gg8rDE60+VDSI7D23lMyEwqSlWkVBRA~~#2k;s?jEEyro zN$bF!)lzu@{ePnAbFO>R98JbKz3u-KeFf95e#>r3U!hNs)vu12t+Cbw)lSaHibYV~ zMkTFsF>eUE9}3nIHyPe^H(M3i)%ivcKubNxLvzh+7qw8;lQMBC69@jJ|)SaISSN!cT_foX~d%fX5p(9Yn9zWUPwlN&YI?P~uIgzENVG~!rdx*AmN2SO>X>|uH&F+ANW;RQ$gsQ{nHWcS z`KZxRATJN}#G<4}&nXiO-&5$#DN2gR67(TVefEkL-}f znAXd3BYq3wyCwl9KD><4Le`Q5-ZR(e*D8EL)$b_Z!nb2X{N#lhX0hkS69rkAfY`fA zGR>L{l~>lH0@IqJV_M+lTb7ksOGR}Q@~hQ5#7kn525W_lmYRI)t;Ma%c&D$hqo7(Z zRh{NjUVDqDWWiKBr*ZO5=^R;m>sImsHf z_UX~TXlC-u;Ys=?403!yE*-G`JbMwZe!M~_3C6*uBXmZv+{puu5{3U zb5=gO-Rf?P9qXLxI6aJ=b3%12y{zkx#_ISaypG>6 z>jp#NxiJy1V1*uZDM4Z+b+1MdbJy^#PE zZN&CAvTy(jHL^~&ku*0(y@AHWK(sLtO*FZ}Zpa7up$HU%;!Uo2w8`s^HuY zDTGWYJlMqPB~6L2kC{)bnQ`!TS17Wbt#Y@sSL=3OowQH}EsSzoSWei|AA%wSE$q_^ z#adWJ)57AqmO*c@g*3Jz*XoKyT3zuz$Ona6y#a5lcd(Z)s@<3a7X-!)#ml|wK1e;qSFgS+9->*2=e5=EfNX0MI({6xYyst z)=zDtp=dk)+g(w2yW16KNvEql;BmJHd{89P&i*_*e6G-rARo#{1N}Rqqplq>pLYiz ziSJ1Gq8+YasKb@$?dVN}JG|U;0(nQj%h%B#^h1NtP)C1wq{F}8(-Dk%I#_GpK?k_g z<#Iu8s2B1;UZ@Z9LH&>)8h`>&5DG!!F9Hoh`=KZlgW^yE8iIzQ5oi<|+v#!>kDGYh z#N#F&H}SZM$4xwL;&Bs?n|R#B<0c+A@wkb{O+0SmaTAZ5c-+L}CLTBOxQWM2JnoTB zS9qXvAnfam^h41It4pF?t`HP;LGCVBBHHB(4|nyups1&-KjH84dpuqIY7O;wMSLD8 z(#08$j>VllATO zH4SV$ux(poO=EXsO>=WiO>1jyO&c zv%7Y8&7Rhpntl5kYHOOCYHK@dYwH{9Ya1F`YqxEyscmfRtZi!QtZlAuuHD|yUfbH* zR@>IrQ`_FzUb|yQYwga4uG-Gdn%b_WuG;SI_S&AF&e~nOx@&juuBqMI+F84=bzfag zO?zEkT}xg4j{3T7HQVYMcQn>DH8s>VH}9%z+0jzh+SFRt*4A0q-qc=4m~|Z;-F2Ov z&2?RdQP+9<~>l+$+>Khwt>bGxiu5W2? zsc&nmso$}qt$uIQ-uiv}Y8q-Bj)uCro`#05?uN$3y$wxWO$~(I(ACw!{tZnHJ%-t^ z&*9kC+}ys6Ft)X{wrp$bYTLG>bH}!w#%bHg+qOM>_B7T|6ckP)Q8qR->}cH9v#pWv z8k?GG8k?JI8(TYD8{67y8{63uqNBB=acBF^#?H>V#x5hZvAesiv8Si4ad&%dJ%UP3`UVO`V;)_z0l6si&vCY1ghD&2nJS66FucX!S9hK9Y{+iKdj@7U3~y`!UjJLTWf(9qt}*toBysj01{ zxw*5Y&B$nJZ?9?TFtS@ZcXYPw-re1@*T`+zSF?{=rvhu+TkH7rwz;{XwWXzo8tZK3 zbduKY?w;13o;|I*I9_OP?cO#tr>(Azf~~Jl@penp)eMo9o+JDEd}* zsh}R)+S?o3cGT3hb+mW1?d;y!*4f$J*45S7*4^6OhR(I^s^8VNdv|l&o`yYbd-ry= z?c1@hy{4uOC24JMXy|O;wymX|I&E)is%>v>u4`{?t#2of?HwJh?K_RU_Rh|p_U`U| z?LEys?fdq%?x2i1(6NrXy5+X)doqId>)$Q9^Q$u3g+IF_Lx9{AsW5>>pj*gx3*V);*v#YCXXLon^ zPV{Bxu3fu!?%ut7Cwj4S@7}#T_wC!)i5_+~HK8>-dOEv|`JIH_NgL>@sp;veZLRI9 z+gsN~y>>P1Zs=-k?C5H0YVT^^)!wyzds|n_u9mLW)`l+1uB*MFy$k*A>Li%1uKF%M z5a~iUx^}hh>e{oXt!wYz&aQpC_tBDTx~aGB`nvk=ZN_Qcjg33H(Z%lV+grL@T3WkX zTf4g3TH3nXDXJYi+Pgd2$Z}67S=iCNt7ljD?%nO(w2z*emd+l^x~IkA=xJ-CK*6rA znjXreXWzcsT|~31uC99*ZEY92wX3nQb{BfJtG&H#S5Hs(?rp8xc2mZ?u_=2<)1KPe z+C4P(Jv7ce4Gj%@wr$(ChlaAJsi|pCb93{a?c2BSX=!QM)7sj)hqB&7S?{5&_fXb* zDC#|w^&T?5hlK9wK>;c2J(M*?y=M<)y@#^iTTk`(4wQC0d^9 ztO-sBZwSugE4}1==j`dL8~HGDIUD0TN^7jS*b0YJ7CJ9OS0)*hBCSQ@G`9OdKsU^DI7d^GoG6+CK;YcCK<5OqV$JSMLy%cBRZV)4DEsdFd#4)8i7l;^hBE0xg6kIfWChP? zA4xZ{E|cw5m}G1D+l}Sq6>&n+`Ps`+K%DZ@eJ`ujG?jab%FS1~iZazQ@4Fp-F8^n3Y9Hg&Dx@76{}oRnK{bL zQ0A%1oTZehY-P%3DBEmhZdPeIN@c5Tr?TO0Q#OaP6)4*ZWy@5yY^72af97n{T<7FR;bL=&4Y)IL%%j1mB-8r4!s5ahWlTbANtYP%nM)tg36g=UiS8L=5=qsXnyqV zXSsic`yX=uP1BaW1S&MgZ@JkVzwIV-{1YEH$M5)n>9^r)k>rO#A#(%&e5vW~$wQRzQ`|W-~Qqv6-5RTWTg$ z43(Q{RqM>O4Qn8WnYM8jvrmbITra5g;E>vo!l`Vkmkkd>n zKMg7|(<SuMS_@@D#Fs^UDTI|mm??yphFco)#%5@hnPyu7k!Bli=2p{QxfV({?Q1Jd`-(LX z{Hhda9^`;FoA#B&0EZr zwVRmmEyKyBgFlRY-qljvZ@4HYo-+CLG#R% zVmkybBaDJ|5OM`)m?@`cnkkDiAozKNvtTR4eRhhOGAq|ivCT45jOAvE>4Z|v%<5{W z3|b9ko0(g;nwgu^&CCr;pcT-1XoH!#E)zNfI@QcvUkp`26=r6!4O(Vq=Ffsm2)9LR z%*@kHH#1M?*@Agy=BxrUGj}#bqsw)enb~$TGiwX9%FIkh*1pcnOhL}T-9XNmXJ&1# zFtawTG_y7oKr5j2H0Rl7*7D_M*0Qx`R?!&{`nuF^W)*IRoKOyQx|y|PBa{yrW>y}u zXDl|e7MDQyJ*^bNG@Q1;%$hgX%$i>W5yvTuAi|$p4pno1nwf=;Wu=xugqKnX5sy6! zB2GKisgXbtzP zp}COwn*-%R^Py8AEHLR-25F^rV2vSU$)hs!aW^5{3{0>gX_tJQ1|eh6{NhGH`} z>oha>j50I#)MaMwhI}*EnQhL>++fa1S!d2VqtMKqOFGN37tS1zw9LUaIcJ-xx!9m` zT1xI}Y}9;{)yA|ZW!kf7*Bh(2UutIN8E3upFoMvh^VHA^=a>}MW-At{vVS^W8 zcTX`>i_oFs9PAGEZ5_5cZIhW=y4w7}AKx-R_&+~Y8RaTtt;(oW8T46OR7RD`SgA7B zsEpMrW2wqmrZNguhC`( z(oa$8i&c8QN}sFJ=d1L2Dm~l0>@Qz8FL?XQ=0(RYHA~8mo9F-HHSjI-;x~S3UirqG z=7n$k#Qg9ZKgaEl(C^JFkKbpWfBYKr;^S9we--y1=Kgx~;=ev;UisH?^TNM=&Aj>- zhmrj}^f~A`^Wyhpm{-0h-TdIO-x1~?%`1=n$-MS|ersO%^KW4V?5cuBydqtdZBjPO zL?KPrfeBawE}?6gpKfMsr8~&Syq}t7X5`Pu3{b?Y3aJ)~av|o%cAA-5xX8>b$L!Ip zG72}D>D9$%`a-&p&8YE4R5fj-nY!!@Gb4L}nK65onO>Z0rmvz)sYGR$RA4}9?s=HH z6)Vh)^wZ7s)hYNbN1ZWmbIQyNOmSKT)o3%!j5VlGA>EuE)0tmjW>jr4Gv*j(`kGUz zQcTc7%wYjxt-;^=N;4z3fbgKLbdN>k1(TRoO?Nt%bXTEH84JwRx%f{--EF3se#&Aq zZ58UY9F;g@tC=Z3^1eV8wjtGu01!!%#bd8knH~kJHRR_0tz%T2?azn6(CTLN``QH?>~IcI9T~;!-oC zER{TA0x)^0&Q&yHn%)^S*TrdO=4!&N&LO@{#78%jPkau_p>(#HQHjnhEHl#!7n~)3ZqH zX_O0H)?)Onnr<#5$IP5f8kRZD^yP%Vo_acsdM;i^lg8v!+s)KX)MY9r7SdnLaA0mWy3ep_5krO3=b9M> ziz$0d>xwf-BlWtbk}{_p77*@M!r!>Y%t*;JGv=idKKknrhYWQf7g zDr4~i{E~kM`J+tJoakjWW)8EOx_C9_ypXslZ%3Y)p1m2P= z%o^&ch@YIVObcf+{n8CAz2)!sf1D&SqnAW6c6jP>@Yf6cko{ybdOt~+hTV6>y z6)!QtGAsm>zGInPY3q+KvgNzGy^#t*yeF?M%S_Q3#)|%NHGN2qN7s@hUOk_j3&@4!v%{Fs3;P&24&=zO| zR0XYvRzfAvYBL8rpR;J0nO$89Ej6>ZpF zo&%LZ6_69!0+mDS2nV^%Ddwz=OQ1q?R#gVL49o(Hpw-+jgz~sw39X0LLYtuZ&}OI- zDuzm+rO;NW8d?FZF<*=on>nN{XVpr|a|5&q+G^&k$T4%4FIBeFlx?|;#dC|6n7LF= zZsja9cP+|LY?`_0jA3&YnX}3Xa8o(~lCV?~mP6nR@}Wg$P7(9J)r-xXQU_FMW-rGW zFJ%P3!D;5qsx)(QD40SDYc&;9P9ZYh&(7Fr&Z4n0oi?-QPzV@>?0gFUbe?0lbDdkv ztP*H5gPkfmVS5F0C+0jD>6`-QNDFD~3u*LAF=Wf=cXafU*yV&=9KxNdFMw4Do!3G8;x_n7j|;XL!VLjgE3eAN<&u*G=wtw`;gv zVQ3JFLNRCv8Zq2%7vzR|ArCYFAxGJ}d;6e%$Pa}e!sv}a`=Ny4_8{-|2085qM9zy} zFLK^EGz<~Gcg%42A=ihWKHU384Yw~5bW=ZWAL03s>G$`$`$PvX3g9PzY=CqJ$UAlH z4!J_^5Pn018RA)pXY5Mk4iirp`7q@WiFn-9v70(}M+ke6^z0|R{lvGQ=lcnZv&7it z8YHYJ`Jq1Du}I7v!(WVWW0W^_>5h}GxFCKK$R`LVLD?jTFF_g-#F0QIfqa6r43Xzy zo)43k5yBqzLZo37eiWHe!WkvLF~S<-*%$|E_(a>X-)w!1VtcZ`lCkg0M7?-8yGTr1IP!05YGdn24|`ny&*4z|41ap zX@N#BdfqGNsgeKQDDg!JGm4)mVW8u^EEDXF5l)PB#XUxEqCe3))IZdVo_bgl<8gTm zkE;*zLH$qwib6w%2c7g_3p~BOhQ|{&JYH|YOI^F`vP?5r)@0>}Bb@;U#XbZ`AMxTo4%Kvw{%!A)bZ#1rS@|4evL+tR3T*7sDGf zQaHEH;P7D1NRNVXNca)Mo8U_;+A*J#8-1(|fz63If zKByns5Ai%P1dSSfL)?!>M>*+|(=J_xk2>>_E+2K~a}7WtC=3llqlORL;&UV8#vL2( zbB`Im-l*a8@BJ5{54T z1_ljZFzE9IamP;kLPLfx91Z)z9*{JVZ(oGCse2!7mz~ET;))PvByRYk#7PG2o*deCU9Wvhb02UqakRAksAy9P$kjCgtE8BAj95h6#U|Fh>0b%a#%>9RmYU z2pWdQjDGBEKmAm{*X!=bp7m2_Y>Wo>LCE|2p`g)E+v*P{jQ)@ZiW~jpr9bS22B0t$ zF<7z~>5ue+xRHC|FB{DheL*cIA-{)B)`NK&TfA8UxtafkfOG7;+5_47-Ntx#N(*fC1`-Jdht6fI?8j z2w*<~=wE<7Er1;fxJRH-Bhc%E0#Fc&8v*n&;OU3pJ@8(_B`pE;G0;aieNhO1C{lnj z3HbUT!el%VpzjLwBim2-=xm@L|NX-de*Kh~pY-?>5N-nrS73lNG4==yAUi;q0oPc7 zJ}MAEF6asd7=r|Yghd|}2$J4Ve<%yMG(g`LNF<^G+E0MC6TprH63Eb}1rp>ZLHg*| z0z;8dV2Hfah5|#RW7x0-hLOYO1x6^#5z;V%pAqCo$lnO*AN5BA^nC&Py1-b}2vYAs z>O4q&V@aTXXaI^CL3ezN0STCZhK(TOmLPp!(1SevM$pSM#wbBAZr=S6a@29qmtf@~ zVfpiz`@k3h)j*S^1@*2Y4hR83Q zuRsAP48@>f2pM-j6oK|b2?%$_ZXxm?V$2r8_J$a@(dj~7i15()5aZ|&b~xl2F*q~{ z;+dE5(f^PacgAxe$|=OSA%txR_2EvN2r;G$QEDOjU=YHMHW8vPWc1u0Vk{S892deE zgeXh4e1u3Z?I08gctVt8h_OWoTOL9YLg;>oG7SacgUC^)A@n>HB3*nY5(*PPx*iJS zFN{2&>4qY>Meq|L4U}ytg6tsv8I$mVFa*D!IHIm-C`#VY?GWSdP>c^ZDg98q*9gT4 zGftTF#Ubh;lt3Qa&(|MDi2gssSUWUCo`xwC#$uu2AtQvIhS1Z{D4(^C;yx<(xQ~)9 z^fWX|eT?BghWi-)$4C?7vJiC{rk@C7ufo)47~Kt1mo#H&5ZVvLjIcZ64r8PF79Bzk zTg@SBP{Ig%82xzg??KM%9SqZd^4&BvVuZ0%VIP~uGd2oizuD{G2xFgE^8q14J%s&! zXaFKk>{8f23Xv|x%@{Wb3JCCiIEF0!Qkc0+m@#k|JHh5}MwtF7j6DcbzG21|e5`1M(f2TOnD7YsA3=t4 z4O6CJ#=Bwqib!v-Kf;_LGBDte1foWSF?=Kx4UtiU#6dA5G8i&A*VoT7W-wtyVr;L@ zoQfUtp@0#gE(RHI4$_7OnG+4tM+{QtgUmYznR5;@#~j373{tj(^a1R}3q_z2W3Uf- zba@avKgc#c5QtyKe1nwNAPt<)jg3KU^B`#&Bu#^1!k}yhvAcuxU4!V~V3cQ^y*x;H z4077)Amh(L#`=TI;r1sIY~s)h`V2lVfCiw55vBg4jE|y>kJt^&h%z>cGFPH=hj>Om z!g79t(&&$d;AuBe#t%{2PBhGdZrTkaBZFo0;V9!_HUp7+gG0fMD0LEL%*j@@ATq;- zJ&K-3vBy!yyD`d(6Ij50Xg?H#;?NK@X2cj%#IUz9`d7Ac^Tg;=WAv#p=88-XAmkZi z#3<7kwkF0o4}3rl%Do@rIfF

      1?baQh7v!+yk=pTsD0mhl@g#!Z~Q4EiAAU|bku zo)-%Q12Ou~7(>~}1J9QqxL;Km%EuLB|c?ceW@MWcf;^gYJho_h$tvDk2o{xZf~ zJ{H4IJi=(7aN>l+7%hgKiBaY;=6x}24Ju*8hK9YdVGbsv9mE)0#)k1bOj@uvu@S`O+g$T;qwhB4DC1K%;V#XdE$(_<8B`mfrg3oh=I<;8149t9*!nngi@47hh|}IU0SHPMoC?R_l6V;7uot2c_w#WJx)-M|;>^j} zj}=1JKV-xMi9j5?9;ZIy=w&?U3&w-UGM0%`7jech@eqh{h+|VYK7ifycpf1v$~itr z{Iumb?@r>_6ZTP#LLgzIpmCaYoU)BG7Ku~7amFHX#_tR@<8kJfY>5WphOLP+x5Lqh zGoOiL*W-*w;>>H}L&)(SCC>Yk_%K^}4)c5%_YuMyb@f9a@nJI(^rZ<8=<_p5a2bgJ zqat*Red7#1cYvbMh>?g!JqgB7q!t=B64;&uX-Ew9LqQ`kHs&6}_OMbE3L8USzBKms zf`i78-_PO2+*5u-^nF9L;~~a(L-cV&jPr+Rt3!;Vh8X`2^O9=VHcMKG{AAutGDku+*gChSLDEWEa=+*i8vEkMJ-UP+pPeAea7AW#RHT?Sd z+n_xE87R+x4$AXi7-1d$uZ)P6`!y(XzX3(=x1c=u9Vqg@HxgRzkD$o?2^6{i2Icvm zjZy9X7f^VqC%a)F>e6U~PlZ?Tf+qZO&<-z{LOmgDOC^7TY4C(^ONSTCfKLN6;RUnc zv%ze5!5pJr<1E9YF_(Ik_)noc1n0s_yz}4%=fg`l3*ZG$g_m@k1}}Izyo9?DUT~4o zsMB$V;nTPnUc$+P7tDv3a2)W0OW=#a0(ikfqe=TKGWs+mX#0gY>o79HO@BcO4;(W=XHgAvrY5nj@>30`nB zyyUMMUT_O~F6Cc`ehAjXi(CV|;5K-XYlIhULf<95t>}qh8@!~q9bRw;d=}UNFSyg_ z)Zum;QH?$D67DW|!QJo@?jCr-y+)Uo+h@cyo(V7da2CAa+3@1;Ki~z=ffs-8g%@-g z-P+x4#5MN9i#wf?MlbDA%AbxyqaR-KF#snAf_5+I#@K2chEIndG4|>FjT&Pb$Kca&KNnu`eeja*^WX*llX6`I z-a@$w-b%cJ4-l{5gS0P^`x@;_Q0$oCi|CKw*YPj-4g3p!6aRwW!oT3RjqmCFf5-T< z#+TqlACABaeivTkUWOMu3Qx1Qy#g=zJ>!eo-w%w}H2zSr0u}dTs#xQXj4x|^)p$eW zaoUT7^9Joj@W<$};G5{N;7>@elJ! zuv3Ehko(v-y7WYK~0Piwr-d{pE8=HnV4FrU--AiT(rn_trSocUSp{ye;->ucs= zjW3wr)c7q>mh<603tsSamevVw zu&>q6J3#TblV7YQoG$w=&F{8v)cje$JcBu*apo?L&55@AhFk%Uj?-&kAM1 zXYDL~0l#i{YWxPgg#S%=!EcdndHxdd3Lde4SGymzzpU{U!V|gg5uV`p?JU6pe_&?` zANWJ^LH*fZC0&BY;l=$mc){0Mr7!q~o#j&CkL_=2e9Qh5jX$-s6b1LU?QI%=M)^oM zKPP{JzkrwLzl0b36+HIV{%d%_-`HhIi(&t*y;0-u>@16c|AW0n;~!ItQ~6RiwE*k} z3sajk7Qy$xFHPO9`DLl!(fGO4&ue@(^_v>Mm9acyvtjT9zf)sbMuo=8jIU%ogZp#f z5%Bq}#;je2k<|ol0b9V`U~ASjSv=3WF6+x#$Y+gbeMRGQ@Z$b__O@*NWjAGiHv2o^ z=d!=7@hjj<@LvU=1;_a(&!5ZLmP7bC+jANAK1+M@A2 zi?(X4SyZdB4tufGF!IDc3fhcXY4>@`aBDQ-3*qhXf+_H2U@E*|n(-CU@4R&5#~L#j z*NOj3#&v>O@Zv8UUQot;;!nnXg1PX;;B0uoIq)UmDe!`GZKs&Do4k1}UlN=TFYzsa z7nE_J$jLZRP{x5yP{x6Ri_~&yA9-h}6&e>C+jP3}j6RJr4n$w`9P~GWOR%Ss?gH$o zpo{}0-7*doTndk#<}HI4EQXhKFNYUg0Z)D9t%MhpaiOF`#)X0<#)~@LrN%EbuA$$Q zd^qVh13V11}N_fGwjQ_-a9pgX2^?B=bx~uY7`3=8;=OVX}=YpHyrCc_{ z3sxI#I-V^?NaI#`$>)3E1#93X+*)|SI{II6uc!YNY=9T{ZSaDP@DfiGykIlD#Iqe< zu!a6b^3_WJBG?8m<<<@_xWm?JO1*a2+BEKj7r9P&!7igiW4AG=u?Jq#u?t>M#-D;R z{uJB`FX`F`FL-9&K3y(n<(;YVY@SOx|AXg(GX4~QGX4~F!HYj$G->R$>2Y12$9ATE z?zO#FW1mg;uX(;atDW@c>3L3`pZ;0G;U$a40KA093l)tac!`&nQW_)hQci>Lf-)X0 z0%bfZ7=stR;l+u@1iZ)%!3z%C`gOUC*z~+HZ`3xR%XQ2a(0Hz~OUB80?=yxpo(C`K z`A>Mk|HXJ$%Kv=EyMhiV;;QQeve; zhl!VQecne1Pw)oY|I*>!h+Px^w_w)2z4?GX@J_#>)DDM`X-h15_J*M;V<-Er=eg(TFa$m)62_A+o1jpe8pJSXT_&no8!LPxK z+zar6FB;$0>G-vViK?`s-gw%ww` zIcmFA<16qI&iCL2zYj0r`~Y6?hwu{4F?hir!54zB!V4a!9SOchI}&^yUi`fQFZg5I z13I2JZ4YYv3B1Jf7QEn3;YIFkc)_2+^C0i%@Pfa9F9d%HFZe6;Ui|$UJr(>7ytw}s zUhsGD63*}81^){k!Ms1f3;vPu@La>lH^6xyFEDU6@)ch(37YWeU%nk)Fa^FAOobOr zV|*_D(?Ri{!JYWaWGS#<7QFb&h8N6%7k{(h1#=mPi~rf6_@Bd__&X(kj>ft0;%^?j z;C$u*B7Yhv@~3kr@(cN_LU0kh$ejT%xR~+1$U8uhU&5Wp7343`SO_n2Meu@4;U!(m z;024BZ;1cpp!i?Go%mmwze3|Gc=5LyUa$mS{FTBBu3;V_{+*!sFXK-9m*EaC;m6)Z_v02Ui@u_7p#UCe_P-Mw=!=L|L+0Ce+_ry zzc#-{V;#KstA`hCU_K@CO`ym(b0_lK^Ywet{1$kTYlRnVV?HGE9iYhX*9R}?V?HSU`$6&V=T7_&mM`2l$G7laoK!Hd5zykLZOA@YOhr(hI45{y%y zfAzFUil;cqv~N3x8RDw#Lizb2MJT*Q?@wB`r$ugXpo~Rp_zc)qJiccujtx#%uG7 zG+vj#RO9ve%QSunjTgBOqsM|DL5~G*$X}`Pqxq{e-k85y<4yS`8gI@o)%Y<$E;Vp6}IoM}D8iJE<{|zl(YhyqkIuyeEG^<0tb28V}_M zHQt*a(s*BfSmXWFn8-gsz0u$0KL|2@&HofNDDDrz3qEY#tML(dsprq+e@63kMvgW^nof7|F#eN8mgChTY zzNI%`14Zv%0L9;n=#|9(bx`8}25%t5-#6jq`AhJEN3aJX_gzrrUIs<(X#QU{ejk)@ ze*lX757AGNKL(2Yk9f}^@~@ho*X`pqP};}qJQw*lcrN&3+Nbz?6BK_x0ma{2=B--( zZOTLVpXI+#=j+$#zvS;X<_j8s3oqgPKL7Wc|1a!{$p3-%DEKE(gJi@&h3MPsDEqj9jnt8srpRAam#rZG`4q;aHR zSmS8Hn8x!9&eeE9!2yjI797<0{(=u^ytv>Zjh7UBLgT#!cWb<_;2w?l7aY>~K*9So z9xFIc)1rKTdt%8R&{K%ZjF1Kdo}KJo~iLH=h+(n!+DOz_c~n~-A<22ud`31&)Kih?~G_1 z1V2jr`<+qE$3WrZ&V=TNK;eg-Bbpxtg&%XCtNHhV!k_2druplfH*5Tu^N_}So%dl8qjgL4#t?@I?M>Rg?d|cxb&L=fK<$PM>GtSRy{G9Xi8lQE3QRA1K zU)J~)=T|izcD|_b>!76T8_sWP{#&5%-*$dS^DlwIA8~$H^Dl$KA9cQ>`R{?kf8Tkh z=6~z_g~tDK{!-%~oWIieN9V6K{>k|ljenhe!|W#v+w70dzER^%v+vM&XinLjV#7A4 zbWXX(HFF#1ZsBLI7H~J%I`8p$_?!16_#pTc_%!&;{Kw`$z|Ub%%zs?tlc%pe-O0~i zRfWCmn9ccI4!x6a<^*SLfSYv8EOf|Lr}E4?n8P6()-ElnSjXPfF-OVD5{I=Xt#$UG zIAmr{?4j#nWw(z_fT!;dE&JtH7ZlajbTysBHf|l~)Hl@jG@i4qxwWByO`04IzdpRM zB-{XRXKjVIfkivf z>ZNB^obAyu2W7h;D?2mf+9O?TR_{f!^6yG+Bgx_!;kAE97*URs5f7X=hy1#KNS@Tk z5MKXxgj-n4wj;_Z?#NalJ1v8fu5KkG0T+2y^LfRkFL4}Is{hKWC` zdQS+XuBWrJp}l(}s*=1tZ?(1W_?auu7FWFoIrrzWF|TM&p`)8)Cip5q&X-OEJr3EA z+7aS3AL}S6HZPB%-tNi6bOo8=0uv7lPJDa zkv+c1q>j65N2kLTV~_oqb%wCR6Y<8Vy|@%qz&iR{SC?c^cJp_I9eljyij`VBd+W&A z?YrpQYO6HMRwr{rsahf@)Jiv}mq=DTC$Eat$-0KV(1zHk8hWX++3F5Mb9V1ezgD2r;gZY%Ybu69`G zOO%AGH+R?6Zn1J+IO$Q2Hq+;my1lafJ%>0*{v`~3kO51pbzWH{0SM+ zK}##>BQ;iQuP!L*pwy-(fD+O&$-V34q$4l;)Xz{%(Zh(Fj}fK{j(li;)654}KG^`N zSBkHk{$j$Ve6>{Pl)-l-Gi%k6oEyXeweQGfbDu6vDHVr4key@dqoT7(!{K!-r?g3{ zK55K4jJ9v`3<-bSsx---Rbn2G)G(h1MO_Z-2&Ab{twu^?;&2lWUwG)INx0HhX@Wj| zu-k;S>g7Z>s|`xvCn%_FyGEUyG#aY}#M21{H;p~daaO@u$zARzjubdC3cV*9NuvV` zZgl8F<%-Uo9>$~rl)cyVbENxe@*MfZ;$X-0b2^6Dd)qqUR!l-H(c7=9mTlLniMYK`=Oa!ji(+NmCgBZ$0WSEuUG<=E($G_6_>#3bwF zS-rQo$%dNRX_zm8ypHB=UDd^Bg^MX-m&Z{Ob%>Wu*g-8LWk2Cb>BgDFIFX!lO zUan7Q>vI$=T^c(pTp*fC($9R)yP3bqR880&NzO!0rDad(y12^$A2e-pb)vRUmO|19 zYH6$4Or~4TG?UKj9mUogOlX}GP2EWSTD=?V+9i9F-jm}U&J^^IOgb)KPK}ET@fJ=L z%z3NIS4=e?tq8gh%2t;YS<*?%J>#$p-P>BNF&uGBW{A^3CXYdMv~mp1bibO=nU}s%w%-nx+$)*_0l~rZiX- z=mfbb11n-v+zc%!TE2WTI>)k;3_JDkbj1os33}*!hkl$8W!==!iP5c>(XGefmGNz< zquCdZa9Z8;;Z>}3s+`{Sz!KUc!N^vTY$hLIBw4WZ%nfJ9ET5L{@acp;?n`v#MDb)- zZjGts1capI^5rKJUR9P2_WK3Re9(we1GX0+x)2Zsjq24o_k4+Kn(X(oe{ z@g_^OIU&Wd++XUYYoFO+7oC`sDb1f~z7pq|Wvh!O@^3Zbf_M0oPK-7fo@`wwQI@HE zV&_n6R7QfIsvz+rF4CXsh>P^;hq^eYb)zCCe>#m!p9-vC-k~^_locfV-#SW0#2`t) zNu{3<5IjN4rloc2gbR;1$R|nk#50pD-e*>0*^FYCXpbT%e{#4eXKhWHr|AO!NT&3` zB*{L{>sdW9D9}SJ8NgVIJ~1qFVKJ;ZD*{tiM^a+V5~e+t@dP^3>*Z@{hkKMEB11q& zFXKs6MUE~LUlV_Yj^xmiGtSPj0&#N&XmZ3a;|CdJU#1he2H*v%UD_ zJc9(YAA;_$vFdV!S~TuRo?9ywn4CK?*7pYcW`?E}$g1WwYc{Sq>#U8;lP8iaXtlez z%Z-{%ba};R#fw+WtkoIe6d}Im#DGpz8Ef=2l{_(t!kwUPQv$J7m=i5AGl4Rkmu8^# zdh!ukBFX=UdTT9N=wLubflsQf!__ClNa-u5TK<%gh^=;bgdw-vGI8~veMC4H_ zQLJf6pEgwa8{tKw$&{2(!HiI*0$}7G3_4^E;f?a5g)ayl%NdDUaZNm9e*r&-*`GAs zmaWpwrD#U$bCj?vcG)|ufhBpaeidY?Pwc#j9!CzsI@9rY`>FQG#7ht9tcc~Eot4zk z$@OAdiBDF@J2h^?PL-6*d^RJ8$!m4U+Y#nhU5?^nE7AX4Y9?Rc{0r%kcQPDe&)c7ANt%37L!x&5D=C`szUp05h4~Ye zX13$y12f*Apy4zxifOXRTBc^wy)IN|1zujyLN&k zP%`!OXn#+6rrATOa%-5(7?vs#Gdx)qmLkOxZX_lhEp}qCG@%}oZyTg+bb9p=$r66& zyM~jLASW(aa}E7M)JlzLVKRux_{HmBBG&JbVU_ieDc%XE5KcK`k(!N{QJT{ApQ|E&R; zqi9-sXB5W?DqP3A4Y9V9gQ_WYC0+Wx#N;DK(WJR^6ilg8tYBJS%iE}_shOiFX|hjZ z8BR#YR3v)5&gEYVMPXin? z=bf@qR(KL($QAGHmjZVM*;0r1#UcHQQFkf`ht^rKa=x34QLP?vN;lq-z7r~Q+Q8{w zs7h%?mcg)QK9n|5OJ}BkSnY6upp8ZIhoz-$<)n}uA1Lrcva9FVCW++84Il6MQ8SQmRlx~8#agOc>ZEmDLbCO z&{ob~?T+U!fbO!D*&-=ruU>FrrM{M@RLH&QfBqsf_$-G&JQcRZOwX5|F<<@E9nhV& ze%pX8Y8$qV;`;;8MbM?t-OxekGF#9#Vt@W(3I2u0ZJSbv_W29!-?`(Z1NQIU_3|V3 zmoMh>%0+T_>C2C#9=rYeW4AvAe8_?iTX2&Fw_5NC3l3TEfQCD7J$5Jl?)-!W4`{gi zp<{RBc=ux#e8_?iTX2&Fhcw)K>#=*0y!R6t9>3z)V-KYsd-957PXJFGI`+g37TlV8 z?CAr?o_Q3w+=8nu_>cuRT5$fcXFiR{r;a_1cL6f?%tObXIX^=HhiA^m;bF_+;R%Nc z_iJ<@&)j6etrpyA!66H-A_DdGht$^}QD1*Xed7Z4jRWc%m#S~vroM2e&2978yy`1A z+k7^^Eno}T!s@HH*#>QKTS6VaN*%sh9lk*wzEK^%Nqy-ub@)1U_yOCHdf_4U!o%u? zN7RcSP%mDjUc5kk{b_ah8e6YAe7*X@gSI|(_~YvEt?KX{>hRs_@IC7AC)N1P>hOJP z9QRMD!w;&%52?cstHY0|!=F}%A5-H8)c8U5V?NtET&$#SG{nbdf|Tc!UO8X%hiils28tH`O#D7zwkKM3-tAXz8=)q3-$H=`uYKV zy+~hg(brq`^%MGfo4($zuXpI{o%(v0T%XqRPiy(7wfxgs{%I}$w3dHb%Rg<&KlsAq z_7^@SmwUzkGoN|kam5Yl{IvrF_lP`sR4(_+z)_K>%{RvZZ3ZQeA{~o=P81C@e;XQsly?f)K|}ci2oTDaK+)%{Kr9n|7yt+wRNl7 zxGRw5_$Rv#qyP**4f#*{W^JIie;SQ(wGGg(J58Di%`lkb3bF^@Tgs zk*m~^tJRTf)RAk|i|14!>b84m{r5vV0->=p8YqgbFn^KAUTJ63rWi9vX z^nI0nTBTj8Qr6>MWtZTT->>{bYRGSA69;Zb)QCUD$%Bg2S1&%q{|pPb;&4CzaS-6Y zDs!r`GF4Wt$|_V@r7Byi%GRl}^{T8&m2FVvPW$pQ=L#-maw(Tfg$tvs;9j|2f1zAICLz52;N5b4{1L7{J18Oi>~e|g zXV*(OZ{PORiuC1gf8_SJZ@JLA`Pq%)_qE4F^0g;K^0mh#ov+_`qjr&4UVs06+FkPX z`uh*b{o^;w{S_B*ed8uc&yOz<_ctDtc;C25((sduBrmVu^l@?d@Evl!<&$!~Ny7i} z?ay$1{i-YE{*uSJzWLCta({;o`BDkzwI^@m`uf$9>(}qQQ=Z-^F0VZ$@xJ-6l+Re6OfuTZIt18#2 z%Jr(UN>y%9Yn}Eo%D`SOmkPO5%4Mxw*2!hPT&m= zW4Yy&B!BQ$N#MbYk)IGbNa`gOgq{@UN%BrhNcbhy-`wvszLDMa7;*;G?=8 zui@?^_&9#>Ld%VUpcv&T1^O6wH|V?165q`_V-&EI%1zqS#e{bw<$%M@y67(94hITe z5@FpvjNgw5<#_)6Y=_ST^!W46vfA>Eo1~HN>TE3 zE4qoOfK@S?kz|OT5j;u*BdN3Q#EmvYbCf6uOY{#>!h*SnrxeL`c;YE{_@#j5DdFEj z0stw9;|Ct%2I&W^5bVw$A9&neCYN%#RLG@LE^FnoPA==^QYDuSTre5>Dt<5-`YOIs z%EVhrnfOa76OSon;xna8yrz_CzvbF*x%OMG{g!LL<>FU)T*{SDks&qMt2`m)Po%#7 z_``2pd{ycjAGr@}l=}MZcfE1nZE#n<@z9gm81UDh`rvC%eH81h23;!bQX!WL@ZYUM zZsl{^1H9=_gMBL8r$Rmz@TvYW6$&a(Pz8djFQmdD6$+`|kP2{9u0jfQp4_)A^e0=Tyn*RfA|h;IF|~!RLW(o zT-M2Dy!otJ z(EiKYK6t(Tmv>xp373bjvj6g~C$Cj~eX7r|`hqGJw}0o6?|eoscgW?C{X5TC?0xnl zH@x(S{m4TvJ*tj;LLIqI9l22*xk(+lSsl4s9r>jF$UR3ckjsJ8Blo=Y)R7A;IAA|= z)k}}c)yvPQqvxxapHMGgW^d z=#%P|^VKUCsH4xQSFTa7T&s@Wr(U^8z4HID_a1OjB+dV@?5Jlv&vc%iVFi>RQH&^v zIb*;qibO$462t%}5)?59%sHco0We_JGiN;&&MZMZ(;3e*zTfJenVnr0^`7T`zxV%t zKQA9G^tv*-m7_H__Wo z^mY@y-Ar#c)3eR=Y%@Jep~NZlYzw{JLcdb!S1P?orQ0;RO{3d1Dm0CrWzcN~{n|-y zchc=ndb^XJ?V{UV^lLYL?4cxk=vOBF%EYhiiTH(&E%cF!5B3aD;a6hu>==3xL(gL9 zSqwdk1>*35Y_aqDgp@mPpSMDMupZNTj!k^fnQ1v$kb# zE1tC-AK6o~F`vtxmOUGv)7j??_BoS%&SIalDfRlS?ewt&AK9RajdZ(_Za32HCc523 zx0~p8Gu>{c+s(K|lYpX0c!rN1_@HNrbel-GiIihKphU?ax{dU)i9Rw2@;LlL4tz`| zcoXTxX8K5@k94#PACpUFM`r_Y`U2$i1<P*5rB9|2*F)OcHE6QR3E-dfk@+s+2}_s zv3DsH0W4;1Eky|lj#63ML0k#haiwqNquhur#P{`;BSz)4;;O-k`2QD+4!!@di-_gAIll7#Y+zFgLI?XldYR;A&uOP|v`r zI5>MMeaxVbne;J>K4#O$997mTRn}@%)*4mTT2+N#Rhrpnr`%G#mIN>gQ}tFkgwSvyr(yHr`bRatvfSr~aIs!MH}@3c(eMD-2gSuF<$6aE-w= z7S}kl?{cE&h2}&jsUpUyd`GK7y@X(>-w~dw0Q`HY0zy+?z9TDkk!nh@}ab zGYk1srV4pm76^GWrwNz{3os`Md21I71sm4jI~n(Dh5Uspg$Hq~g#7u7guE%!g}ehu zGif^Rw+VR(%Y+9RF~Wm+D};g_$wJ;5Je##g$lo_l$WKfX@~0;WFjV21B0QX!DCF&0 zkKbERUz(6VZL(01u?;ZH6&|dgC_G5cMBW4;KQmf@!3kFa%1uL^JA}OXJB5ewFbPD@ z%U_y;cG52tD*eiwCjQDxm7Za$BtAn0;;#ow7D(x)E|cCS(KED)u&@=-?Z>rS$lWth z$lbqE$UTsXYp;+O9V6sT1cWibLhJ@yGliTv%Z0pnU?hGXuC=&!;n^O1+yV0^cZe$|PLKGY|Doos4S=E|fDB^-PP$h4<4?&U8GVJ{#9! zT)@cm{kRSa4<-WJGlA8aC~xLwT-$*`p#K>L=?7xES&|5DVs2=y&W2b_RwO{$Q$Vg@eUuS9#7gKAcyS5~6F z)o9xq{9dyQ6ob5LQP(3Cc+UOeqJ1ysfdg@O&%YZ$GRKL`qr znJDC}&BV17zd_C5j{JB~XZ$o=GjL@J`IGQHX$LNF$)v49{^aGja6fscfC)LSC7|wQ z;Dqf${#2AP9nYri$M1dky-~=Y5i8`+MBZ7e@g0wQz`ik6$e*2z>wu6y2YF|MK9W;} z{G^$<@V#J-kiTTNkiTe(kdv}V$X`4g-w8s_X3))~Ik>=eOTj^lmkI?jTZG)1NQ3^& zUkX^3f{T{{#$|JboGsw66==h9)VpeqkiQz=tI?j7D}?;D^MssK)V(f7$X}28Hf$2| zHv!(wON5+l3x)g?l(PkCwj=!(v^N!bQc+gwULl{J?Kmjpr$It&-yr0t&&P$fWbDE< z5f|E)0r+>KzVvhd>9CsoKvheX&r6&LWl3;5p;JRF=PJc!mWjJ`vY` zT)Tt^Xy1eQc;UgMrNV=Rjkq#|2UBJV4-%tsB?%9vX9^EyOcio6Q}DeG-@AnevnS(1 z`q|rs2Xl~jZlaL0ZwVyLT3iQ&2T9w62McEjIS2O%xzUh7OVWi0OHu#Q6~cpMiFgKh zK>xWDCkeSRfM?YV;lb)@!h~qwtlAYV8do1H*PDW8emBV%*iu_+yqF< zt!UHMDfqoXc#t+n$W4TFO#|#{$eWI|8Eb^xX^@7y0OxL`-xH7fbRl>8BH_V)wC4cY zbud#Xh>jNuCa%P_4Sk%1zTP1e#Kj7^v!>!3{Iw|qv>qoE99S;o&fY8(B+kZ#cZth{ zyu>toZ^uR7`-Ot3>v63U3Z^X+3Z}0S3TAAQO3OaLO~K_UD7gKt8n4nqFJ~=gNu-VQL<35n63n&VCf8@V99EsVA&r0-iU9c zT|P-DSg}edSP7ZC0MA#UU8_+48q~W6@GnGL)_@o1>=kks9}sevVC2|@G@AiuDqz}< z_U}MBX%mHl^d%Tob_oT$rV0f+_u+e+P_TENP_S>e@DP0bFm}7}Fm5)kCBnl5Je#@z z*Fxdplzqa(nR|qXvyy~|^U=TS>3f%uyJ5ZXa0z73&K<(TrRbYvj0edWjaFc6*o0>* zr{YQ$94*!T)#nhxFH4?VBI=Hc$hLrc(^@Uc$kK>P&oFg)ML z7eeEoCGOaUQ{iZ~X`8)fg<}Ur8M+DsAbLQ%X&fL}1}*s1hAyKj zX7IRz-}dlOxXgHZlameHEZD9s$Xy+G7oBY(w9fxi6fnN!Zu_91udvItt&e{l}ZM@v=7Eu7$7J4Q8 ziXDd7A2-<6W=N=m4F?B4Cu-VS4=+1{Zg4{@D{T4H1w#j1$;A&Yf$}bN-Y&6AxK~an z_T<9Vg**r4WY~nLw)XNKZ5kJ8ho6znYmeTo}hDV+seo7nb2KaH~}B_>=; zh?W6B{gw?i02FcwlWM>LHkN!ZEw2KeRcw=eP}|4*KB9sK^uzVDVI`8Yzb{kMC+nH-gOU(0OI zUG=at6+I~K@ivtCRX^jmB~*Z`8A|lBemf~}1K|QGwQ!?1hsGNg$u&2k#2~Vy+L-G- zt5)tW#SU3{ldK{?h675^>y-Ock%@1s)d7$tG~zCm^612Nn!)1_BAoe2O7f$y)W@!! zu}H_AD@jIks=?kGxLbOujf>9d7KDSM+<5YD8J1Xjh6|}oQTTqt*u?UR2$p!7jh|9c zg&U>>Ps8L=dZ}t}Z^%1;zmeY9!~jtVXJE1Y?*6n58XLaHz@Hs^n?gtW1qXj^03{xz zKP`V`xhEO(S<+Ss$YcqSF9WVNEjpdNg^6nu<3K(|C;ldEVDB&yptu)+_ImZ3Dvto(Xu$gi+ zPPW8hQcSde8>TcZkxO*o6>)FdXRZ7ICNOfl;Fs`)2C#*pTXos*hjT5XNJMZP%y zxGhAN42fK{nYvy*bwj;iQyN|e16!_AXPjYMWOzCjVt{o#;amp`eP~kyiy9=-lpcyJ z)M0$firisE70Eo^`F6V^OO-`2D-90v3?Nx0V337H&?Z^XR;WD^SgL#Q=rklJwFDkU ze(vJWw0Ln-gwDuC8N}f~loi&S@89upXBxkc?tTYpmyB}PZefuM{-iKEis>v5n4^Q4 zukbyiY+@lztFY;7xSwZXHpk?L=Eew@;vLEZxabp;T8;f?@t^~ATX}F5wG84GDNPY# zM#QiVOwA9jWmTS1|;$mJ5IVA1=J)FH)| zQn6@#@=Sysa!mYX0c5di*(3H#9EeyD8Q83F4k+7wNi!9S6y%PmRfqv)$BvYFd07?Xcte!+0(##)v3NH;aO2ihSg7E3@k4>;Xu#C|i zH%Or}FFzk2?1l~G210Cr#THdin>*@;DUkr+;BdfY;+Kep>6Hq~7qQNxgvfL!Qi9kp zZOeCeutqE~5z5{EEe7`m7L5PO#rinS@QF3%p6b~wYK zVpc1}nbkY~Y3gQ0>KZ_(0!fYJb~>?><#y|U+<|p5IzLDnocv6T2zfpraONR^0E zkp-utWh03HtI6Xer_HQ2?s{Q@DB2HWo;c!_G(zT#7Ib9SVal(6Ju)v6&~8# zfQ>MYfqC)5lZ6Rmd$oy@vBf+b1}qKsrC>aqxCs#YW5Dn|x-9;yR&@xa7y)(*^@9nK z*n>6`^Pm+ZK_I35b%B93PP%zvylOkxLeyhv*T z{La!czHookSX$xDEru=1K?612!jMRyYon?ny?%k zOJZ+mVmHe1vM@VvayLQJxCQXh(ZyGh?ePKZSimiVG}3u$iE1LfN(N$_+}c^ zWng$Q3R-7zf;me=Coo%@ChZ60C0`5Vp7fXm2ur zXd>bA^*gegd!w%*F%dXcgCUBM7c|;WijfDNg#1%;S!{)JdJwJ=N`wc=;GulQwKXtZ zAoUlEsljwC7L|diBc#5twIUv9#hc=IgtkEHP*fFafr5$s*m4FTR|yZ(oLCp5Y!MAa zS4gj~Vk-)q5H=PO_ADVgSioZ5H#{I9=PXUIIH?Eq!TB)$|0MaijMz9Oa{BG~zhx*>%UG*K*kV->usy3Y5VJiDe}XfYt;-=9>N? zn;>5(^zbI-mN5O#mruBdazh%9|1Q7S3;gi}13X$>xTe^lpjt>ZGgnXBh zQBO!B6eV$24Uh;i9G?n^^a4)>1ucoO0*U`R6Xk;($YA#Q5Ttg#`BAp^#jU!t`T11+dM7oZTbd8F1HH~yNi!_WJ7U>!p z*)q~Gvc8Fh$uQ&kCRF8MK1O&TdfCV!tnb0&ZTYb39nyv#!=r^amIY`x)f#Ax`(qKK zPmq*BTdOq2V+sz`Iy6l81v~4ZXHcl0yaq>@lwF59LZ%Sq<4g#e08_WJBNE81h0Btl zK!{NC@&Y$QM`k!;kV%ySYUwBHw-P~V@6Un{a|^Qco?LdM-{Q1M>H<-L;C-a?P+kc| z^`avj;FJQv7G4>k7U~qCjXfxB+7Hws)OaEOQn%H@9KFzbAX`#M+A(G0fA6dfEkIZ} zy#MUT4Y8@(hi>REoDZ8Ygu27oA{0&pjA~?LLEwt2K8T5%Omy%CRR(f`iL@~B=nSdM zJ|wSw-HDMyk<8Owl6i9R@@XDW0ul6`SI)ftct}!4k4%h+O|t6d9XK4qz;ZYygxVda z6ev;!4$==Rmv9eG;-)qhx*1t5Jm9wub!iR*@#OrYp(Bw_j9m&Xaxx3HgJv;6PZH6f zh(yvdfZjwT3DIymjz?Mm(31|SAoD0KO#etKnf{ARN>*Q_BcnfYl%90*IxUjX5->|w z8sTDu(JMEe2IB0|kW+7nHXV;!H( zf@m<=2!&rNOJv+Rv^_oPKnZYcjZRr=%WmWjW@u???f{b}x1msb)mj;q&D7y#>T#Om z1JjzS89cnRi50Ytq+ps9ZNA9J&DcziRNfV zhhk~*gPB3Pc@KB@L>zpvFjfwc1x70b3PvF~`v@iy@pvq-8|yr3o{@T(;V?sHvO?X^ zqr^r@MOi?TLSLdH6BF)qLUW49zTWE-X)EY5C+ zm;i1o8%!<4pz8z#{h1nnbACIPpJb;c0W-M$7?|7qC^|Bj&D$NpUA>3c+k^Xf(@hO~ zx;VqJYc!2KO!pMg)DtZRmJBKUu`V=U0%y3lR&zKwz|g+}2%06Mm172o`4aey-Ap(I zn4l?|NeIiXl~19OJRq-rcH9lJ064VM0AQp<<5~cK$+(D@lo&F)?kvN5Prn<$-$+{vNl=<;XY~-Yw5KA%`Q=lQn zP>T4uiljfFCK~;$`hZcGACjqwy@_VbQ6#2yAVWhX9Wgrzq!Zc;E32kv`P?8@DN&oE z7zfdpLhn#ZGZA!%G%wN=$sFWlz-28&+!vuqXUZBZV%Lo000?A&u)g6<2J-sTqK{<{ zj}g?Z<6#14>sb;$Fpd%2I&`WHp5$`_6p8?mxHDC>)zX86kshs+DbCV~LE0!~uYd#` zRHjyIxkwc`_UL$muyeOO!$HsiN@TK=(7Y524ctD>+9|T7aW`7*0J}+@G`KYp@et#F zTw#-u*C8mRJ?L3RpWM+#8nqW_rwu${BW8FdOemJ%@I?j_BfS}*B|L4mzlBzny_?vCi^*l;J0`r^tyG<0eF zm%%0+a8*u$@j`7^yhHC|nj+`tj7F_?8c*Gbv53A5TPU*Nnc~inX92!gA;vBY9hy?V znG0oS7k+Y=5@;iceEGySj&DM;47HA6C_FWm+~0tC8fv_~G%eNu%%6!J&%pjB>7g|Z z)<_YBuJUbCh?fJY3ePAJ1!ii6p77O1Y5}4yj08;upc`6>Q|wmMVoGtTjL|X390MV9 z<{=_g3lurRp#QE6-$r9AdHsC(6>C zOlSIIuGNSxL6CJ+2AfXN*|anbf*fJ{>WG)*c_6pZ6VcNj^}NnZNYM+FLZ>I>nsiEJ z2jY^P&_NuVZ)*sUN|YJ~QOo9`4b+A>)ue&+Tt<$}Ym|vOO5xyLZg6F#vWWHWp`Nf{ zlLp7#)UlQxND>(hBd2!psUKU-;8Ph^KBM?=87^fb4d|4eTcl)F#o#3OvsNZO6_yn`ol}?%G}%cIOX5IAF@YgALN@wQE0vAp*zbZt9n1kO zu8?SEti#4GjgaD*m>#SV?acm6G$JwZ7|JB3CHR-HJO$PM8+;qfCI zJHI}TXp|btt+N|ep`p-Q9a_{i{0Bg1Vz3x@r_&=~SwRZRo-VzykB;_McJ&_H30jCh zI9*p3fE)0Z8z?YKHB?8LS#>~EetE?~r;n)u=os`RiU5fUBk5E*ZQV%552oqt*aA8- zA}GWiPNC9h915=oOb_@vIA+8V4wcgGUt7=p6bWT7L=oJ(Z3V`9lhlI$@CNLv`B{ofAA|{aX z@Y9irvN1`+>e5(mFOA<1RU*}(HYM|bxZ9CDJhYQ__YMr#n-o4E%9I0x!kKR%$vA2e zx3NKC(%;pV)UjwM*4M-iRkx&Uj!HxpqVLv{`Gub&$I)$TCbb3F>_cr2V;{_g1;!KD zY`K-wJzT?Igm|4n#R&U>)O1WyXHWtwN3ASLMkDFY)XLEC;iQ#QN&d(s6NQo5&P>f! zw?5 zL$r7(PG5P?z~Y4Sd`*o_84Gi5B2otUOUt%qG#oSK)&iP`BEOlTh1#SiRt;d2^bTQz zo{1ufLRB`y$?t{Qpx>4wwhlfk@FXOvgPQ_bDl}fuObrHslM^y**(?zRitNK#s3Izo z9R{m_T^`|Rwj@rSit1I$ufQ5q73xopLg*`sNd%>o{uJ{l=@ETPr_BRV{|IEPKkCtk^sanHcgR(CPmr`ngsh7dy5h&r$%gU z1#LnPNIK_(%EcF^4|??<(YQ8|D&Ydbe(~kEQ?mrO^sSjbvL`y7&(8@gEPRw>4GAEr zH0k>vNCYe>D+ew%gp>RyaX_jboQx%#z9e*meDqXEEa!{eZD1{53g*J(k6K(a^au(g zYmPVp(u@Z>Y8!$7AN8C>Fl?^#zbc(1jMI0a&eK&-$cBV5k;Ur4yo&6dbf_CM&Zxr! z>3lH0#3q&6jvqFzw};s(n^xb^@v$hDJ5)&TJU#qyF1 z8?U&tl71g1_^&aYMbkg(ehry+^c5E|EiJ^)pO*w}B3L zM4jpeW?;3sVQ%0R>gF*PzLP#^vlC8$WRZxxNAn}_)Si@rpS;Fwno_N7Le2GV*2ko{ zP#7svRD$$vFGnl6N=(Z%T-T8o5MXofj0VBYm6vD&E4B$sW+JCCp#T?}{i|l1-?Q`phZ7P%9}j0d zdV~+>@zgkq6$M0LH-}g*m{IyEfhY3mIJ^SoMUfAzA`zWP>`<6f|3B%apwqF6+o(c^ zWMh{Vxywni5+*5)BOVDy9;#@lMRm4!%by0N*Kr1c5Haut+qNG6h2(7$2ek`H@# zU@Dw7u|FLg)Z|f9xDSz<=oeo`<_;RMs*kKR zjHN^hSKN)%ec|uy4ZTgtN^rA>U$7tCo&v}@RodjoMNeqBCy)35DdS+wW90!7t+L^~ zZ(S%{UVGY`gmp{8mMoXR;$hfpiPdS*KI;t&6L}VkYNNOyr`hP`j&8#WnA+5yGqhY1 zxDJVpjLhvhb7?sX$*CBE803_?UOjtro?61XoG=POFK8G;Dx9!fXtdK>Mpmw17hXq} zixkh0$LPmK5pCx0qorIa5k&DW#><6>eJ#mxQFLhMrWG$T^>N^7_>q!hn4u$r6=P)) zqMsRHNlLbp7TzVlNjuRmkq;4t(`lS18+|n;)>^!oDAssd7F8@?mZ1!wBltZ^9+zKE z59rC4Qu4VhDzR*ET{+t>7e!q$2t_|H-$KaGSZ(!dLpGN4(Nsd1)F9R zwjq#YMg{O>!YqNMVJyQ7#I7~O%F%kDryh7A@Hvd81GSd&XikPXSg2AlB)P5)jL550 zzT)S%U{xlmBB+Ck{IBq8ME)ymU5l?#X@^v0Llpe&NF&66)>7Tbs!<`7iS=_;yS@H44K_WH^V&jb<9W@BrU+`f4pmTZ(GuN%)mc=o zUeeH0p@IxGt9{yiPr2w%n-~FQAv`KbgEHua;eVpRih314zlAzAt9$=bMRX0S;ob_O zmjPDEW&CpxDdr0=P)wpp*)~AjkwCn_0>qHug|5uwMv!vC!UdBa$c*D6W@J5+9CWFN zp*u&&Zh*Wncpg*x;hGDJ5w^p@wloq>KN?#US<2DvV8ntbT9*Z|~!F%sWQ!a4vSR1})6!!o_Y-h##BJz*$UgvZyhIdmxGY5K$9w z3x!)#OehT-asocEkokxw)jt;KpokV12{%e$s1JD&8r)D%1c!(EdOEgz4YqHX zh9*v_oLo+|x76yi5yT^QB9uq_T zF+zk5M3aSBOTQ8<1!6`N<`yz4q=#}m=kbc7oXGY(n#K3`C~csjj2;E5SwsvEnCXGak=2*>>yf+?aW-MH5xEibcMyT@X)7Yt<)6O-92QaH|!&{ zJ5D^hfXgu$7CHxdc~eg+sFx=f4fJg7SKYaTiv#wEP&8}oKW5{%*3iKP92bE0Huh4v z%xIu!6)#!8^ds3Ricn2{t^Sl4SvhkObqg9mF?diJ8fKwh$;9Zf&=(5Ewobj&L>#qezcv>N4(iHVNZqtz^`OC0j`)h*UbBd@w;%a)P} zMrp+;LR`x9po2K+wuo%@YDVgP2KH=E(!f~06GaYNxzjv_Ucs7U*EF(`7$TQ&1fc|0 zvsXiIhD)m!-qu=o@T~V78Q~s+wK=vXNbVa_QY>&Ny_`DpKq8EdMavqNSGmUr$tE2? z5ePs;O~bAs7TyH5aT(!=s-{6V8QEB*7SU#jSEPl&PZYR@tulaI^%OqD3TFewqAfN? ze%qN7jcuCAaB%($bN6sCHgU!31VJUg{5GB=EYqUYIGMI-T&KM%eu3e-l8}N51Ov|$ zPDb|jkSnC32m+D+>fz5Au!*)ndP{#|R2dfMhhm!0FsZ~QbGgUhBiciGCW!?(|1ldP zjm>&YxKeteH@3c{j~ghFf)hDcs9TyUq%}X_KuZ^+(M7|}En4ug(_HgNqE@jv-fGiA zJgZ5p!#_|D0=+=RN_B;JM8+=aBe1 zA~}ylg4T$q;5;TSh78fmedr>6oF^%gEGixeFybYD7A!y}8)~A+kW_;nru+{W5@74$ zM6zrZ5*&s3kibxM83>52{Sly1j$$trGW!zgOFalRgC&;Rs5Q8KBO8mP&xZuQX9m6< zK%$ln1=#cnlMme?^ePyD`AV{Kq&CQnWvV;G6qYe{6j_PwMfF3I!)6GrEhz658awMn z@PP8QrYkkdicaah+0GTM-Bw(KEYwiM57L|@MRDL5yD1=0*6hGKpS7Hn7>M)^(%vX7 z1Zl=z2`)ab;LH39OhP{pJC_xT{#2~4hzf>sY9@OTXxJEb23w8?@flk(ZYXsRC|1Zj=HY#mIdL0;xL~Ys>))eyyEeVsx9;j>T;&IOO4YsU*^P&RE;LlHhXUDBCQ_zIPa51iZDfgc& zq{b8;#wf8w*&;vpK#)GaK+!mF#6X^!jf`TO1Q&!AEaa(?iDkj5@`3$-6~ z9Fbe-u0aC=MTg}jV2B)GO4Z}%Ec3XOw9vGYUXa0nYdRxgag(Gv75Ihsq%9R;$|!b*`OM!7|CKwmI< z5G!fr1smCdjkINiR4ZiyRostWuh9UcccM-t-O{&2MDPlyoH}mcIvKP?uVTQL3e=H% z9f}ruV!@11*|5&`opC=6ogoJ@3>GtOKR*xwLPv86C<8?+IIO?OriT>^U0+46!In3OgYRc z4hkc=X+qKE&!jte*2!*s{Ed8zSIl#hJ!Zc|TM#!rGqcS9THHAf3F$2VS-3gYUaeqr z+9mR_ho#bXngo-xlnrF>NgXt6;;%_KC3Rf-9c3Z;Py%#BT!m?nFYRE3RIA_h`=V+k zDcWy|^lwl-&GYp5r>G4@{}de;E|H+XCGr9@V;DCD$E%sAX&IT|_2!WsREo+@WN!p5 z#$Fv3>d;6X8i5b^(qq}rn{4wASW}U`vlvUrf`+%MNFQwbf5{2E6E-8@gwzOfWYjoh zOYYLPR(9lyrz@Mdx+(>G{Wec*6gl?)6nAWikg;RbdyHF<5A)=fF)vP=nA~tM=EuW@ z`uh2B&kvSI^5w&TA3<{ja{kuRiHIO0XloOn>Odu@8Jt3plGx%!VJKxk8ek62s9x5T z_fq;3cKxKZH>RM6_0E0V2+JhX=XwxGf5Mpo~cg&*GfJczlPx z&TXArcW+P2#rDiw{=bsbS`wzPFXI30K8uVRI5m>^RQT93r*Q5pF8PErtw|$dG2!^X z&pjX7|35l8oUQLFw1d%{Srv$)RlsKa%r-x$6cjl7HBad{ZveiM_O{Q_g_6yS(v)Q6L+jJ&P z*!gZ%O{toh8)O>x7_#$YP!-f#(tQ!<=_|1cbFWHf~c|fN&%^X9E5VW1t)vkuF z;`UX&swrVnM_S1{R20REhR6Tkk=~ro{77pd)XAzI$WrM@uQTUh3N@celb4vB3v(&N z0{8I~BdgM2DZi7(UT&xR$`C`;r4SHuA)s?oR^@xKAOBHlk3@_}VH^ zApXSHKOl8@KEfLlpR{pXfvv>EHA>rR_pm^8iLg zvVZ9R4Nj)tz~;P9+mV~;S2|Q7dTAcQrJ};oRO&CTMWRC$3>Wz0PC*8L4vv9QO9Vn<+ApVR zrF6c>*l(LMa_Pm1g-DBGjyq^En;&=0B9JW=-Y#^{tttP+Mnt)!zi%HgC?v~DnwB9P^%aQB69*T9*;wf zm{ozn!*@YzbbQLG7z^n3+X;wLf02kNK@o%`fy;e$^tjSc-v6$9*&?c9ks8JczO+ue zr@6BT*BCHH>f4YejfeyZ{mEW;SoULEf-Nlx&kpV$o-(gfIuU9jU0Uncx6zl9(cgd9 zKq^6^;Ud~VNp#ym&p0tNOO$p5NP07lfL}5nK_L7!Llj%s>93#D;ZxK!7SykXC#EXEkp-;9;x!`-(q4NNTA|e@~YYOeN zmU2qpydBC-wS$dC02HnOQfm4pC~0*C4Ikvv$&GEF>){NGZsBRVG8_Ho(Sa1hDs3>w zp=F%FXpIO5_-YZEvIMr%+fac)nguJ}Gn|H48(E7T;}GSFU{Hk>Mk-K866krPOG~_G zxV3`%-3`V8a_+%+$j>#V#uwF5%veFWXr-Tf=gX%7umi=I%b$o9c*@eOkCJo$09w80 z7EJARc7j@O$r4DcXz7S!iqu20Q*8=G2CKYg(jIkIk+k362PqKFko@Zl^#T@tv5Ln- z-XO|4mGuQ9YGGJKE3A!XCxsroE4?on1Q15-ELwDc=!U>5CGANW_CWMnV#gtHu#kck zppXFUUQ%reu`?}*eiJ)?8<&0?UnxxL63MZUue1g#5sTPP@)f}#gN+r8T*#)y4jdDE zA%sruR!o&xVB5Cdw6t5HN^iVc4{ zc1Hr1{BYPAv&3{f_%j8&W>!ZmO|i2Gs1%t%iCbjBf3 zfts3VUQE;gtCa^PwPD(4U28Q^QK_P7)ZuQ@BAgb$BDZMdqGqcb)+}`wb>Ym}kVGK- zsr+%Q4{sON5Y%XfUUxt}~4=i?S$YMhqky{(2$2!w@KQBV;J zPwKfLM$6!#Q!4Brno^|=y=0IFN^~5R7=;t8cuTu3K=5DL&s!KE67Dht5*mtHm*$Q? zqT`UKmgA5ox=ixuVxu3ri3t!|6hg2Zio8g5;jk&tCNwT~?lg$h0$h)CF4!(B?WsS& zBGJN;O?jzH;CU-58sa2E^O}X(lx8e!45kjJ)L;#EbPquR=Pd;ZD@tQ?O)LrO@e`)X zdFfpFB0wm>6v;|Df)ccaaM5xqh2tf!i<+Tmfb^5i3sD9);NhHvkg+`er7pW^!W;0mWT{`6w_Z> zcvi5ONPFDI^zDscq~sPD6bRRJ@eF&>=2NIGQVoUSXK_;q0WhTFXha^uQ|fVvOrT8i zc@Pe)KvKHZ*xk`CP$>>B3&OF#6gUIxX>|S+lo14$$6JO9O<)^w%!1dd9iJSb#iX{f z74SB#b!O7=TLcAZ9`o2XY?4jqliC%Mx5{Zb0n3^NVKf9z&sx1JQ7N?sQ+=t;QMA)R zlabLTCFSb1s9kfOrj;~L^7m2G0Pv40C|rP|BE>GeqJcDo`>{9iQ!sq2#T()Z55!Ps zy(AY1Vr9jM3qD}rkubm$`$+>25h!*m;52k5eyH^<3-1}F(4kFsqR?UDT+-IWv&NX= zkvfdGkEAT!>6j!7k>^+0o=abm!4#!qzAm+eod_T`NMr86-UqRhWPC7LD^8-7@`M+U zSW?6YT0APTk6eU^7*D1^aR17}gh)u2a!QORc7(D&6cFkefl2B9cL%&L2^j5e)0Tho zbW?|q3a649%UGsJiL70h*5pDDffQYfB#WtpP(DxA6wSwE1&Rx+6k-?syGZ84Jkcbn z(zfjZF1QvIK> zr6j-fsYg2HE9qRaMHzDmsfYN!mRWjVNRgB1o{ubIrAqsWt`=uRyR|UJ|GP?yrZ4_A z#f6HLS_d6Oh8oI=^f*dqDMG@MNPx;NpwbGltWJ6onKHeKYJygtqSA|LbzT#c#8<_> z{MWKd@=w3nJQ!=R^NHJsq|ERi>Ul&o2z@{Hc;BY$M!U`WsZ775^Zi|3+;YvWo|(J5 z%hY-=>)uM3RB$yJ z@0)e^4!B?G)WrI2kkO+v*Db0Zuq;03`}Z5Gw@4gZrdPzVF(!u}InQd9^7;M5s8U_t znrvIR@66;|5nFtI3H!XW)rh(EA8m*|RmZj4wi=(@OKs`sIAF#@s~WbYV#a)Tc5g!W&*`AlxN7xOJUzPk2q zRGddOtIN0YZa48C>A8DQx8~ip$GvuU{WUf5=L1nLd*&_ndOWM#kb){6cV9NRmCePDrnkng zAM)Zwo8d{VPet5pG56WDy>Y(6J2j4kJHU{AvE@teNGF zym!=|;<+oLv!zS&nq{x6W-h-F)i9^-pL>TLh#TLs(&#%SBVJT`+^<0GTz_WZsqoet zHw=7oFn@EgM?!uYUd~$*;cXe^meHlfqdtpAjVYen-lI(Ys6X!BnGl%tUGB1s8Y$DOu6lC+*SBwP9@?zw(`A=S8~3{xdnV$}J?FNA_twm=lv1u~zbU8RT>ieAPr&WOchd|_ zPbV6=Bt^cSQ2M%6SI>ICo-KbRDBf>){rx@z)ctWv(r+o~c!O!T4%rQg#}Te*W3=lSO#* z=i8k7kMl3%y5{iYMGxk7z;31QcP}llIT&7IZ|qOyCm1_hUpyMtuzsbhkH#f$>36c1 zqno4C)S2Dqf9NvS%&PU~jxW~#{wO-==lz3**BaDmXvqH6J}t}kn7P%}yldw8xSuD? zsb9Z)b5)7#6G8q3i@n!nR!aU9xawZLO#3FjDXlHSBMjqqe>l3p)YP@lr;&c$Za#R} z#PV1~^7}5vB?lZXm6Wq&s89U(ft3R4Jyri@JI?O1+3W?0Hycc zUEKNo;7>cBUb;V|SlpP_HJ`<#p85Q_+T-6=`wUG^Y<0|i_QkuOj@>JMZ)m9CEHAqp^L}->W@b7Ix8f$am8n$NKinwR9Q%_ElgVtK|h7PBis%8n9-y zTg=5a2TiI){$a5-Ilkla_iKjzs)Wv+|EOpXerB%i zpMIkg$A_LCdThwR6_cB0rBq+DcH8igPnM@24%+(ic|*HJNjX;LZM`4089v|CV}AOl zQ`5WlZ2qckCC{_-pW5y^H87!MCErDV^*cI!-uP0{b)GcblIz|qe0$co`ls^WznKvK z=-7!GKfHg@cjKn6i++kWu63`7VW| zcx7%;ymIKl)az|VT)Fk?N451mpvb62rB1K#ht6?FV!i@n_* zjVX0$fu-&3u35f6w6&~r&Z62b$KGA%Y+P?+dd4X9k;}achpb91Sa4(0ixDFyJY40l z@seY6hg!boU87I@y3` z*l>GIZnuUd0%+zI=0*IpfK`C(`8jA^D9_mwGL(|X$3t6i2HELpo(_|DdA z?UywDefYJII>UOMZ(qK{l+S&K`?dV*ettEZjt~B7d8_=ezgjNyeLW+6@`vqjf1N&W zQNwl46F)u7HXZh8;p&=mEI$Yf%YA(E_+9&s_&j&{nDitmFeWQq}?x0R*SdPSUP|F+9R`*=3KY+ zh@LvX#LM{sH}-_CC{?+1nPvvHj~|IGyCLdCvnBoJ#lBCn{`4fel6T9+F} z^KI8QV^*&HAv(Bo-1qI&!_CaEnU9-z=9p)n&mJjzcE0!}W7(FpwR<}^t+xJZ2a7tk zTLM~qJ~BCa+^)}!#x!~PM^JjR?bpHs>Ti0RFtONU^_6Dtj{oTA{9)^hL%+BAX=4A* zdxH93N;lrQuhFns@2wV{_-J)|a?7zP=YI*hcJAZxsQUH)R2dvwwb<3@%B(+qIy9I+ zFZa!d4t{>`W(IT$Sa)Vm*75f}s}6cO%dw5aFBbD}9ZFi|5IJ?o$CleZhUTyPuq@%o zuHxTqDq-}x&Vci8T!wa^{iyS@<}Sa@8Q&!Gl<}eZi;Y*0I&!&rmrGL`bbU0eM6^{~ z_3ecfv!j=c4gX{F^1Kl-GaHl(-2B+R*rg}V#ZG7SSo*N}t7O}AbB_cDbS~5Eb+6zV z8}>VdmZ{Qt_w;7J2ybq57`Uxr*Qb|!b519J{B`@w9os%`+hEW$@K<}Qu(_`T`sJrJ ze-Zws%cJ^ZuC!O;avhsZ?o*{oSa^!+W^b-_#)b!|G<;fZ8 zfjwuXMP*;=+^zq0ry-fY8f;uNveNVUbLKVwVPa0ZjP13WjF0gg{CaDk`iYT?xg2(=P(znul~fZc+VhCC}83Gs{MnGVqu`yUy{bjuqzz&p-9qX`026 z6K#C&j@`d^L5;JUpL-?k%b__66-ac5QG>-y;e4uiS4_VSa>=)NXvn?VOG+7guZA?TO>MYmL`j z{@&q&Q_PBW_I>h7bT2Bls`@L7&&$v9Ha_HIO?>@F_apKu=^GPpizqWn-cPppW zuS55JxO=tHws!-Q>ONa+VQJma;7j?ZST=)b}6-Q?-xl9r~Yt%qW;5w$9n(tW>0!; zGim$BzMCGCHkl6zaW&f-@cYf)GpxfeXP*7NTG_e}elTnpQ~PSAu@lxjI_-3|+>gb~ z6HIEX9a_aF=v~E=z3gh9{9EV~+EiG@>>RWD6{a>h7xrwXKmj$@5J+(OaI)|-?QY?%cD&;PoL~kvr9wg)NUae z7QJIX-Q5ytQ+a;B=6%NORXwxqzBBEm#*CY8pQ1jn<(-|4W#*uX)mGbjzg~Nzjma|g-U^%g<~+2xvE|-b&kW-p zK@s-pE6j)c^s2M$M2|5}WA?t@8}^rfjhM97uT*!=|2BU09dqa1dz{}LyM1ogpV!Zn zo&C7>AgfMJ`Md7KP5H5_-Lq-U=1;b(cD`1@pX#Rdm(I(7^Z3l%*IPgJbB&vp_tBu= z=c!fF&RSJ#eLrkW;^J=ZKmWPUcVV|aLv!p_zt8eMajNUwKDEQkrj7ERf4JJo4YMy; zfBZG!!C;TBocUzua%i$E7pvXFix3w(`^-v(P#oR>?^zu9geExV{KQqyBM2ue_(~@Q;KTg|r z=F%IhM&+g*i)&`R1&HOfQHR*Bqkb(Wf zMr%4wE#=!JyIGjWXYYaLr?cWqk4xM0@LHR`iyaC={_a+Gx8sqIA$NN0wX5km=(n_P zxAvcIv1)i!>yh1?CHHx^aYW|e72aq5{Qg|s(Q}J;G@9D$^^WM@q9^CnslA|O)n*yr zeR@)AR8=#BikpS#@~2C=Zw&iwK$mi}hID&6GqL#F=xzZ8#-~o?468k&#O*03O`TR& z*W>ej9xZkBA2+ORG`PwICLtCV9oyX%DMweJrc z6#QY}p#Jy2-)H&c_HWNaE{81GGbn59{CYLd-HIIL7ZY*x=A-uN1wHSax*r&OyYiE9 zbvN`Z{<`^!o!{L}ZJpfW%HqcjKFk``WA}}5VE(hS=YU-ej6EIMY@mBDNJ+m%~;ZuPhp8(*5l+q`|_{2(!7 z)oYmP?W|wt|K0lR&92V(@0B@ZW&0rbY5t~9zFUJ%ZBzBDdiK>A z^Ahs{H`cZLC3;Br&}%ExtTWpV+Ro|nDMo>sSwK4@d^zOAlZ?xzVC>+ZJ74gafB zTD(`_gG!g)zU^Hz;)bzf_W})}5>V{|b$!5t-ql^93VgK<@)o0Wg=It?cbETU@C%9agHE?Lsxdpj@ z?^w5ZLbG$$1v7UI|Geg1p3Tr9X473R{QP)B<&Di7_O~x>9C>M^>Fb9}y4Uxd+tJyg zLc*JB+uHD7`i_BwOl&i3y`onEfFaAfD3)epP&IJIM!$EwJQ+rL{-e*4?2A*)n7&HMb;qwyG< zk8}JM-MUr(#nXFL%RHKrT*vU^-%VP0eA+hl(29E>jau}n|12ghX{A?S<$423FB#SJ zjgeKARXgWjy-=lW${@Sro7NA#TC3E{{RJy0nICp2Hg?%=w>1qb-j0~$5!x|fqqWyB zmBNSRcOGmr&boT?h_)3!wJcdEQmud#ej8Hm+LO)x_(=!tB~^t$Q|z&*`^!M5*5zS^Z^ywCbD2kH4?z z^hb7C=QXzv58hX)=AsU%olnJi`?lG$VA_?WEtNgOU7c(6E8StrgwPkMYv(QBIi_aQ z`(&v;d`Vc@ehV{fjOuDqSwc6h0^uWVm@I(59$ z?23zFdw*5)>^|kB#G{#`v+`YHXMyId1;E>S0Z}-LT z%O4wcdh{PoZSFRx((A~g598iBtY0!^&AGiRDh;0Znm(`g_OpL=G&r(lF@k& zj5Z$B%iqh$y1DO;x3e#Fm{eur#LxYA<*rn@UoPAK*1YID-j0^tk6K>oce`J^t)G4} z9IJ9K@J&j)Ibf}+tMBgB)ix%1_#fQZ`sSsDr^B4g#viDBH*H|duk-r#?qOkk)hhk* zipbx4PMKj-tB=2JY_O`s+0DzZjNDgZ!p(9=hOK(nba%;RS5j)coZ6$8x>vEJo3^nj ztIfB1yb5z!v)%k(UdF9T_-)0V9rbcjjP@O=6SvrZf0GuI z&6f3k+p=m!iw>4``yMOb^lsYm$D5{vw|Z;4XwdClwqbX+x15~xB7a8j_em{n&Q|ET z>hZ8$cIOwAXnv!~g3-B?s?5K(dYRo()7CP$8-JS zYVV8db?IG)QZu*JX|i|Zj%NmTX79RtCBHrG+rC`Oa*icZQ_64bwf?c{>iPy{-HQ+N z9k@TIeMke-HzU3~vi9M;+Ff3_r+PjgUDb6_RiR_m{$UQE-4GPDcU?{t zZ}95D2>;(o<`-*Iy8ham(QletZ?pfsX^YTgmxLuFnhl9hZB)_9eaVxAdj~dV4gBp% z?4hYEt$puRu-b4@p>2Ee9Wlj=MY_`v0Z-Y@LfXCg(~|S-5(mZ*Z5H9xSmsQr(bXU z>{buErRh7oc9}+aeYU+@_w4nj-T#g^&04wJsbkLj%kd|EttMzADyj-0_-K?B-GTWaPnJH_p8?Jioqg>t{_DCY&*CGe|wO z+kg>a8#go#zPV?W^Dp(6OzX4fLRI^LFDqT_+PH4u(7?Gfr;Rvkd*^2BBN@fJzfGL< zerThhGK)OVc*a;r118tc|*3+V;}Akd{A31>6bnpTBVa zn4mr@8*H#!-1bSP_vJsTmZ`R8#=1qHggw7ps9!G2?)bKV3pE~8elxV5?M2smr+?~y z;B2Mxzm^)~axJBztgEj=^CDcYnATu z!ehX9HC=ZfjGyV4;e7pAKjR&zJ4DocJ>_@z2idz_k7StsdC2;4aDCUUdo0UeX*GFh zKaZGIwJSJO2(^E8GV=C^?+0$SYZ1SIq4^>-qgmXZCwJ z``EA>Wd@cTu+g+jl`bdhbZezfTWIXlqQ|uJ3HNPW!yQ_B);&4Xv!7+;pp~DC4NExw zlghw0Z_dm$Ue$IBW1p6u-O;nN8<8Icp5*O`l>-+#~bZ?tgE~9(9FG0TRx7pIeq_lfK%kf?gtHQ z-fRf)nE(BiGe2(n^gelFvC8(tT~Gh=X~fUBVlFy==(JVXHN4rX*#4VF3@NtwjHhwi zbAiFG$7)|`J$mtsR##@M7`J?S=_f9IJm!WaJkH&6V2w}Tv4eU>H)vO_=lpWE9_1GH z7+2mY?a;KX3og9sbidMor$e)6?cM#$fZUe~yUSeByrapsYrgNk8_kVRdxD=h9IJ6D`*}=3YC!_tU0&zjqiNw%_>w0U1E% zzfR?r#AO5HQ0OEUq?r^e(t&69-S#AbS;N2aRpmlBGtK(K86#WKK8SBeP?qf(7K0YU zmIpVgVQV01G`EfD2&o?zT@DKRKvcBjadPOG+bah?;A(%0xx*+`_lE{rb~$Vf&*PB` z$~>&iI@_X9JC(}_FOMi1&qL2FSQI3v>F!{>i|ma;pqg?5pT|_y^)hAb)g0Jg;eyXP zFmk5<^>f4G1HH3BWBli|sHlM7dkCP`QYp8Nqe#G=yF7pZu=vb=WeU#;>)~e@z*LO< zMz-)K5c!DMOaFaS@(rCr)y7DG$@@+&^d-pv!ki{P{`S0TL|V1Qq8+KMj( zPDhf%8+sIKcBeLZ`M?cS50thgpLO!`j&nrD^ckm#SJ|CK!%zqGw^=CFfFZK-i+Ems zv~gwuUm;5>u8m5{Gj_JyJpFkO5)~=l=47yMp!mTcbk)I(Hr4cXc=f3T)SoZy2mKdw8*;On= z-T+(@ACS3G3pVcYs&I?oPhbVrsY^a9chc~J2Iehgs}{xi_teHT9#0gi!Yh)lL-n@V$PRTk_NL@H_N3*i@s>ajk}3_lkzZ z$k5s9$H+zhTr$_N?19Xd8Aq$_Bp6}yRbBt?pm!NTMKQj{I3RMx#D!3mv`hKFHB&8u zpyJ4;*h+~vyAdq1Gy+tkbWH8tW&VwamkZCVi>(y{d`1J|*IhQ9k zlX;6gW~5!~H#{Is@%{ZR``e-1sn{}`kJNYY&p@l~yPt;(pEmMo7@gXNuJ8{HRJ|$lP;Ao0D445J($GP_O%|kQeq) z2To{f=T+YYuy*mMZBgvU-7R{%Q&m@U`Z`ske8@LZ!c|TDKVLC5T|TcWL`LW+|CMA( z5xHTn^R;4T>;6YHH@ga9wffGnT=N+Y=AA^j4u2IC+xR)wzhOLE%&z|fXCXly)TE`t z98MzbtB-$E*&2t2fm#hC2>Dh?I^RoscO7(qP!GCb_lxtxaUBT)TVk6J)iai1-pRN_ zx9kHTN9SEs5_Pn)9L{vf@139TGQ9w5PfB-Ent1`Hjtv=7DQ&nx>V^{J0)>dIqqaSB+j_O z3$f^TPCAk0tiHUxee*#>0KrH0>}X-*%Iub-YNQ;U<-KM4k7>Ai0;f1PM8j>!ow%Yu z6{JIr5eiz^FX9}A3NxO()4Q|wDmW;o)_M0d{~)d6*FP}cT#UIP*$c&t#om50v_1FCoT(oF?tb}b$X_m zJ#wZfiSQSr5K~BjR;O{PY__jrR7Q}UBEI{~mtGjckFDKmU>a)Am&daf^D!iikuw33 z{2%O>@5!=Wzu6UJ&uqS*mhaHSKufw zHcB+J-$PW~+AR4yV2SXpml6Oc6cr#(f|-8?0z;CvC}<#8BN5@(myoLL6yyo=qWP>= zQ;{dy$=ciF{vH6gGzWg-h_ceVwfa_hP0ZNcy3S11F z>Vdkwn820|>g3k~3e}uJ0O#+F1b;2mImo~tR-52t^4j8yu{2N^6TA%JrEtAwK8S4- z=UvdjgxH&XNZ8ax)Y(V{zzPeHHK!lN@z*VEXnaL-^kBJCvY2(XX}4v8z`pcTv{7wPBmwQd*tO zF>ZjS`p$*w9SU-KC4{Rr4cE>aCSYn|+Sa*E`6Iv%uAo%xet(n>PI@{#nOk-g(|Mim zN{{;_>lrEz#iCw}ypg!&7EqGs?9n>huW*mztB>$ZsJjX)6ZRFzBAE(zZ3kU*69R09 zw}YQnhquGm-IO*aNz&FXpm1H3NYYqpj3s_9iJ18m50UIt|157r}nvA0cr*Yon7tY#GVBo%DQZEg+de@Q>v7d zdSUN}t@PF}Uc;LEXe1IxpwhgiTzv08LVCSGfJ_Eb%UG)xM`TLXPVbYA)GWi7aMAZd z&wtT#p-Hm!&6wi<5B_GhQ7(I=zF|M4uhY60Avb+5Ze{PBpdn@FkEQ5l$+)w}>qlA< zIv^!;bC3o?Umgry$mxWDubFPb~OFIP}Gj^`IKQ zta-FMaKajT5I2RjSIBGFSdz5S%-X!(6yH}Vg|5WcXsaa9Sx$4*wb*`u%$3B*K!;zm zxg9B5-L8bbmAOy&V6%Ywb{eLQ#?@8aR29k{M2lIRCp&k!Bbn3up1(Fc9WyhT5lf--i<^ny zHj@1c+Q!T5k+4FS($QLPtR1^<_Z+EH9p-@N9v{;Zq!2-O&+iku!-p+)4MpFyOE({y zQAa@nhA1HLaxHMvr_`zGSl`v0BV(D_vWa}aj zVcCE4h_ar3yFP{kM1Bbh3gH!HMui!M3O&mvNPX53;@F5eD4h##_L{S(Tt~f#Mfs%* zxOc#2d28To!YA5=6x;sb)ertU(~#0VSOydG0%B+`VthlO4Y38tduj&{s+zw;PLGfK zPU$6W!ae%8$u)|_1OJwj`{m%yl*8*oIDV&K-eH54W!}y}wIU1&b&$W*XTrCtLf$Ns z*05Ub`53y{U`B4HDyBPXsh+EQ`Af1g4z}Y$mIGbYn@xNMMQTo@rqq6(TWn^qF^XsP ze0zr=wwO7t0Rz>Rvk$<fob2ba_5q={S32SkZKt%Hv;VIpjlTLPdv!3O!qW0l7xuzOB1 zk5peD4Bk&kiFN-V?6&2;8j8Pc+u?`%cp`9*W$iV3tw+T2%+Lcks?E{A1Pi zfOat`setlTP|8Tpc(o_8feYXirIaZc*{Tr0&5Jc3FhAz_N1Y0po@fU;)I(1%o@gHg z36hW&DpXAer=XnGlcKI=fX0eN{$bFJ0FVG1zcUcFZHmBHm2@eThh4*`)8-E4x>f^N zWiAB$A~R%-X<46V8KzJbu6dIln92NNuDN8!G%0N{*3+)*WlmlKvs5G~1eN(m_6e)a zac-tip2;-n6Ss90`IHyAS4H5E-asB0R(&Rmj2AquGI_~;5Mq$i8!>@W9U!8fw_CjH zUe-0x^jx>54`J^x%HWw{DsaK*3RanGYSh0B!yIAe)oZtEm|Jy=w+2dbovGao$_>s4JcvQmHcX-2=T50 z$LhMPv}QCbeJbRY)m_Nc8S@}i!u8Z1Nl3biLoqYk-NEe%U$`;T)3d=!=8C9FHAN5o zQ0y<$Cbp(!Ve%aaraCW17y!IcteU0<#ctBwoOB028UG z8B&D8pDGTqj1`E+k?}b}_QuOrg0|CmMx%Z)2-%eNO8o(nl`n5EPmz2GRkQUY)(N^A ze3ij;-Mc4z)fU$mRVu4eg+GriDWua-d<4d_oR>x{&5><370BY`@T1!5zM?>b;6Wr= zdKUXf10?C`bw&VgL=J@isz`Wpk1*UcPKqvmf_k5rAAQ@B5`Gdy|4qpC+Kt6C8uElx?^tiDjX z&aKkrua)sO5?w|UM9nP{Jlg|ZvG>R|JJ0cd!B4f~Fpa#fa^^s}qdMnxkMjbJgfgH7 z3b8vO+n^jOkd0_Br|HGK-Q?$8+h_G-J7MQ2n}fa$1g3q)cg%q%5KSZdh%0G=HCfR5 zHJxsl8wFPWJVD1&BWv_t?an-fQlvT|7H_xWC&q6Sb+NlqI#-d!n^vIJLxMG)Z2_l} zW*w|n46F@b4O!Z?GdP)%bb;Ojcm}A@b-zs#^0a094EW440+!5PJj}lL_1%ZL_%&^( zul^y=cO7+6oF_q0E6H!`CdWtgRQpWGw-`(A&lskwjrg$0;FVkennpk0IT+FNC=$<@ zeFeQ#%Q7E_SH$508U=aFGIo6+l!dGzlmq@-CX3EUXnt8f4W1tu31s3F^a0Sx4K<3* zNH^$21W$V&$lVUmsm4W)ln8pa*dPq$JSn$v17~z8S6XpEMRKl~=c#H!wsHCF>(zPl znAEDfve$2G)M+{SwnqO|;nFGNnmE_YiXw^>%T3q$5W zI)Zw63XtIhDp@3UW$wvJo#4$%rCv)vMz&I?Wy;gjp8g))22?PJ1bghML4C zVeaY%4Nu`^J5K@^{F}z;@uN|JV`!)8sKdj^)B~|BbpSMLvlx;SM!W(_P*Ha4b$`bC z>nhMzi-gvjCW05+frFJ$<(DOSzcj8>Q8-^@U|hRMfC%HSmJV-LM2L440&2gf4l!wr zXtlH6()t9ILdh3RZHX7<@F3u+q2;@cLZr-Ry(TeV{fB`jSP)1$mo@;PVZFFxW}Bl3 zsAVnh-a>5|Yh#p81Zhc3R$bjk?h*EPFo)7fIxl+^vVsrY*sue}%LDQGGz>-=p4S)y zTrTtY7eT1Hh=_}KCUU^sH$0Cg4;&on8`2QQp!eWtgnZQC!0fFPBJi7Td;YgzK~xNT6IJjkg`fjG~udemIzMN75~L;NO$>KNFW zRGSAuDXicc(zOFO8Pmd40-Gn$lF7?P_JPnAU7Y}sEcou|PcStis-CLVMg#KWksPcCpV|t~@eQ;iKAU~Cap{zE zb2C{X`J84Hy;r|v5E=~Mu3d&Dktc)G3%5S2+Uzu+TRpt5TyK7l!9}7WBx@>>BJfI-C%$C<1XwD@W#p~bkMO2B zz5k6nKoqJ>sPDulgmFhkfVA3+4})%-{}9>;1t*Y6$uxy#7K z{=2(Z280>v_6fjAM{S; zC1L$u-i@$7R0*UdNJ!q5BFtr&jTs-J-wtkZH;O{XU-PY^mzGb*!^-!0Jfr~(M6P^W zjU~Y`bt^zYi@+fvBa_}$i5m8=2ox>&`e-#`3!=g%Jjy5 zJlGhrARA~G@;*~#ZJ&sTF3Q8?$5?S^K`Y$*4QKm*B}{|?3XyevSBTFCzc%yEDqiGJ zQY0dUJ)(S#F4-y0u0%K;4~nFMS5c*m>bbmAjRh`}5!$j|JwQ%79^!dl3m365o~%BIJVbFu`UHb&3tXJk-G z(C6aJ?9Df#V;e|16oBp6t0_Q;3$VP$1=O83@AVrgn5db>>k2aQTOnjUbQmhaDH6;KS>ls(}bg455KmXiJuQR)|0dS@d&ZN+BN(C~NCI!SKp7+?tGl`(gDs zDbYE!-)_8KI^41jAx-|Vv4wPUu7=?N1TF@MJL_&-E#r~;-ZZg=uIa~h)Uq4Uv2$Pz zz+)(0VXe8uN?%evNhzLB&zer^9V^3)xDBPq0UthWk=g|6a9yxIfMwVU4NGzEuX*4M zl0{h`gNbLL7j9_fT1vO*zGhiQjU^tUbEY_z92A4{!5qDYo9M?89d%Z=C{;19~|3CHqKpj8Y%wcTaN`i zDzdkXqy9Gn!_q7lz85ZfmM|$q3R|IGc@F|usaT2E$TyF*b+)9N=(l6)8p96^4EwY$ zAOEL0=9TUH6qaG5^?;bGQE`+4|F+)S+-Rtb5ye~WdY?3r%a`#WgvyTqS}Qx)_NpW3 zUKf0}GOslu^xRY)R@Ns6L!k@ev31epUY&=veSn#BHpIuxTh*LZM5TAx|1%*)vbp;p z8V`f;=zsRUc@l6p`<*t`&?8W^}N;lLP zRH!VE!c28|AH>rqp38ALTwnuvP!Nf1$wHx?J%sRtHj)-JNp$m*C<^*7sw{JG0Ty9! z!sxQ2x_?8=h$q9WqwS`Sfz3GwE-RinLh0fvg(cKfdCDOL)|(Bp zSM7m!2%=BE3rgeo@4;YX@AiZY1h7_vgs-tAE50Zc7E|?OfhV#YtRh)Ob@Gj4KP#nN z@3W`GSKe_HvUiS)08E1rENC$?UDZqQBxuKR9JUvRz|ppy2&KXU3EMG0T}~KsAqku~ z#tgt)?R?$Bk0)X46(Abc_%~{ZQjRXIGnwaacvr+4AyF*OO#ZW&1i~b;5Sy*#wT;qG zdf1S|FUmRv(Tr(rQyb|AEfG)F3A�g1OFbIeZx`dlft+>t=gFEj;2k4KqL4R}4t& zjSzXE$fUF7oEgjBh$C>+s6@FDk^u`gvkQchrt&0v`e~-zJ2iX&!^z(K)*#v!PdcG5 zzF%S}bHUphwy~liR#Bfr4q634qSV z5xyzeU<0{Q7rSzh)k<2IF&Qkt+rghm^`a}_>yYHT?&N>K5w3sDq@WTvx&!Hf&zEu7 zZ5-aHN`22vXw^UTYp;@_3O0bx?j|dOYE%F)50<_D*qZf2JbOU8f}AA&<;sRkbYmpP zt`DAaVv&^SQT2xv2J37@lRpE5F6fKVuwEYTFIajGf0l{*A?c>ohxWX>33}7>Ozz)h z#FMmTY4DUVz%_Opnu}wfUhrmQcxHAbr%k{JXs^ut%#U`Ewl2zIvo*MV(*pF){Qct4 z!1@l5**LcE&B^bJnr6{*EAcA5%yd`0HpMdzhcx>M8L}|STJnAOqL0J%^MSuB@Wph2 zMSicYr6mQfR6Ikvs?vzXR%(FTb(igZv+cl&b0E`EAIxU%w*4h`4PX!#9cHX{?a{sS z!5)+GL+%-39l>Rnoq}LKeAQg&=1Z8Pk!;evQw)m+j#FqFL4z=_D1qqla08c1!QPSE!(3tqF{}Y> zX8HcZdIi;Y)u^)fUA~f;V)C#gIW+*~$a(d8?LiZhJ^HvwowcVdCnG|n#JGb;8OuH7 z0u${4JV8#*M1J8Xk(q7#t+O+AzlQG0mZ~M@FOc?q9e^@vqv9u? z$#LbE@!1f-cFRDnz-KXu!U)6iSb6Kyo$scxc?dB4Z6c>O2H$>Sv(Rkqe#3ig&ihUw zkZFwtD*1KeW+iudOl?>?(i(R0rHnVMsAUxVh7Dy=qAP?~)J}RcNh3n$<7I1C)~YeL zLlv)S!~V;d{?4TPzDJ*s+K06hEipm+>0)L6&hhVA>XD}QO#B6UM=;Di{SOOaBx9jg zSv6ZbZ}Fid>?A@{jTBod0eAU(PJ`UMoyM|tUi^D(+QS1WdZ#*Z0+Gr*@D1Ko+y;0` z%GJxucC>8=SjyoZqc>k-UE%!}^cwUa^_ujxEi`?x#l@DJ>rCsnLtGUaH+N1DFqtl| zLtSUuhbbL${h5Wp!7J~w_Ck|;ONo~7agKcQtsWr!J|9Y-ok#Nomnv{Vr}*Fur0cV` zME&Z};K9KupL6+MP@Q2KN09(NCVZWioL|8+zORFYa^zc*;PC{n*0!S&of>tyCS~W+ ze z`S-FXW{s>mFP9}d!RQclcU1UbN-KwK?@-JeQWHj`G%Bmn6+W1d!NoZeRghWV<=tWP zbt0c3_7~(!i5*3@$WRBWy|8$>O0adkiG@YfpZziM z|CZ`99g1nb4cu|0%zy#XVo8x>iB`jR2Id+>#Ct=rC-RJXESAYT$WX?_&wT#f$HF5> zost`!$R+tRJa`66_h3X?N06mSjV!F7y9c-jv_ShhkN;^cHXfa%Wbey?mOi7hv@bLI z1fo}V{yd{IEk_6`$YWo0iv zQ1kJKL~c@cspNhay=R2cV-u1S$(O&~S zrjc(YA&AC9!FcYEUiTLN%Ktt7AK$UT&W3eXm;6^gk8 zutO)hINUn!6+|=l^vAJU&|)5s-$UxQqjsGIiD5EE4?3c?3%xIlkpXJkamibhKXkN8 z*#USf;%aAJ_D#7=iIuObzx=8}B5NlH+?#ugq}^L$gZb*;wEUy;`gd7dODqNNLeReO zk#z=ff9RjbPVyqkbDYQAU4-pJ@j6pq!74fl5 zs!cxsY5ZTc=QAfKF$I#mNAX6K-y+vEBwL7lYy9SAPef{{Zt=rfMjCn?(ebh!Mp_Ya zp=fNC-DgLbMmo{!@{%*h%_il|oT$v% z77K0dY;=ZTGW{bLK1=^E9s7&O6r2Gq?DEGAOAtl!G6+6?E9$NL+5le<`}>(@&*drF ze1c&kmro|f zqCmAmj*$U1aQgp$!VBZ`qOoofWrMIQ8+1**OGbmrLG1pY zu+W)baLO9`r7iSU%+|#*xl+vCPL@g7*o4RxmgS1KQ{&X}9;W#xhP-Vq8i~eyMGn;E67TFwgk2t#vU4pHOhWI&qwKVpx zY0P!hPk-WWN!8HHSbn5`;3LyNc_xZU^Dz2yn;OP6(U!K!*~ygArhr(e>??VdnFFsy zM$Ek#Vz(Sy;KEjZepYdjzrYR<$;4rXZwKeu1iZRi2z%CQsgqt=1i7D@B;5Pz!6tRL z3*GEz(?kuG*1(+?nK_j_Yj%s zP^!0B2QWLzPu#u>aLEdOR)P=G`1McJ*>MmU4J4lF4mM$CM7gxA+rI&_MXtWX8X7+ zhW0s`s^21wf9GVZim+isP!M}E^Lpi>f`VbF%ROIGa(=ztNTksf zxRdn!mX9r8sR}zLObWVx0H9+)QK5)NSe$BJ!eo`o%MaWSdrevnbc#Qt+I1pSm&(p( zk@SP0IeAO=ENw!+&_8lj<5eZ%MDfH1ZEmSy4v2@{sAxykm22DSF zT95Yuu7eE+?M{5Y|EN%d58-wOiBHGj_}ZOj2?%}JD|OshxdA#wT_Fs@+p8!Rb1CUL3(3)D6u(a@t_zY@c27QXvA*%S1YLl% z)Z5z#a+-2e%C3i2=@qs03O`nxPna{dof4a6N`9m-x=Q1Moj;z@f^W67G(^e>blSGG$_v4{2AH+{(gHh2Z{DGaUKoYc#I_C}ljb=D zTl&NOZC|Dd2V!@K37XN$A4}>P)q$rKhSl1*q94#!yH_pEk_^mqdQT5Bd^1% zev(pWhdI|}V4(U7&c>ItaxMg6BcBSy4DH%VyTLCU;lkbco*E2yr5$6xasp^X{!EI) zT>D~jpKHh6cd@G`uh4m9)sc8;wJP{?AtQ3BXlE-KW*>~OJG<{#gVCnj5uCC*ZIQ5- zC!SG|;)s#(7~Ir<%CMN@hK^+8scqGV3NHJ5*c!HOa(A1_)`E7E>KKQZ%_~ z-pz;r93WT6uZEgYBI(_z&NaQ2I0WMjmsN$~!3cIN8>x)M(i*27R|J0JB)Un{hr^oy0vo-REdnUOE9lSAvZjJf1v97cn8L zwwZjVqOc6|i1@;@qexuJ)F&z7OI%EjgpW}cKk~54dvy#ViT8w->s>Ot9KAIP;SGKJ zhOxbcmMpU4P;<~h#zpTwIh8*|ZF|u14~Mw(Bo~>HK9R?U*2_7ZdD>nc{M2K|m9^be z?N6)=xMOP;wO@W|{Ge`R$??#-2zPU(EU6J+bSRd3mWG;GdGlePWuixA3eRNA3pg_{ z^cWI!irEk3}jaMZwt!GaWKI!sZl8H1p+ z=6MNW{UB2#2h@}0(+eHUx`3+u2EYmxB>>V6#@Vrw3wW>4ehy(V&Z&TIM8EY*wIDnl z0USibmK7PHZTEMylt4`@TP~Mh-j-fZl}Srk4Tnz(J89by+ikXgkkXz6I%WyKN^&xb>}qdLTZ~r z)dYIEL9ac9ep&j73u|&G>{v|RLk$CJv5xIm&z6(4|9ok|aHqE-D{h~Uk!>Eg zf=S#2{bk-J6fO?`KTEf-y9Wo&z? z%r_c}IyWUcL!lfxHFq4SlswYyjdKkc#HdCoSKi>TTN-b57O0E4Faq(^Gb<4c^Tsk_ z`~TRT5?OTxzge_L8z^daXFK{jy}@@nmnnFFvk3=bqczEVB8ho^3Yz1p_!s@UW059? zUR*Bp>SM-uj>!jZqb@?4An0U*2x?4`v*;UMrBCbwMXXETXn3v4r|!B(%Qo7<;B^S_ z5CR^{xApzVhc`M+ehhvebQ~)t^+WJ2*K}a%>ULxIj_wrYO* z!7h_zVkjao($Z}0_%>($Mw&&th02})4Zl#d>!LlnYrzISd{r{LAzSkiX9qA6Be9k6 z5q2APpgM9Dyn-}n z9f3&!*P!oCprIb+$oAwwb|ZrQ;gDID+khSUC8F=z%$7Qp977k9p+Ee=svAbMgu%N9 z^x`|5(*+G3-gejQA$o^WSb__bdQ%Ul6a+A$rl}!7x*R_MJd}3sPJ&Qfx;*&o{M(?w z^R$ylfm8X{P4Y-$L3Cl=3H#(t)*@2{r*quWp0M$58leHm04o&9GNG8Tgk*AhR^cXN z@3r#-{7YBR(!N74a*uX69(i=we(6lJpBQ>WUy2r%ESoF5i$sbi&$d?DQBug?n5YaS zo98yz%7T!mQH~nZo_j6=$l*hZF@4;fX!y$`3)L z_f=Fy`iRJ|0()|_xW(zDFmZhF@IKrOCkacVzU0|%yp~}Z^6OjuehKeub7l@YDTnH~ z^C%JC{M~8=G0as~@E9cFG^B?a=%3uos+2CqkYuI7hNP6UD~-$4gH4M4 zvC{vjYI*ARdCCM)t9511hHJz&)$sIKYYu1G#U4fo(XI~oQ&4dC7TpxiTlCsx&$7fx zEpI^4&hYU^#5bcW-IA1(#|(h_j-b9B6_ZOIbPC@1^9+I$eGeSmf*JqH=G}x~8Iteg zZuv!W+1DD!px!CIjhr#~^)Bdu+#GGQe;hCH`CSQ!*w3T6G=Iq92m&;faM#t#QHYV` z>>5f!aVucK^|9B2Pg2GcnA7mJ9k6SzZrS$8o+aK}IPxD2d-gDDgRu7h9A*ZvWy}Oz z4M>iEhSJE`$jk|}8sES-_rLR<>X!kPZgz@^L z>>j0Pbc|s{%g!LcEQW_)(KIynUG=UJI6QIi_~U^|z}GCknJ@o2)M)Oerd=!NPPTcQ zxq^FfIO@|Rwhl*4Es}L+)Rj9_>}HQfSmTzRqLBeO~--!50i}oawOD*9b-*KhbVr!bqgOnF-vb2HX z`Vo~fmTzVsr8?E*vw_kUy*+n8ej7)lCyouWKde>_OKTI`U`Dm%js2z(9y${5nRlb=|Jy`-!D`NTxj;ql ztYELGb5TjK>T^XyH$>|(V64&m4ObEUn%zWOwAuGDat0#ZY6iHp@T2(HD)|+n;;i7A zNDiKWi?jNz3eCMz00I~3YEVXXX96HDBlimNNPOKO{cmiQp$4_!U=);lBKjEMC3y<)~!l;to_Ggd%A})V-F=^N{ zhykmW%07m+9c?Bn@3k>2bGK{GfM1cuC#g@^?~q^8)}e2$NNYvtUDtalWLt!KP|MQn z*Hz*w_$;Rc;$WmBTmn)=3R`_GRIU)(t_712Ls6*cze}O@6@!)jWm7mN7&bpZP}yc{ zqqD-I?eu&!v&Ryh5k%+Fv_+-oahif@v6D={{1;)2kh?8~JzBFMbIDBwf%t2MPr#HP zyips@8!kojIsvm#|3M5SeoZ1p^m_1WPtv1&<+;6Mr$zJEMuLi8yU&-iF+aCuv8<7Ni4{wbY`AGKoawY5P zId%rlQwY~G_Rg>bkeKN)AAi`uf@PvMa;lV8#=@}WxDi55L06)ir>X_8n(*L3_;Lni z9LPSu`NgC9@B`qQH}*`h$aNlv;1_wHJUF5JS->4<2}oq7PGP9gU1E6w4Nb#{=Kw+>h6 zfprX*zdA_sA`7nI2=Ok}ykt;j^8?mi0`*&`bx6-F($&!A0+XvSKoT&p=BLo~p$boX z#bV+vAi4{sSb9mU%+KZ?(w`9QCmD+7%$BuU=mI+Y3 zC%HSC7$94ez<(91$n^^?#&T}APR8^(Un)G$j3A1l5!ce70~k3QR1`c~!PJHTG$tGx@Dt zU~tfEpT2_yhkgN}xJR<8FGT5RJq=Wz|L#;7zT?WP-aa22F*R_oD8-ehz`T~XI$g81 znA2YRJj$Eb-BS}~v|wt{Q5+h(7hI4V`CNa21fwSkzt*1f3}(bu9iI2GKd`V=696{x zJE7w$D=QyVP;#1W;RYcEeTlS;f1psC-@Ap^|4D2;Dq}*pAO~Q4UWm7>l(yd7f241D z(cp^p6h=6+N)o*(y8L+R5|4DAJrTPYFwLi#?;|{q{oaEH#Xl^YNr)@|MSA&ae{M7( zGODgHC-YE*G)Lz_%GM9NxWK{`!56Q2Ac(01a^4%J_caFolZ5lo6R^V=_qqp`t}LUv zvy~virX4q)kU_A$3LFDqo*F~GZOjpFkMmo0l#zZjN-9Qn@JGHdxIr-A$+I(sy<>Y$ zP1mQUJ>o-E#y09HmZ#-^eS6Ivz{(Rx_pu+--YAeo;SZ{pAXgbX$|JFNhJ$o%bf_W5 z%&TL|di)%4Jq6_gGi3tFzs9&*<1;+z9s-&`ODw14CuKhkfE(epH{7;L)WMH*I~C;3a(n^}pr61&HAHGWKt59w!r} zb}u8qrrcE~^d4|6!&ixTQ3|2Ui*oLBQ7pC*1g2h4yx6oWM%9{dR~e}m3mh0|DnWQ0 z{?zM?^xwd|K?AO4=mT)iMZC5fq$G;!Z5r{yBuvm66$eykdt2Il(#c}>i#t*-u}}&d z43Upp>j{8}brwp3uQm0(Dk}S&UxN=~>-;J)DVy~_IGq+M-0(4yLJ zOq~Kk<$NmzCL*}uy>fJ!&eZ1G^wJ5wZsAidE4foH^bZ)up)@Q4%$vo+Ml3@4)&n@A zs1#gJ_pcZzi=YsIzphohL$mb|Ag@^dLhc0b%(6R6X76`|c z8=x+i5V}3dob93iLeP8SVC1sw z^dGtS+r%rERvLn;Bc z5ojvhi&?Dk4|bL)LBG)|WlaSI5TcUQQ4tE?4-qqQIe)DW5MUXMl9h~NGw^#Q$dPR9 z9Y5?{66P7&coC66@UaItXG)OT-agsQ?duC#dKgtfoighpN6`0?vvBdA2}$%Q_?gOS zdNKWNm!vc++rvm5#ghK$4^C>sXqFgsB-Tfu3F5QjEq7D_w+ zu^?7s_sy;ms%u)PQRH6&|*`7In1&qEz{}+?!|o z%$0%f@XFBHP0|dAXTS$Re1!s_o~Z$2FZht;d1cr)k{slUW#F-S9{rR3`dns$2821l)LvX!xhfYjt+6%goD6?N~ z(u?uZ>)RY6)u{vVCY3Lyuu;C+hEaBikj``T>2_0E*jrl*fbHW1=D|%;l_(@$(G#2PVEpVf>{`Acb|Gr0JENXd(1AD9 zg=^TWHSdIj?jJ@xqe_u%eP6Q4G;y8K zh(7My&zW`P2cfsdQ5#|C=UpGFs!;3s>gs9?_w z7(G3|n8NW=@s8wRuqn8)V79oM##LYOKBu3Ecp&fW8DGbq5-TWRE1R*$Fh{@cC-btt zz;nr2_MPjP+reeQ6G_pW8lCslef5ALC^=?t0t69Bgn8ljzC9%vRz5#BG)p`|;AAY; zMpauYcEwkDGPSMqjg^w{(92!Ey-)T;bVV$6fj|H|K*YZtg2St{dDj`~o98VIy?8Dp zN@;`@$#xU=lx=mSm?zvcyr<0jq413m8B>Q|oryjvt^w@gk#IGV@1!WnWza76hl!%q zz@zF4j4nDc3R~!_o^AArI(?}vy`G5Dx{N;%Y666mUpv@`ik}ryl>+av)*vF=&l~kj;qGmK8{#lN+Ifp;RU{-{PE80x5nmJzj`L%S7 zUL}%m3++As3Z7g9{xNLFVn!=%M4-BbQC;xuzKgH8xQ&l-rpHr;-Twg3i?sd}K;fxe z+xNWuxBb}J=iFk*`?+)5h;lacr@Khx8&@^3Z$Y;8 zqLGNCU5^`>p!)l?|B#jd+r}9-x7xdl=vISrb3)X{HSAO5*zk7!DT>0XR3%(@@Z?oo zov-&OO|9sNrc}?m-)*M~=oqktlX}AmxwFWREU=lO%j=JIj37IYI7ORW@Q}Ll-h_pG z*QIxtX*TU5xLFxlr|*OanmH})~Hiu{lGG1ZCVyZrOUWNk}dH( z>WFQe#jtIVFg3{z-)zk6_y$HvnRqzH{ATT^Os+MG7cK&k!@j5N=E~bBgx188Q83Ox z&F>O+CD#OtAg-KmHrm{|Y=v0xBu(570C_@%zvl8}>fZ_6l@jPZZ1S5oheR9HsWtI! zZ7jA>DuV^kUi-2QPc8(JJN;f?%J^{Y#{Ex>%&9H43teR79~}V6i}jY31#%Hiyzt0U zgrJz?(x6KH-bqgoI{sUMd$UO8%sT5-Nd?q|LUoR_Pa8CQQK~(R`u7WI>?mn3L2S;3 zBeRwS&8@8vRUEzn`TDg>=Vwm9g_&I8c=ozHEt;#>Y9dWiSn2wG4G938!q`!VIrXIr zEhe}+-MsvYI|QBSDJMBsI+VPwJ0?-@H7SN5lg{d&dx31Q1N@$2+<_f5eZD#9d4m)( ziD=u+t!@JMp%G%*Ud++-Ustm8<~paR_Q=mbgS6FQUYdu4ybh&7?Xj%I`q&3N$PA`g zkQuncN{z|h{>TiTA~(1kxhJ&Jkpv6=Y^He91~+7@T!~aE!#^Woz4|#q44~l@y{lbFp{|lToq^$N z05qJ~_5|E;3WT(#v{xlYz#+Y0-fB!#a$x@g&j;o<+>F_ZsVse@31;>69vw%&psi%` zBWC!#wp^a7hXxF{Y#cxr@+5)DH58`QUt@`ZrjFUEueguWEi%VtwlI}L`?JBb0n8H5 zh4yj*h5-x59XVJVBJLHrB-CO?w0V{LjAGC4>=rj47646LZV>@!#Oo)Ves-Z9p$@uUS4;p$QWO>bw{s(m_HE8O ztT((}{@=rONe7Ce+ee|IWsyUp)*>-ZZW)Cm8{euX0^Y6n;b>7#BK&!%CLk6}3 ztnORj-&1bQ%_TFuV(9Vm!vjxuA$bqo8_ZHgA#%!>>PGCG@JgEJ$D4~~p+{4(buX_q zZ+X&dHN;Uska?A?U1d7MqupsHqe@YTE<8|OLETd~Hxr@Xcu#c;b4CR}*Tp2_wX+O% z8EIi?jITTTQY93P6QR7H_3LSN@r$t<-6h|fKK15RRMBk9^9#%bfRN~wN$*=(!J0}C zs9BW$@IDf#7Gu^)I8^!Pv@OGPRCt~Z3DPbu2L+#?Se7-y=Y;Yx>7+9Wu_J)Xk(JL1C5YIP^im)B;bpi9vBLO zmsjh75fY#4y_uX|S|s zLZp!ep&2VPX7jAf7TN72P>Pi_Ma(q5OBfsmnRZ!$Qi+LUTo65Ft^8hl-UgA{QWU0& zrdl(g1iJc9iF|!C_K>NL{?yK$C|8UowzDWU>>;YciExwok<(^A9&YrbvT0*|%`&I7 zA`mP$vfYnkexp&08E_k*^Q<+!O zHT!s(&fs7P->LPOOnOouImmrf!MwV{#)`{QjjnK{oPr{vDgB4pjfaW^KGHE5G>Byq` z4wga%YK#VP?ya*cR7DF{n+XP|)_CIdwJXtuLue^v_V$X`GsY-{h_lnjSeHNB31>S@ z8jKw@PTHOp(xwxZ7%xw~Hl@wiPAdSKxdUN$(fGZWxqV)C5SY_unT{`PYfFop8>2!7 zf}K#&VxDJF7XSE=8~`8zO5-*z2En0F8to+DjP>YrCf5KH`W+8H7%fVBCf|T&x3e{Z zotL!|lN4c!%damT4bPO%)QK(xvsesLgzTF!4XR;NCUzz&t%tmi0;6xpZ)w4;;n!ws&~nWRljZA} zHFO)yP(|`(?4`N1lM^G(`F#f4)FMhF0Gt2Hm7v|2!N~w&pmn?(mG+#I$f;lzbiYyl zUNTS!lmJFvo>xztB`?}`D!GSTGwHQLdw zAk6}}w`g^B%4fsz91jKLeY_9Jn_9@5G7zERqQrBfsgnb(w=zPuDXo1LuzpwdvWmBq z0rLbFi!>?duav3_LPKRi-PrqgF3qQuv{CkNY%`e#(f@H)YKfYc%+g$)iiuWzUv8t z+lH=XjC?Q%?Px}-To&gBIqcK4i$!p;hPj);#y&1h?F0j^Mo9C;BA1_Rpp|x!3LL9U z7ju7X{ipE!0!Z;O9bgxh)NkvOr)aVW_|&>**~_@ z{H}=j$j0w@5gLd}+G}sOIC7@40pSb3@)Vq}XVX?Sbs%P?F?dT53g+2)yIIOuJEv)- zl2gP>$@Z95=u&!7RoAVqr9EVYgd12Y)eP+#XX*JFye9XcPQUx;QZdlkKz(qx9rf1F z;O6#Y*@Q4-uYP7#+?>trZ`DLDEBUu`6f2fawmB~Qzx;9bZjV5HiqGHpbuj9lC75QF zs_=xO*gt)SP@?>^9%-E>Uwd^R-le#cAV9+MrftCMSu^?5Gn{j>J}Gz+<%ZV0aOb1a z?nAF=ER*-5y#PIMjz$7i^9taouI;ZmNjcy<+lo?fymt$%MqEn5ziU?{tsw5FDe8%StJQ138amLO_ z`e$!X({r=qdvZ4YdDK-@fek#N?kJ??UcIpvU+VsA(+cBFAmms1o;x*aPG+ym>rc@p z5;KQf%U55vjQNL7LEQ{qA*Nv4Kop3kWoW@?s#2>)8t;=3Wb7`xy34$izO4h=WIMv3 z#A@i^3ZQyl<^dG^9+V45bT#yydDhrk5ZGl8skqNffxUmK-91O@`=@D0(y*jRwP{HtW0yALXHvbjTv1n)gN6xr^O|8?g~qB^UEK#;t9%G6(A z`(4N4WTiBV4>p41e4lkCS6IJ@$pzcCY}8n69o82qddndFk>vOkKm)=NdUA@kw#$64 zZ}^4-Ae!L*%*KmcHR^u5O8<6!h*FBGs>-WP$)O{!iVVz=3=SecYAnYzN)$2@-wVRL z8{Q70+CndG6$PMl4Ddn3ON>i%wxveDq{&u$1C>Bm8&~r`r8a1^!6$ixc#HWY7RNJ1 zY9&-+mf?QT3%h#q{abBZ{AAD9cY4k6QO6Z&H1(K=5|H)TUyB|1s0}N3kbN(X_^cRQ z%`(1s*E7HU>0ay7*IWn+6%in_`z&xR=#0pP+w0)A7uEqDJkFydtTS^~j$uJCYukPm zkNwb{u+az3bJ}Y-ctNdL!VoFg^cN=0&w@`9a2ILsjb1Oz%nZZ0P$h7JT33!5>S~31 zS(K}>?=OP8j^iZkyeL@+afrE(5j{qL|7yp(!}TW16gJ@d-Hxl&?k&&2n^)_|L9RQ= z6-)rkvZL%eU9S5^v6>za&ovTf!G*$}G^zWocVv9EYm;oF#=K4GWQ!k%d!~`4V*Ai2 z^(NWDf#5)$T1(jS_UaKaM7Cw6`ICtvix`6}lJ(0Bm*Mk0t1x@`s(SjE2Vt_ZPO5Y8 z}PQ z)8(qCc_vQM#KGkaJpp!bDYgZ>y7*8nyYFUh;;X@P_lijJBDB=+b)`FI0$mW~SCpnx ziwd@WJC{Yt2mm2s`>SS4hBA&F00{$G3~6}bG74w{c_ealAlwd}V!!6o)c5`jc8cNBbkR)(YG@fx*)5Ku8MiURU0)QqTZ zAE2bk7+8KK*p)u^7MoGD5c-bYzYwVn;B$%XspJn_chE`g3=yVpqw{Z3A6Aq5u^#($ zD^gd4N01C`#=W>}1R>MUSFM1|qJ(HIH@2yUHT)-h&FJ*4?Ydz!@IrE78YNa8l;D-A z(MFkZ*aRNs_DJYu6EPlY05dP<1LYl1!N)-r-ukTc`pK$IaSP2vmsnU1cg;}>Y1mIx zZ2>U=?I8SML`2(UuM+1!fYi;tG}h@EikC2{N5G5VGY2T4>?FS}vIf^IjN=MCxfhT% zTPgutuJzz@jKf1Yqi+{i>Stkiu}SKyx1X2##m3?gebTYCdfu-i#KK{{Sks1=_!MUA zS#)oIYk^%#dk!`UPoy#AOpyu0GN31n*yHWWiq@sh4%i(-sS!Z9*=#U#%6xq5Ft@YO zDc$-Y)3Z1JTZ@H*TpcC0lhI7SQrS`y(;vzlQNa62#-B%1sqP6HLg$(E zk(jQ6X4t1(5V=^ZG&|cm;%6yXyuj+rM?|iP^=kEdd}f@H*WC4Bu@~%`ysgUJpL=QS z^=C9jLGzdkFB4~}_wk3Z80$(Q9eVzd_c9c8Jg){7#GsMo`DInR!y8YucN)|XmflOK z#jMlEa`7S}0(F&ttts=-(Z@d-JwW3TiY`Hn`6_RXdHpF%7aag#fBLnCM}*PI_; zTC~b3mfJzVJn?CTL1^Oieo#Qm7g9}lE0A3?NN({z`)wp+Fp z^u5T3E%ENc0b>IX^-Q{BNu zDNUYfwd)-tm{{D(-~fN8$NWj(4q85^zk3Cf(M);*&3=n78UYl>vouE$Xnbd9w;iD8 zPd_JqUcT9h?+BO(F3Tm-2SJ|IeWLgA$+;1NVaKmiS&@O}XS`tpCKLyM3tfgPXC(*c z5Ewjay~=A19?CmDype@K!7H$#IimY9S?=E8(UHBF( zZc-N+u%c7V#7eXvFe4_#9mAr!YIG<-OdTm?kb^N%3E5iiQSnH>fmRrMS%2lsLex}9 zu)#Wfalw(|Y2B<+!5fAHeTz=)OiwjB+q%xG7&Y5Y?9ibGU?uJKI^PinOJr_rqpZ`}hJ zv!)KTHLmJarB9AX7EUfWRec1Xm<(<&;J3BONhWrc)6yGj_M@)H=T2a$miWePC;vt^ z(YjzL_2=-Ll1sFFA;^*~g2Ab-W6t%W{iRfqv9F@grX7HlOh+zAOTrPh&~llk;MCm?$Dj=GA?YDztUM-PWj#3WN6%TWp?hoAtPS>#0HvP@A$N* zRrr8%-59C+h{mpqV8W`qLJvSQ5Ad_2tVP{D-c!xReMBbmK8>m*7xB6Jt!ppEezn~Kxef{#uYkrUqM0LGUt z-F3mCP?&JVHBhcHph1w9YY3utJ5&A3{^-Kj8>hS0XZxKA=8n~}*@a35Ei{Wd_$DL>wM8AD1ctEc|4*UebEQS%^o-XjRv$vt34_*rK zfb2GjBc`k{nho><1;0G_O^PurXvBd=bS9h*7*KWxgDi) z>`XDkAdp%bStU7S7WlMnBN@Z)w!DEa%rDR6hmq|)cSvuk?qS*D`j zC~^k4kED0lm^01QKM!33kNu>+D}1glH7TjtO3%e2xbnhWferLI0An+o^9dq|BXXFx#F>Nw?f&=(Dlu80Q3}d+8Qj{^5 zsFusBe1@a#VL6J{%KyZ7u;N$@`WdNBV_j4|i6UO{nzniG5UY!TJw3csH!S!?2QaJ1 zie*ZCwm2ujf+6QXId;UePvn?~M!t7DU-+jN@_hu{E!kOK#nd?@jZNn0b)?+R7Mse4 z4b3E{{tZ;6S^eZSdPXTaPc)R6ZMq)CN$G*!^1|h%YX<7tv&YB?6sE{OpWe_0kNDqu z3eI&q^&G*w)rY+M%zC?@;{C0ACXPj+R>C>pXg0JQUHun)i~A;DD+a20uO{T~1iz2h z&;lR_+OJrjZqq1XYmfkA$4k|m|8QnA}}GYCWJgURP^9<5(5^(Ygxe4P*L z_tkhEM2n`IZ*sgfo;z!x@gF`}RRUF_6~VsWJ=85#M)0V+tEWgTGw}{@QIP>tuQzmQ>AvLcSe;i3m32)zUbGcc_6c zHjoyDs8UUS(X|A+?;P@CQgciq2PZ_D9~Z_mY?cSVuoeg&k*IsysYN#fS?X^vXOE}A z;PFruHU2$0*vDM=lKA4EtVyEiINb>QkurR0PgZ<yI5T6m4ec>J4rZ$X7T|6~(-y@Da zI`gU&ll8iIz;)m;Jj&5VI-qMkE&l`o&6Pi z?No)9KFPGZ%(+$4Ue z@UD&_Z@nKRm6k-TBN7}4aIwi}Z>(yyA&-U@A-BBvqmR8bb{uK8GrhJ3b9ov#W=E22 z+ju~wOhgiD%ux_+sgW+wHTvB|M`-0YNB6VZ#l_E@^la%KKi|Qcj|)gUp>YKaJbOAz z)w8}YnY+zhX*R$$I$J@q-1VSRn(Y%rv{`r6_|r2Bz^NZXG{!X~mAUZuML#iB4h*hl6c+<}Vs ze)m@hn@SoJG^5oK^^?;n`AVt48tkUp3tT$9?bp(XljNVemq%f{v^7J!Gd1{fXiXfM zwvPph=kB}h8WIWn+?~<6&fQJZTeKUb#7mX{xq!SaRJLp#eG}PE#Q{A?+ZK=;F5)O< zyaB~uYhKlZ5`*1CQjPI*IJo)z;#gjv^*sHj?ra#xIjw6bFZ*_0;?c^Trh@h3!yLY_A|~yw7a4`rBzNm>vy&sStjAiemMv)1i3j&SW z8Dt?HYLO^e7}Zs->RuM}N@#W8S?^BR)ntQH8aq~S6(CNv|L;s|r@Ps7+=2#r*vr2B zY!Q?30;B*AeY2k?YhjMg;9IVLC#p`0ELalKVl; zp+zEDHi=A|!H&8d4skZGYX$gVup-i@5&k~1S7E+%Q-anEPb;f$v{)lia~)hh z$(g$_vO-tO8Urmns4p%`xOkZRE6E!-Y-M$VoFAtip#TFMqLlX(nCI#U##9;? zPm@_P@^4< zsb*VLrBf3@zx(u^iU^paJakeO7gsH~-b}&Kf+EwTcsS#>=L!NyodRy-P`9Z!`$t&d z891J@EP;0T@E1DLjuWkf4wbX;fJA$3;Cj|C^scDi_Bu0CBYmQJc_|OFHX;H-0XSWDDYpe{=i_Z{0OAh5I(PX&aXAP#3F}d3%_dpu&6y+!8OCl zEG5n@n|Z2b-tgyyV!Z9(>|%%S`*SCSD40Yug*dLm^N^b?vQ{2*5*QiS@G)p}m400y zUBN-tNR5HRd=)&V#YOdOrl} zpWcaUHBvX30}h|LaCworN5~X*XTVNU={(8)ASDu;__`z35_a5n8!_9oZpuwKDzfEYZm)ReH@_c?a`#2-aC({2$Q(@wesc-*@b^sbPc?Va% zuk+ys#X-_Tqhg!heYws3>M*XLgy{xqec!!LfEK^W#A9L8qHzQlUS$(8uBco8fHAmN zD{d_MzUtt287D{_m+F5rRmJo9%Yh}NB5)5h;}G{4!VBKvs9G-e-U?*yK#4+0kvOsz z!wi*G1#&awl}4BW!Kr7trNa5PlXo zcDYb~PN<6L?}2Qpm4)1}xAUP4E}tEr2u9u~r-I$OIluE7NF;`3d1^IzQlR3_Zf~ z+m(f+I2a;oi-dOMbGE@Xn&w021BFJ|nIyC-rwi%nQ~;`C5h+N#@e_?TCV%?3aT#4` z9i?YJsT9$e357x6VI>7lV4q`I7zkYzNn8gq980!mJ2avyYCiR6DPBYy-~_32 z7bp9@bB%~73*_N^8-1zj_BDPkm!PkyDtBSfS$rRQ#K%fQntPk)N)jP%$Lu1z^UqoZ z(^$xa$$I^ZoOmR_0^KxJ{Cl-Q>Z#n2-?!qE0Vkk$IjTx!~2!Vc<3}yd?;O|MsSJn_l*T1SVT9H~0Zbz*YfBGq+c`tA>A7 z5ky;a4(;QJE^{*~4QMyRAHm5n%fFeW!~s&NQTT$gmETQ;irPZcwC$Zl+|3WM&q^fG zLI8;@7jXQ?%5pH9KL+TWg{I9K_2N-~JTXJkc$GcZr17ItZqD#zdRutfElesz6=QZT zdo7+jqjK5g{}_VACkw`Wk)0HTI0(m&%pOKBZ!`p4sZd5?^8M-StY-GXH?=ihgS@(k z(Gyl=KFQ(5I?l?78WA5A1hDy(`o-G^TLY!X*GZmWr;e3V!1NQ4*R&=Dy)QmlyI$UA zHw-RJwD^2(cs`hni~MqL*ZD{zW1FjQS*&pDfiBQk_t+Oin|31g|8#N()nhQ9tmqFk zPj9UCx)ceu(b;m&TqV4>gjs{Lj{~KAr$1d36RVG{#-q)8XoNj#Qlm)6GJxYJnMbQX z=L|#oDK@QnB$ULyjen_#`0}r{(ACwTsI4Yd_?am};BRFhzBLgiNSR#-*jssrm8Rby1 zk#$1HWhlDbNZXTvUb4>;jBx5ZW3IH_A^3suE)cHT*@>VeFp`~}>S~9eEfU0W37p}( zJL+Q^42^FAc7TaH6St#g9s8GrvE%c{MQ=BNuD-reA;N zjC6+1_JLS|5R2977}L(dlQZ-3TX$lH@^6EE1j)d9VK0tKuPgGyrlxHd-k#ETW7-E6 zAz!6Hk>gSnRyd1=Ry-U2XTsABdLmVQ-Alk`2~I%fRsPcZy!@Q%NzZ{g74LH9=JFe+Z4T3+9aXXrq zpfyS)uW+cY0;xu>ncTj7_58W1ljpa2Kg#lSDC@o*Bl5Vdh2Lan4h8~aRMqQO(jYT7 z;UbNBK3DzO?R~cE^@U$3$yMu$6V|K>@P%mDq#b#ABVVvYXM$c9?MOu^==J5ExM8-1 z%t+OriH60Az&CIuvJ5HtZ!kxj^z3&A>n^%hwW7)qk}_-9(R(vFjwL24k;2G%wW-BT z=0X{Chdo3V3_ub1_@c>c4o>TyHEEoIOCb!-b8^1nffcrdf%}?5{|3!;oelw^tnQ<% z-^Ul6E2?9F(`?9e{}e`Zv&5B!%wi9j$^hP@xL`2kF<9xE+ zf`jfR9awyvj$@rQ#oQOqJ+3IXt8;?xNAMx|CMgjebQ(!ecZ5k1x!>UZVW)p+t2Ly4 zB7h|>=Rx6Y*^uOk!zE>Tb$%M7C0EG{2K^usk!Qso z)(eY3JUVW1sq5?L_iN2DaJJ^Yrff2&*Fo}`RyCDioirK%*V{_&k>rW0YQHrLMs;r! z^mYJ$J=$cFx)_?#i=wAu&C;@NamitaAC$VyT}r;Ai&0P&(qetjg2~e$P=UH5o#Hkh zoE4^kQ*ZgPDVeY1`EV(1eQZg>KS82rv_ zmYBoC0B&O#L$g%3kr_MnXrZ=mmcUqADB}oqW!=|a`luaf8_EJ?EhnGOhQ2yroO~83 zTtj1%LMmFs!S@tM&B`L0B4T9}3`aXMF=SG-800q98cxkXz&n!xJ>3sOBambV-fccT zu_Ki(?_>o_PrP}M1u+ebSUr7%XK8FnUpo?sVD@=Bu$u5To)oh0Te}cS%46{Zm?4GxHK?9cRiKaoAYZ>BPHy|m7LO33CiRgWT^ny19=nrSbio)noW zaA6p75sqwaQf^d5Pf2vG{^#$BIkh}1F|aS>4(6h{BS;Qs4gFa7ZDTA+eyhssa7HZC z{Bqzx9Zoc|W@>sx{@gc@Dj&$+)%ifHKKRvPJOtnIb|Cu|Pah%L9N=Rvk&1j4ErP|rz=@H8mGZCYK9OULL(YRfA0 z+zb|Yxo9;yb!1a|aqH1+N7X1w5xkF#KfGWA?6$`A(Uj=+o6WNrCkSg&zkd-Ds8acJ z^;?t?uw>{fWSa>>rH=82;*3-Win4GgoE%&!C=WT8!v<2zLuxK(_}aRTb1P702TY*( zj{dqQ1g`cQFGJdNJ3x&mXo4LlR~tu@tdWZWAH{aEX=n)n(tX8k0l|4&rGRXJUNj@N zh#=SLNkh_!;P#w819~yl>iEcWof^hlJz5X($in$Z2bF6G-xMTAlABbn-;9BIzZIln zdZ#2kb}6#cpY<)dM9&}Rjt@nEhM5Z6{oP|H^1Nu4dWb>U zPo2)q!P-NcxMPb&VNVr}JC~di(4@V0mPA~|(0zQv(yO~AS7WKBWAoRo@?(Bm-|=%U zf;Y~caUZ#|YN6%fJQko^BbZ3!trg|=GMsht&+Zk5`0?VU&a0;D84YX;oQ@&sqslJ3!PgL6)ewH|Ehi^9tL1&;Dgiy?$84Q_0H(Dza-7M9=- z@Jtif!;FmNn&mM{f_u1MX5|W8rzX9!TJbL2Wfyo`^{(q7#$xBz-W`ss8gFD)EJu!|Ho z5#-GXLFG^l$7pE*krGGU;qKfkXG6wE$l}b(z)r74pKD2KECe)Q^EL=7>SAmQkn^Dw zK=tuHW0U&llWnJR3bP~AQRM0mwaD)OhwlWva>1`o2S7+{8y?#`0s_9~q16!Ku3Bal zuHhscC!L&piS`cq2eu-eDrTSoNAV(O&Sb+FO!pymZ4^cXxT~n2PI`AaC*0)QMWx` zj`<1o0N-?EiM{J69$%-MQPtk7=bKS<5Jb1gxLDHzso4+?3$XxAw^G_Dv9OY31j%&^ zn4&~yZ29-7uCN8eGWjeR9YQVy$~H!xP+k1?-*(nt;2+CJ3zn#xkwV64ZQf-81|!fw znzFdoPV_r?y_nE$`x#EiBVoS(_X!_hI!fZ8#fh$mDy#)woKA)Z0A4IP{hkkn-WyTk ze`cS;k0~*PZ9vcUUC_XJ$Pf$p67V6Fa8f zX;byx@4~Myxnry(Z}7ix-D;9jo5np9SQRU>s;R7UIsH@#zj029~~

      ?zc^D!kAPi62M8j6+A~o@bpgR_GiP zx=yl(D54;BjK@sY$wydud$Mes8)8swt0I8k_?rm_9okO7>tgsw7Cd0#?J_6PP?VZn z4-Tjq{In^wRDUJn6$M5`#`|kpU6097N zX;hZ%LIPDSegWVql6IdCg_xIRj|V?v?@{+mNz{k?5bjacqT*&?rU`y>*zu@`jT8Ya ztBcS8{xeTP@#Ls&aZZ}g@E2`H8O!xM5Fk+h!0cks*q6`T#0uDfui3zWtF3w+|3w5E ze5Ur*V1mW7g){%W&r4JtO&2rl_y2s~7vUGg<3A}s(JWvYtkQI|WLaJ+F zU{A%$99Z-l>wJZnX0fNNhT%2ltRk0XBHfKA2Y|L6OgxaF0u=H{iA8QUqP=Rl6r8j% zkTF2u2}_(Z{zISAqkI{cvEm0yUEOnWA)=m*%fv*{6srXhq)xEt@z{X=LZ#i3=G+6% zs4tl5{Ldm9WvO0^#E7jwf9mx2T&Y`XK6l$<$5#V_v_HKVtymOqt~nr?p-QwR#q%AS zfl@u~R|9x0)YN*%O@7Z<#82P(n0cDiULbKDwWwu8s#KC>rVj3)HL{YN=;o?Rp_4gl z4!t|4G0;6}>|kxs9EetN8@b8@OINcUFNPJ?8V0*$g#lYg1|Aroh)F{ySI5A?)Ed?- zN)1T!9Nyvs8qbQn$L-kgoLVVp12aDIeW^ypXkXp>v8?!(t(R4a;@TT$)k)pG^h4bt zDAoKH8Wb635>%w6poR?t(==SjUg`7@?3yYwUj7=$L81P-nVO&xKo-;)OF`g& z(FwNmDhF%U(o|KvG~V|oMSD@auPJ5LpN-KHAvNTS*Y6EZ;gTVg9sz#;Q{vB9G1RDTlx7?xi1EnhaM-S`eo0x2zpN{k{|!Qxyw)Bai^=tQ5k z<5+aEnE1gKyd^*L;D-+vn7}#1XSUoVu098=qyiVeMEi^*oROxjbz|<`5rqI#tzg@@ zh5C})4k00=W}~)Hk5xBJ>-c-zekD&X2%&rAe4S`D-{KC>(4ZSKj>C_Oi(YgOOvZ4O zFQQ-8^@lj8zVD~PoA`mHipk{erVCnwaT+P3>4V{hI|Ss3u!mIp(wlh+@15jLzF_CG zz;LLYITh}S(;ZG;+XYvV`bjt&fex%*l;P!kTt5x4pmG;{p|t>Pb|!gLTH;{CzqaX& zcp6#za0ItD+4|8TaoBxBG&sEyGkaVw4z8ad9PwG?7A6-U$ChnGcrZo1(5RI&r7T? zdc+9AtW`a%{-al52NEohU2-EA><{ZRC&n?HyJI}N+sqS5I9M*FXgWs2(d@H`BEAb1(8)J?p#K#7;s~9Fnrv1TtBMe1gI*4V~#XEeeCVE&$9NkFeo+yD!OY44a>g>1V8MbWaRyd z7fwSQPcA_FCd1B(oovLmz_@HFJy`Xu2yzF{#>!G9);*vNgYRKdv_=43Fz%=Jg+2<) zmRyD;iF)6QM3Gr>gCpel+gu$Y3EW3D^r{_|)U2-53)OHcVWXx$V3OnCNwW#wlaN$%_Yy{!0y~9g zf#U6a19#CWw3~o^@WfUp`)dnDfGhBmy7`~QVU?{QS5#>}$Ko+FzVLhu14x|8n|yLY zUfSF#MgtUl7xp2#Ijigd!SA~8ma!|fbR4X6-UHQEES;QF56&$Jhm}0~iVAo4eSTb7 zdRmE=NBjD2(rMc%DRf@$^69w*0|M!YI34nl6{g>Md5%BNH|OhN91{77y#u-i25DJ` zxBhsSa(coV7+`WVJaQP|ev@$ghR;HL1&c6I8$v`3U-~1oNUwvu}&q z8cku=3#|oPcRO>EX5AGq@zsvcG71&g81Jnc?fF0ZnwwcJTv7HHtKh;YNu*6j{p7wJ zQbaaSq}5?_>!dE-g?J71#&5P z>N*<1OdFFl=c9>UyOdU+E-q0Qw)lG&^GU;9KL5uEx}+{6T@(@Z7M)L=!+EnaqY3fM zsU+)waE0Pv{S1ysP5bS8xXoF@*Sj8asgPs5Rj3UMa7;1Y+XPK3M(8qZydS^Kp8R65 zt3HD>w>sUhi?lhJx!=Q=v5G6iRDl-Hut}v=k_NTG=SXL*%ge=Y4|sJa$k)l?xPYrp zR?XW#;o518&gyBI`?TgqTFV8eg%B?Qxegm~A1sNMRJjUx$npib+mZ*O31i}{CgFqz zv&o9=MUr^!5Z&-^AVHl}9I&q!Va`8fI5tci=H+EhU(H{mjZkGk>&je7jNfI6VyWR0 zP^c{r#2nATlp9Cxb^8bk$eZ!bku~0d^;k)8h)?f2viN5xUz(rlgp+iQi%<#N<1pyA zRdz9S&(ik#RRd|?>ug|h*51R=vy!_=lK6aFgjBa>AMn-H$$HK9X&pe8Sqj6#co>rH zP=+Rv)o3P-`Cp6UWf|Cd8YmS95zfW~eEi58HUwph;^w}~2$aXL2=nsSgcbUc> z)!LD>CTD*zxj!VX3>M1hd&r8&^i|_b?aXvhX7!{~eM$M$5NNfRWJYs|A*PfBblTzg zXdD5JlWJ6gV!;~58Ou5!J`Js_ocj1uL+ZD*BV{!eC4peBVXYQgj#q*I_-7z>eMCi& zP$6P?Z>j|a&o9EjcO30&rtmNjIoAsx6`%4kg}&bA$BB6@n0{xDat;Sv)gR~v(|dsm znIhnSa%zDO88c5Q!pt>ezQsjHpBErFZU!%sg11NJiu=j}-bpUP%qy(>!R)foQvwA)~ERN z^|T{kLQb_(uH;f)+;G2y;8nUDjid%Yx_SvBslN;9KVuVBh?7&{g5bviYn+;OFmEXR z`>bmhK@eD!Q{KZneDHwfFLzCdb#L3;Po29!xI0|e5ikhbPA+WRjVYYXqKSv$g3h4- z91!xQKr}Q<Tl=#&`mOnEN!_ zXyfEw4kfgqM-%>)gsbLWJWwQWIcyKBYu$!K`#*kw_5K2YbZiUonJI>+run}}CZ5>7 zY@p?Z>luVSuMyLR7C&<|c&+m!s-kaNUhb@%Bj(g~gV%-zT^J|}3XO6RLJ1T;3frtGW+s*0KkdnZ2(Et`S+hL=A!w6ICEyI!DBY%o}A4?+)0T zD-0tY@RaIyk_#Z~|g7yPSd&&}UWe9bZ2SX0UdK}KA3ZE{K6-A^Zl>?h@9z{K#kaw`-*@Blzk*kCD94Nl4;wSh-P==&K1tJ#Y@IaOi^vfDq}}B4T%} zqOyA|o5cIiD=2L@Q+nI#2B#N@aA~eJ%>@qiZ{B~rbanf+W5fvl=Tqs)aTv;j_0+%E zv|JqMMS^&Z-Z()=;5_N|r7{_V@JnCU)X9wgcf<;JUZQd?hDhhNQvNj^P=ZvX>4&kJ zN+%ca#DGwHGLZ{bc=rd!rjxf5rJ_2MB zz5=7wFXOtxWPATwCgA}FfD}vpW`L;JQk+@`M&}^9TE;XIe)ub++Q=_f#HE*XMfkts z^NNoBL|J{wNi|6$8RWY*KvoCi+U=mNNl|z=@v4XKfW>0d#%f%pFcL$T#Wz~)73Bwn zR^YcyY45%HfX3bYxrc|!?cvu?rZ(pYZ{ z1&kg^#P!$vhpV#UEA03Y(VbilK49m>w~ar;yiqDSy^)$Pa4qRF!Ih_^eH#_A3*!n4 z8c`zS0?4}lRCu0FX@XEX>bOAu`W`i$u{&1w;8lS;`TU5AI;Fty-x*9k&`8G+8 zk)2OawSqZOvi4pBWx1S9Z^EEc1qoHCzE%yfY!TW*qPJJsNN92^XWi4J7Hg>jg?wXv zJv&AXb1MVKCvQSVSbb|YRUJfqB#EBT=SaVAb4@@CQGLCH=gFoHx~kQD0yU60}^(vgnSNkj$dg+kVD9u z*i9Izg-?~atW>3CDXexzCv5fm7a-U7tl4WXE@np}5QvZb zLGL@&g|ifTQPHP%eWfSk+T4O)ABkLDQJx23W7lVYnlMwN5#xc{s2jc*OT>^#o;UsHa1)bWC$`o}sU%J1!4JoPI;q6|q9%Xa0j&O2ShaEW*7*QTg>#YkbbBqM27db0Uq=M^24w2W?%a})_CYpR2IE*T~w?k?uz1JYIr4;tH+(%R0~b$Ch|Q(wL&0=o9j-tsNeRG zS%Oy}ta``vA?ud*Pp@;bs^r6Y8u7C>lrECIDSD#W*7$ya|7>*jGx(_U$I6hY{$+3E zA*rz4%Ei@RkyS-ucoy(My;%EiLNr8gGz7xi6gHGqfPb5oTK*v2^O~cX=vL`joxoOa z(2r=!_g%`7=6eOf_;p)h!F>Da-9!D0MEUWB%Zu~)0p;B_M?^Qavd zv1d!8PqKLqn`J=NR(s|h)d9jdb;KtuDqIhwILK~=GsA^`FFP=) zhMSL=aUn*|U$v|_!S-8|TM`mxC1-u=Frv8{<@B{4?|6I$u8PTr1*V+JcRU-;vsdu7 zR82iqDm|+q&9Z3ZiIUTk!y@nm<@q`RrPSdetILYQ!gxO@4F$N*g;?eYh?gCd-NBf#Qt zL@)EA4wX*6Si$!tw_{YUvHHp#4+Q+88;4QtSy$HG2I9WkHEpT$FA?3#=UC@!2WS~M zh+QAa2y%XNEp|8ThGMIOU!kX8l$~U%m@^6QayRUE^syI=2_7r;W)TNc$==Mc(Z7U? zJniJERTT67p*g)Klq)~EZjNJLPa8D(E7Kk-x~bJdO(7FJ*2TwdF^Ni+(oq;u$_AEo z(Y<@+&kn&Zv9-dWHCDFAg1u)P7R}Yi-OMsNu7!y%<0(}d(L|KGdK&sCBm(VZ=?ZtD zBrQ2870oZl5-iSAp@$L0`0Ahb?Wav1bnIul1w}&<2r>`fN3oKZy9dkqR^%ySkLd^C z^AEajQuG7SVtJi2u=l<*Pr?41wR<%|n7Z|j;%5sUu4&;I%b7-+EFisW9y1Qj4$^^M zuMRdFS4ABh5LoJ;%~Ax27>;;RW=7PFA2lYIsnCIP<08<$L?5i%VCrrTgZH8a+JwZ| zBU@9-P_PtdiJN-a>qIt<+_ZNgvHJOL5S(32Q)Kj;_X{?wrb(kWB~Nq=pi@G{$JA-h z`sFS7@JuvyM|OTYHUw?svJ&%@Xr;-~5&pDnJo4cPKsm$Ng={jPBSuBM zxV}yppsuiu9UAf=4-#I(R$mEi*xK@XJTe-lc-9q80b!_=@oZB0;8m z$zTw{2?SNI!!1#-Mg=VDRz`vH^RJD<`jqsZl{&QghhGrI)Ik=B31z*1ZH^D<8nC_Q zzF#6|onY9+e_1<2J2+P8leTT-;o+fXkyuGjA`aKo_g4_!x8 zH(kTmMr*Z?)TEdJvqYMdzTQEXIHgZ&REU#~W88ZLpqxSGKgw6?sz~-na2KolL6C~%RHEB!S11dP z+T8sr$Gq+b=)ZR*^ldZK2PFyOzeK{QVrS^wkHeb5kz;T;-PNU*TJ|Khyfi8D@1a_%3zkz-7BkxFGk>Ut; z!o$@erTRk)JA`t|V4#M}ahr_twY-&}!-diw9f*m+r5})2^aBPO0(DM$)0vg8}72di38xwP;dH z)x7B=PB70TKO{D85*GM}Lt$+TI|FK@CVY1-i$%yAubk(7Qn~@eCAPa^LexeR4#!J- zC`-haOD|SbQpb~oWgtqTxc*7`BR{1q_0j(87gI?4yuKT0n_ZxIVr%~wR=u9dW1T+e{!pwm+qztiOlenH^a~r4R;U6=)PZ{}gfRk(eZ!(Z)WgI6{ zZq9N-@kC@GXEazdvZFNjz+hYvxU){`?Z#^=zIW`7NHa0HL*WK-v1auj^fLNR zWpa_8Mx#H%K?Dy-v@V*M!LTlIw5Ob+lMlMfJd8pa))ZVIZiW_QvsZcBkWP!NMIC7} z1W*G`_N-Z_2NxxmoSfJc1;c;lsDBgz7ruoctBVURo>xvNtRxs^)nqn_bR|O#iKA#< z#cp1Fidx7yLksB=zg4y(`GsqQF#y-}3r)^cnw3JK@jB@A*ZI_ivRsvKk-FOdnc%Q{ zNGHXu-6ocnh?`}?&$g&L(~=&4IbA&VP| zZkcu_Y$ys6lqNQUeA}gigGibl=4~N_p94_WeTB_Ktp^PPt69bp+DNW9l&w-!=Ig>q zWWm?@EF4UH%&X;!sPM>xI9};P%eJGey zg#D$*Is)CyJCxem6w$Euej&qziy}Xhe0oQzQi2Oa{fct-US7TAY+2YlTs|!<^7Vj= zk;QDgw?I&hHXNaqCZR%Mws7hh>pEDhU^gVI4w$=qG00RVUR8|1jDIlL<{)J){*#G9 zSMx{l>G5p+(iDB1U$DzhEo9K_qxV5`j`042ty~dfI-nyzWJ9-F=Bs#$)11idHL-Pk zzi9OhQ!aJbJ%Yvv<9141_&3jr=CW0pOogv9t3BUDrIYkrqV>a$OY1LU8e}JrO-a1m z@T&K;dt0=-aQRW?edVGopXBq<&+m3z9|?!$?5=rz7Tpe#GQoa*`l9%q1Cg&VyTArw z^jT|XBK6|+A7&k;ZaJXz5hi+lfJGE+P$ZjLbp==2V4g7=A2Q6ykA2oNlua#UgO<{L zYLCmMe+S-so7<6PSNj&1K_xvG6aPT7)ty-|>cw{cu$NM6{M=fPtH@|+9F3A3koCtS z_X5;&mm$LgLPy4D`-#p?gReIw|J%?^u3+TT7S2^d{d*r_C#dW`9u9QjCc_WGY zI1kW^7BDeW(BzKPbu-^w+p2d@RcU8wJeKH|Gfrpy)AHNhFXiLVneO(uyKpbA%TWfo zQR}FxlLfrQ@0s)+-HC?Hj-_YwBB+_}8pU*iuDONOm7KFMeMQt1Y=Q5=ybG!Ry6vJ_ zqzz(k!#66^1ny}qI!S=YG z)K4G;dT;j${u;A9nUGJ~m^}Hk%8RQ=6B>kF0ZWG?!J)UJed8ggHF^#A__F+=7CAYRZ@)0YN6mU1ZQ`=ztTC2!KMx*k%AXOs*st3gn&P<=NSKG=TCG_S@RprbO(z}|I00{v+4Rqp$*t2Jj6e2&AuU6mDPR8!H4I4pR;Q7@I?#yZ8Mo2cI*8!C9_CuM(K z>`}sreTP6fkQP>t46_<(@cbN}U?B^#>AwI2D)jmkv8^vtztQy@Qn|p7GTt`)J3RSO zyPCbw>XoD>~e8^e44mFd0oK47`j@Kr#4zMAcU#@#5uawg}Vr9kq z!q9V#?C6aQ!jJ7fB1tI`8eGWRkkZ5VNvy&29+$h{sNpUiz@vO6 zTw!U$ClorgA0+c~G|Q)y)eyc4W+cE~!R<_8Yf030v4yzXVoh@d3x~DcHpWx8EDSWw z6y|^&nybRcWlT-8uY~Hw;^z=X9koh4mm6(AiNvK_l z6vHO>TtUOKBT6;aGBuWhI?d;Az?N3_=@mNtnpZFeQSD$;7^bYvJuf|l!98$6C!p~& z8cNuTy?n4-!;EQcU%BRCWf{>cA=giPVSdd?@fa)_s~?b0DNhzKaQ@3*?51lZ;s_)$&=m3a#{NZ5snnXK@<=6p!L*!R51^hW3p14?f5I`FvZE^94dFa z4MHVmO%!s$*e@rvPicBWDk zb6B&buKY}PJ*p2EdcvD;##?a%Dh%4uunE#%wQ^0MV+hV$)eLL*mydlQ9uFga zw#2VWEKh~U_5wdvLP$H99o5ci0acfjnb=md{@0tM(Sa-~jOj{~<_|PPkJ&2y z6eg)r4__ESbC7AQ&Sqcfec(Kv0*R*|)${ z2$!0!hk5$~lbo>5^gpOFENB5QP$W=jv2iCg9vLfnX7ct8m;Hy0oV(Bm_0Az@K3tIe z0!(MK(Asb<)uau97|P|sU76i!TywI7sia)qgeN7rW5nK4$a0t*FA3h`!jmK014Lw1TPhAWXuuxG5dnrY&oLLPX(l_z3_5({_^dsx!0xp-aFE$DTV_wIE+< zm3Y3e9kmkBi4hot{6iM@1#v2+g4TWK{dhq77N<$#V^D6Bc)G zW(}kAI7pVDEU64m44LDeLr@WI={j7 zSRW?!fy{CC>hFX8yaqK0eQr~TF$=}bl+8ZfBta|-K@3s_0?e7qS8YTFUudH9BNt1c zNke|JvJzT&f%9gvt3qIDeDOE0rQSFtN-Uzw)Bq-=o|U;AA&Hm1Epy~EU7^-{+-O#Nx4HQ!Y`RzToND+MFB2#d_qPqf1DAuOAddBy= z+%Tp0Ae>btM961{82T+Amc)SEa5a?u;vhkI@MCLD5F&9_Q^6})e|N2j_C^xC_6D#D zw`)WG{T&*a7#Y#$SFpg;G$=w;Is}BZGSnRjCYksuC;V*@i+6_+G>6>yQM~Y{-$0}A zz}=UvR`#XEBI(@~4+Tsi1%fMI4XAc{q+%=RVlYi5yY5xVKHy)V5jLAroo@86e)c_{ zj{y^_RhV`$nQ`M|#H~l#%s3P!{Z5Jd+w&qZ;TTIN&h~kmzTc`?%H^G;g;8@z5mqE{T)@zVmB2Cx6 z=++0TT(??!Cdj{6~LS~4`$yLpkdK2AfxL{vhY1iAcyu?MFdPHzU__W{%J4vLOI+B3ek-A`e&WKYcV0Mwqdd_4c&&x26}wbBtJI1d z&#G0vNP)bHQdkV8SF@97O8&L4_{+>@n$LOBy|D>wWp{l~@c`ecDV3~1OEWkS6oN?H z>BmJELNhXBOlbqcb;Zmt(l!h?iKRmFN6+lqPOcV=9>jRhPq3?wtW?U~R z#iq@avbHZ*gEXH5xplwkY$3Z`3Gfo&AlmR_&>PIIpydfE@H!mASKOS=NY9?t$M`nm zibS|FC-j9+KO;A81yZPZ?;%~c@&KtZ-89WOx{BfdScayvaz$6!zYG~4ivE!zK)P8LiL+1B? z-YO!LoM^_Etw5OiaxIdjkYB3iGQEZvH$)9ye`im<@x>XV`*yO91xlrVe-e>8)2l5i zleEEL@W0u|c}^la&Lb$P3ye6hZ-IDtX^L|(jkf^J0|M)YEgO+(D^WylPV-g`Pda5H z!Ueb}%11yRmP_O|D?&htOsQIx?Cp{-@|qViod{(p`tT0|UfLX+BRYmjMvq1D5t18mrEN8v-t3dq zeUyQ%fPx139x1+h7`44GLEp5p<#4%g+VpkTB;3%_1d2{ z+e8cz{%_dcNj6UV2t+e62!R^1_pib3yB!O!~$LK{e z=Rwx&Cy>mS;PH2lwq{&nD;{E_8V}{_sjgkzNLZm#eZs5;S6rfzsiIL83hT5Dmudu5 zMoWJGHBC*vE4eSG80Tt**^bkv5Cj&Wtclxpdh5HOYxOEM6TQR58wkBb-5CBpxJe|~ zjiOzFkbrF z-kXc@PPzFm1p3>{rQH~cf8EwTsQpoYo znh4#-pAEJpn=h>BAWU4@)T=NlB70D>6;7~s9_!kiEg6VwdOCTRF&Ir<@sdmJ9C9jf zI5d;$H?We8lpUS(7Nei|+EH&PV598cPtrOCdFjPB9YFe6888l~-hAdCCGVCB&~(0( z>nj?-*mX<&3^+t84lMG$g|f#Rhx8(bJSdd^pFo60jE^#Iw{Q=xF_+=RV7#1i?03;^ z_@bBe^Ds4mA?N-eS;3Mqf8`#<;V}#k4iMe+B6H0)^MvM)xeNy#P*@a75}Ljb)<0{! zlE`6Kq{}C7{#Zyj^*eT+wfAuXOJ0szTd4*{J(7Z?1)E*k9!A9e=Fl;B+93ZJ>vvIm zCt_{zD3~q)NR4e!4#U>y>|^<#%~%TFTn?%`PPfgMJNY;gV+#ycP(68h&ovvv;dmil zH54z=l{bh&FT=SZJ--4p4<2jDbDr~0Ldn1PY?jv0_F1GY%1#xyJDt|?JhbgFR2G{; z!gbTo6^cj3(`z^6eSZcsUSe4w%Uv*xH=0=lJ)NIG;j+P3fG4`_gt36VqUWrV%wWgF zOxqDt%l?jSMq|$K816}O2pj954fEdnR{P^eeQ{XSkdrp!qm6AA20%b|=>r6*iGnu6 zwKvxBa)Wu%OFG5U)t+Y-riVMv{n)(3UQTIhwi9-3uH`5E<97UDbYe+7#^E1RfF;`> zn28=#P-`np{h^T(+{#birWZPCzytCZ0Zw4Vve3Ah3S${xBt$GB#;PFPuBcKEQdUmw zvCSF^aJCOtwSktI{d4^z=(^#wY#&{b+M@uzZWsXr4b7RX%{Ze?7tp8C;bQZJUG?CiX{x;694x#fCZ3jDG$ulx7+Iqd-{}+ zOVr2?!0`~j;Q_&C*2J*~*n=~1zTYfCsi7+rfj$OaL)>c$uj~~}n7P`cl3*k(St`Pl zAX+U%%I!LE)iJ%$>$Zn7W&J9TFuKSa4Xlf}o3i7TH2+ zCCGpq>jCLB68z(armaM@nMURl$;AW(#GUE<-P=YdM#9VZ>*!ILGC4B=-ZydxRmK6)BLVZvGTgAL=pwoe$GKY-Jw0Ml zN<@zVur`PAboJ0iv==m>^s=T5q%W$ZX6<0xy6|~cA@5E;GFlmNI2J3FAj3cjk9}XA zhhnUa{&nc4!6UYuWJ7L^GePyQ?9A0cMRVQvR?3LHmfj}RwZo#*o@-CpNSr75F1w>t zWAbMh3tL8Y)lpF*mH)7r@7MrE`G}q2^9aE{6Niv$qQJcpC!cA>U8y8O(M>;)mVkTY zDI}StJzBck`7d!7x5<%XbxQzJo}3|_%pIX==6%4{(S&PmJ6F$L$gDN=+Z9xg$XHf% zVFy^n7n*)HCU3=%%B6SEB6d#TqF5sL`vv3%Za!U>x>Wh*<8RO;S9BUBfpyeJKHKVV zXKKLiUn28qoyD6({FR8>d|rEv9j6pC8o^D~UciayZLZQ08rduDOmcatvi4qTFo|i; zZb_oZjC<7)7Wabt;86j(xWbBN)g}iP4X_c{6j-7wV)EiYe^>S0YBiLcYaAYfE4?N- zw+aS2&WR5s9KjL#lR7YNmDtFfPlvyJ0J=h%Ehfo7-{!nxPX7v4A z<=r=%;?5XRsslMDM@LH7T-a3rVy4PaFg+eiY^Qehe#wF#WcD$WOIFAJ-&A~j*{fKQ z8Xs-$^?%yKg`<;11>cr^>-7bCr8zoBqA zhAm@78z9y#<7hIdlA=j?VxP%Ak%EXfEc*S}?f#5!?mqLDucfFz+~qfCz#TfUural3 zBd|B{i7B7uGgB&|*{8Mn6W}D^YCCx)&#=U`gtP}{8^|OUKal!)mFQQ!Xuf6pHv_^s z{9dJ#*6C7m$i#XkP7{=gpRkM9xCn(i3kMXy{F&aSBtcTPPzCQqkp@*(&0 z4{7?&@JCOIN@i$Oq`FLw+`$9(Bb%n1HN|>+7y;I_+S$nK!8b$7rb`F3QdC%`pEI{F zkbzH28mitUrFvbv(t203=E8a?%sT)Q_NR&@_|=jw>u`i=P3o1)RO^9E;3&%~Uu5jg z_{6^+93yn#2CScXkA)2SH<@1|azxwoG!}-hZA{PK&qDFAtL>n%`WXZb%a?zH^wlzBVmeY!nMAu`RWpdgd!k;1J+RbX0E+OT!r?xh(+z89=hOXRWfx#@ z`~Ni#VyO9K@=rp}Hur%h+Mhwg#7Gvnn|3ky0MH;YWreh!)?&QMO!Req(XsqVw}OA5 zG*nglyNCBWEck=sV$jrXu%Hu?p`VB%SG33T++GMP7J3gb>)H+3HUa3h?fiYuolGRv zbZD|%WTHBbG7YPuQo&#Ra zrxBscm5v2?b2qAi>r@dz1ffR9LC1=M`@C}up(!huosqsdWUc$6L$I{-OF-zgg5TQa zIZVBmV+dq%Ps{8ce`w`>55vQL^K&XQ+o0=N-Mv{-##b^;+njKbB9N0fy(K$&n($UP zQA3Siibp}&HuDdcjteM40bX7(i3vt64 zrhcfM_i9WoX=>Rx-iBR2|LnjB96}E=#q3?|kG%4xl5BX^g#UvRr-Y#Y+XjqShZW~n zXv+144b*hUwzCm)=%^tzOvqOwXAk}-`u%-$N0^24yl|08}27rDO1zq_JX2b$x#)|UJvJp-InKm_- zPbgbYg6afY)1E0lw23gFP4|c_$1LQcMS9g~f{wEXX8dCwd<+XYDX%J?=xHeK8`?m} z$8@-4t{E`Z*T(CjOIL=vp(wN(D*x1BEU zUgnmn(o8cn5IKay>|gjgyp+)sp_*T22CfMDX-dUg?tXWCb+U(c9fBu z6Nl5Ey_@GDdvOdLB${@Qw3AwLi#BNEgW;B2A5~AC@1PKwDx^7a#&%u_PNK-+aq_qs zCpLdCAr}(*06*(>pSEp2G;WR&PCuEpC0SLyn1%W-vlP`0w4vi9dVp0he#2K-cTkng zeXzlsED{l81?k+S0@a1CZgN5EG^)uz<@Y#A4xfx+N1kzm+-ZH(Sj=P^^dlNf*JhuB zwP@fdUG`=KAt`m!*!WJS#xE7|Dtc+4C9;`GZLG_SC=E71IH&gB_<;>w5EpkKUcqYyVn2X0`( zSx)E1^C}U+6`&J(egH7KO7*I{iATGG^gk#4pY~7)Qv=2B8O0I4TxdoU{g_H&DOEMJ; z{i9rq*+>}oiSM&H@ciW;&@S40VlFd*L_t0WrPu6y=FRM!ibfV`E}?BY16pEf{R50R&qKJadyLOD5v^MPUOVAB{Skc03^uM0Woxf8%;{-iWb?6Z8idOd|t ziwJr`av!b!E@=FNIB1Pc{GlXr-QBMppG<^KTz#7n6^_wBf9q(%w@lH-dEtq!!d1w$ zWun=ze3`olHCsx?E?Z+PyeufOd>Y*-xH^|cz9x2!pt9Bo=Rl3GYxA?NO`#uGa+v)s z@-K6-g^du00H*<~hk780S*ZT1s#OQ@Y4|e8%o?4I%7qb+NYdVi*?q_Itt4T@VDLFG zU-XsWadivVNvYL(v zxHP~f-Red?y~$1QrEh9XiddcbqHLrcFICg4-OJx)Dgqmc!V6H>eV9v|^)h#EG zn3d^0&k#CsJ}N`=b+{*j;-5zoUdYY*{;3{Txc#a!gP@n9red3bbG3^Nn{NYS4E-GX z(x|;;y;bWLdM7@?DvFNe_w}ig070d`Q0|l* z-w=Jqx-q;bx1n=AB`9uaF!CJGvpZU9Fgd^rq#HVTmi<8rPSnj)0-Dq4p*V&($0ojj zWPihtxCTnr@)NiWp4g)q)<bAS6np z9RIbq--!Kclc3ZQhBqWk5nXzZX?)ED~3Bl~} z+Qv{QRY)MoTUE~MNe2^wRHkdT-H3vaO>H%)hM#N*XP|@H!=$x42Fy7 zF{;}>7sP1w(E{IDRD=AI6@Hq{5BtFCD+)VD8@T=%+)J)+E!fIil`mg=@cR^6?8nZd~yz3m)~X#sc?2({Zss3BCWW!wXV|M`g8wn ztItU_Z4c!$)Lv%I`fq77Z?yao&aC}gX<(RquTtU;fh@aOap4a|WqUP?b-upe_j2l= z)^vUaD@7M`l6rB4)bH1JvxIhSje*+LNUQ?CJ)9GX8(KJ}`p%~yXobs7P$r!k=0zcx zz^^4;tTJp|^TM+yPG_P!s>OP2pP-{@F3*Mw^Br7jkcaOFP5fqWv0)+s)Y`&zsU9}G z59Uah=Ene;EjBfvq7SO}eBnGQABQ;Op*lp>fZw!7TZ<&xY8rAp-3Ys%ADkkxMt=FB zlly+UF-EQBPNNX6^QBy>YXkypbUyrneG3MfEAWuao~MjxdoLDP+uy-d^_ePn^z=*I zXM9ew?R$bsszb-*%PaWL`t@>@BAZGq&w{(}Eb)IfS-1vnICZbhqj*^)GMKRkm~GR& zE$I=3x962~Lno)*cV%uCG|#H4KEb1;wm@Pmox(}YoMWLYq&Bk>2a+s|N^Z0j!h)IT7<$eT{5e&i|( zDLs8U7B`co9~7kThv;4@&_5^m`8Pm>R9LG)<6@{rFbn*~I8*7L`^b5ftmxvDac&#OznNPZd%QV@TiPLMssy@V^97VhG8t@6NDe5p1!GeTirkx8p}q->r4Oq6LdL zTaq5yC1y)E{t{<){{VqZ`(Q@M%Yb8GyyUGAY{_mWC#USTdbPr8v;gQRyVrBZ{r=;? zBOqU7wJ0lAFkcQsb_Uq$HW11|XOj|tlQB?kzwnwVB5n!8G9ukYAz`tj)-#4)*H@59 zY`wzqIZ<|*rS+>HYi$gWJ7au9=N4!w=n+g7cGAG7I1Yp=BldVY1zk%WEhn2OK&`J>*>O?TEbFp3|Q55Y7zio#yq;FXLBG60QAl=&r4d`K#kntkJ#kLN{P zQ&Dp@Q-B|dL>%!!{*c3>U7X?hAc}3h+Arp5A7#6$CoZ<08@0Q;JvW01yV^1~g2{+G zectC;r}K1)Y;1>8JqUPZN!ZOr;JkBWwMXYu01kfTT~mr2R+44Y1g$QA%6QWTYTH@( z6d+b%v-tQK6c>@PPBNK0U?oMr(3n`Eoy|o){1lBcd2yfUUJQmd?&v~ni7mntLH$ke z+7m($M7Ouw8tRnOAE96UO~DUuHu+ z>YK=n{{&5!Hdm06j})HrC*M=Zzy_{ldd|h^ScB1QC8d(k-h$4YoyWJ6Zh2X5%qO0^ zF_LiP;h-s=s)H~Kw?yWJH+32qzaBpdT*&Cwj(@|4e3B%syp6Zxp1WfE{YJXZ%Xj3c z>r39Q?y!v0H@4n(dFYtL3;Rc5YXnS`vI&+S_ccEfi_p0O6hEP}(__ecEW<%GS8hIx zSHvDLOMdm*3dG58!lTZUbp0FWmR1z_8b3>2(2rn@YKkh#+IF%f2lfZ=Q+QcJ$M7TI zx)~1RAc)9Pv9E9X<3$!EoM1kJgu#_va~D&U19Np51C>cT@Tmez3jjtZa9Q8&YG zg$YG!EZkX9syCPzSHP5?iRX#VN#Hj1C$$WT%sGXS7@;aW*sBSNFw;A?8Y>jj?1ZcJ zvsu4|YR06#@@NV&JRek~Z8*h^t%ecAx3Et0>e5N9M%Kx-rm1=pgA07eLO5C?X#4=s zBnRo?FUZeh50xK8#v8EFB9BCl>>2kseY&xKcwhQ6o8MRg8KM2$l*$?kNhXuWV*+bZ zL7d%W%UF_^qLC$cyGD4~NN_1wKc_n(e9>@g*3{0R=(X#Q!ofHL!7&(-Yx5=nzlq~i z4V!3#wEiw6Kw`o=QTEeyC34%Q49GVC^WsZ}n1asy$t^ZX0sj)AgmLLg9D;S_m2CK2 zl&Gd<%2%#42axyI>6G1k@LZ#1e^`7*O>7G`^+?f)k35qd^ci1JcvIf$$fs$9~`WU22_V>EitdAv7K4{pV zq0{Sfz&qWI+Z;$PVN%#+8dTTew5!C%#H^L?07h&Is_oJ?6_7`FLxw;pVG!CsH0UL- zRPxp({f*iApQOHdRo|A(AEZwTY zm1S3iF8=%{)2@U{cXrfh10pxc*zY!MDG=TqA$Quuf^wGVe%dy8rEt<0whLCboH3lu z@R0sh~-lNYdnz zoU2A4$7>Vwe4%uVQA~Y@`3kj8|GUZ=sgR9V6t=Qnti<>jg5(w;R7b_kqlJ6w9&D#R z<6ijGl3}z`BfAyhuQbyE@uPK-h?Ek%`X%`@Qozk?e^u;%=i36P;90h5fOUJcy>z{g z`Q8#<9J}4viC9K#W$2FcaBi|Nh_Dh8-dz14L$d9nWDbte=mBEt+eXP`mY(3wiZ^07n=hOAXszoe`HJH9us`k<=z zs|f5J=E^?yy(0|2cs2;LRk-x#at!Mq0@>3vAm)UZk$7AOET-8N+qu z%51sIa4MEOCaEORyec*{;Em-fJSf{B@dwrR{z;9ax&1)#AA&0VvEb*fATTc$y-67* z%haV8PCXocPlLswFrF9w5wT~Q35{fDzv;1_rw_|!obSYzt|oX%E{yj0>+%Cq1m-c zbb60}lN5^tB6f z-s;bEIz0lCdP)zOvnf4Xv8P$jyr~G1-=*Blqh=}j@ z2i9>8yB|hHI?Wa0a4V5OGE*J!(lVQ|3K$6gmba?JS3HJ#*fJ-Y#J8`U?JAfJV==5= zv!A0NK3w07jx#_B*iMT!6foV+Z+ceH=4YQ*m&!?uAbj?hHKKufJ^tcq34Q`HAYNvZ zvn1!?^RfKj+%NMc+9rd(mtY+)LV1C+vz_}aIwngB-_-6cI-DQo1byiSjdCTEL_)mZ z8jBk`1%5f%!EOil+GfY)EAFeu3V{?Jx`1@?F!gxnD&32nTOfMbH3ZaFX9Z;NxNZ(1 z__m9R=+)}kpX@F14hL$7%sT~@giYg2K&LoUrxISmX_noe5EPhu`1V%HqKLfq4Ht;FF8=v* zr2q5=>I^eI=)|>w?L&)5{a$%k^Vttg>zxl`N*0uJYOLFPlEwoMo}c%P!bPd!*Zdx4 zXejYWqyNz8^nBnrg*k-6)N2`rnkbQ=7$$SEab{p{dG9jDkdWm@PGb+-tHU5;>;@3hVKcExtj~Ha}A?KJr4O{7uxeOXxZRd~1!Q z1h_jKLw5S879QYo)ZML8R2wJZ9u4PSKz*5YqW>Ll{7^L;Ilnx`8Z~Q)L`1k0`hNQ- zK>06Cmt=iNgx=`T-0z#1NGo8nMU00uM%co;{HSb4yg&D|veCdp^vJgb&>@@?z(8j% zk5R#2*9MGk16H4?Niw&4&n?~OMdCdj-GQg#*6T~$c=e#?EZ+l(0!*y0Ih=@M7>}e1Y?nBAE~0;QLg-+s+*8OzAC|boK^JV(%Cw9pZrlvFX$ZTb3i9B zai{#2wfn4ZC%_E%gr>=#fgRwn_sQLVv?)Ltn?(cRjWv@#0b5xdi0soUQ%RFdS5e+Z zd$UEz4u|4pqS!k*UjeM1%Y%6SQ8MZ09&6JHbu9~s$+#pDSN)IY1JwkN4RF?TM6Rpg79 zRUhKfQH%V$D+Y7j7FXW$i%#VcJYze)g&Vea4w|OS5eX>=QC1IGrtg(x=O?Q=4F@xe ztmNg@ESf84Lnd>P{2ZJ2?@~X(r;wYZTxOWL@3UFjjaoqyF9j`;dUm@&He47-MJ@j)U5)VRN=6W-W$1$KdT0U|=->R6j1_OB%@b}LnWNCIFEkY-NO^EsYi8bCy7S$(YO=iMQXM_r z2!`jOi*|-(2kI)@FiH9v+~*WmSJ@Yc#rJ)`#~*Cz?%B<(M{76ijOF`xq6{j;0_PLt zKM_&Be8lc#7u`A6K6~DL9t6PQ>0DWK%TN-sB`FhyRy7<58vw+W|9n)mh=9FJ?qiA! zo|^YEf7{DPBx@Mdce9%zaMP-S>En~7qQd0C%mz>La|dN;!*U~(g_WmGJE4yZ1a&hV zzl)K{P}*||Z*t;pErMIkuSjus{UD2R{NpHM=(#;`r`cTv{*N zu$=x?T^=dS^^XP{W_0wVxDKBh^^3v!2?CMakq+x z7F?@EK*w+VeX#Ay0C>M(V=SX`$+@*#DI~gWntYD<=EkFApqK<6DUDH%;(zEY_eKK{Re1}+_U z>F8syO~sh(TZ|uFrF1H0`6}3EZv>C>`{R^H+|;xxr=!>{d|XAJcL|N1(ZjF3li1&; z)>o8Jr`1(rE|vNI_>BLGn%et(rajFK7Az|EBTVn=kdNcV<}_Merl}cKhBZBk(~qu- z#0MvZ22k3r=eKH;kQ^iL2`o%9dFZzO>@hgW4*P2#hoD`9P1tDr@UiB>9fmot49VB{ zlyye1742xn?=MRV5 z=xXU_0=_E*yp!>g;UZYXH?lOfh45%WEQ7t0(V!hC_Pyijc6zlDiMaZLs8Y2K+qC3G zQ^^0rr-7ydzN2Xb?C^}7h*9M!=%r~B1D!#t2NwLsw9CPS9VDh%taa|-DTu%FL%@aM zrH*xvqk^BkeAu}_+KU0kk1by3WuCK;R-<%ZQ9Z2XdD>6UN>g7UForrixM*&5h0rdG zbX>B0)8$xlF|fqK%*7gnHD_s1ojq&GeSN)D7yS_AN1@f-nbVYRDP=nQ471I|;Md5s zoovCl32oom$Ol3ixSRh(Xhh9spbG~%S#AkkR}{KS3Ce@RTEVQ!q21Ilu}R}i=ZCUeT#;o3!`+( z9+?iQ3)i{AV&^OrP6_W5f2^BB>WCD5nvFjcs%084%OEY!;Q!HT960fNdxT93$chxW z^;Yt)&NUcB8wBtCrOm*IklxO?gW#J{Xyzq3pO-#(9k{27Os@(P{T}-F8~sEfTvDD| zCL084DND9x+qpEBj_rz_SpzaI$Tjn0H9$|Lr`oGHECQ{F@SW~pVnxAPX&jR_cun8V zI!=#DXAxOa{o45=du%{$gdtTQi5L7FJ$Q8lP1iI$7b+n7nYMqu{W@Zwf~>ZWBzX$c zKf7kI&*e@v@bB7bkwR?aBsEg_oPZs^RROb4Zxa%yyB`6sCP<;7Yf!ZC@NPb*u6Hqu zlG#oqs$TMHzv8kT$Qn8}C>Ul2f=II>Ds^hBGCczTz|XNfYT4m;)+!M&Bgk^*CXphHCx?CZ!kJ&y41lp zWGuDkYCF_Vwp5|P!1>TpRPDMAW{?k4P$-o?KSF^`Cr1XNG8A+LuzmRR>&zQCt`g3a z?lq9w%!X_ie>%$Q21b5mI>z4w%|n2r<(fttCG8cB?3-j>%E~ZpT^|Pz@}D(3do+f! zWxKh*%Z+b;k=^x~1+7JerwO z&_d1@q2@v@u<8DFm#(&4RG|P;uyX3OqcMGNP`ommy^DA-iRG6nvE(;jyvT93b4msb z0Bee0-WObw#`D#YN%NIU%cf=p)qU`nzo?#|kqhNjjVvJN*E;RO+-h3vlK@B~N^`F^ z%R|189s1;_sH7aYhuqMoUv?tDwG(htY8~)ffLWN^fI^+(rDx+DYjiSQ_`HCeZC9xYjl&R71FA zlS*}`K?vy`>(4>Umvv7HSigEJB_JS<#20~*ayN0H^~NY1+uEC+$K+99ie>7bYQ}TR zloKO+zQ)xa^C$lJrdl?S$n>5`s!AVnun%i0`{UK8vuGWKk~)0}h^G@tZ|RDE4hF&f z+lb-}`tb2K1SVg2yzz<*VTy}LmZPw;2pK@mKGqhbN zHEn)bPBtf8*)hD6IvR7n?t&WJ8lq+NyF&dA1Mj473&FdWu!qN_dL-I+4E8d{jf*}~ zBf@IJ`)|*AMKlrr_N4Yu0+>8yC0L6&AIzHX>WGzoA@n7h7=`crXu0+EB$Oy32hjP7 zUBD``p-GJTHVe*Q5%E_x9OgemVnV?1%?8{c$eu05ik-Ql8oYi9-Lg6}pf{6~hzB^^ zpf_<|^&ArxEO~!ONG4(O&ObI2(Ap{Ss}3E=Ibz~#C!OA5=Z@2A+8#7|YCs2S0@bV# za{(MEljl^)CN)v40CvTDYeA<(E7VenX9=;N1h%(7+N*o-t>0OuusjV6iyLw=c~~1^ zolb5?bN(?qNlLnB^Ghc1_nT4*@>ENam6u}RmbR=m@{4V`+RYQ{CG85w@=xcx%Yo|& z9s0#Yg+_;r{D>DbYiSK>W@fvSM2PM9C?bMLs}~wp%p=Yl8d6yYgPA6_yks6iGx4?H-X_R6rmk!>5VH$t z=hoBC)YX?jZ{Q1~5_M7(mI<1riRJxg*z?gGWU-OADnAbaYp*xUQhT~*x0pd?`22wL z4ZTVMp=4C^lu;%2HB2t@!9pALyZ7SraGFf+AqZqaH6M~0#tXFSgB72Lavk={kaV)= zYWMTmikbIU5u{KV7#@B)+UVxt*QsB*CWPyRHv#q0 z?Q&WHCm~L#{Oj}1x17MxQIN>)Z7Ep(=!SF+0YQj?vNJ%R?V9aiR=t^wDpS#F%5ds& z!^v=SF|dhPm#a_Og*0*+rq8yAC< z2LVj2F@fVD&ztCnImrd$-;9rpF3D0sKjuButuU!#lyX||fXPF#>tbl>20P_cIZv_n zEF`UU9sXW@0UvHbSBsnJbas|AQ#YW9^yt8pZEjxq7TkJxI=Rf8$=sq*tiv6Aq?!}7 zG{M!_-> zk1x*1!PF{gbR{yrOT=iPq||sc0Jz&c$}Z)`k9?Wa1ng_E9qP};D~~S7Td>lTNA!PD zJ$5@bRm0tm&K7PBg7^>j@=6G$VRq8ge#>%H8Qo4q(?Lm=+BmeL{ucnEw60c@_M1JN zv1*ZDJE5jvliU=XQNVHGLN4hVSHk(sLG5F!G0RVd$hCIG^EaWABgPvUABKp0)$W}%xW5le|6URaV)~|X(+80K3T*Z3MGW6%wl^>C=SHN5M*7m*gsP|6cjvi+Z5))Nd?s z-}(xf63OCn#-kh{as~soL{YW!p~1T+bEI5&S;Dqr zYJceo@!B9!R#zC`tBCO{U-ELiG`~RVgJL3TAq?agE(b;+Jy$k?z7c8<5fK}P#m)D$eA4o7O zM=Mf{Z~mAnV-AGE@WmF<%!y)rm@Th}5cSXIElk?XD=PW$dG`LE4}m$Q9;QR|bU5Gs z2Eq}eqmYG%y$@S^Dwc~J!&q?XH~dHt8ece7>&;bS&5R;ZAXK<<_*`QxUufm_F7d(XQI3Lb zG|MdnucmK-a{zfzl{fVF#S^E~oXG7iHLOmxoDGOavor2`E=HP-nS4X>8iR*V;1S6J zi0x_FI2j9|p&SsCyL+@-fKm`-!7=2`qsl%@{(rfY^ROXZ`sE=VX$y6{`<+L3y|4g_ z_xjoogVI+|LsFb1jQ6W;37AE7A4{{q_>YutzjI6zPDMTNt~6P|3pv$RxGvuk69iwq z>cD%}Hiq9t?|!v^>faye328TX+A&j%j$*u3TXo}$FB{iEcoPx@x;1^}d@)%ARawbx z(e($^QL-G&a!jwPA5_e9f#s}lfznzV412{_z#McV1|jBjvIKdI%i^cXtnZbS>Ll#L zX2cbI?`QLFQNtWuS4BGj?=%el!bza#v)*Hz6!#s#js$F&n#Z|mI3VwU9&Cd^e9uQj zDUQ__4j~+15)v+bP%C-j7h3w$?U==Wthe-0(fHM;4dq(7&epgNI^3|5w4q}t-Lq+X z6?I}gLB&qT#Nx-qU%dC9GQQfK`e5oRT7!qnMRcw87x5iw9qBeE^qb^+z>h*Q%nOjJ z>1nQ9AX{GdoH;9UX>T<`LV5OCusvf`Afg1cm}^n=U~lC0%4nXG2(4!P@#r72Mq|_) zW;XDhwmcoMZ{7;Dgs9}81%1CtJ@3?MCE564vgYB}D;)3JO~>W10|hrsn&3GaHfnQ( z|K|vG)qnWycE@M^IT?zCT+48LgwW9g-dd4U^-n&6sn3H=wT}c&4e@Ri2(vaS%eJ$T zrWAi=AjXrMK`(#W;nSk3w@rF)7O?aegRbUu?9TV&)BF8Phv2Lhwf&>>fyNnNggvkz z7JOXp5(@#vV=LXXXu2N7Xl63a1FT!i3r_cWVk)T3Uyq*?j{W^x?!ClV<@0x+KjZYe zY}aWScX6bbOgg9L-1bZ8C)&}%<`b4ZH~;CTS=T%n74a-4(qkoXn?J~0Ga8YEF^uFB zS!%jjG*%fYv&Uf#k{hihB%rpqT7ZUN0FBxb#VY;4^}K3?q-@tXA*|R@>aRo8Of*Gx zWXpxh?agK+8=s6*2^tW$3lv=u5nfT~imaaX18-;lV-5RCBYja-UUk8bAbw8U!eL!Y zit^4`n5qv0uQdGB*1dE`R8!;ShckKNjqX+Vh4?&MEzp7>785FcIA7y!}d!Fwu8Kfee2 zEF{E>qB1{9^qcz8V-0;1u93Bm{7P+9NbNJZ;UT6RAI@UoC+@i{XP1GBTpqhTF*lBN!AhcZ++ya)q( z0x0_h&%Q6=v7~)yY-3n_AqPDG;{cljHQe8_!Kb2Q^xtwpw^dY z9K2P34Lc6%;MlEtTey;{TeI{?PG`5#>?^{WdTovO*W%EXocUrx2leR@_K6BdQb_Eb zhLRbPs`uimZBBPCf9<>(3ZCQOI(vR+u91pADbpWe$VJPrW79k7nlR5C9lqhpAUWp? z_@e>ej!AU7tg4W#^|DGTZ65JZH6uUp#b7S|T9Ofz(A1{oSkl8~Td8U+ke{{B85(F@ zt@SzqhP3lImX~&CP@*Ucj-$}DG7?XFYSXxcN2ZphW&)m}&woq%!;<}EA70-XZBP+O zm2IIsdTHUGn4f*9CnJoFNPZWieFG@YL!}s1Jo$DV2kJX*3L;4TUswYU*XNxVRaS6C zsB&Bkcs`s0P#w#(0>L@xb@0`_aXuorn6&WpU}U9@OKoi6f+o~JrjK+|Mec<2oU3T7^4f|f_t^AG~Qyiea= zvUpuF`Lx~-amo2L0v?(Gh!3H-AV?=b?JqzP2!^b;a=znZ5nysA7S!r-40Wxe9{1ym z+^;}!Gy-d;TE;1F=B3DwIR|9y$Md2%nHOVc2^4p@92{{Dx=+u1&wMW`Z`x(v8wpMt zB$3$saUR1~D9pngL=t>{xWK9;^5q_A(LL%2bFKE)t}r4#wI~;`xYTicdk;w2l;hv8 z9I|L5AL283%!ao55y{ug(K-G0VGpU0jU?Kq3K@5HDB>w!``GLc*x*}pFTzP2+fi0z@*B4<%W`_QZCpOhO! zk#DAf!8(~rq+@hz3zc6hru5IE0q90VVItp*M=mEII{LFv#+aH6DiCo0b4Zwz0L1}q zq51}f?1zg@-JX;u!4F{6Yi|I0spnb$zFsiVoc1W9wPJ?R31TLTK-8*zUAO?Vv5pTB zNPerTWCYSYcxGXsiw`A>_ATp*pt51a;FmZJWW5e=k8h@3M?v8tGno#UMKb5DRn`D< z27y3N~?SdX~(LGOV z-u!Q5q{;wJfFC4DlyHdLLx$;X_;aEhf1{X~h$xbu8Kd7y9t>EzbHea~yk)OA4G%lb zruemrve=GIiFJkGrtTFo$qtygLPno7ohb?z8MnH%HoPkqEVH6K(o2PNH3k)d_TQ3X zLI0WCwM*krp|@2%!J{Z3dbtKgLgm2*^oGxs&AGY3u=;bZsS&fQg*Kz9mZ`5kmjWGE zG%2r}Z~y2(d?g`)tK_jTE!pHKtqFp))Tf_JPyI>(2!`}IWEU}=~GUFZ)8n#Xz80Urd^NfH<1?3@xdgf^AI5kM9QL`DtNW=Mq8e9l;3Kx z`1B4z_*QBrd&K@4B$vU5oNbP4KnfeHLd^m`KY(fM+XScy1Akx8x;yuUJE(sdj;(WY z3C6*#XHX7Am%xmP5woCwbU$UR4$b6pqT;;J6!}qDx=Z6eq{LvB8hYu?$f3?>qvhkP zadN4Pm7UEM7Cp9p|MRdQuJz6hD5Bi>lsBYAV8Yc2D=*@4Q% zAhVSUwMYLb4q|aL@Xi4{K9f@c5SfL)f$-MIsKcP?I~ZoA+(E;I!M39+V%XaL=Y9Ka z8<3Js=$VMpN_-A0pfEPi(=VzW$j6`MiQh++G0`(;NzH_TzOpMp)068-^wnz-h2X0X zM9FFv4JycZf;qbROd!?53hcwm;?09at1UNRN>t@47qDH_`mv zEp0+NbkYvx%~WT8+2qAfqlswY-bv}w&vH5PDn27p;2LTMlpVfxo&Xc{t2oCo%4`Uk z#G4(~3$-4+;`NM5n@X&MZWj^a!+669@VGANR+zq2(J-UZ~E_BfxF??9VzksEb}UKaFsWL=vkjE<2TLPXwLjncYg^m)Qw8|@}8*GDYm zWi2N8XP$KBn1MuobTl|;20=$ue&fNcH%1~@;q&at%K|*8T7Zt}s8|5#l~r!d`g0f~ zsWP+ud>OWftR+FHzMgsvQKR<-*i4Q>Zs3}k-z1zxaZTLSP1QW0xFAn5gcK*abTQfT zBzaKYI{Ck>xIza7GdKhIk48SFH$dM_^9H1oX^lV{&2S>XQf;bUcp{We^*SuMh5tIB~Wc;tls;d$h_n*xXO9tYl-( zM8|FFbu(L)N3dTeWVge@L6}TkipF41MbFod>0k`%YIWlK0mpe9vZ`K)$O+HA(UI?2 z6Uv4qS@TyR2x=UaQ8|>QuGt3Xx1uEPt5>42E-oH&r9YU?YEi82XguG7hr&mlr~i9b z7EWWI*1c@h(rE~RyG2?y$Y?o>eB`}RbtYqWxbu2cXIqbUkQM*aF8i__95+Cer571# z7UL8wB;R<^zyrZ5hV9Nj$w04!yTxF6D?mA>$h_RgDbH!7t7}C~j8VARLSD!g$=$E=68b z=27i`geg>3vkuTbX9|Ww!Tk%}Vv8p>8**`18gV`;S`a50c7M(s0N;H~&=IhKw)d79 ztfP|m-xe^g#19J+3|Pmw4wjepHNevZ-r_8uS@9^6tsbeR)MJIc0`#S+NWtBoIts7?oVpF`(=zdQ<>M`8ILJunPGC1_2hZ-6NVa97$ zMN9U{cnQ*9`)xd|tGAFF;I{y3^Cvc*Lg~#j_h`%LzubXFI+f$X13@JJmgDEG1{)k! zGeI<`&}FQ-AmP~=d6EZjZ&zBCA8AI&&!Af6UYGq;qO`0E& z$LA|xIJrZV!oH+)01y0^1JGY*jc=rnW?PI9A{EI>Hxw@9g96c~?~+OaZ43ErK4&H$ zSXa~(`2`Y;-)CY`$n|0*Y~ZxSu zDZO`bk-!Cou^7bJ7cmV-)$X7?iEQhV?>Rsjq(p-6GewnkEiF8StYTEHk6E|cgGi*; zGHucI_q&1E9sMm&`;~yjT~zX}IpVoF9!(0T2}ZKJjx#>9(_vv$y%oY81qRwZlr-#} z?#hB^ON)-_P>vru>XD_6H6)b5;i)Ic#Br2*y9r&Yi=&*6wO7EjO8Xh^;3QrK0ZPAj zxCc>y&$+&{p@EM-E0>^TC(cFTJWu!a#3;=1(BfN|^T!Pg?%u;Cp3}gs^nHM!XT%_w zVL(_~&ta3i4nzRfDnh0ycT!38b3b)zvhR8PM2+~A934&Ez&pkJ@JZ01m^KUQN4Fj+ zjUxWT7*f_L!9%qKxHT5VtkJkx$ogpJ)|Gu}5Nz8oMavo`Fm6x=^H61J?lIX&HIoSC zv#?w5u=G!wl(@a~h&(2Piy(=a9osN`6srT@)I|LiW$neVF6VVGp%;n%<0#;}YS5~;pae6ercucM}HrZRJ1n%MNfr+&6R{-V%vk|vdy6jzI5bmUfq2Cq*dkMj z+byyHUdp%F{=*jmGtc$`oPqkrn$%Ri4?Ml5+HKFGNq}fDbdg$ia&|lhY6`!(M+Icg zqc=0Av6#r2z(QeZ?gb5itF_jwr4d;_mhoc{AVybV?z##gmZeFi**1(5ryFBK(5^w+&#uU;tW{$Npwwx%#8~8_1Fu~<_p(f(s?GjIKS_WduEHisZzGuyTq{AHTM-PXw z9&{9oS?5@8=9zBiAN6)9f;NdI))CARXo?tDB1UC?{KL)LFUX%P-?v*Jd)-n_9Xk}{ zqDOd?m9|I`sqd55F8xN-ezY$m^XuZ!4v*a~D#e};`2X8qwRJPJnynEGF61D1 z%5z2=CFY>utZglm4NP2Xyos8jT?u#1I5hjcNR2tEBrlS__?&uP79~1gz?z8oOCBq_@J-+>w9OkdVo?2DU6UZJtb#K$Fp3Va zm{G(yltLtqA6h&ZnLqGV(w+JkvHhlEf5MQ9vAL1KZaMcd_vovJ=L?Z7N>cTp#R~7O zGF_DRC70IJQ=5sp5Cz6|Dgzv`SXWtHo1{QbWyq5#g$qZNH&XQWKDG>LUJxmLmDI3V zWn^PRNPUiqcu71bsPw5+&NR4eK<=B`Z}<-;93D_dl@4@yy`9F=`DBRRAptHUh1o)T zSuS@MMN`GYwpIJNoKZ*RQ@agdD1@H@H1QgFf#7yAM_LFB`!!=CJ}=;NN!IpCqF_B9|SlK`N>uSMOZsqCRoUG7Bsw~saNO9}vAGYtu5H3y6m;c%| z*q_~*9Yc+w?VI7u)$=_IY4^!)GPiAI`}51pH8+uR<&}aRJX5vdV{x-b zrcL@L3qec`Wg7ea=-p&Gr44fo*ofbT=M2gUk0U3N&l&wptgFxVaD;JFC0bj*sq7NQT65RX!vLE;(@|!%3BhPEQlmm?{Ts#&AcfnR~Vr(s%+6kVJ zQBy?@bE73_j^%j@?*qV#jGg`LYX!D=KU8hAkf2jC@iX}{M0uAi>?eG$J$;u53k_83P{D$TS=rE&!ci=zq#}wLJY@D) zZ1@mYIUul+tCzsra2afI;hOk8<;8#*GH{ z9w;}j@o8zEgE`1X^=c#Rcge?iRbqApT)j*w-l)K&(R>fD-Qv{rl}~W|LxK_*=TO?K z#gu$%y8|_JlmZmLk9n(8p#n}QFM7x(@A%xF`2}5)Jcivhn?UA)ZI^J7>D-xGI`8Hk z6I1Mfys9;`K*?l$K^f_nZm;!DMNynE7VWH?Jaz;~MuANiZQ_@788wDNTA&HB?X7Y8 z5TtJRmD;z;8FC-dh`#3|!*o0l+p^Y?yW!));*zmFS-!y~UbMV4Hpv%ylP(ZT6 zH2R@9LR_|FS1D~e9SDd^@e|#-UZki_M&ika_w>+w*cz>FI%CDmA^i+$MUMWY-u?lv_qCOz5TFozB+<_ z2S?t2ASx&+hGqP8!#l(T22>pm)HUsINIE*Rq!yv1L+)%zaFMTyl&#_0N*9^mQB(?} zM~b157oO3*%6uyE{Omfl5^>VTwfdE_9#)5w9ta7cZKEhylZ@AZm-`j4K;<$6l-2rX z^xzw{*U54A+15eLt@;43w;YV!BjWqx9yg@#AIGPv-aoVXfU3&KF3NDA4cUp(hDJ@Mghsrb8hsHkK4*JK6 z8OupXi5z7{CJ#NSgs6B1Ae--GsV(L-m;i?xH9SkS#NwatvabwzCNoED4_Hbj0t+Dp zNVwvZp+e&Mri%_duwJ%mn@Qe3ymC}|oAJ_sI&Pd>Yp9=rLTw0jH{_$}KD$shX2D+v zGO_#=>vi@t*m?%Z%&7e@>E?7KYU=Toz|*TV**S4-x8%NIvIK-_KId?0E*%leUtT-1 zpNEiC*WYq%P!YlLykUjVmpTVJdVFJ0y!BP5g)4yAc01h+Ccmf>VX4tV)s^zA3Z)VS;6JU9_&*e54 zQlqUJIvt!}_fY=?Ry-mrb$;{RjvW{gnmpZf@D6)zxXg0F|IqS~eFNj{(W`8QRbbW! z^W(2=OnxYnFG8SsNHb=vDv<1xaaI}=v~~;U_T^eIJg?pB9s@bOhm|qtyK(s530G;h zvJQip1y?C>TZbFYfK3*xWCN&uii4|z9KItRLoXi3K)FnZQjR)HU)!lQ86m?R8!(at zHIyKRl__mx(lZ1Uk?%{^uom=QJeukyADwtCHA?FM@*pU*&`T_zl0!~iBRFO!f#;Yq zZb@goVjRd@7e5SUc!N#duNR5o1Wk+vsD%L*s4|6`vXbHCSlc^_4abICrsz9BpqNf? z4qu+1Ea>JoM$|(PI>UUp9dQNhimGE0LvO02L?;ar|3jO1cdjpqz0-o9+>FT#{_wo9 z#qs8UU&?Ztl0<^0W6a=6i9ffJBrMJtU$^D+o%PVlQ;*U>w|tZm@WlItwLTa3$1;Wt z+80bel&@QPjO)@-eD<|J;!a7Kh-h_n81HZYjk7-5G$`n6W9m{Y0lxS*-C>L)Eh*bV zfsa2@R1Vk$Y6CX39^?POlOF%g00s(my-1p8pM-;mFYNBIu+Mpg#Bnhg#8k zWV{c8#!xj|F}v(*=eIrVJ%-1>7w|e={{bn2YnM4h1t2>Oy$d(We+CadUVmiXJ@%ET zoL*9peH7nvAeSD~O)p$^#^#RNZ=qOa8PESFXvUQ|^bDhR8XtQJ!-L=i)~OB-Ic5oi zkm3Jc$g@-T3#HG@_pKGY*>$ktq2Jc!qk(?Gn>v z^TFMP!6uwB=|;o~Z&cW~g>6@ze8MXhNqiVIY5Ved=j-R4Ev{|1^ zOrHHQ&Zq%AFu^9iAP&h#?&yMX7#IP8xqaJwXxa8p;h{|qQhIXLHi)_im_o+osomwl zDrlAbsmgLZ4NgSrD|ggxpH-a58&r z!zJx<`cOx0x<-zQ<&(wHH*Aau3=%O%IilKzZp&jrzQZ`sCUG`>K`hW&ajJ)IC@ ziNSxS2d;S)mb-^d$dA^I9~?=Z05BOS6XPPUjEeuXI`VuO`p<{fT_8j{5LlvT?G3}0 zw^u154n(^nrOX6P?{lJaMlw0<5k55EI9dJ?($^a-I$d?BwfBl4TP2`qp0ZSD_lkalGqo*X*HH5VRGMUPN?~HnL79Aoawjaw#j2qN@Bsap2RM_T-t@np6FsKY^4#MW*+{ zTQ^8Njm4Hu#$By%GP6|UK(eXIuR5vcp{xT58y%py5fW#Y>r9{!7sz=olwQ=W%qKQV zepL)@&r4RkqH+wl*Cs<>?g<$$Db(rPaBCQA@na@T_f{&j`!)BlJ;Fc$;cE812DVr& z1BXW5v>xDjEM9{>PsJne1YPuvfd{lfJ!ig=Wm)Q`@tr9*dyTVVZ>$i>_mj{>JG^EPm`m0~cpOKqIAsVdudXv(mW*;1>44yF)>?8BX zOc{_Cp^7>bC9MdawF!-_K)wowQ0JQs);CN;zs3l#Q*0N-J{{1YVWzGjBT-UDbeNbW zsqB%ZObF{g%N@y`yQx6Jw0KoR#T4AH3}HJe)?RCbI2$)FQ3qjx3)7twF}@p_Cva0vE=G}ld1zV~PHPI{KSBq$*+PEC@`4+I_e^LP$R%C5 zTLfMJQ@#CYj-9?q_T?Z$1RFC258IeC!{D>&{r0ZU$Yz@$^pZ=Ra~jOA(dpi}ilSeq zt_jfb#_F|SHx#9Mk8ohMAY?(@RAQV-uAY8=gL))6DSoFU1qqD6u5|KMZ;cs}EBM9E z0u(NmJW1y;FZvhC7oW>{xasJF*Sud8Z(0C@n{hhZv$)K>W>n8nW*WVW6b2qb9efp=3L z_zb}j?f|Hc*D!V6%w5=9^9(vC zCT!Bq%8Np0Q?(t>F5-&@o*I|fJpsiDd5X&s^cM!z9fp{!S691QlO7Ep-i3POO%=2d z{ob|foHml<*|@$W6Ly>L)l?>a@pQUDV@>4U!Fb5ypuqhY*@uC3*QOIX$^sQ&hi33t zX7ijrF~@!d_;DQXGsIehY8yskGKEYzhJ2V)@W`RWgX!OlIsY-aw*z8(xJXS5qG?If055;X0RVr>BvbiAw*wZ$ZzUN)7$} zWu6k>O_WHU!h2?Dg*@4k8oc7)m~I7WJSVuO`pp>R{Ar)YVNfI3YhWi{_iCV()IuLR zhiwJb(~fFevT8vnRj(sO8Y{>Dz{Uff$sv1!7^@p;G>}M!4hER>$CD5F2T}{s_=3xp zN}uET&^md|aozP)I{eZ#^n`zSGmcxu150y8IHq;^LhtaoQBd~;bN|AJ9CX~FtQdg) zOD(4$@m4HzJ_S8Hg8dfCH+AICyb)`eS{rnnY~T9BPmsqlbM9(maiC~Q&v3S1iz%*)1GKz)z~^#Y;os!VI8D*x+jkR zp=dx1$mBit6AGCS0d@069i|~Q^Lx8xvk;CU{|a^L*AE030)Zu|v!sgsqXp))J)2+W zDY*OPQ%$9H+-u_(C)EPnr3At*r0FkEuZDu-FedxxXNa4K$-Zt}guji+N6Ye&^i&cm z40*aA38RZ}55jo;_SY9)-mEaJX{Fb+QfSbY`Os9Z2}ZR`9pz!rt_>G`qd!6WxHN=@ zsABPC`<}h5qM7pHNMv3bT(@bUwL%(|nfm7@J1>cDm2F2-huUD6aP*_yf+TrS(K_&g zeF5VTLDu9H)cP!qk`yE>&@NbC6)W)@g3B8e8c5ppflqM9;}U^`|DWYuoaB_qzFRUf z1rfxEO-0O6(4ZSrjvt)3ZBIlxR?5~t{xrFY+E^7LTz{ePbd+rYMT829eam4@(-#>) zM;s72osRqNEY&F{|H>;YV!<*#&-n!!2kAUsxzvn9locPQy!+qYssyIywjMx9;b`now#!1H(--o9hcN0yS>5FIML1#SjohQxBzAqe>T4eHO)&kM za2{3!7Xo%eHkD*c`N%p;AirqJfL463Q%-bs#^6c^CI$8?+3fhv*p*sz(QJD9x#r}< zC8IrUR6VXb>6#sBS06JPE}j1Kk?1u&2CP2`Fw`fb6IBwMrR|ULHdXU9A>4)nAzUo} zQL2ngodsAG&-d{6l9%poknS#N1VkD{xj!4Mo38fw@&a`s6N}_jPr?uM3fP{;YST z=~LZ1)?*o#b;40ymlwptP#I5pPnNH3*uI)vOZ}ecX->uqC1p3w`cvl_ecwDyFwEYS z??#`>5S7yIDV=lCHdv-8Kb_X z+Lu4{+yku!+L;={NsIpkDsLMP*6{%JyvPQ{85%EwVuHNS-{hT=qh8nC>V_P0B&CLS zhkZN0#BOB`?g=Xy)9z?@?vq5gn(SHH^s{2bldrF)P>~*d%YVCoeni@h-n|f&TDia8 z&7d;lClXZzqrX<>;B*uMtWkul6jH$L7Wib$)Hx2Dv{4@~e_xbRkyPDqDw6!d!7+#* zxA5gIVfQW=!z*2Va;lq2$}_hU7IW5z>yX9DX)zgr!LWy6x7@$YTjrXR#x3W~pTALf zneg*=`*UxSM;-Ay2%o9ZRcfKJJomo26`S?kr_)dq63TCfS+atX@bokbJ4rUvWX96H zz-0pPL^!VY0u{K<4Q5ZqgEh=Q(*~hd&$sBZ^V5cLIlndr7R`%W?@94yGbo(UWb6SW`qB9t9MCXVHGqkS|mBZ2Zsu8aC0}>-7(mKfc=-I2AbTP;jsCPoH|7 z4*052v7P&nE%*KL`i>2^A^L2FHb#1>$nze7Q|EwY@Z6;-|9laR+C8x`+`@n_$TxZZ zI`>z>?0kN46NMqIf(>qC`!LTi$VahI z&x_3?Uy}}%q0*d3Al5Xaz$>cj3iIKk;~bIif67Ry@+erQmtf)hz*qZ-T10h|7N@Pk-{r_^^bG~w9 zi9Gr!YSzc}g-x)%+Kh&E-g+SY_D33t)4=X$nj0Pg|Ets!DJzpet~_djL~6_%2Z;%h zNk2Qbfs*K4!>_`rUYoSRwl&K;0j7WTXt3m0UuY4w<|CBHkL(0h@I$;hqpDa5IS=c( zE8s4;^i}DKg^V_YZJ>`L*C4M z!0UUc3cUXLMy9B8kNh!v%_2uFzN7xFl~ug^`U+Yi0^Ud$^ZE9sDK1;?t{{m-K;AvO z53DCg;Pbb$u|DsCyvdPm_x|1$smQX^p=x^Rt`>|*cH}%{d@?0UHr#-eoKtGQTC-^ zq;53rPr<

      v&*QTYj$kg(j0WxnzJFB>G)HziU&_KqomtUr9@m?oz?e=M$=IC=WB#TAB4RPEeCf zc;J6*CcL4R5hZG*p%PP8nQaJLNVpc-D(!Ua-xSYYE!CDMT6bpaO>(_$-wYcib}>k< zVEl5E&!pTJQaR&aAJ*OwCL5AoOWYRIjK|V5TFn$>hlw`Hgb{@WU0NccR(ZEo$c83H zPyO>)bG!f3XknNGw6(lQ1hpbSj6xD7C5$}yZHf*OLTqA&GcWX~u%hKM z$b5&mCok#*YXH;@9inHII;+>yS-3@EiNw79T}esc*-x9eL`;R^@KwWB!er=vrmVFH zJgiL|w{fyLMjvXvp-(nwsCG3o^jxPK9iKTz=@Xa}Sngb;^f)sf2Uj{GOy2;}D;Z=R z=NAg$sIQ5{+yOYrjY0G)N_xe-#)CBDRDq}bPMb`QJO4KH90xiq(YSX+s`hEo=ab@} zyINg|628fDf4W+s*-K^yMBlm0eYSNL&i4i`e>yNB5VAZGib6lgV49nxuGQF6dh8CZ zI@SFQO1XD&rPKOIT3rTr{)MXS=Gp^yv92jJ^*saDL0_2s&@vU!F`LEo?U;7}Mpf-($s{k)?)`zFC)5)uo;zzm9Zqn+%qDM(?0Bp*X2rAdnhY^4s4`W)x zu{uAkzVA`aiYE1wc^j>+gd&*l^bd}(Spt)zVs_V$@F-8o6UehPN6(TBDUzsP2Si%v z&nPX*=v?%95kGi{6QiZ!BMLLf$K_s% z7`RXd00b>wlRjGE&@g02nO};!=Kq+Hl=oODIPl~1zt4af75Na+R_7z${}ZBOXLl5v zQs{KH8NlOr*ph5@xF5K~wo0^nd#eiHR+F}>;B9q)b-q^?U=6$xsSjNHW!L_b8@`Nh zqz_(MoJ;V$EIVV={ci9N##JyIrqtl3dmDL@2a(!%W+|buc zR}+_Rur~q>`JY^mqm)`V=Hv7x${eorMh*+x020gCl2m6xcxhQ5DFA|`m08BdPM56u z;7|Rk#DihQ1Qq~5gQ#1WLc`ohj212@p`adw*mRW`gpQp`olb~KPqZQG^l*^)QR#Vx z#nxR+Aw;p8rl+JYj>=Bp=Dxc18hcAW1<_bDm+kEzO?k}?9>ToN?1um!J<(V10r#O9 zxtW=<)bgXs{4^d;9-#aKDI>J4EN-N>JvCSr0blyS6-+op!l_6oDrcydW0@S)zsWXG z^$XZs%k9{zQg0(c{SlW`D*BuH@bED62RHR^m3esmd@3%feiFI<%dTO!#I0G7)!Lo5(Jie4O}lcXnvfq-uF;+yWfEy&2hsf1`?@S-A)Wo zLBOODzmjfC3+PR(aK8Q~ZQn~|fa3VNy~!!Tt2mtSTXR^6mhuBo9^p<1;~MLoPMryE zlBf3-p;+~}G;*9fKh;Ud^Fi%IVXn)husy^Jo+XjnC9af*sS}|CAu7me%5TN*L6)qC z0$pUaIfh6roN$fA*QD4&6YxpQ5AczSXaYt?pBKkJPK&>CQQAS#XWLGn%XdCpj1I(~ z@d-PB?tJut_=Y;n#;?=&s%&(hlUib9#o_WF3pLqr_=-r;V z$J38_=5bG-=9|-f{Ws5S^YppCS>@}SJac?`jjylpnOxuS^zS_LqNo4qna@3auV?P_ z^lv=#gs0E&%`#uV=b86CeV*@}@9SGUv&j=CMPmH~`fbPE%7mLz!C#!rUt#m;s0EPk zU(AT#oSfs2g5g{J3mH6lzcHIlicrP>0#K9u#00k`{LMx^Y{L5(j`MAMxoyBO@=kvI z!G1e`X%_-0`F*Y`c_lAjVizy(((Aa&m3aMVV9-rE?m~C8`%QO%>z`o?%NVoC7XLMt z`k~I+PjW-fBbrL;s|XiTK_BAo0mp-|-Q^SHE|=kea5@M5&1APBvWfFq8P_vddZlCp z;?VBzjd{r=-#6+#Q}LJsbS57JKNCgt|SsR#|ClWES*O~{Ym=p?=+>SXNw4=VLj zcQB7q%d!fVbPC@h%s@>C2gg+E`hTVdjjf)L;Z_6T&iOm+W~jl1{io?ambxyi1TO77laCYF^1WM`OZ>sMevF%_ zUv?Xq^nn6`Jt@G$JOxj`2KMnV!)d%O0#pS-VJ6W{1p`-5k0NzH4m3!7KiTIdW4Y`E zwuNkau#M#Mzth&UO59KhM?s4dH49i?Amr(2AHq_Agf6KNxX6)2DokZkPAGRkLa=_N z%^j-5WzQ7*l-~6+#w1pD@DT#&5Wb4^g6(QPx8DV+^gJS0DL48| zhzntIbUu!PPH?M-SAqcd81SPxzl}1J`>_Om|QZ78A&;5_0JLD ze!duq?DDrxdcR4()Tus@w2w!s*E%DQmv=jZrX3}RT7$lJ2=6$ly6~nR(Tgjvd#JQs zXu&Ll*%FaxNmLe{Or(+%;h$xXSWKOm@Bv!YHu*$zx9-Ug7I8(CJh;q=d=gKxa*#!alnmr5d2s*4@o$fa%|*QYpcDFM5Fw@0x^ZCzZlTAE){&hJ(JC6)NS zs=lP^eyEDL7lL&mHeW+dIYah}+Zy8L#zAuP&@&+V_X2@?nDbkV2&C={Y_#THS6*lA;6k; z8p$vup;{%417wP2{YXy(8r414Iz7kbg64X7H@nAMH-MQ!cOeRZxb3z`+Z9^3NF~r_ zts_Iu6%Y(39V926XuX`Q0@E(z@MliTWyOA|yuL$d^xf^yEswCapgqh6 z>UL@SsWFP zR^JDQKh2)*jb^n(n?FX4YT#!uEtoD2#cp5nJnM2+$g~24A%M0=ILABn!HaqGd|tgk zSmW|<^Tn+r!Z$~#n+1~e&~VlfpACl;@ca=TiT@N0z(uzD@Bp>c2gq^lVfMPi62!hZ zEV%hFb<<(q)d#pA96&4{I@Vb>f)fflhUjrS2D%rcfev-RB73MiUT0$Gf-d_qs%vlB zJtPu9NZV|{V4ysxN@Dl$>ETEU-YyBy5$6(SRIDH1+C0xKD7@~HP4lE-u2NH}nI>vx zz$j<58r842Ry4Je`F`+&qIEm-ruUq3o>7E#hlMorRN8qgt?(k$nN@A!A4aORy6>^i z8zB$<%*f1(D)>|YMzgqQ-W}Fg=ytr^j}q7sj@UFd7O=SH_m-LUljme$H!NCHd}|ZL zP0HF^O+_kk6pUc%@`8Ix-dU1I8>JLlM~KFmqF0Cr5Lz8Ms4_>v5HNU)%08k}UTFPQ zfoM1aDK?wOA-Ir*Tj>ouk?@{0sRhi&X>~5EX84|1SEYgWT9)9dWmHWe#ncn^4TrNZ zWhBU1b~WBQmMJe+*)v#t->2G-Za<76zC1I##k6Dk@6R@Hlhgh;f=a-})wlA!T;AM4 zQ2YqxXaNzr$RSz338x}szUiJiS6Sm{&~OjI!Zx_BEr0&DwH z8*xqRZ_P+r8$*_(1S}&S+C#m&Gg8)b?85PA%@}RH&MDGq8RgT6Y^ruuBS1cJ` zi?)a8!9lCnA;>hRf7gIs?P3MdR(k3vdTQB)dO=7^TM)TtF-3h(#to?uPjxX0jkI1U z2o5x7z1sUdbc(eE>}7@lO2$#m%yNSQ6uMT8x>BXCQq?P!ca<6l_0(0WA^LnxTbC9Y z1l{DX)2X|N!>R91d-tSa#`LRqrxW+2>$JW%owzT}qSS}W!A-Q=9Yr^vr1FSOO>`Vw zw;j94Ce#J+MHAo%+4Ej)fT6HcF{hxm8pSH2in?MTWcv+7&g8b#>!7I}6zve}uawy# zZd_ou_l=e_WPB^a*GfuJg1QCW!{!br_qVJsilUH~+}JQ>G%TpSC3ltFq*M(K*FpC# zum`PGCt0gX!uTUj?xVy&G|1+Qv0EQOCfwV1A=BB)y1dlNt3vN9i1zrJ-n!MQh;Dl*7*GmH2JRMLt}8BLMpCL~x^>Tv zE38$ctw(!*eW?d{>oXZBTny z%aBzRo@YB%Z6B5Sf5W*ChjFD*2z0P4bt z$pO|2fqL5nciDtD0uS>kykkUZaUO=*!d-${hk)`c;4M*{X2b?a+)!3x0LXdI_-qiP zNH}GxSY4SMha%LhspeVyB?R3W&y3^cf%8Tz8{Ma?xy{ys;mcJE0l&aDMV~Ho@5`0< zGd0uN;#WZP*aRL$KlHpCQENTt+P`(}CtUkCsC?`#uJ>Eldk(xo4gTfyiluk~L66G!+r(7ewkym7Gv>T8Z!uOal!*gs1o)Qoi zxN5mJXY&mxQv>}`n70`*Cfbw2mCEP#%#2#C(e5vqoIMf1-OJ)V?0{vJ@ea2SbrrE$ zkww&=_Fn#K6+j@nMk#1APEKEi6ByciIcjqK3tm3K(z=b_)z60a`6Q^yv8u8BW$KiO zdWKN2!qF%$WCSE7B%YIZa|nU(@Cb-MOM1l5R+33J-6SCL^zhx8q();nd0d{KI!Z>L z$622sSGcZvR+*=nU2&W+kEl?Xtr>F|bwse)UGEwrbxp*Gah#=3vyQ1?qp-^m{6Et+X6nQU#9AcRbd7|t20aa2WB`b*jWkEil*)9-t#gc`!i zP_d*J{ZKL;J+VA34iG`ogkEZ<3`-M;TK%}1Z}nikt|clNV)F>@6%Cq!o+f}TdmF*} z@cDS&kG@u_74`tm*+bg7zfsK{SvTSwYDv0^Bn2B)F8W2M$Zk^C+b3jCyx%^deB#L7 zqvmSfHH7gdXbp>B=rd)6^LVx5CGbeZNWE zC%Nv2jntkYOsip!&DDW$5No=WF5~orq>UJ^bz+s|JkNAO?hYlY9+b?srbpmMtE=C% zkH}nYY$%LZOP(vufFtdrd%E-|A09;|gANSimAlo@-~% zx6`*EbO7Fne+9pSrovt=3`XW-x}Kp6!Z7etBo4uw?i|OaKVFzkY4UljbAnOLpchFgAA!}QY6XM%p!W>qwW z5K_lfDFarBCHgsrC3=3b4D$neo9_5%*p3Hy?^czLhI!g!+y?7+YL6S0oRZooBOQ$z zV>zEwtc~F5!oLyn%s-3hc>cb(09pT>qRcF&p9oar}yG?<;qgK_^j2;1&05^a-Jm6KlUc@8rs`lw_|ML|?VTOzVc*Zo zitK&r?f`S6(q}2m3!6}6W_DKp zN19rp{NiV?@~ot=U6WsnYr%Bwx)?{|+(BdJk$u*Zuu%8S64g9Cqr4R$Gu zGv0(8l%*WC%X*F~7XHpWId*$QWgkVYb0MmNB-$Uf##2AcT#sBPFUV?!^A%k{tjclh z!^H6nzad*tJ;Ogx!eSI zyVe_ChxUeJL>yBK?5e@8Bb>l=14*-2lI1f_EiH^xj?g87*asvH6Vm`RZ9d{YOhKsW z+6erLTR5IU0Fdz31;*DacjCE6T7rD#Fcb&bcrd*_0!kikzN0@@cyeQX_W(Fb+{mn= zMAT?ySS=--Z1qUkD@902=_YCHNIX!HVUv_17PyyH@psC3QMFpj{o)6<^D)pwIYiTH zwJz;F_lDl@JN@Ei##wD73xfC0HQK0`Rm1ND4Wh<-k0|F+;@ZSN(H=djTC7L?hTl1Y zI9TF)zwn*QQ5d!I7epLwbO-36t1gZ66(>d_T#1mM!VjPY(V_RR<=)vuhlW9r!5G3qqM&f6J{ zN1pZH48Dh37tz74hF>NxQ=0Il?!i`KR(n@GNx$I5;6I|%w&SbCiDUhvu?&6>7nkEp zM=_o^@K^-YmT*B+5c04*s(wu76*%p8N52$TcDr>C-3{NAs119@p3E3ClJQ87Cg13t zkB(L2IKDf&okbk;-FFPMVJtp6z|V!sypHa*f}QYEHhPUe~gd zena)|O&H$$eFV4pnBXQCnz4i^Zye8zY0Sfsb$1WvpSJV9?acEgA-XAFSkLy$1km#P zr%;vtWTGhOAyb3#teNxPZ;id$7(8r)k$u0{7!#6TA0P3j86;BWic!Be%!1YA ztELs?YAgEYq<;)?GMwZ$aXMkH{)w>Q&zna~~MWUA+5Y&_MEBf|!DzUTnRX=$p%CQ8;cCwr(S@<|1&ca%pEL${rUR9IgoR`r|xH6xzPKp}K(8w+chp>M6rDT@*HHTr91xk>&pPFKRH$}ZT#og=c4QHE;zJR7aT zglK|&hTbGK%)$`y9&%jKp*X0Fhdi&FUyRy9S^(Tlfn5`eCu#LCUdD($27l>8?2Mwd zR)D<0V9DMe6uu(ITJune+K|~rGSfZi3gKmD+Urq+Pp-G-?Q3n}py_c+Ut$sJm7dcI znhAt-!~#-^W{QZuC6@4;zmqzk{pzGZ{z6FlO>7;2MM}pEwuD-iq zk&V)z>EI|=XZ3`Gk|<{oR5=T=amOFO$pI8!?j?WGk?3lOvC%y^hMpr%|Mzb>@2e}s zzxu8eU$6IyeRt&EA~=ia9R2NF7ReKd)p3sKlUDk*zkmPz_4A{0#!vJArYyZ>_+QJy z+a-+4*Z!jVl3M6X?X8i%-;@uX=)XTj-_if=yRUwCs%2V29;bTMO&jgD);4xq7WA2V zI>{^5;27v?ts_}CuhipLXq>c))(wpe2a+v;Oxs0|E?c^Fr5V4%_$!H+qkm}K*!aUZ zM{?&J{`eKXztS&S8#v4v+3_o~{>p68x;g&cJbp#9zp}Y#ZIs{rS9XnG(dDn~;)*9( zn;K7wuV`c1>%C|Hl|5?wiXP?jjaiT!oYX@x@o(k3Xx-VHMA3REn?%97t2c?V^iUYY zbL$?GTB3$+>4!90#N92u%C;V&isOz) z#DZpvn>?PfbnKNbmIBJ9taW@w=UaMu*2}OKnQQ$K$gY%Kj-Wk~63Km|(#e2;wmM3S z?qjX?XcS99!h7Op$x+IK>#3Z>b78#^mA%{}`bHp%e#sL^msAolgMmPtM;Oy^f9Gx4 zIA?4?1s9zrhbfAT6TN$k#Bt%G9A6cc!p66f%0PgYCdW|C8q3xL*+yDtNdP)ar0eqm z@9wCx-o3APJiswu`%~5v|3A*rf3>Yk(FmjC<1hdJ@sC=ubY=K)!@}WoxYf$KIpiaH zFj*fSAN3_`cfE@&Z7SWz%?;_88zqmftW?KgTL5@&ZHf}wR^o%OLWe6gd0)ftF65)P zTe?EfgM+_i9SfKT^Hu+qhRh~h3BQ|u192qeBg!m5*uKo)?#t|x*$-Fxb=F;yk<+uJ zWW$x&I(!%7lx9+z!KjK%2@zCHfMB^B|9QC{{PjlM}m?4ef^K}MUdo3N`}!bbH)DxD1(`r<(- zz9T~|I(erocb0)h2&A}gEn8Mf#b0eaAh8$EdQr(J3wM`cA{xjT!u}uj-ULdDBKsH4 zh>Tn-t1@fp?5($$MGI_o#sw91)W158h$y16h=?M{CW;~g z?z`ZIC@8p#FpB$zg3h=jzTb_kYH()$@4WAvcfR+|_X#I6J0r6)B5rK=-njR7>38&B z{>G+j+Z`r!%8lMcJz%@8)S`4PIL^mG?gjmod%R$d#9TsPcM7jn-jX~P{gUcV=lm$3 zMN-*=aueJm<%1^)$_@XN)d)~cQ?jN!CI6DoamV{Adwux`Yef);13#k&{gg$;!2?n# z)BpT~3S|lm#DevPGT%``=Y1uZ-33TmtSnEW)|k~Hc*;c_{v$l*fjpv23!czf`LvYifxS}Yhqk}2gibI> zyS?qNhuZ$y*!CAU*7Hj>K=>L5;R6#@HQ=$TXH4q-^}h0!RIl-a^c0Sb+rG<$umc6COy{+|-#V&s0W0hCy)bC{;K?S4z8MVqdYH?=jHOeQl2-+^JaPGUvq4`=W9(1b5OGXyZ%B8 zU1}(AVSrFChAr6d*Z*JA0sY_;O{qg)#{{}xv?LMpw|B$`;~?%5f-CXRTUxlMUtvC$H7NW=zYWT9U`nAxg(rn8$h0o3jHD?+#R|5cG{Il{?}>2x zNrhOj0l6R`-~p{3xYB9@Y@mGAG|7x34ez4JLG>|fpxR(J^VP>ZPn9ZElfFci3;qWc zE>yZu?SK?i9y(yFg1o7Eg=>&Pb5o(xg_){wzyFQG+*%+<;ad2`fAbt9N4y)EW8n?D z?(ZPMU;p}*e|;Y0MlR!$R@gPtK~KFmQHZ{05Vfdzi6W#Gpf^arLHBK)j_4hff~Xb< zOSJk2X@xq2QV!9JQun7F&=DogvF4&)6zehg_5M0iS*eBp5*0g3F8(Wg zjjF^TXJRBF&_Ua03ZHAcf}<*^bb{-@Hrc;7@^9a7`_g~NgBTjpcr(QZ3&lKhy?XwH zZ`t?@*Fmj-GJcJi#q6(GPN{X_(@6Bn*AU|?&lAZu2B0o_hSakK!gWw3;;U4t55sdz zGGHn21!^}s<3HLjxC(v|*fHf6hIMiiSJtceEEVY_7Z|zV!)i$;M;6#>LKD!ymV=wl zQd-XsazKO!^+ao94-%Qu<`jNOyq=gao>YV2?rlh}!;Q>Mec#u~B z{6No{vQfnoC@bmwmOS&pM6R_wPpY3df}`j2#x^>YRBAEkTlo90s60IdTZ$cC$_@AE zVnSR5T}43p+vT@V>-)L#lK3mSFy$>(Tey;@f;uw&N)s1>me@2$5ELpMYSxEpHc(jz zo^*c~%o7(SpxSUTn@z=r62h9ww?eY+r1uCYK)(x`g-S}ap)>uLY_6iD&^CWk5It`n zd8EmSfNDql^jw;D@g}9yR77cOK|^_`@IlH`vNAMx$e#%6CHN^2DkuY#{WJwK3aM1& zC*&17<`lFIY6|LO!KZ`gK?V?SrlOyEu%u2M8y&}wEy7WaBRnpxh}0eyMR>{YSkbqP z@4y;o(a;Y_W@g6fJ}DL4{r<=?B; z>c(jFxhQ`rns_mat=b|sR#8R^XvB*U(k=gy1jXA7Add9$@d;3EG+x2tm(!+V<4r6+ zAAiXG?_$=%;c?v;o3Yptt`LB1X@pfpcgnd^<_wckWC7zfU~5wr?defX@Ca)0BC-nY z5Im~K$Jes>n&9UhgMuHVh=b_0&g9x7zd+WwgZsfqTOSl1ocBv9W&`0$qx3>KYN#AX z;+^JBor_5+bDSbz*+ANuVwR@2IzTOt-M9)d7-fOE9Y|L}1}-AirwV_^c_;e2GyaBk zGPX)Uq`0)Zm@t&O=x{|0r({&DgZvrnE|J_vK{!t&ccLwXY6WEl;ESkGV5Wfpz3@6g zT8Tn7Jn`UH-S8{XTTzPT?cf0@2h_AMaz<&0N|TPlwpc>p6BRKLZ^5S@^~2^-vG^mE zyBEFRUlB00jsO(}$slrsz)=LuxKWQ{fucmnz*-FMO)n2n!~in#mC2x@7~G$dTNKek z-#{VDNomGB}q*Hz1k^zdybR99|BRWzh0QzHs zi^v952vv{xWYzhkUd3v0%ss|Dw=bbakmJDsR>@a$=r@l;lU@pJPWi_eTrGC6{F@#? za}L)%Mfp2Jq~LOGoH@eiZy#b!a1IIej~o*2>?PnA7ww-oB;MaYq-c0arWl{^DK-Gi zqz|;$P1pkpvbppbNgt}6knVzyTkyHx8VEA*2V*`-E4uw3+N1P35DF>2$d@?||$bV7ht7oKi< zphD}wFCY}-G0@Cg6w)4c9ph<;K?~a)Q^cXlUk_E3{()^f`eT5x<|*ePbs!H@0yMA9 zab*$``f*P=^-z?$c`~8AL^`9y042^5FfkP(1HVi7k^<3Q(rpgB^n*g&f>CWZA1!}V zql_*nGP^TEzefOBMfo#cg)TZFCgarrwDlCIw98$9i$2ekRazT9>t+pmYU)lc^e#3v z%zD<4$7k)tuGH;kwa&!{;Ibkr1A~(u9E*Eklp`B#1QnB8moM%`nN!$P`3*!XHjr$q zGf0PAF|9m?T-82mUu=8U^Sbb3|C)0iy|m8ggx#l|nt^hmM7$x7y-Fnt-K%x24^=|z zPXuz%E@3tg8*p$u9e^U~q=5yJ0XBO6*N|8Bx3O0Q>@7g5_T#-HD`k+QZE{?l5An&HyGc-)H#G*W^HA0 zHM)sm;6BI%iWd=U&^?643NllCQ5z@pS*Z3DDdeHBYZ0q>=cQP#tI zQB;_f`cqs0H9^34p6JYB7YtZ^1wl3tatuoXW=q;uhuS~VJe#T*mIt7Lw=e<`;ZZ~} z%2#soff(H5v}5_70oHvB6U!+IpSXr`>5syX&_|-KI)9mIuK<%fVnnF#QyU{1u^bP0 zyP48T#Dl1CJywt3R`}mBxv^6UWDHFkMCI(#nKzF`F`dq6;zt;w-Jlu(QlZ^c^l8g2 zLBMPn_rsY51_r$gSb+=kxwi-W3gw;x>B#Ic(mWU+>x`p5e{{k%K_6eimF4hl#1F(2 zMhgdM1^56&XMk>E$1zG7xKrxx6ViXxw*v3J0QM-Ad zta4P*&rse$;Al*+=3}sX7t1y07SvYyA5-@k6Lg<3s6oE_*eH8%`UFug(HWmOTKS4T zv5A?R@rlU(9}fwBJY@fm`zZV9)$I(?uL`fuw2|@!Gk3M6;Nuj5H`y88@^U~L(F;E_ zb1%~e!biIo9~d1F9;gjX5U?~A@>Jx5@iYdph>;TX@hCQSqd?Hs)OsT9eCq3UL|Ite zu7fHA3st67jlZeEJycsP!fzo4gAKPpzYlK*AmGMQ315P+VV?DY3ShP1D$32ucHv5`B5Z1vMP{r%q=pBFS7_#H z4Jc*;@CASi01N}hl%}uN;&;&#fK08?O777PzC$ZpsYUP5!Yj3kr;W%4e4SiB3ST## z)WT1}&%V-Z_nSQ6#lBq&eJao^h~rxo3V0Gg?exV$12A7;(j|fQTNd`bE2$6t^;tPt{?%+(_Q4b0Ix6VA`t3u(kCXn(p$4oca#9 zr*wq9Hp6hC0V9uWZ)A=ZssbiUC=v~i2K-_)7LNLfNc;!pn?(ng=*968v$)7FDLS~c zEEz2imsM0oDu$-QRfqx?GO$x>4;}{TC!XIN*1=DG=Kyf*T45s~+s(qj`8^SPA6YwQ zBJOI~E~U|U27&mJ`9h_N6yTL%?KUt6!AI2?g?>GmyeG-Fp3Vane_=9v~U zC=utVAL@Y6+bjo|1#p%H@cq(;BmABjfm}nujg4bH;m%@+ZUyfh%w7(Vt)~P12{H~O z#;P3PPT*~hxU2yBXm2$FXa{0d7_2^KG!3xn9zqxCh*c7E5Mkxt{-nw`sIg}eJFN>QXVrS1Krd)@*~JK{fNbByQIu99zL(5b1BPgf{S_8Lgl{qU zGz{-B4#MuO%Kx1MN~Adoy=D-Omtlsb)o}G&)%-yvo(NIhO&!s_zS6ZX;T;J}vYl#7 z#q#x8J`FPwS3i^(X8@wpB6iOo)sAl!)D=MZlIn`nz?f7ZCOoCrh|S=P+JiZ*z+wzr zMzszY8X5~3=b3SpG#%YxYebVv4N8Pp6Xan<;5WpAlqtO-rNUHKg74B>JuwaAt)Ac_ z@ty$k3KoBun28!J*A9ZRx$rg?RaXM4$DOY8nYuGW_h#Y?+H@WEOeczJGSxYQAWLiT zIYi-wIs*^r+e78IXM>IBk)7;bV1d9z`^VrCk~bsdIU>);$TQNrDdt2NJ3S_pu{~g* z7P8DlIBJ^qDqGv9IzOxWU3Qok8)eYMz_bv-Rk*0pV=$frjE>#|gTDbz)FIc6IiiUd zMVu-(){HIjA7`*;rA0Ghf&k za7Utm?|{P<4yeSwf$TTQJ+of1&sVE;i=7XYS_|a9Sowx^h{9YmM&Qhdm<0xp9hr=n z8S8A6CIyf)IAW36DLN_n;#h1sItaQl7=+uIu@qMe(_Tb(+)~x+kXO@9Q-gkwn6YwZ zZa^eR;Ef}WOx!q=hNq@3L}PS-?rN~827bMxon|L23lInqry}$R)N4ZH_`ZrgNqK;S zZ-luyY}=?uc7fszy`4PUk#B@?K=xJ52pMi@if&>)$i; zCsy|((|%$e!DM{Iw2#pP5l*f+uNr)uVJ=6cL#ZFUoQX+l6;KuXo4pOZ&HAxw9yT9UxejQ z`BcR;j#XEK#M}?Ys3ltL3tlz_tQlK?=-imXq0|O^OIby}%N~Jd1GVLJeHdVT`vA}k zF~BfgSMniPk8Z=?K?Y#Yq)Khl?qEogq*`HAjY1DjA&zR5fmaS3 zO$a<545x95Jz9B1qQ%-UFqC7cp0%ejR0-ox0K<-g8K8Sav0`@t^E6a>TcBLF1|}9k zy|Ida2s`mI02X2jqVabM#7|68y+tn-DP3qbREN@V9gCI-kFQni4j5lx1c24_lSq+) zGSGDP!WP}RR%nUvR7@oaDE!+6pF0h6AZj#BbW)K*2)}U3mtVl>3*#Fc9Kx1>LvYs- zpDsu8NFHy_^7#bs>Y|EnWRiHV5G7an7dD;cK_9z%T^#Qof zm%+zc)03*_u**bSlWbN!UVAr}14Qr#h4v6O1o}TN)H$48%cD;LxjGKPx1q?WL9hYd z{2A6NNJIUn0ak?_ANf=a-@^H|+}f-nqO`?m? z6n{gtC*%iCcR6r4V(AX_BthKS3=vI2P^ZUuqD^#aUP1)T1QdNHd)E@g90LwtTf?LLJmG4n=)A4yM^;0#(<#g0PLH?JX`mIWo5JrS*Xys`m7&@hFnn%!x; z?!Kd!7=YAsD0l(XECka=J?}6S$7NlB6fbp?!@(`ue0Z>dQmXr z4{h%{cobkV6l?=m-Ztuh=BW$n;!}VuXu>(BJL0LEyocr4T`|SC=w30hBPtxrI-!@8 z@F~OsctM_j5;@>$6(NXHHLtg7sqXDm=vzH?2^N$tkfKcX1mt>q@DK87xR$X}1~XDdG0Ime5cR`?HxEJynOcvw zH^Ue^s`#UNOl+8W3a4eb(s!;TI7#y1r z8j4vWn$pVb?m$ci>ac1-NnfqjhOq|NA-k+R=#URF3=))~7mXCatkzL6;%cdw4=&wq zt^~em6bu-hX~YU6f+gjb4Ev_}Eff(w;=VPp;J5$TJ;lKi~#gzPVW!UH&?@>O3e020CiJ@d0N6X zhEMWFCDN$Og`Y#@Fn})t&MPu_G8qe4gVKrzW$k+ObvZryn2LC#09j2$UM(nX`(oDY zg4GT(N*8f3kg<9aOXY%RMCXi5xQ}8jd2cdhGOxg9P9|~?!X^xD>Gii&SE3?TyXht?uvM343QG@zY!=|>=`DW zgxbM&AoypHKamzJN;$TTf|(D)+*Sd6?vU94#V?);nddxAEDg{Ru7I9J0}7Iz>L&*% z$S_fvsbZTKYdEx;bD4cD;&jA{WSu!cPGU6B5l<6X7cv?w4fdlHr87ETH@PzWpvvG( zgXFo#VoYP+F;;u~CV{R!3S$dlDw7dsA4A}8;lXQ61Al!Y)|NVqPOt}9OFV3WACX|UrruO-1Z7K)3tI%;5<@b0-32-_idAU(*{(&O3^Z-Y^1Jn62;7ez#s3+KC?=V2! zQ*ZIsQD718EzG5=@5S&cmSJ$|(0pTSIEGzL#A79{9aDFia|X8%Sx1txI|S-_R*kNU z0KzDN39gj_)M<*>Q@I^G2SIozIYR1@PRh~dMYK$W+Kzf9h6udN&_&6|(Ww$C&Gew0 zg<*@{10eK3N;aG*pwGillu`Rlf_+5`x-5DYkm_|6$u$DqQ|XFkdzw1eWQ;yi=DKw9 zE=ee{M>rIBCE#npR~&DghyXa8{TWVnOg&7kbP;LRf|U)x;Vc4(^K1|uGpG%b!tLZG zyy|?Peu=Rv-Z|*h3mA6gz=Y!wa3Nv55LSN*@}2`I#eCi&${XPn5nnjSdj&I~&GxX3 zX3Sw~xhql#uZ_5D2;-ndJSf9?!Up0tAS^&pTTk}$VxhwR;Wmb}fo-{;%)3E{jqFRr zL+Er=2pE$9JzWxDu1bZlE=en~ZL0Eu+5yzH^eFF%Hp2SLjS922gA;M0A&h9p0`gH6uPzQ4KVqpAf@=5Xxgs8cUw?N5Xg!popGbrNIJs3WV z03Ob^QPV)ZZp$d#E~f9;iOLn|5?Cx9cBC~7qZ;GVD=cz{qhhE=GnPciNu}sUEvU$( zE-(%HGxQ=BA}7V3W6BZ$m_z3Wp^NiqB66;FAwmNud>gQg&?EC=FVq&B4Hh+W`WYjt zF@Z$%Vw!-Cz;FAY`!_3z&dSN~A|p9U@c|NV*D5<%!m<1CzVP3)<@!>IZc>Xn3_cEC zVE%Bt)KA%miNh69-5tZn3XD-ZUO{x?*d;3_sk%G*O&Nwg1UZtGCQ|GK&aj(mkDLVP zUcbGIwa>*miuDMrEEtu}%0ixSqL+xjXeR-T_(FDp_c!xm=Wk%NB6hHO%lWxMWxAm3 zT`5 zgNCUG=`i(`q3|%Ivj>lnOCuYc7=*W*LNJ;G8f^pUVx>|kB zURdMW+og#fl1dz+pzK(~pcbjYE*DapVBq3m-bA0Zn-4-LyG0PsWUs)&0m9MLhtOjU zU;t47L_HepE6zk^GW0JdBxw02iTv>VtU_Z#b5kLXpp}!J%8Hf4P1PBvTsW@qGJ;73 zFJqWih=IY&J(a&eEmf&FmC6}tJ4+yHu|4=tgTU1GfN542>XT(^cY!~s%bpi3f<1V5 zutU;IvrKJ~UYZl`;8>HJU;`*-s><2e)xd&8?#ys>$C3;+oau`8A_a*PNPzg3l`d+6 z<9FvsGa!o~u9 zC2=n;(E1CAnXiFeC+@`+2?{F!0JeyTVHr$a&*C>RZ9da)VycS(u6oogGeSm4#ecxz z=5xI_pKBvlKJ1teq-?R!^QV#RT83>0^vb{vV-GuXHv=BhgG^qo$0ebNcU1*(MIl>& ze~yZ1F+?66%yir<0S|ys4mK7>1A(<7Jk>5#6Sl%-?aB{)62p^r9YS?sD^i%rpCmX# zOrxJM{yug^s65YM-b_Isr->SD2TTI8Z>ic2x+^TWctLlRMhAqM4du!#(xMJSzz#)U z%#{l(^iqg(pgfo&1WcwV=vq%TWaL-q1q}UfB%UL?u26H;vn+sCEn$1CuCcBDVFEZ zyNHgfx0JZWyd+ZmsVE5*cLd}$R8r?){X3hV7CFPx%ZYcf!9s!?regO6z@7&2)pMZV z?oK7IC^<89D*6wV{8=VT-h{qcMWz!a7~Nzk+YwWz)KDJ8Pexx|#rdJy0?17ken;^& z9!L3GAo3D0{HNHu17tt9CuPs~?6RJPm`+z&3FrV(o>nYhd4Bv#dl&?;g%X^K#Z29>`haVK@dM z5mDZY^=1tZYoY$RM06&Y|KZrF!8f7cxkoaIOW0NX00mT_hALUiN)?^5UynU=(U$#} z9NB-49RW)wZ2l2nF@;6}y6JdvF^}X6ajb@iREXOcN^uRA9V!OC zy+nXfr3hJUq=Q&*I#8iM7YK0C4n4cJL$y{AsgI_ z1LD#^I#iNxML^5G@}^=I)DDppB9L<}q|c*MrBaFbpUW|Rj9VFB#X@&Tc?3vwX1Sa? zVpyA?t%RHaeTeGmLoIs|3*ANf3##K*#E_z)S0P66dVY!8LMv*8*p9g;g`#jYKTw{@ zUX-k2wlHb+vL`T($?WEi0$WF5=7VdYDbVa8VDua6T8aMWCUng#!wLv>Gq~0}nEr<_ zVl$b&t6~iDEY?o( zQU-!88!>YOGeTxN#9jmu&IJwr!cUJ)B7qDFVlySzHP~Kb-s!BNIF@};Xd+a^RPkvf zkjRRUhiKb`isM0rxS_4$F}8sWW!s?~gjX`5FT}q}FnFysU~6o6&{tu3@k4n!_Qil~ z4M^F{bBLRQbduI?rR8D|_NRB##QmhYn^h~Y%j&3g&^y{4w2sv{5*<9;YaJ~d-SdBU z#oy%}isU2q9r;C#vI$j@8FSj@6IX{#5?wqLb~Dv}5Z27>z@PLBt>|)D^_hgCIR&g~(52 z13{j7&@|{NP3k#3br)Eay}+r%`@}C)<48y~Ddu+k-5vY|VZp0dD9Kt?M_M@~A-t>C zXcWf-sYycqK!^~uLV{-6my<+U?}|WO*)LV5X2oP^dC8h4YTrvA$o3YreHV|#HA2!)RcU3``e+96Of;#6O_Lh*HtEW8s z@?0s;q1~)mF=y$Ri3nTVy%i>)#wwNHs)ldJE(As5#@Lnz0H&C6s(L&O5me(ubqv;+ zbP`JpnDG7rjubF8;$Svw2{pz64pfn_j?~~X&_%>hOX!%pfV=L5qomw6AdkD1SYm~! zzNFZwTB?Q?L7tKId|e~`Chh%9W9r)sD$N?hHS2J6F}jL6>=x+sY6?=+F9P!es*F&s z=ptcuifB?lQ86S*fwqKAlyki+&(XzXE&zkvy@-Ykv;2lIG0}e0dL4;9>#pU#? za|GO$`}|Fqn==%xutESmRH?)F7osTvh~AIn(l9$3A3IuU{O4)@Toi53gVuaF)^ zexv~9$XQz$bU$HvcD7Ix^hIa&Fb!9gSj8UJ_-g28o0YwKy&heG zl@8{VG3z$&-6_N>QCg{epj#j7-ZtHRTgP;|jXP@zU!Ml*>ntGOKp0Tl2)K|obOaK@ zL&Totdr*7XhoH%mh@OL#q&SC$DT2tMOV;5EI}_~BZ4CD3I<8}UJ!@P?yL4sp zT(S;xuz9(vd}H=O*R%9KU|J9$3FSP>%9YTw?7ugWVgg>=F(mR^9A-q=fJ1Cn(}79|vj_xtIIsZbS`ina z{3EZU8K?}$U>wKch#Y}w?pLmS?qF$z86<3B91$}ju&EVM7=G#K*CnF7f`VP>yrfuV z2{`KjDXOj(alj&JOmfuW&^;4StjGy4%|Bz%CJw>IzZ3~H^?jmlbFV^YI8WJ#Sk^99 zM%T#C?1u(3`w-9>YG-?7PZX_$mVrx@ondHniJT&7<=-9^yxjm<8Yz`n2lo8tB?MdI zXM;Cf%ad!MnKU1S&Notr>Dz?Pu~d|XP%dIEYM>1o85H^?%;89_qtL~3{^ebBpt3wd zp%C&q@(T1HtSLbXaq1UI-uzuIFV4Gsf@03*V5B=@EVtyxau1B<3CewuLm=d*5ZepV zrtSl-J!XVUY`4!B7DGS-jPK8_j=Mu*PpB(qU2R6hnjP^ji?~xGakOG;y6t>wO$Z8) zNH*hWyqt^ia)dsKCya8t#e&5mz0gxc;3+XmTE5JN+6LptLf9ywwd4nT4-EDRQq1_P zEcJtJg+E#`(SHA4_@k8_po{S{_xE!CEwl>+{BH8_E>s1TfjH?x>gay8ov+AMcE?$c znC-}l+!e9bM!Z`h?((1_ci7Hs8@or;3L91IDxxBv!+-_K@^Z69&Q^F@CoV$lM+$@F zV^lP;^Ds@IB5Fsdep+k`YA4s~0e#WYvLaUmg3>c>H5sFr2+~s}n_-A-hInyLG{YEW zFV*B*?tjO@q84g`pk5#5>jLvNv-_Q>2_}-5wbJgm#u00SnsBxyVr`9hPexB42_k6 zP`#L?rNzlAWvvUNnY$4rBmPpPq#B#>G*=GAyo4^;2%!Qg6i64G4D5BUgRSi0iuo0g zuH6zo0@a~F7mi&KJuDcgH!_wXVjm9^(mD-^CE|^M_q;FQJsTuT&}lb23WjyHL)*be zXOBBr(xvA6$j~29XE<|VG&V;65PWhfO=qXE!|AhwVW7~+kKx@_SHt5H*t!^(+y zfZY*-ASV9@V0VU|+Gnf3fZ^?RW5_E5KTQl-Eml%&ji%t#Cgql~;QzkH{92D0@($#5 zDpo0#9|J5g%5TYm`He+>Uq!n>@RIpG`tSKI38{-i?RbxsA&>a_-{g02K0hcNcIWeh z^GiOzv6LScu{VN6tWGXmW97N4JXfrP7;0`o9Ou{oTEwuD)PYVqcJup%I>cPLob@w~ zOy)(;RhW*6><5Xl7#^b`xlbgMRN6zt4wQMAa#f7P%~W$0OF32OQb#DOVu=%+Khcnl zim;XMPD6t3l)!R?lmr%`&Pqv@@`C1=F`)ek*}2#xVtK-sB$ZTsvaGaUGF+O32~P#y zW>N41G3#mWxS9@T;8c^GYQ60(e98ti~+a15qDa^T#GusV_fi*A9LWvV4vT$)0r zeUj1AL9i);C1G{GZmHC*T-=7eD_Of<(WXH`?|+QJ1_9i}!QvofT8>OZ1|F3_q4+L3 zKub_hmO`d|&i9R_!ZAXDAIqZ08kvK*4n5~1<5o~Y+AWI3BX6le&XS&%GKP03n>k`tv9 zk!7`VpMf~hh)5fa5_R9^+Pm=1q5w|6>e>{;`$f0*>E746`;Bf1?`!US%BzE7JWo52 zC`MP&18im&v%Mra9+rq5C`c0uQVN1&ms9g0UwZkqCy7E;6CKzJxxGa@Te3@?o%Bi* z$}=dA^971i=u>;J+X8{{T0@&-cry%Zrr}*`xKj+2=2F%B0ijYP4}z8m_z(0m84*O_$|Be1pSb<2K=>n& zX0f3yGom*e)*{2Z)`-uc!d$C5SCV>w7^3G`pf~6&8eyx`)vTAK!9yYnEyjp;CW#W2 zM2Q^M!%i13JeDC3RG?3dONXZ$m7%(h;!I7{L9T)%?P=P_>t8)-nts{b@tn zU=%%RSWg+yoUJk32Mme_r3>$V)mf=Zc2?&Q9}lL^ItmVzj@Hj?kfp-I649P-#27gW zrNg3x(pg{?G@}TmD}roLiPDXbP4VZ^eqiChd`%t7f(_#1^$LN*9 zo1qIBfD3(%soi6GcbV2|6GdBKy2}tkKo)JOaOR29fM6Jf2tQ97XIfWq5*Uky=iH_XtFm^tVB_IDvFj+{z?9q3s5vndok-K_()&eWbVy~j=K3DdjVbnh|IigybKJHA1o?#Xwl22poF2ggI~Ria2ViDCCkc5s-S z{HB8^l=T++@h6fX!Q8k@m;HE#rOmXw>6Ues<^5v1`zX_2g!fMhJ_LdFiNK@WA&>I5 z-gp7(QK@W&=c50;tOo|_cf$Tz7ki=1*KfA8C01;KWi7No;^~$<+sc!8mIe!|yz&Vo zmWv_vNl)vYZ+)qOqN(b@o>`3A#13ftO67gjCOTcqPZC#Z+6+U?G%ynGvb439cc*2o zf+w5hF0oLZ#n?d8s+Dhu0tgD+Hj)>?02m{Aou#d}yhknTG0R(HxohbsYc%gR$O{Pg zjlKU_oXzIZS$vd|I$e%OtMq1uIeC;a#~zCQpaCt|e-a;-!*ac5KWkVUjBY}FVridS z-ba@8F%jZb%Y8df2!ERv-Jp#M7K#TsX(ADw5X+{e^)#F1tc{0FSk1Oz7@XcVNG+|` z0e!6&Gx#WF6|9A#ugcufu&-#^n}&GHKzI7y(tfhMZ!POP%lpi7Kc{+qra3#QUiPF6 zwtt;7EhUvgl}gc|ma-Whn9e^6U&8YFgMp3M%XMcmd<-R{Hx>&f3REp>m@7vF(o;dV z!+chXVQDF!+Gv_tdcJ99>e_Xtm}{bG?zOcCZ0~N{y2tizwcXonl;>96S*TYl3q#2H zY5YbG3FN#HyZQF(y0aBI(_p$YKbUMKRhuj?y%6QKmD@ul+}R?3g${^cy@p?5ZTjBU zez3iN*w#O7Pt`uK-A`>*6n&yQJM{ei4JK#ggw0+|&K~QBsJ}G4@vt@^H7b)jfY2qV z7`ApW9G(k?18hd?lvLMbsx*dSeFheaI)ni#=l**r4H&hUwNsCMWQvbXTZm~P?W&M> zdC0mVgkJCu+x-c}ku%PZy7yI}Z_qjRWu+M24T~uC0-6kM1HyO-BxX{QbVbp84DT3b zoX7!%tHf>%X(MK1tj;1$2^Q4@3U?AnRfjM*DBNX6zHn2F*fdLAX+fr25z@do-WsxQ z3wiTH?oA;y%6!9_O*zxbfl=C4to@5>zE~gpOR?O1u}FVID@ahRyHPAIi&a7kYl)l+ z&quKkrxh(2y$;2aBWI4G-C&6uEo_l<{%A;hEaW{HvK}I;-5PRNg#xNY?=+kx6t$I# z_cTq3=!6Z}@w73CbdpO59@1n;3)_LKJD=?Nt>3Jwsv$Djg;$_dFR8m#9!6@BiiOrTL#Frs$ zPbl_9$l65(+ZJ+n77F&R;k-tgIil^Cd9__XSg%=a6Lel}cO|BQg4(VWJ(3oj1E=U_ z<&iLG@*cuO7ijV^tP=ETVeP7L(dA+5iZBfZ$NkAE3L)HrP05_puoAHK)JFxT+XBaKpABJ`o;`@Z;KynSBUvxZDBZeL)f~Jig9_^ zy(XM5#?_WH*~%L&qG_bjViPQwoi+;KA&p70jY{Wx84xtI_`gs<7N$%VhFFqvq25K^jqTou=Y?mc5m3aj|#Ii?A~4|%nHj{NQLQw0_<-BBv8gAJy6E9 zS#luh%axzP7*njW=v1_|3<*_Jt#M z(QmGHwVAFr-LM(Ty2r-&3CPvTyKW!&UEp~86jtC2%zB9Yd>KOo_C5eR4SVbQUD&3 zviTbH+Ch2JQLiP&;y^i|uPoNiwqj+K)Dh@VZoWfhl^@(xe!(wW5z2QfQ1;HSSQW;0 z>?T)x$@QLhtruMHao2r<3io)(Sry6#h5MQ$B}`W%;SIHaHpN4HmEVlQ9g*))E(%xm zFNMo0vpuxygEC(%^$&!!N5kT=FqZo5uJ(@WZF8-+UGGKLeTnjYG2}c0)#6$Y!|+Y~ zrXauUfVLA{&o8dF&-H$Et)E=)OV|C1e)46=`w%~&1^0pcf_uP_I#c%ItsZ*u_l3HD z7YhFz7JI1-3p{O+7oG1}H+kL+FFw!25B2i;Wim0KbYWt`kTQ-)5(Fd z2w=nyC{zWF^D-$IQK2f7ogP%x)0}*7xx%rpj)-dzwp+W?(^h-YJ3MQp=iTf@7g3>Z zcAUA6v@Vl^5v)*XfOUbC))l5A#0cOajc_suE)2Ba3P@48yj93TJ(;Iey^`vZtd=4O z@%i=2oM?OQJd8p?MHI6ha=gbQ;)w_-^>3Q2dYlr7;@!YLcs4b4O!Kn{=$t$EL z1T)e@^h2S#NYPOzw0;O596KOzK7vgiMn4H3|H|ptD^p__I(LTi#8??FUE_+iE{4vQ zsP;SViZmg|eKaF3?>GG+t`b_0C+!l5=hO=Oimw-iH%-IqiUCc)-sT0vM#1$&rp=A{vtriln0Hw$J~f7NT^4bE3PUiZa^23MvxHu1f*1{1x|i8mvK)9w<$50F zIyPS}l3M$rTz+1rCe{N|D|YKflIqI2B&wv^Cj-eai5?SGUWr2w`D29WkMaFOMEk`P z`#h+trn}A+1;2;m!SNuMItYO<3&KVkEcO$Go8KP!7UVzTzF-uGId)bsnMK}(g+{7( z(l1S*ZF(morCpUB@e-c83^A3lOC7VOxQS^|ab?tlst+2o`EF!3#fqjm6?Qms>#&dL z4gFs^wn}vak4nS_bjIGu)v7g(!f#K8tI+;{GRb>(jWmJs#gd<=XB#uekgB>LE0Sj)$R2?6-Z@ z;4n;Aj?0&eJayaudtddpf@WLb6aYDkx03ikHR;-)#-X5a@LrmFp~Meq6L+Foy6D+EH;0wk1g9 zCH|%}=+z13BCfAMuU0wd%njxoXK`U{7lU4N1A0A?0MyJ!g>rr97JnACK9ANwA(YUr zN%+$e)|CnG=XiWCmFs8M`G)8<0mekp-_j_;Uj~f|1|z7kJJbFTXa<%&(1IpyN$QwXJUCSH>IjixAY) zlH2Qr9z(0)Yz#3e?s;wE9`U{BNLlo&L^Y3IkBp@(I@b%&kBOUNm`DHtmCznbcn>D5 zhZ5eM33pWjQ~8~qx6Fe~*Aq}HuGT|pPNnQwkU5FXtU%TG^Gbotxt~vvTCS?ni&5`{ zvM&Li<5pSkKrmk!gSW`@32k$t=(&WoG2uO$h(AU-Kk7O6AZWFmWxya{am11fLCA&9 ztzNFhc=+!E0CfeL;u6ZtBGmN$LQU`U!Vky9BSB5KC$t?2@6CkuR>Iqqa5qzan>_C+ z)RaW|^=+E1hG2#wJu9&j4a!qR72N*}AC)uIr=I;~OngNjol&ICF7mD}vaTueeoeTO zi}1-`J?A^GA*jO3G&f;w=q0*=kOk%w4-0b>u@TAN5YkZ_uqH^Pu87={u2ND-80~Uq zVGBC~d(l^llFucuz4StYKb^2PB*>`4-IR!|Pr!aCFjbHi-DIkOlqAKhInY#rwo49F zE6b(|r0|PmbA4C@w(@H1XUJv$s;D+AE@sDF5xTobyRWEtO_8;>2#S=&MegzNIHU5ZK;gjG_XB$VYoh`I^6NTR+FwYS8@);Nf|yGZ+{ z$osO$`l`r#ugHC$i27dCc`J%`AvVvHD+i6IXMC`EUlcZ8K98Ea<6=)7HtDl`ZI18F z@U5A?cd74A@$rdEW6lpz3?j%*=uQPL3JC?44p47e*}t>}MwUHktW=Hpv^p0{CX-fY zUwO@koz~AXcPy7bMeSeXVsgS2_KcWwWejGX^`cW=EruIfjcLrv76$<+Jk5Hn#d2rO zSqCSu)BseD_IF4;?5XVZ8+mkEtiZ#@QdcL$H3@iT-RWzqeeVw6TIqW?`|cvD+|4m( zZmeg}>Gm+x4&$ap3_qaL;UPRn_;gHQ1M-t8?fU$7&%uGCu`mIm zKI&^v_};_5^@#7?<-4mX-@9VY@>sx(zsxQHl$CQyjgo3k)|8gW$;T|=$0*mu|ad8N*}m~&sOCaBN{4Ev?1PsGy<-Ez9JR_|J3L;y6Ge>q`y0 ztX;=aBN;1o?3(}h7v9M~O$UD^TX<#7e}4BreW{`C_xqm)X=TYnOVc=-k{Mj-$o~HK z{~{eKi~E$gc(-%%5YX(f|4-AgQ?dp1YbkALJBF41cWGUcwsKy5d!wlA3AN)2)wo@a ztx%n!8ryjTUDo+?ru?yDjfaF-MJIZ&SEa)k7~+E4e#GJ@itwio285%&#!`bocSh zFLd3@vp>V)+5L%Uex&;!c;G}@O{+-fy@XU6)f178v(e*8! zeUsAP;F;Iy{xzO?m9DSw?8}tCm1nll{YyOaB3(E0>?TTofoGnl`;9#F99=i??6Z{q z49`4G_fPT6lXP9rvv4or?h`!oINd+SGmp~s5uSaR(jVfP2kHI+p1Gf{_wnq#lztD- z+)ejud1eh=SM%&$l)j2*?xg#bJaY$KZ|B(+lztn}+)DS$dFB?nF5}syl)i*#7SsJA zp1GN>3wd?{rQgIe^XdLZp1Fap^LX}pN}tO!*U|kPp1GE;vw3zFrO)J<8FYUQ&sN}s|rm(u-Yp7|AXxVw*Ke}MwU-ODmR)BR5@^CMk< zVA<~}{X3TVmhS(_GXJ3KH!S-#rSD;x-E{vI%X~@KT`cE6?HC5&FFt0Ok6_v3e#j2_fZl$e9rhl*y^|gKF5SPwGJmK09W1k*u5YvKHcEes zW!|LwH(2I%y1vG;uTuIeEb}tmZ)KS+bbX0sU!?TSEVGI3UtpQ%>AI0+pQH2*Eb}bg zKf^Ll)AcEqeUj4Gv&=fWe}ZKmr|V-Z`zWP9!ZHuj{X;DCAYC6|+50K|K9;$c?(bol zyXm@?W!F&pYL9gAxs|TVS@sr6U&b;^>3#{zV9yx6 zfn{%|^o1<5fbMT%nfY|Rk!5e7^m#0EJ>Ab`nd|5}hh?v&^w}%}#}V`fmYG4Sa}mxLW-ma>e`U_c z-{)n{#rZGUbAZiwcFS2{fhM(_S;?IIg0VAUB%fePt`Yw!GfbghDW6TMRg z$L}~QQ`UB0NbmG}x}?wVbO`#%{~kJwlKqTeG#h09O11U7-}~YJPCA#t|Kb0Qaa|(k znrg^K!JPB&*AB8A|4-lZ0@?fs6q z4t_(f-fwK}EtV{%9P$F`31 zbGhSuAgK7Qt;hQ(=1%bclsm~kx%JQfsku}9iMiAKGg?pgC*{uc&(59Y|E2XD|GeC} z{(t4p_b+U{!2fIRBL8o>i~Y&0^%8#y%U#O+sVsLH^RHm7moxuLmYc@>t5|M2^RHp8 zS2KSm%gtc^Y?hnF{5h=kTISDXx$BrekL9js{*A2l2Ik+ya`TzLkmVLIe-UfFnfXgt zZZY$hvD{La;|yQMCfvgO+t~59GXHjV!V2cEWGCFg{8cP>C-Yac9B_cvveq@szlY`S zX8wIFcQ5lFV6FEv{~?xpkok|W+{4U&jI}<>{3lrMaptdQxpmBcinTt;{AXD1Y36TW zxo4Tbk+nX@{1;g6dFF3sxlPP}iM77S{H-jvh54_r+{?^=jkUhY{5M$cb>_dta&I#K zZPvPt`8!x{JM-URxxX`iCu@C|`R}vbd(8ik~w*=KquB{=xk3SngZq|G-+mXZ}wt_apQ7vfR(i-^W^iVg6*E z`<3}qcFwr4Lp7mA3LAN7xJ+Sczh8bdozzO;km^;zKoAs%HzxV*jsq~Ha_-N z9>1NBUBTlkdF~D#U&Y7W$zd_r4Ai}jK=p{Jj$Xq%8ipAIs00228yO2Zks4m_8eR<1 ze`IsU3JDq|H+3V&4_HL+@^7Js!j>SFDkjy1fY-e`!` zJB>(78%?pa(~LBDrp3CHbw9LQy62%intEq?rTb?3r2A+4H4V%RNDs~oN)O4lG#!)~ znjV%pI6XX@Y072}NgtLuG(94Fc+<$t5$Qi(_b>@q`_*X z|0{cb(}kG}(qP2Wf6HFnG?`^CNlR8OJ(XoIV@+4E%;hXCnY#2bR)~$z|xYXOfO{F1*~Zi%iPS;lKD(8W7(ywX*tW> z!qSpWP2bM4D_GM?mbrtaB}1ED&9Zl~rnM}yhNUIzo4$`_?`2I7u+04|Et%x>BP{zc zYkG`j9%X6CPN&zi>^j!;6w5rx(vtB`Z(!MHS<^PL_F>rQc_n_gMNvmi>S= zeN19T`co1?(x0>JXRK)#%Y4DoUy-nq-ovuHS<^Qx^EFFLu_pZ;%YMt6eqfpJSy~D} z>AfubGi%z%GQY626qV9bc=l4>G?iyA<7p{WrLW}KX}swwo|(?mQv6EKDJG_G3ZOT6Vp-msOoY~c;B z@RpZ(!)tultGv@2yybPCev7xf$s2(Ex{WvN;4RyE!#jM~-+8Bw1YpgZ;(?+-YG-q?QZpE=C4l$AAX{`~pSbkQ*BCZUHVn?U0Uv=PaB{N&r7` zq5z(ZoocLt5q?!Pg-zP=iWna#@_S(e1pa*;MG@4P@WLB{?@oA>AVc)=^%G!LJVNgZ z|L6x9+;YSSxaxB64z8_&Ifn+xft+>8lPhr6#m>*e@GX)B*#Nv9Y$Pau7I!j^kQ&&J z5OEH4t3woJgj9My$QV3*ghz3b063Y_hr&Nmq&D!B+3rP-!ki%hj9nxqk-cXUtA0CD zvlNdJ>vw}4s-{8OdVHi;ZNM2H(K=s!A%$>KzI+wI)>8S18S`xyEh9a-tdu9kyarP zrUjc&gtzDu|XXd%8 zRx!K+n=2$=P9|f_o#f`QTm*Y%6VTZ>qKxs8Y7f0OWI5xEUu77a-eL{*p|%3Y1C^;} zC=Z9z^-Y0S)m_1*W;eO_!?_CQ(%o#hVh)DR8!ol#>m02!T$#z*dnIADI|$Z;_jmh{ zFR6(*0Dvtql9jPItT^Bz27p2%0T8STt)13IwVOf%h6jXvKxIQok3UqL$%n#K9gst% zAv{aLu6YwSc?V09y6knrY8Z|JPUaWDYi2S}$a6}bi{v@>E9?l&nOu1Wx|RkYs}m%* zQ!GkLwIZ$B@)NNnI@7^osRWu&3Amg=YhQDdy10fdsfo*TQl9rQd8wA?c8hE9***Xw zse zJ2!zJ9Xl3Cj&_q*G)U{Ig-VS?hth)_-aXc^fc-+6`dw&4r9#&%!q{ zRKx5DXu&eHvL6PyF;Kc_rNE*HFJ+;b1j9j=Fk@Mqf0wu7??w;+4PbPRA`potK?XYA zumMIs@NHNeOZbaSS_;Wsd+#_HF%@G-Aw~q8OIEVJyxnRzlSo6gHEQunhVXsuI5`_t z+^9NB$!&zPeUGucQN#b>>^=wj2$F=}N$5Qyf^-4`QY-{PR7Btp3MdGO{zYuO-!pR;643wWec$9WGkd3; zIdjT$p89*XhvKz;=6(}fyNpYNF}xXb{c;RKORWqLJtD_UIGlL)VZhtr3%!;XMaJ=U zDtDHk#cdB(}$xjUN$@c$yG)k9l+ZWQLGdF7PbT^`j_*N$p?8~ysoPxb4>p{RKmqS8)X zpk|)0&_11~W}b_xJGEZTTxX7J)y#9u@!M+N+2+2p)XZ5;ja*^z~r`H`i0#Zl#%b>mIihF6W^%)nZ=8{9mX0M#+v`;i=y}pFkmbL3N3An~Pav?dq_=|@YITLx!lH-98 z4TlFR?CfyloO6YJl^E^B|Hq%CNJOV(zt<`IHCT0Ezl_#nn#UYA+9_t(yq=|w9OH~3 zZ(RR`p{GV4GXi8}Df?~Z_nW6XlQB~i+=EiEPZ z%jE5(tk6#RBcVSO0P%#smMSNID)X;ORT#H1k-RUF95qxZ zEW_RP`WH%_EA%<6p?Q6A)v``=QFuORk|$nRWEORJAsDWCccPQDzi!6EzVyoOy|OQ1 z>1W8|>XZS_cU$GiQ6r!XM0talMsk*HX+#T)bQuaU3dc>{(Lg1IGL|D~jLG;7qvhTcrl3#dPp8S4=c>bXVBL zmHHi}TFESVklhN(9(S1Fp;qxRE%F?|k-!-$P>oF4uag4DaEXaR3OqFUmFNTby30X; z3ua|h`q+rjP2OzaEUt+i7G`V~)2x>Xg;Y{B1oawZ2EQ)d=q12H?x5)c4{zHT0~4H> zY$7MKiLw$h69i38;CcC!0d63ta%hSO?=d>f$Gfadxq z>o^Xk-&Pys2us5>Z1iwJ1P%iGU)mdMS5kN@YIlTe@l*7XO>^3*iqm22L2|gx^s{1` zHRFO>T8=sTXF?t)Y;xPtLRZ2SRkrAJQ_pI#MY9JQ4}{G$^X3?kgWv?F0CM#`ZN1_x z#CM7`VtOnVMwj?}mCH6>Yg2a=s)IsE;~r zyY)Tlq+fSb3t1@s3QypE1V%;~oZiW8i4oq&5-r+mklLn=7~Rt>n|4m+YfQrRshCMv zNR!CPq(bzevs!Lz(M7MB%Xcmh-c*- zq!sXK3H3LS9#sIlZM!X#)q}FBh?roS4$y*W#;0kc!43{OV^<-3C?qMvq}`a{0`ZfrDgixFU>k+e z9UTPaHAd$y1e%izj|;vHeC7hS{U6JWg&8kr?^41A&z3?s;a%^5SU@l1T?($#)+aJ)>UoT} z)H5}0O-*yAx{av@P0q#^f1u=yV+wme5}75udM=doUg2!-?SQniquMP1JLyc(ViFR7 zd0+P{k$G8oM{(O8-htlZ!Z}C4e|mud^#St}m}wyWeDm2Tzy3Vw+$y{i>>lTM?_^ts(8+U8Iri>}Js7!$9h2%gr{isAXyOgq z|BJ2uWOw}5wqLdDwz=yhx6zULHQV$<+z|bCliQIXIdJf-^lnk=W;H>M`WJb;3YR%) zUV-x9YNzAJw*4Fl5|p}6fxmi-R5!~aH_48tZ2K|t{)$VYo2k!UD7wE``(8U`a#cIB zWr=sI846`@CPQJ7)93-{M{{g7KH_@SkzeG1FP_fZLFULWo^G{!-QC<>0R(eVp^9l~bDW#al=YmtXS5)7svS6!p%ui~d7>7u&XbT=r`&>?Fz=N4DErSLX_m81GHU z>Gs6dXE%z(WN%8QL$ABnCcf!`+asp0G4;L`wN%64%V-(FP`qQ)25{w`o4In9+|7}N_WY5w$~cb zjk*$_G<#Y6cXqOu@_JfE13r76RLqU#-Z$zt+rc%!)4>vVbUauF7f`0DrJz^-V3Ua@; zb6cF$cyITpT!;sAIgq0cRPWdd=rJAq!b$!is`I{+zEI~kg#CLv=`DFCsr}8>h9?Hs zs_?9mAi*{F+%4q1#DU)S_JPie!aiI0R|xg2a25uKcuVXA04|&ZuH6RFw=TF) z5JRjo`^s`w7V7K--QAJJkXTfuscc0#vd%8&WgQRMmFJ4(C3Tm|av&$5NXxP{iDcb# zBDZ^X&zvvo@?ODVn@c^4?vmt<66QV?WWpp|>-2yXnJOofF9>f}cTc040m+HPeg1T6 zr(`~{2i($Y@-*jFDPEJeDtx>U8WPrZ!2|>oB`5Sby{b?3R{CDl~lv+KfP&0L|fkl*YClnCJ+fuhvO%;2r{?zCfP6yC&n|N_On=aB*3hw%csM% zZ;#H4uo*vLv>O2tVB}G;EMLDsNqxwEyCVAt-4?|_9r3Qfp*vVL!P4ZLc`enb{2EuzEBPYQB%aZP;g*7)4C=n6S!O&LR%;$Nr4W!&d{QkaJ*(t~6d zbG!=`BD}g;uzSIyWeXAiyAzxbf*na7pHq6Qy4U0Y9SL__(DT)g1g!4Cz>*8t-JSFf z>LQnCE(opjG7HZW-T#z_{Ew0cW&SBA{zI~#`y1thQw4UW$n2NdtKmiE{Txj4QKb6H zCNhoT9A~z^PNlC^`me${!T***2Sv6QS$IIQz~?+xw1LR(LL>WfLqG>ie$*sTIUZTc&yMemkJ#O3I z3`hDmr~Eronl-{b`LovJGh6MuQ{EjZ&o82X>;9MXSvpkf2H? zSm@4i^r%a@bE_UVrJdu(Wtm3ry7IqYzf{=iv>doxM;{f{<^@^eX){LdjX&!~VNZ7t zPafv3aDv3az>~YLf+n2@uowG^*>v%HAlF1+tZH8qjW@n!ov_Ell>Q0Lk@o@i7&q8@ zNL;8u9TpvDn5R`dUY`-_EK~i=y|#a!$c``^E%8r7gPBkJ9uJj7hqnKy{^Mie^K^qt zS_l9$Nh_AjT%n`!JXA8DVmBsb740ll|W>VA0JEpY%=Pz7t8|s6_*gbBrGuPYBpHNIXA1GNa z*CF$EXO8pE0dI*+i65J>whd9}%IxAV0o69M4jmTm5Ul$RbvE6Rmm_}le>K^c$fY1h zys_0S&EEI7ZPk}V*2(`|CAN@b(BRs6D6W!z_B~NNN2;~b|D#aviG^>Op%n%JlU=4A zH!a^5>hgs5eNTP0)3GP2DgI=FlYtQ7$mA2^4{p_I{qt6* zo)I6q)&Gr7WTJbX5kGUQUF612`JcFof)4^D)Nk~k(C+JY{vH8k-;UJUKh$ypsu1l)SY}%to5p7YshtE<$`wzS1YE%-{#1{8MYe@>a$*EizlD;ye*!m z#q(bCi(c?pj>xSP-#)jn2b#&idpI}piCoUf-jvHraV4qbhpuF9$#pc&-fn?xe43IA zkV(%AAI}AH%9WmXn+Mx;rRQJe>9ct{ab`~ZBm3F2-kG@$Pu%Ra-R2R9Xx_NhwF`11 z+owOFo1azWZRA@_i*zUdBDSdN^PCtJo#;(|ES^$TU4H@jr-I*X)pQ?<8_3n0aYk)$ z&GWsr+i#K^-RiAFw6Dv%%@D}i(5ey1*@OLHa@#Y7hPO7!Ipd_^~YiU83ZOrlb0%za*v_x%;*Ku}nT?C&dV? zA$hM4vijLV$E0b9ruTX?ZC)g!ZZe-Nde^JEG4o<>ee+mM)qtb|V$)@?fv`x|empGr z!z4s7R~}I8hOXS2;u&)#i{9HDNxBxFNRg)5oB$kS=!7X_6o43?o`~--cm2u{5uV>a zq&^z_H+fZpObz|=ZYl2}93vA_)%SL19uU|aKlOo3n{b2vNNUHHSljA9_+@eqaI!$DX$U?@VurS?UP}-}zT3}+R)?;xM zAnU3pL}g}m=*Kgnr8>;~$a3Ww(Yc_k>QuqY7ns(fkk6~acEZitIR)#ia-*{e3_c@^ zWPBr_xOj!=>k#4SFOSWPL4P`E$J4{u~g|<~7U}3x;m-=623$n;k5{{5@32;?u+q*{Fiu>MvsZ>TW`gqPD&2 zW3g*BSD&qyV#UZk%^e>KvFFOH?2WG8B=IS!?QmHH42$=`v{()CwDZ#-}nQnOsFCbF+SB|;ufZQ%%M~=WRV+0b<2l^y(NPeJi64Bv# zCpugi|0+d4D$)M+_|#eP;lcQD?ly-X$G^^q53g|G%YI2V8gV+-P*7tRm=qREaR%64 z94!}$MVv6(sc0-Xxl~*tt#`{~j94j)y3X^GGF6ZzZMSFc5-x0>Y(Brd^n!BZMIv*q za8Tr!lvs&etFNCF_EUmYz)i5ZD07>usKUbJD6gkT5WFDW73ddkp-`+(BvsCtYL6_> z^Xd||mn}mpZJamqnEdi2h0l`pU1b{BR>)zby$la)zO}scwsPaK2`4X`Z>}u3rP8SD z67}~;RL1H_qg&;nyy>WWMe9A~rT3N_8=IdmZ~p?h2LRlVmA;;HD+|x7H2OW4R~B4R zX>92Eq`Y8trO`e3qw=D^l^c`I@06FmTW-wQ$>eirx}<$7kC7mrE-pHx05!2M;fZ8u zJ{_Ht_chsR?)jBSt`Y93B6Frtq3Ti#RmMJ5B&VkiU=$d&(0gV{*yOM~jxG9iAb(tJ zPJgAgU2m40{rK_snzsje*2l{o?SD#dwQ#ra!&wEQ&##0#$=@+CKDAyX$A2t$ zV{^OYJ4+MumC_Ey@#P)sE)dE9&+_sy`b47msMce+yhQ`x5QN#$h_5pNB|lYrOWj@k z1qlq_NVq$w*3{DElyLjtXo%pV+=A?)!h$@W)r*Q#%1i6IQ4-kBV$#utq?bWMjxE_G zX;0QkiWD!yhN$kgHz=`D-6l7H4wJe|;=8BR1m>cKxBCv;~XkIW9FNHM@}6_qk3yK${}%ya6-&}e2_t9xkP@) zpt9tn{b00j`;J&-rQQ^FGb~QCvrbsw9I2CGF_TVbNWhVkZOQhOQ)zB&cM7e|g?83c zv~}4+kh&17~1xbKnLhxM4RX|BZN_ljpEo1LTnVl z(0+uKdRkcb;?3BKU}ol7rW95~@{~nnijmlEUNIRz>g|jNlu0voBPIEndb|%urE^xe zp9KSMlUmz&Rw)uqCK5I8z{Qbwpj9WQ7=OVWnW84~WM2nFzpgiHg}Yi;pi*<40*fR! zw2-sf;N~20k03Q-_>v&&9k2ynnv`U%n68qtJz+9erQ_tJcxvF0*8)C$HTK8DOHh6t zsC5Ie8Tp$OdK;|p7;CN3XGGp}&2~Z6ko$LHMS$YAb1jYC(lO@?%;RC;T}%In?Vve>tpSS#u59tb)FcnWae?z>la-*3gvVO1Q8K_Ca55v~H_qdY(E@ci zbqiLJTJ~mPwKW;HQ=Ot}9Z~{#6AqPra*bTHVm6;{a9^7=sWdS+p=wTJIT?KkIHfB|3vWv`h>XCF*LX3bq{_ZZc#$K!M4fc=86U zw<|0Rq1IpF`|38}BvyBwAmvv&?c5>M_52QR5M(b>cZu+OBDhNgE^aO3c_UL=I!ZZ3 zLn2(phj!hPb(W@>@0num74mzg7);yunPTo2cptOcging#si+wFC^cr=sGCWc!N5u5 zfX9XYPM zwX}fWp;N~)ZO;^V=wUwO4d%7`M=#v&JAzL-FnTQsZtvu^j*~JL(&)8UJ7c|_uKD6? zYbK)H?L)7@;cCkKmK~TY6X1GDAnQs02v!5o5=y1#1 z)jEr%H6;Vp8PkGpXg{6R%;iptoISN`(jPq3G|E-Nx`vY`(XUFiMay0;@bQ9;2+0xg z!cigJIAqak>WVnysSJ4aN`X6ELTxsq^s=0(acNn_!z@a;Li0{OY&L5m= zG6EfHUBiu|$zu~WiAkbJdsZ+RbXs1swJDK))k(hYkR=URf1!D9d6&s_vzv84&!w2H zwI@f%Pd2cEa;BoA)B!*!8F%}ql-a+pLC*L7p0LjH%NeMH?`Bgu7x!2+CzugjTsk0@ zzVUy<8>-bF=Ivo0U+Ti0Z#+r4obA*~Y_566M^0to!-FE+0Qt&&9Kq0r!*lPiSYnh@ zKEg;nnd8;5GLK^(UZsxo4^xLX9A*+#o9vNl7jAYBvJXfZ`9bP^)PBbCsQzi8j>B_u@8mwg z%A{)_92~*^sBmu*J15lc>Tulsm_PRJiWGNhMK+@V+ca;?M_*ye&a6V^v|8X^OnuEI z|4~!sWSSu94G}X8WRQt6Z<~S7jMRy|Xy9es046#_)K^poJ~FD-KElUJsZd@dQ;U;MDwzz(U01L^NHWP=tiO^{^q*{U zq2(>KE=n=u$k3qqwcNUnUs>~Oxh2WyvZHlp3ivK_f?q}J2ROyUta^~WRhGBPdOL+I z8fC9?nvzD5i346T;kM$C@1)|t8(3*q@#*wgJN{v9me*lj71$sjCAD@9dF#7W_D;0C zS0LpBM|}8cW?Gm1vse&7a{(^DXa>%K8K5 zW7cHk@*L7DhBWQpm}K$1B`E>BPCMUEs$2OT@cZth`hGIFI~jaG89Jl%aPBR*=~gsf zW_ct3LZq#`1@BQgNPZ3Ldc&^_aSy!Ij< zF}k8e2#jb>FE;(ON$6KGj=K`S_m^<r^p^@yiK;c1kOJ6K&Xyq^pU`N7cmt4rj|hl9M(JUOainzX?{sAb{l z$A>;5{S78`szTyse1qRY7u5Iln#QJVdFNilbj==2rBJe%6KA za*^{h$NPn&e(5ZD5}6sBF{&HYATyPe>Q%%{HUg}!5}pR_4oy#HAe`VQL(BR*P5_n_ z>Q4}7-Zq*g1&Ib576D{20!T+XLjoZqe&Eh4Q(lMe%%@{&dkpB2Owt@wK5faJt)Bsj zC2nWwP3;;DuOP803@j^ybjV`PnvC0u^$It+n?p>~LZtji0nbPb?E6Dfkd`8T+$i5d zqBN3bc%MLP6ne*69vHeGW=RP7ym|I#p?IDbZT0*MVI87J4bk&LLF-brOYxaD=gRs% zdd5Wk3o7GBnmY4_y+D&SnidRZnl%C!7(Tmiw_e82*{ngi_RVR6m{P%AX-xEH?J*4e zUhx>(39UM3+I1_q=2NKZdhtVi5_t4q5?I)|&+}-+!E8y}Po~4C(vD0Y=pK?ll}EFk zpZ2}t^KFlRgy*h$(m#3jum!!Ll8>|`nKdP}ECt)Z5J@ucfBjyH$eJF~Ki`z&D z5@^Nk^j$noR3e>9C6`;?fc3Ln`s1kL;d^PGOH;*AK)sH!ew$05jeJ+e44^K_xEE)f zOEN&7r**`XA>TT7pY_*V`pTi3ZppYeXPjHON$z2Jdst`X)88Gs_Hf31DC0bwDQ;T; z*~6JoZ^VAHcgW4ANl?|d$iGPIs{C-mP%aXRStH%+@YOC??TU{tbHOV=lxuk;*D#jc zs15qh89Za&%gEnn>^~rU00<1tGlI#`f3+@~JTDt3r-FD(oLuE-C%bE{?Jm`EFYO%# z@&8tuu43>oxD!w*a+;37)t97sHtUWHtsoL{1%ZffYjzXZ#zaSk-2^0HvR)#^;u?8^ z_3wODC-9r`&&jv0&lfx+zc?XY^O(o#jE6a+D=l+Ps*3*EX(Pk9Q>Sn!cci#FD^l*R zbw;EL+Fs1qgJdrJBVSPbAnU%74S#DU#;w_SV#F3Cw5CDBP1)3UzHqj(DI5MG-@Y+l z*pP2NJzp3X5V@6g!{N0FfE#)vTFy3;%eMioV#Rp0L{nnAzKZNV!kKK(bh_;A$m-{! zALX$oeV&pROOWMofJVJ?8ZrlSzK+q|rqZcqvV(_-5~=xOMK{qCL8|cCuS!0wZ?6;@ zn;TAG4h=RL?rb~j%|Zn^7mmtIoHkl9;?B}Bk2TKn_Ow2T?&u%7V+?ngNV)UmCni)b z_(Y6CJQ8An1$A|?7ZF#G(u?j)lWh>zWyLB(3Z?k$5$tbDQ7!h}(_qt%MqbcLQR=f;UkkCLa;emnE66l3PW&*FIyY&IWqM*JZU7a>Kc zgKXLMWMSYbQ}JZ2;#UZwn`#xGqFdyE+|}h$6F$h6bw;hy{@^|X9t($O>nd;_(?3!IU|2)i?$4vgGpdz6ur6?@ z5b$F-cVXz7n#DJ46qhC3V1}4F^Tf_JCO2H6nHB}kxC_LtpF6Wi>>i(?)aah%a`BK8 z;vm&PmOYd9%)QD{R{{{tt1xJ!u5x^=KDlEO2dMr18*O!yz3@1^r|Yq4{K{6FY;PQ> z&YZ}Tq#AWJO3FZ&9ebVQ-W=k@c1`H5H@|}QToHE{L<)Dcxpi0VBB%qPY1nFeXFuPLMp`x<0=b8bv{J>>m`IKc7 ztq<#lOYvx-w$wfXA5=k~Gdx-2<*ql=9d`Lt+`HgUIEzIzT7)Alllhf`gE*6w=S^+hS#Hqct)lI_viwR>{=S%a7t)ExkmD-Zr$>82&QhcgNYt|g zjHzQlWqF$d8p7^T!xxrG&urui2tDjpWQA)oAFMu1TY=JXK zh|7)G*tY~eB-5L-{9%O2+I~JU#<~O5Dq*@(OvYz;RDMc2ksVUMsREDCxhsVzq7*j@1yYgwlI<&=v$mjPNVS%mA%Y9ys z?)fEAMo#hl>C6amuzvs)ao_wAV{rZ)A&-=c8C?iLtVqp_FRz#>k=U#~oGh!R$LhYP0;yZ0kD4qNlSsZP1nY8~DzME_<0hvLVv2CdmWp z$fnV~^}%jxOq#An^+Bw-qF!-UT9#3-J|LAmEWKT@ab#_EeXr6~NvC$MX?#D_HFd8> z83jVYPlX=kj$pm7X@37jXX?KF=**F9NwzjN$MT;P){oIr>j~u49^HWtZ&;s%Tm^or z3GZ>B*lC*(oPi6Wj*mv6cwxj;=4d$15sqzND>m3-BmNH2;Zip`%!&4W(Z2P+?2{Xq zT>hh;I2bxHTAr({YxGR$l+$RRDR5v%IU15JSWm5ZIXes`0(OR&%mRTHxQKhs3^gos zXwu92iE&;(F~i;jd{Pg9$Q9-Ovgi#bMe!6l#ZQ%R*OJq8^W@Yx)j#1jc-?B~-=&*4H2G5@>O{`}b zT~b?kIRNxGi3lA3Pck}`qy4|P{xN>53pa6rA^VYUUF8rxP8g$cFF>)#;713Z!nn5F zzEgzY_55AP^JV1%*%_I&P_P8{Tf%u8Xloy}PEzL2mh#^s|1XjJJ5qS_sZw4b!}A$g z4$G0BDgILAejx}m^z2;rH9^#xqbqjCt^8Gtq{QaX{t)!TbX@A6g#4|@ zzabQ=Y`^vQ0^4QyF)xivE#Rz*@11Mchd&g-69Ut2Tq-e`DBU50(K~)1OsyM2`%&RM zY~JyZuz$ci;C86Fsn;{2@U*ah$U9n|6#x$h;2Lcatyj}Jk)QN4emvdY75XPa{a83J z2z#ycUO+@QuGl^LY5E1a5t`^vZZ-PoDX@Zh9KTyRhGIJ1RMk=~zz9m@5PIPWMDOQW zG$Gmm7EDGYDLa9Esc;stTqL0g6W9uDZ5TuYyW|jTBvOzVqU-cia-A0I^H;qv%!eDveo_{aG?)nfS<6sGC3%qY+gHJorB4cByzNwRhxGQvWa1#X z@BD+5GTn#0V6MFcdWCJ6bV~$!=MR;8*Y8DSo8P*>JUV?8N*}MZz}epS%gcjh(w>iI zz*Gr8AL$X|Z71gMq7t7D;AQqK4-fKiwp~;!;^CIt*WRhHqrIF@+CBN@@JppV+D@vK zF^DnAo`0nIkhlcmKeqaiKo-vs_SXx?+sE?oNtyK`1Plyd?R6wkj)=$`1;X!PSii00 z*;3pj@Rnd8;H~7GtK`px`>^yG_xB0!CE*fFYAoyXCH}S!Uf_2_3KgT^eW(qwd=5)# zAgU}^u)W|>nNR%&3n9!AgGIuYyr-}iW2AS{xJx|@ULvi=gQ3#QS~=gFi@9MLYL0rg z4z{#A7E?eQN#!3C{s60f1920591Co1Xb};J{Iu{0-}y4xpjp}rY;8DroAI79X`*%C zzZ471&5Fg_$PX~cY>TlPn~-O?ndmo}V0ciG7A(X04$RyNyR62oty7e(*S+Cz@g%m_ zK59Jekp2{DzuSkUVH)|YMD9|pw146D{9iuxbEwA;+#OO4g6@o2sg}|U6hn-13NmA__aOuJ8p*bVJ8P2rv&+v z19eK!6y<~J`6MMrk=zp1Ny_zaF!|orx{};Np}rF4cr|{y)XRti(BX9uB(JLHP<$~0!yj?Z`or6y$*OGe=XlN9w4paI<3?1w?Rn94`e6S=j_ z;!D+s>#xd#YW_Q9vSiur5GNvsyv3dRH()HnH6S!QJ| z4hD0JK2B0)@dVOR`L%?fZy~VXhX?M$q$AxXwEsSR*`+LV>{Uq<|RLP7445LRd)JmQR#8m-0ytR)rMhgsR0 z!WidJfkl^L=0X8Wo=w+Vjn4{e4Z~F79M>vIJ)P+HVL6QGrgOdBa@w(W4(5CzQe2eYEa!H2h%IP z%YluN-b1iSka0Pp5tTYH11TKZh*L3p*e`u5d~H#Br%3q^)Dh!uf`hbs>c1x&P+H%} zmCPLyGcAF3Hvv86-51>*d|$$3BxLtpGQBxElYLO)gvwoanY*5d&;3BU514b0$jp!8 zw>%}~qnsJ_l=PmD&V*Z}eA<-68P7AA+(jAwQj*+-yIzoC(hhRTpe+c+r7*I^%Vfh@ zBEW}GW={0}4U-TI*iNtjJ$k8hrErD2QF!MPz%3nxff?bKEK zG?_R8e+t79-(5sYc%h9uT^U~zWUEyrR z=1D;&GX=?OT-wVGW@T=CHUpfEER4$!mO6`nmG!3NF(RmQ@w(N`GoxShR-p-EJEh1MF3 zwwFC)9}6MlKg|{{D#=N*>sR&;FWJYA-gBHHOfu2u0BHsc*r`IUAz@f}68?j!EJVPYT6ai8EYXlBaiOWQAzR(vjj(TKi zt~bG~TgJ|uk#%!}K95LIuVmwjIe5FXbdz)JFx*)~)TG{1!VhdX^-}Ud;{=oXvB2hu z0W<%YNIWhA`1^;k1BOqC1aiSATLc&T-lHSDmG=Imeby%=>m4ZJ$3rCCcVl`@djSO*nj0GRW^V4)`w__sied z?Cvu^A2!P@i^(^Pi0<2iM9dy7rnv38P0qv%?Q7~r;XbWG+M>}r%H3IY$r1KPA~z-5 zSC}luB^tw{f_FvcC=w%>ENzoOt@snX2Vz!H^f5w?cM_-<+{Ce|9g@EnAzuXN+(x`D zar@~om&gV=R1k$kJ}CJ4u#_kUCA%1w6LkR&TVZ{o0{%2StR;}UC=vxLQV`AQUQ)nyZ` zMlciC0vUxj1%i$7_$2ZXo=17*p@_`WjatpKto`v_7;jl^`dS8g=>z$D`M#7N$c^^< zQhXrmqJ4g7KgVkPz0Q=P`ZAHu3)Z_?odUiv}Ly&G5`??GaJ z1Dv)RYUTMDP@*TWw`)R?+uwH=eBd^!a=K6~w9Jm>#1?V5;n6VM&c-omocxPsAgqXy zS2hW_8M&`KPsnAW?2aUCVWjsBy&Uz=dXc7p9{fjNrD=Yz$q*gF&A7T%{arWj zxhtxP-+A_%UM>*7@QN>aQJ}U={o1qN^D@~Zg;xOohbR|Nd9d#}M`o9sSY$w z_$7PJw+-#Lx0){#sdVys#~QaHqDrH4M0D5^AI5zm`>p0P?79K`IjpaL#fZ%`?2)XrI@4yW`D#%tlvL4Y+p#2z{iSrV%F$*SE|;3|*=!3Zk|@n+ zv$YJ-B&9JP*d7^Jo!9MfLqTmU_>UFTOo~$S0iI1am7K~OJEiWB15m!LsH5r zEQW1&!q!Co=<;vQ1}QdT!;TJ9Hpqh2e3LFBi4}WFPuSKaau^=jUdncM)PYXpiIc-W z%^RlL)6MlP1&vt9bf%ap;4c;817sJTIz@IJiv5!G&1mPmtLOrS!Jb;16 zT9`+`}FCz=2^_kfsML-6`o{m4KDe^^Esos2^e>UkHOuhBtg zvQq2aHu`H8T-`7@Vd#^Q3!CL{%upT89}lXy?=j7trHDzGqHh-xLEtvw=J~#;>j%{1 zSYmE6LXlbUfCw=DiHb%rbL+x*9#uY(NvnB_uzse1zoS|c@w9~l4p5+(LDq(8uZgOR zG&Q%Z-Iy3f$chgOHTabQ&+@-%{m=(Jfpvfe;Wf-+BX-STh8v>;Hc#WPH!-#=Y*DCP zOZ)hi|B1ruqbzrl1)x6h)1ikZZDl=ZGuDHa>Cl&eF_5e#JE@N$Ba>ihkEodsT3LEJ zAn4V&Zo}nq^7|MFOxs7=zi!%jiy-;C;vqc29H4r#n5TInBRKcE6Eqe!bNF6(1|`aHeAY=`pjxhjfAP)l4^uy`nRwiD*^>2rP-p^fvJzC(bo+t@2Qby z3atQjN{^(^*Q?pdM(GEY zYvSvn98z^dJus`OL4r4#lvoeDo5K>gC%y(MGA3=b17Fdq{<6{+rn$y(YwoC%3Y&R9QrPI7rB@y z^Cf!Eq3?2cliP7-=?DiSb3%uWlLFkwYJt52jbF#)dy@F3*g91A7~4)Ay|w!VChfpG z#%==2>@tIAdpRE&q&yY^Ft89eCweVz?q^}cjcG(MGe=v{l9a{w9QnUCg5D+(Ljk_& zVj#U-I%f)dn%Cv775;J3Ck#BF3@tGUpS0y;LV;>M2vIFFE+sZl7w8Ka z89s)585aullqf76XB6RYlaS*|(7mz9ame~%9}I68Bnhfa62awX!t@D5&D|r2k*pMC zer|!~tPtdNsi$ZdxjjheD(efpiXg|j#>R#Q0pLLF<3U7ZL$+&4So(9d}7_R z0CCa?hMwfHsk1Cb;ECTB`f(AXCce*v8cp;3TpC^Ks{(CPl@0Jr(2~z`^STMzjr#0` zjQxB@u}6R9J81&Z(r;zzUmzMa^~a143bCWJw*PhpLVPCE$bfbJ154fxFeXY)M;nk9 zbFr7hv;RQAwCCBH+1l88myNabncIF;y)*b33=$ zMfzPn>b;?lN?Cg2&_@+DbjM3ZpQVRBD`(>C-pW+XXSv&a7W(hYYM*ruh40E|X*m~) z=kr;qXq_31*rNxW=x|=V=yXRvz6Hw!clRUCO|VjLe@1h*|CHujWN6MuLo}!EQ<}3& zM03#6H0TMR(j2`F&2b}|H=;S_ z3`mq+o}oF-_UKQk(8$lIO);W2*=?zf5ealMvn{om@?WV<;=fXxk^hm})cwDvHp$OX zn+zr=teDOyq5zZ#-5{biICI3*CJVJ$>&U+uYIAulP3mS>FH~1a=hT?mfc$(UC?ba1 z@K}$2#+LJpMi=tJpM>aaZxW~)YBLHFfSZY)^f_vSrv6iEWBX$xYNJy@D1ca9xSLLbOrH;N`d(4kEtHaF&@~n(=b>Q%`01kjNVh_1d*Y33;_3 zu-j_T*HN(@r>G?qb|-4VvXr@+U?1dwK37YAwh$i zv9&K<%>3yGO19HHx5|u;b}`vB)QQx$-i(Y%b}u7iOEwb9jB_hm`yg?xsU-q@y=B#D z6P7eS5`By_DJW=Mq_WG0I&73(rNg#>sX{6XFkSw~^!(0oBf$!_N}(GGJgAz7PUHCu z9n|Wqw1*FMv+-pfa#Qa8b8fh00lrM<6j5;Syc2bE)D5 zA+WY9p~iarDL}Ups91{_eAcO+YG>BizBh2T?S0$!|6|Z1+7Eyre?8=$_?U?vY>gcB z?-B|R^bz_6_?Geb_cn;C$jF6QpnPef33CuDQ>|0uYTd=5aEG9M$3t2&&K#<>9~yl< z{tl#!tpgdW-?cM$+O{`vpY7dm`~N+tG5zage@u8DG}WR@;MJ&B)G5zI)ymbXHRsc6 z6;!_&GfNmVkhyB4|4?R7Rxcwyr{T&#UKglq14iTa8tZEn;n*PVL<8-Jc_{^qo8%HhbabXQDjUrdFD#lIKYo;1!0B!1V@WX-U?Nl) z3Sjc}L{s*lq1w!is(l_s2eNvhsrI39DTkTzVLMIv6S+HT8Dr%4qLz6$Wj~ZskEguH zQnbr7(=J7_0MR&x3-?UpU=~?y>_N^++0{5j%5GA~LyEf>RTtLA?k@4zojpkcN~W12HAd)Y`UK5)B=tlqxEP*1DBgzJjYu4*!a$!`C|He z4%tIG`G&qT3~N5fHiE64&7i3?)Q-k+(BxUjTlxlN-GROe6i5up2-?7R7&m2nz)av1 z8oHE&0D?WXphqS75BExpfGPyj# zv0)iau}NAVsH#!ZVJ!9V4^pro5-62yBQxw895P31jFwHIt{7?;addV%dj08(LXU*HvsO*71DYHh4O!S_s^vF z9JRs&1jtZh^`ohHbE=&QXn2gj)WYlUH26807*)f(dAYzoV%|&?zy5`^HraW{Sa}PW zI1mwNWq6aQ?ZN7g+T4I{o5(k=B!Xm+4r~)zv{CH2!MK&IiM>nq+JIZGCU$4F(~1gW zrtDU+&SEY3gHaX5S(NUKXOpJ{f zCr$Hyq%+=cj*W5ze^=Ss5EqaZZT`0+!QCr0(;}~b3_;jC*oNo8u}{BQBCi-$oMzM_pqpaX<4gvYy-X~ zcytmqfagm}5^PU)gH+G}F_}mBAtVG+u8bw6=)<70;Tu zr;#371=b9WUfBet;$h>SC#>$_QlaiS8Rm zo0lzTdz8o91E8RDWRRMC2Q6He_9b`ulitgt>HiX`gHF~}p- zvjThy9A-t&wr(;i7=QV85U< zekZKkB)e#~&NtP^MAyngu7zh3-7~|wQ?4)-nFQ5$_O>>vLS&I;88TyQdQAK~As>;$ zl=2tU~+?;Bo z6J9sfT`x|>h6uz*VjUI7TmHq;S~`ZX7$aQZwhTtA>r*k=fXN5nYOGs+Q>~Ii znyG#C38qC&S?^Fu(uH1cuajcEEJypgb&{&y>{ur(CMZu$Q$?o}%7%ZTJs&_AZYr*cB8#SQn!Y~e6IUCGa85dz$37gN*hJUD|S3GZWjcxf^^tp z&`l=jKVx4BkNCGhnAd^Qf@_%LWxX;j8)S+ynMn;O(F%l=ZBopM z#$3wH^c7sM)lS=E^Rm9(PWuz=0C4iEod%UUOUoziF}0C%xsK`Z2BA+^Lj(L)O}*BO zlSMSZ&0(D7Pr((p3B!YpLRhwaPm@N#4=NXyqFX?Kb3rY2yEWCme3UC{# z-=~j=^?a9jA0$>s|5@69A?uDwQfIVvq~%MZuP_~OhNLpg@z;bNV?y5AbVy1sA9Qzo z9|^4iY*`e+-6G|PI+`lJCZ3hA3h|mqM*HwpGi`2F*0*(M4);`$&!E?gW(2Voyllt> z4~*A!6zd!Twg2n8Ukk!Ot{dgx1%1AdHkCN z#7O9FWk8@!cvN`AlVa6;%ZE#PTMsATD=ihk5MHL5B{fbio5$>o!NPav#ozg3f$|9k zWWGLB)*EYn8x;S4DA^3@9D+ar)!ifRik7rP6bLfXKPA!L5-5llaC9*#~3sscvUm9pJN!0vr^|n z$%aRi42(-CnIBQIyrE=h>&Y`XM8|$nBepxslQA-yqSEqRQ@anu)Asv<^pB-zpM9UJ zsfQqB{h7KNA!B*`4}`29LI!`5bo=P&h>W$=$XK0h`y3fFnpym3wjpKZPf1zFr=+ZY zD^k{4BW3<*++`tUz9D61EPqrZWn`+kN5ex7GlaQ}+t-B--?Q>uxsP1=bFmMfL6)QS z`1cqVYlxV^o<<~!h?R(#nHV}l%y2)cMt^@w%nZ3R#LV336w03wvp?2|*<|deaNQt5 zzr-L=|*7XNhg-ng1W?nQiFVA0uj(eivtXL(K|?j=4-olp;i0B$-mC_s_49khcU- zcbsb@$=Na}**#41ff^+%kjRO*nic;?agbedvvC^<&FY_m!T+{y+lGumMq6l=&ylgQ z5gBv8NXFi&)nTJBvnkZ`V)A~Fyi|biWLY>450SC4_LUJC`;l0+#7bRn$XF8w$F$U> zel=vQ5|OdS8W|%()O;k405c^v`9XQCtXDgmVbHAJr(`ppFc?6_S|MW{_P$mM32(LC zycG>&xW_bXDz#t;!J|o(_Kctx<35_T4$z>~v(nl~S|nV3S-NRvh79rX1Z^a-O%cZh z8=gz}CZ&w$=b1pn8Tq!YvvoDb`pO#e!c-PjxWaw|L}a2MZ(_8THsZm!!T7dpinD!w zj{_6(FOKzBdj>uv-lWV#HOFoy#u2Wb=vE)Tu%s$Z9rf7X{<^FuLsS}Gr@;(XjF)5> zOkrvFA+)5zz^-WI*bql^rY}Rpx8Z`E4E0Fs%&r-{Z#!@~}@NbdHn_1V*uk=;Y z-XQHuq<0}5k&e#^`!e8F%m@+IqW zv6|YE=hhbJ0ld1(XbMt>rWhXL>X?Vv&&XH*5N4k`iJEU#)>_+eHD=c8!h~P)m#=gWZkaF~I-gD@YmEaN7I8_epg5E+Ldn2|;jn+kf$yhgwfO*?mWUr{ zi}sJlKN9c5h3JbM>o%v_of%c`_BxxrPA6B+gS0ai{Mkg(O#wdF(C)T(q;p=jeOx#O z5Jq@aLXdD+V=@;FKpm10V?IHGYr^?t7MHz}alT1q(XWK1pf}MAw_^z5gLdqQxfeb{ zVmt`~50X1T6Bj}OB7SI+`k|3vR)gbbS_Xd=vm0kUL+q1r*hSz>`R;HJzXk^cm>2`X zF%&BTfEW*U1OpFmPaE-KnN{*YC*r?MkfD*jow?`vjoLLFYblWrLucx4F zN*Ug|nQuCXO7-1k_a^@z;@&(^lIi^auX9fAUA^4yzJ2@d`#N`gH{7WsaEpWi<}qpJE= zS64mfsk1!m`?0nOB$HsW(V()eK8KT1p*5p}W4;)RDqH-M zxlF~(Q!@atSSEqNc#C5sE4l9Tmi_tUDuJ=$#sgdh!EN>mUdXOTGLwbLOtuV_cu&h- z_Hx+qvv5!OjjK;ermwwtktK&;jps#9Bb&@hF4j1EPB$9`BXjCTl}G$*uyghRvwfNl z223nLf2@DlD*0DpAxe$ITr&C{CTu(B4|{2ouFjvGi3m?2&f5HPdzYi*?U=Q z5MpZ>XqdUAlg?s&e`w8*QDJwk(mfg#^;W$);f zL44&CCU{(~989hpmMi5OuI%JW7BD7l)yh4eGtRT76}|crfzp9>a}sF#zLvxqHLdb7jE}G zIQx7*rqF>mE)zqs?9Z@CEw8pp8;dwFK#vy3@oNrc>ZzmN*8Px#`->I5DnV z%cSA0H-HJI)`>o_0Rh_kj?o)Ta6MmD*$t`O)u#4xkxSyGxgxN1gX}y_PZ2q$5lsUK zI;$JID#@bQ)k~N(0yCF7)>)P)S*Y);h%f_I!!&}mv0|wsxO@P+b|V1NRo81(g*84O zAQ^Yq?WETHO*#Kmx%XA@fy(_(W#3kTox4Cs*J?(J5b|RY^;m|c+hYmo9!v5b1`&@h z8|kvYf}CkYRull%BORXlfes~{0=BGI%Y@8&fee2I!aMqPv>7PYhUrMXb&xe3vZh#@ zbf+#|0#Si>^1-Eqf!YOuR-(r9sX97GPf3U%kafKDfZ6tJ%ykVh34B!s=7V^3YdRzd zwqG42Oy{vYW*n;$m3!5pJf;g%L4z*gN35dQWIp(pk~|^0+y?DjuXESxV7<+R&N+S^4#5(77iZuEc}v>K=iP0X6DKEo3Rt+NePVc?a>SovVHDkDGx zs{O2Xp4U0@V4u;sM|2e_m3Hn<75#u;#N2&DiQ!ie!WP6&>yDeomt~w`0=PAmrWI*g znWmw&Rk&Lfa~C3{nQ4eP7Eex>^&JD)CjsS2GjCGq752)kZNIObzw6vzbnsW5bDUr4 z>|5whxMJ+wg$el?F-C(jeQXV?DXLLYU!YkZ~>V%kA=h3I5MHN;pF5IK+d+8F+ zPmS}k$-Q8L7ftR*rs_%g`M790%z!)i4aO2RNEumS-6&TIkk`BeSL9Xw8(&27s%BXY z^UzAhR~|phy3-l2s}96GByVcf_+M%J*UW?NX^wM-lRw1?PDQ46-m$ZPwJTgYAvyvj zPzD3uh^g|r7TJ5i$|*6wT#qlyND}Lr9_GQfD)=@Y!m1&RAa5_>TZHpRB>&$e!hSiH z{1N%F4QAc}XtH#Ru^t17V+K8$1S=-1Ju;!YGE-YsTT|;*a z0)YHj212W})Oyaa&`@#x_idZ;=$Cq3&#qTJEJ%43*=-;BsrMtk?c45LJt2YvfN~D- z)WP_({JrG=^XEPU(tcuV`q;))j`Fz=kwX3+*zVkr6Iy4O-tTFzrv84@v%z@RnfwM5 z)wJ=~wT6i`f31mX<*%!aca6zkZK8Vq>b=T%>rDPC6E(_rR~YX~lfS}5&HUB(P2*i| z^4~O3t9*B<@h&s@OTj_Oo@*AK1D1UDY_sSrIex|Ld?tD2*)z<-)8+3kn}w&z@l>Lq`X^MBS0|0I9^Q7?Q? zj_>Lv@5uQ-=!L(Rzu(pie<#Pc^pfAo`8V~#H{|cv^}^q9jDD?m`jy7J_DenTn*9B$ z9(jf9qF?BdpUdAb>k-Mp#~MEJQ#rn<7rY?fKd(oAqFZ(JoE~{r&Of6^{zr~a>ygcJ z{IOo}lpcCrQf4HRd>8uqq{=qAa-32*(y5sAo6w|_V?D34pqd$HqkoSc$Nc|tz6?%Q z0eQ7dx{uJA93_Ef>%T|O%dtDAGx=WdJO0nt5vDBjz)pHEX0Fj~@5<*D@v%hGV97m@ zHSuF!DO?qlqE)F<=3p@PR%J{1RaK?p!G%(3RduPns-{$TaBZn!Reh;xRb#2;;O0`> zs@77+s`gUX!JVa^Ro$h&RlSA&{l^prR}K`0_ZcdTTRFBcVdeP3q?Hp3Q&vqbOxtg2 zVaCeog;^_S7Qm4#%w07?q}4DnKt1HD=0T!q(>U9GKPl`ue7YjRP%^ZW>z}_Q!^{pIP(YNo&K7IQy z*l(&eE^SRR))Zr%n6`YJC$9A+*ScPb>E=9iw6)^S-Y?$wuT|Anc_?TFo~9ksXHU48 z)SiK0AS_y?p*03D41k9ue@CZ3WZiJ zD9bYS-!FlAyz<{Fu*x~tVc*GoKg6$_v4>V;r`D!NEoROqu!{@IBJuBf5Q5{avi*Uy|LEU~cR9t@eN>~Bk-#0qAX1>h<{D=Swjt$Yy?_(k7LzWRGt@I4F>?#G ztl@6Dm9wQpF+6dh);x5|K}PpHdXWsdYG8Mq&rb9|dod#F*Bg4{FDvefY>lIQDo9Eg3wFm2C>6ts zLvV<2+3V3E^iO#qEYGg}V?|O3{(~nuk+(BHRmEo{6HfHp&nFC7hRc;RMf+sHVbDUP z6m}aT6EVf%@HpTSGt1DhYXv}$;I4{}Jel9}_F9O@0)0$=?U3^R$E`1G#DFN@p*(*H z@~Vg0tzvu0#+X*9E)a?&<$HFvmZ4S++hd(cg|XbKHR#CIWXlD_(oDK7X)#WVT4GA9 zX&5DK%uEgVUinIDz+{0HI|Ui99nnMr%L@qeAOv6sg~#6(9;ex6&F;2}D>2`Z0dOkZ ztD>M@crf6FCOAm1#s_?q*9+=gmv%pq11GG>$(-1yizjy{k4NamFev7c4s(J%%W%3( zDis$`B&{TL94f~*iQ76L|Q_glsNAz*)Mzd-LbqeRS&i5Ssy zY}Z}xEry6T?JmwOb9ZSPXzD5MJD`gP_9tXqD^LtE89n9*`v}A73K`?{k)vcJusuC7 z8BOFk7Lfw_#n91l;ILI(Wt~kverXiFycZ#XS13VGgnHN7^D$^7U*ipkFVpzhzhzz# zKl|i(UmNd9;hJd`7r6ZnSguYV)x-&!Wvb|QftncWlDMcR+u6ZL*HSs;d$uz<^S13g zWJeF%<_)+F&U2}-yEi(Iq;>i`Qe~!k`j8)JhRR&l9y zFBY_qngN@wwxL2R1q|aEu(-J1X&5LB6q~GZL%$X{pe-}tLbGhg8Sq!5GvFW7&U@*B zIRlHE60(^AW6Nng19GmzevlXN-)6ujYno8EPQ94eYxloOthW7vj9;OyLzrG%uOO|* znm6>!Hl$57Gx9sI^nb9AbS=_5*X`Q2c>3VL1185_nntb0(1YqIto0vKs4zBQY!9r<<- z=919w8mA}L0nw(0f^pG!XF~P($>o983I|WGq_(foSnK(gZ3gKa>#PT5F4AtIbn$Tn&yv^I+cXa*R(u9P+C&n%K%n<9`RxR*MW=Hm3TY2*l z#;E}TPn6DjU*)a8qwJLugV$k8J%-V@KFZt^V~S3MqSjaM)eH zg7kcQF{ro^VO3LU$KiNpr25?mS?txBK<`16O;m`_6&Ey`CO=EPKq^RP0JJ(Bgb)Ly zpQGkhn^Lg``=-2s3@TBZ+Mp1we<0uu#CL^i5r5$}Whp(t-rIb_eOaQfs5o+i^7xq; zM#eaYyBA@s`$+Kc)y#B)98JH>bptv9D)L_ z$I+9Qw~EEG8`l?^A(_a>wwS5P00Cz=RF%pg_|6MEKN%Hl>QI;_wz@F*2^FfNXIOI5 zyu2>_@l}hdj$}`w99-G1>aD8E-=mstR;5FXolcJ&P!VJ971$Nmvi884-=SAxL&w=S zHeClEV7=apZLO;D>IQ0qx<$48q)a@)S6tGVj<&4#4R*PkG`4cc7K`O;-iKl!JtE#0 z;{EZXpXruo2Wmd%={xKe-9jjh8`Y=8yIG75CHvmR&qp*DVV=7PR>s|yZJ=vo4qsC*No!W+p4Bi)$ph6Bl6tQ z2il#qOHbl|c5wNO7R{XJ-D(rrf-x9k@BFeSLkEa zt&+*&6e;$!T9SWS?0*{b6C0BcSyBNGs#S1d&Mk>VS!+f8ey?|#vYwV=Wccu;N*1y8 zxj)lm$w9X>z7+Z)=diIXy>~j9>$MUKUk0%CLS^%*pV^BWAbg*zki4fa=ce-!%R$lc z7GW@5VExl+gkOZ?uXUV@9d(ftx&8%Y4~6ty&?mm-=<5Oe=I+fB_OE+*!k+R3$552S znolPao7^H+l?4Q2Y|>A-4`{VX55)WS2SB5VK88JxAYN9uCUpR4*+jq+`{4u!g1vYY z*jZOA65m5a$Z#Az5G^C52t*Ss5EM<`DV&Mv}z()o;Ym+Rk6xq96PJOYSXrXiS!rV*-J z9qOaKYnykd$}OdrYTmZZ@9g}I4k((BxasHI@L9L;yqmF)*=={RMoX;5gHnFN!K({C zYW!|LNqoaC$~{mYr{@Kqq~6i;=pt&8vM_*(Bx8Z+EI z)H|3Num|e~@`Gr3gAurgxq({%yYi?I!0;f3CCvB>(0v2FgxbtLx}U$=|AfxwO2o0O z_CHqERE=dk^kDo1dxrrXxKrrncw?ek;3e8dJn;2FR0WMLKZjsxWOP|t2yD?LCg`f# z)I`%^+R3dr&C8y_>!8X&&h0im?l}}-%be|@%GA0Y25s83J5TY5;9X_Eqw4;w{7#ti ztO}k~Ay{eeD(819_il2wA!rXfs3L9qIlmrbVv4$op5rxiPDm#0&m(P*MXLV0)J%F@ zV#j1LkXX;X0O~xIDZ;r|`S@uji~GIBZpC>(Z$1t0``-v0C8oaH^isdY24b6%@{&=< z8_GHGPM2OaPrI)e^{P22-j9#>GhZP9I9fs66F4)pzf&C(cWug%;Qa?8y2m}FR9}6m z_#kIkm-#DBbGDW_)_LYqZ!5Veh&ArcuQ-7_k-8Z^YM?*tU+opn_Pnz^8@Bz!_5O_# z=_|>~3*4QUeE@s|c*4F)_gn+}nfFNc1m=YohZ+2Kzy1zCV;|psaLt4b-mELZ;EcQP zcl<=)1|V_;l}+^|JwDhQF(EZK8WsqQIq1^*d`BTTSSuJ!iAFDQu{4p6$(rubXT29y z*b^MW41B3Zl>!}QnRUOv%(~5AYF)=B3di$_!mKhYvJTI(Q z0>oO%RiA3C*Zl=Jr>e4?}2J|L8mK`MI~~EDSWgu*xY#dTHyF)V`x0B`gT-EEofHjbsd;jQ{8{<$jE! z^WHdmKclzb9>X$!s%<1;yFzO`gooT_90q-CISg6^4iaSs*?*5)eT%v+ah4yrQC#NT z@xC?QH*S=G*H1GWqCdv1{-(6rrPbt3tqbPJ7%e;5j7PA_Kb+hL60`BnXuIE)cK=J- z{ibK$h}(_8@oUfg%1i&9c1ITl;dcV}+d*!90PH61o@{$xW|gcV)7hWg+LM|iv7;j5 zye_SGuuf9aC|16XC-~<<m-TzA#j1d<6L0AAx z;EjgBr+4*>#LaW~SiB$ej-DusVY;#ywy1?$7Q-;O%d;*FhhikjTy^n#Zu(wH4E&y( zJ<9-P)p8q+pQwYs_=OLA?|t9-z;}M@hj06I!0M5`?OhtG2KT3=^e$$u841v`iE*sS z&UMBks4#}hC>Ipjs4-=5-l*Bv0>?IC@|5G{%dHOi( z;^oTSppi><4?gW5VLz)ROF)*zwTRahR?w|r#g=6;#P<*NzfeGU4l4V_k+MZ7WlUUYPRM0C^p7ry0#^i@mupLL{*M;wnr0PKScy&^ z$grt#y6W>e(4Iw|AiD^uDob#EV^j^7L`R!OsLL%9Kz5Cdw)Q)d@bykbAbNxQzH-(p ze;%yO`76nkWG3&(^24#jr|*xoXcH`c&k(0oBpzk0LN=C2Fxg;F+smQ(Nx0+U_OKr~ej6-q z%T-UjD=gd}diRC){h_}xbiPXruqd!H0EAqkC+lb;Ois6v{d>bzv>xyq#yUA zc+|H);bY@rkmhuit2T$ZyTcx*?R#OMcYZ7++HiB2dXi*Kbyq5VOUi6a0gX!Fj3jT@ z>Rp22J5nRJQ;{ZGIdF4WF<`teh_4c>HkLrnMtawmD*;I>7^}y+RcaQn&OUXc_r^&R z8#smlKLgMFw;1CpEnvL1t9@AembiO5SxP`)yJv{rtGp4vqy_*e{4SEKm<1k6MAhl< zh`{=%M0_0=|Izaf#+~TMEpuU)degO@iTXRr?Y-~$>A$0o>G%9(?(6!a&%{sZD0NdR z)Qy*=%%!RD=F~9qD>2t@1n^g$DZXb`%g4+?QvPEplg^g#QH(X?a@;A6ct!n9Gua<+dPkNdYvtJ@J*yRn9}oU!+cO_*K8%qn|_kth5exb*Uu)wF%Nb;;ip=`RzMQZ||}G z#avsX*O*x2ogVL>*YP0%Chhr91c=pJxYnfBy4JdMM_akIRJfli*&$O0rMgF?T6bcE?sH$1H)|?%gvm)=h$Xp$n zGoozK`6e<;@z*KytCW9Ul-wt~HOFQ$ltj9Co17$l3MTZ}`S6Ddh}a=;>ILOKuAHls zzZ6b!bqC24f5383X;Ca+jKrMEQse|q^=`u{;}t2dD2u^O1P+r?JYy}^h3ey)b)#$Ur3fImKD_nadf@|N6 z%&k%O!Afhl;@W$W|JHxF_L^`lzScY!nP(&K-N^hdGEWQFej{AFIWjjz{!9ObYnM^Q zZc{4)K26i3ICVz&WR^1y^5Iq3Pw)hW`O%sj@!>vMPOX& zgbYDUB%!nszCzVUKkHtgQs=9}dKJ8&s+quK0k|?qZ1tx}ZMcuyS1Y}{^D+N9Tdd6! ziQzeeg|hP8xC`>!Q?sz1)RJq>RgzjV5bvj7rFj!`FismCJ4w_y6m}%>poleNlhQLt zOnEdrXJfQwF~pSiWX3#_+0i3%OBA@h8#4JDGgQ2@ugpl5V`pu~xe_HbOYrc@^x#vO z8Bb&|;Y%AXij5AqNi-SA6bIsTzrD_uydAB_;B>8cMASIk+M=S7YV2)N_6*GX&(WA4 z#|?T{pOXlt$Hx-sNWAZSM}ufR(Yii2`TX?O6y2OP z-^%VFEp=P~MO{#|)9u-@-^mseie9TY-v6QOqZ7yb&zR>xJlIN2mnX%3;9H=p!jpF1 zXpi~=ENQat&JA6=4FQ|7=B}*?sCfU^S6DLXhuMMqvy7F|=8yXKzYzO59*kSR2?O>6 z5@h!0MYlUIji7_0ug-7HsEw4uY`P^2 zZai-KteeGBHpY$c(GE1vP4Ez0GUKszvx}W@b5LKutQg6QQQ4R1m5CcEG=D&7sXRO$ z*q=aYKTBKBRo)kIz?N5 zAlH~Nqt$Y13^C!-X%}FRCgvC4P4c()C*0)9be~MF_i0QIK1SCEjdgZ@mss(XG6sHi|5KUV^BJys zDpQ$pf1DAkR5M1y@%WLtRF+T;A{p@506&N}RCQK9ye#iunlGG}&xO8|0{=9!zoCY% zP-fp`xL+!ntR7an?-@*TjC(3e)tQHsyI$%06osV%E}Ur3G3$_=MhT5y+IE;)+Td_DDYUbl%^buYNM0qreO{&a2oVZLU)X4}8uXk~HqiN#ok7 z4WJH`#*vp*HUP8Yr@BGu4JzQmiM*O85OzihjT?6ZSjxu2w)N&{csx`D%2 z=}-Q*23};WHHBSD{4n3NDSwzD-!NP+I_f(3w=Zm-4} zrxjZNNxLco4TI)n+_W_~p4#-IIvH%Zoyx>zxW7mH)zYx9#p7)*As3I^7~drZDIt-D zbx|Z4gfK%TxtEmR>Ot!n1Xx^OjOqPhF8!j=yLpt}r$36`bBuqkG3QVawnDG=*O*Qy z&I`r27g}#F>`3thUi5?8QA}aQiCa^`yrZdc27zQs%RpNHd4LL)@;O4^lP)ch)ta;8QjF^?2M%>{;lb0*!a^)YOz8;Hv9i*53mfFSULspYjq&&nmu<$5B>F`o( zP?~-V7Uzv(cK&3%AKZwUy<@1lm9hn~R8(5rSZEro9x9Eq>W2QgO%TL^=CB>5qJQ94 zhyws`!@runJw3Q`=pZcPLha^?^Xq+OA1qe&4*L!08Wj;nLm?JpIvFGYZk*Mz4SmPP z^!0C4ecRHvTVoOW21`9w|Il08(6@`(b4U7qTcI!da#iuPs=)<=K&-{oy- ziGumfM^LvLUeH1Ci+ZdH+fcXPD0P!ZsS^)RSLqAY1EopUtRbp-Z6#4oH*>e5%#R&8 zT`yE9n>1lyW}KfK2ThKZi6#yi;#`LfLdRAd%i?0`QX*7MvKDMZ&;FzI%(S|OYFa7w z6w^~asb-)&4Y~!&uZ}ubl9(b1U)A~&kUPbv)bwz`olK-+0Crnk)GdI_%nIQz#gl&(6e8KKdTMrI&4<&9rz>k ztlqk-A2iCGDLlEhwa(PWUA=B`YuGkeJ5V?If7#V9uL{3eMQHIslM}K~0zf>sEQ$}T zrZmV_1SO$Vi*bSsLeyldN0_uF26u~MvK?KgsFUXZPr@CMLh?kAL-6KKbV6%2A91Gf(DG`&fU-6)9)Kqo!79Sfh55Zw|EX z$6~O>QXtT$5HSM8qdae&T5y%vbPl%OjEV%u@cX&(@6W(4B7e#g<|XEbymddo0awFpiDr3W4BYh zmNM}e(QOhxCI^+Upk9pA%ahF0K`5EY9r#92DCXIRSa<)|AFuhZ-@HXpO5qSeNq<(7 zGF`?p^PlP)Kn_?f6CAkJyMPza1n`{Haa$@`m%#r;U8&HCt8@!%k4e<5CVL+=9a1+1 zVW8>27V8XRn!00F!Ydj3K8P%|)Ww{dwA_s+D zW=}Al-(SB|W}dsyEHVpy>dJI23Ku$yYUanmYsFgF>eu_o*v_J<-5`2VJbF4mp4!Q| zjyCFU`K^wv7D?ek+z|Xj@6zrbLwedSW|===KI4xF{Nt4IT%XI-_+@_&vu6hz5o;ZJ zBG{%(=9^-s-f!?%n3Zj8e!+AM2k8NT6m@eUwL9=8ZhE?7e_83(^IA$jaJJuc+Fdrlx>O2iz=}jDkiseS zNoyJfASd*V*Bz9dwSKLFy7X8qIsnMHb%Y$9puglRm!fG@7AN!x;YQo1EB%C)*fWcq zbjn~!hsi6KeIH0Bo~O7cH8A?pfXr#L<30D$t9Q8P$Muui{SjB&pQ5{LcS|CDtp2QZ ziOO2D_OYIXB_7ToDr_b5z!Z94Vy4`U31H5V)~AW77NP{HmIobuxXD{n>qlx1zbl93?j>&*`IcL2REGf3uvEw=3qQ>n-T0y^WD4`9mPOWZW-$+F| z?e}JJzEC8{ckn&RRwBm086-z_z!B&ww2chD9MU`aJb)Dz+VM&a*GDIY|CfG{0@enVFE3Gl|3WWpqVqot2tXiJ3c70n}o9H8Hd5r#? zJr*NMW!{)aPb#4oNET3K-Y65&^>HPJDOuqEp12z>v_HfSvg^Gbc#6Z7BY(8+KdV545b;p0OHno7_85$-m2W-bwIorw&Kc4@pmXtUkjAG_9?Lnr&rp8d< zwQEf71T2`iAi4y2QCTNu>UA)+#o84_?YqI5t)coASsgx@X@s|)uF_$qL}jhY+(~Fg zHHEO^65Pjd?QH#NkFQ$n+qAWJ3972BE`BY5S_(p?UpEV5CEr87Bnjpy@?Q#UsiTV4 z%3GCH*XHV?TSY}-E~HbqepHt&np9E=IL0K1vuP$1s#&YX(GytKE>+fG(fSO%qI8S? zz1m0xg~3a-^)y+I&nvk^=BtUQnE;-~zn&?RPPN!1rMTK#{5-N=0zpBd-p?>sNxXa2 zRU|nN${Xwi;8+pg@DB}uDTu_cE8s!_P1>M5vYW}(y@29BPHONq_ZX~KAX?pH{0B`Rt+-U(B@Xl` z=XlMtla|~n^LmOY;xD63>P=Gb53$?zg~~bBU!;#_9ne$=mJTsiKOuDpK0rop$Fepa zOr0%sHu(KSC82Zr&noXA7Wp~z$z93J?oHUg3S?GVfwAK%dK;-#qu!)_5)E`$q#Bl_ zCL6nsu#TuyB(uXLU14wm19_bFAc5gM51Q5=m@rXaiSbB&J3?$-R@@VU1@;9pIO6N2 z7u>U@7mQEH=!<(n=unOQMWN?7_t+K{{zZAf()>$>Yrw{)jG|u*!DP-jZ&Ej!++6b(z}J^Yc_@G=bcX8 znwj_=rDLSrrx>~od2gb!Cs<4d?@`(2D&~XR(zE0mQ5yc<`V?DS|cav{$BQ3M9)&7lI+I6YA znifkJaXV)vUF4ypi?oS@Bgi&= zOsUg|Gaxhu6tTyp?3NCx^`v&KTHa|59&No%K3YVwLY3;2duu(PTQcp9A()6WwK3Gq zI^r+lsfOD0-PYi0(#wEE_^0V&A)H9%!rnT%i3;>rR9&XKE1~gG#q1$7NE?eIU8PIU zgZ~}yQ*!^y(DML~SXR+SD(_*X_JE(M>81|2tK2olyf4SU zYxABQ|19x0A8JLJ+z)m5Z+UCdiq*;Fy@FUy&eULIM*BeilP#qMJw@hur1YJUxmyk# zYYl!&S!X-sj}hYm{Em&|K1-mt-0K)}BWM7%to0NL0|!1ruVEsdVcqD*I=?35qXwo8 z?q~f1!6l1z=ns|SsX_8L%E-}V_!TH2AHV*(N&OS&SYJblF+XtJ2OY9SHv0W{`ejp; zxn5rKOlHLXWD%IlAH4c9{cIkn|M8ox17mfLSnbVy`YNN=nZG87-L67A7`(@&PU32< zUUPz9JHf9U=Pf*e;H-pTxl)NZGiJYOVT#$;!yC^aH!N~2>tN1^p9BP3ocDR+cD0K| zGvzFt%n~ju)7RWYWjWMd1X77!u8(xiRkFU%wEqo@4&sF)g{g-e>uCun3tKvxRZC5C z-kPw|>KBEjWW;rCHP~Y~Ou%?_C4xAe=m|Pu?<0Ilx)IFpvL@6J^Sg{xz?wUx2s|&l z4R}H2Hh_(%xD(b%)#0^bgCTA% z*6u|t%8u^=%NO5zh8fRICz%2E!)B(Mm7eatY&%!k&V_dE`L=Tbi4geB&bL#S*klYb zCa(alDHG&yoyMXG>tgz)xkI_PD``-9lW`s}&TXdl zR^xovkjLxTx0=+Qr2gda0pCaRrx0D4NY2!VL^4PxCKJhGXg*wDshlavL_(zyKFLHf zDVEJ@nMhJ5Wj}@hx+8tfA3+~+_Cg==ir-A=yUsWpjB}Z({f2QaN$C5ANnKf?@7fA| zbSW7FThSMLB)8BvxP?AGeI$LcjHtHZU-d`OH`jVX=sQ)BB^&eaT;rT$oHeHQU)uRM z?rr$@FP-{wg}$>Y^i{^_R`kWv+7|jcV*1Rz+UC8DDFTPvOQh+i(d$mem6Q5m#NDFkB$QZw2 z`k!g}z=y2t*O~sXmjzbbhdoWL1h}|WZMm98JK$eyT!SslHTx}gc5KBW`b(vz>18ab z42#{+7po|@eLO9zCB+o6A&c1kF&782qy%hsUXhf53Gu!)-Z#hlrmglh@#pGSn0fry z73hdQLho^IEv0c%&R1;weofZ%3fM&aJq;zd8V@-CQo7A<3f*b-N2WBv=ws4@#D)7s zM6L{h-SsDQu}8C)h4N}u4kZ@5uC}ySmXFKS)JgY*j&{Hwr;c6 zTw5NhmPkOEA-`=S%FhJVa})z`(4L6g3}sVUS$4(a#tNu^pi&e!6lk$KS)N{3X!bsi zqT>jpaT#EbiwWcV3e2Sxfdvxscb?X1 z!a^IR<6ADm{^wmRRHrVGv>%jx0dfUzHNbQMTr~)d;MrcIY+`(GQmHS+tENk!Y>$47 z%;I=@*)>^0`!U1dcLHg}e@N@5fJ-Hd@M7h>gt6oiWoNfqrgJRQcHe=PC|%4zPd!=j1Fl^v6&?{nOvr;Ndg>~ zNPH`km3Ef?q<&g~MG#NgCG)Ge2*`AP`T_kjv-&IQKb@h82aH;P*+J-WvekbF*UF7HlV@2su-=^ zdS6xVG>5pRT?rQvJj=iG+7hU+w7QA7vADOMr@ldN;r*o7A_@7gYZ43lNngxpBCIn> zajqELEs+o9S#60rL1-hQXp4Qf668yPPQ6>WzDB*OWEq@%a%la+Zp36JX_#Qfy91Ic zXt(<_ywKEnnNbKM(A605f-uz%gu_Znz_o{OQwU&XYc=p@eFeLTen+_woAB^L6C=Eu zN2BTlRM)hu2b7KVyFm2`o<4jize|zcn&KD?HCd}~Q`X+R3B(!f32v~kxF|Ad4-3X< zJ~Pm@@p1+BiJDKYYlT}BB(bPKE%n^(7?WZ-cNAO-5e;js)%R)Z(-dl_0&-jug2gfG z28V`+Y1zP44-d~)XXa+QbGCg{cr#3Z)U)q&Dn$6CkxPdB97 zva`cQL8dV_Isw#BQ>ZF>sphab+_z|_Uemc>LKH=R-q7Kj8dI#4!zK4?((iSM?+Py4 z;Gmcq)8KfeQe3#f?k4My%FaY>r~jrif5$#t<)pl7N`nLkReI*R03yrV+*L2t)691? zhM;bWj`M9JR=P73p|=m9iCsud1=T|%m(a+Im7nnrvks;Rjc6CcGvIJ>sLDF{2K~_F{^5 z!zsdtecnl=1! zv;@|V$WNWidf_oYT&U9LgGrXQ-&4lVLw@Dl17FpG8yfSyWIg!Mxyu80)F8kbJa*BtF?Y9ZCO7h z5d!9?)xExbfVs-(IXr#JQtLt)v&cc$s#pyMVFJ5bOI(fQB2M*MQ|N)0V`L)6hh;m^ zM}n6sP7+VoQ+LDx<6CSuGS7YjwT_=Bb01~xgw8%}=Ov)Ycf;y0m5l_)_!46s(PQQF zi3TfOqMrLC)8TvSWHiv#GAH)RE_ZUq`t-4w#=8d=9 zR>O#+=VJ%`hB_*=j&2D%f?Rk^kP7RA(CWfG?pBGY3Jd|j&8(Z0!PfaOqdRL;Wxy&& zP3DCC$5V7!sw7}Wm!#qxs&b)F z*EMSnTvm5D&PK^K_rOI|=_^(F5fwfP!)i&Gzg+cwQxWQjSIdF#dB+*lHJRLuriH|o zyFXBNPcKW2NNzWecBOBMQk17V2}T?&SwP}Jr!(m9BUvs-5Nx^-iCij-4C2hZ5s%yg z*fWbx6sme0K79tAvdM!wX8B#1caDo^_oF+Yo4nW06-v6m;=EtDzt(M^Lv%XU)7^fH zhXe5`>Nm-h{Ua6%qR3ST>9dDgpG|G$K5GA8xsM*#%zoQDda#U%-9VqF<2bQ@0_;zq z*u5Njt!e*stbKvcj0fwtu)8zy2lzIyaEEDZXJH!|T0>ipQyHuBui9?PEu`-XD=$`+ zfp}x`p-u0>m|dN8_Wh6~NFZKjUxS>*yb`Cg$(S9|1wo%wV=B$l!N#(#KxDbq34TmIPE-< zN85BeqFL7NiyugGj6X(a2z33b8m(&9sYdv`rYpAt_6f`B^U z0Efauo^uZrclM0e>0he9#_ROEbZ19b=XS@ox~AIxx~85J$Z{b#;X8@11NFKI;*fXj4ueqyS+~RKBo9TCsMuBk3!g*F z=iI7hw^;fW-W6Lsjefr(VjZsMgZMl~=FBB#cPWXNne*cq8~Pty%@$wH91}0t`(o;^ z;6u+aUle@kaLx&{J1h-qNxbZekDW#@#Czun=2MX{rU^D5Cb5K6%4#+kuyOch%k<`a zOSPqkFbLX3r!Wj=^Lk~2xb$7++=^}%-*FC#1w(r>J%uwv;t*!KK=6vtuE?J!-KtOk zi#vK$g^wux9Mz(fc}^9cC4RyRs1|3*EQ$t8=PYoJt~qh2Ah_qxul~OSW)Jqlf=EJ6xYE9(oQM84}4646GnIYs-E3vU4!M!J|5|Nb~H-j zs>#*uc+d?5Q;3DL;-a=!hlFFqow66g8@am#t~w~n8Ad;=$>H{}ky0087`c>24QmP< z>dE>`V`YpV=_Xu3ak7I0r&c30a$8}OxF=Kc^drJiqhAM; z^BA>&3lKiQtd-}o%pGfw!;C1;b@YgqsN69;d6-fZQ%PsUq{PENP3J5@@QTX$tE&7aGSPz zNUp-S#w%4Q>#ek75kAV~A?UJ5J7LldO8A|GOW%+ZXq5+CsoUH&_5f%S$`s8NoUQD9) zTD{FM%GZ&GlMxH3S1vUP{Y5YRX6Tz0(w6x%xw$`ZwB9II5CY^XOya!IpHy zp=3ytQ7{(t$9VZ5FG)Pf?eHRTG$h2wA?K=rFtIjB($@)_$1 zp$L@w-6h=tu2U5v08iUOjwEp>A4j4b2ZvD`>KZd5edQ*Fn)Ick z+O1tXW;V>yGwoS6Tht;=PEB_jTIw^cYE`zmiukrV0R4}YM@4-Ny}*!G*|OmQSGKB= zrl+z_OO|?BraMzqlm-fmu2#J)S&CfkiK$6hC%~Z>dDM!-eVHE9mJGpLwE(7B)=_#q zcD>^jr_03tEkVV(niti<8YeGG{7+HL9a7!XEtv>7Ec$&_Rnafhk@Rz<)m3km5fmP= zt-Xoek!~ID`5n_E&arqep-f~^R6fgj8*ElN{@=FbitYBU%lKkrjV2#>HT*($cHL)d(?zg8w)Lnh9vBo9MaUmRw+m=S5qE*P22NPl^O^I(F z$7}H&*2B1I@hAB!zG9olY~A$HtL3^a%t}7du(&buOd2M8Q6BG6SRHeWhlAMoLk-tj z{&^UJOt$_C)l%PVOLaA@y|vcf2r8KM(9*PN$Q8=An{Sc%0XYBHlU?F#1R@}MDOChI7!EE2IokU4{flG12-Aq_sV$XLLID3Rl zFPIl`ZBYmdW%aMU=*X`^d;+{#yg_z{jtWtI zw2UYC+16StIGL22PvP~^wW*Y!@_W(ter{8Hh!%tMVZFpJ739g%b#v^b{h2MMm?qhc z-}33pvEjN+{=P$}H1nk@nB*RU*ZCCYME5>p-*58qg(+=LbU*KVrpeu(`lH7< z%OxVvxm%?U3J%Wg<|%tmd%0)qJ<|}f%00lGnEHna{%H_yN!@WLnDM-&t$5o@pl)+5 zuc%-zq6j-8e)Edv)hy%SjgoAW1w|2{Hqx#A_8`@1noMIu7-UQ;lQ#uAQBzQ(BQHZ} ztTxpSZ-f6%NY&SL#u?D^LN%yA?B<8TmPxkuS85 z;zdwu^sja~4D&@dXpP$Nbz))juVYTf9IaCn60b$T#!N}K4bvU2b0niH>r8ScMjcLb zjq6eQhQHgK)&eEt+uSH)hk0g+Xo)j21I;dUvu7&v6;*I2^@06Mhy}*)9;cpuS2nyh zVl#J%cB{1E_Z1WOH?;nO+E<@W=SrLgV?mX;SDCX|HtpeG$xs<&n_U?uRh47O@~<$~ z%K|sZD9pP(QjHP#!5}O%g$}q4SR#gyG{@T6_Iy=#9B$n-n#S2^lu}22ElQR>{EN}M zPuubCUpLk|Z-={6XW7+#Ze4u$Fu8j+J6yRtLRfrvvQ5N;d5ZgvxGppAs68zIGUF~I z@^2UCTE!HWVcXw&6EM9Ltgp9I%v`)|(+eOC0V_=CgwC4`>7%)PnorsB{v4U}Wgr8z zx7aKZnUGj&EYcu$8458Yznhkzxd5PAdIj^}-cCln;WcK)KJQ`9f5F@3Z7&E!r8Yp~ zFf$vugJH2oVv^6@sy64;)49u&LplDVIo|(^+&{i~ zF8St}qfP+sa!4FvT;%<$_(DS1@F-}1;1`1yKbZmdZ@)Ka`77FMU~Ph%{m&h;1) zS)DRb@!wD$2lp1xQ>AbBl2`tdz_RYL?S51u0Nn$pKI~IxDX%Tlr_NNVPr$HOb2q71 za_ZIG70IC-|Ir-pPcg6L^sBjNl5Z-9Li`o`tr!;8Hwdp{hJD<6F4&e~^&iQw+*S;m zxGlpT4}@Wx0`qUF#@xHJb|Fi#f>4U@W70Nl- zdKXX+hgU-p9>B?+uZPZsVcu!_YS`?4>Flt^&S8Ow6n?6L(HEFjU z(UCiH6+U39OU0HQ%v*M|`jR?WEL1)56w+n+AGg+|$XelF#?A(vGKA=)+zzR{nQ%7F z)Y{81M{hF!rpA1=m6?-UnLQuN{-Dl3tSHU8BJ-~;fzibB)_~H1u?K1nvfGGCdRXbQ zhb>W}qX~OPaaDSS;Rcz=S`f+dtY0GDbf%TrA8?I2Jx{%?tP@+1Zkd9s%cXEUItFLg z#kHD6X~j7sH9fk}R@<16#Lf{%uFL^6Vi;%mS`}bPYr*#a7oInbOIc@49hK0z^Qrtc zzI9`{DV(02QRmEa<6ATKoo^G}qMmjp#`{N9eE5lu54hpvtIFX=$zLP!xyO?~+|BsJ zGq+~3XpMEL1igqy9^`x^i(ZH7ChWQRHT z8_E!5Ku8P$S@NmMw}VfZPqM%Qz2F^Xj&3C;ds1rB7hBx3)wG7ACG{ucruf32Yi1%+ zo~GTe5NRKU0b&a-Xq|aYb!5%}gT47Ts)Y|vsOA?adUuw3Of@{EI^1)CuW0Bao+Y=5 zc+SXgcwcohV%}B_%iT|4Ba&I=K0BUA8uTgRg^@mY>^8@G6s%;%xeNPBd_g5RK0x1SIG7}E^SNDlt_L^{}gA+k{>+i!Pe){>+ocB!#8;44k^CW5_*a61CM z{Az`?SIzdc3R~3K%G)b)Q_FH4)Pqhp7h5<~k%qziWE#pH>ReU5s-c^~SGy;@ca8lc z^PzygeNV@Su6X~ViVqJaht3aqaORc}E6pHtU9JcSc`m?i=@92&Sk2tDUE|MkYS6$C zx~J1Yt0XIh>U9M@>!-T!W!(V=Op3aG^=|f0dQ9eA^``FhUAxN3{X_Tg=Pz~VJHQT| zslKZl+R(Q9us)7Nig-tqw_X}O%ir~zQWCluM1d()%rLxKQ<`fVEd?AA5{C@ z_7$+v?{eW@+Am9V*&v3y75W1g;fe@h3zWP*CUJKRd@)PI9u8h7<(iqrkA*$w=}V-n z)p`2Rc>l7B4=rnTo0TED;9WBqHV|}G)ZrDT(f#6OrXfs|{u3cm#_7{_a^!7 zM!s{KO^5H~23nKW-KiL)(q$IYmeWW7m?z%rcZ&yESyU(GNi~0$yo*ShM z1+~%s9s6xGAu*^PM6kyQ!qn=2N(jY7E4)Kn>k)FPmdlT*|wpzz*=aC&-NT^8T#Sz78z-mQpI03Vy#98vA_Os{Lnz8pT(3jbuR zU#NV96sDtk(_)%27nZB41F)>aQW2ms%CaC18Y%_`VxUE`%7DO4z!0Bkh=`)1J8D9a z@_!|{N22X0bkalwQXbvVdOdvmYb$YLTfC!DhVcOrMnK^~3m9YS6polhKVq2G^ zjOo;6l<()qd@b`vnMOd2GffEGQ7l-i((S~5@y7eaqJTiUdtT~x!C zjKy2DLbhuNej@?^*99P?km;-igr4FrRDUT5J!=$NI{p!xYps2;2c<0igt1Bi;f~Ew ziQ-Kr^;?aVEV5=1L5Bb?P^T_o4JF{G2qbDXZ9$mhQ;wWuM{%+_QH~1A?17@;8vHCC5BT|Z;j0r>&aR=FIH)IlA-nFmV zkDFI)^{V~Fcz>}IA3oIap)cMy$NSj%qfit>eb>uI!Jc4r4*rYL93& zdAtpc^`=2$aI&~_`&_X}=t3c%b2I)$*r(cSdoYO)l_uCO7Dt^uK(DHE(;xF2?E3N% z^>nfv!L>wx8C;C69z)0SdunI(DJdY3A}}g4_k>6nm~89{H|EfxX1&_R5J-+N zt*6|UF7TJEG}xHsXs&b31~;fm-RXMQx^5vg#kA_`)D(BJJ!QXQcw~=nmVNSfC74N4$pmw*SyX`oO z3zFg{d9c6P3EX`&uuVUfd_;J`z{#+>k$` z2mGq8VxFGZ01C41&h=oAx@s1zMpgRRLx*PaUMh)$%S4%3UW@a zj;g>cB=q)nJuY5KCKAlin)@M3P7kX)-k~*i+T-voTzqlICSa#Ve_JH$y9K=+UjC2L zZzFq}7i2O&UG&Gj-9d@U?X_F=E`*g+iv4_SNasl>IFevJ$B{tb7Q&-6i;l$5<=myt zzVwWD)q`Ga`&s#pI>d^;8dx7VJHwf#Fs0k=0R+EV20DePeyPoCu*`l{SN)uN7!KYj z$6pR}vW^2ciS80(beJW(vrST$n8GH;-5MhfNn^XS%s4i+y7D1x`UZ)xlN}t868Kfc zTVv`jq^b@{y3AF6f+%*7y-w?+)uHx#nxai;zaAH~*uVdO*n7_?IjZa3yHBX9Q`J@7 z)p2@ex+iL)(nuqXBFadJB$0zL62aJj4VVm0BFiMn7%*89U=SITlaa{57zvCq*aR7q z4F=m_V;jT$o$3+B@BhBv-nH)i@UB_a-BVqCs_N7^`|R-SXCrq343c8RPodDYX5@qF zb6Z1YwfI~xS%2fC-gJ|@Fi~c7+MFuYDO`KuWa*wl=kG#58TV3N*-FS9x-d}@*%8d^8J;}Ke6y4lYiP`|*pwAjZ!hkZaNkv|}IQAg@tZ85D}-kp2_ zWs~BexdK&3f+#zmWDe>{t&S`WOs(B<^Yhz5W zGuB~2CEBGy0r8)W(zRG^+g4gX%a~g*O>Mng^dyChkkr_@*qDn9?EZ~*Kg0e)<6LWU zWUx9+S|~pmD{YLGBBhv_t-+B@4YWa|RWeZiD%^OAg&(tlf3!Haj-YT9#82_p|43NT;c!Q4x?*9 zw4(-GnIx{ACSXOV{M1SHgW7ZhR5zZNDR5;`!kedCgHLq+F&)B$G-UswP2Bg-q433KZ}Pmq~iB01gORaLqRXRxD0(p7+!vo_yR> zYdrV?oi{xBwikTtslR#gW1j3*?Szifg-L`$)nNUO-_|5@FgKncAwaw$>`{Dn%{j4>j zxqUh$x&7w)?LXHqD%5(C(>Ja4C){D<}JA0-n<&VdHkAs;9ZTa@QqXjIkJ&( zTLs2@ub^U8a)%&WZzo=We~v_LoC1DOpj4MFZ9yxe)p$%LtE@7DiKfJ=9Tz!H^A;EB z7wje>L*}ysajiy)Bd*(@10oY zZ>Z$0n7sa_Zo2=NHy+U1AoaMyHx`zeN#xhOEe5a&)H{Oep;@vJ+#`r6HabwsnBR){ zcHzTVS!VhcWoBQd{dXkeuqKO>?ekSF>^amoMfio)mAd=~j*J_z506H3BdCXYoy#LK z2<-)ML&~_{xm^&%(&NJ(R)c)BMySh$>QL>u4%3b%OEwl+2GA6e z={h4awBIb_`!OJt>USPg>MW{|XovsaQvsjP)-h!%+SRtsf#ym}Dfj<+oOgp#H!7ds zY^(M&m+1l}x0of)Wtvh`&-Q#njjJg=PP63%2=o-~!5iAWdlWUvI1TmClV;!8sSSN1gML9oka|&aU z0j^?0U<_zy^-x5=v~vu|28E3nKNB2hS75bYd6dy~)>^M`Ze8 zJI>QVR5rz^r`{n~3;bK$?R8uM>G$0IdbHZFU{oA#AKSealUHUd!qQi{l!&=u1z}Q^ zvkKfFYel>2!04cVY;S>aI7OvDrK*&YgPjeW20y;_d&Byhc=_pWx1O|i3O)zKSsEeD zi4Hr4*l7=21q4(TP+JSt)Aj@;xrf|))K_CLwb|ymK_Y- zQE+cm_;bOL!? zUo<+CCE6xRe!-L6oERQG>!2H{5`f&XO%}Ud+0rHZ2m3N;K>Gm^2u4&?whz(|d-pce z*&=yv5zs_d-H~$0nPb#B?NH*=c24+ zOHP&tO9jrgH=?$s5!(8E)(ul zHPcRM{DCYjMcQZ}{_p}&y1d^s&ha_d{{AuKZtkP@4N!qu_5o9FNkI#{IJJf?c0pq9 z_yNf>vhW@CUHKh;p8iU!)0A!$#r=wE$GU6xe!m`LJwpL0mFpdc{bTf>ar7OI-D#Hy z?%#IL$8ORw;VSvnRLjR+YSvIb&JltSVydG>+)+fynHaco*w{V%PIVa6OVmOgv(%<3 zV@LTOQ^NREet`41-ToiquC-Q2CM~A|aC5LMLJxlg-h?r^pvr%aPw{V*dtGcu{`XZB zSIMBMg*p7B*8BcLPwZ~zFGHzA&QuNV83NLj_oSSd=7=#&oIZeA7*moAqsuW_cS*Hu zPnYFMg`s}q(H-d58CgEl=##*Afektx$6nzytRG@i(av88iESkPG7q-hc96X6wm{wx z(j%BHa3X!to;Apx5{W@}bN%gS^|vSL5&HM!2V#d*%dcGK)JtCK^dzgPNj2j-C~O~3 z^Kx?g%yx!r4hp7{Z3rszOj9t02ZZyO>w(h4JBqs8%aCtm<~vY8DQw?H5zVPgqgXwx zZb*Bw{|2*zYMLU7mGw;~&Kq$f{Q8;eJQLP%7L^gATD9?nF{HBXw3)-$^XQZbg+UKa zBFc@985Q@S*)fJ}vOx#iXr46U8)|R6*WzRB-T}K8znybBPE*Wxk`lq5+#~Ymne_Q4 zy-tMhyTh)8cOwiTq}GvgE9QNp*hbG)MfrW*OHT0wd9N+H!7_c2xImK7tMr9lZ~v#cw+ zpY6By!@g{-!#k{h+J0_hvy0K8Y+JBxHMTd^@~FoHe;IVVZll;9Q39)$T7+d_jggWD z3+AZ(<)~n!uj|MoT-@F4w65;+ggR5mZNjS8Tf=i zsAq6TIrYuU*z+_tJ8 z;>9@N{fn%B3ikli2dvi|XrSQOm6dJ>M~nCHA!e>XBlG4uU|8}+`+K^U?yVnbI-%OW`^F`&m)3W^#v9M=*mO07qa{2vU9H255&N;3>p>=f7n60{Q4o}~?Zh4hkTMYt|y3ziEHLkiGO2Axqy31KB#(yXG zb64E&mY;BIPr7dMxjFfqM!$qLC}vW#s5o-I9EJ-=RjhvRs@KrucldgEtdZl6 zqnJm>O=7&?du&oqZH}5WgknajH+Kxy|gE4J`scf3D7W4fX##Wbuso^cj; z8Qnl-rxMb@UTXtTNBsPh5Q{R+k>jN!za4GJ3hnQ49=u{o-hvJcVnN9@83qNS;aHX; z)gUjEqCt16s(xOpW84)&Zb|%ch6etni`|q)tNr^cwR#`A4}|pu`PB- zb1u6z=RE7eIS_YHIjH$A#6-=RTJ(TbIC*I3t*6@gYhjTV5_#$7e=KtH3Hy)zFd@}K z#vULg?TzrTb6_?))H#vW3xLLcatxtAz8LL20SVdm{=$D8k2#s`dh(ZwUE^(aOLTNwVTJ#?*HBR%`){*8t3L|9QZnaL~WAB z@i=^`agWAFZ*Kf`0X`U;3fBM?uDRBV4hu;pf@__b z2|?0Ky}jj5s<4LH-ygy6N3q%Eu&}6_a^X6BK53(uikmD9whhWs`?j2o9Ri?(l6H>J zU#Yi4;bbE3V|e5j*ywwXEn*8(F3C)5Q3_n3Arcnbko)VG1!glGwEeQ3_;a~M=i|&+ zM%Q03yX{?J;J~#rf(Ck)lv1Ce1>mr-78Is-5Vcf-2-J~A`tN{Ff=u6vC&-?$$XG0q z`Y-#J+!>DvzubmjvS%!;3M>j4R^xgW#MgLlVzZ#=2C`Az zOJwR=N>-yG+4xVo(TqEW4QH{?H^yn6fR+BW6RZe6V&*6)f7zlVd^ zcKp_u=G|<)^nc&~@of^qxqdzNnl^7e|HrTE|AxN#|F7Zy`|Bboo**xYC3MVnr>y=rrB$vJJ*4)NN8^&)NQXjiMh)D_NLqGR?aui+|10^^02 zrtULHUe!F-i6Q*XMV8$mJcopI&}ib`Y0!Zk@}xA6$?W4&KkbLV^ewTsj|J*`g(sx* zq#Q&$8w~ZYzX$|2kX&#gYE0NG=tp0gK!Y zIPGqdsi!2yH`W1GsBT<6#;h9SuO8!FJVve#oK+~b&4lb~n2h2~89wcs&G&?Z+iN&O z>NDlw8PYiu#nbtT91n;uv?&Qzd9?RJDeQt}7EcVduaRxpPp08v`sQJS4ZNysbC$TP zFeUzTZI~Kcvcwv(6}Xi_B6!oB!-!k2)cdW_Vx=CDyxuO7w_NgCOkTUc^xBhro|(KJ zv_i|3x_(ScvS*F_^4oL#M`mXq>dfD9fQoOW&Q^V|`QEEO+KfyWN2I&*>RQnVZthy) zT_YUyGoHj%qI->S@`R`Ym*8#QD;0WlkJsB{7Do$5Zr#s9gJTq@Xu&P{+0pT}Vmc{l z7L!BYVH1U(jfYOsmgqdDRTbYz-n5Qly4=G4>=6xih}Dm{!5(o7M-U`Uj<7z~(A$kJ zBrpuJ`%&LH!5=M)`;4lGvsZcG5_tFpG;uzC!^SFYV)azDM(D?cD)87BlLzdp-wAgC zxLtQX#cl{!J9@UFjXvEaZ?c4MBb}APea*$unzDU#6p=0qSaRI4jsx-jwaT1D3Z#1$ zP-6WiQ~Hp1qC!y z_E#W$EK11zMfz1&Y;rGkUv)_oCY;bNgly#r4=^2aSPMq%k1OL-bXsMQDb~-4n?{Xb z`%tm-1mR9#x;M}zd8ZwZ@Pgt0sj}{L(Ud3m$3&XLGy4YbjpQaTcaNyx+jmFfo2Obf z&N{iVzx|1R@nnDNL;b|9lsT6)nNa7LYR?6FboA4pdb2HB91$ZlI`pBOvJwAJyc{vf zk98MHV1PBV<-1U2QUFOggt3{N_8d=p<^j)q=%))#nTq8y{jo1U^$j7=-U|cg70+4c zRa?yEp0mbtYKC+Zn1E&eCI^5XN@`xuT8sJGQZ@u&F89nDZ)#xzo*MJ2GvOsi{myCF z#MgwaUv}~nii%RgYqRN_g5;1j&Va5I0Yf0Kv8~VMc z`!T(cl~!^Ne$cNz?9cH@x;;|8+V8y5?|t#@#NlrVJ)AbOzdoQRgUo%RK^tLlm`>NPCwZ>c>-yJ60!1C|sWsRFc0!f|j{bgnyUm{W9N+4$iC* z{vp8}e~#h=HWTBoD4_Lm0h?Cr!m4kGypmsF{QbimK-Y6b^!1op5ug+tZR^w7@KP@@ zW+yv>6vJK1XNb}Ye8GhiL}daI+Xj$kdC{Iu`wN;TG^(bC#u9m?T~M#&nL_&`aVw(# zOT%T@b<#d_5?ZKRg?+Z&nUuQCqlD|FZkz#(Ls;cUZj>%wJ=$tURn%UWL4 zr(@|KfTQUbd~+-T7D`USNl(>RlZp57gv!BAFtA>z5DP98(B8( zOwQ{C_8IlutrUWmCPa$l+~$!*d@Tu9=2QqWfCIH9TPyOtf}?zFJ$AAUUb_W0FnlLs z-X_}jA!%MwoOD_6ss7v-%Yx3&VZDrx@NJ!k475obb?QMen?<_!#&r6<=FC|=nak7Z zRk&3e2;uP*2C{v(2`+_8g4o(#R4jK08}+!6*<2zDEHdpC`|vwiH0_1ii<&OB!cCbZ zE}SN;n-KTpBSOxG`x;b68YwYbcgP2|SZwK?xESonv=|8)`}yEWh%jAU$8i->@gipm zyex&(*p>X8eNm^it|ULXnZH_mI10o=@75YVGE;d;P;L?VA3!Iuhso z5_y0*LvSg2ow4+m*+W5oBq#XK#pb2ESMIAM$)aO?C|__tkm5u68}Wf$ka7Vvy=i7~ zzKGN+lB=@rS1o0LMOfQpQ`nThK_=i={1Td$hu`UytexBoYiDXMBYrZKh9I7$8X)v&46bgLxX3A{o(?UfY3aBna_NF4 zMeJTd4Rc!(N0hxn;O5n!_XSJ#_fY{6c(e5aOY2$DCv(X-o5e9H*P+;vlX{Qs!_cHY z31KV`NhJ80aIX~JrJ^`NA1e>m-$Za))YDFSXSqZ##i6V(u{tL$$*YB4E1;pL;$#m*WTUokhT1XAh8%Rpe!zl>T(79gR4Q1%uHA=ps z{L#@(s_`E}{S$lM@ZekiCCojJSqJPX&G-mA)rj7(atnzI-n|OATKNH0xJ~5?Zn7js zcPqJGnX)c*ty92t9b4fUK2%h!`tQe|A=R0PeMoNg?iAPqB6Nn#ohdu@9E&b=!dq0f zq3I#j5E0F_GN%=Ps1-SJeK8s>sY%`@UxJkYqBIgtuCvN7zLW#>VNguS{XEE89;L2O z`ec!TF>ta!il_f0k=+u)as(xz$(!&n?1b`ogS9pAkjgY7F!GKK3XBgxK$Jp`{6-X} zxg=DW?4fZUXK^`O$mc;!wGp_tzPPU3ErQ#-L}YSM5)xPPoESc1@Y0aVT~KF}J1*gr z`+fbNDak+W8xZjB*w9}!{;gENvU4{sYBEy}S4<+wD6_NzZ^@3C*O~mvxsh3NF zW%@%Qe=PO6l9;P|n_#S5tfDKGB>DJJS3lxLrz@iDg}4YfBb)b*uaxkBswbp+5@4IB z@yXKbW`lG#N{SsqeV+#Q=!CVGrSl4YszcnVIHuD#sPyS}39^&8hhBeOptr>=PPY3Y zZ3R%uKQ*4fV0|q@``cCR>F(wfWjAc;KZ7O~KuO}0eqDgaAXDcSr2%f)9uM$%5(ypN zoG*ReybpMhMPGs=vWmg$Fje|v;nqC>v+iv{K&CgfIzvUHUrT56?7Cb+^`Xy~@@}c` zk@DZdAtFXP%jr@+BK4yQPs)u_J|p$Bw#pKj`E;Et|0SJI;k?X{kyfOrSw(_fA$=w} zwV$o1s7T}!(+IISxfNL)EbT+&3@*u~++$O(+p_5&3-dSfBQhXmQEMhZ63QFx*ff;@ zu_BgEL9Bda4?RVK+;mOZnPSDqbRc|Iig4(GRszl9(6Max1a=$AHe@9d?$ndB@V_MY zXU!1O7ana3A88}HNkW#lzAan_J12YZX$$Xe!}X~3ZEex5$tUl|w(y3wf*$JRTvm?< z+>;2g&xIaJ&aZ!lTd+z;$7t~*AOUV6@LNMjw}l}wV>^(a63M8Yw1L!67og^i*`0na zqxIa&_nb*KUDS?~UWUk+WK`J7tBECgfW9pu?C;j+a1Q(E0iv*;(clM4e5fXUpk}1p z7i8-G>>j_A-p1huXVe=UWL2^awlT*ik*pZ$JARKpv5k7w^|S;ZDN2{`)sQu3}B~m%$TH_vdar91CJPisaWuEB9NeE0QcIi{O2SHJxWtoM59 zw^?hpg6!6POQil}pDZw^Wy(DqRx2GHDxq~7?H}d;wl#dQwe{%WJ71Kh2Kte7D>~L3 z+v^p*fd$AuI%+2ofYicQJ`b;zrH!y}uyh7PXwVKJFg2f%8b$KGSxIPBKiL{S(OO{0 zCWAs^*Ck_OA)}W)Mg86SxCHD+N!qii0*JT9tmc>XVSbt2bCZIiee<3h?VfeYtp8#U z_qi3PpTX(xkGaPUN^ex|41~}mIU~14G{c`ev3`1&nlAP8@1|$iUG+P%NRAxE3VgND zcG`v3&Az4WwKFKOY+HO)=}ju=MN$Ji@q6SLm-VJ&wExeR@EMOcfDr0ZHRxNXFoZnK(&SXxT9Qp%l!hOuAj@*GsB+#`5}x8mTv zxHDbW<;_Kyel&a=3#enrZOmaDVG?H+&nC+7pjgzAaw!0HU(TZQ1Eh>Y?IB?8;kj=1 zV?X@~IOZ6GyxGlN=w{C!5&o+N2ZRi2?e%$EVC=qX#V`Z*Aa1xS22>;J6kk{LcFK-~ zZ(u)U2_wz5vXgNDzgc;uI(CH;E7gk>hT$!jyoM|6@^h0)y`9^M%OJdf2~@)LPE1Cv zA8?%q-2u6;oA*OYA-Q=OAfuDO4coBPf0ltLkFdGfV;GT<&a2f7^k;#p+KGN`-s)(J zM=TnkBsOXiHx0L8i=IWFEE8`gJSGnc3re2yg9#}YH1g~D9#e3A*5bI*hznqbsaYe0 z$Uc?3!0Uk0)y>;E+dJF&+dFZ*OIlQ_M$BwcUJC(srwqrKo6SbKbhgwO7A6ckE-aFk zu-#qK#vuBk8R3f>J@}bb{1*R4@^p&8AzXO2o-Ise2FE}UoWC`PA2$=kV=W-B<()8d zi2GTZC4WWet^^IH$UBU<0B*5y}`XWr+ zFr)rdCUeF`s6VIJd`?EjIYM70KM1%R4ZS1bf?_0jqj^!AGNRAC&cZ5!n8CwZjM<3r^z*$;vwF8!0^uP#@uCWMtLzX z)QB^_9&dU|+G}Ze!+39+z;wX997t?{bZr#W1yC-dz_EBvP=X4r77ntNz zrNLP^{Hfh(oou#2{YTrITj9dSI?-0`?pNq~t3O)NKcB56jt55Z9lS>aECGkf-&>T; znUV#e5dx%1g4lXh94rq&={a0X#$UCFtqZd|k-U!z{iKv@Bo{VK_NLpyHc&UzOq(VS z&>$vH69{iH0di1Ekhsm9x{vkxlQ@;SgYs=8a(Wm|-vxvEsLxZ`sF#TiT5QyiDA>1u z*8dAPXx6ZwyQy=^dw{a7n0z^ZZ?bp`3-+I^(0yG=x4& z*yej(Cx;yeW4Y-)QPk{u7uMIi8>QY>o~IlRAE&n@sW7juVC(>FA=6%+1UNf@oQ$aG zo~hf)K#{Tov+X2C^-g?_ndG%zQTWGoH)QMQh(PyMo%*N@R#Q-} zE*Jy_*!&1pBGLiH3`6abo!Joplb1W{>Z;ILO#+ga!NS271(r_AY?JIC8FwN|?c{pQ zf+lxmIM_%gmpdE&5qM_s3Lhu;mWQdC7<0_Biux`|Sy$re#td)-83C}E;5a;qd6rpv zDB^r@NpI@64Pb5n@Hk{O%~96Pi4e1A0soo+Q)j_pGX~Czgn6QauU8jII{26p5|{v=gz}G}elL_OBE2$_zY5*wLiuW_H-+-zNM91klOla`B(IM2 z+DJYYx{njsaDJYN9?i&g8TFj&{K}2iX9AzfR$h6E>@0ctQB4eC>*-ZLiJXg~)(azZ zQADEH#Zm6EXxHJCW>B&Y7gWx57Rme z-xsZWA4JiI5k5ZC`CsQCq2ZxSdLxw|Y`l0iFhvYn7{DHH>6{;AJvkLH_b5z}1wgqc$udI>Yc0BCaT;z=Uno7Vg2hh^|$)I`s;Sd_w~Gr`kwmdwe^4%yW~pwV6kU z(F=GN2GC-BbtkFEc-p`Krb!lez0|2y^-iGP4bZ_X_JZMn?QmM%c6b2Im&NwqZtC3X zkoC@qUY7M}e12SnJjUE|adcCH#Ehk;@%R#9n8uN%G}UU8|D!I{QV8wSSnkHwT{p>TqV=gs7}@cQ%??onR4A)O8FoUv-$C>T>% z>UNa72^Pxf4D(nFv11}DZL-AKx{63aHOW1ewWVr*XM>=RarbMLWYnu?1i2ca_ZM!n zalL!3yUrEs-AT#ov~_MJ*RRHhp8Gh=O)^E%4y{0i9Wv0Oo5Husnd>!#voUotp<5wWf zpi))0@l0t1!JwGI=BrYuy{0BpBV~a|9yqY9iqlQ1Vd^^LtTf>S#KR-TdD7@7fDNlLqoWM?3K}H6v+5HyN`aJ3Yo8O4^tyXQkOA=S+RZI4_{B5-yU?c4{$kKGP=0 z#$rutVruZa`bv!lwEhIpT(a({%M&=;Af zP5u`qL#PkVD9f&$0EKXy&?2VW6tR zwNlJov^$xC2Y&-0^dJg6E(rUy%Ff-O zjJ(5xE`KeUcf3(lEXb2&RufiR&TJCbTT^J0h+nlz#%ChaLurjy+C~sb9Zh1xO)WjQ zw3LY!4QmcJ3-YQDuWJp{fKoH>J1_)XOXb9(pdLiA!CTZr`HiRA?6_E|{~E5aG4R3) z%?WOcQfIgK(UpapVj$JJaD6QQo+XI5IyRK_!S0DE)9N98NL6!qx;C6istp-O#x9Y{ zgcWb3{5nobLa+|;4tLbgVslGueiqk*h$NlS=1*hmG3~x8j<9A>gppq?#w6Oc;-Spt z(Tt(0FJDCToruJZF8Zr+ zZB(uu7nyZ{c00d>%Nzo0oMV}R6&CY%(AfDY_i35>tg|MwX%9asag$P1B$$nG#J5VH z#L%E9hO@yFPm#06C{tAP>uWF5o4`>5Cmdt<)e;BQC{|o+d!B27Wj4`!8BWqf?K~B; zinw?0=cIJHe{@n;j%btVao!vhA=H2+Fsrrg5-y)+YJKuM5(~L zSf-*j{X;vBE`|_hBo|D)M1-XHc<2qBNFB&Re=1;iuGD(LE|Q5C><7u~a+SQrAK2A` zEbtdb3;`K7W~`ir=A85Uf-D|Y$DIl&egeweP6UoB|88_XYb2g_FB#`)CTv883l2;h zyPhToro=XR$x8jtl$eF?+(lrnF6F8BHcPh2x!iTL+*ckfkC#1OL(ozRh}ZF>AyT5= za0IH(JLs395$Tmoy@BOoEE0aFsm)X5)Y6o`)O}qQIqekSz{QhC$j>`V%SPk{GT8Ri zS;Nx#yDYBks!+z#dcm4eiAxD>`C(59QnJ!)S+cy`3&iBnlNP5oc8!oMlqmWXHGZrs zMgh_&0d3pw58uZw;BbL#)|0dXW!*X#*c`CM%;IIWXL~=die zCV9JEByW#5eqJ4!az8E%9X9cwk|^%`fYHUD0OFvM7;%w8>c8AKAwM`Z*@8hLzW?mn zUYBoz0fYJ=*Jr4V6*eIi_73y9FPFPY7Y}#$ihl2mJfGy(c)H0bGAw`Zm=DQKkRL1c zC#mL}>21^EtsPH)to-wpIZw@?EpiD(e48>`nm1%4LE(M0|0kV(3xz29NHHMVU(?QS zTFsj+@gJ0YUA6szq>aJ}+4PB7O_=rNR&$8|mlkBrTaDh^5IR865tzR>djD(;jt+iY zEnZNSe{HJApk8T~&ot|2o8`yN`ftth?q>I%X8B07ezaMhP}L_^OpOHE!^)6cmI`{Mdq@QSFsEF50n7tT+r`ORMV8>@0nRbO6}k5u)e zRr$lJKD{c>t2*abh^*Ufym$ti?wF91~eEh{$wp^D> zUk__m>4{$RtY!53`jfruNu%TIA2af)D(DdeA{qfV#vdfkP&1MoU-o4_lm6dHJc%D@ zYJa%Nchk#-I)RbkA08h}U^Ejt`c|cGQ`;r4r4>r8WHJUB@o)&)ZDF>;94E*%6t>GLdgzUO@MeBS82870Fp?0YiR83tW^dE3 zD4gQy2{ZXzQxr^b9zvF)BRmQis^FSunwy_%_J7rEo@$PZWZI*B3~g)iCZ=Nc8Dvzc z+qJqwM_L`3J}Q#4aHugRoiVaIFRt!GKe(iCIw7CFcwBKGp7MUC<%Blp#5QW&VF9MG zsI1`j9usLaMvz3lu5Jb6zRaSqcT(K>NnsO#rQ5nesEs1itva~^y{JQZP0wlXS7^xi zW!)uImbtaXdALPq5yh}e5^N&e?myJxJl!JGl`@oX6%u5)_=at{24VV5j(pOb+ZZ<) zk;YGFmz;*JhQGtV4V`Q)hMmTFO*zk~wjnc7u~};6ye$9RCS(}$06{4`HkGY7HTh)| z?Tt#(QayZP5z?jOQk8sjvNkWW4w)B}dy#N{J%G=PnwYJBD!BxevXAFeqW7VuhL~)@g=qJood__o>L3|P=!hC)LQsPHEeZ0 zt9Jdn>U~zFG~KUj(LFU={2YVOghc%$mPQtf)V>b+9!-6(wIU{JWd7Ob_M@k6mi z^UnY3%D>q)^^LClrmm^4b_KufTG}%Vt$NLBq9t*IWeXZX+D|7mq;MlPil1wFu7>sJ zJ;_2nLfj|8K{Uv#B|6WiKuGaF&O{3v2mE%7TrSW+ekaAAl(`+mhU_8qHU%hwXvY(? zn>6la5dKaczvyl3OtMzHl+=O^Cc8wH9%8#>|+_*odjWCs7d zz6%y1ape~W)a3I?WtCJ4My*qYq~P=3@=&?6?6e@HMX*?A*E;cb8ycwvW11B8I*y9}>3eJ@ufElDmxCWAZZT z94N}>VufdCa{Bv0lioV|F@$n6<5^4;tc*XZE#vvkNTZU!FdS@tQM8a&w8-E7r$P_3 zUoOV}QS3~4hF$!f@8E9QUlhH3y@$X1PlYqk{wS$GFk9Qrq2?x!XO>QwTA3c41@;>f2awwR1tDIb&)QWoMPc>66Qq#Mp-J@nWTimH;c{9I1$C-WHJZJ80 za=x?WpTztHTUO>9`p{(?@uknsmUk<+tJ-HW@4J&SvYy~3}Ey>nkBGiHg{ zH@A=2-`THge{a8qO+jP-0eDbEBfMvNcyqq=dGkK^YyLs;f%2fFUk=>=5c91)4vD^% zJ*;?WczE{P;>hrb@Mt_K$Arg|{`j4)?|R>vaZq&N*55bZJL>z<_j1cb@dx5WK}jER zvItKSmRa=_!5AkGjS-vsp%CDK&JbOYh@K%9Qn~g{akj{xC8n+vfSsnEBZ41s90teI z(`*DXv!p$B;;3%f@m7=bc9WC50;}QAd%wy1QxlLmLQrjWEj1$+$}T2eGpYv;3Ftvt z)2${Ps4LJ^x3UW&=3yHvt^zYl;~_s3@du(a&-ZQU5pQAHUM+F$Y?FGnAIlcbg5QgE zmNJb*WL(xWFs2|&5qF8y{XO7Qu~O0(M&e%;_o=b&-PAU4?(;LZk{C?-J~^*ty``6~ zyR}_F6i5^9>Khn56LbscE@n}UIN(5{=+D6Q?J9S3^OiO0Tzm!;AWq*TMy77$bVRbq z*K!H&&8OMnGCl-Qy6x>8g$2^&u(Jjyed?0`&EaSMZ}tI((x1wkw76NHEN;?iyz)AA z$EZHE%)#@T{PW?1tjdO<@!oc4efx~-nu6<_#sCbjy8VR-DoD>)a41=ud1nOg(MZYD zBuXW&ucvKsN6?lBIvj8u!*+YFeg+tu!<^g^bDpBCp3-5K^O->FzRrboK*L-$52DwoVUn60$n@#Lbi#@9vkrAj zN8t*guB5D?>MGva;oQ=Jb|$|$!aOd_V_>uWjl$c2uLAfwLwjfkUsiwAVb1BO=*IIp z%)1?CCkPF8v~+PL+49E@^InIi8$akUA9e&gh1=WxEwajfuD6MruzbU(mSBg*OOsE7 zumz%H7RW!R5vJjMfseG< z%DOMx?Lt0Il36(0LaI8kK6_Z_?aI7Rp5gF4wLv>2sk{(7W$`jK!K$1m*g9W!u_P{* zIMQ}5+%C%hhT%cHC`)@aohlj!s{K(@Jj45yC~a4MR(R9QQg2=qWm+OmKZQWa4JEM~ zS*H?2-HX;YRl(iXinq-P%KmG%$nNoM3)osAtoR;7cQP)mlZlCEbFr7bRq)L?;?^kW z`8g=&ZEQgq)U#tLSE3wd&xe_()CU>yVdir$c{^8pkiq`{oyGxvk4c?6u#?n3 z>GUt?3|!~Z&fI04RJh4BLIXiucPF!5zLLf`d$m1&w;hHFMtF5}dQ6&4j!rlEa6TQQ zr|7~%UCzT@Y4q|2l}OZe3O;y(siQBt_+!%8M=H`d8Mm*(I+6ELuFU zz-jvQx79}hwGdLN-4Iz>{B6IpgiZHY@9Mwkl%TD<)ui0XspkeND4_^*8?PM6Ok~}t z@A+_m>~J_w*5XPRtK~P7*B8wy8xOi6ow{sXHwI57po&K9)?jFf^JS+q80C(P#z#}) zsWvmGq$tXU;Da-j?0__$=or{$HZEktxSdL%P7OY};cSH=@Rn)L4={p#^9lBJW5Q<#-k)0gmDIxW;@(J&glPSIV_+R3}#x4k`^Zo zpCz4~1zhTX&N9Y~j5EWKmp>{d;lY>(|CCJ2!};({wi?d~5e-Uno`C2MUXD2^>)Xf! z)qFvPx4C+;non_sg>tb4#&mSxbvFDq1f&@W?D>>mdtJ?I0ascD{R4qUZm*t5Ik{h?m1(< z(+D{daI=-5TPW?`<}`w!VTS{!TXtO05(U_$=9=L^_X0T577@o}cZa^4q0)=8N^{o3 z`cU1&I`BClYEbkw8H|qxtElLyXThE4uEaqdtzrQ%KLoGrSFiB)P~$dZy8bZ?hT5G_ z!E`;#?ykT@F$wrHBa>c)C|gtoZILvj&(jHYaC7pSc~yrgGY$HxV8F>9(h4x=HT33Si-3|9AImKWWjPzs6{OXBVmVUdgd};XV5*I*s`W{B5c8^ttzTfCm2nhW;Gcbd zOuQtOe*o|2+d{6kJi`2B8n&6`C_hATN=f9o6G5|@q?c8=x6Ruk^#XPHkbQ2T<~U0? z-|5-b&)Hm8!p6(pDSB7oaPBr?Nm(t%Cyl&WZ{%K?`V@uFH!S}&GtZgj?Yp_5*DdE* z1DDM3noR+5J;?_6cvpSO&*f)K`SA>A_Oxj1pmwx?t?7iN-KaJD z0GYrHPd!c=2d*>sY(W^_k$Ww-++B7w?aY-|uq?UqsRSX$iv&>70lGbvLRitO`*0{| ziF!!BC-qxP{6aV|>vz{LVQZ!smoS^9uG^mW08YDvjXKBnj#cViP5KgicTX!f9mp2b zlxBqIE7SdnlF-#m59>Q!dPF&|WAt!UTQDsv&Rm0DpA7ByXuO|$ItVQnbJc+zmbGXn zmZBpMT&)96ili-r`#m&6tCLg)jqGn;Aq~LsZGvksjiUGRZ^WN{c~i` z3Te)l+h5H<+-tQY0%AM(jr!Ra+a5kbk7C*Gx4rD}^=Js7Cy1xHh5t)Y1(%dY!f55hV4{f7WHeB1Vp+RhHxV&{k!;+Nwwe?@k!e}{= zku{F>bcoMW$>ne79f`;Cpyj)g?9u`W{Wi(}WyO%t&=o;jrP>J7d6wSI*hyyO@f^Ka z?X0KsZmF>zw>w9w(Lh%@mH@7nHw#q)+}+7Vj|Iutt$!J&&UR;?BjO*CPR2BmD#*51 zicnTUFIwL+<#+%Jin~PRm%=?+sN+IE_q3=iG~ek*_l%$%M0)^X)aZJaF;GUj3MV5p zK}4`RWM;HCWc)A~Igu2^sWvwO-jUbZ3%_rdZ?|XOYX8-!x7z7m@{kcy~@m>nKOq^cP*WUr^w6 z_zP6(8(e6r(SVOJ+3IqUJ_hk%E^|1`e5oG*XJ{VO)64{2T<6x9a)B=Ck)PN&-c0o~ zxAzv8Jg>i*@UO_Dsw$)bBPOZ>( zI6lX}BMjEY$CekM2!n--d_wkq;_APX%;}oX-HLIVekzVrTp-Q8OxG7w;Y9{S!Hb@g zQD5W`Fe-Ef?=ZYbwp{Oe6P&@ZEH*(gt3ApCH0iEMaf{hx^vj6;7Tq?|RLw{eS0<1; z5nDcSPIwdqO%Hj_!yZI*vapvbI)`TM84f7~h0Z9BRP+XE5!A4`&CM2)b2~XN7@2J@ z6z2HTEN81#kpNcs$t>xAy1np=cKK|3=9%_+lsjl;fR2~nG$=g|@yhg#Ql)b+`=z~k zeuIOf8Hh|FTk2d=U-sUY7V;_%vgy}7=#duoNMN#r0CO$EQHYlu;`8F4+&K;e%*d%W z!*eLnKc}*%CeD%sgu6(zoh^SYNx5TX;pG#D|G&wCx<;a@{#c1!WROY$t0o0;fpebZ zsZ5mpYB9-YP#0bXm8i&F>J|^87EEbgWo*NE2ytf0+32a;0n15uy(_xgaX#oRWxIt@ z4*8FY&Si37HvgV2az_`($a$q-%gXUn7IfSyn`$;ye~RwL0=h)Bw~y$PzZPB7di$ud z)U`>pbMsU1le|a$f-BJXm{b|Df=MK1;hD%MK>Ka} zh)P+EWM5BdcOorYx0GuqiMGR93vIovQAgOml${^T5od_bdj%v_Q%AH>p}_0;qv$qW zB&eINmG-0mDXYV^nrf@7b6xOVK#Vtk2pr*oVcKX%-9sNNgp zP+=nK?Zn?EaM0}Y;fAc(n0+eVkR87<+m$k;H$lzMQ@hB@Nf17QDhG2Bxmm`^Y~<|` zY?D>2U$!KV5&-Kjg*p;#vr9K{)CfjR$cC3lQ)kBtS*WkoI8gqhHOpDZ?~U9+?UqPq zt5m-)`KE~muMuh##_n#ZkAhtRH9*2jgzH9O`kqE|L3;d#_79e)y4>rF7z;ZbZG8XW zrf*gb);!GHg^NUEL2`bSwm54m2zn!v>A1`Hc^m(f2!A26Pj&fEbjflft`VDhXx?_x zZ#kLmVMW`1Fzb5~dThAufiYkF1$@hg5TTgN>szM;PE99FnZ7z%IP zEDQx?WFhc3>B4YQcKC*t?`fNqJ>rkLdVxrXyT;^0N8Fr7 zAYQ|O46?@DuftmbHMmZ^$eieyvvklYZ_(y+ZM(>bXu5|U+l%xGS{k&Q@0=9(A_6Ya z`eL2_n%UQMRVK$E>W4+c4P+11WrHnNo4){h0q1HbXQjhc4&tE@tx1n};X#~uBcV;* znhLmTb5~j^PIrz!I8M5?Os@6VvxH)nZK>vG8d+956y52U zxw!PoZ2BJ#jst7Do@@y-Hs}AYfhN`>F(=9&DyA~D8YkP7@oR;ASW<)un8|4QmMs89 zXk)a*MYu%nVU1Q8!IhaL5At^nhvZ&F5PYUt?q*s1xhRY*o-A!v^9o1aCum$9;f|N{ zystNK0Ykb?{k)b+y<{WxX^j0yTqNKoC5ezwn?IMl2heWm*(Ags5vQ}0DI4>$%meL= zTa%nU3gqQ}DauEd;&NB1fdVBXDtPGFo)JyD@yM#3qOH^?8P_~m9$h+@YDc*vh{NvC zv0MA}5xUdx`F+_jy1j{puMxp0FO5INdT!UM4{XiJ6LH|8*Db`b8-?+{Gpg@y47&m* zT?^Z5GWAkqQPiLZ4poPdLSQj`M&Bu;-z)bb)DuG0veo7tX#W8jte2%Wr-rhQ`q2Q9 zF$diTTUKrZ)%O67ir=A8%BJ)@uaFKLQkA`;Ef{At#GEocGG#3mYs`9hKii%iSc_my? znYfbL%;t9MYng{&IgSB38NG0`p4f`kJbzeE>|srj+&!5%tZ}2+nn2A0KDkA}x-f~D z({jaX^1h~>qtteKCT)%9xGO>8Fj@Ll8!~H1TUE4=-2-Y78pj%u`demKw7J3JRRS;- zsn@;k4te-jU2(TebSiM+!}`&9J?#LUcOQ~<)oU3=;R4;bP9|#9|4_Y-&p#rEH81a; z4#z5QIi2|~L?BPpfAL?67oHYmVZ$0BpBHL$bhU^_2Kar&J5kHqk@`ba*MZD$BlTj` z#H-dXM{P(z73DGrh|N0E>k(lp&-5;o({%cbj9Hz@<;ujJ%mpHQu}DwJ{#KY5MLf&t zpD!Ca{IKCdVJ;F*Z`u|1wvZBW&{>Y;%<*Ql1tp5kO0QEir2C_t<>NDW2D9+F_@1kW z+(~rnw#@S;2V|vR=-UF7%^aY=8UQRDI7%IzKFT{9T!YMgfSTKyC|3AXAg(zo3s>)f zRxHOE=Qxx^=dUIa7=HmJ7^Q>3LcGYfbwx(qoOMqi3DylMEPNBqG$oo58kKBbZJOM+ ztl84u(~kuLo<>)QAa-^!`=iIKsyBIyDU1zT3vWe<=*d{c$<1sh%BDy&4h zf*;>bl?yQs9pX>{i>Zjc-c0#Fx<)!5grb$<-0pRihjk5isF5l|B5E9LX+bd_&DK=& zTI{tam>_v@>n#F-GpPgig3e!BmEu;>ONgoOeLYH#JZj8#qi2pXBgc;!J^D(~hUz=E ze>~m;F*NSL0W-F5{OEB5ZKFh|iW-?Sc>DTVMO&#gpZZI#5x+g|AYD#lm|CabJmw-6 zGE5KTuVSZ<1~y-w*_&FPXXd^dt4*=3s@dT8)DK^XZph)&2#B)B`U-YL2rk|Q4~6wo zSc=(w7mZ4p83=%#iwKZ)mDrFVo#jlyWszBAy#MI=p7n|2z~_xx(mR| z`Uia}vp?r2d~}~Z|K}P1#H{#p#{UqnN$|&vIgLmRxLMClE(hyEa)GSs|A-48VZ`qB zX{N7!4N#ucO@B9)+M2U8x-%2wo3A_cNy(-7=vY3<0fuouH;W*pDh`(g{ zbi_W%U0#^v&SmYrUY2}Z^aC6ji;a+zwN-KT2i ziJI(jX2j6lI$3lbiz5Dm>%Ga`$D2DBk)+Eec!#Vr=fNPjGcb3J(YKD#l;5PPwgD4rH8%D#G6*g56wy6@$BWf=#RXhHj&h|hHiEUp$T zM9~G0g51$$E^mqLmJ1iM5du;@{F)rlP*$BYEfk{B&F9z+UQ07DmCP zt`g8Wu&+Z~1`0cIYd>{rx(U&oX3^(m~wJ)K8P&d)PG)~UFQIt z7QJ_reu3};&}6U?&l4&HR?N8Z-(YN*G`!V0ytueDoMIFeK2$@0EaJy`J6qU5n(R5DNGq&7K#y~ z1NvC=Ny`+@p`T*xhT`Iq3s4tX#~Dv@2b4rZkqF}!MFiWRxm zg*K=Igr0e`h>XGpTEiXsI&)_p(_oFw(%!;4?3`8BV&CYLHb7c*QE7X67ybt!=jbxT z6G`ifX}ycEkzEJ(Vwn4>)ORhr$Vi6+rf5pRU0eE(P-5Z@Fz<3~GiM^QhytuHZI(wF zmA|;?Tv?o&McUbUbE?2o%e?t2W+b~hlK9dNOppES3_gfPc3_*ucD$X)`yz_~R$~&_ z(oBlQSj#&^>J@u}TZ`%rJSKubuQo6w_8@6J$2md%0FBzzxr@Gw;Zyy4ZlacPq+Q~50QGh+<`+<{j}t)Eg|FyH}DD%QiK=YN_`we z6tJ3J8}8#rhx-_Qn2ENNK}1*wFKoYK0N4+KSNf=IGYyMs$gT-?0Y8uxnHwW-kv%IL zT8Mje@jwnc+eTYUY&o{A4;?~Su^u;c*imD$)XZu+q3kX%r$JSAsB)a|Dx@bVMu~mY zWECf4XLszCqPwNo!+!Bqd`PcxEt#bganJ9EcmB^pzM9Sn+_f!xYcBS=bdZXAS5!AaUulpshaf%nKqrxVSC<9JzD9wupxa(Lk5*9 zIHjmgFGhd2j~j8WK1sM;&@}W%q|eaB8a|izc~|cV_Z^mO^|mOy8>7`wlt{f3%lFW` z(45>i*~h0p$MPfg$d6;viuwN^vHUdVSO1RVvuGbcGx$HsOkB)BtHgiC^^p6>k$=W% ziGR)PymW{tBY? z8+tFBjc}%{3z3I>1_r*a9@dKpVlc}lM;MdMcU;!uLb4`d!;ltZiwqOh0|k1v(2r;#+1CrakYlJi)}Tvm48s5s|WobxK`oJtcJHX&O;$um;gzx2uem(#hhRduTF z*u%jc{JG-%sWORHlWBCNwZt6)goe$B!eM@0Nt&ylk+RDv!+@7ei&M}K2RVrFcY+IZ z=!YWLj?R5Bx^~1inXQp+Cfm0cjZT@JX~-JXRP%kX ziTU)CMsoqh52eF=GVV!@U(&)qtK@BM_tWe?Gpw1P*qBExbakfWG_h9cf}V77W6viQ zN*-I;aH1lf%EUgH0QU&OjaA~&itktt5{YVr_5E4hyc=x~@>K5*VQlnfbTTV1RLMlj zCa#`e>)xrF8TGP~wrHhoT6^8?Ew-`O*ch8; z1ECWz1Og!eOlWCuFuj9AZ^5RQ0H)cL5O9Fdd#^SVU;9|cmI!j9NyW-A0amrI3Uh=*uCSNahf68rkyt!$9{b9Z~LQVx3MkI2ZGW%F4 zXPEQMMIz-poKrR5;@wQeOkU|gIU`EDM@ZjbUdM^HH8}2v-4tGw6{3@Po}o@;k5X1)v}h14BM7t9#E( zeBs;khPI5{(<0dP#CTwy!T?9Chk04Eb9r<8ZwcqUMEtU5@BHS>ckpSHI0!TMN8g8~9$Pm?}uKvPr}028|StD*Q0;k?0nN4 z|8vs0Ga3K7+55Ed=&M`*qr+>Z!=DzdKekxcxA@n!7+1D5I(&M`IHqJBU82KhmFVzi z$=K)r(P1Y1v5FZ!bpdZ-E@Mw$KBq74A1&iHIA!!4s+OPjq*$YhB1 zK~pLiQ%$}U=v_UM_*_l*PEk8U);r>bISQbFG6I=RfjowrLYx<*gUi$Cwd&=3sxAYG zdKiQFnk+GNJxZ}r}4&3s_@zbh3^Ms(fljk?%7 zA591V;%NX|Oq2S$Rq8?AqSdb>ksT$ZTy!2a$kfk^UP{zz;B>)pK@T&2Ey8CX!l#r6 z=^uyK1Kh=pWf4NDV@DWAzpUdTh#pj5?gu~?=@oUw{IZ@-oqJSrtLvZrkDAjX?hOF$ zlxKy{osR#8sHF);-pSKz01!k++7Xd9j}2Y0=FSqF7AWUzW$vnfV{yhT^J7fY@kOIT zDYQ58F+*sqY_V@`iQm$~8ghM0*dZJAlXb?M89Xm6Pr52mDRJaa`WPQRUhED{Y%^vK zM-FSJA=B;?V5!o$)F^qr)Hsoif>+zDx7vmh!*%+3OHn70KHUzikHN93c@mU7nt-R2 zEQ+|Ae<_XcM7yF}O`kbA;u0HtUcG%P4+Ul=M{t%7zHGCWlm`-%>+N2r@Z`}hQ5EA2 zj#W*dFKD+P1Bzw*RN7obd$VRviQFBwg=~OJD0xxYy1YC+F{R$hrDET3BavUDLU5>R z-bEw(LSOqy1KZHRu;^z1HLY3K2w7==DqDA!rzINt53D>+9pE-^s>oqgG1Vnl3aPqAN@LDB zKS!Wbka{idz8oirGLA(=x9Rkw?bb`}AppyZGLoK*Bx28F?ZEUvcv^QfnzWv|C$9UM?%pIihqQJVBeo+Q7>}`TCQY$!up$?& z{a`5b7^x+AqeJ`8E}{A7F&(+FI;f3*wE17Osdw6F!NrS6;d&V?F%nJ+gO@bv3a98h6zK{*cc{%HE&*~D;X;wS z86^ztR0L$KJoDQ&f?SrA2TjKdVuhnC(Gx0qZ4L`FZY=GcRH>X=$thp=@1P26cgsT-i95eYj%WS1|$I#@0^odkS@nEX_(|G*Akf7}wA{ zw>#`24JK1X&v0-kOfg@fFMw)?!bgI4pa{~IOpz>t$kVdGE#3`newTfjzeiDnvjer| zlCpbg*}ACgPO;XMJ*8eO$JdlGJFhMC4xTAD<}(qc@(!j8dzlUCR|qANFtTth@U#$Z zLjyt5^eHSHGk0O)^VU(W#nSxCLooTBV?-|P7}n0pvb(Bm-B5OKE?e)HtxplE)Zfbf z-^)!lxM)`91Ma=cTjj4YT13QY^^O*Jc8_jl%uYw8rN2_y2FLZak-^xT~i%!8vOm?27lj(wEgu_ z(n1y==yw>Tsr3#rNNHZlL|)CoazkN=(-$zUKLy#bgZcG!+5M($eHq^Gk*e>gzf|pq zxSxaxnWjeu#sl21F+0gq3;F&WP$CAnUpO6oeJ}T$yzYLI$01PpvJ5OdTOM#=!NkaM zoshuU?e014)|u_{aPL;VcdF6Xs<1um0wkP!KuK^@6l%nD(c!(O0f8)#8S!+3%L_$p z%Z)>7u=KnCMhzIl!FA=Xi+>939k4He>2lM%+TFX`tv|Ozci*&ohWb}~{F`=(Tj2eF z%e&a|)AoV-UGUV^Y0s0e<%2{BLuJS z)ghaEuFmbQuJ3NI@2+LH8xoA92N9HH;WXp}h07xBA@cXmZC6y%*H@6`Oy{Bs;{25r z>kl0WcNcfKmsEsFH2%M`BlmEJ`AA1EBD24;<9jOkwVdu*I1+D?^KY&+xZ52a(YrhB zGYg^r42FMC2VBJNGo5PCRftEU`uUFBcUth84kYm`{+%}~F>Sq7nNnww?{`E$?$Cdc zMubJWpLXD!{jy_0s6Jj(*{%M*j&sBJwU6+M6O>7%`8L8Z2;hp2vj^;HU<>uSQ}nb% zxBbgtqMx<6tY#h)jYPHu_97o*)sTYi=80wStQ_PsTcXf0&s5_1*pHIY1mzu6F>$!c zip#8+=`N(37L}s7L@kvoHkYv97`UiWrX^H&;iW?B(-usLJkli;P;u8(tQRXn>(_L8 zS9eA)?IhL_tC>)E6xOBJ(YnOlK<~}doQ7zG;1-HTLhrj%T!O>j5rNP-9y!QviI`4z z7rMKYnq_j=W2^3QRqN;~ba!VJCVNLUerFYYWy+{{cU3LD=+$DpQxs} zG49GIx$%wjufb!+9G1bec>^Wm~ zj;snlb6JU7P@nksc2F09_r)pqb8NhY-p3=?MX6_zR)L0(wZ`d(J4P34y z85iWQnO+cW_Oj8z)u(*;zf+!1za(v84My9#f(MUJXr41BrUSVKosW>!4& zGnjNeJlYaV(Wb?nLt4$ZTl{Z~XIp8Mix(e-{yPd7Vw} z9*T%B=*T@aM8spe{1dv=m(p_EXPxd>okJ&fF=vkIYK#u>vNB;B0%9NFZ8BZ>anQUF zn*F|jIHY$M7o6Z!N(t0joJ_weYQ3JLTk1++gV6tiUUT&DSwGZ zH)VQlOFmvjoeHk3yuzF4q6G!N28!` zG7cr?8e|ZfL_xP>KwJ*V$+Fu2rmiQ=18h0G`~q2Y# zF~fEzy4)zyeN zw7EBGu~D&8doySC_77!Vu4NyoVM0cOn@Do)t`^_Ltuvy#<>|$u|IppUn!H5s7OvE% zLUhb#yqo8buEF5ibrUHzyqpGoeI==uytGBIyf);3VO^GBxfD5)(#To0QFQIhg7BB%kBozZjZ zD)~ZlTby!HOgY8+k}_6rixQbp+l7zvoEn+Y80)^#ktKb7I9zM~jWz4KntON6db(yk zRI{iOp#D;eKU5ngFBr6x=Xt6fSJxV5J0d-s8ph+$Znr+GN#5L;gosdW5O=d!`JaXE z$H7iU92df9|A#e2${;K!{wGWt{LwN!ALpYHxv+1BHr}ko-l!!_^?oY)VG1xi0_Vr$ z5GO=aQ9b=5da=`MwfS{B_HGdDYyz~Vh4M%k-ms6kkS5%k)HXqNo?srCZa{xztxp*Qj!5lPH}C z4C1rYJL%Gr%z-oen+Ajric$Yfr%uGzE0)_dTbFqY@dZ>f{yC+6XXJ@0a;x!1TQin98n}=m{r5?nD++x-b#2&drsv*tmuMHDP-ep)OSZ&`m~wV+f<1uqRa1&|f$K#K58)1TH}Xm%!CWhzKaLWt|Jk5qBob zR~DK(R7I|tAbdQd)xDk3C7s4bn%K(dqn+06omSp8t7amH3+S)qxxaRPi@@&@!{ub01YK^VBVX7^ zM<(Npg^}bQrX)XA39sEq%@TFiQNMu%K8>}$Hm)^FNEPk6YP^q(WNErmdy%e6!Qo)qqJSs>{>P<_~-bhKXxTHKEfs` z=8Z4G`Uk+xz``X+S4=um@|HN~mFfeDb3W(;kqtlBk+&xfB43wG>>~C=0!SOu+O?9B zKxFv8>YyY6}(_2L1T5AjG*9tM0 zveQk0HM>q=XPL<4%#9!5=i3FYGsW7&oUVtW{9HBD`Z^@Y*^r5bAdaKh2u4HdS{s)r zkFSp7rX5lBms77OWUx#dgw46(XLICl!rjC;BH$ z#0zUh#TWaI7kdx$pXa{i0Z{S27yY{z4L{xR(|g}bf8#m-@Dl&@GED(;ihs19KF4=X z^}W;lOs>VAK&URB_zw32FZ!Wpg`dtlUgBM^h*61Onj33B`L&^ubYJQici2+^zSv3; zyd25_AMoH4h?q4nxU@?DudAPw4gdLrz$2|T>i@h= z@+Z9e;audH$#d5h)oVrL<%!0ci8kVvn@xT)(S2`X;e#Uc#Cc;PXkbq_TW>VSw{W+M z;uCzS*{*+nP}E-*f=?$#Kbe^PbYkIt-?UF6(qZ9Oo_z+|vU0em{0z;BIbj z;hq~f5BSBq{P?<`H?q#`bZ;E*Zf?Cg&V6khci6o3^>K3TT=&hu9r^i&@%-op@uz+3 z8Q*({fHRCDI6V^|kISrWMU=xVW4zMpzRq_{GB362=W%kG&$Zf5vp1e<)sMF#I%W_E z>SyY8XF82Db>mDwJoB;E{MV$Mgn=X9c=}5OCF2XvI1~sqzJ2cLPuS~^J^g|F|94a+ zf)tIW|GGl2yTblouXxwXe+K%R`_DH0842ci*}wb#X-P;q&J6Yd?Kh;C<=mzVch`+~Wa@lXh+k^dEzm8NWFg7zNB}&%ECB zo6W(R=G^wp3n%{`{Tv0UxG}O9N~3Y)@mw z{AaelV(x?EyWLvs&U1Rbz0_V#KIrjZBt^*Svj?occn^^ydAG@{0ukg)4Z8jHoaW@Q z^{><1SB*rts2-hTX$>cd0qPv3=I}-)2&&?F_PA;I@ zBRP{Lw}{W)cAN7pPIIv(PT4(pD){tt#eQB@vE^)zBAFGJEI*&XNabG`kF@TzRYNIY}1(N*vy#G)PuLiJL9Z;v?V&ho0yw0ak5hcq-t`k z7%yI~ushjPUQ+pJH9D}_U~b?cHFk)|n))`Rrm3NVF(7fhi+_fQn`~^ezxRF4_r6c$ z`^IeF>hB$ti;hx_10Rok@z>d(%FR3|~*T~vtilhww;vB1MHKa;? z@7TjN=P}OnusMb2jWa<<+t9`{UUS}HbhEQLU|-hjT-jR)Sh96$wD)Z-c35xcp}p3s zUTYFHj!{&+Bg6kz_Bv&M9R#Sy}#9*zt_6wc^jIP zjHDv_9B)JNg3Q#6?8@F?bua6kZ{E=x+}T@zQ-e}ZCB&HuYv6;u!6Ut5GDz7$CKXGa z3ATPHc)f&|M*_8|=QcLNFO5$rWXR3UVYbO=! z2vrJ-2SPC8FIVFxMck$Gnzo2M)!#=xF1d{GE!KQ=B=9JiVY0dZ>UF;9Z7(*=ZdZ>; zpZHvUHDYPQ0~uM$G!1hU#viZ7O^LYs)AA1@|Lm8FvA7y(DJd~RC}snkmvrP zL4JVN!m=?{3S*K=5!s){et`J_tYg}m5BdBca>{@}RA98dY*cXNsP?*1Uqj4c6O(9S znppJPXkrOX%*WwQ6Y=p^sByCp4&+f6MJ^ry>z78PLuIzypGP_O(4mG$0;s;wRR^6+n6S$;-!?FY7{3HkB{(V~d5L%a*LA6E5_XHx;zb9S zQxoqX0?iQ!G&s4QSCIz>2nFKGY5-2I`Yx!biz~*x{Vsv8%W~$0xOR>6DtZ~7G0cW%RrKi~F|9tNXi;t_&PiX~>h0H*9`nz|O5#NcbDi-50WA@*Ie>kMek4W0UU`I<~rrI~L34 zqUH52&5V3C(D#?Px-V`#-tS^(ITDj~jT^3x>p#Wm$Zc_b7w}PZ?dG^%$r0nmxV}#I z*T(hLvj2U}d7!`hviQKI@tKW@BZf%?N(_2)CE}ycB;xn~-L>y^Z>Dr_Zw72S19sG4 z-(6L8Pt|y_-#900{w}Le%et$p`cGB*c4pRjs=xMPKhf9&t48d-kVGhF?`>{eAC~*p z-P>STfJBiYVJK>*r5b~Ak_?92&OKd6mJaqkTvd-%jW@q{%Ll6ZUb*Ex)sC0@oi+X4 zZ-#eWJ#yDa8+ScPjoeneV)eK2z1yk|ctQ7fH$G>CFkE7O&Kc~xzoH(h7$5u_aok&lUlw9`DXyQF{c~~swCtaX*FNfZ zKJM>+G(Pl5yg|B0HB_PdlsT{dj+SFE`G1nG(1)tY;8A%;2zc=eviMD7o3-yuf^Uq- zHG{+uKA%XwkkC&itfvx#?^o67S$~9TVxLy^N4&x)RCCP0sG|phBL=z;A0Wi&;_UP_ z)e+K_qB@Z7#uTU7!UhSE4v2S;TwKPN|cy20Yz{|VN>rWGRsoaq4yC_ z$t-bLoS-9j5B9y0KQ5EzBomJS>uyN?~%LZL5{Vxjyd}e@&4pUK#AWEMXj96E5VDgr<#46Z)bAJ-smDUy%^0-8?^`&*g}5PQp1;_GcvYsj@#M zk-s`&T}j4kaNU5lYQS4L;H(;GT{+-gSQ|Jl(HK^&3n6PDJ}LiQ-%rG2@*kZSY)7P4 zI!}3%a4!##|L+GlM(xYm@+8qQgIGuJ7|>T4&S{hN$&;<6lQVY=1gi(e^LE1J0#PBn z`D}9okn%Vv-Wdtf8$^Gnatzq$Y%+#28XO4`HD7;#|Lm|m```>=enJblluLn z`}bti{R6=R1Czv(A`1~<2vdb-=MyoJusA3!-$Kii%{sM^qsCilA}a0xR>Z{z(dVOv z#^}P61Hn@R-A@j9PYlqXF(Vz@fNpg2@}@_Y4$*@*zt@AKQu@%8dswRJ<$+*L*aNA^ z^Fh5R&JpaUN6s1QCr~4yOCJoRLX*T>ZTh1DYiSX~--m71`w}r0cV~To%4ELXw%hA% zsW;jz84oeceA#$IJDN+B9z{WiEWtpNWUcPUO0tAVoPEud!WIGDHz~3etp$V)*w$_Y zqRt8pN>@=O7=zLwEA;G$OJwmiVRtC0bNFCrAql={(?<@{odVITMD>2r79-q3DhsCV zF(;Sl)K_hb{?V5FC!N9oBAvRysM|+&hs*(_)f1z!K>9V-=LG539rWvGCOAQ1zgnq* zaxCBI)*=AP!Vn=~g{gq#enjHSP#^hQ7I>FHixR*>{a=v!;sT*(dMgH75$G&Jz0g=i?=J5 zSMe<~{^Vfr%wX#2LGSbY)E6o++tU;R*x?Pn3mJcJVHgJ)cc>xASmgVuN;vIu5;m5p z7-j3tHguW(##S?e$ohqo%(kym)|aWaqf&)~tOMK5unNmeYq?pwq7>AJcLE6rt&L3_ zz|5jD0aYr`i)F_5^P>78vdIyhTVfrqzBK_e%0{LFk%~-8oOk#sdpyVg_177R_~>HG zROEpF-wU)yCTwd&?F zD7^Tu=)8JUhe|Ls&=Q-QQ^i5rWfDsq8N+~S6V*sT*@C2|7TODX7Um;*EZ){lBj(tL z(y0g2o7SH|@}diZftHh+VPgrW-IN0Nuc%GeDj>f~5frDW(HSvkUYd?xl4isNBLX+q z7G^0lM5|6tzgEo&O`*kz?&tK5h}pj;8hu$neLFavuFW@#kw}xdvAj0YYoucf>6pJD zwJ;aa;~^P~sW>fSqDa|Pe7(uEZY5*I{gXMZ-p@rmX%mTsfdBbcx1>PYfDc)4GD7dY z;hk|w+B0**q=JvPN$J88$gqun0kb+L6a9+mt~J9!)8x>HEzLK3cxQNnekm|y`_d$i8W*M#_or!PhCE&yRuoL) zN+@B`M&X+rwWyJ;z7)5FBAsuN&L_i%yT?lYMILUzWJq)7kn}ytW14N}^{P*LjL&-#zweb!3@-@B zHB}#1QmYx)!TL**{Ce})v_2{Ao|qo2_hWndk%>e$fcUG@kKOCq?L_42%u%WyIi6a=^ zmJZFCnUxOp+XXsAl_Glvin!T-dk*n5dQKLd{jQw82R+cdHy5Kr7iWha%r*3Pyhq^_ z+#je&=)4!qA)#@yLX`+89taQ?1}2G;8D1hm+tceen;PB>gv&&Nn_E^$U5r@nT-DVQ;L>>(^xedOr4czW=ZJMxXxN=+haJj2U)H zQY2)M$ZDcfLD;bo(Juy5=C0#UYKooML_fVHYEucuunz%?JQIOSMNGEF5K>G-*3=q2 zfhRg;hsm$0^vC#37I#P^vxyrrjn5AqRT|bYB1wX>_zfC zn{c9Jc39?ur`sA`-4oeP#3_h!TeJa>9Hel_@1Vn*z@)Yh1%TmeWu#`!>>CyyY5xx+ zG|k!=B3sg~o^6Z1)b{Vu`)V=8t^0cm?QW2ML2)jhFcQb zYy1q0YBh;(@RqB6L(iJMOf6ilcqG7CO}6lYU*YJa!#}0HJtZUha_n2)qB-GByB4ME zCoNzJ$x5hDUcxZEkaO8HQ^RRl@-j?47hO1{WeKoyj;`qwYVPs1P;b^4n-g;NJhQ^` z9Il=*9+q0v($r>*^tz@{188azO+8UdKVGw*tGUnCCe{0}UA+}SuLhGNYzddNL{UtV zH+HNL+)-Den`%ExHtAh@4(}|jffBEG$DjUXkEWC{`+iBPzFRf6nm1- zCSb|~VZPS*Vb<2oSz8g!rqZ_AhY6AwKGjecGG1ro7+Fx+wE5%mVBb{D9d8 z;~j{N77vVW4H=y=bx3 zl2ehleQsqH=Wfie3-xk~f`QIdx7sMjITex{LFeqkQ3j9mo~=Sp1L`B#h+ z^jc%wE3Di46Yj$nUbS8WjuK=Af6aV4xRghGOkkjE2Pd&&($brokX-wsXsAV!+3dIkTgf*7f8r)38sN8 zBa;|f13Q$)M{^3VjnIruK9In;L%JUjK)BA{@$pAfn0DPGq@3=03306nk{ysfqOm`&>hSAk-B|u?!Q;mTPkh zeGt(Y3!}SG5%gd)Baj{Km?Coog+5{Pd`r>#PnPK9=95XwG{4Z1C8)v8M9EtO+r>IP zof~6}&3EC-oM23B>75C5y35qS=AhyuwLlNkilS?<4MuejO2(-vss)XgRPlQD>nP(h zvGm2vs?_-?H%3^nMOwfaj9i5VG|og=^A`2*oQ~X0|Hh~WGnz)LkX%vMID%31akZ~r zTt#S}!B${^LN&^4l2DzPD_g4#<> zHVH8|w9Z&1Fgxso>WOuXp)xf%aA&Gf$bK#7DXW66S_)z|v2*|;*y6n*Q-nIqO_U7E z0te?gUaO&+ZTApL$n0hP(mO)AeOA#bS!O^LQEQAn-srUwJ}31crU#yDbvivJ@NT{F zXwbEN{oVc5QCrFI{YjbM7{s}bvM}Zt)6IhoPNU}EaUj3i0W>E)?Eqk zlcx7utMn_Nu!M^BGOMm%ho9%vkG*Dw{~fZHU{3SMMC3NR%WMyVL;<}k}j|+!BvKyWvtI4iT}}6 zKv{^Z4Buo2iGbp`BY8oSLO#=)2Y@G`Wn28z_!-4Qm_d!J_cr!P=x)8IITyS=((K{g zMJhN*+FwPLtQdGRR2=Q1&U&V44Dq8fGHWDv>LaDv^)3w2H0p*N3^UvW58dW$2SC$f zICdbC+9bX&7u*&+vS%st2vjEv)agScP3041Vqm*kSyb76UO5L#bZR@PH*=u>o0RoR z0Q0|=c)HM}_;)khJ!FKtTk8i4;XgaAAYjeB*+jYjG3))ayeMlAzPw~a9&p5v1pX;{ zXa2X*pZ4aALS?VmkTouWk-NsSiJ#oBqR<`X> zi{P2hO|xK4jV&M%ePxI1i+~9_mp>|e>qWch`xzgs*?fx6TvHQEysW(c@atiC zV4DK0e6W5JOmewX`&YLPua3b2{k+9w6OtW*r4dA_iNIj)W3_*zlB3MV4Ja zye`~UR+c5;lQJ63HueqBQ7nY!O?UPp<~ercEmisn`ZcxF1@mg+Vy%Q?;AIqh=Jj-bBE8C$n`)5z{i=(y)iZu5pVm+!vk&8ThAJ*8(6 zL@VTem(=+trK*h?Q2=pX_Idbf8&L_oOH@JKrGI5i#H@EPm^z#@Q*mht)JDcF!?>LT z$0mJqJGumn^E$YmD5BosWMey)^f8e6p$>mIjDC>hQJtCAVBm$lgM&!{H{m~ zHj*t2U2ANcPQ^>MXJ-)BQB1G^lpD9IBNC!SPVeRV5asGg?NE7XG!?M zNF%I6b<#gV>BJ>z@EW#)-3vxz3!icwc2Ns|vY99<< z0(X@$Ik?V!H^+inlefP_uyMxh+#509G$K^B;248CSXbD(0AxnKt5u1!WHpddgGuSXCDuF?$h0~+@ag2g0)T)JWM zRXvV91hFf2nf1)cI0tCp$K*|HY#xNIUbm*We8^nxVk#ba3OldTP#jPXuJ5=+&ARSZ z4$q;B%gw(U%S^T0%!i+;@bh>2d;ipbSoPnBZdc)1XVia5g#TPnKUQz1er5fKQ_b-A zqwBxdkKOyRB)B6ML6;ujUq?J%1h8~MLUZNUG8EpaTzmgG&y_c?6e9jkvYaBiMCKgfOa z6h$g?&Rn);1yG_SFiGX0&H0pK1@MTnu!mm8FR#84-Z zouhuKja5DFO@w>t+j^`OJ?;VSZQV)BUD*R*pnFJcRZr0PF)lwA{>S>QdkC@-^#yyp zxM40S+TRwivKanC2+2R)h+}RiWRuD!f6@9L^lc1{IReJh&twtia83Jv$Z2s?L(MC4 z&h^+qgBx;s6?^}toW2!YKEDZrWu^fX_r3FDD{}gOJ3n?)&LRgdXQrK|W9q3x+W)%8 zTtZ-re`rmA(Id`e|Hzt_P#5pmntg)&a$-#{t#P+zEC)@Elq0!L|6i}e1oGW=@e^z7 z?z#l4ZgOqLdMyJwe6${h5FT;EBd4d$qA!E4%v|&)MV@Tzk4mqWB81s*(5Z@FCiOSK zn5ClFtbMUruRF3b!KGI#zyr*jcbx({Ft$?ZTa|x{igK*zUlz{oT=WkLM;87-(z=2h zfcQvnX#HZEJ(H-s#>hmIlLzhU7hV3px`HL$(Qmt=*NnB2YKc#J)7M_|BdTeFbQ=9P zq|>*@M*lo^;>b1Dw_U;ic1`f#*L1PuCUG42$s4;`)^?}GhLpIeTi@1Q_+vLEx=}Ea zW_S3?iW98e*88rTdpDgyoE4$2z_FR`r%moBP1dJPg-@E|!g@G(iE{5wExs$|UYy!mDKJ9$*-BbU4|R(8+wlNv7GS*m77YGpdQC zAKB7usqp&-`KFwiPf;N?$Ck|5_3xbBq?&+oOR?qHl8x_$rVU#1%~ngEGkleAb=&e_ z+4vRRO;lJ#S7U5`C0i>K?AjcjgIqVNSK_!g zyu#ep-NxFsu+0ss&lUVR$Hg++Zw#pcw*Ca%2$SDG#N?M@Tg;YZyGYHPA0bgeQg10H z4gYgPK3Qgo8sh&JHJaoYJk($5KAG(O#BwPsrg(NPg!@ zs6z`m=jQYg-<@|VTqx({fz6nrZ)@bMr>(^4vx0>fHRg zV71azbA$pfGR*UoAkX%hFPRcFBRK}H8e4xH0;rQ}64Gti>c+JdD1djomgr~?oIYcq zk-l}Kb+V*yEjLdlK*;=;+P-x=px&otes4v_ZjCv@L0ilRF{c|r*CyN*V@K=riefgz zoQ_WH0lq{`Q{d52!_#t2d~fYY#|^R=;(C%zf;y%O2^IdC9m6vi<;~=hcx*5%IAE`I zVF(w={WYyhy!k%8C%Tx7{|h2L?92;DBNcVmg9)}KmE^~y3Z13(WNMXfiJVH|(9OUu z#tLVpBs6C%_KnA*Qq~cJ-Yvu^7(B(V{K#RHAUjR@5uJ>f$;f#s2|+ATUnub&O_Gn) zA#D-+JxoWafl)gN)NwT71!P;31lK|Lc~~ALT#KEY+p2ZN>m+a6Zo`b0>cBcD((V~j zQ(6kr@?sVl~GiUj+Ku3OUo-bthn0nB7RN##-SC3+fw)dwnGmnVnHZ69y>5)~i zh#Z+vCFB8%q*;D0MzOVcXCNCE-NKoQVj~Sx&zqvUUM3%;ZBs(7Zts}~>e>`NTc@q{ z+=+U~pBA44lmMesV0xAGxrTZXskDA$>d6{u`%Hzu;y?P9ekHq4{A0Wc_~n7XP=tg$fdVv(7c_$HTtK zjo0-}Tz$jS2xhQ%jeLW$f*K-`<9P!Sa~3Leib~SV8!;eYnp0 z8I2v%&c@g`vB^G`In<0S#SG~N0g6{FtO}9tx4JA6axBVR1X-`o>T2t@2(3Z)tmt8D zruYaXL?ix?_V3sF5$!#!?I&~$tjT9|)6*KVjXkgR8XbEXC_EtaP#dVk#uguM^@2GW zSUGHJSUONXC7*$|TFCM*VU5B#f(T>adN9L@kA+H;U&3cQlhE^hN`;^f^XFke^o{sv z)(WAz+iWNfrC>MIz@to6HFvT2MIy)V;^^UZkAlaE;zki!QT8##r+DCft-Zn$O~geb zx^|Pe1!@cfq72oPH=;OjFmNPjIlGOyy;z4iYrF-n1a;FtBj@*hsuS^x!e-_i>(JOWlRbBaTE)!F|R@dzNvVP#!x5HHu!<|!L>^m=P`3D zXelK7vQ32gyJ&|+M@+f{JCBdp`$e9!2vgzZde*r5*Aqx z!{df))%Fql6fg3IHC~gh?O+1&qWCa?+`+zvR*HMVGM&ww9%BK>Re3Ar8tGqI({kFk ztXvNWFalpefTiB2ZV3LHk_tb9o3fKWMyul$ zoIXSrnI#tC@mSfVjy8-|toR?Qf2j||88J8fJd%GXCA&Bu%X#_ETuZ)^I}O9WQ`6>W zN`I<|A>>tm8U`m7T=z>e_7!Z%e%L3f|>DA$>g1s8O&r^j-#s(zjapw5+kCP{79%w-WYo+7i6# zK8OZ0E=9tmx?m^QRE#}BwR9AO6wo-H>pd4#BX%!U3Waw&*;Hm$WVw^Y7>_wXk*96k zs4#2AZdK6HB`URwb;3(kB9YDDby293uUYbCi{cIK#Xc!K&_O4j#lS5*O)cn%*!}r( zE|+h~&5YdYw3<%bWp3$P%<|o4?sc=}ZD4x6Ts0C|2>m)n6Q7olKZq2R@RhKGGC4Xe z61APb)>v(&PiPFSl2nx>z%BgaF^3}x8vUBoUiV2l5z=k6_Xhp85*Ji^m$m z;yWgG`LhL*aHU(941cJPGxaw5mw?S~8f^(KhoPa>VlFvR=|`2{XICWlv>Oz`FA_u+ zAR9hxV8M(Lj3|st0690X`&jtTR~93WadPZ9FXFBrxm>SbXH%2lX2=-L*s+9PhtXll znQ{)+xt_?itU*P_-O=jLNFyqmd`QKj$+|@pCd#p~w7^nO#=}q(vyPY_De7qSNOR~W zIk4Xd@JI9VbQfa-AOQ5~*fl*CXDGznOHhRH;8sM`5-xI=y^E+knmIzl;GmN>FXVWb zj<`YOV;w|3XLEN#e-Sytmc%+>Tu3_BSz;J%_&Zr++K+HYhf#e{U~bKa z70*DIA4WQUOl3xZ2#64`K(yf!vn_qe;H3`N7>}o!LbQ1#0x3e8JUq!*YJ+v{k0pp& zN3Jrek1OjbWj?8rPe}Vu(*85Fk8xO@uF-yn_*h2T=O=-}C|Xl&@~Qs4{bAa_R^6^v z2#DeDb>wzq6f$TMrMO3r#^=FhQCtAh^j)g%9+;#1fb`7kHUR{bm{we1;y^wQ2Qrb> zxXE9_!NK^$zC8vv8-;kJ0Ys!Q?tTJhOX8c5nYp}ZTr8I_RcA4VGb6{DRZ(uZJiG4x z#3ae($g~3z7ED!;#{Kz08UV{iV%ZKn1QZ=mimoDo%!8oh?l@irL|RP9zlPv>&-lV{ zSeJy2W_jaBfie2O-g1fcpRK?|H(J13?m}0Cu`pm)$!h#XmN+x}2-E&NZGMKU9`lL# zhuiR25a1y%w+p@A7SkIrj}oN+j&ZWqOZ9J0*1+*yA|~rrn5iUcJYYoLwuUJKXr62) zjxrNRnp3~%#s&OIcl;F7`km>0+8ukfs^6~0|5{C)ZQiKPGu5f)>@&=iZ~o3qhUaX3 z8crhaDtaMt$5{k83SxHS`r99#o~o1H5@qfNh{d3u5zX1d)@TB{W{ac8)t@mCOh(BuUEs)}Rt-FjUUJoGIIi_>A*>yQZ@+{qbyy>1`2FIIvsTn)j>^sL) z7nqw~iU&KkD(Rh43{EcEHzk7=RPw#v#8$fLRc87Rrh64Dhj~@n_yZB7?%mb+T~+-+ z)xE!(zRA2*-D;}q%#Cg|n{P1P8^w=zhk4-Lruw6~)$OpEWEbn1jL^}NHo808C`RgI zrK+qT8IcLvbuV8|6_lCDeCe(`V)oQ?n7`YjF;M+)x}Ie_YS=1-QK$1EvW*mN zcSBp}GY8kxv(Z($l(I*|nk61Hruq!!Zt7G>%(f`<$?_2YBc%e9nk*sRi9r3Qt+P8in_xzx@wt7GWeUW{c`XuO|pYf~f;=3UT}e{2Gu?q7cvB|V z=P!T>VZP}C^Fu9hh6VB6AW`3cv=YTZyBIr#+-)`7Z9>G|0RO~vsAr?d6Apu0 z;$d@qvX0q@s^-JQBQC*nh$>Y5j7NR@e~Q1=Mm+0vjj#9UFAAd$k2{58^%70lYQ6?b z-+=y2hZAnZjC@Q#Z9b~iWBM>7+W&NzFcZLYX`4Cq%*ur0}$XCt=+8CxI zL#QglwjN{H_p0)J%8CXPqDGRy8g+%8z0h_qu&wa(baj;-bJZX0p=)gSYCE_FC#t&I z-uhZQnOA?ZH(!m^;oNIS+23IYt8FVAjmMvvn6v-gG<}j?_3gV<`EG(k z{cN(e!{K6gwVib14uayJ?F2t)j{$!82lVXhaCR`(Wq%eVxHS)kD-trHb=?mBvF^`@TYt&-4 zN5y14fiLm8HoBWx(tBF#Vb^ML7s3o@M2p~+&G5F0rcJo{kTurZI6B5#MA`5S?CGEr z>>O@p6ODnjZGd@tg`t*c{Qz&0^zX77WVL|E*-jVSy&+^Ns%g1f1K+SYmb7Tp zC9kms_Avt^Z&F^N7;+OeB<^{@G4vNQloA_t|RMY!q=hJfflXBujXQf)| zsFR)TP9gk9o$Bm-mgAl5xTiUM-|8^O#17D8X0ZU|$-GKVgFDBdYG>e56QIfrX| zx^;*<$LVqRb}H`nIA8kptY}-XoAoOz8MkA!Jk}hiF-AlVLcYWBh$2(3wuhYo3%kSk zH?a&RL15T8H9MQksQhfS?`lq!CNbo8(JNWu8X9l%3N1~lMb?B-&~=eHk%6|QnBdX8 znD(ER$5$6rfFdp~rHtLlQMEK$3_m|r;jR>Z4uqd;>WAvTKUV*zHT-3K_{k3yBsHJ- zld-Jd)bk~_uf1mGs>yW0MI0mq&uh~;3B7^){1&9Gl2LLy8~^_TTXwTinp7Mv54ciC zfsr&PA%m6@BNreJ8>LKImt!S^$O;Jn_{3xF!4|)b#w~feqQ$JeDdACWiPGGj>!(G`-qc|tvdb6|yL>H4EWnw_r+Mry1dS0GT};dXF6Bo%$!qwz}u zQ9kmN*B=^7vH3eKh>ucdEpwPMaBAbksN#aW&v)yR-TnS})a~f`-Qfz+{k7*c=E=XW z5cj$0bN2jH|ybk>2SiX;ocNewSBc=!p67izWCenGXZAwh!*GcJ(THg(f*MsQA zzH^b!0&V>!vD#1G$z~aaZDpuO%}batXD)44KA0!TIO50%&%1@0Y=s@?8{thoI6?fM%(Oh zcG|x}v3iZdJ2EURZZYb-z6>mK5K>6};XT-DKF+IgSiWNNR%Ee=Ug0Kal&9hnSwCwMCy_~Cw# zK@jRh1@*3!>5$;V_eAiQYVcV5p*^vmON4$54w8Tl>)(l5<5>MWC@LxiPbEK?bE2?( zDZkt-8l3uux{I6`m*zz;&Il_|UtnTYKj1Qs)_)e-)JU@xt|5hj`(Snp-Df#ibb)1! zjQGa6-zYk>F9)_~lf9T-$MYEZ#tDA~ISyeir=E~-JgLWw?;-3(neQy)t~!nY3XZty zB$J+wq*=-1%M(gfha{fR6C9!+=S05o_cWuo2F5Kx@P+66%d?mIg%kY>GA>~&L<1+= zoK}oE!~`VmasuNy8#4@u)n>pKQ?Gl*SAw(`d)xE=>bcK&Mp`V~>JIN#b&t3e@AVE> z4|&1sj`5xoT#C(KB07vqJo7@nv#4C*>8psfFt7IPYuOvudHP0y*;?skj}h~Lr1>A+ zY8@vKU&puVBRIyllUvCc_rxfl=84hVm3Hb9JA0)a zy~IxM6FI{WKEJv7+-C2>=G+C%!CHTfdd*j_`n$a4t2g}v-}A>DoH(W>ePoM1 zp(TENOX4%{MYSrQyxJ!U>K?9+-Q>GB`-GrA=z|M3xWrF>>qVFNz5{CIzr1a}Vx?Ax z`~AoGZaQ(cUp&T79_{xYA2(v04)0{rMSs&LNKejoEMJc_^4K8-|D?#g% z0Wo<`1i6=kj&HG}``@_Mzg+7JH~uZi%b71+>oYg^x$CyOua$^Fu-#iq4!CWn25yh{ zQYrm>NxxExuPr4m2wqhe2l30j*k#z2)Fr`=mj}sJ^r+yT7ntV;qt6S1a|55xTjgN% z;-GX(iq1=jLFB_egX4!DjtLbNun<#0vivBK@!N z3oVKJ{RP+fN!drQ@!hNa03h~Na0k~+E>rWHHxU<`R)6$oKHc3&RyCJyX!dVy&fU_yomThzo%i|4d;QatyW!pZoV(xO{t@5$`FhTz zn*!sRf^mA#RPU+-XdSfo`#@h9#Lo`OjidfeL2z?`FXEP9lhuuLlOvDi-4-C--xX|i zR$%1^9X}d)?Nf#m zj`fZ3)8#Yiob6lgCTI9=hVy>s$N6Tszw^Bl7)Fo|PxW^`!|%o)sLu5loa0**ul2WN zZ@6n(hTcg}f8Rrv5-DMsc$9X+18%b2D+Sel2K)P3uoO4Ith6nv3xLoaK#yhciDbk_ zUWAdB@jbw1Z?!Ri?!n>NsOGz|e^vqxf6SK;HCK-33#x8L-ywGqd&rJl^p*(a$H?J# zHG-gMMi}OYBoMqGc9$V~in9*j%LeR$G6)4k%t43Xn6jto?VSnsR;Gsu$%}5q_CvM= z8x>8X1rM_?WdYhL#=Nb)z?kP0?fF)py|-D6lA-5qqUR+xH#e0s*Vg*x!Mf8*n1_O* zY%aF<VSp_Y!LLwLlpL_=L7D+MF7;H=}haiKFTs^Rw(CL-$i zHswmGVzwpP+}>ui7TTN39+lLC>Kav1ox60X?gP7~*V2R+#d{K?USt6s?E$3c_SvKL z*ugQ$vC%Q9@!O0`P3)i0G_g1#Ik9)b$*SL;(mU8ZkeuwAGY8y3dmuUJ4IHkfrib*@ z_|S&agK2t3>w1;p+{}*kv$L%Aty%FoowKbux!K9Ng$hV*3MS>ZPVN6 zZR6V{wtoeKzz#h-F4&>GV{`|1$6$x2)J`*h=Lt`hGP3yTkyNjYbmv$}f;_sT< zW&7Paf0W#f<$1&1oA%s(j|2BID#nIQG@k>HPS1;PSmt|Xuiz)?y*BxY98c~Q|B1Vo z_Y?bPTmAHaeT=Z zQ>P(CeCFsc9P3|>{t79<{Myk=B(&;KS0CjXN8;quzLWJIDVZMbWodnFMu?Gi%!>2P8h z2*TOSqKJM#MO?P?6XI86M(XHVDuC$cq7K5V7b8Z%P8l3C+^kbd#MAnvsNncu#f?NP zQy^djO`~5=5K&jk^2LV-h>!abTa_)C2{!C99eE(pj?$YpvPdQs!YP^v@n}i~5*{hG zM$AlMP~^ds4FnfoVC-7W_5KfG?*S-BRrYbuIdjgmot>?B@7~@^?oIB!>AgZi3q4c? z5}Ha8L_kG-2}+QjD2Par&>|p^2#6q6q>2=2uUG)33JBN{5We3tyBC7K-}ez_c6WB} z?93_8dCLF!KRE4o;ewmgbASihoM07?AYOK1C=@@#P0D#8*QL#AN&fW2o|X)pXAFMz zGZXb!vT<>&+tW=r?h%-?)?f0km`ZV_nN%eo;D;b<`$-RCj$)B6p z?~LE;d5QYq|G3xF6Lo%iue*Madu{vpy)Nf|c4d)<|443Z6d zPvuz`$i$E1XNAJ|3@H_PN1ol87IXKW(0MPnZ-BZX*rFQ%%;fLT?wuqr)B9rj;{>Cm= zx6mcz73ns)NT2PW4O2$J=9}G8X2;;u;3R&lD9&fgUMblo*p}!n9wN{iIF7L$b?_;4 zOgB(+TTjBxUncE3h^C8e@Z((hx?J$X+{hdG;7|G4cjdTc05;Sx83~@u1yAK%oXBfc z{5;NP@3)!o$xQfErZj;2g5ix_6OBlm90bB_2%bjyO#~8?PQ9Bezmc@{2&Q7 z;P@slVIdWMe~@3cA*mlt?B$8eAH0~4t|ccf5$Hgzd9pT{VM{bmsTEZ4Su|&GriQup zN^Q?(MllR2x=cWtEogFE`@yKoIkbR=RT{AnM34yW1?V7iYN@;EzR z%Xg*^*Z4}FPPg{u{K8lA?#p?7N#b6dWO(mQZq2t$7G?9#`5ABI^E`C$ZoZKI)zBMx zDq{!l@vMCR&-`4z|5N?Dh41C_uex>L$7^o#ZvH9teqQ}Ozr)-4#t(#4thtE3_wW4P zUn|&_%#RsqJvcN3&xV6h5c^0!$S2q%V?nl25oYTN+8f=!LGBFPZ?2Ou$gC z=q|NAf4w`Q*xmFu1!t859+^SxDNg8B$6z@3BVu6x;IiH7E9vWiI!Hp8{iG2}7;Yd9 z$Mxb{h?u1(NjN>M|6YgsDt`^Ql$`6sYQpqNO?>7Y$tnzRDW7@k|6gq&Dhj+2w%K+V6Qziz z8{*Vot>ZE%-brkWGkN(UNwVNXvXgkfFI#u84A(C{Lm0z?AR=O#&*xOJ6Y<|zXe%zn zF#xYG^_Gt>&nUG4>apb^62^m4LuGD59%#C)ENsZ*qQq2aOj@5(cu03>6I-RTbMKB@ zRkQ{5$Nf=k?4@CiB_LPD(P_N|Xr+j)U{nm%ASbx&cI7)rCXgm0~BzlfZa! zJ_FVy0~pKp3ZTx79&>H#)AJv9OJwLu@-n`5rU05Aa@i&RVZK?|_S6DJAH3+>h2+$N zJ*5zRtAH&q&a+ctpyct0{Z8R<*}4|4UToGVy{8@Y4iwNpClQbvQ3Eam%EgoU>R@kM z=;9Oc>kIcBAmPVZPNzC2mD*BYjG;t8f%_wM3O`68x1kVSUYN0=kPV`13gL!=y}S@z zRj>hskUQK^h;l^FWkoJAp7Z#Gc4pv-anw}1nb}wcQz(tp9n6u8MUv_;gg}adoWkcb zL%g=Ek`bt>9RMn!)?K3NY8^@LPzbbfVf>$(vL(PtN`5?!4UsVPtlDoZB7FR5lz{a5 zRUA?4B_6RJH|<4wzEk<7cK$}j(P9lB9I=pYA)}M|dQzRVZ#P0BTj_xsTVGXwT{|b~ zkDpEqc?t9c6}+RU6|bO}_^+wf*YOJa^6Fs%El# zy>cpz&N+lKtnp;fshy9Sl%F^{5(nL=8C=ifp~* zF3`h8H^?w%8}(o~r8J>--!CbGgy=?JQ|7ahJlG2g5J!7jL)TmAJC$RdzqoD0QcBRE zM`Z2S8#2KK*@r7rR3{p=n`Bzj9cWZ-IwyCi&WTQCf9DBIecJ`rw>jHHiB&Hy5+g~> z3dbptTb4x_M%?X@TOXm0EV2z8LGzC?Tvj>%pl&dQ&Xdf%%4}jrrc?ks#AD{edfQ;B zr){$kq*IExi7}UXGs=Zmanbea6o5Mnu%+p~l#?R6D*(A|n113JWPYH(W62*WRA5`>nJzqCw%VqPd8$IXd zUWA#R1oWUqcbV?TSf)c-FrZ?ER1wenLpDtATXIh`F^^_WY0yjxAgVWE<6j!q3_W`u#HLEs%igaSAvEpb+ zCPzDP#}_P<<7LzSswsnR$YmHl-DaW7OWEvO!?ewIDodQV?Gl>vPW2aYm)xoHcfd_n zxyN-@d-HS`3CHcoKe!Cgzz!5g6_9MyDK_~huajC3d$qB4EbC&KrLMy2b__lp3=Q&j z^@aGGg}l2BClduw{tH~FgJN=0)0|5RS5(wrewA(g>C09;b z!_dd>2%ncnu(~yUgiLD5W!9RG7p!^S+E;9@;8*ksCOFZkuXA%W`-vuQsSl&mgvCT^ zav_Q)>Qm9U4D397De3h8;yLCp5n>#B76H>jS9kGF2$V9a1A+tV5|^OdbEChAr&{?V zMZR_Abqr2_fFH7Fncy6wzFqs(r^s`dvBWNBd~l8IqI?Z@m$qe!yBlC3nG9fbP<}n< ziq$-wwj*y&&%t!;bW>c@mZYQij4}dIJ^to5nfOu@TqTgN^wF-sV?g;kAu`z&L>+JX zYL`e+$g9b({6GP#$fWz5Y9EfR+yJpt=7>F0woqo*P6J~xglg8kNn%gPk@NvoWXk`P_cbsi1dur}30s^tmQ?lpTIxR%;XTc$;~`D}#N88PyUAJnDL1Xi#{a}*As`VxUs zIg`hGP@`_6?VU_=igwqyvXOPWv}Vd>af420A6FUoaPYZd|ync zWvJ0K>Jny`3mj&exd{?_zd0DiY-lw{;YHut_T#FqVwr4G!Os4W5U%!vyBtJtT+gbr z0#87ejPacqOh+^N9#K*H_+VycW>mgg%@4QCr)^Ne_48qyJzi_GcX^@B-Z1qxo546d zj`!r&(PVcZ=S2*}irx7BZzS)tm^;UBhA1Fb}c z^Ui+%=B@O1Wb5Xw^dlXlE##|c8qA>WYL34sNguf&&arhAjan;AQ61_2yBOGfSh`j< zI+Yi#^F9n!!QXZD9qs)~x4omyzjQnA19gJC;3U^u_7dmZQgRZtT>gJZF&erx8)85*K&;o~Ye+_c- z6gU)Cfd`E9XlBIt54h!DxY_ooCI67y@)!~GUfui~xAPg-`dunejlN|7d2OZS7gs zzH00rndr$Y#&6PF3iTCs%kP8X^9cAC+d;UJ-sGYche>13qwJzx6KBqj$%)l1Mm-q} zJ%;5Pkw3zxdxEjM_!MXB*6E2*=%Lc*anckC!U-ra%_@-GAyO6GF0+l=gU*f$q3dU!YUq+XLzj$OkKL zqf9e-bI_|i70=i1&&-rZP3{q6e{O>NOy+)`G|PJ4jFOH&5}UGBH$7mMUgS?nr(W(? z8SEzMjgwu>X{npZ$UEHNCF<5kL(E=;^r!6vx?r__ zthTsc&r1iZjjpdY9nN23)WB!W;+Kql-eg|jj-r4>KVHEk`%xUdY36^pI{z(G&jGz& zr>pY>kpR0>M05u5!DZdiXl;aB4ZngnmijafSwD{(|?*tl|^cEo9lG><0@nKT^S6w zA7p}GD>63hy_xox!=!oaolyNQMn+EVbN>;lzvGBUcYZrmzswXq(mQL={AjHSp2(QT zGZXmXC{gMJ+_~ZENd2aE?&d%HA((&0OBqO>yl8EdG!OkHRDTYKnv&+>8^XE(`V2M+ zFzX3=gV5it6Gz`|lFUs{v=Ic`5fDoig!dt4d&KW{D9Tp}HCB-*>;Yt|jo?{p1Qu5p zLEmCLEhBNkqSZ1zRF1EU!n7y7kanKvw%tHKWqev+YKD%njhU-C9$=|JCrH0~f!`W7D?5ZT*5MH$*FjF0QnJ8XsWS3=ItBz=L zD));)b&7IMPNW~hE<9myDWcRi>kiiXc7jaG+!h6QMe3)3a!}*%M4;P;h(3jvMVvjN z`#9XICvf&4X9q2fNl{&#m7eQLnkR3Fpw$%J<`*uDS=x97br7EXf_s88-%u`Ji;#Yd zfjq+UOKv4wmHeZcomBxLR|FqbVypVIV_L*bg2`D(jM44xM5|-B2c#%YWgv^R%H|oa zlNiob3bcu>cy0P*`jI$%EXHo}!l&c>W3l;VJn7dlYSx2s^_jScqh9???s?YTQC%1N zEM^vN<+@eag|WM{7A$mX7h-3y8s)LCCIQ~6stF#}AX*%tPJ3;`TC3LC=T!P~W@fD& zb1KirnZpo-5;*OMmr(q%FO!XRCWv>;oa?O$x?|njlb+Gcxh?6tDS6#HHGPMt z17Z&TYA&;GVkSK{#J9upt~i6gotYj>_}iSk8>kd?Z)19_80)^0yesS;>$!Wl`-iK7 z{#f@6g!}7Nc!%*#1pAv+?%Q47f1#B>j>3d?riNC2IEmb9+_@o=?5C$FJ(Tqc$Ua=n zK3LU{RfAtvm+I)})!cnm{ctsS2vERu*Nl0-cXc&;aaCVY4ZdI9(x**Tc&g<}b?3+mOkl?f`|i`V!{# zR8?%wpIdFZxjN~>TwPs$W}xAYYVeb4$A#6An>RanX*HPZ{kq!xbhYo_$-J6s{mek- z*=q2zU)Mf=&W$B{^3L|J9(p6^%tyyQ$DdhK=Wq9=M#=Q0n}1vUM;1V*0CFzVghgHn z*liFX=gSe(Q515>?SqN{KoLcy z4eUobeQg4?)SN9weXt%B-A{PaNFN!)VG?JH#a8$dhV=5#&u*Rc#`w+~=O&}c*4Ztx zlasOh*10XRL&+3?)rXh&XlW02tZdit$?{$;-C!NIYn&htFq^gaqHf1|QgD`ci?i?Q z0DoN#s9ndA0-ph>U04F}z-#Cu*#Punahe(r>fR0zT%+e%k9OssJ*#uz3R+% z=+2AzT(fd@|jZd05U9Ir+YL#a8PVYI?@Ayi64x4^c-p)ie2th|N~i zNFbqPF$;Dz8+p}15Zuviad@{>3T?cVye^gzyka-TgiMioyZ(h`pi1M z0p8>-@OhQ}J-oxk5}!zj;{il9iGl*?XvBxy0Rp65?T!}rTz zL08{5{^eeEgEw-y*M5aJ;{yX_X0+(@6eZ!owf-V;IL6m>9O5Khmr-&T3)dal*2$uC z)WWV>^T0aWB;KNLDcli5xTwdL;gRv2&+aURxNt=zhOED6(N?$|8`$6ycg*q5aV$B( zZ2T8qh+9;C?$fj_mOEa{nxphk_+w(yr!2oWCSIO)wx-c`$B?nPfzBZM0(3XmZavyC zM`{i0q-hflnQ|5%%28xD@zR6xNf9u2v2!m%Ui_xgPb&|_3-EpTZdNX3TeKfnz1KLe zb5*mKzc1dMN$I&`s*8G&-Pv4J&K+uxO`;`;50+U5?q1}H3EqZ9zHg3>yD?sDha1d} zi*^6aV*+~Hn{9cm9iLZv4Lmv|sCl&*#$oQct{HNiR?LPBcc>tr75nx?=yCDo;8vc& z6St1GI5(jfqj`e@;YlH;D!VPUHrs`x%VW(RqjMM@;$ec@A zF+3aQOT?tU=(`clbHdNbWc*aig?9{Gp{AY%zC3aF{mrdFX3b)ihr7X*XIP+f>W4`;ui z>G(#RhJV2?153k3{id)q48581RlCkl+(o1qc#-KV5gYInxlV(VWJ)qva@Zg{xxEA9 ztkoKs%(W?)u|O}^+xQ%xXtvkCPzvt;WaVArTWVwr**f-v8u%xK+T3n!ey^KfKrh2& zdsf?*$X}-BG$2Nbv&Zg}RM!JIzymTOAA>8dir>8iTMg|ePXzNs>I3~MOqaV0PK3xF zUv*QMdTFlS1MJ;9A%*R8cj1RhX9u%_st zgFr)d=*4=1%avtA9mLEbc*F4S&`1mUYSg)lBL(yx+O#=v;AlqAY#wVw>vB9=ngeHaO0 z#txt*6X#qDiSingfl0U1Oqa0mR@bkbql8{j+wf|6sy|Fhtel<)LzoNa0lz()wi4PKeD#3-zKg zUc-g3g%cG1HK8-}h)Et5JO}ef1Y4zKtKEz^SLYhlcX7^h@Lbbs!c2WB`(<5g#tYf0 zrXeoUrE9r6-w^JRvGGNIa<)hwDKIp7w81e;a3T*nC&RxTkk{#h?n%CD+s{MSL6wc_>R;n-4oVvS`^FS znDqX1Jwp!y-(u7~E2FM+zc$D0<26I0VC@FhQvSG#3fHU5<+k}M8(wMcRo0jO#aBv3 z2)RRzRJ~}-gaoS7>2wITn{e#Q5A4G`Y#f0H@@?>!8;Q6z=qY}oCGqSU)pe4J+OxSZEMwSN=n8ydoP|uBVYrG!cvVRAfQSssV*6DT ziB8I?4`cRpyS@0Q>R88iscO7{aH5c=RMqEAm-~RMcSl~Ruq?~?_9N)_?~ez#JT=!0 zjL^6SG>k^ZG$VjBne;;PgE!XQ`V-9QpjSo35P$xI>D7+oV%`xmoIk`9wVs3zXQJ*K z>Tm1wdh0pXYvhj^(IaNLZlI<|`nS-r)h)>(^eHbbx3Th3>Eb+FOv%!Ssu7#Al#m9` zOr{$nm*9Ttiz#Rb<;jjCybu%$vEUTsCdt1~2_i04X?%yHLhtYmk@_pI`Ph{y4*OJ= zxB}W-8M{uvcjCB^)M-S6XK7uRPnk6Mob~t(pcu}V^xiaW{jx8}v+wjNM9vr4M%eOf zlXjfoL~C5s$xf0)fm%_3VMfmF7UCAzvO*9F{Mt-X&TNm{+vgTcrHv{CJvgr92~ZPy z1eEwG2sYhiHJ0Hv^NKvdbLy~X#X+8(S%geH zzcGY@ca~8BCM0qix+2m+&591G{U}#!_)ZNqdbhv{RWRHfI%E z&o1WO;=y6nZGc2w3-el0FUi{1immSzag`acd1U33gH7dNf|n$sk@&lvRnDJXCdGUx zJ75Q^ExfCWlT^%z?qVN3(rBt(4TFsnx-%7(S?H1x8IE!Fs%-^t+P1yJTnP`Hs(uZxKS~$x_R2$ygfRxp5a#j5N^x zQbX9-+t|{TftG7B-5}1>H$`^bBfDEKPF3!O~;9=_N#-T@ACru=Xt31A(_CiIFWOCU*)rHPyx$O3& z(sH;BW2{Zxh=BW{F4y^<&>dXIr?rgJ|_88l)e!nwV_me^HW5o7&gU+K|7>jhT_D_}t z+pCiUdUmg`{+?#lPM7~tv()ub98-nj`!vHK_c=lbi{?LeC|54CO&y)!B+Iz+Fxvuf zkHE9wWh2oODUAKJMzx=;D*Q^}4AuTMRcWYe!{A9%ZFqaLgkPD&MG^B9?sb;&E5m3g z3;30l3t2=y%hmzt;B4WUL?O*%U)qS0TcUgeH{|y5JC$r4j*DNpw3ikQ9CfR8O`Gq! z%}o6TP#E0(8Z|oAN$yq7Pc*x91T;`8qq#P=+L$%NX1R1?FOS$W>N~fh;!Bm&p79z! z64M0`E!u-*on!9+<}w|CBS*OTiEN9Uy*qlVJtMvCT@$<8*V`FCv%t5aw0d1buHdXJ z0%E26saPwcplFslhgj!mrbCq9IahR!D?*+GQJ}3G(+NHwi=RBCd-&C&lqyS(d`Twa zz!B}vdD8N`!3U`-%R{ddRvFb&O|cy4I~CJlTd_vADQ{UfW&6<7$;zq{CrVuc-;fGE zvuUoT8s^{=_zHFeWr?Of3e-(-Ah@5<^+ZP^dtL&TWzmJq1KPQcwckBF{q2`7z9rZYlw#lNaq=NUwH=N<6M?YElN z65}y&U)?3o`PKBdjuvvIsi=JeI{94FVX2S9E62`@DI5|gE>Ef%$_B+1!Q>R6S((pnp3a&xc^HF1}zm2{%q zMGm$gvGh5oYNqHxn3(p$nVhyn3+^`q1gfSqh1fz_cPWh{Ce!8}G3dM?op4d@7QaPa z%y>7PrOIcDIWJ;vvyMn--^V(Fa~Szj+{rsoK!VcuX-5n?_~~cVBzBaF>l4Q1tcdIA z6*VrhC;eX{`|7&LK5TQ5z2&&b{w9d>RPu|+j&4z%?HzTI9ebUr$c8)&YO9Zl>lf?d z`qNx;yK!+npFxF*EZOfOuA_sUh-|nH5v^l;GLNUFb6HbitL#M2C`ZIA+`!cGsfky( z=Th<7_K|qKvn~r+KU>w{xOiRRj+rG+G|0tAI(s^3o@KlpW=nLFnw=kGH=?7dO~LFSlKA zkHN3&b-IJOY&%Pn#sX6nw;}c>fbb5;7lGZC0hq-u$;Q7@W>2q?5@J*%Ql+SbXon4t zt94+`6;-wg&qj_lLzI+5xV4aJ{|}`;B^ju&$*~Gf=JogWhTRYT&aWxEIDigEKdALK z@WbhS!uyoCVEfI}*c zPH>^%p|xgPb0}mVV|wD}$R{UO&k}B;&!&9BDzhUMY;ZC_y-23;P=UPC5^EvEszhj@ zxQ3rmZ?)K666?iVxLaoR5E@o_sk^L*1|*f0U_aQ(-5QHR4^DOGQT1{T(HY&ko4b34 zUnd<6x5R#K&StV!#jvDv~r@OO&H%w10ycy!VaeH)cQzi(r!}UeyJ-4>lJfJBm1#uXM1*Lx`z=u;L zdvX%akp--%+&hdH_GNdYRh#VCMx1iV)5bZEYU{C)YV9_fg*Xt8$3jA0W={ zcB4?hF*5uCrdX)TO?ca@uxkI^w%(#mcP`bUst>V2i zoYYU{oc~2d+>H!}Q#>AZwR>-nBK-bHWl8XUukbSDBzuM1MV|tfSqR5S2_;iIJWoY? zhKtErU9BKM+?ON$`2*1tcIMresm!=_RN=^UgkTp%RZsU8;J>n0n(b~iqq$i>L)yi6 zn<(&4uxhs~vHSclZ18~z|6zcn^b<6!;sT@2haNf`)`Mo=j@)d}PO|77!8xkyCS!kW zRzqu;zomAVE1aW7eqy4VO}}#Sib8gwT&Q0m2Tz8vpuM{ou@$54+wA-#rT*+&>T!b^ z{FVySeP_BqL%oUal3XGvS&UgJ_PWY$kD8hFy4k?=(lJY&8@)x^-$?rszPTEoZ%6wW z*16kc{jl41b^Hke;P?%kx*dKL2z9&+$4-W2{3k;zzi-IK`n?HD5K{-adQ024hy+A{ zIf3Z3R9`c+!smNf%_CJJKLaX^@rc#XXi|i%~t2zbfZ1-Xy8q zf^Z>1DYR6c@7uT{S{k`mtuRo;xw`W4)4HVEi#an^Gski+m6S#BKUWj{VJiL?r~7=m zpZExkeYQVG`)BajT92HHuGTeVCxk{kZxN**5Y7CYn6P0EKT6*A1yvG2Vw-yIrg7Zb zuo3p~9$;{t{8eAjYN0}i2s!u4x2zF`OpvW+<3hd7-Y~T`TP(}j2vrEk#xF*u-D1+)e_qn6A5~A{tL9~oN6?0o`+!;cLqRJjpa>|nRGJNX-8O5JAsVWO zh!ygmh9(q=Q0ul{lj$G}511ax4jv#q%t(@SH&z7Ddz6=Ao;8qWAW%MPTl%O@ld_4p z8hqEq!OW@$0*tMt-rxyw+gR<6iS|kTPCYhsw=&02K+>$x2g`C&1>!`yigdx+&AVXB z^g)^)!EKP-W1NQrI^aIS4s^iX{8slwI~=CHj@m{Cz?Kt$k!K+jRwA*YrOAUKJAgcn zSdeLSoKI<^Thps^WF-V`g#v<7hA0bZDoqy)Kh;!BJ9jSG#e7*sAv~?#)W48Sl=bTO zCN-sQL}qn3AM+#KVm%!s~541(kwGTj&YNoR$$SoR2rN7 zjGs*Is6E4$s*B}*P$PHKIu8@k!k<@!z$j6AV>p0g4kjxqPwCjt5)bvNgr% zK(k&en9?TDvm+8B?>1*>{T){wOep~5eE1*Fc%f9*6&v!%FX3s)vrS=Jk-i@Q;>mhX z3gjC~(qW?j<0)3F{lFyu_9nUofSIP$T8_*_T1!?2q7Y!@(}A!_{I;$(b2@eum&U1qVSD+l~=hlC}?M5n)m*qO%v?i=;vhu@2WgBh${UnoBadi!%g& zy~03UrH0`r_22AGvY*!ar+c*OYV*A(_|eAX%3ZUOrZoX!W55~C?S!>?mRoUv_p}V zJ}r7GGMm_d)KFsJ$jVWo1+0h^hKX!ETG|hp%ysD_lZWZL_W-#kmiy}{_cT+CzZ;%e z>!sfrHAQ;pAWDzJGiM1gp7QH_G$x!SioYSJslh z@*5=u>`I-!^lZe-RiV(-6D|&2XmeXx4GHUbvDZuaF^ZQqlGQfERCQT7Suseal|;83 zp-yiJoz|`sZ(F2UU?Wu+URJx$7X>&w8yDf^THI!53TwKgeC+6vYTGH!_ii%;cBMz3 zg`}>$rT2Q1B2>DR?(YlImz8hoc~0e8RcI-87rw2E4TUU3L|Xw%{$g=PVaMXk!ep@f z_bL+Z4l0%kD~t1-UwJd=2N+_g;*8&bQsq)&n}P$6TeVGLd3Zl%*4nPOy{NVgYrf|GX!2lz3o5UMyJ^?o@r;CVRs}R&FY7C_|4iGXu9i(u{NGzDW#OE z#I+-**lpLSmJ7Vn`CcwFf7|j+q6CP(`ctD;Vs-7M-*;>3!g@{m(O&jY_( zll9kZm@ACIQzKn2bl=-Sf|_F+Dpm`3sNyQVxIh(lf&OJyv57NEg>KF)v-KCJJKysc zBxQ`Q02wbivlIV7HO`ZLT)<4pXWO4pbX9@FNqqEoQ zv^3HkUfn)<-z)#n3vc)AkG+=Dz2G$Bp{k`-_g?1ZFZCp)-}3HaZ|GqLGQ?!sdri74 zSL@IV)$8AZ|$?zv)n!HTF>oI|V3)+jx&em9e%~CK38our%fs`0+Y%jYf9K026#G(S;K1K}bSY!k z`q7!f%1oc3ax3Q6SM$v@#Li+1A9BU#^zpbewv()Zr zrkWl7`N0hTW(6ll4|TCZ&K!|~^A5-_A=wI1mio-$HixFJ@Rl`kkN#HiQuNhwwhgAI z5Vy-9Ef3-o_NPffrZx!+K|W_oeg#*d2)xgwGVTt-wD(< z`CW!LH{&-!RLgo(4f^sxvQvwQ`4H;1XQc(l&H88j=yyI9Jp3S`@Dc$ua=q3BG9{3U zM{j!)3RMsQ1@_*i^k49IKX}hK0E15oh=A$lKh-XkOGW7Ge)O7u=o;1bkD&DTpqMGW zA7uU=^uHB^lZpID54--|I1s4P=L?adP_HaHz7F*SNse=f=&YTD?G zqAC?KNeP)a;JomEwcN}9-EynL|Cg5A7;M&Z*FxUGU2F(8Yq=*sYPqLsE%#vH-H*r# z?g@fl1Pm?vRITM0jM53Umb*2GZV9C2?hQ-#gtXklVdkN*|ISca4&(Y(F|M=eM*jJk z+PMtKjb7oi>VqakjmmEy`9-vpK46W zAwse)wb4S>GnX!t%T^%;`#b`hPGVAMr~4yjpT zr{RKzQ_pnD9-@gt+(nV3kM4S}^nPch`@!_CAJWc=NqX1RG)s2YTSxOhyysmit-2xC z{^1R_L<#ps{&-!5{$~B&fGZBUUy>WUf=>I-d&*ICin{^#(;-Ska^xn3!Qq4Ts=Te7 zI}^GyU%e+A-I&cGmy;`P3hSGiOb8Ykyv2_hUoINLTznw(qBqDAB(x0D1>l2>z z@+2>>tvqQ)o^)TmD?!hUSabqvlM0v&$8?RStJ0^I!X}Fj1YB_h+XS}Jg-HKjgD=W` zg!7u3;=FJY1aZaC2`deL0nbE8x;ltR+Vl3dO!ux4TfWxOYL}v_o+@UmVYN6x+f=CkuTSi_KTi1jbMR zKT&KgEaUT$^~Jxx*pFhc!nq+og8nq58}TIvk0imbk{};6iF-$AQ^+z;U=&itALdw* z-p}>@Fc)5zvp>km+Ef|W!|x@!3UQMkyqt9XI_Z2m+2QphpmuR*-W7(?caz{fbc&=k zYNVerCh@M|V5a0)OYPg$IX+`Ox($9b8F&ip7n^@mo^nF&LrI;tA0%C?bI}LMSH6~0 zU$1?EzW08PU;o6(xz0doQuAZI|yZBUB0w7j}mcSKKO3F|6BQr%kAEhE1#WP zQCI)6gpcWrqacaO0}j$t^fd|~w~JHo_-LxSRJp_M;qj>65uIQDs2_*On_0&J?+~aX zk()RqQ)O?W`J69AQL~{yT+Zw9Y)7#zMCt1w)3FP+|0|?nsCYCRAjVr+<2uqc?jZA_ z!ogfG!Pr}NQ8~z%JM0cgnA`FWMI7icA`yI`q&OdP>HFSvAKpRert(eetSj{5;Wo7O zM~FX3XVGDS<-i5&5V@`3>BZ|P#SAS)&MH6;GkT!W_L?4?Pn~X$?SlJtG;q}u+Tny0?@;lICL_@=bMt3u|Jg=vJ;h8v56 z!1Hn`U}%R@px?}_y}8i( z^MU~VDEkRCq6YATJ4Q;Oh>U3sve1RGxXHri63!#LOczY4lnV>Jg_ibA0{}lLqf%(! z%z}M4-@9)7de+t{6!Ioyip5Qot%hB}b1;wKnyRMz;<)zKE^9cMVtlqM1v*ba)zvbYB)>SJ^w zZ`zQb;?NPTVgbSq;XRr0hE5T|45WYw4<6az=vi@RW_!oXde3yeYqqbQzCTI`*y=e% zAE}%yPKU2^p;?&C+w<3BUl`4d!MN2QcLA3j$@Dp zqAN0Acj1SfesoM1*An-DMSZIMKx0a0KG02$xrdnpgc^Q1>a`1}-$hDYf}j6-Y&o+Z zOHZPYU8C(uI@|~(lFz&Gx|{XQC+#Of{BEd4#Om30%IKzjGP{r?D{Ar;!aP?ZT24H- zQTMA|2)2VeaGZJOa7_u(L#Z$seg>tN^ZU(3$e`&sCw-*|#JeTD#{3-+AzULy@5Wxz z{O8(U;s<2YHa!>a`fRA43)kuN<@(yoK>A@g-H)XEhiYFuReSkm?d9Rx%cCFrbhV%U z!T#yKcJbS4C)`7BI6w7J?d8|Cm%H8c;4#mJ0;?Lv)|!B~BTqcF3Of)Ky0JbQZGPW4 z`yJJ6S_At(wS&jj4t`TLHxJ^~9NnMP3dmMs{e_2B@R0J-{U;t4kIP2gyzlt8U;6mB z#NB_OoA)07_RAmtmcRYJZr*+T+s&{1$@I#X>gHX>zdi21{`Ml>yu*j6U zrSZX}2J0_$2cHSH4!dDbUAAv`{!^F;hctY~Jp^2^Hix%-#e9Kihh3UkT;5+!Kdw7} zP_ShunB_vx7Os-D|Sh$?N z;fOGNev;aH|9RwI`D(WMEGrCe7N}$Nw@m%Y_lr^MInF~$;Oh6LHLH=5Piy_?`2WAr z`dhkmuBv=TH!c8$Ghn9z#hBz>qKbc4`aV!NZEIBUY5&;ZePz29fPpru*9H<9nm~Z{ zq#;9^*x|%A6=od`zc1zb=8`urYh~@Dy^!YT^Vj7w8E9w;^TOu59Kv5derStqGl_we z9RBFgyh3yJV}JNbHLsz$RSv;zI{t_Anwp7^ZgzRjYHRLwd*bfe!LFb;Q~~>aRlY0V z-O%NBw{^Ajn?BQTO=d!QFuh!UAQ%c=(-#h{Byf`-C=9j__=7E~v5zn(K4&|8=!lur zJkl`fJT*mrZ~SRTAJo(0sSVShteYNA%T8^YvGw%MiCYYtS+NdgSLe(v=z(w!7Ll77 zh`LdpKl&HmrsfsrHqIlhNriJ;7i=}3mHPg+7s%?d^=WZRB_OHqQn`C@#!}$7*Qu~N{d9yNq z(L@UimNO`UYhHKVY35i7+(-)@g|A*hagu!!8>2oU;1|3A5}LQ}r24A`=DZ(KqR;Z^ z>-7WfMOv@d<%{%U$J}U~o7^QwxJRkah5CR$Df1kWhVbz4D6SKm6Vxt8VNJ+E`B(~B z+g)6#wP}yE_`5d$(B@4|O-1uE5NVLt#{NOK{ZR+MA~SJu?WxwuQ_WQeil#A7p6Z** zyrbN`cq-25N9L_2n7br>qQiJ1)F>8&UD9XSm1i*N)(?veQ9zzyo&G5`Oi2T2S}V_R zopGLV7f`wGT&2E)8FIiG+H4>i9-gJbbLArEt6g}#+?Auo_#wvO$DZOxgfivc>(cBh zxAjME_A>Xw`#)Xof2LZgudd(!8Or=wx%+sP@%w*|Wa$MTyZ^X;|2x2d(+YG}w2&jW zM~6v{SmKx~l=F_;NOD%GY%>EUm!Ta*=~-24pNS-rwac~30JlUxvg!+I->tV7X+^m6 zBH|_HJ?mUzc6gdZ3Z;I-b06{?{xOKBf3L!4n7hR0R>-S(yJa6Bs0N_0!zxEgmn&`- z!EIpGw)i~f2`+F2S(H5fooaVN2~K>JGqDW*4|Mr1#H$KU>^TQhVSqCh z&BZn@FKlt*W1PF`60Bz^%}{>)G)s99^)P1zx}BybOC(!TlUJ)tw1liXWw+Py?M_VY z`V%ZBNsL2F6fFKRgy=4>&F$?(osYfgqtSwc{1iC33RU5(Bm&j|PooJPu@bKp- zfH`h^)5ODqLP!np-z%IOIo40X_{RYyoNLhayA`;j1&owQ+|@euwq7e>^@ZvFUeM$d zo%m+!T;cZOVCe3&rA!<&+Xky!aHh5-tvo2+ZUawr0q_~>4#ga~^Vqa4h~~?rYnl_y zCVCx4%Rz;Z!3fKYA5CT1ZI6H_pje^>67^tVwBWDglj)ATa82_>AAUE(PS1?FqgLV= zVtswxg4m?XX6k#j>NI=mm3o$6_xVvqP@4Bk(y%SE+fG{d4DFl@T#s=C)hBt5WN(xC zz`LivccA>#QO6HD z8^DAB+Ka8~#ODjB6P`LslkzwgXK!t5*V&eV+N01(-L*%VLM`_lC~?OZ;=6o}!9|Cx zqYv0!?4~c*)jl1zmfV8)eb0FqA1I_Gri8%<5Yf*5j(#V5F4uRf~cFeT|-9@b~B>-HY?TyO3qv7NvQt&-DI~)&s zlfVMV@c5RdO}n_w{Q&ghdzbbFEHoDmEWMK-69?eLDy40{2feI#jc;~=HoBt+m^lKsNcIz+H=&NZb)-(RApVa+a^91jDzm9Q&xH3W8jqG)O=fiY=>- zLCB0v0**gvG*30?GC>}~2KY39k5IJTfcXG6E#*!dC^at~Uf|=@)oB-v|HseDAyVuP(7xc{*eN=6Zj1*+acxyT_knJG~SUiFrq6 z>>$}{d?8P8H*#N|fS#lmteTsS;3sQi7FfLuL)XfZ6hEjXmD`YB^M)CJPg&oIOV z@cjfj2en#guQ$=X2J~JJ^&x=$;B)vX&hqrZ{^R(MjC;Fry%u^6d(~QHy-egU60h4Y-Og2{PxUZJJCXP)lzdR{ zE|>_%IaL|h*&cE=n)Gal)4mww0e+XVTxigsT7&Gr6!f}exw*Wbkqmx@ynyYnj%>6S0H(-7fioQ!(a`oWK?zQE~3V?-zq0Ye4=R)fI%d zS$-y+A=U92@)H|u1TYfo%-f7MBx* zN9KNpF5DX{c+L*BiW^vux{I4)y_%Tr!CjS|_yX5?m0Hy~=u5+_%^TGW`Y9JQFTIb+EUkZqlACtyfNDnoUwlakcRfcSh+WpNmU)Kni zg|&64dJN8;<>ka?t`BD3op3RbFTtx^izQrmwy0XT7eSuURK_jt33BgBDb0Kp36mamYcZ9 zbJ=4re$;|9Q7o1Fs&X&>lrZT4~_dxHj3^u)O*zH}TyjA+(EY}$U z{&R`&*WAQ;dm&KssPO@b3PJiRO!qD-h>OZ^)inY&Ucm>!O^G|=MF1|~)0#=PE3q}C zFg`JUnz0_N)JE|JIo@a?P-)uaeSV{-HhJfFq%RMI8@;JceEE=bNjMn;a4yw9o6;DA zH_v_24_=~Nlvj4&m9TbkRkGa6k&CUpId-;rg0baZuDuPK^dWndj-J;2&*`RTb#*Ws zWF}Eibbyi_*ZaXHKiIvb2Y}wy#1Ze82 z=Lyv!VBhxLzx&MySQHwad&RFNNI-NBB+2s-%?7Xg_Mg5cLKy$S&wuQ@w|)DX?>^%P zzw@(C`IhPYzrOn`KaUzesR4?+pwQ;F&ok^Qu3{@pt?$>Dg&x46Y*3vWyT-Ipi}xGS^*BNz6{0DGb?d^V=lb1|^DxHc<)Y zTAjTHcQB|{){P&Dw+5XrDDv=KY<_Ti82l&TWHN=!Zl^Ut@Qj}wa61E%-tjkYC6S0p z-F&Lpt@JLzc0k(u>^yRBC^dmUrH?8LQ=rfEGKFw}xVBnu7LB~#a5pxCe1WaVOzza(yD(Z zF>su9j~nv~O~^yf*N-b!QN2B32mQ1v>{#Bv^jB56QEBqpx5YPzXRYB>)&2(cU(|7J zbK0L&g1y|n=S!Wlz5UhxnO~@Qt48uUZ__U7V zpxf;r{&7Z>oE+IT5y-GpBYR3DXm9WB(ETUC-r!^^;mMNI(nxfvIVzLJ!e?_~1O)Zm z$ethJz}gVm%gGlImimwWGJ9F%W`qK21QteNJNO*G>aw_&vVn@5G8vFAvas(&&n}~5 zn^~W>WMi>OQ{NWjsckp6D*Zn& zl}2w@{bl%Bgb?**H)TSdnC@Yv7IxG(Yb2?&(hnEbj%}TOs2$pTKmWgu-&Fg9uj%xg zMd|+h+OeLsaHzq4%_mAbPqwQ4QenZ}FX)6<+RoOo% z+o>+4rVX0JWm)&)?1!4fdWzU(cgjDmyzjvO96*i4TDU%`9a_TzQ5I%-KoC*UoXd6g3O!=-uhkD;!E{hJQyG>tD+Xs$Qx!;nM?Bl9yLhZ?0Y%En~7~*i?+Wv5$qDPjdU)ft#_IhP^l(jZ(xUlvYbM3O| zAg^OM%;s}rwYxdSwsw)?QtOOe?Qz+LJa$-7ckL4_%&k`iGa*=cXs|H23uw2p-%+z$ zXRk+Y&e~>Z_CxaF%L}?^uU50|&B!r{uv4>&N#p77E3-6bFIRR>Hp;ywOyL7n{UMo{>7w+sV$C@Oug_&tm-xI;!7Fp0BJ~+I)piu*h59FgF8z^V$3inm><1Bq zx=TjY_Y@wCuPaW~OUSq0pga%`i_{-U<)R57Jk)#J72XOvnCU9+<4$L?0yDo!n0?Pt zWQncO_VD~6xj(!4!*Y{?1H#Yiv%raF`ax50a}z)nUxowb=fa(KtW?SScL2Q01%W)w z=qHoY?ZGgR8i<*1oNAfwHxeIGuk`ZS}eYdJF)R*fvLsOh%WX!1!0Mo){9y>c|X1K3BguPWD{D$ z;)mM=C%)Bnt|;J))o@G%C4&*{Q4At-2Q(?pFipV+(qP;&+D!y6g60fUZKxvrNy^OD zMgOU8P1JwV9I5YDlHS~AF2dK0zw9sS5pkG(Io+4i{i|;J(wFX!O!rsS&RUs%`068o z6XSa_&OZu6z3sR-VVV|(PIx+dG5kW7WUq8FI(xa$=pE#i$J#O9k@;J*nnu9^?wC7d zBmaPKZ%mU$JE;M(uUrGjXsJy$ogDol3v5IdQ3uF4c(tM?8E-))VnM`dn#YN|BtO}o zKrX(h#a>9RzOFPh*~RWI&Dc&3S(_?8w#XCN9%0RknLXFWMDwK}`7pf*TuA znt~(L-e%A;a*tN+?i>;axP+tzo)3^6#i>F4So{j48nQQPJ0U9C8|PXx+n3q$PJEJf zUN6D%Nm{T8BwsGbmhvUl1T!slY%);S#l=G2ao$sgVOBDvjuHk~u#hmp-p(^+oT9Ld z<-DY!&PB5YkA+X8i2z9nej4#kZ!+R8K3+W2zqQWlhN>pDH$=AJo=Ft?f@;kBi;8oT zX)Ioy@U}pLSH`whdoAdv0_TF)J zRQ3P=oHBE#-M+W&?%ln6w`Vt-Y|5sPMjA;dfrJ1d5eS3;QbJY4l2AiWgwT-$L3=Dpl%}8sD{$NizRt-5P;3`fuLbR1)Q`~e-r+@}#Z~Fq_d`}qN69$+T0W9MP zR^$wf$7_lLjic{c@u$d+ai=g13e2u$O@U=jTR+N`5e3_>Kvf(WGcFd{E8vwv{sJ78 zwM`e8G-6X0&?XIxf&ol6-!`%@SGsDn$ZD`bu%aKp?D5@UL#dTstQfEeR z4^|*xG`uF@?9D)-x&@4pqs=(UA?W8Yfy2;R)(b+zz``Ln#ke)nGhx5mS#|=g)6M9e zOGH%O-fUQ=(Wl{J5Df}5Fq~0&nxm}K@&<=K0cw$tSn3l&2j_wkBnEJk!l{hRPcn}b z#64tgOO%!c%K|4>S9;xG(qm~p#jbpUSrHA26kugYFO149Oww)YFGC7y8G90to-Q_X z{EMMUCR*8Sv)Rl^vzfoAu&rVH&hSkO`6EtPb9lLDJ({mT3LtODpMlKO$1GsZWb@#Lg}dyn4=5 zTX>$bZuR7yrp&uMEMRCCQ+~q9w5KNF#Rwr)@j&Ln)cp7`I?u%peBt-&Z1dh2hmpK| z@lSz@u33H&VxJVh62yH+^mT&#r3MN63Tyd^hZWLG2^J|Q?2kn!rD@V`3z0eWG?6HgAF308E#)@NolMFO!b4?xt}pRR`o=5 zbriBeOj~bQ?t`QK?Db+NE4)uy&r(!Q=2eS}w;E^zbCPpwg}p6m(P*a$IZF=KqR{3m zV7^Qs-xTcwgMk>nrLBJzd(db!V>9jadl{HHD1?prco0%+%VW`} z?V4JX6gXC-g0XPOR$X@d_I+#ZU_~z=dM+`G>@2+(NHE>1L#;GDv)nKWD&p^!Qm@uJT`AsJ4J^rNjZ z-RQ>sggx5-ihopk&_~~zcTBW2j`^dBJHAY0k1ZYEB`a3}AYhL+5Pks09Nc~Rwm%ux z2ivkjyz{o}&}US%xc2JKwB2GFjc+)3GtE&4^yn_9GU|jvHQDHVRaFbsD#K%_s4D}=b=aZcDD-ySJIZ=+b_jLb8(5=ZSJfx?fC?S2P z{XPrW&ozIPkQ{p%;KbUArwty*X8Cul>)6;!(SFT#ziVe|`|ptnm7B_&WFHhQZk^dQ zKz|YBB*iwhbLy;x-L$xc+`C}0dV?@}dD zydg3rfR;V5?LD4+rAQK7d!0baK26xC3Xnj&#i}DU+Q{wp8XsVgHCdG7o-@|)=@1z& zG2R6Igrib}ewuHF5ekN-i|AFD^3cp2x!OO9Bp|wYToPH~8>z-!O7f6cW4y7gad+2l za?FrKb%Y8xC0n|KW%j5zP}|X0I91>fbtKxFA2@X1iEMn00)1J=l-q9BiSwlq?lHLG9Lj=i5rbU;0=!{GkSMcjW4s! z0Xi$(BCSW8%T5w7N0NNP_cS36W5qH^e1yN0NoE!#Q=(9+Yy46CL>7o{lq|>UnKeK` zTV2S)=^2 zRr(U3bu*4-E{X#;3CPjJ>#k(P@KQwL{ym}-OL0T`BdAkT-+ii2X49-MRkl>CbausV_^Zt;9-wW%i z7K0ZYg3V*>rfIZR&4zxO($>{y+62Pz+gRc`ZGeHc2_{<5bH4c{VOu33mq zyoI=t@G51!&{CCMC>6^rQ^5Ay2%X`K=r`r_+mE~>;^bi=O*KLXz%p|pJH)rs^;Y=bIm0`}7w$*Pj zpY}MmwrGx}#BAtSWCZ<^{sx*%J2uwYQ;ghJQM2T1#-I|7ClK=CV6K$bpIh4rnFePA zY&8T#GjZ@2Fc3M~X(yK{5C*8U3kC$ld?C7e)wffQEWaOy1PV-YkKzl@yH&gC+Zi#H^a@dKQz`FWQRez zb*JMOf3?WHA{t&6$!lRz@=zaROY?f_bZ?{apk@62UEq#2;LKr7Nz_tI9*S>ZPQ4*? zr$K+6MyjJB77RsL+bpL^=e!0#sdi9ljKX}eqv*H<8%@4YSWm*Qv-T6t7cqB?7}TA7 zby86HCJ-M`=Y-n?sbSV6%-4smN`G|gs7A|~Wu1mrATRJ(H$D{|EE5QE4FH?qlAf5c zrp_RyI1XpVizCEjlTf>eiQC2QC1Y_w!5QgjuRUU43U)e70~+hp@|7^|F)*4gJO*mLCr-Fz zu_~#3hS5A1WB1(?V>R=MQ8tM_sm}s>5?}W%yFYFi%3sJ`o|Hs-hYe+Bf|+)2N)|(2k7uQ$I9Jps<6(%QyhrvBdfiEK^}Ve- zSqB+?zgNXSs`wvN!*B7W!?#u4XWy^L^Y{RV7Ry-&&_H%PncYaJ6$d6EtH4tBNr`A< z9tZ#vcu*#~xEL^|b8J_Oc$g@~GttR7280}UpDDOwkN60jq=rbGZjy<+Qksl%DN+fL(9Y26bnUWVuYH_I-jPl3O8*^MeplM>$j*0V@Qz&g0Tdm>lK}Gw-#ehg z2$-H)E>wKk(bn9R>TC$jxnw*oO<-FsS~>A|rT(TsJW$Wd_%kvW?XMQk%J3sq`dIz< zt$uW?8{O(ZgQLlxrFvDSt`_PVVSiIh`Vjw4X1d`gQG#~^T-a>I|EZ5Ngwdi0WE$IGavTp}nMk<}v1TH_1*{-!AZoifvo)^qRtViv zECZTZCw4(fz!H>0k8mcEU@8@@)5JK(vZw@QX>&Fw9nQz)3FK{7~Xy5L_<^Qh>8_k72hKGu`)}L@GDwVj%Tqwr-^Iyyz znuu>3J1NFaDiIY|jNd1s7a7x3z}Xxl%ViAKU)I3ILcMxs$eD{SKu6rYN4<(2^(V~> zulTekh5G2N)#L(mVRTf*mTe>0JP}X{3d){3fiLv11q*UlY&Pwiscb`^-K z-B+*K@P*-O*V|OJ{-JyM`YAkARN#k2!qnG^38g8D`1E2jo?0h%D9ljVcteqGotR#j ztqOjzScn(biCKkt9Xlm=>DW2ByK474rYv_3*;cYL-8H>gtB$Q^yrPQtD$BuTLMBVE*l=PwE+2j;7CL;(Rc76mvpHb0Yh; zsy#V8o6M7`?Izx~Colj1{p7}NPuAuk?_>t6KWcYbe!Kc^|5oNO_2u0cedgJ_RsYGR zD-L^GPhHmck&6GnsQ}MHFxY=uZ}awhQQdUxpIoUX_!FldL=kk__DxTIw&@f>RorK# zy?sI3x-MMlzNjf-`(|w4?KM(VD}nv`&ol;t^!d&Y{^w_-5m$Wf$$A%l`euXf@VPhF zI`D$eJz1=E{>LC}f1c8ABcGpn676^Gv+*QDMSt2~pT4v9B=xL4dFkig`Co(V(Cty7?6FCZLbH{6IIQ(vHQy&=iB7LmYwcdsBprYg*O!T z1rrmP7~F6vel~jrw~EY6EcG{`cvHua;8@SHk0cqPGe@4#G^u3(jY(yu`mQLu;fJC) zD|rmOY-(ogh}csiGbg*6zZz!djzGG~&n&DaN~<`hbOhmBjdPk-6JXsur+gHLmN~6Q zk^Yab(aSpeddOP)J4_RcSzL?!UMFymXPpE$C+@8iVIfegO2t$>iSne7HcU`4AJ455 z#X_Nj)PWt%$tKm}m#0<=t)r^Rw%!gQS9Rj))xA!PDDxTzJl8llQ=OSznCxk%tx9^Ev(f3}c^ z&6zr{58VPD-O~6gz#&kl9NXn$zFH97IDhhP$z9d%{=%t?`l!CSwQXDVbLd^*$GCm5 z+H<%G;jZq!Dk#v1O1%-TpTjpAkXL`b*jw#WuVp;zW!nnV)YQxrA={@CQ2|h6YD$^y z3b9Nruiv&~I9JUnP}@%ITHG?ron4-lntg%TUmZ}prMOeLi`uzm0k`a|cA*jT-38_O zsRb8^gVag`Yfn;=T?>o!9+};_We>H8TNb8vFSA`L4pE2JU$l2&xmuRlms@x_FIt+~ zH@DQ?*JZmx9IlS2-?pN#N*$b8N$U<)tGMl;)XFm3~!eK0gj(o68okCD{^eUuB!Ty4`Z`aICeE zhKvJ7WwRs=%eD5H`siB?PFWJ=K z=L-g2n@CL*Hg=_9JeCj{b~7=I6mh0go5V!bHvl4kzEq?2feecsYEI@OP*U5C&Yi|R z%E-(90mts2v)pfzQcIg;WUg+)rG!X5S9=8#T}0BQgbj{_%XxadQK&WOuk++uv3yO& za!<5g!wh9q@(5JMN;gI}M^?HGShOS6nYSLR!Fx2(Mk~+cL6w|z!NF(zVT&5x$aLf> ztP7?QCSB%gbTa4@NekJh;)MTjsjL@+A3e?RyZQ;aNsG;TLbQLe_Q!Q1`l~hC-%$G_ z9sTiu9UY!hn>0Y!Ez$lt9i6+hcBpRBWG#88$wH|`T%+rCIqe=0R|T1TNO%tlqFM7l z7i6*qg6TKZ-1{Rvxc4(6Z_>TUR=3s3>nwJhBo1Ci$5IGzQg66S*w=_cqA2&eRir$9 ztq7s0KmeOFKNP7E;PfN#XX?*1pF=*)Ip+ zk{835&O~5HA)mWwBpP_>M4=@9d8r8wiH1%zS_nKFpiyJ!^wfT8u@MFn2{*78C9qQM z7wlVFtZe(xX1UiPOmG~$yatqXex)^t{vw%IGD-Vct9ZvQYJPk{a=x>uOx^c62;DaL zc%CzlI?Pq6`2^4Kwgtm))A~%2SSMl|L^HSVy$KvMnd(Iz@P8u$(!)e6D)yRA*2)%O zhG>B?1(`pV)Q_t;2kw9YAa0en8g1$_)KXPO#(u1u{cMqgvU%iZLd@s=ZQRjSFQbZC zsZAb8S?10?>MvTzH!EY)90QePp*vEZ1U#u6p=LSDVmtVUcr(~$xzziRaE^S=xC&k= zu%&u4$$o2`OJ=Z-p_7G+kR*j_R_~!}l zd_^MYSa^;IuqyhZ!r0$pKiYAN9ay?IaZg9ww{8}_C&W<&&NXI>N6mUC@I{n{b*Ybz4n@fCOp9+>G)uW0DbuE=-iRusDnD;m2?E1J8TR?8F}Tful@gWumD9z{SQ2Rw*AI_zwP&b|G*z~&36A#2-N-`G>5!?I<+7vQe_K( zj|S|caYfSG@=*;(%H!k55iGS(lQz(#w=ujUIJ{*bp)1^RQziDjO2u4?neVJeZ#0@r zBC7iR6=3mpqrBApS5=Jm&FEa`f4dT1Tj~CG1;xXaLeE6Gr@`wYaC8L#3EjrKK#xAp z6tSZzVmXL1?NJeTRAQubt1DvfsrdI++V3%ikPvv9Ddg^`kma~7v_~!qGaeDs8>ydR z7$;fB6ByHB(zu&ABVP{bQGI#*8zLKY5L-KX`VO>ozAPHpN)*+T1hD{lKgGmRW6@=*9^);p z;7iRq!jj5)o}Zv5gU(hvhZO_->;Sm_v{R~spX>)!xYFpicjU*B99Oc;P|Mx$ELfnA z2l@9nw!`oX>8@ogBs+q=%=v*v%l3l2KZb7V1^HYmIy7vzzX@4twxw@qAdk=4j&(Uo zp-_u-rIe7(9jZNt!d(^Z4~6}XAw2>w7?O1)y&>j$<^$pWThQva&C!|WPOWB84HF_@ zB0+T!wg80CNKBK!E&es({#BSewOvf(qNsKAx1_p?)uH{b!d)xfS?2m}(l$qRJ@%o* zC!cw4g}rpUV!VYQlx|mQAF(FtZJ{27@8ACXRGSs!Avy9vX|Dbd40Lx|2UIS%R@y7{ zWg@s-$giV^-!m74{RtjylO+E8I0U{q_}iP1Ip) zDM+0lDe?px+)!kJv?=OcA>R=c1@V5aUKn1?Oph4VN}p(dd1uP_YrRnaT;c9*?_-{( zf@BZ3TSzmt#uR$Ey_@@lP=6FQ`RtxW-iW`+^eDa|?AOJDdh7lz?6*Yj&FJCow}3IB zX&7_coE*%>gJ67<%V)o#o*cI_8-2fZ0}&>z}bfjhkeYa zCwuK83S>^^F4|Te2=cN_LKt)Q)a}mxlXbWSzj3`=aIVaGxpMAS89X5TQ-nVsq%jek zD)UA6q;RCsAi8@8#W0**Q;XhYkbQsWFnvFi>>iY?oFAD$pmPDIG85%S$+S5aJXa-V zYB0$j6C^xQKN9*Sp=Ri(By{b&N}Vm-^#Z{4bc}L`Nc<-!;pX&gUM$0UfY2$neeEj1Ng!3Sb=Y&QA#q%;XX{(A{}vbB;*_DiCgLvL<7%n2kj6 zE>`1r41m=?7dhu1$(-)*TZ&GXs;j&^yOyn{ybM z*E%c!(s5^ue7=aC=CTQ+CUnP~AxM0P~)J80{5mZl<#nw3Y4mfVM@Z~U$ zU}Ov$w;M-{PM`>?;(B4=-#q!c6f-fr&6Gmy3LlKyabHcS+A45ho*@4ty-mp(}yty3|t!Cl(SZB3O4oX08 zzg0u_KG%6i?ru46I4lqwUF&SU48JOecGuvqa5e@4O(y0ctfIsU^4;Wy0{PbM!X1gS z$dJ)X9@=i%@94$3SdW7|^^$OxA>!^?yMrZE*^BK(%#^fbrEP_w!An5;3zg3@Ai?vM z^HwqU>#TUv4A3C(t;wn)Bn;kiAUp3ts$)cp)~@9zcR7 zZ-;?-p2D@DT6>OqcIF{=WpggB2&dsQOtPmDn_IBsffpC?T#y7J+!dzY$-V3&9G*Q-sGkex%knKDMtBt3 zh11;+u-v}kK!EvH1}5hbb-yHH_!T=kWTO2c1}Dea6j&eXRZ{M5@9H`Wz>aS~$<~=q z72?3qD6E1#k|e;{eCQ9@Ib5G7Wv3V)&$t{{wR`Pk77CIJQbf(ALVL)bWRt#uYyc`c z)2}9xNjHh#gn>x~Q!h8&o@qNRN}PLe#`AHz?`JL*#);o*d8<^*s>6KRM`KUHKI{+l7g17E$>4jO)eplC^=9;`*N$ zqdOqv__DpL4O3jKkyJ82;$1>QA6{G`CYDw7dczcRxmkWyOr+OgEo(rYFVuiMJ0jNd zxAyb$5X;$^K)?Ba3b=u}l<(Qx8s#^ zn{7vb?>PQ(+ddsYfpId}Y6D0JVXSTt!0xp$A~IVydYi2qKfo+flZf0`iX-Lv5+ zjs^#C4N3}Oud-Le6yvZMKPkHC!h7v!&#_DLB>fdE+$Yx0u5jnp&wiPjA*-}H72Hnx z@Y@OvU0mQJD2ozl6k4w!)^EQ#+ zJO;Jwwev|LL7)=J!Vp*Dyl(hf0kEbvyIZf%ywy6m2y@k~2lAZbhr=-Ri0=$i&Lq|3%(w55?h3^Gty<1v(H?^q zE_RcQ&2q02?%X7$%+*WK4yl6v31|~n2>FPzgC3TA9$}NjoB(>E3>@F->Gg-r^=w zaR;FIWvI6k@GEcNlaPN>zKK>$JSoRS`+T(DETh9fw9h>uS6R*_p0&}PD}ymZ-3tG} zGzjMIIFjIvbH|PjRU%b#t8`5v_#0skq8pz${01{O#_UsLh8dY66A#4XM+8>GjQl7j z{_T{`h$RZ6n!<6(axqqT&LMjpZX>C;9rv$J>>o}m_-s)AYEYDge>-F|f6`f1>$Odi z>9{1C6a#>Bi4~^DE-)&RM^N3#helc8&@BhSmvx0B$bkT_{msuYxgKD-Jcz^@p3?bCE;NI2>}qD^w-d znyw^UCs}(IBUceTL~(J+g(O&E68XFF*ZgF`u10=231rJSU|fI_$*DxnAmSSirrXio zxt?@)vI+;9g9Y_~k*`huH|u^mKbCqw)dx+N_|S2!sIM21W6lS-6<8MD!#Ob<%Rip| zIXg{k@Fe3&GY#=QKT3`cI69*$R)|y1rMM%Ql?q3CS{<4Q8uKc{m*XyFe0&x`BsgdE zxhJ78+MxfFTCc?h81?9|mBT1JD;vl^xso;#*=FNY2|FH3WOP*;cd3ICUU3MB!I>d` zz}XXQVs`;2vg55$EW%8p#G}7sjfnt}-D#Q~CNg&6)BBpE`*!^FKEOx=VqwO#4u*c- zZkkA(b=S61|Lbm22$O%jZDg2ev|Gn=Z|}ByYc<%efJ2Uliqn;(88Y!lSpnIgddb|7pGQ&XU>m)e8ENvM6r0kK$h_m{ydN8 zC+aV$kJI`z6eA$r?7{-@b$II&*c!>^wg{(=6L87O=))^EH^yEhC|eMIq|0RFtOe<&*2*4oCTR|Tnb0qLl$)&n6Y~-A0;BZ4E5TbTWhI_@l_K}L*r0W5Xlnl}l z^oOyH&J%A+`I4>~31-9XJ?W@9&Qvqbd*K_;rv9GwfX2I5N3MB|R=9`tklw?xrczH% zj%9q8tcT5+X*wH?*`L_aU?n578M;?;C|ThXuJuPfsM~z;b2QTps)NB=d|ak~0Z-k4 zcUTEf4(4OUzeKDx$y~yXcKDHog+kpb*DCuRN#k*F?v$}NG`nxf%vI9=zMZ()5Rc33 z@Jd_UV2_Z&jW!k;l1VnW#aJL$-($NIQRSArKLY|ADX)JYgK&*PN6nb}0t?(Xc=utf z;&NngSc3TD{v8<^AdUS4P1!eUb%Wkk_5-HG z2jNWBliPlMTK2i{Qv_b&^A>|v+y25**dNCW60zk~kixQm)anlyIFwpv>iMj8o-rl8 zQ9piK&X2T?8zKYse?<2?EoAs4pOfiN-LAe#9GeFXnx zf&$Rrmh~WRogiUc5k1{-y|(+@mYwCINZhQw_0#8LAVYli>Cxut_n~TTDgUmrOVOLI z7xoQMBj1jzYz6Mcyqz!*3}Mt6wRl?!sUakzv-=TjWl-ur6Q4YUPD4iEDvW1vi-|Mp z0K2E1L0$iGrbbUZj>~r%-IV!37-;PtxcUZyYun{pl3e5fQ@;%N$a`tX@M(2 zEOfwQnkqM=w~uWRKKbxVJazgor<{XEhcn9R28NLn(e9|8D4KC8qdMQlxP zcyfk1lcfV|kj-S8%-4fsCoitq3qOyps!@>K2#qU|AV$0g2`Ks{g`SL~{ClBed;^Ul z45I-*D1el9>>=f&ybGh|eKu<)W>^G)Fws04bxuPL`8%$y>Z@(+TCIPO9 zz`l^*toGcb#AcO__FKhvf7DLRj?SE`H(@{yABkDl#mLr;ssoPP&Ul&B2qv6^lWYex z#vsjyekPI0Wyq?ucLL;;(h;SGpVDI#)O#3X)3=tahJIc&)%=6(SHzlGPO* zuTgTU;41Vmc(;43LpAYvEQ~cy{PP$jDe<^s*hF^iHz3>MCF7$Bn3S<_cj0NJ zJw7qUj+FeXB87+>Sbq|Mg>KV&4=!vm0e{?Vc&{!ohmji9oZ!fG9ptlp%hd%l)y zF8IV`r`u#lhyG81pmztUD@$p773*;dxu*z<-X~I3nD4g!v7pV(-1aO1VB+$?z9jH2 z4eW2?RqR)Y1Th*fI0&;8dwFk?E7Mih7~h`2g54M0drnFPHxBNu{3f9Ej-3=kQ11af1HWtOm=rRba-9tOd zM%w;J$lpuZo#a6iuJR}>&LAyB2`*OgQ9u!65bp$1mzxqPrh?6?19n|AnDj>Xv=*h4 zco(_q9ob;HKZ^km+eM(QD=UE5_93|&aN*+rV5oy`O5!U-!d|IDh@l_)8s(ChauAnSAYI?`*7u0M|6ipO}p3{F*0c1t#H7 zG>Y=-O$P@u{N2xmp3MkwHFxKdCqgc_E;b(G6mHD_;$(!4R&cFNyw;!|^?~UY5g0UR zqmxacC(lxY9JMi)wW*9f6r<-#;xo8qE~X)|oR@46i`Scg$(!M4IgE<-LA2jD+AoXt z;Ax1w1}AlEA=;YgD0BlPCP)&$qpHv#-9*$*K~E=+ zz1*s*Queim6(3JvgUpHMR=VhyfjYzY)epc2_n5x0yhbuiWwBpnOcZXHzj6lhLgPG|Y#Qdmx30LJS z@6)`T+`F6YD&KS@wC`798F{zOgQmSb0@P$n6u9k5PZGD%_YrObVB)LKT^4f-3) zO<51wDat>3Hhx6=uI{&6DdEG!rAdy3}p{hMpf5vyj^fu#Z1m^*8 zH830ZIYkU#j2O=kvD*-zXk*YZd4Cu~cJnh@zr=uwJ)^^ywBH&DxsJTiKyc8Q8MI*% z%-)dcwN91SC)01BI)QzKDiELe#Edb_xRGqB>2iig@}0L)(t%kOHI0mRwWgWAT3i1b z`{CfUe# zsp;1#lE|G&IFz!=ku#dbXRP&hOj-Y6`#9!WXSm98vnY!Y$ov^ou?3(JhP!COou$j-HH`7%gJ ze88iiIGpJ~DaXxQ#WDBu-fKMLViW~ttg1JTbR6CC?XPNAt)|G_9G8@tg)16`Raj^NuIQVJ6?#okaf5b_!&}iN4ZNwUu%o zK-f)woXz6G8kFb2CQ5ZLR@U9#0B{~j*xcdQJdBpkyoPv{DVSYb@U7@EG3iykmzh1s zvs`Xfx5w`{@j?gRulBXvvy#?B-l~R_TSx~D&0aQaWF0WBp+%wgDKByNO6~3KV{GH` zB{P}3#avKz_nM*&12r|ZeOaS|zW@m;j% z*~@}Mn-DMKyULPUML@UkoAB${D4anglT;aYEg6sF7CVwKc(e9yPSir+zb-dRc~`_B z%oB$ZLaXi(_MSLs9YbW!6up0%`@8fE_3eadnfx6>_#T#fOi#J{W@$a{@27#wztAgR zN^E8Wz#tBYIbo_$x2Svxj{Fr-vy>cT(zNDOWEPpI{v?S6!xBm%rdTp60UPGtLUgXb zh?QUw`AC{#MYk)K#NUeUHC2wF{8a`pN<|gQC2>02LAVibz0C&@-c?oesKI8nhg;!tIy?x z7qIFNtY;vc5!6NnvJr1LH0~GmQGu7w4swUjjtac%j(Cab8dx?B|tuL48|1ua;TvcVgCtaFtfmny1Qe7HD7Yj)3(f z0Y)OjrgfplMH5&?Q)ELkWsvqs%|?L$Ba8D4@`_rlyPw|W8sG+wKZJYEfU{;`D>xN zS#eRMaM_I3`?>V0VM<6N7Ki-xV1xo56-Eik%^?3HIow&39BLV@M@J&V-O~Dd*aN3N z5jJHJ;oYN$Q;vUFXQ~g=$H@^j-=&n?z~F_|*^hBBoW(owJmmGK{&lOmr3y}|Dqxa@vw*p&-bNuM`AZV zY&X-iPG!hiw6h_}OZ94?xHvgr9;1RRLx;TsP__GOVLg!OXCd#0=(0i@s&EwY1`iz! zRp3m&Cg_?Lsk?(Glz39T;yeK+hsa`q4ZOx5#lM2fn%IPUMDVCZnS!#phjT@u$r1<0<+&TSaHsji$e6|5cA|DiPE-*l8Nbt|KH!V9)r(8e5*ysZe;PDLSPCg zX)g+OfICwjEWa(i>BxNkZ0}3q>Jr5b>7xFbfjV0&4mPHqr!e)d6;-p_5LtbC!HmL} ztJq3laITO?-|RS~n%pg@U~Sh8NH;iDY9VFl5vk#3j0~@2o^j7SB$|(-XOK z6QQlnN$7JE{y7O7aSoJ*^p<33mqAEnJo&cKLgbxR;4VN84{&)eba{h~jS4NREgOmJ zko66Sf_62Kb4##Cpa^uj*)UfpidWe+qWBY`SEw$W+0?F1dyOpKK+gbu(#o52EdClc zgGMMCVYsBzYc5EWOrATJxcy60J#ylAw2j}Cd!CGqgq0WfPRbYzpG`SfOOBHdj(^gSV&(dUzfAZ6y%%xF$^)aO*UoR7zq znNx&O)UY3zS7mSnncjv(z9dn0U2Yw++S@bxw3(DGpVzmWM0vlGq<&-*ZQ?- z$@8_AJf*Y0F_@jTmi!hMEGW-DdIfO^{4lluRlW9EIRIjVDeJsiSv$M~zy3;Uv>gAp zT3N5@?5j~(2KZ9`nX>9c=@)e@gk_AvlBrk^hmr9(bO&xxZA_DQVQ%qM)Z}bickB z7zSiG3}=&fc5u0==k30<=_U8&b$c2tM@P#f0&oIoX_f%ctRf4p4lk3Q2M zk8SGe4H(UkN7v%f_zla~>KkbX7oxO2vsP~1*e0*)KFOGkndbp?qUfI?k<36p6 z#GNA=^($&sX(n^8_4eo6er9IdcP%Dc&382`+h0}m^+wdb9%vw$8FblnU4_HwM595t zg&~U$$sohkq_b%e;V^pbO1|TdO!UKK8Zv^;99L_|p87s158#`2nC9YUDsLcHQ|9v@ za`=PwS`TDK^UfVKQ4GETxiu@{o|HL{jeIC{Tr^l_YrI$KX>!%#D{MWR+4fmzj}f;_ zd)}(GC+ht_f2J*qXiH(ccEq=D2YzQGx3#1GLH5)?uC=3+cATFbuK#eyUz+_)tqlOv zQk(%c%adyeOaD~SUqhQD^y}A-^>}tbdsyE4;>89uoFvPs!gb3+p%}}=(kVPPj8-xU zc>@_2|FO0>{$U2|E>Qrm+-<~!ZE`qxQ$YR;y1^qZMg(4dgOEWtAVZ4?y6GJ=SMhNl zi-?G8$^e81Aulf%)<(!KEIv)7$$3ur&w&gb8*4gr0GzMIe9RX#6K}=})O(VQ+tKR1 zsz$uW6o!5@E*+z~Oj^o=Eq!q9&R#xJ*0Ngh@?i)>BmcWOLQ<1qOx?EmfF)X*6KD^bG;cB{Vv{d2l)$d@%V$veIc`7>I+@)+yrw4Ha}WXaOSWvq*RwN*G@%Q zM82bTd@FoE?-eZFzE$V$*Zx+Wzh8q7I8S$5RzdG$lBncZobsYzo-^(Y(R2B2&pn{? zKhb`)=ehZ{=cs-=&(xpGZ&9Z^w38IWddtgU#V`&GjPMA`j315{IDOA*4b7E4sS(}@{B#o$ZF8p(glxHy4{HW4;} zpJlx(ZURW%{_b5S=HWnVBO{|I25XO^%pNa-8I<7j8cTAGAQ@1eTuU_ClT zkSUdt%;dh#xaTHnBXU31|14IJ=p{B@vSZ+J%zOG5j<)nF>l9eN1palSYHu3kDP-DC z#3s&^NTLdk$!0OCVEMgvKU&%b*qkA!Vr^i2;l2NY?tfX^uju4|G|X`8P}TSHwMw*N z><|K)e3&At;6Jz%{;1f}{{7n+<_eRj$%Xmg% zgAg%7+TysKx&SV@at+eI&qqw&t;hTT<-DI1_p1FLQN+ubwu7?U&fJ_VkD-FF3=<%o z$I00wR-S2YDY7!B>_O)Y+=4bqI-^nV&w1w3-VD27RL1hxSdX%5;C_)H<*UvoVNNWo zkK|oE-oW6VMre)^_AkZ-vSj)98xYhuSprV9UJ_kS+{LN60r}8h@svFNd5KRycp5(v zT`9){!yWrM*Ih3bv+Xp-e>1|qWxRjz9sD|=H4AaVoF=B5p>(-ab2YzeFTkz!MAKK| zqKHGy8fG;xyQVd$CZj(~=FdmO8Y=Z|sb+)8)QtEwSRM_-!8*qmoNIHrB z?UJkIPo#<6>7b_-V-dM~wi-h$nMuL6S={DqG8ksTCejc22al-?wpC@DUF~mc8xtmn z+D_NiplvCZuo=vq_-(p!1%6ZUh7>CO+ad=X*@4rsN6P4|dy@`-Xb)X0Qdy^wQv&y1 zX(vps6yypY2W!_vrQ(S|#!;i5?vvwiQON~1sCQ{OMb1FLAkURf-6evvsZP|G#}qRt zM50)U&bX7UhXGW?YZlr28yfWgKD*hODjyImJaSTy1fz~8tAw+TFhLK`D~UvLFnDln zh~&n_whhjCNStnTxuhO3Js>ur?DwA+*4gMn$STKeLue*;zyMz7;+InglkUr}tp{bU z?O$V-Y~D;MTf_&1zUM6eTMC4uGJeQWh&dlqq~lSEqXf*ueh7*fe}-ApnG z>a`R`qQD!5Fs-$4kxw^<4w*%>m+OWYcN)0XwM>f>F=#2&g=g_z7Tw>~mfLeVKm;z7 zShot+&1wLUs9D^Ho2_sie0J^bJH)|1Rb@DY;WYbu`ms;W0v|vo z$Jd)m%yJV>yA{T0)W)N*og6Fr^jFB+7PWDf0%g03mjp?Niso~E z3cp9N_0T{>pyAOpQXV94mvA=nFm)w9MaH&ihSYNqf78Yeg62N98B#B(x7|n+7d)?) zSpFq)jNO;BM~!J2gvjHGghw6}!mEyMEAl(woE+mNCpFcsb&|{+OS654f^ICa?z5-i zx8#7L5chJdI}erQkH(7oOLoom~(pOEXQJ#l*b??ELmE|95nbntho9}V_1T)LtUdf0>p zhwn_bR5UH9D<}}{LG#sH~Tf-qCo?+dF8;-a+ z2?r3rLpT&a&UFz4t0sOlA4acM* zMqBA56%j~-Cq=Ac1m#!7r3GD^;Z>W}47?=mGJZQ;uTsZ2XqWc>9qm>JAGvOU{*OMZ#($sL@*GT zp)si~)?;Fw#!hS2ZvazTBpKcEOzs-}-Yl_&R-D!HICIY&eJ#uz05A@|fIc)V6sDA< z@&(oTz}_WdC(cGQNJPb%wZMuQ(I4!mTK?U}FVH7u)Oh@wvA-`S_5r-vZjsnn_mQY4 zMZ*~Na8~@M7;Lcp-=e$)rRRqVJA zry3qiHMvbCuPfQ>j3|Sr*k!i%x@O{Ac1<&}On*TwcXo!5lCBA^vg%Dr91-WHA$=Po z2k#6a@g9rn>5yh#60g25n4SY+LqJW9^tdV#hS!Pc@C1i_E%HP;F#774}a)dHL!z5m8T*yzg9i2 zKapasx>!bswK(7KS324kw%dQig(;SQrU`orY05I^coqvY>Jm2SkzW-TOEN_Wl2cBx z9*Yeb12&vWduO`K!M9wd$7U*C_1w1LoHkOsoYI!~YbBF)8c^8A#%}FpsCshFM}F~d z19*Ks;QQMTRqr}`K;}{@q7?lA9660gE_@wCUy}@dM>*MGjQ4}r3Z^EJQod}`rF^O_ z6Dz9Xi0<#GFX9vTrab%wsvnK#Zz??F-f(JP{d%bnfNdl`V=o+lE--%2u}*iQ-c3!6 zwYa+(T-+hORmi7f;(CPI!%*-#Y!Y#4Ca8!Zo)*g-6UJy16(j*;;3quNTYNQnvCMoC zK*__iMpJUYGJs|Sw$%R9t;^ji>w5|o$-|>ENg~da4I^A*J~SgX!a&+$9pD3*Jf{Y(<%ik9tHM{D9G|nMr%5sDZ|)8gl8$4;)T z#Q)hUKWslQ++fCbxl%LR*c|R)wk1Yy_%pIq@_lYRx)THKHM+r?GiwfE0ma(m@|Gh~PVsnac25`2o*eCJF;m#uaEaA+sF(uA5 zmu3(EH^Y8iIlI)Wmaw;qZGX(9*q-g`m9THnDCOFmClv`}j})0|qHVhMmb=1%n`DhrOkb$)qP#KP3jDpK3%E@ZP=7YV}P@gM&~ubCFiy_|JF9y1oJWd;h6hS zYwZc=4S|oZ3%fO1$tMM7RS2Su`mltqf<$$Mn3i$l!*H1j9q;^}h)|T)k5wDSh9CLa z8o3y-KWUHED8^j_@as=I>UWO(^Q2(?*m%yqz9;wH9`}XTrUzU7$6AX|v?e!%kF{oNH=RBf2J;Wf+=h5+Zfct7PEAg;e?7*1 zc_{uG4#~xL%*%W?M+t8YQzs3Ks zg?90U-5=%M@8w*a0`C*?AB)stcTcu`@TaoLwKRND-Y499#K4G-M_aN#ZSfy(DgLa* zCFJ8AqF|*_Oe<19aqN`)1`b({Z+eAp6?lrBjr*-8UZi=o~q`D=#UIad@K~CKq zo$Vr>W!^`|$?fGX_1eM^vHp(X`|sg?y8Dank#-!+d1>D_eC5H~n~rzCOlsY)+FxVa zy%iXrIn*s|XfOn~;G%4;5Y0*4y*YMaBEP;X8liAqssBATrFTuNMdp)%93^waisl~f z{@fG8d|EV=ujx{oy5#1r?4xe(5jXYIvj2Fw=f`FD?y~*UvV+5B{Nb`0w&!)p$IFSI zm+3P|5NR|6J|&k6z?7l}k~yCYu1qvSiM!=UzYqm)=X$x|jUNzy(BmG}nQHQy!t0{+ z7jaK6dx;d6=p#4k%&oD+<`|2UaZUfg#zz0cGTh)slMd?5ptew5F7%s1qHWqc_GjUr zB##i2yhg@+{2iHkQY1$vKrf6O-Q*sgsf?rgl&6 zom#@SWAgaaw`B4hk@~JkJ}4Rv!ql=v-67nGu`5Ngg4r(FmO3&?g(lH?r?JAUL@E(Z zE5sLqXpm44Ytx8(BLO>(NHp|RB4n1Wp)DGcy-Zjj3u zyf?QAfc;`DN#=0=mE59Ts1!p3zhBH2IGc-uNwq)vmUyYL*>9SX2RWgY+|gy9oSAo^ z1c1x>bR)q_W2()s7Te+-Zu>H}m9A<@b^2Y!&P}pse)lP&W1!vcsI;FnVt()8{fqj} z5(6_vep8H|JL(iMX2#$V<7SL~UE!ZTAX3#&tDG3WRRBN7N!n54ylt@d0OK8(^HX#D zx%m6-}-me+M})vC|ED!MOQt*-;CwDjOa^%h#_!*cEtc2_3 zJ4UP1=gdKzF>GFeWh%!?6u=Z*7xYN=k^!zVjN5iHhW8o9?X>~#{m$gg<=pqm^0snt zYZ*WgB#6?m2k1CP(F1jv;!#1cO=Q{a(HoJ-`lO;!Mw}q#$Z%E46Ui`#awG^=6C<=i zUnkdVxk3MnSXY9h-Xb`P_4-h_?an%<{U@dXDaMGnW363h*qL2fFLy_|wh+mGx^+je zAM1;FD`A-JiwOb+f9KM2;-a#=vYfc0Je|;uW+HGgAJ}74c0-QnibUd{iA27+F;~ic z*qr%Kvpl72pIjz;7hRDh-Y$;dkdtk=0TUT7<6BM9@dw~cXFB%7q5B8{L<2gP3!Y9i zzMok5jC0~+Fd5P0+UV706N!MohMsOFsSS=KByA}ki8-$~F(y8m#X08`{MFuE!!1ri zWwIVI`_PE9|Fp?SC42fAyc}(B9pgd9Txq=okJ^ks(aR8dz-+#+CPjPQQ5`LUF3fwLE!N*cAf39{my+isbi}Ui0B7o|j@V@#(;8en@!i3Z8=AB0 zo8`sLiHn-EtX1vwQcm`r(h>h#yPr%%M;9rxM~+&e_DV%=S))E|H&@ZS^%Jj^GIRC= zbB44N2dS0HC;=BZJEyJ>#B=%53wcE5w2uxvOgor-Q+EY=Gjew9IX^kezA?bf`i8*0 zIq+`@yg#?cUT$xnW+3WQn#2`-ktTDpJHdWh9{Y&f`ghyJ8@m$$x-g_l+dH^_MDvnR ze+um9m{%Ro26lIR+;$h8tD$f1RnmUMMO8fgX2QEn>D%A&eN^(nQ*z?(A!;DGlNH>g zj&C!W8D!>szj_YhS6idqXHRs;yOT}Lcyj^pcLq>Ay>;yK$HpCv&BScfIoaUg=hM&84tE z!S@6IrXaX2m~=JKh%K@qf#)`e2ZUx3g{j;)%U39O9C8Wfa9{M@%L8{R?q-5UqV{%; z^4H7Bx1p^4pS=a@PV63BwF*?yt52$Tj6cnRSToCD96X$W&Fn`H!f{#aL*GZ zqAvBc=3LX?WXmR^9?=xe#o4X10a6;RQxD;{y-`H^gJ@2=1~e*q(ndXYdY#cac#*N-Xh zc(w#vxUj)`AdYp3$QomN2yq$5gBmT@pvk%7g+X17O0-8^3B5N0N~90#EDuz$~-uH^%jxZBF5iE|3eHlKE=Kp z#P@OM+wX_@KXs8@?bVWeqts}-ub14nO75%VCQlRhINwXvZ}q0zdY=BNXlY1fZUl-g zxghwzlDxT8o*P`<2&T`>ruRz8|10?)lnVbYZIP!6b(+}2RpZ?O`+5(Om#vY!I3y1< zvLSiD^5nfFX){{5_yZ~T$0`43o=r!7Qu5DeOr74SK5k2X)MiMpAs8)kK?tcCVRvWb zs9)DAa7Ckh%2eQ6jc&ocv(e=!o33n3UD4=Y(^$N^@dreHEMHg}Zh||?)-kfdmz{3a z>COYE!p#m}iwlyA(>v`t*A|efJNTtHb-f?_BJ>{%gTahRre=6o;*~}Lv3NMfpJlAo zz4CW@()NG3AhwtHw)CVrkR-&Q!{z+Aa9mDO^R>H@FLM2_Bh>CXA(-e zH`)y6nnc7(iLYXeMpv%hV;rywxZdqDT&Y`=<4K>XnEfN;BXKVVF2+ps`tR|(rbrK7-gtlUOUCED? zVv)5rxgTtYVmetLq9%+Fk>XhDTZtJP;!~xar0$BvM#3+@DgAnDTK+1aQ z{&6zZExN^e|CpzJu@lDwe@&#u=oXizyX8CzMUNyVz7$irw(?P5Ofbi5{4khX`@|>V zH+s4f<8WO=D~QT=oiLia(c(z3q<4vp@%Qjr{XIaD4_f`5yej^Z#u<}`4J$P$pOfM* zwp?Uc&qy66V%=$>wAIXLc0F9REM@9IEAjl#63n70ivcD0S z0WyD}W}vb-epcfF>ZpEag45@;p{6F+yG-_lEh+L#u|VaEO&)|lQVd?JYwF19xU9V@ z0R!NC88uH8=Tx}V@1i99lHpeAquQ1cR0zH4&ge{csq0R?{i*lAg!LBn%n4h^Nx%bw zY{JJPSnm;?%!YB#I2{^wBvEUT)1gV*WwU0qfbA8%xDo3gaGDC;tD0kmxc#uY-f7?fO|=H_KG4wDrv*p>7M0nF`+tE%3No6O$SXvfG+tM_&FGhr}M?C zrW0@|8!1*p4-V&%S450^yO<8QbLn`5b3kmM7DR$$X>%CIXW&$pm@$qBwk(@Tl9Z@# zIgVz_)Q`izhwn4TG~4!no9Ab+H4q8ccrNKKvBoz$NvFZV_QbzD|FZSHIoH5?S39PE z#k3xH3X5LD*N0t`70s*EEMnvIt5Pk5jpbTVzlVnXGKFU*Fx`pD!d6jvORx)CAr|jT z>th_>?N?2Cf2KUN1g4t_hzm4H?4XCy<^*I#^SCL{v8nb94@TqvW9&Tutg6nv@3Yq0 z{p{2B>2qf0oar-^Vdx-8m!^U!#u7Ce)9fbq&71d{n=9B0_TB(1R=^r#0W`6rU{|cM zC2ABji8Y4rxAs1RqcPvT47=~M_u8vG>#6@IW&2a>?{4MQ$IIy5S27&c4E^3yCAHU} zlXo}q@+-AbYKu5>v&LY&G;;clhX>o%a*LP}o;hs5`TfKFvj+a)`hf@0uW$O-Q`;WP z`=b3f{@qRXX3-UEcqJa&XyT;IcZxp~do8X@Qz`3kPAfd2si`D#2;AB%X~lfoHxnnD zT)x8eN!V_{I3StB$yp!)ndv0q@PnN(4$-?HFG=6AN6T>u$KBJ|BgtbjLmZ8nN%#{( zCK)$+t_NK~cNZnwfgZ0~N!@iJgW+GlVr5Up99A6^ znz7gdQiM0k9rY#co2*@elSj_S|M3~YN@MhYbKxbYsn}m^`smZTzMmm@$@55@3!Fll z40?txeSH~XVj;bGXY)h7tEThkU}^lQdXUpCZB%sj;Wyo0Jx zK23yg{5eBCYY-N)&QNQO+D5|vRnf$q)-2EqVPR~XBBbngfK~&9*au{@N4Cg(7kUIj zR;eY<4S`l9ts&6ju=AMyNV$tWU+p3Ro-Q&&WxSSc_qNOL{iiyr&DiTV>c3ma`da1L zNq!wRq^{K_7T4d|pJIx5lOy79!WO!Z8lk_Wh0dJzJ=tcZ8~T0;<3mI5t{DtT^vGmm zxe}|CJVG9d@HWciS0!fbg!!?w-X+Eu>(n%@IQl7_XetzUINK(cnjn30hAPtybQ*p` zw9MI216=v<8YpUp`sKT#yB`1lxtZLN(NB8Awps7THoEn;Io|r|F_v0vg>AD$Tf9Cu zX`6qT>Pz_7$~&fd+pK*8xY#$_rctw)VfzdYTOti;D%jt&k2}=v9oRm)hG`$&Z}o7= z`)zWeB=3iAp**&xgx5@RYZBE$KClun2Yqj`P{$x1)Qn-)_rZ-kUGJN;j_bRCrp`1) zvWff7z^~ffqU%|cg0OY2)vdEax6|d~Tg|hlu~G@_&coGZ!k9vH^nRm-?$Iq&(<;92 zYN5q0BtB}Pox=ti7p~v>9|s6?{wrqe&tALEDT(YBbz0&8vm+a-a*wL2wHbT2srK*e zj%~hKr*oI+>3lDi_e4bJCL6cup0-d=I|Ya$n(|IJ|KLzogCw^7UD zlJY0}$M4wcZM*!jZGL0}$>GG`vz05Kx9JkE+PGcOB_6faBX;Wxwt_b62Jhl8Wu&dL zHOl%ve(vPehC0@VRXByv>^7+;Ve8}1gZkq>ql>K@?NB~xv4NHd?B9@2`LR3&csUGN z`pfl)-C%2+gC8?a%8VKK$8F=LRXmCp1f|y>er7ao?ub78g?~2`MuuN|lN zwMq1vko%5SV{~^NYwbH#O>4mu)vx$j-v@OS<6it~JV^aZodMrW&}lO)Em&2^#KgdM zNg}lC74QaroJhLzr>b5Br@~wQyDC_r^$xlU)`=b03b9VyYJ{6dM7W9n`!zlDQ4$B` z-ZNqk`*cr;Dh?*rC})rZ)pTmM4N41eTQA!7t9IF#Nbp=7NqY!W_KDz5+fwQ8+iSX- zp$9GLfB5mXHXligC+gozm+j(PyHH@(aDgqe)dEiyJk>7kNrwKg3G5 ztzTb6^FIm#m7ti~PkFxfMo#P1$wIG_(P|dMOvY9xns7V@R8Gq!7Dz>SMM{}bDUfJP zXZGE3UpC$eG6?zXD+r*v13spqQwE7paGh@)iWf+;;u0=~avf9W1EjzdNAl({J82xb zAOlcE19=KwPk_>9bz>-ouHoJ9_cH-tx`qru6Z3E;nublJU!Jj?Ub;*SSV8Wm6wLVcB46^ zFmXQ~lG#>@r2F1=P*(R`ug)l(C+Kf?)FYmoj8STP<31&aX@_C`$y*VN7K9VjBnH|@ z23OI&e?GKaOlbk^E;|S0WCOQ) z0u=p)02uGin_6-FTnfZ!R5_kHg^KhTcYLP-w(Dig_VHsQCR>)pX+Y(n9A9pYoqbHcQmxTCCw@ z!Fak##WoS!S&_L167X>kCdeuAxMy!9oHGd?9@sUgL4lyvrcVN1=_7&O+AOL^_5mU; zi_oI%bU8ypOp#n?^e^^wIWN7y+|y7K=YuA+(81F_wHKNV-II5M3w~Bl6QDP0zGS5W z9&(g!*He|;mmtL0Ecn0#st`&DFS@9o4^1ACk2TPO_oRuvK+^;4QQS;-Sc8?HsDn&d zpqE8T=RKf*O$sTxge(3&Mw@=pBmGa(9IeheHEkPrTZlDmma$FgCOHh(v2LrwV(Qae zKqZA1s4C;Nl;*kO`RE%qN(c#M|2aXo6LIzKQ(VyQzE5fPb^l$_NDO5e!O~XW&;1}5 zYq&?o&duOcj7Z0rM?u}IOgQ@CA!okJ1|3-w zuP@1M`_v3kg=;ck!_m9D;J-C$ObD`Mq4Cxd5`SnvSl8chPW=sC@)OYEqT*v&Mcc16 z{a?Q#AN!0Vdm2YeCY{dcVKAX#m5-J`5n&~#)c*-9d6(m(0?P0S$@vs)qljHhwhoQu z>4t>~i$<73LKjJY++gB&qQ_+6r^4s-{TG8{2bL);f7OF|E=zJ4?o^tvEtj>qRXIRM zWrF5%y{Ng>=GaDF7DxCot@1-!V0<|3Kf-q8{b~RA`uLu-pH3bd%snBHpQijzQgU-D zyCo&xO=aIpnQx}jZ>5rt>-#pQ{j#db=k;%2NRv$OoWT7{h9RbV@qBu5g_f_dC3Ia& z`hyvAAw_))Fvy5zY=KVAr8oP=c3?n^210qREj={+p>+q15W3c+KRTXCZkK2zEG8sf zNAjUx=`Wtj;ttzB)^Mt*P5qazy+(iS_OV4-f`q)Tk0@p17CNQp`8NbpR|axf+FzQM z7o@WnrsY}b?AdAa)O31DI^lOM&e*bP5ePe;4=$uk-50o*2HQv9wSZ~nZ9OwIF!5K> zkD)2LADX1NPWo^(7rVgRl#Hq9da%%imftMamNcfuc6%Pas@v^pG-t#j)=sLjKedKu`;*r7CQ?tpXj>$n9oNXot z1`NPfrW~!KM&$z3!b6b5-G1M~X|%zWdIs;K;MxhL6!{uHB8=04XN|(lH2CIJbrxT- zJ*_et_q>!vzf_b-M;)9fHwdv2i+{M8umPv+hPAqvT|kIiwYBC|%XBln>|JZAUTf4c z)!|r92^Fo*tmUdxYe!W<{{RzUQZ

      M}nIi=}`67tWG1M-K?qVB3T^1t4~i9r-L_ zPE?)N7|Rd(NQiO)Y_4^b`Jd(u8SB-wInUe4-O;-`jcMyn;aVtI%&Uaer=BMNi<3n` z!*w!`JdB<~jlnM`L^Up#vaydMg|}qP!x~Ts3Sm^q00VL@EPqKyqvS4$C?i(Fd5EtpV_Xz3d6rPKiR{`0-1=ICUX5jI zsa6I}nK(eb>}|D}*BWH7A$WoS8%N9p4|l3}lp9BbZF!TRZE-wu5-v({KOU~beeRyd z{B07mwMcq{sM-m7+FWchSN5@JPw3GsXNvGZ?!P$N5&I{9fd1)aCw5$+WDG^j;Sb(o z2()7e-1rdO8HTiY-4@QEE`|;5y_a()BQJTO4yHr;05T7fe!I(+q%#T6L?m_GVJaMr zL)nJp9;6n-LWV@XK-8EPe)^XxWTk^;5KA}9pNxp$FEw=F&#^+x1?6l8+yK7^V?(Jg zwJ^|kG<00^dX2-%u?BzQ zKyJ}&YJI4s%|)o}hSiyack67_?jVQsGY9YKHyru%Bjl0uAnHSo z*o}`NP`)^xA1042XoBvYjb9|nEO-!cS|P5UaY1zg%sFKB&sT2r(lmNY$&{#EB) z;q&GI+AvPez)Z;JHRDYYi|tBhYGe-biQLm}2;PzV^4{VRqhbwsjek+>mhR;swTABy zwoG2Z(_JI2!G3nbcY{riP#Jy+NakR%hc5g9JYZD#kdZKaBDMs74OgaajS7EHLEKx2 z-&yc)kB;?2*A(bWGL`3Py0~E^KgHb+tK~Q>6`a=bI6A4^42nw#2*vFY-{WP=#Xg}B zMHWsiOBKWQx^3!PI8}l|xsX|gJ*wdvS?ghv@L19;0ZXDv&Vp-8!*sjsXYS72mo%BQ zeJlSxbGn%!V><$e3Nu4tSwXv}WUD1!D)ziyluzcpm-F)3eEPY(+>j48=H(;##G|;! zNjH%GG}lON-^lpW+9K__p*cHkX3%D$G+rIi9_c8u30Oujy;F6Q*=_Y`n8_%4PLYzC zHK}cN)Pa10YPm-8@nrPDV4Y^shHFrt_2gQ|nptUTIXH~m{jSvreRams)W;som%G$T z)rnNah;LQPAg*O=D@FAj!QP3Y*2}b-sZNZYTOLklPBxn<^O2%?Cm9LMl#Kg+b%cVQ zSE{TtQ3K5dl+EQv=$?A(wmAM`7D;4iYcTOU!TZ`UpMR`*(y|O4*6oYGv^73Nhiel0T zQs%uSb4|${VGcJh(_wS6Cg*IMZp*82wq_Cq$~WP3hONMzG84cu?r83$S;w->>NYvK zZ1S#cZIb8?wdl2OtQP1-D$bK7U~`3YP04(ulv!D-x5&p%)FQi~Zy>I*jV9^TP4c1y zjc2-cASpqXPecI6n;<3j!&=$e6MWXT^_rp96zUA zh3^@HPFzzRoBm&0f;Um_ys}v}HZ@qc3-?YjMJL*Ov!UrN>>vRDJztK$P?k@YgQv>! zv2w7!EFUPR9xNw5Xz)Jdj;75G&T3F{O@U)g@$>q@&1Hj=Bh0Qw9AhzeO4Vw&=sa%W zeuItfCY5lFz)LoeiAH-n7)g`hHJw;Ym30bl)K3LaBgxcj`|?xt7!t9SKniq z9cqx?D|T4~4J3!M4$p(^uW=U0lR$zM`eZIBkQF`Et0NcS0n9s5o+WUK@x8vN%iK&w zFu|dBhR7W0XMxG%IAJ7y?li&Gn;$ed-C>tfPEY4h@8vRDdp(QXla9O!chitXnD+xQ zf?X~#bb_dazfIu{&92yJkAiOUruW^Pvn9S)@LjEd%$I?rR zqy)H?z^=Ekc(CQS;|>O&+({X=+xC&?YmscZUTGD`g-Xw*ZS)dCjp#y)MD+wwyGc}k zQ@d4Ei?zX3hoS7$cCLA$GQMyr44Zm*V&&7naS!e!Q zA&qJ3aba8mTsRyow`fdJJT9lewEE&MlVKEVW9o*4QqzlsIzd=B3G+A3t->xkgKY=j zLC2UT;vq!VB5`9#LcgY#&&X|*GOqC`LS^rmqmdr}E^2E;^)gW#Qymd|uxSV>E1Sql z|FspOfRYG?zID`i8Gt) zH36z|RjXW0zp-#DraIl`du*FvYb$};kGHCp)>f_7GT(1(e5=uav(b60(Jc{_&>KI# zsc=G*7p@D)lZ~HNyw57~qe}YYihREk{G}q_t|Z>6B#qMc=B`=eM%*vKlh{v7 zUAocM#AC5{HAxin81_E?1x-W(dQQQfqBH%XGm@bTf5IIM>D*Okb3})s)7-TCjPijCpVWjeoH7F-JIw_1Es{tW+A!T~#VfRr&6Oy=u6pzFh#m zX)F{clqx9Bq5Qi}m=A=Cet>qs1gL}uAdnP*1*yau=f#$bGLoiea!V_(OL4D`?=HTk zq3W(6u)8VNctGkW>E_t==(y<{D14RGcbobNDPhf~sAP;uDmE6|(U>L2=#vMaOVtX% z)#7ukgR^3dvk7Uo;zfT)zI8}(=Ms1iV!AZ{QE)yjSWo1OkL7X2Bg(pBWKU4DkLAvQ_+ddhLl^dFFRVZ z%^}XtHZTk2Mdq!>RzoZ@_Yc>Hh3n5mxcMmBd>(DSAD-K6hMVYMw{ZUruFr`z9#(6p zrsJhXnM$SmQrc}(CzeIK2Dn8DryJ!L!tX8P%UCQ`lzg3mcCCo(gxz|gN&1tx zYeIatZO2=`zF465Nq@N+5B%}*INomK(jqmv7EjHIy)F)t#x-Wc)na-UDGe@z^J2kTop)B{yUh4GT=*<7I zljt$C$(kT5kfN-NpD-+pmfCJxY+!$+UxdiuwshhF>s*z0KF>jJFcG<*^@hLb34ejm z_ALwtH_k8YwsVc1vk>aKbCuo9X^47O_KoOw|L#p5E_~+;^PQr6yO{6piw`yi8^fv- zSdVqOjc&WMmLA>q57qOzO7GG3l+m)mNS`3opF4s-b&UV8BmO~$IUYplale=14|4K( zDxRAYxjk-lP^Y{su%qHj+o40|XXyTq!v8r9Gqk(2Kkyik!_n?sYqC=VuWp7O{UeA< zER#H&n7dit5HZfcPD?87PI%2u5NX^!xGP>cQvM$-S*Px!B-wgTYy(z~YYmSkl&os8{89&l%akCSH3F9Zm zCs>olZ7-%w-aanoK!uiz{g&xbze>bDVQfxJdzo+uOL<^4a`y(%firE!5|kmt{V$Qr zWIWagpyg*09g5*WPe#)-wkN0~oq(e1K>r_u%W*K%u+GIwW$#SD%J*caoZvPL)`)V5ErDAm&mCz@^7#f7`iN(MPozEam2zZWTx0}TgmV5fhuWC; zS|{U?nbxUNHN62>en}g{BJuqmoBIpPg4KmSS{xBq$??EV`m%(e`Z#T{- zRhlG&8o=`_)lO1f(~-HlL*CetyrBbVe(T3Gy*YtK3D>V!ETalJ#5h_Tw!kFdLN^ro z3|=!IKLc$A)(G|_dt2vh(8=De5*rLZ)_4gfG5@IeK6T=e@_!9=(dX`w1lf=e3u9`< z{}I(tjNPezC_B8SlG8HRXtJEoa?am#wpl5q+-x`tqsg@L4-O57;OKudXuYM-{{qNO z+A{26fCkUPc~+%4led_%{uUDF=F zx_wxXKE0i(W?B1>u4-?%vOPZ1k49Bd0G+)L6I2Cn1ykr)g&H{QB(GScZRo2dElG2n zFO8k3I6BraITyBik`0)}sML1BxYRVkqb|{~IY%+!O&ZY4Q}(YlD2edM5bh-IAuE+g z5K|D(Ob$FFlmAhnArEFDbHtfyE4s+WUl(^O5ff9&6-k*x5LBf&v$P;~j4>4znoo8v zCmD~&pA%IRXw)Z#dPWCxJtA`JL=rdjCq&P^U?zjExKYe}oV|1rPF)9Q{1T+jJ;gLM zTr;ukgna!W@(}^KT_E!|Hw|Y5wo8zGW533{O!8>$rOviTRE(Kwfi9v2j)}?WI!7>( zeqF{vr78_BnJ^A0PAmNqq^UjOC$^RKY!n)l71u7zEz&<; zMOkIeAlg=X%3i2k2|`ul zwV2eajx^ZWi+XnnD(Et&hwXj56VB`#Xm-Z#!ur_#(8LIKonS_HQiD^6*VOaymW2cx43>{q-cJQxSShQ55H2iy`bWpxZ524l!`y8ynD>tyCVIbFgF8M@*lN&+r1o* zn(IiT1za~1$cH)j$`IV&p4?T;H1<(FMnkH_-%SUbjK_cbO<4GaWPDD9wCH(Z-HWvq ze&Gq>T-Y3Dyf{XioDSllf&U{l6Z*b|0PD??9y^sZK{Y623F@?3 zfN3?!P`4V!naWx&YL|)RjiR(d#FvUjZxZ>qdA}z6pNgow|A)LUdlE>;X@DCU+!}9X zDh0Ek5=kbEI8L15+dkuMVvF2vv!q4m#akE@DHf2u<8HVd7T?aF8QWscd!0BJFvIx{lgO8RVU)t z3u6~KUl(u;qxccV@I0+U5jyxuF9hOal+w##u(46i94r5&tS;On7!8o}Z%Bc?IITqXNEf+8=Db~G`gqg1D!1L*{+{z?{rk=q#^plp z(f{^ikPqg8(c^^5{iLExJ7PQd5u#(Pmz=ehSZ8I{T1Uqk53Utb23QR3sanx3RiFS9 z!@WL`2MF#@BT;MgmW9eO)&ZLee&CvlQnY3mUR+$EF*H}7BZyN1ejM^&U-Y6_Z z^sX|e`76wc?-`&pIO*uTG3a+9b(hHfR;2C}Ep`g4Dj9=Uhz3`?dV-|LAK{Vqy<*2T zSn3wac|bAlB*_-`cO&zvadbqN!3V%5E5N)QOAdo((4U&aZ7=HgUrD_1!S;FybRwcy zIwjDFzlWAk*LIxWYnX}YkP7P!(*#&HcCb+p21BbIhXL2Dz+p}d_xcD!&9U^sHR^$j zi~o-1yZHQxqhb9*hoSTjM#LIBp#cZQHd$>_-H}e;jz5xzwkK2~Nc7J`HGv+^K(1q~=5X_Ha%;d7w@V$CK3(9h&>h0$m{8;P)C4VcrB<5E zc_7b}?$_77VyU}3g^ngQHPs!q(Sfv6iBQ2=r5FFF8_txpwJP2qN|zZ}ZQfJ7Rj_oW zex6>fiW#oWDqSGcUTTNp-la!H8kwv(iI*2j`?EhH_J%dwa4Xa0Ao^w7u$B>NyB3sk zEr&Y4(X5g4-_9yaZ84qArn%aL(5y1sKQx^wBv?PnIY~H+3HW9XM`pX$O4pCANko7X zzg~i&BEkc>H^V8c5ruo<@_oPKW0C$y7~xvpCA@KI3?&DvX6qrrW2YxFS+tV)d^?pi z$GbS^2*iUF47OVP^K=I zv#tUyVrH1P6hxY2ZJd`t!}VL`{#mF$iJ{=n{^TyTD??;X=zzh`+MTA7O!VR|HD1a= z=(JqFr86B*r;rFJ2wZlw{kvWI%+_Xpne|YpYG|;Nm6IOZ@kezSDL!9Phn;V9ooD>~ z76oiiaTsdD0%S2wKww)K4tk&*ZuJ0>B<_`&byAT;XdSWj6yzbH9)_Drr_5}8h2?!l z{R1c6ouEbF^BdZ#mYAZ{l(;x@?JO<)jy+^Sms)AgBI-Oc*lvsTn_C zj~dO2z35`9AA|qH2O7us7eHH2<>1Ze0OlB+&!L<+5DgiYj#l(O9h_*vx2Q}0)g$Xh z9P9rs80gx#*nis5ZUW$VRJw%LW>)G&k!#6%1#SS- zgBvp41Q)Bqfh?tbsxT{mrYyMxTihUuml+ME@_VZBu!?9ttf{N^^Xh8VnrTt3vsx~Y zftT5#eebqMf%}io>73NzbQU`H2RcS8DX08+vUXvRQ{2h9Socz3gJDy&j|0%4a0V$O zfx~xQySJ$BrqBg1GZ>X25&BW$_!JHjlK~rO;(?3g^YN`3VB6h_ey#g7KXwHO4|0S( zd>6uAJf}}i!E@6$5{+gx36faCxF6^0vIz||0rknixzukUay40T8WYAN#5X3)HiE|B z*otzHoWv6-nPJ+=E~h(TJiw$S%wbO7o}i96eWvA&cKf|bKET(Jyc_tdouKz#(0inN zXeWl2y#{e0f==j1_@*#c3u5pDCZN9waho8-oCFS56swh1Z^!w%zW;|xG)bKC7QFJh z$nA)ecWCm23D4I3Skht#=C<&e1U;uB_mtrPd7|O_pQ9&rgrtt1)RC3_(URZZ*T)0T z=}5{POA)yL?&A#*CQDYM@$E>;9I=%B=lWwTqvMPPmd!aJ421$eL?q1SIm)<2MFG+u zC}zCZjjP3LhIrk$NrszDxVB$2c<0qdY@-^FIOf8a`i~@}tAz;iN0*GX|RWZjnANqZ$bAh(odyEdNiH_;rMv-TUQM%6%) zYjFZ{QU}w#X>q>HK}c>l=RB>PSCx1LJ(w-Gm-eg5oUc_76{2AhVRhlGwUraCWYgKK zE9{>#Fgh}3Ffp7wbb?VG-sh(~ZOvpQWS2YZcZ#`7JfiAV_^OhV13Q?Ve@!L-0Yj@j z$lHyQyD+pNm`;MsEDC3{U2E~VJ~gr%(N$fA7iS=v~`k56}s13QNJ2IpmznYVL9lgxt}q^ z-i3c8*)CZ;C^gvUH~L*RRfb+-`sIG!8d5F8mub?!DT zAA%{c+Q9!0bG!p)cpTv!>7Ih2YqDoFI~fs-o33U!ay)L4j+{J8&GxdY&}`b%)m$&H zO6={RcJfHg#NI45FHQ=P4&oKPifZmypmz0|YO;pArz1Oz{OI6H!(FOvD*7uw!iJ4| z?KD&&8W6mNZ7Z_S(E37msP7MkQ#QG$ufH~4km9qt^R%vzzv1a}Fb%8S4YXEAp_(8^ zxgK5PP@PR>nZ@F!;Jou9guN?1$ znlzj7zIZ%lQm2-zmT>OszysJ}In#`tY0t)# z?>f205()Q$LEdO3mFQR`a!-k#_VkOw{V^~Gz*;y2VHn_qSRfh5=DSR1Kajiuc1T}< zJD+{Aeu!liE9+!w1&xdwqZBtq_g(`!Picj|>w0}xi+`yswU@S%3cU3xQEGQz6xor9 zq&Zpb=VZM(_FOOL3{Av?R4~CO)rt532P)q9XEP0kk@F{$ZuK5eOs+NR1z7?^iqhqH zn-*%g``GB6UznZ-WO9I(`^x0ai|{>mQ~umUGVn^D2!3b$(ECI%9TST=${DR1l&d;H zZINy=ogn`<_xw>f0G3O2yi9?G=e0U582Lt%?R?}2NOv`&WwPC#wXbuqIB48#HH)r1 zQ|*wDGbA0BH|lk~zK@&ee&R_$0Byhy?I+B9CAihJ*XTODUf6ew)Ed}PxJQ%x2=Fou zE&*V08ztO-=LC7?b-zWmw~)=z%reS{F=7}sU1aEs?$Qvugq3IJ|5iFrNb$J*x;zf{ z(yz-CmCDA{-*>+hw}Urm0~BH3V&?(*=ly%ApE*BOKO6Y|9bb{o7Kw6ZLimjn`NlZU z)c8j>PUU(X?GKZ~-@+YDYcF%Z#Dl>(Ui&e04fvD=UrOh6g~Q4J;!($_{6jLe9vv%> zgYI7?oGbNuVA19T9kLsY2krk|dS9w7(cOT1!L^6H`@g%JDt%t47leiEvj>DFB zrjSSAS%6!;lUC08j&mAM#ib5I+htU8FCD#C7M5B81$|q%?+EoN?)h<%ddM1bz0Px} zNgrT=Mfu;%Rh^K%Hm0jK1ck_bxVyfM+=)@wX64xe;ERU@R1ns0=lXB-@7lg`Z~yNJ z6%Kzh2gP;^caubppK7==mp2XEF62B9pZ`DJcu@4jSqL#e^YE1YzkPz)D64}$XJTY% zL7o{VSDM_{$a10%T}D4Ln;b5rYLs^=d8ZT?o95+)_mbsa)##li+#x>d6EY~%&-cr& z5#AJ+s_G#!?UhNf*gFygVSu#6j|uVXBNf1JB?0Mu00`0FM%mMxX8UX$A6(>fS9w!e zZl;v}?06UIm-QeGBt&u?@gP%KZbs#n-YErak)GTp5Uw_Z+gPMfLIM9G8QPZpg9JU5E927*mO707uKDaL6q%k2#Sx$WR+*X#rV zi=@gcFY@j-x4L4H_kjpEnQ(oI+Um+h-p2#aMOQ{{g%|05DiM3#n+C(6spx-U_1+HF z6U22J+nv1xltC9m0EQkZE)UPPU+ktX0%X8mifg~-&&u+^;c7$+{8aWhd$6rpu)IC% z?^Zq$kQrzU)UgFuc+K3lnA09|oo8I}G^vI|LbK5=U~slA|2m%CdcULYbJVr2T7mXd zDLB40j=GnzmRjltbC?6Zmw4Va*AaOGoxIykeW4?RbuY(&(IwAStoDHm+YeX)ybOx? zT1=7agc!|CJq$)UL2hnf3{H2dv3ASc`R^Ys9Yc^Bu_w$p|L_-aZLHy}ajo zjZWOk0wx$5Np&0b5V6hx?&Ni0M);BP3R1tQ7DR1sBluHYr`e}odh_b!b>^z1Se<-T zhMTuUxXFa;-&^74&jZgzS9(`zQDtp5_J;qhPJJ3+mtm(qofr_;Z)FCp)u-*D_8fmS zf!MmEi@U@7n(v6GZby{1?*uKgzex_*QSH>JJNloE{sx)#qLI&(L2MqZJNmwA|ER0C zoAW=n9N+xR635!(F1FM~_;HTE&{7w$o%J0vFzIo*_x=7d{yCnvdiB7#k29@*@YL@; zwJxsK;zSY-jCGz`i*74*M?Cle1LIIk^bBm0NZ1Gap`;B$<@{ln-465@r!=vZY8 z3C9r()xE-eUXl<`Ln13@D$5F(XK$|iJ--KH1Nx;ug{37v39_06Z?}I?ofHkKw+0TX z^#c!*(V((ppCux>S`R95r5`egOa0VkKCQPL$4?+~LQ(X9Ce<9a-lDHt?<1AZ1cj{h zKT}oYq&%c+>ia6+5nSLW&-Uws>H2|Hwkv~bIv&`g`v=oAQhpw40m8v#X&|>=tdK6;Iq*yB^!k?QQbe4i^{9|UugH*S_*=dC1Hayz{{j$^ zYbDA)u8E+{Z4JL49_}Cd%S(Bg^;=CXX3tuda8@S7O;{am3C+De0j!2R5M3}NW>{eH z69VaYYU@?Ly3$uK`09Cry~EzN+*iwZZt4j?=!Nt^e9$6B1pPI~dCw8=I^({u)#r9x zj{nS7pTbA(@Ev^|uJ?6EJPi_9$o6hbDwj7>yXyO`HWr-%NkSf;Qv+qa^et55wim+j_+3k3dMOrn~4$PteGF^fGUn|lyVsfZ7GpBp`RG=TFD`-A6 zO{XpD>aUu&$Osg@6=q&PwU(V_cmMg0miqVpVtszUoF&p}M4L(;Bj9QfWa2=>K9g zFjksIzwPo3)h+u`|%C*GxK;qZJXmH%&V$QD6Xf(nf$D}fYEt)jz@ zv@UI~?iuWn*fqVt zYXwQ0EN%-YHXh)5O$i6bG$z!EL5sL76Hd1G5ZmP3o`FPMjMH4wD~?2Ct04#hIU8{48e@M_tz7EHJ%+T8paQj{9NDAA{*78L z4r_5*%p{4|l3*|6x`J;Ks-B9G2f>*HT5{}(S?h$Xd3-kcall<^lr^o1k{IU@gT6Gw?_~IE?!=AY1`q%mmuJ+nj1?AEy_HsP zrhU#_mT7n+Z7u}7sb0hm)Yt$?>LTvll4xycNj#o$?#l4!3o`2LjAaeIAmdz^aa*01 z!&)iW+KjU^gEzZIdA98QwN zMcUD{O)HtFBJju&>PX=JCtcM4^*+^o|Ceq9($AqRrboVP z+9?^&GZi{CgTzf!ih`R!QAh*DXC)g`c`|yWvDg9O#$x+zj6(~FSh4u*H(-(Fn-pR^ zcJjQT)JSxw=V(Q0D@4CrTak9ciu5Q>X?^nu0UmUc5!=7X=)vUXdm4!*4OxxDyz>GS zP71g@eFU-()9I*aUxVi)TI_;dEY^*4@98X@)Z9!RL;SEn<#&1o z!w8d~>)kNyBz-imUklo(C^?`6If)DrLb*oSXAH)kF$lK5%-oNjP9|Yqv5g3w&#(6^ zyc~=BsPAi9O0F8enks=~(+{Tdh=OGq8JSl-pdc*KBz1?vD%Kv0J*+}) zbCG}`;?Yl)gr6r_eyhXJXR*BNvYOBGJ(k^AG}6oNEXV0PF4gznulMw&K|g4Y4Z5=! zdkbkG*_r6_Mi9f|o6RORkU)0gqfb;1_C=g_Xd09#t)TUQ(rN3EzOIQ zXF1NxbiN)UPrwt9vN7jYjWLpWH6g(!!M>k}_D87U<_NDbJ$+Y7EtJx6lw>J{Y8UD(pgQR6Ht=+3Ef?c#x;e1eY8-dsO2fIB^xiv-B_{?jnNG>m^3>T|>R#PIX>+xo2j$;*bHwI7d; z9yQcMhVch|{Z`KO>Fd`U{xeuYF&G%8>CCZz2WrA_Y20CgA#1EQ{fS_^>pyVb>TBEC z3*F%`^oR?y?+aB(k;WvzE@|J6Im@|CVVCLT$;ORDC=j{M*A>&1w}2N=JR#dnY2Aaa^j)N=V_2`2DfmO(7T>-$4tulL35^@Wzz zi3uD8pV=v=MGVy}`Ltl}dPc}|Ty=%P0NTqyyShckSSS0DW;)a>+Oqpf&cN>fU;>+2 z*4SQU!JIKjsi9c1NP}5V=f^eNtUo{S#Kriw(IGuco$@YP;09cYHtd7NU=LY#(sqVCE+zuSIif2;L<+H-f=r4LsV1XsR&KUQ ztIV@U%AH_XhUj4*i-C^#rjVaGq@V(@qh0WWI|)q^;7O$vB_w&FvC)KQT4cnx^0*<3 zR63hln08Z3K%k*|H^~>w?DJ->+w6k9>~8Kr3W1);=S+8nIc9KlZhi-G{B1O23#+}0wf!Wz5*6ThE65vt4 z>#TK=-`vGAbf4R*!p$M!`k3h4S7N}qPojep2A+%VUO3>cQQ`hi!u2X{9UU98f4YJ% zmY-VeCE`xE)tPQe<E(#%=J)tTAG%HjHz@B$Wn5SPl`9WT9D0?ioyGk` zO`ffcGt_KI?V-8+&wt@^ZR+mp#i1w4(dJM8CcLs&VfoRK8-#yEd<5Vcns;2=8AA$*$lp7GNIjmLBRRA)OrWjU(Vo zmYQpfaCv4AkSdoF?zKPKHyo+x8DzZGp(rA2y(Y}R3LFPF>C_tCZl~Wwe1Z`_9Kf*RU3u--NJM()rlH>2uq#;vIE;9{UOgb#p1So=IDhq=y>T?zuOap^Ng^&9XT* zWc%i3bYbMUYi?~?Y{o7%#u(uD$~@$@kdWkPAc!0aQZ92f^(GBqK;VnUk-hrx=scI0Ix6K*LWroq7$A8gDwD|bfwB6+jDSs(<(jG&d zOc!r*di#*YA)bkdKnkNdvHz>tuf28Taz^iEkFLgs0Lc7~QS(vqIgNR*v8ZPTN?9SC z1;ocxHjlDS&u3XEAc`1b*as0L06Z5jM|yflpp$gaGjm%Lu2@BYDh_9E!VK`B4&uzj zdfV{tpF+%$4qT6x1n~lH>^LVW^XFLkbD3B`H-|ewXTQw!mYeb-Gj*{k&oNWyn({O= zaXS1irsidq8;b#vmDK2mPv8>U1}{Gay|!c~h?ayxcdlRlzT)LG^~;CF$N3M7_>6Cr zpv#{WyHJ5)5u`|FnlD76#Zxv(4C|w${0FjPE_mJc)=`)cs#4( zPh0+a3(K8u@)bH_*VcjMMAF_UtkaNqNM6~fLvfmPPL1o8*iVC(m&6#P8p#wGVZr3p zCPk|V4Pno%*ql0x!Cf zm%A9lI?PV9%j_P(y*cRw3e#599JU0$#>}aL9nThR_#$2Szv{v>3=n_LRG7|x;cRCU z%Be3m8N=l|g`j|zWD;eZ@~FavO`|C_OqNqD+!1>(F=AJFO<yh}zv31Pf(MVHwLj=4qet!bY{k*r3El)f%qv5#i?i=-e^U(dp4< zOnB+qfw#AZr@F#*=Yaj_%&_oG^x){s;P6a$xQ?!t2i(&f?hjl?zm3iuumN<;-m`Q^ zz1R24@#kzbM!VpYl*bY}(rCo;+HNI+;eLnL{*oKKOnhA}y|C;xls&?jZ+Qz#McbSXcSuv4+wFEY^|@{F z?)VV5$L(ur7}@4lMOcQBDlz{B}ze0$DXs zwaU~-p-dK5*?Pn8G-UJ6=DbYXbUDmOnNGWtiBG6^{4ceXqbq_y&QL?}0I|_xU*u43 zC>fV4RUj2gEVf(_t9mAa7BdwH1RyCh+vMo`XUZpyGo(0E=EAjmhNOfSn`9X3^(Y;J zaJ#)1qh(qew|{i~lf{G;khIn%raIMB=s$cz>n4gPnd(F;qkX9v5M=D?fvFn`iZlp+ z26U@w^acx}GF}hBn-ouL2t01nP4O3KH{_y+nP39T5HSO$ezkR)waOB!t=xdMyUN-v z)_aqUF`~yHJwn_GS~6HG-Z6t(et16TmUoMoS8}X$$%8P`@4(Crw#*nlsZIVw z5MvdK-72us|6Uk7i{avZ{bBs5$LN+jBcurgr$KU`SnMALlBz;ss=x3;?U%UPoDrH> z9*XQOd#(ZlsrN1;wj|xdoSQ}@m5Kb`_Ksc24CK)43sjZir9Y&_3#>lbXym7=b_4NQ zfm>*kCManE5kvAlJSF!9Pf2s#p`~;V1Rdb(Fi8&xgg2A5PJ>_(YsdVXmoKA7;?v*c z+ckk9UrTzp6}R?6WT%4MclZW3~>H<|u5-R>SUwmQSW(sPdM1U;Vk2)lgM zD12*7JYxrcWY7$IN2dBqWY)Zl%(n#3N+;t!Lmv*yg|Huuj^9wQ|DarRqH-OCf6Hnq z0eIOyDqOqTOb`4O<~7Dhz_MdLJ-iA7*+DN_)A| zrTz8@KF$fwQk3?508$%4&uYX-5|o4E6(v1eq07|c1Y=)R(xWKpe^N?#g1MA(m4@+X zmAjhU7t$<>xu@K(znFxzW<()ux~Jp@Q*1Oph&GwV(5Iy1&CQeF)ROTR(y4Ti@-)a=<&%|5OpwX|_;wfXu$D#$^omcl=(aMP?! zg}u*Nu`9AYhW(h4mhOW_`T?Urpzt^8?n*bf8=v116P>FJr%4my2`~7#%>2KGECAFmsyF*l10@m_k0Wsx3Txv{UzNrVdp65&h zGgY4~<3zcA)XHNFQVCf9Xk(u{{|-b;a){iTOvi zh6N7?celF4AV4H6xI?53aHo0{9k1J(S*ElH-a4zbM3Vf9pIK7XV&U$3RAP}#S6{h<2SM_pJpKQ6`3pT)r4}WgkS7|rW zZC~|~{;E6sziL0+2zA%}bJR55x-&Np{5tY$cWUwg*wf&C+VvSc#sMhakcG6`|NHc2 zuzE&=V-I-!zyHE#qA$#CHj5AnJNDSO`Xq$ z;(XT^E(gGkdzc-($BYf0*yzm;*Uv@=neZT5yBjhCJ^U|c;A_g{|VsQg!QGqm0xSNFyJ7vk#Kc*lcrxyr^<-|LZs5-gZUVX>rTjl%?r z9E*oXz0Q{Sfj1P^SJznaX2;xUd*JfvChsyky)wSj8cVLp0F6WrvQi_yqpR-`RD&q` zNmm(8cO&Q(Lo`u|x(B`rMJBd_1iv-v{JTYy$H^w~!^|dI5X;eMgi%sG#(Pp7Ya7FW z1(82OSW{>+6!Wr0*uUOtuX?T8J={7;n7=^0(r~uuHm<}QnNaae{~8kb4-vb+FcR~i zo-PV3c{9LD34zcP#m*GwkcfnglyhZGPSsaB=~IuuP!wJ#l)gVGItq<$i1mWb`sYHg zk>H6vGK1G+^hDrq^%JK+ln#VDfK2y>Pn=|OMNc;O=_hWH=SAVsq#^r8QJdfs4FGsM z4g0qm1@{)mx!L(wigR%ySb@WR^K!>n=HylqehmJyo(Q8a`>n&+yv2cb=&}&I6;T{W zPmv(q5Y_3A5-nIwjz#ruX>g}b>{nNk5iS-RiV<)dxoJgjniD7J8Ie%6@2FcS|Cb_m zTX95K6CDHUw*K}R_?R6My>o=zF|6D0b-u3KO~vo3K~36L#rw$^1n!cEv_aE2VBE8g z_BU~X(XmeW!{c8`@R&@rB|7HK#K;(J3v7Lsa@?YCo2XUVv1pww{f#2NUi#BOEtnSX z^gGB3yr?wXXt(5#Qa@<5oV`Phm9+9!Y;Hxse|X!HR=G1xCP8P#*>|BmQ5H)zOr1@9LMKn2BBd`ltz zr~dtC3fPva>6Z!}D+~2m>MO0W9LeN#gZ82|V9uA@(MbIz-fVLv8qKW=+3yP>@0FN- z`bqi+=(td@3>Wy*7B$Ql3n=Xd2`s~HfvwL{W)KrHZw!Ocmg;P2Z4~BuX-xx}eHzxR zj&OoI)4tL?!xm@S8%4NTq{2;R!1~1K%9iL#F1&JObnb%a-1swKZF*OWhGMy?p}G93 zgD&b2|4oo8{cA=1Z^GY`4)KJD&jXUHIkvJq-axE@*7bPVOUlJd%T{}FZMk_}+2Z_g zt0~=TYLDhVg39)-IajAsCjkE+G>gk{YiPYIrGA$JUsAT+ky5wg+|zz>I+)|hK7Q95 z{*E{dch(I3yKB;oj&qaVLT~5ev-uOn(aLn?=2HF^^zMXB>zEpHn7EC_n@c5{+2CYV zVPKOpv6@Bb%KB`L$Z^|H*OaWAO9qPI1fy(D*tPW4@(Vnzgb_OM@@4Ug&Kvu`I7v#U*zUPku1 zD}?tW_g&%aD931(vGxYLglWYVp1VIfNUg%wt_jTC z_~QnO;K{(zjxtJ~c|pcomvPo+%nLJNUdBGXe{IH1=_?mznyzb@dp&+%Nycjm{FzjW z0f4sxsUmN}ouq9^MxBbcOiIfN*JsExg7RV_`69&KxXiTHuQtoplQQZ=?rXm@<3HYz zy0l?(q!d}Ks9?=-9gdSwJ9@e{mWdH+>vV!7enA6|Rrd>H5A}#P*zmIwUiTltaV^j) zX(mf@x(cnHZX)CJFG3mmFmW{ABg&f3GSUPPQE4}W)#9+QLXHmC??=@#Iy@Md7cI96 zNRZy^1%&oX3B{cmd$=;j017spYcPjN>F3z?L3w6c0) z?Bd4ZR>?7M4!jov^ZCHMB|y1BxKG8rtDwe ztz=*n&b<|PO+}ko4I`5?JIsJ?@JN8R=bAuW9pvZ&!)41I0hy4W-gdU$F`fwU=#!~G zR{R?)=oPd!>`{sJI>$6HBUH|IBBzDwhbeNQ*d1BuV~O0uy(I#Wo}!ZG(ZWnjSldmd z*y??~&BHqp4z3Dxj+vp3=$9fF`nMitH$$Sqoh0?{O~}e{?H5FwCuMk)L4IB>S##x= z;rfK=!eh~G(Us_~!YWCxSR}ztTqXSG_(>Aez#4T47pQmHYhRiT+^ick zmTsz)R`P2noc=UN+vl}gqx^9=LgW)-Ll$bi?bogSzh2L;`Tg2TVM_y@Ni$D43F*Pr zhtdW5R%IDlA8m(6z3?~2Pt<7RLZZc_@i2%&0&G5h+i7&kjoQEt7z;xNvSo)3Rl9^^ zYra#mpOD^gruO+PBi*q?DC$IG^i=l|t$7gpVG2TfYBFCXh2yFmE=zA@)gN*Afe^i#Rj*KM?KkEKYKxmUH2EJl;yb46 zXssbSv|Kw@?u0&4Q=%D>PudR&XZ|%c{(H2eCO3EDXm%N*(i1|?5-%H6iqe7B#z<9U zl;Ym|VAfsS`)bnda}D6_$k8x7W68MtoUfP$d+c|Z1O^LQ*U?G_Vk zpSg=O-y1d@OH#rb;Z2a@#QZj5b6g%bnrzUV^G4$i6gY$NIM2x;nErZ`lU7n!7#?9~Jb~gS{WuJ#DVTACAn zLZ;Ev91Nq~-3d~HhU#C%Z>Yb-**=tH)p~HDDkObz3MO*s<|>2NSK7wVVn+x5tt!8x zdysatzzJx4wFLNEWyOP$ZW?8$(t3WZ*h=I;8dHDtz=5<6I`qQJ3Q+I`r_yifZ;FOv1@jk0PL2Wo`n|+oAR_qWK+`k^ zMWY5`Dj}5TbdKTTEyCB z>+7_6*QN*Fn+~l_2bZM*WrVQc$LV&ixit==rtJpMkKm(Nc7mI*65o@|-<~8-B!NlA zi5N2r|wmnJ3rM0$Y$pF|_w1aKW5Jdoy1 zyf5n4Ybds93?fzyl-CgAQ#Mnc2h;RraHW_)NuP`&`kFkW?@{Tv*O7x4#bnt*e^=EW zRp0(W?O`B}Ylo2S!uzWxpTE3R1 zFQt+7f^vTkmi`|8avCwSKc%c+QuK$EdsU?@qkB^B*D3m0%9*XU%JmY{4hI#_S28E6 zhQsF}eoYoolarg0>=h*1@Y}<`ll1eXsr|mcqn*t3=#T$x|IQ@cnlv{i?O~y-Gv1c8 z9qp*=?_zw05hCZ;_Y*qmedqG5VwE4QsA=zFF!0k9^Q(HEE(41nASA`Q-d8DD81PKi zPa7s|*$&!R#l)>9h0r}v{Gi{ah+{V~0ifgDPTT@b!Oio>F!--9Y^4x(dR83dYhkP( zXgOs7n>ebWz=gDi`_7}m{(Lj>7q1i-C-@s-e?G6cYox#N0QDD775_S;xK%uFQ}Mii zoBkO$v9%h#S1TSW&ac4PweS>DNDvxg#8fRp3S$d9P?xY{8A09pQOOo-h@u$3z`hJl zmJ}w1FK)p^F){oZ{(k#pOy!u=u_oYr>@W@_tUH-qY5h}Ex*;+t>?6Jbp*e7KcAyGx z(h7E8fQzB#!9`y2VJ5XRqkWiRpJeF2GW`1taD|^|j3+blRM}HF7uPCZ zYeQDamP+R=)z#h&S-LUHp3AZo8SU9}T%vB!L`cm%^(ri~gs^#}5s*yugm5+rGfsPhbwTPW3Yo1Zc?*rR>i-tdmXb(& z@8dzue{#cyYJ92 zvbBnrvXw7qxt45=WXffEEaD7DEaAk>RKBTtD=?g2h?vG*=(i9X4%2|A58qDBuK*wn z@%VY-D6LDy9oaNq{NUsyd4#i|G$J(7CDjDH02x|{gWv7K5=SZmSh{@lr*m^%@u+Y*AfjifL7d?>-h9&^vZYb{ytj7TQ z77fp#+JNBM6kJ5Oy9!D9sX7o?NnsI#*h!RC7Wv}V=#3Ee>P&`G2SmDreSz? z9U9*;n7UeblA!0TA?_PsUyWRbj!1Pz$Z`;A!32|UgoQPLyIAaGKvl~zAp=LODY};? z>d{jjgQ;tL9`V9Stu#?`Co8Wk`=^%rh*UgGQZ3;5uvkwrjIhC&s5g8k3x?f>J%I%SUPvC%i8G;fzo*vd#rRGjYO~eaOtEYXe zH8yZ#b$^=02-cIZFUvyDmx*v%6WxIPvBV=~p|8uFHW4wq0cw^g-=2%?$f3*Gnp3r+ za<49a(8XTe`A#43y>5P8CO^t)ALk6r(I$%RqGD4{d$-K|xlBYWgNy0GkC z_eQQn@qr3j4Xqk2;>IK1K^u=1kNgikXy0!App8HJ>pP0auQ!(KuxHN2Rw2-| zLCGlJt8aOqqs9)!(yF%9^h*+>OgG3bCX%44WCzk7jQ|%7sMlWpU=qQ9!Dwc!Cgm zA^_+e>YNXp$uDZn+(yk$2@t^%TMiT}nfWogrY1RMguIQR+oFBda%mNPw15=@VMMkD zGm4;nJh6^dtY+FB%vsGWKILxaJjIIpB3x(}(bFI3-18vwG{Mh)g4I2YMjO$@9gM6i zhsw01oL!A&f#w#Mvqe~|db}JSxmU_{n5e3h9dcuNq!4+W8uKVTf022#VQ6r~5yR;S z!FxgQO5#DBsWbwibqp9%(cm;y;)l}-!;hsWsbHV@mk8Yd&oM0hNtJdYJ&B&kW>nFc zRkS#tRYhl4(Tg;dfj!D&npxTkR!=qTa~{0dkO0!dpphe7wtWR$eDzlDkmc;Hj;r((Vrt`7mLvvI~wqLL@?FT4b}0_>}G#xnCwMB`a{`6@rLHrocC}{8b`f zBdin(Cel48v(|CE71w!ysN}3YWcOfKnA%Ffaohvfcmf=bgf+-|{BIqR;FYVBwe|oU zrM>15P=d0P)k}0&1m+4qOL)ZbRB41gOiQP7YV2y^$95M#4tR!|XC1)X+zC z_gO~SQSwMU1?{<<$Q6Xac4JrKIPJNJNFY5X$YbqcT3Iqh2jLpm5{cn_yc}otF%fbm z69CF-j!dbfFv1uXIZRCO_%ZXSyqr3p5)AW^GV()(Qqldo@oh!q->_LJv%8`@s?(c3 zLiJ@On12g}4&&<$ByvcoUN*3mOs-@@h}1^!q;yQ%<}OSKXm zBJf)TtNN9c#}rv5{2Zo05?dg8LevbZ7#0vxQBjHH^RE&-9^{0Q$dv_8d0!lBX2AmH zGeUx67`g_7dUFch=N9O`e30^)2&BzJSJ|HzKjrz)d7+c*kb0`4v0Rgi*vQTXj=dpS z6k%l?y3&vo*2Sc^w#Qv%CqjMl}l3`h777fT0c2C=lT-^S92(MBYg zkh&{Vwd8KxOBFs8%hjo9URjC}OGjFtD_FDhzzzP?=`8rF3NcEE190b5Tc1?HgTycq zy9`hZW&gO_^`(&(kRuczgCH2V1h!kXatf54zX7JP)$BNOoAi(5>Eo1Si^2(v{nv8V z&Yx%We(2-`w(TBBWr3C6&q%pMZ2|)nQssz zuLbtFW4b45-$|@hEND30f>Fl=Rsk*=lRFZoXx(3ngZWLN5h8#HppD|LEjSJKuU*p4V`xH3nk4}0S-%A_f|dH-&(0C-Fbqy=1RLy+U@?qf)zHGL zF<^bB*%w=X4a}|UEh9XH{7*1GzYH@%ndW8L9zu5zZvZfCz?c z6zfR2CO<(hEk|K5^==}ODcU1&F|@$6pKcdJXuB8$X$NMD2>6Kq*J<2?llF2V$K!uu zq;?IF^T>a0UqR^ngOB6OR?CzU+A$#8jkhb)wgy*#IHh83ZT{X`ZDp;37b!nhrw~nUpRP6jT`L5jS9@wp*4Jte)hdi}<;S)1qgwQo->RiW2XCwu8*0&0ZmSiZ`(bTS z9t|m0ZU2Y^yP+=Xpx5kX)KOtoL=SM!0uE(rvb#@7+H1l^`ma0QPg+}O?xcXuOfEbK}L2X64uHMr2Uh% z5JpOrAOm+q*OVq3WG$Ldi71s(WDjhNKTubOMwI!WPP|_yFn_mh@OyQkck8tG)H+J1 zLm^6UtFzvzquc7tgXdf8*y=h23u`GY%$37KnG5jfrIC1C1&ru75ssuB4e{%R z$Q^Zl1z}dL{a_t}EY#Qq?`m4%(h6|+oKBbM#fS_fb?S$pO1^{A!^JC9n?sOf{7eKd z;a|194xcGbpMlXH9c3l?Q1D^C(jx$92*D>OFj!a^XUqc=W4BX23{D?J9hIyIZLC`! zA}f&b%U^{3`KM%gs9T`vW|;G==>$Ew1!wY7$mbA)Elk6#3V19d_JvrU1WmP=B}ioo zion|Sy@`KFAYoi++Yy}T0wyD2`tt0t)+Y7cpVZ(+Dpm-k+(Lq}yZM#DK2Ra3b+7U@ zS@t|)4Ghe0tfgI7P_`Ug3zf7F&?*f2{7uAjRo-Ad!ayFR?I!FqbP*QSK<_QgTd15Q z2U!DUOW8Ff{XRk3_?AeGJPR2#x%C3kMuAK1EcrALuiba-uvvbfgBbKgYqaOn+8y?5>w!imwmtMk;cxC6Yp9#aS)5 zM|3N?Yxih*i~+$sB()QYYZQAx>fS8jlLt{HJRfpHz4l@~djWE@_Iy2iuHK;io~?&C z-^;9!GaAIQ23&G^!-eZR_f2a++#^7x8bl-&VVZfWURP&NWb5kb5_R@O?fZ2@!k25t09j&Ly#o*KGG$KF+quL{@!SJwvE`r1MyV(!8dY{Ddu4!E|!I?g=$YePL9VpGw(FD0TzRAlaGFjhCnI~u?o zbz_5jT|?dV4Uy{_#PtpCwGCZvZIHJ#lrL*=F_z!c2ohp6EVHBWRj=AsSeFV7!6~P*$&H{_sleN2X|?eOWV5}WSW^({rpDQmrPF>9yRctS zp47P~dLG`>65d2H$vN98kBr6BUMwz&cdW~c>F?`ji&(d)S&r_3SB(+_BrG1X(adT! ztSUPI@gohW*{7MOIFYm#i-O-;LxI4@>1xK^jdWEbwh^WwL>ws-BqWi!#54~ZlzH5iW1k!Oo@ zROuqWT~~RcGb#Rl0|EnSYH_1j)F?1t&^TaWBhGMstQWf*^6lPaFKD=v;o(KwobFI7lmp)ic7>*c*dU28z4|ljG)wvLZ0-(FSXCLx&xx#$PtN zH`c45IKOK=5<_GkI5f97(9Cx##QI2bIiYW;+<70W9`g{D?+aPNll0AE2YMu(t~yY- zmlg{C7dF$T7Da-)SAe^K;ULb z1d#HfRDs0<<#S(eH72vNn@niH;82bBrp4rF|( zl|!@`D>fmnN<68_;YzN;G(eAFDM9NAxE(^ksJ~R}_Y$0BX@gl$>au}>79-FNv6{h_ z2UVbGvbk@d`k7im3Wewe zmFK6A3iRp%8NMq}$7ELtMRvV2lqZ4gEK!;EPDBGdQA#u9zL+HMCqg?CNKPF#36I&Z z+ai(SM@jo-m7CtrM`^yBgb0T$2HphY3~0)fY*Sa!kA-C*E)k(3^`@u(`*q$;+Rx%T zmedj1Xugp&5Q*OBMlJT2!ch27|CF!J*YBwg>EX)TMOPT1<+Fy(Z^3$cksUP z;_#?mhM;BVgb-Rn_!ywLQFky!L<{87espkXfG9`cQ&NWDDx!8DgNA`15QC$z?-chV zO9h261ALD!moN0dc601ttBuO_rp4*(xR@2EbK^)Uh9r~ov1AM4^r|?!5~**s4+^jx z={UB%Kz9~!?4ttRRbZbM=x%J$&kNdDYVV!`{l37yE3^pnt0>0FFQfF^DE|g9CM^&! z(LG{L5rT^WrxCVumCP8$iwSOB^lym96)~`sQ0Nn&Pr`(Rp&jdekTgYEAwuY`CY^Tz zowQ1^|2(W_<1nowCkzX;G@!gnP%c`fgA{ntG=`#%a^onE&T=b9qHI+@W=DBBNS7P> zk8%`#Ii~!5Hm;@0wpiv)I_3X2iER^IQ(vUmIXgWpu$MI4?~%1AXD~}XPT3<=J5ER9 zxaX*N5oR~}2z4BDTMT8sJ;vVybb`GbqdQ`JdyMXkp)7}EKkWa(Rj}vxf6>l=y$lN^d!^ut;EU?pz7VA^M?uc8G{&#T zldJ8G*w0^zh7T9F$9g^!O>8Xm_$<=%hZw9=3h=i}5FhP$8n0pxGVKAP&}9vLKI%pT zY6YOV=s9$P3ZX>>PzQiYAZpRKJVCI9s||nvv`2$LUc{Gi%9Z~r-fy%`?#d<0c#Grw`4$2NFAVEqU1{HPBWFpc-^aP|2wd__^ zxymppVycQ05`k7^J#F_eA~-UNAq5thj7?K%&Te_n+JBF*TZ0nINKFsk&3fz^5+Bnd1?`@4cNyiF=Pz? zBWz$QEprBfLkatYA`8s~N*;yRu8!70ID@SaARzfPd=~ZS{tb;>-W+uOoT)v3H6!0N zp{xC0X^YKWP38{?HD(=!*0;>hv#fLN1_TONJOg#}Lf#ym1YDkvjXM(pNdyz}{~!#a zMfuMXhu@!+$Ghhk>nF1^ni@+6@t%^X4 zB*S=@Td697ugR4ZdN*J(ARAcm9`-=PO}RH=0CBt7NlhhH6PfyouCI zA^`_!6PCTzItYFA(Xu8mm!FFGMe+~}QwYN)5XoQxM5f$oC>7O+0;u+3AnkqJhlu_p zf{$P~!f0Vr;|T&LZ+!*n{!2sbz*qIYX@Z9MUn=*4M({<h=xNdhG_Hbm=?d_~gW7YGvXjwW>uJ%N}%(fE|! zdx7xu1&y02$`o$)^UyN7LTqnATOUrR;GH0r6aYkMMsq13CD>TSYnxNu!QBKg)i6Y3 zdWM1yHwah)+@;9DLt}9m3g#n>fRy0+Lr{GdA_(Pn0yFGpC6u+Jd(#0iC6If%12!@c zY(^mV?rcs*G!~^U5CzS|jMjP)rM56&c6<0iX1#%bN|fC|%j5ChK(H?3qXG*tU5-g1 z<6keL;k~tp7q%z5!K8};7>IE_ijR48;9;(~<=8zKlvP>cx*qIkQJ(^8uwqP59sG%8 z1kkXqddmk09}X@Gw1Lk-FE9~KVHfxJU^|KulN=p*RNdBWnFzH*YYqqOzXzU0EFk1w znl?egV}Q6t*$RUY3~SKnkl~P`vSwhm0t*_$QKj&mic3r-XZ^h-Fjd45q~;++4Jepq z5@KG!J|(abA@E%YQ~e5ANfh6X1kwNE#wYi#b!6 z(?nsqkPTobYyE|r`?&QpN8E;bM}+zNvFjcm0D5tiip*yz@c3hR&oqx9C#4C0j>O2= ziZx4x{{(lCwMCHY^F>@Mpsesf-OW=5|4mCKHxBn%bdKuatq|ssG!s$SUHNY#Wf= z5Qv1PMdW}`o>jNfUW2i(0)`x#gl?%QmXN3_5e$KdD4Yn4$S zMZ|AZL9?n<0MqnK(@+0~R!^_lq<_DW%mK*M2z%4as*Fmc)kvUDSSpS-ICe7~Qx~xBr7d3bpuoL42%rHA z$-~tJE;Rf#1S(I;6--W2P}~JW+}fad8}VMSHz(1m)YA^c2qppcsDOSefh+1=Y?)nQ z`=DpD7{=Ki5st4+c2RRpAv z!@vTw0i=@we%}lxMGToi0g_RGQH9l}I%oTKy2vJr?b{rGaWnB3%ZrQN{>H<_jh)Qj zYV+sYEr0P!abIweoeJ1}8X~NuP=z@!*fqhzTMXgnkCB$rW_TylWQ*Q9uFL4w@m`xYR=xsr-;xdbA)5|?@KZjAv@Ve27Rqwb zI!BJ5E6eA|)Z4P$8?#4_{#KSl>#NanFFM3*e#yzvv(Aubb`7$2ZwPpM(RHKMN#u<{ z7ZJHfrdP;vL?Ek3LHMq)w}oC0qNah~fD+_Ql>@aQ@S|aC0Mbl^kgA6b0in(%$bVhq z6-4xi$K?1YWqD7l399!Htz9bEW!G_PLMxzm@2~ zkCeG*A%Nm+(#nr6(G!ONM^`RSi)X$1%9?a*a(wADQgWoOC*Wtj44%j5D7{QQ+0TSO zLTJ~LO!-t&b{k1Gf{402dumU-ULW+fC8SEC&xIQ}DBfalxIISfQfn0fp}S3N2UH;A z!lPs3qvc3H^G9!V^3qa>k!7z#YOh#mrN>wHFL%rCq1nSTBhaFr;&&26fIP+L6c@{j zi&6f*Mt?rNxU16ND9-=tuU}C-;Q1Rr6*pr3#wXaQ3E1N}JP5v(GQl$FH=+<=HJ<3; z>r&z1fd65iVhpgbt~f{4I`Y_JzdA3$Dlvj4K;Bd2_{zZI>EJqQiojgsv16baaQ_;O ztd+O1ErfqU5M*z!O3$xOgUk2<~Ip}l9v`g|7Y^R(R|&^>8jEI?`oUsO99 zp%!x)THCjTH}V#J2GK5sYJ)Lcg#h*D|3LRW4w|d~Ss^uMqy^sBq@kG!=&BJ+VW?zr z@KPqBrH0XUBmTq>6;LqkxRnTklMquSa=s=aeV~^{FlEA#m=ldAoOslWBu&pt9#dLU z!V&dLOB+jCOWR7oN8FqBCVfaB1Cd7SXh6gC8Z3X#|I5!8i_TF}Q36ttb_ZhLx$?*y z#*;d%Uus+eIT4tX1A%kUZ(x_l7eQBj2lvDDw*LQkKlN+@j(=i&{#MzWhXwjPK?7^h zKSdxPR$(ghU7R(vHDtR%lE9dc@ih?mmGFV;UvH~_4GHvFK?9q>lmn<1q?8Jvc$IKW zF(M;rLfCeFQ@@V?eMERaH0vGwU1WE(0_G(c+54e+v|;Mc%h?=)_R=34g-ElzgH-kc zS?n@#$?9-%@X+oI!^N>GEc~HFy8~N^+dH>bVyooVuvt8I8@8Hgx0}OyaeKKsdSmCg zH-!sr%`5o`nmZ*&b7PyAXuW=*h^SMh${O^a!!Y#sz|;*>UrY|ffg`Z&3EwRkUC_s> z2-n{ywNK)hVw=I&If>5DNogQ(2~Gl;1kp%84c;IaQrciw!_w#R_B>2xLn^BG{@=sX&UNcU9YDpk6DG3xfm zRW-aN!~X(N*MyLGF9|%! zd!t@PuVZ`}++^YkCKjqC2Jr5@5hMZr-IjJhLq;RAx1b$ChNzco;xKjv{sPV0#QC_? zvmJ`!L*PWm_5^=!tc5p?&s8xiGYO)OiR*?I(!fsC7!!X4io%S*)at#(cu-sp9i2qr z^C%&3BL*d}G*UtGF05n_yI@WF7jt*9vs|+~;<_DEKn7Q30iu<9Fdd;pf=~qiM4D8U z?+S6_RFJt;N*&I~Nk9~NG$HGWt@kT_+{Y0)4QU=RSg@KPK$t*w#Dl3w;BTOeSpj|( z4O}k{0hhju#G7zj0N^OdXbr(!MRV6rimVT}8Vy;lFKOmAf})Wj`nuP-WXeKpyVY*jfs; z4Y%d_KvIw8wsCDAl^6A ztYMm^26WacK8vs$Det8cw&w}x#vwNWkftWQQUe^Tc(NBYWgD3?ot%p|X!2WC&w9t^Qk7^vSjGlvpj%qhQ}nKv>0R+iK|ROC4whJ(InlI7|V!CLP( z5dk$aj6PIH0jr3POJPr1Od^X^Q=Sw{Mu!Ey)(SMKWv}64KeP8S?OKS0(P9szsc>7r zXY0lfK^j6-qzY6ygw_Top>bekVi%`|+8(f#f!j;&m{gAUvDxWj^C|z!0#Y_T$*VuB&gTZ0DH2~z~PGn+-5Ne%-4r06MQL{sR;{4px$_v@r__#2>QNI zZTu5(4ayKQIfC=WlE4oV1_@Ro@`;7B5s=7zhOgJrGPa?TA!EDFc}Vt+qXz&DvnF;h zH>UF}E0JZoU0^Nt49;eApJWY2z?oe3G?7pt%H5tZ6+fr~w|6KaNsd9}GPvvihIozB z$w1Y5*ANb#S1H0!J$q_Lh=f^7gq{KmE&ezR42)lKa%>=Q2f<^iNHM_{5_s9C5ft%U zph9&5vR%A2O*}>SiFK4b1=O6s=;zPd*3rQM{uD!%=9sP(fe-W(Q9cl2i6iT-WbN0p zAWhRA=oBiUff__5*<@zy9ZhW0_)D7D1V5Ny{V}MVtiWV)I*DfKMbZ9xUxt>Y-t8%c zO$cJVkH8oIzG{6Ay2J$98@_$D3adtTa-@_43a+002Bllx+EMk}5WmwvUm!H0 z8ik^edRNIFQ}(LfG=0Ek=&FX8bz6;5nx?s%qt42RQ3C5el zpeuW@QsIOKjQ4lqHR1Oa5GDoulrH?&ML(qpIcKPP*t=n=nKIy9be!kKyy*YXz+$5Z zg|kXWE40n8NwJOU-ykCmLJFeDI}$@L+j)1D1*SM1UUY`xt08Nv5J4oU!D&5s7g&PH z`GLTBe)H7{?toE?{fn)IJ(Zt`4q+J!ylylB%4(8QfS!td!Xv11ZW4DxPa+Ue?O~hp zieM3>7mQjl4M)1OdVXf-w^~qf}Nu64H1b>I7o(mzDZ6Hv? zF^ek^)J!+PXB-ajG3rVbW@rpjfj~X@NFWNE>Do#p5(v->r!? zK$5F@<=vWozm~aAL)}vE214XRm8kt^FpC4bA+WnEhNkYy`va}EbLj899PV{3Ik#5b zs|UJ)qFhjcdsUG`AVaLtLI>Te!oOG5ecB<#d-<*>-0MWd;k&pOc6Wt?u`8kj0{{1F zc=1Cjho^C;2Oz;?@(W-L+6yi*5(RWT-hAw}chSnb ziMNI{-Az(2l7<&ZYPM+DO5;~Wq02doO0=t^y=D+-h@Bs~0UuXQ{rr!ttC6D;YMD-l zV1llLl2;$Q3H%EUXsCk_$m_rh)2<$5g&3o%5)Kam=%Xv5q*7YLf0=sf$Out6-W%7n zUyolC)QXzowZX0*>bV}Ny`tdfgMiWqJD>YMmms}TA4okj{IkWEP%m=u)ZSTvhhPvO8UzIdL#6ZvBmpj#Wy)!A zQ=tZgutKUUd8+i*igl&rsnX@#Um$~u+G;##{+Z@){6zi53I6=IsK0onxbNfQ*6ohJ z^W=4ToJA}9Pn{og3dxmLIbr=8BvvkJ_J<^VF>7vnlSam_8=?~ngK(aiylp_ z7pD?zgZ3EC_fqnv8sb1E1`C?w>#{Xa`IVJyJVXl@Cmi3g^g5RCP$Y0dj-_!m4Ofc8 ztVVH>?#Lrzf_>HXWbS!Pub(N|c&a`nDtP8jZ5@7g$N+TsYuB85PKF&6= zKE@~iNAe})g~B773dZr9MRtFIF#z?c)un*Pc;rBuaU|j zV6wkpLIwubt;4_J`nQV1SsG*?QrxcsCyYm9HhIQ>dlz^{^(-Us#8*+IL%KnwJX@{u zB%OyBad8u*iec<<|5-h@3}T*N#D78>#H9rPy6C`%f;$CeqP|1W|En^C3ib=dNf#eD zNk=)T13(6J6ebEued-7dq!REOypD#;XwY#={qHZ>EL9%;F}3>#B^!-155=TRuY>Ta z9v+Hzypj5LF}$TR!`5IOyvY7@>{YK{jRTJpehQl$SV7K{WM{MQkT+?`zCP@iKK8F> z^gmtF4>f@XohrBdug$$AGN=Mv@Gg_@6C*7xxsk~Cm~n5NyvmZ_WfUG`jnM89WJj}6 z^l_Iw-JPxPZm)~7_0sLQa{M7vJlsTIMMylPa||&fj1^6Ed6R*3K>rZlT0#Dy?(!3t zzvSg(h0YuORldzN-1^D5gboVOBW^`YuM@WA;4!fG-30#N{{Dv#s^x7t34Z6p!0--T zHd#DF-cXP?7CJAy8u7ONNh8_w;0YrYQ{zP&n*1$Rxoi0f2B?xSns**oLz+ntws2Z$%| zDuA9r+#b)~5_ezgJhB;)ChpDg>`ig^<<5Pt#DbvNfvlXi8@J>WZ{*Ewc`#IdQ|;y@ z!brE|;hshBgoYu*CDB)df3ocM7x%7bR*X%?Q4_tQ5FQ-;iJsGkIAXY)YZxM zKcD-xdfdeC@LAJ;Tz5u-e}TtU@LA`FxZE3uRcK$_s4PC-)gE2urLXmdX${WgHgKGs zY@VXMo{ztjH($?toAY&a#KwH-3wd)>KK@F6%!~Qxt9klnUTn>ev4{0+GMc86!>W&? z={3-Qy}NmDnLtMe_$t&UN~^iJUhTh*|A|(-7At!-*8R1Z`D$!pqET!Ag~?6PVq38G zXG&M*?KS!M-T9UDE^Zt+a5W!#S1i6XHo+LYA||hmk%cj0<{u}$r^VauXQBI8cxsaV zlz@ML18KS%FdA_iLXZ$)z{oPSMZJ$W`m`}rK+lbU0p@pRCuDJPYOxqvBzk~ak_AasC z!(A%w%2{{j?0a)!ZO*+b7r!%S-kXcB&Gn=9JC#kdsSt^4gqxRnGADdDrIpQv2JO{SAPA`1XhLy7l3HPlrcRYX-Hi zLNPPi@?uQB5|tN3v=Qf6s0#Np?=3D@5v*97qK4nmSkx;XK`M9u*u8)k2RB9KK2NR@ zh<)%2o39a}pXd>hGiVxY*5Z9Ccfhix2gmym;g$zu?130K$;^Lqm?-HoD&8XU4klMK zIe-q71H`A)-bIZ~Ri!UfnVYJ-SE`UqtP2csjXy`VACXIyxbWj3#=keMcrnuVg~(xu z5bbf2eI%&XA&Zo~9c8aXwOu*q(;WROC%()f3ll1kBzO($dRJcOny*C7uX5gU*Lo?6 zP>`>3?w2`tSI+JHgUbA%{=n&kSDE_(I|p6fz#eup1^aF@hI8-!D7z!7tj;@Z%JEHdLD7)Sb`G>>{xx{?pq6W+-h}z)aG4<9n{7rNdKQj4m@Q$fb zP~gz_fIc*?in5haty`pPVpUY$7Oew5qW3=LtYJsA^?|biIH_w?b<=iJ?dPa!iGX?k z7S+~}l9ixF_V!2l^RBV7ims^=cUJ*Qn2EM}U09u7uwLx=K5E4H6$!|qKn$ns3iN;n8o~hV&n3+VcZtOTV70B zepe*VkO0u}w@@FjxREs2$09jjgvGp~*vLB*vZ73^wX zCd~dT;-}0@PA>XtE{6T(SAyA3f*eM-B%rb_)Zog0UBQ#$m==eyRSD^{8)VnNEA5l? zrANUc)e0w98s_UWq5F=+M*xW)QV%2A<1}0?2VU{#6tDOM7$zzak@A@GhE)3=df?7r z-D$-3VCZbU;q!byNMP9u1RkY8SZyJ&X@MAF3#G>xb@u5{;Y&jmk)ue@P(|<*x*quU z*v0tlk!YXT@lf>E(rA5bRCEO?od7p@t~`(4MU0CsBj6c?-G-Qzuah(|c7rQgtA?wr zyLE`gW7t`^$fs)I|(=|ZT)3cM+K~X=VR|5bN5tTs+t}}dkn~> zZX*@3m>Io^3`YGueMtMTqldPSm;|SmHN4lTn+fZ#^%Q@UqgnLOfg_GKdm85O8D!L8 zb`!DN_1Z(5Mpg7|F>8zw(dxmEkldrB*AharN4paS9ouulo%GlVf2c;Je7iBgPM(-L zrGy?aIduBK)B2n~7KL=7n2G!@blBOUDgDp&ru077opL4(o_FM_16ccz`Q)g`1(Pr8 zMTQgVYCHqt0$HdpZda=_OZ+`8bqeAjYfFKB zg!b0>CaDnxJe&$WU`coLJ4Wn;hvL5*}$D;*G2ZqlN@6 zWf@p84jm5_%-`yVEq^bLhDPCi4r|6a-VyR}iX-$0akw0-G=r8g_E>j}F*ZIXGCnd6 zNleBy9u+*2f<-2Dj66DejCQnnjCb^;33&hGtUt)(rhwf8gupa(qJ4^eGCegoS)S@n zmZ$5dZ6s&Hs7U&p!OtuJh7&#`ehwI&&PkvBBSB6`<6ILart{A)Jb2ExDxP;w#Bt%KqH_Z{}Y&k&8g)fk*_)1{%elPU6$ZN_vR_kgn!f7Z1Ih zfSu_^1c@P{pCG7~<|})j(RO@jV)%4=8jxz}G_D{pn~Mbm5v~&|CbQ$cZlbH0D3A9h z8ps?^!%Ine84=C;Y44NkiG}#;)6LWVf=Po{g$A!A-EJh-4a7!R{td*vnZ$1*ravFK zf&`b74`E6zy@gcVPR!fL_*EpTqj{ODNL;sXQfx2s4&tsR256^O6YmZ(0vyJ7!Vj|s zolW*0asxRXtQQj}oNA%qyvgqI5@UxPftNef(!Gh;r^|`%@d*>|tFG=*P`r;0O}vSL z-sK@;KkDOf9wp)t()V#v`WP`EC*EUZ8B#oJPY~@X;;tiqT92+T`wUr1o+tKmx6A4 z+7{xxLBPtczd_<}5_c=1uM@eM*f`2V*m{$Qtt9a_ao-{Uq|3KR@NL37*H7CpDXQ%v$ zcs~>ECxU##B?xLgR-ztzm|}l0kE4Hpe0ppRwsI39$I=Pn*u7vmLeEpZpP0Xr$H~}J z#!Oa`B{0F73J0MKiQSc5S6PJVmLgU0dMt(q_%OhWU?YIutgIvm)r6{!fJiK3P?04o zKz~)LawU}EOEK*xfp5jI|A~8@<>-E8E|toSe+ z+?5p~^kLTCm6e}n3p=xsx3cyJ*~t4@F@c`wo>Cn1F?h$1F4ua|SU(4hTxY>q=T^e3 zty}>J;UA<1E(plYETzF&0Mm^P!-rr!!PbNEv7X1_--KJ{A2@9ofHnRLX{s-6f`vVZ z5Fi!V9kgQrK}xHDzSck}Rs`4v8p24A&ttQA=yY^`cs&LDxQ%S*WC!0Ww)1R&Kd1** zLF{X!-CX3t%qBAuZY>6{qzX!}p+k_S0+4m6V6Y;;Mc@{IYXFSvHMvZ2{J)0+J$otn z8+}1p&hd=BVfKUT2%xx4gpB3qv(t2(+MDmwlwt5PfDk^0gA3Rr0&k^WFG~~)ys|mY zIN-EH=(%#*Wg(I)GaKKbIEbI(ON)!Jzp;<`i+X?lOYz9^I8l;lNVl!G81mzEaq9Dln;7Rb^j-fknp(LV}Ljm-U@dEstw?jR* z6fiP%9JgSUve_cSM|FT~L%0C&5BPI6E~uUZ{(MM#cvv{;qU;Df)Tx2*wUKzBK1kH0 ztx=ks^|ml?_gCH%=G?Hh&qc7|;xP2iSz&p3SX&yVn=;Nz8SC|ow>eW!<5K?OYTI3z z5jaYn&s_PHt1Sv^TI?6s*oQYoRg=couJJFItjQR6XUzLE@%u7ew5)@4U43g#GzV)) ze-crm^+L`3!sVa4+S{SZts!@2$e0mwXNTyl5WA+vUguT55pt)8I&2~{LfyB7DmRDR zshxYKh3ws|STtG$Isi!aH@MH%S1 zb2BRRGWJ{AoSlh2k(Ljq#jk1Dsb^>0Ss7<)Ch}XF&d$hLnR;IKaL9ZpR8=nTSC4Ex zsA+rC{5h9C6b6kJeb7Z2JRO$Lhpk6kunsv3N!)egB9*<%KmBWf1pmMz6@H=2FQT3i zi_&SDItcZQg8M)u*QaAor_rB0pSFa2BCYa$yTp7d9a@(*pHIi1OBZMl9p$(wo%}Uz z&dhi-GDDAro%CK3-xZAB5K@4E$Z`@S#?8d>pI9j&kRg%e`nY1-T&Dap*9vl!YL}=# zC2RrFYG}1S6f{Ove4KWw(F3%HrS?0-T1V_-A?%)`Fe{)7a=W2>iG|ma*l~cOceA?c zUA&yg8BKbwv>Yz$vXZlv-=PP6Jq*!z3;YqQm08+iCb}j|H_Jfr%g{&2;0T2M7!jTGUMNxaL(R-BP2(1(7NP=S5|O3keX?TxIvF z${dVSYP~v!Y)1^z9&XmCwIC|83vEIARiZT~!Mj#f$7DIMRM9T7PSi&0+*+qDQcJ;; zHmsZ3wV?<8)l+Nb2nLpIv`kpYXyU^t113qiJsF&9J0Fk@(Pl%0{a z!BH0G)uTg)nWN)}%_Ma)9~xth^~OvidD16& zkN?KT1^8L$JRI}_U>-x8Et*h)N-cqn9eg3ak{raCl!T!^${r3Hdm(273s)LX?lBFtW5i{?ii1Y7R3c*OR!{f(BaSnH`R1TM>+pB zI%=6#IX9i0me%K{qjS<((DrzxiAHcfs$uGLhKlrK2R9^i?oss5bdnweUObNa64ad< zJ5LXDaP}~MofZh3g@OZ$6E!ph*Y&|~sg;N{#K|T^HyntrvMRYmRD~XihVixl@pEAF zIa$n8{@hx`f%@o$qgzQV4Q{Pyv<99npxAcdtLw9PbT)4Q2RD+11E{OQyuqnpA;D-Y zHAh1V%h_Oj(W2AQJR_)o07T4^sqYa|uZ0|784x>dWlAd@OJ$Ts&4Q}5f+&zR08nH+ z@-O&^vtb+_`XFMqfLG8Z(#(VS0q1w&OMt2Bg#>nU_0jpGg@0TTNP6xPU6M9_a4r1;8O zOswHDtmBmxfaHTBawO^_N5-vF=!rcvu;0k@Q>ow)jROYa+A)1x7?D$|E|$XvFb9EZ z>i#G3LxEuGil;5taX8O6Knz6S*89NYp`iircC*=z`p0;hdkBYR=x(UY`2jUCc=cpH zQwD*_G{!U3YqffrAP%iG*I% zoOB2r|Mkl8uab}|AlV^-on{Kj)Wof}d5aC`-wNBjQ!RBM0jj{rj;w_W6p-Rqp!2MS zce3~|_~D>e(L4ufPf^;g zLPb%&Q~)8$AbLko;w#9Xfw);gY?Z8+x54cTT6sLVjm=RNXpxD_ISB)J7%{HkVm9To zfUPS-h{|s&vy>`gpsIby#Q z03a4xC~oU^+*U%Udbo#J5l+_1&!?xtiw&k7A5*p-MNowb`38X(6?dW~Q_UlPGssl) zXW}oa{dwj$fJb;&)VDv;GE`hnkV;k+&1&F)%=%PQ3N%WU)ZnEgbUPzq#F<6x+Za?` zz8v{`gmwhW^Eg6zZ&RhE`l!>OQzFdLFR?zbgVJHNJ39pj{9>!+H{!v%qTc)o+7T!q zkcyV;_Yuto$_3fijP833^0g83=ac>U8saa;`}4* zGs!YCfS$nN>ZBIl_9+mk zRn{ro4?+6uuZtL2%#fB%E#e2w5sLTwuG&SoA8+dGwnh7TZMB#Zn64sy%dn%QZG2zZ z7Dol8nl4V)%pR4<*1b^6ONq>^^F?%)u&6T|taM0}el2uS_j-}ITJ2i`!XMZOt6Bk6 zjERJksFRQ3cyx`3uEg=+Dx^2HA&ZJ&E%rYyfGecdEPzw>nS%bx^{H6xt;I?bUvjgp za=(gbRfEjO1O@p(2Ud0uLzr(fJ(j3&U6r~N0}aeL-GE*IUmW`ICRENSDncz3umq;7 z2;yU+5Ov0*q~ah(r+{RiE=^()M7^Woqoas^Fbs?=Q=_lMe~SR&1?Q8(LkO6aAgqbL zC${xA%ZYk6B5rPR{5yv^<#Z#%nhy3N6IHZu?HTQO8q)?zc>YPT7E zIZohh@xD!MAzb7V9O+?}fH@)onLKVt2)Z#G4`Hh4Thj)10s~}7kkzG;GDm@^**pZP zP|VTAHEfPHejw(d#Tm>nc|({5V=Kpsg_Y%MMeW(oOtcbQjf^NA{u9N9#KsDNoTL(A zt2e6^fj2r6haXhFiO(YD-yr{6cr1xOhFje(J&e}C7utn1_M8yU3;B=`kBWXYjsP66 zfPN$LRs8hL@2Z6;CQB*tDR<=Y@=fx~E% zkh3iL8bI0fRCyx1SCda595yyzvu9}*HD_xE39EoC9cT9i=O;jU#w`$~+*O*hT%EB3 z;{kKxz3~+M$P3EY`Gl zw4OUObGsIQo!AS7u|V*J@GPo%e1T|MjH(ERiYswbybyA#tBWG*Oj2EfmtCp%yhiV_ zR4=(v=Qrqy8+AkQrF#5EU2YK0MiJW}_(l=(=M@`7&C7y3SG>}3Vueoc72-#{z9wJQ z6I(^hOVLyxXjzl~OQC-YaY_EN-BLp9Z{Ne5BE#4IJX)f;657{Q1Ed+6pVw38a zuk%lorwE`#OX*OMO5?=)xOhY#jVpdk0LB#`s4L!CyyBlauK0j|;w@Zk@UQqip-ib+lh`bJNyRX1#FBaJ}Mt>_*Hj zf+MK7qxewYq6onISpgB^>f)XcuqRR;C31PfFe} zYF{_RW+VM3zQpjS{bB?mzu@FoQ92!zVc{*fLt?q6p7#*A4R6!bTaBi-`Fm~>PS3;| z?eGUg52tLYF0aw6Xv+tvb_O&d?f)a~J>aaU&j0^8XU>^+@7#Xx-n-?peOY!{`qE)R zK$?JHK@`CPwy2DnjmG$um}oQ>j4{y|6HU}ajmqzR<}QYB z`@R0J|8Ms-eeTSeQ=aqG&qMddZuON2|Ajq(=*86nlPmpJA`E-yvd0Ks0s5iglgM?% zO`y7*;+@8qNe}$X=vD&;2safYzmIDi{QtdP;4M`Qw@g4w4?}rkGFurGu#ww)9u&n37!LQS=*|V8%@0NtfjvtD%xYfB)BgRs-dB4| z<*DYKvq_OgV;UBpcMjpnymO;*(RaarH*anFzrPidV(z_1nD^H3UV80FZxr64lt3%{ zzrK04HxWQ%?n2}FU#}hEFOUa#OEtzB?ah78^r7GasqYe@`6sA6?PD((X^zqyh305< z?05d@tK8%d-PjdwNaIB`H{FEnyJR1i3S%a*$$spDI*2V<=_zcnCu%TA~1B1)| zVea?f$B&F%ArlkB;}Xl|j|Fb7t?7Q5ru4$x5}gPq5@i-1UU*sLCnpXI4)o`SlM@T# z`^V<7U6MF3jE+->Cg+CJ5;HOj({sZqi5ar zl@n{lgp((25PKXK781jzES`Mo)Pe9TzYqsB9dv!le%RihuO5MZV$(sEwFbv}Lv_W2 z#v4&Phv<<+b3}|ryaq1D_^s5&>QVj=Bory0$cM+K>XRWlx>a@t=V&m^hv$Pro^;GU z=|JKv`C?a9vbwf(O6~BP?sADFu7$d=oX2t-l5|diBc}S))%Wcq8f$G`=Qer`9!t4- zdXpqGGe8wBV8=|CAqqO({%6rSy@SA_{<2H=|A!dJ`9X599`u8vin%Fu)Pioua8+%GW?6M7eis{wUzK}Ef&G2S6%-E!7 zweRK4YTWBOJ*R!Po>M>j=(*K<-*0j;{3$cXFlJC%EFb2d{piS?@tTt5SY1e(hM=Hr zJivkAGfc|I#6kU$FusyZE`}r>V&iBj57!40*`u{**4{FGM0E6BeN1#5oh20uUEM5% zkfA7aVa{_-9(Y|v?qot%rkc@C`=H-tylZ4d#DERrBC%eyTh}Ea;hfB&Bx)B0CnVT8 z5>eY|x+*aYomCX2-3b8Jo~ReFxI8Cki#dtegROg#Me;-t9diD|aLH1Gh z(bZBM1JEL5i_CCLcF+fdX(MY7f(gOk6Wt4j=DaK&$q2-)gjmXXl`+#nwovrGTtOQm z|3R$CJmQ9Y6XL{D19s;oBPVRP&(km3V!NGskw^mdfVTdDgWXg)1D(or-Z2QBN^qmp zH_7z1P#otP>0QaEx>rc=Vzb>K%Qs5rCU%3BQm>NfordCmW2}i>{akpTnC;(1?Mjnu zB4r1{*%h@o0V%CN%LpX2t88v#qz@w)PySJ2r9tU#S=ZZCY8s*3XqU}WhRP>l$J4mL z0z(lkwG0@-7z&%@rr1WAw1^>WgSqKbI4pGuvn7l%Fx@#-EWB zo|YhyJtZeRY0f_(Cp>Pp+vJ3;X8Th)sRK#HIX|7v z%_oX~K2iMN$&V{eDxpUCwi4AuyB`v8XCwhnh$P^Ci78=6YC^JqWGf z_D8r!H%3zSvla0=wUOSS79)tR6xMZoe+NM~z+w%G4;`YqcnXR2DnsCUK@EXqVmi}g zqLznV!{x>FAAbIG%F-J_TH2yMm7A5=qH>!R(%!*1)%}OG-Vh6=7*>~v_Zt|W zD{E!7(?34ErFV*Y!sOT9A}WLI9HCC5&1;o9C>50hX zrtW?s;@iX^6+S7F_d`C7m4tn~rDoTf(CfFQXfsudT)a)l zQz1-^=y)gDIbvqHuZV7W9hV=4%M{}NH$cdX2TR>lOI_v|+wjppf=I^8@{qQ@pF zwPnph5#D0D!I9R)STvBgz#ofEvLjlTHp;PBXRv}jq-nilK)fg=;>Cd|9YCp8z*jkK z-*e>=-?dK!*&U?nxa>|4*9uT=e>EsSr3xGXGv5AT;!ALaX~N7wQXA1CA2-=^DK47- zXYe0`TpUVFVhbAag&{vOuf&pk9O{Ls_AdZ(h^qc$@i{@ms5?hSYZ7o4Om{C)!Er&{ z_BUwba0l48w4dHHK1S1E6XgJy#W@k=-oPJ6(O{$T%{<9EhetIHDvv4$b;&`y0>O;(tIX2MV)Vg$ zA9wNTr&e^gTqD>3RHj7Fd15@n?0yv8BS?ffz_edAaSsDbQ%xUF1e0l`*(fz>q!N8R zY1dYi(DN-=^^_DAux-MsB)ORH#lc^RerCJyE3ul6+@IYAD+o8hRm1R?zn4_X4Yr7!J8mV| zUL3AkS2Y$us;1<4dZaIHroa)cdIauk?rpn@Ck{@voAbeX+&= zezYbK(;S>DqRl;(&EV)@W91U*Yoa?UM~_sFo~~?qk9s%HR!+{`j9-XzO|`Yo9+^@Y ziA^HQ9z1hTo9>NFyN*YSFI#!edg)#wo572baGNa8io`F4{c~YIhohlW@At7g%R@0W z9%3JDf>wz(#>gC?6J!q!QqbQ%76Rzwk!6q6)mgB3H2SyGGQK*kVY6r*lGaQw4P-zu za#dDWKVZZwBexk|Nfsn&?9~$@mj&xiCC2L>JuKKJ^l6xK)Q$p$t<=_jH`!^nIRbHItm=_azJL4ra;g~Bjp241uRcFEkS;x{5 zMq5tG`bMWLOM@iiv|8&B++7}lh^$E6X3jTQj&YA^v2Ng+0pEKcBm-B|wY2Io$j3^w zMC14+)dD!@H8fE7?kiuWV7N#j$|` zne2Fbk((tP?~JdMqi+NT_`a?llLO45jHx;ukLOvty^9ISH00vfwwP=N!yS^mc|iAb zx>2pd@Y_h0n`$?)ZYCmcth7}~W*4S5bm(SX9lH+75-jUDev;*!YMtYrTA_6Vp$yQv zGRopT%;rEK1W-(aF=IJ{tSi`eLGgtMYQ<~^#;2&YoIchKTmaNYt7^-cYTajU1G_w5 zi>purPPHtdxymC6lM{JpaRmhkw3ftnvFD3IY!^$Swf~~%v7AHHBzv*-jN4bbO<^;- z1DY?01u5}EXVP^}RT$XgD^>8A5F4iWZ)$6F`xOqx|nAek8s7!JWc$FRPYWRxKS<(|lFf6Uaw_tC%y= zy2bH4d@!p+jgoPM*^(VCtskr=3l9n$_g%1U9M zVBnSYp@a_7aZP_RothacVz6E` zK4%k6boEzs$o^&$VlsC1eiXWZ0Eb;i@L_oO@GWPk(y@-LK*DH5}O0HM-B}!kc)Fp5p@jyH%{h#9S ztGr7{ofb97#q=`MMGO*15-!tNf~$I~vybKMWBtR|k9*=NZ^(0=`*RP|j5g8bz|x2z z`~*u2ikdeoa6q?KHWyYlRa*^2(5PtbY=tq#J=K|n7;11_+u;05Vs8g(jyp#kZ2e$s zb%1G&G?H2AIKDmPT7S}YejOR7+?{^v4c~si68{*CmTr`sIuKx*fjr213kl+n9fHxR%QminG^(=0k;^F|H%vFK7 z)NEG=)T&m@3&z>VsDTVCHE?Z>8B3t!TkV&Tvvhz5#%w}WoSelXDjnR9SWe6KS$TqGnzDQVC#Pqd+yD1RY2KHr+ zyUt8|%KLrbe?TCf(l9#O07~`#NV-5xL7gn8nqM2mC|@FAwql6AOqt%fF@JT8e1~W@ z-wMQ=#K+ofD~}mvCVg{PN(OFnkBR`mBvMQ-!J_$q!?6DzJpZD_6R}1>n5CqRz-eEH5 zr$}VQ9evee+y*X&)4&)7P_A~9xOULfv|;4XFA@?CMLRW3A?2ZZK7flbT;MTXz!5@z>qB`PE)% z$X%|kbMdi~N2oaam$1Je`b99c&z|P$TQ0xYVSeGDBGGZ!AM{FrJk-_kID2#OwJy$V z+Mg>kV^STUMflB zM;7aJtSQ0PPA2AKH~v1$cf(YoLDbvzb^~uVy1qMuNY{6lc##v%`98hlcH4R-oT>08 zPGV2grFtC+F4BUWiD5Hv4$?YVg0zah-E zZuJfBatQBQTqtoDAre^Z2`waK3K9~?y?5K+ceni+>^r^pXweP-i5kZAevLE1B7Yez zvc+B@Hrry0eW%`RNX%NpbHT!0m*@f*A(LpqCz-gK9FFkJ?+DJa@nuiH0@IuUuDbZT zx8D<<{kZ4ffn&*S!nsvA_X+P_k-SfY_nKhr&}rT1d7C`F(W}%!!!@2UP0d#QI(jM4 z{Z54fp~_k$Z?_3}8cq(hyqP4r5Hb-ijW^_IM&L-bAK&g1Q$%GsOkzpuSc@UweprKk z%t*-_ICHw9Ww|*Bb{iK(cE>Twtd!}XQa`^ zcd4(Sq(`edfkvLRUC<)83{0#N4Y40Hd6-BQ@r0Rgd#1n~?LB^kbqRS^v;@jeYvN&T zzBd~(`xxri2Q9(?7y}e{MgTcT&9J#rr^ZSEX^h+5MfOJHch|kqFfjY`&BsUmf@zHT zb0G@IPF{!%DSND2l8tEgNisyDNqx3oX{J6G`2nV)s&kXfrJpBa=O=^J$zUZ%>dQnY z{m7#~$guc(EP_Y-Oyc_qfgnM_Q@g7_#LDVBxssoqqRl__b z{*@@NNakWa^4n6IDn5*<^DdK}WGPFc!h~Hcacr$75Cv1K7;E&S^#+uxuYujX50>T- zCQBCwu1^FSGRkpv%CR=3Ji|KJG|j-@3D~J_ma)4nRRhpzG@#c#fx_?4Qs2AmYu!WU z1$8Ak!t+<90)_^FxlrfK^U3mmU_Z;l<-tBd@d~dc%g-e1pH7yyCF{2)%Rf#M5xxtx z5_G3XZS$~ECc0{P?=q{R_=I zrmjnovpnpR?&CIA6l{;#c%fb|S)pxhm8XH_%>WrGCz8IRoiu-Qoenvjrym=u6%%Dg zFqgQ!sb=eJ7HOVgG$W5qF2c_3zVZ@X*yc+vY5MGrdmoG z$=Q_r$6CxV4Y9@Gi;iIOnCTq~s7{x2v50X?w>lCZ@@*9VJ9w5(LEcaF@@pmJM`)z~ zOEY-3qXK%-4Dw$J>z2$=2mDa!0$l+dvLQA{s%A8C(TI$UqdhaBq*KRp|0{?)8ADC` zM$~kuOoiNLC@BcHP*RgLBNDL=#n{A^I<<#93H{9C{ZN9%F`hV+p`Wv@cQWOlN&Ryk zRQE+X_EkEK4=uMh5kJ@+$yZj10B969)J7vx#%v0`K|GI%mXiC?deHiaN*Rpa2@LWn z*54_ZVR1DMen~iW?F_gv6Wl~t3Uc|`neyl9oOy>S>>YxVPOp^oV0F5kb~?=G)}ea= zr{Zwqch93HFpQ^IZ)F|p{cNQ1(AM9x**8P?t+4o}0sUsUXOVk~RIF_|ds<&*gFlC{ z55w4dVdDJ|@lPuRe^i-#b3&A$0-M}Tm0*R(Dx2e@$c6QlgU4lbbWUYcwbAHmhB5Ar z>>dBF3hyKc!ZeNZ*xxE7Vu*L9I}H-in z;-zom*=sX~5d1ycdUJN_E!ifgdjI15(dhd9HDS#qVZuo~Xm0r4x?Jnl?6hs!rXPg% zrNVhAls^g+_lJQKyFDK7smR>R`u@b+dq#!)e3Kn=Z+6;!*(R_lyvw5tA7rOpo1J=H zw&_Z9c+5N5*2}ZAuE;hOV(GZwP$4oX*IVV4hSK0A(kibphhR;%f|eMCI-ZX0cRnV< zxdy*6;T|Rj%6**q{xu@rA@}F}l(3Y7>Fxl!e_*~;+`pz7{rvuf(x+|SFo+<4OOnPE zT_?s6{R6uokHZsVsy~)!shNqIur?*+_tLGoY1yU(peQ~G6@AbeNdMt8iT14(@(e?{ z8iwF8GNhHGwrTyQwl{SOc})M-fwKl2NY|b-7}46FJNTir0AuozFV{(}Q zUxC)A4&RV*SYFhjC~i^@2!Q*RvXoc?7RPc3R-O&Yuw$*r7i6$LX|G5mqn=jvX6U>l zs@H|i1);qzbXosSs818}lSJav1o=Py6}l@D@^?A6(PJV&Ni+-=d>RH1>cM!#>nxMCVzGTun-csk>n3B4S`RX^WFnT%MsrJ~EZyRspM z4V6x1o!GT6qcaOFXN|HR%eP4P`F|I_OyL{&lvMO7teq{%Dw%vRk$WuR!}<8WlTQxJ z#*_H`53u7po=m30Slm9SGE8qY$s-_k=S$3Tr)ti&sCOB3oxNX@gF!F~KpTak3*MI# zYfZqUBn^5cg&!Lg@gl5El={GE-M&@Kv79ZgbzY%G!rLY{NK`C1?!|wQq8h34;H}V9 z`Nv89QPMsq1*Ny&jF-+!QY*L0;5Hl@aeC9+{lpgu{beHkr$j{CS0`&!A(qHBNU;Nk z5Al-VGmSONZ0En?2Mq`P$j6ka6Zf027DIzxaVnG?A!Q-RJ#wmOFhstEoJViaW_@AG z+Z`Bb_(NKZQHphX=pMAY^M*7pbv(zhe9u+DcL~W9Z#8;Z%Otu zg!;-t`JzJ3?ygkQJ0^h25NbGyc_`|x6i{le)!}CR2O*A(@U~4hPNJtp&PfShPlVx` zPMNjZ-if4c55LX6huS-aKxf%HvuHfG{D_grv7@a#JyR zscT>6<}Ni1-vN~e64lzGAc-(XIT00Q?5?6zncvlKa+#I5e`4kSNu~f*(VaagDO^;F^YkpLv2y1QQCB_60m0P6_+f~49WaKd+0H%;@T{qInW1Da` zdh#~UK`XG)weRrKw|f-g$VwrOHidRk0OIRFU7$O5Z36zH;vcf>$tIIYwcT2IYNWu& zisApnlh1f~HWhfeBi2nn=3WSe0P@j^eh`_HJ z@g#|3^Kd@(8$R*vPkqVy4uQ@*{fUo9%;^eqVP37IH#J83e~0iNn;vBYXq3izMwP$R z!55k)3zp3Wm)1Fc@G{ivgJD7dY#scKQ~ui7uQIDFU_iiKOrpa~F^@Cgse^G9*v|q@ zDq!rWf!mY8i%A9w3EV|DodW{m@>*NuNOsN8Wr9-W@46?tm&JBd(#Ecg$q^`N{p*R1 z!D{B>rN)owz$6LAYU=~MPc0lnE#UsqLNum%7_*2I>1=gZrGoE4TnrvIk6In`w#MYq zyD4su!YH{+VR$n&97oaX;|(Z@yF>xycA2Li$J61JS|U77Q@_$46!qDxF~n^)y|&VK zSr5XQ#^~8woGjKj*s!QU%nx|b+)C@$wPCz{kt4$a+83Bl#A2@P9oJ}6pz^;4v%D3ao0avd(6KDaoqF3J1Re&6+Zy&)g0&#MjjM6}<2VP0R94=&8Bi}HT7-}i#NUY8Fp$g6dE zKicoRCa>4#gEe`zHXla&L)PT8v01#*PCHA0ENPhPzARwK!^3D0qcmC;g)6y^4~b3X0~g<*nP5{a$FLaG zYO_7DcYF9EQk<-fSsyrcj*5~X*RIRA@VQR7Dj(mOt6PtUJg8n#>Pju=ptVhCep07q%U}9}Uf;kZUW=HQ zL1A8p@M%mojZODa^j9b+H@k-q;GDNhJ!;$6R|M9y-V|Ga8TLy~nF{TPk zw2g)vh>~=?Ayi+iv?h^@!0bzPk0ebtXYMf8U|5@5@Vm!VZD`r`5}oik zT8_e-B?AO(8*1J;*@=2Q6GY^-Wb*F7hc+N7XOVH5q1la8X$^jCgxzxtv->kCe}LD6`DARXh&U zUfQC6r8blKMK6!mKM=cbMn(ta&AQrBD}5}}^Dru0CQ=s)vYDi?%WO8yWWpih=ZLaN zRU(tu`%dz&>9Dn~Ps`uZ1c3c9?N2O>9{8uUe@iC3F$1=wsh6WyWWx2C3*jKi zaNv(RCsSUTfp!^ZGt+FR@QpWMP=&Rq#uqh~^xg%0W8mG&E}eny?7{c%-qruAFt;Pv#vsA>`qrGux_3;jSX z`XKLrmM3i3P|@pbdaofRlj*s2ObIaQt8MiziZl3mZYru5s0rrQ-9Ec02=3DMz;~$C_<6?V!akQ>`F7<%uS?H@yLeZt#-!6G9I>l1QAVj|BQmxg4SUO~>3h>q>Ao|SUB=4`$C z0W&MEqiu+3sojPtZd9b6$*v#Fs6Xtjm% zY5`Ooiry9WV{)eyE9`u<-t6plP&pOfDW_ZNhk^A(aom%(|BRj5YU^#bAvl4gvwPat zt5QW0AAXh8XQw<{}2z}jXS@Ory-VKh2BRY z7gN8F$DR=0<0AG!T>L3s{hu%C=u+atxVSx*dt7ih=rtPM|CdM@poLYkejQNBc5#K& zSBdJ#_ew`=J6gxqh{XBQ-%RS8|6F{Cvh4TqoEYQBblXdM@iF#6 z^6!HRn$tx9#Cl9l3{ok-Dt8zI+1c31_O#SyWt~?&jIg3`l@u)rkp12k=_oFjwYN!% z3BjAfc}t{U7y1peb{~=Phoyc*rXP^{$1;3Cx~~fVV9n91qV{D$*7AT@x6n+lr|fdg zxX6ZjbyZB+!;#**aHEnF<#OZMTvT=POZb}okk1mxqG>8NZE&5zKXI`3kulkIgE)L? znkDq{b`|g-mZ@#Re^`{ZiRP{JkzU4hg(S9U z=?5bCNF1uow;uh9NFH50s^(4J5jDeI{}X$9V1+du3Z&f&wz^HpiH0>TqNUlul!He$ z!6^xmznW9_#G*f9!{1Cir{IHa04*w~bT$a-7UJ;3;C=%UhI9yW?582U| z;?VPLJydFA*=}blwb5t{!RjT?dZeaK+TTE}z1}$$=T0-H{!o{0AQhFmU3ZIw@~1GV z9^&^frJn5HB7%*gxz+DeYVB--)kj`Rgn>E~h2f#gg6|!%AXvn{I(kguSruPn3=*be zer0A^!>G^PjbR@Rx5d=@M_WB$%cBU~h*VV%AkvWa32r5XxnNGU{mT4GlQ&1T&>0f$ z6}U%KYM~H|^EJlAb|+RfjB7_%Ol&Yx9JKCsYOiSjcic6_Qm+Np4dpIx3?4wUvIbW& zdysvgpOJ3AOfAj;P&hZ~rGc~Y(>ha~1lTj@jZLMD7=@28dI()0f3BXGN=OepGbty{ z@Otb)-e7`SJx~$Hrl68Ryv=VLT!+9lEjMcbJ~klL`j~{Z?33?(VvgV&hd`emyqVmv zPo^rd%K_v(j5nr!E)iU)m8gY4IAWx zYP}R2Wc~lLJ~=wyx!cvQ^#%s>LeILP&wfM+XK?d5LN4|W%zzA_P#WrDIN6>`q9`H( zP)&5HK~5Zu-bAsU6hpHK1w zn^?SQdU}=P#rY*p2H19F1Gu1yx^{Kyz=qml&g)3D?O7qy54u=o4I3(fkQ-oMDV;m8 zt@~VUC8x-PIQNn>@5kaJLHNsgZ1{=|wzZ)FM`enXTB${g58B9yviSG3`+g3f%ilu~VT`enhEELJ=2A zWu)jn?rYGZ(#LAEz<2FqweTY~!%}~f);o>!Wc|EqW=-#h^GDAf`6ZxCPzeB{c=}|@>jC+U$T6j-FdEEUTt@s zZ zO9#P|yP&S7!M?Q+`P4Vsn*G-QkNXoamYe%`U#9#I=gjpfIL_?KBvk+Zyx+k)n^;Vl z&DQk9$P`R>hb4R86ZL3%?0RP#MlV!Qm1T18)*S!;*+0blNE!g2O7B8XYqB(T?Uv7| z3wPmN`HZ@9aU*j0RozVE~l$d4#=rQ9kSUhZzzc_8(W0D>k z_2Fnp2L=!03XYtIH^MgiML}fXCSj->-oIJKFZDRZdIbCFd{wAY33$MaAiQ;eY{5HW zFQf)QKOFJCk*1yCFCs9(fo8rmY86G_dRkVvh7oFRlsO1HoLnv&$VeJg7^rIb8VuAX zkiw9N4XW!qBJv|JbmPwzIju30&{z}omNntwYBnu#y|msIJu*3x+8=1R7?awzY<$s) z9&S=iu@S~mZGQqvfvRAynaGu&Ljh+~GyL{l6MPsfDWH(dl|#Vr(8x0>IZ&rF zc&x|L_?M0#8nQ?BGhr-s-{u579Ts6ZFjdVowMR1-;pfe^m)Tsx(`L#wLcR_v7?jH~ z71n}f2YzD##n>QjL)k=aTneNp@G{nX^gh%>4o^4aQ)KNiD0tck-XehEAHtqb;N-8E zcfp~Thbd}nZEimG)v{*l8fUfDZw zITAV=aT_ak;$>TLnpe*_c-X+UqSQEq4>BJ$U!HC3Ck=9eoDFfQ5+>t!e{PPx;ank3 zVc7One zZ5xF*wMIy@nVbXGx2f3WN?xJt%ay}=y-IFS_8LWE<6(ApFx(!YhuA|yOz?RU3a=5> zUFjjZJB?9G4t9W*V6pQ~K2ZQx64$7~PF1`N!&j$E8J(|T2{XepdA1tQSY3=cpqlXnk?!M|3O%O<#v7amx^#x9&#`ieGn#C=QE}R+ z>;7U1exsh;Br4p}u{6U?!ns=*R;n9bsg)e6SJKVrVR7csW-|C*G#9*Fal&Yg4sgFf zo70v^g)V+99iWIv^5%|B)JNM>tuGa}?py5MkfvL07d>PY?nTBVVg#tY*$g`k0R zL}`suBd7_|DOX<$p^ul1hRi#M?wu0TDns`($plC77pcdET%(>+*bGnj`MLH4Mw1Bt3KH0@IpqRvCx)nfvyTM{P$ zfYzNG?5&R2=G-fy&83y2A<@C$Xgxn#?|x>)e>*cOI&)#=$A?D;l~bd4yLEiD-w>^D zuiQE>I#?X7$3^SPO}npurlJeiR|<&Vk16g?*bKIsx0@t>C&4xAg=jh}wL-|VHi;WV!}a3FoT)$Sz%%P)c-GhUnRm%E^qC{ih_Te4 znL8sm)8<&75uWLv@fNNlBaPuTJgd=ol8jj)hMhHTg&23%IBNwS;4V?1hXr1@H_R;9 z3}l^2;p`kIhp6v6BOI~TE=uvTO8!D*&KB8o1oKQXer*0YCsmC1c;3yTbc-OWS(*tg zBsDqHiOkC3YN#3l)(-BW91S%`YGfM;G}5D|6Aa&Uu^`{iIRb7;%2w5$3L#l*7@iuJg;V_RjX52)_N7dA=KQ7jEGo7ah}yo?R|4DTDR_|f{%qIJ zgXcv2PIL&7Z1#phq#4EXTOS>vL`u8ICdL4Mo67sx7MI%iq#g`!uvEfV^PU=NEz{ej&aB?U+&^J4}|{$>Gjrw!T_q9ueuG&Q2$BM)-oz zQ!}Gu{qPuM09C7X18M zA{UZKkUZ_^*@O%m8k_y5G0g_%ny7JGH;rpdqnI?;gNAX?lNA^(cOsrP_XoJ;RO>w1 zBE83)CTG~=&JsAnph8JL5D+ye$!N8J8|rnnK|tv*=LL+<8o= zV|tGIY^86y$w>jF9yd0+7WHE~WOOY)h77fp7w_y%cY(mt$~3dsOiJIe$0>GjZ)SFm znbviZ?p%-y=fpm$aVdeW_7_Wx;kDR-=i*xY>$HU{I%BC(la9_kxa`5nc2Wgp-g=-~7 zT|5%|?)qlF%>KRd-c`Et<-db3sIoKoD5BG6!3g7}K>5}lif6dcK4B2+gO{lla0XZAJ%UQ`FX8+VFdibZnqIRgKQd(5hZWuw_Cuv9G? zXASN+p?Ud|6ZG;Ggl#WZCk)5J9VhjYUd~5;K;l_7hCz;hkkjC+VX_HULO@6Q;_g}l zYK4QpL*E!a4YJiunDm5tSXP1s+I4{e4w zMXlZk4_{O1Uuy(U*Rr+>wUjIa?@2kCsOq$F0B%!%S4ar^T2=?uzXaRH3YaPq&J2fF zAvp?ShG~<+$M%!rBN$Tq8Xav8jMlZ$dR66AAv$<77HxJ^?k;^~FR=#yNzQzd>YW*% zalp*{jIZrnS9bc;jy)H4banpP&NXFklv5k`{ITq4>3kb0$6iWT@SRTCQtj2qTBi5> zk;(93v|Hc%xkQMLKVz&*!t=A40T;sM+ub-)sDu2vM2AeE=NgJJH%$;w=?hu!B(^~2 zFnGn2aKAy?O~KfE@h@bZlenXDrBDD^%Oih|{SZ6g1E^`d6ixolZhbfW1->#-4`>`ko zQCfBDYG*8ZSHzNH+^oqp+}D@C5vuxJad?Hhf5N!1`$*E*g!+=@psze!pma@$BUsL0 z!JDxSkCmn3AlkV_HX$vR&@*t*kArSc&JxTVsU;3G*m_ml~)(#D4xKDW4Q@I&pCTNpHTkoi07y>mZJ-%m1|`K%=@-2c`UL`p zijNZBR-u}Pf}Bx26Z+vjrQ{hhm4S9mBM>J;&XA0#o1^x^(W>B;NHD<%7E-We;ZQZG zUm^@cIgz1<1{tpy7w-*M_P<@Fw?IpLxKoYnZD)d<>@(Y*Gf;Z}RNm*RZEt%nfog8Q zdGaA5m7GL|`ttz9EL1;W z4*ZKytr2B6;Fx@;Eyaz-WOsqdByv`u{X321_qK`7i&=xO5Y}zZU{G7*CVCzV0Z=&( zFd`LtgVrQs5W3OyXAthN_m?&ibG^|QoBW}>tq+Ly?*ajr3yXHUklW}VVGVvJc2dLl zp0rQOeeVcsg}WGerY9)KDXD_`Oq9EwDx7xfO%5!ve0Ud~y1 z2)t05Cr(pG+HX2)f&CN6@D=!PiM<$@zfpMXK51N_k3j#{Ghn>mlePxWv)*#&nTjMF zk$Oa(+r|4!*5H}ecGoECz}SeH8|Pcky7MbH4rg+T^p|lQM2W_h&&d~2KMh`OTbta; zz-@bhik6bW@(5yTKY~SpLbCgiP#(`IfTPl-whGmFNuqaSSYK#z5uk~Y?g+yRxRPN1 zb*2Eo8LTA5jaZ>ZMC*4e2e6Ld#0>tIixl9sb@r9fwx;iS+Pci^a=d{RIVs}=BZ|Xw zlf3b`rHpWfU~wN24zE?^cujq(Pc;mLFEXim^axV51)-bra0QZcW5bd`rzgU84Ttoe z$QFJ=nr@S0yOXdu@T4CR-ov8i5%G!~M^K4eCDiP__N;tRA91&kA4tRtIM)(&S&WFH zA&lhyF79@s)41dnnQcp?D~+sG-!QYtMRGhkqrvbSw+Mbhoty!bwL2?-%yoynr3>B0 z)uCnm3oIg9qLZdG+Zw^Q8x75$o%IG5|Mm(x{<#%>O~-nBtTp(m(E89D3)9pJFRe2% zz^61GLNvxx>HJTv;_1p8N+FC6^s$#(n|8|B(wv^v;|(Q>5x8=pxYVDY73HCLS@ z#lA6~H+OB~Z(uUx9y*>~dg0}zbI1zh z*lI)JJD(Ibvxrw2hrake+gdhIifQ4@wi(%(^Iy%x3#kY;AosV7?@ZpFiO)<;)>EpT z@XD<343*-`Qlk_9qBM&d)eZ)7P+9Zdz*t|uZ^)wib|!}4^lZrS7URft8mgrv+ZL+u zeUk}~p)v?g5x3D#g(`?AL7FpXLSbMv=L5@vJwOb!X9Z?Yi#B&$yemd2@h$ZJAU1nq ziJWM<>Ogwh9rgL2!- zotWP{Hm=v}Y@I;PG1f@poZ)^g>kH~0S2K%DlGRKeV>lZ#u4kofh4basg4kAAsiVyS z(K@lUaE#UcrDy#D1|TJ-%WAI{VsLQK4qMXfF^f8g(vJw|`!x&ViMnGdbu(spWSvZ*8M6fD5*x@WOrQ8 zQHwl`Vt<$AZs8nZFVKtJ#r}L~|KfV`CYO%>_c#2)G%YSTCSh^Sw;#~W@nn`gY5YB* z5@s2X2EMW^>HVmYa8#qw?;a{w5(O0U)YlB7^?lW0Q%abW=3lEF&EoCmtHWq>orpFY zWo1)2YX0`pg~IB7*)2`3z9`l)pi_2qbl$J6r{w*3)}YNLLMb89IPIH+70nLJdC4^d z>(r)du--F`dn(muAoi9l2m+{qz2Vti{7ywmbl`PvMpo*B4XX$VddyZoB%c(mn05xz z*TA#eC|caz;Nlb(3j9rZhR7*c|f6qGCnV{pyP#~u7- z%1&-b+4yFenwZIuqT@tKdd8_kTr`v+*5KHUClaUnsfFc9VXk6fodx9xjnmgTGXjA7>iO zdvF}Hp{+*9#YV#Kr=-xnoHF6$(T>q1*e(jqDgIY|nQ%8GyYtp@YX>(VC{$bebuqoEsX4vZ%dlYPY zKz6Ee_ED)(DIfNBoEPnl7{zv=F4RaL?Gia3qIa~NWux}pJGM{T*}^_Yg!Ak}J--$X zs+i&S`MOVB9@+}rM%DiNCK^t!w8I{B>f>pPew64ehD4VA0`+0Me*3eSc3N#lg*h<( z+CB6Z)BC6Q@|8KZUzyHtSbMX)Xn4?F2aJs(TuGMOv&`Qon=$cAsV;Zqh3I&UOE-dB zKla`i&@DOE?FdSSS$Q3(?mCKiA|~`>v2Y~SG@GWxcyNOlKu;fr>+=d>{X*9{#Wz*z zZ8g9fB7-!&)~F8lVmK4JhIujS)a~+2qs%IzC%BD~HjIzsw?=XJQycBp3R#TSMG|9>wP^zmj0v&|H*q#=+xs{tpMvtOe&2XfSq(7#60DM zt$8V))VOSJ)205USm2jTDm7ECSMhQ**4fCSc@!p|GRjC|6_;`ix<> z07lm%7FVH6Dd`W%`>JB@8CLg9fGiC=J+M3=V|9q4mht`ks<8MY)M8QMGDeBsPQBE7 zjXt_z*#OAa$RG?z!_)?P0f(##)2Ne(BQ#y? zQDfmQh&!PaQ0{)>1SESfF)Q^si8-!X{ZxnnYAw1V%;9ps7{6|%MvVY-V#HQx0i7ue zzQceGeXTYdu%WS=iMQ(hi8wBP{1~|1<64dfAlUlGBN7I+OqguJJm|Z=SLN2drm<+s zQBUC_S&(y(ZUG9($N_)Sd6X!{pX#Pcahow?pNx{CgeRoweWu@csgI2VguF+{!%&cO zXP0`0^FN_+#Te33DY!GE$_2Id5>RXRwz>~V3nY&!|7!sP;~~#^;uoHCt*2D>YHuJ@ ziqYx&cL@(;Mj7^{zkZn5Fl>j2 zHm}QQla1DQy1O0BiS}Eg^}|)`hXF6ry;YLb^IDP2r)p_a(iFn36jFB)MozorNW zSiAecvCL4p6Ox|_`xB8arrr?6PvDbH`U7vfh$XT(9zQDz3IBSTxq(d7Wp6my0n-o4 z#6z;VvDkp27Z+btY0`fvZT~3UNQ}sx>FoXK=tXy?y_gsG?n)=_On>__Yyy*;hDvQ*`oSqU;hDU^(z->CZ9+aXS>mD+wmg8kUpf-y*y$^5v!p(dM zCPDR10Mfh#yiA?#d8@q4N{{0LGH9Z>Rp>*!hm8D}PLX@e`I+#d1n{g=yz^P%oh|mt z_sA(HrEV3e!I-&GFb%~GD25U;hUcXGuDJkKXle@H1Y?4_Ku%c&Zv`v8yb1P|#~CAi{;m@OVo?=itMiCkw}R|IuXmVVvUJ!DWOq!Xq$Yl0UXk9~-Yiz!xotyTO(;zwvjDMZ@$jkm6Q(~_mZ1`N$4eDXi)0DLy8g&5kC7*D* zI-giUBLc6nVS(BW4NiZfHmAjwbZ&EcwAKBd23Yk+@VE@EGkL*r$dK-+%EzOxtd@sD z{-)Sh~@M4+egmpzt3mFs-6;QPjK=kPn`o+oNFu32KIAKw^7h#7(7$s(h zVJ7>Qvegd1q2Z;Y5hBdLk5vL^YKQKTwRN%Y$N1O{|C>bO>HnF0PPmOTs0K69ZpB9& zM{nw?gJln+%K^1g-6SzE?FWoC=zb@ubwbw}!|E`#lbIFomO<3(bg>*jJTOLVN-cxb zoMgyH9bvWN0z^PPu@jZH8_B)K(1t-Om@}N*7}MujQz@1#?BZg^RJfQne%H&#XhN_t zab7EC_pzq8^u)*bquufP^y#DH!Kqy-Q4ga(8O<0U z0R)t&Rf`P97_6Yg3~06R27)Ki08J-|p0If!IDRC~8e&av=N+-pOrSlQ_v}5|W>1cv zY8}@o-5K$vvBTtaJwwmYwR<0B&(eFzS%qDJ2FLNnwu+x;Gv=x$=V)`q1kt|48{2s! zT$8C*-nzFit~OGbQ0GnJX)Kb_t5bZQ9v|@P;Ph#yrGd#eFP~_ApO^2S;zRX*#Qz+q z4+>J#l4+9U=mX?})UE=Y!7%FBRe(IMct`VhTTJAD4(`Y?HTLGMxFaVwuc##ruleLh$I=g&UCB3fR$ z$3_qQjy@JFP0a(B>Eq=x^FYI*{|(#zLDux)J()29m6D`VlBZ8Ut){n9mXk_lpma~o zEDa9RrzB6+XC~9rGc~8#r|Z+?=~a3`rBo<&nwTHcJr_cDdUA{|xT#B$#WK7GPCz30LUdsTP zQBI#Puz6}!0jotyV;?d?z=cM?)FC1xlqpJ=bG*4kQPkDFMKSGTilV_$+|@qcweB}> zxw!I{4I+85&|ti`&*(?WRDk{PG?4`H@~Ca5POlYFrIG*~H2)if9!9-x5*pq3CSkg& z>2KR23;6Wzo+SNkS683Y+tm+3gEm0Aw~M41Sa=oQF7!P@PndI*eV5R%;CJzyUiy6RG!%&XRphBpF21Pu>=95K=}XP3}oWmcG~q{Hap@nwz60N6h#)i816|u+INwu*;{C>T3 z-jX}TzTn00+qR#Kwx#`E5=;Fha_PQHt`$pXExDv}G=Isjq;(1oYYAugON_&B4XwTI zDIf^J^nz@GIrVb9J{0-WNq;x-pfpqj&kkT*QZnl`rBDyzx?XHe1+fk%J$v5V$nUGL zO6!%{Tcz7pYPnYHHQHONOKTWXnYP3H!$B0rKtAK(tHd6E=i{*`oFT{^I~_3C|tA+ zH(3)lS_)qhCS`qU-{iF-Gb??G$oT{m&CgPk#{Nn!7!0ughrRcXkE1&Of9IStGdtUh zR=caVl2+BWBulm|_ioFU1=wJ~HqEAEO6&kJ#sL>XZ>Hk}0}j0;K!5-#VABa5(;)#< zLQ4W9B!oZ`?)#aMj8lI1d;hq9+}G=VUwX~V?(FEynKP$6<@0==C18&tu{tOrN7ybF zE66^gMffGF7e@BL5t~M!kPd&tc1P^~;El*3Cjn@5#5$1|y5`2vIN&$oaU*`f zPT9_G)pL`06w;_K&XoCpxROX!IqXYWobE9V9b{BNp!>K=P4}{?LTXr{Ej47!K{Ivk z;P4^(;7StTq2xH{=+^zF>l`5{dU0i}F%+&Fl?R6GO|iYa)0WC(u`yjy6HD1JL3|4p ztf1@6@_leTML(su1O0YSZRn<9Yiunnpg{lTCtU~+KC{(HBo@^}wn zLR-UEDI6V*VnB-C#^6C8*o@*2=Kdx%{byp|lqNk1?k4@B9rRAHp8J_;?qM*Vmza|G z1oB4D*-KVXE*}H4>;qnq)N2u|_F?u?Vv!uDYT&uQVwM9$T4hhCb8jHn=5)!oh3;~l z?Q1Q={QYa%KU8eSExcC!z_ZRYGjZb(Pk@)lA;Bu?3H2mEL#QHXqYXq06J<^|HcS|H z%IniTjGed*X=}JG+LlXWg6Jp1;xK)L+dFK)8+@f!^%(btp_xqv1KB3%1`iWcm+lQ> zllCVli;(#i*|ClvrTgiL{PQTgPCp!?UOQRm8Y<6Bbf0-s5S~eYe-6`9k)QkLmLHz2 zXqa1exLuK`OjIQ2hURthZO3!@y{Z-!_d0x0bg#mqqV-E7gnW{0SzV~hn+S!!2M4>l zRF{pjNwV^?N_?!us_EP;nIQ?SqAS52qt)fQOs;-FuKuB1{hms^W zYZArO^k8hox{Y|8o$r%HBXO!sH!@Xj8+g-G0in`DtLKm_Zz%K_gvcx7a7ho00C{>si+8MAaligWQqA`#DLs?x>G;pu3mkcOL$wf#~9 zzW6*9^Y?wC$FEg8`^{4CH&wVYRT0_VRDA?QM{@12qoUvQ=p0E^!u6-v_|w=+CbI&?LxRN z89xTwrQUCsFzu4aq|y}`lQx-AyogX*w8U*FC4LV&(BHTE`vd%a<(n#wPI87KM{M=b zz9Cg?Pb;grfP61~Cd~X4jum!u_Qgfurg!S=tD4g{w<;Q{jFX_2^uo++75drTSDAnjLqQ;kwWtpm$?q zD5qY(aIGc2S=+0_qk)s3*#|7toaA_ip5>(yrjdC%Wea2@#-dCp6H6~zJr@~t_9SGA zI>y47G#LIp9d)3+P2n)+@j}Rkgd(zJ{#;@Y!+n{ZoJh_7tlwf-_>~PVX`bjcQu}ih z+3oaHOn%#x1b;ST;yec|Tx9t%1oM5$JKI~LkH+ZH1dpIUXAwwA)ot=v45&uCq5Wy_QZf2<{0|`!;Na} zZS;*s{!=p(RuULD9;TVjb0k!yp6%P#*;pv-jZh?TNsV)gN+#0SP;w>~D}~bJb&kX$ z70#)=-$-z`^&rIY!GO(ODmkP?ZO99&iUENod|t3T+MP2fx{7TVi>1-JO>VJr;7Rt6 zvglU_4{-o4o}knpo%t^Sv!bIMJ z8A&W@0p~1ia>p(nYCXcFB>xETJKXptSOVWrMpAj;e*=@p?b1n@JWf$Si#c}$m;!#+W(K82doeihc%6JyaV?yYPtYJy@;q82UdhpUKi7G~z&~@LRcD z;g-S#^-m=MJdLvJUejxNdv8&p%__S^CH+0pi?c=9n-%)s6*iFxr2A`LXNOLg7wS5v z*~ybZD>)J8LR+6~JKwYIlX$jTfLX%mUFM`c*n`}7S-c9eiEKhR9Aq*1wGLGH)pjFN z!=AcLXa`F6?ihE8)3Q2wFU`!4G7__pFgW-o0oqn5B5HG+%F;;;uZdo!2sBJwro4?R za+&(Avi@v$xTxvwYbp%HNCx2ts?JL{S2cO7D|PjEGq#xu<@*$8ybHo2K1L5O5`vlU z05#sn`Pt5N|NIm^+CSednGqq;*p+p8p40Dw;j17?zzA@t^%F2W@>^sP6weEt`9xpn z{5)sYXmGVPGl0s?WVkC(eu`8#yTvCGD9bm_Iq^BkBR4~`5j{l>5^Vi`>y=YTOx&h zs+~UomJNTdy}#(l=ejsLp?13-BXZIY1Pwo_oMd}2Xa6IEJB9vALWz3yvylC~GKbhR zNyq|apP*f4=?>HFBSGREAwc z;Yb<2-VWx8UBk_>B2Tsp8zd8LgkCy{-PqQtcz2>d9*^xDO}a-oL)<**^i&HOHYHh; zno>%QM!^~uM*^O;MBsYvFss**D1qCO4{MxfT%7DDF4F z4zM>a^T~S8fQx1V4l0VBG7?_k1KIXri%y)m)&V1=eyAhTxY%O{8C5CoNLABK_?fnhQF|Lk*jYt z?rkRayovgYMCc>KU4jL}{>bD$G~3tKM@;;u+-ZC1zmXz-Nsg}nbFrBZk<#P-xUnCR zn}l94NjaAY7S%_L{?HIHGkAr=!}{%csvAtUVC*`X@9nb`7ENi#UG)-78v9_+yILzb z)y(>Z$cNeqzZWW09O>6q5!ec$Neo9~Q3j4sQc+hklxJ~KRP7YgSD6iqyNzES(I6hr zRm=5oBXFHJG*2ec@=P|T3h5Zw|D>146sYYg00{jeIZS0ulXYz_a1YkCu`<~+lE=w3 zW_$52Y+Qy{>&B~f6$Ey0_8^s9scfwNWgt3aRjWi*uV*!{VT<$1=N(9V+PB#9bK9+# zLUkC-RXXdI)2Pn@LLG=_ ze#~~u4NfSVQmm*itlgq~)k%bh&ZRWS7`DW4-8pCYNC4t+DKHV+(U0xK`;@F|k|#6Q zA`xpc8l$zuTml&{1RItLI>0t8oFjurTc5IO9CG+Ohpgp&UvE{zo>N_0RgCn)TNSBE*tb2W zu+VY7uvJw*r?zNFW1E?ZFk-sy6G}g(szcSA3F{&Usg6FWT&&}d!1Lw6KX8plR0iHJ;O#~t zbeB5?HwV+81BM7FgM@k{mb|Y9WW#cf$Fm(e@IAM<*78nLWXnL@*{Bdq{>~R<7447tPG zE^yxDWgwCN!gc?Ol_rM(7~-lJxQcp2d6|5%@A@FgZQ6cB2|lvMzQMN0c23;^$^nS7 zCzI=xB$Al87RXpztNejR#p^e!{Ia3L+S~HOY5~`fyor>CqS66lYW)bqVfF8v{09z& zuCVco%LhtlaMjy+H5A)h9)qY%*vI+v^)-P_;3>@hmR=o{-b`{PCRau3oQo9( zzDVN?ryR{>IEj0Js^BMx)RHF~|FMU@FvLvtR+&0)tg~~uowf_unKCT784NC^C5TWt zyp>7X_XIBo5+epm7YC|U?L@1qs2(UigTux|%M=U6E6x|m=dpK~c zd?mEAaTTu!4<9hZTo4XSZe73v^e{52x{n(|!$SPbpf(!-P)9mP`*Vj(tksrxqIG%{ z_lhXsXbL2LkEGKBH0k?L7PG)ed${3D1&MS9{y9Sdx#6|eHUILTWsy7v8!jJF zuQgcAHtEe+J~>S*TK)_=aMG8lk-NXMQH}SzG*b3mw)JGRN3*aXGl$(eBsB-z z?MTv+Vx{*|zX>N_3wy7I^<&}hJQ_yN*O`~X`l)c@X>6nd89;Z@*+(N~Pe+{lBVl-w zlJ`Wub9aP=f**vn4T&IRVr5an4R6EAWcV+LXjDES5zaE;C1*GQwpP7C5Trj7z+W71 z#;BlWXXx9MZp0mWEz6Wa4JZn7GAbFxnz3ZQ&B{Z-zR;j*aChSw7YQ}Vmqdn|@7NQ} zDcW-5)=sh#0k2pCiYF%eRr#87%WcIj6XIsaSn~)YbEEe;;d_ZRcAj+N4?0E+O9YqZ z?07UMbB>HiXiojfX*`&MMth{3E)aTOZWB=OO=(0ubt11NCTA>nZ|jh(E+-1oM>Mnn zyz~K@vv{|@P**jXisXr64PB=?t_2bB0=92+x-zG!(EN_Q3Z^=^H*s5tirvBOTkXB& zY@VSXA}@x(2+mV?29i~kpV;Yqg9}yEYThSL8G--Fk$B5uv|4m%d6p9}*_01#VeIVV z0_;E=7`AtngO{boPGYQ4yZEL5DkvQqC&qTodPTyX`wSk<9qtiv@Q!g0?ER=Ul_nc6 z28n$B^IiwzV`dSQdtIuX-GX~<(P}sDwT-YS-=tRmrXp9^%La5)tN$c|$IALof|IH> zS`wd*Jjum^HZG^X$m57(aSq00iXUx{CiKZUK|DW6eT!B{Q~Yh}HGQijHmSH(O}E^K zAw>4=4{-!!JdYlNNcII7tn5s*(o73(a8qytDI8QdHyEkL3(}z* z{JB=gS=K?^=_`5WC97FHuay-w&gvO^Q(Hy(Z-+jyD|5#s3d&AKuDrBGz6gg=l(I{~ zSf2^!*E-)xQL^vVRxE=Rtim+d+Um~yoymmv^c$>?%qzD00>ajSZR{V+nhPY^GGw9{BSXDxO|{ia zyB7@DoIXj@Y|>=y!DwwK1g;yaq}PiCfga7J1v{fJLQKHM5@o8bVTy~ei2*sq7FVaz zI523PO9H1|tr)2D4XTInLEr?+D#9U(#6%CKTb9-}b~U)s3LzelsTv1N4vLYW1`~rp zHo=}L0lXVkh>Lpg5%Ji|_eJyW7|_5gmQA!`XKCv;=86>EJxc_q!$L7UTIp1p3Bj`g zfyCmA(rr(`ZMR&Sa|qEi%PDM=T1oS7QnUPh_27PAfGQ;l42OpJ1t#s;(Hh`s3_)qE zuSr)RL-bpC0?R1KPMdqPkW|culrHS` zGDu^(wY;J@j+M(fSGAo&5|~U`SGXW7y3#5{KGYFR;n#nEdxp6}xjD?(W99c|>~wD# z%i0R5Kk^#Aa`~)fdt0Pou-4*2ZdU$q(|V_1bj`%#!uJv(X$+~zrnp9DvMxNg?JN-D_K!dFp1m|gRb@kv7 z4Yjrdxjh*&WEaQp4fMuwOOjVn+Paq22kwVa7*KG1RjXr|JMfBI);8h7*rZsY#emXb zr*M){sb}@i9p2Bgy80P9d-r{=b*7$#&ml#sjHGEIfGJ}O?M#GK7nd{(7gh8^VS}eK zgh;?iyQXZQ`_~E`PZ#d!F2;X@I-dVV*F$KT6buDs(AAg`k*&(8ieL~r09AZ|arXeL zyKY#jEy~-|EN5VKPl9g8e=|o!kKAsFKn@0j!&~BI_?CToK=UxSP4Ry*+ypQauT@B; z`>O-CzqwNs_{wIYFmR^&{}W@(oTn}h*6Ygyx&07-*$(!rcldnd4xfWxcM(awyLoxT zvM_kON21o_x|FkL<4i$Kbf<gz6!>>E=YJr}OdJ~%x462(TZRZ@<7$-EnFkJb(> z4+QxdVgyQ9$&9{RzARz;p5n|*wtWYVvyl|#yKF}WtH_D`OGw|K^-Icx_^*&&$tFkH z4jDKeX!naZT%`1`$ZFlp`y~EX9fAYxmj(Q>))y@%=EjRaE{mDI^qCAy z@JR0mc%;va4?4>E`|2I`!~D;!x7zcq?mr~0Kbc+YD$7iEh&GM62B&Nk&(fwd$wDUE z9dDmGCRJZnh{IiA@@~Q8XM^UgYOyP!WRFE~EsWB~$DHycvZKh)m3mFqNoQFeQcF~v zC=?jEa+&hh90n^wChoin7;|m8*2(h&xWMxcb9j~op0L|I zD}=Dnli!u2(AA!gprmg{@RM=%D{c4bxnR@0&y7An@2*eO;DttII@41C{7~Lhh8h5M zpfNW`kRh*Uru~g%TyZopIgTdK&tctH&pG&~=gZpg55>apr0mX>UHh^LRyUbrHrZ1^ zq9=G@6B(wD4ada^=0EO$IL26Zu23(krNvmy zeubr>!}ZcstZKgqpYGAt+eGjcSd_z|e5yUm^NS)_o?WMkDR?hel)271ia86(IW+;t z*$TvjpQ(_zUma{`X$Z9?VV=#5Y@>ar>$5n{V+fo6TD-+(b))*&D~6gLx7leX{$V-` z;_%Qgj5J);W6#nXjq(FxiPO?GuwjKLJf*8b(2h9NP(+sBBC;GVZ;><{0BKrr-N)hk z)=eU zfFUkxkVqlFmzR8KutHs^?CB)`2|(EwArnkT!*mQ>CRvr{9$J!TIA3d$XI!Da*0ZR^ z>8Lh)U!pP>1C&tlixqNA&Bdw{2-C&Ny+l1Jy364?JS=ryt(Plh3dww`5Gou#V9ajD zRDML}k1F-Kihrh@KeM7at2CWDmlPqw) zs)0z^q;O(htF*8IcLSFUDC~ z1@;7GUaS641*`8mi5&T(B5XDRP&RdyDpOY-ZTjc3HV z&2)Se3x61^N+h=E(7oDyE#`d~a|(%H>-bxajk)eO@P`&KAHg?b&yN34r3d7qKZ@;S zQc$N=7)m-_tR!GNeOc%uI$H-XcnI|Z#HvUggvF=U;f^w@HZZExc{-rdEv(lgtmaL6 zwR7T`YIVbj7c0ik6mXk{Vac2I+CfPWmW8+`@~4Ba1knjN!BgPn@C8gAJsZLr-iZvoNGIPj0uG zNvC&{-C*NUvs=RGTO-I?95Z|n$Mi|EDsKt>No@|PEukN0`~x(h^6iY^aEjg>+RbYI zi5*SGzDBokZghoppsEd5h8(M^KMYyV;xZ0Ph)-uM>rSSX%Okyd-2EzfiHfyFD`PW9 z^m;RUCS{NqJ$s5y->ak7X$)=7&$Yf+$L|A!o6U7rb)kxO)^)Xx7z^6VF1rS&0Om>^ z|4wv;L#mYylmaqUm{yz$d%}*7fVw2TQ0GoCe z`QjirB_9^--r>4Ku$jBi%|>ZJ>h*esZ!_2rHLwE9bi*Od)lH*XvwBa=a*HuNlrXe1 zpX#Z4H!KpGIqAE)Fp&yR1@-Wm(&v*e^(VHS1V^4H2HnHG_FW9Y;tJP<$USTDOTS_; z9H(65e6pQ<4^mw8?KZ&8a;%DP0;!k`r>c^~_$E72xS5enzEAc~Jo=;f36p!IvwgVN znYNneS@%fLEglH&<@2+*@!$mrtmkpnCbjrVI;;$HPTA}ccr+;@FQmIva{^2b8UTw?VM>lXV}eW+8uVben2}qie|=MLDAHSaXsq&-A+>F}P;9!|0$ zQx;WA=FQL8nQ$q1E(F#RG7zbd#Y8YlS7Wq4%HhWjUu6=6&ZGqn~;BCH670N4f0BGvq`>U@GlMx99s7jdaDV3>6IEPCAEvj%=HPkRXjRxlwJoQgW+CoCbMat&kLPpI>CBEI zH6F)!B3MoT3|bz4OsyT5P8R?icuZF06ZN!cRiY6A-5l(m5C0vGT7PP-)Bo@+>q!&f zr@>5uO@Pr-^n*4AgB&Xz;m+(vS+F=`P0Cg%5HYrl4>A_ruCj~O z0q#h9gwtL&La3t{Xb$Fa85;W_3I5G9t2?4#|+4o}sn(H2lk$SeC zr1#LJ@Q@hn84_5eEAsq%vpq(?&yYV#Cwa08Ma>41$9mSJ71l4A>m+m=`+4x}OM_{l z(H;#-m1`@`3%zRAhZG0fKYSAM56AlZIqO3SYto}?cm=G<@y@?J0Dij9ag%Z~HH=D-vr01=g%<9 zQcLzcEY7;_cT1Emdxe(;5}VFsk|4owuwjK@WsAQSF1|_>d^q%OIQv%k1LYM$PV8*$ zerHjC0)T*sY8OkZ#aK0-kPp*XEMztK%qZIFQYGvRBUmcr+=H4iKnMD^eIO&flB_gj z3?QPe8YIaQWIG~!cMILBBGp8KGyj_v?v;wn#@8rJUILwcRKRIq4-_V2QNL6Z zG3qnj{G~4YOf%VCL>Il4oX`$^46l&3caKjTwoVQ9!ly;zos9hXl4cf=4|K;8l3y!f zj`jMnfi8K74dGH=pJ*!FBlW@huPR*O9>Irwba}GIXJS~u5Ln7;JC)ZZ;`DI4PJaP* z@+Lv}jAND#CQ_bF9A~E)v7}e5>9HceHP#2rA0`S+7@QgV7_i`92d)#c z0?R^#1hAu?%;`tPwTa_NT%@`!644HtOh#BT`Wu7@Rxv|<%T1z2yFgq4L59v zH4fa+jbIiWxDE50+~%zRb{jg;M7sqfm9uAX8!Q_;1-Buk67KS!YTsR6Zbd%T)&{xB z_}GN)HvxEHXQPF{|K^Ihq0;v-4SJc{26gumG%BPGXIU+oGojlLZgIc1BK6i?#w_s2 z-~ofRWr3Y0sr}=|9N`@qoRVif$A8wiJaAqfc-#~fiT6S0`-;>EzFcZ_zfxgPG70?% zE|hRV^bL9JGvu)=*~BF<;J}-XKmRf1%n2U(Q-rjjK2b(N+@aWyrP%XT>;gr>&%m@F z-?n4HC({$m^(uCQ{0vQk6aW2=KhtdINVCQLrfZ}_XltYV%VrhZBL4!~pMVpoWJ6F% zzu~^AWQFMD6A|B@P-eW}Xqrm$$$$OYx>E{!S;c^T{A*!AaXw&{vm)!Y^%9*%+Yi8D zHyBj7^A2wZ?NeruW{D{xMUJ@OJu6b#lOI*E{^SrsPZ|-s>`!2g2WH#}!HnAm7XfD~ z#hPSA;?`DN$LJtEldG-BKGsVvzJ(DCk0!~FhEH6IzcPKh_I8AT@<8Y<0` zGxuw2VTJ~o&ob*`RN$wlkUHil&2&JTDKR~gY3rth!i{HN#1LWOm z-NzU}YnwzAB#)kCE6kApz^+%;)^u z7i^IQ*4pp_>!h%;PG-BEIX&W9cZOZSBd)xT8IxPBpNEUoszrF+Ba*J3VRX8Z5mdgW zg4D)-LLH{x44O}qj>L0jAoTQVF}NW+j)BA{X*#5RBj5x&tcxO!bwvb35EWl4@%WLx zh4l+2SPw;7?fU!e`UkjO0Y z{fx5qtkENJK|`DsDi8j782*e5Tbfw}x3Cm6MCLmXK;TLqw|ziK{SN!2|2cc5E~m)7 z_b)r(HGN!urG1>eGICsG<*?(-N_AX0ZaeFsX}Y2^Y)6{CiE2{CXu`zx{D3YCAV=74 z^m4g;nVq%EseQ>gQ#&{6>L}^aM|fB10L}uc(FKTEikH%*Xp_W@h%|PG#_<0`#gfO) zH=!=Ybry&J^dcx&@Fb-pN8p7hm+MDiJ^dk%v^Q=U4<|{5xkn@5*+eb^m&epO3~?Lk zw-EKciUr~-H4cSkkY7s!NH|r!sfZrCJUD#I|5ElQ&2yD{!B{^+&c%1&Yd5{vf0hv#b~DM!%-e)sU~-h(P3 z4>{DKwPtp4R!u|kK)fQI*sRK}C$W=d5n`(zpmNCvm9t63U30b4*ARtF0@=%fECXXd zS9t{65GFakFsV#M@jTdWI+aa^{-%rDRCAKNAv$*v=D%nz&rfktpU+q10-}(!P!aXC z_~ZoAlWVZOok~DL*(uO-xL!gJKRP@!*)SUGVFWs4CpHTA>)3=l-JRw{y;1RT$w($t zuVQZ`?g-DXK&Qa{bnbsa=C6ePd86CQ}~>UhSU3% zk(@|smf%{w%rp|P28Q3s;~c+Txxb<%e1X+>KrNvuUzJ`4Y}04}?gm+k0K^B#+QwQj zA3{f@)-o>WW5bD^6g&4ALU70Ho>05j9lAh8jt8V2n-cw2Vg=OLK%cNp-l)oth!hjw z&4(gOQ(YB%RyI{|Te97xu%G&G6Wgf(p1KiXjXbSWzyz9s**EKiykc~gi{pV#UPZ@? zW6cmYK~jRH7ZZT}kdrAwFp-1*CzNijoLw=ix}oa8Y%K^j_+<%g4&Jw@Acw72B|6YW z%DT_A>gEwmBkP&du+rCyc4dB#9U61=Xn%jN@ed2Xh9m7N1>P-9|EjEE0~_K%v4aYs z9@9*SdE~eTYl|5HV_v20pvope5yUHrvUIEIYfd?av*Ihd@?~9oR#&FSw>d*3e9NPl z0;x(htELlo@Pfr1GEnoa)wxkcvL>dyJlP?jjDw<{kmwjy@uvfVdCA3LSoX`%$&L(& z*D$z`Aylr5P`SO-P}AxWU<-hAG(wy!gl*8U@v`JWG}+HdUbp>0DEu+))rW!y(UH2w z+N^br%8yKR*I1o-I&WCgVN0T84tX3hHB7O$sk0E>K^FD-`|zy@5!a|wjMZI(>LmFS z9P-pf$)SU9+iszhh)MWfCNz2`LEwOb9wm-joaE`U@L;BRjAs=Xo&AMtFW8IBe9 z{4h*PQWjPk)_ciVGL~4m2AG)mr(49^7hML7QPqwL^@K+`J%G74fC|x1n$WLI_;KSr zXwFb3Hb~;L3u7w9WK;}h%6it`v|b_L${PD|{EW5uh{S12F(LqT%lg0D8o9xp%DRDq z(Ifq8`TsH6uZsT>mH;YriCQ+2YhPCMflix{AfjZ$q&%1P#Wwse$|D{=R*ATnQRKlE z(9Na>M(mvlN#-nRl#SpzconZ0|0N8$5^&r#>S5b@mYC&M*U6f)To$JwvCd_Y4vZZ8 z17L#hFq0%Y7^f{k{rrmM19z65&2P0%Sv(paP@ry-u6-C|>U+|t(*y0PO)m!+y+OMT z4wp$C$Ps^yx=8^pV6|nTvwh86GJCOr>J*4=(5--{ViF#QEnOPyg>Mv(??~INS<^}( z=Q`Fkb`4p|O;?HxI5NM-VFQDu6}YbB)H6T3Zep@Ch9NtOX?z@r$w=NC)#pqoW)l4} z6<6^;{!~0EGPR5{s`;Ky<&&Wq;jlYM0d}W6*tHU-OHV=G>@-bGJRR;R=V^r^=?7;n z))ydM(nGkkNcT%K1!{F56bo#Z*U}KW0tLQ3hIQL(@kZBV>+9RGSXdUejT>6MztP8l8ry(7yrzix6ZR zit13hnp8J2*N!`pJ?N9txqb^7x3mR;qCaI8lwOWnirjyxMu5))sQZ!nwYJ8f9!U%_ z>IH-ape`aX2iVzoLHUyFF0M3I^2NI2uO`U~@npoI$l ze(?^Um+tU+g8w=Fj6TF#ag!>)QRUjp@dL6wZClL;vSNwuH`G(r#Zb(RF-L`T6oehz z2uY{ZUWI~NV-Izs5j`2vlwb@ZMl0;$wui9DCwH7oJDjbyEB2S)2{;aAoP&d<4jV=X zB-m<+bd@9RiKf{mk^@UPn3!t&C@emE>XAt8@jJSN%*y!0d7w8=TSL^_KUfyq8WYOJiwdx@{s$H!Oc@5EOy zdPGT&V~fW#dp1Tz6+c}iF4U>jaw(oy|5E$kFHH_!T6Liw^CQKYkkSn|DTCYsg#(z7 zxZ8N?;N1XHkhIUg<)y*xE)quM?KiEul-rdBH3M@na4iHYe${rkmb(@%9k^dcH~RPU z{QLcI@Ls1XFtzc4J6;x)utD*d@xgM6muWb@vzK9l9;GY!RG+$8@g|%z)ZDXGB^nY`m1>)7xZ@VUwx0}yc}+t5%?Y>4k86hEPk)ouS=l}PFKqzhRvJ_a&3)cHr9 zN+t`5F_510u(igW%n&#v;saaV_Rqy^yeykNSCusa+j4Sq%cn3M?IiE6r~J9f zKm1ml4d?0P4*PQdb9lYp&02Ah>X|U=aV9Z_THo9W1IM=%BXMwyvgE(3_m0`25VYeN zmP++kHK97CcLwDvd=F(?6)b7lr`3^>Azvxy@5=c~_5Bm`dug3^PSVag-FGsECQ{P8 z<@YQG(346(s^X6+`#}|dNa?qNzV(JeV@kfJ^ouI~5+oI8JtfPOmmg<7Y;s(kahtfgroqBQ|6a@;-VagD<2<))D3$io!gfs%|Eu5%1|8 zJ$A?Ubf5Nqrn5iSOT8h#)y{j``K|8zfH#wK(+}(NV9vNryEp4NX+Eyk@f)=LFft%h z+5-a^1)`jjKi7$eP3uS6e8_LZKG5cUc{2|g-b|b~bGHtk#AEqy=5qz{lH_1%1a609 z->mDva}@@1RE zEd#F!Gj#Bprjq)=B|*4mv%Nb1i0Vi#%T`?OquGXr<@NOX!t1Nw2(R%qLqM0$S(7_F zn`_F2%H7IX1p!~>?wZWum`}@7xp*#8u5*3mi>=lc)`xIL9i3}J!rK`!Zl_Scqt)9g z_M&noLGJ0Q!!qOS>y^1dX**MmePWQ*{fE*BqXX%6JQ^TD@EF{( z2(i`3fyW!VxnZJ>04i;gs3jv2* zD@uq?=K+K0u-=f8e(_C7Ta+`OlJ4_M3Mx?ij|#N2a`SJGe)Dfo1uW*@pbm4;e?{gD zDuCIQpq_yW@Qd)Rf>8XAinRN0aH~RByIn18i4Qz&zyGwK)78YB=AmYUnL2YM%Q(b; z?hlmn-TtMq_f)EUK-9%^*f{v$^U)8g?IrTy1;Wzr<-Q9=KK38K-+z1oSX>?eqXAWn zgj%!bTGf1=8gs3xzefq-(){!St5P`3lM!`ioTLsviFZWpn0p(aE1ro(_tgjao%O)H zoe*r3JUali61X@Y+O!+C`#CIYhl;VdfX>kaD2jeBE?zSR1y%qk^BoD+T#G$%O(k`x zyH@4yQKSp!?w!`0g6o|b&pi{1jMY>8dri(e1A6sRZj{FkfX%lH2g)KWyH*`49^rQO zeA9{XddbeH3K@Luy(d`H(7};IA>`9#AtIlpwpt&||5Kwj?8A-XR*#r*cB9oBxAw%> zk=v%<(r;?~8BZ$zQ1vDz-ri{w!;^>!nRJ#)FM@cuJu`FQIK|paoVK19z0(Qb;Q+Sx zen#XRh%m(T!@fY{9``q`|Eb&mf!b3Us`|T}`HR+H>h{0s6tQRn=G@=<_8ZwD^6t811DQN5i?c-Dz3VxUXccI!oD$c>H!V(_KW{wxi?p?rkmq zCg`p=Ki*6T9nx{|Z0ln*X!9*|ROqOVV}r;#`urz?nypyYVf8+2tbfwNgF$oR)@=8O zC#Flhh<-%aK!iHXbvwE>8*pp-5$j!Kt~pgZyNZsH)K6(Oi#I**)^8kUv}PUkiK55? zYTbYV)0<(YqZi$+GFyCWh69(C?>?h#qU$I^<{b#l7T%=wqoVy>HVlLA-R3&YIMP02QH8Ij@y z#6gwA03&W@be^V_7jUu|fQ7Rk`C_7;raO5^l;%?ez;u`FB-U*&<1pA#BK`AJObqL3mHNS3cD=Jq5w7zrAo{9VBjU#h7ch(`&DHfTS63#>7n$t zp@V^87&H99ss(nhoGRIOb5EwJ3tfMHYIu{Nt=VUWutE~Wj4adYdGXf7uHD^U(|Bh> zRp{_6#8D9#(Ui`p}}&&nq#+)_r^e=1h%Ph5AG&{ zDO8?*1wK;t9{{O12e{u-``8sBe(tdk)4!*I&ai>2dH^sWa-L0O7iup63gq}i5aJ-u z7-g%0x@|74n4qiFSR@y4 zDQ1+l>I7@{zb`WT#I04+z8yYVf7?6yEH!gcub$c7J9FST#ac43Ufkk@f9&Wx9q*2B z){8&M>hPJ?U+DI~2J6M=a^@3FQmFRN2G)xe-^}b{a(^2WG!-cw>Kv9mG$Kgq!&v!W zP^Cu_&i#q(lXm1SA2|IC3!PwNhrwbOQQg7FK2-tZ66i#Z)f+!-3n4b$?n;NBYiwaz zF0q2LL}E9oH5B_XsG(K)WoCJ3L`Tm*iIvzJ*ETBpD;4lF2<<#RDBuOgJ;0^J%J zA=qYFc6SftgW+~{;6G*%=%w_KO~h^cX5*?W)kJI6WrkRT9b&3kg0{zP)8k}1`p>v+ zzkd$IZ66?2_v5w~GB%eVM7JxG`uvp6gmbSI#5R%HL41PNCw^0_G2+$E;-5W-0R~Y1 z)gXAew3)_QMX2{H-&D)ZN^}Sndjn$8Xu}}2$p8jN%z}~)rV-XZpX#Iy_}iDtAtG67 zM)K-CxxusQ6nxRUS*wN~>K%pw|L?lVc7BvlKaPgJLhy@(l6ZxOM_EYanQ_MTixIDh zqDIT=+GKB`M-J8S3mGy0qcNWsz}P$2>piVipk>c9JxsVVrH9?}P|~mPo64RP?J|1= zL;J2^5tr;BV)ZW}2+WhNzYBpHEaDP0+Jgx9s>T6qtwK7u!N{xG9x474oxMdC>mX8G z%!jWA=EK@&^uE@r-`n`Wqz*NHoORG-Piwmrt&=EKnOrcN1o)jsRZk6uf#_NwH8{{d zj`yICCoCbT!&OF|V67r}{1x*b!Q=1f?0bGSz6l;*MU3~USWb3`@rEYmY_mPaTPk~j z{fyW;OA;BmY9sImTPi!zuWUdVuua>IykFp9Qdu%eN@XSWxm0$zp216@vfoq0W*}AT zHKFefRQGiQse;7GJryu@KNG~smHAO|_i>IP`?MjSVPUaZ^0Z?;Vvn`QdGRMq>}m75 z!ridodKJ1!6@d5Mgdr`VotI6;E9NY1XJ0q5$4u%`*sXdjvG?7N*Q01hw6#ofnMz8MDAz zAzXPtV`(Y?$!j1n*Oj;+Ln*vxPe2*Y%3t?iR{oWlWfA1chUMDo$$S~C=&uj1=v%*8 z(Z6D?UU{rPkq#{4E1RarW;9H9XRyBR$tu0Uj$LXuTw%MH2dlJTo6iK>JkeVD8^_wO z2lGuN5lcFmDnu7d&oK|Sr)vF6m4Kbj1IG{9Q@Q+531u^wm|-kd)2bc$4dYfOlxiAS z>#o-*FDIzo^!#AWTTKvl9o_;noXJ4KnX$U*>m7#MTJr|(;E~qK_w~V34_O1Pc85zY zg+!iO6w$h}5h&_d-WX3Fkwv8YBt?9b)L;CT6u(@hxQ!qX!QGQ;V&;(!_MQo*BM6MU zbrbQ3Gnm{(k?OGjh8q1o#Gz`9tp4V8^QPI|TKP}8Ib-u77Ju46Py@i9o4vTRr!4Zu zNoH_`MYWgaZpD!mK;Pv)?-)9+=bJ3Lm=SB#?&@r1__4=ckGtugavw?+s^{yVdM1*1 z@|!mKxle=XnZqIeeuBTR9o+LSZgg4MyD;d4Lv<;TJ+X)k3h_Wrk>I5{d@R@#({)ar zNHWrG?+`TSS{*d@&C0$X&#OMh(BI01wW7qY?zP){3O#aH>LGp9duao(98XY`YDgDx7Z8(FBb%l zevE%=cmGsrv%QBrbn1|xVS$Z{Y;YPGkksOD#?wsk@#Ad#)oFMqBO zN1B7)00CJ}_sf{;v58ZJI@B*=CF12(CJ--I$E-;)Yjus)OQ5=mTdVWd?s@jdm}5g7 z9qqHNOGMp;IqG2*D(|Qcti6JPoc+UFMeIbgg} z&VtO6fBShg95XLr7#dWU|BYj2H8R7;JO2FN>0wsG@3MhGD5d-tewWp(y0`g~$M#kC z9hKdtwy(OYSrZ=v&Gv7ED*sT~wg0vzu4YaAlYgh}yeHS{>{Yy|0p1fa`abRWM%{h= zeVM-}eoSNMZQiU8wodrM^>z*s<6K(e3d$P{o9;-Asq)69#ui|H_KIOx(Bst-E0ikt zTrU-`(mQ?@S{9TY-Lnh=rgEJ4{I08hjl z9v@z7op6t`4oB6(D!9l_2%JJhteIGM2RN6;kzWzrw`8YbX=$@o?s)B~ET7-}=WUA4 z9_iedlFOvzA1LcCfqw8Z=b(@JMN4M*9G%zKDw?RiFK0#|=^0_25Vam5Lxc$On*;1j z;Z`}l!B|hCBmpj$`CD)pk%*I=oSCA>XC|1@xiN>j5Opcrz*IT9&`gQ)2wNo}T;#aE zU>#|-2?ZxyAR^+f@Uwi*KspXHp=L7({dk}X+)jq;g@N=~yp0lfmgv1R`{)I^g@=MR2r5yrpsY761Sm3$zdy*)vTq}$C;c1D0 zAtj}s<-Kq!sE4K=Senb!BAQ|O{o({alufuxWy=yCf5I<;!ZHYm9dIMZXYf;IR_Jf% zj*iDG62#vS1~pQ+RQAvA$8;eL@wNblz8g#=fS$sto*22LnFd~oD{5HCOvbK+@EV#C zYswB4`B4#LY8#a>vGmlS5jM$e zS_xk(iXE=V9GQ;zrPW3OClc5H{}Y%^A0RwKl=XLk<8}pb+&ZkeY3t99V7sTBqQT@g zUZJhkn1%Ho7&pRr?~C-N8oSz#)DGZp&%`b-&()(}0H-5^Vj6UB&CLXw4!16HDwy@v z`=;z8h!!KEDygB?l8~DoSw%En%;8*?LJ5NqK;dw!SrI#^tR7{Z8j<0fNr?sVzW=gKCUSA~q`I2AC3QP@>{8shZD8B+^Oa_odeecnD}-dS$>(E_ z`?X!XJ+xo(__kHS)&Z(;9G`ofBvA_mw|a}t-4oY$#KXqpcz4`;AdX@2>R4zBDN5dm zhTPOYlHG~??K=H`cNye;pCr3uk?a2RGVCzhOXIS4k|Ptj4gce1FUnUkKp^H>lTIvon`W;hukzMz`scY$I zEjG0^7aQ6di}f9)Vr^Spv8Jt9EbDkA6w%WL{<^}kNIIPUNvM9;j@^oL+vfT2wZCJh zVqe>1_#2uo)U}b&!tVXq@6~-E`+d3(u8V~B8{41t+-G(7%Y-AjTlJV%<@kc`{xKbq z=upDl8g*m1wOV3V7DVLC;Gh4?;J5nyJBs%>ZFf7x`<%9Wo#G=-$Ip}M4m z@eQwSVdO(M8H~J*AjidQU5i_&h|KhV*iB-5*0FW4wQ)_b{p;sebh_fdY*Y2{|8l(} zkWbD};5fKV#F*8|_fA#>Io>ZS;36)%z*dv~<&KT~DtC_n)?f?|C*RC+Ec#2>j`}a# z{*)2|BN<`@hgi^pZRQT2_a+RI5YE{^Ucd_CPb5;aD7@p~Z05{aBw{W1Bz)zpf7gn|4`mVkSJDewj{J{CKlc&KQg(EUN zbM&0LzPg?2`u)jh9vykN;;tR=1GVj0+@oz_alw^lulhwD`xN(X+poB9+mhnqjsuGO zAA3;qf!&8RAKZOd^P$~`w=5ldWaSav->N)n%<{@*?}d&oe!K11;xTP2ir?v2i9&Mx zxD$%sooTIbSi?m%newrkOd!K$ki@b1>m$BvUmBSsj8P#oRCJCuLD5N=&6IoOdjC4S zJpOeni0d4Vzyio5Qv$fM0rad7axJU zIJ>0I(o6dsw;&%xEPL=W5Gtx^95pnpD=6=P{=xeQK}x9j01pbQ;TE6DycDpg2^8 zB+arrk3?`g*wUTuFluF!TzwV}3A^)wkWfE|D8m~Uc`&5;et#&nA!PV(1Tmlf+4Je2 zz3WAOyhGUyvW`j4nNC*Z8fH5Io58Zhv69V07DT)`MZ}vk)w1mJdP|SR5gu_TaMy#u z-R7L}mOb``kn?;f@>&Sy;c8v`wUau@4fuoOr?}yh+}t{sKrv~aizH;KSp;6RxS@iA z9b(_a>mAE95J4Xs55?EPIO21}m?8WAo%HdYAf`J#l%Z)n;w$#U>ScRcP}qLxDT6L8 ziR!}#HConjgy10EJ70C>$B|e?ZovNiR-&tq}(tDEeld)JW*-*vv7*E z&g~>&nLb8tpnbN!GRtbj^MMl+wr@&!gfKuOVSrCa+eGTd)^^qn_-KX5gUiQ&2IBHA zNThUR%3PQ*+{vv|D7DRN4E0%d+g7*nIkzvk#a_&IIZ63Lz82)Xv0}|WTKv3?s!#r- z3|pDq_II!BE05kJm6F)4a=I?3S#8s(NcncF{4ZDQRsW8vc;qq`E_VS+IR z@7v|ycbtApITikmTM2~^+u54JsAy*^PjH($Jy6gl`N0jX{=UrLqq0?6i5c9IY(avT zH*aX-Nrt24dKc@|RoecccCOOSg_zWNT+)f~if|@Lk~-bq5*`uN!&-)f+a+PM3~g-P zKE&Yw`$%G^R)?})h5Xb=B=>#V?zOBLn5k{bk+QhelYWk`+pxFz)oI&dPu0q;#4M^N zVa-ytyCimWIJ2hrW0Shegnw$ByNq)^>C^z)O4UNh_d+4$q{G!w7k0K#Z<=l?6+2BT zhJ0|ijUI{^UqNofythw?pBwEug8^?iw7m=g>K7PG9L4>%*+gj;x?wGx%YsuiraC2aK_30r;J4_lS6w4bRr z6=7*nfByhqxEia=*=`Heg5jp@G;v=!-fku~bG%OSh6P5?HWcr647vfl#zQa>r^1 z_oi4IV>NCiIvkywo4|+hhe-Lyk%W_lU6fRm!Oeaw)NuIJM_{WinJ97_KP+b=o?^9i zR@YRmvUVx4h(s{Z(1W%WbQfl8P;wose0QX{Nwgl7V1b(ebz1D!BU@sv z_139%H9GyfN>xVA?QHm?O6U0+`-K`}SD&kOUZ_nyQyYG^HuYd_@}b(Wo%&u??90k} zT81cgKO{A_CU5n$wp6ux6nFv!=B<;Ps&(wcT2^SpH07 z_}Rvkw$%FX;kzxV z)>iBD7Pxm`FR3z!le6L1O3s5#_Crmm%@4LXkF=!jZwWupLQQXNN#50BkY8Lo^_NoW zqZ01)k+euTEkafx2R70W5ix#?)G;@-N{a-q=i7dZoZQYV`yuIRgV)pIJvY?eI+XYQ zOq;W{E&Wtm`02LP{cU9rwDG>zwZ^_^p_6sl!x4K%=pp{g;6(clFCoV*)7&z}I$Xg^ zpzSKQjedQTd2@8sN(^ZYasOgV>Hqbuy=7KwdrN=o@RnYVviXG_G|;tcu34!vipert;F znbJF^_^v6vWr}Z`(wnBZ&6Iv)if@?G>!$c?Q+m}DUo)kbP4N{|deIbLGNtED@dZ{lpZw2hfL{yQ+&XbHk;xW zQ@Ym_?=z)en4+EBWM*ASKzs5E(|@_C)5(pd_cHnZ1JnC`Ic_lhm&*A|Oz*|={UXzQ zp&TzT{pZX1^Gxr0`F^hHJx7jboBp%p{F$cr4EcV#={-%3r<(p#ykugdpVbT1?TI{A|Be^JiApnIQ}?^|{6b8>uE_dg@&pVqxk$@eF9 z?-O!-T=)M<&OfGmAC>Qq=w9K{OFpFgAC&VC=-&I~`xf21S&sMV{(I&8FLm!PHcfw{587wYWaSZ?){-0H|hQ><@^=8_j38ZQTJXZ#~iwI1|3dZtRgRyl{=dliKdau)(|wl zZsmIF`4N5G*gqlqV`Cm8{zpcBl;{tQ{R09ZHOwQ#KWyah5&f>Qze6;1ZR7tZ{sAN3 zPxRZy{ua@18gn1<_Zs;dM89tAuMxe+n7fI;%gA>Uy~EhI6aA_&w-JAn~?Ur+SQ#=ef|wZ>dS{MAOjis+Tb{u0qEjJcfn%Zz*}(JvbN5~5!)=JUi~ zY~+iGe$Lnz61~8f^NByt$e$&8uCdP{`Wa)+CjQe#K8xs?#y*4S>BgK!{HaDhh3Lt~ z{uI%Zj5(3`6O8;xqQ@IMRKGuA%(28DW8|ZW9%bw!i5_9h;lv+i+A6RJAEzg*Z5aMa+SUk&)xJDxL@w$qenUta==ylBr|aTg$FB`Zxh}(VsV>32*e`;lP#562md?jL&#wuI(z$r9 zp>uH0_Ol?#)ERhA=s4~%KMIMf!9|r}YYTVj3rGM}$20Wv6w`;Xrl3uQWEymt8PGS2 z_m;Nt>}VJFs2_tQt`m69&|p!|$nvux$qf=DG!*Tk2N0xAxnV_7b^3IArw} z8RuLKZh?%p{&{%Q&To(B4!R?rJLwAC&-X8Yq_e&d&t0^}{UZNjNG{P`@$BnMalg#J z9Fi+^H#}ddufqLm{~AcH)xX2@b^7=l$&LCZJO}z_+`Id?Kys`81D^k=Q@G#e z-ww&2^q=v3hrSc{yZpN$xkulN=lk^ixc|lfDr$PW?yj^n1oU zO#CB8{yxzk82g7rA2sGj#6M=_9~1qFu^%V;Q)7Nc{LhX23!=X?_OFOOVa%_I|BaD< zOZ0cf{yot@81qNspEUBHh(2ZPKNH=eh`=NtP1suvpbIqEMm^2Jm? zZ|pBny~LO=Qh%wDFQa<7v9F-|C1b9n{wgEK0p&HuzLx5B#(bIj>y3N^)fSM{@mEV zp!!Q=entHgM*cO`&|;1MpX%?7`91Z2F!CR%K56VfQGLpoKU2Sl85{Rxx|eB~do$g~ zn0=WK-P!p6neK1w1DGCY%t6c_Y~(|j9%}5vm>zD-5zHTHwY zrso@T0rM9c`EyJ!GWNwxKX1$zn7_oxUu1eI?6GC6^KxUZU==Shp!8OzJXP2H0CB&vDwI9VHI19eJiWjX3SSv#dag#!76qd`z}_o+n9S; z#cQnDbJR@(W!s{TmH&Tm6#}i14Sx%;^_PwMTyWa{n>?K_zvaVk`S4r4_^o~TtsVHS z9r(X*2d)Aczv)*?Pxq_8^|QZ?H_UkJxAx?>_T>M*Jvmcuek(u!|0+M_;XDgyWtbsq zxthJ$pqRscB5hXLtIX2M_f_^P^S{fD5^A8!nuP#*1ET+b_fq_3(7~pl4?VDy8#pSK ziYgqLQJF!8%1&je8bOXyL9WV6)l{{Dd{r0}sNz(SDh*0hc~GY6q-v{rL0#1#sIMBO z8mcBiW7Rb9RI^l4wFsK4RzXYECe>P<8=Rxg3)-sosdlPk&_PuMozw-X^VNkxXQhKK z>f+Qzs%vnGx-{_B<*Cb5x8MqORdA)cCUv#?U2v`XeQ=$+A$7gFDY#MH90cl?RCo1< z;8v9i{-|zG-KPE={7Kyz+@bDH-KFjg?om*xt^S(&i~3vefO;_ayZT4!A@y+ZPxY_h z5%urXqpAl99#g$Y(37Y>B-NX!$4StasQx7AN7O))8emRm1vsNMlmtVF8ctHfh#E

      4}lGGTY#*yF&qMjtdc%mkf)C8iQBEcl0rjTGVQPW6jDp4~?Fr7dLT>$2) z*(CKeQFBND8q{Y=Fqf$LBsGtyg(O%&)FKi*N7VBqwV0?SBzVCvT?H=^wVb4u5%m%Y zRuHv{1S^SJLsF}WT1SGlM6D;m%S3G?sSQMJCc!46wvgZzqPCILR-(3(;8mh_l3)i> zyGd#nQLm9;4^eNB;B}(*kTK zz9;G=N&QH0qA2)@s2()TQv0| zRm*9xjH;Jtu!5>pG_}&4eZ`?ywT=dBsaj7{FH^OV1{)|el?9uq+Co#WP_>N)TdCSk zgI5iIL}~|ByJ@hCs@G_+2ineP>UFC2(O@rCZ_(gQs`k^=+f*H-!2v_r6C9%IJ(_wK zs&Z*?n5qwG@IF;XY3f6&j?v&Fsy?B?$5eevQ^$?&vEVbRzNEnyRGpxyuc-Ql247S4 z9Sy#v>Ia(oo~n~H_>rnpH2BFd5~O~nsuv4-GS!C#y_tHPrTQ|}p9TGx8pwhHObuqK zK}-#0!4L)x++Y|}BUx$$Q=?fhim9PLHHqOwWH6bj zX)Kt^)C`uI&eSXx%w%dd3!Y|b4of}5)Uzy@%hY@p%wuXHOD$k(5euGU>UkC{W@-sb zy};B`7QD#RauzIO>Lr$1!PF`itYm5p3sy6=j-}QzwVnkpGqsTg8=xtUr8Y6Og$1uL zwT%T^ncB`$uQE_T1Us18&4OJ_y~a{|n0kW+uQRoe1$&u#i`}u8UHlfi^=+mOvOgSP zAWcXeV(L8>yvx)P793{k1D1N9siQ3Tkf~!V_=u@bSn6Y@K4rmi2F=OAXH0#`QeQB2 zf(2hO^$iQYX6ieZ`j)95SnxelCt2_#Q>R$!Ck9U#|M| zpdVKQd1?SxgLyEBtD!s?!qsq|8phQ~9*p2>G!I5`HI}Ewa5atxPjK}l55{vfk*6kb z^%M^#aW#bplewD4Q&YK`!Gr10fyslJT+QaGr@5NLgJ-yUmIrgWn$J`7xLU}A1zauS z!E;}$)m*LP!CJ1?^WbH!HuBU4 zt~T>v6IWY!@CsMkcxtO5c@AFXY9|kNaJ8GKc5(F@5B6~N1`l56Y9CMSm#MOH|c$cdqJaw3>4|woCS4Vm9Ay>zE>Lac`;lamTeaeI5Tz$?{ zpKKmT=nyc@4@GVzA@Zfu{PV&@`T%F>p2M6gw;?IL(psGTCUL#W*%*d^3!BG@CKZ87z_Q2Ru% zSE#o{@TO4vMe1##4vOG_Q16J~kWlZ5)Vo3*5y4@hJ`lnCLLC*U4~04=f{%pyL}qh&Bks7D%;72G2?LybKmgwM3>~kZP$6UX*IN43pqk@$K-V%$(&E*^&iWePvv#TWzOgFy3b_Jm-6~AWX=hB-B&W_8+qN=GUq#a{kIaw zc$#6NT8u-h#j+e~*2}G8x7;a?l}C#cE&^8Dh$ z@`B>x@}lC>@{;26^0MMO<+Y3JmDeq9P+q^dQF+7SCgqL2rWbi0Py|Wf2|OSRJYWox zKpS|#9e6+>B!NZnfJ*RyPe=l(-~qGX0lkm}j==+>!2`A-36z5eyn_eiLlPJW4`>Jv zxQHYW5+1M;9#9iW;3qsFDLh~*l0a8@z*%@eTqJ?L@PNYbfX7Gznc)GW;Q_6Y1a89v zg2MxrBWYkAUWoDVLc~Wh#D91p8pI2+A;}Oa;)S>oFGP_fLrjSmB22sxZ;}krCtip} z@j_%uGQ_EPA!@}7F)Yat(c*>p7B57*Btz_r7b0Q25EqjSQ8HeLnejpdO)|vOcpYCapi^hD=$Q2B|~hM7b3O1 z5Vw^KQCwb#>GDE^S2DzVc_I4C3$b9y5EQjg?KhEM7JeFteY1i-@Fh9mkd#HUWk$NLd0A$#Lsyln$8Qc zb;)f8Y3GHwJ1<1xB|}V}7b5h$5U-aE(R*HqR!sO=$W$1lrFo#}OonJkFT_TAAyP6K;wHTiMd^i@%4CSJ^g_I)7osndAr{jMk(pkI z(@aibdNT8-F+G)eGnhY}C1)``lX3>DA0z$NaS{xt{5lnYWRFeb(E| z{7o#mh3QwAw~gto%-hcVS6Ol=(>s{Ao9SK5dyV;fSn>^~UuWJvruQ=ME#|+;lKYu{ zn|TMBKES+pn16^R-(&h+<{e@BF!MfO{`)L>l<5zdcZ}(enD+_uKW52KnLf_E&zb&= zd0#UB3zj^=^jFOLhUu@F_Z{=UWyv3y{+@X!nf{S^rU?#<$QCiiA@|7o6_!}T-VdzS0D+?&t+ zc|5t0>jm6f#PxIBd!GA?d2$KYFK}-u*DrE!Iro?Gl0A z{+N58a($e8pL72+p8S&QFSvJt>#w-?4fnt1$?v%SmU};N{XO?ia{ou3JjL}--0LCq z&)n-J{GKA&N9f+ddtB(g!s{>mej+(g=mEkTEc77Z4Hf0@Wu)Kgz%me{&L!uvqz_l0*< z_#cYoF`+*a-X}tTEWA&Je_SL#7y2{deJS)8!aE`SuSD`2p}!X1cS3(FydQ-By-1!E z`bXiN68b0M^^pG0BH2sop3>_hb#LiCF8#hT*dX)6WNbcUJFZDd>EtLKOnOr3GbJBZW>c!GqBK;R+a;elWN^iN; z%cS>`^jFB_DydgWZ;jNerMFJ{Yh`l1)GteKqtqLuw^{m|WO9qtuSjp3)LW&uUHY%e z0-)E`Oj6X|~}lb=d`Tza2N{h9Q>l>Qeoc|z*1r1y=~UrX;h z>3=JeKS=$(^iE3sqx4Qm|0kL3Vd@pVerfRWZP7 zI@qchWHlOURSdBj4Yw+WSxrV-6(g)hqpgZjR->_2#Tcu}IIH3btI?BI#dxdHM5|(g z)#NFwVv^Npid8Y$YBbHNm};GeLylP41Azn>0XZ%lz@#`28}dS2i$mTxTUY}J?Qtgk za_}G*Utvcss0~d=-6Az=K*gHX1Zs+!CqTjBg3SutKRH&~hrePK6lYGmP#1I{8AdUv zQO5*Yh`YcnS&FMx`&hfWxVlH0meh&YK9^c~@T#aZyw@P${lX#Qy11_;b?s&~0mk7t zc(~D!t>oa6*x3W8nptVB1Im#SdKXq&yWw1Yq=d#vCmca6g_5mW2&gV-EW1bOau(sZ zegNNX{Qvw{8oDho_k{VXCayYAAjY_)3<}jG6mc`?k>gM$$M6*S61)uIH)q`qPsbGU zt(XilFg{#H=7>D1X*>HGyCc1vo2RPFJ*P6I2{1dAklS$zz7Ea<--YKtR9+#OoJsiI z9Os5FCd(LT=D`86h9o;g_#hgYB8y!76^_x00Tn^is1$KXCe4nzAioOp@oFr3JEQ}$ zFeKMK7i_EqC(rYEK6?wqO#jn^&HwZ5{{Q**^Z)s_kM+MIKJI_MefEF8UGqQRzV<)g z;tcrhI0EkBa&UdeDjyEh`^qAGgFtzNju8+R7_(ueSwilM47Pz%qppM|TAl?;yjV8S z)KRyv{^g=fG`24nEk%iFA)bnZ;{lLfK-%kq(a~pxYtQ#w~U^YtFy} z9v?t+2GiIe+ITRf&TjN7$&TtwVMjH+{GE<9bd<4xIO=BQk8b_ffNkGXGR6H4W z6}KPZ1BnGT%YiuGZ*zA%DNPrtfi_r%Q7RkaSpS231!K2D-QBso0WP04GG)tUBf(0V z&M>Ho0AT?#i$f7(%q~G>LYtl8#9}4U`^?Gvy+(5Z^wQD$8-qcef5an8-R2=lw;}4r zS#?>2{5`vjqn5fj7)>1uwAM6=1VRM~1(z*alK*tNgG9Y1hJww{PU?oBmW$|I2vC>>4=6EMgMc7UG%Y$IQS&n#MGxR@$Q6+p8R zk}9-^V#{X0#zSlrPQFeebD#zX=h-96E6puY=uZL78i9Y^J|$>vqgTMkNl=sy96pYA z+c$z^5=D&`fo#_1nekYa?)KK8@jM6IiQrW*e?e<{H@zyI=Zfthyc9kzBxBhE=mg;) zq#PM50&{`|UIJ2N)XkOVxizB+5X09@(Rgos0%r|ZV^ z5-e`>dYK{ZpvgMWKINnEmw|hs5xo?pz(xb@0@jGA{Dse*pipciF*@fura#4dOqAqJFI;D$6 z&va?%0GcdxQIW{yU^;~M@;JkLQw*M`k@=!11I=xwl@Bt2vm4w**x-WF9#IZk*rlQ< zA8u<|wSVC@&$!(vit6Ki1FQKj-q$nlcZ#Csc;CWm_lx(<%=@=QQ9HbEZ*}>_`}53u zj_F!mbgiw?>y!W}Q68G+`PZ)V;Wq4o^XMaV zjxgO&DJZHb_ERbTM`NPEl}-tJ%dDx4ny17}M(41cXBeH&vgfguh6v<8zX1W%P67rf z5C=7(waE+&O`3elY9D8Kio6a&Q$weKjw(|57UVYbLUJ3(LOJ+5Drs!;_}yt58|a$e zz$Y7B)1Nt^F^f&+=S8548hV9q1LM#fW*1r?a!{^sqOAf!Ou`4hjwa5@hnP_tf#Hls@E*c91o8l^`=Hk+p5{bLZ^w21J1JTew+pfY4u0S^w% zv%%EmvN%mJP{rhCWu7ZLh>8SPjq^+agzniGQt6;efj%YZ!*FrsWJBSYp=8UA*I+Kl z{AD9hb3=b=+;$R;(LR`lYa&lKQWKy6hFvSaFbex}j7EbZ==uU_KJ=bu(MgD?drSN7 ztd?{XC4MB4_C@qwFwG^5ei9Ss zE751(l5XjmB0d+8Hqfk$cSaf4Yv?))6T1@Ex4&+#3@dVy)X2|0SVN4=kD-Dds&Q_u${EV_@Pi`1nzcw~ zH$z4=$DEd z7$L)n97Y=8NLAX8+u*RS;o{0=7aN8#s60R*6-hhNu?DqbX5M6Fp@T@f?t=WnpHqNt z5)zOrlLF*Y#m5BfXqlZFL^w26-%uYlk7OGrrz9#E$;Kd`i(CtoQ;?L!S!R{0n*jet zML2;7yT+#2Q&@pXi<#7!@`AZSq$|A`MO~9Fh*d?yPT7&$q4^!P?Q{-=g{3ZBLsEk` zH?(?V30R3TBm40e6@;ql`D~I!6B9`OL{juL;XFQ#xC_9Y96`;>G<;~2&{nrblblbA z;L^n_LmKuJ|E!YpHqCsCyZj9NUL5U?i=Jo}A-hQADQGxKfc__+W`-dY<~dI0GbH~d z6utQ4j@#EM?(dvE+lhgs8B~qEoqIT00CmU6o@c3>6|-VF5}iuAK+$lV*M%;wWI^13 zmJUgW#!hhaQ#)FbkVe5#9%jXC7~>ek)JG`>vmnWbii8~7wTkUo#Jblt4YD+}cmM&c zO6wJS?2u71HV3-KiX(}@$#{Q&_46*d}OWt57CcAp`bkjss}Pl z(VJo->4+HqSI4N2qK;F3I~vghn!~811s22T3ym*SD?y=m_Fy7RF}e^z z29YU>Ox<`80MQMDK~Duc%|V)*AGk?|;q$X&D&3RSJXXei;uAQG8|R6v;|$ObXn zKvM(l!ZtJxqxH7(Fte5xM+Hh$T#O3wC@u$A99NA_^&^QE$ms*nV}qQ_>lQU>zH@6Yb4>A5Q$|l0!J7@`uc~oLjaIU?K3Fz25j}@_EHa04DMKQ_;Wg70+}=-Z{O{law8Ic=ERB%)B%=qhrc*wPS_SgFXb}oA zGO-oLEauaa#QdoJW86MU?R-(@)DyfOZ?TNp18KZiW;@fWUP5gxSwZub)4XN$iW2(+ zYPX9c-m=)&u;JHBVC9UK6>u(?LN`Gjc3U6>p8%(NZW`x19$PcDyir z%1-2AMs_aBPzJM|#tA9lMi|w}H<@%>}GkW=jyie0mNllGv_nB!W zHu<4wjJ*KE>qG}<5OLoJt1eVLz_PF~Gq)8A^C042+T>j4 zCQp~%7I0DzPCESJ%{_S27;l2`%?;JQ=~nrs+b_PkyYkIT>40vm_EF9+9A8uE_}X8* z`R|cxgKtc9FABf8sha;)Z_<(awKr3L8L6s(juQCW6#n)!4<>-2CRfwdx;^O99=3f5 z!JM6T_6RIvs#``@S%#6wX5JRnAI$Qo{}g=d)$2d23C(i$36eMt4LK|dT}bSG=--nC z@`!nYj-kpH00Ysm1z?b)39vsP*@r>TX_^3*H`|a!nkInROQ12Ci`mSy15BQX+dUoo z3yd(b&z<;mza{n&Vy`FA2>&K=-f-=H3Hxzj?;)l+U}rT4>~mtjN7!+a zD2{F>67ee((;1(|KpqzrpPDyNi&`i)llTS;L#ooig~Up zv6q0No!C&#Jdn7f`041O85qu69H%xys(SCd)^u(-nbO5<+5R|(rrYJnE@7$%%x3{Gdqjn!iQ25}FamA|7ITSvr9!mmPF z`~Av4(u24I&idkUe$C-((dt1G$ExD>r;K~663gz0Uk^3UIf%!LzmnEw?y|Gex`eeD zRn608&ho0iT*KN-s^;Z+&cZ4$=Me{rWGep^tfOV* zAf}XTt@QM!YWa1c`|4SqZeeYnuIA~5&a5g=rxOPn?W;VUNkkEUIOBT6_4Qxz_HuXc zS>C?J+B{dy+smDaRo;##&XhCWP9WgVNg`-FMFl z;~;CXqFNZgcScr)F^o84&xA38h*qXF)t*V%EK&jvG}^2nLxP-|IM>fv&956fkX>pMVL95Wq>0 zTH2>5wtgC8A$$>uA0+k&Vqc$ezdeN5*Ja#ijQSZ!9JJ-JUTq_h4&gxVoNypFjzFCg zb6W5`&@Q)xqPYy$j)U+S+kX;cIisB|8>6_^7{!%k+Qg1$CrTvCX@ybTAQFp4S*!vb zJ%(&n{g~wVAeI|#fq`JXObp+w)+(CIR7IAZoe_r%g+X10t#Whkfs4kWi)-_u&@5bm zHNNZ&xX6~`A4#kHdOtX4&?tunIUqLy^vqE>GH-KSm5AcdkJ3g&E9T#;|r z%E^VZVi||C;@qN~(kPZYD+=twjGB;_$_&U$b4#u{{rP3((K1$EQDhfq=sKDzM#_9gAX4(vQa?k+o2+ zWtMBUVYw!YCP_E!*|nn36NKX#Z$T?0nL=xXcQx58Y@Fwq!i0?r$Hhscn&Esm!%09^ zim3v}#(S2_o%Sv|J zfD4dnQ+tg-ZQ3OGW&r}|ej=;C;Qd7V1z18lJ?~v8!Tk;Od%2@T{1g_`E7v>B{B56U zZhBX)dHk85By=>iBxCx21yqCNVp}iA)NV6P>w}eu^fWC4dr_#5EDuW-t`+c_$i}W% zoJn8`SBlEbnNd{3-S(_PJmkim`X+DKNGntzHIRiyi^&Z1_rI1o*{3t7+%0e}bZ@p^ zAod;jYi_n)Bz6<0*liq{Z*u8SRW2PAWCeFunOyo%)I1{G!=mdEk$w0~9vu~#lcB%8 z))Y}w@&)3;1z7t!ojdzv!8Unj){99ONV!a>m%A0T<#~3ORWd#|UhRVqWC28{d&=gg zKge2XJ`nawtglDMikK)lGf@sR`g60MmPIb1L(F73i*%vCLo<$y4RaprRewd!UxgX+ z3_@>><|oV}HW%v9WKDQw{)HV_82(@XLUz@^fJK#p*oCxnydd)hl5t0NJla_lWWPwV zn#6KQ)MLQS2U5+2CdCvNZsn+&CsAMGl&qFnishpEV-L4= zri;B{zEra3V0Sa3H`+IaJD-~Yo=Gp=7JSad1gl!z8f_IU;qD8(Y$-oeBpPGQ#6by4 z42eR+!bw;B=(b!V*=pIgq5Xp--(wFO%dOu?@;V9(H%m=?sStI^B(yxvlhC3{cF6o+ zjTSN>!x1(<%b@WslI)RL*yu?|ISca4-IDBu_hxKYxxU2UbfPJWOYwkua67%5+)DpK?!o3#GZcP|q1(p(9L3hf zqtMmc4f_VTrRe>n2n){$ryd%g*-#m9KJ_tV%)`vMHqBx+WENvQfvYu|CM*_98z$Bm zv0de1#kK%BSYZ_;+;~}HI+n6Ah;E5Z{I*aMOR{sbNR2GYb7fwlW=^eqj35%YTGw>* zB*qG8!Sj$kq(MF@z6yhaECiWZL<&owbzGrcY*5|}9X_W2B(sdvL9bc2W`kUG-w9l; z>$>$MI%)@|@uQ$VX#^LIGhJ!g$o!qo%6dB-vePLF@4ZQA+_S?$OWDLJLu>eV)PT~k zD|s+nfyoV5oeIMivk}(VySY!Bm5@waD=C`H605!4!72nsCKFdnTy^XMry;^_i@Fkp zZ>FA@&ZrRfn7f3)5th;HBI^!RNt?8SxD75FmvA3|mt|;FGg^=b`1S18uvJO8C6Pr~ zre_0C#tZsO0VtQCm=qt$ zuE(TZ%1bgol8NvuvtMj~DiyUB$Zm_I!nzK|hrq~Cw1MTgN-wknd@;bXk4b!G@3zEs z=(UNRfJ!_rc?)Pis)vT4^e3xY_wk+8V5E$XkR_vKwdvL<*|@t{TtYQdS^sLuXvT%rvDhI?ykoNMEI+5&b$ZD7&!VhX^`Qj*vIPEv?DtK!h0#v` z2bI|tdPd)YCi}{46FHO&v%}51!FK6o>~foyT~U0KO~_C7^*x;OqL>rKzEa%WUzK^Y zq&-9?9+wzQnAzxfGx+OkCYN7IXsw8mD}g2}qa83vfuhbl2)dvF01p$qh1^ak1-)65+dD+t&I$Kx`R-@fqQ1y=D509q6Re^$GFy`7}sG1!}6{}C>i z5Tnbwkgg=HJD%H%oCBwYNpu`fkq+%E)={WXJD*(;Js$~f$lJ1S>T>`Hn$R+I1l>^Z zpc|P;Wjl#x*|cQ=D{O(w#zhN2pxn8rc4@q%w6vn6Lumn~otd~= z;wmdCC=WwMzXR+{IV;O7PrxjM-7dSjPUqSs^;*`=smJRU)w`!IZD2fai(aTTE*qDq zA8*vTVVx%N#$`*|@0J8I!IDT3p}!R`h%}iYIW;0HtiP77((K$OWWc z1Yiv3CbzYdjV`Dzx};`ksXM|HZo(;tXO~eh^=SU9cGzO4ckMRX*!d@n+ls9)8im3Q?t)oR>|!Qszz3q429EiVmA&7RK(vvW zGByB1*TOzj^rp>DTI@&c4TAPsOp|1)w9UKx@Lh}W-FbG#ESt=}K?n!iBvtO>ZE71ahJty@37&dkyXQeWD?~2o-S%kRucmwR?mz&Vww*LD5-0xPYj`V4@0mWlZp!~V^HqiYK=r){V$Hw(J?_J!||Tu z+yb*INgAGXfoJvI+Y#dF@!G{ON}SZIdu|>1dmzw8tQF46(-jr(a2@A!7Om_Xg|EYTu;8sg2}Y&ZY3T zA(A|)`ln`|SBBSlznZYKVqE3)zxb37pGusY4b%YtMihzpKl0UlRugR-!=%*4(gOkZ zApKlsG6rdS#0AuQLiI@3z~r^i!3IyEb3HyPs{B7q&CLr-lz^uc6JiUcF1<8#ro@^O zC!E@dqxmcUvpkGPUw%5rv*F+zc!-Ts6#evnZ$9V<{CU+sVC)xT#%*HM-pzNecJB*4 zPFJB!RG*qiMRDX)ryb3e>?14dh=n~HN;X+pSdz51SmIlmHGnkkW6Qnfh&FvwvV%Cw zQ8dgJK(p^T-PGE>Y1`#CTW0G5dkT>1*;{~{CvQvs7F?4J(y45c;jT^Su2YtM(8lyT zlak43#Vva7LECx765A}1Yae7}j4RH3(lY$yyos^A#mt&Tu#nC6(ZpWLKBv*o%pDBD z><210xN(}d9yhWn+Vv@$O|r9gM(rIyF4!BRWV&n5amD+tI10sg&Y)P`p)nOh_`Lx( z3TNSLjZ5CI`f!$Q&$Kh|6sKH3C3?HjGqFi0wEf^1R(tZv$I&d{VfiAP&9$@4eEMjV zyjkT5GBI<1l>8X23Zb1i;o^*o^Rt~xvnP;(i3AH81F_IzrYq&x~ zp~Ln&bOSyq3^Qr2^UJ?wQ8bs5WoF%CQ8fNsG#!(|%9xyR@TxK<>>GzHh@Kt#cL+Vx zcg8rmCPYBp3LG}Y$zB_+HUn86?XZZQSu4p2@gTD7Ps%K7L9$;;v=MbG)gddHPatL zpD?NaBxZjcI}?rF4te5q%3pIh&1>MiUp*3^r~kvP=G*nr_{&u}w>c^{MeFy$?!TM) zvdf?V({&cwx=V)GzsR$Wh4yz2`PR8G4D~4@p+x{_`P=A-_QT~U;d^w^i$o1>&r^<*??P5PPKel}{) ztxSc`bn%H?bJxR>fkoore~6m{l#kPnvFQm;I~hUE)AD)32oW1rySY zm_5B(NDHwjK)$uBLVDf;^_cUKt5#4e(JZ&KcRIo<0N`hG z^=Qt)mbu;ALAa-E`zQN!#Xn+`!}hOc(`KjkdPM#g+4QQ3{7W%=MYYIdeZ{nkRgvFl zsez0Ph}DuEE4!=Qa2*#Dn_e;UZS;z;aO9%PieY8k{w7MspY9mj$t9L}S2k-`kYG3} zA!(g=EcZb5TJeU{;hSHn6}dw)5V4a9`^RdvVy8vMpuC~W!^-z=)QZdxt!R^iO7LpOU?Zg^ed}OhM7M5hv zXy_7$eFtyIYUfJRKXZGPLl&Ry#Uh8iUd@Z`ws;YRSS`mtZ%;>~x{a1v;1@js(Nv5x7ZvfEW<-h9I5hf z=%EaF=Un=V5$-j&zUI_gExi6CEWg9m$1GWuV}WWhgUx(+7fd6V#;{~%)S%bGD$@_< zWAj}{2%y7QhbvR&O)oP)FUP@!V`;DRaa^aK3DK-~)eXPFo|O4GpPmPECm~(KRV*WT zHT`iuPCVi)-{qBIY@_hsEOZ$s03J4|e3Nf>%gX5P>OKrK2{-OcsC%lvdG{A?kFo#e zwvTap7v3V#mz)lI7$t>aMy(^j;ob}<&=h5xluRbHYw0*r z_9xn<{DIo#*fy$DOdqY^zR`URFQMl*x~Fj&jub+P(EyTc-{Rip2MPUMi+ft$Krd`{ zTk8(z-gQm~9Bw(cHE=BL+IPIS!zYAZ((#X-I$Uti`5O)D_<}-|urBQ{o=q;ghw6(T zxWoj|wG6&p*1p?pa>Y>NsGD(gb^G5vL#|B$4gU_I7yj;n>x|3a8<#h>zZvY8ZE@2_qOwH5#3)Te}3$?hsfQ3e&n|Mpk@91Ki_qSN#&hb z(j@dB_cgesV|S$e{@eay(crJ=A+~>S|Bw3~I`5WF-E(fat^2j~!hZ}R`FY(@I}Dm; z)FY9|)z~Apx!Gf~n83zmV+)6UfHG&%+Bj-TGDU`!9j@nPv20CkxXI3CdAz1o%Lx|| z+hFmq6Sqr9aTdL}#3>hLi8>;^yomj%^XhhQP`7@fQP+m7QC35{QC>sR#BMB%s~UB4 z>NmySRFbsl+MKn>YHqj4%n)U=m1rs3gdw(OZQ8f4d+wFzuye!Ru5(EHuI*U+a6haa zInUv&0RCK1AIE8MdbLwb*X`MQ4^-vlM z3A>u!Q0Mx@O_gZ~*v*|ljas*R{FXM|*)4_X@Bc{tkVV-a$?f>^PYv&`V^+uryCeJl z&i8fr>j?4}=Wk&&A7Fp$$nA&7gK+#%-G5aE@K37;*2;{7mOTmUMcShiCZrGP+MBRG zsKcG1NUc8^N%|2wkc9pWAZ#FkPdK4E7|;qfgw!30${R*^7>SJ~b;pqSSkh(;VPi?* z7$U}!`VZJxinYs}C(#(xGO>GtSWgi#iSQ|DPbU)q?>ka^Dk0NIm#KtJL;dMIoz$L1 zMpUi>KTX(dQo-%Hgv>GF&LyqpS4DjRVGGUY&k?eST!``YA`|t+q;v^EB{R`(^&(+Q zO|(}KvfO;Wf^=C$+>mP3T}_;Iq|REBvmUTkcLQm-nG|j!fEKpgMA&A4p>5KP*V;kWQ_*q&9AIX$+k~-)w0Z+!$M%xkw@BwVNr(Mp zTxE0)5O&Z+2hH3&#_78xd4x0svic|*^su13PqIEC7k^C1r{vD#=HOHKCw)eMipFC%_pUtBsi>PU8QPLOCtR=u%L|>$2 zIgWm@@zgGBxTea}l~~K5bzi3TdfN77%GR6sZJ=Z$?XrQgjV6AZXzeYh-T0!C;aYvO1?ASy=lHXMQi^=V?9{nXG(gp%4*!3u|5pdxGy7*v#xy^dz_&z zKriY*Hl7S%S%X^Z-+iIYY5(!XY0%g?v+(in@Q90N-9(TfQ0NITPWu%FO6`ukYNDBic`H?f_R&nJ;S ziA%$CE%VZcSPsL$0mADz+P-}BbtSkc7VAprVT!YGdCh5EN>;_qxdLo}c-@BEU_W(yPMjf=FqR zd#TgZy~=88UnS0E09YA}(>>VYyruH0Ji%W?A4U+5gcm3(LSOh*tf{<8TmWoh4|3UK zxe;B1UTAnNYVjn=zynP*yB!!r2UqP%vvsA}xYDdsX`cTd_Ij0eCs`8V9Z(axV}~5 zI0wqmXmhH{f#j?$nl`GRpRf}+?=S3_9ZwYE*k}>3UL?*la9$FgfVHF?H7tt)Vw79? zaScE(ux}ra*O&mF6ym@=qEsZ#!D(hQfoX<52whSE{+ce>tHvR@n{Zt~?#BUHWLy){ z8JN_|=oo^2xjDHW&OGWwBF|G^j#J4Gqe`ET;qt8}uDs2z9A5j^uh4l{1JHoQkMEZ#{@fPDp`Sa{D2@6$10hN$Td>^0|Yup>srqiZvq zMacS)*q;)5oVd7WVe9k%A?!T>?5N8A|2b#QlsoOtZF|f1UbES>-Bi*^LV6-0Adt{Q z52%1j2_+%a(3@!JO(CHpsEITYY0^c6fDI7^vGFS9|2cCvif{S-33F$5`keBdr+lC9 zskD)SF2@9!aMziw9?Gppq}USvjncb`?`{|+iQDI;?3>$4n6$@gx7u7lSyl&U&+DWOYMX55#@GoPGT!{OmBrCx(u;=gUR#c(%+J*ODMV*@ zuTvnwINLuT%z-Z3t2I&|XxoQEjRDsVN5suib(+V4ejjP~YKUmPI>79LC*=&{y{jp1 zC>YGqIF-sILwa@#pVVYEd25#gw7fmIT>WMO;2PWIg(uIKq;x5hg=jRiwuH%~e zToz1$Rf2X*q>9;6Na~|+Mm!La^tc#_9E5m7^sBXqytc-@N_+NyXpQlv{8LjF=og0x8|ALvrj=m52_mVkTgv z&x(_>q&5W*wU|zp$}&}67QBLdN*uO`oN3dt4i8h&Y8MI~_!DgHys-`s@S2&99=7!9 zHJ*2!?OjV&^>0K6cbt+{ng4dj+T@NsGo+Zl^PqAx)es^Y3s66@Mm{0>r}Ic_z#JL2 zB%d}*gHy%)I);Y-d?c{gL2sN-uO80>7w^31zdxb+z{xyt`Obs?+XJUD)RJVI+9P{` z2;R2M%N=iwIkvRBwbxAgTFN$S;6BoYyqC4ST1LEZ^3g@U=sB^-OblNo?Gxck4a4UG$;6d|dm4^qz;b!{mP+n#`ed z1wYT}D{zDCuAAI;ftY(-SYOfk$rI#kf7fUNye?N@1PF*TZj)&7;gy&Q7f#qi(WDzI)d)fN=s_3J#yFhOFe_!eEzwxL)orW9>Y-Io$221j8G$Zh?orGH`2nKcW6(HyydQwWM{iSTb(0=33%jUxuErES*zLc^VuF`c|FX zDxtiQxW^J&uE~lpjK#h(pLl?#V3Oj?#(ny_i%ogSe_Y4AE?PCl&~vGBBkAeO^jj^j z-l~(gs;}Nk(?qV_{pfkd^JXgwfJceWsh;~qF++dBXwI$ZeGQ5if8%p^)Z_2!Q^p$V zTf%sk{UsFiMvKzaPdX5MG*@>b)YGy6`;MksIeZh0g&*-Cq&TMz7uC_#q8dGXYEoE` zk8EIe@}0NTy7J{hkM+4zY78|~D&)5-zHVHm#>wb?ss1RfH>LY42#zLM1^ouL1l0}b z)-V=B*4VChw!ywcjr{A{s}z+Qt-U}TE!L)wMyH*Y3>U6A&bUeS$^2&$tH^s_x_?1~ zu`mUc?AE^GWe}^3CgYjSHq}cGBD6sNzVx=_t{31zNd_X~Q4qpS8-D0{5H+gN^juS& zYg(U3_cXItF0vTH7NA>=)EjN;LEiFn7d%jX&Aaq#Mo0HlUlZ@Tpo|_?qlo;N)>S4` z1iRRZ$*|VUu-4^tSBn8>c1d>8*C>iTRNmapuC+MS&6^j+`N^X!tdit*kMpSK^!wdv zDzeJ2G~I6vzu$}cCA=lG7Izu1T4h`Vj6znYZi|Cvvf78DT)karo-)#uLu(h~4$)S> zYeE~BJ|sLta8+ff`bwkFKX?20DBi2~k|}FGpDquBn$x0P4m4DL#;I(ZyiV znLII^kVlsmQzsrgv_Xu2R!mrAbo8ShLNMZmM-){^fVD%8K4zqhGj-6rn0#T+i5Znm z_K!LR9>lpS2a?iC!KR}HL?g=bEJSw-UrmNLit(#=QHBlTYtSK0XS+#uAfG9_!)T6B zx18j*YEQ~SxmcFc+=b^8MftgqXJKkgW;3rg;$M^pYYH0F#ws_|7Pz5sf>kz)(8vx% zSu>x48sJy-5ius)u2j5ogj`{vR_lh#RahW~u~grQeFJvBH&K0?qeY+WsoG0Z)tBh+?C-|fqIsRG#aVfseTDqY66@^u zf@IZ_{610Lccb`>3$jm$%7XHR>B`*lTRg~|AZzUoX$2jr)=T9ArW*Gg((GbHaXlWM zm~u2_#Was|&J(2T*BlccJK=CLZI$J^N4SSuN7Ni2o-i^whU#gOh<~_wgn78{nC>3G z7Y-S#Z;3QH!EXvL`L%Wkx5;e`m4&h7iV!?(EWMx;&2rE-i*8LU%Z->&XlCxQ?tHs9 zJRzIhJ)9pdn0n04Bdt7j#OI%SjCrg(yPY={Gjg-zT~C+*SEJpIHClppbvgt|Lkvc( z3&9J!ePu|_NL*tB8`}QR1toHr13rw#XIHPyJSPuDMI0=$5}OI zZIMFPrr8=?QuAnN4dQ-`4{^6*_yaU7zzZLZ5-IuQ< zcdtNeGNBiWK^)gJOj>M*Y9#wi7FX+m)@4O*XodDvs~)R0 zv`6r_$>LgEEG_sLa%2FVkop_!H&2~tvJPCu1~A^*SJY*U61pJVa#D% z_sk(}Y?QIgGireBJ59y(wnGqZhs?hzCmY!xyT;YX?ulC8g_;H$!c00FD1^Gou;ANa zAhZ~{EfiQwkq2S>4#o&Nd92PAUJ;LAC3XN?)VR|Qg0a-M_I2I(AnRajpE=II|MvKr zKJ(vy!_u@SpUNKqdz6+DMRB~mM=KI@!~|+=EJ7h6;C)i4zY3yFcMJ89<~-u`4%H-2 zcN070dUA!ZL%x>$VvVp}NPc^g-&^R*p8H!PG^g9iWO&SO0LR<@uf0*O4X>&ZeZkX0kJFH$_AM~ zhw(**PN2ENv_!bts*17+@}~kb|8P0cI>Bz($wYTELhfuy>m!_%MH}3e_UMY~2#W2g zZ=2gvVtcA~TPkm4_t-zX-#Mo7sD;Z$s_%;I_e9Rl)0jerdaPPKT6#(~gxI0j_NEib zGCedF*!tzdz?hQfjv+xLyVW`V2Q>whA16=A`WUQ)AwnLYG5Kx zEXS~SHI_tjyv8#lXd^XV4{k>+?l$br!nlut01_-&8#HE;l9ObBC1b!SRFqC#Uiy1Z z)lGZJ(Bc8(IWDN6wT(24UJ}4q>Eqai-jcOwc&~A>*^1FGOFGr3sabQKY8~k-)z=*0 zu6mRQdTDAV*Rg6SxnW*hnY{F#i?fD3qRZ(_b%mY1#$TxE@>iTMTT&epo>=jRdF1w` zD#%}+jkVpOohR*PjbZ~u8n;u3eJ#DFIgQ#KQeu}2s94RI)(~%AFW;J>__nKz*Ca>#jaw zRktyK7Wf2JvP8z!jvB4hfO|oD%+}K?+{dn6U1y$3*9(}OE?wa^DAks>1epA zRx)O4Uog&zL`B#lnbOc87(kp`7b{`bxR4IP&EjpsoTW_Vp7uhnaqE9U%F`ko4iQFxikKq;d29}MiGv1&TJAQxO zOVw5@afEhr@ex#FJ1w%k>OjM&i?%}qxeZ=)cVz$Jg)qKIbY3is4@Ai&r~c6SXoup^ z@UW$By=>dNA6b$kJI2clyKyF?{OyP0(}C)>oF+Z&${9?Qz=FMx+{0R-d;Lh{QwVpd z;MUr)bETOG&feq~?P;mu-k}T~BXgWa5>RVotr_6qKt40D_sgL?5(OcOzY5gxl4|ih zD0q5I!Df*)1-ADW^L5#*mNS57;OWFuJ+Jx z3s@HA2;KKfG}_Oo3k;pp#VOs!E~shCTHrFV0PIArN@)s4GDO2+SsqczS&~`9YSUe$ zX6dG@8I++l)wb4`HtDzADvUL)xUFp3KvL2)s9_RlNjq-i9z7gL#N}Mor-elxS&5yZ z%lr&RDF!Y-xfQgI$8~ZmeVY`1W&HVeuv6|tNM4<&rf0sVJikV#Pd+LQV1ZjrJ4fLg z4yJmBDlrkQ)BGntb zW{!BtbY3=VUNVEH%;`TiyDk#J^*afW=hAQswAB)8z4Wn^A<7S^Urml&!wd6Hz+eQA zo5`|RIBKPtrhCySOZY?_I8GS}``i(Z0cX# zo@w9%@hAfnoZ0`B#wEn(ZJdO&ATEe~pIBQOyF3Ly`g|zAhU@d5p8? zXwK2A^-sGF89ipwT{RcD$D;tU`Hhh!2Hc#Sm4X$`7SmmN9Q4DxnSdp0>=orgdDv(D zfd&Shsml+6zfzJxg1@H)osm*Zn^`FN2<{l~3OQQbs+-%uRGwL8xl%to9@%0jNWWjy z563U=k*MWnU?_!lvr;2&BfAp3q-B9+yFubzGi}Rv8CDsBv1u?UaK<5g8ZQtzD>JgW z`t^?s;*)K-mS|aD$C^D_ze~m}K%lRgI1WW36rda*tyN{a(SoWqTD?ETo@Uv1m0bOR zrZzuM|7_Ji2d{!f`A@cSo!O+U4~6@_u(r^hdhZc|8Dn8ZGV@*0jiQzFAU+sDrZ*|j zWOx!jAqdKu?QnjPMKFGXInj@(C|mxXa8vtxB2X&WpQu3{q0@{Rn7Kk@!L^#2hb7Z^ z+Rj{bhS>}pGg-#dri!eum(`wphD57chiDX62(?_+Srv=`uB}&x%7f%H5EcmS*V3sv zkm{Jz>~8B)K{q;pl$MvYJR3NiD(GQJjVu})iFLZTA}x@h;l;A!G8vF9>fl+4tyFrr zVeLwvomOpA$Q!X5w>C%SGGgqZJK}imwMgI3xC7g}sN<>JG6i9Z=3WH}Xc5!elrWV> zO0%>?(;kvYpKs|9RsYnIp^k8mah{jP%e)MVyO?uo0%i(a5*t@_)j1S({g z8f*Ry1IW@*%__FpGOobt*P`|`m5AE@O`_gVux;0+ZZ(aqR;!Y=*0MZQ0LvZqce8Gt zO2xs*(ln3f`-otx(7_h$V|@8@X7O3G@gtM8<3b8Stwim36Pp!0tzDiPMqwuJ)K}jW ziC}66S)+VdyN77QJ=&}NlvKSYr<9Ni58=;fr?VcZ>dXRCVGkmbMOyNk)uG{g)uCZ^ z^43+GriICy4Ta`%9g{rZ-|g^1tIe8JQ1y1!bwUO>1x6v?Tw_JVM(J=2oN=HUsJTq7 ziTL$OQFlHwtjXZ|Nz|4WIZ3XQG`vJoh0L|Mw^^i3FW>3UQ zBrOv;M%ru*sQe;Bm7Om&7E2qW+&@EkTD146QI>w2l{%1E?}Y-tNzsOQb8L4@Rk3{3 zr1|g9La7{02q|q%bw|hp@tgRZ(V?E9U@)vTSN`7AFtzuAcn0B3=qdBQu05=jdmIWi z;QNS!Sws?ww$|l56hVd}Mvns9WnBHu0-p46xKi-KCsk3xr+KQ7hstg%s@BGz^*3Jw zUq`}KvqW>%s3}3k4+GD4nR>$tzUpV$E(Y`cHr7o+6UW+pFPP}-IeGlnV2R&oyzbz; zQQ60AF)v<_dfrBLxzqL@wB4WBjgQ*aBN%I*Wlngf-F}zt-DyvJz!u+Sf28*xc%fMCpYODu=j8p4-I&}H zk*#g&I&qk6Mf(WFK9s>R@)?s)$9Cw@2#ZnjWP%W~#a|YUmiznjwVdxzn>jp%p*j{R z5#sOC-P3~B_DfEdzl!8Owy|ykI@0Keh%@vTcqz*L&JFUxYGN+SUtpC_A3Fy@kVL_L(N~p&98mJYWwolF12-eN#j` zppDhl;p{Zp*S)$82TWk0$L%FY5-J$87|-v|gz+j9)Rg&f{J9L#p4DjP1;I&e-ZRSu z9o8`Rqy1n%;pgN)3vSCVid~HFrL>x{dpo(lyXv~a*%>WJ_6b3lbni}5=u>kZpeI^)U_pAB@Rs(L8 zhnUS!T6467=lK(%YB5S1jB`Dts7i)?+qeQO3VQ4;g|ZOA0e+pQKYc6SgDpaA71`vs zZi^rs^{Hvx;SsVgHBU0z%noZ_OIUU5#(mG z1uYlZsFS?`aVTQosUSVB`pSR>n>9f>N|a$dAk+gw&XhF{M@b}*uVY!vp>lB}>NCU` zmR!yYgp^ zvZ|}tpg$qIwY|9vgHft0l}@EYJ|9p^t|>L5uKL-;F^l?(zkoA%5t^`e2WyIS?Ps)2 zPAUN<$yo#TN^1ykSi51&;Jw=MKYpg)ZHG8lflS{avdM4Vo4Ci+hsyY#&*UjB<>okH z!Zh<{o!M%(S-%rCT6sm0M0u#hj3&N)zp%bX^10`zEkbP-q1&d_q^C7os#LRebwZo? z8Y+5D#kK|YT=)O1#OC3y%23`aFVa7J(srTd6BpOjsMT*YH2E~0bZ@E+igd9%0zC)I z*ku0Ri|W*L%W8p=>uFzE7ELh1bg+0z1 zYc+cn@?3RWX-%UjfMHaASZE-8HxUzIrN$F4bnvS6Oo#g$6P~iKSF8zAzIq z;sE3ozUl@|6dYM9@*pkZF$ZVhw# z=Qa%Xjca((>3hLxi29jdxsUmk`L;E%;{Fh!$Av_V*1{@>f$vSpNMgdU-4 zCu&=9_WyGmrKE~lX)yZ|1G2&ChXcMZXz=@@hOj?wNcUwMGJW}mTz^eNVFu&)I`apb zP;;Gmtw>fUezg4*BD9{CR9_W2M8($V9fcX_H zj>GeCLO zaUDa06y4y_zXw5b91-V(%3ASto4ytZ6jn~YvD9|o!=IJQy zSJ3J!L7Et3WS=3J_N8?vD)eRz=bFglQOx&IQ{^FeIrXs)^_f;|c7XqUQ@j2DCf}5d z8_zKVh}n-(TGtOKE?p}tg!p<{W?)Li_`6(L2w;A!ZLaeG%|&$<%AQxNyNhdAqJWtg z@IKQKLAC;bHHAqeuLfw{v!Wwx&bQe0#4yqfA-Z(`qLBgDDqQ=ctE0?BIb9w^3{FS+ zrV^-LN=)r+k>PY**w^6$Dqmy&Lu|IiHTDN8S#9h{RtImkG2)I5N`6aF=f7hH0aLjJ zxWv*dMU*kUPWxo6R?>HxaeI1wij0Xj1f(oTu=MpsVy~lQ=^V5B2T;n#KXmMKP3Ii5 z@B?NZ$o ztue*15mPIsG7ycsK+r!HM6x{9)>LY&iQF9^99`mAuM79*BF;dki{%s`4Zv?j#n8*9 z5pn54#B;Q9#jFcb7CVWCS)6Z9v?til=s2hQps;G+K>*h>fru;9}65Gl{sxD6xQ zy2+iT+Rs)gB1@b`6L+15#7XAKv7B>?xsHNan50e&)cZ}goF)lB#^=DQUV{v@8V@4vZxnrHc<*GQQsdh#b&NU9oZ?T6FA?$X)@mn} zJ5yLUD(igJh8J(#H6s3|u-eQ6?Hc>54PT23@d3HJRo#8WsWRVH)`K7@lkAB&fLM^B zeg#vS2>%X*a7uj-$|z#bR1Q5rjELI1T7((Us{wx0$~(Ib0ph=#f^F+Zy5wwB)EQ(%cIC zj2MMy0-{B=l$8vKS{f30jIu9iK_z5vE7jOswESZ%2NbAaZi`yxQ>izjV0Ro1Ix_UI zkGcAq0Gz8iRp+z3rIX&i%7Ra?1l)<^+jUR=wVrJBbS-a4YU|TH#wGAGtxUnxs^h86 zVEbC-iR}DDA`%aUAqs6UaarCcX*G+@ZwPy#Mab84{vn|2J4yXi*vDD#+wLpExkK2m z3iXKykBeRusj0#K;S~bsx3$r6X|8~;4lVXpR+o9{QCjP>QO7UpGmLrQYD$3`^$b*R&Vb zryyy1LzL=@72xfUNr;0#5_O%m9zKj)vW&Ca#hPtGY$r7)S*1VsJ1g0K1P?yPs|VVX z?bJ4a7eSMg3u=5Do6gvu=*j*$EsY|i(S8yald?*720caVPQ|Dps%Yo|>0h27r{iP6 zuQKUs%@nC(=hYRb`HWfAgN6Z1h=Zpll;M-7#N2B?!Wbs+*S;j5yGlD&_Fahd{tA+7BoNE?o zw`t$YMn4oWA<3VMhSxcqZVbA>s+V;;u4Ua@eLwt^t=bj3AI4M-2-+H$yEs&@`sHHG zxl;@yxjX(@?oRZqwlOx;ID9}%N+;6#9{BT6P$gdYWY1R7II1+de^kTRzA=fuGr50K z!;HZ+*3PjEHTazg5Zg%Xf6Zx2te81%lX-1*P^o{j#+|$(Hj5_XH~{mwONr1%aHnEB z26809sa`9c#=_R+`(^CYEM|EM&v}}@fz~mH81D_Rv>Op50>r?>3L;`4%_-GTjC?Y#;cd5ag%HT(c42&5;gRFk&i6D z+s13EGcz*ziY60{%b{x0^JnQdyF(|y&;Yv0HYGl?m)%|sUwS64bXAL2aH{beQF}<; z8X~JIzDw+!`>{kL)}f$mvew&^mPZmHRMB<$LdW-QAtl`FEl%e}IDPBIKopFFh8 zAg9Uj{Zc)*+Gf!!HuZMBN&n9pSm;~XlhqUZRr`MubFHMYy;daN7%;4YM&T0Xj7EU11kVG0g)U`KP!2VC>MIn#KK)HmR-Gpb)c1|z*4 zpKy~nLdR0}#zAg!s9*hEU$et}k4Yv*8tP7I>;QLsyAb`=>jt__r-V?)r9ri|=h}i|KbrD>X{GBnj z4zHQ6D=EC^hS%>TYa(nl+hGRZCdGD{-zMdDdDJ%P8{Q{O`intR*O7$Gn8lnyMdDe? zN;viH(XHNt+04b+mPUpQ-4348%EJ^i6+UORYQg8BI(51M^A&iw_pywk)dR@4x3$2F zR<#)(2{HJW!9qzJjm5TQhcnk$!!RMpBx8o18Fe*9IV&ymQ{;@m@+bL|?d$0W8I{|g zLelT0REpxOK&zo(}g2zD@i>=V-eIzfc zaG8WQ>b=*YGqAF`Ob-4KzzNdcSuXSG`jf@Jw3H%|)gu{YSL&A~s8S=>px^bu)1IQ7 zzJ!mb)?CX>p*$U|x4d6$lHvl{oBZ}9zmJ;9s`GQdjNbW(tikJ|G+qwL@W&SGph#riJK+&+F}By=_lq{(g_0n?nyqE z=vII3Fve<)x>f*~UM33KpQ^3fQ%xcpdE$Xco`sA^889??R2TkiS3H#INVTW#LGh;c z)IG!sgZDm@!KDk2`65)DZtzxKa5OqhkKPJLRbT%sLH~!9u9+s?r<>AbHHMhvSL8^u zM(*lxRuhBh`6joYwkeqvn6V%k4|LIyl#>ia;}I>6*`q&P$Ig57**{LsCak7dlA?NM z`0UBmfh#$kDfL8h{_1OV3_P`pxyk=3Q5#1w$sye6E~DinngvK;*{y>0vH?UfK4ks$ z<57rW8b*v3F}4c*8&CW%PkOtZ*BEv^r}U$A*u&(_LL8_o!n{u=k(w2oO)BC6uspbJ zN>q>9LxbIPB`l#}@08U_T`6}knqYaDmrd91u+nxv-bZB}fEIEh=^0&^a{ZLSI@s9TKk>Xj_0vlp_PqN&_kn(OcfWE( zo7pV8yzTvRTfg^YQT(&yY!%);1*nGU#P$yhbnG!5J?T!0xeZHkfE){qh>9u}yti}1 zlfC{j_l2Fa=8mPzPeP)>7NHRgEyN-cZ|swjcx(Z|JKCG6-LYMYZ>Ro1N4Ma^>a>8bHE*qH_-a#XyK#pv`$=>)O_lcqHzgPYFa3M9}PRf zyg=q^$1Ze_4qVWN`qaW4^!P26N)D zJYn1k!3VQfPjP>e{){UH@v!D3Hr8xBsakk^4cyfxHkU*;0v2I()S(ZsPy7Ylqt$E} zC#i9;7!w@Pck;~VwRqIMQ%t)|Of4E}y=nY|2)(arY8=ei5_56sf6zqXsbr9zVokPW z8Ltj5BV+;LjYfWnZPPGW6a)}@J7u~B7>sON*Q~}MrvfDZa6u43O$y>BLFwwTbP|w^ zR@NLZF)>7!j;Bb{K4(9x6FMg*zc-3x6(+x(&k7P+CgNlqVj+9Z1orfl)kAQ}&e_jr z&1bWu-U2HFgWT%kC`C)sL;FUKQEsac=ej$`aEw6uwof_|l4u&8lJdfm?!|7RRn(3{io*K+IxS>%9@B>Cj{V zdB;sWytT>i_{~5x)e_=^8Y!Nl7^xZ%3=;2>gs5>!R7uc@F0v%DyzY zCRxt$F}J3$q`*Al>0t?3BF;^LM91OCwgw|g&hJF{+zc?oUh;fS+@3R^w#;X&)a%XJ zpEt|5o87mX3z7S*u%3ew&uw#=`Q~A!{|?%CEzgA#Mk4{V69vM&(bfWUesO{IViq}M zzixTo%BXKGRQ^?g((zI9#4~jG^>sik?wj$HcdP5v z4v;1Kan7$}`D(0QNq!%XQ{QNo*EL7iHut|Ar+yk+-)aWud3m$^R&(^t=F$(+!S~bh z#dQ9s>DoiRweqQS`N!$vG2XHG=+_JPWPg5s3DZO9P3t6cv^%54sY^!#<_Ou}aSr2i zGTJ-L#;40^M%wOC0BJ$PIEM2@Nsf?X3=KA4TaB4*1P*MZam3%o{$9Z^V zLx{q|#uRR6*#zRbiN4${TcYOvrc|TVmH{vuwU#=9cG;Eh?CdFb(-3s};P)WJAbs#f zk*v;^$?Cl7UuRm$U+Luc`Rbv~9HQBtmm~zz{%Qg2VJ|ZqjM@(cMUQw9ojaz@7tHUN zXc9K9vXRzJ<~^-7z?sYjcxH1n%^l;O7GTpni^w#72sfH-ob4g{mnQ95Z-?d_mW3eE z_B7semSb=*y|rJc6Ibiz;CyWRWxHbk({?_!t#ZxdO~9Ki|L&&X!6yH^O$Xdb0DR~l zruko{dl#6dd3{@WWp4xv^H#d|PGy2Tk!SO_?{E3cqMN;yi9L zu6mR6^-WSBY^1nTW$rVymfs>-jb=@oUvl}>(&v$;qZuT zZ_GZ_=snz+{$XPWva(QxP@J1l=Vat}8nd@HdRrUAEsbMT{yUBCjgfUuCh*6K@S05H z=8Q*hh=|T+5U)vd$GU1kb8m(7tQ{O2c*-IExZgt^M&jF44chnH5!R`moQfb-N0-1Wf>#pc!#I#6we!EP}_=v z3~)vJNs7A3*-aL+v|0zayMT3YoeA`mnasTrqHJijBnpS}aW0cD7nViFYIgV-IJizR__mTizl{v51YyACAGzqTfHBPkrNwQ65eGN|&x~12-Y#QCyoY2TBnQ=vM{E?>L1TMrPq1k8&kc>a(;G8qHx|xn zJmM`H^QdPmh8*v0i{5jOj31M!iyDKU)Ooi{xvnw#uLk#C*WK!3pjzQmG2J?SpIfV3 z(h}Vox2(rTw-UD4(tlUPzXSTU>Rx;2J>C15-!0$Cpo}(SyEShIjc*0bXGGEZzys>E z4)VhAv(P;wve!rQdmZ`jc659o;#bfT3$lH;()>#Ms&D@LX5Zpwg%RO>or#1P{J$i` zR^VRwW{b&&#Cki=Bs8*gmK~gJulTY#FfcNdKuA4tp%Yw!b3T2k<6q{aE_H&-oXJ4; z!5{Avtd%nNOz8gv%936^dYcS79YF6byIGB56sRd>Y10F1%*UkpxU>(k1`BfE-vR9$ znG~e^p_5t_uXeu_UnNpkil(cCg#aP$DZ{VCB!r$0le8$b=WGoPZ1i$+_Ieq7DBa_O z9d*T@)CJGi75-iu>^bvFH+`-hoWuKfo(;dZZCCHk_J`8@r)zC=XMG})3uR^G#mOxe z10a6JD?aVT&v@>SyruwR$KSLi#WnPQ6qomDs-fQu!U;@3Pb4hDfKBWEDhn6n#odkO z1C0@m6Oh>#<_WMfSIJv$S`JiSeFI53 zjpnx+!M}lgv(HTKemPvRX*uF^cdzH}&;S42{UWcS!rj}g#u0LgT|XMo(lfsKGt~A; zp8qH5eyBY^%Kf`!CTjSgy z2^Z#b7kTMZ{akaQvv#yQ=%Q|{wU_#9GHh%R?je~q?jdSJnoglUN@0BcG03eC-17s> z1Z7?vxR(Ux-vim?HCjKnGVfUSN_RtGq5520FR!Z4U0J^i^T-z%Xx(<}z2v~P_41bb z+|BjN9-%!A7c=u|Ox90c;ts~^MQ(#A6s-1~98lF4Vs|Nd9Se>sc8xn*EY|0`xqRN?LI>(yOM3`g3v1Yru%3W*KxMQrP+|R1+HF3&VxJIELBKZyJI2Pmh2r*GD$NPVxJi-~TTIHAh1p&YW{YQ&^E3tNW zmGeb!L@vyKRqiUkAV-Qn3h?)@3j0%0Kc?XWSzl@Blanz;@j;F<2W6ewg0Ki0{V8`J}G}IKF8uB?>W)+J27g?*aJo1sD?p;o399Yl^nS=MX^jk zHT*s%>(}uNq7{fEc&dpFFbPdCK=DN#Pt`&klTQ6g1miV$&R-ohhRvu0L7Zb68p2Q6 zeC9ftAJ6@szV zxr;lcJncWn=k(00#cukX74xnWize%7j24!c{I_$KKPL7v_k7b_z$9Vti%gi1>raok zP3(=!cAxC(+$wi<%wn#}?4Q{$T5YM+0rJ4y0q2O-SZxQ%gL4NhTQl_#lWudf#jHJp zSaDm$)jArzRWv8REn5I~s>2u{uaL%7VLj0bN)E%jbX98DTk?$*17C~ZYIav00nj|< z@KN?c37X{l&mwQQMV=_@9h)iCIH{hn%_WjtewqFn01W)g8a+@c%d)JxCYJGKe zdv#}jvhN3}WOb&StWL{p^W=8#)O7OKeNM6(NPcH*^S)@PLm7CrY4?HFm-SHph#rbF z3?pn*(3lJ6>k>7(4z<~1Z#(B^@QD6GOzWL0r^QqMs{wr8M`@TW=oLHFleF2JJfdJ; zt>0EZ?m^ary(^&^PKH{+j26`r7c;4F`BYQn zV929)%6!?cvp=p>{;LwKt1Wz1xmo;PpY&cTA6URkh&W*7#DA>heqG7DS1J9zlDpl@ z-{Bp5yXW8Gsn0lf{5mgR>-M{0McNa*$@c4&%Fim^j!NN8rhIZojw?+oRP52#e6!+@ z1zRQJNc@0_BTAXygkH0kbN^8ee_8h4Eth^*ZvRy|daImyr(E;fa(t(szsp~Cr|;k8 ztJD3Q+-0Nhd=r+Ima8mzu@zrpwUFD4VX}#1gO~UOcAqJSKPh|9mn%OhyTF!Xs{@2@ z4{L30Dtn^2_Q`Vi+j8cQ<JyZPnb-Mk50|5d%9)4Dr5~2V zSN!~|{^D1B|5abzs-J&@Uw1}JGW3u8A4C8Bcr376cLcq!2=6*!|E*m6=d$;Ya^b(q z4~V7AhqAJ1dnNb%ihQ&ZJyN+-+{^l7&CqB)I zlYiCbUt9^Us`yt{;?KPNI)B+`p1;mlKjq*q4|rA!_>ZTmU-LipzUtR_R|LHqE79qd z%-NN~S(SK`pTEH0eUtBB;H$T|&CHj*n!O9Z7U4U>-dfJxUY7Tiqr1!Z3AgbhkN1l< zL~5Fy&cuYks3^qv2XR`$tNrKL-cc(2q9lJ+iho&(?+xy?Ma^~T|`!f6mRnP(04|}KWgq?SB^d@ zWzHyVwp zJ<+?zvV7a(=YEr)2edLmz&klK3q1v(RBv*@^9l_mMcU^?P6Ohs|LEe6W_h~SU8;Yy z$RDZX;ua{qx!cZ%v=gNOUbRB2DMU*b$^8f}%gL!hHPv0CHIFg!GU2T9nlfYake~pf z43Cd{$|K!T`LE^97TGDvtIxYf#-(CU)4e$FQUmA*#o{P;pyA~DdD#qS4m2I#IJ0uQ zNL7mC@>6RL&de`1sJUH-wk~t}T1KVz)_?UJ+fM2!uXRuEi^e=4 zAo}DM{U?o>9FH$H~_k$(fP^a4;WM6ZX=;vnYyg!{66an{B({Usr$O2q#Hw$++gG3-sjd~BZ9P$U2Kwx@5SWYBsn>nbf?&5;S@2$nXaaZsotz`rkv%^+$eU<&6c}Hv+odd7tV=Mi=6o# zi?R#lB7fl>V##9ZFAbLYOXDx(moNK*zg(?Yx_jTs|J3HvU+mpK+Ap(zVZZpm`~kZk z=pUdCUUASaYjTIkHPIn2iNj#^I(+s~qmQ)L7LJzC+Qi4^k2zl)>mQ@OJpW6Rj+^uq z`-H;r@`T*+@z?TS-6X!|e^s5h;Om`7xY_U|@8r@+{U-+}q1GaSP8IgaflV!E&Jcyu zMYuua*Tc89LHO$hY&r|i6qC*t;aP%7vMSO&M~sJp<{UBRT#-FTcqH7PL&cph{PRTS zd{Kg44a~WP%VA=@gTYF|vauI71@|@~iU34KdDutevwW=2*rS%z)*AXi=j)iGYAs z+Ucn;(W26t?8GU7XG`KVIde~xk}mBYm4A>)U_HM{7LCW_e*6V8s!e49&r%j?;!oQB zmd5=SxLsDhoj{0=KEAEVK|#^sL(-vzF><9mNUlLh>fq6K@o*IzxZgGs@&6H{d7`i9 zw71}eF!eI2AHgeO`qeP?N|<^zY?H);HR{H{U)T={ZwtB%iM2Xf?+2v*?8Ds9_)6{2 zOYRe>hGUoYKm=P*ny^Opkh6$%EUyN+Et9k?_&-u2!)NQf ztagYhZJ-@5>M~si&9{z_j@CaHB%4Vh(yp2*Y?Cr}Wa^c=HnMJr2(a87rEZB*$#1L5 z0DdBa6ELw@nblvgyKR>XDI5*$`2snNNc|h5;I_!SIU0FOl<$n{a(*rsK;ASAtAAfh z>NS`^lwt=No{qX$zR>8*t2|0mgbTsYH5z1*Vd}xmHNv`FL^N{i3PBUEm1DR<#|Q(TPGP03 z<1NzLPZh*rPq2l0V|j;=ujETfabk~)P}H-avy}tE?}W*Ax|ST# zWD9s`vQGVL?GZF}?dbct+U=TF_=h>`zMKk%?#_YAyeF5oXMqt-jSb1+&R9oTM|vkL z>Pr6bPO#iOvBuwn0~UMLSkI&W5f7P3Q!b@9bytG z<5Z3YwQV!s*Mw(#B)^02%Vs0`yC4)zc?mX#0C9d#t|I=pHvtsPfM1C2H$?ag;k|*U z;2>w^&&1F(oRf5M;IR-bY0~PGVW!>7ZNm{jCMZY8VSH?-NB#F(OK;kUsqVCl5iJ2} z24hAyp4C#)!=6^Ub4@*Ev=KdR5iBnurE+eGa5-)%*+W=hG=poZLWWWv+9*utRkUHf ze-KZT1+1OSrlQrN`GA^m6fjYy1xu5r&ai@T7!G=&RSi-Rx;af^5T1-9og!v3J5JCH zJ~vs!;#W^zl{KQ3#)}}q#%N>;xKvFr()S=Wa+L3L@^1Mo z$e8F239%HS(yK_43v`Z~*@(6}H5Kc4sFsiC37j?%HY8j`OL4vY5Ef=Fd^I>@t0b%r z0ykQ6IH2L_EUk-uBLdQ|LBnql56I$AbHAZw|J7y@*h8phq;ghl`cYU{(hvZd5ne{_*W8Y4Q#(##5-sw-B*%!;1g<*8daX@|{4N4fTFuCVe>4IQ|!9!pp zj)AixAasCwICf#CK-!YTUXS?5;n8E>zf^*zoP^;?^Mc{)8m*s! z8a8gRTK;L;pPK5^y!a&VePUXln%*Ji+VHvzsA%v4=Cv6~92l9WZp=8hP?qXef=jH; z+cW;w3}nl9W^!jhrv$)2ny0tP4Q;H?Y_r#~kF9gs`pCs?^0GFry1Xqu zH@2DCJeKETHmURC@-taT$ugc$d0@9$D7gR%JeB2~r?c{9)@0%RJRAH4k{WeZL7rbo zoma?}f?s6^eh0a|FBA5%L4ZziagY?FlnhXC{NvXrA<;^k42co4*1nhDR+jnSac z|Arhi3~#GAev6oEL_gLrh{?zh&zw{3T_*y@=QU=l0U1{LK_ON`hRg%<5l`(lqV}W; zE&B_`yA}w^cU!_=w#au|tlzcNni>5ax{t1^e%n|zO7GDKUX4-w0=?@3amXf(^4?KJ zcArySwQ5jzbe0LxcwJEIf5G?&hk};fHL@e7#1Rvt%5J5FrI$40dUq7_rK!x5Dm9S% zlUe&0GaIIx^BT0H^^g06SV(?Iy*wFV2_AM1`Tlvih9KJ>poPk*hM*Z*TTX7FSO1>T z_$(9j74bP!zu|Ud;x=74FAL)mIGJ3CQ%GH?-g-TlTU|a&;L}XXr$yaE`9!OCXch1? z{c|8o{NI++@ZWl^mrC-tOtwFNZh2Lw5zTXY+?RyY>;3~KXSdVXZr3qWtK-=>#68!? zMOpK>JNq%$^R2kUt}pmC_7!pO<$C{v?(FZP8Fsk+pw)-}mCEUiTMo)jZ940g^O*@5 zKXY|lzCG@&e$f2_r{e4S=UNl_#itE`hay~$^xDPhg(0LvZ>wDhJ23$MN|;=z=Z!wo z(K#@1vZ>kT0cdU`+}X}X5<<-ov@{K-W9n?<8VAP)ZEIGwRrFGJh#-xMpGBFilSh80 z^JY&XFK!MRhimmW z5}ldZtzmp=MRF%Kd?f1A92q-JYPr4En$Cn9oZN+r{CfpAAHt9)-=RidouoADVYBKC;F3ouo`oW=bU9S_dqOu zQRDBZ(NZRjlyMR%Tq6xCr@F?ESH+?)Obc{YXxH zLbiU`l>SqbzdauRvzYhRqu(7>KR_1xv{vAu$wz)s9YIPgWHPQyW>8AhIIs{EwssNc$= zcVz4HP3fOD`NiS7e4*<5sMclW-*q_}+o)bFQ(rcx+p+$TI$nWrX)sL4xQYVt4X|FtI1i{;U4AB8D{H!P5FD9{4?UAOLx{JJym;jsx`S{XH7DL zS^*l5A};QFxl$d^ch*@0T5t`Lw{`V@tH=Q=a(}mWxE}M=<50C8#cSdegx^v|VasY{ zLAzsA-z^<_II6g^cT}w@Awxm3`ZZEde;Z0^}cET&7?0fW=U1!JJe-{ zES%x`d2?8T&LLl_V0SXxSVZF7QY{uN3E? zVQpR-$txm8`)@?l1z!f(P-Rt1ifIZV^zqJ*hBim@hQ}2tW@!m|F$i4x0#=}taR(fZ zwx};^-uHC^Zfs015?kpl5epMVP*b2hVOyYt=OrIg-fFUb#UAtQ6>1BaW62Ek<3_!g%km`Fix?PNK*Sif5 z5Oi#p!6?uTwx$g0neNQO$EM<$$G&OK++mJ+$+2$854{kqsLH@?3fQskIWwW?m@Jm+ z+Wd)Bhf|vrq|?G&2fO(rnWoL*fan4pixc$39aihCp-uN;5Kr~ng~c)fF2ss z_si_e%ovp5A+Z99ae-W4O^>*%>c;unCN2E;qH+WBEOn2X!f+<7tbLP6x|x=$Ri$~< z@PRgv;}hv=0Onsz?IF!|jqa(9K%O@=MvHmsLk-r=uC>FpnIO*{*LSPyztI8e_U;Dx zKtuNa2CWz4OG)uLGOx<`7)jVtBxtW|_}sS;I()Y? zp~h~=p3_h(Qy#x+Kv;!?*rg*-{qTps7;O*62p>2yQsB~1s zK{VT}-xhbKCxXA8l^vB~)KLR7fyb_7@mcNydJ9%o41CRqpnANF$bp`U1`;|hMLnYT zK-U@uwLxD_6oOj*vLdF}qN6J8+9Egw4%?)vm*SK@gDoFwAkkjNg1g03a}6V>eqrj- zPCSyhr0TQ*J#-4SJ1Wswrc$fTnhS-Vd#*p~(?I+)FyBfIkLcQNU=kJV2KVw%uEP`> z9?>_27TGr*q{iMA;m|k3;jRf6UouMHNG6>;KudDURQ{0Wi24h9vpOg@lg6`CcHb}b zyR_4oj>o86U|j9DNb`aE-2L?f|Fniaw&EYuXTD!=A$Jl*c>z6P2&7g`^*QqZI=0#q zs}Fh?S;nkb%+5CiVPHlxlw)f@rk>Soub+r#?nG;X zJ2Cd1&Tt~3zcEppY7X6EkKOI`z^d9~6i)Xu=a)}h*PF7$W1 zDQ|2=;~SYbDelgMg^C+P2a$7`P|E5_72M(Lz3$4}kw&Ln?Ln0BWDwx{0o3|R;Jq4{ zF9f!oLs6y0`&MSJYGZxU7Ri(x#EI$LvtjV51FDtc=&q;(J7|}Gz&}VnsgF&nM;5-S z3Z8E?P7BbF2`1=ChqRfoC&?w6NfjB=LabnKo#N12sbQ(yf)_!vKHi2?0Q5{+ll&-ap{aXtN;77ozY>0sDEwI2L78al-T@oy0n&f{e zhPoL!nLszAO@aJ~^lCQ&AbV$m3a=qOp?+5~K8Bi@S8CGMy43tz-G;TDlKwN5Kp4z9OP>bF+V=07T;u|k_u8AuxAS?S4yctV)g(E+_BD{yy2 ziyI7PXEB}(_@M>B3{b881+rDoNtIV$)rQZ&)DUmm9l^@#Ipavk!E=Q#78W_YOFtEh z<&t=Ds}Wryjo$<%*@9-P;e+Gdik#_W!j@|5x=mn?)lqPiN}oI!(`FRYFX+MLEo+lb z$7@M`XKj+Z8PQ-OeI_!#wDbCmrf5c^2Pce^gI(j^5`$~Ttwkj5W}FrdZuG@^-+aY) zt44-yOI}qZUF!#D>s0+}Te{Lu3HN$@3;uUpd9xec!fwsi0bK5v>>YU9mA`Pi-ht?j zD6Cx}lH85&vdAx_4^3iIYRyH=+pTHT;xRdllkg&c=w^SnYA<|R@oh{wuen8M>kkBv z(JfE0#<_J2N&O0pxw{q*M>Z&=BLZpk{xlG_G?x#mbwWO@Xg;BUtJ@e%B%v!tGnljs zpz6F%WQ}$wP{Cc!Tf$qDT8oU^O=D%%3-%TzwyMtLceA-g{i{z7fDq2(vdY^}D$4Kz z?T8Ak#dN+W!i5ie|7+*_xhEg>bm!BVP}vte3e0P4@IdU6PEd(ngaIM-QsBH6mzb8; zSSCTDeR#E#TrNoo0{ry|r0e9ZG($GACMwIB>DFMS%t8%6*H5|tDc+F7cS)w;y!Jo( z!GPGCf^t}%1e@n<7T%=PAjVusR^T$@y>KNBb@d0@nNf94(C!yH-R@PwiQNX{qp$=V zIsU-y{)0Ql&C3~1<~=w5D@PKs$jq%Rb|v)J3kK=LylxEJH4R?D-3n@5*m&qNLMsu^Z;wWChw zwLOxrX^#INbMGB5S5@_KpIuIwGxg5Qy?5sJUQ%vulA9jVJ4s0BozOz_0YpVW9|;{p z2{lwnKstehUIj!D1SB-+N)-{6@E|Hy-tRhRZU_qcJntXx=l#s*oHKLglwH#`@+rJql1^Q#1P6Zz{8?!QvV8QOM}N=y$U5>yDJI=K)24*x_Tvk4Q|D<#L( z<1v9Oh#2Jv+Ne`)2cLXj2hHRX{v2_+)IlGQG;8M<Ji6H{6H6@5zMMb0^nWb0=~tn2X@&_aWXV9?h7? zGxnBH-OMZPYhGo^`?{y!@$B1P@UAR-f92`-Ihx;i`a{ob^7`Q9MQ!gRRa~SNf1qq0 zVxXBHmGxs~^JrN=&M%Gc)>CqJV_836HqVv03pk^SnYWKIeuKo?3-XR^ZLwwLNPUz9 z_r3stNet<@(42{$r2*>l&}sYbIC`fejN^<7=|h1;usM|ti=c28Ew(1ynTiQEQ`jDm zDzTsH8qjJ%C<-dy_k(AwP%rq>J!2#LRp6YS8>Ul4ejo`_w*ujrnAeF7cL59NMS(06 z7|s*zC*18SJnRn)MS)r-_H zp+}-J+_HwHsD}Bv`Y)_uFCGP1J#LE{`k$*I(Qr`>2e^VEcHrLRtqAXDj zD~6{hgTYwpE?h43@rE@S7Pk@lC`7odp6ha*L{`5UIGKd=d_Dnt{ZOB%H;IL`c9W)} zA86;LJiCawO@TYr(N^8@V=ouO6_4n%4>DA36c8&*zjn3`=e2x657!MiQUXkx8lEN* z9_zLUhNJ*^7b3tL-LGd}?^bVg-&ps0Hx`F;tI26|s{*oM0jiwdx{>8y(z#W4fN6qI zl&sPuz03oTu`4p_Iu?nf$M{Qrf;S>{fLHCc)Ml06l*B5S1df6H0~T!X`&9m3SJ};=Czi+L_@AMXbbA=8%#as3@m*CT7aAcP=i9$UK^CY9+p}O_Mtcug; zv1V=OuG5v=ijtrNXI+9~p7hpw8LPnsXx=5mblU4nyWQ=Xk{1+u_}{PqAk^E|Z=0E3 zsA5_9cU5Cps&p?6+Io*F0jp_SZ&Rfkl?K7=MwPosnHwWCvm1e8nyUE!jWpVJg}o#_5*}!20Mzr<3&6Z803(+7>VsC@muN{QGk`@P zQTk9jvCnT8+_Q?!$jJg?|B^npm__0w#K_jYQ1G58B%dtkM+&JQ7pgq9DKB}XgAejx zChGb-3$yMic24m$aFA*HP2+Gghv&gcW;WPH7R!g zo7OEO3l%Wl7SNUdw?0|pFDEDmpbhJ0(r^4gEfq?**?ZI&ZXIXFlND+iagCFaYZ}w7y7$jg5(Wn2Y^m77ec(&H}X|UeB6IEfgsySQL*A%Fr zWQ;l;2l1;jt)lGtxbgRO5azRk#_Yx2LOBN2vJ4|YRlH3n05mU*0rX{^A zi=cHD(VLtwaNAp=2`~Zz9wU5rsO&NT5oKP}&Tq*E>of6!!{H6}n98ox`fAuj+8uil zG0G&mU5g-M&d}y!ovO-6nr)HRZmYl%ebvqYXmuM|MU||eF5pEdf}HfYiGt@JWEy@z zpv~@z4=oRf#qd1ioLVzzDO_mVnOvvqJ+R4FEPQ)I+iu zjr_p=%|1@^M1a&Br{%ZC`Hp}LA@MIT^MSquRFkP3l`r8>nOdz|6ALi4VwhpBNq{j7 zEJ-4f(0;LhX1Ktc@6U2aq`Xv1%1>odlTvdCA)Y-aZi-8digHWdtn4PHMwind;cC(= zwCw1-gj^%WYlD&mHUwgKk|iVNC&vl#`)`@(oQm_!;1yZ^i~i}SmLIB>iA@4y{`F|T zLT$qDpl#=>bpBkwY6u8)lk&Hzs#1Qfayo`#Om5fe(DWf8x|pLACe=*k`Wd)mFoGt^ zVLz^C_)36E*^=lpqNgdFmII<|8X&`jO_C!zMU!}5mT`w2Zx*nBptB&YlU!SYA%;z0 z4?T-(h=fGzGk+pW#ED>laiuA2hmM!ttB+hrIZUQr<&UfypWoHFQf)a2f?3QviYWn=7k{Zarn1r7Zo#+uCyT|>(0@n%;rYNVZ~{Y;P| zI@r=vM?2w9v@@;oLrJVnNK+>*(ENL4K8Cc-AH?6`Bjx>1v6L>SjWmWNrVn*nfd^C;38Q;(P7VHissqqYjVv2xMIAPK`7yzjm&MiE+Qz30c zNHpTg0Ll^eCK}nBH+`CTA zJ5Q1t5^z+wD;O9+$m6;snxRH!gceExD---XLD=cPMj@qSHgDBV2t3z=Oz7aH`(%~Z z2#R_;3l6uBi>Ej(35&$zpu`NtV%Kq|$uDYLvW?~}Wk>PUH`LkYb*0}>DS_lVCQJh0TQ@kjJ!U9Z& zz@VebSE8YKT8-E!fFJXt{Z`R_!bYW^R*RzVQ$By5E9XULCP({Usg0`D3D5JL4LE6; z=6s917L*)dQvljWP|H>sG-(1lCckox{0D_JB@Jy9{ojkdL;lZ3zglJAL{L9xrn(=w zT?kg|-Rw+!^Q0BFrWNYgYS;wdZO9hCebf@U0uno_!>(FsYM{x_-DA^ESw%?Wg$G^v|NRuWSjCxpct z_Osp6s`5a={vT}BNl`0pqLt{JQ!uCCD`QSlQ8Gg59%`9%Pp6i5sK486w(`)eDz!KW z8j-9`xEjhku2E3aRDGz+WhHxn#%(%!;kNcQWrjs>jr(k2^wyoC{d>HdPFoP|KaPJC zq8~G({jWElqRU^73;IduY@nb5Fb04K>LGihD&E9^?9liqmt2(muu1v#6c^l~o{+`N z;3=E954Fi1>UNq5L>y24;7Xgg)^;&+E{{&u{{+9ns$bf=OJ!)!6rJ<8FuJ> zD@{`m2~kNh5+SMUsXQ1`G)@HS;g{L==Rk3m9PM)=G~YcerBA9rP44hq%k(I zmXU+w?*)iBMX7){OS``?-IV61CRex<=YbY2iy zT*XbkYgC4J;xhb3JHMa|jZ%BpeVAI`pzb!=!Erb|sI0pBV28yG_GVmIFv@P? zhPbPQm(esIbGTN$4MVInjdYXntODC!pD*@ZQtSzX#XgGsdlA+v@NKkA*gq%YQ4LP` zE$4Bh*g)Fe<`Q+nBQ@3Urt3>GYc6H!Qb!^CXK;rk{>qSSEM%I0ZFA{Dg88|5%R-fy zX5;~|oU;{Ai2CPh1UD)hGyjj`YW_+)pYR|uxk#T}PciOLmlN4ssbFKJ?+1r&rQc8a z92=XZPoto_Ydl(_x@}7-tJsnwNL_;GTM7muq@GWvq##nku88qR<=Z2k%!>9zYZ>Y-ec0300H}zrj%tUrRx#lcZ*)9`n>iBzIsOOcurygpxrgOy6TFwbEO8;41P5p+f19f3M~K{a8#c=f}G3?mi*9Q zO3ZGfmu$;15q%faVz1M2t7=A5&X#E|aGb<8j;*ofOzrH~M#OkFBwhARECF*@F^{2T zA+y&L+C=-zle(};6PPV%{yo3f=3^)-tDF9$%_oSa`Jci4Y%1%ii@869@If^Bo(;=Y z$NPmd{AqsZ=UOuD=n6zuc}Q%v0>WKjJbf%!1}rD%p*m(d1Uyxel5@U| zj5L2V47PD1I5wzhXsC(Q2B@XLaT41&wnp6k2i$smCC`>-I7^)wuf5-o9e~f~SB=wA zS3U&WpI>*eEtl&KanMg`eatXwG;pkYyz-AFvfJui;n~33rFL>trq3G<9^k}qv>wQ| zm3BxEpt+ptx+1dqx&U4gi@=~%@EXWXFdhsbZ}cQHIna%@sX6XUw_|8dgtt~NyRDuO z*1J2V$Ct8KlP?p3U=d;rH!DeG-Ji=VX z={l@*yj=awFgXG~g;Gu%aM-Bw8na5&4K1sniH=_iz-A+1R3xs%2{0L=xr|pDV0Yt! z*%Sn0nCl5Is86W`AzV?<+#m?~N3j}U@pTNzXi!0kxfF34=ZxRl$T{PvXg?;}cSQT) z8-YshI8zq}iXDY)agRcEaZF)E@pN72EA}|&nI#xwOPDgZBPJqItg?7_3_MG5g6DMh z1$3{e;iez_9pr)ZaS#~N)d~b7*Gs*vN4%poK1lVt+m0JOHrsif?gKY8R^EcsKT^o2 zUOy-_MB{wTehV~22`=3mw8VLOyJTmoPhx0hlON^*mzWRyuFljIQECrD?#JLabUNw~ z(+kXV#}a2PNnc@ot+2lC5nWEl(LgC;YVwo!`;=vj`KW0uaW!YlIv7uNDB70TLBPHV&Qp zK$m{6C%HND*~Mp)rOf-fbc*4eWHONwJYPW*9gm3FY-g#_vX24&Ttg~GXMbkR@1Wb* zE1nT@PRBUsaiHgmgV6JBC?&bBOz&lBiKo?_Oo2#9u_%3B{9|-<>a8vRnHrtCI6fuf z_2zrVZuw6v>Xf(mJAQD(MxpYPQqFrW>FMECda*YoEL)Z#J_8zfviNuy=g}?8Ik&FZ zTI>P-n$>?&`>sI)Ai?TI6b!u}aTPsc`_y){+|Itn-;vItaKH$s-$ ztHR%QZ;+M!(Omx>t_KvPExNvldKu@h!K+U~0THpo<5dGr+3zX!EA)G*-y#E-xvDN% z{GKWcEc+enYio1S@l}tPU ziI;^8Qnjcz_Jj?M5nGrT(=?79QTo>nYK0}=ierbvQs*!oc81k{Ejs5?@B_iEzJpo4 z`qVTaDw$Pf@4M-~PfY2oL_q2Zz3S6*m7iziM(XO7Iq#fuifd2Hjb3f0=>@eY zcce}WVe(_yCc|sDf|)d-%#kfhwJe?scNxiLjT(w6(Np-mv8?czg`#6(4ne&)s9l9V5nw=eXvPqv5^B9dQDwb}^=3WiXI<7u)1sCQ~=h$Iqnfxlz zaZTXgHu+ahWB6J~XMvYqpXo~HGGr~TKe+3l+`*vS)+1vA-!05w8rL+8XzEA#)IyQm zCr+c9mf45_lDvlK*3?|7JV?YTdtK+b2<+w#T`(f3vB-+68e( zzc0E(MDyDP4rU1cDV*=K-$qY!jN^>5d3-F(CJ7_xq|)7}G*aS76xR-^x|R~;Gc|0a z`l`LdwKv-ECQA|i6cxcfqVf+y))ePQF5i&MkGAlSTKvRNVu7^F^NZw-twAvs3+d}& zvrSJ+c;--gEX?eUD~=udxaa=F3!nD(-snY6W!OzbcSFI4k`!{R?vXTvy%>oEE13~S z7or~vm(AX*ei@zLobh;6Iz5#HZO8lGaejEBpFY8#8h7^so`io|Gg=d(@T9Bv6ji4u zTv3q(qKf7vpF!2b*dC=uOzpPIajIww2s)g$b%nZlQ7dt0AunrlY^&IZLZA|kg=$-I z2SSaFCIDU|7{-lIWrNhQjuuT@ul4jbUhXEWHP~Wq_8O!T zbA()hB4MVaEMfnlBWn9=q!KL@N;NeNok=xLW~NSS;6l&#^r@aY!)-d6Q6R(QYp7VE z_^lCK$OhDkwwH(LCNoo>)iI);VHaK3JJ`NC6SeME(r7(XyQW1Gyk=T&m*Lg{1x^r- z2Z4nxBbpmpqM1fSApoj{EK|Yt0 zvG;zy^y_@;{d^KTc=F{uvjS-=C&|FV?&0+7o#AvPhFGg=L3&(aPSlZiQ^TjaX9bDS z^~}^`Dw!i`(0s?vd_Mn}dM=-PK40@(ets<7ZO8Odr@l=NzIM&SFDKT6$|H6?%H%Rr zKc;Bf8i{xa`E*)8@CrIeQ*+{YORok}jAKbIu_#=fwR;IA?hHti$FVURiI?M~w{uPNQ*g8G#;m zI(8me#p2s{=TB$|jl0=b$}MwYxKW$9Dy?>{>7rnwHb*1Ec{ScAs^b`D`#PBuKXJ2MBd;D(o1Cb zn+sPRiB5pi5|-GZ&R5RqDqfS`?tRMOv9rP#R3aU|E<3(e<9WCj>hvB@0(paHjk;eE z!EaI|OSlphSD@R7!9}zoZRt9O56h;@<9{UBO*kU|oy0U8kf`_H-^zk#i(9MXTaR;z zo`2y#-TH-Z{X5<&>JapxRSJrqGN}IBk4bh4n0pI2&LDxR9Od_9jPH5I0g}v)c3+fB zb-}*+utZ&IUkoC8T$Wxeu~Pa04L*xONFWrh5wl6h3LJ>qCP6OmEzUJ@Zu{zV-InK~ z>sqV3WDF~7d-uX%lq73{=R7soysQ6TRrDu-egx%a5p${!V zpQwHIC79?i(6kTI--JH**UQs&xqZoZsAm^=7(fI1MW}e`W-47&q0*fbK(SS*bnD8w z9jj|MQ|a76YHm$KrJqrFM9sq!qbig;=1}Jj(y%-hb@W;K^k9{A^b%ngZulx$qQajm z;>KTLM@KJrp2DewC^v({z{UTm&AyP-o-po(gEwY3GoJQ;(@$X7NjE=gz>3IwXAa){ z8Q1Fm(wmcmTBk@)`}~P9TAefFdaS@ z_w4S@S%6_PgkMts(nvBA5XZi7Rw&Xr{C67d8$AENzqQDOBK^v($4UFXJ=nev=_ysr zpEA*HL;Fs`?`dvyoQwf9X6mSgrrTxu0GRqReWV_j>*RKIP4 zcTDCluKBYY@cmt5era?u`K-~eo8%iN{YzusHQpz#`I8&){euWAJSwRBys7<_G4Gig z_V1%^4t{6s`$oTQNc#}{l?En%F|z-_Gv-^*nucf0DP+;A9NLCLaKh#BEa}CO1RhT) zZ;zg?=CR0~j*Q#QN@y~@*~_}1i)X^=A==4$A3+1!iV5%gN*@O1Z~6(98=mb2Mr{YZ zING}Fd3G0~$?6nqc#Mr{Q}76hQ35178yyI+O(fh1K+aM53JF&$QZ1D0(q+{^Ka_Qy zDc3Zm^^wi0Exw}AS?Cegl0s{{xH2sE91#WRi|{gzXt{C*hjUWumd!+zMU(Wz8>X39WVvlLxn%Xeq6g9nJ)+uV{H0N5IbndY+;jSJe z++sEfs))+vD+K(_&k=7aJf=drzx<4J=Tu1dP3t^pA>H$J@j{&>XDVS%cbokErtpyq z4Zoepy$kIMu|c~V-QWeG-51^DD?+t8IKflrOX6%18~0V{c)z}HtKM3E7o>L)O5odzaJatXw358Q}Hvc~mEpTo!ap50&<6s%iwAJ_8;69t7 zd@s8xzTa;Ru2RMDdaLiW$-8X&2iDwgy_a0`q8sr2F>CI&_7i(Wk<+Sw58 zY&2wpM2pdx@9%9U+6KL=K39>s<{BZ|dsX@;iX`hj6{6i)FV&lg_WX!wiakC%$`h zHQ9FmF5Q=0o)x&KBaNBe6L|k5>KutLa;-3n|#cqhAAu6 zRt?ius;SeQajnT0T(HnC34_bR3YDJZB~Qm48OnImRlgpjjK^*Hf1u0Y zZ#MZ?UHlk7&@K4qr>^?_;Dtbbp5mI7Zu##*#wWY#1eZ2k>FN_)bE2EH$s2Wg#piE- z*;OaG6~_CnEgbj-Tz5646ccC6t{di>dAUEk#;DUO_u1k2C7vwUy~*?3^hK_@*!6C4 z&CPDW_p4oVfoson^(n48353Gi`nE zde>YBj)f$nO6W1GT;TuQhE+(J(czT%*BKnzrZWb_hkIwJ|1_cgYi0LMwqb0ocxexh zhQXYOhi4fUc@)PfuD+s@pmiC_KBPK*Y{bT~OzqEtvT%v1>8l=ES^^7~Jn=hL*!faD zq?b2}Q}w!>tTahisAd5ET%&NWk7*g~rCd4*WYIoV09eH57!{^mZb&m8=-GNLaRBI; z_Gwj&3K>6z?!vG^c79~H>B;rlL0PXmJ%rJaNuotH#EZl2Ic^>e4MBYkTkNNt^UhFnr#bI3 zm{#CQtTQb$n^nu$=3eJy5Li-meigCF8LR4oRCC(&!~)*22+qulEdU~(s$vh}cpAfeQTRSOif~?{jR7aZ(7hgC=3tkrpYPPSi5%;k9J4sSx><<<8+b2T=UwC7eeuXd}haiigo`kWB5E*cKQusGEt9OTY- z&4t*AF#}1I&?Ro$nQp+yI7QM_%hd9&dxFvn{_IX=V4vpYP6Y1(r)Q??pjZL}KT*sV z+=ig+6P6@S9@%TW;1*Bc;F+7e%o;C!g;%%UGq-r*C0?)=^iE**&VbzZSv zt9!j&9`uL}5v9yUI=B=MrEWJM9>lZir&#^sf3DNPI{uNf)iO9trrw|*B`8-nyzMQ2 z*HeF@$e|SZ6)!l+Hz)fYN}V9bt#!@bIVQXurON25y+ls0_uRD}R-*?z^ANc{nk>Gc z|NUFJFL;HFn(iXhC^DRo*m|(eiat%U6%Qb06v=E@%_tJtEedFmV6TZ9AFKwwBYyfA z&3YMzLQM5C8%0r+Cn((Jmg@_&-ktom631Q4ZdCah$VLZa5yn4aCw+9|w_0{J!|Hjp zjH`PYSJQaNB8;mtB2oxAN6=&QOdCC*NcR`bH`$-6{M0Iw&sE*3NHidkVyNM(>zEnB zd_X)(ewQj>eamyOCD!4Q{_U3Kk@OUbeAF5AnC?!tQ&f>WmA%O!Zm&Dc44nqNa6krv z@kr@w%{n*A_4tO34qa;q`nM#OMjAKa?9DX#Da#ChEL2zq0n*Jjue1^UrPrtm{q@E| za7=%+XiR_KwdQn8TQU9RR@t`WZSbkVWxYawA9;9OZ*!7A<4lsY$CT$5f$-dd@(MuB zfh&8nAKd5b+kJDFA71CD*ZB>1`{q7Byvh%*7og2@8p;C9q4aon>j(Z$pmfchkkywpFZCo^<%$0BBGtojE<>eWJDdi zP;jA+DyU4$Z0?<|iM0r{5DaZUy; znQoVaO52!2(O}MoaiEeRR50rH^eZYiBfD17#hReOu$Ts0*;I$QAiE@QJYAbCfyV{2 z-4@X_og0j6`ZDf|fuOL6Ms+n^x zc`Qab7YB>Um$h|6z8+EgX+>rYJgh*yyqJ5jyF3@eL6nv;{EuS=3jy}8-o*<)I8s`#bvzvbib(Q4ZWBKwtZ-}19>`tFbY z;1Qgv+TP$}sGrQw!}cl^HgXtRqqov5M~DQ&mVe|s&TAr$4L6S}V!FDBVeRHPi)|*+nPZ4!%?gYMNFdFeBiaO8EK|UN zOaY0_Teb5rzEwa!;^+#TL`sf%kh1GygKHv)$%5^(i&=j3q9 ze>J#Om$(A-WPheIe^=?7Mbg|6aGJ)q6Tv$~f}39^?7Ip5dcwQ`l!9b2Mi(mazf`E1 zAXK9ii5vX4(aT83X^hkHCZ~X}_ zc~IOwZTw!hFFn*RCV!h~dp+^3_Y+mb-l^Y#E8u5UOXlfBuC-#0SRw8@DMs!;6b%EC zVr-nSXDIW8_O{j~w8N-pYV{A9>KmasS*73tL@d80Pj{R5E#e!26Nl4gk~=~+8`RCz z9~%<&U#-(ON&Rt8XyUbs$49x8Q=ox`Q&fMz1MV>y}dR@)WS;3@I<)k@~Y2e8OVQl9Vfp^cRp= zl!z6p9uXNwJ|y>Yb18~`n6$z<1TF2Yc?n1tL-`Wq@mClF>^nc@;u z3GqXpVWar6QEOz%B9JmjTqza4NjcZ2wz7$n(DI_jAN(w*#(UI!QH}RW-RTE+`1re5 zY78(lHSV(NgjA)*ZzYpajYr$j%>?_%oN~)xtvcvWaE*t_7{F<-tZ#~HrRPa$CPu;yQH?flQTe&~@o`_`0u8;DD|OTJE9`a(VTr>2ytfDFU!nU*JEyPS(7 zw;Wp_knx|XyypO}w{K*}{I1gV$?D9wbfxBhqDcpso?{!&p#Fd17JBbN%jUxBp?J&I zHpJ}4Ht#Mo)Hg;jL_tiv5{WN`ZW5m|_P$#!!L`DwhXH-p5KnlWdUrWX1e*a%=f`Q! zu|vX_Rbn=-Xl;<&p3akLB(R?kwo&eL2A(f#-iiu+o!p+svFW3 zx?7o^)>vsP@z@m8K$&7K`>c&7(?&lf#vCvoE*uiI2}WQwbF(cVDkwIUNIb0C6LOJ= zG~^2sD1S)N2OFR&mJSldxDh-Wp&y5)3P#OxIV(hWnsUH|-(h|QPY>8*nQ))3B3Ds=b5(_IWfmKmj0$70@ z$TwX0MJ*8(a&t>8la@GI8iL@5yD0VN8p8ivGqeph!(M~UKt#ezQ8OHVfjX?k`9-Et zSKXKiH)Qm68FN!6Yuxo28~?gKQ&^t~Z_A*xy&)5OCJ-9NC!n+ zC0M^Q-H=>1Or9=&L763&s%>~D*w-g# z8@+mF;1*zVzOuco==tj>aE zi+feWctDKCvB@XM8n!LJrBYi5n6$%m#q$)acoat2rq|&ME+c*sUNXrM_-M7k7c(q< z`kW84Ot4P#O~B;vm20YITj7ij0mF<@P|sVtIMt!+%yx=UlCy-%ryGDA!vIBW+w*~oPFmNe7` z^*$X8Xlpv!r`F@WSh`pZn>sWYW`{1r!G)k*&(H-mUdnfKvt~`59?Y<_@vTWj{!TI` zxV42$Mz~u#&iRV|-Uo1K78Q;5TJ1O&OIjK{#+1n8u!*+W$$6>9WOsposn>3Cv#mGO>m(JYT{_AxAS?A- zN^kG_c4xVy)1F6#A5w@GU;@m;n%V7A7(syhd5kOiHSA|+>DS^PQ==cZtLSh@w7)g} zF@BX^<^cRLY_%GCn;mwp8oEjiJ6jFC7tkh_jVRj~E{(RlD7QS2ERMBkUw3kk0OO;5 zo0MwV8LP=I?ye9W?s?@={CU1I%QMRC?;a?A-Rdx~WDXC3E@oBCN{lndp$c$MXX0r* zL*-U0dX~g!s`23R0Y-IvyPU-S(0-V!I!~l`5g56RQ04O3s;&KOHEdyuu8hQx^C573 zoy+c12}s#b?It9EEIR?mff3xfXJTvoe*-`sXWFgFN54izf7D=*Q$4<1Q=|7)UF1ph ze4aU$m0CAW8~|gT8Cu!h<;oj|LFWw$ZLJn_{W)H zXR4v!Q+QzXL|u@QF1TFf?ovTI$bdZ<5MJUQakd)U_K$253k zrD1FIPKg=8OcRnT{WxXYDlNIIDnu>G?ZEG{Cf`=wr1Z7c93VMEB~ac4&Is`7_NXCu zg^+e2`TXSIOyv_RWHRaisP_$hj(T0IH}s`pba*cQ^-O#?mBU_6=?{rvH>siR!){hX zUo*~`7=?;ZX`phG%}DJ|gqs)A7@-ua+7YhT67JFxG!xfLvjDTaNbilXj_SbLR5A=E zCB~M(NZ# z)qbNo05?g#-=*4d=gsq$r&J(PlLagFwf;ebX5=-!F?fs8uDasH5yXSLg# zm7yIZcw@cZD1jKIXkWLHoC>8!jPsJ|u^Jhth4l20ZhnX^c>kr_-LmjefBTr<{7S2> z#YJhYva_hpbb!l>3I6M}3yD%thw}Uf)dw->-{}G2{5Ni%29`LbRcc;g?yV8=eizPR zhJ%$`asekIYYeFcUNnW5u+h%2Eblj|CA1i!o$ske54Zq-NnC;rLTs}s1SAvhj-RT-)lZaY0v~_+{qNXNNOuVyLW?H zqIME33B7my)XMAIczrR^;1ewu7lFLXLx_})<+g3ffYxEQCz!9vbP?>kIEkA)5W{Ab zv3$Eu(JX(ZDB~mM%TBcHJuDJBp@pIP3Z+n)i=>+2tP9Fo zdmO4Z9Z`;Ddq`|Qt9IT7rhPld7X4eYu+{Q7aJTeNWTmrKt(GXawQ8Gazugw!<1_!) z{npVF#zy;|XundeQF^Uf6#a<*9uj@uX^V^EOE>R3oThmR;$0JA*w6Mma5BSjfZ?33 z*?j_3h;AdLTKTZ-w?W5AAl~Ybj8C=X0Q`2YSXBVj_9H#!B3-&rjekOwUQm;tQKi?^ z_!m{_Ej9k3|F$Z9qQ-AhrN5~0e^8|rdi-Bi>0~|rI9+;0jsLYOU8={QqD$xK z@n?{n*$kXvO0%^dV|!~=p?GYt8j8>B=I<&}mg->0Q)cXQru3Q~I9HcO4;^j4PRyd4 zdtIg80L&?5?bCixuj#F3bKBz){i=wy!`KGc`u`6b{+4agjgJa?7W|=&2wVvn^{^>* z!A1vg9G*k=h52lYDo6SLpSIaPYGgex=@CqpBi6CO6jV#n59V?&>9WX8+>1L`lJd(! z>%FYR1ZQR4U;sE`4K{}Sh~pEb)MVlq$EQoV@!3*-d{v2b;H8@J)uqz-+EU&4a;af_ zeW_`DW2t3)bE$2h_2>>l*E`4cq`HR<8QWVLHZXM0zSMB~Sp4R1iK8|bt&+gmt^e)* z-(NF7x;NhUMBnE|`}jM1RQ<=tFN^<}7yUgv+V8i;rJU(;nifHnr-k@U4?vGUHDJhe zL63DOX(+Vuk7~@hs+1o)zqI|pHl^Y*#v2jXF*ekB&M;m8SMSulpZG)81PiV%51S3$dX|$wF*8wGx$S?^C+} zISoCJJVTWx_08HJ(&}@&W3u`dl+;rp5TUNmZ!zI~{#;Asin$%vqQ8}!TlLqOBM##s z%+p=K!??DMu-7?2oz7*O{RP_>ouA2di*&Q^V>X!YdsfnY(*wo- z8jFt`6JZ9NQhO+K@4?Bu+$+Mt?mV-K0`_oB&~+X0^96Bpxc-{{hP)g7mX-u?olF!w zlkm)E5>BE}hcYTc3Oy2c?bsyq#a{Qsa&SHBD?f%KUmlhSJyze{Fd)jcXi8N@P zT-%IhgiNE+i(GwNTz9qK#zJ@m+saB_v_NFdemLIbfX@1i!NQG2iED*<$BcBx^#&i zwN{tT*8>;p(hv2hAM4VH-dFYLH*~50fJvKYx!vf4A(c(o&cFM z)@XtA%!5}5H<3-a&zF6Vxy^i5{X42=zcNo;SKT%{fyijp@9t}?2^RYt*8Mpd}V zD7ea~3Rf9bJH2jn`H6T2`hGkqKnlzdkV1P*m88dbkn{*Kef@}%J|o#>Qk>9 zsaPlS;j6kltnLC;9#Z$H=e!$CgJTJ{Q4O>AVm-&IpSbxa-JzUyYXi<8Xy$X%62tLt zm{vWt78I9W#sm=RU}1|(LtwLW`HlLuwbk!HYh|;&?&6w7!GP+C|Ids74|qH=`=K}6 zTRdq|aq-A;`N>UMU4fPS0PzA??EXnF+Rki`MrbFWyu;ygCMw&a8$MuBjgNo{c1SO? zJMle}L3nK=X5FI*H9kplFEC61VzK`k^8RGDgVZ#AhotJ+o;8cupjcM4>Z^4;BkhcA zt4EjwK%vh&Ja?o%vX-azA{K2*MVJzK^{SYvhXNiM z4Dp{+;iD|vlJ}@oePqMFL?yaKn>rayYEvzNG6B4&%Xx(?28fq8_?hed;JUyCgxkyd zRlr%J0;v<-sbo(>Luw22gbd|*8-0M5e3Gd!~xf9Zx$C4p#7*wKGQZb zoKrnJXwXBv*?QONnqWIUg|tX=-CkxHS~5SM;ujN0CNj*7L?7=aOWn~GTbqS}P5Sxz z=+|g75IuKB?bi8mQ{%POQVhI@FhT_nYd^Z z9Byam|0c7?Ugju?Hts?zjNgZIl`NR4yAE4MH^+MPB*$bka@Fa|`AD)B;j#@zfB+hy zzeovvi0Nvtm;gG+!p@nZJt|s9{v%#TuHi7sX?oXn&P)=6L(&?od_+-;6>6bzGpN>c zBp1r1r?V)cxtEGVjI3M9aaGThRz$PYr%%!`X#Ets2p{PVmXHS}OTlb!jNV?)$0vwd zw| z8++D87R?NBltaH_QxHvfJw&tGG)Fu^tvV znK}+pcyib+TjH*`B|deXhd*lxP?jq#QG=ItNm`&LKJI|(|{O>0+S0oZP zPa4%!m?H~JuqK>-VK_~X^+;G{uT!=x<|W}uBq^!JeA|L~vH<>3QSSz^i>Z{2}H`vnvQfnL=3=z0DB`uD@OAGP|d$>aT39C3D^di%9a!% zawzjN3B1C6#Kx@?&n3fGlHSW<_!byYDYBtt0Y9op568wuX~XZ9pi9zeg#dl<-%ut! z4?ePwNTx^p>kHBdQpxBg8RVE9oh#C09(XgEek-Z}Cz<>t>HR4TS0po=lDQ9)Fs9GH z^zw?5Wn}c$6mQ)v7FGlcX($0RnxaTH_Y97^;s+E#RtQ#mX7kqSG!3DOE0{`ob&A-I zRJay#$-|c~n@ai2L)omUNOO$YNP-jhV$a*(<@69L$jv%jvi&wFZ@LM8tL1r}&Kv2n z&a6qL*QRRM$RnBj3EoBp68ULKWJE3P(kXY&k~4EcO9A$Z_Na%?vGGfF=3Q>ewkx)5LNWUYKs3 zn_ZUcE2sD#)GZ*D%1E8KHBGwg`_lUMw0lR|{i(02GF!%QGb?y6`OP}}gEVkfPo?#v z>EN+++TSV`E4~F!tYvhJVpO2891kMIp?bLdE9fcY7;?}`!8@@Tz(OSqQ9Qx|Ved?F z3m79$yPMpNENPlP0SY%N*zD|_+-mKdoEfS2)I;H=SaslqEx3#aucqyLY5it8cq^So z0n)X}$KN`TfKSkk{^m2;kQ!M$M(KQ3Sk2@D$7j+{kmShPnKn1SGOA{v$b3us^gyPN zE-Eks@n`~itXxdaIOBa2W!gd?Wc4(w2^5iFWy$&$H6%&z zQTxh+W&W0+R~|MF{x%Ln1pkoDz$`%1nR1;6LE@mewtu$~x@n?&DTGv5K zAV(o*hF0>M6b)YQ1dJfr+NySZZ$=kwx;aTQM{9GErSCE8dmA>cS@(RqvGWQgM= zWJ#jM5a-G0Th`X`8wX1H1;fRO64|5R6)X{PShI~cl0CLxq`nEv+mdI40D zU%f%m>jRX$;5kSAfB7;NfS0JfdYycmV1Kg^v5jF0D=}1emO)R{|`darT?x%Qfi#R- zVl2a!n9{g3A(7GywRRb?HTs(}k(C&7g5?Hw83RyCB+D_vJzUq}5<>+b} z4(oC9yDbhEZSOn}zVpoQneZ}0xKsQhB+F50(ePhM5><>*0;d{IJ9KK=S<75m zLla8E+oEEXCG2<{h6!O!tOV-$cb-Y{>LnKu{=KAnn?@&3>V=zZD^@6sxJ9=>N>zlt z0US|+kcr<->S?4=!l_uNfw|9-GcPI=X>uA6kLTz<_!+I&gV;xgjcWP7ghX(+cJi~G zr=kLd5#0KR#Di{9>O-|dw9jl(J2?6A3&(7&7j|#`qILdgvAcWz(ohdwqPOl|X6geB zndz`SU!8FMCh{ngHj3l{TcPhOCrGI>JC`Z!5SQjmS1plJJfpCW6FSz9nvGDIbXTq> z+eok$m-Pr}{&7ZC*`cOR?<;tqaRx$OEsXzEb?j6I?~DlgZ2DFU()0C#-28dY#cm^Y zN1%_g-M)t#tkr#Y+w?uf(^U!5)tp< z2tb2PB0-);8zrxJLmm9OIMW;%?a#xrW-eU8I49yKnb7m_&@bwpyaZ_`b^_9APF#b( z>e#t_8@r<(fyKB>m4h~)KYQ%2F}vbLf^hPoyTae(st?@*qWyQG{hw8I_^XKyJ8Z(| zC_gLFO_XMe4N)>0v*mC)5*sly45tiIW}-1XGTD~e&94i7V%WVYJ5-{VdDFFde+bM? zSWW%k$C!VNNxeGS{GuoKKft-W4~3~MN4W5uPlxo_@|qKKS2tdMAm0{D$Cd;s}G)9y{Qv{vkcSa&wP=Z;ZL@KlS(;>G7W^akDYi zFSHh)Xw}cQW}a#741>@5{2$rQKWC-K33l7|a=Nfxy6|G@D#0YYgkC1yEqcW5&KT_9 zlL!0plbXN1u89kbQ@Xd;%uInovBdE`)qoBoihlXU3?5NKXrmO-(FL0fVR)!rS)21>$Yh zKG^lAum7@#Ke3U{i~cD1|IMZH~K?KMST8tD>5cVhWJ)oO)#RYiv> zpK5w|W}@?-hIKs&i(C@7#>4v1L?L`Y(XE$g=PjSu!K-^K1G#+nfVpSj-wfmw1Nq+G z7F%_rb~hl)Wj|^u{;EZP(31IGODp;P>VoQcC|{f{oR$rf^xUka(`8&HL?qI6_Y8K( zy_wUMo!U+Ni0mN<`gdBUe6c$$i^th*+71Pks#D82!=6H;k5RkY%kinN;&e4# z^O=mOwtpE>Rg9>SjHv3$h&nW1sA^^WETUBzHU;W_7FuBQiL9Q4iIq5F_xWB|#!0dW_u8EI#vE0YaKs^dg#m}j@cEs|+hcPIFZ z#O(U7=yGsXcpF!RNlt#9aXt#V^fz=hiD5NP4?v2Nn<3DG%{IxVlNFS}_p}-#Q{-O2 zs+GOh6yCo~lL_oulhk@hE_3)tVglQpEz35MZ82LHTb`|!Z8B!Kd}m@#MGR~STkuK% zlYx!!f&}qf=+5d0#UO1x%iZ`lRw!$F47vGT-Y<{Go=tkilzciakHHsUN3V7oj*YkEZpLY5PQ4KSjW} z-I&(Tax~AS^-F2r?u+l)a?deGjJPeMDMFeNxtbjC-~%dY=E?to}F? z{63@qMlLWyRgcS(XXwTn#XD}l2Tuw~2n2JADepL%gA%w^ovxNyHUa59=Pv6k-&a3`(4Q)~9c1VmmS}VjjG4d>joMde@2luzj?^>s5efe2v;FoJ zNSUD2RcfOoQm>2lqoe(zXuo%~?~3-d(f$|lrSrG=JGD_C?9BOtLe{=Ut6dlZ-I}G# zx5v^KfvMT-r|j2+tglPxT=7rd?5AAnA3C+Ydr?PqO`vQ;J7+(SwxC=lv*bKCZtx_Pn?yt-XCXWd=t57tXgVtfrMQV7iuY0(QAE<60-qzPR zJm{M?-0Pb^ywrE68s5l%O??l`mtp)94A1u6s)l#>m52BA9i$c$lx(@Jrw_$({NqwR zd|2OCogb6>DS?x7nC;A$yK@V0cuoX$UMs$|Bi$ozQZw6ojcOj{1u39H6QhHHDkL@B zo)@?oLIAx51c;9yOkXAa^3>Acuf#XPlJCxJT-Yei&)bnUbo-FZX(i>)U$n4O&K&|E z;desab}YWI!5IpX$elDyC4&<9K2?Mz44;l;^x`tWZ=K7_=_T!pyOO9a+PCBPp`k9r zO^!ycbc;)uF5W)5on6wN?Ndp-FNwHDJ2!%*Oj4J=HLNR@-9MH9AJFvInc|Cjo+S8v zThnt;<9Q0LbhS4g7IcbNask4;Y z-%dy`i(G$s`UG3DBkT@_wa@CD|JBHmQ}S}Tc&eIq0>33FbQ-Y*^C{n*%4>AHgC_rB zg<wH4WhWGn>IyJfdI^x+{Zc#BkkSR1ES6)mJ{ZPcv3=)3em5?u6qHk&c zNa?4ci$;x-ZhwaO;@};or}jq4f|+e{Tj_P$gRFzKdwkTh8Lg3EVgVi@N`k!^Q|LSP zMm32Y5LM8taS+2!t0bb~jrhmHReFvy?+3nf#8`ZXG=c;%7)(w?UPqrGNVa-Ss@AxL z7LPTN&Lz{R2XmdaDsamwvUJ}@QIh~p6}I&Zp}6=qG&SNK4~DFjyD z>Shoo(2%Cx(e5-<%cvX4hqwGh<)*V~zqXJW&C*olyZ5|!-THvG=NPh_+meqPN{z0Gy)%wtLexbgkUMDFJYe%j5YW{RIAyg@hs#MrqCG0#4 zTB0gtOrcVxac1I|RLMi-N7^ON8?n^g_LyW;m)=TUE~(UIjkX_Y>M|~_%R`>yd^4&_ zUj1BjPb>7padboaQ&sI`{(wJlr`4b`0bbUZ@anb_Jw=f5i)7r^%NCqX3hDCy69h9rPK@;kLpV74IzXIm5$$#0k-!S9KM>HXF{Q{=y8>#Ue=Qwu>E<1Gy@6U*dCsZWoHDu< zFI^xWJUz|b%4kD)w%atMF=Sx`R0;nlQ0T`WNhVnNG%x6)yC=94Ng_KboLo1_Oyk@1 za7NQ~Gly?;!+CXc4X_@UNp^yz?yn7iY~Iq;uSgl5xW~G;+r%9N&=t0+xT)jL*Q{Sq znE7k)EGc8KDRVro;<(+%G00|Ik=m=62q(~^C6Ocf_Py!_MCIm&LNbjJS z$Sc@rD%f6MgUTz22*1zT=gu%7@ALmZ^PGL^oV(AiYp?ZP-$hW0mw^A#S$^#37o6Zl zT*xPW$h))8I+52| z;_%+r9Q`vV_&H{`Xux|1ow4$sYF1;BO5bXvYxU0o?{X%gxUkVt{@6hnTT>};EfUwV zAApN!D>rHh_FHvE-b!xQU?;JcT;{^_Wf$$+Fb33L?0Rc)jggLIy3#o=)td!Rf@hao zbRPtwO^)t$-Mif2TdsTAsAma;vd*=?=>{9+e`p?2xX0r91IIqwO@8E5N(7H|Qz9rn zCfTP+FnO2JqyzhQ4~}uIfSv^((}%?@h=?}b#wSc%Bev_0^)`$Q$?u}=_WBTp0qSL) zNWEL&!@_U+Thkp@PgBW-QbsIK42=rQ{`yb6`xYE56|0Bog{9_6|*4V-^Xw zNB+;;>W);OKrv-9lKip+Fc!x!zxbnwPY3rU!>pBs@%cCUF?sKmw)NvkpWo!R4rdrB zSVy8yJYVH)bLkrARo*ro8%87Rl+kbdqqctc1v&rl3$Dr6+??E@>Hpi3)+PP~T82B| zjrDghB949Aiw&eEG>Vcu8D+dnMnKUgqxiyS9FnASi6n9Z)d(OD^)T` zfP?kAm(V&S+Y~@vW40(kEEFE)#s48M^e>}t{865p6}F@s6->>0sTqK0XJC(=0jgsL z=R1#FTdk(@lV>S}fg`;_jGvO>;0A+H-buZf5aqQ0L1Bll-u1m5ewCH{DPdR`!Sm_@ zhBI@p!Hv&|)yKV96?8Y_poQB@FVg94k?i(}y;I?QKk!;!i~vzdUgYQvPX2Plk2Q>j zwZ=#b4@+b=A*@dB_nT79>9Ik7wka{{UO)GaY4jm3%AjEwePWRoVH_@m;0qmh<&j2^pGeNaLx;uVD4JKQ3VP zSJ;6{z}h{!xW<_HdfWqtXY3vM$Obn$16Mwecv;Nz5&O=toa%fagq=U z>2~Wpuyw$3>CPdNHVHEJ|Jq{Q+sE85Sn0*{>gK+t<~7WnXl($t0(V7{_};#~DPDIi z>?Q4Kz&UB-!d=TglB$W%C=xy=e|fy&`nUmC%5W^g5P@CIpte8Uv9R5bk)Sfb%Iy!4 zVgzR=P07X!gC3o77)lwX8zK|Q@xAIp@ru4zCI2H$Z{;oNxAnaI+=F0mAb-2$=IdGc z*=@Vzmg@!ig_t6CEkg5IwVRmRhP>o{h5hxO96z zfhrz@bQQQeCM7_~d`6dD*$U zS!Y33V4s#dU7wUc89nP6Ik2KO<3Oq3o9vzvoO zV>r85bSjmTQNK}6LCqP?@D}Xb!}arNhL1%DL@RPzP&_QN9!*jUKTw&6mHwU-NX?7k zFYtCyBwuDF7oSnEx`{rCv|WOKONfG^k%UM_Qc+8pbqGo*tz$?}P(9Lkv-YkKItqmT zX|-O!^BpFgAR+HOtUI_i0{sKt0$o(6Gci#ykYl%Q1cGTINe${*xbVgi6IZ$1E)m9! zht29zA}Q4nblW@DS}vw%2@O^oAghS@zZd^bHFY8{8R=yolZ^{UTnid3?-V5Mifs@| zgG0d50QZYu+h0K$gxc0Gw)k!BZ?;GLEsO}cCY*G;SQJc!IRqUNlc=zW+)6G^L5>n# z<%mrTFn~0Yd+}r4Dn0l6;cmd3bPT6MmM3^%A~vi2^kJ2}R;k}9>jc#MZ*`>J?9jjK z$h_0h0K0>S#@ExGR}||%sIGiL+o$^C&)6&j^u<^9H@mDAv)!pqzbjE8i~6$!G$bCo zVT#%hLu?BAt`y_2ccl`#sAd2|XMtH7$rS;SSV^L#{S-Hmv;&tM>g2oNCU%I){U&90 z8IvwGX>12kdcCQP-7-m@tr^~jYht^yE(JPl*SK%ABSZePU4Pu3{C9f}ojZI~EDH*H zss}ZYW4}H2|KmHOm~`GB+Zkk&%L*~O@{KnOjX($A3DhA6^^N(~y`1?7W()Mp;F~H= zcxAjcy%_({39|ODeDG93Ayo4Ex$gxh;*w|ayZxuVRjYgT?pyV2%iG_4T#jZD;EEXl zZIj8*GcQ47q5i6^d!aDEb!S~Qn)!39^}6cZh1J#PR0nIT$DSo=A?kflve#B)dkx&P za65I*uGSY+C;wS;-z&Lmt6g1)y9qlAb}Nr)gYWe^$7%p6n1 zmU60drxK>;MS4lVBLhe@0+HR{@eQlu=Q4}d4&*h;8k1QOba6fqAJ>>kyG%Of6WGk? zN>Y>f^Ac=HbNmlYxRhO}tf*IWPDgfahrXc0J-?%-BPNv^|2A>L+q3tz3(eSM%0{s4 zU4V4aZ3OY4JJKhOO$L?cv;o@I!Y5_wX*mFl2Dg{Bc0C;pX>_hMU8$u_e8)&GyqL-| z1!ZmWQBgz17%XBl8m#xI`6|jP?k8-p{A8AleRJ`~nn!Cm)7}t9P`a;V?3dpOt(oyp^fYVn z&l{|z1E@37(Q0_FP%|QBrKe_D^`dof{UPShSPbRpw7)3-E}DG|U7Ulei>kO&B{Gro z71%Wl43L`Dp01}m{#>7N0>_xPs6HJvgx?|Oc5kXbx2+sl|4_N^AL*_{_cf)=)y4V@$6sl#?&Z#rH!jjX@O9o;?=Ek0qBYUDmke%U<(axl z!7t#tv8^zaIst@GI(4VA?^5=S%FS_ccMW&;$iYir#8m(^sTuyOZn zm7E5RLXm9@ajNQK(_<6T04!^ed(xlVP^H#+)kON#by+yO{a~`Y({(BqpG13*MZh;2 z!WMI|bCTW6B)45bFgf6!$xcmm$h2N!u~Iv!DK6X_J8}7b z<-^$Jo}=P}EPno~bBmp6$tk)$$1e>qAi_1Bb6RXT-q154HEq*9*m?@peH8Mm5Q&8PYJ8` z)KOLI7EZ;-W4Q9&{zUDmdUB<4*z@C)!iv`m(o}RTe<}^-6vscDn!sk`mg^^bd#Cs0 z4US(c*I39xpT$F`S6YL;m%GH)?h!vxP1Mlj*izDlSS_>{WB>ouQ<>OfVLh!MRZq7T zhwJGpb|d&9>S;hva8CqiIgtjzuHOZIFV}9@=Ijj8o!m1u&rM_{o0{(oM#n-ATB#0Z z;|!#F)%vFhCR7IyHN<+BpBwZJt=`oa6wK~Lme!obcSv1cCIiOx@%&PeC%GUvT+wKFY^dTVrNbc?6!h5AIt-_ty^ zw>!6*`}02SZfDZn-JS;e9Bi^l7P~wLGk2E85W^NmpEKPHN%1;mUqPQE;`%ZjoGs6V z7cZdCNk?@2qeiYB2qI;4N;BdN_QI*AJyHmVHfk0x<1WtoP#0WNlOo7H=V8(m9Dj3XBIfq z;*)iI=JQ?aS^}_{uJvB^=&rSm-b4?(#~$ul)2+qtWYK^9M_s<|j&!ZJ+>x%eMfnGh z>RMAk^-l8!vkTo_=p2=9z?hfK0Ewg{O*WM@CEgKMw&{A6%68il^2|u*i?>SmT2rZ5 ze{XjgJ!h{Us#M92^)Rv}=r_68e-wA5+NHSbMv8mA6gNv%8PTrJQru|b4|c+y@|^UP z@$NUmK5|LeM=Cw$>!!n;Eq!Dh3ar#Fl|I6&WXKxnBhQ1~F@5A3(d=ze@3RVzS*4O! z$W`a(h&kUH0$|!JI?Ps^x|6rOtGKSOtGofzxlx(zr>}tC zQvQF2tTK2qI`gaY;3j1`Y(`W#DSUPaKug5#4&OQ`mV{{k1T+l(*i1i)iLtmEwxe}O zUttp)g$bcI-2n@AIt48>TRIg@=RS8{lk&Ky*}{F!9Lu@Q)ouK=#uICD1ic8i$ffVeBgV$V%Ov=+Z;+>HU`VFX%g@APB}xL9{U$q$&j=dm)69 zf{C%oxx}K950~Y`=z<8(`=ub3P!2?VZ6qqICPZl$A$iYAB-SSM1&RFmoLYFF@ZWhL z+0seDNeD%Yzgdmnf|C;Cj4X|gg0jh(y)amiT6olgW5S;Cn(%*vC_j>~pW-z_WUxeR zlN~HZx6+zF{YTx5p$+_xYO$Q=KFEqD+7tN3Pp^{80diSqp(6*^j;P;hIZe|dQ}t|j z7I5>aPMu|adW#;mAySdJ^$#PK!)E&GO_8woEYwef>PLG+U+cAB_oV+MXWnCa<*(>$ zZ032Q515|02fmJ`x0R644>V67ca}PKlGQH`EqSyDHl>Zs&sH1oS{WE7uy~kA3Gmxu zn}k%*H9wd}m4h=EYKaY~B_LydU0E~bJ=NmOVcrv%_b?5~d!~YX9}MTZ>CSBP9_|oh z5(Xt$Mx)D{mi3DYqC^m6{y}3LA0x_#MxwM57CE{49(}+*R_n@gs{TH_P|DFL=E`Ue zs%7o3PVE;LEiUTN1QwToQ3YNj37?jTM)nSW|5#wx*m$@+g&}jLEHma4^7|LcJwzaE zo%&^dY$f^T?V@@5J52i~u0^7>s^tQ_PX zD8}^oA@OAh_az8nmg_^kuSO?$y?Q^7Pwz;1d@_iniHS8K0ah?4zdJe@zZ8usAJwPC z=XDG4dFx<|-|zNBvpENRdYSii#L{B@Z^x%BIcDSt4~>eq2`bbkk@p(KPh7kbiui0Y zzgX6F_;TvS%C%?dlXcXd?2jev1AN|JRX+rXXd9oDPQL0%rJrE7oeT2zVr64wcBl~B3}^N$2-kQ(WEzrm%_#Kk>=72lP)l6 z=@V2UtqY)9WkasR8y5|9?ETj@vsgIP`9jsT*YI_ljchkpu z2@Rocw4DoVA%V6Q$a3q;G{mTPiE{UViRLHDk4MHs&v?F~Cg#%Ra6yQ!o^pV1y@8*> zI3OjaPtIU0rkiwtIgLuLPVnfU_~e0JgNOE|A>)xPA8clO`jWS(*>3X zCsi8mb<$=}4x1{PU)9A2E%SuBa;Y1&Tl{FGmIi2AsjGj=3^a~0uMTC13tmfFrF$6T zgtWzb@hUN&(`3?{!jo2W5`J5F%x#P`@vSt!&fe;-nnR>yuTglVPP4w;NIL_8!OYNF zA4^6FCsY6l6H|ecyh2r))k(z|rfX?d1@`7t>8|Qh6E&tb5@6o^Ew7Y>Bj1_ia>T8aXKRZ%||J zQdak5FSkKOE~BmG3}eq&Jry~!7Me*QdT20(G@%D2NvpF!mh93fzf6_{BPD(i%gk}J zIX*GWQDku@nxu8w z+IgIpD$^$!8+(e90U6VUf}ls^%FWlAY%JoZlS+PCvNOmQqQs+NHpWruhw4X^J5S1} z+Wwg4TY0~+FK9D}r?$yh|230_$5q?ZWUG6(g)KM{`3o3NjsT~8c(fke@l0#4HVOy2 zc&t*9zd=J&^S{3S$oKz+GQUd3ZNR8gO(R3x1MgOy-S%K7D3X46;ci&8)dw=!9u0J0hAs%1L?5IK{2n-9)M}euwZ)xg((284ocBMgt^EN8K!ekTuz)!S zI9Wm0r)oq?D+`IE(V%arNQ8@>6}Xt9KBy2a@D)?|_47ppx>udPRmS$yOxi7^;{7u^ z2Riz@BHbCGmFtRj&#=DU3;-mxQo1LK)#W8!ni-kFh`oE|%F@z3Dtd=%8s@p0MZ4Rd zZAmDS3SU4%yrV<^j_P@RY=&y~4yE5!;f?$PSw=i zy-{`T4;pVSf@$tcQi2op#6wED+?(q0>JqtzkFTYFs<5t>=Z~0c`{J;r(kCnaeJ&dm6&xjrXfn|j zT@_65PKw^BQoi^7@QI%)Hxs{2Wz1wTMsENlaipj-CIRR6D4+)7(3}{+Z>Ka$#Zp@7 z(=#gwN_dTeId4qWWvV8tW3?U#ycLaN(^Sx!T!1e`!6_|?EYwf@MOrGh;5bD zy_gJDbzi7V=lAS`osGIHwfIuiw7>OTJ*acXM^5l`=6t3(L811YrAz0k=sM-C=Sr9E zyM(6J%{YqDkbfS`5SSs4>q)pQEey`F`A)5l1gvZ-_{&t@duNW zO6?CiZ46`AD1v^);5LKN{&A(tF*o`hCCw3gxBj^&yn+#Y1TR!@mPHAwb#P>(j;EL} z0;!G1)l+z=tH)L1F+wZ#&+Kx$`&*++QcIz$KF0bT{+iAtcc4QDPw416ow|rGsu__- zCO(NrNXp$MEcUC!#aHAIX`mfpxT9$}s}b`-|40QqRdQO*bUBm3wx4M%rI3<@EqdlJ z)r{#@f4P{S5uLeF6;@dP&}Dv6N7qEpt&~wr1fVB@aYctMd{Q=Leoub0G%WXk7BUla zwGCw;!HK{l0w2O{{Vcou(ign($CWo;VwZpM1-E}$xqXdYe&-8r|E_ZTR=fPyFSz}; z%I*GgdwyAT`9{^Y!upO~{`VI=`f=saNA2>3_J4l(Iy?OE7wz&lzu@-9%I#O}@(o{b z`^L)c-`M55zu@*gmD?g3p1e(D!UMKRyPwHiw+q__W!;Wk>%Fg{A2I;ZlI`f#cJxMj zajep0>2k(|ITh0J4uHO|RKYI58F-CIYo{C0>@e}{?w`Zk7j`APzo`fg zJzFEmL3?U+xi(mq#k_0|% zACbR(G+li%HC^wN>|`W4-0nAN25XVQebW}(O#7EUFfr@{a{)t)r<=oD1w&-Q^n*@) zff#)02Q%mgS&R-*nf%83L8@S|q&N!k=spQivphl5RJ)!43 zq(4J8#b_r2&$qsqY|5Z)#zQuB^Dx;I&v!YOBV&(eMX}tOWAkGKJx<-|zL`>QrC!UJ z-6z`Y&QH9VqB!?vc%E&qiNCEP%b3~ISl@7U0?*;Qle=bgKO&);G^n4CR9CwDZ@SCx zzBd8t{9vz^dC7MV?K!RYuiD$+Z3HB|j2lM~7r_Tu^_cb!CZe8N8VqR8>w-8Cw zy46!V0P~JlzB8~~NB|`0RG!+{iMW_ao!sCo)kM=S-|M7baMCZLz=)tXtx3jSa{P-u z?;?-Xenizhs!BIFGkzx}_K+&w&y?SN8@w7`MR~B4NTW$X}8yt6` zqnOSe-I)&J2o-VG^u2J=H4~U&kF;Ey@R@6iyawNor{S`g4gkC+7WdLgd1|70YBIb> z?fmD`yHx%=gap`yp|#mr;nlImYN>8LbkZ#@0i=_MW)3SI+O0uS)_&jhzvud-dzAL^ zaafuB4oliD%8*yS!6Bgt$k9Z;dXm$OGh3aVcE&Famc*9^hq|}8tUA%}q*;9m$$-Dk z<1Kf)n*Amp|RPONEu*p8Wqg}Ytk9zptuoYYH1#!mhF(GC0>2^jZ@ zEYv;`kj~-AOk-K-9Lox`gJUfz5tRDD}*t~T;mkxd>?bACKr zZLit9wS^1&vO*;y<{Z%i?u|W?pc>v9;eMTrcWznVsKm*5S*k0&Mjw#56g_4xQ#=;9 z;I1_b>>n#{5B&nsB-B2!z0(jm?WvE_2Y@?W>>QZ+i>lta?=ZftiMb`mc{*0W|$ zoUuO9Y4xuQtaBoQmi6^sRN!}%vzI=x)oaOj1J3CQdfhexfr}DQ*NfgY67}s!wV#dT zb&FR(-FuXiOWXK3B&dI!m!W||ZN>FgI62V!%OE9@H3>W~goWcN=xWxIb(-J~V<3*M zLT+i10>?19ijMMKV3e?k5pEMcuN9Cj>Ny2oLr6{i6W_9)0hhvCMcAmDNlTo;Mk{PM{AUAq zm)cP)S+bT!(49quQ;Vtl6}?U7?mI#~{pN6&*(U1xe}yOC4R_7kkdczlsKyIbL$UD+ zN!F=`wW{$F)zIDuG4To3am|iiZcisJQH}0}o2&!w87BT1=2g3Z!nK8%C=e^z6nX+y zdK@kQ*$~w|_WuzD> z+N;Bp55Ax@A5e|wNI_nz8an0Zs8NOaBV|gn!)^nJx3eitt-*i=ru?8;l=92l8JPYV ziV2yklWlJAys!{jiaSXGp_Orp$DMvsfys8Liw%zIB;&{~Oit&c9tcs>- z=1uy1cqu%oGnc~KwWE$Fn&WfBN}v&c+OS(q>;0E%yj(Thsim05NSi&;x}Et@JUa`0 zL?mXKAQV(GNZEa{G4^6zPBytQ_K4m_-@Hrp!T=3p(6EBSrH!ts+NZEnEWDSlJTo?; z%h61bYM`Bt6m?Fy<0?fxvFKrL?vXRzFjNGj6f4As(W1YU)_Rpq;ck*9J11bqt!eb?VsNjjG7gOtuhl`=yuNUi9+4;2yKo~%+k44w0jx?FN=l{wS8Dw6(GrZkzvi7WQ+#q%J za3yPGE@PKQGUs*%?rj(cQj)zpRlZ2($RJjlFoQQ^L1H2`*0`IMBh8YMTSf-E!wlY` z#prX8Wj(7!-FKqJlIM%c;HBX**gmQZ7=oWvn4XI>^49F}P37k5Cf$5OQ_!5Zj>IG1 ziT9Vs6dk)8*CCi1(3?hA)C7|l-;cycGbd~d47xvj}-E;hN%6Pgm3+43tnt(VAl`BKWphVSIWwCvFHA!e;+ zRtDAQ!zqnlT-gQ&3#Y%GSW{`w`_$GZP$w5{PuORra?R*@NT`6^RnO9Oc7th#dob$q zh=d`4>6RsP2`3wmVs-5aXx}ea?n+MU%~xEZO~(67T5r-_OWRSxp4PJ?Fn^?Z5iwSEr zg(ves+4-1Eo-9P({19eS^*tpng$9CQ*OAz&rvJY@`k&1EVXnt{lvAPm$ z2@@NYaG*NMhN}@Lzz;%r>OIPU=k5x32bhx(vHFAX(tY9Xk#P6xa2GyNO=JLT=Zkbp zq4gR?a-~V+bh8|xJ}k7ZX-TvOEpDq@xK0(nhPHs_&R4^k3Zq%lOW5sROH$eGv2uBN z0o8k!^?BgdG$*}sZ(;24d0mH1=*sfWg`Dyz)+ksUuffqs{Rq*DGfWh2-$BHO62I4j}DuZ&a(OJ^=eSshTgPkBl9f945j3 zfu=O!*=rWUa51G+%bd_GBUH1#RuUZE+V$eF`OQNton6ocJR4 z=_8zW;6<+~uUhY!$i<8DEA38MpOvtzi!_}H{8_=i5`HxIN{#!}W(CRBZ7N=ftpO&4 zzawFxz@bW<5!$gf&2>ZAg0Bd7C!1@Jh9}<)ci#$kw}rb9iqIg9eCO6ltpjPagzq_x zi3YbZ+VGfDxL6ejCdCJ);V&;u3_!n_n|4mmap$G*J`22Q)M0@8CE%+Tm=37J8dU9J z4HladUcEU(>Tw%79O^H;E9b?OGv2F-E+W;DXH?=m<)UtV7V}_>&UHq6+?rB0N?q1K zo>_TcF4}}Q!N?nn&823c-+bD9^aY4MutsjG1{WwiqKQyEf6;-|Gm~a(Qf~R;FD|Y}%hC*I!-B^Jnh|>0Hl(y5YdFyR!sGFfc zKCK%Ou?ug<_@_o<7RB%_lgSK~5NE3ZrpKeDt0AM0C^2G|8RXxQp>*|eI4i7TOS9D- zFdkkaZ5;%)7xY+6$R^r39&2I+>C(u|$F1WLZZz*Q;;}hC@u$d_RS|5ku@k zleU<&VAA`!q2E#;W3*+LGuN8lWP+L3)>hlz*XFm^u(7yoU()8Z!&uRNJl8iXF2>u6 z?Hg2^KqyKx+cNF-FfX*_YD>UX0IukL-F;&FC!!+De_bEo%O#m0+kBeHX}DJR>9%M@ z=yrXY3Ubl$&N_vsFzJ|_nJk;)yVkB?;zKPG5A34M@T~P!;&AiRote+vS)ikHM_?KG zy1DsCdTJ(LnQUM77_9dWC))#L7;f+ohE7sT^eK^sD6+J7Byc1%?P7qAVE6{61)DZv zAxmUh!4l7b2h4Gg_iO3E&^O1U#bASS63ExFnQ#RLW=cL&oolAQWisiOwv1) z`xlk*S}BXFhDyKKC?spl3{NWO4J9*o$$8pfN?dggiyJ`YX5x7$oOt%xEYnXIr|rV< z(xAB%in35oa+?pO(OpIbw=ZK`#5TR{$o3@r#cf{ucH{( z9ELt***f*9K@%P|JX>;7#+eH?j)Yo9|6GJwY`TABL>#CV8&r)5c|_F|A#brs zmzfkvPv5I1m}6XOxtrN4UH7{Lc(5hjo`GTks>o+Cte7t<=m~sHUXLe*j-9W_H%*Ko z5Dc$_|57RXLFmkv>+k9i2@}Qf+xnATfxh5V_EdB$Huw2U+%<(Y%{Qy2HFdvNv)tKV znw6N{<=n4r$I01Ct%>uZk?J*wk7EBEtk^#%;zu%(LB(7{i3fiprZff$L9PV}E=(WLO4vqrIUSQGiZBHrJZ;)z&S@_ylR$R(B<+2+p#Vwz*k zKce=ux(KDUWLA21$$3fqA_`xp6kVL}zPc2mbhRKXo+*3a3YM9dk6f?Pw?Il676Qu! z1KRNcZeSp0#+?Mff?;&DmD!Z?{0ugRDX4T_nH`}|qikJ!2}=Hw|B{9u!TCC67^5UawEVBIJBJ+^ zKQ20QTsrc6W{+2?I>24tbaL2;tko=_%?u=i(gFMRZb(awIudCX9A4PVE|Zr&POO8+ zDppBslfh$3Kdxer$xD%1-=ht%cJOAJm&Uw7^U|0T8}8LN((Pqvnm}CAvEV!+krqD| z{y>)QVsgDso17vFli!$0n>J%6oIhqzPq7D^r~Fe5#;2^XHs~>TOAofUs^)uC4Z4}Y zs{^?yETr;9-KY$5nYdH%ac%cjQu zDS)*VWC(ZOaA}n_V+2ldj1(-Y_8!hqd5SRCY|?|ll)bS!!@R9uRv;M5+m*Xb;rmo$ z#HuiBVPQ|JWG(l)3bykmleNF=5Cwde0$ejiFTy+8bGbLhnWxukb?|WB%A#vjn>6is zZ}N93kl^*Q=3l;Euto`U4BnFC*m~rX`CC+7y7o89dR0RW4Eg?I9lKwrA7BP8RsxhL4^Z?j8$w^_y8#&0pE! zboO>MBIo;^Z`d6PLX6kEtvkw{yLb4V*Q<_#Txjdab&j`gw`ENgy+}Lf*^!fUGedm4 zUhaI&IXSJ>`F11Y-CZa~ZTBSb($HMGL2?swZthyGuhhA#ba#v1-&=%)xIX|06U!pK z1h9j*K-N^tlU4pQxR(>(QnIe4)BZ)(ti^oU;*FF03ls1MvM(mQKH1MuKhWjv+9gmE z;7cF>@tm6{GG5?5r~T(a6YETo3DPIj^-P_AMHklW9xj)EqiRyI=XCA@zTV6*@U?d8 zD}~18`yv7#hCn`t5pX6Jp!E^}2oiYF8k<349y}Cy33ekrR_T6d#%BhnIaU4%dRZdp z?cwIU#qPp1zN&MBj_mkE(cd#t5;<351pPZM*m(zgl)%7zcfhZPt0EWq5T&>x#`N17 zuEO0hzg*AaiysAilZbeXViLUkD(_9L-qL%RG-cAUChZuNzM;&?VI~b9YBk4WOghP= zQ{L1A*8Ib#cMjRpd$God;Ola%hoaMiq4w$3L*DfKP{Z`Pp;orR>Di&k^wdzaqtN*i zo161z1+%lWqGo$UPoFY0U_DKI6=JE{{?ol~g$MX&lkJ~Rj{iHFt1y{IM=_aSs_k!R z{i2Ru-y3Y}P3fvzvso{4SJrznn}00Z@OZZF!EEb8*}D6(tzO}8E!p3;ME=y0`eRG< z7j|KTQ#6&x$_{Cvbw*9Bh>Je0A<~bBP3NQ8>P^`Ma`!mpK4%9n+pO4?{)vvhtg}C{ zqjEl(tY*Xifl1e;mG(6Ze2|%PUv?mD4aZ=3*=AGYvJ^ruM|Ujg8T94{Y!b|f82v5l zLITR!eW0lFc$MT~w``$R<}|%`S*#~{B>qB6lC`L8s@OVF=;z%gxG*L2b4^TF$bNeniKo#0F?C+wFH8K4H5(Xwq3GJx9K3yFJaM(7?(`l}WoyI^Lvz z4WBw_)a^Ojkk{v5p-hX3(^AS*fwY?1p?=d^YKEGpHw-ngl?H33JgPWYfGm`ql{8yq zuxiRlgI!ZzQ-gg|qO_;z^uo|N_MmT19hzo6jq4C_8@m|c-JeO&HKGX0-rs>H{!w)i5o_gP@dC!^cPH|^H zn`yW%lV;U|Ir|yM-HxnG!`Nmgx7*omPLgv^-Q-qn;o0d|x}Ive6`WteAItEQkCfoJ zcR^)Mc*OP5OSF9GL_cWG{=PZ-m*&F%G$-cNP#$A(e>6>UT3w>r9~1uHza9UI;?zgP z$y6j+lsK*Wu?S7;{tyJxInus%rfHoVPHqnioxnswU(|T*ZjD#x&L`$`q!3-ItFXbA z*y6G2n9RKs^_x7>%r~{{UIk6~Z29+Lmp@Qanrul7=y}-?Xcm zM02_!)s$@@0%c9^QB`axEGW5E*_tF=#L3!7eO39S`mXY8s@@OUb5VE@qm6}zMDts! z=}MLNBU7QRkXhFn^N%G^2Dq~Y=7;f;gMrSRXwsVux5-;Bfb z{3(OoQ-0@GU!rQR)y&Rli0Ef%h@N9*>ZsNiU1*rjZOprL5Sh$o~h;$Cy8=;V^)rae;?i9bl z-q-E-)-mk*MX)u;Mb4(O!pgfxi*oN;daqjFOSHk$SwV;XRWT7V9*_T#CVvD}P~mhOovEi36c5&thp7 zXUS;f4$r;WTa=Gn=_W39S)Q$re7Zhk1;@M(E`on@&x(}Nxk(UO$)_JmV_t~5Dn($D z@hG}><2M7Kj?Aok+roMj$Ps0mX#urWip=iABq#G?|?N4OF?+^z)hF zQ7W2>-r|P7QNb_W+6jep?eM*;Bk_+thJ4W<5JA1DPi3tN+NzOtQWeB^W;Qw2x!s0A zUgF0>Yt7Ro=NqiKS{bfh#3M=BPm5G2#j*NbiF~x%Ye^Ay=&0b;eEPj1ivG~$p z+k-p;gZZ(;n7(Sv^i_jh#RxB*)Ztd6cN4dO^@z)p(dzIXaJIiu%cfhq-L0*~ywk4e zt3^c^6lr_rjS^U?h6){}8x#hc`zrdJD51#YO@CC&$l;yZTK)Mqm51{-`c38GycP9B zBYC@kH%0sV@N%vjTW2k%rq z$B{`Ks#hO!0ABid&3rwNMG8O(adk3IRCrt_;w*q>66DxCajOQwt@fmUUCQ*1#CIvn zN3(l4+$}ICDU<%)HoJMFE>)fi?|bW!Di_b_DJL&b^}kX*1(c8VciG|oE8(uY$Lk%B zrLGSZS|VNEztV7yuCZN}X0Gw$KIHcF&tAVH4qB@Nja0s^Z~^w*uhk^7DAo{oR>a2? z^#p>S)X<}gdJ=Xqj-&Ovo9D*W1m?dI=~?D{SxqF};pHj*Pu??SF|-perIB(Xr^GS9!Bzo&Gq$Or1!#+ZaQ>pY0bp{jqp(@LxxCb4X=PEJaU(f*9scRufT$TiAr@-FQIt5PQNMQ?Umtfr8%iG>64*M z`*OJZMfkuBbL)xl+PmRy$Xx4uQ)o68PIrfj9s@M z+|97PrKVR6T`I}g>3u`l@~v`v9IKf6eUNpgSszkEF$T@Rhgr(Ko>2=INISIJ#C69e z928q`R|yb>9zmtla{>;%NqKdtqTdqEB|b3uy4!fJbd3^Tr}RX~8GfkTAFIqu%6$vw z??f_QXP5n0nqaF0rfPNZ{kF%+YOop*6I|ZES5<#fQNO6;fc6up0mLK-!z`0rvsV9B zRc8|SIoFo`wF*?*2P!-DR{G2zRYY|^jMim&9qoYko~t`IN;j4<`)M&AK}68b=u<6t zDk!`K9CwEk9<^g7FSGhFOYLuo6YIYCPVR0O{GA{>In+5QDEQMjx=V?YdPt{Jed*c6 z4umv1d<3P@Aop>|B(zrOUfB*Hm}&An*ZGcbquW@>2NshH~ zyVJ}`y-Bx&1m(_yw%IkB^f}+`=9x5nY;^j=@L&EF?&@|p`dw%G4qTBd?TU8NM}ujl zUEQbZv0mS!>RYDEu#`kPP7NJ3-5;u-Q?v6A_4Jyd*KN)&)FiYtf2e@`JDz_&v3!U8 zQ*Yzls(#k=*ia6kdA#)z18$7oPK&!myIVr1+jG^v2$+B`&ryBX0Xgfq69`!<9=176 zo4XIqK?`fm89Y{Y8&0`L9oKRPfrjkhB0FjH7%5g;e$}8)Y&CztpIlP$rN{!m*Zwbc z{aLw6c%QR#3BY$*1lc%Sd(aZNx^9hqKx~iNm12W~NUY{P-m??HfdH!rZuM9IYDI(N zpKWhIW98Izv_)@pZgNM_H2B*sPTWy~u`=pB$4ac8q zPebXhgSp{<*k1NAJNqzRS*exP|INGGF14$(4e5q)4NtNBen_?aoe8_^VRg4!r-=co zs~@vtx7xW|?1rmkRWAs-=cHj1hoPO|m__}hLK4HU+KE6^W(KPfABmE2Q~Re3eGiFW z&8zY+nBUA~Nz1R(htcx)H7&mZ?-~~A(!%TXC(2zB-KK(7@nmdnGN-T#!FRUWy-@q# zRFO%se?#cRV<<;uhvl!4j*t;WK$kOF!}|0u7hrl?-K6a%?}LQ9V7N!%-P{MsT`N7} zJ{5UfMek8T3rJ@|RkAEhxkmwqu8;eCfEW9rhOXjuT$(c%N|=#L6-gnR&5Td?rB2M> zp>i$RUgvIAn3auXa%n$^(OW`y-6ul%>6UPpGIA2QlJVBkgBlDFqH)fcFZI8f)^v+O9^S-5Mh>t1B zCw>ZQFd-(1S{P=c#bn}l;mL#HuESg_m=wazdTVLVnCiaCW86MsL6nmRF|4;X){Y61 zhnk~RW0HOK);S1dK}~g`Vt!<;m98OxanY?}Sy?Om{l@;-8I9>CaoF|>j_;sAh+=(> zHfO8yk>FdPCHd&P6iTv24U2JYQ(!0!f>RS~xUgq!TSj0!I$2w>EM6v!+syJuG1#MI zJ_4q+74}{{v!7dQu#fwx1tFp*YQM$w*?$wfby15kh_@R-ke%<BkGrPfQ6=t+sb;nufxu|r! zG!)`((jA-GX`=KEiVZYz#tN(M79wuC7({p`Y40v=T7$KKnNG+(YUE0%bDCARuXUrF zM~x|Os!)N>rE+Lm@={oiqK$nGsxeOJfE9aM19_bzEI|TdbE_L}U1335{hY#do?x4L zfLx{}jShJWCWc+^ zRElGF#pX@@7Tj$HlF{roxt*AnYg6@-olc}w*uuK1>3}s(pi{AI zPrSLZT#!s1Nu~zEet0Si;Upu+J`AZ|XaSytkIWK<=Cy)nV0Ee1hKt=5i>*gTe4|%i zW*@MxwQ&9%cjv^M*v=bmYmd2z5$^5@qSAo(t2o^dxs@mzfwPd2&QG`2+I2M8vR$7j zXNK(=r&2DxINAhQ!emQ^3VKLRK$@S*oFT>yAv*a!W7B-HlfYSy-#Y|~S!P#=ZBX3i zVXiW*qMt8p4Oh3~I<~-$QM6ltych#fdNTvV!iTkWdNU$Ctn|L;7W5pV2DuSU*G^QY zdB6;rXA3su*sz24V1_!B<(wz6)P>je8ndc;RV{0>7DD0v5c1M6I7JW~xD=?y@HMM= z%P@FDC^l&dos`XukO+jY!mCl-t2f|YO%SM`E3@l0X`e~Y3omW6&Dmw)ZcF%hW*Z~? z!j)a+2jxbVJAaWj{(QhIrVARsx+6tGtpkW;xf~#A0`m z&sNPe8_^A3`!w_9a(9W}I))`xv@zF~?(^G_=BuA2A1FvzIn!lIfloNMG1w^Smo50k zK>Y(@BGci6s{AkwBwtE0(WzhXWMR#LTmavNy5Zj{!&GXd@1KZ_0nWEW->Df8|6Ame z1$ZtrbNMW}ce5lyCd61wFdk4_!d!qyy6=ofE79(>LjARG_6-ZRB5^n!cqv;x@E1d8&kXZ*bwza4)>%s;54*_e-^w7ZKco0<~W%)A)Z7tAxW1u)9$w5pp|sG{03;P^WRHpUyT#A>#O_i($DR9TXw5$ zs~!YehKbQFXPj1-+l?EU3iGg*cW8B!UAomC`mLSbt`jL(6J){mytI+;h=6(w4dq>p z1qrz}Y%(AOJ5W1fwYG@4j>LK(!|N$fSGC$H7_1A?ort!(+MVMcg&GMHB%CLw5RwUE z@B?&HW?wsBYR$}o1_M`5t6`W+HSYrv%2!b_XO-J=n6 zF??WjI%m|sOxi(f4%^Q)0chLd~UiCyBvGnEm@G^ZT|deZ+;U?cup z)wW`3>QuSWrwvgY5<{+IGDQtsH`x5}9}ytI*) zvt6lgxI~X>cfJ?ctZGb~LFSLyzgFJe%55=0Yzn9_683hWWRbHq$;oU5A}IiQX^rd& z_#($Y3|WnFYlX8j#zkf~L7o}8<)=n&IbEccYU08)9vmCu&lyM0yt=gwzY zdzXN&h>;|)-QTDrO@t>*0&z18t<(oA7bJhMcRp-WF zh|GsGEE78#F}CT5dJNECbKV8R8BzwkkLY&{D>H(KHskn`7i;(LOm!{pG z#W(byj9RmSEx{Iy^7S|K9T(lZt^@Gzwqr&mEVeBD_Fcw_} znzSfPT`qiQT&`m^K|CIw;9XzlRW)o$^U5l#@fl^krpit`F!7Az}RjRcK43mOS^Xz2(7wTUMM`Or(9CDG+^y0BN(a$Jx`osUTy38zlCq0}&zt0=gS88#yr~V>xS%m8)zX=Sk+Nyi+&F9*-J# zu01{yo+o2m&F>-=-EfNkBh~Yi3J!waQ&!aP%0xvu?gc>{DvN^Nq3t5AiQD2r@;7eP zQ|*0}!YdAlP?2pV!pNn-qSg!O=AYpX>s2-1=~%bgB?Mq5sh%kFZ3do_X6Q3? z2^vsTD)mtxI$kH0&mz9bH!yHTnLxn-@|#8eBkHAWVB#5KDQ2O~m7IQ=Rsa7;v>URt zud`6qDZ;aW0IPF(pag;tm2%vEf}YYV(6l%UE3}iSao{o`Q#}MvO|#9hUPggPxr>U# z->4m!Fh7=aCaTCM8jiLAI}xmLOu;%Cmnd&@Xl(2n#4=51OS8?P2;NmhY!sH88uieDq{qPrXbby1U`49r{GJQIwzY ziNvO%?0pk2*dr8&*X#U+y0RqxvCcomou!l+db0C$9xYJv?>cd@ZEv$vf3k6r%y~bt zW3Sri^4*`?LTRY}t;1if$Dkukd7JJ2nL7Yo*V;L4KQ1|{x0~GuhkxaEou6fA?S1Vw z42>1Xs)vd8U0J6j)qYe7Q47^c#;Fp4wGnv|W9LjnkR)}fkV~@WiB5!5VcbZfd1*3+ zZra4@SPHj`P`kL|Fu2Iw3pdPz)KZiRV_3XQ4GH=xcb5%go?ir6*lMIP*WL>~*b%;v zB?kF8#)Le9O^9vUo%CG@m$Ru%bsm~HM73lwRmc;Jw^%A-*1kklH`i@YwW0zeR7BV+ zDiI^X=I}(=HeL@~#rHUC4O_)q3TqCn0wmjVIclO+6h6}`E|*qug-T4e{^rmseqj5L z+Pd2YYH&TZtlQD?gsnn4P+04cO3S#xNo}{Gt(>M;ifoF4zewGnU6n|Xo{r7)pL0fR zMCaJ~9j316;y<$UyV3^!YPSztkgm1!|FWa&9Q!3F^#?jBEn=G!`>CV1c7Ga7btal!Emx+6jpbdpO*{8H_I}PaF1#NrS@L4~2qvRk5xtYi=G1yf}0&?H+|2}ALB4sqboWpLYN@7edRpn zB#Fmht`FjY{dYI`0C+p0lTbOT8{FJgE+B5!y2%C3V+f9vUNYxBotrKKQp zbEQOxl!;7Sa*S^xmUS^o$wOOZfDt4XRW9SteW8!vGOz;8aG#YSDw+lA;AsA-mL@mF z5f8uvBdzRdFcH&W687Vuwz?=q#~y;7_blaSQ4fL@CTL-!AKT-~wn^wM= z2uR#4;TV#4XL&xh#EP_Y5`s&DEemr&<3q}N9!P_8hnKz6)BIC#2eDfG2RxkG?((v? zd(4oND57qFrWwRKPD>cilhC*%k?;`EvMSB!?7Ndpq?Ww(s(jjmUi$l<`#mrEFrUGv zJ>!+04?pcEUjC<_{j|rt`tN&H)_Fv3a(?e+{}5*5_mYi&NH+fHWq(IDM3`j89x2M< zB5fCW_;1>}0$Seq`(FAz&;7d>{V@F9vm>SRA~ZZ7bV_LhQ$IljHbttg=V(;n#-jiB z+TW8;ohydT9(1-+q~=?j0Mihh^)p4<0(79kuZk=pzBbGy6l~twF4_NfB>SC+DaCI` z$o}IIvVUJBdvC;K|1oI|BEqNGys;Ck-aTSR#(N>zm|!hN0%zd{_FJosOt*8zP;xc3 zj|b_^+Pecs3sd(yAui3PmCs}D10vJxOb|yr&*io_*n)zv_F%B=MQb~OB3u1sbj0Fr zl>yn%`%7gVR>pD>^<2LyWv9_0h#%;%+sDpuV@wQHuj8DfQMmSE>Nt~b_8+#6XycJ6 zs*?>}R_`L49;R`0saBv!C;4kJV!- z>Vw9ta{C>$*kH!1o>blw%6S~IuG*XLO_`ymmECf_yujRF3*svGq(WhX$XYA<^`JV{ z5SH%4VnnA{d*SC^;Ot_L1!4#5!$h0=Ct+-nc0LAkMvGSkFx!dX`3U<&v_+4Lksx4ao$LW2iDQ+7oL84B`N<5@k}IZL4rzd<=k;d&&nqkdMFwQn(|nF-|Ga2^5KAk#_Gq|I+4o%Xg;GxK9@ z@e9$epk@h@M~G=jO`<4!t;c~`AZGM~9`esoJ>n>-@g>y3OR5}UG27L}%mN!8CR=cg zkq9o5I!H0i0ySl^T_lzJObu@7XK>!}r{G_HS|!V3=44*M>J*xo4k@Nm`Sj}wB4()m z!h-&rM1Q(bhVn&Wi62GCp$Q&d|5quri{ihwmpe|LmR5Z`RU)$7e4J2y_d?VkkrL*m zBaC@z5@HMB9hB4$B#jQb&ZOHyz4U(DbkXV^&o_%T(=WUAJ+V~$20bx4A((i^ghx;t z#H%Li2_>#xCMTOztdPX~b%nAvVp(;__ge~{SNkmpNU&%;rQN4BXznhj)$0^BAcD~S zI)%nL$3Q#No0ZC--DQ15lxeK;#NW-?`}<3XsfsSvtM{C_1L*_(xYxha{W|)ha*uJo z&D<0Cuo*h#@32OS#Qib;elDJw!ACYF?4X@g|D#c@xljPOYur=a=M)+~mkF8)^%o<* zeULlhJzFasxl7yk$iIyN>A(P7~PezR`cGcz-h%cV*S@?{p= z(gN@GQ5yb0a2?;$)DEU?vmQShx3tA#hK2z0M17n+=m0<*Q0FK+slMzT&-r@on-iA^e9 zK#fI~fz5XH%{Gp1IV7k?+$o#mw>bX({)@J5 zk=3@o!}g!I-4;8K|6IXN*ZshD&?5P_7ZPE}k+X|Y#G(*k*P~lEI4wbN-+w$qkS~Ls z2y~xrU*|L>gII9?@KeJGi&1YHquVcWn!ar}idASpyh+JDBc$?C8Eb7s0chs`cU00A--=QbBLpA($*G@r;}2 zQsO~nPk?^hJjJhiG^45}udx)ML`vwshQmGAHYQ?#=#Q{E1!#V?HoIHG-P6jPO*Cn% zNiPYXdnUZIA>38Y?hOB{S#apRe^4zotshFVL6f|!WZ*ehF%*=`1wdXPi5PWBzHbiq zEJy2)#ki8d?AKNH>UXm~bY>bebX68KAlWyLtyz{^v~Iq?0aabH>LsWCtl}5f+KbeG z^qJ4x59=O717^F{C!Lmkv#X*neCCNyTM+gBtkd!glw!s>bf?_{yF~-Wgt}$^V~+cg z13y4d^a-c%yeu5aofyIrmA#f>;uAgTw}Lv8a}=U=630y38xICU5sDg z^q&~M`?TE>_;wLZl#7Rf^9v{X8eA=|xA+yi`BgjdirxFF-BN~y>nX>3-0^!czKNw) z8ekP%r!2WgwKa&#yGEMiXIdeeopy0`e}V8W9Bq-)`vi#t$%H;r8gBZJPG1#HAA@UQAsaIg@*@2mW`V>^seNt-MLWdcRbh* zF?rq38sSBS2dcry&@$B+fB58kDl#KEe6m#~TJkrl9Ox0ZP%ag!)~OoIeJyo2soL+W z`kPdFPh2XFZEkK#H1{@j75^V^?*ZnG3T5`Qp^;^Ac;9iq!N>ubI#%Yss{_~t}LJa@B6>^ z?Y9G9rlz{8t3!2lRkaa$1{3u=%2Kghse_`_I{J-pYyBG$>@Rx?L}3~JJ!pgi|51D| z!aw>j{+)ZyeZ4S_dzTc~U>No-jP95Pc8lmip?E?c3;h$J{k!&k^*QbPSp2-FYil7S zWt}cIV$y~UDbFlazoic~#7^C_L)Smi#mBn-nU1+y4ei#&9(?mxiyGRii~TxW#ht4T zC-MWjepnZWbp5CUeL~ky;#)xVp3%h+LoYy5LIkv6^@*l~ur?egfKQa_T)jx0ONRNg z;D77CvY*ot+OPc9_o{9LUcnJayoUKcETTs>$Q4TAlUPjjQH@_B2N5*FsG?x!Tt`?- z2=lxLcHL|nn{8epDcFVpS?P28^I-`!K`gY!0s0HwBf=!9_xTbW`QWM(0;w=UJY- zhikU0^+Nl$f)=+-*9fJB`cv^(=#HQlIr4(|=Tyl>>}8CV1@9dP2?x^~KTuy#A8-fg z5j-vbSDXfKgr6(3T2K-$1KHNohR635cAHg?tp==;5Z0Lm*uf_)WO{6*L-U4^oy_y7 zeCoAzx6-_zJOCvjU(L^ssy{?+2dqEiNW*DLOL--s!7ZTxih)lv;J7^tOXn~mmI7g% zAf41oVzA5e%!cFo3htM0{}JbH^jBKSYs0s3o|`sUz8%(d4~Z;Rlr#_C<~?kT=t$-M z-yqtLe~=fv9jhgb>{y%>VU-qD-{noB`>_n?A8%%L6@0+>6)*7$p#ERMvlk#h9Q072!lOX{HM~P!p%OK2f-J11 zUctht3jcSdKJQF@mfnsxnJm z;e5<>KF&EGIr7m{@*0-cCC-Ci%OAm+>iw?P-$h>CJ1dPUrBbW<0fN7AR0QNvio3}9 zZCAaem_rmk@L-vCA3~L*z*=lbT*j0>u9842E1tsQo+bew9c7v~7wkEf=- zRCxh2B8--6mBOLQbNCK3=~)Fk_j%evO`oKhVNc8`tb}#dh(bTZstM_NifE8#FVc*B z?QXqBr{bL40&MJKct*Ym9J7)Y(RWA>1Sr|3mBJtu!!6bHsYn8;7HJePe|>-b4Ec(> ziDfSH^z;zu8<_dz&U||nd!xDPbMD8CZ1sokj*9iHhN+2l>mMrrtph=sz}9L~>7%Lp z(IUQ!&U`0q779A(4-90GE#w%mQtWw5Q7qehOF^nx59;avwNPHH7s`GAOeoV>D6{K@ z@~%h=<&37E#ri2Nlq;HnhJH=cI*Km|Wd)YNQYaf$1RSS?auJ8?LMTgxK26jM#e`50 z%v~>(p~7A!>V;DHWubg3ckdyT^J+t(7%8FL_mx5!%~9lN*iD4enS}yxctp<|; zVwlEan4J~_^n$C-Koge3%@q77a<$GyGj}7ID9+ZYDuHj5+w7@WE%?&PwMLJr>M^06 z6z&tkeOkb_D%#-?Itz2KxFT>Q0+fRlu)@pL-6}0+V!n3k^Xl)c)nYkN;(7Mlfg^ZYa1uriE_(GB zuPCo(;XnM!y{^_f6xUHb0m~J(wCn_WW40FYWYwFO5ELx~1S;WP`y}5iz|tNY(7bfN zqHbdUvK`K%y{Gf*DS2;}^CKdEd{3;EJcy%!#;+=0 z2!C&#nqiLxy0^Yi_umuYHJDV$cVYZwW4qo*hm&pU=6+H9lJbVmZ{;alSm|P0fjw4_ z{3WG>&k)67_-VtH)hV23%;l8_A4 zeoFg3J*VBN<@32^7?palZy_u0b6D|4HsUfqz7l%4jtiX7q%-huV5gbHnZaIiKa1;6 z+{lQgR9UQTZ|5P)>#a0~DY|p#1!X)2B4^#W2g$?k;#$&h{*Yda9f}C{0X=m-FFp`d z>JOSw>~avOJXVR0P;xyvbCrC5-aMs{?-W5ibKMY6TLa?R4^wg@@$@nL%Z#*m4jB!_ z(_K%AXStCPPhSJ#nJwSSQ*If0SGN?;79%a5&-8yPo*iz_BKJQP&tAiS)%Z&BT+5Wy z-T2z#L5G{IyrRC^6|SGJ*5JRZf=kO+pqIYvQ9bck^C;U%?aHhwfz0ky`Fq5Myx>XL zdR4r#r{dZVA4j+oS$9ozORMQlck@l|wB6KRB=-=lr6d+$IggOfd1(D&EYOO5jG!j5+%8FJXv9=T0Fwc)E&bSr^$XqJfT&<9kELM zPJ0|#Nddx62y-xPy__s}^dH z7q+(&Y+=o$VmB?Kx=QxoD21KEl1fpjyHu2VkOnuU7L{tHhAm8C&L$^k7j%kM?mVww zE7MBHlHLx=Ahc1gnok5~e5{M5JJ2uDeOif4s?3#{jhLyQWwsu2v>nh_U9R7<7qRv^ zl0K-t6!#x6x*~rxCXh~=WbGk&UE=T@T#jDcx-{y+XlGaDU@GxPb7RH$4@5)oLa=^< zk3Nd^xND!8P_@bAnFh}zs14mrdxohO;P`Y^3^(1Q5U&I7=OL`n8UqJC1f>+f8kWEm zzA|-B$HsG&evLvhB`BuVFI9SKYbspeH@`{0mq{3@Z|Hv%mKq zo`UXh2A7xQ6R+|eaXTiV{t5(e8@@cN_?%sROB;(eQ;MBCl#je&P71szH7Km912?H$aUWXDDrOOemSlpwQGX5+~ zM;+1Da^4XamE}TtM@&@Z$7jy368R%6uUCZph|8Wc1R#}UbD8+gx(PG4WJQiCeFh`B!&>rWrd9*Ng zyK9zJ2@!ewnFT-nS7#=gPq_#T;gC>t-;ri=nrTiobv73=fMYH!gD(u_V#C!Nz_Ft0 zZ!fs%EDm@P3Hx?9BS#}}l4f7nZ&In=O0QO~q0`4EkUpOHBmugNPhq5@1q5j9v~ zl|XyK>9BCPqPu|nMG1)1%2`!UZdfsoX3ihqU@;?Hn% z+oO9mx$TzITOX?S(v{x&aOa~={>Yct<<6}`LjG#qOILgA-;m#f4X#-YzQZMpajkYf zPC6gi@?J?VC{nGT#{wxEesoq%Wkr>VJoJ%Dy%dGnx| zYVR>?u2`B<+TMe``5qptw+AB!W(#Gw2m2){C1}2x?~TG28otxLJX#xDYis*1TS)rl zALX&Cc{6|lH=ba!w)ayM}5FQjTsQWXxiNWg`F|Z->_J@aK2JEiwHb=j*xwT#qym$IuhhsFL( zdkjXaUn%`n@vQqVuNg1trXwl zc-&Q**oYIC#4-*XWdhF^o`4DBTln|=tflL@1B&aX$jyc6 zHYgyDP2R5hnO3PrYLf4;5%ktvTDzRI}=5xC> zf*6XdT=i~&7##S&z+*2`?=17}{KsL30j)^#nS~Px@{v!Z!a`E4+F&Znr?1F^Jl+_J zo8nv1-&Tl(#p|5vsq?EG*oeu{kn#PDy%4xdP7cnc{oPMLS7(_ zgV(s~t>?CC2()p6 z>jE&$Vf6vm0}FFEdW`QLq~?sm+ZQ?T3XrlB-Mm2N(6)67OY1&sG2K%+B0DLfmx_kT zVNCO!Fs8>xa?ZQ&$ZMgz-XpK+RGhcFp6jl(^tQSe{}18+3H-NFT%FN>G1~G0psDPe zrfPRnygg;kO&cC_1Le2iP{lh!;q03T8}hbSnzNHceVXkJDR*>Ewuud7sz##C=J;>z zj?-QBNdWg@VGGAtuW~Q;;U7Y(%_rbX4hlGV$R^$bn58@@^J+dSzbEAtIX2ZeaSIU?*zJ`cUU@a;)pHBcw?EvXKH_^6!hEVF$_pYUv_5B{ z!KQjmN30H(h}gEbgtA0MB1#-{gL5Q(Frb#j^0R+s#YaBMQ`YefI^dq)_fL&oj^YE#U;f$*cJLd00#_cNh`mJN z3mM@`q~E(YP?s9B5MJf5_E-6t3%^4-cKuDf24`f|<* z=*qvaZ$b&XTf_5MyskZJ{6T*hHf*r+6gpW-mauVLcMKW7k@kwUj->-?h+8iAr|itl;1@r!R&e)jjH8(kVRfW1y45V}q03BPJgO<+Ygec|3pDlci75lloKJIYr(i<4OCedtC2; zFf^r~VP&Hf{h0n$|EYz(=`PcxDKISZ=6-7q$;G+Z;_j36*0 z5H^-PJ{2dd!Vg?6MhC;{Pt+jQCfqdw*w+uij$R({>19|bV95gSl4|cAG3@DJWidt} zSfCO8KN4=NMOJW>q7TAhcQC&XR&Y{io_f2-3!@q$fjwTNIq~bS>zx(7E%XiTkNWGF zaCHMd)19Dnvm1?xL(0&(vC}RP|Abf>mEe|&Jt+Pb#)c_Q(c|y_JW=S}MbLq~!|9v( z32%Qt1{1!omzLKT4otp&n%-Fx_BT3cd8)so<~KM&lX-`?hXT%C)_-gL@jDgrhxJDt zIVapsS%jRpGB?#dhVu}#-EF5n4zp_x*|<8JVWBZi=omfATLuIFEJ z4a6cd!e%^#x0n%+@M4zb6$W@C4dder9kic4n%f`HVa7j@#VXtS;Br{KL@${w5!x|{VlkGwu6uQ*!!Ue}M$ zYp#F44Wohvt%y|uJu8P-nV515;Y{}pK1Dl-eNgO5!nFbW!stpoSuJ8$;BP^-xdZGc zozC+;-aA~J$~hHL-_u+_e#(U-Gh`1y=N{QUeO8vZ*Rj!tb$mROqSF)gAQtWJ&j+|FH?hbW@$QClD{^haRczRy- z?NB3~>+f~RZmvc;*8l314Ux9bHk`sbWPh_1&KEoaCg8|@C+epq{@tn1($wcu_`C%g@Lox$-mT zF<88jXhAUwz73HEn)%CI&41?VDx%nOGqqAjq7k$t6J??eM8&sUXQ9tSKDz5B_OVdk z)&sw}KhDn4E#Tb&<58aW4N=Fpe|3M6gWx|L?fza2#Wf6()ZlA@R{y{t<$gG6w?;gg zTdQV8B3FA+RP&R|iu1C8-E8OWzpAeT3XLp=m1BG4k#)JA!#;QFR%`7k+`)^>`9*PD zak=hM{|X-D3x!CO!!JApqdiCCJ@A%te+koOaKMH1j(-xfh+AvM=xeptL^Bs0FdgcD z@09;7sE4vJ(L|TFfCrf=6`o~M|N1Ym7uPX8^Tr`Ga7(pwM<-CxO z!!5>A@qY9Y99YYEHUZC*u9``j>p1X~vhRWVH1NFYe!{^62f;^}Uj*ASo-*J`ns~-| z9s!=4jAxI6QwpKW)^ya6-K-jTn4a%JbT7H@bMP!vaW*aR{0)(xIanw%Ie1iz;qM-J zfMDmQGj`P*zsQJp05KSyrnv?}DQzJUKMluJ$taF7Yri(`n6n6ZdWTHkY2#Ux-F3ul-Dm*I|#lUl)(wC>7)9{{^D~|vlGGDV? zbIpM_iBsiILtoR4SF|8kZK{fDfaP|ls$(GeUYRNe2P2NtIN?yuDb2M8d^(&yjaW|{ z#wQ*Vzx1c(rpc)#^B*N^4`N#jG~pS0b+iJu9ZZvR%pzg~kVE7%*dd*I`96q7;HCOB zPoLa>kqca|!Tusjz~1fXT!oySzCb*rKB!!DTEGpo03ceXxz0jWa1cF{LiDG4MD0@R z<-f~%VnoeVdE!qoP~E4DV48X(PrFnA>|V-`T{V3*S7!}GV?f00j%B2+zKGq$A3K!6 zZ}cthlLb(k9jPvHfkrwY=HB^&~pz6S3A)hu7!7^30YV( zK(YIYctj7dJ&tQ;m~a-mPl%sFLHRfQH;3F>sFgtg6hm(FIO1TGas$;2!;T}j?U0)& zfF%2naNR$uLg8dnQfDDgEo87h5VA&jHa5{hvvrX`Jp9>Kqq!ZVP<0t|wC z6*wb2#kL#< zYWcIfT{VApZ3avQoAbHm??&0E`P<=QekZng+T7RUmT~J|rOkac@|yjnt8@RWo_>A! z|1a?TpW3k>Z&39SAB1Yr}m%Lyn~@c!mRShk7woeb4Oww z^jr7d<7#zpGtoTOEY$qBCVWJjX=Q$F1G+g20Q_Y*KMmnK!8=G;KLNy-@7bkVb7U;G zhA7Rn=FgiUYp!C3t)+^5(Q8@e9mr3@XB(UNcUw5}C1m}l8MGcU14w%xvYKPS%0g-P zn0}aN1kUk9X`l(4z}9Veejo1hZyUdVgJ*ewtuf=)Z&Tl^@cl)UnB;*E6q@*r$eG4B zHfC=4EJMEGyww_S+1U0hME?~^#4Kz0t^=Av#`O@A?`}u1t5t4BQB;{VN0mi6Ph(~R zG-kOajr-_zpkJLy{T7h>*u&dW-W~0 z39E;K3d}tEQ<`kT{)z*Z2g+u0ZQc%)2nMo_DG+2QrmeNSW5eD=IBlsEl4X&T^$1@1 z`TqvAMKMdPXF=lsU#RLpT@;l4s3~Pgl3ksqT}Pw#n8@=Avwj_F=w)!+EyHZcdfl|_ zBH4IsAoQZf9!#;_3do;t3~pP0F`In}cNRu#ZhefP1zvgyFLlY3VOy`r3N25+*bKj! z^dCTwjjHQQq_coLIPg;qDSi-W zU;QeIk!TEOwmS{?HZ;dD+I>q<-Kd`b0-!KN-4OTz+>4-J+}0Er*%C~!RASwoLi-Is z0$rZb8Hn(Kh$n%!LCgDcQ~DM#eiJ}%Hmu)2qpXH~@jDprcxUrA^!RGj+M^g? z`tu9iQ7iCo<3{JEHFvvwOPAw>4x$ezsKOtiENpvc`u(5qI@d~lzeflQ%HmPH)++ly zF6&XVCC2o)_1afeQhhORFfmOURuk#>QUUTT=*8Y}J-uGpt$1XvM+CON)Tg{?+l_0m zzk}<48K|CwtXl%zPa9MJ4;p;^=<*7nn~W}vW$eXB<4jXLQ2Z9)FEmEpgz5UBD+|E^ z98bb;aUm}?e(TE|J_U~d0qy?)ef{wA8=(DP<@6|qmLCD|$BoPX2WUNj#41rGp? z#P;RU@Y{fX7=Zu032<%H4*-9Y&`rk9`aWIX8juC34BaC&US+z6&AqVk1hH1ZZ1;V1 zoPRh-{9i)owf?6`|C-F5D~h7O9+l&G-p>Z>-v?7@>-8PMw*J5PMMH$*+$X2L_=kSP5uA@t5lxRp*A19G8NWLsY}6Xy3HC zO;s=@6s79;A0lozFY#>ibLgA%xdLSa%^>%3TXrTVR)+!rO~`&i*j`FaC;w{!fXu=; z_YaVFY)bjtjP$|A)$wHk{sCm%1@ZIf|9E3yn-iUpoOkbT(3b8<%@xleg!7;FL0&Z6 zlS0kCrV(?4>QT3DfVwqMmx7RI0NtR|e3|NDJTEZL|6PE+)vwds{;wlM3qWR8j2YjS zl%}dG(;959j>f%i9gi7z0GxXr6q(GJ!QI*4pq`d7aw9!%JpZ-(-+CT55*Tbq`R3Ot zXpX~$hV|0d?c(6VBWJWGT(I`ucu1~8OO_3R?eSD-I%}=HG@p82azk=8jLBt zPI(fT5zC1=-H?sxUjbQ(XVBc72NoX4MI}a|)WpM`|IyTAztmuy1yXY;(m!$T+sX8@ zX;?ibKeoW?*HRK=CF;T%v$-fYny3zilqD918G(?$Ng_i?2OfZYri_l>*z_*n<%4L7<{z*^wE5ybFa|Ar{l%G`J>25p=>4r2`R*um&Lcq?Y1vpD52mruwC zB+GdK+%aWb4rXD8_AJw98hrmAz9T0Inl}T(s~$X!;bHdQ8UWpkhpn32 z;}-&W;Q`!#7)7>{+B#QG{mQ_N*-OK!rPjg(3i&gxsxzWNuB*Ef${+=8&A%)p#fQZJrs1oH%%$(<66+0!xP7_hL!Ep9@O;@McI zlAN}6BK0GshSaOcjhhj6pzz+y5{JYom+vI+eo~JOt{QSgVo+cW!ze>o>DD(%ry0G7 z-#<=0gL35vi`y62(~NAB1LRs@b>_&VNx1o!(ehNo~7 zGlqex7OC;M3~hWQ-}+As*^Yk5svf_V01#K1P?mGaAlez!1(M9m7c@B%IHfs?9KZH3 zT8%7?M`px3GHQ1k^4EZ1&CG#x^Fr0Yu|(9 z0nRuG<TmO1y zDwps69Y9W(;CGSEgzKCs&{Eoj!FrD~%hsddhZ`IUJQj?mhBFBAe926~KI6ymSe6#W z3I=%*H&62y=y8mnYu|y#6zI%{f5InPyYqB9!;a!d2l!STBNgYw;r=HuSvq4JPisR$ zczoJ4?NVxP!=CI+qHHeZ+z4zs4OqOO!idfWXs!8LUZ5Q0m_Y^&;1vs?Hk4hqQL&|! z5V%$c$k93;JmV^CVYv|jB!(#BO>_n9w)<&}5?W+vE8Rbb<0!%jRd=5FoAx8b_B^3I zE>5bNrR@xRE@bOFk?WM?e?|&CrRmBH*A~p)Knm+*{ zXr&Mf5X2Z%1D`77p={62urW12FVn}W{)9k6Xw}^l@kJ?2-QY)!NJ_jo2v5W?UG(Em zKnUuii;f8F0jA0D3u}O>o2vg(oYU=}YlC(7H6Rlgburw~Mj>>?pZi~n4Q+{`&E_yP z%F%G(0n&Q-d>*g@|3Ci#02u=f;iIV;)A8i;dW z*9AO=R1rkz6V4eJpiy@%Hb|pcf<`OGB?Qi>+8uPeeh0G9Psgsmm|@`4JHxQLh!7Ii zj#G1gN)g(KEmeBUp#E;UB+RaYx(Ii7p^Mi(HMGwVUSr@W4S1}*#njEkdE9moRW?)L z_%{nR7<)5-_=432=RsEAHv+;&tVVX0*oy+~eQ=OLlJ~Jfiq3b=uZ!4T#&gx6kNkAN zPY3;hBYrw#Xd~Pdq#SVuuhCh~P^< z5G&ncm>bn2(dYH^>kEbGfh{~=PtBv23wr?ECAE&4XEXu|ReO-u06MljthWl?NUl@GFad zuGq($yl_L;AA{ScWoJQf{v>=dkp35G58&R@SB=AS1pKG#luMXt=)qFep3&s?QbP|( zJlp`RWCRJ8kqa5llqy^>;ujRVeUldkICvo3M(D>HdKK{4o;!i(zU1TD69Sp)jE4mr zD3n!7e1&3fZoUS4DZ@eb{3z0i299_yr;)wYs$d)5x0(f83Og-1G277kiDtvaf$2?!1d>32Ts(3!vuipJMLCM)me#m zQ0)Fq-Wu;98`t=@_bpwok;o>4GMb^3<3tRVp76X37N0G9+TPQIrZYm)bh^pyTY@W5 zhck!$QIkgp&>`)W%=i0Ba+^Zi6|s$peF|9`5L}DnauO}}?yAx(m1e5q1RA3Mq%bYFt&CQa#TXKBo_r6$3tA|UzZY*IZ=1h^PFHz| zJqKK#^E|3v;x{o+Mab3wJU}%kDfBXT_kCewZ%{|Fk-!v`Q9o9oU7JWw9w}7=OB&xM zoHqCVd^70cMLzTj8%oi*;^7dlj)5V=yg&ODa%*rZhrLFX=0EdSCa$ zvsKxvKD=KIY-|GY6O5Si)Ffz{ti~6qv`{Tt0I#9|9B@3_P_VjH_iWL{cKsQQ*&_^( zppSL>NUy*I>2~8BZo`8((*W$l_ghibe*kY72X*9|aK=MTj)zAA`ZvMg$tFerRiDb) z(=5BwmqjrbjZdQvm}yXq_5T5ZuNNE8YQwr8qmlc|)v9M-_*v&O?v$0e> zJybmkUixZ{D|)o5{}yMbfYwpieG>1f&LoWyWP&DU^Zhv*OUORhNI&}uc}u9)8!_&J84KkumwfAw=xM=G9)0U_!msVew_YS z@e8MJW^42sy&QaBrT5^S4cGYO?;AY$jX4UDs{&`{h}YyyVw?y`I)`gwj7DvNNYdF( zg8&VLki^d__OK=dO;`15(7C3`?GIJ`k|Xyoxbt3A(DV3=jQ^%Tkfxne2+ex3F3xdZ zKCkE&rahczXpd{sliw2DYwY<=Zm$;lE+eXn4>)1OT7=(uRehZf)(-02a?vMY02;|N zJbvh%F zLfLy;cFzqNq$j-kF{0Dt-J+M~0T|=$4GD~1`mt{A)M6Y5+GK4B#4NP(OpY!CLWSm3FCgDpT+}gkHwFm<~5*RT^&42!r*R zxp3a6p(b;4QxQXfl!gH*xB*B6*@kJVMA}|8&!}`!rA}(Pir(_-<4u}kdb=5tn^gwA zErI*1)W(oK{4S=8SGYu9XMZI>>t z0V!PvQm_V)2o1KVo5e`?>*f|{S_U1;Al+u_9lX@l>pf;l*2Y;hNCIEfL5g|Sq%$U+ zM9ET69X#>Q9vf|=;UG?jq5eQn!;!z$9)W=a+>EqP@FI(*OI#fd^PEA@nz|TiZe}w# zV-bVF&91wf-nM9gMH?*I$lT2HGB<+_F%L*-K9GVNfJA7kMXM#!5r)~#O}*VTI)n60 zQ(x|-RbKCSOLDWzqAd~_I>l5gC8$X_68lSn`oL4N-eWJVpUG2#8s*lfu%NCX1G(oq z2dkn^ygJPmYMLnFBa051Y1X!(UB}uY8j4vvYS9264TKi&qiM+YPyK?-+C@|J zLncS+AC#;C1jDwE#!95uP4kFFCoQ^_LAqGihX-j)(EEl@vbMxWGbM0Oh}UO!^-&ie zbwpnds<8tB^I#wwfzbZ=DCCs28jGuqM;BpL%;Q9o^HDr_dYg;i>Z8>X;|R;_=Aqsm z8jWlRjy7#VK@zdWDW1l8Xp@gN`{;m=4l++0Bu}#}v4MHo=^wALszQ&@JzLdb;@#)tBTAQHg64JVc#PFasDhQk7 z=%6tn7(_&pvfH27=eJLAdA8@W&s^c5mpz!%_Jz$00vWU*!CtHv_l`(z`-A{EEkq+j zEWyiO6KsIaYu+@sh_Mp+10s$DZ~AC*h^B;Sd5GQ#f!m1@mS9((n8^4hIYj@ZPQE&By;P1;s|ikQ3oeLBGfTVS0v7@K6AOBR{80} z49;Ick{^d0Nft6UeZ$lt%=Np^N4rBQNq!d62Sv1D5ivenn~*Kuj#!H#9@V@QiC>Qx z{jx>>Y!oV^NZ;oM+XoOE>^@i^g?cC#aP9Kw zLM|7&G22`mrFWvVB|BaJ1Ce7Q_ZR{Yxm#|J(yd%-lSc#cXkZ@rzEQwJ-IFbD04d#c zkOBniZyxo?W26VO&23TI8Kol`q%+)lr$Xvp=sl5J&TLP}qcL z7a=vau7K7Tpj&pzk9WFGT5Tl)6RJ zJZ%O~vGIitPd#I_Fpn1H(WX4w%sjna$UF^+inkf*0wBdG3XlkG&!hJw(os>fM~wQ$ zXlw@QVIcKR%xlms_vFzw2|g=I)ALfooRX&>DA0};h;xP7`9l4TLQls+)i(PS>YZ`U zCYtQ({Id7+ZM+Bp(ylynVk|Ad^KShNH{9LGBSm|1B)5CB0eC%|PGxgtzaKK^g=tY3 zeIm_mZw=fYK%hBGaC4YYg@Er9rM^)pQI~R<+fPE`5+l8w!v`MfC!%py?gmDwOH{VT zkhv*L+rxAqgLaChzmZFwbG=8hOPJU(Q5qnD&xhztws~5TbUa%Qtt)cucXM)7<&9Xp zW6Zu3YAnNpa6<-HLvumEFa-KwXdNB}#syKDDlxVXn`gpwF-)DpX|C2YSEF+suDWK? zyeQ3&(z+3$&fj*T{u z;b&3WB*CYJX>v3r!wFG+Z;o~_N1V#lPUng%Ireo3!@Q9bXqU^UA1kY4iT7hRn!S`^ z)SQ@=mf>k=F>cKJSK^pRuEr&|*9rkRu!y=8$;!?((G=0v4&u8W)#tAiS%l&c_@#L=h2M}(sw=j&;*T2 zc-t1q$#GE;O_#vk^FWH(xrjOyQTrk(!O!EtU2#}uh8CBND7Jf{cQqJL>1Ljk;9Dr( zJr~7CP}yAk<|0}tF%HW!yW~^Pd>WaT=4n6kv@qfDG$x-m6w$^a`l5*TGf(RzPc!nw zI^d)AxS&}8BtnOa=u?SwZk{b4vkzR6vLF(>zaOMZ0Z@!}HMs8W5*}ahe*Z zX>st}uY~1zF<sG2Chc9xLSBN6O(Z5H>_G*MCE2l1N^&s>a4!J?kmOP(U}v1x zNu1*fFjmpPLYi2R=IS_ewIapUltTJ2P9MeTSe%YCSKB04^9#f_=4v~TLXrT9(CIjR zA(1XAFeew%j6zzTLE0W#S!iXvfh4cT>68RtUqBzkQ<7X0*V~q89ZN*7QmuEXKC~n- z0wtIuO9JCcxG#d!V~P05gnflew5ff<+)$YAjlF$(PedDtYZd5?*DD+;mI82a8Fed@ zQjD8h67*4m4#m^_PJ?<8Yl|>^sj4PuKp71zqp4*yt&F8uDWw<}{VG|CSb1aq00^X5 zMq?$?>v8i)f=(vrRtD*+kUqSU##DOWD08G(Mk6cPpxiw{UCPYvlAw-dFkxXVgF#|E z%GX9zhKE;*zK&s1+D_Q+*(RxPRKyMB7j)mOl04liNAW`{s7D3!bTDZ`C_78&NHWdS zj4bf49o~k8JNzspuwEe52h@sN~0-h>ptVDV}X&xz|lO=R3 zgLGAvKD?U7REOWFkjmPU3L06>JY7!Gg>tiN1$C*QjumKfVGq(G(~c_IiM04w)x$(1 zCW9Jxnzz*AqJ1fHUcC(}+zVhUKucQ4RBW%H_aqggO3WUm)VGwzmZVub%&aXP63i@0konK;(Eu~4Nv@nAdp|&Epw8ETK zq0OvN9bJ4@g=ZbVc(HbF%B{$JsrL?7##W^Kz4oc9l1WnJhrn5ot z{9c74&RGfiw3I$8r8A{;wiG;nT*2a85*Hr>DSZN@XrcfC>7{f;B7HY*&P>qU1g*{> z?Hba*sG!3Y-VaJ;6Kz+Yb#~iL@9GqSxgwPW8HRN!nCKn?XPs9pqlO zLH4>?39*5D-9`r~Kp@64`dlKNpD@QJX;P9FW{}suyf0wc|; zjc{89NQBl`(Q=7)aGBYmoVu3N&? zh}rE_4Xk6TX+SmC;>j}e({kEVPG>S$=kuE2LREvAV@5TNmf$zbKut=fm#g%*YPAKm zVnv^=-IQ`pJW3y@j7nob?4aP#AZsqi*pheZRshT!d z)5>aERgFzIBjDDql+)F6WL7{eA}I+eQ)}WgYV3tft_>&?V{b}%ux3^3a}@DuGqjD* zn(4^Xp?_Wju*)@ctcJN-RbkGqr1_N?)Y5IEdycHDFPb@RV|^uEs^K?!)Kbq{RMv%N zTvNQ-p>>H7b#|}H#%<$f zCECVpobzPOX)gQ1TeTo;V=b+aWeuq`J5^ElDjHsy=69dN@51H|zp`!Mg)eGpKeM~8 zIkP*XQmkXF>zm8Av4OE3uBA^U*147D=qf_%emjE|iaPYe+6Haod@UW4;HxS@O{#4y ztJSYG({45somyy}Tcp}XujX3c=1QOD`rzidQp|x{U>-Zk8ntPTLoP@;RTn>7XWw8d zZ0cNRZmFslIi0W7$Cu~A%nTcBYgvO#V$yqLgU;t$jybHR?W{f+NaUEOyTd@;HZb?aCA|l(QX<8J0?!9bAuyT zKq1w3nivVBGzv&jO#s1y9y*Rh+F3I%XmnMhZd#h7nLrxqtdqb_YS($pM7!kgHUl#zBTD%YZ$7WMN`e-Bu^CXKYa3~>!e&Fer476AgC z(?hTz0_lFk+~TH>+;k{|bQ|d%d@!E{k6E&x!kRcp0>eOj!7|TUbcT(eERkXeEvYJ9 z?09$EhGZKp)sDkV0ilidp?=5sWZ|$dMrfIbW=nj?sC>yy*WJ{^o#tpdb2QQC2(35K zVh=6x&=wDEWsVm5SZKrCVj=L+B3!W821tZH^3Vqo=@_@!i>N=*_zcnkq_6bR`#$ev zkDQhEdFVq4JO`roq(n9iC$6N-&b|T&thAoHEp~jnZLfAT-?Xwcj`VRXuq&{rdagQV z+G}j#9O$Pmey-bnmbuA8+dXt3V^RGO8^f_%DKqV15B2j?e?Lw3(-c40gW(hGowr1v z5bCTiGLxW}0R*dSKaG}1uUh6I4;}YF)ag1y!uz2i8Wr-k^-J~^`DwZY?g=sb&CY)6 z7kbpL`kV)9?r}re*Q6960 zO?_<|>q(O^i1}I?a>O>lrY(Nj>Ze0~I?Q}+l6=kah)uvpn{k2I01~0&e%dXOF7TM+ zZJJ_3;Ay0{*haG4-=MEuhBZ`zzwe>d{*>U}_3Jl+TDy?w7S_6l#mJB~CIs{I*pM*^ z`}2h`K%~mbE?YZeU-?Qu0C-a=9&tXXp#qm?_VMqf5j)${Vb3vGBkfz+EXaX=@fL8>Tn8sWV5bPvN{Mrr z-|P~go&g$}!3o=jcWl_NTkQHB_WiRzNmg}?t%&Qo{L6N=Bq38>y=w_H;@a1brZjVDaKU;5Rn~XnO$8 zL+P4hrS?dQOS!2qCW{70=(B!06;4U@cvzp9txd}o^P<}PsCX~iTAK}1bf;)x_oy*8 zs*j7>o3hQ1B-h9!peh3*@xc*$Y!-^QJu|Y*OYjwQHW_f7>t;4be*r72z27n29$-Ua zn|wMa&8F+4=E4{)i@^eyCbPdBTT`antueZh2jdg<%cuVN;2nlENO)INTmwG3jtiPJ zKrpuEQ@4EPeSg&45~Gh|bSQphTl>RRMImM6RFxO^HUfiFktLY{dxkIv-LNonK4 z;p^)PX?>yWs$B}=-3#m+(Z(V@9+O>lH2k0JF-6V@n-3C}<Jdxx zwN;L=MX3=shZg74l6=~dPg|L2!F`AiQKgQ?KFyPvI90TrNwtZfY(kW>?eLrl@%c4bD=!$8M zd-LFQAZ5Vam_=8lmA+SuddI-=C27F@BrGnmRroTHf@6S0sDF$)#aNPi!sdo7+L}dQ zWROl0dfPnenCCqdm69A4qkah$s!H3Oc>5gtLb$OM z_hWsJRri~D;Au#nl;Y4Bik}~&$r59`Eb~+rozJ2US!tfuGEXD(94U5=&|5K@8>0_m zw3d0AoySt_pCx7kDa`>=@B|Pj!ZBJQkq*f+J4L8_gobC3?gLWq=vV_OeiEY%5`0P) zO^l_aI4-8|&eitkiW7O-$vo7XeHFE4Uds)%$*WXqA=-4dmE0NjD_;Cxx^lk&@%~gbq_?|57o$OdCFlb70ckU6hvQ2){ltPi$cgdaI*BZ(|Mm zB%HsbO1wxjC$e7?EzM}qH`o}zBc+xv6LiE)N8NM_0wi#JNUG&)HF1cM9){x<)|LQ? zPk=5VOTX{~ZKIfG~=(JE$es)rkEPa&oPCr$IGi_KErfZI>bQ**cu|G2qAyp=B7=;F}_YvKs>c0Rn+79mHr3zHMveRKRm@*vIu87D&+tnr&tziO+O$;SA4ujKCUrLHO-f67G;{bC&bDLIyp-}9 zn?A*O#|*CYvy>;0SP7iiikDJe%{ceiv`yliM&_GXRhu+3gR>iOdf&1eNcp%;yCwKC zv<^EZ<@vUL#;0BMNhvQSmhwKEF4=UMPjxtD6W%hlsV2=bQ&QgMl~TTLJ5SAdCZxQc z#JY6Z#u-EJuZbH_`z@F%SqZ+y+VYS9^$4&)4th)wzSE{784Z04Z;ieYcIx1$O#=cn zFhJNBm=-`K^b2z(T=a;3VdzNx!_wXj5Sa1xD!*2wn zl%bK%l)$}hkYYmFhT_~2+H4Tr(UEe@kWR9?2FG^v<`W@tHk2)tsln12L3^a#Sk^tU zxDzYFkoCKu3q5)zle8;9TVyFyY;%y8hIwhaotAYE=JUN2pHkMJ1n5+NPBWW3B%6zD zu>&}@NQ9owAlr8!<&nZbDp?sMMv0u5x{CP?Qb_*R=X1yZtJ8_+w1 zwXR_)>n%3R`eJ~(1*v-wvVJ2-c+1qJSCy3Y%&-4~Uh(Nvonxn`fMRvS^#cIW1tm30I^b1e(VAdwoNcwnn{gWl25icoyxJ zu~q69LX?5gI9RUJjTCf^;-U@Q|wa)k1n`;k}jBK=KPB zG*yCk4N|8_O7iU@`qHTOZd6LX3*;bZeuUP+0w00oS4QZa2D1!CXKC3s5OHOxyrc^JbAWmjVPs zNdfgJkV8q#+?GQ-bLdD0DNYvZR7~BAy(jWzub)srZ%W{+F_2=O$5JhyPUmww$W8V7 zymYU}ITUK{wjyn3QJzo+6qXGxw7cXql0E!QAp5Ds7~Q57%h7Fm0Z4kkfELSA`sbK! zbE#u44a%vn8}l>fb9Qlq5q?zxeOy4FFq{#0ub~cZ=l|wvut~Dj@8}qdiT@ zF$d+s&xEFDaGnKD@9Y9k#-$E>^PfxbB{{UPASL^`1^THX?R-%H^LTi14$FQ|0bMAd ziv^JVi2}k~rZzd(nvu)0&l*td8C;ybrLc_W@~Z_7gbCl2muYQ|_#j=r(cRL!>Ecr? z3*4V!S-|@NtfpU%(J`s#ugWrKW9bp0_cF_Z?r;N)?M}?h)=T2_hhsEJcD$Mu3yW;3f#LlCgnXOhk8ihlUX3e zJd9;?jP_%J`<3!uk>_5M7ZpmE+_LVu_KmE@@;)Acyhr9k-lOuRyhrDNB-HUtSxV=K zc>y&Qp>C11yf-tSp$=fxLI+&=v_kD}siRlJ}$>{fj*9aGsR+%m~XH9qULA9nFEf_vR4Z zGPU8^))>SsL*8%X`#a`mug*=dyievh5az^e$a`5tEKQehv@!G{hPc4)G8f@-0(oCz zACtbt)S;L~1Gler`LsEo_GUa=Ca?wYTEeLZtmAtWQ_o@=3;1GG1Qr6Q2(0_M!5_u! zo|N(i2*$)>8Y+>V&olSt)4_bYltH@0)(0eMNYZ<)NXmO|F-?@fo%2D8*{+z{7Sm0+ zg!+p9y*uIApTMj>HlCaiw_!GEIJQ&A0?2zINU|0=E;5Umq>qZ}16j(Le6v>p^)I0D z8E=-O%;)lC19@*PrbESanAzMU*_@LvHnH2y=A@MO7RGtJn08B?3-ZnJ1vCXiNCsyc zC>P%4#SP?rxtNYg@U{8$UU5p^?-uJf5?Z??%R2f_6_DP=w$(a#jI#D|s8>=K$&0*Oy9 zp$R4A*LD|M`-`Q--z)R4W$wF_N}10uabV0-#gKW&V$q?vo-5=1fc_Em8unDV3QrZ* zYuGnrU?p{_WHR=ZnDCa^UP=c_>fbS^V0et(N_narETuk`)VGo*R??(OR7I~Emibw@ zI@O>mde=CLO(l>{t7KmxAiZ2-9w?=wrF1QW^qq+QCf=;^-l~u?UrF|5F+)wHWxCvPMGjn1nFaHu)Xqrt*oEUZBQ?W7tNnf>jhvOMnW zI3wBdRB2zPn|K2Mn?_^6%~CyId;pT&YineSz#cU0FO~GML@}q-90`AmGMZPKu7|5! z51VQli~;+w-CaqSxf*uMYIwI)>;^j8QzM-q_A<`vm2^tte81F`&79U{aQ0?b)J>J< zyOr9C%9O*-yOo}EmDIJ0Zphd6lxm+>a?3#MFf6Z??69NpiKQQ>(HO|MKcGe%QX|IJ zYU674i8V9@WLUx*j%9n1+ZU0|NGUEoLps2%!SM_kQ)TWhOWSA0W$T?ZafzK@F2hd+ zE#nINsq`mGr3MmT@{E zdQ_oh^sJIC10WHaQclAq(u)ZbJ@If7R;)DAWnmpYDZ{F~HyoF<`EYKi;+6r!RHt&Y zeL1~RPHoE5qk$E3$Jk<_5sm~QGzzqdsa1%I991RT#5`G2qc#E0$beW3s@zK)Pqd{> z)y{HSCt=4W%|0bGu!JUNoW`)n0B=H|O)ufMm(!7QI?9}4M;)BbO^Pi*M_a34QBd`5 zjPqnU?UgteCC!N?G_8b|W^lH{QpLNXyuomAwVX~!@byXhpgc7ktSZ-URch_4Sh)|c zOY(4VzMOs3;Hl<@#~R%%$5HDGOK2H<4AUM!CqQd`2W_emD=i$8)`=HKYAKrE7j-OT2nQA)AE-@cV zmzX8x;$t8+KXF`Q00PggYC0m3zFTh2tf09Sv^s;dYfS&5jtVsIzM3W7V4iPVNA2qBNB&$vo$6A)9-Zr8bG4K!HSy~;Hmb2HSTX4&7QzeE2DUE0$RUd%Bo?b`OCDM*n=D8}mTt)Cw zt6$b`%+)8hplL0_J?f<7*VNHM2|T02r0G-t_6%Z-4y zO-l0X+0n&<|4;m#W;Q&}8cLotNPbTpb!f&^?5fh%aa$+h-R)G#kY?0FJ~~`Q2kKIi--jw;$>Utr zK`l~}AKW63CEuxeylZoNKr@gbC4arjM9+Jfs~mkE0Uk5U#D{E~{s^{dtleSYjnG-5 z1JW?OOqf%3nuWD$+Lmixf!{{#)0A!cU7b!4orJC2r1mCi0d`$T9%(p^0jYW1BWnR5 zaIQ1y|KaUDpyN1>gkg4=neLgMSzrMIAV`83fB->BAeSJ*A`ndAGDxz*nU-Y9zB{Lr ztw5bEA8nt`W(EUDkYFZAFz1|e&N(MA=LF`Qzv|gVTG?lP|NGwmp0sGrR8?1XS9e$U zbX7ffh#sOG{I<8iu~#M03%UXaug?tg1ao?R2xs|Rw!l?zbY}cKlWwY~;fOU9!-#TD z-|Ofh5Q_sAbV%d`PPTBtQRZ!_g>5ZDpnTo#tBdEfdY@m1trQ&t-jiC1aP)kv^qyS7 z*=(n-UJAdjuqO)ZQ|Uc9AEd24G2oKv*n3Mj+sWB3DeOWag&n5Qh0-H)5u^u(2_6nc z;Uhg~8y%XX72Zb$&rvqEl4dc`G$-;Z6Z}ce_B!Bmz*^>kUY){~a|XF=NPEvcTagp| z5zgQ?R2heL?E+_KIZW`ysxeM=>^3N@b_X{~-UAXOLqh-vxbm88uqivTjPc`~o#yOzCDEO#0w=>oA?AJI^!hB5jdg&# zaA1W$gU|L0AZ_iHAyt<3Jtn(gvWq74`c6mKIh^hUnrxR}*xi!mRg;}?XfEP>yw0ZR zY-uIU?m*LAX;$g=2PV7XfNue9F$2B6##ElV$SarA>zmUzEb-AzO^k_x>>Lo=fAhc^Zv;$Zeve)5o7F+>C*`QF_ zLDvO8YO<3iyIFC<%Xh;Gb5uTrFp=gBumMM}aA-R>l+A-p78@Qed;OW9!+|It5$^Ol zfYfA*LfKS@Xcv>;G}%26pwjhnDcq6^XH&w>{7|RY*M+i$4)72YSm6UgS^rSh7Yhe1Ai2zJPe~x;HyBa9P>Hp-j*k}dqb=2>U+D{a|gWCWJf~-y?-E7=^svt!ku0HacFSL zy1ChKHyh!G-Y;~s0ywcITPA9@PCv zSw`r3IBC{4L^*8%N5F8}Sd;B{j*e%9a;OO?%&s`y<@bQ^x?7|C8ZgJrj@M+RHQ8-g zDdq9?QRn!2MJPQgkFSqKIT`>U@Zq8+yW$XC7s_Y5*#bA)SV^=uR?bDS%TcbaH60D; z62a~}z;JTDzb4;PlkJAj2(YiJa$>JLJA2Ro0qL@x`QFVo%PR{IyJayXhl+U+rS_{u z3u?isHI8*fhNI^ZiLW9AbV;?@;51xFqJzMHP%rX3B@UKOiF4q{&2dV67Rs+U-m-8Z ztlTWwAoXE*z$wwuhZzxUZ3J5v0ZlN~@ks=y<*Cvqaat`$AEry1nU=)=AUw$TBf0Dj960eu)1p&X7PrBRMPjCV_YI1s_EM6jz7pbuvv z*h#2~6owf?AZad~^2pmSU2BQ#xOKJEqw;_pzGmQ~ z!b*`wZ@@{kR^~t5h9hEFv}4$F=VXqZ^*-VK~?AB$$)V_1(E zHZq36^#_G@wdFv$Sc`TA??Kkhc60+kV9JSM;Fcw)oLc;7G&>p1ZdMXq0LRNV8)&=k z)^&6PT(rhGz^`fnEBpz3R;bG!z)@W_-H-up9Nh@m0w-eG$ynt?EIA!3XNOt>jj5M7 zuAUeaU0oZxfb~Te0)zS@+ZhpyC4>87*hZ($(b2q5Z8o4b8(Zm#coC$IS{`t3bhKet z3_BOY&P$=UJ3`NjrrV{^J8VZA;1U+hI5F(FLvuki9}8E;YO}?aG@nU}V0laxZMYZ1 zE;-@dH!zNB_Q8^+qk z1YjcOR6S>Q=vB`T#n;vb4LA}_4_EM@jxdzL3Oxg7)7n}8c{dyy!>m?|-F6O}x7Fl} zBiM=v_5v~a;L{vMYH|U?0^(xjY)B*npZM}Q<+`*6rbkz?2F^#b!w&eO2sS@D(BreB74XO`tK)3);Z7*@I1IF# z(d2tiOk*Y~yrl z189e7;0OZN!1VgS^QQW2sdMl+FqVUdXg8Y;t~e#+$KaeYYIXzvS}??BYwNRh_1WS2 z?1()4gu@aT@8e?WY9PwiG;kUMKw!bB&vrXRr^NEXwsbn3UP<&;h_bZ-+tt9FUEewJ zyIh|gcYs&K0xNt`eYUVZn^(Wucvm4^DqNBcobtjQ9I*ZeH-JMaWpD#+SOe)YYEyJ3 z!9JfL4#rj=@f&RD|A)Y${s`m-d*HET5uEUPI<91=V>$Sa?z7psN*1R`|Fq`;xt;zW z06u#FF5T1mIqqqq|LjCeR!gpU~stk|LXAeNuA*=3u-;4Sa}RY22xUcbtS zUzEV$G8w2~FPn8w2=xD}`pWVKWK9ES#P_si{{!6i1hyjq`hR@_Ta&=T$bDOXVh2Y2 zsRpjI4dB#QjhUS2Xu+NYKOBcka$mC&n~te)lGD$IDz{_lPKdFm?SkN4par`raDJ7t z6I8O2%Eu!%1+k0@zPrnl{{0Z7uj0T9ZZ1KjuoQWn3a)H{3gppqK#-l+B3`Sci)OYV z?O-=>K@xsN*m zN`p}w`dE?!h~KcM4uryYIziG9cw-{+6c`|nH0_}V0k8;%t*&)g+JSxG6j196A&x-O zehN^S0^2G@O8R>a!HF&+_Qwi_HUmObVIXRf)9bJ~+bAXN0=^$k&?HEhJQgUjaV%oB zM%HL%cSL$25O%zzy$XEb9NN7Re~8#K#QLEM>T@lnKO#jaq)@3c2Y^5$5ClJyxI>kI z%tdn7dV-OYP?dt%8BIH{xgmh2b8fp781$d#0WQSZ9R!h|hyh#siI&p$4Z1!BBDQTv zaU8^#dg4}i#LPFVkB3okYD9Mf7~Yctf5n~@OZuFsU{^t0x<*?)@q0W1PA#e#QFGo> zwwQEc3m`tJg>)frG>*S z-Bi9V6~cc!PO+b*h#Se($eX2&fP8-dCIiyg_Ecq8sbzdtPN#{-J@7g`5I>NmirMpSTqyy=a^avbvJdJ0^j7V4Krqg-p(w;`e zsdh=KC~RCE?^R={Xg;8k1?lWYnsO`6H9b9MR=T<|oo-4Ox6}BeG>8*2H?_X}$b76R z+u2k~H>oinxR7i!N^qm91zC%5vYw9{3_~5*8C%RIjM0B~-K-0LhlN z?4{4>(iXq=DcvBRXl=h7%YzW6wN%cy=;I6^{UihAn3*AFWk3j%n`w!6(!@DWb@Ka~ z0Qv4-Am78w7H3$?GWgPrkQIQK_&m*#V^SI$o+jnEN&g7ReqpoJw z#Em9<9a&&nENRNtXRtLHJU^8cq|)^nPS8JoHeQ)w(M#>1w#)6HwlVEOOWM_ug6wTs zy{0v-pr*S3Nba>`Q`;Fc+9}i9Ma=>vIWd4Bmx2%uwNi>LdPNFyRSGgDOO#~6VYG@a zc=<0hDZM&z`o^UbIs}!uquj zc?I&kDN&eM8-y~awKCZVRRy8TbHP!5O)g!W3;6SLwYj;$4)biF7mPItyII2S$ffHg z?5bRC<@aFuXs_}c2X!W?_b+B!UCkLx)_{gKPyL+#yf0qXs3)tE|Vu*v&9@D~y5v*nu?m zFq6H?gj@=%)7hGI2%Y#a(;0pOE|-7_1K#HlVKd9VmnAL)F>)YX$)YQpfjq04Ir7}d zA-8hS%^Z3!$C2k~PC%YxIgn9ZN87XGc4Z5wr`pOtD+A;?17yhAW*|@hW@KP91|Au7 zcY1|9Mb3BQke5Kv`E2$oCrKzC$E&V%VX8J9#Ln&;lV}Xrp z#Nj(zQDZu>QMs1z%Q4DDlTMZv*c7lwq$g}Eei>{qTP_-dgN&+f&7i`?(h6JBn%!-s zJZNRzZ>2s0D@;}hok_!}m>q;Px|!0|q}!!QwIiK%Pgk<-4e9FfbXuA&dZzP&bcyY_ zXzon4_oRxoK^EB@4^(mAEeZ|AW)d7?OvPXN;@21JpL zKH_kYakWWWW{)N6lRP#*Pg#`bx}6t$FHh~$hV^YD7U%I*73j_)`Y?#V#a!jKK_^P< zY!X;!;6Zi9%g%y*2L4lHGVE~~Vo*x;KJFqdf`!sTTa?Lec(q$z^`=+3T5D^3;7EA4jd;-JW7%KRgN&~cEuf;E(puZ)V=voiU3~m?n~-jR^c%mCvo;7} zP77tHK?h|6>7s0>skUc{9a+xV14e@~?ID?>XKM8xdLRv*senSJWwR4m+UYEQDl6nH z7&6wm92fS>vW9*cq@_uP-U>Y5tS}v1$vA#0FqUWTsa~_Nx=%bPC#i;iF zilrt7SudNU!Sh%eJWtxQneDYX?UnGz_3cCE0kYgwa5WAmG4U`6?P6=CPbBRlH=2E$ z#z3-ii2eduDo~#$c0m*IvigKA%H&KxRsxS}8sXnRLxzfEoH)FRUD8CreYmO%gYio4 zpc`WG5SDcEs6`#DK>mVM3f#kzUKNrZku!WBxhw745@Ngii9(NfsCXF!T9zgEqtoSN zJtMVFCCAfK>{%&dO!Wy`6v!EItpt{vR%gfWC%!brUXvmqeos|CjFLvMg9eT#w*ro* zw5r1K@Sw@Lm)w6Ymoxf`RzV!k4gwvW1D}cMW|)@omb3uJ`DwHu4Q}afZW_O>selV0 zRoP(EVCz=nVM<2IZ$E_DvJdgJ$dN9wjUii)%rTOFc?B9Rs^LT#^xv6&d`)=@@h> zU1Z0M&QKR-&_zHuVoaJnDNPIw+TZnP0?QPLJF*RkJE~0-WPL#A@@RJKxHjt2Hgs7V zp(fy(kiLV#{{qrvMk^rcsg^aWo_GbcWa)gtDfoGQxs}$ZrP?(Yu}O_XZo=l5K6Bet#M? zEnk&$c`5^2}b&~ z5?_+k+`~Z=@+LWhKZY3`Kk)^|-E5z0o;+lrO{lmL1YX)g*)Hf>*mdG{S%In$w$v_I10#pP&F}QX0A=E7oDp}kCDp}G2DhWvePrJr9+q>>Kixh0I z=LR8^~tX{!Ms!>ZEycZ+b!QT`x9gh0RG(bNGa!v)eiBP7dqYjP-(@6?^Gy zy?1%Z@=UfSQ_)pZx(UmWfz`LjN4$Jv<@U9xq4H_y;-si$Nn)_%aY%Eg0SciU+yHCj zrOh$G1ukjsG{F2EHYdm508VVeF|wk-@j*qnoqJxT7@`Kq{ba9ZZ@^AOuDGnYe9JdF zNA@M^pKTA!7G0}v`OG_VPdpJ&@uX%j>~5 z=r32d+=g&o3#$)h!<&`g(`yC>hz^@lFd)KkDtH;T%uB>-{Ir@TTaLsRI zjy)+y49%#nggv}USA))%Cdq=P(XiDtVI`7ZNMro>WfnKFmo*X7s~aY4gxv4#lt{ap z%EpDAs+YV`O;H zzOR?u_br!p&58=UMphEzpKs>}fse~pUJANjnkxrVow2Ugt}4ypl!Rj`VtaL?g)Ngd z&JBrFmRc!I6TdW9QsQofr%5RCCR?JA7td5 zmp0K**vsKzdF2*e{L$8;6i@>F)xY}gO}uEP+!u7Iv|^TJNb5ONg>!YVi&kW)`!m=9 zuwPjB4Bi8dojK^Fyt5M#jy9&nZ%GqNgDjdUau0M|k}AyriQQ45QYU3EqT&oNI!ZIt zyBX}BV`{~mO0zGfiNir8HU*5L&SW1qB93w>;$40*D7!Lv@6Bqfo+|& zd9zR3;p-@Eq^?0$-W_QpO@tjgp48SaN1Nk5*GXSTzYN2Jz#twVJ?pb!PEb%zVY`83KjgfGaibuhTr4kb53e2Skvt37|wV}oo zXW0|7#NeQ#&u;0;IO|PVt);zj$gwxxpz$!L#uRp713M^%9kikj5XEqFW1itG^iz)TKLeqkm@B%k1s z5s^zQ_~~gzdVoY?E`|jkZ#&7$y!PH6V!0IDNy-4Z@|Nk>I70Rf*Bz$m)~y> zIJG?_iu$vcFuP-8bhtc`&>Qlr_7Cjryp=>sdWRN%#Zg61nQ^>F+ULraGNYL9D)S?W2 z*iB6DV0ssd+C5C~!(Re_;oqf%o*)4A03&$%1RJvmktQvPfDE5eN5hn6b>C3FBBLRH zlM({5H7!62#QcG%m_0OOyhsgB4dl72zYYX1xXpPfXn0> z8KQ+CilL?9KcO>-sTNz4F=nkpYaG;Bt`I;R}}h zIfTDN@Xt5U8U)SsDbQ8w(b)v|LFnJGp?K-PkQVeOtQ9_u%;q6ptuG=U;Uf|Vq5%1* z8<0*CC|FP!kMMYe_F+5-q2H5OI);>&{sQ^f7W}~Hzk^2KM5KU25XqxO1P??=K7>0s z@6d%950KPjXt6_GzF6y&1|w20P^El099fCxgo-*B64`iP!;9%Cq>-zr;>BDk_br4A z5b6YPM1;%QMtW3$oX6!%4j~dmNkA=(OlBE0%16cY95wL24P(2Z}+`)lis>U>pu#{Uix^HtqSh&hP1A{wbl6%t*IPV86p#$icTHZ4FU zYaM6|v}I|Py5hdFGl@+>%ZK_|T_`!?BpfDIP*Wtk@pmMN7NGi_;-}#ts3@uiK_zxd z_#RXp;4Fe3ub|ZrC4JLiURBO=f&VCHJRCxJxW66xqBlAoOd{ry5%(G&*2fU z0Xq06{A++YBVl0B2O4M*N`1TO@BAL(k*@RAo2xL#@7P`6*~;NfpSvcU%9e8dL%Db!r2& z#`?Pyq>>F>i{%mpnz>Td`k;1Swaul?Nw+GU(IK~e4=M4{3f2nHJDuLXgYis+{s^pf zBeL`j42%nMs(gm=duX~Wy^y7Q4458>;L5^zIf@n{@-8jqKT3SJ8+kwRz3Jq`ln(}z zA2<4!Te6NK^pnJn;M_xdkdG5T8bWawghpxbq7xa8eqMlD`v?DIIpjORjQL0SdjsRo z(IWy?jitB~>Q13_TZgJ{Ao4aHj!8p$7m@eqZ2hz5ALWv1=;zHp$%SN-&<3;6zcv4~ zIoUye(e~f_(qFat<$Q!QQ9B^|Tl_J)ifALU0^wXa`)B;4$8R_TEsFjce*!B3eSc4=~5DJ3Y<)`ei4y75V=S4zF*L-viq3@TV|Y)T9vO{tfbNfX>(O;Mc%eq3kh9 zcq*pvkk_)#p%|VIkk5Y$&!<;^4zsAF_z{8x)bEie5`Gkh_KqMwr~eAC{sUfp2K{yx z!RuUTp6!yy-;*YEi)@Je^6DS}M^*Gsp(D%NFBi&?tW&n3)NZF83|oZ}&=6E(nqgMa}T%tIv_lE_oR5ams*+9nHOE(&os3^xt^ zS-26_B%*dr7R4fIG^=Gq(^@~PBWe+()zNB?LV*6$7VM@vOcUe;g&c6TVCeZP4nCkcQ3Pa=+M`XX1Yd8C<1#4crg=qdpE4$_Ad10;NeWVTb z8EtqwyX{`oA*_A;J1~geG2Z4svftf<-Vb{({zLKs{ZPmBU(}!29Y6or{^;|chJE7w zjC?9SGr)X{`B(K9^xtd#D)E{Jn?vrXQJYHvaIW;7SZe%MyjbO&PF zk=TKZ?dS&Dg+g}1aNC32yODPvVtXMGF%o;xw@%qSfD-m2&jG~uBX$6>{iqFOK|hFo zaRh}N2DD?yeH3|1A<-=orAQn{-#TUUBuY4eJSP!9fgrgsI|136Pow&$(2vg|*BQV& zkKE^w7jBtDZs3bZTtMGCW%DvhxP&~H5x<1kWyCI_Hdm2-1^wbW3b_VoWypO4c_G2{ zO(bq1aT9&(l+8OR;WqNzLHssicM#;r-H+~}`ghTfA0XF#zs-ao{z(NV>KT)>Wkz0;I9j?(GT}S1F*Y4_723X5Q~A> zU5GmuVI9{SjMZTfV+e~P3^&%z5jcK0ZaD(;;h2q(ndH+)VS6P0>1b>e1CbK!9)rE( zFdK`-I4s8E?N#0%qg=oJ_*{L>xW^+mo?64KiUvYGnxIj+@ND_H_Kk zENsk#Jz}3hZ8vy^yPXB^Il&SP2cY#@{fju?I@4!TAMJb35#ab=X*ojdfUAi<@k~iRMG|q>snuVX!2Q`58HiJy1Fd9+{A)%HJ-fSRBVzDGoV~y(e+p z3H*oCIOG&iIg8zAu=hM>=dd`B#X0<~Q#LQ+gbUbn5%UX>S{t(qxY1=CdI{INiW9Hk zkFI0m8d&;e*nIa4_*Nk|FtyL_-Q zq{RftDne?GBVl7n$|Pb;1QJt-douA(BWx-W(} zI?0$NLjdKYIi&V%^6oqmG8g`_fVk%q?;^q$60wMgh2&eOY%U=Qi%AsZW?4!?mJq&} zuqBYfg(NN`uBF5R=isH}?G?mWPWqu$#J!Su*ATXvh&4p4Cf}`d8Z>4t@jz)UVe1H6 z>ojP)4W#yZ(s~myHjvNIz-$D2|GgAVUl!=u%kpABi2#U8y$fJ?F>a9 zCLSmq4uHs>ZCXmmae_*Ta-6V}B>4nUPLhxl{H~Ev&1+GSe2pZQk+>VgcZ*mzfx|n* zeVed*gxw`c4PxqX}K9ryGQI28VDND!M!BLGAAJqh8eLNefYL z>dvR$zLfQ$qAwMFXjfD~9sTb|Jy7Zgo{g0CqlI_?wfoZ_52QvR?Td=2dl2;wp=>Y} zL#R2Jc5=$0!)W|a>KR7)P|Ai;Hk9^8Bd9%`el&`TkzksSrtV_uEum}-6(!UhL;v8E z&2cngEcJ||d@N<-C>u+M;0e?oPk%g#x+VhN6bd1wz0)Y0O2srPrqXYnvN?k$OsAe1 zluw74mk`U0zC8;fkI=L^)SgX$K97dX1>^RlrL@xuYA>f>ucF3E+7GRv?$y-04o>~3SVzTL`rQVHNX&Zb zfzo;>F8F$CZlXGl*-X`Kly0SB6XhG}S39V^o&MV{8nP4E*+bpCsdpb`d#Tt*#a?Lg z1Acb)QxBB(gR3@W`~B=3qWVD^euTyxrs^@O9Hj!Hpd6%~N~wLEesPk9oB)casrwZ5 zo&~>dD$YX07y1XMY@VkH=cwmA<>w$08+h5#cP>Kw51MwF+L!3huhNh!fP9_0uTgIq zWjClOgUcSk&MiMXH>n3oHzAG$#Qk*G5qGF@8%`Uka-0749<}e%|9n70?gN!a)cufp zpHTLgiYHV&rr$bc^BGNeNDxy&75@g3M+zCH_E$16fs!I8>ZMpm5)X!#&DoCN^y@= zyv{+g7_Eq6;Gx9N!x+T_B?wMl0`Z9)9>h2$WUOL2zki*e*yELtCMjZ~0(z>rCoA4* z;N7o?X^NPteCL$IW+?H~70(QXPgmFsg-usBqFGAfOvN`xF=j*U^AtC@{4Id=2};r; zh!3NPMT%Ic^g|02XUdwdc%U>t03zFA2U?;eELJ)$Q>>*>@e0MgT=9bU-%3TSQp8H- zJEt7BMu}goc-AO7l;s)15h^ez#N!q5ct%}&Dh^QDNsKcRS_ zbRqyEtDl6&xRt5Y_wD+$*W&vk`g zQ`mKgw4@9`WeUYHHx>1cLT@WM_Z0iC(&2$(+*kUbM~eHQ6UOJUlJpF6%qZfSBAx;> zPyEb0RyhoWqhB$D(j=pMFlG9r`8#uCiYi-168X~%|}J5dyvZD!@yuQX_(4} zs$!TbhN^wg5Y>>2*kIK&M1^k$eh|sbY&1eOhN}^y)Wnf$$I+@$4A3R2dyMKG2VsO% zF-|qds-2y(IYEsduX-k^e7wpgsBAniF-g@Xs!>za#L22}nrcl2CT6Ja=_;G0vYBeq z9F@&h#T-@42C}pKOw3e0vs6Aa0ODt2p6Z&bMl4X{=BphSsm4NpUZT1etKMZQTdIm> zs<~9{?3B$FYW#B5vjVb>d{b8jl+6Qb!hY3r0J4#(?10MltCP_oRXeE09#QSXs_&R;998?GQq>I!>`tnXJ1*(8 z%1)``v?@-iJKqM10(OK1XMy+>Vwa=*?FRI1`VB)gszNC7us*v3rbgaSm!LbUaU0s>p6b4< zvIi==uO>Z$ylAR;q?!-ae&~V9@2lj2ilu(sR~tG14sihEfFbcjWslXN=$TsksoMI5 zYCH#qUa9Vvs<#Vd!B9mPO}tkB>XglHT0&PXs)xq9Ya!h<-c@7WG}cucih5|_-L;?h z(u|&3KI*Nx^C6I;#`fvQ#Q9~@tZZz7L7wDxGnHG zQ5%i7Y4%plw?i|w!zZ&{ntLb2PSeC?nMP3+ZrpgsO>*sXb>v^xMIyI~+c zpvCRiIv&!DgTVX|&3#z&9@E%SO&rtAqgrRDY?i`tn&v6h_;H!SgdK;9PipoF&39Te zPC>V}A3Co5kF}&{kc~qV&ouEAh(FPsnewsbdE%t|d!j)a7s^&Q96Yi^cb3o?eXiWULosJ=q%6o3VVR_GYk>^kHfN zqy5-V2e8Ec%r}r(g>VX2#N30NOn`$~(lEw`GBJ#ap>XIng!w0L<{85H-~fnZX%`v+ z4*78-nL3)WV%EBZ*<)D8am*OY3eW`R9?!g!7@Nq%Bqk=Z&Q94ig~d;1o+*q^W{~g$ z(!wl2(-@n|lxd7iW$({miPM>H7PDpoOLLeTQoYQBV$=h#3o6+7f0jW*wI?V=1t*g1MJ7?<$!uMyz7)m8`QSJZDuP=g5)sUnb^U^b_j2IP;xk)(L2j)69L!$xU;HB{@+7#d#*q0r9i`_Bg{l zXBqdWuQ>yOAEee?WUdRW*=1&5VxL@P#ub3R&fM1+#HeF8Sd{ZCV;bIM;uaG(Sp;DH z$@#Zg#^P_V*gFiO*vW`?Hv%{xI!_whVcKn`-C^`Lt9y?bcY*K&=DyF^BgP)GDCd_w zfhcL^x*N`xvv)w>&a)K-dxS+v^N*|d=l=Ek(I}G4ze@+K*(VtI21G!zu zeMLNM5TA*LaCI=JLpa3DE5XBf*iin~2+oJ|$Wh!L$=@E$wPKlIMj6Ac60VNnspGgk zmVY{dhmGeACviTJcSlpWHkq?&T$#%CX)wSjYKV zJ{oP|8id5##+9wywS&iP=jtv9!^g!o&bLCndwAGx-VkCh?&XmOc>I3uJH)kv9Kt4Q zhq-!$D~EZ?F>W8_AD8m5>y2rJP)KIa6=FFAk3qh9jXU3B|3@7PTb>#8^Gp@(+Y z!S>X(o;vHT8~M7@TaU`u*Py<7SRcJ%fiC*#@dI?bzusY>t`+L6NN0m|UZjT%(pwDC z>krmH9;Sy4)fN=^6|HI#o}brE4>FHb*D3b!CpuX6qBsJiYc@{ofbp zuK7A$q-zUxZIMnF>dltu+G0I@nO=LT{_iVv*K(b%(zTVkwo0cf^|Up*wptHar<1jM ziw%11^?KeWJ#3?%zC|aSb+koSHtQ+d^yIDjn>+Nl?YeK5uIvbH+6bT z7dQ3O_>LZSTknGI>GoaS_dr+g>-2#x?(4VEBR%e+?t7w#J=X7|XS(`Sr_Xfp6mVYX zVbApruXO%W&+KB@uXSHHL+fg=9){B0aP=_M?#6F>8Fo+O)80l{zTxX@@IJ;wRA6ZR z3^u?}`Ww~&L+x+eL<0@2&|pOntkoWDsKX3MEGCK!KFIiLgkcXie4`9)q`^iT;G*m* zF=ECT>NrCkYlzVXFE+lOVA$i0PbV1~q|u!MH0n(?)ENewZip$6J=G{hvkYyf!R8ps zY{NCrh@ESw3uLZcF~{Juq4q^a*g~W25`!%^yvq!Gso`5;Xv<}SU2UbIt}@`Vn4ujtSgD~MH+ZQLa@-hzPa0t- zjJBr@amvU&YuIND-+4njXRwQgcER8mjgSjQcXZjXFBzX*HNvhKZLb^RnlT-f85)GE zy=7=OjXJlCkekMBbjMI{14H)=`>xU9fuY_v2BJrX{m}T!6T|h`xQd<`>QiF~eqpH3 zjsEDBVZSswbP?)nfa@mguHr8}gsZ!_ih2pPrx=2J3pHPS-B-{)BCTvPSC?Q6QC1|uzi^ZoU5L`BHtWYNiHeMu7 z5{VPx3)~c;P8MHIgTS;g(}g-q(3v7`j<9Eo&hvz8u83OzNU;lrx!(!tQV1+guPMtwg`2z_+pzdwu*=yB5}Luyi2%tio897 z>;~@k33adNct9BY#e8%~s0YQDM}&4*L>?3NQQ<2U>T&TOCxz>Th&V0cPKnNEh3kyS zJ1?|zVhFk@)C=PM%ffX@EJjy_dPRJFT^QFyoidSlL-=k9^``jhjtILgBJK(MuK3FX z;kqyK9tqwnI#HusHw?GiwhuKOAAY zAa&O$QyXcvgals2X4q&`6q_j}rZ&ceV76qeIS5TKYmYboILUNPG?S*7VUx|a(@b@$ z*%!?)Yfm>bW|?6#&0c7ZnKs*OJkPY}nr|;K)%oWCEHcv;nn_E{_{FAgnHjd!?1@&G zY0FK|D$`zR`qr50YV*(Q%(S&;{SBtQ-t=uU)s65ia*JtiHhtSnb*s4#?J(oEo1J%= zuASyiyvI~`o4fHoQ{8LsM+eM={ig4bsU8HRBWB!Tv-2_2brj%AP4zgyoix=GW~b98 zJ7p@TO?t|F|E!sK#`K*x)pKS)bkP(S%+$-KeaY;6)pT7ke|Ozv*Gw6h=bE_-m6_@d z^AER7ann4A?wIOr^Jn)UEqL60Q+;Hzhi3RalixMJd}78wHhs@b^{H8aUO;B?xR<8d z#bU3`*4-?-tJS%OTWG0878_)R z53qQDYb_dLse`SrhFNT=1s>XDsP*m$%N}m|Mp^1et1lXD8O2swiDi$mI*+qlW3As! zu-JGD+_uPgYd4x?K|riOOtFl~)*&>_Qm0zI(F{wQZvAAIWzV#Hb1ZeX)fLUNTyw3C z3#`QXR_8^QYoV35#L^a9>(MexU21*4!g4LQ?x0ncy3)!=Yb>_fQr1}7YOCcs%U)~w zHdyL<3l20a*G8+^7R%mj{dt?^+G-6%J1n-{Qg&F{c561;WvM%@acGa_+HGAz`z*HC zvSBrof3*Xaw%=k0EV|!{I%H`Ft&k%YIc#MfvuYo;M!B7j*mrm-!~%xKd&%lNXzE?MlV z#jaQ(*Dc7;s9&~>OP085gQ{xD( z8^G^~TVV^N`anymfvqn18Gen@Ym`Cs3xACt2HyXdmR6$%g}b}2G4jZ3w|}EHsiii> zKZQ6a;YM1GaU>qQ(7QFJk+&S+#siWBkl~J4 z1qlC)wpN4!7j$GTkBI+rZ(jttJZh<*;HKc@l?>qVz7l04$(}~yhe?WfLbhVEQ^`A5elIxh0`S6tPy!I4JgovEnu`SD(STYBYD_#IbGP1+ zX902p{bx}A3Q#BzRiV5Z!Ow4bsNM>wHiohX0{4bTJWP)VniS}B9;5F^K@av-KCs{-Ta5lW{4cS*GK4S>5jG4i zirhe}v?{1tNlc34261Bay@-eF4S1yU54bua>-N8O^H`u7E<+Os{x^WS&};HH!DCB4 z3x)qxXg3O24BikPA81hvp2DS^a+VDJ13;+7+v#n29Dvq=|LcO#mTo`;{SMxJ1MI+k zrQq7!dKC0q2yhGi44~zI1@I8-@Zj%ZBk;Zo2l{RV4QK|?E$A`|wI)N8$LIsAz7qPk zJfT7p>Qw=oDZKLPqa zA=9a>CNyt(We%Z#1-AaX3P=9|9J#6hH3H5ep~BCq!I}CWp!LcLDWI_i*P%yMy%BWI zAFDBEf(Ga!-q9xk)J&k>G9Yg{Q2q$Iuxgup!#&@l9FG0^DDj&B&X?7=5&HMJW)9aM zfkyrBv<*-n1;&pJBcM7TQtEe{{z+oE?)q-0?a8tLS6`BETFx}ujZvtbW zE{wB}K&Gm^{xPV91@JM{N>vGjG)f)qq&#F=R{zTM6PBOpvCqM%+RQ1m$koTaA zvw+yg&^nc>B`3`4omD=8d;zdu0PNo?I#$4hQVDCqWFjX6hU8?>>4#FrF%=WgSAbJp z(Z4@|ybrDVL%5c+x|~41gqEm2(7!+5`aqFBfx7><&Z#;e3uRA!4i$8-)ZbA3*T9(x zi%q%yz6(@y|1YS*=#nf{9XZ0W9jX$A+r%-To_?Upfe@f5zi5pekY=y^^i@ecA#vvQi6WKTQSN0Xr!UQ2tpBzzWgp z{9W4LZ&v^|fNx2)y2T)^JUJhhcRv7XFy;O|j{h!I7f_A;A-o!}fZEO!B^RYi9T0j~ z6x0xtrH$ifw)z+ko@*UuZHHOYS?m58S(jeVX@lz1fxitBs;x9~1^ET9sjrd^C+C@} zq(SHX>y5N#LcmI?<*a*5hhFzD5tR#XD9k?o8MW#{HdNY`zXH;7TB=GqSSglCin#$E z$`^t!gF5Yx@b4_JBjtQ9HLcnJ?}y;6tlL|qn^R%-e+xS9y&%fp{QpLIv|KhMvwx>? ztB(sm;NzRwV%GHv>W8ikQ&gg%7w|Q=>GB%26G{UoedTK z738OZW{`$QWd+|KYcS~v5$8-Ot-n``>wC2<^b0^>m-EBMva>Zw`vH_;bZYuf0#yHL z=fT$01jMc-|&Sw*uXeMqc@(A{AXWqW~+|4WqJr zs8rpVeFEfE z8%zQTDP@r-078d$lmCzp<0>9jKsJP#MD7rLP!9tGAQZ5Y0q{LQ@V}Gf{qJ;m*BEN} z1m3;Lc|ei;gWnI~s$!mafa-gG%mAc+*CQw6a%ibn)G>fOK=)IpPXCU_52J&^DllQ# z(AJV4xp6M%N7FI9ORwO^zoYTvX>eK)qGtdH?>Kk@P9DnZ)nI(dcja>UcP)NA3jY5R zH%e~~xa}QW`QFw$I6NDGE8qEX8$#H1I^(O<83opLF8uqKpgVHsE_L9& zpt1qhZi-V6fqEExkcE!_*D63+@G=XYeOl$2M36^6Qb}@w;q>nr=NhbO1UfERht)pO zgwMsmqg05hpbY|Y)CABD0TW%qz?5F8bQk6JKt6?8NH(Wm!L}pN7pZlB`{AHIP&+y3 z{Y|I9Hb~XK2I5lf{O`)U%m3~RsN!c%(OXClke zje|d+3a3^6rGX-8I7;NW0Fa7O0PXVt8Q6u1z#Nbe;G$E75vjs)l(Z3Thky^BCqh{Y zCoRzkAR*=X^8YaQp22Y~OM2k+IaS?xx=*7UrVU&J4ex1T=pAV8)q8I>v8$O`t+b(# z^qwYmciu`9k~T&mY3aQuNYIlYK<_O`kf660w4nDEp!ePY+%Kz}_o7>h4gDZMbXR57 zS6@|~tUQ@nAmm4H{|_|8+8;MqiO&neGJmf=|52V5ztAB438TqsU8uYR^0Srvf2=+a z+W!Ia{|q@jv@elZ&hspy`5$DuoJeFJ_SH}kgn}Ug{ z!emQ3)U9Nk?S3mgg+J(ns^ctJWSznt{D%$;ZVZ3Hdnb>;f5!i_!v8-L+VQPy%nPV4 z-21T#p)~~U{|V)<{124*kLV+782>md7c+$wh|qAdO3GjU%kYr?z4|URq(3Hruq3KA z7TOoa|HduveLOV$i2Y5`_}kw`&kUbT5>Wqt34hG?WQn2seR!^5U>xX9XwHVZqhr?$ zJ>>o#-<5`E1SS>h1EFUcHY69!)FBYOn*JtS<8Sf#U!f_ULl|0a%Z7({sPAaYg-tV5 zYvzw{E5kjjW9UZa<2&J+Q-bQMM%WKO6oDdnc6WgTpDF?`}-OShVuiVz(F-YCd`J z^jX1%>3DqO$G_fx5$IyK!J$XYw}^Sz0FeX8MawL46D-!lHvN$8pV<+Pn}k$2KJj1m ze~uJ5!}Ouzg4g!mE3XJ~0IwePgGfQCBkozF!$QZ^!|GGpQDN$~Q}{q{7UBfTiNit& zIwr(%f!Bbs(rtN+^gJ|6TaZslNy7iI8Ss`Y?v)?vTDxsSNH&2N3 z&}|Fwk-k*QYJ4wdBHa{jND^~wcwa_H-h&YJdc4kx(K1=`4vki8oJwh<2#dxiUo84w zmwq{3pQ_1!Ej~)~Px@SG`wp?ITH0{7JZDx z8xw;ojdjhfx#n4M|J8h}h(Y8XebQ)(PE&OZAk`u|OOMg)F_tlimXFc$M(Z?6&&5y8 zJzJ+adJu?uba%T=2-(tUGc4qZu2KT4oYHl;U&m6Sc#j(N0Z#Hx&0Q(>;jOa1 z-)6gN)vsA?_-nrn`Ie60Q?bLQpR$TOR{a>~Owy6#$y8|MESKDcn*=zEK$UJ=k4#~j zZI&*obkv-OPsK!CN7{sKn!Z4fs7d?c^ee-`IpJF^ zX^5+acYG*cG;(4YYu$*;kjQ0#MTRTURRzA6y~KgL2#~!Z?Xty$w|+#0HYssE4-9R% z{@3Ox(QJshv`mJJux275T13%}n9|vr377JSj~lHrE}kVAkPwrZh#WPE7;iu1ys-pc zT1@!kM^u;{k^`Ulh>vTnvH)^SM<2);nE8AC590Sivkt_2G!2QE0=p5k9@Y7~QpRU% zh-(itSmInW+_1}rVM@}sb znE=w}Sr9Q2*|~jECL;G7A~_=Zd{N5oeCxV73p33&*OFOl(L?D0G}{pUpF!N;2L6bE zoXA>}q#8(s(L@NFCuL9#d{;qA;99AW}Mbh-P&f+=L_*2o)*HC@Uv`o`7V^D8CHZ8S5t`tUtPP_D&8Jb=v3`1Y4>GK4#vgvnYCA{q2YY-)` zZqp90r(G85$<^G5e~m78q5Ra!ZdxS+_%@x-Of!}qww$ifCq9{a_ z7UUVQkRE36paoZAuD2llk92~#_9%v?XwnCCh-i;Mhr9`YCu*_(+UoFvO&rrg4}AE* ztif$U_}sojmzeM-BBCQIzSpEk(JaXR_fDhp;LOzAI$c1kCcZziRTAbdl$b3RV+j^3Zgyl1MvjTW(;6WYNN`~#EQR}$9&nf=VON#Z zLfoCh7SRHE)Ebh9BDj20(rYE}7mHD^R_7_D5j}TGL^Hf2=WUt8x7cGBZd2v3J|9X0 z-Dr{4d$@!$0ay4~URwk2tR^nYj2OAo7;L{L5PzVV;{hHR##kW>QHqFd1cql8sr&gEkn>c~*r1VTSdpTotm0SdGOxaxGXFT2p}`6O&m$57q?V>uA|- z3n0#`_QzszgtUgSx?HE@j;M!lqctCy3Q&uI4h*-`TZ21rQgXQCUc@0vCgrICK+oY` z%YYDn*v20IG|Ns^xU!zUn+)id6u7iVqv2Sd7$6k!&|EuBva`Gg2(g9og^)s)r=K_E z1Sd^(IzJliXk82dRmU=*4~D3Y1u1itJOf2=Fo~gBCGVSIJhsyd9&DDkTgsYPS`q7- z5u*U@iJ^_E+*CWwi!soR>KJPkmM5+&d+Iixxp9|dtt+s?WzMiiP~#l#;6h>-TDCQW zkkoU_%`tRDNnC6<;QBw^K{a+Yl#FCw7)hN2o}vW5Q8;hHg%eTP3dttBI0sSGtmJVK z4?T&2^CyqY4!Z%L|5XkQJj)vadCsPoP%4uo9>WhY^jMWV3YKERCT4js z0joTUuNiSDx(+wo$8oPdISpVyC%-z;E4j}Cl=D0xzS?7GbsVjUqkVC-KMp9@dYCVG z3a^DIS{IUsBDl3Wj_Q@X=`luI42^WrtQbbQ67uMMg1t0zgU5QrBaV8^j|oP5f^&VG z;_pfvHK}@QViLE<8QbD$Yn*jc98-f^C-=n%4#u17!Es0ZXCcl?VD2I?*)N6qaGv|{ zB987VSq(A9N*Ap|f?Do_{4aoXJq&5Ti=M{Ovp5+w64xAK>~qm!WVuz4{s`V4#>J=W&G@iZo$#}Yok&*Q?pJ&BXm9(^H_;d%8H zUeV~W@Ao(~pX1STe!)8f&p>6jmH+;{!Pq4;0rJsaRY zPQ^rhf(z5JZ$0G8%||BFdv#m+X|J){NBe!aJc5UOjtzKU@?GiJLoWE}dlC&#rrF6f zCmDE01en4*UNIs7ydwiF&p;6E&&Cr*4Mk`8Xr>Pu&eufd>sp-n3VHM`B=4;+z#7*aA5HM7 zi5F*_iKh$k)WQ;xrAUrTqRC0lkKR1qSeE%{wkr27j=p=1b}zMgtzW$S<1@ z8=2q_O!k`}<02VrjaQ54-$9!2shdT%jkIHbv%8Dr*ZMz@=340 zK4WD<2gY7O)8G}>76fDML51>b07d7d(S$TLzDWjV9i~-F5;L|2j}HH+j1bC4$uujC zs?un68m&nK%Gnu=@?DacodJ|{GL$?N@z91es!{U3BpDBr=~*(hu{`~tLoUgnx(w&E zG^J@Yq|tg+ZgMhJry1zR>@@4lG{x8bVC;h+_^L@yt4lYhVdZq(8rzWs9!ToZvTY|? z#wF|9x#hEIbVx~Dm~2c)p{XgfB$-=&z(^XyNS3A0sWdvBM)%X`0V6r1kZed6XBf#@ z$aCX*dY1Pnjjk(s+mel%6k3r&^-A71$a9@Y>%iB$G&T|3-fg{O@0pQ?Ljdv zQy-rx7i7@f481zTz8FmyOEUa*8S3)!`{}{fbn_`UXwru?V_!-K*2bH14vqxkdnQ;L zo~1^)EgePY25C}|S$mLTU_ZK)N)J<*wRNoUj>!tK_9T^N2Wd`_)&^-^5Lm0Tn6(cn zqB;v$=Z55=2vm_E)hc=4QjEu`^dgnMvpoHg!*oU^w{h_uSx$P@KYEm-mQjHk_niHUv zsf^_rV>uGWvL-+mgLElKPlNP~v0PSIcBG2S5Jgu)@=(M>uYz=6$=j1^tPaqI0PSOW z`eGHFzvF*lE@^Q=|4q$xJu;q@W>sDN%2AnXSrKrm>mM@MX7JmJ&U=xmttcQc$l zAvn9Z`3re;Of|nW%b1c)Gqb5Si{U(CI0wRT>ayuf9-YmjmON@@IOi0cOpymrWoZ^|?F=IM=jT4)mP&2uzyoez2RSk*b6Md$Ov z6Y+GO=F;8C0+%GrE~Ghygh!eAI*-2O`E8mgVd|cvd#(^j6K`-rv^8YQ)qH+A!V~al zp44zB$RVD9x3cM6HWRldXjEs=!VFrkCd`{yAZ^ME5w|IWu4mJYYXkU08)n(F|96FmrEjiT6>*$A5=7ZVEfi3QkVG@B&5T3Jug85fdC zdT4a6aUk=zO+ud>FE{97UNNA}FIHWtE%YcX>)Ge>NNMA}yD<=KcL9y(b-`;^4FImVb=nwU!ql*Bt; z*;q^mi=FEW6h~JIs7aMulSA7JjBN$9wZOUwaMYF9n(J$k-d<#BD-xrN)uq^vi^7(! zCq>xu?Uw6>fm?;l6WvxRi1kPa8(6_(X$(?93Zms~tDFm_!v z+=sHcD1BRzxr=*hqLhK%^S9IMX`e(Q;@fy#WV_Qz&4impDEO&}o)&RO59b-1^Jzyu zHYuJ7lM~e#J?s>k2`BUEV-XjgQcP2eF-V^~@gQBv6QB77)R#_iJQGmFLo40i$ ze!elTfF>8vqI{kS_d+NeJBLuJnSiqQi|GM_Jkyy$ZpasBAdt>>Rx{xg3w%^e*OkC+ z`9@6vttg;+7HGqnLO4$pcbEz9is_*$c{rcW6o+TR$zu7rliuD*jO(J0?-HH~vpef^ zJ6ozd%f+3OGzW&kJ*IQ`R=u&E@e+zG?@I!oO3XIyfJx&^jB^DY2%ecFm*+z7ImJfH z(}n`y#74$eD6Z7lv`@&)^ut&gRtK7KPQiXW3D*kQCnGTimNRm7d8m$aZ7~jH;=QTU zJ!B|VIF6aXF~c6h@c{{FRZ6XT8|}0KN3ET4jMS0-102?c;o%1}a-yz#p6UZ*cQ z;m#mT{f&_4Tx9ETvOR9&yL-^`T%BrdVGftta1#!etFra+rM57@hOWr7?4!UzGS~mG zyN92blZ9NN$HNHA2FynxgJTOD9EUsTt)0c6M9w)I?M1FED--mT0PK0#fZ2@Ev{SpC zW;v+J0bt*i0rM6z{6QWKk5L1KB2WMw1Y;ZIJwW<68(p#?uNwn9PjW&GO^tDWwug+c z4ysn=U@{%$Fwl+fcI!7gE7<`MgzM<0nSq(62^OKP;lUp!=oyawDVkW0AZl|(s9hN2 zJhYc{YjC?0Rbs1eHkx8%9P1g!T13IK5oJ1(G;xLvI_IEf#?ctV1TD0QM#!VRA$cg` zp-T=rq2wV?+BB7wYB|f(XOlb@LnmXL^$vyOo`Wu`a$9WF=m^u(;P}-#9wsL(H0dsz zY1d2>Im<$r!p7J-l69=iw6O`ZJ!HcC%67mxE}GzCQ1|S{83$d!YfNQwyolGM{!wuu zP>&om%SBZ#TJ54WE`XXH$DrQX#q2nMniI$57$|~stBY!syf1d+p@W_|Kr4f46q1dI zajt1DwR##{v|g2)>Y#Zp1KpVIvd&c2x(v+sMh5!ZvBFbjwz{29mW)sW|~y%;MS`d&4DnQ6(*f?QL~F4y66$3fkhB#wm8Ij zMsp#A21Pvd%tg1Ayq!q6V$vED2>>aY)fg0WDQJno?Lt}sbwU9v4!9~mbm z#Y0sQ%j4{;;$VxNFeA+#8~8qMKkm+5zKHJe_0%X1$kz&T)x) zh@+hl2OSheaOjVxLrUC2modRjQ{A*giGz*6wK={6&KvOr^AY9?Os4hm#{PKtdsw%@ z^h4vk_R`>fuk|v{JzjHy*O>0*+unnW@k~OXIl;tLUJ)#=b1N2G7+WhkgPrg`ccwj_ zU?@TxzqpKgH|=rLDb*QPOrM6aopsaKc)l-fMgq-D0Jb)T?S@OVF}8Lk&Oi}N@dSdM zh^M&AIOC=ZZg|Y_P_dHvu_Lx+2{c<3eB+|F_%MfG;^j)OzRoMQ`}7??ams5y>vd?( zalXK0pS9K}>U`!!uW>_RO=GMJJb}d?vo--On~n_$#z*&We9AHyDnaK%m?3SCLT1Po zwhazXp|{Goc+zL=^3z^FELYseDz!(3&6>@AYD=be7?Dz_Dg~IoE3@V;pZLyZ&EaWk z8KMaG$P}8C!k8cUjB|dv^*LEB!@3lzR^>kVXjF=UZhTL+ep8mA z49$NoK+OTQ45y_AW~Q2LzDNR}`4xf7(|~4$YF*Z*p!K~ev{^}==r=z4>6@RX_!&*J z+9}h*J7ps6PN6+1bS{OO8BJrF+9~~_5%Oqn2n~v0r%a&}O5QTRF)fj*5^1@T_XP5s z^(h^u=e-oVs7h|}Q)9}Hy)s2U4Cv1S;(eO_Ax%z7b4-O7g0Uz~PEX@0n#}%4=Tg%y zq?%W`Ig`yn>l1&YP5(ghEpIsYVT`mt2pKo;vW4)Qk6tPhan(hbEugbW2Ena+uDEbzXhaw)T^3ym!^L8iRIF&%n33Oi>H&+Qc zCYdHCd*1sLZ%h3&OO<;QPi;N}-T3OWeuAE!ulbK8nMafU2DjKJ1|}w&@8cslqX#%Y z1IeOfAX%KO7Tp3rTHfKO)k@;X1mk4_y-T1m35?_yMpBy`;%vN!w)$zCpHBGc7e=x@ znK`RU5ZfV-c7)`i2y{|E9Z>S-Cm7>AG}%LoSe||l@|+v}9n_C&embQ}u7MHQALeX} zU*1mAA0&zA$@+_A*_PxS4&la#WcS$QeC>~#m)yd4_>*)MQv;!UPp*n*U{%`6^3YFsfPVGXo8o=JG%!YgMr50?#Snv7ZjL-^A^= zX3$k7cT2!n0^4aCZCCAoQC<*-VA!J zeFaX8l7T!IzO46w=+7hHZhahRLN@rYRL$*b}vK1+*g$?7Uk%RbL7Ts=N1Sz zwr0C`X7ftRhuIHXSu~4ZB*9e^ zuHja`t=kXhLCY8;fW(e(e<;Xdy^?3XnCAel`AFslT-AhrAT1~oiDE{!>&8wihAQ7dhPUzSN}8N~LYK z8T%Bbi>&&J7L2R^ZCI5?GSLwxjWns+q`4+gkAmAXXSEfhTp)9_3-_aI5=A_;(4=W5 zV|irbG^E#%8C0p#XKZqci)OlY@NwW=|Ec*OYE<&)kTJ@j@dnK!9)=pmRqyIR z=24TbW8Y#}&{zR$1&L!2=REFGWFBF0cT763#H}M^9;f!CjY`}kh;tq=JCOOzq}!?_ z(!icD!(<*d2fx)}pu1O0ddx~PF0=&baq%J0PfVKa zra5kcL42JXsH@`{^#_NjhCG@ZugF9Z7_!||tK@xi7>`YQVbXV{bnn(>O+2lLcg}Dt zGNBi4ROP0FRktzMP1SB|mC`Ab!ek~}Rmh$Ut<9vjapF^4lCW%!4Qz`wmza^1PQ@8l z9AR`vfe!2Q5clSmo6f0L*5I|SlaOX^y~&hLVRTJlbZUKGbJI&Vy<%|J6}SddT!%R4 zjd(@rRTlToO%Ij0{idve~4Y?l7fS+;U93J~3WV zdd_4@Ke%a9EKQCDrK4gAwG4fq({b3TDBT`!?u_?7kIm#YIz2X2!Z_gst#?duTQz-C zlbdw0*~fF)r)b^C%Ihx))Tp%KIc@`j$H&q=&c|4B)UY_&OC7<&^f+F=<0^L@{_PePm z!8o2k#}ce~g@Nt%S5o7MEjY1y966=cvfL+1({K5#@CNwcGp)%EFTxf)foC4`GA2mJ zHG32WdeO!>+kq1Vf8~zN@z4ZVU$8dZ#+g{U5KAqpV{6#GWt6|enw{yPl^$BZo({U|P7gcDpy7$J zG}{vj{-MCd7g4rLkg3ED!fRi(F$9Pg!Gs7Sh-sv&uU%dlupyronKQF-7E0^QC95R1E&N_bfe;?^V@)k(B4iPkG|Zy?UOFSWxO z#;fC-s^p$TI+hxy_+YAhnWn!><24+=JCP~AlS=PX=|d_gex6FGW$3Gu>>HBQ8eWj@ zSe)*?98k1=Nez`SwkCnrUlPR$)iex=lccx}CEUCdQo?VtX8g%dPnBwYIKkKq9p8i1 z1mJQq9LoGHVWs}Khu-?>ou4q66BB{_y;ABgB#8H{)PG1;w4#WIrY6#eL`Hrs!8oSo zRqh3jK7QkapWgeeZ`5h=*Hs)z>#=0p$z-3fOiK#P zOfuUNB58f*0j;$uptUYV(OQ#;-e6ESs#eB(jQ1Y;;-N_%ru8hNTb;RP^f0YhFpm@INg`;yn@Ff-=!?AeWr)?q({@6NYjTRWDJh+|<`;>f z62?j|Xx;096Br{IZj}gJ`phmGUqa3yAKAlUW;%^YXByy8)RaPJQ|KFG2r-8wn_|7W$fWH_E=c!gzkFt{#g!qgD4A&*T3 zt&Ql7xi?cicy@DdE~V26)ylFIV_GUzrP6Zcl<|bo9m?!LYjZk1Os7W-?z{rGB}JTP za2G=0&at>>>2zC(+nHi4Po*{33zSa={Cb7!RC)CYKmZ6W# z<^@eoZITGW7aXf|~?y$SX7B*JOHIf@-yn4~9w@2U0=nl@xJV zH9g-cacAtj9MC#HM**+qv(T1ITAs67J~ExwXVQjD zI+RI=Gl6_#4%0d{O>Bfbcr&P%mMDU4FOzmFc~xl!w(7Cz@DO5oHxS#ELwj?at1}g? z7c%LXDz_?)wq_ceGHGL`bzNo@t++B45ew>&lQb&FHa^G4uc^*u1ukTn`_dwb-GDhE zTF@V(HH7az_oqFRUaNL~Ni*uxX-_(Qh|nK76FQs!X&9eUrM_g+v@DvQ1$bW-ylZLV zE5rMiqh{@A7FU%;O4qS#GcA=oyFi9)3Oz{JF-G$jF;)4c5J#B zlg?v%+$}Fb$zbn@c6dj?T>F(h6XxX8gnaJny)5HQHeJZ37Uj*b1{<4yR8ff9)@+)Q zPc!prWj?LS2liP-OzoR2F{=pJtBOKeMn2@N%cmtu-lr@Br}-z@^p)k=_IuohVntJ_GOI4w7e7<vX(CWM>bn-F>%^9u!LAF>p$^9Zny3=?=G##v&)2 zc8fI4tC@|eAzrxp58sH5YuJ4H#L(|6=m)dKeTM#^$j=JaT^9E(pI$0)$Fq&?In{W1dXxY$!Et9T_DHpRV87u zSI#cd=NF0EV!f_dt}miZfZ-6%c)!<)G^@Bz89`dgC1Cb!EC zF21t2#kY`m#Ao)7sLG{rxoWb)&nc6dGhve9L0ARTxqn1KXaYRIw9lpKxwJf&R^(z7 zW)$!Qc$Fb$6hH@=S)d+PDB__txwJ^h`;cK^aXrd}afjvYjh71wXla3GQm$ItJ5a8G zCjjg#=JaQoJSjTnTL0<#rjW`gm{H(*7ZWVQAn=~ z=?(i}+*Cdodve81$fH{&%Iyh7;0#nqkCnWGxyHsk+LlL0l)Q<4`LKkZl{haKDqcqx z(R)?y5{9YJxK&6u3$51*qxS4^C3uhi>#i+m3c_kt;Mdd=4*RrxFA9t-HZgb+%lJkf zcJEo8fV2v(6fm96V8@4bMZA>&>8D%+?pyHB`l@=iA8MU{Uf7Z1TOO?}qE$uISVVh^ zfONHTq!^zkRzse1O~{b~MLcw{h_)+vQ}Yb$k;C(8hH|911bI#^et8kxRvL=vOc7<# znj$)&%FfTz$K})be1b76M-<0Ve;1%NfGiKabE@G1desPR+7O^1}BQs zPZpc!xCbVq*_mf7&!<0!!zf$*5_io{>H_SOyC|07E`vi_300SH=~wv%{NwHw&|CJ0 z(BYSick^9BEWazDB_*`9gtnK^4vae0bm7%Iyg<}I9xdwv=Q@~;Szbd4tyl8K78q{} z=u-i~>k0BsC&{&4Xj2#Gf)d5@(GuFF%FTyIQ;D&xglbBxi%X(dZt6@YJ9l9D9Q-O2 z%gyXpVTY4R;AkfkeoPT8FU4dLml^35AO*`8xo59R=)P)kPl2(zkl^UEPxWjx-U<0{ zhLP?sq^CR?X+$R)*$GIWE2Jk2#B+!;UvyFX6pFyo*NHwWdCdjJKIPnVQOTPRd0_c* z30Q6~p;?{4@{1B0(}_p8f^gkOJ$2a4F@gAqgM{aGK#=K%b>4H9&Qgkpe}Q~ ztmNIdOISbK9nQz3SgtZ?oWbor67-e~bvu#u84QfE8nm5|RnqR($e|;$OIit8COCtF z#J544*R)Kr2d3L`zh@-BPjGAzHHcudEel1&Ax;l7&!F|HE!^<=R$Zz%K}E1_W{fMt z5pimh-eFLaK_?kvy~z`KjuiC}M>|dRFotaq?~M&Qq{J@^OQ% zvQbmq<*>VtVbkn2gT^>%EMFzTmOe@2+>E@H#5hE;(RjDgK2Zd*l1`fCWYV6Ian+z( z1}>T6=9{c?1{*q^BbbVRka*f0>MINeS)2KQ+mW88-f308QhC~{9b>AsU5Fhsl(2gD7A zIKvRnx)r&nSllBgU033^8AgqrR@kXti5mrRt`p7<Bw5oZVNd~!0xWz}?xl#_Ka zCIP_5CMe)AO?udxI3t$Hcw!otopi%V&)KvoPH~{?q=XP~G!DZfOqLsCX%o&ev><_z ze=)@Z$fJb`id+=&(6(4wspJiJ8qb~d2Hob6H@#ky%M)l#f^&APB6oi*ZB^x}z;djy zFqRg?S`nKFa(}gR*p&$y31NO+yUKAvevKFH@m?*RSMaX5z@9jBr8AP`Ie3XDPN8q+ z=@8Z??ptdtT~%#vaT-fvs4j-Kt8lzAjP-mNYe=1rB^U}nG1U7C>OrTt&rlzPpx$M1 z-(u;d5_jBbY>%Oa7-~{bU&3DLx*6Mnj0=@AF2;c9XHM}{HGj?`al!c! zSXXUF{fcPVK4E(E&^cu@T@!1d5ma8U%$jf5Slbjf)^3QSs~)=Mp_h1`v9-a`+Sy#2Ap`Z(GWM~9TW@tSP$(-XhvqDK)u+)Hm&IhcoUdyE?% zy6&-F!2u?$M&rei-%fl)2GKFn2yM~`SoBi^x^LO-7o~xBe(R(}F*y-NS}on>OR$Xa z1xEW!41dIf`4;?K#B9z%G6x}CFjLRskgyFfN2!poFR{i$6_yCsB23AHO#6axNSLC1 zjhFU$X}=f1*Q$sx#DcDcIOn=V1$;G&JM3j|Agq|_aYkDl$2ZPW@nBc@J;ZWv2V>V+ zFC9`PmtnBIVcJ)D+-hiw#3)c}1} zHq{G>#(^X{nnahC33MSp!QO|BxmS{CRDebYXkLKu${qJu2YIbONEBlbx#bueR3m{R z*gFD*a2eh^5{=7AbR&tLD|uV&a$1n8f}ZcGY6>89W|1n_o`{$H#@GOj30M&n894=z z!-=QBkG1Z-n@;!A<=u4sK|125ZHcC(HZ8Cs&76@GNjkh6gs4Z~Y&#KE2GX~4-_8c; zkZN;bk})BfrY6%86$SQyu{H)fZ0IKgbT>fv80sknbzPD;1#!;PA*f9(t~EecmAEZQ z#uB(2CDV2#?hC{@j|DoA{su4gRmsCibS4lc{g;6Jn67_IR~F7gNlf~)0Blq=G7Y4E z4$y}H*81jT`;O!=>C1zTRY9K?xSyuh`q;EkDPvzUh`y90E~@6|I^--V?z4IK0gSRB z8rD+mOo{YTSy_*JjO|`(@ZvQH&x`5&GoAy?`CnAlIVmI z2ix*AA65AXp~M)fC;X(YPwKFV-%Fy4s^m885=miV8nFMOBf^0=6ZH#DNPLS zdY)2CU}}S%KARROaqrTNyFqFV64oOIZx6(|CS-S@d0RHER3*m-X-0OK=E>P|7mn%3PbH)Uwmrp>hViss2oh zgJKbfDoJPo*r(6fKsExgIV9+mKz|fe9+xi!q z?XyjM(>OK4MOMV7z%XW;iVQ74H%X%Y3Y=FYqx*XU3059h=s$2zj-af6Ryf~_q8109 zLyT@Jy!BPOmys4x3t`SWifgp#du`597JV#|PRSY;y9XwHC3d{UcyB=-JlxdFf;Yy< zDHeUE#koj!AQ~X%T4=ZAYPB+q6M6TL@Q?HxXhm8urnX16IHaCarc2x*95!*GZk@%L zflM{J!>(_Wa$Lw z$g@>)s&nRr&L)of5jxF=B6-v)R`!SRRsCbNE}EsSch2xW=9C_h<-YZR@U1AOZR?NU z=C=MyI2^}Hrt}F;?}Icj!dxCzsj8>EYl@a`5Z>BN_55a+z@08;Q&FVwhGGbRjbhrH zZuo7!=@z49g?pZ(l|1hfc-O_e9aZUcvApCImj^)jl>til`o0;P`kIYBBZaT)1>yHm zOnWc@zs&~&e(iZ<-{Ahfs^=G@Djn`6Uz=h~DTI$LMPSg8?#9vX$cfO_H88xJ`LsB) ziEAZjVg?H9GfU}AciG%M_FQ-Ch3?4hF{xVyzee29m1??TN;<`FC zPBCr}+8I9x?Hn6u93O~wZuZN$)6aa~E3%y%z0uAr6xOQ-(Yb;0!a)1^f!0d{;lcN` zU+_ggjUx_6^^UCcrnemB6g6dNVp&bjfLIz`rN z?}Wy-qnf^>j9!<@ccre?Wr1~N))W2Dvha?sJ?taaMb`!#0#@AO2E3l@}fgb=mF>x zdoYU?bhHA1N0bLfmzyuUL^gM;E1H{)!up&Zbf&`ITwy&|Aum)QUBtBVAhWoojFy-2 z#?s!!c-oa-brmDJ0;D{gA?L@4#-V6u?@+Y!c?f+O;@2#*Ds$#knzj8S+nG54?VLbi z{gz{c9+}smK%-b?)~MlTF!_v#aCS^RhKf9SDlTUUFcpH@wPMb zwIe8z8fM85w6k;wpj;emUK*T;kg0*ePXo;{{UY0W*AMNiMPYs25V}3sc5kq}JJ|hT zFxnY4C^&YIg0dj0(!~C<+7!!sqKOqfc|!Jxz0(6w7FDDztuQBbi)`XcH#D&sh4n2x z>2VJc&{J*CdKgc8_+Nn1lC>2I4tC7N-RM9$0qMBzG`YLDovGi+lxuJu<1jSzWEim2 z4vVcDhKBYH4jvqAo*59)khymt8hVey`iEh(ewbs^Fu8GoEjWFJ6K_9iL68y z2FeAv*^#k4>&Z>@H0ye%;kj&iT#^2)!n_=X=4f{`(#B}od(zgPwjDi8DiEB zi~vM42cfMKD6aqV6MY|M8~KxT$Itl5IU1ESx!UR>!7W3~eNojm43f(ou~t(TjeQZh ze6X+B)fY0h^|fv78x_Gky#i_)mps8GPxlo^xa9u6wtdkh7goqWsgm{mP;zHK8y+V8 zP?j^|Mh4|i`k|N<89H2-aJk# zDhyE!!@4*E;Xhsy;qwg@#)2Nd+Ll}MbbH6Bvml)y{JWKVd z{oT9!+4lDPRR@@Xx*ZUFsW2Y?hG0v+ysV2|y)gkAdSe1;&ZoWf7riXcdxB2;3_wBCAEZ=^UoR?72iat?xqzA8!n zFTLc1-n!{*@8zG7Lzm;>F-_0o=|wytW~jN8-uIyP9`I;vETg?;$UQbI$2teqV{uU@ zCfNI)flocn`%%p|m&u-DUmu{@-$$W%-CKXx+w!)z_|#jWxY;|5;#TieeobDF6+vH;y%Ra5BdPbtUmgjJ|vKA?o=70n5kZ+x<~a1zke9rM=h1ty#nugnYW{4 zoi4{k-=c+8tX8O493~pnEO$GnJ?LyA{yC!Ey{u-vXEp0XSNt|Vgw!mg!sB$N9PAf- z-#PtTXY*lH#Y;sJcD^Q7wN66S3gDhm7+;q639jm6ZjaKO>UyG)>#T0w=#Ss#4W(`w zXn-Rm(|7gB*b`E@&P7$+-%~z^;?fm*!?u;u>+bSh_n5cctsm4dq-dF&yQ!1Xg|2i=sbWh@47|FU*-6xv@Pug%$Olfb znpLqi&`QwW(}Bh_C}SKK(LXr0zd0*Pvl`h4?d@W9tYHv+94NmGjQKp!`i<2woMqBy z_s^KyUp+O}M^-c!_K_o;n5U?Dx{M~2$O_{7Kb6qV%)f)i`J@u)SO{ zeWi?=l)6^e)tJ$Z=5!M)SzXhgWZ>#+ahuh(J5bkxnt#zyS`7UQOz)};?x{3SL}_0; zS!H|4D%-1}w0fv*-B9b=p>l(&jP{x;gQr7k+x@7D%>(39mzc+z*!&7QRqi`mu7ady zl?CRMnIob!&{wRst>nV1D(HH-?N+&Qv)p}$tJH+lw!@`_-5k%h>0OMrE;O>MnAL?L zT?)#{G2#HLZ3l-GBge#G^UGj_n#~)Oxp0uVI!XhZ+aK+mVYTh-5E?ZkX6z7S%n28I(!|w}Wwb|GsjTP(W3W9D9Sc|(GlS*lNsi^4=Sn@%ZToxl* zSmkMj)`B*d{A4cuDct6fA;IHA%!^U_%VAb~zOvf$?I+s&lWp5iG9mfcPtF|>kf9VG z(0qGH@X-+SeN@#4gX9FCn8F9qsoj!r2Q;#EaHPq!E`ga{%(kfg{24z8YPoP-H>9B9 zbGC(`h~zEm5~%B9PK(-Y+xeuOubH1&J^0c;MUz^t=q@am`{Z2fW8yI%@szp54}d9r zYMnX&!Xdas%W3Hoe1vVkSeR{5#h>-$^Xhuu%QtlI(DRL516#V9i=y`L$-Ge>;=+f! z|JL))T25ovw8LG^jZwwn*Kmn@zIq^fzGk3b^}LI)jO&*(v7cETwQrB*Luw;$_q?Wab_?9;W;R7tY3PJ)4hSv|0)k6})Yw-K5(@`q3(MC289Vx$ha$IV z+QNJLW9;qPlR-W;{>5ttnHvUq5A+Wn#;y(|SEH&N?;}5(Vg!z8+Q@Q75^J|KmErZ$ z=yL0Va@)dkezjtmQW}_EYJQE{(Vujdc;#q5j{5joXPF>sSmLsBK;?u2YKmFzm*JJo z!gA}@a6(5&toIm%=Eahhez`vDoB2AE@_zWmS^{c0SHe(fEM(TVFC&lBJBz0xcV>>O-8 zGgzF3Y@C3X49r7mc;f$)Jd<$>mMvoUJJU&kB% zeXj5TPl#XFT1^i}T@UZg^5BDV^GsBgz1`&87=WKN4B#gZ<5`=3VyJ$4C^&yy8GKfW zl^6;65%2O#a01kp4hzlP;+sPqcZPaDR%U#`{tnKkMVH8H zpUN?Ncb5hBmYJ)g_V~GMWjMnX&Q|<3d%KLQa80c6o+wK{TW0Q#s5yVjtt5fbOi1+-Uj7!+wf#hja zm23Uw2~!-x(NsI!GmK;hecUi|sru+mXQ-4xOP7HIL9tKXH4$git*!&tbz)$#8UW46STlQ0&X7KF4 zIV}FpFz@HV!EZQ|cM;}{s9k*cAoE&A13+~i+djy{KFfT_{I$DaS6EClyfoAc~3eDx8Y&U+& zh=Va0EMa((y-%~&n-h6a}nH8)08T3jjH z9Pw{+{U378i+p;$)Ys4F(R28}4W1)^<~CIB{ckw+h}$^WYIpiVyxn}+i=OrJ7th|^wZU!@I$?d zvn_=av*D#`C^6e6KG#0vQ}3gGG`pXi+Yc{X?DVoXz3NS4`p{UM&!|lu*-uvJyLveG z_Kq`~Jq2G?aGxO#D7P~#qzcbIQ=3dV2rv_ja{vSC2d)Y;@27S<$ z^}|MCH#hgD4ZS-IKn*t&ol@>igY-i0~|D*cOKFP?u)H|@Iw>i5!avF}V zkRu#oJ1Z|cLYfYqO&lg22>HG2?vlB;i@7>Vg_+9-#xq>$ENeV`P*jhjfR?8PPIU=f z=wj}RtYY6#j6*Nh$npVTZN&gipP7M6BvMpkS!gWVw2bQ;oY>c_jygDw<%44*Ye0LU z0jZS_{Vhie%uy=&&JuI7m-^=2n) zLod0~E7pc0Q9bV(c-Pgu9a+VGx&#Mcpt{H!(WQa^T~zh`f(`x5V^QkP4%UvIvv%|X z+EE8oC;A0XhBTzRkyV^$d&?P4@tPH$H>F`zyGp5{RPHJjdrH|;3Em4Iy9K^I@}W9?}kj)mI%%3o359Aw@>wZQxS8J|KL)Rd@$ z;I}^Vttoc1zOyH!L0Ms|hrZHKZar5npch!36UvQ=uwxq>(hp}HZ-V7SY1+wBvp!1q zS;1$in=I-Ut4?wL*dKG%Qd15!NZVmpG z<(k2?Y%rAl+QI1BjltHpgT*_jJM24@onSdOF!;+r^Kz8RbCfORZLBf14@P&qU410* zvTfgBvo!tFVC%FYG<}F^rDKDQRFrGIqcUN@p&kH87e;y)xY8VoW(O@-r$^tgU!`Z&+)nZ96!Ul)mi9P z;dwu8m}BNJua>rUaK;8a%dw&lMOE7}P>ynoyR0tV`=MXy{^|Vhw90ECSl9p&>kjZx3-4P_CGw%TG?Nu}HG3eV@Oy<9g` z)wG(P>8pC0v!cwcBg^Dc#&(&tlq*V0DH7SdnrHt^bAFbyf40s2nQfy%Vc9n{cyOqB zCQAL-%R0+@)>%HV&XQ1ui05K0xcO(-wx98Y;lv?VhX(HrHD5+myj3Zm`~6z%B6jy~ z=tOI~vbV_SLIdFzp9+OV9O%M#--&fyZM9utY+u}!7Ino9dHQK~y4nmItG=bH`*s)o z9vs)hZ^^fJjj)g}E;J?;{c3~1l#Hy(&?ZJi9gko2kYDVnn}06;x4u^vUw7aB*y2AF zuZZyt^R<%iZ+tH-zQ6LVO)CCf@v<1-?|chliiZ_1Ro~k1=O+t(OiL{OUCI0y-_O2x z&fo%wNCu_m-u(zTAW@yGNvS@__N_l@$HGhkD7m!jZkduubVXeq~^$@KVbCADHjg& z|AK8K(_~B@%!@Z6Oi)X`38Y> zoKRTPpz)Zkk&f!-dtF-pvJJ1QG}poeHvVUFUN1Q3_M~F?;84Jn@?u6TAb85os z21`Omz>+=Q<{G2x6CoYxeYKQgT=nFnr1h2!g4PQkkw&3=XR47B%;K!k`F69ZkRUwz zO$~TnX*Mo`OOeET{B8T7iI4m_e&g?Nnq!@=v)ZeBt+;aPa=h%5S|I;UUkK-6=?0u` zlP!*Q!nMyv<82Pyqq5BUyF)hpu+4GFMQdF^auzpBaFPs*7oS{o;Z{4eE@#;Exi(Bp zEmjDOuW1K1&F>+in4Olrs_HtI8x?2U-1BWvXZKmf9$*$tHXZSBwxu?+#)jX^a2F1K zqPK6Yg5^FSJ2g3OrGY>JVTL-ea_!`J4ns&KI6}!oN_&uf<-fU&Ap{*Z$UW)uR0y{_!WvXN$JMf_Sx?7VYo&lYh%U{xAMf z@c&Ww-SKf0Xa7vu+1cIM-79Lgq?1l(%d%zJ2iPD;VrmXZoDc|vmWo3{Feb!=0I?n1 zo7{Wva__zO-h1!8$-UR#GrM=volPLTdEY;NpN}n#c4xlxw0UNBcJ_JDOhl6DySNil zD$#}{i;ly%H9~*DhEho1BG1rQ`SW-eGDD&{Qs2URWVH{W+I&JH)PkmKVugVS4@PJu ztbY*t6A92xBvxu5>KdctueV3&6R7beTp!_F{}}#iOE6sj1IeYUoKibPUZl+&kl&Jg z+KAMq#if;7m0lm?l$s+z=;0J4LQiDno2^Q_>_>1%gnkbNs{@~NOt^N zQU#j%a=kWODse8=1-g&zKf7N;DE%WkJ2QOmf7r0S&9d!n>wj9Nw! z#+?!RkYv*>rDXL)Jnpsw35)#iD8q|>g<8iV-%}S^hwtoR1qdIkIq3cXzKrCM>KZeV({s}3hAH#1L!XKi`1iy-U&{%1m4qcu^kU$mE#Z{zdBpDs_UqAC| zEu$Fy_L{^2tDiF%65>Hwi-ye0$fO?AK+&Y*lkUe0{rhp_$~A_$Ym}Pmi-VK6#i}{YZL(gx`Xi+Iw*V4NC+@e0OM&FqY8|(STB&8unP2237W)FScSM_Oww`8 ztw`~}xSdk}OdF{BJX08(l|k3(ZPUZpPlu;ks55pX_a6NNT&M$>Z-B7&BEYQ$g`YUskD-6SM7~%`u$2V)GgRyI5XgI= zZYer>R~q_!NxJ3?1vT24ygWg|^pZv>dmDwJ(pdS|2lz3xL;0|`_k&aD!_(+5Uw$+l z;fn~rjHh9BH2Po^{`7~qEjF4X3zYgYu7%(Ix*Gek;mi1EpS|95ovu=0ZS6Qt&b&L4<;!h)nA^KQ!;qE$e`)oK+Vj&fR@PvEVF#J$RtS3ReV0fJsPe-9#5(v9PPsG(<9=? z)nCqfsqRnwuY_uopVHdKPqm*1ezpny!vAXMb@Cd0-FQuVBk;?O=vV$XLvNF}=-WD` z@2I~Hy!YX61HY;Jd;jkW-zR?%?;Eg641T~qq<{8(l=YY0=wpA~&?lrG{lviJudIIH zZ=2BH{hx&(Hz)mvfz>bAKLcNFKn;@`RQi{|#@7sT1~);IadYHvhC*;gx&;C+4Ha7< zUt5&j2Gwncl8O-TfOz}3pO|z+q7xDwQE~?aOKw!YJxc3>cxS}BLE2T#smtJ4HKJg- z*yCJ>9LS^x3Ux<$J&@KN@gB&6E9edwl)on`?1Kp8Rqlg~-srVHi1$Y2`k|NmqL&7s zoc@RpKpD=@%>JnUAY=_h#vsUti9Q+vYisl=Bx@gxHltxEX{d7yzBukDhP-!TB=U^_ ztAb>(o>2%UKy{4#32QAFr0O{NQ!X)vySx;m?1_j^kQkbS#EOwI5vdaport8Xo{U11 zP#)wVorEA8sWl0$LsOA41(|SS1=jEI+%XN&*~prO{xTO)$d5Z870g5F3sGPJ>ICk> zSR|`1cB?KybR~jB$$wvsDy~9#kd1T|;;Ru`g|gNn3diQxqk?rPeIp8NKofvT|0eYK zR>Zd;u@xCxPzlzWb=KDIDa(qABbN z;6FQMyEzUu!{O$TS`1=UV%7{-Yl*cMIJGqnw8FmzZ_@@hXor18xUhpv?<_iCvpxQ- zliakzb9`78*rg~crVXQyn>#i2PkJQr(DzG*fGSDOz>k#Xum99V$g zT8zaa+-NEGEy0D$F<%C`eX&@EKV9k4vI2)!Vr>P46~t_XOUr6(tir}>tgONXYjJQ5 z{%}3E*5O7Qv2Oz|+$=L%i_KVU!l_$vU<_H5FlL7wD#TH29>La8>^Xve zbQ}kc;SWz@>jZ9e8v9P+!n2s4!Qw0yXK)>-Y@WlpB{+NzYmh|x9A+i>(F@pn9%o*{ zSr_qJSFmvzH@b#>S8?GDNEi+on6bEyKfmSne-nqHbQ6-2V0P2(A5!DohGQsLzm2Us zIPErm_8t!2#UC~%)_vTlDe*NSh0O_XMnrQWnvptA*=$L2Taa)|qO~BrC1EYdqpgW( zMRMDcKpRr09q|;AMjeQ+Jt^!&ct;{S5wj!tvdzgcyTKgJHxsloSppyqJjLL==;HPT3quLL*4pXu?Mk&q#<0 zO!!E`Mv!O6$^bvfqlteMsX3k)<4A*v#5aKyP9}U35tE6SM82L%v?+v4C2*Dom!Cp@ z;QY;}5;lcAIUQ1nz=CxqNuNP}KARY`NMkgY_~wwp`Gn6SVm=Y`$e*0DxsZewkhH~w zFCw0WL|Z`kLc$i1+{MIRM6AUG5{$pFlo(4$!{x-cj1;aUd<79JiMfLOeKm2$`YIBJ z(kjAN6Sm5ce|5^{RubAm!dr>91rm7^ zwuSs;J0aT$f-p7P$YVQ6!48tUn*?@|$X;UZA#Krq;@d~~LBbD^yu*YaBH}O+hseJU zLb`33BM*=;ln%%m?0`c@{!v1X5OkC%M+iSo3XT!wI5CfrBj_Z_K0)3(O^j23dzSdl zkiv6>mk@D|h!RrQDJNebq4OksfoSImzd+b|^2#MbE)sMJ!ZVP^u8@MuB<~u@zDgoD zi03*0-6Fo5gx?|jHp#n3_+29I5pkFN>yAs{Z4!pkZCQieb_r}uAr}K`OqKg2(v;S0 zLPO1Ipc(ypOX_Js8?~msRUBR@Bt=eMYJvIK(pG@ zw>nX)BW=`$`a09XZj^VWq8k-m>8CxY;|;sha1W|=r;t{jb*HUyFB<4cf8B?AdecVz zsIM-e_F>Wn}cZXKpGxIwSklmqHG{-j)u^{VEVqZ;nrw4g)qy7BPkz2 z#Yief&^k`p98Gga(eP-hje;6mHOA2f6RB?kEu0LIo2i%#Zz$=X zow7ZZhNjT)RH{vZZ~G{lLSLOuwQ2O}nKUqizCD{7vuK04)HjC~&Zm4H74zY17W(&v z)G@>bGz_H$lrN-g0Yp}TNoO(D7tyrElr5rlm(suzT6Z}$meH?QQr`+%xSH}+RIH|A z75#jzi?N1=p|l2)y->D>n(L{KgBvK@O!+1%)>CaA{p(g5*h1glPK|A}!A|PiK?`?N zzKe?8aMp?beXonNhlZg9Uk~o3Y>!LJeyZ=IX$NWG03?j3^bi&MskV>SJ4ypbXuadq zI7S84mucZO$U#iSH8?&>|9-=z-=SHz>4*2I zb(c13toZKJ!ln=!RS``Uvx!p2DJM5qLd}$Lb46>W@a76@rbJpQqJ{EKYbDT1d8@5r zwNV(O&tqlj4|NMwJW|m{D14;CMz|D=R?Ja~HCpkE zQW~SNN??rg)_BDjr!<_X_$DZYlNCNm5t9`$NvZFY&8bSoDN1;%qD@iwRE14Z7NY4& zV44z{sTebqhO-slEaxl6IZEDq_|{nw^A+zr<;%GWM506G=P2R1ispRh$RM#d*yc90 zP{~@L)LyI@i1bWJCJ=j0CLHJ74&Ce$XefD z)?ob|N+zHo3|_pX3}b_zWgyGVcub<#d;VX)HXQY13p4 zHZ4lQY-Z15DRWu&99DZiGv={|3z=^LD_qR@A|@6yv53`o%H~oQTEfChnYM)SrHm~B z3YIft8B1Nsf-6{LHS?@ujn*m_&S!ikwLO7v5|=ltO;80s$(4sLus9?!qzz? z6r;_|zlo)6Wq~cM_I74$V-0pP-wsx|TP8;nyP4R<{_2#?y)3kch4(UT5950o+XE!* zXX-u{JjenESmZD>53xo^nePabnbnT5yps&_Yl)LgoB$GzyCfWAVJIDwRoJm838$HT zie;T;fitZ3IcAiwuP-p)c~*Ey=2H`wn7GL5J7x0yqfJ%bMD2l^tLe?u7h0-D3$;;e)z?ZbgtTpKRMA%Two&Uk<>Yp1s7Oug zAk%qy+NoL*WO!9sk=h+~P?OrLf9#|h9o4V9sJ_mS=tSjR)jT-X)m;@mRMB1ix|`|@ zk*;bON?m0Q)>V~5WG3pRruS59^-+!9YJ+~NudiA-K;`{aF+dgl)sLOBIYK&yPp|L6- zqoz4O3&*OVF=}|Ms*O?kSe1=YYm8TGj#H~nRI?|juTEBtNos?ss&9%~I9=t_R54u@ z)6`F$vN=-?%}~QLRn5sN$7ZOX&sO;?_37Da!7Md2R}IWjBlA^b9#FAR^({~f7pr`c zDi*8WML@+;l`m1#oS%hD)zA_(yj0beKyp2mEm3PMS8Fa)tFBbDSE#S9R*h9^gSDz} zjas-~LgoK%eyYJ=0N5Aubam1#fn&Z)da73Wk@ z0^Oc#%8VP~S@8!Ef5PDi&?ep6L$sr07$vpZ_wwi>yodhV)?8gt)$l{bZS7(5TsmNes{ITy`% z6V#Nu{+WlN)PzG7)&v3+5ZJ?M$wdoZqcsn-;1|m*(LCkO)N9VEr9>)}tX@;GChH4VURoUKq&(BY5r6+!)0h zjOD&Dyl_0{QQdV-df)}IJTwTR~wU!6g@W^^@ ztm6$fa^D8dH*>y;=Rt~;EnIBnVheAKHoGd?#KTb9B&)DZ4hi$nc5ZLuZ|&rP9lZ8# zZtUU>_Hy4IUbvt0eO&D4=00B6DJLJ~p#wa8kZVpN7IuIyM~68-#FfKbJ;a|o$^%Du zGxepBNW9M)48V_CN*|#{qDQjz2n+D8tbdkewyeD`=|r7Kz}VV zNb?WWo*km)4AvsUG&WSD!!$7zS`XKP#ag|Qnty~=d9uBOb<^tl?Fqg9`;1?Oq+ zEY$o9wEV@ucVLOemTPpG7FwwVR%nscnz~9xU{uy<_IfR_PGcJ(N}ndyYT6ntyjcru z(q7%FsarG%ng~Z~cW7+4Mt5mqyQXc^9^I=2_h^y*nz~PhQB)3S_F*mOkj9Q`^oS-7 zYT5xUd|V42)80F&`A=w-Piy>?mU>nToY5lZG_^$I7c~96#x7{ed9CUtEqGD;`4!E7 zS*v_a<5#tEH?-XATI80d-qiRVO}(w*JDPG^d*YrJysN#_Soh!8@|)_SiJsY94>Z#w zEp@ep&RgqhD_v`?ds^vFw$%e|^xExof016fgD%?Z%_PFj#+O znC>5{S01i=i}lQrdT@mPlhL|5O6OyBV~nnh)zil4&y3fDi!9O<;if2TdzD- z&z_=3rt9i78JSR>p=&dB&kX(9*?M4>UVEPFLx#uGQ@|I$f`;>vVO!PS@$LZq)4!y0KZ8 zFJtu(n?9}-VeF)mEr|;5#w^z6K=yboX?$g!%I^Cx~eNa~q=uaQk z(+}zI9o6k4Iz6td$8`0$PLJu2oz&G6y63d6p3tEZpQYn{{mCHfN=baGxt7j$}F zf9#T8a8b{@qGw;$BiD5Gs-AK~C)f4rxAX#tc#6pl9Wtq|M|bqVZ9Q^N_uti@Xl#)C zI%;gt`}$)|je;gdrRGLY_LIx7-BFqA7*3^H6p_ee=#&4X#__Ykc*plb}V($H2I_0}7Kbw*^P zp>B|=UzJUUz17ItVlc?_y3G)q4Q-S0$xb7%!+3SKq3$yHUcdo-za^SUP5Wa@Gi*G2S_6_)CnRUN9j3>{FMF ztcynEilJUMAfu9c)nL~ki<$A^4I}%yQTvwRziIsBj=^smHSZb0yGEq3Q12U%Sxapq z7^G5dBI-65!Dix}mO^a-nU_UsD|mI*Rs`CJNIRhx3En}d?S{(j^5Z}YleIQkEAz3oX0VOSPKW=xnlXChclg>|y41HzU1F z*3Gcw&|)69=%n)VDcWwx0;%lu-lY0oiV zoNuc0%>0FB?gBHi*kp^$pDi`*C1%QUGiRCk`AUx8mr9IwPs+A8Ch?#b>^Qo zn*I%D%4RdL$^2rgX>T!K+-@4%%-o%3#T{m3x5;*yzu0T~_n0aB&EP)stAi#xV19Dg zR1cXIj+)s=%*b(*9W(!O(zH*Q*{99GDf5f7rhUeI@tmoan2%jBgXhi2C6ir*2wPW7 z`?49lW(KdCU)?b6>t^09(|^-^?vBZBn{ClOGySgltHzcMd8eCNq>1$$M5%3N`I}p! znN_o;rM9qmYfEWmbw_Qj^fuOC+gWyzmDj=Yx3`|_WU-D`d(_2B?`-|3o8|9nwL(3t zn%%AHy{te_E7Heey{)hMSvC7wp#fH)zZDr|`3G7p&=9NUU@JV#3JkR(!!1^9H5_Tx z9AQ-$Z3RYIk+BvVV{Jg=t%)H%(U1HYdV^3 z1!r0RoNKW;)=o6v3eB@33oW()+AOvLi>$AfTJ{oXv)l?Uvmz@kwgTF$wt}myf3CII z8tWhHExyiz#FccN^^1*GV1pIeY_UyN5!z~rEmn=~R`xdQi=CFe!>YgA;=3$mw?%hZ z@9(v8_gInr7TaglKWK>qR*l0}&LQjbqZT`2y>lEg{{>E1>@)<(vC18{v}4vMXRWL= zR^*(;O03rC0wntjT(sB~i(a;#y=DcjT3_9;?CVzDTNb}*v0D=0w#DvQ^se<`V>@`? ziZr!Z6T2B|4ndoRwvnS zPqlNW*pcZrn`VDF)3#^WznX0aXW5_6wb>lIg*@jw&sHF#!94rLJ@c456`Yy5BbT+4QKb9+5xk5ql-7!5@di8}Nt;hfS8_<2IbJK4E)K z+w_!e9Jh^Qwm4}UCv0)nR?oi_7RUA@E}jLzAf5EmD7tWOFE^sz}4^B7>{2>v_ zuOAtSGvPygh}}xF;X`Z!{~25fD+2xSk?By7`6gu56PdT$k9(jg74zXLR<0K7k zWW#%h#`uvgB$JkdZzD9nLIwADbzh7m1_34l#V9x$>B$0!n@Y$kILXf7WjRKVEGFgP zxbyRmtcKrt=&46=aN^6$?yD1CMiXDI>ikT3=%;)A-`)Ms>;GTid|%9XYUA6+m*eZi zm*eZWSLgbGfb=EC{)3+Lw{=KN{_A;W(7$kRW5oYqKt+*hNn zX;}1el51P#P1T~NupTwjE%*=u${Y@(QR{uE@x%kyerJk`q=pJDdZWiljkir790)S~ z);#1iq?T^}z{-X)H#PXLTE`Gn`PlSY&jZ@iP!5~KN-~qIADXt60=;-;Z$J}#(qPqq z`?cV@{2M+Yv3>>j(&4`j`sSjSx<#}-+a9STz}0%aR28{ z8v<<%2b;#VDFph2>G1?$P*GG4?)=ew7kWu@WFzGRpDI9&r+^}_!y-0A(Xs&aicprU zbKq1`mt<7}+3JprW0WOb@S_TO(EXJ}~hx5yDCX z)A0c5(sXF)Z(hp223>I=50nY_pEWB*MPvbqQs`1lQhb(G&OuTgVMu1&tNGB1n+2f$ zpcQdilrde_;_r?qTyZ}d*FsYLu*%E?_N#&Y<^pnxS)sJoCxBzAx-|GNe+!_he4Mxg zaLt6j!%-Fg5~!;KDoKf}^Gz5jar{dRD-L6~w8%Grkob-s2Jt0y;u2CJj*uMdEg<&W z2{GY*ZYi_>Cxlc3!`4ma=x@9_jn5jg9tD5jxne`+LhEKkyrYf0w zbO;O3mDJgDQJvKSasTdn>MZ{O%7mm0yDmcFKLr$i_B}Bl6n_fXMVeV1?9OLlGZTKN zf;%Y>zg6qa?}_~|y#|cCCmr|n;dh#euqu|?b2Ts*cYL`f7qflMay6|vntu0tYNy&m z^7O!%@W4n9T6MoCuMf)6rOUDcpp)+&64C<8eAB~n;}!uQWtnN#Pl2`%zbBuGGUKH( zD{yH0enb9Y+JG>SRqax`$~@%5Bh3U?Uv@u6m-KU&j7|9Vi$-MIb(Jy`n=>I;^rd2skDF2S=7tNZmq?60N@0wY^eM0LX znRX|k|9py%*LF7y0N;16c+emHkEnge&5x@ zgW`X~tm+KW*u0$Q%+D&UF~3WSi5B{>4>zK|E*BmN{*$>c5${1;i#QtA;E^S0z4u>e z#g(H84`&{07y^g<-!5)`4t`e$W&98bd-s2dFqjzR@cwQMaXt5duY7oXB+i2IZbM3Mo0Qs{FhhU)idU!1CW}0Mj~<2lMn6LQ3*ac zg*_}mU&1=#K?zPkrU}dcAV^U@q?Ii=9tN@#fF2yYiG*eW(S9JBMjsDq#*tgriwAZ- z9)1*zU-mpm?r>xZ2a+K<$4R0yzLn@i?jIytJ`H4nZN{ENT`9Z7%MAy~M9dq-o)Z3B zn=MAL8-UF>qY^KBME@pP#4p<(98`%Cmya?&c$8L4P2;~M6ih>ITS?RS?*`a66Ka$a zDs8yTD6DTVibT_U&?taVKTO#%8~!$lnsEX*i7PPIqM_XbaI~p%AT?w#{A}|fNC&dct8+2&aBR@ zZt_V$uDri%5fnd8V+6)O3B*g2nE{8;aYJ=6o^Mz2Wm{y@qXxjEmVaQzZxeH$u3*1iaq%5IxR~o8 z*XVElmlFN|hsuX%C)d%-&3GHu0k!^@T+=$a4tN|4;J2A4R`yA(QA{Vy-JTYGVvM>-bhb>?X-cA_v@8*;*jK zbOYhPn-Eqb^BGtRJP9+=e?KWCx(Rm?Bi93UO64r4+5h>-TOrp2e*~ZLf4S<)b?jON zKNRnWzm4cb-90=p^u1SSAU=$qw zcP~F(%rbMVW`;`%%mSPrIJ2!E-j>N%FbrPu2naOh{Na~x{oE^)Fj(IkaaAVAs?3d5 z8853;j&44rIaO6KS_O9Fm{k*Y#omj%-wZ+5@}_)?FjcOfDw|q#tzHG5sUp$a5OLob zSn?6S5HR0!uSaWo;p(Uuk{wqSrf9$O&N0n=EMefpW`XA%964ov09z5Uy7KYAY>?G; z>QHz(dD3d`k|^JL$i482Q35SXgL&q8P_G1Wnb+Xxiqlec_T(1JmSwxuQpl2X3K7^$ zXq{&L1lW4Bw6$fyOeHILoSQH}%W&m>vfEm9`jvatzmB`#G1hN7wB9O5i+pn@4dwL* z$_6YXYnBqpt&ws`^FdstAHmHhAGjtPctF2T!}S-T+b5um06ZB)!kssm?(XK3r9(%B z@h)*-cM@LzC0XziECd{sHBI`KrpW;RF02YFI;P~8JH%xcdPV;65+GfSnO})CKahM` zos%&WEv<7z)`{(pJ>gV!teaR64Q^G}oQ6v2yaYYQws7KYtp#$}DysnC zvRf5KgU14OFnEve5?VE?gFdpiFTkjB%-7{GWe`rHv|1i)iMXojAFGxL@9mvx17x)~ zqG)on!F@f?-yGABuE(}QdYU35N0)iM)Jv4{&pErElA%f8L=&JUJ}9;rT`b89%Z2c=tn+g zma%WRt=@$jj;nqHxElQm$~jKi51#FH=iX!R_e+4% z2=2)THz|cTz_H3vC(C=Jef=^jPiZh+r4j6L4d$uRYFnfVVq%w)bE@rf4dzMMi*Z+_ zPdQTvlL|25#7nRgIU6)2wJMjcu;nS~F|AFq@GCg$QMNXej;T(Rw05yQ9|ip+j!4jbt#Z%Y;0&IU%$Qr*Luii zKY%~pjEY@0{aLh&}!eIwOp7j{4z>U`*2|T5%@ZALMgCOV}!w?_U<`8OWHX}>a-|GO;NOvVt zQw18ffp4#A2Zgqfzo7=@%@leAko?#)3dbYyBCPz89#g~{q?e+W02n=~(Ef}Jf-kP^ z@_(Dd$XrGyDFnW%FGq$T(gLNxK_6fRd$8RKDzVlKL^XzRh#u3PKnzw83Li>21cHIU zKwg$cl4QPt5(SbPoKs{pGf0=Eq`|jxp6-OVgSgj3=0+Zj*mVpT1P**EHB<;^1qUeU zASQngV){*5&IvwMem#Qlw(H?IB`;>Yr3&A%Yqua9JXP;Nw&kz(FtS(Dq~z)8*e;gE z;VcOYZ)xOM5Mf$xkHRQ?Y7NIO@oeUy0tuXwM7KbXDx^fmw2%y?uI?_&?9p2!&RGVB zTlq1YAGbZHY<`51PAd2Ea`Xr^^BjdQm4Tz@4Qz~qT+?K{nletM<6)shr$ESD2$pNC zWAq@S(^LxI{zl<5yV}YuO7FwTNvkn2AaxRi#DUf~urV0ZsaUijakbMH_?5eGpc8ua z$j{c`n3)%#J-SWdZ-`gj6a~K)@L98)SjaUN(FP8uLYqvU5p9zRZ8G$93V%bJe*`}h zz*>A0epgW-37Ce_Li9GA&l|6nrCE^XH--=h!b3$4Xf!hfVdtn1ApLq0^~2%MktkS< z;H%?A$O%A&134VM4XYsdvf1qsl59jFuVZ<}6d*|m!gy0DG^Q(*0b~bMp$LiQu{P0B z(48q64&)zS`vdwY_-AqO0XEJvYz7qu zYl`tPq$t@76eR#Ti!jP~x18BFcC)OT5(M2e0gL24ATEKzFCl(W1}o#>0w8lYbahvu zogtVrk0?)LoD27p`6|S>BMxD)i+vUyev72R}vn1#=2|629S|+8n6zN~7|5PEeJF1yeC>F-rL;*KZ%zXAV0 ziG-YZS{Y8N;iyhTxYB zE6?bu*xmsx*iMDkiaK|qgD%rfd6YBAF^xU=ZHTMZg*?Q5TdByK;Ap>reGqC(!dt)` z3L=JZO-VY$)RI%W=l~fe;2MG7?J4a9xzXic@Efjnp{kA+;fjt9VKzGkapq+B$fypN zVtoXp0hBt#v^Qvx^rA*j3gKu$gHRo&%lSxy_lgKzc|xUWrz z#T@W~B$Gn=f&PdLK;Grdi|HH)k)Y0nFYC>LY6V9{5YA_pk^nG7g*?a8Vq>y}19xNgg)2q&7?{20Sv4ZWu_Tg z5d(|8d9WWBLm!wnS`uX}0o84T&oR~Q0t7tEa0T30=a;nvO6D3s$%dHv&j4`R9{5zV zOm+7(-c^@8t~YpzkUT<|CrFHpt#g2EZi*uJ(s_}dfV@>ApNJuE(Uj|g-x1~sy@FKT zFrD{w>R(g%d0jiF^Aeq(hP9Vh@^#+Gxnu}1nRrjmPdb{V9pQsf-pPc{FGo9{t@Ck- zox{h$5E73?RX0hp)!mF|Yo^ZEIc&8Se1s|4>c!{?6Nbu2iCiRd9b4b5^JR(19Rwf` zjv@Eflu0I^Zd!v4M|JykzR9T%E3gqpRCU9QZ&2M75u7f>yx6KGI-&=u%4n&&5)Y{E z9IUXtn`~Egy)0g2B?=fG6Zi=&%HtMTNv2))#Piq#9+51mI{1REg;(-;O`|Pf`EIrJ z0*|Mn$P+C-G!gl%M7|$GhFD}By}X;(yl*+Gn``k2PW=u#e3huR1aO--g(i@Ke3ysp z_UOAjY`3R8ICW33tw%thg9J4;2HgOQBY+Tfq$H%skCJ3nlVUk1M>>7T=eMJX|8riXk@vWNVhKb;U5|%1isa zX7N)_i{)S?c2tpbZRNIyH1^UqKGN1lJA3tRUIT00y{wPdhbv&T%9FF!BT6g)5XKEl zTV(K0447yS`?af787Vc}BpKLlnheAp^Sl0Ztd9@$C1~~}OhNp%8D)C`xcIbI$?4s4#z}zO)rumI0A%e*lKxU)d@@@G z@%EF&u_WzmlG)eqSo2OFU*ohNZIv79*M|7{U_T!K#CajH9~znz9G)b`fi*ab>*$Qz z4-BCkrb~bru~f1-BFQD@oR1$$BxbZEW?qb#M!@B&1TN3|coV6jDwixgS3N^R+<8<4_&s+GVzzhJ;^Q+|()I2`}$lR0?RYnh(6Vmo&#;dt;I`5t?1+X!LpU;$PKA1w! z12VrLk+)>H0_c;@+ovZWZyX)3pof{Cqk; z3yGqJ=x z{&cDWxp!#i0I=RA00dr*vOYJRPe>&2h9s~kHOl%%$$HN~JnOU5`38sewwZiXK(gK^ zm5u^rK3XET&vaSen$A}wB6rFJSY$`vKs+|N)f;XR5j!ZA7Pb;TQF9+VdBrSL$Oj zxC7e0Jh-(E<$?Q)X|7wFnaamFz@?9%S0o{={88@LO76Rsk5~HiRK6xv+I!1#ytusN zzK5R{12P{D$lf;PT)A#cZY(`Grq zcJmxSK9TL(`uHq9I1%}@M7|qChCnXub9k2=>u#2#+1XiqoKwGDI&YD!H3#r)-WZyI zW;X@N=AgbQXl)K=V$>p-(>f?R!YGaR(?k2ow22=aLji{sPjJc&GCA`cF_ES}8bdlHd{N#q$Zi1d(ZBYT3Z&?A%`c#f9)`>wrG!gl%M7|$GUTP{G zEAVa=%=XZ(IO-g&C4lGfrqD#{H$*mv^i3gcb0{RAj@yTFI)y~f%tQ^h z3^*Dd2c)RuB`KXlE-5>Md`%)L-9kXhh|DOHXC;$UD#SCnJ;={EOb!q6We$_mGwCuw zww433IVy^LA;^y;B9E2G3u4I4;o;F-kQ1ljJ3)TlX|XnwFUyH)cyW%>qylMKfp)A& zI#mR@m|ZG>Zo5|S^s3;+k4l!eg@QXn;%3m%E)1k~fzr|2$x=E<(=N%A+Rc;Nt>iM^ zE0-7LCTh2m)NU}QU3i2~yPOx#c#m8@CfCt!CElX4qun5FQ5l{jT2|Ju=TsDVVlE$= zhTE^9{-)751R;Rw`6|HNg(|?@mdY-3ee!twyaeX9R|XPJg`&)jhhzIi{- zWiF3*&X>&H2=R+~T1x=04B4^48vRB}D&}jd@U>MSqy>bxfQ`q#azDM4$>@_(^NO%d zGb$f=9Gwq5wy)yyxHXTjNTj4w6`*8jg(#0FC65yTu*^4Y%;U!#9tTz73mhINR-g+2 znJ>(Tq{l;}$fxu8zC`5V5_wh>S-l6y-dUBkv6ab~%GiC97+cv`lLrQPEsvja+ODj? z7gdhh@Z8GSCZ2Q(yXMXEA(tnI=X-H6kKf8mQz3<`RPr7m)GmDo5#@Y#MFlbrVmd`y z?^Li}Z_lWW?XSo;RZLKDA8BLbVm5XO_I=Z4C0Os?iu__lso=4dIFJgyX>O3N0c2~f z92XO!$k!_JQ;EovCGxTua$BFWEsyWcGneH$&xlQP`HnoP;H^QvE>~Nd%h%-cmAN1x zuwS|lNFY1&tQ~m|+OD}gN2vw8ji?N~jfC-I7Uj8qcXKXZmNbZnN=yyC0)zq zr<@kcbNGTvF?CjgMDL_=W!k0+X$zKN!W%)ZJ7aYhkmc^2H?O2E3YGeyc7A0%p{)vl z*VYBV>zRC)qRCZwag_u;p34V{n&d`#U7jN0(>fN!a|?}DfB_@kv??E5AT`+~mktJO zKBOQA^A=TI?6puQ5xaF&!0sExRu96nPXV7;VD`(bax#}*mjbyV1+piK3>gJ&W$BYIP@Xk*C3*ZV1w37w=L;*iqP-;dKs*}mp(WL5ZW_91~YTCJKyrf!Er|P_8 zb>F>eU`G9cF=xAfK=o2HYEeC-b#>mVy4t!rg}F0v@d}d(9U2Ca3=4x9wW{ulWPJf& zlt^~l>Ogk?%2AOV29banjS0IVam;9U0Y6^=W;C)IpBI(_8DE*s3&Z?AKODq-a1U)s&mn$-U~d)uW{Kqfs+z7A7sj zs6|+57cTEugy%Ad0}eP4ex*7joaSg(_2Ay>;%n7y&C_7dP#G0&5VJ z9Ablm;a`H#(7M!fQ$jmKMrhte2Mf9y71~@_Y$YP!kjO=`mpl^y*;B;h^t@8#bDS2v z2*jL@>bV2Y1Ve)a19C$j4k9VEGO$@qvN}`?4%fuE*qfl}tly3*!$}5g>YJd(?Q)NL zmT=YB*x;A-1YYL?4G>g6YSU+czO+3FyWjV8-qn!2t{1$-+5O(nXbB+ma}s%za39Bd z8NA3yK;9~mPsEV7aOJwm@0ivJclUdk!FxLO;XKGiLpuj=3=Do6p4m#(cv%Fm2?4rJ z7_4U+Rnmlw#~;m^*b26l}Bq1;2z!>n!pKm*xvV&-Cli{m+kf@Nj}?ngYCQm zOesN~O+iP%<|rVBkCw!=_qsxd;C(9+iRlC@Qa;p(s(#6*}Le-1U;C zK3e1_?fkT>Pw(N=vC-4V`uV(i5o_}t(PZuW}HGUd52?%CQ3QM#bJOq9ta4b%21 zFi1P30D%{yyWcbYe2lZ_T(%n~H>q3MQPv*^&by|>b3WbA*EqZ1Et7e1id1k98#bqb z^WhS>O|r}RMn7MY2;43ifCt8aVH3w3m=wqOUO(U9G#G31;v{W+5+9euhe%?sCc~S6 zg(+-D3f-9^t|x2vV7D96mrJInBnPJ_3rN=IJ@T91o;VE!L3K^S1r==2D-_1$U=cmACf2-6A?NZrL*eOgE zOH#DeDbnb3rJ>(X4mM2@Lz5hxk5AIB!-2@?i=8KwjVf6CHrSh1x68fhS(&a38pA$$ z;@dGYgh*F>D0fG$}eVU=Q4On20sm3@Lu39Z9zc5c7LF4fVTVn-Xf6NG*BKM!4-@yXJ%f@ru5sluJh;?mhW`d zNq0I~K3kG)`B^7hvYvyUpGA;hP5_v}1m+CpOn{j@=A3iR1al6rx_7|CLiYE)?;~di zGhNkP)&F!?cUMPcG6fzA zi*-6$T+eY5(|92#G0&KjnA4MCOmdk1&&x^7hfR~1tE30a+py`;+GJRXlLdGvYXC;3 zO0oMS;N&HWU73oU9|uBWuSvDy`$mfYc8W1HplW$+K);aqp_Zpah&ge5tF-gCp`CA^qlZLCm!3=EcK&=F z3s~P|=f6d>*1OBvT=d&`dXpMKtkdC?8bR!4{1l!u0H>|!4P9??#`A5ShjZQ}IUg}O zTW;9I6)W7d+K+%5I#&Xoha=H;mEox=`e}eu0LQV7i^U-z5K5ffcSUzT(IJ9e(cz{p zZs_s&*JIs%Tc9wNz?tE}b532m@VjA#4|4j8Ow zGd#Su zJBK+C53lXe$06R^#pilO*58O?-zUU*}?bGd$ci;DVxP09b7|@vzJ;9y-`Fhr&ZWNIYCN0KLv$7>I{P z1CUB*3*=EYCLZb?Aw0Y>La*^88^pt2;Coco3J(u8F`Ds49C275$Pvd8b1YNigyGJx zT01UB9JiWA9EWhk;e8r5mKlrN7|=}#*8yG90R`3Z%*OjiA|3`rA|7s;oR>IZMmXoY zlJk3$vt>OK=y@_a(*EA5@UX!Ni&gqc0|vYF0m$41eUT)VMw{(}ccdF?m77teo8kRv zw;1J)S5Mqy-RMzx&CRd7qe3mk7`Jb{8^*aUiJ}fd!WDJ+eSR2_48P}cg+KI?m;euUC73&PX3;8;BM_OiaMA-OJg~{b z@P3;|Z1p6nCy_fm7*~2!3@=MKAEP~u;m=|WEnWlM-bMC#dXX7#294>v%OlqS8MR1W~yRBZr}%_ zL&^2QZbVG2i%)gQqA0{%CStyYpTYr?$Usq-j_)9y?#} zg|GorpLiG(FI$v@3DBqpOc%Yp5ji^^B%*qbn4D|kVR(FVwL6YW&bOL4*XiPABD_nq z--=h5nH>)kRQgw5cpR@kh?m}HcX9OQdYS+)5>%`5Ji+-Y!TT}+hA4-ZR|yR7-zA8* z35n`SWS>O3Gm*)WCA!3nNsO#aq(c+qs}rFrF{Uz+yif4;O@#79OW#C3I5rGDwih^v z;FFV3K~s_tJ>`iZ1$`S2>%+yUK*JTr#hSHzRw`&lQnOa(U_4xlNAyfdfaOUNJu_qZ za^!2QNJ90DGx?s6heP3fYb4)AO?)3AU+1EPX6U&c59buchFCO)P4p~D5RHlKNuol} z`dEpci*nQqICjR9nBxJdbT-cibv}ijU5U_HI@)zOm`L{|<~T!b%_|)F%cS~pA0lUW zEZ?Pyp^!7oDuxQa4+l$@{c^Ch)EC-#@xqJ4y0H3PAqPu4n+8k6q~q+7uwmE}FQC>D zIoo`2MGeD_M)50h7c+ zD*gQ^xDl&gjfE?*a1pDsS!;982k(67wgmTm4DTQL#6w@adg6Y9>lD_tah7#)W?%H! z=X>Tuze&q8AAcJaj*`3Bi1DgcsElgdR%m}}78$E#ad?qm$RZDoHc@g=Dq~!$W+>Sf z3#VccCDlHd(@LUbd^Defe2uxS5G6z7LaI0%3){o_j=;G!nAXJiI`VZ+^EE@s`B*rl zD3(OSJfDe@nLcqPj@^t?C|MjWQF0Uq`?2WYhbXxe3rMB2$sU;QG5eyIaS^ZLe2e2k z__!Y%N~F*6AU+zRdA%xt!bcxX)M)$$x>Z?kO1G*#ro&cs5;}l|)#85XR&}Y#t!g$J zkKTL9%{!wJNiZWx;^Vwu4!ck(_v83m>9F-K8EutICg-_HFfp9-Rmu6e$=QM{5d-Cb z)c!n4;bTP-%u(qFwSscL{w@jLCc!K8No$6WfyppF8O9~Upk#*k=(II7IbJ<+k4Q#* zoJh8vOg8Z`JlR*73?q{*mB}2ZxWf9N0oY*i1=4|Qp>*IHX}Vb*Pl8?HMXpAlDVWvd zW_4RCW2x!DrTU=rN$@xc@v+bkxOk7MSk{VfM!vQ!0mR2FlkeRmxDd{FuH?JEiEke? zot*3a&G7Le3GOJ0-K}7&-^53QU%X9beFF*~IL(FlxR0KDeyH#xK3*pQQt51UJZy+J z@i8tCIX)1-D>;OZLH8ygbqTWOm?S+&et2IX>zFur(m@@h$}>r%9!ZNW?)nj&-M`#p6&f)oii@us)o# z^xMIfH^kX;7DwM{urSR&E=A$vXaIJq^mEbKF-4z(%u}ES3)2iAb5dawx~!za+*F45 z3sc2{)Ohv8U6+dZc$#W?mWuNoAzy=)sqt%4VRfoyO)B4*7>aZS_>R4?S z`W-qYg%=uKZg6g*NgdTV>+L;dszV`UKnhGuL4+Jlk&Yp#jMIty7V?GLY51}1Gx?5A zfq^MuYCb6WUTIRsT;yxNlF|$zwJ9)4Q9Me7J1HhYuBV7uX>5L)Lde5JiI7Pturvjh zr65A)rNHbI9Qh#@uO^uYsZWb&NW+!m$EhKVtV#(b(;JfzBLk9n|0G!-5+l}co#Hr} zZql*pu5_$AV7fnzZ4HB4hZX*?bbq>*Vq#=Iw#MFvVUAVRtzk}UiIK}~puC+_%cB%t zju8utzU}bCxn^=+*czsWbG|7#zi#5ZDOwCg>UQ?mt(A4MrZp^3>7S&)z1DhPWZnke zwMOg24XK6)H{-o-llQKTeR!%_+vf7y0w(5TD(8W=w!`SbMh3P`9MTpBw~Zarme;q2 z2FZarHM?+H(eVs@chL20K|4Eo;Wqi#nT#sZgom$3IV>B{xy3%UZD>mCdTTfpF30q? zD96fFQ$w$$hBmir*700!4bNL6Y&NukLrOneQu!g|3y0fbAH34^271#P8pHXnk$m@< zd@Yq|>bmx{(Hq*Z`ZlKHSwkD!$#LnoDq?O;kf>3?F6^y0}kN$84)2TI|*BKmJVM0vcmIWIOd`yB^^D8ZE`539N8L+))1^WCaUhgsyq=!Ce96!VsIN6(Z>EVU14WcIt*{GQ58mM6|pQCiHC$<*j4;w&p9-VHMIK zJ|?5La4`N%zaTHi(ZZ(@F9qdf0`Rbu>Z_<}^7;-j!NdZn|HpX60f! zJWWS@)CFN{8~OdL2=J}Q*Vra?FvsM3KOHWG^OZ1%`X;`8arWL>A8gjFyh?|AiefMN z>IThbWm8bRZ_O&&sAgqPKsGB+(qV8Ah6FL*0G8ujI)>9(n*t5!Y5T#o?E;p!X;b*S zbbV)v0)yO8TpcBjGrqDts$o@oRKtXf&}VY7EgWeZR%Meiu(*rU&Clcs`dfL|w{PCr zoNWsa+e$Dj%s>YusfZ2fd=GMlz3uTsS)38-Y@W4+Tj89SNzU6%&XyrwajZR@Zg1b- zPIWfuDECyQKb{T;+Ua}S!Jc;TZM(3}=2!;Y&wzUwa6E(I{pk#GDkEM!ai7gVzogg7 zs|y`*-ei36OS+QbyPg5pGA!3KIO;jfC^?JpZ9IBODVmxf8`v5KwFVwBE<=4l$E9bVEa=Q2OwKT&Q-d5s zu4>MmSk=lg>D%_oF=a$vZh#G)vP&){JiEdi@D|FMcpEI4Q zX10fM?Zeb@Q94sSZgSIFgBHE_z3HSCii%L%9#*!O>Ue-oV_6a-ecJGmS*VW6tP~25 zP0s7u!=iA`&m?E`*;F$Hmi<04Aq%Et*#~z}7}?Pt)~fV1ZD3RfU3sLzFeGVakW9#g zWtp%v6KXOU-cQLClQZMh6L)PUVq_zVrhL~nWq!cOoJ`;ROqiExnV-p*wh6~bEjI6b zI~LutBMX%>FEfOZ2kqfXc+nSTV$nC6Mb|2DIO5%t)%?S`+aAh0NTqDZgfmJhd)x3c zS!ku5%|eW9G&v9G058KiZ;_mjHF2(yP6RaaLeF9f6UWaquCOMyI;(Wy_ZrI?i&3-~xJ~N|r7^q8C z+{7`JuAkQdo!d_9*s0(;&ULF=q`78w-n9Dg!0I|@-EgzRIE%S9=`r75%r zc9>|FC^_zcr)t&WI`F5+8J|v@tD>*lsoGp7a@je17oc2b$YDpH_VX8{sM~9bo{h1w}+ToEMQG%;G@9=;w zT*`avaQ2Dty>~d#yDO5tcR)pi=ob->e~pT855Q5_e}j_25x!v&Ff_t4EP{{H!%@-~ ztA)>zd&%eGUUK`;h!9F}J!*S+(ML$$)0%dCPmoGkWbP$bC^>D1MmwTpt^?|w5+!vy zuSdSnfcw1B!z_f7n|3%8&UdEdySj;QKjdp)?P!LQCw91@D0bj?=`c~U&LLh#uy+v( zCEIm11hzvz)P@65f=gO2?1+-(^6dI%DA^TZ4uBn@Bsv~hj{{(xpHSH=lw1>H7~_v| zok4$s>lgMD<~qX^7gV{z>hiQ)XSmn2&ae;H8N4se^@~tjQsaWfE{T%cZt0PPDtTq_ z!BMD^AyJ5udnRXG-LC>S4Q@8?!1+2n%dD*b3X40r28khvQM zAc+gte5xariCPuu93AN$6$x`AVUAo0Vt79u_b*4rt0(T7NbGfFdvXhRvPBANy%Wjr zMqw(BXoL`+|~gax>e#Q_(*hPe?jI~}ms(S#W5;wbx) zs7RW0E;3my@=S7v66(hsh?~21en%BT;pPw#YZzaS>kifxUR2Atm=NI4N5i4;b%z?X zUSW}%?8iRn5f9a#IO(--^(fr*@xWu1{-_J~N!K;l1YhY`;#%^L`=MT;yx|2khpQfS})A?;;?6)7ngpXc(tLid|0d-&-yhnbS=hrGX_1* zEH`5~)?irQbROZ#`^inq6>>ZD4O65#4@?W+4lOr~13FxW7HPIf3=KB7L#tM2l?V2C z5JMF)FhOmG#-IxmB;T4?RMlIP?=}yt4(HnkZCV&*?s&GGM85V>G0iZ9%T`+z#dJ4J zj4?4ZHbxxtveRCLp=oZ3p~D`y;eneT#Lxu~ob^C7Q!B4c7$Q%-Mp^QvSnWhCKN*Y5 zKQv*HH`EH<^@K?DS&@jQ4Q{?(6-S~811X7W3qL2q#_2yfpc=X*_@ zmsthQ!}j&t?OuM?f`61`T8s;1+F zq!olHPfEm@=BlK~3Y=F{II_a2BsiFao1^7IQ2dl6n4AFY?cUliNcUt3`*Vb^MhRJ-VHtmPLD%G{X z+-a@wbTUDDRrZG2iLl-;m9@~v*CSut^M-huYVy6F0H?zFPM3UFntUy|-Q?7&TF*)NZ zN&oOT7W*aVOHG_-YvN%m+~I7$4O_SxQYX~)*<%<>U|go zeQ`OU6|N&Oynhxap2j7rCy_7Wa6-4fm8GH87a`|_=W)JQaqu$E@+yv(w}?OS0Gm5L z2E$`m#>(&*FXKYi&L$t=T3U0P_>C;^$focZ7=4p_Cz^pb6i&YN!8sq|WNaLIi%LaI z^6&*R?8d@)w01_CQ7w-9U{^TbY8ll6mj!a0wXoaZ%hzV8%k)1e{V zJ}*_F<9Z65Qt8(v!SYmn3C`K7DShr*nFedpR7r<$mFm5O>~4e3tl($e2A zQG@ArrNZu1M9t<@Xh_8o#ACnpg24#-CV9GojhpHk>=F75F|Jy9pcBJx_o1x(p7I4tJRm%JZ zL$j!OcYQHnB8HrERD-A9!Wt|t468bTz*94W4H)VyJcAc9gQ3LCVX;FDCk*3k57k2L zNuu1Fi?WX=uwDR?S81m3Bao1v0d^KJW+g$DTaII-5-l`yKMxBTnyy9KnMAKbQ=HlG zi=W{TL)!4=*%;z;MYf8;HZ99PGs{@eHvDU;!Rb-H5tGqP+4yU0%67;-Y?>DXcebXT zmS*|aWEr@NKFlDjYbSQt`Is)qd~6rVJdGN|3&YdADMZH8FbSRB1%Hj{T^yK9r!vl6 zkf(BERttjBMdFgdk90()M>|H-P8g~u+rKT_z&YHo%-7-MB)@>k=*5osYh3L3U5SzT zp=|%jY~w-;qWu}-xSenBip+O(l_hRXjryW+#tVy)@gYn?4|m01<8W8WI8@>`vc$() z5Ns+&3JMNSMQmpb~db~Nr}glBTPJ!bMANm!p;sLv6b zavU3Tv@J-U(%3N+QMWD|rez~IZLc!)8|~q4d;T^x?`#R?SKb}->)RbRb`x8=SvPmnwjpT>Rs-(d?^hB|@Tf%e zv-6R8m_cP8X0R_;FH0Dor!CIoOY)>iO#0`h49Yb|b_l0?*8ww{fn;oE9$d&3mvde7 z@)8#2X%Tg4eeoUf4+-v+?HzDENy4*TZ~xlJ8w!;6w{9=}kVo&X0VN zPao&UzsQH@`7zJ($+djn&3w3#Z@HPz8?(X+VmqIW1?g9a1*s^6`U2Qgpkb5`GO(a? zRGJ!`F3W>id9nd|m!;pyh6mZaJo|(A+mc0%gD)t5e8<9k zeL=pn4#~5w<%RmAnYl17SBm){Q$Lplm$Ufe%nxF&@(YY|H@p<{98rpSZtcmo^|Ws7 zsc-AqO4e@w&f)nz>5TbJz~ro^6!!JB9PB9$^mHEXDdWSmmQbG9f?!A&G0xzliZFxG zMIMB5A=_VQ-B;+?Ux+X+FZ5Rw8bdpVXY#5eW-=8?SZxuUDC7pS*-sbhrwYAi3o*#h z$ifhOv9+Dj5jN*TL%u#R2ZrVF&H14Z^kP8FckmOvFw>L0P^zk4th$%As+Xg>SG<(! zK-cgL8@geJS1>ud+6yN3a!%=`PwwTdMbbjVshbAzL)b63MWJQq=B)q1xa0ZG0W!C48|99!k8jUI`KK3kbZh6%d}1{ zV~ap#0S;hg+SM}chE9CBOk3BqjA>_gwqWPf8B@zM7C!g`n7h!2 z$gXR#e7mGGoaSlG1mq2pTiXVJ32S7d>2cH$Rgflqg`ochxOe~ZGQQPtQ9Pg8i*$)Z+h z-7<&ANZTxj`}z8rf)6=hq?7+tIXskNKI_cyNilAAw%q9aCt@C#V!oE|-*k4)>&zB* zc2i5ptau+T#j67S#&=RIYb{PNKBokMFt-GOfFXB_+1X-prkGzWj-FAh*A&Bq;;1#n zu)5eiyBMb~w-=iWW;=?LoBVhd75kQ8UsY^bQp{K9h687I9+qqmX2ABA03L}z-WFT> zmY`qz&fF$A+J>c}J#|Yl_TDTOgG*RK)ZJol6$Yw_M86KW7YX+x0XMiF&V{Fi@U9SD z!Rzy&ArJTGKP^<>s!a}MJhUxBk(??HoGr#)D!d?v^F$F}^bty0_mPtHLJ7NELN1l? z>m^b1O7z+im|7CmPy+QO?u8{N>7Ei((!C`gBwb$OTU7!pODwBOIF=yHm|2*Qk{-eg z*x`>*((;d3#YezV(tUX!B&|l*1Uz%&A+lDhY>!IfWQmWJ_)nG?7g{jfpD!lb_z`LM z9Ywp(kNelc`s&oc&!Z?Z0(s|0Q7Pb-AzBSlPm)n^}Yz?2_!_0K7u!R}+EJGZ&^IOs$yp8r?l2Q{&aIJ-jcU0PhFQrZRsw@5)uRhp>2{a!w zP?l_Y3!Cdfv3PIrs$67VjW$n!dXMC=qdC?iIoi=28S|O+%kdA$F^0Dfua7sv=Qfahil!$&2Ekx-L%`7T;&@w zmlm}kn)Hz59x0G>fALca zU~++bd;uL*5MNUO6AEI+79@r?VGk_u4Jm-Z1(qQNyec~!34Np$GE3TzvkT!u0l$p) zqZ{=}78L073t(PBT3tcXgo2P-PUgWLWlPS?)~h3ld zIKu;JQ;v~|#}>e@e8=8=eNVn~e|~HFpZ)Vg@ZXjT*k54ZTA8K4&4Rw!d{ov4_#gL+ zVGh1n+LTL5aX0j}p6q5%>y4iJ&7QxIE!4agCgS)mm|wlLDH}@RVNc7Gp8DgS&SyPa z)Bh6^XJZS3x-MdmjrS|Y3@VDH3cU42yrIZiU!*q_nVWK77y9278vS#^>-34Vz$PFe z!~XF=k>zlaeyGTK6fLj>84*fL7*!Oi&%*_*egDhywN_&z;c^bogsE@P!&$5iS;XMT0m0e4f z9Hduwbcd!B@O-HZnpK|dACzs3Y|)OtlM@O!B)`!`+C^RBsW{X5FV1(ChbS>XdC>X@ z>$#50j^(xNSl)C&<1@q>E37>?-nK}3w@41sC(1rzQcf$Hf&P0P^~#PgvSV;`M^lDT z9sOfF8k1Y}5yND2yi^h{%lS@*Oqw;VqknEkV{wb*Q`+Mc1IjS28_F=go0p2AT|XPq z^@9xKTJ#bF>=Zg^&lDMK5c!Hq>Nl1?fS{q1NaVcIphJ}JYZ9DQL9EXYY) zl7kcKIG@lbH%8XR;vE0790NU^!qhcaj?MQ;^8LBrNs>XWRk`-++^G5-|F#?h9r415 z)^)%J73JC59p%~99pzcw?Xz{=FuTFs`H=3(p_iN%`9H zd{`kF49p9R$TP;Y801!DVSkER7}^uHFs!FK5~sY!XB9mVmHj(~YwQ_zBLt@!%93h( zYO8y~nx2N%jz;4NVSxV)ghmU30dhpUpeL4XVNWcZJ3CT-BjjEWT!mcIQ#;U;A4C@M zA6VGISlNQb%+6x4!PjF~K{pg8(2T_eu<ov>1SO&x#NU z0z*o!Eb^}@GB&p8L+f%e%OjG((PG4^;kB7HH?laQvKWUJ+lvARi;NR3$adsnrzt<; zkL5@FG0OM8*JpiuW0t#mTXy%xX%oy65jv`S_y^s$2WB_tW6W;u$C#Zn8@CrDOs@2f zxY}FId4RFF1<8~i;;qf~INkd!-PkHe`P({q<*0ol-dk`R{cltbp;M-$pE}=%Qvh^- zCuDCm8jAsku(%OPW`jigX~m4BMU8LGQbu@ivG- zchRR^dP8jK%+#Og)V>qP_@+~P)9H^(64~? z2j%0jnUCe1z>|+!<7Be9Rq_{i<=B7dM@??9AEkzJe_Y~!R${yjXQ1DeWBw{x?bV$; z%|Ps&)x==-M~N6i_@lsxkBl+-;gGB-5al*LLt0idJF0JJLU#V7Y>NKN(soay2^RD; zoto{Ro^8x)VP%b%qvd)@+8~WGIZ9UTo*%=i1eRteugNwxwjim?z>&VIyoH0Xq*k~@)tO_%9HVo#a1fYb~M28`x)0_^gKY0o)^f`^TMvtrZEr-il|Jrr7e=z z7K^tA-zqJxZ6Q-_ZO6h5XrzV7wy~psOGjf@3+ro*G}g{Z((}?-`yiXj?odbn$&SW_ z79<$p^swE%w5xYTS7WO*+O|ofZFSer)?vq#(o8nLlx=4Vn{1Ud-_A($?d%8hO=gx9 zYS%BdNPe(HRN46jX@gx1nQ+H)@=v1i=9`lXb8~TxdtNS|pBqE{oSex?IiF)(YhjNa zl}6l4$>0?xQ?oQ??O8YG+BfA!(u8|C{wF!c>lTE!JBZ76*ST)qi`|SyY0N$79!JHM zZa=<`4Y;bqmEB=gcPzr{?tD#mSp<~#aSJ=`vNY@l;ux6@>hWD&TK9Fg@9&OTV~d~7 zjo~fE#cw_mj}1OgT3_??mGM0_uW&kkeFP1@vV?W{+M#@Y7_BdOo~OUa^B_h9jh8xD zl;_9grqwO1vDtEXxJR*x2K5>E%SY z0cPJJZMZwqhP&Gnzh+N%jBLEgqMm5Oz38cpEajD@DBsGS`YK$h2+4<&5MaCvX9PDp z3-r^zA`P*th3d;bRZw^qXMtnq6vEs>v;(9;)$x7-y;YENw;-953kCkm1;(v#qYO?; zd+x1d^R6(e*_V)BUnr*}I#d+W_XRn93lkp}_+Jzl?^}@H?d>PZkE|^DEltAu8htrD_U6AR$^ve3kzX90*u#73$LM9lZBA>w#+Vz zv8{}5EX&za76{o2Tf<3>W!*$SCqE#Kw1Wi+G?&`9=VyJJPni>}!wW1U3cixVot^pq z-TB6$a8pg+B<;IvlJt53R*788#xJEOwN5RFs4e)#v3&p8eB(+u5gg9OnS(aeD3^9@ z-!hc>Y0uAINc*n7)Y4G;m6Wf%g$4UST6be`T7-@*!#UYdCI?C*4wn8RB-OYU1OvK? z^)`M-8ZdW57SN@l!mDWe#4acXTz{t4Ma7o7;u!2cQaQO-^w$C@LGnX=Gv>V4e1H#PpA4 z0g`DDu(1j6yUzCz_q^!EF$I~jvGwP{U-YHIB^$a02<{j zCI%i9idWY7r5|VfbIb!0lM}PamGMc&Y)4G5nClSpWz2mN^W&HWzKri@On1b5KW3sM zqgO_)dTYTyUl6>EjK#M#j+l>Qp4c;@GTzuTJQ-*77*EV92VVNyV=|FNTFe|vhEKlq zWn9r?eDb9)=CM1&n^ED&@OF48pRJS67TEFfbNqir%Sg)T>uBF9U_!CS`U0ht3y$bAS`LNU{>FqoJJ z(+(kgW|TH9N@zcROW8YWn-nFNWCDN@K}SYGdzq03pG}NPrx8?lMp*EGN)69t#pBBv zE~r^B^zsN6VTsTf;edxJ&{i3c!U-P6?ps9a&>Ne_03O|q`%9?tebkBZmhchCf?uL2 z=y|-r1&T+C@+)|2xk~vp{AKuyf8+6;J7uctxS~MOOUSm6F=>)B4?0(PPeh83;@gOC z*uTTS85A4a@q$ehqLPS(m@S5P(rnW-HeLJCRtwu^u^o?q1raFN!3ep|6pdoxlViAB z1*n0WMKm_R;v`rHoZ~;k3OKdljRpY6deWds7e+Xdu%B|G8fk$+78Giu#y4op#XNkt z1&cqzVvNLJXQjoc!e3r#;rMs81@_=D4<)gWwXl^T-w@k^2;mZ`ERCn?qck>J11UmA z9{rlgFBvRRS{%hF)g+Dp{YRRQr_Qbo>^Y*9eD8Y< z$)9Q@ojw%APoEIdp03FxX|xS#O$QyckW_k$lK}lWiKBNZ$)PhCCVL?7mQc)TI3XqU z86iPBmXLfZzW2R@lus3OAR*oO4_GQ6L@arH8r5>izmk`n9K^HeMKNDb)lWm{=V0jP zHDNyfI~pxM;>#KH^S@VV)`VVe3jG`-sJoxi2uyQ@utffQ{Qr_D8ufQyLT#def62P= z&!8K2j~~}Kcw0!Q~fc-s}I4t zy(f!k=7x&w1_y1BkEdeqCwWh;1IEr{Ex_S0&#bA8TevM=*4%6dmnl*`-3K{ zLfO>H2Ni_1<%eCGj=#g0-`AGeTwgt`?uREDL%H{+iV^)0a|U^JEG%5+mb6slLO=n`UH6 z%}bdQT~(`kfXc-$sAZlg*AF@7`2i^^i#s7=RaRBECb#bjkEi&Sve_Y#zRP10@qQ9n z$~HH9u4JfeS(r)0_et!|P%>4CO7)9LtBgc1e(E0nud4Lwl`6m>lJHIZkv}C!$_V^V z1j*m{|Ae59q-3Of`6rlztldA*xw76>4ueVBH>qZkW_`d_9SLT%_3{+)6+7Cf()EI`U(mD<2yAggbyY~ z-xPMmVkvz8fqwUa{TGXs4O}e$dC7RvIk~CG>RbCu_UmpvKAQNaD(I5YJ(e$MR$#MK z-TtX-HDMo^m~!{XDD%oMFQn!_(n(Uy!wLO+{K2Ny!^@j-GHFUPdWX?WCL$nd{uXI2 zNE#F?f&bqSFXWxb7n5EYf9Bu#{}aI{-~9QX z5Y&+$Wc<*}Yh(_8s^Gu)=Cl8X;`59zyi&heye(4w{<|WW)$-$Se)J`_YG(8LUA5Ga zFEf7XX zX>I;>#xJ~l^>=zxy8a_;ja}Ez|LJcggfdzzD^2wtwV?+qKYT1N8T}QR!06{>v%DM2 z=%-|~j#42Odh?5fwc(rO-76`~L-=LKUyNXX*YR&xuwNDb{VevsivIyyZx0_qe%Mn8 ze;djF@X3EHA~csoVGiAp@!!%f$OH195q~V=M+q$@*9grgZhYCpeEFFCm$jS}@gszG zBG)CUeB0H0dz;Iv*mBtS6Dk=kP_B`H;}%>(VrCaKeB(2{Zcmh zJ?d^Kp@qbUvc_RcBO47_5ZSQICKbdnkd*L5)|KBUv?p0c%}jf+I8636c}4~hD}M6) zfXwu^EK@X=sTYe;uV0cu#5%O8$jCw#Ifehw%%m4)GKUNy*5R1sq%6-mip?4M6=@*D z$apfC{EqA;p(ne^2x6Q(RNY zV=|rGC38q3uOc(aDnj27+KV>eo^CRgY^C$jTwYCW*GSeE-+WU?KB0fUi2UUgQZ$R8 zEndij^wwPX-uG}~f_O2!z&G5+aCF0g;%G_utQMUcK)9aeh_izeBDfn|HaBq%`>iRlXu$gdNokM@ zDS7}>EP-nz&7Jz|pewyw8(Zt5cJ8*B?O8@t`>2eP%!m%2Oy0qj4OzAv-Vx^mvvTs> zxt$6k@@+-D&?w;fKQ4jdIQ(xd;l;sD{*Qj!1vH&{XhET%g8SR zU$LL?uWUcD{w4n@|11B`e)iX2e*NjsBmbu0m+TkDFKsx|N%(v1fAN2a{k8uefBBoQ zzWMZ@qy7ng2fsD{Q}!>$?+q$g@VCL=x$vpwxAb=b^WOL^`S;X+3;w(QZ-7I?%s+hj zAD{kb)c;BUFXR7O`w+_?@oVsxlb=C2au@#Bne?WkYLwi3?$Ye#4(s)LzX<0 z{A>jIaya?4l0=Op>D9!jBG%EwGK#pylH@Vuuf~(F#*xo!NYn%ZlL$--rxH+C`xF9`N&IvYGmYS`kjNS2>)GV1S>*G%Bx(-s zR3nag4;BB>oem^fa-ZBG$7caE1iW64x05XNlvCP~yg#@n>{R$r8L*NR@x=#2t0yjy<4H9>o_-~P)-z8t(A)nqSQTK4NhCpMpD`gLf z@rc+T66*sJXe7Z0#HHRl8gabMNZJ!(drUmfNXk!nQNcu5k}Tl+f_cuO+h5&bPj{3Gy|{IC!8zbC)w zOP%G^Q$Yj$Xt091`r*1Eb@Zco1E{+{g+UYsQm?wg5DX?ljUm(+Og)2W`al{SgvYYU zG>(CI_=tS#7)Ap_Y34Ah52Y{+BX82vWCZmOr=M3++eqrGrhzINtj1$%@k}o2sG@nJ zsT=pnjioS#des%iV^~*ejHm8#)H9X_#?atc>KY@{IL6Qf_10cPQzp>N8mdpgo#Yr; znf`DRO`b@0Jb#FK zX4147G&mE_lay&3GiZW(>zGReb7#3)K2J30Cfx7B3YzKAJ)4Wa8y%7&m z!pJw&tFEw(!d46~hF(0>vxNpW)8H07gHfh&Y^LpY$T@53+fFm_Zaak?6t-hK$%yS+ zYTZerzNOkun!lSS@1noiOKp3oXFpBZM}zyRYafOE)Ul7|9i;997zBdCA?j6EIEsOa zsd1DVN2u>G4IHAu!+6wbgYXGId;{c~`0X3We(!a*%q}6>d_vf%}@#Q;d49 z)AVaJc%8bg$uy2@wC(MXoVREu-rd3|ju@O>$!XlhSQ<3yJ}#Y6?E&SDc=$Kf@6f_W zH2ER@mnYQun0lVkz*8E0hDXL>#2D&$O7mV&_j3xbD7>Uzb%i$=po0w|)!*V4QVe%MJ$)Fwr{2EIMpE8W=)>IaDec4J)qTu+ zN-CJIAA<^J>BoLFfI0g!&ma~U$by5IYaoL`%rTJV4PoxV42Cg0vCgZmFoMBwW{hCQ zaON4t(ucC(FyR8*wv|lP`AC+DcOw~8G8oBZog3B6R>k5+v;0vEt@zY2>{sKN zF^+j^SYQGR)-cxu1~tqvf#pqN?uiVhFqq7|>I$_CrZS_J8BW4lvP@&) z>C;$nI@6~yn9g7tOHgU;Gg)8;%bdyd84T35{cOf&G3#um&th?NnST!ZYCf~gW1fX9 zWdRE=WG)PLxR5y(u)I3vUc_JtgT>6NuCR>3Qf4e;#!}{6!UBs~a0zoQmT4S|S^E_s znU}Lnyj#v-1%u@wnO8CAO6E}4(lyM#n*HNC=3L7>8(3gH3vOVp^$a#J$9k66z})o= zHZj=9yy^;D7;I+77G`W_o=q%$BMWX~u8lH{V><2dskV}Ev% z`A@K4oo2RE%yX8doMFMU%yovrS>`yy^3F5&IR+OQTwq>xh06>sG2=2bE-~Ll7P!EI z7n$pVOyjt~64YD!RTj9yGOsfI3X?~hTw(36Gj@$xuQUA`%ecvsZ?G?JGutiZyUPN1 zSnw`$-C=N-IqtB$`^lGb2Z8|jz-q@Nl4bm zEEDhW_>(6L@T@k8;%ChMlsTR;=Tr9m7tH^h{puC7y=0y@Eby8I-!Ru}jP1u9uUXzZ z=6=hd51z!pyy^;lpJqz~XuJ)sw-5Y z(+W2#xpO2Bj^Kge^6DBc(>R9n1ohTl%>z~3I~uq1b7wWzt2k6+yg%M$EQc{XdNhw5 z#k0qA+c@s2;eiP}Si@bod%T7_Ch)vT+&vMus^LLP+^eooixD-rQOk{~JZ%aOOyK4A6>3z;FxYUkDJAN&E>W^+&7;G=JDWs z?wW_^33JChp0|*@7vQ!hxk}?zSGlQqF*lZQ_hRm;GNmp@y@Z7aEF4NqCkgKM~JHO3y~j@3MG9e1zg zumK}8bFaEW0|v|FMguqMxo-mxtmnZE+_he&ajfUVx{qh>=lVVl`!VJ)|KuQN2XK{xYX`XdFxL-ZSQ;LsuI@wJ zdX#4z;n~M|t78~Sja!cKPA9qT1oxfhfm1wqn!8SMIL#fWck^)t!X1}*yYn0urikwx&&0cPCZ&|S?N!dMaB`K4D;%!# zjB8w6$3ypU_2ee^-{3#F&26{1=PnQ2;laDybqBWxa>pIs<34xa!=0TNIDmWA6&}gW z{>CG2JmhU2@IWIEKH#oKna0t`6V+S$6Q25*XFlQjV~j_NAt3oD&p3O^$uq7!Y1lj`zH@uW)1F zlL`U-gjZc*fWSxv#sFdOFIo>0fq^18NVoTV61ohTYBLWjdW{uD%2&j<(2}Y1f!aq@bF-6!W3s0>` znJR*{!ZlSut#C{gdDDe^nt++O$}7C;3K+*=mM~@uW0vsE6oDBcI8(T0$TW@_qWxT< zkUmFb;@unpb1`zC7)|F3|2*;aLg8E>Jar6!E)7V3!E)7Oq_ab_>TYk+)a4_XyZ8 zV4v`+D;yMXKo|#w`+)H57lC~uxL>&T$uy3AB0;^i9~LQxMCM_k9};j_z#;Mdqkrd_($9(DdEq)I(>TtFwwFVdbV+35-6a8+1zZvmg|@50dPPKE71|Z?yX(S#P5kbr zaNZD}+ahpF1aAx1EdjTMz+*G zxF^~^3g!7wWa8aJ0gnVc6!s?qE%T>Bdm;F9VLTD~WATSq!v9iy`9|1Y3(q@|@>T@j z3D;Wz?}X#6$m^rI-wWugLAmBtSE$gSpJr5OMnBEhR|}MD!M>WST*EYua;^OUO#!mM zmWg-$H5i~le@)724AQIvwWuLl%3w_!hKEgQ_(UJ5{p$$LKV17wrDhwcd8)OPDlJ&8 zxvDg%)*Mw@-e}D|N(1z&9iw^G6~=2YPBX@9#yHJ4Rtt>Lf@3w;7@5W~MoUm{?KN6p zf|gmM=@T@l(O`o1`6SJtNs~30qPZt)bczo|#%; zh8CQuxn|%2*P3I7mNy$uE7M@E26Hs8y25-7=4r-!%|1`_%+=E7Xu-LfYmQ9gn4`5_ z7}CN5Efen+Xs}R&1tBfeX|_dL@e)m6ticj3ZLyZLO!F_*{&9uoT&{UmX@QkmaFym- zslh7Eu~N%hqq$dWuug-unpa(6g9ht0V}oX2uX)yKX=}CMI?c6Krg5y*64YBqgBGaQ zG8;6#UV{b=>b25M8r!H@H);At?U!3L|7Pu{+cf7^&9g%bY}bN2G}m?wc4&_6THd#s zd#47wHQ1$j)fM(?utziYYQ`STvs+8wr3H6uu3a*XW0%%;e@NDSS|;A@(_p^_`$DoF z)a(Z|*FnvBK$}SpYbl4ce>ti-k7%CbTHqK4kI`JmG&rs~j%j%(HTMba|8e&oP;wmC zxiCA{t?ugTFuSv}X%@4yyBGkwz>*@Dqyj{m6ev-aWG0A`Ed8=1IzOAXY0I{L`ym61 z92Ys~oFkEQ&N=6t7CGbH>gmDGfS{n@cg}zQgM*sc?y9eEs&uR8Uf3_Pn@9W-4(f0~ zX9sn5Ko9TN>+jPO`*jy{pYPZCK0WH+<%jk7A-(djP7mpDScgOU_mAr85#2bd(r*eQHKjUyQs4ZdicCv z|D2vUue;|&9ez%4bUDf9CA|{AUDDyQ4wsT_Ue&EDx_ec3uITNhYkI6!|KSatUDw06 z^!QCZaZ7h^>iAv>zo}Q<(Y@O`+!GnuBYp`Fbhxjx2fB4%Z*)(O-_;ZMbQklr-_!YB zy~w|7J<>}b>Xnal`cQ{QI;LI!%NE3WteY(`d7-YgAcc>0XhFQk`b(`yUP}V42x&>) zY(vb}B;1a~+mb{(;a(v5u7lkgrS+?&LEkwkCe_QLd_g!dvu_WS`FoD2$!X^-BJV{I<@rj~zCt_SV!Y7i(=aTmnS3;j z@Tnv`gT$wk#0=t2$IK#xPbXEgh&PkK90IdR#4ll~ zn-uwXtp%iXKB-(l=zNSRNnk$tWTBsV-Y*ru)E1IL%tgPDc%Kutm|%3LdP_;(5&}yJ zSwfmFC+0Gex01wHki<&jt{||I@D-$LHStyvSW93HiTEX~$3O;zttZ|(lGsS%8${`D zAh40}4W#kfB;#vHC4O5Iv=od_l{RDGCX%(4#I}%+wi9z33GXEF9VD@nxELI2C*eCt z)o$YL!r*fR_K=8Q!hQn#2-{EWeI&7$#P^8O-6QJoJtXSiwGNW_0aAI8&;tYx5;#CU zIgBBp2>7Mqm)c=cs2RevTy0 z6Zf159p#)ORTqheVWcoI=p_>IOSnql3Sn0XyFwDzNW4~*ZY}1yAiS0|zMK@pB~pps zE(I-x7{*992*bIP=y!;In>4sb;&;hM4~Ti66g(pFha~ZcxDN?DBK#q#Y60G3?1um? zA>x;S8AMwHYXe?uNVI}@OHsNl0qgLV5cTg`?I7M3D%$~V3(yXrErdG&w1=V&;IxN` z{~i2N@k^}(6txGu5^4`}M^NN?m=v-zggSxT84CUHIh{c23VB@sx&r9}Z*~W>8-#m8 zyayzDf{SskdIIkORlULM1yBRf2O@q6{Q&v`>jzF>NDP2@e^I*q0R{l?4~=WU9~1gO zC4TD@v=m|*Ee*mK_e|-wNDIB>^`I(#e?`FE{JP&yGRCjp%ZFbQBHd@==KGJszy zeyL4?LjQ_48Q3%+Q=#4r$eRu@1IToEa~7C0Av_1-vmr4D+}QwgfX{}idEm_jzx;?P-H!23&Hsu5{n_eNR%$7say2;G>nm zS3r0*#8*LLHMpw)Rs&xJRcpap10wzDI*9lsYy{Wmacn+;yT3Uk640 zU28LxZi33qKsNzw2G|6jZ1oek`laHR+EysUl&)LB+X8GmnA@PnCgFN1*Y+ zB>M-T62Bb?S|-^)4xwXEcoJeK;G@%Eo`UdMC_Mv-v*4ZqI1Bs?RGkO!9Kc0@3lQ;3 zxD0R!*k!OTLFq+^Ux36#a4(2D`~npDcde^XdIc)40=)uo6)Vq7k|tVFwD#uBYp|pDRiT(J9WCzL{}Q`B1*T5sKdL^sDIb$ zN#i|eWlu_bQ0Pga2YsY=8vauO`_&RS~!KqC)30f>SA#FDU?s9Rnw?9 zmBI`P(`m#nVHSm%l+B{vOq!TMG`yI`7tzFG>Mo+NnDRxmYAN-WP{1(y z%V@+eVWkL`&sI`r1x>7`@l~R9F^>6a%2(0G%c(!yEu)qAZCTJ#=z6ZSmgcXaZ?322 zIvUu;cmjnv&hVI$=mXw_!wZK8mY__xrAU&3|@+bG*k**03XmBzQw#8&EJ)cviL zZ=ps0U27*T-9amNQo4h}P6|8dCm3;m7Zq{$cTvSJwcWJPzvAtp#$H;nhrYC*=Is+X z49Gs(^dL14(C}fJI7AbNse6dRVagBDs-x69Lg6^YoCguVgp(pbKRZd;30i!d#*fj& zaq1oub@(yb^fZN2G~$tMv&8}Sxv2J|za zuMr+#Kz}1Tz;OB-d46g7SF`~}VSfV#7+!yTBWRG3H_(7V1{r8H9b%Y+jqos|{!k+^ z%y5SqFwEdXjj9obH{5_x28=W!ehFhRk%Ym<7;LmrJkE%ZH4@_tcdP;93_jLqGzxR9 zW49k^RN}XhK}%u%UF8WzY`pQ&Bm*;igr^ws$wp#|;Z8PSioquvRnrV_ssS?$m~KS; z5@s1N(_pgP4way4{G~yeK#74v2V8BL$Z!oGh8{Q@Zwi>X-i1;OJH(;B=wi|4lQNGoP zZ!r>E4R?#E!?zek{#|RQQM$vZ+-cAq2JAFohY{Xwz%HX`x8dwEBK~*qOT{m>-A3Uq z1Fv|yjQCyy_89hFL)~LE-ES0PF8lok*=IC8Xz&9@_^=T_WF!t7?jZvX8~l(_b=2^V z7;xNxV@AX;;iLg440h6BCyesbM*NhKIBmG6L^c$D$|ygc6vZ*462Bb_S_)BYk}&Q4 z8RIMGjpB30M;8r#!3bYA;+KrXWy8H>z-5D9GODf`-W3C`8Bl9P{1R@6G%4(c!LA$S z*Nk|rk+^2KwW1EMHH!SZ)-9v-rcrszpf?S;Wx!1%e8+&>M$sL^xot%J@8Fk;Uut)Z z!rKO3@opQ9?-_8{(C^_7W1{yB{gI(QG=9{=%zJD=3zIxHnzk}oOEcWYjJGxuZA`bd z32jW?+N^44dTmYUU_yH{;+N3T#GERuqsgkx^3GkgnlOPYgP>~ zz5XT)GGU+@@kgfV7lv?-4<3;pjoqs>O+%!08d zj5Entv*`qrk2k}U%=knzG0Ai%nlQ=a6V0kArZ?GyX(miHBYp`pOqg!6877-~XuQDrFn{<^4t4&yCezMktH759_;+NW5v&g>^T4S>HCRu0xa-*5I!Gw(_*@XvK3A;_$WwPBS+hrE-HRF5C#9q_g zW5QmO?=c(gOp0NLS&83v1TBRa)=2wJd!PBMgJ%4I`O#t1JY*IeHRDIj#8J~dV!~0A zA2F+ro8B=KPMUDSjQAy-HsO@XPMh8-GjY<4pAe;cLe$|W%&33YI%~$yn3ZQudd7sa zCY&+D=S|FXUv%Dd&Y2PaJNTvIm)d!==$wgHLg&n~izZw!?TaS4V7`CZ%)4a5Ws_Vo zn_e}|D`xnbS-;jyTr=HT6Rw%O)~vc=de=?3Wx`D};+Js8gxe;&V_LV(;(KP|u9>)J zx_3>uXY#vdqg$wa>@qja%3CJA8MG7v*(E(N?fd38ADP7u&5v3z{@4t+V)2$N(Tce( z8MI=&C97(~yw(ibF=)#oehD2Iv}ddXW9?ZOVG263L^VrvWNtNsj*M5cm|w$c$Kq{S zz0M3eiT1Q@fbzb7rG95dIx*6jshwD)D>J*Wg6=HdjU~D>w;QHeV!Rux>dCww40Rtl0>r4`=EK#)h+b(kK=i$(oH}q0wx++GnL3WKv240LfrZAi z4=1tMMAmEy(p2I@3S%Y~@nahlM zOrOgl3s`JEYqpS)&lxOc+9JjmGkpiydG;In2l*21gmbxp|D~C-KM8%stBJ5jI{r&B!SRXPI_}+2>jG9Mdl{ z^#WsO89l@1N|#ya5_7LIxWXdWm?ITmVQ`g&t}yv3EA+qTTw&4;mUo@O4MwiBH*Ya= zlffMZw^`&K`=(rWpMCs@g&s1ug$0jUq?Kh#vBwNrSfR&EZebPr-*XR%sWjS$B(cv!JKNdswum<@B)rq_U6|FblIVS;j1j&a^7#SjDrgX7emE*MbEWnQzermNVb_ z?m{c}x%KCZt{q>f;&Qdp8WP?RETIvSt{mquW$uhTE1pB7C#d>9@MRr)Q+akLxjHd;=tZ~v_ zD}Rsm$$rb;XQ>A*a=;=7E%ku)jl&i>WW9RS%0FU#a@?|yS?WoPoUjN6Ks;f+a@r!N zEa$AHoUy)o-pW5`y?xONU9hSyTgoL%x@@VJtn8~6y<)*tE6XpvE0%H1s;ISIy&b_zGIQw)~oldin|sLMt7{NyVic`ffc`RHG5=*9$Hl`xboPNT5$ET zmDP&VmK<8~EWh+xasz+r+nT@Hj_0-I(2kR~ylDqc+Vkv=T&d zgvSQ+X2ZBXl&ixy8_Lg0BY12$Z#IgDMq-;WTp!KVF`SL&C**NFG?xGA1g?zd#ssd9 z=T(zgmD${w!}ZyGq%@C{xg0RN z*L=b5&yT9Jhp;2Tg}NT4r{r#hTH3TbRE|> zaP1d3aJb0JF7SGndGRIw@l_tW!aumiO}XeghZ{U}oy#|Pq5nPSI`1mo;^ZcW zJ6yZXtL|}nm%}|?c9##49&qC4f6IBu$4V{i(#O16E1R^$%yBkvZPPZk)7l;_wXm%*vV{AIwhB0>8XuEuz9UE&mn_%nX?E%sxJ2uh&^%UElY!^?n z-=AuamuA@dbbGWs%hqSw&F9#3wheRa#B95Ko*kQOH(Oxq^X=)xuf%HwIg+QVx633T^+rP^Ecfc-_zaAk-IzS>F(uxSmQ+cIIN#z_jO`5PV+vF zHUL|HG|-U;In4(;e?P?02RlC;mTWiFk%u|24Rr=dqa1yt^WhkWj&@*-Q#RUR;~X;9 z$)Dhqjdz+&a`cJLZ>Bi*WG8Q$6PxP%W`<)=cM4}Y@6B}B9EZ$ydP?&geXjGf1&%%6 znJX=H^v|6iE_Nv9{afsmEppgW$6Vs%FL#QUIn7o&`U>YatDVp)r*N$kTjTtCy<@L) z3O73MZE)CT$J~T?TOECi^W*JKXqz)%+Ue*!oDX+9)-DHjI}LX^Y_CK1IA!~t*gmJ( zK}SE}{L5j-KIAk!>co#Yzdr8R$DG2G&U+^ucG@AQoPp9=M?d3qkj^{yIcKSK(XlT$ ziOWvtlJm}0N5A59l&(4Xwa%a2aO~?2+;Wtg&YO1}xb1}QIPA9b(mjXVb>M-c-*@^* zkDUC6&VRIU?Z-}{l^bg5zSG9lTe}^lc5Z%K_tg$=sJ;7>j_wE5uF=_jrITCL)s1y= zn{{{fZtj2dbYJP=7WZ~zz1(IsZm5s@Q9t+nzOFIAeWkzq(jYfB(0yl!s}FYnYnc1W zP&YBcjSqL5jdJyo?uTRCS4X>_j&oyU-DVS9eLVhFV3J!r(fweG8=35~X|6rhEuP}O zKiTai&v5nW?g4q0tIu?s&v9R$?S4AXjm>qNEpYYu?ha|88~fb-aIqU%qB>%tn>UhArB+}GE;CF|T~8(n>aJ4o8>TASP# zx4N+{?g!i5$TpYlbnP8(z3p!EZSHq>yRgf(cf0B?ca*f()%UpnwcoY&;cp=hy7~dP z`C<3xLHSCdc^(ZX*YJtZFbhx&$ykX^DdryU2yfwu6D_N_o`cb z#r@!#8>w~K4cETz7G87Tt98G7%Y~b+ehb0kw_W|7tKM~&NDo~7K4wjMgb2ltUA>j3 zw)Cd$CSlv#y@r#p@|` z_n7=*4^Qstz1+hq>g~mPc^}kxkv<;l=h=O|!W!?rKHhf+U-}bdXV3Q@NeeywbMM2&-s_9J z{G}c&@$97@S>iQY?!}gQ-&yJDE4&(MwP&yLzP8qjt?@ou??u*mY@=sy@Cw&^@2&H` zx7mYDp1s*4o4m==R!`sJjhD82_BQW~w9~_ki7{E(Ebbx2Nv%B6~fu$8+|3 z%0BP)gI@jtZ-94Af?7!|vOYQN!6DD_%f^2BYrllF@>^-&lh^S|{E(M8?74?LyuuH8 zq z!wlC-%=r5+VETA@q4ZdiTFCVuOW$}Q+)RG?tN-ye{H2^K>GHWC;KYC84|efVx!PKO zK@M+~TgzKyX{)?U+alX9sOQNGk%lV46hc(SASBdCKyJSL4cU=j(!&K#KE4%&31i;D ze{s2){GnfdfZv=K?H694_?R5&TlnkDugXU>$q?}^{#}jYwUGKQ`A4IxB>x-6{iu=_ zNb0v`+tnreg+I@d-BrIhW6Fp%fZe39@ zGRg~!CAq(?$+2GY9AYWod_j&K?Ile- zK#%m2B>Yw$e1^Z|Gj%`p`DOLK?0TwQ>htM(sq3lFr|&=S?^L_gr>HL@U#WJf>tFVn zs`rO}ei?4+`txubKc$CMyVU3N+CT4p3g^o{pVz)5psxoDzWiD6IYke?Y$EvO>o0uu zTVGLMj(o*?`4h|J>Q|I9n>!ZqzcKvAc*xSZY5~VkMBKAp=Lw5)z-unncd&l4h8EOt ztyiAZ$g^0f@-jiRA<|crmp`^V{*m=nY+RrJ6ug%r8? zH{mjhAo-mkdhrv9z2qZi@%kut!!qz`QU0^w8s@CTzr}TqpT+#=*2l<6sxILc))icQ zh}SZo>tUPtljjv%jWB+)pi9uAqlQ%E4G>we$^uF_Ui}*4e-TSOU(^z984n{)p7kz& z2k8N;0RI>Ae@6ODl>Xo1y-!h-fALHli$~CQ9OMLT4Qr=98B$lzr!Hw_rhi{U+5`vU z8b{sNag%2`8Qg_^RN~92^a-5}@Cjg5pk+jPGqkF7dDOM|b($tB(pvl?&_JeCg(MPB zo=}1|8bjL%TP07feFeD}ZIaR!J;>tGG}?t-TKKo)*GclL`;z?(?M>L1gLrkkzWN0` zp@BLY1YQX1R|Y+_g=F=We59ZJfk^*fpv*!Z>v~Iy$7fNNgFVEsH0(X1C;Wc0OQ3b6 zS+h9#6^FL|0;O!R@z(k1b%6x9Oz?|iGQ>$A_Y%1GL?f16e2SU*5%csPE&jh{LA zoIL#0a2)z$=@;W;7_mM@%=hts5sn|v?@jS1bT{sn*c39WS_!SiUX4CXl}uz~Erz8th!vC2pvS*xDW-x6thtmE538D@^u zjZn7PID>xY_r!b|aTJ^_z82tB;Y{~^3nR4&0{`i`L(Q{?eh1q{fX_Dc{iQ|7 z3o{KrT`tL$omgv#XZ#E91w=Xb;SMSSIsF}g;D%9$KYPc#ch7t82zk8(X%JpFOF2-vfe~s zk2eh#o=?vY&zs1_q98ReSU5j)_UD5)kjg*B?)JPT`2Sz16w3K~Tm*?lyoa4Z<&FP` z^bSb5;afA)y zw0lg#Ve;Q_`S^z}Yrojj>a2sHLoSN4*Ra<;e~3(%$}=c!E#Y8e;|fYacV0ce*FA3o zlFs|H<(yoFr7VP@6q;n%#&2KLq~m`X#i4-WKAOv<h5u<`M5tyRaAk1zJ<%vtJb zb4acsu;2YI!`bgLI3&B;cY+CTN{Y_6eote2dSpn_iKQ6CLcdoJ_@WKeZGKb3?sw7d zY+OpbnKAU%+0pMSR-D#wviJdR+FyLKl&JG{KMSq&w_2^BIJqiKQTzc?tOv^pkedI_ zbZ6@DX>&-@-7Hv6XwtjClU-z**t6xGxeyZ6TUIIdlWd&)MSsadFLlx%n>6X)?kju# zwD&!1pGxoAz8>TD%`v%>UGaKD8M7zHj3M z{gL@7@BgXE`dwTQeeHL&aXhVhxghO4B#IO{X!q%7W?#jLHG=&{vHlE4a=^tso}psT zw10sY>UrLKkyNc6Dr~Up$(24FX2;ukfNck zX3Qu1shXv@^9^{(!HCOo-*xgjs^r@NsvUSdJQS^DwUziQ*e3)!0tMR!H+8EjU|u{U z*^UHm7+lx9f;WHWKdYyp|JlbWO?_Y$m4e@eSBW@&roKA?xkzq&1?OE;(iAmg=*$*)5Y$Av-@xWc%xpo;&=gTe;aRnFOvd}gHuwmfb&?gCer$CyqLsIqd@pKlelTLit~yz zIV8ENlQrRmK3Dkk?<1{m2|?KCjSvUR!uXpCx}JH##IEwD&xOf3}w0MZ@I^$<+=RUbxxhRMgi;vZEeJ0F@@A2Hp3C%td>7FV8hU0lo7_0FakikxIQ_Rw-PAj_kla^)Jve+Mts5lA|zP`+kfHnUUFMgpT{FSdp z!APphV2XkN7l*(n1KW?W6D0k7MNeU(2uCMZuYzD?_2Z!G8)=~VsosTElNOV24V7>O z@*d7z0#V098#Es=q`V~2Lw~3Uo}KbLy%1*4G8a}~6+1Ghi(sU5U^K?a*y~!;5LQlBBaTpz|YPFDW|n@#0(fqb&dF^{^Md ziBfqlbz1s<>JBEiL)wHJfuTl4Z%~jFG)6HT{~%TC3++F`s*=@1;-#n|1NX@S zI1BX#{kasiFKUUSpQNSW!lbU&6YKs!jK0Y#ZwO{^XOLz?*{GK>61q2%3dZ}Lg-IoQ zhcCI0`B2eb819>YSo?3GEX1BH!=~TG`K~IHk`M49shVlMRn&a(X_`_yCRGw1hQCUe z!JAKfsPFirK$^7({8USjeh}#Rhk~tCZ&4-T5&Bhd>q(ChJXp935j&CkPo9SDzHPmM z7hmN?{{ z3I-HDpkTHTjIggNG8I=fnaop}LYCkKWu>Zqj`h?zs;a_#Rb8NhuDY5diA<7Q#>5?% z?GYmvufbUL61117A8}YeDO<0ptu=gf8_kEEt_lJ$3@rk8!AnX{5mFX`+h8hFXs@Xq zi1JthO!tVHTxMb(7cR$rYz+KA9m_>5BreFxyT#@yutrW(0E0K46t=-1(nzG(m#}^wh zr1~8h!^MlB@gpRR?+mRJE*l(EC<$sX{xwF&u8*bc^iiNj$+IvQrEJ$~2yjhPA%aoe zQ4oGR9b@9(k(HNWwxSrAPSZHzXfG2<9f@SAqjd2(O4lC>;76*a{>K4b!3d71zkJ!o zaGA0`LC=zz3nCvUuw*vM{*I=r7|~KvFo&@2s7zvVI7{7wkYq1LSX5s_ndsMTO^xgk z5LYo~qz$KRIBh%UY&e5yFbTMjtDeEia8{?75!HEHosPdpP-YOaPgnNq1pk_W>wI-C zURB2tWs|NR)s^`o&8C8>L7C5u+RN6^6k3aHJM9!QSyraVq^+X1!&4=-6JAv@S>JG3 zoh2(>l#G_JB&0pWSMnIhq zmsp#ps`t^g0w3+?@BLKz%X+_LN1r19iiUVikiM7W-^ARU-$V^JHB|iNgDf?Ve!#Xq zRUL!msv*Jcht1!!RzG!fm%#cCVl{XC6d}+`hL$oA_>r)O`MQdIpS-QTRs3W9pVWV5 zXgSi$(HGg2Oc-N{rbT_4Bh9m|j+r+xUNb(UE!v|9B8zdEZ%KejS&m9@L;_6thR=DZ zVTw!a|IIW^cpb<4*|5$}uZtbKo9>R#uo?02g>L+9PTH+bx;sRJ!5VYo$1`r+*JxJ_ zx@c%X_q60#fDhA}_$0p6yoojHDH3N268{b<{IvdWkdFT}DvZV`&b(+2!|br>+N7gX ztV+#Q3!?|8--O55UD;5<>L{t+R7sg8VZJ>CoFW;Y@V`XF+~NWZaGcqw78_wIXj#ht zIBM;F>L$h*SJ`}lxLB&cPGGH-jQ=A4jl-rcy&nBK!)YryTOaLs#o|E`9A8Cye#~Rtt4s&>5iX@Cf zuDQu*;p-KcAO{2OH3T(fsgFVtYrm9-X_c~}J0=gofc^w9Q0i8R`k~-;%wae{RcrAV zJF3jii@D% zZLS83HAg&lgYxcX#o7GSV}Git(h{ZE&ze!-XR#<;t`y-s@S1F{Lvmz4`nI}Wdk-g} zA-aia#}tgZy-_PB0EC#B+u4*=GzR;Cm^Th;YSZK(9|laie9qA>NMZ5xBl5?`Wv?fu z^+=8XVi+1OBi9d=-@-MH!d-9z$7BjwhPq4^b)c%%sF+Xtb2;wo6Wd^hnMD%(??9c4 zWzdw#5@5PeOSEo_Daqcbh+mPr2+NFNjLwv^O9IDN1h1x0XIO163p8f9qgfu!D1 zf;J_%cvvGRmp1A>%3GQ)%;8Cp1oT2R;EL+D!Zkck0ze+xg&c*qn?v7Mr`Ikvc) zLFar$-6!bWj}T?Q#4hpQn0^fnbGG8H6-J7a#~QiVAM}DdPli0y#f$(L{??}+g*HIJ z3_Jn#m~Tf=e@KoVmD!-DsGlrrLuKE_zSg{{g#qd_cv~d~qkUp9x+uX9p*eh%F>s96 z)N^8lIxivP-%I$y{TFDFsnkDHM+HMNrpVA#Olgk!28T!tgJ;X?5*!uCQj7^{jU*+0 z`_md=#Q5|+IfmeJYIdquZpV>3vI?-bJQ>bTYH$}r-b*5OFvjJ?`31A}?g6y>y@;Is zIZ0a1BN59z19`DP-jqT8JE7B)I+prjoY|#)y1QG4 zUHWGS_3z2jJ`z1h7|v`Ng4>Knkt?fr#h`ajuy-gRVwesXm_41nqk@Pl0THA#J|Tkf zGt<}`qQgvGuy>7M=t{xfBT4N+QSKPgQnqfAq~Pa?VCfmicLZ|#REHX+YXd0^qoF>; zXK$qrbN%|gv3nCbK!yIQ-j5WjVcFY9mHpJkpI)j)gd)p>NndFgL2d^_bQmzq|CQv{ z+#3=DQ9DJOqrMYROYx9-{4-NXr zz*4_sAZynR_o@L`jL&Wv$lrA{ieZ+}nliL`7L|h9?1f8w*4siNZU^iwFaX2$r4w;a z5K*lsM-wszpAhM9rL#BB0E}^m>|ykziI!lmpRP_sWSAt7F>sRK4KTDF#?wnj?#U2& zcz~=dHniCy{7h)7>9coO1j-Zjaiuof4754J^tE~2Qf^pj+MH|ll@^%D?OYaJz!(O* z&(P*DqD>ImtaXsxYmSh)oz!MO4xM-gQG0QJ0cU8yZX1s5-geU2t-+lX7wn$5q1qMf z-lA%?i+!`Bi^!Mk`aZkUIE>6hzABI(2gu4GuJv-EpBw68r)#q-hJ>_fjg6(=9UDlU zY`23A?d{LH+Bt_D<*;KMaib&2A1JNxG=lm9{(RS=Wx9e@~zN55o)oM@a=xKdiqn~SFqCZz3 z;!2zB*m4_|*+1WEe?^uyInk{SyTlQSnRhtFkZ=EB;>J{LMKQsQHcrWw)wa0vV(qe# z&~u@r2qt+j)XNaT#SjvD-wH&~&qEP(%1#%-1o2CLA%aIC7@RG%-I1$8Y0s(S;kxSrey1@venhu>|7STnq`d-rE7lz&z&BkGeR&u zq)$T9q_Lscs1S?{{d_{`6Jf)mdgWS6W(qCyk1lI-Ho?2ly< zHAN7$C`HtMB&u*z2D|wC{FWiX?$Rtc;+c`s1kjP@wVCA+2w=GALUe9ahGKwW-<0jBHb;x3i-Uvh`kJy?2<+ z&8Ca9r7NM>;Sd}O{rs8`!xxHQN8;ET0DM-qB zKt6QI&p_TUkk6%%+vRHy3!zoix}Be{>^ot2oF7QyUOp=OX1;qZA8PYIyOW=@qR_yN zBe!xgZnx3K@OJsE!3%0o8w;2flE36bR#Ecey*}0*O;G67vz@9Qf(x9Bf@Tb8HPZy zZwV>%$U`ag%tI;M45TnG2PXQIKG_D}5d^gl1yUG=PmA=;OE-i$Ij|u|^n;GMFg{O6 zp(dn`M`V~Fkh|n2d)QX2lZo6t7m`Q z&Q-7EDOdBf+Fa`f3Y^}|b?)U#Gb8S}2#k$>Z z*KlGexDrDVT#ZrL-BB-Tu{A|dU6f%6yXy&^MN)ZgtM7}JL9|p)|K#|s?7;1{GPW4LDR^*-Yp;tZHyB?N$ zS8O0v*K^y|gSPcP?OZQsS4`O*Gj_%J?$}GRR2_?TjgFOi;j=m-2FrX_r{t^4iqYnm3*^zUSrK zG3|~IGtvUB$ubItHC$89LuvjO3mv2z1^CiI3clrwgJc1`}gK=jV%|xPNSIE6eYru8a;ekE3y;`APlgKD2*T2qXrj?CgpuQ=AB7>(;! zU5j&e#g*N0V^^H+jyD!t-5&9Jz2mHJVW!sGMSZPLN0P`4Bq`Jg-!#bbYIfd#vMCR)e*_s?6UyZ?uOyp?-c}ajw4kEI( zsW@%0e-MK!ev6HTu%kH8`qpBtWr@rVJ*Q`5Lbe)eU@&$JFWuLgNjD#_IL?C#>SmyKpbABGt)A51G;kIqlIf$?47ntjVOO zcSEFSWJ$p3Qo-p=M5|l7Y)!x^pVLtdVTI4>v=ViN;B=+nbZmfpJ^_a^ktYb``6=Yx zh@88o0bS5QncqN8E@u}sFgGO77H=isoZohB32bQ)u)V&4Y%5N_%4KNZh;(QK=n7@E z3AmStpzlK3)?kpd6E&HYOHeM-^)wyWVY@V>_fq~r} zE`@ES85$oV>~3;kcVvAjTJ)j}i#}KiwWUJi)9S;PgwXiHn7Rd#VXHu%SwA^C-YSK2 znaFbl@~V_YA1~GRCE#!(w4*FT<2z$;pe$g0H(I^4t<2qA2Aj%0+g*lS9z$B>g9&~h zp+3>G@BA>DW+3=O5L;khau!m)D17^*`G#`tYGAeYn5s4_bH1B0Gwe)CRS4 zNSmUlohnq>>|B8)UTKtMenvwW-7rJF*BT*-Ez1JthoEU%a->&9I{VmY4Vt(F?aEZ*c%(dl1%K*<%m5ng*~sKHnjp~RaoO2r7uh-l)>~yfqo|; zG1AyZu~Cg+WTT%?Xp|#o$^25ee6?Jm zC_beT4EI|+DucG=NwGkya&2aXGOt2i)>v8I7|$?uPqvp;C@U+Z6&31&3UFXNGQ{M_ zxC(7zg*BiTmZ{*w4%0?82{yLY(<{WK?q;6}1!rR^i*8#H|C$)a394?e+Sk%16$l{tr zFmRqkhO_0!K0J!8>rmLJONFqgjg8?#6Jb$%6Y2%ThKo&5d|LwSo)yrxA_IH7z&@73 zepIgAYy$V1SXV02mpxY#aJwQ9-L(p|s7n>G^A&Ke;^$W@a`437p4mj6(?puxL|xd# zd))Zl-c6ua6KK^0EowNj=AT}SXi}Q8sOl!gotr?XCVJ;4YPSX%76p%R3R1^bBH`mI z(V{vvNeX3i1uV-XylWFAd~k!Hn=L@9u$xV-ObW%fsQndir2;K#PGeYBDMT`*fx1i} zFR#Q-Hab8)TLA|$k;e(-xhdqG0(n*AG>f`X0cZRcD;vOu#z9A0+gQ8XM0wOiZU3Uu z;YDFlT(;X+Djh4O>PoG9r6*%*RbATE*j?HfmNfo!Z)4{+iY7}O?A&RB>qU?bHK}*B z342)KTT6$=bX&tTYw4M%jjoSNrX}ccHj>GRN znrJ|)uHNM~_`NZ=?~yoGu3Fgp*y7iZKym{0^0 z_#pCKNN#^IOXJi`Y$xtS{CJ~ z;ff;*d>IN^9|<+m7a1#G@C73kgQv@6zlFptVoA1J zn3!cHgYBgZiQA$FBf&)j**=ot*T*A;UYK74k1ZI~`hNYxx>}3Ka7`fZVoA39nSeP^ z(*4SN1v0*llYE1zjj7$Ypal=zO#1Z$&EiWik4@TwVX5CipEVv-#IBlf#r)MRGtlg9 z7QM$9<~mK^>Y5i(jL2eNe5r-><4DN;fW^fk2T2AYj|3rINI=L0d`e_61`Mwo>K2-? z&1bQ@1yi}u>>#2}MP!&Jkb7B47BQ{Ix=iF6R0xbtAul&EEIKU4sOiif>W+&vAcB$^ z_yP(G^g4(6M;Euba)+mB^>fx&TFl;-tAs5tv7*Z@hWR>^90!L{qd*%aw0Z?S@8qiR zyzg+5TE%mMYCD7F-NN&JD&=`^g|6Yq%?zJ@ZyUzjLaS#TjI}FRzG0~CG1w|}@DTX| zMspVatSL4O&qTf~kRPUy2iRH<4{E$nCntS$?`lFHht@b)>RqvcRPDt4Alkp`?0id( z9CDSzu7SaZ54%}%47WaRQFoW2m8EMKvwQd&o{U71DM(bPhnpOpcG|Eelc?S<5;f8c zG`tkqEyVD=X&T;+FNXQ-j&Wg?&+ZIUU4_VewP1IAfPB%0BbmsP1oGzrG7+aj);cF` zpj9KhMr+0_GVU6>+?b|(f6g-dGLhyy}ccX zVHCRlB7MW@Vwe+x4ZdH$V>XNr3$54K>Uczk2?DuGc2etGu}&s(_iRKSnnGTP$kybn zv?1(Z2)6hwCfP7Ei{i1tk}Q3iAm?tj@m6$cSl<&?_lDX1Y}zU;&CGJgWx?32Pv>O4 zDVGTm%*~E2$YzV|ObeKVri1$fY$~(8g22zSlNNxdFtwQkE*1oC3J4_U1?z`0Sbq?L z9$CWRw`L3XFS35nR<8)wuL|TH*~tm2CJU;wGP{yMK9yp<74l?VPiK8Z7WDC3T*El> zS%C%I%F@P$l}TZBc8)S9M_Up$mWNH5x6g@o&e2EasH1Y&nlRlQmL6y2Ue1C`S%1?i z`;DY1T8E?U!fa%gZw*tj=xwLY8k8z+tMFy+6Mp^u!u!4`@V>XeqlrxK`%>Y3-;(m{ zUqsJfch+E20b!Hey|)&?V}1h{~;_g&m_% z9nEPM%|pk4CQG*q3-1-e-9qhNq53c<(=aZgt6B{HMYwY5SA@jg55%yz0H$XW`$!Pm zC6eqDWCBtW8C;a!Cl(gKHeU?gqcF9|AN(WgR78ep0=ZW-X&Ac;U|lA14Z7W6bbzdg zQzUCw>!NgR6xKw`Hb#qNX?`@iFv|87_{+GH1$1(5nn~OO?YcO`--V8Nwp%#j=jSGS z2_73<$#ldo6pr`}fg_%r6)ye*87}^NInXU4Y+`dRT=HG~`$Os_;o`q6khkR~h0!|# z?IRgBu~Q(QNV)i1M6}y^@E|W#8%ei`Yj|E5q4y$K>Nik@(v^sNF#;DNpIwXO%*|8g zwQ)P*7>Y<$b+%@Lhrq^)Uk*R;{=~z5>cN})b|N3P74P49n0=Q5TylO8op~==^1HGcl0%XiWemfI+r9j@1LcU70GX`8Va8s48_mc`- z0E(NWo1lwLm2?DLKY{dT#~}+}hL`0$2Tbh(ebZ0e>RqO?TB!q7K)OWpu2Q%{wX0OU zp4!wTw{rA2zOtuw!ne*zXH1}HT?vSs0Wcae%>J4nvZWdr=MbbIzlWJLdw&y;xxBXk zZsKb&-LWZ{@2aZ95tolJk@>bpQmku5uI~)o4!AdhzA4;Uh?_l{rY!|`0$>7fT<(uS zUn~u5U>vpf8OmY9QXJhIEnY>#^xfbm%?5N|i6q>}c`pt6X(#|)nn+tpQ|KGxji`TY zd=hulq7EIbp+gIQ#4^)=ezmFfQ`943?{gG)D4`Wrl4wkShgtQ~H({&A4rNzrhjI<~ zK82?;_CBo`U}ieB15Whv$BB9qk@+o-;@B4;4`R@bWgs6E$QM$`c;fb$W5Ofr zZgTGvZ0{ZrXl>E17Id-n2e_V>ZZr1=ga1R=cfhrkTzhBAl}6$UBmqKz5eQM_f=!n| z^eQ{+b-bJG?#sS>o0nwsl6^19CU5s8FJF>JF}OFd!GMi%Zy4Nr1Khy{7cefk+t|jv zpbLPys|2uQ$%$YNf#c%q=epo2>%$(uLrh95jJ>O%Y#4})m zCmZi6Oz@W>vg$5Pd>ctzsl+mrg*K?Z}G=83w?z(Nb`*4nSiX!3Mm z;Wa2hY>EaDQLJG=rGNwX*j|-{h)zu*I;&Bx z@D^8kho06ta4|#UD5*H40$f}Y=|xG33s_h~D9knBBk|)OiOyjs9QI*5-DfzHAmD{n zsa+ol*jV}%e*Nu){XXoRGDwO{d(`ZJuR|eh4@|buc3;gFU$)uz>s`LESP0{VUeCOR1G@C{I(AN{ zJ*_vRqHLH9;_zYFNf&TR$4=^mQ##rS+nM^?5&Hph^gdU|1Fnvf zPN6G&*+gHr&!mG3ecdH=5l9sH)Ts_>{HXP1>wN(seZH(j&z12=O-uBEkWxJ$Z&bOEIh0sQaKWq;0^_{5ehY)D}^jf9Ztx?(t~C}_paLhWLoU4P_)F3y`XF2CvuIW^1knkp$6@{pt2ldAa%pD31 zPOS97%nm&b(maCcYtYv(f}B|4eMn(&`m|s+HCQ_?SZEC%>cn-z?Tg9A!~SxK-^8cZkpyW`~rOd#lj5Wveq*np=h33eF62ZPvlcflusfyyfV zo$qx6NTpvE(yvE39>lH(0bc42Y;y?5%VK}J8Thg-A@K3k1Uq}GAlB~Ax0dr=?c#eF z_^P%W`r+kv5W65z?C@tTE~V@;sO|@oC&3&q`tAN4FPDPY(;)UN2=H<@hyj&?K=f8a zfP|MOLosSa9-yJIr-JdZ;7`@TlHmbUZ>g|ieE+!a(f{@G~iQ2FiB@njC}8^8iC%0DBoA^aap2KJL)yg>RS69t0DTib0@+mrhaP zJv6$D`kIS6+1CLL`Erm$Uo)s5H1_(lE`NYVT>u0&a%jx)rK^B1s~-g4%Je{oa!>fP zeeQhAz?;JsIQf!Yz*p56&<`5j{;XZ1SOfiNfb)A<7ofTtNO}S#Xf*nAXq@tAxBS^{ ze}Kkie+ELh4v3@Ao0BYzX<^)^udCXl=h)T|E-kmRyBpG^y4i$XX$t{7RN ziL2&bAT5M&E>>iMujaZlu5Eb;t8wSt!#O{9ah??-z;tScNmXL(kB$k0*mR>)EfatM z6&sBOM)oe`=cUGe-N^LN^tqv|CRAG%3g|c&>Ty2QiH@0}0ka^4CsddfN-GDsqXW7w zN*j6P*%}^sRvzjYcRNDZA$L(LU>eDmxZ=Z_A>dEH(HVIr4K&>$>~RR7W1ErflT@&7 z5Z%XBu%D}7g){D~H-ueu=UdPDZg=rL1AJA7jQ!B@B81(MC=P?`%cX`kqv}m4DKbgu z08bZ4a4&=v8`(G`pyO2t11bgC9K?16N$5CcEJi1c${LgRT$8@WMCO__M?xKg%mkyO zyrL-x&~auE?UZDxRta^OPL2S@Oo;%++z)f~sOwB@iOCHekN9l6Fxc6n)`IUqKNI3e zzFV+qFtHZ+hgeZKTM)s~F)f%bh=5>^g%PkeT@vp2a1NT-c6ZJbAT)+mx;Sqz2@vPC zCPK9&tUo%I2eZa7CpwmcC}>fbu`Z0w5BvGjuzm(fV|e;rh^YzJt_ufrybPE3g`2QK zgyC3?wuTSd5ze-U3p>K;ZeZ8n5NUuHLOZz{&VU-cw>yP>Yhn-Gh26!4J>nAfHmD)! zf>R9=K1#z_O&H+gN*KE_hDE+ zd_Y?vQV~qmN5Sl+QxUQ!VX7q&WMzb8h&+VBl(M;DY;71@7Y6uP5yqB=!5&aR;FE%2*sFk3d5Bjm;qh|%B(c@#!VhQY^E zIt)IZTh73*`oV0zJLg```IU?FoWa6$pdO~0IHW&9o`kVi&QLEl1qjgiA)0YRSn-gr zpA7cV$uN31XSn~I);LOd-BlqX+zo6p?=eb${^6d6E-r_#$hUe z@GyOqM5uEv{B0y`+h9RQcZ2xyJrGahyT}}@? zb7e4lJ{T}_cnCW!siirbo(8_29m4=KTb+Dg4`%n>`R?F+TU~s6fUkeo5JlS%(mKQ$ z57#!t<1xfG4q6+`q7!`}y3E!GL+3B3!^W%7GG2CUue=x}E7FiST$oian~uDW8t3L*hckKLln zW<;_jksMCf%JU~oL^a;* zgp(s;65NL~oe`645>TKLv!=+*3e8_nFgtr3k;wrx#e>sJ2eXpFex-vU2@0kQKn<*V zh<>JtBds4`)()$4e$=xk?5=b1>>>MkH493q09A)WHQyy=^PDer5gPUcc1 zdm0IV*#W_qQo}cx=mFr%4h{hmWtEffy-0T1oo@r@yVJ>+oCUtBR&&2jrZ1A+l_=Uw z?4+yhN6o5tgUPrd(je4o;u1W85L`1T1u{8+9B(5bjm_3D2L4z_#NBCgDLMn;h4d;2 z?S_T7k@_x^bCZ3UkI+Hr*5QDJZNotw^P(IB#HFF^RpsGAgW;a z`w+XEQK3>emF#vD1wHp4fE4EeVYCDyx#XoIKpD53BG(UN^M|=9qnC^P$|dp~kSB1m zTa4K9VQl9xu8h}FtVW6vn_#9jz}a)|2vEj5C+Fs2Y@<8pA|4|)(-kAu0GxfX_kt)G z47Lqp$A$skmO^-zL{n`h;|DW{AEv4$QDJz??lNBy|5qAHxSPy zf6F7qE<5A777u5Y!`&2fjmL96cE)p&8PJ%3;+Xy@sTyR+=DCyew&85GJLf*m8G=e3PJ*Swg?TY-VT`JBM1Pc258**@j*ZRLK!9eC(3Fi} zGe>+gXGA}gEQlVxDVlAJW{aZ%B`we-DQs?U^m~-7iVkgvW~-xR4bjk9xTB;Fuul(x z$nwK6pp4bgj!)*naCX&QxoiVI&&L+91$cb!&u# zlIjs`s`RL52)pmnRxfBvLdo3`#%m+k)e*mVFhV^Y+9yTL&4`gu@-#a1MYK43gbO9F zhbZ7%cA;ctpwJjWTlqpn8()ZMbS@Y?V(hy6g26hzV9?}RFz9B0l6L1pgd<(aJ;sU^ zTrtf`c3E1AI0~_^d@14zUy9i0xzA0<8DQ+6#w z^e6x&R~4E|3U*QP%?*Xq_wK{Ig!{@&hzfhB)II{H;R>eo2cH{({{jxf1{w6XB6_L} zc%fv^mBI@peFgnve{&YH3qXnu*v2lOC4xGhJB8k+fJG3ukEV|cJ<+v|eJMz!uX1jX zmqwaq1&90Li|-ELt6Ht>H`1I} zuwxQMgTOW_op${iSheyXH$3=Aqg^fVk)}hz?kHHV0?gT~3I>`|ks2ARlS$_6dSxNn zq~t4g!5cjslVDh>lFBJo@NF7<1iD+2;f+F=LFiRjM37(OixUSt9Y*XV6?-GPDdeyx z2;SvdM0f^^2>M&j#R&&KN>!{z#qn|0lf9IdCvGtM(hIDPJ};Q&TyQQ=)Tvmx%8m0S z&iTHJ^Awd(tY#C`syC|s_$W}o>WWhx1wepasWdNC?78aewj)Y6~Sw#t6w++a(C4tE;PrwpRh)A!Db#}3 zSL3FTZoZ^&*SVx1p9KDE{Tt^}g##be8rG=c_<$|mQ+>Ef`b0X_2R@l;K46?ZbaLLH zVawb(KjEBVAb>d?d5TNN=;}k8Mto?bJ)@hV-eAIZS z!?w*;-r8CSy5jg4bl02R^A@o3zBhf~4FP@*-~0ma0BH}qu-Ka}gE-6neMkkskM0J+ z<$EAMnre}Aqy7yIES0#aWGU3aHo62q!Bw))r=PWY57t7ofRV#mc3M(Mvx=VP3hD5H zK4hzt?`sXa@6MM;w6Rtf-yYzr>eBYZ$OPDjD^UOlFT0d-UaOkwL&|(4Yqd+oF;b*u zm0C7O3mBQMWuPq;IpE3KJSB`=)E1*F+FYz$@1xq_#FgpK#7E{fQrY?5FJprczI$1!u`BJ*(Hl)Mm9F zR&<`|Wt08c6n_!oK|&n3x#bto>&Nc+3B7(0`s$7w{)N!-e24c0zQg;Dvl$IKw!nRd z_dVVWh{<%ARn;J)eyVeax74?6;?e?c%KX?oX@B=5EuF{rch~wuM_Z_OsAsQ^ZFc87 z4*c4z+_i~&4e(Vh@au=0<2u$NQ7qK56@E??E%sBL)|0c4Cl`G53$z?JCv@zlj`ipO zHy3pb*13EMBsQ4kE#YRFUol$gmkX()^suV4$6wazFPs4t1!3b_y<;ru)j8-COS}O= zJG6AWB-2|gl*#F3zKC&!FJkNqb|7eifxU8HY&ggl8#-N!4Nv$Y#!crUhNG_;XJAzZ zj-WHa?76gzam}AT=gSx`_%g;h=Q2jEfz33yeX`x0^IaF`Nd}?N$V!c>SBCxwdg~9X zFi!Qng@qvW(x7=}U{4KSzc%#iYf3`WD?-@p5bXr;p-Bi*f>ZKj2s;&`IvK*(c|sP3 zumvH$)ggFxh_N<=%?k;b6A}bS@`Ux~kN|KiPYn^Kg}{b*cO(^nN1d+VTf|qw7ID?o z5XW}0NfiK%*1T`&k zZVC>Qq}%o)$0ZA_n40Na>YXjM)KnY2Qf{RgG@aRgTC#Y&fcL?qZi9a7=Y7KFq2-dm6GI9VmM3&+fagOYGq560NRvi5|Y*an8Bk;Xu&~ ze>OFMqo^&A-H}#2&iK+he8r=85UA&vbH$@9fR(r>={UhTUv_bR>n}VV#QFxQ?g#Wo z(Ia12uyLXY!t20O6ri~sz-|S6{UE@JBECBKGBCY#5Gxs^eH{pn+onPC=0Tr27JXg? z20&Eon?T_$EH(^Csqp|lZd%3jiB$7^B5$0c?g?P9LY$Xjzk0=k6_0l zgyRtu`XD!prWsb1=pC+mtCU2nH*7wrbT36WoM+VOLdx?y6@nwx`3z8yDD>hElXhv zD!8@(2AA+#hlFy-B2D!rtY7@XQOQ`{iAgLq+1ynHIPC3~n*FZ+vQUts5 z92M+<)Nk$;yyg{5Mot|p7lf&ZK+^dtnWtleJ9o8#9_ApnU0^^yU*=TATp*<97&*^m zSk)z$pOqUhz=5IpG7Th|Eth@0PzD~^)gUhS$nxCK4pxhi{(u0fl{W|iY?|I23#!=? zi#ErKWw;P6kA}o;OJWSmW5iWM-99EoHTVZ<3lztDW8tT`H`WttpU09Hv9Nv!rwONoBtuo74oh2?vbrXioNCRQEa{6sK z>}j^}BHL?wj$v1h>~xO2BS(ChttiMrYqJW`hOC5DS;mGeOm$S;Ie<%jnsC~KzOn+F z*H-k(3Mwf@y@`ICtx}q@0xNrG(Z06e=a!t;7WT^G*JnYuECIb1cE=+0TIl^4cd5E# zL8|ddz-~ekYqHY4R#-cInOKZoC!)#Lu|AGiq;-jGNh0qX-^M8J#Igsmv@n({WpAiZ z?MWN+fqYFqYRs2jP+hLyojetow;3Dq*!n#0HFfn-HGDmX!lBw$3UeoIccATt+vS5SQL#G^*Rf> zlTd>0C1l)6bd0Bq6If*eSHgp6#f2DlC5AqZ=1SOP6d)Dh%sgOFmWO8MLES~DD97(W zE;*R1Jdmq6mh^e&4t3Atq_ughJ(r!zRh-OKcjTh!IS@sdlQA(T zbV`oY;u?2KHYr1>6lrBLkj_a)mB~swQ6Y?j*&9B>kl%G}~H;=2-3JNsd;-_){Clnk;OWMKL~}O^K%$ zP4Y`7VWlTMX9o`F?dY6cQg>UP-)uXnuq$WVJuB>x9CBZt@nD{KEYrR6U0G21O-|Zl zXY=hI3+;*pcKu>I>dGrc=kx3*^NbyNQj@O_pgff&)OgYhT<-2YgR~bblKVD zIx8!;@)zA3r|61j-SPB(9DmX4!i1%sbj3(uv2r9@F;Z%Eb-v$aJGo+4UbZW)*oW~n zNmcpAx%uLvEcbSoWkdbjIq{B>?4e!$#4f1y#Us_v>}Yj7986&sQdoBiEE69};o5^#?e*yd4k!?$MZwfkRG$h)$!4g48zn%(0|uaAgH^xU z>RJIb3u93`h<=8Pev^ydn?|p4(Yw>+7Y2w9`Hx@?o;^;3<2atB$+5^&z}y1r-V~_m zIZ(UTbkCx{YjM`J)GYiBT}&-OH+Zw3@@Ds?(}%oez3K8h>F&*535)6U9e-Gm!B(e} zHR-+%i|Z*U?gejGamK*f`mFkwu6C^(EOZjODg_wSr=V3S5_ab%L!ylfHhjs3F52id zn|7J)gB>=u-NshhV7>5=&ADE9*!F(CaIGzLgN?1X$u`*N<^(r{DV8RJjK_Et$5Y_! z5R3{_NNEbh@E=Iv@SPF?*5+M_r@q%FOiY1;MIP87u8Vbg!ww%NIgJ_Y06vkxo+h!k zNf7bAGm-5|gv1Bs5u^ghQD-uQzb7Yiq+YNYF4@GZ?lQ0wi9#}6n+h_lOGRr_rB7s` z4Vrm11>Z`fo2{{aW?aKO1LYV$mW!gZ7FPPifmg71sU8X zcJ&r$=4oCaeMw0&8hq@mb0cE^}9k;e3jC zaR9@k7NN$2c5-9*Of2f;#&9V*7@grr1#l?F&=w;?a+v-?cY+r`OH?-6boAI*TD;?WFmhhf~5R)zMaN$CrArx}|a#&P=q>OINAT`(cJar`0< zJ?F-85$cI?rg^v(Yv_#?@4Fkg9^KqP9uHP0o)8Z|#R+hxoB|anMo5W$?TKRq+m! z@l-53AQ{bd!xgaLT{eO)8qTqJ!ysH!(Hd^~&IR)@TlyHLWM)G8g)GvYrM!?O>(27w zo9`!P8mDB6|dum})XZYcr+MaWs_1TR{q9L*uM)suZBCSRCDOBr;+q7;xJ0xOEZ;5h&Q0%I6AU{N#NF-|G;4tM zf7;1;oJnNmi9$u9S68Cpe4^}eB7Kr5RwgQH6Vb8wLUh8xr#-=8FiweQ?<6bw%m~H4 zXm&W7o|CNT+7RIetOs!`xFd(nhyq8a8+PRbQm=O{MhpzB~s_hdOh6{ATOJD|kMcgGtRTG;}tcCHmyT7zn>Y@XGx+UndL zKiL{I&B~@)g=tngGu9nF1>C?|!P%}%Vppy72DhqfEQP4n0?ASvt%?RKTWuY@&Kfq) z>YR2YvR28$UL32K8OJK(=rV3$3$W3(!jrahllVkFYIj)J&AFqnetJHaFz9R^>&nxf z%EQO<3>|swbe`XdJg0=aa|4=lSyQgOIhP(9U@&jtmiA@N_DVjh$)~mXAmPbe=rwae z!kc-D8+q({Uc~LZu=d>0Qx2p1syh$yM5b`Zi%#ZqkttS&QIo}QKPo|Q6JQJVt3<=w zM6qzdY~ukpwW~NmwUr&Q$d6kT$1Lg-7Bo2#+*pZ!ooI0woqH1)3~pc=%!pCEiD5;t z5V^y@s1Bnr#gne*_VR{2w4R&Vg=le(->qEIo2$H&tLV-BHSA)}F)qvzR}3(i=VU-6_R}3;}{o#@m2&f(?zgNwvPP zW?_9(GHp&)HYF>Xlbt)L-z5bXC5t8T?s#~@ZO?g}L9LCQOqO>fD^4e?&m^PiNhPQ( zDHnQth0Iu)?7+eaE88d8pSAId$q8&m0$mW#TYoJ~Sm;SRxe0k@B= zZ`_AE*2{;>+1$%g5vO%{j1V~J#>Z5lNii8Ev4$zJB82(&A7UBgE!(d`r_;a|O!K${ z))nc^P-Ed@`o~wG&$sf*E~FVRrHMBOjB*`(jC{w($bw8MMHeJ(hSBj!TE?BU@Ov;a zM#0%O1891axpQScALi=fp=Hx!=cBS%)$F*jbK;yWtBeb-juYp(4{dA;A1F3*x=r!@ zTDB~<3ayOISQ2Nbj}sdQ(9{kGpAjm_C`1!7JZiF_WplHjWz#c1E`z>YYT48biUZ;tM#1#wA2>Wv-78*%U8s9WW5`#A&phQ=dra*S?mxDzraN2?J|ILTFRG z;b6Sj>Q1THHUj#3v^Enw8krskvZ0j+v!RvSv&Qa%-dH&`n@-CP=6h;VpkaWP;QfD^3{z0UHO zo(qbZk*nt}z>=JgC*+`4S;n_nVo92tl;SfO^iWq0NLiOF+nh_cXv_sE*W`kf+C*=VaY1%9TAYm@=75Y_a%IPI<;NX7mSl%DWQ!XI@K~HKOcd#E z7{u_NB+z1`WdT}eQEjx2-C`BqS@}}$#|N#r#ro5OR7_D%<6%cAmT<&%{5U)*R!}9PzaKpvCs`;qERBclchOv+Wmis?e1j<+41l z<$3yLd1QH>PgjodJPdl!`a1*Y&t?dRM7k0DC3sUZw0?G8RE^1F*Cj*sFO%hc$uOf7_(r4T;2p{0?g1lyLjnlU$?4D7;O&cg52^i!lB!T! zlCs?9HOr8Y541LA9NLiLaR9t27N@A+C0jmk6aIwOr-CV# z>Tw91G30PMd!9!6(zy4C9ZF}1!TCa4;ldB%lPZQYLU|73aojc2#a%OJ)7kiRGASL> zsKB{PDeOTCD@kRgsjzbTMsi8DS;^KU#jYelsZc?Bhj#GYoZ`Nli~qwX)nV12cKL3~ z1`D5~$DoC0DIOEKXp_<nB?OhZbs6gc{gY!+kifQ_w5!CMrR_$sy41*~UKMPN8y_OJkP9TcSpR`vW@H{2BFGYMafKe}Z*v#hGsNmReeGB7LYS5$<^$Hi4 zm8l@g_*7$AsyN$)4@c%1HqI&(deCLueq7G&&dQkis5(Y9FZSa)=w)qEs5E4;lS82N zqS)Z2vEqsWw&Wb{#AxF5&2jK8aJK~?w%3FGxhW?-9gl55q=^rlv>CNEa&y_%TYkAES}`G1j=O z(FNeaSe!0}s?JY0E(B{9x}dcK=<0038<8I1mgPZik#3G%gto=1cE)|S2Zq%QXPZsD z%`I`k`{Tqz?pCIXXBeiJIsKJ*-FIz136^O`tkmYyaUtj9#Eb59?C5ZC)}Xauoo>kR zIKZvbgWNjZp83%(7*G4RSyK4UjEFrM;(-BH=O%8cUgVbQC6}ez4wmYv45`(}GK?o2 z*6QT}bjMSKnJRjf+nd+8wR$pc5$cFjb;W;n9!8XmRSB#<0Rll*C(wojKd$tP@u64Z z#p~|2Cp*Qh);FBXTW+#$^}4)9OBP8A-DbTv0O8!VuWc?pY9U4m*+;%D5~ zi@?OqHf*!V+AZ`1n44j*5*4q(;8g%1Au^GowTZzS62;8}%+IBK5`K*HJkCv6tzIL2 z3rz_%Xm0{c{>v?3AfC0z9$M%l;2MMtt%-&ciQ?%2eD+Fa?AGjJv?JT&7&l{&=fV)( zlJn7i7KDNY|Hg`HW!lg-O4sT$`)S^;MkKcED`BV zZiV)6JGK+-*s~VZ1?$*LR*tA71_S%5ByLZRcx1(Qt?>`65wKOm8hpbl-Wp((p5Yd4 zAvbG^lKbK6F<7+EEcT`(?vja}kc5kqETu`oPpyX6R`J~c9{1veS)QmouLM=(d92{3 z%}P7yZC?IIb@@)c-N|RY`KmjTk(;nCAFs|&UXwqRqWO7Y3-iPk1B{(H+}LU2W^S_` zf}^C4Ee|@jyitXAE>QfzeB6?6*`FW0HqW@hVeGcJ^AOi%!43s_lAEiitl*JsNvuQr z6IF*SW81i~JJTvJv;I`FHZ8$NEn@osV|5QVc5iX&+x?B*b71UtCn^_Ny%t+Fi>zd^ z_2Vv!;gUtXI)MH}EI4-1{hU(tD959O8~dgC@Ws8%9s8OayG?oW=DeRm?y4MPUyfKf zz|4QZP2DQ+W#Q_4=QlPv7lyf9<;gs+Q+b+`dE`{yk4thxCjc+#X)6cNmu3pvJ?MRI ztUchy-o>Q(=t`3Mdh$m-;7PDG+SnQ!eClg$@^!G10gf8*CnSeGNfw_EFxhT!qi;G4 z-gpKqyTJ0Em-J;7CRd?x$?(A+v3VV}Nsgk4Hp2{?SUzC!q$p9S^F-_I1!$Aq;}AFb z4v+G|!p@On_KXy0FduEkk75%>fiM$C$tR8C!h}(@&u%e?6n1 z`}c{3bTz2UUV+ZrQ?YW%D6gf!8zSkTy>?@dUA*s3&$@GjyZS+e(XbBf46oWYg3XKN zfnMW=>SYwsrWo>1V3XCx%4f&I0^E#PHa(W^*O8+TDM}ad<&?#-tUZRDih;Mnqm!zD z*<8rx4!+HSYh|@V_49^0SLQkbgv# zr=Q*L2J`#O?;i5|#BWtV)CW-uJ^eoLtMQDoN7YGB7CMUMlEQ?tf@=$5V^HZ|F zJ9pddF@zq!CCWE&oI7}TCp(Whh82CNG?Pt5&eON2A-dRyT=pjEg6wB+V4jUV=KAnO zK@)?Vz0-Zza9))T?$!82VlS*vd&yOp%HW7;3Q6&qT@`AP;_u`A2zR(i5a~d{=F_1tgmXk?x05jIW86uR5N(L>^`!dEnx1e1T zX}y;k2*=CSQ{*s{*e#|1!HU)(ENe7$Uy(GwDG$BEj@ONF@Cm{QL{{fv0EqtpWtA{K@oFl1|64 zEZl`uCh=RLg`4#*x;bklNa9dIH;D!|!Fp`NwD28$>$EpYP$9Z*dh8 z473P=U}H%J+$@F|B`;p{+pOVAknT)2;A(rEtOx1NDlo4mrH96n$I76i)%Qee~<|H z|2MVW#~Qqv-~S6PcW;R9E8{psbacW1s{bTeYP&wu)a+>fJR}6u>%0taN?yR{;Wds2 zQuF@~VjVp-a@zKG%P zWKut7yea!p{3x82Ai|?^2Rm15;3yp=<_;@EHs1DC?rj`?6s5ku4MGj2D^Q9x{S$Ro z?0%H#{t~4(6~7H-y9v7ui6103pj-njMR+df{$1OwpXH}HqZo zG(SrJd@2S8{ZO?VWcw)PXZ=}m6pTmYpVYZOPWj?-KY=-FA=de?>XDz={^ccq@U7#s z`A(|O(tr7i*Wmn~IK_XGRJHx5Xc(!j_T1W#1Sj8k$R7xl0P)S3z&!Ob!a7O zgr|SO^WC+$5Ph%~+4xwe1-!{~rbo=-;>g?+n(U4|fB2VXSo_NCFvG z{{*xP^tTq-Hz3jNWokGO#d!T#;7@S7-Gst$8tCHimkwZZ;9ss8nb?#Zz z0FO8Vr6+%fk*^#2?enM!okR9+H0Bn9@oKa%MxApBjk$x?!NV(P%v}Vd)Cd7ak!xto zeJCp0Z=jDJqVWii;dgt`n8#At+i1*FUN)NF?L|L+j=G@iJv8_}7c@d9)ORRk954gFChOpI2aR zhHOIhoY!hBLXS}kPZs0P8{rQfJ&e|Ip6lU6FC862lGXN=_}i^GL2a+c-)`qW8$k7& z@xKZ1Xbt}RZhmVWK7-a``v&~?7WngnP51`di0xaTt()=4Z8+-?PH}wy-;g5IhJW9R z!G>aMm%K^(mo+m7Mu&iA?>+uHFoEZPs^ z)RX*fJiM#?!#Mpk-T-&oa7rh>>nwW|+q$H($8qYp_hnDu^b1niQ#j=!UI#=S*mfBg z!7pcU%2nykS!}zGi!u37{lR%`yNNpx`IFk-jcvCuSQHkNh{neAgPndE!z=8<1=VP=u|MI?p(7#@9zf2+)@AXy8XRC9=SnHyC#$y(x|noHtW z^{1*OSu31Wbwt|;R6hcSzmn=&NNlSeREtUcdU*5!Jo*a%Ntv~j*w&I&l7!2Nelv_f zUyxtZe@Ij-N#a&0`ztPEJ;~Tk_z?9=`ga_Qz7n$aO(o*IednMEe+?uW~#uf#)|!`a`k}asBp?_~*cTCx7@A zhtX|fdrICR{IAN~UZQ;kD%!%I{RV=Gm09;l`b#I_0}}tvjqnk%y>SvgA=+Y^M%VG# zf%rm1=xJ;>W{`dn4y6y_7y;E1|EX8ebFbWFQPCf2AM2Z_Qg`n@DXiC=~F~ z!d^fVrqg6vg-9%zf1HN|tRk8?la7I|jyHK6^(lukg?wCe2vACGGwCEulGOGIG@+6+ zz#!e1`1i`JNi=mf?ZWss%G@bbTLaHB=g^EwDtk{o4d&EURQl{@(4_fLB5f|ssF6xY zZ7748!#uiLs(cppT?8dy<{Rj&yn@;m&|T74H-}o6Q44K$=rj=^l3q=%OJKkw@oM{A z`T*5Xdo38SE9md*=`zg<&`dqtT}y*$1$d%1A?T{0gV~7X8==f9yn&|RN!X(RdEP`g z7k`F>TIg`uU-wWu3=yCE|Gtre?<9$u@xxN(4}JiyW2DDw^sm%|fSZRhOb`{+O1T35 zQZhspYEMz+t(JLF$f+S}sYdIQ{6bI2jjUge( zY)}L-gDfZ@L<}NG9wHB}MZo&AP_6MNVaX;I7HRrfgf{$lW)?}!G*UK1J9sA=rXBj* z;hLzdXpa#iVzn{R@g&YCUKKYaQJx?NVtFD>&{$#XZZb_GR%-E2k=vyEDb%J(W2q#A zrUN`vbFx@wApBQm(M)rWA^UfEEH@DTEAwcs*>1@H*{DxOj`_g*ho%qNXbS(8AJWnC z9|e#3*+-v@9rI)Fk4>MjpHTR({Dl5Q{#o#+Kl|y}e?tEp^7)7V$NOidpOY`>&pp0S z{(}As{gvUDU;O%$FUS1G`(LeJk>846d4LNm^mnqa=^y<6WccG3-+b~PWB$|UTLun2 z=YLH8OZ=;d1rq*e^ItS@SN>=Gmq_RD;-Aq!LjP|5hvM(-AF{v47NAf5drT4XDMXRu zkXVeA@WGWJFlG(o(f^r*KADKdOhG=AQ3%W@rh?-UiBpks2J)PaXc-EfiGDr{eO8Xf zR3M+(C=!O>N~Ekt@+zd7iwrgBXSL{)dFaP=$Y(xc3lUq;?~2JHBrZnUMM$|2nHC`P zLZp$NiwjWbQUpseIA96VFGp+{Vk;3NiY16GMKbUOfzK88C#$9VBG^XtC}I^d*CWL$ z#OjeJ+(EVm^x10k<2A^q5wUfMt?hTkWIYl$AaOlXu0s)Pk$D}`NYBN!NVfs8^(bHy z8nqGSZ$Y7(;Y?68NV*1XMt|CdJhvi`Z3udmuXe!JV)XS6q}`7GWf%HvC;IUovfB>qWl`F90y8Iz2{(4C61nh72wsMgJqSt01WU-RE0mBiw!mS^IEK)hjn$>G#{Jmux37H zby%E_Eeo-B0cMLK6${o&SGE+AhhcFk7MEb%Vr*W7&5N;S5icVy!hzCL@8#IE469c{ z)@?Yy87r2-Az@gy49iwx%?e0Rhrd~YKdi@wRrrertX_?EYp|&io7Z4XBOD`##YSvd zhqY@l+W;9tv0l2eO&Ctp6*pmVBi3!e=JnXT0c+OtGU9q1C_VMwf=!!o^cJkx495jv z*=A_vHfZHm{NWC4*p5Hnh1EN;ZVxu?#^ya(vm4UPU~xCLG-GWOoO}++6|r8rvi+Ft z!{UC(0fcpXabycN@5P!HUPf%efzng&gV=Ncs}Ey#2!m9@ z1Lr@$Nsd_T#JUb_K8?*CSaX_}5#jf)=%@)2&tv5|?0p`~ z&SBJzjTbQM#y`J+<1b;uMf`^=SbZ7mu3^(vY`%syu-0=8!$H878(4c?TKBn$^|1PL z6SLcp_!*10A>}F7_29^x*xZ9PaK8tOH*r`mR^pJmSoQ#pSjA#5R@}j=M-Zfe)lXoP zA0GS&D;~nxh*r!m9zAnY9$3yAg|*1g51H`x3ZYu@lO;u}1yh)Df*A&G|H3JEJBvO+ix z5wtLlD2s_tDKV4~*#sgRPvDNCn4n3-IFYbPe@t8_Nh;z%$L_9&n zcA`5@B90OBaiTfK%ZTv%DI$G4CrR`vqBu#|DIz=R&`1YSohF_gM17i|Gepx#*ctM5 zC&@fZOkLzR=ZVKT63|Ud7l^r=Xf6=eO~ebtdWmQ+5_W~K%S10-*)_th5)tMkSBdTl zFEdfahDwWJcl#TiR`(g1CKt!UJ}wr6fcRokLX_#^qPde zBJ4H!@)a5RmKffU-xN@fcSKi2&4tulL^Xww%a4kMG;SP)IT0&`Y%^3ZUD*WKTuj9Y zR2)zJOR1@ZnoFssgqIOZXrS~|HHn%gQuP$buR`^csA3|86;atlDw{%$lPQ}*e>Iu< zO`~KgRZgRdsnj}yhD@iQmQjzHbkHnnDyQaIR8vmbEGm{$YX#NLhD0p<^f|qBWm4{6 zv6^bDsBR85RZ{aDs;T5<#7a7BE|vO_8X671)j*hNty>w;u5R^g1 zdMd7>{wt|z1vRgvFz10X;tCqw;HZB!)x&CkBUQuSt6`%xm93_}>!@xmoQO@oUQ5+$ zXh0*)+CV+lQ{5(N+DOftsAeOaa74w8G;s^nZl-J-Wm~CUy0RT`tOXT!Q0;bV-bPJZ z`Bk%(ml3zpKOC++g4Da}T~x7?vRzcRlgjo`&2Gx}&~J9rp?fK7p}x)3 zyNQn6Pd)Zg-9c(PK+OlK<^W{}sd#`U9;Vtul(j)ZGpd)a>?j<^K*gg}dxVv18OG{mqV3*)f`Ug38NYVM|*3%rbYfd)!X zy{}NyWvaf$n|+qbxs<}$pHTum}s=h%zuT#$(lwPNw_fYjss=G~1 zx2X9x)!d@&HWhDCOE1;lfn=w!S)1ymD|-OBWU2Uos_s+WJsNqJn(tA~U0z0n-ycz_ z>v>3{A5jHlS$afe4<)b-c|tXhA%Q#n<}ro9fPkm;r!T12bE@m3rkB**M>Q`g>!adJ zn)8}!UqN~g2$ZIJ>B{-GM2h55(yp!bxAyLu_cG_4bIv*EOp0R86myPZ&iPgMP+q@x-Z}5b zJ9D}k0~88Cp#T)n-Bqd;RgaCzkBrPiBm2nk9)>vTp-~v6TIIBA8FkxGXid}Q)GVV= zPFWdcZD?_83T^0@t?3KxsMeN}cGPG~;~nU`?J0Di(4LA;v{pyjunVn>uPt<;tTS!g zjmoYx=s`2xX|@OTx>M*uRd-t2i~2n&^r6t3rXvXbDD%pJoS8uRnzW zRAIOe#dkYM#on|8L%pBm3PVS)|yRUoJT9qr7(}OxwO#&s^-&R5zQ>5*+tY_NMR9G3+by%sE;WsN}63oy_FPJQMHmjy)4J0rL+V?OT(OODGhm4a}Cv3Q?iEA z)wIew>aC@)j()wCy5G|0*V6{y(V`9XSDUE4kp^36W;4xhq26W+Td3Mh>u;m}Rth^P zY^Ui6!Y&FssoF)=P8#f>+3hsDgL>OT9JQV1MXB*UG_#w!`_POSP4A)RZVG!S+fCU% z>g}blkN$Bl9ZL4og74{P2dO+jgTu7SA(}l*y+afZQ+0^eJxcu}6pm9kM$-|5lN3%+ zb&{$RG&oMH9i!Rf)H@d9C=8#b(U3VsOHNbs6ou22ouci?S=x`Bp}oj?T6m8B><20@ z(BKlSa*<{)QSTy!OH^H?b+1tWGKFgtuF`Y_!}qwZQ+0!?>omAVt6inpYt*|M;;5@M zFG`KyqM4i2y+h$PP2ZyCO$xUtyGhv{T6~+r9s1R6Y~?*#aF>4efXe$cctoo_q}fN* zdr09CRS#+1R?L5lLySQgOGgmeFlfzG8>U*bpqy1JW7%@%l`+IoWh^gBjkjZ&wydNb zGutv~$5>m|igaN8NqdIhUb2FY?6WRRc4k30R;4S;c4J;w2HlwI%IfxDes>1F81!W6 z2ts6AO!Z-^Hw${PYCT!D7xQ|CII1Vhi&EqLSf(#?2QcW*(*2m(mq9!ltidSek7O{0!DyC_ zAdF)$mZ@>*%asLVSY|ZKj$z*D5J!z>PfuXc!aJUoU}!vp35<iXEARkgIP??WOe5-e>Q`8Xhe;rBM1u^ z%x7u=Q}bCck5!w?vh$cXH^fmGUc@5FTF6QkF>@h9P*p24?Ft!MSWWBvvPn;2|l=?KCW z2Ai4M!qjFKY+~7sEW3$$8$%q0;cdA}Y-J_en7Ng~HpaF_Tu?ih*v=~KVg)-H+ry0A z3}ejgjO=3-_A=PV{$(#~OZKyZ@7b>pGI@Xnhgs$j%N}OlAqIz;I>hQ8W&RNc#~B=B z=?KC}1}B(0$PF_ssl#!s`%DdwJKaE7H%GxHRK(~O;B>@4%n zFgVNpc!vG+c{Ey=xxnBD=3iji53EuYPF-NxORUmG2A3GU$XZ-s_GK1aW0|WgdyRQl z8C+xPDyx5k`PUiTVsMkCBM5gG+-B+yQ@2@gi)C-J>@DWq3~>~O@ioCvPq@oU?lJQ& z!`BAc-5ir1FnOP;N6dT3;1T=7Lsr^~n~xc^;?*9rqH7Ui=%}^(Tkfs`7itM%Dwp~{kYwi2LpJfKhF-} zUVrpn$5nq`e-QTvau~v4Fi%GihH)6m)iADx@?Z$h4(8b*+#4L?C=8F_5hsT8k`de- zjy69z8_vT)qegLSB)3O#cO)lcxHp=^82!)ji#hMTK7 ztl?~RjtA?wwU*oKxVx5dgTH}bqKJhPc+w{UMWhb>%f z<_)%Se=CO_9Jcdx1YsA4om}nW{!X6V!86-K=xq;i)OMa1rCNJS>^2`yQJ<7c! z9FB5zgx5RH{bL+Xax|xzjv$)Zgi~Cd=Kd+3J(d=13-IF9l&o7*-nt@7(%ZjKqpWgp`;xe1jUxOjY4h1oUAS6THXc9NM~r$4GOwK z^By3(Lw+yF^n`3L@OlFD0@V{5^Z~y&p#4uY2%3%{3;^g4Y5@5CA=?i!eM9J>xzK)~ z`a)imY7K(SKyZfu42JX|Fb4t*0yYrX5U4O1UMu0IKYL9}7 zBLPMM9SM!cfE*3MILM5J>^Sho0*nJS7V1p^e>}h>fQgWfAWQ+63~CDalOa0|GE+n7 zO$C?+YATdW%C&!D6q*?3WD}$IcO^5h{nJ6r0yPsV&w+y3(0m@qxezRXD)S+`0KEAC z3qZ|>x{JVH2(Tn{-=2;jpbze)pq7DJ3N@ENW-(-!fQQcAmw;Lfc~Pph0y4|NT?Mcb z(ksAR4zL1XIj~jWtpr#FU$2DM*FfXd0BgWs4f;ATw1V}(z5})aUfqO`8~`=}-3X1g zfZPnhHppy+>^AVw)%-S4TcO?#@V7_q-giP8oxbk`*aNT|)E@A6Lv|lz_J+_ycklZ^ z?S&F_`W{Nd&M1V~yMXO{!j1jNjqiaRL<6e@hkzXg;|Mf34h6@c`AP6jKyVr|ryzS8 zJoHF&8q_JMe-`{R0OtYDK{|r)1Hc7PKY+Rbwa!E49AwXfcP_+H=O8aiwJt&CBDhxo zeTk$mfq4-CUDjL#b_Kl409WAa%kcU&XnYmm8u(X%-T+-|dK2Il_%}hj1&yO{>L!po zQ1Ldv9iX?N(LIoNA$S1Q?nCwgc<9^a0jT>>_YwFH0njbUV@O93%1tOURk^9k%$jY? zOlvdS#`Id7(8g34Ze>OsdJH8Pdi*43I9_^@c4lj$Nv&l^Q|n}Yq7`;F-|c3~u4d4~ z%yc)iJxs5=2|Y~J-K^Kk^n04n$AsQyI)c#8gubTgXZn53Y#%ezJA@v(HR)rj-ez8u zY7Hl-(-VKZ=eZ-%s&n^Um0S)I@p9Era#zJ!%RNZtTVza z7;eG{lMXi-Ov;H{KA8Wz{6ULkA2*M;2CYoxJsV17W zrkI(@W_F6{p_}+Aro!-q92dr$B^Vn2BxjBb(~t{OO)7Z&E|7V zIok~8nc2B!cAn{>L-~28nrqfwVEXe-K-WDB&2$7|i3y8MwZv45&6EJ+3!qmg9+c6YJ*vKlj(0XVGH_YG1CzQbpNx} zRNG9o)vUS0%xpKaJ4|o82|G-M;Vn5{Y&J_UwE0QS94~euFLs(@j~U->ruUfoZqwUm z7VI^f?>FW5W^mA~cEHRYG`#~R95mGdv+iNjKNPtEI%1}ehHjJKxCzHhb=COQZ@8M+B#r_JJ1CY(0EJY~Lq)@*#n zgtMl9##HA`e$H(0gPDIJbUj2bn2j!(@}il4#mrnbvsX;-vI$pAb=hoi&GfIDaKnV_ zW;%j!%Y>Vzx@Gz|&FmdBb326IZ4>U8>b6;OBgc#DQRsS@lU+AMUUVh*%rbJ<6c0@2 zzL|bt>i5k`kIdqSX7g4;J~o4Lku4M1a^aN;C>N?s)NLdD)&klIXe-hYgbo7Q3)MlW z_M&Dxk!dTk?S$7h#8GWUUX*He5}A&|?INJFNOwYyOaeLy=qOkh;dK_!MSR^^L+AhQ7}Mc`itxU;q@0VK&bwr!64xe6fi`< zV3Ces=rn4mP{V{jRAfhp%z$Bq2in>#TKUu&u z0aHaff-pnCbfM6})O1m0n#fEQ*=fR?8sey_A}>m{W{J#9;m!$*nk(E{!kj5!mVlXp z%@H1Y6`CWyo-N*3AR5mPJq)Gh3wxeO%oQIk5{ZQ(SRyiuMRtks77JJ+)M8P8nedki zSRr7!NJlVqDYjCmRYI*4wbqEtYLQ(dyww8M2!-JlBAPmvixLbif08p4j{amFzQC|n zxZjG3>%|A(3AsT8n?z=#$ZiteMgg0I+9>L65&mWY+XQSC=?KCO0o#SzA^hzkyG>-a zhS1v@;;5}6FG{s`iOf#n?h&wCq<0B(r+{68?G$W}DBdk#kN9f0cy*t6XD=F75U^K> z{i4?QqTxYN`GA0ff*lZz4-0un1V=^Yh{zrl-Vp&ug*qbY9T)yF0Vf5V5a|fQX#uB% zIxYNDB70I~PK3}q5#p#5qS;viXGA)J4bF-xXGFNUy(y0aEps&kvIRKnX)643_B#!Y~O#r5Yyv zp)xx}W(J4Q8yw=O!7?vOwMNLyaOsYcFjA&RNOQP^5t0p;Y?SmyN*E>oI8wegMm8NS zVT|-g%b8@HtTaMybLDE%tV=;B)y3eCP_6>)}12#$r7eXm@3l|gc%a1 zOEp8P>9Xc5nVBiGv!pju!YrvUJPjTC;S4cVmSAY=lbqqO=tAbmGBR6sCG%v_T-khq zl=Ee>}wcl(0yug|hAv=`WVBOu|x`jv%a%uw1GY(poNSER&g~GP_KAOG6yB zROUsg)+(7!iO{P9xvSit8nO zE9rXK>^mtp$Y7JqY?Rqe(%UFulT;gJy)Dw;EMc33tuh@!*dYP^5AKlucA4EJGdn}* z?Ub-fs-3cATdwU}qtMncC)+A>ZQp}!-z~e4eX?M$Y`$N{zn8&5nK>Y{2c>sF!a=DH z$ohw+e@Mbn2}fi)f^b}-TSIkRs$;U&QJFa+vqzBfL)V|=4B60&+>@=zUD@J+wC>Ai9?61-vUw{dAIqRzWy@5yTzO>*%9Scp zb=xSvwSsmE+NyK}p@V|L z?W-CMP_n-Y2C2+Il^vwKfeHpGHBi+ZqWr-MhA9}T(h-Ca3Wh5+LRrIAjZrEyQe{Ue zZ=`}zN?~{yI(EciF;tacXy}uiIi8HcH{M38(sAg>v0%JnlN6n(-kPF{CadPtl$@%9 z87eznWoIaFx`G)>O;>eiDSxJdISOX0bOd3Zg1Jh~Q);fNIY(t?tLz-*%?@$YY?T+K zS_@QWzH%2SSg6tqlsR9)0tNFGTco^&3Kpra7pm8nsK$#GEK&Yq)pD7FrOH~SbglAo z1uIl?xzbjs;wW5kxq5Dus<=|YDn(bSMr)K@t%7x``dXD;r@XZa)+x1C)%{la>lJ*b zV1r6W5H=~;sMIErZBQi`+VCW2j!)Z=Pg~VHJCv$u7sQ|?IxCsg{lGLI=ZuHcwrCzW?X!AbS?3HADE z)%cWx)5<@k)LF&PsDC=IDxOntUeR-^(GN;qP{AdYxu~+2ly_0VC8aK^=dURLvVv<0 zuBvnd;f8|iO5ITYb(OuPGB-o$-BfT(shg_gT8_A@o{@II6Xk7o}PqtW0~$MaP>Rt#k*=Y;Qpai?z2{C(G+-K_}~v9j#Zo zSg&@rpo`^qw%+Y#L08M^X7R4pTRp72?iTd0Xm_hoFH82c^7~ks-d47c<)O39K9=fj zHRxygeJvPZL4PY9K^TNy04+7h@&{VkAy#H^2tD-SImA+ft&#y&G>-a5q5fe`*5Ar; zWSE7I0Ij!1Sk7?krBPPFNUQl6OOCdJaaMM$l^th!V=WkGsj*hw36_uk6DL_P(Mm@U zrdTl9Qd2B7*~0e;N&Yme`cx}B&GM#NFwIg^t%3-{on&PuT17J~m>%XgCx(zsv|gNL znKP~QEX$f{>9ef&W?I<@r}hksPq+9C%b0FCbF9Q{E0||x=33c#mN(aed6t@M)n8!w z^DS6p!9pt?L0DqJVoNQt)Z$!imRXslR(6@?Ewx~orIuPX7g=^VpDeUW7Fp)PFgIIh z6|S)Oa;s#O<*l?}mG$*X%UxqtTy4Fz&f;q=vd&UyZFRl%?srzf2J7`r7TahUn=G}_ z`ecjMpKP|?*=7}QwMutbe7i+vbI{5h zuzq{k;)g797_r-sBi6get%74#=}C*7u#A(II$?c!8nI7V@0_)Y&se4BEq=}-=Ofw| ztamS2#TTv8D;B$K8CNWI*?RGsHJDtr-nn5FU$=gH%i=dJax22VZKdv6`dv%hv*=x` z`U9)rzE%3j;twrA*Q<{$yOqrzTcq4>P0H+N+t``bc8hj4Z)=lwcG&LrcB+%DceF(( zn|8FTcd?5*+i!KVc~={H*tENC_pn)aoAko`J?&@v*j0PmpZBwQUz_xc^7pq>gKR*9 z%{Cim8$<0EM%V?z?Kei*e54IyY&zO@#@Pj9Z8pI+#@qfF+Z=6^Np@Q@(SCl4T{PKl zG0o;vZJ1$Gtzf3j=Aa#1+nZsV(`_;j(dOFq7TCq}?b1ayUueS;n=ZDUWp=?*o2{_< za$7C2&BZoZg*yg*iwL5LH$9`Wc+-o=AZ}abMvOj9?0XuaVEfu_S z#D=4G{D`d`wVOrZ)DfE;w<{jA;keC@*^N%x{DcjsZFI%F79DI>$3)F?+E>4;H|J<@q@j8iGk?`+y@4I}B$;aE-|^4M|9-HK)I2W?#5+9hq!opCv7 z>sIODYVBRp!8O{uekZqiM;AJ|(9soL+*+O8hTYuCU0vwrvaW999xm_hR_NvGJ>94J zxV3t__+YG;YxQ=^Nk1&0ulwo%x1hgUI>_Y%T`~v@C?kX2D#KiDs7r>q#!%NE;l4H8 zg%K_ccf}~T)=2loF>cXl7sj}3wA*N$%g4IG1XmyL)|iA8C%Wzw_xZ{0bJN^{scz{E zmrr-e45ZtR%yj#bIc~vh_sw}Oo9i0$Ts7DIWP#hC%y;{cMQ*`D_pK!^U+j`4Q9YJo z$_lr5xm&u*W$3ASm8({|jn=pW$!d21S?3n7b$|P<%h$W)+lVn6+@WNXTd>i6bBoJ1 zyT%q*ZFWD|hE%p9{T*(>cK5AaF5l^rT@n4=n6l3;-s_g`ciH!@vENnSyNwPa{R2q< zuv>h{{q0egA92aii2gD6^OLTA!WAc7cEYW9+ATcgmY#L_85hpG^qgy-ciB0Y{D54z zfY&9r=%U-=ipwv%*X0eJ=M)KyLzOLS4Mh!ZAd?_u&>u*fXDlLFbHW@9_+DUo-x!@gFJJf zM@AsM;a(>)$}1k}m5%ZFXb;ADbgbu0@CwFzY?5b8^wc=d9P5!ONOLmMoaPlz^*){9 z@#!9!;f2%9Oz+D%7$}uK}6N>Mm9*UK*OD$Vy`fk)?ijTU))p$AJmW3k7V zA-Sbq(-oe%+=CU~Q_H<7tGuF>-n(l&zS<*ekYE{E>;3#&3>0qg;5*OX;A!7^1yMM) z!OL#)DsJ>(lgBrDjkb7vvj^KeW2?t^Am!~|(_Nmq(}P`JwVhs-JznMA-sk%~zSlGN zdnx=-_kj18!(PE5uk@(Lk9ct07W%s0z@x6CJP{I;aEKbExfi`x3lJNUf4 zPdfM^qdWRP>EaumebL1?JNr$#`NduR(jGoXchJ3j-qX+P<-0w7(#OZ%M*{u);=X?A z0H5{u^9K3D$w1#4;=e!Ge`%OsIMgp4;j`g>!%_Y~GSY7{#xEG{HyejJ$NF-D?~M18 zll+zw{YF##;>mvLG@niNtIR;$>3)-0e$|=&H*Tp*`=#Y^Ru*sACO(j~j+1ui zSiPWqoOOyD9peqU#EUw|n{|tqk*;ysBkpvMSMC*W*)vZ1#EW~!U+))3YW?GEP}~?8 ze_=?xcyPRQSey-we>@^ShzyUDQ6aU_aW*c_$Hrfn5U(;mUOFkxCdTuo#7C0Jacf%q z{i$&}Bd%*7&5Uca;-AfolR5Fi+40hOaW*&JZ~@i|pI?2rIIb;;f2xI7EY)-`tC{yYajS*!KHz>rwn8bYtHtAs@$UlqU+y5~XbttaakGc8Nix zZ9;TN#M>v*9TIx`gx4ui&@s`hOQJRDoRHlTPS-@xBk@7^gzA-$JrmXYB#L_{O8X^P z-$a!GiGielLJUg82PV>k68gY|HzZMIaN?U`2{ts5HzF~b3{P0267P>ps4)pXI#GXI zqHt`YbV7oSPc)o_xhE#Xl!P-mk)D#!CnqXSOB7B`G@F6n^-WL6SqW!mA~`4V!R&;Z zm*8^~B?}V8^An|u5^Q1Oqa~PoaY8IhI7<`hWeI(0B5y^aczL4Psze*IG9lL_oYje< zbqRlMqUpB@wm$LxcZnfnL&DvZsJJol!4|~YoRHfR&ejC%Na))W!L9`COu(*$+L?HD zPlBT_`+W(0Z{nN%Se@?^?!iRG1Bn)gG2fwtJeqKhB#MqF{9}oxCll;M;{DS|{Zzs| zo2Ymu@zMDNKbIiq6AI_Z3yG?i67OG3h%1TbFDIV8mMFZMD7}$j*AoqIVH<8H+&hWq zZzt;9OBCNtls-uC`w8*@bC!{ZiK?xVEgvUDdGh(PWW6@Y!q&;sc1hMY*|0-$FlnE3 zJ0+j*n5@$!S=>2U+AYbtCi8kEhm-C}t5>pR&tzZHCt27#S=ukj`X-wUNMdItdyzrO zqJha~Lz1YoB;~NAGc=hTk^EqI6782HtBp*Sj!Cl7$tvRzdu*}`nUE|VpZsQ0l1)tJ zO-YU>lato8BrgIQ`HqxG#ESj5awg73*Ps&9}XJInAB>BN& zq`fRzZE3P}MUpK~R#}DEE0Ok^Wbx|cH|vsYZ8Gm$q`f|AeV6>nhU9CTlIYOd*_1Rk zCSTZ+th_l{x-H4JCL8X+jN6lM?MhlZllAr_i*_fQ?ZdM6CguL5^L;XTFxm1z^6kS( zIFxh_CyhhN7mg;2k0eWvC)u%Nm6MqJMDnfEN$XVdnX}2_Gs$nxC)v4V-Va#zg`{;U z`IC!Db|s1P%+(~jkut&UF<_knq}e%O-2&(uwCE8OcMnQ?1*~WA zNuOXK=^c=M0aEK9ut9+_FsR)xF#85y4GD?|2c^RTHZ;f^5sW0m18Y?9{>b39F#(JY ztTBPEJu^1Y#s$xf4XRHF3daYflL9s|XgCFFP7dCfhBTj>9%wUy`qP8LSwX?fpxKXzPOdYlFgXgW~nUe|{IR4ME|iU<9|C2c^3LwliqB z2lMX^#J<4U8+iKyeQ(fme^Bs!(ClE)jvNT&;lMc*B##E~9|_d)fFBF~;bc&JA}Bo_ zuv0;mvzYr#AkGKQxxhOg=;wkDe+VjH2)?-#u!}+7m0&oz9Jtql53UAHZUk^WaBc+r zdhp7vpvujl^iIHT2MzBbjl02H4+7_Y@Y188;9=0LRjL(v9LVyNQWy|O zXq$4{rFh%aYaLR>?Ne`dO0kZqkGrJ$k8KQ-FYz%c7@cy*q>RxiIWEP= zrkrspV{FP8m69V<#)K3fA3|e%Y9o0L>PoD_CW0T4uhS-_@PX*$lsheDOijs2DLFBv zrljQLl$w#^(?e)XPt`&EhO<&NXQrl+St)a7Dm^Q;naoU)IjI+Cr(jNs&Q2xgq|&of z6SO%ge3Uyg6|Z4Y$fOIvG~+MFGmkGH-%m|Jk(XCko-OJ>s zG5qGba;CUeWm-I#R8ALHtX!$MxUyUP(->N1&4_9YEh_p#l1iDPT7|SSKBP8XE_^gW z8dks+o`qJBsX_5uCQ>z>O;9RG%}TY4pLdO)=Bm1hkRok_Mm`Da`>9b$tFQeluPWZq zs%p<_`C6fectwV*tukV%-}p2Z!DF#u zScdiyVPV=>qBX&H91Zdzmi1nL(t^BawJ453?E+e9B#G_P(%4`zlF%_Il$6-or-sdo zax{NIDr=R|KqNM=wiXc62(fY(@2WWXt5Yp4qJ?- zOe3!NS~VRjXDA)*fa-vkZ&ahX%4y>3r+!~82A{^d=>^#Ssv%c2tu~s?L^@RsN5_}~ zb-qU8+KZ%V*sDzqhoDIc`ZCnkq}hciCJ`%bINDS_7Q>Q> z_OAp84pkj%Qa^TFPiQ{zVzCr9#fzPP^7o$3H4?*@&`d&N<%T|0C$HjHzbGF%QUIOA zx)~uxI0G!g8Gx)H?s9BTNhxv_J>wB{*NA`LZLIM>2Y(XA(@YTZf70J1e&_xL>r-mH zuA$dEjhRv9Dx(o2j105lP|9Tu**QUvSZGBs$JG4cDE1|5jo5!xM`O6Y;cHKux{!fh zm{C%52-uXNp;kf@G;Y~U%Nn*};``_}T7|8M?8L(Z%{A<#D_mXG{4mGBFY$Z+6B>D2 zGh?w0MEd|0JRBC7SUt28*-yu2&LG3kLKKeXh7ru0P8!Eb>Y~I?K~W^tqRYj&A==X# zZ<+TKfpX(weQ@F-0?>-IpVF!@@~8Bl^HR|S^t1HO^KAJi_k+f{Iy}%wgHWXEY9DH~ zv@DLI3R)wrnwE4BA#EhIf!Ke!0+C16&{=ymWN~Ax+7)~bbUBO> z7Y}HN9^bDq#%lH$#G<3M`ow6X>17%i`Z$e_#i5R?4O$!4KFsJ<0-RurakiqYu$EDq zqNsXas=p>5VM)P%9~o~PY34AhKi!8SDew^bwCv{OcO3nG{wLAh0XFIMs)wx1bU z{SQ&6)PKT*m+-S{6b$;^w4Q{y%Jg+Mi;1^&|FKZx}Hrj3w*07hNPkrDNs{c9Q1sqQ!oHh z<~AEx}XqN^N!d1J*HS;%d1iVKIOXciXV5(N|4^Bbct(O%KeEY`nkj|egd zGt>)>>a4}Y50ODp>zG3wR{sfuUZNvHPQ8cI*_Y4!jC|?i701i|S;JV#G!olyR6sk> zRErx9erV_z4zB6Zg!r4BmEc;&YdXeMz>-nUzAn>#Prj~-SB>cY&#{sVdhCYL3~SW{ zr%1p_pK8^NYDf!V>Z@FLe~L>^b+lSMhmfCz?ReXGQ~NC*f^tl+gvb+cc!@8c`dLBj zjrU`FaCmA3qLLt$ay6-qixp1IMVcVh5w8a+=}umZO)xSz;$Fz1Jdc${l&5h5!fH{RypVZ>$+60GJINdAqPAJouNwbUk(LxzBt{TR3x`_Qp8f^wO z*WT3L{t?!A?gg|O6sj>#k!P{Y=kR()tMLC4R@hwvsbUi=X^#wC3d1R^BTiwpV@9

      -A>@@j))D7@9VmX% zXQKspOV-NOrHh74^^rAoaV^67Z6!u^Z4{xHTnV{98mEeC+CO4t8sJ5YJkk-Z_Tk(V z#0>pIyJa#qLesAj`xNonYwco(MuwP)i zH2O~koI>!G9jZ_U{YUzR_&oc?lYhGWT>DDLIm4CNSgej=>z}coXzz0T6IN+8_E1CQ zJTA?M!*E`FfuJ&m(@~aWF|HYQT2a-)cx<2cO0Jh`AP%-8WmM4pn2~zVZc!^>R_N4^o)f4PxsbXhBI}p*HWIOyAqf4}v zh~|WzRJ&Y%CDsnFL3-5ur9`bDXq`-3L0~Cii*i)w=cq3Dk;Ys?XAu#Z?)e)lW)cmJ zhCQJ=1u4$JYfX;o8KTY;w0MVlF`OanWRB{w9M$7LQawWGK_Vh!IDeyhfM{q;^9j{G zNO3=2DC>2dYBA%VVwdz3&cv2pHOIdsDohrN2QofoG)KIW+I14KJ9_g_!^uP5Jg?F@(@+SR?u^&y6pc;Rs!z!M zH!!SC!@Y!w0*c*T3;X`3>{IQXur_Id5XL~In+52Yj@ zE2W9|YPCql#)UEASbdiGVGEwZ!Hok-l)PD|T5OR~fJbuSkO-v>n_I;w30qwO0SD9q3gQZ!sK11$|sN5$Fr(9Jr!`!vcN+WFEbhBZe-7dWXWX{cafTAowr zf>Z1Yr;@82oRG9eVvxRr7d$J6m-A9qQ(twU89u{wt4 zSUDDlGp8^Fiq)5I;HsGSv%**>T7c_?i&|tpEr`Wx8n5aFq1aVJu^UA{&dFrW+^DLG zTa2o)ag?H{UD4KRmo;)l6PIzKgI^|zfZ-Y zpKDPqHVY%G{kS=LAxEl~;bQ^e644Hq2($=oMzBS9(lBOB)??rDXHb#SaT?HZB4LC= z5xON&xKx^+o{+{XnvGm|k472>(|UyN3kq?!{i~d+@wQeI+0cMiggTmMB2pUX{d>p^ zv^>>MACCK<&;Zp_F|>hbr>w37hvG&OyT#uDkEcPbvT3ghs(S^t+7`Gcz|D+!yOkp@ z+oMTMY-`B*ReCu2#A1^P+UX2+0`xFoVp>BquGbnDnpU_Nqo6U=rkS8fJT$SjSL?2! zdT>XJ^@65a02IF^%tKX9(`uo}f-#yHu7zS07LY>vAEMrdBOE_6v0OzeR2E`^x(v@>*+AM;BBqpH@X*9*tRh}fgh5s4GXP*40DU$v%{MwVW z8o4xF`)VRdbQZHkPZy@zlk^`_6=H47QXD70Mn+X&=%#f%$E`Wog4hc{$FJUIx%zER zNAu=G96HzuhBz?TDIUf3kz5XO^y{2V{4s;`w+w@wG33AX|B=JEK9nah%RpEE9~}t{ zbm=r;8krsDk^i?s20L#>C9tT3OjH7334_) z`Gt5z`+TH%-Z@8RI6gawB)-EB99S}>j_ z6h(UnTmt~;tEgJqEL_ki&BvKU;@W`66(?lpolP>ZaD7uCAU%T za6Jc8hqrKvV`#fDW9c>^9v&t6M5`Rv6X-@qy(TFhiGZqss|!dZ&T3K;5ESSYBsoE^ zSWPR;Yfth$9kol8(>P6_=nfK~0G<%z#*&g0^>7N<4CafSg+D?T>oVdIA6er$# z#*0K4af(UkF;YK^CmU7poFIcbSBG#LwSr8|4SuZ=z8 z4rSzTIFOf;a2Uj5KS#1P!^lD;_8VM!3S&D&B6d>XFgNU2D@kKrq>D>JEAsqbKZp&I z1=!~@+$4r-)JwTN16@|2>?%9y4~3*ev-1P9|iw$p@J=^Bwx+V5yws z4waf14bXE-bX1eC4Z{Y#jrvPX@=K)vay@Gp7r1ggJGi)Ztr;REab}`jSy*0E^q!dxBhz?jJs!(zZU|C`d=l$m|H#%ccEp~WChRk77KMEro@&h^ z)5$-_zO_G$7VdEI{simuWa~cv$(H>WMsv-f82PMGITYBCuMPhCdh9F`&qMS`Tr{m= zPFkMB>W9QzX*bZd3TdUy*B>MEjF$tIY!c)p&+}L(r-5O#1yv4s5~7#%wDShpOniX~ zM0FgOXkqtn_iEAq${O?IT7FW+^%{UGwn#c!OGxN{N&Z6rlD5q8VlTm+xq5Qhs9rS0 zaAoY@l{$GhWD-tA^|a2K_8(f7*Aey6U1&9}zFve1NCm0ze4Te(W$DaUJJSuYrkwOU#Qj?q<7 z(K?L88fiuNNC25Pg8Vrecv;LWaJKy{cG5xBbe%)_T=Jj=KdYe{rmT=20r6C>&Du-PiaZU@z~06(Ki;pnEsrWR{@IBS|FZz z3JOHZszI&aqyiq)woseNXBwDj{g}QeUdThm|5eS>ij04k;8((q#|@mW;T#E>L^X!b zSpJ0b{#WSAE_B7(Bn&^}zKn{Hr7_{;vDXa^kN<$x0SAu`6?zotfZKxRS_Lb_$5Uc~yH3H@~lH zO;I3zElceB+Skr80u|Z2#($w=_3LC^5@I9arwnx3beR}W>uoI*h$iz%W75RJE7|z@ z*eI_O`Z}wE{O7o;QFQ%AQOls{Uk!L=JR}r(6qR&0VOP@Ae)Z>b;!=pU8$(D*C^B!M zNpFo&OsQnl(stqToENG1FXB;Fx$g^fR4t#JU?owipPXO`Hy_h``997`rv4a4}SBZY6Lo7aB3;KQd|7X0+-F>bXg3bg@hfKjt1e>z>Wc((gw&3Xx?_Gwfe z!s{iR6f?-cBvuIkWn{RB6OucBt^pi&ntYgn35pg+wD=m+q7&LPe5WY=(? zafq9WX<>siF{8K@H6I(9@aQuYizST)u~;qz2VoI;CuTIbV-(#s-oaLvJXeR5@H$mX zyqH!4Ie|-EjbT&{rLX7O-URjaIG(BFK~lX~tg?Y~e-16zv-ni(E$v@W(})hDpVt4w z!0HIM8FG6CE`1UEim`#Yey9z`#~Lh0^`y~8zUCm8y@)K@kow873;)f=kaNc(5f2=j_hcx zRU~)}gXco8g-`$9#;1SAhqxj7DAp=eBJqR?Pl{1igso?;AK@QtaWV zu)#P>eTY-sN7#!cFJoV@SU)6yXS7Z6urX#EFT@s*M3WC1KM~pn$jopyMOn!jy(*7Cb(_?V?A z_7=zS{lCAk!%K#dI=DTIMhd*aMeKt@90)D2I)673-uO}SyOAFSy%mZ1Z^XJ#KT#Fe zvM242|E>K7dgn%cH1@knn*J&M6+VT?{lLcOcz9riBRIUI#tm+W7m(Wp+H4YX{Yge# z65cPY5kvQRF*G|KK9$J*gcE-%C%GS^@M9;ugKPCuC<{g3gy{c<#nz2&A_*4Y(0A_Lw=ZvR7_x_H8E7g&MPrK=1npIid(Z^ydnMH=g= z74*@9OW3 zF*pg(Po;~`%+VV?m%=b}1!(qBa)BHn#3u<*op21T!P+GeRB~OS)40n5W!L)7JJ61 zs^y1@3r;~;mpt6_3Zs%?@=R3T!(40R5j^xU=4!EBi0)t3^6_E1=9d$vAwGk}9Z_Z6 ztVh2_!jyoAJK?DB8a4!H+Bfmk$JYB3#=?`VGZd^q z+|J=-;I>SC;IO=ZO8p}EH2g)JF<$o2%_`gj3!eQw@Rrs_0+x*{! zG4{WuzP4Fj8A-Jv!JjJqpD6AxsXt>}XOij`dI8ACgOd=mZHQyDbYGGhKsh=S;#C>1+E2nEeuxvsXYmT-U&QP0aYEYR6~2^o=g$~By>Vo z6arF3se+1y2mz!f6lnqppftIJUIe9xsEE=<5JK<@g3_gn=J#Iv%tW}{>;2w8ey{U7 zyO*_BdDc@t&-1iY>&3RV)_O;^eQcxNneA@tDvz#?8sAeLQyJGjwmhLae*C2B#M0!p z-g1AnuV+eiAUoJLwLHB#ZT!sYjQs5Cto+>SoSvcTJSK?xb?yp(t&7g>em`@uyAZ|K zSWjOss&|T3FLGlq{)wpmQbfeU!1iB#K(zWCyH@2)N3F_-|{u!%ie6A@gD}+-;R^ z*-MI=k~N~pd8KN(23~4(W(cg=a$&wDzK!hwO2ZH;xQ1*uBnv>FN+N>Z>g3*DcXB~V zQv5z5gQGxbSx}IEM^tyM9h&ade|13wW1ta8~n?h`6j1 z!A>}_aKvKp2USK>FFLsrP?8`jh>1=$t|bM(SC8hKR*5T`28COjt8!{r*nTBOY14^N zCjdU}$&B637@S64o+9j2MFgc$#h_HpcNE-whd2f)dZ8Sh*_w|%+<;EtTghN6Eaaw3 zmSCby?8xw!_KPo(?K@X@nYOdLOL0rRFIK0q!C!2LeMgLX+j44r^}>!#-1&}d*`@jI z&xxX~k@~CBTOcJ2_>%N^>m@Q77_O5CY;~My7j}C1#ju;-3GR0awXr-W$ z`f)tHn+d&kXw9_1^@}iI5#|LQ1;D!cU1crXN=Fb1d#O3wI< zyGiDLQPNo#(Wet-Sb@XH3Jvb=?}g7>(pS#7aDOm}=%R{BhZ9OIR_kvi$!|3K!X&3t zw8%Cq81P87o3;AGqNvH4XGEzr+h!lu=%FZo6s0aTS^(R$xU=*T6PqP!@M>Eks4FSd z?d!AKpJ`E!Q~8&$ijfs1^9CZO@A_WQr}|YkK-U{cF+Uipl6qawh-VjOnN7u_V3WYD z7EACrnZ04M5~rl{NTb$_o$^GZ$*MM54LUHJb9o)QEV3}hiUERRIDkJx6eP>5STMl9 zL|vbWC_+#6{H1CKmDN_oEX7{IvSbnIrhMl!xi)7(vb)(&>>IQ>ON?9O0j>&*N~mSlvc1Dl&) zMJvsGI*%32yd%y0p{#eyKZvp&K#3bnq+wCJH9MwOyIAmM*`nBj#$lc1%(bd+?+&CO561Uqo8Mr0CYck5?N4~BFJAA8jb2I zH@t_AZB$7OgK_Q^AXs?ZCgiuQ!EJLGIIU$&7V=%o#gHx5m}6#S)&RFEN-$3z`UX2@ z4#a8>>oMDzW;GCX+J}-H`m}{vwI8y5#ywNO7JklYM`wR603SQ+MAlLs>3l%FgrQV8sAEE~S#-+haYPr(BEiFdy* z#myt{zK%43vh8gPS5DtN%~HSg&HwtO;fJ~t7@8XLQluCYGw))X&p)J{-)eoAHunKm z6FbUx+D)5jQr=ye93Juf*sDWm>FH$d754GTH^C8&%cCKKCZ6z7ql*|f`x&2wK zpV9g^I((F;L7X15rF8XgRgfCHX%4L*cTgDew`MYE9(isE$6e-&^3xg4b2>hN^p8H2csK0>vyHXg4ey zlhHRLD_dL2E0lSARF-ogc^o|-vA4$`Atp#TUfpr>$zQvu0?c90N@SSKtER(bx?g&*=4WO&(@BlGomer1R3O`e=^7Hp9kCZw0lA6fr zcu`M!QV(mNc1QQ>i)koMx>L;>)!B&!yj32eJv40e(h2fwsA3Zlp#Z~VpIvaK9Tn01 zrI|;?XjcY-L_-iL6 z%!bcQV1l_}GU{!s##tkNDp#Y9DlKA!DgFtZ5jsr%7WoKR7WMjmnHwx8gT*+Rp=Vl_ zA{lUvhQO4;c=3m)vkN7*j$Cs}JJKP|^QIQwQ-e^f zk`7yom@pMLB~AFsDV^zpVk0ds5+5}l7CwdL#TvpsUM-#jep-}N23a-)Z4gQ z2V49fOTBdw-QvefJ?aysp1ZN#*!q7fwe`ZfPW)J{1-4syQ)N!axd=tIyMskcR7_d> zL1Dby%fcUEBc;1XUA3UNr{hO5?xK6x3j9317k;H%?!dpRsV3Rk*%t~-3fqOYP+A_N z&zA1O%x(Y2=i55{>T2s11JcNr@qU^4qig`7Ut|ZK9YeXGw2Lhtl^R!vOSBaw`W%Is z&@9X%=V-B)NV~O`N9bEDO+0iNe9~e3i-+*oi)7{m)o^@=FhNjo;}W&iuax|D-OyrQ zyXr6ymbkTK$ABeyO_dd*n{cg@)s28L=yEBZa>E+y_(CyKk!l9yK4 zfnW!6j)82gW-+$jvn1f&9y-05y;Gk*=;OYE@GQMMWO#yfr|aA0NEgX92etrMg|m_; zJxZekG17 z9wr38;2dQO-{a)%RaM*sG8w$2LImfLexGCf#}NNA%gu!KfGCjuor-)|+|NYK2mV83 zz6(6?U`|>2Gajj{Z}7(6=39?o4ofSkpdM@9i+Nd0$dn-H7dYMW5Tw08r$z=BY+omK z*U^?j>`pdm3=Mz+Zk43S%#?uC-3hGZX9Ap1+%!iHH;N^rTR}&->s(=-ZeUlegmkyn z#a}0mSt}-GN>KOT0(HO=4O{MM&sf2{O3U5brH~} zEf7ZnTG3jLHK-$mydpolajpUnKzutPWhW-zTwLDdsO~T6_ed=Ms9N*2WeXZ z6TL<0n^hqE+myK#eR8d5Zt`(x~(VFM<1&vjkd$r{>SPH7#a-qNPWf5 z7=@Zd@Wl|EuOGr}4m#)=U5l*s3GM{zk}iybopiIMQNx7&+fACj7p;*_Llbesusr*r z(+_FOls=bP<(3#uuy|9TIIWq|sLcJYUq=mIRCsK==!7UU0v$E2FoTvV$U#27R1#kz z47ej_&?PU-{K?JE@Mg=YYWiqL!Dw2#!d+uCr4rJG^+7rGBykAit$j(bI9jsF;+Ic-Lb*aHctocROW}zAa||z+D)5`e;?_mB2DN= zh=Gp=vh+?g;oZoz0yM$P*qQ=0iYxq`NSYYI{SJaM8Fcor;+lo(LH;tELk={xFhPC> z{ul%2g_h0Vy>CjUv?V-55tgkkc9T;w?|ThyDLJU??u(Fxe;z^0efNQlFVFn}EsMf; zK)n=&X%P@_(;`?YogzFE@om=JzB{?z*|ZK24d*!uu_cvVgg2{0hj_6OdrOlc5yhpT za&bhn#A5hYC!K93V<5`LiWNPS6(+S}4V)s6v$2JuxS2JE3Gq%D-XVkg=^WV?eCIXa z`?Zw!S&Qcu4vVa_Fq5e;Uj)>UBWy2nGo_s}HyLz&qR%#|gqHWBGL-e@`U%14TdwQr z@=_2P^D?FN5-+dM(uWdg*Jki_mXK}+uZsIRD(C5kf(Bb1lj7O$SJd@Bx+{p6Z z6*Hi_$<&|A+xc>kTS|A$@nQ4R`XdV2oXN@SQXRR-dcde)X!)sjYCCxlDBhUDWH%3Nx zdI~#l2(1o}Q*wo}gaLq$yKSHD-?UHl`*Ob337K8^ipqR=Hfxc(&1V8TO&~qAHnHt% zgxn79Vku5P?tN0;C7IOZ)*+XVX9}AF?CArvKHk8>Nm zl(~E3emnaGB&3GsYD?Fk38if3M?HT301J?H85o?dMb zVSa2(r%p%%1H}4W&rRGDO)jP*4%Dvu^qDX=sd!V!nNv5OJ=N&bj3#+Y;(pJJdCgO= zdMaI-(~UaCgr^#{(&+a+@!r46@B^cs_4GPVUo>2XTv`H6f*D(e<5BF!8%y!&bDu0n z&ioy`KPB2&j`8}hUe{kd^|HqZ`-|sxgA$g0jyd&uGwWibF0w544c0mTRx_0Dn;)B? zVscE&CV(Z?_n6tuwL8q8 zT@N;U6&Q-A1$>U)0^fQ0ZGU1k6qcheh578v`Of3u z;FL*D^Tp}@XvF_6kTSKNR>0%|45M;5D_vK`C7HrOoLs2KhG7Vy#Q)Ukvc&LZG(Y{Q z#5@$p6--dPhnaM_d&q&A(zf=aXdwd+S%<7yC&n4+u@?3j7;sJpFu){ZN3-86vTV0O zk<0RLBC|f&+%ail4*7!blI-G1zx0|9)8^}}&S{c+c!^7@4*hFCxYut59Iq@uK2fnD zg~x-w{4=V#f87yk(sKYaY2M-A=Z}JbD^%YFCw|J$J?+bP?DeF?Ah`#nB*6z_)*t-r zGroL}GnF@dX1vE(aPD!xwX7;QG@}&q@XkV~i>pj9_JHP;ez%}c9)WHEyjM*wqd)E~ zzF@iRBb`NRne!9;IGjECpCYUbASptv(cL=iOnEJC>+HW*>p*bmCVudmLw~T9o)MJ=! zlC-b(O3al1lGf~d47!TudbYe*WLAZHShXHZ%i$2xFQQ~|9r3c?Sm&ER_#-mgFrSZ< zhC1dMd&Vkcs7Llg_Nif7np!q5g9SFC_i0}}<@04P;XB?g#p{0kzsP^c2RXwBVZE?V z8s4+=Uj&YI%Ei<~2!jTcl}Qy^iI{B04_{}6MaD39 z5;|#%m@#ZqjBH!!YOa;H|NRA5 zTOj3#nykiCD!9oRKD4=QpE6bc0@h^X;Ik*}>#S3dU61205jpMmHjnu>u*BWrQn&pP zU(BaKsqmI+*zU7ASZpSia|60!7I7yHwa@hQ<4>MJ@Zrp}VSyGXtP9PPB1vz7xe10C zP3@2IXlBa)=Fw-7Rm7%D`0pM*a_+x*eDl;#!t@2d^Kl(;`sA2^i4++yF#~A#cXPZZac~qd~+05);7?+GPM06=4-Av97&B-os^X1w$xW4GcoW;x0ALLH9fw@=>~s+&UQqbX`YoA$4&Z9!T~XGgUY zhR}0EwF--;id0@1{C(;~1rf}}+2q#HyDgNDh3*43t3>H{A^oRd(v%N|L=Ja`?#-bo znLKGO@a0RhQpg)a-329WUYl_3O(R$NH*ggkl~YDWZ71CYnHR<2 zvjZ95SoxaMoWdUv&U%5qQ7<&C?-24&LS8N850t!84ffM`3awVmLX z`If?EB5Id?%56>g$8qZBmQ3bgG~V5*3IHXqhZlgR0^x|Ou!+p(A3I_d19K5yjkgK2 zI&l_c%gBAyi;1n0(13V?QIj||Z#+`u$lRFw@SU2?gnxx8AeN2jmCLn~DQ2-pT9-cL zgpK<}_NNMy?(_a}KFq_b#AYc*ZtP1ywqIKYOcCJF=u zvWb-SR1*a!&)%Rz6Ep1$h%WIP5e%f=2+)$#BC2WkvB(w6Cob|2v(>I2%dXa9jn1db zYP$TXSPewCw0>lcFQyED6*VmbVB2A;{QB^G5~t_vY-G>X(sLKkHi*ZDAPgV7$}lXA zSR(h^c&v^6nf$j#RMJFbsQ~lTrLO!jnG3VyL6Vrlt|VS~DKalaZNv7PqHV`3WApdO z6!;Ft3pIXmb3YLwqbmo8f++NUWUs+XC0>y-wr`% zv*w^o%j}0z26$KHVfCzf$QmgwbTT*PX1aK@{ZtIe;!i~TiC)ji-UM{0W$Y5AbeXQ( zd5D!XUl?|b-xmnefjB%BxnzzU&800xF6luIcp23qaO9-|@QV7#62tZSneaI+*6Xp) zVI?Tx^PZJgTh*E6;OuDBc8U{Q%4bFfSOJn~Fh(2D151aMQ#KaJxXd%Th3G-x;E&hY z6Y#Asg1kUUjj6IV`3gp%vJ?+_-H&?W5pV3{o_Nd~`+F~F8FEn^+c z3HL8d8=iv;5YLuoj~13Ko+K9L6F?A7*`qyNOg47f{4EnEksB)MvL#(M(UxJl&5{oE zg3R2Tj74N7a2iSddTTm2%8i_=TMb*w6%|#&)?xF`4U*49Xzq3Pkc)`fmD+d2v4U_i z?V#+6^wbf(;*SK zv+0lXt(JliWY`MbZBk1iTO*dji!E2RMXEGTAH9e3qG(RwT0UgO_BCRBYJUvV<=k|+ zZ@Mh420B*S5z=HavmjSl$8u5T$~;oMV=ZTq1E4E#&eE|oXKHzp4o=o_r>^y$!V&LO zEsxXj3Jvo*f-QS<7+ZF&AgshjoZ-Q8FRNtVk^X1df%!3nq1g(snrB+C{wNWmOXxs0wR>AG~k8Y~Yzv7%I)CA&p zW%&SJZ4qfjNl3{<2+L>5%oFlCA=Zl{(&b&yoXMFIk;LAo+VQtUr#V+nlNSLPY}#ne z4n$Un>^tk|{QyhYX=m?L1Z$-ONpeF}75WEz{>eRituVHe6gL ztvAO3*htcZ^ZGfI^fl|xmC#!8P7()CZ zX~*Gu`yP5;n(=!dZ^jL2Gu}}AczHfuT_113)q=95%{tPA8*Atff@=Ci6K*lmf-7jt zk)pgJ#3i;UggR^X<0Dhd%QZ6d8s*T=ZYWpMk2Sl&{ij>yVLO>c9e}OjB`F+pXXkd& zgym|YuJFi1zjBB;v~&nV^k(8smaJwC#!)V^$OiO8DXiBvs>KR)HJ`D_S&;U4-e75q z9d$BTwkfu%@}6Cp9(*(=mC)5s$Iu4I+1fPr2u#?A=7kzyS_RAFwm3L*jRar)mINPi7Mwt`9I%t)Z)sw8e;HQ5!a+@-Fet1X!<0^D_$%NI9Wct}G+@?SQqCj+<*-py{XbgNrI_T_Y_lZtB?z+K_@ov!hjFhFBU#bomx#3YV z5h)p!xD9#L93@XSS&4y_Vj$D=qG;=A-IQ>2R>_Tl((wW;qQm`@o*7~vv3s5>#45;c zA(IWV<3m|$rwMIk5Q8Rd!YR%P0>{%b&fgO~&ee#qaw)HUQ2=4wl&@NLAR~E&^?^BX z&r)X6PIcWvsH&DqeOAj(^}Sk3nVu$*V7553q|YjOXP4x;rOJ6F27M*K_LKh+{#Tf5 z0XFsub9t$08zx+GYM4bUYYnrPVLMOD^~|sz$0l?}A~5gQG!zGF0nw6=rCd8fk*qqh zLKof%Vq*=)tHjnR0U_0tr6a`0nvt0V8QBy=fin)K3T#cROCDj;vflQ&6bbGkNjC6B zuFE~>5_G=HE%z{lg^$zi&i3+faY9O1X7c3|_pE02u|#Zwnxp_+_dD}h*%zPHeB}-+ z>4KALgL-OZaPd@PMSP|9puh(Ym*EG*;$MjtH>-9W;Tsn4;!}n#^;4bQ7>|82=i9!> zw^gt`aX%EzzIZHDZPGW91DY=%XPq?qojI%kM^3;npWUuMGwF!Tg`!To;i~Kpn~jI~ zC~9jOXa|neakS@&^Y-k?6uz9}Ero1~8=6O8vc>lDGLrxsZHQ#F2|SE;s)YW*xu9~Ld_;pUy-w!S zWna1+OqWyEVo4~x=Vg8?76d3ph1C zK)StTt=uP5xSD_y@?W)4K2B&HRU5jq_$@y2Xj>nJ1|oRv&}P*bswOvFHASlCYgEl> z$G=15vi8P#|Fv#%wr+N!ZY~p4$WKM(C&Jt&ikeC)SHgXo6|&MA8S!dYHf%>4ITl^i z8A5I9BL4S!lY?(kBfDn%;w(x^?rGLYw{w+HH%N7_fZ5o`JGvRy4UJF>Hi(+|11i8z z)XNe*NWD~0OIc`&Lwrf==Op@bnF2tc9~1I`*xz_qU?@Rp2MLo7!~HyZTLI_y>Ea#dT)r@v!eW(h;t3g(A!>>t0!|- zGST>WzE~y@J#$O>aSp|DIFF0QAX~PeUs^1_iBjuU`p5RPeU0vM4NmqpjFyY~SCnzRAoM0c?<%JmoJeD9 z6kYK;(Ysb0m?;o#`*byd3Ap=5676l(i=BjWGtpy6qMKnQ?e?fvXD)j<{yJscO#0*Md2qf ztwT-CHUMxiTpd}Vw21zmC#TeNHI0nbM(aePr#`kV&mIBg5p_E7soQyK=U^2xwRARh zW~#cXtcIQYQ(uwFS|_GUrU?fLQ55{6FqCiPB<8M!#twGU^*VdtUv=W z-?!jzy;HNIzsBp&w`J%DoX)iFNJE`lIebvq4s46!V80%*B`A4qXd24V!=My>LxA4dbwo>bDS8ppl7@oHEO|x zn(%_@q@~!bZ>uStQvm0PM&DM`t0Ii*qs^$zWgj8x3+SjyrJa#yXUc=A@%hd?2g6BK z`zDu*371{R$iD^j&T@L+vo#D%S;?2};%vJ(*KHEZU9FbzP9c9OB#J5mD+3*cZ#`2G zX_6;zS=gktJq2FQ6Gq`~5mi zfVoF>{c+uoFst9ug>|}36>=Y&XP(fIjkk31O&bjAT8+O1o!;9??dWe0=e*SHR69a_ z#hm1-bF@55hjug_>rNHkJG%V79*6ZdMp-cHM{d?e)7R!sx4eINfOU)sUGZ}_xlgN~ z>5`kj#SQWNGr?ThR*8$_T=B@pa|LZ4cY9Y7zMW2*JmH%4ZXar}O;tH;D>U*8ta(bP z0CXG(IZKEzR-Gc$sY0boII**YLcNRso_WmGe{{_s-0X|4xL>wj@27=&%aw1sC0D=V z*8fT&6_-2@fF^v{)epJhy>4=k8=mLFFrVUvCtw(fwt&{yZuFO=Nrx_w&P{f3xMnwR zia8WK-}%CQh%jb02K_wRe5u5t@>qdm^`JRfc-+2_6dBIhQtjbf8fP+JWWXYVVIN;Y z0UUVNO-+j1#*q~SzRx+9h$a#NCU@o+A{4KK7 zzE!zXn67ewaHoRC7<5*P`ZTvxsY-FStewGZ)TJ7#;?->S2CG3njoU1FR~XD#oQLP5 zWnlJk1|?$DcOh=zlx!Y~$pnnN1HqXgiV%v64wJ_-3TN1#+w!khdpxJadbQe5S970J ze8st8=3+A)Ke-D2qam}U$@Nz>%yC|~yNlefhKsVDVpO;&sk)!XkkJQ8nIlWic6`K; zJbf!O>Pg67^2iy7dAygd_DPq~>-Gbl$Y%b+2Lw2l5nt4O-!uQ| zRbKLlf`hKy0`2uFMgyfhQ@PbzBMzd9n6G~#^}PcSt*<>)wG82D{9DF3z-=+Vd z^godLBU%2wQWvV|defu{_`xy5nuhQ$GPN}X+XT@;6D)qrMi+zw9J<*F@uX}$UXm1Ys7rFi#E6_| zgvAK0zbF8B@jWcbUKxXRRIMCPW(^~Y%E(70Or4y$asET+rkIpW{1^YLDBeaDU43%)!ETlUca3vpQY zHfhf7A4qyOgJ)k%+*9NjHHqcsnv?DLQG6)GQA}pbPDY`%tc&0f1$5uX2JQHR6#4GR z3C{8Z=^pE=#5>KWZBHhEA%?vTrfoS}3WmaP6?Urc`TDzlqRY*f{@&)^*#wz_@jRN1 zG0s^aTW#Ke&mrOju#a`vCXh%7ah7k}HD%jgZzkioM?p>>mV@cBfrm(OQFzkJoD*&? zec!t2BtO#a*J<~XK%W<=M||(Uh)}7O^BJ^XK8hrBJ1#@vIYE2|x`omWff<#It_$yn zLH){fJ7+^9(dfOSa-%nu;;Ep8yxBqVCjrCYfuR1YK;IWMZV#e!0{j;((Yn@h6TcXC zVnnn!Mz-h!t=9Y?^966qV8G|P>2T05NcnvsZ1$Dyzz7s*QiwT{l{YL|ZKbyf5}f=SC4h57=_bW9Nz_=5ur0!itD5Ka;*S`5A8!uD0edj@6H*qcNDrZ9J7 znEPo+P)I5Y`|nRe;=c3thCVms?dS0xdj>V`#A?-DN|wk;GWXL8;o=sjNpPI7!u^REN`j=?()dQJR;J$;IDjM?V}JPOf+oyYS{8tx(${cWhI(kKDvHZ z1YtfqiqDF&r$=4KMbR7KzD=S4vL(eHe$)A)+Lbgs942Uha|}5}Y=kj1H0bMk7#~{! z1Bnr7x)7`OrHprrx7A%X{&`QjEZs%soxU)k;t3MEdsn1x0-@wV7ib1mF6i4M z5EHlIOT@?16lmqIifY$x+(&0l2W&RS1ZR=$1&>iVTGw6uXcRvZg};qLW~fk&F7DU- zq!XQ{JoIfMN1Q`A1wF}Z;&E;Q%HQt^^-o6dAk?00c7Ty;`2V47vponOADc<)BlWsX z9`*Ux1yVPWYJMB{Y`m60se*~`DrS)@sL1`UuC7iT?p2>%zmdA(p za)82tC8eEdw6m2h{RbnZe?N-fi^8{~F{LzLWo*)$6O~SnrNEF!=QpM3+6i4R@alB)LV%p&4bXPl;fpNA2i?{3Jfy;P1 znu1dUxen&e?`6LyJ26hs$3c+l%e^0p4X#-3?Uyc3lj&+~y8Kgf=N*;q%}JN%y6NgI zovx;*%lrnHj<`G+>X=u-hIL5{Xp8!MF}o0E+H}5eZWdL=&&dF zoe2b1ZD*GF6O!>}0@^~|<>s~v53hFV?po)ZrQts2dSUJswW^%JofCDfc9-b5TJ#z7 z1+#)Wa*J8Myoj=P2r$2a1%z_lm_rbMG*@{f7hap=wXNvCc`>gg1V648Sw@99+D79C zUs^6yl46YspErLsR91i^Uo_4Z0f z*nWXd#wNJ1Dei1lN}x^e^6stKr*P|6ND#+Ys`$Wo`?aEdw}jp*)7) zRu<2d6=$_*RNZu@{eNXru;&%EUf`qTlv&`{&8+m9Zeemf(ciK*zv?gyQg5A6 zS?!N^D()Dq`%GWZmqiF2ZaDC^UGhzZNVo*RGhxMw#PTW1?;zxOWTZ zv#Qmdi4Pz#N#LTeabG6fi-kN^65}hM1sl28T^v0joNd*%?zVcXFo&A8-FA|N&i>Bf zOrj?z3d3jS0-RB8ugAV=rFZ7!*tB>Bl&u!tUT3Su)^vTLj!1Cno2V2vaJDmGBS_O$ zjtk_1$`>Z*D^Qu|wH+hj%Z0U}xGp@?TZ<;X@Ig!F!@|-a_B*1EUCgrub9%w-L5=SY zPqwmP))dUv>{b29%(LNwKz-6s?&R7S=JS;WQH@%nRfTCYdS;jDsn*t!mHAr>*^lyS zh)Au!D$q-AC?p~daB%%$q4P?%i-GcT(9@zZjihKw?iehVkzZ;QYdfkX1VlARm>>WMHTk4M&Z0Xk(yjc|h{4Ezetdb5v^_JXEN^#8x>D-R&(sC#X)W^kLb4-K$R) z5sG=mf3g|V*4nC*-DEeShy0=Fxl;6AUxW?4saU_U7_KNTIwrm4+kJ6Vh>jDc-}IS7 z(;nt@9cc(a8Q1B;q}Dnzz3wZEj!Zw`sKsAR*I!%w^>lr7-#5}*my4cb{BJTZ1k4WG zg`1TnTBXr05Q zZlBk2vhY{P=$P=B>@o2-0=J#V4&a}5WlJW*6D%^-0As>_9Epg~$tLSH=xAe2r*|%y zbdWd+NNL*;@rL&E7qMNY*A$V-dJ+DwaH5W|9);mwZN7+Qms?%TiDJ(!GKC`-==uHp zs|(cp@e7>!;G2#ucgx!GC0BYY@Jb2(QKV6hE$NF2dQBncd2bfW?-!eU8izo6Q9-RK zSV`S_k=Lr?#Dc?hZhT3JsrTAa@E@h*(vrul=>m|9E-9%sU<@trBqY)pMLMMv9b4L> z$!6c6P_7|z9)zFFx7_dGLYl!YG>F&YFOUyrBjM-Ztu61%l#{NjXobg7FOF_Q#U0=T z)-cMm;oi5fY9IB6d`O9h)%|X|8v76y`NEw+=9=gG&uva3 zol_Ft0@wAI;=o^F|p?>2_SlK@jk)kzf4>#3U%oe8Y4l8**JMh*U-%);mHB zBY1S+{NZ1c#8)Tg`S4SYEH{OYO-Fb}(tb8~wK+9+5z!X{Z;JqU5_O7SG4@?tcL_8x zbrzl6e*8&ZbJ(0Aot?1my1QZHcwP9M9deF>@E<4Cxzx=jU{E%3y3}YlA)*ErICpQ> z?cN4!m%UrPLY#0S;(RS#{*$;kJ7wCg&JqxPh93s>o~OkwSR@tk{1gPt^^51c$#sYbkOxpXOMMdQ^%)%5Kq5_Qo9Ygl=cV~Q+yLcpbj|d3KPk;0Wpgj;l^@$P zqsBM68_IgDW0UIy-5P6yOjtoAFt22p=volqP&(+hh zCT}m_$_k=+WY!ai5&}gKK2%vg9NV+*uuN>@-69}sLYcSf85rZT#39Y8gSd_xZKlp& zskKUyu#*)DJ8xt)H`8{QAMfPtctEhnpg;9#;V*_ovTRZa*Qpfd9Nsz`axxW zt>n{c(i7;-&?>zGXi=H_seO!_XOT+0b1wLv+XBNshf<}gUBCk_yMV6a?bJcKpE zDiI)Kl8IOwZy@UBgP4!0eobr+6D-7Z#4x21tnuzD`J9sL)gOZAKy|dO^ZY}C+cX)N zH}5wS<4I;rBtv8tJ%wm|Xp!iMj-2b}>4qg$rKcD3auS9;i^TJ=(wn@!BGor#RaLnK z2mUz7AEdtM9H_q3UvLND$oe&Mhv_TH(UDIwH*Wp{5vY{(APLVlZ_3xU5se1|l}Mjlxx5`lI;QgD+=J z_lQ6Dj&|SG@^vB#qIj?CLh$ju@45rTFiVwcu<2=EI7KkzIM#6NV71ZZEKJVAkD$fY z1mE2DzMKxop>!awBXcg}@n`;80E2Dkh;ie`UMa?PkG);`1sI=Bx&kbk-#@&bA2j?b zRA=vCOMhIj1B&W|bBVuAdY;U2=XpI2k$JhuGAE^64K{)xBB#0S+2}$SeStDaSuzu*R&YbzT+mlkhePW2(M^eM|zykNI>8jAQ9ummBQ&( zw@VX?R1#uoU4CnBf~sz0dp^e2s;&on`&+u>^bXkokr``EoJ3{W%5n+jaC;YxV$D5%9+AO`dkp1$8xExKO3%cCRy-Wx0Auf5uDy>?_R0++n$){~C2&3jj+{Y=Fc#;voE~T+aevz`D#v^_(-_xZSqx;NUo9R( z_LN+0S6rO-uZFeHX8viq9rrh;@|yDg;)o}WdQC-FC~+;}XI;mCn#rs1gp+#_#|Ds@ zF3wPhOyu%|iV{*yz2wxXeVeC%7%D3KvlIT#CKs~?j^D|q&i!Fai^~!lx=lIR?d*<< zX%l&r*cW}fTe18Jb7Uk5v%-^dVpoXe{xI}_Gb?MXP2 zGx>=nZHvUKX1q=C_kig;-jA;1UE&?n@WFb61 zvVt)-w-j-?R)98=Q;=Z5ah)N&fdD>sY*@{{O`2DdxV!fLA!m2zO`{G?J%oj@nE`fy z>lo#hbwDufHu%&pAjm8-J@mK88xu@mGHdlu6;T`9>-@M6SVt}C%}uu9JHd$55S9<6 zb*@vFhv}4g8bprfxkYU3WU8jBlWM(mGDT-QC=Rl-z;T`9L2XZzMEN|FP)0rQ8#7I$ zD){7#dc?OK@I_6kQ97Xdy;e`^k!~0}{-fBTt;ce~SHIEfcUnE6b1&+Il(qd|Q3t9a zv!?-PX(k0lAC5SQ^yX%%1QGa8?K!5^)bdU@$#0t@O3A6R+GyJ|w`^-*p>DKN>|Z*7 zWExAcyB@6DwOp#Ihjkv+<`zFw{9I{wrr$kGFcx(Y7^yCR^wcKRI7)M_)*o zM%AhI3-+~gnM3LiHOY)ss<5XyTpeciF;fwFCK6c<9y82^Z)&2*Z*10+ZB(8UY}*p~ zM#*PYvsu3^UzOrZ&M%exrL`af?>^G|ikW4nnI1I7zeE>*i`Y1JEKRrL$A+x4+c|L% z>cCm(cg`W!oOc9CywFMp!nWDn@|Wr^xqqhd3jrazLV(^VGgyww+!P)aR7E#=_r&u- z$GU*{1zs#m?qVF2F`Zu}idO>&fpfZ1wB90;QP^26*?icR7@*F#@K+p*gZj>X6`&C( zCp$}=hp=E`cIXhuLu44HpMl${uQF$ND~(uXN-K?AWjfO3V=d{S8_h~XPue7IXXuW~ zZjOQNTXA3ZOBC@I#Y}XPV#N0|IX)!g$qaqi`*<#7ppAeXnlH)OskD-PLNbruA~<9? zl*IY$Jt7{;w#PHLwj(-ID0nAqd)zt^CS9h3pcq125$VgL@(-ij)zMeT!sEP7w5$AeQO#Y@ z+1VgfsQdz>tL;}pttWnncp)mSAx49lX}&MbpM+I-H&BxJtY@V`FU?a??&&CbEXqF~ z_57!p^e1t!6n}_D<3(iFMePq!l$fG)-X8^bL>+fW36OtE@oJ=BiOPSC3U5ST13g(2 z!3z;lJJw@EEV)!@hE&MYQG^GDz?fR0Z=ZEf?l0||9QL@ z2+#MUp-Xx5VtAf5*=W8wHigdXqsHC1!tvbed2Z`1QF3!+Zix)bA4EC}5a=@AllbQC zaFicD7lv1c;q_tljQ}cPEl+1_rr8A0`6&_IF~yR%rbeSlKYi+ zuJu>PwCpJkua0lKOtntyI0#dS?CRRtoGsh795sIQeX4bx@LbboY1u;O_rf_=tIeGk zx>MuFCa|-@X$U1Yx27Ewwtf0bkPTuAXT6iGj;9}e=tGhb*M_|8By)2%C+u8oiRD5r zzfxdOd_q=ARK&F5009}G%~e26z!e50mT-k9@oNZ2u2sH-&MMf`%(^kiHk>2lU;cYdb(Bz%+-LTjPYJ3KiS*EfXv7Up%U8bVPpyq)9{wuh3FOfHS8 zioG_Q%+Fj)@YxnRhb3*)GD_;&;OJv`xIY7cRQ_~ z7F4pI$E0Z*gs5uI8W8dPTB9}>m)^=Y{%{tF+tGz`9amhUL|4e-Q5xtO z{DK^G7vOPJm=;{)Zwzp8yRUEXv$y*5ht2AFkT=Y3cpNRlSi1#;0gyL3?<3{SuwC+4 zC3bc`E57Lr*12NoZfd#J!ZYY|9HC6poawgzq;5 zvpfm$gsIG0bF@f*0ZZ)U2MQuEggbsg#JICC@Rp$Gq zHX&Y|zYUGNxz)(KP4PdB$@}gA#hm_>=y^u$lGMUJ*>gbcSF-0%VvecpQQKFW^!)3h z=Pj}Q=tAdoIrN_B`A`hS{)EC{Z95$tnQR83PvkUSlE?|}|Hs~YfZ0`+d*ACRtM11hs*4~o@^qk{4@A=O4UElR)vijPqJnJcU`QQKhOP9*_ZxJQ061%5!(PB1Es8f>0femwAhqof|FFCjAB#zp)k5^$il9}YC?L!I0raKl|9uo~VaV5huF$i4MUxeU0$ z6!}%T+5`$+BMK)=JFwfG`G%{cpFB;!l;|>N)>+mSF14?qlWIKX6k{YKp^(Hq4|5t$ zLXA8~G=I1+atw_6@l-!m_&NcCV@#Sz`*bFC7IX46nR=Ye3OTi~f=;mSzA$re(WxC* zZtH0;w~Z+TR+i0mq`-#wcg%s94UNXQ9Avi1qirB-yyXPm&1K4xxEdjnQ`Mj~j6>#6 z!`kW4qtHJXs%!K2=_Ph|_J#f-$DC#UhW25$m#_|*8=1fVk*ggSJ_9bZ$`!+>8+xYg z_s57@-M7=zg-^Eq*?2N-TW|dzT+Q4Aqhs|BmFqnZzKGHQ0Av14#xI_OGq7rh+hJL; zuDH8T*<6R)YRCDEHsSe%fbTe;_-?ZW^fvs33A=oYUk&}?`jQS!&RnzdhQ@?kd4F@y zf4q(k#S#96%b{O_FJzDTX7X5V{gIqL)pF)K)P(S=JT1>-eqFg+xW;cP?`QV1_7ARJ zIj?&CYWY;IYOV->F89Dj!2_8qksyhZHFHYjzq8~C_~TlYH!$yNuFqA&=l;agnCS66 zkQkgbseLk*>`M+yjIwm!?!%UkGEGLp*GFWANvqbYT0xG=VJ0C>FgR-Jh(SgobH;c~ zuB2reK#6CJ>dUx#Z{?CJ;cpK`cK8>v})w6lvtA7|P-iBLb7Eb1XimDNK`?2;k#LK$O08 zKN4d<6ymR93b`Ub5R={&;yp3pFCutHjQH5(3pbrWJ80?>Q;t|J65bic4AU9V;dPl) z!i(!EAOj|0)|`M`irJArj8c|-Ls^>XF1ihvdT?><_$&O~p6uW4Nkad%;}@*q{V+z{ zE%F*?vm|zMN;ofVhK64g&+VpkIAv3II*)}t$~Kx&x+Yx5%=lkgzeaEoJKd8iWXqXF z)@8(;Vp)rOfGRzu<9J!g-C#1iI8n8$yI3!A7wSdXh4!NS0&kb-0={VzJt zo$t)E=hw{f=0@kZbDcT%T)fe75XEJ?-wx}vahOj)Mc){`huqypkALaO4$oOr9-gh`}5F5Cv) zoDv{<8=2SYGV_wIV_wiT%yYWPJVV3G<}&t(V5SY+)lS;PAi4<%n`Qh=S$<38{v^t; zitH<*Op4DTUWpG)at?~;GDZ8C78Xo5h0|@gsOpUh)goXzu`V{{V**PlA= zeuX%R@JPV^c|-g{^3OuzWNjU%iw46$5H0!l3cm(aMX_aE>h3h;jDRl=J36rr1baa; zHjY$w4Ty8lwvkm4L!#`(!W`A9j2DT=1}a^EVN?61BK-t~Iw*f4iP#yTGd4#DiAvy} zhD_*N>SJ4Oa4v&PXvgA0ws^Ev)SxFE>j!!orfE;}lbTH!07l6!qV&ifYXqUdFe;iE z@hQezW#p@Uxp4^*tAK&`Uc2&DSIK5^fQgt@-cf(stX(Gc zcg*r?IkP^45FV+mHtz!vxyacYHu0AP>}BGR&}E(E1!&!u2z80n9Tu6>Fe%QWj)I+| zVFMXK_yvF;A#Y?Xj?!q}@n|X|i4_N|IP|Z>O4!LWfao(G!TS-)%+$&mlyWCiP$}Ti zdWLb;mh{EKinm&=t(NS#B6#Jf%Y%p|FFo42l5b{wpk~lSem4U$p=xaH{O2f5pe?qB zfBL_E2=|eYk9_h!j_QB-pLhS&|F{1CeHrXr9%db(77j8ed8~2EoAd>yivRhja6C1m z_Y<`Y-}2YB)=A{v3xzf#n$YZxm^37eR7=_P<0QTf0Ru2z_(n{EF;Fv^UxIN81sap| z#fWtdTifS|OFOn$3%8h?<N9=fO6IJ8^i1ZeJ3SF^5Zm-+uKrJ=I_ zzolfTmz!txeWpfQ1ZauvfLBZcbo| zT8|)mlIMxx4tN);Ul(*GCeK$!uR?0wAkGi55VMaNAb)$kYyn$NxFLb9(Wl^%JZy*?nA~!NtEPlO zmdrrHeN_L{-KwK#`*JETl@#;3YC0Eo)pbtpDumOTu2SchSf9=`foae>N%pNt>E4y@ z-pQ5GOT5XKMZI%M(TyeN@@ShJc1bj-Y+cG$@f%UQvURc9x^QUgBDN-+A9X9oE?{fd zbBB(d$5#D0Lt9^GE4OKA>+I<0Z+nr76ukiE>($7V3z)`Kr@dGn!8DO+fGJ5aPy)o| z!UcGVV=@G8e@_Y)37>G&STfYDXQyBzq);xx^5Of~7nDRYpk%_ZYRQQeCq6bf1*=6S6=CY>gSTpaD63 z@>fzPM-!bm*}`BP0q@BjaW_t zbgeG7)fVe*-SDtV>)r>I`*W3i(EQTWiW%q?Rm*1s;n)j}^xZ(#KJ)FlTSH%QL~mcY zcm1k>x>oeu-^=35viJA0oa=c>3~m~-pG<`1&=^tkEVo~7HdpzIF{C!&_3XuvY8>&; z>Syh3T0E=Ahw~}nJhDxXwDh+i3ld*sT8*=%Resd~lCb5pGr=>+R990j)z!3=_C!3N zmd2)y|ED8k-ysX%1b5Zu#ym8X!kGXFI?S<)BkF!DTJ92cy^$GJJ&o&BJ(p)2z{3?)Xw*76 z-N^q7#aLZ%-xsjgyU~G&8=YY^52LNUK?AP58ZqpvF;lb}^Q8E!4xa*xM+3^XK(9@w z3#mF(?7DnQ&g6IB1XWL%lbjYHZdcYO+4db#e}ibj(Fk8__~-U*rZ(H6KMyMgfArFB z-)(aC=Akb$4$ac&T5yoc-B{M`{DtlZA_|*US!1Dcp1z!egCii;XiVg^f}GC83XmE(h&d^!edF*=L?is3^yEcc zcxmGXsMo(i6$p~^6Q1R*w8|?hH?6^T=%X(HG(f~PeNL#21Uu-aR^J~C!yVpWyy za}`x?gq&vpoLLfSp3L>&8+$OiRm7~`CtckndOJ)t%!p`Dxx436Q!m?NhDEK{)d19% zdr(97ASiDSuMLi=Hh<4(TjXMaQh&f3vgrq^_e`8qy^Gx?nZ?o8a$nDg^2nb4@~EDH z@>x#LnNIl;xA$SU{G>bPMf%UMZ5=^TFK1f0eQIXC6{uz#1pR}2l17kp4n%oD!z*y%UK+m zA+WSQ>GFoXdN#d5Mn#=6VgDq#56XTI5mi0$a;%r2km;0O-zkC~tQ4A5^8-1NpO6dk zrCeaOVoE(p4nS>pf}DVMcbqJpY;-)+i!_I(({^l5)IZFoq$jJGO$YF-Pry18hw6s` z6kz7Pc8J9+ZInezuiI|T%>0j7Gfy&ZAv@ifnhTq=v1G={8HDJ2pKvz|y+ye93jISt z&ITJ!%)5nmkBHta^gY74TiExAnmdJemx$ge+`9x&a{De(bGzZqjNUHXJA`w)um@3IC?c+mr-ZkD-*K##I(6n>0s8}A8Y2* zP_<*y#JWG7e&=<`Y!0-jjk0;5Jcg$3m{>xb?;|l~cI#e@m7ThWd57*|-lm5!Z_(|{ zn{+F4yzRO%*I+jUgLVT$AEwLpkFWu%+;qtgkHN z4CST|8k~S7^G2D)id(g0*3y|8^CicoaO}SDn9=j|G1_D;(w{l{6r!Pno$>|JG#Fdu zxfNSw>2i7`-Gk}$UTwWBi#3Uo{e8(mmF9gC#Mi;-K<`L+N{rlNPA|YA$|^Bn?35*4 zHo-kjvO9pai>}?4!?29`SSx|J50&5;Mj(<6D0zvQU0NNBdgN~;td+)YNlC+Yt?tvt zbz%#i!$g1bP9NFA-vo zzjmZ)+q31a5JSSnJb*ni%mdx1o&s_=o11Vg19ksNg?y>|a^tZ8z~`k#;gwMT&g8TI zVCzOT4*GLri{x`-i!5V{^b=0nug4atBg-)%&d=zK7u7r-y4E=a)0ySDhQ)*>fohn# z9etrtM5sFY8v=?Lme>)$X_l8!>lECe4pK%}1C~gU9I`~dTeU($Zn<7e3yqMuiV^Y) zq+r)QhO`MAd6IrT@4{_>Tm#^M8=L|M33}CL#QP>Hj}r5;O)> zOoBMJ_(P?F1Bq?p<*fKeLvtTOkx?;?^Cnyp5@gg{qgWfCJ0@66)wV$%6B-EG3fE3vNR-poI-p|#*CO`S^+)T;jD|#oB>1#)XW2vrftZSHR zt*$J{LnW3Sld_J^;$=xz#HAG^2EyG^uSW``NTY&WV@B{Y(+s8>rX*9ZrGGCOnH!<~ z0AvW8o=>}0Uj1z6L9 z>U?4;KI$*`WarjudSDY+?=EuykwPCSbf8!X)n;#bF)#iju@Yu;Tf(?=~kx`muI z)(qJ!3Bk0iW-!j0Fz#ugWO;?yy7SML;q`5vFXre|#j?}H=%F9Zui)bX^&OsL=mN_u zN%*d2dKB>;H)U2*Yyiu^II_uv50Z`sx@6pzY&jaf4DuV8Jg2QCpRm|K_sfw593hN3 zzB`sCG1o~(O}|OM`>gy|XPXqy%C2xeBb<*7=k?+IRzF<4Dz=dlO5f#y#`kf5z|4Y@ z80ZdF5B|y{prS>uN7N;MFXO4B58uA->FEr}U2I1=1}Gnaxt8qiO^B37Tj!{mF!DIU z-pgKQlYchQZKOlLN7}c`;0|fuDl@mq1bZ}>eMCl|kf=rl^`w+{q7v(R2W|NKX06Gr zJt3KodqUd3kpYzAoT*=xWE&zHyPh@sq3}$z_KFOOD9TblB4xOjuyHxfKv<{Ik?cln zqELW(lLKlJELAjSUpJGy(Ow!JB`u}Gc@2tecu%prKSMBo`=oKv02MM#Y0XRCpeQxp z0i;}8BnHOxOdW57Jp+Z!wM?8@gh$DoOaVruK2FJx&69m3i)IgNJN86>B*js&cp$tZ z8@I?{v+TH^05eQHg!Au+8%5+fnR!5ZnS3E% z%G*&NMa{V5@61$CV9#s)TS1r&K!F4N_lW>^S9r_Zy}jMtmEPX&6bD(CU$mp;-2woF zvBYRGW+Jg7VY1X#lwZX_Ox=R{Ae>Wc#vwjXTorRB0jnC~6=ImFZ-HZosp9?>gyG6$ z%#Zf!LlgT#)N8O{MTkOWHlBgg6`FuXRF#fgecsP`L_4*>x*Tl9z1?Mq^=xqY_glXnu^WQrdV^V$pa`>+nx}4(vI_2Xo_YcI2Qq9{6Uabev7<9 zZ#I~W)!`gWMz@8<%(@5Oa)Q%&F|XBb0kv!cKE?m-)sd|QP9|z2e0B_db#?=Bq%!5y z;@1K#qSK9DfhfZs1zD8W4OyTO5olS2I-)Gdd@65euuO3^6Hb^xp%~6}HR;Z|8(;_a zrfuB=)s}(!nQfGB7>w&lVFQquXvIjuz&9fBzL2@Rn~vOkO?W<9B>m^{#>2dvj`*(< zBZkdU^W{!P?2Y#w!Kg8tX(UrAoaiu56X=as3G0teBhRFDR+EWN)|$cXSf_k~Q`Q4s zjZ@P}&uO~yt7OG`0N)~#7(46rjSN;qhLi*@T;Khqg}DKQ3R9?yP8 z9KfK8fMGfc(n1g|$`Ys*YIsRpNG>2To1f&F4z*r(>pk@(p%{d)Ka?)NO+8N|kkiM# z@09=QZz*juVToGsk;aJn~pP?r`%h>G__DjrT|6uQy+PlgY;3M2sjY z!nr8J-3ulGjTTMvBFR_c>rB&gF-43LbM<7|;tun^C_3yTy~Pwwy}M_yr#QxKaYhkG zHJr0nDXv=&wDc|1GMP*Vg#5)fc6?xNcpC8 z`8u!WyI#{RhyqY~UaNu|Rq4Cx$lD0M$lLi?=~florNo_T#-plO%17*k?}y2P9C@`( zN&2+l&$FCGNGJu`FW)veTje_ac3O8+bxZ@eO28*`2;qVJvdECV72WkGCJucdgvcQ_ zmsO3^MC4lFmb@dO<%QuSnBhaSi9qp$3MGcKWw;m>&NDmB_Yc=AGDc|0c&$h#u;k?8(VB&Gq@aUdG=hF^~?>fa<| zKakzGO8-T#{H#}Yyler7NRD2VrBe(3jx0VR@X$!1A|D;ey4lhJ)5)l*vz;KXFOglu z@LVFj%cYl!-6A8GqfOdp$>{e9Q}ZWy@{kWi#~ZX8!?fUiK(mSd4dL0DLkDGg#|@E6 zueGmy#E?5I7Uv2*Q%+J#Alte^c&prc%y83!B`_ZH3%CW;HY9iRx`$wEkLhl81c0&_ zU@V`v->RK1dTNij0jM2-r=2E3VXHw6P!R{;5tuj=Q*rCuE3Kad9W+B9uBu_WpV;nr zDrtsO)2QasrbZ(X$7w+2%2+&7{!UapISF;XG#C45=wd&K?6}Z?9`or78LMy#GvxLQ zy<#q8OwQ-4jV7(qH;J#NyKmx*9|?G$p*g}_Rg1i%;Y+a2PuDy8-$<^KeSy%^_Ol&6 z=4m8yw9j-pPI5>&2`7b2t+ zo#CfA!O2eY6o>Wb2~OT^sJ!((Cinyc`p=}^pOndiSc5oHuRG*7v22*f>!!$!^tv3Q zGQAVPwgj22^U&0Nj@~2SD3}p7+LX?dYHE`uPt<54{MZ!gzbP(Hn?R)b3rIPIvR~Aj zg*r~6_hS%W$ha3D;aa*jIY87;JmFehS?O+&1Ai02Mlqk<6q6>U!FG`1PJqRe1ff=T(CJUHzTC)I z037ovVLu_%lfuR{0nY1jVgFLp{K7CgMt>pP$At3>VLv8nNL&A?zziOmAdi#4aqQz{ z=f@&tOpq~*{^srP1^HhYD&hGu=Etc9T3N*WcsCZE84O#veZj7nf+eXhRTsF}c4XyF z4~IE%>0-I$IWdHg?8TzoU@Tm`Oc9p29Me3uvn)#-n{Azgl`)`+qY3pu+G^x8S{8Eg^uk3=ReZVS!1hz0Tfaye^EVxys*JX^q0 zH-^T?cD;T~pf?&*VlQ>1!C?MCvtqSD{f;}N&QtfFrhAN?ugU8MrHEiByDN6TT2jAP zd>&L-WA1}+ge+E7n;#+^lon(4=LGOJ-V^1pf&nE1oBgzK9wRcw84P9EpCiMLvaXiB z7)Wb*p3j>wf79WOr3*ZzdcD>9_%K%Kxc)Q)O*-_WuO_s*7HrFuNDM{V1L67r>_%=_}uG7A(8of zd<8~tM8dt`Y{p!#*edG1)faWU;o^4$1`5#yY87SFoPhOB`(3oGBF2u!KcyOY$ahj! za}`b&0$$KDDu1D+X~(*%X~bgi@BcLz?SvS;c3iG)O#k?=&74)NM=#&`ukMpuAyh)u zwBY;y_y3wXEBp)ZYhVVIzrYG=2?-A3L|j_!^f)KTfzam?Kan2Ce3NY|{3fN3=|_V9 ztRLAK1ie$UJ)qjB{88Ay7wTnUL!lBb?tCQs&dKjuEJ&d7~!i0zu;_u+qkd=`a zCIN448nHAJcVnewLt>5<3_~Jggg|t!_#*mtAK}rRWIcMH26`WJph(zfrT^KxGRV}D zL6<%4vI7*u>-0TuRr{YCD*aE<^gr*2dYDVhph(}73=;G`RcthU5B+)q1=L`pi`%i$ zJM}u5pyF+ye>qu*4!t()U+DdJ?q6_%eNQ0NnEquGgmD`gXoF{@^)1;8Y1(L7#5aUL zs?x~}BD~x##0WFud|96kWrWQU)6HCg?1F3X@(O25`$qf*!S#rDP#e)>e`;E1{eYx1 z|ADWd8DGJ0nEs5fpdPDjjcQ zk-wmzOYf+<0s8)d8(^LFf$VjL-j}yBPUth7ttQ9vFH#Z^+Riqolgh)-62n5m!pG z8{`fjX~o}@Rx9b^;~2wAuSs9>Y(`;Y$g6gkKriO%3(G=Gz-%c1p&pWLfw$=Tcg%=*l5YscQ|T6jHktxx^_ z)7KyB(Rpq&mQZ+n@}Z~42i~zMf33eUFE-_$>f4xS$M+^!x8=u%uAvIv+zl^b!Zf&m znS)UN*7)H&IR{RjKraA&8I9&d8co6)bG;;&V!PapglszL#w#tZASM!cKLHdCl)9Gn zFM64rN?u!|{XXk&6A^1>1KeW0&1Jti2B4?^4ySLRSe`R{pYocXDS@@RxIwsUiu?4Q zF3N86C@?WSH>zPIZxY7}BP1Lzoa2RkEN;Jn+eP`3$nc*<${S)me~wmB0R|LQMq4qs z2AD<`z)>s~n%Tj`SQ)rOLwML22YI>%)1wi1<;u^=iyYCy%FJ*F!^jYTsF|960mQxT zaF7dQEN8TJ7MX8N%V2V=J>;-T519t)!cYkr)-&E4h79W?II#lD*_WT6BH#jeIv{gz zJ2D;wN>CBRe=Eu_(3i!Du$!dw7~}1PmnZq?YohKQ;d`HFJZZoLm8!M7GKJOsu~Bwu zaw%44&zy;UGZr)kp1a2M?M@IR+%>sO5%AsEEIJz$6)kpa#U^Ab1KNIvKTIu-?P`0I z_l)gj`@mfUw02}oY#}CS;?&qoTV;h^Uz>@iC`==wb3xmdxbvUZ1t=A&FaC+8AOr=xL(LH|v8{JM1H;l@de6$_?x|b($@IulPv?s|5=G7q z{fg$w6XLTB_XfO}l|KMW#xnGu{56s6>Oc7_>00<)f?2`BAXY7ke){6!OusRz!Ui+D z*?`uDSE@ya{2@8RZBVW7VE`}5|E#+0s6Jx zJzMvxKCkI3LidVk?1xmqLq%b-z1%GR7`e$L=v;UcyEVjKWd@46>Qn|KShr&u?DBrA z)6GkJcP%5Pg%b=?<-{0a&zh?OYyG1%j`IBYyt-ZD3+fid7nXOAEU#M;*`sc+$ewj8 zBYzfMk77ET-(E+bP|KC^iw1!%hvRS~d=HI@;rVb|H~Paq)Xgs>dViNFKa%WuI9Yxq z+w*X?Z19r9$2_I&JJsA{&5M`G$bmV3nutX`(trtnZDq~t zk@fzE{5n#Ix*z1e5(Xv|B^0dAkuoXEViusW5CNeZqxpI2t49zHvCo*T5cElUoi;c@mak z9?YL6IkJ?kiDM~2=x0cYqE?ei;yt0>73w`v^JlTQtX*#$mD~f) zx!7UT4uy_kee7Uy(2)DGy61H6Q(JbN0?%abQ!w|rUmPP61^Dm9?%OZ2e&(U}Ft5#9 zuMYJNi!YM}?+|fRs^SSfR2|lSXtG|-Hpf$oog>0a;Uqm@Og@-u(&n8d#vE=>cGt`O zYrp92?d@WW`d-;w9DcV)Z+@DyT`^_HkFOPz?Ri;Qdr;=UgufKiab~r_IYeb+ z4=1I~&G)rObq-JVo{Xq5^t$V3<06TraOLgo?St*hsc#N12_NeDqLYMp8!9JfMDoaG zhqoUVIkamvi8A)f49k+{A|(xBoA``4jIiP)zTG@jAjCKuxQF93uHaIkPxpM$v}ba! zO=6ko+i~Za=FTH(dd(i=BW@a@``SO_O>uYx1&e3wdT$F0m<=`l1zE}l)-)OlG|C&5n z9wq-KB$CGhxv=f9=7miwnin%IZ^}0hZ(7_u*tA>oRA*7gK-WZfhS%MBn&_EsWA59l z>8ridAPo0L+rJg=yr$#C$Qcp9TW71LuZ)@&Ss-taojkZnOY*G|mW9^n(iIhmuMOKs zXbu7&pt>A^3+_SWs6fcRh!-sL)9{9jq~ga)>0zl_EPMTIWIlwB2Zq3!!WVH5kEqSn zOw%ziX0Z|u8nhRBnR>4=rh8iI+Xd*{`$d~57wX+EPVV-)X2P|V?1C9O8t)8x1%TJa zgi5wUVWaw!y{X~OD07j?1G!OS2JDe8aE;pjhH(OwZ`#=0xYSr@k~w~@m{=ODotha; zG#${GnLK$qIc;Xx(>tdnr=M&Xd`8UiX3w7G&5q5QI^W!*lkd5~9Ox5^7TQa2OfQJc z&8WhR_=L>(HM^3!bJ_CUjWwcad2;tnV!7ChYwYdqHFHmIuh^b7tIa)|R_WF4t8%NO ztNeY&TZ~Izr-{{%}2bk^d{gVeAFZQ=-FtK%^^IK*1h>yvTG>1Ri{DGxpJxhPi zfPRhv8O50Tt5apY*-DPZ|31Pkd(BMQ>T)zAR6Q}KIzi*8VcKL8fTT-}W@(ur8B*W$N&O=;c} zj8)}uQi#_iPN-krvRraMIJc5#OIp#YGBZ0`WQ$^2rc6CM=UeVqt`*!J<` zr{dS_%DpJNUY094j$Z(Kx^OIv2h~z%9yVO)SUVc}|J?#!J+w|GiS#s~lveH+F&6k6T zucqhA#lvU!O)D)nv|^o@R*uI2@t}j)@&HDDbrNV08gLU{vonPK6&kT=&2T%J720r3 zx+}FJoe*Jdbi1g58_<6Y1g+i7;%1hp%o?m@YrZb`l(3#s_0nBZw~&;-e1Q?*N{zBe zGN(*3mP8Q_MYA`}`|^f{NNa_dR{<$}h*_@{@sEonM_VUpxRMZha3QV1Sy!k|{?xK{ zzHVkvLCJSU1EnbjexiC=Ai3dXJLQ+LwHc**gIpMzY%}5f0v#@94DFH|?es@O)TlE9c*$^!HS2c)tC~^VyQB7e)4LoqJu4=*?YB7Oi3D z!p9$}jSi8^-QrY=X`yaWE1YTee$Fa;A7>2-Qg=6BqLId*;m{xXKx8-)vZN+aQCcxd z8Ou_WF)f8tk`ijB*0kedE#OaU4U2|Ta6wUouyoEuoJ9;E*{{(l9tY!!PSFs~>wziV zESR&0ITffkpUxc&hUll#I>F`(A1BivW3kHs-UhTUefa!rFaNTLy@-a8q0y420v9?d zNL(lhK=1ij=*muGs=+TO%0pG{apP^|O*%n94#&75k z(x(TBIJMPRTZ$>s1TVpUQS9#J-N7j3n0p5G9dzxBlZv)8Wae(R(TD1 za(cH^+RD#tG#FmsRRO|tmZ}kd7S41&L7mMB^%|y!kzfX|m3o$Ct=*3N3eZfN)d>=z zljJ$jkCDF_YQ+ap9?5F(l(Ws`B)?XKi!*U-ur+EMHum(XBHNuIXIT>wK}|vcAA10& zvA9xL&&vJKiJ?ROmhQe(+fe|01xZeKlZdAWCxHZCTJ|!kS&x|9G}tq>X{LBwl;Y6` z#3Y28eqC2kY4qb4m|TQ3DF;!CU@IDHqGB>L8~@wyQ7XxXx&-&9|eWfmrSq-7m*R zVvHWp1R3!zAIV+Ny19t$h;aaL_zeLtQ;4mLs{yGx;<&_q-$ z?6kMgQ5)L@`A-2Ng*=$y5;T*QrYVvr(OayN@Ri6BQe!9$YCj27x)rWmSZv_Whi%J^s9yXroYxM_@mMjOfCxD=@Gi5 z8?gRD=Gx|DgMc(kZobBY3#)#h6*xbhy>djSb9OP6Da8tD0cCT6{0RnW=HPi5f$!7K z8tO75SRI14J3Xul0K3K|fO#Di@>!^bxRcI^t(RZ)imx zYZ$l5GUMXK0uVB+E9pjaODg^ORfrlA0ce4FvaLeTQD+JG!#G+r6pai?pc`ErO&x@* z#t9#e%3=0;9(0SiQf(H%Hm8R3(VO894PMmNmAaktgJ2w0!m#z&J$itmlF2@-S#M8*0pbheR5Y-;5xcjqDR6FkLZCeaEN zb+(*=c&q1t@1KpugwueoQ;&8Pzu}RwnSr{Yx7~&Krz?aN_|{*wZ*3radx{BAyatx?g;Psa0;n(!wl*yE44gA?qU<86Mj-UN8G;Cu-PG7o>U z`_NB17%h|=Wz?wUPM6qunYz@LSK8{Ec9gA)?OKNV%FjE{%oS*jJT7V7a-BW?T06MT zuDO;wpfK*k73(WZeJzZi^)&ZOM6u7kibjG>Jgrh$jes*8WG~%Fp!JGsVHvEN>7l5i zreEwg3yEfw z_iGUx6OAO%Zoea?AkyssBI00_ugi3g^T-0a}`%^8};jgcX*ndE&J3%1F9Y_^e zvX((DvKWlxEV#bM5T!{vP}%Ufto=2qN23*y-2_usltTiVmm0b-TYlLn!?j|J^^VE| zLGxstijsn^Dzh!+xv)vpBRZu_XYq>UHYuhwQ>MC}U)*JBf{k0<>!kIR?sVi7H93ti zUyIyE-53>ZvYUyPXZfk|wXTMbNNK{zjjbHIyBE&Vx^Av#0)lvUzrx}~Ks3C>5T z5AGG|AM(z@*G1}FLHe#DgeFRMoFZ!UAo&eZa*m~mL^hZYW_&N_D6xy_JeF&+KM~}> z?xKEz_Yd!YWl4fCKN>}IY4|`7S01RmRV=ggkw|xyhuBlBq&6+Hp5!62n9YNK6GErwDHmKEl5<1EIeT$eEypw5iRc zVw2G$3PJiSv6v6}aw{5J>=aR-sp>>s7>44wkN;3*D*Tx=+?-!CpvzvpQK%0o>G5(c zU&JJ0RyY=YMPPi27He)B*!Kxcx5G&M-l-2%i%lE(v1ub`iN#AS{Uv7x>f{vrIsv2Q zYU@G*-s)&kZ6_<=nLu&>8^IQnh(frIq&Pe@piUmzaH?pTI86knB8&O1M}9^g`W2Da z`QudFq~0_2;7L`HbG|S1H9~$l1i^%o&IGwZiPe?`tu;?M1?W$pCo=6Odf1IxbFE;w zs9V!y-3VBTh%F2o8Z%g)_!91|5-NrxEWF19qGGgMDfb0UY%pLPC=w$B?4_4W9dVfe zWm9u_yQNDds8OltDB3_--@^Z^=KX!b6=CGGe;V`C-1}VB7r^!i%=#%oFW@W z??qa6M5|eR#ezs-xv&n`V^xEB=xYE5Fvf{}a%=jm^PM_?XM~#bDBWarP0&QA(yLEK zFi+S<=IX256~KG9x$9@;jY5uB>@5=A_gkagExC^1DeDf$;HZ!YX~8kF7bbO(LOwE2 z{9S>p%WwD7vxrs-pH~}tW@F3PQh}9^-DqI3cWCP|GQ7azH%U$OQEmcdPqIfNzawZ+ zxbz*BE$n0yQ_QPND5` zNK7OR$d#A*wv;1GErpj~UaWbjN5!6Dck`qQ7s+sbh=FVAmTV#OjA0%B5*~A478$Vy zp7MIfxdw-Q=4QtrQd3chG!@-ODNeXd%(zcDQ9rOrAoP^&AUEPmk1}c##N&6`6YN;y zL*bjm?}xoGFt+sZcCRG)wX&a;K|9+Rk6^19Ae?ZF@xaHP(3v0T*wdnLDLJa*TMXf{ zDdd|$UYSB3je?G(i@o(UAtu%V@^S|a|*TZE>ruQ z!$HBUAs{YFVBB6%eizZFu$UlfBJ59#PmfM>rc0>hd$F83ZdD3vLQKVr9g1P?jBbV{ z23BCBw5?%)@}N_7NVP>Zxj-zQLp(oOj^!FPyYkeq6ihQuJzcM3*B#prO1;n7rg2?l zD(g6=GE7gT)rcv|VK}Pb4v+{x6l9|^ispEy1v8=<4NcQ2W7cA@V#|#-x;|^; zgYnZECIvZCpIH{URf&Fy>&wCX?~3miOB+wQmC#GR&n7kOc^ z-V?FmhEME7BDv5=B*&VWABrYoFokFm%p(_|v>UKrHiXOlhzl<2RJ8HehA{xa4oy?K zuPOPa(NW1$nnF2-Iv^Tp-NY6;Y2}QowER{GMd6HFp{6uSCqqqvOuIWQ%lB7f>Ih0{ zQG3HFRAN{UMI7>kTJw-^B>tRf)&^*B*7iq1UFnF88^hoN|k zrNC8>!HLYVv}e79#%BUBf2KA|u|-Y{=P+Y)a4|HnPm0L!=&yzKrfk4sxREQ=X^jZ5vU?YAX-<7e+<$WmKr9 z2h}4C)Qi#MpA?8j4&kBP(XgdGq_=AEsJ^1In6p(EDOeThj*?C>ZsI=d*d`f2PsYZ@ zi`F+(KM7&&^r14AB31-*W!%sK$DR`;)SR4tLB!_8SJpAQM(I;>Yk>aEwHG9juTB*v z@`+ap2~o6I2KU$bs44r)&oeX-Kcj*=v!wg))YRiz6zmsnPg3j=PEs=?guqOLbg?cm|@^l-uQ< zZ@V?#WVhXm#WGIb>j!5YkY6_z>4;{b)$7MZh2_bas?HPXV&eOvj6C*T0e%X3Wf)%Q z^F`_?pNfONL(aK$ytYlXyD{|(={_czC!Lua2=Voryyo-_0>f>!=!EUtHBRC+k$;`g z=5G9gD(-cG`h>-Rm}b7HYEi9TTMVT|+$$TOk&LN|@asEelyxU~PR4&IljUORPElh# z+es(3kM~s=-eNnoy66^Ve~0lg7Ph+R^)Lix?I1fH^BZTcb(yO@?Y)wFG#AN><0Zx< zN81gZp$P-j4S7|(kx8i**ry^orDbfR$~cKlN`76no(o48{79<5ZWPQYoiR|FGIlwU zGGITdO+I?QR>v}SR+@Zt1EDJz6WYANWGQtfsYD&G7%fwIaYV`-9{e?SsW4tm@KNj& zSNV)lAd(0Xgg14oc?np5XxQ7 zmnB!cOLrD8Wt^@vq)h_)P14&a>o!Spi`L`0A<@qxDt00q2eFS-@UW`Wv8PnPE9lH= zI`(6oF_^-0bkKpFFo^wDWiC;{ixN5Y*AjnjNyX1H-KJ^8+iZ;6%f)p0a70YSZZKIs zZZKqHup+){6538=x>+*}6Jy&We`v_07+)Vy`kP7-pYa>14s^WOed<*oFI zDn=9leTb~~AzzK%kC`^MFy0@V8#lJSUVWJC_waDX94wj4cGUdeX!)}pHUEAD(B6c2 z!ql?YmHrdzvQk6c^jp$?4O`YHy6SsW|7-Xv5{!zEU`7l_#aB&OiTQF@DM4hLWx-~I zq6$#AL(I_&d1N9ZJoOy9`-!0H&7<>8!lD$D$v~lzSt#`ZSrh3GMuGXtBh*|0|B2Db z(`~VV_{9k+72a0ioW=MaMELkdwp>Il>#S6y zWjF>HPR;P#Mj+!%UZ0D>8VQ4=^RBzi5zjimbHWArpUl=5w>bqXy*d($E^(Xax0?wK zinZauGG$)r(Ld5L?DU8l3HtjSuss=B8+}SuAM`8{X^3`){dU26+3x3Ug|&q=(i zV(%eH(FNepB<7vSnApzTY4;VKcZR*B?LX+Xf7IR|bm5P> z0e%)PFJ7@@kBVTca9_6*-_`jWkxvt6>%uu&o~kRO2;D{+^N2hG{AOJEtJG>duJjG= z--e2OgR@@NN9@yeTEz~fj1SEeFs@x@?69Wc|5;Nj>X1ZC?ReJ}^X083Fa@*s24ymI zJ}308LY%JjW8k1%a9c6wbP`Hbn(y05%UVsY+$H!KB~I6834Jo302wrFp!O=%K*`h} zpAd7&0cJR8=*uRU+~#dFuk%8xzOc z6#j*_eK8u7Qt_(PbD6d;qMSa_oL)weB8%chy3(XRu&Yh#xuGU?LF+wL;w1wk z2vf?o*X%c&sx2YO3;9)g@WnLqlAGjj^hQaN^=vp_5YAVG^I_o}s!xvYj<95TMsYN&JDI@9NdpbgQ|+|mo5JKdxmiMZ!V$t9^=l03pDc(_`K_b!n*lyh z%P_p8qCuom5IQGJLC|dNEA_`(Y_RtT=RM&(AI>*a4xAvuty$r`<70vrJ+io%zM}@~ z41)-+#JdIZ+^>vg0s(ed_Ga%jX74JT9Zjl(pS|S{GRiR8#=hy+q6BR3y)Sf~CvZxnzamv`&=iTX2A#j!Dpz4V^}1IDis%!2OjB z!m`1=7Vh=05s*Kug0?Ac>2kD)wacm#homJ8XCew%tzZWegab=RBo`i&wJx-?9LQ8Y&aP-f zj7>FqgaGWz@bakoOLVIekE+MLt(fl}*tIi}xltW?IEe#$3c+_^ZF(W`D?5pFGA6RU zcK1S!g=T*205!*(HHy$jZ$6Jc#~bTy5U~?va-(wE?H2O8GET(Ubu3IDm8Fz>)VMkO zW|8@h(8B`!!%}7nwz<%ZV2jY-HeHMKK9@YktFaGojtTNORg%V=kE#UEtx98&j)Nm& z(8k*ZPZs2F81@spafN#K0CkMLL8xQA+Y~ku$*}HZ2{w*>Td8vVK8d&EN76o6eOcbZ zdhC1BzE3tf$sZ~84Vd6!XUXinD!5t1av+hi(F~j{$S7DiuxCc(Qpb=+M(Hb?Gf?4r zHw%YXg*9*tD0GZow*7?NB)#7H5tw>#IU#m8$A%+$H$c^m_jYcO$g10n?M4oS&xQT| zd8$U{MH%tE4^h4B=};<8_ilpjT9IGYk=^fwr;iU$A1h-gs-=e}ZWiR->IMqzp`J$k z$aht&vopbGH@0BHncC$&5}E9Amsa=($qap`9WO3j6OD42UT%nZ*2|Utq+n32*8hSS z*yX<~lU<2*fEZKV*#qPnxvcP}s2N)-doAu0B3Pf?-K5ayg$43)JRu*zLNEReqBu1d z{L|eM@sYTCQZom6-;VZ0($Q?>N@{hinF!xAWEwbUgUqD5vdK(;{t=NoA|C@Wd64N( zR?uKfqsfivw6N+GVxO@tbKxTjA_#|sq$4c6P7O@xXezIURci1t2%5Y}o8HIl>BcSd z8LIJ{>Z0r$CPUloH`wjGWnxw`$h+4hvb9iZ4rD%`^)vfhce%S~i;L`hH0E3=yjO%8 z=hP|IP8Ifkj0nPBmyE%Lm$AoApjidk=puhXd5ql;`NX9TQ7^W-8U_mg5n;dPsy6|( z#vaD#fPvViu0&rHH7|izj@M_K!M#eHOW9vDBFCSAnhX^y?U=lXpvxRNxn7n7EHj{1 zKU=gj=+p5FuqD{TZDJtga<{sJstwsfliNVT!wGg>nw;GxVM=V0H<6$SX^*pW_CoJ< zk$X*;<1s9_aN&4Zdq&%^t#@&_dhOzPH8)vrPrX6N={mBaymw>~4JYrE$kiB6mOKo% zZnlm(e~vg+*S@d1K2QT^ASj@@!_^tn6ED#IX*#;t9)*bDM}*h!=O}(t>3*NBe31*J zK3)^Q^jQ(k9Sn6!D%I zO;1gO^MK0gb>%x@oT^VW+XeU^$D~HfNHD!#uC$Bsc*=?KeavGnq(^?qbR)|uAGs65 z!I4P3FACHM$8e_^w9DhT{yq?V6k@TB?yph=pyc&9mQnSvd4)~lOB)T?J{Hc872)EL zaK53k@%f#Of4}0*uAJPzQS?~OMU%~e)0Ren%^&`K8(_^I_M6ng+;*CUe#38XOMFRVRKo_02efgRnB%Nn`C6^Gwfnx#( zS=Jf&gYUn}FH3kC(9cY}l`C~TXRD&0oeGDUDVfm}%HcS*7O-5)bfIQ;0Hx$ZRi~fl z*WwHEHeqj+dOzLohRkO+)#(hr_C*Ra`YrgdG5PUI+Ho=c`YtcTfDGx}Rw*8phlTTE zI6u=47q7^jj#Q5CJl|OP;n|!;pv$`{Yj!VnA&GDg&9N7A@tGmfmP*7k&JO0-c4J{_ zy6jFmGP;<45I$j5?@zGD0^J>x_M$ji@NC5YBGd=M`&g(A5=JEEh(2DDwJ@ZWpd0U4 zsgA22OCBrrank;qhz@wSNSiH?|F)OadZ~vm(JR{{Z4m+Vm6loXz0ra_zPi8GUSxZ% z%k&t#1!T%Z;=A6%(-D8)c%*Sv5c;?QNh&xN$EouI18V*WZ16%oEuyp3eAfx;F`MV{ zrr*c0*yVC5j_#!gl@DAxyF6>@r1He2qsn*i>Pp4_AeVlz>=fTId=TH2ksM0@Y&ENX zc6wHx<_SW;#20fBLLfsu8dwcs(e_MdR-}Xz*mQWuOGeb!TxRn=H66nCeO34IGI~1v zCl^=%odr^SWgA8crjYyejnUbXW~pJUH4zKx9f} z*5k9^!<(Ng*xk05MlTFj@P!?BxjnOaxti(Cutf(%rh2Ac=*_lg*!$X}Ia9!@3E@NG zUa|B+80h>7q~R+u66Z1_i~W&Nn&;%H#(N{Z;db6G*uoi!!_tf{px3c1=IK!&+K%i) ze#(qW~U7jW|`apS*dpN#F_;|5b zjI&RbOP>uXf*F?uQA8^{>OYkM-WDtoClGJ%OPAGeQ*vT@Han|)1YX9F?tUIk|=sb4TFeT9VZyO`r z7V)tN7lvtmwiP|Yv5H+l#-fP*cR;HI6_+1LMll(C<5Vm0X)!PM|B&_`a8^|J+xVO_ z=S*+6m%Tf8@7=!KEwD>lq>1z@UD1e&Vv7*$F-E|yC~GgMAa*PuprBE~5({<|EU{q0 z*dl6-G1m7vGj|b_{NDfX^Zq}()8|e(bIP|o-{%YSC+vHS5=Ied2jELg=5~RYyo{nj zm_UG{`GBxKbeddEGRmch-Bo*NgH)VSiziu2;UfHwN*0v7WB)fw9t7b_3Di3!sUYyu z0F`y}eR*#><~?AmgK?x-*5*Vc63hiq+Kv!$mdfeLg~I7n0+Mep2XvXo3P{r$!tX;5j&i;}ggoJY!C{kw|pgdLo zyT8VUCbO~pgpYG56lU;vl1K=!h6iXTq|X8%Q6xbVv?GX?2~r**nxn;9MUl|x6OunV zeN4;I{-bi~5!wHMm)_@ob<4<0$T8X9Pdg?5``u(JB3x(B4J-N648Xh#&Wlpe**m&@U*0 z1v9pQP(meHNf@wfw~L6i`-qNT9*eU^1NdrUXq}F3IgZG*_X2@#u@F-SV{(J32HCB_ z9db2-)qrctp%SAvq9%BuE+T0q2n|b_Q0Ao>B12-2aSntYtgoz@f-EwlA$!TSDP=3uVA!LXbHzkXE`vsU#9? z#Dn=&;jVDw0&IYt_f{^wL4~}cX(IB_)+&(4(FT%8!)F5hlu=`v9;G=u>PFQ>FId`8 z>NYH@^#G+O5{NPgM((26ZiZYcM(QUCn8W*%eF4rEo!&mdG8#&K)(T*N+X(ZH)s1Y4!k4D|Gqac~DphXNv z6gnJr8VsY^?ZwZRQ~wIyGpQiEJ*!X-1S((<`s<;Kh`gALpJq(wt&fm><;mk~jRxL( zD%?5V9MtmG$S^1@!dtU9=-_hj_Y@J@lfwXBO~9*-{srjo7Kp3$^im<+SBX7y;C2aC z`UBI|A0;~=)Pe>GF4RiI)DEIUkedk6Q>>&PX;soQi9QTUuQ|X1Kn0NX+GtYv=LF8- zX#}}}^fybEf#*p^NeM^Br*tV`mH}^d9uM(HBnA=ntw!1i(mD39ZQTXX26r$iB))p{bn^K4O1ZSb89Kz6DR&V%CVkP7_*@BuJx? zZbkm1G6ls}&k@LHOd5$sX9H`?dTTMY0}%q5I79-f>*|dp2JDaQCJ=Qq3}A6AGVIVG z9~Ce?F}Xup!4+|dx{0%-yLkpW>i(iVQ0Q{gL?2LuHY8A*^Didz=zMeDVG_HTN}Ksm zP$dpymO3YFJvS0^kT`uByk(r9D%!4x6bSg?kb9sbBPfFm$qb$&vGKq>a#XMs@UDpD zvH2Y7O+Jho>&eg{JDRpm2)t{B&w8IgH0#AIZmlQwy`+4rH)(h)AmMzV7RCL1jQ2PS zKn*>T7Zl;F8c&C!Icf0hF_7HgN^``}aXCH6lvc4~5JuVwz-@#_ATN~1g~s?wRr~khM_@(fy}OZ1x)*<=knG zDGav@ZXwd=QM6Y8#7C*o@b>2uK)O(?N*KU|eK#sCI9j?S7Mg!W)WbHiTDZ!NTus}g z1!u|9gRvn{+Bq8zrED}iN(BQ<&}~v=2T}l3V)JMLN=|~~Kp%$uMBdd(fi+qYoe9i6 zlGKXf9`B?{pCjckERaAMJ7Ea21|WnZ)w3FtMFe~I@$n}ujVdc=^00pkW1!pCqIoN?n z4QxaPhqqqB!3c?W8V_qWZs)>BJX1a#%_}S8j5K=)$2vhMxQ0nTRkEd;+@*;+49OJD z-)O6cIW*oHkrvF5miTe#)toL?GC%Y94;&tYAuthPflwrL&mf`-%J@qnVp`{jlHO0O z%@u1FB3u`o#ic8JjHywwOQibYuT!f_=6U$lAJf?5n$l$%7g)JVtkO~o#6B!eb4uFl zMbm1Wj%T`r0}h76<7qw93zE!V>HypO9@Pc2%=DNLK++?5wey^l1MWnlJ!== zGAu|*b5Q0t%XrEm2ck#YCV<@;Os$xD4xT72Si+>Q@-38~WyohEkpmup>B*)Zyw6mi z=95~EWm9pMGm|t|KOuY&4CzI|5HMPl@dUV3C$oCe523S@WSo&^2&mmCcqUL0QKZ{t zX>%2O35iJzl&;gZO*jsPN3pZjmloUzyfNQK(%Xp+Gxv6a_Hlyr1Y-WR`!(Z1O|Eh4 z<%U$Xo*f8?qtBo9)0o$=i+tlkpLY4K;s6>Kds&O$2d#91i7>eMi6ovrX26VmDNu5Hpl+hCd zkp5|ahM_$yD5DQwlxJt=MG#>^iw#SXOckf3(6f9zS!93n`R6`&q6jD>wT<1sd&W1v z@)eq>Poir~l9&hJmFSXw7643PIV0>)c^*cw7XBGg#tTqa9s3zop$UVR46BV`odB>> zmURfmsMIp(nfW-@3h05ToJk=2xL#wScR)vP+7(ul+z50RYUnOeJ8evzgY(jYwI~UE zhT5QREF#kS0;lmH!8fYmKlm_MDbB30YTTrw zH~$!30OCXccF=yYEvy5JVO|hbL-4Ot1hrM8Y7D`bbYUqG(m&T5f~t|1&MmU5E%_QN zsKFnVNWw*>=m5zuu#&Rm^fljMOO%h%8{b23y1hF&CuA$QQ zBKnr64f?E+dD@6SVThh&$Qz;rMB8i~jEj%iPNLgL#de}>BWf_efJ!@x=uWiQ9aYiw zRTg#ctx`5tsT-=42dZScj|y5q_up>6T7j1eIv0Z2tea^dQb zn@)x)eHNyHm|ExIF$M--07O(3&RFD&R+6aX86ZXh}g$QTa;?JmKbsP&`6esYxU+e(u|31NW?{)$F~_qKxCvxrKc*9}4Kaq-!H&&VS+ z<`Xs6pKFxIYY^}SSPDS==oB5t$S3JkJ~6Dmcgpy9X!u7#SZ$?4)EGOA%~Wv^##Cfa zMDxLQQFjG#)QIk?du(vquN4y52xo$LfU zJ#2LMQ)vZg4CPBbdWDy{)Qfj{5$Vnb_E1!LI7*}s#IaXB`i7Tz)r-G^V_!6|MKNV@ zOx$$-=fcJGl$iCz)VI8}=Am+JK?jaP-btlz8ro600IJCvx5wD3n6gTQae_Oo?Jo45 zNf7u%R}tlQl3PPWwfd+|L^~rk9x&&$iZK=y2`8cSb8Xhh?usL$;%x4I9f2+vbvx7=wpwhI-6Cr-*kfz2|@l<&FMP!~SEok3L5-$<3#`!Oi9@1s) zX$($X4o+-g!O zEx3kA_jSa<1rkI`QuH@Lpkxgj3n@4!EjU7YyaN$p@cKu9C>91;c$TTFz}^NKb-0k1 zMxUM#oxXHQ?@C$^8Fh@H-VyyLWYoYH*oNxYhRXr`p6SxwgXBiKv`8?&n+A)guox!Y zM`j$bFPww0iPOxirURn0;DMSo{D1?>`B>$)E9A8~1=t z)oJaIhWBL)M9oJHeS@KGY+>tKn2G@7k6Mf$+nVlch^}j(4>a)m80uLqK52+4fbUX=}Q}` zS)zIG(10)tNRv+qYy{6x5(_e!JS79ijxYWWx)54~ME@s(1w7pc(>A$DsiTVslD!X1 z;R5~HQhdu9@X)mo4=oth9Y}_*Y>*}kSPt|i!ySU&=$B()VM!w!RoY2?!@x~zXVaPA zOMjRoEkw^&CqOfz!|9Jtf_9mK$;yH}{D*8Jl}t78kUilN&i+lKe6Kp@C&r8WYy!X#mE zEYiioVdLQ{Am-Koa>ynf7RI*yQ~Q-BokzS=UEPbhmf<@kWI!x|9&#_c%4renwjbZ9 z#r$}wJgrP&rDcyDV*OF}Z#%@nSNrFlNA^E)KXw1uewL;kvsd1q z@dKIZ&o~}a^SCZz6-}@%b#pnhmXOmq*#3lq2VIAQ`bQ*eVWpMCzkwidgzY;~`v#$~ zw~)Jte>W)w^X8w)$c2>tOnNP(8CX0g{Y)kY+kM0BTGc;?6e@kcglWQ6q~S`UUPZhs ziB;Yw_BZdb-tuqjhhTd>t*r6~on%OFlg4kjx=l%KS4uCD^T-B%>PD__;IWO|I)nRn z)6!kkzmJx-M9Dg)UaIf4L9M#mY`M$y*O;Z%rr+h29!7^gkPe4oV^lEz^;$=Tn**ik za}j@Sv~*9@UlS{>j`?e2EptZK<#GO4G@UVY-0pe*n1J=ikIAy(bUdGC4G)ftiA+lm zPfha2R8FcHUOlx5dwa|s^fcd@@NcSUxv|23yR!6FrN5)H^iHM!US-R>mHr2nrTe^| zA8{kFxP%#e`HMixJ$8HPiR?of`9!9rRz@cUpcMx z@@f86XOWgG&m#WyXOYr%SgyqK1}xW~OIp^QOZ+b`C8b@L693_ANa>+#h`;$7(sJ|F zDEH^ciO&=DITCxGSRckjSzi#@Ylz=mI!Xi$SA~Ci!vOzLUiwWft-e9=UsRiyL3<94 z@`iE6^GVBj#BVG$`4y#{FSx`xjQIUQJ=osTC09RF5RY|bq|<2sS~>0> z#sA7IeQEla*v;GI1nsp(p?4^~?o=|baP5+ewKSt_ zFZ0@Eo_{_syv6(Q0+TZK6ivCkp=}F7qVwIk@{AaD^XDt7D ztMr`Zzi5?Su>7r7%S)F3idA~q^0!;1ZI=I@)$*?8ugRBIs(oIn^IxeeT_qc+T;piJ z(Bk%KW7PvqgI*Wz7-7*Jh7K9B<-px8lNxl+EttApC>?;76oRP^%lcrw`u}s^$lbp$ z;aW{_zYM`|>PRgnu@n>1HT}o>xPU6I4)+l`+FEuW4}Vh$x&yJV635!hOR-(p<6Ixg zeBa=hIInxE+he_ZpLoV!-m`oCH~39$FzrcIH{w_C(_J=4{jBK^ky#6jPE7Y(Jbi{ew(;PL(PR1B6wgNq5`I`L`61#2(~ z_~+R2jl>P^6<#0^j0uXn!tNLDhp{WXMfe!MtpDeWCCa~R-klJ9XmCd_H0ZX`cZ5G{ z4u}my2i#Z$+l1>!DLYjl;JW>Cj}Yx!uG&U{J^^M8fq*Y4$Mb@AidryE)(h4bBvF-K z#=(*}d=GD)SO-hWpXG{QuGD=TmHa<m*h&R1Nm5bs1F)aRUjZ$I;U!W z;lHu`hqt**E|w|}l2bKrz?T)gS0DW5D8P8C>n4GxOWbZBSW3^N4ZZ8ZKdXYbC)|5X z(>^`IweXx@*8lxcPr)w^Eqz3qRg_~^lGRK(wlwdpT9M$gNO9 zW`T`bIki9usRdT1vVNu|haS`SD@#>=9vNl|kFpxSx`gz~r3Sygr3qbX$?x$RX+dv{ zT=k`1e$SQ;zrEDQ?_KKW_XSl~{}OO9r9u9{mLdLN(02_j?c)z?0bZsw${z_zuhARG zxD&^!<6>j233!}|drkKD{eevNryM`spY{-$S)9?bzrSDU0Do5LH~xVw0Nj)g@eeM| z@elok9)99s`r)y|ex!ill#cR`%pX&A^uEX9D)V-b1^(|!$NR@MpE&XadSb5=GAASb zGEq*N^oPl((m(V)HS@<{`?Ol*kyu0uXA=JmQaYRXXORi#l7@2#a?5z<5bJyb>||*P z@h>2yi->V1zX>c*-%ws zyE;q|%B2v}0w>AXz)2FBBup_~WLbDSWhqH?iA;PQ^JmW+EwPTzqQ0{Cm(kIoa&k-g zc6$TT*G>xJmW^yZY!@ALHoW(}r8gz1>g!p++HwQ6l;VR|51I_&Ws zFi_$?!dVl?Gr$+)$u;5%!YqkrGTP?0PHn>(Zwb=~gmAnWtrToDt_%b&9{I-IkDLk~ zxpV#@^Tr~Pb64+bW$@*_$A*u5H-WVZzZ(ySCkUx!xE4AQIx-fQSc40!7RFnEpySX{ zCE9QP0rLh+tl#>M1J-p61~VZWO;a3i*^eFoqdlO27egiUU_PyxUkQhsn2Ph-Bv$ii z2Uxux>!4f2@|h0070cYq9c_|y1u~on_UTHzgP4k>O&ZoGBnACa5kzM;i z9eux!cF)!K>)?MM3>pfl7FIi`l$caf4IIY&LGuI-qboLOX$<}aWA-?h36z5xW|xb3 z2Hehwq#Om}(EfPW%_y#J*H&t?_`)MlTzJ`Q0ZSZ=D&oKdR2UOSLIOiaV&Xj0RyoEg9nFpVB&*1sx59*xv>!8K-#A6FY zE$T&LkJrVCiS8E-UmCBA({+YNNbK>t_?@T?(@`7BHDOXv6L4$fer9c_LQ_VKxdeVX zOgQ(L)`Qycjs9M)Ilm+OAy5zQC0G6f4o{jgaoUO9aR*Tx)j^lj*f?;TVQ1Oo!D*jk8bHyxi zdb?D-l}dY62`*1k`$6&9 zB2JdHNBUSgzz0Yf4E}8Zjp8Vn`67fh4!dv!PG?+TmiTcil5mfZe!!2d-(?oS;4&;S z!a%+NSih^tKH(3K7VfkR{0$L6_h5VJqVw`n5xI}ogB3!=N~gI6y;(;;6@hWQ7kpT* zU3Op0L>)?yVi4IGM=uB^zXu#K5ik?c;exhDFljG?KU+{LJ8erzYeFi*XtD*~?INla zf<@rat3!tZad9reutX&|ZLS9Vl%ShxCAn(x2R3h5JUe8N$KbUyhjOu?}Ng9&y%P~>nS`Qs~|;*ltw|J zbs}oE6F$V=tVlY@Af;Mv6;CZt4xh;AkYJGzL~tgYGYTLmGBOo07;k~}mWgqko(5$% zagMR;@D4lZNAw*^cF-HbMe-e*mWl_WjNfF^TDisGk5hRQ$`jTa6=r9Z-9*XD3=Bca z_0#}q&6i~2i$s2b)P6^JLcg6Hw2DMEf~1mnGIkd1@8ml8u7fwcma!X{wvx$!?^1Fz z9T4tb3BXQjSlO|2p9mZVk`Yx0@EZuX0|1&vfb=xHVZ17~|5lpaa340|0&y<+MUx!Aa-iOdKPl2>0IMJb2EGK4 z)4xHi$B6j=kynGTiRSL3>|WZwmdf|g!UxF14J;3_;`cG_Rg?foRbk`SZG?hUk-yUs zVQBy}@Q?12`HDtu@-c8M8BsxiyZ;N--li!VR=k4|NfRqq4Zv{{{xF`f0F+qh<=KnvW`^FCGsM{*t%365$w-jB0GAK z$3-g;*4NeIRgZw0G^M-uD3L?xIH*i>0J*|RpqrD|q6su&B+kI+90T*7K(q!E2xXYo zjF-&9HHGX?cz4+u0aSn9#sCRK(o)o01W(@=E)oKsR6HC_0lui8SPQ6dz)}KU|OavBUk{xtF@Ik#5k_sH$n%JMQf|1h$)Bs1l&a~AxZFlh$ub_&dA4*IQn1i|*C z^Sj&Z>kuyw$9J27cFKcxnwJNmpaYpfP_&r`4UwXMCeocStcu(kz~WKI+q2d^3#}(YW2Sh}9@P(ByTJ^-# zO79Y>(ykO$trB(&RO1HZ^{fLiY7XBl7zX!er_f$t3Ze4=wVsH)5`3C=3jqSoMUo|4 zatOQ5lB8#eK%Rg%k6e$Sc^FRdIocXSQM(q>5rj81rq9ueMoTrdc-tH%3j^n=Ftm=A zjxSP#BF2}I+_fZrHL<|*bTyeu>#rjEGW;Sa_OArfAN*l+;P(_jn-om|XReqyTx9L^ zdO{|Pt}Kp6kHbAClT$I&3k_zsaP6-~lxR&W#uGU8{}^zeQ|&gCgnlbVY6{@JLE|E# zP<-XJ<*z)F9ROG{b|Tyduu36gbP7;_z$*_weV|mcghHi1;Xd^jt;Ye1^+$ zG-?30jM<|O%1hII0RGB#+7(~GXH$ZEgjs6>F)wmDaHXH48Q`PV;(MS6)?9-lj4!HW zQXbeYAv%e-gw_@W6%K#}wT2Gt4r{`DQe=j>Mt%no?qmZ@Ay_;~f<^otGEidQsnS(i z14_8o!WaTt0Y-m=Xn({_2__A6P5ZF4!`{lYc@mf9BHHRg8I1HmF)60q62O`x_KtHDf zl_ThP8(_zOSz-I4<$b|+@m-93!Q#Pu5!uD)7wlRZY-zjL2#GB*q%Hb>O7E#Ul4@!t z1T2izW-7hCLSz!3n4>jt+q5ah-W;ZK18|iKz*V8FB@}R|Xhuy81%gc#p*&hPhmJ~D z>?%1gKsrp(Y!YVT+skip-oTAvA};qWpcX+#WZbvW&d^#rZLx<(6HHYr+Tf>oh{OaOz|_|evw4g^*A z?A^<($q5J;C~pW)YMxh%Z0s6x)%jW_9ETXp5i^^OGq17+aCFjehG}cP7n>c6O#Yc+ zn|f+)xeuh|93rS&`p_3eI;Av_jdduZ8VD1A7M-ZnBN5zu;_TenokB0Bv8Zw3Vr*-Fl;2U3EkgTs}H=uNdAk^Rz;ODMkDsuFw`1| zyDFW|ifS*Qz;r04RC!%&C+5{l z?35<2@jfDbV^txp5LD_m=0LSo*g8fhgs^`Mzazju9W1RURs0D~U-1TzNebc(P}`;p zHMkN~L$e81PJx_{3qtL6V}DT~@1WN#965)|t|QQMYo zj3sTSG+u0sv)KsPF}c29K&OPx?&n0^^S_e+m34};9mst$Gu0~ATt zfN_>DB)VC)Pjn!tIgV0;1Q;Y4di;Y z4WAt-832+tiyed2QNYs@;pARO28c#AOw3LO(w24Lch#6;n3fS~2V@)BFYYc#0x*Q9yqu!F)ebMIIDMU>AQm zOObMxf*>VL8i$s}0wAm|X}zV%K*Ke97(;|>yjaul|dLFT_S?PHi29?`w1~V#tx}d zv;qfS3p549*dUNVm#(Mcd#xdpp)s!^hXnJ+U~UR|-$18z6RiRm7a?8jcuR0#kE&d4bpwKd6snRH1{wSO!}bB_|;kUaX%-q=#vx zCHD~VT9%Uf+N7VF$_&FDDp$2QWmL;6NpN7rK8H3m*pTdl+D;dXg4CkjzoxU|(*8 zXT_P=CS3w5Z{Xt;*Mvb^)V_hJeJJ``z{#*D!}be|0uQplDDa11-Y=LZm%>eC9EnOU zLs<3jWEzF5=rTc#< zvJMp45b5o($QFSb4@LGZmH$D_vt{or*+H_*vt$(6nR5CJnVl&cXUP0a8AW#Ie-zo{ zVUhilmVTh*nxM$uAi39nU1Zwio zm%{2mVZka1OY+4K*`Tgm2?36-pd*8gM?+~Y9&BL#Ukgx20~VR?!#Xb9P``zB7&I+J zfGPwQpaE8eUQ!nu0k5FGIxNIhGRP85Fbl1d!QHH_6NR`|PTwQzVCAFSB46pEQZ1(b zB2?60x5mHeP+PO8TN-&YIO|$ktB<-E=dsp*lIE7gT-Ud+hVC#|HTfc?+1mzx8jFN-H&VnJiYtUUx2k;Ty559(n z<9*Pu_Cp8qoBzvMEI3O@t*j^5LDIk1<{~}DiOO*X!vEFWM@VZ>3+@{#*BX_Y=!Y~d z;o4uyOEZ<-g0PQR`07g&O}rh(T@%M7i$YW;I)wU{u>n+{~J; zV&&gH^XuQf$o3hDd(%Y9*u?9e=iXhMuHxG5B3BvkS8^ThnEMwjrf9Ii{mf|^Kvh37 z=O>2w^l5B*W|}oq`+<4iGtB$E%-JVgtsRvyZs&=#d>L1|uk!w{uktY0{>q$>80NdL z@*(qfGWH?s0~kE6GGJuMR1$LH95V7KB*V;s=j9ABxCuK0Dp~<1%DMDgxxBJns8_wo zxrDyFdu>Cxt)DM!3u_2nN$6QfONfoTh=Pruzyn}sfOK_`Yq8Pkux};N+i9c`NeFzW z5kad>HtyFGbP`%}ItG{wtaw_&gE_trcvRHXJeDw}2SWhcNu={(hk`v@8_1iLv{}}ffnI7BhPFDk z1VokSpVrW?l+_fmf}?{uLWQtCIGDGt7X1?J3J0PIoQ^nR4)c>>G|v!WQWhQ2UZfp^ zMl+C-4dg_a6LJWr8!KI_w0K$9JBJr8;}vk5T7TxAs4n+$c^yBFS}*eG3m|dk06&-H zqCDOd*=rctuA*atqcs=^GY}_UQgzKN@oE=l4qYJ|!{edwAiANu)ClZO0k-{1-u^Y` zpYrC#3c4^S#cIBU1Ypw0!>m|R`f_#jUD#$c{vyl0&rQ`_54F$k9tqwPX2B%cpI)Mb zoz?O52--#E1&YV_M*#R~+Fi)|h~Nl(`WCQ^-J>xW=Vt=k)`pZg<_87y zLNM?14y8M2?K|S50C=t8UgHBPB^z`*$D&J$&`tRaC=q z?0lJn>_*t9#dp|**e?mzlR)|(9|$zrK%hAm17w6;2z~-^%Qf-GWCcYo4;8ZRYeKZ` z#N-7N3R5`pg%o!jD)3R#daX!Jm@-iz-{VYF$X}$@x4`+0CKX3&VB{ErzTl;v7CDS) zY^9P)MjVivYlw#E_MF^b?rRXMys<2AzXmCEFVw^Ejxw3gYUHCt>)j|qvPAQ(8;nPK z79li9!-SG{Vo<~rkg{i{n$spyXgH#zgwoMfzIq+|x_t4~=m$WMw@MBO@+JiHe!={) zaMxkM#u98Gflm3fhe@#WIV^DFn<*mdc5CltB2vfjkx^$V2G~Rd=u!+G*WxYbQ zhX{X|q@E_oi&H~oEm@)IDFk!htIHd8MM2uliS_+U;AKf8fd!97@4%;#F<=JNCx}Vs zSHTj=m2o!^?IyzcYI3DfdyAppY$R_niZ>hPRbW-L&m%|xTJ8EdqHc1WN27IGEsr5T zZGYsRbzs=mk(h%`D4EFsRKXUsJG9oI&^?`55*Ekvoj< zsNP|`NBCGUIo%X|zZUjjG)THClbswyB06H^i!d0SP4N|Olp#+dnUgR@Lv0bJ=w(W< z7#7U+rO*3BN9A$bc#EfzT+z($P!0#_SI+3LUKTE?5V6 z+FormuQWoLpne;;n1_PMD*{LAX#wGe{s#0^8mU=lKn4EB;I+}$sJch%xIzcx;X#fOH9tEv)DuMMK(i5PAeWC`A;V z?mI=h2r*26ZPtJnGtjvUd(0;W>zCp{hhz)_vRVZ0T_{W+NH74C(-$UsVGm?VH=9kX zkUxiRGWiqcDSA;Zx|41Nu!u$LK-!vp(4_0k)OuLq8Y;`f_PIic#<0DSu;+=q2`0ke z`Y1T`aTa=h!Fip6X-c&Jf6<^t@7exuRf8rUb_N^67QZ%Jgnh!1LF?Zs;%R@f_GtZp zKwWFK_-OsPng}W*`gg6WsPPJ9mDpg(55SVQ60JSc-?w#i?Nia%4-GanMMe zu#vXV9v)#W3NR2NG|=gfT)aax@LVFvvS^$QT0I&k7%#)d31UCdI6Jgu^-S0^fTCq%ivi4|~ zC>jcKfz9Lv;ZnLUT#O7hz`KK8#TSG<2GR0w*Z_7bpqaL#>}>ew5%VNE7^L0||JZDd zo4ph-lFV2_#1OsvH)REWChBUIUq_V7h#2)MSqT^|@_x|M(@DE1`GU?3<{!$zVsbFw z6>jVsY@8a*n{@n&BWWSzl?$Yk}T^lMxdEY+~e$-!P)liv#0EF zcBsbyRdAcrLX+rhSsnaZjb2s*@2C+~viO96Tp^pan|RWxd%*F|bLiQQc9uhbvJp)s zLyHAZt{vzWkJ|Dk+nc66=x94_=R+IwG0-iNLbv$9_TIOR4{RSEO7BmO&|aqHXk<&NPfcVD2+D#{sL(lRdjtXR;Fnf(dg-@a*bm+N6I@cW#1@SF4S5WP0 zv}+`h>D2pEC69hvr1C_j#>Es2k#ONCygpLJ>$u-gVfgwf$gCAhpO{5|;4X86FT2u_ zmpkTq$38+^<~rB9n2%fU$m^WsddE8=cD3tVLW|M%Z#pA;_fwXKSC_s}Zg5n#8!c6jNtmBnvW(VH^TLIa@ zX9V+CS+JP)4yQZ#EAk#k&Iym4Mc%=U4AcWb3lk@;!B>*WVdZiYRIwVYq*K!NiaSzAR>H<$+;%OIn7>m#M^5=Q#`Cd^pFlDB=<}T0p!sENV__x6| zfv$McqmO#lBc8k&*NleOyaCr7Pgr=(m0s!wPhaV2H+a9J+6phf++!=s*PLPLAWlRo zBH?TmmFPMA64g8Wl$T+9R^LLlaH>zV+C}c)Mp$5Pf=l2fL2)baRJ&_YxvJtD;^|I8227Pd2HrMc zkK=j?!X{F>s)tzn0R?0t<&%zdL#H6o6Ehc5XF6KFX(xg|V zZdRmtl9+0FYQl1$6>BID^1`ErS9_Asne_K?5AqwR@`N0|VpRSKE})wTstFi-L{ zc8HJkO&FIjBls}0gL$uD-XoYd2cPOICT*l8IB4`rgz+ne%H#Otbe4_2nEl3VuPOo3 z0*xqPx#gGIT>f4w2pablhfigWjm=6x-GlO~ka`9>IXVMq6 zCdz$Y2`Yc6`%G~J(ViIN%(=>3eMovg8z4z_cR`+0zUO9PD+pim+OU4C4C}|tpaL8c z%nuIcE5rIRHrSZH$NcuNemrDIx5zzxWq*A?otk?ivx!n1iDZczM0y*Dpc~})MmYVA z{rOeGD^y8Wbkk+yccSeCJ)v21~!WFamVoe5M(37Vwn!uU01|fHT{F)psozi zX81E|GkeyQKBy_9t$evqFEGN7h~RtVV}b4NUdo=6#ha#)*6UJ4i~@ZQK08#DLb;-> zLq+j{6E8^2?<4mv06B;1QxK4bL*0S!;N^gu0@@QS2)ZB~6@IcTdOAkX(nH``j$I_G zN*7YzfeF2fB$p!jHmgOx3MA6Si7EAH=@lSX<@GHvb_-I2x*rYW%ND%!qlUF7se%4c zi~cnB13*DdmePT+5N*2!p^dO*Ra3mco#F+MNK-`p6xnI?Z~?-Q0Z&0{9C1GgnvSfK zqk{+9j0Zx^&xo4OdT8KUDL>ExW_j7xlrRa1LH{ zarP-G|&9&t@v41vc7>gwp+<2nz)^U z!4+6%fOvB>^MsXr%u4oaI2i9MMBB^Cbq?9cV)DU2B8^u1lm2Y9{70O>ituV6xP2VGXN^v(;D(~<|?e5MjP|+n$^h_Jy3ai zvLSCV{x+k*oV~?TSobWb|7|tp4y7@Y61mWLr&&B&lSH7&rRX{>p-20n+R)jR9y=5ocgm| zRh{34o&F(#bo2vJUJ?{&8LkP{dpQet&vnaUdBZ5l)2S~>R?ANa- z{h=H*d=Qb}iYR*8OS@?=I#nC)jQ|Pz2yF`7K0Kav26@Bv5!x3~@_pKQf_ry^qtRLx zVRuL16No}PyeC4hflzJ0s)nRyw?}jum(w2H9Lv5kOqgN!AdP*@yI|i{pz90jxGP z;uy5zMKOAIEP6()0WyF_pm7M(n6RS6Yc%abVxEtDG8T-|&8)c6HI};rXjOwY#ygTD z%h`RTpI9}oBqn&(Xd56`?Kdjbx4^26Ja1S;*Nr~wvf1| zu#SA>7Qb}gBwxA4k8bhNLgJBv@l+x4WZ_=&lUqE;dz)MWeG`yKc&~+HxyULn@#Kp= zT}B4W9~BPw&1bImsSAr8%mz?8Mrot9F_=95Lj)gRIa^h}cG=%u8ryv+&5@3&s#5cMt z$y(C6Eixih%N9pbfB?vs=uJ@)AjfCI#InCKkymPU>Q-Wm)jO<-W`)(qbe*e-U1iOJ zF42ySm4wVS6UI11HLzhWV%ZjpB&LvSj!Yo~RD2L3#?B>~gj`vbMRdTqB%gqom#x|h z`_Ct}!G5a=tBog@imioShx9xu-X~TSA6?Z+-QI~lh%)S(XBb=9fl7b92it~x6M`3M z8ZHHx##uFz^jnBq9}~z~4*yk`VK}-2J2*5ly9Y9b+m33NEL0A+8TuOh7 zLgO}wop>yp^pICpOIVI;!!L(3TXAL$`f+TToEcDSBK@MYI@%OES*GQ1ey#dDY#ZQ`7WW#1 zJ{1_}@^viqx=zrm0#vNlp_k3!Tn|%LO9sc5%UWK&QuNkcGA?nUjJ2=C+EZM6ji_^_ zpS00b{>E1RX%GI%R$;;1o_Dw9>6>}yFZs$7i^H@*+6Klk6kbHoV?>^m`P(x6&{lUM ztFH65jie~=+LR<7&f9;=(?|2lBl+yNw*60=ers$0w4?9Y*552G6|r zS_%o1<+zpD82tKi&A`Q0)jKQ^Jy0qyWZU%S!Ku6OuO9}J&7`UFg*?9U$E z;yHiz`oaf~PM7lcd~2s~#OZ6kv&q*s``RWyiaF;m`A9+H;9gsO`6WNM)z_Z%u^pU| z6=&dnhEJdOo#*_%!k-Pt)ji}oB41CAr3fuqXy-4muYfg3K9?LtQm@wvMM(90imXT_;rnNc< z5s9!B)$(;PYLA03I9TAsp;1w25)%O!s1Tq5>J z;`>~T=G(-9y_6Ux)alpag43Q#uP%zh^DMrDGz z9?WAu!$h*x=nbBGpc>E=1o&bX9c8B4V{F9COjLDy}_(HDz%-Vl|(ieqwOHijGnS+)o zG!)yQ0K;dD24etIWdIi*h2|;L;%Fw8TP`b&rL% z)<7nM3>xs)I&7ewEG6tlBG=QK!GWkG0Q|{;eXNu2rDjCRraEMU-@sUdd>Cz6f54wOJNScKZS0Z3# zn$vDoIZc6--$V!H{648CQ=E0Mi`i4!sGf1 zf~u7a3_9Y)SC%a~FpSNhL+D8ek8Vdn^`pZuuY;V^Ppvch=|kOoE=P-reKp0!FZ-}F z3B8Px)rcX)*V}~%8nOt68#;sZBh!PLc?Lo;P%{q+=0^nc8^c|Taqr2<&euAd8ffXgeO_Cly_D6Qs#VX zmLkq(;aisR|A;}KFxa0B`V=&O7Vsux?{fy-YRE6a3}XPwTZy`OMD@ZJOIJ4L>?zmk=_7T2SbgZj z!T~>MZI&R!eh-6N<&+w=dMN?_6|Hk?=bH{-yQy(vdD&%np&rd zOukkT-dpWKTc|7>O>cu4NGQhbCVSA-LX~xsNpCZet}B#Ka0ZOH_5)_;lV+nJnBnrp z1R?xbFEW^Lq!MtS3Ou(6fq;QpqpQA{SLl$J|J@_EGgDpgwE#$;Bhd4TF|2+IYOZW=$WgTQNm7ZUdpHVt8A z$l^ZGNFaqL{zIbf#HVS)xxX}V8K}x%n)vkp(j`nrXOU<{+-WQFn5q+Sm*alb5x{!V z(b%5sklR&EGw?V!61?K=6lsFR^IRlr^I@g_#yS||LM28AM@Afn7Tajb_nH((mmKBm0D!E78jXCkwA8j)6Yb7oP(~~zW!Ice|(Jc zq*Y{~)Sl4gCw1*9oqztT%im3)_0!68E&WSV*{LUJ>_eTtt4H6{!3uwu4UxTJwawN- zW@oEyZM_{`XKQP06YFbjvxn$q2qjxHxl8LKkK6gjZ21Xs>SMO{lx;t0YmeLJW45{j z+5}@!mbrV+dm{lY&jF*Q^uE@_3t8{k@po;$BPpzxCSh^)Vx2A2LHeS2SL$>jf<*Ck zsr{p-E!K^t0I>J9L`$!5`9G2O6(Kb&daO3L?rq(ARi|q!?0YJVjTMOv71>W!{+Vih zsi-`wy04q1?P(rS)u&=J5D=PT%itKjX-lo&-y0%TX(s7#ID#}>7(}F?7Gg48_ zc&!3yZQre6Z&aY4e!YUeS%Dt;tqS^Hh5T-X`T@4+&I{k%f{TgCJ*1jtZ~ z1K(?Se)h9Q7o*2!XXx~7Eah`_xR&?jH5%Zm`05JNHFWvA}8+W~b1iN+;ab!m3O z6}o+)-T^-`e-!j6+Fw+|~F^O!!xDCt(Vw;M-rZd;~gBVlG9Pu3p+3>OzA=_>)zqEH082=W*8$I8)|UW8!_ zg!Z9kVVQYk2!#E`hQ$R-o7!-YL$Jb$zj1U7MGe7F)P|7p22gS-uz5u>nV3@X9E~LM zNw|byda*H?Nj1?Azr32H3AHkDB&Np79o zOQwl-+L3CX07Ya%KfCX7olbxFW&108*#jt`bk?B8fyqJgKowI3p0uOEs6P_RUPH2j zXJdH)rUUn`9BS;H82SN)^DtS{TOCj#d~B00rxV*HHVS-{kOA*@i%=}x)sDa3DG6;G z?F2k}coK*RtX{-K2%%yg;voA63=aV&Vj?{h5oHI2p@tkUe3Wt%M$Sr_rNHVl7kP^f)%ic{y;qnV z)!DXNYpu%F)m@#tCv;Ef(FBbqD2%c+N=S$#f=D8WEKCw$g8^ei&Pc{214bfeOJs}* zf{$!K7-J0B2%HE88*s6E4<-(pEqgiq-K*OT*f?U z3Ce;v3OB26)ft{i=aO91x}8|m#`F!Q{_QHpmB{r;x=QlMXwigh5Pr(%Oq+tY%2oqh zXQoxPT7s(T!6ZTmy^n1?6k#jy?N-$$yHQ*YN8xD&Da+pysI(u|pZ%Tq*&Fn;=ivh~ z0jK{l>Ndy7aj~FK<0|;X(93Bl!gbzte zQm&F4S&TQ#pDW|M^e~b$#%?B!-Avm*CB3(nIu!yFMIgd&-@4rNR9p zFII-Rt8rU8hnAH#%(hrX5RC13?T~iD5o;WYnUFy|CqP2T#&U#~Z|au3x(X4-ej07L zE4z@m#!^HIS*3nn)qPFiyu3S&P24^wGCy|3N3MT%WStZFpCr^j65%CCdA1%KF1F-_ z`oA=PU^!P>EPrUh(#4*ut>8Kci`4a2_RAt#f@a71qA34XWcl}^{VCh{_jOU8QeyNu zwIt7Asm?6Pb4r|bZYf$pvvU7QUUE)0Pd3Ysk)>Luea2SZ7umM+OIxnz&hDeOe3qp$ z?G1L~T}DaspL(qFPWG~;#H;quYjWs}+|YZOiTB~X&h2bmhE$U#gO>*QtdMJU=uhq*&La%uOwQ2(~piob@uFaQcp zm4y}RVe@M#Rw#5}y|{t}WjGxpTC+ER(vxP&V#XkO5+b+jHM3s!FDEBFCa!K)@MU|w zEQfuvgkFW8-?>R4q>xKAdyi^OOGhEp6o_6b6@fQUIi8)nfS4C*DLE06`rN6 zA-1!I;ZP5J&nWe*QaHwmw|P`4Fo=h7a$2UYQqC0!z2a%m6=J*m`AQ-7;tST{y}{Sm z8pV25*lbTJ-jn)>PjIEsu`Ifg;=~vux4@(O6M^37pf-+26uXy=lIeV0{~vMN6R^7>yh zRX<>`Vr&3NwN=W}0w~)Po}ODOYG~>h8Crfl;>$l892?JiI<_h_)|>x-*dOfYgYa42YCf{%Jsr0bGcEta8{k;H;- zt-ju;O+qAKUWS^agU+(3RE_aI3u6Y_fz!f1uncs6!~@0GXyqDVd|o*|uRs^L>6|vy zzvXdvSwA+96U22=sD2gBZRfv-VwHC903^YmlzXDH$0j3+JLnLiGr{;$%~)3uw-?m& zQoSJkOL7{FMQgsAR5tm`a^{nf_sg2xSWCW98*jFo-mtqa<9(P(f1YtZ%h)g0!VNX~ zN-g<|TI(=y{u_jKsbJ_jFIzc1yA0URjY58qao*2hsr`K>Ydh~`Y>|Jw7Cu^&PuHxc zYL$00iFY#ASDBW-XO_L4N!*ihFR5AAwsV=_-dcE1O+Hvl{-o9lecF+3*}A1>{jf$z z%g34W`YweF*W%B0a*y|JGTm&-`|_U?POmA z*6+5UJ1n6U*WgGTj1DZ(HXQ}!Qlm~r3OA@8 zDwko;N&61WirPS*4EhkEeK^aP0V|hm&t@9Pqfz%x()2v5(2`%ql7Ju23WHJ@XL@Nx z#10#*vfos0)Mpkd+2%&XV+~|!Ypb>{Z}7E5gZVyL&Nq0z*Y4I*?Oj~~iM7ETjmiXG zTWk) zoG#`pT8Lc-sqByh!~o^ZK#%`CHLu z2R+1{7aF-Uh^V3&k`7sq7BqREreBP^grd6;DIC76;i-%=HcNrj^=|WmL zuSD}t(3}^>-9|vSksCRq-fc*y&E3|abmAlNDc8?*Kq16ie7cFboSWkg^*dR(E8E<8 zBiGi?HDlzgHnuHiYUF-C+pbrLS_vMci;WK`I-53U&wuqHtL0`LN;^mF!xWBOs>58Q zo)I1%KnzNuJBeKpB@xj{Qu8ntM*by0frzWt47Gtf)5+tCrL>rqvre)f*FBs+cj`Y? zrm0NRm?kjgkr@x>Qmq`2;1pe00T7%X3TqJO?Y=Bi>_>ISmK9+N%X5rPO97w3`5kP( zNbnek{_7P|ZYS&dt$jM?+0I`7de7eqXObH-to_*JlJ{v__cTceoxeMy*vWeJ7CpO1 z@QycH&W*xdXq;jVOHXw90ppb(zt(F9nR7wb{Zqz0*K}Wj&{VDW+($h3yu3DVe5L$< zWX!*3Y?=N?PH#BHw11n?7E9Mu9}=N~A}ULN6fS<|A^SSdeNG!{?DI_j)l3YaHP!Fv z0!y!Ebf5i$cDbfKTHQX;?0!8yWrla9=U(o5_oVX=rk#7z_Nw;O%6554d-CG;)=ND1 zOb>j)1H%1{uqOC(<#XxwC(;YEK*VlI2REnbzOPA#wsSpv%%xM>!>`-q8SU2T?UftS ziR;ty!F1b?)7xH`PONs_QyupUvFS?gUiRm0;b(2~A8pCMx3zY9JU0id74A{)pDc?) z*h}7-uC7hbg#-|%^m%Dq-7ED?K4=TyYmOJ621n8-W-M#hKx`b^|I?{#xj zaQ_(PdV{$)fPM9CKvLQLtINYt*y{?C>p5{W$ABpzx2ro(exny4Q<=2W*#E{u@#t ztD+T=`avWgu$`wu_qotyj5U8^`&TRX8pJGK+8)!_Fs4~9_uUmyaC+q3r4kRQL47_K~*3Z5a#rG((tj+uR*r&I1zsnVR8 z3yY7Xf=4#nv-IJV`%tRN{M=}29KkXzo=;%@E1+DdPn>a|IwS>^1?8MA)CD5(V@Ewe z*H?Nq72K6dd>T5Rgz|-I^7(4;a<%mHYQr?@$q!xYG8YqYm`D;2e@?Rb%;XMJHf>LR znN-)O>^GFZQB~k>-h{r0Hiqt7>CFKc(Ix;!0F(|W29SVllZhZobi3kn4S5L8Bh{); zj%kcT%gZZ*S$ngu;m^Vdh}p$G;onfsHysb(ngGg~?(JWQ#t zrNTS$imhI=8(Xz{#FRsk?R2{o+B}!_tvu@ROOg87$j#aUw-P~q0RSyszZvKFSnS>8 zvymbW3Fw5xeW|a+am-x@e^t$GPJotjbJ?P`!f`)y+@nSxX&sd~GCE38&0nEL1d~Hv z+LI{P*iOKh79#?treLFpU@CXTtoX_V8p$ov5zcnLzYmxV6sBcHmBlRW-zE6}FWKnf~D>0AtV0BrJ9f=G=E%Fx`MvvzzGmH z{KCY(`i3dCAZN^06#1UmUAi&dY)LK-9>p_^YlPV$@0ZqI2msFss5!eythY+ zJ<^_IeIytK|DgJ(PB~z5X<7qjvq@9O56_T$&$6a9z#&zhI(m!by#594n4fMI(%N#? z!nx4iPOeUAnOsgEoq118n<-zG+x6~nf!Kc3PCLp6#Nz&4PZqn3-~Dqj|9r7^;gHX4bIcoX209TlXTA* zA7Zjij%#D-L-L?83*^=gVeIe`tgiyaTBY5vr<83Hy8oi%Ypu${G9F8D85 zcPp*L?ZXuA5Nc*6om9Q?&R$No?gCpX9Qry)-M*UE1;U%9tVsa%PPm0``${K^M>XwElsvqseViFiCQ zM8%@x;fRn5@v;TcbGT)fs@F1vkyfbdMdSAbD!9+F&u{vJ@T#}uf%PG_Tb$B?A0Aff zSG`#;M&g+W#u;@dNRj+^OAmx~2etiBQm#vCG47L!{9DESYh|+8oTIw$yl7)&9^LQ1!l;-E5yF zUc!NAVM5Nb%+2)N&X+5hpI7|XE5+9;-Rx;o1-&O_jvC+qhG|sa&M2lf?++ z_wOeCW(G_A)ebQPgbT&6U%~;;7iv%YMglzSQILJg9n?H5hHd7dYJR+2tmfD?A|!mT z==XV5JX5#QLu59M0&XNFd&lz#ttCN4uoF zXb7_rmPz=e(%%z>Ox`aP^UsS?rs$W7#XChqrtCN5%jXNiH7!5zI+_+VYGQGMgPyln z>TsXyWV|>-#fye`o?EHpDpmjAvQiyv1bH}>q;CMl~fPLl9Ym! zBi~dQ)A8?X6|I~L{A3vEq!-#=`7~a$k8iSxqGg37jBySren<1=nWT8+06BpvYFP*=pboz6?unUfSyTmc~8f}tlg`hDwqsgK&Ra-kq_pI zVYxNZR~4n>Z-U1x)s52o6IOW>1F6&L9!*J_J2B*ziLp6Vs5_;*STnGXN^`}@K=FP7 zkDX%EYFIrbv8!Yjnb#OfYv4|JHQt{&9`r7R>URzUNd)kiIf(>{QNaV`M zyHBnKk$^v|P5ynE;NSP9@q5ISEo}GqQRO#Lfj};J~ui;|oTz!-|dy(?v7- zORDlwO2g{KWL<${RINvJsRxd4OuJcYCktrqd|{E+dP3MHUKTAsLzo(E6P|5X?-S~N z5uy>%_uMGFTg2PKY}DBU^R z0wP1Z`zlrWnpZlH8xehg(O7@bgCI~?fMa6{;Mb3|muovduF2F0 zqN0lONhQ`wxpKq^y~x}V%k^@N*q!a}0tk^0`<9TO3Ves%a`>v5 z{HJCxySAh}Np|T-+(BFypA%*dc&j4zA?Ey4=#;G0CIix!;oV<%jmym~-6moSJTNsS z>_0AYlzpotqss&KkejQD_*wqd9l9_FbY8;E?aH zua9E5T>6GTV4o@&xeFw z+SI44sq6@-oGE7mjqH`3=I=NYZq29|gu%qo3wapfB9*xV4Fp3E^BCjP32%J;3p^Bv zS{$;P72C_F1r=;IZSf?A%N(C3vDxzcdQR^Oo|o<9dhKTed3-GzyCmNRzMV<-uv#nR zaq^q$mjW}C+@C&hB2e4)@oto2&ZdW{zpmS+q_~aXE z(DIr1$Qz6ZHnMe=uHtcyfjFz1&Fzcww>ln%Ds!ND6kei~!>*D!S#6BRO8KrC$2peb zIi$SPjOfRLDhRbXX@(YITZ@Pj)_i*@2(q%QhvpSRO#=V+9HEbShGG4&pte#P9t>FO zwD!!Y?ed)VRJ(eLM(0v)}!A$BY zVibae{Z(7`i#F%0w(y^AeP)y078Ww)hclDj$c*4@AGPYpn7z$oDYORBY;6$sJh87m z=*4(iSH8d-|5zZ$kl;sbi>gu(la)iX87L?OuoTovR0WKbp+ms!Bw)hQUn7>R78%2D z#zwx4F!T$zU_F90EYzi59|U*L_b_3EYzypdHK zv%wo&Kv$BrRFdh2zi(5q(QlgFcn`Vd5E`P#IXd%9)_*oT`RvPv5S*&YHW{66>tH&3N&!h!^E} z{W)tY&oa5sVzGbya@n<>dJz3nnVZt!q38(owoq&V3BJ;}mlK>wMUnnRH zm+x^BW901!8lmv-6p7O)L@Mn`?svlz8~-ZQ--z@V>R#cl5b6Z&D~(ts?U+!<`TrE^ zE8)^O9uVH~#gC-=Sh~ll?^MAZ%OhMjm3dgC?hvyP0|c4f{`3CY)i19W$s0tt>6Y#B z?E(f??sBtG48HLl!sDy)wbhMM-2~+w&%r&+8|8jzS+@&)mzzly({i2^#}VwQU-2EG zJ`e$s62R0OE*FV!Mu(&h^^a)(M5s^6nxolsS`Qt2t`y_Di3)56?AUD&(7zHQjjOiJ z%FJn&tpgpVHNhI|;s+i(Ih@@EL_qH^%5hdOr(l-{3B}$gSMLam2u^J<7Fi6oC2_8l zP&ywacNSyiu558hfn+ksnvA-0w4Zq*{ohQ)Dwn06^o~hbTLz#r-Jc=ZQ&Fd8A zm-!5ELv*WK)n&|Egq$v4!!9Y0mE&;5d@TI)goNAq4xtXRPnUAv>}eQNMgBTbx>^)( z6A%Zct2!59w>e$CPl~%!ZEp4(9S1m|8y1sGv(W)D32s4fsBGM9JO9C&xE#Q7Odk0f z7_T_5O`R=(Tz$aiNlb(_3Nn4ri(_!Wwk=_YqW}SRlt(Dz|f4WeZ zrPXJ`TxPsv%>igI_*b({CjMcn-2jI~-0$m$I;aXnW|$-!%+d#$uC#7x>E z4wNTM*mL|CGm}Re0m+MP3VwG-PA95_3Lz&j+R#MId1IFJ^+MXv-neJe7`X4oN%1Ik z7@>B(=J&&I02o3)VTQN}^*9B#4Bm~rj%U$=H=v| zl?Q;LDpAJY;mB5M?=BSx3Q?ZLBW{ z-aE>g)+f5rx8+ppT*v;EX}t}P=>Vg*!d9u&7JR;g;2;R?J*+gLxCwh6Z*E!mLiTj- z)UeDug};QFx@T}S(t|R)`H0QxNk)7qeD;WO9Z$=60d*dg>jPz+<#tdp5aSr{HMv!2 z=^{x`c1sDX+S`w`kgb)!Mz};HF&z|%38g^28a*N)+9SlNPs2AlFpUh4gzf_9QkX3Ak8ox%_dAwzi`{)@G)Sm*v##EX0Di*+(yJ2IYk*Z0&n)mJv3 zAGFy)_3dZWFOrRSl;Zg>>YL81FY1R~u=y3=ukZP)zPNVtU2`|P!Am@?T<4x)#@l{4 za`fg`ecayc@cNBb*Z2Ree$g{GKbiybhX0OARD)M-W|Npcu@W7Gab$y!zyb%?h{VL; z5t--*3EmHRLM+TX1CyMz8{vr{b zD{w6RUWzY~ebWGJoR4I9eA^+IoWjgs&B1?|-ES)O7D92?Co;W9xLx>#L#j;aeC}j} z%=vO~mFzrPeUsf|N;3D382qE?+(vE7dafmf8VIx4z~9Bve~8Y#)lye>m`4RY$I~ch z1Q&bpbsmOVlyq!|ZmZY*{TE-Z?o#T!;f;H`(gaxcabk|_nja4>Q-{Or7E7CUZ+EI3h?MAP-BT2 zY|mv5=Dq_~kuzPDy^ORSdBHt@I^)qlE|iE~!|vpMytvIv z=LjPg@3~zcxaRwA?gQ5|dp~re57>zw2NLY?xbJgin>i@wYqcCbEvM-MFqC+96Lu|& zY(iwAh(#GhgW&MBLan2%w>DfS=JiZNN_gM3Zb`Hrl)^~h7F=80y{XpRhjuky>-~Hp zveS}zh|FGrbS~z0AyIUm-Movt$J8b69^Xnt2f53z$Na$>e9r1xYm)bs_lbJSJ&bPF z;QdzT6{fn<49u>f7RTDLV7rTm+x?lTUNXDQwc;ad@G7hGWK*4@Pjh;_o{x0mB;6hV z8taz)xxmr0O3$9uTqmvkxlJ*<*{19Lsms4-OlH5)+m41F<%hO7R~z@cAS6K6xLAk- zAf;gEF?B)XK*9^h%5508ZWD4##5I6+`oFmiJu_JM#ZD8shYDVrOu9tbO(hEQSZ{xS zkylJE3b*##0q#Ho(oQ11V7h-e{+!@+kvNeD?Gr6d8<)aGu(!P+wMt|<evrFG1t5yeS3y4n#y_ZE|X>ch4x#6U!n#yMe)31nJU-o8I=*XLe zY<_HMLh&3y?AJA-VPg3a*@T5gmPlRZK!WelLpL;EC@PK3GXW7zuMM_8B}a9^GMej{ zFe>V}(F0MxM^|6xS)!-8`#IS=IQn7HH#p{1H89x!h#qSey`w|LN=(sqa?xFSC1SF- zD;xg)iDIx?CPoLXgshc~t3sW#(#GyUc;#~pEsn~)C|?Kj3wo~ctkV;F75JGdqGoi4eh^(|~o z9J2s@qo|U0pY;>rg0KWpYI|ipYVE_QLb#P>LuBSn!C=^66EOqqUb8 z-Xyv`rhGD$)OB4Cx4Te7&mOV2?kJauZ)okkR~>6kK|yabeAjp^=^B2M@nW*cFq?F# zzY6NqAc)-fIEkT@4gRQ`9-rc>HF$JC$s2jaWYxxg60G z)8*a%25q{8x=k;7;(6hJng5_}#Qdbb_+9;!Qhe~qb&KZ8`nH`nSe=HyAdw2L6N!BA zmPoW>%PuhGgQpcU6qry~jZ{Db@&l1*V$jR6KcX+SgPU!Pyd-h$4_?)?D`cXLfw4Q7 z!cLXs@##fS>Y)oa}(dS(wtlf%dLTi-$GzFu> zeUY^>6~IZ#w;;4&eX_GYW}M+8rJt^A{Hcl=xk|Lb*Q5Y=f|^N_Tsd z+D#siJ5S_yGp8hXO!FMwaE8A`a=rzqe-KUP)nvM!VRt;4!dpELrZ&&ddn0Wi8Ir_e zTxy3*Q`*W6X6HaXbGjgiN+g?5Gjjw~MTD^1;rPN}elM!n@eNDLZfUT1wrE4;9RAWcJ&1ww@HAS-VbgaViQw0QZ^)#FG zATJ5y!VF3Fq%C|@l%7O$SRhcC-UDC>(pdf91G=YQBkq^0wWFyT&r|W-Ud=#-PbNjX z91i|0Xp}kQ{!FuUKhk)=k2TfvFVn-Xr?E*~8!Wnx+_I6`l8!c{?Pqn|j_&?m(D^AU zfHtEH275%8pY;ZCMgaS03u zGt0)WGtFj1T1^eI0j5lzGW90PX*`C!j;pJ|l&M5ZB1{5}4>-b=7`CPOWYaO9gK86y0dnLa3Je$xWRgjYqPG#x)*_=3TIa zx|%w%nM$??F&iK2@3MR$A9Ro@V7f|wUHvD?lsKZo7$J>k<6HT}5a`=LRLpHkvYi+x zeVfT6w@DNk81x&H*(X+F`?=*p^AwE$VNWwQRejIjb5DQym?Neb8=KpaZYS%LB;jKd zbvn3iDjr+f&24$Ib>c32t&WRH#q*i*yt-D*H~cRhH+U1Rm>`++ ztw(f}Oz{!@#eYR~MP;;|7y=qQJ$}_8Yg`l0#jE`LRY^$LU|Y@l^%|NQs`|CO__Z4F z7kQ@j-e#{8eN4K<_+@aC7FE85G%C1SeEPY@i3GBslC;oAdyX~E(>lBUv^QIIWq!H& zmC#;^vgkKQ)#EWz@^0Sj&pOw|Jvg#3B3vjoXdd7&p5IkpsnhU}i#LteDWC7G_DCx# zr9u1pC5F$)N+##hm{NW#vK*xt)o|o?$Y|n-*%|8RIN)_TZj6QI04d=aEwn|y$Lz!x zkyP*LyRQ*Pt`>5Q7#sI8;ifs+6Hk}Mr`1j@A&|nx#vDdoqUll?v8C-}ol6D)@Ab=~ zGhmA}jJZH3x3|cDt63(rOQgKsyfJu$%$Vj}zrovzX-lTQXo1yWPY0nt$0{=w?LNY^ zdeubyE2M`Gzr;aqoTj=TQ;mO1x%Duozo!OdBgo78+Fw(BvhnjxYhR@LekT^Zo*vox zt2B1hSJNZ$QLm-@Wd0SsmRwo3f2r4A-n8!*>ApXy%2%rQQgh<3^CKs`k?&}z+~)Ls z0C9LdV`n?Y#jZbk7_YU`E4w4IttuO$vw6-M0HcRiAWV{TgV}4^j zJ*NO%S=jkG1nsh3?yFRq_iKs&S37Ez_EU)WNe*A8yX#9gW3IcWa}*uv#L5;I#2Y{iDj6rcaa$obPSA9FZt zIwij2!@?Ymt@SMeDr2@B`%PJVOLFRo?l+vP$i#c%@vTU6Z71?Swx&L!`+b_tMZ!cF zpc8Z^8pb&DCGK*f{07h`Lz*kZ&N|W)iF^jp0iz6a2Dv8B7NZPf31Yf218dtT9+G~L zpjP@pdc)j0Q8MJ@S{Vk~nTo4-KRtX4^J%Xy; z%l&(G_xe*FZ!#HQeRC!WXaDQ$_p`<8|9jgT+2UPnlZ6-MvvPwJFG_oZ%)KZZ4SBem ziG4+L8~dG8D1yVE7MXv0i{|1jdP=Z8E{<1qakRv&SDmEG;Bm&p7tBf z75(~fUC5uL-;^}3Cp1gDdzmF4Qs|q{n{FjFjYd>>LL@F054K(+o^QESEd8li1pO>g z$!U>u|3^H9=U|4|nRIYVVYod~RGi)mR3lcPmjC_N+;zID^iP{e6VR4$AQe@4EcN`` zOvf>uDa2eXyj#fcig`>ezzEvp4s6p6;;)K^p#O}tgYj}cK8|^WQOw8ix+O6l2l+b# zTiPesH@Rb&j&`LfZDr0NR&KYVBfnYtiz+)fL1-yYkR?bwZ^qG`uaa(B=c>HVU9EFf zeow@?Dhu(-wmLnf`K51MCx;0yR@^xU_J)kScyeW6dl4i>QH~TsSvt8eM+B;^XHm5T9vV1pzm`40)>71ft3kt2J7)X;(~VcI!}Y)eS05K9SvuW(7XJ*4w1+j@wf zP*kOYw8;pZWGVp+0ZCfUmtZJv=S>r;%j%Ta&7?pb^a4>Ly8$etB9VyyB?!OB_nR%L zQn4ZFHjxi0ZS{wx61|Yy=l0K%%o0lGR}lh77^!yqVOiP+WLR^A}BdFT>lVu&9TjMpX8 zqE>6v)n7>U_n{yZKNZi5A0i&VM6qE7gcP_f+zJx{>{3p}ZYLF2&H|Vn1eT+%J){nw zEf1B&y1?74ZjmJU#&~XSgfvR5Ghepi#U*yU_{xnJThzC41QqIW({8nDz-+WD>(^Q1 zW30rOVRhUOhKRAroSCY0jhQ=ytJ8$`c{&2c6l*#WH53U!`It_07*shR;zn9Kx&7`P zUh7qaQd+|>RCXb#uJz=Lp1Z+Qmk_DfI~EK_(Q2STQOODZEh7uhAa34w+pSTqsI|Zb zn1wbvhuNb@3w9@Ien7T>g=0$tdN3K4WxGxpuL&cl+{=@0#%<;(Qk+@MgNY~;Y5vVn zufcPabj?h<$hNWY;pja`c#OcH(@iubU$24mF=r2yI+A2o!lws!XkJxgYiYaLg2#eq z+ah$n7?f#)!PpBz>@;3KNYOcU{xN**k#(a_<)=Q8pph)RF-i7t@EsGIuz3hBM z9t1d2N1^K&F|>QjGmn#3;H~7B(^P5vbZBvN!l&%5J7~Z4w=CAn1%jWP73_Sev{uO+ zoSShEywV1$i0t((`F#n{iE3ufGY^xkFpSbz7N|>Y!?=L=5@I=*J|P|?kB-O4aIF|J z%yER7?QI;@E1lQ9aleG;rU=_Z98fu0_FMd^A0Yij)37#%+l?~LKxxVIs5uVo&_&U! zI=Jle2jvl(!bGB<9T*V>O-ni!~8=lj&*&+BYZjmTSb> zXyWMR<<;2r%%4ktF8+o+yv4+e%6QT|Vr3@1OnE;S#$P}dI^#RWh2y<(Wq6+O*b;=1 zq-RDA>$SQaI|ppfFZ*p$Q~&)$6u^LG?F5*1ib;b7ul;2Im$ z0p)QRlI&ut*iRK)`8#PTu3J4$wfVV3(vW&5+9;{om^1@sd1RSVyquPH?zQ5mi1~1iQrs)qq*`S zfybAvnkQsE5-D>?v%rKz|I*T zJ^^n_M1Kl8vKQQ$?j}35xu$;P19JGs9LbqBK+PO^zRZpnr2V{Xcp057uFP*h_h3}b z!}Lj;4wC)~vAveB{gd`yvFYKL@?foou?^q*SS^6wq91isR_s!c6ytiLo}Nd2Yz^sc^Yu4Uw^5T)o-$50+M zebt?|8@CAS6NXH&hhg^rn%&+T{Ee@(8~4F;Fhqp~7~g9i2aGyCkQ2AvZWND0QB=g% z6vM9tVSR7#H$HJkdK~UD0flEsKVV!O`aq3a+beG1H1j2E1O`U^zz0(p$mF{-#vMcT zS|NTdPa3a_3a6kVwBtOf_BPD<4=DA75KoG5r046e_k91uPA)@M3hg5M&z`SO*N~m# zp6_+xYz4s%y0bRHZFXUO!27`M9mlm`PiQoD-E8ML zT2Fl^<$l0+RpamqGJkC3($xfsrEce{k&(0?v)VEB-RFrArB7F@mU-3bQ~==hhN&rc zb&)T`dO^gM8A#>^n&yPovl*D^CnwyNZbi){@ zhY?s$jQa6_jpysry1zO9Xin?pxWP@w)pr>%cWu&p8`X?h?_G2}{-5={;E`H%)E{ws zjHnu`M9(k=0c3XFa(lW40oIRtMFhrM!b5ExxDQQjU?J>Y5b&9*PYr6a77e;b8No}1 z7e7PY?U9{H5X(tWfCW20kr>seHF z5^Ew4(AWuPbW)g!a&8z-c7sF;TaYfYRW|L1@`9!l@AwDO9;K~BxZdO)j5B8`d5RD` zKLyrBc^$}|~sMhsz{Q__<^RM)fU7xq>hr=02tR)ttKm;nW5gT z5_4B-YqPyl?6peJ2k5%F9r^G&pw{B>@5UeGth&KI5r3B2YRq+G2MJ~>V&JLtw3y^g z9gKK~unQfbJ4Xhi_<Q?^I-YjJ07RYlcfJR*a9S5~9%gJP?E`(g~px3Zp2_dGcc{ug!NA*G&R}`4wbQxT) zuoF-QJM+zsFo#qNo`EZQeGOcONxcDMf?m}<{6w=|wb}jFR%S^o5wm#6RpPX|2y{_> z5yjQ`oAI0+Pr6QDT3;-QS6*fX^SOS9a|JH6^8`M$shDfm3%}+q0$i{a8;Us9LVvM0 z!+27^S~ss&gSCyUBV&ddCUjmeT5l2)Fk6CqBW0?XpFN?lUQB&NG<-+*cxmM>ob2{n zS-bYUsJ)0ADZLVj%ai#_#Guo#K@^@8esg%E$b;>5bjf7ml1bG|CQ;a=LEPrnRfhc# zA!}GXF2I;0mYNp|u?-kmmSC@z>lWQ?_A7d6b*pWz87V33X0uAs1x+^d zy3xlU@`(5Y)juF^t#0E&)k3)tMc~&oU7So==|n2c>*{MWq{eX6`HYkO^)hHybIk>` zlNDksU1g(_x{V(phR4icX1bm~Ov-)g=S@YS<5Fc)OFI9mMOW7A%4_w-f&X1)lEfQ+ zn_6=Of_TF3_k8NhAfTCHd=+gJR>I%an`u18bDP%_3E-@uHuyJ6>pIBL#*`Y0ovT&r zHEIrtc3@wY;a$=k%v<&cGVuqQ8096*s+S|$A~M%Y|2^6#HRfYE_$P*?oay`;D!J*u z127!C4O?Er)hfS6B~F$mJsHrJfA=nDVLTlvqo3ISS${5<=2A7=+zAW+H#e^~5T;){ zQf+Yh;FfGvNAUPQ;bEHLB|-je6I8SASWT==qrE}ULc`F(v{8)`7&m94A+3_n%asy% z*W-{1vKSAEk>P(P30c4t|9b@z2M*%J7&BWLhOijv35!C;o++E`^yO;arD`_jFW>7) z(YtFy*}00=ckKw0nCI~K;xOO!A1)Q0h)-r=vt43QX@CFhu;0^V>o%J-3 zV5aa0_B|qe!^b_Tn{0eDf_+?Z+R_yiWpTSjgz7XGs-^MayVL*UdRZm*FdH=Q zl-vfbA)C}BJV^}pTbq8`98&@C0f41vo0ckc{56!^DT8V}s4JoZ8)R}z=Q}nAe)x#r z5cvySn{Bq89B~He<4fZE# zchR`Ixr_KAv@23vjE~j3MDCQV07)Uj7UPw;LvOoNiW_D60$0bjfi(dUt?y>Xck}MR zTwA(@oCydPO|(~!APf40ZOp}|%HYoqktIRm6U%S*v;N(-UJHM0`@`v@r~28Aq$Lmk zWXnHmW&T53eQsw*-o*Z=El+WRlO2<&rF8@N++?R;LuGgzd$B)Mq+RN zZ@F?9geN<_h??SJk*Yte4gY%v3QLF@HY=J-#5U(RzDNZA=}u<1aJU7O8NH%+q1Yx! z3!hlCo$3`TDGmbyd5)CV3$ljFXMC)HxF=AX2{!E1_?bAiiNwO+v(&GIxsTe7u9uUK zp@(}z(i^=Y?K}xJB#kYE=`~BhC|vXc8eoiTDUr#g9~HS=Rusa#S=x`|JkgXF4ZD`_ z6AgiAFIL=|b8u4woW6}jM{U6}XvE4&Vv(qMt!V0OoT@8Q+tT_S07|yBW{|DBYF_&W zUFnyfqEQa^5lN%44J`4~jOAlx;}%VGbSRg!8$D!i-8gq)d>cpO@es3QpPY*elRewW zCJcdk(An!G*C;GEP66DvSYY1QV%dHi&yd$lf%l6PTctldI5S}s<`dwRqty}p+bpXr zc#J6BaC&{dKs+I8O{!rm<(Dao8$JiJ;w&~oDK~JsJ0#a?I7;6;XQ6 z3|JvjH}7rcT_^1)5D0k(SLdMtv`F=Z4v2XDf`ef?jg2_&wj@!sv$!x)+@W%+>{N&1 z>53pg(ZpRGR5HnH$lHOg^wFa%F_rr-J;U5vEbZRA%P72U8V_sZ**tr$KSwLl!%W1N z(@0vk@Z`Z@ZMc5`s@He4UuI-{!=u?upig~}+s!;g9c^zEvRhkL+jxaM!F1vpUL9{I z_q|yN9bbTA`D$IUJTTT{N*Z!hcv|q~FVR_TbrE#yK2oQUEx}9Ehx3fgx~L~jk5TS) z3qU7mi?#y2k$O#f?_z38UM-w!gnuwPqVQE%aK zPX%E*(5@L>evJ%s_!yN01=1i7WiaZjj{}F&QU*){(YCZ9W;vDV~WERBr@bBF_A)^3&7y?obMG7Bmqd6#r< zk%&8Y$vGHzb?<~Qcek|elEqb0t(1wobr_$#Tb7`0!mA{asJ$Hv1!@TR_FpPRKswHx zjUdD(!p!LZhEXwP1{H6#Dg|{pkCenRv4Nze?h6XE>Qhqv2(f?ytlT8k^?bSDCSdbc z1J@?VY^rvDC$7;b0$ppU_?_}|98|j5eH-WnU~+1_bqvIMbNu7f;=0URB0(qcC}V#r z<}t+LrpyCq;5tGLl3s>faLiR_FSiqEGg+^>5WA9>jow1b^E!Rb5op!;7z%I6oBTJW zcuV%bi9N4yyA2ZiA=7x>oR4NH-l69S0lDLwl%~ zg7zVJ7=Yz0+T?<#RIt!}nokuxA-x;4!BLBLgj==A2XKq&QrgYjN?s-aDQ&M-YxD%j zuO^cq&+VNCLadWZWOs_wMq%T5g|74*VBw^+)y(OlAdZl`z&@N6`(C5Mg$< z1#*f>11&CzcdQs==2iw;qFri}YR#@N)8x5;b$kZ;e+kXqD!GlVZFmXNqx567sj7}e z1S5sulkyYoiOGXT2zB7>za|LqG{->CAUJ`PTp!I zZ?mFXt@;1z7E7;M?k}z4MV9)$~ z{zBWM25li0k~I+VjH(GJahWqN#Vxw&{_e&NahWC`h>+}D^mtl1lN3)|=C{?Al3rUg zXq3zgbWLr9ubMu`xj}yD$iFy$X#WuTpzxLAn|>ke$=0cs{XJoQq3Co%`)ZT0&w{m5 z5KueL4hSxj)+-K4I3i5G)>3+?_?Rw^=`uDt-F$8OaY{p-A)He|CnH6W34`uS8+_8M zwHe5&2PzPPBF=PDS2_eO5Q*bPDpihhSHR^OF%){2IO+7(4vhA#It zr+ByH({@2wh@hf*kg_>~0+OZu-6Q*wC1U>?-gG9v>oo7LjvJ#ciA~TT98Q^*$_P9Wb^aM@jLuwcl5kj@@?uX%)_} z!&7bdG#eyEyL-Al5&V!gz$gDkyL4-+eIna~TB?=%oo=_hXvKYAZ#c%qe?4KO$D8zD z)vGD)-E=hyDY!h(``^`zUb9}kn$nH*dqm%>q)H_Sq#=qabbsKcE=OA(v)T=yc>RGZ z*SKB7k^GsReaVh~Msx@_c-D5G!K)vLK^Z+=|F3Ub{H>*a!z(JbMPU%g1N=tM zQf=uWJDi>%k_0ePBLX3#Nsh}LXtSPOCbw@$m!lTlvNG18X*WHb$)>EXkzSs}A^+XS z!^Sw$$JgIDANTS9`L^MvKEBgUw@l$(C&KiI2_tSwm-?cW{(Fgp&Ap(zR|<@v{cdrN zZa)i=ewzujm`V%Yn`r^>`GJs6OSU4=!*2MTh)>fa0;a`(owh?=Xg+`#^cDdL*+O%= z+)e#K*hOc+9}+uShx)e*L6f`@Q;9h%yig?nAiUE=V!C`uNB{^2rlI@|gK>%d6OYU6 z1dLqe!qKUBL-fkM+v$1`rg$N;aj3@$U^a}mg-nU9(U%ktb`p(s zq#3$Iwomu>BgsGktFlWr&;7k){1&0n0au$4yBD05f{=%C$$%IQ+6-E6Hp-@=s2fcB zwoKhA6$PnRtxP%{WmbyxQj#cynX64Q;1n>3YF+MQ+IC>LRVmSbb41qx%x}9GT1w|GNE^otjXbuy~+6=@p{Z~&=g3Q$Z!z!ly7z9ms^MFqL z7e8g95)d|mdvu^G$dQt6!BX6dF?$r-hNt85uxF-+ahrDK3RzHTT|^(Ajl#+?ZK_SX zJqxT!bNNiPXIwTD;1g{%%n9pl>k+%vFy=Dc8ATHp@B}JTD@S5miuGQsc0;+=tj~3e zhB@?--TE`zf5|TV%;t=Pv`?sL9*f_d;TNqnb_cD3rz1Xh!AjAi5fF0g+#7;R%+4+# z*YVTn4p)k2Z2wuiRkS{3FQ}K_FE_~uJ1~R*gZQyDXDcLvZu26v)2%gisE-pG+qF6H zeJv2+3LeVskd1Or$j9e+v@Lj^tnCeGn=Xg{|q8Rqxmdm+abKr5xy_2`wZNp zPjBk)8bBT$&K)1W+*Y{IKd_H~-}XPS3-8-_-}Og5VMMkV#WPWi&k97JdHR|D!8M2F z@$oxz>=H2aqY?hs$*-V<0gqT*i=1PQDOB^Ph|<*J_hNoMV>xsOAFJx0;49ohPTYH} z^p+mRB^afZwP$8$YLb@5cZR|vEr2<8)~n2XROiEqh_dkg3Y=ux8aW1g$SDGr36l9` z6!_5O@}Fu0&DDB#vpiy{Veg7$c#S}CfyCBY#;G4koX86_Qc*H6IWloBgS(@1(ByIY z=I0)+b#|D<3M#-f=lSbx_YpfYdDa%>aD_oz@6*v~a;bH&+yR*AVR8XXPExj69XeqY6F^(L**auty`ZnKAke^Q zbiTv_lGQ0x*ikZ%qXT(csI#d7_19r!kI=`Kp``OVAT?80+G|r{T`F2jvn}0ZT8G&` z5yoXfx4jt68w2$r?yksW4cGgJ-Qc${Vvn(PA&!Q{8qKqjqSSIr5i9mV1Yc0@-{t|H z5p<4mbA3U`a}?21__HHj?l+n8Ff25b_tLjU?+x6#lq0eixjXJcbT?vMAmy{2Y2R2- zdQ#A5l~#$qm7=n9?_%=A^sW_^J4GKx5HyCi`p@h8sT}_Q@NeO3`o;gdi|eIJyHoJu znx*6apZ?#K!T&WT=z-t>xuRQ-nVSy;y^I6DB_k&el$%`bH(7qt_D13bJCUHNCITJQ zD+&De<7FziUm8=Uf-14D6V|oDx=nQ4D#F`@cdMx0Ce*Ery(HH9%W^a9NljHVY`@!f=i3V`fHFXc8&yjJe;Wj-IAzrge^!3BH;Wh~ znK)J*pYid6vRB$odT%Dk=L_HtA5e*Fm3@;++^FCaNZqRBI#pb&{JT}^E_gLn>OPfr zgDdb~NTez`g{iL&Q%p97VbILvMPASmloQVO_3HRT4?%(<^-#IBINdS7q1aB?iF}NH zo)~PX-h5@ynS-EF+L|dz$;CwFNlEO1H~mSv5Vq**Q|@}-?OY< z-TkB`MskHc0(-S%xN8;QQ62UQ4dcFZC>h8Cd|&1>MQU2YB;6>+W8A0GgTfLZ_rAPYl$jQD`zVV&Y)c2xUtMCgohzcCF<&_0>z87U{)=1Jmx}K_7(B$ zNtHfDB|eh!bD8)|+JBR&ze+~t>OZACMWs$w@(h(aT@`HtxvX`%} z?h@ABg3ON=E;;sDCyPq8vb@q)f#Th53{_|a&|@O8R}&h(q&vsocy(aYqmI^DcTsHC z;k;*2#w+R-QCCP^39BQOG9@UR+q7m_FW{6e%u9qWO|lcspal2yZVrt*95Flr0e&eE#d z@sM>|jro81iKvy;jLP6rHm~`yVo7?k=2& zkRkWUL_DqhDNMjh?}wiCeHb!r+hNJHN8jwM98Pw;SImwlZyrtzvPwwab&fBbxCt1a z|B1W_In+C6ag|LWIhW(WqxJ=^teu*!_6n0AZ@=EINP55zb=vtBb5`+lfZJ{MH;F6- zDc~wWa+mwpxkP=mMmJ@rrU$&id<3U03GGgK^o)b^@k&WRfq2`m4tRjSl_um;n8MS- zc!d(UOHvgdP|1W9%M%~-<5qher96O) zLR=Ql$@ojknjESDYn|hrlUq)TpBy=RCi!cle`l(GYxLVDdBA}GocyDq*x(p^ z?n{e=5^amOiR2!VNKR2AiR8Y`Chc`dAdx7tRR{%VeTh)2O6R2FZiG;t@#MzaAQbym zm6(EObanj4j`j5+$qo9lB=*z#o!!0?$=&Al>W*xuQ=%6KdO>mzLvq6o|0l^!3M*1v zBfo1iS$bw?PBYTXquyyT1m7+)3Ay?OP(gKKZEzg)fNKiKtm<@ySDE+V5Fd}?A1Wy- zfA@;}A{4-vx}>U<=-@6Kpa%soH!+-|>_Eujdi4sX17YXSU`Zcq#qJ)GuI3}sm9C_# zr;4Wcm~tLfI1E~zls;&YCsoP;UmA87;!HbFDhGF_ENnF8B6U-#7;(1bI6WDpuN+m1 zWu_K<@}NtXS9?q!JxY4g5oej1N(N_Nly(#NPPZ%5oC&HfQB^movNE&N zjvdgXs>lAQ&0lr$FIxXy*ZmECD{WHrWhQy4(8GDq19^Pj?JAE42PRt+zZLGvz&86# zHh|*}u`06hhNA+IgHe`@L>rW=Q7q1^^)_|G1I)TyDi)Qo%&3JvKzPMkxlGZaX1dA=4vlX0LJ{Rs>SZqeVG- zfiRlvna(Lqu!ok}$Wa(gzArw~84>RX=XFeEdSsfpQy~#y7`KGyjE}U8fT2QLLR!XZ zXJtJ)Vs=UVNau+7Qo&Kr9uq%SuZ*wY0y=wqe77RBr88iM!Kd-mhZismi~hRK*HnD1 zK0fs^ByuHM`&eZ3)5?4w-~E6++0H$u^uK*+G)tcNx{7~A>GPTFRAP9vOV?!&OV9D< zmRBSyQ97Xzn3nOMRsmftz^**YoDI@gxCnVtrZ7Q^!_O~P7mKRsyfjFxGlfPeq zy6|$u2HKT(3V7{*0K>xbH<4M`pqSXDLz>MW+=~#sGcHwOjW=M3$ zBW^bdzbZt^Xry_Ldv5X(6T8FcohEjdaqlz9dyRh3)IDJIBPRK<(T|zrqcjhQ5C%Zi z|AcaGRKwRfuG2@I<`{A1^9Eaomz|YNWCM@sJbHz(5o&0Ndr7e0X~^xBf?Z$rPyis) z*BsLFz{BQcQ3QXD5Zp1u+dirYa`%@UR0Mw#2!~rM({(w`*O;C)-WK25Dth2|l=(KM z8`(~%!+Cg44bww2v64av|K>Hq5EJ+$S}RmMFIcMQ=NE|V5;DF}pFt~cyQLa3J~pB2 z4zXM`T6&4+b-H$|Xw{Tsi7qIrUADC8bRWJEy5W}TlZ=P7y( zg&H2Fpi_$;7BHRb6U{*b#$hf_GjqCS=)`P)hL}oB;$&xBc6@S-H#R>2nT;0p3JHg{ zg?1H9qiJQ+&d{ua$1JnDk5WuUBl_bG&MVnLmm8=~>otmL>d%+&R0Ywl$lU=06(&0Q zIuh>e=V?28h?p#o+o8Bj#^2D^W# zL>+2`Ae`qri4+1d*IVW<#Co^}ASq~{Eq|4Yq82+xNN+>0H4WbkCX`KdCpby8G}>30 zTwPGT6y4()LuLa|w6UKU{k%y&XY@;^{6%B$H_1@ICVyed{K$FE`NLBIso14!6KcAU zo>5q*Jk~;pmH9F(>HZ-(YnS9~xon$_$k`TexNgg~J7Yq5W6@*hUuY}@{qhu!iOSs?hTpYMHKUCQ%eFu(Gre%Oz|hgMNpmC9Gs#B z#EDuYk-c6bl)4v0)3G6``wf|ZA+z^smwerl)cw_=QkPqj%8nV=sg0KVC1su1PV{_( zOrg{r9WNJtrzWbY@~P2$idUNK_13vmY5+iSQxSk7 zvWrYIcP_r`6-1p!>il;iQ=g)`Hcf^Y5G-Ol?o>s5mO&tcfiv-D$}(lBAGWOG_b7T= zPV#wV;TY>Pg#0`4(cra-P_QR3_F`wtmriy-umC&U4p$aXBR~)?r#hjU)nw1p`F4z_8bP1gNcjY z&8EvblbwcXfJIWxOLR`$!YD1}&UEK+R8HTNn-mX+=I{kWA(k14bUR(aNIfh&+}Q`l zAS~@WM(;7zaKg@SQHB(ndbU4+!CLMpQ=p?8J}NWGU*ODua`K6Ow@23|GJaCW6SXw| ztQN|lMSNQ!NqW%`^?a|SvwcO`w<|ou>R#i{ls5$>@HKe(Z;CwUcqL6Dg4NSW#Bx{l zuTB?N#6;1D`@$!uke8Z<<6;YevytT%%hm&8qruh9q zI;K!j+0W!s1=DDsPH`TLX^pJ!`7E!yseN;$r58~7f(5YP7HUBwx2lqQO@((DLRk)N zBuIO69pWg%(P$SCKCu>%%0?CD0Ka*yvh0Bk?g^Z&X%O6nmNmey@FxT}8iI2dP97@c zoC1l4BPufs8O45eN90wd_LJ@!o^IwuR`b0vD%@HE=!^(Gfrbs{_(+sxjkf2bm1Zu* z%3aQJ{u=*yXRUKQ);6NWIo2F!3g%4SIfmF}@(e-Uwn^z~l@hOf2bUVA{pC)V)8g0- zZSI*)SCkNWplf@==VfG_>FzP|eAMyI`A+#n!FW5~xlH*NEB{=mz;~LRE=srEaaar4 zc>KfneDWk~9ci@(P?rowZz45}VEs-*0+lUw=AWjx*(ppH)@B0 zbRS=idDbJ2*b{pR9q&MSQ?`k$}_~XQxlXBUD{cUCK zcZT%1>7ti36qOU6y%?IHqwrT@4bn{cI6TnP{-yZ6>Yx|!ac%v|X@s_5E9_JU@10B6 z3*kxFYU0MiAV6F?bqzQMRdqizPuCKn*K^v~HiYG88Nk=k`%sYOD)^EpxFO^G4JYvm zNvLEL@@m>9hbt8spO~Uwc5vbR3Uwq>Yii8O#M1nuD)v=H94+=G$pTCg72l<*c1v-6 z@^cdJPTsF#v;+^T^h&d~GLiJ7O`)hED-;=<$vgh2e7tEh@WJ2bErC>YQO4(BhZHipI-wXVw@UbOimO3-A|oa=-`plB0j( zgl>}C9lwz63_8pr_-n>*iwv4}Qg53)5T4`Uh?7ic$N%D%ZSnMbuBV&cr=*36MxhRo z9(oev@ij??+c-fH2$2K|AS^mbq;dibnRb5yMx{~Ls!@nhnUq2MEU(6;Z&~?DZdo@GKO>WYp8ur<9%sO|j)926k`hq!; zZUXdE8Tg`YDrB3vMTEU41;--c?Mc_L%VeLAy;>T6$N)C6SEY8JM9S&d2F2pzZsY|c zB2hlE=%#Y<@T$G)T(p93 z%N!jjVT$z-z?UmF+JBZSUaxkN-9h9vjE_;$-z|^Y%RoSK`rJ9r;r3msf#_@9=)$Ps zqiaWWk0fKG=^C|s1T9C~Q9FnJE&s^hZ3o|J(H}nFV=~TGJ^M-_uq*VO%Q?4X?^0)! zC}{$OGL+?UN{Ns>h{#h7Jmmb*2mMVCzV<(V=HI_3*Qx&x*BdHiE)wyFMa}Yh@wH?4 zy%nY36kx7@i#lGT^e)M|7(FBy;aesD5-{d>6m{-YSW;WGXgMf{~rlpW~wUd?1 zbXl?asu@6l5XTaZm<}W^t5#qc%GgX7NZ7A1(=jC8&j7KzsUizgI9v z4=Jv9%Vv*K{2>@K^4MHdWJlsOFGHP9YoJnkbVU+{R)+o@3hhz)Moj{RHJ9>ze*6#Y zqsi8S0$m+r(K>S8qu`KGy5V0*!fCR!um4g~oEtS;;+V`6S}!m&#GjHMI$+! zs$j{uc;g5)M2TPp6r}MN1EKDELVIyeD#$^b%bZR?EkM%L+frXgX~z8&`-404bKG#8 zzES+^)0}b^Ua>(iS^w->PnZI(5GiUPspCu!&XJ}-Rj{y$9pODlC#WKYxYM(Lqr?Z5 zBGyx9H~gIBi1GZfndPNABt{81=W)neNl2&IlGii331u=M&_JF?t{!~TS!5_8fVgy- zPVzCQoc8n;RZhGEBO{rKP?6##gn7zRzZNOxpzRd)0@B%Q8mQ5CmA*?#bp>D+y`zni zw^Pi0zD?E*Kunh^#Vt{?aYRqndL6Y^<_c3=*>;(ojH7h-kS$Yf{as88Zb$Ie%iU~} zHyR|D(TQFfmM=povo$nf=?JYIi0(x=gCNQ&2W37zQthsSv0RBozP~w zfg;es=9!yjp_esjYVriEL`=gg1n61 z;?1(2pdlHqAIzfIB zF=n?%tW0&jWi3GzQX)@`%%&Gvi&x$2+G|^W)@*XC^BXv`kFp5?B|67C}wX%TR)k zwmJH`in<)lJWvmy=+Q~%P(Nl;UbizTKG~TC+L~8Uu+z?R_!8i`b|P_-R`!XB6ZG25 z@nhKR{?X2?WW?#V8|+A8v3$yvPp#C;Gt2xVGe?Z^{awm_T~SZ_BMCY;QB<%<#tI=X zqK*Sh3+lhXnWEgpu`B5M;N*iclfYk}hApIMcM+#e2F40Ver0sm%|p<|-{|mLGcCF? z({L+rV)C(s9S5qH4O`(?-z#NHLZ)!|dYRo5^%t}>k2*!2L{w_f9)v3ns^4jdchEW7 zZxA3aiiYw3l1%y@9yj3xuTVlwhh4N;ti+WhUv-k`1V#zDWEp1wx=avPeF4X9WG2<$ zO;mpSK?dbNL&c{>!rl)h<1Wr4!z0BbX1(cUNnEkF!^AOkQW?{z8|WX0Bis9;_P?%U zUlaEL)i?fE*_xo9<1?j)J>5MLZn`CASyxkiZCP3SpU_4l9QFiq!(vpB@g=e#pp1lM z!;QAS=QnZzlvoomo4D4~m`y2WHcopj=S>tzH%6m87n2Hl#tE7nRiwxJ6iMsI`3_u1 z^TND;Yc4{>BfmPOPM7OHs5jME_OsgB?_)RN&`4r~;B-Jt8^Fnu9vd&GqY{ zwKXC?7bh{9&MoN(QaDD{7gk*+URAmzrE;Z9u3}z!QE>8Z7xn`jl6aCb)`Jm5HBCc( z+8^5l@iBeU;ZE;^2LXc^ESkPBXYJ)v8R3K;H6gW7dc+}ZGO_x6#?r`Gz8|TVMl70k zk+kg3ZC#pDOeBE!OvXl+5oiz-W|0u z-U&fotlZ0#bB_829)GyZ>wXzldcfXF(WWcWW{(6*Ze-ct?BFUVk}w%J7NLe$GV5Z1 zjO3}>IkRT~l z&c`TEL#D*OHY5VS;uS?;4e&*`AWvx6cDW;O3hKIGTCb;e;wnY8;ca5*-GxnLul^p( zZ`oAi{v7?I{NII>$jXHM4bc%6-JllgMNfzk5$Dkx&L1lZ2<11%TUW%0`q5a{ zyEy7y6^+aJg)OLw<}A{m5Pzv+Up6))S~-)AZEv-^}pXmyD6gohEy`q*afk zkfj#IXXw#*$n#n?jZMhHFj=g_y*9tDgWYNc&WjN3H@#aSsIG%6h+sW|Aw#%FqiQfc zHTJ0%I+no@vePro3>;d;zwpP+S>+FT?-p=pp3@}jT{S3DP=DMG4Y}}ZPnG&g9>@OdrE+#6 za349odM z7r4-VMS1u(M2fsiyi%wUS7Gps zI(nbVSpMnO^wa6O$)t)Rv7bQ0t2iR(&PV5|%BA8|jOmLKWq8Ib{CvgX#rb$kuz&cy z)AW3z2YrzJ2wfFDJe-w#%m)CV#9lO3w}3|Y;!ldFWcbID@c7x{OWE)b-WXve zu8vr9XF^&Xm?B-+k68qU6D!Bj4VYIU(PAfR>@o2FR9ajq?QS$ zljzrj#9up-_Tmp9{PGTO2kMjv7ooMXBkuq$0zS6@uaGKT$RClqiST4eDH*aD8fg;_IPOl z9A#NZdzV3bIIsJ{WAs%u(@NZ=x!OAGb=&|scQUXpS16tMy{df^@X#n92shfzvL0DA zIHa&&OBo@KpwZ~;R*Suy`+5z=1D(~Xb^Oo{HI4h;q2_M~$mt!nOq-i93k~EphSn23 zItAq=daPT}4{}NzwOjPnWW%x7=ZD9{2Qsp+y4DUe3SHcXu!v6jIr~eB<~`rU0T)@| zC*q~Sy>3I?Cl)P269a86?skkY!uR=XjaYGQE zUiQM%<0?EQ_EqGp#4fkHqw6|SVN`u*ZAZ|V?f8^y{mS&AJ6)o*H*&5!(wT~Hbflgi zOGlHjOjP(|HP{G*)?*^@AzcrWuw9dvM-h=6L@kREyQ+@@z8CR%8-25SZjW6-lf>YS~g)#`9!dMkyH#*>kf(7#Zy^Y;w|QZ1zf z4}@){rG@!43BGnwCa}Ri0$N?I&%pHCqF9+OIelA9UxG4!QFcEYyH}5O?p6Lg3X{lQ zj4{tmePz9EJ^dr^5FZ6qSXZgCC583nT}=$U!+shKYZve<>bfKqy7egL0lkh`r{A$D zt5m49rA?L<-{I_2+a0yTc~);{S0#RITkqN=jOul4@_rI>QXcx1$W}EIC|N;Lka?NN zHibHI1WXP!mD5!jKpLdeAcFfKuA|IjioO$9dTB=|<46(r!@BT#!IoLhW)(CKpo`;IjL&Juw{|&+MS<+SGDrPU07OO^27NulY81u zeUoO};jaFIRIDZ#fk=)B=Q+h+pRC6KL)GW5!2^sMAC98Vyn=IR3DP8jGwb)tk$UNg z)|VaGQ`aZA1=l6j^~o2!@N};UPkZd}bb!C~^~t{%U%ZP2V-a5T$@$vuI)FvLspNQx zk>kUz^9|)bt*w_FK~M4VLU*!K*;tL+pl9>kp&Fa$W?Md0p6aPfWx&I5dlG{CJ^|gU zTvx9`-`n7W7my0tx#^5v4!Jq0xnFZ9e%-xQol#b6jHx#rezH&*ulL7|v8!VXkzVC` zN(5x^THm--i-OX_#d68wD}1hw1X_J618VvKg}Y7F;n3A5+v|SM zJO9l)L0m6|oMur^I-#=}r$fE&1>8S9%pu^*6+Yk|xA48{XtFik8dOeUSLVvQBBBWk z<#B1BMN;y*h0@xV8H2fI!jl;DLi{XSDj5^j-~{81ApGD5xi|UA=<(n zHrrg@XydAX(PuAgckQnObD+3o=Mv+8U3m|?!8cTdrNSb-M7$#@9`2@fRstlq-?`K9 z70#i6(T%PvQrn$Mt(MVUqVUJ?S|N07=XaYI)GniTn@^hXbXa&y?J{$%#8U>o^9>cN zkDg|2@s^-J_hFv2QEG9Ws*Y6!wVm6Y*bX+n!%mj^CN%Nfkb$$GA#AhVF1$D3P8lYM-Aio>ql|spE$0qKcm#_oaZ9M8|6gFe?8=VOAu z^O}(fJUg7fiB>C!(v!PUFz6wSBJC4MPf2`YEFh50xQ=+*hMG-46kGJ0no_LRmo@HL z_DCZ-tH67e{w3)NT^z`Faq!5`7Z~epz;4O!J|)Yx`dzbXgw;x`L}(rC3kT20gW96f z;lEYzT@^GCXM9U_{=3iiRt-Kt$!~iHt!_1em!n6;H3RrLvE3Ji)M_oTLZ2 z`Sv^$X=G?x*q?*7Qo{RLENyQRcDU2uvM@j*TdO-8o zf0GgPzM&2^7(8a6UP?K|nd+Dhaq8wwIqsASo7$+L_b~8$tXfpcs$x3KQl@LSzDd}@ zZtd>UWxI8~1(M1)f!ng|Bi}-;zFMi;-|$yBGj|EwXtk{K?A7pxDi1$U>BC|{%?mB4 zYWmKwz|wbSoAz&(k1w+M+2V_$Xh&2;6R=u?o%F)kOg7N=3ROJF}@DWXeoZ55BAH&HMdq`uf$+D5^GFFOj zkF#f(qr`=cx4{}gX9e&TbgiL8M6KjE_Jcu<+OuDQusd{|aU14Xs}X07rgwzXl?wlu!DoXw-Q)(_zpsO!h%V5O|e4*;y*8(}}F+ z9~i?F>UVuEa&RC4X}qFef2tV$aJQ@49WsysT3YJZ^yo}7Ti(_=(vsiN)Bm7L8uE5w zK>Wx|qK7?X(*-2xF_Rtk6a2;iS`NvbXxz}!$ewWklc20-qvQ^@Y%|%L4I>hl!dM1M z@$(3}T`WNB#~gsrg3Z%Iu0L@zBrBg$gkt25C!y!iiYAg;JpI12KPH4Fv7_RE$%YIE44iIhz+3d+i*uX|WfU_# zxj55Z|2ETpmtFG!KN+EHn$3n`Iw|EOX^u88vFE zbr@5M_xK~z>r=GN%r5$wTG(#6*Juh3tBJE@4Qb1;H8?i`72lqMtDB833pyR+q78A8 z6OkcduC!i3r(NDH;A{JpTusX1%PbcXz8;4{Ka(OFd<^6s2Tvp(Q9Pr6DvvzJHY8 z58kNUukgvNo&GWz=OpmZr!VV z>oR`Y&z+Ht=g%k$3Y*GDR;FmQbVP-&HdU(nq^ejob>t=o@&}Dy;yDByO3wqLH69;o zKGI3D+;aD6>oOy`-BQbfuA6?IT-3C!exgRpt^62sj2n(e1$d{K4M9p1Zc!s_2_Aih zJgfRYS_hJdlXbj0TA_<1MMPlR@T8 z*6HKfG@$rI@<{+qsCY!$RLP2bWa7>YXYBm&SUEIrRo;)3_2!53_E{ay+kNa%N^q<6 z4SL?EbU1Is>B{ya z*XBPAiQL zmY|HQ-a0H5s;D=pJzDM6FBVTV;UBR*NKJpG$uq<>&?N=VmB^Af=TzW@vZUQ!OboBw z+CZJ3+cF~`^5*nl#OO zY$v=D_WJfEi*`_7q(6@F;YRqFI2J#R&btyF7<7C@)X zH`pntloy2>wOgaz7$6Vcds^OxKtdu3o<^b|f?+H@1xN!KL7|(mi&@qS?Mg9h2-pRS*VHuL5L`K6Kj5sH|F@%BK-qpn$`&sc6-vyYWzbd@H z1lP;{%l$!as4Win7pGIgr%*kTlx=)?e~HbxP1*l^f5Fhw5#>FR`#T}Nwq&B5fOV3i zFoZVWe zd_WbaE_0CXUnGME((n&X-F=GR*KK#;4=xX<`G5KBr&Oz5@o5#?B1~53Xq))t$6|=C zW3uZJfzz?TGZRDy-OH|4whW)eieAJ3Ngk z{^5kDvD-lt55DWUtDI@HrH;G9oD88g*c_EwWD8DEweDDFn04wnJxF<&p$h?hL$Fdw zJ0|tmr|rr-TB`eH+Em7dB{FV6usEBgSv^*lQ|s1b;^_qKXKP4a!lNa%;1SfcYU6vb z?Vyg}Kw3UaB19_z&^nB@OvIt_BG{eUOI3ER8b^kPS1;l;qb`UiGAea?eR;evjAZn9 z%H>%i8R^Az3E$eLPQ6^US5KH&dsI5wRt-8~(e2uWR!k&`^=Ma6IL?B8wMkskP3ZZx z5dU)hbpu@;iT(_So@2kDH1&S?zc11N>6{fmEwz}ZE!m#@QF=r<*X={S+CrJ$cRf7Z z(=bzdR6QGa7|A~_=LB@DXdQ8?->xS_YlF1PvY?pW`7P$!=m%PDG0VbZS$M4d0L~XI zG&9lh=t(hJyxuLWFePF0>~2WtZSjc9E4vg3fFKSMgZ&OHLel(6S+Gx-xuMq{3EU>I z{gkWIDKgmYq%MiL7f0;NBGr#3MxS+~I=AH<=iG^O++3yuitu!tg1l`Qn)a1y-d5H9 zd7Zo+O%i3pJ)^-it_sk2COxKF9#z!DP8?>2A4A7$5Pb%Yu1w|cOQd$i=`B*C|IaAs zoT8qUu9ALclP=GOo5VM_lB?1S4*E>BR`vNQwwAqGylT{bb0f{JIeo`|mFRRZm+1#T`~jt> zn`tbBnyb6WMIR>^a4qPyk1E8LytPGfxC*^e4|l!Uk}@Lm-)-j(?_6B<9v65}rAC%z zD8S^6X&buBgIW{tjX~itWScRh8NY`SHLk&ddYX~^d%8HT&ao!@o`V`gKsN8 zUEbt$Gu?xqQMK(isqe>QFUF&TqY0FU?)7vQu+gm0n|prTNWJ zGe`;`S{X|>$jVpQ4=AU_uLG{F8&o>OqnSF^xK|dN8|_M^A!A!r#K&cBRuP{}W~B$q z9#s?_Mhh*JH6{5T`=3c|t8SKSfaYjuAD85js9I4Csz{RDEpcKb7CmjqmT=!N)|x|; zCHkT<+&Jl25T)o*wB-MsC@}>&Pj(iH8g~A6BMB1u9dw!9E=_UihTFbF{9wzqXkx8A z%1g2=9%?IYq#74MN-ePL<*h{}r8U&PkT19)irN>ExewhCZs>+c=etu~I7DQzj>Bqg zVWTgARkg^}uR`TYd9$Ta((}lR<)OOO5~^DCBMha3)O|2&91uKU6?C)5O?IH@CQDzZ z+pm}Y$;-9qSuOvfgB1M`;&qLxIgGk`NV#hH&x*%E=Lx=uwp4etYff?0YjA#vO4ZG% zaWtMxv~He`dedao+hx=x9jbv6ltVR)q6Q_%WKmiJ%3Pyi$XutxxeiDDKh1Ro_NG97 z7f1eopKoK@V(q3a|KaF|=KP4_=w;3?7#jW0!_kZW*P_TO!pr@ybAIS3#1C*|X#D?F zUqt01!Lb_@V{GC<1tB|2&X)m7G8!qb^(+a#uRcj<61fY^g+QXR3-m>13(AiFakE*| z+7?nh%}`_RuN$Y6L!O_FY}|1?B;Hoe!^M)z!*G*DPtXjzhQ(&Pj+VHaw2{9Wv*!y+ zqOnEH?a+_K^AzokaKH_oBMr{Q^>!g+MAe^-{qEs7#!Wojj1K#cEP7roq;#M@FO4I+ z%Lc4|GDpb1UhQ?qMoBe>n1 zhMl4S1{FMHhCi9efu88h@JD*c$)tR%fcNtYOy*=vz;Q@d9KYBu&9!!uR~p()W#RFsc6e&vrB_?_I`oXhVWj!|=vFe3%mSmF~SAh=rgPbYIXo!KT86Q|5c zC}Yg_I$~=}iN#NH3IV-ENpg5xB^PD-(|4=f7@aBOlC5^H{yR>?b^MCVe#-Q?IQ^nH z!lKR5dfi9lpiqEJc_bK%ZaymRk_7T}h;Bz{%z{E3+ zj607|phnMW)tgBSk9Zi%vN`&(sS_kdj8{|H5#&#caapfUwvQo+pU+4nuLni)EgATt z2lYZO-0Y3_mG=YXH(4jwpdUN&;*N;LaH1LYUo6C=(n1J=_Q8c%LJoBCSL+b!!%4aj zE+n&^#zNwko8ix+4edyIR-8;ON1py9eWi*tg){dlwkWv*?jFGT6F;)8v)f3uro+1n zu>Tt8IK4EoBv@0g8}yQ7jczz9hbOikWerc5Nrgs(PaM&Y2Pe9xVROn1yr^JSvf<(c zqI2jN1sRm2`8B96vTjZ?t!};ke@eSizCoW@^B{X|8RM4r5&;PuiUu4mqhPwiJF zkU}l(Fe`DZV^PUVFt&vOEuJ$6YeVuD7!Djap*K@nAb`7sN$S~1@p6` z_|XGl^%lJ&%(sw2tte`j!Uy=3E6hdp*7q2zo%)Zz5R)MXbkqp%@IU=Zj$eu43lV=! z>DP8^2@JN{18A!1bbe2Nc}kOs|no^QPPb2jc6<-W{`Lfs!g2RkpR@@Z|O~>pIk3}VR~u9IA4=mj20JQ z5VWpV2o5`!rX*!TFhL zewO|5x=y^NUl*{r0d2pbUQkZVeM$X_J9|tuQ^ZQQ=Rc{@p`F_TZ3K2%k{p+B*@>sn z-CN3WwYiNorWTpg*DuVJka{GqSW9WCb z#9LdD2am#&rfH1UHx*q?+-4H7wIcN?;c>6hN#kz)s-9#meOFtZ!xyCHm67U|q+b&q ztipdQbbcYafsF2N_~~k&kU`W#zH=X zU==egD> zT+bR}jqr1JF)?gmO#}ME2)_^g>pRQ`ieZgS4l=A~RO(`7jUA)a^!TB}8bcr^vTE9Y zV2{|p#}8HBO$djypu`_XuqDIoH(<|2^n<5ztPDtYJJEY~GrAw3H{ZAm8> zrWc~j5T&|S*Iq~bsZ3H$WCf37LGkIrrSim;+sS??&evjWf6VA6m#T0wNo2vHQ*#L{ z@;=gS&`Y>2Y0I=jJym2X@$Javd{;OI${cTmqa@C(J;QaEQj41q87()6%O-Rh%+MRr z32KTlH-~&5dKAN-SEmUEPDKMUR4GpV#fr0irpHWeKPXGpRMn3HSwGW?Pak z|MBoA`@`cjYbPp7POGx^{$Sb=Rl~SOH&vU8C_TP3JV1kBA3;=0IX5+OLG)}iA}sm= zC_L0Iqtl&pBdf+kYLXN0oNi77q`xGM`OKv%d8R%icA}FBfL`>TQMEq;slOr}&hRU$ z_EkF76r6aJdzLw--!u&ppi3OoUF;W8m4+h(dk$u2Eh2#=PmY&v@#X|0s1%|iK@70+ zc*%2eEn3pC=txq8*C*K}h#upu3CKLvBjQdFamVWk$i(?NNySzy`|*5jS%0Cnd>Yfa zLqDuS8|<*{WH;v*KCfGz)5jGj&H6rWDH#7i%XBF&4{zYhs+J}{c3G5K1{wavk_&zJ^?}zw5}9nD3j=v3+sT|9wr-*?sPI z5)^W8pbd8IQ!H!MKA;C9NHG8rS>%0cQ+T}1z@qjkj*wuI>M1X=%38giLB@lPTTJt- z%DY2(cdDv8xPQMsQip4_#ff-VnA%IthLrb~uKhLh7@;$W{YjOk*&dXbd|RguX!EvC z-eHo%^)RoS+My(fCo+jNLaWkOx@w->*+q5}6yD?25h1D%PNC@NNHWC9vT&n(ycM1{&W1JYs0h@sPzfIs_4c<0EO7!BwowlfJLTk58;@x#} z2-{O;T-9piQXUv=}Jsblp1 zTi5;n(2SbvXi}MBWFwM;d zocS(k)q+{PUjbiOMUwFpMtVKw!*vv6A3gg@~W(?+Y61AmN6f%MaX}nWI7Tvw_<+s&iXs~!TpDX6VM8iKS!lQQp$L!Gq z)NsYvfPFyw4IDZ4h%c)ny(4ngi3RK=;smewvtRaOulO@w1WvoI+9?ABmH1Dk8;g%E z1SDKb+v}{ZBAS3gvwVSH1iijScV+9gCiqbZh(Numla*`#Ff0oeA)hh9Ksd%s;#Q|axwVe`WZl2FJK-V0E6(iFqUY^jw_iM>4|Mlm-Rr zXrw#|mW-Meo^FftqSvbfr21D{zAze_{44BH%2%3kr-_dm718M75q_UsmTd|%Hqz5& zt>~Y!aq47iuo3&+dB(};Zo81m{sMptGN+1DBaWH@{B`^gWlp3-tRdmY>em}N34^}V zzE0C*mkfkO){1YbDI2C%O>w5~)z+d`=9;>HyEbN`J+Ar^mmg;5Q`x7TswW)h3lsnr z!XmytKxvG7T##a`m$=ew?yw)4*?`Sa3wI!@7c!{D_Ici)QuV0v;<0A% z9&-@d;UhVW7t6jB<6@B;mx(j zV+Hnjjij3rnTijjHp}1Hy8LKwRB%FMe5_7@4|5PsB|^9<6n|yr9!)~=Gf4CwOJfUs zV6Enh%I$EtJItti^rjAc-MA(dNk#N#J;Lg4ECly!^)-RFb7Ghn1n!vL(P9Kw)lp4X z+Q3JkW7I$i6{s1~)LyCxpoocfnLbaSAlqCvGrlM5UoJ0hl_!dT645>4B1nsiWzDEd zRKvxPQbAp!tjD1uj zLoQ=He3VC>#Q2?X8#<2K1)7PKC*y8`NhU9eg(Dq}NU9$ox}t)pnSI!)hzm}8nZ5WH zwh996|2a7?)!3=KDcqUQJ)uzgm6!2emu#b39iID_I(?AhdXw>UeMmQ96_?v++n=|| zWg>WUI?Hys!W0R`;GNpWEpiWa+z9R!HW9S&iKQKzTXyZ6 z$NjkOsEPn>Qb96GS`Wg%vyfjGDT+0z4ttJ2>RX zbarvjyW%S0Rtu_+@fCH>)kU526UrXJ)RQrNxTZph|Dt@Jr<=>T;&8j(e$BV6>&3Yw zv-LO8M0e}2+M(MwyGyULE__%Kr=+UpPW3UJCpkil2&fsB!%lUU=S0C3!g^IR$bLA%Ma4m#1xuQwAt-OZZBRY^fup_%> zTK(MkvX(W3q4}G%z@k_;H3wm6J)qpfotKGZVV{UW`%4pg$&%sG-Hv;5o4QjK zYRW}O)8;O3%1|wMq{@1b*PT4d)Tb3_(CyY>8wMU7HelbGaG$CAnmV;w9Zt5yVt)$Y zBh%!OnodDl7zk=S!<-4G+6hC`l*a!QQx!oXnQC^2l^A=ST8QFJhK~<5`f&I07(dNL z?tYzAn*U7E%-|vtx%fgOqH(NK;Xa9j<4#gh2y=zQW|(&PNKq1P>`oqK^d~6#Un_Ro zciFpawcGxO+C_k98^9vLJ=%K!^uf5qBE#n|E9&Wn{x}q3Ly}wuqytnw*_)tZ139oYZ0}EQ`FM@J2P?8}=T?1HH-C{E=R^Lg&*|m|wD+K{{j9EV$%w4ouJbo5_e2&@b}?b2Dgj%okpO=v z#g74?X_7P1Z`M;WO}d>2%SJLH|K!{f=~BHX49U(hhC5U%=4AZC2Gh39wE z@-K-%bdfbtjE(ObG`bONTW_0gz`L*r<$soU7}4j(sb5gZCzSsMY1;cKWymbp5M9T{ z?ePYvVImatkaQ4mPxH^DL+V-17M!i2`fqAt75)mRP43CjfT(%hApo?p}-i0QdrT$9_>Xg6Ql4ir_pb>U=S?_x%HOvDGux&r+@ zJu6$B0?;;ebf0ow5m{mW-mLF}GNS>YGc$A|2%bmu&r0;nIo+u2E zyTs>?IloO!J8z3Rzu)>V{1Vmd%;5VbqkHWxKl_5o4Y^jA;_6;p{P7m_$UKg%qBHen z4AyDFpzsD^3Eze#EZ02ZyeVArhv6k@?6cS8b=NmOyxfT&u40Sbz~vUm)s6sAS1z*! zJv1EI?DJ0JDnAdeLMZrg2G(Ua+1amsc%@}rY3|U#1i5ibX<*MXu-W>w@Pd2QNH*nO zl?ad9RCwB6JQZI%^tf=3s^=Cqopz!L?t>C@26(F3DolGriD1~j9pGJK;M%p*T#|l-B#D5kib@Ma^`9!fa@@XB`My?Ex3&UgIE|X{I zpH=Xujc~%61-0{h3|sIxh^E)W%35Lk1(^31#oK>0bRaIXZbWjr%BS(iq@34X+ZC&s z*xWz_;yxVET6^`i^df;DkweAAbyUFGo>2AMO=5>>-EPWA6wS9~tMF+Z6VMb+!u0`w zWT2Lcb+Gaf>tKa*Y<%(OP4AmH3`0)$7jZv7Ddv_K2|Nj%jeCKTGe_G^u-&*B<96!l zSk7h6Jijfv5ZJ16{fKg|)Z(HXg#gzw&)f`W$+(O&>JBe2-D{|Xdudjy{)Vrrh&S_VHoywvNZ;V;n>SS?jbrOTQEV& z!Dx1&(3<2G!GBs&%TCg*5_d+f+<=)al>dgvh?nFr$-2xQO_@PQb9Xtl5*a)1rBVrX z&V=U4bpr1wy#69seI1v5L%e*`igY|kn5aOQsNbv8!*J^YjG=pyb#QOKB%b)|p^!Jk z4fT?^p(asrz1z7zvddAsokDnQ2#lcLP?>(I$n*=~ z#8S{@%xkLpl9mfvaHci8rwwzR{NPQ|M?cAps4EpC;4nikIri4^I^ zxVN$4sv0+S~P`Vpp&#DeX}8ExC>6tIAzoR-bPun^IV-+C)}J@%jOh$p+!$*^*rF{TC0>AiNEU zw)h1pk*wue8|g{1bYA2_e76Pf9!TGmRDCxl+^!%^;` z$`kYwoSmmqPri|BEFhqrN%QRj8ty0EkS0D^q=_Om?1c^>5MFBdKhi<9Ib%U5S{}=P zk1T(KwZmcgzoBIPe`)j!hV|cR``-Wt<=@wTuf5?Z)%FZyKZF9X1JvhDNC8zlfF_oe zU-6pie4U(=VY2q_k#<$O@ljK=&D^6t;Y8jAtnfdq_?ayD4@e;W-xja1BY20}WOWOeFbz4p7Fo2S z6`Vz5!@j7tmxK)F;-Zjwr+C7-f)pw`S}KN~=eX8U6o8CQjE$>*s`NjI+0$|)XN?!% zsS{-E%EKZvXh$Rd(uCuw#<30f^U|Nx6pR2^TvDD&zSBT_r|C=;-qV@UIVC^LqY@Wh zS~QgAAOud;<1v&F;gvzO=q}BgcO{D*0dy4PI2y+SR)zDTLQTpMSKDMw{qSCQD*OtI zB()2~ai+s04{2$$LImOj!WOKr?ySm zsW{YLsm|J}9w*>*_EwdhT03PTp{K1>bMf9=a=2VR`WY3zIx0N=T3cJOBM+#b>9(KX z4bAFx#8jU}0;_-GJ?kS$4QI{`&U8Ip&(fz6;8?ZVENfqGX8GwhSTn#YZ=rtUoJeKM z{MXRFy(e_-=k>%_Z1b`W^aRm@M|9gmdak`gQPX^z&SiQ5imTQgbZ>T|8!ppr7fTU> z{UzIc!S*XndFSJ{`MezzK&=49nwrSog(sPlH#(WN%*b3@bUw=@T<~;NhijsWM*$BJ zhvV56%Xy)LM>mhvn2e3oE8*7ckh0+hGJ&gjr8@k|5)!x$L-y2QZ=K1vqx^jg&#AC( zz;!{F>*LRo8D-sVi02R(1N7 z>g27e`by<&RRG44?yaeW1Ns$k4U~wilfHsQ3;lGr*{Lg7b*GTM+fD`ehq07_y~qCR z*@9!D%dSjiZ?dcZX`FwM(O*>0$2%!;oQViuNW8K;RPW|-JLe*P`U$7Bll>9;(U!r# z3pRyAfCQc7135Wa9}P%0KA}1!_9}djS>+xx_)f zQOj+qlx9)G2&b+{uyQBK)%ERc#N4NcQVjT>N4Ci82T@ z*-n(DsU1^(r=~Vfc|dr;CY~H1x690gh4H2MWlHB`lxDv*C$Ad$0`Yqp}^w&1rR zJkQoE(Z$i2s#J73b^3UBD$hpJJn2EH9y%dim+O+Z%Iox^0!c$ls~{Kg+}(xLqP0{9 z1dZPJfOgxQO(frQ7rJ6g{L-2aVrok~8y>5}vAAkN9!XHp4D|rdg{osz)N~WMuG4j)ja9j1o?o zh4AVqv}esnu!+Pkw;JLUPJEdT->uc4_6cvU(k;9S3vR-Kt~vCDg1%P6EQn`{OPR?p zZn^p3Jv^oKpdJ>P6RRi3qtXAh@?p8@#@rS~<|RU>TA!Q!zRJ@+afCjrq0zrnRp;Qj zgbJz}URTZ1m3mlX@9Av|I$OxS9U)KG43F=?_uIUO+@LM8&A^5s5FOMnu2c2tIv;9kYz~_8%}!H~b%k`>e8dhOvh$DG&ZBk( zV6T{BQz;D+KPj+)8wcny%Q_a63o*2NK z?CX?!yZWPQewS1RJJp0LAbgfon&MPGF2?l7nEC0Y7jBgaOciy9O~eRJrabaW>2s%L zW1Wn8vMx0&JyteR!R%mUe-h&fuWz$q3=%cD9@qUO2KS=2UIAMefI_UtfRL|58gq6f zfzqr=+AZ+cv;-^MLY%xT;YnFS6vNeNtY3)SfJgRX+J;E#T@A{^1F|)DJ8MJLdz%hV z+3;8{_SjDG_y5!BW0F#dc2Va7Q*BzJtxlCs!~&SGz^`^1v>UH>s?fH)9Nh&Re>2sc zkczh9;a4ndK4}sj#`<_a@uLj>!l(@U$vH3l9v3g&P4BvP}y{C?-i25y=8jkIm zs`piY_{LMbG39+#_nztuk8MNG8{Sg~pYv|^8$*6FF&vW2XheCX@+VV?)oWq?0R-VHB}g=`kf_=igb$H4T94@)Q7)5Q zQaH?&eB@k29)i-ev6vu~QxoT#aW)u!#vbm?cTaQ1$1=jv3^7iFI8=DDj6H%!+^LF4 zLPmWm#|4EsU2VdU?pKPZvha^vU|4JoQqefN`^dn#PrYQQZn**v10JdGa7VzEa_urb z%C-lk2;?y-0_m7V9iwX>HF9}%naTT;&4gtChi{Hc*m>Oi2|UO3ITJ6}3{q zp**%f8W2@*8z-2FKJj{+^p`|kdYwDHWM=+mNI#Qs@c-xSz2oGp%Krbk&biz4+3DM6 z+w5*O*=*XT_mEyl4-iTUJp>3rKtbsxfj|O+G%10ECP)+r2x{m8q6r9yA|w{D(Uc-S z;=}iS&g_QZ*T?7g$M^Mn?Q8CP_MVx$oN}G3e6G*M!!@Z>dK5Nuz~EF2N;;sCGwhAI z(OOaD%2)~Yq%G;Hriy>s=~Y28c3_~+-5Y))Au z9Pw1n{wX}@HikEEw^uSlR@-LAsXv&{hh8PwZ^$1>^o)Lk0}}=-JxrKL8M&5$NeZuBeug`1RSTEuuCO%570Cw1 zDYag9oBWDX?KW;mm+u$iVN11VS85 z*#PtmNr%fhvym9?Gutbl7>e{po{63rz(7fW3#^A-|3L9fFoFyUK3xhd(o_d);N91F zf*6-ID7AMm;%*_x4$M!P zOBs*wy_MKv#>N&;x7)MqwsIu8k?e;1S(5o7zH%%nBQlcUiQJ%%n+<1EBa#1z7|d$& zqvEb}MmpOOg@noqt~Yh1Zx%V7Xp4pmmfqNo+TRaOT4JBE2xOD7Ek$Srl9?!DM$yAMvl2!Zos9-7Rh3lKj;Yy@nC{ z5*BATkXL+Ziv7UXKcwPBu+vXH>XQS>{Dukf2|qYGxFc|1z|Q00E)&m_<6#FlA?!fQ zM`65ruRh*@d|yyix>nk*ll-C4r9HOQa&9#xyNYOEp2?*fM#kZf zGy{Mxn2Gx>hJ_JvQ{FkI&7fG&+&1;&*Q-by$#GGp-9t>VahjbQn(Bu3XRZOKzfN`- zIQ@AQRDH(&liX+P?NGz`$%%JJ=j~Dm7b9J8AR_5(fY<+%Xy)&q41M0hKS|>sB@-SH zSsC^s!$OOOfz*qtQf+5lK9C=J#YcGL<{^ED$x`v;m*t?2Ezvce|fyIorwY zv#tJ&2*bnDwoOu&{(a7R(jb>E-Y$(K72YPpw#taxWbjrZf1ycjaAbW3c*_58nM0&2 zK7!S}lhqt9HCFS{2bu69_CRMNZuVi#;Yh2B^dCIfO=P3_WS*kVJwtmg%WgZb21d~` zULW^}p*f_#8_v!Vs>Y8|OfD9gr3=)vZB{FcI?ltZ&yX5aOhkmtVdb68fQ6EvF|1<4 zq9YQ60^ znVCSV~pT#z*@KWbbe*UjoVu*?2yHr_);C(peBOq zsBw)qC{Dw%LIOasr;SD>20qiC8XC!Y=G6CzvmdTS%EtSALj5KMK<)d?vhOp+M!2B~ z%rZbm+p#i0@6EQ`=uL>y@5_Ljq~>OZ#TIG1RZ=%e^kxoE?NoZ8QpG`5x9|#?wrr|T zbO^$)qER&A3#zZ^6Is&4%z{~ChE^MkoY5)F(*KY{V_J^NK3rzx@8lBst^8X3PIAAM z`0ph3TQE*b`+Ko5G9$78Uv_OR9!&G3r7BPa=zBpY$sctN1nZUm<8@I`b#856?KZl# z=-Ii9;}vzzLyY0iZuH@@0?9{d%cLy_Vvy>ZDv7B9x$gK7!}V_4jPQ+h_J0Mw-Fb31 z3bNl$G=fiy7|xJ#hek4kBhuikaDT0W96S@|w<_|!tbR}Gd6p3aurmAf0pgfd<;#o} z_j@l!`72JZ)Jcc{dSnO~p&C>8Wdyo!AEFAT{ZF+G-*l6V2>npz-Xd+A<=9XeWg1PAz1d#>F^H_|DOO5a;0zlDByLn5!s$Xg}4g~Q|8l^&r~b|f6KYKas7jgI_U zcc|3B=;$7865YXil;?nZ=_cPf9qH`t{iNDL@At)!xWuSxBW>?L&Yeusp~uagL{g)Z z6L@=pgyt29FUR%xN;{cSd2xeb!cnowd)wRS$tJJCZV$EFK6ZP(vb*Fy+seoL9;v+l zfos3iw$TGqA|qGGN`HmBQm;@egB8Kb;)>hlh{*yf2iqjdt6h>?rQtTc^ROQQD*Bv(PUf#jVmSzT2SiF$^RD%n;|?SwGd zs+1Dg&x9paEET58G9cA%BlIuUsSEH59X8UGYE7XEhbQv;sfKWe_{=)D^BnRv-MU59 ztlR!!e#-0{647d`r(iVo?5y}8lZ=Wc1J#$+L7rjQcQJ_Ybl$A`-vj|IzDS8iq78Jn z@gm%9qS`TDSu&imq>?6y37aAqPnd(pRK^0@QC6J|(}aICrO}O2Ixb$DYQtX%*dvpP zbwnrN<805@$_$-L4oZ)ZTykh?zvSV?5-rtkaH?NY`!%&T#vAgfMpO82B#xEq@I#CQ zFlgXSn%czF_k+FucF}ZP(1a5#>XSd>HBh>&Aq?&|6@5Yy4e>##&g3mrLyf=dr2AJ5 zWHuv$s`q%ScYCtO+Y__9W zcwC6Hw|s}JpcKqRY^y4m{iquZun?ae?L0;uwMW`tr>Vl|N=aOS;mDCr-5w|T6G%LR zbaNIah|<*v?nD8y_kH{0u>Oa-wTQ7E&|{A~ zWQQuy{3Zx{K%$S~vp7+Ic!B^eHDsO)0$3^V-vQ z?sNKeJq>WTkxavxjXmd&E5lj07G+{=MHj+Jyj9&~7-J5y+vGmm`Sv|ojC?xHIFcX7 zZoXYQ?f^~@+MwHDR1H&?B^*sBMqrc_hz^8r(H+<78Yb(~I2~15&@soE-uuj#xs_g_ za>>EE3~AtEFXwgz1LQ7&9*?IVsP-sYkqYM~;KD^r=HLh6n+zph(rzKfGXm~A_`{o8 zzb!TQz~#!@O=fe#x25AAiGN#K?vc&rz#3lnO6WN!zAwgxYOC zt}{`nx6B52K#fUbsR15SRGWJe%~rxCGZ@!+jo%Oq=2SImFl4Q*kU7=hMr=q8a}S9X za;5yBXh(w2svA;+Dc#dq-;m0>-T6pEN270KQx|}}+bK?T$3s%d2pk3AM%;P^1M&k9nd1viMz!)MlZJ$c|mA{GXhn^3RgAZ z2HgZ2r};WPPo?fx<$F|LAlCLd-?ID{hK{HY*ix@UtU{-6QVp0s(Kg-45ZqFB?AIi2ZtsuiJl*w4YwdXhx`&?LUXx?LRAr zD5>xe8moU$)6%S2%X(Ilh*PKy|4LEP!6!CY3x-rNEgsMTVAwvx2iFcUJH#1=QNzqJmpl;gq#3aOT{ig3Ueu2dbKT z85-PV{(sfnN#!nv2Ad`LTJ&`O!)YGAS&aL^cN>fZhjmVc@0ZSdSpULz+fOoXLqUyy z&b}Yy#*Mr_=q2gAns3B?CcK{tv+YieWxL?OgQ60&BBf2%oRQMMbss*1Br8y7${B>D9&>-vZnOa&Z~gcj59ecl(4-~mp1E8z!3>|uY%6=*@bHXJ_p}a zc523mT>=b}KpN~Ss?(4wS8sAIbT>L`lXJjEM>aXReYVvbov~c3<7Q*e)M4+eSAUgN zi*J+0ty2DmbaMmWFy2&*@&z65OX@wUR{3wsY~wi?^hM9XlpfDPv5~T+&HcKEg(K}% zkQPrII@L{OK<; z-=nh+OZ0n^dRPY44yc=3>)s%lZ)<)&nB{m-F(?GZz<8Ecbgsm+^od*dk(-)ABxJ40 z$|4%lZ*W%@%EubN4-&MMOqpq;X%- zW1t-0TiT$LH%PjsY6_{2_)m=ct^-%qZGlk$jH{{+>p!hlh6hKo5V*Wx z0wXPy1OObS+;|Gto;X17WBXCmlmuTlnod;>!jCnVa+?`9OPd?J?(K?QU1!ZZh;BMU z#nYdc@{i?y35{r13vbiqTQz1LT{pC-iyRstVX&^|y`Uys z-Bgo=fMTRN?tEQ7N9RoTn<=fSssNV3rCtrO6+w!mm&D$*_>e+11k{6w4UONMJP&HxMoHCIEmK zA>*Bc^eR)Gr3;JOq(MH7EPP3s$27+4+3IZlnaJ5H_LH}w__RItdsm6IV*;kIsJs<`F39A_q90~{e&AOQYkG0CL?je>K>l|TXKGoa2H{Og-unyCFkb-oS(1Fh4YQMJ{-Hx z0DSj2{P(uNsPQAaK^~O81%$!w7KY|^1VzR^vmo!qAC@raxD6)!tT%|ZLFk|>-9NZQ z;4*eE!8SclHt6>Cnk=uCU57(A2M#!lYx`_DU$>v5(p~9$jpqey3!{3JqX&&iIUQZ; zrk3V((*%C}q1bQb0lh4LTiX9fM9BYxw7f~FZ=cMLT1rg#uSnz1aGSI}C+$B2vvRS# zD4lO&D_%rJx%vXMzhK+DJfwr}&(MpqN~zqjeZ$VcfJk3>fY&Ezk5iwx!h>HArGppo zf2kUO%xFw8eq85nl4c%Nr5~v9s`Rn0Su6dARq1DvhHR{JV3+O+_mB5?`vvQyc+gBW zpl{^>3h`4B~iPM@GBn5N6iel+~n3C&Imk^pR8oR$Nb_cT``vd zN#GWwfegS3WO(pR@upS&$uy_l7ijhSc@3(&(43kcp~_}$b17Nh*x0SSrpD$0P0h`R zs75uWwYhOsP_L%iN!0CpjVyrfA&uSB)KO~u@W#}I(#PzslfFl(*`xi=HK~Pa`dGhn zL_aI`it3-#Ub(q0r_~Jq&utjIN8Qb z&oG4958g|bs` zblvM+in3}~T`Mo@@=jfNTGu|I{U>$l2O4)PWA7-2)B@n#*+P$0+0+ZVxxJ?ar_x$A z7GaZd@0FlU9i}E35n>__7vm_K%6YK#%HSPqQF2N?*EUYyEjU=4xw})it<}8xg$6gP zg?H=notiXYb>JRVeoaN9O_d40kUl#Zr*0R0%Sng!h~!RuG=s>1bE6P(7%nyHYKJHz z2=QK7_oFSgsh=BSoo#CVy-ICU{p|aK-IfeUbeAl+K*ASF#yEWZt}@{n?sJK= zTpfWg;w>?xPQ%fcHriyKFiWK?9hjLJ+P}kVakY4#)Ok5a*<4LHE^*tD?n_H;uYpqbz+pO z7B3KrfF_@l^0QKJ+wG9h#Zr9N3I6Or@m4B#Q1M(;8`qgv~pe$B(gnYS z3V~6yUFKXx<&bi#JV$ zQ+e|}VRHA8Y?tdRGb@w82v(%hme|HoaRRSPo(sbOjbV- z$A4cM-jOL-PEI<|ZN=8)kW{zI2PqFHs;&w$Zdaj3LW!d@v!E*9~f@?o|BShiH60or|3#+C?0o zQNfDoual+=JpmYEHW6L!6trpKt!dVgpn(uOgzkp}TkFP%0R_IsxojmD$N zs6?xR>S!_;5Yvk)^A|jEwF0-8XVUhee{(><@K>U&nfJd{99+Vi4~#i-he_PnNbNw9 z5jxQ5Cn>zCl^@Q7i{=f3mD!IU%p*07LOBJ#X8y@R#5>na1@N;*)4}D8_qkEc3r zdL8-|4?!VIRsSeOp!DqHb`c|~%()|(#fQ=WVcMvLmgC_kA(3Y@{VoOvf~w6I>#;M5 zGy;@Zg0!2hKQR+~n`}XoS5Io%xRAqYgRdJ4jBF)ZhXhBSAkR~o; z9JyV@|B(A!+8_kYs}^Kr0!#{*ClWUZ@EVd6dfjFALhtTIk0a!pigT<$9`*>`=}`Q~&S?v02>^8W3g> z3m%J`i%|Tk`Vp!Ap+tWmxAIShe?o8TA}4EAGXWeH9r=Zhav}FuSlLDUMG&^kUsK~2 zg(8^!Tb+4P$J}`3_RbaPPr$P`1APb8V}vEqOa zHEPblVFRkTq4}YU@so8(%A8EW96@N9WgoCJN3tZIj-;vfAmVnLuyyBdDjdEfPm13! zScxn7E-=u+T0F&6AtT6R40+|1L5;%c+3yZgHt3DRqGREh-&0@_9k2+b zHji7#^j0fAx_Uwn%@Bz#HqUUms_2-(M0FAvbk!Q?hfkW|$4YdTy9mt6T5fFlW3nvI z4ZSI$@A4Q3e->{bk->?6B-x{CnW1PR%4t=nV#pu6fPn- z@(dC)D*JKHTCQxU0_=0G!Rc?j8ROtjJX5WO?>7X0M%m=!+_ldgJjorHDPZrQ9})HI zPly{+7RDI9MexG!3*Lg>XR`pB>dwB*#o>Nw?51g0lxAe|}-s_L?W~sB( zDN%lBua8qnbA>1O-ox@6WSMD$3svZ8a_x?x-|b{r`}wmhrzJ~(r!t8g@Gy!zdzW~H^18esXmb;s{o?h0b@Y(R1+e-I)lcQF zC(~;5*-r)iX(&2F7pm$lUcf0=ho14ON$4RoYQ}8`w`Gd6DLb)uI``TRJj1q}2`pYO z6l7_ulId3tZr|i$&>@OL)?rUyo5BvD9-Nv`f|G#%jZ=3x)Zt1UP&*1vC zsL35YZSkl=+*CTcodIla*_6Gr9eoi5$~sR_E>HG+-o9T*cJPm!(xUZb_i ze8e(0bG9FZuH&_x*YmuXqeJZ+ofrBIsOk=ZGQBcK7R z6;9}P{v2i^nr~22Bq~i}`W;+pc+->}R-Zx}!j^BSzLhAxp03XxG zKhCdv{6?ebw93q6;=&-sugRq_0_=DTAhnbjW~qT^@rs}sgkAHG^_u57L3`!$$J!IL z+6l%97IK1nS{OxM*~gCJOI&4 zrDuLMjS6_|vJBl*OouGBUzd3?ezJ{FYcp0S<%`VM{TMc9Xg=Oz&%7~EZF7mlyg_r- zyeotsCU~`&YXK8`a-VxOi9)0gQsy}dLd@K8;727Dffoy{g?)RPn z+TB&b2ww-%PQ5SV>=txgb*QHC6%~D%Y>fh3#MazB0WaFK()^s1o@K~J`OY7>iQq;Z zy+PAtU`MI~av9ITrIKC;{m1n(ygVuk5fc0bER6$6!>FZ7P$^yeHx+%?6v8#;0SkRC z;+mI|A!$=`cjCQS+|KYzCjz5~^9gL54mlGk2;{*coJ1Z*UsvcQ?_0 zw;sAq&HN?O(Pd=;ed@{gcpCjMmO(t+4{uaDSz&K*yoh04GY_!EK>L4dk|vk~MFlo5jeF{ka>6&ilAMAX94Te zQ=uy-@YdH{@*-K*5&ADqYx;$RG<3Tn+Gv>v>`@*Kmsq@_Gih$;S@KE9M<1Hcq@pD=5jZRWK_w1`y{o_1;jz-U?f8Yn#cWYxJBg zk^tbQFkjQRN&+5KH8CHKZ4qjRS#d*FuL<+iu{m*Ch&fiq! zrr_V^h740Tr#B|KDQb`l)ohc{Lmn*}bWu91iDa127)E-5JUreaR)7hFLZmbkvmDCr zcF8@S;YX~wyfV$d=Z0SOTF1KM;%e#NRrymT({dyRxn5g>>Lve~6cPs5%wWQ27?7^l zt)}{MgU2*&cLHYKR5W+eKuxJhoDA4zhNU`QaTd;makxLT{XUHlP_vCMv7SQ@BDq@` zsz;-C0`A`iA zfR<;a`!^~#X_vy_A4Uju4KEW$ja*mh;0=}Clq+TO*X0>?rMR0^_ExBp?(zqz#AdhU z7IF%#2?SY<{2VWHC6-zXVPqFkRP$Gfq7Itve$NC>t4w|wVbhUxK~LCp51xduTKgTR zyd5NLSe^Pkr~E_S6&&rAUT38k@``trYN_)JcY5y4lD*KBbulaXwI*ShFveksfi@(3 zmm$I^8b*j3b(w<&%A7a|e^!oBX2Pkpq?N`uQy~xa2*TM^JUl#Arv?=oy!Dcu2fWaT zpOI=s3+Ff9z5m9$Hy-7y8}tYPL5+lSvGmq}%=Z1PzD|JYY%rF`l=S4PXF!Yi*>K)Y zuaP$yobqcGXI{N=e7y+K#PQ`5nvXA?uq=dzgsz8WLZ$X#@h)Bd3FtWgd0l#zT-j1p z&pcp-t1;!OtcQFglW`F3+vPWy1rDzS-)eS7>1*hHizaGDPsLhx2EHwDASVW>fd#J0 z$K~coFoLKRbGRCXC0gf!GIE-{F1Q-V6~pxm!viT~!*oBQTeV&l{QZh*C6)i%DWqqE zi7_uVnk*UABjupW7oD@s9GGy2jBg+>7}l_wW(9f*>0yhyvc~Uo>!NoW!TpunN4adx;JB_nv77fc;4^cCz z(A}dzjdx$=UaI#vTblFuB)yt=5jeKB!h!oikvo#&rC&A%Et)n$|_yQY@E(( z-rnPo-?CPj)%*^>Vt!q$$iuo&sj*O)bgHWr4&@qC1Izx6fSDX^7tpPq}uNv)jLG zyG!n~y;yduLuvT+^3}o_8{~CqdqY;eF3oSqwAZES4cQPQKk`U!GX0WU*a=QQo`~in zwIjXAbaz_a8Es!p5d)}8;fNmWPJv<}tikzb&uBg~ul%%|b1R>Wj){ALG_8{XQ3ny! zx1a6|;J@vs1`{las{O0cU~(QWr>+rkS*&${spVJdn12K7#Ng}IVR@x2mX)q1GF$j2esVwKnIP6HQBqng$9mC9;*s$ET!hFIW3 zxx?_aj53i7tA!3D19B2Mm-w$BY#F8!;Z$!yz`Kp3s#HmTnNIX*hWeqrsgmW?S9v|BL+^7d%sywjD&tn(3q({a z4=Eqiqz*o?yg1<;1*l-Tw-8ENDl4(Xr;>mZ#Y=J((?!d8xF4BbfrF+_okrI*$P5rb z?bI18;&il*+xZS=>_oH~3SC4-()~l?4UuWy!xT74XDW23fqDuz&6@_R@>LWiZqC$> zc}Bgb=EL=KQbSYY4Js6@QvM#@^oZ^Q5No}(BFoG@um)N|ho!hson=H|o3kFo=t(#x z_?1z%KC1XoD{59n(M?%ptFqOS(OlZ) zIJ%B>0PE+$9o<45n1+Dz0_1x(1WWw(M9O$8i`YDv4stol?qbGf9g@Trlv+U;^5k9_ zQvGP;;b2EZ9*s=3+g-lh9b>nHc0}fdK9yfcp;WAUQ%-tIHsivMeJpJC#}fHS{NDFl zI27*vXSciql=od(TqqY)?@0JviM%83yK?2ezjpWe_3DqL>0?3V%fCp7X_rwM>YfxR zE1v+jPQwL9#10473&6x(>90`7=%a@X)a^l^Nc;03!Gd7_@Ek>+YSNvSnO2iPmEemt zk!r_#4bpsYUYl7%!W@8q-JWg?#Q-MhiS8JmV%U0oXF%-})m%>oa$;KX*s4@jGMCOV z63k+F2GOpqrkL8#3~Tj8J)`ApF*R4bCXyj;*6ueYcv>qMMhw2G3v$Mv8`nX)Zx!c2 z=TckKq0lc3BW0a)lHRN+=WW#4h=+%oHA?$isH?sO(*0PY_$NQ=f-7^xstM9Me-l33^ACnM&zChw4eA)X3;y7t)<@$|x6R zLIN^rLn&vVABA{|^9s}Y4*#1KwgIu-PbQN!j&LC4NBqoAU*sk^}+V*;M$!=5muh zOQVhq8>~BmzLAc~Bxwnk6$S5@B)MsIJ(Hv^g4ko0oUj;B{kIkbAnBCqXbg zHbSv>yTkoaYKZRc33AW*<+)zOePmEEc};A@}!w0=bA|pgovg8Z%Dx z+9gVs?K?|?6M}`&MQV~@_mBc%G6jj6ZQ2Ng^B|rnfAo*hX zRa1D?lwYmX8H1?lPLl`fCP;oug%|8ISvH$>d@VYSnJmVklVvDOC1$cv3l!!O zJ6TvMnJmwWT18sS2LdhX;P5?mvT)8eXZQawSpp_Y5XW&d2mNvHWEsn383}hr&t##! zm@LkBDn$eq+lm2CRw@QG?r@BZI<3%DL^|zVE522cMhGcZ6t;~Y%ZJFYT9yMLmurpk z|0+%INN{}k1a-7NCV@`udLJY8J@;$TGu_klm)&Qj5$tkoXnsjmjPR>#9D_fR+UNM< zM9Nxa{T@mFVNcmCQeyX4o0PkblDYmdk?M+7gOsLaPGi-l6cVCVgYu>Ltnm-JL8Jen zkipF@8S2Rk{r4O)pp)+z0?OTDceg9MYkAL^!BZ{;F7dI{Tgm%PDRdMEBbw`ZZPxbL zr+g%d-qmu+N0Rwi?$V(xl(Qhoqf)Dmd__}%@nNaIUEDh``y&i7rZ)R!+oj_^SQaA6 zzfDSHkEZ-9rF1zES(Ruqv@Xq64XFntyhnx%=TRn6P~&w;5P^AFC=WoqM#oh5G(A0b zr^-OONZL@gm5ezWE@nytV<)-PNRe1{MrCp@!chpEfa3B-qn<^I=!Z%snhCxFr}cQ; z)bQ2?L;Xfts4;?y+^WAxB4V^VF*<&Qq>jXa;pf5`5(+t?aY1~D3t}l3>t`m5MS!t@ zcKCyFU)KW<*lZYar;s?v6UUbTF`{h@{`eae{Bistirkh+m)nnUXfCY$151mk(M{vFH0kC*jcw880F4S= zwNNc4 zriRB8(kD?D=OjhvDE)wPE>rq;)YNYpwc-+u*2|+AX0>f{lSzxq*zFH08FZC@s&7)u zXpD~)?QjW+_IiKr688=(#u7Ihse%`PdLr}*4#TQ)wngn{#)6jxZ(e00yk>F67%1Wk zAXJB#IEx}D9qwXmF;gRLxyr`dafI>BHZa{)vPz+dhdwr1IhQl$>fP9(n5#Edtk&z4 z{clHwn6YB7w(eF(agVnm0``gsut&v@*8-T5(Sz4l)%Kj=uMq`UkC5$ z*c<3){`k@)NGl>kZL2s$F-W_ia8Qj}ytsT|HXy4I*v!%8RU|i|{&;&UX~$G_k9Ie! z7`0QO{zU$MLGRh5gRT4iAi-RS{zkjE{@Y@!Ddk+DVF1YlnUuscM^!rF8Iwmj4y)j0 zlNb#2r&>K^B1wjGup4yHK$*v7amk@0W%0K4m)_#6gVY>ZVaD3!f?9Wi(}X*Y`FoH* zJ#wLh`^Uz!>7*9QGC%-g$I0MpHyfax855#IByoTF5s`HSf@KMoW^{SFHLZJyX)X^w` z_#3M?g|7~849lkQRJ*;yvAgAV+qsbyBYlPYqLg2d8nko;!D`%DtzUPeQTtDOq&_?# zS|7UyLe}uw&}6Vwpv=QTrXJM1M8K4zp_Ss!;tjfdkxo;#EJBaz0r9i(C{g11TJD%jvy>z`Lm&#FCwTndt~9izi4Jru3I(grO1;fPz&W1GW- z@P;~Zau;x$px1WQC*h_|uBbl*RiJT+pK)WgIm7m0jJW&5mFH*ae@CfDDAnUXEHGNy zM-9}Q2s5+tzrzLW(*H*ii0$*fCPBT=-4S$~N4%{P?aqbX#wZTu>#-VJNHiypg36c3 z3+^|n%pQkdP*v!Obv)9OpHc=YH>?tAakZ&;92qzWr*;&O1&F(ylG!Ecof6#zsH8iq z^dxw(C#EMwr{I_FPf{(r0$!^$Becr=b|$|~+TWY|sUuFaONQFt=R)HQ?t(HBDlt4y zgfulcI@-dKlyxHXCHO;JX)1AKj@B{khjP-Ku_z%~02{SUHQcKX=B${RN9>;@Gb*lR z0H!CNK2D79!fP}>2D2h8N4K0&aYo#1oDtPPau5%jn6mq$kTU79s$7%S_cjjjFZaNl zxY7&@%Aa>Hggut3HM7C6R^*i-K?(eiWW!zg5yeZ+ggpfh}Eorbf+`Uuk zcF8esvYguw5^u>3dZ$Eo$x)znPgSxw(POidBcOsKf*IkNYCmhWA5~YQ&vMu5C?*As zk79GUr}9TcT)HlT;^Ji||7UA`G}d|&iCU?5T(Q`D?2sxlekj=U4RKTR{97fxRZfd6 z&-mDIrms$CFnmK{qW3|a(fIL<)v;R(nnoyergJ&$H9!NVM7qP5C~V7bsyIJ1Uufor zo%lxnw`M-+O;o10#Cua>Z-Fee&3q(8LNxOkUufowB{(s>hRBEUj%*MbdaJnC$UaTI zo@U5jES1JagYv3M|GBY^Yvg}w>=(s*L1OR)(b$_!W8WYw(m7+%^fotoo@wrBdz<^$ zx+3e&bgop`ou;{mhA-`DZhmN*`*PG@(l9_k5dx!HGF{QVO zlD#a)zCww=(2eS8a*!tyPMUn6u5qrg{ud*EPsE8vAl>)uSoESP{AJS z$&L$(jb-(ph1grq%B3b>A?+LaGE=Yp-;Ra^W`s5Wd#9dp#O-VTU!w>kMb|NbCr7T8 zs=eMa3dJ_7bIoQsS)P??*J`I7`M0)R&NCAhH%>E&EVWb>?+*V}VmJ1<#y-O4UDe|n z>q0>WoxhK3Y%M8g?Ie6u=H3XH5KRq8mCTWglA}pXZ(T-j$=U9ByZxd53@iT%br~9e zc!N@xD7`^F%r3G)x%MBnr48!8q<^_9`jHeqmJ9i61D}2*k&orHP4Ba#on;yEe>)U$6`IeD5~gyi(g!6p<|qr)RoGeM1;Vg{00$USl}I;>>$_94$z-q z>cYHUQFI?xCs*VHi@OIP&#rG=BT4mdl z4_BTCr_A|Sl>OVguH{R7Txsa_H1X>MknL%s8`SlBZL-7m0n!NiODD>1!-~;fORHzS$}Ulhqg`%xTFq90@U_fHI^|cY z{0kLDi%#bklW)>Jr*68NjHHv*$(DElCzz2~n-zlv^|jfgUKpnLet6bCcSE0rX8ow< zzzFQCelj2F+hk`Q5SfW}y_!ZYCSIMVsCgahDD!6X{_ zLd6F7My@%X^S-T^0n|6FZ>T9&&m$f1pAy+AMSHBZp?Q(Fti6qrRotiXn!W@ekQQmi zYvsZ^9J5v3|49xW8hQ|}!=3UD0S9Go26RipjgvIo@2?aF-s*TZ(K$53CSyZ=L7`a8;8@R$sAf(7n;wOlW5 zR2|fRo9k4pz{i*wolmK*!WB-*sc)nmmeqg`QiGbX*41Q0Ry}>7s&5W%_HGK~ z=HTzz?xx!9<&}T_%d!8>wc80d1&bLCt8Hg`53uxaXGu4)cg97ycMv=x52(U+m9yVs zER5N%g5Hl)+tsBU+WXzK9WakFpyJ!rZhm-+vZrB0J*+}sT5ZZxmcn24hIpf7WRZ}n zqo`C#jLq?aE^s8u=?<jF z_+0l@xd#T&1E{2talv3We6{kYr5RT6=7ej2$YCmBKpdG_smk}MhM-X|4hFbKk+`A5 zB*VDC@_>0qTAU-z{?vb?6&Q}^eS!i2m^kpo@Y&gLy+x05^Yh~K+@wy{CZm}!Fk3UI z&P4o#QM+(Uw-N0xs|$TRj~5sQ!%9e?1$ou2F6bevyj?k4HH0Jv;_$Mi=N@K>~Qc<+@s|L_2al46AG>7R31yB=YjGQQ3nGUg<;2iS|U3n zJc3Xram45&k|@M;j3zuDYG5YFhtVU9KngOK>SCB^n=YhlGS!cgI_J98yQQvI^BASW z-bf>flC7#O+DZo#-`CHF-_!EGPQ6E5=Q6dXqtsU}QseOIQx1?7(uY@ z3~x2F>mssW*Rdpq@&t8W)TN(jS=rmCRzfTcPKX|_zGVA!KGR}yFuymbb1%4A=vMa$ z>QKX){;&umicXM=_kV{#&9b*o9~wR1z>fCO?CP2-5uGRk-RSf-{P~tq=uSW)d>+xM zwh^61y6k_5=saq8it=g|AJ37meS;6f1EXR9G`X2NN@lhQeg#%@D zc#Ma?Nsm@z;-jOJ2$GKuPs*W`)Dbj5A(}+e*yQF`-4=E9v@i*@db(1hX1I&oh2ElI zp@))1B?3|?lq!&^Pf5r9i6Sll1RYVTW+-I43rP`NsFw7d)0oAxH|*H{v8qfsmWgN3 zMtj$b^$9ePDYAgk(1B#?VzL8E^#w`2D0w?bFprZj%3nyGeh_>YgXjtMqG&t# zUc$%I_oUE`vRVygUgRDBan-a#Nx$U2LVQxt9`2)>bS{VnlLt=H&>KwFP`{YLfwo%E zbzmSE4Y(K^6AeI-Rcy4Lj`3ez4c0^6^`)x9Gde`OKlfpD?z~P0dYOgsV9bJqDjXRM z2o8&aqVvWCF>hqDuNtn$rN`=Vkq9u=@p_yZOT8zY!fIl8dKzNgRlt8M+HoVd-K!mU z;6M)sy5o>A3D8jcs=#KIs4}*rQGxqgWg}r%iI_zB0FXtRVg{fgzU0;|bQgBsDJQ$# z$wFFs2Gie!wShp4sddpuy`-TPJ;@3lgLv#!cqt+#!_adVBfpGwIaJ-$<7K!<95RrN z1KHHR%QF3u>52G$u{QZ?cu-_$1V$&6-ogSR2!B$bdTQ+eyC)5|kl=D9PfZQnYk1P) z?hwMvKM>*t*GQFNG21Uc0|Lw-5)|@vL9GW*|6c^%_0Ll6BCbqP3$4cKSav-5Pky?f zi?PB>3Vh;8#wVnHYeH7LRD7o*jZMD96|q|zk5~RPy6Gw1sW2hWZ4YNS>^Q440HzO{JV6+?YhPHx9QS7?E9#;$+=ksNsQF_ovCxx2%Xd)Oy~(H zdVzFZo7?<#!2)Fv3}D2T{Z?Wb7b$S*!~8kn#%u~&@y2{I`c=X-NS2iP1xt~AP9jEm zuim{!MP|qk#s8x*q5D#i{3H*6t3iE}3wu7go$QgmcAK`_s^0BX8th>mS~Cn>J|NOa zS%qOM#Jq{L1j+gc6L)~qFP!ny;j}xY5(E0Pk_pBYIhg?E1aiB+66OQLFb%u6$qD>NLh8hc_)H92-Ogh7eK&nHkzy*0i#nVDy-%1BA>x zwF_5-+v0b|@SM9tAo5gMCtH>F(^W)G_?CIOQ7EFDyyo)-S1>9D@mhC^sm-48yoLS( z1t2$<P z)T{|YiY86F81(vQlrdNwx`i0+CFY6tq;Q}Djy5Bv#oKo(U7=+T(rO!m3vnqP93 z7|8lrKA&|sPvT*G%J>8MB{_?S63L13O3rQOq+2Caf=2+Umc+bs1>p&6dn}fsyes*O zV@=YL$zR-n$&;AZkKgUr^ZPWph_{&9BO^>UnaP_>vT~Z_VnaP|&I6JnmNC_w`jLX$ z>W!<^EJ@-xOsaD@A3UhzK2vhGzQVJ+YP+S9Fo%kE+xVGk;Ubr-vF+nd;I&o8mdBmN zi_0F^#%0o6Ht&R+gX+LfbKzcM`lAesm@cRT&erY!RMlR8wd`Y6{)>Wh2Om7 zO1V!N**r<7`MT-?05XY%TPm^;YONY76BO0`2A*(<*?eCxAZXji1jxq_w;77QMl{(0 z@#e^3l$m<*T-qu~0=KakWc<$}X6P=yOsjotoUE>O7()zZ+DDC-(Bv-IqO z(sSAGpVzopso?_D#;Z?WEDLipiI$n@^kl@TNjE_AUu+urPLr8Mmd@$eN4-e&+VgtCS>qT3zoVE0m3~z zmnJpF0DFz$vlsk;ee*>eTg7Be0*>*|PSlLh#TEuK=YW+#l!5%Jm{4Ev z@xeLqug>v*jZ69G3H1qrc|{H5Osc+TIfuQdnORE|s$wx22i-725sm7NFNUZFtBpM< zQgBO$>RIrWOb7=1zZ9w8)Ivi= z`K2)s?q{;B;!(Ra%ZaplVKrWz8SaOI$c-A!>kiLqUb&s>FdplE)lx2hg;(^?Qg~ZZ zc6*Ncvp}eLSZK|;qQG2L0QYO%PamK1v<5h*^axj=3=&ik_k*^?kRVu@oOcj<-@ul5w z07_p0;}G=<ym` zxQ8-it%^ocoHNQ>9v%%(W>3ib0@ksU5rPJA!%!{jtHi5wN7^;=8Zx|Ok8`-)R@-fS zw{r|Jxu;Mek6ovpkgJtz!$_pp-K9cxPf-$$CG&KKAB4yq{Tf!fTaZJ~%ALYg3_GXRG7p!_pedPRqpERVFiRCiV$JdSumdd~VS zBNt+f^D`@FUj;sQF|PTOO<1+f*=AJ1n_=v>!ai*3g50Q}fH3{YHm))oFOgXaCZF+YYd*~iBZikvMdtrw`O zx!Dn!pGv-2 zO2&)n`l}pV4%#^mOt8u_)>p%@GB*j1qBF+IVyphnJ|i zdTJ2Kuzcc)vaK7PmyT>o1?y9$&kglNfW{N{isz=PewK&?krxy4Gk8AYtZvz*fr`b0 z2P74#-alPvv{Ne$~{2xR8wN92AgMZ>{xc=ApawZ7}$ z5exZz5SZox{%8Z={;y2X>|~bxtQeLALSar;;8l;_CSYdX7H6MP0c_EXiU!>nYj{cn zMLY(%v3!qVv}j(|!U&l74~cv#^yk;*Q(1_Mx?V-_SysK9iM*51?`E3oiP6>RTAVaM zi78_W37#)(Iqco%6z@qUT$fI*HXItwlsJ7>ylR*C6X6=ttPvTu`w<~Gysx|TUjnP| z-BHp0dUhl|%;Q!NC!?%@sf@z-HOjS%!POuGZ!uXxc5otnE^<(2k97x|JiRprrc*sU|f$Fe;%r{w_iCP4%5h9%@w*Eg&6e7iCql*4Ph;@YTl;%67 z-(CpBaftKVj89?#Z~nJ@p`Z8otxf`?z(7=UiG`Y+q41R0P--wzFXVD%7K%3KN(|A8 zg0n9q2~#|JwMtFJUGDZe%RkQ;vcL%1kl2{}qv%bp-0W@^rxN~$BtE4FHWIAxZ=`Ej7?As$ozNR<^+wftCBsO5|HTdh^Zc5G ze`PWLCLZ;PBKi`(X8mrnQ%H$b-NU2%dfGZSOtwEkw_DTHc=6i^+73CPn)Bm`@e8@ z`0}X#hO)cQr1D>7_bu1{*RccbVHZ*7@2L|XX7{X$KBv^P%6X28I?t;1=OA`CuDp8f zvuf0HD*CJn+fP%^sWa_2$3M%XJg3$k*N=qk=hTgOI9|rXakTMpJY#blPmg{DBhEQX z;Y&uUJIP`^0k*Hd+Xcf1bntN~`P%!tV>V0STMpS+vE|BNh+-Sd!r#a*j=w_pyMdyWbs$4; zmUyz!?UysNrxJjiqkimxwz6G4k%EhzF^UK2R98T@5` ztqpNQDr4djCej!^Gfl0k%y`_(K0zL1r9or4wgzH>NL?+>ZXCDI#O^ip@oo2dedyA8 z$2F~v-lvN9qd`BWY93eV$5imRirDwTW9k9@xSI7CF}KGtOpa?Om-R8_KCbfjssF>; zdw@w*p8fyx+~=H`GiQ3+o$ZBX3uS?&_oA>WNJj-5Dn$_sN{srdK}C#40ehz?*cCM< zmKZ^?5RHx4qk<*|WAchoV~mON`#jH?*#*Vq{a@Gr+H204zGt3#m+$v`M;?SUy>Ndh zOj3tOgS0=W0%CAkdss;@7cB&9+-y1(Lt6p{m`==RomuWl4l<{%!_0Cia6mFBc61jE zu_F@f%QN7LS(;Qpc!Q$};zq`gc7uOWqi$3mNYjTBBJzaqgdA$Hrp~U%B|gYGDS|d{ zv)?mM+W5o^2sr#*gH>wrozSeG3K=CY16W3}su$W*;DpR{$A|i(UvQe$BlsChCG%@| zq?u|!3rp+WL(?l%S+cURf-miZE47p5ax#`xgs|>rMU})f*Y0snxnbCC)JUZO&Ul=E zwh@Y_|6La%Euq6G!iTf4)iz#2WG5~5vW)F$^6gXzGR=6s8X=*lr0xlcbS3oJpp^qk zZI85aNi-2o*_%i?V?R1_RIrj-r~KxTky=MOMaFFw$6e>P@Q#bZ73XQVTZ~^` zOyg+biob#z)_(op6*7pU_^uv&*Fe6fP2!n~YztE|)%iky0QF8XnK0fm#DObZb!w+B z#U{(0px#r?OCaJ{LAAeppL`wMpz-60-Hzu2DQ}?xjy^ee(w{qrge$bqGE58f*9d5rups!bRE;fkGs-!2 z7;d#VfaE}vB&o*pi($o>PM=1QX_*3f5&{j`-F*xv)*2q_AJ=KNa$iOu4{{|CI9hUw z%hV>-vJU3x=A(H8s$guqU+jK^DljI}8;qpAn@De} z>1p>lze%ABTD6Zw8enF#l2bL?S`$C~3qAIXP zX3uwy?Kz|UAa6$UppxU$3(Mzb=1o1^iKQ0~IVL)1&WK3B=c!`{1gcxb zLO+q%MAAudr1YOd%?k{K7`jZ&=yX zXQ@hd1+q|`7>*isbuyl4G={(zabpPF<(G^Zv>`anwA*!Z!1XfzItgDdSasI*a?WM4 zU0p6U7f}t;zFf$6S6nPuAkOs?zd}XaUWD|pN3NIXZXc>RU-C=E)vq^PLdx(md0avd zu>kYd$n^x|&zHzjOuoSB3#Av%Xwm;CysQ2HXc;+@lwH8AC0x6_4ML(-aQHFzsaU;# zH2A8TUNbUMhJ7`-Vwh8kDxz{%QXRL~4$2C-XiJ2%n2vF(Ms#QUX?2(KTEn|oDntjQ zmOAtKCbyejrb>e+SCS8A18SsGyB4BC2AJ?eQ6U3-@;Q*5PJ#|%_^^Z}8oV~n@h11X zTaAx2M@zGb7=E%b9&gqI;E@pifrdf)u^_F$rDH)=%#$`^L7L#GZOH-hj;eswg&*|+{FB#(iKwvsw(4uwb(aeJ~BRV6Lchi z;J;7&I>+6vVBki88wtE-?e@jv5$ToC%&w@9rA<|2^T605(oninRZb*V+z}rbVrib^ z&xj8+Y3%H|l8t2ON<(9IcEPn;Bd4By=sC{Wp>x{K7vmfl|QAN zU#raHs`4jemnh7svZqu7c!^ru##Esu4vQB@p{ium9sn9WOIhD1ROn9SSUuOPfwuxI z45oPR3N_|(<@`$Z+@z=kSb}w};Tlh?a{k$GR0g-cBxsYdyI+k3abuB^E_+oao3egR zY64B2q?ys3&yy5l$r|X#sLzB&sPrN=s&LD5ZZ`K_pvZhYZ|mUfsUQIz38^-FAgcXi zAky~?m3yp|(M+T=J~n10%MuOR!*bpilLJ{A-RQ_BXR3LyUYS#$jl_G`ATxTM47pz1 z;ta}MFAnR{!De3dyG%Y{0`>x39g@o>c9G1ySdJgsG%R8!S^9u+`;R?eDwc|KnGUyY zWR~F_Gs|9LmgSbpLiBqU+O-6DH8h$~+BJK+*XtCl%<#nuXTii(Y2fQr_2p`M8(bmx zRuctb^t^$X#(O9}_4>IAHwoL{{VHZpct9P$MKx_!5rkSLeYZ+ij;pBBY*2326Esi> zy>s~99B@EC|8;Kd9r9!1PLbD@Q#mC(Eq^PFmE0PYNExV$cFxTFdPZA_y133F=Ftn9 z)%N|MtDb0`sGoI(=m|nsHF5;%(H~2xJ{*vTz#}TQkI_;nH%pR->8a- z)q|>bP|`$cOQgl#%6waA=358VOV2x9?&4rv^M1(>RH9cJ(g3u>nW^KmO_@kZK9|mq zD;-;2QRY-nP=5p$RKWc(%}V?*TorXA+d$@Kot%21P!{9w zw!wyG13g-$8;Rh^zU-R&yV$~ca5P1a3;=Z9a2bx;j*evA$fUvy-9KR^+X(i>>|_W+ z|Cq>u40FA^ueH>%n2dGk-)r*|Ii_MFr~mBv!xuU~v{NTeqC0oH@Rh*}CHhmI*spNm&0Kg-ec>J#uB$=D$<#~9 z@XqVL!(8_ObKOI&VJS4(qJ0Y2%r@FgYEk`Yw+nAVJEM?+YDJuV5X?UZ;iK-#p%*HMc8U7y$l4DCBqz<*&8I2HTwL zm0e+tB@w+vdA&d{`(j2LfltlR+f~Q(VTDC$uPSsDa5z7T1s2Guw8Bx1nJ%@ms63RV ziFo)gVuHwY6GHN1Sbr<>t5)--f6B2Q{mun$A4yA{lhC z^uI~$Rg&24e()xVo9?wtS95&C0?W~t)*1L2b$Bz9`J3It4(IH0FXT`aTtD-^ex|G4 zEm#-tM%9)Em)kzhIaWpF0%cW{*ECi8jo6MEaG!(90rO@8$h#0K80Eo(BpEu>n*_K2 zAep6A${RtTUPDs%EMkQH2?ZsBgQzWQhk{<*P}Zp}6XB}#K76UQOQ|IV1(C=uhVMF= zYgUPS8G9hevw=-4iDsG5;Ee;=W^FIl=7_f0+KV3*8OP+%NDhR8 zw75r47EUvrnxs`ulzrJnA(iuML1s+n-b&yp@xHAzH{h9Jk?3e^c zGYKB(oCJE%_Y!azCck?u`ZCgD20d}19cHI!w4Y#=IqEwjoqBaxVoit+blcstbO+<> zAP6WhRBsU&stjlzl!r zw@;0=7XZcXTDS;LGVXdaf({E3@C#i?XpOp0x2Yqj_`F`l-3ctd;b2ed)HK*fU#l9f zP!|bQ^z;oz(f zkY;BS<8hxJw3z$-%`tY5)%2iL-zJr}%NFa%hS^7Qo5k%_ zA}-#|R_2U(fo_W-LLK>l)pQSp{w@pvHyDhRMAh(s@p4 z6*e6Se~j!laoQ$ztbG8badW!zJ7wCqm4H-gL7KTgx0uu9R70xYVj=Q;BnbUk6kvRn zU!gLQd3xG}E{SXlsqLYEh&kP%%&Bo3_S;kPqhHJ9$K`;1ols(E<*>O!t0?{XxX7=? z0zq(_l-@3zAY(lup~rA%c{=hqI~TqEGCR6=JBIcti$!_KP6$5c3-%vk9u00xsp}P$ z0TPuJuynPwb(2t^o|P#Ygf&Hg*CLR>f>p(GjCO1{hfl^!nJcVyy*mx)7UG&A9UaxE z`Mn#^1-Z4NbLtbhfkk&<<`+`wYO<4^9JvdnL>AgxRsK#j*aHEO)OM`4p|ylREt~x-*HAx>CnJAWr5~$_9rvyP@80q;C3N!h?9hu=_48J&#Lbliy<|9R^~Tog zWiamDt8hC=Wl}rHwm(Dmw&4}a9mAZlySIcMw5sp7BBK~6BWvqI4GbN-qCyupeZrz& zA&J+eLRtN6b*f$(4{14y(lpvw`@I%0tf7l)I4`#d&rQPr!J=4(bdDhRl0{5?exxSe zER~7c_zWpa)TR%j^gx0y(2%kf#6(XZu`t@Mf)H2b{IAYKjYHZjLhnoj-X2MoCawT) z0ZxptIW40R&i5F7?q#GJ>U65%Q}vVtj@7A#C52SO8DA((Q_$m1%X6Ps7(hjNZUTs- zh^Cl<@(DSN-)gSsaTedA*Ww%e)wiEngJYVae=YuAU;UrXgEn)SI0UUO6YFwWErH}S z#5`Uv{M#3(ox?`u&T)>xnK@|)l}`J+9YiE8>u`SoqxEBZ5;P-E6F{DkqOi`@G#qd- zeJK>5*Xb<_umRWfa_Ca$rI31=(tdO2Su5 zsX2<-6kg-0nyY2XRWj^qajz2ZYT*U&X^6=t4)}}LoRgJEQSjpUUzpqZGg|^t>dWmQ@%PqE=qz%}!jV|UJ zO3uP!LIL&1@zY|J$y*68h{`4Ss9w!)B%$`Y-*(7=gq_j?Mg?MXO?XNa3MI>%r?p`% zC(<>YO+BsB4m3^X^?i(^4LS{TBPWcQJHc)#kRMQ&?VwgN zE%fg*)Jj6|x+=P#8VhsZW}@rGy4INNogUiT1x)ZoMpb)eEuEo9dfgS(?!xJK1RmX@oDbRRUJA|@86^KnfQ75 z$fCam@Q+Db2sfOs>RX)ZDUtS2d-ZxX#5*z*E-X3Np7rvyjlD_wr%3kJ_D5g&t==`5 z;OJ4@rjW2A2r}QA;*5{BMXt2s4=Ih#X|W#zJ9EAwj;r;O_XN*q3E0&txj6BOP`WkI z5pV!DgAA~q#wX*m=R$jC4sjX&oWbA%lMxcJnilN+pMe-V-kn zCy-yVl^=yM(VyK(OVaiZ=A8^xa3Ih`oJD#cb-r{Bt{6ZumF6fhH!JX>EC`Ns>Yf#Q z3;F(M#n~bptu1nLu)AYDD2DpV-a3D{@+KRD(H3HJCyHnYBDCnlW znlMTK1votF9z@o9j&&5I9;ifvOX~!Y#VkAHu%h2<)M|V6vMV7D?T#Qyird}!75^Kk!Dw$63Eqd$xv&l=3Q*}gs{wfH)Y59SZV~B zr*#+x%Tg7h6+rFTzYnjr)f#)jYFpM&uF5>vX|Kj)dXe#cT>S!Nn$CSzJkzYnEz0a9JS*h3} zjrU9Z0U|h4&$2^TTJ@LF5__yPrEZ(oM+WIIj+?6=f;XGvX93{?LqyEh$_K#?Wy{cd ziFssd-S}{0+H@Ne9_bvdog{LxvKL(UcOyO;=4Xh-;UmWsR7}3hyV2z02{JxW4k|OU zu=jd(oOPJR4DKpbNe^WdBC4paLUvC^5~1u3D$+w!`(}4&GE1&ovcJZw=|OWPiHSXyJr5t!fW{o?$FZSF$Yfp? z8j}@Up-2EaB@-yiLZZSCtB$b3@i8)l-@2diwGtJ7l4`4JS}kQgP}VsfG~w@6b<}q1 z_N%X`Yb3`!n*sM}_@BX@VfAVFg^)R|Qai))Y4|yNCnofBq>$!T&x6z6o?Q4Kj^Ji- zo)V7O^%FLWSG<2YJmIQ)W#VSc_ow8f%^2XsSp0X7GN0+~zZ8dSdoMmX*g{ig0SrCz z7e1_9rMFr-Bfyi?mm6UFQqPO1ikS2!49H3i=oPd~Ni z*Z4NzUcQD+bN5}cOUUUqIlV@;)El^+XQvz87AGAA^TF7RIVCRQB+mDqbHK4VZsyHB z|0(c$2Hsx&X>n0A*M5Q%4)^eeC&Dq!b=SlB9J~NMHh-^C%GX$XWUu=Yqc_wBozB)W z?R{mv{hfCV^2hY~zMlRJ&1}8QmTKI|L9xeFvel}NOiB+*5wd1fuTo)NA<4Z`v*!zg z`{QhYjf|bd?CE+1l!c+&i%a7K0%m$#qt;!On3ygOX+MemQ&o0SW$~#jD{f6Ox80@d zXVU0&9mTD8bMYOSoLl0*gF--Y926aB_*7nTcIu>7a;MCo_RajU)#KDHGGv_~og7{# z#I0lN#JNSBbu#1@09@;khzpd=-it^JD;gp#;etpDjzrWN=OEGom@1gMSoSj3w4+ck zrGD5^h^|!Oq~-@`M*)5AdOEEa!JAHh;AurF9OrF`BI+X*)_%eM&i%^0N@+zLYIx!5 z&M!7FF6N#}dP6!)rGbD>O?ipR3_lTH&APIqh{sf#=48KVMwq6F6r1LN8wm2>D74wd zw2gI()UDHAK^tDdFLk6tjqBVa@CpXHQzKL45EJU}Psq&9f_7oV2XP3ro29paUQ$Pt zQOC);>Ka*RLvQ$j#$$B*DB!)s{m-x(onDoWlU%Q2$vs>G=Dl9N>#@Cx$nG+nEG<^4 z8`aMMe4x~Ux>0emHY;4L&lClw+Csln-knNIoHg1zz;*1+9dMijq9b6@hgG~d^fbFt zCjxSm4g&>hgljh0*LWLkwaLESFGFx2r^z()seUsL-L09EW(2zHr01nlwOpQ8Hy|k$ zx}WxDVA2yGT9=BqoSk|4LSbjFUcr3rY<2ilITtZsB!2bIj8uZf5noI+kgT+VDMyJq zMq-#=KsG)}<>wDyJYBIq!)&kNhPg$k-z)3bWO0YPXve)-j_%lKix`_c=D!yF(2J7x9s0=o zIx^nXUxpylUyp!`Qk2>p8u<=J|Um;F9IN; zTM@$W-?BkVU4Nox7nP=7vecZ;!NL@s;Zi;pXtf?J)6l(baHpBUau9>%P(4@}#G0>; zs0IBObhCHj&R@NUJMYil7Cn1)l>58GCEU604KJkZ_`kbvj>N#6NEfH~ovKGo%_ULhQj%x`6`dIbm&nOY)y?Vx8L>><3nYSe;sugi zCe8)oE<@?-8?|1O4K5%WwM;LOS}tId($WB_pVS22Bl{L;tAc_bCKKnRbWklRpk@Pds2-I96+@& z7EKb1m)qeLc6g=jTtpBtCAr?MEEQA=mT0Iem3c<)Gf=E*aMTs?U@+m7kG8EOg~Je1 z<5pJ&H|(5nI+6|_(GZ0RQQ_c++Gx+oq@m8RzC$a9IKk48XUF=s`THJ>`6?)(3vrq2 zG$+0r;U~Je87aAmM8{aCk0)SLMgmmQp$2Gj3>!BKj4~EZ4hmIK@A-ec6H~+7w61zP z!tNqZI;doSDtc!OQ{K-}D%dFe7qU{JAvV_?K0KPj*|#DN=Eol;nNOTR5VLO@?FUSU zk=jBIuJU#U)u+J)<~YtA*C})Az7s^|d+K}@tarw|p@zMwfMA8+RH&9FO*6Z1s>gW{ zHBZs<;Wt#Mcz^yIN@KTqIr64@)CpXy2<^Nl^>4{&PgUr-s!I#&1=j6WP@~s#wFexb zxh{e$+TdU*Ae2MV52>?IdEeohf5Xp&s5 zNWBrb91)%v9U6H?#gCS^twbSZ_)am_Glp1Crw&tbiGI9TeGHUzq59bT4ogPY{uu*O z$gh({3xYIu-gH(tYNa#E9Os*3W(DDlD`nB85?(IgeXQl=2)iwAc|%<)^~*`S2a?Cx z?wMiDZz2X3v(Zej+#EIv!H7li#W9^KuO=>%vImKiuJ7qok4}xQJhp2_he@=3{WBe5 z|5pJ_K#7}Q2}@T*!%%`g=6@9nLmS(6BS@5Yx7A=9&GLU^`m*Q1Y|KvQf z8&x_n^jA&DDc4ytl7ts%LeA3|u?&jyWXgvs|0h-Up(_0oWSh?++k63}=0lbH6Fikh z$Ts8vGgBbj7{Tc8lWlHfqumSH=2V|-)0Ufd1Y5&)S!Zw4L?6HKs(-xAf9kvCS9@?# zN1vEG;dAG-?2mR>f$4??b6+rb7ptIV!Dz-yi~*W(%UDyw!3ukzEC@F{ltYb_G+JGQ zjRRoDj5Y7mQDBxG-ltB=o)VT`GpvKagd=L&ZKgFVv0E|Jqq_Sm`!1m~55NRkX|a%N zZp=hBn2p*3#2C`tn2VLwGkBWxmVM>m*aN_E;>358_h{Xw;gLaEw3$s|t=e5+8>8ZuiViLTkZ6&eS|pSnlX1igFw8vdeR@puP&!tt1s z-{1npXMd!Qtl^_qNuWnRIhq_=*wVFjzf*2`8k0P%PQ<4$vD~2`nZe_d6?b83fjKT-?dSJnsGE>3@-YTj3+AHeM|Ybc+~ zZL2!D_eoFlwuK*|aQME;eL!yeH&as~*K@K3KYj7O_{ifLSWl5>k0PW_?a4Ph!~et-3Pr z^$vU}s;v}{J^80YcB)k%FxOgvt*}p0)HK)CE{o2x?x#j=ZfC=k4+FO%J?uU~!c@%0 zF3iT0h?60tR@%ciDt}_!s!j*ElEri%ZV_VJ7(vvp(Lqe@ivU58zo9dPH`PZS5$5xG zJ7vAhYeVdPaB}qp>FmVs?44SYu0xEjmP;PI6ByyA*g4#9mQ!LPp=DfYnFc}h!bxq>aFyOzfhdZ__;4N; z(l_KO2HO)9?mX9_jpj!jV-nr3<-fmG^Z%hnex+uYHI)zMwuwzM^A)9P zmGzZ!{-L0*`}Zr&Gu+P>pLv0|Cd`}4zfyNAlnUkv379=n5Wi%d3(1JbRMR7B@T02f zA@wUV{%F77r|TzLFeEl8m*wp)W!QLRz;dYhl#X!(uYAmDRH8Gf*eS$XFrv*?^BW61f<6-KO@m-KfoG0 zpXN8I2WvL$7of-6yw5-(}96JQU&pppsrm*ok5D~7Q1v-D0! zed+{vI&)~opX^k>w?0+ZDH^e6rwV?Gjt_S?s85j)B@fV#- z96F|+;q*tXd9)8JPZRMqt#~#c?_#?}dgoaFc~rH7-B3sBX|Y+^h}0gg4Oq?m9!6EN z`ry>)Ov;GWmyDD4(#iRsAQjTno=jeBveUb?Hh+U6D|MtChPfq; z9$Bug)70=95?2o>dSIghm%{++P5`4dHZ|Fr2*LjfXR9-`6{A=l_oJ36y{+6W^V_TU z!@C@Et5Cl!e5&X<~D%N`Gaw~psfI@g+sHzc~Sh$C|ces0c_{VaNiOC(R zVe7h7pd(a8R-Fkm?V$fK<$kTgUg=fc-HESMk(5rBbVMr`;RiI+fEJ#cmP~lL;Fc4u zguXM}ZnGXyL8|uf8HzLgV5}0?hw0O!K#WhZ2L-FCPRZi4Ns&QU*v?mRstG(GY~dx^ zQLdN6?W>77`^$)CmoDa3<*&tuBUn%_)AR~lZ$GV0l}L;q35E};Zj z=`QKXSFd*i%>(!uNw3DP3tyzXI5H`uiSb;Mn4=N4n;3(5rlr*-PR3$B0verL6`}lE zs;A#5D=b{u#SE{X>p%te$`PazqwrJuOMPgXcVxIZ>Z#?RB4u`Hgx4j~CI^N1Xe)`J zoHHtTk#a5zGU+yXm-@ASuT>j8DOSn8g9nt%{*`M^`lXHn+Oy65R$V#!0RT(~R!^+C zL5{l-DW|){zFWMz#JXF~x=Xyfg=e_GEOeK|%nR<_a)o`DRNaj~6PTr8OO)8S$f{YY zux!s>C)$}z+bOTsDkGpvdZOGWZ$**?pN0}-PHZwV&Y||movOD(^^Gv*l@ojk57l)m zVwFH*OO8S5G^IBHx@}zWDzTmashaGxwpU!o=XxAfMcM1JSWUsH($J+>v||M_tHey* zoEpjm9U`AOei#rr3XS<{Ah!H(3#<{*pGQ&j*Z01VSR#20Ow9c?zj=P?Dc&Ht*Dx4# zs_ox7AKIj9?BlFoNYF+b$_kxjidIX z$_d@(4iwcODkg`YSG`Xh8!IBQb+f^fFTqS5 zC7%_*afOxw@dcG;pir>4jhrOAXsev2UBwm|6#1Pg$)lU+b#T034K!-*brp=6#^Ith zBmGvNk$%=oV74BRlNnz8vJrQSdzVDah)Uiq&Rt;8aj|b9V+h*LJk5(=3!l*W0#$v# z0@l~LII-w#QSLn|0%GVkBk<#5$yHh(Y8mz-ny4pJ1^%9>Q>zLQYhQ+-!@$^E2(lwp z_Wk_7NtICn+!yxw8m8KMmC}$77DgEnNk+h;=+(_cBj3}dEvN0pK-p6%rY{gcTE4DGYzMdcuXgOucKye;^Jm-n*!FhVLn471Q@wEoh~K`EW-OHFc~7aK}$F zKjBgTCrmLv1TIVsKjc+@2p3;wF8)OxB$kjm9X+3>vd5O7yJswW~`T?&4RCcZucxBd= z()|haS12W zRPXwJ+wg>O9w*}SqAlPty>SvC(@L&q8g>ORv_ZS3iV;+g0 zFwO}%CWiu_m#bKRdbSwpyD{W%JxEsmOX2>5pA9v;XZcaSnetNyG#v}&CV5phirPdn z(43MRG2ot&<2K5WP13eeoK5Udf$C#L9ns-E;3>BuY@0&5(UH-?^8v={|EkxZc^LYC zD1;YJMzm25K}y6orCeY_fxvMlwuShk;%haYdxyJCt8wPcF=LJu+w5^%!_18m*(6+@ zwMjg49B_wJf$>yFH5|>=UWO}vj|wezui-(>9V+?AESGs zM5nvQ*M*&iB-EH}i8nH3jq|N{LX4#-b!m^a8)jyaw%A`b+G@16)nOcH8@&gbr8#RK z)>%sAEwi8im&Evr7JEPI1~6GOaeZ|F76Q970LCIz$p#qdtf#@YkVX&!qrXR`7pJbl zp^n#OMpBacU^8@X51P?3&K&Rc2N1**J&u0izjT6mklYrW9QcHcK)BvJ*A6#$`5nr` z^xvVZkJOb8PY{L~2}W&)dO>k|Lml!afrlNc@gsG;1kz0R*RA@^R6e5YfdvfOI;8Th4+(WS99 z8MT!v4Z|o2-6@9R`b81@bgqr6Y`#$J_euxqf+BHb{MLw~j+jO+P?h13%+;!-F-MDOU;knXX5-$I zl+mYCcVe6TQWk8GA#lVtNccVh&=I>&oDJgKCr#H$>Gkpe!1Q}SrpIp644zo}b|^8| ziFdtBGRHapRYIo`B8ZmIv8{txR}W=XC9h89Um0U(gVYHB&+BRtjQCwhEt)xQv#Yt) zE$ODO6n^v|Z){RV?&}?z)Kc<#G0;LfJN)QP5zFACYk#FnBGmh~$096YOppCc`OUU4 zIt}|tcNr90u9BBZif`JxY)%txfoEE@HvlxiY}89|1_lf;*L3bCEAN#~0*o+KOqggMS*s<^?X1T`q)l$5f62yyEuHRoM}=Q2ZKedbq_WPF;>p= z@KciRVc|pNXzQp@J_x`OCl{~(`y1VES+E}h<}^88dn>|$7Ih#CB6ax8jy2)|D|5eP zJz!-wSf1sgh0&03ya}ObX(mF@S%*2-X(Qud%cRCM;6(3${p8QKABtwK+{W%9&TO|o zBoyy?jXs%--ql%Np2~H5A_0q79zR!2D~2`gB2lw@D$MmkJ-N>%pTV@tmgdVF%4kBd zXPNM{5bHBI`NY5Lj>P9KONz$ui)*af;UkA|Ce_ssBfSyu!%JtR_lD!eY zN`9f&@JoU+xv2AvB1CdyI{NEmVtsHQMI;69EnG^fFb0Wvc0@J6eNQ?vw)FeOY6?)SAwK{~z@w!!W0Z`) zKMl+NuCnV@@9creV)>&_1k+}_6oRW!R>q=6a2;+{GyYc*n*fl`@QY8=N=j!?1%=qq z{zMcb#{)3dgDtG!O0pqna^b8SvKPcCZz+9YP!o>qVBeuZrcs6rdMDMSMv;94K8T^ z`a`Tbx4%(7)Y(v*f`yVEO3eg&D7!J06RMrk{k4V{`(_jn$EUhtXgMXxHA}aJ#KVX~ zG|D+j-|hwF{C`ld?nF6v&_M||j*U7_?c~(t1J!A^R`!Fwv# zu!%h416|}r%_OYH5

      j3F&KqSo;ELo+u@tn4>j+(Z>92 zV_<)X2|G3LpuAuOs!xy!te!V@_98o_X(YA96x=ydr0_TIl`=QLuCvG^iX3? z3`37+v|i&}%!yjNE?;H)Mn&#Bd3LNe7MhL-M<oIVjSE^fTAqQ(BM z2CT=a?MWupb}E_>=0&+W?9|1-Kok??jvI2E_I$ex$T-#BXoJhr!%HXSHw!wLP3&WS zF1~?5(^sx>)rr!sPN$B6S?k2OuevC5!UrptuhWvVGQXjZIfKDZITzIysqq3T^)QjofoEH za+uJG0IqovXKiGjp2E9*5NH*^`_9lG@MGDVq) zAdwSZY_&I#HxhNQmL8+WwQr+?E5i40K&)G8LR<&_p!0;Y%~9K(gU#_!b3DczS1WTW zF~^iS{@j1+7F~XLyOZ7Rl}r3rc39@Q>uhtniYH~y_npTZ^c0#mEHbnkRSNUNqCDt6a9sLF6ge(2xy*noHK)GOgJ-kYImZ+rBU}1{e0d__YMxtQlALHLdgOz zpPB5F?rrrNz_>}-J>YFqeTt|TJZzfGcKZyZcZi+Dyq>)#ejCX`*Kmr(r{ zKWiJefm{Z2;dChe#O z{#qxM`h207v>qfgMv=qFG;j7~;1bpS?Ar6iSt?!5m&{Tj2HEFZ^WJW(?0Nk!Tahq| zq(X_o`jfgg!nAPl-i&<;+sge3Hj-vG4_zLC3T72#GP;`wD+{_Fr`d;+@R8>w^sad2 zgdiie@nJD^cD+br{5Ys9-Bdn?Kvl9<#>lALOmAAeHJp#_SKbG+ZH(+!Gt)ab-z$@k z?cXpsHz5{`$79j>KKUa`_v2RK3oX~mWfg(IJer{!sr0-ZwRS~-rvmi>rrPQ}DCE;> zp;~pJbh3DT!tV=dwOYbuUE&$CnSEl6DDo-x%{DQEP4*0PB$osl`%yXm=MpBX{ByA$ zr24FR;QU-V157evS8PXtk%-cwJX}S$^23_K>Q<*IR)x zeZWr~Dzh&MD&vHVhgaoWO@74CTqvFYHY+$wN~uQ3iABq!0mF-KGpj=YbA2C2vC}v zrD?6?Z)T+pxRWHb-Ku`ea?XjIjm2w0QK5x3Cf#n$_mSv6QVl{hJDn_4K&WB)(7*2dP|=xNGXwcy3KpZQZLgT=G3Cg zN^DoByrqV|t$Od)9bwZQ12(JtQ)(04VQp1|UO_`FbORkik44^QJ2%~OQs96^qS`vU zg*nu<3q#Qv71s8c?wT&_42|SAyP!>9?4DY@fjY8a1o3PNmXo;RISpJXmIpa9T5_*E1(QLezn(i zDwh6IAt={{EKHu+IH{xWv|s91ZLaBHz350$Ke?{ZcV{3Qt3^VON0zk_;xV1q7XFn& z0RPrP=ecq(LHJV$bU0+iZq=>S6OCqQ3cJvf1x5WcsZ{|i_b9i z+~R$r?o0TJIb^C2|D|?PT_`DfMms3AX|t#$c*GWI*i874#J!t~>cZ(sCkGNKWu+T~ zT_d%b+Hz_f7k#P2iE;kQVh#JIux!k=rxO`>rULNjNpus5Ld`@^7bBRr1F<37cN{+e z)pqlrZBAOO%DGUnlwVFDlV#V^MT-k)8=WdByU+e#*t>Bfd< z<){&=RJ*x4@Uj;-H?o(&iy`xBH)VIp&`vkyK`p%$SpyFEb_JX3T;(lDHZjVz>+zyu zd%RnLRcHpi+|~FamluZjwF(MArF_Wz3|G?Q3xT(Nt5Q?_x=flZ zY)nf_5q!MgqEyIdiH=4rzf+A6RHX0v~6 zx2{WQ)uHX`gs0WSXH@;u%6&%7eOe8AMp5{T`xBm4i;DN>Jgp9SMooMg!7fBGpH>Gw zqozHrmhqsyrR|H^XzY4yMbuL`BJ>JuvIW%TRk+7myavR4`>&kZ)a znSWU7WAj=`GV_f!?PLEnyNAo86xK3qmX9oA@V`)T2wxGT9=DsfmnJhg{V)00Kdcl+ zHYttwEcbnDo|hR|j2h{LITg`zY&^}ZMcg6TUXO?_2arRHL5T4J9(^158^gapLFeYC zSfSu?V1h%z^~#=Z9UaunpED9}dNx^y3b|KdK*;2ZQ1x0Rb8Gl#jrJ&O9l(YYKpxj) zD9^PAS(PmJ6M~DJN_a?f+(SYWy^HDE=s}Tb@ntGjMYq4Bk_XF4sVdrtX4g35cQ6|I z(yuq!;4)^zksigb%Ec3r22?Ol;3p`0B|V<4Y!PV@h?mKC@ykiZ&AiZ;p;9iTag z6&VoJbX${|s_nyxvs|nhZD`@82d4N4FlX68;Or)wH!z}DC+3?a;U>?VR@ocu{kV*= ztPJgMDf?};)G`CdA2G{W2_ExJk#(#FU)q6>WwcgHO}&Qfb`%7*n@)!9hm`%WszKLk zFdhkeFcwEBnwGKLn|_|9g)yp=nX9Y{k#7ZE)l1o>H_{tAy4A>gi{-%$V-UTX>a;TJP$(-_UUJ8rZNcdwSEn2!vBU<2SdrRIZ;9Hr6b zhmj&&tr$IvWl%U2CB1PD>PI?|mD-=B;an-ft7i1^; zY$p2_9(1e{KYm)BQd}k8Re{?rI*}3?*AzQ3pG?@)()f~+rpW}I2tvUHWR|U07ZHE- z`)SCY{j^ThFSOzKf9t5bDM{Bz=*6;5}M`HhXT^Gj;MEw)wIqE z2IIfhN+V85IOjZzPv<^Ej!wrorX{Ca(;|nscUX}-ExE+OSR_Ja^)?3!CR*QZ3 z;SIC#iAwI3id0qPSf_ukye--it16_*j$wjs46!T{UNl6FV{Po*3y9~s6`?Lcm?KCR z$_X+ajBHkVQ0Tc7Fx4Og(RH#-hY;-1g+29}r4#c7VYfe8?r*H{bCzr-D(Jjz zN%(+T_}1+OnENVEu$^#!pzB7Xm;R>&Wk+P-t8h++V0=2@Rt^3 zQ!a9u{hfQPX^6jBzrs9EKgvb-gUym#VX-KF*KXa-H!CI#wHTitUiW>oZ*BR; zj(ox|zDdPzRWI1y!~Ei@zI%4Fwq;)NVNg0Rs14L!TIlXTy*yo}s~}w}vJZQuMnUz} zgyl9W?&*&=+Rp-6!F<`1w&qwf@V!RkI?vtRWp;;PBN+waNM?)nw~l5dS`+$3aCJzn z30)jAr`5`wdaNd}w4L%eHY~P<&(ZQfu!Qt`OO1Y8Mcz_g(cPGByp3MQ+h~0S;s*dv z^BP{+GjvPjDYYo@q65k_^q~UX3jgO*Ym0HnUa})E+wvRRdd_xUvO`;KdET~uYqykm z3AMvc!FScwMK#jQ{nC#7-uB+Hybw^KA?t)d?91y1BMI}u429Yn3E@~ZYo{wT&J zY1(6_`YtXM>0Of=DM+ZitLUvzyZ3WVZ)$0XCS<41(pT1_&^OFf-7Bv9!_cl)rvCVgx8fNG8H5v6g)LUendyoK%ewO zJGcwsI+HtrX@Of^BGW^>A#az<%>?nv?hD-++z?Xth29I9(`sc-jT`>I4n9BDhOfJ5 zv#NTE73&qiJ0{AuoUupSu;Q`_R=%yC_ZNnRfi*!r0w2=&YDVCbwm$;bI+2?lxxuk+ zbey$LXdM;m9BY-+Qtg$hN1Q!I;1(xxj}yMvk=q=-ez?ye5!Fr(9(}849m4fbI<&Z5 zkF(kmY!LN#TN_(i)ns>H7^2qYjzVwYFX@OU#_6zlIQ z5FoqVLOSuY zF{g3ncx`C62XoE+<_(ZOzM}j~raD{pzB=v$wU&Tv>NCaBqQWe}+2Z~8c`96d@Ehcg z-&G&08JUJ`^3O^>R`#Ej^D%|rcKdYXZ^|uxVD#Tq<7W!=`LLJJ@w(HhUT>AHQH0)B zqp+w=%Mq#JvahvIctl7?Qb#xQOQ(8ntKIWArj%%XxDJKNrm)jq(OzG$b87AJcJM9L zJmYIEYo6>y(~Ni8z}WJ2$rOACreV^?Oheo&Yi0P#1i`msPvKvT_)NKfQxVg=Nfd}oQ$I<`$~z^r7D*!dffqr}T(96yyeQSbp~OR{xx<#( z+s#FEL{l$SZPE{ch_(W6!j1(6wkQQSBw>?h(Y_0NKb z))R}C2#oKhh^~IuHEMTCHDFv^DUhdO=H*(nJSW? zy4GJM_2Wpo=@=uZu4qyC1^JpBYgC@3lt2H8&g&^Cb&~RV!%1r!%K(w5OMPbl3;xM3 z@p+@#CI|q$;GZ()L0@x34PX|RIOQ#se_NHkrApscN9>@6)kmu94k8R6DQkzSH^-so znE8kwzC$@5sf*ZBb8o9zfg{iRoQu1R%kqSbGmrY%!iS@1>YBb zQKhqW`)ff?o!=-{6Gei_&q);nzq*WwOv$m=7?dk#^)NNOjx2Z1M)t|yRY;$S4%m+^7UC8HdJ(c$&?u(B1tdkpKFLPqA z7#IYW2EurhA8HL|ozdM|y_SY<#JJowievd{n(0}ZHj0A)m3d=?`fOnt;SAT+gA3JwRv;GlfYX~qbq-$x>`khxDX@StWl{U`5rPTkqh&+ zS}fu%FqKQRA<~GiP)45qa=`sa8To*+>h+^U+iYv`N+0Ev@7|`5?0Y{&^B6QKgWq8F3gHBoVB;4 zH0BKVf8iZ^j~|H9j3*94azB{@*`q5Uu%LcNt3Aeg4QSE;R*IesXa1KafIjN8JjWSg z=Q}o`=rzmBKE#RuEeUl?V7 zRWou8CCR_2@L!ep7v=m_UAggouU z&#*6{ed2HabD|o$dmQWB(V?T{SZn@(R;#Pq=ymKk&dfoo{RjphMb*aE67nqVdQc!E`lCQcX>118!e?_PBBnMWRG5 zR?3FpqtwRAdXGKj9gTma7}9tRonrr=3RSeuaf53t=SC7R7FcKB0HFNL8xq+@Ju~fg z>uA!0=|JEutyWoSFVfq;j_kw1?AZR-6}SIwD!Q$>{f8qS%lwr^#iGt&(g^U4H6;x> z+&eFGCL?VVg?&v3#GnekRwvVc>T@*$_}%9!VtOh0g`xx8FVsNO^fUjW)@WDTyv953 z^gCg8U>*j+c~&(^%Jd!v0rap4YqT*4fKws`h-VEk1WU})ezS836@t4MWI;WP_#ViD zz2&I?gTGQFQffJ$RxQnLc_E|mreKp2TOu=`(WKjCXOTI{Htn^%I z!uTn&CLc8P)JFS#f+9c6m>fu&Zf160VjCUF=uZFFi1^$ItJ|dLHpyew#_w{p9+#75 zR?kuo$w=a14@u-<0i*9e41ODD@?p~Af!@bT=wYk+7nVApNUkBVIkdoy$~j}xNe6t5 zRy>4{73>ZzWQ2#RRENABIj-)yXrK9|KQ+G;@A;=4e6F9e*quaQX{FS@ory^6r&=t4 z3t*+PUJch%;`vTT&~RNXZ~|7E38R@$7#lyO|u?R{HEzM>t|JPeqBHFWA4;% zU^v|;cwd?O;6BrfRF3iAl)@DV`NNbc9p&4K0CDC3dYN|ESFemD>iO}0p z{RZpj*v!0-rDcbdFL%gUO6D?$DyCj4*=Lf!?B1!z-zKftyj0%EZrIAYOr8)ns3Xe!|5!7X|p2Cr4P&cVZ2)kL+5&x<{*8O!wVEV_=>PUTZ zUv-}%){==GnvP2=(CX^k%PQYeT3$Z6jGoY1%`aI-r1=A1tN9+Zno({Zx7)E=%Qiob zY%?ACZ)Dd_yj>n+02AEhXgv%DdS=6{o1DNZ>|QVQq*VW!-SbfuT#BF7I#1j#T6mcX zuW8xWcH6`I$!KfLV0+?9X}AbxHj78QeXpu%PqbG@t#sc)a$biaw&=b4Z-wx4A;>jb z*PNcqHn>&kN)nVyCb>D0e;0X9d}Ny|PqR7e7?=9D*e6<#=^AhyhzYJ!Yhb)!?bOP> zE0j5_P%}gQpT-P*h#6Y>Fh!rB-~CwBqFCopImbOFJVy>^F9{|;Nr|b4 zlv@evg3Db)5P!9bfT1sR3M8EMdnY-x|Scza(`%)*;B*p(J~8q z_SBwb{SUKeojTRNNIjq${v!UG71J~58I=vsunuvfEywutK;X^Dr5Z{APoPxPlO++-Kl&3A8l_QA6H%d|KIofE_3J3nq-ohY?DkfNhWEwrb(Kv zNz;8VP}iDoL_HE({mNYu`t0H$I#{i z{M-X6*#?>xG!Jb;_%|O2icbC9c~fdnmHFFi(bs}6>v@|~j>yS!GWB5{xmj11#~#-8 zFk)t-^{}4(5PkQs&igCO?J_m*=G0p`^p1722JN`s_?13hhdz-z9f|Fr_5IH(@&}gJ zG7E+OuQV-@vP(jn8#ZZdvG*`e*_r>==tzv`zt7)G_BUL-_QR?Y>y7zc?LH40&MxcM z$F9yFk=7Lio7xHwV8~9EYy7s_aZ20{ma_j~+6*ERJ`QIiTHYQ*gn>I1+{o(g6cRZ` zZO4sxfFDDYFOJyROOepOp(DRh>jT2{r3ml^<3^Z8^^)dPc2@pBL?k?k*%ya8n z`1L772gowqLobsZ0W45Gx*&CX6SEODBPbE3o)i+V@Kq|2$FzC7s>xU1J=*Rm0Si~E zx_2x$5?T)v-($aAw%b;F?6T!Ky#n|$zRYiGu60YzFrcigEUcOf|QDjZ# z`*qenZSB=h!YoeRt26s_Ib_7~_X%ljeMm3(p2qu`u7a*!(vcTMaA|&sSnh{)%D)R$ zIZUF>zh>I>j{BH7nT46`pdl~W@Kas>GbT#N%i050M4Ss@H(4HWqg^2u?r7`^?e5Tn zO=ffX71}(}{VTdV8J%j>KXm2l&^I1orRcX|n`(Mm@8IG_Y_W5S2O~apUgq zwDo}bq5l;=bq?ZY!VUC)KI|IQ10Jk46@!a#hVDW1SUp^5SpaV$nvCTbr)LB z_tjIx0xANaeQ%L40l1;m@0+ELbDuKxl+4xI`mBmvpv+0`tu&_`U&Vp!MgprOyHRw_ zl!IcR18D>De?zATb^HaIy{}6ALE`w@)DTt#7~^R^&Sarq)bhI)b8M4;;3)sV=Y{Gn z6lY(nT2eH*&qO%z0ZS($-I29*ssq&WJ_Snsa6J}dxY@27t>60vtP@0RjR}tl%TEAN z{GX!NkgQZ8h1j)jcCV_PTHjxHhiZuAXk9A{(Vr?L?tiSpiAVtsCu={VfTb+=hzSZ+ zBT?Yk#jxb+?GpVOvPhs5J2lDs1LH1FHIykPa`ETiD%>UItr_8RRQ3}}swM3VQWxt? zYjZs}1VI-?oBfPxOqJRpCyec*a+h^}YNw@kSpdq|Hte)EK*{%-$d`vhv^ND*oaNv0 zBN~NPcLX&27&Lr^tbQE&3*@_UulDv~%Q0@XPK}!2o-$;EchBRqQE=*|GVzE_zegR} za?BzfIyQU!;X2$H&fAUAw(zG^?YFgiyP0SMh_)%a1-jbWc!v7Xf1s-a#90u!dd{?V zT91+G_zWx@p>0`=O26dl45U2PT19FHLK?*><0HR2xSp@c`__F^==uTWscBBsNHF_expQv zjT3%9CMG`}!B3a?KaG%0Nm(Rc-%v+GAQtPd;OwzDF!+2(me67z4#gnY)H-e`i(*k8 zZG>XVar(Iqd1Ky$Vv>)k#1)E!WGY3l5?5ZJ<%=Jw!S(F8E%{rN$9V{151>%c%WE)WzBpFzv zeo3og>EG)m=N92LEtqO9BaA0P@KiI-p{uaT5V$rCb^#8pkHc6O;Yp zL=+xTSV=;%&)F;W^hZ_UaiomHM)HhGq~&Bx4`&7_mQ$>5vw@^%x_l(=@JghKFEFQ- zq%^C1$=w}$(N!&4tICIjYe!PhG z@=pA~Ym{@0yXNOn2b^=BHCw)Ep7peu|Au)1j5q&;37|IYeDXmv|5fvx`_25% zi_)Z@OM3bVTB7c4qV7pZk(g5xMS6tVH1f$P77Sb0ktz1yePAHAb9iMC?;0EJKWM~+ zUb-MW+g@ZYwBw;2l85Z9%gy{H=Ef3e#J}&B&zSkEP4^e0?=G5Qq{)7pyU*}hyj8sW zNJOL$*`O*yghDu=C1Nck1{SLkp%fW?m(12rNvfwE64G+JW^=Lp*G<+D-27wsN0@sj zWYi^(F$Q{4xvO9-JZZv;Cq%5Tw9S&DB-iWL7T74>X>yn|r{rj%}@LCYn#mGmP!3Yfp`t*E418 zqpG)b9F6zQRheR>?ODw0J(@t1~V7UXB*FI&Ntnt3;7neO->!#VYfw{8G49Q=jgI=x;HxR zH0H$z`pf3~)M0%=@3f4}ahghi`T^gPA;zC`>5sAK)=wABIwuo_yILR1Iw|!zo2_@5 zT9r?_cZZ&E)srrGAldD<{oQ5y33mziy-=OduwFf*Cq9dXQG3s7{ftgNtL|P+7Os7U+@Ss`(Pt@W{*1Q$FXprQG`C5zy^!2Z7Rl9nb#$LzYcvxb{-oLP zbyFRBK)Qxvr@KdaM^bN0+-cMFBCKcAe8|ZREN9awYDGAq8&|EqEY+TGZ(D%$QDeKA zhlLiS{|5R#O6pERCLas$D8+OZEwR0mX56MGwWE=L#5{{i0W>|;oFuLwYMxEW;jq(W z%pa>9j%Yf-d|bcRuM#Cc%vobUXhIJ^wFsh&-j@`!vwr&zW$|R%>bb%FG2S+!4g!VHrg#zEGhK`gMG;P8}#x z#Znq;!TeTVI<{m{is2})^%N`^>?p#IL~>s)FnL`Qt-jdK+O?XhRHrpG<#wpN*?6(a zyN#k7?Wgq4!aA!p8{tGg2q%lb$#8-!k2e zHlYrrsKp3EzD~7FXoGrB{;;{T-DARH))rLRO#Hn4_RJDQ;xJ|e<#W3K03jPm`!X{A zKGfqv)lhCbGrZ3!iFS~AvsakWQ&Rch6F5N%>Hvo0vSKjGc~-k_2hGsp9Es`?cJ+B) z6Zo;7*q@ZQvpBn0QZSXis))*lV9oO}W5bKwz;TUC#S)ICvNt+{(I9BY$7tw=a(Y8t zTa>S-IP+_GM!h__V4s#6IoYR`^Rk-wih4&GrI^6lT8@N<~!|NtJb3sc9+iA#uQvHZJ9f00npwV=##!yBXb=?V; z46@jVsJoZs*stL-H#+B%&!9*a;68k^SZ&Reu&9jn6Ioq9uzz6rsZDM${oRfr(Mh8u zI(bc<2INt_tfsu8+?Q4C6{TNR<|}IE%gVzs`Lc3fQ2_o!{&D{Q28ZfjQIBY2B00Tp zHFMZ+hY|-YOk>>zvHAK?^AHaRG%XHy5_9Acq*)SmheG3-#^qE!xBsD1Da0KKH2EK_ zX-;Wvead$FTna6emFBT@Jlm3g^xey8-WG~qt99;W{WLo4~hNlE9I z$c*`zu$g4AwBTmA7!61DjNE1Kj;KB0`F2P2p2$ZL|Jy8o`$LZL z6BP$#*R`8+@~>ee{HAiBRwdt5>z-D3nlG!#es_iaZi&1?03y~)dXcW77fVO_vc>Pe z`j^!WczNqyW-h;?)_+s2d>VA_%ZjV#b6Mrfs^t}Oy1uOJSIF9AZ1|x%+daMH3}D5l ze^2C(9*Pr^BmzyxqX3&CDQAEWgs?IafsFyI+>Pt>oI~9S0wQts89&f1FKSg%f2}Dg5y%bH90DijQlx1e!;7J# zdw=0DR~(28E_I%fv*Q$czzGI}hsoC`Ve2eCB0F5A(sfmmmg^E#yS{#9-NOnYVt&4* zv9h_P=~h*+TNqkNNcWccrX-}hLixK}wZB{8ZG8@);~2que0Dq;ja_nB*OWb%%y83y#l5S^E0MXZ~MV{yQ~*c4pDAj z4t9(EFQ@q1~ToLJ3g`K~moZNS?ZVOdS@p zeU_CoC0igUw@1~sLyVf~<&!FIB(_XVw`Hyg^qIMauYb01Rat*$Vg^|n@Y;D2$Hd|3 zoYQ4;nZ(xLWj-OX^*;_m?92Tx9sV}>|8B?sQs!@CPgv`WnlGyIUAp4?s@$&FT>fcY z(c^cgS#i>HD)cQCdQN4(rCwFfsrheTIy!;__PGwx9P9$Fk`5!QeQ|8nKFvz4n z5YmE#FLs^@AG7mB=o+grB~F}hWwZe`veVI+iJfrB_SEK4w-5{Y|DCxI%Xvl8ofMv| z`^d;ZQ_Z1Z>zcX0=ZxSP3 zsB-uN;}y|VIyPZlprK&SY=u9J@Pt17T7W7)kPGoAqP{e-&fYDj7S!S*E9uimD?gz* zYi_GK)9I1G*_RcO_%kWI{8Js5tol_LF}us_;!C_K>0#3Oysc`SY98HcC9OXIME;_} zER@h=ne`J8Y_R~pKp~_HIw(?c6hOVwp)Wx&GwP830 zRGDjG1X-Z1$L#k>J78U`{2j(j`F3;gE&V>BuQlhEPpf!9K@)R*63CQ06+cpfbz{bT zMVHrB{9J>8I7h2<_b(5U>F{!OgDfGbZQ<=|?%OK=zVecB$~0XB5%&?zhYh=ol0Kos zT=y~+K`w=zl83&0c13@!S??jUCdpmh*BHx#$^5CReHEbZVeS`IB0Z9w`b=2&-^2iY zesQ5@@}4274oiLO@*S4;V&^9B^^1>*j`j{RkL0)!KY~l7B#y4RC}|mRIMj!de5O|9 zD>_~qj+ZLh1w&r$c5V7uETNn`^v`iezD4)uc*)weo5Ki zR_61{j)bmK*(=oa%BHHPl;=C((6O7EnvWML=r&z*Bl}6-=T)q&J1ZNLO24e3d~ z2l+r{4M~4o%5fAbiB-jb4U&%YGXz|J6`RjB%9;+KOtmn!d-M$~Y&Zpf9qf+rzu*;I z&v27zt>gRpdCR!iTn3{~IuhRC=BxA;yBw31RHh-d1zI1df4d^x6aqk}Q|IfBi-d`h z%o%I`vC(LvNGkVeX1<@3S{9EoK4Gk2eONN;0vZDOwgsM8uFngF^c0t`B_wWo075S< zjmR+r4Q!m8gj(u^huF&r^iL4ctIul zOQ(fVn-CeeYbVU~LDvGfMF8O%B=IRGFC*xTJwl$l%o=}t<>)Vm_=mzf&B?~uYt24! z>RL;ByT*<0wZ}c6`6tyI9yi%IV-drkF4ujRXmzpaUPuOK4;*=2Nmr)ItR*Yg9Npn0 z_|)k{2`jW+8>&qu`nm>E!gkrRC>5Rf_L=n zesOWhupR~CQNEE8Ih<#lW5|UlX^wsD$Z3tgCNg$D}8u5(J@>m+(W`YR2SNJsZWuDEMa z+AmOMRWjj!>BVG{Y%LF3I;iTHl*0(pOxbF*gQZYvR&l0b%teR4QCXD)#OtkkYnV%# zi8AQ3>ddb(36bD-C<#SqkxiX!`eoA~n^M`#l+EI8^~QpFZN;NxSPF&0w&_uS&9ckl z#7sIsPZBh+oKH-bl~>>lDJyl;U{5n;CF68iYDtcy=r@`~tf%cdLwnoRq1&nrH~)sp zz0NHAA~vPaV> z;({3Y1#PIw%3FhptnDNlyqs;~Y&XkihF7CCksE4~$-V|zJV&07N-`-~q<|?iYt0sv zh*Shv235mBkV^^s#k4NMQean77q&^4@_}eQyf0yvL<)gMOqmBo^jy`9%HS)9m zAT;{2!uz2*!<|E=%QLp8jvk}HzS%@yAAtB32vw?@v;o6OA_ zaS!O&Cq0(TPnzfGbVW(%uPRH)B}A>WqE-s_=<3HQan|xJwe2|xkgsE{a0z`&UhG7g zQm@xlg5vy=Q>$6`n zQ%_0?^yv4f-gavi zyk3)-Kxh17sN(L9h6)rzo%Bc6BlR0S=3NnLyi|z7!m)~*@lH}lDcQvA5l@4}C!snW z%F0#HH%pDfJV#iGGWu_<2ePTfw6#&dQ&qy9R)EIpvKs(6IXjd-GrU7ZH`0}x5)GvT z_zk+s8%l?rOI6y*VWgz*R6?`N7i`bGDqW3|A)fip03VDhN4YU z4FSpCd=ww@9Nu*f_QaTdiwQ^p=`_?=tb|gB8~JKPqu91&A#q44?3oZDv#hhCy8I%Y zS*2?$cd44JPSxscwDv=VyD^zhHkx@2cqEyRHku7&DJ2&NuQjPDTo}``9{k^+@frpU zYyzPxy*H(%N{PQs`&$a9WcmFL>zn$>r}Z7`Wo^Hr^~>6PMbG;#WSVoN!2#rUy49^yYFI{@_TUvyGqU zZL{JhX81MJec6oe!U$3Wfe+}uzlBnv(#nhzt0V?XMht6ut?pOr@!K8^7L4U|uNZDf zM5pH?L@-1{gq{u%=BvBOL4UOpGCvOYfh2sK;G`Hi?a0kU5BLt!D$2o;KzNHa4d#(~ zJs1A0idGO7;zpwARM)A*iL5p+nSZojl&n{6{c>#Z@2Vd3dhx%FdDyD2> zXcpR=*bqv%KO#ET>cW02tY|~k>NPaY5##fL^s>cpofB_iR+1xeOl^f-6dszptx76oSq3J$rr9@74<+}}?3x8#U8lJ~sLHZ~k(rFpFFA?rG+sO_3%l_|Td zQkbimOjK5l6Lx|uOm;fABm~2dD1;i@8gx>VRtM|q@l31=vVdGF<%BDEt&0>^6CmMR zNvuUZnkgc$kBM-0GuD@Hv7A=!u`XA;Ew#sb!uEGn{&o+?D7KK_ZLOts@9ZB1>=StN z@va{)h8~^icN^^pONWzi;<|hOa`9Xg z<6+}R*@T{^*97!cFFB z7$igb*Fl*Z7BK>M%Jl)Bt@2H?&Ui~7`Vr_wzyN*)77~MpKcmCfY5Oyp@TdP(+x04= zO2#_6R>g3EbWhTwOG6KDvNzkGRF7NXN3HNUGmZ(@c=k-B16+YLjhii6kY7AAC zFgrwOJ)1FFs!k(CPaDRj71%}n`Lzs;S9jYb1=YC-@!-V$P z_~pVO)^w@{P(f6GPJZZ)t>WGGU>)17^&b7p0Io1;H*U+f^m#wgb6(TcKhf4}OsAjd z!fV?6iT;IpjpR_qtWL}TP1wqCVetWN;Hb{g&?8(x8aHmZ@@#9a8*|GU^=Mp1odoP< zSVk-hi#JvuF*f5sT5GPcl~ihWfwiDg1|;yY41LO8E-@sBfrpF2$126(AYHQ!!Ic;7 zMJDXViXc9rM&`x@-YZa%&#-XLV#UB1e6b46B~b2*D!P;mv{{L2>;yUbJ0|6M+*NE4 z3A36>^epZzB-0Xvtq=lW6~gNTt`76^nsSeCgML+`%02Rb&y+> zzFwEypu^W|_XZvHkIX+ef8HhdXzGFVk*w0gJ=X7aS>2f~8+QMCDBLbJt24FpcbNIh z%sw4Yl!i+~(GVaNF*Cj=i(ww_GZpcdQLfhwdOSIyr-{obTxWg4E=NY9bVROK& zpbzqRm08Jfl*FM_)ztv;(e8nVulWLWE= za44?zpaZOWSSm$IV~N1X>BAA?`p|qb*peIh9)`Aa$RDK$-SNPZe4_Q1#`d!%B(ZHT z>5CknA!lCHYk1ysDw$6tLut2-k~e+)k51A>8YX{x1mCx-P{v(j{LDUHAM=sQU!ar! zWu<=&IJy2^tMH!HccIQ-tkq4CuFpr*jghX;Mvk~l=XW3t{ocyFZLJCD{ATIXM`Xhy zl+o*1Y1`FGA%n93Mo9?wTxXJBV5D2mfs=HR4TdVk?xIkM@VV#2-y@~m3AspkPR z|F8+ebdRT55mB||*58+I`~a)=G1`GA47E>g6?F z^~&t%yUgKm%kqNPva)UT;iViNx4hRIx3Yiq;k6tdTt4Itt{fhH_+$>xU%tSbzjD#& z!y@(m?eI545!B@sRb9?5^(EDHxjNJJ3NK{G9^EtklXK4LIlOtG^|Rg- zPxSYbKQvo^Yu0n;PBKfeMGR?U-$B9*`H#uXw>JN1fpgld{JBx9pM@-a_V^>`9Mf}! zYTl)~tahv8GSz)K|0P~^c>I#{&ERo74CcH4ku+g)@J$*+xjMcD|H)DL7JT>5nd~=M z&XS{3@PG_y5#>u1|;!Pj*sVfoX_6V7TF(3Uv61i6-jV-5zW@K@w>sKa$204T9~md< zhmp1i;~?LIaT*!7k-fB0#>Hko@)&=xpe-x#((z&GyKP z)LM2&cdX-v$91gd{}Ve-W_wEaW}0+r_i1cTpX5sz7inL-`cNCcunxCAsi)gT!RiEr zlulpBZDe-(a^z}jhTh8WIzF^Z4T?0Jy;irB3DTrOvq`nz&6_D>MR&Dt6k38 zDQ5vZG%P;8_(L6T|Ll9D=6J|#lk;~ebA#0;=kHS^cYUCkC}c8%dhxWZd9Ix04Q&{# zmz!xMINx^I$08dt#{})0XpNC`*2<0gPy%U@G`o`q@x3p&nH(ARANhfLHc&Q_0V@V8XAUam@fGZ05SH$)iY+fH`Ok#0<;ar{a6jey5s=c(U9W zcKp`;nby@AR(_v4Y_AIMQ~kx(-Kdr?G-ly$X_eN|E?Q^#t?TRzxAv3tL=D$E+ZwxY zLHpwm5KJ1D0W$5=0g1#LrKS--*IJj-tUUQq!x$o^S+#1LxsYz#JRe!Tgimr)hq0tm zP^(Toofw(1L~HxgbQwUYN;#OZ#_OkfT;+EA zzs!#;wcUQu@^=@L@UqoNzN(JesgArJJMF4l6vdqSZ&5Zj+vRtv`Fl*GXPR@JDkT|F zRXi4vl_u`lp%@4@H)81uvY$i&K!`yxMT#l2B353;cXYch@8iSP8}91wwp-P3y>o@C z#X0TN;cRF(%e+$O>k8P2Wu+!SMq)D_j{)mxMWg^&oMjk}cM|}H83Lk9>aUBY7*P^a z<5S?fumrsptk68YftQFS;?2bQ@&7QelyYt;(O$PBp}i_emDKgxT4jcjk%SgBf zmdTiLMvPwFrGBY6XP1iZR4F5Q?5!$s3(qyqt0lyx_3*@saoAvEPSWZ?k1Lv6a1NtX z2d0)jtUr2sU|+HQjA+Lq>~I4yx&Or6DTz@^cWQcl;;m|#-_ax8{RK7u>+n(4uPtCO ztTP8_9u|3?eOCY3_Et5Vb}m-!n7}aCWztq=80sjK$tO0h%SWcbQp^CM!iQ42hhpn?+;6Q_oS|K`c7oqpX6RDetY|a~63&=(nsmGjXQZgBUFvm3 zDb$-45-s`M0`NeueoLt^n(ezvoR=AVH}?Z*-fRg+nJ_YS?P{!dJEgHp9#o6flIY_7 zW3|=z0WD*!zN8Xc5(9Y|E*v#cd-Pz{j11Oi@GQt+9cv|2Lap=doOfa8RC@@_@OK3; zltyyayt=vDZdI%OE|^s8h}~*FZTJO5T54h0{FAQxJsnb`L|P;)3d42Ic6GTDrzn_O68*H+vZ}}!ZeqdhQcqF;OM$W*3f7^C$Z-PrLEQy^dac*KdQazI3xLt3io;&Nz>EtKPvMlo*()ft4zHf`c<^|zdg?c)F#8X z3i8T8HB)i7!>3kR8_X^zVe@OonrwZV6{vyVb4_^pVPJ zr%|C#;XbL?gTIOn{ha%+5AMI(zkgoO3xGC9TkFgTZi7C#RQo_zTOzJu1ALuarEAJgd@}zvJJ=mf2>-!^!7V_{HGH4*Fv) z7~QwG;UV-OT;rz3~n}t zn{`2uF#A)u8An?QO_kmWZdNe2`Xl~zf5c142D6XREiaNv(T+y=V{yb+9~klP2c+^0 z7p^f%p|QvP3j zhE5(N7Ge-e`l>QMM22am8|!8CWqf6-ErCB~M@IfwvpDK7Ycf-FgD0`CKB3f;s^$qK zsnV;oag%OxqtGq zkNPw6Rh&WAv{Ld%ajbAJ$4)f<%v?Fpa~GTPZKOMR^KtOymc^|`>MCW_)FWe>I&LKy z&}4!am}}L_dr-PhZ#Ggfqc>)x(hK7AYmJF%s+ZLosZ))qmB^hokfz!&mCGu@hgBPt zlBHXBsg9j$hLQTDaeP(`xFQz|E%hKXL7A=e>~uP256n&E|wpp8ZL~Fiu zVA{?NrtBbV>w0>eSk)~?#cRsA08zF?_t68$th0FQa{duXcQma8T z#{yx~pK!}iEQ>65JlQF@>;v^kz{Y;duGPqN3|CLXY1K)b=>1mpUdx6jRsiSBQiGEK zX1CN?ihFR0*+@;1cn$&!Rw{;)DfAVE^+T$fmIiZaI`;9IdMzpB&WUhpJ+cv5XyFyr zif3eE#)^QGKB#>j8hsy$F!PQ!j;hC>mM5WEjXv9&bwITEiB!}$G!QKY$g9@{MsTVK ziQ;O*aUrBaaa0BJHnCTYG0tnyCIwfhLr3|+x!_TgHcG3s_+(n!LnHCB7jPdOCdY-* ze-l;)m=+#k2eR7cor)E{chfi{^C{`rT6#fbvI+pk4UKjIF9||d%K@RQ9S5lNMFZk< zQREs+CmbmVu?(Wf&v?Qa+~RWS{g>3=88jrp=!+_2WcF&~4xRwMSKhsE;=m9Xx~NU? zthD)Md3y;ZhuZt}65jquRw#ay#MswB(c6&V&)}|4vJm?0YNfwz6sDEw9j==>?=Ds&=aRM2_c7 zU-P?(NB81a;qDn|>K8m=v=o$iMwRrIZX`uv126fKh&!ZqDvCQ-v$Cu+}*>;gt18h6Uk^2MHY+q=|h8NfQzg_+|4=t={5#oidyYF-uk522R|# z$?U{vz8EsWuT3;jkE712I;Rq_m1*O^w8|18p(7Cw7x>O7+;;G%JmDl&0lh82kn%~~ zu3PnV@`!ORReH_4pymrTr|<}Q`abJTU1vD&SjMv^c}56pj1cHj2`!_HsWf0qG9Kv} z3|)g>==hnH<&l*b0&76S-XbGBjX88W%WpDJvOlG)Lx|J)Z-jWVsbk1##&CbVWqg2J z2^=hpWN6%Av+;M_YN1#(St>lO2S6e_u>_AdoHL9Y;H0g<82#z0L1qXpyjhrF4G}`f z_}>;8f5PHM<95&zwfNE8uo*3l*~u=2*FEW4Bp8e&sb(6l^s2&4aSR&DbG*iefHXH^ zf!!i=!!Xw9xoQ|Ql5b6F&<*wir10Y8`B2cvdgB87KqC`0vQ?2Yv)D-QUm6){EH2FJdF@kz zPF;=IKbc0h%H(O#b@p_po<<%aynpuMX2Uttcm%o#wKcYSik_4vEr4CnV_AH>DOpNn z;UMEy6P{|!ZA|4k{!EVe+pjXM3x-3+t>s`h!FMRCjTsQB}M zp^8itvyU%&&cqeirH5eNc^R-;Yd&GZh5@j)mc=)&#Mt(MdOl#8J@1PM8uPbDy^o=T z_$A|a_8hIo*=>1=DySHzufZ(q2xyjq;8whPJ^=Ni4di_@uz}3gIml~(1sn%9e=#+| z>N2ZhzEz~#{9nj?E?4K#>TUB0)40ij@NgX8sRXvWFxX5noNG+u4ri=Zo9wpMIbp|h zvWJ;VOAs>Rp+)whV4-&ygs}p-^I_gSIIzy|oE!v#^Y{wXTj{Ku4zJm$6i zkGWIUj_qn$@FJ~-L-wp+!PR*|yDfJSkv6P$ya3}-puy5b36ULP=;r+l4y&cknOFKu z!2BSH@xCP39rq@fIOkr^xF)m+k9;#VRcsGGOxz9U!RlEHtuu*UTN{SVFI?kRDTiJMx0u9SPO;oPU4*_Z(ql;9 zvy9Ok0Ddr_CZg>hi`Vf`07U5-RjqnDxoHQ&reU z$a^1{0=HJ{r%mTaAu11FYt2UFglp9Cf;~(c|6hlqn8)!Nn~!7hUdZQ3S;ZUp9Lh&5 zlD&Kid}=mnkOXRTd=tFr1Kaqr)LUfjA(=GIE13TbZ6ZI|%g%CCt*r_Va8!eFEG-wZ)&fNm{xdL&GU1~QXk3-?# z-?xkgHZI+gv3A-tVeOC98nt#FpERE`KJ9DzjHko3Iz~!c`i%*`bCl-)p(`B^vRdUQP2+iT9X35OK4=-K}?9 z90r^5Bga*Fga5xgop9gBy-@W(CZ0xdyRY_7itU-i&m1+EBDjTgLe4C-Qli_13Fke2X|Dl{43MWvPfzUR4JFL~J)J^OjD z{Cq?vf0F%DmgIjbSTjZ1Dg{b45hZ84B%~M*T}a06g?d^^Z;J5vR8<*QHKU1r$U=CX znA61Z*h`Ccna{>{O2|!Or&(z@pNbnl_OM^8Otg}C3hVHKmjg#y@6~DD*z0wbRe9++ zC4Xx4hAOYxbEJ&jhElK0i&g1OsZ+QJZO=((>@*47D-vMW`}8L36er<&_Hhol;^c8j z6Uk86#BU{eSOJ??J+#S8zgStv(t`t}4xUQuXYpTJoodPU5Pw_mZ-;pNN&aua_bx}6 z$z**@?SQ;vn|Wo-VukBBenz>f5>*0aJqbZSK@`D3eYyy8{(pC`|;?Ilog9#DYtrCWFhcb3VGsFq2rf9)~w2AK&5%_Aw%1Ph$ zTT@kw96TElCvP|@ zIvy?@M!bmnl9fnTNIrqtZZV3}dy-&@Q!~~W>jGhbd(`;d>NvxJCtMx_B8-CV-$|34 z$v5_mqfHzcXJJhtjoHiQPKoh;U-`SooSjzIa2|>p*TyF38m!L_#ouaTQQIUEo-DFH zxN}G^sWr2cA@!u?c@Y`@v1YI9kbMnSUx7_RdvkR%W?PS{Z-=X&r$S1l&V45we_m4U z#TGpf&OR6%dng=#Fsw;~a$Pug1GT|o=rg(N!|~6AZ2`K<3?*KmA1dfV^BY52s%8YZ za_nUT*wmW!3r-+)O{eR=sECzdVg3RoOzab|vrg92U}1xLz@FijnzNh^5{k`=_p@TO zB)GZ60Q@sTPO1<}<7^on#J1T~P@_V3&OR5|Vxuf5lUY#0i*v@?F_ai5?|CuLEIJzJ zGYMJf2k24pK(1Z4CT;vC)}TZ8x^7#;rGOdfpAbaZPT-JZa}_=qg0*^lvV0V>WZBuJ zjT_@Fc()VRdo0B_dA3~+n70A9Oe#_ork*T1l=_JZITC?CA<>@=NQoFnjCriAzGbC; zYF(*uUmUm?A9URrn9&93obdhx^qf~iQ7-s&N3%4Ke@DgE~ce9Ng~I~CN|sc-b~%q=*1#p z)(|dpi5EeY`b`&S`rm4Tre zF=m&|NSEVBN?Mhs$Yb!#T|pA*$Ai4lNBIo&vfxYc*kb?KSbqzHr6<-c%^vpOQRA(| zEb{Y}I@V9!?9b3!TpOytSy5mx8FEkXbjYf<$2w#Q?WAI4r|VXavvsV^aWfry8b*@5 z>sB=tyCz$gh`Zi*qt!b8Y?Q#2)q5n>l}F@8vo)N)Na;xnBjlxvSv_BuGJ2S5>8Xd6 zcPHHfP~Ou`mYh^eK&#ta@Lejq za5lhyb0;-`*9krez4LO@X|><8P?2j?cVR0?7taM;G~){wlz*l}2qk_y*Cyng4qqX7Noe$` zkWYgD4CoOWM8>_tGcG8Zu3hY!(SC1S2w|z3+!Cc;Bca%XWo9aprzB33-A^@*60fwB zq)LrIx=lVVK?u}+&_tq1oq`T(Dsd+9iin!!U-P(Ww5UQxgNVP!m5(xZ_@T`M|EQ1VulTSwo~JW|#>sQ1b9WAzu2 zn!+V-X`G~&k+CHBRW6`!x6H1$>ugetN5m8)tHyb>lu!jfrgxn_Q?J3BoO8M3XF5FN$;<r3uSvLecIz)mn{Y6AI;EOZ=L_%yY3eo-DPE8%dom z4M;9Xj5EGmmWH{D-#|*Dgr%t#+HpCZT^+ni+7f@l&_t{fRT~VVuadq5K!fGP!9a~} zwQ6X)uS72}s$xbPmOyXG*u|wr)k33tVQ_9g5(})mgZG3(rmP8a-zgaL^B_d3u24pA zrMw!z$EGlAMb=u3MGDBl0=lAsIa!To?#8@a z)l`;Ctua>Sw6!mqyBkZaZ(`Os$QH`!(`W`qa@Ixga{;CU(Bay7yVVIsRU6lCHr8R- zzdf3}g=>!wUSTm2SqLn%xRxW$)^%Ll#M2)$ z%%&SAjeCn&rI>T2&a!H=W}cZ7n{E>hOL_h(g>~Eo9;5=XNSGX z`m_iqi&gjDqE(lt)C4BoZ;mqQ)_kaqW9l(5h)K7WiD%6@VAFk5rs>i^Z5q%k(6QE# z#Lrh(TyhQYI{SE?y<*c1@5T60^A}_$X0@3nWgQizeDiL|aTlQEcs2$dY5YZ~DZqO2 z(%=qjiJohZ3+%f;@`tV*8gQu-B6H_e$b7JQ~?-yM_CZl`W>3!p7v z_~Kgc4;~;^-fB9e2H84}+RJmsqKI_k{bHaJ`hR)O8O#%Tjvwdok~%-&Dp-0`Mh)r3 zALLnqrMI?kYSGeLR3pj5AeLU9Dwf{E=@YT^^5b@eH<;OVz{I=e3GqwSiHWzScWTv? z-zkHd?5ydSc&{<5t{gG(R>*LR1t>-8fucbyFz|L_ezbuJ_>i6h2Hw@6@sJ;-+jcVt z#lXwGYcTMB$o)qfc&Qd&-dnNJxL7y5sWNYgf%hG_b>PoF-#75eDMJ-oj9t3vU6px{ z8-(8Hp@D(-e|-m74F=x(4l?kPE8lqXU<0o=)DKt59v^TO)(bJj3HYSR$i|H9>B11E ziPI(vm5S2_2D948B6#8Ik~WX9foxMcmsw*R%3OaqntQ;X>)AGrZ8lajhwq8z?)2v{ zamB`Y2WDoL$+u(F)cgLVgQi7eV$_5vu4Tc5NEIi9zof~8$eNpi3Gs7(LL}6M za`%_i1*0ZI{k@~z9<_ag2Tumy>9c<_EIVj23^Ez&dnZ;+fHeP;XF~=f<<@`Pvmt}< zFND7Y&xR0wJ)~a$jH>Ld+UW0xs(2PeS`S$YkA1>?Uu>^9{@KRgX9707q7F?Ta_oRN z-WzBjty*II&_H~AoiVw?s-fsz9pXyTG0C|=yq4>IP;OsS8Qodw{Jz}7TvzH;JnVQ6 zIo`ug^^UNu^fwarQwdUBe>2gfODerL67ioWFfRnFb`^Z3SN~Q_60Lk30USM}uma4` z%fd0T^>C&z=AXitUjgfc5aOs~k*7RjZKYId!X83*qRmr`V^Y98(BHkGrok4YVVSXk zxLMUKkJ2O;CsrD#B_4%lqakXX7Ukvlsn42%Gi-Rw#2s1dRXO#MIM$G6J;oUmu}hi! zRwcSbQukSjT#>1r#2ONXIf!m7pEQ1!NeE@&f`lFm*cQw5f05xnfI!&hZj(0oro#Hg zG_N9G_E$ zg;NqWXFTq!?4Fw^H%B*C?Wl#B9Jy3jp7b%%xH&D!IZD~50`7RIZl~Iph;JF7qBm*` zAPvLtThWv}vrL*h1@A%r6yZ-&sMhy6k2&CIUToxJMm{|`KB?B|PG{ojS|fkFFfH*k zlLlghO^pB~^ZD9bcBQZ>v&g2F82Q%Pn(P)~Q|3L<8evoGjXZwg^A5O$^UT>DN>Gb| z54bsIG!Gly!!p@RN7|{D)GW>&kf3VAXukF2r>q|lnMNAXoUhB(uN1k+EXqY>HbwBk z^S!}nZmX-V-&z!WszvZQF(90|YMl(Lc)mH(Oz(=|Q?0fd%{2C6b)dD)FjabPGCfx~ zIp{ei%80jqS|BfuIUp}CG72%HFl-crQ+b=`v3>{mQV>47)ky2>e2gi4uict&7DgJp z*eEpS8X8u}+vt7K29fd>jWie+hu}w(awKO#KaCi1Rv3lWTus9kc}4T~XpOw$dY^|0 zvUH|V__4grRQkFf+M5v&57^Q{x!FwI^A&OsgBSRGqrkviJ8EErk31I0YX8ly)oAPJ zuI~Eyf)b8XDh55Nnm|~*&B$v@k=GUlKKQ00YhOj6t)%Pw(!W_$4#)IAQJ;;cNgnvX ze$lMlXv5pSUo@*OdfUr`m+++!@wUTV2Dn4uZ7=ud|AWDjgO{B)|09sdu;uDdg~KW< zsMAHPJ4vzN@0Z8AgN3KdTBKLV53=y!XE89VsHbFE*sg9@;(_VeHr{Cax6)XsQ&iOe zd28p0XNnh3b{p^)NV=3G$(icw>>1%Ou z!QsdA@UNd~wDopZb+O+3dohcVBL74UxsU#hsMQYrkBC}rEH7=(sK(y>Mt?t)-(s|} zytJ{rw4Y+M$Bg!2A@A9n>W%hOWu8ueb1_2&jZ$Z{!z|kKO}XZkMtf^hP4gC`9omxN zeKw${U$JX5Iy>5{$9&;qvVVZ*5XE%_&oR$z@bMf)@p%=l?+jcG*oesfX&=u46^QJ= zKpzJ!ogU#-Szx|il>Frx(2}eTw~V5V&i8zA#4d^>BPfg_S!`v@1cgCIcljucB2_%+ zQ-z2lHts#2GCo_RjB!TimH&#vNEC4xBB387kO&S#=%Of)ETEF1&%G1Cw1hqq>QbV> zp@&f-_1Xg>b!TsT)tLAHvur^a!@rX)GCcQRWQ#-bsuqQ60r-hf&D}d81?suB^cFVy z`=P=XqZ3l-gcQ0@HoAS)cnTKI2G+su%SNfajiUBan3zS2v_eLAzBSjj(&%n&t!eXl z@(9C%0}EecCpe<5MmH?D+gBtHK-+sd3e_#Jo*ss==N)Bi1TD#2t_9&X0-fpkltu+P zNEQrWK}7(J_zj<8#75BFJ)i9KI!>l2@Q9|9Iow+@(Z{qDg@WA*sbIfwH(xKu0?SW= zXnBPJ`XqLrlZ~F-zFvNV|uhv>2!;bBl*qJVJ%JC(Gz=LrB!CgSf6~67GVDtj>JanWd z(%3(kU)|ObEQc`PYoVjr9ofz;#_?!8^GoNMbKMW3*_-|Kt#@8Wp>wOT8BpTkr4+;D zm%{b_;@%6S^BNqy2Y`vabju$9$bN9*fk22mgLsHr{6L6-S5^N`)pu>k=#`j%yGfMQ8U6!*8Z1_c7vbOow`s5+GV)=Ez$;l)VZHLKvw5!`+$;iIg*i7^O9_qO zM~LA05$$aN1j-|Da_9zZLD8&XO$1fpVvRm1S|HHiW*p2g=izc2;h5J8m)u1Sf=pk-l!fiWh_T?-9N#9!2~B?l&u83z8#dxM}i7^ zE7;YMp1~Lx-%yn!1Mu6(>i)$4qpo_N3yPpML?ZB}OsnzKh^wz{3?91HhplyBHJwaS z0W$H32si>;TWg^}+7l#YUcGf2Yu9*KFi#kOX`2N5%YHV-MM#1`i45$BgwD(<% z7V8W-WvFM1@#TMk+P@tgdegUS3@|&MKZt1zz%+h*5Yu49HZWx`Qkzo7#CpOEJaZ!K z`Zz58nCy*w{rw^Pt0C`^5CI)ky6#OoNwsB+;?u0yJGT1^JN@&K9>;L+Yg03s-Z~$! z(!bEp*sS4qiUdbV>o}9xb$|&I5x(F{!sP3HzQh!eQJYxgOVDqJp5yZ+1jmYf=E-}> zX=?sn`Md9%{;tB`p1T(&H1Y4mwOP+AV+MH}3Au7EM9zGF9`3av0C_#&uPLK4u{Lng6xMj`_S|;#$*UE-{3D26a7hE1giF9T+G76xTZjX zxFSsTdSy%w7KpQDfhcTiG)R1J%n7=7h1qI11Y`MS$qdG|VB8qUVL2>I#eFOlBu0H# z?L`aHgL@?jYI3hG7?b~^jg>>JdSQpOSwq2+Aw%#~5uJ9J^-m@1N2m3jK-zl?X^$7Z zTJ?4GtG?#`CC0`=2Yj%r(Am*Z@L_FKU8-*ikID6)V0@x`Jfu2d%)pfKJZ8$( zQFTo;x0A;dlYg`-lAN`x74rHQYxJ(u~;ygvOCRQ+R(Od23Y%xp5I#*BuTF*RZoBC=A9>8dfN9%8gt0{O#+ zDRk4#3}B(C#Fl`U*xS4qejy$oiK?86=+__EH}fVT07O=be!hOUT5C+5IX*vdqA?Fb zpA?^HPVoL7&3~OvS`*whk2z(G@}n8o(M23>w(g>P+K`z|=4l>+mwTNeDF3Om#uoF(d7g|BiiA7oCwD%2)P`c4;}$h|n)YJG)!b@=ykbpeJc%c(?F9%@WQ zmONt~n1M=bERxS50lnTKoyB5yh_w*KnS&Xt2S>4g-Q!$$oG}$^;YGAqE|lma#zC0Y zH;aRFw6y|wCI=;k32VPNMeo3$+F=YK*ETRg+|Q`6ZLQUo8;=1}m5bM*;z(NZD%Kg1 z+XcRk9I)EjqK;G({V79iyS>ht=-+QIPS#dq2o0j2Ksfm7$s}YdGEd3X+l1~I4+M^7 zgk#gGwS<;V7k^QF=vFm2jV(>UUW}FPufHlqEmNte?HnvD&rVbP6 zgHYHK&W6JBRu4yjiLC<}*2|}SP1YD7lR$sVW!k3mIO0}uDNT0P9EgOP^ z2|j+b+&%P+n$SCOqj9@xxI$%ih}?ZO{e^4b!)Wi%eYsms8Jf6-FrlXFROU0>AoTe_ z?*1@3^dp}i55Zqwg|H3;oDH#rzU?0wi6oN>4&O81lnM@YZ(4Q6@cjH?jjG`{N)6Sm zGCIdXFO+88p%0@#&72?`TqoZ43f8G`sE#ae<6j_Fkh~$`E4W+47U`FAu%kepSk5wXIfYO z5L_OP*9fMl-?+{@AU2hEuIKiTi$CRf-*CLAininLB-|IocKqE$m0k5p!u@O_JRJg^ z3A-WfJe~n}NSB4%qAOKgbONaw{4<21CC-s%2Q`%hBjo9!a6ArAiSu>W2vKV%fPTKTXoz1M66B7IFKfewP38Ibra(Dq*bvYTmdA3-A zex!}zm~mRn7(UrJdxR*5nO_${4hJR}9_Y!5K4bWkgr}u37st%rfONAckulW+`3{%B zw@Zv+=yea*jwaY)==1)M(dY0pYEtjyjp&OFcdE=?LZ9~r^hqe@13rDqDMORDPy@Q@ z0hJM_T?pVxQ7^pHr_W*Na~O&gq}F$|57AoVZ_gb0ztxyAm6W8LDr(E$Lc^Y*?R{4D zotDk0*4Eh7U6hYDYky0P**YK{Qgg06yfztkCYY5`OQ*svI!pqCd5uc~wjAQWQ05xe zuFJ#$fTuX)+pEr`bK#v!!SHWpy&tc^_CcrDs}e35i?L=0ta&Ons7^Ya4&@ZkAHD|VAPdOqGmBvp>1t|#xtVV*^y7T_RYKWBOPY^)pqB+z?)q!)dYmzX z2)e0LHzIZ})u9J`l5KlCI(4s4vi@BqdRVmIIf2l!%34Zv@BZlFOW^dY^is+`iSqRl zhF8gwFyn8^_$S&c)$>?ci{jdR7R8}JTAPKt<&YqHK$0a8_bJyt!?kPZ8hj2|OZ&Bi zE*urSnlxfT5VE<9YuCUo`9;zt{E};-y_bUNa*RJw&hWQK?ZmAzYig>xY*VVX?4AEO zUGn><%dt$Cfsaj>DpGCg96V-Zx)3Yqr_@jT)8z~r$Ak!`ODo{^;DxD9`@?dCHWX-Pyi-_Vivjz@bQ24n?|j5Mwt+6EzxJG$y7X_Ksjd zMM1!mMHBv?XJ!xLoA>=)|La_5W_NbVGf%ne_rC9+cu8k+ zd7R-nkb@D_hqZ^6N11q!HWp$#NdqfDl^h=O>?wTyE%?-T>&fXBp@jJHHGqe9}5q^DA#`a~maVL`xucZ=BfVH8wyciI|XMV6G_= zS+^r(I(aD;d3n694YK}u!=(QPX{=Soi;9Q-cn4K7YBcZf?dD%HSF@Jga+P62wpZN{tn5A+HbQ?y-qfWow|} zTb$eUW=Cvsn!@dUGThZ}cABh7b0~@^>h@rWk)lRdJ}R=6yBY{9qLmpc#sY=}6oiF?$(5Yd;NX1PC=sPhF%z z8^y3aDiW1(USSe*|C#@Vuuobd#ta&}55gwY`@tR5``VCtPg*6$bdUXo^`RlcPwpVX zmxn}n5-aCo{I5NMI_}Bo+-K%d*37_~Io6uVX*0Ro%$CWGQ}(fD_L^KXY}$%G+yTI8^-XQ>*tw=XHLjl=SKGkgCB3T9sDu>3U+%ejFy7sYMA25gK5 zKK6Y?uwjPxzzloD(7D(mPh(Zfigf6PjD@a?X`wNt{Kya%w!`5xOYYUowefmd_Re+TN$9pqHmI0x7AYiO}tqN)}nD1;WvEWKjfxP;b( zE~8p9L?D#DU7mM6X+!2dBBl+R{tK!`H9adz&l#a~;|`(p{BUxaQ$|lG=Ywp0O_Vlq z1NWcdwjQ(oQsHh=MU_TU#f&<+1h1TXU>;lOjg`->SvZ_@Ct8= z`a?@U?YcD6=2PGjIuyr1r*nfY$v^_l0Pf1T?TUoah?B6u)1fN$jA}_Aukaa@2$ioT zF_&CGqe89oNMovU{*a%K;aK)hk4z1-bpM)>)x?t!ZHU2yQR>gy9%g<`qz3Zq+amFn zQGWY_908B-ZxKJ;EW{S!gg`UY)KMckhId=ZOfmHbjQs`T2Q^iXx=`HUO#y1{bUodjt}-f2FmK-OU*%xB6KR?WPBi~R2rZO; z|9ON4XZery%d^CZexXW-?K8v-tJXe>7rB^Ci128pR09;2k9kzA!MZ<}kM1`rN8qwK z-Dh%UO=n76h3Uw?L#_~xm7n7D%TUpqC!p&P)^aqLeA+je}hcl7;|982k= zSXqYb#$co2%I%RHIRtxwvHF?dh>)mk5m(F2qLQfTehiOJcm-_1ILzdP49bHUj-P>s z{dJ^TY!NU74jU)ojgTZP(@#1(8KWPN;g?55xI26m-LJRBt*e1x6oiMd1X#Y~$$mFF z4VmI44oNNgSN5h@qtG`x`Wo=%?M&wW8wGXXutvWWrl|ldI-76$P7(i`nDT_kIvA2c z8|8S{A^*haevCOcA^b6~itJl_&wMJdl+P?5?cO4?--wFOMdEQ0^a@@UfgK1B>^(EX z=qg{?Vu~ca-WbEuy5-3cEB`T8q`wKdQjtCQNrA^&kPZDnlL_4z_9+RkE{_uk1hGL_ zD5^nDC5S66e&$^zzz`k~izlYU7YV90%ojrFF_~v*yr7ez&0EmTTh1LZ|wKq+N~Q;`VM zggwbiQSs8S8Vc?iR`YnY8)foC=;eYE&ev+|ETX`vVELF`%4Gj!$DQU+MQJ-#uUR3I zQUH6I;ksC69t=Nu4>93g&KK8^H-cZ5OYaWZeV0sJCxc#IXKs<$tMMp)!r z0Opu~$~pauq4}p@xZNe(HZPMEmR{vpx7%TqDZZJ07*Z;r4bD6AmuCKKm3729NFe-) z6tXc%(kkaANQ^7@H81iH8GB21ze|R!it7HcL4TI<4buKb`mYl2k5kgjt}D&!AQ^`) z$&-lb``GBXW5FUU5YA7SPYw=B=2LI=S6hPuTP+NL`XJ5;oS#vhquV{76x>7x`2qbzAmyxSMoj*U6Q?O-u0=7Ij+v zwRF!_-503rzh&^Hj4e}sXXZ`r7Pj|~roFpI-QOiQp~dQrcnnO}&w&sW^>5YQ%=L_S zi0k^@u`Jb6P%s2}Dv)32+Y`2HIp1#IuF1nUJKUNye0;e$+Wjj0GA!I)6&*S)+I5D< zwu^8#H{3Rd+v5MRy)?RRK=^aNaJ$ELU9j|ZIqMu}0M;6)E(VkiNCg#wm+I`5pcXR( z`otbYUdQ_xQH?40sVs^7W9vD1$&Q1MDbSLpNE81y&>K=$$O^B3zpP?+Js|*NlsHw3 z)M+~|_|Dt~6lLsO4xe1U_n5PA$@X^Al#3_u^8jZtzx}S~xASyX?^(?aYb#Xv7u5dk z2Mt@NvT9(e|KqB2oASOUAt6~$3O1)JHtS6A+g7t#VZH*P32|cso zk~qx!s+CMGqxya+*yk{0I3vVWLKIl6paac)jdJoi3~@O&N--3+xYQ7?DQ*k3GOi0h zlIb8Va#1LUh*XrE6&H*s?x%W(IZ z2zSp#-@b^x?HL~1`$E=^z9MC zbFY~pH<Pf;^NiG{~m70Y02V4ubSGgxMcke$(zN?1Zko+m5d` zWXdoR^qOwmb|K^AWWz(MddB(^p3#?=IK{N9+ioTKAhe5!#|NWYj9a51$D5;XdtPWF z$Kw}bw$cA`t)<=&*g*ErJbhtLM^CxU&fd*|9X&thc02o|oqx_Y6oJAo>-q7dp0++^ zXVtvd?f65u$3uz>kUSiMF$PlJO+;8|I~qd%oA;Ei5rf5>!Wk+;r-<>l-;F}O56xd5 z_B*Vv+{0tyS)bljBN+$;8D1@OSUOG^FVe+ugo>e~3u4) zA0Y&%w8BhGaXLbB2fQe9FR?1iy$Pi$_vCMcv3?oBm!HhSq3WL1%ECEW=Tr-iS}TrS zBjj3Y!$XDEiqsm$Ypcl_p#xKNB0)lp0R7AFSnP<@Z+iOVVkdE{lUhh9c{qBfO8TLU zTWP_#kXEGmO!YkSHOB80K@Xf04PYYt$+*-BRWi=>KT&cNbHpXlx6RRR_$pbjE{%0T zz$x+Fpr_nT1AbC&z?eIooVrxp%b^{V`yMCzcPIIT<3H}iA9La~9wKQt`qc_TdzXksZu@U&+EZ z#+Y9EML|OAExe&YMV0ie+WHUKCH|}XZ*X_&{u|xIgKlaiK~81>zleseGaSJ98bS^9 zdTFhsl95qG;D(QI?T)3l&P~L6KkLSyaCu?V6vzs}EofB8oRm06If2ab+tBZq+)!Sc zyS7x-R613eN}}kilQq4n8>}ZN!IxN!;kd9UMuMetW0?zL@@`+><0tPXiBCpnZugTS zYyC)AhX`w(uuachY4BEQlS1Si!7McSPz!)WYSHqjQIF7T3jO*g%< zB~~5*D>#Uq@?kqjDr#_p_-R8^+dvD zI||T*0qiU!bxA0veZ#KGdIQTSwPw8R;N6E+5r&9~`2LAMN&2~oUM+$whSpBDKiI58aQlj#elvZ>n;M!^i`u7_jB?~aucjtPQk2EinN zB~TUGck%$IZ)Q>$n*J>`y?`EGYe-&s(UV@HggK)Leh?Cyx%#eh1{YhMf~M&oGbSA8 zjOBD1OR^`3ZIMMGm-w#yl5+)o4Cz~PIOKZMVS6zUQ>78kfc#22*oK; zw#(J6DE0;Z`|wYJXg!B_KN)X+3Q)>*rXxnt5wFV93F0L8G7`Y}qIiz9k1zbvKEBUM z_OJS%_^p4w9CZf1 zwy+ml>BYl%^#%|e(CsefWerHByqp~M>d9C?mJ8A&OtBC3#!wQx6ifQ?7*`v3MwLCp z`AlK9u}WZf!Z!--L4AxGEj;55N5}9;fo$t4+jow|y=*H0iMXRo6|@$U7EPQG^AkCh zQGJU_%G8#yZ&`-uqNaZMA)(ns#JX^$zm?0otpQ+72931MGkEYQz z=&5n`V;PN{nh+jqOgwWQiE= zd7j<5Rc;gS$X#{yo~MZ)rQ~Q?GpA-QbP8fM>qlfOjD^XL3@`kf3>R$&bJP^OCA%vw z9?EmILcSLLe{uL{F7o;iKNMwWN6tKX386I(X)h9VxZn8)I6gB z|JXmW~usUo_z6iti?^?)j^RlypSzR!qmSQ_7u5fqPk^WQ6bAXA0qNlhu{ z$&I@7pcLz{+2TECV!WX2HL|c)vhA}@+7HWt>k!%mFSbko!4TD#ii01M{zldD53b&^ zVvhnO)C}o2i*#T#re>iIAltMmq0=Y%=k%T>`hEl>`mZHAkVJk0?Bv0=@8wmVC)}kC zi9F_h0Ykf=tn35Y5AWDv%b7_JSAI_-TL@h|u}3U=2uW)+fgT-sY~bR;B1{f z4Hzq(ggCI4vExmRl!~45(DRKl3YlE(ow#m z_AX`rS&g|*+4rj4eVia3;J0*mx81}0)clp_#~#%2htRwIKkJc8jhW3XswAL`UaX@r zq7l?sk)+h7To6fB#VCRr(?Eqn7Q9YS0`M?r3X4!?VMYB+gd#~w`m= z5V&R>GD}K02uCZ!&>?DBOJO`B`-3iEZLc?@eFKom7=#&YNXp_iA}{%SeiOZ+h^*k1=>GF zpM0M7ud?%3^k7_jA!jX!WPlLsdaB`6-Ox41Z8E(+(&VKj8mz_`21(OLQjCZfF#vxN1N6Wh(|-(8KgRo&6WkBcL)9$v5L+2bWG5W)z?q9=@UUHY)D9l8(`yk3%#baM%xCQvLaLoT>4Yw%07b_~9RgB6>=;uB zVHqt&JV@(yhWs|COE!7-Cw6?R-C|b3N7~Hkq)2YE)oWolHSY1QR`2NeR&D=H+mD6Y zMu%_j>1;!}Q+J$wnRryIM|2R13ifk4{g&PSQjbblAtq7apoae@Igb5-B*7RO&F*&u z>~0>NJln4GDh<0p%aBiFzX)H3PBw5vPb#%XIKjiTLJs_%X`W?*G%yoAaT!8@6L11? z!jvU9bNV62j6#%qkZ}O%`55CcpA2)+>Rb6=^4a4?KKsydtS=qB?&WL_`J;Ex;8FDD z#Bg%eS>HLOOKh>kcJGEZhWxndV%uJ9Ph4XAH#zz1o$?wt($G|t#QrSbmEqh^$>^Drr7`*wHb2^a}iL?1e_C9=QvC0dK4 zZOoM3*6pri-RFiazs0B!|D)y8$}L~(mNwerRone`N6TNb?HBE7uiE~cx_uRV(Rq}} zbFYDDf08{qg_Q02-oTVfk0X^u&dsB@g>2?blW@?$hzGD|4noq#s4>{Q`Mnls^gdz% zfj890L=gGHEq(0708qPKWE0P8d@_85qt|qCg#dA*NjsDpFL)|>n(G$%iYX19E-T+m@8a$xm&pc zzi{k2&%2qD3btZ&Z{>`@EU~M-{7vpWpe`~zGib8Ua_yU3?`GFN)AbsiaBnyIJ){Xq zcB%N}0doh;cRppY5z z$1DJ3xm$&11RfOnR4M1Wb^h)~T`|V13$anmV32!@nY?-lk6>10V7>jt7{;>Fj#GDM zG;FtTJnzrr4EUNKXd7o42H~Wqa8f007N%j=O9jcRvO-HcNT-eVl2au*?>|fdL&t8H zM#prX2eFO;WaSU(n9*ah-wRT6^}lxLnmFp6M(g^RLwV&ScUmnLMR;3yCu2GcW4ciq zeSLuuDUGIldkn@IB$LUfU8ua#^@>|O`*FAMlHQLMcro>q*d=wKGI1aol(gW1hpdh%-x*yn@_WZFVck(*7Ci^#OH~Nqx;R&2cRa$-`0JG~}YJqkd?3}k< zxIeM}8c$g3$i0aK^i_v#cS!PT?~^Z5m`Bopbas=Xxo^8TCfpRTHo=I1?1-BA(!|)54kz6Zi#B^&_5;`d_x)iG3M7C#Y28H$UB#hauxJF)ngA){=v*6|)sB;f7!-87suk_pH9 zJZjZ#QLCDFZqIqoR=UL;$P-wg-Cwe8|v#m6<1Hj{SV`bf5(kzo{`>v z;@(GbJLS($P}cslo`>(a+n~?m-e>W#pU3s7iTqg!@y&mo@vCid|J)$AfSZLk6a?L- z{8Pk%pC$?>#jjbz#$E>ez5>f@4RN=u<~$z;p%1p>OQ{rxU<2C~qq~to4i0}i2!2j( zeUA4f16|0Zo)vm8^$~FUsd`wjIgm`i=3S^|8TlN*1Kj3 zQic6Sxn7D5@?#P1wnw|-dSl;t*|9zh2v;FhPk`xu_(HJ)B2cA<|K@5cFsR)cZWi@b ziK21y7zRJzFr`XD=ne|^^W?z@K$Uc0*^!2M9l`B$f#(_jY^b5$39~;{$Q44&(LhS( zkvy1;D~A0piP-O7h~-Px%KhET1;E;}D)HO!{W!;w?Xp^5d8va2T(z+tLI2@ZT)DrwSQD*li1M9Cz%{9l|5s`!+=pu7N zl2B)@O_nw$#LEfy8**bty2wij`^CiEmlFPaL4IqnlP&_JZfA*pkFrF+6MdRn7UW+o zw{R1U*b+73uK%SGdzBmUMzZv6LVTBSuT1tdVq3!gCb8GHgnw=_e_nE@MjY_NMoiyX ztvK$71j>{zHww|$J9qk`)J`LCS1P1JFD6SbCxea2^m9ogxo(h~+;9TTT5lxRHq7G+ z#W+n0QjeI3f_ISm$Q&vlyHfJf<3kF0P8cOQ5?UWhwY?IEO@aD%^gvU z2>S+6!UGLgKz=oJVK8sxD6)^5^-YF){IHECy(+5sSVY+rl?DnyidF7qM3&V}+Eq^+ zpGoIK+0`|&>r1JKSAQJ(M;u%{n;5#?`<*NL?^rws^8!ue8`@!p-yPInj}h=o>>vjj zr;J%Rqn|RMviPWi<$;Gjz+}m`lNmcfsxSbMB95)R)usNtx!6$ES@cr^q-6s7Sd94B zV1%i2h3aII>7qicZ{WTg@Ufa|N8aVi`hEWkMEZQ@Csw|*h>9N~gR{vL+u(H)LqHU& zx$m(k2$j(2y`%WlAHkX)B#UfRZEiGfcY`raLu+P;cLev}Lj8l#6Oh~t#qidclrspN zk_sN)(fWj*MEeJ$ZyXafb2=Y>#;V{&N~piT(x*iCIbVeLxj))PxBFIFPldPpDYuIg zK03xt_VmEt1Zl2kMEATy7!(23SE9Qz>F*J`iKVhdUMn}tqUGTg{SqB0Tac3Kr`dKX z=A`CLG%iFl|NbZ=-{O996F3_)fjo5$uR5Es0ZPcL{kYX?d9zw&T-J_>|Moso)Ftc! zEN99O^daVu$}d_4l6<_jGDjz|@Q%(orfP|K#62p~P{;H9kz6)N{({gmC*WrjRY+n` zhs*T?k0-Z=sX{`OR(wCxnaIlIk9JIB zx2W^gX0?muy+A<}Dx9Cu3NvAJTuQ!{0?<3u>FKtEoFE`cw>8BYfGhtJ;mzu{Jv+RX4cfzPoBaNE_pa zd2EvTHXdEXGyR5%+Zgz(Sb{vMlh~LVMK0@pb{>l=7nlSBuP}>_WFQr)xI*etc+rlh zD;A1dkrby`-s!e=pQ;7O>Ej;NMv%fZcv_^t^VGMV8*P2RFgbdIF2-#*Z;-{vbD04~pyeMe z?-HUfUe$5Vi8kk%>elNq^I*kNP(&%m^B_{H!9u1ZA(?PKW505v&-5Vq^pSsEvZWAv z$D;ef*(}8t*|u38WO?@sH4^9S1%jV_{wL@yQVrDyS|6xi$my=i*2Pt_GS;R%rw(Ox zh-^d}^C8>)4B|t&@xH_zVfQEWuY;6fzU+mOCJ~Jh4lc&1VPM5j=fG$hej)Jm^uz0r zfN)TRlK(a;VRj&X4rAE*)B4fO$1swAjnt=0*vLN#c!_cScwHbtfqb9Qyq{1eF-j5$ zXKY#uk>$6zq?9(cX5)w{Dasa#1Fa9$)NnK}gbRRqq6%7tbp~t5AR5LX%T)rH_cLYH z?FeKc16c-UG7y2S3V7on>DeGjjUYu-iJ2D@!yBC#ZY#oVa;GDFuD8I7g3?Bacc_8_ zZW4T>%qJka{IyUHInkbK8B)=Qsg!V1)#a&cDx{|17`Qu05`!tGI-0jo%BwL%8*_G( z{*pFSZg9Vgt#`!+_k{IW$~?+@4`OuF@;MEMwh13rMtMNry-!&$fg?ELIyLBerLI%y z>s5iiigSXL$H`-=yh>XhDsf=?^Oc_!52~Na+&V=y8Yl6v%CA%Q!)o9w^ZnLTuzsvNCuH5V~ikk^Kh55^!SPE~c+hhseyQ$jl)|4vC>RletZvqQoz7 zfHz{V>TLj5#`#?Zx+&ri1LQ_6egjz^CpQRHfiOU=VBe-lw|`U*WbQ+BcZ%4UMVb~D z8wD=z{MsJq<;lP@kd>IBe&r3$DO zwN83$A7$R+o*ep=Y$OLmr94t&^m|@(+#}T8P^FH$gfcOyRfgQ$DbyW&PX0rr>v=ar zQg1a0_KxCpfaRIVYiLe4Z3{6MoFgvM zd+_$NFVOWEWGf38H3lwg${3kocxGJK}otOmMDKuQpz^x&jL8MG2qjz7a=B~ zCZ}Tu)W+2@n{2ntGrbKmBR1%H;dYS-cTYsSmi0tgdw(Z%S;$8zlqHX~w%F5U^>)b7 zp)&rR8kP(Yh_IU(~wvy z*V^BSHMUr5_X)QH!fk!HeLec2cBezp57G7(xdy?*TcX8yd9M`5$u8?s3Up=v4CEQk zdb^&ffdT7*y5Ssks@NvSZ?~&7<~QPha4-EI^^HYm^bl14mG14$#8!@?*fg!NRkO2x5&QoP7~Q)3&CHf7@Fu@ z1O71QwsUU%j=Bny<)=da8mj%ca0fbd`j3K#NGfE%f~O+gE&nLQ%|f>ZhuQp^zD1Zq z?w5$%*~0HgjE>h5g$7csLET0gp0xtF(ftaRR_j&K)6`-1>}RzPqC^n`evDA@!Ptqa zDV6w(Y>G&c8cZp}QL(1xrX@~@k4ztvsx4K~HHDg@S9nJ16BX);7atpnke{H>K*K9c zxe4zHWqs$iVs5jYNlDwC4n&8{#>gck6^6wX^-L#D^iU9|c}9M_pe*o?1pAq?f8*^6 zwfEh0B5O`)Alhp- zlA8b!nKG#!FapW!FVmztHj_dgoC##%GI!h(mpsQ8xy41Ucab|`k*h9pXI$@IC?*bw z#`I~M;rli8w2KG9^7|O6a;wlcm^F-H;}D!sIkNCgGl1>GVq7&$*Q;k(#LwDH0i*PJ zfI<|&Aey(-GlI!-u@&9B!t$oF@MNd;IsUeOSF_T=1@st{r-zm!(iOnfc_Qvdlqq9Q zo@zKur{zs%t#IvGxMupiYcCaV+4(3Jj)SSxSfTdpxwbdg-V|Ot*)Wt&>uPh&2VC=h z_&jVE>T^Nx#s>8PI|w|U>S@3)#cVkMA4!)c8cA0yQPVENu6mTrFH*BFQdOxk%eltP zdMJUZFdoL}bm48UBflAM81k9dAu=mX)Z3Lp&sGBrmDbOCYjmaM{X@ZbK2nHja-j8g zY=BdJwij}eGrazC?CY-orrWH=dlcj9C4+a}_V--1)%EVP)!oR|9Ur;&r)~`rX{|g( zV4f3yavGl&>KPbz=X#;2OB>3gNRJ4(|1fNPwNtgizEE6aSG5y@S7t*Xw-{ez|Lo1W z1Z^>Z8AVY9GzkO7GNuAUx?`3#&lGRzU>YNcjyG7t`$eoVxk3co%+T)V81|`fr{j=P zS}-rS^IS?+*#;5wx$qj927~w?2yn9GRyh|6lsj4ZvA)dyh_D-PHE>(`j4-{?Wi9sy z=;{Zf-uSEO4T2C(w+oMW2g>+5GMb3fW2tjuMP2_LD$BRJDp%$?3nKaxwV9a{wz-cy z(r%<4ADBu`GflmipL&{FaE`F!aGAl}32===H-}9lj&fzGJ%zdEOc-9 z2&v~flP@5KF^#m0@9BJ}@;t{r*D)k|k44U*zR5T5CkNuYl&{1x&&4DLp9B#}rM~62 zMbPY!rwS%~Z^-AOa-`k><|A@pvbQ36r)E4T4HxBhHZdycwNyaW+V%OCrcaKlSW7@M2l*d z{~n|&Z+*^KRWBwu5#GPhpVu(pD>?ORicyxX)&5FtU#s(HtNL@)BC%3e5trXIp=G?? zIV|4FqtN9ak4<_e*5nli2g6V(HpV7xigk{>S#(!54{?L*>~YuI)nvHT6W`WVeZ+?-^ce3w$9uzJ&u8i8UU$5uj(5J!o&o+a z9M3go&~7nv-bf7}D>i0yW3VM~i}0J?W~%Oqyw9LUiyxaB1}U)E2Row}ouRTKHVz&? zAo-ebi*_CzA&=xeCOz7=W9`|=nWOVR3*sgU$PDn=>4-{T=$WbpqMF$tKk5+z?5TcB z?3l!)_)xODJLyTO&g9J^*dLEfM}A_inxc-EiqcHkQRxwyQ04DN6mH+NSLr!fZY_2H zHWPqud4sH%6NHSzlcBC%8ed3Kw?TmB%Qt1{())3^Eo`R@r8h897Z5T;PT02-BtSgX ztGfr~{u%6iM3O_l4a9-5B)VfRCL!OA+k+zc;>Y4IWD7|-Ho5rZtvg5C9$ETKx4wLmPdddrCG)z4*9zgYM z`H(W2Xma$8igHi#d1Yz-LwV;`6)E{N;W;7Q$T&>eG4lI%0>T=-FGlC&C=3vk&c?97 zJw6ko&?Swm^tDME!V^CdI;Q%X-_8=|{*(jK{DfM6Lq z*@O~~KAh*|M&(D7-=~jmhb0AG&h2CAKG)-C#j^8cqO^Z-KyH8X4DNzD+@E-VK7xZ% zL~~euFoqeJdQSB*Biay-=t)T~3`esg8ck#F-hzQIG$YRmx0%ftPSG;ScQF;#-AtFY znxfrq3IoNlP{%3Kr-VpCO^9CSGy^d>T7(%lQB{p7;|vFe$Il(QMc$@(#ExVdKUrna zN*R;ce@|$HG&L9+ANY0F1fOg)p%EbR#|y!l}LCauDHkDa!R_jV;GaUREVx zptUHRr5^u2Iq!*xgP8)maq0|lKpK6;4yDn$^_aNzT2bsE?B4_k5qd2u3a3c==p1QX zuMWc2-zjlx#Bo)>+Sg8t`SF;n{A8H=bXelwe(*^btMMVC$&}VH}mQce`S5 z^#$*i_3ge$H)(mO$sMFi8>RaycELe%YHitgjx(c0V#XOK&o84~NRx<@HtmoXOV2iV zm_0S=lupNxg23U(CWO0$FrH%CO5kf!#l$IuM#O3Djm9R4zv6uz`YTovRL3g#z_HHL z6QsUZ=I)W|Zt1O)%8em3CLS=KV~l1i#HoR1nr%WhRoitzW2z-jHH}2O-AS>&-gZ|) zHu9aSJ-ZFk=|G&yg}8%0HM#@;6(Z$=-6*hNj6qh8@?U>vRh*Ry*H;m5I;$@vx zMeB@O-9rKOT`rsr!tMuna5(kDcE@$jJtpWOSjESS_ar?-g#>E~(;T-QxATZS!Qpu; zrWhQeAFI$InqM#Xwe*)7v*d~ID7{rp4&Q|EG>|W-UwF}a>rP_K+x5_T1WVJ#^UI!u z^<>zE+zu6E^i{&R!^RVuWcvF=rowm1dRZHVYUa(F(3v0%pAj<`${8J&?p<^Wx)?9` zEM(tALc^01#Uu;cFF2%Tmn`ytW9Ga0EYWJ+9mmai$wIzZ!9G`LEA}gR;k6Vi4$t=} z2)0lbI;?YSEWVqS^RCht7vhTx{yWNkSNXHtee8QO+M&)d%Qlm^h0lPp?#RfyGVJfp zIQOwvf62(dW_+pEWP(M+g-VxW=eNj(Eu3>vi#&&89J!=LF5!s0yv1G0UR~89m$z`$ zH7&uVX-9fjrsdUXU+QJ){Cxp(KTe@G$!^bVj+d(;|3{rn)bb6>568;S(m5WJ~aFG{gEO;eKVsLAe z_TZE#VSj$RhH`u(8TTpSc%=%f1(V@m29(%O2GdM{RN(_z+z+2bL{}E7Vw$7zLa}&2 z`Czf|JL@5PB3N}*_n}h%Qr>@*O10|z^IC7wlSwBl-qMM8^_W54(!BV#Fe`!?hSc)OFp$R=gm@c({tjEJ!yXcF9Z;bOfSvHugu#{hb--eXL}TI z@=X~B9G|V7_cP9>jD9iWUELJBs!6VFN?qH8fhKlPr^m8x)P1T4#Hg9=k~mWoJpY-_ zkp2z+x1au`%QKWOu`}fh-tDrV?(~iSJVnG_Urc5w1d5cu84$JU%)z4dJ?)%RNpr8s z%j@&;>+;Z#1--+Y4*frFn&76V^d7S}w9u&2W4I$0um<_2V)KHrm)s(eycUbd4|$5z zn02Sh(W*a$?GI{<+#UVwKzok2Mu=G?TiW00Px(Q2fGKJ^R!@=Np<+yefgAd=8zl93 zJi3$NN=|GFeo9I1xz!>W4-QUOq#P0;c-a`!C6)OAc@T`cNpi#Ravf0N+(Okr)%IFh z7q2Zg36dLr|8qv!jlY9vZIOSsLoeCX&2plpzjdsa>?6(P+GLPwa#LO=4OffVrBt=O zUfb(HQ;NUoY4>aO7p=l=dXpji)j8Pc5Z_Mb1Mo^(yr{=TzkYx}nuwc3z3l%l9e+;y z&+7O(-PcGnhVb1Xu{SO^?vu|&M2epm7!B^BXs`XW@D>Pj;tYKYOKyR2!z!>P3NwQO zOY$o@j($oT#m6kfIOQBSU>i4Y^&h>NBDWtP|G1ai^-IVVK@w0oJ8M&teX`Tryb<$g z1pLs~KVvq*8DzS#%m=ASXq?jHfqjI|rQ6()pBL7v-7NixS(Wu6#f=vR77yI9{ubNT3U>(pGx5A#_l&Kcw!K$v z6|_R1Yuq9lk%zg_7C|wVD==xZUuVsVI}21hzTKR6ePeJ|S|FKs6O5WO!wT$J-Y%Nku?0Iv#UPY2w806mSn1N|gIN7qi%7=a_c3yf@F z@nV6@gl!t`mo0Ykc}~c=vQWbYPB2_7%WrsmFh|~kIZ`YaRIi^&C`BipJ0Ek7ABwXS z;x#_Eo^-GG3tZGli8C;uj6*I+Mdg({iKlNDw;8^_TsAr08VMS!kygq~`L!X#j zQxD0HOs=VmM7UcL?Uu2tx4^h|*N(hG6zA;d$fg~iQ-$W@-sR(|!T{@LujIL}IW=!! zqEBZNvbN+^BwD;?bb<%m+UHy^<+&QJ4TmBv(iB~v(VqQ8M-Sui%Odv=yXOig7o=YL zf1Lz`{X8cZOTQ7FH0<9#cM4h9PIuy@1>C9ZI6Bxb z1M4M;wJs4+7-_e0!>xBsFv~k`?p?RelsxDL_{XkNA8IfKIWe4Nv6|Y8tBfE_ zc*MtEw{)*^E0((IO4nQNVydKGZCUgk0j>CDWLAA#0GQ!$H$lCKz9C}80|m(K=9Bh% zyFAF!KvlMx+uh(+T<@yuT<;!NWk#col>j`LSjeW_^!)f-8HizSe!t@Gm=KtWPm==P z6kqPvN6J^QPV_wDYD2!a$VDpTg})8A6`SQg7N%(+p2D4}I1=6uPk%8;81C;B6ZuOh}SrPU_aj8>9fe)zg60 zrUCQSn>ag(xlU}CzqeM$PQuL65lB9x^hD!jV*w8U=l-$#%7T8Uqpcl%E0 zt%8Vb4o@J}-Ky|?2shZQ_9P39#;b7vMSR_c4_yyV2pJU(8p~WzNkHfHg(}r(8 z4rO#>JFl?$Fx;<_!Iqy>I!S>{735wkJLSE zblt(lQZ7vqDUbiY7kI(>p5vua7_(^{t6rQGA97lv)QHy&lV^ulc%$wAO?el1rK{@_ zSJh!cSW%a}ysiSZ!E@6~>k3!a`77#5*VK*b?RS}*4c->0uh4T40T5T~3TM{&7t|Hb zugjU7SJ||EkkfGTDWYpkucVx-TNfHi3tiq)TlrOOMz$UAlQxcOmca#LTW#UrweeHL zPb1m&bCVc;AS%C6j8DcDgc8~$-!>HlN8wx;D1L0F!BYbD_g74W17fknzH;}VU-CZ! zPzX-i-^j5XudQqVGnhP*Y2QzemV@Q+=6?S48nS7&KOlg$)^?7r?~FC|IlQqx*3ngi z05w`YAo|jXSp*(TmgnS*gXA6_wKp;^MUud0mGEWI>F(jh?J8TWwl5Rmu4a{e91BLE1RI6;FL~sKzbR{Bd@?I>gp)@72x7w?t<619 zE7#Q~AFj>mHm_*M(xn*6tY3vq!PYN`eQ;jPu}QkVQB3z7e?}Enymr648#+&C z{Z&vX#VKNv8rtGlHrAzUZP~vR6aZ~HCQj*8F<1>L=w>ITy;#Y?;Qqcp>O;R9@9I=N zJQHu8!acyFm4)G7G^u7=mg4aNn8So>Dm8Y=-uK7-zu?pu>vTASjh+B5StfVW>H5@| zKphuNg2!Tr-lu>(ly58SB0u5VsfusC8GZarBjl?>9A)Ogx!6204jC^XAQ}L}#}Zcj z6K9ltl=qI5N5g)m5?FyZUj7^@`LNo)4aeY<7wY*rnPka#6c=PAyNJtWU#rULpQq zS^qLK)kL75nF5>l1-VjfI$L56C+mdCJn(RofM6+sE_^G7+f=wsZx@p-JsxUsuPg$n zg_@jH%!m6qke4i!r3-m5fy{Rx-;1IA9Ta|AKDWBmT+zrm^Eii!SB0AlT{(MakzqtB zT`}2uGco?9xOzVBP#BA_v|`{n=!?BE?^D?o$Av>Q=;%&zkOMBLHz)}L&>CK@&Tg!h zTdKXy)#f;L@LFrjza^a7=c@D1R?C;Gy^Yl!Rq0A%LFzGTtqcs2dMTb=5!cu7xQ-3g z@u#a3&sE#cR@YY9b}rMD_09`V`Z!*^uR6H5TCS}Q)>QZQ)A%Tf_@g5ozqGnKyQ*5= zRqg$`y6D&s#hU*XYy6k1KQz{0U43(P{MqVwXJU1=y^;Ol!QiXo>PoDMPJO&#bh>Gm z{L+^Hw`lX2pNmzv=>>lJY=3fOA-OpL{a{*zD9#`2XEm(uK8fpmwEn3&+G$e1&_l!{ z!sT=TvGQy3Xpct?PXQIkQE-RaBZ^F^Sr8_keG)h~$(o;oFz%2dP6u72BufC)IFR-3 zDO({C)vBwSD;sgS%tObmV2<5n*8JH5ZTAOKPU{GIdNRv?gU01=&|U<=nB9ZX z?(*p1kHceEMPDw8b|;6&rv7j%H|Xfd?{_+WTXe72xel@CPnn$rd16ZM3HFxyt$6Ou zxcX;2`9WO0A5Xs-?~iPmz&f2imf3YuV7o^#yN>gYmB;zW$orMjt+qcHhiLmZakVY( zzM{odZf;xLD{zxI`;FRtS*wj&huiGSx@)8E|1vduOC(v~&L~&FN7+!}qpCID=Id#R zX{Bk^)77*@liWW!&D}*Faz%5`nD^LGb`nCdAU_eW+&w;<#hnwuEHzuD>@o2Xc1iWN zxufj0Z$wFEAd-G!Xvj)4A0Cv*KaORQGm*3*&Kp9UCP}~ZOa5EPcy$u{x$K8xSN%qk zXc6@1C~>Qz{*JY`{<(ZGXIVg<;Mj4k2682+>Dv;h(CBYD! zPoa<+t|%+6$AWd8DJzW?e6T)Mk_H>W8?U2y+Gr$EQ4VfBYrPm{-C}ONF;Vww zBK1nb-jqliDs zGXr%NUakMWqiM-KJGbN+0({MNR|a)g2dS$9b@fiyrT)7m_k7=y=I=WbSpJTdycNAK zj&U(Xg&juZhmE?e7A&Z z_YINSy>IwsLG`mm5vIM=gIt?X;SyzOf`VLFz|>+`2$L9C#Z7 zoEZ4t(%TyU=Supay1g}F)a^=ULgCMjS<2D%%U$nYWF6arD*d?U5 zWMhy@W`dI#v(rr2(ht=40)2=7Vwu2qk>r1( z@VP0}Df>vc2-p=eV?kdHs<9E2@K7=}NPqM&{KF~!6QepUT~{;~B^8>__pv@q)!pZd zyM6U=QmsomcX@i1C!MUqAY*Pmh!}r%bLi{Q;E-SFGZ3|}|C+5~naV^tnVmJgS3 zqPK)I0QVNsmiSVcc$8sgQ)4#uf9P%Lrg8^V&ASU$-F=xOauLZin{P< zLAFhp~s`_6Y(l!9wY?v16CZNHPLzt^c-QObq~(yQ9-hYIcYI{7nG z_E{;^EqxeA*+oL%3HgaFevr zt54Md$cSa!EaZOY&dBTBcmk>Wlu~Xw)!Qmnl`1I0wFoli9e@XiG(Ltx38}<@MF%|2rKO{e^x>WBMf>{(B?T))77i zrT_Ty-+tkfE(#s|56_7IZkPW>k(Cuo`y#cpJy_f>uV{~7-kx!Os?+DR7cXkRRxD}H zUe@l}-R>dApk$mKEf5TX0EQbM@mP~cIz(L@tY=|Vd0TjWcO8`WUkmLo(3 z$z;LRtc1bwHYsTW08Aj16a~s7M2?CSq0Pt`K_yBZmf+NxWU-e)=30@>W_Ukf8>g6{ z#ANtiZrUI0;XOq~DZ z(JfYKvFNJrE4vDPdv%rAXZtpFIkK_eQPwudA$SP_7ZSPyb8j9B5_9Ysr1G9FCueLu z1ve&UoD4_Ov*om;If60G_Wd~yV}ffb`K~ZW99}D-34N(-j^^GC3iBvb_F&B1oy2}N z6L4xG82PytxkZDNxP+xjs9n9ekJQRkxR(6Xq-mUe6tA*Y{Ds&&a#CJG%2iNa`-ES5 zuL1p0I)b=NY?FXmeui*#j**bgmxKoz%!xQE(W(~;`&Jr9(I}23x7c}|^U;x^v zqvB^Qm2(6(5}s`oxo;xXZBqnqS{Z$-*)B#}rOCNsK9L)cw{tR&j0&ruStj6YHhYZF z7{N_iQ-e({2p2&0v%v>Wsxa+rxV?2kd?R)pTkEYJkQ zOk@F(BaEPA8nrvPsVEOv#D^ynxwz(7UMt^(`DTMEDAE9}5?MndQoO05%S*~}f{^4R z3|;Q^hh3~vNR$}d3VHz9+h*gn^Nw)$$+XU)hy-+1=2)u0l1@D}O$M{H6&6R^AVx zPyTwDsouFMD&kokemODRMpYbg;phA^ImIgNL9abQb^?~9p{@yRpC)E08&0^^uxmXG zAm+O#z7v#LnIP>Y1$9Y*SX(tnx9^tP6+esa`qI!-mn<(*HpCk7hbR1nt-<-N^5WLS z;?`aegxU}C>ixWPMr(F^i+e_E>h#uJb@sa=ef=$NuL^H_k?cNBjaQ73{r_I zRpaay)HrvC(5N8@7H=>&qZek{xOQjA(h}|ria&u_(6PA7+-wcaL>{@1&0O?SytFKS zEWa@hy^rPZ!|mbWc9(E_Qn-CcguCjUwhK8lG3wzybS!I@4yMcody-l(f60eY{%nd> znE7fF7@PewjAop*B{^x z127koGYNZm)YJ4+ND-Ekry8vgVb&o{r*oImj~47l3dQFPMCRFoe5v5QSjcPnVRQUn z&56&Oz0aB_$NQPgW@a6O6ARfx6Di3C;~}llzcX@hlfDX-Za@f;;gR72_Us}q+yu5A z9*MI>-K{n&u|>Tq!rcks_ONg}B-}n7{oZdgsz|s@tHTv)i*w`Fmzv43E~g&M0R-99 z96aAFUv0KuX->;pr;bcR)mTyMjrZKPfp>e=Y2U4qDVO|SC)$U*L;IwwRApaT<#d|9 z!;Z8!z1@PQ5|`jH_P|hO+&Etv8hf3gR96eJzX5lQix%5JaO-OYa?VWZeC|yQ+Ay_1 z5^bgzrJWN* ziysMM^eOuYBolbxjal(pG5B8lNrcEI@8N9XmMjn|(npZ?^e@?@)VF1Fw`R@~`q+oE zN4}OV&&w4C4+)V#5n3g{*G*FAN&_{WrcG!%PZsp+py=u3FfBjbKun(!t3=u=0eO4I zZlsrNyFxbUeH=eURx307q#FaOR)rnDifIKR-JmL435N+m@BZjsquQ*}-qxpf9crkr zS`Biv$gb3nl%1xIgKM2v-b;UUyE%I=q7du&rIkq>Nq+IN^tbD%4y)7=PGiBddqXG; z0}K!ub_J&TvC{yG_xz zvsC!46mARQc7d~5Gl5TL?VV|WoIl~iP+YRc>`kE{_9n4L05y+H;ol#tVZj>qZAd0= zTRvlj26Js#JW4m$n(uftVf*HOhJR)FPlTTn93zDqpL@;=3{b`>6KUl5JbS!E+_(uM zrIAG?-$xT)7W=_PbsYa;L-V}ENg?&H3AXTQ5OK=JHYg!|=Hx-)XAjDd3rP%BmuT@1 z-$aHjj`3jA>hIrfM)}6~7)XziSXyDdM(KG($^{Oo3YNPDr{7?ZxTob{2zoh_pYZ(s zr#kjoPL3IwzBnbWEqFH;KrtH8=*pB_k_r)x%Tn$NP;UC#l)Rq3x*-+6ndpD@ z$5bpl?ZF#j>z+y@sjVDkO`{`taV z=FFX)a^|#mf4$9r$zgP3BVYG9mdEm2t^fbG(jZxDNnl|T4Rrn%$JuB)SDW4ysQJAQ zv|X3qU?S$oS;yWe=RvsS{QKJDmnL!b#S!)6lque#smmhPl|03_!($yDUlnO}Ep!OU z58}IfD6H7O;{HeRu!la6>($a6=Ommp(j03OdY$wTY_27}^RKwxbER9pQkSocgjZge z09Ep6b%TsA=S?JgZ;s;};N-U#Bd-;sZx!u77gJ9D>O^o=qW$Vb@~T9uzyAb#yjMxJ zKpMI#Yh8~Ir1x%2@5C+DB6M%h@%yo~L%aOgabAU0cJCQ|L&fyp@iBAgK-1$gzjdNTwZanj5-W?{?G9P@oo9(;9}D*cbd}FU<%|=lwkoihR>PH6J2m8Qt%+6Nsqp!9YCR0fwRKD~0H*9( zuQAg=uHA;lR?!MnwpgthtFl9*P9EqAUp2(tC>aG>4ox4T4~-o1m_BHvInp1AGGkN$ABFxaN%PhgtE@{!ig90Nc16h?3BpX1rl+phpr#|PtO!b34m*3m=U(Xr>iPuE^5)q7pPbKxL<5`u|BZ{fNmcNPECGV1Y#l!cM zR0=}1cT;B@Z-8HGB#6f}O>mPpL)&ZiqN&N}mHxfTF$crdp4~rb|A`fbON!=izCKqaaN!*l|dr)J}{;Tv}Zx2DfEFRhON?m@XBOk~sX^!xfS*r>og5xF? z`%hx!2K-bcXrY+?u9$Z&clhVU_4!g>5ZCLa0il@TXYIMt+7)xzi$$NR^1&|@^~QBwzL`q=o%gNgSVT`m2Wc3 zH=z?N-=xbonY(Y|Pwy6;AUP)Or|%Nlb@B~r*?IAbHSrRqD$}c9$5|dk*4dsdtr#<` z-zsE5`=6dy@74q@=&V0e(Hrdu*NwJ5Ch|+%SRK&PgflPAESX(do{>~F=#<+-(oz8_ z$+IQPTUA&J97TJ)5Qc@2C5TeCbSxDo*d!5UAD|^C&Vp30xIyVuNMNE|AVDKSY*;w4 zK{RD^5Sci!(LqRTA`l+GqK!A);+nk$>4 z&C#Z=*4h@`nq*6}#n|F4C@`DjI?<-v{qp9OO8oKcwz2Ij<#s6yW?Z2nUpkWgC=6h- zUM~ul=J~s1kw@eFk#{JbpyJejnDmGA+t0-@1;O-COkQ)5;=*qF1FLuGa?AZ`JXHQvbIV;PV80-{y0 z@)ib;2tk5?wQFK9$<~Rn(uEt#o0V=Z>o?i03D(|vO?tE;Hk3Eg3|5KNjX;H#q^+!W z{#zN&?pbXW)dH(Yl+1bbEUPWPe(412zl1GC!m)e@k@rVL^3hl%6|FZ`2aT3{jvqT0 z^+p!_uOWB%`Mdns_x;p&1X;aXPsQ^tN`kG>O!6q+wg673BQQ8X`@xmWA8K4nj_eB6 zCT_hIW*hI@skRXsiPQC*9rCsB2FBK48lM+C1LtkW`#SE3Wa_h{U5MJD2{dZwC`k|A z8|jUJfg7=7>~(LXU;7EaZU`N<2*vz@hM~zJok8MYqWJc=4z^O{(Ddeehb0g94lTDx zA{oK=WN0K3l@^e0y)7syq)My&%M7FFn z)I};%MJo}JV%!>O1Z^d3pQnSWXM))8g6uB>8l{8w*&l2c4lh!~2*#Mc+&a$qS;Pb{ z&9N$h;x08$zOFrJ>oH#Br+tqb{KyT^UC?HQP~Aay_E3Y3YI!(LZq*x5Rpfu7czVgK zSAdN$c1CKkDuS93OC(*O(4(lXTGqGxJD6j)bNH9yo5YIuZ8Vo!kGIL13O<-%PukUG z-CRb^W5F2;8&L;(w)pCYsyg824g(sCizGFHOI##Q90oO#$O>`z-eZ=Nnn|x;=Z3vr zy911Q=VO;N_J?V8Iv5bTg=o}DZiv`|6&Rdat4CWcFv#{diBBQzD;TQz2-h`!`MPS) zjDnahak;Gk55YX4w}Zh+TJtK)27+&dcDNS)G@Vdy^c6PZg8axUA|FsU?cVyZ4js%_ zGQ-bcc9EF$T(C_cyeD>KbZ$EVbRNu*g{Z=mYgIxuu`he}jOcgK@8=IXv|(>qp8w znFMPR^f{>BR+}VjB^&NDn?Sa4=EYHF`3am-F&TY=>65fxPvhZiy{8g?Rk07z@B|20 zQ`}C`YRSYQ@--X>%P{E8a1N1y&_Ry08tWG<0`t&$Nn*&D*xJ^F5xm>Xza+zGrrF`X z`e|axok3j4&6Ia;H1z|8(}L}1Fut(<4w@6SeHlYZ`n-G3*a+O{Mg(#2I{8yl#ow12 zTCoY|MxPaj(ft1cT4HZiz%39es=PLLSyW#;1+OUBRLL2d{Lad1EqV;B!9{wtpc0p1VB(Z177C4n0 z0AW8hJ4mb6xl#8AgxaH;FSiDu3hUHDwP+q&b|L9RZr8@+01u{B0*yix9d;tICyB_t ziXq=rdi4R!jH!Ag!9I>yTJxZ=;7U85L9k7|7kygAjr{tUaU}sE&eUt7a|pjqbfRCy zu~K^YtN#zJ@Sm-i#V#g3Pz=~{O!qe*E5&(e`6=mu(k;2oFO1O_CcnV>?-;f!?i}nRI zDT`w7Y7@;-SwsI8x6?aK?%4F%`(Y|FIbxn}n{X5AXI z>kB8hHB$b|!;x;CduaEsEs-%=y5AD&P+fX;@ z>0vm3%tK?+&Jy3v@adu)A8tiVOHJW#IoHMC%19j#X;L7$lE%U%zP+?f6PWcTr2DyI zCYOdF(kf?9i^2|pw9t|)Cc4vgsma;!cV=onEGwtg*ww0zE2{g7b@g41bq!t3bxl*~ zrsD8=MYvF^2<*mC+JB5;4gE|xpK^dzC}*}xK4m!#jh>`Ea6PQ2O(Q)4D*=`*BHU7} z6BT+~q%EC5U1sZX?!g6Mbb^7SFa|^>dB#l1d1O0NOz2*z<4>XEA!J!3d%S6afdk1} zytu%VBDxBW7=O|hv?n>cmNB~(mQ9j+S}V?IJiXmGv(`FvU9xd)G7wJ}Rzs#92P+_* z?J~mk_>jx|5a$KGTE}*&QAW^>LK8UWu|+FBnD?&AyG}flOunW3xIMDeIY`Mv1&4yL zMt~@a{O>_l*hkP;#_6{(CJ7tnfxaJBXfqYUuOqevA{%_6j6;jk6!>gdakoqp9}&zk z#&x$fl&RPQT=swv@s#9-84$~oc~VHc?sdWvFIC+AM;IXO5f zdGgegT25{~=`n3A=|&Bo52ER8ssIDx0nQk>aePP;ADFc}OyK+DTM5?JZCiEjr~DZm zF8m=0PJ*B7|fRESgT&-HoQO$wf!tl9Mn|3fvOaoE8U_X|<; zkpTl_z$>JU_@vL3H5<%7d!n~U06IWF>tNrK;r?zAD!@_FA328cHYitME8$_+#whB+ z!6#`=HBo1oe2flyN0A^rm}^`Oh3z1Rt5Ku}Q#9|OI;TWBW1FOTw<(Na4J_|p{deQS zt%Nlhh3$~0b;G8Ovy==N50xLcb+3DP*~vW}MzBd4Z&A5p87SfMGYxY}P+G)0nP1dD zi`;QGb=b%n8S;R!4N`}v6<;$z9Rw%PMmGW|l@pf+I~$-Iw3Kv#Kt4Ez=-2|cuENi7a z8Z2xRbULtC$!fPn^UP`K?i3C@cLIdzJ|A@dA;4*SY;nw(@zv1_Rb*_uK_?F`Kl?VT z)Iwij8le>gS!kL*R`{kjCeu@w`6V$A2l=ybq3DIJ=v9RGf)F>t9mbg+b)a}XsfgF(vedHZ4ur@1n}?Rn zox4QF*sdPduaUQK$y(ER(;ZHzR!-OBmT?qvR*>p1EeSx#0>Q${Vod}OW)wbh37e2vku1eo(rcu1=JkfU|NT0|&KP@th@;s0^je`b03ph*Bi_roV8q>u9? z%iU6H{|E3Dqy2Z_u8dUeGGzj%-a3_)bH25wy?eFdaw1g$ViRtdvcU>yh3dI$|%Y0c4dbekl+?6YCXO&wXYILq9|uQ+U}b$f;rZWf?d zHZZrtv6MI0GnP=@#uU#18(MV<8?*1K3S&vA4=CfNaYT;@DLQi zFbl5XY*}L>>cnt<_lDE^US>J1beWppbJz^yJ+J*@9k~!0Eiem!w(=M+`j{E(Y`nqD z@yI|LXaVV@6Tr?R1>xlZ<;j!m_deM1cAmWep`g*8K@B&muWgWT?>{D3e3Egq-vn_} zZzqF4C&#o0L&NU{YPPia^nl+mru3=21Rn@mm4)dfx^uO;TJ6$mwRsJ}rj^E$$1LMc zzk8dCpx07qZ!BwSvsDSu)KIHQFGf`~Uyx(HWD8)N(v>rjz6hxe!JJk>5OUUIq+e6x zNTbjulpXMXb05$dz^Q`3MbyQjtJtc3$6&;3BC>_FD@*3oWovI$>8jKU<2e*RDP6U} z&0g--IIf=KrqF>^|I@1a!iqrrtE~wC%6VLlLee@M=Ko}venwB9UdU2}H;s*>lH+ob zq=>ndP!|(;dt5En>d?vJGCVH2j3r;GYp8wJGCuG}qM6GF>K?b@e)l9@6G=v^k!isj zCAgdX8x5LeuNwbf`P@GV{B@E=`brIZItSjG7oVb$!ALZUVA#O&dMx`Kp1pW|3^ngi zeEiS(_^&V%c%67stU=VH=j5|dJ#8e(JfHk)H~XYJlt(r@fru3{v5$hrEI>#s(~v%W z93MDYmUqGIx)KIQzEIRxuqA(TcOe5V8FkF`#ojRBlw7CH<0F8+r| z@`5JM)jAl}QL5@&F7>1>jsTz)1}A4O#si}VV0M7ftR8=ZjxyI0Tnv1r`B%8KQG^|c zCxeGV+Ge5kG{vkz_PP*lldlk~53^)rXX6n!%&ZF-zfhHIyvRDsH zj}E=rK9+15Q*`AW_INi5@<%v)CNWwcDWhq9-C`lA)_GA ziIb+}CO@x?FYJjLZ|~fCMjxM$EJUUYrJZdp;v+cdup|s=5+5-G`RGjJ#978VXO?l| zg3yO16>6RUinBM9?fs0Nc`b9zdE(I+qW{bd=EdeF!RE2&S!}^vZ=OFFJj=Oxj`h6U z+{8SWEtqS~Yv;Zuc(BraHdeSKf8TwdF5g!j-WQvj<-P^R%Q&x@cf#<75>jEySaa*x z)c-|J5>S$ddx9tPScIaZ@t?GUcStZTb{p$&S$k*J+L5(C5LBUmWWA3l&3|U~XIb-8 z@&Ht9%X9weynZ$xd8)!DQQN&^ZG0K^?XB*&TNBs!$f*ru$p~;|Pg$K-s?1(+X- zl#gxBlY>$!a(Sz}wl(48dq$O}&1hDT+ci@M-gmf+sRuNPE>hSb*J`KQPJz)${Hd$bwCti=g~BU`p~AHrGO^;LjXAxbi!WCq!mEx@uY7G^V(C-MSZCxmP``Me8K zkQ|Arr_nV%0Nb*Gbf-KggO6kpU(kjmanW`&8s_GpNjF1Vn$4!_R?HhH>a*=`+k$YK zK4qe^x?8OZ_mOZvb2D7-p3wzb1g7B3TvZ-5rO{S1w|ZWJQDw2o=#r7vz$WKPzkNny z@4RY$=jYCxH)`&1<64$2b7%MN5p>>IbIsl(=u5#)?%Un&IX&vV?%iD+UcFZre>n<^ zE)Js~td+pfTB#qF2b;M$tMAKN_h$9|(!c+c)jyH`{b^R?hFXcYNnHGaLUSTl-o;&x zw*UKT{~?;!+>*`Mm7eo@i~Cxu8~S>@)}pt!;285p%Md)yGLL6R{XWYimQ`QI#9W5N zvt_pK2NryaZ8tmPWtw+c4>C;tb0Cy(IifD`iU00cxUcd6@qLDeMSQGSY%l;2f1;~= zHWN9Y1Tt7{WGh*3e5^OUMb~mwj6@1pi5q6tjH;$vXBzhttyUozA4S&O>X1(wCwx*b zuIOj9Lpi=qlA!kAh!RvR4Z}*pszx;zic{@+Kqrtx;g+%{IhKre2mmGbZf&vYJsm!d7+j zgCo+1PdC7C)9z(D2LG+bmK3%i^8Iw8EZ z(mGDATLNp~d|Mf}hc~z2L{bc%4e|CbOkL(d4{|=w2gg9J#KibX@^0L)7LR(ibkjJoN9W;Lq5= zc0crbw*ZqGmxmQBaKpJ)_{%Fwgv;5Cs?+(McE;FwG|^e(R<{;LEKgeEF7iD|<~>NI zZXt@*vkIW@4u8}Myq>L2ev9MWdmUI?kdWf=g&!=wm!8~h~{+2xgOyK}w zglm5X=7Q+xd8Z_7PhFe}&MQ?lBHyoD45!5a(cd9GA}GAZ`CjSp`f^D#j-m;3`7ywTQpAojr!cyDx(N%nQ8*MlZj3h38JrTS>^X|U*YM*nzOawpQ>zob_ zT1XsjWHw{AfjAH|=<@eBe(2X}^B<=9foZ;PMmigw1eHCFu9fjM6hU=}90-)6q*-b( z_ov4O#xjz`RXYNr@Iw$9Bt{gp+~h}PSV|wxFU{zV(8XF}N;ar4Tx5+K7V#Y}0bpjS~ zVpA?Ot@Wnc0GZR>9kEUTUTQ{n*qvsFJ-pBqZ-6|Cq)E0bL4FPC=AlUaefEROyF$BZ z@B3PkZ#bfr=|&qi6?>^92Ku4+X1Rp(cH)_Sp<>rVsDcVmb2{-bPi1=!XiSy zQmgepO28_W;g5p&vNn-E<00CTe z5^kMfHfKonOQU1H3+^$!pP9~Y{Opr{#JBG;?O&SqW2XHxMv523mDL#n)U~&H_xbxw zrgMbG{;3&kHJzvZ>^48bWu)-suC1m97?pUQpg#5=ccC-{K`;vc7I^h$9^9Dx6AV(X z+O8R%0o_r>iu4Tzjsr#SQ1J3iF+Z9r6Z$(n75apr2GiB{*`&gD>q*!^Ak>jSWS@pq zKT)SLT-;80S_>-GztP&@czVi#jY(p{!h6Y{TP~9{x&v-W6`?r-5eTxR-|SfUd(u!E zPT=T}5m>MVP5_yFd)c5pIUr;bUNx z8u`5%_|@FMlD*y#vUA$@6dmAe7IUKY;rihSFcHo{v`T+iw)RXDs96NGocSyl79H%CU)2wyOE375l<+FNsuM8gT$?%I)J#cCv{}?BEm2 zoZ?L&z|3+!w<7Cp|GG%!^^th0bVc?O+g@**!@XhY3vFw?JtXDfFB=Q*&fcQz%gId= z)XF;ISdHD@RC^z9XofObQLHuVOuz}E-Of-%kQ`UUTbsixnlhBhVzJF^H|x!!*X%SA z^>vR*07U(^>4k9AHTN;j8f(JqCp)bfj*{(7J!WsDCQ@y0vaNG%(!>#(0gODNiRts^ z$>wOZMpLDRC<7ZKuvRu|-(G7GS(Nf);-cY}HLQ|&S9V`xTaNnc#8B14gEp~zvAR`B z@cKkpmU=8Q`p&XC{FlmFVzye>X#EpyFK`GkUrcx%J|h<@y)43$C5Pvxm|+ZxwpJFr z0j6AmczvI>ZW=S77N+?`rrifv!d;6Fvb-99GXjvJ%Ous@_4XD?HFq7Vafbd2nl8`L z-MN*y6^~lRlhKJ*6W*~gaSXw;&NB-T2M_)n4_V^SZKQxIoqpPmZL@Pv+rd+I?zeXC zDfl~tDO9_aM5m(Bs=;wDi%3*~Fc0`i=umr|s$}#^)BIghl4LLzX;_CCRqi4GV}Y2m zW_W}ctYnuuUS|IDVJgHCs$g~k^~I`lir#Ox*Ma!3ydYk>BvoO{DJl=QG`pw9a85Tq zBH4ZPt%&(&a>D_}x;_!TAR*j69Pwx|)|oBBH&vSr@ES%D@?9CC^TTFz!D9GuYUjsz z!gB(6B`jdz!cNF_xG)99dg0^>fy?8rx$sFibA5K47PktG%_#J71;Os;N-y1SnTe zsqAlMp9=TcojUj@=p_0hop@JVGlk2H*xxYMptSB!w0sncz6LmWG=Qxo#*=u1NJ?V< zVwzlniu4s&*E}IQWn48?vIW9Wz5~c z6O+Wq<7*eG*JIM%e-lHb1YLYrve`4nz6NDju3lBl)6)$ zA@ju?8`&CZf`ZV-AY5>yhME8Fwe@bX$@PK{BR=w`2e_9h&4?5~#{qSr^dL z2KXj0aK{>3dAJRU3x{W}^tAnW+BSIfi@a_wH!-7oPXOo)hsZa8vMNR*a3%RN#Y$1!=-{;ZXD# zujmNhRIu;?b*lUzx=ha^xt$FJT98eoT9lhJ^B&N%l9zWRu6;aE7GC)3>Uf-SRHeTW z)a!}Pkb1HneWR)qPrQEQ4q0tR(jHF=oPwm;eOXitbo+Xx&(haxc${G%aEvl%JJ%~D z_x)MkMgrd0o#+QoxLQ}?)|;&6L9Nyy=G#6^k7)y2g6d|_{WPFW59&Z>h|TUb)~7%j z0t7EEf_^(!inrr-)E*(H5!=1b8L*wk^(ml7VHuOUGn>_iTJfemd9<;zgf(nsZg!{$ zwxq677VR*<_f~Z^TpUmJ!#y^noN;@q6&1aRPCfXLvC6UH`MDAk^$W2!HnP;#!zuIK z1J*b6BESP27l#x$f~_FaDhjMadBXuL^~n^T5YnKpYV#Gqr7B<4jV}=3pY(51&!hej zucCzVUeUpJ%}~JG@>xa~E1t@|q7(R_cs41~q}|t{{ghW8V4Y=V$fsGvJTzS|lZg&easaoutiOtbeXY=_{ z2lGP%wv56H$*AsoF?l3@+GUya<8msnT8wse>I}R>`p_4r2+g&{wJ>je!OR!|)7WgD zj&GHy;C8ClF{a|ri&rl%of(YupHRH@d@LeqdP)JcuPa~T)h$2b)oJY6ZD7GSIbCMv z0&*YsU7A{81x?sTORWz0TiA!)^h+I?iU%-irm04(RE?4ezruXf1l`7%NmW|RClqzz zeZnQ*RnnKy#Z=}6(|9PXgB`>n>3Fv5jMb?staxj@!$Be9S((;MMcXuQx--q3?#;mC zYgRid<6!=t`k=Kt7CvOSUQ(*p7*_gu;8~hOVY|aN$(S3ZGCH2TN+oi}V5WkVpaz*X zg76mSzyI${E-ftfhcf%ZPprVL!niMk;Xmj-q(}Ew_KY_iEVlP&#B3|;(NLC<#*&Nj z@px2=@7~h$Rp^5}-gqDb%vs3pZz@BVjic&0KwccQ5?F_7S)Wf(`*PF3Hz!pY4`uQ= z%1MUzxYZaT8QH!(dz|!Y-W+R<VMBN!4v?)h&is~j833nwPr&oK-qamL!H)}l7(Gai!5x!|XeZqYA`?DV`O z3JXdU?szmbV*y+U8`H)MtzSJNFWjjHt#Hs+?+C>)T=uiQP8DuVs4T1oLWO}FMCxHh zBapxYaJC9Kv$zEgIH^6FL@^X9hl(jT4%`k-mrOH8OdhACJm4QRD*~V-5tL>X87=6K z;^r};RK-()?l_UzAE!lsTh7k)2W4&0=mzTD!^1AsPYF}EXx73$)e z>OmFX#5{gH2S0hGXuBt*sX@w@8Xr;be=nX8!bbNpSA=MM?3ai&jxvjhX7m(BOQ8d+wM1}O( z6%PJ;?$L~&ZR#gL6EeQBTYQ$Q1q8yk#tcBP_Y1$w5jqtv5u_YtfX*UTls`yN$kx*E zd#|+S_U{l)-hYm#6!^T zH?$@1ij;})DvUS}Y3vBUz=5drsy@9$uL0W%R}6e?SWtu-KU{uM#^ixISUQ)r$UiM* zJPE8_ivJQ0RB8Gm1`Q*4)CrZzt4S6r7O)7gD%&d>_2_pHLksWQ_TO#$Z?^q`tvP0o zDc9a}7EZxtZAduLlJP*WGv=X2sm0RMj4Nbl>R4_qXN{vn0uAN{junl&S3$~rczl@g zaRpgH$u%cS;k6}?!dps3WCN}>P9DugVrBITO}U&cyE1`x!(MTjGS*e*cO~rAq)xKW zNmiem)aNAa^~nl*1WLTZg>sy|FqycRT$?t(E=>w%DJpEKb*}8A-3YUiKmk;N=_J9{ zz;TLISH8d(-SZTEran_#w}tv7I4{sw%h|*a(xs#xLaw&s@WC)ztBqSLYXO;;JixVh z%N@^}R$=_8(l>rqS#SKZGRoD(cDVaSwjpeh`kb+?GLJkPU9Y0&5tV_7p*13v6kn=S zNi0A?LJXwav^kdB4>}BHbrf5CcHa1;lJPz{n34->0Hcu%W6>Z{jY~VuuFWQ85ekA? z3LbY6w?t+ajGOXVU|U(lgJ_BYHka%2#zXn66P}Dlb9v*{eAIY5@5#%a(z96|dV|IO zMG9SdyYWF@cqvqxJ8aRa4H5PNCAIaoO#m(;69Orgq$pFeXZ|AxOi8dr?+Np_>##C2GHe9LkoUna{?P(t}xt7=7 zVUmIAQH7PZTAbS_&^G5w+wg7_lPqLbF%KZAI?TPo3BMBg^Rq)43tKFOr8vBoJL|FZB==MUq$fSUL*Wc_x~`$FRbXgv?7ZqB?DutbsBX$%*omwgJTS1 zBcL1|)Db}w_h%S)S3yNFGQqPd^==*xOk01?dz-)fn%mtbST=;}8!Ng7D}sB!{MWnO zCX8C14!&DacY6h_+8q_~TPr}HWQYL?So-Ex*s<~9V8XkLiPljbSUGhV%R$&2&7}Lz zGbzqf=191`bCoSgK@Ve2de&ldjMD|zx7hu6-BCOYD{0IMXw06ZsUYfw&vK#0EK7(Y zM1>?OXvm(Ezpbq(oL?b-+b+L0R1`Lbzuu8w*Hsj*4}Zbj=`%wKu@Ef6X#Y{^uk#Rt z9l0VLD*~-kiI-+LJn+cS6NLjQ5F=SV33xH-JxVmY(9bms2x%(Zgnr=>GL z3(u597nJzJf>Hh<#!c02I`~U2+u8I;4!YzdV-T%2xX~t6XBA4`wE^kW#cIq+6TTt7 z^f`4J59or=$uaASZ2iUq)oly;@XEKrWJ~PIB{~~k=7Dg{7glimW-hin2j5F&j}VZa zn0sWc#RV@UlnL`KUPIK7t^}zU;h1C*?9mx(JWM{&At#E{Km2HP6G|}Wa^=MB>1+{r z`~YK3fX~$-P82@+8KReC3N4ka#;iOMEB4!}__iwBDOfdD^p&dkt5uO#s@zwrf_JOz zkE(+It*YKx)#qfJ;=ikkK2=o~LS_<=vpcL|wmx6!ab^os29DdWi-sn=TEe*=)gY!# zGys8xHcaO@0)+XO>$9c?dJ+tLWm2VaX$`^&qA9dVW+}r)6vkE-N=ehcrDb^)iZg*3 zbg421Yibeb>>K?r&Bm+!-Lo;cDBpEyK0eq7_@F03W@)2(H}r=-`zi87PiQwL z)(U;VIy0RK=vw_+O{tn7*ql6i2-c)_MEqk!ILDo+3M-Yj+&C_a<9N#WP{sJzo$5jz zif>;J_lv`Qeg_VY9)8Rh>lw5Y8Zs25L#-NTKzG<@Ma~w7I$7CZ&0F;*F**=GHG?`H zqX*#9d({4HqkOJv#u?y33*R$w2)$dab~cNE8!UJwW_AorOrdh@Q@@g{`mhWH~rb(eOGO938gzG+;@kkZnwi9*OM}dzx=Lr!TF`)dMiA6Z|QG;^0&C7 z3=f^%VLm18gO%(CzBq(jdo8oJogwiFsnc7+(mLHcBX;^f@kVe@UtYKDT(#U@_M+lwog7`Jmsc;llwb>U z7=BxMrz#oOUGdyai8LyUgyr3aif@?HX!*r-<#go8c=W)VmAxX_;K!VJ&3Y9(g#;gk z7^!<~7hB)tIXd>Hn|Q??>cyUO6TfybLI2W?Jm%uRLLQ^kFLe4*u@~L%=Kf)&f2vbA zyP5B~4pINM)tV+N43n|K<$IPh!||bY^bB)f z+ZqDZJFsfXnr!UzOnM9MRF1?) zz{SheLuA~`)uyTKF$AA`$<@mICK*FlD{oa)w`T1Vy>Eg|+*qCPQ=YyBr=T2K5^I(H zC%n#>^Om-=`L%w*^wHN{;neT4*_ne+1b&0 zSpDd9b+VHf^?6LKYgOfeRhOCiYkHm5-=qyCu0dkqX6mIAFnCU)qQk6CeP^p8HtiRR zMD`zG>%;Jv4PI zQL}aqXI13!OiNx$tI`AR5VoncO>&>NESr#)4=)$`KZS7m;(H9_un)M z;6W6?th0wN&o1j_wqK?Jj_jb}@i6(^%6?&KufRmg?6NA)wRofC#To;T8^uW$Q((=lQ}U+>C7+_TZXQK}yJi;dOc= zU7smE&l?_=rxvdi6Nza*y4>(JUSS9ilZJbu%YiIaVt)e}jU>kUCv!J}qfRuC>5S zAlExJn-#~4_nFZ#C5V;FS{$kBh<`6hxV_JrLK!XJ8p<2 zF5_F0ATE2cCU~BtR};rg(W)`~?5J3UpwD8dsnne*uL8v63+(z|*s(FK-VvRdHov{5 zt=q;MoJi7Pw%3c9gKN)`+-j)qkM$ShLANF7ej+%eI}HY2&5+^YL;Jbd9wCoC@w*BW zV9h9Vw8s%>9QP>aZo1vOB+`9tWPU!A^DAm{|9*vCCwI+yLHRGLp$%rE$I+Y0d_y^} zb62n>()~o_kaRlXCu3VUnJ z?$Q}&v|Z=@MWOLo3>Tlp@26lv`fg>x<+#?mMd@1I2UX6OzSWhr9ewpGgVkP0=2>n*F^eAsfj?dvSB+g)!3-ToC;v^%n1WZG_>CSduzEu_Sx^1mp2&C-lSqqnmo(CE5C8ZuXaM0NG*qYT^LF5g;}Kb7umw zoWNmDjGT~+tT}-Pu2u&Sr*K2G2ZEcry|{enTX+F~Z~T zh-B}?e*_+T(&EH1V2dby;H?^5V7VxXc||>M(gPwQWLu0R$VY7 ziAas8J!V>Cn+R8%h!|fDDKq%U zkvK;~C+YzV6K68F?{NS>ge7D{?Yb=yG>(?sP%PFKz7kq@67kK-@^bG_gGQzDr>nCfoqSBUz-WM}&AKD!x*>L`j1k_}v z-iPi^yMcL>H1l7ew%GN)x&hJgRAM=lUzpVnubI-aJh zIl61XY~wx%rC42a=Uet#g7VcG%j<0ZKCvm7Z>1N6WMoty##9H@ekda@vZjmuwU&W< z4|HKX4`Ae?6`dU#ZB7V1X8uNE-SNh$FRN%@DdqIn^{C1tSti-$iDf zcNl~Y%@(<1nhJ~>VMq>OVyB=`=P1+$L(~`$Pg0-&9WB&qK7K|=F&!i>-vZB3sBQ0-l(z`6R+P>J_1t~i9aw}g|`9o!VBsOh0@Oozo-oiQxdq+iwPepF8gz%Hc3Rh%JETHur9yWr<7S4PRH)KAFeoOoIg(6K znFcBop(01pJ?W(Ks_Yw-sBL6aNM**UPAbzL`u!}XLcjY`WsXFQKatAx{<|`_Qkk_< z8D1$qG1r$ur5$mJIrS4oUB($tQTujlHdCrz4|PnFS463L5Cdl8J2= ztIl%M#pNZu;uGNy@JuLdjNfT)h^vk9`*c`5%rCz7eka--S)+~~xnOv-Ewb47JL?5N z=XkAsRWH&@;u8wVsxf+WeubWlFVZjuOYo3tzE>T@z{#!C>CWcO+V5!7Kry!cj$s>9 zO)U&?X^tb&@=SuQ!5UDhPh)FfJBl{BK&cTp*jr4aC?hD2qO?y&(Zukbr||)h@X^eKp+Y7v*1Mjkrur-<&L3r+$#s~C2t()!PIL|FMK0|S^ zd%Ee0)z+)lE-2Abx_<0|PKWOL#H@eUta-;oxMLN4*Br3JRa6?3<%bkg|TI9A7PvTn8#$QedF%euLAma+6u<1K^` zf%5wRu`EUTS^4+U`NleeegtiQI1v3cGpm7f7i)h82lz1TPQU}!F|9ih(1#lXToj)f zlZ#}HIZ}KFmP65wU?u4892yW!5R&CZB?p3`h^rysq9E+85+I5I%9P)b-<^)xCgP#n+ zK_5|#KUc}PdADjLuR}a{wQk>_58tSZ=jkJ^)h!!PhbBA7pVorEh>XWB7T&zNjkq#Z z&1#>}KNAEPPf!lp$y$4tsO6fyUbhw}hI}wZ4Y9_kz>mj^#QEbw2Oqqj*(r|UvKVis zGry(l!AeG4=x`eCjMwP41nvIe(PHF?cuS10W4@S!dY1;9;sZkKXBf_}%$2Px&NGc? z(}&V|B;q2ylXpa#bu48y9Rtf1jp2o4JElo03h02Zn^1``oZg7Ez8SIL)@;2VMN|U= zQ$FbpaTTvFjm|@XHE2Sx1tsuW@q!!;9sP;~eYCHpH(p^v*Ahpm5;%Dn0s2iezpcTpRB{fe-8M|nv3ao`A;I_h~lrn3HvnD64CG+I#bc?zhIG2BMhlkgd{!-fa|JRwy9RWyKXVCF8K2o#(SA7Uumpn(s!##MB*Aa}+ z_^NVWQR6>RbN+?I`mq{+fhwMsS$d&5?LoD)?zHNq-f2m3R(lT(U)|?wgK5m0Li$LM z2m|$wRsClMW=s#AJ!_7f^P*=q0`eZ~aQi!B8Hq!+a6b1{GQih7m#pEM`eeK6z=x6y zGM-~GPOL^$TH_PHR_>KhrtT}$oU3s#_nj`#!eS^t^UyQv5|!%DlYLId?os1gidN#aU zE0^hUl}%Oq>zkE6PDNtpD)Mn15j0g^rizPUXEOEi#xa$Bu~XZR)nBuRdY!c`faZUw zg{2&3-G=rq>>S+nKGdil<7~>gP61i(y5oa6{w6CrUKeAT_=PI=pi0&ys>w^0Os-Xl z_Y}Z%bOzSe&U&wyGJ*q)SJeSB)Ffuq))^=^pOQCTRI`lW1mk>$ABoegp(rX@lH{_n zw5^P3NW@4S*l{y2YztOfPX}sSFe2QahVj30NPEbqzi1)tn2}i&*mNE>V9qjiqy<>Se3q zMl06O8pwc?p;mj+L8po{xEDPu56VQW#qBRvf!0h!jP~1--6UKYmK>|beQAh|V2A;+ z!$9=Z_tf~?8EEcjs_tK^=Uz4E{yoF37D~ckJFzX<%SgLT)!eD7?z(m$f5_wA>Hb3=tYpteyp12BoOR^M$6G-2)CEwdlCQ;f*rZ z($Jj|)qSypyB6yu1VXkp$XI*Il(E)<__LYOHWzN_21Sm~XJxo0cMrD_-gq~M^FdE^ zPUIOg4k&^QxO-KykjNx2R*6?+u+brB9bkOH82f|~b=CGr^zv0kUXTw(r**rtb4?O9?8jT(yS zdoe5x@Pu&F`|HVi5+Guet;vr1DKb==JeguLl=$+DZoxM=(Oe&mM;!EdnP}#G1!vv3*y}xRTyC;cmU+UypcSp^+B=o}p?W`-NzItt&F^As6Q4=@%KEiBzS+Lmg! zVVpc%ZR-eniJogE&mk*Jkco&0dysX%LSOF4ajkVX%fV4R`8)-$e*mxwhJ)8L(6u>Z zA1fEHKopSlN+L@Ss!#AVz`ddM19i;%%Kku&4)^M)o7HdiRAXkN1u4h3J7Qu!bMP>R zUiXc#dq(%#9coIobD^rm$wiwwCZ35xB{9o3;&NS$coDh=KCP@aT$&{Ax)!4{E1uCx zB&NjY*_dsr)rHEO8ZuDZ;GAHfW`+A1;r_sIe@7%N8ur>(@4}kATHWVj>)E7gnyYUx z*}W`Bi`dB3+zc+D6@~Y53G+w)S$_w_fOW?iIjB60J{wiALD{&Swp^{ut5n8m(&O>2 z=VSC(f{>zmtdrAYiTQ|IqpcCt+&^XH*$(1>yGGaTQsXjT*`}L+t4FOEaRzXvUmFEB zb1;F){+0Js^Iz4d-ujLlaEMm$m8*606?)N?x*1$4SR@xieHAe^Nvpr9aaCiaCP$~q z0Q^wVaD9xu?@GGW8--eTJsL7>v#bMgAb3ToGwpik zS4xk^1U(l5*B7a0W%#LzA1*&q^?Y@dgIv9rPuA(4LcMp6mVhX5f%UI(e|TQPZ(14C zn-r)B0=aW6~d~ zx*S}e^b)3%43@ov^jjwF&j-!d$AZ76W}@HfKn*jE0HAux@oXK6n_8{QHOq#0o*blG z)dcHEbAPAL?)B2l{NG_e5_wkI}mnPtC7hB{trPSNaAmaIIG6Q zu2Asav9ZQ|y4{OE=OkWn%vZ_!>FscW?N0O!&s^i%sVdY2!}XAVcmi|Uc7wJnT?{LY z48H@2#ZvE6b({osJP6DvrvWF^3D7{RTT7jFgA7GKoX17|*WEuxvljBftI!#os*e+n z>5Rx&iJjW0^{=$za3q3^iPw5Sf>BJ`;&C=cU7@f-x#G^cTJ?+j@sX?aYL!_P;rj@+ zcn*?{J0*^YGGdNq#FUwNz;wd3wiRJkMhqD5jF@fa)ub)}((%qxu{8W~O1K{u?t8-h zB|0pA%vBj)bS$ZOvhy-?k3DSP`SHV&^CutW9(j#AGs~_O4miF{hqLY&l&Noj=!LjztkoGgSH;=d+k1lg{Cp( z`(|9H7rm>quj;y2boxbI_bXZg5G*r-LxE|>oc~cg=mj~+Pfkjxx&kAoMi>v7 zxQ!4#>qo3;2W@V7QQL-zE;yAe`f0}v>eTWMF#3dwjYVsbLPc0at?>;dk)2KAdNtBQ zJ2+81FKY2$`WJH=U|)$551a2hG@lyO4dFhqNw@R%TQp7inY8CE%6QN0hR4egfFy*7 zm~BXQ5`(2p8ZKKOQ)sT~Bg~W#Qn=kH*bxD-miuFis%>lTB&DD=y0S5uC_qW2B|lXV z+4ICg{N1wQ`4n{h0o1le4|nT>bu^YfBvzk1IMGHrFYfBL#+Z|=4Hjv+`GQ+Cjrp14 z@zhMrEOS={AhREDj0T`w;Yyu_T=uF2hfH1lw%(-@{QX1*;uYE$$TQr7s6~D;Hwqk^ z#$_QIfWZP@s~1HbO@yC5A!uuemm2h4bmropeIlv_^o)p7?ENkP;f?YWr3#B>eTZZD zIvYjvL;}B%cSbXL5@PreiRX+Gy(>imHHzml3gFG|X1IZ~`%jy&Gz0KkbhSE7$Drx+ zPcXmLuuiqd2acZ9)i&KYuv@$9?Bpgj^bIrfGdsA~j*i$L#$25cJ8`a8)QullC%kJ_ zTjG3J)I$%*;(L^}(#}3wO^XLdyIuQcMc98Z@p=lqafFVMJQw6o-;J)oEVhc3w=>b1Mtb78m}2x3NOt{%nGPicGq9sU z=|j{B-nU}w(0u8mRaXLSL;Rp$tJ!hG!fR1=pLLGf%8zjKCV14 zo~q+{en{p%NR?4?2w^I&$#{H~|*HRWKcTx^e?)y3SQw~zDru>+4kn*4}xS#TN%I%cK zE;hKC!zhcCcT)~fdWJFAmw(-k14l~KgAH7t5R;;TR z*Cjub%jAz~(}v#wj;SaN{rE#{Xuf2(j-3qm$;0BW?&Hd?Kj6<3D-JR1_2=miuCrjpVTOn0Sw)^FVG)wqE;_okEao(#ru?EQwWvx|wI4>8`0 zrj5kub-_vxhZ%d-++<(9=w`{VvFmDUVX}_;Svq6QCa&2dV9Kd8>Nkn9W;@-$#BH4BPl`U-_A_hw1+EJ9BZMx#&Uivtq3p zsy63mcBpz;vPLb*Vdhx2%O5?#zHvTxztotqo%xCGJIj;YcQvOc>r?a;`?FxppPcJd zYgn>7j!$<#yZ^o8L?kAD{Z_S(z3SNwTl z_Nx6EUbFvST>GazSa5(|nF$RZBgqHinSCTT{R)-P=&@1_`t!x~Gx=FEK6a`v^^eIn z?g!Iv-4BnQ@SQv?S+N?HXFubg_HwtozSE~aywlLZ?NGoB|8iv{IjmdJCs@uKoD zSzI25CFME7xLzJ+OUc7xY3Dyuo@Ld`Y&rEZSwX$+>TFOiy-_0!F<)8yQLg_%Jd0K3 zXK0lFXn8h}pB1ZUlk*%S?>J0d&#l{jM98B%j0kVVX~L_Q^c_~`WNx6_7;CCTg5X!P&|`^?R%PY zA2uSiGiQGsA1?lMdD+J7DDfY*0U93*>xQgSG_2EqMr|1Lo zQ}uyGhyI@>j-4#d5YOyP`Oh|gmi$c4m7n1v`OmTcrSh}r63_ew`Og)1ll-i@gZ=RWtBC5Ko&;QpR3Z?F5y>OuE6`jGp3fw)KA-{@ohd|hb1 z91&U=o*WT+;`pf%!LN}F#nbLz^cnY$)wAx$#m>>^elR@ee#9~BE|HII%wN=BW-p1q z)cIZ(&(JS_^i}!0%(IEfKb(`{HRp`uH=Oe_*V)aC;c|J|!iqgi2jscJ`QCC)CU48b zlEZQAt2Udjw4Plo-_;+6_w@5BW9CdN{g1w{|5v;If&NE7)PE))iND7FpXfi+&-6cz zKiB`ldA^XJ`IquD{ja*NwJ+oUgOVZn8NQPLI_G5vldt7x#m4K+eWx%Pri~0ktk`s`eWs5LolIxR$8z?_|NYAMv~FZ*xy}5X zk)dFie`FYD!RFhoU(h;c3ylneOcov)(mPyVbY$pazL&&nam*o>YSnq5$WStDA>SkRWy*X@^)YOvzUbESJu03ZOt+CQj<=KVF}CP0i$Cc*t4!ZZ z>vkI%GN$Zh$=b(_cUKQfcE|A^`oerq`#&+Cpa1&8f&Q5@kINxVlTtV_W!&6*vgzG!zs@Dyg0TpIo*8JZ^o*9!TxM!!A_QEsh{C& z>t1x78H;o5!^CF;YhNs!W>z0oVw|ElX(%Eyu&EUuO>jth_Tf4F|FzA?GcxfyP9-(C}Ui+HBDdfc#L^167x zkf)vL?H)HQSoem0-C=)*JMGVu;Z6H^>wi=99`!K0*Z$G_aqGkd_FpE&|r*__ct>cGb%I=a_p$k9<3P_dRZ`h zA`jE(I9~<8V*IF3F`Y0fB%c~HV>Zzjp|hG~-Dm2UJSwy>nPMFa4#jcpsL=4a^UN3( zI#|ww{LasG0q1AI;W%E<`Tnae=1h`NVSwqP_8Br> zOkFINm5;u&Kh%F^etGfCSMaTOteAZ5`pWi+dXr1Zym3^h`NsaMsgv32qe4O7eiMeH z8;lCg-`a0O^|N67w^(RWe{^H#WwD7o-;3K!9v1A4Zmzx`?6akPSvK33=~kmc-LUzs zy~&-)w$2&d&N+YNj_P8;lHt$df8x&eWtBN6vpq+JK^A-I)6eGF#r!Ys2h+Xv{TKOK z^*y?e_~^dke-+Ozrnz_)Z1~MSCps5%_OUv}xqdf)x^uBOQ@`W*T>TCsLUx{hv+Q(# z;`n^$ozLIJE^uC^7wHqj#ribDb!IFt)hDKx>+4A4E5tKg>0HdNaxSJN2qp6KoNWpu8Z~D#b zQRg3L{CDvz*u~^|=VA4N^Z2)M{*t~jeOcWs*f7ETs~-OhZ+ZMPeOsRaoy<9JjeApqeC}KhPlo&cXViBn18gdPLhAY(O#zzzsP7mQ^YSm+Upd~!`k_c zml*AJ3fGq$?PrbgQlq_2;rcS8LmSKGMu$FTD~t}wg8aki(9UF4^~Z6e`WNEr>Swx! z`dO}}{=|H$ewOR2pZNyj7k0jl#53JkJag79B91K#n>c@TQ}xDqHZQ84&D6_$YxOQ> z%#>kUePh9j$#(j@xbY79%7qv#un$YtFKxW1I+^aJPL^y~MxMXehsoah$ns?I%c|#e@hm&U zGdV;2a`K<$yiCt_UWRk+ySzN?WH`^hOfS%n6^t)3&+-!U(M!!YxZWi{D-N)@O#T&l zh5W3plAqxk`B$=kArHfK@-St(via-vo9PW6r_q}{PXAyZ7A$VoAEw>z+bX=pePeZ- z`?jjK}_xC7|QzrN6e;l*6(e=NHXZo!8IOY&bHvFIS^?AH9We+RX ztmgXPSM;7=_{_YWLVSqRo7WEXZVNf%o)}) ze$6?VvWo>PCa>$~+OEH$pG-NxjJ2utY-M;;K31$*$GQQ1WyXR9t2qCbeCrxBXY#gn z%ox@){-<*=XBWf2^ou2%)|a0J!@KS)3&!X2s`orDnN%K^%vryodFD*tcWxGJ*vR@1 zJZ_kxQ=U^ub4n{wee`E0c((L*d>Sw|JIQ~-oTiKuS zImz%}dE$6To~^C>N*-41WAcqW+t`=wOn#Clj(?G7TkDuJ`Bfj8v0*#=v5iR>6MC64 zZ0|aon6r}w2bjz^CN%8eI@_4Dk72}^khHiya!hDvK4y%63)`1+{63oL?S> z1?1VoJiA#i>}h^M=VHoM=Imm@zIc5x>zT1(FZtNYbaDCPm;-UV#F$X~7h^UtT~fc| zn7wga?|gC0`n`>p8WS>>>|(_}=F8ZR1?yW~XA3KKFkMzYW*lT#&i&j+Jeyduo%!!DN7uD~bUpjGaeezoH?V(nL;D}hjqD$7vVU}A z`yawh>>u6K{!BTMu-wMJaeiC-#(CDY%g-ieY-i4H793#7 znxo`pBg1y~XTmO~>|@4Z=Bz*3dbTjx!Tv0Fw10GG`!nCu{>NDV7x$4FJEN`YX3imo zecXp*joHkCIZO7iV#Tnp$Hj5t_H&_V!`A9_chMbheAWe1||pEpD8<;vt&5P z{w&#ag6nPau;ehq!OoMLXE#fR6U`r@Zf5LZ!J3oobEtiov6m%lPZoced8X`P&TxwJ zv6;!?_GQY78Ix1xWyXp<3`aOG6E>VCjyVhVvt;e*;@Qk_q&~^$arS4%zBoQ!{_~uJ?aWS)pJ^^nr!jNp9AL?Y^PT5Jk4t8(Sg`Q|`<|q3 zCLCnJ^g`p4J>Hpeh#8wMl8*(GQ#>x1v-x6qPW8B8$#9AI(>yMivxn*F9v7Ed*P(CB z*~{WC`?6%(r7m{SKc2%76E-FZ@&g2>QmEl?U^#=2duNj8t)X$0yH`@R2>SxJ{$@A*J z$-eAl@`C!KFRK4$>t9koD-Ol+%j)koeog(%UspfFo9e%XmHL^yul`$|{{!{2Vh_^~ z)qk6H%$R(neip2~-MQGx{A2Yq42r+Q{3r4=`P4a?a)23=JI#Nt4=mWv{7Zef%f4Uf z1JiHBGkm8HJ=U><;d^~x!N$AI|0F-FU-W_LuljJ0>%Z#*!wA1Lm=&Au6+dchC|Gfr z>FBYc`9Axzn@P=B&ovvfh1s~Vp@$`F{wm*uu_0s19u};5K>S4W%qEQuy-cQz4Yj?l zvz6(zv7wA();%cC4Er)=XLRP+Fvxt?*pU9s`DTv|T`cD~KhwF+|B$@%oSzxvYrrKN zA2yy}9)<zlRvcnj zRG!COXTg-i%-H;d>x=0p3&z)?E4DB!u5T=s(6^_ouh%z*rS&b2S^KnnY-P5LJkjOl zd4?;>!?2P(alEoT&#HqN^HtwkNw|k=h-G>!+>$N>DbWl zl5=dP?<_Xg_c-1{-(R*5JDF~&?<|=1+pk&QS!|{6alEy@zhcaS$u|1Vip{T@-&Vg^ zG5kZm9rTO&pY)5>pVj}G`JKc^cNWib7xAwf?<$@}CZ1t;@o!kShkh~LQ@>a+ylEX< znC~T?VQ=vR&ebYDx{vtizWV!?>-*_%bbtM2ae)55%>(t9`9b>2tWAIa$%FMbdWilq zJyd_+ah}8Um*wI5%k&8G|KgG2S+Zo&?mX`rALTsJqn#&ujPtz5W1S~@oOp&4oTp;$ zJkb-KCwh|n@AG8&qo+7e^i=2hz`mzB4~x^Chk1wl{h@Q8;eJQYbibo#x!)hTezyC~ z@*MY@$$9Sgzl}THZ)O*`->lg5AM+Qw->fcjzgb-3{(WrUF87b&a`$7<{1xs8vn$;X z=2xlz6JD);7T2hsWug90#a*lZ=ymF6e!coX;|=O(a-;g0-K74{d9(VNcdMV}E#kir zcdK}o-^kDGTlv2YEc0_;C->6SPG=3xAm#lO$jH(HP%*NJu&zteMn$X2`d`%c)HlZdoeP`Vi@$^4{ zFvyDO_gqXovn9kctr!1;^DkfXzxQ&4hMF*J99F6c&BNlhtqI-HKh=crqjUbbCbTf! zsV4L=*|{dv{N(yBHU8gad`?a1WjL=U)c!1QXH95jc}0!dTrX-u-7mbZCbThJUlaP6 zGrmWpVmr$lYC=EL8*4)SZ|0e^xTz)#FuA!VH2iL!9Zb4wyw>OXE&3HkdVNFv47ZtQ z$%gqxdi_=&W_QTX@=p0ji0d)WjQz~-cAk;0-{YK2?sZP)Oh%0i72BEKCq9l@KbrT; z!}71r$?O69j*-9DIhnI!!G^KsA2c6*)I1Y5*2v3FW*lV6be!vtxqr+##DY!Z&6n;U zGY+$S-2I!tC(Sc|%6uF@ZGNKs&$zG5`rOw^_Vl&v10jm=b3EGPUg>>XL!;1 zy$2^{&XWCc{F46EIv3j*UUA=9zUID9b!&-<+w!w` zPd}rTeP_7-zP>U2$a&(JjWgx>w{tT8Sl^g@s;*h)KhrnnU+EjmZ}e@p^*`zltC8cv zFpII{LUWz*xN)JI>BMoKQxeaX_@1Fj<3bP9$>T!JTye=bud$e4cwFdZzWlgQJI_2@ zS*|e7-)YSMVO*%2-@3+ep^XLmn6EJ|_}#ssVmtG6T~oCz8ID!|^5WRS{5bV9IbQuMxPF5AnX@;JbM-eEvz6gQ z^~do^>R-|L6!kM_ACptnzmhTAS+PHkPgDQO_GQlWboH}h!yk-0)X#zylQY!6iZMG` zagh0$>R;8qXQ`hlhvN7g_5V@+bJfq#seUHstH05@3)IhWk^28ne=b%(%S+VHyi5J7 zxqg{=7VKtvx%kyxXA9FS#It108uDMMUo6MH$OQ~cHX#eyZnHTt!dec8s6eXJPY zlU5Y^6}?u!7_QT=R6KL$*XtLn8}w@(*Kg7Zuo=Wps~@`(C3bp28Fvntik^a=HEB+paoXZp1I zS+Tas*l!_jW%+mYvv@)M8@tXnW-qEgj+ty?{F3@vv7gDy>fcoUe)Y590FzhLznT26 zs-MX})X(ZQ^=~eIK>e&Z7{_m^e+zN!V#xu9f6B9^dA2iU$%=K&;@(vkv-i}+inUuA zSL$NPlF9qxw>HluyK3W z*~yB7Ob6AqgX^D)XT^%?XX0DrWhcYu;+Zl1lRWHV@r8MYFU{|0J-b-`*W-i5kjKZL zt^3O3gCz%FEu{2F=rpc zGUNR}%5}CgUsgQR-&kmtl+Xp`RJ+549h2R$J*i)2;RWFzdF{cjl~^wdnid;@Qb!XMJbb zMcU(q_eLvDX3zi&avai0kn?FF`Su(!IG#sLSX6#{dg!+%RKQmVBWqPFg zj}d>2`kAq0$+}~$J68QH*~j#F^&e->SxITCa0_a1lP}0KQqSn zuvTZOKbP-p^|L%j{Y=hP|B3RRr+#{KQ5a%!f%;E!eijTDsh=5}Pd0zC`dM72{!?7P zT>Y%BQa{tH)qkoy*QuX5ds*J3{?p9gtp4b2>SxZn(|MQrS+OsAulhUWyHEYB?pJ>t z|5g2G7(bwXroHNC`JnpGl=pAyXZeu&OV()jPJn>PpY38o6nV(-AtZR|9Q^M7FO(G`n38xt!KvM8TH38YtJ`+R{hLbGV4?S z1=c;MekOlcKXWD*TKBwoh8M&$W!*)tvyI_J`B|{`V)xxAd18`&qHR%lzB=%Zvle-_hU8_%C^wzAq1p59GPrI<~U-(7r5LcZKsEr{FUnb)V?g)&+Ie%UM2q*_GL9>-{{x&z1sC}+*elLy03Bko%n0y`CdFT4zOfH zVg3j4%vmuV_BgoK_-Bs;Rvcvdi^sur*8S>n!1OoqOu_`8+YmS3gwV-iXc0w3pQZpem-6#(WRvczAenM!ziIXRUZkAIggmANU(SDp>zq-zDRtyiwzmfhkV-IuI^onQ3tZ72%Wx4T$Q2U^Kn@$L=%r~3h zXN~#ICxp7caf=C|ExP4|(8sD-zaHXN`o&@!{bIVEemyLXIn(Xc&#;5~ACbRB{j69q z-BJCIItSZW?&Lgiyo>Wc<{X*xGugxWS++WVY5jiA&-?)KOb&AX$DQL4=Vy7O^RqhE z`JXU8UVf%0I6uRQ&i|x!Y-e?n^Rqa``Jb}?+0M`6eCLnji=6*yUhMoVE^+>7m-9a( z|K;u<^DErHIKI;Td)D|W_m9~%?jO@@-M>EjUg!QXyT$!ueuw+_oOO4(f6@EY|996P zR6o;))z9(~^*=BEDfKgbR{gA=Q~wLDzo34GSJfYVUHvceP4%;4UmU-s{+IZ+`lJ6; zKZ|$N|FZMFtA3^*sz3U%`um+{Q2i|btN!Sa`d@LL@6^xmz51hJqJLX(eWZ6GPMMoG>vI(TNkoFbg)nVLWMK=w>>3 zq8g1ikte#jJj}P0Cyuw5XF%Q-d06Zw57XV{dCU3O&9Ij|Z?kn`Xkp177W+)}ISO(6 zP7E2-{U?UrIBuI5YTprmuy_{iVS0%8f7y>2!=d7tu=ZWo*~*M1bJo3Q{;-LmjRpHy z9z8K6mAK<4hIXbWObq?>!ds|+-#X?@PMqj-6UHY^3=JPxck;y0!Q@nZkK@zy{X^?J z^gVipzO!Qbk^E=s7b_0M@mc!yZ|l$2FQ(_{7sI*w^&jK&^o!wq{rXrOo0zj;dXacm z7mFVh*Cn21A^sEN8}y4AdsyD2U!SV`X8mH`tzS%U(XY?Mv6bmv`o*M2zdo1eZvA3) zkA5-zn|^&Ep6#q2(Jz*d>(`goJ)vI=FX$Ju7xnAEuCs&rYx>3Nb^RLRfPOK1N57c- zOTWId&%64?WbC9c#85LSG=1&-<0gfIVf>^p%yhz}(EN?KiIYM%!z5o0^{u>YVNz>8 zI@SDl&N07v77I-BIS6CceD7R~P4fSKV-~D9%wlQze{g*nc~~qf&#-(eI8U@eJhK(W zGpr>3NAc`ty0ZA6Che0#A9L3IW?x^B)yC{-^DK^;KJqvYw-7bfTHOY{PL8Eu~3(M$DZjCGgk3k&uzxm;hy%5#OjFuz(~m|UwbHRjpM z{Ca(1dV~7MnZHr}(VNuIq+9*t)pd*dS+bw`t?Hk^+tttX4)rtKrT&T5vxCXq>W|)| z{z<%7{S5c1pXL4PpUl6iKiaE)CVx}^6yt}~&+HNPGk;Y5wXT=yXZg7Lr`qoc^+%sn zKf}}NpXOZ8sGs?>>W||W)IZ($MfJ0MN&O7{>Yt&1uc|-#n);c%uKt;>zoGuSy+j`kB0|exHTP-%~$}O8qR~SN|OAKU6=Hf2*I_C+eST z{F(Y0K39MA3-$Z#RK@P-kotXwD*IaftiDx0^B>f|fcX)VeIJu`HIscG6UR;VeN5um z%3}Ov-^auWlSAD?;wMh_JiPNvnjHF=Or9L#XRp#JlS4c6+R46$iBl*0oP%}KCVNkU zI;KzdIS27GCx?bbNhk^Ah%5Vshw?E-9W_z5GkMzLfJY;{Z!G)I0yu z&J$h6c^H-zzmzz3GA!pjESN4W&+^X0fx^DHZl-3%*D{@-WO zGPW#dyz=DG!;Ce{ThEO7AKVXCtX;vmR&hUAv1GQY`_W*`w&)+-59W>T$BOd)pZmd* z{Y+PLKUNaQocZeNXR?O+efF(j2lF-6&#;#I|6t6{=-TS1Ka9>Io?R^0Q9qM))xWBF z77XjDKaSb_N9SE%{j3-oxqR-dWFEwmu!G5OA>R;1&nKRo;{jAuqmhsl=XT>Uxw^9Gv#_Wu4tA1wN zsXukT?bXkmLvg%=`q!}^3#KjVXT|1qt^1Sune3?k^_+t(tp2S2INnM9>sz<8`kAqp z6>B#zzl-`=uw=!$4aM!MewOTG*iHQ#*@x{cc2|EK@2UPKKCa`?8BAhnVcA{>`jo{ETD8VW#`5e{=h?nGA5{(K=?V*vsq$_5WEOwz6W$ELZ-|xOMXAcY394Id{R_tZ=s{4A7b+5axtlo5AnGLwFZN~p}Uzxw}zOwwleLa{T zy01(>(l2J8=+`0qOuraD*DqFVI8^@c^ou$B;`n>}9%lUy_GQMBIqMF$j%^G-if8hZ zeUA|TvwfNTV&CYm_B~QO^XPB(W%0Xx+r|4r)((b|Q~X)7Pt6qX*LQw)G8;F=_b73~ z6yKx7iBo)!5+_dyL(wTyLenw!nKi}Vv7K-3lrYTr1+UG=%Cq>C(9Lv-DIpwZ%oe6g zP6<76%$nn!XN4*L&1t;Fl+eqnc}l1~!Fa1Fp_SFvQ~cSIf7>acF1O$IQ$ia<>y*$J z-FJ#VTk`BTCA3HPpAz~R4xAF|Pjb$Kruet2d>n|jO$iMr%gYWH2dkgq5cQuT|Doz< z!TvZtOrBH4GiTB+4+}P&X5CTF!|G_~iQ{9P=XB>i&UsiJFAs}co(`TU57U$6iQ`k{ zIYZoO&cmd`d03v|JZH*tuJbTl=zc^maX-#dSC{+2aE1H9^eXq`Y~yR(52n|+{5CTJR+VML#Mb$#j|2h96u)heCK5R%y`9K z#xL}(y}&$MS+QjLr2BWFdA6~7O1~JM(XWf_|Ezv7eNMla|6RW>Hhx~en7yE1%wN>6 zORRfIznHU%zN}xDI(NT*G2a56)PIe0 zf2n?k|EixEYYXQdvM($4Fnnd-YsE8T!CqEhi@#3(Z|%$MJNvTu-oDqn{)2t#A7P=7 z36mT6qkWnEWM5XSztQ+-eP{ZMzBBx)?>F%`eUJXG@66eFGe^~iPNt)4!(bdwsP)-e z^-rn|T}*0g!w}P{wV~-2`KQ%-Z=5{SYr`-rHs9*Jvui^)!-BpD`ZjS3*ZO`WE>atM zm@Hl!YHoMEzBXjcmaYxGESIYdwRae=P#aoVG}QWkiM%Vo&=GB^4HeTr)rQ7< zoNGt*GyGZoEO%1>z28}5YOx)@ejIwiGDG=RKKE^>(}4pWh=uK`o)}e54nDo zelaQZi|Muc^|1Nt^o!Mv`o*+czaFvf7X4zlRllOQ>DQy;d-RL>-TK9FuYNt|Joo7r z^S|mBtB3TfwBIZG6@5*=7~a&c$HjfBUraxjhv7?kp0Ms4c^JNvhZ)l+#SP2D@+Wzs zzsU2H>+?V5F$XHE4!czI_} z^*(s#shjG3@Yc

      V5F`pEuR};GKtMbpENK?m2M_P7Q4=lBuDO<-$|FCTV_=siB<( z`t%hMKqeu6b7Pn~&oU?E6n~ zY-PzZ`XBqgWByb7GJI}dmS5WUU*`Yo{xKhN|KgbS@4C*M#aHeh)34pX_te7i>_pU)9fwC5zwG|FP>~T4-Z6c3S9T;TMi1gVs-&=6i|cn>a1> zGfbKm>OWB*b7oVfg@HI`?WdeN&HLb;W9BrkQ5(;i=6&$Sv*l+|CqJ_}@_#PxT=|*J zFF%U~-Ts?$Q#SFSfsbMKsw!%SA27Mj22>eE6u^EIdWZYbwkYg%Ywx%RZs!y=s) zYQD98y=mT?Z=StOHc*v5)|alDE8f3TkI%r;d&3)TSxJ{)z<3&$@*>7&vaY$N4Ho1&*Ip{qDB4D9o7Gf_+8Y`bXWDW%GCd> z^Y5;HW_zmtH+Al<{^)+{kG84*cXEU!`jNZz1+=J%_g*ex@I&zefHK)z9?b>K`ZmGxan1TKx>)seion z!|G@8tNNMEH$Bu&5bw7!y^t9#|?p_`#`y7%tMmrf5YEZ3hN zdYErCJ=FM4pnUV`&LCg&^w7(6EA`J3$5tj=t3SGp`e)0xo%)$(>W|~y)L&=3yF4uR zkcVL}dFEKRuYDQzw=c^B?K_tTiDx)MJhLOk&oe&CzATQmZyXXSh+{ncl4L3t4xUzDMuYcUJf7dt&^$zB7ME-&y*_AnC%c zf1vLyKG%0W`w5bIx{@y?)pYE!eAV4GQ+>c)w9`*(8Y>FOtutX&#lEX z+ir&M5whP7GeYxH#(T^N-AwkBhs9syS=xE`k%!>`dE)pWd6p4>uslo-lZW{c@+@oJ zQSvZ5#yOXBp5xWU>_l}jIaOWD%Xfyln4PPx=y@|d-_Fh%o^O}$f*ES%g)=Hi_tFF4cl?dtLy-iKJOHPiF$=2_4i zRz2TtyzxxWx68ZfOwYHgV~d&oOv$(9OwYGl&mJb*%=CP_d1le=XL`Qfde*LHUCT_* zx7&v$(`=^a+pT9C!)`M@-!6{H8rJVV)AQ}tv!B@>GdAs z&h&h{@xC+F;QD^z*OvbTd6=9g53|$Fr^X%fFh4^cmS@Vdj{VM(CwiWErk&!~m4`X= z^To4d!+P>vAfCmA_GP$eW@ubres(hBAj8G_zJYb@Vt$FfGrd&bHx$QC<{V(bWFzrx zWyKzbF875Ao13g-H^XJ_%f`k`nO<%m=2zH<6`M9Of3^F|>>B4~UO4Zjyw?6K+0WuS zb#KNS)Xi|CbFpN@=HhQsH!D_5Zk1;X@psC@aF;yHSi7ZlY-Q5pyiDnZW&bAiIAVIQ z`WWu_IND0w10F}L*c-=xlV@u_B%a}6@yuAWjeVK1VlUH2%x`O+8Pi9_$1!WRGk#1S z7VKeFn%|y}i)ZnKd4?y=@8JAwVe*uDRtzojJZ+xkGy2N>Irp2zZ|=jNtp8pAq9bO7 z0hXg@g@zr)jhPiXSk}(+9qRJVnC15#n4dK(bh4U%miNP}Z^2pK4=-Ob%lqMt7oO$) z@YXFNerMxF#k1rf)5T_aUfzC-&+@#yJWJS@WxaiOHD21j%$A!K`kAgEKC}Ny;#p+k z8FmxDo9nxaXR?QLvfR_YyF2IJ;+Y*VEA+8ovWK_>XNC6YL9_n%ooyMzp7I<#E3`xp znH73iux2mo51-}Fuye7O=@GMh|BvfzWyz8i>-H9ZCvdGOdImN#FiR&=W>SFWJOT_Ol&!zG+Wgl}U2Z+B+y-Y9H zPiCw?P+sONIl$x!{X9tAmHNqw6_cyHtM^!+gLY+>20?@Vsf_rs0v(RYRi^_}^{>OVsKW9ny8sy~jO zQ2&wYVH?BK>Sw~F-F3Dzdsh9?7u0{0e9T$Bq<)51)qk`xJ6Qfh{mfod|1rj|tDhAI z8QxI;vGTKv1&5;Vs{c6qzo&lYmHJtHp#J0K`;YpWeysiz#0{#S6?>R}s{UNuXXNTs(zLnX8xP{&z9$R^)qKU$2iOmEzH@&#INeBIoJG%+5h{_#GJjx z$;jEE_B?THWjbnhC|R(s)AiA_LmLbBv0`$*bBviC+F7ul73(iBKX$giGnpSZI}9+L zGCMR}Xgqax=wLp>Jj+?;FA_gbd~`wc42e7!Teq-z=8KqTxtRD%#4TZ-`7-upx~%w1 zjh8pibY<}@{wTgnzBTR3WS!X|e&=Jk?(EQbnYi`Mv)D$SINnyC%Z-^cw8+DZ4Ohs& zqj-j${-hy|Ojwtnx~J_BgH-|R5V>VVmy z`5NPcW`}O(2hR?g?PrDf=*i-vr^wIbH0Qilp3|L^X@_&NI>R}yGk=zIvN+p05 zmp}TWx^H*=C;LXH)rA2T)9XV09j?!;^PXg5mdt0@dA^==>q09lmP{5hf0sBm(?1eJ zH!Fr7E?gH{7#6JyJxms>3pIDkzj&S3h^SF7z>3q3(a*^_ex)h4%YgU$HLqGpywN_gl}LB?nloTo)StDsIiX(7|ji@o~)B z2drD$zARX>WKFMe>YUL{)y1?~T@M=t;F>4=@e^2L$?&Ulz|Dq3%+GlTlh_>oObRT_qOnv+61B=7d#rz0; zD6KnEADA4a56q9%hsW)AoIWr=zRuqTtvjL4^Y-%Ob)L6({uApwZ}0jkb)K^|e_EaA z?d3bY&hz%>&#v>ly|{DgJa2D3hgqKQaqzTwcC)xZ{m+QIQ2i{}!}MbHKWqL{^|R_y zKg-M2-zV-W^+&H!Kf|@^f6jel8!PrPxnBK$H-Dr0qc^LcdAItXx9(Q;Gre8?aeRmR zUogH?{j7S_&*VP!zi2;pFx)Sm$wT5_;*;hXo-xntIrA?&FWZ>E;5-a3J5Rs)e&=ES zn)9%F(|KNz=Pl=9`cHXS{!5-$#l0&(v(KD|C6j-M|6G4quweD2KF9HpKEEdJD}841 zy*|G#e%O6s!Ghse@yyxyhWRmbLI=axIlfatzR7b!4dc75)g(9LXqzbN&e_FZ63Xko>IVL|zs zF@48%b}>ohXT_#}iCaWGa}Kj$^SkP0H?u|Mf6sNcuwW0vVsk=GB_A`U>}AH<_r79tX_#be~x6 z>pp#HyubUz>;U(P>4ED1ulf&Cf3!{gEDl!xkoZH?&v2;vzjB=|EDl#c!x8HL+L#&h zcJ(tHt^RL}k5NCvaq5rbSxIT7N@KK z2j@Ra{S0TTKYEV(hpl5L!+Gjw&h$s?*u~@m^)qMFPx4-3=`(7qKdbxfvzf!+`b?&S6i&ddtzgc&^enoH8FJ|5P^}D=x=ogDS^^4&y{R(4z zHch`+_UIRjd-ZF+F`oC-FQ&cv#rz@t8X@jc{bEw;SM(|U8tMAe`o;7a{bI(3QRdmf zf)&$e^=q^|efq`p@9Jmuy!yw8dr|$&UsgY}SJXdN+-vHOzM+1WZ>zsX+&|UN^d0q& z8{>PY)z5@IELk&NerC+yQ$LIM)jvW057p1|-|A=hSp5@?*~Vm09;O^*_KA8Y$;bE| z!{Jl;n6P%Tb-&o372|gfhhME@!iFjGu$>u8=B%l89yT-mO+CzhSI<=I!(8v9=X`U$ zk6s*WrimLd*LyCkXD`FZx!y!as-AH6aA;&{wl?+rI*JHyzy z-bZiD`dP*`b3NB09|xF>o9lh__8mXh`{>ojisgj4-be5Hq`BTlZ#@TDPM+(1^zuxZ z>wWa*ImD7pbLFX>>$z_EIm~40T<@b7$8LscbG?t=m@TZ>!(@i~7tkMOtk}zBrur9@ zkF5-|)X$uC3yEVJv)Ss8V}0xt`dKhtOx%L%XR?s`S+Hqw^DLMp>SxL3C9Gdq{VW)kv~CggvtSR?Mb%$#%#7(` z>W^dAE@iy9`dKi3=W|#>{Yx9OjmeVgXU1e1^K55YuYQ)SU)H*%)X$Uytk|%eek`qi zmaG_-QUCJh*~zf1`s0}KJE6mJ>Sx9w7Hn#;o(0q8)gQ-fUeS03^|NGH$$1;(Vb1tn z(iKaVE2?W{^DC)~$;#?t!T251CEHoCKaN*X*D7q3hsA2@Vpv^WtD0X!T};+gR~)nc zkH%}s&uVS?S*H5jX#G0+%w%2XVaB@u<9gzw>x++W;5@5|+t7KKZsa`CCiz#FuWp{_ z_vM>2&-44@=Fa=ycU%{2Uqjryd7j_5KkL_&Z+`JC7nm1%nJ+Xi)UM?^TbU>GyjCIK zqVxRQMBHNYLJO9r z$;!^jVio6HkE=Q-OZKy3{rdL#|naaJfBIh@0#;M-= zbyVlx=oi(Zi!Q)rY-|v&a^LO~szMcA^np-BXo3JyAS6R55nZ8*5*Q!^(G{v_VM2@O zA_Ncw$k0U>kbvm-H-PT-J%{@}=j3^=zN7EQTJz33>%V5(vA4GO-cu+=9zJTVNdg0t7FET{fzc9zl}O(jDDh?1sk??y}jjPx{rDmtlv)kzUmq6 zub%k<>bKYbK%Wn4IPD!R%a*k4E(ud3-SWy~hWO zKX`oXr2ck~4`z3Je3auaJU({T?`w|_rtD#|$WZU|Z+@|%p_v)GSu8QsXQNuzazjH4 zGxo4pUj1&)Uty^C7&BgZsQ3AoXBG9kt6xn$6ZVvjRlf%(s%Oq#rjv$-y2N$shK5$= zESO9l8Y+95pE5MGF=ro>sY5-dWPaMv(9WFw%%%_ZzBaBqW2onttcL@PXAbpw#p)|V zeO|HaG3>)xLqj7Ab~2wmG*s=YZqCqe-}5|UmvK5*{eF%wP+uDB!{|rmo4CGtrtD<0 zxjy?_#}@i9*;*gQ+YJrXKjjWXJ%4Y0$D#f#t{-a-FmAN(EZEI#C;NDy<2&0&#=F=@ zW~@F)-ER6Y+g+b>yoWvqTgRUIFzlrdi=U`J#5(s?&x9T2xXJpP9cLr6{jHzrPp$t@ z*FDg_F+NB=3zqMp9v`fpIXjsiqW)*jXZarL(V_B|{>*g`w~ixRm+_I-$@~}Ad4&3- ztdsH4*2(l3d5?6QEiBl>IQ6*sx$&_cH%yNAxM4Wa+9p6PMJ=%=J>{rVB>=(29?H3DHA8Y)edPaX$UyfPz8^^oVGksV+ z^T*U5r|t>+%Z!~&d(`ER@Y(q-sm}d8J=-JPLh|cOj$5zF@{ov92+qnKK>dX1p^*O`!nX-7pIvM(`vrQkiGG@W> zwsro_y4l9?j&(AB*E-KM|DJU+yldGjG2}m=(t3$!v98PbxM5*{#qq;J!ylaAIxKWBI(3+z{qyu; zp1)Ur#xT#{%h5J0RQ*xi*~7dSuzu$Z3th}F9u}&vG`?h5XkyL|7MVUB&i{ixjIY+G z9J8OrHP&;Le%DzKqwB4Q*^Sn7we{a57c=%Ty;-hnoOg>{Om5Ss9N(_bwfg^A9~SrO z!*HKI*E#Qg>tXVM^<1y+dFx^J59=w%FUoZT|0x$UcClb}r#!FA#psP;o>S2G&0(SD zPmaGcEHpEI*W-!Vdmc|Ws%HzM_w`}HaFgqQ;JT&#uFLo%*S%T4k6o7;yBL4!y0@4g za9w7fxh|t`T=!Oa!tl_{c+ugZo6+LKy>>#~62n6aqanjXPdTm{9%{RcmmcolnpxK} z!$U9QWrv5l+x1^=cxYw1{BV1yZiV5Ya)+s{}? z)*c?ZjI(uyhw7ZQ!$T93@xw#ToHc)O{sj4%PL!XaPX2q%vxUhF`57wm-{-n4Kck_T zB|pPl_4hlUEe!M2GiU7soUfko0`=vXbq~rD+b?D;n6vU%*ZYzEV#Yqk>)Wqx{Wq{* zj5f4ir5o9=htx4+*w}tCWy8bzv4im@_UjS#_4bP?I~o7jem$y=38PKz7gJV0rr&1v ziz)MRyt(~)-1^wejNPSM$p3`%x00U)dzduH-(!Aj`5Cs6pE>KE)OTC?8E+>)!}jw3 z&G~F&vV;8PnDJAN?}vVT@pbaQYTeh%&xkqmPWfMRoj=LXl-=d{Ci!1iceDJA*;9^h zmH!R_HJ0jG4i%uaR>mVogo4qi5ux&l zzHDQ%_K46|jv0SyJbFZEXFg^`=x11Og!i*?{=B;x)tBXGtAx4wFkye`0)4(# zAM3;DNBS^qpwBnPo9R=!oj$>P^zS$#G&0*|MCdHXyNw7{ix}@Q!r!Hbgk-M~p{pG4 zJt9;u$|m=N#bNFTqoduA#muvj$*=Wc@f&>>H$Gk;7VKhlf<8+O@o!`GVR529j9c|t zQvE6JE8|n$R~C$h7@y|8GCSRUWzy!pRvG`!ePwZ``^x-m_jM`9&vjp!o#%eAXm>xB z)+cj6m|o+4uwePwG10a5k@?4z#?BjAi+u>&W$c$lm<6Grt z%1#!y$-jcWcgWA;F8P_=BY(B}d*x@wy!1Z#S9JbU@-zHXeirY_zmn^IB0s%Jy4OTl z7i(5F|CxGb>}J7e6@5Ne&x}1RSi7qAd||&Be`&v%ux>TS*~;WA`^E6J{aRfe+nBJA zDdQT)zp-CT*w38xYv}L)WlTB1f(>h0$D&c_V7z$bxo%@NGFl=EolKUDLe)@xSbla+ zG$aaL<(SpO)Grf-CWd9BZ$C??V9jvnEf+>co6!nZFv9iO!f3@P^pxXOqfi^E zTQl-&UO)Dh4vj+HNb4LPg;vHRBCic`-H}nKjB?)EQD|dWCklPc){VaXY#q%)``WI* zUKIKn#zmoiG{@`1e1blVCh0RqpE`Y*%+;rKo<8fS|B*h-*Vm^UZ>Z0@*0GU&WV*3^ zWWI@gtabdy_L1?X_HjMOH?xn-H@A-rTiVC5j&EfjnKsx*=3Cpxan`?`ePpqNeJuT{ zeH^du5c|l`Y#*5)Y9A+9=VAIVWqUdPxpgx7rFBl!FSX9n-&iNZ3D!A@zqQWNR_m;D zos+DS;Z*Bne42Gm*7pqkS+rRv^Yg58in@!flL_;3oLT2o=Ur-@rB_%dqbsd*n)9x5 zzZtG|znQRhy77(fH;dccZ$`Jf-!okI4)=-iUG5X3Kf6ye^|{A=Vz}3RD#zXKQ$^hq z@-sXue>r|Z{#mZ`PxXvmRbP%@Q$O2&ysnSKKsSwef!1i6ZBEL~<~sG9HiawEM)NMCj_TYhAyUSM4-j0{aon6s!J8ERrV zR~i|bS+Kiwm6858!ThTFFkej{7OU&CzJ4S0DP32e(mH)MP{(E_Q}kgxRi6!=#};PO zMur}y(?^Edjf^WJy%(tSW{(WLOy-OXbsMXXM}}4=8;|r}pxkU^sBEHs^O2#A$rd9+ zUpd}#q@Q6JZ#6QsvuGF@`k8G#GSvUrc$<+SW4`UkFu-X0k)dHz^Xw>Xw2zxPe;516 ze0TfEbU*vJx%D3;Kl7ioU1c|E#&+sq#caevU%-P9;Rl7R=Z}}Oqi!rNr z(~nI|nKNU}?#^d33wAU9O#L2?vxzx#7OY8}|G9cbU#MsJ(thpfyszvR3-&Po+J5cD zZ|oQ2Fe>zxE;1_A{X`vGOBWsW?PqP}i;W7Ey{&WcQK5}tiBX}CIpclIFF7i-vluce z^fO;tpMCXPMjxgun6t8>BD%HQ9ch>p4CQqF3R!MM}>jX zHAeXyTy<-W3LT7xjr#Vpyo%wYLgN9}7mW&?ELe4*@u*RLHe<{#CToxK{5!{t^8CB` zbw_#rU7z(vdH&rzn;FKA^8CB&Fgirt*K3CsCSi2wVZ7LA?<+4Cn-~@!?LAY>v*u8B zY-U(;wD*-)H)OQ;l{dfCXzwd;ei?n3FFV@%%Db=2kM>>$j#rQNzVcjYwD*-)x5{Ym zE3awa@gsQbBo zePeuHtvVJgSZPuB)|k-7?Cmk3kNG=eeCCSryZSJHPoHx9{+LjIl>70)7|;D1bAUzv zn9y*v^?WoYbTDD~rM@4J35`tI$)u__R2}2IrD{DF$mME1|E}NiwVr=>oDIJ+&kp7+ zKLagZq1N;7#_VKKtxsxv_E^s)8lN-P^Y6}YAM5#d^XHEZP0TJB>%F7&zi4cz`Hgk3 znaS_RhHl1}jP+hp=GnrWJuFyzy!B^e{axDm>}7oE*id(ZzL$>;txT^N>-S3Y9b-e~ zMD^E>4QR zo_{z0m$9CEbv_3e?j0K%+FX|%%ou*B?yqA*BXf4LVAYw<>vo@5u#4d#_vtM256jQ! z5&4<0=4|t9X2xztkIH|JzHDLgnEWhQd#<`C%;U}eHa(|v^)Q0 zeHg#uy5*QP=R2Rx%-PL?(FM+bRXvl}T$kZ>*S*kjrcB>(T_$hZ_lq3wv+pceFn!Cu z|K9Pp?K|Ul?0Y$W*S=q@{yqE7g8fY2x9^uY{(*gG)^Fb#e`wz`b^o^S44>NfOO4sc zc)-3h5931BW#$(d=Vw{!79AJ5n6RH2>n^uXi;WAd3`>mj`LB+%_7CQl9QW;K?q%#P z$3xU#;W%5Fv%9ovoY&wxzSOwT$e5i>mT~IdZxAd-{AOqap$-(>44ouWUJsn&Cox@p$Kl)a3mThGm|!`9Ln@-mw_E>vz&H)~vIV={YO=qtx_ z#`$at$LHD~#`D}~hWX<{{cZMv89h-G2AKZHes;Oe`u3kW!|krKfqG^esxRG0ed)&P z?{MBG>X|Xz>H78V7sHR;FQ%KiUw1jqgz;wfi}~jE>u%#M?N@1o{VLtYe*Ibfw)Ttp zcJ`|r?`Xg7VWa(Gx|984*u{S3>XAjGvo84=-!A{->h6%A@tyKByHEZn)ZZ^Z(+A{d{Gj|jjum zg8WQgk)P3P@;{^B>+&;tUw-~svfZpICH2lN-sPUnL`Izw`ykJ~A-uuft zfBJauFR$;M@!nsa8;$p~ZO6A6@BQVSzx{acFYkIgkN5ua+9c<(Q-?)dTEOOYpx_x|$MbK-dKFYoxNNX+*uwC#d`vjNoRtsEzvB9g*vIrW z*Y8)?=Q>Q^c74Y0xc-O6Oqq?H5W358WkRU_NS|2~LKCCe6TGIt`K;Eu3I2}A4JL#R78_6a_Ook?`U#=_6LmkH;JFlTI>GzT zJI=aKt!J|dUQh45Z6QlXWVGL%o%;AZYS4a%8VHYn6u$?^}D)0ligka z3w@Fap^*{Wn72;|z2*3P*ZzCsTCxqIsj4yJ1=Imy1$%Ih#wSJlFvtSqF zOYO@y&SMjk%j^r|%jF1Fex9#S>Gk?By-|)us(gNv>z3Z)x=ikLU7x|5+%v&zx_xHp z1J+rNAGFTJs{DD?J~4iHg3rXL@;IO1ZJqUF8^fa$LLW26OQ?T*LTG3FgnFi|EUDj< z>KQ$yo*Cz+03GDqUZC~&zR^f5}iMLqCcBC&Q_-EVKirAs9n+VxfA`2%6aTA#~Vxx)ho%t zrqW#|dR|}sZWBGPuWmorVc1_iV@9hu{?mz`*Vq3b{Ywwge^nl)Kckk3p4T^K-D>)< ziP6y$Lnp(r*30BL>s?*l@z%@Y1pSzwtY3}ssroTFLqDdhTf;nCnY2yx9E5pR*3|cR z6GIzQ_OUoq{aWVFQqPzLb5@2r|7`Wl*vI%B>lx-ewlh6fJ(KgSXSnsBZ$Fr^yYwRa zF@l%a5BdYB&yiJksrwkY4iiR~P4v{U{(q3WoM$}J_zKryxN@TR)!|hWy|0ezU#*_m z_3F!Ur^mzE{FBE+>5UWpSy`W(CVF2T>$}Bu8QpSv&P&41;-F!|a(GhSp;s7#QLZH$(j6#7b+o#Zw2=9ixo+L^96 zDfBa1X;P@4WPX)N{;Y3)^+{oXQO%^#P{%bUg^tp-Ci%5u-K!%Y2|%+K4(|J2j3ayNGn-qGOv$kTq`y~Gx<~X~V?l~z`&obU?QfOkb_ayJduWr9d zp=LG@o)nsyAEKUd^CZ9a)v<-)Q2iMlrvF^y!}Vu;ggz`-Gtc-)eVDSF$}Y)!IQ~n0Sg@DruO@}MSf5|ZMK4Say^L7*Bj>S&`LX(!1*mc;>_-y;n;vDB9U)Voptlm?fFYPM}b}{`*?!BD%wf$qk4kq82|B3lf=k@sN zn3XP47y8TjMa}Q6o*9$H>cRk{#p^=DKCZ_Orc2a?u&@1CvMw|-8B!NI8LH|+)qd)j zuvn@tbTMAKE>t%;zD!+cVzO+V_tw&9`MOZEzwwH7p_yT&y3oyZ)jEGBFu!_TXkl2R zF7&Wq?E#LjS?9gDTz{>)(9394U8p; z)`j-caq=@vmj4h=k)H(zn9Y*EnX~0*K1cpT^_?d_^ZD{KULgNr&R^d=;|crW>x93=m*d9eJ9ekXm$Pj0 z`5C<_|0(J|lb`9A@-zNM{!lYVr;ZuZNt43> zGd7%QTsJv%FrGHqpN(C2#^lh*ES?-X88=N1RcAZ@kjegx%p)iJd|Cc{vd@=wyBF4Sh4MVBKeOlTFXQL!??vYSVSkyimpSWx&ll`3 zi?{7>Iey3fUaaqX_Ls%`_LphD{k_CGKC-_|*o8-o#FQ|=bjc~9;c~}^ObH##s-}2PFXt^aB{Y^UJtcH9Wz`j2 zW{UUn;IdOf7o+8;gz7)aySjQN%vcQ7zZ|cv|CPq0^=C3!{|?uiuAcb}_2qb`dKPTB zN?k=gi&^TgRySKc<2lw-j^|p>HOBMIGiL`2_LuYX<-OMUNBT3}NPmV+^uNxS?JU^O zxL*DB`Y>bkWA&w*s=q-UJD6-{J)P>{-llx(=F`}qpj@Ejry~Z2|F1Y z)ZgSd8yK^r9B-}v&HA#D@iywqF{^HId|Ullu#4$-`rpd!r-UZPJ5KR?k^VbP2{pH= zXES4VGiTIgyz`XM!h$_acbO7uZ+HKhGG{N7UCrNN%#_J)>dP@}?{wbo<{9syo*C=z z(wD7FlPO;FXB~S^36;B@$2KN=O$mKW8UNXNY-j!x_k;1??#DgG`?()Xo7|7m{q@fs z|Ec~=STJSfFUAMx&y;=47~gArp#F>w*1z-+{qM6+&H6JtRDVW?xgYnN|C#&2nBf8Q zN4OtMf8l;GKg#`h(0NC@AB=zLelY*F`|(%f-?$%4nKL`i{phwYY%V?C{a}8g`G*`o zOFfgb^PsJV-5&GLxi0e;)H8lj{gcLQWb~5ya?Gl~ z=~t*{&aTpzt@A1Cdeu6aF=z6+`oF91Q_tcZ{Yw{_>T_nfSTHO% zHAK(2E?bzcG&S@vW9_r**P810W_2T`hTd{KdTOZaRX=8`*X0|tlL@PyGhSz^_rEu0 z2UCXUjn|#(^Ja~iG2=ivuAS=V0mf`+&i-<|p7p-qx)anhnXH~U>t2+HEeunvw;Z$f zCF7}6Lo*|Gm*Z*j{nK@3sb?0eXZX?7P+jQD2Bz#_zLE95tREX0Z7v_f7E?oCIcEHd zoNQ;brS+C$*1xJBGsat4FT-~FzvjA)`ZMfg-x;y?b#+V`?QDO`F{3y1VGHA3te0U| z^>6CKlwmjZrMugYKI>*H(?tJry!X^lc}t&triL~a>|?sG^}lU?KkH}QWc}rsm3JIx z8>9WzGyGKjyXuR~f%&8DCqt^95&IZ3?l(SG zf2Qnb@*Dj>bo@B=Ope!|(Fyv0Wd20`nVzAZNt^nQ9siwr#%HN#&W3-PKU+OxhJQQn z9P`Z1HD7w6`A^hcWSz{|$>L&<>rd5R;&II^n;N*vWE>-om{OqkpwS2_NRykRLn+m)B`z2=#-YLTV<%vL?q2jyk- zh`fs$KOrxZ9(fu5rvGC4u$j?QuFK>Z>sj3VYu3Z~b$OY+Den^M-jbK`JMuDN-IDr! z<#EjDYmZ|li%biZA+EdFw9v+6@oAxt`4ZDYT&2EhT4-mq^t8~=Vwq{7ekt|KPV>5b z$CsPt@5HXl%F?d4ygn@0$7}_CmT`WyKFn6shw)1KEbBVVn5{g`>-M?IG_Tv&chzZL zx9>U(%X779Ubk<3HPgIq-}!4y^SXW4VZv<9X`bgdzt%Lb+czFM&Fl6ZA2!YF_MJCk zn%C{?8%^`Ned`%H&GY;EGFr)bqo#S?zWQ~ig`RS}-n3A=vf~q{g_K3zw9w0J^0ZL5 zigmM<1&eY#RsL07XS)21X3AeWTmIG5#qu-WM1DqF$-g?c)`uwzhHdnzah+}TVc1@u za=e2+Yv{vvMmy@mnDuKq&Nk-kV`#L_wbZed84DIW>p#?Z7xgUISGueEVb;HgdKQU# z#`~xr&VAK0V;@74^^8!zzx6Obz<<)5VP zarsN1ke_Lf{B?X%e&$cf&!SiU$$U;9#xLl@^c8)kn15X#X7A|3=v{rLTHpKnFlBc+ z?$>9UdbTkB(mpcz#y(D0x9D`QB{#qLbg$cY{iUXR-M+qSPWQTfeb<^EdKgAb_dYt# zi_|k7rM?`GQ(rNzQ_nDcx_^7>daTSco-y6)_Vr;OW5%;xXXbRT+gHbahRSrW+gHbo z*{tbaw{L#Vbg$cYow?J!Zr}Oyr+eMLb;r}aZr}U{)4gurm{s$g$Ame%m~K4X>-NpF zi8*sdn@;z-ef>9|9-2!VriX6ETTl18edld6-ShYAwv(SRYu9%@rcBw(Vte^FFyAOY z!%p(EU}Zz&o#ki5KE{kUQqOj#>}SUMjn(feKO+t>X2T}>v4de>`RnC4NPZRv%g?A; z{vSL3Gx?dc$j|gB`8Rd^1o;^=FUKd!znSZvBtN6m zLVji)@-tj5|CX+It^CYcFuG3ut(?a;CfCc)_y+Y2#%yKEf(0vEJO38-%x+W9q|1J7 zqwaS5#pDkA#qhBG+E(2o_KW%B=9%`G-_HC~>X|;RKMPj2x31@0xAb}Qj9;{#9rR@r zbLQo^ux~pWvx(`e_LBvx8(sf(`^<>#jM>ACwL7VM)BZ8^xj#%Z+=p2_F#3-hnc@2>CH<{5vZo_;}w z${xmx%m{7F7n>3Km@P5Gd(%2TWJYLb&VCk4%?R~-a_Jc%W4i2&Fu-`Z8KGe>b=5OG zk8ixv4A0~1v+|74$YPBdp_9p4GeXtg&Ko+z&+?3i%?Mr0htCMr`?y{-BQ!A^H6!GV z$Ib{f`x;M~5t^Ayn-RJhX3X$2K+c{KTA0t75qg-;pAl-CTyK*Z{%mf3^BJL+(GD|0 z-TwORG9$Dy+G9p2nCv6}Pu1@)KeGenXL`8&2k3u<{EUy3zw}q~ALzW}Dlr#Jx~5->$*UG#uv-a{4)6uRd<8@jBb~o z*?saKW_=II&+PB=m*bb@|C#!K%Fm>bpWzMp57+Na`I)>gKZ}0(k8u8n@-z8J{?bq6 zKhpI+m7n>5{LDU=|L4YGX2=*XF*6J>EHyJUv=}clGjuRrex}d#(Pzb(p^@>*Gec+T zDl@;|%-5M2s*l!Z!pzWAI&G$ZV{UzOXNH^99cPBxUs?CAGyP1K$;{Bpu>Z_Z_iNWVU}k77J$$CmfY#^d zGeaeH-qABd8>3@qhCZgp&-7;#>pXF0XfHi^X6R>h&dgB%8~$E?CRfN`j<1yeIOnm0 z$+hwy@47e0&*Vn=nRm&50`HKY**)?zJRtvxd{lm>kIT=ZNB-ZMe@1>5FUimJE%{rG z-<6-~hw?KSkpCq6^11x;bozeJ8=x08m66#NL-H8?N@oZg_D`9{M>rZ!lrg;{#%$Lrs_?%jO7F2vr zt@;fsA+#B9QSmvojyF_%PObB|srZ~)^E*_0PObSpD?X=I{ZA`Cr`G%-6`xb9|DhG1 zQ)@kkSA0&b@lh3@Q_Ejfd`_+TV=MmdYW*ixd`>OTsQ8>({m!m_Qs#|@Q z&#C3mSw5$hqi6Y?T7B1<<+(ZMPn_j*YKb5Uw>BUWwODn zPx)T^ws}lR%mC@G%NHoJ789* z|AXrsKFe$4jE|lb2AKY8R%p1wdB@KR9gKcE%WI0wpE1kx_vSC0<#qe={c)Dp?YsU} zv%GF!-8J$vyG{NM*SlSQ#`nt4OvAC|xL5&5sSt{(YIUyz^4%kp2tH|1yA zCqMIk`L8wqiTo@+m7nQX@?U5E8~Ir*Haqk&ubS<-2;*gDhc>3w=9#Q){s!Y!XNPu% z)n_>+F4XNL|J3^(dCcDCp3oj-B5=j|P@o9%gfeWuU$ zcMeu&hb|^_XNT&W?bH0(p^5o|+5Rn$zVYl(bBp5}m}l5TeQCWuw>th~{h4j*y39AX zp3*I?^ESsDte@G|v%PlPdE3tR{yF+>H#;;l-(EjPJ6iAU*3;-bX2;nN<|jIj#YwY6 z-5t(9ZMNs})wj*|Jih*C&GsJZ`kkvE)AOyH*+uf)<@`(JWO14N41aW;yPbcP{bGEr zePnWj{bhQiegCubZ*hI*U9QjKPS?N3`S-X!qkCPS@dK`(t9#J(Sv=(W43D|~U)1%u zKI5lcpUE?>e=nbP{nB37FMZDSOP_cB`}hynFMYxFOJ8*T`>n5VeP*w^KJzzR{{j8q zoE=(9`^+=EWuG53ep@|r_A-4(pTAnyyR$;qF)J*NIs`@?*|L#?#z0YpA#xi>9fL|(8j!aPUtJgE6wqq(vGh@C$uwPWsc|b^;va} z=kpz3ZI0*jjoHV1b@k7vuTjrr4fUmKs(;o#tfijC&^cj%$*?)0q1XC`&j}rj+0SHz z`sd6?>KR6=FCC@+d39^6XF7V0_rX^;W{&s4H_uLHta`!xI&(aRT#sE$)}0foUu5l^ z(8OrHIsQ(pFB?y` zzsy)LnreSv;WYcpc)I;!I>Uaw>UuNn7t@OT4725b&3KOd%;(C_Fkk-HU4Mc6OxBnG z4Rvf}*g*br%&Iq?x1szj*u``s`TMMEWBD0vB0rOQ`QI|Xsr<~@&17@=-`00a`B|`s z(RT8`V}1wunX#A2j`F|Do#kh=oBS+xm;XK2-%Ebx`^eAYK>6QScaZ!H2g}c#l@A2(iGiKbcKila|fjwWZ?oj*np>-T)zgV=`FDAdRUmvME%6>6A+J1d(9c*Mc)_#?? z+OL19KgoVEJKcVjw%MU{rb%H+wB*l^X*qTzEJ+pjoHTRBKb>yFaH;=bFuvNWRCa0cb!Y+|I+v} z`I%lWe>uKF{;wSWqx?*-l>ck<9r80`CsS5^WBw}nnX`-O)$)g>y+@w>jINcx9A78@ zBE~n!&zRlJJLO+=Y40;5Kl2;qXSiAZ#njy*Kf|r^Grdjz#f@*5pYa{?Grd#(CG@#l zeirOw{Ac->TskCdXOzp&ob^K-zgK={9AI>x{8i@J!Hi)k^Y_cof}Knskbh})56aKz zukx4UZuytdpG_>7Gk!?^WsTX)>|yyCKO+Bf@;oX(3-*-b$K_w%b(k_^FT)e^uVBnp z#y#@0V5QpplkzkDoBZYYDfw44ep-HJ>}T|>{423ne#Xzq&-8iuSGN9t$j|fz`B!n> zm*i*qPx+Y_@~>+C75SO6iy5m|GykgmOqnx&P5#xblg-Rtm!Ihy^4A!@DSzo(@-t`c z8qRx1{?d2lXY!u>YpQ!+eik3dUyl3bUrU~k#m*~+L)|3*XP%AwYfgO*7t(Wsg%nglMS^6+z?G*J)S+JM!Z2LIX`E%?e3l_}h+Q(_e^Xwy|1@@6yY#*odNA|IF zef!9C1N%6`m>HuD?IXiR_Hm|u>|nf!eXJPQ+ed~??IYvO?Bgtbwy=-Pwz7|mwziM6 z9cL4B=B3-nKgayG@-ty~Io?kGx%zG|KhquLFUO7Y&vSey`I+u4Ka<_$pKr`oCVR-w zY)|CpM zdSj+cPm-U}$@2f$`D|r=iu~pHRQWfx-qYk~%03p1H#0t6e#U3W&w}-vyKbBOOn)bT zIX+YVEnMd;`57~8X`YRY&z7GBtG069Ir1|;SAIt4$=_hyEhO z89SM?YFG747;aY2h}F9}k4;RNGiA;0&Sx`ocC%o#hvT={FJ|mv&f3IrrVO{*FXpV< zQ~%rS7ekl*Vt%{%yy~{o_zuP|UZN2x{$I=JvBeMtX<38#h zvX9IkwU5l6u#fxd|D1hf_7D5GpZ>4f7pClF{+fMhVxN5}eapTue#gG-?>ZmY7p5QD z7lx1R%TM+FmwjRMZ~MZS(E;Y!!jwJb_!Ikbpz}VpFDwS^3!~5EKghb+%J>WUnXq!O z^S_jz;Vb!Bd?WuM#$jG)XU={mi_8o4&5kcVFJuf$%nJjhOU?5>_WH7e1;b&kx6C}R zpLaex%ki@FynbHYa`U`?Ucc&jUO(^ptUla$rFmXIZ_JzpYmU%=<#}E|@4Qv!dHuXP zMn}rE>O8NX*OxuzxMrT$&#Pm~bd7mlKkqo}TC9VurEAXfcM1Jj`GvZ*=6U_RI`%PV zd=!Vu&w~9-hsl4m^$eGvStLJmHvH23DEXPJE&nmbqvdB(D?d|K{Yt;}VlrNS#?$0ajoHj>y8O%;9qYUq@-t%(i<$EO#&s+5GnyqoW7ZwV+43`C!7xYu zmcb??m}aTjei3S^jg_Ee#}J zJuFyrsdYVW9~iTX39Bzt$42JtWO%}TVZ?^Z)v=u^`GHfHQ)&bsUMdqzIS>|w^58ysgd!?PY|j2Lz5 z!xpCOVb0n=xh_-2z3Q1Ty3uhqv0%>lIs0*w<4hPmZ$Fqa-0b>nWX?`T|4@I6dL~TS z#hlf*>dPiZFX+#hHMgl_Gc$HGyr{lQ9h+D%XZ(`>x9iV@DZ5y(`VPncX+2EX$*53& zr#dz;V+V7FyBvR6JyT}PIKc3V`*XMBY-hrPDJy?=K2sL#W%R21a}Qtl>xKVVO zK3C5+7VKmEj{bi!|E~Uw`rUt~tiRXw|7AT)Kd~MbY`D+(bL(fe=zQ<#=)5K8heoFC zWWlNj^j&Jc_j**f{QS^Wj#ro;svlIp>ip2eq-MUK5vXU)U(K&MKQuERIzMzX88P2` zmsrQB`JsjB==q_i98Z}aY9CU+V7}i&)NMRJ^fGKcKh!-e*EaJ*E3<9q`#r_{_VYvK z5p_Gv4{gkMoFDoacAD?^7USLKhjtdb&ky}f_n05*A2Yw_e7}bn?>*n^>K$kNxcMga z%=TB$^Z@lwSkJ-gnR0;Pu=(CshlkJix_amR+k<`_AGa z`}l(S9`($gRL}TtuKS|nOqf3-FOz5GeaSo<8TZP|=s9`+>3k+E*v0%G@)nN2ATKj^ zl;aomd08DBnf_Cs(n6nC_?kW}*v0&HeO`6m8~QN3Y2TQ!<~8+w_Ko@5_Kop-*8jS? z59}M0f7!Qk{E2;gg9G-B>1Xz>9Dixw-c-j{Mqk?p=B)Ht$2azkSyt~*wKrW`08C;unv*ui+b{GaO2MurLUmt$59I6hH+7VKg&N&e5Qk4=p0 z{o50#(UVe*$A zE`OElvX$u(@-sP7{-wPvvKF zto+OAdz}1Cek(tVljUFD_!Rk>o+>|cRDSg#FA|Khpfu@-ul}er9jTKg#$``RPeczc;xa8=1T%KjXLMAMNHRI62f<2`}<4`-5QS6^uId60vdYO%pf12~yTDp$>%+{5Ey6cS9 zhXs3>j?-s`b&uDFF?(6CZl?1m=)-81K1>-^9A^uY*>aWRjpUl;{Eh7oGj=fA#6Fkv z+v+#l{C4^=XTgG%IqJ4|Us&v*o?%DzbIm8}8TM3Pj`vnSPu;%ine8VBqXXrb&qL&3 z(JTkU;rcAFZZD{-#{Tk>0-_={7clnWU*>mvg(Ivek!m+~l+P(+-`d6f31K*qY9_)Lr z|MoTH760G+zE^Sa<$Y&8UQYAucYSZ3x5&5s2m8kQ?@*rg{nxtcH}JiQ@5R2KE3f5i z@mI{f@B4G#@88!B*~Z*%zRRz@IWYXc-_JYcEbnKo z?@Ju)yTAG)eE-7tf9-pWxs!aCU%%rI_5F$YZ~K-FEogB6&NqLN?@N4_ear8oeft`6 zxw*lwKl<+xBWlp8|!pMe_|N1z4eWAWj|1bL9`u(rBLf_qgpzk{i^?l_( z=o?n@648bFe(1md<@;0LgTLP1`M&QL<_5pM_TNABc<|9?-~PIY^erFbgZnVpcM-pl z4)*=*Kj<6l`^iFmm(Z`u_c9ChUBu(X*N_#=4SucUzkg`GgZrE4J50^sdIx_Uuewm* zWxwzHKlyb$*f-U8gCFR-)KXVUlaZJ|7jm` zeNR_2`0HYDA0{uLblk-od@JGg&G zS?4jn)9=??&d>DiYe<{9!LPIY_y5;kmVchf^!@ch>pfR}`F+0cau3SBgZprixxugU z_z(3R+=pD>D;HYtCF-y8eVy;J?{dB;eb;QrOXlA8U49L4V7gq-|Mz=et~d6Vko)x= z{Pk2eTgLYaz6bkm`faB$WGxfxl#{+D@P{7vgTI~%ecxVaAEv0E;Jx8@6O+L z3Pb8mY*9}7+J-;WcW@sP3tir?*}=!zVBZ~`SGFkkVehh$`}V)-Tj)Dwp}xCmwzu#7 zeEYv|`wrf>pPD$Lob>fe{+}Md@f!Xqw!U@Wm4{>1U+g>g?f=TZ?s%Q=w_ihcv|m5* zeXQ>zecwOg|M~mFqfdVK_qK!HP+R_b9O|Dc>l=N0s*jCT|A_A=d=K_L_Pb+4Hd42> z?*n`%zU!Sd`1j1t^t;E!ExY);g@B2_v;1G2oeR87Rr|-+%p5kQQc;RBB7``K=z<}n z$R(GQOQYOUbQC2@<5o#YrRY9UC>2T3)fBnBr4&i1CaGLYE=8pO_nEbxGwYoHdA;x3 z`uLuG&aR+!jhR0Sn|pw@y{Fz^YMkv{(m`4`qBEO(OHR3b^B*VLv&cm$t2Oq90NM* ziqMJC&Lu?=*oF=%AwSxZU%0~QoQjR*jr{myXK|i;|L-6834eP28vpVl{@?blbB?2P zB92kfCaF%bQuc58f8|`D+={1)Xb-urJtWYn=joItzxG#Qrx9XH+bVuC`zpY{J3nz_ zZItm2dfKl_|0jK4CGtrXN?FLcLkbG_e?{qPe;upAN0*Dxt?uc{G5@c+NpwdPp5jzz0hj`++t^A43$QJQ&*5Y6byEp@&S||RYq37%>3)s>7T67{tK)(b zxagh^RiUu%s=~T-QoJTCzn#@4Pkm?zs_WJxgBZ5fAgL2uKVI!8CEjt;&};KCn<8|( zdAjb@|DSZ@=pI)x8}D`K-3kd$H!cBkUOb6yCcFW2z>hbbC|JG;`hy0Z?tA#Jg7u)~ zFf=1;b@yUF1ch~X71B*I&}f6MUcYmWWqlWJ2GyP9bk||q3}xwXLNK=}*CrmDk+NOW z$c{H;JXe8?v2!_(y?Av@dlvarce&FoJg!aBc@&;|XgiCeJHpeIHQKY$%=L6XcDnVj zX%e3!jk|cwT;|%P{h7{18hE;&I^F+eKEmtZ_zuQwdyw@%S=+nN)BW7(7GD25QoJd2 zU-xu1-X@;zntu>)8eKkyn}5Dtj9yE))YJXS>0XXallUAdUPEWa$3gRT+vDF6x`4Ka z^-lL{Y?{R9NV-vUYLNb#KFeINS-U`-9URg-w(A97#8YZbeUbEdCQ_ zY>%WHWiFWO>Ar$L-KLq(R&}>#luYLSRLbct`wzMabT2MK_Y+U|mw%wk>x$%K5BdGs zI`p=~K2LX#(>;z#C=b=)44BFQK<7DTl;{8G1)4zfRBV0;$n@$C~K%!9BEhe>cZsE))^okd;Q z>N;fN0ld2Y{@Lg z*TCuojj&0&m~9Mvtvs~+_~I9mk1+~|n@K(K?*nH^K z>v?0E@KJfjA)bVq`YE^wRQIscU5ITtY=JbCxr8;1?S}V5gn0ZlWOg!k6W!6A z4~b^1lc1}q7?pG^91q&wbMfQP5@q=j1-~8GQqBI1N-(4}x;J{d)yOBhxuCk`tZuj= zwu?b^C4cNxBOJuhtiKJf-JR3f;Fo-MQph z3?F;C-6cSD4`K^3`6>e?!Po6xNH^J>IVrl@{%hjj5;}m!o0-R>I~-dA9)|lsbW>6K z%+o@=JIdC-wx?7JUX{dHQPb1-KM%7&%dx)Q8Ga4hyWp2&yd`6J^3!B9X)*i1g-xJw zQ6!Rr{n-8jNk_>734KK=`qgah{{45YTsQ8gP2GrYRGdjC;$H*mf$Da(yMn8+#bFo> zgw1X7X=QcWyW{|X`nfyOn*<`1e-(Pu*= zXaJ>Z(Pz}Q$9unPH*&lZSF|;2MO;&(Hm|u1|6AZeP~Fu|_smmi3(x_Y10T^h8>tUD z&N7W{I~QGE0hif%opEA4SIy3uy5 z-+Q|I@&6mb<+HkzobFNBjsr<$*dD1rj-xAM!f3{uGQs~+xCb=eq}>-BOC6sI?cicq zGn6%$Va#PKgv{Ij>Vc%DY`ZrF%2c#8$$3jL!e7D%B0Kj z?*vzZ>b7&beX!+$q}$ofs+zqHsjl|xDRcuWUv(4s-vjr7>UMX!Q?X44NiVZKl5VUk zWshzN>uz4he-Z2i)$QYS%S5S9xC9zOJ=)}0`ZI~uw6*o5{c@r^uS7wYf0;A`|5sox zsP0=%cOka-K+=cNBe$y*x(Tlwmf`<5G^>==UEy?pJA?iY&aKS#9y$%=d^l*^)sA~@ zyt0-q=WX&j*3mUs{?>Lik9-mSrrDY@(y{R0{JVBFgm#ri=S_69UA<5KrLY$Cxcgb1 z%z1id71|7(3(~H7pKr@^GFnou(yk<9st@fPT@A4<{+;1EV0R|Ihn%jAWADU19>#)y zp3ZgSJiQ)8`!fIZbf@C~EKGwOrz_78kuvLPFJYG?>uJ8O#41U36X^cx>B>5t=)UIZ zuJCl<`!99V=;kmE*0h9t%iv!i)h_kKWm{5s12#SHWBs_Mkx$$Cx9r;ra?>M+jpTD> z8&tz~F0_Qkpc-;~y9$ky<)%|rPqzpD17R@8;fXHYsifkgvE2(Ymzos?#&4o2NzNNd zY4jR-$M*pKFTxuTVZZ3r5J$rP7282Lrm9^_Ni?=?XFhGm+{pjs#dQikm7yl+@%FJg zK|5@nAr4nVCO-PY+|xs5jcbQ`UZ>H0#*1$N{=?y6(D*pbB;~Bdwh4ZLa?GJB5UU*P zyIeD4gBZ7YI>oDT98d;SXR*_%jqQAB1`=B>`Xb{Hg;sBXuP5}O>OCXFk~weci$U0db5N|`r66;NHWN(x$I zyAt}qHQ_SDu3yPM(oKv1Hm^g^a8@;&TvjbZ+-_Mv;FiJPjHj z)h8)fjqN*-^e5ZoI_jT?IF@tW|9{6l91ZWdHNNm!SzU%+l7d^L0l8G1{qlUR)QxJ& zHvhQMm3gL?XG#1^LmAL`FSlAj1#HzoQf;<=d8)SRCedAou3oP--g7-&h9Hvut9Tpa z+UrybUBlc`bsM197@B#yT+$^4mtpG+lDe}kDqhu%jo==Yrz`8ny~xuCv>bX_so(~u zDSzhu2i-WjP0`iz)p8i>=?-wZ|4Y3k(Cy{v$~yY(Xx{1R(p5OX2!!r(0W_zbaQG^4&Q~QFfcJ`zZ4nboD&t>(LEgiEcVk<{B?kLP<|hqr2MEkI-ZoY)XogJ^U)^b1fUi5ZkZx=$a|uuPD*Ok)5K!Igtz2fF z{TTMAK<3%LZo-wX#vA2ge@xkI`A#PfUwLW11=T&n={Bg#yb|~dN5j`Unkttu$7DVw zZM4Mcc3nZ{0TXF|(WiKB+S8SCc!WGpf$H{hx>^qJvro!F=3RQ--s{Fq`SpgbtaWMo zT|pkcveA6+=}Om5%Cz5O&S8xlDnLCh6gkc9yk%0Mc9wdYeh=N!Hm|9H|JlIT8|KIR ztlbyzm3f)en{6-f$M0pD*mE|&e4pWYJ1<_ow$AXCapo(~a!5H{zH-TY0KdUcuy+Gv zG(G?$<-4wZ!FBK0G@hGAS5xD9+-C*8jwXNH_q*Mh!&kZRc~s_&Amu90Fp1`VK8O*W zPFbFmt$(@CvmE$3mHhaMQJ4Yo8$+RE0iC()Cn^&}s5Io;F!4gUl17wB;x?R1Z+ z&$yXr*t&qE9&GPm+??h* zU?a6ZrJiJ6DEj7f66a-g_4#Xw_f+hXDzPmpUhT)@Gbv|uwchv|3R4&AgO%QQ0`3ebh2qXm! zSj(Wouy-zFv=A(h#;sD&G{kDNpxy{KvyYP+cxX zl7hFf@w)y@;x+rGG!12W(}Mkrmamyl+d(&K-OZ1Z??UDmpt>L0eZe4XL*NOxALJb2 zH3gY|Ylv%Savw(Smn7fBj;@{;@>*(M6>WGObiQs`{73<>ST<`w(l>02D&PEmc7ZV` zl*{UF!keED_FEPIv!E7eISjKQ292?4YRd20 zALuzDTP@%CLatx5Uo8h-H*0u>tZ56XTh{4biH+B|X43U+i)s&A4oP(1D|BA)3RlDH zTJv=)I^F-}yhx+lxSY)>KY6{Y;nl2$*RAIFhrMk1hQGzO4P?wIYmJ%oE^VFsQTHdW znKZ{Y;+Z?p<85#I(|}j|$ZL4aDYT*EA-#$^T4&qSq_uWDyr2T>j{JYA#jJy(tD*7Q z5P9{6ytX1=H_W(;6v(R~_CoO(>xFFndatnBjtO+U8U2X1hp5(1Ir3D4nxOGs?sRX! zb{j|<6Dzvj^>eVXWwc8#-UslX2gf$e>JD;YIVIapx8eUA>;sMWHTi{dIIcP4H;^RfmDE#;KE0@R8l&txqpRgmiG0Z;FNZbsTc>8@{RaOZVJoQapkh{cAGT1-%`HjW_xw{Q$a} zj>W$$lmj_^r5y6CZuksrXM^7lB*@?0i>n^{FNH@y;~MVbYH$hb4sbJE2lKC|{pZ z{dn=##J@fa0oDE8{+~hgQtBOAKqI)nA!SHECg)YBSF`cf#6Px?doog3F1>{RYw#XK zu*t47`Tt2d-(lMZzky%pt47fd&}oOWw#!5K6uXT61T;Q*UWt@>zHT7)1Pq6It(k9i zwehv_`ag*;@h$hpJ>AFfp9UX;>R#n^yQ9+|hQknOeh&9d>ssBt?zmS|Pc_j^r@6oD z>AsHt64(x^D{Yt*3~xif2h-qDSl0mU3$1RdoxT4o^`BXH`hj^q*90wx_4sdx6E4r{ z>il9lwmI-Iybr!^vVB3__>YWVJ>5uK#tzUBG~VLwy7eBm6|f1u1o_JEsg#A(|MHrJ zbbsc!Jl(SGsBgFzRJWPa-QJ$@Csgdfxdu5yD2HKIcVqqR`lggaY6tTc&Rs2s>G;15 ze@i|Jm7+HboNkGZjMbnKh4Gtj5oE5dp4f#llaesH$ZjkNW-Px&g#TD z0`1^pkaZnBzgj(Q*WabyjP~Bs!Tu{3^V-six&A`{~{kQEGj}2&t_{Sq5)6LTzh5tkFA*gPB z)$M^Uw1Z~g>sG;A&O6mL#X@GNuZ#Z!un|<3UnK=AdUF24Uf2eHz3muZP&Za0WG0@T zEeB~2mtDg%VW7G~_d44i zT9qr<9+JHL;(bqdHvaFx4$yeD-a1~(eQy{7{lG8Z&8~dqJZ{9n#f}Y`b)N1F{NIG1 zL3Op>IuhG8Fa-L6ulsx`+wX{O`nZtU?dgu9l4g*nsCwIn{omHxeFb%+Cx*dpNS=nfk10;x6X?J~}-E-(~sfQ7Z~c^qYYv|~a+-S|l%Q_a&|hW`er(l@Jne8}n^ zz*eju&y~PQu=iY!>wMeqBnKAMO`O6#JWp5J*+BA)0*zPKeUH@68a|Wle>45gsUf}( zCtD6LqxT+E?4Q*g=Hk7Y>qB1{2gAT`XA4g$*v{l0W*)lH%%O760{_|rXv3iKYCD_E zH75y6;ceJV-#?jgMhVKdR$Z&Rtq$!QtvD}3nc(Txzmal)uR(SBRZ{TXK*j)Y{2X>n^?<)GI^{ELbpjoLyW@UaZyIm1Mu_j+ z$(F+n_>YFKL3Ph|<-2Y$F+zkn-tTPpUdlE35~uq>LEUKWkXete_P^2|x{>cDP+fhm z$&uQ_y@lFC3f(=P?i1+EhGTBY>OSn^yctIcN3VwU2UcO*^NS_ljrJ~t**W$kk zeg=*AX;;2~VT%m4f0SZ7mGfWck==P3gb&KChox$;- zx>q{g^4OvvsT$jVH}94CPxQQy85zy$*2cdsGz8ThmQgZ6OKg(bu)P%gxymkAz8Y@~ z-G$NYxUVDr17HxS?tK|G6MTs6Q;@Wtt*@))pyR$IA8Pt4nmymP;J;h)-j>ykx^k$4 z?Lz1Xt-;rQ*^PH(-BRY4>GMNo8@hVF^}>HBJO~hPk+b?h!_JgmR8dYc>cp>eq zQnq}nQJ8h15vcAXPInBp@$e`-2)^z{7q6CY{GyQQfG#0t(hK;{h1WrKKXkeuV_OB1 zzGUm`YWa5MypZ!Pg>FA|%VoT&5B!7MnU8?#o)pgP3=U!o4QEaa6+qVkM6-7|dwrAZ zP?~Y}R8My>{$pVZsBRCZy8+wx@E80FzV2Q(UYGtMbA98c@H^;Mckz}ULF~{FRCl=3 zeIMHr_!3q^m8x8iYuod9o$Dv1f5<#X-z;RlL^tYm58+?>4)TENzU*`#!S*;Th1WpV z-CyQfFXd2bjay@>z<8gSO^cBE4c*dC_gnn;z)^Q*b-!@Bacnojy>JKk^;Uh8z0S+J zqnyX_mLb#P4CZ-GcRK#B!F!S4F16O7nB@HKMcO^MK0b0ciHxk+4EcNV=iB)s3|ZnGs&R-S8g(cY*54yS7NdPHcPNZ#V$H z?!B%YG~W1SAu|QtXeKM|lH<4l8iVSxWFaXSnP9F7@55_QhI$x6KP++Xa_djhKgfB( zOSsJ{bhY00;vXKxS~I9_Px%F1xo>m^c1d#INbb?g*SU+XCOwbS=x+0L>yYn!XyoY* zbGjdoW<3+WgRjBAUQ8Nf&$oQtPNB@ZTr}PaV;F}*Ezo$I6w8Ddw8Yi{dcoD;uj}6E z+Jop$4jGf^95NSF&g9Gd7=-_=Fd8CQ%0p+nJ4Zezo5VgFq|TD;l+UclGkNhYA=9?9 zb(EhA@Od9ThX{X*&Xux*aJOOG2ZzD$3v$op^PTAQubjQk95a@Bgp)y!lOd_3pc1xP zAn9DTeml~7(d$f{i|Gh-H8sS)33P!7Mv3nRyEEr@Y-3>p_?p$_WvE?4W->Zj56|H9 z5-flmr}K!_2~Hfx*aq6b`QU4niP?T6|9rnXWLBW7{q$A%_k)q3x*MGC3T$7(cK9BA z-C@Ki$FBDoqTNF#r%JXw&E3Qfr-AA+g_jiEifuGJ0u#X3t>@y^@{IOm9OvmK@t*^4 zgX%VPx|^{50^xf&-`V=QoeJriYeME?Pxlz|RDl?%ZUK;BE@>ke`8>UkNzE@Z-IX3KXKdD5^QRCl-2 zJ#IYh464H!;OkB1jg>5x>^pWVXF@Hpbq%D zQKzf(qS*D6v8Q_>{>`8bsBUi;Z+C3H;3nt~6{=^~DRVtt>EDy+o^W)we6<{IC7

      nO$DIccb?JJml%#?{uHUHUlKR!gg~s+a9EBC22Xt(fu1;Z4dMC zUk+!M{J;zEHfe8$;$qP8ii~h<{t?0jk^B>CVD7A3lb~;OoW< z=_Ut-%$c6<*ZBVk+dy^uINkl&4uhl;4-{+ogbZLs2)P;Q4!bnfIr`;87 z!1gnQCo<+?yZrQQdsyzSUovj5iGTc-khulFR`<;q$(%nI&$@F)0@9oFP{%BjZYcS{IgwtdA{uQLiyw5Kac#{9?oQcU8oOQ-VC871--H5fuvzPbA)%K7W6*BG6En(fwNc3tS^C3sR2-DDBEtvua%`2DxK@_yJ%;$pkN z(`|#^mCzTo+>W;GBxfwPNiY@sa+^fCrO;XD=}gCGHf#aaanJMST=FPuK+qSo?4+oa|^-LO_wvQ+AnGPRau?IuuN-uvS z_FoR;LF=Qm{6d)W{8-Ktv_+6()p_CMIS~_Q@p*u!(-xmD&;wMbuhY2=+ZebHB$i20 zd#)yFA5j+7p7eAc!sj{Y|72F@NvAXFY5D~C3f7@hk3LfBa{0JoCY21C7wH2uJ^c*j z2{S>2es}ronwh2m1V?4uFV%kqk za%?G%O}5&vCSDGilC`qB$CIZL650gZ~#0%*^V_^-FYL!1fxfgbzTj`%i(?`4;#2H;Gr~iSY#?BcFlP^4*XBAvk(g zR<{IxqI)SeNtd%dnuGDnp5bJ z+Wu48^{UZUQ^)sdbl>sfyB7bOVLE7hRjh8#K5U^^IbQJl^(qk}SQauRav2%ola zA835s63WC^bq;j~t)T_T`o2C7xyH4-{Pw&eWKKs{>-$#xr@}^1-AA47Gjmy|g4M7L zq`p%edo0SFuY(=0X?>@d3ogpd#FP1P+-p2z0;htu!}V4-T-1EatPGhAZ@}h()b}8J-la#|t*pN>W#EI3A+y$tcLo0I zq10Ph-BJ=bx((iD9RdbHZ;;RD>HXJ+9F!k#bW_Mg&drv?llaesk3h>|q|=q>eJ^^4 z{sKCH|GB?~v?X6RzM1g`y4nxjhW|ZqKdA19PInEqG)UUY_Qtca>!zY9N&2BJQVvWK zt9tSNhJW~7#zCOETb%AzZ2RD(_b4au*NeJ#%$9?UyV8gc^x|!ce@_?!s@saO2`LEP zXU+z-pbGf$ZgKZXHQw0vka+`LJuh0|-v-))>OSvudt$pDB;~R7&kI`$+3`jS-Noo? z7cdn6sjwGRcb?OIei8Q-U>$q}Ln>w4?~VuUc~PS~?UZ(z{)Ol6>Sf2vwNjKV3 zUk;nOhKR1NOUL$xOeb_T<$lOoBQ$|9#`18E)eX!0w7OxJXNoRj+?h%HsCO@}-t4~t z?g5SK=1|5nSd8s6*a&OEA1Ac>!M6V`{9iS3PoZ0?eztxN;$Lhr;{j0JQBHR|wm;y+ zC9HRVuiO7@d%Vxw>F&$y51Fgc)%Mf||IRQLa`=Dccxf7vf_>ORAMxxGlmuTlFVE^u zz&8``pCL07-DoB&b5Z;|z)SB5h?gTvU4TFUbYa60(9rCztX^0~6i^BspnW~CSJ zwfK*Osi3;AINe{c{RyR((T{_#yQa`MEK2SEfv&cvYWO#Yhe36}bh-_e(;vb$&>7@& zM7rMiJP)a9dy;-O9S)mS=VklD+4#Q>UxVuAMr=8hUcq=6YCsk6Mm}4v z@m_-e6_N*3x4F|Dj_q!k0uO<&yK8jzx*+uy%L$tcJl$vTe*xYA)upSG6nukiEBpm} z!Jl{Rb>%DPmCQR#v9RfhZi!4*w*TUtn@|x{mq)N91x>NFfvce-`0WBLea z3oXIdHDhe~s%|<6n@#BI_@fK{SHoyfT^=dT=q|!0X&Kwa;Oh=~&Gv^s;9C=)G+(w^ zykW*Y^J5$S2O#uGcHFhy>gJq`?F={z{JyX>vBpb=O;t}P7oR539HjY6f50QflEU4w z^#>i3i!pXo*fb))*7I%b9}AN~k1yBe59ImGx3PZ&i@-m=dWGsadUV*_=;^M)e* z)$QnX+k{71u7kme}mc$d}9c^}&fSOtE4e6ohMd~|l8Qx1Pg-{JEEL_W>N z_ki6MbipR6C)=yR*UB4X+e`j+?zpfyg^9D)(^&i`!DP_m=8-H(!Fp^zfu!AR{o|H% zQIfXr`0-)W(9=DHfAAS~0jhhS)6KibnbgtRd1YjO4!J|8ZXg~Fk)eXOj?Je;8 zsU-RPlE1VQNU{GD*a8~YG#6Km)vU`yTWAUXd9}`s`?VjAQK@&L8+E#a@E->&L3KaW z<6Xn?!mBU?{Q4=yWF~XWjC*7pkvu(YYFwC&H~b~zJ2)9sSHAO>l=(bqXY4&-_++0FuAw`(Wczv%O) z(duC{5Z!V%i}?)y4Uh)aGZ9@a-^TcNf~!Dv zf3;GX_pUvFUDD%hWnLAlO$@9X>UpK*o2(HwbG&$;!~YeS2dZ0||DP26iLLksjtxqK zoUd|@iDq<6p>bucuvzWtM)5xnE(Fy*-|6AN=Y-8%bhQ4j#^*Yi z02<$Mt~`Ih_A3;|FV?`n5i|wW?cj7fV~c~Ner)~Y)_T%@ zCd&0@Q)BBZKL_GJ4qgL2?rW`XPW|ur|DZEypDlW3J@@g>3!C$rWRH6SK2O4I(D;_P z_zq(`D$O|!r-EOGd6c1OYP&ZL!=_`C>~S~3zdyA3KC8RK>E>=`TnVG$Hjs7XuH-FO zld^lr-oKRVft;tY7Gd*l%;cw$KeAQ}Pk|oyVtYNvc^}&fSOtEpbBQ&L&Uff&eSe3~ zRygjbY<#sukn?gJwufLABtgpX{z~LsNw6Xc8(|M{2$}Y%{eKG@ zW(ODuy}*xgmn%=L@Aze5Q?6+?-m&=K3r~XTPIvLH!zL-sb|d(@{oQpXzn)r$O>Iy2 zfaKjmS%T{J&ZwE7EVd{}s>Zgc_NlsYbX%aSE4O|ICub5_n?&umSI~BKfrqMb#uoQocG4t zbKUlIx8wgO90t{mhBCsz8Qb_wDoDDJt*>iKA$#6NJA}<*Pq#V#?cfSfT|TNIDUkcG zJ+VuY`>%dGE3BJ9cXJWCeLP)0!XW8?(oLfqZkEZH`7s#1(eM^%e-O92IZd`RH-c+H z&S8B9XfFMr=@d36dODBdBgg#|Tj@^ZI&!qL?H%uW^nQfBpyf8(m79F7qs$J<0HoaH zn5BLvGe=LM)6PaTIa^0Gw`j6bG&QV ztoP!38vhya5`@_=?S)%SlER;2TMt@xVvJrDHouc!`^WFu|10bPjq6wuBCa~WaNdHX z%h}5Jkd>&$oc#3ccvJhw^wnWg^5SeeybAvw&>K|uey2MPo1~Z6&H(>-_ZOPiC%T1A zMNjv0{J(^apt@f;-ILuwxgy*0;Oq83qu}*2+C6N}@pN0_-xj)n>TYwo!?E2BkHJLn zbz@@+_K%4kVbcp;E#GJGp93fC%IY2y$sB&L6x$cD8#aO5f2hZ`LfUxmV%c>Fxv!hL zhVdr4xtXk7AAaMW1xx{r_bR7*-)>@s`7jHX)TaH?ctp2E9jp7woy=v?O4d6JoQVttwaA|K|FY_8{r^(*TKhV`w7XQQ1|;3b)~_eglcez_(A|n| zG~>g(R`<{P@sm*z`(Dx<6Y{6z9R4KIM|wwGThhtIKn1AAZ#_+{FDOu_b=?$3A$ zT`k{(_@A(k=LkV{Cpq2azca6gL$DX5y-q#b>ecIH$IGu)u=jTogTm$sbm=lOsrMh; zyM!^Ix>py=>6hKt*HrM(WoE@?1ZKVI9)viJQH=!RNY zU-@|}{&&J8kme=lLB#52p2wJn{Vnh{bD1ldpy; zcE-OeTm!0mr_&vaP11dA?*U(TzFUvi^B{%pWOTLuAHn}wm=3D@l+*newzVMXJGQ=V z;d+XVU>@%2{*3<~_ybh;4W}#L|9#>it9vTjf2W&S-?@YS%hNpr|MOq~sP3usnWSJR zwgYhDU(6q1ay#x*kym0howL`2O#eEP`<$L`Tl~AjXi(kOPIou9!*KFp=9%E@#y8mO zqON-;5@B;p%j|jE3jeO~1gLJp>B{pCr~l2|3eJN`>lhEMvhh|aZsW~=PHc48oPn

      T|J-n;veup^$DQ5r@C=* zLu}2VGqeN09Nu-~mkNO!4^HJdhgMnL-uRD(381=-o$j?qh0GwB3X`ByAI7r1?B{0U ze--Qp6VHduG*7qP(Zm5mKy|rfNXp#be;NBCcoY1#wa(2Cey85#{EyBEn~k3CH~8;{ zgP^)Rj-1gQQHrvKneYVo8_i^8{EYujD0@s+x4YB*^-RW`*iSi@ zegJ&k-dEW1mOf8oUJjeYrCHrq@m~n1`&*4jDa1j<&fU(q>X^8>ni9?!#nF+{j2p}IF@ zWKFOD+hX_)HiNX^uGN_fE#>?F_|T1>$J5bHy&g90F3ak+KAz8=Kxa_h@lIF1-}D;n zlKQjt+k^HIk?uC$*nAq1r#le;TVVpI?j26|6>Rh1U048qUzkT9rtwNSq|m(?-KfoL zR^tB+v_2uL`;pU)oycc);TGrv>tf97T>tQLRofoqe$_7OIlUlkCZVh6@gDrcWkRMn zXuLEpNr61CR0+GJD*W!(o0fyN-{iuuneFLTCtp2?dAf94l7hRiO@OE25%6{6V{E^s z>twagv|kTwf%mD|6XW) zQdajCryHEiXU^dQs0Gr_^!eDS6>Rxx`%S$cHVa#4+u4iwzXOXvL1ce!lsQE@7wsVfR&)SEUQS$Jb$?z`)(-w{NjxLGuxkOy(O21&GVjafBbKR2S9Z%aJt`Mlk_9o@4?sITSzy(ENnjV zbPwSlDbINfsyol=N`H0|_Nq`3eBGp14pMLN6D9A7rcdaC zT~ZIWet)LzLHh@@g6EOY)%MUE|C?YKsO~RLS3b9YANGe}7Qg$tb6vc8zQxh4?deV> z&vbYhRF|a%Nttz^_pyHjh1Y>ng>+NsUW_ios!aNXJikJWH7(UOu6*mB7BY=s0Cb1u zsG`?vrz7wOgOQ;WLgY>WFEMw&JHTQb! zF>+lrEb2b(#V4PyX^US6kl~z^-y2r9$j{fr$iL8ws~h?H!5yG+z2oAFw&49i*jK;@ zAjhbm72V>+H5vct>ah9P)7^~!4hSk`b<K-;dwB0qa2r{ zJMh0Bo(GM0uhabr+ioa%27MR!b<)+%k7XP%N8()@Hsx7I(Dw5|SA9Uq;OR4ubx>pJ;vInhaCjcHeE)K~p~@k13{-~-Aoo*r9u^&E=Z)GPV(Y?YmlyAq`1ga`Ky`Wa zNmB3}wpZX|cn>7rRMehVoh~jo?oNKq^MUO%`7%E?;QteB1u0HBuUc5$@J?*|LEEil zh_2_kQ1VCR57OW4Keh^E6wtVya&eu3tu{zHpKYnC*>PHaS<+5l#wCSrOLTQU&=mjH z&<9j^rPF-|+e@${}cQQQY~`4>#c6i zU)V~V88XL#9<#)mrY*(M8H-M7IT+GO_(b7c(D;6G@pZ%24@SUHknhKQ{wf>aTsQvL zdQN>CHjfn%-vi{+_gha5{^{_Br}Mkhk^A!BVBZ3M-?59>Qs}(z z9p?dja;nn5fgWe2ObM7^`FQRXV3%|XTffY-e)TwG>9ARYZZzY~x*`5&LtRi^rZSR( z;n?nmiBR}`ZmoW@^QY^Ig)--L?EA3!)r~*Op z{)6CYP~8WdZj+jnD_jK~p+Gq_C^#=m>q7Vvdz zEw=GapbX^tk=_|LD?Hr~@m~oWL3JCt@|EZ54r4ENHv0VT>khfNV1JzWh36hU-7@5< z2sJ=;hdJG5*xEuj=nTH@h;HkTiv@ACG@NWyVdr!sa4$bsX|6{x8D2pt}2zMUDAVWeO)aFZAa1FVe_0=RV7pIJDc_^3sR?;n!nGj9D(xs` zcV^z7b2s*fK--fX|1A3K=}x-|RQocfwEL$Cp>AKTV>0 zQs->HcL;w|H)I-v>MnA+uVRz*Cfj-7>+WSPBeBZ&naKH`{DaRWpsVM>d>ZaP^85{| zn|8X#oMV4Ek!@-4uPbJ(?f>%Y3Edu^?y30KfUcmrI?n$X+gGp^egOYkonme%@#=db z;s>}t%s4~)|61o#1~3g&_dIugjjhMJIxK)WAnyYz(b&fM@>#Y&mHYTo4$(u5$35K& z_4yny)CAS->2w=lYX*`oW$WJulUOC)@Mup(1GgaGO(7P#fC?AW6PIP<3q0*q_=?qnzC( zuFSY*el#UtN9YN9-gB6eGS9c)ihUILnx)4w2MI;YY3OLVjmKvO%mao-4usT}XlIuCx1sHQ3T1>1Vb@wRd^WSI(nY@rdc^#k*7V7%-Fo)!m#? zGC_50^*~Z{w(^|6elA(#mG9M_h)cXg#Ed{!QycudLmagI{9$*7-@&#Fw2s6aKQ3aX zdihtge=F<+%}=wF6glyH+7(DYq|dOL<0Iw`FMmz;UkFV=^Y?N2`(e8UB>()V{XAHd zi}Sz8ukGUw_D_HZLCfVOn?HCC+bbYxK3hEwEfd+!V0UJ`hVFVVuD9|35SD_r-!H6G zj(kt$M(jU;ubDfR>%fT-b8Oelf0_C53qD6*z#I|u_M2PcfF}BZO1NddMhHHI_FAwPB>1@O2H`ogrM+>VHK8!7LVfI)=JXS7Z zZujz+V1H>S0~$wL7sol+8bV|6%Ogg4#7>E1zB5hh>r#BKf}x=G#Uq=Ng7>hkfUn?l z@U_~bCH1A}v#Ag730IECA=>`|EmH?7YX6yH_qA5wvkIZ!(-9_GU zNAb^vdLVMrzdm4fBO|fh2XZgzDLP$wPh*<*k9|shJ>JLJpM=?VtEvlc9am#dEqC7vl&C|UA z|I45!sP0~;`zE#zVJ&BS9*{JVZTCw5e!b9C zkC-l=?j!g=3)4Y$^W5<+!uAnJTFLfEx^W8WdQbN&{C|W)pt|=v-P{=O`i0A&IrzG* zrWJg?Dpez5?(=kyYRElv@>~n5JJ;z}U|%(mG=Tl`9w;eOdq&!y`R9Ahh&q<%iNx;fur+YWz$^ozPSKb2ThwIgP>r*lG6#y?OKR3|Kf(!XAgts`^?UuPF> zJzghb-tms}27IJ{yoIeEXKAYwNdGtmyQF8?`sJs`s>d16jhIh7-I@5$fd!ztRh;ey zY~RBU_zC>a_r=E+>@Q<=BW9zgEAQzz2!}!2_XSqB_)*QcUV+BBzoI=?Bvy%2QWCwL z=#{g7nlkv8htomzE_Qk~u+;(8(_@ycj2|UM&xx4B=tVPs@i`9sMXw&HUYq|yPu6iI zCDA+X>g;ogsu%P0ctlcC@gv12_eCT{&yAQUdb#$`{P@~VyOOm4XBBmL7vCLoD^6TyC<^30WpKw1?QWCw6=(Vzc=Es-k>D~Tc z=#6xXXVLn6hO?9tV{->OW8iL2kFRc&6rPCf5%BxhIQe@MkM{dh+5ap|1IZ@m|6?|P z@DjE;AZb2Z)$!Y%URP7-%6GPEdJF#)ECy|NQ(Ro~{**_J9 zZmL1VEc0})#{W*(0IJKaX-Pq{Iejv$g;gN;B_@MtRye=lI%@Kwi0RcW+aH|Mf_vZ4 z5>)rRjI0UddChLv2SH!(ulEU84t+WArgKPfzO3pVbalQu6#oQ_0o8SFG5J1fo=-j?~2gf;OUO}2fFcC#2hF>_eW26{6Ek&O(W(6`aEq9T5rF4 zx)1&X-6XoTiqJja=}!3vy0K>T%SGr$T4vkX)Biv>jqX)N=pN(gPX7nGiHqqEi_ksU z)1CPbbfe89W?~V#l|0?q|3Ei|?yMqoYkIni{()}11@pinbnAP%i~oVHX&EtJp{uD0 zdM)8n(Cf{Qc4t`L7upfK_BUdVlYg6+|7!O4g5F+!9>0+k9)#_7@bjn0f4GSJ2`~TN zBjk@>5;0|ZWUs^bk?%2h0<_;e)^@?c5^SqL(l>1V`-Xa5(s6IJRm4>FbbrQw7wiSq zWocScQ05Zmb0Fz-wng>xs+&T$5xSZx<6jSM1Rd}9uu?hl9OHWIJ3!|26`0>joC}%D zrZ0<_wqAVYT5&%b@<8Jo>*Cvs?N2!AQl52yv5k2C_GPZ^bbm%y(?a||fF+>yIM(V$zQFbkNIkA9Z@=py)-hs^>Y2T+ zZDxP*);xC)8rR(}uE(*x0E=Kg+;I`*PrH#aEJG#8R>mXa2tCE;OJeBixOo-+-@#v? zy4+fq`VHP_L(H%aR)Ug7B`2vtFKS<1}lw!+p4BwfSS zfBssuC271#K9oG((;a~S2pA8l%PC|ix?n|HzVj81ZpXO{T{kjcsTMLZ>ZhJ7hy3wg zJYpV4SJPu?oI;)oAdyiGX0vn%wDYIf=AUD|SZDOgFN%Lqg&cUXsKEJDm zJwp3)0xmNCjG_CEcbpCJZvxFgb#?uq4Ym#-sS8_a->E1X(QG@^<4mEu!aL4x_+JZs zK-=Mo@*i-V@;>jIuoqZ=zBXdMDI%_6_-R~~ZT{eYiVNNCMZ`7Qi>vC9;<}E0ll9WkY^$?7h{|1($(dc1C(Aou~>R*>`yTd809 zJo~Ql*?M@9-BQ2NJ`qzHT}^xOmwGq|S`TsWcuTe~SPx0^U*yGg0{bgK6f~}(?s#is zs|S+KXDi1m@6VfcdNwX?cX1XW+j(&{!T(Zd57La~Jh;Q^=Jdvv2X}(>`Px@c8q4wZ zin#GL~ zGansocOT&M39JT6|A1`^?1r7-Yt7|YB|fc(G`dSY-2?cS?#OrJg6j6qL}h|r zop=rho`i=$o|DSqToApq`<$=p#%|_3Ls#cVKj41=PUxJ~4cWsD+Fsk&YLH^_8_JHK)O!m)%1zvt` zWk?EthHV3A`H3+$G-9H0+MWDC`icE#cj3DOLCb4^JFZi&q<@AhpasnD%l%L$^HN?@ z-S|t^^(Kq|?GbZ%Jlp;z;{OD^0IFL}{zLkA`F!Xq>_5S`;J3e&t6#m3lo-x>RXmd~ z^Wzu%_d%#@w*57=yK~B8s|sg>mYKxbNd{CSBIZ%9!J5v)rx9EV+KyX09eLkR5A3}` z%T9ELpc6;u)_C?f2jVjd?gl;1&Q>Rwfo&d0`hcy!t}J?z^f;4uM9jE&#x?Upp1WU3 zp3gzs#r1Y~=DGU~*flmWr^)|l+&ail&A-XZKhW+jGJo{WhU#>>wY4^I!-)W4jb{`0l$Ijew0x%LCLH6 z{3u8|jcrl78gF7$#QYY|>Q=_T2Gj=C{UW2p=e3UGJjE{Q61GRuO`{v`mDO#Je;oRN z>N1>@6pY9AC`fvm?U8iNn20&i)0NM)PbbezP~BfLO1z$!ed|Gze6HO;pS4YBImFPd zUWD#zp6+i}Dx>?~eqKI-ZXSV*45Pz%L;2%6uem8U4~&+rMdh zkoWyvgRWjz|HMDsjpva;`;7xuw|H4>m7oS_8RVVDy=yN#RSlukw}^ShT~zY;ot|J>9?U)izf<+-+hO+G-sg08lE zd4J9T@(cuRPj@?Ad4JAr*d@vPbGldh|MMSRe~(U#n9#K@ST-ZcHxBLvEw_8DRQO?R zPlFz_JObmvUoRSlmb3}&hmw;crm3eZ>qSe*vkX*M)=@}-t{2H4|LOjE z8r>_3(EZHQ-TDu7qmMEU^2+lo^uC4fAxvB{zTfHUV=K13P@q1@Kf=p@Q1bO+&JS82 zdt7~-jI9Dx0@aYRGvkf&ZXW8l5ycA9_0V$bUXu1bRG&-SITTb_r-K zQV)iOhcC#l?V=6)yTh%Z^;b!RsJ}Vb-hr=RCHUj8<%QN`;!`+JJ>5O{AB1DB&FZ#s zx@TiMAKF4o@YiK?&o8*n6P+3{dpzB1@b3!)K;!M|bjxFyi2W&e6nx$JuHV;ooI>~9 z>oUig`7s;+cOZOSwq9Sbx;eA4Er2y3=h=;o?0GgTm+#enGGgXt|WuO+|sXG7UP z5}pJtry4eYu;f(UdxQNT>;dV|WZW;YY;oti_GigwBIXdfdL2Kh56@G>6`;EESq)M! z1KT`U1~y`!)TAf3d#IK|$o?c*k4a{O_qak9~f* z<~Xiirz6}18sAGUKAD#-!TuwB1I=$_&DhP$^1iY0>E|z_FEB3hbdT-F znm?Qds=L(bo{OysNNUN}FHb2`NuoPlTxRe*m8aVl|7&12sP1N`+rK~8XLt%GgRh(F zVn6qw@g`s7IRJDut;hd+_z|@I{A6{*zhe6nv@9i0j6!*Nqj@jn9sl zFFoCX49L*#;#rmiU&s*d3E99_9pgK=G9eJN>b?kM)*ICn?XANG7nDXf8 zc^$*&5@-*SUE*12buynriDSPW{@>?N3LPgenlk5j@#T@{Hb{WR_r8lyK4&@!`xMYN zBXyiWGltG(p3XD)yb9lg>TGs8<8EO62xf!yqw*ek(MeuOKRP#J`k|xOrEl=r33V9U z>2aQ0EK{DrLTpQ5C;SMa)yj?U+bpr?#SG3hX@9AC%y+%`Y7OKwu+RYXym-{=hC5>G z3UZ9{ETE+L>pYk3tP^h{zWeT6l~K$>oAjlKJCfN{|ftMJUHLWzs=?U5Zg-7 zGM4;F@*ni_uVMcN_!jj4-|zCD%s6}-cK`o3Z$wPVzS(m9mHlQA&r^byYYF-$Qm`D` z8u%TygUoT_wQL>5ZYfx<@db=iJ>6P2F$RI*pt{4I?&*2V?VuyHhAKDn`Qi~)w@S%E zpWk|$c`mw|#^OH-o&#-9Yprh1GHk2iThKC-_B2twG*GiaQ5JAd&5pM{y8@@uLZ4-)40Zw!ut7ajZKU( z@?YoWKc0N2Kuyr&i`)D;*JA4rH-pxx9N#XE@Be5!6Zom7_JN;%%@UPDsF0zktf3N- zks=j^N+^axAu2^kO-YMH6iSw%q!LAC4U?_KQYwkUw7hMSQV7xi`^-I0^EAfK>*aqw zpKo_M^PKPR+;h*p_uOUfO}@qbS;jMfnET*yP>+8;VMwm`eMJ6J(7K4{dX9-)x}=+F zJl_)Y6YPCc&hv_|PY?2va4$&T&}aY7p^Y-LO1e*sXA&_l!Yt7GM1z$(B=0%?hWxEy z=d0E!+#mZk=aKN}b|BP){SZ_K?N@b!FQYe-*AwoB{$S^=#=2k}xobP{PDxk!np}T) zn)n&82Gr}H3m9$GlkF>XgU+y&ZA&|UY!x4v>klJozQlVaU3I)#-%-R*fT^I~SA2cH zAa4znxS2L)D&y%?jo|w0@VkQbVJJ@7ZYAF@>FVIsvKpoKb{50@}Wc+ar`8R@X z&qrCliP#aa=kIWx#CZAPFObzsHoH{=Pf-Q(beX0o_Za1LKX?G&)rJ9} z?OZ!37d`n_&bz}6a5c2LmGeJ6g7)1wJlNi>qL8$6{KJy&1H3^K@Qyy>mqUZwa^At- zTjh4PV{jE*0(N{-?cCk(M@-Hy>AH5}5BT&U@fkR0mRHzdzVIJgh@k%H}CgIQPI zr=0J`qs#Y9Vwyn<(E2s<^}CLy8-Z*mFuo0|H)K>RQ8bKhM3y88Mp z>(BX3xcE-4>(YL$rUvus-VD3c%98H5&e=bi{ioLe?%9CHK<9II>FigbugUucwu1Iw zsna^J-){B~#^_u1p+G*33wC%!SX zl5*t8`r5#I`;j*YM!+z5_mJFiWmmTC;+^ti;Ek;>$yhjW%D)pN9`+oZYtI&eH#CU6 z5ikMl_GIJz)Zm+vt{EO}PkArPTH-c=*6$u)KY1@pXbAHRrNJ(nRNnSCf%ghizXOOr z3~GWd?SlYu)G_c zvHSKVy@~Cpso&*vgzMmb(E63+_=FUa=g%B}5BGF|-M*}5>=oNm(!GF3*SkK%JOHnO z*6)hI6Rk3g?H`;6XMnudea;y{{YElQmF27V(YUQ8-FwE{gZSHFAgFh=_l_cOEKGq( zVDHDS&^TBJ^?XDE?-!;$UnBl)_!!jtg!firz;-yC1jmEi?=|4~puY9S?tY#ry^Y^> zU6<=e=MsMj3<34N=Dj<~D}5hh5;z2Ua2(USVc>n2mz_#G=z5v?k@Ka-EAKnGfim4d zz4N?RuAlZJUy{5h#-48zrzG{pf8zHM#(OvA9)PjNyU=^({`}eGFMzN4-0sladRg1I zuX`!!|Oz!uQ@e&xNThqDcVYH$eH`lj>Nrxf1F#(Ny`4WKQkcb)gXPTp)- z4=Z3K&tcfsC}`htd+y%8@n5-CVY~<4&;3zw3aGcjUfCv%_9U+#jD&l@?lsXPGoB9C{9Vb zer52UVZ8N-kHh((-YMQYk-RDJHoOM1PuJgB5BBSqdSgW)*A}m)&xrpTR)HQjy%Ttg z_?|*~+7=-Kc_#r4Cn$8bB;^emgb;vv}W#5*>bHDLiOH6kd z2EfEU2=Zxo5V!nn|p!2gY*P}@#%RNXvK^$cmlWl*$go{N& zZni0ZAm3Mm8ldHm4aygtNZ#q7^CHq1&y8JMp#0gUeD&hW^W2nZ7cm9t0?J(s3D9;p zH7FmF=c@G}|8~$iNPA}J-zhwC<9Y0Ho+D1&U7+)ErLV^ed^Z!+A%8hT`AaCT`|tZG zHy$Q|_P23C`RD@jmVl(?Ol3PJ*PrVh66_a~*iZ($qg{JrewPo5`S z<{`%BAp6IqevGwQ=8x^oaN{|Qm?Pm>(D_>scuK~}YYcWhh?fqzX{LO0zP}LKfR_Kv zx6hU2bphKxDatQ5<$Lgb5*`7akClEt&hd0V0MWAu5DafZCtOP+U7 z@xOg>n)0prz8zd{%3tTpj~U84 zDf7xFD8I(cR}a4L15bd?*C0P%^4!G(A7>m1^4!IChvvp*8z0zxzS6w(;YU-iD=Bjw z+zh%Mm=$NuVmL)>&w&yU_ywpI`~FV7RB zkEHO_H=a+4`4UzbkJ~3(KD2#*-V;NI%WIFoQ}FjE zNy=YOdF`M3Qtl9_3fkWDgYwY}JFvXS?+?Aews$K(4wmP-vI}>ySjdgTtJ}**i60Le zK)pYC?~^I6gTY)#L#RFH4p^V0e}=x@eL2RfhTJD+ek(o6F$$al+Wyt{4cbk{AJ>xK z1GJAyyVV$1UUySkeC zH72GxTn1Xdg9A_YdEI@;9}Yvnu47aEc@AyQ4BmmJeoqp=0JefI@0z}T1IFWo$so=Y zCs(8oCBG(;?c69+zb}Yc4_iR%ccHJ}0ngC?p)MQ?cKWAD4Q?DL;ejmHsgJf_;=ttQ17eWJ90Ap4L*UnAnRYFo>;QR=MT_*o%$i1BVGekVkp&v{Sr z-pb@14#&gMVB4W(-uNJe_h`K3vsI$M65j;Q2d(ez-Yf49oJ9UhAny;9{kXobVh8&s zsjog)+cjZ3Wa|3?WtPGBpx(LOE9YBlPGKJp^}zP`33p;Dg4+#3h4)UTeaL)$p1-3sV@|PRlk$80+TABEoP#e_S z)O+Rkh~3G*6K(_he(33bd!qOCq|ObwnZ|oB@lV5SP;VFSJ@G}3YvFuo1~OjU{z1?W z7W?+y^_;sFA+F8l>U%5k{ooN$?i}K<@W7C{(O9^kgI6C%ZT3u z--CKj3_43x&R3V85!AU7(?Y+e)cz3T_d!SE)p69J#GekmK)q*I%FceY-b>62^oJf$ z`&>?5U&1j@6}Bln*V(QYu}ebkWW1WD5&s&@1Kn?(AAA{_UWeaSlK&0Zb>iryY?tv& z#G~7$;b}o4P9G8sXLcaXaf}A9$W}>g7*oy)Tic=~X`4d6oH ztQmZn{rzG$@_U19fAn6OiZ!?f$itN$GWC0yn6dByX#E-lo~T^k|DF8(U*~>Wu8$)X2Txp|+oIxei#84jbzn;$DuNcMS2* zz>A>XqkVlpC2s|6gN5&?`^L2zymNC8nM1?tj#^FhfoiGJzfgNMYqxc7x1Su148a8ygJUfi}5cpoEvB0LZ39qGMpF5?!ERDr48Z(FbIXA<{?+<_cRXn#;|Wy-0SVWFhx-|?oo zPo_RzP1obQ32p)H=VgO0i{{qn93=U+pC`CBf1W8ngzxW%2Tgf4v670eIho^_yz)uT ze_cm;?Kdy-{hP1^biO(U<)iiIaXlJZ!8tGrv5cvutrCNRextwlijNGrNyd9K@wY)A zQ16r8JC!_1uP~i1pJO?1%J&=fx(B(QW4vkN=fgr!@6@c#MOTuy79?$CYU``ZSG@_m ztBiLG@xQ{sALP6rdGDR%4S{Fj3CM6f9A6N$!(jF~;uf#0KWQE+w+*kRkBDCa8$kDC z+xc=IhG2C+Wd8FmYt=7u@kcn%esgaBeLXP);6>2+K0Ej$(Z*|u`-taV zLIu$NBK6wt>o<|QNxx2yq5t63B){7^nKGw=_CHoxNkxTzx8oiSxlWXiWkWdLrrZV4 z4zylJ1m8tBz3SCsVfsH*NR9tNrpl;upZDpx(CL zTec3zGvt^3m~AQ8?e9qM)#V(2oPLQ{x4#vMKMqEMdLQ%NmGc>!Lj^XlVd!yjuDIgea=cCn{9-)Ox3h#w9Qf_m#RU!>>^@@9dgIZT_xa{XPFktFfT^2y*`g}0Oh zlRhSX8Eggheh_?>y`S>zPq;@BE&;pT+bs>+cRYVqyvb)muKX>z?O8A42f%Zn-tWEl z$VJYTSjaha*c+_3lOGSPqL6G?V-rK}2;)7I_!iI^)LY57!&vgBz#MoJ?D6>=e|#=p zsc(Ez$enJy%ZOhKB^Kqp$9Zpk^3I0KpcPneMSg4~?W^A8vz({EtL@v3_`Wb2w7w0! zSB}T#lfN34gT2S6llKlKHru|Fxh`tFKM`MUF~6Av^5fz;QrGRpjS{4((B?=ccDa(sqY*NbYOF)n~} zK)w3>?q|rG2D4!nY-ixuwqfAC$M>`HjN`KHFg@hbroPK09*T%l?>(}iVZB&E-nX## z=X?j%nsR?QD|wo+;w!#=b=)aG#@JxIJ#m~znG2;XGPz%lS87O#K0%(Ou}p6z&+g|t z)eN@RyS%T`E_ijj^EPEZhE6KgG?j(LBOab*?>b-53@w*%t0)4@5&tBm?vMfIxPbT>BNH4saW)lAq>;T=ryc>8! zzbt3W|0U}NWZ1vV;oauq+RVN?IWOdf7!N;Rblr)&8Km{3Jv&H6*$?m&xLwBx?avBehusZ^)iH%lzqQ+ zt*J{ko(NcXD{N1!1J)Hy#jA&@;DwE{58KD0J}~u(c#k#S@sxW9mKg74S(A&({gBl&oEwBQVO%Hn<5vgEW2Rr9 z)tg+%^(DL&gR-tY@jc)L(E95BbIb~kUEyn32=A`q{<2KqO%4v$J3W8pcwhHGyqYSl zy0NS3Vf>{q;Lf+MI14w&rYr!^xL|Oh;IOAf_fRAONurnuQf<&$Fxk0 za~zD7w^#CG9Q;?_5o{l0Y=^(bTQ3{!+!e%M3pav#PY=F}-a_7;An9(VwPL~ZpVl3m z^Y#jJAAr9V6lw*GC>#F3u^^ajcA|YRM zU7Kr~Z6%mAi}(*<0jO8Up-ahI4U#r8El>OQI-b5`ywe$wuxoO$OvoLISNqlX#D`aN zpE9V|pJ$AA9Kn5dX@%9P6ipqO(ZzO*x z^Z~ma+3fp+Y@f2@oRuMWrK#^j#EbWFrdr?e-aDPVG)Ve@X`%YcbC9`Zg&z!uTyNuD zLi}o259)m}YjV+J{=+s0B%Q@n`mg?eCTNA7JH;#gA-$UOV0dE^OgfMF%b)|OcV6&S z^cnJ|fuvbXw=qtC_kv)(P_L{PV+l#E;ku@2-?_vuhR;F0KY8!ZWwITO5-cmtXcQo;*LITuVKB!`J@#~yJCI1ze3Np@V#Yr+bc53VQ!@B)) z>)HMr?=s@QfpTke-h;gNQu3~WesBv|?}R*WW&`&Ln06RP`~-Low7wm^cP)9EzU8y+ zXWG6xE=zwCa=#kyR^pFa$Jh+iJJowrodVf~BC|?cTeY zydOc*4yJlv&?~Xr_Ceb>wJGGP8gJ2ho=FA=fO_>gq1TXi6AXnr!Cp@+@B4##lbb`X z4qi?2e27t$NrCPk;=z}pKYKnz3}+h8N7|`~pG5iR;02I5JP>*Zo}yXg>HgYn3AyI{ z{Y3DcdzbH)K?ZcbE(yMij^Ds>IeZSEz$?{Rhd8K}WxLVuPv7N_v8!>h?IG8}wAW_h zyvjjNNUS;IQzawaSu1!)1iDV>wD@Ku4kI|N)X=_?gVYG!x#&bLi5R6 z1{*>8ctzG7sp~nZJBTT}k!1>6zv}`|bO3q7LDCycNABQwd3>&qh;yi~ zUpyRkpWxN)@*Lt9!e^k~=e+j^@_q$LCB7}(ul0I%A`*6+O?{)pSA`m&-j&|lm%O3y z3_J;PEoL;1b1t^N$x>mrFC9a>&fCO)0!u)>*@k6*D(~a`h5VvTj05;=*Td$t zsrAP92)mn&cVEg>fvTY1va-PN%6%7&$!`u{*57^n*E`Rf!F!MK%C(*Ll)J)s^*H7h z@+95Hl*=W%)wfpOdKlj`?7HopTW)tz<{lUhTHgzOeMgZu79>q#YRCK129k6;m%=;V z)OQN;Z^2wpZ+q`8{T;`Ma4;MIx{iu(a$Y;cdHCbEcsZStO~(`84*G(6@AKYMHuIbm zNJ3Ybu!-^Hx}ZNS^~Z@f_I2(TW+}c;*zLy{PW$g9;%C4cpx*Dj_fzsRunE>f8P+ek zuTr+3)6WX}gSJBkZwur7jrdYqSm!{!{M1EK^lAU}Ss5O$9m?+D_@!}Flty}kEC@|MC{SOL}>_x()0 zZoja54sR@5C4Q$seCT_|>!4n4Nt6_=O5SlGsUB1D>isU#CnPnb1ITtUwtv_a(I2!O z8W7(Y&H?pu3!S9s`Q)_&NgbFLYF~YCWfJdOroNqszY%T%^&aoNcaS$2B;ChUjt}Jc zGN@_r?=;3&*>U^{Af_l&Q-ebu-85%b=-|ZzXR442Pj$z4GjK@yhy^9lzqOjyLA(JBIl2@I0v3pPz`nP2NZFIV=Xd+**0> z4Zc4lDu>;vroO9*-zsH5y?uRs+iashKxgOx$tt;a=;6J~e0|+PVb>0?F1LG#e+s69 zdfNx{5?w!&^Z!3^4G^lrau$kSH=FABLwa5$Qzh&k#H;=HEaGp39-!W--n)dnl~C?S z?iFWh?;jcI>nq1echMD-hlSmzcy<4FFlCN`(?Px6f-V~!MBWIP0ndUw$87pjjJ*$G zTb#Gwj2%utGwm>k_yw>C)T_rG@_f`4#s=Qnh`ldK+gHSlVG_=)%^1MCAqy@z@4MdWpW+uW8Qo02fXKq{LXM0SZ|YOb|0T5j$^!o zw_dQ!-JQfg0Q>LAd0+P4bADq!U?B7cxj(NX=X|9f9L;>o^wPDQ>L5N*JM3ne`u;-v zUcYm03bY+g@Z-rrbQ18{=d*x2f zb-{fw2;?|ly@S11kH-`B!fqX2?PrsSPs3_Z?_=KE+ZDONFcrpu+y}O;Y0wUBFUg%3 zm+eEMe%SqH>bscu<**vmyT*HqN))-h;1DxdAX4#>r>;!>9&bzR|*aT(H#iRS5-2Idr1&^BY`vhMXJxShp&^D9oH038I zbN%F5zJCc`1D!9a11b6rd2>M0M@$RtNAx}Mu4&l4oXm!1|5-@r%Tu1iMheOM zyIYWd8QAL#2^lCg3%iE>a{X-(F(Y6cX#Khdp6v5PJ|%xS$n!*OyEoam`}QY|cMx8N z8rigkG9^l}UV(Z?d+(UC&K*v^q+^+`j{UKpT*mm1A-c;n54%V3HpxaiSC{y+p&6+6 zJ@370k0RF%hQVF1xH*l%HMDq){>{ZO>3<{3F_y)fynu0ge=lXSg!nHZ1EP~to08WCBwfx_?rY9Jo|tfHaG!!}6?S#; zYPyE_?r<;YdfPYfhF&6X7R&*yo6KXaQ+Zwqo*VJ#cI9hg*1(UT_2ZGXlA_M?}%6t)wni*y;;!lF6px$xb`y+WpWr|!3DuAtHwKBo@ zK+dy_#GSe*>>k4#lNymOCcY=!3hL!23zDJ}$(sQm!7PyRZ3xOA%y`(3LuG%k0B_>r zu-k6h^Bdwzlr3_VLEDpCvn7Rkkv9My2Kk*)`ICcfYpuIWy4a;*ckrFL`JPA2C$Jc_ zes}o#$@{mKlP_rnpY3`hZ7NB}FG;*-81E{|eFr;@ms4+&qFvWy(C#yi>6YX|XCuV}ekz0NT8I)Hpzuh?Z__r9rD6}~?l zjs~q)3tuleztxERR?rM=|Lf|<4ZG@v_iIzHONqY@xv z$;;_)cy#@EgqU$K0knSC`}$q>E!#cvCCy@LmuJvR%ys!h*zGkS8=C!RF7cnk3efuX z@bz1A1m`u&vn>K`JMj&te(5X1?)vL;p8bhA7-FFPVqoCOz6b7D7euXfSuQYSDf1xc{EqYUTj;reY095Vy>vZzf^rk#Ina7d@b#*G zIQJruFKIT@Li4NrE!i>bIvTI8UmqE-tjnZg*RMzO*01J6GTL zy;q(OQJQ>7a(rA|ebab*Q(sN{P_8l@3flkX1>R5{^3H%JV4W%YU*hVpd%(}+e!@3sx?Yy>U?3%Efgtw)y;0($vg68|=ys_ZB=obgDFNDi0 z7P$-ImCB51_bcf(SK*u$gG1??!@?XpF+b@$!)_T~U)F6PzCMk=V?80~DmeZNUH-omI-bAoyqH;fCPx1#sAF$h; zZN43^9Pw|! z+n`=O4lHwEk*f%jj$kUsRnw24Y%CZ{i2J@;!S54NL&NTTQ{Q8WuL})8y|4TFUPfML zxE*?ccy$~#mA)lj?GN#L!mbluJznci{5_BY^}g%9^T=BQTVOrNdCqMhzOIa=WGd%# zWVyL}!|q}_Sxjb*6gsHLm4A?qc$3sOCc&f_ z<&J_{#`~4`&S1Y5_ujLa7Uy;Mu^%_ftvT`Sp(|*8*LrW7yboamdrlIFS9@>oep(a*?R1(G%}9mV`g9i_i(dV^&n-V{6E>UeeeY$kq>LpUb`>b=5yuOhD- z420ew*H84mj8V@7%jf)d!TOXM6LxLz>i+d9;-7^NLA_(VSKbd(B}N~Dqrjf8+3c6Q zuK$_GIB#LR&53UVmxFrK-n()v?++#a33v#^Td#WX9GTj_->cU>5q1NOcM|b4U^b|C zq4EAie#Jv+1F++iTBil=px#(2?8f1Z$-*GjB>qIG2kKqtz49J_F62wPh3V=T{So9i zSC^aYXHq2ycq;7PF!k+Ae18}S>W#_=`ok#lG>zeNq5Xl@H;#8X-txY{mFM!dC1282ObhL2 zcGZ_bUU{}R+JCzce+vu-^&aBAGs&9+t6&+7JCF0Zt=J~8A8+ORgWiW5A0Kwd;MM-S zmH1!acTn#s-YdUn-Lq;?-@TdIcF^Uf^-beF8*eN-ch2ok{1I?GsFzbNlA_JXy9hc% z2axSnJy^hYYXJ^%>vk*kOxU$I_3cJ{5(a>J8M0)(^83os>jpGeC0geXi?UA>>#V3Z{y?C{swI}{IxEIv>uJpLgkJ2mX0gLD0CH1U&R7HECvdhgHVg{$*7 zp)A<;UFWyIY5IOF0`U!@J*aoF_dY}3G?)digY~94M)qkEJG<(Ow+~)Td)F*-HK8`hW>@y-+3_Dkz8A=Q16IO1_Lr0Q=b6zDvAtxuCtnM@ zk$7}F^9?aCAIWwEw0`WWBt;)My2w2a;bYi7GA+Y-+v&qN2YE;d-iH?)hv;>J_-yV6 zF!ht)RZXGXG!UKCkKLA}g1@UuQhs@X@~@fl4DJ53e46q*3Y4E^%Ck%V)ADXk*i{@7 z1jxTy|GB1oBKW#s{o|BBiSoJ~_=Ivx;Y-kVmHteM)*S8J_vB0ZnW2jupyn5X?&B1Vcys>OF`zPXWgTA2NPQiE48RWeV zl4db2`27oc8$r@mriHw_-p7fzAKp?yS+||| z62}#}y+OUd?U(&B+K9ZC&=J~!9fuvgEEt36ej)iW=kJZT7x77$2I^f{Ch-1F-k!BM zrvQ~e?j6*36|@|>`}M8V{IHvjS5p(>TfhY%b1drvKh2X=)P}q(K*uwZnW6jwQ@#`5 z-w547%TJO(%D+J8m&uHnQkwE7 z6ez#Rl;>5Zk_wiOFATe81-_I&%C{-z?~>vZ~H}@@(WD)rj$D$t_GPM>DLp2dS%~ZG?4sZ zpbn``SB@=Gc-ETvdz_ewFd20IF7)#!_p`i0zNEjrpXJlAD>F2=op_6KAHZtkz0rHi z(ZBaRfo%vJ#%Ei{c6r+gwz*BTN-)Z>-?LKo2XI*DaWiuNQ=Q!hRj+OF=}{^5NDukN>Q zC%!)n1@-%rVuk?n7CPWUK^{)~QR=5q>VUWV5}+v^qiz<5Q@ zAFd#OGw3-8=_loJX7GGwJkno(BJLNExs>*57}T%edrM4*(q1k`5UNtGF^=eg2y;77vnetk%6DfBJoCaF2V}tgI zetiyoiF`?Im=;&B*yoIEO}*L^-x00@ZTITF-TRSu4?GCA-D9+S3Qrf~d6by3FdlUN zx&@vhIZr>GeC?}J&)657hcM+|=li$eJyU*6FiS=A$@>Cq`2^)3_3hIS-wM9p2wOng zhf@fWqC3bdT|1EN!&KU*CCEE;r5~NlSK8lW%jlP;Uh*8*ij+ABbiQ<)DbN3{PQJE{ z{IMkE7yEk2|BvPSy3h@@ULVUB)N3tyTVanntlMDUYp`+T?)RU$FT-w&@irm8C3FGx zj`7}6CviV4`ES8XV7*O_+-1?sIBY;U5U1WlOzD~tJDTtCa; zt%+CD7UI|A{2sKQ)d-INL%(|OPQKG+EX!pi$I|XA#~AWxfu(=P9S#!)Lge z=6QII7_E=^NzpgSe+Opr-8`oDzQtOsLo$!LJ&a|zui1EKQ|4p%#CRKdue`VTYw{(n zV=BL&8xUunV!88Y;+6Xnl6W^3@NO~QmRXaF{vB@yZ|L6Ka@mP5!hmlN&~|9=z2Eh8 zZa+U5tirTjefC?_H!&wyUpY=3OMT-j!tMy;txo*0a6G8@<6zda@3lXfd`a?Nd)vO! zwvy!cwAtm2_ax(ud+*uCyU2K37;lrS8d9PF(%3f@|OTAa# zE2ZfQzAtY5iQ#Qqz}wMyGyj7(j<=`r%6fS{&Kr$)o%iZ`DRusxyyEJczLv2n34)*8I;(mRrT#a-2 zY=Ba$!ft}8?@g>+x50ACX+Ps9jFO^vkv|+HJ;oWMyKZ&m%$FLyPlyX< z-dHx;x%Y|x2tEPzHt^mr$y*1KzGGU*yMaMMcKd+$IOE+${I9SR)Z4^+#Zy`a4WxaT zW~$}x7ur?lgM#bXv31-Zg||jF+PO-^$KY^K?|I&PJb9;rq%)Z|I`WU+w=ebA$?;x_ zSNDrei9a7&gL+$e?_pC1r@k4yWAN(sSGGG(;(Xe8xdkTc{X5&8*oLs1V!TtB%_%si z8E+@=eLZM`>>qiP&vw1g{-EQ_INrC7H_W!^Wt^`YZx`<^7mS~?-hKF7oHv1YiSf#Q z=q;S@7;ks){X6@iB;NlN@P1&tef|e;3U7(wyZ7HkI6pJq7qfF7^oQW%U-w`4O_+B> z<-9BKt%Hrm`;PZ+Cr?tTQy7zi?Y}Mk{zBJ_1m1dhIn9$z<%q8ghk&jZNBRBGQRJNj zk{U3zzvI&W@aT`hb|Oet?lrvSeSx2e zFHxW4IZ&@$+95^deLUxp-v+Aj+15AV`-8S`8t;2}HOcX7XUcT}(aC;uX7FXf<5%|` zzXLP#dkf_T!BWtAeIAt0KF=q?MVA|(%);Hz-)-bMeX@*n`;y+wao7F13P>N6I;UW9K70&zfs1q49kOh_xH>FQt~8S!Sph)-nQ+6 z<4V9_&@zbEf={YaAv`LCS8s}UXd=8($aKu-M++r;rJe}u2)x{!SaSzLF+r(dv9pSxEh{-he3X)-|F08yfk_C?)@RT zgWu^tkXvr+iQf!cLA@p91NHrtyvUhBJCtQwXuZk?9Yc61&y+T&xMwot``Zsr{mRhCcdU{F323q z`nqMW?6*aG@}Jh^t50%Mly7CqU&8mDp(n_0TFSR9Cy_4nDS69a8^|@Fbqp}&n#Vny zGmg24>tsCbDHCeM{o|mXc|qq2T@(1+-h8KZk^b0~ZBZQ0FyoQ^y}ZwOf8$x;J-WY- z<$02L5_n!R9<5JJ<5}_-^%;&QiD#klXnjsJp5=d0pA?=Hp3QhlWt);s4CUi+HfXvuh^jk@zKU?uR*;}`Rz$V^3H>H&_mi%Mc_)~OmbuH2c~}Ih}j=1gVv9qXiDOE zpvWBql4>)x^^>|udWr3`9LJ^cuFUhEOqnx5y^%n*%iDtQ^1TcEe5=<*Bkt!suhh4V z@s`c={x|iF<1NoPN0*bf!)3<1-~ZrE;;o(Mm3Fw=cn`|+7HWq~UOS}mw#8dYW{%Vy z-)%73c&mEvRmbprQ1U;Q@4wjn_+_v^AFJzu+auy`Fy8Md^CSEMy4+3+{^Z{}ACtg4 zuziNXjo)Pz! z@z$hVEvRk0&AnIN|JuNN<@{%%^+LT#yvqxC8yoNW|ARM!cSiwl3*+T>GfCO=wf}8> z|%Tg=xDr`daquW>&|!i*X1_*{;T~giT70Fy_GTpV2JVF==-mXk4KX) zDaEw7?RczAg!h;R6_S7DeVflvW*X>r@s>aplJ{-CNB)O-PB(<@BAy%Z)bOg$h*<&a zLDvIruaXpvHsKyQs0If?y9V@uI>9!!JTB>5^1Dp=eNv)q#Pu`vt9=E}MWoDeAk~ub z%ih6pd{INbI~#O<<&PyPKa%pg-q)dABRB`NUJZP`erW96HRN}PQk;8|`vM!)3+fZ| z_0r`L-z(yt#;fa*oX6@%xx0+Fhg2ZDAK3joR-xlx9Z#q5&M@<<&o#RbuP%@G0&hs3 zYbNPQzSDV@wyQ;5GkE41&v;@c!gI#+fqKZ3^e$8D*~Y#(RxaW;7?0NHBjfp4J%3W4 zIQ2>3`O&mjhVnl_r*m@4VNbstPH4*SP~Z}11v|J-v|~HRAY6ATRV6t7=*Mxr>^EZ- zBCg3px$^~ci2nq(fwtF#z#BQO8T(Uc2J+k04{P%7TAb_rHeHUDQu{^R1NdaQofPqOualPsN$)W&&#BImh)_dm>zX+Cs zdVlfWugF^klGZUT_hj-KK}%=`c7LAm?V#s3Qh4jo4y2^~BkxlcE~1>I36MQs5S%mP*|iaON)Vs@ z{wCsXgF8(8$5J%pilp7;`irDEtiukKcy8&xd@u3gl_I zH08#ca#ek~<4n1S3zUl=5ph#Zxf6Z4(@nWi1Cr)Y-j{pBlzY5DxisbW3(6&>*u*~}WpGGJ9u;xNnR<0*-4l`*(Uuxn<5;q1OH}R8+FYUKO@uMTIbAkGQXyQL6UVft~DM9=I z<6l6Wuowu-w&y}V?2EtRg;eyIh#O`67jNRZ2T+yoG+vIU8D_hy$V(AFDTq(X-#e7H z5qgP>B+HA_c)Qv&P5e8?--kG%zlmo!Ch?JE#b6&MeP5H`th(f}5%*~U&r8PB(R(rl zJnSN~DSlkUt;bW#|9=DJg-ynDkN0e@`p5bV@9RCsN8E45b95`tv%|?C#ibpV@`3GY zqyc&7!tld#=ZSRwVtoQ%249)cxq7uCUVQCAeV^y~%2U7m>;5V4OP;{-pz&SleK#22 z7kR$n1$;3-zp)b|?nvXi2~QFR7~eAQ8$#Y_NF4UZ`fa`=nBQ1!_OHg5BK|pe0nlXI zZ@KrqMBe+5Dd6ks=Qma-;+h)YN5qTo3sB#edA>w}`Q5C(x)FDY@qO)m8;$R)JYTH> z^-Jsgax?LD#<#`$emB0a^L*(7zLr|QdJ)&#_)4~BUkMceO}70q-dBmdnh-BAzYElN zGUvyQuNLv*i-Y=BO5bnfUlO$?`aXY*!Tu`-$>*8PoA%9f%$b>zXlu^ z8Q*B{n`nG%@_d^M_>$^7J>q^bzURH~P2*de=j&Qve&v~&l49|QEBi=pd-aa@Eit}z zdA@jo`Yq7)}U z=NMmUJhFaNF}`o|dl7kb~-#-;v2xUY(_Z_za&U8E6ZbFt>Ek9hb~+0=sAi{MgFPaixXJpUmt z&3U%`v5liriE~*G@#uJ4t|1HCDI-bR;Q(m^-wsLQ+n9EkLYPq0HWy!wSbt65rHJon z;!6=Hlm@Nmk=}m@c^TqwG4V%`C)5NKP;c+aO-To&3&Ac*?}H z3wBZY+oU-0J52l};)Lfwmt)JoA90=2zdp(*}CgtBZiTwcPgCtqL2~*Dm z(!)*sq0~{ResM1TMH8PSzCnTb<4yc)CO$>{MFryPoA|d)e46;K1>zf<_=P4uL;R2e z@hwdJ7bf1FA8}6=h`-pxuQc&7;$IKqv+dV`xGvDm#LF{K!@mEgFO0bP#OwLMpNW%e z0q&Aqdp;=}DsuW8z;h@iF3e6o{{A;-{PVIPv8l%hhKQ-w9Pr{L3aj zL45TB@kf~W*G+tq_|pr-A8X>@GVv+m+Z2eeYvSKA@oD03F!9y@$F3f3KO3s z{)YnbSDN_MCO$=c>BqBOIr~p1;)Lsc{6umkT@#QY%Sz@p+NRs$#<%9PB zOCs(V;v!+{`a60keS#kc1;n0Vb^G`NgwTF?+AJquOkgZC#pa-3`Gv-cJJ zt{tj_q{$%lFUfg~^nQQbp8L(Mi(k!k*uaw{+{t~~!i(PX9C_JuIsWe^i0^Oy?hN8) z!v`SS=jWk2aC?(G`AW_ubc(p4#;^N}hI}VU;=hs)vaKN{iGR?n&5re? z%u*A-#>8icFM1*yn*B%pUzzv~Cf;33KMdlNlD(R^@8L%izgfP}_Pj3QjyLhOI?%76 zAxM(;=TV!x+9!QI*GEmf)~Az+Khwl#h`)$<-@L9Xaks#2CjMNB_w|W&iMVS_{6oaa zdCL@2?LX~({1Wog#P>1v`I0;#1CpfvcNl+$_y>uXF@Pi;*L`o|<@%jgICcZ~x0v|G z^nD?cJt-OZxs730e4O~#Onu4|C+utDA2;<$5pCP@=k@-BG~REG_kH5$!xxb6T~FR7*bZC4 zdXstHc-M&AGnH%al2_3lPzmzAhmm&-oD8+WdWYwE(|D^JZ=84;51+#{-`kwL^FdM@ zrq-+DS8WH^E#jIP@1?{`f9=RL-+K*t*Mp>POpEiz@!nv(+734t@D|q&sr+`p`+)KO zYwgfI;@&XczSMIt3@uRKd&wICl14Ett{oD1KR4cgtG+3`JB;@+>Tw(E=?KVQZj<8QChm8AGS`3qt@3K^a<7H1TQbewyMi!|Z-|-ioy5z% zM3Jk5^LMs>dyuym6uNIieMx*z;H#0XEZ4t?uM7u6{`|(sI~-aa{Ks<;a^H%i48E7~ z>A37j;*W>gkncN*yi=jj@{s!zB*l7i-xNMgdc1nZAALoQ$dm7Nex*#D@}Hab(&O^8 z3zTn4o_uf1Cn*0d<+VRdXU8X$KY?fT;5Y4ERF*vX&X!M6euw${@*WL2PCNIHe?KDc z(P&A&mbc4)Vu_#yGWhm*D)=n_{>08rX#GcDQCsrlJN0Et-OP1jQ~vL^XN>Z7DbH+X z(_i(!OQ}Pl<*WTKf$!{p(U-z^@jsZqH08VggYp^55Bdk?-7Va=@ej(!C_m#Ll#f&X zy?;v>u*HfLvt@M^z&g81<;5%Rs0$$J4Ly~MQ8cth{!OW=LmcwZ-8`&YhK`q$guJNqxZ zX}rtv>U#Mh@rz&y98{)5kt03RonY2{`tymFdE`h5oP4CC!jyxiA0glWEa%SpW7#e45Nw)o|i z=*xK5ct=of3_MZ5EANjP>%Ehh7OJnVPw`~LZ82WE-^;JBjKej_I9=BR-IvN#y$QT! zp3bcor%_Zmra*tFO`azCzBq3ZZ#CmRhH{0SG$@j(evpC*EjaRP03i1rd{Q4e6o+kOe zxOPb3J>7W!t^Sb4+xBmG_4xp@z7<#B*Z_|6{vW(aymuMzk1TJwUh-Rk{&3lwv~H)M zKXm1DarJd~MchQ=jZ&^0>%}R=H->W{-&_4~_V46NYR$BeSNF&9L5%N= zH$i-H|K_olz_#s+hLu<`!YdSUx-p>ebBH=s7|%QZg(rb0Iw4n| zb1B~zE(KlQ2L&GHAeTPv6)cw+=N#l&BRXc=wY>2jidWBvUXQOgB#rkt?|qiMmqF4T zrcGkO@opcbUQNizyq%E$zgX@=kAD}Ilb@dN|w8Nt2cvp=l_G3ms`8a6Lb9`e_SQ&zd!okt-gOXu8QHUYrJpMFH7CV zIZTjtm;t)oewMs1q5SQI&^@wi*7lC>k z;U-1zAa4jf38O%MS6ku8;QCb82En=^?JLiJ`^`7RvGI@)9N$)Z( zv|ZHYmc%>Xc;^x?-i4rER#i#a_WhK6Nq^?Tiq^x(%f9Z|0;_dfr zu6?z>-xzOg1Rjb%HUmLyz;)LMU?pr)Z5;BtKPvq9DHA&Y5x0~y55ubUZuCWKE};mT3>lz)3ubl z0n~f7_s$_t-q-Xs)BN`}xna9|lkf2RXXCBVhiBtLHBj#W@0F&iMZTmuObfNI?vLHO z5!b9ykcJKOEw{waBXv4PgT3L#(&L zIeE_~d!O@)#(OSh+QSu~Ub?iT=w$Lw52z zfg(Kig#_D#twaRPX z7z3Yvc(p&AOqs@T4ru#6U$b zGA^;l0bTQ!Tk=!RPvNcM=kGnrEQRHu-lpEWiM(GxQaL(xqqCeF*LL^zeWEvCO2}s% zcQe@6{%`>CFTe~?ZyWDjH;BFsZ3fd1A-1 zP%v8N{PX{S_IC-@|lI%ANjib~XUlnl!jW_=~i5zDIH4KgevQqx}tLr35yf5I@ z<#rPFi9-v}`ifW16Ns}D`Q4!l*yUC}f4QyZxeunk`RAE!ef#11Z_hKQ@cwSu(+^*e_cN5|ff%+=&0!r#uaCGc##5abxtDT38cllQEZ84N zMaS~pX~rR$u??L6p}h7N8OO>PwGnZW-U0s{yW-Cy;u&AS)5LgsW{t(4k4)g1iAT3* z%_-j&I)n5FsZX!K6MdDu_h2xzi^@A@--DI#DZG0j z=QWxK+sA{J2m2%OR^(47H$`09cuOz{*&AwsdOz^qr^tH?Hp4n_-}C;MEkQeMUKt!0 zidXtmW(&UuVP)0!J@7vE#SjPeZuQ>l$?FXxVKCHd!2RMN>)Ld`UP$|9pPROo=V2M| zlf*v#Pu~^dH+#U%AE`9tsxsU z*5ixF)At`;$>%1qKQ1@%%5qEKeE_fa`)i2r4!44OkM`aXGoyEQ# zc8yDZhQ zykwV(k{9EH-L~oWT&K0AGNkx#+%Je%+hHHd)_|s<_09gihyE~=ygBe4tcCIm7<+yZ zw8Ja@eR9$ca-5#p8F5$O)#bMTNa_TqgL-HAc9=-sTv!duVI=L)ZUgIFjNgUjy(hpG zMcqw!wV#!JkmGKMfqGYZZ=Adf;TpIM?EWp5w?EF{z1w(iAiggQ0`+e6-YMkGhX24) z`My2d{oh#TEVl}D8fjzgzll)PJ!QP#5&sK>IapDzKCiJVdB?)3PzP*%Yv*}0c-KtJ zwZqxOUjVH^z2^suINE`{8$i;ZJs()>8xKd_EK}cW8F%%hY%k-z(tCqR@NXC5Y<;z# zsW*xDGvmD*-$)o`ygj}5+=uxs6G*y(X>s0Isi>>Wc3t~JXX3lUO`z?t*n9htcMnJ! z!L&GU67MGJtNnKr@z21spx#y9`w4kpf~0j!3wiZ=OJa|xi*iq(dcPwMZ zQM}_2BuRbkcwO69$G>U32Y7FUep-ogHK7iux3TwLL|zBz4c$TB^O9mC-sJ5PjJN5> z6cBIrIJR`u9feoZVB&|uy&y@(4-Dj$^6yh&{HlW@|vnCgPk-T?cDJ%f% zZSKc8+7DtpAaJ~??>geQ!jGWd_r15wBmCwXYQkY)`)xdL`UuViyfH8ho`nIYF>a{KHj=S=E4E|udsl6T_&!nhAzn?=AJUY02edzY&X<3?Kj2+! zytDDmheaTpap`9pgFjmI8+qDyU4^LIZpz8~dJh`I*Z{OX`-*_^e@*hrwBP;t*m25- zUdi>t+Qc-0=AiA=GWfgE?&S4@`(Oyz@l{LT{yM&j?-zBa;?;imF!7V%c~Eax@7+k= z4v0R=`REh4{!RbZaZr!E{YY~EsOx6D`%>lzI14vx27)}#yUairrhM9I4Mf`Y}1nOPwy(`K484h@id!pdo)*LUM=f}m~tL>1k6m@Tz`c@A896;cLzfO^Y$?<3@mhiM@11DAIAuy#=2 z#d+-zJ22|@kb_vCde`E-FXd)|_9uqxl8WR!$}qm))fdT3P<}tk>vEU<+dRsC0$Q&d zv&CIh_irosE`R^lHE({?c+bMC+n;rm`3`3XbM{2Vcy$`yqlm8oP7}YYnbKJ+i%x&JK+wFx?7BQ1ZBp+cu=oy*FGli z3-}iP1Gc`~@|I5;@4coSwi6$Hg1!jqmE#*y^b+!}hQ81ptaq~64of>^szlunroQ(P z{}7A@^|tZevE)4uk{)hU{5UFpNYs^iE!Q7rQ0`rr59;OAilpc^@^-?Wso;F7ZQlyb zb|0r^@HWA#X+O%yap6HswV$#|N-BzxcO2M$8jnTY1(dHC#JIYAe>yY-t=H*%$96p0 zl)Tn(1+;@vRdUCb!+n1$9|?{t(|9M~)qdKE_-@bx)O)J;-a=k~xEF?i9WSN4w*xaH z%QJRp)NLr>eUNhMJ^8=zPR;Ws@s@c#w|qw78v~CUFT28QJ22Ump5%MmpLD!Xnh2?H z3hyy^|7rWC^V&CdSk$$}`%l|9UgVJ;nnr{3+8VPYyhb*r^EE!qW?$Rxxh;`wGVi8-7|BN zBBYW*C`Bh-2GiFeNIAQ*tjxLUctgMVc-sqJvOMrVEvdq$rZ5>weQU4voOjkU!2GjFXPH zE#o_}$ z^=n}_=;v+Y7xm5`&vU+TH}rx!H}DS3Tm0?P#|A}XNIWH??x4X`>qqRKq0^YD+*IYvRR?r62%W6qpNAkLYq+3{K z+ppyJK;$@P&h*S%RFwV{rhnZ=`A6Y#P_MKl$$Oi;+3*c413B+406C8g6R-Tfrf#2T zZO<&S0ZC;!kK9O|EuhUjkk`CcNlr2;B|Nz-0c>z z{Xw@|te$7u;?@2;o$@PSBdE8u|2MtLFLC||4d5)0^P`FO{HT@nYX3F$J#(XNhu(bf z%P8Lkx`DPsbKhHHBzdoZ{LX3lAJ~xe1KCfjP%v?hXYR;oPr0u2p5u}0p$FTZ?c_s| z!smKsu=BZR;adgYfqw4i{G#45FY}H$s0X>=e(q?-=Z>D|nbD573FR+`D?z=v)_Ws) zw}YhnSi0l2j#Jv6kp`Zb?sy-j{4=l!)LYGZt4w5Ufy?0%aIY(^w&yeIO`gwu8Ly5r zLnuE2o&ojNx84clO#w;ou*?>(K4%b(FuZ?|?pHG?{}C(%^>(n{FUea6zrYXRdh;^c zH;K0r3 z-X4xu-uJeOI;$P;%NbtzzsU@*#;e{q-u`&QeqFPk@+G*}7zB-1$C;tzje-whI>>%e z!ULEaf$H#*Jt4!7-~ z<5#??XXZNIT9j`HjX=GRS#KNiu7jK5MsVLN5YO;NF7eEI$J?9o17QrP_kHVKLf$I) z1-8P2uFYzWUkPF z|B!M0X!1?~cYn}+tILiOjHDKxi6zqQTa|j}!ug=_KIVt$-Avw{@EG(5xsIa!Ea9|6 z>iImpL-FdkQ-wi%Bz2w#_5NhN5{9OWDCf4X#;f~Vq@`!_6KU^hT-TL$nCy6q7E9Uo zpD$CcFmD|1GRG^w-82j5Y{z?S7Vk#Z7v>GO^2~O}yM^-Rb=p86OxbRAthXU~EkII7 zmhN?`%yx)h?wO-!r?*=d%HImTLA}>o?|tMw3X-~&O<$*1rz~~92w&lulO6AH>OBW9 zfO>DW-pS;>3zBBB+z?J*zf!l(qvLqb%;KHvc<=ld-f(NrG{UR>>@$2xiN*2WZ@oLn zD>lWCH^egA{-OOWiTA23-ZIqFb{P0Cyzw@kxe2d~50XlA5jc$VB**)>^;RdZ9!ToW zNmaIZ^}0e5@7;Ktrb;swP_H%I3>vR|SC!z_idDa1z83Mv-^C^P zz7=~=q^)NL;f%E7(hanEn!t)I{&VzWnaomzVQFSxthkT^i z)jSX2c;{07EBFP}`@Z!yd4qd`&=b0V>z$V2O?F`3hgZ{Z%0B}yfaqj@`_lIof1SMP zkN~%Bmok<`I(p_)Ja#T;=2PY~SOFT}_cp%Gh}{{6@s_)C%0{~5@CuRi|o`|V%$cow;i>$r2${dEZCpMi0p-W#m<6Y|!< zFR&Hle!AXIF0k=Rf0g^`@u+9ca=d#f@4dzG4Agsv^)@8$3g`^&!JUVg!G3$F*L3DO z7+x6>2+rNr8ixv6e5_x^11de3yht4YpNS5oI|5QFrq z0eI#3doa%(wen*ykuJ<19q+gJw!#mf{q-roZ1KJ11*US`2e-eLp$+1A#^TX&P~Lrf zH06#3sV?z#_BZ){$Hfy^U)b?0fp@m!twQ-)aGvAU=h@nmcO%>eSDs#E-*q2p&r;v) zf1f3GgJ)LYjS!cl0n`}*<3Z!qdGlQIK7~!N20ETg+cU0AtWeCHXT2pESEOH=uAHCY z4U3etoASZ8*|wnG^K3iRC$BMdfY#84Ip|{U;|}Ecr5@Is&wM0K`EWPS{DqhQn@YD( z{yrE2>TPbluaP$$K7j?$hI9TsxMduC-g-~#=#K~C?p&vvo8G_HQvPQ!@1(t}thWw% z5oimSLwVXj=goN$f2`5tLHH)moQ7BX!yS|#0K-7zU2DB_$omAoh4VNc(d%`x-SVwh zkBjDJ&op%6-9w#H@ABLwsFzF6lDwAWb$}iq@yhQlYx@>t#A|wRyv18JRh8>m)OikG z1@-FlVH?T&8A8+8_n9rCSL+c$C>_oMOZaeXkp=V7wr9caDV z$lC>FXE26<>>Jw83aq#EZ^qQ7e6o*ca^|J?H|-C()YEo&%6bdy54jim?W^%7Zf8Hn ztEmgVTj3rkMy8DGTzZsL{2B7b!4z=&?qbHA$Q@jF$D`X{w^M?$8Xt!jNnWAb$;PMS zOyo}Pn`Vh`2VRYD$pPZqLwpH5eH>5OnLKL*r-6Dtx1Q_ByBYd|9J8Y}{9|@LvBmH5 z%oBL@y3|O@OoC~kpL4bSoWGFwCmi!W$5e3pd4c_$r8!#4`E25D&%EJy>ruW5TnXy^ z!FnGh?MX8P!bKq0H{5X~ z&wBUun|pcg3vcH3?m}Jl{%O61ZSQ>R)$N_=>zUAp>3E;THxZ^f-jcGx=ttj^_ZyV{ zfO!kJeX<}k-hQ5`j5nOB${0)ebKz3Zcn`PU0ptybNiY_=F(25)F<@YI&R;I_+qdj- zc0O>wXX<5%cLDX(%cIqjQt|#pewoDIgT;?3-5 z7gATfeXX~!ewN#0|MAH@=$VmDygIJj?|AL`R^j7{^=dye1GvtU#ru}y{no}?X#dUh zKE&|~ug)_z+UnPMNMy*kfm>3CDWvxm2^c}9MQH~Oe&%H!4jqCdXjFvjtoYUBN!yl-I_6v)z< z7Zq5q?ibO=xPIh#kD13i{GkqL`_{DHZshfWA@C5m<4$f7?*rCbSU=0RUhQXzA)XnA zH?yDJ?sy-y-opA>f%R%X3lHP`5wFgRrr`SkK6SkIJk%@p5ywlY3Sn5ywW)pm_Y%K- zH*Dgam5qoD3}71 zAkv7>%Xyw$_vvW8dL1S4B+n_~)p^Mr$}fYppx(V2?*g7Nh59i5X`WfGoo?TJ+YWlY zHaUWM=lt|_zqZur3U`8fOO{A|6mJT7GhjI^h8~PN8gGI1ZuymaQYAURdD=6T@M?e9 zPWfUBc~2v#x3u+MOkQi~0bO8&bH1BOC@eZQ=bMPvt_h{?=mb~vJ z|6|5VmdRB-N5U8p<%MB+*82zXRwG_B$}U0XLpi690tN*<__8p z`Iq|fb|&8Q=x6cgJktuVj%QOSKNA*#de5-lpUC?Ij#$LGDY(bu!L~o>@i_XtXRgPq z{o!QF*M-KQ-g?$6^VECD9|ST_b-e|b`tj;KH8z^>Y2elU;uY#lgSnvIhSs}-JhPbd z8<6>=JD%k>^S%3y7cY2bK$dvVpssqG97Mc%)~oTx$9QIhs-Zmo}1C9!rX(&Xy52Kz899I9acKt#}A?% za+~|xP1_+hp812*4stv$^$FK&K;s>2y>dKmNq!XMc*4h*$fAwnHBE)cfv1v_nBgJ49b*JafDg@VyDM9q$L$yO+G+ zQsxg(0o-=Tz0BWkJYJG&huB2!d*hXK3~h4(<=a9B;Nzsu`&at&$r87c*B@M;^x0D> zn3%-#O4cJTy>30!@vOmfsMoE-uXyHm$NL1n(a?vJbO}qYOK`bFQt@|I(l5SYE|KKi ziu3giTm5%}Z1}c>No?o2GN=6pZD3o!%x~SXQFOcT@g;drux>O+nkePCS1zAfKC31@ ze~9kj`-KbB+gpCK%>CUmiBG*Lq5VgG*Q_va0`Dn~_if^MA7(>lydRSH8A$qyWntd< zPL5xA12&HJlrMno;Ck6k-ml~p+30%%EZy-++d;=|^DEmQuO4R(qkKg;6*9do$ZHR` zKo@Y|zmsdnLAjqR*F)mJdFEy(-g_wjAUp<{UinB*kv|4TfgA6LX8X^-BD*~Eu;YD& z@^8U=kj*=n{3WmeTyMn2tL>1$I|i@r|C#R@ar?ueyk{h`+cQ%g?{eaB-<$4wzh>Pg zkaVE;rYG=z?07SOSHboEfb(E~S0VB{&*?bc1MP3SY`mw__=WY~B;LJ__b=*|+{AbX z?sns&d!@)b1|(HxS(rEahi8uaIKAC6pFeloAtki`9O(J;7~Z;gb$@%0FS(Swk^At( zBk_I@7x^x)I(fs3`lH2K%DMO6GWWLx-cESKeqB?Kx|cym$IC5TNnT&_2Ex-Y9Nhbw zt!)1tS;apdB=&G0-o`8Mrhbv~GhhK|yxdYsd5_-Ad#j-tTm-{|+%NmnA19-D+fjet zenAU-ftSN%Dz&5hy)X#W+r(exeMsJC@Exp$dAIWXPj}y&XXAZyqkrC)EE+H+7Ny6X z-ITAeh3Bq8y`8MLBIg$8kT0nbOSc`gef2pKQ#@eKalB0_-wPfC_15W&%hw~}l33^FAe9|8#TknhHy$uUtF39<$KGz$w?V$5T z6AYNKc=bGL73IH^I-uS*)>~;S=hSdMoCQ0$-lXRx+w44PYhT`>LsyK10%p0>4sxCQ z3hHzM^>(q|!me}Y*?EV~$D=v4?_$5A{QDff7hw&^ab4QsL|MV%xxx30JMb=~zWnf& z-?ke{6*q~)1Ev!mZOO*5_2=koh9ERKN6o~ozR}$|6$9p;DZ-v`Hy~C`x z%1>NphE~u-mZznkgKKw<|6ZKC*cnUGEXgVXv(51ipuBt^WfV*G{$Radk+%s<0nY`p zblYLM?XTiZJr{XOz*Jb0-oMIFrvg+4^&XCjs?LW7Lc@)iO@*QE#+Oz<8ge z_lqZg=XoKR2iVuqjK&&9;8$A?%4`U75_Ki=^%zYPkXINqVwn-cQRudFKo zxBu?2{r7=N{{9x}7%*qy4ckgZ_b^sN2sGX|GrSSjodZp&r1SoAJai%P>U-3}*916+ zO?z8Xz5`qb>ix-jA0TfCNP32)>lLRY^+vA^nD%(}I5~#$!M&U-gL(t1)l3oA|sUChs}_+^5H8V`xSb9>R9xoLI-n%L9~$7^wF_d;YkLyfyGM zd=GB>#s~ZTLi>Xm7BICPZ;@azb1WPO>YZ)9UC7IW``|8cz4;m5`0#+a&hb7@`R#C0 zDDAB)*W+l1n{tYo@vs9nL*D?;6u$0nuL+0w`-R4vcrIWb!K=r~Hl>Q08{iSpc#lYF zjaT+CJ_po+8qk9i&B^Ea<4&b-eSdrI%eQ6IhT{SAB3|8Y?I_;|9su<=wBCv2O@$@! zA&9pl$9Cxl&8@fRCS&%>b{iKkoAK&?v4-;7;Wtq4bJm+vx|lfzB!yYJ?JI6c`aMH4 zK4AXBtNU?P%GZW^pk8(%N!}&owE;;TSQa)fjo}S4KC8Dg<$FRNsF&eIk|*zJ?n}O; z%=a|=(Wb|TB;HDn_d)6nf?i*-Ijys770dpGOGO5!1 zW&-t=!3xlLANJRI8_6pGNqbplYhSr8AooEdF9u9Qyt>^=a#Oi190lqfX1ynqmkW{_ zu#|aeBJB4wZHHUg7;+yeiMP2EZxhP5fGa?~<5MQ%btCUikQ8Gn-`CLhai~|~6>t2d z0M~rd@xD-ta|Y@R0`*R@-e<_0#(GI%PSUf@qb1(zvi{|O>FUHgj=HbG8;-Y3%4EEc z$Xf=IzGmspcQjtzkCS+N;njY&mhxNRC(wAqDUtW{!l?;P&5y9e1=pgeL~f zV7yiRx~2l<&xH#?y;ZC?kG#I{I6Mk&`!2QKi5>jkvWZU$m}i}K7)kljFc#GNw)NUS zZ5FX^KDhm?jy(?P^{2=y0W%qIuB{}$?X;XaD?wUP=D)xD>-^D@|1Ms(n8~--vZq?c{e|?8zC6d5z_-NlHN(>qT01`bo|k>TCt2slm+$!E zlLO{k$CpppsW8p)othEfh74bU8=%#;V+E*JPduQ_?`;6{jo z+mDhN{V4Hzz-)KCcTj#13 zfGO?xZl&yi!bb5huj7cEr49*d> z4YI|X#Cus5Zw2aWJB0p)H!_uR-|<$#R~>3P-ZIvE5qYiP8fXh{yk>}heAV_%;_c~p zyHP$5`hdoJy!DPCFAlH6L~y-jGQDpH%>9mcI^}1>hoD}%h$K(uL*J19J!}Nm8_w`1 z-U*mtj`tVJ?}ojg-X_*t;;3S#3`jbLrR&vgr|l4ZH(*|Hyp zRlaxMczq}9G*%g3a-Ft~<4ZVk-bdMoU?6Cm9c`RXkT)76O<<``ZBtoloMw8!EW@kg z_9V*Bf;phx0oEHnhWR_34`+irz6QA7AYMKGn^^&~!|`?}oE|Wpdg}endQ*Ygf8?Fh zu2-Cr)EmZIdRaPN`QF6)I1`SSQ*%kF>r_^2%h=G@p5HF4$!`ndO3V(JwRm%_cQ)nM!)6ejj5mFJZ^`O>G4?FD0NnXu zZp-xiH8Gd@5k4KiuBB{OxEZuv?eG73cat{&Bn@FH*DEv6k953=%?p^{oj9MQ{Ad^p z>YZXg{~Yo@fh4R1_w!G-pMO})e*O;wrW7}q!V(1OXUgw_KR~^+t+yE8Ln;lDj$)}^ zf28sMJ(`A;^RCE80aFpL_S*`SuK~HB-jA$Te8b6q9-aobe?{zAuD>%HT@Wx;o zlPE9W>z~R}hMCmyLH+>mt^0_)&m3PWcVWQPqP}jQm8_TF+5DQNgd_F4`Stf5Uw&qt zepcy2t8E*~wu$09-|;nQ%smg<&QwhMZprXfVx8+NmGrOWh%bq+CBASfSbhVYvi0FS z(004a_jytBdcZx<2cD;rTrZRu&$G^b{ruyAxy?DQ%Kb$dM}|>Pz51M{{nM$%bF9}` z-R-RXGKsgN^ZDbHe;Hl{ZO=jW^S@8t0{9fvDX}hh=G(DF0duqCTS?hpU*6L zN~L1vOgIPRT^l=2<~l+Ro|Cu7REg0n37DaduS^&29Z|jusBfZ;Pd|5W*17TRaN>*L z8}0byH_7j%{C$q^jSSz23||jtdnfR{k;OOO@x6Bd-}8JRm=o}ZQ&o+*`Rt6^`2$D<;fewdPz^P%yz$D-%k?5 zTi=QIB5F9JO9;U$Zh`x;yc1qx>Ey9!`6&wcZNkod)MZU6AM1rg7a`+BYvF z-ta2Ur<`~%q`aK}UCL79?QXs8$m;3zu_iZxfa=J|XTh1q(c4%-S*J37fuZE?1cUf;|@@|2)aJ@Cw?(a>k4VaydcPr(0!fsG+dFz$N zc;+OI3osU3Z=H;IBO3zdPrQ0w^)}@bun5%4twBlNTJpBR9@q}@Fw)( zhD_f^{(jNMwu4@`j%^N@OYrLa=~K$@f<2(#$E~;h$y^fzN%ydn=QILm`d*D!ud|1@ z^1Oo64*e?y^}DWG2c{hImY zeGXe;9k|bx#I5%&#`VdJ>#?7?zU;KaZ7TPRhR3n-E?#F%Evv9?|pxKQ#Y`xV^_uID#ON}>by-$-j4kR_Zllj(VaN+*_ ztU?w4enT=CG)H}r?!RwRZxyTq_44%*NnX`6Xj5njjiC(t+=2^yZy&o~>}%grL36I- zy^iu-;U-Y;$tf-GM}Lgxn#h-Q7t2EX1Ku`xb=>Jk`A1<0sF#o=d6USKG>7F(aJ~5% z`$hb)py}&)mr#BstOoU7nzHf!Zu0&DNv(NS&GkxOkfh^Iq;${>$6M8}Yf9EEX1YU9 zP;Vc9owuqM+mw^}PS6H=@Pi>!k7b_BT)EOze;yU!dw9~{li{HG1#j4TOV=)DD#G!g z-ky{rc{Ry92P9p&!6H z`}Vi`LGw0VP1?SHQBT{q5&v|-Fd8_ z;TR81K)t=KcNBRq!AzJ69eD<#InMyd^I|h?|JCb}ktRX&pcC%~%Krg@bJN~I);pQJ zFJKoG$g(ciJb2C`^*o+EzG=L%W*kGDBl#CgL-+4O;Tz;^#J)p;1O`WWvsUb=XTu1A3D4O?$r>y1Q%=2^VuQz7v#NXj1vCxCk0c-xWR1+E3xn`^yI_*4>a zv{TT$?8JLJ<>T-*s8_e!MU9J@>);9K3tg^HZ?|~`{&tgipQmD?ThM%sSNmD*i)dTA zAG_y1uQV^?nipYRGmvxz%WU(Wef_L^&}?(!ZAK5YxtH?tjEp@0lIb1Dx+kr76ifGcYuR5V?Yqu%Q_z&dOSemCMJxj+_~-S$(f@ZWCugbcc5~32@jr;y^az?pc=fpP8F4&zBhQaQX1r@y_nnPb ze%B@2cH1`&@W%1#_|S=1Zh_vA8SfqBJphshvUJA> z?Q8qKFLGT3ydP(HhY-sM$c$I}*=W{f_Oob4`$qGEX079$K%F;WS{CnY z@)pA?_#E8+keA^N_X?Wrj`zQ6hdAEA*XeOGNgO}IZpdth<1gmgD4Y$oLAF~W>>oFC zxsNT|PRGea@1QA<_rKncBew-jb;sL=IIe*%kQuM^ulvX!2oHkWzT52lPxrS3-t!&r zNXn0gS0J1BBl4HQVi2#kL!NC1^~U-H%@vM!BjtaDosi9Iniex5C;@J~v5fwZ#M{mB z{#X4WdOP#r|A9A&_xb;UH+l!>hmN-_?RGqz0-5bwle}}GDKrANeTQeXZ{$wS4;`#a`j z$Bz)l2zU-M+hGEEQ(y+X18%(e8SN0cJ7_98-v6rqCh*q88GK{oI8 z{KD}*i*GDU{0DD>{Ey*7aO2I(@P_XTn)e;=*OdPb3Lvu`N?giyG^h;a!SycB*pJQq zL9@*9R;PS@I3F^-P04Ew?ICkslE~QKVt6+=-cHoH1#X8-Z;ZS_@C-ZwZoEq~ye7u= zd&m1r(y_Xa||zXUUrYZ^3Kedds!Q*xv>OO-skSnDQ$i37K9QAATnPSIFFtlNsABhPR93 zEz+EM2b6_u-pb^k1eyCqL54T{P|)1#cu%8FZ8!(Ac`qdYGH42JJD6eq^^$%2G2W3` zyloEATPDMs#QUz}y$0Wn(DNU>_mF=-WVS;%!y9`zXqGzOhpF>9=dfR7Iggd?HjMR> zMzD0-LB=vk+71c4Kj78l&`8Sv)A{jBtb4u#{tT!KncnlryBJzS3vj)yGTI^hXwcm3#GCp45^V>X!jt!x zw8tmuK<_V!AVWn-bc8WPP^tZf%Do-lrXJSMhR<>xPW$T;jcjb$5fL z{s-{J9t)aDj&~5{pMa+zGu~&(8xNA?_f)dQ%VXrJ>rrM<(9CwcHyv(_&=WGfDWUyG z))(fD;9Y}PuWP(QJj-Dvh_@7-_Zi=nYTqMT`0GlWR-{cuIxqfDb1kJBbyy~q? zJ@w8%1h3vNOAHN~qrXkZ+YaBYaGT@(&3a!Y?_F37bHR-_I?Nw`C0@DzFE2N_1h4LI z%PIdo`~({B@luZdaB@rTr9l&D0IoOBdiA-2@Z&+#6K^O1`(B^xw{Pr;pn1sg4#f8YjB~vATkllz5+G>-%YX99^B`tK(7foh?^4Qt z1#3X#9qz@!Mm?NJk51*$9pZlz7TV~W&9>h z_1`(;}EJCEF`TUoazs=1(U+ zb2;~-8Dl(_^10dV_5EhvxQBSB8~KuU3}^dS{`>W58NX8B=fxXJru$Vj>#gN@?@gJE zcQ$#At+yFV`P_Ssu^lJnx)3u*Lr1fjrDeB z>3()`O48$c3~w%8y?@n}@_En))H}#}`;zwvNE*sguKzEEJSW~j%*Oj%&|H{I$2)@Z zaxHxfOZ5&G5&P|U@?Hl?Z?h~c-UQx`$#nb5bE)r9=Y3G`@RZ4Tna`zW>sQ*o;pc;< z7hY|L+4yeZnf3*a_i5{0Ox~9uX${M4_d&EB;&>lTrpLwgl>Y%rT#=5KIfx|hV)EKT zceozp{g;C;;8_8F|8t^!E=r%1OO6hj5y|wp_z2~9JivR%S!z3+meSI`4(rnAh} zfA{TQF9gjC$#lH(>_qN^ytCKw>V58%(EgKGE&FpjI?lxL=Hu1&oriA;EOos0esF3$ zSWdpARV=e@H+fG^>UcILXy!WJHI&~BTS41Fp9d1(kK{|*&ayCX6z>_HX zo-4tt^BZm7evbE9>phhAHRHHmhF9kc58xXJgB4lJaQn(TT9*#AZZ87QZ;zT^BMcMgFNRMFJeq=Jmu zQqVl+#5A&AAmuy5jiBDS z{yHx~-eQonf@L)LYwn z>ymc?TmhFtIgW1w&-3H$YrV(Bcy9*fqi=CN$BFj_%GavLcY;}}_k8P>-}mlMzNA6h zi|p49I`&AsspG}epn1aaK1#i(V5H;K{aE&knbtdxWw!A_z2Uc+pX1g2croR_f;FJ= z>V918YMx;NNyo6v=9T@TSW#nQ?*z?TPQ1rcz8ahk>ec z^HwL`n5K5@L~Q2t_Q2I|%QcqDl*f~2V| z|H&&4oQ2;Hnr|HMOv=xL1)yHtkAEevXb0aLVp*6sHY;d;#v4vWVaySfuL-q5y>tC_ z-jn2w0Z9{CX7g%)NG7SuU+;??;>8_IWqZlK2KC-!z5TB(W`=^Ku`IKBWxtU2O?(_Q zk2u~*lz$IqfqIu(Z~5zZRtL_8THtz1t@qCj#VgN0#}^09IJ|*W6uc*l=Wy=i;#3!w z>J_bA=aeEn$d}ZMWwv>ro);$ZzKd7ew>@!O54S)zZ$I)Mf&SonhY$0|cYR-dbV<-G z!CNL31;4GvGfPiUXC!2L_4&AQtjl~pE^fX1t{dXr=(NKm>bwK*XYqbS-e>R)tOPgS zeCySAh<*|@e>m;1f$~4VF35~mK9U#ZcnO*9kjQ96~{xoQ+;nnSS46#&! znvfZ9L-H<#ws1MP?XWZ>UbB?v;~cL%XVsZH-67Mf&sp_mUFLIEN$b_;tm1gD!K?jO zx7*!WyoGJIf{g7J{w!$jaN_NcZ#X=c#rq0*@56^6&lkDvV21DCeS}gO{}*A zd0jzLAC_^>Ep*urtre3HU=&dB1a?0ERPuB1Xe z5j>aR38#wkj%n&w{E6T8VX2?lO^6lUO zkd~6q$t6`u#a}1y8z|mo|7(oHhj1N!O_1M3NNO??4w|XxmuLVfDl4W7uB;FVB>V9%9t!1c;;zZZFZLDGXP zn}+{>T}H>_Xp-mJ@KPj|&&Mg&N%9L z>E4p|^Gcb*yh*&P9PiV7%#kp{@ovrHl`@5S&1Rl2$>M$1@p8D3v|qdj@`mvi*__@l zp2znhOme)xTkq@SO$SMzewzJ$hMpHB@K$iVfxC*BPP_ndj^o{9z5c@gSIT6Yr>HlH zw~pie2;UM|>UjUM-ml2p2$Ht3EX*6(!t*6~HT_Ka-QeBmA19^%KI*S5emr?i;0kcJ zSs$)NgtrDwdptT{xt20F!teL`=bPf;f0DeL$iD+5-On=H_@&3mB;MPc&pnXxkHfQ| z`#TW!zC_d$N^B)$FLr2Gt+1KGTb$X@|V!S&{5c;k3qcD$=8 zzY(@UHt$aI|AODa^+qzhW?RtAa=azG^866gJx5p$%2$RZ*$4H#_B!(6B>l*JZoE=g(w+Dogh3!h zB+lBYHO6~|ymw#$%mHcFF!%iBKI{m4Jx=eJChkymBn9Y-E>HRJHF)64-$CR;mNh4o2Y*eJPaD29bml4N1?k`GJTCz~>h<|YS$FcyJd?okC2)V| zv%tn%%k$rFmfRII-#hWvqh1rZ64X1-#`_3)Pr_uF0PgQa=JLL7=?@h+8N8JCHNOYV z2~1S9edYI+7E$LbQ11%smETu7q6hm4Wd1&Dp7rYQD~11{KR8}(hep&@uRL=}@}wP} z0&Ryq3>5l%$oZMxJwcO)H=L@ii6*XFA>v)?1IfM$iFT!+!1C+Hc>k^xtzSAOACG=Hr$04FCTg%0CUGK*n(y z57wvFniB7jw*=fcCDw+NiSol!yRAox%X>IhQFgWCp?e(k@t~D#1X2R;>EHYRE&nF* zZH0GlNsm`^{ME%z%Huj|FUAW9goynC{~cx%2bSP{^dZv>PZ_Jq{QWxlocvD`JvyBZ z`1^Hu?{&QLthM{R^*?##8LPtPS?0))dE4>UqP!r_l4<|U7O$)?%p1Y`)BnI5!&`k@ zx_$qvcoTTLI^N#AuUGhVQsM0&>kDfKQ!ZpiI^N9RCH<%EcA(!SjpChySJThzL_6Tk z-g0#He>2XGWm&Jot+N|7hG&E08HwY0c-!$*@c&4mo;aSs4}L-US3T1lPsM}qB=DSp zN9QB@xn|&z{@9qfIh;w_Z~u{N!jt&}GJlY$y!)%)AN-v3w5 zCkykMqeAAfEZ%vJx1q1vFWv)r!+2*nUJmoA_n*&qysfi%OIFK%UajpA!MnnGWsbWD z-&)w^cp1_pd9`lixoKzy7lF)sXEN`VIeH%B`^D5(Z~W+xx%@}JqWml4@{QDycMh>> zQrk`D{bV21JU!xfV;+bInO=CcKXk`=7xV?~4;RZHB;I`TW`d*-S<3I$WL_uMc*ERy z8HrcN=|z49lz$#b{t~YMytJ)5c ziXn3}7gDr+w^05k_yyFv$$I}JFL=8j?-49rZ|43M$6Ggx_gLzwcbDTm`5?WfQpjA1 zSGU_4)H@rRJ6@*elDzKZ-44TH0J!f-E!Wb&Z!XsxWVePV=BjJ##mc^TN zyhHzmH;%Uj-m26MGtg`i-<`!w7_=Rpu-?Ap4TKlqY1qJ6x%3R)uQaEKSx~_5Y_YxM zccP>}gii{Y9(Xm$c=i!>7J`mvqgi>V<5>*vaJ*%xE937HeCy$N(0FYh^lIP5_if=a zxEQ2A==hs&$6vi(W=;;7SsC%lHIi=B(|9ZWi+H1W*W#6!u-OBV?NX;un;Ezo1MKHh{)wKXeYZ;Q1AWL+r~QkvAh%9_i82BCUOjao{JGO z-$>RDnQcxxJVg1AU^%E)uQxU9$N4bygI+M9D8FR@;%nm^XH(v@LZ<5W^mZFW`PblW zP_NvhC3&sy(%xRHw>A6j&~E~e}N+Rr@j3gZ#D88LOl?#KIh-Zw!=Q}`62VJZHHlO z>dPp9Jq!np_etwLBgQ@tU7#Zj=*~5VUB)!!xYd-0Epn-^{WpAJ$b@#J+AsBwjH}O6 zXAJ0mH5Tu|?)Q4VJchSg7Vmh+E7x@n*4xzzrg;(YUWf7f7orcgA)LTj#gnsq|dAs4b z2YKEJ26X0ozRcOfv~N{TK%18I=LK@Sj$alsQ=N7w`C3tPDRnLbZQsiLhqS}dtUCeR zu}}61H+7U?B((^c<&Iak+vSe;SnKtkENa61fx^7H-J*DRWbt007nn7lk>YT?zS z?a+*RqD!6sA40s1ZM=~yLZ%H~=?^`r-x6OhcnmaNc_$;uD&KW_{xxZCQH1{sV6##_iFy*DEh;}Y`4ZX-Wc8wY`k|+zZJgTFbFi> z9`Xl>cRP83hiPA^2yVPvGUAQ43z?$!g0ocC_H9W$jaUBOp~joQdm7#_&W8!GHNHF; z3>xpFHr^(WaLpL*h1)>Jv)n!Yc$P}LZ)+;cqda&7T`$?|6qCg15QdZc)7BY&%H%PQ|wfHiEW8!nVW6ft+K)8dwHq8QXc4Kb{rX^*-mTWVhP%cc(0_Mwr_d72fM#%KTF`9gg2LP6V$&NUtbsu8gEq_Z>7N;`=C8s0Zr@B&+K_l z0rA#l8_WAt<@f1L?~wU0OT2@qr}5VK7x6~%ZpJJ9H%k3s_}+v$pz-qR0!dzrA)L3u z0O$*o8*!e)1UHZVn|ozZQ=d3x{FV7+_ztc+GZzY^s`7ni%FlrhLA_nA_cQWVgQWE= z3!PWvt(nEU#qnPKFT6>-SK-y9LY8(IFf`r1Y{HcHP}(<&_romS;f|MS_91%{c(-L~-{csn;jduolAA_XNST+s+{rpXzS54rpg;(}tNncQY8x(-{-wD=x1SblW zP zMFQ__cx9Zt9?|vG8wO)Qy)&)%Tk^gKZ#dUUS=Ok}{`xsFF;0%)e5e}xv5u4R2Sa8k zUQN1R97A2*ZZggt?0%v1C^H~rrr<3vVnh}3)q=}G<6URt9Z%jANWgm_=Wjc1_U9$} zvR_b6uU|zU4w(g6;@vmqp zi+H1W8{w7yE61mI@GXWUXuKi$55}|dPcT=98X(ujr2p!5u^Jov>tcG|ogBn=BSrYXK_p*Lu}N7{H_A@3cS2eZJ9wQDODq223_gKhin+mDBZ z%=RqtHlnV^8~zvZn&DhG;+$OK-AKGm@LdnLfyR5XjrT3`=0Orxf{Z)!&i4E7OyZUE zH;p&^M94J8t4aIs4(e&V)ea$E9d}}QZ?y3?BHms2%8j6(g2vm(#@m#&?OOT2ecPvdQJ2=O+z<3kkhOL$Y`B#qG*-yj$U8t)x8-s$8? z`k3WBaF1`xiC3;~=S??${fl@bFYx?IOqc^@0 z@Css4_Wh+w5z~-kQQ{?@H_8%kW9n(V8xA2} z-7mr~hs+Usjfv17IumbGd|luk(0G5h@h&EBBX}eEeL|MyTBZ9#9_=glleGVaUk#Z$ zcr|JNJ%zd&Z&5zi!5)V+-WcAFS>innuf}^MUXphodC$P>kQr}&M!c~p9N)6UyM($L zZ^eHRZxZiIcxBvqoA&(-U#U@CBLt0?M`LB$VI~aFlo}lxy zQD-4&yhkHF)b@=`4Vka-hN&Cj?=8l+4t9gaTZ(lguMQ^!5oiHT!9C6w z(7tk<-}k#KZ`05I^ef80(jU50NA8JgymIV2*m(ENOWp~YbMS_#E60%@IQzp$(0Fl5 z@|Kae2DZT_=;+*E%;iVLB;I2-^E@Yolkd_Wvc&5>pN{uf${ljN(?VvljaTL+A$(z| z4H_?DN%C$auQ$Zt9+2l6bl%sT@j*VXwr^s3$b6P1-e;(%?Rz59Lyb55UdZgR@#gaP zM&ZkcxuEfeQsMGmS@~O|c^(@=AjeIOx37(NMy`KdBQYanD%vmhNOkECr&8zt`#e>6 zX2?YF%JEI&Jq>3BT7$-Wr2IkI-^hCc;xG!HKQ0~bWE<}mt{tY1Z|^g&&JwTebK1Vg zAU)Lfjm+YHEZ#76W&eJcIF`T$(0Fx!JMIPEg#)!f+Slz5dGuemKO{fk{&+^b&8heQ z-ro`-^PLlKOPn{r-JtQ(29i99cQQ-`iFe@f>GoZn(SMV(L(F|?0Gp&gNWA~={cTRj zG{76M-o-dShc7_mJ0&7~YCS()~f>ZQ^*J{ukaP-Ug1h1-`4`YR6m8 zdMEROgihp3ntyD4XC8c?PhV^dwweag_;g3S*#Vp>5jpYg*83rO zOF@#nU$wAy2+t3hEspm~>U|6AK-=LB8Q^K(t>oq=qaDi#NI;WOB23FLt~g|AjZQFl5?g@pf{&=l=_D_+y?cbG*7=-0OI! z`oq3=DEmbW?g~YUI1xH>A&n+l8V1U-U9d%+-C|(Z7O2oi$dl#C%(-0G>Aw3 z3Wp<}cul|mA@g^F^qB`eKA6Rv2RhzO{OyU`#NdgX7_`4cqWrZ!&tr%lQ6JXgs}gxr1=w%!DD3AxXh#QVA9J&ZbK;5bn4B^ln9 ztZNRgH=lW^#H-%u%8)s=cskzNydrLXV?|3hw8@)@N z_Z%;m*CeI(TmL`#-BHT9@rqND#%orE%q4iW|H>XQ3+HUddxJ0YmXLR%6-ygt^Xm7e zqj+08@vfw964pCjZg)xYHj(!;Ncx>+Hm{B|NxVHAue_I`2shM<3)GkWjmyK5_G^a& zy_dm!72-LU^mdc?GI%&cj#ti;#d|34Wr*S(i#MFAYRr-NPJnuj_jZ4sH;}v$@G6Xl zc|4;e-}9C2Rj!raALRSP@_PZX)jTJPSJNWOe-2-Q9JZt#uJczG{f<2IV*2}+k{$bo z{!e|~?m4Wl1Yyv2yv?ug6_B?Fj(Ul44dnijeh;U>_J7^(k+s|}aJ*5<-vqaSdY`x6 zLF7FLl3rq2=PHgjSNfkkC#@8{wD3SiWO>>Ky$<%oZ#2}ydh?L0`pG96L)-Pn~ z9{+L~1Cn^E;L-79DP_Ke^`PTX8V1NS(@{ z-faD{^#SI?3A~p$-V^XuhnkMJtN*#Z`s6hQNmsCx{iw}Z+*5Y$Cu_XP4a~D0uk1(d zsdEizyf<5~zwrM(;C{3*WbVKlwv{^J>je)u-roK?Zw7gv!bbQS%3Vxh{2X3AzWhb`N?dTR1sd;t*8327<6s`V3svsK3$nd(`3|To_kAy9Ysjp_ ztM^GZQoaCw1NA;-y}?Pu2w|uQ?tPMoJ-+CDk_6sg9q*}>&xNxaWkh`d%1g{wi{ zQ?!K-D(|Cc<#@-_4$<#JrfkV{`*x-Lo$v^#_f_j%M&2ga1HZrq`a)wmp?v=5o%ZdI zH}*rw)W)mrTmBV((-K;Ndgoj3MDjj_E$}tC?VFd;zR3dS*?6^mgRipPpbDsWqxD`* zUQc)s?uG#k((%@@LL<~dC`9_n1ie3pZ-JiigO+wHDOcD}KL?#4H|)LYJ;4{asybk<9%!!ny!o+pqwLKN?ECtmqIkDb)t<#_E+ z?|7NN=TX@A+7fub&*C+&rQ@w<<2@8__&1)b@Y3z8@dg}kfsW&mT_JNZUfFI*;_62E`{6;*?KaNFyNtXwuoHd)Io>9> z_|Na;(O;+0RrGip`-AUSB4?l_ol$5+|E zWE>2e9P_gCxf@fyE!+(1eaw2tk@pTPhB@GRr)G|?MRLqEC*BQ|{|$23km`NLdK-~< z74(44;Ch!^ubh8Myzyc=W-(sf4+c>F8F&@cJHdL_k@qWR7Kn2Oslt zO!2_qz0W${{qa?J5rystan)d%72li^L^Jr}QTH+c`ru4DL&j`u|C^%wrX z@*Wg-{F1qcq0wh&qS-cDPqP>QP_z+nZ7*k4O{UT8|#|&`Vw>{-=f?GhnA6V}g z^4^6dFc;)~P&%(0ZpSZe-`J5k<|({7F0P>bH?S7eyV81pBd;Vk?T>=Pz};?f>(%*J zq+E`9(P`gGl)nhB1oi6t>oxKg!d6%Zb?zZvJ0H)tUTxpx(K%*{)4sn`KJ*UbAgEWr zPk0=8bwSdFEbBK+w}Z5?Bz^yOw0w@4j#pDN%C}w0@2jzt!=v;E`Mxfx=-uQ!1bV(F znek(D%sl7w4rl!+cmXu7a#E0fD*wDszNEP<-FEb&N}t!pD&&}@j&~vDS3?ri%jtk5 zZ#Q`*-en(vGT?d>8SNOUm}9m%-s34>2kL`*_4Dy$oJ(WX5BuqN;&3t z$2*Dgi{MjG?=TS(@5M|gT0?KR0o?a&6xidKdLzf@m|!ryeY(?pk5K0^kR;p3p5GVM zIkDtNsdpsxbX*!j`Dfud(0J$;l2X4z_lotMI4b-1_;kNX;;o2R$B#FtHxuSMUK@}1 z6?q$BJ8T1aFU5u${(ipHZWlfN#lktJRu=E?)YEt?+IS1|CNsR@6LL)BEZ(xy)7~lv z;VsDUCh)d%ypfw2t8vzJygAl;9(fl-E7+8~|NSEKgdI;gf0OY%a$=6@iC4EGU#j(_v`lf5{eB;-$5&oK|-)g<%b#nkx}bo`L(#Roed*7uY}@ji)H$LG)S6~GSA zcsXoH@{XFpc^61(z;eSmOuo~tw_j2JHK%@i%JhZ@Kq8R+(OxGjK7qVxumsA7IL4jo$265T4A*47=Xh3AW()iV z>aqJ#@k%o}PC_ndEb^Jk(09VQIp!-oVfpZ+^C@!`bOmjv%Kj?vb@CR$HrN0$COk_) zT)BLCQecJMqOVK-1#m97alCH4;vK}g%=;EKHt#>r z4cE;vr_m1D598FC1~VNmLz*OSH+dCi`Tg(=mR&CAx<`|L=!f-lOk2FVpI=0^dek`^ zw0(P6ufOpBy@GOuwL=8&?@l|6?p)L~z!`D8c^TdtS+}?A{_PvK3egA!s}3d0NH!Ma{S5OWMTJ_4>Ub-5-*8 z$2i;V2g?5re}Z~--gw*xyz>+!HDx)q9Ve|#_up=E9Zcq z-EPGfk{4i*tOD+SyG361c7BdohDVR1%_-9c+JVMr|BBaGVEk67Ocm zdk^LN!^4p2eT=-PLDCqOg?b}7X0PL&Nckxs_g*u-Z;?L>B+X}8m^XewjwzdyZimd@ zpOE&{c97paUuwOp4&aS6V!y?!``0?ke-FQc8!yKtuf%NTjc^QfjPJi6-m#Q-f7e3WSK2}1eTDUs4)|O{;~aCp<6Xaj<0Nc{%y@q#ugFF@x^i4*>BgJ6 z-$wC{aJ=%~@+rhL4KlsrllPX-VO{2X%Xir0&LBFE%&QW3Cpz9m)L8)={=r*rPBFem z&Ug-Pym|IGsovN{Ic6r_suBz-^Y=2`_C1u}%Lq5&{0DD1W#xN3^fUMOGFHN(z#$TPrE(iBx1cy*fGym7pxEpHRj-wJIl zubi*-AWp)4{C95NP=hp8*YXx%*Yjbh<*k=Pes!AMykWeZEbrHp;&7ZJEblEjcy*fG zyb-)ZEU%s~=()f+%PaF?DFeOzr};t@?^AeX9GZ;p8F<$6jxqUNL7Wa>vfT`JzaBRI zj*LU$hH2_^yfSavNBaJZd%v)idN#>;uUwg5)q=)Q4|;K8FW1qtOncMguf84^Ym}y1 z`;y+@#nOF8+CG)+@eEpIK-*N4U+-g(BGLENM83`~U4<&x!4)$(r8 z<~;(*KvzAPgB2H-czJc`;hw^K)f<< zx{f#Q_AYfie)nPj}D zfB(`lP1Uiyt4Y5Jz5wycdU3vw9B&D>#lZGP-QHGd>JGe8z7c(@( zjCTOP?as{`YL}*VVd9;@5Z)J=ip zal32{*Px+3i1(tzH&32lPT;d~V0&BcP98Tse+afuQ{C}OeixJeeOL$Lz1(=eA?_d? z0e#=0?QLV)vE(<7ca)Xil#f}{g&N@YjwWsrybLqI_Hy!@Ch==3hyK&@W|96g*a+fXZ+TNT zINm~RbMprKr>TK>(-XPi{(I720aZY}zZ&lr;(mmaa0G6y%=L;JojRL-yHg()(b?+f z*hL4XsrRh%z3_ATUg!hjmHQ^P5T`bB4IPR@;{H6=dUP2Ss^GN4)5q@`=uXFQ^oK~|5=Ij z*FjwnudGwHBJM623>l!WZ)bd|)Ee&l%5?RgYDAi9XLQL=Kbvz5c)d zbiZB@?*P1szK--`@jVI8Szd}!2hS4XHo{(r!_A$!Z@Y_AzROKJzW5<${W(4|O-;(d zdz}3wzoCRSckh0eH#(Z@j(CI4zUsU!T*rfsAYQr8_qprm0f!%_AGf>*NPo!}%%4EKGH)A4+*@!EzJWGFxb8T>@$NPCS9?pbV{~$w zT7y^SSKe*3C%6X0d(4zWPvXYH3osM(^NVGDKf|Z}oG_}R@zE1ij@D7OgN~_<| zf8r3I?FYO5E;jY-wD+kr^`qtelk}eL%#A_3bOAaf#-T>Uw}AY^&pcm@nejsU-{{k< zf1RH!hmP#i8}0$|_Ora(iQfa?fSunBZtt`-Rm$@ILi#`86o{8;{^|Ta@Fn*~!9!qs zH=A;h{KlrIsTP)Z3hAGN7eKuFJvaoOQ8y*7j-r@45 zeNCO1mAp=+%eJY@8=94-s^bkh`>HG1ryN`Z;-zWo;JJag#?S#;ft}xMQx1ig>?WT3 z{{sCl-kQ$7svGGuAqwKX&iTyq`A+V!0PifAslk?ER#v7`VPwD5%#uhT)#v3%=OwzA}T_E25#{0^* z+;<00^ZoIX3aeWl-gpM$*O46HdyzMy83E&Ma z=YBK1QXl$}ez4vL#JkCOUm%*10KCI$A0B_KEOOn0@To2-v`&Tv+w-Zjl zA+Y<0!?!x^_&nN$UUvzt<~l)p0CH&ah<^OE++jp*a70*l`tt! z>3z&op*=K)`3R)`j^(+l2{-wDL?4fhY3dogGLKqB`uE@i5N|(o+^YY`{iDzwI)k0x z`KDbwNuQDMZb?(`TKRp9^wVG_hTDPM$tedfTiYw;P$uG(gZhGXOT5yrpHKSY zP#VO0z<3)F*Bb7Gj$rqbEloYs@AK2;8^?Rf^7bPAU>FACJ(qe;@VrLcJFo^m0NWcj zURnQA+tbv=^q(@1`keG}*bUyYC2G?Bs zJLMqt_XYa13hWsAfq6CFU?Mg5O_2UZXrlKcPOq29{S|$Q8w?X+6xi(|%alWu{FY_M z@ZL0a!t%}_{R;R5#Cx;zH$87;vo;3#f1w{{tIJ_C=)CSQ?O1y+r2mcmoTfq-CF}2% z>{A1-2l0Mkyd8+^4m$K_YnQK-gUr`s+4Pfmr5)c#`qyC@h?k#9=-^p;h~MqNx3CfH za%f|Y+X(uzCrBSTlBOQ8@_Ur@`F_QzL8i-hgz=tF+~uIdfw?(fKa>2bqiO03*-a_L#r&f4x^bn(9@jtnWRVzdaGAfd1Zxkd|`t=gA^&Ijo0OAosWGIu$eR zK)!dlfL9f}I9Z1MtVEaX*U{!J*W?o-&c(H4&wTN4g=Wc>P_>ip?GCHdw}#4U^0l8rl~`se3ufh!~1M^ z2b1R$Qoc(W&vg3=dcEoqywYwzBz^JWDQbh|J*h=_zbEb&I1ZPlomn5^u6h>58@0Tr z*hhQM{VkbaZYNB5gT!48mBH=Jc6oz7ugbE#*Rf9?KDjf883qkB4$!Ny*-f&HaEW%2ns*bX{h$Jt-% z=`|;*4{#UU4*LBa8C#rw)w|D`hs*pZ*vzXgyd>!zO8QCgB8c}zCkvk6i1VLfjt)Vv z-_Ms}`qk6xAT7MA6J8m&nv#A2ECum?WV}O&nF61~yU>k_BlGYqezzNM z7vlQB126#W-xsM&Gfy((VdyTe>Y0OgB>Ras{x7_RUEVm}!Fc7kO~>~Nyk>b>lF-4k zmAIpj_&)_GhlX5dTWrqrOh+K==Bm3_jl(O)EkOD!;Tn+qh7%^`xtqB0FdtrkId{_z ziaO(VZBu^>nRRH@%d0lwm3HwS>DR($5btc`-A~*hI0?r!EY!<7NYIpnw2K(tpYaxQ z_EpV?rKrx}DVX%?bpnECGVya^31op?&$gNK$QboO*RyDEuezH18^l}rsuZ<}eQH?V zi;cJBLn-PFKEIyrGPbri_=Gb*5^ubZSGBaf*`)8oexodJ(0JDne{WgtL1p_OTicuE z@`n0)Rd>8{+;-yo8Gg0A^4_3KPpXQ-$M7z!>dtY?aO!QQnSVB6zO37EJcIgxw`HOT zl`2j*n$14Hf)2+?)8EN&!BlI#O2(I(b)3qr26)wM>w6z#|CBKu^cKh%8hA|q4O zrNjr}Yi^>p`|EUb{AFD3|){*_|Sl%+mYlVK4U=2w@MEAJ)bz+>&|Zw@6|bYAG5sG{)0D!cQF09fzoLf0W@OH7heW(kA;c3fT$MSy6XIo%B z*xqb2PD*_U4f3iFEU%wuL0$?!THafXS3f86dZ-8P=R__x?N+=|yo&3WVN*Fz;=Ayi zRCOsxeQ0L9-w>C^L;tUXbm*0yPwjof86S$g<@8^l&@WzwD>l@t8sqI{yqTnb3zmU+ z`x|eEv{W?`UWFM@cq8itpzGLNbAQAX#!2lB5BI8Gc%?ox<2!bS!|W&CiN-sh__yIB zh=EUJ8f@xAXVTvT133cvQ5HCw@3Gai%Jq<6y^I&^pu5t*C^{R*P%Dia->EDLsAYM-06W(3K{S1G? zG3Zo0Id4kuUZLJU$VT? zF1oOvc$tzUyt%cD4W=BVo`oOts%1HN2UuRd@;`dxE^i#~mK?mJEbm4C!kg{#hR1u= ze#`q5KE19GwY*mt?{ebSz{A_Tfq3sV z-Y{{4;RzTC-I(ug?&f$4oBYZ+L?^ADu)H$goyvYX=<=Q7{Aan7Wm&Z7>a7Lb4t z#IpcTF!BGCn!)~KTXWw6TfMvXyySR1_Iu>#^LaydlJgzMn*9BI1n)}AyNL83!pD|( zk?~%7KJ6KFsLWPB&r0s+wY^dD63XwxdBG{@fhhpfzLp^9{PNO=O}UKnwR-p%r@g^-Y?U}@k)MmKc2Ww zJk6_G;g$SeN&4zg3&eYc@m^UZRrQ7!U^>iU9iaWp6t$)t@A&QP^ou&bZ&D7is8>CJ zHjOFrU~9KqDF<1{593{dSK96Uq<;pU1@SI5-fxLJ0vFMtoeM>{Alwb~ z^UY?u=1sAem_G)S>kDN`{|4t}RoIGmzwtI8t~KZoW}8zz)Ay@pQohlbSr$&G3)UW+hopr3!Pd9mG4@coz`26m;0g_U8KBAKd=T{60U74>?Bh*S#uV@nrq|lJq?t*JGeZb|;8hdw*5tp#tgF|+*BN?%hpPMz zedg!+67Mrz!*N?jes4cU+t%4!=T$RJIq1K0kn|^^Ad@ihR&*M<=Q851hMVAeu%CC8 zZjPIjL-8HR{5bsIj{g}8dunWG1vex=u$dtpxh_hZA-{Ms% zCGx4DmJ)s?{kcKv5s3FZjwiv>i?~6M3FBZfV|;28C%;wAxcM>TydE#&+q~*xywctl zlm2tq0^+^ecrP!WswzV#xD~PwF*p5$Yredgv5oQScA>rD9bR=6UgxXwP9V|`fMFos z&c^#BanHf4@FLjjku6O*%)_bIje}ovozlwh64HMJpMiLL8t*~keg|KPR8;`%{vm9< z(vCwry=oxdOZXd)m8CwB{(9&Q;vHtZFP3HQ#LM-XmZy(|HJ9-Yvhf8}I@h4)EH0q< zX@WY)qKm%2An5U_@2&iHtKjtO8EnOCez@bwB<^K+3l@TYpPr1zgG~9J?$-&!e#m#?l5p){WwY^i=f? zRKAwJ5%llEm zXlLnnoVkt@z1*k%u-5hT^8hblzso?p+@h7pZ{lC`&p$m6Fow58spNImlK8HNn=Nk& zrw9a37I8c8Y$&d)$mHFN%|Y19!UEw=Xg^Z6W11` zzt#K1*uT;x$>T21^XWu7`M%XnzT|J{?LR%wCyuu{`I7b@#`gd`XnC6(Z)+wigWzSD z0Zr>M&Tx~PZli;lC+V%+FBvWGQ+HY3gQPzR1*;|VdykV*Pdah6p&2xQ6F3W3an8>o zrXQ5{AGzA62H}U9AFbe1ldR+OKIyl>E|7Mb z<#dH}^7oU;-%#Qn109}XYu^v0%TkBa z?K7QrZ+T~s{#95A;{DTjR}!}gbohpCZr<>q? zp(tB#h2%Kshxl^;;mr3G2+&O4na=B?ejc$ zImGaGwY(eI?>qP P&PujaQUMQYNgLJ83AKz>Jg*wj}k-*7dbnrwM%lKv)W0OD+stSDZAp(1U4swdu{IUcJ>zYRLwn9T1|(p^Y2Z{H*o2a)Cf|}6n zL7vZkuT#(3-{D+OEl2r&MdD~rpL){DZQ`Vlt-BH->9Vym$8m6kEPy)pJtnqdtt}l#$2SN7>@_XehGk+0p^g*BU zUX?6|YnWTjWS{3jymO4#DLLogSNS}*ej$#xwB^kr{rj-e@-8&q?ZoYY{ZOX*nZLK+ z;40tPFrT{K^8U&`-bNf3ko>-9ykm%a66U~jpvxg%)0uy)G52|&E{EYhH4tyme96_M z-vmE_cn=xxwT)9%9cTi#fL#t{4?FWEeZGG+uGqsqH3qM=vp%FB0gr%qOe(EZOOQHv(wJ9&2iKHSV1a$bfizcX?eq>e+b6t{rJ0jy{f!fA3nD!_q;)KxDgI_ zW}UI8<6UFscj8rJd}FP-h|Nn^H23R_!#F4mN$g21+=!jU5vLkarePU7zTEI$adA=INs`bgC-y2NIw%6 zgXFiL@s?@Mxfq0?7TDe_em`fIL-cW?D&rvTg-tnJM2DdJhtMRSnvGZ5+kNbF@Rbx5VJrDPWW1Tg&4$JB8cZvn zoc9KecP8iOJWh-2wLUeA_9pG(ebVdWwvnxP^RsqH@aW@qLdUoK>v2nW9k<|B1nrgU%WcejPrQ+5e5$pzt|H~I zi~Yp=~gd0b7+mLdI&+w_vcx8OcBK>OE2I5_2ymi{J763irPUyzE=`D58Fa*R~!d#D;P258G5SD|?C-wIqWa@*Q$H(!`!W%T+&7|KA2SB`4jkoFyexKKl z>*dfKs@};Oz8R0xyCmli^XZx*vpEmSA-{vzPrS|kMSe3~`3=osoX;V@&sp9s|02H` zuKdPd^r?eZe)r=$4(hgKeuo-wb>iwlD`*1t`f!%apOJnA`-%Gl3bp5)1ML1G z>}qdn9{mGesb_^re;Hf};$3LGRfwwxt)Us%>pB_6E9DTw+t(1}{y}4 zl3!C&Ue(C=aE;_C`%Poc6xqQw=QdwWO~NArP-z zw{Az=UCh=6#XG2R!5dmTQ6_n}BNo;L;Bd)VYxkH>nR z8hpp67U8X#Xhro5q_(Tnx6rdeHe*cy)f48?WRy{H{-JwaWJw(w_j;CF%Xdc*_u19h$){ zppToZqZVoBv^QP8iShV7uBTb~y^Hi2FbE{S8>M`STLPcM$8fkM*Z!J1`K@ZaI=_i^ z$(T>&XCYdSn|SxKpLoCi7v455Z)}B66~$ZD9Jh$SCsYX}{oHQ3(8F0cBK^H|G!59x>TJDS04CBK&%?+e7e4j;n`uBwlI9RY@O$W+2|R#`_|1OW-qD3A%jceDiH{-ZGK)ru&EJ zW}mv?n&kNQ6Y2GO^-;FsO)>YM=<~utJyUaDuXfE#f?Is5tmO@`pPug&V=LZsjaT2l zT9No_@RxO3msf4|srr^T#6J2uRtw9kudxz5`Z`vB;)j7;$CCBxLFTy0c&xtgsZMyM zd?&Kc^DrAEza@-!C2^bJdx(QQzGWKk>G5J4=WqP(R^|`CkzSW?YOkcXoK?PsiPyn> zJwUfL9VEYTyaTOrxS0LQLoLgjE?(k>!s9RobbXNXmi=aY6L08C`UlG^>wPoXPs*XW z@g_2A{`seM&j{Wht@Vew_=@gLQL8O)2jjhL4fpU8pT9T1(P3-PqvEdm5dF%hp11Ow z#y%H8QIP!JZ@lG+s|GsMW@~$$(oL3ccn8cBApNVb5X4(JEs;gfSHvBH!hN}~4yxYCa}Po1^|0~kcC7o~;2xi< zWqE_7PuKf^cq$_Dmjmm^3~6A)yFOPlTUTPEB($~((C^B4YuN~XuKa2w*_?A$+nZVzAj#Q z4zb$L`a0giiPXIBiS$PyrC-v^BQ11DJlCu|@i#yNFyh8S6sAH34{(t7mTme6@y78!hF8unUMBsA@EM4gpNb{C#rpI7251iT zp)dCa-we783S~LxLko_uhY9ir&w7w;OMn0nBxvG29IH{Gs6yryOLwh#cd-2fWhW#*%(NWP^C~`}hOYhoXZR z-=RPBhPMy!?!BL!{O)eisJPrOpkp1+T=02Kwni((+zS`YKQh#LFpZ!rO+pFbsg+V0#O@ym7qOTHe8=e;CGqc-I*3G~#B%VwexM zH)y=0IZ!&k(R2Ok7Q9k_myv!YtOfCYZoGSl`vp>la340?QdT*n8}I4&7^nGF2g`dd z`&e)@CZw9SEyt|F}PU7wX9qwm4 zv&LV&v-a>I?KtG~tKm6#hg)8{QXM@1k2mP|t4UTlJb_Q2A5XWu$Bj2m+M8tCg0wBI#?v4Io~R@%AHbD2#=XV0-7g zywUUhYMbSKne=bKTOeMlOd`L35_irp>L8p4ws(ii8@s@-_FLW?NU!H-joFHquaxl4 zAns*&6BdH)_3l6OxCJltt9(2!LfYGRq(1~lLA)0kZ}o>*w}*Dn95!&^Wqh0K?$_Dr ze9QYV>BqxF5N~ngT~6E@*aGXp&Tnm3e$^#@Roe0%BK=878J_f(G2YvV>k31lKj{3* z^RD_@UOkTrU+P!2EbmLCe;t;9c*B-Aaeh(SuTEIruB5*g z9stSj2;;qshxIHY{xkRp?E3Jys~n;<(zI*!1jPyaNdGGo9F@FJJ?MOtTAH}pa5L!N z5@hn*oY>{uGl?^Lm7m{kBs>wFyfta6eZ%t#*y>olmc%V0>O$1xi0gG>atzbsmk#>2 z&v044s*{6fvgKh4aN3iRgGZM~u$*7D#Ut~>SWljD11mww%Y19+sv7&~pg+&)ykF*r zVZ8TR-gn5?3efL1bbD73zaDfLT`K46isFsoea!N1WxsvoWq%I&{fc*Servp!a&KmC z`3;r#tJ#)!FZ*S~VQ}a7xQ-j`0o;~Jf53~YXP00 zo!%Bt9{VJT24m}=d0%LTX_xZ5c6E(k6{visw;%fqgunCZuj%$WE#TBC@ka3$$1COgJb8H) zUI({#8F3%LYM9=``CZoLYEC~AG5MA94OaB4n=J2V?DHjj3vTa^#Qg$)z){f0Z7>(l zbY3U9yivSi%lkPG+j@+=OaQlcC!g&z594ybw^z#HbbcA^@3*`ukFXvNMZxW@NZfT$ z50*4M^EuOlT=gu5_i@YHf_*wcPjGt&6E_Mb!ee09->9n`!s)a(yg_}C2@mo;pDE0G z7`VM-`D}_Qhv{r{YHxDCh`QFVmYxM~6z^uM9Q1p8r}G_WfjhtY`{?)fzQSkj_x5JF z%0X3T9JIWP*ykNs@i*QL#BTvV4^y+tH`8_8!g$ZAl5B5r_L6)(DnYFr zyiJH}2VJ2v*yS5@9k)nTzq-%z_9OiRFdW?FtIPFK;wQu7V0$;Xym7n}EU%RBw7>EG zUHKk%l|!hSU%g~`U&gl>-p|3iiMXBcBkTb?zePGY^G@k^;&_)?-n{D1!qpky&Vo0N z_n_rH#`jBolye4fAGd16)rA(&2<&pG>Mn;Ge&yi@WioE&ReOtYvK7QD?Jcj$S6$~< z)$!8Q6QLX5&wk(iaV8J^FEM`@z-Plihf!>&<*=?T{cj9!GrTgNtU`a?lsRn+aF=h0 z&zhKi{Z_Vi`AWYd^S)3mzv^b?H?PKvINp(G!5g`r@eQxkhdY_){M~%#em)xkI{edo zCs^CBV*jyxa~e0Le4}{3#Vhq}EXVmNm;>(P_7QO#;TzZv_Hk?DY8Mes>W}}&{Muf3 zeNZ>}mA_iv*Ru%T(s-pD4)gs|#&Z80xXa;o;(EX!=m&Ow2f54PM%HUAZ#MP)Png1f zZm*BJa0!%xE5Y{0UE_rcasGx^>e)JuOfj(!tJermGxcb^U6*em&EiG8ec$gA>=;2nJyygZ;*J#UpmHpk;6ob%XU+r_oS)qy5( z3)uZbM%cLyD(4sBMvQNG<+ybt{XlpK-0kgo;$DR}z}@fcH|uvYzC{}Qc_u^ByM}$X zKpfoOlf<1no@MZ*Re7epTfxc%yh5;mz}Yr@3EsISbxk3&uCRQqM+nJSIaXxR2XZ;$8q9=CQSp zo6Jjg@v&Z)i{hPN-ZeZp2Q}%n3HH)XfUA|xP*&gHF&o-y>mG&0Ld&KhQRXK!j^($Y^WPSL5yt&P* z<9N%R1#h^upJ$HzxBTW>zIeOft(mCpO8vs|$p1Lk;=p~}(ulhVbhw=Dw%}jqlQWMx z?IPaBuZI1{{N`4^;kJG?4X@PSJR6U>SoX$$%x`Yx8^OB{ubf}x)i|$i^Q%2pIh5ph z{N4FxI-gx{j+kaiEta|EJeB2a)s-9i@wg#jnDdn4)?Ro$t%wb z3AOjDBG)C$p&t2Z0k?y@p7kSc2t>f0-!^94JiQ);w}R!(tMUzZ;65L`!Nj-YzBA4X z^J2Xuc)MTSVdZxM-*Gy;2<~!NOx*kM3Ap=THO;x+AmtFlJIL~GVV_-)GU2b@2E?_7 zj^Li}404xmN3OqF-r?*s9-anwe&-SQCM<_bcs`q59}2tk+llo_%bQonE!3Io;+FU8 zt|>}WeDPnex0pkl*sLbcc7A1ilkyGY{RXe}JL^b4l&U`k+~u%^&*GrN4{UQ=UytKe zwUX^(Kk0wCIKMgqZtoH8e8Ta1*yfhs&>ent=~?hb@m90EW!k4GFL}8D-1$uu0RI%{ zvtq9N23_?bj<*foye{8x7p{|8`OT~Hjp3b$cd+@AW%+*9;5u-ZLmlE;f)4H3+V3Ti zdM3}aS9ki=JS)F>Reytc*Wev%@_PsQxEs3iEHrn1`x8GBba;&I@w(iZtsi4Ee9PwWSf&$o@XEI#`Uc0ljXaX^naJ%ZG85#@gDyh zuas}JyI);{H?Qkikegzf;+6A@UeOeFlDxdr>aXqi0X`cEI*enRQ#+RVZv<~wyfS~t ztNI(qJMt`eLp}X!y5*f&kn0K)xi<;i^&wFJ{BseXod@5bEn! zbI(G4qj*OHnaYwKa+V>4DZ*LH?P`p@E)!^S>Ex?OEe8~xX;GU z?_+!)yWf#^Ecp%Ly`WCAz2((-9L8G#Z(ff>alB2f{N`2phWc?m_AGd#cptXB|8+hY za*Y>pyw9G6@(uU*tM{z@=2iK|@NUIB*i_Cun@=2iU-;`QBd7Uq)!nV;c} zm~zOo`Q#wl1zsuNJeyB)({g{jdEJhK_p`2yH?PNw2;SLv^L##ucg0!oh92PeDwg-Z z&L>;C`iBVKY|EQh?KqCtbK_Z15Ao)8{}3AHS3Ax^exrDgS>8OGPvQ-P^1l8CAL2TW<;}DCB;K1W zZ(fbZVZ2@N=Jhxf$2-!>Z(jA2q2bKW&Vo0JcbVn=uk*>UYrKf#-EkJmH~cW`zjgDz z{>JcLW_k0fp2hLj#+%pmEFAHx&Uo{>Ka1hL-ztZ^s=q;gR5tZ2cq4chS>FFT-^p;* z-x%I?mN(DJVI=EZc*ADCo>%K)s_?-{lyzU<&csHGe{KoPAVtMmwzM~%XEALHtUw^}R%URyMn(svL z*2gQytvu^-*Fsg$S3r*EJN>(Zf;EV%4S#q4hwfrx`0m0N)c=Ptk@Y+IJ)PS(jn8I5 z)OxR^tncaj5_AZSWqim(Uku+k>-!$%zKLh=N>P8h?w{aKdqzA)j(a)Rfim99{dcgT zaenop+4#P724uC%=RnpIBMt?-@U)z`Ih^TzSU@k;ot zWq$P%$6^t1$vp8IyXww|sk`{>5c~%6E;fCfB8*|-$GHCsPfMeEpZ(Xude9|ThJV^Q zo`SoGI|Q~vj`x6T96@M2_gUV|a~zHDchWyUJHN^|De1f0_|k|g3OV_%z1k7P@YTXs z)7eKACw&#D0s6S;{5|e`mMFg&#OpANt^FJc$*0^u6?uaB5Z+)SwNfvWei6J0;*B|< zdA1PuEgXRZU_Tdfl9>m{?{%URd0vU-Eijq)CO~Bn?|S2XjkuMd!*;es8u0wETb%n& zB){7G2t^T|;#V8+%DB3R^he+~5br7Dz3NHI2X2E#Ft|eUIUP~gyd|FLS7Y%?{~^CA zznlHUTf{jOXVg#qyYo)P|9XF#TvrV}MgMH&_g;LD@=lYXmbbX^jwEgZ=+LA&zq{r) z{u(I*y_M?)QM{Mll6>z}Ci{H=AA#hzyz%y#!f&lXhw*GvX^`^#4{`TT&8H^o^wT+S z#Cu61wNg)${v~)t??+sso*C~d;x@n@_!>Ihz_Ul|I{D2qA$X%Ulp91^tN=mR8Kl_wLymlY;)?b zq+Ntx;WzM)QM{wbuY}w1b%maw`$2u&209<6 zeoEXSC^XG^-{GLEoHEF!3}OrXYB3(kUuV8nH|Poa8)}dFE1pX1f1i#d@R*z&zqho5 z;A>oWu)I|nr)opUj90d|7T)@xLkqS!m8W>sLe_imN`KIv^xdH^*!k7>5#C4KXm}bX zfL)$3Q(sTFFT6z?B+KDh(!UBz!0r8%xE+uU--GSlV7&5v^jMZ()x#_K{e$#{p5Zt3 z;PzfZTuCSo+q#_D&%|B%4K4Dkdn|7O4*L0Ut?^#XaVwfA(KE+aoyN|u^aoN7VZ0OZ zUgGSls^XhS<+#!E@)!~wJU0>79CYY$bIxA5|1gfv=hsY~JVS|l z3UqjuthGd93b7zAUp>A$jgSL~%c$Lvnm zbM)T!tDo?uJNv4cr0+h1-+RwYdYe0+c|6bayFM5QeW3{N?~Zb>YwQEgGaowhIeL*b ztY0%p5bv5OV=NSymGr)Ayi|FEQKY2c1a4qZCc*~mnena|fI0?EO zDp9@{8Sh;$aIYmSf!CnTujH3|5OvvR-fo@;^pH~d*(bb#`!w-N{nhWS)$gQT#eU+w z-gwQQPHg_^y|od%vn+3+!THpkHF%Db<>hhFI-D{7>NL64-zeUtmRIt-*77#Y!TV47 zjp6;=@~+3X5w=*~ra5?Zn%wdm$NM8*nph%iC;fiNw!9(dBTw1cJf|CUxP`4fzmaw! z{bYEfU!^okj%O`MABKS-$L)6GeTKL z_=)r+_KCHhvFhc^9$Y3fKwaeKcWGp66b~3o&>b?DEYv{jZd7{41X8g;(0~ z*Q7rJzkzr^Fy8B4=J#r#LkG5N_`RWfK3453o>@eDi+sy<9lXIrYNfi9e$%iNbst;t z-s%jPxob?QXp1&gJ(QPzg$c zJszuPoO&Viyx1=8)3owipY+Y3C5ZQKW!@Cp?N`6!4JA@5 zmBD_G!gvtx0ORdHk7sa#4$rb39sKM3{P}b9sos1Z-p4ve<77F!O8O6ABZ&8X<1POR zzeR>_&=!W3PL}U5tNuPg`tVPF-VIX=@%Fwizq;U6<_}N;Z0};zuZuU1cQ#%bFRGEg13U=g{mFPI z&gXXounE>e)$b_ZxKj`2n{s%flv0byZt#d-?ZPYJ2kJxkz7e|M2#~8+7(nyYL-=Uo7uu#_N5J`}Cm- zTm?I*bn^VnpsDY=-SZP7rGE3Pp?IaAx{377pcP2@ZZY1z#0`Tf@F>{cbgQ2lNp%eV z&V7=2YnuGdCjA0f1mfLkysL@Z1Ukgo9&Vu2s`^fSm-;Z8^JhK2g#KV%8n3jYy`(<` zM?t&?5+>y-w2-+W=x`<5n=A9YL^32!y)DGNOM8PSxc}1fUPXHSoXcz3ikB?t;Aucy zYtSLg_GTug?);wi{>k~XRldDQp8_4l~&v=U#nxe&xB-alG&4kl#6$ zx8i@uZ~P?pQRk4~cPuZL|8?;EKlzQG;{G4J!Njggt;4qoc3R%H#@lI5iuz5*XYt(W zd1tOq?lAqIy!R@k0&0)tJ&%2gLuHWiz1Mh$5;qmzgaweGwh5MM>{N#ygX^^`Kton6a(e3~w9feaJCR@O3?t^V4vlfGXWI>21qC zx_{`zR`UC#@%AC^KG30iiJa$MUAZq`*WVc48hE804`aX4Fc!r7tnp4GZZ_!f3fr9e zUysME2c8p9jV$jX(l3Q~LA);-ujdVZKLk2l#x^JKI8J60^Tf1(x&v=8k(%EYkzT*Y zq#RrEt}@=v#PtRp*1VbX`AEsjjn^Ac1Mo`!kimXKVK|6)tMR@=+TJ&;HC-Y8g8QFAAvjRyjOF`g!mkh_|$! zAkdC$y~THju@HgHcd{nc*=ZN;Sr^guw3g|T38R_y~lW~zr!;SL5F+T zt{TAD`5JX;qO+!;y}G^Wb{s1mQ0Fys3Q(tifb7DictZa_~N5d8hveZwzm<9K6q3UY&>kJHJ;2)ZICFXIb8d|ARM%cO2fJE?mNk z_&$N(K#m(rt2%g!E$2PykO5txTR+|>dyHemGj`*Ho%*2L#p9%pRtoU`?qoe%Ncvrn z_FmF^(s(<4!1GI1!YZD{3+W~EsSOmqK5mP%ob{mdsU!W#M67v0Ewb`^^+#O8fCoYH zJ6F$($Zw6+yl(;8LJQFSgI*V_SuCGw^Y)qV36Hl7s88|g`m4hn($9tYAl}c6*Ga*< zL-;HXcE3~A^bh*|9f^LuRX`oE%Has<3$5YW5QulT@s=U3GU!l;t$r`5`}{P&DTny2 z0hOx!STaaf@=;M~T)2U~# z@8O*bx?AWKP<8MIb)gYfd`7=THcMudlzy2;6b>YH7@-euEHE} z-7Z?1au9EHKtO$OdArQXr^c|~IFS7AHQq0~=T}pS*I@$b>~`!f2Q`p+HC{bWT?5at z-)r!?LjdzZ~~sd|n#Lf_&d{j-HvZ6YBC=ZLsGHVN;It%yAD6 z3aDC^w<+m6!d)QVTE;t^xW`~ROa{9gGhD|fj<<{DokjY!uph*0mUTS+HZcc=$uJh| zdOFDTFLK<2g9B=?<$ay>@4_k&udD->d^$yKCH_138tnW=T=|XSoq|__UZ>i}KKntA z&x6j#Ij&QwAptd;{dK+3A)EcwX7Z%r|Lf!XuqnsN#5DpP+Un1*xUJA?5>CIW!`DYv=>web0Co5w`-i!e?O52WtQ9 zv?1Mo^tciq9#DVc4JNXr)UTvJXDjE@Al`3`cL;Ig;5m32>~STXd!%$(bTs{GG!jsk zbJLF;w~tBxIcx#({$jj;5_irQth+!Fu-Df!O+A%$@aTwus(@G8>ougW3AI7IzZvgg z-Z|Hf_%6`;lQY-ZCb{ZqXe9FiyfTmL!#D=fz?bsPDFTc8f;^_oasr#~$f zaON3$UX)2bqK^dBK)k`kuKX^X^rPW%5U+mTF2S>axTUZWJ^_9HDD@%3D&NU?<6{Eq zQ7gYckp39t-=6e#Fy1SPs|2?|9kBDe*p#ncZ`An>jt!{kR{6FfeQ&r2B){BRkjU?3 z;+};?@G9tWMb;amuJVnI3#d2nN_|*L`VFuT#5>%0@BWf9g7@JKD0M$;-ppV1cy-v! zzxPsq_4TaC69M&w)Gd|-v@_4yamlXxgB%ifiM*&f_^`t)U!fIopxNb zlvBQH2J1_B<+v>;{im=U#9Q8Y&;N!s3aAB@p(+#7)V5B3`pcmK3Ak6UOqxN|LD(i^M>)>WO-+k{@vXvY6ZBxukzVjphF41 zU~b;fdjZwP^7iD~?VSuX-OYV$b~)(lx*K9n<=xIUH*Xy8-FT%xc%S^7gL4gAowGYA z-|C4Rs>J+$t;z2OwmHr7q`rpU52z8AcMIuv!w(?d+QxgBxKp4*!F{=VV|b@oUb$Z< zjs3*i$atNN^Y1@h_l)D6Z+YcDwt(g3bY6$k=Q;ZS{L_7GDi%;Nyi$KJz*hpwSl(N; z2=7OM{Hh`GEuh@-Gw-`QY|TRw=goMxTlwuA;2aQcx4d^6ud{Lf)oF4&ZgIRnTlwvV zZ!iqAy!RRJD&n@mFYp7{-U`{yJX+dYXeHNoS|`iloFAQM(-vVX$8Co3mL;wV=n!IS zd+m0dSjWa&3vV!yTB$~)Zwnnjye~PQd9H0tA5Z*f7z%c~$TIUW-7ik2;m216R7<=v zu1_L;!@Bv^Ot#{E-FWqT$(Inn7FK}mjTx`Z&(%i()z|WVLHYym3yAka{ z8nNxg{BcLcGtbw=8(kexkC<|3LjGHk{!Zu);@x4q2{E`?>xC<)9eY=T${IIrTy3S0A^?Cjqqpue6KWq;CLC zK)iC_dvD_IgK-c6yFP3%<;$?0SWgPA4XD+YHpAPdA>g1=Aj>?ZCo6h6TEIN08* zCckpMB)l%5zBT2mcP>eKUC*ks6)%se*CA2Qx)DDVGQd6$Y-7B-o+ZlR(}41}NtVMH z((7jmPh=}zeLS^S|MM2{D_}X;`Hh=$koKlNW8DU?^y}+LznXU?ZD%W9x)dD}-am*h zaF9>H_6{=nm3}>fx0dBCO!|^=6^OU5@!m#UR~QWa!S-glz3T(2wdEZ}`X}Hi5br4C zeU-Q+@BzFFwl~|9gXA~3A)xwM-iM2)s2T7v`-wNxDu+ag@Q+Sod!^qIZy4`5yi$L^ z!1pcevAi!D@2|w20v*ba;P+qE_?-!ZpE&jQbp8FD^&HE4?$6u<2PHuA`9URdH*_F@unN^3gSM6ov;j|gVL6tK(TxH-QRZ*&js&GK#_eH?a!cx$uvqrHcSI|(`zI&!90@~pl3euvoi zjBj|Q|7{uIngaV=0OBp0Fr7J{Y)v}5U5HouojBeVmRHYHi{iZ8@|McM`;YU~9|CGC z-k`HD_fOKtZp*LIE$>yv+km*%pu-((?eR_WE90Bm8&E&tm3GmS^bf$pAmvcmc%LKg z6?h-s1bdw`XxiJ{j!GS)d_(&JDy3brd{>ixGkgK!t!KP?vyXTk4zkUyd}DYov%J5O z{v;GQn)J$fz-6mb)WyVK0af^K+na9kE5|MLV?b56yrtPkmv2qWds`xh%F~XxyFiD2 zY;CWU?`iK(Tu-&U50HKgOa>{3p2j>7{N{($O(SNey~Ngs!wK)i#D zH*k#m(Vzm90o!}nc;$C8>Oep}YVAX4Wx zI{*1E&U=4h9XAJW1H~6+guN19*cbBcGD~YxoxAxV1Ol z6T}t%jWtXNf_)!xNcukxvc5k#beQupE5Fx~z7aG7@rI4JH*v#Y5#xeMdaxBQmoRkj zJVM+vumt9TT@GQBU)}CU>he7nPzUi!yU^q82ki49i1$+CbvDkw|1{33;{lc0KIzr% zVjWHyXLWlkm4o-6#@Qg=%kTzGX4d2U26kEbm2viW;tKwuzXjJ$+2%IR27e2v%6Q8f zZ&A{hhsq%3AmeN^;yOS-=mz#Un<4egjI-h21FDHt4tkuupM7MU)#Xsn`J0J${BOtE zINlzXSC6wp@X9!=z5iyMjhOsOe-{2Dphj8V2+k=m6{H+woPCqH6`;eXZ0-8%?k7Vh z0_r)-tH;@`>?7l>&Tmgs4!Mo9ZA`n6{Hi|#Y8hT>7kZri7O#x6+WT+D*+Is8dYnBO zP#Z1pew=^6DUfoIakk_Mu783KH?YlZoK>d+YQN=eK>Fs;3dAepY+K?abmPBs8fRtw zDuOq)L$bZ~CjA7M4B|E8q~|bkMgQblE!2Qc-*IiDjMMKN!ydgKak@U3`G#k}De?)EU@YkVp(f|* zy6$F~{ObD+7PDW>S6IDlmBTF3FM>Bgyk7cKf@dFbDatwNxqz)6-v$}4vD?z-Kj8}etqyI=nKDYaI@#=Y3VthNVu=?K0um1gwo+s9_yw!|X zet)CAjsC_f<3;%V!YZJDm!%UE+LFE#ge@9q zL1C4SSL)da(mw`IfRuyWcQl>2d7wiH&UbIVh4O85W_{54P5d4eZ)?2LuP)1FHS9>N`)$G}a%BfLEg;WwzO{GFeqEym2 zMGm2e95O@+N!lbi3?ZS&S&1QqQdAUCMhAze6dj5G{mi=_v&^?Y-`D^8e(SpKme#EI z-p{Oez3W}?arAkt0=pkNai4Z&zuD@v!w1yg4m&~P%}IpIb7@60O(~G%-)>I&JyhM^ zy0TqJJA^Owo4t60Qkhhd<*tJpLA~5!BFWd0vOXZ`De@o_tj#Io*`j-miLySTRsH5S z$NN0>*TD`@FPo|)U!+*3838k4BGe5g&*Lq$?I7O7JoO5{xte2P?Z0cNza72-^>XWq zBwzMvnWijU3ztKSvPth|>+MZDB(Bd~={GI$1`~@KQ=j?|!=s?yVcuuHHI!|F-LM_p zcn>@ACiZVv`OOr^`y2HyJDu$m)H}y|mr(W&?1s(f z=LdhIeopaBb2g}VpY`5P*&`rn2)V4c)br4t_i(KrZ>YB4ti`L_@pIIF4Yq@NXH$>l z>wZS2c@h@Ft5A&{YN;J2F`gB0(}(o6q7k0KpnmLnzmanzy55dZKX7KI=>Y2e$a?QO zE7P=r(J&0YeSrPX-6onkJy$GwgQk%chOsD!2^fzM&rV zJ@01g)$JnEz;AxStK0D)>Q9DGLA~{?_vt{U83XUYVldli$4@B^mhL*yt&Iy_QvjHT&M48`@VzkQ~2ERW^?Q%>rJk+{!V$Z+)R@OZvQ=K$1`n* z_+5Te-SK8qzciEuZHJQ9EAJV&hH^=_kQX-p6>p;dHuswbj`ud|-wAhvdMjFQE6O^9 zq)#8sFs106sq+VoH*~k(+~;_EvRr={2T{xbhd=l*AB)KXk9(3~{{2sDExAZ4Bz| zX1$##>jlriAc#2QLkBLlh+D_sSPQ@T-tjJ^{zmu|)H~36efew`P!>vp8}B@OKd5*m z-e60=IpTOj)NcTdLA{f$H~L_P=|lMtSi-+0UR`f~+rAoa@P5Ck$QT!tMk5ul%v@Li z>V3m{_fz&eWS-4EW8`kU2UFq=huL2^-f}D>@m3{Q??xxywv_jRuHbruPP{UngrLFzQc)DWKk+*1MjvEg$!zj?~>z9r6*jIE&F@zz_aRHnHey1@P5wr^E_dr|wZ^s~q# zely1LK23cYcgB&c*Io+twLYJBMp79%$T5Y|Kc%4)$4u(TNG!#VDj?;pY$dem<&zCZcBH-DFI z_HlpO0dV6(>D$g{_i*ooq;okwIo0=$;k^NG(L`;|HSxFagH|Bk$7#=7yw7~|DEkn0 zLmU>eUvGZYn0ckrOgFp!^?XkBF~3>p#G73v(?nq!sP}H`Jrc|`9m{5#_aO$2IRM|< z+Zzv;-|O91s_QAl%g?%olk=PW3z!>1bx`km>zzZ{D)<6E0y%!~&16{Gv>NL~^32L< zW)7<|INERK;0=1qn(T6nr%)c$yWM&RQT77Nfob4+n_6#+-Hb8R4;T2&2FJUF`rpAm zQ16e{dqa7StDrNq1=rgn#Ty+Co0wgldT7`XS}H@5v%;+5?- z{DR+{)+*V)A5#BI*ahnKd)?VruL9#2^oDLwj$^eV_Booc^)|fGddK_CMR>KJjiCM* z7zgTQ8<6Ca=Y}RzE-Cf7Az5dVw4cTC-i%krgRyk`87%v%Jjh#vlzKl907jFUH@I=3vjaSF7KGc5>#(;X6(n|83S25FE0+MQx z@2$-oA6&1z-$CYi!6^OLiT6h8H-o!Dy&2Ra`G!z71|-cS?{F>qpIRq-wH-oJ{N|t& z?*i(JHwNkrSnv0g{RWaUE-L(dnZ_HQ>Nh#9ll|dz>R$wvLA?x#l6)^wHV-7l$lde* z+7>$Q#HVv!%ki$G{(krg)XQx;l6==*%zA@IpgqX@KAP6?+M%1>E_P*k+eK)m-#qMi z2T=bh7!K;~ZoOM5+Y3kGFv$3z^RbBaF6Qeb_P?(({^Hf`E$0%i|CS+FZ-0%KvU(t? zDY<*iRog+IS2VNy<|8NG`>Ed^I)QqhvEGT4&4CrL7-Zg51H?JX#;e!c%xu5ehqrMe z3a&#?{|`6{>XqYLl5asJ#v>?Rna{}^6iqXA9`n3W>kTrl?`13q&-0t2ZIb<=3d>v% zH-UQBT5n&xoY>+M0=V3-asf%FGGKOIZ)Mi(-kIo?Io-vFCHy=U6v z)}og(mV>0Ksw?((%lE?l*m`cQfm~1NFax zuR*2)dV0CFy?d3kS%&;h?$<9y$Kd_Do9pmE(H|DYXrP_`E&{X*`}mvy_+`Lg+u^O=tK z59(LDCezda_4ct||FxOsQn(lHfNJ+J|ETM=<3hWB)Ehs#VmP|9AiyWS4k?Ml`gn}i9cWt)b0b=-P_ z`lDeisP}BPZIW*$WlKO(jQlV=SUs<+>rJlDWUZ)NNK zm9n%OJ@4t{LFassdgp)VZLiUcY%|62=1~7is0r$=WxZ`E>j9DmlUJ*s+%8=24%#7@ zm2KAJ4JB&xZXN26ffqr&4XyWW%02{1UyxU-~hXAE4AtndVG5z;(5)-+28jZu_sa!`ZUl&dfHKw@>zm%c%bVbOiOjW4+C9 z&NPq144449JsH2bxklRHp!Mo@9L~!&&G71WypsAK!6%^J3lbxP@%=?v)-7H;WRst& z|3>q(%|m#DiB{uyociUUBB=KU>#auFbs*`w4^O_2QrFwYd+ogO>})g4@!rgGTU+p~ zl;f>$y@MzlX}#mg3yXILUg^J)bF$4e$2*PsE8!i`csp6|-;@=r>&07&T;@xu*OSEi zxAe0T*=7x1-7YFn|1!7|)H~98Z>8)mkkp#I9P^sg?M?14mUvCcZ1Yti-j0rU?Ei;1 zj`x`3jo=#rqa5#K>s?IQYLK*%{8aJAOJ$q$IwbqU=hWW=`$5}buJvA6k2wNJYDB(< zW9xO-pS&NE`|jt^zL7H7rl#Y)lltwU6R3Bc^{%CCH%R)O{8Zj(Fx%XNSC1=?Q~#{` zoNos8{$jn?P*x8lH6t&qpXvSav9gSlj`v>bw}lR%-m|=oF=2m{a!LKj3-kV_^P2Os z%}Bhu9dkRf8N@O}9B;nkO-T9AX6hB@jqzvYcq)qb6(`=O@r{PDj<v+pr@0XPQ0Fr(uFYNe4&tHVgWt(k|_iyT-acic@25sL; z)_WdhRX|b=^1|Xh;VqwS4m$1Im$5d)GB<*HnSMy}dWH9Ivus&fp~sao=(~yb#asNr zJNe^LA^z#9{phR-*X_#Tf0x*bMTnG-ZO~&RM&fg zJ()K;-*+H?cNmNT{l4PmTzq2uj#54yF0Oa-bNIoO?JA1*RmVG^UAh?x!=W(m^OQ>( zNA8XTsq5W5nr%Kv@y;WjCI2Q~@y7Tp)mt?s-Z0)hcy(U0mSsMM9skCAi1Op`C%Ey3 ztXJ=;Z{rkius8h_ulCd1sDBsS58{<~qH;JU z$=92*XW<1Xy7J`q4X3n2@Ud*u0BU&x%vUlLqZ?u0@HeMA5ve>+s*E84qTpQR?*?(&t#h` zx+J%^^rPwKS(X_K>W$cV?VmQA_$-Th?)mb~_Pmpx*N%j~O+XkgE`lql!zZ-Qg8%?P|SRU-AG{!n-hG~Ob7FOu)`2br^X zWPFE8Q0_s_2XM2uY-`WxdZ(HVx)Lj5_XiF)F41 zhF;D#`|)c=5{bdr90y={%by-Z|Ok>W7lv z->Dybh_(au7W0NM-*n1Wzz?t;ivP`itfl82XXlOL{X))5ype4>&mq$s0r%5 z$onq7VU&%9MKA;0`DnkC^KZcg^as4Uzj&YeU&1a>@2%GRD`ln|kcyGJ?JI2{N#>11 zXr36}$#`X)jIn?6Q@0ZfAUu z`I1?YZ8qZ7w2}Is!8VXm8P8^UAExi2Ot-NJ%YE;(-(P%o+QZD(LF3`{ktAPN$|4|X zB)PO-jbq+=@xEp9I&y4vw)xwBPpN+me}62?ya?(Idf}dQT+@w}RapD!ac&%Mplk9x z<3xNj;8n+4*73eZxuk7PPTt>YyuDj^?H76{+f;PC^R4$S$9ulxUHM;nqj;~ytNn8g z%k6+T$jn66OC`^n)%p?Ubub*_o0+>T;l0{B7!U2-c(~MCmu>R9CC9(Fsk;TXfwpTc z8|UIjS(m*S{~-d)UrjR;KJ$(X4!r2yUoSh9xCHW5wz(9q#@VBHrg<4&0rh@jz4?!2 znk(Qor~|UT7KXik5KS3R;=8iVy^dFYudD^j+z;yQ!k;Id)DQmC@0FRav&|!px5}h+ z(*|dI$IB(mgtt3o5ssfVQvR4^x-2E+AyMjUj%W0~idafNi~UId zb>c10GS#34sJFI_w*h6%p)0fp@eU4o?Xbyu_54iqr)+b(QD4% znCr;39dsTe@8P?{dY@Zg_&hd`5-tt^CpTg(e`D`Y+yIsUnwu>0voQIR`+nZ&cfTtXhV+f5ZeV_oyUx2xk)g~@lLYwenHu8I08R|+kX$H#2Y%y^*+bz z8^Ar7&3S&3T-V!T>#aiB)gY-MbzHB;tLx4Dnr+(S)$u{s+x3oDjxR_j?Jxe*dJEzm z?!+tW?IxTJ9Phg+>+L>1OI>fd+=D4GYrGM>Z{pSM;sKVC^FG}j?|SQfjIzNXNzVJ6 zYP|)2%Qjn_c!#sx^Dr5-eLu9`jg)PNgRmRi_B9i|aZTe5{?7iw@gAjq&%61Zk4VzH z$9gZItO`iFlHB#W>rLjhalB_dl3Z^uvd^3V*E-%`tv4aG|CvFZQ*CeN53Wz*)&8sA z8yxSS|HkY7?tmMw?1zGQo8Z;;ru+Gu9q-?Tcx69dm{+&A5Z;FhiMPJvO~XMtssH}F zcF^?}#yi4k-}aZMn?^Wqcf3Ul@%E-(Ve3ujB@w){opxx3uO+l|ym}wgw3+FqJLUbM zH`EO#@8j^>ex}!d&7aw3SBiHq%M1tYzqvME@xDO$%P|omp`3Iv#7rS z-URiQuwMCHv-c?f1U>}UTh)3`+{g4+w#n;}Jg(SA{cm7DsP_izJxeYD7-`VCxC*Ho)9|BKs?RTW{~s@btK*zWw=-Cykxw3 z-X?l1+x+OnyPf6s!%v{zd#(2{_IN4h>(|hhD?hBaec$p?A(oyPXJ;CudsCT;cUPM_< zxD{@MqGgRaT8+6BJF3REpH2A99=8+=m?n6&pWQ+I`=Ax5ceeHRqHHKgDj?rfk@n?Y z16^m5Yd;I09xy$ecqdUm{(8E3grLYg77v&goOrdL zt#!Oht@oewGjm43#PIT!66sTXJ0R|OS6Oer+cV5w$|e0oo@n3F#zade2`PcT9eil9}V6qeMxh$vq#apP~99n>`m#sFQd6X@O&*1}*^ENskuV&{ndR!9A4w!0q zLpGj+)K442y`rFAA9G}q?+MDDg;_8a<}uITQJ!PfwOr4${j;3y_mRASX@@tMSk#!c z)c+E8fqH9L?;*;LgQTKQddCl`_p8XbU7u!)Ii(~i@w+*FD3|mEd13dxpE%w*Ct&6~-r>}b z!Zc7Xr%omL7E%@iNo&aqi&yuz;d28#3!04gL+anwkmECQ^>()2Unn~Uk}{tup3?OOVusys+awXS5iS)lfnLe;!9A%z0GwSGF=Pf|e-{eJKO*1_}os!>m zO`6$8m0-ny3FFo6IP+<)S-{nx-Ypt0Wgo*{_!`{n#!XYUV{=Ksbj2G?M8ViY{j-K~ zpAo3{bomGEdj)0JL1U;3{mLh=Lv^#;v8*?l=bK6aGa9dM7xz;CVR#hOn`^x@C|eAY z-X$-rKb+`iRRU(Q3Gkj zzO=(dx*2ywXF9U%3cIXQ^@6h z?IJ7~Vn42ZLiaPl%L1k>UTxo3sJ{f>0`-Qh_an-7gQQ={{k8f1hLq=-^nE(!ihv0@ z@gArC%DTLBa75C}a3RT8g0k`;sS>%wTNU;)uBXNu$J^40_j2mr05^li+r)bBqU<4% z)Q8;N52;t;9mIMIT^TTg@CFmLDWkr`JAz!j_gn8I%4UJ2H^?R4SOw;bPW$S7F<3od zra18~q5f>{6In~H-nQ2J1!cd0q_k)LL;KbUnD?A`Pp5t^oCE6R(P2rxiz&MjB-JJ_ ztbH}!7~b!lc(r|RaJ-LN?>}kZ;ML3@9{bn+dxztF!g~Kv|E(1;SK`(F+YVn(c+Bw* zwcg2;y#pMy?5P-5?pS_TP^k?@QMEPx^28TKbt2?>G3W+{U}}9dFcnk5ZO1 z(u=nw`M>MGiTUDn0rNWEVB*^)`|kxTCpwwey=J}tr2j^FDdiR?-YfA*``+Yu=UZ=k z%ANp8|EYb=jRBM1CmFBy-{%}JKiMkjpY>n7Rq$$m(Dr@V@qS>v|D=6`H?iMz;+>Cg zBYf(3zq8(&&vI`ENa{>pC(QWU`Q-VyY;SMyd8BT@^unwAWBL6H{S6G!$$DdWl62Df z8~OcUhUR(~a=dv)=pH z{$0HC`Ki2Nyl*?+NyPCA%mTL^@@R+GC|e4WR+1NXzDe&xjN|>r@vfo%hp-t^yaZ~dO~5|!IY1Lr@{5kv+b+rHG>T}58!xTr2bTR4GQxv zr~Exw1+F)i;*H{c#_@hk{XMWB#LFo>Q#$d@jjzIUoCg6(caqERmPB@)yd7)2p~f6% z;SDBgbB%`jhuNV$M6O<@`;vU}UY5bu`z*OTpVa=K^WV_z0rQpP9Y_7iFcs8W&w6K3 zwg@D(xTx^)L60|Mcu(t>jCVQ9y$A1udi8qtHp=#aq{HMAZ|d=oc)69z#G3@nRgTw; z&g4dC?h63*MiM6D%cbl*kW_)Zu<=3T4c`$kZSm@MaS8RWfEz%)w^(mW$|Ut6?+$K% zC`j2ZLQMl^GhQ8khg1J0cm>qk*m}26wol5RCsuOt%6ZsPZ>1&Pl_Bd+?i-WifY6-* zlifcVub*W~LK#qR8|#(djjBqyq^ro?c(p(1_7=l?h2srTzdqav>g{H|Ln$kO*)Rp< zy7N*FE+yX0DeVw#9x%-u?-J_og#Do2=dHJ90ndrR9gzCFcZXBG_b^Yz8}gPl?OCQ5 zJO}Ev_X+v3#_+5z+y)^y+>7n;5pR3T4SUA|@1B`vN^yJ|ZW%B|9#5{f2dV!E^aAy+ zvGES4Y!XO%g?#7@Y#+3Rwyor{-<0#lq5A`-5?<|RbE&@!-Uju)Z@v4ZY%J>)a-i+) z{7&{wo_CWScXYkQ!<;X5ycbfx282Mp+;$5Hd$Bdr6b zr{f(#{jo3})EiG|jc+q$d*L|z4ifL0I$pd7Q@r7}?2jFiSi=3;5C!jA>{Dt*?Rhn6spJsO0c*pgjpf(4(A>!mCMsU(xV8io;osKa<#RGK~J$zpohd&M}!N z-Y4-^wBl#+&4Klx@s73eUO0g+Jpe`|SDi=wksh2XDxFAEEv* zm<;M&V7)(3_9vV*k$n~PU>h!AXCmW5RpvjE-^0zga=&Q2Z@_%+#9NX2cf$Zs@3+=_ z&LqzJKyzpSxewxnSm|_g*xnZ{@s6Z^cwoTXJkV(e>dWu>Od?lracOA!*+RS?}wVy$RpL*D&u3 zob+GW9~Z3f?qAk;W77hrk>f4-D*FnEfyR5>dNbzmEG~?OVX&cEnwb|*H&M3F1M9u} zE_J;{76r^?yt;p@@|w5byq;XWVSE0!6=hvO(xc?3nwNwZ2h0j5-a*uV9?p6_>3zt0 z&zQ$`5ts%Op!21?FN~A=<1Xac4_*$T>rJ+c=vvN4;jNm8!kAm%AP#sGG~Sigdyuls z`8@vvm7#4{p4+2O$bK{OoY%f@_w(M%9orBvm7hrVhnCdu0^LEq7kYowH>1`_88RTd)$;%PCVyzH>(NtPkaqiYzGHdt(2#F~GIeWIqc~|9q$p z>SdZB$v1+saj*cUfm~KA{L zbH<=vy`Sg{$_~Q?1my?U8?oNkxjrP<-(&j&=8Pwk-s`A86Xt+=+uL!y_j1M^co*h_ z>m8Ni4gSLU9ml(i`gw0NUkCLru-;~rbp%O|k{8y#y57vMT<>kgufS|j@834wvMV_c1NT4^aJP$jDc(aksDc*2ejw$z4a=qP8{eBPu_3G~;zE0T+ z_!!nhTRPNUCI~Wr*krwzGfv8O5lhc8jqvJrv5oqB;Q*+&tKGkuRrEoSlt0QjxQ$o6!K@rJ-SNh$e;AH}dfC-V z^6k1N!&F#J8^h(`uD2d`oD{EYZ((1KIdf>T9n@Qo<Obx<3w{mSbi(@gAc7aVYvuGTsB$+ncfxFbN94ZQspK zywV@S#dFMQPbcG@Mg2En1!y~zmVeN`pHcQTNZL>C#_RQl`_Q`kP@Z zsJEr{ns?bQKvFLGsl37L9JAi>mZHA2@1^AG?Q6Z#zV)oP@qh5f@g8%$cT>L$bO-g0 zu-?37Jex|nq!-9f6>lt%W3CvM+%Be2e-(TM>V3s}uYHf>dFTuefV;hIt?JExPi${_ zIc5l6hNVP$iTZP41E_bU_2#eT8YR?*>fn02+2dn*@1JbPk+XBmLcBpwYwoB1BM<@g zerCNJDccX}>v%sXx%)dhol}krqvz(BxZ}-bnM>eFQ12e=P5XdzRd5-U12^8G_V`VY zH>2n0m;r3mI{p?=e+8@t^$zq_mG6QL?AJh28*%IL=^mv4fSKN2Go1h zdM~{q!^A273HE^N^;@s5x8Nl?<^{+58}&0k;`{}uH!~~oM}1dPc0DwO2H<*wsoqLC zW}VXxZKyvQW`lZj)VmQcG>69EdJo%iUA7CuJSKQ)j`_>+cBlSS*b3^cXT4)L@foaw zW#D?}rEG7ZD{@R_9+1}U_)qFz`7zh3K)r*lw;~;*8r%tuz}*iWO!0DJ!gO%F!>PXk z&ipj#U1`02H}l*O%z5o2cZ|Jx3%@Ir)&%S0N=q$-jx0jxh2P3!h}`h zJwp8}KIh$&px&pfx64-UJAtV%9$atT%e?Vd`){OSj=A6Q{zm=M+jvh0sCSk14yCLB zUWF;(wr?mU-f-g_^9)`ccNSBBHLM5q+H>T--IVg0>K=h^j!Q@k;}S3H}HcW;jja}CRd9Iu|&IL2r7tvk^3 zWN+$t7HpDZ?!>F(`W-CS20A)k4pk-jB9x7QG4Mfg@4dmD<(@9i8+Ehs>iM1E9n7oo zR`r%O6If;jECX$amfmN+J(L}R{OxQvP>wHBj&rIKYd70}=QB>qaiM9JWBgn@QSU|6 z?*WHEyN5C!$VX}z;3 zTLhApldt3W;%I5cu5-O}8WOj7Wj}9P<(PhWHLa%p2G|60*e2J}-|{|8-%Z({FtZrt zc4dZIa~#3)dc7uVC-+D|8PK@i^_KVDMOho@0iEG6gPq==J;BZs&6lge_l?-~eq#N!V|;PG?;h&^0p;V~bM^9l zw|m|qYbpB$0=wAP@ts3+=-;cjM}2pO33kje=d;3tUR~3WI(NZCpz#^6S$(r8TLs%- zBQ)UnG{(77Sr56byj<=h;xQa<*vR49f3p7^r2bz};_IaMOzZ7V*)W&^6JT?5_S3I; zzIjf+%$0HVp&V0pbaFddNBys0KWMz=toMv>IEIF*a3Q$c{RX?9PMkOInqwZstNr~N z>NkP`px!#xTlrg_OM!N9A5`T<_z|vC$@bYi?2W4@*3+XoW{%^XO8q&o9Ms#zdcUM> z9~^_j(42Lz*Cndi_SNku+>3tYc>UjHnjq8y^>W*DC7Pyq&0{&{ zkmFrW{SB}m)GOE3#Cz3l&VxWRXb7&iM~XMvC&!%qe6oFeQ-3Io0`(4b+F=IeOJN?k z-cinWAmfSYmt$%<-Wc^a!MC7ZP7fsFJ$n!5#GpD<0oQx<7q7o*`^Nj{m@wXGVo{z) zqkao`4%9ozdW-GF2X{j~C~|R{nK|F{RXXJ5+iRzp3#9%NIc787p!JTV{)-TmVFNpLA`sd_u_-h@1Yqq1o0mI$!muKyS=@|pOy6%dWG?9O!E9-7wS)k zS3$kUt@rt#xn=>s!%raZ*(u7y%gtBuj!irM%6U@pM(5_3iFkFrmHUOc5!3;_Z;G!In0Ka!SyaoX@~ft9McK! zIo@~WhB4lI0YgE(Yi+#E{$R}ilg}Um<7nG>zBhkaSHs&bzIWW9=bk<6q~P-gvcr1JrK} zO+me!>XGDYdMwkt0qbEENW6_-_1dBCA1Aj%^gxc8>%{9n&Ust77S!9g6o~>#4G(F_-BqOJ1)82 zKA`?yH~{M9=R6YaP%%BrTn|m50f<+(Snp?){RmkZ zS>_nIoWH7jy4SwBt-V~^A#{xML5{a1%UlANf_nY(57t{f%36S=w&ZTSsr?~xJjeWk zSNlU}>d%7LLA@7S?`uV}Od2OeE`;;IZQrH#_*BQ8V6j|N@x`RK8}+3>j3-xb7wbJh zS@EnaQw~aj>m6bHgL>n|b4}RsUQPXuFdWo7&U%mdvdk4lv&^IL5EL*m?l#Wrw_EMJ zPw&5toRe$b!>jvEf3YkRgmR!>cCnItttjgPlKPOl^HgnL-ET%qQ{Svl%I2wgzE-L1D*@hpA=Hp}dUP2k2` zjhi1NX6s;b|(K%X7_}c!Ja|&lej^ou8o6S;_DD zxaaXz^k%95E zCcAz&(5+;Aiq+3GS2^C|oHV=uE(G;nZoRiq)*2)|MDF$*`OcEmYZ}mR@M=HrOZ_1* z3Dlcr_gCWkl=7Xh4cvay!;ViU`Xk=%j`t7hr{}T_fqGAOyaOqJ2A%@fyWDQ?>J8qO zYhJ}0lwe46slO7ogL=zY@6~x(=4NOI_kdiN*86k|Y`il6mg{7}Cb?#n;~hx-7vLpO zZw>4HowAI4uYL2$W8BZBUaxhJ9~ZA2?}nS@ny;L8C{O*Ga1E&UIqMxr*;tqZ)4*+q zg(>YDxhvOnp5U!FxsPx)^&jB}N}dMw>inhqIa%gOSOJSc`a`S&_w$$HcYspbH{2%I zEX1p68}$#sL69(Idq3dCn_l$XERzdzFOd8;rKDinT=Tt+Oa8wkpI;8uLF3|e?UH!Wz)RqM-_0rCH~K)XsXsBU~=!N-)ktJ-8mk8zertULH>wH$xBR zn*Mk>BuS*ZsoxVG1NG{D|2xXEO0u7Y5|D^@uQ8ET%(JaG{2li$%J=J%Yi8nQ7oJG9 zsowBE65Y^GIyQFn5X?o@3#we%{5!_>h}6R^*6&-P;V{kW#?&1 zfusuLg?V+m3U|*XkfgT?^>2mSK)rWa?>Nd9!UymUxZcAl>n+%Wam(?3Mg6qWStb+I ztIvPlK-oR;Fmwdzr;%MiJLIFIdOQNJ!U0QDC04l#VMQT7RZ4_|}pZD8Zo^%fkGYi2m!tg>0=VyFV@y~28*rEDQ= zfHmNH`=xlz)467&s?LR&)~m+ehAXf{0lj^#dbU=#Ty=(YyQHk z{j3)CZ--`}-l+9&U$;Lb?#p;K*Hnlm*V{AHe;Hl@^)9g9w<+5Il0GLd z%&YAi9+hiu!>jS`r2bJ^wp`Ntp7qwFtTpt5hr#vsu>C=wKZ=abH3J>*3)FuN-T;l4 zOFoi(YbpB-B<&)1z1j{ZywB&F`GvH@KF7-`E=j(B(hiY=T=T8tJ&y0v@>!-AXuKSL zB)t7Au>XO#VG&3_3;p2D!*-RoBQr7vdw04<;?jH3VQdBx(~oG5K9 z_sw?Z+l6N3ngYC46JOQvJEB=;8N3JT{lCby~XYI#{5dm0iZtI02R+m-e*>on-kr5<8v9$rY7SZLj8@f8`N9X zdY`PEWoEGqI3?gwZwC%8hHj{aId>Q+Byt=*pLH$~nW|`|iz0<6BC1tyzXjK*lIS<<6 z58k!4is$F7SN9j8813t{!+F$i4EKS0|FquYlm#!#G9jn|Yj|JNVUTz$a+9Xy8~Shxy`U2eJ;t2&0b^oi(oAjJ&vtMT=o!9F za6QN2c(tF6rG5;41@(rlcmEYxCZ`(nD7XOnIsL)E$J;J6Ub8XRtih}6Z36Z4ujE(( z)H~98FRQ_L21{Tr6gk9iaek0y#xZ}G$4yw$4tm}o^mVTJ6)&qGk?yO>u?H*y^)_T) zOY#l9nz;q6f@RP&nC!pZZ2#^49dj(E&5=F1=9X#6c#GG{GM(WwQ127gyE2qzj>Ci3 zbDj$1_hed}?X9nAoV+F-HHDI1jh6p>R;3-%RC1fZ%OOz-Z;zjhqqu6L^m-^Z1vhVbcS~xTfOmmd8VDy z4mEFQp8ye1Z+q+YGUhle^ z$4~)+5U!Bi4~?to_1`YLy>T+!D9=p5>usvWETjI1@G+>D)syi4LRoq_*&YR;-WszQw8~lzBf-}bn~EhENvoqhue6k;;4-8MhJtp!$|Ls`qopn4>IoJ z{33a|4xGn7?meej_4y3LZODmu86HjK&OGy4A@NpXS&etp|3|!WyjyI%W%)Z*@r9r< zXuLdXCCN94ve6KQ@lZF&J1NR~@vfu)RwfXA4_CN(p82bgc$c!A#`_o2f7-q=yyai< z`op=5EX(n2fU}z?w3XI9Mg z7L_R{NKiVj_nUoyt@nWPISCk|G-<^dQGc5b0*h(G-ljHBi*6F4X%l3D? zvb~c|+Hd~N{`XYzM)0n6;vItTd6?yR^?ryAlx>9{U=PUs1^Rn*)mU#5v&I{4muJ3r zyhZM1e1Hz1?ZBZ_BHphl`w;>y=o29C;o1=L_7g?_^yX9Qjdh^^&PvW78d3jFXbI~5 z+iJKMJ00`P6?iqRr~b#V7i80sas4#ua6A%J_CDq~P#a`y zm-lhYxycU18tIg08sgFY+1=EcA@x8#XL+8ie)rRkaBrCJJU7i8<-%N1jxB31_V&FS z=o--hd1k)zeP>g*SS!v4gMMEgZj%U6aa~MFY>v2Jfho}o(C}nc_!+3FYAzQglcdquY7(gZxHVq z$6NVy=FG5w{oSd&^7*N}VZ7J8mTZT{v|C~8P1@luK5GqHEFX3@w|v<2E6WgmUvYQZ6Ec-@w9S0^7~E! znD2Pr`Y$|YT%LIhkB(#NS&T>et*oz=p68@-LH^bz=0&ONPv%>-s2{}pyc6GL4=^Uc zn~wLLLcCJP9mjOM(eXTt_jSBFj=hKPL-^S7{%F11Df=EI)%uxxiK-;$v+9*OnCvIa zi+N@hUQLHsZWiy#|BIZ}lW2#7-iPVOC@a=JIq#6-Fw1}8#O3GnRqR(wl50Dj<>`Hw zQ5J$bp&>|IdVL@i^~P

      OdOq%(Jv?<>cH_fh{57y#OX{81ENcrwSCwjIT>iO;`<{h)E(Z{x~&ko)D}GPnq&9gEVAatsiT zp1gh{QTD6O_pL$wI&cT5x106KbBTi}e-3uu!~0VkaoMk~_kEk%<178XktuoRN$2}6 z=lFRl%S{LUzE67I^ow3fH^uMc9tS&~%J+-0{1}$k?RqZDNq>BkT;tOBY<)!87a-|7 za(VBi_D9`L^!!+KYMz;gSH{6D{QZN}_jTkt0jPJP{l2{@djh7wSdjP6mHN>;FEoMm zE9c#GyN*uFGw(a!SNr4JET`XBj(`7Ye>BrMPPOsM_gjT;J?sFDmuZG1UuGxH3qc8J zRyi$kzgO@|Z+-VjIsT2|&6t-Qhc0EAYvCqP?-J|1kFp1$4?GMl=u6t43anSQ%L3|0 zX5^W(@#=nN2=(RPBgoae!g}WnOg9CTOIpjm=v3oo9Pbr)na(BBODs1ZK5@M7T5p@q zj4v<)Ccv~CxqtS1`u{rmm_6Sg{{jswCOC`vD&C4>CBSvm{|-9pBB;%HKF@9-Fy&W z-i_4X4&Q)!Z?W+f?TQO(!lmG6JolIP#`Dc~`+NDY_j}rAQJ%RHueR?^)V~ex0`+p} zBFXmxWiufLOF`b-`A2ca+!*J2Y`oeI!6kX7HC`Q$w^IKb*aPZ)$a;ULETfy(zGsr3 zYCMkP?T0s*2#NPiQ~xr!64cw%dV5j!1W0;@ydoQI>T?IO|B>-9_-39NhF8-V>Q98} zz|=1>A9~sQu*fpXHp33kzAF8oTNKY*dFBN?GJlb@h<(u8Ap0VX&;AwPyOezllD;4> z?6~N}ap&?p^9EjBPt7^59?JYh<}j|8?K3fN?ZM}g9{V@P-@2Z{c(*#FBY6X$_vikLlTXP93hHO^o8>`r`=eB5++$~f^B z{4e8NnP*=8zlam>D!erk--_b`zF&Lj1F7GC3}sVbG0cH#&UPP(dh?t0Twi2*X5umW zKVBWD)>Hpe*bS-Pw1>I=3uWOPh%j%|@nn?s%DnM+R&0D#p7{lDRU2R$ubL+bj! ziL%B}aNfVJ|F4KsQgn5mDb583-Jbqe{nWgZXD-6~zlt-4@4EkkID>2QO!NO?oN;_z z{tw~|y_;u-;MH^&>-Bzk6l6q}XNn5E4~tBqY#FQv*^lUTmva`To7j7tuW~$b>g^Pdi9;O#Jui?AzuF$ zZy)c&^ahkI;d9+rCW?>enQK{I``umC=>QXeMU5=q+td59p5$5@)PyUb95)gc>F908 zF?)Yjm)-WfMtZ(^7_Z+3)|dJtU=*l#wDqo|>`Rbzhe^rsgon-3dd zJyhd?s?EHVMB1RzZ{FN_gKghPe!dCeZJbz?_smoO2;`4Udh1#5V9M6RkFXmSa-cl( zQ}4QJRVJ(Ae~0+xylcEvzG;nD$IW8Ta;^g|0FC!?>#a#yJ&@F#T%Lb2TfO5zaY{Nd zZz_{-p2n-~+miYnpfjj|M@jb+6moPt-RE^w?PkfSeejC0Z-(0Xb z=^e@69s|QUj!X5*@4%1aGf7j(3!C4FcL;&R@HWG%X(sjM_eJKCOEZo}&Z#Cz>2FfD z9`rj)VW?cb>BaKee>U;?PWTZdE?J&KD@neyp35>Np(4odvdght?FzC^(@YE7-?jgk z^7&?>^L=ZvOl#;0>SfqSc;`^I6gI$n;NGW@+wSD;C|)7otaswwM*Ux**yyD94(q*! zvWCzO?gxo?a3!toAx|?5-x*FK+a2sukzYq zUCR9r@r(0KIeX$r7QdbPcSApro+It6`?+P59RObe$Dugu+~aLS75_>%;mY}@4jx@k z7gOgJxECb8@%-lj`2(z{VU&%BCGZ+lYsmK4gmZh0cOz2PQ|Qus)79~QK>fd<;+Uk@ zo|p7ZqHHc~f>ogFN!I_tl=ci>&icn2B%pIy(dlEkcM*awB)xWX^*uh3V+ZIrDa-VL zZrocl;krx{dyx0OJj}aE=*TDD+Y!z;#g-=fyPn5+ce2;tr5&WXY14mnp4+s_H`n0R z_Fcz6?me1r*5lRoeZ$+-6UU#@(50iaKXr6_lI=Yj_12m8t5EBFGZe3mcbBn@94pr% zSMNvGdmCk~LDE-Dq~tjcoqvm4l8kq9z9iTt-@Ji0n5fP5OqToVy$sXK@qT8#Z&UUm z?1az39Z%*(y?Et52=T_+=9?mRhb-zt)X$hgp9IlK`~Ky5i*%yw2^bA>e``6mfuZz; zYHYKS_W362cvetn9hj*}PXqY_41b*{`wY%_nZAXmBKM8RcP$qvV!~bW%{zE>Jbt)& zx)CW#+|4`E9>v0mhVv;5f!5-?$xGtWyo~O|31!0zdp5=qok@fmB%cV_YoCFq4EZ@aj-dC2g%b`Bp0N-}t zd4_4sUAa+dQaqf|2kvxc%Ks@w|H9LFiHD_l0=Ju$+2p z{uf?1lx4QL`ok&yo+#QFcFGxC_8j0f(yxW|3%hCshDxmSQ z8YG>x-OJ~0J9yUP$F&{ec#k;VFtN6Wjv(F`|50xj%6fyO0px{wPt5On<(tyWlkM;+ zQC-VF^AX?p29Z~rUPHqh_|ih&Du`cpWvTC z-|fyeT$F2GtN3ja`fd%r)OX*}zxw2x4)`?bc2<^UWIGez1LXg7I}7#AH-qf=zaD*g ze6`>fK$-A9?)_0;Ps#?uaJZ&VMq(b3+mdUz#JZ4JhqAnW|5(3#-ktxi@lIx0jW_cD z5pS@6zWLbkzKm}+%m;1PkQZ-})s$_6Z^7NyZzfjrc)rPbJGs67M4jK^mIL1TWob_v zz3)NFj_{eJ^jA*ZpJI5cI^NT%zmH>(1NJz?^#=H?G)SsIURZz9@km zsmwCfK)$!U+ga8>$rJLA5TCi<`!L^IwyRi4uAk%U<@oARSMEz~OD^kOd<>(KeEldJ z3X(>VOPuoidwWZJK5^>tax{`}hU2Z8sLg#<)PDt*fyVi~_gU6gl>G!nXR?kS=Q_e942j`nvPMksN-U;`B#yP?B`6f{|3zoqGkT|P#^5P6m@y1n+Gd48e zeByXlQUBssxh4kceb;)c&*J?U&>bFxrnj=s&reT$|Edpqv8p#dCf@|OFs%Enr>KAT z9T{dUxq6#=9m_Y5vgPm&jM{zjcv98ItH;UlvH9j=$GdTA5%WIFeF*A(+qkwmIG*g?RV<2X6@PU596$UIHw<>M~*&L5qXnda@c zUd%UR9PdHu{|@_VHlE^b7uvp2yn`I?m+XMAVwtNQ@1_*5#2ZTS zdaZE$xO!uFKXJSzxWDWsmZ|G_x2Aa8@L9_gZ|(!$n4{j{OUx7T%6?W-59&V+qd?o& z-plBFow7G!9jt~4LGGvEB#Xpa&3ez-?QIvK3Hhev%H($ZDfPdG-JsrMDe<2E8t**; zY2O$uEzP}dc6`uy<9M4mUb!Ey49k=S^`0R+NN0Xjo6oMYUVR?1X=*!6%r~7K?=94? z4-G-R9G;)#?Z9Vk!0it`QoLcjPdVO4sQ)+&1og`A9gy1!00>(oD zxb3jnzTZo|!6@gK831%#|AzX%z;B@KAahl>9jeUb*a_TrSeg=V9B&QByQZ8m^;o6> zsJBmww-ukYuwLyC3sc%RG==kvc!PIp(b1bTQB1z4DU3M zb}f2^H%^9bwEK%``DPVf-QMK5p$*GC1nPY`CElm`Y%ugFo7@j=w(*YU`~|m{m>}N$ zPP_%wpA54=y>qO0D`nrp&#)hMFc;BwSZ>dgO~fnrzsB+AGC$SzR{Ralg~G+4-lf*N zt}@r8DQ^Q`@^8049I#&P53%X_<`Ty{gYEcXmK*4J-%n|WSNLoyxZYB~pFEzK8TqEW zraCy)Po z+x~E(9cJd6ukq^scro=qf$gB)Vlwe#e7JA{{R{4ZdXU?ObETZjkbbt;&iUGKJ?C%6 z)!^)W^Oxi8O8p272K6?u-o^{r9-tGn0~yz~KkT*fiZ^k5I-m8%^N$+uPU;_oKS8}6 zt@p?x&Yvx2jt*x-4^9B(9^icO8jcqidE<_H&9Z#c9Iy7X?$jRy!$G|~o|tHdpDFtr z@|SST2R%5)yRg2uznGV@zlbc)=XaBm-kYi48ajb`XIbxCl&ytbupPu(h@Iw^08s zcofvjBfgS+pHTJ{9EJlR`6x6%ddPnow zM36L%+}+;1Xp{SkDBc{d0S6PcjX57*9cbuyf3)7Alud&*uo&FmZ_91(ZO76MoLc5Y zQogy;@yhcK7je#D3(IM|#pNH)epCKuD09@p;;qo%>%T#~4IMA1IL!rkw>e&RqmoYS zkL7>9lz4;5?Lyl@y&=5q@cN}P>1*mAgS)U+4*PoTb~_OuODT&|PGE z3$M*L6CCeo>Mw^cK-=MR>%HzRj+J0IJOTc%ckl<}S)0Us!n+~gEOgpI=hbhr zoO+vCuY4a#Yxpd6ULBs|`L!J)csDxU4_M}F*zI`r{cfd}XPL@S2d)L_zX#aqNSxhL zyz!6n2_Si0_IB#Gf{vi^K5FCrjIysG<88(z^39BqI!@L-;*C2GoRwx0_iKKVZ%W|} zCcdFD=dsL1P#M%a+Iqt!Gt70AOR7umj_VS$ByEQ{-dc{g5%uqe`#`-fTW?p&27#of z$xk&t#6Hb8_dDKE)PD)4f_nA6aq?dHrIfFScfjqx)$I1B@rE~Zp49PfrvCTv8>n}w zjkgpJ<5hy|;VO{#7B%2nm(16jI@@t#f3b!B;COXAZpd=#{n2_84PgKCpSI&T-tQc* zoFhHxD`IYUyoU<$Hsf=*9lW)cTyN$x&XYP`J-)cd@&1wG?Z{`T#}|>5{u{!Z%Ykap ze!o#A(oIj6>+N{|PVqj&XG6h_cT|cuinl6W9e4g8ZRY|n)ztp+buOKKkV?{-Ip<(f z6ryw?lqR|%L{W&Qd!!qcBAOB+m#9Q#v)B5bXRp0(d+oLNJWBfa(M}{dS%=CimHeaL*pPC`@C_eX<}a<8%6 zcd&hgzC~Z6Iy?Yqj6=fvqJz(U{&b%k`;Pq;j=wqcnfIZ}NV!8TH->E*dI!CMLiA-L zcxWNqgxznW{Z8cjipG04RUfq9`ICIgecW>QrQZqvz;kzptNl*dcT(Kxmb)+gPG}wV z!QobdC-2Kwcet|FO7Jegb~);Z+MzX})OBlN=j+<-M~H`hnus2=kTZiDfeT`t&OcAYKbmD(y!~ju72tLPUcFi$e(eJnV&!Z&2rF++7 zA4z@*V~9(74iks_iF3ZUHp$t&FImr5xbj?X1jj}r3FC<~adqE8WK%`639in|CydB7 z)6h(m&Yg|zZ6skW8;{n6QrBJDfP||kB)MNTn|a>8C{+%RbAAuAuV^ev=RU`=mu)$0 z9LYUqhV?>OJCOU;DBME0EW;+l$DH52+*{s{(z)MoY`rZ9c|PgR!+dX3`@+mm6-^z7 zI~RWzqNOOED}VS~?Ca4Q{ZVR0IcJ+7Y)pnk{rK0KP z_&aePdp+^x50uH@=Qy6bkp435y@HwP{=&V@;T}ew3g}priCYu zFh4W@aJbD#-x9S!nYa<`*P|}T<;K(ejliAea1T^{NWlHj;r7LkThLIH$=|WqpG4!4 z_#5Yf%Y13D?GLpaqW|N*-QgZ6f6XryO(ph!9q4uuh1=BOPUHMuMhj4;a#)M~C$s^% z*KLcvZ`X1#TPvDQ4ma;z<^ZS=W#ZPuelBW&TyD+l{rSFfqi}~h+yhp=zq0Sk;kLn# z2)YSn@^>`$C(xtF^|w!&zcILPI$UkXFaHDgpW5-#w02>(RWzT&)qdwKcpsooGH}1f z_C5LqZ9;CpldxRvcj9n2JN|aKfU%7{S&RN&4pEMcM2B+hVPdx&wxszR{;i@Z^WK54 zzj3(L9qyy&=a?h#=Y$OYN*5jHcvFroBzFCsnReYG+bf#$;OaPEn{lQEW7H)my*`9F zcA*`IE+cli+OO+=iv-+uj=$I7OILL3KluA3_Q@#S-z{nWMt4*+H#yt`)-HapXzn`* z+$h`^9PS&O;{vn{rI)W3;g__GelS+Mh-LVjOb(?acZ0MEy{DIf$S4 zU>}VhK<;&0o_5{LE}j!R+)1Q=9=(JzaTj6#7%f3AcSTzLjlzAx;U-AWRwFYSrE@oN z?ByE?3Jz%h#9!6F&&tDBOg@-HuPC-s8Ool`|a3d7nr~Ysrq}M$~OwPw!^&u zKML9Nbd25i9P5T846x&c>?hJ|Cb3?(P)>ol+~FRm{vist58P1Fiv!m`gmVkb zgO0zwIM18W?I``a$)CO#`-3RGKiitt-ePcHaJUERx`j#=n2!$vHwO0?hnxPrH@7}W zIqdEC-V$)jEIIJ?HxQd)JXew9nZ^s9@5JCXISAYY+zw7T zeDPF{376-4zqX#O#Oc~uQnJSTo?|~F3BMDU)K5md0`oZBP%<^oI^jKsraRo{Ew}i6 z)|${+s1|b9{ioXJ6f$n!N&46!1*X)0Q~lXc(m#!!MN+=vFH5-+yn+wdgNjFc5TNJ>)tZRvCK#$cO^7NYK(Qfo#Py8Ck- zZVgSeLV+3kVXA(uC9U`0JaZUQKl#+G1n+umx1&eUNF?w3J$jDsXC2F2O{PX9j#n%& z%Y%XMkfHoub zbBgt|<426m=zerJ59eN~wC7%NxQ(&HD<5<4+b0O)!M&BaANqJuDSJAv3 z*aAyglV6uAOS$F}#K&X^6_|DKw7pg$y}Z*?n^^r^;q#L1wKw)#QGevFzqPjIsq1gy zN(JVA-d)xC^CP66fo37)>hoan<0tIDqMY0Jd~Vy%a&^5hdK~rtlPnWSI?s1cK4yGG z#~|gtC;#C355zVcjX@8{zj^*Qf;C+^|Ij2q-g#1%X-49Bl>*Zfu3rB)N&hMO66y6n znf5@)3x2}0L3A35Y)O@EP0L)%GlR$p1!fDpn)W)KMcPiN8&Y1#AG-6}EMp#t9z=l` zvrOj>_*04B2Jh%!`(9`BKGDeqrqc3Meac(T^AHq7dfqL4o>v3g*+@cD;*$EQaP088VHPzOC>8E5pKU}-OJP9`>Cr7CM8UCWqNVzL4cQLkg=nwQO za@$qlbiZu%`?s+(s8^q*%Hh<{*)xecBISTN0!k zq`jI31?EhLTbJ~`(M?FXOD*>=Y=?g7bBl@P_j`t)w+MXRoA(*E zU(sL4?PJ2W9bCkDg&P-`jqo(&eZ_tR)B!0k`5b`hLA|f($GLdDko*4U)g zd8(gEe=k}3J^NRZ?;|sNEl39 z5;q2SG~7@!HQ$`%oR*^RkRUiEeLm!!vXXt*XfW!BmS4;MsNVkdDZSkv`wFYr`qZ|- zyardp1EiPBF^-sKm*ieS%(_JWf3QtK`rJvbcY0{)7n6y=T?@CG1;0SPSJC@O{cYzT z^R{Cv{SAAdQDro_CF2$E{f8^?y#nj+eA=rx6uqjz9L9!Z83!8S_Bo`#3Ux%vP&dLj=~Sum^1B0XUVMZ@jO93Er-6?r5yI=cP;dL zj}f>%;p%vp{yvLbH?0r*@;*!G8tQ{B2l00je#*C%Um%up_@4iikpq;&Tx^Swgr&rp z`fq)oArALxxY~bzPWm6vk4U+cfdsGkTb^$s39X6iFbT+|k8$fn&+qL#BT``AcKp4T z^xaWkq}*ix2KPB^@1T|FQzY+O52q3ecZ?ms^}XG2#{%=S!(B)E?Pw=b?zu@1jaNRw zxQ--LC6;|beLmaMU)_fn?Nng?g6nrp)CcOdeAD$5@+tRn%k?Awzmg_X`RaTt2KUG> zQ}dY9;59-`94=b}C3wBCjYJa05eql{e*7&CC(Er{fjQCPPLzDBSm#6PZ^tCbc)8!v zXQJcLu}I!K*Y__**l|p`u^t8H3b}Y7N9vO#9rm-7k>Fh zCi(GzZG7XBjESBFrnlqo64I|jIjd9L`j&e=wgG4a8iw5cQGLexUAv zq15fz?nScqPJUNb+ruET$8My3!3mLYJpca@(p|BZH8`aH4G{|0|HdC!TS8^lu`iW) z&1Uv6@_ti2_QA!<`1@)$)Zl(txOZ@0^cDZG;c4>BK(8R_lEuHF{;}M}*p{PJNWQhO z{cPXIK3t>N@B(x6*D20A()@+8*Qd@i>>tiK4qI&`?^^evkf!oHKXg}tsX>12?;3Hu zCF+Ru{Lc0Bdn2$(c$|0~a@$SR))#Ka{Q7-&fobV*r;&aRT8NaZ*EMScYv3q^3XscP zZ0D8A4UZ@=5x82v8<4&=iXi3c`*tyG)6nZ^w&+CK4d*TUj;sCY&wF})@B5p$r@-9g zaK9q`8ng~6_YVJhc)35)9+8A&iHGx@iUsz&H(GaIT5I>Ojw~?u!ma1$H7Aq4IcklR z`-p$cn}BU9dL6xl#NYZzo)6!!-Jb`{pngv$eeAvh^8{QSua}bk7gTOziaXnK2VuJt zO+t^NFJMX?5MP(ucJt(5|GQ>pRDqcTx2^T}ZPNdVPTrK_er~yaH#0_~Gk@Y<2qn08 zY0kH(g!_fPcbPpU%S__FDe-uLxpakJ4zrjSb|d}mXe82d7;fuXtu53)G!Z?5c4lRn z72Km%D}?__wiyj?U@3oJR%l9r84p*(yQKdJEkoMQN89?p9^0=-&V6H5CI;N>#mWCV z`I`giEe-Ey`WSRBQonc&MuPVOw&kew|M=DtalfD0Ygm)_*~ey^t+pIH9-n2FN%|QD zW~<}ZapXA}or=`2&7@;&&aQ>60n&Mz{ILl611tSMEdO8TH;qZt%*p?QpMS6BH}>Zm zOdM`~hkGHs)~JocU2Xlk8e3Q7`W2c<`y;>1=Opyx_|526q~*o3hXn5#Y_pJrIB|e` zq}Vdfjs8&Th=id$7yFI$@fQosaK|q_-^Jw9@>*#9N}taOKlBpoE##Mefu(Y@gnS#& zE~I`PA|U)4_zQgz`W}6QLfe@SJ>~l}YLeeBr2Ver?}c6~FdxB{c2<*9`GfSqt-Q;C zlv~$w`(t|sNmxicyC3VZhp@NOo^LzqS4Zx%gd2am!2IZ(?|(_Z9DR-iC;h*Clb?|N zGC$P(HTFHOL%hHo{!OaiE_Zph`HnQ-BlYXTWOn1HPT;!dLbQ`_{@ofym{EZL0gcFowJXoT^4b^wr>qK0J4z!_ATR#e=erNHh$v+ zHATv^eNA3(Y{SugNY7RLi%s&ciL8Uf-etWO-YCnPK-$;Pn@CJjZe5b@nY^{wj{1%H z4Ihec`x0#&-}HR%gC!yKL4g_Q@Qx?_m8dIH|Dws1Chu8n8_+H^hi{ax31lak6|VES z!i;^)a|?Kn;>`J|^!7XxMwcPwO|-l(u${YuZ;GLo-1}_3i{DeCFX?0N$y>sUd_%p4 zr|oS7X=kE2NU!rpKF|9O+yBJ=J97YHcmLwdNq!mDqzvSKJDeym+u-WBUz$ACP+g>4 zrY{n_HrRTgp=c12b(B~`pI678`)c~+F;b-86`1o9tXKKPYaSr|t7s9@^UwB=<$e1H zb!#VcMDzvUIo-;J^%#A8Ys;*29=y#3=6QHJuYZ`d_a@72f$bV}E4m5Ey387GCgk_uW^%1ABAwos zhJG$Er>ycbf=>3^qsj9KqBD61jCLXAo+AZK zy*+(bp1BxxMG;iz3b^ZiZa-VccKf@dz$}4VFPYVtn@K+u-H(*3@4LQ$?M?I{dKZ;u zKBe~|V=PzZCrs5${CCoU2=b$`nU~O(=X1*f z{-A9q|DI{-SMbUQOw;dD?Wwx!p7``Ff_Uyyv~PR63p9Okf`Z(@>v zz2#O={E8L?%r;wo(ntS6p2JFcrYsVij30OS+`P)znxS?la{WHwodR2aQ7)X8U$ih_ zD#?V&2AQ|WdA4$Rcf#A-_TF4hj*x(RFG_vVrZnCbY=`7|rYfq0 z8uPwlTRQKV%sXaNA7|sQ*7MM@0dtGvZ++6AhngWd3psxte@e){44Yn)82KJ1pI(m+ z9P5sHAoZuRpU>-uZ3vPug1Dsq$AkjrX?vcM{z1}@LsOA*tH}Yb^V`@yM61x3$Xy3n zZrh!H=OqDmDcn#pE8jCG{U4|TKgg}z)BR)KY1qQ36}k|$;~C)!-UX35z14E{`D>z5 zzr)RE3gP4eC3+T0ka*hJy-J+>35*=`6+HA z%dLs6A-VuHy`JAUWL-@Ct)pDlU+?6ChN=Y2k!$|W?c{Kq?FF}W8aI4=z?=#qkt=i4U)%z1E|`*}_7A)YCNPDEP1Ja&@c zU5c#(>W6MX=Hpa3jIrEb%4C^o%uP(SfVn0E_d)V0_sS%;WbW)VZsf#(xfyQA&%3*x zz3On=TW(49Y`K;%>qBzgA}0k{lS-{~tbq4D+U0QVJlCsosAp=Ursy2hoC&(thpm=7 zajnmdo*Xbw!cDJd?a8O*(8Ky$Qa!8C!`5G0&tlaB=Cusm;SRU&UU2KAapR{1%rdxI zAD)Fb3w`KtZ?@cR*zykZOb{J`-1^Yka{pJwuMeRb0ka-%*w1U~kp3KWCDL->R!xF8 z6x%~+GMa$ybNYvVmaFwQQZrz3*Z!URHu;o$$6j#9q;X@X1dKtL+`Is%q zxyI)tzlXVodvP7R#T+C58Ylll{EhMGam4f_nZGfy%u^;}n}#&Mj8o~MzBn(TVZiKy ztMlerwe|aP1R|AKRKEg9~Q9Gpm4fQ$RbZl>< zwP+>k*U^|TbJGa-^jo+OoyH$l|H3T;W}4%l%u5d|&pa3D^}Yk{-p)()`DhI8BDgYs zEa2}Q39lxqi`3r**55m@O+^yo#N|GvU6ju<>+C#QzKb!fom~%W9WblY{9R0*B}n~! z7tY@L+gO|-gf0)5QY@6}^U34WoFxmpHUy6H z%vq=fqPX1odF~z9{)1jb@?2BA)IX*g61?*(GVUP> zJ&0xRMf@k9CFd?d`^jkgfa&O*_f4el7R)iX5Gz;5<3ZSmS?);UO!oo$96KCg9_4UH zlYSDKf|NTr>7ntyz_tecjDAEecdPB!cXK-g%smd*6nJJZ-}xv*tlT>-SE9z)TcQh) z%dK#OKi^Sqv}3@GceoMK_e6b>a>qH`$FNUEPav0DCyg8K6fiG1-2ArLbg?;RmcxxX zT>qcOyq3oGubTh8?Bsnf+z%b@Tcp2edan7v;ZAY5zhK{mb|BZ^)@lC6ItR=Khg&w_ znPL<|S`ITDZgcFd(Z$H+_Dkn>VIIXoxwfy)q_22nj=6zYxo=r+Q|x1~OL!uUn_dp_ zt^w1K#Q^2XJ2GF)$~IFRE{`ZA_(1-#kYn*QZq29s_M!D5)Gc6&9DkRRzL*bfed}<) zOJa@pC$>X^%u!ML_bS8b-0lHW)!_!nb7{L=a|*GRgRCOUic(13;`_zzlb|^GW}Fk6iN^v2yKmK5rYgyrVr+ z85JOR9B=8A?*sS|9S|_%;D(Z?YD_KCH$qL2a-X#Rw#POANf=7Jpb7i58t>Up>ivBD z<^a$0Q{{UP=_jD~kaA~Qu6K-QjzqQ4NyweAKg#n?sl!sf@;o;*C}8F~+$%|cJ?e#& z`=;f#Io30s(4FW;RE4ojpZl&U?|%nKxG@Hn=wR-%obugHdg<3og;LyAmMiC91N+&i zE^@D1#3^6tcfz-^uHkT7kY4)VtBKX$4VHTwwtG+vjX^HAkHbw~x7!2e(DkYDZ3gLQ zp;wV|e|G#8pa1084&-u|+xn~HTWmT|@l*gB(us1Mp+ zHC4V_Em!J;jO&SLz?|v$E59Qy--#PZKIIni{|USM9r-_hVVfpxfH7J7GKtk+Gn92g zhx;JBS!jjB)qVSej-xK1sb~_C_3+^=rU0<$2cd)AlT1^*4H7z>IRZ7m>alYLArr zj^*Bj?RF&LPGYwlqzoh|*WAzgxWm1d^yfUEZ5|_5?#GsU$AhKJ3zplJG$nCkaHl!k z+2s2K{p4`hTJH5Hu$F;lpl6WWPt5M_mqY9H@_mSTKU|$pO8s3*o@Ge=JwAEn`&NGw za929q&)}^?zc^f)l?1P1RnHuUPDiI8w;ZCjf6)3Hdzf_%_Ft&KjY!`DU4qnKT_I-ow}?qNymvqOe_H}-)rU**_rai!#ytPq4B=K zwjN1Xxh(VVm+E_e3Akl`OwHG~kZ-#%Pfq!JqU8p#RYwg_T_p8a-%E?z@|F8+sb`_5 z0;V?Hke}C_Px@A<4bpOueG&w3G`8o_yXY;{nj74$1N{21)N-Z0y-4E7(*biWTx}Pt zNxupGjFfv}5^KDps?(1l31<<{ZA711d(Ux5+J(%cBF_X&Ke*a1!lZA7+92h&Ns^4$ z8{4f&!f@gx&b&|Co3smAScy*MIRo6VBqrQX`hlx+%v56KcJU8+@g&RVe#XCBpOBjG zC|Bxl^8B6)n2CP$1kc6Sc`N#Zyy|I54f4$MX5HM@uYJ0nz^dr#}q+DE*-~;(b znNwjRcRi;$6E-OeZExY}0kZ{eNOBVDlD;824=MLX|ByEh+iWCZKC$f2Z*BV>Enj(G z=>qC+VrIa28&mb{ebRr0zCp?zZn+g|P^L)21;lmOm$o3^pO-23Q|j3OxS`nrQwUe< z*=3}^97RwL`DNYJ_Um~`Apg0YW9~i6Y}+^7v4(yOUR8&8WVal1Kj|NJc;kG~Zr)32 zyyXthyc{rf;OTXmN80R~JR?MU-jjWv7sd7#`UU-nhz z8gm8I3MqHH<*vk5x)%4X=oB>PYo4_~&o}B>*W6<3tE~SIr@%t*1k4cU{M(WKMl=A? z{F3F#CrBmajmP#ja?4V$kCbIHyc;l6;7R|@vXFV7^k1PJNc}AGQ+n-c^S97r=pj_+ z7RJK5S!OAIZcXpM-=kf@)gb#dW{_tVQa`0n!%xfLF-(721l_uRi`U zuSFf^=IAzbBU;mp-xq1i7(JgdwD%#>E`P_J=#qdrX;YTzZn=+;K8Bt~%Du;O-@*0~ zlJG5Y;oX)dKbPhTdjakpTXIJ|De;vzR&OBqV zl*96Xxel&e0|{4?eh34fG$a@;wD@ei;;(iof9i(L-v9$Ne)StxX><4km;Y-r5 zN53QGzGu0`XE1L>_0j1lS~XP;t*yUxnM_JKguV=zN8oZBCZLWD5yM*b)%|m}5S9HHx z^qYYB7Oq~mS4h7C{ehHQ)pE<6#Xbh~K6)FOmuaUT=a_ZX*aOBorT8uV$_TDoZA19wp`$lIVZLe2zSla8^*qS1Jo+s(!^q9;eCq=Y2%`l z3su@AHZu=(xaణmF#bxWF1g{phbJ1m}1zN`q?BtFd;dxp)TR(&=^RL*JfGPb` zYTW5W`rhbvr2ZBP74A4}&!E}pw+l+`vHsYv*PiPk@t*^xI^0k)D{IZ<`3@b~AjPfh zAM+l@HUoW*K0?!e;-0bwg}flkOt9~VNPU)hXlxtL-{DHQoGAYs?h8;c()uCiMJRP9 zwkAlP`wU*kv)OliAE#2!LfZqT7o2=Qt+|YJSEBAn&)c?fFN$p>dJK(0?)~lvZhhLIH0UhM~NErlb&3!0<0 z_~myIO=Bax;~H@vjI{i8JQ#;uZ zZht3d@Amf#4(_YJ;j%$^O|Gpj0U1!$i0uNX|MP0^^GHf zyepLAMoIqwdKfA9ZOfg3?E~~J`V_g`a2hvJK4|*E)q4K}>3>1LA?1Exx#iDe{6^=Z zddQt;wzOQW_mK)gv&4B%^_0VylauEnq}(qp*N=?3l4G;F?YZt3N#n-g-sSkK+=#3w?qXqc6g#`PUNLKk0RgR1BJzGjJ2+({f0* zXKH#$+?{FML_yGeoPoQ`;b!^OyF_mF9kvf-UUw(yBf+5A3|H?vj%my_N41dpd${FZ zh^-U48TCYNeTdrf-Mvq>Flh35P?63ZLO$gN_kuerjTSbEF30Uz&t%RaLF;ey=%A@%AFN3FrR4h@eS@@r9O!d%H)Gp@Oq0~yLs&6TusD z{g-GpQf_G($S8-IH|3a|rtC373;DOpojKX}Tm3c11x>=?7LX@|DkJ3{Z@E>m)j|^1 zZOht&o9=HE?skX!7>qN?Ti@YUwcI4o{ztyWRMK;{7~JyzOSLEEh8-?Lzl1&N!@qIk za8Gr(jo}^oTaIbvaM>=FJ;^Ksj+>pF_5$~Xj9!%?wpQ;R%jBAp-1^trhgV!HxegLG{| z+V4`B5jZb79NF*OnRMNdWS9BDt3D^W-?^{DkiQ)x{{kofK#mVV4i=sao}X}(4Yq~*l61PR_Iu{HNE@3-98mQ?tnSj?%nmUdeGF}nks*}f7?l(4C}ai zb-&5a)g(g%?$vO$9OV5|b3VR`NFmpQr3VS#zPx`LgL@lX>Gvn$b{TjlqnZwPY!Yj{ zE3oxM5~9Sie9PT2Y)}Qfk_VzyZK3fh6xGy;6a4)PfB%(Ux5ybmv%!{wWdDKmThOmax!+iB zFMbg|Fpc>IKbChnv@eITmV$l>4paPRF(gZ9+dFDc`Lv z{CQi=o_jvmik=-b7qeem>q9vfAqvp3NVx@;`_z-!rW*DdXk6nx+eKpXp7X*4+zP*@ zxTlk+1-cX|H)y%{VVi&?H05S|IQt6p`<_w;6104y4OrK3xX+UBZL}CESKHgq*#1NX z7c-Yda{s2^TiTND?>Wq~9PY8CKMB=9%018e+W_17NJ4&7zT;Du`zO23?R%T@H`Xx7 zcNbFgq1NP!pq@y%7h3LcY~#>WGzkfJDr1^34V6)1tq-wq(6o2Bvq?V>y^EB~mM{t4 zj#qNba_kbmCC=opawCm`raRnFGBv;ZL;6kVe@MCQ{9|6lOFVNtl2DzvdFb!swTvfn z9~M5Bd7;CtL;A+(e5BlN0>a;WuuVb|W)gRI_KQgwNKkI9anRiBl*6rEd2g6JZzARD z{*@%q{^whcXX@8?mqU}F84XwGEo({tC(3S_;vV65&t6AtH=$8z1d2NT&a}@bdviZ3 z-$yacgJ!Z*4vR>?6n%=+U%j6fS7m?Z9~}D?x#io=u4`yH#Noc_ltYo z3EoZEh9C(eh~4#FzjRaeEOJ56eBf{&ApLmsBvNisl4QI$uq{JBpp{70<+|7M>uot( ze|5biej)3r4)-V0|AEY9DQ;EEEyh+4wLs@0mm5msMlNCoB|4?pg@~OXU&5+=g z#I2deHJ1d<(Qvgs^nn*e4?A4Opd@!8wolOyXca1Ej-}5T@3Yr!_j9F|L30w^?tWgg zo%GdP@hlOkzvV6WF>KGF57E15>j_k-HGcVqt-p^lc)nPQc~|S8X$UuLxe3xA)ta?; zq+GTSNbmwzFpi-Ap!?9|aC8|`?lS+F zcj#5@3ql>yRcPxb)>D4)x%HS#3V#vh(g$w*dg?D+y>638|1w&MlzXJ*R=S!!U8p5$ zj@&t9{w|;U7Sko^&!RU3%_g{7&u%9D5cCjIuDzz-bZl>;#ps!_{&OT9hqf{|6@Rr| zM0y6zt_<9-9d0k{Z%Nz=z4zpXd$I082c-UPhiBUHt`ky!wLa9qb`H7}osXn{P=D)K zu6%D>)>A{hS)X*cok`yl4MEDi#riu1+bifjG!MDl)@lBR`UK5sa6^7x^A+hgAahNM zTiS9@#&$Nk3^hmYb(?G3+pF}y@*FbOm-R}xI^XF+`d;XEr2ba1+_BguqZiO|6r9WL zXZ_thFS(I%)8W2Oo`q;JQm#E0?@MfJkc1zJGmS&aH8%xK)ZxlH!dCM9hLo%KElHsL z&%doBgy4>IxWB_Y;#&5>AmuV$lHm2iHXJ>T{)1W%GNvCFRqE|VTfXXVtbfqtu1J-y z?AM(~o&`v`3=2u_KJC{XzF+OIn%?YhO_E{3c9!$x@9(N2eZ zyX79+o_dBPG$HQSh$h4wP0B%o?n{ggWL?zp_Y%^#M?H|1!$`}$7uyu{I+}^x=M1yc z{57`(O*x*GX#G|0yW~^uIETCTAGpiYxY1jK=3KbiKm0_#UC4{1xGz|4A-1~ceAE!R z{XSNoml?Ll+1!&QG@C7*H^?1jI5 z(*2DF&0`K%{r%A4ezF(-M$`Qr8Z@)uYCT&EZxj02;jXaU!#eO@E0WNxLMbz?+TZtQ z$~ZKP{wz8yXy!ZqRv}+qbSBbru-DYP2wP_)p*L}f`-_JM&2qR}&t!jbfAU0;ato6r z;{*A3rv1fR)9P6S?gq!-iSVYQ7aeXD%bkmD5t8sBai)H9_x@tI+4MzPzRO7eHTnUm zzcOwUyg#s&?Z`806h!Xx<5BjyX*&+x6*NJIdkX36q54Rc0Du<~tRb zM9Q_(ekTF<4Tn1$-dpGshpYElzhW!Zne_)$7P@2M4nTS zmTzTS4*N2Hh{FBL;mZ8sjT>{!IS%&}%k?AwzyCIWh`~LIjh*VR%pV%TyvE^byC`Y? zPz*!LSLY9*hlA#rwE087Shjh>;htsv-Iw`86z<9Vt&ly*XW`94?>OA+EO#xo9q7<5 zls%H~m2V0A<9rM2um0Y3e00#9=Ww-r3&|%z)>G}gB;)h%ch)A8nFO5naI`#Sesc_r z6U7J1iTX)Pd>^T`tyfx}(J?`Di{oDdc#TnWhdaV@TVlH!N$5y$`C0l>2;=WW3tgE|4aC> zp!pGQJwLDMMEahnKT__S{xR1VH-z9$kMA2g-@NO5P8{vEUk zDR+_OuEA!y`Tib8oT+^Ey{zbjps5O1ubaG=RgpY}NV$5SUDA75Gwt}G?`1`v2%0u< z!?qmGfY%IN=x}v?x+}I}NWz1}ov&cOChOBnkM{clDdF>v_rD{Sh_P-6x2EOF`(BTc z=W(R|{^%d`N_yWbZvEBwz2Z*=%_zrTdEe_Dn2Q{4HuaHE;`?4pEmz<7ia#AR&%j6) zWd4|VIcTnftNq!Nq<u9@QVclT#=SjTY6A-@NE+|k)c zxjN75f^7hjFoO67`rj@1yhs0Q=cUm%SjT`HPNrrr1nK9Y_mFZ&`p3NAu^n~;b6s>a zn#z1vxwCCOlYU3$yYaVz<`suqi}V+vOObLZItku&*!m+0Lx@XypDq-q9mCcB;cn8u zg61RT&PtMa?%0zt3e`l%qnV$l{Ox0(<4OM@^ZC#M_BA@?doJlOLsuc?{?~H*VH=Ld zpa)P(#-ValP?`6av)4`UC!!03rXm$C?B`9+`zMemhLpS1a`$E4AAXnq;p+Lx zwx)68i`hqbl{+yf+{FFYOJk_LK77d{3Bt9j^8}`|{p=^rN6T^sm%-A@j5Q zV2*OQy1rM^{48YK@$UKA$3fEot~-x<0p^Pi_bFSxCC#I1TCUEc!pno^a=2kXZ}PqQ z&tZP;aOYTVN$<^vEm!AJ;m_DF1y}pY?eL0v^E?x2zhmbt-dJo;qb2AK^eAIyh1ULf z(b96q&`-|HqhJ3jXokYo`Oc@LPoOnOxjb^0;Qfrv^zoasN1SP&u{nHyfgd@=*~Xoq|5esIl7_Eo{vep2@P&0}5QWQWW2Bk8Xn`Tza5{eB_1 zUpxNRfOi%;$KhV(qr4W_u0|3%61SscmS-&PIIrs?akyLI2K>Bc8QFS}rx()l?cg8t zfi_*;fqcu8cY@Nn`usHkw=^57LpJ@5@P?tg9BvoOosDfVT8TbI?suRgww~#IVf0(Z zA-LK<{7m|+zN`l!^;hRRXJfkrbw=$_3+^@Z8~NqX$8u#J)h&y8->RUw2(BG#%plS~ zgvKJ}4z>QiiS55=Gx`?gS4x#bRQ+WhCG)<>>Y(WYH|*y%**CKOfR01Teb91SVe5=; zLw(V@WBE-LGR`UF8L{O`I~HzyZP48A`1>&FC!yz%a`k?GKDJNLcW4E2=Or=A)p?2e zA!w#L{>pmf2J&o1%8gln_hnuZhr1ZA2HE#`0Y6f*4Q@6@S zL+g0%@ z`COUde9Q*+J&{k_tK_?%Jfo2MGt4i?J=$yDiJA8)>+cbS;0|^C83XSLRIy)bKj<3Y z)!h06K;O)I0UAZW(wGT^^exNzka&D2_YF>Y$v)qA2Qu$MdS14DW?Z+EeqTZY&Z`H2 zWBz2n_yORA;QV|5IAJ)4WTooU{+3S!PNf6DiNZPa0B~Y(E_FERzdtMW*{{w#_hx_Q zAS7WJaY?@u8~%%Vyugp#R^xs`m6mCG@UP&#)6$3|Q3c;Za{%6vt}=@{H&;p%+wK=~WWE#&up zQ{2kbpX#VKO7~YzsXq3ms1b7KgK;}9?S8HS_Zo+Lp!_wZ3eDhyz>UIv>>zMWUZI(O z5V%pe3l0L;c!lPRgTRf#-Et7PCcn_+C)x2lV@3+-SU!OU&(A0IflgRTtdIhC(r5&$po@2h`*fQj{Wxu;=ofX+ZJw_h4JepsQo!r`_heK&LqO7}O0Z5o=3UP112`Y~zT(BXxqhr``? zf3Ep~-@N-3rE`Df7(bLH#bG>R*I&KI-QAzTjXK8l`hLiS1UtgM&&Vm%B8r zpNy9&G-Dj@&7HDMF?lMZbZ*j7{&NP$YNc^!r#TWDT@8?u?sCH;lyY@q4fi?Lsc zBt(cy8i%5A=VkD>3;EKy_D^T@cX^t>akyXar@xuL&Ef8EJKmbsE+TLj9E9>s!2LXfzx&#bE8Mu} zbAr%OjPv{HZ%OSU2KUfX2fkgHij2o_L&;We%)a!KCHWhL+xQ^(n}FNlAov?8V0_z8 zZb|Jp0e1}C1Kp0p0q$cR?*6vpEotpI8Z0z#I^6wj$92-$MI7#D2cdk!g@tBA27mXp z9k)*NHwrg5@4&YUQ^b8N+ygznMc~#y2>vGEUVRY!4Hp-hK?lL#INZnflUq_d4j;{Z zEZhU#j$?2aINbeh$L1M-?O5mQiDL@+?b4LL``eEDrL~LDv4!TBgHXOPxcT1S{oU7g zJSNTG1l-DS5A^sJ2^E@#a1V4lj>Em?Aov@uRA_EH2>!<4PB;kuhK^$#+D~pt?KlQ^ znZxbJecRH@vdxLz|Gw^d8^=Z<2@euC&hVVJZ`5C(3|B5Ro8fBza8%zsa}274((kjX zV5@;7oKEcCAE)1U$KaOEPu1T8=5H0+1>6JfFWd$P!{6fzO{;_9FWeg(Zd=xcAIN{3eDYc_4(o$>d!_}mlr~<3sur5K!~H&%W2SV?W-s{P+l8F}PaK!9 zmDuH`*WU=-wFiM4gPYF}Bvng#!Ed2+y(XYohU+#N+YBV(72<)RRQamEXMJzmakWBo zG+dG-!yBYufEJ zxrjNj&|C~x+wq7;vyJHIf8lQBcuChS4EK7tx<6!x@CLJAgYQ?QmqR}GBawtc;$rq& zr2Bg-`&Px@1l+rwayXXsC!teOI=2?K21r6<;*!cYdQzcz#^FjCoKK#XD4m-G@}CYI zYlqzOoo(k2TE20(@1&LQ_2lVW0{1qKrI+vWw0Vg+xzK#)_CY*V5%3I6XAxEUa-f4d6C-C;klH>JLsS4*%FSWx8s_&|JCajgFD&rcV(w+BdRnz zbN_2EgIUBHeo5CY4ma-jd!Vjc_*B-b9e)p0J&VKL;rP2R>ro~358)bxCUjV;{vIf9 z9Bvc18ss}@I)Bi8QCS?sob8R~@AD6LUsR}Oq3QJh$R8#D-T#mL3GzQp{+jj#mQh#V zT$63)q4fIv4ae3a30sI8SNeND|I}80T#BE@a}v0Ef3%JCf1%aA_Z&Y!dDryFGugNK z+(U>nT}OTH5Us_22#5Qwj7Mp9$I zfvy0UGW~l_7ajXpSbg-d`IZwJ@?1z z_p0J`d7c4R=fk6)$~Nzl=PRWCUSj>-!Lef|GjBzwp~-B>E&UVU(Bb`$@H0MN=fm-O ztaI3M7)?Vv@^-#2fSMrXeq*_}V!Io~&?88`$aAd=Db(mH`L!XH)j``)8I;dpemTz@Rp(kQh)XPS`~)ytzr~LwUO&@ zB+cJ=eb(tR_}h|v>TeDH-oE-9YQT8sa9hK>8ns6<^ObUt_x}jFy|LYn?nW~I)9+jM z!PhvPbq+_q=luZb#v(jzJxNVdh|5;=b|{$^1IXLc-ydfQNA;V z3XogxN5PW0(@?&aN%?2; z%=_3sMw_PY$&IIRL+5f|Qa05;eLN7T>3`Qs`_ssItXq^z z`P&p;Yt+f%HlpqkyvMOUi{_)(k$bJSSnh6r8#51utNxx6&o-;bvjwTY7g+9H9D5i& zkDfyMyRPDI&0fC0uh1@Je{!Trq3I7dlyu3MlZNr_6Vx0j_h-xPjIB2sj0PaLJ}kA@ zP2P)@@(nd*-3_kxr}GzOn~~%hkCgknDZg0E&SUp-{N7aiYEO9) za!-1c-xi<3J2Nv`f8!iv54hB=P);7dk6vWz9Fe+CFEdYZ=PS}5`55CZy~XE@0e}=B-Zj&?$CQ-cK5k`-YR+g4;2=fJ00%wwb^Dp%#9hiUvunx zBq7MR^Gfs=?lgy6_6_!!qe7JK?=jd;L=tKem&6Sh6`9W*?no&&>fT{M)431JG3)Os z94v{OfSXm`KR5BCE`EejGbG*W&0IIXx|-YwwjO8za{HJBeng6k%&`vV=uvs*Hqwnk z%Bd)S0C!)-_7VC9xtuR}$2@*?k(mca=ViZ=W(WEc$$84}>fD;d7{B2Be<#zpEUA|g zblwm>w#aOBxVi>>-rN*-X$G#W6PLtIzzrRl@^=XL>tj3Sm}?yFZyC6frX+4ORAgGh z)zBZ_5OfC;tCT})zv5?4#I_j8yBLq!kFvxn7nuR%uVw+Ca(pFPg|r+W^z(bWu$6z) zFU~^Z?iuFI1-IGzhbl#8Vg~MUbncp&SuXVUD z?1#UhYDMO_3V$!(!4CJ;{osaAEHW2m;Es2=^Y()qIjP7D%)p)Fa6i}&ZuI0L^Hc`z zXAbw%{oux`7nu(;aJM?#Z})>6Kc&d*$iOZCR;vE4-w$r$)FN~IQK|8-CcKN#bq=?b z-<-Y6-uBG3=yo&!x!%<5U&YjSSG1pv zonB=A>u^7slxsdgBOLBB%S{69eonOjp z50{}w9q#H3TuGD3U!4z|Gm12R+|YsY;!mOj3PtiReWA`ObnlnmU#4)^N4;MPpzM$aiS zpJd=paJU`!f*Vfb#u^rxzcO&=I$U}Gm#}-B&r}XA)41_)kvS=lx^7y&D;(|(d%=yQ zaTAS-%oT7o>=fQRykm^SD)X9hJ~z7n+hs`aUnEbsNs+mQ{P`BJnz`;4^b68@D%n|2 z@wQ>hvh(14;!N#T` z5qK?bD`i$=m#~Srr2C9`^CHvB;hx5Qny3y+=O%&nKXSYzZUXKTaI4w$+wh~z0-jwW z;ZC3&j_{9phc2Z3qw7!y6gxS~6ffmBIp*_T{2YIMpfB@WS&s`{R%G6W8?xMcNdF{y z3Muzq%PsXT?>Qm~#}W5y%I~V#??`C>E&Z(Y%hA?FX0^kuMf$Zbu%=3^+?Oo(&Ul__ zV!7k^ccyaC_X*79Mdpyg)boNC*R2U!VOtJ zhQPZEb$rd=Cm{8Kp-F;w5B4!g!heXHhyGp;k5#ejW>;`u4_C*>80nuw(~(}cqmv}# zy@qWulJF^Urr)8^b@E7?BD2ErcO~i9qK!zo_P*Ks16$rAexnJ=cWvGK$5FO_xQ6S) zXCO=h?smuD3gkHn)j~4dN;$9{Ktf&%Y&W4hklaH~`_7*m#4IyR-HlvTWQvPY?QA4z z$D+rO`l;U|dlB1vNW#~|TRXF!-qB}jJvfK@C4NTQ6`6D3YUngF+pH$fW~6@7Bqihy z<=7}R4#~O4xR5gE*vd2f1e~^TwBKq1vIV*XsejTR61?oid~ekLNxJWh?Mmlyk!y;~ zFu2YAyykH7y5o(Mqi}V+smO5>vm`&oZ}umXY5Lh{K)a_%(*=U9L1?_lCg zY8XcPyZ_*QL}KZur_&E|3n(G?QEX44=a4%_&78{oy)*am$E5swku-0jc}V;dj{bhc z_tUOnL4S?NVeOg{$p9K>Bhu8RLkRTT8s-I#t6~8%a2e z*yZZ@r1O*n+$9dTA?f?@j^_Eq%I%pX`SYJ1*l$LCk;|=P{Z($PYmpgpY^wd=Mfyo- zCQ|N)mYe-P&q>jl=v1_|AJ6lV_&U(eTebfWT~}mYbGTQMz7HCVl*=bEC3st~Wqsh8 zswjx6wBh?_7x>)4e4AMK!j?F6{TAOHSW&{yxoe z%TWBu=aDzCj>)v9K65ehJ?U^Cbh!RMjhRKdOyB3yaxguMOa!jBgLmM4g}!sR zuUKwy3E#;?XP{Hj;Nw%@HEM0IoBA8>Rb-Yq{x%|g8#EVbIjpwa(1-l)6zYw-p_$+C zO#WNHd?z32|Nfu)8|hzUT2xMz!|$Z8@)7HNOHZy*Wt>g{>mq%KG(W3O8j?zwRF zy3Hrw=V%pDuCA*KukdTnoPa{e{T^OFTfV!?VRVt1;c#n{{(LkDDR-guH-YU}RB;9O zd?-p8gg*DnVR2f!h&@tdDjuKm_Y%@~MNcB-erCDnujHDc31|%Jyo>hswBH`WkNUrB zrT&H|6q)G`cQxsMM_J#bxSK6Ei0yb(57k6&{}88dl=9Ve-^kw zFQ4a^;5AIp=b#zr88o>+o$vskXUh5YL9bh4a*TeXYohtD5rnn02%zbPG~{+gR@D>skLsBTy7ougAWE zu9@AUr8{oWs>K`ZXdHWS+WewN#o z=IW*>@=WlRhM$SY>=03K#QU?N3^2QBk<<;p%n!1m0@26N$gC!u22j^Ic&! zaNLO|phwVbI_6PqUK;p%mRVu@-`({rtJutO{9R7^m1rZ9)0cYA?Y@NEKe1KF$v2ge zJFb`hgYO{b6q~Q$==fWUH1f@&vxvpNx8NL?#2Byi_-xY%yM&h+OJ#j8&dsyj%Sm}k z*ga0dJ@VAld0#-jhtT5=_XNw$&doPv(AlUqa@R}7r1dk2QpKh@+>oEwG$Va`)E%k6 zS6gnSQu(GGdI;T#N@r!6b5oGvBIQzj zliaW75%#pci&sq1z*>F-4kAm!eY#2T-um(R~P=9_`&28o#f z>T`6S1AX(-j}-zTgCi*a}09pYl3SQuTX4mg_E2g zP!1=M=5*8qiGN?gxy1h?UT19m(1Yj>w2_JAeKJqr#|-o?Qh)pU$Gjnj=9?c-_^^Ca4=td^ zRmjdVbB^Zsc?SFCIi2rpw#4tqNyX+A9}wZPY+$X3B~=qSwU~dWu9KESlzd{9a+pcHxBZ}&LmY0YnyGcp;qV?r zoUR0KJGPv| z^UaZ{G;-&Q=Gjz#Aly*RVsmN+ZXx-U`_*1>%cXJSa2q?^n($;!e1^mQ&T`Mgb}^FB zhPbrTzNGJxpzFwy(~3=7r+nLy{?X%0nNGy&?>fuvjqMgB;SS<(wN$(Hsk?URI&!F1 zvFVw?-+LVHX3O0df8%iPaJXaPJ&q2h-1%_j?50TW zGK_^Ni1fN0YPmJAosBL)jgfq}>OLgxI7B^bM!MbOZ{1?^8C(t8jxQ&lw&T*I-`93* zPA@iF;L3a^hOUIy1@%GdFI|fS@0WsHb078?8i!neYvQl;zcNores>nGciP|meV%;k zZ-xEvH+)91sRCEZ_eC@V-rMK{r2Yo2zc2rhYgS?3f;J%Wx5e>(`G)a#Jn6K2L-mTy znHl`uNj~+rXg~ao!fg###;gTLL#r~V$dAO0rb-kYI(d%#tHt6G0EmG5Bs9;v^PwDOIgRcxNj;O|h!-xK%4 z-_Y5`=5<@XQoMJ<8_Ty|?{oa^Vg2pZEZ01WUBZ*Z?z~C+9$m+Z!Cm0^JDK#;&}<~r z3mG@BNRmwMd)QW>wMd@Z^y9h-uR^~p6Rpp3^(a}iH z{|@W~uLibrkc4K$?VS2A=Pvz=%s=J)L+2Kor5XIagna7nopAQn-^SM8DBNAvU-6?A zyn*O0r2f7m2k>`pdCC->eq_Em71d{bVhd}2`E)>w)Ao-=S`?cHYNzJmb4kAleSnn9 z?M#w;%73%Xm)IpVQq>o%$Y_`Hp&dW(Zo%Elhbx8efVY!Wt$~PCGZm2!#MMEmH0v%k6{hRx}a~L(<-KAKj?*dUkcONx;?c2zxPjPR2iE!|-|Oe+uTAXQ zV)GDO>AxlPBYhN&M9MweKjb}!?RE4idJnnl2Q#g|x?Y=TUu@>V)$5ZW{T8$pDYuE` zRte^t^N@r~iRC@N;o&{otG26Xhhp=SMmlppN(68 zclWa$i%r8bQrG={(vL%vk&d@F``p}jv8_V?L$O1+UfhSsn%V@$@IRxQl zf~)m%J?a04wjt$KOOlLtcu~FyAqiE9W&W${Ps-N$Zvt*F$KM*HuZQX*<<_>`OR;rE z5_%9vxerL^N`EB&#;z+ilN|0%q`w2*jg-sfl;BOkHUmj`g}5Yc^m^81;c9q`^zWl} zNb8SJGP!|b>N~m`Y2P8|A9#)Ta&BPV<;+xj{Eo#&_kF1Z{UxU%!Rt@{pX_4fzr8ON z?pbW=I^6X2QkN^gt8g-FX%hbJyZ;HeJsj@9bN1XP>T+K#E@kE;3HSa|@_wLjuVOP6 zt}QbYdO60rm0~ zB?KNM?irW`lfd;ZxAQFZhHuX|&*AlwS-I{+`fuTTQ143rv%uA%TyrPH;9+pbY2D`g z_qEFU-d?(a_?`LYb*FyklV08_v6!uT%lHR!U<+}7K(?35Z%>wdA6j`^5Bu7~fPAyU z@#c}|u;79Pktvg55w`etx7s8^rMe~!4>5Qhp= zvr2f!+HsneH##`ql(`_)&Q@`J{s)#j-mp{NWMTOuX-X?^9Pdb{yz*WN`R&QIj`#8m z-UIzUWdd)I@@o7265mhohvU80dM_{Jn1S1&C%EO^YulOrE`2!4yvV7Che$sKW`Nf3 z80-CsxZNP(kdypzR&CB{y3b^*^_$=U{+3R8k05;|s0!-ka-@VnSK{t~(QqGB;o9}^ z+kCHQ+nJPC#@CVI`Q|Ri`!wmN!7Nbk7uK5~ZYxOG%eEE^Cw*I&EU$XaJ^5z57CbPbVSp z4soBs&#)P`Qn&j1T1B=V_Vtsa^35{GyNC3LRLwPqf_kg_r~QCOTn&&=hpjs=lCnw= zugv4jgZX9?UOzSKG4_0MvEyxPy-A_{Bj*&io%z;Od+_k?a?0BXUvs$9@!n{?y@Co$*o+c>K!k)H%mzNlQoH#P@8RO^&7$4-tp>wyU_8DalA<> ze-5im+Jb*TiCW=IS)xYi$21-6khGm zz9s!m*b7>}Gp)DMDf9_Y7tRE?9$KXL50B=X$&R-n={rF;Q14sTJAt?@B(8m3T7W{DD`)V$!dKtke8)zl@_Q z`XA<;LtGDd3UqEJ$HU6+%b3Un#(5W}j<2Pp`5L|jDc`Ahbe#7Gab>Fe?X@D?3M?df zTpUW|`(qGs>iNMumv1UNUOm3vW~{2-tNijMj|2T42Rgnyyq7rM?JVkzrjdmxk9yy; z-V2Dk%$E0Rw(kCyvP#hMCh&H^tL?QN>E&G!-Px*lmG#PdUhc47ng3++>NqblG2h(n zlvj`2yBsgK4N53c4+lJM@lJBQL-9QVk2~J2);piLB_QE5w#oA(=Ssf@{J&Zc;Ys=C zJ;%F_^jo1Av>yJn-m7cmnwvnvaJEf1a=L^}UT<=~*@)Lmrsnz+>8HSEP_JJ9*?nfN z=~$F&7Qjr%XTbXOWWW7K+xz!7NIx@^<2LekzPXOMpL&bV;@k^&fO?Dk|7Rfk>|7Iq z#&7|QZOL;hSNrANVUJt!%6TX9UcR{bRBbYq3T7W;R~G*624#zYe|x^(blu!AX(}l`h!0X)pf-9 zNBL%NI8_ft=ir2kLA{SyZ%^U|fP|53<$759x|Mpp75S#HeyUx4+@g#bL!NOUdtT~+ zp}d5gjePbi>;iY6ML37Y@HD`q?fzNvzYKBE@=3eWb(Iaoe-9hM?O%J@@qq6C=*oQ4 z$ML?wK0Smv95;IFp|xcWMT2!13Di>p^+VC#R7cSkJ1m41nvrV^TYUTmt zn|)T6Y2bL-%@P8a5!bPjPU+gz&4_`ap4}DeO zVA_MXp8HW8uO7$WJKh!6doagw1n+5$Q{`3fFOK)~f8mYc?VQ28%kh5oFT4r7&t&js z)lRjC&HuvdZQ%Y=yy@*B&+&3ePD0>d+Cv0yxhARc&QbVIfipqIrE?JPu0^fTqTX_%m*vskLj`izJ-0C%37+*MEU5_dtpL&a|*WdVm54awM zx8`N3dXV>=$U96t$II|q0-vP9f!=cx#@pNRR>oHo&U3taKTi|lT7iU)Y-7xABCCz5 z#s!%4`ZYgrebDi)dA^JZA8pJ{j`v2tn1S#3>^AEiIorQ3_TTnf6z`voSKf2dj`f~9 z9k1TUCGR=8+j`|aCvyLE0x~@xW`1P7@AA|<{C@I11I`3{V(tvXnP=;gupK1%GUM0N3bpRdi*xl&m3?1`)uX7 zQ18LK&({2uZ?bsdiI%q_Q||h^U?K z=SKbOgXWifvly@c?bw&3UjT7X?+EMth`0?P;YYU8?-Ye`7w&&t#DC2pgm1!TioR0I#-($Lai^fDYtSZ`^wQjsJJ#shP)FdcN}T-tBm= zDaSph(An|6XT7%&cN?Ec=+D11)q{GYcqcgC!KBZlEe&_Pi+xpK6mjD~!UVRZc@uc& zJN5fK>8HX>(0b7I>JN!q3lcW6tsCYYm-S1I=cRs!a)5d}^UZg7{nWhwjP$ZjvxlvE z^GHVs9AA&?-XKBlqmb*4>shPQwjkSm=b>HsCbxOYdj|P})I%M%>aAqG&4_Dly*IMW zR1fNn;XMPdwuhTY-|~bkGk~pnt5~nR_kE)EPG_5`ygKfV?ant>JLP?i^zXt4px(OH zds3MD)j`6=Y)dO|crVY<;`NfLxsR6gJ>f1;Z)fZMn7Fl&RX^A4Vw+$dHpbpxl>0{N z{+Hx+yg!+TIpr-NPYoyn^*&;~fAM0<=EO_5fo*B!js2BxwmaqRMEU{n6R3BJ^ghC@Xp1j2z{Ab)7k0uE4Z%y!9K?$3n9vDQ|nfD-Yb!l=WqJycuaAHj8IRcbDNE z6kHz|ThbdowZQbptLr}-o3l?K>xz`ODg6*3a1wFnLQ7~2`R6hQ4g2T$v3BgO>pzLp z3e59(`8XNclKvIg+9Ks`XT4imaqZ^nTr>F^?ze(jm3XiFy*Z`@<&7`*%S(yOZG68- z^8)h`UVkqe^FeF>IloWYYW*H1|De1bKglsWiI;HLb(}Yu>!&|IsK=XkMSOKtz`=JQO)n?5I%z&pk9{!RLGZs2|$Q149Z zeYOpKK70xvKu%kZH*Ut3^3JjCOuf-|1?GLc(oga@gV{*>U2tgIlvl6ook86B&tah|tCQ9kob)h;<5b7H!+OsmuCDbyG&%FQ zM7>_;0@K~`HXvU!XbDIdhGB1?hi5la0 z^?d9X+y8r@d0`Ci>v%Pc#rHf+1?k45Jurlpkh6riFW?7o@5_$S#$sIy%qlz{3FZ9# zD`~RZ^ZW+r_YV7>z}3WchCXl$G$GUYLdLv7-fzZv@^p%`qnEv}zk7k%>69-)-#3yM zKtD`AZLjrxZ}wk&cGRai`^rX9xSzeiRK7BG+&@RY_n~SeRj#XSxpqoi2ig`K4(@!U zb!UHEtH)=oM}fHrZ#DU!5c-q;ZWsajeRW(gnz$!H!t-nwpU%03d8B(R{j%2ozR_Fg z|D5u^O!_(SHmH|d03-xHBQ61(VfFTs^PE|BKBDFIdKQ>rc%?s)@GE(a?8x{X)H~36 zuOhB1jD#pO>`NcS0<4sGwe6>*KN(B-WkNb0TSM0EAgd2A?`7V!#t4R2g*I$FK^MU{&|4gK$G`vntlal zk5k^Yr2q7YGUjWx>Rn;IKN9ylNZ7#GcT{ly>q1)IDBgmrQtjbS@*UraaRsP%mGurM z?rE40ugK@!SbOg3k2k7u)JZ*ySH_8^e}QT5c)uWhF&y4G<=t$(-HE#!UW5s-s1Lu* zal7xGY{#GbyaNl&P{+HJ^xr{tmy~y>^|m0c8;pR#Fy~t4do6tL$h7iC1{atY9PcF3 zzX_j%)eGeNx-t+$xCy>M(d z>IoV$hN*Rl-yU|@_N(;}ySu=A=Xk4={sOob)LYehrxG_8R>Kl7+_2Gxv6t+x3b*@x zwtB^sJF;^qr{DZ$uI$2Z>==QoP2Z2+ueHKA?_pC z3p-%e8qVKe`1Ah=lY6)QdZP-=wRpAP3HQh~*F!tddbr92*3px%$HcMx%- zAqG#%mcA^Pv5c$__I13~`9AS61!gYZCdqHdJz=De!zZBLwbt9SCv!F!3!|U{>w}Bz zczLTGFSoCoWf(r1=-2|Y)~Vl@NI&k695a)xdXpz|+QS>fEddFivX%REbi6G4OoG;L zpU1R+iA^dnZ{U^vk+B_qu+NP`L$fH{)_J$!@CG?ZCkK+@hyRm9Pa|_T}Rw^ zAYmKZ3K_;#BY8=X^qbK+1?GFFymGyBJ9+YMPnCC>^_F(MGyhNj{JgI{y;fkduT347 zVSJZCbH}^hdV3KU1qq|rj^csuVy;_BJJpaon7Ic1TV!s5$;a!b=G;p9xsZKFs=QmR z_YLCy1KZ$RaMw2zb{$>km5KQUrZHYGSqfw7_NTni9CW{xm4DFBZzXOgNT_gU$@@ID zyf-kvmii4ZEHF1a^^i~c8c+o4ZDze66So#5{La?Be^kBG+W6kYy9H(}UR`gIG09)# z$r_OIzHGfoq5aeAzpVS~JjT3NU}iYwEsO71INtG2wca3cXMuz|Y-Kz#mbDQrt8Dw* z@rKC3Oudo!3(O|GI{xWJ`n%yZQ11fk9Wscx z!Hl&b0=0M{ZhS&n6X6A*t-JW+Ds8{vwX}!UDen~0e+bJ!z2|UVAO!v-F7Gbp;!pwH zx%*1n&+2(JwywZ*alEIIzCK(6>K$giZHem+68g#K^xu=i^tI(v>lad9Iq!!z6qpfs zwf`PW`d8pJ$wz)UKVKvw%9}fca)N{q+fB5I^!1@zzVqLo5&o*cOmw{Rdy1!!=QL37 z%}G)H+ZT;6+Jt_B>eyw z<9Ls<-pWz#6M@#y0_6R)wYa%M-d)s-dF@E*Rgbs$w~W{DYLNFA_3c{5^d+C37b@@} z(YfirGw&V``tSZ$<$YIRj=e6m-|oOS1crguukN?8#Kl0u%WM<%_rGrS;U=y*QEs!j zz*NT@=ATUwy+ZmAVI8QKOA!(RPu$J82Ht`Bu$t=>iyHX#FpGLP8{a7`s$Eaw#E%6g zj8}u!!#eV5J+$J(gRO_~)&g?_UeAiZ!uK<52Q4qnNkX97P}U2fIW&SQTxZkyM#3I% zOXz>)xscel0@D|-Uu)cV!rd1g$!G!; z$}U64b_D47TB5z53d}1`{yyXz0>eN~Uvj+4{DYA56mc`)bx?=2qhh{m0?$(C`@Kb) z=6iW}4O{(woqbQ>Kg4|t61p9g`FSNhA4YzrUv<1&CEqZd0{NwUvW`s%c*GTfgxYK~ z%`5kLiy3KMpW4qClm1G$2Glz{X)=Mq#Epkn;U$pwvgmafGu1!OxP`dNBUm?qv!MbVg08>KvEyy=%6eA#j{>vU z@irm-4bUFc`=>4Moy3iRQP8Y)$=_x4(#mUg7MPzL@1x{-8K#4J8B$6Jd`#T;@F)BR z?tWXHR^HgI0(1Bcsrt>khxP#1fO;!h@4LhubuZTt;UaMBq4olQ{-*Wd{as*Ab-Xu{ z{ubyB>TP1ZV~BeR7Qk$9%ey13yitDrqJiUGPWmmd71Z0(dJiATIR!3;+TePNocc}f zx9p&4?|3gKeMjg5>ecs_Jwe<&_y`t(>kX%Qy_}%A%kln)^xwe`px&Ogyjk~gZ5E24 z8o1sTY2H}bpqY@tTbq39n|0EUg}*M+8k9$Ge>LXL0|)I=1S4-+H$Zw-+Rod7$+2 zdPfFLU&pKUn@2wNermlHiTkJZ8^e2_adXKFZ)- zNf25%L|oBt2I<zx?n{)zqTp}FHd;~$i_D9szq51Q^7yf-@D^ZtQ1oaRjw1kI2P-u{j^{13b>(!AkN z&^+#V<$lda8U@UQj+fh~B`{M-1-Ykl8V`8N_+RIcvekY)f_Elf|ETA;p7BkG*Bq~1 z)(os9Zar*)5zKkr^@<92_-hL+jU?ykac=bf5U;K?{YsuA9?Uh>L676J{9*>i5;q+_ zf%jorwbZ<<*j^{r`@ABRgQi`(RC#xi{-}p?O(Ce4+g>FEV#K`#t6@3F{Y`x@_3NSO zpMH6Dei1u4XvRC;7dnePwLoHJp0$Fl z%%>0LexW$tzifHMT^nBmXarhby>InO;@X0QPHZ!s=XHHBe0tDS=7vEpnVRRdNPj2X z4eDiTDIxF-anoT5EC5;0)ODtaJuc)vq`iF6=ovxN46k1bV?H7M_plArThn?&57Yjj zA=Cx8ytQom)%L(mFJ_SAy@K@Dz;&SBPS)FjxE>%uo*#7Q+Ir0CdltfY$2s0UzT(t%G?i50rh@jz1I=f9R@=`7<&cx zRbJ^I7roN@9aB4K);i_AhxCubGoaodt@mx>mcf4@{e5sz>(%;A;N6MWOV%3qagb*# z6oYz?_dg5l-koDAj`i!;W9!lP==FWA-`8&N*ZC85g64!s>bR&u`g5T<==uoLQ3*MZ z68AbR1lecv=qLM+%{FV~K&=}zr{mH3On(kTjxYafo4~<5hY`iw!ttg*FX4I*=6MNo zVbBbAyy?%QxZZ<#9wman+=%NvnCC{~7ctJmtHrvt*jA!e5wY}ll&xK{LiF@5u4l<{k1ZhD`M!<^6=ub_^`}J9#V9>jCd8PI=dm=WF=kzj%*&oV5%% z4&3s#vgZfA9uvMeXjb9%q#%Uqq^|=_A-%kVh#Lvdz*umv&rSQ&ABX6D_t6GH^P5u- zuao|5SPto4`Tzbx{2urn-14rs-hJ(?A?pGiQ~T|Ram-EOWJvd(LtK5h5}JbC$6m`` z|4-QZ)$yZuNzh!3SI2qFX+Hz#J|Bg2?`M3L012DfHu3gfZ_x2g3~x8Q+COY1{pN~g z%x{qH{Y{)adoCfs)~$#1_G=mi%|lK-wB`GCf!>hrjS}|&JON`to-@?@a*EUHA&U2P zr@Y=3S!NP>rb4+=qqA_gdv*v7F zZ}~KDxN*?@>D0ro3iT6v>*FL%5TkbW#Y2kG8<#JvYgq3t~-+e6>9abEb+py`9xvxT{s z{^WAF0BO3nIq}zlga}*rK4fiYavWFZ^Elqe@oGQ$Ic1rjU&hQi&Hr6WJ#WhSEx~6$ zf`nh$y7i#meaG8nLGza5-7~tZ$r)2NS>Ng94G@1cNI0HtCa=7|P|6#{y9uuz$A3_c z`@3W(f1@$oYo6daLy&MZ+f4PK$FaFQXb$I@4)y+j^$$_JXXDlStw=fkTX{V`t8UAC zHrq_UD{yhXUk|1!<1@V4e$#)?-ra8p^LzFYyuBUo4U7x!puXkZ7W>sN_1eRZA9^2P z{1C(YkW;_s@%`#U3&`ZXmH2_s58U=pWRJInjBBMm#F_=oG{<{C>7Rj@A>BKlxaF`G zR)cuwMErg%oaXhe2%4o%J$y&{?XVlty=9-|dKpxN^y9ciTK|y1`>W#(lBYVH4e8zs zh-(DR;Af5>w;m#C-bjm}DbGHrMx97#MIQI}(%tsZme0C@1o^%6@xlGiZ*rfY)UVev zXwGrGx03IzO^kUUy}SeXY=rfWVq2QmTp2WN9q<2FdE)QA zTeGb9O}3f(Up*g3u3=r)@ut6zQQNP0<$a9JLBiE+OYG@69iOjV@v(WK&J)3t7!55B~!%9MlbNbR`ov%n5UR;f`p1}bNE2lpR~MkKhl}ZTfEjmQ=Ml}^n9Vu(HBZS@=HB5OqxoT z_rI;n>bNhAw=-UC4^{D<370tDCe~Z-Y3@sgtKf22zRsBZul@eFMV9|OtG0*u4MB4? z4-BYR-#79!`Lw*(W+?A}yRSvP3A_*EO|OTTO6y1_8V`=a&U7vp{h*Z`kF{1cwP{lY&ka+;K^2h*MNo8#4b zIRCj+J-m^jya%cW5AWL<>fs{C`(6g`f$AZQcehjCi}5vuwvP8h>;0a%+=;A#!ST?F zhP`Q^Uk_sj`|m@R<5=25?B<}U(<4>CS`XKdPy2^e8OnR0dWhq_9dG(^alPYRpTT>e zdPv}%?UYyRp`GJR{DXRk-c_<5!aW&JI$o`Z9~|%24COsgJw)&p-Lii@{N#9l%iujw zJw);Lz^li_ulV-D1<$AU+b-+9e-dL&_zAv)F^6TD+}T-XiqG2_??Q2dW3tFKB+ko8BH?a=a&I@E)ihJiMoI%}~ob72j*{yW7+$Z}{`Jt> z@m`w2d!TxVFwbK$9q=>?}6$eiuZTCI!=8VpS;gyj^iC_y-SJv z48Da8(5qVNI&?2*9{UIB!y|&`f!k8`P)z#VX}P8zXg~R+^*%D4=O5wN89et26)ID| z%lO>`8e;!Y$@+~y7&L)CDerjF&xH3uy$S1`HIri)j+~Wi0i8`DXwbC8>m?6W?r$f3Ux{|-Y4r^D=9~0 zT+rOsH?`lUk^Us!H}W=H^%h$1f+KUxH^hGrr|vAdJ{e7$cYEV$4|uix7L#W;`~~XO z=X9^1%`;jcVKUpMKl0uNURKb;d4HYOL*!|$J38K3q?a|hxop)tz?QfDu{q{_>;0Im z`(A#jTM2sJjN?78U#h(7{mk(W{TE*EnV{*1w$ur)%(i?t0Xu95! zS})m1`faca)cdOSwtS8I>0u!Bff~FUKace-r7PjST7!&1pMrP3vr4A%$dx*UlG8^y}w!SLgGG$y|4rNa;z<4QX|f4Z~0}O zVb>>PQ-bCb$6IkO*ZAQaP;Ui)3Lh9t+;sQ=7J@vdqW8h~cf1c%zv1behwe<(@7JW? zJuutsV5{C!toJ6aj~_A5uZN0kGp(oU^H636*KzRrsd>j7-}yxdkx#uBTCZ*5$&IAR zbl;NBk3GDTo$^-3cRF0`ctSwV6@}ykf9z9cz(m%3$Gp*{kSRRQJl{^ z-pLg4V-R);pNEQ6S+_wx!iW0`CWS)7!&Sj(5txs0TBb)v-aTdUzI} ztSP_bcxPB|vr0MU3*x_llXy5&evfN?9lt&Fu;+Pc57M6{@LuG2|0Yk~0>(3-_3)bY zZk(TO8W7(aT7dk%)gpU;(bMVPc|kM6@%AJAV7MF9`>ypqO5BSeVJ2I*ywY|hXnEuF zgXSH)TEBBi9~ym#`HQW3ms)SpTig!@60TlU@_K-8O}&3H{3hcE$J>y6SHSh4-ruda zS4Hk+C;mQ=_tePsV_ipFZtFq&vpC+GgHz9GKTe)$FbmXsezJrn@E&n1K*Acfi|Xxv zKh*Vq@cSF|p@{{oBjWXvsrhfx{|?y;Q{GGb&jKeAcQ!PHi$Ka-z8d!c@?7H>J3f== z<78eKUdVX}Z`gWUkp6L)3|iiH*1May!`|jtg94ECRQ2w)_3%s?|G9GWPSE7umGYiL z`W`S;^5K*9RE97T0w=~f??Du9g@&}VzVv5O-ksN&83gW(n!uPnB2`b#l zJGns0JJw#87Oy-X7g@!1oFS?9P(=Dha2cqVVXlP0O~l;}67FF;hX*MqHQ^d`(4PxP zd1wC4y}fdt|14-8bG&0nKOGi;diN$xJg-jNUN~hD_rrjA8*=}wly{CTuXyKCzwyt5 zW|`wXm-JUbM^JAr|9?W@5#lDoN3Z}~@9H#fWG(B6(NsNXdDoLqy%nstwDRsq^Cs2@ zO>Mjy%DvD2fJz{-($089P(t=8#9ah>U#CPSHgNwq`E`8Ph|gO3Oqz5`(68&SR!byxjS`U*hBh)4`_>^-ixib8FB4kF!TXgFC4@}vEq%{en7_w z@o$3WDaU&c=^uu%pxzGFJCV5QAmMekZht6cl_1{wd>-D&eJ^-DNlbW?^vhrcsP|_7 zqd@f!IoE)M0c>kz^BguWQ}vDhU-=#N%c$S@cR>>xnyQDPq%T;^IvJ>!A%TRzF5((5 z;rt2np=dqlu`m7e;}$P9Z zA6yS}yemlmA6N_OmG&s!V&eV=3ArDY^lBZeH_V{tf_qctEl+w6s)2f^T5m(*+CyLH z0i8PXOm17h9%ec1Ov)SI6*PA`-a(`v1!FixueuP5#{xF3ds)Wg_Y{Ca4Ww%=lZvd%Cv zRlkpuejY3a^?q%=IV-sK1J$7_$a{o`bB>gKR^xB~_|W4x@^{b-aJ(0gejp43_3p9W zuZRn-7G>$lU%ws=UvUelENX>J4Qln^xd^;(mj2pYZN< zaLb!;>Nh$5C>t{K@oN8Df%G+@5vZ5T#u5VMK4tC=H$g`jp2hE1aDQok)&nMI`QrpR z-o$Ilh0Lf?ss8s7(mw%{K)qZRkdS<@=>p>42YIil^k@3sp}uMTZv^iO&n^gtr&#^Wq(wc3ea&hRjz^ zd7F{G9drcser>&v6Za}eSkAW8@}3YfwRqoCwPb2`1?j(p&7fX=-&)oGaBmP?1I=M| zg!FCv<86*D?_}1qq#nG2kQs(o>!AbbZ-zTSz18eIVj^+x!W#G#R(IxnG10Hv)lNM~ z`;CS|W+`4hE=C;5Jc&G;LA~c$Z_ma#W;^i`5EPL}@Od2J8I3z<5j_xJ8~yt%eH9W1}`5VMyFQ90(U(!O@2)kC;2WOg{-?&KK+ zqd~pA3Qs~{E^+U{8u%3C{b4#!>t)CL+E02Xg-m!%s=PmvK6?$%Yk_*(TW>YuYC%1y zvV^wlc+CvI-0Dr>9qxD=lczac2kO1mdgcC~TZq3MxaF;cx5Axi{d(n)S?zf5CeKKC z0My&Zdh5p@&oT@I2|Kz-yphT_5UGHDHzy|2cdLZavgW zFK?BQxe2cxZ{LvqN67vn<<e_d{BSOquQ*LF9}5x>Kd%zu+UcOBim@Ayy+~x|3h~fmVDTfli?1Vmc=wFqF85LBi8)Gu@x1_k~7J51A=={nY##0d@8Q zc_xE;b>5#8+CK;SJ?a?VAMk2FFazJuu-)-q=({*m8*}A)zXYw>W-9N#_2;6HiF5r# z%X{MDGNv7QI)awBg5&l7Y0Q13)A^pXCk^O$ zJH#`4sr^=W1N#=*gO-<}p@hKQ#61Wvz?0DCqSQLjEZc9%eb};o=hY0E9(cWER*nbK zFNWoy-oE~4fwjba4-$5;9m$&D;`;t^rS)(^6+2$46*8~j)%~`Y^oM-O_yg3t(0Z>S zt|#0D{Xw29iGIN~8jh<<3;lH!>0kI?nZ!9E^D|zp-^WQGgISN~)O~mbm@?UX` zfV|VGX*GYHqMP;VJUDV*$ecbl<(2k(GI>q~^?qx;{>J}%p!OTZ+ZC@KZ>Qs{4fP!F z_tx8txa*(`M8Ivop6v(pcnjAKnOTna7Sa!fyFtsl&3Ydp?nRI=gROXbcqR9nc>l;E z!TBNcBVG;jN&n$7T;pS_{mYS(j{apOabJNx?=6ur@)tgq+V5NVdEJN;Yw%_Ri)wLxjds66u@5y`bKQthd!h=D84uxloOzz>z%%L>(go8R*W+oZ@KSSpN1Bo-eT+hl(-+@ z=*?X7fcOU1-D!mKyINy-X{gkNl=m6ZC$0^d7c+R9l25$>|F8>`<_&Kv>5bhGGF$L! zJNp>l8d&dm&#>M@x6uEBgsN;eHDg_+Vaa|#uB*%bNVKJXnG37;bkd&(7l4+xw)NgX zTvw3Lhpqe`Px^U5+V3>d$J&QXd%SvH7()7&pu+blZ++`6{{!FfPSzXR&k@yCnA&4o{38T4(Rx}LGX9&a!5vWAJcV%h0+NKLginqfdhOVGfu&ybF4}J&!SIlXfQFo9M$6w}s3Fj<@npT!(_YK)v$+ zCj`PjGbe>-;UO4alx4R3;CqXD`{!NtdILkIH(m`ZNxu%h1c{Y#C&Nq$*}oBIic7AG z$H+gC{Mx?+_`C{K11*>BBLcIDTL_=PGDw_4|H2xIe9y4$XQvPLpCgD237Om{Q{FF0 zzX$#X_4f436}amc*3#e^7zeJmMVdD;G-NKs>$eix6Y1x}TcBQDZ~uw7-EhpWtlL5> zxqicrmEQ|(W#=*b&NstDW{%@Mh4gKA8FMaM^)|BQy^Of4K|&k0rJctTcn3J%&ZO@K zH-mb)ydc3pG5Y^DeGcIDMud1CB2^E!lYTHn9q)C%tAuy_0lZPXHJ(cK1J98DIe5YG zcFW+cw>@(`=r|#9PsrSo!P|g*S`RD!g*QBsc_LnI4;%1ph94bo1AAWRy@PkQ!DNVm ztpCknuDG%S_tR$k$LqfK@Ic5EJe~4>N&34xaQ`h^Ew8>$uflKihfou$gZqA&zG>|& zJSt>vbiBDs8Do*>GEgs zTk4HH6fzZ`Nwu>MnGxkJ%o>vz7AprM&ZKzv<wS>8XF$Sq zwx!nZ;~~@B@oN3P=6HYo7xfSu7c%!}@Gfz@d;f(uF+OA#9>OsI{AG zoiLK|^B8_JVkPT*^A`H&bM;22hD<-aIu2_``mS&jsP_)*mHpL=cnSU3W?KK)xBiFs zLZ`fQ$TomHgB`D~+a`tfPx-U6GJ3yYUsNZJH!Wo5I^GfZUW0cWZxiP1guou+0(%%w z!7<>Lcb4rR)El49`OWd3NBZla186;Tw%%unn+gkI*!LyNoBOt3zv_+644I->YQJqJ z&#$lx)T`^DN9|?I4Ar4BxaFO5r+>_;H$02|=6Gw9zA3Z<^+s)ZA0+Mxm<}(1>n%>J zhuABOOC0ZV(*Fd%gL)sb-nxJC&If1**MK{3FS@N{Jw#p&nPSJQ^)Q5d>YZS{rPagg zw0baeLgu{ZQuX^JzNWc3<^{)FA=w=G9UbD9fP|H7OB+YU@b-1QUy%N1*bZ9W0_!dN z7x(Uigeq+1Jd}Q&M2|P~ddSRkyl0TU4%7wpGR&0_xRkh7AmIkKrIj~|cQ0N&jw7V+ z1w%l+`aZom#4Uog@F~dnA(#KD%%@u0_N()$#9WT!iK+SDFQl*VH~k8zw@$KzCU6&V zqhSh61jB?V6861o?EFN2Z$svl-Wwrvm*f4I^uNHN%pTO+*m^q>HxQnJN1?@P<~Ka6 zC*^HY+aE`%H?bgO-gmqUN&hkY3hK2>;DP2@d8Q-W3B6&`&79vr&TU)mJWai^w?pQz z=Tr6YEa~5b6`_bFpzLRTX!8t+!A!Z#qf^CTa--AYYIs}5ncrK9`An^m`~jMAmKh4+ZOKs zUIJOik^VRKUdVjl)WdS}{Qy6KdQVQ8Xummm=4x03uR^OWJYQLi+vENldw$D}636)^ zx+-KYos_EIk4XO`{0!=S-gLfdJ5Fv@oI>Y{(g84qGSy#5wJVti z3Np{r^7&tT|9N0(_a%q%-t2g*@c*s>MUd{TMO+vpT*kIEZ)8`TVwdFAucyfM669PdCp!uuo)BI6yr_cZWBG zZU#u0%eJ)gn!iG(h2uT_Fk^&QyO!R5<@3_KVZ0AJ-t_ksy7ikZsQn}FGc3&;!TYh} z{r_qYQM`w~oEn$LsW~vKVLQ0{ zO}xJom-VfGF3DwE+W0Yo_ksU`H;#Ad|G?`R&s3O_s^9;wdWhm}^FQz=@J?{NtJ&XQ zLg8U0k2l$G(sZ9Cek!~G?tYtP#|zpXV%eVAXE~hMOU_GRJ6U1!=3BR)~%^N$+Gix318^dzUJ8&fr zb)|b35x)W?46jo9dDE2h%(2r`^(!J%0%LfTn*_Kw`1l}tg?yc^_VB-pJvexgW2WEQK*=P!4%6?_9RxjWK4e=zkVyMqC?^&{aM^BXvKb zo-deanmK$PK7#tiTP>NIaR})Lz+IA$IPr%3&jODTHwh%nWLt{~pRWI_w+0i+9(?W{ z>6t1sQstdT`Zsv+^=-E5Jtb)}fe(oL1SE7gCG&eRrMxn~jN-iwZ&(r&){rj&TR^?^ zkrD#O9?9GTE`oER4HtG}_591;`ilpvncOTo|)#9w-M=w!371zg%WE;S)SlnTfII=QWp;zB><+UddLybSV-7*Av$nBs?^kIyiCv z-*eFVjp6O)czclVIhYITJtk@5z1qj*nWNxbI0J@X#`*~N3XGqZWt!S`4DsGY`dGea zX5iI!)|~XiU@WNj9P9m*xQ*}^?1WAYeQz(kJM8+N)PuD5M9?!oIpvjlXv#w2krh(j zmezYP^$-qu=ImEe<*kUX5YBVFx^CEoxcgudJPn;1)BjxJx3gJxzjb6?>lfNXywEdy z9q${YUj)lR>!Hw=cN=l#kEK08K8)wWca8eK*R$ zIQ5X+AJsimjyZ@1d5-V_@{9(FmHziQ|HF*W5t~nZ(e?$ITlWVLU6A)R~X>ev5vzc7kcI{yc`b6P?PlSU;wE1 z3F}=#+;5OyKs`XiUfhq>$*+fQ_C5hEuc_~u*Bx(d(l>$Dpx)Wm8zpW$%zzhR$1SWw zxA(o%Y(F60WWRMW=bQPd_P>zyAHb)e-Z!lG7vge*d8QJShjLzO{i2qw2ko~^L(h!K z;H^SF^~V2!w^f=qe2Hg1$lz_@ct7|D-o9zxXd}=3nZeu9@h<-d-mz)kcw^7hdSn0k zz1#7A`VYKw(!AzU=2L0j7|v;qcg;WWu1@oYFJs)8!Mn`ye)$i)JJP(-%RO_{n==1Y3`Z3GkB{x-r|4YZI$K? zU*Vbgc(s3MjPDxg=y;EzpC$wb5jPT^fyZFcrHt(x`p0o!>(%2p+QKu%j`wBK&yzf$ z#~Z`Vr1wkWet^H>4-juHPRi2%j!pB%TYBb{1*!5L=Ftbjd7$2^*4v-Br{Q&&0YzM^ zi*k)dygTjqS;{N-@5Wj&uf&_1ERr!FlYR|s0`=Ch-Xjb1%$aZr)Pp&kFZ4OLIkvpo z|0b^S%nGNxElJ-CR)cyQS?}kS^GuH_jF;dG=+Co>{Xfs)IvCH%vo1EHG@?K*Ze?)KfOnL6j z(0Zsuo)DY{>iyPwd+{9BMZ`CT*O+s;=b_bU^89?EF%3fSOGe&Im-Vq`%B`s!93Lbd{{C>Zu87iC;uOZ zu~tBuT_8cmMOBmkGTFsM2@;~@+e1Dbr)8hQJQc14{XXaUNdw;ySGHQ7IU8z#JWrzY zxF&J`I&A+o{`fj_hi8gto9b;r`l0YFsF$IMgutn%=9y+N0Q!RK9iQg)26?8F;~hu( zU*V9`Qr<_ccMNe;;1gH|;??`<*W2^8mNypl%y_(>pVxd#`Xj36nTnw0{m6P75O)>y zhA!ZGqqZH&dt0W_zG6c;ZXE9b(!UI|LA@KScN1|t;OH88JUm>|J0{I*MtCMb-K3ZI zMDnRu`_azRx2>T%N;-&N4j@z%2CmGRpU;>W;9aM#gxq#rjUJ<|toc|Wgt zmh|t!deHJ-V!ht!^l@-GG=NGMruJL8EWe$}I9BfKOWfy~g?P1{bte72Fb34i5KTg0 zDRJwd7=8fpE@v%5)(d9YdeG-K%qY*4c_&rByGVc38O-HCy?P%(J>r_fjc^0VyeOxM z-#=FvWakR`e!moc&@-3e)$-m-`tk4rsP}$b-gU$k!%=7EnLMb{o9Dy$pGtXaS+C3w z<$1H{XwN+0ls8EFT2LF*8?)Z##B~4(hkVF0y){zzf&0A@e<`obw-RGKv(oYQAm2Rr z4%92_3WUH@MU3?!?=0p%Fp2W6zRfT18m^%y-FRi4CqB+I*T0*phx1537@h+4US+-4 zo}Fjzfkp5JtiFTu6i7YP&GOrW)I$$RKfyCk;`RKz$#tG@$n!0zcZ~npL9O#d@P6r( zcN@MxV2|UqU2)*(n#}J&LS42EyHehp{PJr3N;^xIH|81dy;OM{lKxt_0kph)H3@<3 zBg&eg#7nrJZKnHG^!ISW&v~W;-tx)R%r8m*0qh3#Ugv)nc(4{@A$S+wfE^q#6}tK5 zU2Nw|dc1{S@XQpv+J1ME{)BUw!-0CoS?{gH4TSq)IOuw9FYb43W!taR!?C3IUh+)- zqEtPMBmHvN0_uIudTX7_m<75)1gbQoowe|fw=MJq+RkJg5Pz9^z^mmQPWsvKI;eNG z_5MKI?;s)jJo+H|2VMWv{ies8ndX_8Q(jq*8TWJramNW77WsKY@C+|2_2lJaZgKIEC%%i~hSe`i95*n^MoWok{x3 z;RaCe$fU^x9w2TU%z_tT@hPeG`?x({tY;_7cq6>PGu1yxt+U5TzaEM~y-!&0$rmt& zf~IgWEUKFFuC(5fWwOlUr1utjrYBx)zY)?8g$F>rQ>=F;adB7&tDseLj^iu*<04_b z@6sMVl;h%U&&+YkyNUFN)Mbne>Ro8P?TPCJ55V29z8>wNzVGd8kK;a+H`%Yg>zN&R zJwLCRMEb)o>}2`U;x|(iFK@3t!F*l%QoX}JCpO!y`+yX_RQlSro6LA zU#1>oYEW+>--{49KFqiQ?t{Bw<@cO7c?K(jck2ZI`8M&&c__Ssaq8k!{eDIITJ`hH zgP`6v*4yV|`bpRX>tWt@);ViuCEricW}fer{^4#Z#pj;s=Xft`!1ZT%3)K6l^Lo632awq z@Je~boA}N%1xr)s-xo>$3M>Hi+V2uLdV3kOg7~#?JkPmG{f;@+KfYGm`qg#Y$Y#&9 z$E)@5EqS&=F{rn$E$<-avRO_1@*csq1?5$*TMxRa$b9g;Juc=7-4sZ{s_Y&*f zOI)=}S+j@s5MRrD@(ceuR_ku5ao)Y8kNo7B@0{|ECjHk??Xr}2koE2+uKMNlZ*Utl z*+BpI4cAz?j#Zv(by8;8Z#atXMSCGC=(>(JeXnEhV-mjbGnX1j%cQ6pD z6w@!#AIS5>#oJQlT}sASnL^Xe@%~Br6RyZJr-OR6{a#Ppt?&R0gN8SAzj_DyD&7Ox z!;VY$wcoOZW)@!EZxcvA2Nr;OwLNSgZkxon$TNG{E^5L0RAb+3X8G+x>OuBf{E$NP zt5aSX_m?AIc~I}UwjK^<-0$TUn%c`#?YA<%tKbgDTi<#&6So%%TC$!G@*W#q7pPXo zuU~Dy-eHAiI9{!XOGtkU+yPo%s!&4UE#f|g?;ru<)%kmQTMs&4iyU5Pmg24C=QYKo z-vfVvdM~EF#QWM*#%Wjj$Hj;ITgRn(OvqM$PceZv`=iu&;VAM2;UrM+rPg}}adkjK znC%)bwT`cDd5?jN$6`lNzj$*cF=6OeS>_V*Gy(Otu-;b0wFe1upN2cnR=BSgyT+5INRg`9sA*AK?RJy84fl()z^E@Jc# z(W47Z-H%h{mGSu`^1KA@=2_m*U$1l%x*~BRWOexq3eIqV++kL@|U-Q zHhkU#dVzl5i~P?54-)qbNSMO5Y0Xr*v_0wZ8b6MDT#@q5CjA?*5Y*eodRG(oBS`p- ztvm;le%@7YqGF+m;`NfLxyDWUx>x6!n?b!@{LcdYuVKv$cEdJkx{D8X^Bx<{3v=vx zvbLvKsL&j-GS!~Wxt2a3VxV58NfH86Tj!b2;oR$(W5Md3j6e6%r{W!H`z`5bSCBDw zN};&|ub0efOlQ)+3A;eOXVRVtf!){hyvhxnAK@D4#f7NyoF8SpRMaOmKb^#mjTIG| zv3Ru~$nDQPG31#F>b1v4!2YkzY(DF7Udj7U!?yivKM=>e+VRdO&vN+L@v?g)1kP>4 zcnPkDR^YCGR~YP%8Pyv(yU-l3@gapk6MeB+FaAZJs$1B%H?9^=kXwNG9oL6L`luDP^YE*QUk6u_&Mj}NwDLwSC^WTJrP{*}apN1g?-Uk8 z99(a>LrHI>QK6~6I#u4IJ5h&lKd4uqU+UMHz5{l_FCboBhwe2b<(2juxxCPH$E*Fr zIbFC`0xdzk%WQe?BknPn2`_+Kzfaros2<0$riJDi$GepDU%&=X??&rAEt+lqB>woW zj4i?SE>H7DnicYH(f!L?gM8}!;UAQDZ<;sOywK$FZXvA)EpI2so9&-I1ErO>28pDP z(0Yhm!ExbuhvSREB*&X)y`hJ5%@*RbyRpyMy7kb@_Ur0Rv?w&UJ6N=?m;{~pK*nLkl~}8>$FZC@@4}O~ve5j2 zw_4K5b19_%0G5K5_iX>Oz}LhTgM_+_$yeI(-AKFkDD^An&5C>;zpBvG`A@36GC%o) zyn7rk!y*ZRgPNaQ%{UCNj`xr3&O8kYLCdTCZyn;Az_oCN{M$>7%VV}4^!;xMyszOc zpDdCw?MOce9s~7q=|MtZBXK`NnVa&==Jh%I<`FUKVT&{GsZZiW>q2wt=PB>WCKEAU?>cL zzTKIpb@In0O>$E6wB)?9U7?wPSC6-eq<934xRQ@eDS+3va-J>RD#NLhirdnS{QB zOOEFfBMQwryk0UZ^J~)Ygkx?`d8hlI1v(Pf2S&ra;GVZ?zvK6-dfnUHS76G6RSTJM$pnft3V~YDMC)@VEZ$FPIG%q^drKCUNPTDi5*R$y}7*LQjSmcdXE>H zEqJv*X-S@LFap%u(R!B=w-I*34sh#tmOa1d{K*?%XsWDB)kDRBdFEs|4bC8R zd;acb_nY=p-jqUf_WG1JO8So=0qT`!R0x44QSMiQ!O#a}zv((vaoV^bGQH3Y!mIWB z2uq#5V@MbU!@+G2MOiyArkH3fOWbl8qoeP}Q)BDGtcDH8fiXs%#P1)JqLavpj zaw$S6LNWCVNfAOwP42f+6h#=7gb<1lMp97`B_T|@D54OO+yDK{_dLznX>9iQ`u)$V z&z|l1p7Y*k&iCBEmw5!;fhIE^Hm*`hmW1=T*FUHaI^P&a`ovoeK7S* zPbGZ}^+CohO_LsbHu2WRo$bh)}8cKts#uYsHl*Xr4A~y{t^a+7^h?k(Wd7Q|O^w@`lOYZL zy5)ZUU;CZ(I%i=6S?QHSBl4Y!E$lhSRAfeV<7`@(e)cZ!$Pm zp?Vfx!Z_q{uY@-aJ?e37e!mr4ojchFMJ>?e^SQ2p^m}gaa_a`$7mF=zAjhUM<-)>xx9glgc}a>rpw_l@*IhbYxSWb z?JfK<^AeBS4&GpNx5u^pt7;>5kwegV=u8y;ly&oxz~9^4ykvVhtZX3HuF90dwWNOz z%|qtzd3N4L@=OGJ4n2;JxsLJeD%u78*+#D%Mvy+as)4)(*Dr_n$nya*?mfn(Px`md zmxaG-Aho{A%s>A=yHGxX`HjcD&v75=!F#mOhiD$s_n)=ABxo07+`LccpxWM&-!zcp zJ?;oe6m#$mG_I*eF&o=(PKWTzoaheA(b zdk=kuK1H>dFIzjF;rtz3xsr@0ee^r_$Ki&9yt0|})kc#CnZNrxZZWnFNW;m*F*eTa zd1Uif>%$C=r@n6>g{w35;SADWj;=z+wRP`f*j_^#77(weV;*&2+5XqsMQU>cITda= zojT|rmXK#DGA@_&G*qa6i2lI346gO-pTT>kS4h6{xF5Rnwh`O!NJHK|W#>Cq4mQpw z;eHO+);YV7z80#D%-@e3cRy?;NJC5FT=PkL4}R>&22yX$j{dgtxVCPoh`%YgF}T_O z9_w+L>T3v9#NYT&4P3!->;$jVL>tQeTz5e$vzy{ z(118sIT$y-jdtL1i%5Uj>-jPbS@|0GAda$@egx%z$2 zT^+aQPPp<%1KDpwrhG3T{h=cZllY zwMfs~=k&jB^aeDD+8JI=zTKDT^mZR?=t(Z2j}zMIQOyNjLa{$2NkOJK%TVYxCVWGQ}@J@ z^#hKrb98T6*S*oI4W%bstEc)N?OHJR@VGQJ4co`Z12~rb9_{JVgLPjWQYkkMceTfz z(lJj;$k)Q-wohX-T>WpA3wYlg{;JGZjrIPORvb^lJ@EUCzfX4OJ9}WB;&IQ;;`ZWL zyDVoCZ;L((J()y38r zX*fiG=YuTkUDn?VI|TlwYBiLjH|@x6>v3OsM$z|9z3@6^we@B1yeZdQ8IMLb-WiedaUl~FA`_Y5Q%3*YxB%!CVy^J)xL!67N z_oF7^hWBhJdu`76`w{8aq7BHn;~e*#UhJo1*HCj@Zm#*8+N+_Q3)jxuzNBx04n)SC z=(z2$orE;>B<_0gj^!||hp-39zRlhZWfI(QIHDEeka2%h5dFhV*hV1@3F5hIP-pkQ z%AHHQh&5>_NBxv3-)W?ujgrW?Zb23L1lwAqVHxt*Z3~f1}tsqYF?E~WtW-}7iDGJl&o z?rYcnJ95m+OUFA;HctoCz8d+Jo zEH98|r&LMz6Lvj6^;aXQ`Ik?3hH=f4+ zJFd;|q-tYX?3IJf?~eAkw>oY`=6A_zlWYgbb)L2!RB|p zJ?>b?t;qZ?R;#g$f@|l^=68cV?jw#{k@;P0_r}~SzvKLFl*fJ2aVs*vliH1?+MgNj z6nHwno9=OEI_^AdA0iDqo8KktG?r7~X3rB=d))UOw<7a|=$?&bjK{Tk!nYpRt`k&b zo)E3uSU!Pk=dIEiyUK2;4$^T<``_Q3zs1;&KpIXaPVomfuh?;(u!!Lx&I=Li{gvUK zO?sV=UP^3SZr#xkdS+S`xfT08=+_e}^Ny;_d}*1x{%iBF#J-JXgU5Y{JiWT_Di;sT zaBX~SzIs==4*mM=uJS$FIG%ocVlX~Vy`${-7+>8)9^+o!bUEZ0AGQAvMsTUn{)en> zB45F^kUc&sx4iK&^>q_z!aa(G4q)Ts6*a4-%Te>QWYJKe{g2rCCej~n_V{?M$8F=d zLBu%BT049Hqm~UFUIad>r9%J7sb8zdIWrQ*aO9VuSf>UdOG-`X>2p6ZzKT+Is9e zkNbe*R%AVv*w{pxSJ~0u{92iMX8m`C{Qa(pT<&pgJ+{Bcea87)k@Z;O`zG=t-0Xg~ zxyOCcaVyf#hBq~lKXPyn_qeb87u*Eg_MuGqwuRSdk1Ep1iRsjxryB3acwoK_d?UM2Lb$B=I zUR7>9Jku_0ygBT}s&Xq@_-0j^gId?k=lj&$dhFe@<4vrvne?e1a2Mj&(ydkHsiXPc zY+@ZB51~|pkyb(*v28^f{wCJ__N`R>^|gcj_S>ijw%?xErI|bc*Fxprs>+^dAEc`^ zKfZcElYF2##u zBDFHyt?;`1QB~$2P;GlXvvzgElhx!sH2>9V@;aKlqCi@NtEBfiRxt6<{ZQNINRBCz z^Xg>kZ=K(($^NJj()xQUwX4XL!(rIkqi*OFl%O3f;KX#~I##{>vd;&m#umv3aHBz9 z=}r2Z(Zk5N+)Ah+ve(jJztOQk zejzsQqBKcDRsO2R_l*YJdc=Km><8QX&SDQ0Nhi21g1pj@^e3V-k#TKb{C;eYqqos( zsBs_OLv@Krv-*{!_RydYf1c|)dOa-qNRbSMYvsG_utNEWJS&iKH#>jVaV&*h!&ZLp z!MHGsIvkWh@Y9}SiNk$72ls1_%hs`mP(`>&xF2}j`3y4eqD>z6cgGE);O8>Zl;>{> zZdJxlD+ew?$j>nU@VI|xaSQ*ZE@p9Cy7IMhkVFyh+Rt#!-`&V-<;$(c8n%x^`k$To z8-{xkT&oXz!E1^R^SCrA4WR=T6v#=~d!w__F(>exMaSU0b@l4QO8kgES|t1Ko$1#v zBmD?88kxVgPFsO(J<{+qaf*RD`}wX1e&)GJjwdD+Nf)@y(y2xMB7JSX0kau0?ug)6 zs0X&b=w@_1+WZlhg^<>;X|5gX_pa&$BmNlu8C+|}<4HdotwhGP>pI6(s?PVs!bF2m z*Irz^xF~2BD;-zcadptqsYNp1D~E?jpF}BS+#2q@^~tL)!_mWNEb7yr`;)m=qV26( zLC~-3{p8A(X+?72KACcOo%A1|kC1VT9d`q^El9)f#5xblZf`aZOTz5}m(!XKmGY}g z9ke$x?vajrD7H>WLpS0++<35{UDGBRu5Zp{Akn#X*pfP-@PfwAG#geLufjhiq;&Sc}}3Ut1osRdvZpRoCeqW zCHoH1x#TnM2*(Yg;HQ3%Xu16z+`b-H=f?|RzVC7G&fB`cy?kFRl4YL1y-9x!_pn?L;eL<%lH-c?>z1z$1SfMQd#8?eUz`fGrS~;}!xHe8%eb7I$vvQExMKUr+Idt&2s}zL4<(0$cta6CI zRwPqAf2|xwd)#jvw<6_`g8RD1wQ?BiaW^_{Mam)idXaqMmBV;=2{g&$a?6p1(9_r~ z%;tChdcMtNwSS0^C<*rm&)+vme`lY3S>SPPzIo8Og|f)8_50iWe$u$spM~Ejl3nU& z+S^jbheHSF$x@H|XW%49GC|Xn$Bn{m4A;h?kKt)QnewnCeDu9ibD>>74j4sRC886LN<<6i1hsjeDm@5E|1IhlZMb~qY7n$<4z(j@3}IWQzUnJ{#v_u(&IL9+={e|7~ClySJz>m zp=Ug<-QQ7>^-==vTX4hakIL(~;k|{L7G}xLu*$KeK~do(lCTLQM%*vi@yzV?G5gFxHjL^ zePF%k<^zu#bzJw6($U8p_vf3|-rBo%oPzti$6ZPKUTjEw?QxHB+}Q&QZY+IY+*7|~~1_V&1^ zKaVbu5|2C9aXVl;18MjVvAzdlyd z`aR_3^^-BUS9)B1|DnFyaD>O5mV=x9{zIz|+sgs&9Uj-t+h~vbTn_F(J+EZk1l*}` ztzRDtPrs9Xg2#Qyai?IjFq7XqhId>q+4vS-R3vlY+Ijn+Brn}AUh%lEIj**g1&;jz z@onuh>lP~qJ#TuQC<*to9NZNicj14*jV)$8_R3)$ygxbD-+9~>j{7qS3B;B*v>;52I_IHmv!w__P&4Hw@bWVB=z9xd3&1tgGqlI zx=-_A({>rJWV8XAhYD=J3)YIfne!zZ}EybI^In{Hhz|4?TtLC8S{ivGxNu z9aMI|!0Ku0BgS)&`yT064X7et5*xRz<5sTD{scMz?Q=;LX?YTR;hWf7te+=?vi8y9 z9~a3Wk9#nA+M~J1xa}NwSq;{FHLFWEbP_tE8rPa;@b0-+`P{vOam@UUrix^o$L$=> zlTN=C$e-jh?p=<%cP++8)Ec!!`hLomjAeQqYfP5Eu~kJf6Rw4hr0j z24Rb%+mY_?bY_1;nKNKUzhYkN`Df$d7}A=5+~TRB%sf%Y%yRobxSQZwyPr@+rJtAF%>@UGv`8D6Q>T&h{A}!xnu)U2mEF#_<-mzcJ`#G4$#8(%|v2a_YQ!{@d z{io;)Wan*#<8H?G2dchXb*YRRv%zZbYhLE+)rvKYy|n+>nj-0+!{0s0XWVra@VAch zmoFZZ8$Ex+@Ma#HF9&*DZX4GSYK851)E#v}zQ0?XzZ;ytDY#Q}_}hzo=C1_J+g7v+w#9D-wj35A&0+{JZ|(~_}ewh-`F=ratYjMx+?M99K7pi z7s_iM_hiRiitQ`332i`qynWwVZhiVo^-Ae=di2{Onc$Vf@1&nMy0TQ>JyXxlcHI53 zm7=!jaMY2p%-Y)^=dbS9>wZCOW0AbzaZlE~Lqc)}vDII`dO|}ehV5dcVZ&zTwc#E6 z2dlsGU6H)!mG9-`8-n7}qL?QKSuzp+h4ava=_=~8381y7$n|H9)=a@@_>{y-Wk@4+5? zQ|35G$4Z-jwkoM4FY-YXn^`w_{#GZwu1D$+TRFVoxcg%(LK^O1ZPFsV<9VCECg|6r zKNQIoaIL)^M85XuWMtgAj{7jSx6sdMJzDY+*Rhtd_GKQj%&TWN)32v~E|Ob4e=F6l zp1zNuDzR}lIBp|s%~5-F6smnDFMT*GD2K3X7kYhHx$o2b#bI4{H}KJg)AGrQptlYxBnkNq^`0c`}jMxW75>@cZ**I(7~B@_TvXadc~u zEcCc9kuSdvYaL|VJpG0C_7t{7NJGJ%%$Ex*aSe>;S`TpVV)NFgNqUJjaKq`;tffi+ z+^7O+NNn6Lj(Zxm-bh1#;#~Vd`rKanyj6N=gAym&8GPubf4!#Y!+7Wd#-&{{hoTQFX8-%boBgMNBSR8-d>sc zaGwBH&`dOL@|?_v7{twky1pQl*1zoCe{=J|UL zZTjl}T4ScTo zZ2qR;p6YQok?#+bzjuZ^%yIX|)&w1fS|Fbr&+<1>Eh4=IfHy!5B0pA6CBJt7ux`jr{*~MZ}j{c#PRFVZOHuc z`=9%c6IU5_WS${|`aBAC5j{|18!+8lrGY15Wz?waH%(HB}at8RTu2J|YDNV{3;xA>W@Q{>W|- zIojhiWwYv3(se~zUtWQ8to}m(b*`5`M!p{8v;OP)4ZKR9<5wa*e{YeG+k!NNwk*t( zhp|sVE0>nN|6@tk`HSryk@w)*IQk5EW}=soaha~BxeKu^M;bnF#e0-<-2Z6z@yi~} zB3K|B_jB^CLEj?do}VU3=$2;-q|(0Cr3NZQJ~!q3HEt5_;c&x2Ua3R+FlvR2JI`^q zZ7Yx~un$MqA%7fg#xopxj_p0j$=VUQ2d<4*6G*SuVW$xr_iM*piETa7@FVforaRt8 zXZz~WJtH#D<8CAUF7=ovA>;nxxb3l>jLt+2aYVnz&gS#enM(DpIxTibrtoqd@ zx?gp<9Q8-)ukABW>lu8P!FGT5k4U`(Gxgy|O^;;%40ojCj=}aWN}*3tpO{FWK7qf3 zj}G>Otv*QOh;)T(?V^5|YXGPTGJm-Qrhyic30lX??Jwbu^ZY#)o~jelun1cEZ_;nn z+IPo(qX+x58d3*DxQ7b6`aN^2+Nb@{d6;BmGlv^MhusAylPNb=en{p!|o*_9H9UMA7=Q zeO^%%kxPp*=b<}!u0&Iiaho{qK8@LrM<=0Uk$)c6)G52)pDKxPOKzt8Mv?y4r>e+< z#K!IFxD)3U%Cp!t%*x`buNt&I>N+r18j+Tszi*I!9(o5E*UckCi?OXh8ong<{SBy@ za!A14*W>E_25ZRkH8O7RG%2_rX%qHeQ1*R8@fT!hfs>dDZxaVQ( zhb}|e>XPD4IdhjYrS%KM0xQ%d0Jz5+Mlg)-1*p+A`MOVElgh*9d~ruzFW&duZO4L zj)rUVmoLaSuTh?S<8kf&v^|?KULy@9#POoc_-f^=n!Hj;%h#Td@xHxbKtaGxQ@e?hDS} z`im>e0Y$8B(Lwy~*Rw^ge=u&MbwqA}YyFPCU-EeJoq>$YtuY!x`hL`_un$99MwRuq zt1Dj{hoWsF@+e%ZXCuio7EMORebaHzuFL!Sv44!-M;*hNerJ&5YCXF_(;pp?w>*E> zkzVWBcf`hh*KtFU>ar&)LJiQO1K8Jh^`VP9Z{}|j?pJVI=qDu{MEX|f1Y}&692!FX zu?)id{8h(se&sU%ar50L(0G!Yrs?hj7W`LUH_TabU={>bjv z+ePF9+J*HyHH*220o6ywWhteB85Hdidk548`P^7m{SCK|$oC$%GwHjbvygGQe4!!D zy$rjCtBHNCwPUMiNw_U22MgDe{#JA^Qmgi7Y-MXGn2v2eT8?zzwRTBRwlgT(RELP1 z)z8@YkT@nH=fkyrW-Wia!x07Y1F>?K^J)90 zNfN4FLRljXLrF8&yB=tt`&l|s9VZjVvhMJ>4ale55@O@tm?j0>wyb!YcHnMuA`9=AyrSO0rF z`$OfO{{-BR;95WP7QBV%eUE#H<9>tfH>9D~OS$)z?7YP~QeQo;lyZ#*RYg|5Z5?-C zY(+>zcK>DP&H4i-AyUY_TITOTQ8AUs*0)<+`I^7+6C%%$2RrUKY*W!}^gQy*p}2C{d1FKKp%&QMA`J}>K2#sYQ+>Ul-IB8MnUU_QG~0(lC@b!FX{* zgR=F^`d>LGBBy))-a`7j(Y?sHypml*=qYS3Aq}xF3uPr8X!q7!*WrbcR)@8GwO>!d zz0l(($@eb$1sV5n$L-gW`6?QNZbdCG<$g#W0vSBBk_>e7QswG7T-V91Ur)iE>2ceWz7y((Sm3Sp?Vm^#d3; z&mr%*9`{klO#}HckYlMQ%8r|H*ZO6 zutmn-Zy3MFl5d>Hou0*=!m;nN#`#1RSN;=`u*cQ=M4uzy43GPA7FWw-XZMMQ;T{P$ ztceM;;3d&Qk8AVuFR^`({zktd-N&|l;pxs_y&qtb`q77ZpU2(xaOQTXKC=3t?@lL# zO0XS?G_)tKM_bE&UfH-QxHoy+6G(q5>V}NF&T-GjHVA3BjyPBSwfj60=SSoruY7ML z{oUwcWZX@T`v>dGW!S$)Un0L>PiCFBQ3vG+&4 zk>4(sIIhhfq;Eu0p1->vQYhDv=LTflD#4|`^m;-3^ zrlHq7ZcUH-DfTt!OXPEF4==m#l7f2z+^{-AD5#ewKa*!GGJp3r?vd0Lj%%pF!xY-D zXFnHj{d)AGh@1Wqxb?J*ic2OPy*6ZJyfP}fU%Ug`Is|K05R$z?2- z`e^@qX+$pfxYI~K8|~UE!#%}u`?qF1MvKraH0lG!4Zgfd$BHd;f_-oO{aS2a>PD{v+Cm{QA(+m9O=a@v9>8FkClxmb|0!6`g>L`>b)> z(hgC3bQo%JQ06*J_lp95FXw$SV;GCrER%QOcH~zLcaVMz`Vbjc-+4g@T@|IDL$lCy zbkpZt^H>#>!+N*R`4js@NirsfM&wJcd~3AhemL|hGVYg-d(<(UEA$W=i$?LlVE?`I zB|bD?V)0=AU&~j=eT~Ga`9_##U@KHhe8dvU#$boRJJ`5)P zShQQm40nX%_V2|02zm)Uj(RY6h`q;q9LDf{Gn0aH(E6bJk?{xUe?5OMIH9@>M1zp| z`>x}D_-06M!G1p)jb@y|_c5Fr%pdg247DEHd?)%~L~ixC50ic>nud(~iQ_KE_7$ph zB4tcmZwvQ&Eey(`tE<1tRexg-abJ?htwEmsP!D9>?;N*rXU1W49y$|E|AF@*aqmc! z8@DI3XJ!8C`XV`r`MSq_lk^+VcgVP5{e|;Z^CYfcAq_8cEq75H-igK{H+$Zv<6HEx zh&F;5Zkjz!yCl8{MCM4pT~(k$#?-*e*jFZY3_y-{cDsxy|E_A-$HvQ^dyQ^<^4DYq0%^H0*wA z`P{^d+>Zp;`knnr-y9u+jQfk@o`S76($J4M*LmB%4tOad(>?Cxq`w{wN5-w9;~@Ut zk8KLl@Emb@+{CPibfI0Czps$~ZS)Q@F1HkF2ra|*CDO37>sQg2Bl0%>+WcW1`F=s$ zka6w$cHwEPt&oN=@iE6zr;aIGAM|}aG5V?GE6l6$w=kWW_pp)vAk-2Wm+7;H(7H+a z(gFJk=(gv}u3Kuk{@2zm(N`m^M>FlM8+oolHz4D-cige3^Ijda8Kuxx9^h}mL!^3t z`U*GBk8e!blRohl_gl2gaQEuUb$oOXGA^!Y2%U)SY^0$N@iYoAdw)mg>!WEGsksq3 z2(F#C{-nPeU5AYOcA6xid$B!?G(1i`kZ12~ePM0R-Y*n?J0cxC?lYu+3B8Jp`3XR9A@2TvS0C)W$$|*`37L9!6Y0mG$B}V&cm8h1_6Mqc z26G+c_vRJ4qh&T}*#`S<1WRv8f`}J(s^n-F6b2a z8+GNN{%X5OEs99qp_%gigFK-#nOh_Cm+TrspY#mLp4c@Ed#p;C^0oS4{>BzZWIwp! zbZTxjCtouZ@wg`i$3ll=YmYQ^BF;5`uytVyZfm$UZk|l~Zm2sle|4Tr2%U$mAJT9c zv0op|U;F;;*n9N9p1)U-{(3YV8MkYiB%!U<3S~U@Cr|?U+%azcpzoDTU$1?i{WG{7 zgS;}E^k1N_kZ~DuHH3O}XRjJPhVDj#F6SPmD}(;G#Z|#Rc(`FDIgvSpEaiTGkGq8Q z8_{ND+_+NV4mgYJjp$|cC|WZp!yTB#jeZ=F+u^nd^2%D$|A>A;#+?uxORu~4J3A=f zpSy%|Ue6k^E?Bq7iU@mnndjyjlkX^WG&1f>jyn?DBj|1P0vZ*~Jf}b1`8(rp)^wGb zr+&(K?3Kf}r2ifLjf^|bagRKQF$ncRXQTf0Gwbdyu3c#P>NUm0O0GM>9T?=5{-nPi z4M)aZ;kfmC@QgOAdj(Zj9uV)YT7GmSF zWY-Xyi0wtBVFB@)19u#U^m?K0>xS1vB>%7-xgUDmJkk*=#7(V@$lh?R{(i5#p7gKC z{N2rQhhcjJX;@4=n{sG5F|((vZBEO#BjphOJ|e}Qzbi<;9&JR%z20$mJ(sl-(ojtN zPvwwaUu=#@E6?A`A<*|%5A6q?pn+qYGyv!woh>0dJ`M>62~2i?GB{jL1O>@m%!V<{~p|f zu~f^AhmhWbTbNGGb1S5O4$VZyjXUm7*z(V34*}IYIh5WzD`pa_%$RG(+sC2m#qtGQ zYj2Iob38f`8CT!GN(e2+_65qnfM*_wk2#+5<+()Vu6O$y+TI2+|BdceEPs03Hspz+ zKFGMM9d|jlb*S({=H0}~wfEC^hT>d1Q{ zZ2r5&)n9EFC($la`xMI|WVG@`pm*K!y_ z`gr|fInMLgR@)`G9Fy+7$w&5GIo&$oM1fO%%$`VsO~`a_R%t4SX6srP_7#%2mM2o@vSTKlEk6K@*>=r)+EAI($7Ng zBjc9pFSNIgm$C1Ou0@xlI4_79$4yvM*&841>Tezw7Y9hcb!Z40fZ~5}9diGmJtQXt<*;X@l3c0WV~b_iBQpLjBK_xR6*BH@#~prU zb-4$n&AwoUoGE>Rp6dmEDyo8{-NL+ z_KZ+7WZeGgVvx}KYw;B|x{mwr(3)!*H<<(LI%~GO?mvJz#X#z1_`+gY1h-j`S9*|s z5PAR^*WMHODvH-&Fr%Sr0enxcgtv^#gPyGVVa_ zPdRS~4W&Oq{ZUWUcmVUhey$wcI27Z3vky`ZGN@Scj?DObCFzHuk;u679QQ?RbI=m> zF7nqG(_Q)MxT))$6x=#+!~Cw{JJJ^nV~j(_UFf*S$C(GAThTD2?^Ei^fS~nZf$JZ1 ze{vG(6W39H;o5kylJx7)Psq5xIqqJ=xxXH@L5HHQr!x+n9B>DD{TW}iDDmryDW99JIZi2{$^tSUSPAdUhh|`=Yy$ zaqT+UW^8|;MmJIykd8wIX9nCBgM;>_;}DN@P_c{U9It#&CVh8wAu{fvZaf~1?IH9W znu`4M7I*bQ*M+)oBsUk!0Ju?C4oT84Mc*Ui9__g8Z(@HPU4(id|NYS$UAxeJ{Zd%T zTZ(0@SH8EAejHkbjN8R=@4lI5Qqd>qeKd=S{O0$Aa_G**9<3KzzP+@3?<$t3;97k+ z;1>D^bUre!UDvzdR@O;qGMa!A?Co?vEZ{D1{ko3FJ+waDTP({x?x&<*gMLQF{lxj( z^fuq=32C1Eav{5K6?e_p!+4-KSbvj z%Pnv%oO}=Wexvh|TJ^qHx)%)vgRtF-?m_{-n76n-1?5%bOm@KG!WC=OxE!)?r6Z7y2I!2{=nU&R@J+Mz!4Iumnt(Phk#D zEyt0C#qy=cIiNNB2B^xI%;(~=bDC2(2d9PO#NmAJagHFrsdph98;aY#U*Z9IR z@Bi?*VU9(RhJ%UAd!KFi1LlREzjb)$?0!h!J)2z)jj=UH8V)1&&zqI6t@q<_U;BUX zS3WG3&;B3$jlul`ZaDqv7+VUSds{k&cdWllDSoZLv8Al{;aYq9oqUD&u@8f?{ndI_7yJGw`+YEp ztoD|I+YRpjx}L?B70V#c-~UxTOTxYH|H0qrN5wMz|H0n`+{JLCoI?!-pAlSP~q}dmGylr1v1|KB|TU`M=DO{}V6& zr$N%3`DInHY|W8>t(SjQIr(Gc-|grf{r|zszrLLON%9{+em-V8?8|p1|4ClH>~VX! za$A*#GW9^ylvfXU*iSlm-1~5GJlfsk{*{BPY07)Ac^K~baKk}f*%RIYsMO=82XOoy zg6%H!0GfJEewlhO-Sw+>y)?e2Sf+T~iR5_`y@RZNv24%~`WajG2U%mGrf3Cwowkpf z^tgK6IJUl6=D_Wk&dMGV=}$ygAmf%g?zh-}M|(}+`FzxuMY`SZ+U233J+S;vzi%r3 zO|h)@{B2A6uiOZWGMZYbUU*TFPlqO_-vg{%5yF+WN0dk_IL(6p%B0D>vy%sSrxR=W>;-2^a4cP~=U~?`pEy^&UOO-t z*X76(Im7dB5$W~)f}eU^J@16jY~C06m*ZA>jD1j^cgenwrHPw|gpVqbYv8sB@``@n zsD77dHS(FitAb-?+F?D8=Nf->zcM`!f%`CATh}%qeFPomald!m9@zS#YtUuL?~j+b zdadhPy?z*LRU&iYTDXbyBhkx9ty;b}1P2RRP2v6mbQRM2TyF#Ox8L(+2sgsT+Lp-I zaB4Zw+oX99eU9vN>*>~Yi6+^m_Q$zyP3)hil=IK_2_#w~m7|${Ew!MET#IA(qHOMW z9GiK*_V(NlMC@~|Zf+lk;6~tv)2V5T_)-rwMcG_Uas>AFs15Sl-DaFEbC-^0adJf@2$yhV1#`4*tR&0@uPx_|Xl;kXm_!L5@@~#d0~e;ph%zW1RA2 zrbxJbi9GIc#ty6^V@Wp=DW@$QSC0x_#XcV?bkcKJ5x$2G8 z$9Sg_xdE=V!>38V^zD3ki`cmPr%4iO^hbfLbKD<^wcl7-TDHHm`*GqYl*k0{b8jX6 z-ze|Npx;%0YXsc9%Gm7lrpWg!`NF|5sm-zdQ6psjr1z6J52e_SL>i*Rxz?+C9<<*} zoLC}@J%2iq{xmcM>3O&jf7}*H!F$;Deu`_LNWUvu7znkVbiWwCPAiemJ$y-9xsx(-=6EOgv^u|1C7KrbPGp4lRc8#}i|dctky{GCtw zkI~=AxXT^)%IWm;=s`3Z4Qh~?XAXQgsE=Jq+d_}<{c%q|OdoV1;$Qmj zD~}LrKCVEnR3l*su|MAGInZGJad>=*yybl^eJ|Qx_^}_-Px~bP(dB9=_^0JRO>lU*{Ml#Olgy4jdgE3bn-67HQb6QC_-zCAqiGzdv>gA4cZ`;Rj0OSGYDG z>`1=e=mKQilhUN1A9%oV6U61s2NMsLNY!I9=TkrTM`#N9)T;iv`(yv{b9do$hbNRs zeK_{HpC(=cUIxRb(OdW#}sAEjpg@bu8)69dq?~dp`yD7|*}Y$g>)K zjkLPF!5?(jjq<9@;5sVu`>E6;C33dsmwn$;ThggtZ<3!P*HEVa+}Za%Nuoq9_qgrh z>Gyne_P91Lc%#QI(gnMQW&Ez=$PA?4#}m}T%zNKbaBugx^Umkp(C93W8%~oX^eOhW zNW(_r^7_T-qa`vi2e-G!ZTequ6L4RHYwhu3cvqsh$34Sw`*DNNNbL8cy=Ikt-gFCN zvzCS3#~+(mA|HF)iR77vUP5->xKyVh^b^!c4l?C6upUzyTEZDe2IP>eS{XH+GkTQ zj^jP3yjZL8SHXVNrS%;5nG!j|<4%~xnhL#!j9WkG@In{8OxYt1w-WpF74z4)@#jnA zc(``n?k4>d^ei&&49EQd+vjK_T8I4d9q8Jtoww8rC32R>{h9Q;zruYf$haRmZcA)k zkcM8wEh+ddy~@sOw{vHf$c0`xTtxcm=tpGSpB#7otK1KOn$Bhpi&|0vYrFewWOFc{ z4R_@mdzJCT^LGI0C!y)cxE-{kp`JB;js6;4gnFUy3a(Et3;eD7R&X8N{EfX)B3nG} zDAIq3zC_05)dFemt*l1gmq_@yOg;OB^m%Xao*`sh z9#Kql>tQYs8-0#2E6eP`bf z8Hc;i@tO0#2HqAFelx>u<+zt(yAF*;w%6;UKTPM*78QGctcW zI_`r#@}eE-pC@>zMh@vLAHwr9{x3=y*is_to1v-qC_6@ z{5_QPZBRR;VHxcp-8ZnVYLR12)vR$knZ#F>$TM&(XuGWSHhX4BtslX0`#=BKE)&!v z`Kmd|(8*OkaQa4i(hXRqook($I-o&$n|1&y$kqC=72E~jg|Tvs9&d;V#=yyv)(v?i_j zcU8bC)6ea+UBbO32RG_*2mcq`6x=Cr!$Dp-2Hv$iaM0D`+J4oCv#Q8A>>8dWF0Wn6 zh7y_Mag(Hf7rlq99PSDJX6SQl-ysdZ68rlkcAmDk%Wq0#rN{l7^fec7O#~VD0mr=_ z+wEu~8i!W0L91&`Wj5O-s8>B{m%3g~eOn^GdtCGPb@CZ^w&PaB-{^NG(%^(l`7Va{ zIa=j$=QwV+cbKOl4ObBV!J0GsdXxDpKa@z+;|?YL9cUynf8G9SXePGBNW*Gk|9wx{ zGzg z(JG~Kt;bnU{@>7_i0)pLGrn@bX}pm2NDfv_{1zT^V&lHU-35?+;rSgWC|6-0` ziS9*O>YCs7t=_{Xi?}|8wBA;08Pwgvxp@*UDwQQ3=i?rgq$TMNN9so%($8~#9E+_B zvc5{qG4lW99sV{et zW(*pK%n!SM(e^!_8%4e!@xw~xI4}P>9KRS{ip-DJ&W{t`=NSZa4KjxM(VYiprJy0%r$1&bgi^@-y)gLPp=vAW6VQ?9 z5aiEGy3@AR-|hPcJxgV+$L&J;E78NqxOY14wVz-|ThK-{hUeG1Ux&ZVILVI$BS|%KHw4D)2D1J-}r!1Io;!4 zO!^UMJTk66XG{oviS1jI|2g*$>2aRfy6N1YTnD-OyPbP!sr2)>HOW(qS|H>0ble2C zX=n+06Z!l0Ev_kB&*GPt$~d@T96FTo^=H!W@dfi-WZY-fTl~En+wUF6xU7AaAemy^fPtV2f&7x%FiBWENLD= zNu->9{9W5$S&yySD*7R$bBf8-5!tVjY^BU&HKhHFga{h|A-~MwQB@9OW?F<97DA zX(&H-S`Kh`;rgeYx0~UqzxR0DlRfUk*fs3TUm0C0jXkcF!z7Q}&Ex*ta)`ri3)jNq z@Sa6)Ahl|{XcrtTSg*FVJOhXPcG~f6+Sfg$G8B%Dhdt@ER54`rDsWHA>@(=`T`Byyd7R(A!dd=C$5O96u9d_4|G@pHa%hpoO~LI6*TNU@HlQs? zt+!GiP6`ed)LF;agd)hsTkT(F&?m<4E0xDR&Y{21hm)=YQqCQ4!j5we$1XwFAfK}g zPVD|tdBx*QyfaUpM5j5<2sqRs4F#WK{|(jRMU*~g9PKAOzEr+~WA*%E@?V9nL3$oW z!D*AmNa!YPcOwnw@ZDEF%lc27rzYU;K_6@9_dfD{f__ED?dG@|UH&!qouR?VKff#8 z_+4b4aT~ndNcE2IUs|1ltCrq1uPM=O@ShrE%r)QaKfFG@Y9J2*_9K8}464 z=I^J$u~0W`z0l>TKT5dyR$)Wl&vH|+zHi8TSsH2jCrYKx85!=)q#ui>BIADJxGS)& zL0i#}$mh1q;-;P~m9yZ6gS=ApTgna{j*R=8<4(f%5?YAnAU*$ouo%$3VxU`h>3+73 zUx{Z*dADB1->sytypi=KGHz8@uX4LhAWadDQc_nDlS1$&KG);k;kY+o8|k>?h;woO(;_%;v6u_5y_~onpRP@DC=>a#KPR$-H>Ayvrka1aRYY1KTcY*Z$KH&Bx&gHMZ z=S0t2d=}*k*V^$w(%*$1MaJb-5NU3sP0YE8bvHVjaR?5@n-23ybL&r$`UKlr zq~TW5bPNaAb*Anc^aaX{{~FvU7=4ZXvmD%w9@p)2SB(35sqDiuX*M4J0u(#=zO+AxCrhQ1#~ncWAt;WFtLs%ls7}q0jKr?tu3BaL zaV-N4)(&ECmdZ^zxMMx8%}Xl6jm|0MyK^$-FbUpl^uEXKk@iqRO@82gRp@xs4*B(U zjO)M5-{f1RayIu>SbaU4^aIiD$jV`&<1WLt0c}I=_NkI?Uz-mM`rGNQzujJ6=atIM zJu}?-^p$)5$a4(HxVi2(Uq-s}o@7wLzeP$0Gc%y3IweK-o+DM&+1k8=UNUfp0^&^n=E`}O)?OQon+ zX1>sm^l@~P<|Dt34_x-q5PAmNTS&t)J)VQB^X5tV`L;1mdfYEa|2wMoSB5(D z*e*b~pdn}r9cbs0z~51>|21y>&r(?d*Xr;6q@RkWA@g^z<7%`ByM|BpDF6AL*k7em zw|AzW{E&Pb&|e-GS2To<{+seem!UrBCKjUcBZ793aQ<398LiY@ZuYphkbVRjjm+QQ z9rrP8(~*XqeZON0?#pmH26^Qr@~uU6rN(w{3s=t;VOxQ|N9$0va4;TkZooTmcMYzK zY~{T}ZP>F3S7|O6{3lZ%8dRzwXQGkF{N3uf$K=(JF6at$G1B@wBNmiH%eetJ#Qagm z&2Y8mQm0R*{yszcAJH$!xG%70P6(ZwUqkvK4VM%9>$9NtW}f#+)o3m!!L|ABVA9V< zNo3r@s%ccHSwRhHi8Qn(&c(HLUwpUb>F2j>{?MNEr=o7ixV;_sd~5@ehO3EljYD;; z9CmLm3v!gh5Rcm~xG|(+pY96DFdl*4Antx!4C zZ7xGSZV!0<&?O$Xak@l<`PseLH587>y`I=!zI!*9SK(S1PrgUdQ%I|=_GfPYDerY` zHrEU9+g#R>FYGcN$llY?oAYE9Y4m(QL%w5Ny+4v;8?bA5bWowxYsUJBHG}`0(PiPW-hRdYYTWcygrdd;OB+;BQIb0qRLMJ)jc!VojUN=@(||(LJPp6ir3Oea~^{ zVtXGgN5`}G;y<@K-SvYzgUx6zMmkKau%s??r4>mGVKIQG4XiJCe>{o6ktg=JEhs z>sQVq{rPABGOoS9@J?(Gqvz2R$nRH{IIj5{K9u(FabF?*Qj|i*y@I(cA#`xH8gd+p zq3+1PA9jYDj~h2}cyrn2ajz%+8)!K)?mWlsT)l?$M|Ytc&~5E$Q-=oq_CT+E*%p*o zYud#{nfCuU>3={!BjYwqyDOpNYSIs)nP@6XFh5un4Y;u%%3gnu9ot+U>6fX$^=j3S zR;Vp9?nRC}cefhyDcWUs+Ax~Yk87)!2HdG`{IcuWv6Gt1M!0s~bUe`c%qiqE?lM=; zD$);1m*&#&;!HW{c<}hX`SOy-Ep_Evk$x}%_e{7gg3l`R;eCl#d)#1{kt8-3gN_C1`DvC+b8_t|Lrx#I86d|b;DKVuekt7sh zBo(44l-x{&5JIY(Fo>ckN{TQjLJ}$=_5VJz*JH1<%{^WB-(4TS)>wP3?|Jsx>wT}i z_nlw!u47I#bylGn=h!Rl>zSlE3u!(y_x>h56Yp)X?b*KC*Hm}fSGej%z)PU+t);oLi34Z&&AwR?|X5M8GzItFPRAq;n+xf&wVt$Tc7kib$k^*yU-L| z>ev6r_?rvR%gE)@=7$zetzecCz6$jjn^$VTMLJOb({S55TzUTTL(+Ykg)7freogo` z6ny@2TY#H5r_fvuSKTk9*^6?k7i8ACUn2h)LW|33PT0vv?=4DTvKQ@=lfDbbd!b=S zsIQQIxJ2as%6)__LTixhM;PAFt21+{U?k%GI&;odok_gEl# z=aXCymwV)GIc6%y#LdKa+hg}S%lcUO{6cg5Wq!WtI{apP-tS3Vw-e_<^ca%! z6wVDEC$yZf578F%1v;8}=_uM~nQr_UVM3 zgT!5gU+o0S4sC8n=Q&utZxiodXc`ak+r^>8Poh~!?VV%o-6pJ>9`{K6YHNAsVV!5E z*eXu?oy>K)xX@e(SLb6<;&()6Bjv8N+@A?+Rg1EUEMvk5xEd;V>{H|%ir`_#P&y9kLpr%DAg%Gpn^?9Z6z$#~3MK{T+Zo3(~ zs?gj;dcE$!=lUeQm)wN@&U1ZfxbMK#^8YIPG2TY+AU$8>!aNGHH9YOaGxj5o9JB>l+O-k z?2S2GZn2xxh(fc_;g&y?z6?cCkQ*oLQZxbGfR;5gCV}MqtJ7F%KJcjsle)IhY=^7m z;Zfqh#QiL}r{!|V(#(FquSrs*)hJfw)f60JtU-N1F3FF)XZM%Z^q zoP4)Ru37MX6*}LGk18}B9j?qHcarv3hr7&j|IR!z4fj&GI$kbUr@$PDY9O`u6U%K# zSTPb8!(Yc*aGd+d;g`I;mHeIF+nettZYVSp9PY`)?}EA`<+3GSTT>;bfmuq17)J3p8AfMi^v z(7fgFmI8U0G>;;+^D2**sb@Bok^2q870G$4%cmNOong42!`1Tj1iWX_JS0x+Oj|p% zaqc7^#Ua4@t8f z?LunrZI;{WumW>B8i0DEG;K;F##*s3>nIhx^@ykFS3if9qM%l1e~xmmC;mNX8dB~q z%YB`&HRwmQ2{k&_-?u->+N<33t%ar;++hCxN;>5p<{d0Ef0KcHFt-(&UU0RX<{n;P z{(%}JWp?S~YK0^G3=ryGFZnWH;gyqyPFbAL~ z*XNmajK5N0#x!-ync)F$`kq2l?P~wJX+9iGTIJTHP2X2OtP12q?A}6iqQhOyRS&Zd ztdYa5W4ReR|3o>~jQ4=J^*9~i#^GM(aJ8Hr=WxRTZnk!PTY#H@d!NHqdrxw>4FcS3 z_R8iJw;m_qz6w{%?-}q$p>Ynkk>&nISfvI9rU^O%P3g?{n7*ZLUm{}=Z@p66-{k$w z8y$PQ(4HLjSgtvnbb8&M3)n09d=~Mt_3wR{KTA8Af?M|*-`?}#4M(>)-1(OKJYlb( zRpS3p-gIaE@95)s?ge|R*?iFQn|`3sv~jqfkY)?ojnv++E%&e^$pdseYKElz>ii)b z;D%=unz+L~h4^QobC7aFtTo|60|>hciMs(`>f77~UcVV^9}*98pA@cFrTFe5{jl`& zV;pW(%Pp&Yhy=<*8t!6;tL5xohg;opGlud{wsIB=a7~hRW{0cxCLM0ke_(Hy05=Zz zh!K81sJ+iQ+~)s*z3~7y0k}Mpd2a9aNsueChUszzr;fYy==ARC?b^9FNU%{HI!#&(`GeG;#5aMO4x5_n- zaR1%m)@;Za8Z|<6#hGz=M~|CdLRbuCo8PUs^NXQ3Aq0l>0kF%?L)k8g8LRoulw=d;k>OJ`xTiEp;CD|lroxz)7ats zO#0tZrN%yoA(gnihJ>|39gw@8oq&^?L-}zyU5V2ht!UzNhGZ}%?~P*$O!ElitRl)H zWv5H0JX7JuT$5T_-o!p-y$z0zhlA_lGT*Y7EOVctDfjZlmEgPMH7~dP{e5Y;-#Ogd zd*&F?DHnO`4KCL+)B9JBm&G-oF`nSX+iGv^;sPV8gY^2Uy)IXdm&J|2Eq1tl=*L8H zR2El`m&J|4?dEVF<@`jC?;{`Ncv;*e+$$Y!kKbt<&^T0h%Pu1Ob~sSfvCu9@gm zyT14DuA3Y$iyMRc^8bLFfcv$>{o>*r^9|a9g86V&oeJg$!o}5Q^LAPGn$HW(0oVEE z>~PADyUyw6!%-Y7LgHHPqnyRzHifJGerw`)LFXXXURmetN7xW_73y@K_k39RFmF9# zQlP(!f5H67vG+!<$0*X>jDlRTb27(M7nCZVuEU)J_Z9Re3flV~ zVV|I_Xfu*|?cxSr{>}~LZ*pUySp_$ev4ZtW;_G*vB*?Kh-+ix-p7*y$d#zG%DMTL``HfnA=12n7Na1y{As!74Z`0=wfHUd zXXugMxO7#3n}&PX^?rH!fHa?>ttiNq>szr|fvJk*`!a5QPY1Zk?+Q(8hkF=l8lvVX z8~1d=yP$$VJF+dnHCwpP3-`aR@5|)l&bS1eTO9lLS2;D`v)<^~_utlcwKEQHg=6Rb zDyM0?MP@8$HpOXdvD46 z^Z6WYQ^ePOW#JzRO-s1i?roe>`n!uRx7m}d z622Hoeci?SyWStF7RZO>Huf39{r|S7u^-u==GeEt%4rJj8;*Vd-}W^5Q=!@H*tx&T zY4~UMRWT>3mART__wU)}$@BP5vA86hW8i4{*-dy@~Ip-*W8SU-_7Z`!L-9Z-1EhqtLwV*tfsxjoHIK9LK)@Z-1DE zcj##Udhf4%jPEVvd1pT#2T?DEp{tQNw|-}v|4iXNsOKVPuw&o;%EtsF^C^yf*J9Vr zNZu(Btk>fRzZ;chXQEuhEOPAJU-@WqBIZlDEp2X0!;a~!K|L5)pOSTshdA~W5;qUO zB+GurGwnXfG~6mT`_B^uzh~}TpU~g=o_RbsVp_q~dCwy3(Ec&l4!_Q^cdfl2;7`e7 z@6UVf{-C^wxfrhYXCD!N6?w2aOFn$bv8|T71HWVVuj>FhUQfck&#`y)s8FeWZEik% z%CT>dxNZ3D>;0Ac@OIDMMEQuB=j88i*l}PB_K6|MhXnVIxNRsd^whdM(}-|!&F~vB z2M#_TwWpU|Ps@*(&*5tOd_3__L!FUwPs@-@sCCsmGmvm`SK_<C^tsb4H%wRyB(4K~|E{bvwfE+Onh&}! zIbAVgmcvyi?{^%|b697PPTB>zZV%!U{2#sFaf2kn#SVy=opANKb%l2>>Vq^NW_eLV zR}nTIiMtCw+j~azx|vE5)8H1LJB|2@&}&G!Pg(9AyDOL~$FYAHJ;HC{ZfU??;JUmA z_CfFdy>jD~Bj(((KKCTjbVogra^JArIfT80HlQ^~p6{)2JbQc=l{4d8m*yr4XeS+R zs1^30qmXjfS?*-QW}!FH%cwff0VH{ePR}E9%$g;ox$y%dX3#j_-d~8n2jv{^bM1|& z(7}Y&LygeNm8I|7#RB6$b5O)gbGU`1IT@XX)ZU6-R~1@H*gBMRLV@`WzvK++@%Pk? zyK+qbLrOnSpQsTrKRMi1q&Wv&fRx+Va-SpYP4pT15V`eOzSS*d_|NNBGh*Hu@8`oo zt=XG~ijZ>KSndGAu0oU0c;s@o+xn(lQ#)b~xYh5^A13~DXg*TzJ@&e-AnZdVE{%U4 z*G-?7)A}~MxA#0m8g5&-T8}pq|3|a~DR;KzF6N`D<=fDXqRPm%w~M`QT8|TlL`)KH z*h_0_5x)sK7Ad!;&4*5e^+e(>!*|#5)!w%Xz4!X04vm<%ti1FkISBit z-MKd}WD*?DHqTId)3)77!0iNA`{Qw>y9>=iYVUEGGdH2v30sM_pfAvx3k~m*@YZ98 z+WdWP6Js~>EnPoio`)Ou(we=*uNo^bHIZ_;?BYUE!rGuS(J4s2vmpD|rQJzbuDo9% z^WEGA5mWbeznq;z{0q>9NV%t4?q!6HK;ov%;eH+cQ1CrOH;uCW@sSa87F;c7H<4~4 znv9g&*>WEzY%vmd#FM;lx#3^Avae9yZxlZ&V#Ye$w@4@V4p%wcCYJm0rW~{0a?|+o z{IA}R)9a??Aq{r{TpjOhBK|J48>zhmEw@%X_EI2mh4__e*Y$nY%GLfj-7sRlb@I0b z@q3_ik#c#IT3qOH!rn*XzQgZ+Dcm8Y`^|oI-m)(%-IVJ#!7pb!h+q3ep2b4S?Qgjg z2%C?@t;Ii@7hQL%%`skLvXd<{FL~W-pDmu@s+#Ea(BzIlRWN0 z_|m^k!QSy|M8o4)@P|fV%{4 zmrQK-vl0IWbQ@AG#XwxBYJ2typ<(DEG<+ueA7}B737$urWa~w`Svm7536sY~%ofMq z8;CFYFbQ9||L~fRP?E4YNL+*7d70h(jZHW4!!uC@NX~ycy!u|$%tYl?!rwtlB~CqmzEXXxS10s+ zoU!&1bGO4?Py9V7{}i8lnZu0{eln`deA4C4wfU;tWQT}Z16S*BXVUaQ=OM9o2KKVG zQ(Wj~!o=N&f49VO?2YhUJ;?{Hzu}W3=DCSJmrn(nJ!p=@rP&sj$p`PJ7suraQ=D>R zaJM?#@|2~6&@&E~W<^{nuEZ&e8;9G$;mUs4=V1QJ;dTpfU+0+YhjqCro4;yr0&b&8 zem*GoZHIgQf52T8;3nY~IQI77{Q99a4p;jh5AXdeaa?=7-1YM}1@{8S-gWT4MZY=R z%dNe;`3_l=j@*ky&puW9zVpB~rN_PLQ&`V&xNTm`HN8mJ7il@WDUc6CIo6JNuDvC; zUTFTBj?4!gu6%>#deV(?xMKs{dpR~4x!mpnZWwO)yZq}W-yfgYGS58haBaI#s+{fX z`{OaVZ5{4X?0p-}cDOWo;!1J<-Sb(R4{^979PTuj51=OUraoJkQmej5Fc!>vjDhNvmh z^2@ejaiNn5I~R$&5Wg&LxD)L!TjNbQXYC{T~P?W6q-!!4TPkN2*JHwKM&xTjd|-Gu!UiJOJ*zE4N% zvCP|k!QK?yOWfj{E-Po)a;5-Rs-?EAa<6V^853K6jbrRwL|CB<=`&m+O|_ zOnK-TF)JNzL*k!=u0?7uTl~d^b`e&kGxwHJT~wzz@5iIj7iNV@-nc~VjrWe2gYNU~ zjT8TB^b}I=R?9u|OzuacZs;`Rat8*uiSt>{aJY96e*yXlDK{kT2=m^!FWj(1#vMbtGttdR zxp!D@VGo|uL4(i*s8l{&TKc-hu8f$q4)+P-Z$t%W``qQ0yNIw==tuN5lJ%`!4ZQMj zo_*d~^C3ARVrt&++gtY>)@D%*sl6~1s@O-Hh>qx0=4wtY};_}YjW3RmZu z^N7C$Eknv}Zn+x?+lIvL!q2vkSMxVg97+Snj8U?M8?7E-(k9#D~1Qgmn_B zZ#^&buNzC&d=wyJZiTD)a3S%>qWh8B`-|nSB5VWt3QemYG7p5kbsc%{!32BV)ZX|V zjH@5;xqC=+{CT|N5-GO|eJ?K5s1IxZ=xo#lNj|jvjw9s5JbT@go4$u}3EZ%x#9d1K ziD)uXE=5yZ=rzLLMdCiemwrh1%Sv8|lXYqtKZK`7%zTHtnfUe3r>{rKWq2Vjbjbw; z=2r9ynu|8`?Aj{wSa{*2pTE*h#%Dy#EY_sMk`mWAUSN(xXCvjlZnaMBxaT|ECwRss3bUERy(9~_9pmb< zxJkHEvv7}dxI_L6ZVK*dxM6#Kt>K-8&T+WIEcarq#J+SSE{yMv&pc~=ds7P{=4FR_ z6!ANwZb-S)Eq4@Qt-8;L7_aoP4J7Dvp{ z)NQ?Pm56@|IvpvOSJj9My+_z5=oj<@a`Rz(Fn?c-m?3a0cxla-ydP*A`WY#gDkS%@ zLOTg7XBWdO;JaMS2OXz|U*mqi!`*OEuBkkbcWNBEkw)F5;TYQcQcayZQYw*dnxyY zq~A;|iJ0DSyI4cMApTFN+#sL3&~lF>>{N6f>VcMA>~Xifz?_-|C$V=24dsQzPreZ` zH#zoRN&E%qEu{8pIqPr<{VBQ~-Gr*cUGcjy1NpGa2+LJ_&GLx(#Nj?d{1?!2q})nU z(70}c2h(4miD(>h%R}{XrPskz??lY+aJBrd;pHeFqen=m++xf9itzNF%9%g1i{CC+ z@<5!HU-NFn)PBh4J_YZgLHTB$!);}`iwP@#Tn1|@98s zPY5b`hVKbC$um>=rowqAc;6L%iu+CNh#&qsV*UxYVtzH(<V{52aVp{@7S6lWrCqi4E$3s~?o=!?U&7ULb|LYnp_jkl)*r>a zK{Oa$h-R^7z6MEqHfEzY-<16cvK|#LC^8ji`Ss!l;_pQVU+;4xmiy*=dFE`w2cmw+ zZP)8m^y-C<9}-oI%;9h~A8sc8@95wgeXibrJZCg^qF>REX#5cvc5IHRHJ|y#0I&Rh z)7vX&>2Q(h2{&x>_vA5*AJExI^LMSacLZU#qleJF$lZSzv)4`Lh0?Cajwmu$JNfVg z@t;GBka9n_+zo{Nfbwsl-^6#hT`X7I-$eZ)b3a@yX9c7=7#)U`yTx*2gq?*hM7@#Q zp2aO!o);E-lMRZ@Vz}D=4kmtn>k4K(zH)!H+&Y9mM7X$T@nzpmaNnf1zsVzu%twyB zFA@Kf#UZoG;Z~79Kzkez z=zPL1LE^5#ck|bydf#ct%-l6lR-oKKES9 z-4*9q<-QfnKTs9q*0-KRy!Kt|Tl|~K##7di+IxG(LK8ZN_2x$QfBNye zWB9M*DBTB>f;-E}-^1XQpmQAVWXpYyu-DK>XbtM#nD_gV$I|W$f5Wr)kOp>MSXgA< zhO700B}Egum3Lhswf7;*^*rz2@i4RHukHs*!rkI<3*gm7M>^akmfM!F(@}Rcy08 zm)7(m{&duRg3o2hC@!@04(6Mv?VYSqpfv67>;=55ihgL`sb2fLhJKSvX_B!b^Eq7Y zhYp-b9-yc0^0_hozHmq0N85q6OofS(hp`{^-14R;8~Rqg=8t#cM2-zCG7TT|xyMdt zzYlr`X+8|L{pLFluzrXN|H*zXH18_bx!80q=bvVgLVVc=BKM$Emlv5fa5Wz$5kG~N zAmz@p+#6;v_C?~J#Gl1At8DvuVTwDBzUf&KrmikB{o!i+@I3KfL9Zj_?zG$=2>Tsn z+#>pS+FxCt^r-&$H+4;sxe2b;i`)m9q^x&j{;8aI>mP*m^`eF{3dsGNzj$!k32q1H05 zpTFFev(&9cW`SdG6XLf+9guRrw%h@PU5&(z#+Ujws~r_Ve)JK1rGj8kR29-mrd{(!63?FQnHM-z~8 z&#~NTgguVL&BK@XpvPJ78|c`p?Rs)rkqOWC$2*IO|33O1DR+S7UhxRyR5Tq;M)S^Q zpZz&r`Q2vMf9ITM%pb&0JwQJMSM7b9_^Z)JNV$67v@82iHW9uR<wDu0=SALZB9n_QSCHDCU;VhJG02FflIbz+{5smLjOWC{F3wT?;Xm2kFZbB zW+Z#}5@f#QVbU`H@iFb|Lq+C?EOu@ujh_Dyk5{Iha|3oJA1*SL9{0=9L65Ot2(?1W zWs91)(6-s!_j#QADQFscpd9P*jK`O;ZZS9M_2XKO%-kZg60TmaK2Px88Z;a!ccA4y zMA%DcHCm1&59WU0<-sUhPo@7FE!XS0B6G+Seml6C_yte$4i}`{k1aP%SkWBj-KZx@ zd_(V_bxV9$WKs_Ikmq^!2c3eH+gS=Q<>5ZU zW}_F;;Sv3-eZo%P>k@DefH{FU#H(+_=M?MEt4f0f)QLa_1BF zCVCHzKf3hyFjocgH?@KG8?M%ib);$j0(}(He9(FI!wVSSqvC~>Z?xq{>f3SUGUNPM zd9R%5_xaM_7MYhFd*3GhN9a?eT>Hv`&@1OvG}{Rmw+CO^^Wgq`y>6-Rip(btH}7AJ zhfxG6ce?x_e|r%&1dT@tB+p%qiFxhL9NX?FH~xK*`OV=@C;qX#V{k6Ma@k^;;qH>K zMT`s3?qkZAx<3&a<&8g-o8DSvidmD>{H;%#uBZo6?h4CoIy1-IOt`p7_-?vqvF37nHg|3 zAATnO@9T3-otJ#>I?L@ySa&3D0Dk+kC}$^mT)l38=ELtr<^{OnOl-#9#GimBA+`5c z%YBZpmyx)o_zCKTK1Zrt+4rBMe@pHzGRxtrTS@%&sM5>+c;r>@VBX_|eTDWQ;m!Vq zdb~QCw#bkx3S>SMM68{L)7zMd<{!zkPpwSn2>ui^XJzli{H(W7l);ZiZr0I&zM?vl| z!frql(XB}AZQs)4POkR@CS<_LVWdTKI%FF0VemoQc(pnn@04 z5Q+0yJ8VW=aqj^cocU$4z8~oe+X%(sybLGo#Wlx~{%q6>$#oIVUEZ}LIBrgv>N*zuM=rxq`Ynp@y@wA}ZI|MjHu=5u`I>iXQV zOPQ~tvr%WXq!(QJSjpS4t^eyAlryX4{F+706L8f%bbF3@0(JYUN~Rpib)&5km-i9j zzoKdrO7A&Z$lNB?JZhFZ`5B`=yYJ~0j{G@Tncljqt?y^!mo<(zEuv<(lb;uIKEu#R zBQk;^y-^TfZXXpiH@H88z29+(o2&4ZZDfJ6rA-g#CdITt@qk=AF(ssGE14 zV%A=rH>Zz_nz!MGy|hO2p*HC>ANpHvS^3Z5 zXZ`%ud^pbGUTe8!52+KP=4!a=&Vttq^+8gtq&!UX4(1OaY&gocKTg}NSnH^n zorQOu!~5so;HBVwapl%c;dvqnU+_UU1>OZ&-v?){kg~&qj7NbdOzlIGWE&( z$@7{V&-VOIqQLw9T&zvhoZxVi#Gi{kaJUOBchFmm|Ii)i7UXhE=sTo6QEs|j)C`BK z?bCC_e;2)v)ZSf|8-AO$awM)T{&p5Tx7+qfnBwlFeQL~FRH8%FJPKFmL8lPEAMfn! zgRfkcnZ<=}CF~v~?m_%)-{GsY$?I3lDN*wdTy^q2)5l2jG?GxcPGh`-d0%quC-f_F zuh~$_W&+OlaCH3tR8<;E+GQF4sePV#CiD*b5>gx&w-i5HJEG(CG~C+H?|*KrW7Kqj ztMluc(@MWjRL)!Mm3BJJv8G5|6yJT`*}F=6_cozDm3A)$cL-cBHtDa(H;18m$jt}g zHXy7JiEEBuR{I}5HEQmM+a(j5{WV;lCKK~A&#DKxZ*%MeByI!#b{71D``+$s?)7`& z)1qc6+*l?y-*6+o`(7zGAGUJrSIZr>EMzLw`zyBsxhDCLhWpF^Ab;bhM@@L%{?FeO z+)i-!cmAe2Ma@XK`#XOVXGG28PCkskDA#D)7%UHRX=id=+@ttqm9sS5wGP)T=b0Q- z9R;~{2|F6KK=Qq5mz%Ktm5v7!ouj7G3;uOeZkxZ!ofP1P&y1QFTy=5}S0v8~i*w3v z)^R(_+!+^xGu*K+_+1Q#Q>vf2jXLO_x3&j*-f_53!i{-<#!Nkxcjj}>-LjmwL`iY{ zQjT4W-1?QY=dJb2bcvd;_QQFH;T$sGzb^ahykl^?!qxM>hV#+)wFk@5IF8+o#7zsF zx8|pwcercROn}=c6Px~x`0o3q-Rm@)W6xXe{QkLSYL@$my1tfzy9jRBau<>Aj}vmt z`K`Tqy32i?WA9q-2l(0gFBxA;I~eO0HQ&M2e(@vX>-PzQ`S2yjwpybOImW0hxA$CFOD zpD>=OEho;n!}Gj<_w^iW814v%OLZ{EFlM{m;nwv~rMMEOtadR5_eqCa<)iZE4xZt; z)8RI>+lHP}{L8P$uab7o%eiKm!)2*A z!(B<(r%2o(yn9ieFMNP|pjyVn*Ls|WJ17hHYlqt^Lo%Vi!%g&#nn&PjdC>Q`Y<0L4 zC2^&$o4o7A9owtTZ0E|fXGyr9Ib2;Q`^n)_O#i}_wY0LhDY%C(^4s;D@b;qIcfI+n zlwT?4jGOaAgdK#k-8ZVkyhdF7Jk}fG>G=o8;STR_jl)xL@7|ww_F+Bae_@DaikIox!B z8@nKCZg#jmJLa14^x3zgAXl#MaE^-`iC&eYgudq;5?`V((|vuM093noyFkXOOss_iBUm^}>$A8EWfrAG6%mgnfo~pzqPDBmMQ{ZMGhZy@$}C zq%Mw{J&wJ5iC=9MV;7|Me&yKPoN#d`;AgXUKJzoNH!(13TF~FBJCXROq0UI!F)6=Q zyn{LC5~h7kVo=mvKswF8;C)_6C+Tq^xz9VCwBl~WFRPx$E{U4SaJ4?U^G-caZC^7$ z`_BZpa}M?TLM@x(k6;-{&NB{oxx)?4$JAcEf1vDr%|jD#^I!4H=Uv$GEOYi3P|)6o zIrcOXx18f;jg#YpSx1Arzw;ph_j-rBzw#jocj5ma9}<_c-UYXjy&x};f3LNzV3y-c z{%)q6*)f0UTf%mtitkZ&QO7Wk6{2N_Q(_i-<3yd8hKG>9DL;Q}5I-~_&m4}gT&4ix zGUK?D3GaqFA*};azN%TSwu9lzxqkpR;-xi%h(GF}D&}f@<=S(}a3>Nz9o>V(UR_TN zTW(`2wUl2oG-{G?TUzcD#D5LFhlKkr`EZbTER_E~<2ck1)j@H_h`LW@ik;sanpe)- zr*cKqGFCzXj?rC0yuUsA1 zzcRUk8DqKc?#?fjzmmt|K~1K+h*^HubY&!)QwRy9 zULTH&>xb`NH_cydcM@>T65rmw@UB7EIb2@VCN6XbVY869x%k<*S{{-&lfMpkA@N^D zOOV>D&wmK-ZNkN^#Lvc6d(&|HJKQzI{|^0vl*_hpaiJRPc-I+fg1XMnDfQmGHG%S* z9uqZhz}0cdair;i&PS4y(oRnHxcMUp8-pexX?ItI?Y(h(%~FT*uEVk17kR^9x0^=X zG-|Nk=ba)}GJk&SBgzNL|CqfYVfIAO-YujIT>7r}EY$EFv`3Sp=Ak$J>vSh^??*F{ z+GpFZ{O1UJ6|F#G-_fkI%60Ez?TgTc$EQTi2M%vFaX&_%B9w$)%3z0mR zF#ZJ3-l5iBSx2nSg-uS6nzNSq`FcI^C!+_Da`nD=^pY%XxIX{g;7uIt_Aapv1_H6Irc ze<@mplzX)04*Z<`LFh5`AWD+K>kjhjQcv5D=zK8wbkv;qwm%;HkocRC`NHR3V7Z5W zNq>rNLL*ULg>q&y538hV@m>bo&fUj8i!kxi3!~;nhg+d%j(LbQk05c<&Lur=zPqnN z&Rtwz+9Gk`e?`qaII+zC@w_GJYu6}m7RcWxOgOWweai^jVENacMt76t{`b?^$28WY z7e&pt4tFEzzDL`Tav!%``O`Zs_jmlVxbYWhkC*%PUe+1RM%pN(+~*vwu*D5+oPFK= z$li7y47VHHh!@>dgjWOAcDOvwDK2y*VJ(rkUrsBZwH_U_$>Sy$v#-wK#z=Pt>Wb7} zK06~WGatCXatGjNtDnk^zr=hCu8vOz6aQxPPo&(Xmiz1`_VS@RU$I_*8tkEOdW7e) zcyE98TfK6t?MeJi*7+Uo>BK(|%|y!GYPq{N)31KRepB=gDk&^ycC(jRxUrd~pHEA! zkD6X9{CeN@TgE)-1|*?U&QA5Xd2`d)49lc;&o;Wj2+bJQB?c`G+@TCO>n@H5ce{C2NX!nXUGpDDQ8 z9d38h^g;bmkSlgxM));o7!vL(>X@ASqyRVkY1AD3j^7U6K>XX#Jt!M@7U55$$C1lT zTCTn)IR$rs!~GZWSD$ajYDgIvjn zOYQ#6EB3K}GX;0GWA7o@(Et^qY}^wG?~FPk_qwG5_NG3Mnu_oG`Fk$$FGj;qkb4th zQ_w@`0pxO51-RzRsA&sV`V+Lw=ItcxfbZD{j--BV@8^}V654|Jrl@%jP9qB{Bu+bYHj?wMREcl1dB;NE61Edn z+sfZS@?OrCc8q$d9jA0)TuIYw5}Tvuv6a4kM-smoY9nbace%9XY-<}t*jRKglD>aT zf6u-&d71t$YJPJ#4-)4w^cqr5{S3zBP5gm5#WvQ0ek?tHo=aY)%N3hLR{85GHHcFm z#gLq5EzYx!#|a(w6LSyL1~o@+|Fq3sU)iU4B@IM6zu5F}xV?!#2wjboJIZoT{+Tr; zbTPUBxm@#-ch187n)tEG#by#*bvx$dnc<|l21&Mwz4ktIPA(6|6(Aj#OPVCRj%Yc09aW%xl=30GYBs-QKg*3=hr~g}ym#ua_HHJf+B?Pjn}5sR zB;1!Bd$+>-10Ar#=T5cUc{_Rj53NP-BG=xqV=vq1P3%ze_kF)Seo6cvQNb@hSIgrw zguRGXqNT_!HxZ}YNO?4elfMpk3-NzLpFK}A-d6@^103y7g6r50r_}Y` z*Lr>&?!l}5@)+D-<#PYd{;Jqf#il!4b^q;o$Kl)#XMdk}0`43CgY%9zEH=4o{{QEl zfYTbz{yy&{+-u>+?1kB1*E`Xu*u1zO&N~Tb$N%8GQ*fgn?EmvlHZC?-!fk2uvkrB? z2|5KyyW4>JZKv{~b%bq1yU;e|wl`gz_9oMg9aC)PINTb)(O;toQttWQ-wZ7!Y&F`9 z(#Yk;9j>%v@uFh039h>QT2;(D19Hs{(n&ic_8#mV%sG%_+NY*SS9z_UE?A!>-G9=K zrQx)L^Y6;F!}(k7n28pfk#J-7#DeA8<^G*^EDiUC{czr*gI_o4uZTU+zC}-+YKoZ9lo20|- zMEpMJ5~N)FyisV%AFMT@`RHlnauW_$_6sCq#pVmR>Vo4%vA3-8qG?AyuKR0x9WP4y zx*k01cri};ex%oOt>eYlv0Klpk(a(yx!%`!F#&fr+?YMFW$@ObpB=7_Ltog#`Z-#I zRv>r$HOc0eju%rMip@`1?ER5+YVVEzg}rIGE!X?@{sOQ3UhdB#<=$+$l}uGr6CI5j zAlKfcW3P-C!<~xFXt?Th{B<1Zq}`G0W7kMajlawp#bzGq^t!n1mfB<6ty0%T_E%`z zC*y5(H?khzRP2HKlfw;;$Hbm&+ReksbslWG zGyih9*AxGCG!-fLa1_EdbKVh#(_({PZi3g>;gqUB`z+^huZ0`4Cl>6lUGCrMufx5H&8u+L{kP{G zgH!I4{eRwZxb5NY@AHoJW}XDMqdoD#l&j%r1d{UCj_b|sS#hBo3A+u6y9@t>u)nUL z?c7Rk{;ZY)a$d3d7hJtha3Ap#^>fS&eC67)Z|D)i<|1(m@U!i!9>;x{rW{Yg{Q|D8 z3vTYtIJ8@?S?q96$dF9vH;$F(odM#WU@<=1bCV~sSRh=}hjHqs{(9ak@K&O=4!51e zBOf*swjG6XtD3#|6OQL}n=wW{tejb8>tQQy`W+*&&o4I3;fCcmu7EUS56&~S@iiYh zd51z>8dWh32^SZ^A4yEsQ9JTJP zVh%^a`yA$FZ+%SH+tP6BeCC&j&){uAKWE|oMp*gsRn38@GIH&$X1Vfy%uN1XRBSrJ zwPOxbi}**PqfyY_7KELI&P832yhlO5^ANUNxi9-LCm6rD*jx=amdQ2hC*zPfX$GPo zSNi{X_cyuTTGKEJAY1&MnHzhi6f`v7XI_%e>z#_`xt#`|zJe?K7p29!q1J=xaV zZG`Pb;wpryX4Zyv&y2F0720<3iej_T;T90T2C9vedxqs6L)ZyO+}hW?zTw|-Q*gtd z`}X#rh;<-sM~B(?d0HCo8*pP8D`-FAJ%!$PxWg>>feN(W=oK^{x$~ZFcAtjM z(_+^Yn`U45`K$JBCY@e4K3gWPRDIi*y>Ylh;KnjZjoAvXe8sBfP^8?~E%yz=-a}uZ zPmybH_glR_P3)CS9q4k7qMmx~@ao%^m z^?jJJK>r#aU2G2B=;!Zl(i~8UJ`@GHM-Wzo+Mw?S<^Dlf#mXM{K>TduS>?vY7Msm*)zu_^JrqL{D)!d* z4(2^XSl=pD%}C_#Bbm(}t;ED)bI>OLyzeGXrLBzP@x{K2;jnBcF7ymxFC%ep;mdPd z55&B2Rq(vylb9dE)&6QF@jpbLBIP#8kWA=1!uFtw1zfAss${sUPVl($9zbDhc@5uH zY-Yj@dudHI(u7fCq}-b=_f*0LpqtQ0)a5bfX5~mn|Gaj2)?gH z@)`2lcr|fnuQ%pne6{lhj~CiYn7V_iGFAxxb^fXQ6qENBo2kzE*CKuk)D9_^ zt>@xGYYF=T9Z;>R*^OVl4dsAIubg`_P`;AWS=V>C)k#yMxPmzpU%3$}2ypA)n_~(I z7uSs6W#w!5fnxK%!!0iM-u=+r;kLHi-+7m3N6S4EzbtMN?hj7>_9Xs5bSYAMJ6i4| zgguLvqgT^F4aL5!Ku7|PhPc3wGq!0rP&u&(!>hWJBVH@Mp0G$MW!HAiYMuQnGK z>hur#ICLu-g-Xt#uAPd_FP1aA>^|EXj8dvg1%15OG~DcSmlJ>TzH)!IT!GiC zUez3f8X`A;BiDO-mbJeLKT&Mj!VOCz+=;}m^hT~Z4PUtp7&GHSHxPCkx(C(f9sO?p z&a>A|@}G8Y!1gh-A2%3EPguRjfgKp5?m9^PKX1k;I&0Gu`1H zNPOwf>*6c-B+EUXuv3t@F8F0}V^7ha!_{)ullbxumkaTg+ud@d9*?x#cl(C2aj8Kjf`{c(qDw-|<& z6ZWCywjs{H%Ll2);b&+c;A%c>B;6LY9cey{wf3$*xT@KN_Mn}}EoUnN`}ocC#ioi= zkE_*W%!2A5t?Z%EJAa`Q)U>}J$yRk=U+r|Gp>#{1#KCE%@f?7WTm?)r{<{`Ych zCK7ksE#7;v{@wKsFJiw4Ty0-FU|c68?;dr}A5$w+{dJQ^*g>- zi7%!J_bTsD{!fJMLGt~djxqX}gZ=em8FPtCFD^EBI=qUttC~4SR4|9&EALt_YJOwF znxXcWl1FB*jVy2Gkxs8KO^mow>jL|FFGL#dV-9x#yqD3d z4wuvW3wH^}%c|$G*NV-T4)-nMzmGm}xb-Yo`lEG(i!Z45#y6SrN5tgelGhwIG$WWIftv`zr#t_7#)K&e_6W`7wSw{ zKO}A_{+QOrBzU$=u9rIfo>Jn?Vlx(QI1`&SR^mT{o=3|4)80erPms9w_$$)b+o+rw z=#+=qh2D5Iyu8@F30KQQC*lu9!;x~kWk|ddo3O1&T$MW9k6Fn)<3n%0srG8Wkyy#R z@O$6h8pLmanj+=eavN$#*cqrh`lWuTRQt5b)`cJGWSa7K2ze^?tFr1+HGVCB(m}FW;cVSMEZ~tyGX} zJ|kS*CI+SLxn>)hm(GVh$9ndr;lA$J`(eDC`IfZbJKW`#yZ6={vz_DO4&eEkC5QUY zZ)^UFy^;^%)!e7u>gU4_c$Ml_HC2(?%jFRlDkQ8e64w*I0*p8hHM`G+UP9PE`P1>W z>?4M&D{UR+c-Kut$-&1^6XrQ-_Pn znek!2KhW}<{JPlef!in(n{_baFGb6d+S|c$zauO^>~X8%hqH{^^*ia|Z`4NhU7{W)IwJ-U+DwktRG9qapW^}3a(vpHl(o|#KJ<@UB* zdrBGaAmT|osr&1-oM}G9;jV$J^~dkDwnzlhLhcLt#0Sz9i2qayulxt|qHX?t`+3A)f|en*m#LMw&|1R2K;pi|pT`3(L3?kd@T52%-oyL_ zuC@=`h+n0CRdWbZuHHB3Ojs{;EgFWZZ=}zBl5eijPHwm3V42r%z>avi60-xYj4@|_f5h!AaUR0Zyd(`83s2UYxw0%=bee%5)=K=FAqB;T?3dR(#v>3`^`x= z=9!v=i#r0JPZ607$Cd6cq&(ar_U4tC8{lerXhQrbYL1jkb0{u!CSkpixB>Vr>-qO2 zg5@DqzQnu>H=K#h_@DS!qA^IhZM|cmWrTf)_M%@+45WcHZL!9ebQ7YG0lGR z%UR7MS?@*1BITZBxjhIQgsw%yQ7!t-)M_suN-S5$o#6vYcrM51jwAk5^Z-)sg_gUB zus4yockwrdsc+3n=dYIEbfpqA2d=uc#Qy|+g>+nYuy-)$2MIgMzdt9ziOMDBW72DR z3Xb39x_iax?~UJ0l@e3)XP+Bz*+*19nUiUxe1#r7K+$jfCG}F<8 zNb^zceVDMPk+=o;Wz9EY1tn&R!#xOl>V~VB7Y?cN7w$3d^d|S?YfiiQ&2{$QT}C~w9SrdwEa#VSYpOF+~E9M z^Fg?OXZ{^KsKmVLaPP#H`_W7kv{&-=3BsR|INZ;Z{zm6I<`u7gsl6$-KvJb@NYWY=e@*gFpWQU)>pO9`F`W*%BEoex8ff}JBkZ>b0&(7|)efg7H zy~GT0xLfYXGhf%_xdIgA?%yfNmoQ{qsd63(g@N<#4 zIDWSBtKT+@Q{>wwNiLGBfVU5{=kb5s-Gtq1`zhkbM;N(Ntay1{)aLfPV=fg9k zd4{%iA}0{!F6P)$B<{C5eCvU7runPo_Y9lA$wO!#;A%eXt6d*S+b(W2ezx-PXFeQC z{yO%)i#?yBUy<1R6#bCblABPpF=YkyL|xFj82fM9dG%tRy>1l}6mhOwvQCM4-{Iaw z{JYQ`q+IWbXA}C8u$`!46ZW(t;p(_%O@N!OTVft}xKZMFME#L+?emDCX@t!|ub>6U zwKrm~o7x*coOTDUw!g=>;9W#j^Gs)a<(@`<;6kklA4s^kEAh*$$KevwV3$As_!v9B zL|-H2+9j<}ZqusfU?i>{zN~)*-(Pc69XtQ4S7J_vtFAl^_@-GoW^*i*8Gp!i8_hw2 zD};DIOPC+o_6KP>n<9f2TmtS8xS9`*v7-nzLu&6hFKXya!ula`gYo5kF#qm8Q|yQm zGtJ=+BmV8^0i@iCmV4gO+~Y%&(d|g`w6+)C6-Txbkolh7JmzG}5M1@}3JyYittv+8=@M}s|TZ-Xq{_lYO@5Ns!vn}++P!(9aLL$t@?7F%xH zNL6zV8iFoD{kw9H@m#MxJI~Iqm76LqF|~g8uiG@@KZDjHwf98JtyNUjM9>+i9TM(5 z=039CGSuF8RBpUkiMb7~&aX!heTkI zO3X6H-k!uCk5(b&G8M~k75Hlt5QJy4^)+`D|JoSDivwPO{JtM;a2B|Jyx=kFcFe;lnx%DqtSZO*+z z^bUFhUHT38#g1j~I_<-}Kz)myQesB_;d86Czz)<4DfcGJt=y7(W@tQ0pd<@jVK$2k zx64hX+nw;4C1y5Ub-Rh5cN}YLNSacq7ZLAZPCdffBPp}8*H2uyYl&G-dhO3gwBcKL z8*|LhNbTY>iVH1ZZ15TqcN>jES^aqe?(Yuwwb#p;*8RDEfP&nU2zz9ycMezlS~k~o zD>21;{OjJC^XZGmAeT!w6Z#inE6^wCLnPy{Ep5E=G{M#@ou4PqDlz9d+`Lw_b*L2z zaxW)rG@6X=K*EjDM@l(e9N?NBCFT}~yNLMjpzSEgJ?8kTCWgAA(~)a$2^CfNf7*L? ziFp>T_K(5$q04ob>n8ai*XuuiA3EH$WA6j`>^(zU8P5mp6|TD1!mQsp<596y+|PFX zIebousl3;>cWN@nh{jFKE0a5uIAyi7F}TOWwRJu7?IitvlGx_tLw>gJXPuhsmF^^* z!T$sMQgCO$)p<@4^G;C-3ffoa@W1va7mmtAW5Jwp?Ek>NFkD$V(fYq;Q;zxO;vBOD zxz`&jLLYN%MF(%ZS^FsV#ALbNI-XC$Z3aQl`&!ELt>|GS+=Y}+x(IQhPY5$7Fy=%B zXv#qPzkcj-qrHpS@v*EY)*#E$y~t0;-U#vCd5v(jy=uX+6Op*n@yoQgH~H&u3+`Y~ z@rC~TqFip%XL3wG>btl>_+@d^aC6Ja8GEifcASSUM$+Ql#6Pyr&AXbgThYBp+Gu$P zq12)7)cy2%)OR?xEjKfX^CWr&30*jKy+08;vb8+p!2Ji*8}(y|m_b;?G2nAmtuux&I>U4J2-*9H(wKxY*+gTihWH7z=Pb9WOB# z!0nQWZOn(n-;OG^@wqG;iwlhS1Tsl8;IxX_?f$TT2aT!P;+k69MwoSpS=9sk5GDlwZJZXxMfqIM2f*Qtfqneekv zpM&|1U_HOycCqDExk!2z}0bJd(w1AJ&|&c zx7>ROdls!kOVRKP8CS(UZrtX>pYM4aTw?m>`P_}f-;Q=6<(_W2P1>>l23?B!qgC&5 z-9NPBR);%U%I}a8^8{RNzeW;&G#ZPPtK-W@33~&5h*qKvG)_8COjxeAU+K$B%uf#Y zGvW{4S;1_^S8ji6Z{-uKnqt%%m2Xn66n8imO!8T|$^T>RT;Qaf{>T4m+nVmJgd~ja zgqHR?8%-D8bi+Q*z^St-WdCu)Q&t-3H?$rhLPP5)g#I1#0@D0$RO1V?HcZBvlBTL#bBu4Nw)-Titpu zATA9|2(oQUL+rzjhdlS=nDvvgj1T_NDLm`t)`zyFzZz}=_3FCJ6T~fn58+*y*n;|d z&?(=HkDcp;=D3;lzu?^|Qo-kXzajmPZ~)YMRy>E|JO2vi*>F8v4aS?C=XfU;@%ryc zk&bxvxD6$Jy-yQm6kGM4XT9Ty({Nw{>+QvizsKf>cqil4e$qU@Gll)9dc4}NtJ7@F z?=5=!Gp9DV>l{(Mn?3n`8s8k4=ke0LnBaSjxOc#W_t=({-(Z+=sGK_veMI`rpC!tt zY_%Npe0djfe}M^QS~E{R-+8`Q^J=zc9E$%=+c?@AUhN-}NbiSBK)p=gP4IOmE(a#V z12Fp<#!b$djc;j@b{xK!bpyOwzB5QaAKn1Gf0Mt9gdfy`MJuqPdTT{<= zCp%u_HbMKd&_k@#731CF@!s)2c!Lk8$me)%8Ok^K&gfEEe)M>2T5q*>tT%!Q?b!P1 z&yqJ4&hJ>B)8EY(4L+J8=Tt~Mb{=vS=?BAH&~j*Oz5ftbwS85|f{S43FxIkCcy~Yj z;2JO+Ofy` zC+VwRSyk$TdUbx*mAC=$INT4}Mo|v6DmmlOv34;dMXFYE^Lqp7 zZ-Eh@UVFXYHW1nNE4=J#CU zE{05~%_P%%-XF33neooT8=c9#8gGWPuLRkr3-ko_(iNKE%O!3Rd<<(KpY^}Q+nsv0 z$a-fS5Lr&*&-gv6e-{6i>w3S z)%vi9^!p*9i|b`g#ROkH;(~AuTnTwCX&0@W{8pdj__aRxU*dYFC%?T&KN9W(EeGv) zmJ|00?1mWR^yWN^xwXk}iuG!Jh`gL4=~dkRVL$2XUd8j{pkBJzcz!n%R{*D9&AmvF zLw(3E%Q-gBw~Vpnp!1#3;uN_Xuix2ME++lu&;r!U<1r@q`Vw~+m~cPa{d_RtYA3%Y z&nB4mX6i$1Ns6q%tL6JB>8HU{pkDi#Zx(SHmhkVke)l}fvAXMFq1RY%^pwLg(!UEI zgL?J6@Bnd@ui=?!DE(Vve0=NE)yZ$v*0W>%+3P9%PHLirY)0y^PZLN7^=duKA?_vk z1m1^GChyMYJl6ETo3#G&|G%(f^sN+mAFrJw$d{!58TNyEJ2`*TcR@B~57$CxSj$+P zWAhuc-rjXe$r{o}Rxsa5a@$3S^iyCCs8`4N#ID>E4Bg>MX#11MQ?GGsksP|l(-+zcZryJuNG=^3TwzD}2GyT~P>pj-*tWJ@G9&aDgkAMiM zSLbIx5hvGDzo8Z^-NmyMiz#2u12#SHtP_~?&G>z1@2AN4Q{4P^CjD@D0o2>h=C^>j zvfarmG=L%BiH!NusSn%i`ol5rhuqJDSI6U*PBE73GgDQcf9o`Tu&Q@i=jSb59EAkh%?T2A5z#G`6NZU zdA!$?{$>~i>Wx_M1mdQ`9GD5_ezw`1?3=b$VC&hj^Vp57!+E?5NWTnLfqLg!?-t^| zgJ0l+aS4UI5_SCQ4R1=3T^{d#_BjG&Zg9Qxt@mu=E`-Y=1HAc7D(c-#J3iGd-z!Le z7d#A_-zC<&hPZ8T5cWZzYbb|or+kygy61&v{t(^5^?JPKJm7sq6?-segubBOb=JF` zxczWJPud48+R1!}^@1VPhlWA!8!FAS9rTgL8{5Wpj_StXgdU{t3j-m6D6`(T(fO$K zeZn+oZ=f>a$xCXrW&9~=Mn%~IJ+^>RH`@^ZEe;S?x_3Av~CE_%^$-he)$NYOzaMm@0opgCmDPNTOrCd*zD>2F2b3m zWSgg-HQwOi6iGb8Er;s2@Qewx1NDxx-kHR$hF!27vimX*>+R&TsXcC54xytd(iyMj z_b}hx$rb(kDy(Qa=gh=XKU(j{JGtPRLRAw^=u*O*TDu*?>y@* z-;aA?!Gy+a&3rVmpX1Z^ru|khF;zbCltU)z+e2?qFH5;5_?{+iJDk#=d#)gdbCd21 zoq6*R+s~SHoOnN5K2>}*+;V70`YWIxsFzdbxcBw}^k>lTR@VJs?MKWJ>XnhuV+k_P zUhhBFj%%h$54;*Cl71@81iILGKbzq64~b)%`Q&xtSAh3km0*>Z2J^k;+*H|$x1sqrp%3YAhvA@JeP7bE z#4Q37-ezmwBUkji*Q}E^CLbX`<$0!Co@+?|4djD*$J+d!Gl($@Ovqwu?jzaXzVPwa z`ErmG!Yq%s4e2LB`P*Et&J!0Cw-SDXJurv?DSMuCU&hk!3y%+>MyWh+=$7w*+qpLa zHiG82Z9Ip(H)b&B6!0c2f-c)>2XjhEn0aFNq0anB`-5O|sx+b==| zUn1@YIDIJRnXr!e+$b<@U{KNiHZ@hE9`7ZjZwk#py|zvJx)aw2Ofd7K;+_ZB_7%f> zz~iMml7Z|y*yBCb=GWOc|D8*^;(o7Ky^@wHmodg^{WZ_+48wVc$9qOG-fE=V#KN~} z584-)t(LDJ??ZUC{;Ky*kC)v|@Hrdjzs6hKb7#k%Gs2sP*Kc)|F)uURB1};9 zzS$vB$7}Mtn8d-$Q|0t?+;Vt}^xwh{px!RViud#!*4e;>47O`~vAz;2z8u2ARJj(f z-y|lqApH<{7Suby`N(&GxP%d$^TJt>&pn5^d$~qlJ3$(*cjk|#T`VPisAZ}g!CTJR zS4_L;#6DMpdiDMTnBr>pb4`9N}^OLrMKk1n(nwz3swydw9Go zH=A&rx1@e2igznse|%SwoA6D96&~;T&S$>Tcd$kc>ChMoHjB)wR!ZhEKYxnzJ=0HW zzY}hqDy#g3%lAh1=?z-Gw(lsE-xHN@1aF1&3YYIKI0tyVdOl&lQhalwem#o!2E1Cn zgYZp+S3O?8Er)%?RUXN6u5ck#A4z*#P)f=%9+zwGl!NKl&HX6;_Nnp`Uc0YcL;3+Q z3bY)WTki|RErC4v0P+Vh9v@{aqI`4hJj#^sZtALZNR^-PCOi8|jPzAUas36+}zc?7Vc!7@i3xztSaD`qy^LVKeDt@I9zE$9jJ!?kJd0;ZDkn zdobRl0L}Y_OkFU+l!LjB9lR=47U0cr_LXX+uMG`Ay`!Dad~Jxk22AM5c26qhOP}T# zo&Qc@a{NA@hp$eR-#y-2NIx3Fpx*o9Ch@&M+^b;13bw{u>5}5T{_IpquT!}Gu4SKF zA9tS1GyU)B*6VDX|DLG+2Jzm7*E?>m!@C|dzcq{To~ZtY@UFqD_1DZxjCZ5QtLw$y z{GMoD62@D;u3LXU#kU)ddc3u5e$QaRr^a3M4bTAcS!Y_xqOTc;mU`;1882d8=_m1O zIW!}EXXpo74mxgrM%;IB81_Re&ao%7W^I@DR$%L|nV*^U_)zy$8I4!R&1$0=3!omT zSJ(Mdi3>tI$jd2RXr7v9^K0G<6+dseE>+(0l*85R(+dWIdQY+CFow8^@ElBo8GI4* z{zOxA!%=5z+Hw5)0p9(daxlkj4*R?W>MgFHJW+j+>rgc`WJ%+NAMXQr z%Q@dQK5ov(yU3GYzbyxwB)&OeyTH4?i1#&|%RJs{|ARM#H>ti`&rJC)$5|n_4X=EvKlLE-Xkh4XCQk)Yl>jgY z;=LQMmTy~}ogv$k-v-v(lQ<2xJ;eJx_##E0W6|@h7~Zvb{dR{z>>Gts?sm&T`<;Wt z`Ny)Z4#QwjZLTGK%kN2V=a~X~y+h}d(l=E`G<3^hHR%sSy?b2mUC!V1EhO$EI3>(F z0(21O4NO2Y>Lkc0JAW|OXU5Z?MQ=-$<#_GfS(=c(C3FHU-`A}-MBE@42X{h<`C0O( ztbNl@PKi4G&e*1<%x!EEyFFDdIN$X?Nc!pUBB*zz^{yiBWB3-n0OKt{(gknzN1U-< zz5XGo($C}FL;9NIxUK{0eb0Kci3`Da7-{~!h3m~NnBVZj%aJ1amEoMX;PpHE%EP38 z9yWn`^R2hxc*+!J!c>T`fFEAQbt--@VVhkq`KhsU{uUaQDyLoGmcxgn{|5GgddqMe z2)?9yS*L^mTneFocs}NcQ?4mR${~DLs$_e-tw}!>d=p&nS=QV2KGwToDa?mF28K7! zWo?i3y=!mI803EFM&e#S)5{1!KVm`=Kq)=PqTPiy4X-!}NV zLdfIQerF_c_rjAf3BuerqT^e(Ee9Qs{r9Iz2(Px|2u-I$K>g3Qy*^;q{vw z5pqet3|51B^*pQoL%dfKhCyGbM1ISiPa9@l9gRBPdDLGse~3;^mD(4%=K-Th|1eAg z^_~|0i{g8QxK;2qL#nP<&o&n>%VyY{EadRA{Uds z3k(PKp2ued-wVXO3Tt5n81L+B${+KZ`pcjDKRp+%UjKqr$!zSF?@sdh6YK>ohtzlu z#5e7l((*U)Cd}ua1@Cn+(?^=198E=-j#Jozg(s+4Re z-PfS`(|$((mf7}7FZubg5Z)%q?)O&jw;peC^Sl#z!+7uYc+Gpp@^S9=cy*p<-ZQq3 zcoUwaFiPqVVt7CDcn`5(gU1*HK+A!{VS=yf_JLfasV&YbU3G3OK{$Oo; zXWs9$f}=;Z{|djw{1LC7XXlarYuE|u&9+|i{=K8bn@~2l`23ppCYpXRv^-Vz;mwGr z=J%^ee-7LL>h14*=G!=p_vAgn+y-8N9Ijm*+Tt9yJ#(FY{6p4r=+ZvjsFYAReYMy$)tS}W`O3ihRx?9;?}@= z__&fYhfS&HI18fAR`coKo+>Ln`TVc-C-_yW9L1;M11jMb^6@#CV9v*xN|}(L4P^4XJpG@sf3OFr?&Jo&r@-(a{0G@o5FFp-gUruK~6HI;S=lBZM7eD(gDQ3T#p8aksX1^f&?JTBT&S5_-mplK5a*5!r zlJ1sEeSB$<1zIk5*>bswxRH>33FBPQsasB|xaAVt#X2WG4O%Yuv7ZU1TqYOu{bYBl zjAB3SCn|5}o%!tZ2==pxL+4oi03|c>D+wWIl z2KS*rYgpQrdto{|-*J?^R%woX@aI(7Q_T0fk$p@s-|wAbzF&y_>Si2YF1C_WPok{UYo)zL@=P_3W2l%zjb!dyW0{INVP95pXByaVT*1^Nk~J5|}WR zt@evrC(KsgujA+9&QExQ@zgxNLi(3sA!t1_*XIaj*AkZx<{0EK$@2QN{RQ`?N`p*y zKKU!@55i&4eEwteS?O8cEd&kWf$`iQ%vh@9O47TI|6mzs{0sh?Dn0QA<5`jaJl=>@%y5ivo>@#=j%3~`u?uqL5@@4B$nr2sd61Y&F8D+ z;Um}xnoqyY=jqRJ?gC9A4b1ya*7E+GZLBKiyk%Hxc(EREaS61oL|a+5Me%y3Y2++76b3J#-($qR0Pn&w@ILQ;VHM~6N6-HvWzu+8hU?u(`d{I9P%q2Z zCiphLRawq^-YJI^wk4H=_|oKEyjp)-kbe1^GSZ%{dRbbIdwUZ%6vo3{;C=60mv^1= z(D&v?@gDT#_d(K6gXy5&E3Nkf;(h}Y4zu-owXfCl>sa|Tx#Tjp9Lm1H{fTfXsJD;x z_8_i5jDW%5J-@Eb!~VvtWF zh&Nm*O(x^jdRB|{_2B}uFW=XU&(GNWHqI+68N^=+Ex~(VWVZEcJquP&lMnFvO`#F8 zNq-{@0QJ6Ny~~LE5)Qy#$YHLV$i*h}{d26>tOqQ{6HQ8!QkT2=_08s)DYyvK`=<3? zLEKefLQl3Pzk})*zQ5yGeygQPQ;+v%(%%V>gL>Cl@B74k3ctcG$nDHI1Q+GaeF8)5 z`m1^)r>4nZkGJd`*61Jv>dmv>7;)w1@;m|rA+G@++@B~h){B#77hWHVotY-jp%Xw<*{{~T50kRUL7y`k$y1bfO5 zb(~j7|2ixO^;V0U#J8HbPr!uF*!E!|aTIfNQ_nP*=e)U9hih$V(igAhcL(VU;15vm z>2Z_zs?TGs1x&bzZKVr~ABW6+{^C!Qsh<3%lfF502KAcbK=9p6+;DgZCO}?$eh=hg zr(alVkDKNC(I~cO4hv!Tu&-z*3bwa zlrAM(NgTW&O@8rstGvuw81w-3UK`i)o{d+Chi70a>`CChIwrJ3xGucNwu>Ej&nA83 z(lj|c=w4S_O!^OCJ*YR=diN6d513GSKIc>2n2&ZXyuNu~4`)6aN=cK>cy+uujr8^4 z0#NT<>up2a4PZiFwmIDIGaSttajeIA;NU zKh%ift?wMSJbT>q`9%q&$*XuXoPDJc=~LlyP_MS*F2wbKLC_bPQqLyb?BqA}uCvwp z5Y0-HU3i1mn?w2;@HVLTOy@J-0phB?%Gxws2)V3H<&JQC1@^dUeF$HkCbgQo`MsL- zBj7twFQ*G8_=YT`?!pRK3K?H>%uX*IABXna>%#h8g;<+3>FV)TSw#6k7f>(VR^0n7 zac3>&oEuW1&p_%E3h43wW0p9%P zu5;Rj=GWgXjdvHh<U|i2*E#ow-f%r+Uq?CcBb~-uV}mn4JC@&@n3uG0ud_}d{XF;v)ccst z@31#`eh@x}HIV-;@4edSc)JgC${{!3=_fYF@2 z3jWVT!rX^p`kVc>U8pxUAWfdd8+7)S^GM$cI)QrWs!i~XC2le-g?W%al>7EZ+ws`8 zi+%Jv+ejQ4lqMVSwvF$~^L(V=4ViDbUZ3fw@%onY_uz4O2$q)Ry6r-z9Z!1OId1DJ z^ZYo8!#QapE!}xZjP$$UC(!(sk88!ZkGR8NLLd5;;?@BU+UpcDB2Cip2IHwkO25s0 zvQQJ$tL-h5xVCU3WW!Tjh}QcW!nPbtJ2v;l1n)?bVR*IQ89@3;@FuADJm+uv8mwT9 zf}t<~#&F`X`!uH>bZ=3(T?EIb$qydyOwzA_uRy)F?0u;#@j?&CHc)??zUb7mb7#rcQolAg2|v>Er%tW$!?;PF;upPFz1s8{btX+~Tp=n7wD6~5jWDdG*@mnKW` z2IJq3IX(Lfff1ly9p|SIHxm}ZOHh|{fczWTkqZcmJoUlMcf$9l$r)F;oP-ui-QE`6%9J+k`pP3eK}WEZi<)lhfpTkGIyl+=m52K=VtNWrDBLYR+e% zBU}MqZ(dPvZkn9l+Rg97q@M=QoBfcP^S4LiTJgP3+I zrb%m$cPHt8fj>dLPg-x~HQX-=7lO`H)w`*P*Z*{yjP!U@*{1`H1@%U(x9VEPcjyLP zz>J&g?YJ4W*UL4(!ROLsp2zzb>E}T{s8{>nzwa9&2PUC=s)3%b@b7&g0Xn_meTR@cwL<`@p`7?acp6lRBPiNx5r7p z7%F_|daGOS7UIf(#GDW^41aQd%x|g1n6J-RQF#8~e=AKodc2R4eidBsvFpvW-iGU$ z|H4x+5k`H(`SBwO@%-lh;Cjt?5m}Qab3ERP8<>N^m7wLT{cnu8nxBwg$bh8Jxi0j) z(=O_s<9bcMBOj*87as4Oq@Mw$H@aRue=EI-`y5~}^n;~)cn+eLGoQ@)sBn9W<>2&S z;=6&kesC8IgJk;O?2t3xiFw+EDc{&PX|fD&IVVptp7amGBcR^XY<_czn+Yb&Wn0|* zVJPP3}zA z5)*DD{m1YXsJDajk?-ZtxMvb}Lk#NXP`+d6*G>Ox`}NUvN(s$dLVH=K#jE}LAEZAD z6+d^qT7PR2cL6koG}uIg8NxldCa(pa<7U2JtRPL^z^m&7SCBp%t^>`lbLCBZ=KaUR zh&SO*wk54sNA{&jfyXX?Yt~^_)Gd5p zk$R(t(quW_U_3SN7b5+1SOn_r<$UJ*oVcH%!glh^HkY-B{oS4QhiqHVbY30#D^2#{ z)p}NoeF88L)T`sr1z++E4orgkVRnr3f%(q-ch9`S{Z5ossfJg&`Q1YLolt6r>(%4d ziMU}f1tvoNaFH;_ErScK{q1?7<~LX-U9R(ZUnc!>*bbUsZO5g*q7Fb;=m-;jCBK(A z^;%1nRA9y@QFn2cCi{W_yTrjamGzC-c5Z*1LfIp)B*haFulV3$Grx zmr4IFdk*OY|`Ixh*Hnl3%@`s1m2?>Xu3gt4Gr&PYx0Jwx1!V1jx7 zqPgF_=zA!1oiDkEpt?826cH~MAM6T9}DF$k#lTs zenYj=Wv$2i0O?C(de;$4T&99DcFYTt^g)@I-%!b31?*!&CTHz?UBHDb{=59_lXK52K+E^QcI=v%X$Xq@N6SN|(uawR|I_ zUkUGn=C`5s*8GJz3ETobA+(eE`VQxMR+1ez&APG~2O?Le%W6+K+(!Dl;U!S7)`yI} z)LqDhN5MN^_w$>J-ufH4meT0#wzrQ-@B5WCKTxmEcU~jz3-A>%Zn8D+LyOWjjBlG= zM>O}5nCl|`9_ccyi(3w9?9&0pgL>=Ra`=|G3j1h}a4F0e-mkTpdlaa@5qq7?{FsF) z2Y)DCs$J#QhucU$0SQoLcdmuQ)xa+r$te1>P4s7pzq#!qJ{}H8m)3Z7 zd|OTW^>7r_JHUDe?q?i^Mes71xy~RKX-qkEAMTW|j&IR{>9XQ#H@}~g{%`2SMz(pLFOfJC1`$6v);#uTL2s31MqKS z49auzn`hgF<~KGnU9P>x_3kA7?~r)N_13Z8D~Rh0lVAd5>|FIlz5vtz=zKjiKV6P^%Hea;e+$2Y=9lTH3BH8HB&h}$ zKwVfmkn6E?oH=UsDb7~QftyKrpRaq|Qb~U$^ab_$talP|GvIYt0C_aTDHl1u_m-+t5bKG`e>O=I+beZn)HYl4UmqSY^ zn%^6U>jx$bWoxd-W`~@1Y}_VjIYgJI%Vv+)T;CkYJ}-iLwLWC|l4Jx-hN9Ou^NXyX zMOLLtg=^jNHS2O8vEN}(ub#I&RxU|Ch99Bmy4>t@-F6Wl-`-1?RvvHt@=4MTCV+bN zxSdxaN!r4#&<9fP;CkUj&iYv&e-SS)LK%fu```Jb{}4U__3HWC`4y9-Ihc^mHl-ui z^{yyfzIr|%{v=)Ic=8(}{T=WusJCw1B)&Z2V(B(C+SW3z2>- z>;?7eyzl!eNz$lllJtV>Ac$ZP?@%=T`uvq{`Nrq#U#CmC>s;?<(icFxB-g9;Z0RXU zauhDFmLzGg=O5m=(yp{bjJI*&_3H4C>5}R3zDfFZPym`=_4YY6N$!IPJPqD)D0{uz z-b_7??}TdAU2hGi?0vI|+YX1|H%Q?GA<9@}%AxLgZaEllcwf3iJl;!B zOOp055j4M?wwvH(B76kdhwUwDV!5@-Gp>Q~qsI+QM-;?;g#&Pd|CDM?NP^|rI# zCd6F{Cfvj}r5o=pZeMskO2_%&U+Gf%diS{XBmGEt9n`Dk+q(vR7(`(?c<1Zgx%TSq zcl^v8(mh_&Ka@F>e6cO+Eot38zi9cE$&dkfwH>G8Yzb{ay?Wfb5!V+?2rYHq@1A#M z;dZR|Iflz-$aK8^cxrw}nf+dXA3?o!ozHwdYBC3a<*)#zuz=ij0q-85K16N5Zq_vx zn)zA94EexQ4!@KB^s|!WMo@1n>#b5NNs^%(bOPB#e|9eY*-Gv&sqL1pX>XBg8N3hM zJ#G=wuYfN=z1mM!KRZe4K{H5){>@Rdt{la?$F4u1*5j>ay(OI=FS7lw&PyWoGvqzIwl2w|_}+o_9BNU0uf`A#SOESLvc4xB=o;9E*u6h47VWlWwb0jKaHkm$XvWy zu6d;21Al;e>0V9n)vS{w^`RwXL3U4`i|ON>w}tHYKUS`p8S*7wtzTD?z8BmE>g{j6 zuMqb+{0=`u%1G9~nd_MI*Bo2Fd^Gk(q>nYtkg7Mj`Td9V)$1mSAJjY6db<-h4xWW+ z;AhP@#5#%b=31}jH_|LauE5*H*;nR~{yj*l=X$4D@597B11sPSh$Znp-xv682I}oL zJO6KZX(>6+r02z$Bk^{(-ovD?R6j{tfaZ6R^)4fBF9aGS$)&J@V^;2q1WD$6d%qpu zE8%6yL?RtCWIkT1c0Alp`mrz<)T`%L)fy&A6X*b~L6}eXxzRa)&D~IB-q0mOc6!Qp zH0dY7W1wCgFJ}_B1WZ`T);xc+f<+%wzNT+9LC2ra)frOrCbvGUA^k4c1L{3BZW3RE z^O^I53BB3QU_Gub_b2%2cOC1|qvrYTgEWmuw+yanxaBaE^b27RsF$y6f^WbD%>7|K ztcBf2xTbj*?+r2MZ6n-rFzq+iD?=Xicn^`jaUy#>Twd=Y&ObOG=En0@NFFSXt}$;`81I1GgK z%+vQU4o_tMf2hbf9K9<;R(iZENWUGv0riq)6MX*=SK$(;#Li|LY{ohi_fwd8uhui2 zH$=x~$gdu6L((^cE}&jrpUoj|0!)X;z?=tVhn)77XUjpo{&5*{Q7^X~UL^e*I0EX` z`(Q>~%Df+<@Fpz1ld+OXn7Q97psG}pE9Jk$9s_U4V$q30_wGMZQmcn zotu&*J)tY)aXoql^*4!isPG?!+eL74hCJc%=92yu*aPa-dNwXKiPzb1ZVaaW24gId zFpo6XvFg?>Tz_M^8S=5mTQx07E`nj8UY+lqpUylR27+04NdAoTHqHmlaa+f|VCL9q z`39fKkfR>&>+G`vqM%-_4;0(6@E)HRoXvU$XkAdRX>U=ym-Kdz+ef7T7BVwjub#gq zWU?**x4=y>oBBJ1`#)-YNgr{Vdp>Bq{#hCP#)aG7>WtwU5BqEY&2M~Mq5fXVXU)Nc zwrq==KOAevc%R1`jHedajPDmX>hbDvJ2Sw18Um04i7og&lRxUZ!-uuW2G2}R%J;2KJIZ_M*7CVBpD3q)%E({ znloo;!MP^f1^rp4&fz_c=Dp|h>^ybHetrszvJ7v?kl7yZyQJR+Ra&~<^0pkh5!V~W zKn|Gt(4XH6HT}bz_C5{mA7pceY{#qX4$qT*F}w|$U%&NMXvO&@+z8zu#+V8wY+0rlWlizs1^I3+p^mu60_t^YfcQQqu6k?wBxnK??qZ!f#aVyJFVg=;c4Ww19`7j9Plk=4-nzCNCbwY? z4h}&9to3+j*DKsEWM_sf@pzlHr9HuOpk9Vu6MVafI}GQxOX40l{s!fHp*?SzXs-*s zK{@1;IJArL*yFv1^dsSIP;bw;R(vDcGbe;EVJjrjm&pdF9D@Db{F?HO?9Gs#T&oW{ z`^x!OQg-kVsCS(6nXhvPu35lZSOL-6{1(&4&ULpgbDeQ>P~}qb^OooV<~w-()?2D$ zl2nB1px)Wmn?c-FFdPO#^e6h?0;hh3Z9S{O`b&iN7XC9s-o~43y`xG0IIINqF16l~ zo#;2?7;0c()y2AwCvyntQj#=-qcAS(c zojl$Hq_2Jrb2LydwNV?^1m82ny$#>NR>&X0^^j3cd#lc%X2v(Y zk1KRZro4*R_ObFS>1*CVp9SjGc~p1e`hW?yvo+7l{QrKZ*xw{mzV?(u4(VsZDLq{8 z*>RKj<`B0Weu3{H@;UbtZ%c?j|Ch6|@O(YmG*iwP;FfQ*o=MUf#)0OygY{@Z{}R!jGKMxyX9;8$#9EI>4;a$!8~{TDf|5A=Z;%)+&uX;&mDh`_dh>(+$vL6 zdAw$Qb_d>{K+8ereI>5X+WMgFEz~Ac{_vE;KlrNNMBfAI)%DKK#PtCahO;&6lKQ(T zrjD7Q^Yw7MOlf$lI}VK|{Sqhu^>SKif^Tq$c_w@dpTQ*BaWuVDygux<2t@y>oetDyxKnuBmFd}(#Q4cye~rBa@Yg;V4gEg zI>UL6VamZG?c(N4Ipp!SzJ)m*Oa(0mU4OW^FLOwk2;;%qF8a4A+%97MGv&g8ZhqI3 zekYXa=X%eu<22g0`Fsn0d9CrylZ*7pDJ>49t|i9`F66Ukty4=2!3IdaXZY z0Koy20qp0zCDD$@8Eu{X{>nVc^e6tDOv&|l?q=#GVJ}cpMp>DI4*&b@r8Eq<;`z1ohrwz26b{8DlEVABh{GKqEk|jJg zQ>qPe*J;lq{gp5X)H}g?za*~0AkIIa0ra6?&u7iVrERSZ-LFP@g63<|A9Q#7lwm+msoGk?Od0H z0@w{Jm`COFJ8|ZGXwL%YxP8NXGKq!V@Z?N+AFq~gi@{vOhLxb+AFTK1A)L1iWo`iv z!j9Vf-a7aF9%B7$3O8w+@<>l}$~X8-ru4kcoljOCmLzo`1nT9|nhCy(hEqoH4!i+v z`OTj&*YoC?^_>Pzesh_09X318&E%c+Zo8XhSb$%Aa^^m>dxfkv?GrYwV!j4mQ8Fh-(a2z-2J81@peYL?&`RAF=(; zoP6i}!v6~G_;xqHok%|jwu5?gef_gL_%0(kKZdC=ieuKWBV|}GK@MN$uJ6R#@v=<0 z$>U8L#ry%z1@-E>Q6u7-fe9ViR=9anxJi7o z?@W>{Q1-4Q`G;*E%AnG>tTS={^ZZS2e`fLr3ZcD;K@e*lukxZZN{9EvZExGSMQ^oIPwTz@>`^uNjX7C8_2C{ucPymyoS0hk1u zU!6ZpC2l5|Fqf_OeBLPqw;ZA$XUZcU?|jmK1c`UMUY$SmCT=)93KOA5fcYfPnVRyg z(aJ3cGe3**aMdc0cO~h6g`Q(wZ%RCe;%jqHk~|Ds;A1$%TFI0==Q+q$zZb3#u^pLm z*yGIzv(5x}f|i5Uhqs7(54MAOUM4%6_20%^Bcr{I@vLi@dKUUNQ!XCj&UXsf=hShm zLxOsp66JiJxF=x^ybbxxO9pLr>R68LA9TJG+LbA{;??=XR?>eBKY)6h+j2NeT*dMH zU0A#zvCwhLwO*~i;oX_?EZ&f_ubj<3*TBP|UfVbOM%|kvtKe_=9g-JuUFboleoff# zly57p>s6%Sq6L|<32ztc?KpvU3{Qf3$JqS(?n{zd&1syUVF@CJ?TG#Z$Q0o zS#PNaI46coxCAC#=3eh#YLDAac4|cW(9ukpkJs<)E3HW13kHFD8467BEgXN=A3;?r!Xx7*1223bBkGPNEJE+U`-R_K$yIHdzV*9dt z^T}t$fV_=Q%k>}9c6f+9faX*C-B*eG985T5K46P7O%ba5ukClD^!yL|MaDz4fg3 zm0!z9!X(F=_Cc8v&$q*;1!SbhTZ#Ru!`YzTF4lVyaT(AWnt^w{K5FZM)-O3dz&!J0|$%@|lL$`FC6Y@z(+L`I|7_QaNtb>5P*~?_k z|5PK5H@{Bly5$?e+ZHc>Iv%bkpPLsaNN-PmsY)jJE)7=UcblE^9mBSg|M>j=Wb19@ zjDS4o$?tg5KML=H=C@B=E56#na#H>g);eIs8RZM*_mJ(!v_1sS49E(+PA-_Au+Lnm z|ETM|-FkzQ@xfNu0LjVpGhFXCWw7=Sr{C538?8$#8sU0BNMLP$3hRVzs~pSkS=Q@p zod2@?FFEHNUk>Vx;ce~lcEH&mW`LH19h-c=5m)1}BxwW9Adzcq`#<9kaK7FB4kzEn zYo3b;T|oKbZD=!dJLxCDlV(5SOuu0IQG)M#;wn7O92M$AF8x@o`A%DFyU`hk%}9q6;Ao;{VL&%fK0%v^M>W5-wXwy`K@ieqo#3>5v+l? zq01(Y59dPWyltEHmQ5@r2S^`k8jxjpwV(Wj^yQzRZi0Gs9(glyBOw7($C*^j?#>VvKqm3xwU2903ohlz#8%L41w{w&%oAieQw zep|9nH@F_uYd`a~|E-)1C*Fj+*p}4q1cL#29&a$7TI62RKLU>fH9nqSE;XA__I2XE zg_7RG9BLWhw@zK(FQh*L4W4qx$=j_jMBG@I1#7vc5aL|j)Yo}-P2hdbS*1-t&KTwT z){%A-Yz56sXDkEteQ$j=h-(NXz27|8E+F@Md`(E- z99o0=wp(8};`%~KzDWCkyyfu?CH({N7*KWM$78+qEhg?g_!4sN;M^Qc`E6S5Y)$z^ zI|Sqxk1wCJ1@H%G{TfR{yumR^!wU%y2J=^OJNPnV{%ltBVz+?dp~ov$W;M;OZ9lqMvv!g=a2k< zJ=Gs4|$9+LiiMjHmiDZuv0OoACer zUO9OD*9K%&F`h;qPwELgxp>0e1M;`W(}MjwK#s>_$EC!tp5tq=BawRpvVOE%kN)fLbwuwE$dQxii#-^Si^rV2{K+E$x#=YO{8Iulqu zN%V!D2*__I(HEW`kUDptyyFp>!F=T;`l2%fa^Fex#a;-=8z<2xa|5#LB>Ma>1*FE< zlXpCV^8?cEB>F-N1N<)R$;)4ONkCpXiN46|0oid9ebF}qQu&^f_kCk;2judT=#y0e z8GI6b{?!4AoJ3#ny?|`?_?~=$>-jJTbY8=0s|jTn68Aosc}<6AoOAl!^^*9Ul|<3^ z1CkIviO1u^fHXOYKG_hEJ}1%V-xQE(C(#$&5|H;#qA&DWKn{9*8##WT!w%5nTh07~ zq0a--koB)%d>4`b?AsQQ?kCgtML;H=OyBl^ym>NxUj}6N$@J}D zJQ{xzkH=T6$9a7Jb$%L-1!UAo^hI_CWZp^iMSlp$Hhj8%bD&>>Jli`#jBWB^La_$Fy3_@Z#$01RnQfRdaony7BFEj+mgJ|UjkC*KDT`DBz?P-Dsoqq z^2d3{@!2ER`@{*nk-f~XJl?$T6XZwAc262u5R<=bc>*B6?`wK9NhN!}3Nr5^80zTf|^KFsB_#kL%lpP(G1fb}VlcMa*U z+spNOD0~T*@vXpwCKFC@+Z_@WxT%Mj+=Qo4}$G_FsyB)$`v z(3P!OH!k|zm9BHk?*Xaxfa|@1`c+&#GhX8x#OEdqWn1EUG~Vm+>U~6YCMC-4txL-= z@E$kgP3E&KFyW21h2K|i)_ z+F4swZ{!cgO}tKT!td$MEh`71&7Q=~8*;&T z-{xkj>T#3!qQvFFF8BuWxlyJ^s#C7>?fod`daJp<7CjV@g?P38?xPz01AnuhdTUy* zvvK}w(#+>Vp?Mb1sR_=1wf@HNZu5AT@(2FG>6_zv>1IthR=!^(R+gkoOBJfW1-3q@ z*Z*fgNU-7-tvYV~u zH_iFX_d9V3bDjK_XFHz@u|=QnJEd+Z*+M-F9pU^RZ?g4PCH*&Rd~zmR^|rI#2E;Xi zR?rmcUdFW-zNo2Tvc}nN%NJQr`rtnSIfOT8y;qX{rpbxYm92U^S#K}mZUYnUV4KU@ zf_k+M*R4`Y%9#8f4T%3C_qdHE{S)vysMj7-U;P)kRtWdNNQfNeeNY>CMzl`Q!XudPcmkbUlgv7p|2t@o8CmE}?5O_;{ExbZ^kS+HuB z9Kx&Z_!-jAfd!ymrmiOV))Dt5?1dj-5*^Z%^PT+W*>X65bNo-9!o)C2MYmS)-Gb`}i81*51YL;xl+a;cw_dk&SId}oo`?B+yZxL}Tz=ZeM z?xBtq^$z8JjEbh7RnHQ6#64~sNWT@n0QFX}-WYK|g9-cD7WaIVJ_j8-ElV!+c>g4Q z)%i(s4yae(ACgI2TetzP0q;2Px9wQR`QYhUG7PV`-|5RfgVGb?`7-kdfBaukwz%i( zO*=3lgl8rm=iBh!a2)r*WYGLkbxiQhC+R zJNSZqz5?|!g)zbRZ`wh)MwaZutLz+U^}#!yRiEng2c{jw z$FnoDq|KvlJIEw`3up(L-`3XKlej@}Ck%%nl!K0wDb{P+!Dp0lsAiVjfj8*vEBBLr z3gm)%ueIJ6h?^BC{~>Gu_1@@w=KGSkU0{M~U#1-t z9VfLN#A;>92E5vT6|mny_zToK+Q%F4npT<$pd(`JhdG>;qgwl-ha~$ z{QfL?6K~OWFxTUqW4$G{gX|*hK+emO>Qjzy2g^NP?O#i32RTLBfz-~D)_8+Xo{qJH zPdwhYZGQhvI|$av;$2(Ew}TxX?`rG)H|-!?H%n&W)#LUPzCYkkkGHb*mQ7ET3Jab3 za0=TJ>ubF%S&!FSUu&?>S)ldI{>@|OQRdH_XucT4d%)wJJTpPg!CBAa=_G50lnA@hjT!^!=$E)Xk)%b0Lro@}@%e>;(Ewo+u z>t{(zyjs5IJgO!8{@3%U7~b3QCdYHZ?Ql4|z%`)dd#Ur8uLp7cz=U?(@0raFPuh=b zJANbIo<}vvlIeJZ@zgvQ&3>a`45*jWaua+H5cdR_@GM*Ne!!yM1KfX4m%)3EE`Sud`7no3b5pxhuG>dviaT0Za&;1u<$?1=~$E_mitHEiYUY1l$@cD^r1SVX{ zwxo6u!P^3_w_RkiPg77YYfUEnt9B8^JJ{pRODiYMaJKMx&$Qkj_$>C1bJy)5{$1R7 zrtLx+Wyy1Roo~mhOz@d<=-~0PoMM8{tUq2uyb1MLpETpejQWM=x7sekcvpMM*R+cs z>>KiU{c#h&$Mi4O7lIdNNdaE14}kD0M|8SaJUx?v7 zXR136y-fPoU^(b<<5Vv0{eZYn;R~q1TDo^W7P8(8?D|6FBF?MvCOi9zSzm~;Up}Ze z=zQig>k9?Mn^1IpLEG_<`Of-6_~I-Xg*O;aE%GP(m0rv`7O1z4^O^5d;?4yV8nP{J zK9*(I7b1;0pTw*ESu*LHLpxCK>DD`pxJO|QJPUP4vPQ|I%H(y3EeD<7gfGdGt$4ld zVgdUs0`=-~bM(%CPc&Xc@cMFH?`!zhzy}`h#Wug&iTepmILP)86Zcw8oac$Oe6?Np zn`B8AUM+{Cq`!!3Fjbeh`PFrcy2LesR?rlB@PV#thKrPgKZWy2y#9DDM7o&t5CSa+ zJ#J%(n+9{?IWWH$ufK0J#d>vpA()yaJ3Qs^D(T;W)u3LMJWTLyBW^bwfj_`o4iW3s zatNnoN!w{||B(0^&lEvzP;U?GZA;uuFbal&@#b+lYRYzz^=khRP0x~{c(r`Zd@{^F z6F|K~toPr{C&L-kU%YLdeZ{OVy+@!n;pETIr9g++K&IhS7m9EoC$i|KC#|r#9a@=VIY|I+^_$I=e_;h-&~}g#hPWw za=cFKv)z-r)Ha zFyT_RC6z;@b(UO;SNpT(q;CsXf|f%M>%Eq^-Y^UXf_FX{^VA2k9_??FB@;Z}J4rto zrh{Ujd_l*r1}uW z8^FsD7!QN+-2?Y}yrw=9e9sfN7(Rm4V9qc4aPh*F!+x7zbAAy&Z|RUF13lhtr2iRy z1n-;t&uzgaa6Wjw)%oM5uBlf#Wyu`8S|74V-xfN6dY4#la%!UVCVnIg25t#F zmfsZX)pi`i`>7|t<4FG$%mDSSv)!n15A(AM&M6`n^`W8SHm_zzSuoTpL zSiM`T$U5S;!DjHbi)>Fhn067tdo^C|cWTY5D&Mlt_n_WNd`*I{aUT6L@nx2CZcaMW zKcp}zH1#3JdbNKDU7IBfJ>Dwpb2+pC^`2_IqltR}Ovq(hQvD5GpC#XVyfaDv1}q2l zrde;o+l;ATLM^r?zk1!HXn*GKnI&bOap#k@N#CHMPXcV!+sk_2?^;1_wBFm<=KGHy zFU<49n<(GdjjWe=ykkf|6`ln3=2-8i#C;7W9AP`*JNn@K!sms?8^Igyoh6s!byACz zS;09soCoTiW4#@TyBQvadtuwpynBU4^CtB-X|3beaXxwr*Aeh)eRz`eFTyLJ-dC)* z>PpsY!GwNn3mEv?zUlm)LecV#4a$=7p5wMJgL_%nCkNEK*LqhBtRiLXMbb)aOR5k4 z+p=W7C%c(D#wjuo<`h(7F^|+;3?{MNC2NRxSyY@ON#WjW7Z5ER(bN&+>n#DU5 zT<=`cFND`Xy}T;G1m8;H)`1Bd*#?VQH#FWYrXL@cB?-^E^&yY+d!PW+%PXHv@a3#x zodLdp&9I(#VbrSWjAxaSockHHKEy_Gz0%`7K>CjJ5~Wns^$xY(s>Ia<6ZAey|2c)n zGxdh<%#!QyYCm%x`|am91{!+2yh_Cc-_$7y(v8c_W6QL9~h1i+hNhy~~S3+fUQ6z;@ZW%;H6cx#(2~i56Bo#wRB}qyV8Y)Fe z{6i7_zt6nqY0i$Z+qUccKfm7npE>92ndd#X_gvmd>37VnIc5~x>_k>$+K{I+>Vnh{ z4_fXJ;)bEe(Zgumd5jlW)RVf~c9D1gUfXQnGkqK7%&~Ve={r}?GE=!KcY@`9lv~=o zMZAP}n-n}gkHGyBu9n|-$+sJ2yqn~{X}N=ly9>=mQ&IF2`j~Z|y|b(z+At5tYiQUQ z&hzloN$!WF&wP)0Hl+6cWVzFbn~gT0wP?gfe*c0w8d<*z*zzFUM7#UnucfTQjeVclPci*B9<(Oq~{g!(!={uvVkaBxi?lj`&qE%=a8h0-5E9Nk+ z{El#Vk;m8f*+j?Wn7`rHu-x^e{}ydV%DusIYw!-LABmT6GJm_zt?CCIm--*3zD-K{ zVVCgU=X^aOG|H?kgIplc@DYvTSdKd5C!scb;aI+om0(gti2M+fL%Uwp?8YJOMuIc=% z{bp!fj_C$hJ@*aix1*g%?LE?Rzn}s7i+Bl_R!F}NqVth)xOc%-|7I;_Pu^>#O;xVS zJ$Lo*%kL8#{CMWx$8Ki#$y@ixZ z^CH2wn7CC)!g{Xmen>56E!KPM6=p(?X#_WvNNtSlhulb>El9b#J}CPk|3|!pyL54{-P2w-0!pK(&x^b-khmaoy2v=qBW@SB$ZK(0XB>$T1JW)pkef#XaQ7 z?djXk)%#|@QsPorz3{_*$Kl=w^HDSrslC}A(DyQNZzBmGa&_nF)xTOVqEF_SUmQPt zO8Sjx3sP=#%PqBpz7N$wHIchs5l!(!^r;-v<(XuAmQDHq3L)h(#U#PklepW^C^QVY z>lHICSJx|IPv@91aMiyPNIw8MCKbU9^XUUT7!xr-V zg-S0?a=Tk@J>o*>GSmUN>lG_4SKEisWS)ngO_noRuegdly^z{F#Bz(WUSXbLz89|6 zV_B~l1oIAud$;8lv|h2=j-zxxWaL@;A-J8ryovpg6JSOi?r_U3XuV>WSO%~aOo;cEGn_Tf+R7PsH@!+pZx_VHCPFE=S=7Ekof!AL)^{pL-4 zHWW#CXlnX#iPnn<+@)~6Z^zFgp21!m?9Et~EWg@sZmw9$lqFt56|M!X^P6coX1n8G z={FB2&ruGSM=1%uqV$_FxJORO-*47~neA}vT5du8X57|eUFVOy$o?(3THmDK48m;g za8I$^g8I#!maFUhq3P`3f}8E-HPUakgW1X9=34H7^qacQ@1Mc*1>BJ3O1~L~+0)_j z_$R@4ApNGU^M_udJiyg{Q`Y$hz#QUmwcngf+yaztou417PmJ5O-}JwdWA?yx>%|K4 z7I&RL1o!0UlU(UHqrDF?pE&k1rJL}B^qZTBmrz*08Jn47y24dI{6fCW4_OC6+OF$; zJDRwYQ4VT^+xEvc2w>C{QYLO7D0&oWd0@I&g6~`6{y^0};tUQN*p2ld3QJ-x`Ce~cPRavA2@_qA zW46H6_Tim670l`6IRh!zwxPa{_-q}Luz_nq&xLWgM@~zYvjDtisD;C2nn8lEHF2Gh zgw0h8p4SMy&Hfj-YH!&g8Rkmzc6Yc<5~Td|4_9%1p&)z1aECbDUhw*(n;dS)avvk^ zEhJ$H*PiY8JyT^trvdcB^1^^gqCv7b4IdWoJ79&*{^=O!_|7Rn)p1+&Exkg)3xh5-igD_ zhO7RSdNIC<&$Mv3$JzT(+}-FuOQhosTML-*d#4-yA!S82T{B+z0o3 z&n9yXyc^Li4p-+9?<4ME^fa1)+PLt1{%wSJI#A?KU5run+!s6trxc)Ue;74Uc$l!>EDAS{jsdKgjVL56>zm)97Vq4(a8>1 z>&02bor~I_3y?d%9<}9H=hx$K_rTS9A^k-s@^nFJuhxr#`iq&CtMlv8Pjbu&FDL88 zHSlgigB`Bci+hM0jU-IqTG0G@WEJNO;D!>Zz4HK3@;rysUY%b*kn;dKzaIURbDwav zJ(~&dU9{BU>O8@3#2xlY`gwww^@EP1B5T;E4cDy~QYVT#zaEAAsl%;}Jq^(rNd1uQ z`N(%Zah;KbLeB%NWu5Gmq#t^bZxFf#DYv=hjwS9{Gz-l@?mWTD6hHXa<(O;X`n|kn zKIxaC6-c?QEq4cTrB^XtN2&Acam&?tg3#wV=1I8f-^0msB03oBv4Fb8f?=hw%j%o9X5Fy4V1vRs)b zcn5BA=htKL98>w#{PP40;TCs(-F(Y_KDc_{WIXu++~PiGMd0>^tL0aovzEavcE1Vt zVTUXI=0|Xg-EVHpF$>^&tqENl%(dtXr1e6_lWRFs`VH|Cc*QK+qAGF_$exGADz;)||oGmTx{CW&-#n+QuIY)N~wiNdqU1(d5$%CtYxC`dP zXgpFs==1T5#LY#^(0j=3H$y3Y2yJJ7JzT%NZ=aEV6WWTDtMlt+R#U&xspv%H&abz% zTN&cwlJZ^nPhF+Jd_f2H4igFMBZUytt0F=OFsJ(hm+Ex1LUU!RrIZ~A}XJQm!}_P$BK z`5xS&&abad={KYQ@+$Od>NWZxcZjt9^#i6 zP2N0A?2jBX4{peEWnH=f+-#)w>hq?oOCRX_?c#qj{)MacLe`}NFpGNrJZk-*{buYh z=KJR4uNSY~SgP3lW*lz7;Yz>R9D9q~Z-)1AE)A~wLC&9_54V-$-!nbm`}F*|{NL2` z=c(%#VG}SD;rhM2iSy@I!tCL2^SsY|dj4GgZ|eDT3VlT=g(u7yT5%X6)?xX zne?ypn^~W+Ul}R4kF~cb`?(@n0n-|;)??{6Yryn7+#4;op#5CCQu<9(CSab0+u6&T z*w2*%vzfykY`F#P=c@Lox8AMm(h*<4tb!Y|TF?=rJF|O(6?X{eR;kJjX z^=$;a@#t}fdzgpvO(kv)lJFka@=P$sDZ{eft@T3M9hsjD9~v-29DC(CR^E}c%;6rL zAmv{_E^HrZ1nwlbS}#6=_XYae;d1Oog72N0Wz9C?CG6%Z^=*Eg{Pt?S2$c_*1&$xg zTHf=As-i6N%RFt}1j+c8O)qPXBVIy1uIcu#s~=2-0B19k^+MivcN%%lbh!FHqk`V^ z)!3F_ecxRi?rCo&>xI1U?gE%?9qw7y-h$rq)zPUJpRrFNUNK-g!wq?P6Yu%z0kgNm zwRPNAl=po3dD-9{aNAn0yzg!h%v&7p#n#@Uyyq)ih4ulimfzvj5q2(9u z9}c%Yyzb~~hpYY2?Zk~n5@deT?Ju;xX+4e|5ioV z@4xB0pSY*cOf(g_{*9;f$I+t$=7{;pcIQpfe~i{5<=$Yq`-nUI3+CTZebo38_5fYx zwL3dg`r}BgfH?=QmS5?Q&n8b0DR-FV7NtK99TPCU;o7>Icppq_n4KK%LzY`me>~7> zcVwSf?AU;r2iNV72f!TSaK~D1LH+SKr`<`sZ?<;8d=EF|dq(7blbDG1QZn;J2k7LINOfFn4XLH~!M4vfa?T_~oS9U$)A#@m$a;E1Y zXIVdJJ&xB2n7(keJjnYKP9aZ2q~$^T;}CHdBMI{Ugo66x*a-nM-my0^uS}m<-2ONY zHwM?U!kEjk=MHoqQhRG#|E?nLYxD>D1&yP@Z~PN`yAG#8_#pqfNW32Xro)wfzSNiO z1wqQqvD~8c^U;$7rrg^}|4Kh!4Q368+uU-C($9zM2TT*VTHmCfuM6`uhug+-3+m@r zJM~S@35Oa4%>8h+zDYmd0%mK6tL<+={roPczI`U#Q)nmQhCG`R{d`ZDeH?C2Yj08d z`N*jO6NlT@a;2ZY8Ro4Hx3A?ErJs+T#(jGy`8+=Y-WW6vF|Q zxDv%`B*&*$vHwFtBs*Xl!P9#73hCcMZzC;VT7N$x?n@+LBiDlVJ%kztOc%J?E=WDw zMjrY71_?5bJSy>5A@6mDa~~Y7S387(_93N{}tsINjRRXv@faS^8Mr7(*x!O z=X=*DeN%KEQm*bB=tSIANWwK-Wt=;U&7|7rYJXmz&tr{vo`M^e#DxB&zXjckl&jC} zQQ~HzchQ@uG6S9_G!nwA_Lz6Cs^w&uDwI=mM!*~w%Q6EJRAW9PeH?8^%GGwj_ciC5 zQ9X1lDj!O68(Z#_7cxvWxREmhrVU)JSGlA=AGJct)#vuk#PviH`f-(aEv3F+v*Ys_ z=2-g2_*nsSGu%Fj)W!@V{hjC@q+G49qltS0NqCNH_S%1P7h^A5b&UUPo_pYGd40SL z?-(V|D@eH%EeXDt_)Nom{x0bGBno#aT(`Ww33Hyqt>nRqG|r8|-Q{pUCHLDf-*vcE z({Rt=ok;~fug2llem7Y!7Qy=vt#G*2Eq4uZaU|jC+=9=+hRz9?W^mQNTgdkt`U9zd zZM`khdpk`|!1RY3N?2jcAsZM2pd*oT>v*5}8W5L*&PV4W_r0?nZTZ#r&c@-s3%9N1 zb|QT@)C(!Mp5+c9Za5l;9zyQ>&Iej<$1^j`DWs1D0%ix?CYC#y^wZHRNV)plGoQF6 zNWv#v3wrNtJjnR@y=4FRIq5f|El9adz5k}~SK>0_9=9CVx-=ZA^-bT;;m-@0rf~JX z9Y*?^$d8okk&N$j;#wmKmvBw@UNd<*P#JOxmq6XAZ`qj@EF$u zxlIG+8MyvLYW_Q8x5you+uF)$}M-1e4R&~w^2TaWb|Y^Wvkyo-|k zo2)m!4s)Kvz0`6GdQO|A?T-Cjkl6VF(++OP+AH&>pTYdX;a+RGMR`s$7Y59oaNAn0 zJg04ix!vLF^L0_4(?S;o%*$}KJp2K#+_#LEkd}wTt-Y;@>w_ZbW+dy+t+F%BI>wJ% zKTe+Kk?~HXb-;WKSIfhrq@RI4LCV#7{Mm&S%rP6;SXekH*CTQ}O*Iw-@OLp<9r0DW(#9V~KkKNqCKGH432qzK@R4biT#kE?|OiwSAC! z{1$l@AmwU(O91UZh1KH_+TwL_LWdjhSVgMGF}RZ)KS=w#9Og=gtNle$+TU3F zfcXTj-+sTZ;cZ4+9c~M2?=Qq@_~!8R<0xr=r96Z>1WeZAq<>GtzZskGt%%QM+<%b= z%Quc%GBN$QMBB44+$M0<5^2xM!YuD_d5o4&r1mV-F<`EQtL0bPvzjpd4wosb1h**d znduZTW8k{&SvJfj4!4ix7Sx`tPHE2~mjujqxShSciFKe3Ft2d9{Vcbj_H0*5duBQZ z%rPJ2Z_jRqS=@D?&}9MB3T|6#ue4{k!Y%GPP~`Fe@9{|9x1lg6qUVv8GkZ^cTO@8X z@2o~gq38ylhi7D%CcG%K+63=8OWTKV*MNBuuG>DyZxNkJKIJyF{|jhcCxXxcYnROGGNLtN!E*LZNZ)#u~rRm=;()p~Ie>BFceQtlO&JL|sEW(e^T z?%^u)Z~D7~Zu=|kLzo|)?FqL@BDFCiNk0}nfs}i-_nB`daSPFBXayQ`VsgH4ptV=_ z9sWl8XbF{|&q%p_Ew{`To;y$jR0plDljM%GT-kRh^Sq{4!2AL?+skXt zAblQchLk(haxW&X8lYJk~)dAyQnyha(kp4DwCsOXcmiqv4 z6On`|Tn9G)CwKq3{@wv|F z>(+~1U46x_7a_Q>Ib5k1U9sgFr1qxPi--6uwO&;I!1J@#3;%Ti-t&>H7Zb@d2Q6~A zxKV;{H*r`JK@ zVIFdyf$P?b3*Z*DUQ~PBYbUi{#BKdRWkoGKoOTb(M*R2q9@($NEA0i^yH< z({cPO_2O*u1d(#JT`x+15xSf8{pI=VMLU?6Io$ovL;N@Yt-ok&%dhqqk$VE>VYqI+ zxE|)s4wvpxg0Gx#c-;@p5KVVZ3ow_7cavt_C8d&w>n(ehuVQPoqyYhdZ6bX z{k(v33S6xha_+I+^o)N!_xLK`MM7ccfn#vrcl;~+P~RkPvG<{l449wbYJVa7Q0K!f z>ONGz?Kk!OhX4M6IdVm^UdZ{4g~DB#tj9Y3E$G~1w&m*ijX2!qaJ62@KGbD!|7{=Y zf&LCs>;dMv;D!=+!#lsR0`9?{d(?4Md{n@Ug{%FA)QeSci(4H8z({}#3{E)KW)$NB5U8vIb)^T3gZ=#Sy5f2Cf0 z4!5}VA~ZT+dcbw-#aD2PS}#Jj{OURRINZ^2wZD-4*_+@N^_+ZL%hhx8(J=utAFf+3 zw!!_kdU2rVNqO&M8FJ(tNn%4i_?WmIoAI8K*mvHELX=-=E;DW z1y}2ZjHAwm`)~clfsUi%aKD1<){7wAgRK`jjxtXNjPKLreUtv8Dcs`r7ZJGGaNT+_ zqh-Zn*NZ6J%N?%Ni{{u{+(+~l;TE-CL~Z%ib8cob=R)9Wy^wL#C2)&+&TXdU>N&R<+K&bf8P-r}Bfi#^M8EL?5Ru7Y_Zx)o{rpzEB%GLcawhK&L3Y(9L!Cm8U<(%6ZxSu2C%Dx$buPDE>8hRmM zO0P-!VLQCN$m~dRb$#L z1-@6sa&>=6cpB&D;HrP+e0Xn|eI2guCn)H5R(D#i&dWt#44A*+YWpDXRk;i1NQZl+ zwYR|csx0y5!F66PK0RQL|19ZWS>JpW=4^+1qvaN5eKR_P^HOlN9?Lnm_hEkIaBsKV zg4Q<&+W9lxui<~0^*6Yky}XI_&8;wZI^4S~x1jaSah9v++@i0r{suQ>xw2p5(4RQl zgtR<7V!1`xuMwZgeD&J=>zlP;)^@m$TW(SIYxrMd{SB_R5Axp8Yx$kZ(;V&}mTSLK z;?juE3p&RVf_oiY4NXYj9JNCHv`J#V+RmqD^&##~^bnGBF%8)FDr;D?@NMLE?$du@ zUli^pxLOYy_Q^D&#z^l|hG)D_zk^)m^K|>d_P@UrZq;=q&yB-v`5$o2Ec%E4fa`}l z{XgJ_;C}fZaKmsbd|vYREduwP|9~5X+vh*v#^6r)54dr-OB`<7tIL?{*^6}}O092~ z@>zEzp)c2h>RV)X!0d6jB~_23aO;0j^5r20x9fkvjl&)DA8^eZ0rL)A9fv$l8$Aup zMDBg7&Uoyi`?Aa&;$x^Qf4k=*D%kZfW*{nVp<*LSnCQ<-Enz8vHh83fH{J{vx<_6Q$Ca zisY$}PD7c*RWEOh9Y>dGL0o%O_k@3*3yDNLKx{7kqhn_e(to+dm>ao@UxlaZcWo~( zZ5|?C!sA@s?=StN1odn9t$=yR;XXt92YQw=(;V(&36k;6CN72~$nSc%=j1$Uk{g3N z)8Q^9-?#^|%xZ`GwB;Vnk791O+~2ttWN&C*z^sO=;}7#Q<0W($Qa><+mEc=&bSZNp z@l8-eB)?z0q^UPn2-*83&nL2ELiPe&cs1(I}+cVU~OK@9bGai_zO?Is4ZZ?P0Ik(d;|in*Y9qKM$C}4)?g-)F*Tv zQm+24_hZDpfZjoKkleSu{1}7yw{A;se~S7yx;|jWIouyeUvm%pTaj`%SbHZEw-{|k zU!lgWjfphOFe8r0FqQAkZ*OR0z`WsbPx*uNS2IrMs@%UVH$YrVB%uvgx15R164c%Z z+)o{D2huNC;xpH9Rc@9v?9_|l#65sevU0@8njHY4R$ zu-ry}(jK8}QFkQwt<~4m<=Po$zzd##_di!`4Va@gB+JDi2DZZ zMmv$~ht>9ZRs9hAp7nBvTWT-$|KTiiBv<7&w%qfG>xBBE9?12>lPP`(Z3~#N!yQWc zxo=i5&vI4ng_gUKxZUW;zt|s#q`s~0%^slY8D@#y|D*Q$e+rnP4mXGNcO6;DwB)MX z&XzlvxObUjXEUz%>2JH&k#>?ui;_+T+Rsgb+~#SBH>v3PnmiiQ@O&Hp!Y2V_oOu3>m6>k z$IAD-T^KhE_X3BjzuS6)!wsk57W%ubaIbf`gW%nT9(1@pE%ycD-a;QBIo~DYD1FaV zwTa$-M)gDZH{J^XSKEixzq4{Z@9x{D?SuK9{T`0J zhmuczkGm#UoBr*aWO?w_DP`^=&oHFi+bs7; zKC6QyT*GEWx7|^D)ertX0dtAN9VK?4#~khhmOF{K7m5D0P8ag2y*e*lly)ZscZI{%`_|LpR-nEUdFQSJAP3=ud|LT2fK|b}vk(QgV+Wu46eT%_8-{D>;wk#@R z+B@7@mfMZE8_?b8R^;|?V^aJOEgv-F9j^L!B>B`{eJ(7>ztI$Ks6x=Z16Td~6ug&E z+~GE{_I4>##SBN!p(l~F>m8A_H(OKcMYwX%{NUKD{@q4CwYTL#_%{Ogu+7Q)_7gng zgDK)3$^6bmmU|*`P0i{*FrR=c@%xQ@CZVG3wv5$*2CktqA_r_ACtdI)@vCcOJUH z;ofPvU5Oij?nHx;+t1HWX(#>FgJ!P7)qegV@~ORJEVrP3er8I2i^ARH`1cujuc5CU zF5BTH_*xuN#q>gVqQOY~JO6aAzGdH+e;nnn5j2&z{L{bhkWcNMbP)ax!M)6B*B8S3 z2z}ykWnNJ1{erk1NP_%csq0^9BP8g3iyRp=XFK*j%J8-x&qKdC+}G0B`#9-laK`-K zo`<4vyE@#TGdU}IqR;%{aObAs7P@}|?mcj|efS$*xpGxZEu{WkV7VdUI-uUD8*BKNN?%!r?~X&78~oQylL5mOGZXXV5g%vZgmq z)$wmErTj*Y4w~xBeQ7<``!>_zu1;fbq4y2$*$!9l+boB>J`K0f`v&()xO(5-gtrK- zb+|fz_6Knl4rTm+Y9RN%jZ3|6HG}3p$6mc}XOd6v+r~8Z7JA>{zUXlEzMbQ6w;aHI zTbX*_Y6Z>D4p-Z=77llhkFQk4oP{n%=OK3-wcUtehi91^xT+t*mU{aK5^rCzyEKZF|uO$FBR>e~A}mOP)KO-Q*n>wT+S#mqzBp|8>EcFapLw-I|U!_2hp z!+X56K+0LDanSUKtL=l1fBz<*a=%LBhr-6cVYn0E>V4DkZ)TMw_Z!PCX#89Au>9k* z=ovxto@1}xx6>W&<}~&ecHd%fzjwH2!jtg^>DRb42E|Pdeq?tEO#z(%h6htdf!&3-nT%|lwxjF+ey7|+Z}EwjlG55 zH@I~j?oN0z|GV4aHn-fYs?33*qtLHyefj!}?3DZF4+hN*4p+xJwaKgHtb^qiG~NlN zaAR;M!d3sC0j~wR*Wq4fxmQ=?yP%C|9cr?Xb*BwpJ@#MYt)uJwj%iN6>Da6O?O#1< z?~Rt5Xn5^Eh56SHcbmh#3EsnKyu)SaCBZkJxH$S9{fy*2?ZcQHmUicM+fHhK9BCOe zcl?wr59JQ8VydAUNc}s?a!(+x32K8{pq}){i+K67aNDN(_xzxVI^0W0Fa1zguF8GV za(fXs5Z#7S#}DBYZsY>|;Bd9R-R*FnO5@+c>RS|U)tyN{yh2}g#n4P_PTKo)8t&Vq zD{%b+?%8m)oZS!aQ8dlrPO{wP#BD%7pwxQ2E2SRCE)1IPj=k#NeGd1f1Mu&FRR3PY z^M%7z|N4$d`r+j?ekjzxaKCoA>fb{h?kj1yh58q+@8_g{E5SP&o$7FBT5dbydZHny zKXUuGYEO9U$2zW#wF;U>aJ8M(dhsCnwEWJq+=A*wB*nj`4fAJdxDy@jk^|t5N#TYr z4w|73SKG-K9PSsETTnY0P2tAjPILS_58j7ppTmt??)^2Ym^aZD^c5O6nDIJ?QKWsS zwld|puw&4yaqQK0ve}VI|NdaPwuww!3Tr1LaQ}9=E#b98ogD5C%k56wAT%7^iR8IO z$7eHB{1ELFG#CGpEDxhe{{)(Zv^<>Z8S0x)+^0ywS6mBv-i%%nGy~xB2%QL9NdGhX z6)88@`^Z=AD4w}d4r+vEewN&q8MF3woSb3KCVi-L&^+VV+miH`qAQScTUu^k;%-F} z?&T`&*^q|beUp19VSj&dSneTPt79t6&xDLFY{rhWrr(v>Qm}Q!!aZ+q2g2ZfCuvD_6BQllx2X-9TIfNf^yl+OyQ(VbJ;(84xt5 z!`1Q5W2Ao@y@!;m`=ECaSI+Not8*Pd1Dg7tNj>-IzcFaqJN6z;`ugYsq}=+}-uH>y ziE7lYVk)C7_8LWw%;f*`&f}FS`$z{fzvFN(AbkgPspRAPihp%odNOhEq4nrflxWxE z+_$$f%(#?xCweREu?}}H>B}F-GY?X3H*0S$ahIYS(X~j%)ho++ZO*I|Zs?AnIrKO0 zzAdGk-9!2p&}^jK{+7FyxYEbdPNHK_&kHFe<#{(Vewe{?zy$K^eGA_eGnT z!)*%h9yG?`-f#V|oVd-XY#quPsz!&pntjkxFY11hzdZQwV_xI;WPeec^z~6Ar1rjO zx$TI%3JpU2kn}@aX;_52+TORf%h>&%BZ8)N8tz@>Q?9N<7R23^%Dq2mZh`B!&YJ{p zCR*=s7h8Mhoxq&_iP(ucqRMQ*=~<7qkn-?cUGF*es5;i(3A8&7cMj=4Kp!Ht_bDY5A4?;0M}H4zno#B=!@))#rfk z;O#`ak=lE>EA7+{~7H=>W3RGw|~7VCW;oJ`6$i?y>U}AjGz6JJMDUaazoRCrm@5QmGt{i zg_D!q(Uuz`t|RJ?dLua}v59pIu`_#kO8YP)Xu@zqwxA6s{otyl%)?yO-X|^hCF16y zWoQxVNTybdrKDbjtbcX96Ml*HLdV`!r2i7_K+2tIxu@1=A0q07x}u)+7ZYgL#ojMd z=66CfgXT4dJCyX}(ECWaG=UO)ts5`~K(o*c(Qd}64`e3Jx6HE7Z|dLJoS^alk-Tr; zlm3iT*uRF9yT@{Coys#98jl`CSzC>Xu$e>7Uzlt2pF=S*_65P!@xxZq|BQA?K8%$9 zxPg6s6QlnoUP7tUymFTMdyhKq3&HIL*PlpDKScUtP(7sF(=E3HaeYt(4MEKrKkVw} z-M5am{7QTF5ax&93z`vdH9SE2vFI@*UtjEP<9(Ppm$;=!&)!RPWKqyecE0a7e-uGU=lr^H8P%1Y8wExKG>9~5| zV{jWe+`F-(Lc2^eGL5}Ivfws~cnPCV%_xu?S`su}9PSZ(&ods%GH0VydynO_`qmG- zS63{M8(A7O!yIlS^5vjBl*(;J+{H*jXRZbLA+#)LW;op5txNsueY;*hv)uDt#o-Kc z>? zz9^h(e<$y6N%=1ZHvqS|_1AnHG*>(Jm6ZSdaL1N_ePK9r9s5eke-XIfmVkXRIEU^_ z-rth)UmWgPaEp6?{VN$yIQEs4|3Yww!PWJJCz+2B?YPa`_Ttu$5j>luw(~O^d85w= zoEIJYO3HsxxSy7QeQ`LyI`);6|I8;re%H420kwZMkNv0rCNWPgAq3}KI3?YGgyHsc z>?^4KE6BbmoQECzO3HsRxNpL(;km(_$Rb*cXTUYzf%s|1@Y8JNA`S`3%9`4mV`W z=ZK!1(M9qu9|>;z*f~x8evkDk2~jvzGfV#d#^46wh7$i3)`@BJK9fiBbvDfVn(>+((uVvoj3#Mz2)ZRGU-yM5P%D-k! z(9|qd`hfcH81HFH?Z3k^$3_UjX%45P+n+Gp{v}{v6wX-3zLN4^4DMTSn7Hm1ip9Z>!5kXv9F}s!7$u4 z4!5N0Qv~jxa7(%!jKi&SNb$>2XhYCk2&bgWQ5fz`4)QVzX_UC;U38NWDIM-sn6Lh?YJxgr!$gkd=5(31CG1ny~Y)xLt}$pEr(&ZUlhCFQ?3 z+`Hjw`}h{)=_hJunuT0t+CKhg%6EEQtuIa{ex)Nl!$*b`wZdgyujI{?=d;kT+CIu z?JT!a>k6iyGN@hiPg_E z=d(9a?wy=35&wp^1iEcZ*|{)Z&Udx&Mfdy|t;WpA&caCQGn zY&++T;7a}ag-4jujX2wYPD9FFl^_}41H?^6^U!N(2vvRw=T;)TpkXTZ%KTjSJG|e& z^6z9^3s-~eOP9I%ugE7)N>VRA$p*2Hr2|H>CEKrkoRe-5Xai z_oF%JdGsW|U2r>xtmHiut8KqL8UGHHjJud;t>Deq`!H}h>AysAq}=+JTjmVjlZNV} z<59=&G zFT>S(d=|V`Xckg?n_GLMXR;?0%|o-1Ti?u7ubgRpi~PZU54chu=FnoDd=`7v(4$DX zVat8H3H1#fads6`3Dwz#-ww|-l{xPd=h>qX>(x_v&&PGJqM5m76I`hmewJwNBK^Z? zJW_67%iTv@^>f%?j_RUnXORD6+BAQL*~NX!CV#*0yn5j;lWQ7O{HK2(c%t-v|K5HO z{*A!xl!n^@d-T5bJ_v3c?(J~3Kf4rO6AsH<#Z~>laUu!6vBbTA7NfV(qCvbftt|U* z*+)OXwv+1L*de(l>Tp+(elyCJ z%r$YiI=&i2`aOQ1xtFWjtM9RzMBH>F;VrJ?_>yI%-GM7@j)W&U^d#?@i&e@sS(TFO zV~a>%CP*1V%Kg#WyNtL^s9Y{=RIRBol|O+|E7L^xc=monrN5W-{_45rB)HliHzEC{ zXc$s%HMxQKw_YCS2~jU}IgbItn> z_d(J>i(Wv=y})umC2k|iY)YHMb<7&}yHl5?9L!ANhL6oPKf)bj{ZNrSV(&3rm3yh> z<`Q=ylF*6kk`35;a{m3Dop*PSB zG-^BNNYC^95VQ7!(B2s%lu-rS(!%k#cFc#n%VC*p9G|qS} z$S~!rdgmXyVDGu4_vhuBA#kPrm2d=knxbcsavRdF5`6Eq?Prbj*dE14gX^yocg%&Z{wg z7-RdPlQ`RyC*QAKu2}_F+sXcT=R>=T}FEO9honqs*YT4JcS$WkZY<{N!oi7>CZwrNV!qV zy^^^8=q_{{5^fF7sEWNiQ@ExRNLGmeg`T=mwhhF_qKZGyIHQgQVtMJ}M?>pQ# zEcbij_Mk&saV`7PRLka9n?+#6a~F{9CoXcEdkk#fe(m;R#c1zvrV@*C#A8|#{DR>IYB z)bFJCwV{k6<$iCu!3#^9F!48{>ySH+3fTIlLu^-^Xj z@hj2&nTO=#UYEj+T$yWphb8^6fjmE|aMcg@lKv^Q6)Cr}<@Re!KY^mC?hoGYEFnmZhBo%ZxQs0mW;0Lwj}xQ<9dSFY}R zNaVXq(0)C7O|BW|aC?#d7Bm(q*KV=)eNWu4s9Fckx*~VHu-x7!2-_T7b6G&U9(Qn2dI2!0=4Nt7%Msp5Ns>l>ho%vly-hd0xBv zrc$QCrDcpX$8w*>a3%VHp4UQR3?Tw{3tVl-xYSb}l?^9k<-}A)1hSs5#h@ZYT zV;J|3nU`TY5BBa`*@!WJVXwI{*BoB8wDEg+O|4Fx<3WRv`eCm3neSKPGA^MFN0m_d z2FZDhAsnKU`?mBnuYWKDbImDmwVmli`g_nUq}-L3d)lR(=R*V0b#fiZIhGr}c6^<+ zSDsVK;K116T+`IyP9yzhRI786yVr7;61M{#eHriDLRq(QF4vcl@WTZAyHfkPxAU9= zSL^L%r0>iF?%KHrSCBDISn@DhCM{wi;NAzs1{{O$Gw;zJ4Q#|Yf_9Y3xOXP79wPXP!Zjmv%~r<`<>6ID zhdW$7pI^3GDN_|m=J?lJIAN39+19Bc2Zv6RNbECt}yOzEmwMT02IhGqH z?m8r4FxN1B_xzLjKWXeWQyI@W+&f4=0*yk-ZEm>}iJO8X%-|}1(C5=sKSbe0-!{zv#1YfPboFhgO&fq%#6xx=0`JW@p+UJJI^jz~c z+{%g6{Av#ATcInE`r%H?{cBq(a|`jK&@klguW4-C!~OmFj9l{-Ty4KYXJwiv$n!K( zE=Rc~_%0ojX`Uxu!e-`M-Eo5YSL<6G?(dEtULxND^sd95WVvTu$9o)5H*^V#p2<6n zkhF{0c6_gX2)~wV>Q+zs;cC(kLU$pxca`IZ$BBOqrTQUcx$1}T>(pboWfR|y?wzv+ zGs*Y5!~N27ZIZ<0W6mR_d!NZP>O4b!6NP&o+*JQAaJb(cgn!MfT+`LzN;~;J%;gSu zyX8td`33Rcpi?Pd?tN=({h;?P4EHvNyOlh<(INek{{7u@FC%Usx*rWiGS6T61n<5r zvEv%y%6wbsja>5xTt7bHQQJIA`q$AMr1$Nvgh!3<@at(i&<*Gsv}g$L={kfylJd}n z_E&zN=BPUMdHStf^BY_ZGH%@bT&8(|d}5}IKZbEV&~amPF@_L@d;H;EIg@#m(eNgr zsYva8)l2I8lDNI-i2jW4Q1jl*Gu7pN*36T3q`t|zgpBv4KMXI(HJ8KHp!U`!pV~W% z4~uGV3~mIjlrvuGU>d+X7qvxd?|kn+>Kj1Z?dV}N9DPY+wVSp_{5uePHXaBFyF5+zenoN zFjBUq?NNK9OLEOVhZ`sTPP7XtccbN&y@4?pl5i5&@JA!x72* z){yi$C=cm#dJrYkI)Z_Fy4tK0$G$_I)jm<$IUA zk#P^Ijk@1aG2ibC&VnWOX}yhpl50jf_GOc2eD_i&hpXPF?%Y>G=EcNyL((@kppTRg zT9s>Nrpe#e$$v)y`QzmO+{u3@`9`9*k^1Lw??06lxT%V{35`P1b}p~Qb0lB7{OT+d z`z+UNhok*m>iY(yK6_>upS*8iWlZSCe9qM!r-^SQ=yP^>ZLXrI{ewMf{(rOEmvE@vv<#b^S69_f&`b+SR3aCkFSN2e?$O*!dx!OIXRZOYMJ- zPm~*4$M_Gf`k`^}OcOvM_Fkv;lJuW(xU;Q)Cvb!My`E_f<-1lw!o7g< zVEb&}Y(9GzNm$8M>RuPxHLoP>+t-@>>fhM?5VwrI3BvP8p^NH(#bo?OEQSx^ozm7vL=ko_SlYSLf`A=L# zeu|a^-+;NL%=N@en9aUmcbuo+S--FUt6bh!nk-L)$#)kT;c%I2 zLn|e?15RL`tUB{Hw*2e3DGv7)xc)>|W2TU29$JXh-kRQLzR!u&vLV;}<#5ZArv|Etlq-)61mDTTorxqg<2tYv^C0a#d({uZmG_86 z;<@JNqmuTvCVdZd7g8?ES`vJlh&$wF=5J9Q)MqR8n)koSdp%d%_E)&FuO+f6*Ytv` z_pJ@-JE6`^rxcJk#g%;ZfoMYAqfMxHt)ec5yp=@-$~xL*;jb& zVeE%obG5@ALi)SW{Ybfq_vPV-X~fM&tI={)hcEIa>-S6Gji`22U0HCB={;1p&p_$(W$5ob*&CBtCHunsO8GMZhcAp6VI1$ZJT9sNq;_Sg_QfD z<=#%*C?w%MuGNMxHemg*$&#cWu9I~@8q)BtTvNJc^1dx2{c5xhDfef~-A>$YB*AwJ z?M_Sj=FXnIS}$I=_1OHDYwA1PN~Av$)k4bMYq@6-*Az+U$hC1#o>Th&3wL*}X$4pP z+lBO3qid0J5B0h(Uxc_(NWxQGpX*0CzBWHs{TtbnYwmy^EAv!*ahP zF7sBt3pxTtS2CaT9AnZGnfIeT%VKDv?T*=-Yv#b!ApK)K@-#q#lYZzZ{y5P7F(k$i z!f=0e{E!Xr9MlY{y(d|FuOzN7x*Oe!8k|l!{hU6Mf;cm!ocaIGH5b)Nw!aUMegb+D zDOcx-YMxNR%p!gfT7cxaRqJuga@7wpxKBCU4@tisZA8jF)7o3>qteEATNUF+HITdy za92lf{4vVT8!9)xk9k?RS{_az{h26;l-tg7FDCAC)DQJS*{s!$qiuh)7VFE7AEX{f zO`h4|*gKH)_o9(Vxg9O{RpQ=7-=H-}>|L^*az=fNr})8?%Hv(eNqfI1{T@{M_9XXO z%RPm-5NeMu;5UV2KBw&&Uiq!|v{#q4{6@3#OiPE`jXeF)V5IgAvD_$ebJ5r66Et8Q z^YK-^dH$V_AL>)iBECFxy~F*E^gGdRq}<__Tk#H_u~1{w0EvIqUbEc0e`;^6Y@QkK za08@ofv!Z#9c{UDiF+UIK;I#;H@e#M!+cvFlp8OfXJ$HF-%#GUimD^!zHGU7u>Yw( z@e-PF4TO^Kt=9HTpNIVw^UNm8T}%29={upWNVze~UCf@N8;FmfTam0&-Cmb5E$w<` z{2=Rf$_-V@Gc}L>XZtXMe1enq;eGx%(DuRp)&hHm^33IM{V*hqf;S#Lj?`XTXME2S z_bQTb>*Pwt--LB4q&|@A6}0Oz{}isAXC8vf*GYu=D3`btiQn`H^yml8)fZek{wJN&I;z54rwrOuZ2Q zioH^PqgC@vZGV3Mwk1yor2f5!^hNcrsg`H9IsSd3N|w14=H*E3)%BHk`C*vl_Qzpn zknVi{Kc83C-Z0#&u$Lr>&>h}&XuZRw8{i@mGpC{&l5BKw17Uu<*U6)X2m z#w9cOe&HkX%xw<$WzsK0weC*Z`+((U-GlE@19T#K^MoX~!I~sj{2M-sdJI>euP>pz zPA1QDNc}L;a{J|$H8Y5pFoeI;jVJYaCyi5wg?sGr z$@|uuyw{@}9B#Jd-sW)c=kIjoLCcx{q&(9eZmPYb9qyS2VQ&QPy=l0QJKUUu;Kt#; zo`(CZ!wnq-H&mDLnd4ur7cV*7^DK8BaT-?ecR~J*!>w5-dEZu(em&ZNw7#{m-0y{j zBsBb)-`=Aymbp`}W$^x$`zGV4NIk}94p+;=K8M@Ua*I+P%*lCXR2uFf!;|)2b`abM z+;`z>IjaiqXmqT@z0z`Xh`SI;=*U(4kh&hP^&(O~&-@Kn+x458(-+pMV7fTmYc2Om zo;SzvxrE2K7SyiC;WjwopWL1fxBo$KLk+lZX}H%p+<^zdjlvy~hC9&V-f|FJb4s3> z1y}ov+u=QcMmyX)EZ1C|Wu7JeMfCkn_F4Lq{c*M(M`^ngh5J<+?yC-W_yKT3DcsPh zd8W*X|Frjghb!~M1Ybe+woT#2;hqXt%h~7fwxVqg_bJQWM_joPJU60a$9TWXtNUNV zmaF53@M)9>hg*X@Z4WPNj^(QD!>g8i5^<*^2|1FEiTBicq1+hUyB)6D8*;e1&#EAM z2c*~=%FZ({Iox|$qj>DDOw-Zfvc*<{ZwB$*ti2yp;#s}`d!ukyJKWyn8;tI8xT`Gp zb>dc_4QRAnwc*ZWQkEb(7^m?H%B7FFXKy zV<}w!8F{7?Tx}daBp+C%gD2f zdiA-(?Pj^#i2Dsm$oq)1!~SIZt78bA=L(;hXP$>kl0^86eAVu+Vsep|U!6xR_W<() zC=WG4&AanELDzcqtp=OCgf07~rCp7m!?+r5w&h+!`uos4q};LA-hrc-<3cZ?$tdeb z+KBBQw~ysc-pp@Wzzyf+nLiwRH94Zp9IndMdAW}CZ|yDjO0La$<{s86|M*PTonlS%OdGgb z9(t4h4s;h%?iy?FG~!}N!pB?(UJV!jy7L6uZ~B|%G4@Mx*N}c2`Uxpl_p#M~h4o!Tp(w5)-rU zzG?59`XRy(=F~npX>V`R4?!c5a!>HKV)(u%uKL65-$$pQ=LRvqew)XQJN72#VcPQC z0$0bAElA%QwMEK3$8tAUEM=}G{&sW|a>wffZGF@6q-mFDUWBXt{BY85XF8>pQKz+8>AEe&TSaljk)w*Wq4dxgQX>3Vn?}M=sZVsQ5B^2uCVqVOWesw!Z8%;CbhkN zQd)=Qs(y&TE!!Yj&Ki=h3CcmrU2C~5iMs@KMQ<~i@3xbbt$($?nQnRJY`AJ~PxACd z*CXX_u-upbD#Mv!&)yh+yZ23PR(nHmdpP#qNxt8wmofJ_+%1+nhPX+VTX{yAeD*3= z?Tx`5@7Vi1`Ie$jklOpBcWd^+N59^vpAN+HxlM<4w}H zo|be$@|ZuemzU>~^>(k^b)nl}wPU+S|c$I}+CiNvPDumzbxG=6Urjl^gDz zXU;q&Ssn(F?>=-tQf@EH{g}A*=r^G|s4wk~!@Yy_52A@kx%XP`GU7f%f1;mJ<6gXLm%d1R zP_w${WA$&iU!EyIovNScP(+>Aqj(?WR8ONOrHz2oDJ#X&G*IOu5h?NlJBw(rOY0O zyWVpDCa&D$9`{JD>7KKME9+$O8}iI+>;uvE>^RcjcX*bm$5n7Lj{4eiFQ1iZ&bHhT z*L3#keT&}6JPh{w<;xK+ApK>iD^l)O%bi5r93){8SK0TR`W!3mgN!Gm1M^J%(~|b) zzE{drc)PM$?r=+c-BiBktfr(Z$le&-jt+OF*n#2>x18lp<9AAbAzs2BuI@esy>IG= z$e=vam-?pVEMp=*xSiiDOgET>tqi1M$+Gn?n7!X)1nFP4&ur@;n`c2 zYqbvSH@YByJNbY1z5_gpYH$C{rf(_%sR@|?(vxg9owgg2&`W?&rEEy2Bq4-QEUXBM zSio|%1Ms93!!iUx3#G; z9tz-oI>-hh+z|qI4(t|zxS5PT*9Ghw{1%G}we4!EhwN8d*g)V?zr_xJORmHJ%xQ4P z3f#M3_kh6N2Fdp$>T#d^TFuASYb>l(6JCmkCp5SPmk|$EeLMj74h=5F!#)k})ISps z*IL+KAMx;}26yJ4iHGYf?0eu+x$`0Lp2Rr8aSd*f!2Jz&(gySeKw%(ld6uuMH(kJO zpWKKW1NRA_{vb*Za|P}K*sTCP2>Kg{w;!AbvGx-aNT$`^^_$&}`790YlW@NW^=i=^Bp8FA9g0-3@;z;65I6__J{`eC%Bh3;$1<6d%eKD3U+0n+d!*8ygp9F zVo=k5th*BX*Qwlb-e6&6=Eiu~1@|w44uA-Et-$>jb`79T4`5Fx$bSaP+4E?ZpgykF z#e?l83)`TU-j~-GHwxSW*j0d5g02Dabxct|sJKt-+LNv|XqRYkZ-@Iu zVg77AB;h_Pa626^upO}HCIz}SJ?P6{+bwAK0hh|(r{V9b-jVDT4ek>H_blupA4Ho4 z)E1;Ie{CY2QTc1X72`%Jjq#fh%Gg^Ghzt0m@V+2$m4FKNRGD|bP#<0=aK`|b!aERn z1)ypT?yCa#AFz8L^cg7XpGdoCM}3C%1RV3Qh+pal*lx%Cn6&!L|G#|B!>ETexW|0pUh@CTf%}yv9=ZeX3A9VHG`Rl~ zxYyxqp9!#^2KqHW$Sb_R=<xJ zsMeK}_B$+WvIchp{Oo)_ifz&0Mg=NKAm|_XFU@CQ&&|-7mh+o@C*})%;O^1jcK#E% zPT;5R3-y7b`qn}yBR;64FAyFo932zR)^<>}#l*nb8(i29QE z-&Q88|qV=*YNWr=sbvU#|zv64`W{jr~-7$jVdnfH!jfQ-fLk8HMn)~ zvmCSrM7V_lcQfps1icLU>_bUi|2s|%?@nF)W?hf@q4dV@b_jkx1^o*|xbp>Wk4Nym zKn0+BYk(3Dn+B=zTdNQ6{T7y@!7YTJIiN)#!o61D-T}LfpnrfUyv6xycu(uYyTQWR zY1S3Lfb#z(_;Z2?_eO!+2V-WR;yyRWAX`emcHqv@gqPCq8yehO1a3>|_ikN0um{k7 z(BL)zFK`pq`GP3Ce;2r`VD}j46;QE=Us^{R{GqOWh5?$7H0`L*;pYVC2N2;tDsbO= zJ&K)!J$n@K3tbxz>vZ|T1zbr}Ul48({1Wc=%fNN$aIFtv{h1~n2=@vN?h}`RyHkhj z0PZ;-xLq~4PhSSEQ-{kQwy?pP_)P|0KTx&?_XUAF0d})Nb3ro3b$C704Q)!^u0Ev0 zbpSUZqcOh`ZjA(C_wvyHbPu`eopr*5SHZa=qeGseMzD=Vc5$`ZJ*0o@LweDSToJp?-! z$gl-tpOC+lAw6Jzi1)ikiE%{gcU!kw*!7xu5vq?n!!O}7b!5kDeCJa2u?@JT2rsoC zx&V*QoA%P+V#^;lL3iOijSSdxlZ*OITOaG&zigX@ZPeiA!rv&+6b){qz`YfAkAPkT zJq6;pbPnoaT{-F4Zebs4a1X$J2OK2w9wfy>jKDR){$tp4vlZ=XZM&~Ycz0NECU0Xr z9D~0fKxZ_#Sc=O{&`zB56|oilLeT5bdH?{B;LWc(F}L z!R?Cmj}PKLH=lpl^8b-LfIAnsG!F9<+FieZ5;V9=6eN)lywRX>8r)R^cP{L%0daE&y|&1TBZ11H{d4?&btz_8!=S zf_-X~&S+fDy4%7QYjF3%eb{!i&p?EGK|x|cH$8^-3aH=XD1Sg_u@EWqh#&iQj34{= zKh*sJ92ZkjOn%G4wrb+xIk?{k+7BXJY@OpKsQdw}i-5hacIq#>{N@Dimm1s#vw)^es|D^U*qsM)(+!iX+V%s*1H~_U+rrxRZ~ShAEB&J}ysQ2Mt`)eWHMpU`y8;xi z!9~}Wo1js!n+{q8nghCfEauTCsr64Ahj;%%e%HcQYH+WI`+GqI)jzkUy}n;~L!W;r9L^`;+zi}Wjt^2~$# zp@l^ZX!_mK;E!;TL=@aVk{)cpwfexdXmD{0JlbiI~;fmS74k$gNxyI1$Q>= zYCzmvz}$p3J?PV~d<5+s;8OW}9sF$t9RN{0WC`5sc4418=ta;!Ku=?AvW-nm508oO zM&+;VQ**6xP z7t>gtMLvzP5OgJo!rN8McMpW!FwjI$X)fwcO}{%;N<#irRP)p%0(1q6t+-EhoJiHq~ zk7#hQBuv4j@b1DreRxeGUr=~$-(frzxRj5dgP+$xZ)kAMA|4js7|Bk+o|{vUA7ftR zjcheNP&|0rso!Iq%cA05k8;XA6TUeuoR(IbQ{`Ua;q8AS7>>*f0j6t&gvd zQO{Fg|3*6%xMZk4&VxVx`h2_^%Xu!lKBoPUHsIQTi(xj!3A)NUngF8oAnpZS4ZFKR zFMyr|U4uF(CXt^xiLh$oS}Z*cE~7pk*MAyHns+>u|09R@QEC<9E9m?$?7J0ue5%GH!yNhuu4%e}X!9Qp?}` zqw4sMU5D!ku(B)-?pN?r4+?vs5%(E^J05m7fnEkZ4LX6d1vfSLv1;@Ks&(y2yV1&) zX>ci>9fm&&?@I#rkEAm>)XH84t|vVJ?|aZm4KAt{Zi0+2qHhf1CJA!WQk?OZiuH1u zbxc%Fy27pOd*I57Yjyv82K@8~QFvvf8<;<|f8G&cW!-XATqH-OoE#3!aT;87(G*hXUYvf*HpVsSKEHz^^gO&qtQOo<1WzPW@>PI@=iF+Y>f2`lbf!)qJ98t zh5Y6tyh}B>12wo~@jl#KD!ew}-lPfdAe@tYJup{laB~DMKTB~s?sLP>Q*J4|PT=;= zZH$MR9sJnAP7&-@4X%izpryF?ci3+SJq+UGh||;5^2{OfF}2U^(N?y~2ktHnE}hfR z67EhNuC=w5y#ie7U+e+i>!3F^xP6s3XF-Qy_a*2Q=vz?nm5uu(oC5dBuQBe!qpFRS z#bQAb<>TMrp6x+iV+JL_F~DUT(SL0`5pncqtwp)8L|6&W%!@U2eH!ZEs~SAiR`*15gb1 z#Tgt=X>c4R?opjC+2Eb_p*hZNP2tf&0&xU{88LF~E&Fx~%H#Qn+^D<_z_& zhjt^Zdo|%5qGGk!UXMaL)7C@I4yfmWONQ4&9{@8nI>^(1LK6U~3d*IS{a3>4gKXRUpE5^#ghBdYyq?gcE z2bn>XkM{}O`(XDh=oIK*pzizS+U9jj2DxnwKL1um6mQF}3l23M0-SSjilfb2ZfTM?%O#m*LWpKX&v<8GIQR+9mE;oidVfPZq z>s;a9R#pZ7QK}oJKhKxfkLv5H=lL$hnZDetfb`W4dl5n5<%HAQ4uU~^0DCe<&F`>P_&#|TOvc6XQ?^xsaxvIqAbv`b|1IiaAJ? zZWchcH12N&Za#1+op!y|pH&X=V>KXccsZ^K_xgjl*^T_^3)gerHE?gx;J%6P`Vr_D zNRN9Oc5YCh6a4|3H?CErC&G0mSlMpi$_RrK5!niU=7aWvIPOurb}vYnptUb!+yZ2L z1@}NQ%9ftktY$~rux|I>HzsFUS^dbybUG653qX@WJSI7AB_!g(a24!IL3Hjaf0!Nq z`;Kb#&;KWtVcd7V#y^S*rTo8~|49{R?=u&0XJ~NwzOx0utkvKS<^e#sR>1BKkT(C= z`dQiS@GrvwpFg}8_s@WOyxJIFR6p0luJdb{?*&zZet8)GTeKAU2=R4D6JNZ1bLCmt zUQM`od_4z0FM=q(u7kVg;>$Y3%6`%K=kYadnIGGy@sFXqKOA2U;PxKf_#JqBy$a0z z8eCCd`iw7msFm3?{tv_72~exo)pN*sItWF$VEo^Mog36;KgKLV(4M(~c0THug7=ZW zCRh<~jrHI-xS0W}08u(kRB?iW+6J)OVebIl2hx^XZ7`n6`;b&lI|{6<>zKxJ;0c81 zDy;W^OoJ=(vRA#b7w&xJS1PBSz^%~W@^;(}!TzkGF47ZT8c$Gzt#aPpY6;f`+|3$X zC(6Mm5Z323;gv-^5bi$Qdll}qxcRzzMV^TME^w*b+7Ca6K;LR`y9wO32hdIc4Fsiu zP9VWk|M4@;Je|_cm}F&f*f0?+0>kGt4s{P=gNoJYe zV!RndxQo?i1|`5Q3&hQ23>N#EU*C*J@%oSzTG@}lrFwP<{4E3B4+29-z?b81!>>kQD$YQ z;Ge$p65M|R^eKqKwOjQcRQL|U3)%*H1hf@-z30Ex_w9-QKIGqhn}|nwo|VOnYmCPa z;r??_J&16Tl(`8?dl%z9 zUtDTQaY-39Ii*qII?zCZ;a7y3Ca(a*8%Xw2VA`LoQ*RsfgGa=5<< zbQcIkt&*;}gz7r5fi~6}NCZq-SwS zUCF#&A;#j8YOTA%%=t+rm30dj&0bg=QkR^VnrIFwPwtnxbn@_FQ^tEL-jL$d ziF0Zu=hjRunL2M$MrF~E$s@+*3?4sf?6hIy$_6%poL5p*TV6H4aA8t)VNGpCQAPE< zlB7CwNS!&+lxX7cL&|Cv^cg*S(S(H~77w4hIHfdiPF8tFT3v3wDX%7N#Ilm=5vHVJ zV}{k4n!*=X%r7c0tXw#EY0{$F(%Dt>d9d;0xOJ1#7bj#vTaYp=eOy`9f|9D_l)-b&qwA6? z2QO?A;IgWsqNPb?RS9zzR#k@7nG%yt>c`8eS&}n<+=8jObL*0qWy~9!F?n{mdDxh& zltoo_6Ni=6fBoRC$THL`5k(DaeD z<3^VDnY(zwlxg!ujTvtql5R@Q%q=Til$P2gq!pD#Rh0|NYmfvBXCp1luUfRQq_#$l zT!FuMOrIsGVWe(Lg*;#>}zo@dPAb&z_<;d|>3)70LCyksqs?I!QQgQ0+(PPWU zl;qFJ%9&G^J3Dh?(^R~$x->ZjpKf+dA&=b*HMNy5T`;+FYHjkgaTCgi7Z;CBn>)CA zPDW1QYTEwFRh)Fo|`kKa@wSdVI||L7iMNu z`@*U%S)vVCT1I|yUcu5aBWo88pEEdh!uaCkw2Bc+7M0J*99oo`oIW)pb6CoPveD(~ zl!>$fTT)U}Q&pn`4#_6LY%-fo>87mY)YMdSRziAONqSmpa>i_vxs)fWLi}c(+gX=0sB+W@LF`La3 zCuc4+FDRH$lCpT{;M%$>)9Bfg#tls>N}HQGK2P^RUX~@+rG(U_@Z6x}u_cq{CkFa3)fLqa&q^LSA*;N6%>4P2$5u^VWSUYib;N{>9Ha)N!VXC&TsWVnDI{TG zp$OEwB?C*Al#nIr=IV-hB{c)fipXkSvFfi&!a_M=vD`)2=L{V?D{oBp;8A(G15Lti z=-BM>Il~4P&M!_+^;nIaFmQ22WpUNwg&wQy(YfiV1M8B7MP1RtfoK~vUL~Tetyox5 zRXMQOT$)^1l2trA!)z`rN}p}YFqw;sGfFcHQIr&$&9E-cEHW2s{MJ^?FByohpORoo zO-N2IFq!+A()*dyr)k{awJS<1N{R=T7S3B(VmxQgNxreYT*Fojj>>NP@y}kZn#PNC z*E;25u#n@0oG0W8A@3B@A>>XW_Xzo(kY5P-vyf58RQ%pTrVBYl$eBV`3VExL8-#pJ zNT-m8g*+kTc_EF*)#vmSa8JL+#AeLEf0icixp` z)%;pXB#=fK2J-4tFa6H@(cQcHcF%je{F(e&DLF#ssnVP-u5;nQZIX3^!hgh(= z!u_Qpd%AmaX>B*59hY*uR7D=z}@x+<@Wh8%avt=)~$=TD*m?iRir&=SCDf3 zXdeal=cF?@2@UIcpAa=(|{OOdT{kDE5CQ2K<5 z`g1^U?q7^?dZd^mXJ3oXXAcBjao;K~Vc>{KrB>wv>q*3YlH^W*&7Z*ybu=g({^CYY z^|ohxCQ^4T`mTzt+a2X4m*dI=$^ylMt^*Zu| zXAkE97UXQ@RQvwd8-o1nrLX-4Norp#0HX?gP(XCtw>mH=W z>rNv(VP$NmYrqv#j(JubFiq~AozCFSg-&j|-?39iiFNK62d}?QTGknOgAkQ`Y^#^&b10>c1MAt6({Y~q?Zz7g$nflJ;i??7*NYx`i zb+>2<}Mk)PJ-gTJY0jIchs0CM^zx|c%68q=&FTuHyBKk#0 z%o=eOxN73?uFKhj^u~@`H(^ENrv2cG!Lx^Ip8q)faU$P%Hgry^Ii2)V65c4O9-Ny) z7f)T3SOc=TdTooZikH~#ZU?)m*Dpm$>|GG$`fq+h{sR$SX!~%UQyL;0gpCxzPJ!tD zdcWsUKJSg&i!{oO{#qYi{r!4uZgPVNZwAaDPa%WjHXUhY$Qs=ekqCs_~#KGZr%`_49@1UwWzN?V}4Rs ziSJd^8Vr}RtJxs%IOg=rW+$~bq1P6c^-~(t=oR%fo6s=ycJRI72ju>MOrJ7*R}>A+qN$kxx(We z|8q1CIjOQ;HF!tCC$>3%z*(0tPMN&|uFW}HtX?o+!;x}Z8B z|2V;uU35o^c#ndvsmtLgIbafM%c%itz;6p!3*NfEUA^Wjg-R?9#BH)5EkY;!Lvtkd zBZ%KW4f(6k>AnewMIe5^3X+os9SbdR9tnusr9%!CI{9bY)3>91-aZ;UfBRJM>Dy<4 zdrU}vh{Ps_6oHq9EC+XOb&I-2af1|-h&AclhY2!M=pO&!s2@SfeaI}K(|s#a)I<=! zKN)hC(CNMn@lhkOMJGiyEELvi%Kpe9*vq$gSed=l9Tqn1GUG`qJQ9qz zh+F|qCIqFn#ALRLm9Pjo5_fuvp04WRbG(m>-Ve{-`EQBs;)On$4xN$O$o1=(eZI`oGU9W4D21SIC5#Efj!c06Y}>QxeES!b?x1i-yiEYt5sBlt<}@*3Id;L zS0e8WE>3p12fTOMeb&wI&tewY6=#(TkCvH(*_pj9lhJdLjd*gBJWEEcW@09ePe!YAJ8N69J4rau z-)B8qzHc9`-q-hc>3Mpo$9ILdjBoAieV_0M$B}3yD@Bq$S<1QI{`L2*y7wc0PKAb2ImZgV_4`ZIER`*FI0LSEEO>7R3GE3Ash++aPxfUGGPG?Ff^h(Gop||AUfm&t@i2L6Tc~t1Ur*%T;E%~>HN$g1w z_wR)KS?K2>-9m5CKia!@h&Jzf$PGf@2Kj{0Tk_97me?(ys?Wb4@zm z*vvLDKC=Uo#%gv#-zDr@^53-o8s+YQnlawp9X#7TM5!g4M@T@w(azQc1h&5>I!bOO zORQaDz3GIZs3F|Fot3ytF5%xAk&93|BVGf4ro*%NVlQ-fW_$g*-P@nX%IO!k@7dmR z`Z4_^vEd-@Dj%{!=+%%n3%&W!W4S16FVBzbB*!4+adMX2kr@*G(FzDj3_~j*CQ(*e z0nH;cZ6B!ZC*Q4v=5c5|pIkU&MExS_8M1Fq>itvu!#Tyfp1xfF^!z{TpXw(HM|00@ z`Rg|4tI>X^BVt64PJwJ=`?VJy#Trms*h?E`o(f_QjIwY3+o~WId%=I0`8j>;H2Nn^ z?}FM#&9y`H{%GZ4thjL{Ik-$o@j#N=7xv%1+evyj-hP+yTZNy4w^iHn_J|R)R=v;y z;i*t*h45xhi>Ar@7pUn*7VXd$J>#a{zdb?qZ@==-r9bi~NBlYe6mESxxViVBcqd8U zU0yz^IWJ!JLg(Y$S2Z|BWk(RU|F z-``p=xmiET4gZzsAK&DkgmFWA%xbjw`ou1Y9nD+`?gaFuH$RA8a$-Xg&4x6=ddPI% zg!wX)8~k*#I~k)u<_0rDkuo_2eSLQo>fZ(Kjm_4=uS;)BerV{fj=LxJ=D4+S61z9< zLGZ0{Pk`@V+7|H1z}jX7ed!ticyTpeYD0;x(>W>b}u<+L#Luf}fjz9%B{fKLPh`wBskd^mSdq zOJ5pAxpXU_k2A^H*J*NYduQuAArcQ z(WA{})|eqI|J9+aTkUZBJ?%%zd-jg%Ik$4mIl~qCP5n07P`)D@YZo>DTl=Weafx;a zm0uK3p7bxq8RRdg6SPm+Dy zD5ySVbN;Cwa{Vyer$4f6&c9Q9H~UuK{!#cS23a-PtefFQ4|$4H(6-wiWyAg)(K)(YJYnRBIZqXTe6y&i=T)~I*!X9kC& z&O^Tt#NY7Y0-k;({ z@1J2V-k=aR1VP4uIF=pKE%eh8^vK3JbT14|X%}%m66IX0^R3StSex^4=R;Zi`L58r zo$qnpkM%s?%U3CAKmrLs<;5j81}Fjkev0JR0S15E_YV+;TWO5}q4j458J?g`!M{%g z;OkAnKf`pF{csIwf(+yBYfiolue~| z4j}M{0=@@774QpqY<)WB2Q%vjfDfv-;!jYs>vOxY03tskqMJ!G#*`y~TAAiW9x zmh=wzPtqB1d)!T^GuOra9o!MO1^lVFS5cRqi8}+msiE?R?ooN`DTk>1i=ErlGi>-+ zwbpq0U&0@ioKqmQ85&b!FyDV@X22LEUwdive%dYwj5E9Wce;f_3!Tq zKaEq1a64WYLyz#1^d2OwqW+-r-!+bp3?pBdRO#gz7fr%1{5xqJU(|!mwTJcLr~VIX zr@k-sXY5OA^p94qFW0{{b>V;H-)AdUM=#d#bJ+l5LAZywv`W~4*T4FbX z`14mot^x7)zXkF(VZRn~qtG9O+$MDXd^Q*DR1o){4>?unS3wpEy$Eu#(65DDD|GIC zZ^+S*4s1~9gA>C{Z%N^%NW6cnDGoflAs3?n26vD< zfX#Ln3I7#r4#J)!4L5X@$_*P0Y3xbE8NY04lK&Kc1DhRtPi!jN6uULnpCxpDyYmBV zfjlh!C>tJsP2Ut+Ql*50@{bxSSW*5F^&jPXO2@A4-u*eff66!HkMcj&pEmbc<+;T4 z{yopvc#CexvdjCzHFUG;0SE%_~-sZiOQ{T3v=g{~!m7flace&7P_{DQP;h^`R zdSsIK^P7a9`rqVFd{UT7PJo2>PMEEHj)Q@)cQ|nJ>ig!KQB>w3Asl2A}(0KG@?{?)!D`U5pTfe&4_nlb132y@XsQ? z1aH|SU~Y3pz}^7XW^hDc`zYBM+)BOz<#W5lj+h_pm)Jj1V%EeM(`S;&o1Q|kt0)qXFLG)>we+k?n zNBaEh65~&l{v4wJC%-jO!L#pDWsBgrN$H!umsMXsrK{v4 z?wSiX-6!{d6ra+=UxiQM`m6BiyZu%8^j-cceEMF06+We>zY3qG6aOmwOU)0`bLl%# zey~mw^J zs{dOA$4xyxwHqnigku%+(XJ69{>1bDC_YP8{ktAeCACke-9qt1-{DgD`tRFh{Db00 zHx43Kdbfj`dyXET%6W<(s;{Vh#>D);t=_wx+Z=wA_}7KkF6uM-uJkkz&d+<{OH?%p7yj@*Ff!K$Lqew6Ls)S+YcgsJnehY&Zc(1 zGeM-UnZD=E2;UYfu@VrEr!vTLq0fQ5UFho|?-2T3koOAR0l7`+gr}EQj5Xwl@rJuF z*FG6`m#(i5zabnm=i&E&-xt0M{HgF4 z!Cwk@hWoLX!}mjf3!@kT>`?e&=pTiD9FBk83;z=OH{qwie-8fzyjc?#hE2e49f){62|xDjtCnKJ~3<(_>{0|;I^ie2>RI5O>4( zQ_lh^nE1Z&pqB7^0-N@eYxm!1*Sb1^{iVRS0eiW??*iIWR`}h!`ha zi1=P6;+*dt=JC$w?BXvY{$KtGyO}|}9I1!A;;5>pL5>xA739rA-v;@r&`+Pl-W*U% z@dH@J=*u4}Z#?CYt~{ms*D>c$mjCH$`9k%ir=Lvy4l0j&wTy2MyA`?P_ONx}cZO{R z-yZf9_%mV8gYOA@4Savt8{lt+y$gOM>?80m!dzhnb}Z~G=--5$0{sP9$}B-E3FL(4ZMamD0}~Z4mlHo-C`j>8GmEvLM;(P z4F7EBkY5jeNZu!7G<)lXi?2+i^JnhEVvPUv9`BN!7NIlRvtz{|?RJQ#_LYwvCWp8r}b+_yYwB`6uZGuDQ^M zo7$h$j-&P_=mMYdzC8fv8tqYBR$vCuG55BtLno~^U?b9 zO+RmK74wI#TYR^(a@lKa3fqD`RW|H?@6VQE1;$-0135ZHdKq+-S+JkH4?6|@XLg)j zz>#j|)m)^c-sEJ5J^)PHn@iisa|xa$|K5R-}Dp zjv{UMsZzP{!3dY0L*b|PJ++r9UD9`__pyC&tq;^jt0wr=f28tLl$T75_u55yY7^_X zt)slhdmE8etqJ}l_50F$(0CiAclz%1z3t;#E~2d`OI1DyB@ZO z+<XSo zFq4ySPsUwyXER#(=Ic1$cFi`}JoX4$Y&(zc2Y>r$J-EZY7q$5-?gQX&xetPW;64ie zsrxf&~Z?X*Eutd z&yZLsP&f|XDcxP@Jt6xEeE{S@p<5tF3q2olhS2Sh=Y`&g4GsOjK+y*bh71vUC}g_O z`#}x>@j7uJq($gf$e|z}wtUE`Lf7I;p?;xQArKk{9vK=1-a51=c<)dXxH&WhJS~); zd@&$27kp^wFz}I~qroR)RvYJ0gw6n;6fxsPrd;`Q?+}jaz z*mIGNu{w@PFebwCW&>IAKqc=XO$v7aDKVqJgiE%im7#Ffx zMfpMHlW13a%D+ZvMWgzco`2cnKcal2a>RAmcRipFKb31#zgq{Z;dTDWdj3-QvKVjs zv-tY>q40a^M=?K1@k{YR^S?CTYis2@e)RaVO^pv%w(dKMa+~S_dJffZwq)PqWqN$_ zNA)1pBl`F9qyy@Yb@rY&revhYr}hUuM~_d>^~9Ixk2t>bjZgI#&o|uIN9*E6gwIni zQa_UR5q+wz8?z7ay?#s|ehRO?-J^dmn%}1IxVm26_oem^y}y;>m)Z*=-`YgFqIQZS z-S>F6K7M53k8tUEghTH~?MV5Bp-Q}3`>9g7(6Hv>htdm;Kif0a??UlL-=F5q*-Gzr z#EQ@xP@=91T?2l5=sNH_L;nW8KJ-5D4WSQ&8rXxOkA(WOO`%)Cw}ozp{XasV2j3g| z3i$reH^AQteHZ)?Rv-njZ$i&QSIx6HZLovkeSwbIow0j4#rlTB%;qc@r!0KZ^r0KdW!w)yvfgWJB@){a$g|9ty=c4qr8+p!jaTbMf;HA-6_^#Q2F6Wx704%?A>0Z@n-rY6z}Ap%2E5DEa&L^ zQvM=*O7FD(l)k5x!Y|S(rDIpUnt$zQz4I}Z&-7g=|I>5mJ*ZqGJbE6LZ+!8({~o1(!l(Dq<5GC&xwg3RYE)wkHBjuM4}lB=`Qc7DWNTr61!P;Hw}(s118WNV>c0ohLI9U#+$o(b7c=oU!+HXJ7(a*ELZ=f+okpOdzoy?~X6I}OjF z4ed0%4DK?V0MGMV=9k9$#`1ZLC9(I%c4Zr4_d#DEFP9_OI(dVPav*+rJj$GI-(i2s zHGQw`i}GsoM(nh!-g0)!YIbhR^c_WhGj`0{p~jh-oSNg5em(h*+HImdp!7@i0i|Oq zXDHoLdbdBMmLImeyvvd1o=@cqg|*4}9fgPLRjO~rdO*+m5K+!CvHs7V+48s{g{R5$ z#q;Pr>HX}qo?C>2>KQ6G==~|49B+@MN3A+6S(5Jj*;S8Jdbq~^$oeB^?rJM-L?Mt6px#Nq2u0G!NrTzmn7ypiXMf#dA(v^4) zCZZa?~ZHU z=$}vTL+ukvfBN_Ggh!-TdcIxsJLvmZkNTc}V18BD>A1@OM$A)=44jD5l&S;Ag&Z@C z4=KP%*v^jpeC9(jAH+!PaEuH5c+9upKgRqL6U5HOoP+L+J%@U!KGqGcp5}f?K8@O` zwytIx& zzD2Ev?W=Y5aiBlGd0=2Dcz9q(@R&e35c@v@Ezq+AM}SWXtO8#U_!;;Yfo|~ppyfDQ z%MtuEcCzdaJ^=n<@G6{Z)!D$|w4GpzlfX<{CbeK7ET4!<$&Z>w6V18jCG1?rr(5 z>b1p(<7RWuZt=n5<{x=}llZ6dT(om2AJF&}#iw2DBcS-E??dU2(j|Q#tC+8Gb@JZ7 zaH)8p`&S5s<|ApH6aBwrw75^}pxTIQS|6qUOCq5`N_@?AKww}{P;hWah|w4t8Wt8F z9uW~485Py4RdjS~m^Lt1z_f*F2h$#=158JlPQt_p6Dv$-Vd8W~))`Gue5t+I44lDy zE$bh-H)3GqhPJbUhRD~+ne28sr0dm&P@KXU$0~X(>S18}d;F_MJo~Q4Dd;PE-P;SR zgnIoG{9>=JiQWCLOzf42Q?*R3u(#_9Qz!7w%C4qC7uz>{%F?m7$-ss+Olyc{(;H?& z4{;B4r?MH?=fr!Pmp0+TiKqM)=Vy7^@%sHZB3)6saES3YdmFV}b&?e0$yCo#{-$=A zEdr*Bt`GC^D^P`sMo%zTOcAhbQRHc>WGaKe- z?Q9)$u$|1w4lx%yjWjAtR>>yWC5PmcTo}B!8tewAf%)0-XXke8@3#kF0ca4QLhMEs zW)HK61GF{%gu1=GgS{i`1o$g4b<)$`8;?n2nRwJN`v^R4BD2}&D37Fw(n;m~=W5gn zu-Bij;5iHWw#M@n_*uq{XBhtl{e4~d;&D<7p9!*pU&UsE+i>=1Cw2{1wMgtC%#34= zANKd*pQaI`2DS@3{Q}rNb`){`JByM##I=%p$XKf;4+77YCxB0sXM(SbpM`!kyK+$v ziQV19-3NN&@5ek=VV*($%6;xc3Q#l0Md6T9OMf`1bJDrA~AVOJowF9)_`BNW6q99Hh0I9^+WTYQflHsZmZkCzH)!% z#yjXtPsCaZVys`}zK8*l_oIC2D0h}|ez1HkN}1c_V3ab(uDwvol=rAb$?|%SZ&1p7 z+v6nk8+!d6<;%ytJ_Wzfs|!k*Zizin$_!2nHtm;;rYMv$ZA=}(V@;NeUEXcikk-(d zWi;fVd>Ps>6=ls;4KttzyZgIS*j4UXZh!2oob44#3Nf{hibeRp6~$6i57okPqw3N+ zI8w2&-*c~eN>#tax2rV#h<=eVpO5G9l=;3eqwWDTCd)^7ME{i(Do9g!c zo36W!Kjh`ApKt66xn{)OW(!wT!Cv17vEEakJ?T8@L0uq8rtu~=(~&@sl<%^-y;-h zO;WFw3k}nMU(a(yJ5E1tMc>C0UXlLnxgs9LJPL)A>OFdI`ri8ZcOAb@6DsVlK8*A0 zK|I|}f}AY$HITOmeJ|ubq5lkdM(Ev-U~Mjl`<(`PmC$d8Tr2cfAYT>wZ;-zWy*JjX z_5pFfGa+XQ{Z7ccgsu%J#UG_VO7}Fc;aP7+^*!}RYDBsg>%u(i!$kVDiGCu@|I$1& z&67|%r*^gMoTCKGu}_thU;q2czi)5$?|NVj#UbTi${!Sel+Gw#=zSTLKO){JekmR( z-BEc&4_iFPNwiuxF{b}yxB$ir1Fk+6zP=4 z5kxw+QMn|-%|!U*^HY_0qxkx7Pk+>}qwspZuUMaAqxQO}SDa#A)G4k#{SMJ@q5cP* zH$d|X&8=&p{s_gtHBXIid3?+L6Mvd`5vdg?cPS>I8T-Iy>?K;rD{%Y-j-)lfUsI&I~G^6O_pYjEzPs+ER?;_G4rEeOyrSgLE87ouck=1%c;1Kdhsa+PP6{8rpT1p2?@!^Ua8o#4_pALxM`nQ% zFsDV8wq=*-KVtotABd;>0LU<*M?yvky)|S{q4$O~3Ed2tBJ?!KETIp8%oX}j$YDYs z2{~Hm`H+0y51+T^YtV{>eJSKTp;trJ3f()l8?T;ZPa*8jvptyAeu?dc{!7R?j6ByU zE8R|q{*09rOTw-P}!NBoX~pZ0TucaQBIE3p}|h2W*iOz*x}7MCqaaaW*!*FG*5T#m~F9~L(n zJU?zS_|&*raRz3KyB4}V?rHGdaj${zkNXh(qqu*9f3EZse~$YF`fo~av3q>U4vVL@ zZhVbwoZ5$zcJN;uSSzT^MLXF?&_8CsfuCi3URs@zX0cZyoPA@bgU^oTd+z4OE(Tv3 zyBC~wc6auko$ejq2k~!?9}^#g^I`ePu(rO-F-P5H%T4H|-m+yM_$yo90{?Z38{D*G z8fL1e?H{&39PjSuM$gs@~LR2 zP`>t*J5+y)@_@=QSHNsFko|3nw5?F3bxomaujAsKBn$vRl?)QjE`-Jv?ve}DLcQs+ zg*&+7-r$ydfZ@)$C$6g{0>9$8aKj(aXbC&+9^k6rPWY2?sX##GhWp?u_o&!IC{nrG z$WG%7TyDBq6~U&e(z;fat6x>+oU@9wuT0ElFo&Xx6uI)~-xXQ%?z>#dvmA!Okm#Xj zaQX1v9p^(@zusVa7;;_b*YHp9Z80o1Id@k*ULkr|Gr?0fLzW0t5m|PG+>m<4N`SK=<43h28;{2L8^TKbbeMT zcOM8nQ0PI>gM=OoJy_@=&_jf7gl-giD0IHEoa2N+4-FO;i5mlj})}4Ywa89R$zwPr}`PY%azh^ZZ9DcMD;o`cnBI zX)5e{1x!Gi+$*hTUDz?{Z?HKhJ)pQ(F~3ptHQ=562LnNMzsEmA!4F20@3>!}BnzH} zT|U!TxMWj&so{xJ^!pUf?>28treu@ZlwwN7>cn*X(|x8X3s%X==H!&*)a10}^yG}> z%;YRMN;aF#DdtpjnmOH^Va_yX!CP{QIVB|}H6<-2JtZS0GbIZ^$*Jbll+@JJwAA#} zjMU83EI=oxnbT6zQq$7X($g~1GSjl~u;g@edP;g~dRlsVdPaI?dKMm^oMFyL$w6sasnVDG#Vse%_Df(Nmz;DN#ZY*27)UzUa_|FUx9}o(H!o|DBs3GZk?o zZ|;S+KcxO!^|p|0(3OAQJ-zK5boKv7)ql}d{{;wp(v>xV`>}$U+F}1ToJ3t-i}itl z_+M3P;J?_{f#2Z0e+l{(?|nX~W3bG+1^2`kT@W%P;)wtLhzn8ahNJCr+Rwv!<0Ucg zOG{&}MOa#1Td1xltV&2qbg}@H0ezWSS)bhBw9z!1Jz%0 zq4%+Q`R0XU6=J(BacI?5Z&|&iJv+PQ9Q39unWrnO6DxL9yMqcI@SMr0P0Mn8m#*Ee zys~@u9zA;Y?AfbVuikz7^yLPpiNhqqBq@exWc)X?$Do7}289YQLbyTkKn7)kF#QzM zUuOpB%s_4iH5!Y@SbdsoUuJNl$+?8lMgrH>MxEYPshgTu{@=7v+NMf0>Enu5;4PU; z-EYb7f7v~s@Bd#G#{b#ibkV{kX)i9Nt1~@(K#f+v@KMh2Oa5ogrEvcz?|YJ_1kH2N z_ynz$R`=<+(VMDyd(hv#EQqF_{%37Y|1X=L{$qolcMGPqpT>0c^Go&j_s`Wl^AE)4 z|Kak_cS2Tsm46@x|C^m&M*jbA4*s7FTVs9ZTl-H6Dc`B)&xZ7`@#p)k8*SD1_x&c9 zO8>rn{Wb6LXHgs9)VKCmzrXLN{`c7a)#?9#`%U%f#_q8Ysh2G1(sNCzTeWDsqHAvt zym;lt>2xX*@2yC?-L6P5#llTjG!RY}BD1+Y*Mz8Az_ajA*W$kLfGhRB=UTo0zuf#e zt!aw4{lwm{o_f0h(AP86XW?De~qGilfMS~@=*V;e}7LbDPP`m`H#6cyoG|oLBUmJsdADNGSnAydi@n>jc39Qi0cSOK!g}pk))}Wf z$}AqU2whn>#utG1U_Dtc)*I)6^<@bd8BW6ZX)-fo1#l{sg{R}(uuPVPIg0*l02_!| zF$=R|Zg@5;V#TZk=ZlrGa>oDhWG=Cevxg{9*QSPfgqYS|)I#}?!Cv88Mo))Y@? zGq4()pGua^2D2QN%ktO|Hk1ux!`TSdJAM>S=^4YuVhQ>@7PnI2@8;`w>@$2IA*d6hAL%%Qn zesD+p=6FB$kNEfEWp*(B1L%k2e}VpMyt|9UWRdsjv7$?2lRxe#H%?nAZq($GBUuSa)a4gHCtP#0=qqrj9i6XR?)~@E2{RAAWeF=cJl}TDK})}&h#f(>A6V9OdUxcK`wm;a2;2B> z{PB-0#&&TxztHIui(^IR?>`LvrzPrpvui@x=axf(Z%={Mz!)>Y=x@Ip0_cg2sFlH}YSW zh1GkHg!KH@@~(lk{f2#Kc{(cp;wMMGvm9Ked1LNz25*gSWWyPFd8rp!FF|W9D&oi{EX25Br${ z)&+bXXbGMb{7mri;FTfULUx6G5#n#`WlT1v8Z(RojWdiZjkg=`G;TBQGCpnGZ+r{Y zkbh{e(B#n6(3zntL+=Q^KXha0o1x)ht-^YR<%JCon;dpq*d1Zp!k!L$J?zb}FT+k_ zV_mE8yzt@S_VAVAPloRaKN5a4{Dz2C5w}Eair5_Sdc=WAP(UYU6 zV%^2A=zY;IM<0!D)!N=RyxshE3);nXnAP!o?3B1^ans{w#yu1FdfaDmzs9YV@9C4& zcUIr-30o4LNO(43U&4Weg9%3yzD&3;(Td5TwaIbj_qMsW_1KZLBcpy`y`_F|eO~>9 zhO&l54gaE6d(#L~ZDfe39ox6_0pj3E6DRUjmHw$IDSogs+|_M3&pn2km;=&%>(@)| zXVgk?BR$!=zck{`Zc=osRy@s1S+{@1-hJmCc5C7b4F1?BH*aKD4!@J#ym~cm+ga>^ z1+1*JlnrS&gTX%oF6^yr?N^x$&ti|8qQubg~2U8kz56?rJ1B*p>Y&WnOWd?*(c}2MKHV%L6uLAKGG+_oc3&izO%#>DvxPBV)oY2z| z6&4V;KLq)S&`)Fa$vF_W&u@cOZXm@C8-5H9D)$0iDi(x6Q$tLXhHSF5G~){vJ+5bc49A{a@nK#}Q_b;{H3h z2XXy$J?ueTClfCeva?o-_1LsOL#z|Gj#TaS`z$=`QN{l^IBDH{hWGkd&v^*6e@5&d z_w2tB>%W=sZ!K5-(>hjrv3l(k{^&d{=Tz06*0p-pv5Nnx@~nrSp}Mn)b#czV!k<`Q zPV3}6>+Q;yQ55-1miqQ+pv_7J4?)Q;tYeuS4z^`n!-{ zfcQG)FCjCL*7yqdEXe*Kp1KD>^8Y5}E4D`>&5aW2?v*RB#{|Tm`zGX3p=Trg4Hju| z0Mg$ekp^?I8i1d*#4!hBjYJNJ`@J7>gV3{)76*&;_&Ziko&|9?l}LY8A`SiunSnGo z81|Wvxgb7Mb#JBmACN&~@SlsH;(sDR+^;WV!%BwhK+64-SSt+TdH`gc(BmPy2)!F* z4-j7_-V4$!>{B5#gq{W2AEdk=2B#B>0ar6=>hBv zepuQhZI&LBo{)A)&q;fw*YI!HA4nfdUr5KL)6zNVg5<^$Pk%$8!Dxsyv@*0dv^R9d zAAff-bTjleBp8wm$%c&o$KHFuHIa4w<9B9K=wPD@2~CtX6cL3?g1z@%v8}rbE4J0O zM8vwTy6U?2RYR0&?-j9OSHRw}0Sfkx3jgm-CN8?=+4p^(-&_9gGx^+ePHt{yCX+k& z&OPUQ&SC4Z_1R`@OSTQ$j_t_yWMkMt>|i#Y9nOwoN3&zuiR>hHGCP%>&i=s8V&|}P z+4<}Ob|I^0*RdPeP3#VK7rTeeq<@8BQ(~oQiIrwO^xR0SCnZG7P3O#kM>-@$oy*L36tnxbypp zNTp)?38cjS5$?&_4&k^P&pTWMz3RX^`V!7jih04z(Hyj)QzP7;sTB}Ry+j0)8u#R% zA()~ATLxN^)`4vT(KmUP$8-Jaa-d$UKVh1HF8>VEbTn--IhJ-j4LC{zrs-Dt)AUN@ zS$c6sDQR2Q9?$+AMP!o|u!uJ0&Ojl$l)D4#*tdMZXP)`AZ$=^dUnoM1`ypZ+ z*nH8i(1f4P68&*Z{xl{(Q4{{!`IA@7j}I zGi;warZ_*E&d>CHjkv!A@pIGh|Iu~LuWdZ8DKFKR*V*JB^yzns{#~a3@yp+B`n`X8 z-A(hV$W8yB$uG?0|7GeICfvK}e>MF-rg_}-KPYM&{nGM7jhsNsR2ljtZ|H~WU@hJR zV_$#hf8wF<84dl+H1Y$PM}EP$w+tg+GJFU&8AiTCBpc)21#*R4BexJ8`T?RZ)A5du zc9of`81Ec0;<+;J81uZC8i+?9$b>QBj2h!!L#8p)j_Jt^X2vixFv9)H=$XyTc8qF! zF|Hk84l&uxG3F$5nmNnlGB=n)<{9&ndCQbyj4KnzI5UiLR%~Uq8tcruvYu>BjBj;V z725!#TPwrp)`9KB_F#KsgzLwC%?@ElV04>+xC)6F-Db1%*v0HJR)=wI4V%iQV|3fh zZe_P4PTy{JFS{S8yhHHgKgu3wFS7aU9mMP_Vjr>Z*fLhmS#y;+d(MS(=YlvD*MjTD z_2K$*{kgBWVel52K&QUnZK50dZ~fEcFStVNSK{;7m;LI~|1SC?XNi8qrsp=(|89Ej zGW9c4KR4ZH3NgQ^$=}h`Pfh)knEV|~#}VVZee&-TKR5Y3nw|$g`Avv^u%`RobRV0Z z6HW1|V#McJQ$Niz`A@2h*I||DS7++ySz`Nq(H|>o?@+_F)od~H7U-)Tpr0H9o#P1T z8Ml$;+!1mgeR74{ed4F&G1~^?HIeB+4l_sa%Es$3a}+)77;_x2qs$5PwUd}lPeFRd zJjd$=UeB0D+!Ag+x0(Be+r};CcH-SGZYj5$Th8s}R&iPI_c_4nxr1CXm(8Vd$I&te zEnlH!E?Q=~@8+JO{?$k#kIL)nrlBvf4ru< zCb(9{r&aN(8$MOy)2VoQphYcw+D|gWwRv)kTVK4E;T7Yy!tEBxbZ>++O5(X7AwWF-OT{s^zrfZ@~PqB3-G3o zzn7T>kAZjP`x09G9uD9%3oQlc8v%hFJJ!vPd*^Pr$#-Gu&4mvaF4KhK7q=*!4Y2m z-X31w{`LHQyuy`1s^F*~pYU)mA62lIPi^mjkce8?TkTL!pP(qEXFzaxcoYs-FUUJ6 zEI246GQclD8CJ{RTN&k5)6XkR>02{0*gKG~>El&T8Re_=QYzh*zimOvK+n)1ugIXf z5y1iV`~w3#1A=^mYJ`UQc!hZ2R|f>EY6h$7*2JM}h6jZPDLs_DugcR$>FeVY99dIY z^S51j{w5kEFRviakf0ht%HItapDKEj9Bw#zNgjvXLg*nbH z&dTbLy_CL?YbyPrD-BQvDOtiRgHa!TOafi4Tmzb- zOvAU*mFpmHRBi&@uG|5-S9uyVN0|$HPI&=sE-J4_Y-ds~wY-rJ#(-RqqNn(ciQ^n~|G(6ip>K<{|p^JYn*cL`*v zkIV1QWRu0v+FnNdB*bE_`4O})G77Wg>$0fw z^F$~YKIvtR`19X;G5$3o-RR@^dtAEF>#@M#^=L$=8+{**7;yZ-lXv@4vF_Xi5#@03)}q`Nypt%$ zgU=A!)vpm^~F|1zK5N{m}MD8aZ+U9iq`H-`@yV>FIC<$+6kw5V~@H5@Zp3xaw9&NJbktmr ztEs7_>7S+9$e3v~P6H=vvW!(f-i^(SgxH(R_4pbVzh)bXaul= zJ4JVn?h@TKx?6OR#zVtv6dGLi|KnR*O*>77#!hoBuC?ZmFNIE@q}S_L>(}U$^(p#P zeVRU9pP^r?U#DNM-=N>9-=yEH-=g2D-=^QL-=W{B-=*KJ-=p8F->1*i@7HJP59kl- z59tr)b*`ANg61+ax3PZ|daRN=40(b=<(wkK=s=-z z#hhDBF-A8>q4l3{8r1b5F`(mMS6~p!au?_x#IS@V%7B8|CB~9`fWA;-h$14K$8Sm|i?Vn03YR*|l4p(35 zc+T~V zt}K^SDszGkpBFXx6wC8<*$~k3G6pCfwp@XAVkDw(;vXy@2pV6$qCAkSEYB~GCbtb4 zbBoF!qyAm_N6jA!dlcG6foEw?6e@Sc^K>5+Dt`|? zQIu1_H;D3ka2m6lwy`(I^FIoe_k!;eR8^6Ci6*=y!hwUn$DP z;MDJ$)_1j}dF+hx81RXroCdx@luHrmryPa0kFoj9c3B<0)CYyuw*&7e%16LYigJ65 zYXebeo7$bN6e>SNuYN9$E8WqDV^L^*mOHFPC{*q-1nYeiDktFCcp(av z^Yh@jjzZ;_bNDY%sC={t*9V2l!%A?6qELAq_y$ql1in?2nMVu>K%s4dz*VA5p26~k zLhDW2@{cCze;WVwKY3;={*&MPul)Th|KJ=~{XyM7J||6CbXk2wyv1mb(g-nvjo)b^ za^t(EWzEW(qoze!OGACDvesp7#1;waG3&om*WEZ&U2oqv>iMw))YoS9QQNaU)YEo% zR$HaFS3f=4TAgg&Lhbfl6Lp7=4bzH-d?@UwyOF?MkV!?wzlfZWmf8z zTP)Ndxq3qUC;X&=g!ubVR!u$_=g}1T0gq!!b32uWn3-h0@ z7wi)=gqbd>!l}Khh5Z9{LPPr%LiCxX!s6MBgpiI4gjdRW!pYaOh2?oOg^t^%3pZCx z5o-K2NvLNvLFgeLEzGkWChYYZB4jllC`=sHN4T}In{e!H2f?FNYvIzmrosj127-Kn zO6ctrA)H7L5rn1z!n$WQ1nU$Jq0`sZg^9Htg{d}GgaI$C1($nfLV7+Y_~d<5?I?Yr zvX6YI>il!Q>L>1!>ei2^RYUv_tNPsEtt#HWN!3!9sye)SrAl{Tp(^t2Y}MPQQ&mg9 z{$4e1)Yq!)U0qaH!<(quJPuct-S$!0S9MU;nl4wRjei=oZ){%F$4c9xMz>xZRX<@& zRG-r5sO_z+qq?5o7Ww>TU}R;Fb>GoG(!s?xCb`MI*rdiihF6!yj4D<(8@6k-} z=6>JnOpCEA``sFwoY;9>cIwV?9)%X;3s1Ej-=k#K_>2Ar#^;qi9&f32m@s)pEW zJthpeF=oOv-=8ORvB{Xg-^iLUDxTDA62~e;NwW` z=xdF&y{fg-ZprAbeUs5&>+cb(l{t;nIxZcjEnSzW?cehUZHu)(Y2WLA(RwvorhT$% zmDYOW8ttL6>Dm{P4cc1mw`kW4+@bAOe~Cc-|TbR%C|0Pw_07+_H?+am6Ge)IY)13_kVj!+vIh=HnaB~ZCdJG?TGXDwBOyi zuYHwQpj9LnYVCR!X-~f_(l&{IpzU_%f%b&WLv54bhuW`eKh$P8KhzG(f1qWjJ-(J7_UxLg?PGpMdouQf_RhF$?c>0MTIUJ-w6%Ng)Q-y9tW_*utF3WsjdtaCE4214 z7ixDmoUIMjOxF53jM0WJ8KQNb*-QKA*H+rGBOCYw%pLKSEn{)Dn z_p63aSd`CC$k=*iyt8f0`0JKwIO|5&^>6+@R30~ znoSKFA^Rz4$f-p^Z!WA1ifNt_G_le8pext523c0$6V#yEfuP!FvV#t_ITiHHs@$NT zk6a8of9P6}{mT5HZQbt&t$Oz$=qv5xpr*yogPPQT6XZYjebBsZ`SYhO`Fh)}`Sc~We8QMYeANzB_?k#zUjWaY+x<^o|`}a>{0;VX>Jg&Y8uSvmWS|>JHq&+ zZ^QW@p9tRKW?jC=!brYp8x>z_rsfwP((uhE*5~U+HRR`%HsXivZo*rSZ^qA7x8Pl+ zt@y%It$Ei)ZTW}&+w+N`9eI0MXa4H7F1%!0H~!?j9{k|py?D1SefS!hzI=8-f4;tA zAYb4xi2qpi8~&QZ5dMN9j&IHn<(D=d#s>@-!H@c36koV~G%tPhJ>S)TJpbJ&EkAKU z0-yWyB;NLTBEL#9g@4m{D*w~mY5eos)A?PIKkz@Un92KC&fx!kk!1Oa|%C~P3Pb6>v*zb zBX7TcEB_>F7ymjblV9242rp}LhQHI{I=?2?I79rK{=d8e>;F1P>%ZjCp|L`&I<{l% zud(Z5H^g3zW#gRUlyM$$o^jrBHRJr_YR75f>c=&RYZ=!uu5(r=Ka~EoSiv2IX807 z=U&LYoO>a=Df_jgL#MY4(Da(9nCwIcRcSz-pRbvd1vy@=H=w& z=H=y`%R8TUA@5?|rMxS7SMzS>-O9V2cPH;&-u=9Syu!Sqya#y?^NRDH<~_@Mp7$c} zW!|g2H+gUK3eJBxzve>5h4mM9UOavA*)vYT6O-M&?H z>skJ~+mCL)x~sdFc5nUtP4_q7-*tb_{k``O-#>Fd=YHP(i}y?KzrX+Ce%XCp!RmsP zf^`KO3N{vOD%eu6qhM#j-h#sg*#$=nP88%7Tr9X!aJ}GG!R>;31@{XI3W^FI78Dnh z6g(+-R`9&wRl)0mHwEtsbcM-cWZ=b%^l_r%Il%{?7)Kj2CpfNz{nzN!UZm1MCJLm<9phTlKIW>v` zZ7SwQorrZkwapDf{WI{_;yRyZv;U9S==NaEzE@ngSG3n@uzojTxko}Cg+kAh;<}HC zGR1XYL$N{q4RDI>rfn#`TZKa9FKu^iL_K6h+g&fzWutt9_6MMwtcdY$0KFvLPYigh zC|AULM?#-KG2ggEgyKp~d3NtWRzok@3*Xg%H%6iRSqg5#fv2WU+xP06xWLigY)r7f4T z#h~F#80bvH-s%~U<-HNv5|CG5iJ=)b$b(ra^t+X%0;nAuhg3_b2v!x6*TQIIR1e{;4qY6=WT^f8=C#iQ?JyWrE`*I(!8xve++I^z+I*CCjr z`>$fS0+yTta($dL{nb&RS%z;_-2Wp(OXIoCAitfbu_n_{V?37D@JsI)_BqJ#t%inc zMXv?|!Wv}b`BdD$@fy}P{JJ3$dYwxQ=VNO)&q0RsH(rg3-!lFST@BxIGW@fX;45tU z6|*WF%XsuHhTmnp0>*#bc-+Q@YmP5|x&0T8KkJ}Rq&R_8oI_{uioPT!yuiQ5BIEr| z{Zsxoj79kqml%4KCc((_+tYgtx>}Jd&aE)KzZ_y<#KehgrJHZUZZf=osuc3Z(Dn-3uToAd& z?4;qniI4dq$M8NuLMs>%~``PYOMinY~2*Jxphm>F4l?Geq^%sS?iW0$2u1^ zm#uGsKDT}WD%h$q@=dh$vs+92?Sk#3B*HGzjw4Zao$Z`S7rTCTmZZPk06dKivWo+q zY&QjTy4@_$pX`?6(`9zcA#ZocbTA|P9ge`Ra@64%sHc+;o_A_G`GN9I!Jwf|5uh|n zCdOUoF3v3J>)ao7fODL)Ir-LkIO-)XwOxWqq>IXhC4x&d;^j7QX$YF=qH}R4$u237 z(_IQ(ROF#c3FOBv&s`+sg^QPKF!6Tv!zdNzS{w8>ERyylkPqTa1VsCkusH{&t6mr;-b9BIY_(1#f%pvwu(fT2U&3zoPtQ$a%vPdm#nV@mKT zr8E||QDzM?o=)LM#u6GWoWQDk7IIaCJO$5M@V7mnIBQp0e*2T@=6pzzJhN_ z3~lJKJW#&`5kM$C2P$P0XtU4IMq)TanSmP5*30l|#r@Os$8#6XO=37h4xGqz_zjfj91b}Mn0&o#vTkF(b}onvo0mE&&i>oOR3 z;YgS9phU?ifyPtHK+TlqpjDOjN|rb%-GJJ5S9+qx8#aIZR%JaU{Qs2AmA0g%(rEdg zsf;8)Dt}R0kcEGW7NWA?xJhcvJ-PF&lhDr-#5bSfs~FA# zm7l(5lr*Mx^wQ8xW1y5U#^Vq(0~g=W6EljYGc$h8bVO6Um@T#%58AGZ+4w}t`$TB! z8{Qu~z!~f7yHSo(S>!S!*BFiq*~0jqWhwvj%?uH#ybWvjP>iX~5%sATB1*+##+-^7 zVgbCRH)GU4fwB5NfzK~?TM2%FeoS4a0n>42L zV>iO1Z#R6E53jjV)lGvM<>;>_?VCSY8=t##wUJI7hAq=g09}C|8Gz;-a}G zTvzUE?pyfXOyZ^?x6@+yY-PZc>j*rx?r@K}7YLmpk(f&?CDxKkk}47hi9+H7&#Zcq zhLUEImXh|8Zj#=Tev+>xagy&O<0O+LGbBGr7D|>%R!Wj2DUvOcU6M@65y@#up5&sW zK=MfPO!7+dK~g4Rq!Ou_w34)%w7S$=8X&DJZ6s|W?I?|r4wA-8$4L{V^Q0@J8PcuN zozkPyv(l^5yV3{JXVOw+I5(43l~tE1WZtqsS*T1SYa#0>>n-am8zLJiOOVZ$EtRFp zHpsTfcF1=BRa%Gog*JXvWhq6bqr?S_w4>GCTOl~Q+kynyC%3b6Nc`bQ> zJXo%gx0JV)canFL_m=mQ50b~r$H^zjr^{!{f0i$ouaqarljZ61_42Lq-SYkNgYrE2 z75R1fZTWq9vHZFGwY*f$nOT_GnpH7Vnt7SkF!M7DG7B-QZ`J|%czT%iLR6YR>t7!0 zeJ?Eznpyw!z$c#b8rB&W6xpie?E9>3d$0X4Y0b554&}&S^T#)7K3Wmtok7+ukloi9W{K8`}B-Zx&%I|b-4S7IR93+w*2yI73+u&H~Vk+ zvEvAffvKBENA0l~{9VENM@<5cADk3fJF)6i|KaloaL-!miuNZleEq#GzH&~Tx9Dw7 z{EsaT@|hiF`gXBL9os*-=u|X6*Dh^fCokEOi?tNPx=gKY^KxhIo{;!egYAyxutbh08N48kG);&2h`fl^|%dJP;?LWHB ziRC@?J2zi^F*NY&51XI#dYt&v$e19921EO=88bZNsjljnV^d1%4sbSOkIwRS>+e}w zo;mlyzQmiwv29mZ`#yW~8~wXXzYfFiJ|8nIdwE}$r8+4hR7m%M?w1~rvgDxjFlY-|dyKnXWL-gT$?`#s**+f1N+9#{=5k%vaUoG|*2QzAab1~cI|Vhq}QTdE@#HvN6ZW;p%6B0De{d9q7mE<)HiA_q(&e{QXsa z^(X$%@Pro>Sc`wp_!-ufOZeqH`~mr)$s|*KPYiq;KstUybRRL z-4?bQV-`nW_aMj-?rKnDE=OY)$FJRoqGpEsPoRt4SAwRxZvfrtz8CbE`zg@NhK!Cy z?j?}lx_M#7yCZ~eeSPGZvB1zhN8h{rKc+YCbl+p>dnbR__uiw% z=o@aSv{oX&tg9=u1nOrKn%Q=pgH{ zdSOW_vkqFljm%cG+0N`j{XS+t>S-Jbi~xu~0nIZaPe41vTu1#4<_Rc`K!F(zQJo~@ zJ>!ls(31@Xjbha-M>K4G$W0LCge7ee#fc%E*)E{nunuBLPppLyUx*zD`71;|VaYda zEIu8|4ueeNJaL4^LE%UuB0WL(i#Sj4-DZDfEy)VD5tl+}6cd(==Eh;X9dF2ayO!I4 zKD>!L1DbPEm#v-oH0S%f9{t{Uzip|5%KcBmBR^C_2giF60vb$Dl6|L>ZYP1H1#EZALOO z8HrAg!zel_c^Rl@N)X1w(3GK|V^hY1PDJKgmdr|-mm(!Ur!2rYxhN$KHQSI27kM~S zj-mcU%4>|A9WvrGs*_?Xh2Fa6l5|2n;fXTVJ{ zAjxBBJyB@=zvJi`uS3N+dbli~Hil&-oXiV3b!*s3EBjTI*$;9=ib7X&w*ZBOhozU5 zkB6^yty;WygiSr$s1U(lW7n`!~K!K%T4l=i`qYJ_O`p(I=hyR4z7-FTNF+n ziki;;E`jZM*Rbm09U=l%JsUP}*|B44&pv%x4QTOo+xX67=4!ho^qS$ep!dSa#r;rwm)Z~aB}(&tR%5G9aGdP= z$S20PkADoGpqbP(rS0^ti8159o*F-M%nu1uX3Uy9Z}FVv5xSpJXK$Rp^Vh5;$9~CK zetB8`!lFe_SG;XQR+%N)t#{QaR{N&&8DVRq*3{q7(7o}-mfJe+?7Fq*t^u24x5w`o znLU30lryt(7MxywX!Xgp$F?5ddn)Vfu|1cMu(5$(s9ge$j$ED+<;=+jwth zVOH_62RV-~|CsM{zog{FOZFoT=_9v}a;3NZ&MvMS#F8lX?ei@xLt1bD^|B#7r8$3dgb}fgYh=6 zS;^nYQ{h|FFSte>_qqY9;Ap!#=q3QN_d_4X3E=X?`D+Fd_OCG&d0fB^UD{IMa+^0%NqXLXk}wv z6MfS)%~G1Dwa93>uGNOto7!w?yRF@h_PaXl>A0`c{>}%w9O`K7v`xw;%a?Apj590Yk?teDPzuIogQT#1u7UU z(XFt4M@D+X`n{idf5^tHrjrb|>AhIdQw#Ne&@A)Ape8%@X~>t%FM-}MzYA*2g34M% zS=58&T8;I-#-cuG6AS9S*TSL|s4*5zyu~oclPo5K?uC{B`?oj(deq`L=t+yypvF9^ zj3sAD^#)O(f@K5HCYDV>TR@Y5=MC7qu}?#;)kMq5kTXBCdY?wkB}>@7NuePVD`T*I z3kKVFW2>fCuw`4d0_|kg8PpgF$7Bn58`khj|G0^MV?7c|=@8}yjXX;5QMSfk#< zm>IUB_G6f+{rC~ukGZzLfG)CK1iHj_9q1<89iY2xcY&HBFG+bX+gb+QLa-sb>Jok_ zGz`D;D?mROva2eIC;BASpTj*2FqHIA+k8snDPT# z%MoEj{tlG?ECOe|xh45%{+-45z?b_gp?!8@1m4WPEN9?@pa22{BVu;u&ceF6zD=D(l&DkAVpjFPv zpsCL5K)budKnwK2r5rTU^|$DqS*}O%#CXotUeSPaP$(4UM5(Buz;97RfJQ0=&}c;i z&?bs@pdA#Q6fEhi=neUu{|A4>_Vh0YjmH2n7b+83pp?i1%>ogvKhP$SBesF|kR1b^ zKwSdeP~#q03(-OSkdPKf39Jhm6{rS{4r~wzeT5-vD7=^X4Ghb3_^k0u|-r;OED^`qCBeHRg6tK(BRQb@Q<>zU^q<#--trdn47>iqtIuh9pF1f*&q1a zMkr3GZw#J@Lap#yz_+2$_WQwUECMQ@0r!UmsyE~S@IVw=9|9gK$}~nnK1v4aZ-d_v z>shQEI277m09T80G46z$a?ymnOvF?@kd1+Rlb+i1X} zMY$39MwB6_-vqu{tltH`2Zdgrz2KQ*{Q>X|z!^VA{YLOjD0H7Y!S{%ACO8kg@o>}! zgNKON<4Eu*Q5L}0qI`=s>%ljO^)#k}0{75h)GNV#P$*u)ANNwA=>Hr6&f~6nOZN|6 z8-<=j9dL@=p)!rVph4jv*9Xr<`3Z6!_&F5X<~sN-QN9OW7x!f+)OP{zibC5g0uRC+ zxfpK*@H7;|wF2LYLiaxtnpv#w4DEjgUm(g0!C$!ni;VBS25&bM{`74LX%9Xfh3>y% z+=hX<80%4JeZ{y9c>BA}G`<2S0d#Q?D9wI@zCtvhJz%TEae>isB@-~tdSRr^fMM1+ z*3uXZrg+BP#j$oK#@9@YxLD8qH;lOTY<)W%kR_ zSBifZHQ6)<|1+bnokGP`631OS);1EyS~|*Bj6`T=i0xO?vz8}DqZ*@X{G(`me>6fH z$6Xqmx#B2m##iEjOX1x?d0qu1hA}2Y#mLS7x^Y+d*x?T&L(oySf7#b%QZm>OAA%7_ zSqqG^R^_&!&gCwk?qb9U6=ZdJ4~(_F%KKmpjxmn4zw5mia}jxbIyCMtnA^;IXxPoz z%2Hd_hPC6a!%jVvlOr1FSV;$FuB07o%Ss|h8%lqYBF4CElUqAku%sW#BUwH2R(6Ro zmwSf`a-DLEyffJ)Usm&oyelb?H)5>Jx|3>Vvx(Ns&MehzhuI;syEdg}*O@2g!Cbh- z5msffAJ2&%p%IofrK2pn`)Dl>As0w%$zIEv_4lK$%rYe)&}vffE~^*B%(|2uvvy`K zSqE@$t>0UhSqDoQn-|u%Y`QBR*aUh!wpkij*LDz>W2a#xm2%isl}ecJD=Udt)!s~e z)z*xAwPn_x)#h>`)mAbI)$G{G)vOtPwGC0ceW1r+`(?~A`*4Ohyshczuz;!Iptc?B zForRA-0ooS_`-3fW4PpdC#L#H=Z$_do!>IuT}qj0F4d|HsJ_fULb0iiN^wKcU17=H zRg7dGEBdp~6#?u!MQ7GlS*)zBoWRB?tC%lQDw#9NzSRnp66s6jO38cWH*A21lBt8z z&!d*Py{AveV9(mViJk*PhkG4m?|GH8PrXXnQZIL|t#=R0H19h^@X2A1`)u`j=W~p! zQDZ|?ry8qe18Z#c`JqPF2FGhKiif_NYCQ3+<6E_6J8oLdlz^u-hnPG2&E`J%{lcmJ zH$>g`XFNXmXL3~n7D<}~G-aBilm|Rx%>qw3IS2j{pbVVPb_|?A1_ma2tO{Hf_$2UB z;LpK_xvxU!gw_hX&OHvxaXeOgnSVj;%95_(joI(QUveMA8%eV2C>i^R=LnA4)Xy(s znSW438VQN;4T+6Nt~);>OT8xIQr)c)tKGLnEDh{gS1V~9InR1bWF2Nn)LzLxHDS!^ z&$Gy^KSKJhevEodgYN9k2C+7$8`v@%8hV7@ZCF`)qLI1RjYijf>>96cy1wzM#zK=u zO&pqXwe6d^b1BU{jlk{S^>I3Pa+te}QTS=jGh@cHYK9DFG`Cp|L+-M=$PzUNbJIMs zkSrog5s&%=bgY?}SgH~`XewRF0@e(f&MLEx$e^YGoW>X9c{TPe(3Xwi(+~nwW@l~y z)`GDFIa=5#5soYO)HOL=GeJzdeI#9+=M@avn&|Q-77+UBR%naD{sNHTMyPcU! z)-&mduf3aDi%8pVnG)FHUNDQ;gG^Jl5nF@HW4bpE&~!^*uyH z{=i5OVLJr2xo~6>2xRS`eYRpPh#B$=)I(+g0zEW=)|q8GvoUOQXq=a_1K98Ia2AVw zH)Ffv^ReuH#7jP4h=6<;IGSwkD0d7okWX+Yxl^1L=$u5LbtbdZ5Q)1x+00%6PA3!D z2M!?W_I^a=PGZ*s#dD9n%qFw7xSPbDean{MsIJ@sf<-&`fh~m^YB=k{RRyMJID#8l zac;R&GuPDZ>Di}slDa` z;xS)>74ZspmAi(K_6B#8yT#>mw}Jn;%iZJda|K)uJDS^o9+Ayzxvk_BTZsSY_uHS_ z7pP?+!eCiw_Lr80+01-c5Pks~N>vE16Bt1Gb_VxW*=+~nXolrg$w%v z_nCd+DgJ%L5EktV)Upu9)`b<|kL(LSqy87Fi9@Q72K~PJQc%WVBUtG6E1nrw{tX*JTi6Jg&ujz<+{HN5IxF64nRUT>QsjO=`43-19H-HzSYz zU-)C-{7V}IpArmPLukq{SQ&<=jDh^QJz@^(=cW7%x*+8jd}_2xY)ILbA|pF~XPYQZ z;WNUy;Ee7WxK>UlK-9>WM`o znym%C8HfR74!~Lf_!)^9*X$r7>|@m>MmH;l{D^&mzWCG-<7^a=G`2v}yyk`x6EgZI z^beUK8=$4k26~O(qom8^<#PNh<}aWZD>Z))`phEUaw2(QSqg2`M5{K|Iplk5wN3WF z1UG%n;af)Ibkk`C)<<8Wr~eKH<@Y%aP4Uzi^q4ZWDL%*B||c5zRzs4`TYU(-47o>e#F|pYyfm30}c5ZzbTWHFZ(P@qY;H;%+;7* zA&%RJ-=VE5#&6Rw|FQUO(a<_KN1>V9j5bx{nsybYG*iyC|Lrl}D&~y)&%}HCkK~xE z7!&TF%{OO?Cr9(mnc~TPnQzV%TdpnUqCd(vS25-s@q!Kqh3YK+EDzm(G%j65o2BM9 z^nWOH{}uDrRg7KN_5sclg|-=1@~??w_eZ(#u=`J29o!RY6nf0>!G93tS>SU-c`o>J zQCEc zhus6TPCBC)j&&LKo#+qihErDasn~ zrlQ;yyqze=fDaU9@&a=%3f&Jte&o_?qnr<3BFay}KZr6QfMf&;ZJz*sS(Nj^i$$5d zg^m`5wy^_mBFb&SyNPlP_;gX83%*X2H-c{xW%3UF2ZiouEci)LJ`LWX)L0(_9w*B2 z;3GwO4ER`4P5_@K%5%X}MR_Cmc2Uj(KPbvM;1@+1P#!WLg`UF#@Drkpw|}uEU=_QD z_~1z@0Bh0^JU_J~myz4>4)m7ASi?R>?(Ub!-2E17*!PHU@e%nASw;(w!>RCCT!1y@ zTGEKwK$)450NLGCeog7fBBNhsG=62`TcJa?<4c~5jF=kB0?+niZ?-QPK zpHrR|KCD-?59iguC)z(Tuz~;7z{dVR1UB`b9oXJ~abREn)WH7!8G&EcoG z&QwP<2+^!-5U$zWps(g;gKp868lI`&s_~ur{Tk~Vcr{6FP^(F4g9%M68qR5Qs8Q2q zuNsYO_NI}x+51LQntf;*;d7A|=HZsP*G(oG90mu_BAt#sQ0r_wzOJWBU2@Gi|< zP^g5=KuXy;NzVC{5hmjGv626*k8V= z_y=#F{`6n*eD^=~neMtIUp?oim$d z{*(D!^PkN(n{PMY1zg!-bBZN9X?_MMvPEG%p->@2ES)CHETz6HgP zQS?|lyt-NRw)o28JBvvcyMP-zZIOdlzQtXO0*hxB?<}k=Z7uCAt60_rUaTSFqR^-) ztt>kMCDzljzvWk!qb(CHXIjp&{KayKzCFHaA0bi9yXI~_Ss|s<3$l(*KKaW%oJ-o45%eyM}2)x z+vV7`s@%46ugWo%XIGwEd0XY3m5)?DR=HXg$12^c^r|wxN&+G!P=6qbS0`1M+pn^J zYfl`iIw+8bSmV&aA;w{ZLxRH%2bzbCW?>_a){Zm}o5FF7V}fJ4<3`66S0qrL10~#;8DEo?BGT^aqS3qJvl2wv> z!Jk?U>yXi(+TP3o`a~BqPf%~fBtUE{Gk?(YX174^nmqu0YDO{J^$qQWFsECALd#hE-|M@k^P_Hv5is4h*eGUM@a0JRwg8N zKg_nUKZ?=GDk8B@q27qZzJu8p50zqcvWCE2n~>PX=w$t@5n;@FlC>L2w4RJl&sv`c zy=Z;enk82%L@Eom3A5oyZ39lb6;Rm&K0{@nwi#x-nhdv{ga_E!BFcI%WIwxbJD?ZE zm}Uax&UW2Ed)vi;_Nx%tY?$3h)Fgi9js7cYDmzqh0M^nW6tq2NZs0F5chiVxG|Jgj z$7znx@;WMx^P09h_a9X_T|xpnaW3g6_x6jO*YcaRIW@r2%MyOCqSwB@J|~ z%R10PmuH|}uHisH7FK@=JHd8Cl%o8A@&M=;lg9xGydrreD4S}TYL3WeHBzyk)JdRQ z4KdA*q?V`FBR*-h((sR`wFgbWOo30+_JiI}tC`-A)JhLeM_je^mg(kVWV7)Guk(%R zo6}jcC4DPC-I2Z%G!qfe0!Ybc5ziiGP!Dvs_xLS;ur=3p!6?;D*F)Dw7o+R18=xDc z`&u_d7pohpi`R|Njns|SjnR$MjYlivmaRLgJE1$NJEl9X>#1v{YprX8&)VtQ>pJK< zLYkn{>U6p!onE&Z+0Rbv&ggFHZt3!Mw{>^$Y5k;@Nv)DvCzy=v30rz zNlla1>&_nQrR%NRpgXIJ*5&9LBDdUzq>V|Nk~Sx8N!psUEopnwj-;JQO>~WQ7j&0& z7j;c_&5{r_JPDz{lg=fbPr8tFG3ip$<)kY~SCg(KT~E4^bTjEzQhw6yq&rD>lkO$m zPbx?%Oe#vcm#s;1oolq~}R5l3pggN_w62Ch2X` zyQI>j_emd;J|>kVY4p+h`uYa?zPe7je!9E(_W$**aZ;0{)5i|!&Kzs_MV~KwN3YFy zun&(#VIVUWzyzRBSqd%_Wh-!7QTD=EYsw3lVS{l9g|;{0_^BL$QLqsTmA}OFn{fQ3 z62>GH+NK70h$vHRKgIRa`ULPqQKtBQitDHK6w`lJlqt49429O$0T)ncM8#X+MPfav zg5QNg+fW?;pJDe~if#T1yKlnlHvlk?V)p4iDQ=(Q@u^HP`P)SNJ;mZv3_h*D4t_(F zDJGxd?rFUSJOhPd*(nZxn^<2Rb44u_+J<88Db}9K6mS1WIC~oJBnri_PjHI0hY8Ps zx4$IT(@fnJarO-6m+EN4f?J@_@74yV_67cN1@R3RDr8SSpy!8LfbR|Z-PSgPZja~b5S=>Y(ugB z6ys0ZzW`Q?V*IJxW~dSCPxoID>reAF&PSnbD&qcE>_tsJW_eHC3*a&o+QtmrQIuW4 zm7?qk?j_1T;I%}#$phGzpCNZJI$|(*GZea?w&350ay+nezJ480~k(-@FRHQ;$N=>96e7CLaiDuO5p++y5PVb$;G&dG4sK z+GL}Sfo#foN6!D>@H_t_|8I(osF=&|Q~tiE{~CKc%>!7`-d-;DGk|jcDck$Mb*g_) zr&Rm5etLNyN zt6kSLRyTZ7U)^q`T0P1yN`1|`uG-l?TzyU*s{VF5uP%NNpgugnPo4Y9R~^30N8Po9 zm-@7;hq~KqclDi{)zxtqT-452oYd|Q9Mstod-XSdRn^0KR#tajWT#$o%|@N=Ypouk zwNwk&&DAHO&D4k2%hcCBr0NsDa_T1TtlB<>sGojQCdAHrFVs2wR(Qy~7HTzrAuM11 zR494-NI2EISa@=}NU&{OAQWcb73#FTEgZOgQ)n^ny6~&(RUz@nCE@6(3qoYTIblzxmkTwwEfut8ON6vOi-e`Se-RouEf5xrn=d5Xo-4d<{*&-z$84di?<}Fl@|i;G zDnAH^W=|K!SWXlA&6*;Nv70QcT{H>#0uzM!y(b8f6UPcUYeoy2yph6a$#9`x)KKBs z_pw5yecuS1rGtcn9R>)YDSd?(<-LWMy?P2h2f7JkYjzRtEbJ(>HE%EMNN6L-KeiNV zYnuz9lBU9|IgNyG-5Ll#Z`KH%TL{AXqDW!R%(_A`Uq{$;ElhYZGenpn@Iw6S03m6! zpHO8)O<_-+8p2P+TbOp*Ls+~*A?zLDCOl~ADmc_~7F3pwLdU1ogpOCL2w~Zkgh$(L zh3_-0g|m7~;lWCCVgE|G&{8iIrl)g4>^4TYKfPS#xAwj2*Gq3yyv0k^fEUtsw(_dmD|#bs)rWmR6`Tbs*=bl)%dB$R4?t0s2KeL)$+(p z)!wVSRoxSIsD}D)RlT^mQFUw4I#pnobk$|o6xF37y~=yfD%HN9e^o6RzErif%OaI| zg9WOe!{(`4`Oi^>)%sD@FmQ(I`-rKkvrQ9K(=xTHHE+hKUPX;i4WARIax597y4$Ir zD)(eh)y-C2R2J9UsXG3D>|F<36xY_jOA`SR>|L-o*j4PJZc!|WiY3-qV`37GJ(?Gj z$il8-@4dmYeOE;h5T)4wd+!As*4PUw?C$r!Gk0;ZM3eXOzP$G`KhF7|IdkXEojZ5V z413R%E8^v7Y|-A*(rGbwmYr5RXy73RgJB!QctXFb+<)itJQmkwd%OLX{&)T zUad?6_qOai|L2xh%iV9$B6|K+Y6g-o-B~rxJbBmrq>CrEww-b5r(62#-#*H|WxDkE z?k#Pn`V+&%WhaC|K8CG z`A)L}^1F;`n{SQ?%|Ci^NdB;CWAl9?r{-_@bx!`UlvVjZIT`YI?TXJI?!GhMCS+H$I66^rd$ElZD@LQ8JFW|o}$Z7eq@ zgjm)lcd;n<_p&@z4X{*fKg?2k%h#53k49TMknb&iSAMjVSQ=*8;y2Br44-9rmOS4w z=;#uQ=Z=+@rgPR=+?%N_Yt!@=w>s-Bl5v|XA*Lxy5p1j?LmeQ(*mZlCyPGPgiRt|034C+3r@; zJP&K0$jkccu42|r9gABhrTJLDsZ+wbC8DJDr=z8;H+{=k%d{_Rtv9lqwT+^@b?p2K z)>HE;T4#h;vab5Nvei#o#agR)RcrF$s@8iEe%4*}{jKdY{jERru4Wy4wwg7sTXk#a zZPl%v%GIzw{-%aCcw-G~m0LBevr5&pPHbG$n%SYIb!^v~*8Ux9TEA^l(>kqmP3t^t zAHJc6^~zT@tl7Rbtc^ETw{B@u-P$0%nssDQHEZ+b{?@+t{j9T__*oZzSJmpjw2JlN zhRRlRVkN6nY(?wxWfiQ&Mwho*8kMtJbIMrPOe<|2UaFM!_}miKFQ55XXLl%W-J~dH zZEE(kPDm+gjZZ9M6|Z!)emdOQ>QY)@jWk&;w`=8F>P~xUX_fWdBKY-*rSrpwmZQh- zSz0f-W2q8!({kH%&5~!ywk)W9!E&(H8H@hqaZCQ1!>M+o< zx_D1ZeOX7#%9FvCrb!};`ciev+QwxpF}fm_RsJvX2h6yc@3-@0{(0lh{6UpB0!S5hu7yz%i@lNLt2 zYSgOMt4aZhFICZ^m(?H6cyVlUe6H7*tDipSf3 z|CkUsrfX{8{>OU)oktxE3`so^D7<$*Fgx#RV2OLT0~_yp82D9KZs4L?*1*I8PD1HQ zSK;cz?!poIp2BAS#f6L7lo00jDlI%Yyqs{^=!(L1QXJ<7Rj*Dp}{Ao%X;rURBFsXVwq3mghaP7`c!pCzz6%Oy$ zO<1N{4`Kb=y@WeA^bzKd?=O7bWT5b1?qK1Xt;2-!AHEbWZuYhC;j?drrnv8fm&cA3 zssknni{JTP*i8F_u;H*N!je^f5xyK1CVaS0E__)hLRe+GLilx#Qg}r+UARycDU1-z z6s8TCCG3(uTiDERu22~^PuTX#eBo&6LSY5x2{6>xFG98in37O~Sh`&BE+& zHwYhI*eI+Wx=A=^_hw<;mRp1_o8pDF>Lv#YIa7`-oPJ^A$ClRzfsoO-a$@#8RR*CrXPhKPe-cP^O&7J-ECm zVR!}6{P`6{>(eTUYCNti@~Tr+GeyNDq>PFPy%B ztid;{x1ISMI(1zG1)Crb68u1RV%r*W6VcF{kSC-QdFWDKaFetVDK zUjv!8tCy1r*b^}bZ*oX=7N=DtS+ER0JgE?;us*&4-N@BL*-61dPL>MR61uOq6I{kn zjxJ3EyE%Eg^DWZZNlRX_^QYUoJFVc#Q#lfSIM%tkV5`&Xda0f+>rhS)n&&i~M4_!_ zr=FbtDf;Od$ledloL7@vm!9y7=C{*Ax134{UbuL2Y1bI61+p9P?A>LRo<#LNO zbVfU|ymWCFw1Rg{Pv`U8I%P+k6r>*d!`WpixsURzocE9=z!lC-1a*&a&1I0_A^NL5 zMnen1l!AMJjy*aayjl2TmzkH2=-`$tXFLd&0EuGVsFn|CnHxD>U=Ajn0@w|Mj^My6l>#&It$HV)0kq^ zTMWPLzIP6rk158_VY^@k`hC&F9Otl;y;8lW;JB8OY=HCGvRvk$LWc zT-5av@KK|)-HpK=XS=tsXzZTl0*M!V)!sexO=m3}XTFCNirD^o{+q^a#~cY4x7|Jq zPUpXGz+;Whf72N5M=BiyKk-%!_jE39dmb0JoqD7R2p^e!YQW`yq2vlTQ_jawM_`9v;0J3n_$y|VDjsoqWRLOk`=_2oznZXUe>JkEL*WC+`XIrYn2ly;lGmZ3JO zZ3w^&dIv6N7(b^T$K?t8{d4MRM$9i^X1!j)%sPD7$Tbt4S+_@cC)TS@0&8)^iSgs& zycgIRW$3R#ilqOHgd&VC#$dbMb2c)9R4 z!wGkJu!qFMl~C_dS3>vjgrj7##}1U)$!rGws_&r3RS(qW@yeqt$>TB? z2;fnQSa_Zi*bFIWGpJvwJ3L;7d3upA;8$9eq{Dx-7{Q~(3t7Fq#IOx-#~8F*g=8;e z^z+K_Dnbsxn-tzP%$r4kyPvlK63zy6DK@NFY39eWuh_9-?&LVT;~RPpV9^CX=Kda6 z{1@EQVGel{3g6!WJ|jq=j|j7|jeMGc^Z687b9a1S2hSF}H;WRv{HDRDr3hK$Gq5Bg zS$yCwkH>wVST+SbqwLslrtXQFUg;t38 zMSWm~R2YU#e_vJ@1$jatt3dNO*nMN1arZZ_*c7?{npJEGIk=*&q5QS~Y1=x}+emQmLN`MGox^qz($7m;NUCHI<8&bgSb|nzDp`o!6coPS|ou7=c#>QlGAzvNduKa4OPwv4hwkXLl-7-0od!{OR z4ZD$d*^&aI@>*z#|5h+ti>!Mz&e>q_q2xz!d&Y?8kY5lRI1x0&++<@x8*mBYlHl8P z#5%|M2zG%V#K)#IbHg+6SAw#bxeP^)C4A?K7%liB5?L9L=YVBpm<@R@%g4Y+3_k_U zImAzK!v8ZgR=5DSDrR0>x`B6h`5b(ZiyVBu%Wm*Ymn`u8E(gGmxZDN5kNikzr^`!l zK2JkGc*5gc_;}**g@>=6>tk?#x0d*aN#fQSd>nEe3CK3LRPc1SL*Pf;j)R|cI|ndk1vjkUIfoBdIkJp z(MRB}@SUe#7(U=7J?enh^ALeI@(2QN;?WemIsEGJw&w9U_#pVx!}H8zBDm6H7Wf>G zIpFg=7Jx7E(1RO2V!=0i#DT}d?;cqw;B#M{xO#fwO^JHk<5-?`!11F1cq7js@TTy> z#~FFH2LIf1AoyU9-Lq}Wh!fp;K$Rz%(+@J8N2;9~Fg;BxP9 zaD}%5e7bie_)PCPc(YpUy$tdS?{(nO-Z9`BZ=JUjF?v(~m-XHoz+=5*!8d!yfv4b0 z0E`Fk-QeQl9blb175@gD&-`)3=Q*q}LQwhQjl$O%+|{=Tcv0V?;GVu-;NHF^z=M6o zzE0#*-%#*gzMnzU&$l1=VBewOU-*6l{dc~jA&>W+0RFx2THm@v?`!f!zDM7U&?Ne9 z1>feo4LsR*C-`08hrX`lrSD6~q{=GzNkmn72~N1E_k6Aq>fvwCGQvl+=~s0?Rb&;d zIuQE7T``paL%z)A9kEBT;j@p_^2ZhNuMZyR9|#`i z9}bRxO<*hiMRma?qQ&6RqF3Oq4I4B>3%hF8fx|-|++nc@a12<8Yta2(U#8|5@hw5L zMjF*P2SnZMZvd&EQyVyr)C9iE-zfxFG!(?O#s}9DL}lvx6vE`GKE_*%zU4I%RlOUu}#0izRswB1aK6qXDo0clWFYJ5au5>2uS^G=FA4KJk@vXW(22U>#!f233 zz%|M67yJ~tC4e->YGx_I#aaCZGOg1w*6I}K!kJzPoW*1#a6OZy$KcBcqWh9_Xd8&i zt$?GL{5?iM(*o#dzvRqj#Q_tToCJKIEvxU#pJxEjZr9$l zWeM2U1jkAQrn2&mwv5^_A?(x;lo0_Nf@ptHKhLHh>d*J4uje)BU7)`XbhL2-W`i7U zoESQ4vudII`)pQo*rm42Hc5f)m`v>$wPEG3Zyazd({BT&foKrQbl^@9Z6~#Fn_6ZiTc2fj9>F9gfn%PZiKdJ4czsxTJ+Wk1Y-!Bx-XC>v z1;7e=gDOCro)dV9+p*BW>~$4Jw!5RUKehFAaj1z~Z-d#9w-y`&f3NfPzPS^t24#>C zj&S##V;zBxD<38Mu^PMbrSW3g^Ih%wsJd8V-)?i^y|KLy(-hw09sN>D7`%HFT1bz!RC-7@OQQ$>ZQ^5)+$eFgO{WyiNpe!AA zbj3lz739{zc)g!pC{)SomDhWpDA?Ox!|PH72jPoTUa+HMCtY*cg%fWSl)H;{yB)#4 zd=>m1WUsEE%7R)7Yy3EU!M%nxY%g4-V9)mnA1cn>7KL~ADOml`&IJYka|C3gMc!3c zB5LSX#Jy3`pvL%D%d<&SFVd`e3nYGZ#wKpT)}q9t7oL>o#r05~-|R+x8(H zNXJf{Klzk&>Dn!{dyk&IKI@G;xo^Mz1Gs8GFI@RRLeq{6=H6q64*O!b_m^Ld_?jSu z8X?7fd`pxpRk}>sZwVPWihMVEOu6!7#}(fF%{7|FgDw-uL{e}UPpVL{(q!tY@ejnE zo5F4X*RY>{{)JXFm5?xbc!UCx1EyhhdgP3mvu4kk`yT@H{v~};xk^<(|7z81%wGWC zltqh|EJdx$makZe|0wN_7i*we3&(-?E>VR035MIQ;&==pY6u#HvWOsh1Y|Ip%vfK) z0ZuEinf3vyy{-C?CjIRKJ9h4Ja94SI z`)_FWU>j>!#(RoolC1Y^aZvAdkpGop&04kV)U8*)LBK~=ib+E(^jAB4=z+VO3JyyN z2l>B56gcrG0z(TEOSovm9-dysyg3_3?XMeGfPR%p+!@;iEXUk>$$6$W^Yy z?!pQMmn2XqYS<_U@3Qu#NmK4O41TpaY0M0o zH!LAiWnfv>dpUJ_qA4@pT2^CO16sR!^|~m!f+dxw?12!*SPcYBdP87nz*$<5<>PHe%oY10T1mW2u9V zE4+N@FzI~+u*TYTzR(7?f}Xmt`XcQxwy3>VdtX|; z8W$p)YA*M_a`oEv986l!aaw4(*?Uy)Tet7rCB1*`eXsZZ2M>Gqe)RZ_V?23d{r9fE zwSQ5(ec}C!GQ`jFE=~o9<@K8=ul%RipJH)!b$v$hk1P&tqvBibDOtF{TiXk7erx|X zHov`U#0d8x+Xd+YSF(ef3194V#5LIYC^zT)fSYsnb8CzFWPZ+hwA&cS2iJ+62l_o4@8uZi1l&R{oTGuWTQw`ZW|V0iuv;bySMA=7Ay z-?5A8UQLMGJLa+J40da;zFrkcKg64}&t`{tDZO0D zwBMZ5PQjeEKbzBjgm`qgMuld!TVigqb+N9+d`Yijy&(_g=C^+=HWjiGG3x|mWwA}* zamBWS)A)7HWCvo{;TO>N&VEnB%=UEenV7qt?J(D^FEqcMj#=>?-266;bcb#PD;o!Xp{!rIcErD&6u+6bLo7b% z%PGL8m(zpOxO{G86JqnB&hl088+j<=@*#>8BJ-gnV)Nk_X+-D4)(U0t%eG&IUf`}3 zgW$8&9#Q$=`CBmxd_%>J;M*$ZfRjqq@q2ZbO5MQwSDFldyV9@V_bWXCe^%)^_^V1y z{9Cy+^>6MEPX|QV!?6%!59b)51=j~`0FMnw0N)yr3Z5R20iG3b2>eLEDeyA^m%!ab z!J?*^jbAFl%$X=!~F%(N+bor>ze@S{tQpM547hkmu=gb%-;r6X-Fgp?3u@qW1vz z(pLi)>nDJR>*K&5>vO^L^cKAnvFbexUIfX}3^-py2>1}hzQfF)VKew;!*%eRh6muU z3|4SrtYbuNMk#nZ<0s%ljAOvZ87G1NX#Bje}LOu>U1Ihyt_+-@vi9la~#xO$C zG}08$JTd4q&=AlF5OK%-1#$;92L&@~3tS7*fi{9JgPwu%KoyH({tQGtx!N+KPsT(L z&7pl5bPPn}<W>N8MZ(0I@f zpaq~6AnHeD0Br;jJPl}`>oCw}P&$Y{Azp!~zluFC3eAbK9z^|l220aJSI6hrKJwP-!3iV;x0XhP@1$qd238FqM9YCR=Ng(R0@)Sg1bE(fs7{~yk z7Mjk-+ViDQzY{M|aS*l4B|$VEPX`dqqifHh8w!~cjm1N0Ac*GCrSrDb$7C#s`j;RL z0T~Jk17(7afX>o&%&F43RvLqc#@!*X>g_Id18oJRgZ6?5Y;Y4WhAgs9%RYH_Q;o%Rx~f1L!j5 z9AAK9tMWv1#n3p{HqeUdsHX<{4-^KH)x^38-dK%+?a=-Z;MX{xZ*l*Cz5$H}jR742 z-2>72%x54n672MEO1Kd1+2IA{cDEGTa?wkIP;F=#C4Cr}tD5;PyQ0z~t&tOLOy zad}znIa%r+#r*}MbEmgJG{;JNkUe${InKwe83Lp+YiPWhbs!ZZ4Nwa*fILpZPYVI~AH!ZQ{`W53WGIIISe@M#0p2DJi78Fc{m z0`&n62aN!&0!4$igJ`^Od#rDo3&x%Y#-0Oa6Ld7si#_JdjYoJcJjT5ZqPbn{d0j#w z)0{5$d@ke(pTEVPyTzWjh2-)%Tf%@eU(00>&DCPh)8g|2;~o?WqWM|uxmo5zrg>Rn zK{O`|&BsFXt_%V3Pgsn1$o5<-VUTH_mH8l=V};A-h2~MQ$8>>L z1G%WhPhQA&*ErFMh(VRNIuSom^daO(1YN$1?JuBzMSmJ|CY?*dJA?WCy!nvb6n&=9 z@18rO`>Kvdzb+N(AoJROk$oaxZzp76h&*Wp#d0A5;|A93X)AWuUQBcmY9gcGU$WevLd>%Qv(7Iz;ULN~_?Qic< zSd*VMC~~4h9j~$qZ~xHR4-Wf&sO(>Ld*8@!a2DeuheS>S{s{UB^fTxeP&DX&VR@c4 zk~`BES&nC$>#(MOt0$}uTVL<>@|{|K`?EsZEQQuy*YIacXERbUjg%ad5|akp^VYr2 zAAdWx{k{DAdZ1lQ`mI3`6TAkm@YA0W4gtJ#&nPA5z{lK7p})=F}-8@ z#Pp5n7t=pxz#G@+^O%7#gJK5942c;UGc4wdnBg&B#(WhsBIfIuZ(_cU85uJQ<-dy= z9Wy3oY|OZr@i7zL*#FNy)0e;btNWA8rYVjS)~8urvbtt<%L>ivp4B6(XI8JQ&$4=F^~vg+)i0}m*5_FR zvj$}i&Ki<6G;3Ja7g@uzzRdb6Yed%9S>I%Rn>8|PRMvM{qqD|jjm;XDH9l)X*2Jvu zaVHLNxEpVA_r$N!x;O5PYtiWr8nuJ`M|y9^Tl=f^D!pS(dc9V^4H~oFSfG#9Z(#CH z?7v078EZ)eTcZmk$9f9Onm5W|GUYcH!w0s%y>klNBeh`9^##(~r9Y(E^iS;jp}PNl z+hcGRCeTJu94H=?07?XH1^uxl?GNwy$By^U?zQ~`?M?r{_J8*H|IYojxIZ<~V!h-y z&Pna_-~QESqgwd=JTv>Uat+D%$`d28deTeR`o z1Z|>rE7l#C9on7RUE1B+J=zRyrZ!8vSG!NUUwc4%Pr!;7$eWX{+o3zEJEl9XJE1$NJEc3LJF7dVJFmN-yQsUQ%hp}i zUC~|DUDI9H<>+qcZt8C7ZtL#o?&^Nk-P7IIJmRd(b z4AD2C%ZN^m&NaL+XdoX`siV!R=LR#jztlh1ztV5y_M)Zf@~-Dy;b&-C^y_CQ9HsPT zI8D7?q6@9@`j|qx^k}2Q`g#ZXbuDj7s*fr~_fqTC?&h`q%J z!uE3-LJo#43hOLxEyiZz1%3uJKa7xlAbyDnlPkg$5sDd#a7CnoDCQ^@DCR2`DHbZ$ zDb^~Y6;bf|-l*85h*iWX5*3>jZN#36or)cb-HKg`ql)5+00mNjE1i`^l}<``rJtgh z(pTxDEU7G^tg5V{^jG>Rt0{!ahDwn#NZCx;NZD3gUm;aWlD9S5W zDk>;fD=H~hp_OYCm6gtl>I$u*mQt;#!Ijr2YARzCH59IjnhKqwwoj(9~ArI(_CVymLLa+{*1 zGD*=wxn0ppnXCv_rYhPfQxvV0=?bwjP0?2Atq4@?SA3$(Qgl@AQM6a?Q*>5lDmp0l zDmp2TC_}Ig?;E0=Y}l^TN1VygM`Plks{<F`a`&C)pO7HPaRL7FH%5q>uORQQ?j^Jv4LzqrZ#BdSGIkEjt*Gon^R z?T9)NbtCFU)Q`ZYb`b#)L?)0q$(&^_GFMp zB`Yl}BP%N_Co3HGFdxWds&FAgRG;hldQAs6WOP-F0!t&Zn97rAx&l7BYH&ijOZ2dSw!!M zJ`sH*`bG4Q7=ZSD9x)J{hy`LNaTzfjM38p3g1Di$kvK@)SlmS1RNPG5T--w3QXDCs zBd#xQfHICt+Ysyw`e&CgiChvciI6BHO35_IbV;OShGeE>mSnbMj%2Q6o@Bmcfn=d% zkz}!CiDao{nPjMboU^^y8YOGryfOG!&h%Sg*g%Sp>iD@ZF!D@iL$t4OO#{iOcVYSQY`8q%85 zTGHCmI?}q*deZvR2GRg&pj0RoNgGNVNrR+~rA?$wrOl+xr7ff_rLCmF($>;8(za5u zR3ep1Wzu%i_RtVzxP-W* z*uMTZ{@nwARu6Ov>0HQ4d{Sub&pPVAyWVyo?L$IBI)rrmk374Y?`U=1LOMUTR=tpx z?`8jx`kc02NDa2N!8=M3Qma54SRlQ9ovMZea9gXfGPNDb)^U*E-t*%%Z9=++bP4(N z1GO~@33_h{VTdTCA-A>3d&_)$d*E{ZRxMIa!)Jok7tGIYiH?s>h)#^&8l4oqEqZ%& za&!u|-HqNH9am81_Z;`bWuuKMV~kO4)EKo!ol$Qz7>!1g(QI6A+yD>rSmP#S(WNeO~*{fO(#qzO{Yw!O=nDJP3KJKO&3fTO_xmBrpu-)@SMM9x^Bub-7wum zgworHdwkbK;~w8PJup2qJu*EuJuy8sJu^Kwz5gu!ye-jcl{!YPR%_H+wT?~#sEulq z+N@r$-k{#7j#Y0`Z&t^tx2WUQ3F<`kR&|nkn|ixCS)HOzRi~-b)jQNX)w|TY)qB(# z>P&T(dart)dcXRB`k?xd`mp+l`l$Mt`ndXp`lR}l`n39t`mFk#`n>vr`l9-hI$M2N zeMNm$eNBB`ouj^?zNx;YzOBBazN`LKeNTN~{XqRt{Yd>-{Y3p#{Y?EF-(S2?zf`|c z=c)767PXarfBs*-Y{C~HafU61c*M(1G;Bq@+--*K1{yIp6&bG64Lb}w4Z94x4SNh3 zhD<}2VXtAIVZY&kAzSs==$K9L3W?Ki(Z}l(^ojbd`XqRfY}Y62Q}n6&G<~{$hkhsW zc+-f%8Tw3pmVU2(pMJmo0Go@x^cOjczeZpFFScT@Zl7+y?ttzfn@y(k!2CQfKQqkF z0H4MjFh8TLdFMQ`j?FRC`D6Q>Fh57k&nEBG?b7Ym?a^iEGId$HL%PGdBW#A5&MRM2 z{fb%Y%a}R7qDsaba(uzeb`s{5=~cPQ@oezx+=#u7dFI;%rT!PM+h6UR1*}0%44oOe zFmz?;#;^!OcZNk7{!!pQE62{z}7o5?8LA$ z!%rA~%CHN=t_-^|3}x7zVGo8q8TMlM8N=QT`!MXwuph(z3D#I{_a)#jyBN!?eDj7~=IGtf6!x;=`GMvS5Hp4j# z=Q5nfa6ZEY3>Pw7#BedgB@CA`T*h!Y!xaoyGF-)QHN!Ow*D_qkFp6O`LlwgqhH8cy zhFXR?hI)nuhDL@ahGvHA8E#;>kzp*uO$;|PjAOWkVLZbGhKUTfGE8E)jp25N$qZ8% zrZP-pn9gtq!<`IwG2G2?55o+GnGCZS?q#@-;eLh(7#?JJh~Z&|M;IPuc#Pq3h9?-F zWO$00_NF?`N2m*ESBFB!gKn8z@mp@pH9p^f2x6P)Hk{kCMW zww;Ke(8)RB%W_0`;yAw{-MK#}P~JvBc|{k>i*YiyiHzXNwBz)Bx%%B4YS3{17xQHX zaeMtj{IDb6hO^whyq@QLomDwKf5d1`wzq_CcXz1YF?jJfu4cZ560U7fs;aXqczdpG zjz{6!?|4N1SiHsqeSjDu>>OX8J6|);`K^4b_!jbdZ?0{x96~BP_7&nKp_ss-_v}ZZ zd;4(v@*19txsrTe@qCO+1C->qmf*_MJ?&SdJ6AqkPz_rgm%a{19Q2l4%AuYzh!%ht z4i07f9nPh_6Ky}g@MU=3hAUs5)$?YLIbOTEuEE^yuge_e_C3MzlMct_>#XR|wq!vY z`@u~ za&kkC2XUM)!`IftLF32WLCv^xtRt}7U;8NH?=}7!mEmgUYuMt@hg$^nKH`@)oSwg< zJ8(63cdo{^y&w4V<@a^0hd(BJXd} zAKBvAp4MCsH*)bqMQu4bhii%B(fRVcM&fWq_+yvh&YJH-nZs6o^z!@G<;w8A&F|%S z?rj{-y1hdUd`X`3_3*p{SEdu!!=G~UWUhX`&PklymD7iFGG9X|XAgNfiqrSv%J6qk zZ>~08c04XG^LChTXEL|%+xMp9S@3)9;!4hR7>&H1fBL+Al#kc+<68dl<^Nbo{)!Ly z&0|$}=;7ZwiUhr2&uM8S@%a6D8%ZZ_WCu9~{TagNx1>2LGn|fsUv|0<{;Sh{Cnw~f zpNI%%lbk1m|LFWP_*CSvEK-oiaxU^!&SQBjpJ8jRv)l!-4PAtYVP?-lImERHvQS1s zbEHs2P?~?Ta4gUqHy?7t?Y^7)?}!Ncw8%5WM0-_)xVsSn7ag>MdkuFFQpa8FUXDmU zI#TGkzaxbf%6R$T8Ywiy8__aZp3L7DDKx|Tf_E8m@n0M-G|Hz0iT2s!gLqgz2YuWS zrS28ve4l?u1ktFH&q^Z3T1gA|zbcyO>9QBfx)Q&CQ5;cS1=os$h}-XoCi-(FL{O^~ z2|mBlHt>{6Y2fdQFG?!IVpL8;q&ZThG-ArVKX>S0L20Xged$;gP%ME4FVe=mRW;A;6oZ*2fy3kKKSDXPryk)%>YD73kV2sW6@K`1cU|n z68RsBp(+e?6`c~ei5iOPlSZN@BE&^QR8^YeltxuuBU%T}XFAOn*&w@qR8&>oYjj)JXKko)u)gJzZqv$Wa@81)-}^N;A1}`<|+bbBf4A3yt3ebM*LNO zTT2_RwXHw+SAQV>s_n%+>)qq6j^(BO_^Mgu;69_5O=zBXCvEI{XPfP?t76#gG)r1q zu4Qs@+k-K-yzHxcUrha_OR~qeKi#?Z>c_MZHZ0lodM!vFcx_p!B7PU|t!um2|3%xy zO@10|8$5S(Ha36u({W2${FLmex%;f=WAwJFBYwX7;E>I>&X)MVdicEU$-%raHrw|5 zxhdyugL5s9Ew(|zR@;8D*{r#?i#AJko^{QZ|LqZlqV0C*#xv9P&W^}wGkiRqJ#|b!4^$|GHuviXA(xlD2F(-C0htC_F3*_;H+55a&9sbj`)jMT-}CA`iuiuYxZ?+&**iai{x;MGPwji3-4qbN&3n}CYp!z2zLM?S&V9bXMSg8zuk&?|54L{yk9(DV#z_eL zOAH@;(OcO~EG90GEUkOpa^6zAdNDL<$`4LO6y)LdU;2}BE;t7g<})9*oi08o>mD^$ z<0ZzoL^WK#CVpdWQ>Kn3uB$G7<;=B7>>8gChK9Oyzxu$^*0rd+D~fWx=S5LYhTQB( z0v+bmPNrp?=6yN|nlf|HX=ey%O? z^aJa`XNRuNy_uG1>uot`%d=&lzGKT7{9SQfcemY(LI-Zt+E(O!QMsq>L1GiXQslGl z;a@(JT(#wAJGt(0#g8`=zwvQ*l@Ng&dYF*zey;c@2H}_e5Hfe+BTI*G+?KfYxtG_a z(#QyxVPfJdMWJ31Tf6zpoe^>=w`4=&2gQ64PTYrHu7?AjrnXK!oV!u#qL7Ge{}}Ir zG=Bl5YWKPKsO?SM&Q2LoRbFhjS@IGsH*+odC+~H5`iqZ1p!m*~d-3G}*J<~jO-`Xd zb4kZZ(W68lE00TpZu#dHQ_9Ug_e%~ex+zGA2zUYyd#$>=k1c@Glihjlc{$*DZ?aq=13e@#QI3(7e`kC?2qE2?H6 zOR`zoR$YF0wQb{I>y%H#K36Oo&n7<4i_5f)c{E|u)OAx+@)Pe@dbR(-#g{3gH+*Ip zEuXaR#N=l`=h^OBQwN6(xIH+uoYSk^HKmui7XN)O`i!z&$MYfo;-!4cq`^P7 zCCi=iVjes>_1Knl?&l+IN>ADHtc}g~DA#s#u+6si{PWXE4{C>P-(#~~Tec=`U2dkO z*`cW}l_yMnac1tR_x`o~kSedqy ziUM0X{7(MR@{d-8ZgiqLS~GDbMg6#1Xhj88P?*L{2W_FE-s%D zfy>jjol!hC%!HQ2WRhJtmS{qWRx0M8ohv{6yLF>Aj0-j|XOYos{O= za;uUsaqk0V*4}CI^8;IodZVCSIYF1Mo!vw0h%Sfu_|+gb;qf6>fm5W1xQswhx_&T@ z<1@dL#K}o;B`pnx)#pUaQSs__+0W*E75ACni5+J|t;29!mlM8w6v9waEp&9sq9Vl4 zN3prRj~m)r!pRqLYb{eP|Miw3k)hb>)Ung)i zlWF|=OeXIIUT3mBjy>I1?8(Qn=jwq>#7)mpRf9y7o*@W7_X#vOTUnE$@uifMy^nM*uf6*&f@TE8~kX45D&7 zAdPWPuMv%NKc4Any!!|cUaN=#xS8p90CzL_9Pk2&yWvV8BLs-nSrS;E$uvg(G$!*| zP5AP&priRsX!&`-HB4Ry)H9jJ)xX4KSNsA&W9rlL_PF}ov7oEN^!0!uCN}~GF}Vq_ z1(RC?Y0UkSsE5YeAIkJJ#(rZEt+NBLGm{4cY3zNfr}6hUGI=*}50hz3ej1CP&i~7S z8$h)D8Q^&)lQQ^!9YpmsMn8?oPaoiNppofmjD8xMza#VlAdS&a%i|@3)CW=79+RKS zG%i1l$xp9cF=b1k#xPcnct(17|S(8X%4FUmf}#KpN|xmZ$Ol-9c3L00uHy3>*(?1pNdc%>lrb z$1g5!AS$~9i!#|0C}MI5kmduZfHFgYUo!m&;MYw47C3{+G;aXS7tj%vUI9J^(fVob z0OE)9fh+*hya7~i&lx~vd)@#}ZpY^i;N-9Q`~g&^IRplQsBF(4z?B(^{s&R{3n0xO zKxKOl0j|s#K7Rm}Lm|^V0kMz;K$KpOv_$}|VSw;;OjDByS|PXtb8@;`t-G5Hr@7>MpG2hL#n zSwNagfYuWYjA60{XkfAlNb?NPGW30p#@6R#7GIyr_89wAw#V70vOU&5SDwY&=VaXV zH0C}p|7X9S5Qp~@d+r;0UiSPq+&TXJ-ojn$|F8EJdk!9YE$n%Cxa;!w`wV9j{(hhN zWA8Ijc(2L+``w28r@z~X@m?eQz0) zW%?dKn%jxiPxCvaGkGWQ9Fs2qUokl!Sn4!iz6`K2lbZs&GC34Dn#p5ykQTe0ZMQ>wFfoOS}KZ@puipL2HfPcTEVp0|T@b7y^ z#YK4Uf{PNZ*Aw~1jYPg>3z2W#x&U|0%aEw(`W-gLlBh(u+T;2~EyT}`K>6}DZuA$^ zD7lKmELmHhjs+X=P#=uU%tGee8q}N@|7$5Hdms7ud3Z#iT%inA zz7%|-Ky^!31j$#S9U5Jb+<;@_e|GtbRRr~sD82qc8^rUDijB=}vuP8Fii@+g*|NoX zMRKw`aU-tsIdg*0&OrIXg+cN~i-P2f7YDUpzK;Ii<19~3CM!}?-MMc;to;pUvwD{<+unZl>Rs*Etf6(%{yyGd@nYHr%-&#q+Vt}cX3o5eeXbSk zvuv559L8hRv}r}!Mn=;5{pCxR7PLPqEe*fCkS7gr9aqq6IBi;9gXzNe@^^9uDB+S$MX!BIkO_llnk)9aoMtqBa0B%6}TQN=FKBfD^?V5yK?0i;p)|| z0@kdl9V9kXc=; z?L&+vj3V^s{P~=nj9R?-NUN2rF16aQ!5jLVR&(b5+KP^^*V`X`L2YP6#H&^c1&NA` z6a>$hLG7b^@a)+nDki3Quv$|lnA)!7&xVIqrM(1;KbF+;ztNOs|<7_FN8I&t3P8=#woNuk_gTzM&Y4 zHqkLNZJH~N&&zcDMsaNol$$vF<_cRy%R9pkQgr3U12$SgZm;Q-mafV za?oEH3rr*j=bN$KuAfeFA|px0j2M!mR+9`3^ytHkumZgse(l%E)~qRmzAoQx-MS*} zj3&?aW^>8*>(>vKZP@g)Z1a{SviO8(+19P=Wl7uj$dZ%y%TiORH^Na_nEawFLh(R0 zZAQsPF^eMsflZ0=^Jx<3! zGOnXD9YfkcxeoUY9WyS_&zOxmFb3#*LITc#mX*)uF&?%BnXEgnU6;@~CMKb?Mw`&t zi2Yol3!k3QdFH%?&I^|%bY8g{v)A0Q`DY%z|Ix>&D@dNOEdb@IeF~D#n-_$45dmzA zD`!9Gb=PPD<+vxfvT7ZVCX6e(&$Q`5^2nKi7?VNr*|SjxcV7J1OG~qs#dU>!?aq)lZ6X0{i%d)MVoAq8sXm-CLp4%?jACVMzeqhoUxZc9q95yB8Mb%ssd1c#e;E z#`vSZBs$CKeMq0L_Gb+}&h+W)@SHI?JZFOBTG+5y)J5%Lc(^m}3EU@ZyNtxxU4bzf z1>3!1+qRT|?c3u5l2bAR=yQ@DigXNNVc$A-sKC z5JJzH9y?sYKU>1kpOMR9x1)pPF?fg5a`rI@wwjg;l+WkhBk=w>gTIb+>{7e)_wxVU z1Jq*zcM$TwyU}m4p#F2`9Muh=M4|G%}q;k{J$doarFHE#f5<3rsH-yvz|igt=uNT%8t>h4`;) z5m`)@5Da=O%gA!Pi~7RDtt2T$N@Mo0EGdVW5f#V^vXZPKt4T#tiL4=O$vXVXQ-ws4 zXl_5ssuDkoF5JS``qH!n&b4_5Xi5_I&^hRPL{&4K7PRwLIsX=POt78MHP3mB4 zT~d$KCk;pd2_!-y;>!QE*hb6`;`N1W2E`E=bS&{Cfh3Zx+$=P~7d&_sCdr@_l1kD@ zI@v*Xl3ir?-)sNUp4daX{x7mL#7ue+X-t}srlc8Zj(8+3Nh^36v?guv{h*jg;C&~9 zD{p%eLOQ_9AcJ%woyjL}v_6xqX94%VvF+nl_i@Gczg75vgXSP7A7Yxr=a*bRkIZQ`^mgkonQQoWIALCA$+R0bJ%t4}uBlf7ybG>pywvNqUjb zNN>`I^diA)s;8=Fs^_X))eF^2)hkt=D!-ujqg5(Zj7qK2 zsI)4bO0O~?f8XzEU0!s4^s8tKcjle+o%NsSKYefi{GNLMs%7^Ty2hDU%V3%=1?PQ$ z)0~OE6x~&Sn3KC<+aXB1qxVGbjn0Zb#%YgpoIlgc(b>_vqW3#!PCLl2d*c+-o^;q6 zT5#mo zX{vP94%JT8F4gXL9^*f;*VP7Oh&JeG8fb&jU^18u>kS(W8x66BKbpDVpy80=u;GZ| zsNtC5xZ#B1q~Vm|wBd~5tl^yDyy1f3qT!Mu8((T)FPhFgZ)hC7D4 zhF=Z$4EOQvw!JTV=|9u=*7wo()%Vl)*ALKtt{qv1EBy%l z*ZObt-|9!|N9n)QkJgXTkJXRUkJnGoPt^Y(d*1=qRI>elFC|<81PBmfS8S-e5)wLs z0hFSy1+1v3*n3;CBOL?;L`6Y_01^U95fBgs6%`eGZ)@+kYj0TpXYSm{HR$f!_ul?~ z@BRKe`J8*^d*;l{nVECvmSiRi6ak8bzcbG+QY=<1Q7ly~Q!G~mDuNWjiV#JpB1{pk zh)_f_`Jxmn717@;<8{WXKb#%kX1r;l6QhW2Qr^pq7mVIhnm^BY)+C>@U)X$=B2E#n zNN7?XTj!7CPck0UwXOaa%lYG)*c!K>&YQo}$~-zv^{E4$vAC4%4EZ;5mqF@5xDR31 z1ix8U!C$BT6{z8hAG1q;2h#VsA96qDe)?uQTlde!@BLTJONUwGvHcsCqi^sC;>I^p z;OpEk^ZX@R3u%6R?}{Y!!L{j+^8CBg zGoZ%Izo^zMDEAEfaS^upY{pC46O=P)3CN3^)Qo4Rry2V}xABg23!o41eD)rm(w@`v z=QdW(11d9Ue#R4)&;5RnDW62XrL{K$KcCdVGmSF+*NksJA1l*U`P&Tq7UcCet`4fY zu%?IADt7Ako<`U@|DAFC4Ef(_``=do-|m6?iU*2^ih9K(#jlFr6ps~86i*e;6wehe z6fYI8Sl5iE_q9)RpXEN!eUbYz_tigf?f+-)t^b*kIHowRIH5SHIHfqPIHNeLIHx$T zxS+VGxTLtOxT5$)aaD0mab0mkaZ_2(^Tc)|W z9}iNMpZbT&Q_c0yU}JX^cY(X9yU@Lvdvo^|?k(M0eP!jznWtu+o_S{G*_r2No}YPP z=Ea$pX8xIaqNOp?mD1S%vG#n+wyjWm{$FH40hC)UEo4gHEls9lDXiLjzUof`!hSln zR_ZPt=DzcbW;=-GO7o;LX}a`~^e`ZAR!$G;!7rKw9S*2qEdADT@9${3NcVh6?IrC^ z$7`hfzQ~AwAZ(JR(fS*usedZp*G2F8C-M$w_0ZR){U@QSf1+joN%sG3%m3jXa3|f> z+|}JR+%?@f?pp4YyS6*mUB_M5UC*88uJ3N(Zs^W;H~OzQ&;BBuHJ#GeXR z|3v-~(&2wX`%jtiJIY>Ar{}-9-g9($XW@88ss_I*BMF%--c_LpCGzr?x)v68B#KMs zx|Wt+C%11`xK>oOCwA;eCn_t=%y#V(m{nC(m{nJ+t`SzJ*MTM`t|p3#nvvVKts{zy zvx$-tH?p*>kSH%NAu1}k@O%Dn*9{w@U6WJtT{mtFfHgSDuA4R)kuq5_k&%%@WM)kx zVSUu!Yli<`GYsoN{(IL9s}r3&m6SAHH>^(d0D0ruVRZtn9qtZmf~{dKFIvaMQ%7sp z{`GalI_`KKvB3SWUq{SWhqaL~ixB^xt|wN5bw+N))~%ea=r>({p;Hg66PW@r1ikjr6*!@~98A3Elx zrD>hY%1q45%jXDp?Fw?Ou152;O|!^INwcV^`NEYeH+F%w@&v4{gZXw1v29xyqI8ET z%+b>{cJ6e9It_`c>P=9e8qB5bh@h3GM0E5tjhGlmA~x2LSQQsaBqYQTt5>HJiHX~Y zHET4;wQE-s>(;F&l9Drsl$0D|V`_RcSQ88N{xfT%wO|ETL_4&mxpB?&AFYXALc;Hw ze}7H%X0&D#t&7g?v^9Tgr^3Q6=4kEY_t!|Hb!Eedpm=C+ZacWXAwN}giH)74rbZ;T zC@mE=+g^rbcpbGGteD!hYbJ~rlHoPgYD9=eVWD!ZC0Ppf_3XO;5rCC5cG|; z*##olhoelRtSp+UsN{g2Kz-Y`=IX`8-mqS~wR&mka9Fc#re0p&Nxh#`|W$LAnO-PDmxOLG^b zr~8qxX9d)&N$;h>`LAEAO|SbUg5g|7>q@b&{JnL1ANvh=|EVbV4YRxCO3rba~T>pzu&40v=6eJ3@&{kf{^# zM9>;HVr_mXQ9$eD5JB*m8%;yTK|%f+!NJvJ zNQ$4v#*KAkYU&ws)22%>cYGw%(;vgL!6PywBY?~-jv-4*a>>$4f4Ig~le-|l9#KaI zt@YDbx2}#%N;*TXUw?_*u;C+_ocx$fNqI!VGX|NuHHOU3&m{{={WZ34uO`dre7}%E zaef-{@pWWE!WnY)>Puu|;zx4Ln#XV*d_=BW7eFS-W5}GGTvAcs5A%ODiR{&bZLET# z{4`dstRthN&yX=Om&n-IkL0RVkIA^WM`V0_0GS|*0ef@FOohKjZf-T12mXxqviNiB z)6qS}c(`s4ZWbLK*(@d|vsrAcqS>ldwJqY}N}I*U2R6&g3vRY$OIS0suLkVx-z*`) z9Ih9$&0)_W^Wb17^N^51=AmID&BG%+%p)Twnny*=(@99Er&g~<^B3GVz%>B&#f{n= zH8Dyah2npQzkA?6w+Du149~#UDSs21lc8WFN~`;2^v&q4BExBDZ5u(LUy~_A5i72g z{omp@v;Ldf(+9p;-^+|iUzKm!8{2XEP-DC?cIKPX#`M27_N_Gp>>9V%merQmR@CmO zt*qTyyQ{XUwz`&`{zviG@cYR(%Y?m*7fmekQ z#1;4@?R~m8&>FrEOuwKNslU>3_HQS*Nm2XPwD9n{_VheAb1mi&>YlE@xfI`X%dX*0rqbaFx69 zzj~$1sLia+s@+_hT`RB6sa4eG*5-Y4e&15NwKl)Dpti8KsCHXzacxO$={NQMUH$ss zQqDq{)fau4*&D51!pN2~d>O-+GkgKVl{tP^!Shw{JQX}w1uM%@RdXjeWndSAZwL|vatXA59@;st0N&uDz37VRedrqZphNr5?NZr$4(+km8FrvEhff!v z17Gd4R|`AsSrP|fAHYMf?^r5)>gZ!CafI2|49WhH&r#wS=p6?_`--K)zGBu;n+?6Q z7~WM3?cflliu)s(%1W?X^@(vjNp)3WGX?C+9c`=E~!K6l6oYM)F%xf z)sW_+}T{z!HwEl3e*Ns37cX+>I-HjrjZ+L5DS7h0rkPdbo}WDh#G6X{I$ zB&DPa=}NjW<@EyIn{+3~5FVr_=|%P-`;z_0pP1D5M1OJsIS|kw(wp@8A{|V}hLA&{ zb>IIC1FckIIHNP-OYVQCzkI)ToZ|bJ)cTLNps9T$|CcTL+ICg@ej-PKeWOV~att~4 zo0g6v{Xs4x#*-7siN8Dks%1CDlm5Z{lgTOHv<2CLKU2wRtg@zmNBirx|0767%phm} zPHFg_Viq|Y{#a@*IS*!m`JnwX@C9@(wEHvK^%?K@JeffIEwlGpR=p<)AQzI0ey2WF zn-?>>OUR|HT+3K-)f`{r_9Xf&C+84>-^sIr41$zkCUq{oFLcNk-B4(07#U9f4Esb! zkdb5n5k;q|w(D!W5^_ZY#gMV&Dl!goq!RIf6M$BeiR2pKsl-}x-Isd4wz?51$N$gq zB$luIxt#wl?e&ZW8~)cV`SUGG{vWeB2yEK zNc740AL(J`S^M*%~K5q_;9FtV((r4)&{lefQMhEF?46-i zn?X5VLk7ytycYg8chrydV`|e!ZJOdn_Oahm)lXE$TAP2y44+9^RV2Bb%rWwf;~>};5| zEjwvbO;y8Yt&tHOgS+%t-*wte?z6!ve8I*cP6ej(<1x_6zyJr#a(bYq1}>oVquTSxdZzqTyEwt(9zjE{NVHKsN0f- z4^B4Qs&lY<-qRLu=S=NLL?{NlHjX~^rr-RtrHdM7ZH~+7Y&qOo7kNu*azgstMwAGWMs&1)6Ti=QuXg@YaXXk0_!E*vkp1isE>=ie`ua)iD z70ZP`CbVAs=tlgqrDiKO?0iJ}^A_99y=k_1Yg}+I>6yy|51b#)NlBV_bZy1%u&OR4 zw_OH>=eXam+&0vtB-Ly7lm?9iS&yla0|RFo57eD=*muq6i`K_34mQav6>hjDyDXXT zG4RDtLvIvo=09Bhs*Cg6D>{!Rn?6tW_DP)Aq2f_LKi~De?^Sl&=Qzq_QT?y89&8=v zwKIP}%Cv--!{d9so<Uy`Ozh2U=HyqgS=)rwygU;PH+OMDN zp>u2G@e_eJw0c&XH7l<;c{+RC!DWZq)VJ<^_58Cp*Zc+^(tOyGh`TWBedUywy==Hg zFP!YstNRtp8sjrgYZFqAwY+tzCf@wjRL@D<;|2Z4&OUJU^}B6FTkZ^U>AWN7_ydom zU$2d;UM_Ua3FyIFDxC`71lme%(StVg_D&Ycb_uy1^^mo(D!f%Wrw6)9~q1ZOwUm-zDub z@SaONe81+5jrAuDtv>Gyj?UURsC$xbVp;s# z%T;P^M;E>y6y{OKSE%2K9=JJOY?~RVM?Ei7+pW>_h~zi>Xy*w@2b)b8c_HmW;>WEI zh8G`dH>I8BL-(bh9h@Fc>sJ0DHoVAYvf=0Z={@`kvTIt}uiN*sYe2xG*;*g>-(mH6a8}j2i@V*d#`%ZC2X4BF8@(}_75v^`~U2Dvmk6#i18Dl)vdV><>Jzgle#V{CHype7cc;eQ40$d~&9REDQC%fCDJ7uR#7wV;% zo}PWh!_1~UbM6ku0|w_hp16BuocH|s`R4j-Vjiu~Ag`|T^(`GfU%D+{6l&0KQGiG3 z3eI4yM=u|=ZEs?&6>)gn@D-g!kK1sr z4>8{Qqo&!Jbq@;`-HFgRv!wT_<9*tgO%_*7vi?C+YlFuQSzyjUA2r39RKbUuz~-(* zPM1MN4xNWRcT1o9{>`0A&)pRdhFu)la>R?dQ-y2KT{fQMnwlRysHZR_?r6n6w|?c< z6K4;tY_nnO9_zse^0sQl?>b^<5LGm0er5HHA=}-apH08-C`vaTzo5h1Hg4DQUiYmz zQZ_96biaAmrtV!Zbyqv9-~ip1v2W_qP56EMul9K6tY_asK`O02!Bt6C1s`H|pn+Zfwx=EzdZ=acFtO;o>QTYl@|ptOn;Q#Q67 z9O*viux*#oS?1Txw-@!Ax}f+|Oltr3HEu37UE(=vs|GCo_;UGOlj~ESCTME!S+ym9 zL;fAk=C#2g+lILG{Q2|Q&La2Yy{TWP7`Eq}vER2R!fOLr;LF=E)MmrDqs=v)3i-vQ zWlL_(nA7K3-W;jJwRMM&cvz1a`rzTE3N?SLtyfwJ>%F2~j{BJJ*p=hsFgwG&qfuU_ zzxm<5<0tJsKUcP9*YRne69?7L$PE%pmvr!*6ddm;^qp{L&*`9k-OS_;mBW8>N(&!< z*W$>^(99ioKJnL8=w^mi>6VNuT7CYAcKX&AZ!7JiD)yiHtwjC$XzkxZj_hCC>Gjw% z8zXn9*Pa|U$u;QB<>BF5#A*I5uBmH4E+;YWwt4v=;1jt z+(s|HBos&7x^SkqVAF{n)j1YLN7I(x%qedZQq$$q@iyJM=~+(jvrX{5Shd{DP%uq$ z-iuiwA?`oW8qpU5lcm)ofa%~W5{ zHJkFL9Vb?+GqvQX;{1rQ3*6s!9ai6UU&F`4HstD-x5AAKKV5Y`cs(*pp1I?<#qVDq z_+`ndq2~@}nNM%f?)+xj@l~!*r~WuZP?MNaUAi-Mbjz1@uM2DkY{v3s|pMQ>FsKyVi6}qJ@@A!S#-Rka?k#=sMGaJs%X*2E2s3S$4cO0#+yJK); zyi38=o;O+_R(KCy!8@Y6e)wR^ae)i^X&UIX42hvQVGV{SdhP#dy2aR>a+{7T8aid1 zi!ha}xiT+w&avFXmj`titmS+Eg2w8J=6V@-Hy7TkczfhghlKVWUj#{(8Bt?g{c?qd zS>o2+f~4bgCRB}S+3nfM9)U?YJ1SQ^SZSc{LOEBKyl?Sr`k9t``TJHl?i*1)<lgaY#=onM;>K-<(B_jXvLjaAjelewHFmM-{dU9Bk91SNCJ6lHZimzS zb!Tr33W>SbC5t*jE$FkSTgOdePr3Ema7D9U*S|^b{FA|N&ja@4JM=Q0d}raU<<=`_ zZ0b=~ptZQrdgK+28`F<>zW8k9C3Cgi8^@R2?6~x%WkJUs%h#p3K5XA{N??yIV|eQ% zBhq)zwW;s=gMrxI?aArly@ysDY<)UV&%;0NWe|T%y=#Hti(?+;rg5R~a(Nu`M%ag= zBVz~VY#raA(KAezmz90y(Syxzyc%X)clmg2dZgL1w0l|u=5^RxD))7IuII74BH>kX zTk8#7oF=Xt{xadH;iYDv-UcCS{Yl#$0&4M-9z!P@Rd-sF zQ)RBWYHSn{|Ng|t0`-dWOiF4gKG{0=&>81nCs)WwBJ%FlHAM}3U*B02s!nU&n&-=ZpMN*r_9vg zlf6pJpLzb&c8mRcvr{wjY~tJRHs~^{a^sjA23rdf>bl<1FDe_n>BuqtC3X|yA86Zn zkYn2V?*H*nMOoZ$Qx0xz|Itk^vE%azi-V(m^Q$^;@g;XWN!=CbG{1gx{QcHFHk&P8 za4MX4yWOYY8wZ^D<0kc=yx3rG#4qo6G~dy4y>MmM*qL=h9-k$)Z#VIt=|P<9I9R8hksUMdyR8vi zdcR9;zW?+N$;Tc?sj2t)v4yB_``y18#dS)5(#crn;Y;Ug?zU0c{Z0stw~ihj`mWXeC1v+^ z*KRNgTNgC#+HYs5aq^#oJYx5goxIH7zx1ludVgX{>ozmSWM$oG`+Q%oKs~|M^_^Y! zoBWV(=zFd@chy$!Yd=(1b+aDd2f#qc5H4~ z)wWi+#ra)wy}{M~15Qh39JQI)(SD}ggN$zP(-s7dojZ2MGN+xb6D_7j#8cBNlNO); zRA1kzCY_*k@6*t(UzYy_vsE$MB3+d6)gWdUl>J=MG-rd+0}z;M$#`+&O2Yhdz%y`9a+$ z@_bas+u5Aos<${y8~?V`#OMWfZSOs}yri1szT7|ZV0G!?eS6cn$EPm&WkTK+ZjbPu z4Q1!-<0e*kR)-(adJ%P0;;nJVee%%Qm%)jKhRzn^W3D zw(C-L#m<$>hsgOoHY86SH2%ZcmBqhyF#_VzLw%vYwp}l>&JC^;gS4}-6bYAsr-|3Sa&%jnTuk%wl; z;yuf$8vEKaW!+NdD3-Z%ui0EKoxaocR)G59);>jx$G&kB{<7gjtmfVV!y?mC)36p3 zu09=b_1drE2VU*XBW+{fKe#W5+WGX{%bJV&o&(FmXX*qDn4i~sxiNLxC*0M4#QytJ zn#sEHq{P@aSv#5qYU!#^7#Bapv{m|ndwV=B7c6$W==kLM>4hn?Z<3L#DrQZZ5@Bw2 z{QkTlTIW{}-WIaz(ctPw&2uK!EYwPKo_+PIhgZaq#iPc5TIIj7q32n9=gDSfuVN3* zqyooJN)1e(bldi^-Gjo-9y>22R+Znna(zo$n^SwYKc7}NK-{IpNN?|qJ0o~MFIdGr zwR+jbb#*Hoe3l)(vMpl%oA;CWRr^l4S58Wq(tOVL4%_CQ@B7o9f;8?&w;zT~ym`me z(s+3Lt)Bdy2Zo0p;NA|ZTKGCIe#O(xo#!Qg77OmOa5wnfbIlt#d6fOj7weMx)vqv*c75$-3X7E2wo6Y=Jh$-h+c9fiUz#*% ze{M^+_)PUzIlmfI589V?X3)bVb3xFJ#jiS;w;gHsaQj`|+M*GCT35c;D$eUNeBw1l zce|K_t2D0Nyl{QV(Ij7=pBoY9!m$V%>G|}Z}uemwD8#S==|F6a)EMhFu-4iSd+)LaES(ST(#V3mzcfKfG6fKGuop&dQ7M9MI zZk9LP@4CMPM9AtaPgtI{?Bvl;j0{f{uNR9vQpG(zdU+7C{vMhVuEfWqwIoThQ6iH} zhMxocU^T#Mu+?0T0FQ7$gzSdZU8{Pla*xT@1QBGt<s++1=Ws#A3Jjpv4*SQHzV> zQx;dn=PhoDZ&>_F*KyE&xCbRNmgtF^NxF$_B`rnfl3t>LlKvuJiH~TEWVC3i#9uT^ zg6vr<%9bRH@+4`ZLdjmyF-aEl7otZ*7bMq3PeJFQ=$+(+NWfM)mcv_CI^0pjLOXgSxTdlNAv07poW2NVj=CQ_dvsI>Li51@?%VVeI zDXXoPHMCw!k9?1I9>pG)ET352wrsF^VEM_4BW`KkMcmVRka&jmMDfq!wbp^+H0w}t zmNj^WGQhvl!-o~pEw+gBMLQ(JET>rgW~pv{&whd9b^BS4zu7Nyyl6k!5&i+eZm7c^ zy8#Y$*1tes62x%P1j#wkJ&C%)`n>f? z>s!{FEsDgs7Td+`L_bP8iNum(QMII8v`;e1a;DWd%XwBSEEBB4EZ12*x1_A!Sn64C zvMjJFvph<-b*^anmmWm*=ej$1oO1W~2(Z_5^s&F?@WegHW48S#hmqm{+CHSC8YIbI zKEYpNSQacn5+x;D!JatyV-@^EvNGO1xGQ|RC*x1oV6KG@NSzy!CbB|5rALO^Q z?FD9tu_>~)UrhShc9d-dLNZh&Q?CrTY>F)-Q>H1?Rk;ian&$siC4V2=<6ml}b9{B^ zWSeLEgKZJ5;cQ!j^2(%k?sfxh&)N>Py-dsfZSUF6vVCs5#P$=N-p|h4ZnLeqU68GY zU97EvU81ePZi8)0J5+F*tr^X~s^oV;ciIE67vK@L0DoYQwbDBfZ`89076al0YXwum z+QHmlonYNyya?zZq@Qw1#i${l1W0bE6H)7y-LrG`3r*i+csP1Zyg_lp09Ns#hlYk&rn8xdHVB z^7)ZYm5s!lrTXWi>cQ|=*UBIp52a5BB4mwrV;dW>O>j3D&#tUKZ`AnbVpiZ0Vki^M zD%P~GbPq1Ds1#RN>=##A92VDD92eiVo9A%F;=cH<#WV3s3qn$F@ml=E;=Pz-zs^C= zKGi`a>LIZfxky^r=Q%it+$CP3A(F|W`H}!ph-8Lnkz}bTQW7MJmDGw(OU&%IIh+*T zlw1})lH3u!l3a10;nBsu!r`NcXZ2R3ZKY;uWTj;(w9>U~W!2Ww(yFVaqm{j7A1f=% z-d6qWuQ>SHKXe#p|I}fM{Tqi#mJ6+>TQ0L&U>RXWc_e!j*gHAKS*BZUu*|hG^-y?h zx9{b+%f7GUK6`J+9Lox;ZI%bE4p?5X+GBa%iWHk#8;Cnu>xkP~*V&J7JY_%D(L~(M zy17_n-9~I}-9hYNEfITJcNh1vwiEkUJBf!|yNX9!j}q&*Xmq&_)TpVxL+9Ar$)M1m|4-QFo9UacuO>o#^=iso}PU5h`&eNgT z&c)#uyXg)`-A8+virP!mMf#Fwc0msHc8eW8+r>G&wTpBxw$E}8r7u%6Lw(xA{Y3=osmy_2J zuijpxz4m$>^vL$C^33-<;JMxNnCFk463-J(*PSjn-FHIz$2`t>eD0y|q~&BvmKJkfAhTR`O5RI=SR=cp5r|&oIRXvod-DgbROn>*W;0g zg_DPqtbG>t+bGmc6 zbB^3MbZGV%J+OW)Jl zO=08cX7B0ZR%zqmcG2c1x2HBfZjqiN+)#bxPP?5py6kYtcG>4r=yJ^ENsl)@?n^aY zo=Npx-btJK(CbE$`<~x=;9<`~pF?D|53)yb>vS)Z0+D@y?5E=GjcLY40}Hrr7$kE1upCI`eE#K+mOn z-gh2s)5KILJEmKv&9ca1<0XdR}MiDfPe0O}}VsBx@wo_v*6yUt~-+*_Z6HH&DlC zAT22&(+4sIY6H|6$O6a~s3(vI&;TjqlMRE|7@)}rDT8dbbRo!ANF(7GFI^AEbZHJ8 z3#H{!rPA+k8G%2<6WZ3@u*>)fk z{f+9hopr7mq#3H|+Zd!6)f?ApCvunQb?5o>1cuIrdB)yUp5be)=UOQST@C&C#m3W& zy6Oh#`5L|BOyVZ#i1my011M($f2}1tmpPC1+x9%~KN`(*Iiu#b_Su^+|PZq60!)aVBCTn$o;15Hkw)SEa^uXW{mkBvTY zFYCP4iO`+JtK?17k24S(CK+Bcn#JcBhZyrIXR4ES9`7~O(OM@?$6L2p@3KKBeP^u@ z?Md7^Zi|U+=YEAN^{5U&D8Nj*+kNW#b5{KaZnb$D5@e&95;oFgb7Hpx2dGYglPe zYfx{{TtAaH$;d{lJHIu>qj);qbzd6{<#Kq>b?c4l`31(EjJoPXYx!v-zbb~~EnO6Q zr)8#pPrr}BB!g)Nfd-$99~;awgy(#NtA=fIoBtL9zfdFzV} z`Wp;2@HX%@@H6l?2ryV;kY-S9a2!U!!O+!ks9~VtaYHq}8h;v}Z`9Su&&c0MZj@)F zX3RCdW^88SV3MZO&h#Ew2exzWY00(vYsG0*YW1NefejAYeY7WO7i-sObGUqNcdj$H zlTLRXKb=6G0-ai&GO(!*tm5kW>(0^*&`s05rOVe7=ylc0)2oD$@#75zDWf4tl3v|D8V1fNS7jPzKiCGiYrnHtY}9iuu0$<9vaU8CdITG}Oo) zZ1y$s2D@j0-S>r4!Ce8DBj(s}CY!D`)fF}u zbQPd>{ky^^&T9@wtB;_Mmamqd)+DW2TJvDU0<_9B{RD|xNm?mdWm*FSm71AaHCiJC zr?oC?IcVL|x~F9&RHL|5jiwpZiRw;?sanlG6dL78)HG@q6+k7ycxO_@R3%kSe`X4j zc&Dk$)I7mG>M`}2YOT%H7HBuuHq-8^-Cf&8+gaNcK7F*kwTEi^Ye#^mL~GB|4$$UN zr?peG)3h_SleF`+<=WNS3k8?8uW8@Yey;saTfki=2o{)eJ8`>mTXV(SI?dyn4qR9G zLLo_cQ}^B6Om45_K|l z9&6TX%5@3^c{2W#J^k(VJ(+kvlB8brAaT4`j z3X=5roJ_p}@ZM^@20?=0li-@3x@o=MbG=)7pY(XV);vB>z%%1@;!&nto-@ytC*Ta_ zdGqv4ZFuu|d{a}?0A4hBd19&4LMn!{_l` zDL!AoZ_YR4pEPaF@5FcDJM+8pUHL;{{;}cr;rHiz^Us-HH@$2+k28-Szz^iVFb(0~ zF%94>;XE{bY#PYPglk_OzkpxKFXPwnt6?sv<=62~^Fuh7`PcXnoX7m<{I{l`_-aPc z9G+3N=0{UCVH_us;{bESETcdpEn%Wjl2L(CrIDdR$Nfr+zF&T$iV zhj|8G6bbvA=i2qlDvx*G#H8&rRN$ zd@|t(cmjc7y71pI2f08YzDz-F89om95}+HOKYvCd#J2-SbYBfgFy90GJOU8f(nt6Y zSm4)~xKefl@M|D;d2a!KQjwv`5G@8mf#xJZSO5{Q=2%H0z=%+=XKb_tj7Z2}#KnMZ zX}!k0_JBQAWPJcHRFN$Lj0lBDrp(2F16A}^07i876YeX-g8(DihqKc>7%(CfPGd%d z01l^RjrK(VMufs~%!o+9Q7U>X0Y@`>#~8gBz_BWNaext_FaR@HsRB=qjI554B>+Z* z!V%11B@5hN(6UDR)&NF?g0kMVfDxf^0yAPAU_|2>jCc}YL@1oWj93pC5ela;BQ^j| zre%%wrT|8y+-L^zRKSQ(P?om|Fd`JrVMe3@Mijze#M1#ILP6=n@H-JAo0c`!D+i1S zh0B-`Ie--^dbxlRp`g^;3OHXyuK+M2wq7CNA{D)DfQuQuOIV#K0bHh{R}L5v3Rf^A zDgf_L(c1;MN=3FCFe2p(S;Y4PMuY-7)lu{S91y{2@R>;>Y9WFM+?}2yP})Jjh)_`G zJp>pLN@tRY!w^Bl&RYi<5j*b@z=+s+j{-)-&U*~-FF?xq0r9JV5p9FaC{`x-DJ6w;Zx-vCC0!XZZX7H}I>A!}Z13m6d! zfsCFRV2O&J17JibbnA+_Bj6q?dQN~5p)i^$&lxZx6wH~tJpoIBdMYt+7r?HxUgNpo z1{e_vPE2{d03$-7H)cd{z=%*lUpb=S4tM}9Yb8b!Y5Ad@x`{Vn&AeP{6~0B#aF45r7fdFfznP0!C!b$Pga|7}0=i+y=zQ0!G9x zZyaDmeHlH(#{))W$&`oqM8Js589l@&0Y=n|ks&?>Fd_>kFXB@HBl?k%AwCT-B6i;C zfDygvf^9~824F-kOdW{N28@VZ-dwO_17XU`om60L795AB$OkTu; z03+(e=ph~g7?B%e3*w=G5wZ0m0VC?l=ph~j7!g}1m8RDA&BQjy?MLZ2KB0eKSytg{0!MK}YRXst>0oi;Y_BkB@c%h1HDd6Qm zAxvJxR{%zY!q1oy5r7e)&&VDr0V6^|N+02x4>+EY^<-qL0cS9>wu~$b z@D>%>R=|iZGyQ^iKHx&2D~t^BZGiUz-C$&h*8oOzlaV355AYEcy`z8;?P2r~KL+?X z&|XG{_zA#>P@pg)P69?$!{{M?3NWIBj12K}fDxTyWQd;!jHr&0A$|ccqPL6;@r!_; z0I|pNDPTl-j2`0803#}5WQacpj7W>I7x5Q>5ydikh`$7k2!;KO{1sqCG6p052Jl;2 zuW{~d0E`HQ21fTC;P)ze9|3=6^pw{WLIeKc2MC3Mm=OkmEf`r_MkWG00O$r&KH>ub zj{#!0cP!vwAa-9x1KzD7+XEO83i_B4djTI;(K`Vc(KDuA#7_dY&_tOU`@jD8N7pg zLcfQDy4Pdfr+{BEGNtdn1^f|+?Q20`6QacX_+AC^V8DphFfznL03%9eWQd0X4g*SK zWQd0YMzo2MAszu3(Pl=5cqCv%R~Q-MQGgNEti)|VJOOYe5DL;U&v(USu1 zt)k}%_$L*;L4Xml+u;Kk5nDC{Fe0{W7+^$f*$BXh*nKb(Fe0{WG+;z**%-ix*s`&J zCj+tTm;!jViryT+bAkHc>@=STcmdE*MuvC*;DtaF7#ZS=051j#Vq}Of0lXAw4kJT+ z8Q|qWfs73CAi$A8Z2O`B#{;3D^n(Pz>s9nN08UrYlL5|A(Nh2}RM9H}yiG-~1TZ3P zTs6%r0Pg@oL1{}R;GK-DjPdY=%R3496cD?wE&{&9=qc^H4EPEoOJ!`i0r(~mJMUe}p`a|U9`GYZ zmcW$vD_}$@D6elX03%|z?JeL2MlXoT`wsAXMi#=zJ^)69g0j7x+QEGl5DHn$T+$UV zA{1P%<9_W17!eAUj7$s|5em#SNc0Dc=nhjS;$s2NX7u2aL5DejR{%X_^bijP97gLk z&S7O8;5rC|LUYWBlYk!r-DC37{0Ddr0zyHA86g7f2ZXMFNQC%Uz~gAW#yb1~BSJy@ zJk}i#7!eB1;o^(<1i*+;XvXMG1dQn1Ijn>DB*2I+GBU&`1D*lIp4(>vMufs0Mt2rq zL@1~;b<75g2!)%B-WV#}m*=mQ{jzXSo^s3J4Vf$IzqTTcvlwu)>q z;AJYZ<$w{P@L>TSr$E4wDta-1V^w6U03$--qA$*y0C}F&IfDxgfEUySKA`~7odfNaaLg73kD+Y`R zg-4961TZ2LWXwHtDd63-tkJJ(0Pjp*P#q_aq33=j%!=_9lq@CqQd9`O+VPX`DEGe*x0up7`drd}mylD{x((ih^h z>F+=$(sA~2IbE+((iSv>zN5L0mRr&#G}YmdC@(H2mA-zNljy+(OU5;+S6L&n4adEk z)SFCbd`ZPMZY0pRD(t*J(Iw;BXA@}ZVyB*Gl?h2IsccPl9Jh2LZNC|-6>J?GpHAS1 zGj)Pw>K#Pa*pog^W>QhTm2@2IC&P|EFyGOZTa)NJ5O&G4STZ~17ApG(jU8LFX}tqjmVce9I#M2A z`5`Jk7XM!fi1D7ed+7kQSbS{j-_9Z8rH$ShvTXA z=;JsZsYP^M*m8D%VjT&~l2X_+xpDN-XtFJTK>HH*u`#UnvU`KwYFs`(MzCsO%W-^W zlXJXjIqd#nm(cXg!Xs!+2*7@9ExQ$Xu8XGaSwJ7L4xUl*S!qo+hrDvSC!NV=5XUuc zWc4lE26p@a{arHd^XagQm$DDN2vdlQ$hL6A@uo*E-K&1IRS)SS*4YnxSEFYX^bc&< z+NE^rc>2h$ogK$5!up$=XeP7TGM1Ifo|o9A;hD2(>RCE3drn}N{B;S)qi|h#G*7bX z#WPjYamOVbgZ+Ayqktv&jI*UnaATbpxTW~Yf;}OP)|n3bS1U`{PxOU&B!OlRwuM}} zhuIR6Wg+%7+^f@A@-)I-r5vn@+k)flvyxptj^ndKmsLCNpLujGc+SK=tV?^yd{*ta zgaDSrkrijxg?$p+kK=eO@X?$02Px~k4r7&rM;Z4ddxq4Z^)JzyN%Rr-Jg#>as|22k2ov&;EjoPE!L{R(U5uOb8!R%TRXgT&zZ0%}VlE`YcIsNYDG%dki%^nv#!>~P;o!Zp*a4MJq!Ho9p zrg?qn{kyRy?l&B7IybWW1lNUUWA?0q^KPQ;$LANG^VvO*bvUeZGZU^M%D$D+d7GAr zbKzM?L^h5izRO~J3%-tE3-NI|(H+XSCELPrGF|?D`iRTKN8B^m5Al43TgTR6$IsH< zg>y|{wFT>7tJrtu?a4<_yDwcYZUxrF*Ba$nhJ2#*fb zL*4&Mp0G`GN6rM#ZUsQsSVdsM)yDkeZ-phhG_*`wdF zZ8t4H#Y)BP#d9zAu05<&T;>gy1oy^9!s$y}YM5v0#%ns;+GJwZ7fme3cW7)K9PiZR zOvHC1`{`K`3i(nFzOLaTzTa+IT2l!gQ`}PA+t#p$IRSU!=nmuvtBvfuI2Z0E+5~0< zn|d`qEAf1ebK$;XUs-Tll;xv2fql;6GcJ{w^rfX(6Z@?)SECPHZDKRqLhRf4EIZB8 zyv&NT%WUe;*mCSGcrImMquFs>4!agCVS5@bziBPFm$3fzCbr=#CfiOt7vT}Xa(0W@ za&~Ha5`8O*$3>SstkT0_#4?bu-yh<89$W%j&bEXdH)UO&v7GH8KCE^fr{nls!y_I< zOW5~{>~X}U&1RLrt{2DALcYei1)YibjjJ^oLd%il0K9Wm>ij_aJf3YV=$RbHMRYAs zS#@En@I4Z45&Nz(m3Z@|Oza`}KEDY5F-jTO)+WQ=-3{d@g9P>SEuq;2QB$44xD4n;C6dUyDAn^)rcnv{mQ|h5ZNT z!hMU|f^Ej{C6ei1nd4gU5toMBsO$~YQY^uDGI*>d@P?dZpZ*RL+X1_7dVO9Dm>24e8#%tzh3x>9gc)@4~&|N~hv+ zfhr*2I3Bz8@K0e%d$5E(Z?o^x*?nljsu9caeFa;G9q&x{j4ge?mrPuM8U=I-$}vKt z*>tv)_`IAL1s|j?2VHd}oMt@Es1GAv>}9xkr=x1gwvHo?RM_v){cmeXoo2 z;`yyJT}wy$D5iT4m(bLHoQmH;;S$)R(}iU%p6#&?eyf1v>?6Ma#K-PTUUV+tGVx5v zwuJq5k$wMw%fvl~GE-EDZKqs+KKxL&t3Ql(V1>h3s$>q zXiKo?<5>$|N3cGAgUUXGus)vEagA(W!d_uPmx=vWIg2*lp?$9vP37$OoH$j%diT}z z+Z=WYxL)?#Gn~r4CUzr*Dt(1@x{>}M??#S?BYwx?1MgSR_hK{PNRbQSh|6dD75qC7 z$Z-jNS19M)x*Q}ZbU>- zL}aAiji@M!Sh-T~Mszeq#Kh>`h>fL)Rjc%F#KloWJd~k>$|&?wD=J#9zHQqGwc_Hb zY9%ESkHlVzu(}m1-3g6tM&JNrI9D0oQ=vQU}Fr-b_f}q#-M$h$4`2 zi13?1@x3(@lBC4?4HS`_EF@Bp&5*`L^+b>wk&zS;6(uBAMoWp9SRt`0UP>e+P?FVE zLaMr&lI#Xu9YRP21yPdV5Fr&BN=d@Pg%q?$5*aBaqT(qkAx}zdDWIsrQYo<=^wkN9 z8x%?DMkQ0+6u>-WBV9hFyJ{81joU!!CU2y;sd<#{maP;wzlhS^wvFNz7gM?=r4)C2 zIi*{%gW^^~UJZhxg0d-zyojQxbZr)ak%Fm~C3koQ1A+oQS;+CNHZKt?p6_oA{#y(BDtc%lqfhvN`!_}qKGId_y#44j-?z| zt&$RP@f3`OlvtfaiPo=|5*xB9LS85&icmWtzn(Hb8j~=J2#=M5FHuAs%Cnjx5*1P+ zHM!Ku8>K`l z*rAKk!lXoaI7LJtdm<@Gl(JuwrJy%XJ2f>~d($S0NJF+LZ4VL>!Swm*1m`E56YD9- z2IaYvDGo*w4d(xh|!w#xg9%N^NSx=3W=RNHE+`64DBFM8-Z&eo+c&IWx}=@s82wqhGaRy zwhA0?8x$fWLg_qU6L5Nt!@f>LE5`%-1hHX*6y_<^Mk(0DnyXaxi=+hY7u%&o8Jd5Y za~SU#8 zEkzWutwKuA=XBpF&q;L7tf3s&qVopjLB3K#IhK|RiS1=lq8!SGxsV8=^`yjFq_b5@ zz`O;%K=%*mONmn22GA>!N=mm=BHC{mUxjm3gnbqKBZ`u&TunJ9qPc91kXV~U!Fehq zHf*GbRN7CNG0Bw@d1xL&^9pSP@^|R#2%%bJq>zY;-Xn=ojw|jrHFR#N5tLdG(@uJv zuwSZ0qPaMiQp-cvkwSd!0$m~q^)ck5&tv3c>6Ap4Nr|%Llq5$%iE_6{iLHf{2<8q6 z%tN9QbRMF)2=ZtlA4Gl-DkQ?t`Ja#GdMKNjU+6Ky`I&1a)VETK&$VQ8A_e&ZIxpz5 zAT5cKz%^8qjIJYSexc79?4K}?6G3Y!5uV%7Tn+ODw%1W6qeO6?O5nO6%0kzkt&}Lg zn39wr|N3%$W!H`T4E#?{5ji64CQAnjcFk z5nQ7rWsTPx5%Od3E76zvAe6GB^<$(&EIkjvoJn6xVg6f;KA9SV%4j)iuh9T7WZ9d$5jy z{Q&%^2?N^|I>aFcH#ZdqclUD)9v-(DJU#sxyu8yGe0=H{e0?8M_yLRvO{NF~_OUUU z0?eBU$iX&GA%sO>5Rs8+Le%bja?yyq?J**Xx7QBRD>N43a|DQgAYeNKwE@Wr!41fI zJ(>W<26HE0jR}bRK)4JrL}MZ@c}F*LG$wL^oYg?s0M~_dKNLd<1NsQ1(O^8l-UHj~ zg+X}xJr?u_7!U6SgfmbXSau7R1q%xg9VjZoAc~8f50sRY9Vjiuz->@~Hd5UXBoYRZ zR^$da3@pPi7Uzyr=jHvT&Ih;xwFTo+wlX3I9t%`2@Ubv#)1WlmPK66YWu?fWs;U%* zYQSZ8%O$EDN=m{Yl6TVpM|SWX1^Nf`23#0!2k^`_R9I>g1F2XUQ3B=<<-S;TNL3%>#BZe-}5PHsNstOx{^9cx@t-5s}a{cr5@{0gO&rV@L%$xLc>3ov{MO zQGUqoNiw>%@I&h=$>A2t&KU;XBccCS1?(ExE@y%6;W2?R#GwiC36qBs6KO;s3`HcT z;6&iINs#@9>p*(YY%K!j%mC^G9#;bKp;AeavNA)F@^S}}ii&8F%1Q^3s;VlH>gqv} znwm9{+B){b^$n7T8=Ke<1I`7{EkhZR39mgC(w}q@x8(EK6nOsW*d6>uxb5gSjDNt+ zgl@|mEIVKgflTk{8?1w{PXOfstc3c3?PnGS;-P3lX&DAl4s;gEX98n)r=NiM1|-{S zkl%BN)!X}_x{uGpiEST)cLL(J2$&C6@=ib)1=($C{@U8dHy|zz+YuN?w>b;o!*a0C z6o4iK2BHx`yZ8y?3xtaWXt_dQ>%d+D-P|4Ziu0KN%$T|FA&JP=+1KD>j~@R|UB1nA}8at{2Va5NUO zozjt!kS$KZAX0bM8pdeA!+_2M?BB(^IyAN(_yjw)7?OEuH#dlT0^1n^`Ga6QyLJZH z4#1V0w|x~@w}9O&Mq?rWgaG*`SjcxG?D7JbgL|L}aG!x_0_106|8P0bZXyPe1au4N zJdAaJ{1YtXpTKwv`7n?#3hguCC&0!6ZV5Oq@I9N*urC4cnH%gMKt3;oYYFIWy9wF` zJa^khU}1~`>$+{9;c~x=x-Pr@_GIn-G}PH90}-YVzPQtQk8mg z^6f(@Dc2`pe>`{OMjqhkKwe8;r~@1#N6f3ch0<$;rHX2hO6WB}9?U6rWop;10ZsvM zvjB}PEJVxw!Kxkkf^`PgvA^&Zj5`2>2;AWvNT3HWCg^E^D+-~f=N3hOG&*|zL=2oS zYPg**YV76}e8$`Rg|QEm4_P@|w@|(7VPV17!wZ&g6c*0kg8PRtkN$QkRE7dUZ|_!g z{c>^f3#XE*;G5OeMb0%X!cZT#AGmqo9(a1rJn(9fhWtuoikoL%ikJ8M6dzyCR6p3K z2R`8lDI#_`EiS1qJ-H%0xv~@4s{ z!FXYgv^`F^UNSU(ptC@3p?Yv1o{+x_{0A@|VDF%ON`%IHH{Yl4{X#X~hsDwd#-$zz zBmvt5KZEoIv;*3JIr4$P(i-|efRF#G2k-&-9XsQO=LhWI4xYf{0dpwEK(-391yFr> zU3YW_eh$V1`T_Nz=a5dIVGiz#M#DVFAB_&Eg7|Ya8eIc8cLN&T*a&k@G_W<${Giwf zY{SuzjYUH^fCl;qwT*`TxoiwNXQyvUuqU8QxiSL6E-2mtwOfxtgFS|D2xkG!8 zjYj8ew?$J5;$#(Q8eq$y=QI#!KtnMOf=?KRCOi^D7Zrs;M+1z9p3{Q|u5wRQV+1a;$`53^D1GW+H zZx9QCV`h*q0AzNDkHEO$u8i;i`kM>Iwt&9uVDnDA4dDrV!)^Q~Kz^3oPRtJWBWVC{ zg?Tp`3&lgAc#txPUn0U_n+)*2zV4&Q@|0D0dAoYsks;^)(8CZZSD=@UJ9B3;Tab4nF$$rXu14d|N3ux z2JG?9p257x9W4iOI06(i!oo5I)(O}*uui+NH83v_g981gDI?OM{f7C-?jF{nvD^Cx zaf%(@1jiiRpjhW_`(PiuF;L9luYK5&S$OP#*8tA3t?$^{U7oZfJCNK#J}`vq07nzi zge0&I|2dA`cpBhWJM~~W0rg-xfMSF2ya4Zm>;~YIP#duC0rYWKj(`sfcu*BudOPL^ z#hZ5G7%(maKNYIC%}aJ;NYJ_izaMZ5Ad|4a496=VnT2A7PZ$47CCD57;*>yl)`h0c2%&UT{4azqf4#hzCP?uuO%avEjfU z2G|;pCL|=Hu@EN&F$*ZRh(SOYhJY{(o0+MM$b#y?>jHEg#74JyEEJ1^IOq0$Z~Mp1 z+i_Xg&-Fpe{n0V-P65QRfj`2U!3}1dI@NZvv$J3D8t>>I>`-AMdt0AY+t4sm+t`S!Yif$GYi>r?13QUASl7ck2xJ>d!*b=0A$S103G@;!1F#9g zUf>_>mWctrAC&h;b|D=Cvb+<2gXE6@$Jc>w?!=^Eyn)|?L2Uz$0^+o=?L`yPc6cmo zgSPD`!7mQtiJ;83ED@UTj zLEI3MW3=0!*fq3fZWy%t&X~4!8`9Ms&Is!^?Eh~2sjwdgcr;j3ptpbGh;Taycc3?6 z7)1Dv%)t8;dZ-o719}Sg50wRRALyPDajL`3Ev>`deYwNKL*==rXZUk3ulLWry>XpB zKJJ~qzI~nBvDkfGVPPs=;Q+rt-vH~N`Y?|JHV5SGV)BlR!}|KSEP#Ci<-mNPy71h< z{_e!B;JLv(4)W2!`hl{$eeCALSo0t217vH*4*zKr@HnV0EK9rVwObdgJscC-_8H+h zz;+hu7sxk=L+x-!c>RFi3&sd!d3W4E=fQgwC`}La5cr}cDtx7-&!PB=HS~_t8S<}A z@l{q{;;X8<%~xIR&R0_t&R1KT##aYq3aSU=O7b?>f$#sw#9zKA+#i$%vJK>Mw;l=j z*!-D$>mjx$N#U80i~uX*4kK@p4d%VN`7FzOQi^4pEueX{$N; zgHZ(q`_>8z*P@DwRMv`1*rQ9!+}FyRmH7cSz+(sVhwfpY-%T0i?hbMLRAm&{KPZlZ z0=^gY_Y~lN-#`YgJ9>=xFFyuTW-qKe@Em?*JZREj=z3+yMSj&LSB7YJW(u$A_@qna z_PG&-eERF}4JoHh9<}{U3Dd8M&H3nb{)<-1-O|;I773C4&B9@Un6GmJx(jiHUvARA z3-~+5Z^d&9-W+OCl1rmJl&{2men>82$Y6DW>ZxGnxz1<0KQ3S9zEWuvt@BNkeyP#f z_->10y6gMm`ZxB@Oh=BqUNyMc6Ywtn{EYSIqXCKBRL)TpkE;)pUWa>4zP;u#sU7=M z^L8e&<9PLf#69T!+}yuw;)3~5hUmVaYUph63`h+wnsyGRaO`OkH4 zis(zyC5o=|4m*u|A2t7MFmknMS~fRVjZ8c(cj7jq?`C<4nn+7FWu&P1g)6$q4fJHyIrw-K z9;4KsmFzLr^;hkUq>k$QvZ!WX{+@KNC)(fr2kpClXd^_V1rsE%l8|^1N)v6%C$u0E*s{T+9uF=-LP(WloJ2Lzj<~b ziSjZ1fljsATa=IP9=UOVMqPVZ_^gRd1SPq2=a}VLACVU^D|2h)QfP|yMi#|+AqTfc zv8#l3bzPtDwz0vVZ%2^6@a~(~uvw_Mm*HZB^Sz)RX?f^%J;kiqxnn8CzpvV{*ESJC z4*3e!-F&CPrGVWBET#G5m!a1%j&c5(+MzK%jlT8EPbz%hMr{_n z;3CN9792VxRz1N+%j+8WXesr84sHF&o7+JndQ&FFOLJ5=xkH4RPKT77yp;THw{TBsf(LA{38x$p}g*YL9%GG>r8jGguo$U$FI5uw;pvwkFyBm&BKXh`h zOIFYu$_jakHd|{raQw?sq=)8`_wki)G_@-tCHoG}OYb+jmh-;2lKx7`8dv^JVX7lH zwEFbs!#YxfM^1KXID3s{c6*S7tLmwi8K>oAV=uGxxMp(-J7d4o_6^q$erc#G6+ zh3zSh9=NIA|MJ7VpZGZ%wVzfWjypcJ@igz5OH|5v5&2yuNnr40k5mooxMCX*`G2&qxHRXv7%|o@uv@>)uZ{WUI0mex^A$V6Miex#dV` zS39#Uac(|u=qsLW`1^esC7v&2=@n51-K9z+-D{&%Cq86(229jl-AW2&RIccIE^ska zu*m3h8eeN2HJWLEb9DR&@tRb4Kn`A*j%J`hbYm-2UCX=b+9@S`DBbftKYwmju*ZL# z{19Q~I+CMMEceSbtcdSraFV0SyI$rO@wywSt8qf=WuAk~!)j-gm3h~n;aqXi<8}vZ zugppcYwQ2waa~k=7|^>wfw-)OAH5z<;pbc#ojQlo(Qba z4Idw^vZ#@CcyKUg&rRgUe12IlcqSbWAjjyMDN~|-H70EBg6k+MMpgegrPp;)q{%(!_)tGj zxmVfu(bFAH?rX1yT`Te}Y5c+xboXuyy~p>yFf|)=r8G<+Ev#HT_`)@9LhhpXUhUaO z+WF$EHy^!w{#v&p`{1bH@@SOYa$xD%Um?6^FOASOLuiGkchB}z8#}Yed)(->q&pgP z_w>BGU=;^PS333YhrPz)QF&L>ucwc{dDwOAfw7vT+|O5JwA8fhr;RsDu5;-kpWc7+ zK70CL@agpwZtAoomFfh^1g6wmr8Bkd=0~5S`Yn)cj|SR_Ot0t5`->wD1;e7ZEt{skB`ui|f-8FSWAvPZ zo92=wo*a>JDTVf>M;^8w{j{{xacZOqeD6*t2BjOx;L_5=lHZR!b35Ek(fnuKY@M$eb1Rf(_OF-9QQRS7KXh4e;o29n+mez3D4ErN zjWz!=YjVsFTWwPp)n+%`h**%TD`X$6Twc}X(Gz7K=XQAdHBgj-nIqoVg5-35z`VbD zX~9Wz@M4R^gN{A7{WpB33Pm{LXe1U%dJ4rKC5;Cd3hyzb`nW|?r*)q*^StBFa+b4S zGk2o?=yRo8(wTjShYM4EjQZndddGz{GbkzI`u_^`@FM@&==5UVY2sv$96;w`tuy zeEF7Fx9^<+`w11q>d4$7Ii>dgcLN<>VMh9h+e}wise2utanNjJRW4jn4rcSX-Q8+f zm)z~#i#1f%etm4Yy(NAya+0sm{ejKN^9-b-T5&{|^q3GwI*<3%5;J-vTkg?s%Kqh~ zPK#{b>w9!V!*sDtewt$Hzc+pHr-oa4&7FA{Ujh!Og-&gka{8hTP~BUN)2luw*8R@jhRv~Km)tYtYR!km#+Nw-d8 zOI~rv=wpFh{jB$=C9O9fTPGR0zK5P+w7zV$Z~j~)$$l(yVzuIkL7U=Z>#NvWzmxs7 zn3ahQR@rA5Rh7N=hIXFzCt`!vF0Tdq2qj?2IK z+NYytdK z6x`XlK9?FP^L!`i)$;82XLU!jdxMtAukCb-EQfitm;-em zT%#~G_w7x5tw28&Hz;bH_^kb#Y+hUI@n9z2EnQ~`4`-)J|5x=gr;J4G-t}~uEg$V- zB69^1NEJHK}`N-YaNyLrf5K*3&7C@)*#UQ~~%zS8-Jl9XuQ+CzROFjQd8tuS?VHB&ke0rl zqbJ2OmG;CSXXA(7-xl|2HJOqL?oHfqw|sQ${P6}M`@6<|x7s}Jr9WJ{`GaZj2bGPi z;lcXwAn)TbfkZ=^@BZZevn9gSiw7qg#Jpy^?-Xhro*paDC@3ABO@@9@?|C4t+|B1F zG;NDJBGjcglpAjJPUoB`$Kd-<{nE zT;6X>8zJy<9%V~%WSd?uo}beQAr_dtV3z01zY(PYg;@Vk^BJw`-pa1r7GIqXrf-vtKJLRc2h%p653h>Qydu9kkp z*9xXK(AzolD4Yye!x@v5KF+s`g!jZ+9LscwdU(gL*EH`(J=c51<`SRh4|=q#-j7)) zUcD6GQ*`0;1~*xvz^J}@Yg?U?YP{X#dU~r$L73Ix3fF+u^Hkp#Z?ZV4ZR^dR#_~UZ z+~7NdIL&C*MKM!b-E>v1Jbz|C@(`=EqSk&Z!TEicOK9w>Nk3^n_|V;bM2xalyb#PV zh5pf#m>U{-OTCVqp&ZM?OIzLA8ev}>6#c1H`=-g^mG-i_IyvpHj!j`-xoC;i#nO9) zb9K3v2IneE-v_r@jJ6-Z>yPtaqZOWHD3U(!qMdZs)F2>gKh?S5Q?J{XlFxgJN_{SL zp3^QVy&Ur6ng(v_hq?eJPKbN#&6W|jWmifFw=Fwk%a0{=fRea?f{Uiz<`&74 zIO$#ILKrOlLdvF6`wIohu~&NyIQnL5Vt1`$;HJzHW!9&Fw}@7mysOw)z6>z&{zqi z>9=$sf7`)gHMq1iIkX@aOxYaa&Awr4<{dMnr)j8wc~X7fem=>k_MrT+_p$lM_Bv#q ze<}PV_X_rC>WISNyUP)Jx5)`>hm6J9pik?Y63jWJE|avBS5 zQC7bm>U~8q=E3(zS!ep~7jtzpomml|#)}f-gzj48M(Z2X8(|)q8J>IWQfBagr6IeL z>Bior+WeB+ZiQXm(ap2j40uE3G|T3*0Inc{uAVL_5jpJEIJ zo*B%)c{XxdY}8R@=%kB-!^P8Vvpjw?buS0|Xs5^fBkZl?1qJghKdT>YKW-B3>-e&* zMYL!@k(qW;ZuxvurLOsCto)o;$l#0FfTFUwOXKS=n~n-)ujsmG&12qL)kn!_6zwhR z9qzg18`V4Ow)#u$=#h#Z_h2%;JZH}XX}Di(Cf`j})3ItKR->sK)QWNml55}lJAWDY zVQwUM2GVyTJXflGe?OEk?6picanyF12(Rh8lalN%g4)z2Mvo>N-913b(oQb0=Gipv zDSPVa!mDE6nD45R&UP_25l{5x9MoU1H77)Ra4^bK)HnzQL_{MJu0NKx7-tD=7c?k4 z^1a>-@q8I&()nf2uWzpw?vLI%N#c$5T5HVaX;}4}(k>~GxwOQ=gh4*?-nxmpW zGSPfHij+!b94Rc7{r-SAEGp=0%407t1IE`EsU_bCR@U7trCiCnEX>MKc~q5E?ENbZ zG4&c>rJr4XCvQ@BHwI}B%dlrzhkoD87wn?l`clHJ=Xah#-M*@MaK5Q$^Wzv68~wwN z<|-~WtCFZee3UEJ(s+g9lHyTaa)t$4Z|xms@|I(jA|KTEPLFllc1Ch z8TJy2CMh2SUOU1Yw_e8mURvB*g->&GGmk5?UTS-F_%i3D5l2nm%t0KwkmtOm+`ALO zu{T&eGj1u+4F7fN{*TXp1a;m1BTf2`bjN?B*Z-YXPWpHHWZS>ff~)^ZyT!!)E6v~7 z{I9gI?ZUs(Kgpv1PAk`_)&HGl${P6mcUt6=SNLCPw^ja+Rez;PxIEJjf2GM=o^yx% zm3}JLm|pfzS{Y(=v~T}OfA%Ne|1992w0YsvFHS{&(r))SY7P#+{*w+Xyn%P}@%@vo zJWHdr=W5=cblQA(4|nUU-89LIP5IKPb6&gYjx5fwx~!X7yJ=ZQ{#BvSuAZH=vKMvK z4<{KV_nq{~Y1%sCFjZ*UPCE1LaVzo{&sU!Br1fG1+%=RR-2Anj=3h##x^+0W=xOqH zTKF2phhsz*PN}EcY5cQx?uoWD@4UXjX=PXWi_F(#V`y0u;51X}(F%5|=l6SJAHnGX zpS}EJ+6`Q-O-mr{rq0H?>PKI7GX8E1NRtdlIB;K1PG%~xHG(v{px5~KfoZOg6P#Z_ zdb%_1e6v*V%i6xh2q>wXqM*B6M1i6ZYA>jP(l04qBwgoxrq*6s6Eh8^)Au7hrfy!G zz2Ad(359wKIO3K*9{6>N%cI4(0)gN!lH#Wwyn#(gGZ&YfKp-T#1y&DgXuKuMN>nNhbX2Y7sFN^Vo;Mc=G8DMI9*WZl%e1@dHdBx(-9LCz%g6QbXttKh((Nx-EHbj$2ffW`Tzi*{;e#1Fe_D6*9C<+ksoO)0<(JqmHPW4$5~Y5a zCB)$OWCd|bW}$k>p>9ug%cbU&b!FR#I&;&ywFQ9vYbqpKixacyZ6^z0O^)ljZ1LX(L-vcSqJ2D zi#md&FTX8qPWj4O!?38sGO}Lcv&lX#rRH=EZ!LMF;Mp%xwieL<^3yR?u5GP4F+cCi zjEL10QqJ6eZgPk4X5;&)Z|J>G!x^{d6&i#|*1tzTSH>4E`Ox)TrJu#4pENS>7kD&W zm>Y&{3(HiZSvx#bAW};Ix_^Dbd9>Z?p!3+}0E?^&5b@g)oEA(;@zWrsJU8R@+* zIAt4A$2x8gUXNsbzW>=}Ws-IQxv6ZAu8xz@#@!?(VN3ci=J%%_^@twjNRIM6fp2=5 zC6~Z^TlFWe@e^mu4=!`+p`D1!^pTF2@2qw0J>JV281KSw`nkcTU&l!E<&OTzT7jezgk*-uc@TS=N^j^od ziE1s&XvU$Lac1KSK&{gkj*jZ) z*S^W{c_#Q4m*oO-bo`AgTQCJRuH48cY*RwTk9{EZ+>++ernd_@5{e$D^0}T<-73VS zT#K3Qd;DT@dZ2Wiyxq2U5|x7AAOEO`(VK_er$*Cr%u8d-wgnq+kZqA*bs1yH@^R0W z=Hdg_&%G{>%#=c1x=!3M4Pq}ovFx6_B+W=LY5t(&xR?;1aXtO%5vo@$Yeg4%3=5EM zbktqnzIQwmw;!>$5ZOaUI??reJz@OK?@w03E~9$LC(NlSwMh2Uzu&u;^PWmWN)BnZ zA5`VadvIQW?{XHkYHQ%@??%?8Gr>*{1XC(a>vLy6B@}z|Se6axBc%Le+r&lF9w%h( zZ!!+DdgNvMu=2hW^~!`MF{Zvo`3K&j=cL{jjo7%?ZE|_jC#$zMkXig!IGUP!Dg#*g zrZcwgsrKY58P7=}%ZS$qH{0I@&A2_+s*m(iF;>??(AIJ+?SJ1el3P0+euw?sBl>LK zxoaaLOs_tQk6kU2itF%=V4Zr#HLDi3!Q2+7(OiGX5i{a$MM zM|D>|zPs}_mn1#2sm+tF@$WJHl>I9AX&qT6W6-@e-`p``S{RyD>MH7mf9#Rb(>gk> zmglE!1@;NJU2Cdg%1<0y`Ca;!(l$?o^sI0?D#|0`rh;)y$5R8zj-MQS^)mY%yMk65 zWNUI&*Een$u#w*t*&24L^0LdbPO8_v%IVFzwn;xcd7ziotIgWD)%1!{xl3Qrg~e9P z<<(2~MmCfj#TUt>;|HC^TjJJV_pUP0OYrKuf7rHBS7xF zm5}dipnIo~YLBd>@L`R!Eh^D@pD%{T`X~CSt~l%w6^~ed#XMTSDS0W{x`tZpfpOvk zujnvq7tgwNwF5yiV-l^2Sq-ZwlPRm8QDTc!EUo2ay=zXb^$Qc+ybssZkJgo3a>sMn zTZ@dCTfV{XNy*`^PuqOci*g9P|1h#8(K|d{xKnYUOo%-@ zXxW0IOQpz`#pIX2Yc(+W0q8xP_jp>1ZJ%l=2%SwiT@-L3H7>(0q5a!YAE$4VrwfVk z7E0N^{PGFoIeRL(ZO(eR%J+um33ojjJjIiiu73S;Ds9`>S1Z4l4pfw7PU~8xs(m`= z^rR*wW`XZ5eX6m7FWaSCF;$l}8)tJ2`zWjE^3FNa{Sw$Z`(?#%P*rd_hx&Dw@3_O( zo=EX80S4FSndy3(XHFZmys25wx}Mu{bx)|fn4pO8;;ZRKUv=w;$QwVIlFx8CJ7k6y z=0&%?aeppls6J;l91&c>!FGSuV6ws6#!yHm`1`GikhyNBJJ+Kl&7*78Y7;br%7qZI zeI56t8|t%9Ur{kCNx?n(MR7l#(#HDbOv@>;F%;jArVn#`>XRx0D;!^c`L!LqTg3BO zXz+Z0{=&Gpe8HX4SFiU^-VRvyF|-+!qaD&Y?qzjG)c4z&I}YZTDV}+cUAl}c{2^R< zt&gRlxm`L(zrGncOeDO2<~?kE;|FD*y#&W4O|nOGNfiglG%jR%gdvT84wEejd6|`} z?y=L$SXHU~9*mm9WjS4ZmDt1IeOo`x;WoLIOHT};LzV2%md`7%nRasoqlzMblXaSN z>Q(f|45#~#^!xO#9(h7-^vomRUH6%UTR9q+JftM)#D0cX(<P!Ck^8L(L-CKe82>0yT-Wu$?|MmQyxQoZc z&OO4MxHFVHbFOrmyV?Go^UbBV=FD`gmbZ8o(&uvz7iyg88V~pssMy{&;2jk~Ho!#G6Q#xI{7znPyfa?7^KL;Sh?hpia>09r#NlV1BZi~Ae2Z(8I( z6&}w=o}T!wC4YXM;ngDTzSp;D+$HAL3okoeocZ98!{$q`m!^^?i_;AsnZzT65 ziJFC3`|aKbBp!)e4W?Ika?JvodEH38sc?S(!?T`B-W+H2a(RE48CPGmt)9vZxsqI9 z#&UpIxB5Yqa*DTy(@fR&!QtV@U!8hpJd69?_grdrmyZ{v zqXV47pNy5=v9c~C@c6GHuZ(D@e{(2}-{>x7 z`qomqMzwhC=&$jRsDQ0EQC}BBep<3Kl{D#&Bvtd#DEx?CmTKl2;JTj7sGgZ~?AYCg z`KQG(Q72^0 zDwPy4vQuP6?EgGC#h{$C;;YwnNYpc1ZciCSC=1i6#TkCZJ3sb^bzb0oR=(%-0b9X5 zz3^{GB$~>noZf|;{@z;c|B{O*I;thHZp&Gr^mE46kwEPBN2Y&O#( z-%I;nhZxKc$t5M0f3vb#WAzBVUm0HiRmW4+bQSq@B`)1QVIMK?7LOpS<89Tu;!0gi z$b8RNLHp;22k2iJY%px*E9>IPrHQMQS)VP~jGw0rzI>xd(XLje-81>%T;=_C8j7e8 zpPH!gQFrb)H`BO&9Q5SjtXz4}DU1uBna*TNT*|QEyClx@+wS3-1z*p=j&Zxw^`RP?@Z!JUmVee#e%Cf(~Ksx*V z=lA<9?`zYJmAhCNN_?OSHXl8rkigXwZfeqKgM6b?y20est(>NE_q&7bQ>4MgH_0?z zt{vnvdG&`ZxZhXQ`K!NZN?q5mIDKeU&U}PlxG-9|NXwbyK^|ebv!3w~e%M&MySpG{ zUgyzJ^FZD?SD!oQw_47uT)lWJXhDY!%a_ZH+qyX?=4l@!ZgY|I*TMb*m#wD;zi}Nk z#;qfv#zvloCayKP4;1SUtl?jNy(58Y$inUuiqVNi;De<*aXhJ*+hntSph8+E!)LajI@}>08{1vXhTPeI+cs z*IyA*&m^?;-ROT^H-IpSOzJ>r&AEyD&`_QDOzkdN+qVA5Na#|7(2EXp^JDK-vsaUx zVrzK@rQMnyHuZMTe2Qy3)AZ4TMr-28cp*x8YG2Ep!fO-1x{WYSY;oi#jb|4+zNpdd zb(3Q3qI*ZCe@{QU{^RM;17;Mje)qBI?W-{vpKWWjAui) z)J?>btU^Xvr%zq(?muF$G$bkKi7f9kGRbyvrTTHA_b7^H%Kfd!_jRF?67r4kON^>M zV$6XSRX>*##-2KVlZosXx;I$VDBx7=t}lhTgO+|)_F8wOik+4|JW?Q3o5GXl=CdAO zfib<44$@!B6WTLA=sLINeK~b0GlDYPRHZg3DVc*XKzP-d&Hd!rnDEzO_tu3}F9iBp zm_St>%hyFc0sGl!SqK_m30r}y!;7}>XBnqudX=vXAUxUAK018pUO6Q0<^Ix@`tgVJ zI%WnuZZ}tDr_-LiJ6e`hc0u~;ezU+bf0NFt;goSyik+tF5$OfqBj0}YX?ohUrc+(Z z9KTKb}RIEVFLM^4j{sqUboB|D8;L%xLK@*3wGtb|jiiQY%*s@aM5 z7(0Ge1(iJyt0zp4nIDLEY7G5+HmL6c&(v$jcl9?~V!oVPuKsRb7asB{ze^%ZN-?su zD6^_Th-jADMaQyI$N)f1+k^6`75FQ)MN+3o1ORhm!9*FvOPg#GoYTvMg9-qHIQ7(tBh!ebmZ9-P*EJu@8!W{r~eJA;1@Ww(tJ?^M6$WuDEmh?`v*9`QO$5yRHAv z?|sAr#ZxuI#EUg6G!djG&7b0%;;ou2SZ{0qHWWLgi9m4U6me>}3C(HERValZb>ez) z1Gs})$M9gV5%^dY)?PvkA(22LSZN^;M4xgvZzy zgbXYKVa7Sn*@Yb@yu&U*WoEGJgs)g~i3RKyp`2Tm2h`ew6Os_eDN7u{5hcvwoLSBL zTH3gC68bm`2~gq|&RxPEmmqNu7bromm7*1i%almRRY` zTIE_JxJ8K%xStZAahnp9cpk|^cqPeG_-m4v@ptf1k}miZNl$!+WDaN={!oa~iZP2h za5`}^a0PRQajJ8riWlIEuyus9xT_NLIF#f^83(y{GB@PrWgf`Ama&q9exFZ=khAAdIkCzNBG2{qU@!bRM5iAy*;30GX0gcmMaVg-km{EnlS zOvV*URO7ngx!%S;gxlPn0RoYyDXZ0|X|8owhCR)h(@pE9%%F^NXLmT zM0V|BqLTI_qVNAj{j=H*+HZ;9h{4(j#ADy$S;4*VY{pU{dokrfLw;^ z1tL3lYUll{6=^ATXc_R^OF`oQvm|$Ymgl{QQ`-zI3LPu(X>Lxpa^elXQgC9_ctK9%;~Qij)9+{i}<=ZmoF#O6=SMsoRyp z?W;H}iMzSGQu~kWZr2cZ$3yif-KpHs?$quy?zHZ7?)2^q?u^iv$(`Aq#T|iQg^vID zkf1b)!yV(!>CWZO?at%Q>%JG(OrTAF_X+NShWyVTzCR@bcscnE`A_oy&*lH?r+@eS z&lq;^pkH@}NA~x5cU87$vR!ib`QNSm)gOr6 z?$Dpx-Tja(pw?}n13|Jz*dlHsJP~WqZuVN)4CJ?EJ zO#~PDUh*_V9-;toko+*R2q8lL82JSG4EY<0Ad5s~LHR|Hu0DaZ4dm>0^uJyi|A%M) zYw7Ospg~TDnkP=8Kq%2Yasf;{^ zJb|1;=pzl00^~->3&<+yZ(v&@tsrdKmZIIA{Cl5>?uQ}y5`lO2-_QSVQxcFy;9;2s z_zk2$%)MB=9$zc|1m7h79N#M5ga06HCp#wo2|q2qj9(Q;5N5@{;TOd>@RTyqvh*@Z zvRJGkM$+EVS@z+^WQeOn}^~jHev6 zY@8gKY`7egY^t0V-dyq~K2*{M?=5)-fBRotgj;)`wxo`pj)IP%j)so0&SR}-T3Omn z+C|z=wX3vWXp3qSw0jlaDGV!oQUKcULhF^*mOP^Zl>!Hx*3dqxeOc$B&UGDc9S5CY zoe`~fT7%m2+T+@5+SA&I-fn~GM7j*6iDWv%a8rV2L|tP~vK_U~)EYsV^|a!I$1hRIw);wZ3-P;9eSMuI_x^4I*i(qYPm!?H5qLcwR)nK+H0bo z+7i(~%~$)J8tAV^p+zB4rA{SFrA?(o<%PVs8Fl&DF`X-S5Z+BRXM66rDCWutoTlmRTZbot171|q^hABtB|T-s`609TE$nz zUL{;5i5Nr7QAj72K%*7Xex^W2q$I9OQmC;IQ&fkLDXKN9@#>2TmC%3oLLg3QGb&<; zv}%GxW;HC4q@JT*tlmv*CvqrmsDrWg6NMDDiK;{*kpmigm3pIkn>v})FQTg=N@I#R zOGHbBDmoGEh*yaF)y#;2>JjSO#^;$LgH$iHa;e&%6i*X*)x3z}YGK6Nsu_?JzvZ6f z){4u)=HL?kB|#U+FV;xhaNsVvSO?qVq4 z0lIHMZePzLW>hs0z}X3eelboDx?X@V97D!UwwG)lgw_xX;Qj((^#f!E@(MYWgg-hk z_D4d$OZE3hLO@wyRe(o;Bp@u1Ezm5`DIg~BQb1PViNKJ+8-Z3H1B5YWKKB*Q>xeSW zA@1Y6)||HyO`N0L=b-*|pnf9}vz&W*zH$~Ju5#(~nDc()EJN6Go#Bax5ZoWKE(ip# zJai%n$^#B{7&_xY8hl9b`G0eIAP(^%xP|{LFC*_L?k=t+e;l+-GL*jvUoGTq;48=j zP2ZMxg44nBQSdcUK7F_U-JW+!?k4|>E9tMi?b4(g`DXd2^4;5QfxQ2HD}Ocee}20k zaR4C%{npfBgeXEBfkO}w-WWejASMJ8j)}s=ViGXP7!oEAbA!u{>n_(lE*CBjE+4J{ zt`IICo3o@kx~o>ZPpo;;pno(i5?9uG`5rW3P(Vd3QF+{Y=zDav_;+lKoFw;lIg z?t9!W+#cLM+yUGn-0NJMTx8so+%((_+$`LCxVgCZatm-D2qz)AiG>)6vlHr4OM`pwFkTrf;S1r0=2cryrsprH^13W%$T2%do(( z!m!S;$-u%W#z zd}NtrSz+1BdXQC&mB?zxdY9FO)q~ZCwVbt@wVAb_b%=F^b)9vSRe(*E?F`#_HgmQR zwg|R#wsy9Dwn?^iHZpcfb{cjDb}sh4><8IZ*)`d9+0EInu-{Z!9ico|WnbtV zsvHZQQ)zgAzmGQACsrN*1Mv zQblQ^bWz7q`lvIg^C%P4fX=ASgw98uIh_@qA3B>l}VrC3IzV zm31|BkLk9f%u!cRv#15s3hEnb9kq!fBfo*7B&Q*_L)}H)LwTTlPywhAR0Jvpm4He? zrK7S@`KV%4IjS1PK+Zy5k7`D>qB>DMsD9KCY83SrHHrF&+MZb}p!)Of1@VebD&kIwU(@n7M;#&5^(#P7oI_5ZN<=3z};`{H*JAV7cs zVU7@HP*j|?T8ApA72AxE2{MroLVyI4kU0z?GY~RB0ttyjTeQ}ZI#iss&KBo+tjD?5 zsY%M0U7forSC_ke?3+9gXnoqDw81oZ`iZnhX`9pT zr0q=`PRmIzOrM)RIlVbOHa#u|BLHguSXxN(YV^RNE=wqYSCT>U^NZgY6UE+?!-HH1Wzfb%j@l@j3#0!a+6R#!4 z2cQBn0`mUs#aVy$-`{(0LjH{WdHIX;G5Mr?Mt)_!EWat=nBST2&R>@QD1RVdm=6N3 zens}L}rL(hbxBj6F}sCOaINJ~t4)S?hals^&)L&R!> z*N41`$ctMPd?DB$G150TU@tmc z;Jv^nfiD7w1K$L`3xotggJ41MAVg4n5HbiAloON}lpi!XXnN4Bpt(T{f))i81)+oR zLBt?x5Iv|oh#SNY5(O!Pv_Xa-OOQ3l5#$Q;1o?wj2K5Jla+Ahx88c>V$LQbl-J@5G zo;P9tm~TdJ8NFxp!!g5SPL8=YW^aB#UR2)kvHNmvjD0?K=Gc_Hz;OxV^74+3K0A6S ze@5PtvEdW0kG?;;Fz@;3-$!4_xt-204S1QJ104Kqj9^nwj)y)aS@DGk3CJV{OJjMtrg|=3V%On3XY9 z_!H>uko@@kcsQ&)c2Ot{_9E;|WO=j)aRC8~LB&cVAn^6@MUmx*qF8AhB6w?vCE^U+ zg*X(q6{dt65XhLE@ZHh35gB2K2qYX8nHP%>eiTd$v4(3ShTtzEmC;s2KjK)-i`f3S z{c-tGf~cJ6MTo}Op*VERvCz3;H=_K}kjUv#o|s3mhe91NWkf!_93CG%H+oGhK4eYw zaPW&@PgGts9WfBgkI4&{Mo?qkK)Eni*yPB8NNLF2sPbTC*cIrLi2iUy^s$hwq3IkU@C8wx*v7as zagX9=g$#%HM?8sn2fGqB9A*d?zz5;{NNd#OXjk-&7y$wrtBpm3%niv2T>~Em>Oh5A z!|>q)5m%yeBIgEcL%FbHFi+TmNP46o+8WJ`y%#$iJ2{RRtc}9Q4#f_HA%m5{e3%6` z0JP!|d?-?hK*r|8-wW@LogOkdVr~QiUIa%+u8GWxf=ADd8wiGmZ;j;#uZK;B-;Uvj z4Tdd>m>jt~78wEw^}sHKXGD}o3`Z12?vA8Jzd=A_sIgaK4IyYaH1rr;5NSc|k6j;k zA#PSg9{f=BVAP?gM^VVgm2hs%^x%91Dg+(^56cf9jv~UK@E75aVjdyZ$L7T3g;|2> zp&zcr1Hkfj_=mMO!5NYFB8#H9QT(XJsCThXqD0X^{09L75o11l4vU>0`{5M?!p9Ng zsBydF@?($1QiB_V9l_`jYKSKU9m)?Cg{}`B40Qqbhy7tgVHd)lgn7b`g+B_XMxfxc z;C%RQ_zgHda&i1GAzRL=&SMqlcm)2nd3YK*Z$5 z&|}JD`eW9_Kw@FBH)1p5X2to#(i83h(gCtV?*;bnCmJgc?%L&U5qlYzytq(gCwiS@+7$6laygXbGE)DmG-wsDa#7E=-_oIVA&(PsS zKuQB3XMEIcczk3=WO-y`n+vs#0oF>QkCiq$z*jV^u+X zOH$!PNFrd;gCea1`LuU%3Gp z;SOYkA0Z>$hunue`YZZEec?062tPwc2nz@cXew;_(|7TAz5P$tu0lq54S5Y22KWP@ zBn=V(3HSx_3*?5EjbIbk`000@AjKN-&c0Pu5^KiQVO zJNpXo{%v+=N>@s6%IcJDDLYg4r5s8*o^mDSVak(~Us52bXjD9E6efcg~m zIjRiBLUB=bsI{masAH&;sB@?rsGm_UP~cQ(YFH{VH8nLqbxP_-sdG{nq%KbVEEShZ zOf5}irdFi#Q-!ILR7GlIYHMmosw35%+Lzj&`c3MV)WOs}so$p_O&v--n|dkrdg|lU z-%~+pL20nG$h6orR9a@*=(HJWi_(^+%_y8xC@wr!c)IXX;myK(g+CXb$UY0SM+2${W1voled zpJvX_tj^?QS~EqN#>_pL;aSfzCuAMX`X$So-Ie`y_9xl>S@qdHKuwido3j>Y&&=MR zwJvKvu%^iD&Wy~qWQAs~1EfpOI+R)VXMO*ZE5yGlgUqsLoya|q`#Sf2?)ltjxscH@ zS>|z}V{hdCs}ldbJqct8v;d?5oCn$;cqp)Z)IaX=&#{=1806oUA3l>NE(%-_ z*aT_z{gb!t!Kp*P= z@TD^YG!3Xf0JJFZACD6Z%!n8VN&t-l%>@3r9!QA*DS-J-!$9-@L&SXx3JMPae%|B2 z^VEVRh36Mw3a>0EDZII$wD8UXR^d!Yc42nmSb$o9NdSt!G8-}*GViY}fGmJ4{41YA zMpz0N0Sy@e2N|IlQVbyhPyuKF%)i2hjKGDAPz4#G1~P&WGJ*&)LIY$3Ib;MCWQ0b@ z2rZBibdV8@kP$495jr3pz;}TS;`}QK`3d>JML9ngz?5oA9Z^vW5PQ`B=?iWHb$~iS zcEDrY4a6OL0pG9>@LI0`eE~!lSN$1zTnE|!+64TQ^A?~Vw*x)73#1He1kR2RJ!lAA z57?8(0?!0q3A`QnC{Pe24QdR^2pS0bf6Ibh6VzGM4ftK+1CRmuB2)mmh+dQtkOTMv zI7R%Tx*}}G~EjR-F z4|@@C4hsU&f%rgTAT>}FDE;%C9@+0-EkDE(DnTEjz_maexE>@1A_@PK9=Q&B@n;oM zumXrHG=a5XJ=g?p16#p%a2MDO_JDoh;JX>5&1!&f0qBB>mQLH1Ud;E z;cxA?0HgJ9?f+2!KbQZn?fO@6iQ{oqihZBEFj7&;QLM3G-<^37w z8mYm7bRj)RKXN6qAGrp(9yx&AiX24lM(#%*LLNg7A^AAa5h@As->1AYUMd zkz;cg184QTq;0@){!cLn5)e@<1<^nZAeQ!R&XF8w(BE70pVtuKMX(DYR~Mp!UxZGM zfxz;DuY?c42g3701Y!Gw2gBn-kkNqmKjuOxJd_JZg%^eIhYmsEu{U6kpf5t^hHs6D z4;MwPk9rfb2o8^cMR+3fL#UyP{%Wa$K<}W#P-rmV(ha5t(}TIef?yF~u}Xut2GQdk z!LDFW@YY~V{9w?^;Qhgr_%p#*f@cNa4!##WH4zd53)vr(5t0*Bw z!VeLINJCtJy}L4GAY?FP_n*|pyWnR+u7rr!-rECcmgi1r`Bn0p#HG+@oU0%hwTR}=>1`502}&V*p0B;VUGYy z`bF5gFi1EuJR^K^_@eM#@e9JIhoi%Z;r#IZ@uF~UI6eGDkTP5wZV7J;9}e<_uM9sN zKNJp$xDgJ4J_>&q^d{&~@UdWM#FOy#(Ol>UTO1jYACVJrD;^465HURhA3=?H6i<&R zir_}Tp!^6ygeamh;%U4g0uFUVyo`56AfPKF)&ti2?ugg%w)l7PHzEQO9!0!}xE=8> z0uD#P5%73;20RBIk^qCxg)e}|Ly2%aJR)H_Tm(lXBqT`T7Qo`y!jVub+z+2e^@<$Q-C8a#lir zpfM;0b5NkAv$LGz(+BFPDa1X@CQ0wf9w0FRmuMMTYl&V|+_`ZV(?@RDRpN=nw4n%K_=0gXgr^5~< z98b6qe--HO8_~lt0>D86MZggYLJ){}1QL;fIF*0`49QuDxrjW(0t6B8zf4CIA{@5H}D8=o28$_FKX`1SG}+g~#j;dYb@Av_c)wS%8m307Tt_6CE+GnDsG(G0}SF8)_kIhT;Krh4| zf<1|ykT^5Z4_yh3kDHs=4=qT{2mCBRqGTdEZVi+k$Bz@mDdW~dKTovAt%=(jHvruV z9gM>#4nj$ZWr?iB8*#g#FXG@qdwgsF3qRBr591qwCM3nzMQbPg*0s{ks z0-=GyfgypRKx8{CFgy?*82R6@a{fCK-~$PP#epS&?L-PB2T}kFsx+`HkRHhRHy!`K zBg4OcpF^N1AS)~fcuoeM^TG3gWfAxikP8b~7T|xFj_F@ieGe23eg?_~@@c1lKLRfR za%q=(qSU`<^FGjC(D#6S3jzNC27v>?2SEowP;dx19DEoA1H-{b zK}P`F_ZSEXnWth2Ybmv!FAe3!rnL(_k!+A$%TG3?_q#U@Eu_%mmYc{NQr%70_kSHPBU14Pc$t zf%#w&SODgMFM_WEw(5DX1biJN2Y;}5HDDD``#(N@1l<4Bjs!mhJpla#dITB;P5{S%lfbXQDL@7@VDo~r!9Rl@gPww(fKCDL$ATw- z$AG7SKV&k`10zU`+0@&NbpqHRCU>x{!@GDRWm;xpNnawmX3(NplfZ5;EYE|E~Y92LAu0 z0SGz}9fS@?BhabnOmr4{G=87&%6PQDQWhMobGvi_u~97&FF#X~$SGHjD$~#B^cYm|lzr>p$OTjX*Ol&!pjpbr1v3zVTwhmj5{TSPVZN=)a2CM~Z#dczCSO?aL?ZUdS zUTh!Mk6ngcj$MIWiCu%;fZd4Qjvd7A!tTW$zXxCOW(90o_gmEcG?GLC`c;JCO(Tq{n8Yr|P_Jvbk3 z1?~&nI^1`-LEKK#?KN&v_KO4UgzXV@`C*jF>D!vTQz%%hIJQpv(%kXl%0^f|+ z;`Mk7z8&wxcjH}nH@*k&!S~_6#D9hF$FIU~z;DEF#c#uZhabf6!0*EE#ea`Kgg=5m zfj@~qjX#IKfWL~rhW`>}(X93-41oFSYg zoF`l%TqoQh+#=i~+$X#uK#F6Ek;Uo7xy7T4^NJ@FPb!{TJgvB(xUhI}@#n>uVtR3T zF{hYYTv=RITwPpSEGU)~Hx;)Ow-)P*O~vNoj$(Upcd@IuuXtJUisJs_RmEQyuPI(v zyuNr-@wVda#e>B=iuV*BDn3^HL-A1Yt>Q<;kBgrc4;TMY{I2+YG4O?15>ygW5?T^o z5>Wy#i7Uw~8Cx>BWLnAel8;Mfm&_@dU$VGlNl8)3=Ox$@TnV{^T2fjF z6K50W5a$s;A?f`wt|op>{D!!exQ@7q_$_f8aX0ZG@hI^a@i_4$@f7g{ z@dx5%;x*!R;!Wa@#5=^h#Cyd1#0SLZ#Gi;i6Nibv62U-NDVPK!g_EL5aU>*Z6e)$2 zM#>;%lCntIq%ovC(l}B+X#!~qX)0+BX)b9VX(4G5=`+&jBs{5{R6(jF@krIAT9SYy zB-N4XNn(eGiZo36jr5lEj`W@sKn^5_kVDBo zlETRmPsx6DSiYQz+9Y(<$>P z1(Zb;JcU4^P)aE@3Z25BuqbRwHKmp!q=+aD6e&ePQBl;CHcC6iN^wxSDQ?O#%9oT? zly#K#lns=Ply529D1(%plzo%~ld|T-%$stJE(i8-%}4! zk5EriuTZa1Z&B}3A5ouBUr~ptZ>gYCaA`EnQc-p>$K} zK*81>dGW#4Q0wQRhha>Q)VnPm08L< z%N%9CvSnq<%T|_sQPy9!rfi^WbJ>=%!Lp-e$IH%?T`#*>_N452*^9E5WndbV7C}SM z#?mrrS+pElE^QKRDs3ih4s9N70j+?xi1sP1godM0Xhk#zjY(tC%4r-LpH@q&qbX=g zS|hEA)cf?Hk%g+Gg5!wC%J5w8OOHv{SSp+9ld$ z+AZ20+C$oJwAVBcJ(wOrM*vBNar8ubDm{&!PajR6OrJ)dOJ7RI(wES2bRwNhFQu2! z>2w~QPp_ue&}-=edL6x)-bT05SJJDwdV;m!&F_AHqF`e-- zV-8~;;}b?9VTx1 z;bW|1tYUn__>!@fv4OFXv5D~=<9o(o#u3I*#&O0e#%abG##zQW#tp`gjN6O{jE9Uz zjK_?h8BZ8b87~;WFoqd#7=JK=nJ{JqGlm(}K{beM~=dCG$(>SIpJSjm%BV zZOk3a-OT;W@0mxKN14Z%$C*RSlgx9>^UTZ4tIX@n8_e6xyUZ8NSIpm-e=y%NA*^5) zj1|s`VnwqMtQb}-E1s3WN@69mP^=7A9&0RXB5M+B8f!Xh25Tm3K5HRs5o-yH&SJ7^ zSR$63rDCaBO{`{C3#*l-W3{n5SPqtx#E>#Q5Bo2(yMw^{dD4_S9vk6Aynp0dE@0p)?^!R0aKaplS7Y2_K^ zndQ0VW6H;t&n%x)zM#CIys&&x`Df+Wa$GsSyttfLPAxAh=ako$3(Ljj%5qJ4N4d4U zv)oqRU%tBh+w!gD+sX&acbD%e|Gs>v{CxR^@+;+!%3qYfEdQhYZFvAYkPTypu_M?~ z>=<@DJCQwxoyQ)}p2nWep2?ogp3h#uE?^h37qN@jOW9~Po=spEv&rmIb_JWuu3^`* z>)8@^16$5kvo-7{wwA498`&1NjoroWX7{o^Y(M);c0YR^dp&ytdl!2j`yl%Wdx(9S zeU^QWeV%=deT#jU{fPaT{et}q`xW~)_G@-12gZrwAULs{L=K9R#>wDhak4pMIC-22 zoQa%ioH?9%oTVHL2gkv42%KULl~c+o72Op*6~2n)6<<{JSFEoX zsQ9*GbH$#D{S`+lj#dm+oT@liaiQW;#m$Om6)!4YR=lcsUGc8seFcac$PM9!awE9W zTm(0c8_!MQqPXeY3~nYji<`q8!_DK4<&NX#b0=~qai?%+a%XTq;V$GZ;udi~-bJg57ZacSwYvVe&y<891 z%kASX<1XiZ$z8|Y#2w&n;qKt>;qK+`=N{l5;hx|QaZhs3aj$Z3avyMi;y&g+;lAMp zRR&kWD`P5?Dw8YIDl;mlRL-qjSh=|J)5^~(iz`biX_ef{no2>Xq*7X`s%)v$Raz@M zEA5reN>^o1WpAaoa%1JD%7Mx)l{+eTR_>~NUAeb%f8~M7gOx`rk5-=DO zmG>&2RlcYkuKcwU&x_?H@ltrHywSW|-Z-p9Ooyh7eWUJ>szUI~xH zBlAjm)jR=D$gAVk^F+J`o`R?3sd#FhmZ#$xcqX2U*TeJh`gkjNU+})-ea&0LThANd z?cg2c9pRneo#dV3o#vh8UEp2jUE^Kn-Q_*tJ>vbud(8Wp_l)ibh zU97rYb+_tC)zhlyRliids(M!i;)D4C{78N@KaP*&r|{GGS^UxbiTug@sr(uIkNI=? z^Y{z-i}*|UMSL_L%g6EY{1QHqU&`n3EBSnWJzvak z@xS7K!{5N)$lt`@%-_Y|&ELa6#6QYE!au=3#XrYC&%eOG#=p+L!@tje%zwsz&VRxG zga4KfsSc=yRtHyyR!3GxRYzARRFA4gRcBR?t{z)Gu6jcCwCd^AA6L(-UQ}IF{dqOM znpjP)rd2bmE32!k1=V%c4b__J#%gV~zS>>wtzK5Wyn1Ez7uBn)zph?ey{>wF^~UP& zs<&6~s@`3Fp!)mjqtz#>FH~Qt{;~Qm)%U9JS3jwKUj1wJ>+1K_kea}npqkK{h#GiJ zR1KmgsV221rzW>%bj`S${F*5>(`u&I%&PggW?oHE&C;6BYcMtVn&KKtO=(S8O?6Fe zjj%>iBdw9wC~8zS`Wi!xvBq4}RnuMLuIZ`it65gFv1XuVbItymLp49toUA!jbGqhC z&AFNjHCJk`)!eGNU-Pi$r<%t#PikJ&ysQbV4X%aN!fPXIqibVok+nIsxwWHfD{Jy= zC)7@=omo4(c3v&1mR`%KWz|;HR@Mq@>uS}t+FE0+z1C6NRqLvC*Y?z|sa;#UxprIa z_S#*wduqS0JyLtDcBuAb?SwleB$zEI6f6{cDp(>|D!>SE0=$4AC>D?eWdfRjE+`kU1w4URpb}^V9RjDI zSFl{LO0Z6_Ua(2k6^E0pWuMtu;7T`nBWJ&kl>`?C&ABxCxX|4-vw_4fx-|W zOc*YV5XK7=g-GEjVUBQ&Fi$u^I8iu7I9>R$aJF!~5F^A1@j`--B%}zbLYj~+WC_cK zJYkJcBWx753XMXOuua%5>=4?74xv-nC3Fcr!ezqc!mot=!d1f6!u7%p!i~Z$!mYxc z!h^!Y!Xv_C!YjfX!Uw{K!e_!)!q>t-gl~nQx}Z8}U2t7QT|!-2U1r^cx~X+D>Sor> zt}Cc3toyWXNnKIh(z@chk~&%)y$)T+sjH}~sT0%zlRVco*0t2>>kM^Wb=`HYI(J=9 zowx4Gx^L<>)@`cWT(_<6Sl#Kmvvud{&evV2yHt0r?oQpCx`6t?`k;DfeQnGKJR6oCdVf~`|#q~w?OY5=q_-F`< z`u2K9y{Fz=zr22B{f7FD^#k?a)(_V2soz__um1b`e4zg&N%{#yNS_3!FI zqF_;oC{z?9N)RDMDWX(SmT0VKf@rGfBhgIJe9;0?foP!!Ey9SfB7&$yL=;g)Wg@zW zDPoIwqH2*qBox()WFompB~pu;L^_dK)FHBpoFcDiwP>Aay=aqYvuL+ypXjjYsOW^~ zyy$}HlIW)BuILxhOVJzA@1l1ih&WIjBn}pbi6g`aaf~=ooFqnxGsIcqT=8h}IPoO$ zWbridEb+(UIpPBG=VGiFFD8n~Vw#vPW{8<$uDDWMC9W3Nhy`MyxLzz1E5vGXv$#dv zD%Oh)VyoCDc8a^jZgG#ePwW>j6E7F96n`b|7q1b2BVH%oBHkw6F5W5LCEg=GC_W@U zDn2egAwDTSBR(s>0L*B9UHqf?FXDUR`{IYK2qg6qk)&DDBGF3>5~IW{>6F+cc8NpMBk7fRBz=-)lI4;Wk}o9v zlGT#0C2J(#NY+a>NH$3ZBwHlgB|9X0Bu6AiB_|}OBxfa;Bv&L?B{w8DC3hqbB#$IN zNuEkxO5R9*m;51lFM&278sZxg8qyll8?qX58^$!`HB4xj-Y~OaPQ%=Wc@3X56f`Vu z__P7tfNj7xkQ(R>j0RSNu%W&|(V%QlHK-dj4UG*g4f+OKgQLOO(B076(ATiC;md~2 z4TBAP8um8qYxut5P{WCap@x$U7aOiM+-$hj@MFWBhWibV8=f>gZFt`Bx&b7GNCTvS z(qL(b6ebOqMoJOV7-^g|UYaBwB~6y5NKw*EX|^;+Iz~EPI$1hJI!*eKbf$Ecbhfle z`iXSDv_M)YT_{~5T`Db+QltziM_M7Rl?tRnX}we;ZISAw?a~fux6~``llr8~q|2o% zrC&(Dlzt`cm#&homadVmlkSr4lOB{Fl^&O#kPb=DNiR!pN$*J?NFPg|NuNuHrLU!b zNI^2F3?_ri5VBZVoGd|>Bty!QWf`*3vhlKf*#y~C*)-X7*-Y6S*<9HI*+SVOS&{5> z8Cr&s;blY_NmeGK%NR1ItX#&CRm%9X8d;r8BooUdGNnu-YnJI`?XnJ8m#kanl6hpy zWGiK>WNT#WWgBFhWLsprWd~$OWv69lWanjOwS297oqVHwlYBt_t$c@kmwb=>u>6Sp zsQiR{NPb3sR(@W7L4HSmRen=`Oa7z$p8S#gh5Q#eNHHw`RsKf)yZpTzst8v^DUga} z1xk^sNK<4haus6~;}w$>Qx($`A1mf4<^ieH3l)nLMT(^gi~^@9R*)5?iZVr|qDoP% z5GfQ2l|rp(RJ1AD6?TPF(WU5CxD-7KucA+}La|!$wc;Da2E``DX2o}k9g6*m?-hp? zM-;~tCl%)u7Zg_%*A+Juw-mP(cNLEmKPi4zJXidt_(K6v1}KA-p-PxCTp6v5Q;t%i zlN)%0^|gQmfP}4N8l$O=(lwm0e1|a=G#grmE(s=BYkW z%~vf}p;aX+ri!EDs;X3cRjo>>5~;*0nM$WJtE?)U%C2&$yehwHx#}y`TGa;CM%937 zi)yQCP_;v~Q?*OAUv*G*M0HGcPIW(nB(LakP7)CRRt-Kp+U`_;?U{pyYCt?F&+ zLG=#xPW2x3_v*vyBkH5-AJiw+XVvG_=hYY0m(^F)*VXsb57j@ZU#SB$!I}_Fs3uYq ztwCsFH1V1g4N8-#$PojpdCMjn$2UMq#74 zQQp|t*wScdG&WiqI~whc-Hknso zXicmpb`z(mqKVs7+f?7AX=-e0YHDt3YwBp~Y_c`kn_NxqroN^XO)H!Fo7Oa~Yuenj zvuRJ$-lhXhN1BG3PBvX_y4m!Xrn^lKnjSYjX?oi9qUlZ3+opF-@0)^~Lz-dD5zX-C z$mZzgnC95#_~w*mRC8)`T60!&PV>0t{N{PsG!HkwZhq7Jt~mghkuJXF!~AT?zzlO~Em4zw#ZsqT5K)47JZAMrLD!<;%ez>@wWI|R<^8f8EDzuvZLjA z%Yl}IEyr4hT28i{Z@JiVwdH!tjg}ubw5?j5)~GdWEn2JAuIXb?_MH~g3T_Q<4QYk7 zhP4*Aj%rP5MYX23rnhFaj%yv?n%_FHbxP}u)>*ByTj#VcXf0?hY+c;?c`LdV*ILp_ zY$dhUwaQyHtxc`Xt=d*ytD&`{)zRA3+TGgI+S}@F?Q8Y5_P4HT{knB+>+aS)t$SM! zw;pXh*?Ow=bnCg+>#c;=2d$4DD6 zQ(ckna~(#9)8TbQ9a%@wQFUcHrjDbl&{gXAx;mX$C(%iDa-CYI(Y5IGI)~1w>(=>o z{kqk67&+eTF_$pQX>%=j!wHWAzjCQ}k2y)AjT8i}V;hR*%!; z^#napPtlj@X?nVzp=at@`f@!-U#%DF6?&y!rPt`2^euY5-k>+@+w|@FPQ6p#qxb2T z>6hzQ>c7&j(r?yp)o;^(r{AgHrQfaJqu;MTtUsndt{>8`(_hkG(cjeH(%;iR(EqIe zML(?nL;qe6{CLR_WQZ`p4N-<@1HzDKNHUBvpbY7TT*DZ{bi+r6S%%q$IfhRR3k-`4 zcmu&eG>{Br1I0iyFbyn2xq)rq7^)042BD$BAT`JgN<)XiZg3fT3?4(DVTGaJu*$I7 zu+Ff_@U3C9VT)m#;XA{2!ydz4!#=|S!$HGo!x_VQ!$rdt!!^S#!(R+{4fhQu!yCgN zhPQ@5V~{b}7-obUBaKnU7-Ot4$%rzh8q zX{K4G*{1oX0@Fg%rzT)xSJP4x+JrNen208_iE1h{F-%Mo$5dsiHz`aiQ?seZ^K$c7=8fjf z<}K!}=56Mk=5yxr<_qSF=1b*g0RF| z;w&gjnkB=MWy!IOwT!b&uuQYeu*|W{wR~bJuq?DJwk)xHZb4fJ7NUh@AzR8UGz-g8 zVX3qbAzV zmNs3RzOAjTqph>8tF61Oug%}KtnH)rneB7h=e93wU);W=eQ7(U9oJ51FK#EbliN$% zY3-DDb~~q?+sPv)+g0t2?S^(^dt1A$-O=uB?``+C_qBi7zP)|0{b2i{ z_M`2`+fTM%Xg}Y6x&3Dbn>y<-8nb-s0}^>ZuQim?`3ORZ&Anw4&4 zS<9_e)*5TARcNiV)>{=;rB!9sT3fAVtIg`Lc3VAGuhnPuTUT0FS--Zfv#z&(Yu#cU zwC=F(weGVXuzqhnY&~f`Z9QkbW_@6NVtr5S}*>WuG9 z=uGTHb*6QucV>2Gcjk7E?i|-SzB9jbYUi}h>76q=XLWwkIlr@@b8#o86W59FBy<*c zmUNOkX`S@WicVkW^3D~VUv_@g+26UPb8F{!ox3~tcJAvu)OoD)c;^qDr#jDcp6xu} zd8_j;op(APbUx{P-ubF?xbyeUcbyPhpe@7}ZcDU{vW>Qlu}!e$*~Zz%+oss2+Gg11 z*$Qlhw$E&(Hkz&6#?Pw0&jU zXdAG7YujwwYTIQyVcTsxVEf*7(015%#CG0x(RRsp*>=r#-FDM<*LKD>Z2QUf)b`Bw z()P~w-UhM<+Jo#+dx$;49%YZU$J-O^iFTwt*^aWO*|Y5#_Dp-OeT+TdKEXc8KGij`(2_?9c7L+F#p$x4*T69AHPFBgg@D1UrDqSsdYx zCTNr-Eq@#%kiV*FOIv8`;G^W$BrkC zXO7p7-yQEAz|RPsA}+vrohGNn z+2-tUb~+u-ZfB3v>-0NUIKOay>Fjr|c7EgB?A+qq>Kt@_?cC@5-g(e@$a&a#)OpN# z+Ig(vMa7D zzAK?CwJX1CLf53O$z4;rrgnYYHLq(7sO%buqeFUFgOJ=ndg zdr$YF?jzktyN`FD>OS3lru%I7e_t#WJJ zP3~s5+1>4Sx!vwwx5w>wFLSSSuXV3?Z*mW~x45^uzjJSQ54v}{cf0qv_qo4!A9Npf zA9WvdpK$-+9&(>@pLU;fUvyt`Uv^)2-*De@Uv>ZJzTLmDk|Nu;)n6iJl*O{?c=| z=U&hKo<}{u^bGevdV_mIdZT;edgFT&dXc@OdXsxodoy}-dUJcn_D<@Z49vzqwRc+Y z%-&hOANS7g{iJt(@1owty`T1e-iz)n?j`q9dP{rDdg;B4US_Yi*VntOx4(B|@21{? z-Yvb`dk1@W_3r6C(0jD^Z11_=%e_~6ul3&Oz2Ez&_ov>+z0Z1I_P*+U-TSupT`$BF z;0g2q69RdnJkg$b56Y9~$?#-)vOKw-@t%Co6wfrzbk9eg#h&?|LQj!rspm5f+Jo~H zdx##IXN_mAXT4{GXTY=Bv&FO3v)!}9v)i-Bv(IzDbI5bVGvqntIpaC+x!}3zx$3#* zx#hXzx$C*_dFXlUdExoR^UCwu^TzYm^WFpUg1r!LfH%+^u#M$NQ;wsrNH)iI?alc}u-?FU!mJR(QEy zo|o^f_SSf7y#lY;+u)UXXdi?`!WH?_2MCF9?`GC#)~BFS;+jFR?GF580R8hw97d%k0bP%k3N8H>NMIZ&Kg1 zzUh54`sVb_?|5Bkq_3zC-G}MJ_7VDu`-pwyzS2HgAH9#!$L_1@eN%i>eY1SCeG7ea zd<%R9zQw*GAHi4bWBAyD%Kw;5+O)>O1B;=R5Da;JfI%;=AFy>AU5->$~rJ z==;g{#P`hii|?iHoe$=R_=Ej$KQPspAK{Pl$NQ7~$^I0-(y#KX{mp)@ztykv>-|Q* z)!*rN`Fs3czu*6*f3<(Df4zT$f203f|7QOd{~`Yo|8f6$|4siL|9$^s|Ihv>{%8K@ z{ulmN{@?uX{g7n=%R-k$E{j_Bf3f#2a8*_5-#ACmz#^k!Mw@98XS8V2HXtgN#aSCn zN;E1oo2i-O9Tkm?ie@Sg_p5LaP`u$00Rg#lM6QP2hDI=INYSaEr<6-G&gA?5`=7Cy zI`8*cYwvSG6tw2|d;g!$dzR1hto7X2v-e*6at>~fg4+x3Ecj8uj|(Oh+*RV3ZjALaZan|kTn+6#H~w*G z4CUI!B){1{!>)b+C3AT-Av<8M}yc5Sfh5Y&d^ZK>F}PsskF@DLV|Te3691 zdC<|!syV#9D!#T<)f$!xQ)F$;*4nYxw~6h!*8Z?IR_S$gR7bp)*I{>^st7|<#)k~m zqd{;+nCf*#8eZKN-yxbvV0e=o;W{`U>VS^=Tjt(B_x_=RQH<3}DG76;?zwg{wa9j? zE4$Wk>bAEs{xcoQKuL_Je2pRr5$O;4a3A(OzCi_JsPfRUz1e8`!-OBnOj%bzM$#1W zQL0_l8UIhDhnK#-Zg~C(+>s_dvi#ZsuH2;8*1u8;540EHqssU`AXql8%Wx-_q1(qc zrVH#Fyq&fsq9$}DwdQ)I=vo|QI(88hM~Z;*|s*48E5S`^|XuOejg~M0x7Ui1JnP=c%ZD2j%M-h%nbxhM~&*L6{vA$B5mCKZ+V* z?Br(q;IW$%zq1|gP;uL#QERTjx!etRCae@&JBw>} zp-ysp+y9xq^U%#Zsx;_o@|ubc`^YsbF53g!T(%0AROl>OLnfm&=)A!H)kSLA0-HjuPIFj|q z8pC@S`6wTKrAM_ph%`tQ%cEkUq&6!1t1GGAuBtK8dOUoE?78Z;x9456f7M)u6I|WX z=(oYueGD(L&tqf_du_)(ha~uZkDoZyD$zcv_PKAXIc*8p^RYPB&8UD1>CjY$%I(M3DxbZcLw`sBdl`xB$N$0pC_{~y&lUL& zncirJKg?AB^Yx>H$nHDak?LbzZGV{g!OKvOBNupdp|9AGqcfw76j1MuhA~9al&Ag4 z!ul=BFzO?*$d|p&(3&{PXp`B0?4{Sp*-=e#;J~yW*afg>kKBjh$V!eHFraW(?hB4; zcBAVKVP~s$#SBGI$DFO+tsT{71bV&t=w84DYKAcE_z|HSXBzWEAQbKhgn!}Al&9*Zq7 zeVnY@gb(q=$6+NM&Ccwo!`-L|BDKpYjUCm0*wHACr(0~d(^vFvJQ=<(a&zl}_n+y| zuS~A}K`QhcCi+lT*H*Sk71hz{kKU~hEu4W$l(Z926ke{F3cSnqZm<0>&43`9gvOf z!TczKTtmen;~U5yu6a51_lE=LSU3Tm>$W-+1%Zl$6mxu(-Agf{=wyFv_xqA`S6`IOo4hQm3#k|+F99N~$N zf4F^sr>5*!R|fw@8} z_|Ab`=zi_{L|1I>r={KkDy77HmEN`EkkXYJ{4XB9$4#Dfw{q-U8R+^sH=fo1Z!NF5 z#T}8M?gZCKX=_}kiQVoqWIq}*RJSzuKQxLeRH>50P&L|BZ6eWCO>UTy!y(2lL+{6w zphMZ$9N&nI>Tu`{qRJmF9cn+)c<2*9$HVs8BdXoCHH6f@#zXY4a4^*2(D4v^WoV0F zcYtu2O)_ln##aU*=db zZ8m~q8(+J3rTuXFG=Ej|`utzv&9RbPJPhj!v(Yf@Gj!BfwjUJ0=W2@FYT~GGH&Qf) z(YM-CXQPnVZ2|-vK{YN%C4WIUP|3KRo4DdlcABeIQ^%ZtCK5y z6CT6)ca`0Hv8+}Wr}z>b9H*p=`*KGT;CmUeMHuHJ0;~t&0P}?PNYMw2^zBB z1HPzfg63O{O?W%zJkYxV=WX^F*|$LrwQn_^W2TP@9`pQ|=rN>E_C)6?^bNc5=(d}y zQ^uI0F|A`L@18LiIQ=2(JJxx$dDv#_Hipl~*?WxOse7wV_@nX{|kCFdAtcNbT`q3!J}I72l?8mqOQ z>LThyNBe%%jM_2hc`oYFpX&6nbGSL&Wx9EudAd2!=`-g*r%0CsSY3N{+~cwbJ_tKD z#|mD1Gy(g@@a?^`CYMf^*0Yz+etUM$Srhcs`HYsHcS$g3n6W3je1 zx>_;s*|v;*Z=!49&4Er6T_?J_j(2r+y+vu`K?RHlrDl_;oFSBZu;-D7@%FJs=p+2l z4`zVO6wiK24zAuVVJxqu6Aw>V}Ji268iC=Kk#c3kp?BkhVN zqLco3k?HUlYtzjg}{|%YHuux~BQmfCa)Y;KW z)fU$FJ}5HJ%3=G{JgvF#?a%dw%~{P|@v2sBn7nA)+q8v89);?{?ST1Sr{=3tMVDKv zywOnmnUcO3+jF^RvHw$SYbMa)nF#8tY=1R-u7~X;n%=dMRv*#$Jgg&?%PAfI_WQqT zZ%^S_$x@x4kcyGbuZ>GQ!MEp8U$wFIRi8F0Y@kb9nO9%TTT}vkQITQh@95te;~Mi< zV+m?s3DHMZJcBFONn0#i=A-GUc8f1*aaqX=f`-ml~ZC#I)_;miUJ9ZSGl4AuG?ls~&>RW4W%~Z|LIu|YxT>E*9)F+Fp zSfSG1Zt5&KeTZY|s}|jEs(+Q^ioZ-!d0J~P#@ef~_EasE4k{A0&J@e*W>>#uHydv5 zxOvhoVfNQisJ>B*AHp6;Tf$lyK2o+#uhj8-s+Yfsfu=|x3?>lZY; zct2=Az^VJz!CPIOF5l`lVbTPj2_a*&6PAq$o3PATHz8_*E1m)AC*)6v7*jf-aYD?P z0H=-#<_V^;gSV3YZTHZI^G;!cXIbl-r2o;X$0M&&u25>ax*Gv>wYmB0TgS-nZp@lzOy#^m<(MaJ${> z_HV}q+#YuO8|H}H^|$BWUUPfL?dIDr-|lgT_Z`|hmfaC`N6HRh(|H$LV+8;;#*!bh_ z9}gXCCi+a&O*BkwpLlVi*QBsXL&ubrep1b(-bu8wXzrq{R*hSBXU(KH$NAi~cU;@J z$M1@{tMsn!yGVZduFu9r-FazT%AKWm-T#y4eveJzfyN!2Gbh>!A_s>+T z*U>wCg}3aVmHq6PRY%pe(cU4l@lJ0mkw8Uk!q)hK&f0sl6G#$vkM5qRd-V4h?lIm| zdr!|z$L{&~o-gi+nxMU>!-<|xJIXI8@<2SxcAL=a6ybasE10@^iD!%xouVdqO(uW&69Ohj zjG;!Okjd}4>cH>5W1>@xLc=B)CJ)}a%wr;Qcbky!5$L4D97-p*Pwt(35gsQxop*Kf zs=;dM<~7z$&G9l{duf$cIduN_@(T0Pdo_9udQF-VG9_k8>6G3nZa)wBdBo52f8O!) z%Rkpn@cPBwZUMhYxh?D$^V}kSVfaOabLlUhcSFt|mv6=D4fz|2e2-P$YL%<89I4&5 zv~AU4dsl8f&9q6=e5Qp=(@l$+W|&qwt$kYWw2RYzHvWyd#Bv@_)z)6x%+qSKfCpjTVJ>}z=^gBo#FC5hMp07 zmF-G<7M;st#zZ)$jOo7PMr^d#u@8#%<3@2HRtK!E-aWUbc#{wN?+45i^tX3R(Bgbc zI^uf-TbyNMQf@PPH+l~}AKd8J@h*oy->0bjT8VtxwyWcw=6SFGz2Wyp-E51u zFWu{TpZ|T~_eI~Ad!OmPp8GD{=jrY59qt|No$GD#w)yzsdbC1zds9xLHjdfd*hsz7 zn<$~dv)ZPbCpz_bU-I_6pP~tF_%EY>nfpuAFMED@i8s#&MDu@uTKEIeXu0?2-p}a+ zxenuS$W3THXn4;0fai37wD9TC({rbrruR(0G~IKC|BP_7=oz_arWrlxU7F$f;3ZK1 z2g4tXelYhz(}SMVFFnxn;H3vWC4VVgik5OElhh+!l01FH`s(i!?i1~k>tpii@ww#V z>Fe(s?i=kB?VIas^0n*HBtX8X?W@xA2h>F1AUB#tfIPd7VewqbVZ?DpBc zvoFqeo8vVnU{2Vah&lQ>`EzRKMEm9Xnf!YEE}?nO^q(0%GkRw3Ow-JsnU`jI`uqEb z`$zld`kVZF{4e=?&hnoXJ}Y`w?kv-+jyaluo>>!}F3s|s?LRwwcJ%Dr*{0b&voFo| zoZ~+yd`|S7+&QK>J##M2@eJ?}2oH!3$PF+B^aNZA@SN*EH+*jN+}ydQxjl0)&Gmf9 z|Do`Qq94kADED^LLp={&ddTx(|A)gLj(*tm^W29`4+jK<1w;hs1M&lE0y+ZB0ha?j z=6cW7&RsS)YHrG0&&v=K&gm;8bT9Us+vov67bEJsT@`5jZR2mdf141P5IFc-jV?eJr7P8$bs@`j%ZmbImK&Cr zE^lAnyZpVti_0gi@L6#_@O)s%3f+pB6=StiwZYm|+61j(Md^z66}>Ait|-#Ft@K(M zu<||ad2QIrv1}>}W)Uk_G5yM#l_AR$SP^@Voo9n9y;nu8N?A2lHm+)1)xBz}Jh)1; zdT`aG)jq3(<&f37)gh}_$q90xQ_O0^>eAKitMNp2wZ|IoHQF`H)U{ZmnT$``W>^9uWZ%x`>pBnuy*A%{uRO%kW0_ z#&v`1Can)yAA>ib_pW!_5U?R)L;i-24VO1~M=py@!P~$GBPVT~8g!%U{b=lH{ipBK z(5!dO>e@(@R>9Hu8BWJ|Ysg0KOIf#XZ1quBVaGM+>Z2>8knV8#sXVe!`~MU4+p|M+ zrtcN${2V;&wigv4c`v_HS989edFVEJ-`4ICv(f8zS0}^9(v1PPuNpQM_q}TRs?b%D zt1?zqtm<5KVU_#p>8nFmN3PCTU9p;Cb^>4EJ@+-!*MzQ#T$8b;Vom3o3v1lhPG9Tl z6bgt0;CBvdD>#MC+6!ylBc?}$MnpzrL{vm{MqG$+UpIYS=(@;t8S5(6b*{Ux&VBv# z^`Yw{*LS{t;dOVsaW@oi)Xn%^#qTy*1Uk9B=!JL7hrSW{M%asCFJ8@a#EXU(8(%cP=oV$u@QK1Rttfp| zDefuqqiUi$qRdg3qdZ=!y~q2du$N-+2KK?1JT?bx)@@GNT!Z(SYw&(@+=sm!gLjE{ zynGS;Nzs8$+UN*iLv$msIojz9thCE9qIux`&faLlf4gbp+G={Wp7wRomfL8eYKmyGArKnj7Az?1r}|Q(LCAki@9Oe7uWu zFwp~V($wMYm^FCUr6$=MZ={S#HYRuAU6PYhv?&oOhLpw>bBbH4PwKK%J>IFR zx4JX5Z$-RyF>X@4A-*x*j2GpWCUhrUP7qmK&PYk}+8VMoCOK*=Mek0{$9w(UQU|wE z+^FB@|K20B{r3Tx9&ZG^p?f3c4PB<@P473u-i&!OC36zqHQe}?`7O6CK6vYI>6UK1 z$=6FCqOZw}(&y{j^@Dnk*Z{l(wA6=}dhT!Q?gUh*>bLrf1wLMPdd*v-dGvsyTX|@M!kJ?^}X5Kyt@AgXB(Z1s{ znooWNnh~ux-vjT(3fZYgYec)a(|eaU-Z7=ymA|WdmmA*Rq}?5}yJq*`Zm&Jd&%yDU-=eLtv#P9W(OVne+WJ=ITV%7Y>i(+EwU34@J%d%>RE@7bc2A(wUDfwj&#ivETFvs-Ez7EBY;kp6v?b7K;}(7O z)-9#gm0P;2yS7}e{@WI>nvfbD8ZBaY1!GMqTD#JEYkF%gD$T9dt=3Cv0kxuq)ruBT zD;i#I%^O~;R$GJCfo4X#tTc~0(Y)(K)7FW$tWLD3I?+<tQ6cb#a1b)sqN zMVnMFnoqrGA@!o^>UH(B8phO%W~evRH=>!*+)QpJst`Rje7wrn)Ko=P`>=|csJc|q z`>O`4y1kz=4flMI_J(h&j@>i98e63LMxM~@th%eZtZKPwT~*mnZ^Zufs+UZuRk0>_ z{d9e|cc?xTZywLkSLi$S7xeD2(_=&N_V0|?ir7xPtJ@v#;SP<9#GAD%;yU9l#JR^$ z$J?+k=p*AZ;zMIA;ydFn#JeX37mme zf!2u@ni#6Tkm#Ni=rkQ~T#ii208}J(;;qORlH8Ns@wVgX!0ySR$&tw!$rX4@@de)8 z@kU~5q;~<<)IyV{CrwWwKhrrUGzA`0rl&-Lk~|}&BBdf(aA@3#_X&5V2wQ`x)YNXe zHMQ4t(KJ03zEUGoGXNE-ov9Zv9;S(>!-~ZE+a3Dd4t~GGf9FI!S64T1)TaKz$IU@s zaD_JihE9z(alF#t&%UX08|A+jQhz6=`Xj3T-UvOLHuY40j$GSl;w?&}9ESWt#HOY8 z_?jiYea1DceIpGTtJGe0t-i3bX{cTtIP_dj{hph??dBOk(~i2%5s}qQ`N;bF2Zt!C zmGaG~Sciq3ZB4fKW9!?pq8^Vi?2NCRg`?$FM|^JT46XB{Oy|%y>^E}s|IgUqTHWp& z+#m9J^^MIZ(21U<(-!mL-^I|k%QT9@cOCQ{Nubl!o}~vm(RU(_-$;YUzgM}M&42ot zJ=FkDUzG0#Xdbq2%ZHy2eK&Pu-zV6|v29b-3sI>#*5JnD{C9lUaicZ(zq#GmzVm-- z-MX6wn`qzFG>hMbOltON4r%tj)8{T-b4;_LxwN^xxwqNP%frL_&Wp`%EnY43JCT5v zn8{%+BimeTcC?9VnFQauW;1?o;^sB7{r`=5_3iP0UTyIT`WD)khP(Fvp?RKWPqRN7 z(P%XL@g?&mhw)JPytH{~CKuDtU-YZjs-vQGj~9kJHvC4Q-i$lBWpy$2gLN9*Q~A_i zu1&$cmpAUaI%+-Yyl~&A$9d(nhFj$(Kd@dKSGKG~Co9-69sehki3SHu_ju5Q8H@Ql*6;f4|5wZS)+w!XTc2uO*BaZpv$eMM!&cij0AI9@X`9l<+LpJ) zw(V~_*7il)n4?pUvZKq7#va{&^w`laj*fYI%G>Pi1tg&{VnG8uk$hOgR2bf+B-|zJK*8^o4NgRyT`H7*=di(9IH8ItLD&N_pyt|Jl^qn zC+wZ5cMR{;ywm;8#dkd3^?5h!-KcjB@7BEA{qDtgJ>K(qFYLXj_YCjVyx0BS#rHhk z_jy0;{iyd1@7KKF{r<)GJwEXHAnb#v4-6mFe9-;D#Sc9G;PVGHj_!~8KN|lSp4R?H z^B*->yGP>8;`dik4`fm*K~SyYCCh&be;N6!@H(5V`qD(xl_~S)zy=x?b3DW zyNq4!T^BzvcWF*|ozR}pozR~!o@hT|KB4)@>m%()x{vf98F{;u*8Y+CBTctwx>vWh zTi31cHg>mno4Yk1dws0^Sog91VG;p%+Q$1R4y7ANY zPtBidPMXraPHInre^P(ac(VPZ`K0DlPrBEsOX=EEx>Nd7##8O5%%?QHUcK60U9Y~^ zGsD>1-fQmFoc22HpP@Y+o)Mj)JFQ1Ep3coMWwf6*pVpl5I-@H742#y|y1`4C`a$EMXO@3f`=EJH^Oe_ES~T5P`mc;%wSQ&) zO7j=5zl3LL{}P?0`%7+?{x7Dio~%n*#=o@x#rzjfgTEo%5N*)>)eBAgSKVLre>MKK z{ja$O^ItU=ye?=jm<+lLJ%&pL{RQKN_6z0b`1_J5fFq4}rRKehji&dtr${Zs!><3HQ~Y5u3?vMJZ= zvi7p>vi@>U?xkGg<@U?w%bt0fZ@j(AfbGz5K+HZB= z>c2I9+y1TjTmS8v@4UX#ey96R|DEx>@a^s2MQ_jDZrX1CPGj-1Xe~O6-eR=0TY9#u z$I$noPTI*@FYOfV&$Yk6_uSL8_iFFcdTa03{!;sZcDi( ze(lrRXSCtkCEBIhXSK_;&uM?9{k8Ua?F-u9Xn(8KX_sqPXjkGp_SM=o+O_!Y!8+}F z?FMb6cB6Ka_C;-!_9g9R?aSI|?JL?>wXbPo@MX;Jw7=KBp?#Ab+s}>_vSUT;STQ?x zh#hNS?q` zSjQ38(a1WQ*@t@eVJ!PFj(wQIK1^jFrm+vx*@qeI!z}ipfqj_GKFnnw?qMGmun!wq zmw|OnJ<1 zg`Lo|6S3?>96J%uP9(4siR?rYJCV#zq_7ja*@->uqgK|P%DU6p$t-r#z)ohfliS$I z9CmUSJGq;k+`~@pXD1J`lV$9bk)0}Grw+1HrR)@j~sb@y_KCdu+ux(X(Ky* zfSoR8r%T!C3U<1RovvZ0>)7cgcDk9JZewTk>`VeXlgQ2_u`|i+ObR=b#?GX(Gg<6R zwtTiFO*Y5vmd){70D3?yAPx`@NB|@Pk^sqo6hJBfHu33z48T@ECLjx70AvGl0J(sj z0P?*DuotioUBrGRq4AwUJ75>N%G1ss;m3CJq}@e>d)VLM<4ARho_o&)M65)_NrGJxWJ$11LY_(60Pv9n`y}L)Q~;;}AXYu*U7rVlydF8% zLtbAbn@!EK`EY{##gwDkG7fpg#R1|0i2&pm zhuq?jTO4wWLvC@%Ee^TGA*VRx6So7f3$PbZ0N4jWZgI#h4!Ol4w>ab$huq?jTO4wW zLvC@%Ee^TG9ReV~IOG>s4M2`@wE*N9huq>?=L$$ax=Z zjfiK&xG)KTxCeFvn&dAJLa!7t%8|z*%;!+P{AC4dUb#p9vKqP9U_SMTbr^MRf?m@R z`O6l}=V*(34%_G4mK}gb`J6scJ{OxOpTnHaVIMt*ZGA4eL_U|gPd=Bf2h_{wGV9RMJorY8AZGh#MF)(lib$mbKGp9sH+(8uw1J~0=N2iOikj6~QcLO<~kzyyFzQVJj) zup6)!unz!PGJGY+0g?c)Pu>GSykz8?+$^6@NdzEHN-Y3>QsF0c7oZSO2dJ0Nr@=N2 z{50f}2H$Cjp9bG)jR5#b$K2B4CmngFBSt#rpMC@Y|LK^2h8_?PfL;dtWEcRbLk9FR zkZ%U^$*2Y(UIzSTv;tta6*bs;SU#VL{4K{7V^k~ zZWiX0g>8|A`DP)PEaYl{KLcb2)Evjz`Rx4w#M*`!Ia%`gT2V&-9PWkYgk9zGw4R)c1yAX3Xw%cxucO&QBnB(3w z`Fz1v0QB}D$9>3qA8K!eKO^d4L|*&hXFs;>e#9!=0f22GVi#5d;G+=wh1gaH5dQ#T zA3$9WAm;70AB=vP$GwiEUVkaTT^n6?{~|whDPw!DkifT!rmcjhw1c z%WC+n2Co{tntcF_Yq0OsV7t}8rUrAbMGflUw;nY%!KVrFOqi<)a#M?Z{xIfxxJf?W zfIJ(F0QhKteFO4ofPDkDUjy>QI&dDx{P{-Axe+#vsBa_e8sVc6@tdIEgxWPB&n9fY zX6%Q}s9SS3U>gAOn^BKu*fqmn3+jezhVw0uwIF6I@@hrD6*;uh7;##WXDj?+O*r3% z{jv>pX~Q;XgRHGWK7SPRIg0rm1^+1OdbCmQ!}+am%Wk<(Z<70B^?)3?FD?nN17MW< zaQ)Gj5Dy@l4%iCV2RI05lKT=d#<{o;Yd~LO6`)q`!|~pSb9-OXVYv^-dtWkalcAHm z3s4ED2SApR2G|DJBlo4|0&3(w9M^qmnE>$9kV{$%piS;eM^5Rja$g4gWI#6q@iUs` zzO8WpL@?#o1;nF#>ol7%^C?U(xun4bYMLjwSQvUdUyZyR)TkZ%rh!Ex4?n+G@q zI3oAq80*X14#)?_H9pV19cMb1(D?>Hw(s zKJ@n$0LtV(Bj&ar+iX8{_QMv(Y2SeyxvwZz?kh%qCD1vD{z3RGgRC619Ptie?uU@` zA;hhKeg)=J0sRVWvx)`)=30pumDpC5h+B!cmB^(E+p8)A0GlfK!7lXw+=O`Lu_2*_0_|s9`mY)em%B@3AvlFZA{41gt#Wu2iJUk z4T#f#?bHB%19CZn{t;}eMk`Zb}pI5+k+V>>lNw;A<834YLO@PCIX24OoKP3qOy%hLLfo{rv0Ai z0jlKwG>oyI_ou@T&NuxTO>+O%cmV9TBKFoaKoOu;?$1R2IH&Yyfsg&W-vAv0^1?pe zZ>W*`vypE$WZ669{%x4!HpsRW%l$d9$pJ5?0B`_+ymK)39Qe$s1E2;u$U6sh%0<4p zh?fg_9%AQZ%l+8r`*&b2JN5wJBR>{^nE9A*K5DlU_1TFz??OzRYx;K;0!jejW8d%J ztp^}?oOk;7V7_~xhjUN=Ug#7+zX1NRkM|o{?nTI@7%_`80PtCy2|zBzM*y%bfnS_+`b!Y&AZk>K zoJzqfg#ydLk=3I~MZ$d3isDTN3hvDZiY#Xp$8<58l$Z)OM ze+1hH*N**-*uE{Oc?)z}QJ+?9zgFbcihSE3Yr`Dcuy0}A?{C9)Ioc!-;GSn-O9CJr zkPWDl2XIY2px+0m0#pOq07vD4*c3n-paM`U58$43ARe-$9e_f>K|mP*@+A04YLN$$ z;XgSZ0RPF*!*MZ?Tp$mmR07~1*Kz|XM*xlTKq`Ev8UT9$H30ZXZIuVoiU7s(Ksxy8 zh?9O;9>_qh8QTCDZ$-SV(91-Axb7Ojb=N@VZa@hDF>t*#kOjE`a>I6cU>jm@18*Dr zZ$pkbdGbK+0eN711^_j|HPXNi_}>A)J23Bj@bj|(@R<*v*tZAr%jE&A=L0*@-?d*J z*u52i`R@UL59YELKK8;_fl(gVhZ8_efDySFQClPOE{p|a0+3VTUI26pQHw&@ z9YDMy*cBnKBGef7r~}2QPcd>WL2f0mKL~$i@KuJImmyE=iv#75l|!c-xtGINIcyKX z&mrVgf%@aRXrK}`s&0@6YT&a5bEwG$K(`k4twj#Cm{Tq0Q3ty^V4nm%Tw4q#!+#25rND36cEApKFg;!#%s|Y{ zMtLwRS02o5kO%X&0MY;z0E~C+22{#}`QTxH7|b^T;42?~b|TJBN0g&&4d^g6sF}FR*0OW;p`XJ8fgL|O62lFmK46J*D1^WPqkF{^G;HW%^ z{b+Ds0s!)T$a^1j_chCdxDFr0`F*euHn{#CEQFuJDgbgj06wm*2eID_7Nai3C4fWn zU`Z?hH7se92TM^iTmuZ2!)H0{4`l<20Pt}Lc^-nFik$$AYfzV(?eZYb-Ggh zqpl52^57BV(TKX>8g{S=I!*A^1idEY*o;~Bd0zS^s zgSdtrY(cIqm^=2B!B*I{V%xMLr#9HPL9Y$lq7A;=_Q_xEE|I_5Qzd_Os6qa!B0K2o zeewH&a&{9c0?JJT+R+5GFCM6HFVMk5Kox~SUmLd_0NQyFXjd6fNixu(9YFOkGd7U4 zp*ZO4{fTje3V_mUfOh2o8R2igF%{@gI#3k^gQn@WTBiKxG*~<;btFwgspj`4u)BfLf{7wl(PM11V5GkX8w_wH#;%l02~61hfxn z9H>4FREwD(XfqN*@FG1@D~hWnR0kBFPl$RcDL`3!fOcS7MLTx_?MeVDLhzz8Bve$1 z7)7;Pfa418aWcwOoRS2T27krrZ9v;dkc0e+^GLcE4vP08wcC0yNv6(a3On)|W7MnSn&78w#1~C5znEwps zFR@t<8HF8Eno2Y|ac8@Bj;#!RF0lk9x63A7$Eb#-f-U#DX4YLC>+E*V$u? zJr=_jJjoU;VGGu<1+TM^5Ek+{3khc-OIXOW>C;h z#X^^`(4}nA<80A7wrCT3ashktDfXm}J++xV9mJjvWlulNo_>Wr6Uvr^u%$9v`W#!j zoIM-DR;*wvRMMMkp7&1|EVZJf_GE@2y&vW@H5#z?ktGuyO;y{Kg`&Sx*8vy{EKg1xwzZGMSu zewn=z!Cs4y@AL7N@AC!t0cHaH0kZ(J0doKW04;z4WIzxg7%(637+?V)1n@ZE3BW=? zC}0s_G2lr+7~mk2Nlhd@OkNI?%3)GDOe%*-O~ZR9-?G?Ji+cumA>B3=`Cy?XF~DhO2qK?;;Y2+~**#1b!- zc(KHbJ5@pmW^p8qBeS^PctX&NBfU7%izmH!(u*g(c+!g}m3Y(u2zv3Pmq2<6q?bT? z38a@mdI_YGKq`qOO(ba|NfS{Bpjsf(OT?B2g40B@NF<9SvPdFn67iCVmyF%9Hua+ONTspKk^T&0p(Dw(Ci>`YQ`eeiww64jeR@#2se=}zN#VITu8V@&oSBJYZHzu2&dK)&LAni zULc&6LD#5w0e0cw|L5rIGM1ijD^%go`M* z{vwKt+jEZV2-g}3*HHy_bagun({~A9zmiOy2hgo)t`ZPVj7wwO=IXMg}k8I1+gC ze43GuG#}qc=dNEfpYwd@)1up(N(4*S{8Ly}dlLjn5ri|b{Lu&tAQ3Egf^ZdKN5>|Z zbaV<*$w@D%(BV0smQ@-Np^?x8;Y^`|FeF15ViLg!t10;eAtshp3WSAKjCgb`uAC`+ zVnhjIbtQAGuVTc*VtGA<%s_~Vg_T@`kfw>28&1w-6X7aYScyplDp+C34ofN7fhZ%A zVJ)Q*R#TP0jz*ASIVC0$Fo~qjr==83T1;sa+Z&Itw2Zj zOd^~~)5M6<<%BbNgm~c-gfvkqia?~26SBid$f&xcE|@fFjBuvoL@=r3ln@cDx#SFl zWJD012$yj$Sdj&jJ4=KesR(ndz2q8%%(3c{9oAh=6sFKj?aet=0vQMlh#)Kx%z;Ra zAhn!uXT3SSiDHx_NU|V^4g(P(=ZsJ}BUH`^l`~mf}eV-~6RMZT^?B$zR5%f>hww5+HT>$4OlBeEd!WKbHVW#ji6!c8O5| zeq(`A8Gdd7atOc7n2&Gp&u6F4#}}dau4VrD#yWf@HotGj*1p2{q;?r^Kh$y7U8YR8~t+DC3X_ z5j6)!kIIgJA)@lY=uz?UF9dbKsTY;ty{2@fcRp>8+N)Hh_#RQ=_2q6?d%F)QJ)CLO z-Yy}H-H%_l;72ea_yG?#8Ge3)UNL^Tg8_QjaM;R?q6fWw=#_KTGW2T5mP=t+j%^QK zv(<~}C5PZ=JYUA<x*^b6$W<}J zT>Rzm$Cwk2i8|{5<=D#ylsipR44{L8l1&A-NmB=LMOH}_m%wZv)Q}i# zkZ%SCCYl$qD4nBRjjF#8Go;FpT091#bV7~tE#wkpKm|miusJFQut5gd)&Xs440drf zOpa`LF?k*s6sQ?trg28$m#0J1qG^f&OnDNRDX!Vhw`87c*@?@uML2qK9G2oIdgg>m z@5NYh<0lj1M^VyZUSsQ2lEoO66x)42#Q*r;wyTFWrTL{L=JkoMUyYx-D2ip+`S-cPC95qp5L zJva+VQd}6(W>i^r1p~__=VhzoECh^gCPT`x;we5MzG1217Y(9tm*i@q4V2K3d zXeP0kNjX@w?s9Wc4`QJv>(P1R^%y^_?6jbtB6)5o~`h5x+>n2^ zp+Gavyrsyzr4sZ|g87h%Xp%xx6q=^c422pL+N97Hg|;d5sGt?GL|wl&#Mb~yc&}FN zWh8xVNN*z^^)j|oFS`*?ZS6H#d#%*VI|8WUJ?M$v0n^up1JxQgKId3WdyLyznpWo7 zhSVPg1wD5>y)!82b;2tN(}hz>?>2?zC^WZmzBu)1KAXjjPJ2Y@tVfhi zdPM1*r_f5Gbm}8YCp@Bbz9UMfJEC;9BT6Sb4OT_vXz*CbO)I&>dX2hx@nz2gBkWW- zNa)bQNLgNKnfF*MLYWgA_#8?#IAXD1W68lmNBh4A7&!REIYwcKqn#Eh?98Mg4q9c` z&G*1@a*+0YIH0gRkT?Xe9x0108DdAnzgSJ8D7wb^;p0cfI?p5Y2qEq9EuBDmLUDxR z38fH9CzMIZK&Yq@=wPWcJD$`DRM-eq)95Udt$aL|5Ck%r1yL_Z^q?1XyrdMUf_ktB zrjWs87EB?7k0%m>Mey-tLI@sAw!suUn1TmW++cDLe7w5Rc|IvWMh+gMxQ|iJkCB(h zgaEdWQOE@(T|m4A64`LB)NKudQXWS zRGuQ0r%2@~%IYa{`ZUesX;OLmcrgtjc!q}0kke--4_;T{HoE$8tLaZR$736*e309EVO6si?J?O2Z(ygTV zt|W_96mk`rt)h^tsC28yVihI6ih{2q+f@{N6$M{KaaWOpRaCImq`Zb4tf9DTDCafg zWsMNPb`6DGOVYK(TT7nTlGC-6_*x;wv9OjBilBrd$X^6mL{L@{Z#WE(*V zMNmQ!#!A%*QmvfW6wn@D*RDQ}`oH&LdWXxH0B7Mm#DO_c77r1B!UdWm{3 zi5^s5B9)g&@MS9E%jEfG%H?H}zAU6j=w-5vri7v? zMl^YermUhVt7tkZqA9g#au7{%qbY7Qxr(NvBAUt>O>>K;n!ZBQe}$y4lG9ho>8s@Q zRm$a6%H>sZ`YNfsM!eUE7emT1q#Q%aG2|tNwq*>d#0V866hpQ#WcxZPzfQ`plM0=X zfw-Wi(dF2|<6F82>j`(pcDcNh2m`|Lz&m)qSi!_OLjCuS!j;SW4e;giVK(6|0}>+) zDKIpF6A5=FeCE=X%cZ$ox}Ep8i$0g;b51_z#5qNr zQ^fU)xPB4WFXhrwE-mH$Yq(Ag*Qwzg6W1|uod(Wnqf=~0rN z&>!E%F)}%kKzv~0Cy*5|W_==otWKnm=M&jnnoYTVl*n-w>3o#M``bwR5w8z0@pCyp zkN5L=xJDAq?iC<-uX?%@2L+{0epFXYlfE-h3zY0xa;{c?^gIIiY8)x2NFJ@A@* zWa4}i=O5<%!@S?X@e!WG5gz3TmmcB#Chnn)`rUCP1xALzf`c5olXyRk;|z}Z?7Hi5 zu())a2!Fz7^aH3m!|h=O*I+J$GXz>JybuAC2)q!1m&M291QYcXqhuo7H4$#W(_JjmU3`2O zg(bpeyM(h{!r89lg-ww0ToxZcNIstuNj#0ekxuFw`}Fa2K?;e4i|FA9gs|a=0M|s| znh4B^q!Zy`iEtSYOC!vI2*T>bG>Jfk2&PE{Dmt+_h;Uh=knzo-JI?2)6Y+G%`R34x zIS@fTSBTBAN<<(6FGLW52qLT!H6y}hyacPn=7iNq8XwO(O6@1YS0Yf)K&n ziJ&ftB_|7#CP<+mMS`?&k|H!y62wRtq-2PZQIG?I2)mS8 zF{%^fupkYBGzroyh!UZdk5Xd=5%E$J#VAP-gCJrKsr$v~pdh7!lnWxFr;6yQ^@3>v z8HZEcw$6mliRN&cdwd&;I1Z;fEbE-+DB~PH-md6xSM>80eWIifin0?Gc0>g~hw}>* zeWJuKQ1pn>xJVfjRmR+|REb-v#I33oEHign-FVf$xP&_u{V|so`{5=ZA zQ%gR^^9)Y$5S3Fr|K$|V6FB8hAYcc&lk961J}4iXlrbnDA5q4jd`wU7$PSdou}XY; znofN2zyy?@{nA*8$Dha17*9nwUx_0gfPjyO9h|TDk8M@P^vDr*ae9TuD>PA|{MiWP zO8tmZUi>M$Lit#!BRxjsV>~tGenI(Isi%0v1A8U!xN1d@o+pw&rCxD7KUX^LX%G1? z(ZfC>dbC&Y9`-70PnBZN;ykPYij;anO6!6uRc*0GSf#2hj$_4^dcu~DZDEU}+bUIU z>4+E78mle!ge`hjscMTgz$#U3aa=2&sV8jFQ*3dxTcxTktpGeO9XmqGd)$^EPpVY0 zrDIEYrk=3<+7O!$XmZDM$k<)hUJ>uHWAz$&GE9Kt2*ndhAe2ZbiBK}3R6=Qlwh_u9 zR8k6bkWgKtJQ?AD5W)3-J}HZRX7N1EA?q54Z`|Jm~JZe!4?>fY)%f=<;C?%hHJyJS8xCm%$~2~qMg|LlQW zI%k09DRjF+cPrGW(ESQ6S7?=>#m2M6WM8~rp;dw&%sYFK_y@Nubhkpw6 zo;^hRhxQBFR(rN>3%-_btK(FB)9JC`>pcnE0Yx>`+oARn8?C)2-U~Sk`_>wm?nk#y z=`K`lKr3tQM^z4^YKKvc!>E=p3SQ>{rtH!ve zamWIt6T%R8RGmOD3nz5RiYOJf{vPC9|$8TTNB;05;|gy0_c7o>uOaBtBVx0w>ceFY&5aZk|+1T)+^5ZYA} z&#!0+=XA!?RV>HUr!y2`>eE#!Vd~>blw<1SsuP&bM}(Vng-V(*x zyGu~Lpg81dObdaaf=^39BF&xii4vb`A^1WcRZ;jt9~I#GL`k12Li(tQ!Wa5fBjWQj zvqDLqpOrZk`uvP6##|ru;eLpcKB&SM`ly`3=l-bzq|YhziIP4j*XLC5NuQy1ehj4p z+SciZ{|&~daRT1YaUsVCI49a*+rE$_t(!V9o$+u0OV0qZ`f@SKIUt6Y4o;rEr?c_VzZ?d!3d5eqXti@~@YjL)Wvy8V)wv;%Hn>KdZAE%y}+BNlqsqarU zPTe=PZffn+)~PL1ADVo-l zuTh-xh2>+fKY2M#alS$-v?os~nsWQk$4t3tif+nNQ`SvcKjp3|^QPQA#ed2#r#vvk z=9ga5&bdd9v5!!`5(rpK9$6+quo+VY%IMhviO-r{zbMA6q6`CRrR6y)08K zKeznCGSxE8aGmB0VlWAuW_brA5+W=}9R}dP;g)dIs;pTOuu$o|TqK&q=?Mel0yO zy&(NY`mLmsmP;$7mC`C{wX{ZBD@91_r1jDUDN@=fZIWJ;qNJCk&C<(wlin-RtI}&y zjP$znJL&h*8`7K7ThbOuFU3l6QoNKPB}z$BvXmmFN@-HMlp$@EGNmlZAZ1J2uCfOh zrTtQ&bU-SSilq|ipj0ZAN#)WZsY0rhs-$YEMyi$Sq8SL!)Gi&9-jUvw-jm*!K9K$(bx0pdf0T|(ol=){Li$MRmOhp~k^Y4D|9vW*luk*# z(rM|8^k?Za>2vA7q_dJ)`a=3rIwzf%`lNnoKpK?3lKvw7Rk|SkP5Qg^wRBPXU()|0 z{l9p7;Qx2U3=GcM&fA=GoO7M?oVPpgaL#w$>AcH%xAPw7z0L*B`<#u=h0X_@i=2y{ zOPminmpVJ{F-}f3&b7{U&h^eF=flno&PSXZotvDSom-q+o!gv`I=}7Q?);APyUy=9 zzwi8k^B-Uv*Kde^oo)5c6I!FB&MS7h4B}G zYhu=p-49@A7GcspFPWPO@b8>P<ct z$FPCJW)B-Xta4b@uBsv>>lM($zd<-2rmUc#KYpglm&tUZk&FaW)YIswDYvOc}*C%*sVBfPCH=( z$yPO1uhxGxt+Bnb?Q^t*d9HfJag1JRWIraoz71qJLp)OR83Jf*(gNnhy zm6Pyl;ttXs((T-@v<|Gdv1f|=jz1A@L>-wQ`5J9TdPj89PpNm<_xc}4R76JAR&yIn zxbPd$N7*?yi`-q-6&YLkfVP4tR9x5j%O>XrF>?ZMBUq?;`5od$^566VR!`wOVU~E5 z{9R_pDP4EifH4n`y#eViw&z7CrC6muYB*57lwG&jQ<5t4N!AcieA~?H-Bj9o`bTCz z_6pv6-Y$82l~3KifL3s!V1l-8kpVmdMiF*^9_m&lp>7xC$#e8y@PE++GzaTCYdg1A zFhJT@wq91O-DA&n52|WewZD1+BOg zjL<9S93*t6JpFT*dms8Sf#0JZbU*enqYam)8LNK)>;QkDyS)b@?aD8dAH#IT-gDo~ zolQMT{mOjC8o(}PbJ?dkZMmnpqXm=VLSaH|RH)T+^{7E_TLOM@7MJ-VRo*xForI3G zG$~E*m@npll68ub!ecPSrSU8aZ?2FlmX}{a7g2tSPNFSC5W$(7MLNg4!`;FkCmto< zCevuQ7Rt;O?z3)LNqzr|z@oC!h$Jecrx`ZMyci}H=k>G9`_*6ykP_L$L?ABo*0W2A6&fS7^bXHLP_gWfPbw_jB+aRX=wyu{j=Z~%O$ zE5bn7`S`Q+ri9CcM})8W732ZbhcqueM!!baFip%w>>eB*XD8Y&%$fcW2Lfud(E~ue<+l ztYyWxxC3Lu)xn2pmGr?}2lqLDjBLIpsGnh4VgKsf?ok)7<{gFRN1Kr9lU9*QVyaZ_ z>0785ov79k7t*@|IJ9A)GiDm*5T*_GC~*{NExjEphm9BfE1E3V$nVJu)%A4-^ICIb zOIOn`kFKBd#Vx)H{rktl6x=Y#dv`?!lu8=1BL*_iA2fUKu|-8UT$!4Du;( zC;T%?DbK5Tjk$sUlK}`7l8KDBLcPST#fbsy0o;AU49buEKH7@a*r-P<3AJZL2`uhF(Ysfh+~MCG!g9+<3n(r?_l}i^0Vbed{+(=O_0rI z1MVDsMgWNn#axp<3gQ_v88KdsIV{&jIsTPqPk}1}T04o=MR>71{Fcy-vi;!= zwa&Gb+vXI>>@A_$&bIZ356 z<7^XMe|Q>;K4M1W`rrgOD}EG#M_5K~MQK1io>$9EaXxe2aW%Z(B>kl}&1%hG+V+L2 zLX)kzafPGU-KF@h_pFZ>(1*8l2~4EnwBKmx+DSJRMM2?OE(G76*b%%#rwFj1{{M+XdGVHw!Pv z*ATW4eh?~%_lRvsElF-Np0bc)qmk(ObU*z;{-gX)`Grh~S;5@I?93vt=W?Rl%iLwW zv4VQSDZ=+cMdoEDDn2G*$puh7%lC}J&lZ>ywU zmVZn29Q;_qY|{7KiDqMvU3Ip4szAaX~-ErUWO);}{(F2(ckqmH#mRW&T%Dxm>HOSBUdO!na&F$};9a z-Ui%iTnWC8=m?2P-9}5$C9HYe1-yU7T3KVIO?@cn&~zy5Q>ZZc1b^GELwj6J{P75% z(2s%>N$m@~>+zE*10rLn9?5z~iqtay8>OtUwu*tBO(-Uf=l2t~7kv=H=3GlJ+u$%m zye2-{(uL^3k0jipf8?&^Kji-@+A7QJcZ~!L7vpnz4a2MAy9@+j6HE-Zmsr4f%ntE+ z0+#q;!BOoW`ltmgDnp^-Yu>_O>+;otRl;J~1+Ql}|w$M=zcn3t> zOpnAP^msilJ%_y4y~iWpVk%iNW*oKzi^Egswe*>sy1dE4Y}qm8Hu-qX4&8bEp29Jv z=8j>Gr$8xO?Z?UO)vZ|6;(=AQ=Fh$o`m;!V%p2k-$`IO-yv1}k+pcV=+Npo)t)bUJ zZd)|C_o6D0!Cbt_<|R)e^=qh$5@{ zAI;q0;o!jV18^^W2{mvPaJBKC`8V)q`9b_j)^mYM;+DNrM3j8h4?}y~oqT=38EhDPi0@9A$PEgw z2)imbGSAvH_Rqp~$S35pX9eL3QA_hP11vK8euy90gzJI7LFh@GL3~bpOqxy}Lhh6+ zrtPGS%iBP2$Y{lA!|2L@nI7hCrkZ8v!rW_IFVDzpBy2AHQ)mzti57}`NdJ*;m%9{A zlvL%of<6VJf9)CzWtnxfE#kNc6~nWTeAhcy56?Ic$)ojfyf?jz zgThczxN~V`Bo=LoX^iUrkPu%>u( zuxEHk?t99Q*b8n8NksOdfK+63XuyZ=TQRaT=^x7&g}sB_fNezXnRkQ!guai3$uy!Q z1apKh#c@fY;*DZhX7hCqBh&QIG|ZN<7T`)`rF)ELl`rle8n_W`6y1v1gQ-u@Q=e0t zF}mviWnh4&o&$bfL=nxgoboh|af9!2mlHb$Mw38F4s$tgxZI=W7>lj9?P}NL04dly z+&S!zFm?MY8s$s!)q;hhF@x0k`oY5e_z{G= zgmW~2)tB9xJ3*im^bqQVZ^a$OJXr&!M$v&E5?y|e*d%~V$p6-EAkPxLs z-GY|phQPMSpUms*uG}Sp_QHVZopGLdo^^atQ((21Uvj5}TlQ#;^D3TbgoBw@guMPuo;mBXqcDY=jf&S@Q^|Cmbi3l|a;yv~|HiHN8Ch)fLPVk=yz6kH-pOAc)bWlAgaATh6KO4g4Th>#y zN*l*93!*}Dcsu+RIp9*4)D0*C(eQ84wiTyvQL2w~4)_OYT+%bJ539q?AZUpy_ADMt zG)S2)=@GbuWipO>PYEh)1Y*Qx!0+Qx=`wm#MhiY(#0Xr(bfpcTspWXjcyb5o654Av zk-JCq4@j0wjO;J(S3$%!r2e3{b|e{tnFy;Vdk$wf_owi+{HF4x!w#GWi(Q+&bpn3{ zJdtbF*W&juuZewWgDfS%xv?)*H)?yO?XCQsKkc3LdpT|Lf%6GMs`O* zSFTaNFupRcv~08e>p18*hL(Bg;d{AUkba^LfAN2t3Bai~G^VY>o#~;HNlRwZqGKVn%W_#8@EE#J(>n*1ZZ=tZe zNU0)d#^}cwb&kB%ad?rr6(A7~ZmQfi3& z8T-59a@h&o1wwODJ!(tFGEO!BcSYLx!2I5k1rq~E=r*HK)dXUcm1b2cOd6hXm+8Lc ztn9gFjinU!+hIa~G9L)E z7y%xnO<=r?e#LlbCs-w(JF0|;h8$sCzN`KHtM#!*{xkqPz0(iV?cuh12u&_BG(@@^{#M%p2Sgk0MZs z_8I1CjytwG`upbvTj0J>LV1W-E8!P>*KG2>rQY^RBV7V^=Y7*7V}E!sRzS!jp5UGm z9hKV*rIs@52oOe|`ELk&sv2s#6|I8ylrOFRj!#-Ng_|u-$4tv(DTnEG;Pq_149^XD zm1aXU__U%mR&B53Vl7L`o>ZE1Y1I4Z_Q-H-Z^CTi3F0+kL*^iUP+%90mt*8JHS07l zv?TqcqCwyjWQBLX}W}wT58fWz#X6(Z0m7%C*I_&1(-Zqt{~1q@%3mxbcj&ET`zQ>>phdqt8CJ z=BTKXc{H(D|Dr<3ssi3XF~>O80Tx$3-7+p95F9#dWA*rnR31~yY|7d%>Vx?gahK5}T5H|dSKJqkTYVV(H zzC{RA$(*L#wZap!3DzgjAGpuh2E^&4A=Fv4D*9{2D@OnP2s6nQ@x}|b2%3p5$nVI% zsD~B~EV}7PgU#XRa6M;R_W;jq@6y28(D&H8N_iC)vj9_q%O%XFET{d;yv(}7n!sHz z>?S%bIx7z0vu!IK%Yiz@Uhgh%QD|tSCuvZu6Y&C$L0nEv@rR2<8liEz`C)J$VSyZ# z)uGO1l4yfOU+s7B2MrSb<3dt=TlF!@7Fu6nh3KU03F(T2%&Y{;L@VPzM1;zG@lwn^ z>|x>-?m*Eh`F{TztfFXFbt4Ry<4_J%wL`R|0itQ~cll+O)r^Dm-<-3RXW;hc#y~l( z#M(yQ(|Co@ib{lP1a5O){wGwa+JeE@%=kaLmOM08aoQhF65v?H}c^f=Q6SIjdz5X@{b+aD=$cA&X1 zG;B+Z+cUx6I<^L9WkzUQ=$n~Wd9}Pf{OiKmlFO22ijB(Bf`0mSW{{K9 ztT1FnBiGF(H5;)?&H(`fMKNnJS8>^xRWdZXo-irzC^L)INo19jN~DTbDz4_6=7puMqsTGGc`~5DhpS;zv14fX zqUTSXmsH@9%JzF30cY6rMQ^LhF)>W*N||R5B1Y;+ij>hpGVp)rOujj*HKqe*0A>hg z1ZEs&0%kHM7emEl4!tlkuLsi>Y{BwjsxdW~`Iv>61SXByh&hQlf!U8ah}ny|gt>`% zfw_hGglU4!!~Tt>WAm{T>%#i6F{}kE!K$%AtO|=_BiPRP^VnP1li17HYuGc` ztJu@n``8EAuDE`<_P7DK99#q3Z`hC6Y+QfbAlwh^D{LEFL);YH3|xH?8HdBo#O2{~ zadKQC&Vj4IA-MIp6z&M_C@ziLi@S)siF<&1fxCx$iTi^4fNO%Ui?4_8i0^=JkMD}l z#*e{|#E-*|#ZSOb#1rsy@gzJK|Jf|TOYus)0}tXa=X&vOydNLLhw)|j2!1hsDSjb- z1%4%d6+Vs6tSH4N@Ehix4C%_b>CWCafWBCu|_>A)Fvw zBHSe0BRnL$h}|Zu`|s=G!j8#ggBqLl(>YrmY5)JB<>@&wO)zbB7PITEO<$LOngDC zCDtYVOPWX;MEa97j`SC41gSr%I|)Pblk_AXiA5?P8A)nVh-4u-NCpy23Xo9JA<{z9 zX3`SUYSMnvVbXHaD$-ukV$x31cG6|i1JXlMD{_1CchXDJ3sNoVE@?D*BAG{?Oa6<@ zAWtLbk}2d-xubGrx%}M0x$<0TE}HAe_2kaaEzR}k zF3DY+yD@it?%v$(xqEW=LU8A%yM!BEChCQ`5z31v6MMd48F6gMSInNLYm7E@MI5|n+EgOu}>vy^j` zrqqj+dz5C>F4XQ+4Kza>c3PI6`^jS)=*bbw^DCXw^27!*HRBq&r#1% zFHx^hFH;{-uT$?+Z&6=SYpGwTU#Z`y->LOzO=+!Z-Dpe2IkZ8vKWRg0qiEx4XU$|9 zj)tM-(Wo>ojZG8L>^ridnlXtnoq=Hx88`-(Q9ze7 zlngG$z%Vhqj3A?w5vQ$UY-4O>Y-em@9ANBZ9AaEyJYjri)G}T$y!lTV&GI|scgknv z_sH*--zL9(ey{wl`Calm=g-Y2@7`WL2}uSuxgp)^gSw)^^rK)>qbj)@Rlm)(uvg{gai=X0yAnTeJJKTe63+yRkd4 z2eSLHTd~Km^VpNvQnr!JV$WtzXU}8v*i+bi_GGr4Eo0Nz0K0_!hz+qT*f2ZJjYd4I*y7X;1qCJoO}+Eqvw=! zA{-}YHK&wQ!SQf{oK>8)oa3CMoFkl1oWq=boP(ULoMRl5{RHPB=N{)HrH=8?v`xp0b?ojS9?j$aT%jEL7bS|4K=32QR*Uc^B zhPYvFgnOO~aZ9jJxyQLjxqG>XxN+_gZgbvC?i+4jUOir8 z-Yf10E{->zH;?xlAIppId^`tl70?vw|1AFi{}6v0 z|1y6s{|)~UzX^Doe}})CdyoH$KS=PA|DOMrU(2r}_|ESv_)XA2&|C0_V4z^Q;2*(A z!3e=9!5sZeL9T!-m?xkLn1XzPMo=gK1(3i~92e9GRtYu<_6ZIO_6YV1jtkBTt_iLP zZVT=R-ej7Pn+od-zY4UXe}p51!-c;IvBIgsS;9#|rZ8W~7m9>pAxp>=s)dlyCG-j1 zLRc6RRtfhAw+N32cM7))_X{@*FAA>;Zwn^~9}1rcUkg77KM7ljI*NW5^%3nj{(}8Y!ACVv5)znusUji`*i$Xobisl8U^dV$o930udtGBzh%UFM2LYi=K!! zi|&hVif)MRie8Ggh)#+QiXMq7rN4`(i~EZwisy-kiZSA}c%Yaj=827BySPT|7q1bQ zimSwNF(h6q-6GbBH;Ctpw~AXyO2kFtx{{;f#*)k8UXnhNJL2Y&6XNsYN8$_O5t6o& zEXgJDJ#miYi}<$qmAIc|fTXMB4@tJ~SGQlWIF zbdZ{h0;aRsI(KhO}bCISGrl6madlGl%A2^lCG3ql|Gezl{S!dL~EsO zWgTTh;yq-eWFuwQ4Wnf*V>4t^WV2*A8BIo#(PbgUSO z${)%Js<+A^s#nUPs^iM>s&=YRN>pW56{-N0L#0yDRqs>^6{xbRs4AZ-sM@O%s?w@O zss*aWsx7L6s+Fo+stc;;s`IMLsyC{as%xqy>SpR%RU36(bu0A`RX254wNBMt-C5m3 z{kM9&dZ-$&=BdloA@w@-8}(}SW_4P%rC?{l*@7bl=L=32+%9-t@TlNJ!MB1h1wRW~Xj*H! zY5HmY)C|)6tr@Brs~M-6pqZ$du9>5uYIK?+4X6P$PEAM?(Ja&~(`?bCH2X9MHTyLu zHD@()?Zhw8@Y$hrwSmX4;Iq+{qLI<=0clj;n* zB3-erTDMGhRCh{uUiU_OTX#?QNcTkdQukK(TK7ixS@%horLV7Vpl_~ksc)h0pl_%D zUEfDPNIy-Xt5=y&Kh>$mHZ`V;!2`m_2g`g{7D`XBnA`fvKWhS&O9{agJzeKSJ~LlZ*} zLtjHrL$;xpp|@eU;cvrO!wkbr!*m0~Ks9g-T!YvkF-Q#}gWRAtXbc8Jp}}f!7$Aeo zP;BrSB8IS`+)!ai7}gs$8@3p>8ul7a7%m#l8g3fy7#&uqu3}j(v1S6-B@Ha8GXiLW6(I?SZz!gHyXDXcNw=EcNn)B z4;fDwFBz{IuN&_fUmCv|n-{h%>|^R#IKVWm&{wD{L<_Bj6@}iyMTHv*R~D`-JX3hE z@L1vb!kvZN3l9_?Eqq@1sPJmx_rmvujZAG#ZA@KEgG>WW6HROr#l$k@naC!h$!xNl zJfzSz@lLQJYO>o7rWKn#;^FbHu#DeAt{YZ!{k;?>Fx%re(9 z&7!vmEINzGqP7%R(lKYO8*5%f;HDyg&*IKt&cUX5@4_NnFFI&%AuUqe0 z$Hre--&)^WKU!<84Q=&ozu7w2n%bt>=GgwS4Yf_M{bQSM)7o-v7@Ni>wkd5`8_yQD zxovct-)6JLZCh++Y^!Yl7A>@`vt74sw$<1Yw#&8~w)?i5wy(CgwmY^4 zMNNzTD9SEsTQsDoM^TfaW<|Yh z*bmx|+ArA8+wa&P+Mn3p*}vGY#~M1a9L*eU9i1Ir9KSiT9sL{=9Ah1`9n&2I2i1}1 zU^%!Bu|w<7IMfb<-w0IuJ+P5q4BK);I$A)sAb92aYR_8;<>stB#9~CcrDl z8%H;wKkx@I7?=YTN2UYg0V040zBvj2B_IHVfDV8F7vKRL00_(n%7DedB7g;iffYak z*Z}MVHUm3=-N0U8D{urj0h|FcJ16iRBkQUNI^C3619C{D6gP%bsq3=+A_%hTC-UEGt8o{@rw@?eX z7u*xx0gZwiB3~f|JOCaC=OHj`gk|s=SP6r$1fC8Lf>p2y{s%q^bKx!UF1RLB(0c;j z2496w!+YR^@I`n5oQ?d1-@~1d&d4C72hss)k9>nCB0PkO%tR(3_0Ty88F3(s5f>6f zJjilHfs`U~$P5oc*0$oopw|S?HYW#5i?Mic{=V zI%!U#ljoE=8@LuaYn-5So%5J;hjX{{wDV$Qm2=-lRf<$UYB?QG?0;rikH z==|ht={oCdUHe@7UFThwT~}N;Twh%E+}~X9U5{OFU0Lqt?xyZ` z?kVoy-8t?7?t$(}?y2sv?h)=$?z!&nZnm507P|RvgU2cy%?2fq? zxL3HBx>vi`xl`_~?j7!3?%nRI?(6Ow?nmzT?$7S}o{pZ@p5~rzp6;F;&j`;X58XrX zO!v(6SUn1l+{5)C9?%1OmU|X>f}SOwrJf4UBF}!$3C~{7RnIfeJI^D}ea{YxaU( zw-@nxyd_?rx72I(#=PCRYrHGHJG?1x+Pl`f(Rdh)?P|~!d zQAw+k7A37qFg5K;PI%jwbSx2-C`t-Sv?V}EdCA_Aoh4gKPL*6Oxma?%MQrH^eynM_9c7=eM#R=-vQrY-!b1c-#y?wg{vQ5r{^tHZ{$c*H{?Yzv{>lFF{<;2H{^@>Ii5>EOlSt>B&Dwcxklhv3KH@1dW;_Mt(c4xu(7W{47+7Mc~}hh~P#LK8xB zLby<6C=v>X;-S3IsnC|trqGj6t8i^-YWS~kmvFCe*YF?VG2ws0W5bLvJ8TUr!@1!^ zcy)M9xHP;ad@+0}{5bp|d^x-?d?S21d^mhR+_kiQX}i+;rHx8kmyReMSo%+CcIlYX zNu`9+sipK%b}6@%St>2}c6X)xNS5Wyi}dl$|fTSa!YaPT7O9yJgvtev!W-gCmn8b0gTu zoQN^Ph%h7h5mrPP(M05tl1MC47KuhyMwUgAkyIoRSs&RL*&NvtIT<+?ITAS$ndiP9 zX%W2;`4Y*BHjFlowu`omwu!cic8qq3_KpsS{v911{Wm&3IyE{yIx{*sIxEVEvZMT{ zFe;9oCCH)$QBxF&TBAVJ97UtWQGYZLt&A>@E{!gVrlael`=SSmH$=#Z~6H0$>p=krq`V zSoxCjHRWr|x0l~4zgB*u{Brr3@)zYV%iom0E&p2nxx8*gtBM8{cgwp}46GPgF|A^9 z#l(s!72_+&74s_S6_g5A1-C*_!LN{1$SR~2Ybp{I+becgoT@leajxQg#m$Oa6?ZG{ zRXnVCRq?FiWySl7Hx-{MzE(7hcaC?B_lWn3{}IoL_l@_9_m2;V{}mq`9~z$;pAyH$ z=fyE`e4HBB#lvwZ9*jrg(RfXKetda+eSCNPXnafjVEk14O#E#8Ui@zSe*Ap=PJB$| z+xVOK>v)IC_LWU4+f_ENY*^X2vTbG4%B;%2D!WzYRQ9gSuKc@lM&;1T>6POv^D5bu zqDn($VdbOB=asK3n^ZNfdX^b0Y*;m*s!!Frsz0iFR86hwP}R0-Qq_d2@m15SW>)1_ zF{}7h_$pi#tx8knu5wnbs!~;%t17A%SFNZ@Rqe0ZQ?;#XbJf0% z>S5K3s#jIttGZTqtNy)OUu~+kRRh(o>f&l|b*Q?mI#^v*y`*|Y_2%l8)oZFb(c{%8 zt4~#*u0CIVz4~VLjq2Og52_zmzp8#;{jvH}^_S|e)!(YWS2wC@T(im0p(eX#P|f(7 z*)@b3QVp*rLv3p~HNqNEjl4!$W318C7;4IDDr@G~45l8E&;oqjb$ofj|D7AHUr+s& zz^?@UPbAR{_*M`LrbA*=^mfi15C<0j)uaqn@LakKG!d=-8t{yDw_p^~tau$yp=P>0xv*qf*!hKVWS z4PwjMN|J}Pg7lMwl4%qHWi{n6Na?m%f`mSbv%R zoc=pwDPt?+1EX&~F~3diJ{w_s*f-f1*gZLK*=;x@ zIe&9voOax$+z&i9zlwj7j}g=nb`XvgHWB_M{9V{vC=gPFG-2CXt*~4;Uzif^64nY^ ziu!*MinfUe;@zUU;;G_O;&!!SN&DKEQ#EsP-&<( z#0^Ugooc5W*AcP{F@^j>b7pA2b8VN}uC=A6ZnbgK8S^9aZ?(_N)t2tHGi?mpCfj`5 zMH``LhJAtk_u9G;7qUZ#ppVc@cs)!+Xow8yQJX+|)@Ii>a(!^M^^EkGJj*;gJ-0l) zYCn32#rERY-uK?NC5DneYESuk*XGoU0yhJFYC8n`2CoJ$1#bpl1YZX42Ok6*hFXW3 zhQ@>@hQ@_3AzBC@8XXdamW7O=!qB78rO=ho=}_O=3!&SgbD^AYcKBA0gWE-;! zvrXA|f8PJu=x4qE(XsG<;=A+f8NU+vmB6nAekJfLfnN#yO5j%lzY_SBz^?>;CGabO zUkUtwJAwbz8N&an)9SyUD-0RhF*`f^pI*Pt(|(<&{r~AaZ9!sTViGVJSd^FoOa&Gv zmL!%YmL;YE(}5YlOkftUJh39NGO;SLIr?s zganWRGC&R}GO9-fsDT1N1ME&{fjtQwpa%?qF*A*A0`?}%0FZG$`w|cU0|>A`fdbBq z{&8pgPch&HN&sJ`izNUAflx*Om1Zu@J8dw9Y z1=eM3Q4&Z2mlBr~Y2ZrYYT{aAeMTE?1U6;7(H7u(;zr_TVk>Yfu?^S`+)ms{?8r!@ zT^Wb8CnJ&e0e2Jk68nMsi3f>?i37kv;1KXAaX90X9w&|h$AII&lf((&Byb9NnmC;i zOJ{*|zW_?-BXcm_NNUH~tFS3qszYvMKV2KbhEn`uUQ4}4F2 z0DdGs0-u1-z?Y1TT990r{0b~eeghUKzh|7(Bych~1)K^lNlpW&gEPRT$(i6Ra5lIs zIR~5z&I2(Z7Q}&gkN_@E5@JjDh9g zuH^3Io@52MHyH=_CHE&Q!78viqq*jT2a*Sq3&4foq2wZPF}MUgoLmYn1DAs-t@=V5#ol2eq&x04h)5(kACGawM1-zQ+ zT)PgQNuEvK0M8|FW`x=8j5NEOv1a$d2jKbSL+}y!7`%{t0zL(wfftj{!5835@D=zP zd;`ACNVNCh2k;~K3H+R~Xtm&1@EiCY`~hA{UQSMeCPP<}Q=qBP)#SD0_2e{YIy3{C z3C+s1N8L!?OwNIBCFer7lk=cV!CA(u;UNNaCrN}z5E;saD49+R8k7fdGPe#qhz|)M zAtZvtkOY!KnE_Hr0VyFBq=pJ0O~$d^P2NlDGMepv(vazodyssXEQB5XWS<&2uV zl)4IEgRjFk;G6I*_;Tttd31t1^- zAuxg=vNM?f%ax&vjPa|iLv&cE*d`6*OL@pthkt@hm=C(_CEcjN~$37w2iK~w2;dMdg;y&=6Zy(zsp zJq_KGo{nx!Z%c1a&p>CQJJPez+2|Z}XL@c%!(vb@ibL@z0o|3}ohG7t(tFeU(wR$i zG#90yRFsD9PajC$MhSlm*y42_^s^l186 zI))xkpGcRZ6=)ninXW`nrBA1;&}y^>osXVLpG_}7&!x|&FQgY{1n**W3Az-$n7)+0 zoL+`5N3W#+!}P8~uclX{YtXeB*PB3-XbQcSzMf8_H_|uLx6D1&!XotX7~bn5xs<7Mz5e(Gj8}gdLyHVZ=tu*JLp~X9(o^rfIdW@ zrJtuCp^woQ=_lw@^cngx{TzLjeu2KsIOEso8}xPhP5LeRHvJBLmwu0aKtH0N(D&&N z>5u8p=ohpW{gnQSenY>bpVL3kNzTd6DbA_RY0l}+8P1u`SKUgIXf=%*}W>_-*%kS4~)*{~*}iE3h+xF!L%(+M`orZg!wtx2;Pu$^W#oQBs3nhYyy zB#jJq)GAn4=QRbeur6uJnhIE0*TBB|xaNfBq~??+%bwPNPcxcxn)6_ReNn@*mo%3( zS2R~O*EH8PH#9djw=}mkcQki3_cZsx9{Zu@k>;`HiRP*1ndZ6Xh32K^mFBhPjfP|2 zYTkj(HqU<0d<4sFf&HxcqWSvYa{Gtor$%HY_Lt_j=8xvD=AWhkY_=Q0a=S?@vkJRM z+pOKIZPB)B+q5d%uI0Y{@UO zs20=W+DoiedzrOq39v19Xr0{XW3USnO_>nx?EwT#xSy}^34H`!b4ZPu&3!}_#- z?OpaBd!K#4K4b&hpf;p^#6D)9uwm^}_8I$}eZjtDBig7orhUb}X5X-Juv~x3Cc$bw zt$oL4v{@|+R_(l2(2Cmk><3oTeq=wfpIKR}XjN@an+NOmFKkg;(w6_*xYx9G?Q!i1 z?Mdw^?P)FetfM`rJ+Hl>y{NsUy$lxcSGCu)*Zqqv~RWVwC}Yav>(A%{xjIjf7O1|er3P0-`VflAM6jXrT@wP zVt;9Wvwzs%+CSRA+JD-=>_4_a=jL|lJY1vB%k9=R>3rNCou3PE&APq1AlIU6)wStD zT)VDAw@=rp>(X`WdURnf!u9H+T#SozfC|<1>jrd#x&yidH>4ZZjp&lxL9oOh)up&G z-C^ChZUSubr*zX`n?DP-`E$B7m*M7h3%W(H(_hxD=(60ZZcVqYW4R68QQa}H+uzb{ z0|Q6{_WL@p;D>Yu9jr6z5S>Y9)>*)!AJgGFtB&J%&IZ=~0%zAbbRs8lPMyq=I)!uT zC>^a+xg5vn@|;^&;5@n_=hc-spU$rZ)8!7uO{~9gxzcK_QUU zu{uu2>ja&slRz(^=v2@Qf2-6P#&-4oqY-6`%g z_e^(&d#-z-d#QV+d#!t;d#ih=JIlS-eb9Z>ebRjfmBLruH{Ey8D*V*_(*4%`(f!r^ z(>3UK=^ORC^-Z8vXa==Hi@sIgra#A>=i2oh`U~7XeW$)lf0643HA63O8~5w`^#l4# z++}W1e}y}szse2ihe6$NP=822s=vmK=@0A2f%iG7p90mxjDA*sL_epW*DnC^aY?_d zU(v7X*Ywx9b^V6^C@3N}K@+j9zrpS3HF~XHr`PKtAcewuqaM+lKq+AX(jlhD^;W%2 zPw4IXo18=M)RTIbp3>9$TO0#=3XlFa=LIgUUw?-SfW=ivAJ#|oQGHAw*Wcw5`g>eb zf1gX~)B21)t7r9`{sG791-+<$$Vqxxujn6fsy+vnS_OSkUjjwOW3B?)jGDf#f5IKt zpU|Jwp90?E8U0i48FyBHPXC-cufL#w!M)@z>R)k}^q2Kl^jG!Q^sl)$+;#n1?uPyy zcN26Sw}EDN7qlGjx%>JD`iG$Gc&vY-f2x0`f3AO_f2n^3%8xhtw?IaHum1q*k58Zj z`J(@-{{{+>ANrsA58OxYm;Sf@6Zc2|SO1y&!u``XK)awuXgAaZ?SZ~>-?(PzJNJY8 z$^GK?f*Pb1Y6E4+Z|)D*0qT&yTqo28bwmHS9;g@UgZ6`3WB?k3+`NZB0C{;I@8^f0 zVQ2(82pxg~e2@?EqtF-><_|;T&;%6WCqY><4b4Eape>n$qI`^>hvIyKPx1@UBB)K4 zp%rKqT7%Z14d^Iz4BCXYplxUe(m+~B2k9XQv?wsBQ4q)kng452FbD@-iVY(EYg3#M z3ArE&q9F!yLmtQr`5-?OfPzp63PTYn3dNu}lz@^@3Q9v6C=0O=2c`Hl&qD%~;YCP- zWGKrk5X*DC3gw_YRDgJ1;ERyROT5gNpfXf}s!$D5c$Lrbb?7*h=TAT^bC3qy?|aqub|gZoqq$ph2BB$p%2hU=o9oA`T~80zCquiAJ9+e7xWwY1O0{m zK@EmohDO6~Lz7{Tp&67pErwP@8|ZU7K%vtK8lB_(3BKFVV>rq88u~!7bBgab3>XFt z2Mj}oVZ(^wpy7~V)G%f^Y&gx28zu~shAGhW%oxt_vxXyvIm5hR!LVppGMwd?4J(FK zQ2VTd-sdPNel`tTp!wM`Xbf6V|L6?>3IqMmIo@bM3?_rwU@@Se1;PzhgAMdRc7wy< zG>`_Dfilnr#^5%13|@oJ;5P&eK|{!Jo)3dwC~COC#|&{$3?&UIL;AmZh&6Da9}*0r zK{Ch&#h`+!C=X1sA}ET=hKiwTs2S>pcfpPDZnz2F12@Ba z;TE_RZiCz54tO8j33tKW@D08P?uGl{{ct}#01v_k;30Sz9)S4Bz5c;8l1HzRj=08=#Il25-V!@HTvhzsv8y8dwY8 z<8`nehF}8>!$uf^O|TiZz$lEtIBbP&Fae4x2keAN*acHC4KuJC_P}1)2m9dw9E3w~ z7>>aA`3HOyj=>N4IGlhV@sIf=oPyJE2F}7P%)w9ir#ufo;{{lRB~WK6unOlur}dmK zz(u$Ozu?Po1+Ky``5Ih@kHaV6lklnkm0SF4{tSE;J_mZP3-Cqw5_}oH0$+vS@Ymq$ z@D2Dae-m_Gx8ZmE9r!MM4^&AwUB+%> zOz1K88v8&~)^8jz4uZ;T$T(~q0hQSyN1GEN(3jI+ig#yR6W zD9{#-OU7l;qOBSM3u@c|J=!tjCg{<&jXR)B(;9W4OM{FCBWyGplR`>Bj3#4RFdHqP zR?7&O5xiG0+KdFK)*QyHzzR+yC-8zGkVco0GSWuIC<>Aw3vQ#ws0d!8&*(R*Lcka_ zhKylQxmZ5P!~$ZwIpcZb1>;5ICF5n| z72{RoHRBoKy78=V!+6tp3zT(tjCYOqjQ5S_g!94!<3r;G;gRvN@rm)G@YMLs_}uuy z_|o{w_}X|$xGcOeUJ>3JuL|#s?~NafAB~@kpN-dqFUGINZ^rAwcjFJ^PvbAp>HRVO z1*KjCsPP(+-Jr_bgES+1ksCq_(u%Z!KCc7Rd7VfX(v9>Wy+|LjAL$3R-XL-S8A68t zuh|<##*o9vIC4{%KqiqXWEz=4W|1SvEnyCsM;4IV!XmPSEF*V>6=W4zL)MWE%25=25s7>OWJB!;{e-UxBzt&l+8 z2}vY{q>&7gMOfs$z#%;74MjvkWJEz!B!}dY0#ZauNExXhRiuX0k>kh*;RJFLIfa}? z&LC%zbI3>GJaPfKh+IN01BLP`at*nT+(2%EZt*s92f2&fL+&FFkcXgQe2hE+E#ouf zIr0K|iF^`13$KvZ$QR)a@M_;7UxoL`2jnC23HgkCLB1m2gm1`q7ROByF)B`&CQUIhE>4-I zf!RC@8p=7-ylKI-Xj(EYgPwBLv}RfdA7_q&s&dn`W!g6Fm^3CWC@b|Q$Ye0Vri7Rj zji9qki6)>lT1;sXHDM;)WHs4LgvoBoh*{BLVnwHk6G@ZHM44z4V{)5#Q4l>QuSpbr zCP|bDN$Oqx=r<6_#BF=b6B zL>APYyh#9Juw;@=C&g2uVmd9J5zmU}MAeituHp)pX5t-E_lr({#&p+jPft7jy&nO%F^D zK}q@;w4_f>&rHuvFHA2@uS~B^Z%l7Z?@aGaA50%jpG==kUrd+9E8DIPQf z#Mb;u95Wv_kAt>#(mVwO{2BAC`H1OmK4FvDh}88Ms8X0yeNnlUqO{vdu7t>#bSXVGRR%y#n^ z(P927I?bfnWv0xu`J4D%WXwNAxA~{&F?-EEv)>#r2hG34kU4CQn172=bIcq!C(KE6 z%A7W5%vn&}a%SEvm_@T>{v-YsWwT;d%{g=4T==iVEt@Oms<~#an~#Iv0VmC;K$&~S zeAax$0K7tNQ5=*If5pc$ z^Kd-DhLM{_{>Wd3aaVh&3G>wUkQL(&iPPxCMHZ%_dL zHUBd=Si;gSOGIk4><0Dk9!oQ*e_JfAmZ%hy;!>L>A+=jNEJ-OPrKOCt&(aC1;BHHg zB`dK~uZ5HPEWEVe(hu5UK^nA(k|Z4fweYY-mH>|oT4F^SwTyuRW!y4hnY2tL$EsVu&@mRbTpT%zpfc_<930oqT zs3m5JTN0L}r7Wc^X-mdZk+K%n!da>k5Bg>iRL-(Rv8a}sl(Xb5b*W$}T1u9(rDCaC zYL>d?xOCid!gA7bLONwRZ8>8(DV?>P19kKT%SFp2(A1ogu2`;GPD|H7YjXqCHn%Ld zEq5$;E%z+&(l5(z%Q@+f<*((ubV2%OxhOTDyU<2-H`;_=k}gYo&@0ka>6+Ax zUYGWwH>4J{6}>6ll5R_Pq`OiZ+K%3n?n@7(htead1Ko#qqFv}?>50^hK9zdVXHqZP zhwew8OZ}k#c_F=&2GIlPD`^NFMn}-s(n0hPI*N{=htY9#0(~RBl_t@5(tGKHG=)y1 zGw4TY7CnM~l0Hjw=sfyGT0j@kC3G2GL08c=bRFG5kD>tCK)*^`=r+28YEUhzL-iP3C19}S>EG=zrHZ_;-u zf=1CFQVflwKc!z%0{tx|L4Te`GiVn5BmI?F^q<6`ZrLOAsDO%~NtaQt?2{E#Mg4LP z&7%Q1C>PKoT0+a9Qm>*lG$e=RIvSCqa!fuBn)Q?DDfBdY293)J`7C-4P0Hs%%YG3} z$(PW}=oR$pf1Udc^d_2?Z=o4EE3@)#^bRQAIr$!XALZo-=tJ}oD#(vP|NazxhCT;X z{7du|`Wk(MzD3`m@6iwFNAwf=8U2EOMZclnL4EZT6=g}5 z^uyQ)b`U#+jbdY1MLvv;V-wgUHib=NGgwug#g1Te*gUp?En-Wczh40b{u;K9ZGis% z7`BORVcXaaR+BZD7SmyR48jZ;jMe4ivJpeD6S4_2V;1bBjA9rDo_Jw4jKJ*JDfzVQ zz?>L~xiAW&F$QyE9?XlKk$spS3t(sEAQr;HSOkk=F)WTHuq2kk(pUz|Vl2jCJSJcw zCSfwBU@Dfw&dKNHJXXLi$VIG#U6e1$m*p#R8LMDbtcKOGtMWDZICfn=f!&Z#VyCdv z*iHGCd?U>#yN%t!?qc__yYhYP0rn7k zggwTdU{A4o@-yr?_5yo}y~18&Z?L!6JM2C70sDx3!aiePu&>xR>^t@Y`-%O+eq(>I zzt}&l0pEq+mmkQD_-_26+=TDJoAF2TUc3cw#oO?9yaV5dcj8@mH{OHy;*aG%d_Ufg z58#9N0sM(Pgb(8*_*3~Heh44MpUGqRVSF5)z$fu3d>Vf)&)~E83;78CQl7)-@dbPl zU&5F1SMqCl1z*MA$ZPmIzJb4$kK)JhO?(UA#&>|7@J@a&Yw-`V4k!u`ZopyOh$FZO zH{%u@1+D@PWCh!Qwt@q9;w0|EDV)X`+>Lv1FYd$rcmNOLAv}yn@F*U`KgyrvIG(^i z%Sk+ir|~ax2LCE&aTe!r9vAR$@^@Lpf5;O4Q~o9YmSrF{sCW+lBmb52cme+>7x5Ba z#@$K<_b64ohS%}q_zB#r_>_~lUkNBd9egTgv7x7E@Wjv-_ z0oKDc{5pOEzlq<%<4QugjVG0ql2-2Eckz4pef$AXATml;d4xa4p8yZy8U7r9fxpCG z;ji&G_*?uP{vKzQ5BNv?6aE?hf`7%o;otEe_)q*7{u}>;|Hc2|4Zx0Q1bTdvb&s{# zy4TubZ3T`*yS2l*4~P<7)^2N$wb$Bb-EZx;4p;}RoWd&ytV32o8McmCMMY8$S`S%A zfj4p3I&Ph?%F3j5%Bm=;l2fLwGuBz_5%AG)-kMhytc%tq>#}tPC>3kgb?b)psP&k2 z)4FBdw(eLpR;^WM)mtHJK`{Wg!e~XTCac+6R7#4)idr$?SXhB%L0Iipht+8%tu8BN zrLAS9qA=E~Qd8=R+v>4;tv;*Y8UWr!$QlOjMbsLz#;plZc&7dnFtR|v;DCW4{HI{Z zR>i7XbJo1IU@clp*0S}uazd$CtJafB&04n}x1Lf?04L)V&@#>dEd!_-${FRn^@8=H z^{jHqdf9r#dewT(dfj@%deeH#dfR%(de?f-df)oM`q28w`q=u!`qcW&`rP`$`qKK! z`r7)&`qui+`ri7%`qBEy`q}!$`qlc)`rY~i2pqqxzpa0)f35$l4M5sx1m;E)P&b-^ zyU}86wYAyWL7%!06sldIQ9Y;h*m`Y!pjGX+4cG?3ubUy;ux-S45ZD}}K<79Ne2xj* zq;1MJZJV*p+K$-ffYq^JJFhI-mTb$m72B$94cHwUK<+qZ+q7)~#bd{&v1x5On;tkG z2HOP%wi*BPJj^zW?V@r?L2a1rvVz;JHk<8=LfGs!hs_DJ50{OyT~%lsW4orfZPyi# z&1>`7{I-BCXbaiGwumiii`n9~ge_@H+0wR*Eo)8WSe4BZ8=-sRWPD~J!#9if{GDS=iGsNuw`6dg% zH(4TYn4dN(qjMyZ$h;3qr&=6WeN9YNNFc2_dBoM+xm-<*o8gNdRXh1*DY>@m~3$WQmW;C*`xk5*)Bsz9<4A5?_^XibTl7cSRvo zB1imC@YYC=t_DK)KrCw>qaHLLz4 zSd~+M5x)KWIOp9Dm)ob_J{q_fHz#g=R>|uMv9<|5p z|1)xu_LMzsf2d~cSvzaz?7UsDKT<`zWS8xaRRtJ2Ir|eeZ!g%3_L9A9uh^^hr)te! zw?9*#tH;5w$&>a|_S5z=_OtdE>N)#)`vv<;^`iZf{j&X)dIkJmy=K1-1fHArTlUxL z8}+vRt$GKTJokXj^T7Vl{>c8={!V?bKCwTwe^8&b|Fo66y@JI(pK;Y?zV;pEefm|>*2~40+ZrU;9n0176M;vpGdB=id(Xr%Mc0_V3 zj#bB+W8D$WZ8(lPjyX0RTaIlau^)2!{|U9CWqOP%B6D_ zM<$0lvN_CwJFE_ygK*d#Y>vx098L%6a5*Rk?cj5a!|m`mybhnk?+7@AT+k76h`F#s z%0(PeM+{g+2}jZ)=agK^k#?xLj3et{9l2aS$2oY1;1C^>Lv|E$#hl_Oj#}=a}JyN1bEN!%pz}&N=Cva!xyEoU_g&&N=5iupS=d z7J<^V>|AlKI@g@*&JE{L=P_V5Z8^7{J5G&L>(n{*PRMC+!cHTQAxuDXvH;ZybK?K0 zPK49$bT}X89_5@)()l>&a#BEgdXi(DPjhak$LV$YoPOuC-1A((8FaqLz08H2VQ0h{ zb;g`==c`=8nRKR{uXAZ<#+h}#$+1q($vXw72#hEhC={wQ=gd0`K#eLn%g&0k>Z}1f z>bUcS^CWPjPCL&y&pOWmOX|XZn$%?=NnLebb6$7eaNcy@a^7~{ao%;_bKZA80K(KG zpiMn-K6O5GzRf*%zHq*DzH+{HzHz>FzH`0@^3+G?C+BD97w1>!H|KZf59d$kFXwOP zALn1^yWIQSKW78^A-9WcBtPap<#v;wb4|dZY9{xRE##Nn*IX;vMz)jRavkJ8vXks0 zyU8B%d+tZBm+T{d=Ju2QoltS8kG=BB#k2a+W+o z&XK=!^W*}#NG_4fr{B2SZN$g|`*GMta(&yyF(i)1u^iM&i+A+M6x$m?V*e}lY9-Xd?4cgVZsJ@P*J zfP6?kA|I1a$fx8pAbPzZUy`rLc>Xo8z21`V$oD|_`bZ}7pUBVT7xF9ljr>mjAb*m- z$lv52@-O+1Y;f&zH3IRg2}obf!1`)&wYu6|?XC{jK36i|3CyoUH(G_PhFB z1Fk`!fDO5ZT_di8Km{9hjkylH#$6MxN#LGLyJlRozy_Oh%>yZH(Y54ScCENpU2Cp& z;DsG^9dm8Ewp`n;9bkxQfh3mB>s^q`;DTL77vjp~vw4%t>|*m47wW=XTpoAvd8^Cj zB3yQtkQeh(-r;h(NSDh+xo8*Ta=Sb(uS?GRTz*%;rR0OI5D>}Ke8d%X#awY$!j*KT zT)BK2C}mj}>*8FzOK^!U$t44^ET1prRaeec%;#MNSJ73?0J;^`K|8hOc|8_mk{{iCKKi7+V1NAchD!+?rq;^xU^G(zqs+oF|-%GVntyCM; zPIXZGs7~r_zKiOndZ=EikJ?Z5Qv=i>b%1)8f1e+shN%zvkNFYmQ~q=QOa5#AAa#fu zrN*ek)VKWi{Ez(4{IC4){Ga?d^*293{mV~M?t-TX<{z9OzN(BpRRH(2{Z2%4K7_~`lQQ<V+7P=#Cdo6iyZr)Tu&}I$cOn zX9{U5LuDzJI$Jnb;3%FtUl4#=Cs7v)GNn)|m80@hfhtlL3zrHd>T=;q;cB5wRj4Xe zqw3Ug>RRD?;RJP(x=}bqouLzy`$b! zAE=Milfu)&C+aixtnh{UN`0fA7rs+JsGrm?>i;wJUKCyy{!y@!q42TLLGPnG=`OmP{#5u}=%K$9dg-r)K6*dhPY=+8 z^a1)?;d@~S_0m6jy-Rw?=!5>+}YFls-mp(p&U4?JN3=JG6$@(t)Cm*3%Gepkdlb2aBO1 zLYwGt(M(%tl#UcJp#52C8%@x5+CfK)v7(cX7fCu%bkP(|0|(Ged+1~_RrJz6I$iYB z0Xj%$iXl2oN9ZUWqvLdf&KB8XlIDsjnlGklp_rkwG)r@|Sd@x9EzojNq$OIWm7+qc zbdJu`1zIf@>0B{iEYXExnJyMf#d5JytQKph zhCWN5qtDZ)iWlgM^y%Uy`Z9fmzDi%CuhTc^oAjCD+2SqwHhr#mhrUbSqt6#F6fYL< z(+}u}^dtIG@pAD>@iBe1c&&K7c%%4)eo8;1Zx)}^w~DumFX)%_o#HF{Zt-66e(^Q^ zp!kM&ymolsU$1GF!|x^Q-u~xWj0eKSeDAp7}C=ixBg# zXkcK*$RLb~ahE(LGvh5;7+=X>LK%#~87pIB0;OPyVC+n&i86^&jEOS|CRs`{DJIRNN*N~0unfoWjKGLYx|AtN zjLc+9Y)N5MCdcHN0#jtTQi&-u6{gD6m^yQuIl-J{PBEvMGt61$9CMzzz+7Z5F_)Pu z%vI(ZbDg=t++=Psw;8@9lr59TLREB#{XrQgi) z(jVq8^N(q8?{YV~Pn34Mo7{Wc&F;PK7I&+=&E4+qaPM<>y1U%n?jCoqyU)Gf-S0kG zI#n8Q54sPyhup*N5%=lRLH8l|sQXN5%zfBB?mkO}l$&qC=cynJg-X)-d)~C@0-$YZ7y#wA4r9tlj?~wOnY1ljBJ?K5;9rccR4|_kAK9|P5 zUrH0+ucb-vly}-YbYy$jw&?~-@fyW(B-u6ftJ8{VVdW8O{gmUr8`@|83ugPonek*-1S-hzCM+x)d-k+skC9C&$$>t@zcCW+h^!_RREs@@T zC70J-_LM0v?e&&@Wyb3-2g(h;UA|zs(HAQ3_Jzw$zCFH3x!JeZ*WzpSMa!{rn=f8Y zl#}IlUx#m>uhZA%>-MF}>2i;+*OvkB-}d|ZecAGWZ_szZH{=`kjrb1w*fLi>Ra=z`!;+>eaC#8 zKBc_n+xG4FG(N3Q=hOQjpTP(Fj6TF?@|k@WAL_$=xX>6B{Wd@0xBDG_r=Rq@{FI;eGyaCau0Ug8cc3Y-C(s<&8)yl%2HFDcfsVkwKxd#U z&>iRr^alC@C(EbG`vd)f)8&D{VBkRDOnE3U92f~43>*rK2F3zs%je361Lw=*feYn{ zz{T=pU@9;jmI?+JG*g4?uxyWkUcC7z0Sa6fg%Y0W^RG@PIX73lIT&z!7i;$bc(A1+JIr0262k z?g};rcL$q-H_Cg0&B49Fo8^{ZYp^YNtK1&!2<{7Z2D^gY!Jgpl@||*TurIhj*dH7S z4h9bdhl0bwk>J7Lq2Oq6EOw@|q6f^|kpfQL9AC(`MO+jv zp(CNW(0phiv>19(UJ5OTRzjdw;!n?wa;oae;@SbpUcyG8R+!}5R zw}(5z`@)^!SLLp7cep3q8}1A55BG-$!h_)h;i2$wcqDuH^N85$HJT8t?+huC#(r;!@96O z422D0IBX0f;dkZtWmDK3{!q4r(J&VNSjNNFuq{l4?O{jQ8U9rMTqeV=Fctn%{#vHP zOt>MkEAp-Uz5Jux7}*{9S#FB_D({K>E;mQ^Mp`1Rk+w*Cq$BdD{I|R>@~`Z!cq-mX zXQV6A9qEbmMtl{2r7yBS5~%b?1|oxzVC6t$C^8%wi5!d^ii}1=m2hP&5~)NhvC84d zcw{0n8JUVqN8**4$ZX_DBvF}*BrEfgRAnKu7+H!eM^+-Mk+n#=vL4xp9E}`{WGb7H zt;lv{C!&dHBf5w_0!0iFIAV+-5mUq*u|&`a7QrLdh%G`y>=8%A86hLC2o<3tOr#;Y zE7};{9nDtQN>g-Cl&dsH_eNWye5Ezo7HyAqME6BIqg_#y?^l0>0bThgY-Hz@=HBoI;7p+(HQ7CGN!ck)s ziJGFvE9R&ribhXVuqYn2Mr~0dYL7ai&L|mmMX4wqWugtSU9ra4$;$3nQ*2MHIkq>} z5<68nU1^QA#m-dPV;!-5v9p!VSXZn&))VWE^~Ltb&Q;D=`ePR=1F?%0@H##=6dR6> z#16(TRSv~QV`H()mBX>|*hK6~WimDun~u%IW@ATUbFul@LToX%6kCp6t*pdWV{5VX z*hcJV>{x6wwiVls?Zh-OZA=%_$Do)Y2FHvsBxZ`4W0n{i!(w>M8neZSm_6o*Ib&qZ z6}wiUVswm&U9U96cf}jyH!8d1P4PYP=J?)tOT0CHvvRA_7QbC-kKd_u#P`KJ<6ZIY zcu)Lpr8nLe-yiRf55x!K2jWBV;rK}WVEj;gG(HwT9KTl?k59xW<5ThJ_)L5@ek48@ zpN}uZ?^hmF7UN6thn3|xcuyRER9TC!$2a0f`A<=G$-~ZS`x1+t%&oH8cw!>)rZSnBN=zr-R%Q~ji6e=*#C&2Qv6y&Qd0$yde5foZK2}x|tBJM5 zdSWASH1Vl&EU}r`N_?(tCw3B=#FvUTp-bo!P{NRa6UM~X3X(7-%n3{4TLn#E2|Qs< z*b+qId*w&Po^T|7R-6ek;Y$3fPzgH0BpQ;tl8wpT$={Vfm8Rt1%AVxEN^^2=vL)G? zY)iH$JCgg7oyo3bcd{qho9s*OPxdDVl7qP(VJuIfrsNjk|_nPfw1SE@0!JJpohlM~zH`SNgpXyHyqy|$5QbVcX)JW=J>QHJlHI~X(52wac6RFA6RBAdk zlbTH(NzJ9^QwyoZ)KY3WwUSy*t)yqIW2w#5R%$!715!+FN|(~7pp+p6r;MpW zwOB<`rc|kFPFYgrYNd*%uoRxMrfex9WlvSBwW=dkuO6?Ss5(<*%9Wy0bc#uxte&bi zq<5uHR~ys2(@p6!)jjFv^xkw!x;5RFZcm@Bo~w4G&sX=QFH}3zUFq(0Pr5hVm%dot zpYBf&q%Tzm(+AQ+>C4sO^ho+(`cQf_J(fP4zEZtf9Zz4YUa#J$PNXN(Q|amSOnNqb zvw9>wmj*y~dNI9}UQVy1SJP|h_4G#iX!=-sGrg7GPVa!oRGZeN^=T+=NW*Dk8cE-( z-maR`=JcJaC5@)B^xZ0+wx(@qB5hAQ($4g~>isI2eo%F#A6BU}oo3PvnO&L2%%ke# z>h4Ta=1Fx=ra7}W^R(KMY0b1{+A|%QeVNY8vuanSJJXZt%{;I6W%g(KGXt5y%z?~{ z>QH7lGm<%&Ig}aAjAagI#xoO{$;?z{Ix~}*%^bQZJovyxfOtYy|S zuc{lFqnTrw&CFJ2JF}B{UDaf?8C^!7fii{+oH1sQj45NzSTbk^%itMn#+D&6_RO2A zBje1F8CQnN&>1GvklmGS%J=xxDU-oVF zU3Gu9Kl{EqkR8k($bP5}WrwpP*@M|b+0pD+_G9%^^>Frcbv*l}I+2~sPGzUFGuhef z*Xoh%Ty{SDt-6q1%r0fWSC_LZ+12b?c0Ie1J(@k1-OO%fx3fFhAK+DzHml3(vryKM z{aJ;x#w?OGWzAVj7R_Q=JZsI`vP9ONb!44cGV97xSvt#Pe^ndUU2G$}n{8tEu)nK+ zs?F?P_HVU?ZDrfof7N!jgWbn=vR!O9+rzqRo?0*Kt@W|K+J3g59bgC91MCp%uMM*! z>_IkAJH(E%V{EW?m>p*)*hzMZon~j)P;Hhy!p^bt>;k*UF0sq(3cJd#vEf>zw$5&_ z(b`e=7`w^FYFq3!yTfW&EvsYoY`m7JL9Bs=*<{VgBCLruvlbR*F&1a7tc@jDJL_Pb zEXlf9ilteGZQyosjofaoiQB_9b9=cKu9a)!+PMyHAJ@sHYUx@R*Ue>WJzOu>$7O5# zxqfbd8{`gfL)+B7%A&2majtsUX! zxOr}YTjZ9wTrFQ)<_fi9tyEj#R=G89o!j7!a^+g3c8uHPs@PH4Ufbbex`p zI0FZB_1f{8kvma4SvyrjI1^{)EF8*V-02$5Svea=aCXkYIXRMZaTG^$4A;Q#;v4zh zd=tNiZ|3*%XKF2cE8oVq^Bw#?zLW3byZIizm+#~E^Zon)Kgb{8hxlQBgg?k1;z#*0 z{xCnzPw21Fep5(9T0|uVPQl#C>#<-g)!led7;aP1>SQj>g=e484F=12K61IgMK_k4Vy{u`4S2dmRx~3N( z!63lGo0?I0TSEksU>4rhECMQE0xnnun?MM5!67&WQg8{BKnsk}Anp=L`h9|0=#WC@)I4(|z zA8M20lsGMZtj&nC;t_F9oEI0wMR7@77FWboaZOwoH^fi1qvGezDe61T-2Q6qk- zX+@o=7a`Fg!lF?`M3ZP1Eg~vnA}(4*n@EUu(IGlTQgn%wNQ;cvAnlUA*1pvmrQOo^ zT9dR#YL1XX%tyB74>yrM|x}_eeSL&1YOa0Q{+JH1D9gv2k zVQEA@eUr7`KSG%ig@lhTwlEzL-?(h=!jZBCk(7NkXKNm`axBzJvPT9ekL4e6+K zOxl#Tq-|+O(nwlKC+Q_fGDxswln}`znI(&aN|=O8R>>xL>fSmb*(G1yAvq;d^4DDw zCD9TiHORZbAJtxB8Hu5>8XdaYis?^BM~JC!b_TRBnhQBKx-l|E&^(yt6Cr|PHcgUXru z+4{Nq0cA)TR?gQ)l!MBJ`o;PoWmLITA5#u1uGFvA=ag&p z>-8J;d1XOaRF;%wWktDJzg1sV)|7Q+LpiD(Q#O??Wn0-%G>TTyDS8D`3<|6m6+|&9 zX2qhQ3Z~$SRk10AVpklBQy~?XLMgPuC=Kc^wNc%zHmQ5mW_7RHqPD7SYP;H@?o&I} zF11_jQE%7p)O*!F^=^H?+OH0%_v(Y{0d+_nR!7u>>LK-h{Xu(lCt`m8>y9#QAi=kF$QzWoBu(W`^$WMnJkjP(VRIx)cPZ1qGxV zu9)ttyRV_U8|e}d=6B63_{R6={rUXf|9=1Qs7oBr9N`>ZkNflXfLj?|75yptko!5h zI=UvhHo7jlKDr_LhWn7w z(O=L_=w|d+^fz=1x)t4q{*G=(cc44bU1(dZ9o8P}fOW(=VV$uq*j~OX)(z{9?c;l3 zJ+WR`Z>$g27wd=h$3DXbU<0v1*yq?_YzQ_Q8-tC-#$n^J3D`vJ3v53>37d?4i5=j- z!lqzTv4i|H>}%{BY&tdr`xcvt&B6}xv$4bcci0?kF17?)iY>#w$9}+$@JIRO*a{5f zf5cW|5D)XKFvL8={ux`1t-;n}PTs|@!`%FO%)@WMHe$bEo3PE;ub7wr4cmfk#kOI; zW81ME*iLL0))sGvx5qo+9q~?hXS@sE74L?3$9;ScyeHlZ?~V7t`{MoZ{`hD30DK@m z2>%=(j1R#_<74o#_&9t#J^`PIe}PZJC*xn@U*S{msrWSfYy2C0Iz9vU^WWk#@mY9) zpN)Tq&%uNITzm<>6kmpakN@uf$j3KjA;)tMN7XT6`TI;n(9E@Qrws z{{`QKZ^lvnSNu183%(WKhX0Ol$1#2fz7xm!T{ywFCE5|~i4H_Zq7y;#orx|)SAycZ z5#5O%1kLv(dJ(;eK15%lAJLy+c$WW+;P?T=Kw=Q_IWd?RLX0NH5MzmP#CT!?F_HL! zm_$q_z9haPrVvw!X~fsWH^g*e2JtO1lbA)!CcY!)5Oawo#8P4z@jb!w0{;WCoDlgH z#E-;ELgH5uKM_9@tBEzlT4Eg`^9sM7Q27mn#&0BkAvO`4iC>A|2%R_hEyPwL#&08j zC$NJWH+)qd4@mB_aJ+c=lEV^ zZ?X@0p6^TcBm0w|kpswq?Rs3^|q@M_%Q}lM~2^5 zax(cP`4u^ZoJvk3zb3ySr;{_tZ^@bDEOIva9eItPL(V0akW0yBw<-1G$m>h1^7LCVwS=Be#%S$!+BCrv>Q3F^@A5sUdwfsoKHrP#P4%JrQvIm@)F1o<{xfO- z^^hM(4Wd4$9`S>zA=GGU3^kS-M~$Z*^H2B*)Kh*U^^E_5nnX>ezNEgQrclrM7yMLe z8ugO@n)-&CPQBu1P~TEBsae!)>N{!<^(X(DpG&>r-|~O)OQ@yPGU|Kk2WmO>j$c9j zNUfya^Q)+zsGq6b!fI*_wU$~(t*16n8>wHYJ;EkxGxaO=8?}YnN^PTlr?yi&sJ+5I zVJEeV+Ap-F+tKam140M7Bi)JaOdk}w&|T?6!eOBseMIO^9~FAgJ?UOFDDGxW&pzotT2!n z#Bjpr%wT2+!waLCG0a$I93u$hnF)+2Ok}=bBw-RG3zL~InXi~B%v5F?qX=I!-!Rh| zRhYqi%gkgnVHPu+`Hq>x%w?7^OBr2Q#(dBGz$|ABVFmLevyxfG{KWjs#DrtQYGw^{ zTv*GjW7ab#gbmC_<`-rYvzhso`Hk7aY-P4FzcbsJlfn*WC$o!b%eG_Nv!{g9LI<`Z zdq(KQc4oVA>{VebJB}UCPGBdpU$B$dYrqVVgC>w2us_+w%b`$$tcp+?Ne`SATUkY2;t?V}TcXm6wgMB6Z zDePo-v9E=;Tsy8k_eSWzb>up6ow+VtSFRiPR`^Tk&b(mn5AU)$ud+FB zvY)=lCSGG_g0sw5*m>Z5Z~?dwTx7n*Cf;Ck-d=NFUjO;-x&zz;?gjUO`@sX?LGUOD zfiUO--Jl2bf2EZ_gfjCHj6i9yT z;Cb)@coDn=UIwp$*TI|ME$}XQAAA5l1fPP>!B^m);A`*=_!fK*#=%r57nBC&hVnxB zp!`q)s324XDh8E+No(<)^4ljfjCtrtufR;lmk}twJufhNMEjaNG zybIb5?Sb|}`=JBSLFf>47&-zSg+K^`U@#%AU_m@LQoirKv4*VFbIbz zh=y2*gLp`UBuIu7NQE>=hmJufpp(!k=rnW&It!hH&O;ZWOVDNLDs&CH4&8)qLARkh z&|T;rbRYTydH_9y9zls5Y2mJlsJro}C;l+Cb zJP}U3bLYHq=e%%#3(tfTFWYnBh43PHvH7;0c-c<8X@7jtPP}J-e9iv!Ej#g!o%4#F z^M<_}-UIK2_rd$&1Mork5PTRu0w0Az7=mFKft|1mcEcXn3;SR{9Dsvx2oA#$7>7xi zf@zqAIhcn9ScD~5hBf#Yd>lRjpM+1rr{Qz(dH5oH3BC+pfv>{X;Op=W_$GV{z75}n z@4C66hsOk zMUbLMaij!N5-Ek0M#>;%k#b0RqykbAsf1KUsvuR73?viDLaHGa#EN7i)sY%VO{5l5 z8>xrXM{I}#X^1pJ8Y4}RrbsiSInoMgW4_;aL^>gz|M6!3pI+>TA|sHI$fyr5_y6dbalch+>)a@Ka%an^O# zbJlkPPMg#2bT}J08#)^~8#|jgn>w30n>$-LTRK}gTRYo0bM}Z%&d%ok(B0e~KCTV} z&9z~ObEtEebA)rGbJRaphyQkSnCD#RT=Zdi_~-7h##|dVIRCXWY)ftmd!73}81hG) zPSc6^I|I&8Qh`UEm=kvrPSQy^X;WpFoU&=Jt4VqNm?^HGbe?jacAia&>N$$~Wm8YT zW_sy2Oe_7i^N#bb^Pcm*^AG0((>#CVd~90hPo2-4&y&XaE9al4Z~n$q&Hr+~bG~=R zohhzVS1wnYE8UgbmB*FWRlrr)Rm4@)Roqp|RoYd?Rn}F(RmD}+mEp>CWx29l)m=4R zwOqAbbzSvb^<99==CZpSu12nAuI8>5u9mJ=uGZ#G(%#%i5(~-4eWa(Wm#cSj6G^Ng zi6vyHYq)EKYozO+d&n2APgjutxq-}e&2ueqEp#n1caUX&uOO?;{Ufn{B$khyy(4Gs z*zU^NICi`Cxc0jCx%RsbxDL7wyN2kT;E|1IW^11x3fGg+!j$E9`pLLxxrSMCxE3T`q zYp(0A8?KwCA+*MchT*#oWc+CEO+5W!&Z572FlwmE4uxRoqqGneHriHMhlWb!WS)yKA^> zx@);>yX&~?y6d^?y8*Y&ZFf7|4c(30jonS$P2J7h&D|~Ct=z5MZQMC~Ph#uIS$ewu zW9RAfVdeR_@eFnkaSwG5caLz7{I{LwKW#j-KCC-)-SgZF+zZ`{+>1Y~Jj>lH%zbCo zC+p4zbJ@w+b^f*I>~WjgxciW4ejjy1rtFQFs<+#eynSxJJKzqwL+-FUV%poN8*?Y* zY|>4+X*c6$-JF|uOK#b%x;3}%j=7J!PqD^#wKI!JXTM(r@E(xr>3Wtr?#h#r>>`-r@ja9*gSTR!_&ai(9_7%*we(* z)YHt<+|$C-($mV*+SA7K-z`>y%#CV@XSiq7hm~rA=L>U{N^DZoJk!l3DrbdCY*6z& z^F0eZ3q6a>Eo!-E#ors$>g4{k-m}58(X;74Zclqm+j*a7zb9chANCya9Q8mR*pnkQ zyFDI{_ivp!p65v~_?72R&uh;c&s$Hz>WzC+ys6$? z-ZXEzH@7#BH?KFJH@~-lx1hI>x3IT}x2U(cw}iK(x0JWEw~V)}x4gH4x1zVQw~Du_ zH`ANtt>(3Ot=?>Jb#E1mjx^V{apul8@$Z#wig)UNT-fHA z>)Jf;eD4D9LhmAP&dT<2V@oV-IqTa0y{+v?E^E8JdrY->zxROmp!cxp5Fa)5VL0Ip zdtF|)*W>ki{obHAYzn?nFKRlyxM}iIUfOhcIaA*iO?OxJDqhvAd3A5hd(3;>d%}Cl zd)j-(dp4=!UNSA*tKMtgn;-1kd!~B(&~$B|nx^e@?~9}?``Q#`-uZXXxub8j6uY|9puZ*v(ue`5iX*W>ig_Ihp(Zpk*~3@sjr!@xvzzXn=4^rAD z_X$4HCz<-I<~wGZtS5XYeW!e4I}e3yM!d{=$feAj(9d^df!e7Ajf zOtYuD_nYz8~=0{C2;?-_YO4-`L;8-_+mC-`wBA-_qa8-`d~C-}WD? zXxIN@5gqCu<{$1K;UDQA^&*+wV*+cNr%xr*j&qO<%T_t1I%`Thm|h5kkU#pX7; z)c@%sy3$-jbGFbm|5!pd`8WIjwSew0x6j?Csk+y{-+#b=&{R|p`;Yjcq?79OyZs)& z*VIYANU{oANim7 zpZcHqU-)18U-@7A-}vA9|MI`{zxT)exdLf{^gy0K-ax)U{y>31!9bxv;Xsi<(Lk|4 z@j!_{$v~+<=|Gu4*+98K`9Ot0#XzM%rdC$`{!Ex`km8}MLr0UjC{ z78o8F5g7Sl3m%_bf+ziB2cB*&z_ZNlH)r{s7g!ir6j+j6e}71Bzdr_623DDy@0vi) z!n@U6cDE;Y-QA`lxi_#cu;0`o4+f3|-~bYE23!Gmz!UHX0)bE<9Eb#>0W^RG@Bk4Y zO?9JXj)FGFU2DI#?!HHdrB8DOe>~HJB013}ywZ1+#Wo}=I08!O|#Dz^qWFo=x>=X;qg&H#?<%tpb!*IWlv5DdwMVyJQh42JQ+L{ zJRLk^s&?ms3DNFS@JjHSY1QROb+?1}g7-~%?qTqe>Bc=Z)wt)u7r~dN5%(teSMYr> z9!v?PhH{0{Lb*eELU}{^Lis}lLIp#GLWM&`LPbNxLd8QRLM20`LZw4xLS;kcLlr_5 zLzP06LsddmLz$thP_>XHWDRA9s)uTXYKCfsYKQ8C>W1ot>W6@kEo2WlLJdL zLrp?WL(M|XL#;xsLx}~yeJE$S|G3*HR{K7mEcJuTjeclocxXgutr6D}Jr7cL*J5Uv=m6s{bu60RD~2xo?~!qvi- zur-_=t{$!tt{JWst{tuut{biwt{(=%wy-_y2sa2f3^xil4mS%o54Q}r3bzioHOqqz z$?Bl9*&FmQJA<6cV4ztS3=R(o4-F3wj|h(pkNVIUObAaln}S49Ff}|a*%8c4_5+D} zU|x8BctLn!cu{z9vLsk;)&nb(?ZE0}Iq;vVfkZKo(+ebOfrNOrH@q*rKYSp3FnlBo znRXcxb|q~xU)UcGn6g;Z^uzEl5hlY_m=3dH&UC!QuoRZVN>~kRVLfbwW8q`rgsycm zd@6j}RJ6{AFN80KFNG7f)z$E|@b&PG@Xhe8@a^!O@ZIn|Q=s}I{2=_$l%^hspO`+> zv+(oqi}1_vtMH%U*Wowex8Zl;_u+UrHIgfm7RepS6UiIN7s($f5Gfcb6e$uZ7AX-a z87UPh9Vrtj8z~>D5UCic9H|ni8p(`gMXE(C5o;tnQaw^5QY%s?Qa4gBQa=JjY!Q3J z5osK08fg}39cdHEX(c*Ex_oFOdYLsuzexWN9mHU>eHa=U78xEH5g8d76&Vv5XVwon z?L$uaFeTYNd>#3;cKBF2%!|yAEQl}3aIQwKMXsCX&CSTINW!?eYYI2_Kj=1( zOw;B`QnYyuS~1vt?AUfkEBM^qUq7x(LB+-(E`yT(PGgO(UQ^f(F)OwXl67k zS}mF#tr4vitsSistrx8ywMQM%hS5gR#?hwHX3^%+7SWc`R?*gG*O60nbTfO7M9YyV zIT97efMmmwQ*aE84vUV6j*O1_yX6=k{j}gn)EhbN#y9^cH@=I`iO!AAi_VWOh%SsS ziZ1?8ZzQ^nM6>9quSSa=OIkChqNhz$=3MlA^rC6VT#jCeUX5OhUXR|0 z-i+Qd-IqJjyU}~m`=;meAo|eMTOLQBM4y^U%d6;XQ(<`ehTnTO6t7oZE#MalXk(VqOP zIN5;y@}V@@_IG2l8{K1?GyBm4rX6z#J&YbfkD{RI!N4eDsxNNTgL+Nn#g7Ki5E?e! zmMDs%7>b)h3yD%FZOSSv%9)~ykW^G;R6$i#Gu;%!R8x+j$4wdKw5g$-L(iM$$tBY} zxq@Cruc6n`8|Y2+mg$S!LGPjW(Lc}!=tEQMcw!nI&rFr$CHe||jlMzOqJN?9(D!H@ zO~rCy=~x~tFP0C>j}^cQVnwi`SaGZbRuU_XmBGql<*@Qt1*{@g1V`aHcih&q}!5D%$F&E}G zoeD4J!~9r|NfE{(SQJAs%=9D(jKnC@jbJbq<4h+)NE#6`reG?jVLEmUJC2>iPGM)U zbJ%(80(KF*gk8q2V%M-+*lp|%cGpxJ?qd(Iho-^s*z^~ke$W?Q{=-~&hrP$*SPGsC zPs7vk+;|>5FJ1sIh!?^O<3;eIcrm;ZqW$?0i1-uGg70xApZ^Sp@oAH0PLp$)D_%3|6DN^jk_u>0ZdEy{`2tS;ZCO{m*Vbhmz z{jEy)KX?*hJc36}H3Bou2*Ok%C_G_9a5$edAtYQj1qdCFna;y;(|9;#x(;XXv-mmu zd_ro#ui)44>-Y^*U$}+e#_yQQ!ae*x{)ee5Jj8P>g{P*V@Em`Ezcj^!Kk?W28&gL3 z%Ty8G<8eHNNF{O+X+%1ao5(}tCGrvZi2_7Hq7YG-C_)q^iV?+$5=2R&6j7QeLzE@T z5#@;rL`9+!QJJVhR3$QqOd^Y@Mpy_dkxf)5Y7jMvT10K44pEn=N7N?(!baE$2ho6N zNHiiE6HSPwL^Gl}(UNFIv?kgRpB7d*eN|3f^|7r=lvSS*IZaifs2WNPCq@t>|E;Y0 z|F5d%5%Y-!#6n^bvH0)8Dp6PEv{j#$RU3$nA6lwJMU~S~B?_uN#6IExkx(EG6Gw=n z1WdRHHxVEbPD7Z8m>L6>G#C;BgG9)trl1kJDJUFE$_Y7c!nvf6aD}*Pnh4iT4dFI% zm$*mVCmtk~gU6<9@RWE)yd?f466(NT#5>|W5hqf~Tx1%Vo6JMzCG(R7$bw`cvM^bM zEJ_w9OOPeWQe+vjELn~$PgWo+l9^-{X(elrHOX3JZL%I|Cmm!1vLV@+Y(_RGTavBF z)?`~UQG#_KJCcb4tQ(nAeC70BiPkI8cMTauK=s@51ZTzH9A=u4@zducm8rGF7nMfkrt(mE zseDv^ssL4xDnb>bN>C-KQdDWG3{{q@KvkqFQ&p%;DvPQ{Stu)&O;x9AQFW+#6hJws zhEyY}G1Y`>N;RXJQ!S{LR4b}A)rM+omTNiPS|_UWhhnV<)ssq;YW>VgZ2&dUtkVXY zW!g|`7&V+4L5=*oQJX+bq&}8ui6ZSAvqqcoNr^U>nnx|97Jt&9t)NyV+q2cl^6X=G zmQ$T=F`KjB&E720n(a0(=l4Iii-c@yt6@8I2(hw__u?qMoIMa_G2jKZnJ zU3tz`IZJUAPYG1wQd_1JDshpmQw9~I5;xcNItRI!m3S&QpoI<*U>+>Lzu| zyfD5)-KFkP52?pg;!ZYkA^VDYV_v?#r{Yv9or_MR)9KuF9y%{wfG$WEp^MVR=;Cw< zx(r>GE>BmWE7FzeDs)vkgU+P0=xTH}U7fB)*QV>xb?JI^eHx%`w4HX)4d{k+Bf2r& zgl}Sc60;(uIPr+!|37k z2zn$v>XV{w0zENV(oHcNx@l%VH{v4rWu;0Ihv;hTBH-#s|u~si7Qouj?u^H&q%*mh zJWO6DKU07y$P{7WtnnJd8PtWk*UN~W~wk%nG7bA$zrN8 zRwkRN&eULPGPRi6OkJiPQ=hRhcE-UpWEwGznI=qArWwq!5K_W9XOYn z$INFIFbkPQ$x85JBlu|{xZ11(bK1ZSW*PX;E^s@uBiRJ*Hm@=FGW(KOm6@6InJCg?+8yNuL#dF=gb?x3(Q64l6mWQg}KUHGjIEDFgKZ7%x&flbC0>t z{J|vd;U1YcZ_k()%uD7K^O|{UUY@;U-ZQz_G&Y^h&E{eAviaEjYyq|)TbM1v7G;aG zCD@W|X|@bomMzDYXDhH3*~)Acwkn&!X0lmqHP*sf*=)8tTZ^sD)@AFl^;sKhXB}(< zwjtYyZOk@fTd=Lz)@&QLZL*T=WVVsr%^I=~+n4QU_K!o@q3kerq}e@={m?v4Vkeuu z<5%pIWa~Jco%MIqIFDV(E;7r;rR=g~&-f#|GFdXNVb^`A7dNw8lEvb7b_ctY-ECgZ z?Pd3|``H8RLH3Y&_jZ&8S;)L^Ls+MImF8wWte*|AVK(QAj506BWL9N$_LzBlb<(`M zI?bMC&#~vti>iz4CH69VjlIF%VsEpF+ogN#efAOigni0BV_&d;vaij%owsZ*E{#j) z@^b~af?Q#)2v?LV&XwRwa;3P^Tp6w`SAna{RpF{~8C)ip#Z}|7x$0a^t`=9DtIydu zJJ*P7!ZqVsa4or3T2@I1UHf!&5hy4 za^tx1+yrhS_XRhJo6LR5P2r|;UvtyB8QizrOl}r8o14qc;}&oWxkcO(ZYj5n`=0xO zTh6WER&hUbYq+)CI&M9;f!oM!=6>b2a9g=;+;(mUx0Bn&?dJAyd$|MLA?^rwlmj`4 zgUyQ_H|H_$a{OGtyt0X!7d04%a}>vz7cx92a3Uv}*DxBVo3}5=xZ~VO?i6>LJHwsj z&T;3tOWft;70C_ra^x0wo4d!|=N@nmxkua+^VZ`T_ndpdz2shTZ@9!w#(OT#rSPeI zEU>SU z7GImM!`J2O@%4E--+*t#H{qM|&G_bgE50?~mT$+m=R5M9_|AM6zAN9I@5T4w2lGSt zq5N=u1V54=&5z;7^5gjN`~-d?KZ&2rf5lJXr}ESIulaBI>HG|S7C)Px!_VdC@r(Gy z{1SdCznuSx|CwLSujM!J8~IKA7JeK5JHMUZ!SCev@CW%r{9*oxd3OQxhf136Bn`FEGj(^X``CLMp zkXy(j zwhG&X--R8*E@6+5Xzlk42ZV!WQ-4G_Du6Vm{-gv<`)Zy1;rv_3Xlrq0s<-4 zjO>gZjM%J}>F|mYLQYtSnX$tBM(7 zrkEvG6D^`u%oeMQHN=`?EwQ#(SF9)27Xi^G+C_)hP;4YN7MqAo#b#o2v4z-DY$di9 z+lXz&c4B+6gV<5*Bz6|Nh+V~QVt28J*i-B!_7?kz{lx*|Kyi>bSR5h_6^Dt##S!92 zaf~=l94}4~CyHN)lf=p5m*Nz0syIzNmU$vGB`YnC`M25BX%0ju9SE_+n==*ID^S8_?*^{y-XMdHw$X>}_CX;t$ zWm1kaj?7Fj1ODHF`TynX--y%28RATFmN;AdPMjmo73YZy#D(G_ak02WTq-UTzZZWH zmy0XJRpL+LYH^LYR$MP`5I2gyh?~UC;;-UX@po~DxKrFE?iTlmd&Pa?e(`{KP&_0a z7LSNWMNou9SVTmp=n~zcNA!w5(JuzXpcoRvVnmFJsECQUNQtz_ikv8lvZ#ovsEN9G zOgtf;7SD+1#ngDNcv?I?o;#i=o;RK^oSd@H^a--~fERmvr$N$FBX4~B%5TH z98v?Rq0~rfEH#muO3kF^QVXf2)JkeCwUOFN?WFcn2dSgfNwV4OHixZ&t)Z=vt+B0% zt*NbR@r{C{cKxpTVv}ib&04>0G)tN-eJ9P4=1TLV`O-pZ zk+fJ^A}y7cNk2%-r4`bT(n@KS^po_nv|3stt(DeE>!l6SM(G!6leAg-RoWtLm9|O0 zOWUO#(oSiYv|HLE?UnXP`=tZYLFwzvZ!)K6&dB^Wb7tnO%-NaWWzNa`*DuXcnWHnu zWRA@ompMLjLgvKGFES^6@~w&Qw?1t{+QzhB(l(`SPWv_Ox3n#3Thq3s{hqcxZAaS9 zv|VYt)ApwAOWU7zAnjnhc*PV=OB(|l?Ev_M)gEtD2ci=;)<&@?O! zPb1REG&+q*W7D`aK21my|MBAwNr$B)(oqSNAPJTb$tk%cx8#w$l27tW0Vybjq_7l` zFbS7PiIQlEl{kr)1WA-6NtQIpkd8?wq?6Jq>9llCIxk(2E=rfA%hFZpnsi;dA>EX2 zNw=jt(p~AEbYFTPJ(M0vkEJKlQ|X!XLV78^lKzxlOK+sN(qGa$>Ae(}Qsh)Qmz*Z2 z%emz|a$Y&VTtH5-=CT&D7PFSKma?c%Y;A3=Yz3@VYZGfbYYA&{YXxh0YZ+^4YY}TBMYhV>a&@_eTvM(k*Ou$Zb>(_; zeHoB#vR!t_4djM$Be}8ML~bfKlbg#eW0zyMV~;~}tahw%taa#)9~~I+i)UcZ3}gN7R8jFbD2f=UDI9;MnN+#gUy! zI7r7T$4`!*9j6?u19HF)#Bttn*m1;h)B!p!It<5g2kj6Y7aW}9|Nf+>$W!HM^4Ib= z@^pEI{H;7wo+Zzg=gRZs`SJpJp}a_5EH9Cl%FE>MUM;VY z*UIbU_3{RJqx_4!N!~2~D*q;Lk+;g* z#y;IX!~U&(rhS%uw*5Q%9Q$1RJiB3uS&mtbTTWO`T25I`Th3U{TFzO{TP|2GS}s{G zTdr8HTCQ2HTW(lxT5efxTkcryT1Ht$TgF(%TE*?@_qRa`GNdUek4DZpU6+;XYzCTh5S-}CI2bE zmfy&4<-g>2@_RWhrzojPE+tJ#S8^+Pl)OqlCBITYDX0`tiYmpG5=u#>v{FVXtCUm9 zD;1QAN)@H5lA%;nEXu8v;;D~Qs;Amg9jQ%H+oZNj{WGP1>gAO8DHBt>r*=&>KYDvE zdzwAnp4*7UeaF5UfN#9Ue;dDUfy28UeW%$ zWxHjEWv6AAWw&LIWv^wQWxwTs<)Gz|<*?<5<){U;Ko;17SezD@#clCeycVD3Tgyz# zEX!=mca}Mpxt4jB`IZHig_cE@#g-+OrIt{NJH?aoZN{REB^gUImSudOVO6q~T1suD zu2NsIDR#x7G*B8Ujg-bpGo`iCMro_GQ`#$?l+H?5rJK@S>8bQmdMkaDzDhr(zcNr6 zq6}4rDZ`Z!%1C9jGDaDzj8`Tqla$HIm&#Yl6lJP1P5DNduFO!rRc0x(mG6`}%3Nih zGGAGsEL0XLiJsY*g9;?SS?` z2cRR+3Fr)T0lEU+fbKvKpeN7^=neD%`U3rc{=jFz0AL_62>2Wr3=9E=0>gmezzAR@ zFbWtAi~+_1n>wxvZ24ExbpMTHz zMcJfmR(@5sD%+Ip$_{0xvRm1s>{a$D`;`OALFI@7D~RG$T#8%qD1IfNgp{xnQBVa_ zaD`Avg;HpRQv^j)WJOU_MN@PorW{j_D<_px%4y|{a#lH~oL4R=7nMuOW#x);Rk@~I zS8gh|l-tT3<*ss1xvxA>9x9KNC(2XhnetqDp}bUHDSs-jl{d;;;?7# z`+)<%LEsQ@7&rnP1wa4-U;qJ}fD3Q~9>5Fu06!1_fIeY6SxK32JQfNfqTGx;1A#d@DO+eJO-WsPl0E^bKnK=@_&5N@0GZcqUKW5)O0ns znn%s67ElYSh1DWzQMI^QLM^G5QcJ64)Us*?wUSyzt*U0InQE3=O|`1oYIU`yT1&01 z)>Z4N^;JN%sdm+&Hc%U?jnu|!6SbMzTy3GYR9mU7)i!EdwVm2t?Vxs4JE@)3E^1e` zo7!FNq4rdJslC-cYG1XV+F$)l9iR?W2dST{gViDGP<6OELLI3VOD~>YBE4jKsr1t6 zsp)0X%chr0FP~l^y<&Q$^vdZ~(yOLtq-UmQrB_S0q+8Ro)2pY~NUxb*E4_Alo%Fit z_0sF7|L6b5K7JKQx24aV7ZD|+Nr1wnkmEQaR`1wbxW7M(gcy)q0QT;-lq)t}9RHv$6 ztJBpP>bL4lb(T6?oukfG=c)761?oa|k-Au2qApdJso$$VsLRzA>PmH$`jh&zx>{YM zu2t8m>(veFMs>6LtGY$qs%}%at2@-4>MnJ+x<}os9#9XdN7SP#s6r~NBC1Pus~**> z`c%IfP=jhn4XY6~s-h~U;wqt%Dy7mYtA6|}{$Kn%r}CT&gi zdQv^5o>tGOXVr7+dG&&NQN5&IRPz*N`bPareXqvV6fITDrKM@PwLDs0Ex%SkE2tILifBc(Vp?&ngjP~3t(DQr zYUQ*FT1BmrR#~f}Rn@YzYMNEc)~ahYwOU$j?f=Ek_TztZ9j&fbPphxlwFX)vt+Ccb zYpONVnrkhzmRc*Vwbn*!tF_bGYaO(XS|_cu)M3W zH9-?KNs~22Q#DP~HA9PO$F$?x3GJkIN;|Ec(avh;wDZ~p?V@%`yR2Q&u4>n`>)I{t zwsu#$r#;XfYLB$X+7s=m_Dp-Jz0uxke`)Wu_gY*_0aL+rFfW)7%nud-i-E<#5@1QN z6j&N81C|BLgB8GvU?s3Jm;qYAI$&L}J_vv|unE`{Yyq}0E#98sXW-}Hu%x2dhZM>ThyDdi??+=Pp}8$1La29JOsh=5Ko2!_B27zI&~1Q}2O74Rf@8oUBt z1#f`2!8_nR@DK12_!xWwJ_BEXFTuaScVG&X4&{Mz>1ldyJ&&GOI3+jdR!g>+C zs9r)ZrI*pm>gDwEdIi0rURkfASJgB1EWMg;)wA{LdJVm%UQ4g7*VFB~LvNrr)EnuI z^`?3=y}8~(Z>hJ^TkCD~wt73gz1~6ZsCUvk>s|D&dN;kh-b3%H_tJaoee}M1KfS*` zP#>fZ)`#dr_2K#meWX50AFYqk$LbUGFZ9X!m-<(FA*e7^6e2 zZB5Cyqv`l|`(XF>G0onA@Gy8dJQ5ydioN5LO7B;u%ljQXMW3oq)2Hh*^qKlBeYQSF zpR3Q)=j#jfh590WiM~`{rhl(5*H`F2>MQkC`cL|5eT}|WU#G9vH|QJnU-V7-X8l+F zH+_q~Ro|xnu5Z_O=sWdY`W}6+zE9t;AJ7l#hxH@+Q61DF9o7-urMq>H?$v#|Uk~U( zJ*0>Ah#u8Z9n*20&`F)rX`R(Mo!13j)FoZk=fLye`S1c$3I4%Ufuk@AV=w_TumY>F z4jXU`J_DbHFTi);`|tz!Is7O57n~Q#hZIJNA$5?t2!Pm;21pB}CDIzn@qrT_a35qC zGCZmM&OsKNTJMj@I%GYv3HcofA|WJ-5D1S5h=|CDifG6QVWKamt? zsx#eL$XU!;%2~--*;ym$@^&#D-X6|gAKcwRrn#%=s;=p}Zs;-nn0{P8p`X-G>8JHG z`dR&)eqO(zU(_$@m-TD#0UABhAQd$Iy1r|j>yvu#R#WWV zX==T@oqL>zoQIu9ouCtP!cN5La(bLzr_UL5MxBh4b@EQZDLM^j%z46j#(Bkg)0xke z-&N36$W_c$!d22$&Q;!3(N)P+*;UPDaamn8TyT{FRtHQzq<~(6qn&T;kw|u=&EPbHvq$C z*bRr#$Y^XdHJTaCjh03$qqWh-Xlt}H+8dpWE=D(_yV1kwY4kFB8-0y_Mt@^~G0+%f z3^s-sLycj^aASlq(im-wF~%C>jPb?HdCe3cvG{qVLM2 z-up|^?A_|#<=*Yy>)!7^;6CC8-A=dHEx1Lu;x^pJ+-KZp-RIpG-PhbV+&A5~+;`mf z-G8_rxF5P7xu3b8yI;6px&L&(cE54Ib;r#=GN*ddJ^4JvJjFdFJ*7OQJ(Wz|cYrDT ze(o9S8Ri+`8JQG)HyN9aUya|4Eyh-3oAJA`-PmF5Ghlg9A3rYgMHG=-NXMd6=4>pZ`hKJaeOArI(bJgi6X$R5R`c?{19 z&q>c|&sooT&qdD_&kfHV&tINm-g4eb-VARIZ%uD)Zv$__3;xXexp$OzwCMtmHx=N; zrs=!gyU%;b3wnLtfH&kNyo^`y8s3xM3*L*~E8gqg8{S*qKfDjTkGxO3e|k&#O8d(B zD*7trmvO{@Y#F~d`*10V|ikEWBFqFV+CRbV})WxVnt)cV#Q-6VkKjx zVx?ncVr66HV&!8MVijYRVwGc6VpU@qvCLRjtXj+xv&OPx)nhecHDk46wPST+bz}8n z^<(y!Bi1n1DAqXEG}b)UBGxk2D%LvIF4ig5Io2iCHP$WGJ=QDMJJvVWFV;UcAT}^I zDE4`5aBN6yXlz7mRBTLaY;0U?{Qt+?d&f1A{r|t%``UY7b?vL}+PiCS=|Dn48YBTy zfrJtWy@mh*By_Ngy&@gyArQ)RyJ9b(s8|Nu9njs+e!h?I?>-*){&VknJeZlBdC!^m zd7t+=fiQW#05Ko|Tmd&g3dn)Yd0T!GiGOg2DFkYS^Kt}Z9& zzs>~9H}h)N)q_`$UOj#F%+-rm;j0~2JFkAaYLnk9zhC~m{Q3Ed@|WZ<&0n3rCVw44 z+1*8ubr}RnmrrnWU3wU~o&+D)KVO$0M9^>z1o!p_@isBvl%JBX0F;0Va0fg9Pe2W5 z058BB@Bw@QE#L>}fB+y62m*qE5Fiu?2O@w-AR5pEF@OPx1>%5szz8G&i9ix?07wQ* zKnjowqygzb29OD40ogzfa2PlO90QI6CxDZ{Dd0441~?0x1I`1NfGfaNARj0I3V~vv z6et6(0TnF{P!BW!R-h4R0-Ax;{IvW`g2S7ee=`4c{+ax<`B(Du z@(c3K`Ih{){Pz5g{LcI@`Cs$D=i3zYDi}~OuwYQZ(1H;K6AC64OfHyOFuPz*!MuV+ z1aq7kn+~TR5R`M&bIx4TYNt((b-Oav`;c zoy#fY_waIC000012!H_uKmiQ60o(*`0k?rWz+K=Ta35#|9sm!4N5Es?3Gftn20RB| z055?ypdEMxyaqaeH^5uq9q=Cb0DJ^+pbPj6d;z`!-+=Fc4cH6p4fX;1g8jh$;6QLN zI0PID4g-Gyhl3-*QQ&BB3^*1X2aX3PfD^$<;AC(LI2D`*P6uazGr?cMS>SAN4)_~5 z7n}#q2c-nlx0~YYQ|RBr?TzeV_Qn#t-ZO<~3ojI2DJ&^0ExcA(QCL@KDYOP z6as}{;q}5Bg|`at6y7atEqqw`sPJ*&v%HbuRP1{RGiT3xiJ zXnoOUg6X@9VEFDW+E37X={>|=W)Y{znIQB^dicC5g2SsOxVxb}wB1O8ubW$RvgmZt znW76tmx>CC3X6)1N{gzC>WZ!x-6;A}v;bTP{thkymw|tPe}XH(mEbCHHMj;`3$6n< zf}6p=z^&jma67mI+zIXm_kerBec*nO1d>4tNCjyi9b|yEpdDxrGC>yT0J1?xkPGra zJ}3Z%pc5zp#h?Uq0bM~iPzuUGIj8`YpbB&cJwQ)T4QfCy&>QpteL*eg2l|6LFaQh$ zL%>il9E<=X!Dvtq#()OUrnqnMu;SsxBa0^#Pbr>JJimBh@$%vo#VdrgLG^Va$h}bnd)HWev^cl;O!1ZCd_tJN_v+JEE!ZXq-1Exu#({=BTL4Vj4c^gGQMO&$>fqLB~weLl}s<0T{5R+Zpr+T z#U)EimX$0oSzWTZWXn%d@9rKxFQvq>hn5>f5ONI!9rr*?YYFcC}w4}c~x z1xy9gz;rMJ%mTB)9Pki$7(4p?5n2sVMuU<(Le1*Q?a-h(BFN{*JCD9P>7M!#Hg zh0sJVAvDj+2|e@1lID_@5}*Vrxn6R+q_gCG$%m3pgkE;v(tf1_N(YsWC>>KeyL3_M z<{qx^K7!=SB$&O<1f4gCAn%5iM*igO8cP#OlS-3I(+IY1X6ez=3#A2wYBNG;G~X_L zUfNOGNof7rl=Ug=S2nb4SlNiOF=bQArj||bq3-S~+ec7#83bF`zK5&JF5{O82(IpD z@C*1A{04ppdqaJp{?GtuAT$UX3=M&XLnEP4&}e8ZG#;7&O@t;vlc8zQuh1-LHuM`b z7g_)zsB&~j)6v=Ukct%Wv1o1o3m7U(Z%E3^aJ3GIS*LwlgT&^~BC zM1sf=1)@SUhz>CzTgVQwhnNrxa)8(n2XchC5D(%*0!RosLC%l}5dq7yvq5N3o92_V$cofCUgtB4c&q6LieEi&;#fZ^cZ>q zJ%ye@&!HF4OXwB!8hQi0h2BB$p%2hU=o5rPUC?Lf8)O6bhWo&M;eK#`cmO;I9t;nG zhr+|)U*O^J2zVqs3LXuQfyct*;PLPTcp^Lro(xZcr@_+#<%L%S8g&_Dc2x2dvp!CWJ zBCm?z@A_BjDg!HndkDKmf}op0uyc=A9;?i)JX3kL@(Q8RmtR>}dAssX<$XdA?NQ~+ z%C^dOLb2;jmOvRT#m&HB^;XU9Y-Pb-U_b)%~gmRnMxPSG8AlR=p=weg;;LsGeQD zsCsGjYIqI27G4Lhhd00*;Z5)s_%C=XydB;F?}T^3yWu_XUU(n8A11+Mm;zH_8cc^7 zuq|u{+rvzl1v|iO*b(N!JXin=VJBDwi(v`u0=vR)uoRZT3RnfZ!yd3FtcEqP7wipd zVLw<02f)E_C>#cd!x3;KtcMM792^fD;RHAlPJ)wR6PyC4!f9|ioB?OTS@81e_0<~) z@~(5Wh+yZ+dic1$)jyxmo^n;_l(;N1S;+S=E26Kx%9xHWu&Y3odIY*hra){~&s zYHIvzbTvUWVKtF827*5uPmpJmYr1K(nFL$*WX%;q4Wxij{wOBYK1vCNkLsG5np#4! zqpnAO-D^<&4-$gHD7AJ)_kk^USm_+tF~Wl|Jnhy z18axYj;NhbJF#|h?UdTtwR39c)h?=CT>E?N(%L_3m)EYST~)iLc3th}+AX!)2<9$@ zpzG3W8MU^xoLa|PeyyxlS?gZwQ|nvnUmH{#RU2I!QyW`*pfcI_R4?cZAato9rH9kxMwA-$14NI#@M zG5{Hb3`T|^!;oK);m8PNBr*yajf_JkAQO>E$Yf*+G8LJIOh;xQGm&4BS;%Z;4)Pl^ z7nz65M;0IpkwwU2_+w=dl3>sL1+jaVIa1M9b%6-AZ)}D;UYXlfCv#MzolWB0<~`8KOXxhzfB>JP=RB3-LyL5iR0}=#T&;5D7wpkq{&li9qy7 z3}QfHkvJqCNk9^jB;){+jF^xVBo#?R(vb`#6UjodksRb8atJw$96^pE$B`3AE^-n% zg`7stAZL+t$a&-fauKU#9stc|QtqZS`W6RF_*pu6j=b#NU*Ftcye-LGq{ zdqhyDztnxLv$6EG^t1H047Cii47ZH5Ot37nEVocBR13qxwD2tgi<3oWQCZX$e@m1l z+G4O6Evc3?ONJ$j5WKFiR9noJI!nE!#R6C$OFhznG$Kt%GXfwG0wV~5A{cTLxsBXK z?jiS)R^$Ql5P5<;MV=!ske5h1@(Ov4bRch#x5zu>1M&&!LOvs3kgv!$&MM@OOK(DCR5bRs$los3RJr=io)ndq6mSE8%Xwdgt&v7nY4mYbH_mOGaFmIszcmZz3BOS|Q@ zrNi>Z^2vf*zF2JP2i6a&A5uTGepvmO`U&;(>-W{~ucy>A>N)j}^}Kq1y`bKuURNJh zpITp1Us_*YUtMplZ>(>w2kN2v>-9J4@7K50ch(PV7|}4MVM4=Wqp|G3tW4p;AYrSI4 zvlduOtku>UtJ!L?wpd~7BWs(r!`iEHVB?_1p^YONCp1oMoZL9IadzXp#zl>58aa*p zM(0LZqr6es=-%kl7}a>7F}X3dF|+Y#(K_Z5p6=7(H0a$ArwJT^g4PIy@lRJ@1S?lduS{A z0DXu)MxUTh(dXz3^d;Jcwxh4m*XSGcE&2}aL_eS((N8FjcA=lqZ|HZl7uFl=gZ0Du zV*{{(*dS~$HUt}r4a0uHhGQeJQP^l~4909?HF27FP5dT7lS`9ple9_Rq;AqQ`84@A zg*AmYMK(n@8JiNC4m71U9c(((bfoEM)3K&AO=p`bnjSShZhF@AvZ<}9v*~@)$EHtB zc#}@JhpjC^Ni-%&5N2BH!o>k+PtiJbu**cwwc+?X?AWFHA|XZ zn^n#3&FW^K=Ah>AW<&F#=G^8B&DG8Kn_HV7H9u?aXnxcDuK9iQmu8!mzAYnLCbTSW zS>CduWp&H?ma*74Y&<{cu zY$dh|TZ65|)?pj4jo2n^Gqwf$3)_lq$97=5uszsbY#+8CBVlBWhS4!w%mHI#9Ly2p zVmwTUIb&i>g1KOBm=u#^3QUQ)V;-0%rop^0Z_Eet#k80o7Jvm}L0AYDiiKg}SOgY{ z>9H7WTg&#Aoh`dtC@qW@W(&VX)*^3FwWwSCTXZeKEk|39wdA&(X}Qvp*OK2-*izn7 z(Nf(~*J5dDX#rZG7Ptjzx!rQ7<$lYfmbRAmme(yEEpJ*rwG0E60?UBqz-nMEuo>6_ zYz4Lf+kt(+et-fn01n^?@Bjhe0>}V=APk5C4g!aOqd+cj0k{ZU2J(O+paduft^=LG zCtv_L2pj<}0vCfz!R6q3a09pr+yd?bIbbXnhs9$FSR$5$9l(+?6PALdW0_bsmV+I{ z4q=C}BiP^13H*P#cLsyNU@#1f0*zn-m<(ou2f?G@8So-l02YEJ;5D!utOV;o3)ld{ z;C1je_y~Lqc7SidPVf_G1NDOXK>eVh&@kv1XaqC{8V5~*rb5%98PH5<4m1y%4=sY0 zLaU)Q&^l;6v;o=%ZHN3J9TWtGK?W!miieC)0+b4+L7C7&C>J^jorcarSD*r@1geH= zpgPC`wLsUQR_Gzr2DL*SP$%>S`U-uAdcgzXsqkia8_a?Eurn-&m9P)&3;V-?a1a~< zN5Ro>3>*s|fKS3!xCMsc+weX38QcbUz@OmH@K?AmG7uSxj6udC8tIfm3B7Q~9QARuxbxq;k5 z?jVnl$H+6J4e3PQBOehQu|a#GebIsF2y`Sm8Xbd)M(Anr>bTzsLU5{=?x1+nz z-RNF)KT1Uzs4dDwIj976MOCOfszyW6aMXatqDJ%pnuX?|htOQ~40-`AM2pdCln~=U zttf!PD2CoZ@1u{q_^Kpd@>;S_+Kn4nue}x0H`G2VDr%*^&d?nD zIqpe3lD3YfruSvI@tp-F(q_*|!9~$v^pWIH@?csS(}(qh<-zskng!)fJ0xwAK$jFH z$!m!Bd!K>Y@7kIESwV^r_mG$Rq+}^6%l4yqx#EaVyOtd`BAOJLn{u5-vR}a5=Qv$Z zMtr40C;}wg+$Jj~XfA6WdR_2dt2=L`9-tja&Y49&!}&vVD`<0KYBHNPka?SRh%=r5 zRIcUi;du*qGOZ>;bKl=ncTr~uWCYI)NeJH(Jvrt};(pW4%m&g&(h$lUDw(-TuuXp!d*Y|W0MZANi1N*`i`!pd@9G}Rh}apYNm`iBB_&W)lFcrI zsIjy}+F`d6?-7Y`_G#J@{@eInl#_yXr+Vl0E@5uv%BbK&(FaWZm^zO$9(^^wI(fj! zpqOZNjFXX?6)n`t7)pw6ZQv}uKXs2F%Wq_eI9 z+ytJN;EbTjSte47i^ZMd6qiVOxay56M}16PufCy?`Ly}m(|*uy*Cpx325kzO9Bc{| z$Bd01Yiv#Gle#+9A^llKC7Eu!mPutfv3GC^_@jh>xm<90=5k80Pvhg&)a&V^bJ`ghqPOCBm(AK$27XqD zowNN&$Nu7rE{!hV6!X;CQI9fQWPS16^bE3$>Q2p}G1!kCDSSEqjqrriI?)YJt@cR7 zVMBb%AEZ|HKw+ljwi@t-LL>E;^v_~R#=S{9QX%d$*YDx&#(wxgYAU;p?Ih@O*(lwo zTB5$LKIBIUtO+fTK5e+2JTL8cnj^nW*xRTl@21YA-(WuE-WRWyr>iQ7UtKAFZ-Uqd z#Pkd&X`me`h_Z)ym$`sHS3vx`-gQexJbQxfVh}I>C<&ktk1g2_Wgm2W>bO8e63ukk z>(=TK=k?l~tHT2i29v_?Mf8a$#n&7Aq}dX}*AC zr?Ee5Z)Qh2ws5})t_!K60?BhpgDXW^D{YhhCCgIys4x$cXCL)7@8{lL+Cbf)pfADw zLI#K23lT>B8S}+Z9yii>(de9bH4#kPp8h-&%gW3dV!xSFA9^t5bjp?N$&6I((ZCx~ zjd86;8|E%fs#A{k9D6j+S9?wy7jh=~Xp#3|chtptbm3)==F}l5{OSo4Y zlDw9{W2lsJy)|xcT7TSI>?6HmSf4Qfe@S0#Ph!PD>n!Gu`%5_tGM1(}mYvG_Gl;8p=`HBU+W;*UcbVS zm!X%U*TewvyVC~Y^`sOQ=sZ#!=eArO>|5%4G9(}>Fp3vF82>G42)UjTO#WyLI+m_FwGBuy(SNSk-JJ=NHE}jsaXNFGz@q9*U+( zrc1cQ7ig+ocy4Q@vt&A12=N8*RL|ek3)CU%BWfQ_peESowa*scoxZz#wZ6%IHo78R zRAB$0#X*Lk33_tOE`xXM%%s^#4^pXVzoZXO7o{g=*Xz8P5bwC!5z5PT>; z#o>uy7~U-WF8l=_j*q}c;-m1<_z~k6d@Mc=ACFJKzv(C9lkmy-6x<}9ircwQ!>8j9 zO*3$^lh(zv8Pjv+&vY9DJDWH+(Mc5mj$D!C@XgA76kk#24XPNsDm_ zbr-8cG9u`A+>@o|raRaBzURsKbwWRt`cHg0z5-u~ zufkX3K-wC7Exrz4k8i*?;+ycz_!j&xd@Ek1+=g$*uLWOpA&x`L^rR#i@iyl-JkHTL!nQY)$rN%22(z8=pKNS;IINIV-v0yye1H=gXd5!7)(<2EFN4b~rnqcbPwmVnbU>8)v_Q zY0vzH!{>b9#5f-3CK7$H8tPDZyI z-o@^U>th^aq#M5)_a}LoZl{3K{wk)&VGkEiC+};%kNh$Mf?`fG&3v)wD}kLe$fmhl z+#L*~Q{|*!?H$q?Y9ke)4P~4VxJxK5_gtpQ{gow}%ifQ*ok31v;fWk-iijggl3drA zwVt64_zuH(V-Zy4$!qW6e+YbUZ?&=jD zxGAD2@>5j2k%Lc`-%#E46zDdDIpS^!Z_>DU2uVZlD;*`>sG97tIAU7%KH8CZisNJF zMWS)im&&dFnE{RA&e5gO7UA{a=~4CE@e()r7mt2wr8*??t}%i<%<&*^a9BR|pp!^* zj?|yxO0`gfT}HZ{^S|i-)L$6_>L&z}H$-$!TB+RVukn0DT1m$3csTKoZpSJ7OP-7U(gT|UcLYr{E>HYm+LbaP zRge=yKA}A4dnF;?beG1*qnxXqAvdmaf@*}vQ?Fh@{UbOLuVeeg|B<51=*rS$8+-zN z59%zTeUk#Sld@6$J!W6tT*+KjvzqT85HyoIPbKuI_o+18G;|t1nj%OyDX-WlH%-*! z{+HKT?>#|Z!u*YMGh%bDGq*ShIiuZf%7-i0c`ebc3YZqYI{H!4UQ;v;6upyNaor-% zR18-QQuEa;;!8(TpG7g;R5|r`p^wQ#UPzhf_(EQwTM!?^+a?(ABETa|AT1{7Hq}by zx=zuS>E48DOgG8%X{q$#j9+X;oD+PKB-ceI5BB)v(O(^^7UB;yGJoH|g23p|=BU;v zYeGxH1Cu3VDkDJI;-0GR3O^Nh#AKhDlbs@IkpHQE7CbIxkxzqmhF_w;tFxQ>t)|51 zna`OtMn-Y=UA8TEhB7nwbZC@u0BJvcz60n;;t2&CoLt3U#NQPQl}@T`??qvw!`DTP zj^CcPE^~@)p>Uz(v}{nQTeLRi5Gjmxop*ybS#n9o2uuuF7+M-SEk4cIU|+~ebZBAE z6{kzWU7DrN?wY`S!$U)`aeKzVV7+0VX>>1F*5uZbr?g(_(hy0p6i;UxaO7MJwCKDEGN=6AvLixGbHL9 zIgxsgR?FJJwH5d{`#PT!w@79ZU&FX1<#`A^wy0No-|`+GR1(rJ)Fx(LjKMHZVw6cd zUU`YVcW6&$1xgcTzp{Rlq=hNzNz63XJ#Mqpa zZDFF5QnFPs(Y?yc8gw(LGwOZR#OV8m`SJS`+)PWzD)MA*v*cG7omYU@whRGxu$!wp z?Cz#<#(%tHK&6kaRObwst&s^ zR4)u@3+o;Es}W3mmpP1do%EUXyjQjQrSz-qVwuWtGXL7~3m(W{uLZpx% zQ>^s(&2N+c%0NmmH8?$Zb4Xgq$iRop)5A5RMQB$R@ehdPV!+^`ERe6H;O5FiCJWc|0$WS1FwDI7D*O#ouRZ zfGle)DUC9gzJN}phq8nYk=#psyV#CA)Zpy9HbvbA37O-VJgXpr`c_~N!MmbjH z=yBHbgaIxdeQ0~j?j=*m8tL$o z-No+9dFQy0o5q{UcX7%TofmzOe3qPb@sp;>Fxf1{Ak}uy-aZ?BH~aE^D}0~(jn{eT zB7%m6#DxN3=7@Vy6g^izHRiTK9D6qYl<`aIy|k?CJv3K*jKmF3r7WPibDTuBvU<;1 znk-FB@0PrB8L!9*nGi0G`sfs_9F=%JbucNP(oC67 z-C=vmcD&tY_C(Ho&T6indyreneaEM|2;7*84IZ04$~``LiF_~m!GZ6hI-@=H0>fRy zloT$rRQ=Upww2)m?XNnI5D$;(nmHOdKG83n`I%Yb7|*@RHS%oviNZjq{h|c%4e=-O zIG49BK^|PS!cUKEmE93=lPl{!r-Ld#SgnBh}Z`GOtsyUzj900$QQ? zlGGINEpk|FXtJYeswi6i%3Xms*+Z-|?793d{s`f8F;6_-6ZgF3)yrGvXBXrVBnm#L zPfQp`dO-7#j+gh-uJK!{Q{op4ZS*B}RAwG~IAiYjlgk<>3P&mg|QZ1;#vMe&UCeRp}U6#^Fg4vh}O92rORa#<;#>$-Jg5-cn(ls zQvc>9@GkeY*S^pe`p4_e=mY`Tf%Aixg&MhPeip{ft_-&$5E=pIr zTeNhA{GI%v=Qpo2-uwN==w<~^3E3Rl8Rir&)K}{x6Q(8gPrZ^hR7j8Nh!-UeaGdMt z>c~@P1-nEd%5Oq2aAmYd^fVHa^ptXkwv!$x93XZL=oiH`#gZq|SK2kOjykO7kU0A} zy}2WKTluA;CE~xtWs*+G6we3VYkg}14}>*_nWDvdSADDA)}S?X+QaPOJSD$fILy@~ zRAM!z8PTE5E#BZ2}%d!dF zAdSkko#XI~Gg8R%C=EFk`YnPLHC4aKRAU;QHYm$6YcTUNf%V?TZRL*@v^w>6o1^HR zz(^vcj>z=RiDnmY204+%yIj_LSD0c`7^yiKheW+%8sbWlSJ9^J(-dFcHL>X2b_BcE? z&Kp;feQ;m=5pye>#lPt^K_nNYinaJ2*I8~u$0y(>xb(D{qb$lIy@<+ zJV9p)zz3)GwLiow5%p5qcpdl6)}Kvt$dKjqrCt>z2xHx9gSS$aGR3?>?l$@^y+3GBI^@`m#)=4K^e#%kq8bOUBvB-gV5FU(&utM-qoF{dZh2eSXalYaBfRODWYeF~0 zJH|)g6Vf8_C_EZJPSWG|?0tEo#WA=6Kdtc%P{zdK{f+GOV|H_ypIFlg;jTFR12-Nw z;uNQKP6_x1*GSnlS)4pc{$4&tnTX$0t#oI(C*f7@i2DJY?4$Ha#x;HqbtZgCKnlJ; z>Rwzbo`$F6?8FTGLuMwPg=gd8{BU^=e$o9Peh9yqe3pI~KY|~{A;~d3uKP>uYOfG5 zC?~xxMrz2%FDDk@qfXX`2+Q-2+B77nz>vuaC z*ct3YE;g=C@{^vU)r-_AKF@V811ALA24{!vGyHBEnc5)^;&q9lC2q19&&8BJ4sOy{ z-s4y@$419Fo@7lCUW`8`J|rTftj z`)Fn%A*S<}AlcO*mng0(4!8@|^E8Vzo4kX=8s>b6;RI(Rk0kw|aKz~P% zWJB!PoJoQZL8plAk>a^oUFk*fP4F%B?XN2hj0r))xe=A|JB{y+FA~B{&rHuvC{4m^ z7cCPnapAbH)K(Y=rzVhUaGG1T)ToShpAb|KLJ!|-Og6nWeNLGazAVE?(z{oiwo-HG zt&Gw3qwJ5^XE;Ue9JM{3Z>+_ICT8m7tbr1J zEH`mKc{k-Q#hpIP9%l7&7{pNtjN-+LKRouTU+b!ZehCwYZ3^c_vZE$M_l~hOHl&a< zJV^=UQB*go8DC<1(pJkp#`fpxxMkdf{CoU?f}^wfveE9P&QXy zkFQoV;H}D)o~t~qI7huq(}>f&n($`)tnORz>M$fKReww0u3sAWSKJ=sMx)laJHe8m zNNT|Wd=L}FA!&5br6350@hwy-YYhj%QQTR1!t+tkfLIJ4pBSHf9lwF!#Bbq&LB9y6 zs9bchk+<=K_OAS$f_!P2J}B{`iA9>ucqv~Tt}?w#d6kMfJ(MLF?@%p*qF_8Li#&;9 zL(OCl7kn4AIrnp|ktS#!dY=q*4v7!{9O)EQqF2S7PB4%jlLnLT;CJy=tY@ry_*=)x zJT`A8|32P|KfoX28$BL-KEhR+M$KdVv+ompXwaWQVL`1S)X=B+GrZJr*$`=bj=#V= zQ-`L##M|&yDgr+7CE6w8|i& zZliz1KjApuNOGmwvaf}}q_wnMhK2Q=MPb{sIcz8XE)2=ir|;1vf8G!oH_=#NY%=k39?}LgS_zys(^(_xR8)I>#>2e!YbX2d_um+B zFVHV^Aprn$j%|(Q#l48f<6VtF(pIvTe3{}x^`Y*kxzPkneX0hV^Q-4t4cj}? zC(d_>R;MlVkJIf8>8*dE&o(Sh*pqNQL7Zq!oRQQ&#V&=D(mVB+oRzc$n!oLA=2Y%< zo`K)ubl&BjQtrFRuQ9kN{A<)F{kFK+1ZPu*X+z4s)IB*(!o>Pgxkc4K%_-YKU> z=jWm=;w~{Ro+`<5!Cbz&j#Vm@68FdM3p`G#*LvIeI{4o6ouN(Erug6U-=2FJ}X%8d^b)|n8~Dee6uC9 z(%5$$Z*m>Q%Or0k3tXNND5X7$SY^KIzGtLnpMP)NBHdx#^pIN->-6DzRji&sTP-t^ z5@-qA4z#4<+GGCpY-XI`oA|Zxj%uXFtf2)Igzb(Q7`vDBf_|E@)PA!)#_Q!Y zz)9)6MD$Fg6=z8>+xy0#L=iTDHV!2C(YnXJ7{Gy`K(?xwq&DIoZTD_)u$9O;S z9TYG%;B)Yj@RX>vdcg29?n3+@#}voi;je_72l7NeVpRmUF@Ryz+^AuKK3BT06==B;b;NYCw9-;8@*(5o!C< z*3j;;pExg;{H|-KRMCBzOaV*KB{(Cxp(Xw_i5WzhNzu@j*{*lE&sFi33%H`8;+5jV z;zrkM0*W=xbEa34c1U&Q&fEAjp*49X0Yv^peancjE#w__j#6IHO^@Fnzv6&}GLBOw`z)WV zDfZsr@9giZuhdUtma)chy`5+tdX3ckw!XwLD*hc;E&e3e1yzJL=&31ahE3O2+IMlX z{I%k~?uq_)Bi9J0Po)LYo-qyx!i2Ykhh0XwI=HTIOH}>l?&#CY_ZMH#cbL``<-->9%2ZO6(+=oVXo6Ju0F2Q+@y*kuLj@ZkojTF`rO#B@uL#y#f>n|5pQzcs_vrxF1ek(oqC^VlD&;|jPj1U z!p{rt6V@*lrLSQuw_EA3jH6fG4|E9XAKV^%BsMyMm;N?OO{pdwq<`iwQaE#>$g?Sr zY;SOQToM0(OR=n4Ugi#KIyC~XN!s07v+lD_5!e}gGGa=+#dJB1ma~&qLu*ex72Ssf zO8P7F$Pd`bk|>#ve6o73&z%JSr0U2=1a$Hx4<#LCY_vVcJjUwa(}k#TrNq{CMaX8; z#k4zVizsyZHd}xDUR_LK@2&^VQt=&0h4QuXSM_T3c>U@FR7QV0vHdPyx_~5Qs?Ms4 zb;)`+*23V!P6NF+1f4Q4n2Vi@U6a`(xk^Q!F4ypV)DHRr)(rk$L4;H#>ySxPt*(K=3!-g|Yf^nE z_N+6kWZ`h*f(%E2uLqheu;1a(>8KZ;b?$QZmOPMclrQpFsb22m9e6h6R_yrH*|fjx z10}mW9;#0oj>nHoTwsz?+v)q9T*-ZHO?-P%hAdFN&*Q7dcx_~KmO;*oQ{t-J;9msS z$YjbE;Z6^;-!t9w!2QOvDHGGL8r{3{4)Trno#utfS zQxh__bFYZ+h)1gWdkpA$Pu9`gcys|>GSRKK@`2jL*Coo=U{0-0-I`v(n69O}e$?+V zST1mVBH(oK?qN zD!weUReOhuBg+jG%<|MiQXpP?179r2I%!D;%G9Q%rPA%4I;l{J#qNx zNaLpn<&rHf5wazU)qxp73ql5V4eIKbdW>XCxy(qicVM})FSF|e-mc#ASt>m8VYG+- zsXoNmo>q`vMqBMNj^e{5OLm6ti#kmjNx(0jc#ci@o-!!SJ}oVcZkNMkM=aA{5`1v; z^918|N>7>W(`{Kc9@1FX6qww}`HlBUz!txhomPc;7J7d3obSEgd#g^Un-#Dsgcdcp z>w#f+qB51rR%0l|kun-iC&=90EiN77>Kg}h1v zmeWr~QJq&Mx|mCu!qsuqtqY6tawb&?myx88qRKx@$P z5NX)8Fj53BLLKQH<7POMWRogN1^DBH-U$v4!^I!v8x@<>e`S2--Q*AVt7c5#ab=Kf zf&99vpUyX8sD546IJ$w+kGV19f3W*Yr7=>*Ro9qvsYweR2nNA2*k`pZ|eC z)$J2(6>k$CbFGl^6c&Y0xz9aQ9qCo!H`kvQY9C28#+s_Km(cIpedg+ULjD2%M}b(} zN0RCGN`6kMQn`7$1(XFZ4}~Lg_0@(@nun)}Ep_XA;1wgn&XK)K6fUxeb6jHOweocy zSAsMN`_s>pCsNYszcAJ_qHSwzH*pQT4HB{Y9nXHoTeNpHXJ!+#uY0`vXZH)?qxDhZ z-0%~&Vd6dR%ffck(`+lGEM6(^l~c5Mr~4cI)cCUOk>s_`4Jxrl65-4z#eB-zN&P?_ zNM9-c6a-|C70;5Ust`>dhA(G;Zk&FGbc1wO88*31I zC^t=zDp)4uil2zn+zZ`{+)sF%@U_ui3RLO4pEG;j*6`ZK2K?~jnX^mRZ?#{#S9Y%$ zx3THG{iE*D`|kbmclYlcZ?&=c)O6uzy^YPOhd(U-_wDmHf7f^Yizasd%OS|d=JY@3 zx@~}`XFwYp;yK}e%2(q2wYx>13kg5|Q$WJv^uzlvf7Em}eQY@P_&;a=ebicSV`GK? zQ`7pQ`}pDQv-kc}XJhlS;m51<$dCPdl;~eii{*EZwAt7+KDV(s@#4et;?G2!o?3}G z+1Na3>E2e{?cSbw)V;M{e?xeAujy#lr6)EvpS!y2O1tW;jjxfP?RM96m%~KQy9+?H z{dYO>2<&-vv1bH6_rw5bxkh+)wEb_J?tN~1<=qD#ZnwX`U3mXTeG}2Yyv`rTx1c=q z=)YS1QQN(JLiqUNXSCZ0rsOMLG<-cnF^mkp|i-K2Y-W+?=M2tdr zDfyWT_~RFC=$*>{ip~#8sXz#fjG5&2egeUh2k1X}i z-`dzT5#x207>CLxGvVnKqW&xqxd%PD(|u(n@pR~kcil%Xh>U*qGY`98|L^6}jbs0c z9rEG9|Hubo{Ca$SZ_RsuwkMam+j;pE`8i(29o?_Ve^H^scIq$Z+h{G7OzPsHs>^V^P_#FgOFDy-wf-Dlmt{_o}Z|M1}H z&(}xlPgpJg#G4q6e~sm_p1XIqcaDfpQ_pPtckAuMo&V3}!UqC!L`3rL$N#p0dS+aA z-N&C%`1^eB&;EbFNt@O7hk$Qyf5j1zZT!GBKk{+DSv!-z47N*o%?5Q{M`<*j{IwNf7%nduf&>m z4t)IzLms_2{OM)mHSFT&Zu_>M?>?7qx3zq2>iFqP<|LKgaSv=l*?E^QH2i@k9vwy3QBR-o5X(xZAUyzJ|Jw zAtH9f`gSM(HT;ywD%jcdRef?+N5##hPpFa^E|EGNXc;@H)!LY+Wv%HLmO-E1r zKkSZnw6#8MZg_XHz3k^5{=WY8&$gOAbk}^oTilY5y!j{o-F3Ny#ixH}=n0}vO*gyi ziB;!*&+ebivG%wBT#5Hwal5CdxBtg{cuTA;_|N;k`SRoPk{0~d#h%rbST}#h?O4ax ze+x~ywU+sx(BVpS`^re~TdjXMO?}_Z` zE=~Wm(b(e=0JjroU)Db$M&%MQl4l=U(JMV8bfOh{RrSyPe_Z|F+slOgqaL51H4`g) z`=uW1Z%w&BW7uuoLd1i3Z|TXY?jwMB4Ss_DiTQ&&_~(i{#QV{|))*U`JMGoPC?EQ- z2t6dMev~^u{jMa=H2o!@#g@Z7`prxjlx^mujoXB-~gdEN2m zLq|`n-V-Ya5h>z4O!#%2___A4_km`@lN-hkU0dRDJ%^%sc#KPP(scWEbP zTk}6L{`9}BF@IYUYurC)uM=Z&;-47(U+lewZ!F2yC+KEo=6=o0%xq>Ta%-j4f=2TG z56v!iGn1K_nVH$;GL)H_>1uy@GBPTwY~Q|bzHeq{H4{>1M4WTt#Nmi6-`6jBK8qq& zpj>S)m1%~0f!p9|&FWw;*qX;?=Un23t)mN`o{;$lo*2jdaeI@_fA~^{>zygzifT`9 zjb^%Kw4Pau?nobthX3N4ig)JM8%DZ$-D<>*=Xe`As$dy8zt`5;gZ%00iMAvhS^C>{ z%ES zKf&T4X-S}oTpvR$+FKmAp^aOnk0O3~GLj%GbXFn1_o8JI**Tm(N}>2hg(UsPenE zE-vdBS2^5{1gazQk&DYV)jn-^39W`m~KB-n`3zOiXl%#$>LVxhqHrl!aN%IUCt$&;E8mjE$&`KB*v}vI-QkvF5+m0 zR*yiZ7{;f9)wf~D+QCowIMPg7y&=n&9d@b;xFOQ-jLdTaG~Q`0z{F-*0Jc4y+e(7} zd;JQlWQB7Bl#>HgUDs{@#3g6?aOmtbYa1fIgL3Zx)~>Uz!OH8*14FP%C+VEoG64G} zG?y%t@w$3;-a~Y*RFMSns{(BW<-ijBCbosy*{N#6k1VazE&_aq`-G7>bv}F66 z-)E9{vdFg^_^)_j7nTvjRE;*4*Fc?fEaRP+x-_sz>>`V7B2K$;rxIHyB${Wnt%%>1 zBrLLwokMm=D`Z$-t3MVOyOt`PA!3{2F;?qPeb#42Df^qrPWu$?xL4!*J&xN*;E+o? zHR3cHhet~3h7i+Vi<3ocy=~Kd(zw*2zO;^PP+hRmJ`#=CFD{lHEI`*?S=2jH*k@(@ zB;4povW?R(Iz8h@U5FFee%;(UBapvfvt;K8K3|-jp*Y%+Rs95#O5(pJv)(%K+w4g1 zn&J^1+mW-DdALi_Qa9WQ>QRb<1lhVR__2-OX*VctQg&(<#+H(8_1x;&_}}`AySDJy zEGK&k(4(oT;a1swX464RfntlYWofnx{Q%ciz}VX~c{_=D)5dC%9WRY6*eRMaXPDjs zymLi(=Mv{+_$;5>tav#Gm2Jb;$}7y);xhb@*qrWkdgJ$M=#~iC7ZB+yh#mY(q+_j; zGIW4xn1a39z?cBP;G>+`JIn&oE%&Mj*xTG1ZYUIc)DbUzkEYAo0`aoGI z;9~nFidnK*-C1N2DW|#T*qr(K438X%<9|*+=%i7~U6g9JI(KB;LBnV88r zF2Z{_{bezJc22$g#N8x+FS1BK`>NyE17_7#L{6z~f>#+kW!x+!}{iO>_V6EjmewVLewf#`-tl&<6Iv8S zNfT@|3tKN8+i?N4t7mS1tOapAIaW_mXk}LDMP%jfY#eT^rnlv;b*(hauHoF5T2FJC zZFgdBJ_`~_ZPSL^JkHiw@=nrz^>o%)auYaD6wA(+zVUVBLEm!L{C0j+j(ht)-5!NrBC?cH)Z6dE7vZOf9CYgot7Q7aR z3X;2R<#j}W_mb4}IE$m53(WO{2Yu$ai|RvmIGFS{3;u4 z#i+1PmU@;4dz z@$a-m7L7aHQm3z8Lu?_Rk!R~pC)U=n+G6LDh8s!|{J%I_;ovDdg*2MvTyt5K8**4t zxS2=UJu;q4F|^Vezc$r2OmR0sH;EL|ey<~Wv3q2W&ekp2jbLPKnZ;bXOpDdtEKqZ#9BUvQ(pqixE?AQs)p)pvsfyZkeWK22gMh*zAa&iGO zq;Lu94n?^Aoyx3Whrp7^g;8sFcRk53$H>QRO_jSjR5^2o3isO)S=op4^9%F)6yGA{ zBuO|!vD?UHT;e1A{TcPAlBDfIor+;m-Xx>g?M`6zHXk|D!!(m58J=7oO=&KXRsTht zLqcno@hIO*@2iu=d=f=uBBBg8c2+m?*LGPgv{**r*m#i$nn?wOB-38u00Z_`S%<ks>eY^;iAKnHt^hNl+6shNC%n-AMTpg4k!GaW2)&|!7Z zQJ^Z>idkN~{eHJkvLvl`IQU~6(!?|Ur^fbJ{%y}JQ4Z%E zR*@fuj-8ELh>_XhrS3!E%MlL;%p&{UF)R)wIr{<@xM` zDu+|SP9=_Jwuj-p7P4I*qd^piQ(VDhQ$XVQ!TFE8j#gw zfo_gv#RjVRL2og|`2q9R#?ksw9PKJl+FK*7>4yIj;Ni-_Uc4tsV*Fi!-LxiH0u7-q49o{7T&$kK~>GMy_M3x}|gz4de- zB5S6x``&oucn`e4W6PR6WHCF*A~BgqZYktm<62033Rp$0fKT_AHz@-rpmUW|B+vGy zS@Xv7WmTozR(&uJOGcrB#<3g|xX$u;-Qpu@x6}J3^2s=}EjZGAf!=!*!RZr+4136R zDruQ_@bBc*8fDKIpgVhoq}zZ@=9BhM+_OV1jJA~NQ#T;sCMMgcVhCdkNhFMBEQMXw znr~2nnBK8$pql~u*5#9qUji|K+0~;(a>=-oU{x9475`v!VeQ;dKR=yunzL+QWZDBlUf%31LQNFfIy+PHc@2ynKO}vpQHP|~ z$ZWk2%Zw1O4qoTFd$%^yC|(*685^zbTN_hV@X)!oPL@4us8ew~Ql-^{mSh>P8RVnT zDyDK})v?COUm^{D32do5lE$zq_$N&jF@5du(?_GQNhhLCYz3HY&K~hth+%ge0o!zf zm!}7_9kPhAp{|w5l}DbIWBz&EFRKaybq&uVX>APUmpF?*CRu@{(9#G`oz~j=oH5Ni zX`@^GTTH;_vgqmM*1!q7dB|;rdW8zQu+s?HN}ywx3?p*Sm95Mp-tB!wh|NZ_SrXOT z>eW70ce@c6rEJ9kV$mi$#c;}W?@&!F>TTT^67FO$MjR877lempPdYD{WS?%p7HZR=+4G?0l?3%#p-r0AE^61oy=C8d@_xzQS%b zopcsiWOtmw+3LZX!CL6DFZ(t^T(xFErYvjC0nR7LA8VO8XddnX@4V?W+n}tPi1OqP z?bz-?$wRcEf*TfDp@=AuV@tUQi#&2? zY>=Pis)Gll7K^>MdduL!18xZkC-v)OjV+RAcXo+5*7K7H-$`6@X$8(&9Y%}~*|{L{M)qK}dKRM{SlzH1iT@u$ zIZY2frkkL1=3xE6_)y!%Ch;z$yFfRxXr8+DntG+u`0LRCD2Td?KxGwCFpI1#j;sW z?sR6@1j=#n=!f)sl!?R8{-`zigeVed<*l@}iX=}V+SI1BrZis7a37Y{hI|KWOFRax z#g>hx?(N;_EqFz0+ce%|)|8-9pH4e;lP%MmGP;Uj|Lp$iiKC4{emAnxXau=%E^T7` zfKJ_=(I(R0am{R-m03%I7n8?@*_y2Ch}iu7I@A+hhc68?QmvFw{>&H@$z+mIs$+K#imkvD|d z!G2AvWw725qEu}7Pos0o36PGZNWKd96qZT5Jfj4f$et`&&1j^NZ2=xw!`)%t62(?^!q&T;yYqYV z+1#?D6w@n+!0oB>h;9+H316IBOJezx!ZX{(s^ZjCFIh*<=a5@wTDHTP z=6TrRY%P;lUXf}7XOq1}^=wnkwnLmp9er}heDAV@?c}(#jhpu+Y~(S2Wx~r+TY@wT zGL5nru0%#7(T*RbB2KNx&Thb^cL;K9y1V}O>ZHQ`YIwH23;{6c$RLyL+y^zIqU4&evct+_= zD(ER&SV3i39bOw=rwUWX-pqN6sm-t^uEElQ_k~YF&H6?1*?oPp=(hG^aV8@-wZlGWoxs zs4C#o36{r^tjd;Bt|xZ3kS)(lBy}cXMc(}WUd!|Vo%5)StjaXQ(p{G3?wx_e!Ck6g zBO~eSiM$3%(mD1GWUoqY%Sw`4pxGGSpNDU^i^s}adp27UzwL)nsE0!~i9_*bFXYVP zD+KsDD7ImZQ5LuB7)xzvcX?+PakbwiKuV}G3{oD=57rGL}XGDJQ+uopkG#rarb~H4xrnxZ3EKETPevjGv1F#Z)nR0O$Dmw%+U(TmfJ6< z{pWGf$}sq4J5?$PShc)G)eGN^E91>EhyvTl(O}(V8F@jV8?ohVcfrpGq;r)GwH+(+5rs#94qI?H z8cbTA<8jh#&1JbMtS+N?Npa9ifH#7^olg6T?tawb>6H%IDJ)P_u!`JGnL4zXzau~k z=J%Lgg&AT{7SST)^mifTmD&i&CC>8tb5XStpb5OUD7=$+v_-Y1F-w%fL!G=rRWj)g zDN}_tV#~E68#c~R%>X@g%34Z?hoZ?om6#_l$HL10ep}~$wy;{%#BGkc*jkJ|ty4QJ z3wl`Xv+t9LNNc3qWao4X?u*A;8aQktUBrWY7rC2?HM{^u1rJWz{c;vMPb{C8} zC?pA`0d0h~wrE8}gRN;-P*ig`dtMewZRm z7{|kELffbMkFRm6CL(O;D0``q$tFT(DWc0Aq_pl&G$%sRI3`EokVspx*05CVkO3mx z{!S(Pwc(@`S|qQi;vC;e2l32m+wgEVlTgB*)Q@nzL~IuG=K_;Sgyyjw@qJD4V3XB4 zN3Jc_R#xd6C|;JR1`0H>GCN6Y4rCJc$i@=hv2TDBk$vTOcf)UyuvCdGf|ff4>R#fq zj=apE%oRD<28s^T@jvg!FN0PA(g-bbs7i?VtHT{*Zh34N<6$+#p(bm z3c?V6QE+r3(d{U+&VS$d(Y*d3znGcti3U>EdekaRhv2EJ-FY3ugZ5o6( z@=%Y;5qlMu6)s~7=1Fv3*jM0|BHIHqwnG->#onk57XFX5V!Ow9Y-AJn4T{CHaqog` zO{gb>PSr?QGYL)GSp^Y!|Jhp! zd@+yOA+<8-vQG0Hijp)~C%?Nz7WE?K5Foir6Uej_>^4k0&dDluDPpjo-8z>-HAv!K z?-Xl|(65C_o6q$r>6_wbK6pFq-3JbtO%gw$Zy1b2Ol0qM;RaRXfN3UAZ?%fl8Al1o z!b+;sbK^}zIg1seI13zUza~sA-)^g-Xrz|sy zL6<=p8O!Rom1g)xf|u*DpS`WHJM$RT4go$7S;SVwaxxDwP=P(puqfz4ec0VSfMrn) zoxGIqG)K)mL9e1AVQmiIQ<%xy4n-K^g1BuXB4Z}|SVf*@l{Fsy%xERDr-shS=Al}4 zUPiCPEkrlZvD5XSGX^=eAj>QHPLP6m1UXOoO=HhkP`7k1@n|lB2YT11wpMtJ$w6em z554WI`cClp8e7X-ly*3C(2p$4gr_o_C0G___LkLLMY@h{<`T#1u_|b^<508g)Co*? z3DU&5BA;Yu^~i40-VUsmPqr`U?jtW-dTN(fnZL7u#lNV9A9k6og?T=gya{)iitS<2 zZlY%#p6Vfg3sgdzVlgSs9N*Q@IS%K(191eK)e~-*3qjMaS3m@OyG1#qjW4 zD@oD@zf>d7Te#=NwTp~T3y-ivTLQG~URr@?`w>OEO)HciJr0&^CGM#Dg8x~pb+f2l z1^qnv>&PbTvdd~_`c57&{mk;>{-?bMz;lnSv(t?3+sDqMmG&yg)P?%k3I7T$AGPe{ zW;+X?MVUvlphYS9yp8FL+cK+9Cvi?BS^-nlI(W)W$HJ^7P$hA$!c5-E9CS~mIx688 z#t+FCdt}K$zNd)q-;6{Sf**THoHVQZ5R#XJi>Zx{DKj=btzv$~2N_2W53sf=PWG&msw8 z?@Rh8$iCK7*AH`@vSnw$5|68qzRk%Ms&u=Y61VYVC#tyT6w8-L#6YgiF2~8El*81+ zcpf_ibS~g*=GADmFP*X?7PV&$+4%3Y1jcug^v{v$HXzICbs5+AQ|*}Ggo!)VnvN1K z_U`s>$aZkV;;+T*HZX~}n;OZL$(Yxf-~wlq|klUo7baTGb)e?r^|>mm=AR|eqEQJDlM^OK;%QwK-FxX~s;8mR&# zA@^HkXQ_?x8|a8SEbGZ0pWzyat4fCQx_V`nk8De%*&fB=zAPGX58^tGBJ&2<7f@B# z9PB6Zbbc4|6XuX47Vt?F?G}oX734vZOa|0>T9FFtR;^cKuP(~(sJ%Wef%6`?pA*go zYO!t1RWsR=d$OD25Z%?SgLJ-%_;#waHH?0Ex#n1P&N<L(@#7kjYb`2BD7+*l2wU`_NWuM z!Ll9FdV62Fkqqc0$x^Zs$*Y5%LKuz0Lj6qAQpDy|%i59vA78`o__S7-<&u@A;mNda zVJ@|4stMg|Gu*R-vYH@K$@^v8dunC(Jpng|JR8An36X%B9wn1BMHZXstEGJc&GDA( z#LrHVw?~v>eh?7!3>-qG}`(#|)CAhOCJj3_D{5DtSv}JbGzOKlur@k8>1hOIP|R zRyR@olU53mUvu0$5;qI0m(pC`*D-6BbMMbO)e|}OKaJ-p#+|9EPO!T`lMbIC?qo64 zPr3{&)t~BPVTITRHnaOuS;Um}N>HhjY9kZjIT0V-W3Ydc2DMD1&K=SOVt%I>S+ffNT7&RCTT_d}M z6)W_{FMcHT+{jQ{?)qd$C$~|RTo%OXag zK3E;wA6%Vj**w8Zxb;y%n_a?tCxe=b7;NqAPeVPD*QUZJRq%D#@U4Gy=8-3N3xod zBFoC!EgMC|6e`~c>APx)KJmQVgMDk(n{5(zsgEJ*LY_||Jab~=DFCQX)D~@H;al1sZ zds_kJIPRMReRMlGPI(-XwAM+h>JjA&h^{kK2gZ;Q8_2sESq#e8o}m-8q!V=ud*`8I z6d=l_RwIj-GL}n4vd9}?m88YC$MRlUi3~Whk7xS_s21VQ#$vsQ4?nn?+mtFk2!gIC%nAMiaHtpaqwAi^`>{1Kuik3>DJMP4! zNioA`vigsENei;ja(H5f3hSI(8F3S#CB!XN_7#L*#o>#2@Dy4NDjDK}>3hU_0VZ#e z$jMUNZW6aeXpGE1ayt7srmt=b=h;{tle(6De+U$Fn~Qzj+*hTGL*ol0L#P(zfVK6P z%cPh1C4-mPj$qXxc8b-t<`LI3%n$i31&BGZ&2`{RZmR&tD4F+~;UUM?H=nWQ2x$Y4 zYFOx`)^3fV7_t$c{sV!gX(7^f5-o1dAiL%_ck`H*c6IEd z$821qGra1@&8?HIB-)K7%TTLLnhow0a$kwCG-zh!aaAwNdT9;p1BucHqA6cj$hsS3 zL4hLs1dS0-HdFx~J&TA3Sh0KY(Au>CzeF)ROgrWW*Fm6`T8+cGv$-U~mmo_O?6b9W zi0W2M&}5b+0!6`kgKRe4J-l9yEKeahB+eCpBuvjCJ}NO9wJmb*MA;-7sW0DLftS}T z^@!R62m1;XXZDJ$Tik}yn#Jv*!O4A8SDOS8`YiIUFiOO^ys;vT&fb=I{K)C{q06*W zts8C{fwe}OCfWV;2s@;3FTh$S-g5-56Q~!>OOvpJ(7KTm_Le=oNV!x9pXW2q0=BJr zfHKj7oX2@Jyty+p6N??9aicC~QC75mG}i=t-&U<92e^3VKVijbt#tkjmiXMDE`5|&YI#kcBILu_~R152njEFIbw&mceR=aQg}y{*bB2keCSNZU#xI|?)h(5-xN02cg@ zwJBEps!3yX^f()}H=o=wair-pF(xmRbJH zRtmF_z@rmcvpP_{+t0rq9CtYTte-NhoLis*6~*3CdCf_}E+@5wQ{q*iZDO*|u(MZy zP3+=~CFuvayq1F<@?oy5qNZ|-t~s5x0+-WTDYH@o_j@npKoZaV5~ma7IHyTSD7Ags zJ8x=*{5N=D!<{At92a1MTSb%F9{6aN`E5tB?79$}pN`dY|l*{9sJmZzd93Oa1g zd{3I^o|4~k+Q_rgSmEjBJ&}H+IhNH)VcxLckNBOM8*++;juWgc-%l8CJFRiXBfb#@ zrB*q7oSm_9n0&m`I>LS0D7$INY0hQ5!g4(mIpNrr52blEywkuc*c#7}C1xjy3jb30 zEV(CA<>5>yM7FICt?`JBJ;nDD-(ql$fs`#ynIhr;Gy6GNmB(MVAfts_LELAMSA1b! z0~^F}O&lc|hS!^LyR11uzm^lDuphbqPc4-yP4YiRl*PfHQ77y-@?RM>+o$-U(}9XMEGu)~Tw zLD_sJc~PXur$Q&U_siNDmR9LvVmQ)$zd(@@J!Zu4})3OL(L z8q?82UnQ+W2e9TUGI4>^2z0T>ZVLjmf3(BeNfj-cdn$`pEP+C7LsZ|Tnb6O|9@D#R z96mJP|B0=V>xDe$(Iw&% zPmSyt8@@XscRhJ{cqoneyZ|?Sp`|hY>%_6?L_X<^R$PJKK6*Nxa=C>|DbmzYj8&1u zMZAJb>yP*KM1LG^hh)gI$PSf{23STEIb;B$2X^0F$>m?+Nr=;R=(&TM*1`Q)MCa<* z(V6XvPJwGJs%Qc7aF*S%Dq({qo@HeeA>%f2|3;Fn6_f=`58Ha9EYn4*)81<=o<~<} zcs}Cvp?l0aaE-XTY>bc54W^m=)55&8+n$1Yf95FmFmvAm?Yo#fgR*;seAgz(6wSR+ zvOXa@^JB3#nXHk{D-CY9uwBepGAy=fiJNU}or8`mIH4xkP6GEzRIV7#Re;2iMrXih zc)>U2oS*uev#5tYm2Rt^qjw&IcW3xirMp&txS0p=rNtTK6 zBwg`zB=ce+;YJYEQX8k3sXRgN1R3ut_+?`g65_6}cjBDVSGt z|Ife|Rq%K$Vy*YsJ*|z$d6R?B2KiYpaUMOGU|%#6MBX3lwsTG*Jj1Cb&Y;>iQXI?I zIgitKw^3j6hSQgKxmE=u@rQ>ynLEX8k(&a2>v9@Z$m+#2$bjCZ zmZf&Ddw8wyaB-EaP_a~q%$=m_Cha$dJ4Yc!vjka39oPiK3eCHbku&=f1C`h>pH=ZK zx}~H!SZRaT4uMO-aBcgjgWby3BXMdqFB~HK>M6b#Y|?(XFH$A3vTARK|Bo}8g3Y$L zmAa`83eq)GHA(L%B->OUt0#61GI zlc=oxyp6JM6Rrr+a8la>U4C-?UNYwUDF*?3A=qp6h68Nj@-NE{C zePuW~d#v^R>_5ZgXyv}I9v=bCC?4FDSCYB>!+Yf{>(W-lJvufw9Aa67+TSTyJ3{q-pV8(-2e0|Ujs+ya5wbFoG!tOks76Uc6YDv1LtVoB^fpcTw#~gEQ8v*j*481+ zci25l!kyHYuxc^8JOb(+vi$+>FLB&+#emN-{|-_l4DHO1RkmfKK4c!1!lJ2^do#Fe zx1rjP@2qUqQygaXtbofb=-QY2sZPb&D*J}UCRQic)`sF)>^MrbMbXi=Hc66XkRB_G zB25v__*|+DOFcDo_Z8qXWQm-GNW?Nl*zpC~Wc8{?5NG6)GvG(q5@UNI} zhnz)RL;RZprr+dh&c-t21r6;#g&3^f?6Kj@#=epLv(3pFa~~|BPsE>DRv|22ZduxI~eN}AQd=^%V5=vx7-z=dj7E ztpwYI-sjRDmZbOb=oI~Y$L3x$CupMnw27@l2xHZuHEr9yPPMi z!15U0qdU)W>XRY)3%e^rTP;hy)^=7kI(YRsc|{hc&k0}WreS}JOknC{l zk#JJKg;l9I%d^2Tm!Au9Yp+Fl#}trBsrM|7mK?}8cBuXArxRLPs#I}u3@ z$0GA2J_oep9@%1@*Q1jtMOeJej+;gGKCR6&E0=J)i@Lrt>@3aXJYSc@}SM(fKD)p5DitYO_9@eO1;8nb=9SDU$9Ec1mf~c`Dz- zrXzN*k!W!@aXQ=Vm~$UBz#2tovB?@*XEDrTd!i*8L=7d~a z+1qTNmgPM_D(k9K~2YX=GXm(Gk?%Txvqln~eUY}cKw~?cjSvs?%)nZ=@+8MgP9Fdl7 zG#P2Dw(0bjuTKHpAk$ie$FOKE;2zsYrtGkMsBxebRxEN`o#9gB`wgp;=u4zz z@X+CltcO{D%HiZqpq!c}ShEAYTv};di1WM~679(%K*Blp-R+L^c{;0l04-%%;D|rl zte$H+$~-1fTaQ^fzemEIOFu<1*u}qNVi^Cb{jr0k{ixM7+##a(cMuD0c(!n_SYWiX zGySu>gUxKW?VZ|V{yA;`Ia;&tkPGeXC@n2Ob9#luyHjc z&tY*;#`u=k}qG&lh$CybTnWY*xjNgpL z$Le_Y%lGNno?h5Pu8XbSAsg^7_D1G*NBA#JTQbX6@AsoJHZb}|x*-*FPo&9CvpiV2 z-0AEom2r~xKDWM_Wo0|+EB;SfH~MW%^3F8GV=0{_HUHiHDVM#SYGo~xp}@h@_!k;v zi3~)c&=Lnmr{alXc^h9f+q=BZt~q(a#(gBNbbNQMwRAP3n!o~7SzvK?Qm%mS-idi6 za>!wFrm}m8BVTbggIjl*1CI)sKN~t5Pl&9tbBNJxI=h8E_GEQxe5;#RAW51z^79o;O#-cC{Ho$ioY1qVMEjwI0i^c-|f6F%a4<|-0^UA*` zL&x~ernsW#RQ}O)F3b7GQjL&9{&U8iJeHmLMNvhbaHx23PG_08CK6dLw!yZAgE;Gm zb&BP`1Q&W6Uz;Su+MI4~@)eF_>p7oRj_br(9i1Zch|SYlFRzP^6gyM}2W*bebDOO= zoNDqlODqQDFlju^;$jmg`F~EE*b?|OLBlbs2@Ov5&Uu&eLuZIIkLSPlNstCyaMawT(07|9taV+=wf1Hncj`QNa=$Lm3wQE-X8{Pq$CWDKRZyQN#06 z4qe2`sdHG3+Xp)(<*QE{7oQT*rL@yf>kc$K-bUFeDPY=`j^qE^K{{meMDt43`VZNY zc4}RhOWJmVZ{_%t$LVxRin#8hrG=sYP*udq%(Tk;|L~kWS<|yYhnd!M%o8yOfkM$#(3sQv_ju}PSr_V5lz0W;&-Ss?EWoc+gTt<(PR}}5 ze@LStT|+%S_Nes#E#&X;ABo3L^!}ONk>OAHijoQM+kBq%{X-EI{u^+=D_*A6pLw;r zxw!nQ_(h=&ie}P2=>35AAAWx-UI?o5jR}th^p|1%X$GrG=-5XM|r9*5sZQel5Hvww&;2MUrc7 zcwTt9XS2I1=$pV-Jo1TWL3m+!5k|$~9gwb0ac_XM=Cr;f+%qs%QHnL?;lBk|gja@C zhF|G>UD!k3)!`xDf4S8FQ;VlAJOeS|;&PsUqM|;$0g%S|acwcyb_&|7?qRZ0~J{bP6H-0A#9}54{eK_1jn+@wEE6&s27*-W>fmY#tp*BTv zkv3CtL)azSn_;0G#bw%5#pT+Y!ajkYQe3apUZwri<8SbGZWpRuT$I7yLEVTP7niHG z^!EKR_han?+NY6E zHwD#$q8+P#aC32aQ2UU!S#f*VBictn;o|a`wpP)mcpT$r{hrW9dp@asJ@6@Q-2e8p zwpH;)z%$w^tnKxDR{NZ`$FoB5y!Hj{i`qNF3Sqwn#cg42K~MPCDEvHM(N-!N71fH2 zkS4{widVtyH9W6t-@yA#Z7oH&FKiNwx!7(Eds};VSUb4CtGzRTe9zXhXFhYd`e-MEj}s9-*!Qeyw+3 z;Gp6Q?UxvTr483=wK}byt&=z#Fpu%N57oq|HDNrgIA1xWi1u=E3H5PtF>51;{%h^6 zu*5eQU!eR}`<*ro@_a8~l;o4id{+5ZKtIX$qVjp=3(Dt|RbDSC8-uGu1^~6-8PvY4 zd@yW?Xom3)_kBhADy-?Edlg(X{(pwN4N1?_xwxFKyFhm#`ipciz+8+GvP${Ie~Iz9 z1moA0Zw6mVu*-C=K2|?iM_G-P4~4y@yd3bil~=i6p}SIdmF^woR~}dEk^@w3PYe6F zd=mIB_`MTwjqY0AQ@-yhuhSWV3VlCycX83WzYh%ZkKVU=Uaz}B_kr@^u$y#UAve=r z0@jVV2%}p7`#mrjG4+x1R-GcmmDYg*{l@{f>2BA#V|0g3>pScf=;@(+#M{T~PR>W* zQ0wodybF-8AphOEHZO0bkMbIfJsBq#7eD1ax|@RU)%^=p_vzmEx*xr-@&Vn0x`!|d z@+|f83VawN7neY#KU?*PP94K@ZQPE;-~A)pFYK7rYjy8GQ- zT%N+{ZBLET81ghm&*&74OQ=$%d{(DaKBs$L_k!+4;9kE718qqBIvt9wuPx$=G8)$WL@ zurERPV(^E$-~2z)T@>P~E1=wT(|rZFJNS9%a{g~vLKhL>r3+W;+`q*w8sQE>XhjoemcEU@9wV)&;<%o;1OD|E<|^gr%9>MnUzYNN*AI0T3N&*c+j&n z_=&Lk;JyG2s5^qbQ9c>=Ep`pneXRRL_dP~GDt}OZ3fyOSep3GK_IU8;I;+>u$}eR$2tN*AvC)JKc_`bGIvm=-iTonB|q6$Kh~CY>4cUzHKM-;`hLeh05_Fvo3Cc|lOU zM~&;Zy6<$~>;4S*Q+cP)54r~2i2hdorTomN!ZS+wN8nGoA9c}KBedec@BCW*!YPYe z1FrS|S?3-2i|$ESAr=&kzQ2O+Z+L#!-AJcx9Ig99_opsid4*e#Ym58SVc~wyc=*8& zNy;DH{swI#(M0NW#5GwNrR$)ZWV9}Zq!f3K<>P0<;xSIas?3lCot5@U1mp+LRAmxT zCF|0aX~4hbd#hWDE)}ph-7=JEx=g^H4g1kELzk(`QfBG0fyvQ%W8Yj_mxuRt-r1na zr+HxT_g=4hTpaSW-=Bd)-US3J)D`I-@+sEUd-uR|!9FFrzi^&E7gnarQt_z(N(JwEp-Ru(Fw-D>@Q@_x+wB1CDG&e#1zuSdb51iRT=sj^!4 zh{uEOBIF~lhds*tFLe7l;E!MzFJ;I>0mIO?hUAde)atGVtPWhNJRS|MFA zR@ta4b+1rXDyx-Ez%>)TMc1mU!HU;B-hr=;K~>5!Wfi!T19pL;P1g>p&Y%umy?>>r zFHTC#boI(EKucJ~mUg%I-MVJdqz6>Jc=~kxx?%4DU9YzVvq7B|?>1!%Xg&)b(lsi( zl&wUMSXah+{t1r{>pGP#dem8cxAJ^_uON&5Lj8+j?Oy*POHYj_P7wg+;)g}5% zK`FHtDE}`94%jsg!U&EfyxRVx9a@hjllHv`wDNYRzR&e) zf?ce-1pOC2Zozk9-QD^tRadC)Ar4nF3*O84T?M*-=`UB^r++!@0sVsny}|7v{SRK( z_&%(EgyxUxAJadszf|=uTYH)63H_(8@|{l~KdFC868KRNbz68{>EM@8W%(>OH*Q$8&D&Ue$ww4OAcK?^J!L|49Fk>RQP1O4uVRH~o2D zcdJ6_cImG707p-~m)=|NL%e-*h3lUK)ys_XMb!%`t&CQuzYbdK z^)YS+f*SQEy;&cj|62bI=Fei)^Qv&4>)pP^>?OXN^B%bKk(S>Pk9Sqy>#aU-s(#SF zuKH2`hUzE%TdJRd`9=S${x|f$>;KUIslU_hFa6(`MbermyrcEE`o-v9QN`+CWjn*H|&(VLNdcZvwR3EAG^!Y^X&h>Ot6%Yh>TzwIZiuEP>QoSoEZY6#msxp1KzCvFK zY?Z!RU!(V=)wP({>Af-bQq?maxVvE9fLVabPvxWX$E=ZXfvP5bv%W>&uJ6zXsao}I z`e5Kf@CZ$zdO+E!w|YO}-KFo=ce(ZG`(1mn?tcG1eZPJ{Z_y7Dmm$1|^-8Sz+{>y@ zbA40%#ldi%0kNfuqipg+mDQ-!s`CvO7|Me}X@?69pQt`oU1a!Fb+O?yVP8;QVtCu_ zbBr%Fe2MoLcrG(sZU|Rh0bZ{LT#5HphN}(N7_K#FRo}aod0l6?9cY5AvxXJJo zWzx-tTL8oTK&8ie)PKBhHQZ*n-C)9~n(F->hC2-z9s>4eROY)3cN+{Uv+8fJ^S$n& zwE{+HuTtd|$HMzt)xE%f;q_YB_5Sx6?l(lJ3jH4d%AFaVxF!cd! zHslj%2r~Ta9c*|bupQaca zPQ^Nd;rE~tx*vS5BNDSg<=Z1@AWNU z-x(5s{~jaw$?&5g81?5Swij-Ez{TNlae10@;3q>G&3*>`lRm!~el`4tkr8p14*2he zKMa2w{sQE0LnPi&hG@L;OLb5T`dC9KvjN8bafWxoGF9=01VbXxU@!Df1t;U3MSJAa zJH_yBn3?YM0;fDxhALZ?t4asemt=>8pbU)D35o(2%35#F`>QG3FJjGTIIICCr}meg@h;?^mVz&9}w%{lHSd zgjNL0)u^gfwW>N*J)=h*qEVTloTxH_8ddLwRnj=ttqHg)L$#sCa7V~B@N0tdVV^(! znpI7~b&O}d;k)1lL!+S;ly!bhhMNQa@_Q+$P1UYayEPkH48M4Hs9HhWW@tC0yLR$j z@r#bCgYoDzybGPX3?1&}0o~kIeX1AydR6y$b{pOgdo8#JD?bPrQ1u%6RUaTrJ`5W$ zSPX-zL4!s05#}0ju&T5^!>SAYhYUliVZ*mUE=ED?^Nb-ruLYcMyg-<#FU0#I6GMkKp|%o^aR482td__Kf%A#!QSqbA5tgaF+rHM3C_*7mQZ{@}lu2V`0$CMEwfh)t;~Nl{c$zAMgeJZNB~;KKjZ_Zqu$;4tIX?iIuE|q6Qef+y=d-DZy)3B>g$4hG4?b18w1b>5?ojx z#7Dt=6k=2um6)jrqQ+Ze3^m@NzDIqh`eV%E-0p_FpJ4PUp3jWG3cgn>Jq3QB8y}b1 z>;d(^X!Zr@zQiN6uZ-^_r|$(k+;|^h?^kOXPRDwYQg1Y{`Ge|*Kxw3z$!K<T@fG!Fn7@kWHRAs|-f!ZGGDaI?jIqYI)N$bcwmRO} z?w4S^*sZ}k(lycel3#@T_ufgyOT3beDZr;1(~KVmq#Ip)zIJ!@Z}k7k^;VA_bnX%mH6;^4iGJXS1uk-a# zyLeX{6WrW^b5(n)-PD%{rhI%oGSW-!9R^#3)EK?hwcz8ct}}k@?*qEefK`*!^~Q9+ zK8%8bngL7k_EQ^u{M7;KEZ1NBp7m`o2CBaeFu}8CJV98AGs(A+q>f;@>l4;&3f2#gOJp{gVCX9~qy2aqjn-{HdDb_cY+{H#K?*d?VElfFer$ zyZUZ8>UnH~nsBc=dYpdWehAm<4W(fDx=d4i3eME?|xgTtPo z{#m@A!}F3UNgWT)iFo`&UN9x71Ht!sqQMzM{hze+%cfUMubN&1Vk zu;xdvw+Nm>)T#7-+w=~jeb@9JM(>+4)E}7A374k+5Ri{dt^vQ$9QQT!t|m8=yUByC z@U%!C7;1VS@Av#ZHeKrVlhS8GK)0C196(eQNp)cmtyFV*gA;&gYmt@BJFx7yb_X0yCjise9bNWaC=( zR~Utxw5CsR(&$Vz>S}czcr{_BHyIceWT4nF(fkE(?CWbZW%-?lJbhx(78PU3@KoB{vM^tj zk?Ar&==kgRb$az&=m=SDLEOw?RjBSdFRHRA*`n{@F9x zv)*(I=o?Iprdu^lrn@!GrW$WSE=|}M{;ejn$8Er3o$2zRcGH9Y9i~px?F8vEU4cmN zG2MY#1Y+h+O|R)LjQdRY;2j*$kKOLo{7W-nx({=U=?2a9=3+?tQk@D~S# zf=9B~%|T!KKNj?WfH!~V^Pt;#<_9(Bn=dfquVR`D&7Hv)VN@P?vH247qnc1RgYP4n zhc*B5%*JW*q~>wWrRK*pUxn0oUIwbm%}SpqG>-?|MR9P2`LBRyG*8pMSDLRfKZVh= znp)4RL3te>Sk(NSMica!&$Z_3&ChEF0&g(iXub)UzXQIaX!tnnX7e=^LoaA9m(}eX zd~Y#dfrz@*e4F`p(BEP1bH9jU;!g8j=DW@JnC}JjMa_%ew*}u$C(FlfuW3Gkwr>9S znePYgWs(YCkmd)?51ISi9yUK>e$@P!*{FF{^SJp5P+SxEB;K!p?kV$2ny1YwMDZJJ zl_0y&o&g1PqW5#=_cU&rcR=xa!1Lx8%pYpr2zt@{lKE}T%jOR>bs;aoudkSM{N5xU zubSWVaMc)nKX7|j)9>~XV6TD8*U<5Ofdj^G5Lbb}JFO5#xQm%RHNl!dg7|6PGQVwp z$Ly==4|&(@Pq1%1-ZNhdN#8fCd_FLL2p&p}2Vp*i_CA`oG_GcgTYx4=^9(HPW)AoI z$<0fn(1d8d#ok)K58d6_zW3oq?Je6Ge_1no0;ke=nL{<7Xg&+`#>~h3yZ7f|UuoL? z)fzuq>2Ll*6JQ>23p9VG`CJnO*vFbr!6(=pVy^SN4Ed}ufA6j|tIV&seW_8KZwoZ? zZ#BfdIn-Pc_`1fRiO|#pe{9y01fQ7Q0!*4ui9haS=s!2N`L^!dsB3rY2z=4Z1tcrf@EV170Kq4`sj zYpHMySc;MX>K6OMvd01UQ?^7(KKtSHLaR1bGLaAYsA*Wb`od3=00=3c>pkrdC=UB z^~2^ijTQ4DkuKuA2>eEY2PY&lqYD%rnmUaJvUFnHtLf47X}UH2nhQX4VZ=p5d2z&m z#-eG2rLCGl&D}ou-Q2g<&FW?h8`4}F@h6MxWZz-UWf4*Tr%UKNo|i|Q7kWj+m9)Ce z_bT*PN1Pve4b3kIz0KpoP<*?EUL2YSTM8}3^IG64P{Xc6e@C#p&n2PPN8Au`BW5>6 zwEO=4e^sLHHG1D1k>YhJ*4`3vYs764aelW)d=+#DXga{>&WI~Q@51;p;IG7kIvsj9 z=0dxQ=ECTnh_8e01@uQq{V&44NfA^Pcpqk0hu$A?UFi2dx1&m26MA##571R?*M{Ct zmG^;&2O}PecsSzCkn2Nl2)!lLJ>bUB>%B^S1*!)_zXMGt(}^u~F(JAirJbq+ja&{3 zc6|)c4*$m^o^M8f<1U?&a zN9d5-ZJ~Z1U4A!(J{R$P#I2z>coq4+5b>kWy`j&Nl>QzMQ^ZR$2>pxT`jNYf?<1j4 zg43g+FGYlUz8vvX=y~35UJ~6a5wAvEeCh+O<~Q;krXrS6AvmVG|MiRf*Uk zam*D~siltX>aFOZ%prFu9HSV=uvAHWRF3`s!`NdNcGNkh6kWo@h&ZG^?KtD86*H}$ zb!af>)eengk2)Y~K>RD&B6*|ZJftSaE_h#X9FSZjc`rGB2=}WmL-u1n>{RblUx8eW zk-qA<=GXz>S^Q?lb;kiR<}Ho`>T9Yl!7}My^$o|c*x^_vI4(ZPSuNSEF5@{JE{B_B zU61zfN)Iy8Y&nG9dmKlA98-JYLrFMlpW`@m%5ieW&+jNve3k|rr_{6~=m`9N<9Sr&@t?I?O$h#4+L+b&LUd z>TuLQ2YXZSkny|S<1-%!6h7Rk=2e?a=_I14|KV$xA2PsdsOQHS?vbuQZI5k)r)~)=Bbx} z`_vyrOPyZzGJ-9421wRCXTEaJht*SLo&S<8m-2ZBghwQdWxvQlPHUm_ky?aUu~P!d6sfb3GfLuRPPx;AIhH3F zQ7d7+CZI(sCsqFh)}W})8B<=x2%L7FarW1AiM{n|HUpF8g<9hb)H}uNIgQTq&L$^a zze9ApZh8w89dLGUItY(eV`9`e~ z<_lh_T~0U2|61*F=8L_MDd$V{#OGW<-Y(-Gst-8B$QN{moD=GC^#^s>8F7Au*IRY4 zK8^cM{a)QGk2&Mc1mcePdaZpZ#!>cK7Cey zCw{j%U)0|q-Enp~?>fIiy65DH?vs9D-;%c0{7}d0yPZAGUgu9(`|L06rgQ z_SH4$@t|{@yy+ol0zL)GVUi_HGljTE&Oe~P)yeuN&Pnx%bJRIY!#v+(*_iVeEZEuL z{ml8CZ5iVYDV_N6MYA<8o#m=poJy~p83bb@uvb8S?aTsw;~aH*+{NO$d!7isvi$LcZlY}XcEhHE{!GhyDjO5hU_ zrJ!fJn3ycrdLWa~3&GcF)_`Waa$I-Cb77x{Dp2OSx>fUC3tXp^3tgR@gJf22s9mQ~ zu)A0pVsP&yl##Gc@E5rjyOy{%Yc^??y6$i`Xeu?^VQ;Hn?#d(WcGR~?R=QTX;)>O- zov;+R3SDXJF0w--mKQ05+#=U^aWQ%JVpq4c#5EspsMNJhvz4^8##IHr1$C`!7ia}R z%R#F(8#QGvzI2`Ihw`TIi(tKL1KP|-rO8_tDNFDsZr687J7gPYzB8tK{-5-dcoU*L z;v8m=CjG_^>Dr^IfV@g@mb_0UVvDQNwNE4G9?@)dZG)}KRqfjDI;h#<`pk||Iky>Y z?{sbA-UZ*~+OIjmFXszno%MTMd(r2c*tPZ|a-Zvf<`DEdym|cg`VhCAw;$*M*Fo1& zpod&P1rp4tJa%U|28<~S*^xU8U#x%EQP(loan}iGBF#ycn{ym~r(88Ij*AOSp*aCP zq2jst8ouk0TmVc+BAIA8SYpeqD^T8s~4ZUcM1;^Lw?t#Kg770nsY>!>XxBa;=kQcV~!5m%Qi>S_WW za|J=;z{21IQpP6%4ZAU+_|?_5ncYWQSp+vXg<^B#>)jh|+ra;gpJuc}4 zdQ0;XNCzbB_O92i3KbXgo+)=Vg9OFjA4s3Z;Ww%oBG^mN=b8!ETVU^8BbxW%A5fX{ z1h#upd^1Qsx*lmhxjwrdYQDfW#%4o1ny>PAMEeT-o9ne^Li0lN9kLv8`HCN|VOW2< zo@rvDN!MNF56!q{3Rb54ay9bLa}JRa?S@x3`u2yhx#OY_nl$%!%}=3}o9@P!x^%WX z1AMx?)y#4C)_>A`(`31`-9B>1%Yk*Sd!9R&c+Gb&0N>2}f~*Vw#=-Bl>@$!>K)z}g z6MTughm6Q{=B4iUn!XwRBYgjs{`$k*jnX{C#WmL?8|aITw2IG@l%WIYSqLU+D4PrFiEz!L%Q<3+e) zV#ldRT9CL`gBNP0K)X0HcOGV25fHgM$}Is`09U$;A(f)4psmr?y4PwC3BBS50d`nL z9k4OQ+S=3LxIefR!m~uWC-|gN6RAwQ4zY*PXN|kTyuS7~p!w`;4l zJG2)#oA5L{wGOw_Jx92iyG!eGyWOR-PV(=eJZ`T$owu9h@FC+KE#;n2)UYf4mTa%~ z1>Wlr-tiQ8z}?MS_923Xe~|PimWcZhXcX8%k{P=%f5H(C2Fcbof&u-)xccDRpfkC6w8jr0>~YAm-{Y@+ylSQ%GjaY zC&b7Gl^} z9=mHfPu#=xpJb=Bg@S5~Du?Y2esA(fAak{&h!{hCTp!1&ag-<3K7;lg^@aPTyN3S? zQU*^<;)GhB_AqAXYxkr2ad%8Q0UOqnj8Cj`P?!NL|I$5a$_?^k7{Lq~{`Z1M zAkFYx(9ZE>dT^)poYxLYl-g`hIVT7D|Ei3T{bL^S%Jo#L9LPT3vjF-+&kgM&Hu@WG z63yDh9zI#oKG{Xmhv~en(j}gyo@JiRoFc&$g6Dbi5x2sVDQba!U3(eynsz0y8ty93 zRqaOkYRD}l*B8-O_J;Vs>SY1^eOeFlRN$sp=qZ9;jOx_7wI!aFoKi*?EXG$#0cOfk z#aR7XAWS(zTA9sVCH9iOm9aQuTSsIX_-K8S{T+BA{3+tO!L!lh(r)tjwNL9edn!DS zVUfua814UAsYJeKWIUIXb8rXV@>Wj-*|vG&+A7joQdJGU-E*Au3;(9c)22;mquQN7 zcX@hLt?=IMd5$cbM7KykI<tQCl8=%ZSW=b={4+alw7`m|59H)bH_gqsdAP;FDYn9+CPpzlUa~je;{uxgz z>DdbDn|ifJgC&@1g* z?K=|tPY)*~L;r2x`D+b&zG*|Au;&+vnFP%yBayEAu8kmP6gB4gp&fyxj<*tPDbAqS zYZD%oAPG6;X$4(^mGlKZX*v$)q~s=$Tc~ZGcF^fkCr2!IlFZ@`g5LIYdK#1uq}|Z& zc)C1O+TYr{#BvXGG3oPt&jSY0{Y381s7y(cwK6ULr9JTK_4IlAJsk2L20RONgPtKz zj_!x}p=a203^9*9kKuI$?`DY(w_7GJ%7|y4u34I`8^rm*l+Ca)We#`->U`a(XAHhs zx=dZJ?y08%vwybkndcqmB~A&?OV2CMLioM*EYiL4jC&^F`__{neSF8Zf%)P2;8_l@ zWx71wN6#nEXU`YdRsvzlSI;-kch4G({8AwA>wl8Cd}5tsa~$LUlq}Y*lH+9etkC`P z{09DqwM}Q4riHrIB(8{|-cll`c~|MUf-J;h)v=?P?w#$$jY(Aij}qNiNrtx=(p=OJ z^&A`HndvQqmgUX%ZUoQqt_Nkx$NG8RPk8z@(AT2QN1hGf>sWgwX2}9?CA4zgCeR99 zk8F!>A-r(=CR8DPEBQ>u55I7e-F&fkD?F=Emk^Jopv#D~9CRD->5}KoCn!z}?@I3~ z?`rQ?JWmP1s)<*Dw~%NrXZGD9Z!sH#eNv#ZJbQo#?@4Z-uwgyT!ZJy93%bHfGw+(5nAHzSi&2 zt(5N9?b2=c?to>VZYQzt^6u3Y%LZ#Q*-`o@{;%{ED`~g)AUiTy=)oRD?)C2T?)M&m zbkKX4*baFQfgfP~aHA#p|7Q6&-#z0qjixJ)5Z|N!!jF2t*B|$u@ScR_2=G(h8shV9 zrk^}^EHHvPmjZvcf)^J)Jg=9%i(+q>IW_pO2vCJykyi{pU6x?&OIYpZjIWeMWZs|k zlW1>BrSz)2T;%_W_fQLK9q~A+uj&-d}i zwK@UE@09@wcxl*z#DCxE)1)1y<@#>Nyiv4y-1;6j}S^ml!u zF2c6Uc$}6;y)kc`Ma~odCPEV|mLxpoy#TZo@=X@UyJw|~usoKwc`xfOL2CD20lkXa z;e8@JrocVL+v%N9Ueh(}c1oIr*L5wrJKiquT}0pW-q1Zz+#+w!q1y$1-}}JZ4a;?D z4`{Eq57eo9$?5kBcmv*>%0aJBIpprM@?Gbo&9@t)x2p^=EM8cWtea%Xg?hTRrBnOjcoVDN%iv1)o zgVVYR*3!g(>wV{K!&CgJ55fKc_*XLLgEQW<>`bmtUOz9aivo@4KEvw^$?z342JAlO zVw^;L^M3cf=Kb&%V-=|dOe9u_H>peM62v}9;&4ilS>GlL{OhY~%KM90Z|derTXny^ zf4s|TkIHBHrn97hr~77uW)P%ZHwQeE$c#spFPq4>b#1yF-(1K&$_`zpZk{hi&iz~< zY4&^Q#RA_#-(8(jnk!!f>;k_F*ka!j$ai#0eT!6!iT^U+av*uW`#K@JtK|EXf}{V# zYF*)bpzGGHgy$+$rmXh$>IzsHBkwEn75hqvzJ`o!sc((1U$@rRrz`WV1HRt3!8f4W z=&K-Sz!3T}+dil(_YLbF>Nc}^DtwiYw)jH)t-fu(%jjPx#_b~MR~0PP#BV$34&NKz zPTww~V~+;k^3seF0>oeL*&F2t3Tn5nq%@6Yz^cdarxKui$*t#eHJ&JKZqe*h2dk zUDJQz2I))rT792%Uv)R(cgxr2d#U@ZYxi~dLS(&sn`xJ68-KNje%sdxUk$R{@pbv` zLSBTY_`!PK_dW1+`+9)>Exo=zUqAE#)StS=_95Rx-*eqC@p$B$)IIh+@s0RKi9Y6g z>PvB-`JNN)1)pVt=#a*FfL6ZwjqX5X&#!Tf*P@ezQG#5B-Dhqi+@F z%qQPx-z+`Whaye?1$YxTUH{cLTmQ}XokV5mfA})>S^7Ef`3a<2k)zLsJn5VA{URQ} zL6_ip=jrF_bM=1+Hra1|O21!vQJhb$psvYR zQn?EJPN;8IRq%_ErBL4|F99z_U21<=vl=nqMC+lg)xVXk(HBsKR1sB7l~ASB9IW*< z)F#+qrONc{AZ^rd&}SecGDu1!WmFMw9kre+*KZ&_g`L_AuT4}1=yWNkw&*ugl`}eS zjATVmTX*SS$+zh%sA^*0p)V9yBGXR&c705^h1yDOqqgd+^i@=;qMB+a``8|MZl`wZ zcThV?n|q;O6yCrb-bJZo`=H&H?uO-neh;;m+DA30_Urc(&jX+w@`ZH}(jn?FbyRf4M%amL%)ywo(sPoiSYHa4-jvY)n3*{Qsfw!X6HS&iXBdWU7v4XZVyp;_AnJe-Y6BL;#7iKVNX%5&~Kt* z|Dj%E&bH_o8Extr%K0yc-l=yHxeZ?Pk-eRA>vzJlgF1xgtmNFLc5ynXJCsM?Me^Vm zFZkbu?A430>h3`bh*#kIh|$_nM0_g!CM!sIEkLm@F;QjXl z<4OiV!}>wcqnK?&R0o-JF~mHiqWXybw|tno#l3VuH4ppY3Nd;YI^K$DirXVs)Ih`fMWS`0wfO>gTffycs(a)veF<&-XvjGjb213;YZH zi&&ql|0R4c@_X4k z=ij*P#QIuaVBhKA1$n2ePf&^d^l#bi-ve|n>TJxBa``?;`%$rrVKk=8em3U;|3Uw_ z9y^x*F!8|c3B1rg?RAXB*dW4=`)`X*06*zJ1zO`TVtu*Lcz&0v44L`WW@urh8-9o1N#yIGF8?gU5sbAP z@*h3pIZl3=^!UC0*#^u)zn}O9{4{tvkf7h^?-7DJ8u6aFOlbV>PN>06=Q^uN*P7_tqwh^55dMtHlwW5)Bc@V5W8s?+~Kc*j52 zkVnS9%YWB@&tJ^TrKGz^eATTr`RJ%UD|*({S=(4j5BiIVV zdw;h41LT#4kF3`x|0=_3!)IuNylzgbEK77;_yyWmV*lp@Mp8{^1B+>@nK2NjNdnS98^#Gc7(5$Ml?GX$20jWy6EvpC!S9i|C?{EPyED`Qn@e`^(*{N0 zAjzPFb+7oiLKQe`s14KwP6u8|&IHZ|)B#PP0XCJPF>uD9CRwN0b$K3mQ{Y12BAfZ5 zVZP#0;G(<^xrcZc4Cf7(175kta1j3~9cxQ=CGc%#MKgW#lWbSn=xc$?hUUOkVAlgJ zz^)r^1X>J^z%@g&!5MG`t{5)C<|f_^B$CPTPw~KVSJ8`myBCrd9xj6~KpCijKj4EV zlV4H>0;_}$L%`rM&;hsMhGDbaX$S?{$q3+1MRGG43vh}=0>80(qJdbTQ67gSVn_s% z;7wS+sX%MsX5bd_9~B1;ZIJHD+XGQUx1uAkPkK8*8$zUy;hCOx!skw)i}4KH3)}~f z5nGBqJ#NZc4JjZG0&zn(toU1aEkl{o6X-DX2KoYBhTDezz(8OS_94`VsJ9Hmfk%PI zfhUkh0&U1J3TZ6xG;qi8Ebtt1!q8jSZb*{WIze9mdx^@F2ZmRH4m|%|;I9L30{0B# zu-rHF7$#T`oV<|U1>S>x2y`31$v*}@5nHd}m+Gxzh~(`j^fMdt1-#Gj0OL1kcxd<* z_#XHX7%+SdJb~A+;b&knFctU}_#OBYcx1R~m__46q#qkbU`>ZS8x>Ds$e`yy%0$hg zZ(;`>BW>VDPwYALTzU*=C3Z+&HvcKH&7*T+^T4+TZ98C{Pd|gjjlFIGEytT%Cs|6) znhLTe7SgerMf7XKOZYrDG;kNw_eF0=rdOaZ4DUdf&~FVBhH-)}rI#W9d&6=%kItt* z7-;bd`Xel#QCHHRKv&VL=>qxzIS~u#d`S`M>sLcDT|$@AXJu>XFNU>r8PIQrb+lK( zm#oK{_)fCp_b$2(J>3B7MiPgweqxyfoic2qe}SLCeEDtILR#Qrt>-X%p|PC)tlS{@ zW7ter(3SLT;|o0dYCP!{dWm8yy^XG-kBQQa)pWOTqu`{F!}BT9jN9oQXl1>mRQX-7 zleD*sZFM(&O87{+ht4!UQ4I?A(pkn*jAxFK8EwoNkpq3+NAIT((Ama=^dUM&6ya}> zWEkff57U))#%GRkEB`1x-?-Sw;~zuT<0Nyg@dWru`V_s~xW&$)H6uUD9gE+xTwD3Zqb>p&RIR#%<_tsc|*2H`3=}#~P=Ljg!JhHLHwkjO&f% zfrnY6?7)lG}YZxs`=Ed-0wJB?e7yJqY$I!;#;ErIAH$$&ADr|4F? zL%73ulddxEHf|#xYel!{HsXzGyrT#leU%NIXKIOMpeeW5zJSmIkx2?v@3Y2QPu=!J058VabP- z0zZnKd_{02$utlBziDhGaZHOiCkT!`I>-^<0$u>UFxUpEDA*4AoLdZ}Bv=}}gE3zd z?D$vgZR6VD0p&4OS#Vu&eQ>)f5BG!$L6@;dc*nRQxDj!if_IHqgyq4_!HVF0NoDY! zaZ7M(aI;`ruwQxK_<-c@yxEcKl@oe2|SDU^x@Xlp$6RV&8iRd6?A$ibuxdL6PJ!^b?3b ziTZ@K;r0#fk7~?V6C5>;7#&hh@TqYQGCX5Fo*VOPUqI%<59`|a+W5+NLCy>Q#BH;% z_6lYTpI8{{IEm@Td&t4VJ&uX47{-Eu|np+reE6=-d+F8IxOI(R1d$@tay z0p6dDb8vc`4fc{9?sv^c(#L=Ds)L%~4`V~{r?D}3J{Z7LH6c%scOiHYe2%F=eu-qq zmxb^$q!6!7ysoxI`Q6wfzQS7m$;L=mgV%!1uvGIVjn~0jP;U^=Uq%PvPS7dR4;RsY z8{NSt2{X0JuOf&h3PaycmNJH9zw{=31VG0Iko3;w7F;7Fp z{!i30Q#cr5v20V0DH@CgZWG)j(sH1SO`VYMpq^B81^LP>#a+mYV7V7uYFa|_<6Kte zu@dgVu;)X25X_Tw2Uie$6=;#E2bR^Qm8K$j0rWysAN2m93p+uXsn|3S?1f%p8VnAB zm%^g~J$?vzIJnld#7+SzIf^RBA5L3%E(GTj!w z4^~5V)P4wlgvWN%W5qD{Q}AHOHiVik2byrzrpsmd=Kt0RS9;QI`PJjBbF&Y zg1b#WgY6Q9Jj&l?%8*R{%YP5?nF{_2{to^LPGYW*5@KjtC>?w@kr_P$(mvB((*eZH z3GD|xXvze3*pwAI1nn+2J9Gs6sOcDJPRJ=}$7q}|Wnv!9g`b#n(sT+I{JjfWZm7mI zKeQmU5b~nXVo>bTpi4u`LZ7f=Ii}?V%L{Q4lMi_X>dMe5#j4P1NVhP@_@;tTA>^V^ zaVVSXswoMThSr4EhIl5SsZw4RS}R@`>f@{rWhyto3-2d%fIrOJ6cU)qLvJ{nLlp#N zEclg@Tlp_-8pB%&NjOr|8`UGpR#?|!_tBWPh59*X(WlcUiK!|iGF6AfrtP7p!U>*A zx&vN2L-(=TcR|{Xx()L}Zj!-&PiQanI+Maw3vFL$KePj(UG{rQm1%&Z=AJPf3LOrq zO-DjUVZr+*JImjmpogYr({)7R&4#YkoCuu^oq}IYh!gSzdaYMWiKXlb3 z2wgBWnS`N6Q-kT4R1}($Tr!CfB?(DM8y68N3&}%@&=p8ZU}DJ*(yl608!F*kHr0iy z1(DFP(CN^b(Akh=X6-VqO_$v>w}!vSKU_^(p^-a?I>^xwy@lg9H9*>9KM&f3dLh(e zx)}1oCv2iX@w;ruOE`Xq4Jl1mLRUj>=+{Ecp&O>_p_b5%&^@lx6awaA{Tv}@C}MJj z9Hz5!cc_!Jgn5KH$dmx_BsdxV-W1wwQvh&&HD zAAkz0H&eB@y?)lnNzTpH}E8 z6O9>jGt^G7TcMk#EM=!@q^1qFcGMW~4sfR2X8E+%1o>h-b*4YPWbb681(4o^#zW1*3D!P9zS-6z$J@|LM1CO8#rVF1$NSKS z&`07q1pE`E&mk2?-~c;Ee~6x&zJ}hIWRh>8@1Yl_AECFVpYS?_o$sA#GBg$1sd{S4 z=l%-4M*Q#4gsB}&*3J%Rgy)1ap?@Z^S;U?b zo*SMt&4c{Ol*BHU8=g<_`=$kiGdUJQT79<=ez;elD9DhwOc5bz^u_xIDZ$ToJAeZwdc0 zZDn(Bscn?W6o=tI7dfi_qeVOsu#78OL6W$wMV9qq}3ul}6 zhYt|+V0ei+3o(bn^GJ`RoWtSgSSh*Yh2|shI2t|%dK`6*`9ye*~@$Y zr_^*i|4HA%<0+@gTy5?o8L+#7S0YD&unW>%)O)D+QK!oTNL$RMn8DrQo^Wq?t9hGw zAN>1(?=bH+_k$0F2g5_*?dFH!;qarGNZjGVPr@V6N5ebKW8q!q0j$P7h%Lcxu#;a( zcFw2aXYkl>eh&HqwTSyNe8l_;(gE{f^J{SIP+?j=4rv1QAbH+H<_(G=`B5UX9VP6y zgl~Qqt}(w4e+Z9b9iN0pj`EcGWB60}xcPJVgqdp=n7<$o&-^v~E&M&qF&{Jk2>&GQ z;6@>x49gL775mFn_!rRMsDDtU(``j$Gi|0t(j!>6kql5FLB*hRBAF41IV+MK$%%-} zb78}M3^bQWct)IqD{5=a^CNXLnHnJF06$}15Ye#cLij7q3iBfHM)TsxlE^Tg=Paz} zSr4^&DQwFk%Rx^Ab7NFh#FhtyDK%u@xn$0dtca|Ptct9T6hsPPD~c3HR+00mgm{*M zu0dTJDT}Nl2ot?Na?!j2+6D7Q7Td(~7IS%IbEG128Ld?UbAWGQZ5VTv8~RoA*2uQV zHFFigZvb(bo#yJu_Q;ON6=;|Nurxyo6Kz*yH}TvP*$cjp$onHc*bYPvMh+33iNbw2 zas=8@R1d7jB3|=xVx`SN^NC0f_hh6LD+ue#dO9gyjAI&uc`*+|l?CYUCY zB3`ZLhR7{*BkRZKpO3Vgn<8!I3z3D`oi0W$MJ`9KM79eqX|EEWYmpA~HdvY?*CQ*q zEs@*i8<8rGBhoMGG&>`%$PU3B^JtBm%~zoCK^v3Z18y7@ieakB5k;e&CDBqLAEsmMdYH`S^h2nc{`HD-y%63g-zvJ?3{KpZdPzK9o5NxaRut|!kyk+8qV`43<4ndK2J$;|e`Fvs7~x|NnydT(WGM0w{T_}y ziaZ8StN&&G1ayQv3lsI(JQ^8`Jca(n{1ukz@+|T^@`CuhjQj*TX?_)X9r;1*Z-9?S zzL_T?AI;y*ZzJ!B-+Mx*%#;mxDCn9~0e2IL8^vC>!_uKp}@;&k+l4e1B zOhuV(`3Y;fWipasnS!)P^eZyQ@*7en@%R&&6-|q#N3$#ujKD68UpB#;6zk+Umf6v{ zmTQ;=8By#@yg8uYmdt2YlqW2a=fZO(fMqvxzU9d6>=@GtV7mC1YK;I z55Far``iW5h0#UP#UyGeY)hicK$lzc*l4De|5@3Fcd#_NEV?|J7tKe8e8jALEnk~ zm%zVCwk}$1Ssy)RU&P-S-4rdde3#^soud@iHJ0+|plCCqDxv~@Wpu4&3!8bKa%*&3 z^a-+50Z}62t8$a1I$CC_A-AFRVzG2cv?IC`)?Lwc$h8~Np6Eu)-smRFJ~qq#=mAI( zK|->@axnT(RH!%VUc4b;&@6QGEGXTXqj>^XAHa21(`n@h;m4LG)hNnAicm%S6~T}HjhH*TZEv^ ze6D4uAQbHthNF?F$g+E8|B=F~K*hLOmMLN+E>5VJpxE=EjgT3Xgd``Z(vpg{MsG%M zMcaV2M^6(}W$B96S!#*g5f#}xVLJoODZCR^Th3Z)uv6WQHV`}ZIao1+@LbbHV`;S9 z2X@}FmKQhv#4|U+^Fj0-zdPDPe0!r8EPYY2{i3BGdZBP2I!JIPzDqq6y<~Y9y=)nd zE=KGX%T>#x=;P=$(pt0SI`|WKk3>gjV%UcN5Bpz^z+CBA^l7w(jN`ND^QZ&T4WePT zMK8);MxB;d(Ol*0s0*mu@+RuBjAM)^qHm*KAn&5@qo1NfvJb#MvSa^9*^e zEK%U;KxW4>Vlm=_8ElyYBr}#3%jLer>g6cL1iNqwX9L9@Pw|A)C2zHKb9==pOS`2` z`V{x%Tb4GOIb*upNzU6^sx8RM@^nS}A zsLcM*@(BE~Wi5P}QpWOW?f(n3PrNR6SNH_IT#vq0aW}+9EE^#yC8NN`EIf>j+`fS9 zJ^%D~6Fi<;%0V~Bd}J@KfV>Z3CC}3EPsZ4)1@j_9otUOj~H=$?Lk&z z$Hoa7+ePr*gzkx5$4Rso@;=o4v6q$uF%hH}$aE0=Imvh^b~ttDbKg*h7 zO|$;7T#uz&TVgk2j@WEAmoqk(mF9rEV(yqH=8X-Av#h=t70a<^&a~+#c>^&TJQxeb z!m(V~mSC;SBR-K>G!~1^pYdN{jmHwP#nweY7NRC&ORY=5zcIg{%}T|VTU%qxta;X( zY`^oZw_wy${sC(or{V=7un|%fD*jp& zdjtDsYo+zMqTD(jn~1%QRlu^%y2ZMP_b#^8`abpn9v@LZ#j35JV_#x>warm9BYKw_F5Oq z4p`Hn&yHur=fpGPS&$D}vq711$eI(M8|P!^&EOxl9i%}%q*ZJ@Wt}aZD=sEqgG=H|<2BZ0@a|RgNHysB@_4p1 zFPj?6!jenEzttzy*L{=6TSgS-zYHctWYMN~}`rMqusIO`szZm83j=S++SY zw(h`=QUMHqBeGV;mDUT^E3(5<8Cv@zt(M8HwbsMpE%8(GPU%*7CB!Ogi=;`SuwJQ2 zWB;w;Y3sIlReU?FJK{UzqmpV!%S4;RyW+d!XRT+fd*bhF)TH+dupeKt?uGrKj3?d~ z-yh$D9pDFgaM7BlD&ic7_bWy@4c12Md25q3C`*?g?SJUOAf`aLYHwi zOAg0xV5Ih{j>PNi*R1o%nm87(mGldnt;f;A4fvgipAcQQ&XwdyPR5_%zI$8c1o}zt zwz{ki>v2O5_Y^#Z)|$B2>alX-Txh(w&&rSIv-ev8V~>mCVsHuSbdknoad~_cZ7SmP zv13rkI!I0f#_qQ&;{mHGUK_8A)7H~*K%{q!?Mz(F=(FCSH=1}uyb;>@coXOz%#E|) zE7?)K4jFqW=*9S@_+{{j^-BC|{IvZVU$ucVB~8{I?}#U@x8n)KcgC?Z#=Ai8#_xgNk3RtYTe?}fC*B+HmZhxA zMI*v}a*4E$;Gcy3aXwDDR_j3grgbnr6o1J2Gx5Xm1L9lONAWha@)&r#RfIQ|CwemD zbKBZs9f|M7sLBMz!qNCx{OODh`((V!`W*U;_{;c7>{oZJui~A^^;+^8=zIQ~cv3tb zpNPMO=8(T*BUixlJ&`}e@51{D^pDU#p+2zQvwn_$iGPjXw|_{m`wrzV_|8k@!gqe+yuHc3D6u%P1R7IDtfSVY zke8t@Pdu^afj_n8Csq*q%EYR~C3^wn!o(H4#p1*h*&58C%l4Pn(!`p?GwTcMT3E}7 zH~uATVtrx^El-yXiH(U(iE`LBC$`ua>^W=|iOR$l;=eU9uG*HUN(}L<6At@T-NKmkJcOT_*-6Ek0x5|->h=Z@x+P5 zD|nquoJw5BZZ~1ANsNe`c5Z^l_7JzBgdibI?8AF!iYOsYxa}Uh40d@!kx(W!C{>AP zWJRpQTM3bsIlI0tahhZ}lQ>Iwu0);qf|lM{KU+14q_QF5mwvT=0)pS26X)61ni3Zv zx$KvSei?Kg?ps%gc9l^4?Ktt%+MM`dy`E@E+(Ft3-PJ8~D7&yVybA$9Q5Q@fJwG^j%_}?WX+$(XiSMAf{2z(Awx5Ys`xLZaiQfqa{|_WmlK5+aEiE}JN>9#CW+dl8|64L4 zXCu9)_>tt9+!i>smK*$R?{$u@g&a;2>#S(;pvT$?N-UMp<57>9L4UTj-p zTW(uVtD@ z?Ic>UZC7$Pi|4xECY$k=L#nhXK$S^VvNpNZR+l_YtlQ8|73mj~cZaRow$rv7`YzP7 z$ulz<*k=C^`~Tqx1f=SuX68*dKzfOpwZ}GJ(n!#~w)4r9VxMg;w<&occ`>;fH|lAG72D>OtEfP^Mf;UQS*~9=2Ug4sdsH4+?zpYssUwBerH_x}I!F9%KFR#g8mE zfI3JUCvDE;3EOd-D|yQ1CJ27HA-Ly_(w(e@mw?<`|MvNet zvlq25*`FLBnOYTUTZ2twYeeK=au#Q|_^fDoC)1H1eNeqgjwdIQ*K94;x5=w)Ki(xD*jsGPw(GVJ z$s52Nwh5Kf=CXZEwu^)0n-Di<@k`vYaMxG8<>ZSV;%U9MPf3qWCiL0dBu|#`GwA_s zyKcq_m+Y(imQ;!Tw(rRw$)Ch>LG_WGl}w(woXO-UR-oXoB0=AeffgZ$BqogNELQ}Tcsf^TV$(+;} z$(xzVN@b^7iOsLfN#RyPWF`mZg>7ysr?wkoHC+~I+Fr!lPe0^Uso5CW)v1D1VQRoOY%59)*@|H;NtLD^!j3Nk?x5`vk=6iz z45_UKw|d(M!5ELVsj}3%)HBig)CPEr0^gY0lvPy?6)ZWx9+rHFm+y2yn)EnEu)S=X2SdOHQ zf(~(yf#Mgz)QQwdNZi!8?Nq7;5+}tY7Cxbj&)+g(OP33P3RCZFL5?W((e}Y6PDy}B zQ?uC_5l8QDDQIaU*4kmgDUmF-A7d?t&u5!5rAmFWm8xEGAIOJgwZQ69XT@DAMQR_$ z@-*}_sAp5(@WkrWSKH;32KsbqNR=y_WsRxxsU~0-QWsNOIhP=Pw|ybwvrWNO{jgn` z@yB1eApf*oBS>><%JxRGkGr2c3GeHvmeh^ZYp#p$NDbNFa9t^Ps))?r5i(EluN+cd z#67fAsbTaCU)`x+wgAcW+xEvc>m0tV&ZU9=zfn}!$7Y|S(RwfyN@bi2r{<8BBS13G zMN={Gcq&19hp%VCQ>pB8S?5|)Iqo~K@(fky;I{=v?W!x2boC zC_Gnut^~;Y)EdwP??dV%&`+t)pkGp7Q{ULE)4l!QOFs+Oo+~?d1Z(9xTK$n4vH$#6 z>+8-UV0dbX@l5uWxHwEB20a>7cVw)p$o4t(}tHoOf7_ z?|E~8{ZnMp%5xuhnXOr^?>P)waW1%!J8 z=e7c0)Vl3l75L)TCB(M<+*0srAj?{px9-6V*l{keHNSPm|Ha)~N4KqQ{i12(GBdYH z8ka$7%FJ9_l5I&A*p^XXi|sNqGjnUF-DPHGX2xCGWoC-6lC!@v&imfI=l%D_cdo`* zFz1?UX=z!~vXeP~zi8usj-u~I(ek=g@$QY73ek#D9GsT@Tvf^*q3J*ED(i9;Jtakx zqbb>KRikUN|I5%!w@Hl}b=`#QC$*Yhs~)WpZO+upw#%BU{>IU*S~0bwEt%F#ooEYP zs+HYZH(D=RKiZBtkiBc9W$PM5+cN3V4%z2k*1f%6Hq`YUv*k{D-i7I$UDw};On0W+ z-}Qf-=l{=~(C>~$`pganKaYo=Ft|>mU>yCTPr!_#yIyyzoOy?-bbcsR?%yf-*i*}E;>v>RLl^)SUdTwE?OfTKu#vqI- zYL21|s7p|Eip9>r(Og!X!Su6`j3sJ~5{yl6qjVXGqR}CGiRrREibshk8Kt5_qC=xY zb?va|a9uwlIx;#cI$E!d(bHHxWgX-6au_o{I-HphotUi~!A#Q2k<2K)=V)efbPO|= z8OMxgrs&$K(Fx2%U0>2MiJ2Ci9-X11la1s^>91Wkgp* zS4RJcu8JD6|AKlXv^qMAIjpbP+UUCIdfno`jt$X`+0q+e&}?MAtLx zn6=DpU7n`z0C%EyqY1Gbv8=P@)bqsH34K*^>9w8u_*?a~joHNPU~vzgh*Y+&-~cKKrkVg+NnnL>KKu%7hyJ5wZ9G`5%7!xW1ZkClj(jFrmP*Rbwl zE_K<@l#U(L$JKX(SlL)Py~WgR4O6Uw#EsS&Fms~M{ms~tOIq*wyS7 z{a(y2FX=h1-!&JRslCQ@&Fb4R)=9VT9P1M6`Y&hg7Hi+Ld#q>dHgikwag*s4GsUhk zJz{qlbL_6J0sqC;z$UW#J1qwPQ*)|1ODmFx~4gKes!(zkr`iNLw-7*h5GFv|?HagZKd*2%q z8>?%^#m2`b#3t&sf`5;fH4puleYSO>f9eXelVkbVDY|xQ?6Q6}(_%&Rwgb@gY`YTd zj95vwI6E_2nx*H(*fQ+wSW(@k6gx+k=f>t`w`Gl8`tMQ8vGZdKVhdx7^p>*h;=kLM z#FoaE{nK`NtO6U=rI?;F^i+{u5v#q^R@K=WdU-H*NY~Y7YqAyeeWVt9ICc&>lD!5; z^}G&yEVk?KUm*G$Jyw^c^e68`tR4&KeNV>H*i*67u`}8BXJhAL=d)||*`7Vu*xK8! z;ri3$z_ahttd$$5KQ9+_i;LM-mtyH`{q7CfMr>pDY{;sAUQO7`*)5x$yYxPXz@}_- zwi$aR)*^ep`c4pQsn@Q>TKz3wkKKsfjJ0NO#cs#$=snx8cVlhYc5FgMd)=Y~+mY?0 zmpL-B&Yd$OF}u{CRJIFi_`9y}4sfoF+!=W?@@DMmkuRegn?Iv~-c~T9P)6auZHi>n z0lTwB|CWmVT^7$Mk~Q_&Be_n z%q7jG%%#m0&6Ui_=Bnlz=9=a@=DOy3<}`DHoMJ!Gh^n=yg6hR%(7WAht0jseawB${mcW+L(D_X!^|Vi zqs*htR@fKJ_vwmU;{86YzQ_28-q>2 zreHI$1=tE~1GWX*f$hPLU?;FM*bVFs_5gcyT;05p^cnQ1=UIDLy*TEa$P4G5&2fPd31Mh=>f)Bul;3M!c_yl|gJ_lcbFTuCq zJMcaD0sI7h0l$LZ!0+G>@E7N9$$_M3#3POdT!cY;YC{zq8 z0hNSGL8YNGP+6!PR354TRfH-*m7yw75|jc}g;F6SR1K;Q)qrY3wV>Ki9jGo;52_CV zP#V+#N{1RkjiAO*6R0WF3~COwfLcPWpw>`(s0-8`>Is=3GXz2~WPwl!gX|CiQIG?2 zLN17gJdhXiLjj0|I7oyPs2?;48Vn7GMnI#W(a<<(JTwWK3{8QiLerrc&>UzUv=CYZ zErymt%b^Tt1+)_S16l>Gh1Nk^pdHXoXcx2(+7BIs4nc>ZqtFTH6m%9k2VHKV&@1Q-^d9;EeS*G1nUDd_1?Phc zzy;wVa8bAfToNt?SA;9WRp4Ye1+EGk;c9SoxE5Rot`Dcd4d8}wBe*5p8tw>pf;+=q z;I42txCd;4%`gmGU>l6W7;J}en1CtR3A+ntZ7JM7N1K)-3!GFRJ;D_)d_zCnl5S~eX=G_^X<}(=X=!O?X=`b3 z>1gR}>0#+<>16>eRtsjaTL=qf@mUxPX9-$D7R3^=^tJT246qEe46+Qd47CimjJAxi zjI&I#Otwt1Otnn2Ot;Li%(Be3%(cw7EU+xHEU_%LL@g^Ut1PQ6Ybn$5B8!ekG zn=M-`TP@oyJ1jdbyDWPwdoBAc2P}szM=VDz$1KM!=Pc(f7c7@7mn~N+TPmH+R56*+RfV2+RJLPnyru(w^CMz)oFEEX{*QTvj(iJm9z5JpfzL_tfE!2 zYSzBie%3+O!PcSH;ntDX(bh56vDR_ciPovs>DJlSIo1W%Mb^dECDx_ZW!9K=oppnC zlXa_gn{~T&r*)Tgk9D6_kCn2XvYxhHv)-`Yw*F~-V0~zPWPNOXX?zwdRjb+L7|^|1A{ z^|G04W*cOKZ5Er=hT1Tj-GTY5Qf1+j1g_hylrkgzkuFGAq?`VKs~(6M0TBp+5es5N5ClgEghCvM z6LBFl;z4|f9|<5KL_kDDLKH+rG$f4lM*1Lqk$%WPWDqhK8G;N&h9Sd|5y)s{3^EoO zhm1!iAQO=($W&w+G6R{3%tB@(bC9{nJY+ty09lAELKY)Skfq2nB#Ok43}gke68QsJ zg{(%_AZw9z$OdF1vI*IYY(aE}17ruX6WN9AM)o56kp0L3cQ_xh@h*m?ZqqWgAv;o=>ZG<*Po1jh6mS`)q4cZRvfObSXp`FpLXg9P63ZoX( zirP>F#ZWuyMm?wx4WL0(KqXX06;wmRXdkpM+7BIw4nhZ`L(rk z(JAOubOt&TorTUu=b&@ZdFTRkA-V`%jKu=xy{4dJlboK13g(Ptd>6 zr|2{EIr;*9iM~SLpzqN4=m+#8`WgL#eno$xztBuHj^@A;F$0zh%Zug1@?!OEU^TJYSRJe`Ru8L>rC|-QbgUuP z7;Azx#hPKwu@+cMtQFQ8YlF4L+F|Xn4p=9wGu8#`igm-fV?8hvX2w7a#w?f(LogJx zV>m`&r0yZ?#9SDSxiJss#r#+RV=xxuun;C-A|_!nreG?jVPPzS^~U;OeX)L6e{29Y z5F3mQ!$x4Eu+i8UY#cTon}AKkCSjAYDcDqO1~wC$h0Vt1VDqsB*g|XxwiH{2Eyto* z49mb)V5_jz*cxmtwhmj5ZNN5So3PE;7HliF4cm_Gz;*%b_u(TUBRwl*RdPeP3#tS8@q$u#qMGEu|Kf~*hB0Q z_5}M2dx|~7o?|bt*VtR^J@x_ngnh=oV&AYI*iY;i_8ZH@;#h(`hdt4r%bwew*PhRw z-(J98&|cVH)LzV9++M<7#$MK5!CuK;*`8!iwx`&u+N;@X*z4E4vdebG9=7+k_p|r653moi54I1nkF<}qkGD^-PqI(8Pq9z6&#=$5&#}+5&$lnI zFSIYVFR?GRFSBRZSJ>Cs*V;GOH`+Jbx7fGZx7oMbci4B?_t^K^_uCKH584me58IE} zkJ^vhPuNe|&)Cn}&)Lu0uiCHKZ`yC$@7eF$|Fl1_KeRu#|7Cw_e{O$ae`$Yhe`9}Z ze`kMh|6u=U|78Dc|6>1Y|7QPT|7HJe&$K7tIr02>0lW}i7%zes#f#%5@ltqcybN9r zFOOHiE8&&#WIP2=#jD}f@fvt7yf$73uZ!2i>*D~PjyJ-a;7##ncyqi3-U@Gxx53-t z?ePwHN4yi>1@DUYzy7(N^yfse#T;iK^}_*i@#J|3Td zPsAtTlkq9|RD3!<1D}b{!e`@i@VWQ`d?CIFUyLuom*UIt<#-g2;TiY}d?o$|z8YVH zuf^Bl>+ucvMtlpt4d0IM#CPGl@jdund_R5wKa3y2kK)Jhckz4pef%N*7=MC4#h>9X@K^Y2{0;sVe}{j-KjNS8&-fSoEB+1t zj{m@a;=l0UcqSgl6Nnr{P9l*o5V?rlL>?k9k)J3)6eJ1}g^40WQKA@8oG3w*BuWuw ziE>1Fq5@Hos6iG!G$I-k zO^IeibD{;&l4wP=CfX3~i1tJWq9f6X=uC7Wx)R-p?nDowC((;A5oQ7=5W+#Y2$~2G z48ap2LLfv!Av7XF^d|ZceTn|W0Adg^m>5QkBE}IDiAls1Vk$9>m_f`U785IomBb&! z8e%Q6j#y7@BsLM-iCx5QVh?eEI7l2OP7o)FQ^aZFEOCxFPh2Ff5Lbz7#C75Zag(@3 z+$Qc2e-aOgN5o&mQ{p-Cf_O>1B3=`3iTA_@;v?~i_)L5uz7oHQOd^5INhXrH$UJ0T zvH)3-EJPM2i;~635@Z>&99e;^OjaS2$YioAS&ghg)+B3@waL0<|`H*}>J|&-%FUeQr8}cprp8P<5BtMa# z$uHzr@*DY`{6YRAf0LPHoJ^o{PzEX&m6ys#<);cz1*t+*5vnLvj4Do*ph{6?sIpW! zsytPZszgsU}oYsu|UsYC*N6+E8t& zc2s++1J#l0M0KXRQr)Otl!-D^AO%q{WudH;jY24tvQs!kQVz;VxhR@)Qy$7o`6xdX zpcsmyLX<#BluRjNP2rG`@@sFBntYBV*58cU6% z##0lhiPR)&GBt&oN=>7tQ!}WU)GTT?HHVr<&8HSni>Sra5^5>6j9N}bsTh?(t)Ny? ze^9Ha)zlhlEwzqXPi>$!Qk$sF)D~(hwT;?A?WA^5yQw|YUTPn;pE^Jtqz+MssUy@e z>Ns_RI;nHkpQg@G=cx141?nPoiMmW((b?y(QP-&()J^IZb%(l7{YgEd9#b!_~A`b!4%P z*KpKy)N<5z)Ny3-f;Vua>ulhS9E}~#9L*iA9c>(K9qk+)9Gx9q99vmcSLm_;6EIz9IG8`9P1qG zb++D(j!lj&j$Mx3jy*c}?taGs$3e#-$6?12$5F>I$8pCA$LVYy+H;Qcjth<}j;oIA zjvJ1fjx2`PyN-K~`;I>y4;&92j~tI3PaJLe9d@qR!&Zk~))WIcIriMQ0^vWoNQ8#aY#v>a5|c z?X2Uh=LDP$oaxSn&PF=3W)o*qXA5U5XKQC0XFF$mX9s6TXD4T8odvS1vzyKp*~8h> z*~@8inw^l->a;s?C*dTW4yV)Ua(bLTXTZrgd8gnMor+U)hMf^-A7?-3K<6OmVCQh1 zy>Oy)l5?_is?H8L!#T@2&pF?@P-p2|>|EkprgQE^oiS&I&WD%9gSW=H-nqe<#a6f3 zxy8B7xx=|rXPDdV+~?fyJm5U&Jmfs?JmEa$JncN^ysWd6U3K1a-ge$`-gDk}K6E~E zK5_o#eCB-aeC2%WeCPb&{OJ7T{NnuT{OD}b9Uu(70~&)in@xqO1R4C{8;5( zm0eX_DXyxnR978WT~|F9pmRty&^e_Vx*EHhxSG0}xthDO_?_CiI=VW!I=ggMCs#L} zt*NKWamBpNdxd<2Oa=4r>my34!Tz;3}l3j{RbA?^KU4vXhTti*MTq9kh zT%%oMT;p8hU6Wk@;4qr*n(3PDn&X=5THspbTIyQnin?Mtzt118RXVTE2G?fSR@XMy zcGpgw>t?TOpKHJCfa{>^kn6DPi0ioPgzKd1jO(oHoa?;ng6op&vg?Y@e{$V*({Trv_a=3$wTMY89)lsMd@O6 zak>Ouk}ge`q07?cbdHURbS1hnolK|DMxEuOCS8lJL)WG2(e>#p#)t-VI^B?NL^r0J z=&TOSbY6!RbW5Fmp|#G#(2j0Tcc44co#@VV7rL9yx6q3=(;yAg7TQW9bQTAKoyKWG zXEbooPTED&w1@W6KH5*SG)MDvkPguTEz&Zr&?>Fb5xNiEm+nXRrw7mj=|S{hdI&vK zXE+#6kDy1=qv+A}7m|j9J z)v@@O(@`DyK10XzUrn#2*U{_g4fIBOla9N;h2BbUqj%6db>#fr^d3437ykf#kUmTw zp^xfF^~dRx^cfwQ{v3UtzCd55uhQ4(>+}u!CVh*(P2ZvK()Z~5^q=$t`XT*@eoQ~1 zpVH6h=kyEuCH;ziO~0Yv((mZ^^auJQ{fYiUf2F_C-{~LpPx=@Ao6e*Y+&SDi-HC34 zJC{3;JDx0e70afxD5rvAe0enY+2W zg}bFY3)edf;~PoZ0v2j8+Vg#%I$DF-7YuncDuc9pPO;ZZpE#+!|vYhKJI?* z{_cV9q1m|6BXzXs(e5$XXwVbgliZWtQ`|G$b9Ll)XMfX+rUH3irpY8|l$L<&Im+p7&5AM(I zZ|?8zAMT&-1W%&J;K}95?a8mB$QJYz@)YqD)zM%}cuIOodCGXo>L{-jJy|%dH9c8K ztMxp9C(V=YY3OO>Y3ym@Y3gaAbI5bpbJTO(b3(@(JncE-x#-D4|GTQ=0N(K2^xX2?_T2H@_1yP7^gQ-F@%-g^ z>UrjQ>3QXO<9X|O=Xvk>==tpV>iO>Z;rZ$L<;nCUdJQ_dULJ2=Z$58+Zy|4CZ!vFi zZz*qS9pkR7j%HWhn}s`<;;rgU^%}j^y*0cwy|umdyjgf^S$J&e-bUWWI-Xin9c`+G zx23nWx2?Cmw}XyX)*Y0h&0f$8c`aU>7xAKAyBGHoUeZf>onDuh_PV_uuh;AI z`n`;o^YY%HSMZ8n$t!ymujeG+&juU#yi$K&O6>a z!8_4A$vauc=$h`G;hpWBqoZlf_b%`*^e)yBu$Fq4d6#=*-VE;w?@I3~?`j=gYNL0P zce8hkcbj*ocei)1cb|?0bJ?TB=J?%Z?J+C7vUDh#^uIeaAH@&yK zx4n0~cfI$$e|jHyA9S^PG6$W;LGL9?aSlK>&x#e;4A1Wz3dz7$_oU#hQ~uez^>ucoh-ua2*-5Adb=8u-$EO?=IL zEq$$gZGG*0?RDIlj=s*mE;<5D7BY;<2l`;2#b?z~TQDE)BYjSv%SZdXKA$h(V|=WS z^M!nZPxQ$?)fe_fe0_XeFJ<0eS>_1eM5BAmSMi(z7f8WzEQp`)Rl3*iM~m` z$-Zg68NQjmS-v^GdA=-MjwQZjzU96Q9bsdYj(o9B$Fs=7uh`<->f7equ47j0^6mER z^X>N?@E!6U_nq*a)bSL~`Y!k`>gWbnd{=ecf}1)X!EN6i-(BB5-+kW$-y`2+-wWSM z-v{4E-zVQ^-#6cP-%sB!-)~>0FYe3XH~4e;^Z4`n^Z5(-3+Y$^#dM5-(*833vi|b^ z3VP&zWq-0i#a~sAtFPv->96Il?XRQ9$OHZc{&as6e^Y-me{+8ee=C0*JyyNFzoWmC zzq7xKzpKBSzq`Me-;^Ddjrr|2b_6{4@P?{B!;D{PX<_ z{EPgH{Y(5y{mcBz{ZW6+pP|RauJW(;uko+dBUU%~H|jB}oBdf4soVWK{JZ?S{d@d- z{aJCN2mOcqhy6$N7|>(>oH*U0)QUH zl^$rU$8j|cGz+u{wA7<>+63AKItDrgy66!!Jp#S-=oo9j7C`lg5_As`2|KqSy7&^OR8&_6Ixk1QD$7#$a|84B*oY;1bVM|ep+_-f#Vl+LYzk}%>U~Q-RZgGl8>#bAhXYYk}*5+kyLm2Z2X{$AP~BPXo^aF9I(EuLExa9|E5PUjknP z-vZwQKLS4kzXF+o9869okufm2nLM(VgEFa)3|KEm8Bc?IaoN2+dVY)Cqm|l!o_b5deRQC|IGdM#qBttO{#>sF@ zkO?sYBQg>rGYX?JVWtn$m+8m!X9h3>nL*58W(YHk8NrNZ{>$4l%g=KXGe!5-oW{&x zW-_ywIm}!p%Ud$bKXMVXm|4OsWtKBhCZ_u-u3}a*Yjm%~jk>4d7G@i>UH3QK$?Rfw z>mG!AnSIQD<{)#JIl>%ejxooX6S^nc8Ri^wp1HtWWG*vTm}|^+<|cESxx?IL?lJe7 z2h2m}G4q7^i+RdCW1cfFn3v2e<~8${`M`W+J~3aIugo{*C-a-hWa3N$n^X5FGqAbY zJZxSzADf>o$QEIXu_f4&Y$>+1?u%8HEytE;E3g&WN^E5|nN4Avy{wN7unfzx92;aqtjJ2N!m6yshS><)kL}M6WCyW>*`e%k zb|gEF9nVf+C$W>+DeP2s8athx#m;8uvh&!5>>_qCyM$fJE@PLoQ8vbAuz#?t*fs1r zc0Id+-NbHYx3b&V9qdka7rTeu%kE?Mvj^Bi>|yo@dz3xK9%oOmC)v~NS@t}8k-fxT zX0Ni>*z4>K_9lCay~EyR@39ZqhwLNvG5du5i+##IW1q7x*q7`p_6_@%eaF6MKeC_L z&+HfWEBlT8&i-J3vcK3&Hi65*<>V4M1DA`-&E?_pa{0IdTtTi7SC}ip73GR?#kmq( zNv;%Enk&bZ=PGa&xk_ARE{RLws&c8Ek*mg4=W24bxjI~3t{w+)4Y+i!A=j8|!ZqcZ zam~3FTuZJE*OqI?wdXo;ow&|iSFRh^o$JB%VJe-&Fa{-RwSdQa(F35#AffG52Q#h5=xG)#tdUJiaeq4WUAUB8`%njv+al^Th z+$e4|H-;O_jpN316S#@oWNsQaotweULJHwsj&T;3t3*1HS5_g%q!d>OAao4#U+)eHlcbmJz-R16a_qjj0 z2i!yM5%-vT!u`cP<(_fRxfk3^?iKf%d&9lu-f{1_58OxY6Ze_>!hPkwao@Qg+)wTo z_nXV);#>lsgU`t)@&-N^pPSFa=jHS9`S}8TLB0@Qm@mQ?<%{vf`4W6dz7$`YFTSp5_^z<#|5H zhj@V(d5M>Kg;#lv5AzYeH{XZv#}DKO@q_sx{78NbKY^dbPv)oaQ~4SEOnx>$ho8$Y z;1}|X_{IDZei^@{y2YvKgpls&+zB?3;ad?27imc!{6oa@%Q;Z`G@=?{xScA|BHXhKjWYC zulU#e8~z>tp8vpq;=k};`EUFW{wM#7&*bBLLNG@#XD~5n2<8pu3+4|N2o?+$4i*oV z304eN3RVs#1*-;)!P>z(!Mee;V0y4|ut~64uz9dWuw}4yuuZT-uw$@OuxqeKuxGGW z&=fQWp&%Tz1d$*XvHal!GyiNQ(1sljQ%nZa4X*}*x%dBFw2g~3I^CBbFEmBBT^^}!9nEy1n9ZNcrq zUBLsvgTX_=!@*<0$$p6si(R3MGe9 zLRCYlp=zNTp_-vOp}L{^At2N+)Hu{6)HKvQ)F#w6)IQWP)GgFA1cq!OB!q^r5D}t6 z&JZ1PhrA(QC=g;od?*+Sg`|)iQbKAd9EybchWds2hX#fQg$9R)gof%^8Y4oZLZd_D zLgPadLz6>OLeoOCLbF42LUTj&LJLC6Lb1@A(Av<3(8kc_(3a4)(Du;I(5}$#(4NrV z(7w>Y(4o-b(23B=(5cYb(7Dk0(1p;Y(B;sT(ACiO(5=wz(4Elz(8JK9(38;9(6i9< z(2LOP(A&_v(1*~c(C5&X(6`W!(C<)YC>}}>atJwvM8P2B7V-#rg?vH*p@>jiC?S** z$_nL#3PMGpvQR}x5vmE*g&IOFp^i{b0E9FlU1%gU7Mcjngcd?ep_R~DXd|>0+6nE2 zPC{p)i_lf*CUh5i2t5U}01A)*3pN22>;f*30wp*Emp}_{!6SGDpWqh)0wb^jCj^C% zAPSNo3yPo$nh+KuLT{mu&{yau^cMyQ1BD^NP+^!bLKrQK5ylDQg$cq$VUjRam?lgY zW(YHdS;A~#t}suSFDw)m2}^{f!g3)hWC$yTKZMo78ey%lPS_x97PbmIgq^}3VV|&H zI3OGrjtEDEW5NmHq;N_&Bb*h^2^WM*!ZqQBa8tM~+!5{ykA$bf3*n{kN_Z{25#9># zg!jS+;iK?b_#%82z6n2spTaNUw~#5sg#=Tw)$Eub5vfAQlu0iG{_YVllC} zSXwM2mKDp1<;4nOMX{1tS*#)^iz#AN(I{3EtBWOw15hihqc!#MR;&ajm#c zTrX}AH;S9YE#g*jySPK#CGHmYhcf zqxebuEPfHcir>WV;t%ns_)GjPW{Pn!LCPWJloBO_luODj<&pAA`K0_(0jZ!=NGdE9 zk%~&ir4mv}sgzV&DkGJZ%1ITaN>XL1ij*WJODR&SWR$8&)ukFzO{tbtTdE_~mFh|L zB|u7(8c69CUuv3NWCPJ z1WJ$uOBTs0*(5|lB}}qQxI{>#L`hD`CDD>w@N|&U| z(iQ2dbWOT0-IDG|ccpvMpV9;Aq4Y?4BE68_NbjWg(g*3I^hx?GeUZLNKct`1FDX-s zO9^rgIj5W`8{}MaZaI&fS1uqIlncp)jDZ6A^cFP{wC$lmq^KwuQ$)YUD zvaHErIU@I#`^x?00rDVuuslQ_Di4!~%OmAc@@RRCJXRhrPmm|dljJG#RC$^_U7jh= zl4r~FWUMeq>m&;K(CTGYiHhH_eL*6Ct zmiNee<$dyg`G9;-J|rKJkIKj7k`7imI{9Jw^zm#9eujRM$JNdo*LH;Ozl0VB|d z{w4pGGv&CPpyW_;Dv63g$))5`@+$e1{7M0(pi)RFtQ1j-D#euIN(rT;Qc5YUlu^nm z<&^SD1*M`=S*fBVDalHTQdLP+j7l}7x>8fAt<+WODfN{GO1jceX|A+XS}Sdpc1nAt zgVIsyq;yugDczMGib*jmpaLlt#j4m8RKXNnAr*(>Qap-R@hObLDZCO?LW-owimGTz zMCq;cQTi(bl!3}HWw|xwd4YUDexLwQ5GVu`28sZsfigf*pct?*;d;W?gvKe=Q);9X zODU34E2U;i-jpUO6+3irBaG3MMx1-yeYnv$|;Rf z8m6?b*0$P)ga%3JNr}mZcr@Y9_=7l*v?8H&a_(xms+~5TH=Z*dHy$%CH7+r3Hf}Pu zNSc;BC3$M{^yCu2f8=`q%cP}bIax_oleOebTVLsS{Es zrcO$ooH`|SYU;Gq>8UePXQs|dot-)-b#Cgs)cL7eYB)8L+B>yRYTwj;sr^$2qz+6S zlsY(dNb1nkVX4DYN2HES9hEvd)s;%8x>G%=-c(`C?}`;z_1fn+9`P3DsM|HmBvb-w>Wbs$GPXFM_f zB%UjtJDw+=H=Zw^KVBeSFkUELI9?=PG+r!TJYFJRGF~cPI$kDTHeN1XK3*YSFOpKPm4E*r^g${8^s&Po5Y*O zo5h>QTf|$&Tg6+)+r-<(+r`_*JH$K2JHp?0yY2vPyhq$01glU2~dCoZ~`uX2Hb!L@B%)-4+H=PU;z%`fglh91V98N zKn4^*1vDTGM1bBvAD}PL59kjJ00shsfWg2JU??yQ7!Hg8MgpUN(ZCpBEHDlj4@>|i z0+WErz!YFAFb$agAOCjw-!6T^QeYXd9EbujAOlzdtOWi5RspMlHNaY69k3qQ0Bi&{ z0h@s>z*b-zupQU|>;!fJyMaBxUSJ=vA2}E09*tv0hfU*z*XQHa2>b-+yrg`w}CsrUEm&YANUh^06YX90gr(vz+b>q;2H27 zcmccwUIDLxH^5uq9q=Cb0DJ^K0iS^{|JQv2Qxm5pPEVYXI5Tlp;_SpZiE|U@CC*P= zkhm~$QR3pnC5cNDmnTLOV~H7wD-u^G{*n0KKf#TOn-VuCZb{slxGiye;*P|fiMtYa zC+*rlrfYwlrxk! zR4`ODR5DaHR52tOk_{<_s)kg9(NN7$-B80&(@@J$+fc_)*HF(;-|+9RA26gD8W_?I z4GoP9kfE`miJ_^XnW4F%g`uUPm7%qvjiIffouR#Kz{nU`BWL7|L1V}$7)7IG zl#Pl}H4ZfnGY&V7Fpe~iGLANmF^)BkGmbY-Fitd1GEO#5H_kB5H109(H9j;xGCnpw zG3Ki_Go?6C38?&kcw%$pc#v=|$Dau$ay(C{kmFfG?HsQYF64NX&@0EsgiAR-=zsYA zk#Hr)_k?RXZsfR?<4%rW2`>_$oCygXb9Bw|JqNAV{&D0=%bk`dEpJ-BwESrW(h8;( zN-LaJB&}##v9#i8CDKZ!l}am}Rwk`%TDi3HX%*5crd3L-oK__*DJ?lIC9P^&YML>v zT3YqA8fi7t{%gel?=l%k0jdJ2fDxz$R0nDRHG$;~CZ$hKUy!~qeNp<-^dsr#(l4f8 zO23*8WIl{P*7xS*U?H#w=$6?%vqxsn%wCzMOmilf z31z~W)=XO_l8I*8Gx1C!lgy+t9huHdS0Sxcxn8TRUm}oQ@a~X3R^BD6Q^BMCS3m6L; z3mFR=ix`UOBhQUOBqWW%NWZV%NffXD;O&pD;X;rs~D4v$;K38Rb#5rXsl+e zZmeOfX{=?eZLDLgYpiFiZv>2K#sB*V@qQzV{2m@V_Rc8 zV|!xS_(O zu3BFO)COw0+DL7zHdkAyE!9?PTeY3qUhSZER6D7i)h=pRwVT>q?VHu}1I#?Z|4poP#!_|@MD0PfFPMx4mR41!b)M@H;b%r`qovqGM=c@D6 z1?oa|k-9`(sxDWfYD~>gSEwu1Rq7gbt-4X&qHa~UsXNr2>K=8kx=-D&9#jvjN7SS0 zG4;55T0NtlQ!lBP)hp^%^_qHJy`kPxZ>x9IyXt-Qf%;H=q&`;vQlF_W)R*cj^^N*g zeW$)xKdPV9&*~TT>womxe^bA!Kh&Srw zX|1(3T3fBX) z(Z*`yvt)0=%YUi}`+6C>Rc3HckUDd8>*R>nkP3@L;Tf3{>*B)q3w5QrL?YZ_sd#SzB zUTg2P_u7a5=(Yc-eb&Bd-?bmwPwkiXTg%iE!a2e@!-?Ts;oRXo;k@B|;r!tO;ez49 z;iBQ<;gaD};nLwU;R@kO;mYBpaB?^$Ts52;t`@Eyt`)8qZWwMHZWeACZWV45ZWnGJ z?hx)6?i}tC?iTJI?iB{ZP#6wd!nQCHM#ET`3OmBiuq#Z5-C!Eh)n zgvGEFmcwc|9FBy0hx>*5hX;fQh6ja*golQQg-3)(hDV40{hjqcyLC)>Y|$ zQg}*udU$4dPI!KJL3mMkSvVuSBD^yEM|f3uZFpOFdw5rPcX)sJK=@$zSon1KO!!>* zeE356V)%0SdiZAeR`^c%Zuoxq&+vorlkoHKtMKdaoABH4hw#Vn=kS;C*YLOSkMPg% z?{H=~XT%W69mx~P8_5?b5GfQX94Qhh7AYPn5h)od9Vs8F7^xJg97&E;jZ}}+h}4PH zi`0*#MH)mJN18;MMVd!iL|R4KMcPL?M*e57?!TX1r%2~Wmq^!0w@CL$kBBK^j(`y; z0!J(nTLg_@5qkuW5D_ZkjJP6n#2xWQd=Y;n5Md&0go^|tp@DLBaA~PeiBXc72BJ(2)A`2snB8wwS zB11zJIEhH zx-#pA*VZK-a}-Jge|;ZM{R_vwj|+2h>h zhEQnJ+3vyri>R|~Yja_?aNXVA-QC?aAp#);l8^v_lHlZVcS}MGLE2Jx+iiDk*WKOS z-QC;semnnRu4`u2%(~Z*EX;q_gZn2XWav9;w_J_kyu{bpJrc5AJ!q%RB{u};V{@eaL{(JuW{s;bt{zv{N{-^$D{^$M|{+Iq&{@4C@{*V68{xANo{vZCI z{@?z;{xU#0pgd3!s0364Y5=u>+CUwkE>I7s4>SN80*!#iKog)j&;n=)v;x`!?ST$J zN1!v%4d@Q^0D1v^fWAOKpg%AG7zzvrMgpUN(ZD!h0x%Jn1WW;@0@Hx$zzkp}pab-P z5ikK}AQFfIEI>411!4h~`yRfnZyTLiJm0p_waoQz5~OPLDrKd6^1w|_gQ>Ae44xue zYK!t~MjXqkY<=l$nz=?aTi?<>JYA5kabNMCxu3mBfp5VPq2UWIr8doLfS`^Q;1zZx zcRBTX>Xp>8cESEV_jN&BVl~HM$AaMg=mQiHvW3?b?g%y_dT3)^d-c~$cGJq>s^FU7 z%uwazS&kwqS-dh&iSKUg=Jz_(#0%-q()QS;>{UxfE{oEP9OpB z04cyMzz3uO=|BdM31k7;Kn{=#_yGU_0T@646rcbaU;rKv01=P?8Bl;A5CY}^`9J{> z1`2^9pcp6t<^uD8`9LYK2v`Cv1(pLVfi=K7U_Gz_*a&O_{sp!I+koxB4&Xmv7qAD| z2kZw900)6Xz+vDBa1=NO90yJSCxKJI8Q?5%4mb~704@TTfXl!Y;2LlpxB=V-?f`dz zd%%6*5pX!yZ{L}Hk6D-S%(W%|fj7o<&{#X+Kz=^bTi@J1h;Bs5REM+^-t3Y{cdY4$ zIZ?c4si`Y(PfQ(+J_|K+K1pbiyq`l4=y_bhih;X3*|<$Kaproa@1tkA25|K)SW`T`f+$4xz$LCj;%zu?G(ySDt; zH*rsuBd$*#SS^$ApL?pH6gO7e5Fhea=<0-*7S%{G#F2D|{?0`GwLzz5(H@EQ0D zdn}W^3R$v>jE!Yn10CoYpf!)Dg zU~jN5*bnRv4g?2*Bf-(&Sa2LT9-IJ90;hme!D--ha3-h+4WJ1$gVCTBi~((6ENBNE zpc9M-U7#CG029F^&;ureDPTI70cL_(U^bWo=7N3@1R)Rx5fB4$kN`=L0%?!|hgn+2 z4zUvjM8rapHrW#==Jt(j8^LL;t2Do*r(aZB`h&QE=GhrZ!F1Qsge7joA*O!{J*55# zHi=D6dhd|DQ^J(y74s6_L1!%1S#?}f%+b2)@N*}denTN#twKu4BdEOjQ*K#zQH~0tq3zmV(LFJ(eP$j4`R0XOERfDQSHJ~xz%808#orEV+ z1?xli?KlD+nbJl-lrD$1(8Y6>-jnnNw1mQZV`4b&ED z2epSfLY<(_P#35x)D7wm^?-Upy`bJuAE+jmp=iho#Y1i=0ZM{Wpjl8VQcW z5QIP|gh4n&Ks3ZaJS0FOBtZ(KLK+l+LQozw8*1YmNgj3$)kT`Vg|@qokWUhOc_-=L zIPd%JC_^15d6T29JH`;txRc8m-R>!YdJ%JD0qB>lk8wD>%V`Q-^>1?&I#|Cqke-3~ zry{F?kA^v+4$(UOr?eNr8Hvr2Ls?6GcZvHkTU-V9J{FqofwZ)@cGL?sAQl$U?xSf% z;EoK?U@Kf>8JIg>KP0!%{>16D?(^+UmB3%7%i)uTvPQ{W%{(W+yn0F-nzaD*3$KGU z)qAEnP(D-ug`q;I2r7o=Li3>cP${$kS_mzI7DG#*rO+~HIkXa51+9kGKx?6O(0XVC z^bfQV+64UzZGpBz+o0{xE@&@w06GL6hK@qVpcBw3=nQlgItN{ZEJ`3K=+{g&;#f(^bC3dy@K9A@1YOSN9Ysu8TtZ!g}y^SpkL4*=r2?jt^ikrE5lXb zs&F;923#Ai1J{M?!S&&Wa3i=0+!SsOw}8v)-umB|qdUByY)w$Eq$`@-0y9yKI!;{p;p=-InLvG+gs+{#I>!&g>8Uki$v7RvnCFF8@ z+qBu%xA1FVc)^y`b&0izO3?;G>+pBms^~7}tUyvCQS>Nke*Pc-*pT2pVs2&~W}R!< z6d36Fp$(+R8s9k^M*rcT#ZD|eq@Q23L+Kdfcd{nbr4NZ^jFSs|{2kr~^g9pF^;X&{aco;ki9s`es z$HC*_3GhUCGCT#I3QvQl!!zKSunyM45wH<9!DcuTj)J3MD;xvc;8-{gw!;qC3CF`O z*bOJZiEt9^fs^4Bcov)rdto1(2B*WBa2A{m=fVh#!WfLhG|a&QEWt9Yz$zSogK!9* z1LwoVa0xsYE`=Ati{U=nc~cCbN9ySHx-#L*-gDW{xk~m~xj%_&v;F|H^T*=%4No#o zn=S>*GhMX}S-#?%-f5Q2^p3>UlRj zpMp=rXW+B&Iruz$0lo-df-l2Y;cM^>_$GV{z75}pAHa{`r|>iQIs5{C3BQ8h!0+Jq z@CW!K{0aUHe}TWk-{7C{FZd5!1}Te_LnLZPi#z+&S8PWo2 ziL^%ABJGg&NN1!g(i2JZt@Z_>jbdX*_uLW}7ksO~mA4|XH)Wva*(0bNE#1gV)3usb zF5;T5MR-saM77pV*_J31!h*FK5ixkmNRuZK0iOXoKgouLC@HF#d^NiH82~}Jp zOFxpuxmm`PLK{0G`4L|>oF9Ib-%VG+d>tQ}d{=8oeo88_?;v_3eUN_00AwIC2pNnF zMTR3IkIUkrZSW zl8Sf{ACit_AlXO`;zvLPMou$z^oyC^t-(Yw)58d3m%zH@GDCOtBc5qiFnbEsH5Rt##=cN#{0H%?s8I;?wqTe z^G9;Fp~$w-a6npw@Wm0tTjz|7-r7_HVQ(JF$T=kSv`hqzjs**T6eI^n%)PIG{&C5- zJTJ6?+DM}uypeV~xnjZV(C?^up6}w(;4$-IOWJU|{IkC3OxGvqn)5_yHZM&2UtkPpa5}V+Ku4mZ&~fPY zk`x=@>*QUg+iVj`+<7bGH-w%Sb~kVFU9kN&$dQr6J7QPDO!xc5J@J~eTBgN2)!WV!q&))NN}wc4p)|^%EXtugDxe}NqYA2`8X7=@Xb7Ey=A&V>7%f5Pq6^VQ z=n`}}x&mE^u0q$KYteP+2J|2FUvvw)72SqzNB={2qMaQ&zDMLz*KFNt?_k$P`l?xH z8kK!MZFp`yV4f+m!kA6TuqMy*u=oj=W`W^j&{z8AFf6%{Z8LTW;4l9pU zz$#*uu*z5!tSVL=tAW+TYGJjpI#^w-9#$V~fHlM#VU4jSSW~PS)*NerwZvLst+BRP zd#nT25$l9?!MbAIupU@XtQXb?>x=cn`eOsIf!H8SB@>Ik2lu5fQ`(lkvOdSF5>?HV z=UQ@Ja3*>re8SYxxhFTvn{7HCvjXqnzGtXLy^p)gk}lHVw$;-6pmE0SPMze}va@jK>5_#3W3{6imf5EPw^E5SE9{ z#^zx8SOFHs3b7(AF`^G`Fs2vRN#oL1_O_p>fYaPa`*4o(=YiMe@1kO{st zh2hukWp3X84YG)X!rfeJj5KXd&hP;4RNysS)^`zqD4ny`a~D4!LDN0u?U>#yN%t!?qc__``82QA@&G+j6K1gV$ZPW*bD3>_6mEAy}{mM@38mS2kayE3HywF z!Mv<0QsqsKwX-f714OYjr1_d(h43S-e1(q@*W_Mb<(l+M5_#z&eiS zMit(L@4)*E8#0RE7j8ei5D#a+E}Ww4Di z+=;PJ$q8mmENOlYjMA<5#*i2OXLxxQ2N-T^tpdFZ-s>Nmo;ufNc#IM5@ujU}Iz<{)AD}$HC%i-nm z3V21l5?&dvf>*_>;nndPcul+(UK_82*Tw7M_3;LHL%b2*7;l0%#hc;H@fLVXycOOW zZ-ckR+u`l;4tPhr6W$r`f_KHc;ob2bcu%|+-W%_O_r?3+{qX_#KztBB7$1TU#fRY| z@R9f^d^A1=ABT^}C*TwDN%$0eDn1RLj?chn;yPT9N8kqBh?{UT9*IZc7Caia;xV`l zkHzEg6Z(g6jPHIZSVBgI&GDuU<}!}wZXo5YAvwO9v0L;tqs~$jtPX6m1M&Azo2$^Z zSXYoyp8V>1l;JD{EH~-5p3ljb!NQ{R(8uV_=C`H+Y10kEjf-u6lnvzg$mN!7r@_+G z48svlvu%ZYq3fZ^?K*1P;CXFc06(FDygBwq;t=b4OD*>^?Ja4s0LUu+OUG{8sMNNm z2;@N4q~yQAAmD4_7DG^X$-g&t8Jx@NtYhbr5q8{xJMnnjg}d@N7H>&&B;XfP*-M!#IMYIELdmfs;6eGdPQLIFAdsh)cMPE4Yel zcmNOLAv_PCjnBdJ@d7-I7ve>DF%B_x}S;Z8H>^Rwh$fXG-5A-?DZ>_0ucm=sc(Lmd+aiNsO7PZEl=AQYV=< z8b^V=sjE?pQ1s{YQG}JS5wS!ZVJDn~n@AuMi6p{9q!M1jN2C)OL^hF2_z8dj379|# zl)wmrAPJga2$tXoo)8F;kO+m)h#(On@`%~Qod3y+VWN;IB8rK*#5`glv6xswEF+c^ zD~VOaYGMtsmRLuuCpHqBiGPVL#8zS(@gK31*hB0i4iE>4L&Oo{C~=H9PMjo86K9EY z#ChTZagn$}TqUj(H;9|WE#fwDhj>6dBp&3RglD76yj#O_jZDsS^K-qK+{D}oW)vK^ zw{R}-HL=?ghfsg=r#p9L9K_e7#|>2SMl_x7pyPvQ^YEngx{B(mglXiBh{D`6nU8I| zgGuSUj!tkFT(K7?HZ~p*k7X<|*2?amQ|S2$HYyyT+Znnu@1*ahVXW5De8#mY`#tj| z%q}>XKS*CfoHG3H%o$!6%NIQ{J<`oftD5s~N-7vEw&pf5cJPn&ef0PY#S5mB#pV&n zUicC5lz2wGAYKx$h}Xnh;sf!C_)L5uz7pSv@5B${H}Qw~OOzuklU2y7WHquDS(~g& z)+d{h&B>NzE3!4&mTXUUAiI-2$ev^`vNzd>>_-kDhmym{5#%Ux3^|sZKu#nllT*m4 zq>j{+5u|}Mk&$E+X(6qojf^GZNIU5uon-v~#t%1{Kqit&q=!r!rd+~Bq;~rB@N(K^;)+6cDPyxc!KCM@ zd2>otuwUU@ZJb7w+S6Gm(lIIA%av2o(0n_8iT-e6Vr+bDL&CuK_9_k``%&6o{7Gzc z_bl6!v|LlBZlOCdcabYC*hzn0x7@oG|4(Vj{wG+7;i2{gtB^${-^7t@b01%F3m2_B zOXp^n1!>+}LYFj;YHU7f$-P3WBB59H%MN%d; zGC&5&5Sd5LCiBSxvXCq$OUWhVa&iT^l3YvvLvALwkXy;^P&T^x>DV!?o>~z7uARAPYs|3QiG|X z)G%r|HG&#Rji$P)v+3^42Y-FO0>ezhabwq*iiE51Dt*??0_V63 z(6F>(d$F}H=gX+;-Rs)x*C%dp{w}DMv_NQI`Z~X+88i1#!Gtl?SZW+Ko|-^Sq$X2S zshO0H(o;q%in37Al#Pm|;wU@ipyDYP<)#v-Br2JjMWs?+DxJ!rvZ-9kPXQE2Q4~Y5 z6i4xtKuMHBsgy8B$s+3wlEuLtJp)q`%yW0Rx_j0zE2FQKuJN`>zhj#buC6+=&Uucy;1 z6luR}jEwK%dE-w4JXw?AzpfYN2=l`HC7~8EoAE~8@jAb?4mrhYF%8b$6Fw2u#$A^} zo!<+t_*`bHm@_<&`Ax33)-UW9@z^^e_O8pRA8kUYN}>PKx^u@|Ircr^mITE8+0i71 z$ZK6XI#%xJjyrdO|&;o>MQWH`H6|9rd32Kz*jZP+zHU)OYF!^_%)jm8UDyRp_d8HM%-o zi>^)ArR&oT=|*&8x(VHsZbrAH+t3~8j&vuwGu@T$MfanJ(Ie=Q^k{kvJ(eCvkEbWn zljte*Gf9St-8KxRjovF#xVd^pU znMO<#rYX~sX~nc=+AwXIc1(Mw1JjY|#B^o4F};{ROh0BYGn^U8Bt(v)Hs!AO4>jG% z{TVSf)~g&v^bwP@3QMjPl}mq+lMD$7%Ya|5yrS;feseTw)XlPdr)#p=_Sc3lIfoQ| zY`o={S16hkGXR`0_hqmEjWQZsKk|?0cqX2G&TL{YSq6B@Thfw}e0|m1Np&+?dxoVp zN^a)bX)UiiWT=#W!4vfQ4JVT)TRo{sxwYczP!S8RCQgCILU|>CM#tK9W%a$y25Sv4 zIjVv8P_VoM^FH*hQ9|xf%xGpTGme?SOk}1o)0pYZ3}z;yV@ymW6UA7VXvWIKF)k*9 z$z-yaY$k`vW&8}pzzoh149QRo%`gnh2#m9Ab_z$C%^HN#-^=AdcMCby9KN zrP7W0oAYNHW7FNCiM|19-RK!{ZBnPEuJ+i>W=bWBqX%=t9E)9(XALdLN@Sgh$twV} zZl(TdTv6fLgloj>*t2>Ku57HpG|=^SGVt>JE&5HmC(wYLN5&oWg@oPEZ5!n^79zoR z-cb>Rsbbohgq);4-os9y=&QopN8|wTNvMf#W2k)2IPZ<9>3N5}iZ;x2g#VDVAuuI2 zv!qSh8|E$Zk@>`YX1*|AnIFtg<`?sa`OB1H%dr*N%4`+3DqD@M!`5T#vklmWY$LWY z+mvm_HfLM0t=TqgTecnBp6$wZW4p6G*q&@Jwl~{{?Z@_K2e1R#LF{05C_9WD&W>V7 zvt!t?>^OEjJAs|ZPG+aDQ`u?kbanCf3YGvQca_8^_vN2kT^AYyz9e zCb1qinVrR^vFU6Eo5kj^01L4Qi?UZtgJP5gOSGM)DwY*R<2`fpj(d|0Cvrc!)@BVc z&NmJt@-v3`b4=4px22?k`@+}7rNp4jgPD@yqUTZ0qv$4y+oDz}{^AVRW&FGIb;hgc z{ks2jryWlVf9jSh<&Cm+4Q_Uw);&(FV@O{=QgZ^Brd zC0LTBScYX;j^$aI)z}~#V)NM9>>M_qEnvfJ5nIB}W#_Y{>;iTnyO>?VE@hXo%h?s| zN_G{ynq9-LW!JIm*?-uL>}GZgyOrI>?qqkdd)R&K0rnt!m_5QCWsk8Z*;DKp_AGmW zy~JK-ud>(J>+B8oCVPv$!`^2fu#ecM>@)T``+|MRzGmOBZ`t?k2lgZTiT%ueVZXB9 z*zfEQ_9y$B{lk{w%5vqnR(f}$A^BotXI+DYl9E){ffz?l7QM>%Ci!VZfGG!#@eDN< zdpF`cBN8L+nKs0jbRzpDJ=K#L+s24xriw2LBEyFh;PF^6$GBzhOw{4vdP_mH~y#%b@OTjzGn&B~f=`iPh3DsUCKN?c{G z3Rjh@##QHPa<#bHTpg|+*MMutHR76ZO}XY=3$7*CifhBQ&kWG zdUCzE-drE9FV~Oj&kf)Pa)Y>0+-PnLH~M$W{U zxk%2!MRPHnjf>^tI0xtC;yD-R<`TIi&cmf}v$#~w%lWu8E}hHZGP!Inm-BM~2XZKf zaRf(l6jv6w=}$4oom|yo}=7-g5Tw&ZV{^ z(q&~(;&fNIShW4MiSAyJS52M#n4t%^*t0oVPMz(V6TD=qN1yivbCYyBEyK1Ta|4%` zbUi7HC?lLMZL`20+uQRlSU1_>sp+}`bJ1Jv8Hs(se+sysTZQ-_Z z+qwU^o!l;NH@An|%kAS1a0j_V++pqrca%HEo#0M#r?}JH8SXrHfxE!-Oe3?(ssp_7KrOhJc`X1JwV*#KkzfPQ{)`QY1qp+q zS~~Yb-%KraNGebMusw{t88u8lLZ4OqF%I_(A(A0rIW8`AdLjw=ia=FMXZ5sX*D!SG}JVo3m`VlD8v(2B4Fvf3Q(>d1L^ zU2>(!u0)-jc39bhF|HZWS9FXGvYMm6b3eFW+;8p=SB5Xkm*dOx75GYgWxfhum9NHE z=WFma`C5E!z7AiHug^E&8}g0$CVW%A8Q+|5!MEgF@vZqbd|SR9-=6QlcjP^kvH*?d=zitqj@WD<74?a-oZQhc;3w?@QHj9@8OgA6n+-(%WmbK9;h8S zLtdiSy55=IdF^@KtYw`U-kFwZ3Ei~r{^w~n3pwjut}nf(T18E=yiJ`gZUz^-znj)& zBzU8vyCsy1zLz|gsuOtyZ4&Wc;FNEH_A(>rp6k1m_5`oMj!!Nhy5{qTS1J}Ol=XD>91-|jdsj*$HKYgjueR5mmdYujENmN~T zyyro181PXWpzY6ZWamsh%m*`kd^(@OXYtv54xh{Wd4LCbhG%(>=Xrq_d5I73K|aLi z@w54SKFk;LMSL+|!q4SP`33w!ei6TzU&b%z*YNB3_53D&Grx`B&hOxN^1Jxm{2qQU zzn?$AALI}7$M{qHY5oF#k-yAe;ji*H_*?vK{vLmyf51QFAM;Q6r~EVi1^<$N#lPi0 z^I!O{{15&o|BL_4|K-aH6@-dHC84@dL#QRx7U~Ffg$6<+VT|{yJvL&UZk>IYdotZD z6p@^kw;8BmzLlTgcntfKC%TQuUHoP)5K-V7V67ecW;h5@@SmvJjs_vx=ZtM_sbe-9 zW~M!eTIrrsL{JTdZc>?0D|346KI)1q+SQjDSUM)0R)UuFOj%~V=o%H-$bHm&ogd*V zAM+$aYKk1xnn;KJD7fH?XD%p#4lE*-h zjvtB5J=YwpwQNjNp}EjfXf3o6ItZPF&O#TVo6ue8A@me_3w?xsLVsbPFi0383>Ah6 zBZQH{7-6h1P8cst5GD$fglWQbVWyxLA_RkA6wE@T5G6zlF@jBq72*WD;1J>kmyjfQ zgk&K_m?fkNUco1%3zE!~ZUMZWoPUDu*SkLkXf@xF|UHLuK{p^NvvQl`h=OPoiqNFHS#U_P0e zl$x&_=bmC}Mc34?*V`@CTz|p|Nhw)>jf;#6oNtu|NyV8V4@2pfe>!oR{+VVkgB*dgo`b_sigy~2LsfN)SaBpeow3de-w!YSdj za7H*QoD(hymxU|BRpFX&UAQ6K5^f83guB9h;eqf_cqBX#o(j)|=fX?jmGD}4E4&ll z3m=4!!YARg@J0A4d=q{MKZReyZ{e>{Ml36q6Dx=n#Y$pjv5Ht#tS;6NYl^kR+F~8C zu2@fOAT}18h)u<2VhgdQ*h*|Iwh`NlW#DvY4ZGx=Pc^jOa|WV>O)$k3FCtdkfN(^3FaFKH*yJxLF5ZYt zkfPJ#b(e@l=!x>tdD^^22Nivdi=TBiqOLh!?aao36$+;r-?8IS`-=m_f#M)>usB2Y~m?V0{S)xx&7c<3dF-Oc5 z{URtrA}k^zDv}~2@}eM0qAaRnKn#i@F;AQ$=8FYlp;#mqizVV*alTk8E)W-ri^L`3 zGI6=MLR=}X5?710W8-XXlfxt!Sr?g-Xik}{o1Cf>ltR6!wR>2?>d?Hz{bU`r*ziv> zX!20SPVpnq;=o$s>Q|AW%N&M+J=(w++D7H>Yq`GGRaON258WoGnu{bnC zoSg^S^`6eoi`EH-FNSYq6%*t=6qYmV>fh)~iIJYekyQ%zL1FPBz971Wt4v`G-y{kt z3OTkbhgeJAb<^v_pglG>!I_2;F)#4fcuH_ZSiZhxnhkQ`{}?5%-Gw#Dn4?@u+xAJRzPGPl>0+v*J1Nym(Q(B3>15h&RPs;%)Jc zcu%}9J`taa&&3zwOYxQXT6`nE6+eid#V_Jl@rU?R{4M?!%SdIV@=^t6RCyNQfei&mfA?|r1nw=sgu-M>LPWOdPqH`UQ%zV zuhdWKFAbCiOI1T|e^=lJo>MrNOS0v_FT!KQlg41?YR9X@2g*-ddddAbDb?m(r)*HF zg$@T5(=J!1(w?Pb%-wanX=~OzzEPZ2+~7MLK5s73ZB?pf?lxBq-_7{$JLm7HYXH_0 zR>gj?myzcc)d~kP_If8+SGh+3GsOn!*>s=i%bBXF8Mr@OHZsZ4C-YxhGgU2NQhQl@ zmp+A(JziJ3eo?MWRQL4{clN&1UC2cYgOf+4lc5YMZ1v|1k%mgcq~X#CX{0nt8ZC{H z#!2I)iP9u#vNT1SDovB7OEaXIl1|b~5t2bNN+!uHMM_bUMT(ZJQjBDiVx>6ADaA`J z$t@*FiIPW3mQtiyQmW*Yd{UZ}E@eoWQkIl0ladq?Kw(%yNtXVy4J#T1Hf7V#m@s(T1L*1>e1tA0{m2#VdS zgB(YwAt9Drle=7ZNvs`zIQ58Qs_uk;aoR&=y;4m*uatBAB2E!!@PSM!b1!OJ>c_$X z;h)yl<}dj#eTQvn#Y1BoIzr*a(h_N@v`ktqt&mnqtEAP^8fmSxPFgQ*kp7W2N}Ht3 z(!bIcX{)qN+Ai&o{*!h}yQJOH9%-+%PdX@_mM%({q|4G(>6&z1x+&e3?n?Kh`_cpH zk@Qr0COwy4NUx;V(i`cW^j`WPeUd&)U!Gr76kLT)K%nBLQUXXV6X zl;+#J5Ig<{8S2P-n90JKpi4XE&vb-~ykMK8yXMC(xBeh?EO)#8bhujJJ0CQE^s2rg zUc!0Q*d-UUH_PaalX4Ez92=yA-YBS?;VDZbIhi zo`%YplEY&S=Ylz0TwY|-=fX%^OVbc=oM&Y6aWkIrj|~fIhAx(k=6e5=ugOTI1Nk?+d){&S5}lwVayAwo7V*rs z6S$uW$wlZM?^*w<#KK_DxX9Qce3fLUsfp`4Y)ku%x1Mzm&T#ZkZ{twiD}7O(D!MxM zPTE!7K5~G6UihY~XA0cK9V2H zPvocaGx@pvLVhW~l3&Yj{wRNvKg(a_ukttfyZl4`DgTmx%YWp*av7zp zQcfwaR8T4^m6R$X`nPz8YzvHCQ4JKnbKTop|n(5 zDXo<@N?WC!(q8GHbW}PkU6ig$H>JDML+PpXQhFJyblw6I@~9b|-)ola$HI z6lJP1O_{FDP-ZGRMXy9C2F0kD6tfbkL@5>}TCplIicN`C;uO2$P@GD<;!@no{|Zd; zD9K8SGD}HSd`g;g zkrY``6jjlbfD%+fN}e)XnWN+@1xi>cREm^hr9_#l%v0torOEvLvZ}6Xl80`p>lFZrF4Y%i#q zX%<`gxtEi>1qyAy@Zrua_>NG9rnjDU--R}7M$_5EDCn>nNQ;bqNKbso>@e- z*xXQ;q$hC^`a7POh**7uWrh9!J-0*Dq3SSoxH>`|sg6=dt7Fu0>Ued6I#HdXPE)6= zGgY0cS0hw|YE(_CS&dRHYP4!qZECCQvoof|{r%sU9_1O;P{X!qhZ1UCmH4 z)hsnf%~ky>pdu=&Vk)i@DydQ`qp~Wm3aY3os-_0ipc+#1)Y$RmsboJbX@i;AsXM4Ut~;Q6rn|3usk@_VuK%cOr%%v-)^*f()>qYc*Z*%_ z&<{zB(Z}i6s~gmR)Q##Ub+h`fx<%cpZd13bJJkQwo$4-ix4K8&tL{_xs|VDB>LK;8 zdPF^{9#fC2C)AVbDfP5^Mm?*ZQ_rgx)QjpR^|E?Jy{cYQud6rIo9Zp~wt7dstKL)Z zs}IzN>Lc~B`b2%IK2x8oFVvUnEA_SdMt!TkQ{Sr})Q{>X^|Sg#{i=RbzpFpgpXx95 zxB5r@tCrEqYUQ-@S_Q45R!OU@Rne+y)wJqb4Xvi;&|CEV^dt3teU3g)FX<^o z{c1g`U#rj8KhZzaztA7n-_SqQ-_oDg-_?K9ca4}4@loF+qIN{Dh@KID^erN4M0AYk z5`jmIkBE$z5}}LmMj#Q(B34AKiuf<$N<<~Y>xfqoPa@t#R5nyM+}4fsM(Y#xXY>mf zO!DTSX@=i%$4iTfDMJJ6cVkUcWx0;&rJ<=c(y&k$W!S7s6PJoxbPcErA_)z!l^3@Y zYYZC=yA8VxwY1t=9j&fbPphvr&>Cuuw8mN!t*O>bYp%7>+GqyNs97|JmZ&9bDcUT} ztEFk_TBeqzff}U28ls^Zrr{c)ks7Tr8m|eOs7actX<9%FY9Vd5Hb*Pa!djtLq!nu= z+FWg(HeV~%7HW&M#oAJBnYLV8p{>+bX{)t0+FEU$wqDzy{iAKtwrbn79okN9x3*8) zuN}}1Ye%(X+HviKc3L~9UC=ISm$ajXuwk)bnPH)_Tv?&4R{mACDBF|+%0cC%a#lH` zTu?45my|2YHRZZ;OS!AuQywYLl;_GD<(=|T`J#MRekp&IGHN-sf?8Rvq1IOGs`bHc?xut<^SaTeYLwS?#8FS9__w)qZM!b)Y&(O)25%z?=;jC~@SPX07!tg)g!qD8%{7`XdZD>*G-_YjJ*3f^U%i1;Vx^_#u zr`^{cXpglg+EeYh_F8+Rz0=-nAGA-}7wwn!NBgUl36u?#3zQF32viDG4pa$L57Z3Q z3e*YI4b%(N4>Sxk3N#Kh2{a8f3p5Y32($^b4Ri=}40H-~4s;205A+Q53G@r}4-5zl z3JeYm2@DU62#gAh4vY^>3``2l2+R!V0{TEiz!WeCA_GwYOCUNB6R-th191U+z!7i; z;sdULJCG1a40r;`fmwmnKw2O(us!ro=xpe4Xiw-|=uqfr=wj$e=t1aK=xXR@=w;|_ z=ufCZUc0{8P7X9x5bXWA@==0HCEj=vVEd4D*ExjzgEwPs2mT{I83uj5S z@D|j9SduM1i{FxMS!Y>lQ7xM+XDur%|61l)7FsS_u32tau3Iixwp%_~-des{9$9W% zvIDt+|6}jGAgvlUIlg=KxKCCWdvswtaPLo z=^$O00d=ro@4e!kll#8s-1E6_IrnqlbMMJ{oj=%Xul4M;pXayM%<#wT-#1hprVdv} zs3X<8)zRu$HK>Nvuv(>#S0||VsQ0S(sT0*|HLfPqq?%SUYF5pud9|Px)v{Wn-mgwl zC#w&rwQ8OEp!$$HMV+cXtUjhbu1-^@t25PE>TGq6I#+#Cou@8P7pjZY#p)7usk%&E zu0Ex%P*tk*%XfUe!*z%E4q!*Z4q->^jud{3=8a=G zxEqWCQE(5K0>Ypg#6cG1!6V>Fuoz4OYrs1263BtM;Bl}XYyiu^R4@xn0uO^4umWrZ zwcrJCAoLWx3=V@ngwBGGz*bNX4uM{RZQyWdEYu(R6dDQjfM>wZp)HU#WCIO=2xuWR z2bu|qkR9{`vZ%^$qn+^)2;n^&RzH z^*!}{^#k=o^&|CT^%M0|^)vNz^$Yb&^(*yjb)Wi;x*z%u`Y!q&`ab#r+8_N89e@r* z2cd(}A?Q%_BXk)0F*+Rm1Ra5XijG7_p`W3n(J|;)bR7CQ`UUzW`W5;$`VBfBoq$e6 zC!v$kDd@N8RP;M^8af^Q9-V>yfc}WiL}#J1(K+Z`bRIe%{Rv%w{*3;DE<}Gt7ooqQ zi_s7cborEGG4pN{L zC?6_>%Aj}PUPuppxMMUt7(NHRhB~0n;h*5)aDTWRGD5@P_uyyHbLa+C36(;V;d{^p z$Ohg5TfvraARGtB!x3--90o6hSHhlf2)qwg!!uzYxC}lGH^W!pBDf8%gG=CixCc&x z^WZF)g?r&k@DOBZ@K4A+cmeVi@-wmmU5TzjSEFmtwdgu@J-Pwih;BkRqg&9e=r+_0 zHAgMb?dT5F6176DQ5)12wL|Su2h;`rVyMx`s?qd(IhuCB63HB6wj=jKMVz00_SU>z7{5|{wyg&XSJ^&wx55foI zL-3*aNBA)OV|+ON2|fb<6d#F?!au`D<74r0_~-Z+_*eMX_&4}Od=fqxpMrmjPsP8( zr{UA_@9`P1ol zpKbo5xsCZ=^Hy`nJl#CcJl-5I*O*6}cbMbmk>*D8BJ*N%%A7a9VgA&-*8D4r7W13t zx6Iqkub7`RuQ0!B-fRBA{GoY+`DycO=8w%Un^WkQ76UAXSiEB~(PDx{pLsuvDHh*b z?66p1vE5?2#Rdx}3rhuX;byowZh`N>Epcny2Dir@ za5vl?_rSeyA3P9`z$5V}JQfFV5QlIWSK;ya9$by1IEhm@jWallb2yJnxQr{f2H%e- z;aXgWAH)ygDR?S=1V4(W;pun=o{8t+x%f#u4==zA@glq!FTqRkGQ1o=g;(H}coklQ z*W=B2E8d2;<7e;=yc5^s2D}UJ#?RsBaUcVLQ?GOWXdo<7{`>F0!3t`>U?K<1Fww|^@wxBIOs;IqIH zf!_oU3j8wgi@=eA;{z82P70hJ_*3A_z|Dah0!@$X1bPSh1x5#s11DKtzmxakz4;(Ml;6$A@-QFA@8J`9jK_JBr+Au=wZrZ9+A(%IyZv@~cG-5tcA0kD z5?k$B?7Ho)+1;?q2P*7q?K|w7?B8>^WBM+$|n!_N6-yFVi2y+N`h;)c>Sn9BnSVgQR)(~rnb;NpN1F@0VL~JIu5L=0D zgc)H@SPN z;ZFn*fkZG7V*0s%7!giH5RpU_v73k{Vu)A*AV2~lU;-gjL>v)MBoKRuy~I8ukw6KI zzzKpN35uWzhF}Sf;0b{c35k#ih0qZDi6kPKI6!C#9dVF2MC^3f?Z7w)4#ym12greN z*ykWR+;S*zNOw5rpm(Tp=yJ$%_}X!@<4DH|j*lGrIez3g&2g<`u;Woj%JGn6u4B97 zW5;v$nap+iCViiNNI#~Z(68t|leP8xOn+toGl&_?3}J>c!lIypSOp%r+1Kdh_}i+)w|id-TRpLQ}1Wq_q{v4GrW7e zJG@_b-}JuYo$lS{eb>9sJB3Ik4iiU+qr@@d1d&Fh6B$G%kws(^IYcgTlE@?Si2|aK zC?bl95~7qSBg%^qLFAKnu!*om1rZ{i8Dk8(MjkD1JOlv z6K9EY#CgI<^bi+_i^L`3GSN$1A+8eFi0i}+;wEv6xJ}$4?h^Ni`@{p{A@PWKOgtf; z63>X|#0%mj@rrm&^bv1}e&jpkyX1T1`{V~?fAT|e06CCc;4{T%h|e;g)jl8kyzeu{ z=OdqKJ{x>y_{{Yg>$AyctB;w_Y#-dm&qwju?_=jf`cOVLJ`O%nKF&U4eXD&cea`!Q z*br_YwxS_-R5iNJIi;H?{Z(GZ@Mq% z+vEGa-$h@Y?;+nJ-vZxU-%j5w-zHzwx7=6b>*Tl6Zl1-X)3MXn~-kZZ|x>9Ug!LGTxHtn+86>AM!)7GT5&ibVF55bBs$K|s19qS(x z?pd!=f4DaXZ9~tXz33hEGI|}of<8pAp&wxHV}r5D*l=tpHVXR&n~TlEzQ=yRmSbD6 zt=MMF1KWW)Vb)llTM)Jz1F?7v!uDdD?YG-o*zd6a#pa0FW*bWze-nb+&89HsJNv2j z-`fX)3+;aqeQf|s$THC~)$*|A0ZVVvhx8@=$X%pA89)Y-L1Zu)LWYuIWH=c?Mv_tF zZZevTA!A8^1WAa5NrY69ab!H1K<**;lKaR+QcYqcP7)+ZQY1|>BujE6PYR?+N~BCG zq=wv2CXvbH0a8oq$b;k|GKEYf50gj8qvSF2IC+9hBh$$YGLy_Av&kGXmpn=4k@;i+ zSx6R<#bgOtN|ur3)>$60R4lcYt(F;Th+v6wN~a<3$2{2f~{`F9<~y#LaidK zimh&1WmvUZwOgIE>an_Hb>FJP>WY=#>a5j3>(8u5Sm=Gbv2)l(?0T2)&Uf3gG0wItBBXEK!NP;YAg#ALYa6r%rhXhS@QuKjn zU35xxYIGynL^hKxWGmT5wv%VbPEt=A$S$&*JWHM<&yz;7hrB>uBrlPd$zJjbd6m3I zUMFvmH_2P%ZSoFzm%K;bCm)ax$w%a4@(KBrd`3PeUyv`!SLAE5k9WjGpJ+HY0<^erO{>4< z#C#SrCg$^)aWP-Td=oQ1W7c(tpdd&ARKg9ePGc#sZ%xqvlgTQ46S_sb8pt)UVWU)M9E0 zwUk;$EvHscE2&k~YHAI&mRd)xr#4UoY74cM+D4gC=9C4so!UWJQdX2TWkcCg zc9cEkKsi!Qlr!Z*xl(SFJLN%nQadSc%7^l${HR@&KNUa)QbANO6+(qlVN^I3K}Awg z)NU%8ilJgDfC4Fqf+?J0D2}S8ny5Cao$8{lP%o*^>96T=L1TlK1la^_4>Aw33=C?zO02n#wC)Ebl@bc4Og-eT9gZ*#YEU+wPcu5*ub-{~Ic z&bc3Q4|Y#+SKN=e?{yD#k8;1~KF~w&KFH&`dz$+Y4}*KQdzX8r`#JZ19;e(-x?gnv z$fL~twfiiO*&YrajvgC5oII9$xOhMwUwD{%xOpt`aQ9g3vB+bs#~P2R9@!qKN03LT z2kGJEQEtL6zVi6W^J~xN9#iPq^sn?XdNsX{Hm9v<2ilhoqJ!yBI*bmdBj`vvir!5} z)3G!_gEU0LG(xNBI69tAp!d*w>3wt}t)@{Lqj8#`Nt&W*nxR>mqj_4OMOva|TA?-c zemaRxrVr3sT1OwG578-fDt(wfLLa4%(Z}f%bQ+ybXV95+7M)G!(7E(UI*-n$3+O_+ zh%Tl}=u*0jE~ih?6?7$CMOV``bS+&+*V7X{?|BUNe8+RU=OvGiJ^eiwcsh74^|bYb zJ-s|*Jvq-X&pDnAo^hV>o{gRfo^GDbp5dON=ONDm&m*44Jlj3fJRXcQWa0w{>W zXdJp1ZJ0bH@ zeU-jNzo9>5Mlhq9am<&@*USWFA~T7Z%uHdvWu`LInCZ;-%n!_u%zWl2W&!gvvxr&3 zEMwL(8<|ba7G^86jj>?1Gdmbd#)`3FY#BSofpKPB88^m@@nL)!KV}!>&jd1IOgIz4 zL^4s#ZYG+EVPYA80U3yanK&ka*~28FY7|8|R6rZmgPlHe8t3$t(|D(EoF+LvZ2xh*ao--_yt4<#00!&;TM} zfb%TpH0OPcn!y=@AsL!s7=aNPnNb)Gv!6*~l9>aHmeDZ>nG`0KIm{ekjxxuX?NZssg=jyca5nG4KC z<`Q$6>1D1kSDBm4E#@|Jhq=exXC5$*n8(aB<^}VTdBwbD-Z1a7@39}SgV@3B5cXqs zIQt3vDLaz=j2+F6VaKxL*e}?x*ss~&T=XvQ$KLRI==Iv`vDb6254=D0?(aR+d!+Yh z?=jwEy}$9E>OIl>JMUTEb6w3{y<9g0Yz?po_%XmqHEOFSR*EHK3u6bl7saN>9*I2` zn-!ZIdo}i2?Dg0ivE8xdu@$j~*we9{u^+pii@h0pKlV}V?bxBfN5F&FSFt1AKLM=v z%>%v!rURpaS-@&wJ+KW30xSV5z#nh`Jb@@+H{b)f0~>Z^Tg3w)fCFcI4*-XO24J## z9Z&##!;WVsuoKxy>|}Nd`zKeIWPfFUV;8ea z*rn_;b~(F(UCFLuSF>x_wd^`}J-dP3$Zldcvs+j*)|}nW?qIE08`hS!XPsFW){S*% zJ=mSB7wgUXu)eGxyNmT_1K40TlnrCU*$6h0-OWa`F>EXgupkSuFsowY*myR9-NWu< z)hxnYa;*GAV?*ACa%UD7UQm%OWBSLv?YT}O7M@4B|DZr8{DBm77C z|KLBMgc2=@zj503~(!uNy=;fKOA!&~f| z?G;wTCb7w^mesKb*+Xm!o5~($kFv+vG&Y^hWV6{EHkUog=CS!~0b9rxvBhi&TgsNP z~r=7`;vXdzGnN_H*7!d9qwK3J??$( z1Fk>!Avb^<$PMBKb3?eH+(+C(2U`a#2X}`h4weqi4o4jNI}UZUbxd`X9qS!i9Q!-P z#>T{w-cP(=`8)}I7TPatVAyA2qr--W9dZ3W?DMcM!WM-69QI4tS78goCWTE8n-DfN zY-5;Dm_^w3u*qSY!&Zf@58D|ghLK@HSX`JCmK1g%EF&y0Oc&N3W(cbdyA}2z?1S(} zVI#sPhJP78CtTD#S6(Wwl=~s?hYk&W9`a%6fY7m_<3q=UejhqHbZ+QRp_@augsuu* z7HSph5ju?fm>bT0!j0fQR{{OfZ*_8D0oMVV~l;w>OCGYK{5U@;W0o=bj<0H-jG@G2&JOp zsJ+x4Y9EzIp%g|@6id;RK#7z@9iX(-5$Z5?j5wO9Kq2X&mG`WxK!>icZ5629pjF3C%7~&oy*`dxhyW5%i(gllUyE`&lPZm zToG5ym2jn88CTAo;wrdGu8OPXYPedij;rSyxYJw{*UYtZ9b6~Z&7I}WaXs7x?jm=I zyUg`+SGeok4elm)i@VL;;qG$xxcl4#?jiSxd(1uIo^sE)=iCeKCHIPZ&Gm6_xPJUQ z{JZ>n{QLX|e1HB!{yKG&xjp0=eOX(!r+cBS2DciMyYq<7L@v^VWX z`_ln*ApJ9aHS|_!EpsOPcKD_6o8kQn9$Zz5|^IQ0>{5IZ#-_GygEqN>6nz!L?O{Ng`yaVsZJMk{O8z0Dr@!@&Ik1bO%MKB8Lxb+OjW*9rYX~vS;|ah zp7N72Us<61tSnNNC`*;)%1ULGvRYZAtW(x28gXQ3(!3TmfgR_E923G{92d4#}3N8=s2tFNrDfn9OmEg<4 zH-oPRzZY^p_*L+m;EzN4g?tb)B;>P@K_QbuMu&_H856RPSMvfd@)9re3a{b!^GSR% ze}LEW2l+#MDu0+i!XM?2@yGcSd>Wt5XYiSP7N5=M@VWd+K9A4m3;065h%e?#_)@-% zFXvD36?`RM#aHt+d@Wzc*YgehX}*zf;+y#vzLjs|+xatm2j9u-c>~|Yck^fYbNqSU z$oKFU_>24{{xaXoU*WIv*ZAxF4gMy7i@(j^;qUVI`1||={vrQ}f6PDOpYqT6=lr;k zg(2fZz7AO&@_opUA-{#p4OtelC}eiXh7h|Dvk;pQix966zmU3^D-mH4;SsSBs)+aq zI^tl&{)nRyDG|paG9z5#J>vu7cgM%XgYn7nRq?s;h4HoV7vme_FU9x9-;W=g@GAaV zd|&*%_-_)%B#cNHmoO+{PQtW=c?nAr+!7)a_6GOHW`tygoDKaX_S4u=v7g6&9XmdD zQtaf|DX~*yzm1(4J2-Z3?6TOEu^VEy#(Kv3$3h8VTr3B1FZh@IEB-a#$G_qG3GWE+ z3hxQ;3m*vmg%5=R!a!k=FjyEO3>7{Sh6x`F!-Y?T5yGd!NMV%lnJ`)yBa9Ws37-pJ z2ww_c3117}2;+qb!bD+`Fj<%)d@D>9z7wVi(}nMa8Nv_3kHSo0mM~kGBg_@%3G;=Y zgayLS!Y{%?;a6di@SCt$SRyPHmI=#+6~ankm9Sb^BditH3G0Oo!bV|}uvyq5Y!$W% zW`en3A#4|R2$n(uw~tHYP>$jRPUI9$!zFRaoQ^xlZBUu1yj8xc7*&KSN)@R}Q6;MO zs*b8;)gjdZ)nOH>N>$~kDpc93Mpc?BUzM&pp{i9isj^hpRrgg7RJT;)cczjGGYmOWc=nlj3H?jg4Crw>oZ4+|0PCar5JTiv#1v z$L)@bj*E> z@`M7RNGKLcgi}I=P$g6gHA1aWC!7`ZDHwzHwd`Em&d|&)P z>@QZu#m6CW$Ku#HDDFsHZ`{$i?6}Oh`na~ZqPUj0(zv>~?zkIqJ#ly9M#Yba?~5B0 zKQ8{8_yzF`-Tz8^UM1*R2(Ue5&1=YW^t>yO*9uR#O>k^ z(NeS$twkHrR0q=nCg71U3faUSufaAdl;P>DU;J4s3@F(yW za5gvxTm&u$*MRH5O`sKM4|;&n@ko4pyguF-ZcVZsKJc|n5 zeQ@{j-K(O-=#xs85|{`lQi*tCdZK%xPvWY5Yxb?hH{%=eO}GmlCGHlZMU%<02#BBv ziLi)>Dltxs7Zb!i;$Cr|m?)}6RK!GFBt%lAL|SA-R^&up6hu*!L|IfsjksS-5|hOP zqE^(22gO5TikK=M7LSNW#be@e@r0Nrri&S3rkEvWi#cMhcv8$0^Th(OP%ILQ#S*bp zEECJcQ(}c!DOQQqVvSfU)`|6EgLqnO6r03mu|;eZ+r)P9jMyP|ih9u?c8T4h6Yhxb z!aZ?6d^aAA2jD??IKB@@a12kxaXcA6fFH(>;m7e4cs8De=i}!4qLq`0HxoZlTdF

      *O#i38QI6F*gdq5eue zT|GlRLH&dJXZ2$B0`*+=uj-lVHR>hmrRpu}t?ISvUFr~Zl-f@nq(;=Jno?tGNv){E z_JRBM>_hf(`>1`QYe&NQgsz0M31`J~;(5_1_J|k6i{d5mve+wL5wD8Z#OvY>@uql7 zye-}l?~3=t`{D!fq4-FAEItvRiqFL7;tTPm_)2^&_K9!Ae$qSAyV85o`_czef9XSM zfHY7VBn_5^NJFKMq+!y>(s1b$X@vBtG*TKReI|{T#zNJ^rJLWnkCJa=16m;dD498CuxE7v-FG9n{YGX zZo;BHllN|8uQLysyG(!f9d-aajQxoHj{TnfkzK^bY9I}wQEB2d@tOq99?d>YpE6i8 zRFlUPGDS=y)5?^D_AqMVI8j3^B6pH?BuXx#yr>unln_ZJ#YyqfgowS8TEZk;A|y(p zB|#D;Mbb$7r6eg?Iw0w!gVG@>MM{;9NXMk(Qks-5Wk{J)mXs~!NV!tJR3H^fMN)-S zDOE|;Qk_&UEtGzh7D>NJi=`#fQfZmATv{QmlvYWrr8Ux8X`QrQ+8}L|Hc6YMEz(wL zn`9=LOBT|0X@_JfSxMHCjbtm?N%oS17I07dLTWN9!Za-C(={tne<$GA-$AdNw1|o>5bG+en);+eoua1{y^?8 ze<%--2g-xw!SWD!sQi&UO#WCNE`K7AkUy12%A@4Z*ovZL%IJIgMztL!Gb%O0|)yi@j)y=5QSSN4;4$^LSH z94H6L!E%TkDu>D8a)cZyN6EY8XgNlXl>yU(I*<&@h^&(1=z53T(HSu5-0gYqFcMNX9u%SYs+@-g|i zd_qo>)8z~~Q_hmJP1aa*13jm&xVwDY-(fl&j=wxkj#)>*RX5 zK|U=v%1v^!+#9tb9&BFB|0^`GR~=z9e6kd*v(gRr#8H zUA`gTlyAwmO zzhwNL^1kwc(qH*d8K4YQ1}TG;A<9tYBW0NKu`*owL>Zxcs*F@dDW55$l`+a#Wt{T4 z@`duHGEteL%us$*<|w}?3zfyn24%CdRoSMPDHe*QVyoCI4vM4Vq_`@+ik}jo1S!Ev zh!U!VDd9?l5~)NfyOmf4P#^_X5JjaVD0`HBN}{4xPz6(Pg;HpRQCNjjctub|MN$-H zzmlXRD+d&KmqcvkS<20XZzR-NB`AYMRW`bs-W|C&IW{T!p%~Z{InrWKvH8V6nYG!KwvWxzB zty!AcnmL-ent7U^G(T$=YJSr!)-2I1)hyGj(5%#~(yZ33(X7?1)2!EQ&}`If(rndi z)0k<@H5QufnjIQTjg`h)W23Rv*lFxF4jM;|lg3%&qH)!@Y1}m)8c)qmjhDt-D_ z_-S@&{51iZKuwS)SQDZN)r4unH4&OfO_XN0CRzh%Kuw}XtwA-I2GE~CU-+%tcQ~WO(4|y^4#YZoOy%_#t#EVZ~jDGRe zi?3gN^J2n_i7%$S`1Zxr7r>1F84J${oU>|9{EWS(b7k(>c^}Q&H-nwwyI}N!e*Kyj z7#9To+-z#~>$mY2--SI35B+}C;TaZ-?Ux*%F@IU+jGP&{roQxLN0$}MIJc~0x#P<9 zEBp1Euxje6s8xxp>SnB36R~FZ8gLD?23ez8qgf-a$z7AP=1(&oSg%>Xe|^&W(Dljd zM{M|X!^jPzHhi{W^oB7Tj&JzW`2YUe-1nzGv)}*r>$m;);|>#{{(q0`*U#?X?EOom z*YD%L{}Sc@=jg!STS0xn|I!ow=aIi$`0{@u;ds6qN?n_NfRi~n< zSSp@Mq>`yrDxLbT*Ciz-Cml#iN$S@xHOV!VNzF>iPRdEjO*)yBmz1AWkW`#hl0>HT zC1oUKCKV)ZL_vT+p2BTwrkI5JG7lzz1E=Z z(spalYR_rUYmM3-?FH>c?IrDHZLju<_Nw-p_PX|l_NMlh_O|wp_OAAx_P+Lk_M!H# zYj8|;N_9(h|DXBml641kTAfaJPC$x>x=dY`E?bwQ z%hjFK<>~Tu1-e3Ak*-)*qAS&v>B@DdbQQWvU6rm{SEH-d)#>VW4Z731MqQJxS=XX# z)wSu`b!T)Px=x*5XV7)&x^-uD=XB?FMqQ8Yg6^X3lJ2suS9e8sRd-EyU3WuwQ+G>u zTX#oyS9ec$U-v-wQ1?jpSocKtmns}mol{-@YNaYus#2;`YEo)b>Qd@c8d6TDG^RAA zG^ezrw5GJBw5Oa&=}75J(We+vx>CAR&ZeA8IiF%o=}Ebeaxvvn%H@>alq)G$Q?8|4 z|9w~dbBpHX8%US|H&Qx2(cD_ zr~iD-|4#G%5j1_9TM=(6?m(_TLs=K@c%;rzqj9Y|375^2fpX7w>#n=cy->U_Ev$vRv_TN&HFX%&y|M$ zx%Jmt{NJ8M{GI0gzs>9I^?xq~BHym~-%HxJ^ZtV=u={V`>rsDm3cOX|tpaZq_*)fV{)<0<$v&!&?qmCi|KfT7)_VS5 z#c_RnpU@}vNqusk@=sptf1Re9KY&sNtw}kH0b|t?U@5Q+cyPM*%} zw&j3U|1fg}kkZ*&eMnzgw-UHl{W3kfwLR-dPDy>LewE4ldJS+mXDv`v*3_~N(A6H( zuLqu-EN(e_skvhVuo1YBy9qd+wHYv!Z2=1PTY+n*wb_RopLT2mo|GDjPw346bHD$6Vvwps$mJGvSVoq3#pFt?-B3dpN!t*oxL2HNv%fcnhVR$IUhDA89I zKd8!RO>4T^WN-4^b_AS&>vhh63s98*D+a4w#?w!Dc^44-M;ChX>$&cF?@B?<4 z9J&L5K$BZ{FmSXw1PBGffN&rJh%|Y2*O%=EuC+Zs6AhHt_2ne#yV{sfY(|H>DP9PnVS? z0DFMFKxg%R!#?1VArVjmD1ZU=HP`hxKma7r)tXUPS942$LtmwTQgpiNUM2JFb=VWaY4+ww=bQ$jH4_8aT9lZ>^$huS3-l_l^ z;I@80P~Cc0UwtYGNCpl7Pg=Bqq2qyG2RzpI6?PXM1P%cyKx0iRa4z>SP@a1Pcvy85 zI0hUCP5@~@I*kPDmy@_??6%C@@&7Ygp{^ML{& zsWz?gNLC^6P+tVp*FMpAmOs@O10_Iu<8yr}PzIC($1_UvP5}oD6~OhhO5jRa6>zJz z8mO$V0jlb?hFYKws5g0{p9ZdFHv&z-k?dxm1!x7@fOg;vP|$cfJE`+gXIonb(A&@n zH0JApWW!lQPupw#z1*jrefk&rB*Uc&1JDKJv^~(YBbL*0Ggu;Br4$nYnsdYa)e@B~QDc?vuOo&%|QFM!h4m%uBawCOd_2b7mD1}lng zo$1M_slHiq%&-JJVOR>@XuOlZ%;b%@0$d5M0z0Z#n_LptntT%1gB!q&Cbz`R;HC5} z;8t)OXvn&qlVvai%|Q!rJD60m1GF@GDV{epR`->jG+2W+pe<-;@>cAuf1T?9W*Z#A zT*HC%3vGD@C$O^F8O$-bfUaP=!41qXq?TnG+)XZw4-3yXr=Ii#FBR_uiws_%H|PWU zg82qNFf(lz=nn>f<%U2o2n+^8z)&y@3zlqvfV@L)Mn3%1G!a9QvJO~~F3k@k? zz2Qhzs)^`&1Uw2J18WV(!4oF(YdZL(GXp$uI@82^%?5K!1lW^c9+(d%6%~MmV3COq zTLPAX4TdtX96V)W!B&D*V6}-CTMHIeW}mM6ofdoAaN5L(tv2W~`%0R?X0XLXhs{3O z2DXE*O3#2DV5f-{`z*}>c7fgCS@0Zq9yEeICZg;`6La=5*b80(uY%XW>);LWCU^_H z4L-@b12!7&f=!0xtY*VK@IGkFdH_BIAAyg-Ctz9HQ}7x19DD)31Yd!#!4^YyZ6CN8 zS^_OK5oVV|E1;Do*6eC%4YU?o2d#%TKpRc;+07;{?fs^$&^E{nGKVan?NF;>2V@CZ zL6v2H;?>%kD7E$`GOZ)z1UW-4CNgb@;dreZwTfr zB0p#s8}jEnNNyuKu=22TQ8U1 zgl<8%q0F24t;ZtIcx!UbJuuN_Lp2y#?KRy%lT?H#8qFuz_u1JGl5}bJ^pv2kmE0W@XvKk24)$N4U7w33i5E z;O0tK*bR1v4V5oTJ>Yxkp0GjRn70!y%Jzc2;V!)o>^i6+8u`biYV;5#RAn1D%`f@zpB zafLaUhXweeUWDt5B>1xal3s=tSOf1jk%wPZCc_6{Ev$nN!iV4#xL2PFABL~!kHAOa zWAJhK1e^w^!w1VU;Ix`sX$SM#3hy@-b+?senux{Oa1MMT=S9cSN<&d`cS(0He9}ZR zepZ@Xe7ZCrE`SS7l;dI(J_sD^9cTDZKe4!(4%9zN32 zVB#V-!cA~_cQbsZv;}T8@sUq;x5McrXW$OF6V}59xC<_<=!Vb2=iu{jSGCbZPQCzN zG%=Geo5;ym;H&U8_&QwCeFMG;--2($ci_A5J@`I+&Cpr<0DcHRg0u4OHP*C0hM&Ms z;b-uxwAQTWu%Y<{{L(}yehptY^uhJ#ZyFXOOOU0=G9*oZq98qeIntTgs9%AsL|WQc znJC7YMR!ZqAO%fpk#$J3em$}Q*@)EVZbCLATaXt0R%9DuhL|H3$aZ80Vu@HG)`+g^ zS#?pX4PuM5>MvK=A;;_NkweuE$U(g$^1AkF}@;8?ROl9qnCv!v4v z(Pcj>Z>n%Nag$RsJdxatok(wbhOzKWO3BgkGy3#$FQi@H-sp|=bon5qjlPH zDyi*2<1QqtFsr7e+#k7JoYNeDT<8i!f{rF*?GwV>wb`JcU#s_j7C0I&#``E0Lr5uN&G+((4~p zRUs)ImBwo1Vq<1z4N{A|YRt~6L#i9^<<}z@8XJ(JmeWWhQfh2Mnvq9YEl6EvD{|#z zfw2u~N6sJ}NM%JQQfMqP78?sHON`~l^!8ImJ(6FoZ!{oXNVkcNeGbuAoJZ=6Mx@Eu zgPiTSfLuf_A(xR}CTDvelefK}>b|k6;em0N%3pQc7@!JN1*w8nA*xW-bz_(++~j;8sk&*5 zQr$J)GZq!>Rz<5G8e>&}>X8vt9VmcQ-E}FAhk6cY!m5Kkh)Si3QziAps}fXuOiuZI z#(gTo=~u=?)eECq)m&21iK-fEF%_cR4G0CRY|I3lh=Mtu2!W}B~|6rW|TfQ9yIyy7gwgJD)i5dPbyMPPW(qquKdST z$5jVm3$^IWC z-341J?bopJueQ6pySuyhK6c&01k5nqGsZSZMJ%uZ6BI=(6lnpmJCB#=|9*^XU2C1c zT)n?0Z)Ku3uQFVh>-X1&9eMS64S6P8UAQr?DbL#5VQ+Z?sIlH~#ws32BI_-luA%UO4S=~2%lD+$>{?FVSo6X>bzsYdMgRS#4TRgYAURZmn;RnJt^dYO+syWR;@IS7pKlszOzf>Yu7uRg%*c%2fKCNnp(B1m>K! zP_A0S!pq?`)w*g!wW-=tZL4-v zyVSeYd(?Z?`_%i@2h<1Eht!AFtKlQ+qv{s#G4*lv3H86Olj>9I)9N$o(Sf1hNbszB zI5=51790-_SDjOzSC0lSs4uE7sV}RqsDr`$%8B4r^)>aHW}Jlu(|1z`m_3rIvGp^ zzpB6GOq3t$pXxfBvALi%8jJ^j<%Ec48QZ#wv&I!~?2IR=1wym=uAsv$M3)~K~= zM2)JW)jBn%#?^#+G1wohtuqW{gQU8zX)Z{q`+~GOS;eTQf{7+p&8d0yOi)nI2Sv4{ zmeuP)MV+5hSPIoe>VN8Db&0xEonKd2UZ&Qo4Qiv>q&BN9>iO1kb%naUayDpHSE|>7 zHg$j7Qm{&0tzHhU23LYL>RRkeX15JJ)sV(BkGc|XwHp^=j52;v81|etf*o#r^k4z(&~(Q zN}W|ttIL~a)U!EFW?sFZp6FXtFR7Q+E9%zjRrQ*BUA>{+RBx%bbKcCZoG-Hn*bD3f z_5-D32Y`dXA>c4@1UL#D12(!Br;Y>%Pv95u8~6kK1-d%xT>k-i zfC^9p0MO8G9s>agfPs~Pq)!8A0R%t+9e@EiKmZ0;pqd0IfCd|*(fdFBv8k)G!v|Cj^#SXh{eT~6 zZyEpsz?yv!7y|11hk=ot))35j4dXetVFIv6!$7eu0z`q@iWm?F5iXw^dB9P(04xGaz%o!5t%oIs1YSsYj z@Km3}z7CXhZ2+4XujEmR-e2afdZ2M>VBwjS3^ z%|URi<`8%o+-eFB9RZiyj)KR)`ihQFMZ=J%D|8&}44nW^f~UaK;2AJmbru}&JO`c! zTgxwi7r{&5W$+4k6}$#s2XBBk!CT;M@D6Bp8{Bt6kLwG*@G?gU{`f_{af%IxZRhZd=JhzKY$;> zPvB>;DES5a3Vs8>gFCtS;*j?T_!DfY*-C6D3X{LU-{82bH2DYo3zj7R1M@%?s0INL z1f5O@47I_a2Gl3DAOfPG4#YqlB)}RM2~r>p79{Jt7?1@ykOyN8&bs1cz-Q?ZKoKlU zmM0~!xL*eK4W^_5=7R-bAy@=jlK;TI=3=k}^z@g4WuP7`sW*T|&;*)63s??TfL5>) zw1HJ%HCU0X0ayBK!8*_mb`Lqg9dA7t@)oxmlE!3HgE?85YycZUYqAM!23x>ZusZ1k zYm+X}4Yq;p;H;|y>;${O4p%qm0W*!WonEj9tV#BQbJaeu59|lyPCqyR2EajZ2pk4S zz_j0%90jYAL9n1>3>*hT-~<>38?WE@O@NpKQOf$p|6m;vX#j^q@W1*gFo za2A{c=fMSV5nKZ6lgr==xC*X;X~#Oa0d9g@;5N7e?t&VVyP-YMUT7a=Pws~fKsC(= zp+nGN=m>NaItCqwPCzH2B7akIsneM}1)YXm$urPd=p1w&TJc?gE<%@}%g`0*Ds&CH z4&8umLbssX&>iS5bPu`@J%AoU4bDftUq=PUBhX|;uo`fjK-%CRb#6ldzLmf#0>P(7IPf~(>Nf}b0e5fy302M+- zPZikOlH4%b^O$3ROZjs0ylvYM@%E4zfcI zs2*y78lfhr8ES!AAt&U5+)x|TpKOOZpiZa@>V`a!7wUm}As^HS^+N+mf6@;PKmlkF z8iIzQ5oi<&LSxW46oMw8Fcg8JPz;Jg2`C9oLMbQ>WuPf23k8zX(AvlhGz$$T=b(9L z0a}EXpk-(UT7`y^YtTBh0c}EC&^ELK?Sgm1d*HqBK6pQT06qx&hsKkK;81d?$v1Eq z9vn*AX1hm|&f%V+0^bq1*Lf5^22Ug#>s#xB$&$X~@CmrU-rIT-HVmJFPs3;6sjivC zS$HgY4qmP~4_|;U!k6G=$7T2myzIIPUxTfQ9oKbutGhB`4BUWc{KH+=@|$o^cgA}Q zz71#Wci_A5J-8}yAGRePz@tMWb;-ff>N#(Be{n@s*F!i}x!CD#+Vu5zRVP{iz(WHs;a706eX?(>x4-^1T$32@cmuzM-@(&OD;1&c_wWbUUH=hw z)o=8VImenl!JpwT@K@MT`wjjM|A1SaKVh@IVBlBI+xY|k&51jCunJbg032$!xUyCd z?yG}f7^6n<8Xa~fEyDeOu=-{>0x0G=HW@(Ky_<(d0%~%0E_TQ zmjp*^WLSaYo%yh#p#Uy~8++!4ir{~6F~D0!E_kbb%9Cvv?{ULzu)V9LEt{zKwZk27CtMfk zg1cc4Je}~uJ#a7VgO|Gc;AXG8wI7~M_+eM;Tw(wYz=QA*JPeP(qwre7>kYyUon!Dg z9D*m{FdTuS@JN4YBnHRf1e}Dk{z*8~J>Qms({Ki!g0rwOG7Znbvv5hIEHVer!}^FN zvH&l_)7B-}5E-pCMa+@%h`p*JvJ9`ltMD4U4p&BMBOCB0yajK=J8*yBE=_f$Dl*lw zTeC;AS5p(&r)eJ8udzlBXzY>d@`L{~n~!L0k)xXRrem7A$Z^dHjU#eWb4qhsb4GJk zb57G3Ij^~(xv066Q=PA9>LXV**EH8PH#9djw>0j-+nPI?yPA8N`;_c zA<`7_wm#8JRX^3N`Jd%fEN}Y@%}Y(9=9T8P=8fj9=AGuf=7Z*==9A{LW~cFs=BwtL z=DX&H=BK7P(h~Wl`K@V>OjiEM$y)zu@-!-qT9a-AG@u63z#5GvWYcO|`w$J9Q@1cp zM+DFLTWt|iLuqIYqhU4f2&ZvIS|hxsxkAv08c9rP`=rsn7C(;!$YD^ll#-b_DNnTb>rDkK+rm52SBmI%;_G(RyrdCszv#cCB(W*hy zn3JuVHJy~WFXD~(G<}-hNWaFf z8PEhYfyiLa!y49%ufW=u1lld&c=VNFC6)eJ^rIT0(NNopoFDNS0F$!S_y&9r7l zGpm`?%xe}ji<%|PvS#Ifg4R%EU9*uhw1y*Fnr+RFX4n6$ti9TO+Wp!C+Jo9dIX&x$ z_Nexl_PF+h_N4aI{~WEe+H>0T+R?}b?M3aSoYZwidsTZ)dtG}&dsBN$ds}-)8;so5 z-qYUKKF~hYKFUd6`8`jxPqojq&$Tad`qnG$Ywa8D+nmDnKId_bPkz*v+QtVzX+LYN zeb&k^+OOK8y2YW+_E4j_?wfX~=ezcYcE;Kp{He9q_w{#ld&_@me`{xZ|7ic_9IrgB zN*f!QZcu9hZGVNYtKJG~OS%m;khZuB)@rm`ZDB8xlfKr%U4hN8PK#+b!Y%Gi53a3f zSr5ksEmqfHu!_)N|Fp&0 z5^a8@u(DKJrri$jge#nStwC$lnzZ9iv$i0zUSrXgYb&%?ZKc+x?R8XXtF<-ST5X-y zu61Y&BMw)+wn5vdZPGStiy|%BR_(utQ|rfRyS z{qK=~wNv&F$VX(f@)PnI`GSm9xdUI3Z^(D#2QujF@6C7oL>3bZiC@TXWGV3niF^Md z%N_qAd58*8BLD&-5MrrnYKM`Pga*+f2vVL!5gmddI6@#KLLoH5AS}WmJR%?>A|c6y zjHK%-suZNYHIRIfNHJ1^WFkGjQpD^nLlS*@#DH{Jrz(udLdCS( zgqRU$pxkdk#v61nTU+p!x5{a zvo#X2BMzh<$@&_Q25%$MghV6Fh_kBQ9gDOetw=oLL|lj)X+zfi?MMgGiF6^|hzChT zyojl<2kAwUk%Ar{(uedTeq;a%Ad`_nq_t`Y8Ae8sQ6v=!ID*I+GLD3h3B=_KM~5ro z{b3}6M50k7hIH0@I^swyx|7|`S|$=m5}8Dz(Z<0oZ?Q9lq>&8bj7=d~q+hqU|Wkp(0h%{DC})6qn930X#(D_4+JWDS{dts@)AOmq|3LY%&BWW}D2hH5Gu zMo)KlJerJVqEpcwWEZ*{U5)NR_o7SD<$=ZMK6F27avwl90p}DoIvYKVE<`OY z_1#C%qiBBBdh{5296f1*h9bS-)V{WrZ6?d!UU-a>DqchI}&J@h_W)$#!KIUb^q(7~q1Xw3cu zeTwFHKSQ6RFVN!Y!s(ajE3{zxHTnj9i@rk#9VOFCzW3+{v}ihHU#-rMS*zzgC3PRs zg5Lc0Pv~c~zv&D56`imChHgYRqubG~Xuwqv`;NBwf1p3nUua3p)&3j(gZ@STLyLOz zP!(DhtFfz500mJ9EseqGs6&Gm#M@=zHg@9UPA}XOW+FGxm`KU40R8@c$qDAOGv=}WxOVKhk-CiEk zqXyK7>KkXhCe(~t&~mf_U36H{O4Np?JXL5lYKhgL6|q{hq}Lp)L(6)`9d^`#)}sw* zBRW-;XzaIoE1S@|3PY^VYOI>5OI0_cE$CElO{^95IGm^pZSUyvxzRSX9qm9n(c0Kd zWf$6wdQdM~Hr<16_~ZUw)Q9$=`sun@w7(zqqXTFF9Ym{QL+CI%f{vmge-Ir*$I%e# ztF4SppkcH+Hc=BnZLxypC>lfKs6CcIljtOxLepplokFwdG&+OMqI2jxx_~aCOXxDX zg07;q18e9yx`A$@Tj(~rgYMFG*mmn2u{}DsW3O(tbDwU%F41{FcTjgo*Wfy=JEA+P zJElASKk3sjeM)y)cSd(sx7~V9cV2fvcTpE~n42!?F6*x7uIjGouIp~-ntE>PZskPH zJG%PVU0rq4J>7lX1KmU2qnxn$ME6wpO!r*(B4=&B(!I`En{RX4=6l@--E752-6!4Z zz-QeT-B;bWoW$7}`=R@(`=$G>`=k4t(>U{VrfHQcH=af zb2=Mhm=4zwI#NgJXdRl{xXVN>{C`(bekebatIXSFdZ(HR_sl&AJv{ zrMp$<)VXwSU7N05*P-jwb?Lfw9-UX$qwCeR#(cUyUBAw+8_)%GgSsKzu+BO*q8rr( zbz{15T}W3xJ)z6ghIQGVlFX!Uy=$)tbt}46 z-I{J)m&_)zO*QM?(TWY-WOh@xrQ6nZbf&WD?2c}*%NKH6HwJcLyRq)J_VNXrzhe)! z7u$#Vy!){OSZ&im>=1SsJAxg>j$y~KVABcgBv#aJ8$5-THTQ)|J7@cf+>_yE?^t(i`XS>vHCLBAMjPy*I&V|V%IQJ<#p@^b`!gW%{TUy-^T7> zcd>ieee3}?*dOcqH}nvz_EuNdH3b8Yu#(y#_hak{_7v+6jWh*Xo7;~!ZzI{p4ZqL>@D^VE2(&oeZW3qgH@lf&)65N)b$nfhwOdn%5T_$^E>tfTdnzt zEe#e{%~@@(w9C{y5c-9s%3bbo%Wo`D_Xitm9QO8<|HXQ}gCSpI<4_>v3yhclhvi{W zmkLv3g{^b-09NI%YtDBUTjvKr48lsAon1qrtpJRb*J&_QM_IQP8woWuAsCA3FbuP` zl?;`4IbAq5SlM4kU?fIiG*&yfm9dpG7>jWjk0qM~OvIKv5+-8`mXD2k3$Q}02x}Vb zY5j-w^b~l^KEKOaH5^(F)YSVO#aIbeR9=c%-C0{1rpFA}e87mAu|1!l!6 zvC&Ym*M?PLS#LE~gVkbnSh8m)Kqn29?Xj^yL+%?s2B5LeON3s-q?@%v5C+C z7QhCvA*{wW-Y|@fVByfTYZMD&W7s&>)*HgYRTEeki(pYKR6W|YRFw$Du(m)Pi-f$M zowfw#b|fu8etiR}V@ z5x<0A#;@RprpCsr_%*!0;W~Z;zlq<%)1lkAdEgEn3f;vsp?mm!`~m(DZ)$#oXG4qD zbZtrNyt8g_A;2>^KKsbzRaBWV* zwfIn6hfi5CJbwzumqG+i;<3)f&}eyn|7rz=TRb$*;4IGJJTBlOJ{OYkqHY;i@O)e! zD8LKxBK#j-jBkcY@KU@C*W(7KfY|5?+vC~g>v z;c+~HC-JOn5-*r2oJisSCenDNJ%dl-S-f~+8V@zk;Ip{1a}J-!7w|=V317xn@DXdW zeHAa6Si{HK*YOQ}6W_v1Ckm#v@f~~@v76XK_`CNK`-uI7e&PU8HgS+>u^u806Gw=n z#4+MHae_EWoFYyWXNa@JIpREVfw)LqA}$kGh^xdk;yQ7IxJle1y4<&kJH%b$9&w*| zKs+QK5r&D!#1rBv@r-y*ydYi@uZXdM*Tfs*E%AYs zP5>itf*?qOBD(5mf+0$L-X)gc2wxRX2*i?8Bsv-;LM9ZVW~!k)pC}+a4TXfYrHB}; zD6RZQ6cZ&xe{Df$DN#lYSL+D_VI)jM?Ub$2Ojw9=V!Nw?aJE~C%|In#BNl6_h-#vS zs3qzMJK-Sei3XyPXd;@47NV7K60RN>;U?M$LtwF@o#-GsiOTFmc^6TY?It{gm#C@k zA$nVSiH+q7pO5Gx5`lig-{U6+h}ni{Wq>f$4ieRYA);Y=nCPt@A?mtYeWOH>7$e4s z5HUf7i3rh96D49qb+)W4P9%sVG2osg>aw+2XKPJ1MWl%gF-2_q?Aa{g$R>uSi5a3k zJ4?(F^F%{7+qOU~5=+D~u|lj8Ys5Mc>e(PV>NklkBG6G*)!A4-I61IQ>=5R@d0%a& zE@RJB*>{n<$vxy=vZ8CbX&mp5jPk;ln@%_qo{B{73d=@<p6tsAq)0aQN~BCGWIoxSDIg2UBJv+O(^X8Ckfmf9X>nJT>q!G? zBu%859LQM6aq)z-fovq3$Y!#IEURcGourF& zlM{(HvYqT8JIO$%i|i&nq?ha=dr2SJNA{C`a)1nwgX9o7OpcJFWRM&q$H@>mL59f) z86{)nY*(Bd%napD1`=eFoFr3Zn#_<>WR@JxOp`O@NM@FtBj?Ela*F zR_zM8O15U!$T90Wxj}BVZjx&QNzcsC7P(FCkh`ee)E;Ut)jHtwJEs=i`>36o{nPQXP+iSOsbkb}YSVjyvQ(a=M%zwNr>Qg4S?U~hp4ytaKsCB9QnsEl zS7XKYz$I$A>oS!cyh2^2{B7~-Yt(h>26dC#aNMG9Q(@m7>Mm8$d5`iBly=;w9#Gx2 z52?mfediK9@CNdrH-(o>9-Kj=&4*CH0DWO}(Mq)o-bW)LPeA?Xu?` z^`81b*_uC6pQxF>rc`U{Gxde4w|}Kf6=MzGsD_L)^_^-<{h+#2KdE2TZ|V=_N&Tfd zyA$RAQHJ_FN=4PxsVRVJNrBX=7oxgSFr}fi6hf`^pp=fnD4d!O5Y%9cD@9V(PKw&B zD<14f(G)|mRJbcSz){U9o^q$!Qvy}j9;*?l&Xh!rH}$7vN}+~Q`BWe^R^MA6OchXt zR1x)$DyB-PQmTv!rS#NjYNNtH87UKGrYuxBRY6&)O3FqJmsh$xwb8c5jz~upRZZ1U zy{UoJV5*jyuNzJ+57kkdE;}`ra^&p!w6%e1q?)L{R5R5=P1mMp8XgFXf~9sG>kWm8oz9dQ!erd9^>~r^ZvY%>&eG zSAZ(*9;Ak-v9{&rVQPdLrGnHLl}?RQA!>pu^o6Mi6{TWSoJvqhY9W;woTO4zn#xd9 zRF;~i!l_7VhMJ}3sP(>X`+Ds>wLs0+4h+nu7O9z3HZ@n*?@6YLdls6OsM_-R)Ld$r zY93ml;;B`t%v;#GM%6lk4VlzBwLxuCThunSL+zq>(|hQ>bTk!9B~n#YlPP!mRBAd^ z-e4ZuN3W&!(+B8-^db5%eS|(rAETF3$LVtKO6mlCl0HSBrq9r4>2vgX`T}ilxk#r{ zm*^VjT=`}C3VoHnMqj6I&^PH@^it|JeTTkFucq$N_vr_8VckRe5&f8cLO-RS(a-4@ z^h^2`-QW3|enY>ddz|5(Wb-@vJ^g|HNH2DOqQ^Z|zR&a*I@0x(UQB(XztcbHpY$*K zH~okHn-lHx=xn`;UQelMfCg!ZhG`8Qa%$;B8$z$vq5l)_aeAqoph(`9k1nQ5=u*0jHg)Rhf^@XmKpSZj?QAmB7P_3? zNe$Ii(3>eMT}j*MD!M3LP1n%1bWeXBZKoY{J>5VTrWVTC*4JN(;j*&wVm?PJ#;UfpZ3vxbU*E<2j~DjNDtA2-eG!#HujIwL3)g~ zrpM_JJwb=*vUG%w(lJ_Zi_;EUf=<$g^dz04({zTOqO7B|gdYd+;W6e9XKD~?C&D5p$FngKW^gd=kbAUO>nA3-t!^}qN z2y>JvO&?>9Gbfmn%qhm$RFSr)Pcvtjf30VkbIf_hlD@#WYcDdU^d)A@Z%bFDYtomQ zE6i1%r#9+Gt&Y`FujbA zX$kZ(g|2?a&kQgDW{??ThSS4L#6H4|GC^jH=}eC^h5isT!GxKCbcBgAF(%F=m?SgF z45fYP6q9B$%oLMldehU)4Aas+%gizJ%mTB>EHTT>3e%rnW!9K=W`o&ewwP^ZB;8TD z!}!y?*xl?Nb}ze+o$KAt9$*i$-t-~%FnfeO${u5nvnSY->?!s%dxl-DJjQ!d_)Z)7RMR>Ojv5(m&Y#{xV9ZLt( z&)Dbe3-%@ZiVdY-vv1h9>^t^7`+@z)eq#I5pV=?$SN0qGo&CZ7WPh>a>EG-`y36^8 z{mcHx=CLYP%>pdQLM+T`SS^dND63;J7H0{TWGR+r8J1-^mS+W4WF=N+6*iwOU<=tI z_8(i!mawI48LMXvtdTXbX4b-%vlXnBtz>O%6+##avaBV0w;13XUW#Nd#Yt_v0vfx zxdN_`E8_lf#oSC)2{+=X$d+=vE$HLXR%DE~!&6Q4hI4{@36;JhYKCX}J=lt9N7vRdK3{(24L2if}=0>Rj?4F&1{d4sxdm>K3y;JcOPt*v zjV*I4+$y)mt#gLn4Q`X$;=-}^&TX#FzQgU}ck{NsNG#J~sWUYUR|b3b@O$}Y&pv)X ze}GTL(y=A)LH-bbm_NcFyY&kKOHM}m|Tzfx!7pq6aFc`8C#C|?a%n<{0sgi@2m0p zU-3PI{y<9mo|Ha#De)E6$0{35jB{uFZwQjZj$A?{cyoxUvQuC4K^%%f|{6=g$R_0lZ zL42bh=A9L`>G{|~OvA6m>^^7P;=oQ!%OiZa0p)dkNgU&GzBo?sBv0{+eT8wFFN-rg z%X9o{2hR(<$Vg*0_Z?#mo5$-pc34EBP76xVNCa({1Cc_|=wbz9?S9SGF4)8XEq^Yx(w} zsI`ta#GUn)xSgMJl*dcm6>$e&&o}Umd@NAd)WqB4&3sL~g?GeTc_-fxckyn1u&s@6 z=iBVv%^iFv-^J(G+Tz{3hxhV5eEvW$@8b*YI}Lq&Kkw)3;{$wvALNJlVZO;b!jJOn zt{^|gZ}uiT$N3Q7yeIDJo91VDd;csy$D8c)`~p8S-O{JYTA^h5Y5{1STnzlE&xkMLLcPskHgf?5CsQ0QFFr0L;vr$IBNm?!!os908jlE(cvOf9abc@66;B9B zVNys5k*c(i5vBysP*#{0W`tyXRxmo|g#Mvk&)U?y5RWeii^59XlCUhS2;RYw_*i_S zH56YJx?5e%zScEixx(sM7dC`VVN2K+c7$ExZgG#eSL~_UC+-&yhzG^l_#yGIctkuZ z9utp?C&ZJYrR|h>T0A30+RlpS#O3&T@q&0!yd+*0%UZ99SH){$wt2j7CVpMKA>I^k ziMPc&;$88ccwc-Vnq3dYN8)2~I{rj_Dn1jRi!1S^_)hB!aXkJ~oQuB_ce-ASuD~1d ztvDZlC%zXyh#$pI;%D)TxY74j{3d=Ee~3TDU*d0ZDxQu15&w$+i3{;O(a@t3)gmB* zA|%41M%0Rkh>G2AorsCJm>bWD_Eu7)L|V+m8Ict^v8#m_1yK|wQ5F@k+EY=PFBXV} z;%2-^T#Ww{i^URgBVH=a$1TWk|k1MOmm*eQ02-C{w)BYMRiu~+no zePX}p7YD?EI4HWxhs0sAC@~_AiiL@wI3|vZA#p+si$(Pj@n0e;#>BXo5R>Ahn4d_A zX)z;CiCJ-4oDp~8OBJ)?oH#Eoh>PNqxGb)StKyotE|w-X#Ii(jVpH4_x5XWCm$X~j zBkh&;N&BS((m|;tp-&u=4ogR*qtY?yxO74~DV>r|OJ}6B(mCn8bV0f(U6L+KSEQ@b zHR-x^L%J#5l5R_Pq`T5R>Av(pdMG`TM%o@rPo$^PGwHeXLV78^k_-t`;!X>8JEd`YrvD{!0Hzd6G&}OMqlafD$CZk~yJ~v=Snr zl1{=TTp}b=q9j^kBv#@iUJ@ixlB95*EGbfXB3~+y3Z)|HpHwWBNTpJlq?ZhmQ8Gzp zsUl&K%B2d)Dpg80sY5$s0`W^LBgVZQBN$HlEfo93o*dnz` zPN{9kB@GVvt&Lf?)F!n{9a2lCQ|gksB};3y%_DiG9%-nrSMo`HlC82|vUWI{nzMds zK?fL`o_4FTVa%TDw5Kq zl#*Q8(m<>#EwyH=TVjw)RCQ+7NkXKNm`axq*ZB6 zT9-DYO=(NomXdaV^NzGIxJ%wG?~y%yd*yxde))jh*mO{?tO<0sXQPfovd6RC(9v;N zF6%uaAC-^E$K@09N%@qV_MVof+-Kyo@;NzOb6&n6Uz9J&m*p$+Rr#8HUA`gTlso%s z?YHFH@*VlEd{6Go-j^T9UD=0nv!grvNRDRh6(co|UFD#x;cfG=An>t%y%luh#Dpjo!a<#Ku7YC>xW9vvD~gC*^o{QclTf zIU`TWS$SHXk!R)ljyZW=UXT~%C3#t1kyqt4d0lRA*^oEoEqPnsk;k&(zFo?0WskB~ z*{AGR4k!neL&{+#m_4E#RgNjgmDzz4%6Rsqa!NU^oKemy=ajbKdF6s~QMsgCR<0;l zm21j%<%SZ<-c)WWx0O4}UFDu~UwNQBR30ghl_!d^;;HgXd9J)rUMjDY*UB5^t@2KJ zuY6EGDxZ|k$`|FU@=f`!{7`->zm$pWZ{?5jSNTuLQ&fst0TfVylyDYSiib2xvsXKc%FVj54KUm1$*0nUBmj z%|-gFW|cW*Ua6^AP!^RXWm#E_EJRk6E&Hmn6j@W&l?`Q6sj1si`Wm;D9c7n(w|>jD zM?Y?FYuKybr{AwXpg*WTq+gD#Mh@$b=$orsdP}=jB5Q#y|5{`#vK~3AKc?S^WSWob zcOv=G_U04%lloKo)B4TG8U1$Ttp1$-y#9jzqW+TpU-Yv6ivFs8pyitWy8ed#roJ$G zOJ5q@u@*#c>+k6A>b=fZYe}>?dQX2}Ulc8iKF~kZ8={Z&kM&RVoxbV8Ql~NcR6o@F zO#fVOj=s>p)X&;q>0j%^X;V}meWQP?f2V)1H#jN>KIlK{Kj}Z~zv#c}zv;j0f9QYe zf9Zeg|LDu3fA#wZdPI-vb$U#1jpBMjPwFW>t!MPC zp40PsK`-hnqxl|5Z;Q%$MZe3i+px#5*Rap9-*CWi&~V6b*l@&f)KC>YW;kv*VK`|x zW!UkZHk>hZwVpN1`_CDcz2^-V4B^R(hD(OXi*B!g^F47-fGjeCrHjr)xIjR%YejfaefjYo_N?MIF7=IQ2R#^c7hmbu9j z#*@ZV#?!`?$(8Oi#>Vl#)4FS>ZuQ%6n5Ovco4lPz_^bkcOn zblP;rbk=mvbl!BqbkTIlWJp~$Riv(%u9~iyuA6R{ZkleHZkwu7)>LKcj_I!Hp6R~n zf$5>?k?FDNiRr27nd!Odh3Tc~mFcyqCiTYj*7VNw-t@ur(e%mm+4RNq)%4Bu-Sors z)AY;q+w{lu*Yuw$&!jS`O@OI71)3leY|@ytCd7oAbSBKyTZfyBbA-t>N1DppGUZJj zlxf0Cn-~*o;!M0rFo`B_Pen#D$tK0L%WTc;HaE3(+V+_Dn)jLan-7=|nh%*PGl$Jb z%ty_~%#(rR<`d?V=2Pa=<}>EA=5yxt@$+U|=7PB@bJ1L#xn#ag zZ1%a*RZq<38I$9w`I$L1`P^)od0~EOer0}bE~|WFervYQyfeQySIkT{d@z^K)bxBb ze=>hIe=+yEznZ_9zng!Ums)y)l{1UJpXOiY-{wE&zvlnUd1jS)pf%N|HUnnRY^;II zuvuf)nh`T<)|qWHn0cxaHxp*kyy>W#q0F?IF|%gQJT}Rj1+!?bo{`M5+1#L*cUg8@ z_E@6xdoBAc`z@)i1D4MI(Yb?`;M^h0*j!u7Vas%FPva5GQA=p=FVCywp2}WE-_cw7MY9AIc?`G=Pj|hnZO0hMN81r-)ODB zWVvj)VoA+S&c)~Qtye7tgSGyeMq|e{%XLd;?uO;2<(B2PWwq~)#WNVRr|0fk9M$(M z_boQ>1It58aoZ!yW6Kjue#_L{%-mDU^xWKBcJ7&_(J?#s-15Tm((=ku^`vMufux}ufqEe&#YfxVe!Gk;X@b~ zMx&)i4{yWA4<`@*g-;*O9zKQTy7%Gphl>ZS@bcm6;riia_~zkb_+9u-`1axM;Y0ZT zApw<$N_JP!Hi;6gr%T%10HT3Q;szueIFyVSs1F8{)4L6~hQ7x!eR2!-t)q(0ng-BhfZj=Du zgEF8@s9sbbsvi~54xqUBL6nvzru_GH2sMnd03)bT)Vr@^sBzRg)CB7N*GbeADkz&q z&7eMfokh)|=1~i%Mbr{%8MT61MXjMeeqBdxpf*uksBP2^Y8SPK+DEU7@Z~H>fD*7IlX*Ywl4AXqDc}OGH0tlF%M?GCBp#3Q|yb zom^$3D#@wn?~F9G0AS&zymWL1`lUD%orTUuOE@{`Ty!2fA6orz(6wlrA{3}Y*Q4dU1~f!yL^q*dh?~(Z=s=(q-G=@e z2nVQ~b~KLBfer>b(Ou|nbPu{0-G}Z+51i4Cm(a`Tm4C90Z-E%&iT*vXhW;j9N1Ig}=uPw% znrC>{ZKHn&cF?=%J@l`@KKcNCh(1CeqfgMM=ri<>z|X)r`T~84zCvH4Z_u~sJM^Ex zTlzgZ0h5SH!X#rJBrk$ALJH<(kjYKO{0*dG(lHjA0F!~q#AIQzF*%rAOdcj5Q-CSN z6k&=n96|}E6jO$I6C@j71>XkCF%_6fjE@t+R$;0!HJDmV9i|@hU+{I1q-el2V%`P6 zv70c>m=;VcrVZ1M>A-Yix-i|C9!xLheegrD5A)H|j~T#V`GXj~UpEC1Q>ABrJy(4M_rmBT83AUX z7RwFPVe7FCSYeU>7CVQX$1Y&wibd=ab{V^ZUB#|p*RdPeP3#tS8@q#52O=ztMiL+jcd>ieee41D z5PO6@#-3n9)Klyk_8fbG{mQ$YpHV(Z z8ZI681)YJ@1~PG3xNO{`%z@9r=>nR7A&`s9!~MkP)f&r@3kEzDh;A(MoICG#L*MMupHQ^q)&A1jE57&xo!?ok$s195w zt_x=kfJ`s08`p#D#r5H2ynfsOZV(3txQrp(Fm42A35?>#aO1cM+$3%aH;tRY&En>8 z^SA}vB5n!yhP#Yg!Tl551lDltxDDJUZVUGhX~a1LJGfn(fwhO*#|bD0xI^3#?ihE1 zJH-LCGu%1u0_O-^;;wMlxEtIp?hbd4OTZ`Mlkmy-6nrY)6-dLU<1_G?_$+)jJ_nzR z&%@{AJ%IvzA-)J-j4#2v1Eu&fd^x@XUx}~6SL18&wfH)GJ-z|oh;PC-oMz7^kw zZ^w7w>04zZ`xFcK=O;9O5x<0A#;@R+)Kz@^ zX$`-Q-@tF;xA5Ee9Xtj9OxeYMd)mYA;}7tM_#^x`(=XaF{sd29e}6i~pW)B(7x*7f zm-s9EHU0+w3b@7J;qUPYghWCTA(@auNF}5ZemBplPiP=C5}F7B%@^Y%vzY)3q~sQYQ%RGw z63DVPLOVePbPzfTztLTUkf58O*Y^;534H`Ub)&^+Nev_SYn;bRvGON3>@3SpJ7Mp!54Xd8r0 z0$;sFuu--NJA@aCUBd6suh1T0pYS7eKsY2E5snE`>utLH*`g~ zCRk86gj<40e@D0{BoP0E5{Ut95;2*mdrl#y64Qw3#0+94F^iZ@%pv9y^N9Jx0%9St zh$xg76HADt#Ft;oh%dgD6X|%6`kPWgbOV*dDq=OUhFD9iBeJ>m#0Fv`v5DABY$3K1 z+lcMN4&tk?oy0C;H?fDEi<40=#N2ou9P#ujm#xI^3}zQ+M!ifoUl6@1q1 z6G`C%A~}3WJR%+wPlyV^De;VWPJFFa=r4$uL`qmiL*Z!jE8;crh6v$Q@>`;nK?~mz z?}-UOBJh(z4JQGNa59hrqyqFXGn@vb0~tUjkOi>9*+34E3*-U$Kmkw)6amFR2~Z0B zWt9QtKm||PZcxMp6^0nbbmRCAE>- zN!DlwsgvZ4I-*^qZjw3LL-I3vNg-?>$rkM=4Upao21ya>5NVh+LK-DKM#o6wqzTd_ zX^J#WnjtYrv!pqaD>_eFAT5$UWByW>NKVNzX@#^(S|bIbzUVq>gS1J4NWth9X`8e| zaz{N;f7H%?iiV=z=pX7XX^*r|aw!f-horC3BhoSHgoH#-NoS;U(go>~bVa%*-H;;D zThblro|HiTZ1})WBqx!R$tmP$G?ko2PA6xO!_iFgJ9ZX1o18<=CFhZ0ARf&p7m#Do zLUIwgm~6(CkW0yB-U5HS#)ngS<(86%$dm$lK(Xu^sX*d5^qLJ|G{G zkI2X56Y?qfjC@YMAiw?>@L!Ry$v5O%@*SCuc^i8ZyC)}55-CZPWJ(Gpm6AqDr({qv zDPO2rlx#{4C6|&%$)^-h3MoaDVoC|6lu|}1r&LfXDOHqeN)4r!Qb(z$G*B8TO_XLz z3#FCPMro&XP&z4Hlx|87rI*r2F>vgre#!u4kTOIWri@T*OleGI7^RF+#win&Ny-#u znleL~rOZ+0DQ4mVWs$N(S*EN|Rw-)~dF&Nyow7j@@i!@Y99FkQ*{1AJlrcq26$2%^ zls$?%wohScZTbVsA?1j2OtBG9D5sP&3cxz2Tu>-1P3#l>l5$14rrc0&DGuBn<({IA z>0%%03DiWYK9)pHrlwHMu~e!d2FB8;f5_=nW6TuGpk`9DsM*vUYA!X8>Hq{%D3(tJ zF$L5@s)kcUEv7oPL`Dg7-J_0$F`j@L+SqBc`osIAmC zYCE-q>Wg(!yQp|YH?@b_OYNifQwOMn)FJ9Hb%Z)f9ixs@C#WL%Bz1~9O`W06Qs=1i z)CKAyb&0x6U7@a0*Qo2%4eBO!i@HtSq3%+Rl0E7-$v*XfdPqH@#%RaX6Y42dVK}3n zQ!l7y<|XxtdQH8d-cs+V_tXShA}xuQOiQ7q($Z+@v!J11 z`e^;M0oovKh&D_cp^ehUXmRB@ZGtvQo1#tAW@xjtIhsENFX>nGYx)iSmVQUSrzbEH8A*&}MhYX9k;X`8WH2%rS&VE(4kMS5$H-?C zFbWw(jABL!qm)s`C}&hKDj8LbYDNvCmQly3XEZPx8BL64Mhl~r(Z*=%&#kgkNFm4%ljC)1` zGm)9ZOlGDqQ<-VZbY=!KlbOZLX67(+nR(27W&yL1S;Q=6mM}}1Wz2GB1+$V_#jIx5 zFl(80%z9=6vys`vY-Tg$S>yc5_Lah7+GS6h-ULrV= z2@r7?n6Lq48;CUhKgAVsk-5Zt%X@`b6|a#u$XkTS@)^F00L6n|r~eNLpxzgKSSbcBJt zr>--Z2n!(~N&*|%U~&*HLZ(>oe6|hEL-1NY!T^Mb0C^&AGDXODj2Mw1QbdNx5e1?| z{?o)IDnyNF5G^7S=@30)K#Yh95z#<|9^GOZfNdsPxWn9K?lJe72h2m}5t9);W-_C! z=n3jcmL2G3^{{$beXM>K z!Wv)=viLEpQV<(rnH9sV5f)iE${J${W8acqtyiOsVXSc|MB z)-vm-=`XOtT4jaZUo~qiTWp;rm2a>%Sz9bScAK@s+GXvraN&JcP<_C%#|~LXtYg** z>mQh)aKz47=Paq}KxMGKu}pRrJDZ)u&SmGZ^Vy$?0d)bpkX^+7s8%qG*;K}>N2^ZgFJYIm%h=`Y zX!twfm861Q$(C`e*hsjV?G66|d|@t`r&XhB*tKkbxQ<=VZeTx#8`)3cCU!GB5Dtbz z;c)nCSjTH&x3b&V?d%SACp!}EV*ey`vt!{eYJo*8>0$S>A#5M}CBC2ik~F{`WXHJi z@DO{L{Tv=)kFv+uT-GlZO8+f9&YoaTvZvVJ!_({!tQqz!dyWn8=h`nF-dz-z(-evy?D{y=4ef9zSkbT5HX8#PIuus`%>~r=7`;vXdzGmOB zZ`pV3dv*c`6F>(NIY}Iw#G+2-up~xZ3dbQ#!6ON!V3cuqkAF1f z9N}XHr;;Ojtm0I2wVZeOI!-;Ofz!xo;$YG0$2Zbu zP79}%)5dA%bZ|O3|H?NWyEv*xD^LFTTC98gh3e+?aDI||Iei?W(HZXNh#w`7(nr~& z{*mc1Jq~cZ458Za2t7Ul#>YVpnKr~RDu+2l)CdQDgt()eG0r$=g7Zl~$(iCzb8NU7 z&MfDdO`^_m<~iV_`O&8J^R-;-~i)v`$$$i25uv_ ziQCL20Vai;8+!cu2ug*r2&#qq{MgEEE`xud%1mF8_>`F_Bg;D z`vUvu9mCb*N_Deg3PhWq1jmOICN`83as@D{i~9~Zex+-2?x zca^)wUFU9ad7@437I&Mw!`h7#V#SPWarE8~^(DtMJVmY%Jz;#Ko%c(uGbUOmsJ6Vn@b|HT@4@6_*N z?_*884>1Yds%hr6@LG9oymp>VWEXYtI(h797tbT^=0&7Eyk1@(ub(%-8{`ojILQ#t zD>v(hd7oonVh^zq-Y9R3H_pSvCU`V5Hs(a3Vv{^{>?KWync@**#F&SG!YCBD*eBdH z4%0x#CXX81;%)PGc)Pqk-ahYu zcgRyqj(D`#G4F(T$~)uHW9PgJ-X-sfcg?%u-SX~ujMzOdfuG1v;wSShF)GVTP2qnO zSyXX%DnE^%&d=auA)PvtpT);PpHO%xo1eo6X}Nq7l*iBK7x3A}LOv0SYKr)J5g8&t z#e53%l2gJj<(Kix`BaDp(Vz-`CEqH4qp#vCplZGhs^Qo2)sTnwkzL0JAPFRg=#ZMo zLkS?dk_Ek^)bpuCDb&DkoB1t#hKdQb^4s`gsGZ-zS3;fqF8*gZ8|vnB zAR#1zv=|knll1V3S~FyY-by`CFCXDRP#?da&tjOM0sc=Ef#ilX&>)`+>7kg=#u(xc z^GEoje2Qp{KhB@v)6kRrmzpX5G#`X!__KT+G{>j#=lK?BfxpOK;xF@8_-w-ihd@*b z-g6v~5qgBQ&?-EAP%JnQU$N*F(^#{W6}i~f=oe{AX^ZHo~d4lOUV&LnYn^ILB60sP${==m&(u7Yj^6gz^{q1AWxIfM3CH;IR5N{1*NXey=VOlnTlO<$?-9rJzb6 zBEN^L1vLT!jD~S=t)Na&FK7@n3YrAX0u(Igw+LDV5oVj9UC<%u6g-H!1l@uj!4vca z?iKV2`UL|5B0MM<5`2Xo;9&s(j|e`&qk=KPxL`ssDVP#W3rH{){tSQM&Io1&bAoxn zI~dFS$oc?(gck%DI84FA?=)n1Q9yzJ<17i51!|ZIuLxEJYXTL#E})S%1e*dKeM|6@ zzAe}hh{?NxJ;A=1w8mjz<`ehCxTOf1jB*P1QPf)MhBk@E(DhXI(#L#7TgGw zd?kD9DE$m?NiAlm_VTv$Sm?o6N3OHSuAWkCCw9x z;Cx|$uuxbeWWz!ZmH$O9g^PtkxI|bgEEARsD}`ruZ&w7Pbgmg>AxiVTZ6&*d_G9-NGJWudq+pFB}jG;6dS#a9C)AUF;Fz zsBla;E}Rff3a5nALOVPooE6Rq=Yy5H*ULM9rcWQLCs;WH+{p zIz%ddrzi$@iMmBSqL?lUe}#KReWEA0Ulf7|L|%AMG$aZtheaczQPG&lC=9~mqKSX# z)TC%i45zUHZ=sD56XhF0nS`sab2+S1`g&KxeMQfsO@Ve+3euOtfo1!hz zwrEEbEnA@Q*It%X1f2}i`E;xX~KctSiWo)S-sXT-DOIq?h2ym&$U z#0zEoWk> z_FQ}+z7$`Hv6c^(FP3ZZjo8Gz72k>P#R-x`$qO{Wk|aS}k|imUR7sj7U6LWmlwd4b zl59ziBv+Cr$(IyJ3MEC7Vo8bQtqN}`m6S=!B^8oNNtL8p@?fcv)Jp0kC`-MBrfiTj zN}449q8c&D(ky9_v`X3}?UD`&VCj?)EnSjsNspvg(kJPc3`i)JLCKJ0STZ6Rm5fQo zC2rb;WKuFEnU>5*j2J&>Rx&3cTjnKX-hyONvLsoStVmWRRLh!VU9utBlx#`1B|8$6 zbXT$`*_RwhJ`fKjN0MX7iR4srCOMZ}NG>H;l55G06T6@)6ymFmi9<{rG3(V>40=lIwT#Ijz~wPW72Uc zSvMh_luk+6mTBpXbXGbiotG|17o|(mW$B7^Rk|i!mu^TmrCZW3k(U$<8^sf_x1~GM zhsdsUPr5HXkRD2X$|LEq^h644PNiqkb1CidLV78^l3q)1q_@&L>Alp0MMV;1=t!b0 zN%mQsEK8B4%F<-%vJ6?K3?XA9_y{iIl8_ac2u`d}Ke4l9*|Hp2t}IWMFDsC7RxPWMu~g(pt*lN~FKduB%BT^awn^43qeKW1 zMuZk=k&z;;vNo9@!j14F?XnJ;IKqxFBb~A?S+|TA>5=uy`egmG0ogD8plnDsEMrAR zWIqH}(Wp!q;geAKG1<6`6A?v}5q)GrHYqburexEy8JR8u$!7lz_;a#(nL474EXWpR zOR{BI1Xz)+%GPA-GD&1Zwkg|^$s<45+cH=ujr^-{iD)7_vR&Dp%oL$&_GJgML)nqc zPdJu^#V0Zs(GWS6oypE+#t0aJBj(73>{13ru4LD;8`-T)rBX%iWFpzUOd)@-Pmnt! ziE=Y1Np6cI%TweJ%%_MYk}9`H(&Xv#47oRwDbJE;%X8$8NUl6jjzse11#(ZMP+lbW zMT+Gm@>01qQYJ5#yCVKbg}hQ;C9js($ZO?w@=qFfB#x<6HJ7bjiErJ@Q_8pS)lGH8LO{ls`wlM}9_zzmQ+bujJo3*YX?rt^7`YFHcY; zDv}g`BFTyr#edQF(bv&b#qUU(B3+T8_!!Mpe28W#vK2XsTm{U|Q{*eYL<iVq7tym{d$DrWG@aS;d@! zsGL_UC>9k<3Lv_ySW&Dh))YTX>xvDKTv?&~psG|>DXW#AVti$dvQ}BAtXDQD8E+t3Rt?W_uD*KfE$^qq|(n0pw*=lx}gc(u}D+6dw zctpt*aj~Pyh-pmuMl!DCh9{Jh$|>cvQmda)&MN1W^U4J!FU*Yb!;8vKT0wY8$waYY z%gPlcJGQD^Q~t*NE1=+QC^wZ`%55b@x})4x?kQc$edU4jP>Wd;#m842my#`WLsj4(px++5@4ri*eRN1N=l_Z?2 z%2Va53RE17idCp8QlSi@aIvaHB@LIV%2eg53Y9!usj5;{tDa3YD!clXwpLZA;>1Y8 zdR2p}QPresR&ir3s#cXOtOz?9%5a;iU8N0os5(_$s%}+}s#n#g(uY;yew9jO=MAU^ zRYNK#`!{J=HKNjlM^(D;m}*=#q0*2hRa2^I)r@LZHK&?anZpaJMb(mOS+%0llUG%L zP^R#jYF)LV+Ei_+jA3;c3~#G;RJ*D@)xOFQK2RO1j#N*=W7Uc3RCT5j%i!?2>Oys? zx>C{H*Qy)UtqKa?sVw1pRf0NEoup1yr>IlaY3g)!hT0m=RA;H(ifna`I#->i&Q}+x z3)MyHVs(kSR9&VnS68Sj)m7?hb&a}KU8k;BH>excP3mSfFBYY>s9V)->UMR9x>Icn zcd5J8J?dU{pSoW?pdM5YsfX1g>QVKWdR#rBo>Wh%r`0p+S+zYpr=C|YsK3b<)gRPL z>R;hy^@*@{lrg}@gt=>`Zs`u3U>I3zm`bd4OK2e{l&(!DY3-zV?N`0-q zQQxZX)c5KHO`;}AldMV6q-xSM>6#2prY1|1t;x~kYVtJsngUIsrbtt)DbbW_$~5Jg z3QeV^N>i<=(bQ_{G{2~3QoY7QGI2Cwub;_`(|vxw|Iy!|dGZJRL4U|EpfzfmG|ie{ z@fJ<1rcLuF-mdu@@6h~?cWSyc-I^YagVw8g@%#qYr|H)WXa+SepNBNVni0*b=TXg= zW?X}Ln$S#YrZm%<8O^L_PBX7r&@5_}G|L*TYDKfES<|d*HZ+?WziCUet=ZA+YW6hy zngh+D=16m_InkVI&NSzm3(ckGN^`Bb(cEh8H20bWZK5_wo2*UIrfSo)>Dml!rZ!8P zt0%e3X%3T>sfN?Wb1(bj6~wDsE8&kfo}ZIiZH+oEmN zwrSh79a?g*Q`@EO*7j(7wSC%t?SOVrJER@fj%Y`eUDmE>SG8-}b?t_BQ@f?z*6wI`wR_rq?Sb}Cd!#+qo@h_CXWDb^g%+c`)LvY z(Ut1Tbmh7VU8Sx{SFNkj)#~bW^|}UKqpnHUtZUJ=>e_Vex(;2Zu1nXg>(TY<`gHxe z0o|Z(NH?q-(T(cHbmO`S-K1_xH?5n|&FbcK^STAyqHamItXt8o>eh7Yx((f?ZcDfQ zPh7pL+tcmq4s?gQBi*s?M0ct?)1B)sbeFm--L>vUcdNV8-RlzciTWgcvOYzhs!!9W z>ofG3`Ye66K1ZLc&(r7Y3-pEhB7L#GL|>{e)0gWj^p*N5eYL(uU#qXv*XtYfjrt}% z)7`9Z(YNZ`^zHf%eW$)l->vV__v-uf{rUm@pnga{tRK;j>c{ls`U(A{eo8;BpV80i z=k)XX1^t`nMg5X~S-+xR)vxK-^&9$4{g!@PzoXyP@9FpT2l_+(k^WeJqCeH2>Cg2S z`b+(l{#t*dzt!LA@AV0WL_?Ax*^pvLHKZBR4HJ1O{21BEv$>*fH!H_6+-m1H+-=$Z%{pF`OFC4CjV7AfNi4Km`=SH`KS_f1qB<5xxWe@GlH_ zl}}Aj389|F%JAF#)AYD` zF$h3FdS~#f(Oe<;2d|=tK&(;>NY zvEJBVY&1p{3`&!++1O%iHMSYsjU7fN`Hi;I*k$ZC_85DOea3#H$v$8lG!7Yujj{L# zbObYE95s#^$Bh%lN#m3;9-lVO7{A45jdR9%ql)|-Uoc`gi^e76vT?<@YFsm}8-K(% zjGM+StLLrY=*rsmIi7>NEA5226vdA=9vF#58IeGmV=jOp~T5 z)3j;EG;5kO&6^fXi>4*hvT4P%YFaa`n>I|FrY+O9X~(o{+B5B&4orupBh#_z#B^#p zGo70*OqZrB)3xcwbZfdZ-J24?L@)_V22;RPFbzxxGr&wR3(N*{z+5m7#G(Bml5HKMAPln$@ zjZtQ_Xp6xgTCV7eMg!QeC7?s}94iIOz;aMWt^mKqD#0qyYN!Tlz;Fx&XmtwUE58=3 z1M9&Cun}wmo52>a735&sz;-Ya`-JTPJHaln8>DH!33|X@un+792f$ct5F7%dv0-oo z90kX~ac}~h1gF4ha0Zk}XTdpe9(*la02jd}a2Z?ySHU%K9ozsn!7Xqb+yUdUUC?P@ z@R;#E@SjFHegJafhafwC1d{cv_%V0_o`Q5OH+}|6+-)|*?Q~;bH91O zJZK&=3o$0cu-OzJF@td^K5BNv$IRpA39~IeX`V7qo2_v;K4YFW+v9WQd9x+%io4?r zW~X$~ykus$0lYKrjlYsEn^(-M<~8%W*%L?N8|F>(mU-K}W8O8><9p_P^MU!$d}Ka0 zpO{b0XXbPBh56FVMPHe(&5Zbs`PR(CyD)d=r?@YEZ#EDTpg=qk^2d{)WGDqnh0>tM zcsi5;fw)Y_ug!w8p&Td}&xL+q^PqgF04juvpkk;53dO_mQm70nhrY%uph~C;s)lNy zTBr_+#OtAGya8&2nxJN=1!{%bpmwMO>V&$WZYUu7K5n6(lp%rKqT7%Z14QLa3>)(R5p&e)!+Jp9? z1LzPsf{vjR=oC7G&Y=tF61sw}p&RHHx`Xba1UL~+f|KDCI2BHV)8Py_6V8IO;T$*@ z&V%#e0=N(^f{Wo2xD+mf%i#*R60U-);TpIWu7m602DlM!f}7zMxD{@L+u;tl6Yhe$ z;U2gb?t}Z`0eBD|f`{P|coZIk$KeTh5}tym;Td=qo`dJ%1$Yr&f|ubHcoklQ*WnF# z6W)Ti;T?Dv-h=ny1Naa=f{)=7_!K^a&*2OB625}3;T!lCzJu@K1WTeN$&zeIv7}nk zEa{dEOQt2ul5NScsnTFNZtmI_OyrOHxmsj<{r>MZq^1`8hh zSNlZzp=`7Sd>;%!pPn5My2v5lS6|p?*GGI&U)&e-J^Q}-?1Jw;qxOeSPHVFK^!@TF zXuo~$06OcB4};cH;-tU6X3GozOaCkXcj9Mii^V0D+a9zu1yT3fZ_&N+vy@a)t3`k_ zq1!C&mJSP=*=gyrbX$5X9yEgPwRq8emVV2CWza&ydWA!lVateR)WUL)S;j3^^n_*7 zGG!65Lbz$mjOCrcsF}6=-~*~T%O6slJ#SgCELxT<%a+fY6^lgso3?6UyYWPhd(Ei8K zdW9Rt-&*LhJB!LqCfr*RtnXwlQlgb7R$)z&C#~A;Cni~wttnQyJJp(IO}A!PGp$)x zo%=6N@6NX7SaYp;)_kkRt#ubzVRfOk$ZBQt(ZyDWro>umg$YlRGONK|ZmqCBYbvc( z)@o~wwbtrG*I8o(&~0>^+)RAEwZYnG<*6ZeleO7uakp4ot!>tJYlpSd3cE3aF6%3G zx3$M=cK2HQto_yjtK;8jGH4yL4qHd8qgIb;fFU&srh$FV&pY z;dZ&_tqayg>yp*!Ube1S-R@QEnswc}VcoPE)mv5xe%oqAcC2x5*ZLjYvp$3S)^Ff} z_0W1`{Rt|R0`9T(#2Q4MTF`UAYQiZvg|FU?`WmGw9H3p9)VfY;U+W{cr3 z2(oUhx7Ii2JL|nQrb)0R+Ws@YHYeHMnUifPHYzREmS#)0iI}g1@_l*HM7v}#}?T?$lk_D zjsF+_$}P87*emT-_GpWBg0J-rivU9Dj(bl#TW#d$Ya8-fC~N zx7$^m_reZ)r@hPGZSS%7+EHC1$BE`NvRyZr2RnBT>jkDHS=d5=&I2)Z!&Sqzev(?$=YbJRKJ9CuDQC!JHyY3Gb{);Z^#cP=;=olDMT=ZbUHx#r|QuRAxKo6arg zwsXh1>)dnhI}eT#2qESF$U`mFf~a zr@7Ky8LmuMmMhzp`Pu+EwGKb=A3q&-Jbb zSEH-R)$D3o1=?doy$y82xGt^wDeYsfY18gY%f#$4mB3D=}+$~Enp zam~8sT=T94*P?65wd`7Pt-97+>#hygrfbW!?b>ney7pZAt^?Ph>&SKNI&q!4&RplN z3)iLV%609!aoxJ^T=%X7ccMGVo$O9=r@GVJ>Fx}7raQ}>?ap!My7S!m?gDqAyU1Pa zE^(K-%iQJe3U{Tu%3bZQao4)*-1Y7TccZ(>-Ry30x4PTh?d}eDr@PDD?e1~+y8GPy z?g96pd&oWP7Cn!+N8MxYarcCK(mmy#cF(wH-E;1F_kw%Tz2shYueev;YwmUThI`Y! z<=%GhxOd%q?tS-x`_O&lK6anDPu*wkbN7Y&(tYK=cHg*f-FI&B^SwL4ljuqEBzsak zsh%`Xx+lYv>B;hBdvZLvo;**!r@&L_De@G1N<5{WGEcdu!c*y~@>F|jJhh%WPrawX z)97jPNS~WMEuL0So2T8=;py~rdAdD4o?cI%r{6Q+8T1T!hCL&mQO}rX+%w^s^h|lC zJu{wJ&zxu8v*20uEP0kaE1p%)nrGd!;o0_ z+;ic%^jvwaJvSc7^R4I3bMHw&5|Jb%8A(A>ku)S7@qNocGLbAK8_7X(kvt?HDL@L5 zBBU58K}wM_q#UV0Dv>Ir8mU2QkvgOvX+Rp0CZri@L0XYEq#fx%I*~4<8|guMkv^m! z89)Y+A!HaCK}L}=WE`15CXp#*8ks?6kvU`@SwI$%C1e>{K~|A9WF6T+Hjyo48`(j2 zkv(J|IY17PBjgx4K~9k~~4bD|^oO7I+K2Mc!g>iMP~S<}LSDcq_eC-fC}+x7J(dt@k!~8@)~5W^aqP z)!XK6_jY(YyL*8NUhyey~)o_giMGcO-d230|I&`kJ()#&+LJo+EB9n=OHTAkn*-6Y47 z^g&(F7&HXm@JvB4_(fn2J_w-Te;7Du30i};pgrg}ID*cgk?IOcG(V-EFm9GR_*U?l zbMEy7k)Su|3;KhP!KdJbHxLX4L%~b$mG^5f9E=2G!D#T>8xMY#vDnYSZ^7@u7rGxo ztm0?zSMbLBJNPH~BJ?--G86}Xa$bdAhuAcR`UmDs=xyk~(0BE_&>#K#kd%Mx{Sf*X z!m&Puek#68zJxx9eqz6q9zv*)Lx~PyLLMSRi4FZjAwyxIO-cw6LqLcWB8O}`N+^K) zz@dijytEKK#0cGc|Hzpk8ymn83~^e5PoUt0SRrXasl5^hLAC2 z3Z?nLkU0c};842H62jB%A#2DM%J4Zt&XA1d3b{j`5EAl+d?A16G4vENGBbUF&}UXK z6bgL}W%;sw4n>YH*O%wZ_Z9dGeMP=v-)n4%uhduOEB96SDt%SHYF~}7)>r4N_ciz$ zeNDb*UyHBR*XC>Yb@)1cUA}H#kFVF)=j-V5x8_^-ZTL2QTfS}Ij&Iku=iB!k_zrzXzGL5s@6>nZJNI4q zE`3+NYu}CU)_3Q-_a*of{Yn00e~LfVpXN{ZXZSPyS^jK)jz8C*=g;>S_zV3-{$hWL zztmsmFZWmYEB#geYX3jUhLa`YJ8S$pv{;VCMT7#UQt?kbM-@56PCn72hX6sF!;@Bhd&IE_w|v%wEK z&CW(Y5paM_ehs17?*g4*i@(+1=5P0R_&fbweh=8~@A3EggTg+4zuyfq|7Y(#ywYl( z#&P~MOYFV(-h1!mJUubd6ish7iUc7L5P}k7M~XxeNWefMMvTg(!@bm;-$2x8V#@Qr zpZ8mS=ey_JySuZqvoo_ZvwN>zmSdMWUfL9Io;4mc9W)=b9PGW>+x)oMdN4tMwcd8H zzuA89?5T+NY!Sb>$UNBWIC!)OALKvlJm@-j_oDlt=b-mMzqu&vJLo_7?cn!=KMpjE zKM(#o`1=6a{O8~)dscq_z{k9BFmPbl6vAts4=WcBjGLDZ1`mb~E+1SuFl}BvFmE0# zC?uK}*A9jcMh>nY+&H*-aO>dq!JUJ<2lo!{A3Qkt_-cId;elmy^kD2jCl1nEH-q)N z;!iI_^r8B5di&EbeYoDX`Iydr5uuONzfeT!qxCWRSbdy6UZ0>()FQhk~J?Z%4i zF>jq)uD6>i^p*NmIR0i4^)RdS)%qp0MqjJ9%+%@Y^$q$)eUrXf-=c5Tx9QvUD`(~FL|6Tuwo{avf|4aY3ehU3Ze_sD#;m!O7{RCq`e^Gx) zKd3iIhxB_J6!fzGiXMG&RsRSzE2dHI(l!0CenfAdqoGvvy8ed#rvBaXE&Xl1a^a5t zuKu3>zW#y!k@%sW_hM8(rVm1bkq{&lIfsNH;Yb7$i9AN5kZ6RC#vri>1C2x2i}6ST zl87WB$%vfpT1i1tku)S7d4gsjnMf9rjpQJ?NFI`p6d;925mJnlAf-qdQjSz0l}Ht` zB_N{JNDcCoUyIZsPx$qSZl(cgLkGjLjFenLFm|dx4e+=gh_Lmn7FXT$$fZ?Ly zl3~y=WVmd&Vz_F!W*9b%7_J*`7;YMF8EzZy815SG8SWb%7#=##n2tGu9g$jE%-7W3#cv*lKJuwi`Q)oyIO>x3S0A zYwR=j8-FwYZv4aer|~c2-^PE8=ZzPP1ICNSOU6Otknytdit(!PnsL}TV!Up=VZ3R) zWxQ>?W4vp;XS{EGV0>sCHI5mBOu?oQQ>f{jDa^!tNnjrcycXjNrdYpW`uK5O%vG^{ zmL0l8{KrP=ly1r}Wty@~*`^#* zt|`xyZz?bqnu<)trV>-BsmxSvsxVcWs!Y|U8dI&Q&Qxz|Fg2Q*OdmPTrWO+!d4y1q zR?{@nW@wIn(mqIn;w`Rnnq1yrXX{$ zIm8@lK4;#*!p!03^(PVLNOP1q+8kq!HOHCb%?aj2bCNmPoMKKjr!j! zySc;MY3?$2n|sW?=00=3`8V_L=0D7Tn*TEYZT`o6-h9D4V19+Y#4egInFq~7=F8?Q z=Bwsw=3(=Q`MUXr`KEbp`<8ivciYU{ezwiue!e}wy|B&YcwXY4Nks&PKzzr%xb0;x zuPtrgHQzI@J-cuAF_yON{skD1rD(I-I`;dZdawjkOT zZ#x$y+w0rX?Kh&Q@G|Pdix5kw<(wtV5^jmGL|URO(UurXtc75Xv&38I>I6%oCCQR( zNwK6_(k$tg3`?dZ%aU!$vE*9vEcuoKOQEI6Qfw))lv>Ix<(3LdrKQSJZK<);TIwwI zmIh0srODE4X|c3g+AQss4ojz{%hGM>vGiK{Ed7?>EWca+u>5KH%ksD7AIo{m1*T1G8nmLO}eHN+Zf zJ!cKGhFc@7k=7_{v^B;WYmKwUTNA8_)+B4PHN~20O|zz3Gpw1`ENiwk$C_)+v*ue1 ztcBJhYq7P&T52t`mRl>VmDVb2wYA1tYpt`^TN|v6)+TGSwZ+ zX}x8=ZM|c?YrSW^Z+&2WXdShVS%YlBwh&vW?VK&l7H*5MMcSfl(Y6>{tS!zKZ%eQx z+LCOBMWS53&XB!j`UJ_gnJ3Q|w|3`5+THD4Isd~h{*7W?x2xgp?C$P<+%+zy*!a)( zc6S#^v-`WLwu9Z5%zas!E!{?VuHQASBD;p&3|pqnxJz9%?Pl3XLi4U=*ShQf;M=~t zz3A9QclTanyV*A9u7I0k%eCd%@@)mSLR*n-4x7b_Z6&r+TbYfI@v!mPa@%vP!Zwdp z+Nx~Twnc0KTgGZ^wYDX!&Q@=0ur=D6Y%AC*)@*CBwc6Tj0<7J(C+@Iy+PZArw)ana zY`wNVTfgl$+wV3x_J>V@{b~El_P6aH+iUE+?SgHsJ zfxXaPWG}Xh-iT_8xn$z0cln|IPlp{SW(}_P^|Z+yAkj zw_mUi*e}{I*$3@I_RIDw_N(@5_F?;o{kr{z{igkv{kHv%{jU9<{l5Ky{h@u-K4uSc z1Uo_;p^kHoFh{r}!V&3+azr~~9I=i#N4z7!k?2TrBs)?Zsg5*9x+BAp>Bw?qJ8~Sk zjyy-cqrg$F9EFJ9-?wjy^}f<2T3ejz1iKI{tF}?fA!W-f_V(;JE0x5Kj@ynqj=PR~j{A-Wj)#s>$Cx7s4Ms!IQ1l!chK8dNXe1hiMx!xkEEy+JrWvEodv+hPI;}XeZi*cB4ILFWQIpqraiQqko`(qJN=(qyM1i(F^DR zdJ(;Z4x&ToW%LSq6}^TIqa)~b^agqpy@lRJ@1S?ld+2@i0s0UfMaR$}EEo&HLa}pL z7#5C2V3Al97LCPVu~-}yk0oG5rSP@o? zm0+b<8CH%}V3k-ER*ltQwOAcik2PS8SQFNawP3AS8`h3>V4YYO){XUGy;vXCkNt*y zc=bE>2lfK}6JsuJpnqY1V>0w5`U;h!|6u2_*XRX|!gzxYU`kYlZlV{lx2PJugbiXt z*kw$E!k<-MT*2O>Tc{S@Mn9lCsCiz8?!wO{?xFkWRqO!0hUrlRj(#+tM%09wQ44BC zZKxfc;*Ves6h$%AiC)KUU^lT_*lo=zqodwQ9XOXkmS>h~pmO0Cv70ya$ zm9yGe($ru3%S)E7Wz)73Kh&buzS23!|imt2FcA=hQs71veQ zHP^6f#C6?u!*$bj%XQmz$930r&voDR!1d5I>Kbzexr5yy?ojtRcbGfe9pR32N4cZj zG45D*oIBo~;7)WWxs%-~?o@Z0JKde(&U9zFv)wuFTz8&3-(BD?bQigc-6if)cbU7~ zUE!{DSGlX*HSSt>ox9%M;BIs`xtrZB?pAl3yWQR4?sRv#yWKtRUU#3n-~F5WclRIe zKiz-1|91c5KJUKZ9&lfDUvdw+huoLlSKL?K*WAPI5%+cX4fjp=E%$Br9rs=LJ@}GjTFUi2U73^Rc^Kv=W~P~Co-y-e`5r`8;Nh6rW|F+n^K$*E zdDhG|&zX7VB2TeL|MZ!8Z??q4H$OM;^XJX*li21(^OAYlJhQf9UNx6`1ZMk6nP<&h z?y2xpdW7aGkI4KCtM-V^67#yb#v?V?dg?s&o(9hg^PAa5&xToMerbMXmYWsk*Jh=; z$GE`YdOW?JKF_R!yV&pf&9j63?)k&>r{^z^4%@~4 z_Wa}dh@JOb@CLE?>TRnH{2WHjr5xBQQl~8jMrq3^~QPk7vsHJY#U4P zCVG>+$=($2>RhTf&71Dc@b0KGy;+v;ue z?i<>@2L`>N!^=ZEy_^A3A$q7g5KUH9Jb-t^w`-uB+{-u2$|-uF7O2i}KX z7dGl0^9K2XeIdS3-#MQL3-h_LaG!t?;qziXEYcU{i}uC%Vtt>mIA6Rk!I$Vu@+JFH ze5t-PU%D^D2QNa9Okb8S+n3|Z_2v2UeFeTkUy-laSK=%6mHEnj6~0Pem9N@Y%JSl zo4y0?d(|!9ZQmW=UEe()?#%Rh?KAidBo8 zz8!#lfcp+yx8SVe1 z()#NEN!doKMFvWCYC2wCRQf|6KfN~3DJZYu>Vc^xVpExzk0B$Uqx08tHxE+s(ID2 zYF)Lh+E*Q`=qk4ATy?FwS3RrVRp08Tz<0_1uaf=WB!>&We2p9{`0@>MvLHop`rBgv zcg3f_DE5C%eDp2x=P!wmz9RO2L);>06`cHb__RdwHN~2GRTHr49>M3YiN^&Kf=K~h zKoAfGB*Bz`EO;cK2&M&80Zs5&Ko>9sPXtT>OE4o~3pj$O0#2$Kp}W7cq32>RDw;xTY*}j z5xf(;7i^N%kaX^64aZa(42|DF3hYGYte?2)+<Q{mpNo_CXv@G4L(?N09ZAAGN-}ce1t8 z?XPVPWL-H4{ZaXCfSbG@;;YZ#7&}9{&*N-fJQ`1Z>8Rw--`+Y|`&l{V;St882RI!6 z{88;^`N1iD9AVcV^K=CHpUu}!N&daD_CT)(Cv+PF)^Rd5dQR59lnsGCn(H{6@whkZ z;j8b+`1VZe{6g(>>FssbF|DJv?!)mtU$uCT=jI6W+uRF%o*(x61o>{D91e5oPsYQ% ze=JbNRUYQ>q<9;LtNbPH;c&ho{w3AuX9`DmeLxFuzJh*kt^Oh1-1|5j;~R{8&_Ux@ z)@M89{%FjNvCpM)?-6AG8=WI}DOVx`-s#5)yL^QCy}SXq$sPJ$>-XUAPR)$zQ2*b< z{uaJ}rdQ7$Q+)?E_w=wfd#miwK3?DWOlb~yhUjzb=V1_4`aGG}N9^zVeLEfw zmop-O-XD+q_;IohBc9{h(*S(J$37hCEDAWB`x|Y4#>)UY#N!#|0u6eA-m>p(I-jBA z0VzJ0t=C-Fa5&4U=ooe@1#A?D>jbG5JV~d|4{Wd7`!Ck|-s-=vs-ZRww>vkooKUt59sz~Rh?*6A<*D3zWu zV%4d+tT+SXGsS~%tkDFJ%J1U;h>xGO>3?Asy1$A~Kco3;?IFj}?AP$m#w!2D64sAB zLKBcJ`9G*P$v0N~g{!*nj8p#|_?Mpk($txek@#I5HT-~T;}6PP% z9ty91jnO)^bSlo`a2u!g46R`Q{1XvpEf5K31NX0KeOvGR7gBxO`wN77!h^E|{>?gN zLy@O={?e~6Fn(X4bun;{h6p?!fXcqp=Sy#vH{u7j^BE66vU!5HqrOQ$rG13y&xxnB zv~o;u`FNf?$8fkASZ7bBMQ_c&8s%i)Un^5i@%8;ad&l1UeH`j9()vDyDA2~jPaCoAFe|0#*W5(d1756{4l~y9?sp{6IO6U<=^KAgOAU65}Wy{ z=N*j{^^J$fzJd60^(VMp1zDv5Ebp07=rirCK%9AfYS*!H%XCcV%?XW}kD;IY5>NGl z=Wy^s9PT~LyzLk>3Syn(xc0f<_wLPs=bbODHK%muJ9EAgPdzh99+ZJR=K{7@e`owe zoGm$p2TzYSpLYx|8LIk9et3dE^L@Z+O8@CvbzlYs z$Lsc+?>>#kefsZ=tvTL9{CBAQyszgI@3tf`*Yv}uuF@0ph{H9Uio@JM8*==7W(@e$ z5?B&?2=iT8Ikv0vTlE1QXl^|U*vQL3L@t7#5k2C|488Ke=09BPKV0o4fwrpa>&H0Y zS5Wo_=uciRKC}WhP%gP1amv;=PV_k%;eSsqJLaVA`qmkq)Ow2g5#Qo} z3*nw&ci&?DPeWEu$^4%fts-CrAAV`Rzds)L)cWiF;fnt)mG%?8laBZE-{Q3dcnyNN zO!xs74%dCB^rw0n|AF-%jZF9ohxAqb2=9M?Zun*Eq=F3nKluNp`smpW^;@N1t?{vE z?wpRe5nkpU^GN_}Nj;`^gyGM7kD+P6`@|Vq>^{cuxdT94;h4QF?3xN7%C`=0y+X7vEqUVg9ep7f|$Yg#2AQ zRsTf(bae>L)t`u!)` zcqhirgt4EV>CON3krXHBe@!L$c)tBD**}#$_oo)i2!IrxHG_+Qd)*iZk4mwCKrKN_p#)JRd^w1389pJ|CN{sR&5h>u^% zYi`y9w+Y`!86KF)-LW6jcmw;ywt$t(0}*8ITGt7iZ#<=kA5%K3we#jW@D=?Z+uxlv z#;?N~#{9U|fxExtPX*uT?KAw}-h;pK4MN~AjkB<_B%ErCKUMp7oV3IC^;7HFw|IU? z*BSF;J+#&g*au4wSHYKuu&keqefB6v(3UgSR4!Nx?}Wv`8|i;B+nn#NyGLVw&W#VF z&g4AwC;NlbR6f^ofRgZ(ZeRTusGLQa_8+pPvuOV+EORLQOii8cpZ?V|Qs)^n3;$Vs zCiFC={~KyS_z*k}7m8;FW<5-pj!(sB;M4Ho!byAroUS^7ABT2$LqG^71Q7s}@Cp9} za9@M`TLdjY5(2wGDOl^$6#Ul;#Qo*bOuYOO9-k;|9wgvPga<^1*iYm6s_Rk~o(S~L z5lV&O&|^OE1!|D+9KdqmiV)`Fb#5Gv1m!S71R)&g!&mi$4}p9c=<}$-_@1@ZOTof0 zd_F!8@V-tvgp6;zYz2CLPM#A{fkuy!Zw$N`SYk8OPt*&m;dt2q8NUsDtxiSYBZUP4 z>W}c#_#`0}PYKlehjoP62Z8{-wW%=5;%XtDhHn_$CF~JC0+)KCe;nbIXeyi%K{*^0 z_l)WOY z5KD+7L=h4R)j}MuTv#PcA{4=hl~9W(BoHD4Iw})Z2+0p#fefHGm>CCwF0>L*!mN-c zv=N>ND+1%%0T+X7pTH102{S_cFjvS1I>4jwfPfHO&}Jl1gcgE{U?$87p9&uf4FGEy zoEGW{@d4_r0KUHu=ePvcFwhwofhsH)fz^=gpbz%73Xui!b0qnIi}-TXNz4&>i5RgE z&Ygw--4&6B-OxI5!$&j{BS?7ws~>(QMu?##1JOZ5iN$bkt%qnMW{XV3GEo>Ql4Ki2R0Sv7ej*k?FC4B2?#ij>VzGDwW=J9yPbnZjxGA0DieFDX74yVP;sx=$ zDb*BHJR^QP^Z&2!+I7ak&;Py2e5Rb)zRTQ9yn|62|Z2Drf0#qbS!$hoJ;2eyaL*j;F_hkjF!u( zAmt1_Q_i5Lz!`RVaEe_#oLc8Usg6V6hrM-M%+{*)Vw8nfioDb($!Iu$C*zqV;f%!{QW-6DNSpZG<37C11r@(1fLckC) zSD9jFk}?<0x=IDOKP@rS1Er}G{wiWGvpMQ@_A~XodX+6;&#G70OKLHDSq*VeEnzne zveZKM4Al5)9^9X**Vt^els%_jRCCn}02v=)rBf%|L(q*77aq9I^u*zvG&N zzH_u;^NwL>cL$xTaJ%O|?l|Ura|b*69nYM1&az|NG3`tYSAm8e@tu1lzGIKfr|{vw zlJ=(Hj_m^N!k;nw1RpPD~yfhWG7(oQ7} z-*kPUK7!DjVE+6HmGM@NH}~(3!=5B5Y4JxnuCp@N;+`K)}`l5jlAv zmb5eVVM;fZeccb$9NOPB$g{NShX8CKUO2IqN=O3^aJXRTR}Jx`kWxU|+IYXQL|Iv*4R3FJ*!VzY`*t=a+}e#D>NZtN)oo0=E9H1M>mJcv6tJ)r zb&%HIBvLdq^&jQ3Ce8OkW49<#M~dA;RaNk1Rq4ArpAp z8u&Ps0QMS(kH`0|6+?@5U>?7KU&Ql;*#x?~2ILF}4Llc~BZd*5K@C=CVrW2@{&KAd zc~mD_ho6zJ56F{9N+2=Z#DNr25-Is`<_s`z$dp_x6TcL@A8v?^QwLM~0Mk$HO+5*4 z=ci->ND0Nf4pB#33EH%*mr^Py<&-i?F@+b{ukCHXw{KMahK|aDUdzKDH}_hQU<9()ELmr5ogRpiP?}_rW7#uW{}*vUQ4m9*MQs{ zfLB3Y4Hv9D4-EmSmOV|Q0(w0}F%i8^u44%4Yao*xWO>DW$$ZJ4bqj_S?AL5LNb?FV z*r9=ioC{b9to}P;Jo^rOvB`gqbj`!sV@X?HT`j>c;nRWFW&8@r5qsC)3x|8=&Ih}Q zA~uO$i{Aiubrj=IhYYPC^HvolxV~ z5y9Z5UTF%9+(T%DJS*^QmjXVWMNETx4sk`8NsK2Z5mSkY#0+9KF@cy&Oef|NO>PrB z$0D%j?-%umL=P%Ry`mga9;uDgNUHNe%K$;tCn_Knk?^8QQm3eu)K1DJ)sfD5+C?p- z?FXf#w!wN*1F1t)OR9!>s3A3x#zpy1Y9>vJ%1I?q>J}A~h@vtmRgvZ&uAEPQSV)>U z_Moog(vjXi=X&vhIDu>so5VZfk7A=Zk=!*ZxT_WG#CE^-#Zl52a-7sR1-}(P6-y2y z2a{o6EIvn$A}5nSh}GgyvPS$K<~E!>emj!I$a~@xveO++ekYC~n+GBu zhLD5E*aHOGyD1Ztc9`3|;iOAj!)=sL z>vrgOl+H;%m*j{0jCiP@lX<9?jjoI6hMgKjvu~KFF6t+$2V#et>Z3ZK_ood9)e(p# zuo}UM*I>ugV3~~?O2grt0Jl&{x58zv4c`Vz4WYR=ywo5#4SQTZI}#>4M>A8s8@7$i zhfeTmh*ldYP{al zO4ZT{5ErK4%wX6XFx>-W`A0f<82vT9U;c_7;vvePyEo~NptV(wmuu*4aHepdd=f16 z9bHY|1KiK)108d}p}%CnexKeY*U`7=lX69%HU6QTuD*VR2mdR7!}*{ZH0D34xEdlE z=OV-<<|eaEX=HXPmCPpPJLV4a*$mi#XPa5CG%?>YKQP;sZ`3_-Hfi|9ayXZ?PN`*f z1)`vaX<;5f{CUq*!~G*%-EfX+v$7RVHtkTVm=($h&lc0nM3_~|U1*KGW?=3!b)&@(q-uL{3%p_ZxpA8e^b>Q`zVdzbx=tyb@`U#O*OiTa&d%~q<{)$iG_ z)tl^>YL)t}+BdLs=RKTQC{}CO8|u)9N{IM7>`nC+Tg(2)e#U>PxSY{wIJs+y8>tm?7Xodt(sARo$=ZzvBCdXvJoMs$_BQ<59gG?Ql;U_1ITdt3@=#c-obYC(6>hE+kqIq{2-tYYum%HeOOWUI9K@mkbO3PmLCjtE`Nsq zl+WZp&Aa^aMf=cZ?{ubqSQRq}@yuEBEy*b_Vh z-YQ(OT5Oi|W!M{A%oc~mVo6%8y#x_+=#wqjp0ylg&s@%c*3|oc{Oo1_d7;l9Y%Z&o z-!3mZz>d*3D6D%c4J-94Ds*jy==9@(f3Dzg1g8;dEBB*>en=mo7ov9oF`p<9<`Gwg zIpA|$Br-(EsX&zMAaz3&&GnE(Ii5~ZMj*=j`@xO_qL)RSN-jH(!wF!{9#OJAk+LXR z7%d#40S-4U->2*86!`(YS7`<7{hapM2W+j{c>e{=z7(z~UF3em{`PQ z8Ds}Q>~LAdm>3n?#9pya>=rx4>3{_zk9x$pbjai2iloKD-2toc=fsfj4u^~)bTfTH4rgD=E%fK|3eO6}O(9(1p>md-Cnw(# z$=Bq3IamHfPE^w64mwAU(yer=d`Uhd-*v;2w|rG@qgQz(as%B&pOdrYF*G9_$19MF z<%>XR87>|0L<>-b-PQSVCD@IUtaLLcpyXk?n0+_#N|ZUJto2MP3CcdD9W3XGlA)w2 zZA^^mWX8xSN(a+Ur@{%&bme2^#2qH|G^xSflyiqOS{BITualG?)pj<}z138X_r_ zX31h9DujG;S>SnOxeDJ;XcWTx7-A*(bRM}9w9(_iV9nhG?Y-ry;9d=*%J8r7FY!4- zIewhb1o#t#0-#zLpj<_)hQ9tJhL$Ptc19p#!E-b@R01)LTu9C*XM?5t6Pq$a;ZRuM zMMctLG86JRT0C%+0N47VJ$_=cl+M7qzYd=3ggMu6)!b^Btvuc`AGB-QMCDiw{D9%B z2Y7-^SW9dG4qgb?h4sV@;Y*=J*hFk3))8xnQsBs+VsA5nFPLo-Tf`MT1^yn9o{*Bk z2Og7VL`)Hlv;@8i|7A#;Cb93aL~|mJh)QCRSfnSSSrH}B7uF%L=L&KInRzQg5-DjU zr%298VkE7jmf>=8n52{(D@l};kllkxl4y`SPV)X%Gr5YKDoK_QJ@w>Ta+IWo93csp zRFf;oP2@Uq85yh$Fu4?pXP(j^eM+g2mcX30NQ>b9;H$GoYHYSoz^Zb zm8RZaxlt~ylQv1)q|MSAX}vVe&WU@9#cASJRCS_aJrwwg(s@MHrd2`oH|wtqeM zws|;DmVY>puo^%~E_cxvm9ONxftd?p#9rTl(kHr`Zjfu_Tk@J~p^O9hw%kKM$AI06 zTo=H5E!WH6%Qxknmp0^xTrGbg-@YEg(8`VSck-9=H*%>w;dU@%#`9LLlzZtidDHN| z+($1PQOOnZ9Eb#a@oLs;<4KN5F)Rk;KasTtxPoaZZf$}pg} z1~r!FIoubNGfKDGsSe=;aY8jN^*K$D22+P?P_<9}iS1*1*&cPU#>EcikgnPxQhid} z)Lyll9inllJ?t<|@GU#&wi*142VP#U-R5e!AGqCcl4(1fZQ2DVm-fO*rti3|+8u7k zjXLdn@W3AJ7PkS;IqiVcPHVvnwjow^UTM*$>56!na2jMboCB$L6+k>n*EQcv1^>^3 zvmvt}FMumwSHjDOwnAPpZw7i6>N56YV9iN~bJ(T_GvQn|Si#^VwiL)$___P;v7G%> zD9ezk`4@;Bd4*&_jWpkO<0T?RULy*GI1g`KAa1RKFZxp|?4tZ>!Q{4hEM80Q^5#|G zVYy-?)Q1jy@A)e*k~4Lr7GDQ3r5>-q69}(_&BPY)UJmIgiA|aTPirCj zX{AZp$gSjbNznjk{?anoavrTrHvhm378J&aV439MtjNnc?uw^RD*!&o^KTG=Cm$ka zJkcDf0<`cv5Z(&9P5qJ#1--z@wvj+_*UU-kJ2L-b{+QX1+C{@f=D?M zquGWy*Mt{ddV^O8{WSRyFQ3E31O54vQW+0E5eq!~)1&!j{1je^ZxfOT5SvNQNzX|9 z0A`k?pFB>^mh_R|dW54=N~d(4BBn?v)wD{`*SXOeSrx4sqDVf?2D1uLiIK!G+=jIP zG-l>bXe)VDAaRk7GQVhAg8jK>dCD0hRDrZDaCHdV1KhzIfx&L#8=+G88tSS;n4cc> z@CbnKMbWZoRkS2pCe1@_L9{?xB&~?nL`x(g)cwgiR5}26U!^2&q*#(CnIxAr9}=l(HdnmX*1O8XszdK0jo~dBx{EJb4p<(gEsxiA$Q3= z@>Iqr`3FxXBUk}@8OGF5IwPO4Ek|~Ra#>XI{LoEoX!(Qmns?s&_P)dX=O_Qn#<-l%4nH*?4 z$D!Vi(4kftSQsal2>ubt9PLY%a4_4kQdD|cE;(LT~{!3;gt zCLO+KDT7mTYj~9qA4}jWhLdt(r=zRp)xjCMRd8}{In>Jn+Ao6BC=20CO3VFxIFqsz zPNgh?(<&?W0Uyq*%=B&|kLSyWsPizl^E9}_T4PGR*=+Gy{AK^CJ`gLGVGj>c@EznL ze~vbogeii*eI?*ituV70ns$5# zz7xNRmx44h@b$-1KL%)z)rHR!`b!kTG@%npy#fFBdc>lgyQ@G!60mq0xea>OOQy*b za-D=sZjd}8Q^AT~0xda(DWyvp(kD`u^cB>BD_M&S{w@R~x6v%ec3#W~2OBD4lrRbd zy!tWISYZH5XW5ihLm4cqG8JYV{CNayO_Qq$-Rr_X1noJLO;>w=>z#5lfyZ7 z&s#i=prB;3q^n&ZceilKqlUa}V2!jPl8S_+bSQ zDt!Vae|im4bEI4;TRJO!L+PTmf%F}+4qB(IlhzL98EJ$fS`nj&R8%m^8KsOeMifZx zPt`+}0bOLXazOH2R-UFnQ>2OHL~ycLg_?X#%E(iY)a7Aod0Hp;nRZs|;&QYz+Bt0_ zuSLhzHuG9_O}tiKo34S^0Tj&B!R54-|)r>fhKGyqb zFfTCM;7x%Uey-(%tR9%fHeS0<#Bbea%s;)+vZBN`Rz;Wm^0dMV{7hQINbp93e*@jy zX@@%r*{YP3d=D}zL@!8k(FXAR*v%t% zNZKWHWG;D@+$O07@6}NF(k+UbvQ2qMc~8*-HGk@(_0oDk0)I+SG%%VOjWBERiZ-}6 zF%lK6j20+?ZM#vWLz&?%Vim9oS(q}0Q>uyOlz?=N_c|axz^cnz(00H)`M61A?~u0r zC-WL4$m&18t9S4{UVQ0Ez;i(c;1s-zBnLjXg-X#I(QDAOR=6d^6JL>Jq)E_yJ$T78 za;HS$<&!ng`d;)-)CC%XXECTLNw1-=O7vEwg_;7&YLQMf5A(7udIPmB(FcG(hx!6} z2TG^YW66Z1UqX|RB_An^;; zm+2`)nuTJfm?#9AOiH310F}i6RyXKuYs`;-lxjxW8F(2HY-UO}MWfMD6w|UvStlb2 zY?Ml)&}h(-3}pi3(=@W|F^vKx*u~Hu$*3}ttj0^Gbur)xSJuI(1%HBF-}P>&pG;|r zd_^g%&fCkFWR$TA6^|G$Wx8U5L16SVQWeFDGDVaM))j?MInJ13Of&KnPGymzhv8P1 zD!j@p7`+(mI75-CAOYp3AtED3L17dq@QhqVsgKMkXO*x#%Go>FfZ4~`xLb5rH+FLT z8dd`C3RWem zf^Ow;8d>q2IN+|86{h;6tY(EkIYwo97{^KGRIp;9mKgBGxWURpZ_ec`X&b@jD>aMY z&$XI*O+Tz1H2}#0%xXCY z{7&8EK3O*f?L?l0Pt;B5rg@3?JNF@yjdYGY;*IMxW9?8QK))$nAKWQ`3w2({{yLwe zBk{;QypGD7)b;9mbYeb5*S)`mZ1CHLCidHh`k|*5fz_BlzTZ01yU&_`54A2hpL%Bg z6`wi(lFym%+kXL1Djh=v;0P=%aDM^&S^->3@WkX#ACWcF2Y=78^hF)AgRtkfkzHiN zBr!<=O9-cV!+R2w*i->)0cd}zYN>LmXgS(myc}$OzbtWVEw`?SR#X^x81@$K@Z96t z!uJZ91dy9ZA`&3dOc6IpDu@{j$qTZS?8kX5qcUiRR^G;H))aDzIIWs?O&iSe8_?`) zZPct%+ch+;qk&H3AjQ-9j79D|$c*=1g1y1mZXo77k;up!3euR29 z*xTo%B^{9VNM?~i<@)lW6=1Sg^ z737a(Gg&U(A~14G?TU^by32mRRR6OuL4n?&`_ZKTB?yM zq)Mq;`b2ha8l;kLOLwFWXz4vM%F)Ot^934T_MA3PW673fuOG5$5IIN66|1s&SN}Pn&^OvFy3*Deb9jM#h$LX)7{`Y>vj0&B>N%i!>H(miCOcCiBx@ zlyPWGnMk%ETapO^kdvbVUt<*z0XYmYLj<<@obkllrD#($D~O6&#*=`xb||J;Y{s}^ z;i7~gWb`Pi0iQLx#+X!8DV{MF7!y!$Q7kfej7r6{x06LsG${m(Rs~+M3jLEI+A$do zil>YvsPP${ih4z@qF+I0EHhY)4py&X2H*_FJY$Z*Wi%>Q7$9arr1Nf zsZo?dOE+ufO0_CWRiWz8^s#DG^{QT0uBuK|tLkT^sk&H`Eb7QOs|qj+R0LL|s#4XY zqOvHga#fjX=|PDqPlabq3{9}OvUFAS1CAy`)x&zk>H=RRvPi5e;Oky%Bm ze4xVi(jY=k4#fZ$ai=U8b}Ae^%xxH>xYTI4;|#m#bfI{`Yg(8}k{^Pcf|JozU!Z%)VLE%7>m8U>{OoRoYOpS-`# zf6pfkz2N7S1t0cla82#c&A);C9e;M7v`^fJT?;>KR0|NoK7OA!Put(*PXja^ zC_*Hef9_qJKR^&<-urxh_p$-mNAMT*$o%}$JVY^sKff@awMgC14D6Qk7v-=fq7glocsTXjO6t5Wyh7;h$$AD$8~wFR&mgn5}3y7dpZI%9}5Yo|c2G`*<#JKqFEE&uov0bfQsc5IRLxl1JngxkO%A z(LN_TStwbNNP$z@kcSM*Yt2?VEK!hITiy(U)3yV zIytSJZqAA(>$acoT$l@|7Sp2IY$zokzU#=DUD2)S)_CxK#UtPeb;~*tZ&erP5%QLF z&+iL#`}|%0-2NH;v0@nk>*f)j5#|Vd!YtS$%mUaW zDx4v5h_3tao=s>L+Jsi&|Hs;!f2EPVd!zSHbDrWnYaHSj;}nO)#5nxgtG}IS4@pPA z-RYP(Apt=KK@gcWiU?LoAyrZ!QwaznGODod1L^L!&w1Z-?>hIMz1E(0?b`c!KF_ds z5fk3$tz7Mg_P^~6P7=3?gT!j`AX{?}E6vwrX>v8;)yOJ*1b})5{Q50ZbGw=ed4?uW z1DIXS(Oln$R+FpL+|8eu1o=ys>gWfrPY$!`&%Z07m(ug-_4ESz*`p_7N^L&Kr-mrDBiA$C|pzc|c=_F}r} z&~{i2rF{AWNUetr|NgcE{(tg|N)n(?bxn*XjFv>Lu2|R3DAGM-3RAX<+=i0C!9w?0(E)pS@(f%IzP6odqE=c%n94 z*tKq3&w=Nh>zC`qI<@XTcCVkVXZ&hhCys@0EXUUM>*I@K>#<|~9NuVJKU**QZEN5f5S@NLKqdIKA3#|EXrVAwZYZtNMTjr)z@ z#@3t2MtEbxF#Xe!;lyxgKw%Vk>jsViF(?e4jpznwBST;#l(yjq2Cg9nEw>w5!`+5^ zLuAmw_{qDgjrhj4Vb>rqhz+5QO~b{;^@e{#Y9QBTChrE7e)j79xAhjK>HDpmo4DCn z{#9u*nT|{t&zd~uNlXY&3%Y67gqn_cUrYv*ipMqW@peIH86h%FI+NbC&r|cnFiOwc zg!I^S$lEtzCbo%hVnJQQQ{H`RCp9m&< zlMK^W-ic}3v}2OI(U=ZQbQ8)m@HnO|liYN|6Pi>eBaA;ZefsV5Yr((oXTGibpXq6O zzEsOPls=`;VL|f>*uQ|8Fk8(gb4B9PtT7{CO+Dt2`OM6`)tPN(%8Z(K-Z;#9^Ad2- zXg)R51YWZnMje{{kY1Uu%?!bk!1QmS;l%7R8_b^s8v>u1CHNvZFfR&96IwG{AbVpr z@0$bf*97P0V>4ZVo2Lb*JiA$HIx_Qq$w^$8mjzDqXMx4c6kz5XnD<*)g>|k9c1h4@ zZ`NV0sjxYpN{eg-HjpM;9;EfQDM70!%hqhGOyt{YY@MQJ(D@H-@;4c_MqA#@Q&EMj z%{Cw^w6%yH*cxn)MLD)UQJbj5mTkK~KVGP_^@twX66am;R29tEEy}f(+lp;ym3ZpdGN`#GQt1Ka{;rv-8MVm$@_q5kLs?Ve?lN|X z$Zjt+vLjixFLIgZ>zd7iS-{tO)1jcQdK6C-;Lm@Ezin5zu8!W=uN+t13i8T!)dlUA zE6<i17u_9O+tOM&_8>|kNK|Z3?rFQ{0h40IQ!%D5JDmbL9 z4^{?Cg4V0l8{x|zcml=2TJQsELN&o2@B$h_jiKsLJ+xFo1SG&5$KkpVrE;ot;ZzIU z#6f-()`wlH>-1`z5m#hP?MQp_pu3|wwKaMkWq>CEtJ%GYUB`m4P`cKh5Xa#JwIl@l z-T=1HeV7{433eqF;Gao=?vFr>9Va%7hWK$;0yCT%Oa|OU@CcLHbjHJZXP_x=%`tNn zm8Gc}Ub@>#_}tI&B1?3f~Sm36N2Xn{->BPI%HY&+)vIU-zEJy@ zq{~|?S+qv_Ls$pgj)Sd)dEwpBA5tYQ$aQxD_U^jf=~G-S>3$HUePr)p6Ww!o{H9Cy zl+g|A9)joYkNxXDusEdQ%wRSUpw)4RP&b{MNS?)H=2>CQcWM36ZF_9%0cpH(2AyZy z*UpghJdH4$+YWiL??l$GXaw$Es9N{o?w0XbcLg(pgoEX<@N6&-U%(R}z?CPqUYmKF z+;+MhZugZv8d!R?FI$G+$kGbH*BN1K3a-Jg>d}odp1?W{vf$D%?B^0F-m80>$U-ua zBGy|4FzPvDoW6J4K`+#1EtF_uhh^FfZ9hG9*hinDj{v@d zhtG8{>67$KZJu^?Zkqmr{)FBN?VS)KhmYu`+WU`z!>hx@;q~DJJ-q&mo;+-WzLm68 z050Jje}(1Ole$kjKKeA z#-eVGvC0_NePRsjJ~I{>Bf1scIAi+H`TttgUwPm6f0h2qkKPv}iS=yO&FwnizXo}T z)FDMk36h88BSoy+^;)DA$z??VgBh$+B#TvsG$5=y!O!5)vwDyMm-~ zJ2~~74o)fO(vUPn3}u``PA&$hH)LQHoCZ!7<}utEt_(R?3n!1$#0eRKh8sf_$8Yc% z3OJM@4=dta8+zak?Hre(mD9}W=EMwboJu5ac*M!Xayel`9mj2`g%Q=9V$K5&Wy;1f zUxPh{cN^Z{n~L6+K;O4e^7l?OfBLGacJfUswY@R+)aycDlY_pxC0|2dq)4lhj^ z@I3kszFU%y$UIU4wxg9SB#Xd9+!OSW3PB4g|2~`iD%cTJk_F@gvV#-~ddYTDE~q09 z(;lQopibvc$Spw)Sxh#NU8GjflMoB4Nx|9^SyUATa87UGR2m;$Vu!d$*cI$l8dD}$h|1BMkG-tl;hI(@W zHM)%{nzAj~K8wH_+E|dj5DnPawhhs+ZPB)u7`1V2EZcL@CsCDaT{IRpTmjxwhTg*V~uSUhMj8)4}`&u2$E@HuBE9-R81x*ShYUO)iVf_ofJ* zI^WK9Ik)efUqqQM(S4&U%a!5sz_azxmvmOR%3aN_e3u_u{tD{EjT=c6N|QSo9<+*jc-7$BLC(o1E$@Sz&i==12=SyKOcb+uv*1hw&gKqzuggaN7 zCB5ItkY2k%+MSo~D|e|EC9tMr{gZ>_J!_t0m9l38YzRr?$=Qs$JM%IbY^s{wKI$LN(3=rF7ZT}7_IV^jpM zZm#@L`Z5=BUtJ9;yiguc#I6Pvmsh^4>#I=(*lvhm;jdmQTZ3J}ab;6*OgXB29DJel z|N2bX5^M{$2Rnk@LGbymnuE`koxz^qqhKhF$>vb6>QSgq)e~wBHHF|@5NZ!~g*roz zLl2?$MAZ@M4m}CAh0yRx_%v(^gZ~jWh7DnB!mWA?+6gS$o0n=Ycp}j^7ZG>F6B$>7 z4v9LVx3jERNX?9~W9zYStZuh!cQM`{*T4T9*T;|J;Uxq-Kk~cSo4u9HgVa1N8q<%h zwEWlYw7_jESpP?~Hrjb24y&{$>a~s98f~SvTALbq`(}yWk-p9QOkV-}UaMWCS82<& zpXhbaU!h&5H>Ag<#pDIoILBt(|GWSDM1l=1E%T{)z_WSx0(psyBjqf>D{ByOB*u^lq=M!8sUI0Z`jF>{ zGvP`MBPFad)++@3K4btHMX1CxWD*&IdMP~jzlQ-%DOL^Iyc{dWg!A=S5mtvi;S^vG z@k*?p<9=U-)q<62gjj~<{Zb7%%*^TIG+-rIA@&gJ73sE`bPC=RD`g)@@xgDskUj}cD3gh^pZnn) z3781=g))ooSanNE5wYdf{P zIVS9eP4CjS!G78yHfdS(7VSE{1Imve!kv{)!q{OHE~s@<*ry7jOt;NY>f})RXP_a= zK;u=Uo>j-HVJ#tRNHwdLwSqjx77;p9ya3;90UPiZtQ#b}3me48feLWq#Q1X^*Z}^F zld6q!+OSUSIh02@!<5dH#2SM$g4QM^7`%dbpUCA$`$;|)O9r}!}b3?IR3 z_%HD)zC|FI6V5S721zI3c0q71SSLkuU&sTSSY%E6OyW5<$$~zuO=G*=-u}2PI<$=e z&A)}a?dPs(*OY4lT3)$cxL&%(U6Za)>Hbzvlc(8JCw=H?^E~pjfUI=-x_sBNqJ^NW z!?*XxxFUJ=QZWs;B%hQ6s=?4e$Q-_kyi#98si-^pb$M6Uz#8N9V*AUh`-!DBus*p5 z>*6KB zG>1~76$~}wNT<~u>ZA;VPNS=OEoZQRABaw`Qvoi&>QJ5Zy93>c?pU|4Ye~u&m~Ky} zWEk%nlWNeEJmd?qi5%RnBU^|FVIV?;4}bbWfV8HN%#zPFz288dC7HzQN2EgM`3z3NjwT1+w{Aw{H++#>lTkCY^KNTO zWJ*?ClgT8=GtIT^`s`YBExMLmiS3+UR=_%e?D~MWfTb?aV@SJwjZ*aI4v+9{y>$G$ zCh0?Ir>6(n8>GYc1HQ2Al_Da$k@fm|;Hf@{gT9cg-}e|wE$_1exq;`wi~#fX(@!%HB z1~e038#n1A+9B<*7Uba1`;)bgxQ>7|bCMdyK4T+!!1xMpGQ9`Qw(y8GmZk_`nbpCP zBkim<7VH6e2^x5XGl9LrmN?5CZhG(C{4V}Fj?VFtOnepAcJk-^K7pF_3smG5+(-d+ zZ0oKpNiT2@?DpGH;L(b5IsG+tQhl;Ksx{0BlQfRWrWBp*f*#WhrM2@jt&qM&Pdy`` zi_&j{dt`>5p=BJwTF+qh;C<^3q5Lf#kP(!T;i!ikj(2yO&HK~xYCpyV-mKpv4=G9=KGhvW&VA;W?z z!L?vJxesGgA^DN8?TIY5UD26MEdp65btDN0`6{y7%r+cK;LE!BE`f{d;<(tZTuHX1 zKvF2-x$-0|SH46g+H~beQllivexPihXVf#`8Sy;zJdzHlDcuIXOuN+lVaPL>uAlz_ zCw&L10ML@JG`E{2O7FB@DmdP=_K@YFW|~4XY#S7jMtz4&(A9+yOISOLK$#r+mZm z!AkxC@Ln?j_j)2a;E;hbP8chg26+m+0B@bMj49z6AwCSq7T`mW!fgpzBoVuWt}T}+ zEh}GP1o$4l{bWUYO)z6FcLC?{J^gR z=|+Y{cgny3H3r5ZG7QgXk|V6qKc8iDRxuWEUy;Ub-|H=WgEPuEk}*LXZ00`j=|EI0 z>6AYAbO3e7eYY~WvkZ)ePL~I1FSReU+w?K5ggy?E=F|}koI&YaIt#puOrz8U>AB9P zv+Ll#m|@kOF&sKGLj^cwzukDNLr~-x(F1Z%Af|!=!H^>;YmwvRbJiHF(TE_3e1VN2 z$y4M7>lw6Y7eK?NPz&)3#=zDwCdR?|91drbL&F4|4UETOVO-b~nx>v}ZX4ghMYuSP zUnwrf6}SYK;m^_(CxCKR@{~M-97~>)X7W~$Erj#3z(nHYktk1?1Ulph?*$ezS4fhX z!aG5h&_=p!7iq*gz-#>$_GZ`LW(dpv#d&MD9g5sGt%$POY)+fUrV%+{Y^g-*+5xUs zNXjJJt`dm^%H@FPlUYC?@a&VvGdJxS^SttmdtP|DrH`du(wCkI&m{Eq0PQp6i-6vH z*@Q1C%antTNhV~UeUrXB*(cvC-?VQEdaWO70&uOa_^j~HEh4+Y4*m4@ zLg&`K1p0%<#Gmu?g<0|?-(>J*h*&;L)A^J3m3C4)t)0?NXr=V^h15v!!x%vwoDg&# zNQ*z1(<2=WCnKP{()o2>-KFkEXHR1VPB4IrRJfU&WXazyu@+h92!WUY51&|D*ee!^ z*boO|MR4RZ%YvAZah4NVX4#P`))|bMW=*id=^4syZNGk-2`Kz_i}U$c5nv@U$Hn-V z0CWB-#5OSz;6sc>=XhA&g8lE&-=6x4kMZ@ee>KEoh`ab69)p>6_z|wbg`5}sef$uA z$=Bis(EHEeCmnwT$xouUM_Tz zZt|Ke5G+qDD_Fdc=mtElV7~8y`%e< zeYtY=k8lbBOfq~qa++_=x8h^^YC&V=%U1!F>%K2O+CpkqjcF}b2k8o+^I@Pl&=jZ- zG^AS>gCN&{(dppl;8bu4YQT3$UxlVZjr`a?81qLI-TwQ{0d4D(e#Q zA|Awrtgz@TCaY(5_w721Lfi<0^@X*@qOla1=YtH}#>9XY3AWAI!K9cRuq1&xXe<25 z{RxiZ$loZ4kd?sE8!}AdzgG!wlGVZxIRgF&;32vHeWo2w&$e6OmQiF7VWMn%=6set zX-nAdZFjZ|d(4(KuW{*JN3Jl)iSZ|`>(HeGEwS!7d^;d5kh6WUWTBkpYYnsnR)K!Y z!7s{Bp-<{)1T08wGe+C@FuV*UtglvRULK(h(}qBH!TWr_q`ik3RdgkteC=mQ6SumA z?oP-3?vmjH*-Iwlx_h7rpOqR7>qo*!2;s1<5J26pY!(aJxvULHd8{DfL;T1!5`aFS zK-zE8L%NIYVQP4@3foE3Ce=Fy8WzJ(aU7rI=YTKu3hG9Df^Wjdp#)zHEm888Op=Yl zdqDji86)Fly)eU42Q+LFJ`^@Up7>K93W0V75IbJy*u~#*7fwa__B^{u!~?(fTWA3c zBQD+BR>?z2v*h+;qogS<1J0jVp5EVwq#GW#r*J0MJ|Z2K4oaVbM*S=B0i#@Bk(>wl zrjO&>fE-T20lI>wSOYqP!~(ijf~!F$;FFfV!jq-ekp)2y%}ISW)B-i6ggZ+I__iu>5%`XXEugCgXhOf8tN` ziNBGQV`&z)!2Yu>S(elaQlZFBh;Y#Zdoj?VP4Y-mKEwB*E`#gD#q)4Hn;tI6=BTu6 zrVwZ?@I8{kM=ngsj?`lKF$5 z>R`Vj?iLrc%-bct8DHd|;rTy;&6%yA$%XZtiAwBd&@KNfjH#A^BAS&w`l@#EyCB2+ z_L`BU&xZNIa-mu17N92w%|~<5rkSdDaLDnK()=btM;v0cs?rUd*Lusu%g zM>&-Am>E09jxaT+?45$sGIN3%F%{<&`^qt4It;^b48gRR29O6|eX(BHljUz3I-u0~ zyXki;?!s63huAs3%qMXM--dtT+i@nJ#$V^J0TSu_=9v}9oqs=>nhj_yEVq=;S6T8c z#g;rv2XLb(&5Mfp0!zEFeWuJ(YI$HOu@qX)MU|FTVMV&P64vm)LNoB{LR1eaB`Srq z+-?=s*sJYzcBiP)USaP6N;^arQI*{$YOp_q5w-R*yFE?YCvZ${n`!vi1g-xJCRe*e z{~ZCEp+my`0nU#S63Up%B|3xrTR4T%BVkWk0y-sI-*rnKLwQVUb{Sp0P{Li!AG_h* zsUY)+0XbmrJkO*O&r7M&Bk~A5yPgX9xK!a0dR|DkJrmL`&yMGnRPIrEIImNqf!n@A z-?mTblc(jSO#am;^$gBPeVrfoeWmgppTxK4Q~7qGSL8eJ6@z_H`;L4HU%9+QF7t_f zTHkYNRhnAD+ix>=fF-D&ZwovQuoYc_&HzWz8`uEs_62$Z>xw6V_5e%4RD20`!#J== z>68|PUsu3RI7+sX4rNAgEx4gvSF)5`CGha$OV!8>9k96;fkzv5eAHYyag?KA4x_Mk-LcREu56qpW%A|c#&#EeWLb7FQcHNV#3&ctbW)3wqbW5 zE&<$5?;fs9%+NsQ;Z8@Nr_a&X%}3wfFj_z6>kIUSfdA2%LbMERhp{E7nDqb!$wN!g z2)qICgzf{zNle4BVh0>c8pZHk2xxMFvjCAEoWjqcmCb)XL&V*G;&bFjklMGkfVNIy zwWUi~W9bHLf_0sDi`wih_D6P)$SZ11qlUe}1#VdY4dXLb*UOnciOqHHx_R6789aNB z#HIs-f#kDIYK;tvo=kM3FU+Lg+F^cseMv*?w2s3UOF~$RZlp$s9uo}@l zRu$TSDp{3iJz9$@SSnTxDq&TlUs-C_K5Lg%ftI6nsEoDElBaEw@sHFR0+<_U!RKE< zs^efBlw;zYa!!DPHp~fa4ouH+VOQ8O$BtcMJ`CY_Fe69HF>omCkmH3BaDq#xn+tb% z5a;mYcm((3QJlxW0@`{ZX8qAG4B<;N8~j_S3Hc(vFHQ9=egNn4WB4^5hWZV@$-l(K z{3DKlzYTo)EA$APEv=R|OBe9wp{2pn3w(KG>9jOi>Y=61vI;mId);nnw6s|Ipzn#W z+wxf0VR`)Bh&}7wU$gi{z4n)qXZCB+OM6t*WuKY@?QL(j*SvpW@3zxslA=4&n0?6Z z6NN<~5q;)H6c>Rmu-}S??Ge$XXw-fs3W#E&9{Xc^C!nC;{=`0DPr#UQdr&lJe`;U+ zzR&(>z8!FOFS>u*mX<-vH6$6AJeN3Jw{J%zW0HWYUvdGsc_vw(;mmklF4w5!g~SOh z!=OK|T!Rw7%jbF}8F3Cs*fWIQJg%qE+c8gn|JQEZ(4Go+Z$C>{rPI<=kIqAQ zP>;z&lYWAK!iIRxJO&T$IZEpw%(Eyx@vKOfrFze?N9!?qmZYS|41Hpt9qz+?t$;|q zuR;Dqe&%bFH_K69r~I*;^fk#1zAm}dXZ9WY9?2W!J@QjuhaB;>$SuBh`9rzM*DW`u zH5HLg;l3pBEU=|`5#TBKil>3Gz;HmM5Gc-G4}f0TRE!3m2ZV}|z!22NfCHaqgh7E) zsDz)mzUC_hGrS-NWMMNXQVN3XAS=iXZUi@#{2(JVt(sCXLn|Lxq4m(Gw59=Ug)hQx z&@)un6Ar2_!|Xq>j#wJkT}&G9Xq;f)eGn zk{$AgZ&dn~a(#l)g&wgw(GJ*y7N~Lu`$%9BEQ*;qF^uHgV{z;jv%q_H_)^eeIYer1 zxQ(<7SxVnc+q1=);wLJWskeKbGNQflBg@O3_MZbI}C=G6e7FEY9mLHInB;$~-V^!#n(mRy#(UnYQrM^m^!OUWwtboPW zAG5kql%;1Ou+B`Qm7|--UCujl+DBCxGJaZN92hC+z z8P(9W*~}W?UJvZ`WX3Ra!g`Dv(ntUg+L)Td#>q0~K&marWu2Doc3HZ zL3>4esd))CK1j?lT}NkX;pUqTH@`qVly0CSP-bfxS`2bMeG*2V&{^8%KZfVmVWbvX z*T28`TX#Iv=Q9hK&HAo)b^1nqhrSJ{RLFd+FJ^Y?oAeE7#1|6n`W$ALzE*X?Wh^}t>>u*+`BI~UgMY|1<{Pau1;C|p zW3jOa@)Bc((aCXh@}OJ>k>WJ{;^I6o7DCz1xd2|eV5hA>XRtY7Kfm%T(kLz?4uG$z z@c3O3@d;40&o3qHF!lkV=4<%n#2&wd$QSSOi-|+Nim&8Prq?qyKRy4#@*KubKpeGv zw!DOV#4;gV6iz{D4C1u#?)AeTCWX_Map6nhxMfPHg?CL_o>^WAKM6krh8ELv6^jdi z<0ax1`x4Zb?W^`8@sj<4m~LOQ(?F&Qp*Iy)pf{5O`J-r(Y-&}qC|Qy$OERdWYXvZ$ zMI``tw0XDZ#1q2T2rXXEGx>$j?|UhKC4V6w zlhfy)%SYvI-=%Lv?(=E~A!>;-F-K~K zF{kt%y^A%3dVoiD#1c@YT+EeD$`uNJh+HuNN`afKO5+jGu0s69o(mMX0ECMcEGs(x zqNP%7UD?n+(O1CSzyb6{0@ls)&s?zFEH6t6{@^gkI?QdXHr5)w93SVBQ)TpXY5*Da zL<6DtzL8h~ZmmLGw$M^3tYHcAsx;k;s648WdO#IW`4nS5?1^}y9-fphz4irsL7>rM z;4@H073_Pb4l0BF@0P(@Z-xXwo4n{%R2(~BnF7h1lG|Xf^~Q$;Yd&+g=%8qR?E8Y* z2L~kw_Lb6u;)B!*KWi2>6CmmSyHxFy<`X>knKr3;r5V>uX{Kq@n%=Z*!Tj1YI$tZ$ z!bz6Ct+miOTA6lN>!K^QcKZ7KmR72jYwu=wS{vO=7ik@Iihd4s#OXU)p;oPR)17oH zU822YiM1sCg06qfg_#sum9{c1AE~#4=15~RReJG#=4?B&iP_0)V-D+|>6@7w^L?U#CukhHHwB=Ay%CA1-)j) zSR?u-Vg=2c1ABztu_n+@Xp;3DWx?2WbQ8T{1z0?kjjp1f(FiNZdV%^`8|W42q;Zt@ zH)a00uJB9^AP@9v`WEk>JumA@u~4SAh8|d6Npu_ z8Qd4f5#uc<#u+sB8k>w)oHk>F@#$=o6X$drJB%UDsPUT9X?$huH+IbQ83Qoa9mE?> zqp{UEWE?YQavvHW8wZRLPVFpw6EY4PpTW%kF^r{U621>{c0cwLj|d}widZG+gn{2f zED}$M7le&JN?7=e+h;^G0rCK`e)fX@iFi&hh#}%D$OnsX@dt@lgqwfDA0e1TAJIuX zg>fB38=>bf6TJkDD41I#PWfiOiGR+YCUE{3(G4RIehcxL_(F6MRz8~;hL!<{$9yMW zFh5C9An7lOGd{*A`6%DPA159Y6GS_)LUjEKXOvse2cVyUPegnAv(|Gi5n74o z@bzLEI11k!VSQ#xjquR2l{m2QEo(xx#bl9NHiV}Zsm0FMS!5Q>!WPnm_wVTz4vf}V zl$JBgu4Pkbw8ZC_!tU99%dutCqKCe7%Z3H948F5ia)16}A^4AGw=6;nOL+Xpwq?hn zwU8E$P@Cimx8~WFFG8LLx9~uRFyK#0@P$?jYB{pB&lbNITSOMRkYQOBsw_;40_KI= zHw$6e`>FLEXm@zx3)~TMp^fjM@ighG!LE4K!~V_5*vpSZr6@ABuPE z4PusEYhSm^?Hliy&<|hR?O*M?c9ETL=h}n+=Gph`h<)4MD2BJCo`={h-n6srGJBg? z`Kx5UM%*G6+Bwi(CqA*%ij`2R7I%o7#47uieZziem)P6IdV8x_2R-}tBS_&~y>Oh) z2LNN>8P11*10%Bz*vTmMjCxFUQ|%NF>=HvVMm?w2EUi=r)eO3Oh-#yx^Dn4Is-Ehk z2B|01rlbto2dJE%jo&Tb2_zEBL#mRhp(dy%s*0+hN-5bqThc|bBwWcOs)t&Wyrd?n zFEDo<)ki(0s;O~`1GNoFF~ygRP_UxF^$_?-fe7rJK@>*__)uPcig^F83#l%GH=Y2=TCYB z(x%xW=&ANfrIObb-h?N|Tj0&|)_SYF<=!o+NV+4v_0)MK(h{#~UOoQ+#!kT7OTAV8 z41cb_(x2nM^JV%$!-H2C@|F0@{5QT&@(O>UpC&K&XZh*!xUbS%+Bd9gp~tM$ix+5S@ht?%9k{8dDJYjTxh8lLzTR^(q5T(D7V zfu#UFzzYZig1~`dA1pf{F0d6?53B?hXK8`e05iY|EC(2YjldrCvfvrDf*nvQb`^#o zA8KGFlt-_%!Q8qCurnr8GjjCMZ?PmAk>C;Mbt`*V7;t z+zaZUJr#CBYNbB7s#;U6sP=wUhQy(*kR&7uEdzC=A$f?dVt@seg_x=@Dn&>P(%$xZ z=p7B(Sl{*h0`ff@QeB6m;fQKG6bZvgB^(Ohg>S>cP#FFMcQSkvj)m#7_u(M)6-C3U zc({B4C>(tdEsW+z3!=qQ@G{lGXdoJn-at7L#nso4qd#uPz^1*+jpxPl~L$08EKkKTc9z;j4y<)RHXeaGmpwkG@LJs(Y>yO2l{o39m_S>)QM*D!+1?^TlWyc}Ev3u=KyTSfM zdrD1srMT_ZL)B_`>Dw@jmgkdRx5x z(Aw^8_I5x%=zZuN@b-EYQaOx)zvdzB_G$vezf)!S%C^wp-;g)^8~ttm$NnZiZ+6JP zF7NfX`uqId{sDiBpDX9cANdFU_5OZ8LvCE?^mq7s{15$X&>K8?yZ?!wFYf~Vw6~C& zk11!#_X6qwoRSv~1N#AOfIqtv*bN*9p86F5ono1i1P%hKfIP4r5C`-yP8N^`w2H3* z&g@}Y(;O+30bQVNfecze6YML`g1brwln#`xAQ3zYTm;R*mOu8Cc4%`3twAbi3!VqR zD#4#vP=|KGpZ*$JSFu$4p}o+>M-|kwBDs;w2>e!Fl^uzzVydVrCsGkDi*kN1jb=p3 zqj`~%=;XV2)EJFM33V)b3sNqP-KuwDlGq*G*f;JD##iGjaa!EDLf7wo)S-G*Ji85? zk^zSEBeIxlrJwmlf0>rh4PzD?X?;)l~xybHT|1YVVn z&~YV$HJr~Vac)TXA2$qu%-eBN*x3Dz~85) zyp#SZKLTqA2ely%yt_D36I}z!B%{UgW!UL3bA-v(r$%q+hd^?wK|(4aR+p1p7k_64^YVQQam9BUE#oHm&GNHDe>vNPErPxT@pWV ztUwP6oF0dq5Kcn+N<1z8EPf$g6)%dNv!BF8FftX~vlvJe0@0L0HslzEOKcQDX(V>a zOc^93aOp&HP8~@sl!1bu>3LBYrI$ospF(~Dy{FWn#7LPaoH9zzC@bZlCVwU*h;-Te z#Y^)}dl}wOAa$z{wNg~dggp0m9U#yoJ(04!YhJzdvlo{xdY8O}^i+B*xp;jfWqZ$H zgh9IQJ(glpBb1f$B|pUVvg7#U*?1|E#j07`ovTkmJ_rYZFE|`6D ztTZZ7uuOWTKBW3hpgIDXzyA$^6bGlFr==HK8(`Uk$=}m*I(B~8>0=NBeG*~zpu`UWk8-8(|kt(pOfl@S{_rxGIrsv zFkTveyn8V_0Ohs#*EsdJ^nQEKeBr2BnM7lyEK|cYe7@xcF-s~ zqaNmQ5}@lgT_Cl!)*5S_6?B%P(m@lOrKE%eRP+7tPnG>#{~o;ODv)=Rd$XizVn1YC zVV+}n9(-!TMHGTIX|Oh0>*0CulZ6z_M;EVwTvHU+yW!<{EmDDh6C@)TxDEsY`8U2< zdVGyG%9Oo(#%yM{ux;o$iokq5+-`0M_c6DN+sV}|fFHl-FczWfHHF#<6hh|Y!rr;37`!kbfN(Tz#T{=Q&A1QN5Qs*K#tMrO0r zRgtFX7d1nD_8~V0{>83&{^I`!@>6vFpAB?CRxkGnx5?UUh5IS-me(T@dAIyupq-;1 zV?GDFW=C7u4%A?j|9k?xLeu>B6ZMfQuj%NLyF0u@_m`_G;xBKNjDV-aNP|flq|hpl9G4OPoP_ z!E~Y&>H^%I8v6mi7`(lYYci_-g&U1VD`5PNc(i##!~rkB{mqumAknZHA^NS&u$pTk z@G(k+h+85+#E7QN*3B@{2<<^(kM&yk)H-O50cPUDA?uBBz#0{fSf5y7errhh*xG9y zwuXhHQ2#4LVC;tYp`*>w;AnT;e5`jgJ31VX9IcKP*kPTcDZS4|hxEg>#4ov{GB2_( zGA?4&EtPwbb#YJSUBs!Jiz`W3awEB+LXvss(fCIcD6{Le zfgDP_cBxCM00c_CPN^MstMsb8JKjC7%&Yb~V8ppp?k)P4)UTHx$&cka`Ho-g7x}M0 zNB>86lGWelAuPeWo=wmMf` z8_7}E0QcIWO!cGay1FIW9Bq$wMDqastn+eb6$;ZWqSq0i&c=^lff}$Du$MJAMd_YY9ppW}PV>{pnJ<~1 z`3^SBfVQ#SXgic(w2=VZ9RD`JC5>j|nQ@S7HJ%&2@Q%y*?6b_X+_Sv1;xo{RXGLee z`K+^hKvUtFANn7h<(%c8C5ZOTjI$)sw%GybNeG`?Us%Vi6V^Le;Y;f?>$vrm^+YI+xru_%#X+o^1SQ( z>w;^m;_zMJH6TJ^Q`X-!+|=FF-Zb8vE6pJybQU5*c*qi}kG%ZY5UGpgsXL=Abyu_? zmJfWH{C?^`Si|7&Ol3jQ;&Xq`Ym@JhEDe@o??VmM9wcquJ=?M?42)n->t zs`AxrS|>YmtNO=>H`p%i-&gbAgPoO<8lc^0o@L;y`PmSPZn5inqi&;%z7i#9cp1#3Hfv*VJ1pFS2(scR=nh zcII++vUVyi$^oANY1xHe>XYidxjR?VV{cH3c(0|Wa;4uWKa=BfLT*=>G6YbMO?XQ+ZHzP;mfu86x-ynpF)$L(>RoA{eu#*`j^X^!x~G zOg{m)T|XMMMs0|WYBBAJHb@WC;XVu^*Z`0Up?+Jx1sqxh4$+vsKZ>C&(Mus+X6`@= ze)XTcOO^dbkv@ptp>Y)cSOR*B-lM~8`1c^_4LZagVMove8bed#K5?&&ZsV0PVEhcc zx-fc-0{x}YXY?BT|D=5F*@?IAtom$`JGfbO)^JvT*05j71Vj7*f#(d6x#?Cm&JV~OQkE84`petew8ke{?#`TXOsIfo7&Di&?XKiQAXOGUF zZnm5a!MX>395vT$Rl|C#ATq2>>;KK(dq6dn^^M-gSZ3^H)X|x-&5SyBow2t8u^>tn zK?D(yB1P%F*b9OR78ESl3y7j98c_%(*n2}ojT$vdB*u`C*yjF%&vW1R-gTevuJ`?J z`M$L#YyJ4|v(G;J?EPrl_JWSAV_Ye6_UtT(zwDQuUMK3)Ppa zFIJaVKW2Yv&75r1R_dS>JN1i_mnE|`uS#vzu9}ynFKS-a6qU(q<|I95uCsLJ(#nmK z_2>2H$XRCPv&t{%gAKtcf#qio=~tq801=6nc5)Ol19zg-Q>53Tg9^r;N0G^F#^FinhqpO&AL zVJBIs?6NFR<}SXyK_YV$JBhu-N2&ktX{Ojk>@9W{N2VA@lbzxz7E^y%<{>^Ma}{5d z%@LoMospHx+{8y@7i48J%WaorGsGY0-$y(P9X(%nLRPTptgKiTl_HhR79W=#lNHi~ z@$)ggKz3Rt+f*bgk@4;fjGriZW!kxdJ@Od&<$~)4Ir0VyD7KVMFabgGHKkp#!Cgv@hvi z3j4xf#TD$XB5Q~BwvbN5)Z1X$5pZ_ZP7T%hoVgWQ^}*M=f#GqPgS3acBNERjh7gT zvbRQT;+N1x+NzILI_@E_`cM~3Fa8lx(?3o4a$v)Rj42QyDdrj0N#p>b!GL8&0gy1M7E-2w)#!U`;vDh?rL?3quP7j z4D~Fvhx+6CE7escerg}JzuHwjQ$1Jhr*WZub;+cRwp6ZvZsTrr$ z)_kh*)_kaWU1OpxEqhz@rKYCl2xBQJdql*J*XnA_*MF?}T=S~NRQtZBwx+5^Rb!?# z)F^6{HPtoxnkgB@WomNRgimB|Jc_4Lj*Oo(sn1f5r##*GuEt&Gt+STS)mddsmgcPR z)cNVGq!zqwoFaA8`RFXAUb?B$*}6G851n;}tIk)4w|z1Da#T96HmEkBc7APOt#7Sg ztxxTvG-gygxAvGckE?AnrjRWy_4}zMtB^CM>aD1ean3^jMEX=}wUunT;gbHceth{w z{pmH+40Z;4!|d|u2G?>2Lx>^V5N4QL9%`^-+{K?l%7e;-%OlGrhGIjJ;evsu?j&Q+ z|FO>z?n#{gC$9Xr`kYOVUlCQgR}n#UR3#Z$T@U5NvX&l8nZSBEvEoo3JLvqF%IM17`EmKNl?nN~@^|LP z=Hnq76&vS@UlJ+TWmjdqgOXj5ok+P^V4rcP;9kMqg1nSh8*dfdF0e`3uh^$>E<8YH zKB#aZ(;GjQ$|*_>xoEP|LOD?~QE8<#S58%`sNwmZzwfIx#nsjCi{DkNir*Ehizkt7 zc{fusUmc*Hr`D9{N@~bU#!sXsN~0srCuk>WCu+;eY^3va0XlyoiG24je9_@QVGUz{ z|LXH0>tj;Z1>T`we7(=%qSHmki(gwFzC?5#Afp_}y;OAI$fcZ1k^_YY9RKUxvvyQm zd3fb>)`Kheudp^|eazaIX_8%e*|f?PNe7LO|CeRXO1C@w{BD%eUSslPdP-$5-+!Re6M+;I7I;`3Le3=EqegRPLGGB28`+)}q_xW2;w*xpM&sG$tWGUq2*+~*}iM4XFgxx9@tpROy z4XaF`x)yugE9bb_G@G4$?xfr2QpjNy`FT0{dn)%;9?3tPpPPR)e{bb{aiDk}U*HFb z@5qc}Wv^OrNMWP2km!no)M08vNwE4uiM}LU{jnsJH6>b8TcW4;D`Z37%w?a-J6ShJ zl+)x(t9;t$pOVtsXOwfBxlb%gp;Nt8N4^Px0e z6QePd#%kh-E_3Z^VH+g6Vl*X=Zw!ACzM~)PeM0W z_1ERh4=sZ_pE3uQvw~o(#n&MvgvGnLao|C3Y zSW%_NaxAg@!ODr-v$1bhrES_H*#lWPGma2HlvT>uUCX8N#|1_5V)=P_sr;P0OkN@{ zmp?%hGd|`iUZxyX%s~epg~t@0|A<{y?z(84uC$lfD?e4+qr5K7oSMOAR zE{Rv~Qhy;nW3fnrI!+y}HYtsv%+4WYR>n?E3|_WdvrFT$#X=jGIYrB}!;E^ zn!TER8f8i_+6<}XTPA&VlJS23{2b4zM&FLg@v8FF6KLptip)4erD^GY^=JHLs@76# zFSXU@=M?0f$+N0Bk)NM`sPZJf5`(Vd#7|^0*<)FxI7%EVjuxN!6t?P;{As~6`e3zJ z_!OR0&XDX*t@2sp%(WN+{!5I<<$xLb- z;h&!gDpqjSMAc-~$70tlx8ItpCaLr(<4ebtPAD}iJ)l0Q&Qecgykv{yER9Lo0X)mJ zY`^B9=1Zxq)(TBpYi+b4ItQsCWxDi2a#(F>?J23>2jdmbrIX9u%4Zl38;%%M|BZHx zXa9G6PUhs`b?l{Om*rRF&(W5=pinWlP=@_K6^~2JR(oVjD$UW1D?6k)tjX4d>+H1C zw7wh5%Xo^?jZZa84b_>ZhS%m20q_3hh)?CXrLk%xiF0)6lT-KSnv(~uD=bn^VZDNU zasJ`TDXC{Ep9as2GyF{u7p;0GGmh-JOoD~t#XH5ju=6$I>8kt%<9rF%T^2BreeCPfLQWNyD7gRcdN?@j?B$L_2$#m(qo!D%>`x=kao;)Ah#&LFkdcv zDcd7{A=@q9D}E(2j-xE~w*0RAjyy800?ivguM6(UZ^>)Y1JUSx>MmoQYl<6+bBarf z^NRU}!G)oP7Zev2A%#~I*A-V4VTIY5L51atc~~j1urRrJ%^Zoh(o;D{IenuqBbux9 z;jf3%L*kC~QhG{^cbTcOOLbK_t7fTOR8FedDi4*L%3Wnb#`;n`Lp4X0r_NWOQlBKZ z995rC=c=cr9#dPE9#KzEJzke@B$^YN3CxWhQrU5hSW~1qsVUUV+E}0oPCL!l0H-wh znt5B#U`IEttM+2qEbSbvyEZiKQkjc(CKhwnUMZWcy{Ej?qIJ&Fow}LQ zcwL;%NgAu0A&t@Dm$f@<6Ub(0d}+O6R4q zGV3kMBk%yfa>tE%2LJNoh7*QTLx~}#{EDHx?#+mCy#H@L=l;XJ9LzP|@3oA)4{r*p z3LeP)R^3ztU<=2j@Io(%pYmzuJf*i}_7+c-zf!EWDlJB9#*eqw6HQ^Wy1%>7hKqDh z?HlPCsY3c%dRy;NK5Iu-UH?ROomD2^c23BtCLa zaaVCi;hM_xpfZ?I1StcRK9adAZQ(1 zCM3g0>#Lp1c-&HV>-OpP==SRN)}CcOH-7B()AbJQI;ND*DbF`#GqR{cUrC|bHFF~+vek6Y^_f36UP+f3e5mOjlSb^vJ5=|0y ziMm)lt<vKxvx*hU6qR+Qhl(eP$BJ0=fsZMplo86E%1Gt0v`}SuMznJ8XR@y{L=~>wg@&-- zb~KzcFV$^FoYGGctBj#G0Uo0-{7p5FQI=)~s7|DXsRC7@90jX_RP&MkU{*4YxEfz# zS`x1E*ga$6CuhdzNtZUSVdPeCvq*Q&Gzh&xDwPWe@Qv15q&Uj58UT*wc zRA1BF(O8sSM}N08_cT+=ZfYVjE^>51b60Z(c}a6yb6GRF%)IQ*#&eqUnj4yn%z?XT zBJ1=KRrfbQ8(8OC#xoAwB`DQc3atA(PaCQY*7|EBw7WC?w85#@%0g&+lo8C=UM&mP z&SCCh|G3&GGh3I1Rm4d#8Ap*hx?G)`)PXE~Sa*cugStby*?7qV?ph>0UVEfAuQoR= zzxEgwJY1WQQ7k=Ld!kk%JyaW{&83bWY9DXQqLf`*D4nTy(a+X9>)rG@X-@c;qyBJO zm2{T=tyC$Up?9s@=kg4&{ej-H{2@p8^>^#)D)jgCGsy>EKQ0F6x^lF^W_y$&(h$Q@ zXn9!qMZ;CYk+hosBP+%~$MSzd7UmtPd@JKAUtGmso&@XuvLlv1m#Yg@1#{@OMw<&O()Nq@D2-pK()tTYZmsFi*UpKDynh^uGGK`T@sx)fMVW z^&Ryi^)2-^^~}I!P5 zx^uch-6`Ff+QQmXwI$NfRB3H#ZK<@Rwz&3m?aA7+wdJ+q+9D#xS3h6xsrS)WOZ|z0 z5WR#tFMXgsRPU#sqn}4zfIe6s#E*36>OJ({daH8la(Df{jF263XRAwJd3Fx%i^a5uymVhtyWpHqf{G^rt~Jg)qG<~2inx%U4@ zQB;)o)uPwSF6a(s*p%DyoF&Ptmf2?>5WiDA&wRT*S9w%_*wS+Dre)P9=Ho3l3%MF0{y~(Hu(+(@XMoXfh`wKk@KC zqQJAfIDb!}c}cjwB%htWB1Cdrd4k9amhil;np$E}GNoj4iA?Q67C*urPH2y7PiphE zH|wI|625drcUk8xJztxf5uuONzms|z;tk>DM>BFO^OdJ0O#M_XX8gua zl-{oVbgGvj;UA+sD1NWdkRMJev&5{xrO(ygnb&ka((Agbx@bJ*HDq(Hv?L4EYV`bX zQR4M^8KtRj^xg)s;kKcsz^df6+Mv0qOVEGX!P}C;>dX_WH|h_XkD5=KLalG+Y3*F; zS?w9^?Xm*x-Lmtkcgk+-Zs~lbe#F~_)N<*SS}CR7`aSwx`ki`vEM28n>fh?8mHQa{ z48DfBbu+wWc)7Z6;{U@xp^{6C)T^{edk1ZvlU}Vov|`VSJBIUhd%`e@@uIBN`Pl0k z5x3LuDAO!?UUFFS$z*YIL9!(IUUEh9gXEp(cb|WoZ2tdnpMQVzk`*^s++Fct#gi5P zzV`3(-x~N^1AlAaZw>sdfxk8Iw+8;!z~379TLXV<;BO85t%3iqYT%ujApAa65b96l z`F#TK7QiP&Bt%;BR-5wCIFay-^HSu-QGzgZ5^v055_Kj}G)^RZKU5^xg^Glv`6A(F zkVtT(-gdW0u%_Ju`dG$s0M~y*pL;BL2IpSC_=|+@A$&J6QzXp!K_oO9D-zuQ6bY8z z{3_JptF|`A3qmI+{yZT(3x*AJBfrnGXKpetCL58XeMy8)NU~ z$Ng6F{Rj7y#tOn>#?qH_)^>a&m%_KVgZcg-lsU~33FWjoN56TF^i980?FC_wsUWOj zj2-AdgzLPR?^@nD9Y$v>(eEP8r*rLL`abikNI1{+#mEbA*(f<~z}yRlh=k)Nd?Uf} z)A54vSB^+1_CPm5d`nPK1v_`>vnt1(N-(#%!K5{<4qT0rPwUzpB^+O^> zLaHaeV=V~3!2xiv<(oCw3Ub&;c$1&DLndU9 zrvc^u|LYx2yeIO2kQI?># z7_Nf~I!vc6{05t8`zLZQvIy=`mLiwNv&K<2e#SKu3GJGTggzvc6za^j|}t`>jMm32lyH2OsWJ zvr#0x{S)6}?C0!6!tG7u-6)YTzMn{#kDc3XuA7Q*pEYr>8~5j)&(XzH&R^`qo`G?E zWKMy|2i_u~y^l!P5zUxsXJ;c4%ovyP-{{}jO(aZZO&|2l*Ksv9#}@TO!UyghIztdv z)1UEkeu7B&)IcO`;$BmkPa5NoMt21!!~LrgK2 z@SY+;f)DQ`CgT`~89rnD)Y~T#8l$UgTzdf>7(eIfqhy3gSjTmZ(8m^Z7lke+yNZN! zUD@N%#~{XWjP_m8&6&Z1FeZQ)MvwpegoU#Y>Ms(${aGY9bB`;@*pmAUX6`@D6$$H! z*=yXV{%;~-L@)G3|IhJ>WZJBz?=0kc^e~X}B<5jF&YDV{@so`_*i(Es$d*pfOM zEB1Tb*M25@Le6&vE$Cn?`={2l*}%N7aLozk7Rzx0daciR@;P2ee--%j*EXU+%0l(}!g?y1o{v&5~K?ke1um(7z`$5bH{k&&B ziOk_Q@{7oc{l|}tUysf=k%t6)fcgR$OS@mtlkIGD3m=9PHy-48a(|3J55a1a*(gh@w)~1STuWyIPw%_KM!&%zGwVQnIjTJ3(1qv#+&<+BW9t0&y|dY_23xs zyMy(h6EU!C1N-}pg0KJ-&~gpAmT`s?Ggsj;%t;r7R-4fabL~PNFM~kF_l<$v%a~R$ zr%q{<8T&5!Gk!*qf4{J1g>DrI`!ZP*#*o{&zZLq8WIkHv-4#7v!5&WNVIce0pWRs( zSBZrEtWP@pBo%+^$QpP$l)THn`$oY`Z+O*D<^$JR6qicLN3ELTnw~nl-W{hRdXp!(2Hmv(# zyN2YiWajg5EPF@`@;^Q$W)4e|Sl3;6o^l}88Ltw5E5)_}3H%pW#NDQ4AOHR{7n}N{*9gvyar}DbE`7uj z14Z1cc`(luQ}O9}#LO&mJo%t7P$cBg_hCq5%*J2dzw+j{fsD^_KKo>RaV0h`9nYQ! zTcx3k4D#{N319oagS~$kMQ&P!zfo>OTU(w-qUiq^eK}(58MIZJV7t!v2=|W~!SmE$ z^ioeGm`45(D*6tCKBdhPmw8cHjygCT zXDaS<0w24?6UpWii8SfJKmN~YCKfx02xnUD` z{&f^|l*sW(%3`<%r#SBGfe*k7=)iiWr|u}Zrv6CwcpQI(Z#?k$aHBTx>$w0=X1IC^ECwZY>B#rUY~%^J4LVrlkKN!6gcC1WaA`F0O%7=UJzx>2sM~`) z3hnT_4$uphg9MuwAfLelSipQ0$k*^|An^+mv5P716c$k~1V4_$;UxZ-j?Pz6?n{11 zMcN?kArKZoB6MeOR*YY($ypVwC-=q@8^qA9`66K~eaKiVtniCn=-_pdh;@OzLJZH3 zGepAu4I;sday%SzVywtqD1lPA!S$;>S#wPpKgW;Y4X8LiM((LcerOuYzc~TDpv5$i z@P)cvlmlVw65@k(XaPQbo#Spxu`BWvbS1y$FefkCucQ70b&cX!W1yJ2@yI2xn6+ge zG9G`3B3E6Yd=6eh7-&EXSHXwa??gO|XYRA&u{&}#xh#=#HVk1tdB~gKNL=@F6A5z4 z-;JRUq~Uw^x5#-*SU>2io4ZJu3G*qhgFfgvU;}F{Ws?Qi4JN_RX!0-X-P3gZnPXel zyWL3l_Ut7Ek>J9Zyoa&QBS+Hr2hJs;*MS+_mqG3fe7A>D-|V62|CF^zctyOeBKLM!%)Y1tdv|=> zi#)#(V#Z@P>YJ0N?EKh^(6_;wU)R(A88-32eog#YhseVN$&I1tM^Bq9uK5vv+F;;4 z7rroM8S|&^2imu9!JeCT#rRx2`;VDi7t6V4(1G(w_~&l&ctiT#1XnpJ zMK(oGduelsaxvV3gu%on_H<CHAgH_UtPX zjv^mGOV(6(@?!vP9LRGmC-R<r#uxb;UL$>;9Dt_x4;pOpAZM_7^5}g+LBBTi>FVxjefeb?oFe7 zm-@}fv(RQW>j$*zh<{P_a-P6@-4^Mf|l{DiVzUPH}zqTA91pw>J?9c^vni%=$^r9rnEai`8)Q2WyqHtA4Yx# zAN2cfB;!Yx!6EY2AKWvMJw^-0nMv%LB0WHiZpFxQY_$bHZkB{Ts2kK=B=lwM{_vD@ zRn)HyVy^h(o@2S@6gezR#J-q3 zbcFrR3%Fr{A7Ilae=vtl#4r9m6xq^(JqB^I3|`YFoVl1flVdpN0(Vl0d!z+*Rg`B_ z?#{Tc+pta!#4eCXT_zlbLXf~skU;=`T8;cE3|((P7nHToiE<47e}nrE-po0e0^ZO9 ze+tK!Y{@4B8|9*-*xhp6+ZB2{P)QK|{(l$QD!a!7cbO2-s&Zb019k zfG_LCaB?j=u;JJQ#%|+1;!O7XvE+R9idH$%?dPV8-C9+|AYJ4He^JjK6% zK|X;5&Mkq#lv`{kug%3*Id<;GvjBBniJ4K@@ekw(>cw1poN@|nH^O$<1%oZwHzALJ zrx`gC={AbJBC*qH49`~9*lHN-D*h?TWG#d=^zW`w;r2pK$U*0Ys9s^hk5YV2drbhmvQBhY#o{Gn%y}Q6vmq zBNBYEmj=eK;=LEKvxxE~2;jVUJmaC?sTXb;G8^45G3r82_=vO%!dJ%g??upV8-CVy#f0ZXXlcs#PQ>jcdu)iVk9y-D$R{lsOH;mgYQcEW$9L#%D^hQT z?QF@d_}@_UaE4>A2JAoTGbe1j3Tz$N1L2F=_2`%SbZp-Q*_L)g1``{!k%-8@=sz6! zfc2soax;Bh!N;4^|1R3phZg8%74sZNxj*LuU=dvA_yx?M{0W@6#u;XTD@4r4FR{l6 zt}TL)c|1R$_e9DEIA02~hP?Mdce@$aI!J{W)|jpMLW^&BCt$}uA40!HU)KZZ3e zIT)~i*JkWju!+1CHuc57(N#40<}p5yj%*7KusIYT#W&9|m(}R}`ZUHegdB)(UEugQ zIb;I*xnfV=N9UdJhgs`*@0mtk;+~HLf_41V{homHQCI^pD~R>j;F7-tQ()hMS>gqi3B%t3hycV^k8kI z{VDW)q&w>|tRzQ-5(5&}sj&j@u;EAArE|O)!nt-!U-r-a$cGbo@66f~?1>Lk_Ups* z!AN2SX~US_Z06lSf7W~USI&EgN!ksfd;^|icOUxLewZ&W}Scqwvokh{Xu>pbp}BIfUma*Z^xMp+ATw*7p#5 zRm6J?bJUXqW)Bq!7Sw&uy`GYb8~sV{!;hX&_e(N)ihJ+JS2WaJ=9Kmzi%i_gVuVvG*0`WyQVzqJJrM z8lHJSq_RE||}x&cDP*e@70%j%w|t=X^UQGbS z+-nWxI5-T)7;j}f@1YWSK15nA;Q7jfbrT(!$1*PJ7IVEH{e}DUols+*NAPP>{vUCD&sg5ee9JQuV>O#azT&tAeY{L3e=o-mGT3i&-#^J6&qnZW zkLz;0L_!zpcOVy{%bvl+UjVrU9~!oZ=NV-ALf&Oj9tX#L*xPNU?8kiL5&v38=o7*FoVgIF|B}VVVRxl(o5BzC2W6(}yU4i$**uSr0zF$ z?8$MbWO6mUU@mr)O`$y5Pnw-&wYyII9^`@J6Kf`)7X)gD*AU9Kf;>dd{>W%+DoJ926gRu-i$A$RW zY4q0`TlyxEZ$vvbM&`x5CHRyL z=Y2TuiL9i}gjFIO6Ft+eJAJoh{-fy65*iT?pT`jIlml5mvXCzLtQXgwpTV5{&_Bmt z@Sy=n^=9_{v@=g94rzOq@+OF9P9Zb!Y4#02BTu0hMO)VIDBd0P>P?*FzwPYZk=mW)g&pi$@vFl;BQ-GPUDtMW zO}QC$$2tF&^BNey823_lmie}skN(*kEcR!8UB(`n{Jn>mT1x#pWLMf$Q!j9QZy36B zBaWll50Vc|h7wEY?J;xmVEhl6YazNcM;3{AR$z{i99uFkxwRme4CeUt^WkD)wp$XNaSftl52sp;zqmDUp5|_bIqbe0IX8LYTXR ze!jzAAMm*zeepB=euERwjM&YTymTO*{Or!22fc_HdlG!0uNTbwSt#+1&mRvX58^kO z^!t?KJbbVM|Iu*%BiyBKEOi^;K4bMp?yt}9D!A_p`ZMSH_Q<{HAOg9RzF%_P?DhCx z1D<`5S67j*VL9bj-0KcH9)fKaQ|FI9%((8aW{lH;y+I>%)D++2STvoSggrlS-!IIi zg!RjY``a8n?Anm;TY$O!8})z7oOnvOPJr? zVc7Z)>^fB>{D3`ks6QFN_YL^X6UKiPdJsdlu$cPC#M$?ZxiRbAm?i8t(fM2CLe5PK zV&BejBI8|*{_-fhBZHw~M`9Dd?uQ*zoFC1(bBucpdP_mS8Q$zi@Xz_Q?E~v6_hCE+ z^fWY*Ju`lOk-AQ_cS1f*WPaAXk7ZmXF2-@PR-xy!%)c4eInbs7^WBF|{@|L|)bB;l zPq0CEJ->56M_viM17IuzX5q)2b78HUMg0@TwkMu>ql0Dk_!ZAS0y=6d;@trHzQbOj zBmVb-yt};%`{`Xg%X1&+RFM!wUu#3zo5V3r^xJgP*d`zae_+h-S*M;F+brTcP|h`rI_}r8TId=20p+o z>RK?qX)q4Ing=1U8sexskE{dAl{iHt$Ikat!xhF`eP!bE%>U+ctrYsMHx zAl=zhO+Y>zf?rYRM>!B&u|*-rm*73ubco`e61w>bd4TgHkdwd`yulnD4CrJN20_d>dz-Ec@go>P|NW7J zz#cA-p`9c9Li#z$@oRWX`(}$+qp@WRWE*fp_id5&h_4Z&@K?%CFcZF`ZsZK?M0qK6 z=XgD`A962JMgPS}IoL18->Bb*jDU+!0e?X*^^U}*ZyGs^_;0urzhYdT$medX9modc z$3o;&&_gTM$>CrJqc|6c3<4QMavZXp@6X^Es9*wpC#}Ff6ZtIz9A3%2;a7ZS5~PAp zG|%6w=odD?aj;EBzwjP@T8$4)BJVQiQp#^BS7XDGYnaP)=E!`5DQhX`B8Qn1@5pB$ zhqv$^PGY}exCocwj}&|(ot#E{*=F=g4(&XdoPnGH{%{lyLlHcOD$qa;d=DigIVAKL9~@3w;@Mo@C>O#fsVQ4qsv&%AA+NB7RsTLbI*`! z(8GD|IX)8`3#=jJ${qDtQ+%;0?G8DSV_4@+m`^dsV(x#3=k|8w(Fi!*p6>-5dA=s+ zlr-V_4~kgd{p|5W^7SRk+bMrUjv_v%ffvNVD|EIR8N>KbARob72yD(?8qULX#xa0- z?!{LdwBR`y?m-HBq<#=exvL8~g>q9@@?R^~2#A2r*en*g64GGOP<#M+3kI}iJm85h zny%9wXaApepVt+g2I{K682+n0ViQ2jO))HXaLVd@W(**cF=|O z@G%^nO%C@)9}vyD<}-x-In)c`J;h|k7|C93DEqo$ykAP-oh3eT!syfJv;%Y5KN7n~ zupghzdnVR;F?`iH__WGFI^%HjZ}*X6W05_hra5m|(%a06)4(Y_!IY zGV!wm=&f)Rd1y3y0QLoUVI{s5Hj!tp5%|F*=DCc$dOG{NVfbe^-m_pUt0dYIM{QVl zKSDeDZp=I+$SC~Di@x_-u|Kuu-P1R`-zMkuwc$C+4xQ3}Fm_6}!`}A1gJO@jpX<($ zvnFypAME^jhEB!D2h)B!?^u|(E3(5R;uz@-=Nx&Dh~8$+;MfL#r|o5p4|ie@%l&P+e|{j(Y3$|O#PM5P^4~Ga8I0G1`H4Ik7dX%29R_0= zicc)%_$U1E%_?G@`>y0z#n{{MUPD4YDMFs`=3Og3=Cy%!g7Iy1=NWG%`x)Z0z?xVl z?z&B2e@8n%{ChC{IHa*I&BMn6m>>Qci65r>poh8GnR~b*pD^BY$Z@ggIEDHqJfHYt zGjucpIe~ogjvVxXau0m9pP%vl9(j%Hy9w-Hqq!G#&djARbLu#Rb({5W8^_mKi}rBu zQQ= z*64C5ah<|7HPD~FcXlB!Ars*U{ID3GWh?_=6!6wVYgLj?U+>7vetOMv?Qd z$0^G1&DcL9pCA>;iAlr}=$)7+V{D2aOV{!}A3kKu{9B=`(NH^v{V4JxjHNODuz>y?0$ES7%^PAyPMr5; zPTTN_k@)CBa*Gzf`V~C}P@fKCvGoyRtcrO}CwH7AzYTF9)|`lO`dH+OPkCTp<~R>O zZ9yONoUs=&Z&u=XZTIOp~QPQIf1&*=gg-8xnVgvI)}_> zou}5HD2Jpt8cm2d~0$CGE$nk~+_y#ulKt3`4A5FVp-yN*q8sbXEJ>#&elJiZt z*29hWzTw0?$HtGj8|yRo*&WO?IlgIwEq}nq4Ipv|-`z6aV*%_fi1$O-p>hQ8`;4(q zxx++sL~flw1sh@CDd;DQoUxHLD!TF4{_RGRhlznO=6`5AF+hyG-GaWE(?DX%8Gk#- z9JUjWk2!WhXZiTrF?5i}y3v)q*dN<;$CkDDb6@C9pWhO5m+e^F$CA4l%WGn5O#_i& z5`mwPFY}pe47sE~y4lYdi%i%%Igkgqci1fU-LxCLhkS>hJY@_9Z1|D*>*&t=mx0FI z^L6~QxaMFR`e0sjCX>UM!(i@vIEXxrek{;U96ED|W9_2v$FvI|&ZfEWEbd9%k#mO3 zVV@XG`{g`?;7dQxW8XtQ2&QcOe8IO`cH#RD##Mh4&-$IntBh+ZbLp?naP5m~U_V_BJ`8kQf_B92!3sF6=WH z%Ui}0!~D811}(b2O4~u$?|nVidi1cB`8|LP&MzjPeZjuQ@31vUc1I%z-er809`JHm|&joW52flK>H4iA!@`&2IKjS_SsSe{=H<@P<`W%2io}NvvV2mfpQO3_G)`y1kzv?xC`~1kB$@ux~ z#(lZxJ?1(d8ykN+u@)U@xv%kK{Jmo>{r2S^-SCZE&fP_C$GHDDQ?V~Lv%vmN?)(k| zpJ_l{8gq`PZ2Zi|E`gNyG5-;86sy3@j!$gi@5vHUQbYmxoXtM@`;8!Y2ld(h!~bhIIn zHjA;p4{H?Xma_+RM!w@*{Y5;>(^n#GE|a6Cam@{Mb`V`$h4Y+GMovb5Iq1X;-S?rr zo@*bF--ZlDFUHuwKE{vnH=V}sl*RK{FSxF?3D341KODmvg+J|a!#B~xjnRyS<4BH; zpWp>XyYkK(9lv%X4@}`1AK&djyK}_GJy-S!>=y=2=R2E@JYSK=>a)kGB))RUU&Str z4|}x4k0M#is|EI0tV=D(#~$RB1JK7DR+!pxvv3A>|IYbtJOj|jbNc%eu3(PIjKcyf!3w6pRG1BJ;0{e`+Z^t3Z7m#y zAAV-s)OChV;LWiQxIt&I19$M?`Z?eUUf>O`wC}~a-mn+CLKi54n}6V^(1&t=7y^UA zgt?7_jg-?NmAR~k6j%pounE#(GjylTFVK>EjfQrV=W_1`lwUv_^e96T_LV z@THv}_`@B>vK6+$cDM>VVGXQ>GRQ?A|NOm~@waBi-<-L_9C$UI*di8<|82q|?64S? zz*1NS%V7nqgtf2+Rzor*!750E(J&bL!mscXYybg7uo0R;D`*QHU>?keAP58-a0Neb zhiC8{UVt2eAp}C975ZomZQwg-3+#`~ts1cjy5<;Wy|7y`c~Eg?`W<2EafV1i!-{Fc^lw zP#6ZoVFZi>Qy2$kFdinrM3@BTFc~ah3QPq{umWqa0b8(xX$G|u6Ei{HE&=i_Mb7%oAp%t`-Ht-#^g?7*$ zzK0Ib5q^Ll;V0+>ouLbKg>LXO`~ts1cjy5<;Wy|7_eG2iF2Xsu1j4VZA0UGI&;S}j zBlrfsg~reXnnE*Z4lST1w1U>q2EK!~&<@(e_s{`4!VmBx`~;n#GjxG&aHuQe_`mV7 z!r!1C)CV(|1Gw%^#4wJx`*IZ#KT!M>m1(fKe7y9S} zy`dl2qmR~%`&SqVfl$NTW106~(3W|(gHrgG`45FDU;W;nfOp=s^&x(s zE6)}l5Dk~$Havuu0pv^Y4`M7K^b4b45;%b~9D<}!;sD*Whj!2wI>0Ef1Z%K@7f=DW z;SSt|d+;3Oa33DS1oSu_5@8h_0t0*iJv6Z+4?-q1L}!iQd*}pDxZVOe8Qj4Q0%1NB zfC}WG0VPz!Yf!)^(1RAL;3d3)_n?M%@B-e#M|kMK9vs?Zqy8`m!XN^sW3weN8e1u_ z)hl=jBJ5QkLLm<7VY3eKJxHMmHk$_aUf&n)L$0 zc;2}LozZz0u!Cvf3+b>2_Q78G3mWrW+!2~UJ7^BApf$9F_q5T$M|cMs_zd+p*AymW z`$;en%waAB!)nNd@9~G$&<0vSd)N)%VykY@6@nlb8rySEXa-H771V>K&;VLPbNCkO zLknmGZ9wLLpTZ;fgIqQceuI9{7Y0Bt=!hTu0K;H7EQKgo0`U+Hi(wHs;wv*?1+0W+ zkO&{3Jw6l-kMW;I_)G+ZK}-DQN4O7np#{Fu44OkLm;=r*1BT*1uR#Gycnj~z0UBtG zAB};*FbIY~H+;$yVxc{LGz%QT31)*E*uZpf2WPMZD+nTA%nsoiNWgat_(*6Ru?0gH z5YuoL>McaK&mU#|!+h8X>me1E!wBMS6buJ7)DU;Gi8Cv(1{<&i7jOVqm<$ua4W@x3coC1+ zU>tGg3hA&2Rze~ygDv0(F^~d5kPLGn4c0+CEP)V6fG}7N5wIFIz-Cws5yW#G#6uK# zgb?%K24zqJX`$GQb)ydqgW<3^0>6Ogk?gIa*;_#oM34_Y#u0Z5xQ-ZK58GffY=I0o z27!wiDzpg2215VaezQro%SytH#=K?(#z1SCTSc)(mpf_PX19~_uJ zxgrw$z!%)X8$2NnesaPNFbT|IJlI1a6u@l|!(q4q8Dzs9xCN)648%|jhv6Pb zK@CMv08il|T!cfQf=ajxGT0bIoWMF*1?kW?g!LbWgE{zsFG%1j+=qK`9S(+KH^_u+ z*b8IG!`mPoGGJ*0_J{XS11}=+IT#y_zkn%Rfb$STo{okO@Fk8oTtIw75;R=MI|SGZ zyWlA7glsqn#~}-jzzg> z!&7Veg(FY|GPnWP;1QHUK2*RHxCr;)FkFW+D1irX6&}M$a3p`PgH+f7R?Nu^EWi?` z!W5VU=imaALNPR-#`O>j8SoGekz*xr0ItFXI0gG456(deoP{hXhB7!0M<5%HLIE6v z{ZIsdIk1*HVt3d9yI~hxg~PBOraQ5&fHhcw4OBt}`~}ZJ0rh9%56Cz00A4~p>OLZU z$-%o}AMAl$uovo)Z>_)@EMW@VhnrB#THcA=+8w$;JnVpd@BzLhkM;vESP9Eu6(qq5 zNQOjc<3>Nw6}m$U_zf%}2{4!xf=NyzM-r} z*8Ugf?)uA$D{B}qZowr4_dsxWcXw&Dp>c->x^Z`Rmq1`31h-(p-QC^Y-SR&9?fVnH zS?gK5>fY|URp;!p_qm;!2`_oZ58e^Sd*LXiR+ix}{^1VkT6qRilAdg&AOkr_%SZlI z+s^WubDZKCn^?_z9`llYoMr=8xX)%za)Y<5;WBr)&KcUNmqQrNM$T}N6zbPue(GrN zL`F)Gj_BkdISDC55sH$RB)s>#1;q5^=QpyFhnQsIuP$m1>si5SRA7nll__fI2*gfB8Km_Oa z#c*O&&N#lvYr;CeCZ6LoH#o~pUJ}Xs)radh^r1IZ)c5ubvgbcX6#M>gglGO(>zwZ6 z>cANPiX-H!-){-Mlr2faQ z<5|haH|O_xLnP;4#Q5T4@j17N>imWHga@Q|9+~fsV~OGG$rbi+j-%`)YJm6a>uUti zfH)02D@jQ~65{d9dnv^<{6;#W6P5OQMu6V1MqJM(Hn56~Y+*AI{7en%P@U&|=POTm z#4A1!wz2#dUx-=sl}!A_N|ur%P%mc^6RF?ScMV!nojP=+Eu9(40%kLgsf=Y9(iDdKasTMaf1TN>Y|;RG=W$DMCgvk%1~yro28mQ3YH7yA_MahXG$q(HErYIivy-r@;2sNKVQq7em&; zWZ*H`dm10|lZ@QtBOO^tNeXgOrMI}gn1uX9G*Xh9_{1gwiAhQf5|M<01KbBw+0Skw4U`8YAQ1^ELNQ(wPVado zMiifm?}+61llYb>j=zi1#BbtDo;!XQo>Pxv54@ z3XqqC6ekB6C`Ikza*O3mVKIL)mOq$Fmyz<6K@6rJz4%2xi%m?TlYnR>BpyE#i#U`Y zt2fe%g)HK~|NpxcwoLh+o8agm?U1j3|B*r-`?@&K+t_Qa7l~ zC9ZRkYg}f?H2rY8`bIMv(wG(m(1dN=nd!b}>5;Qthjep{BZcW-)pJxg1~j4^rKn5; zD$tS;s#1p@bSIQ*#G*4DX;i~=@QQXdz0MgfbBXiBuH|<~L@|m}l)ZdwrKZ*KyR@P- zO=w0bDw2b`RHF{rXhD9m(umA7Cl@8CN0fTj2vNC7!~pY4ByKss#}~pm&%;N@pGjHY zIFq-5Yf*t#w4*qM38DdIsYsWGY7G0?#~yZafT)e!3z2C`BO3pA-q^hmlO+61YU1!4 z@kvBl(vy%oSksag-^d9x-KwH`~gIUaHCJXtUxeRD(%`l4JS;kQ| z@PL2V&o(x4jqP0GJO{YRX0C9M#6g~o^8DUh&nB4ZEMf_vv}PvD>B^ssVhD3+&oYKG zl36Td1(TV;K>E;@HuR>kep{Cs)TbVSa-*6UKpko`mpQE9Bu6>M2^!1M2DG3Jt!Tn$ zF3RsD`s|=Kz8A5GDQsi_A*^L7Gg!kA_OX)T3}Y(uSjGYtGMJot@>ZVmj7%MTx6nJc z^Ono3<2J{*$5*}(v6DFvkFuK6tl|cr*~~}Yv!630_B$KJD?H^APk7A>9&vzuEaw?J zdBEo`a=oiH#&^drDH5#KFo>kxj1@lN=*J6mb_`pY!_OLc+Nh^Zr z!UWE7o{b#gIO9XS&Ka(fFI3H;FnP&OLE86JXQ)ccUgnpMd}VTPwT+a0^c#|pnO{jn za8^Y$`f4)Lkd7Q=Aq7cDO$B|n0e`ZBzgWg{meP8h zd|(G#xjJ4ABGE)SL}C(>h7=?tHVH^hN@9_kpGiV|9`T(2{=Z`DO)?+6=K*(l$a5Yu zYMSwxu20g9o^+u*A%xO_T|D72x8&7L!p)TTG??T2-CWn0uWqn}Z7iy8+!)3zCNYrd z%w#rU)SuTi)K#^pJ3VO24X$&Q2DMz1K6U&)OX4@qvy@trbFtSyRDivAp7H+$GeVY%IrKUvN)PB&FkS;r=Bk+hjS;)~-1 z;w$kh?`Y%vwHQhxz386ES=uLk@`N6-WkVnb*(ndYy7MHk4#J2KPe9sFW z@|iQd;VwrxP7FUAmzW%OeuYkszlufmu!0m}Cezu@OR{#5FJ%5N>O=XdO)7HInu??( z9cf5HLjp)kT{@A4U+GM4s!)*3lp+~LIm##!QI+PDCYZJalBlaX!mnf}6?y4IQYr`A zmoSjLdRIDf^BV>Au8ia&HR;GhUUHL-B>YMS()Dmmd)je_tK8)>m$<<#`h-}+OlJxk zxJEU7?KzEmsylQhMsIsiej*}an8^&LbDz6Z=wl2iOLb~en<`YI8Z}tZS3RLgKR-ts z>X3;}1k;RG1kr_V46UOt50GE{G|=@KMx8-Ehf36-Dg`J@Q7Ti5?!?vGlJa}DIg*udXx zVkes!tp^Tc5GT0KQLb>BV_f9`U&k9ezA@ML(X12YCOODYPVy3Nl65ae6@Q4$#g?2T z{$#a~G(;siF^ElM;xKiZe$N;tF@?#DXY_QDG4x{?!x={~L)p!K_HlrNyyOkXX2|E6 z_Kig0Ay0V8W8UzbRkQ53**jm2;xvP+dab&B4C`3Wes-{ezuCrW4l8X z;V#)~dA*Lk17~@_39fOF)7<4AFS){P_H%&y942l(`(v5}SPKMDj|SAHJ(cN5MS`eF zC0gsDyBoL;$JoI?Y-c@tSV!B&>H?MZzg`^X5OMXs`mA6TiJRFUQJxgMZK__0pT)3Z z6sl60(o~@+xk*n9B9V_&dSGheweT|}CnH%XLS|x-l=#FTFF%uzNOaKC7O;jHt<-Kt zFp}vEWhUbYua`~LcRJF5P?}Pk9%N@Q6=_3znox^g45u;8X-GLeDwtjDQPBWdk?Bg8ES;_{gb~P8Yr3DpeO(QzcipsR431w+RT?z)v z3G(SdWhh2bI_ohFs6!x4C_ypm(~w4l^stX5Oo*B(h85q4uld5iyyGo5ymym^dQN*< z(S+voq8%M*L`&Kb#0$pvG?&a^CSw^zUnVhy0rc)AGKkDW<+PZzxBMg}@kv2)7VtZv z`qVC((uvlr)w9;KktzC7FD5aF2{feB0Ao%&g87qWET*nr6~J(Y(shvDMo(JOiEgx~ z7rkjkME$B9gWY>5MaV%9TG5^gbf6)H$wM=m)0U2urO9w(Ng$tzH^Mq3GXAA&VSae+ zE8!f6Clb-9uP@!?9GAJqC9ZRuBb?_9b4RIFwAYJ*=|(Hs(uEQ9r8&RTm0@%wh)#5% z7kwy78-o7pQHLaWruO>!>u* z+NKsIsZC+(P@QsAqbgOXK~YK&caoYz2inn=!{nQ+7L%VM6sIT+sYDBEkedorp$r8m zMgwL}W4hYJG>&tW!yMrwU-`@j>dvt5A%xg7^;F^!jkrYT8}Ine57y6;>ulimY`t)< z+?#KYv%v3?l84o;LGE*b=Um}DCppb)PVktZ8s>l@HC>Awwe(MZ)RA{}^#v00-FbX5 z5>bgkOg?)3XE6m)h|LGD{Zh~C^a${sgdt2}G`$!`KfaT$z8*qa+R>KV4deokxyS`B zahDzq)h8ZuoBKTA5qG%9O=2|id<<}C~bIm#UV zW*dL8fm0l3CCB(5d-;P3`dDRhb)d8PQuD9(UlPf24)T+e zG$bGs*%(Pip846Z;v4Z8ADP+WGw`XEGfAXA{EbL?48AA_dFpsHB zU^62a%9g(R6+76bzpP;{|FDDKIl>0kv6ihYVkaBf%u3F1kQH;)DMV`0 zk(*zrLq2}vt^N{jl)Mr@^NH^~BC*$BivQCq#xkEj7{@}Uu$bj6VHq=-#B7$*PVX4U zSk7{qGql$)W-*O##Gjykl7M*pLDPxWCyi)MeVPzNV;YiZl4l}0J?Kd&-TynDY}^^f zOs3O^Da>UVeVN3a5sl$fIj@@}r*=Pldko2vzSBoS)(48B(PU60R%a~_4LMC2MHYRV@@F^yxFxY%LO`UI)^QJ6z!=*SX6r$_LuN@HZO?X{HX-iN@4nFn#Gld-}7KiTuTQ zRxq2zOl1{WgY>8t_TBViKI<6CMAoo`DNN%}CbNo_{KafmFpEX3r-xn;N>5hl1%I)D zwWMjM$MQ&B4=W}o5#ODs65|n#x6Z?f5qa)7j#ym}sLEpYbAV!>KT;dtmdBk0=aD&Ip=Q3~jOpgKPmeoAwSM_|(AnSs8{LXAdj&n;t_{5q#{1gyq`||SBxYMR*Sn6LQ`7NlQz_+9+jy@Lp8ZEu}A3}#3ddH zh{pEO>J$gr$25-eiFF)i4?9`I1&*_cEnKCt8eNqR+~NigxW_Y|bBDWJ;|aIvsFp9_ z4>FB+k0c{CvG|P?q#`+6NjAZLl@$EOuVf@C$w^0BwZ0Q==twBpCmCPTlYXQrzi^#X z+~g{!InNm`^Y?5y!b{T6@x6r7gwmNv^L#Gh`E$PY!3mZH_*=pPpHsu<5TDp2U?9u6 z&ZL^^7;mXxSDmC6ZD~PI+R=uVbfq&L2qJ{tK5GXD*-xkX=BlASLQh^1Q+=-(XzZH# zO#Wmv$JxXVj&O+V>hFH_ayLiW#&)i-kAv*tI6FDRId;&!r8Tae9%c*sILKy-w6o8p zAoXca00k&b5Y4DWIr0!ldFrdFp+xN9vpbu67P6Pc>}DzJ*~Jz%@jrfN13S99FHUiW zL!4&|C%DWt_Og#QYU*4y^bcmTfce}Zy1E*J+##Ncf;{9tzlZuc7O;dzJ&hgDc*y^H z`HrhLR;4VJsl-+;_fdn?!^7e|u5z2lJm9?dE)cE1pCbxMNJDax5tZ2VQU}-Zir2g# zgSxnWkojjBUx{KL8$f+3s&VxxPaE1&iVAe39ZeXbzAa!rix@{UwJxK&mXma3A{EQ| z@89A2V6;6nPkBw4F~(bb$P0cD)@$MT==eEr`M@{Y|5vw|!aGWjj6h;y^DC)HKvoj5O+8vV z-RH5K^TeECp7@y<#3L3BX+$e#l6|K8r4aeZLIKheTOGHPm%dk(2l8(fGP*6%!f82qthoz;^^rbAs#* z{XS{wO+K}z4ci;bY5rj|?VHH;K<6B8W*u{o2OK4*x|5p|>c|l;af??x;2E#E!*d3= zl!shaTP`rLojoK&S;Snf@(2By!9;$iky^5fD@5twvpTyrH@U@C?(vkD4CEQNdCYlU z@QR0B{T?rPz?;Q)WJjjbHwD23Fcyp$$CMOZ=1G4_WfA_>t*Nirf3n-XeI zF}m@E?|kDEUs+~PRY4u9M0qMwdV;Z~BxNYZ0JWzdLm9+i22x;>oMk?9siL+FCIdaF zNJ}d53;pRpL%Ps_+8j}jj&h7c9ANEqYmo~iouQ`iJ7+07Q_m!idJf9XB*pzX??Atne`P!Q}(f+Ox90&GLoD$q~am9`};mj z6B^Krn$)Mfb@G|7gjydV9GCwmi6;L~%IiNl&M6MFhOKPjf4r2>&v?TvhRfr1yd#5r zEkI^6QC)sUl%MtGWOG{4fMr_Q$-$DqcT;g#a4>S$zl{CD@%wu+y0O6@-q_E zs7e)%aG38LViz^!Z)2KrYrc73V0_3`!}aRArvP=4JG^hGXL#>f6XPpyKk|Y1glQ?S zxFt`ob6+lA=L%;@BIi<&fy5*u0lyGQFNi?^i|E-+@8lnOc!ax*=wU7i43RS&3{{tU zS;MrKb8RUqzlxEcBIKhu?d4WSdeN4443lHs#7*KBHgjo^ekO;m^Mv!<<31nxDxV_S z*Tvwo;~zAYSAo=}2_@uJBLb*E1FBMuveYMvoQpH-uRb?fkC#o^5 zm2a!KEtgJnlf4|`8rQkN9gcH}dtBrZ*W}y=Id+$f@+v*exW-qS$f*DtvYj&WsRBRC zr$oe%FOPW01+Fqm-ZUeac64C!eEH54Ht?yYK2TR3V-p+L&bz424>bAMcZcg@@hnlmjQ}lv@=E>_=oPsC6s=|Gd81* z$2i6iXl_=s)!1Y;F1g4&jay6V8M89RsT9R2%1LU^F{WfO zcIj9xZ#S@q&CD~7FG*zl8qtc@6gG~9IAjcuaF_w|_FQ9oEUE_jd}Eo`7)CQ@&8T7A z0vISy?{)W#>R2b^)`9iC)DUAANPl_PkDGEY*w}RD8v~8a&&DPplZ?w0ni-e!#-+69 zuR%?Ucq+=eC6mBZqk(?Kvh+lqWQIzfEaD8~57T zy*6^M4cucx>T#BHoTj$>tVdn$yVnKg<{hWqlZ&r$C>b+L#3p=(9ij>@W27+5L!YoI(la zZ4>j<-m|%n4t>org?#2NbGXo)?e;mrKBo&^UAu|rz2N$3T>F@7weWjaLhTp+yEi{` z*gXV!za?|~33XpR`RE$8?P&&hEwSSa)@eJxo5S^!I8RQndup0i z{t!fSTF{bKw5APh=}r$q2&E^z=uIE`(vL2wJP*NiqdPqaA(Woz%YJia1Hao zUwp19S8DlOHW979yl<$-$iH0KJW~_%P4z(cPHyvki^lUF>ELd)dc+4seh|9Oei|ImU5LaFSD;<_u>! z$9XPrkxN|W3Rk(tb#8EzTioUjce%%X9`KMyJmv{cdB$^I@RC=&<_&Lo$9p~yJA%Ck zafwHK5)hW3NyslGA~8uwN-~m@f|R5pHEBpoI({WR8TgHiWFj+J$VxV{lY^Y(A~$)c zL0sX|q%@lZY4%oa}OFo$9MyG^X` z(PB8YWKwB)v_RgfEo;TdA&SEP=l{8*4&5U%;mDEGoO-@g%rWAce2ROnpj&qU=T;v9K`G5a2#1K}eA+_m2t+4jIeyEZ-+Ic%l zR#o44Z|oDR<%5arJUZnV$HltNzo=i0)T=;yW3P?y^D)J&Okod)ImArweKW5eTx$y{ z>#6B_L}p^U#=rW+ZT(=q{(Fr09pqWCG4#8IdBimybDRHq!4;yrW>VLyOlsFmLqgZg z#vuJ?C~;lC5Z(W~S0d;`0~yR=_Z~IKxRAhS=B3nspG_fFxra53?j~P*i36=eeJW-( z>y*sAcOUV^*J2p)qZma@MmQppns`Luo%iF4YmG@f_aBwm{EyV0BL!6$P2}31*I3^q zt7pqdZVG$8f%Ih3>`(jKqs^M=dn+@U!&Fk6tF)vf4RwusA%dttEm}~N z*3=}B5(JQiToj`j6U^BblA5dJq+%tjh-$u?6U=xfklp;{BO|pbLn4xrj$bH3HA;|y zw3OpTU3HTClrZOIs7wVaQIkmKx;X!1CciU-@hoB@6IjYZ#>x3p*LL^#7IKvM=;&VCof;|j<>wwJ!Rx$IqFk~%9N)uRcJsZPN_qQ ze4i3F_Fp4{qK0N`(zm7nZy)EGlZe^9IFmaa4#&dW)`x9 z`7GskvQL*YWFrf?)UcV>Ltlo`kAaLJgzk)DD4|ql2JM(lF9y+*iOgjx^O?+GrqP~G z%(v#Yvx7V}?On)4S#q$QXtn%phr&!|DkH3;0SsaigBeMCdefhlbf7z}7)NKC(Uh4q zr!_73Sl9O*I$M9ibfi69=|Ttt=|La5(VZaL(2wZWVi`8Fm6M!c9mm+sCbqMe3#{cI zc5#Re93;qkZpjp;QQCSf$0`={I~!TeGFGsFKUm2kma~+3EMXIC_#X+a@AxDlgSDBO zG^C|AgXvE{Zg8J0P3=cXL{5GpH_=E)E)tWR%%mm;vB^q2;t-vvBqe^3TxTU4IL!{0 zvxy_DVm+(b#-FTVGexZZWo#p=zkz%cBZzT{!dK_v#h-{lM8111ju@K{L{k@r(Sh+y zCWJoBWH>|V&N#->n*~f_7DMRAAbQe^siaeH2GXA!BvUJ<@QkOt;4+&y$4VaZH>cRc zR`zm$=e*$z*V({m<}r{P>>_(d`$zF0YxvAb9&?(hT|67Zn8I*|GKuL7W;R1;7c5sf z$|VkSjWe9%3dcCj;%;gUEBPOb_?;EZ<9c^}gJSAjaf&jQnXC>`(|OG+-t#Hcobs8k zeBmP{d$|Vt>1iL)hp+VLYktWyP>p02f3TU2tR&@N_rxy#Vm33G!$y{}itWs2D;rqG zLjGhAi`mO27SUz6`awrJQFp8{nqb^G%W*Dno{OxT=(?d1T~1S&f|TNTHP6Xe z)^V7l?B*QTxXd=zbCrW!U@N=W!ZS+OwAWx4dni&%y=Ml~nZ-=Ds)-9($r4Voml*!H zvww@LxWFd%bAaFJ!gdz1gJ5p3hK==%Ckt52SY|MfIZS0H6PU#kW;2a<0Y1CFy&bo? z!3)APkT2qOzVMxIeBd5$_{dcr^OpDA;s@_|&N4N&vbuPROB~}ON4d%ku5g%x9N_|I zImby3aex!tCyCKqP2|1fm|}RII{r*7$I!imxc4 zmX=~UJIUM1^OBQ1B;{99lZ#9gBpJCWKvrU@m9g2)8xFCRYi#2am)OPM?B^->xXDJ2 zv!0K9;01Tt!xm2PkXNkZ8wYsKF;?+_t9;=wN7%~~j*>wQAIwlTae+(RBBi>TiVSLR zZnBVq!W1Je(YWGga)}X0L_rc0hcG0gBw_i5e1saESeEVG|qKz*BZ|kR9yh0Gm0= zv+m}GtZIHa%CnT^^a}B}L863uW+D)gXngegSHAGj`6D9rG;YKtBC&}@OrjE=cvS3V zjZld)l;%9gImrc1Fi;Qa&uPN+F$eVStH;ob0Ssgi;rqEy!V)k*?_?Z1h&<3e5R3Ta z;}QqC#c2+)hg0n5E|1U`(69TD25XXsGOJC#HI{v;~+vkaK zdFc2p_ekvgUonChg{O|=h!J`1IGXrX{KzM65z}ko`H8Ug{9T7*a?wFgT*^vT5WbPVL~Wk&FE4n_N5V9g zhvIMgSO%7{ish^zSD^W#HI17ZQ(9AkMT}%1lNrQ3hA@pe%wPm_8Bd}h-xYa7?B?!` z%#@}Kc`3y`3Q&oP6y`TdkedK%Q=cr9BNq**L4N8{obpuE=gM+`z3gKT66GdV~~9x{=IY*eK*xk*M`;`1vR$VwFol8%&Q){C-{g&gFj zBZCJTWAOp^c*I@q@Q`%+Qg1z^IV}hw2F;jE06}!5Gm{v{O9n8UCbXt0Gw4EJ0vXIq zveAYy^k*PL`I#Z~p&vb%$h9u&0;jpoQ3?!j-{M8iaD!W%<2d^{z(KBXg4>h~R?7(` zgfQLII`JJp_`qAf64rZXxy*eou$_n8aH zXkWR-XvQ*ODv+(NRBk42~BBCL#8vCz3gEZKU*6`DZm%r z@R|37)o;IwVZ^Y5jV0;GHN+aDG>ND|I_gr468uV1Qd5$uBq1YFC`=W8CM_w+M>c+= z9A&6XEs~R&N~EVewT7D~7O{-!jAIh>8Nm#OGltm=V+pfZ$Wo>;lkv=BB2y_f(lgSL z9)u9gK)N!3&J3YH-RVnQdx3Ie)lT}bm_G;^XAQEEzuCm;@zxqYCKz+VP1Ik+uS9VC zP5i(G$G5o574CAA`&{BG7rDkgs!uZJRO38%xI&}p)*susJJU608}m7yrK*}$-M)rq zG@&WAs6=CeDNhwj(2$A*k$^G;(w6o#rv+sxPA9rij~bk+;pb`^Upml<3!EiOE&Yxj zb&MN@sX}#flaU$(k(WGVrzT~HPEJ}(F}3xz07C8E`{ui`851B{dSfor@YjMtuv z--+V*llYVPRy;{$$1lXYyx~62xJ^v&eG_Ag55=%zbY44t%qwCzk3ggP#=C)!qYkZU zLVohlk?I7}k`C0O1@$OJV`@^GhLmSKMX5poD$|9wl%oc9DM=%O8=41pvy1wTti8sb znPem;CDF-141OgYvB*wb(vX6z6txG+&003Fg>|eaZ=h#n4%1n{=%&^n!`ZZrm8nVEXY7^I6F}X7Cr|>C6Zw(uvjdU@je5MPC+E zhz0ay7=xI^IJ!{F9_ctOTUlE)q&|%Z;um|RUTu6H6PZg#I(iGQ$yKj}et z)-i!lCexSp1hbrhbfrIYn9dk}XB3O+NgpOLmeKShul-Rj@{ylOOkf=28B4|v#<-*V zWCQEz-pPH6kGaF&eBc~mymv^v#Z4}-gZo_LI#+qe5&q#huh`0Y_HdHJoZ<~<`OZa- zbC+#==^{_N+N+BR#dl(K@s$`sd@IHlzlr}6$#Fcw@X7fHesUa+nDh@eR`g{6$-22N zk%_}EL?a6SdOwz!oRNIs6Yq&&PZXB#jw6d<_~Q5*{}SE#PrP#+MQqVSP2~hIlicK@2W`3gt}9KGqrV!AVdK}=&7J($X$^kWEP zna3QKGlu>wVKpO}!5RkeKSr>M5N1<xm+0RziaEL9eXEVpxz&5tCmw(tn z&5?4HX)I$A%bCq27P5euEM*pRn89LJFqSEdXRyD)T;MY2$!`CZp3EetfW22C8qt`3 zEcq{vvySP-cJ{D^o$Th)czb-VbB&AK;x=g~TARcnDbY#AOP=tGcf8>(=XlC99#eOc zUQYvRQHN)|<27&j#63Rqgr|Ju5ijUHO^;+GeeLHu(w?q#W+&}ts53LwR%XmHj@6Aj zQ<={g{$L1W8P7c0Fqg>;W(0vXJO^=Wd2SZ7lu32WBTHCGC}rxJS8)m>nZQN{@duMx zOh3l*KL#+3g^VY9J?l3>?;#P%NlzLw@ZS67#dIVk3ArdnUb0ev{A3|Bg=kh^?l&+7 zETA`wm`_jsM_-n(f@!QGA43_<42Cd``lCR`z ztd7v05>%oXd8k2E>X3_q)T9VGs82}>P=WjuCMS6*P8mwuZn)ovjdG9=)_(}Z64|WsYYrl|;*!=6Y2;xsv3^LZu?a^4n3GVZVm+WO; z3pp%A;lY3lbT8Ns<70TN0m7_FOC__c6Qi;mk;2BMO z8dF-*h>mon9i8YxTiVcsAiCT8bt9NAgzGIw2~Tt)FpCG=qhcR9KxxWTnW_{gfHEwy z&zsLO7820Uv(ubf)TK4;s76N`(Vm*rrY$uHq$))R$WL0*ibed+LM~EcpleZ`ADpAq zAooj6s!@(2RG}abc)>?L@tFwra)l{EF?vvFi2Wp=Ni)>c=PB2C#$zt>h|`oGY3``QRxYxI&Fo?ao7m3Z{KGoJ zj`CdMG;t;~xXu->Qq{h%%71%5>QkJ01W=kX)TBH$s7Ph15om8Xh=FWn2W!~EMuyrO z4rCOUILmPka)E1{8)Gwrc>%7eL{Z@%BH zY983cKh>=V4zP-S9AN{8*uxrjvz4_RtGqIK@$paGhP8 zV;_&%$r;9RlJnf*0*83RaW1om`1RDS0CkfVRHF(N=u91|(wO?Rq#;FUPFKEhuz`Ev zC|lXgS~jwVog88t2l$&^9AN{SIL;O(a-pG|<}xW7>0xwj>@%rIOM>Y@6WY+4AYM_; z{<10+sX`_8bBqHV%f&QeI?}Sg zx%}ZNv0KPlqLPxdG_F=J}-%wl~lx} zv;E^_&N94}HNZ3`GKSI2Vk$jJX)oETt#wI$suDz3icyAk6rd#as84UoQ-M5mAQwew z$*VT5FXpB##pz6GLI|J)-Kk6=Dv^&yRHFttsYy2aP?)mzgJmd1Ny<}#ImGy)28rMJ z%tt;kr;{Ax5EIzN0;VvP-&xBR4seEl*v)(n^EYca&i^>cI(D#^Yg}R$lNrxA7PF9@ ztmhO*n87Okpj=mb1!~fqrj(#DK?Kv2b~K|T0hFQ=T?nK)wJ1#$8c;3ReK3|uOk_NT z?FCCxh=LTSA{8iYpI4De)T9RWC{8u1QBgBiE@D>RD+@P3qEswzQ@;_36khM)dSI9;PyZp-f{K z!&%4>dNGTEOs5Zh?IQ=%k6y&-ZT*snxFjS2sfkAtV)F-!n9oyM*-N&dBi(6BFfHju zSGv%Qo`lexb@rSaSk1_O?w5g#V*tbG&3O7SguaYrDnseVWIEbgwx>01=)nJ2!cwks zja2rVEe081LTN->8WKb>snm@oVhFA2Olg{tY_J@nG{q@N8D0-nQ>aS_y_mo_T2h1J z45u~OsX{**P@nE}qcM?(xd$;H1<6fsO3{;?l;Jln50T4aHcFC(K)O(Xs#K;Xo!QTL z3Q>-{#Hkqh>fM>)<3 zZg7<=9OD$jMyX}ohA@ck^ro;qW+f`pk`}aL zI71o6G1}Nqwq+7y8P5d9F@>p2WHPU~#WP;>f>S)^E_Zmy8=mrxNdCF=zvGRM7>0;M zCJN#BiJB8V6Q!v@5n@j=mc$|sKNFvyh)E|pQ+~4FC;R`gcOURgl>Y?wPcQ7C)wy#oRQRc4`Ol>%k&y&-_?DMR*_A$yN5{-5-or%lo%cWF~7 zzdw1s-hA)wxo6yS&pmfZLyLlFihO8-diV{wQ5Gf92CY#MzG#Ma_yG;j9^axG8le(8 zq5`U-JZc~>ri|rtIs{=NMvtS!2hHH3$Q@D;Z_!oz96L)b3mvA1(D^pGt z#t;6(4dkgxd+_Z{j)2&oI=R`3oZvh{5QOe&`H8 z^u+HNh2iLm0T_Z_@W%*5qE#)fiQ0@iT*gsc$4T764Lra_oX08L#95rd30%WDbgRQY zxP(S^sndr(KpzZ7PxMDO48u?iL0|O7pXh;p@a9>x7OLVn{>Cxv$7vkJ2^_)^6tB;` zhIUwquNv^2h$5(m4(Nm`sEUqg4HG(}8hWA*n&2n2L<7`7&W4;fd}+~`xe9gQgU;xR zj_8Cw=z^x0i3%8idZ>$Xs0v?HLO=Y1)@X%VXo7C&#B*verZy#F3X(KqOyDytX~FSg z7lN@Lu^yu^9>XyUe_{?cVi7jsFKj>vj$jRTV*(Cf8OC5PrXmO@5P*@`f)$v7 z?I_DL<*z7*AWT6pw&E{DVn5Gyk8lrfwBy+wPg%}S3?t?yCPM{$h>!3EKEO{%i(BlM zocIGe;Th|<@iogv# z69!=bMxYl4qdx*ryd&or0T_!hD8_T+uc(ajXvp(lCv-p;bVM_>h0=vN0B@iVMj}I3 z+Jclwk9UzA>9898yKx<15C)(vOlXI`_zg?Da}Kc_3osjfF%LnQfndzXG=w0q2iGh7 zFb-qkk1+_q5RAr1eA$z8k39GWIglN*F%R=`8$)_A&tn)yVI;=kPyB(27>+>*#K09#b$A3o!>%u?wC0 zF$dxjF5@h+@f_%bx)|D@^N-)~JO0EU@I!i@?E(hUc1*<-ti^t8!F(*lJgmWTY{ov! z#RM$DK}^Ohtiv?;V+ZzPBIaNbX5$|OVkHhB7{_n~hj0puF$xWM&dSF#R#xOdD;SX* zneiz;#K$OxuTTVqQ4(2@7rF2?3Lz~D;#+)=qR5UfPypHR5%S<&JmLB6D(>MvLJ^7E z2*+cD;Vy3C1||=sPca2S_zyR54fA+r8xKE>#t4kV&z5I2w7^juz%h*D*(%v^t~)$u zITbO2n4I_qlHx5SK_uH1;+se_g7zadQX%Uo<`QJVXZQq}@DZ}%Q+$k`=!hQZgc+k5 zBj}2W=!szXV=n&0OiaK$^gsamVLEPOI0j%WrlAjpU@C@TF#f=J%tBxMjyaeNKYWd# zapb{scn44pdZI6Wg9!uB3j@&~{jeYVkRg!y1q)#qPhTM^CSww|Vhz?|Ew*3-c3{Z_ zt}|Rk;fdTE;fn^Sk9(6CA9#dWL9~(Qtv4z&j_{P_w}?scnB_>MU^yisSWZs#t3n^( z9`2xY4aO$Q<9ifAS(HIZc%wFq$cLZt6$+yOa-kqTs>ylr<`}UA!I+Lkn2#Blisu%! zd6q{6p5QUws6+dS2I4cK7cnW4;2kupOE>y(&M^g}F%4rd7QvW=shEHuwBXsu2fnC_ z2YtBiiDz*EW$JTJfL{a7D|%oF7GoNQVj{+15f)$yMq@6f;!iZiGJMVRQQO8m^J5%> zF$e*egc0z=F#Lh(n1be5f!AFcot#3A3;afgQ;MZ=QRqpdRYO7e1(i2B?i%Xo%l=4jPJK7>xetgFzUA-spk1 zc{WOlzWBT=_bYseOvs3=_y{@hF(zR$f-n((c4J&(D28BPcjhG=z+U`~{WyZ1*owcf z3ln;9ya>i5Ov6NU<=p<*lfJ`pEW@f^Ja=Ft=3_q=VGVX;1-A934(!DqJh5D_xQ?qh zh6{M3FZV~{6+Fg0+{JC2LsyU+p{1KQs6^;gNB27 zpT{#uBQ!=gTtFvyqZ;a<3L2m`Dx)6Spd~7y0_wvD?a&%M(H3>l1QpQ>UC1V^zB$FLD*Y{PME z#ae8@2^8j;=vR!uWt_taT*FD6!BqtFEHnvIF%emKCd!J>kqx<#9v>qE-o=N=jxUf7 zY4HKxLq@!hkMPw9%D@Ns2w9L78Sp+jjpSZ~c4&rH_+}Ji3^|btd66BtF$jY(4E-?x z17X6!(ewfSf*B{U5(jV(=WrbV;TXI3C{@VjcM4)bJs?gu^W4E02{Cl zYq1wun{f_W(teadGvq~c6owDlpeyR2GIF3ce!?#(f|h8EN~nlxXonW?MIqEf4OGXk zsDP4|b?(R2Py@3t7xSBjW^r#3`AUr zwV02&IDk!9jcM40dDw?VSc=8i)`78wO<0Y8V8&+b!4d4n4jjM+9LIWW$4Q*RD_#SzY2kUSJ6S`3^ zreYE%Vj8AnEXE@MXSy?XaT(Wf7ME}e7jO}`a1Q4Y(u2>@dh-4ZrLYpKu>wo53TJy! z2Cm`^j^Z*-;u@ae2(IHIPU8lS;~Wn4CLPCc5Pu_WU#@4okCgZXS@0fGBO}t|BYcJw zcn2Af3hD4UvY}W%?)B)6o>+oA$i*{PPPE37{=6^1Laf0G%)?^L$8s#iD$K%tROi{N z25MU3AbyUAR`?ZF(E#2sq9hul2pXa|Dx(w{p)l&811g{`x}Z9m!54p^DSS{3P0$*R z2D6ODn8-8C2n1jZMq>#2V;lm}1HWTB24N&dVKN57ACoWvLy?(hne51euaO&H;9Go# zoXCoA@D)D6J)9rL`Nn-b#3P(RIzQeI63^i-cH%59;2NIe4#F^sXPeO&iAT7Nd$@}S zXw9=uTg<>Lm$)JTOrJcDE+h7vy~zK3Tl zKf!k_8;}jpSWCLHE zC&)LExe$Z!J9?updSL*@U^GUeC&r==hT!wb%pb^t%t(iv$b=8@8PecGe1aiCoM-%w zg;;>2_y?g#JB2ZX?3F1SpCKEvASWJHp*=OYPVpxOV<3J*UkpG$^v6Hm^f36EFyWU^MD* zzh8i4t$99a$C$%I9Kj`=#w}dM6`aL=oWVt0!-Wp?2d?2h{>5EfM5j*73uuP`?x{;L z4(rGp4YG!yRi*Bupa-R4)@R6sEgkQF%B^TvoIFH@WXWULI@@x z2;I;dLopRS(H%809OEz;e_}i)qd%r$0ES=?dY~%;F%nbIocrlU?tgQ!0Nbz_^RWgi zupSGs3tO=Td$9_O@E3MtIaXp5R$~LsVky4oUYQStP#8r}1^H1F3$O?aaUTzmnS1C5 z$bff|1S#+t-a%TVM^dE1+jt8Z@g6=xMed*N(GeZc4rAeuXO?yDrxmzI{)(!ogz_kb zVj~zA7{ooXFA9v}oM0LzVmzi`DkdY?vdsPGH!MP9)IcfphBxY>E6Sh}D#I6TFaqV# z5QhU+Z66`_zcw$jBhKG7r7BwgMLN; zCSWqgqkS!|kvhDus>?Wl*@v-Fk9i))8}K}dTeyvTxQ@HHfq(EHo^!8zvk84gdu079TNCht>K{}+y zbM9RVF^rg<7*2eGBe#3d3V~`gS<$GWJrUwcoz#WAN6}OcW|%Bi4TzlpWtg`LU!c9 zXZRd>P`58_Kn*m4HyWZoD#I5wQ57rt@fjAL;3>Lr-}t*f&mlO7`rI4pVfi4=0nFHn zEm(#X*nl1Q3!AV9`>_+-umme{2-%q1R})uZBU-S2mAUu|F5(n!;5shj93J3b9KmTE z#w{GjC4}G@PQZ)LkslJT;S8!WXO}}olt)QaLS>XeF6QGekQMom2j8OwzAUCq%C;W_pD9ZfZ1>+Hj07T+V=5zxT)MXxT2w&7h4b(#uG(#QKMg#bu1*)Os z2-=0xD2E)Qs1rY-FlJ*0W?>QLVg+;W9~g~Qn25<3idh(rxd_5cjKvU)#}xdDB^ZUJ z2*GSD$8^lVA?ESJ_#4Z{aV~HYTbL)#5s%{xvNB(PhR-n{3o#q>5Q4dwh8Z}96Zi+m z5sFI8>y=Rjt5IY;=LZGx4s&k`Btt5^iFc74Nstt8!Hm;*n|b$5BtcGmkFqF_a@c|G z*osZqj1^do!&r&Gum&4Ym-)9UDxxgvpd4zU2Fjx*s-PO`!yC0RJcx6IbMTtN7(oVn zjxUi5Igtb9Q61k^rp*|~d!Hv*UX^~V!MuT)n1#8RkCWc?KTaWSEyijc#tVMIRv)Is zdK_bY=0)b|q)nKIkP69=5~(o|XK}_7nV+vR@1DnA{EZXXgL62IgSdeM*oU+5ZN+^F zDO)p_G3S1PEXaT_@hLt-R^-I{$cBu_g_O+8$&nNWB*6^KL%#vy75eizi5sEnehf|@ACJlPFhF#&HeS0+U=%*R|Tz&x~J zKJ1Q8Xo+^{g)OMU+*lbEQ3+MC97g8DU$7VpaF)4i2M%BhPU0Y*;U@Ot1m@rhcH;Y@fC6)JC!E1 z^my(8D2ADsg^!re(&KYvLNBhq0DQZR2NM{1-*eq6^5oX1)Giz~Q@ zyEuYlxQWv^fy+3G3pj~x%xV2G36Kp(V1XLLb(w7?*ALN5$JJM=(5 z{Ep`E58}QAGs5xp6wWb<;8)Z@O?V@JRqkKRg)6WOm%MqVuEQMf!x+HrdR!|o*JrNB zGv>ngn=p4EJ>J7PTx0ILgn#jXIqfd4;~Jjf9&Y0f3NdGWk8hA4-{D&nMFISRg7^_e z{Dgccg7=um(qT6GbmF}l)-spP>&kV2jktxq-57s3fPJ`+&wFsb@da`q8**YP+V0`XKIK#7N@D zL_!eIw7k)rac!R?%%#|f(sdZ`*yF>sgM0Pp zcdq%5n{dx-#W~~peS`Rvs1S>BO%_L4ltvkpKuKic8vO_#qHibqrwe12Yx7_?`nw0` z1K*%pZ_X3$V_0A2F${qp2IEis+K(}SJX~jIxW+!+%}gSZ}W1GjMtA2VJ*z(@EN70?8YF&b+s z&K~RIQm48Lu@^6IGCzG5ZPT zpdVxRcxTGP2^>Qk#_|vT=*Ov7>k>*5n<@dI2?!p7>q&ahxClev5ZH5Ou%T2#5e@N zm+{#Ur5Kmx{h2pW7UfV8rBDK;Q3fUP3uEpQS~AvJU=OM>-s+$NW2!2up*$+0G|Hk3 zs-O}M;zP?g!%wJz>L@vh{qYNm<45E}5fnmxe22XF89(3@n723|73*_f zZ^(RzH<6QZ^*P4jMpNz`t+-d<9qdLO##L>6#+VwwnCg$;(4KL0q#O6{-rVCcmT}UW zu~Cq5V8o9ogm3W^3L_8o=S6PhLs!N_XLLd&{_ta7f**#U1n(O@WLyMt{u^`d8(}@? zzai(gI($$Q_3#(xc^eeYaShH{EoA0AeS$2gLjQZC63XINltXpYLU~j`82$VNcW?LBjp0p8;LWJCev#}6omis*p$Xp43@%)GD< z6*zZo>T>Vl{M>3v-FUAR&k&rG2JnF|vT}Y-b!Ps>QO-*NuJ2V?iI%;&hWhe3Q9sJ! z92MhS6rlg}<9n2YKm9!xLG<+$1YN9)UMm4n}7Bq$E0{3%cS6{ga!1 zS&a|qlMnGeK0-tKBs+aF7stDCP2orSqD60x1CKGGFT({BF&^ic-!7me{Zk61(Svc> z6TQ(3&k^Xy{+L1kgkU<_(kE@u4js@5W$2HNjK})p={JtME!rSO5c4UE2c4;_6FQ&^(oyz% zc#Pzf7lP)L*91>`Gfp_(!j$_nenAk&IEia;4t4B8IgY0j$I}^m(SYNchsM;^6wQ#0 z^PZma-$!Z6Ps$vVne*`l=b=31&!(IKw9kb8XhELl$W6Wv$&-`)%CX-R>i&)N9<+NE z+q-n-ys=+T)-$o*f;P8A2+Mt`rwjtozdQHW(cIf<|2l83dtaVCIkwQ+%=MqsPSk`i zTB8waqXm3W1&vW1_0SRx;EiUegQ{qP8mNy}Xoy;9j=HFfN@#<&XpeTd^_+8?#Gss_ zjpvBlelaNJ2l3odlsSiabwy>4ci(w%h)!ab}wcB)%cEUdKd8k{>JG-%yq<>v~L;l zB8pb!7>N7$T@Hm?F!$v*D7|QJiYi>wD1;TL34g4?Hl*h~7o{)Hvz&@C^q!?pDC_Jn zgHonCa{$L_qQ9#pGblHS`A92{iyX%uo~N?EZ%{sN&ivJhdj#WVZehlG0p{}z2IWi# z?yto;pX}cm^9CD~zQleQm!7_5pDW$?9tZ0asV~^F4;ErpC+2~g2Bp?7Tu&@-X4^KD zq0TZDmyno4Y)NIN)Y(rbvR+VGy zoXVj1uzdvUA(&Z;?}VjXHe=A z=c2*)oLAy$6r#K^;&aAWG4fWLYEZftH7JM2Fo&|=C$;DU&f`|fuf;hp%(=g)AsX)Kjc}vh)Xe(Z5`<29Q4Ui@;oE0L|d*e%4vivls$)Q zq8rO^=VuHMo6w(!iBsD##<(5^(f99iE#xJAHD&x(kLLl#W>?xhqzU&FVrs6>H;v3a zrMcH}9UWzxZv(EAj|}{6Q-d;t>*oR6CL_(SoTs{s*^e0y#QmL^(}^=O8u<#5v4tP|~pc0ZJl-^|hoQV>z6;xN2exhb ziMg3}597Ua7h+GWXKWm1OwQzduVVZjWZP_(JJ4^*Sbm5B1L-qj7=kG$oLHE1^07Z- zlWTdimqGD=YEaG=I zvshk9+w1?#`LDu!^ofDrrEXA~GsgcJ#l4HZ%*lS=avcw1ymsR}Hu{n06!!m-b2pN4 zv-}IraSzHY%>L{bf@K&$Ka4Nn*yD4R*kNd%ZMDdgi|eC=d(vE_S;0-OrMXUoDuyflYaP|ewvCK z7{~lp7rklIn~aTqlre~L)RA$WZxC%}9^1j#w)}1GOze|;AZ=wlf5Y-Ow6iML#sJ3p zUap~vY#UXZXE(;uQ_4!kaZM)XVZTt)0+`o-rtIn^c+bQ&T%5GJsKB}COl(iT{lxMV zmWy*thl!&s`?LHb@hW<6@ zTx;ox@7Cge#Bw&4i;y=-4TF-KWg|M%w;SmH>MYkpb>^Jn^i?Xh{miirU|X(E+~1Lv zbN=NJ#(ZhoP0Ycz+&F-_D9GHKyCvtFrTUM^QZH$3c)b}UC@Pz%+ zv)>zx-|X!3Bg;FhcP~Y z<*H?vb117mb@w2Spg&61p^iTcN)YqLPWBnX_)gu0YnJ8A#1oWXj{Dj%_M6Z0Aj$@$e7gO0b z1FNtXQy9+;8N-t+@vK|fpk&N!P%?L;PhiBN#(Y-5y~La4`OI01h>eGGPr+vT_aW=a zx>F}}a9WOeH|K5<>pO55GsbbAxE9V==NMW4j^!o9lwA$V>JfbIHH7m^KmF!Q-Q1@J zldcTqxHvB+mTP)5pAdiS#dAJ!4svnrWba^5W^=B#v!06UTtY>&UEI7^Ay zz9%eZ*|OBf?g&BxZPVkvX8BHXd|y}H?u|Vod)XaPT-$Iwy6*a%xoV;Al(WKa7CAYt zhlg6l{n4$KxN3EmIJGJ4Pgi9+Pbb&As&ur4L`vgLb^F|Tzx=7gBNi;l7UCZ*V~Ch_dO*d@k&i{vY(IWNcTpa-4r{W`_+8(iZ5nk(+_@h{0UB^r!I(K&3dmcaL3)r?yyrC(x_@n(483U~%nobprqo26(ytCcr99w>So%-5kvt4d=7PrT0M2%T~QoH*&Al@jaVdY}ibzR7a&*zJIOt+OK1u+o5~K)87Hjz5kB2 zN9g33HuSbyj@jyJ>2OqeGd0ePZ3&j|?O9%r!?sPSHLO+CPbbtZeD^R``(%n5E#HCE zdRhK|tlpR9ZwhL^%EtO!Y3j%jolggihut6cbeQFP$NbdPKQeSyn09@x_xOiCu>9XG zdN9;>&zc-fF~8zAJ!-p0?6s9vJz%z4j@h%C!)J?QI?jYFNkmjA`9zIG3r z9d#6qMxU9`#IK#7<@@sL%ktYoVqTWt@tJTh%WoQs-)p1Q6?%cAI~yJ`xv5`!zb=0N z4hxAsCTDfra!|hy+bsVJRef2$U#-53c4z(0u*bu?+HJG!dC9>xQH0KLc0$x|%a7VS zJXB{Uo86X7>K4@4&+`A>;`_3E7uWVxm7hMxyv|Rs{BPZR!;U%V$$7ys`#D}(;UJge zJ=LxC-Q3?*S!&wts1nabUl-arZ1;$?X_5D^>3*}Udi_$I%eAhhfx~O?*yKJzvx4Tu zd$d{CR5aFecn?3z|LRKE*A=I|blGW&b&L91orB^*S10ry)*-6R|2fTl-DwKnYO+b& zU{$ttosO3)IJ}qLn(%B`BdhaN#&7?ywpP7r`8|r3*KM1c)or%_T7FBit5@w|z5IGx zmF#L?&!ydQ((b!#54Gz*%kRtLC+9Y8d|B*(NPvj`e|80qR-HLUWj7js{lI3@WyZ^c!tmf%GuEdzO zfi*(iFTuSWk3=iW#q;Ml?$s*yemLQ5q+He)S2<{><+sFHUY7rD=GoVtNk)x1+`am) zX?|`OF-mWV6{3!|xr?jO^4HAWe{IqA`P?j_WGo z(evxLj;S`!;EwlEw?1%sl&*5U+G$T5&XY53-q$)m!haHchIC%{i%i)OYvwp+b>vSS z_F-JwH`T>_qQAUt2|kWPJkn0}h_+DHW~&|y9d#;lp61+X`JDqx9JJ!P&B#6E-ym|o z)tPeEhqp#Q7`2`6TGzJwzP0WCVNoSn{vwOs*G?UETgoaG*mO+wIQ=y9itgF1*p#_b zPWs;-y(m14etS0jvF>}F-lKK3U*qVWedND#(t@xGfyGBy{?4+qm*w}QTV9smnXdI} z5pZN|xxl$mqoKD(FJ8Ag>P3?+zh&g!s3pVa1k4Xx?cmu)t7b>(YwYHV#bJlS_e34N z<@eY+dOaL9->-VGOz9l`GiA%~vUmJi;N<%FFY3yFI(lP3>rr!c{j{QyIO^@upWUf7 zt_WB?`i@m!Ic|sj)|rvM0p4S}j-79F725CReEsIAH;s#u&@*!i@cTI>H=wKdQ!qHt(1$zi~vqsz=WejdZrn@_R*XU$=s7 z*PX4k((wdl`7O#?ugapOHKU$DyNAmCXS;ZhP)X;}$+8kImXB_)zB(*_bK*t6j1#SE z-0$G-Wu4CdSF_rGfs3gC?lyI8Al+zTwZFGOXN>*d9^h>DU{T5qt)OkT8YfjWVCd=PgO+2si z4*t(};%S|$mXs6Y>t>j%y*!!LLg%byU+3%uyAqBj_|LoLv2=3t9i+^sC)U#O9$im4 z&iAqWeJXcew`|7L9FJbHv*UTrit-&|%ije_952gX@BIJps*q@U{8jJmgW_}B`f+-0 zdex6U?(M&=4uN|&h#eSGmLzuTBQHt+xK%WCt|j?72L)xJ88cdBrn zjf%YRacJMSaa(T{bjkl>9KR{ihxbXxZ1P%ucfI8`-Qmx)D<{hP%T^~(wsRdGgL-_n z|6Yva`$bDB&BHB!U&x(Tvv}Qi+^LD*kLaXt+$-h9?>#lVwdPD?`5P@Snj+ z**a#dn7!k-^k0J3wOq^!uG@Isjj>kM&2wk@yC{~|Jl)syEL}Zf`I{@RUx~d3*1IvX z68o{J?b~B@L^UzX?~#YDBv_Hs9#6XZibamRCuqy%Pn8v81qCwwsNbzH+B6i!4vI@ zTN$l2kEVjnyX7r$`s|~PW-ZpOZ#HVLlle&QwNlqyA@|l3|Be3S@pAN%o_x0Z-1qow zV)>v@R@F0 zTl;mloBvtl;Q#OZH;KRH628d4Tj*XlN^*8w7wkTNog&BdPk*eL^=??za&)>THv#nb*u6AqwclT)T=FdTI=;+yY zcKd|8n1PIby@J)=o%+WU@w9M}k@Js>JPCg`YB`uQY-^nvuhDIcn(OMvs|?%rB;K|A zFX$PtD|5R3*HfFH8|u#&v*!)F`I-Me9DV1G*-KsOYEllC&@nA68BuXW8O`e>W`9>pU7YqyUAN|?%2Dm^;j}bYZLm!%C!RtMyWNl8R?jc> zb^Wj3n3^92$1H0v?a(+&z3tMA+59idP^Z`9iOJe^>)Yd@(>g5qf3<0ks}k#2^{Mmy zdOA4oN1eVGS;)xRr7>4{>u#a*R>h?3jMH4R+|4l*Q=eSA5QqEAIjcN(b=`w+j(Hq# z!0oF=wlOiqvsTBRnA-KaEw6jvW%R%S4}aSHGLGSOot7S$=HL#Q5IxgE*ZsPRlX-TU zgZKRIwDM}KCvtak$A90px{f~n^}H_ORq26{7dRq&hlY;nt@{(Qm>z7#yVg}2PyYV} zR|uW@LPmGzpiNWu1g&{N^HoeQ*e@N?=n?z<)%7(l-}gAq6MO4D&G!qvJoNrst@}_= z)qs$38%Lb*_a50JqL&BH^GVGkkw+iuV$X(l?`PFKGvYKxP6QnZST}Ng#P*2NcJJ|4 z*saT!C62gx@|w{zN0)Q@2~+%AIn$~?SGw63Mi*yKPs@%6)$^|(xZl6*==L5QeR^tE zlx9xeXWxwVH*}6$^^kVijU0|z?R=I!O8ajPeKKjI)4n+Av2k!Bs*b*~-swM!enu}d1vL}{~MU)L&G_jojt~j)8emuv&tM)Io zYESLa8^TYBYxAhpc31g5m3GF>IiZ%r{qMT@M6}l7Crfo4ls(U_tJ8I_oQyatdiSt{ zUM^{K4F5!&jyMy&S7g)^*i^nXGQ*AQe?ioD4vuSlD(Sk-j#AqM^^Rx|W}WghR)5}& zwZ(e>*vk)N%@witQMdTg3+}$E#Opm^MK_Pd-PW~r`1>8&M76nboLgSi|7JvYo3j+t zuC*?o^n9rEnS*N~CO^MTHxBKp#MpftJ*L&t4vuLUhmx#YB9|99xl$|YdU{^yB)6he zadIb@^*V}+ot9?1_aTR8-gY1Rwd(<`!j_DBVAqfKd%3s1$HCcNVs#8Rbzhy%>TM;? za%Ej-!&xb@w|5Agx`SpAIVnv?!rYjtd~%k;#S@?k9<^l4m5ej3rh%`4=plcTn; z{nnV`9zGlPH7Lr3sJ1)`i=AS>rA72nHjMg&cwK^?quDlhTl=;+U$5@*yQ%ZK;-Atj z0iPh_-#SHEn#g|^u-iPjgx829I1j%i?h7^USgKad~u}siUcm zbL+gOS`PYVlSg{pd7TNJ;_cv=61q`66ao>6Zt*CyjZ;YvamL}YR6SMLvtz5nf@`Y6oqO>4TW1W}?NnqguK&x_n>J6Vv>=1kMjQ?4YkK zW%P=EI#x@(F}!6!JqMpl+_37GXH%YzofdgT$EUh|ZF(qVa`S+j!#6lQLu&1H{2x!6 z6?!827}Twne|dY0?N`fOfLuEes>M$K6vv9$C>w4+U!zFKz2nm6?2`~SDsmdQ_Tu4~WqK)A;2 z)XBvx6u%a9c3Sc(o7pgawfz6iUG4?Ezpp;5h0QZy;_LC#x_hB(B0rLtzTMBAyt(e< zipiIFm!1YE-nN~yd-{t{OIL{5?SRd*n4=QIqMk3qT<*8uwBWp(^w+TXDr<2y^qrhJdki8az>)Qx0H3`=P@^<`ulwN0;f-K z9_TQKMI4QspP+Ttj{XG3Vf8Oz<3App+3cI&PV>5%^8&|g{iu7@95KINoj>wWYt-{MoS(;h6(y56d<^rvFhNAe<;Zw9Ni zggSU)KOe_4v|~(}(HF*D6uJM6iWf#)j#FvosQcGe2cuU}wmIAyzh3JR$IoYbS$)>j zH@b`~9(xKc>9LX=_s{A$KH0U`_{odo+T7bZTgPXfi`{r0bFcRJ@4ZvkGuRpjSD zMkhaMvECY5t$&G)hnK2dU(!`b#*y8F^u37**gSYxJN6URG< zC)(z285QDrRt|)@TjT%s{=RPfFOP)ji7i3a#-PrBc*NJY~eYf*k#=u6KZ=ZN#RP2h=Jl{I{ zI6TpYm@+!)`UGQ99N!&u8POqu+8uKQ&X#;VP;*O-GRo`fmnyH&oOK|ccOr8<^E*46 zp5I>WrJR)`nxBDt_DI)FE;cq&8mS%Ryw{@2qQ`iI2nzU`@g>0>vaEzr0lxUP4B%~Q7PeXUauy79i*I-k0H+v;8LLpLo_UEcy&?{h#Rp`@Ss` zuX~n#XWj}7%6sfwPj&H5gI8K?kK9+U8}8MNK4vI z^068@om|w}(&gOPX6#*^_cYJ-*#F0pevSS)=i^xYy`FE-9d+@Oyn4}}0iO)>Y~Pjl z>k@Hh;v>6n@O5@Enw-^N!s#g6uJe6(%Mlf#`$$o`yU~W~cI}U88FSrZH{T9 z>!rH!`q^3NxX01s>em!WdX`RI|X^p>sSs2NdzZ*-@0k(WA_>eH9Tt zFJi-}@*{SQt3G03SUa0@)koKuh+BK^20PE!&VPRN&j$8r%x(Ll(`!)T1&1yED|#R2 zb;c*9-iX#CrVn4{(NSY*Pt|a>Rm-A#qm|YCZQJ7A;u!Zu-N~v(-_LCKvaI!RT1M=B zDW#{B(wKe167}2}yGKIe zF?M2?=GiSBUfOwfeH!3U z36rOa+h;Xl+969_7(Fw~Ew5^<&*STMYxTf6yU)P2 z_IEFRZUWEj&RerV%tf2ro|9UPnKjYA+>o7e%XQw_c(zQ5_b4BHfM51x~GW9KH|UCg%Kde*kS zp!=Slwj`!~{&KTl{z z;3omoU)uTF@8*?Y-!n&?=07S@cE4DdAW=M_MO`&k%K-{)9HB zX3s7i8qwH;<4~(@D;?f@ZF4n`{xta?r(=pR$%A-&&)})UE9T`Kk=|NsM<2P~90|2wX`L-8t8>4EYG*=}+uB3#i|>!P z?PAW5EkEXT)@rNS4x_{S_?=j_K8&?R*6wb66t9xD#Ce`{x1BF*|CZco4#Z>DdRgs$ zU9aqc%bHi6-1BvOaXrvG)>$cH^Bj80=`3pB#v;+5++3NoSogEMeJQr<*LBx!n=gKA zx181*>NF*OH7ZI&zX}fTIq@rZ_oSu{OASk~<8a>I@Oal5>7ssb)3Qp~TyrtCzucuxnx9nd=8jy{=}{$Y>l^4e<9b`LQ1eJ#m2}91Epb-Q zG~F${@1gTiOh-BA+`6KQJ1lXxi*GwS>kaMg73{94Wg4|Sa{BuSN;qt_b_@Pj_o!&s zvx)gQONn#0+vdBAD_oA+$OQhJGcosk%gXH0WrU&rlE%v(!OK5X;Tgo+NnW#tox9=06w8W;Imxk!s!f7KP= z0dC>(lH=B%*SQj^2Wm!ovgGO>EzOfHdtH{^9+>IDpGS1kJ%8Mpc-QH(S~(ZbeVKEPTu;DvQc-ON|UR&=p(hHMPq9Rlo?Y>*C*=_gRN`t?lR8-aZmS+^`ucj+(l}{ zN{K1`^r!~oZjSaDb9Q*-xQY>HUHo)oaiGzrRWW76ZD~V5pMXa$kIcT@`4dluZqfMP zCiZ!ptuL{vxmWa65;>+9=eL_xnxp(1LyJXh9~m-o_Q*NxJtsPM6CM9^=e&y^w$#-p zx-`pL6BkFjHsY^X-?6$CIdAf%U_~kI*0ogCYV6M86P9f}%lhalp?*O9ac#%>SiO&1 zVpW#q2;%md?%+PQG^*rmH~W^~v9*=+78`)%{7Jbt#E!`TGCN8Ltq}v$0vn?3`H6-K}^YtL<@| zh?*5bf^D~YYVFb3hY3E$mO1^**#0OMS&BYV2If7<8NTAy!Kvi-gf61)fOYka-# zsUGmwb>H<=ZU2AEDe3YZSI4Ml*=^C!FKRy(jefFmuiy5Kj2v6bt}NRUn#6iOvQ5{! zwl`qE%@bd($&cdrd@5^wK@5U-!W49(dgYdV1hN)Eu)!*Z&8(>tsIK5NnQK z_4*0crt?e2ddE?2xVOWnk@9?A&`8G}(WdyT;E5r|8QL zvA*r)C|C6t_AaYKf{fgbPD|bE(J|$y?_Q;Cojp1_55B;@t?T3y{8y>>wcC0~$osz9sCWyiHc~uQ_^oiPitSS{1!jwz_&8pOd;fX@e|xhes z^xCJrsP!(Rrn}ktuCeytIIfJ#@14Z$SbD^&$9Xv`W1Vg1`|3{#(ba;Py7tmv>xXeqm1Xoeq!BpQ(ZTS z?Pd{8$JFgc5tZZWx>-cy36bxj*zbZ!zb)cj5yf_sSU24e`-^B6^_#DW?P5QpSXcg2 zw=1F?<0W<7B%*Rf4cRZIn@tD_M>l z*P=W{)-U^Cri*qPMgN*)6#JXyIFZ+jye|G!=Rspi_4+c4XgZ-@cjo`pc>bOml~6Ti zG3<_-7mdl)=$lrJrjOJZ{Fxffxzu<*uNsw~)R?818hxv((Nsr`!Hv{tZl%Waoz$rG zR%4cdYBc_#Mqht5nkK0+I7E%+`D#4BT#d>GHD=kSMme7t)2YW@TEt2swimH`YBBE| z5#zM1dOrvj>)v9&x6`Qm`O17E=6FZlo=3!BQJzuUXT0B5%gb_3w5zhZZZ50#v$25a z_tI)Ki+oCIkuIW1M6-y>J0e{~vxrI>v0X%yh-OibS*$DXiv2`1iD;JVq8-Mx>V75> z%`$!^@)uR3@}5{1(Ilc-M5UD2FP+#=M3ZQ@NvxY?dU~<{k79ojO=7!QM3dNV{#NXt zLF_N0Nkp@V%KIW+M3abSS&mp&K2Y~FiD(v4`B3B+(Ilc-MCBuqE}}_9vxv&aqFfP` zg6g_itQ*C;Np2TW`AOYR$tcPf(Ilc-L?x3*7yBEfR@66J|#645N8B96l-k4HpBUf&{`KC|tQ+Nd5apUgG|P37u6!fvk@@7hh-R@}F^YP`b|sIxZWPfZqFF?xq(~RhB-ceb ziWm<@5lwPl%PaDUXcEyZqLNRfi)a$jETZzANEgv0qFJuX`sH{N(JZ3!gUBzUNkp^A zXUd|co5glToG&H6$S0ynY&VH@vy7r26fw??rPO>T5zTVFn5aiYMUDemUr~`yM6-yB z*xx9k>5+QBHw{&vkIc!`Ujrl8jnl;s61>%SmVwiTMLiFtQQt)><}~X5Lz1cYbNh5- zclCX!Z#OmOFRbQID)MhBrT!48i&$?_NL{ZW%TKA6pC^2M)E2W?&mq>0AK10`J$2nI zo;!_VUAZrwhsCbe|H&(5ps=|uX&NWZA1Z^e3!o9Yji-WKb|)N1{oiFIEw zK77}x{VUf^cIzX>y6K#nf1@Z+?%!Ud2j3qQRr2Ct>h&ShD~a^;fBzPh9$ZR1&wi_} zn|~1NdBwW8zLb3G`a!X76zj7^`DW36?+DxRUP-L?4j&p-pFtdN=t=ebhkv4OSkp~i zk4&qs2fwLacd|ca6xkK!w3=Q?Y>-i=8#Aiu@_flC(@mmXZ;1^u%5-CGbskDBHpnQ` z{|Hr&^G&fqMwvcRBfYmse?w%DQRX*$sqKG9Y>-i=`-=7_6B}fd>8(ZivcF}N=_ZZ( zTWaLLE7FsQ0%ertU(-lGu94ndq|1JhQI;Pl(q+HPDAWBl(hq9Xe_kVfr$)LdgL?jw ziw4Ok+xJu>f3QfG$0ei8?<>;f=cY2s^noH>_M40{eUe7`#xm;om)C`iGJmi}x>8lm zFXu-YWq#$cI?u^=$tcr}rPciMxMh^-=ZC8OE6bHprkmQR`Q?9$MBBJ`Ufk6?Q+ z4Jln--7j;Dm+9RN-Cd^lH1u?t-rLaIW%@nkp4}O@U7c!}>N5Xi!(^A~vkbFbrq4IbcbUG- zu*_xpbHj6&>6;9jT&C|a>~WdC&#=#B`a#1%m+5B=XI!Sg!OOPCZP$Vg>hq)ANyg~C z!qoS7@_mhrGCf%1{i9Mveg2g1+hmmamC73FWz}@~+%2QbZ`OD|_7(YMC&?I{zk*tR zO0hx4==2(D`p05}j558w_*_L!GBV2a?i%TL#rs?N+%BWcpGN%LQ*M`0rYjoh<|FF+ z3whi!%KXOa>hUEL8)TH}i^chs{UW1GH+j46pVi{{WxX=W{E8TV@_mhrGJUqj`xE&& zr`+E@nlsOMf?UUPOl<8)T^0R2B^^Sx~x}5 znSNe8AISTzj56JKlA3>#*dSwc`cyT2uGk=>Ot+7DK2(2RBk$YZcIzg)_1Sjo2kq9M z+O22#NG*So`1wp}u|8R>%k)NKT*>stV!gfCU$!sMZvC3wdYX^b`h36IV{@ol&xKp< zevT?LZ|gWLYEh2UKZ>dA(f9qM>hoL{5sf1HiYUtw!$DCpjELHlMa1asa!0W}hlp~1 z@De+|ZI?fKezHrK`DL-rVvaY|_Bcz|+CE!+-&t!vXX%UMnZJPezOu9OwYFc2Xa4i? z%&&;=D?4jv+SKZJlk<=q56MM_x0AU(e=P&l{PKOC%%4N#4^H7af9i^Ae*61)UXlN} zM*U5{R`bjIfE@2KzxUg&>;ERHnqSU?_W3Jmv_E$mHNWgX`}|on@^2A;klX$_PPX4y zqy72q+Aq(u%->z3{tx`r_S^rQSLSc7QGff~w*7Bk|9Oq`*Fqz|StGwGqgucHeNMJN zO>)=gziS;ee{$Jy5oP|J8uj;Srsj8c{(?2~x7MgXP$Pd5jq7KmM*h*8)b^)!a{RM3 z@<()1^UM2}EJpU`4?-{Uwesq{O^kWWqx`8&ZE(PsqC(Q`}{_Y{GZiU>zBuC zpTD$5{`14s{POy@&tE_ze;<>YUtT}<`EzLG_tH52EE@S++TH(U{kg>Xcv~a?p^w$} z+mGMq^QSR?X^r368ueeRtJa^~$@uB6G5(r6Isfu`@}NfjYkeHo|FzEX-^XtL5ZM$t ze^t`xzcw1rpY1i;f6T6a`{zfaM*n?ecmK4{@2$~(f4k>@`}_qo@}Ekg_P@M;+2=QE z%JO+xGRFH1hvscmC|h&j%XkKd(mqyBhD` z+MCqlm-Cl>`?czCq>*2%{_)+^`sMSVef_I7`mdke^M`%@|6}hwz@sYGKK`C9QNg=n z$A%GH`?XzrjU797?6LQ**RBf!(wlUFgkGh$P?uyE5HM^INP>a^QL!M1D8=^u=A1LR z*@5G3Zmt*a=kh!+lbJKKb7syt^Zw^;6HU>6Yl`o$VT$+f665_b`blmamM#!wy#Km zKk9nmcRl{H6zu~SI`7Y}?s(1qpH6ZA1A98{^?t!@|8R=-AE)R)C&lysrPq%8*W*7U zMf>Ls{G#t)w;z+@`S13;)4#@F`u)}Nn+++x|H&!%_s|scH`3Vu>GebN?}jPbuN~mr zzt+>6?O#f9|KA(yj~>77zh#Q{3yts3Y+olu`~E4~SEP7;ujM%7*YCeM{wXQiPcYtJ zv;Bq?^Pg|5A7=X#Q@p>e_HgdsOaIX*MgMhO|4to;WB-Sp-_!E+>+}QhNX_>3jrP}j zwA019y^j0wcccA{x}ryFwm-vYf0IW$UHq^+{`?Q;*+pf>`?Qy?=#lQ~>ceG<(|&iO z|06xx>0;e~)a}2e!4FMbsN3mOx36&9uQcxe2wl-5)$PT#OK5BGqh~zY>0;eJ+iidE z@y`3BWXQ&GDBR@hKMhoc>LDj_%J)M;Q3;SY!P)>znx@#(MwU zlgaa8);IHY2RijNe!Xx?_2%ykgI_g2)oGuCZB*VyjZyo0b z{M7GrWk()=EGlu@@9kbcc)F9<-;+nP%HqF$oZNqYHT%ExE~kAh_ZKJkb-pL9zpd=Z z$|K`da=|x381e`|-+(9)Fx;v>$P<(>~qz|F=m_ef_?j zU(N6TZDak|)~9;+-_dA4<8`OKxgYl!z9bC1y<0WsuiR+=el`2Q$dErAZtO?B?pv4N zXyE0jeJ~Bv`_c@i!@BeU&nNE+Uxn$_vw`$8*=LF^?Kf7C*F~kqj^H`GF=&6Mf4v{r zu7OeTn(_YZH`eK2ujfYf?XtUllzhKi&vN=V{WiC2=oU1--DzLT&G$3jC$Dz8d>?~< zwyEa&)o`fOzvkaljJ)p0E4_7`(_YWlO$MIxYNyNB8~FF|nDcuYkLY?{=_khisn34Z zd;S5#{$l8;Wo{zq1`{VL=6$Ew-hXYh{+)oee@*gwuX$(fII@!QA7_dlhY?SD4x|K?P){e=d8 zSy;{QchvpPcx$;2v{^OhPmJ$vb~ESq(tUq#HrAivy`A?r-ThCgq5pZJ=Y~S0EcRpNA{@L4je;ZeG|9iNhKbcU?`JZFFKMkun{(}#3p0{2<%1Ww-A8xzG zX|MNRT?{*U8s%2l()l zPQJDtu$iVQ|JHF_&E}D%^X;N@-3vN3>v`pKE^_>#o&QC2>Q&z?&-vEz$9&qopi{G+ zSNXPi=py)9iPh@&nxtb!zsX@5VFG`yHK{^}O<4_aAkCSI?JD&EKhT$EmOD z)U4-~Z|w2>H>5d#xgPDk`ZLSD#$S=<_~ln8UX32NPR)Ki^B(W7XMN*>*Zs?(&ikX^ z2b~(trNWI@pxiAWf1>-ldfn8i?pLQ??Ip{3e)@gZscxrJulCt#w$E|v>GxBo z`u9_&{`B56uix>y|C}`EuVRAJ|MhMMI?X@AdHy=D)9s%BA9ep}e*a$Mj~wNUOUspX zYR+TySEt@9?ggD@4|mGzyX87HpKs2APCdO})2Z2ySKjOX8>RXDa%=ehdG%k>$QhT$ z9Xd6~;nhAj&HMLiA5HW5d9{zE`Tcsef4YYEA4#*lyx`1pwmY#pHRstYA924E{d{!l zRo^V{=-#JZA9X56JNKo(8=ac%D_(Kx9pzroY3^B0xn3`HYPR>9|NJ!P&#S#W<@B%d zv`)9{|7oY*A?^j8=A_C0qnD=FkJ+!zd)|MV^Otj-)4!H~>Qw)Jsx-%a&U(M6(|q@L z_4}k#^Y^kZ`(wtRpXT@bQVsEs*ZfD)eEyMp9X`3g3s7{LGuJ7f;!c=OO&k+-;|*!~ zgHFwP_R5d(_O6lf|J7;4eJ?aW)Tz;pc+G!Bn*DpVmtCCu z((9Q{&Hi)#ApDY@X8)1%ocq-BN}Zbb>6MRo;E$X%`;U6OKVJQroANI_57rc^Sin~otnSr z)xP2~r@dbHbh=%85B`;?A^xeTY5R2FKacl!Lk;_v-yFG==9fA(=T8nwZ=Sbn=N8m) z`_cSCr(X5Va6@0;njXjn)C0~KAL9x9yMHl zy!y{gbN;>B%U;fN(R^R0`Z?${;f_;37oFNL{bDc5%7IyK*eT(=+n-RabPPrUN^HC%t9?mX%5Qm0=1ndMK{ z@cyGU#s4+zKc|NHuVW4S_gX(H(tLk&u5sQo?XRX&spXXG_erPb^YiLovYqz&ebA}d zKKpE^p8oE2YS#1053S+*8}X1o<)nH4`89lgIUfCcjn^!%sOkIfv46;};q%W)v;CNw zK0lB9&rP#`ulF}n)As4|zZ$+jUiY7He^>Jhotp2DxaVDIe5cdx>bV8x_2^U1_pAN) zby_jWDL=+-r&F_izB|u)ebA{_|7LlGhyJZ1&GF}Ytlt~bY#&+ajPo(~#&jyiTB7-FxJo=coCDPR({+ z`6)I0{-Yl2XYM`DxHLb}sd*pK8up)4&G|F?uj4U)QP-|W+k@!TY@hR^GtOt-3p$N1 zaLP|`%XPY)e(_*upVir|r&DR*lwawV>(tFwCJ~SCCz9>-ufJ!VRyNds9OKl}b}KrK zxVS*Sk2=-Obedhw^-H(YX-*B>N3VD8U;7{GRR6x2Zuk8RaoV5nR@A9{>6Gg@b~-hG zFWck&iMa2j{@!(JwwHUIe)RrAr`y$Y3-t5R*Q3>3zs>a_*JJ)qbjPLVOQ*VDo#uPI zfBJf=G{@up^J-__f5hYdz1o}QUi>>J&GBcy>^#52-5=IzMNg+($8plBIgb&K@#jC} zwAc15IyKwp_i^f->h`bG=m@90fm^Oq^F55Z>x8yX(`iMT-+v>I_dhqy`K$1-zv!4| zdvVXB)cjee=5yA0^Zl7uL;jP!%9&@4J9L_Jj#IAJO`V$apL3#9ueN)GI+b&G++L5P zGOh2_({^t!~3te z%bEZE+!@hn6{{pif#~;NN51_d?&V zPR;MXqLb7AvF;D*G}q(%59*HHv|@?V{vJ24)95bF_%CwHb*jfv`7`@C?e+Sk)5`0{ zA9@_RxRJ;A6G_v5uEL|e{{2+x+8Va6sOI-$j^7JEMAGyhon^$U8DjXuzh&gJmv*zK zMBm3jySBFTdR;!*@8tD+)?l~f>qp(^#XY{01XG=Md+*{x0`1;;rcW zaGO^JmY*SP-&-E(5~JnQr!kMgJ8a{Zm_H0t_!?&UrqojzJkfB9-Z z;1msF#(dN_^6O4?o}b2b$6V*+HO@K3@ZUeqh=;Pqh_7JYPGe*I8;y7b4;j~AGxGNv z`Bp~ztBmVr|8;6R-`D=`g)9G={5_iaVoyPTZjeOozr~MIb`@6n# z@|s_7+2-U=bgv)V-pL>4=9mBI*o@^#g8j+Uxgi@Xg8j#m6WAe!J(L{O;}# z-T$zYukGeX8RtcwZN%T{eSuS7kFVVL{ei~yi;ebA8U39x$oV}l`PB%6|D5@H^8GJ1 z_{EK#oa@@orH>KstkIs%b-g~%JIcvxT=8s|L-Uibg@Elys4pZ6Q}7aHru!AARzM*F}e$-jTsUQS-m zzqvjPyU|(S4skCucFz;ld^)lu8Lydnv;LngZ;sc@-)4;WL}R?i8F;k0@jWy(@)bt= z#vdln-%8_s+Gw2L`i+raYt;YQxc;M&A7s3rhZ^^HfRQ)ntapq8#NYG zKXAX-uLK_3loWe$ey_8=s@AAne;_G-``HPJF2?oCiACSDh_CLnS>-B%AksoE`w-|V@tr5Tc9V5Ssf#(L^?etg6 zox4s3etFZFkF$;OH@VSiuldib#(ceRAh)T`zYz|JZSR{hjA~T-Wy@r|h`B zes6OTzA;xa?DR{QG*G5s&Noxkq!H_ByXqy_`l}J&C>_o$6&d`+^;}*UN0g z<9bIU-s8NE3Hy=0{a9-|)%`bf%MUm3WyCE%xxQ0h&u2@w{QM`9f2XZm{>Up%xxW97 zZh74iPPyLib#cpUb#}`2I?}@}Kl?PNT+c^uw|q;kQ(nt`LG#`6ey=*^y5E6rd7Ii! zxqhD#ZuxZvz8>n9Z+gn9ujgl^TmF)<-yGwX$KH49Yq`|~x4gKwQ@)3LpHtlO2aR=k zpn78R}`DwA_-;cWG?$1^xj~elAXBhjpi+5{d*VXczRYpAIVa9&>;5o_tPNF)P9`C9H9vY(O9HuA?9`BRMic}BjWkw4Y={>qK@ zVZD*xX5@p0Jf)72fA;X?@x5f^`x)_0&wIwHufO9{-*EDJeYn8LUv1=XHS!M_`Dcv$ z>qfqnk?(5c_v_}|kADA-G4R+C#`<@xf%jS%>vEAXpKloJTU(=kZ)2T1u8{A^b=|LzFnemg-(rXJ1v_?alY_QyRl5i%z)lKc~3^=`~H&ip6PsU$K-sZ zM{+(tKRF*Anw+l~lbn}=e`TY9H`RFmpd3`>v_e?rh^zX~r$?f&|w&}LdxiYzZ^vmS&RD745mu<=UY+rKw zoLb5G+#8bfk=v8=`S&H~qmL!$Wkzzo;<@C!yq28LZkC+SX`7tS?UJ02^iIy_4@}NS zM<(YhCM4&x<4)e3?`=o7wu>}=onYukh8ps+DTe-|ouPl5{iySM8viw~>*TfEpv&b> zUgMpG|8Vkpzd6I$FMMj)dwgN!&oShGn+^QB#;^|=e6Q1AEq5aBH12PtG5&!@{#9dN zTeO?=dzufuYT&yKS5^zMW_M{=UXOyKUp-{;t~B$?Nwa*TBzT8qXtU+|Tg+lG`sa z{l&a+1ranq=q%4VlL$4w({8g*0I;$C;th?_>;RJOX;-8AB+Q8$%s&UJTMJ(HXi z^&;-|Xo`BC9i+POlRFMKjksylP333zx|>GaH0q}Ei+kNoBW@aXQ~A}s?xqnpjk>A) z=3aNxh?_>;RK!`gbKErIrcpN)%f0TV5jTyxX{zC8uK$}e;B)8QO(Sj^byM-X*WEPY zrnGa zH0q|Zn|s|&BW@aXQ>o=%chiWQM%`3uyVu<`;-*nI)%Trls*&s3uaouPx_r2yx7Ou9 z|JKUxLT{(Eeqeub)={(k(4bSU`I)Xi{%^_au5LHQqkQdwPJN9lbp2t+Ipvz)>wcDd zlpmbq)Zf*eC|&>jYn<}kjPj3fb;@hG<(kiI@F>6hL8rdPE4qHkvrf5|Tj_DE@F+hg z;?&oCRM+p-+9}uaCOz(<9_4kqJN30ZwX%MHr(DZvb@`EFopLSz)bn(PNBO21PJJy8 z)%6E2aLTpZQ_pLGNBN3!r@pog(DiTp!YSA1*3@#J!y_K$LpM3~wLDkX@9T5q1X^yc z%P-l}Dc62+`nlcdQNG2nSJw4+`@8cyS`ML~a|4g^ea?33>vJ4+{f5SQo%;FT?@>O- zun*GpU%SWo{d(?v>GE-g{k49N_IT2%ukEyT`HGjE@@)5aba}sKPWfSOxqiP2J<1R4 z=+v)o)W4;dQ{KQW*Y9H=kMc7HI`t1X>MwZDDGwXvFHUmGk8sQNd)>#Q{Qa3u{UeR~ z^QEs_@-!Jtj&z-+wO5A}St7+d^j zv6?D_6JKF(vG`(qg)PK-Q>ERZc2Ij!1|P~e#NrLGczPC3%3_u+e$iqS7I)w)>;p9y zi?7#L__kPl4Hg#pzQWE>2eI(_w+?}Ln=IZCUtt7l0yTx+f|`lN7iIBvS-jD{!j@1g zs5R6EYAY5ip~Wg@F#um-N2rrne5Jm^cc3m%SE!pW)-4uxVDPn$#n4co%tBB`S)E?>pF<-gVJqzN?uyUXyp>rX=AYV}r zvF_pTd!hTF`=JM*2cd_choMKPSIF23r%`_lGy|GRUd_uGu^y$)W6xO<(U-nj0z|48{NfvmGTRq z3!#gki=j)POQFl4hS24zoqDFK4ZmA74jK<}@2_+H3g}AcD(GtH8t7W65p*4Ny=q@T zeKmjFQ<3^x&BZLS?%-O{WU+3b-i^>r(9O^-P-Ey;=r+|}^~t+k)D7ZWD&k!)>MGWW zTt5jq8Ttow3Un%T8gx2z26U!sukQC@_wucLB7f`D?n{lfZbUE{>BOrVg=ZP6`&3)z@DrCd$9uS%@=kKU)Z^Pktg#N zAHfPxmlfauzP9uEqK{++IG7dS5LSSCtN@2*i{$Wi+{WAZW&@E|`ATl*Eq|OZs}XPN z>wIlj^TpiBmvaYS-8Fm#kMY&y@-<$`mvav@uz?x)jv3g<41CWFY+?p}U~KSc(;C^GmZks&XO z41Gmp7;k&@HIZw1YZGsX^m|iemxxGq6OqH3iqwBgq(L*0!<&oj+d?GkZIS(3iX7ES zL`mb0X(MuMTan}1iR{*1q*e!!gF1?w*h%E1&LRiCBl3?fBByi}IklU}Y28J3?IChT zPmwcwiJbMW$l1L`0)0gG=__(xp2%pHi4rdCyL}x5}7nvWc(D7 zJ_RDnr;5BgO{C3qk;yYerpy#6m?bhIiizoLkp~Jz?ky5|FeY+eT;!oSB7NtIJUmb2 z`S(ShnJ@C}0+HtyioEoJ$P2|H|6C;UVnSqOiO3_1Mb>>N^6e6lua}CfUncTRsmQD{ zkx047FUv)K{Yd1ek41i7A@bfzkx`$B+*%=W@hXu^R*PKtsmP^kL@xSF9@+Xmxeir%o7m;?qinRYtgj;a_y%yyO^KUOFE2r(6!3SbxtF<$q z_42=u4-{|9;DhSp1I6n#K2R7d9eiM83L6)Uc5y-mA7t>s&cFxn-QnPa8GQYB-<`n+ z>EMHD20j?`{{SCMUHK=&2ki}faBK!2z@K*_KKQH45B#f}j?Bmp6xPYe4>IzDjQqfr zA7o?)|2^5k$ZW|I_g~o1FMPC%6*m17 zXio^Kgwii)`Mr|&+d6`}qz6C;LI*(yLx({1phKZ-=rE{0)Brjh3PVRgM?yzIM?=Rz z$3n+Je}|5TPJm8?PJ&K`{sEl=oeG@>oerG=oe7-oeP}@oe$+e7eE(67eN<8 zmq3?7mq87o%b_cvE1|2PtD$S4YoSKab=6< zJ7D)<hRUV&bPUV~nT-hkdzyh-UVl+0V{NUF+Ev~H!U-bCq3l-@+?Oq4D}=|7Zi1D%1= z7bMBwl`LJ!(Und>$;6RsqodJ#eXzk0-y9_;SGpV}yI1mWC38n-Ve3;|eFQoM|LV3K z9XWy06>zV%uEEiF_*Zx91a*eq@vrXE6dLGX-L)UoAL<5mg$6*>>)IXa1NDa9rEW*4 z3p4>52~pl90!`<7Unmdi1yQH#FlaE857DkG^}7y%hC-^(K~PVq2gLn!<$k)3fQIvX zlyzy#J+_3JLF#XQqg%vRtj3!szGCzRiz1}xN*1A8Lhs^R#2gnhx5enlig`Z86U4u| zWnbSS=DK*I`kQ-d)lcbpNa?>7_t7>V>ZdRV`IbumL%p6#_d?28n#@wV3i{4hax?cI z%Yf1_YW+eWh&~|;`SLEvpIHHRWd+!+7V_lU>FF2t*%$dVE5LsHBcEmk(E5b~Spg1W z1u*ps*{lGE)knU~3ebQR;BZ!eFe|_jN1~5l1vrWo;AmEWV~$0>%?fZFE5P4b0gh({ zIDr-5L{@;4SOHFE1^5Rmz$vT%r?LW^#tLvcE5I470B5oSoW%-oHY>n6tN`b-0-VPR zaDEQ@4OV~)E=0b|3UCoCz{RWpm#_j{dKq$FR)B`A0GG1@TyZ5j4OW1wSOKnP1-OP4 z;96FIMyvqWu>xGr3UC7}z>TZ`H?acT%nEP|D?npbfLmDsZes520zAnI z@DwY+)2sl`umU{G3h*2&!1JsCFR%jqlNI1aR)CjS0bXVWc!d?<)z{FcumZf!3h)Li zz?=EV`1>L6?vMO^05a`C$m55jml(nRb|iBDG3aN;qQ4o3jC>;clF7*Mr=qi%hJ1fI zvh^9r=x3q7h>5h1Bj=xk4rDGe_4kqcm!RWVhTh|2bOWCt>#jg=vI^P%YLU0rphx)( z9m?nEO};>nvKHOJmm*ESLZ9+A`jl^wfv-ac@-6c7_2>n@LuaxPoyzynn{D!Wjvn6@&_+@nuzkE5sFKY(-W$iG(d^OfD6%+jO^+dmX z8}-YlMSl4#=9e$#_+{Oj+4A#{Z0UPIec5_oefgJd~Y< zvK6px2bA4_vi-pR!nUJ8N22T^Ys3@9yr%3BGWg)! z3_jQqKA55K!9aA^V1${2(OD0{j$Hxdxp{I+pFS-@#xkkpnF$1 zViI;B3QJ7E2BZMJyNM}gVk@F>MHG90+1MErVlPmHy@!c2=3(ohu*Q6BKNev7u@F7_ z2iScSWB0KLyN?8RAqs~q#_r=obT><|0a=Rehr%VL*btO~cgnE|SdRV2N7yJRtg-@I zftA>Vn3&~LY)-0+TQ*?JVPcmbus_lGWed2=#4x{Ln*d|}LSdPcELp1X%>LQ3@!!E4 z3TG&Mp>T!56ADKt{Gf1y!V4x&@WKa|8Tep%1|MYb!4BmIapVLsC0BsY#1)@quO5d7 z#yjyhygIJr0_<&LN@jrkAVxl>_WnwzkNsW@9u|XF#o=plWfSMh58~J(#*s_JmHj37 zAf|YzAwP(z-$gDF=QrZ~Mhq+wgD)yOgE)P}+LFRgU3*D*>~`{lN_-Gg{r8pa@If5e zMtnNuzk?5Aj60SFK8P_VG3F+w>_M>)jbRfSS99m$gV?*OpCtK#FOD1~K8kYW2UYPw z9JxW9@yD?-jpswmO}q=grN#kfh{NkOK8S;}l#Qjr2MfRp3z+8x^t*uhQudi9K3KpU z#=$LduE%?-zVkEkgN*#Zl^-Zfps|3K8z>B*c)#NJipMK?f#&0ihtG9o1d3;Cey#bl z=FN&HYksVFaaGyD7sw2hygwS zOZr@BNz02Y`SfB-)?5akZfMD8jVx(>oh5B3+K8yH_k3@v0>= zUbAH8>y`|D!;&F$ee!*oPd1hNWZOqR*|@?d-|b9%(AdBSzh>}31|RrJ*s~_!g(b+h z6Y!@J_+0}2T>@W9z^h8&O9}XO2|PXl9w>pYC*VUR@RnQjhYw1)-vl@$F$L-YFEr!_3Ghrp@yOr72MMr9qL*s>`|^VX zSR(vKMUAi-Rebf6r3kN}I7Am>Pc2TGXt1elY2U1yjSp~G@+H7<31kEbo=*wSC4rAd2^b{-ekkGj zB#;l4@Z1t$2k=7%A7u0kRrCukKKMmp1BD9|7O(=++!v50IJCSK2*}&PfV9dANSj>( z(r(v)bl5E*ooWT-o!SBEx_dynhXT@bkAS>eCm{Xy49I}J0`kq?0eNqqfDG9;Aj9?x z$XELZWK-RMOgSJRGY<^N+=BvAa&SOCJR~4X>jk9r(15JS4#?`m07`#|C8MaRK@E?*Z9zd_ek~5Ri%!1CoDIK>D8? zkgxv{kddbZWbmm08G2ekzC1l3-=7hX$!7*+##sTGb9O)y=LBT&xdB;nUO<+eACR(~ zfULS8AfH|skk2j($QKs}WcVcknRsbH23{7BpBe__hsy)9^@@P>y)q!*T@{dZR|jPC zH38{;Z9rCD7m#Mx2PASsK$_kdkQO%uq~*;4X?;sT+BObI`&$Fj@wR|;zC9pa?g&V? zy8_bV?tt{#?=V@vGx5Qob**hp!@l+VN-yz8*(m;hv`>7+zy~Wb`h^TW@RcIlFGa3jirl&sxqT`8zZ8C6iafg% zS#>FTgi>?}rSSVwP6j^pD zxS|xVA}EoPpfp(= zl%^jB<*g+_X|^;d&6fqGMQKppE(=P_@}RU@9+cJ}1*Of$L20`pDD74TrTr&C=}-}r zj;n&wX?0LKe;Sl`)&!-?XF=)uc~H825tQz0gVN*6p!EDID81hNi~BFMG4O#eBR|OC zgYD%9=)RTwpb(vRrThThwjCD|T{-rN{?*vZE17|92dCr*N_K!ffh|8k7miHbi4};R zzYx4&+vbBSG(NE7_klH(f1{GMD?2;w-)P&~V>e*i*{lBA3;uc?ll>Ra?f;Jb0X72} z|Hh1e<7pZH#KNJ68AlPAh|Ah=b$izR$#6PHZ`~%mwadbNR1&sk_rHFf= zd<(1c{Hp#7|B2WKJMta;EffFX-->_mo`DaJ$l!wvK5%>ol+OZtdF2;i`wXC8u~+|+fR(RT5Xl+S~WtMYw?`L3z5SbPaS$;3yx=r0-{3Aw>9N zgm(BNw8tNz1O5md@ki){KSF2x5#Bi*yM6o-y5f(}?MVC{@JHx@KSEFZ5qjZ|@Gkxc zz41rrgFixF{1Nh8e}sPcBlO1~VF3OJ1Mx=~gg?Sy{1JxWk1!N}gkkt2496c~1pWvk z@ke+Me}qx^BaFr$p#pz|Rrn*U#vkF+i}8)XAK^3n5k9{xAYb5*uoi!WFY!nC3V(#J z@kjUue}r}TBYcZL!g~A>zQYgUd;AZ6z}H|ieg>5?hJVMN@Xs0_Y5DDr|3WQyQ3y!J ze<9<)PzZl2gg;d|A4{FDGQhOd0YB?EMKA06)3+$c$9lS zmah;#RS3Q)1Yfx4W2y7Me1+f(&c{;m{}qq&+3^s;7xp+_{l+(cVe1HQ6jS7N_W#Q1I54fx8I-+-^|*p|vpl=0iPp^V>- zW6AjK_)Lu7wh0AaRoaLu{Sf07(w>m1Y5qQ zB2C{Cd8--vfaW62Tc9_18{5E^#4~J#Tp#Yyx(zmlZISP{Ber3CbO#;KLv$4B*h!>Q zXY3K*A+BK;bO&A08+60wu)9e29_;6PqC@C~{o%XB3hGS^ras6O`l3(B!%i_DeMUcY z75%YQK!z~@tTK@JOoIla!x(~I13kykVZ>rWt}%QBu^LCBzjzPb#VC9+(R+*r*Nhp< zxlZFa(+R!Dc=R3<(0fco@1f3TnoR75DFvLxG?lZl(0@!r_Az}1XFj3-n8^n)D=HG5 z&G}q~oX=In`CKv1=ZbSa*BpEq<`S<7y~sTDBJa=VOepjs3$V3Zh^^%Z=tqjtk1R?M z9|_xw65=y0{*YJ@=u4I?k@fES1(64-redagVcdSFt z^6h$JQ*6K=6-AH={jF|bJt{u+aa#=sLXg$@&*;d$c{C{ z?-6qe`-!f;IQ8Ofxb{2vAcl-X#bdH#K!J1Y_(zKG8~7kj|8Z51d$4USl)nb`;)=J^ zE)I6_!Ur+1S&;`mh{6Bu7*c9H3S+3TDa>KugE&|wuI|ae2XWddd=OXVJHQ7qmQLrN zm60F(mE$WbdxIg0=PF*Sc&Zn_RD4qLNRvOBd{Oa4FMjC73l$Gk{LkclCeKs+Zb!Th zAz0M1q=NWK{fM75mbgjth?}&QcuB*EmsGHqCH?odWZZt1EZpCcZ-}2XpZG~%)wg6o z153sqMa-q6Etz->@t2OZWWw>pVmg8NN2d|b=yXdaongsuXA^Vj9O5HgLJX!$E&1*W zOGaO5$*il0&2+UT8*?ogPRyjK4-yaQAxow`Y)R=OmTZ31l2MNl8|hg~%Ad1jD>0Hr z5+iB)zS%NkXOmt7Dhzz^LF20kNm*K zHVOw&$BtR)$`2GCurZI~`)d5~cZCgX3^bWkVFj>H9BdKio)tz=_`t>q$WQEZsHvy0 zfr^2t;#ew7q|VwPcBG4wdb*241|R%&F7VfCJ`&1HJ$UEC2_54Gx$C4)`1#un-*Z4g9|t{{Jofe>VJo75x7L`2RY1{~~z* z`U~LU#8uo%T*Z=$!2n=^#bAMrV1OlHfK4}p0d4^U5KnPA@f5d#2@+s}4PbzezyLpi z0m{GtTZo%DpSX!%5jSxKaT9+56RZRi{CYsP{C04*OgJQ4`qj&pK|7n=B|yG5@WGQA ze2~Ehe+qoCYD!c8swr>T`h^%WfmjO&eE<58_i)y}nSM zF9x5E^&?*pfto1&0%!YC-e((g#~u3U!eaHp8AD2*nzXNGWg*99Qn(i&y=s^`bvhNFoBXIDA~P|&qr%0 zd-syNEBV5XWbO(lRMb%3?j>tia)%ws*?&XEUJIE)ZR7{p$QKSnmhe10{{?vdKjG;w z!qZdDY1^<+xZdNTa2dNQ?HJ(Pey)UPp0o|a+d)4(ZB~!W$-}; zAN(2cK~?(${2E5u_6KqJz0xnJ{jriCq-%d*>mT5m+Wr82f^#mBYkv?&CJk^*OnjjtD^r`x_^xo($)E!a)ha_t{(t8D_TR0k@z3i?_ZA|;ReoLK+Z52 zIm1w}hB|{`0d3QD%XoK>|yP`ZnG=o>QfgYz@zJHMHa zenH~_rB6`u1Fc8UHhxNPP?gUsy+OM6dsXfBl+B(gH!x)eO3#q4ZC+KIJY|n($_JEe zz=!_9kN&~6OX!b2B91=dGxQPTuumw!J|Tg9!UpsZE6_vyasl=T=oiLo{Q~DTExpc? zA2gpwuTY9!VYBAdeRZAZRM(eMnUurH5Dk2K1|9 zMOWej_^FK%Xs_)L6i>J96BS=qHUaoAs52WiKCsVhL@uH16E!}t?GMzrl&u8qY^(r2 zQ2q>)2l?{{?kcq{av8%tsR+DE|e{YV@h| zI2Arn=Qk?*19b*u99vG#baek^sB8*WV56^i|0>rue+_*93+(ZgZ9!E#L~Vbl_`9;VSGI@B z&fphp>y~MV#5Vz6y`GZ4M8_*5Dv)4bB7$oCOv*7u~^m*dCg^ z|1xX~IJ0r1#sHkz7`+LbhQ{#xTjBX&fx%#bNq1p$z?qFx!34wZ0aM(I-r+v<4)j4;md8C1Rv3Ny^W zKQLNFZ=kV5Dqld;9zkP@bYuz&Tcq;!Gi?tv<}l?7yMi-z17~1&5XbJ|vxC6{hkys_ z!S4@+-)AE;I1HJ=;oyTX_}~b9B96o-;zaPlN#KK1;Qyz>|L*`N+zC$5_~CJ65Kkb3 z(6~Tj0fh(ttfcY576TvblEDWVe4u#J&ZK|&H>!O;Jk^#TATv3m z{(Rjm2BZB*N0!&>s##gUA;k7e@0thfFHwf{1~R<$6)$1j%WY|sN&DK2!Dq4Rs0!0 z#Gm2&Gw_Ez8+>pM_y8XU?aw&l$}0Yh_%aN@mtnk?D?A8pcnI8pU*ih=8h^p3VdZ1s z2Yec|Ut^^lLCX-79ARgY#s|JT9Q%V>Zo#e@e2~EhI};n&`{hD-e*zwvK)#M{Ne$vB`d1SV zv4ruLAipRhHBu{bL`Ako7DGMgBSg~V7aBF17Y9FX`C0hx1TK;{x-aUL-i-zUc6d}1svAjaZC zVk~|@jKyMNEG{C(V&bHLln`TaF)o5iedte_lxR1Q8W2OpJ#56V05 z@b`5;Ua7k{WbnaX8y_h7fx-v7XUWKevSiw!Su*ReEckU6{5lJModv(nf?sFBue0FS zS@7#D_;nWiItzZC1;5UMUuVIuv*6cR@aru2br$?O3x1sizs`bRXTh(t;MZC3>n!+n zmMqW7f;VRo|2T{I$63Tb&LaMC7V(d>h<}_#{NpU*A7>H&IE(nlS;RliBK~m}@sG2J zf1D-j8)eCc>$2p#>$7BIhN?dY8XxRu;DcHje2~EhUVP)fRj%|4{?(BlP)`;A!0}&b zI=V7Gl8&$Z0rquO;v?Djr{W-L{{?M-Pz--9hQAiWUzPnqG5oa{{#p!wRsIXb3SXd` zD2Bfl!(WTxuf_1!V)oy~?7xfIe;2d=E@uB-%>KKW{dY0@?_&1f#q7U}*?$+KyDw({ zU5tL982LvraTk<5LoxWG7<^F-z9FaG5Dewd{GR(C*V_@WqmQ4GE)2457b`v+eXgD;91f3doM^d`mX{%1n7#J321u?T#z2z;>! ze6fh}FJk@XMr@ewotBF9ogrGPSK=rnmRY%np8; z)zL4}PJWr)*)N6f_@$_eUt(ST67S}hIoBWl_Fg68-#AGQck%4)n{CL4H{}*e}b5_@#8HU&@C0rF^(wmXGkuMz7sI{IYtyUp}4Smo*dp^4TQ6d_LJPUrh1K+5*3PIn^&;P4mmw z)BW6dS3`DK07FB@k2<-0<^Y%KE2_c6b0iu>h40qMulxl@)~yW6x1R)MeML|9B6!SjDZh!&)|a$KJXQ?|14zxnK_>c+dlT+MeM(; zb3T*usql!OX!|dy_|T^Rg7(KS{1>*fPfWvq!S=~8{TGUmKWP626<^x)U(o&>nfM18 zd?0T|By&E~>>8ZUWcp+n@uRnk6RB)8E2L&;GMRoFMjYzx;za&N90+_f68L6pzz1Um zJ{Z5?bFmViO^#`D{uLhV*e7PW`NK2kJ7@5Le|47#)D&t9b%eS=$osqWh6X~!E9x=< zn(klSjk?{MK`kNbccXsQ^Of7?lZRUNgnIc`x1wGvexubOM~~39pQ8^zmab&~?CJfh zyYd@dJ3*b5ogL{r5cklvE7T3@4skzS`OU8UX4iKi?yYMds4tWU(P!6w%FdCrKQsWM z->!q8!O#$BC^QTj4vm0D+Ho1xIm!BrX?3QuK3}>7oS@E|R%b1zIAhvAXW6tfOrRf7 zXI9(iF(cPkXI0y0H6z=%&ud2Zug+|?&$&j1VB1)-=dV0p8##b|-Zrv;lxJ+Cr$``2 zNFYb3JZBsEgKe{kJ|lr%BY`Z!K5HA@hJD^PvIWlEcK>DU5B}2j2fffI%tD9I8~s5a zbO(Le-{)bgI3ByhRoES_#_n)4c86bJcen<-!_Tlg{1LmuZP*=tiQVB>*d2b2-QhRb z9j?Rf@LTK-*JF3M0lUME*d2b4-Qgze4u8Pz@N?`A*J5}0DRzgyVt4oxc89-UclaB2 zhg-2b+=AWV&)6MSV0ZW(c89aEJ1oTRuoSz)x!4`Xuse*qc8ANcJA5Cz!}-`9F2L?^ zA$Er!V0T!I-Qgna4infNF1`SJMb36!!r9JCFUH>S5^NnW#Rl>+Y!f-#`6JGDUU3CB zidSO4$l1@*LkFI^9;FWnl}m+tr1mmUw)m!8=T98 zH-=@GUM^E%#4JkO|!7HZ5ft! zZNt*OV^}(L3QNb%Vd?ZvSUTs2rHftz<{9|ls0=>H-~;%61p3q917&{?@9v`Q@A-Q> zeBfJ*JRbXdu5E`8l>YI@bLHk2>p#z`;p@X1y5&v#@B^nrb%^1Y+1 zzfZ+SR`PdsP9uEWzq%P^{0{bt$RqOYvm24!Bd6f3$FZu+l~Ztk#7CkW%+nINM9U7! zhL3cFbB2Sm^HcZEUR}xF3$gJlWZzvlQq}3@n}Z*KE%#{I!m)RlMm{oF$v=EW5lHDE zun%zKG;JY%Id2vIrYPHZo{8Dt@Gj7eRao_n*50`1~S%R)7F2K#&z6YZsAS zSOIor1=x)hpjK^;hi3)YofY73tNaYUr$qKL+E5P2Y0Q;~4?8^$UA1lEA ztN?Xc0S;gVIFJ?KAXb2bSpg1V1*pdgaA>wjHY>nktN`^Jh%{gYVCyAeR)8ap6giR= z;3!srqgertIacIYR)FJJ0shVka6Bu(39JAovI3mM3UD$jz&}_4PGJQ&l@;JLR)Eu4 z0nT6rIFl9NELMQCSpm*r1vvLSk&OL;*!BnW`ypTNFVcSi=QIr>ZsHL98HS3C9EP3Z zaO?+05I1q82p^*i9nCpMV>qv2EVc&|uuGUIGI5f~;K{^EoI>2gsn{A!6PY)Q_(@UD zf}TxWqe79-ibNL1&}GC$n#|$+r@10c=MhWseUZ23i+sL7WbHzcbsva)Rm?fhi$uOD z5oxwq8Y>KND&DxyZ~fMB1$t>F}jU`>#Ygel61J8Oe59?!IoP(`CqEJ6;Mb3RvYB{^zhFx_1DnT!y|X2;PqviQ&6XtxWXsY6vt{+c z*|PYMZ27QWwtSkME%}FKOGSNb8jr}9_fO20HD_ka$7f~Bii@*l`N(YfsQzIx+*e;F zW!0BCd(@XHd)Al9$UBPa)t52H)|aWsJ>t3bnB<1`$?EK z=U=_qt?fVda`Ss1nZXAce6W+_2fz>WZG52i^d>$~F%YWa0~I3yKYtq^s8|X3`@_?d z@qzODSMd{-jKPkb0RB-i0aPpn6%RngQc&>#R6GScCIGxs#al=RAE@{XDu#fH!Jy&@ z5NCk<{~dh5In_!|p<)fFSPjG*0OxeG<2~3h3nS>XupAmWHS&?U-6M61=k>_6!dEuWT|9ny8#g{~0dRgSSNMp70H7R& zoMB23T>!F%A;=o05-VXcu@a`&Lgr8#+5hgy{gFSE5i4OiGKdH|izetSnxeCK3!OzX zbQaCgS+qcB@isb(mgp>6p|fa>&Y}%Ei?--2+M%;(kIte)c0f8F7LZQ$1Jb!cK;Ah# zAYIT|bUh*<-Hr@McXSp#&{_0EXVD9t#k=S%dZV-GgU+HaI*UAX78U3$R-v<4jn3jz zbQWvSS$u}h;`7tdp`f!^i_YRpbQWKsv-ldF#W(0I)}gcb7M;cV9P}m^p!>KG-N{Ah zPA*1wg3jWHOVPPph8_l;#TIlHThUo;Luc_5I*XstS^R>|;#YJQpP;i?c|EZsZXj+1 zvWSA4(1jq6n1DQDTH}C3Z$%z)8!;hnM_+OWx)Nj*<#(e8K~B*hImILsQ&hndr3z1I zECF^<@fAK+_(5R@jTub5;4T3&=tTz~?CuuK&*&Fe6?32qpbMdkAXbOJlKjBl(<=W3 zwSRR|wTDF}AIXRMxn*N~aoZ2Ez^Bedh$Bl-=Ol6#f_vTePo%!yL-*%zhi}@y$=*MX z44og?b^Ju72T<{qP5%WQUm5v9()kMtAL#R$ z?D)#?e-&R@`7gw{Z?%86&uExVIoLtRPmF;-lsqL?0D(=4xUbCl3%h3I2mjykLH&UYIo5jkgSLm^S;*aZbaaAn}j0{{3?r zrk}?-2^Sb=G+mbZoQAfX)6iSTS}Wbgr4;4h93blgICcQ0o@Zp*m;g%2E= z_!zbCrcQwq$B_NA9m`PdiPe7Ik*Sk<;{*2WT%YRf+11{geK`AR8y{5evGLU}1bf)B z1Q#Eu*oq1tBot=A&W?S)9Y0aY6_iXs$3IZA1|>UCa)YY)z_xi*F$Tc_3LmI=f=XUs z#~4)d1Z^9Lf1zy;sALW34-)*AZPTafD|rLBD4}Er+fDBl?#E>Dxks-`MhAc*=5i*1X zGK3Oj2#b*+e25HTNjM-&ks&NQ5?e-O2xZ6+%8?-~M~3hbGK7zjA*?`#uo4-GA@oLu&=(m(A7lvqks;(ELl}e% zVL}bDLQCWd1sW^pHDHE;4;E(dK?WaGl^-~|_hfva^w{wAD)IyHfQnb3&QVsf0Y~QG zDL+s;aNBmEQhtC=z-~X2y*s*aB|otB|Jwcl{#posHRT6|@K+Nb=<^qp{6NP?(&sZ( zl^+x$4=7Z!3h+T8G6NMKsgVAa?LkrGU-ARnwg4Pb1b!%T=X3)Ogr*#ROdGqfiM0O{*6Ur_#MVy^?c`4{*CJV#v;a_@ozjo zb3W6X`6BuKuqWv6+8-!c!XS}BraWOdaSKM&AP&M*Vjd_=F}+GGgjwkHqu42E*+Y>? zQH*mU<0A1nB6H?q_b?Bg#`~NZIbUS{0_+(UV#n|Sb_m!g6fY84ln_ajh?FcAS&W^+ zhuA4BSt_y=I|chZ$uevN%0+e--)lH~bEP607JliUiK&%=k z8*&4UA2dE#W#EHF8GMkz2kGJi8xLTAkc11gEFcYh;I`kf{Gf_{f%_T0L;b=Z5MSBW zFDyeozYO{OGW-XY;Xkl!0)&0zGW;u-;Xkkp9mq2D6U)#~EJHuB4E@A1rao!k{cJ3d)E7 z&G^k5g0kehpe)@Olx5!srF2tJ%0g~TXDutJn_Ydo!r`3P@O!p}n#b29)%akYfe#WH ze2~Eh3Lp5&X9}`<*Z1GU{-7LR1!bS8{Qj4tn_rII-g4{-mycHE-u4H}-Pi@oRcu7% zzo2{)Bg9^ewDT=@{TJ*r8B^FFELZjdhJ9jn><>7*aXb41&TsU61aB|v2hsn3`us+P zX^b-*edXYZa{AQgH5OriQLbzr=)WAhhpOi`?kK*pKFhHP`$iRK!aUQl2z;Z@byR0g zsIwhaya~>C^c8_`oR|~#`3t^}I_tF|W1sk!j*pa|%J$$ti4VXAr4_^%UM;fv3t}Uz zCGNqO#6kFqxCdVo_kdUg->xUtfzspSOSxI;?tc>b>1Sdq=smZ_6`VKOkMky{{=w%> zmT}%>Ip<9-=e)^}a@0~c&XV7D&z3%a%a*?X3GAV9hh77=8u*|jgAX$JpsM`9 z-Q(}jzp<+PK*cDseG>5iJAg9{Ydg->B^S zZ2v|T*TBFB%7#$;FL>D}+A)yek8yalX`fg`A2E1y3|FO)Va?v(P&RQ{pL zJ~2kS7<@iPof!TYMc7{y4dU;f5Wg2wwvfud6D$>D3^8mpV(|SKa}h(95eM7Ex#u`@ zQG~oAuIeNI(C072RasLAd=#e*_`nxe1l}TMlKU@%4>I^*05K4h4MG*W#CALKWk7b& zCk@#_haJfdV*j!|9Ib2)l|7+hOE~mnk&l%QV2#L{&xot^IW~+6KPcNj!|rd2!VF?b zp=HVHfF;qOB^CHK7VTomr@LD+?{Ai@-OG}>dt36wewHlQ-;%HE;`?}jC7;)~WMKnK zzBz{2M#oz6?eUh(KEaYzr&;pB>6WZJn|Md(Sh5~p$MOp;*?N&BB^O)r-6i-sUTVq4 zt1MY^wI!Qwwq*D%mQ20PlI8d~Zp%fFfN$f5M=km2F-v}W){?U4EZOq1CG+uR{0d*j z6|Zsr0XB#$@n!rKU&i*tQ2Gr&#=bR?HE4ccU0H%&1A;Fl$3Iw{!3P<9P!%8ip8tZ& z-);GU{dW}^IkEsxe4yM4}Q;oVIer8s{caF^r8CMfgX~ z0WAw(DWiCEY*kwoZgN5LTBK#w@{2->}1L!jrf*TY*Q1XL0U zY6rE4IzSzvPEcp)9jFV`73v0chk8Igpba7=Hod zFJSxyjK6^K7cl+;#$Ukr3mAU^<1b+R1&qId@fR@u0>)p!_zM_+0pl-V`~{4^fbkbF z{sP8d!1xQ^HJ?XDesF${NX`ZF*Ong;F2A2IB>nv%84w7`z+gxQWrbw$E+HARYe&BjCvuNd1y#xWrrksSV(5q4@qHzkQ5yrl2|w- z@gqVq=g5%EJt`#gjtzgrwqvkgU2eB&#n9$)^{GWX&ZZ z`Rvk=e12I-zGxVdwU>wF%PT_i)s-Rn`l^t8b9G48T@#XTuMNriMj_d7T}ZyWJ|r7& z2+8+1hGf%CA^G9vkoMpy*Y}M;oCVOgDfAZ93~COwfZm2$Lam_IP#dT%)DCJ7b$~iT zouJOpJ5U#>E7T3@4)uU~LcJjPQ{UcDAE+;s2jxS=Y3z#*qVE7`AT$U9qx2mD4TXk5 z!=Vw-Na#Ii6f_#b_p~ zj6aX@=P~{~#-GRd^B8{~~j6aX@=P~{~#-GRd^B8{~?y% z0cziS--T zU)f-$!Cc3U`H8n~%v=BQ#{A>|b%Q#|4So}1V}9yw8}qh&gF4BL z`6qARVE)1e^A|Ser+;Q+e&%O4=4b!+4dyRwFn?iV{^`$c%+LM&2J;s-n7^>W{DlqX zFKjS>VT1V#8_ZwWVE)1e^A|Rlzp%mlg$?E}Y%qUegZT>^%wO1G{=x=)#s>2jHkiM# z!Tg1d`Q>th`3oD&U)Y#m`41cOAO7RU{KsG2VE)1e^A|Swt>+DX>v?1T)4Mn3-M_Xm zzxL}JNGayzpXczzp%ml zg$?E}Y`}GFFn?i#`3oD&U)Y#Uy}|s24dyRw%eU^ZhQXOdi=Y8 z%N{rLqo4f0w$H!q6YTY$tnYvOzp&>&Nspg!jz1x^@Bg!U{>pZ#)szIpy1{kz+r|EWK>{rP|M-`V44{r>Z#_V}6l`R{S~ zqUw9?`34{U182SREB1V|KjA;O$IbeD_WSMqJYPTmQ=RAe+-KVJ&H7H9{eGSEc^7}) zzW;Oe^B(=a?fd&bo&EhwKW@)A^7n$f?e)$6eBQ6w^Nl?Gg7bM_^C|ZI&3^nx=ltLO zZhQSF>iwL^?fXARk6(7)9)Fe|fA@8J{MmZ^{`cDBzo^IG|7v^O=+CR2?|;FY?D;>h z@BihWw%_0A<1UWf3ts~qmTc^S7CuhIAK zbe`{r*Y^E?M!)~#Gke^~$9=zVkDL4dvoO|r~M!vuIz1!D+`#0P3pRUh;*C*QJ z=Kh{H**<^W*^i%c_RGEg*M8Do-^jOlrTzZ9^!xt1vmU?Y$k)iR-@oJR_qRIh`|?M& z@Aq#xpZ8AZ{d-sK{WSI}b&g;0EB5pLg5K}v|MvF!ecNx?^IxFnzwvqYxRKwVaO~rA z9Qpdunf<)RUVOE)KllAhd%n@Xw>j^Ber3-$_UfJ=w%`95dOy!{^!*c`YtJ|Gw)`r4 z-1v(xao+Fx~+uFdKZRPIrsPdpRoIT z-S^dhdiy?_kA0u>dGCL}y+8MP-S>U;P1ePI-^U*DeZ3>T@0mw@-=8?*`<{K1_nmb3 zsAj#~*OLye{53}|oA-Z*^SIz+-`)5B^*^;+j@aH7zJAi5x9_{199-_%_qq1T{k-=d@qOuM9PNAG z`^ENsjXib0uQ`6fP3%~6zIpxbBfjqs?z7+9;JfB}_w_e(`@ROZx#yeX^-c7;Ip4fK z1=pe%#le z{H3EkZ}`dfeT~0#Kc_kVvH!`w?{;!^?uhTZ@VNav*WWhZ*Svnl=h^q&PT$_>;LYZG z_w|y4+uZZb@fSGpRrBxe>*Qg3e|Nbjoa4KnW#4x@d3pB7*!SJeFQnJ)`)+4@M>S|oc|c- z{C{!o=Y{?4>wng{{>>A6zTwZ#JI7z{?3eil`~JIh|4x3JJ#O+I-{u^DgOk7eZD&2N zzSdsftoPaH+T&*bhR?Uh&HCN*H|+6U`u$(w9DmgpY`_0Uoc%rN$V=@!-#yOx=Q!*2 z2aY^F@el0xHT4mRbNmyIy!^0p{AEtwXz#53yoQepoa3{JJ>RVNYu{{-oBD%K{E_YB zU;mEn_rKzI?Qv6|&|BE!=KJ38nKtj#|Fn=&h-yC*MFUJ|L2|ie}VJ)|HS$H zgA3d1^WQ&Xdwu@v%ARlX0gIQ|^G$yI51jq^?C03?O+J14^Y;2CU;lh3?^inC|0~Y- zm(KUU(fR)OIN$$?&i8+V^Zn0pzW=u!`H3C*@f`U%?a0qFo&4zwo$vp4=lfsce1Gjc z|FfLW|3l~b|C#gr|L!;K`Zo1C|LkGA{!RVL*Esj{?C-YcoBF5&=lXX$*T34i{x3P# zzskA4U;k^{@^RK#&rhG)^G*HMDM!BZ2krSrKL$N}-00(zf7>4WY9C`q-hbwAZJ+;p zj=cZ=o9+3})a&2mT>q=i^*`=h|LJepzW#)B{|`C$|6iTY|1{_R|Dm%!?|nrE_sdN3`ajwrD`CB;p_f}_rU*^c)XE^rdtDN=vZD)O6<=C&+ zJLmt7vwk1#?Eed$_4^0T^>22r{}ku?uXnEhZ$D}Er?KxJ|d`Ni+D$Blif zoX?BS+4G;J`v3nr*Z+6t`rmi1|5oSvFLBoQpE~;Ypre0Z=jfmBTz}fR{!5+f|B7?{ zJ01J-KF5B&$C2k3Iri({KHsiKgJ-_av5)`W(Wk%hHv9h1(e?W;&hoC@`fqct zf5^H2A9e2kTb%nZozMSlXMH?peJV%ZzVVv9|EB)(O^&?&kMFhT8~YkK*Z&pg`d|2Z ztDkr2dc4t*_dom&d%nT5D`&q$2fsbnS&#R<&R*Zd522%v?{e_ZRY#tG+4=tc+J0Vx zkKg-q_PD`kU+TzvUo%{bc zj{W{NM;?E|`TUP{K0kHt@9Q0T_$+6CE`FSS{sxcywDbMn#XN_2S0zRV-HR``1pjg9*;Zz=ewNs`FQ8~o^-CCJJ-L(x&CvU>;JBE|1WXw z|3Cd(yZ%l5=R5cRKRfdFq+`Fo+4=l0bUy!Mo$J5ex&ALW*Y}<4f5ef$7dZ0wosRtd zjH7?gaqQPg$9~0*e*CUuzka~Ezi)Q#?{}Q_`>W3SU39LWIoE%@BR`RIedWmKXFB&k zbngF}bN^rE$p1Z#{QrXU`M>DMf9Txb73cn9XMg_hfz_V|Z+xEf{h#Z6|0U=9-{yS( z7dYQPcfS9dobUfXobSKvod0r1e!kz4pMUSj&r6-}-*>+M4bJDk-}(Mea_sF}zt^r$ zgFha2?Cr0<-k$drZ~O)4`gc0l|83{`_c_=9mUI4vj{ZHzk|FnY&h>NW z`Y(6x|0|sPpE~z{@R)tRCcgj4=iB2(A0Bt`?O$>}{|lVY{}ku?mpIp-bL90|&h@|l zh_&y}RC#)#qmO4s_I#7i_-RKU^|IraKcXuz{Iz*|=X(|Y{@rhFkGp?-%ZVo*JMriX zzUT`de)LiK_XnSN%zA=*dT>kDmC- zSA6q{SDt(gud-)e`p9G7)ciaC`Q?v1aq_hfJ^EFzJ@Lfr&b`hy~?NKc=xT{8{4zG zE-!l3s~&j_>+Y0v~$MYp0Js^2&!!o@j6QZfyF=6Ig%`b>-Xtv zrmstV{b_yu1$}*&zP?vq`~S&){`2(pOZ4?Vef&x`@F?~(+^+)t|p|5Y(*LUjcuj}g{>g%)A-aJ=dpVzTJT)^Z1 zeRx+O3(dTG$oI(u+-eYQSp z&h^gq&w1zkb9?6o=Yn(Lx#79dx#-;Z+~nN!TzoD$H#;{!m!8YcEzT{^<>!iX`{!2Y z%5&AZgLCV1^*M9CcfNn#JMW+0J3lxdoDa_r&yUVW=f~$K=cni6^U3+y`T6FQgZ;3yTZO3;BiO!v2NTh4Mmm;o!phLVdw3dW-(TTlkB;#b6OE!o_egT11QS zVzQVn;zhEUE#`}Kku4UB*!D79r7v^H`V*jFd(Z9HNad0uX7+xG+ z99@hqjxSCwPA|q6lZ&&9^NZ=l?Be3$@?w6mxVV3Db+NoyT|BtBzF1#0mwK1_m%K~< zrM*joOTne^((uygQgms2X>w_LDZZ3knq8V-N-t%X7MGTn@=L{~{Y$G$<)!Md10^89joIlH{Lyu6%WE-vq1 zUR^FPSC#l@A?mFmj+in-dq>R%mP4X=)_j;~IyCRgWIv#ZOi#nsi->gxKcxz@kt zUmIKtuZ^yauT8Hd*XGx0S4)53YyTN7u*Kr`MC~^Xu95<@MtF z>Uwp3eccRRWSGCt`k9}Z!HfCr@(e59d7t+?;$6!2RXmLzHY)7o7qRhFbL!5D8q=qqjHn%R>cong(5L*5DD`v7`ic_Xr(BOH z&2!4|ijv!>ypAZPbIRt564|F5jwpR|%G`>Q)~9@pC{=UH(uZXqM#uY*zy^r!|NpuV z_c+A4<8ZxFhAahkBEK9UTp9y0mpdhgZ9&cg9QVd<%>;ES5)w) zpijY`f;rl3v1nu0V1X9~&`jA;HzmwnX&mF>;LPK{5cr?OM!sp^z> z+CLqg9-mH6XQ#{4)oJgHegdHj5EZ=6{2DvG4U7?afW#KkHk9kpFZmlK_XH}LY}Tyr)nvN=SqUCNY9$q|l5Kn&E*N zjG!4QG^2!OcwqV>XhsUnD4`i1n7as?kwP;{Xod$SE`nyH(2NqA;elC;pcyGNql9L7 zV9GwIbr{@j-UZY3;a-P;9y#K32oG4(D|^_{DYQJNUoN?;1890o-<;ACuA%J#{d2_K zT|(n)`e=_kJcZWh#49B@v%84_<>>~{{Fs;}RU24m0dY%2E4YLOsEJ)XTEZ!;Ku-Kp z(i#q631VWHlzjCX)*v8`iD(sya`q>z9$tYbht6F~-+ zu#YtnjYm0{!bavqH6>+X06QtTCZ#m2VJQP*n}`yzgte@RZ#+uH6c#fl#wjTo16a+N zI47l+tYJ9=Vx5SZvV`>%wBuci=viW{r68V?`Z9nGjfr|v>dac~=;&_qGWeB%o-R_K zk}Ln{(WgvdPYd9{l3ry1iy9LPrt~apSk(|{Frsf+!midtgdY9N6t*=dDlF+^2C%O& zkzq=fehps}5FJL;sU`ePO@!!Cucq)hIZX+Z24(ef-IsWtJVN9!|%q~^qsrF!fDK1pz7N-MO6 zqz1&25iQXYl8QAQ-)%lgakZzuI#yn{q(vIQOU1<3DZTX?k{S?WNA%cBNNP=-?ZI0K z#`cjtNhp`%r3~Y4>P9x6qFtx+89C~Q&{JU+;m8}$tX33d57?E2QM|IL==<Dq8c9 zwmhRHH}kvAU0ekZc6>}LUeJd7(2EdykpjO}wB8|YcSg%?&UiqvV_NNkHrr=rBl)AN z7nzj@pBbR!X`&bFD-wNY$kgSq4C0N($j-&;iF{<_0`)=_vT)Ff<=qCqS8XKLieMR* z&Vh!nU@{EBc85iG-@PZ=|3S};TEGas5T`&lv988Wk(T@f!L9E1m* z5Dy|8M2U!I0IjgTqe6DFz9t+*#27EXZi+@H`kBY*E+!XKBBBv*k${Uyp%daMLU1t= zA{y}$23(Bzh$*z9VCLOto;_h!y@$y?Fl$^fM;tOEoH74vnC%@C^%dY^NlPa&9)!pX3Fp)kHUII=kWrSO2AvmcBmSG8RVZcd^Pfr!m zd9VwEGchn(2}BkEjitb1HE`IN)_w*ARx+pV)8Y@+<}cLh_kh77pz;ahRmp)H&3TV$ z{b#^nC3D(7J-`qcEM?BRq8I4F8%Ege3FFt|>OSP&gD==qZ!lATaKJb=ygpQ)u&`dC zy4!pm?O{*-!US57WB>P|2OfOGo_dEFa99Z`IAB~Go*qIUQb@vrv8_4NgSU(z4HL$< z1!^&j)?SS1EoRV-5^?SU<6NnwNVImM(pm}YHzw*i_Ms;pBAh+O{!;5uXl;Y_AVVOr zl(h@ii}c`4Bi1HZPqGgz=CSs`dXpKjSjpM~>rsa4Qx@t~dca~4YXhuj*@qr^@GX1l zU1rdw5>j*kZ3^IFhU#M$>ScQHwh^RhLY|6`idU#y%HGAr9W?0)2QguMS zAUrixpR-V}(*qWZAYT*m2F2-p=$Xjao_e1dbgg8Ki}gT5#byg~2vV~WYK=;!H7Q1G zP{u@QGw7a3>H&EbsVPachNPm@_P~cmtP#nG*!IDRdaMB%Yt2WYH6Fg!bR=5CQ4ziM z;H@LpXk* zP_)-WJQlH5C?n$ASIoDksBZ@JTe8;2C-NJ@0;G`L1=hBP?Dk*@BG&3;M1cFS2p(&3 z#vh?}A%O#W8eS z)+PWJlr@p{khRF6!?Ff3bXRO*0G&IfP!)p%O8VW6>e2~AjQ z9Gw!k)Ue-ujiGbm7LopeM$aYoXN~Hidx+%&*z6JaXsJ=N?9-Gxwc=h4xLb3LmILNa zWY3lwDa*c1HA?oda|4Z#W%t$^9m@_bH8Pf6oN83;VJ8RN%eltGvY#W3g=_3-pSwEM zI9PUepfRxQ?wb2M(&$(AxUZ3~?DC5HJm5~xHR6@s9%-~&gORzX%^^j^Eje+Ec&&lP zxFvB*!1y*LZmEe|#8XYRPRRowJ)n=8(?hM#2FxL)h-j8tl@t-Tk9#MNGZJ0k`Yaxo@lCdM;^S;fDz4{9%y|jAY+vxqFE|i6_KsV$yIsqIs@gYO5&CP zHgTj3RZZLy5x3+vmo~b`j9>>nc$tCnQYCRqKu+qZ)r+L%o)=^nF}B6|}^Uq<=cXBJara1T-_Ry1K< zYN2Rp-Qp$5YNn7$sWz zYAedE)O&`CqNcFRxz===wu*C1IhMN322HJ*UkO>8nY7iI73Es$FT=LtGGoNP&n&42 z8Q+7Hk16LfW=loZ4^Ug_E54GfX$lmu09vmY$@iE&71^HvwP%dz_a&P=y~q4i2Wbsj ztTk`Z*1E-8qZV;3Tg=sOQP;G^U8@#(4O;9qZ_(EpyjY+$#R*vesUoiEPkPKkNAM|9 zDcs<&)j88v1CJGp&093KZt<98r&DN_RP{EPtly%tDRwM}mhCfJ?Gc#`nEy&xk6S1@ zTVM1QpN){cPN8KBc%w=&nq;vfqO>XVVg+kwOEO3fi{O?mhU>Q|Zrb9wRg2^XEtZ?NXl~u& zxlxPgmMy01x2SH)yj#JVZ_`$JkLmxUuDeilw?5}9z8kd&Z`oqJev9&^*fFWUw$^Z_ z^#p#43{vh(O>AHp_ndoS+4e)OU9dp_tr;rUo}oHfFoLynA=nLT=Q45}Hs0&E5#Lnp zTtVht?3`c+@tZ^CJ;cscmiw3k=c%0w$$yBQ%gBKgjQ{#=1URKXohcVzF$x@zDICJe z&D%(Dt#&RXD=&6VutpB8*#}DOw-MpAjR{w6R5&1$IE0m(w~^txjSWX?=LC!7(3*W% zxqcfVPU(+l%GQgW6KoPdYlh0$i=C_5x^}@Skw%M4wR3`3#8>YDiB8qd6>UYjU>EV* zL*?)@RGkZksV^JUnTKsY7<@#;JIc;OkRU355kuwNdGS83u_< z=W6FFc%>R>qDLHN?Oa9VGw7_dSEe^d$+VLNC$Ad&2ACh;xh=&!9)Q`j+ zPf~V#Nzm~oX~&<`U^4G9&p>C8uPZ$Qc1v`vmq2fouC~~H#lqC@B zHr7=a`&Q_>uVLYQUHK6huY@u1f>y3#RAsx4LS+x8uymO+2rJmSLthiLOu`)Y?$F=V z9gh=rd`{l+I$p=`#PB>hET8TEF`bT|u`&&F?0casCe6UD9Ivyo2t&4!(~&2)|@JZu8VOOKo%1HbZUm)Ab_M zPOVHkv+54d;%hfmOdhm^FSGgRh_RK;MMuiG*bH<`JYEuu2k=lf?_6Iu)jj6tz!w>; zb_C>|!y9>s!EK(|W|?h{*=Cq+e%T{i9CO8FrDDWACGc~o-E{#Ze56c6KUsJ!T&d5Rgxi`(I@N zZE{Y;6VPwww7vm3l$;(iV9iF(tWQABAcr2WlsC!A7JOKr!`%Dyc#i(l%_~X5`^1AD1c*;gE}(`Y?tD=#GW6P@Z>>n7_i@w(`kQB-8(kA%FP za4b1|wi(=OzK~YhV{T+XkDYXUb+Kik!%oaDI%zsyI#iA`W$YnXRuEANYrME&MeTY@ zM{lfg#s{;mbNEiNskd6$8f)7JHi|W#t2Hi&6<^j^!#;doLY_m`tyV-CYs3Z%8{TW4 z$JG*#76a1=f~>JZeIS`wGqklLMv2FcB3T}@)Xh2^qV`6@B67Vkd83GYciiELysey& ztVD)B;Hu^Kysg~ZyhY|U5X50$Z$w@^CdXG_jc1Rqpag<-N494K_8>v-)MBCXbVw#USH8et z;zBp>NgO6y{Mj})D%QucZL4!3Yh)5kMaYSqN_e;)xq=b0hY2bGa^-gdjb;nPGzL=& zgw4spRhO{EJ+c82{M<~DVX66+2uOEE4xofh?vZ61ft^k;2OwvhYLH0?;NwQ%*o3Xg zm9LS=KhW5J*P4zxtGbdplI&h{kH#PYS2lvpo)H;$S9pXNRMxm)g=@3Mc7-L<4;Wn} zm~+vra6rTvX~wS9OjShGSpp&S5HF0tl*uXx!j-^?>1oIzqV(L;+b<{Ee z%{q>drRlDu*zSNx+pcDT9;iUsuVx)rU{Yiy57)6EuP>fX?09!2El=6VX0wjMo|xsm zTh+n0T0cPqHg?}Fr3Te0vX&#p>xZi;^4hGZ$ZAd`Us6f~;`vB(!gg(g&gwQY8gP9N z<@0cjBQTG4g{_nZl+(jC4%-Y^%rzDtnQO&xv&K2&nX+ADkyBaUMoJqAl{JkRBa2UL z@+4ERQ8RYjm6q`>?ln2&vd8YC2sy17QfYG}Yv73$1c2x9&^S{ zypmqC$!AIIJ7Y&)$;m6ifP|d2G6j~MX>VRh*3jzz2odiT7_8C#l2vj&?beG}BPP>P z3f76Ofp%pUib!(Ax;dGAQm}Sz4d$??U3?Menl#*dNw(MKw1nxH0t?Tyudn2Uk{iij1scCYzmY-(|*5_jBii7{vy_z&9wKgBxbR>NUE2-D^Ip-M0~;VZ5)U!pve^Xhb>RxjizS%&wQ)V#& zM(`!s@0eK%?~Jgf_UR&`yqXbKO7_~`YYCQZeLiMX<*~vcr;Uujlui}xr>yL-I$AOd z5EI>dh?55DH7ri8iRDvPTAKB}=It$dD9QfD#O@wg-hukmh)A?%wj^bRinT-~D>7n6 zf8GTj6$m*sAR;oa;RpM~;7ewhMp|hQGh5-Y;>21GvCNU;>I^wN8-0YxLu8EGD&&l8 z_CauhW{S*x=8GYJKC0MajXr$TSmdy~C9y%Ic)DiJG(0n8{I$edSD3~mHa22jy9C3t z2BwZR`jUKs$9kLK{1{p6yyN-hDI<+RGGs&Ld25YwL*#Yj$x~)S16bCQl{Ymw>^&lY zSR>s66_urSI|a;m%9`YAR}FB0td20&88U5RUk&SLLsX{8I;CVMD|oOPYZcJWCeYm! z>s68q^HG}?09hrlv?*fSeXXLpk36Kus*GUE_j_Q+#?;g7)Pk#6V--EHOhaa8Qs$tm z(+7;>4*gb&n6{#Y^-(P#tD1l%D8Tj0x_ak)Ms#B^XtKU}2NlQ~M_6Ie!wfZQvd%To zK_3~k5H*0Z&MB)oa#jh*ItM^m5q(&SRW1?x30GWzOO&k#;$dlz*?HZWNV_q}DYNuH392$MVyk^kB3bNiMGXg#;H)OqI;Mh6VyFji*R@}Sp zGp9L56+nzt&o$d({QJxgDC&|`k2D6%vISSaCZiA{GZta>Q&x-Runq^T_75~SCg@hy zztqUkN9APz?2tgB3uG}%?0^TpGJySMv#e1FU{TY%8l@(k9l(UG8!9W6fO_$o9+nd$f}Q^OiA~`JM?~8hGuJQs zQPYZg@MA;nN6Lz$ob@!aA3+DXrPz^@Hnv8dW{)^HR*s@TRk7@eN4py!0-tbKa_q?p zdm{Kvb|s=Mj#*2SV^?bMJXQ_7)O4*e_^Ir-4mh4N(x(pw+nzAb~ zxp$AYJAieZFh`kVH%eH^9(ndiWA+TQ++;s$+I0^YZpi&eH9uKlHk<56&_Qx3G@_){ zuTg`s$32OaRV$EHDX}XaJwX7AGaWKU}BNFQulh>2$r_9O$Y zt1#6}_9MVC_usjQTzZxs= zX+2yHTYVra9^R)F-GN3PB|J^S8vX)Ru(Gxu{Y?OyJ>lx+%x)Q=WLf1gGZ_o|NrTl5 zF*i@vH)S5HLIt<1Zh*Co7`@5bR>W^UCf&)(#>!C^$kNNoinj`2VJ6Jd=Zf4StY!?$ zvS1Wa(}Q`i~Mz;4N!Nb)fh;0eVic z?xp%oAIzn!eBAM$C05_-_|O=upML;;bcubaF#At-BG6bR0b-V&D39P>2iT1=Jv@^|OML8&7MwK7Y5T9pA?~B2PW-7*#AW_9pM}8L~Ig4xih1 zyzUaaQ|;H_}+QP``)?l^|m~3eha@_BV)VAJ&BpGEjm6pfPI;?9=L>s>9zhh zhP_|3-nV~8{&x-SIHKR3-e=xQ#VL> z4U33RYogMWwG~!#tiHs=pdQfBKsCbZfk?jx%roqu%K%nLB))7hWejYS5>J}>edZ+W zj;w9~R5PJ$m++iDN_7mMxgd)1h#}J!KL#y>R6>61Gd^%*+@eMgXe9tznQURj2skk& zN~{$jX6!9r!4pdTsA=nTrm)`7MpIEKN-MN4pC(#c0FT_)e7G705P{|xuz!K z7W-Z?;uh<^hgeZ8yp`r9Z2Ue@i`aRKBS*k36U2}S;+=wZJ8SWy*?s2sAl1T^`0U=9 zV!it3ek_>L57~9!GgVU2F$0Y7%<*KfL@FLGWN+;n2%axRZ}4C<<$s&Z>pGDwPSgo z`7S(pN|YASYI;Nr@>J{7DScH$#3d3mU}j`}PVRkqKB7i=#7iZmLj1?_Vgx%iy<~Nv zWXzm$AFZZ(M3yCXWqmER(QM?Sjg0>!#1bT)6J5Aj2hgArDcA|J8GSP}0WD4}$`&K47UV9Ecm?MK+aehRDct?msM9P+kvn%L%t&w&_ej#pg+6s|KBY9)gm&B^) zrGpSe%QMdPtrYq8;g=#ODqI1vd1NO7YIdwxxO5_s5n}O_@|w38L3BH!^u{eBUcr9) zh{nen8_r=tOW6Dx{Lp>odpg){gh)grJjc!)w7FD~_L$Z*S5Dby@9$WV@*J_D)q^Sp3!pZjPLoWCb}DZ3$>`V?}VKgPli+5;Nep#s>5ep-0rI7`wA*b09t< z#IZ&rbMPP~bggc2!U!1J>RnFDTLVM)VILxDVcgn>6?DO)e+r1*L^JElKH`#8t!$++ zdLJHZ8$GWO6M9ZWIER*$)Z!ZZut#1*>}$rne`O<-^?mL1VOudY1zyWEN?!p>d(ifv zMbdNF+;S@-96?vo*2hI#5z7iXA~qqw>QCBAiqgT)Bj`v5?Wi;!>?1;Nyk4%@c{^&E zLp#bX8$1F#lCe{{Qq(NoFM^$k+emN)F3Z8@zx)ho$~0{Z*Qs6BiSm?VNV)+wf-P1mbF*0#{P$P zD^O0W%P)%UGMzZT=x|oC%iH?*oAdA!fwCtFGGr-speFkB;Jt^$+<7PGC~Kc!y$f_} zmss^cy+VSln0SVoagNtADLELb5*$hozS>tmu!J?*N9|x^kwWHir_cn+n`Fw_8Zx#6 zuqi|2!p6#|6kD0F1|ue%C$U6SzmK}f#zuwge3)u3EJMvs4#vuQhXI)LA()o2MwG=3 z=sWkh$*a@|^r!hVS* zSe$+AZ>1TNkWuXvtfk~TGi5Ff(enWKV2J%~tYC2%eT8;^o9IilF(KQw1Y+CA{x;Sy z~DkT!mS*3gXj!@sbc_4H^lxnxUPWS z9%iu{4k)=HuCAfKAsNysn4lT7 zp%yep6mHmqHh|s^vA<(Qhy|zitifwbb%L)PYr;OXW4nAuc6oekmm5axX=#_I_nU8p z-X7cKquS*FmN_EVDRD*(i|n<0T<&B^#JA41wyOqW?K8`_x@Iw|N$xiVAdf|+7LQsK z8ne2^qE3r71!1nvif@{q3z+My$>rwEy~WHc2h8z^@91mYnMKp$3r5V#_m!oNH1ZeA zze2=mP{-$KggLXo{Z3wfDlsP!SD`uIwN{n|T5Xzu>rOS| z7erk<8OsJ!=T26Bpr|^A6r}LU`^rCB&fDUy1QlkfasYy=Yh}GdaNdzJ0fMV@WH(AO z-kx#+f~zg^Dl|*q;A)G!60KEPDz2`T5eR|2B4saU@X&&)SHfOq_nY6LXYMhZ(_rgZ z@mHbQ&b6Xzi@y@h+&AdD1}`oMEYymY24Ck}ndX7w>sT>Zq4gCF!Va7)XoIn9#7=$0 zPN8P^r;4(3r{ZOxI2$_)BvxoPdac!jfz}fy%C9dKX&Yj(P%Dh4inMc}>=HX}^ZgCd zj+Ol^G$XfGtSwqU>gaugwzu_vs+EPgV+RJB>kxa8V#oJc7qC{m9fAu@P+6ENA1Y|O z8{JM7Yg;sCv^Ha)Slil?lzFAH$!jm~H~(6#df>#pOU2tY;$N?gey57Jt^FyP1@V-D z5X2qRBBgCayjIK|wl%mZFquVTq1G4Vv{_{v7dI%|;;;hIaj9Hsk9DFEc6Ek*&036I zYrZPfil!;*4Q9}3v3e!*R-Q5ug0f>+!4$i?PwsRLeeUV}lSH%LOU+%?u#p~iblCEz zg0XYxatV8G^Q{A9zXfB*h>ug|tx9G&>dQUEP=T@%38LdvnN>mAHa-ru)~rF?69%IXV{20)aoa(vchNBh}WPx-D9T4@)@yHbp85=FxCC$r*QK*y?Ba@$?{Z8 zosYnlOwRVoy6)^2-8D~kvI>3ZNyN-&yp;_SO^LSfh{T*e{MfjY zrCaEHwGwQQ;EyJv%pL!fs_kmHff(|iVukjZX=tQB+L3`fK(;+_YIGWF5lq>J^h-5| zx37%0ciHb$BhGKACJLRnO7ayYIM2GReI7x3C+Oi3q`e!D3G12es0rEAX`Sgd#vTmW z4@h=vS4V-Mm9JwX&H06$(kV!k$vuyEns*$f~ zWUaVtubp(7-Vh&+*=Z%3nA2<9>aXA?(Xe;X=R_gV!dRoC1?ql;UGQ$e&gG5__ym<- zmYEjq^Ry~t2reRHy_e`+t$1J$`j;@@AUaoS4!j4(BmyP~$Um5H$XWl^yU8k#P6b4| z0rPVfqXfjQR)z!m8F|8pb|%$mKY$;J@JzNAw(+xKX97G~6X#hB6WxF=E3LN*ZW04D z&lNab5X+sJl*EbW#beZMo-A>qfy!1~jE3en=sjdDA|Ong(_HS%rHIc+iRgA^%3Rs3 zw)pl$GoDKzgZ-^+N(2--(^}76nX+AeL!?x8Cb}Wgt9Dk%EuCE1jXSx2LnhSS)$WeE zR;31}+8seOdo0XZ1VpeMMoCw&!X13jZzLidm6tT(*M`T1rW30Y(b)%~XyR(NYt=5NRWUhIzbD z`*^0x8+B2Ox1)+~0lQgr*rQ#{QKfm>J{VmaO=X&+?XI#1Ogg|?CtE#kYeA;TkW(bP z8G(`3)`@+oI;dq2@kOZh6H~AdH%F$i@<-JT6)Y1(mtE;I%;+^7(iF&ahPwPNI`tTZ z25q)>4i0#MX@wGnh;ibG38 z&~+O>k5IKY0gK`KiW+{x!%hy{D00@RnOSKh>2Gx*&4ET2sCF%!Xgg$mMdEP%Rj0yl z4>)JM)$g@JmEVD4QV-F0?8F<{O{2%C!|fOB>^G=p_paLbqFXaF2j43(M!BQjZvqy? z^%*s+V;>dDp~LfMT0ygFIFW3~>G@u#S~*q@YJs}5;z)ddrPVZja8Y}}vNw-LJk(tb zws`-XyszwG|9n6M76X0F7dbhpnmk58>=fSw^ZA`B?cJ>RxKj^omP7OQTgK8kp4xhb zgtY~Q)^)9&$`N5e8hex<}c1xY)ZtOgk!l`{zx1y3~g${Brm z^gpH;ns3L>S^2EceGzWu6I?XXM-}!SYJnT?aC2r#{kBu9b$gp)l)=8ekC2SRSnIWq zzWyb!fsg#*SS#}8$RI9IRbMz+ME@qekZWWTd&obOh;7%M=r%;0W+AiP>$Ci$t&(aa(=YWiPt+Vyqmi z)isZPJto#F!4<791j>k}WCQ%IKF~SxE-oJGb*k4S-p@GIuIeD7J?$Ne6dTPtHEe>9 zEGp_+mjx=_3!MQ#d{hn1bKq}#+D8n^-TV&YlY*_y+sd}CHHs89&5(WTG6)_JQ_$+cyu;U) z%tP25+?^q(S*PAjERxT9w+1)OJKT?AC~AbSRc{in?dBIkCo7j}?b`}I*k|qA_!bzf z=VT&8iuxO!R${T*`HhKk>D{OxH)L6;O24CD%!A&xbmBVj^J8)sSqpx5BzAJHR0jf?X)Sfbxw@3REpu=PbTl9ghd!lp8R;b!E z4mUQ|KKGm1w}?3i^`HF*7^~epSCH=DeHu&`YAr{`U;k@(pKi{ei|{k8xLkpsJU~B) zxyhu46|%_9j#`TzY}M9wqcyQZ{tZ1M3(X}od)h;dysvW{M(CaD?yL0^DdVw(b?k*s z4QM=N*Dg%Zfs@>X%jpB9+qI41Hx{gl70Ym-`5jN|qlTUO*g5#(JBro(2aI9 zWB%^W?1alU*E_1KW}W(3cQ*%4C9TA5C1SRmSpaKoVn##OMue;eKPvK=I#vH|%rbbu zJQwTYxBZpzEg}}b({(w~oLE=R&CW`tY)2-=>%=Y%7MUvxU)|92Gyw;n+=TP&qk3si zv!Y$>nG^r#80AK#>|&EJtV zPo3Ob&4}GYL^5bAU8g%3%kHj4w%WwzZITDf7vio0=4zrg8y1mUwNDX{52&Q3V{YFa z@2Da4hVxtUKLZ!#=KE$nvQBxr=-BcW^anr{cJBSjbRkB~6`fzLmpA4xGNe zhDETNQ6pm7L$=&zwgl%Vz?-65HL3|8Fux96^bw;38o5r8y-seDLF}V$YR_T$-AML8 zr)GFgHA<|U|Lr2%iIV}?@8lU>#%H=C&K0z2k*0lqvx3D$gdVb!>}J_d7X?odiO)J6 zgSX=>8k|r#HO{_v5su)eKM=%lD_=eA^cc=NRX4Xn%GnJQAY6Yv(}^$E5|@z4HN4Pv zU3BBS=a@pUP%g35JXf#Ni#Y03Up*CmWT2JPxAOij>(eleE*9{1%r-F91LoP#2kQkQ zvO>mur3pR;9#?Z81@nX@tE$%QSLm^x)@N;%c;q2jOF@w0g%WnCrSwKiR@8|^m+VAb zlfCIN$0d>?woBMdk(M##B__HP+?}y{} zgV7m~X%=~j&X4(Pk}+9lk(!LvT4LAs*{3QvX3fg29=nkR`wdv5H)L<)m=RaZSXw++ z#ym^TOv{RX?4bR-jM>IC`JjO6>QbJ=Tu^KZm% z4~aWtMxJw4i!a*Wlv|O>6`x-U)}+G90Z$R6v6UDi|14xF{WV76p@y3g*NiZN;p zwAkbHJD(Gh0?tSpv3_R4s@jAdyD58im+VB^Z+}&A&6<-QGfY0&;(&bdh&?3}&M;0; zi!x_z`a*y8W1k%+6>D*8)HHsj`G<-c`mBN8V>}nKmpfuN_muU}GuG$|V_LBHw`5j% ztsN*H;@&+nWFfmnBQj-ER=LmE^PQ0|%gLCnI7{RJKBxx&B)pl&Earf-CWp-Vk6DE! z{%FShkHmsY>=cF!k&I%&!sb1SUu_c_Sp43WR+aZZWQ4_q!#Od zef=IW<`D8EdFmONkDNJbsaNVT#~^W2#LV0bazA94CTA|(Xuu4^gte|I zYv%Tuqps22FK8oRMZts}DJk;{`^+xXr+Umr2IQ@TIiI28b-_B0l2uDR*1HCr!8m~> zmYS9YE0;=kf%lj{3fP}AA(BX0^}0{aN@4(yy~0D{|Cp7plEd3aedGZwY!6xKJy=%B zOHbJOkaCX0J~Ptw`5yCk0lQTu>{XGRbk2AqEt0o3j^5Dh+z9fDPEUGGS+U%FLZ~pdE1Lnn&a}B)=Q82W`Q*4kc^WqzZ5E z1C)X_D`C49Mz|lTFiDU@SzT*#CbILH=A`$LlNRd$+h86vzr`wro>~S$pF`A@jCIDt zj8i!lY7?wQs1e7COo%-Q+Dem&T7tCAr|hc@uol4Te}HIn$UKxtifDe?=A-sG)#E^Y zxd#?#4;k!`ax>PP)QpopM0y&8cc8x80}H>WemiO_ZD;DS^R|=bKsDP#UTcs2G(*VM zSZ55()RX6|TPayrT{B1QftlG;|82c@+-8gyoCLbhDXa(Tv%Qub9dfeNgt_CHdTQ&Z z%XZ#`t#T1547DRpBr(zYhy`o0MIOZ~*DVg*pyw8Fi zmHX;d>o$_!!^9Htr`DUsEmyRFjT7&fsBc{8Z(Xf8_3EJYij7Yk>hHKtIjOplb(_+bW&D##|!tBX+Gc5^pnzOYIaY$w+l& zen6QYY1Oev{d`O6S1pEZ5bR(}?rkO3Tp3W2{06tyamBYrI;(evwh@(Hei&;8-jFwnm~)D?6YDH2BqOz`Vt-`-)r}+-h~eR!)pGM-XcT zMWz+c`#N=Ht$o0ra&cj+2eunwu6$gsJm#S$^idPN$ExU|{@(CZacQckwBT&avPGo* zEo~UJShPW+4Gy*XU@I^B(1-?sjO&83M@3$zjZZYH@^P!>6Q5Fq}JLoZIb(-kN0e|blXiw@MYYH13 znW&BkW;{fUB|XAge1iX=`D$oM?*=W2;1fhk5@jV8oR_uFDL|FhANDv=WUs}EQHv4} zF=E~##6x`OwdiozVnfjsiwqBOVR?hDG(JKw;iN@`X&dJqBEm*nyiSB?J%#AYto_~P zoW7!~FTD;59CG5&p}&}Gonzkd7;B;u(U?P@Av!bRF9RgnPrD#rz28QA^?8Fjm%dgT z1*|uUIDKlW9kywkqF5_LBRomg$Jjnu4Xk+|$opVqBD`O44^nJ=?-xvtNVXsp_) zQMUeb%&E5VRuoon29MP#Xw=|A^K$x~p6b+qET4Fuu1?K4muKnto|;($uZ_Njt@oL- zx_r(qf(5)!!HHXC$N%)TPB4H6I>cH_jj;}O$>>b_z4q6xBX(L&l{Y!mrbE=V-ojmj zE#xKobYm11?u?%@hc`KJSd)RnnKV8pRj*Sxe2LW{zhz6r?~FTKiPfPc@PB~_U_}Jh zXi;DDW)_8wP|G*Ifg=(Bv)^Gz3^=(ydLUgN)acUO;YLb_84*-A=$Al?Y+p~mn~jaJRIdMl^TS`n|UJ9@S4wZ?7d z)|^uk7VOMhv3B-=UBm|5-d^joMr1u2{mPi5&*8JW+SNzI>hItF@7=OgXWhs zcIj{N8WOuSernG6rEvHR(`r-Lav2HwaT;A(QkyDHp0-F%G|6vq+_+^fvKu%H(WO2j zUWr}?#Bmb4G@3ML{32Ska=1r{UK%YLwY+13_+`P$?19EABaK!PR#B!~ykoV4a|{s| zj~u=++rc$9zUNSLhFf|w*T}_cO}V8vrB;>QP8Vj{8@%K+#9f}nYJ+%|kwz)gmLtq| zGK6L)KiFtPf@pi*vV(Wd4Q8xn?CQgTvVsZFS|j)3Uy3acQ(x`vWc_ZGb&JkIPUwrS zo6&>j-H__yNbL3)HaJs0y0|5KwcGY?OV5h^rmp?nyD4kEON!PvWvsh4xRIqpE4(dF z{Xd3mwb8giqUb~G9C1!V*FGOgWW~xq8%_6*#8A63YHrI-XRVbM98~VG)!XtrX4jm= z7B^b#1Dop{KWO?}XlPIQ=T7NMrHok(g+oeG|bBOKu~LquBG| zZSzVMYw>E0&b>B158DWRf~uu>E2ng8{S7oykJ?yW?7xehcG-UyKP8+D)1asPNcpBa z(_M++_ddWpQ-h*HPFRh|YfW#PWvbX8Q9H;eU|q~eWA&->SBKspCx^8nhb0lmoonE} zPVjUw(m;8wkuqDi$`hICgXR}ON>%I!tAX|#>E3Ij=%dQGd5SVE4RX1?q`N4l4=&#% z@L`hUK(4g+A?|78}@-T2V@M#tcet^P-@CojM5By`-C4Hv6oAjL8<#KSa-8#m8j22AtQG6C9Dx$ zk^z)TNP~>E&(50>81E_U$sB9GWT%(ZPYKiKv;I*yzA5LzWbDaYvDd&LGws8_hpb=_ ze)&U@?`X0S8T%(CnwFm8K6{NMh8}Z5$DEb>1!vcy-Yk2t?H-f*)2GJ@PuWG2v66bl z+IYh%>H+)l#;lB=+kR$7rfbfQlG?wVW0506w^zF>>%3`2Gs~jF0^K z7?r>oIG76d(1#5igSXE_a$(_oM15oAyfZ|26?k|b{QDTZd&bJwidEHpR%CSZNO!bz z%Lh%5aasRqq#IB5&Pgqg@YVzNQjOWkFlW7d!C!G&V=w#c9|;i&jX61K&I-_ivsZ+Z z?qhcctS1|@noM};CH7f7+8TS^XPs^c7Fy~V6V8iYV&7NT`8D>wkKG@z4{*#bz&WdQ z3-Hd>Qy~Y1^#X<+Sx-j|Hme8Cr^5?86`K6?lLu2hXlkrZcwBG9Jdn$?9ma8jA}xdc z!Qja1BcxoGfvfqu=dDh z0q4h6hsRZicg*ihj#hPOBJ+%=+zNy(TR-71Gu_D9?{f;{jm-TXC%=WLJsN5C(Nyb? z=30xfJW}Q1htdY*$5vn~vsMEmZ|BzTj1{VZp?iOfYLD-n-JS8bpzfUGJ)#ZhM`pB> z=^Zljedm1d9|t6GYz2xBu@#W|$H|AePWRx0s@5)TwXPqLS?O_>#c{p%kh7Lz*2qeQ z?1zfKoUuYFXT9qIE0aF(dhMq~4hF|^aPUXGZvQEfgYZ}mj^zOLg`KJ1EV>vjM1IR&mEC9=k-hqja@I=m$huZL8*2I$@54*pT{`_gSHE_>Hd-DJiwGWdDcBlmy_q6pbA}{d4UOq^4tfA zxok(zfX_ccM|8A~=@=$}k$GL0~XT(UCP1?@GDBIo|kJDkKuPtgj+EPx2S#pOe z?ParTDg851J7LYPsq|RdbzNf@?b;6T3r%)?r`XlBouO8?eQMH8Y&+B<^cmQ?1v7Zk z{E|pWrwcgl^wO8;&1fc51f5Q?nsb2qoa!J_GSO)cd8db}S;+tu{c&eDU$c@mD*A&? zZ&ccuyBBr3o$}5cy~C$Ac-|1xKSq4&oWFpv(rHd6e9~NlYlCMY zYZhCiQW$eKK)yA1E#8`!*vMhcj<#THHe#x>n6rARM$bvFoi7t@b*tr^kg?J()7Y6D zSUP?2fio#Eb!zo$RKWK-lK~Iq&-VQ0+TGR2pw~)Z$iDa3nfzyU`LF^v;AEo14z5Ef zv~@Q1))a{We@}S37c#z~7qUE@vNC$o{B!J9QzaX4?$$^rZ%r{}CEc0^vBE62Xlo|J zoSo#`J0sm!e%m`9clrxUwG`d`+1?%N(;JIX-$d4D@{4<%yils`sN1O}Vnd>xJ>y;J z?=AW|jWXIfgRzM)A@V0-}cbnBu-~{ zdW&AxC$&rI#{Em$X;Rx7vTCh%vlqe6-p)gewQEnhUD@$%W{7%f-Nhyicgzmmy$?&B zIktkgOK*#I0!Le8{_^C!GuQKGI})^Any!XMt*1!v>kxC!=ybKPYa4soaUap+ibqH~ z(~*{2vo+21Nlria+POowstq;sC(S>EvgXe0kNN|sP^{7W*8AWldS*|WE4Z7R+m1uo zyR+K*vYoDEZkS>*ylvO>&R)>sNi&ptMW?y^p5h2tDCv0W0<$Vtx9KY%V`7!bX6Bb* zFZVl>S3Z!{Kb$$SKAuhMc(5+En0$C<(=KP`UF;R?wbRB1o!Lmo6{0uJ30R)ZKSJxo zeVtD|A_|yx=KL+&X-m72z+ej#ON0?SbE%8l)`X6Lo~QghjZ7z@ui7cpN3R24qHlJE zsbzh{G$V9X&e2i1LN{d}GdV`+qMTz!^a|aReRNKa&^0;7tiBbxCHt6iG=k2|(c`>A zcE69Ad#0F~*TM7+FqLqM$u~=McCIh>G3{xDe$F|jU9X;^ZyKQ|V~(8hN`9$hHDfhU zA2GlPbCBlfM_-{Ay^lWh5xOSk=s#a!E^{9p5hKK)bM%|9@cX}g^qG$^rzqpE-RGRI zy33;bJLeS1{JaI^a@FF@K4#_(FtcccsC0^H$r)l%A5l{V+~@;|j3FNxW^h%Ah4-I`%8XPBH;%jA$uCtW=>p-^X;?F(Rc5t5qR3@(~%0fx0uSM1@Gm2eKQZ z>pnx|Qvp%?=(HaLt!0Q9E8u4TBWoSjGxNOLu7h;g*f|pxF(sVQSa4pEMGYY*?OmpA@n(cJ{Qnu1H2YuQi0TF6woqb-e5kCE7j*@f&^MtK+9y_gG`4_ zpk)Qusn6LC3AC($mKjV23!!BR<~S6X0A{!A=V?oS`_#d0a=L;^*YEz zfMMIAnqWN))*`}Mq*#j*YvExnBCJILoMx~N5!Rsq>tOnCAdh0O1_|QT0?+T^`4c?5 z!MwB(nv&wVOFXxS=T7jqNxK9<~xl%k?sm~Va(-}Njgl9`TPZ#0&4xcX4=PP$Sp?$uz zeZs@%lcy`-!R*sT`g~>Q2~&N>!zVPD0(H1|=7ycqeH*;N{42ra=pzWhIM}@_b@#f@ zDLYtT_w3%;os(yiy))Q1c{16z!(BVvGxwS7jzzj>@?5fK&5qrCzmkp=9?GCTN%#iy zrPRZlJxS5ot%8!+Jd4PnJjJ2>x%*?EvS74yU!u$M9zC#LhE?PF+q z!I`P0<^^i(%ORh4dla8TYYrp$zD`XYeF%O{W=X$a0biS^d``-(=ROM79JZN=qwpJ} z&ab(c=^Ho=tZaXK#k9Y*FwkFHXr_V1@JKUfW~rdFvXj5)=`XL0(d|6PtWvRo>(f1G zWdIy9q2F2pqg9wB*$1)@!5&Y6&@x1sE992MJ`RA<#z63MOzJJb-mmeC8$PD;j*tNn zU%kWx-U@Rc``~}YpH1=Wz8NCE6>>*rVUjnPXTjO{S-3EB`}a6Y7ACWQXIZf@OZ#_~ znTw{-_n!(cnw7r)RC3W&`u`5ycEr^8F8Z~q>jPA(bW{+*pJE}4P- zyE<(yn^50>CcJD$`u;P?Wi!_IpD8YzslNY=xndH1|Jm@0nd|${CRa?R?>}2yF-v{_ zS##AC-(y}O&wDNeqCB+N%cpL_(&~H6OP*rOFh(S}Z5!6``?t2<);bIzGovF+A4~Xa zrz^xkHRWf(-)ostf)+&i^2-_G1>~1n#0SW4Wh^=6++d#I2%JC$>#<%4@|ytZ=kT*V zcv!(k3!wZOzpyuiZxvj0fQUVS6`vtq7u>gpy@-*U-AAnMK|?37#yPyCslLbf*sbtp zbI8`;b6jP5+Oa&P{>O=U^X}j3z5sZnHJ< hPqc3iHeyNryAvD+l{x

      56zf?tP_BeUzhDNcC&HS7VdR9oAl&b0tX>4VGpXc2N~la>TlK=;9S0 zOyL_yl5D=^IUJt$)d<>0aiQ5-I{fZ23>`+8_3gbit;7sb^lcB#6b;2dwm?b)dJAZ@ zzOA47<$YwOs}Ksp;fX+PS3cLKY_FBZv*Ix(t#CcoJNr2cr^;mWV~zcfXb#dSw7~)2 zhw@`EbyKXGu~Nt=T3T~k_UHL69h0q~G^ukXE$Dsn^n7lN-b_t+|9fe-)@|2m&d#eOM;%u93*ud2#tFo|&19z_rxKY*aFIT; z@6!)Tm(lCJu3vxJy#2Irin=%#-B~&F*eH=)oBb13rn{(X>g3PfFZ!;hYb`B|^;okZ zZ(4A`>)B&U>DZ)4q^<9rcKuc>=^eUh&zP!M?B8Zz9M~5_RkvygSv(R)@`?&)E~7E+&7LVnUkH z>PQXAMZlL1wuIr(YG%pMvyWv!W3e3qy_bt5^Nq!cW<) zewRk3H14Nw{735HN+igxei_1-m(L_y@}85w9p-uEPMA>tV{mM@!B0-0u;K%ezX0p= z<>T5rje}Yl%o13 z4R=J!RU7q4r8eI7z{D5$ zH<+GEpF)Xf=t6?!HCON{MHus4U$hWjv|#mfc8P!XBCq$)9J=oxq3QpXJRfqF_|seCcgfd!DEuS`@dB6gLHV^`^QJv;Vc=1a5}$EX=0N^4b32 zXi<7#Pjf;H)9o)aa>Y)Jt|F~Kawq!I=zusuq!ERz+5Tvcw)z|Z346niA$pjSgqi4< zf76U5q+XLIEa#JrdvF!;-bZtEw=o!M zLn0v4cH+J=^jX@f-@=4^jn>=%$IQ!$Zjn>lLnWRV<~1|!Fv9c5V64F^ak1T4>rIEH zHgy-JVm~E0`!8(t)xjA4@~Zb;>+z(2qnL;~=9vcG>Zt#dT&4H!PElzU(W^JL9Wj0uvL|%FhS1uiu4yx}fK3~O?&OeFT zf6VyF|5wwrt4ja$9vLrSp4g*(z>w?!-PgamH*PC08Ls@S3n-#V< zNRqV6dNJU_wmXFVx0rn82ye?riM8)7^!_#iDAJ=QutltNwb4?SgUbq75-jDJiN!}l zxy&X~6L0hR(^`6i{y@eCC+R-N-Agum$WlhiY-8f_8b%p|Qr*B^FfODcfR{`pe# z51x3vF>^7m0F|v_6tkVF?718>=@Gi+_wZJOkAwNU1KxNCiapL=853eAg04OZh_aFlMEpUs^FHxwG_(VpQ>|y?+l69H? zrF3lFr1+iCKA^-rB{+_Wv2q?RvpcTL?M$zA0Up8D*DOE?TJ{-yb;**Y{D@aG{0k+V z^a!8f2tkpJoYISG2_Mysyn)t_#gg&i1+6-v_=9CXtoaq9j@5t97bBO%y!$02dmn`x z#)s44KicI;-<+jsKvXySzWJjf| z8VZ=m%G@NP8w@e=!1yRS1oT8>;t?c@(Rc!L8GZ4j9rz`kJ-30td{d{tnY^^~h!XB#_`hdy6A_R^If%PAJB*Q>lm&tyIyH{==e zW@1z2Y=VldIL9|+Kl=~}a<8w)`|fD7gt6$;$aHQexLGak`Afx5G`dJ$s>^)ZZFXcY z3KJP2c#EWlJBD}e;b=zCktB~Zl5l#ys@Y4PbKp$K0*CX-?W}6^k39cG$mjc>bzPB9 zzNQAT%&XD+6|cK({;JYpZ7P_&vA}!TA68V!aclGnSZOAtju_ByQ@m5i^PR09Nwhyk zfagDGm$*$RD5N`R4E-`@L1X&&&#UOo5gQ6_DmKHDAcUcr82FQJjDFz>0+TB6ncz*q1Koj^?1JCR2@g!6~|5x3Ug zYr%PLjERueY|Jtims8iq7si8bi`d>&w8B`qf`o7u?h+Y+ajtK0z zptSY@^DPZ19)N(@BtCh$m=WyoUE^;hWV}%LdemuKy&98$`lRZN`Nh~gE_t}@n^xN~ z3cB^(2%)xesP0vb3P0ZJ1YWX^;ouoBqArujr3O{~q==rW>&*Gft^xxukq(38$&RB* z;wE`DzRrt1d-SGax3omYT8qltxJ1-^95^{JhcIcv7UOuF(K~cI1Yh|ivXi#T#B>~o z5<(}YCJ`Ect*SPCGHPAINlbQZJrhE4bO~56mXeu3VO*Ae@jEIk%d0_bet3*{CCq*6 zL)w&E`NWar`(@x_vT$wLViZwRR#v>L7T?GBlSs(R?`tbsA(;D|pHQ&1wT8&UOm{YY zNphSEx^&c>`ip3!14RA~eiz;IwJD1PzwKT9c3G4CP6Rpc0blCOtFzs(et`q`)zy04 zjI4#vPBbxJ7Y|Z`5c!IRBu#uagH@Ih=(>e0Y37xK3z_cBHj#m^O)fZ}0mgTy$>eu_p zJJS7iiC6T3+D(DQR-SIgy+@@W8kmQ z%O>Dia)H<~Vh{&;FQVsBW>;yqX2_Io&?KV*zIDA)`3=D z^1Ud(0ms`K(N93u`u*^J#5~YbE0dd`?Z=w_XY#M6Ny81UyA3s_z5I=8w6_4|VxPad z@8#cXjrW}Fu3s&E1h}1iBghOAHa)p@Kh2Ab1=%1f97;jF6?kr8JC8j$?@iQyD0_sj z)QT)1lPnv35)*x!9y^ewvHo)Bn)}aj+%XAn?2ZIh;O^#Y@Oh)JvzBYAJn1}US$BvS zvbjG^0(%wMCr;29nS(OqyPpxuO7RwC{lAiZ@ORee_pWfew22cw3>LKx-4Hegdm_sGh%ax zwK60(r1Ro69O+A;KjJb}Y6}ZNS0~k-Q88EeNr|lG#F=CktRZ0~pQJt+eeEz1!_nV~ zTheRoJu{FT7)ss`P_+1D!CKu>NBeHtfFUEKX;H3w(03=3nR>T1;WMk8zNi}ezomAY zfIr~xQhUn3SH-!B<@8&NQ4Qv|B^$#!xEz!M<&}f?1<c6s?A)w7sVL(@MszDZRrU^}D!0 zHZ&27bNQSoBm<@*%pvIuMN~Jilt)V|U-QYlZ9B6hb0yUA-%hSriHM^5C7Pu^KwI#eldhEMezmRwpGPMAitwi9xJ#%3!W(uHX%`xMC1ILYhmJ-_Ws2oz586I z>XdSVwiB6U9vZf9Naqhuw6Q_p=vB$*--X8?ty`crG1NNe;q%z?0qfZqajas;COlNJ z?&9@EzZ?r~DHm-COpzCC8Z{L6Q7d{i*jt#s7EF&lFWa-HB-prsO-RvfZ&_B%9g<9cs*jXd;{Ru)u zr=EKkJk04YNWJj~f4*OBe4}A9@NCyeoHgIf@gIpx(W;KUK8Do`#qpC$q%LlSBoyDG z4gvU1saBE~my1Czih_x86v?A`S|e%XXbK{}TZp8?Ij)nC1x0RGLuSM0V&>-Wz3$5I z#19R|MHue(YERO%?_#my`F)E84-H>lB`N8qxHc!KtY%l#h||3n>uHrRMG9|6*1QVn zX&QsaJ*l^OV}oSCTxJqXeIrh2%)Zg^t3s0aC9LzgZ=^|56L<9Ow09_Sefnx{SbdR?ibNlgRG1%}_~hVw5R$DwL`{PGT$Wbm^uvPd)<3rnYKPer(-zAUJ( z9>tZFW)JiA&wbeW-a!*vkd60FkxlZqqCiCYJvS-|YcxR+ewhip-7l}{5{oU19Hk;x zPVtXTnB=I@ig>SbMzvheT@2v`bGb2-D|#X2J~^k(zcjD4o38_cX!)1}6oLd6dZb{3 zl}_W#WsW-C5k}+M`LV)cCk_`s#Coma4UEo*xdIj|m!-z0n8@6UYO4zKW?Tg$3!u}sP-EPfv& zT2jo7HVBboPekFzoN3xG)wjITB}{?7r0l|2FLzh3DLb4sPRjP$U$>zY4wz2hjw#y^-Q5z9aFUo+Z6}waQ%HfY>^1> z#9ZrO%y67LjH#J#jnYsq${ z%T)q}3^S5a>wU?j$cQSnTgO^7%cVg>2MpM8e>LmsIB(vPB4ZOV!D|_z>lf`#!6QhwDJmo-pQwb$`cJ{aUE3ID-SvZ%3TA zYdub9@%y5Vi1olB=cJkO!dATJ7lSVg%sp_CS{@{~UpOy#UIUiCi96HPufrDo`g9{_ zgYpd&QJ82U$m&~JnSXijs_scl6St?!8K#+n2QL#(?YF(wmjlQpj4X-b6|zfy2h8Pi zeRp;sYM8ienHsjyyc+}Gy|{D2XXy4qEByX;0JS0lv-Q2dVU0F^syiw-bxu{?yz>w5 zb%{6c*`h-z9r^&hqx9Ps!)x=NP8W!;kI3JL?JC$1v6FVn66SgLN=1!0Fo%`n>1CnC zNI?J1DGfs!_s|1!}%xvCyOE%&wl6P+uL{T$; zFrq7NQO_e%wBtFKa~AKiyXU>{g^S6tXu+N+{k_P34tpb8Y4+g1j%RmD{UQOSndO*+ z>8)?-)Zs)GV|PY-7k0?pOd5I?Kl&AP#um86eJY8i@t=%5^5_d7?#4e6C)jhg%MH=X z`1xBSlg07;neED7VJL4Kzx?gCzgdNUKAb*_=W5A`De94RTdp<2 zqom(QY|HXFhNVpk5U=C`1U-2=E{uN38^dRORPUbdG%Ve;=%%}+n_<@St2RRD@i{D#j)Me8-Oc}`b{1xV z(^>7j!bhRbDW6#Odl<_2*>p3CkY?yrkCb>NAArA*X6*Z~vGQ==c4L5cF}d0wlg9vgyITV}^j{wgsbm#%p3X;; zIWoET)~u&CEN8TuWSKG*&I-4k6e50{1SU6jVoe$$>mQb={r|9qUsVX;u4fL)v&y+U zHz5)hiCZM{c9Nsa23V}Oj#E9WTmCFo*#R_3d?cXxHL~LL5tpqhM_mEa?cDI|?+Y~b z>)&Qd8+;4Oh?;MI=6!ec>?2=`HYcf@E&hY6mOz=(c8MjXujB=%62QL6bT$=7&a`T6 z=Pe=OsL&VaQ$xI0ol4&_Qz4Bt^yaGW5QViIVy8Su_(nW)3oE+K=J}>Dv36!e16C2| ziveVv)DiFzhQ-bO_ecGoCY9kfn7s)cO65rV-=CU$_8X_fS!fS!|2)IIvGF&9x8?zTalVC1TigmM8X2A0Lm1Rz#nF zEqvFgwDmRly%|PN`3CA{V-}1s{K?m*-=!@n7IFvJbi@*Cmv3gMlXc}j`b|rq5J6Vu zM>NqtEi(jiQH-qlg?WBzavS#=SNwyyyJ;oA?>U8zBVa^RdT6fTJERA9Jm>I=36?1M z`t|hkHd3DY%Vgf%WTnF8*K#H*5Y*T#Zn&Vg*xN0A8<3DVkEH^ zh_shOu{sFr(e7pUjddyDN)B2?26eO|nPf;c$U^^%I|JvNPx<;zj6q{GKOHB{w1ibs z**L#?9Bp8Je=zF(6dyjB2Af{c$HPJ$0nR`3E4!C%V`|HZ;k2;$_a2Dc9%2fMsGlkR zU~4YuzCFr2bu95yZNCt8Dd_<;C#p;~!<9`$D{*+D;79*tFkQhkVCgGo`4_8HA^aMDcgkACo&`1J|vX0lA4V zL_`hd#%54O>qH1EusSPji37zj-m7S>R^Bsnp|~Glf1M)P9%s9R#JD&r+Ws61QB)4C zgSEso+)Gej-kw>(^24hipI+O3V>KD)W{!_MY(P^z<2h9mYBTFaB%?~3*WJe$+DF%V z4LP^;BUnP89Q4ujv(Uc7aC0hd5D|s;^mJ>cy+A!VJM7n<@I6G!Y z{p0N~5>bPB`<58C!ZbbL+ZOFwpU2XMMr-Q4`?g}I+elcF^6#_>Cub?3c zZfZjhiqNdxB#~mMaNF+?n6Xv7%MxU{ay<{_!OPyVO?`9!UwKU^DiZQ zwFsf`#(Va{lPz%UERNA~B3%>j4)r9Wv}TIL_&$5n#xt9or%?>`d02GZkNy}YM?fyf z`bSEWs@hWFGRd%}W~F?W(3}w_&-m?aZTRu&3G$sHvuYrkb$LpDcp~9k3I9{pC!DJ*H?;9o~RP2cU9dELHW;ziT|bRSO#S2G5JoE7bw zwt^mVPV(ARQ!DbQ0lxJ}O1f-4_ZHysSWo_xlh$@4|kf~`{L zl1G36$aFXP9BgENhV5*Eo@7G)nlxtPV?}TpMdR%=fxt~)ueKs~RiwrS9bw!eK}kV` zlp*#Ed$U*RK7qdEewg1ZnX0Auq?INRr0Sy3Ozk2Uk*#qhP4T!KsQJM6MbqVn2M6N> z{nGNF<|kvoeBM$cb-yUVp6F2tQyVJ0k(w)wu6ikkJO763?Z2ODQ}EO+L~)a~9abD| zGDR?Wx9xGJY%)-4l5gd2j7)V&P-QMD)(>0Q54q_2Jc39MyS=!X>%Hc$b(%X~nHUhS zDmEfA`whfUqCDdtW#pnF(Lw5jg~MCsMW5j5BYRiVAndglc*y&vge}OTr%Cj%=JFT< zuhsS*J;jvrK3u#<{Huu4{1wx?9j?sZZ(zfEkI>jE2-gG_m{cNJQyZ*@0^~gsz2BK{ z`JG=Te{6e!qm&YNwxYUk9KV7;fe1YaOSwMK3&9}>!(iW@pc(Up8Qa37d@Gk+~;k3!^alT4OG`H$c)-Vef zXM&Y0()UF8`|a^XMa;zzyK!%6J4)ix;Pf%E*m96wdYk)XAx-9{W&5`GqqjbDBX_iQ z7@@B3dOoog;8l(6_p$x&_dbX3?!88<)&Cp|7>$qTIHFSJYG(FV?_9)oe8!^X5)$#O z5o65$sttXnuu+s0?T;`ZL_V=AYL<0V_1)Dhj=zhQ8rF+H6esh8#h|kZYD)e1wO*F; zLjdcas2&ufavH~M&$t&_3lqP>p;$O#F>Lg0-^_;>=a=76Ow!r&X0)KmX?*!wysy(F zgDalZ7dz_G(h)gekzUsu*l3cfW?-0a={8sSnN?spSd#n9ow=Mj^xa$8-XNguM+@;a zN?e5mCHL-GoTSE=PB$8F>BbMnSH=A_b2{lzhLG4O=8e;JLT$YlrS-)P#bqD=3NSB#hk8 z3o9Srz_79satU}ig}6*g!;tinxShBp4z-)6ODjyuX(alK^;o+y8Qo-&lpHJ6IZ>|#w5Dn62S z^bZAHgcIAAQn;ez4)z3X(|P$|G;Jqy4hdde>4s~o z7I0qU%bQYqwwkK_f%Y7Fw4$|M(Fa@+ov^n} z4~M*0OM(P!jIYXkFL>*Pz;=c8)lk%jX{IJhxPMXz?=JNhaIr9DN32NXebm?Ty!C9q z-HHkd|<0WDL*OJ)) z3g>T`!j|nuGc_Vsn8vsbrg}Z_%^`@Tdb^t(Ra@5x3uv8Q1AO@n{*Tyxvh(yVY|gH8|7Yf=akrf=9t&t;sLe^)*Zr&dtf z5&41U1D(7{S)mVy&6(YLAnxRsKpu5bq5Yl_LS0?i^a<5LL<%&hDVk1G zw%DLv;u@cjgdBflrsMR#sPwq1nx`;w-?s8N)Jk!-8%4S?iu)16UVPNbhzUbI91oZU zaEdIXtK~-YB%7zVW18yItIhaz& zSo>4asN=Tt*MxJyP7FT|w&bZ3y%9!7(vK*sTEWN08Jd&>#rLcV;5|}8`eo_{_g`C2 z@taI@6qF7yxGPKtEO>*R4jKU@_u;-V<590q8oGj=`Z!%A&Gc;W(WbVUONfWhzG2Q% zaogExId4a^;L!=ZK@CqfdR-q*AmtDwKH40JUZ22EVQ6uQ5-;A9fiHoCkocbZn|bqkOZ znFQZPq_DK)&;%*K989UBsy%WRo`I|Z6 z?RrLntl$W1aDM-0f13t;c;orEQhy8$RvW{G?=pX1d$+Z^l@;hTgFoiz9dot7-!a z^vK@|xrqASo5LzIQpoW8G1XRVzh`$Ag0{d%kkjh+#$@=ZJQiPXMPeDEmetzASNsV~ zV;Q+FS!4}W8I4Rmferi+P8B3m$4_hsJ`Z8X$QKnFRa-vJA{+lJnnS(h#m?-zb{ICD zL771RoS!jDBGyJJO<&kHUN3C!`7vc$i)VdTqQAslFtQ9%mhf#Wn;)i^x}?TLk+@Hq z&ZV*WiJ79r_s54fV}-)4i#xSFpUi&b>n&rrToqn3H3hLooD{{Dsb8T(7;;>c`8wju ziczsN|J|DO^N!;HG5M-B{Rx7Yt}X)UlZv7k8X8PXKPcC^u(K^i-qx|2D{Fd9!Taxx zor!yEi0apvM}9Bcob@t$wGy&P*9u6&S@k;`D#(U3`_BH=hEGV~x&}x4)~LAdy=?#Y z6W<`FsL1$CTvcMP)PcJHFd$g?CyRJkk#CzYaU4IAjHB2D2LX?}?KHWM+$wE#UDIil zK(lh~ZD>csr^?J&bfzBy!_TFt#eTYZ{DA-ZZPLVl@g|kf_%DaGk22PQHvDU0t9hsb zb+r@~T`X#~UlmdVvvN;<5z>@>Yd&gV#TPWHyh)9IB#*O5yBs1U74V*`*f$I~7=Acs zG2t*17qW{(sdWg`L;38)i0-&P;609P)Xj4@h5EPn^L6SZ*v)LQ(w=Qe&))MT6qV84 zP}mY=N3k?7;uJkwt>MadI^k_oP-9Pe%j?CL?0wxF;zu!=!Jox(bS0PF;LJ0n6tm(& zVSDpIURcs1kuYBRKtrSlD^_39&VM*E6(DS{Ugwzzoc)#SNdFf-`JN(TQ++cK zHYQ;BsMzGAK<^o@u-6!Kbbr}f6f@wqNJw;p19m z4h4{g97ugY4T{zegB1v);FNevX?)Yd7P0BaJEh~trug!+xRExHF;MlB#rR}5?Dc&{ zJ70#!K@;yj!cV?|79}p!fiV$0&Y>%cZSIq%6SK-Pt}O=V`>+F&0C-lo;xzJADr?@Q zwL?j7lLh&H6#8teP3qrTeyL?}_Hh=2QDR&_TQU8j*B}6*kM#|9QDY=MbQe{N%wUqW z&$UTHVsK38ByLM@IMIDf(2);~#xAk71A9dD7x53e@kEm^Zublyi?hYLt(8&X=%T_k zMx=LFRDf{1Jg&4=TiHVk?gWaeZkRmv84VXC24%IpBHpIIb4s_2*daBHd~X+Ja93YY zu|9VoFF1eGZP}CTleV4difn7!4DXwX+`#zUjEx9#S2eW$kwJ4@@I1 zA>^_jyv1=%?b`R#b zrtoGsB`kXM#x8?sngHQwTg+|MOis=Ly0Y~FVCG@hQyfZfDDhye_K5Lq9%(eD8vK3o zS@FFI5)V|jVwOzEHaDuglYpidVW(T^?oOVxIHoSRme_X@JuY={e#`r%Yr3&sI66N; zcNa3V{)*+Wa*YCIa@^ZS6RfsH6f8{Pyn_K}t4`v@<>+`O!A(b8>zVvMaW9cX*&A2FG?IEkKT^efoh_r75e=`yIw zit8ezs_$zEbi$S1MLx)8B;QOWykX;rS2#r2?nhrK7{dL4IdVZ1Rl_6pt@aDn*g>1i z^mb2g@r`{15iE{lmf{(Swz&X@w8%xn;d5Ip3GycQ9^;C(_W z?^HS|Nf*F9FrQOzh?19DOj+>mZ(}tSKlb0te&?4Bm29m~lXRxHCohYcAgr0M@Ld^X z@rL`6Qvz3=QZbqXoAZ@CgGEBkMf?L_*jUI~9oGpTr1K@wqUFZGI})MK%-AlCsv!gl zSAo}R{43?#5zhsN-e6CbD4vfw2!*RZLBM;P-jHtU!ZIr@1|x1;vl2pM^nwlw<>F*z6}-X4so&b7&(c(>26I z!Z1nxoLaK&KjAM9b5X>7F)msRbP@bQ{0&G3sMj6ZuftJ-M&(%-mozKh9xCz`e-6c2 zW>dkAMvn7$o6i(eu?}i%DaHl1@?IhQmaYvI%bm;ZA0$(S{Z{@x(Qe#}=vu<``J{(Z z`VgCf9AlroWSFwgV(1^NxPM1c-S$2yxIr)8AYdY~FmLUNlG{7x`Re|?djp(_I&gsR5b%8eRX~t`L1SljefjlKZ*P0fvpW+(!D`o|SKf@xl%=a8 zg#5x0I+xW`B=RC;L^3H!!ufBGgFi0xP%wnJU~1s7M3rxqGN+v{I+^x4g`&wd{F@c? zz}KuDXBGR0${E1ARzzL^(ElktXj~K744fjjS~q+Pm&aD4GnXr`+O;GhvI=9)_k1}D zZj1LKbCx(7D_l&6cqrh7@Ge80j0KDRK;IU|pOLx1Q7N1V-hw{qi>Y-c!e=ReYRQOG z^@Gz{#}y`f_SxVJRX$q)BV6JiSzxj>hxRm!GwlaZM!s9wcaoMJJ}x<^OnRNa=-!G&?3sa4qU1Ow_4dZK&4& zjr_Cq85a_@z4&-g)sj)`f;rEMn9T05k80~5S0(RR|7w`u(^+y?lOcmnT6D@BU0E^V z^v}s`eMuV+`)D`SdG#W{G{A0X-!BBBcyM97&LL>qjYoFsT*RTCw34U|L3ypsr~Bd< z+bMXnuNq6jmGT+qEt!^2KhAZD3)ZY#AFIn|!M%-)%MRDQ?VRwtsrRX~H^v?(;_t&@ zXshFjDoGd(KWCj^TvPfW`7f=+(Io@WSFdfOof+8KhrSW;JIp6Y_=!KS$N9jQv_%pB zA`UK(C*)jAI{9N(F0Lx1unSAU@aMgM<)YEXryr0mjRFO_!B`$FgWqKEHorU#IiG)i zCi_y&1+lD8XT{u{BF!9*t}Hr&@sy*Pe=#$k#Ej|&SJmLkBD;HgTIf(MH$7mkg;xn? zdv2>cw7Y${sNq|d$uV8Jm#A|yjhuAd={0+Zu-t`Bh!S~3?x zudED2Og!`)I(_|-`QjO3<;V@3LN>8EF<%U`RpNV6f|a51m$jSANHcumy7XV81QZmb z$<}y=Za7q@tb8h|;bb6Hw@1tV?kW8g%@)@#;Q_M#VxQ|3}G zLg2wL_eyJ=QEe0q8x6kdipCt!;|SFH#MAZX)7R&FdKYHW;BCy;QM7$z9wY(?o6HhS zI?r`RZL6aPn{V@F<`%HIN9T;FUZSFI!dvmdG=a2vF`u>1Rw|ifVVgRpaYnI zrwYIT5Q<`oLPa?MUjVoRz(Pv^5U2yR06>%wfC2yOkfcJ_yAFF;0^+a0svr(33Nk60RaGB z0Q5@q4!F1i02&4Wl@QeN^ag;B0PqYrgaCjDAld|uk^?~F01%)6F#zBI57zE5fjf?e za&WkJ03ZkeX8_Oy+(3+gZUB&Vfk0V7&jDgp2vi#aHGatR(>@$Q2N@V2GRP7S$29500-8BB`B5vg5`sPE^qr7ivi`2KER2qf?WYfU;rWTM(WsLzWrp` z1nd&P1Sb%JaRll)f^7i+8^;QyI3+TWNsJ7LlOTgS@Q9fpjkE{=-)lr56dnSN{m(8O zIyh|hMRQx*JiT>u#c%)^RHfocFOn8zdp z7X)YzhMN+K2uOhbWTGGfMkL^JB|`+3$q@nHY6O7N8Z3(g<@X@v!8!mA;Ro2i8~{1u z0E~>6S4AHBr4ru}0oNP?Vv8Rrw}=3l79xOeHWXO?4h2p?eXu`p?L$#7DgTQP=o=gl z@UWD?8WV6ffMoE1Mc@YJq8~(Xu>)`raGAhi;()6k94qMQ!})Rp0h>YY!M))QLMRF} zLogq5;0nEbSnOcV6S#d?u-D*T2Z%zzE#mya-W>$A0v;|NRA9hRr4TTL%^IJcuoQK54p~Vira?~odRH)`-5^B zsOKAV0p`GB0PMf_!SW>xcqo6!fqrB_R-bx<0F?g?4hjXggNJb30npofOQ-|%UIhy7 z19i|A=sl=%`_QGtg9kgHT`0I0JSaQD5@Le4lsufCa1TRz7zY5Jpx^-l?l1rZ5eW(f z&s(qwhBDap>w^K%V*p@!IKTmNpsNtS2iG3kKEyK=;lXM(+@X+Uj zH8B3DaQEPn_XT^td+6)-9*pFJ=MQ+0e4!zr1U5l|U_3;=5pweouO49QAu0$!7liU* z-1iSV+c1bb00s^YZ1C6vCX^6L`Clxc4_3hbz;3|?HxE+_h6?q+@xwj(0tfo?5VeP4 zgX#bI2*m_L@F4vcSvb@O>Fz&!pu;f#)j^OzfRXzzMBwI^0eJ`mI2E8C=EG>N|2J|V z^Y23d!F2z~he$po$~C)3o;}g(ku8>wG&-{VuRinek-(EI{v>CP>-|>`gy{cAqsT{! zA3Vu1k6bQ$D&Ko#%k3jGV;@PG@kk)>k-ksNe6k}>YVe=^7LrGbBR&#PxOBz_-)|7)cCYOz|Hr+1YR`$OW;NCzXWdF|D}hk(nEUK zy&n?NBOb2q|0T31KJ2^?3F8sK!xicw{cj!8Jc^Hd4w$EUl9QeY?xg=Eal!Zh(O2}5 z;#`kh=6_^M)8n`)o1exHG5Jrw<%!}*k8=S$Yp2U|Jt{RJTjB}N#=RvGVdb+{zp;@JW^cnkw!v~^c8+&=JTg|g{OMO zr+THQdgVv9s65s4IsDf@K=Mc6%vj}(u3Brx+xN~sV3wHLSkKla`` zUazXk|36Q;H8;skzbTL>4H8IVs8U3p00BZ#YAA|c5EO;6VOR7<&;h$BSjN$-gARg< zWA9!-$F4Iv2AR<@7F4i|gI~J|zt4M>bIyH48E1aK*Khv#?&RFPKYOjc_S$Rrea>@E z_%96pRgNcr@(iQz{A9$x$NlcO=R0|RLT|$k8ywUYo4z7nfv3rL*5`u z7)_1q9ZwDiKF#x=dbZ=8PjWqqV;pz4Mf}o;-C_4TqwY^Eb$@cN z@K?HDbUfYUM#tU#-0wWd{hbeXfBa*fPv=H2-}nm0#aXULakl$AuMc}%>FK6k6#mQH z?_L-FS3TeEwa(vtlgID8KIk{OKly0)rvi6xbv*Gc_s6H)@7@{sV3#|7df4yR5r4YJ zPo3fZ#5v*b?f&G8qdZ4MIj{8iozHN8>IWfbeb7G|@t=$Ip9%c0?vH=X{fRxDfBg0C z@BB&df8581Zuk@7PaZU3{bMTpotqqw9~kimyT5aN#P9vQ0yn70D7+wDwWA9a^`{ABv4 zI4(|gzkB{^#@`)xe=6|K3mlI>Z=2I!9RAl&Fue0$-0%FW``tU-AOD8?6Ss$-eBn=h z&Eq>k9}irFKlxRsPewkS9f8B|2EDV!1&MyMzAGCz$-5;dkEUxO1)h zlWz(CZSEIuc7N(d_b1-%{?2zq{A=9rULSbHiLU<FM*N=cPpx-@pZ$W%6v}p_^GD`{a8ELDT<&^ z{5bM^uG1&xxx6C$&Y0uzWf33pJL&KA^ix;(x_0vQE`R4YL$4^u#6LK_*yAYEbMi-? zu5*|Bli?RXbi6bCPVkMVpYlH8@;Y}r|HO#r*BNww@}Q8@@3=b<{tWjg{@v-FEne>N z2fM%X+mY_Y6Q<|RuX{e-qk|s)MEH~8PlZ38@rOBoH~jHO9Bc9>!{2$R(x{TR8GdJG-~sn1z7l@uJ#nPV>1^@%@s^jbNdMZ+p6@*&C+ssG_0}+|_9Kt=dg)%~ ze4Vi0c-VLH^AUe#$opp4?^$8j?>L@H|GSQhC|@^l=9m6t*t`1)mp>KlsvCCdM*rCP z0=HjrjORCgyYr7fG3-}*c~afkceU${T{VJ;j#df*77BaU!g*FKAF=K-Z3cj}~)Q`n|XUOD5`!Ds|V zbf&7aQJs2@a{EXwkj_2bm3a3q59$cl5=es1?2C8n0K4OXcQFF(j_=#G;K9L>Yw zwk%4Fj&6~oPECM{(l9-cEIOxmwU*xIC+lBd}0VK9-TA0{l9JYumhawcl= z3nT39qvCmWEq-}~O@4&QgN%sFHkV=YCYmqeJf?~Jge z6=UXgV8o+8D{bPpksX|jy3iZJ@H zBOxB0(+=o1BjQa@RVqBl+z|1E_pOEZiZC+J34Y`sR|~Uy%XkILe36y$tl$Zo4JCju zI*dd-va{|;hf*cKAYsZ%BEs-IP*?IGE93W$FnS&nVdT$?Fmi5>Fmg85;%|yDb%jGF zX|qq6{-Far^*UW&;~$MMdZBpg#-To8bmNvA>EXo@k8X{~{JyZ+24*?vT17)`MpvuNSOS%1;717YjGJ3LH#o~?otZ*5zDl83&Q@r<7tCQyd; zWD?=T_}ER4l31MO8#2w7t5%l$dMu<&H$!7-%3z{SIjzvmZ{LR6S{M3iCtkeaM**xkC z9tABPnOS!D0Qg+wfsfsW#Yh;PPw!UoGlY}3XnC7A-NroL1vJGS@_T$!l5kW%y4zzLGOj3E-EwvMx-A7-z8I_FCCj z3#WWmi-fH#HM{jkyG71WEp65>@iU@MNk0%gCTGu?CewIoGS#Il9)21^=DR4;%Cj;M zZ)qdm_#_zL>Y^Sm#^f)C2FoyO3*xcW<7(k2onOWCkb}tv@N-d8 zeCPMRVEWuPW%1Z^DCAfjMLWknSzh9K2o5=xRsq7KrITcMhNy%|yKtfNc)nG*&aY}Q ze#GniseSV>EE_oOzGdv^O66M_|Y-{=q`TED~Ty%|}GziYL*#|8?^d#Q}(Y8sut=7gU8@%vP zn;D)P_Vjq?frd`WgTV-M4TL?B*VI4a%s$V5zJ-Y=Ks++%H96Aqm8}kPd}+Chlb}Yq z+#Ma<&GUq7S?hYN9r`#gPk<^J4>2~IDM8ERSQi@;t7guqLZX5^Cg=xEac(A-dv}w^ zroml@aA*}rbV%g*X;%k^REd?bg-ww-L(}<_tK^4McDUuIQXF&fNMu7#hT5Up1VvG7 zEVCn7b1s^da$Ue!W3io&`Px5&I&*UgCRZ6}&Qdbfp~Olh*3`@j;tZIiT*bV3x%PH=VtB{n;;)s{FYwfp~$r7x57LGXD zqjuFz!qzT|dGkvC*&~+D+Lsy_@uY8Qu|$~m^@pEtvarcfB=NM-ebsLWa}9@2c!v5J zGFT_+Z}ern8g@jYx}L`rOaYvwuRA0nKVkCIg6H;;pKalY3FHTA|8HxE_7oM zPX2is56bu>A8cXMp=g%!Ijc*a6&k1sBeTE1vI&dZj7M+6T#V)T*6+0_BJA>Aj)gT9 zB~Q`aT=G9oyu@31H3k#rnkgINQi-g6~q&MaKxK@EzF3g@BB-| zyM3zq9TGKVipAOna`s-~ZJxZ88(S7Ta{|F{a`YRKGOSG^VY9gs5XJ`2(nT1V{QLnq z-XAMDeMMhire)7c*yQ(BeZOG1&iMYyhT1G!Ue533#Wq+7ey(C@Hrrg&ZK?J~8CJFx zkLG{kt-M-l5a!alcre4X*9@zPS(tLo&<2fk>^*SsSo_&r@$9{NwZ)?w7d)nOzw3aU z4I4ICJhEER4yn7FZghUq%pRO-~Jf)&_|{2{fx@SL#xwT+JVp?z8N!Sl=9W_Z60S& z$N&JHc2!(?E=8kXJM&N(JJSZqS1r_n6WgnURjL{{3%WdU(xm}sF+9BWK+m)@DEJ$lM zl$T+m2vcU#5XL@5yIbb9s?)JBbvj=^po7Qyh*A+IotmnJk)voEtKnHNr?7DenSam) zKNsUNzLmY%vU*1jIAt=UCx0>G>oF@=(KLS3K|hHsc~o_Tqbyb~=WlS#W;$!CF@Doi zzw1kW1xq_nAmXFFSr|D~5b<14tMJTOge|Y8wMRA7c{FH8c8` z#m71vIb6_92Q7Na@H8EKOn}C@WAYRW=3Ch6dUeNaV&#&_lV?G#>}dydE}nO}rNy3i z>w=&7qa}c_m(lYj+|n5#@ut6OJ^730J=enMzlRPOiRV&+nWVGzk0OXO-P+zBtPQAU z;Gw?waU(pISF{26`(oWl@8E5!fg7CWFF_}?b%BWSK*^PLfSs)+!RMsz; zbrL=o`vQFG=$&tOJMm0OG46EY^LYo#^3GaW7U@O_X)WK_k5CpVQSL{O1&@_0>}IyA z)e+~o$Uy#kLcZx7{3buvU>1(^0pu2~+WKl>(SSD!JA+fKICf3c_yVKpjM#gS-t=!X zD>%R5XoAqKWHUIOt>n**fde}FTynw*kSl$}jX>x&mc0AjANYsBCU0n_HQ7@Bpbm$E zZW%SKD_Z){r(BO2y=g}WRemyf=4XO7Z#kMVE9KA7ac0Ul!wlM#S*3SzC2o24hE3k$ zM>4$_HbE0tUNI3Ec^f;Ojy$7>J;~az+1t%uqw8UUI)77#4}mEk`#T(eS6aybAk^)n zjl3L~{B;hnIMpYgY+|Xt{=oV<&J6B5id+*h;awFgDq5g&sw)9dG zKk2e(X)ogDaR3~2tIt=w^14?9rhLr5IC#OcIJBr?%|8r%MmN@GdzyT`YGHu*Os@gF zw3h|!=?AC7!>c+FK$vv5-@a&(Jj2-QtZm(H9Y1#MV9`+o{9N3N!V$Kh=Agvnr+tW3 zTS>3gpXt+T+JFJw7zZo+6IZksE~CK^w)$f+8raJJ>T6&9>cEzMg!jBSzXjTTB{q7~ z2guCNj2ZlxoGJe$%>`*Mz!{Go4|Kl1z}+T~fs>MnEuFZe`P<)H_+rxew|*8|E8F7O#6X#?o;w3e}>jIIOK!9w>lg-^$mx@dgEr z4nbQR#Fg^2_c9gu!!>W-bh@(FoslX%=UX^ez3`*2_wy4RW0tvs$yN!Msy*0+&#o|5+S_P(OjmppU^Wh;u* zmvt}~82(c?SNf3u%$b#aOr93e`vkuUZtIZ0hVAequ-R+vKGpz{k7QN1WdJ693>Q`T z)m~D6cnZDQCb8uwt0hLiqJMTdo){ji<{QJ!mK`f23(Ot~2R8iOfkMe|8_2-KEgq}ZPhjqM;0Tl6CilRm zPi=msem3jErF_}fvd#4Dag%O@W`DUp^!8JY*OX_VwjPGA{$Ok=-!_?w2OGhUKMWJ6 zXG6;RH2Y`=mi1@$Z?0P_wz7PZ!aLte{R=-DHB35MPo~Gm)v>oOPjBt@f=4~~$>Kp5 z^4n{#y;jOIY;=18mScGKsFl|&)wt!-(-co0t97M=7yIdXAY%g)com1ma$w|NYDRVp z{hH@bx1aX2CBLzb=w^!?>CIjPcGO#8bubv9o4sQLRPyUck$5oIA~j%nC6)oF_x~_h zDbJ@18uhwedK3qBhPTZ zZUBUQ%P-lo#ri^7X2?Ql81@ z09B5#;jzU_7(z0=rZ?2Cus=>!V%OH`mRG;8&`D20)~#Dn+S~MNR{L4Ef7PBzqcdo8 zgbk~@;3G_WodlKoP!R56;Gmm4LlwVfhcbUlD0`gjztFnLy<<_z;vp9Kr5 z^#J*we){R9d>C1u;lpnUM`qb=;!Hnp)C&mq`s!J)SZnq4=y!lOSCeP@Ml&Ei`SXk{ z3xve#&80rX>8?eIqx|MUgP^OVo4y(!Xjjm|vD`3hjLu%tb@JBFf&zZZGtj4pA8J@P zZ%izaMo@Q1`^JZUPo|W=v&qBJ( zBebJibQ7B(4VR|`-O_6~#qQ_=)^f1S-|AzvZtMo#aA!rQ6WIB^*k$=^`z!LlN8Ho- z8;bS(2sv_$-E=Sc7M+td>gRsM@& z04n)MDt^n)Z~s;LX#AVjzM2cm^CK%?&;ER%*50A7Sh1obue6W$GiI{PpR@3!8^McP z+N>USc&`n?c&Gb&M>dVsiZ!YsUeQV>Z>C;#BcdxI)4rJhUJj1d9a}|RNOL-Qk z+0W{unCoK2N+60~mPcp(8UbCFF{<^EPs*QDlV^1GZxn#;@*A@{b*y`}f+c;G&c`iZ z#nEow`Hpu$HoD8J##{28X}gOmfA&f^@(caU3}7;ndZuAX@3)@^7{A+px_sRYnAX2$ z)aEN>NN9N;Yj|)ux39|btf{ph%D-WKhho+8Gc66H=xiTu3{(Fn9Cg%D$?xT#e*UZt z$&!BFJDO+l{%EQ{dYTW&>haaNJVvV5l2*^l+B2>^iyF_-@{sG?#ymao>QBFxPp_6o z{`P>Yo>b+b)wKdz`tUpZvGy`Ot?G$(jq;$Zw8=!4D?iJJ7obE=t3Ur+zUZ{fH1$l1 zJ!`wH>7{evzhbu(JXp*`<`3%HBeiI-OGF-GhT_jZqk$oAVZ_6|_Gqrk<0Ys+lk1dt zURXuLK=yLkGSiS|&o0B@*zRM`nEdR2kPG(y;m>M;tz$_D z9X$Cp-`N5jYz=+=I+7XP_y>JFfbRNwhXh;s;{FfV$~U%b2?uIm6V&t#Me@(n^QRo3 zgOQ*6J+PHW>oM{n>_Y`3fb)|dzscZ&-#g}lHsO?~4SgRSoV@KI+SN9BHc{H$cISu3 zSIf2ZdQ&gufR(Aa~`Rs5i_=!`h;o_hwKUWlN{tRH(up?$SttNf1Jvbn@oo-1|pUI*-%Ur|hybh6g) zY#Jcn0vdbp!KUv(zfQ~@lfSe!6C{63uf}ikI8hN7Y3;cZtF20&*+ewbn||Nl&P&HD zJTmhwlYuRN^$*IM`e^-b?UOugV<;b&blq>V16r`P52-V)JdL(30HAZ}_EuwUgbgoR zy6-exJXqf@a9*pQxPJgI_Q?B#VD$CXccl-{5~DD5OW&Tu%j=ET7M?ZxAWzS?+YJR| z(f`hCoI~-e^vzLTL|-efFF7)Qf8w&D>$iMnu%y!+$p>up+261OcChIc=ldmp+Ydy+ zX3tnpmvr4;N&6x%*O$;u{?IHQ^|Sm;eyu(zhgIfux=@{8Knbyj+sg-(QhsaLcBH8f z)=v9a{v*S-9*6GrS1g_{g^=fc+4t|zqx?4Br+iahw8Uz(4LW4Wuk{QK42(?uE@E1H zlRkC>KGUncSiZ?WfQz&~zaXWOFYA{2kf!JyaKwH=xAGMIw!(tuSQQ-lP=4KSwEb%4 zr^g44pIp3u7R7&v2p#@m)4rB}>^G7=bEeU-IevV9{@+kaDo^w@_B2R4E}*1{dh#Okk>KWXhCs90-5Skmd;W@phU z*VeW@UR>(yR;c80w>|qqz9Gu=aIoM5TRGx@6>ReS_N>uOzeaO7*N4yz-mtItv2KtVS=wrn})oh83iX@~ttulqkjt{>yswap2j>Fe#4 zQhR!1+;m6-VaPLk)Y>m)%=3gYKQYn3z-A9`UL}?gn^2&0@yU>mGA3;L_bq6n7ufRG zfQp>tU#T#9B-W2k_Yo}9FIX^Y!vb`xZ~NnPvtP5_N4w4RtKvKoZ22{BdixDQH~lpr z3mQM^S#-I`qSGx&QG3N+-OB#VQmks9U%|8a?!7CD!Qy@4^X5&3*;DR!SG#v`Q>GP z;Nlt2+{gnO(7BZNa@OIQzG%#|1LqPC4$tKLro?K$`U#O?E021AU0+zyv*PC$)-_x- z7vy-4{b%Z>ZSqQft@rt0jbY^2cqc~W8KeH%`1KteXiD-p2;sxJwNQdwOef7yxB2% z7Mn&^k|Oihc}=+JWI z^6$yxHu|6G^_vxQnO?U~%k?60JTH{vAGqioe9#f{lHYePj=enO>e%XIuqv=ig^2{DSe{tGU@sIF;iX3^d9$DMB*3?LO zu{}0fX3C}?m?oX|FzLajuf}`$O04^b)3BEB@IklsqSa!aHxSSB1Xu*RV&`BE!C?|aGd&eBUv+Kc=a&5;ZFZg1tLKl z;}80qO!=99$ZwAtHbZHBgv`uOpE@hsi`!4n(1$+o>?;H3`WOA@*7_e<&jT(<`{KuR zYVxi8s;{IYujm|ch~3apka+g|TkXGN>O%dKF4{x4qsBaV)H!B#kg4}7;hFcOD|*?0-f#eRdnz04F_X^y6&bX|I*uD|>HxIlH?3U1 z)CV8Bx4%kXlV3DO21Us9sycptYMAn|y{Ab-xAwWLHOiO#z^?yji#IQT&3>_7uCNGl zV9VdV3fJUYdaNmhlb>XXp{r8*+UhYWU(X*BYuNQ!x@1o+(4f*cL!OvBU>wfG)w>Rm(@P#iF6H`v3{0GQ&I*ut%sBdY>KcAOCR+LvE=f~dq9g}u2 zwf>{+-$2;g>O&u4V?ap#U#I0DdV`VAdR9NPG;I1xN$x-q_V&`U-=~1N)ZWYvgiRlc zD}jlL!zDIr1l{c2)^A=zA8#+s*02l#zu9~7oYAHt%Jkk`3}e3?JM_Qn{GNVL?alRt zuKm*uC`@{zH;1)?pRP~V4|IM9hRgh!FVa3>#!q?jd4Wt{3^x0@<5}YQ z4L!o^7`a?H=v-$ppJ)wQ^7k#0IjjCzjOlS5jUXjm&)2Yk2cy5QK^+?Q7Fj$*;k`pY?OeAM;D8qNzTAYs#|&;uVq_xcktdy|@dkZzzgO}% z2HPFk0PN-K>3^eRn*N+_`fwa4Bfxuru5_fg`e?Lu0_OS>7sE+q4~?c8at*_u`(Jp` zkLT6+2j<%5!%>NCd*Wev(&@KOt zJ}j&{1Y7&lV9~Dz2sZm_2$&r236~N9A({u{zh|0DAjc zxt7mI5~`QA<%@(R*B0{eU_=FZ07HxX_NMX;W<2&#y;Lo?4DozJ?h2Hz4@q`V1L9VC%?hDeA8ft#gmQ-Br zW0z!iKoqYPbSf>D2&ZQI7L1&;Eu|vUT4}UI_QZNLqs^x?7Wgwu2E)uymQjb*VIW>HK4X@Ccd5G}3 zpo0(W!5e$<{xy8HCIR?QWKfqoUSlNpiC$qy=QILmC_H6@tnS-O{>z0m9he)|n)Y;s zh9muz> ztKpYw4n_Wtb>R*U{B?)L&-Cz+mgVIc`xWbo;t9eJjPm_pAFt0VgC9C|lXUXK-kJZo z3UD87ODxhZ*r4|Z3SS!OU!uZbzXL=5A~hD)!EXrsTQT!)=Zt!^KQG5460isI1Irw)itar~R)NJ=^~q&UJpuh-{gZr+sdp}!qra1Xn73g3`i#=#_;uw|oo};y z#m&#)UQ#~Or$a*N{}kcW|B^A?TN2Lxd-F4k;;)63%p9LYK2)K!FPQqO;}_I$Z~J(- z6gyJ%b)o+umpk4hopEoIaN5>BfoUHX31@%8UeMECV5vL}A5y~yYNCVwjHnOV|AE3e zo`F|Mm&Ei3>~o7Q+#U_-}RLC?7b> zhdjb5ueUwyrE*HevOON7@_;Xl@!=Cn*bzQim$`Y4&klIiJ6zvSNBMTY)7uB{G{wE^ z?Or~+nf+hDM@b&@<&_~1tRj^7SMMu|&BF8<+z;OC_CD2Naoq=<#vF-T@u8wvBcC+5 zJA|?CPJrBo54(O@9x$>KU;YtKPang5F7SgK7U+X~(%`NQocuq0ztfX{ufWOw@{dWT z(mlXZ7sbbgZ&MhVxGO*I@2)-Cp_TU-g|obrzm5<4gpY44qx`2T{d)0_NBUm8_>-O& zV><3qVcg%lSG*_aW&0LhA=>pd`FjhG2S4&R)bN1ngZ9msin~DiY6)U(7`*bB6Bu?KkyDANu3CF5E4jFN$Bu-`r=gfPRF6 z;|>jXYxv_|^!{{N=(px8nyW;Af22P__$c9f0zdbkyu3dOe#*;(!{mXx{Y#p^gntO#b-As<%6GE!w(kj2tO#&pD(;b_^rBdZ}@Ui94>jU3Vq1`>59+%?+ag4 zqf=jNgtNY$|8*Z<8iCj|Fft6P3U`a;CMYqF;n^@ zfB%sGa?vU8v0=~4WKY`9_9)*QMPDa;V$hEWdE9%!-5mIoz#9Yaj{K(rKRoESeAVTj zBpc$M7Hv34;Gw`*23{WcaMe#oe3TKl|F?ZU`Pa~|7gIm< z*Q}p+@AUEaG7`%@e5cFPv}$fg;HL+^O?Z*QPYJwR82i0C@RNjBDtukweZJ%JUK@D6 zF#OjB-g>9^?{`J{Z~B4TPsK1d62S{Hve2eI9L8_0@ZP|MsTP?>ym-Xy*hSdp=2RDeZaQFMR!x{p+@0`P^}FjlXXH zm+3Cn;YxpI&_BsdLb<~NFVsdH{v5wwDBKZFdkpEO2DI&-thh>;^^eprce)+}8CNLR z$G!AN>Y+>WdZcm77e1th89%Ad@u1%!`iTn942(YLm-^fv9@pk|i}*9YyEGq;3C|6A zvox4ef9D6LKKD>K>+_Zm_(K>M1bxZ-oc=F?->bnEeJ>6CEiL?!_p};5@P07%NdB3+ zsda*Eo8@imy`3Kx{kV_^ez53?w+mk{+C!s0PMFuQ`T6K*Kj3>6uH*g1oA@@-f3Ea7 z{)69I!|3xkrB8i+G{0f{_uS8dUn>5@`{=cO#|s~>3wK|bwNRa2$9F3IqeMS4^q-@J z*D7J^5Z8;Z75!wz|Hi25=fbDd@TdB`f3Zfu^4>N|7Vj3aMl;IC+MU99jo zLZ4@hHLQI+u;mP|S=O-j^!mWiX`e~IFFf8u|4Z@x$*m|Xdi$(L<>Rs&$)&){|aBNaF8wi3xzZN17wc}2p>G+2_CJ@ z9OK6s4vWLrc>nq4pTNERV9HWYzgalb_tNhR)4uBI*WOS1UVT|F{;B*Z5B5nq<)1H{ z+}z+ALHH{^hX8#3bntE;y)AgPl})P%ha!N*sCKy?e(S&4O*;~#h)#QcjFXGQ0%v}``tNv1!*t2@&qhr=vy@h5 zGk3c1YK0yVnDmDV=X&J_O20w)N5-vr_Y`l>y1i?zeY)%WxS-z`Mpn{adz$CBHTcPI zT;a^`<7Z4Cua=(a_Fo+1HT>VH@%QR`+*z*AijWVcf7dbgO-%Yb{*1gm^|MFjm+cMx zkz>8c{F3XpYeiQT6}JZcS?UP%=c8))us?%W>*e#*=iyPlUOZ0~^IXx7(S-v)L4M-d z%8&8q!I9sH4(2HzGI6JjH|+jGU(lZ}I%}mj8&%`#1&!iEqP;HgHNqz@#29_E?yQ` zj|Q51if~7v*@6E)@RGm>UFz*2+uz?lwo!amw!g)b7a#tsMsc3-#esYIw>(kxq4NDx zjlM`N5ALWZHEi#7mBWJe!u)b;(9c(XCkQ_$=wRAg;?G{@{iPw9IPfz0 ze+obFDUG5lI&BU|e|m)ca}B9IJgrfDN#WmwJn-84!L;?{$6mCrwAb7x`24UU%Ck1` z%D`*?bElrG$Fp3^8kBL9G(zfN?mgKkJG{ahl}4 zAK`LWi~bVPpAqSgxUx}vS>YEuxd6ler|`F4&?pv)|IXmQFT6vvI=zm+r}CVt^e5Ny z|7k5h1TU zOV&R*UmpI3MzKw8@9EM0zzfvh65smPhOJeWm^97nYR~UbINS5^$+hNZ*Uk*I-x7Yl z{Obds^O1(_U71610JUr-N z%9nVLkNN!G3HtLtVL$UI{wd0{kML~K)J)CYb(@dBkBj=-9QrktBv9Vir*6W z2H{@|&kg>WUuoF$4qqG~wcEcdKkbjc=L)C3&3|+IE>|A76f$!A9Y_Y;u2JZX0 zoM*qnNAwG>n@2p71<{RPE-V->y*7 z@43tMzdGnIz1!EjSspNBbsayWhFAaC>z6SccY^TW%g^@wVPV?B=Z&g-f1>@WY&Sdj zpZtSH@mtY;5OnN+m%?fPrQdDXSoheVfA<^SUf%T=U|8$?y|~juujAhH!hiZtAHRnX zBFA|f1V86-%&+?e{_Zcme6$hV{o#Xt)v)vS)y`gE zAI7(OdH)jJTb~#Gwo$0b+C6Nt*!+8MADaPkVA@9=(>@aS%47UGS7pud3w%ip5A5># z&+&e*-JaiiGLr+7UmcTQV#fEg)PHk)UvqE6)^=M-EC+s%{5od7s^e>F__gAv?cSyf zM}KB~&i?$)ANu$=2~lp9+Q&Ni`>0H~zZ8!v{oYDDMjyzOLlV`%c< zrPp>pSpNRHaLhkv$j|W)d{zyAY-ZEeqccN(Z+m^vtY)#VXip9LON1{}de)S0zBM^7H=3*rKMT|B+F3 z??QM#g;`_Z{-^jS`WT$eS1zvT=%dUXg_%=uH>~#kXA$}Fyd1VX(Wpi7wLRQ^+28J3 z(=24-@|{svs^VDtWPk2mZ;Wej+*AB>LLQjD{--eY$NYp2I52I!j;Z@P-meGO>6Gtu z(X)J02R3be#~g|4Z4cW|Q+rf-ay$p$B)-IpAK0|=Tx_YeE*GXfUJ>{;lD|k{+B9zL zu%+fwRHSKglM_8xrX{}3}br9Q|% z{C@Dd9{T?#O#Rchb3Qoq5zS&sIQP@om-!>@yIu9u5zg`cje$R_I2`SR_MGiw&FMaW z|BX?Lg7dB+g>yc+TKjS4gSW~?xGxFsA^(=Zv@iJ2hbTw?f}Z{B@#2U6>fon+b%e8h zy-WB2;hUnp?N<4q4+Z~o9_jePzz=$I)7Dcj4g8bKyuUm;+TR;5Z`xk>iIRcqY;W5B z@?j2(hv`8}#`4$v7xCq~kp=%*!4G~x55_)8CqJ3A{5{!QUhVCFNu+0g$@n%u^xvV6 z;$0#r*YLAm-?aXFTF_@)-z+HGoc|_X{dBh{V*+mKsgCKhxFg==^ULO#-+n2> zZd5#L2HXpUnSW?QxK9LTPQcBSecmJgI74b@?`al4Q8?vu{>)sI=g*J5S^Zy_GbP;J z!mH$OGE@{Fd7rnBl)vNS8h=&SS|*y?<9W?OM+W8k4h-$DBmI5Rwd5`7PvfjoN%@`^4qH>{}*}?;3Cl<66t%(hdf-$gP-{_`9CE4F@Ams zCOPP|pQJzQt6J{}e-fe`{Ac1DDvIBVPTl4G>B*lq?cQ{@S1?DLiFf=$Dcc){TV?AlRoj=^%){;bzacH&=Y@EFXBP|^MZcHpf@ze0NhElJbm_8FzFLx z@Bb7|d($7WPwM~1B`urJwahiQT_2vn(PnY~D7;nv;|=-!SlT9i9M?<#uVC7G%DZYs z%i1qG;vTVQ%kDQ{uQq{WJb#k>BMj*rVUL#S)(!gCh0*0ff#)baShq3EaliFWg;QVf zBScAj{_2+X%@;X)(G~6}{FK1G>j^OSOMPCsre)(dV>S-_H2H~p(;v8x>zD28zA$4& zolaj%ykULI+H%fE;FCm8{Ih*qcK_#Rio;#1AF&=NpFV>7?gPAjbAGumOx-8_^i3^W ze@>EE?!CgSXO{LEG`yvTe=R!hHBIvhFl{aI3H!CIe=iRDDf_oz1pg;v@iM5 zUNXNge9+hHZ*uX)tp~O2`FO@8+y<5RH2ImH{Lj=}nfXKS)aVaVdN5-GZu~&U-*Z@8 z@!*!7-O=W8VD_>lR(skfOFwd})5nea$LFad zCwu$P`T3yF`&x=Nfji(KEt{_x!*K6?sN07%EAF2IA02q;6sJEV@an*tR?ICpy;WSH z&@zX`cHwb_hXeQ8YzaL!W_Sdq--26v7J~42we&A<|GxK}ZmXFcZ$FQX{`om!+*1R;{4%e9`&gIap>M3wd-;2DZ~9)`%YT3P z*~hi)Ebt8|DF=S0{KWSs|NiI$AN0PH{cFoJy}v!xa?`ns%D+zGy1f{S(q8)p{R6Sy z{;+-+0srwcUBE=(C4v7|c(F*!1OM)6K3}~jCWPZ9uOs?rL*7e5{%-@r4{P%G;>j1Z zY;J#?cyO0o?c*_R5chN8zg62f)nW167x{dX?f-7!y+vb9hNJ!bhuTKAAMQV2t@vY% zDmgD}*;&)tz|Vep%g#Qsz4qdtywc~NdBNYgre(h$%k>bLu{QCM;>X@ggMa)jExX_G z_yLbN_-_NZ-{bVZ5B#ghKgT=p zO3@N;_^|Wm`s1;IbHBv%ug{mh7l*u+Q!U#MW`6|lC0ZTV=fe-*)+%(1tk7*AbHDyn z%i4C9hx_0Ai*l}$i>G}?_OIo)^t0aH8Dnw7qIcw{y`T4axBq0wzdJBzEV%ax)8BJF z`hqWbdUV2_CJg-pfj{>ZwSU#s(MHw0vbABqAJ`mp?D1*Q(jL(NS^RbSf#R*xj}m{K z{trFrd+ELMxAvsJwKu);tINN*C;x}{q_4}T{T(QJwol5ZE?MdirtY#l-~E=`FUOk? z3$GOaA-Zq}|GUpe%(1u^i++H7^1$7&)9rn%Wa7RbIPb@w@g1k16Z9wE>Er!Q<5oRN zU+j_n=ZGJ)>}-E^(9u^@MyW6KA>pKd_U@LAl`jr{#-B?S&h`jqEs*#$@uPpvH>9V( zXZjcX)b;&P$h%Frqwp63^E}Cy6}~mf^Emx_?ajiBQMkQYZCmeWe_N`TY;05fB}Ub_ zD$M$&jKQQ&3nDq|)x!$>4Hzpn<-W<ryD@&Ar+18;Ao|aA;U0OTkB7N`p#1dzEdTX;w5>gDHg5fX zL;1Z~;gtWyJ=?avrVO~>>a~uP?@iJf_jl{sc0cv+0+T=UW#<3b;kKP$|H8PnZV;ya z6Tf@^cF_@D73skT)iCnT6Ha;1(Z9~m_*ch=*YN8PYZu2!_M)aD<=&!~B3&e(I2`)0 zHb{NIdx(}8d$GSrdx4oB>X`X5@m-+7bhmazY;C;gMVX< z&hsAi{Au4$7k{>I^f^~J^Y1Os5f5+M@7d8A*P9>mE>wKV`|=%4d$#p@zTcPr$JWx*c9Ks1&k@e@zUxtKn-7i){@(MH-(20c{p3Sx^d~FK z8VGmxOTGO*&7tA73MXbgL)q!WxKm!zE>_4tCe|Zh>MAk)mGs$PpYUpzf3V_kVCKfe zbFXdN?;Fzoz5APezN0rw$sVt@)cWq?b!}T;{VMRoUhD1uN#enMK=>>2NrMCbP`V~& z{rP3J<(vXg@^k>6ixpEYlB`yArg z72uaDocPnipAhZ_z1Kc}X@0MG+w}SXzd*9HJ~sV*+xDY>sy_bG_Hcjt-5EMzIVF4z;$~Kzwght-@mkc*cbULP5VFAe@N#Wn?>sc z{f8fI7q3+Kp@Atcb(#I|MS7>%+trpygQNXxNG#j`{pt7rH~o+5|La~K%yGDbgsK0; zUljhZ@DUK@dh5T?c-K+Q(*Z-=Z|D*7jB)>NBi+}D|+f;K02mc2H&kg*kz`gSKzQ^V72>OeJ zFOZ}wTwF2p7j3(L@`M^@eUq5;th+m!Z(NZ{mIOwcDlm1`9kLcm2t=H54PjK&f)vN`5_AKBx zqrFf+Z&iNTzW;46pMQBK825`Aeb%3z>#$%weXYW|p8n^>eKsC#=ywL_lt1b3(Lwv$ zg#SI(-;4I>v*#~f82pzBGyi@x^nuRatWH0)MrZx?DB)axftec;e{iGk4-O0cSs!v1 zkn$Q|O{5tR7c|ZQp^?kO#`F8ZLOE&b`{q1}|*7`MlHr_oUBq~x zeyB4X?S=N5?S=W|--L61rG4=(l5AgKe#>9SzZHMtUU}yoozj0%q?Jxc{>aTZy!G7dB z;?MmE{b`+W_NTX<=Iwzti3rX%JTzcg6Nd&*RGl04^73|mr(-|8*_!I@q4PHGs4u-Kna>NSely#}%$X7Zw)AEY zea}JI)^+?DDa@Ym+^mlauV263%O;G~v!1+tdb_l;i@Kq)j%qW0r*D>-=9@m29}?t{ z?e<%^r@mLxAidk$-@OZ+tJrkNf%}V^_SD^)=I5GUXo6=$*By}M`kVZ>Uw56o4LI?R z>lPN*$-(da#r20yoPAkS8dvnq3%aThu&;B+hL#SE*((##cd5PExG;N~eo}D%1NS?S zFm~bH&Qu8LX;0U-{OvN(tv@VVzG&dMmZdk`yeqeLWtUuVY-vwz=GB`f zCo6sYJ;Rw_(HJW9wr2ZeqVZ@v$o$-XlQP3_C2#O2f7pHR=L~22gCBX0`L>XcS61G> zMsuzdFY{B^9vPacw;$(tv|(MN#n(6-KVW0kA5cW<;LJ9;uOYsYH{9ag$>7k(hS-wc zX!H%~1!G{VufgMsO{-VRCXQ)rybHhNml(YS*f5rsaT({f5m5q+|53g?@kE;4u+qbUI^&`Ix8-^rt$n>-Nx8l1#-ab((+KT*lHQr&r z`9dEnzgf%qvHzlmm2Xk%%Y314nQQ}F{mfsuh~5oGC-0MP5A1d3nP+aHML_fMz-3qE z;~wU$%3kZ&uRZMWg@&v8^Yrwmw>R0bJNEWfjnC-Aw;>o$kq`ZG!;foTtQ2MW6wdJn zduS-6c^DmitvXeqW%)+O8m$b96ioVggrT(O@kLP;N{pj4$vVW+z z>SGp7n@_y`*$8R*d;KYS*oXX=a>GIn`JTU3kKt_35TLvL2S;Yj?o_x_v+}4O|2tRD=$2k@OY9W=dOLiKXWfo{eG+W+O^0+=uhgPJ7@hU)A+314JZ8T^ealBL zqp!-(T(`jFQ(ko^>rl{Lzvnl%%WzjD*e5!-AYJ)-u@b+gSzifr7w!EQ0g-~ zJ`RysV~Q4IGiLmL_wRqdE3e=Go|jQK{Pohi^>XU!ee-(n_3ln%g?;{Mcl`zJdIzoI7aKU{ww=P>|%K9O}P~(bmhmgplWL-aoL?sm1ZlGCo9y@zI0( zz;a@@nz6JdZ**)~XXXC$AR;g7NS{ozWtPR6&Z3R#D=jc4Upd%BoJp1qIz``RWW$Gl z@5^8El9yb0<&_GWE^`QY&;syz-;f3Q(2*Q*$UDxy<=_@1j`BWW_UzfkEGwGHGv&Ri zMD?@?(G}LK#g#Et9{#-_Epj3)`Nq7|B@X+A&I)sek#~VpAT|Ely-B2YYcj znZ}id55@lN8^u&HHKmZtv$FNrD&nTKNpvZ?CvSZ$i_}Q#_S;r;{3)7no%q|Umc1Sq~W*TE}s?$uqu9qbi!deXKb0j5b73 z%^@%9QrRdg;fyQhw}+1}j_K<}T-{cRD)ZQHlN=FpW!fihI)oh@1u5gYXP?%!r=4qY zTILLOR(CTk?cnB{Z+_Ri^!=TBTrqgnmWz&Rl;f4z&p$Z@o8@6f(?W>Wgq*B5=v(;Ud<5S0!Bt%)h#Cf*F zc$~G}VzjI8>&;?aPg*L+o4x-n^&4Hhba{OEwd50TI^xL8+m**=oZF^~^L#s6G>&$& z-CM&k)xCL;Hp`I>hB$0nOnv{(U+(cOSaQ_raL*}%q5b(&r5bPjz;Yvt9qKU<+7aaJ~4zUdQ=!AIPQ`Xrb3ZKi&v?UR!9 zeH?KFUA@ZoW&?-D37^@szttR$xw?#_B1dd#XY#BMc2?+ss9CmM()z5ZfLx}va|P4R z<1F7=gMrUFd~>0;>+_Z_$;DJ-PQ$)Lq7RQWcJa*`|I!HG_?iCgk@Ay3V+~(j5y6*y zBw=o2USs~WPj>b!z)GR<70+EML^6DpH#XRlWULtxsYbbot1kq1b?iew_AwJasp8)X zEmhaIL~WT@`*>)B4ZE`S5BgXh`d&~(7`uHz=w35#`6rb~2Jz=Ne@sMa9naCe0yF*V zL|U)%HKOD7F`~iUXAh3^otUfyK6TWQ{S=|LqD4e|u)S-mWTVQIc;@Q`WWtZ7XDh)sK0V~@t3 zAtSyXwN{6W`5_z0cPUkbefLHjkxP6NNZ+8T+Cs-aN+XVTe(c8dh)Q!SwW7t1^4T6s zP-#lFqiF0BqFJk2vZk}WJ+8AW19v9vy>#JD0*=Am)RoKjS}%+&eLjdqp* zpN$`f6pP1}?KyUcZsZcj_~B!P4;IAPSiyLyFb;XXHyjx0A6dYt?MUE zA`V%5ML0d=`Ps`doh5lL#QAyCE84GYzpBjvFmc#mo<*fQBBaamj zaglLZ-cF~zV!uQA99&giY9PkO%;Ug@&OuCo^C8AEjeKi%@o3RWi(MvsiJ*|jQI2!^ z7HbLcM>dsA%`>`?XJfa%ysZ&_#;_Db9`U$6baKQTntVg-G;22S`Zz`d$YxztzD4^^ z{+Wy{8#!@Gi$h*jHjA=+y*_AbdTEGUl@|W0jy&J3&1>4Lt$D&nd0*H6+UA&NVR8 z#PfaCT%CfwT``w$vG>QphpHS5nNzrm^K}+RAkJ!VYV1J|?&w`}f2i5Hcw~FC{c}EF z19hA2&5IA!V^1~v4M~Pcu{hVIe?T8V9bj=m9$p^`gsbVoeyoW`#9=>rxwTA%DVx_@ zRlmf!iAIab`EQ<2If?UnTQF<>tkGEuWjN&7c(AFnW_4$!ZL%^Cow4%0L8~Xynw>ir zt-Pptk=1bKd&h!vM)@ZelSjN3rTRMM0!(0W*d_O#U4`NCy1Zxh?`QwcRIQcQR%w)z zI27Pp=dpD!^O!eRF4juOgSRNU&CSh|n#W2*;@k$DHFLMg>wArbsz0PdzdS=`kxl_u z1xq&6Qoq_dpE#?x;Ki$Sxw>(cFWX9;m-g^^+ug0RLP}e=OP6w6*5pAQ9kd4L;~#O} zCY!}AU;pK|^a`L_zAfF$=+jk~H>kRwW#uF-IwEz>;z6qiu+KAtjb)m*kB~h0u*)SE zUp(IFbZny!pW9TYq5P90F8g3nbgU$qhrTHtU-5K#*4BoX%w5@-)3+khlJDmm`E-Kw zSsNeFu_Pz`%78q)?G6k+X7K6Om8yKPo)ng&-d048Ttp6I4kdX(Y@%Xi;g0WblBdf=_!Rgj=XKUwANdd!@e6Em5ID4hn{gcx^a}W zNjn$C_yv#JeEdnvG~j0(XDQvT63HQdrG=_L@L9gmCJC2u3iE+n#trgy8(@LT23~K? zVt4CaYk>7U2;)i{=&sNi`bS(n4=@hCYK%SEo*9GB>RfHPsT~V;E7K~2=)M+b?Rla( z)!8&KTWM?);m5JNSvi(VX_mb0-M)$=KlJqb=`w=C#G%UqyGf*z?TEwo-lKpVeBRCm zxHVwgJ>qEd+BeQ$IB(9}X4m72e7hNCd06|N zkW=hbw_C;)6Q63X-2a%yighl}_`2O4J9fa?tFt0PXXBgd+DFxk?u5y!myLQs7wn?% z`ih;E;TI#>N2{an#W~eRO!Kt*rbV+TE4oW=+5JyVm=zaTZ85UCF}dj-K6uamG3(n&Qxx{v^6)L+K$YQ9qO`18@{L2F1DVd zHm$)`4i(zv|8Z0f6*aDA$yK|RBt_ZunfkepwvFL#T3@@_-xzGVG0Gi!xtXqiuXWcS z70A_}wm(iYQ=q!*%{>ZS-|Tj^LoVHY@s~se{u}hD_?ijIE&A>(3H7Iz=hn+3hn}O4 zdX?6T8wWcn%1W5q=z9IJ!;h~&b3mfqH=nJ|4ZKISiJIS@CcbKrSe&hY7$KALQEL;X z$;BJ!eX3d=Rg|hK%2Jl~Zr`n@Z*rC|r=X1n)(?3m9tWL%$-EDBYq1$;{g^(?eCTdK ze1kS_!@FWgwr@j?3a3HctM}9gUmDA`eSLHEiClbRtm4J`< z4eM8%>vTL_oYyKVAAwTm`aK=w`D;SpZe&62y1-Htkaj%Q}4QA_{3sb`^$D+(!vWP>b z@);b~*xJ9R zq~k>hhdgRf4=6VFYaHBopq|UY;L9w|+YUkaNH6PXuRLFSja1I-{w{c&8yYBN9U+IT6M)W(3!^%8twx(bzCHZY2Gjo)@n2WxY z#r7NSnLO`Dqy2OG=l3t{AMGa(kK;X8XZ4+~&PQCf(*ZsCvI;r6e2>ok5>G`QT1FMu zT%-ST6UD>?aW&f;f}48V*xV=n_0}6T<#~90=z$gGF;~Cj%{+>tqcgRciO zRd=qDzJu5PCmBl{O%W@d^$jSUE8L^TSm`G<$yR^iBVK=-L$Ou@laK5iG4-^Tjs%v6 z>%6Y9Z(~DaO=E>U;1F}bjXXD&eBKxQ*;u`>>M8uW4?&&#%HbpO%)Mh_g_q+hp}{ahhgBie!MGTwZ2 z^U~%8%||sUM`Z&6InsumZ#}ZO?MUL_Bi_#sH4+yyhKRGe4BZ5c53SJE6jsKS{Z=+s z>EDV*$Lwcm)eywaWqe+aM)8HA&zs3f>-~fL^&5tH{gy|hwVcW4kJn&%KO*nN?8@bC zZFS+xNY*O#$cWWqD3?sR+C0S8E4o#eLUYq>_Q#Ifa)Pi~((8r74RFNb4)Ykl+bN5H z#XP>Usp8y-#&2>4bd;H{E{DW5haIuq0jpN6(&kM@RzR3|uWy@j(AM6=knxwujgOBP z_?HBK))P{6S%oEkeN7>TfO#yb-kk9@AWL%!!5!-+iT#E0E5 zjk}09{vJW_V>jvJ238nHJo?Ma*}SBuwhnDGu=mHf1^S-%!<()r^AqHb%XBzp|^v9n$QS zzE`MiOVxd={>Kh?H~WloS5e+CRcy~Df<0!Vmb}_Y=a4XMvum8(+w=`i!}E!Z$~%*F zJ0aLuSt!XG-uZDVsnaa{GjjJtXmcllb zjJLZ~Y~3o?P>Pf=nd%|7x?xr4Yc8u##v>XvwH8g+2FPt^#t1=SQ2`_ghl8z&U8 z%T0@S{4Ar^uw0~PuDYR5dTZ9^qcL0ayRYhq_caFn=NO&C9#?b}SH=HkVE4ei1G@(P zK$OKZ_g>q)wmH$9C?<%MV{K~VQ}#29^>`98zQ$b>qm=wHnV2UE@$};l%C$eJzz5{i zA&K{K!aA%r28xhFcFwDVMYp)%MUN>iQyl!3ug=8lj<_suzqpu-aXs>VR8TzpF$&oD zHL94dh6>_ILx^$h6#FWm$1#4ezR)--EjfpCe(d(;=B)T9Acq{{AJIHU|0tsGcZg?Q z0w&zA*#f)N%B5AFBEqGdt<9~?K^FYA4;uA>&1o@+axM;u$uvA;(0!2iaU1pVOh_p#yTDQPM?1`pOArE%W6KYD30> zbv@o&Fy+%XqWVs;ibRgbH`*)uTJ1jlW5HeNd5^yLIw7v_+k3c)_qC+AFWSS}rt^FJ zF}go^Z1d>mQO$0|dwXDa-YCwn)x7h2J3M9ksoPKAe#Z9h_J?n;=c}hzRim?Hx1X!L zl$HA2Vdvq+)P%ygN}p4k=QPjM{mG+sIlnxuTkJSkIs1fF*)uEHs<&2N%y_fDDe!is zsq4c|6OH|QM##akeijsegWuaB`Zgrje_vba*^<5W4c_MUQg7PPqlUOsG|2rShWnhD zG%m88F6WDK=)JFru{OIzJC;szDvCxM3M9w4v(iHP^L$-R`(ynaJ>&e|7K+>}p`pa{ z(kim-1Ct!%!XNQ#Rf+snFyJCjg79Or8E$f-ME5hB6^^P8R|~^0Bl+4h2e61I502;M znNI*cWB>9!`-Sn#q1N)9F{C+@Rzwe~#p|~cI7Qi_2|020GFWtmi;n&d6`i{L;sz9( z}%)YmpmEjd)lugj4c#bF~!O@ANVV;7)yowKOV_VspX52M{j zv?lxM6YR9LiB5X!LTo9}Sln3BSgQNwyY}FzHP5oXq~oYwzw7iJS>F1HY2FtPzVc|; zBY@R1LrV_(wF`UF)$uf&2~jjRR6>(!3!PfGa!q2bvNl$YsbEHDai$Ad+rCfPYnxg4 z-C7pKg4nEOD_Y5>l+C%#`OSrmd_ptV)46OCYq{)d-)C{+w?BGdF;}2=?mw+AH?fGU zqNlCMSSHpVm2|_iew!YxXB>IHH5H6ys~cDH#cgF&OW8HntfI4ushx6hw(DNIuh3?( z|DbkvFs+mJj&)#JX+f_wHLdWJWsgzQ-fr#s!Wsp$dlftHz4zXZ`U}@@x(myAW`VrM zYw>mdSJdKfsL7eC#lKter$`o8_t;9lpuK}+t^7@!tN0)7zW3fk6xSR7TFJRs@yL0_ zG5$ME#ux^QrZn|u1MVM45+t%Eel4sL2TE4yHXLOuFUk9VEY=Z>;@u{oQV}x*NNL-9rERy8~V1K5ngt%84LUk&tis^?o+u5IPp z+|ueIhq-9^|3lrI09a96d)#%G87?E}u!yLrml1RTK~Pjsk;|swih>cvWyB44+#=Da z!=esq6nBiq;2PAp#F&W2W!z1S1`~~%72|VFqP%AoOhCThzpBoiq8%W*6(}errYRe!RPU6<17dqI_WY>Ee{) z{ib-Uca=|VNu>DH&+@Uz{26Ws`M-`|b5-rpU6vZRdv0u8TejKXTDTU!_*H;kRME*I>wJ~8{f=t+47p6Z2XJp8P<*-ix;mnrcHl+%(qc#l5th`HxW05 zqq0YvyvA+CjpwLOeS3Oj|8&W6 zEJ^&J^zF%)))3zq{gBO9{$D_vW{xRoxz->rzqgmK>=aMO^u*2<;%5@q#IZcl{{en( z&kw1dY`>5W9ph6y=vSF_r1h(QI-fWlGZOhG;ujL9qa}%7Nc>>p${h0(`>lUvy`P;K+Ch{%tnmHaA*Vb;|B)*Y29mA4-Vfo6Y=A>U&Xg{qvba0GM!G9X*qJw0fCOe3^Kz>3DjJ+alWfE^&jjF1KE8#Y(+; z%hO`YyCyr^%lAd{9Y#tW%aVNE8thaijU4j7>gx;J@vtG)87zGQngU&UE`I?l_U!SGb(wBM<|O2p|%+rvWQn~0mj@n%w9Ygc9B zTatEY`jvOO93$R_k zS-utcjmda513j{(%#n^imapQ|dNDs_^R;;SA+2BYv+6Q!Z^AmVdMqv*Z+c zU&RGGaV)aS6WYdelh4|t^3F#`3&--r&uRNvn5=)6G0xO$JmgrK%oo-U8_~0xJo>F{ zX?YRzWnEjj(*9!l%cM)|#r&*1()q>g&&FFlX6;;volWSda4bmL1MY0MT`h~{%G$4d z<>NKwI~d;dq}`_Wr~YY?pWD$>Uc-E+dQ9cxHcZdBwHNN~CFAqVjJ(Yw&BQm8?@W$m zNqYeLzOJ&R{k!i!<~bkIb-nR6uzlBfcTN5fPxihJ@ff9^bmiM9xlu%Uo~~mj z_#XuFCtSyhRZaKH_`@3iBUsN#^3$`}fg&gHwC5oc!e1XE9C!-&-^*3E5D2vG<;AVM zm0=Iow(abP=8n)}9v2TqRS#lQIFvW+3Rlg6p<5@_U+1@NI_trLTyI`0(5Ki~R6~k;yiyg5 z>-U$d`Kw_B=cL=(dIA8eVvC7p`JMFeQvmfxjRVXq{Ck^oZ`K86_dX%8%e(RH$|2@?VLxt(Yenm`?rE-lLN0AOYu!$KNo#A~{(Qgx z;#jyX6Yp<5@4pa@5jRUAq;x^&!}%TASsBK^h552ro)`AL3b|);t?d2Dj_`!A(usFM z{RwUN1eFL{H}1vW?M94S;SQJf592e<49Wfc2QeGB=~VTnPgm-} zv&7YZe#=p1kWe~2F+h3JxTYPz_DFVy`|IH;W9Q2J5AVzqFO=`6ZUwzy8MP>tvO$>! zi{(0Mgvj9g)#`6cr?-ah6t1mF;?uR=W8MG2nu!N$%hFR)_Aaipu`A8FpmgyCtaivj zwuHUo@D#DPkclNXaWz{|{f8~wNB${QO*>BG_5cMu`KY4Lkf3yidZ^*sn>*10%fvMM z;o2#+I^k4a25XY|2$U- zJn5bAV1B}O{(sl}1Vup7sWk$GNz^h8!k)R&y+;ojJ$!UX7t5D> zExfACZS;D+@ETf@vh&LI%lX($uKKOuB)_t2?&F%ba?M+-9w70eS$LP43;sf5h!<3w zuX@G@lKZ0E`|<;;9$s6?GY5M3UR0rv&axAYpSQ-Bn1iZ=bK3)O;fkA7ej-fo zL$;0ezOH5eFsLUTiN6Ya*UC?3dt09+5)w}>RnJ>;8=s>}p7+Ic-UFW3fpp=16&kp2 zrRS$4FP-A)VTW)}JU(^BeR0c==aDpI$eW%lot*94r2a%>Wqq{_0!blA7p5ljORjgg zZ|#>S*<0C(pY0(!yOlkj*^XP^%#}=PWbk=j?_>4PAg=s8Y{j(Qe{FvWp=8xrwZ8fz zuP{Zoy{P7MUI5gqST3&AopPR5$!VDoZl8Yc->VY}wEDyzZZO+Y!rBkNC~Uj&ysq}M zLQgVkJSuaDE7K@j3{UE-KQomE1jDu1gTwX-cXwoNoTm{ z*IYZRc5ZER?LvR{Gt5o-hS?2s z8ZK{mzTqbgA2qzv@XH4EkKP<@q+GmNzVB>pj4;3p`E1(kboqWrR`L_cH!l}?pKUHl zNczLvhrQc`Iazg*Hgs$9(i!Hyvg_me$e+Y?WOb7FbGdY7u5r|peECAU3ex?k* zx{@yVGvwdwniq2LHKW;Xu3N}%f%I+3;mJ1?Yc0V}`PSdqjv}EnX}u4pPKWXRhC%pu zeSXJMOl%<$i!^=B^Fe+$G?cq+T94#8eD_y}G9pg4G;ny5P_<^0Hi3|TlT3J@jDM$$ ze5ONpvXu&daYvgWo+E89(l2c7OtvU|5TlqM%;M8qI!Rw>*G+`vlP2sgay>oM=M~zg zT5c|`UB6X` z5gbH&oxv6!HOO7V+Y&D0g02I-ER@IkkqWN_D!C~2XLL+p@K^a+pEjP|qgT2fvN78-44!x~x zx@K9@CC?>k&}E{|g>e_2&p3|cpLfc2&aI!@fN^UD6F|JWW~}{Ob9+-P9n;2&s-48? zi66ErRJu_1=#{{+)GM39vx)KfeH`PbftWPd8J}#ga;Kb9c|({qMfJ|Dx~;BshT|_0z<{h(teHn(B{h%wi?q zqmr+!_?nLC}zyB_{97XKPFji-Kh315>Md`+Eyr9 zqy$8KQvT4z4lTK!om{^#;)nF=e;qWq#V7wlQ2Rh3ee@5;jaHPXuYE}^@!xL#YgR1& zYZv;T26{p9}Ju$zvy1f{mEZH zuW~>38l+!yl|$=bzJPQGUoO8>Us9umsV$2i)&-i0rffK#e-#?K-kz>GKztpF=}MdG z#JXX8&G?!MO!ezje;Hh&cU+PGM!vKE;#%N`@=0U(?i6BJKZ@00;D_?L^2FlYaxp)U ztmYz7+gsoCl>Sgs0)YD*QG5kL2}lvHj!wn~UKl`lHc#6(%92 z5BBqBAbxK(4hP8Jm*?)xX+3QEm82)_rp5gfFYbw!QBLEo__pljEe(Zvtg$Mt37_Rl zdU;{0|0#CLX7S|M9XvbMnYtCV>DP6|68EZm-CaXV+b*_RsHgvVk*LDfGde02kSZza4+fbtQ%Ie(e_^D9y9RNLGTT`IRY^&;%3N7p2nOYp z*;c2iiNWJ5R%O^TN#9&*;crN-emOE8Zwf%dH*y$0j6vgUx>{VXIpL2I{5Ihek$;Lq zbR>g>#(P`KNuH(CYUwY{;Hybz`o}UzZw0@>uax+n5Cem*myVEf=y9;Fk4*o%_^s$W z9QkvU7?M5HI9q;)5ZD3Cr%XMa2ELE+Y*NH^OqxG{Q-@8W2Jj1@}?ExhMF1 z4$+I?@to}&lqbRz|E5?TVfn-G5nLRKKSGNL=&Rrc&Wk-_4(%P5ffz%NI>UXIg5*xuo?WyEJidnfb_?eF56kl+|FD&39&`tlG}wf7n_ zn+3MLsSBxWwbi+-H$=kfUxuIDCfK)4&a>S&$QKv8KL+Uj(a*Uu;Rz9!NxvWAi4iNk z`bV0cCQwa(JPqdn@U4ZAK>nLV@TmZu_-b3m{{i_O1KuOn_b0TMAAzrr@-MTPSwi^h z5vx8Csg_?@>8<`QYYhCMv3$bA;2R#rwauR3u?b)6l9aEqruZ zvTvx5%VPT9fg1?_Ir8P-0buj5>PP;y`k6M+-@)S=A<(+Yr}|L)xBB>)#-OrKjQKq@ z+22ZYCq{k3ErbmZpA!0?`mAVwa38|wM0^?gwHKf=h;9ID?Ag#G%Ff`63*1SuJ!yR1 ziL^GpPN!Xd1mE-vpTl8T`gamP>XUx8AJeb#AD65)KhUJA^Ml6s@#L3|?^BZeOGgF& z^66+#n}YQ{)o~Fo=+e}#{R zV|YGTeXs1LS!{`nj51K>*3r~cCj zw*I63toCE_Di2dewLGWOxP=di^{x5)yWrP3L~4%{;8}aTf{Io9=VEh zok;$^g0t0!a4*suzK4dQ^t(wI+6??N&VTR-Uo+Utl!GJYCb=h#;iAi__suyU8{>sF zei$Cb;za#vi)hcOVAaPvQU1+qd0!CtaSqYw&4Rza6`;HCt}y@TyVar#?{$tT+&vX> zmcPe+v`P5S#`c)yA9{Zn5ATZU`+Pt2|K}oBdR$aZFTTc`l&|r^^k4f>SkI0mPIM;t z$DGy1M8ajxh9$o#*yM%xNwDM_68V?Oe*~Ce!P95p9SE5|$;3%qT?^1@$5x8b+I(!Dg{&n0a9 zfscgodrIVQg8h>SzZUV9k2<$CVf9JT6Ud8yrAN+v_*h7z}(KU-)kLhCc?&KW~KO?#E!Y56OsxrO)t@MAZ6IOdRtn_Moss6DU{Th2xzS@`N-(LCD_KdIc zs6SbGRNhL$??8LM04$xNonH^_|NH>m*1yE}gddIlU-GwtO@7*&VeGR0lf`?JzuJf9 zY?18QlC#+}_0=$*YmZO#4*cPq!yEV*SHK$YN5%H=23QX#y&vU2jeM=SMB?{L_!_9y zcT|U>?%-=V%cq{ehY?8m&w-6U?fYRpIU-0q;W_9xJpO~wzxqdhhecsN>=p69%U6F< zdu)pOgcUZd`q&I?^>OAW&P@e(=Mdcsp1}D`kC+=iX6__x_U1ly?qkZ+6!|LO5rww$ zT@Qaxc&ZbT(%-1FM_jAH*Vtp@mH0O${IP!v*CRxG5`S{SfBK){dc^-AnfQ0W-{3qo zt`C&{EO46s>?HjUi#b1@&mm4UhVe)9%heufotyLX_q!2)7km%l<6?VRRGahHLss8! zy%+5JXbtIycgXoCJ_knrmrbwy&q?xc&%Xa@{>J2I<$ss>H~g*b3@)k*BN{b!IaOCT;`tX>3ITyCCz+W8w({qcQACEqX_`}{g-&U5Fq>c3t zcq(VZZz8`xwm%c?{}lW+!tc_CMfK!&3g^9Je!{0FIBVZ%?EMP-;jz58;g8+H=S2N; zXdj1x8#qLZ*zE9aIodlMXH6u2FVE#VVauFfzf6w!+`c)tkg#3<>;hK%vhnw2u6d-N zsr~9tsr|z;eEHM(S^K5$phRB$3fRggzQ$L}?_c3>pQM-l$AHa#rI-IrzxW4d_*wrp zt%cv7{b~Aj@s*nQ8#x?NgaiOL3`_}p7Ur7JMt%7}XlKfNq z`eL8f&-W*MjW=e01Nn=8M3R4+{)ouGGvTM{Z;AQ~u|8D3ls^e9`>#s)see?TW%yQ~ zS^w_J_#yjl@4z2O`~x_f{R0OCe(yNGi$6T!?-BWf*1+$Ef6K_{6aS{=|0tIK;Dn!+ zuX%iqZ%~9iLQekrVBdV(e0dU!p96_+6%)D?+=uf69+B@}VLX*iQCILGoMnUPCFG}b z)|?~Sc>?W~ws>NI?wfn({9eZQWBU}o4xZtq`-J)Dn8UQ%D=H+&R=_Qnczw52hG>%dZK3r z&q?rt1H$t+6MSmt-U3e|d}PGpR|u#4dlG(eQt;;qQGWJc!v4qE(Z0XI*Z4jz@}+-= zB)$0SXZWKseA%C-za`;oJthCzdg}4XIrmGj>R2Ry?9Ms$$MqR}bOzs>;61qUqWpVv zh>ixI!Fh~FtRpjgmH!%eR{noC|7#ECJ!bgwX%5k2Q~l3m{1`4=IyB6WzY~Bq2M<#}`u-06nQ^D#BhZj6_bHNvp{)C9dSAS3WL+O9UKbwZGYlB-ta`%m< zoNvDxQ$*q`|CIk0IOUH@_}3wSKKXA-oM`g2u%5mlK#v!}H@pEIPkrNqIQ|X>A5g>f zL@6YwJt5~FC3sRypT)YqP=9TXd|h8mA-qwi;$aOre{EfDj}b@n+!olk8S+e%o?iJ%&fg!CPSL!thxNhC$iEM)y4%@v1D{JC zeoq)8mcvJ-+djdE!!oS(F+)^!{+)SV$bYw}@0;L_;Ij<(^Z|Gtp{4+x+T)#stv&91 zL0GTZ_0bJf-nsBEi}Lc9t{eyD;k83ycZX`9t_; z@T5aD{JOxuHQFb>+Kcgj0sby+^`h8c#Aga$jn9M7tMN4-r0J=WD*rOB=l_Ph_83Hi zz{B9HO^fDTopTR@ZGKSu`3~6H&wxwA`2W=)?)|U6V*VFjx>CNzHsfz_Q<%Tci0xq) z@bBTD9sA?P-^#gfgYQZB?`8PXo${a0@ReW6SNl)(PtWidXZRZH()3@;@V8nEU**^J zs+C{m`wjlH{MCLhfp6_s{QW7b@r9314XkEtxxhuXBL z+oG_4vl%)?s$b2IY5i^ow))lmpAq2wIYhd@as}ttJYszVU+Gi6{B8U`@YTQ4`(LMl z?f%!F@8kJrY@r)@l0J%1)u;5DpVIWRlk{^M!g&4yJ`o8Y!P)TKyF>dM67{S7))BVy zZSzRZT@OAvwy$Hsy7oCQV(lMyN1xSC{iE#Hfp_E(9Sr7wb^lj*d4g3Qtwqg0`#y#} z@GZUgYG1~`5x)F8h(q)qSmW>39y#|<@HK=dM11t){CbUWw*)I__^~I#^W{I05HuUC z`dX6U#ssf|-vrh*rbzPZb2fPgR{LO?;Hf>nuJ=>EY_aqso($I`C&l!if@|TcjH34_ zkMLJK;=Xlj_#WoQ308d=p7K=qCY6m>7lOBiKQziefj*Vx(1^93dzie{rbRnE6Vi8z z<7xA=Ie))hWfVOIR^L#WL`t7e(*F~FnfT=~{V4pSy1FoyPyXK!ocezUu=(Sl$e$nO zH=};l9?Be|?$3qvD--<<#GC$yuwVKQjQsxSQ+=Kv^_5=<^Pk5ZK zU&7z=Ro0{6_dD_jIs~k`I;4Y#?j^AHCkk}|i@#68|LL3lhllR1z;=HC_aJZOAsYEs zSRef&K({AYzJD>|`+pt$`D(;_fFB^NF+lX@Z|KkT)$a!AIxb;uVJwghqDfp|J;(X* zSYF|ggbgqLec1oC@ukC3-f<4!?w=hFZXvyVD*8J3SDa6d<$v_;Fn;~obJ<70z8@1d zd*6pY4Q%~aF%Cr+gPtGOfXzr(=Rf0e!` z@|OP557`f)f7@l5lPjc1#G6!$ZT6UqKQoKyQ`Z)(5hvXq~#zbt>NB)!U`^^28f z#Y*Nn?6d28<*)vc>YtRP-xU9!4gLd%Ncy@a`ZPbv9-ANUVt&zlz_jFPi%-J*+BHC@ z_IV0nYo8kbG(V-|pZqmA$}9Z_jMr)U2C${q`lv6m`$u`LKQ;fn7O}>^iGJ;PySYYn!iU-!8D%*}m3Q{-1vq z#*cGieae2VKmS$xwf>MT>H0(c+twfJYX3^Fx=quo{w)3fw*S=r`;lMT{tpCOf0F%b zziIy&0=EA93(}XtG;>eyfYr7smZ#-WKf{8j!@=VTT@bO>M`dujKI#az_Hfa%z<-B0 zk^GVJ|Nov|^{??Qt$+0gtAFuT-ju&l!k^YVjK4QCW{7luTTr%V9b^;Q%3 zO0c!>dLAsj1pFL_XgpZ+$4rmdr|g~g{qu~7#g~1?|5~5CpR4XoC_k;4jeZ1?r+=m3~`o^9Q*7&IOHa>psJA6hB ztT9&f@{nM!$|MqhA!p;Ca(B31st_mA^OU1GPw|L-AvTN4wAB|P?gt)#?Y1Ac%?^1# zKb#c#t?;$p)0`vH{SeKs(>+4(&UrT+edk2nch|gM-(DE~A$$tF6sx}(J_5dU&5!am z{BS_}kK_>PenOeE?U#2uoc$B)Ny&gUv_=OYM%!XPTS|XU~8Y#|AKGPwRx0({4w@w zXv=*g{wwv-f_}Rm9{mu{l7hb(`P#o!d)|~d(Xm_Ry#FT$=(K-1ig3Dr*$-@d?O%$Y z?q8;S-M`fMp5DJyeOUTiHV*5zesx4byH3jcy=gA9Jn8=BnS|2&m&brD{WXV#_E~LT z;A0B>#wyltd;F>BUK?NQ0psibfX3ry4w3E;?7>-Mh-moXdH=k2F6JlP4gH2YaX(73 zd&TnTe%e6r1SN(h!B_j66ZzU7(AY9UOlY$U^6ob3^Wp$KKD)LJYkytiRo8_79=c4v zJ^nw}!B5kF&`f_tx3#D8th~d->i*6{v|sJdY0pfQ#ZT-W>eK2+?OS7wwQu1b308mT z4nBxObkiAmKR$8t^d|yp564C<{$Ic;|DJ^3e~-L>9^nn2n)~GB_Y1<`j#&BaK-lt= zJ>$S;pUR{8B`x2V!RLH4?|r8}EP4ohBWD{=#V>=`#+N@*zQ!9%KjPbA{2E1@7wvRr zXisVrqIK~y&rnC#t;b~!`bl7 z=jHvi>I~22c}CjHK7{v-SbW)Qe6=68AgklgpP$M5wUe#^MZya?8&><%dc@kF#;ae0 zyK;!cAI{nMJ)X|HH)-qEf5qQ2!>3DB`SPdwtNByyQ~lf8=eqDqZ1y%GZ}|zolVJHv z)&EMNqKf8PV@?R7~}ix0lIa~?>j!2cNJvQ z{&yb!xAGnLdFYSdi~8;a-$gi&jOYg&6nuX@FF^M(So|j=zUI|D@2P29e=R1zmEgt3 zUqWG_#)wsZic>BB%{>c#t#nl6{~E0QV~r7_!#6MZ`Q-L!kMQq^Pw~hMmaQpY>uJN! zZ&C35i>_n%4)t~l_{1))};Qtg8`aXCs&iY-g=smF3a#nx; z1WUjDerIq)$bX~gPu;H?2LI`ZH9y=2w)tUb|4{$dKC^gl_zlRjtn?)Q-h@p4)d2Fp8$NZ%g4>0>u88?7{ZRO(?<8=4>Q8GTk@ywPDPQAz%GZ8G%K!XJ z@Xy^Adr8k@GoECh?ys1AS`Vvjn110KGg$pU<-#Oi%^V`F z@8#c(JYrm42Vc)qX}mZk$_sy%;8}YY{Mg(%@^w8a{bM6m|Ev(U{we&!1RuH|?Gt}! zO(r@A{2F1^nds#GL-}mJYytNreiP3P_Z!#dpAGrp^R3ACit;;6F8JSL{5axk4lMZV z<>rWg3BH8zH3?tsy*c76|33~Y`1SW5k^k0L3a)_tiz7aFk1(Fylwi$WhW|FT;P=-i z#`5<)wBUdHcx=RP9T&!%X)*nxh!4q!2;IN`Ccz<5UjC&^RsB8S)X=|niTp#rgOGnW z>f2^U7#~iK{Hw%|Pedw@))!{K@Oc?5*_5xfyy3r{Rq*ZmtvFt2 zyjK6R@ml!Q1gkx%{aSk(H8;#BhY=@gkH07JDgQ{YrN8i^g8zMq@(}HRdBLycYIyFkv}JKHmv=*;gofH zOt0seUn4v!mVe9d75w_+oXDRDR{Q&H#Nw;JrTj4o|CLtS8`$Rezk)9W58)6kd^+eq zI6(LAQ=$KLiTFAm6jItsv`2i6UB;I_?H8H8Gk?N*l(Mf!9f&r4k#{na_S^uS_}5Wa z#@G0=6+9bXZhNKRxCK((?~{MJgUvrzJjS&Vx@|rl@m|3#Bz>Q#zw`SA|9s`2V*Yx5 zRAc8Mkv}bBs=(8<55jt2lPLcj>5qh?HY&zZ)4%BZXQVZ1F+Bdcm2KKuMKUy(D?o`vNoT#$A3EEZ}eHg?{6Fy^*_11;OC}k z5zGIYKU4n;oByT10#5T^2Dbcn%N2ck8!u*pFM@CDi@S?OKR#&A6Kx8)LgTh!5k%D(b%---Nb@V^bu+N1a{!85+fyB&NhkL;fVHv7bHNcfWn z72UnympDXowkx_a=g!gI2f$wevrX^mvF(fg`DdH|F8ie5f4{0dZqb25i|!N7nnOj( z?>{-4J;H}2SnG>kq&0u2Kb7HIdlo(*gR^}3!sI{0A1dp&qdm9v3;4E(@8`h)jV&z^ z%N~s*A}uoJ~H~9+vasf#aEP zd-&XWj|SsiKf>wwcNf^kKk*wg{O=`vjfYFXHXinFD!L!z&#@e$e=y#v{PLlwFZFjk zXN^fB)vtbgFgie|`aJ?{^(+5tKf?U4`Tkw7&G+jnzwB3kPs^wNXXR6VdgHL=_x^eT z+xRN`&qqGBe+<~{m;QUPH`QMQHvQVK{1);WqeNSsUiABSrvJ9Dh54yIu$}N*gj1~f zF2(+H z`b_D!%J9{GQ@*gJ|L}?+KaV(3Hof?gPx)#3H?Cc~{o=39{_S|N*m(4_E#YY@cmg4o zeV)W0LMY{HzWOqJ&7Wy{_1850<{5rD;m`hNm=8Xt4~TwF=}; z`yI$?jV)U5=HQPzV*Orp+uHpn{@VQapWj(~dhyqmUjEINzb|&0{VflyUBCEi)Bnsv zYfmr!+R~r9cyK>v7GL$1^3(Qx&0`^d8(*^hQ+(y0@`bH`>G>#) zPannl*Yi=^f-i{p=qJ{0pZIIDZ{?Fk|2_@Xp-A>U!P)W`U;QQJf0*!Zd@AH$OPna{ zAMurc%1{0CmuG^1I{MThz1G8)zxeV;%1{0C)bnevU-2csrtwen-EjCrqCeH&UI1Hv zo6{xyeo}o@r0YwTkk#u;rPth+rq^1_(qH>x(eFK_^*a{6l}~(?H|3}0UzdIB%KxmN ztUZ76*OvcLKV5rz@z<7q)-TsyKjN>gezaax`?vLC%Nt>R*;*tLy5~1xJ*|79BCW?} zakll?x~^}pT^g?6PVlMO`}s;(PpFTH-h;nA=P4esu6(=b*GF2ji*|lD@cYO1b0qi^ z;s-_ivxCC(d#8D6)^T8!r+38v*ZG}4ExHP}o*M1l5&RC}{UdJqOSnGgwxlQF*_7Sz z&%s-RwI&qp0=}NQ`Y1s6>|cw1uWV7o;@2d6`F{|+)c z`f?q-I=9)!;eAxU4A4pbWWpw&+pfm%C*B>?-*bKFkLpt*jd${$jd#KyBv|^!fKA_k z0X6>F&EM1z328hXz_~S!r<2joC7a_i&6CO}e!4zQ*Uw5nER$YypQZm-`0L7FHNLG6i~hJ6ydUvnBHnAa!0+#+X+L1`?fO&C zBWtXzME?q(lVI8R9dKGcnrO9r{|aAYRhoX+B>jV%hW_xon7`TwKl!Y-7ul=6X7;MQ z{{go0>iYj#u+}sp?H4>kdhHkZ&#tWYLD1E|x1u$%)@^$sKOtxTIuaNDmEfuGLx>@C z>)m(rf8pJChe%5gFUL1~+}o}dMuB%Tc4R#{-|tb!>)?xO^j44O{TGJ6!yA-P7QQQ` zxg(H|GT_hB-`Qg7aZt~E&z`+{Zc@MTf}T@)4(5|-ZTm-!gfcf3BV8sU8v5yqg8Sll#@>26k&(3#a*4c&emRZmV2#hx!h@;Gsh^ zvPv_MBhY%BmTyq!|ArX(&&r=Eypnp~<~bMiryWxIXg?BY#vr^zRPa^8KXfa3isR#o z+OkeVnq60Ddek8bX~H#?%6p2wP3}3X|B-(2uPt1gw||nbu=H=N2uKczL#QvE@=D4F zqIPQQ9r;kWt-ygF{abSNd`7P0s``1W>N~HhuUmzU^~yiCpM0e-BR{dQBtJ2K04ny+ zPsvZtn|)pxrRvIEluZC--cYe9-{|W{p5|LkK_v56>2=66dD53%v#U@Fe6Ej}d7fIu zl@zX-^Q>a^A8X)QzP#pN*yYxI+aa8kf4qM~<^=zDPruu=ckov)1V!?fYTeh9GKG|$ z<}3=;Q}%wwk-=-~+iLS&L=-Y5qJ8>}6o8stvDwu&yAI860|JWj-Ki_0Nd zLo2xzt+*3CK0mKV%?~0r1nh716Mxwce1;Dgt!n2Br11+-d}&MHl+x$9!e^jX`(k1E z+>^d9xRw#tf4{5xEwFaJEXC)r+CJ|URE7+b4^M^q*-|d>wAF;GLO^b=lIk$@2m*3W zSiC5@N&@@7eo=-u-*m^&ZsQ z^{($-?j4>lQjHgUqt##9p1xhj*SG@(J#nn!qo=cmJ+teaVYlph<*rxm_KjWVjhLrt z*!OpN;-I!~_9}Wcl0DuXYWJOr`C9h8Yjee7E3v)fXegObE|)Lo8}nt?H{Z8#N8tzg zTY9|RqrvNwOt7a=8q;Zm(gtiU+_e^MZ5x~pY>bTPvUL%l#AuOzA9ew z?Yzi{QqL+#c}OPI1uX1zxn_J&hF|iKla~oL^R5{`BAUgrp+f$tOmnW4uMIwxo5gz) z=J8y>74H6MsqzZ#Fz0&rd8*HqeXiW*hHbj^=`ysi)pJ9i+5xuDOL9;&p*dHfBI_9q zyECJx0I8l?eR6$sI~2C+yu-K=xe>ib)Qsrjw@xGz>w-|Z*jQ|=9bD{F>{HWFytUZ7 zcqDy9epU_C)c7xHulC1z^m#fU4a?alSVL#kN89)iUiz6)K5`enB%erd4?gC@LMMEJ z)}L}6AhP!#i1ckD&Mj1{T7xg^Sbz04w&L5M>L9LPD(oDxspfxMG}=F%-2@X#WT-i6 zb{p^WvLE+h%72oH^E@G97^wRCM?hnbi!wbpL)VNcT|cJ8ON6khd%^W8xW8a_Ip~q4 zq5^FyUSyYj1kauED3&j~@{EJXY9}wpAK4SjPAD`u#t>Cal~%VIckJzdb2SqIsb_H> zeis`3Q}(|wpzMSErTfAQgHXsT&cWZzxtrOX%4vV288s@NG^PG2hEd!Xx6w(A9&kvM zv9kN#`ZNEY#>@GlgqPvZYI9WbDZ!PM64wo@ed(~i*uBV?Z`G8lUsF_5(l;K%>|^V? zTxG0t9JL%pg(GRqHJLKu9Xa}N4CJ`Vx1Ll_Gwx`HV+X-V>YuclKt;r~4q!~sXh6d( zm0iWphL)Gcps3zgL=j94dKtUM8VuI+3PU(l4>UJV%FDO7rej8b@t><4GdheHp;hMH zXf$`C;x&>rx?us{QCZz9w%0<~a$cpg@E+FB;sY|xie zYd=lpJGsH4dX;VPVEYe%lvfy67)^`y`R?p|YZX14c>Qv+%sR>$N=PzAV2DIoA;z!gW$^r$J ze?^juV@So(Qry!QXy5BtesO$(`^5$BR~JYs)I*;TY-{JiQ{G+XGwF-t#A%LliO35! zt-Hx$LcVbv;Ifk^Jv$cMEqV8L-p$Ip=DbElPx48h7!DcxU$FS>(t%F-#<97?bnH9b zL|2^X2m4W`AoLr_{xH8?z9HX$ZRQDu!aqr??}T>daurv}S8A8$KgiF>56%yD_4QpT zj;|Q+zc_Yc6P8l=%_io0P0V%Yf3*&L8|yE{2?Y&lDS}^gJp=`|1_eE(m6IoOxw6Ym z6i28phbQk1Uyjw4!A$C-Q?2VxYDsjjp7ov#0sVaSxg8c2ObV`Ct1 z9KH98l=!c{0$W$65RVKsyIpH`?YxZ?VVvy4o1(IBDNm1-BvH?dbT5r`uZ;9OFK6>c zvm_|#QM`hd9^faQSXXJim0ZV4sZy8JTM@O47$W6s`g{a>8vHA^_+bkb(8_;VEQjtH z1mfQ>xY)<5yxyB+P`_S%;ikfCg=-4)3s)AF6b2XS>+19Qg%VW0v42$j)37Hj?{MPs z4yP>dK&JILMSg*#PqHHP7O3LT+382k{LAC63OvcgeqQ#!h8Vh{u)~VNjw=exMlHT8 zAraJW>qBjSf+xE5skBA;{XMmSKCO0#tSNwvhJ=}}nVT2nw29Ii! z%i0Iq@6KiA+RL|$tjaPU{g&^WpRZaqg}Ct?gGcvp3&?jm;fazP+a}i>?NfUBWg)nU zaD`*R9&K{1#Haqs+EGH@<}-ymHn+GE$NC(dIE=N8sNv|qA(B3|RSog9xS~S&iEd(Neht@=RfOhtU7M!*STE!lZ*sk~of3we z9QBhUKh^|6r*q}{a!(T0*LSb);kuW)mp06?+?(4y-+eS4w@r>^Ls8wMOv(aJ5!U-1 z-xhjqg(J;ZX*5=MV|}|RM;8uT&nva+j;jj(8s%i)Y9yKF)nWq33Mw!B0S&Gj%v0Oj zv5Fhc8%xTrf!`V3&P<_D$Wv0;_E#oOw(A(2wCAjx+I4$!YUgQuHl4~LQak!rTntm{N39>qtk8EF`jT=_x)GzZhJcG?X z_1DzyHR)5l%BZ82dTIq%2drxa?8M}9VWLp6aON37&hoAjcKz_`WlHV zbG(UtZ$>Oz()wMJ(P!mQy0pAmKRl4pZ}v53%IkRsHa&IQ%+DznRi+rPcGr0;lEr;5DYTp#nEs_jJ zW1??u<(N3GZ9G-^%A~dSN6`Dyu+_(!>Q}ZjVXw)_?$o}l9VXYx_&J}nGdY$qe@~=b zDK@!9D^_nWi@~zZ{A6-VGJaXQ27MLmOVi7LDK>rbOInU4VAW5VV}4TJtQ_p>_?*hM z=f70H<*R(s_@xaGu z@}G`U(%;4tZ}!YY&dOx^&A!EJ&?o)s_a?UpIn$wb`675QGCG=*b*KEIJS?9zl|%WO zee##ml}V>V<+6O0Pbw#WwkN0bshsi^md$BDGCy1Vn&g^eK9bY=c_FxoaD^isH`bJ| z@=n`<*=G6%!#DfV>(!a`FU6bx=7Sf5AK+M&_+a7 z;?yoo&irionxC_Bi%73Bn4IN1jJUm*=zcguj0%;E3aXbTT?mOlT)0h!RDjca_7G>lXgU2H?nB#+_|2AjjWUtC) z`YqqAeX_ri!`ipW5#{47US~Vf@$>=mvGf{G%r9l+H6HfnES>)D^jiKP;_rtk4^i0_ zcXhS9x*GoP=Ee?JT;E;Yz+K(ryDF@EXYoD*MI;rQecUT!8+J3l0mr>6_P_!qHmrUt zsfyTW6Cp0Wwh!Lq>YLOs6z|myZgLg=+b)%4qrFJ6^GpPLi3Io?(&?6&C+(t5iQ#zC zZH7S276|KW>5cnvDp>?mKSHSJaj+tH zoQloGW>-(;=WF%b=wiO?LY--kenP%u=3g%F|9NjK6z=`%KBOl#A{0Y-*3;6FWW02w zT6oyQE&EXTBgeDfSkirvPQDj7Rh$}@-|w}(-1?zEK( z6LCr>cTy+!^-k_&{;%);L~WxrST{}qBhp7|o%X#c+w{1!=81Sa!{6hP?yWlNpPd70 z=vWT_a^+kZ3EdBp&!BvBp|!BIP$^8LPUVO~zEBubII1uyH-?Shg10x`|7afOFXM;v zZY$S+g#8p~7gsafZ8%)cQ2y~=XY<{8BA`CL7~}{8&*JsqZcME1rx#mCx*SJdXX3?c zMKyEzCmUk3BNkM!G6p-EbF*_xeQU+bzVp`Ry5@?xVwWOTtjDu|b+}r-S-@dF zA{eOntc6xPOMe_d%RE*-te$5ma)XBq={vaZ(B6Y{+igGO`$M|W0!O(~UZvz!w$Kvg z-ui}0xw2iQf2B{KN*|uZypuZ(4X!w=IE%;1yzNROYOHnrYx!H>SbIRf+I+v-Qe$n$ z#@aIRjkPU}wVep4tkzalPCbxO;Wb=*88XL%`i`FnxDC5w&|I(5%f~ux-oQ17?$N<@ z@8Ejy*S~*+xs0CKz1CGoBK`4RXfs`>DL20<_nQ9%^Y5JdCGVKz5pDm*oof(;Bp>@3 z<7_?ud*ti8X>x3SQ`~?`LHn$XCh{UIaRsLP@cL%>8`LBX^0_)uw zqW8fwIG?@-+=)&{C$GL|@GvrCR1->cfC;rt5{|FW-^5=-?zn5th$AG`iA^Ix( zshk&kMAM-2s;{!6rP z1%sFBep2-J2Gp0@$1xFa8Sz;W&*|--m-9Z8O8I*}=N$x~@yOr9S#cuipU64Yukxn) zg-!p~Ow77(duOyySaY>uC(CCs3PBnh5yknd{c3P0CXApBrl(cZUEzQTc5d|Nw4-hJL>xee%c%SM-I_t@V~}+ zXygm4eHfNKJAzYtFrjMC+oT%|eu_gRf9}RP^=E%@>Q7#6Jq6d8 z_;8#Pgr7_B1KexdczFD_VZ69C`cLEGt?+F;)HhSre*MJ= z=hKc2_Dn7Tpm#~9_GaJJ$?BIrmCy7Et1lYRvkyeJMJ8vo>58~-#ujse^Fc=C|Y zAI?^xp?3%HjZn@VVtK`13O4?Jrw8A5q8y^Hg9mapeBeIeIjvV?`hR@Y`S&tY?VdC~ ztsrFMllXaLjj#Sc4Zih%jfXdbV{zOe1l|PmI!;fgfnO$MzatjbJG@f-!vrh+FO&4! z9?rW|Da%Q5{1tyLbEN6N;#}TYP5Lupep}Lh?g#U8bx%j)?@dW>?WghU&XwWp8|BA< z`S0IVq6CKm8aVfh=_RlBVDjQ?yfnVbBW&e)7{12youdAqfz=+K#|Dx7bp>aVdAgCr znvcsdzcPb|>Rw~ENd041u=>16{X^qn+CMbDSozf67}BckP2+=_j*Sn8&B34Gzej%x z&rEQ(Juy+=#qky(e6@?;rK)cj!zZ z)x8wqy%T&pSpNQYlz#%;MEJ^x-vX=sToduDPdNWx+k+$4dpPHjKh@|-{G;eQ#$WMd zSWgUy<=+{;{Ac}R!`3i9<2Fx{-;Pi!Pm^9v{%mk6ulAYBkIKmJmyy@{CY2wZkyl?% z^~;~Bd^sbp{QoEA)xJ~zXg!naSAC`S49m!m%gFc2$kRnu)35fC>fbmcpS4H*IhEfz zBYzk;wg1FKez%udpV1che3YlX!4nAUUBjXy!FsRj9Ra#$eiqi>Dw9a>Y0=LkMg$n% zbDChK-vged|M->g4(d0e{Exx^AbfYkTf7?j-g0z^l>V!nE&Ul0&x+&EuSmZEd`_OE zzn)O4e+bz0wLDm0*93quZ^<(*~JmOn<{7&-y*&t+J6)H7Vygq3%SRX2wBgRi;C^a)>)!Otf6YWO>V+3xWqe0T=WPO!%RzTk9xQ+d+yMD54M zpL;(EYuz)66ZQW%={&D2jA-^qQ*(g$ajaQal-;HT0wCxE# z&U|+}ST>4g!=DB|JC;xSTZvEgj{&FpF9e(ZFKdtF@671mDWm`NFRA~8M1IMq;Tu`M zAxW*2DkBeKf*0ze~OqoXS59Hu*op*R{09NYU88h3g;GdXj#cXjNYQ@i6@P z->t9zjz1TYe_CH_YY$&mzsl1S{Z<~~IT`$Ng8#w$1%`rWaER7tvKz$tNRRmL(|h6i zlVm&bBfIhw6Vbv7zy2^V`Ebs55{4Hu+(6m^d z+3`aB%$gA2{EN^wkBZ}WXMV5q6xQp|Uq*JjD6jYO2{%Nn`V+SL z{Ic?cHt_de{2rTBcHrXre9ktWh<_ht+e}R8F6`;TxvNKClo$V5? z!85?8AR{V*ZvbnJB)X@2&R>fT!3TzwcZ$`P4EN{}z6&%t$`1nLBLA*urPp^q4?zFO z$p4TFlZ)W%npo7KC*>u~=N+o}Mq~}ogntJdyB^njxfX%#y<880e+HiGQ?u*8DeoO7 z{2wttrPo+%>3_CK&c74(&B*WBE9brk|2Gl8$xEhn{qju2pMtfXcsI7E(Oc$x-R#VD zqG%F$9OtWQJ@nuCR9n{=DbjZ+cISL`Y=18?aXk$FanvvV>j_`q32gvd`af(H-rF{f zIMHazqw!#P^w(!hyoZ2$mc(@~i?jM(?wj-Pn0q&fJL&%c;Z*-yVAJ21jS~6q?@?a* zS_zwd($@kuee!n&Z2p#iC2Rf_z9Yf<4(dSgoi+S{q<{P)N9vo8P0o(cFW_2+dNf2zHw{*-*`&$~17KS|`f4Giza z%hwSJ$sVmY()!Z%j_Loh^7=0A6{JtUOWU027oQ=n$`_uOkv}^lulJCfzFVR{3rT;? zwx3r?Z}#_OGp{H3_Sk-ewbn`TH3{y*LbV^bbL@}ukJiWLAN5a-2i9M^un^Yz@;DBW zFfLvV|0=;dM|q_Y2}?f3k~jP__>IVoB~H|9&+wkUivo0m!S@ipI^u`Hy53Zu7rg}5 zGbpD9=PU=7VpJ{?vEDHU8Lldz2qTVl}_cd-L9S z_-Am4w7#Cs+1A(Z?VEFd27e$XG;w0i&&75>^o{*;{ySfv2DV@S-;I8ouO;6HUMl}K zIF%=hs=Vye_-_7?e$79rywKJXvlsSk;+VqvAeaG6Kc zE4a*9bVGvAPw?eO=lnO-kB#$_((l({_4JE7wxus2-ydCFV|&PA<@YXp%kRjOnUApV z>oI@f&j}ko6a0JZ;j+ThEEYQ7C8RZR;A> z^&P%#z^8DC^c|R)oYU{XTma6+{G@+Bu<6(QdL%fVkM{*ze)F#8U5a39-|}ZO*!+1r z{1?GCp6zvQu;2RQFTi^C;iBj-;qPYfX{0y4((i@;()70{@|WM3^Y?@1l16mYrL4!0 zxAu0<9RJ>$>UW%Ox+(Z;S`c>wke|m~^VNuVfq!y|{zV?5jlUJKyCHAL-Z32Qx*;`bB$*c0J;=O@vg*T$p7^b=dV|7{*wHiNqX%+HzNN+%uoBzx<0&{L!|v@;X6E{ zFMPuKleRcI;?v*Dxvu2@Uc}G-Hpg2YweShCzY2?QI4l2OABOfdFWPfF`e!1qHHOGzc!s~M{0`5A z_ilHJ?d>4i*L3vGkNIu(Sh)TxD>LZRE%JWu*)u>lxSaR)oEP!&;IY*2(ul_+za3%O zEcy_>eDRb=_zC`a!p}u~@xZ)auc!@)uI`a{eXykzaVuDT>mTGH`mk@_*H^ayJ^qkz zijPO$u-gAQ@YDX%8GhP7UIrU~1shYpCoikdKHKH}vl!}gBH;@1hL7ASeCJ+e61`0N z?{MDTBc442+(5W{#4S7Ly}$QDhe-HB&W5Le>0;hy<1bD4k53NkZ}mZu9A~ z8JzEo?Md^G{A=^iZTp7${k@lFUk#V$Mm`$ z+>*9o>&Y)`|L*&Q_H$j-H;ak$eDvQF@im9!-Lv2qBGz|nRh}Iq*7el)!AB;1UEdo2 z?MY$2vGL?@VEJ}jl3s1Y()Xr5cLh&Hr%3Xezf$?F!6x5I{{6rQaEN5jV9v(Z_1|9L z31UJwossw7z2oHRPXx5SI5y(#&&<2Ol6U{Wb{E0W{3IJh?crwPQ~r!~V7g#c{=6}H ze}DEM;zU!&<^6u-^#MBZ2NE{^&FAHv`nU2B2_J~PDc*{*7=DQK+ajlH5>XaQe>3r> zU**$!Xd?+jZycBR-{H8HI8oj7y#H?GB@uVufa^EnJ9{qgr35z+R-8!tA7^sj!J}Yr zIb-kNGWes!e(gt1C9Ul@sr?@dw)QW+#uwx3`tVY)UGHhX?8o4Af9>HU{ipYZ@oZn> zM91F`#vU8rH@hIW{2;H!Lw<4O3+sBput`3dh%|4wn9vB9wHmv2-1_a%L5zp%-FMESNvesIiR*RMaJEL|h+@igNj z`F%TLwXZ3Jtv$&)_;Yy_BH(4k}zLr&qAc{Ha2m# z_9Fahf^X&rK9W6(L-cF#XPl4oDBzvYZ}`FMLVMmk_OB~9F8KQ^4G|xIRo?sB`oH8S zq08j|jJ)Q4je#P`Z-jo6ukhod2IA{Hm-R_~7$1g4tox1c64shcr2SQ`ZPNYKE5WwE zs_)ngLjMajlIGrV|AN2%Q=1hDU%@%WcO_WsG5L0X4$;R03jW&d;{g5j_U(jUi+Hnv zdA!zi!QDjNY!UfSf;HX`i1;MrH>_=Iujg^&Y#cnM6;C%&-rWf85}>;ad>~v~Y_> z_~05{qWb(v?cD``y<+{XC)Zy;g+DRs(|UX}!be7|>jzyM+Vw#{^r`*4N*P63j}-H5 z^V`w)7u>5{Y}t4&yft-Y_?6azE0a!RwCLTZ3cjwo1nB+>|5t>~pSoUL0JiJ7i(d@w zf1@bBDfk9#IXB|ZUMcwb;iLd#}_`<`;%doz4wgLF|Anrz=mUHjnj~2s^=iU12we2r-tPT5# zvtoX_KeLdq)z{}A7d+M&B%1U0@E!S%0lK@uy1wrgvF;!A06(3`SKy`c+8<8km%%sr zpGzNjeGZZIt1eP`hN!B%zFVdB&!-$BVXe1Q{7QoVvR?SkAeS+obp5wJ{0Ra2?|xng z-Zf(BJB4tn?`Zm0ivOAD*LUFW1FKJpgh$fR-b!dqs_ zvqyr@-lXU*17GY@bH9)LbbW97#UGEqj6bPExLz9)%cJk^$$nkqh}0gpAZ+dNWaPEp z-q3TozAo{ddBPeKMZy}d41Yl7m%-;meO;NzCV{O#i+@(aKXBLZUC&L46HVfSk7{2F z1t5J_UiXuC4$yyBeJy-9mEKp@DDq=sWXwz*8NHgkR%q zSl^w$3ZC8XQ~Bg?E1&X{zb!xM7dHKpS6NeejVGzRu*rYf^|s{8=#SH}U!SY}4CN4M zef}0_Tc7JY+|SYe^5iKJzKZ^s;(0Y~SmRd{ayB06JKR4<{tk4AlzuAh+tN?{ZPEY! z{QH6J{>XP~wI6d=%OeJzey@_S)RDnBbDkBk2;`Q_+K^=o~T+Vcq5?D@*u;k)IR z5+~AkYBe8g3=ru%wkLA#?Gf|XJ4L^LV*Tx4@Wa@98;58%cq#t*Nr3LXcj-Tb&xm~K z7f$t;!KVNE_kuk~MES*}mp!LMd}+kTMm+JOpkMb)MD6JxM!e}i^^ZaRw`-9vC-U`w z3i2!dMft9Lmv&Fm+x^BJ!6UKt;n;qrf(N6kC1QQIc3sT*Mk9=L9zCdTP>(ej0 zK9s!ra=M<}96Z_b-#UE9+}4xIe-b>)U;A;bV6#u(wS5$OHOGmxzkVEN8^47a602DI z?ZOnvlh&^b30Z#H4}1`8_Ncr&AfJ|ZYxt@C8aqs0`i@TY={vYnz`JvZ-UNRaeKtRc ze=pehXKYsEucv<$+mF8Uc_HZzMMg9gd?ja=X`b{Q&%uQ3JDz_Z#Qq?>3S*E+czS}R zuP^bbK8=N@Z}~jNKd{=ENb=irPUY2JQ~90HZ}M6{$X;7N2>&XK?0KWQR^q1t-o{j%y<_ns2yzXx%$L3tet_yXzj$O;u zLpB-xKji%hyj|1z$B*xG?!C#Ch75$Lh?7W&NaDs2iSZTMvSgH||f!(m4b+jFotHDa5i?L;Dj*Kv4_L!h4#x|ah(WL77)m0X@o z9_vubdbq~fbBiXWzo}_{p{X-@nJ-rbyU;IYI;bg-3KZt zS}%G!u3rtc2C#4Ql-T`3A;tRXoMoj}(ON|lthJNBiFVuw6c%aYPzs`@tgd>7P+zCB zk+vJuf1#+H;c+A&N}l+Hq(d3!(;M3iTxo`5OmPV6KzVT8jU=8DI;4B{YyA(+e!WF@ z$Ixs__iQWu_sE8<9Hr1n!D4~C+G!fAHM|b5D-Ey9^j~0Uf==DC@995AirMPiOTn0| za8@YERDUeiDTsLN{yMAgG%LG6|3Avkotd3`W>%@qX4mq#pd7TD>cZa+Q?X4TKeX{X9Lau>?Yl=d`Ch*ps66G9wXl$32b?8f0B4hKK1 z!z4nZI2h5tx8pq5dWm4h^T^lOnW5fYDqQYd7F z2Q+u+)7+u9nU%vTp;)jJ*We%&dcglZEc?9ViI1{`W)=!F3!P^cD%K8_wuYGn?pJkt zdrqNzHan`trhs0x4QA44smWTxurxmwo;E;IPDR?2M31a%c8~YmgLH;s`kJL8b1dy7 zsj<$+`ev<1S&}{_!#cJtIc)1+8sGF-9~3wB_(W`n{w_AkIrSz#ROq?;b=U1H1Z zv5qO@0+{uLA#C)+AKt2meXnQfE=i8~zbd{a=^E9rDM>&3dMmU(T^ku<0$#=`E|Ayj?nVNe-f&@|#3A6<;?E&Z{YW zsoe2uTJ$%$d5V7?vJG-v_Et-6IyU6k&SfZ^MJ`fn!zVtwmeStnQ?)W$Rvcx;MKji; zkZhie&msa*p*iN;T`Nc`L#61!aQss^ejJXqsiVU6@nu9PYWKyLHLJ?4BzLgfI&$qk z`?97WSN#0Tn(6W>qhw}jeYUh?wx~Xvt9jdOSz!oKy@sG&-_)+;T7=8ErVVR$ zQiYRQ(wVM@^18P~sjO1UnoAsORhF`(mmm6Nm4>XPq^jYJwU^~-pY$uQM}~2<$9y}s zwrYISTh_X|CW{@?L)*f!pO5Ly&#j}}lEbXi-z1%~9P9X+UU%8+r*pU_jRWPJ{mH_! z#l!V;{iu|aYZPvj3~sXQHw!l@T$c0kEy<bWEt9OJdsFZfwkE~8}6x2vWcCO!S6gAD5@TYSsP54Lf{2ccJz^YO7S zM1#)ZxE^$t{izB!$$g}HpOwQFAL*oAtp3IedplpHH#?`7FJJ6^RXT|eM>{IZPK(0x z<(8`4ze;bO@>h}!j&e9udUF)6$cbLJSlgdZ~BMFO*w3OEjmwHaP%YWcUKrkJ6Sol^**v|&ics?@y!-~)?wfO zrs}+pZ@%!iiI4PqIrOZ3ay?uqO#HZJcYWxb(<|k$#KV|@E$mo%(*8<1N1T)=>9%rU zo-x=TB>^QTu?p9u@8mm zEz~|pUhdoK&2sIQ{LRVXp~~Mv#oZ#8xq2txq@6ls+@*bZ{H$4x@o@hBb{6%c zbCxdpvB&xAvBh_%?0LC`!j>oMWwFEL-}Ee9mOs)}Qv8O|^VsyP+=+wsZsl%Rrz&dy zY6{(Jih^s^l-8(OyhcrFXicemO`q;H{ltyL^XoNJ7_XOH--&vjD|agHSgn;Nf8E1$ ze)~9wt7N1$KHc-W^=eGr<%Y_Aq{{fDd)7@Z`&8~TTo0X34_Ap-Fi^PdOa&)Zz2I;wI8oxQhd_TCA_mp2{t-ln7Cdt|8^vXIO2D*B+dP_E5dYO_o0vis|@ z2kNpt^AD{4VrOY#&TjZd1gy|2{1Bz?-Qbs=h^@J^c*32foy^}oYCqF*@LxjCP;D_)!*dv z_>d&OcNEW#6CSSc-cFx>I5zRo_xN3Ph9ktgH1Qu%2cD?#DG3+!;P5Dg`JDyoDtx?r zo?Szf-#69&j*|1`x0A4y-$i|+{yP{GQUBDBum7^JuYa)B|I5lJeRzQ!#G1cN@|Dd% z@UK(I_^e6)tnkJ<5A{?=M#?`i;eqSN->qgQyrb|q@$EP6;gUaDc-zEhPlqFgZA}vJ z&mCrsWZoIjtF?hxi0o<-e@@qi($ZraAo)PJi}R@qPM7bq=DunKLX1Nbf%PiS1>xgzpo+MB(ico-X`D zg{}RezqPRGpQpyJpW&+STsL=&@3Y&Q&!nIDeEv5S_UWG_?DK!HFnNS1?<3?}`GS9t z!!PD=SEaEkulOlnAAf_ek6)MjHt~-VuEsC@0Xco_d41%4`l)-bzjjWaw0Qlpu-6|h z?Dg~QhyLXCX{%nJ@xb&M->FN_C%?w0evT3L?9bag_SLy6Q;0Rx(Y-QZ)*RnO zxC=}XcsKcmvHwl^=bccWzLKy{-#6v|V#Vk6X}_k=o(*N;jpd;GR9TeIWdZ43Azl2y z7dgy$WSI2luRkU6t$Zk76;Ye`WwIJS`WjN&lrQbc>pzyu|Ds&}`R&rzPv4yW6k(tL z6ND}Q%SwO#`bmHC`t*0x=lV^1yG0IKM_663di{pKyRheTt(-0g5&vlUKK(li`}|K8 z_VJ%6Z1G=sK>Y3YIGuxz)!?v~e7^@plkiDO2Xuz`bqX^kLSW)I+0pgJQVwk+o5vcuIU9cwoZp0Wntg#wGdu9zMRO9rBTn&kHe zh`2salyB{m{QOwh@C;TGL*KTn7yXEwE6*m1Z zl)klvH%#(*jD7f)zC3>9m+|__7zXjpE9Fg}fZ)>~jQ_DPH=IKPSN9wD#`*O6seIVu zg1Kt%guAuG`cX0h^%uTKA;w$?{R`!LeV*}pedZrt|7u~c&-K#l4-)qJ)Q8vCkovXy z>*e$}&FOP}@$pmtUl;$DIeprn*N5-*#|iuNAC}YqQ%=7m?DYo-d;P71eg1XHY7>7x z{rUWFoYUVwr=KtXy#9Z>{1}gX`Q_vP|8@N{-uUuAO4yhGDZ;+|pUS2GKVAOIoBw?L zT#tPEH_D|y-~M$;Xp{d9bNV~v^iLM{^|!qGl&9Cvr$68RhUVhWr~kj*ez^be^?z6{ z{c8#P_VZ2S=lMDPeEReG&&Pj6PCsA%1I73CzlE?*|Iy2-zx6lh|G%yNmbd@VUwr+M zUtfM)OMUtMMA)}q##gV;e8KB$irPm1>YV;JmEV7R{9fMnlfVA;%H==b{_^eT*j)bm z=JW>(`|{gC*q8t5IsN~C*WY%z^dFQC<1m{zEzaeEVU%|GM%! zF{hu8|Hz#FX~I7KcXIk%FMRvoH>Xc~@%s7n=k@c~U+UZI|4rEUzhS~Y{^c#deEa>T z>)#o<_`mD;{hyBio9dtX^yQatKkJF_+s{y8U;c;X^z->&-uUzR|EBTdhq?HfFZ=r6 zQrM@T@z|&Ts+|6JjXyvBH00vnAs2tX{p82ruWNsu9*)1i=x3-vKM+1#&t7hEc+1*W z{3G%Ebkf=rl7X%k?k{X>#32pgs%(QdafY;Ph@|Z9K@Qf zmludV?$#6jbHb!&w6LXT7wNAj-c+Z5kg(UEB<%HP3Y-4c(k}@g?er-RuRmVc z>vR1webT?0uuuOcIengWc>Ud-{;ksIS=(2E9S^H2Zv`JXRr`TsV1vK=n@{&LVZ@5KF!&Qu?SmRJAg zrBVN4jRD_QpZiUV|1;@p8JO@*H2UnJcai)T0V4LqyBI&9xaS_%-@OuMPd(l(=$!Dj z|BBCNr4|T%=6j~k^Gu!{+w)BJ@cUeOH+$$GC3&xZjMKkX@*fFLm4lA^Fg`1$4@2m4 zz4H2J3tRleM}93n@Lsw2Ps-`jKfFHkRjHlvV6usi1Iua zKcM)0xYm^?_17YvufO}8JoPm~>9zWr@`2vj5 zK8@?^H>UWwKCY&=YuCqb(tkDS@ADP<-=_bxY5$+c{==LLT3-DFzKHskp5@iQ?#rmJ z*XRPhRuk7K;u#UNyn7P9qQ)>=dWQ#X?Pn=`q1uPX+vNBgIDURlM(U>`d8?nt^<(7e zl3zF3XOG4ggb$H}mZg88&YS*r?X;(dWH$}cagWERa{ArHdoA(V!*OecnL|MA;drwA zw*rd#w<&D#Kc^o@=-(?QK6pS5@0-JSJItC`j3xGa_WQ#72=j~s!XD#^+5b}f{^~!C zfva*+d9SYU=!B`i-4vdjFnef@QFvm)?4b$&-Gu+4g&GDZynDiZg*Q}qNWxuL)E)^+ z?;#0qB8;sG38PQlc>RIGUjIO0uYaVl=}*^>J(tP;P@RKVLy84ENCU(kkGl(ZjWDcX zeYEnwX2PrytA!A%?~kB=iFl?De-Fv?3=9fuR5|<8l)0mHo;feX9+LdNbwa}IA$fw% zADu9JNOFDI9%0epik!C9F(9R@Q(V(;wS-5De?gtDyGjEDzRO|ukRzfBX~O3V zUnAT%$%82mkC|&3W)I4hB>&fxUhJ*q>|HMYslwMMe&^L=`R$a(ALQwO7XQb>I|yrO zxL9UY(VVc*dqVM z#3z2R>4O>H4Sytk%KuK&*N>Ms2)~;!_8&k#VdTfE?7h5}!L7=Zzb0WTAMgVXU#j@~ z$lm2T2jwyH@V&mreS5_{6AJBvdPaHAQ`)S&;PbwR=bt8QeCq2QsrvfjdSHC&qoeA= z*T+i2#_!rE_P-Z8w8qce#`BLB_WUW1PyWUU`}`g5FztOKrPta!d!A~U#_FD@o2w!B zmb}eh*yD4M@N04qdxri{{s94LE+c!iN9$kc(|=5#HMy=7_G?it{kU!<_flb+j!Ej{G-1!2qYch$eQU+jN9+QkI4>mT=QST(f=@;^*0 zpZ~J3<)8HEm8)uc$RF79M}DY3%MW{;ekwd(4nqGx`IaBXvnzycJR|4t=Lc#K zeqDHOgxMTn#;+|LX1;FtgKY|7O|?A|AI!5d!>qwJMm$@CjXe`?6Sh4Q$WODdMZ5@n_eB8GkDZ`|(#* zR;`b&7izw*^zWDC*;DgUSw1G3&%moFeTLT%en$8V$A4Pw$@uK)__}P_o{lSC6X&;^ zB>DA(-%)t8gpsHJnLKzMjSq$gUK`f{xBExRZ?x=Nc~M`BWXtMn+qsHQ`e!Hm?BO|0 z_NOF_K5OurKJt%rYnA8u8gY$H^6b&~hT>z4gxb&3y|i$T2*aKkvt-}+)ZeS(S^a@^ zi&e#}asQ<7^-2Q-URhzoTu-?ET7L%5$l*tFShqxN7j|eE@8*}&!=^B6R-TJ*i`EN?{uivfvd-3;3IJ>8i-KuMQQ;H9~ zAcr5w;kBjf}feb{sT##^lvC^>C5k_d1TV>u^jr;mE~t>ON{@dr2oF`G4^o{ zgzi!K_Le^(AU(enhHvG){(`9gP||0QPSS7vjr?pXZ24i2&RvApl!J~<`gVVq&p-0p zNY3QX5Z+UGW0Xa6H1T2luUDNyPd*&?VE7=-#}|r!n9kdL96o*3`0Rmswd(GVsl55U z=~H3aAjI!Y;OipH*yHlgE9m##B;Wpy_`LvS0=@TKoIehUFspw#j&D~a`9Cby{f)xI z5}*FhT+;gg6&lPQ6aU4;XOB&u*S(%_lkjW8=O_H?lDNm}{W=GIBuw9WE8+cw>3^pu z{O0fUy_3RS5f;_Gt@(xU1`%fD=V^s4KdUEx$?M@1ZvSQC>HQZ{@}K^``V_;}E!) z_=YLZ-wIoK-mdgh7rVRk?;vdHhksy>f1%^g(1sPX&7EWux>&5H@-6RPhX>KT~mg{X>Mk zKF?1~{tZ2hWGrn|nxN}<(jIH_mjtAKx?kLLk2x$fOjuncE2QzZtcOV#>HO}2tM7<~ z%i`Pk0RQj8p1+IYH$HnNQvUlVefCTosW4>%v4E3%2@tPxy54_DcNQgUHU6vOv#r^qJ6o_t#=eKsDmN24xz;Wt|2 z_f>fspZ2h+7}g%9-dYT8XJv#%@av>+{NIQ_P36|H$LHd&K^~YE;jj6J~t9Ghz0SJYM=X9Q^#ghT{D?g(X>Z4;{>q+}KNPk-D_@>clYK6HeTNv~ z$=lb2ZJXjOz_PAu9 zJt7}hm}?3&@%}hIFvdf@TWYd5)gEmA^j+)!(0|6Y9(qReS@D&cY!li4mC^{^{kypK zQr`%(iUzae#UGyd>_Lg{;R&;+%BfOOy#2${D%D4W( z9*$#$ZGOsl^fzG}kI-lQ^ZFxm`ivc3Us$krDasGI4Bg>Q-MjQf{WWzX(kHrO-nsl8L;vuE2dg?lA@knjNtZ<8>4 zd~PQF4H8~iFHUf6lvp74@Y_$J_an^6&u$7^dcixp{QYXvc>gvd$+O2H@*@&v&p^f+ z>J)lI11Wf|fMR_#D{S>~LHpXUf1R~g@P&%c<5iS?!|c(>cw^-OKEq-1^MJ7B2h6hq z!{leO_?AD?d#d;&bq)f5sQ3(%e)yJt>~U=|d*EH1eelZC_xxYy@I5(wo>iDU`T0QD z=Z|OA9*>c}$EQ1dqc$^`q4vg@4Xq*kxb%;RFzlK72Zb#@_N?4Z@lhra^+|gh5n(6~ zzOS(IAb)#{XZn;E^L^u!{&$5feUu-3D?j+(HT}#FEPm3zZ!Z13JK@v6vr9kez1pQ0 zO#id=linZ5o~0KI-!S=qIu}3hqFMQ2uei&#e7pXk z|4U)hCw{QSkN!kquYZ8k|L3^4$LBQV0iwM#|FZTDW-em*arHOGw*f&~@8ilo^I>m) z9brq~$;Z`(xm`<=|A{d3-7gd7dcLNU2j8voG5ukh%+Y>^Ci!+J#P+1eyn*0f<@lr* zZ0QB}%HbCsMqmF``{1DtuP`R=30;y7#2#}eDDE^}3VV#|RQ2}~-rw9pm^l&j!a21e zFQX$2`m+`G`iq1&PJHy2DD3rbReHSs<2n6R#P|9e3Y$LH3)+TVFGxSnFMa%HvNWPT1>@b^04= zPg2J7M^kxSy;U*WMqO}gjEN?R|GMhtzz8$sPiWUF&mN+K#XBbP&-q6j|7Ik-uCS)G z;T-@@ZT`>N@cqeKiJ#X;p84@J(t+S_CT#ZEWAuLEv5}qe{Q5A3%L(&*dWyp16Xy5y zA1UmAU;o@;-aly&_V1r;F3cPP;(drF`Sv~p^Y?RwZT`Myue#9x*3mhLJvb-G-!34{ zbHwkf^wK7v5yHAQ8k5cd^;G|sKfV}X zcBe3NmF*Iq*;vO<`k~HN(s}xRAa%lR2{Z*1o@o_isBomde>z%DMpjTo6vY2=l37`z zU86W{u#{1U9qnEE9$CANS^JJzp<`CBlST3Qil{7^QdZGXsfhO_s}KlSiBw*zR4&r) zx>xvT9p^I3+OAUKzoIf|lp)4x($OU<)t0lF4cW}e+060T%*O1@a&~<=>yu@bc7;ky zR+(9trvKj;^omd=D^z4vcOoGnq#>n4p^D;?(|_1bP}iK!!?RVIvd&E*fwdtgv$A3( zE6vVIi?V);v(n@u95>76J499$ng|6E)77MnXq>QsP`FP68nvJwr%mRWQ@UD!>kYeKw;|uXFX; zM7bI{<`*mCB*JA3QDW^a7l~MEIfRI*=9rjCgbpHI+Y(}fu6tFCbXeov6$Oc@M~b(y$PkyJdQG2 zx$tk0Y9Uf+&EY;@rUIqxO~-bX;>ky5gp-d&@4V>U9lg-+tL;`DS}HZ2bu1)~PM`FKfRE&-eRxu;0ah!Vdd@ zn4Ko2r=QYOlEeP29G;)Uq{qvf9pp$i9n1D1@tA!se7>xFEMBuSCnsm+Wp*hqbWG3E z!!@1#T+9yn@N(E8-DZdMGzjC^4+|>GmE?RmFDuMTw6CwS!@eaJA98mJBg;83`y7FBQNqVpx4qukhcq&bJt^Zdm* zY<4>5(o+(~rq##LlpZkqlq`W?h~F`Pv~6p8%ChhC)hLXPmCvC$Z1rh&Ej^j+H%Jf1 zzCaB*+$6k6JlqnMM}zEoY<9-y(qr)xALX@3eB!{-en@9Oxsu$o;+vgODcz>mB#aD> z`uVnYsOQeo!BNi(6SneMD7!<&!?B;+SEYyk1<&-TXK$DEcx?4vk`DVyS-!&lM>=Qe z$)rafarDFP!li^Muc^WncybNe7tHK5=i-~6!^=uv12*I+ce67)=~=#(W!KV2daS&# z)8g!O&c$EK;Ra!gpZ3)xJV!QgQ(gaBR=PV&21orZ&e>g>!})xfUbEy%&JOW-j9rh- z&YVwTy;}Lq6ZYlNB8(pA=%H2_^L7>q zTR!F~ACTu;7@u-5JB)v(NBd~Z;fnBV=>(^J$~r5arNX$`DnGMBI?03OV@VFvUOfM! z95y@4%2#LE#aTNnDU73Bu}Rs$=Xz##nq=SWP0rzpa7j8i>@*8EDO{Fg-#@c6OXt0P z-&YX)dLfC&HK_}B|@FTVVlbo+UBx;D?beE$l)^%M%e0W zpiCefDuhOJ;AS&BfWs&bg~7F2RC#ba9eNScGmv>%saB%l-bd#YIR`!L6NLi-5w$^GKssMruZek~ zSgR!W3O4~OWW_Gs3*Gd;dZF88g>Ib-dct`|W1+5dVWj>W3fd38eMSzWExX@Vn~OFk zW|dx9W$mnTVAis3wrJgK@!Hwq-h8vvR4g9Ek=iI_g_4?LC0UBk^C|7`b|1stOx%a5 zfdob>1~1fSEDHT(B04`*F5l8;*<<0jRXB!j!^uG3({VrwlWZuortIJluGVotG%h_C z5XI*hN(_`do(WW+Z-m=uortLmeYV6o-81P4MNp}g-&w9KR}rhAhEP;N7v*EC_1=E5 z9y=`V&?wg#*IBOn;tpLE?w)-hC%?S7Ll^n_^+_(uH@BA&5zk%vhL9aX4_mn;7#?wi z(-%{u7Z26pDneIn45YjCk_(4!B?a{02eXZGRcfw=N?#kQGTR2Ime7scoK6Lo&c&)T zfs`?WIiLLYsh+D$)E7WgoAlY{);g@dxeh-Lhs_jvoWs-MFjS!~Fv4Llp+wkgZ3i^2 z=^UQtpvT`j(D}y0_)Td%#UH%h=_fIzN z7UsF2J@5Gb8v3q7xNA!Fh&A=BL*c8E{3B{tFAATM@Pm?nN%)?GrwG3*d}qRkNuT@t zFyP2POPFWewvNn;lJ6s|ebxe@znwy+f4ds*9>QZ2|Nm?DX7q~hY4WTK>ewm%hPFwB z0rMNL;ZYg`ZWo@N_+Xw%8>YSR+}PS7`&!UV)g1$!+&wDfj@62Eh;mhAmjKKZ>R$@3c~`JJBd5cP{K6n;8k9cRl4~4l-LMQK~@|3?u*8oF)`3=bDm+uhF zKKY^jdj1wU{#7#N`Lr$5e_x%KzP&&WBEOp`?9)3$*wRaUJ4(*mqc52~^l2|%|4?Dm z|5Tl|BK%RE4x%>?*Vrt-QP&CRLtzy`_^lkwz9&+t{%%u$L~LuTru23Yf3o-;5~lrr zChXfU?Zevd6*6{d)Kb`e^n@A6?zXXZG3Qd30(%*=fhbeOUe{-ri)hh3^pm#)R32 ziZN+Zor6dZ_I!GF7q;|#GDY{-!aK-8)HnI_>7)Hx`mjfRdV3XNZ|@9YZ|{C#Z}0cQ zW{>#R$??~9eB#5FkB|1_3=K2;2CAy{(14J^G*NWA7S=vGBx4z?Fuzzd| zeM4+|-&zSjN@2ZD66oHU@jJJ35hGyd1Q}nGw%O{MBd0HAU`8{K3L%0@e8j z<;{3#;ZTR$evHV6Se4jAoN1KP(H;VH6UCKZF zim>M&@AzFL-&=T$9Q3bSiTYu=*5`X`=0j8*bi`u(n)y)IV7iK&S54GfDPycP~y)W$T(f_=? zvz@(%pN?yOu+{?ven`H@-6Zev1{ym(zOP*?{&(u*EXD2X<9YR6!{d~2t{3Mh4bWua z0rH>>D;qewUP=$Ay0+93Jz@|2FH89xl25auDkPcTrrUBFy%DFYa+T zIAPX>ttk9r!mL9(U18Iw{q&Ol*u-a@*`7*U=Y&~jcL(9U62{(H3VVBJ3!6RUv1Rhu zn=Jcgk9BMJ7Utbi=)2lu9b4=jo$OJ5f0W$^gLREd%I}^EZ;~+izffUIFZnOK{6DV7 z`j+y`H3XWmN?g~kDd81``Hp-{!hM8!@2$5S1U^Y=@%VCw3sPP~a=Z%-tuDNw{8tlZ z-9W}GTelB>CC5MB@k#%V!d8F02T9uedyqdDw)Y_6|1QV>yW{_F_qcA=@QyMn0ym5A zv0jyFgGcA^A01|0KgJ$wFT5wmcE*7@_#&8Gz z*X~f{5Eikn;Ar`_t{wbe2z&ndj-O8->+0<;KG!seb@jlTDo+shu95HU9V=|{<(ct`KP?#SIbNIb*E4II~H5h&wGbu z$=iE}yqC!J$KFdM{puoB`|zKZJgqi#ojDukNm;6{DD7k z_)of!?;xz(ia@0IZiUP~>+FG#i0lk`+PBHWFDSpp-|n#Z9_{H#{vhF_6edj&{14@O zKI5_R`Oahm+1~(R5$mFHeWp!7YaJce0UHrv#yV*{&l#F9>!h)6iM8L|CC_{O`zQXe zQE}b8ZBl>RLHJVfzSk)Vj8XY8o-t-Y)Ff1VDtc%6< zVoK1~yg+!KY#C-9t~Z5wcO8QNq{5!h8sx_R@|yS_d?m@FKT&$dXB{`nrvYOk9gwrFQKk2epAZdH(}PD+DY<@l055N z?IEmYA88r(`ibN1Z|5-fCJCFpby^CcEgqcgZL5a%8}aq3W+37NTYRi5bc@=<>?F^+ zTIULvqIiaUQ%?RQVK2}8tRx3Lt@w4xsm^D?PdogD@DCMNUxY=c-XGgXs{U}jTBP&V z->I*WlJ|H<4li){WZ6GV`mZPt&~W9CvFHrRK-Y`EK>pH%DZeL#t^A0O=XVw#>spci zKPGwBwOU!>8+8t1T`TZ)5oSlcSjaX}S)Z5ibm5U254grb7b(oxwo*V5kN*aITaNEB z>$oizzex^SOFy<;tp3k)nZ>#j%4&n}dMm~Z@9 zzP}zlD{R*z=AYQJ`6u%|%FpJ9tRwo8u&pD?e2(9@Y(BTeIIUYHyh|$oZ(~ngxQ)Gu zIeTDlZ_`}*Xpfe@U37haNO(Ysf7Z6~J3HOR1^Vgk#qj)grG!b}`QrHeGPamK=F7<1 ze3|_IMt#HQ7wpq_M$X=7XOHshDto^Cu26gP_P}QECwmve??22Lq4k7ckUr0#4f7qK z$NQ@9c)U|xD`s7?UrN7G4q_cLuEpaMhJUKC=P#8#&)-b;jDOF;#qgbI&uA{&?$BbG zTW^-^ohkm!;;okW9|-?T;l2sqCway@#wh6gsl~7^0^b5d*c&O|?42t7lH_{?uI8=6 z%*RcC#lwo(E5d^kAA7oG3*Q!V3VZZFZ}0J(y(e<^o_6-gFZbt`-#;G`v8LUDI>`Q> z3Tc`ei1@gkT6~npd%{*8^k3Sm@4vJ?Kc759*!SOG3H$#0YhmlZ*duM;UO!=PkNJqV zcZsmKcd4-1V;!|6!n?{rtYdb7@-|#;1cLu=`?mZKgpJSj=${>0uSfZH)xgta$K=6` z&mOHSN%?wb-ci5CHZ@{D+ZqR-wAqf&3E3bCO+$)U8gW*4j~WUuL(n-~QqPmZ$2_I735Ugu1DLhJHj~jFN42KWUI$8V3_V1JaE~9F~Z;$r; zX^QZ*;@SKFd}9vZn!~hhlh4m5U)TNZ4Dr{MgW%sU-^w36RsG8_^7jjyJm0OCC4XNk z59H6w=|7UgU*_=EuDr2#yR$b!fVunSauB$K>ccS4tM?Qh8`**X3)P45zbU^VKhm}Q zfY(ua46_cxNa0elpSL%zQR@VWzhB~SB>7niTYIbszb3q=WS}dAX`k-~6wAB2!dAZ6 zr#?K+m*3aT@7v!I--omNpT&Ere<|)kDgL$eQ8Ji055&4-+^?S=VKzp5=6;VRe1X=@ zB7Jr3;)&CLSQCEh7*ZecjlvHqI4I%Ah4&XeC$clv)w)t)9JDNZ8|%Ec_mHr+cbu@d zcayN$*m&k=Y`DSpxcEnQ+usfpMu~IQP}fe6E^*KnRKTY*FR+#zdT?tPX z{)fUBI=*f>+VGDQHa_e2U!ZuePx12|`rn1^_jdR<$d>1Sp!9nF%`3F>Sto3J>E9XI<)l5MH@$pgf?WIWrj{`7(HbHaloJ7Zn5gB2!^&}lgreth|+@!-i@`NNeasOys0K3;S9_i7J@ zk>}dx<^Lr;#%6?CW=lu&>|ugspyw|3G1jAN*i0J@74l%HwL~ z&&rGRA#Z%rH&^mLeb)$E`mq0!iw}EKrSI**|8Lo&e$SPCt6%WT4zupvPD+opPcZrM z_%es7U;4AvFZt*C?DK!Vu+RS^!dBjtAK2%2JH_wyx&JeL#uvsEy8ARTtiLhpUp}$#CUMEd_NwXD|w5L@!+T8`|;pbVLu++ zFL^6p#)G5OzWjLbKf*R1y!ZRs>;_@G9`gL<6X7jn6Jp(}-^gzPh*;-}`n)N^u+G&9 z!d!zPJ#c`dd@rlp6OnRhPynji2?e)90evJ4!Yo=A*QQi2>>Nnm@;NJX_QTpxv}iRh{(J?E}HzTw%|D z+VL4*=&Lrqu*Rdi)vZ9l$9Ig7s~a> zl(h(GZB{O3+ZK6?Z3KeZv`j==>gAaGRH@WbjN#IsQedD3*0aEd7HF_QRh>Cv7rEyK z6`t!|SiN^43swm9*38@eN9+EK!ttbz`WKA<#%C)GpE6Fv>pDi~l z;%SnFz9+|huMzPo4=V+4vz1y%?}pJElDtmgWbcU9j@~P@8Bck;N>VE+Ptc>$66s@v`I@kNx80;!r77GT~`%)0==FJ;Akg<`*~(63U^u~g3bHD&$ESqUS>Qs-j7dP#=w z2ke?=Z;LjB1T-L+mBTTv2Dpi9`)zA-9sIg!ny>(UPo>mRD z2B_4M!HQlRt*FJwm&{3v|AIrp5-jesbOAYH>f3n=V!oM)wlKHO z$g?@TL>QYm+EKmM)$rJ_Be7WP&6wS9(>{H@F3r^&^+dhlv(A;-ZBlv~I48%tAG33~ zMYu`4vK;GSuuh1IJA8vXS?gTP7j7)X-+1Q>o89rb_zz9(#^SH!@SGfeR=A(yvG#3t zX`h_Ku^vuYxTG+7r(ZWE%sI+;kuZ5PO#IjdKkLe&S#sDgJM+K74z@iLs%xRS$Ww?*mmdW&*+aSksP z9;!4@rcD}WsGmg&-zhh5+t&8LI6~Q2`7{cnSCX5p^v}xS7U8mZxEA#T$m?5rX(#^t z;v8O*!}JR;|4|N`-N`!d%b}9PvvYV^?PrwI+#t6^D!X8Ux{_UWPj!ahB-{kv!Tb*}#Gl5v&hzRjpM2GYfw z+R<1Xy)~I5>6gdo^^D%t(K{uM)S)PX6bFnj$4}HJ`YDF`Y*!86ZRjCbjq5yAD+Zos zi+Cw5qegpSCVT^0PlOZ}>c{I$m-_KaQ=5C`ttwQFsG*Hli6|YrhwG6hyIhv^T}kk0Dx%s{G||hINfgN{(N6`!ELjvwJzN>% z367IvaB=kX`!o+&YNJORDH$X9img(}+9}LDwEb}X{;LNdV|2NH^mIA=6FSNb$R7Q0 zMO(|G*r2yc<>r;5%Sz>yLR~UO7?nd{hnSpE!MkNtQ#d*5z~H6BPE!fovM_qjMsHN~ z4v#Ys?qzx<@z`p@Ypn&!s=|5YA%#FOlkpsk>sR1FhzCgV4W8+Qp5Tz^aQVGd2p2fK zMh@@(4fxm`{~(7u^^W&C+oU>V{fP|~*FRGl`iW0Jt4oy&pJzRuKQqTa#PL5UdPWX6>U-G;k;^p-Sq>Vh-P>kX`s@CE8ngCzSPeOz>KzxeEoIUsbG_`Atxtb-N{ z?%~JdUhsk^V?GY_^wDJ!lJD<*KbAgd!+IOPs`z!9R5cRuc`EV{dFAXd+E`V zzf$L*nX>K6g&sV+&2p^pIhpivK*W?)tMEmJ1-?s+qS5PyR{2Paknx`Y12PBg@YawLLY#YWrfn0@}Av|Bk|z{=N58 z-w@VoT7mc;UR|*Iy*vElb9|nqGPXnT^-5A3eLeE4@( z_KZ({&Jwo#z~_Au&*xny&*!I!Vu+PuF!j>P>e~GY9|E0o~{<{?4fx_#rri18=NpU@eha(LA?FfYzIDC}DjL%>j zpGRo0p}uBo9DrEAnqS~-48yk*h{j}+f9d(`K`6dlQ|9;13JYan29k}Y7!j!+Y z7uxqYVJpvkd#8TS7T?$JIl@-|*dHS7?bBAx{`hI}-I`OBF6bEHG4k&VD6YqIqQc(( zNy27-163CGk4*UkU*+)Is@(a??{UdKxRb&j)0RA5;_!86#dni`Et?SeIaPk|fMR)_ zrm*GbZpq&&e0SngKDR0C(@%S_^ke@KVQ>FYVQ-)I=Iwtf?CpOh?CpOp?CsNjz5O2u zd;32W_V%w8_V%w6_V%wAHv31Nr}7j=1{%73{5J2Z2(#(pD~r|f19=URRe9!v#|zI@ z9YM^WrpUMX66Hf&KK*M7`}Fq|_UT_iwtV_K2>bN&Tb-q!^4m-rr^nZv)x;pZIw zPprqn_2((sgf_Tc*B;>?N0_~#!RlOv?fVum?bq<1)p!}N-Y7-|@IP{RXXVxN%j&C! zZ&zbKQmXV3i0?yn39f!0T6r?g4-S+L^t|}LlP@n2{C0}Z^Lq#zpYKl@Z~mxr5cZFd ze`7%L`%|#BU)Jv^OO`r>Sij>Q`I`i!xt}oYr+>o#&Uzm^N`Gw9zwO@mZ8zVbL9ADD zn#z(s0zFqBe}7&v!ewHv51#)(4%1#d|4WAtP-W8Bw$wT3kLoN7g?EWC;5C#UkB@d3 z{a1xeAFNmEtN1BRMybzLl0EQE4*y8Fr1-2q4ifGxOdp5F2-81JAAXDD^L=2G`1Za+ zWsSHG*zh0)yi;mVkLhEpdt~p~#0QU6*f93#zh<9(-3AET_v>K# zugCOXkLkZ2Qy+%0zk#sX2bUfGNR#`E>hvsIX@v5)`&xzU1o7WZeDKK*zc2iP^7ER` zLEu?A%=;&v|5Jx~U%sz&t-U@g{b$>04j~&*{{0lvKT_u{KaEQNaABKIlKvBgEkC4} z>$#<$`r&$N^^>>H`X@Vye}EjsdMi82AEq=zw@aV#YGy!jy%esGUjB7qlmB<@W82#= zs_eb}zdQT9&qMq5@AC{6-c1hTeI4e<_P!4I#T@3@hv)yr<8}4EqvZYfptR4bees{n z@h`~n$H|`8R~M-2chV1Q>q`D9or4CAjrg-v|Ig^*#yp*WH*htdR{!K(;7$p{Zx%K_ zxTACpk2s8`IN*b zJ?knyOAnaw#4z?33Y-09tq1d>_{SuBtOui4>Z%(lk zLhJf4%d*e4)a=9O*^OcJUsZfRism!o>zRx1As63s)8hF5SV|A;&8#oorlimNW``<# zU*h+X{M!oukCWFYd2QtH5;l3-PqXy5=@<>N{?2*|`uFn=6TUFA!}su-Vzy~NmkRs# z(=2T5hxPB!Uq7XX_4Jr8s2K<9))MdEZip~LJ`>N&t4p_$*AQO)KJEI2aen(r(g&Zf zuwm9a&?Th0-T@f>50X6i>>U2c;UQh(dL)%3zpe0@3a^&%viPLe^SQtC`WFft|9AHk z!n?5#Ne6mD_^0xpO&IlMCCNZfJ{-Si`ao^i@IDH7d~FWDpTk?oo|iwv;VmDD>&twc?1Rsc zzQ-@+F!ntE${ha8;W@gn>>&Mm^*M>=OMvrv4-o>d+Ha>xHz{ND-paeVHNO@G|; zsvqG^6eo0_@J90A4e0;kWy$LnqK&-A++Pe4-``&xEqr6L&-ymt>k>vDo|k_@*vo@W ze&9=SU)Qclf0!`s?Olyw&`H9~7yg>?9m2mBze8PM2mVRI#{We8_k~%L5-Pu5$U5ly zdUAx>7~$(=%lgMr?F->su5O9nBz{lXrjJ9%34ba4dW0GLcCu~!t)GkQ4L+IpqlGCi zb^Ac@sejL(Anf^+pXZ9PB>K^qmbVM?!(9SA&A^=){faI@^~8`&BB2UWku$KGk; zn?2@N)Tf_cZ6fUFSMY6q#r)}NVVgfO-`P%SvFjDHAOE=X&7ngUvqcTWp~8 zSbJ~L#e(`-MGj*9kBaK2Z-iNKN->)*+$-Vjg=Yx&PxwONbA>ldIB&nt3DN#$iI4qD za`u_edHa{;?9X-f`)^+id$#^L*}L)w#caO#@&f%`fs++hG*zrm#;f=fC3Z8_|NDu* z-H(c4J-(ijfnK?ym_4rY+DguF56OBwE{A{YFzapbE&Z-hJ-c1_hYD|JcpJ4xh4)YR zH@6nU{q(8{pDKPg#l2_3LvAZ(rwLpAe0fJP+em4(@e%pQ6rahn{zX~3W0F4WBb*`m z(GDM`uwmpckbRQ}kC#2etml9}*K`Q}w(^Y+zSrp!AK2`#s+Tvx%rPMNC(6F@u@5%; ztarg!c1n=e+OWdsNWURrF4@t z`5}E^OCRf3v{U>&lRWyz3!6UcS4>cPtiOExL@|8NV)cvt%X0R?W*_-p(l>eH|BJBk z$uHQ-=k5FBdNu=6dcZ$X*f8?kFPS{$KSKIe{>U#9rf_$r4N>EkQnI!X@OSeX85?E^mZ0neYF<8!_7{2Ls< zeo#%=U(v3|tS|Col}D3gAl5IrLD=$#Jm05zdA{vx3er)2fUwEGtMx?o5bpu$Kqqfd z6XwrTWD_F3fw}mY&zL^(AM4_0eU-;#i#`j%r+=FK?OH$OV9DeJ+38XB>U z|E%Y-kL>GbqCme8|8wEB5)S33xSA3sKl`}+eb@C>(0@R-X)_S(tz4n_e;;A?o;uGt z3g4M0*H zt(S|BxrEQp2`;`po8o#Ec7HPHz?$r1@$Gte>f!1S!Z#=T9fYSVJ=Q+%7iMf*kobdz znQuSr-%alo-f<=g7q`>2(9|Q3;5THuS+zav0jFTunM*KEGMhA`KgBa%G)O_Uzbe^c1_tRHZuWJe}>@T1Z<%=h&0 zt$*_UEB8b1CwbDdp7LkuLmqvTXZ?m9By0Iap1Lskr-W(yc6}lJKX>V$SFFu$RQ=d| zi}=A7|3AmohHvGkNe3FP^uH~CL_m6vSp1E}^ZcWPjZc2zS$^|)pB1z|iTIO~J@_x? z670^`Cx3y`XY#CfaH7h4tCWA%$Dlv)OaUUl2g|qo?!Iwt-2W{MINe&9*v3$?hl&%e*`uBXEr#7K1LjRwRKc-_{ znEzXS9hLCWQ9QK2CWWm%!mpFQ=RfB7*n3lav&Zj8_loa-KYBpe|9^zt8uR zzW@D^`I!BFgnd0isoKA*TU}^-+eP(^=b@h|TuzwhnR=vGy&qb#YF$_?OD}e8wB&50U-# zgkP@HLG(qRx^Vw`c+x-R?AmO;#)83-oq<15T0Cx8p)Ee`d#!lLF7f)ia?-y_n6_rm zqsEM?4RcfD|5<#-PrJW4TzE&7cc-Ke=6M|$nKje-tbV9M4Tj_o)1+VL-jVxaXjZyF z?mT43SVPuJcs;or-1)pw38mceP)gki~VFn>JKt-nFp zSiE68T|KJUs?QnX$#Rv~QVlJvhW?&H%|#2f{_YaLI;o0Q1Dd*2pCyKqg_^|Ut${#4 zw!mc;xYYuhd`9AtUZB@(;Cs!^=-Ib8qZ2=RY&zPaS1!A33_(zqOw{+sJ<x5tYw&spdHYFQoh?u~`O(u9xJ}<+juj}4 zQ&n6;FM^^UcW;SjI93vWdh!=0|Fh(i==H1OrOR^(zNcj^@|GW#QYBJm0&H6=qHdb=5Ed{y{+6D_3|gg*9yqw1e;w3LO<;;9sP$@p)gJ zxuJhw{X}8^zWVXP9g@A?E5>&f2PZsV`mc)ryEGpE?;l3Wp64^4HvXD2)JitD6y}{Di0_5L{AL01{pj=ZH&z-TzNZ~1-`XeNw`?N315D8YViLv% z1b=V&o;7Z*?A9w*(Zww>nDU z=?M>!JoWu_!pP53*vp?SZ1RsQey)}E(t|!96w_|ckJul1Po2L$r3d*R348f#guVQH zC%@(faldDtaYCef0i%5L@IG!J_u(c<~tKSIQct!i+`G#*lor#@r~4&0P+3b-{l{vGJ(Jo zC2N@d(6104pY*{8%D%_5943Fdmuizg?#V5GgbMYVN;wQgbO5gJPvceb3EszXE ze0$~cx3|k5&j3zW(M4Tm8|#dkLF8>;2=kVW!SOt4Vo?{H+60San-g`00eoqTuMF!^USnFE&-pYOBj-#pWVz+t>}_-dUuKIO^$W&y$?=5sH||64#2f95du zx=Y9OpJK2S+5H1}gB%{6!(1P{d?kmk$l+f*{P`&{?`JC=5aZ{O@@@PiKi`+L{Jgum z=0nQUr9oQXDy!WeCoD68u(zGC*+c&cVbgzY{r`u$_kh=^UUn^o^|GO zE%$%@{@=HL=RLEZS!?gTc9}hG&rIDvhq7Mz2FF|M(pnpo@!9Rc{-3vp{ouSk90}*` z;RHBu5Be7E?enl6za7j^@%gp0SemDz{vnp3{}8r*>|@Hj+;|y>ug})lIuc$Q4*ezY z8*ucW-*Z38?Qh#+@BOI-35UJ+19yPO7rpo23o(e(_>|3a856|6aB5C9ubS9OhSY3+(>PeWdav{A2po zN;S5$-v|zS_0BKPdR`IU*8ijYeE!q?+(wm8%5Rf@AwT`QiS`Wt%>Q?Pr@WP(^as^P zBfoDo%IEi4BK^zgxZB}3!&D_x;5P})QCR(-31_|cBeQ-v`0wfWPx|KbjXrN?e~SA( z-VeGMj{8A=?^}N^sfcZb!DJ7@OarXM@6XHs z?DyxjzmfE_{ax^;)Tv^A>$8mf7UgEvmGB2DktY}Bd-N<{t*H1%{IK_XnTJqc@x4s# z??oT>>OV;O-6wWb$Ln3JQ{*qQ%=}J+KT7QLkGqk+Hj3==MdsHMPua4g)r%dURjTAQ z?A`yrQDf^w^wSCZQ?#GXGVGtkGrV@(vS0b^S>M&ue_Ulc{+DQ&##PC8ivE(M=aGW8{<)I=c}4%3Q#-2TE89$wA7Pn!2I2?%{q_T3 z&*>GPZ=4Er~Y}$7W#kYdB~Ya?~ppXmd{^qMf}st_T=-C@6%rA6n*u4KF?!=3kv&u-gnUV@KZiX|1Rr$R3dIKj%~5M95}W9p8cGamSa^|UtTWt zcR|tj6#b2GKl*q1DW-QZ;YhDapRxrvpGVZc$;8Y4TX#MDlzXOiwEo00j^AX@MS{N% zJDxDjvl8__zZ-fd!*IwQm&03gJXG_TVz1t7Ieq*T^Q!mp7AL3hr;tFz4aZ>JDT4p(#iR40Y`qX5&txJ zB-@ZOl7eqU{Mkx+>%;C(TZNB>9gi1E`kj+r|J~na|8Ie_|J%dipZeygPXwo3UeMf=*GC-GB0iDyfC zpC_D$wtl8IZ~45T$4iz``6T_vN#A=?XZ38zwzYZdIG9~(dw#Y0PV7T3&)48v5*wc> zn(g@Vs%#JEmGq5&KjBDEJwy5+{SGNT?cJA!y?iL?2VcX-e0|>M(2~Ah2j}C%32+==&cV)mRpNKfRHx_h zS}(yk{xUzBXi$E8!#O|4%befCaL(@$IP&ZICeII&{)jre*2DL9w%(`y;`qep$866S zzh&D$cvg1Cj*T0X_`}-jIMfyH}b1La?Uh?;OCgT$N$fk^eo@?*!LCIpQqp`kI(1)5&xY7s%YQh zudkxIKE~5u!~Wz=yQ=Tq#rf$RpY5o|xAls>^DP~lBfj$`hvU!aq<;d=dUnBWz4PI( z#+RsHzb|Y5%-@6E7W@1?*lzgjlD^-cWtTHZ|C5G(Thh<*w}T`86Nh(I&#!t6t9;Cf zmVNo!nJR3lcl-Y@^WqCkF z9QU5i_d5w6Qg|!$`w>2ZG?e3Dj}MP6ycG8CpZ8FSnBI}-B0cq|!J%J{DMjmIcWQ}m z`z;Aa`|XL|?Zs_c(H}Yd`7(O<*LxMc{&7jE?Vt9ag2R4^3wYjx_@6Z~3JK=AJ;E^p67JfF-7tDow;fMtoM3x z=;yqst9o{NLTz3>|1)nF=Ou-mzy4{$YZdnTU@zfS3j6&(&qppT?De^i2)j>FydKz# zKi0A0^}lynZd(!8wc$?mk)HGIPek`#(ffU|5$Gos_WI+haQLe|n^fE0`R}j5Zx?&{ z1j-Zq`pk9wg_3?U;n2^|iTH8EKQrk!P3hgmY|LfhC5rwxu;b?($^PnOzZ2;_oa)=} zg*uikQ0(vjZddibO%6*d8PQXJUv1u^UkT1lXr}O=bbu}2=B%Hr60v-8F5h+V zzf!)wR36JWJ@Hr9?QY$HFLRk0V*mOK`shFQ&&T2DpFaPx1LZxmHm|;~I+pT;-se~L zhogS&pT>{=X?-0*+^8?@e-4Me?D<}>&$D>_#$yh}=YjP9z#6OX^Q}#NM|!4zX5uUG zcQ)$(=wiRwu66%gys-JXe~SF%gA<#c$Fn(o_ea4ek>1y+k4;K?_K(8|KSUfw{sGJ2 zz4z*_&TnIXd=z{z?f+b5&0GWcoM8jklhq$R<6!+1_FWO*_WB%gqrDv8E`g)JI378c z#r9)+J_AR4**3=?@@BJ08r;cZxV*SZcU+TSH5qk4GnflE6 z$&sJi|0vQ4|EI$JaO_X~9^^jo?);R?;mIsF5)kb@zs>fq!P(yPr?CH|@x-`!d)o_+ z@nmaG-cKO@^86IzUqm?S$MMMXr5xYm?TBxET7O}0dz}PFdEFmrZyPG^kKTpz{>bCA zyg#}P&ikW#;YiQ#LvKMki&m*IPZ4%(@|;%j`_LXQcn?wWd$4YgC)C*Td$8NUYZiX? zX1>1(^O#g67ftA@=9oRkI^{H;Z(4+<*G!e$;0;+`TiETx^2he!_hO%br}9&LK57bS z-Bx4uJz0+rrxx~mvL}+(eT7Zmu_DsH3H^@nS5yAyCB6BpkNkb!>Mhd0n{|r$FPHK+ zzpuiP-*?z~IX=%nLuFolFV^#+{QjNe;caSl>zf>WUPX9PsW0zm%t3l_ze9FB4EFlK zWb|=;VCkiYRPF!bkUGKb;NPQvoH0o8d74R-^#Il>=U&y_dK}xuivA1O+t=4C`Jc@9 zRkzl6#vnz$p7AGm;T4Be@9%z~PKGiS=iNwsf+=il{*X|fUj zmhfNCX8ardIsUbVjp&%{KSL(H4ZlrhZ%y_e^-`@Xn@;uJLs$6od4hlDyLmm>`t!SO zt@8Xq#P2B_`hNIWY@-j-#*soeE*r}BJ2W@kKdciJhj0-zo8HQ^wW4N@heg~ z($Km$6sH_g`ny^#=+Z2v6JnuyuG+G6(K4{i;$_LnGgX&4%fb(eWr^}m=lPd$DE#?+ zjL*Mh_B)7~eIBL{+g^S?AM>=&#}M}C_bU7NUg6V({k;K?qrAcU!IAF{tRI1mKihY| z1|JLOdi41d*`ME~jCu~Xo_o;wvtFk+_+QO8(*5u94Zr`{e0!*;@Xzm5ep0=T!*_qS z!{kOix2V@XbiMqn_rF)q)_at9BK6?N=+Ebe4u$nS{O@mYlsD{iJ^LI_l-K%^|GRpA zypiwI4R$-oewj|@HyZqIga6cE_fcMp7%aUtj;|N%)r-D*v3|Yy$s!wFxX4Dc^Gl11 zYWh;Ws0~}4WmzvSuXRrs6Z8KsBkYK}8Afzetudm1VA1!t5${4Q`WX&wjv=kSnX5%b zu4|2`a~xs4Ky1Ja!!}&Ca5!j<7*;O~w{Bw;*ooy@6>Ugtqf%A0OV~MQil6Q5D%P8u--Wd8{!ry_vS>oT$F3x_jHgS~Q7pdoW_EyBaa@c1X zE-U;J;bHuy6?T5%yzpCvuf={c9Osh{!M)g&mTSF6eqVt%E%tXW#xU=;MB;e0yS_hggt!`FV)3@JuDW)t9K} zR-IDV`K&vmAHz>^{^>3(akCQZXMaM|3Om2_G{U92p3w9QD=(JSLjcE zzM>c2yXY5Y2PMbz6~l4#EO_0B&%w{v;rC1atF1^FezWk_@S50O&N{{K&0WDV(vv47 z?&iQqK9QfIemu);pZOA;Ux&OlsjTby!(7rIRQ?^{DF2wx)MF4wN0p3&dk9tgVU}wZ z_Bc|}{wbE(ekz>p<*?rZd)sqzH~$d%1D3(I_X6-3m5BXmewNYRH&Hl>+R4s3T<_GTVja{uR}{Yhs@-`2~DY(ci;{ zzcO*Xr>VROFGBd#8e2btnF3Xv1G&oi(CfnHsaQVebLH|a1xI`B$F{o>Jf@^?{cR@K z(X0B~9FF>{w%3M!m!x<8zfCi}r04v8+vD}b$0YXqU0;T;#}CEr{VJBzD&oCt#J`(x zj{katXCqGN{l41H=%c^rukD%3vo9Rwxs?p>Zz z*zxRq!ZDs%9?w0ZJl4m0aITMY;PBV)0X_uJSjunwXHtCY<8gQzKSe#aY})Co--2J( z?~PsLul^`F^p0omz(ZNDn7^F!_xeGO@AaC9Z~oUb^yer2!*uLzNbjmLp8EYgIljMV zdsx@GJ=~t6J?yXFgL8lVJ{HEB;<+Th-5Bm@M|HO*w?fW{y(+YdM^E~0V z5_eKZ!H!R(;258Le%Y}wo?kZpJ;~nwZeG(;dgnFLzpcS9BsRZa!8t$g*W~>6N%@)o z?TPO`xo*4fl7{j_*!uyCI4B~o!)L(5690+ynHMC@%8msTA4W<6SRQUNH)W@Tj6@Na7xddCy z$u^4mf0dasGARDOiQnPmhE1^j9+*ED9#i}qGQ7UOv1;KtVav;Is*(j@#|L(!mH0e{ z>=>e`KY(S{U+;RAh|d!^UdH?_zqfTH`~r2P_`N7O_J5=1ufN~*V$o~wg}-bshyC){ zbIYK*XJ>lGKM#)hYb@GP&2@TFCE|QE`};N(ao)CA{r#Oi3j2MjYY4~pqSUWPdRbq! zKXt75JcM%}cBru`?*(v_*Z0|5pZR+I7I5VM{f#@S?>ih);(I;*BI3vO_|-S6`M{!= z52bE0KbzR}*2lL4{flt)hf$y7c@Wa~ zm`T|k{uO*;jjgNq=lg9#2gX<$s0m zN7w4sde?PS-)A_h@Sf-oBYw1p`X3Cd&lxrO%frm?W%;L4{$n4hzdv_WsUPRlFNfYf zpnQ`3L9EaAa@gNO{AXa2t)$7zKEv}UXg)Kf)*l7mMR4(%YQ7V`hw^Sm8I+e`>;D$& zSn>NXeqJfr zJ|O<*N`1(8v4ad=68l{loUbqT_x&f&cfpU4hB6fUv*~QF7k2)$Ww(tK=SOeI^6`o| zcX*?t^)&g#_;3*Hu@=KtCGt6hGjB}VnUAKuf{(_22)^G}(*NkU^bhPum-H5RyQ8{Z z^^>9>2XBx5D~11XKi35CXS>2%pr1zld(BGG-t8;wAO1y0YZCqaj-u~F{~P+&sfCy0 z;)KVGo7T~*_cc0}jV^p5dXJZ4{N4+`7Tvl@KZW?Acm5((-i|LHZTX75^A)!z>^7x1 z{x88YkN?ZSG5*cEX#KsJ`AAdQZ3)W9@biEoE5otg3%{X9$@_)mDY+PpOmK6LoN`HJ&1 zZbi9!(K~-&fBOHLh4-N2jUs$a$=~mH_QJ1|rlS5xmRaw3o%L=jS^suJPZJK(Zwlx5 z|7!kMHq!rLBmegsdYWud{+nR>CYZ1f1iht?X!w{-`5%Wsh6|<;pC5cIrPq-UYvCH zs8Zv;BD^x;-3o6Cf06Kmh4(2uBI*06zt9_>F4~TNJjcK4J;qVgpT;uM_xlX%!<(o? zoNs*_OUEEZz5DXe%cmyRetpspd-T1nL{W(S{@{bz4A!AL}KTCUL9-Hj18rxNky`D2Dx4@Qvo{H-F z;E=WLuk+=dA9-}~*YX^PZItJbRrvk{{-2MH;{12d`D{}~J_dh+m!W7zlobUa#^J{hMlX%aD{vR=iyo1s^slg{E zUjAa{ACvb6C4c9G+n<&%?0oOvV1E{Eq&Od(Lzeb@Z}kV$_E~=jd~R)C&Hr|LTBoq{ z!#M=2&iPzr{?D<@`CGq{|3&yi7VYCt^V=PL&hNOCpL)mZtoK|u{4u{rNiXtS$9_EP6z5}}M*f%9Sk3=G9p1LE@h^lUzVkIbzS_6weSYAF z@Gga&zq=~ow+lO8{~p3;7QX9CUDfq3k5Lup=TBo9{Vc=o)m>RW{KS6b>B{TB%DSJ>x0E+)KHVdGm@5&v!2 z_KN+H{;mdxf6f;^2mjwI@xR8z(v|V|Ox7v#bozI&_8#wqz5Hxq(_eJxK>G4ojQ^3J z^L3vh?dU(w*Zn5>#QDJk^K@6oV>{!6;`0O_u=JX>@)-JMS=xt{SK%e`FZOSHvGM+l zxUs#>GH-Y5TWr5^zM{Wd5HI}q`ikSx>L!M$=a9Lrmxq#G*gN0W^Y6z>{WMv7hJd!c z+>_Y;za#lX`R%{%Yoh+ZierKrUBxo-$_3Q>vgZ}-~A$imv+mF#Dl*j>GED(u&UkD&e{ zJ?EEt>^e`0@BGsLBs^c?ucE(_^p-5_{L~-7a~5_!sk3Y%ednK!f@drGvtaiR!P=jY z?5%Xg(}-ckS7-??zq-|-u;y%0a@$Nu~XE<}Hp*P#Cg+de*T676OEn_kqvdi!qZ zeg5GIIQpObW@7CRB7WG*KgFM5?f(i#eDz-M&iZrU&|7}<&*gWljPe`*aX8}3V^jXs z^9tk_^&=nNVCQ~^-tx=2{7b&`CEST%H=-{j`ExS?Qo7SM||6RMf{ES)_w;#?A3d$9(wavAMt19M$|~k zvm$9K`oARpW&hVm<$LJ}?nl6L5=VI)J`L_DeDAW|)$`e_lZWE-1#=8xyeoR2FZewD zb^XFVf4Vt#eHtTPuW>vaT@mw=;IEKYUt#ql;jI5-L;pe2`@NHwVCz&d{>$VY@vj;& zq`ICH^W(jK!YM-g`iaL!UxM@Xp~K*9>g3oEhgAAI{u?$u#e;mJ~ z|7h>QX4uOICpP|*aE|{Z{XgQH-nM0b>=+#5fZ34^(qEP}xuy#BlqF@8*@e68W#N(% zxg6o5)!olOq`Qh(&+n0mT1jP0$m>3f*Q@+LlNS8z^V0#n{r>CaUzOK})jI#J*Wvl5wwpXZ(f(%%kx%v(!bsf9{?hQ{S@+IGKfhq%OB0?!}xba^>2isQPsasxsF~xkBUl0wAOrg_@Vxr=)V!&HU4?{k>cT%w%>J~ z{_FK$hyQx`H^P6mjV)Y>xex2Fj_rna^|pp~^|ZR^sB9{n|Mc=3!8v0uzmDqp`o-u# zY*tm1U`7|~<=0K0>gDH}N;(~vJ1`vTk75t$=hs_r3mxNXqpIKrnV{?z_~p#gzksm6$?NgGg*5M8-jDgvm!tD{^SbqO1-*pZ!Z=h( z*CHGC6S%l6uPVz+%ktE+?B27s>n*%aXU)5hua|XVq_cI+bFN#~M+MZ~qAH)ZpES>W z1nd1-Ka=r4^PLTz+F<9CXM5+5XLi1L=5Xs>=F#W%t%lu*2KO|0T!VWXJQ22C{rQ|i zv`as{1M~935A*F|oxWIp^T}+wnfn^t-{8p&p4#B)4Gus08})HPgC{rm&IV6~_0wPV z+y&fAcvYEx*h9XV`{2pw?58dIt=nupytu;6u(R8LRmhF4v)XLMe*e{5v3Dt3{jagn z5A$D-|9V|_0slIxfBl5k@n1*3+kN$qWot&)b^EX7ztR31QDNnW<4BQSmVF)7uYW{G ztADnRVf@bYH+8m-?tTs>_;sS|oIHYTXv+Q({r-CWT`;1TFgCM~_SfU@%-Lsa_0P$= zIcG#SW9!rr-7I-hkPqVco5YlVxr{|*{txBsGylG{{=WLmGh1i<1B894mOd^A&SMoM+B1WzalxcVBxKz4OdBfMcGw z@9jSYK0E4{<>%oO_$j{UU;X<<|8WoZ>fxX9Q|2Dc+$xq&R>b`{()YYO`i}Dm&w{?l;i{VvI;NpB_MD1L`xJCCpNyZ3Y*_>{E7UW z=j;)3%!8h9i~1Vdi6#G+h`S^DX(hh%ypJY4z4&t^_KxqT7JKK3o(#WL>^DGv6XE`% zUj_Zmu-EDo=e7g}vn+O}r@Ym-j9sUa@!kKOOxT6Gzs;9W-X5AnV6rXBSo@7G|*zt9{1 z131V3S<)My9b4O8=G4B;ryf<0$LkPBxf1?4OS)AhzSn*=?AK1bL1N!q?{$^lqOa!d z!m||~OZ=T+$1uh8j!E%1fRBgQuhrFaOk)WTWu3BGUtOOI7WO^yZ_^jK{9B3r|L_?G z`oHbJFFdVQSMQa7Zs>shjuV+<#hCeH`iOEE>3s>_x}>N60opk0-PS|zcRb#O4{|Sx z9CjRI0eRkDc$VSyb9pP*>gu~6-Zu_=5YGMk8*uL5Pr=cj9WNe& z?eofRU#Q3H-1Vxt zFZ2(dQhz5Q>i(A_@pZ%Ew4u8~d-q1V8DD=)lpNI6m&N{_;>uW_6C2@;B~3n9N#e`c+Gja zE>3=L5l88OZLdERo(HzQUMW0+>%g|xre%BA-uBA&wpX^dy~5t~Y_F`hy+Ut#wpUKi z_R99QSJ>;n?Untvy>fipE62CJBEJ4iZ|H5W&_6Pf?;KEe@0}?V;cZwBE9`sueQxr- zN?W(5=OR(RzL)=9_?@EHeo?lyY`-2H_Ucb+=-*HJ3vuR2(({~4d2mnWS+blJ8%6!L zLk9FOqrYz`_lb&r*j^p2%ZD*0W1}?L_zTT65MTY49FvCqHt4S!Q6F;}e-a1wr?VU* zAl^6m50;K`iuX;PU^%)Xjsp(psK%zA(w}6HH-n8o5?^!tx#5Vfo?EGd^xjGh{g#LD z+z5GnvE(Pen0R-1F7k6sR!)M)z$ez&x(Z$vKC1A8u=AKtDf|ogA$Xs{ruPRp()%;q ziN6OFz3*k-hO)+cnLjnDes9@-l=kpBhf|2ZVyO@H@55Pd`dR-s;%2>9B(i>QIP3RG zdY`+Pgl~PtKj+0k`Ewhb{ZSwO{FnX3=z5+}p115+@cPWP1KQ6({1{JUhO9wM6AxnRC)?ZqGasAS z`+)nCRon-ZpG$0ie}eR)zgwT%5vQ~HzNF>rtILbCVxI_&-K z!D{f+MZeW|I$Ay0&x((gpdUw|ujsX33l4kvip2UONBRem-XGxkOL{(sGnBL_b}g{S z*ExO9RU-X^Z>^t`>n-ME@2|IguR$qu!I!c;q$1|M!tNhKZ~Wn;*PHZgLT$bAcZ73% zuh&KVHy^CuGcbFJZ+e>&&gu2RVQ+dD!#Ta1liv748vf8F2F2g3;m__#zroM>4heh; zX)0fX$FTfSMVv=-W76%1!`e#Zndu9e4{z}A8oUF2G21)OCi60kpP4U8{Pg?mf63WC zr~DFLfMq8>DYDlSgSGzw9QN|e*amC=vt%#-y1~8JM|$d)=p5kT>>O9Yejk2{JQn-l z4dJyYpM6~UCHyE$nz5427wv4#L3)l+$}5X>ww8j=tg&VMZ@>}%4D97o%JwIlez4EU z=ubQ+<9PmAIL1$(i*?_>Y)RkeV&yS~eGc|^!kl(h;&ZMHk%OLdm92B--i`T=3gun7 z#+J{)%!PkjuugG2+MZ>MM?M#M0o=(xPSL;bV;laduj)VPU%)Qwy(W?4Q)O+v?={^U zwhk2ic{cfT!@iwWSyw6kJr6I1o%n&sJr*N2yZS5JEV&-yPV{pYbi7~A<- zr#u870xwo$Yu5cctM8md{r|t=kNe;3&#n!B92>)*Uw^H$nx`85&F5CO!1p-*Q-37( zq4&9y1*qTiO8Ml?>6^jY-;(;j%&Q{@#sB;a1NO%Ey}c3th-diD18MJE(*NyuJFDvn zwuz$tc$T66?jP%SupyupUdEst$lpr za~t=;eMvt(>5bn>l^>H@K@OK=I_bd21m5BTsmYF@i$^6#_d%TnNBO2`fKkL~=wAtfd-}Mpg zJ(BasN7+8sBoD>&$xUeAe7?CUJi1m_`dipOvi@sqzgd6BjDz*}V;_2-8~r`{!EQ_Y7yU=@x$s$q{jP)UyI!$3{`rI>{yL|2 zRqvSDwdnm$gvUC26!y6gPT||vBYiGp2+Sr@iO+#p|H~JC1^qFE-G&vPL-9ME^VQfg zK952TioXt=<9CyI#6N=g7s9*JCd!h`tMA1AMDbjkc zr02YTk0%c;>^yhxpN}u>y!j2_35A^}FUS2I=jqdh2F=sI9**`h{x9JiUyk^GCtx4a zj{E06cXSfGR>{xjjvmLq*nWM^=mK;Ti(Y?!j6VC@oBTEZiHYsszE>mqx8>13{P8&| z{W+5~75PHKnUBCe^RFAcF6GPm`REUs?{3(;f6n@a+5ZL~cUVVj9sG#vA3kSy0O?&? zc}Ks8?}Ya)>~nMv!n+jK|4UPTem8_ig{yNqP5f@iS7DE-6u;YZAn~`YvHEV$@o==K z-vRJ=m2Opu-vQW(P>lb62jDMo93N@FJo#t)9f+Up-+{Be-vG__?2-oAFMvMmz5eO; zp078q49EGV@2Tj6=OYir_f#CoGQX$dSvbF^!m%*UzZYG+qZ)s|Mja?#PxV?^7j35a z9KomXFPPv(u?OTyq>rj<7>X2co&?n zC%y|`SSMFqA6{(6!PgTPhvRyp>3Oc3)B6c=b9y7u=k#`m^YzI+;7HHY z;izw~7u*QP^#a-LFZd_R52?;ar? z-mua#uab>_Zgk=AaW^sd4xY2<7g?dRbrI#+tngawPy8;~?1hhoIi#=rw+u^`^<%62 z%KvIzU4r_5ZPin)um4xU{8U4|qNG>b|EvE^LO-MJswB&fWNPeC=Bd`Uy2`SeOkS^Q zO{Uy~rGKVjqtcq2nVXfFD_z~eC2~)2HS2C5?kog%9>6-(UphV1lfr!|+`4qYrZw_U z^o&}Dq;PdZy{sP<8v;Bcg@` zI3J@wJXYd6hj;{?KmF%6%pm{0CKY<^ zk4pUAC2Ic;HZ$Zcczc$y&);a#`grb)($)5cFGatK#)$DBXPM(W-b8%ofR2M>jQA_| zH^3{E^vus=_OO@VPds*M>VWi5C62Prvg{vOu2*@k+}YnBI9 zL_47WI^jzStDlne#<&0G_zxt#_TNivf9-{Hf0c88wXZ~fb&i(xGlq4Fb5z+ax6c`z zbMw_4qDj{4qk3{lPz_xcRCMk*OjLRS-BmpZG2@XG{FDCit*Tx`$5c22l$u~Lbz zUS6Z{KInVk81uDXCfPUH_@7Jh)qlQWpILi3^7|Ag51ucK=cg=5c|9l5G?ka|9hX|u zD&k%j`7KO1=SLN`^HWa}gY^3)z2!L`&iUK7B7gOkFYC`p`lYw6$D(;US&7IOvJCdy z4J*R=+YK~Hdrq_Z4I28blAcR8RsHWnxs|oL>+1;@6jpy7>$Co0IP}eTN6VwpZ^Tb= z{Mvz~+lXTQ9?5cAMgNtpPj$JzpM;}*jX!~3#JB#w2 zlMbo($2XMyxpU%QM(;jUIc=YMj_#*xYz<$!_W!b?cYF01FUEth=;au1H-Wir+2Yi; z61QJYTie^ObI>10GgHyaZf}`8&;?sRrkCr-Yiv#-=Q?tSnM1ll+$6ypH(a3S_=Fu_Mxwy8Gyqduh&n3$M92p_x|q)pHkTP z^U=2>zV^q$VXuFuz}de^aQNrDi~C47&f$C)F{kzIcM)N2^U=C ze$YAdfp9)&z7lrKQLJzKYt*;-Jpo64o-_Xx&gaapz}xUsye9D>%Y02@BkCuvNle|0 z_R)@YigPwsBfMIvujZW1-O+y)eOJ*t=kj>M@72+(Ik`{6pDFAd&iScNj{z0!w}G?$ zF>u(czo((MuY`U%?m1mg{_f)x=Sbeca&$#}a~mFxe%->}qgt8tJVsUIe)Pe{_jozt ztDhs;tLL_6TQ7SLCG5RNbwBJefznUqdd+hkev1CSLpb~U9e8xDuKZn#`pW)#%`f}+ zE*$oMBR^hu)P8rb@9MY*?knl(-!~fm9Yg;N|Mcg`hClZZH`2HMI?!i-&V;i+XTf1_ zeSMhxeFOiFL%&k-$NEtp`Rm_YsXo=;35Q<)4j_K6udg@!dmGOFJ%N4p?=^UI$=~{U zmi+q)oBwmEKK1|jM*N!_{+*WE_y6nuS)SkEZ`6nWUPjq-ef|xO`mw#;|K$2~tcm#6 zS5N9s@^2HH-yc)^tG|l=7U|o*yD(lx`%XHjqdHcdRNCXquz4R_Sp6=fA9~sMU);wkUSo8B9@iKhzujNuYo2Z& zdHjAJ&g1t;?DP0NHyq>lA}2EkzN4b#2Pf-?+3?tufNyB z;jh<_ufdZs^ z(~`Gu@Er~Aq&*hY7}0*)2H)0T_ovx@Gukin2=>jH_e$&>P>(Gip-jqq494<~6>%-% zTlKra<9zNlcrv=}irzV@FA&aiRDTHfmGqo*Ihdgb5 z=jr-A!H*UF6D0l-_P5rlwRY#=T%J;R$#?5#*3K(@<*W6(l;$gZ|BTETrT?s3*mr}! z1m988SN~VGr_jsZ^U6Fk^&h;{2Ax%1Jzvrr%8U7LCcIYRRleR?oiEH;_^R=p)iVIr zv9jWkovmMT%)L~N6<;yi0ADzvvwGg~+M*v%`mc2jY@g@f+u0h0ze9@uTcKb2Q_QU_ z_P$%${r~2Louek7nDiWywDr!R+MNElanZ}ipbs{^Z&6>7-eXU7wiY7)EsDK7BjZix z6B0W|%=FJl`Mdo^dip14|LiNF*PjLHOW}|2l9r=>?xVgBqJHix>1+QJ@(+9G%*p2^ z{by*;td~PSY}xwVw>uPj=ZIZSxUaD99=5&Xcuf1T_>=AZu4A^}0uKAPxk1Qn^Y$~n z^4JD{*x}u^t|MZ+fc@aJUKBdOi%iQo-h44uwzgf=cs-DU97(j7O)GjR7tB7mW%!!&r z*m(lVY2Gj)d`OM0Rf#_YKBusAroI60TG;ptQ(qC^IaD{H-=pZ|MbQVle;tD^?_U>( z^ZwPe^ZxaVaNfV_OYC3Wzul-k+koOd#cNo`{_Q$W7N3FRo~!q$yz>+7Deso}JAdk` z_7~yrGaq)fzEAuauu(pS7bP6^<1;*7pL?k2jqjY~h%bMo!HZDESwF48>(Jg=zhUBC zKkBN^_in1)X`KykLip&y55SHuOjW2v|5i`_Jz4b275fk18OZ;eg-vfH9O*6cF>~ff ztEcEUhCP?QzOeN-1&;dk9^yLa-Y)ttE!EwcN_b9uQ1r)rOVpQqd-6~AetGDPzai=8 z_|72?y>pBnpzZB*it&fTS${m^bLgGJ@?-4YtE{=t#T*u|Egf3eIUiTkUK0{O*5Eg& zpU~gj+1+{&f8uz=^yNt3^!#>5*vsc7b`FW@#r2o}ulwhm9s5Qc5BP4|W8hU%eK|fy zd7X3O^@2-_-Z>(kk8fMp__kHVcaF`Ha9mG!jtYlpgXXBTNY61$vHr|2>hFKzpYIaR z{yos}@B9D2zegMX&G>ix`=s{01pD0o?nwR1{_;$N7i0T~`c=Os{XKJEV*BTn^taqU z<>;T*pXufL>!Ut%`|b`$`5 z{K7xSmy6&SU$!3CRbB6y%sRz)N84We)L6YcdPC}O<-)!@dOG^$3;XWqpWuHS-{>FH z$lCsy-;f~#`N@|wcog*={@A{Kq#gBZe>@G&^?5oR^!w*fq%I^7lCtqy1$9| zZXe^|eMv)c4%g9euD_|QkNUGe>_mB^KQvkY)rbG`mefb)r|B=59gj0V(%=cy&met+ zf79ST{0;m6N&WRu{#<{f;aq>5;ts06ZQ)#h93uU<^=Er+iGR7hj>A6ZcRU>VRs9M3 z=-p22M)v? zkNOL*2YY-xcVXkJ&++$0AMw3j$thzsMi|BP`{B?Ve*)WEj=w$}`k!#}^h@H!{mS#+ z?5@UN+d#P+{x$YX7WVoa)4to+=l()`^?$%8<%R+QY<(*K%zIEN zwH49w{ieS6GxMPh?r-n~4W8WKJK-MErr}zb?>w^gG(3*5?L2Osk=4ABH3$#LK%rbW zn3y}=VsJpt>?q5V%W|E1`S|W-xn-=U^K0K*FE8({*I&L~SwFsBo?YVKTH@cjQEm6d zb!xqJvRRc<`(J;AI{QoKjuk9BSl3sr{!%;iqp7j(N0TFT#RcuqqzGNj2~QpOigsK> z2Uh9b)!(s0t-b5a2$4rw*F)Y5haXktRaXMLtIgB+4|nnZRFPZ^^;G}HwZ3AgRogLU zw$QTOM*VlI?Veea4*#L5ALKc85`h`k>G2<-?kx#*Z%OD}WB6~#Y4MM@=9{N7oZnVe zXyD(l6dW1h@v}szb@(jp!@xZTf(NAFr`iTYi$g{(Wkm4Nfh->tj){v?b z@_YvDzWSWRuO{|=dkc`?$|e8rVm|}vZBkgh`?AoR-U}(d{0HrYGi_lPfhKCKL0qQ39&T#Z$Fw-Ju?Y~RP> zXkYVtD(P*{PS!u~mW3Y`7@ zDjfcr{(r!czWw24IQNHF;OGyhEK=9!Wvo*yA6d53JD0Xw4Sq`{;#}W5SlS0GVRKE@-*yXkO@caCpzjBl2I z72@y4I>qtB@g@AX|4x9T|Gv9fJ$LcG+Pr1^=>J=VZNI!dS|0m%F3$#Vlt=wR4ZZCV zdi}c`&i-8ihkxqr?^%Ci(jUHUJs0vR{8G+_Ph>f%qPjnSp76B7&P8 zb=A)n?NjtOklq>SO+$GQzJTQyDkA;D{e_2aM;#MBsqmqs|2M*ym-MX9jo`P6{&@=K zcrqjTD!y;^S1hkDY<)imPg9Ag-=B3^zY`pK)AQOzPVW#n+xNj?Z+d@i=-)~D#rCV) zdyzW(sy}Z+IQM6dF~$_V+n?vXa}{>3qxJXc!nWu6gmJSH`=j-_P+|My)r6xzYX4I> z+yAU#|HouMX>{$c`z+QC~+B-Uh#wSLp}Gu=IM0 za>9=F{%gM3Yqoy=MljcpK1O|hb>F(bY*_rUJuG+;7HHy zc|r0UQ)gezm0y5xw6}9(*Cnl(8*6%hY54aM9O*f?UHiC~-eluj_Uw=Ew}|-q^B$c2 znG=7*ALqW3MSHI6yY%f4O>Gz|*JPVIW`MmgzcNGQ}pjMaJF9y4*PFnZ~qz2ae(6chHd|e6;W>TKbUaj?|3&C_HPxv zd{<)aeP4dq`+nnN;NP-dG5ycOk-mIZV$*ZHiu5P5|KoCa>xOH>*{fF=rcomh%3-{F5)xK3@>k{}S!fO}SekHH_!#EJMFJd;>hEN<_Y$W$^Z}_Y!8TwD<*g zz>%K*y1iw88FK}kJFd?8QHu7Lu*~*y*w4O5U7tUnNo)EN z@$Y4s72@MSpaXO6KvUryOOOL^3LJuvH!O8UQD&)i71g?`dd*5JhY z43>^b$^|#n?|WOj#){oP1>cJPXYhJO-{j*b@xElzVzaNr{2pcd%lSDsJMvS1I{sz- zkCWcH9~+QTp8K&r9Oe5Yy=@nI=Smts=1P7Nd;Amnr|)L2ID9KV#q@V1obz|QiS(x| zTEEY8&tmWUH$4>j6J=74JituL=PipX!4W66&$o95X=GzaR$8$1jg3^Y}Fu&f}MDmB+8M;TT^X zzs`eW{BrxbLwovw;`nqU%h-OdW4u-$bGO#tth3tpUaB#&$LRWflKFkV_fx*tXRh_8 zZ-2-Det(tdRoq{b^Er@D)L=yzrohe5sZJie!PAj z^<#d%4?NP7*B&~+rneq_HPVxNIW`EsbBV61eLY7}UWGqmxoqK^7w7$3gb%BGYq0O)$@X5)%e-~sN#+lKjx-eg{S6%c9W|k=+LydU zn}y!vgV1a5*c|M4;J-}#$M`AEHGGHgLxug$yyNBSwYt*(5DvZeO&(7Dh2H$0#FxlV z?x6n!AGS|dbv@a41S_WJvz-xta?vv-zmlh5Z=`vSrN}*r{|4^>FI)7cuRhWrw{KU= z?+pK?=uKaJq_4f{hrN0^^fMj6+*Imjp*s84^6-c74+?Js|DLqtc<}Qu)3>T~7)|7N z5}V#Cm{$+5E@3CXVUyTiQC{?y8h+aJ#U9RO$lz5-|e7Nh;Mf7Vy_&+#bY`+hR*wnNB^|GZo@v;mvjB1 zJid<)7u)amljp!bC?- zo~OU7uXXYQ)&GV3-?3nX_iJ5It+`^MJ6V6leAWMX>i^o@U&8kh{%IYq(z#-u(^+%! z+Ee}iooQ9LpZ`~^UH#u}GU0kI*CH(2QeB(mqDp<)*hi~dz5eU*-za|d<)qmSd7-v{ z1pj*d*WAa6fFV`13pOm&3TO(|k{OWa~b7 zL&B@_>sfbX+wZ9#4W0-2bc3fi_}vD#J{}x@M1y-8+zaa?RoA+Jd6GN8J^IAY@3p@R zk0b1F!|@|qJ$%1ipXHn3nOQ3T4!^TsOBBEK)A^zsCcpN>k7MD9=z95$+F)dB9DZIv z*x#Y+k8JrJdat?k@Vj%pkxb+rI6o%XmiFdZt%(^~MSbex8}_#?`DQ6N`y#!u=J$&X zVE^A*hc+Sf~fZ8yJW6o&1G1Xx)bH zR{wxzh78+f*eApK88&Pt9nO^H6Z6&c3BO&~_YYo4_`brv|L+>YanI*P^pC>62U}79 zeU_pB5dAB#>lEL&_$te%E2{0^ARPAVFIdmHdLik(Cl-3spSQsi6aPE>{}sMu|6hZ% z|8F+@cRokTqw+mC=BSvz+fUB_bvW|>2`6)=ZJR6CzziX+ z;qIW3$vyS)^o)f+hDWphXZ)18fkjw8SrPNGhu3MZT=-9G1M2A2oF%UzFr$pe#B64dKXN{Rs{Ii4DEa+voV# zBz@m{^)c!^rM&Yn*epYM|H4PW%Mm`Z@I9;75p{+AZ0I6A82qckjz67n9)Gxv-HP$& zBDPQOx4d2K9dEeo+kPg%@n$3Vy`p!#*#gev&F1h+)S=>dvkjcbn*-oH-pDcD*gt;= zNB^|{E=D@By}Cac3&;M%{5^m6+;7DWGeZ7JFhU!(p^&wEli zJ?Deu^lpK3dR~Kz^xU5Ag=2fViVfve{8?sX?Vsr{Nd9ALtj3Fl;7DKl)#0#TosHf4 z-KFe*+)UH1xxVLzqrRO(x+9$DknRNMIi!ceu|KiC?u2uFehZHJQvcnC z{^5rHnTGz^q<0SPhwz;I6#d_XW%fV!?;TFA-v#5CrW^w6??V;Ud|QKml=yD!e*x>W z@wjtv`=}lp72GxyDM*ZS6sN zIrR5qzdrnjVlUs@;6edx=XpHHm+50F>*zwuM`vG4E8@z3F~bDn)i zm!iGboWouokAIn`5;yaP#LfJ1gD>Ekde)B_Hkj{e@X0d{=$+Ft7QeQsykqX5mZ*9c?d+hsVhm+Skb#^V;{pJ$$r^fRB{;13$ScNz~JZ=Y`P8uW*p-i?XZ z{%QTbHT%4>F}xy6lBwjA^t&egd~ek8UoQ52ukgN5!lt2oQvBU0@83(`{YU6ODgArV zNBW=ijqNAU$M)+tvZvz5IGsU`h4)4OL+VJm0loma6B)JyO!!5Vk)ZTX^-w zm~)1IvAsUEIPc4Ze^&I@qW5@y+rkIIJ~I*i>i<`h|HhvQeU3jf9Puqb)4bZ{_Z#Kk zPvvvY+K%KE{`)@5J~;gIo5#*yUZ(h?y~n#@@B1u2O@7xFz4qHv-`RdiIP8so4)qtT z{aiB)*gHq=X79@YSRh`epb=vwg$+yvoM#1K2xH zB-raGncbgfw*G^CpQrEt-Jy=&^8KF+!F`2&|L2Bq>_4@CjrPd)Ptac3{!KXSFPn=w z;=9^`gZ07+W!a-&Ygqso$uf-?*VaprJn~>Bp?t z)tZPu&J$AfZ^q#R{;jqG@9Tu^Bg#a0QFyKzTX*sP(d!AvcqMn~{N zr!@3mZRn>p^gl@Yt4Mzc<=KgK$~LQZRnNbDy~gVJeRuTXZ|@>q)wPhgz9Wx9pV{O4 z%m+8v^X;sEu)*xo+Is7g&kDBlmtSe{So&}Hr{4GPXZ~(t-^aQxWjl#H6u)Wh*y}X| z#rLP~$*B&-z^}ZJi!NP&+-}x9a)&9z`#Izrh|q zhu&{u{}AS~K_$NL^= zf0X*j^?wuj<@)#dA>unn?JUZ(J!vS;q5Kd&u*PZ*<=xol_W2{6+sFK)eJtPqssF!e z`2YQe|1UQDpWN_&Ui8`j=i%)C!leK2^nd1t|Fgik{uh9A{lD7qf9Hn(?#r_Od&2)t z|EG|D?msue+5dat?EmQv|9{u$Kh9yx{{OrC&oXRJ*?-$3`#*o9{(sf*e<%FS{b%lf zvHnkFd&t}G6gY3cH^NbWZokvvy#3xwe%b%~8vZ+nE#murNRKCDd~purS?E_MO~vu` zVK~?Stkh5LKhv@M-`aj1PgZTzr^hoL)r~kXb+5hX|?EnAv z`15~z`)&50*Jz*Ie_n^9e(XOBQ@^?YjHJDD{VoXS`dtpr@qNcY#5X;+*I?_PQ9xy-~9i#`j7pCUF;zLU&o*9e>JC*I#BFy-){6bzabv|P5}}bAIlBS3dpsT4}ET z!{Nx^{`oYV>;Lpde>sr!v;QZ;5#Rdq`fv8%_}Tw&H~c?__}PEI=aBu^pJ<=|jpLtl z{)O^b|GoH|{eR#e`2XF8|GEEP@VV~l+j=ikCdK33F6t|ecV#X?wfR}x2}Sx7G4?l`u=@|cZPlD^X|gNe;Iwm z*M3j*+5W&GgYEA{pY4}HANI??(p}BZc(kNH>wCOE8GqvZ(D(7a1D{j;_kF&Lk$>Fp zeH8s)N$;~M{=Gv7;ve}3-cJrke=+^bl71Ccxn9!Az)OrZ9W8hmxQwpjDs9gym2D4K+K?VD2r3tLR*7ENRV`+( ziS;H^c}-jQ(vgvBK_3ipj_WqSx62CW7`u;-ZOH4v2g9=!y>pB&C!FUPU!C;MG5!Yp z{bD~e74{h6?-q8>@x6qfE^PWQ5{~p`ZlkvOGsO3vVqD`O+Z+5Rud-uG6GhGSckmu~RN4PLv!`kLc!-C(a#h2A-b9wRu-l{#ELpHpsLqxR*xqp?Q``%4QiM?5`EL=F|klBB%&)grZ z&*(q)Z|4k+siRkOu>KRCtFZB3ChZ*m6*$NLE1cv14UYKttXE&p^*)$#NN;^S8~xS# zxP|qns6=jGxGt;L(G~3v#U|SyCRf_}y`*0u{66ax=ipsIIM_MAm%}fW^qhlt1DxmJ zSwFe{-!UXmh?UgZ^HV!DlNXk_P5Jss8`5GCq5g#65hYWzY_it z>~$l>_E?v^#?)A~$9izor*n|Egl8{$``7+(^sl*Bt?MfKyY1&WKyJV9!O?z`M%U*n z3$RWZa!`HzzHjkoVd9^~dZtoTBHxhsw0-J#)_l5FSKF`s=bmEk_WDP{vAymwwysaI zsl+*Ri&GbQ&fNU4*C`a|%(=aL45K(_ZaH{lVaLlA;TSKSBe@QC(~I8nZ3jpBoFjKT ze0?dO+t-coG=7TZIg52s9_KLjV*5JllnrRyzY*>)@vHqO`9D{ytM`0fi~hvI)~9_d z*QeK@bA5id!EYwE{cNk;em!us-}n*r_8)Wl{}J22yoWr7pW+-*irnsBJCfd^@C~EX z)^o@YV>z^xe;M?jC45QITmPSfqyCM5CLHl)uQ3JNe;u!)|LTv&!`UCp8vWflfF2Lb z$xrdUqjJ1=w5hi})lbtHxfC8neY#Jr1fBstq2MR!hbR4h`{FBYy)5w*`_qp&^ojmt z`|5vgU(Y{s`#za??PIxrOM3H`{$u{uXZG(%IQ$!h{pVq?Q!CFNQ_sI&10R)%=$}RJ zbpl2Gb8zV8A?Skl#C~;nhLoPV(EA=^4yjsR7g2nV@hFy)Dxw|X(S$!=*!K`K1Pyu* zvD{zuzK3{A!Y36reao8DKNpVlZNKy2X~o|BzDzjh=lm-9{qNO{l@Em46C1eF^Nau39~SUl=46S|FHKSV0si+qV}hegajB68B7`p z5J`YA8EhB?0z^(C2O&V@WOCd=AaV`@7K}v@$>d}(21{U!1K0!;Y-22PGMF4}Y~T0o zuJg^AzQ*3W|NhV3=h<5@>VCg->eQ*~>gwvM>TdX1G92Zr{G^8bE>6afzk+-TIwW%z z`yUnFHrcy=f!_M}H1y@H|2Q1>e?Jdve(-lKd@#uUu^s#cya&7tc{cdo#C_q73eOL3 z$gz)alng+BN#s|T`mh3W=M?s@qqmel4~JZP8>1WclzR^xa^qh}S`puOJS;L@&m6Pd zZ$J-FNp8+?0%Tlkmb``miw7HMa`y}?_NpDgcg@F4OO z@(r2bw)_t?GX!}Q>1AeEr57(j{E)9ogRm{f_bO~e{OM=tE&ugQz2y^T=`EjQ)*iX` zR-o|=dl$ij=cAudn{ORIx=-t%`Fq-9<>69Ix84I9 zTvKa*C)U(9S^Xa(5B;~%_uPy3ur*nI*A#@lYjXbz$C}(GtKXOM4}J5q1?fe8e9zjB z@S_|9gZj2tp>O_fgCoEC|64fnqkm(Qzoy@Z^uiz4^lk>{HNBJIzMK;V<<7ZW7!fyuSKMr?SRNLPf&heE;e7~`6-};FZ|1JE@@qO=1j;}o852bUr7ipE|t<~gj zBEJUt6~!Orvy)cnD>pw`{#cT4fqY&3qgzsif5qB!PAl761b=gSN5EM=HOU|QHftbB z>2+)vp4+pd)rCJa3ssn5FW&RW-sy$cg-?c8D|{SmUzSs}3J<|vBZn5Ai5m&$NS7)6 z$vECi*{|olq9?;Q<4=_LgYeJb1&h9N-=mV{yjrN2d@nfU$F1E_t>M_F#J~U4j_Q7T zr{eG5VcQSS3Bx+4@eObG_bhxm?Dc5B!cV|=vwv{mxlZq>`qzgS-T~f_vOA{mmGDJy zci}hTKfn_TFM9^xC?`Krp4vMM4tqmS?r2%xT*qnfy?&nmaev}__Pz^8f3L~vuT0#m zFK7K9C02hC{LA`s==a#!SBPK!v^0g=p1rK;bWLUJdxic zzfIm~CB7Mq{DPwI8o&49IREy8cfp?(`OPpE{fpsKlfE4K53Sg@PULU2oz4N2NUV_pcnk z_X@klYX^?sS%uFTz#1_27cK0Z=LhVsQP?$dAF{tvVdp%#WcQl$Jcja_Smds;dw}#t zr});di0_=_sN|n>hQ^Qf)j2hm{k7-hoHKt6-m}>AJ%97!zjesqnmqmCmZS>*6?2}B zf#v*s8~<{CPJ|;r&fz*9x>`x!{H#y@a(3vmx^mj6O$^KpoM|%1@4UYWjuix3o{vO}(*K0$L z@A(t)Eq^Zgy~_VtIM*lB%l^K}@rv^I{Lx;>|1AExVR&;BdggV(X2^Y>^Ye~uUA{4JmIXM1oh zoZADRhuD{6V(|Dq4d?vN->7f7J@9F(wfy72C}CjP_KZ@O-xn-f zj<;c8Ytlw;Pn~xTH?3|B8X`V@yUaejW0<9E`%YKOTAlny816rn?doQ@ zTb$xQR2K#){HJ)rtCHR0AKx*^&3Cm|Njv$sGFR;^?mi}m*LDX}M#RG^|Fj07(&2r3 z-|FVQDnmaJG*EM2t8DHt32}9=y0$wxbUP|tCtvMUPP(UQLwEHr|4fOUNwITo?3@}q zC&kYA*!kbgAgI&q3YE^-skYrW-dN?Pf~pwZBP(?Xdv$46zkQv5d)2>izN5R=?&ykG zJotsOA11E0oz=G6yJon%MT@|;t8kYKJJd7O+bJDvJ6qjl+ppRVD$L6tD;~H=_mu5R zylsivf#rHzUW_-e=6l&p3QkJ*BZvW zmhpezi2q`W@4V!%u{|x05a<3T>>pp!bDhE@IOc8TI~#m|V&^6Q2*au!n%-c2`q<1B9$C>wv>pc8#4Zb$9^Um6y zt=OMssro%f7bpKGBMbkRMlPRJmWGF%l30&ejidv>v?@lw%bqJ zC(A##Z{9aY`(}ER;Ye@ds`d9{-{3dHweWLnmn2Pt>&|Azm+{3P<6GAvzWz9mll|Ec zj`sXM>}?IdSevWfo#q&E_HQpZ{PSIl6mff8*D(q6el~Hn01UW8IJT9LEiN2X^s|7C7?j`9Kl0&xfI~?S*L=b{bi)YdNUY2j3O9 z1ZjH?8MJ>19QM6FP$cc^gXMPsJVa%J*TW;&M)`R>ABA&y{S=P!vVDFUj_bo8@W;C2 zy@tW`E$>L*@>vkh<AUWRBIvd5#`2r0GX&-5u+8go z)+2t%tzTEbQNQFNeS330zbA2gT~ip}-&FtZr0=`699Ns3-wdWd7o5|d5svhgU(t}C zljN?;8;6~DDr?j`e6@Xu_@@6Voc&ifSbw>->E-WOIOKcpUa#ZZmoyF9dpgN&5B>yO z28OD9@F~Zyp1n-*&rEXlUrwz53sN>yYjf4Qv}XT|B5Bu0`zGtdw-o)M@F@1j7uLS@ zEBvwk>d)f7ccE{F}yKT#r0o-h+n}x#x@J5$B8YFB|f| zCi#RT>b}F265syUSoWhoX8dR1Z2ws}>|Zycez)E2^ob1Sk6X=N`SW@m`SbiUzj6L) z-|KU>?=cAb+WQpF(5Gh=I=5jIe(YK zQC`aLZOHFS^6%l;lGs{<-wg73i5Gxf2ljF;Zpq(B{NzyDKI;3j#UJ}q2g1>xQf_}a z%dbiD>rQ3Pd_cWc*(93$Ch=e8n6Fao%U>r?!KT*_j`ZX$6OX;K9y9w^@!#*^IxfYg z3VsiFNBFtIeh>E;_{PF_!Oy{WB>9U;uD!p&Y^tC=*Dz&!K06lns_*f_S>JKmtna*e z=47=P^QGx$`txzH%eI&8O>~-Xr)I@%48nj(_&&S@c7`I*t22r2Rtp4XIYgz7}OsFhrae~Pr{!1wkM&l{Ku46mOJhr za_xCN$o9rI^qD$s>#sJdPc=5NZ|zQNrj7cvZestC!s9=#*Tf%z4~AcC(5HGXoL z??-ySlHdJhe>mO^rhVmM-}p!2PsEoW;dli*uJ}6gJg)c=9OH!Ale4`)ke`UJd{gX& ze7)=H?-AQ)G3)`~&35mK7#DzD7jtsqhhY16>KGiy?Z*DvT;~mbZ`gU6Jg(}qyyw^A zY8{-0czWt-Fgkdr^+AM$iZtCP4pl=!~O%6qM0 zg_WO`)b2}gRe^Sr^P&+ARv z{@nyW4)0d%o8C#3PoyWWLU{!LXYyx%I{Pb!zuF(s$e(MLv%Vbq=4TZ+@*}%$C0PHQ z=Z*3=fA_+>rTiV)$lo$4f4=K+di*=M==*NR8Q{T%{XSMV@w@mlsQ-tCzWv3}f0N4h zA^D5;TK&)AZ2t>5^p!t|zghkxILmJ$?JU0;4*AY>rqAd4a7~}uKi@4WFI!{vuC1fl zkL#i9W~`4Z7P;$qZe#!O65n+^Z@?E6b{)@$aE{*}|02Hf2hq*)`^jI(UFS0b{Zo@Y zIrLrUvn=@ufAwzy*SCl-KY={hbv!F0k99oGyNtlUJnym=9M?0~HBN+MZo_$-$#AsS z@)Fn!*51_g+1&N6O!ULoV;n@yvX9gU6HKEI%c&^Qfl(QSn!{er0|S{mk}{GH*?J1>emC zAuKi6pKSE#r2AR*iGY2>GJ~Q^_O~2N|WAALWe#7-3j+gw-%suS)?bacG z2Ni#g`dXjXtd!rzg{LdLSmDok(dSd-|JB0I1OJx%$Nh)vgnkEmjWM{+VNS|pWR2Cj zls}VS>%75rLe~A!HCFH9ngNdZ&Wo=I?^)!o`&k3tv9SL99S(n7$6$JK|77{?hi;UY z{+^dj=pV8kkzguH3=l5DT@@xL|FY-6y;6BxJ|ECsv=I>YR=lneZhkxeJ^F8O!bznJv zxZEp$K2s6#&ELHE8~Iy$T));h*fzl6I)^tK`P&2kbN-gVUe4c9aL%9pMgF}0?2O%f zec1&bY+?lE9=|MKlK5Fp7o{z~2>k)@7$XzBo(_aVU#82`=8LBFYq8X^J$`9=kHR@U z*KI|7^%o~U-t!pLKON5cj?IO>?>blxz36|x^>)A39DO+d@WJqxFZ#8<2Y z%>HtPPyM)GYbv@6;e+AFyi39M?fM#9xBroKTcqbT-k_Y<)wSgxzR|CB7{}i}p5d1) z3VI2CqOk8?*p%~Y^IF`x`1O9RXJE&04EMfP^8tm=C_E0H19_Y$l`{X(G?g%@YSOEJ zrgfIzCe6{_<(H1`j#gKZuqnHPdUm^8-9QQ5vBPw2>@qd${}IZr7Rv7YAu0>w2YT&l z^;x{VP99R-z&3X4AL3t{(<)5kyKrilC%?Pr_v|va_%2-LK@IkMcb&wYhrdhsK3-RY z$27RR!IK(11@6L@_x4lx?q7@V0A}{PgPHw~VCE?e#!TykS?ck#@dCl|vPo=*2n5F; z?_oP=-yI`TimX<{t8EW*I{p7*tJWB zDeyq*t9?j=<3~Q1G;593c;x1APHzi1($k;M8uHJR-1*Owu=QZE=lt%u?B84XE^5%_ z?0b$GO#f!Kk-qb@FTqbJBq)E8ZOGSMu>N+-^OdxgznMULSGNrhDH7*?0C(#g=b#4enzURu=+n?KlEj~c)fURgRg4v z4T(+9wkOil-klx2?Rh_$({p?>vvV1lZ)or{iLJlO;6KS!!TP%_dr^O_AA7*L{)~g8 z{uqBE{^t1BmmJ^m+8p2V%JCgr&GCoBIX<`iz2e*7kN7WfTK|snnZj>|waMF2{LNi> z0rsEckIQ})d~SFF_H3IC&R;Lgc7-CBmrm?_^?C3p{tW+$eXoW0x<`_xL3`h3o9#FG z@P_=R#K&XL^8I1)&-v$z*>}vvpqwG0UUG(b+H&7pVf*YkXE6V(vW@(=(Dm3Hqmb|^ z`p2`~uA=(A8sB1n@51vSpUnONg@=8!9$TJTcoX_1g_(n=f~_QRgvih313w8&3~ zKVYA3c@->Q?~kIqjo%+1Bfj!Y;4I%W$$byVD#YKrHdnnD#QX;PEvb*;&52|1TT)Zl z9wiX`medrs)?tJC-$6I@mD2_3CAU2fx%O=DvpqTNt+F0%KKkFO%~$DbFZ50C!+yQ( ztw?(ua?_W?p6B1G*vjY6Mev-({z{~ECH9{w?D;$&>@hcZ{h1$*^GSQo*Jpbh!C|jz z4;u09>qLChI~k7jwD&BW?L7x)dmq5rpAX@%_ZJ$U8L;U!$)LS?*=Bq5z}en#INMte z4tvfoT6d!S%+KhC{?-EDiSA*BDz2RePtoj$r)7C`)!v4m(iR~}gzm5KaeB^XJY=7gN0loVhK8IzV z3?9!<;Ad)V{rM2qJ50~@iQf(K9^@(5{>Te7I7ipw>U#ecJZoX)Cj(i24jl4xC>Tt( zpTqH6Tff9duXzUf7|I~{V0a|yJBJtYd+;~QpCbPuUv_8g&%}H==a|9x6X=xpk|WFV zH)iXRtAEJcz4_7xugozEdq1M0Ed-xl{F9#~z2L`b_|CzPXir~<--9>TIf8PgWZLpC zV1}gH_oL6>#l0o`K&{@o2;L4}v+ytPuAk}sap5=MJCV~&RzZ8V_cXIr_>}mIa%@*E zJP-PN!+RAT3g46D+P6QN?au^<{jXz>A;fA8q$VDuF*%*>z4%~ozU6hc`&LxX54jfc zz{1MyA7}Y~aLAos@!l@auS`dJd49#ZaDK7pb9E=cd46R)9P=yscQYLRIlsg$Z96@g zTf8>w-)YpZ?BBecU*VtM*7+W3=lQK)!7;z3|7Vcj?Eivr_TTGWFaP0Q{=?zF^IzY` zpP2tTxbS`aW^i5mxojUTZ2Bv4zU1_;$N!xEdvH#FDfDyt!{A8YZ&BG_=*uxN{72a9 zSJr>@|B#1~{~W)`mo?v;4XSKbqL_;a%}J#)swnT&CmOubCgp(BOQo z?>N}1#_BnRFW`uO(s<@`IX16T2Muo?*QXkP8B-DKnmM^0pLz(N4YM!J{0O$=y#d<) znD}8|c^BqFRojLNbe{_I%dFZVQKQ{-qbVPBq({A9ib|1(d<-^}CiH}lN1^yc>m z^|0^3k+&vIgYUt47oJ>W>*_r_s_(F@RQ&V31VPT>Qat>8l3IV%K05~_1|yk z|2^qDKkRe*yOs1z|3x^bFQ1a+w{R|Ixg7H2nV+;Tb!5@^TS^D8ALA>2d&zTsOp!ZZ zI*EO+VFu$n-k;;!C(iLl!DA}z`rAok;D~Q}f9Lv`_5IFp)*lRqzTaBv=KS6;+4}&_ z^3e_XskF}_--*FP>-Kde{^{_#>>pnE@gnz}HmH9G{$~BZaePC65e6TBgS@lSW}O@Q z_Meyrse;#|G4MmgF=$_T*x!KoccFV#Ev~*TbO;>&eun;)wD0#6x&Gb`NBa7AFr586 zl=eU5KIdxtvS^9#{Lf|VuTj|fxXamJsj%}u&$2(Vu+JUei$4U^@xKR0 z{IhBQZEvnG`FDMtZPgt`-}c_VW3>0q2WfwsB6q&)HOh0}!p?U&zqMy!=lA{uM|#Lw`Kq_zxZaxIZSgPXcON+C_ZT?rsqgum^(Vqv|2jDI z&ClV)&-u9z&iT>5$dCG05kKo&KA~@Z4@E!c_b@opTWxf|>Uo4S_{}g9UW4?a{#hQT zpUcC!q$m%M&o4_JscBVbbcCUeG5?%JZK+@zUN5?BAF8f7?~z z9|f)v|0oQY@gM!lc+pqmRq0Aq1paMdqo0xM9TImR7ph94eka`B^K|d>J?nN5w0xhwedSw<*Ybgh z9ZUQhJcK`kb1}|^&sk$N*5`K=W311yMEk|N6uD!$tHaT@IM((n_~;^cF3o30W-V;| z5o9aJUmK42$`5YHd97Jn?%1KvrQA~NIalep+4#baHJ(A+5@V0&G7fe!GRIF0&MiK| z_Q8s{ro(?{KiU%K7HKZqbBjI;%5X*N;i7MT-eW)VqdvnAZT(%aCx5G?r~NT-*nh0( zuT$jCCEkPliDdt$aM*tbeb*Lx%nYW#AmtHq+2?^W+gA+!fBFCKKmNP^i{o#d&d2}p z#_@lxar_ra$JgV3VS~N5&&S_!v|Rs9E7$)Sl7H6cx!{;vxBhPl=lcHz@x#9Qt|bh8 z>%W}qzkRb@|CQ(Z{}i0_{{kHLt^ae8pIrZ!PWdzcOL4x3ezQD0-#!0xel3siNB<|m z;lKHP9nSf^9}fGTuZ|^Te{*@bwqRc5&lAU>KaM3td|7$scM@ygo*T8R_DK3Z8@w2@yGX;}-0&7`+jGOTw=2Ly6cTLzS7aOQzt8&FuiQ@|;r(Un zx%o}zsd@k97<*#(h{ArO;*W6tMup{N9W(e2Z^v3PFO*n+orlW)+P4mW^=BhE{PB9R z9h|Qx+rx1^d6w(p%B1^hl{#bMFfO)cDSd`Xo%P(U_s52>as4p={uxe2e;nJX71i;N zWIxA036A&|EL!*5y+#;5C;sJZKdPvH7WOLkKgLIc&kkS7_9c#)!DnNyW4mQxpB1oqoejj0*^ZOGx@~ix%hWzCuA4@q5$KI;^W>9|zINRG1&i2l2$j?i1-z72> zJNaEA=I!cozFvAjeIL4IVb9Oqk>~UC=)~&V)@1$DlHB-{5?g-P!nypc-%)*Xney+m&Z`sO^`8dMhyB@3L&sp>=}floR8-d= zuMbhb)c-l0_1|jf|0(G=pRLyZMA8cTCl02s3dgfk*4NwNNN+E$W!J$&_%j&awFo)> zr;YfFBG2)CHZkJAwp3mJ2NZkz?OV5JCztx}H!*G`o%~IV@4~ATeZPtEJ$SjoeiP#k zc&@@8?|a~=FCOnH@DTnCwl7oJ#_?X7_`ig=ol7bA5;VrYVwQ=_`war~zY#VKzxsNgD*w+HxorM}=b4{p1>hHoyvds}(Qf|Zd^NuLkNC3r4>rE} z&Gs^D&-`b5=0D=QcEJAKftB}^C7q{E()XHXICk?sRr@=wqFV0tJ>))1`#boEa(tfM zq)+v1h3BZ@xlQ|2-^{WPU>JKR&%U4=W9{0XiS(vbQtA%&y4eqV%I{5b{c~(Ir~fNB z^sDqKpGaT6tHC~78}iE!WbHob9ahpm9$tdJUi6oh9}H)C2mWXI>Tt+^h`zpzFZSfq zh##!|8)oPo{{uM3pPq9z>#zT{-umakS^ow&>yMhbp%3@cheQ8CI-2|At9@|86NPO< z46^NK@QbkbN|u2^{sr4$kFVnsaeS5Ae-F95en$^$-?^T!FS~XpSp6wUUw$O9=^Zy+ zPkQn;1A4eh4|_TNkC6vE*E$UUS1S2&ZrSr8&;70lpI+q7Ew2QxR@k}ce{aYyOLFbc zjBd7X`8mni) z*J3}fwOJRAwKjJ!vEsS~$CM14EXF%=+1dv(*k0blHrh|$3I2UJ*53GzOzY3~{28jX z9_+{34cGo02FKbT*CstgT6t|!i{tkO=Y&Cj2GM?nKkBaqXZ_>g&{w`U$2-e!hC}XJ zqaoPM`Ckl<{F~ox;GEx+;GEwHaOBr#K_{tCoiw=i^D8+_@;;KHCu|EAdW$MJ_{W2{U$^=>@hR!FtTQkfuSk)S@})*eUnPsYISm9oRRuAUt#5b z6DQ>Q^Lx?`f7F*l-}?40adUkehCJ$<@wFfE)%W_B^*4gE{&M6e^i5CB>5af%j(==A zUrbN`BmP{RT=I8I{#;vOd$vPi*Fub7-!{>p{M&4^{2=lZa_!66z8v<9R8aAaL&a@-}rLG|DT?J>)#%fWv)Nm z(zNTJ@*g(jFE`{XaJ+MT+xn=##y_PY_q_vI{_}?X{f2xg>O;1_Ih^C4(vaWWkiXWD z`;PgD?^+n!-)+g0!L>I(W;;e8xc25vw$Yza{|4-3{pH~?DihS-63+UYP~Sp-7;9;K zmR}zY7jtvA6})*ZwAO*jIiJ`N{GlNH658exq--R^DrxVKeyG z1A6XneV4;p{C+rPU}&;yf4qKgSc|Lty~cjnH+|o;H73dTLOri&iHK4-Q2S6IEF5!oDpoxvljIZ-0K@mic2?q6(wYUkra|DQx^1;2eK4 zoa6rmj`%mA@3W3^JvaV4aKtygcY)A<1^E`Fbu2y@X1}y=Ybo+KdySRTr(# z-t;~3eFyvm;=Whn%iCc)GfifjhkT=7^{(OFi@wkD`>vdi65o(m{ZGkn=xcu`>Swn9 zaboo+P(MRo`@ev*{mscwu=X~Xp~s%_$8#_vzVZdW)+3jnXUr(l*Z$-99`;<@^9j60 z$&YKTK4sr)q`|d2D^flqYpmX#a2)*a8&%|Qi_F@43=kk~bj`)^`-&Be6F#pfPIseX0 z=lsu3{G9(C;hcZ{`R~fV`PsXX9}YpU{7gvsvAkBp|6E?H!@0biyNmMj_^$`&{GSVd zRsOB-<2V*kzdW92!})lg1BZS6_j(b>!}yNhM11{ah_CIh{#*)Ye_n^fACLc8aL&&a zaHOZbKXANq{(Vn<*54Bjef=4d&KJ`ki#(_ATJ%W&4n7#i5OV89elv`_yndHbCpLmN zVL$jR5iRx7`o7u_OF9_b_aB~f6Y6cJ<#3W9hi38KbA#$6)!ta`{%{3@4ZXu^4;Ra zPUqjUduq?_X=#@%7lrB1ZST5JI(}t!YrRXP6zscBNZhkq4s!d4KFuGdZ~kyv^M|N7 zJvOKfy+YsS4<|N%n7#SKtj!<#H-E4X*(QU$9p%To2T@D~?*u0QBz-+OAq(#YkL3j6MV$IlKf z?7J6~IR|0TzVo|b-}MXA;8SP=4X$7K2#)r``DLGNd85QPe~zz2{(N_YV=G6Nqb z=>_mEHCFE;;1;lbz1-{BdhJYgYyN`qt7rv6`U{dT#NBz$IpkrdHme*nHWEJd|P>pZ~Lq> z|M&ENHstyNhyTh4a=iDgldI-8kAx2??0n-*@Dao@sPFht=*y=xcwUZI$elm+S)v2$ z=q;~btFqr!*z40q?8o)V>({Ap=qtZ0$!})9wi|!0#iqe`i|s=CaXvbp_7tQJ(tu z4&@#Gsec*%X8q@K`6Hjm`IzNT!C}wx;1KsJk4y0*%ESEs63*w#0QB?uG7ygQ#rc-y z;XL1R3LN=$e&nYO_IwEW+l-Gd1P`|`2(+1vGWPv<@labi>r4r@4@+(`9aRVVB^oq`4;xB zIIg4B0UuQ2KeuMz>Rn%+BL>UEx{&>S1rC3eJHMRe8^Kv_+m_{%8uDK>v#Ct%vc|@gs|E^s9 zEI$~3K1%w2BQo>y9PeQ7x4wiY7Jcu}`fj0j`B3V*P9&QXY(Sya$Zl_OMZ8fTORh_Cl-G!KgV}-ex09){8snJ za4xS4;YiQ&I2Kz`9;QDT&i-8shraon21ow%=N$YCe@t&D@|)8;AeB!wenEN0{q7ap z_G=BLe(iuwgX1&Wi}up-*vZJFzhHhH|JbuuZ&_cQzlr=>-qVmpc|TL^&r$UCe;oB8 z{8wLAe|G+&Us2TS&0M|c)39CL7$)K}pQxwLQpFy#T{bdiyJ4mqHUo1S%U;OL@XxUK*f?9{%V8OrV=ENQ25Hk zTdgj{gwE>U$Vd%7|8f?)57t;c?`D6*dtQUjzj!|7=U@H^Kdg}8^D0x=(gm!7-$MM7 zy?-mt`aH@a>_1WD>bw3a^kwf~gZ&obRj_OP4e}?6)nAU>hrZtq+zpQTOVfJ-&gpsn zh5qA|v(FwMTbpmG@0#kY&lFo*-}S*uqdTPNyI%PK_U9~o1r331&2_{v_^!O2*=}C^ z_uYGsz(*-0_^v$pq>A|V5$yfVj^*%e%>E4gc}xu6kJ?w-rN-)hlp(El`{26|4}{ z4IV`N{bApiVK|ZamX&=*!`@rg?|tklyb^kc@%uBCl(Im6Ci^Fb{!;a^iSd@#$j^ny zk1le@8|H;${K4^~PIy|8PuQb=p6D@tGw84F)6|Mci}LnfcSvFD+i3RZEPOxu=dyoG z;i2$(?2j)z5%zq&u5b&!n*C!68(&$De?1)WtK$vl>Rqm=M_$d<9UTQx%hZJjrknM=bZ11@rD)9Uj^R3j^1*-&iU9Ff6(3` zaM)8$m$xmSANe%S{Z&)?FTF9K-@guXnSrOZ17!l{YWd`MJL<#1v|cBdlusx%I_nu zZTVt64*|z`rR#x*!eRd;^!dNnyY-Hte8yC%(++OOw-)H%KZK6K@tHFyj~JiP|Ka36 z`@b9<_LZ;Oknf!2+S~YRJ@!67wr0na431Z=%QlbSZ3pM^sx#p8`7>C59$_2x$NKOy zIO>c3yai`}UxLG5)B6a{>Gj8#NYC=NKNIEcc$wFmoW6a>oc^J3PXBiGDN}>T;|4g= zZ`zj^rhZ3yO?G|RTG&~!vc_}Aux)v;>)#kcZjXoh?V_pJ?#Q3W5-+*)cd#E3wuY3mXO|pDhION)Yit`~@`?FFXvi*DE9RExj@6b2? z4YTy-g_3>8hn66xdHiTwIL3FB+cszU0}c5H4Y_@d9Dge~$G@#1|6N1gkM=Cbw|&d; z$28=w=g4x`F1F*}N&kZ58RcbuR)MpAH=Ol1H1lX zfx;id=fR8MgJJQX^ldFodlJ_}`R&BJ!ym(R%c`K<_9gU{p9F_o-j4bfZ2AYlIsF6S zNMC;AL zzsUZ`!ecoeGzsnF;rPx1_&2f09p8D8{EjZHy$|8AcYQ~{*5#C~_bi5)2G+cMjn#Og zDX&~UbCUmDK8wLoKIUgd^dmnrGCt*c7Y=z991r^(-l6cY{rgql zK3=@A`5S`0oWBF$oWE)4M*bYne1`HEQQ~{N-+)IJ{wC=Sp?tV4sDk5VrawpFfiv~5 zzTL7{;f-eL-x|yQvZQIaVhz3x$#%_(>g(NT;^*tn_HbN(yxv?2=j+W+;C#J#6prhS z*RxmPZ0|!j+q3_b?d=R_d$vc}-m!4DcP5$Uew`Fc43j_ak*cg=!*%gCU;Md57kX*lei&EyxSRO+A5Qxdtbh05XZCMlIQw@5oc)^&XaBB+ z!#}SN&FdLey4Uq#8@PQvp*_1gGx5D2$k!M9!tLt|@+BzmEZ-E)@(B&O^WSYb>Gh?4 zny)9$vvMuH*@)21n2UzZHn?!|AmG=O-e6)>ucy+ zf2pFq>aYEWsJ}jsw<&xrZHl4E_74wE`m-)9Vx#9mHCMVPiye|4feZHIsTvqcQ$x$b3`4Z+Ux!X$L(kSR_*!Q=ciP^^^4zr)~|E7 zB0VXjqgsoU)PB~Q)Q&qOejC*D+u-tBk1qo|IyY-oVc-nyz4{0K-EQ)j^=l7yx~8-2 zjXG)ZuKKs_+Q04H)wxdn+bF(SR`0cquw#9;y3XF`|Al{004lh|pZ$0`=;=&gcUJdyb@L7e`KQ!qp z|5cK|zi2H#GwHidA?&OFY0}qTQ@#NDk=_&7Q@&x?jYPUV_eYpzSxJFtH>QkT^o*ZSjXu$hKKNHa9n#6wsTfQ*^%C1><^o( z{$V0^Z1=A#@)mp{`^OaaSX{#XErl88X<@Jy;_Id#yFBK>T0BOP2Uo&RowgvmB@jzSqogr7a8l zUb6$>Jqj;e_^`tF5&wGRj=dQs&PYl6jjufP_4jk+;jcV_V;npM|K6R2 z@=E@H3`czBAJZWU`64GUu1(JEI~!JF!2Jfc|6bT{m^d#oMj^p**5l!aiu|f`_$Ckg zixfWXf%R$y{wVa7k1P7~UC1|BD38?(`&`BD zlt7XTxvF-_3LN=sRv=eaZd) zvl{$dgB^#@`ujKd`wi|({mJ?pH~8WPztZ5PDW4qwhz390;F+k8S$~@bU)|t$8@w{* zo#UUFc>a-nt8YdPuZy$QMpv-~RRLyrG`lK*mR#_5qSThf1a zG~lkGCt9&f=A>@5nqx=iXw<3!B zTHiA>3%Y*i$>4isE`j5{GLDnTG4A2G&Wc=rVqC}f#`ui#CDakarpV=CC4J@21BcxE z{_n&2zW)(8#s$2O@7K5Yeg6vZ%KRCeH)86deIM_Aw(D}@zT5OiS|3XKe$#tN_7AS3 zSKkm{3LacoxqXQ&9|wp0r9=2e1@`CQH^Wcio8dl%|B?L9Nv{3%@F&~%dK~sWA8w_7 z#`z$B-rzMT+bnn7E3@B7$UG1AJM+#BzM;YIC3aj@Uq@8At;f;-&i=^47a^BVE_^3^ zCj0vpKAOz>UN0^&Rd8JPF3Kw6J5DV}f5!A~pu8eI$Mx@pt>XsA;qQZ^zoETP;IJou zhw=*6zVfi|IR8+tHxp}ft!mva=kw^o+Mg2+`;J5VwevlT+;R5p;2jHV-}J)%_g?5% zz1Q-)%`6aj@xDZ%aCV%*Ue`AXUK2X z-v@ct{{jAHecQ*Ze(2>i{j1@u|0Ly;_1~gCWqsSz(0AR_{N#Nac{I50 zXB68v5_>Nf{P5zf*6-m1_%p~}A2QSBYV)(mPluNxPlk8k-@@UK>#z={JXhd1gZE=M z!f`+LH{?H2UgEp1f=g<9UBz5WpbtM&M{g|wzYqVAGBudL!R$x=OrNQacKYV`csTO+ z%3`!B@S4RR^`A-lFY&u=&D7d_^^M?7+21?yW{Le~@#gTMMJ{iVxcWvgym?8_b%vfj9&sFQYZf*p- zdEK1lmHoFof{lMHoZ}zgh<{enH~&{9c6{TPaExzQ-Y>$ry#EMCc`N^>Udn5ZJ=(3j^O>w>{SxW%(vau6}oeeQ!_p=cyFm z^xvYb%>LWI&idbmb9$4K-1Md;*535f_t=y7qHh}ZXZa0tgJj8b&>&yRHu!of$F`K+ z5PURT4!_0rg3_L=uRQeSw;DX0^33w16Awe*^WnsDJ{jLNbXni`%mw?+HJ@v{qw$$eS$|PD>-%1xu&=-4;qdoCcvb9%fAWQi z|55q9i9E_r{ak+X%c=b2g;ROS&f`aVXFk@u{FFQI8*ge{d>4{q?;xQGWJMFQYux;Ll+H@p86tJ+eQ#1m!WZk}?*_ zx)Hx|wqW5W2h=>Qu>IdRk&h_s{e+zFH(J!SxZlve&t-*u*IgVAa~Z6H@m&X$l{|bkF^Sf%wukSIr8-6dv|2Fj{$3Fy)_~vH`{K@&5 zwUM6%;LtZeo549h`8_$>TPE34-|@bzzg5b=>x7P{JeM#2dc2Pw*mJzij~w~2yv%Qu zS5-e~52JpV{*~Cu`MCoJJ0q%gR}k5;cR~Z{$=~$gtLA7 z%VFQ+=W~D~Nz-sQi-;e9Ppq+8H}xj`QDO6E`Q`LS!#Vxk;hetDRp<15?l#i5JWW5B z=c=R?`L+DzD1Xc2sU+9`58&`${xRhdZ2Xtth%bA7W_B%ju;=Gc>Q_ELeUD?D-}gPt z_z?Un&Jn}DoGd?0`F&t3o|~sWZC{J4^7}a)EDU#9x?DL31TQlH{{nU0&8 zgJHUTRhVbBj@DUl^mnGGvveuf-xG>I3(e8Ly7#!Iu;Wo%5;KoSZ3J&sn`^1R61rKx z6VCb!F}3v_pX!VMF+SB~$E%dbc$ISJCqrMk{8e)GU*UL!ev=*ldYbZ&@vkP&zBJ{} z@rd!JCY%0y$RqtG|3}uv*#FGqWB&%{@v*%u?^3?5tM**U<6{@Yd7aA?IG6XGa2y}= zKMjuZaJ+6f>BV@R`P&JO{5n2&JDk&h70&6u2IutqalCT+Un0-xJHM6FKOD~KJAP>T zU&qfK_{(8X0;+jCaERN1=>It2M})N7>TGqz&uqt}{hr;fq|=@DTb*4!N;z&XN0UxR z+V7Y4yV8Dl+HbAZ>Ioxyc3bPD{q@s+oXPdO4t7eC=58)Ont*obZtwN1=kzE0ZS9cu zyV^gZ(~%(Uccz~^TeO!9QQhG4=-jWBL5zI9e-7Tf5eXC zUk2?hP4Z!1dqd!`cPsWL)7E*u8h#Cbi0zFFe*ym;`J_t9`Gd1`KdbkG`qLV)*WUMw zKYPIaY5QCkZjeVd_^8CEBfk+|pFe~CzRiC2_YZLRtNd`<#w_0#4*B9#TP|m*(W`|rZvrA!Pv7QVHx&+ICXXLi+pn6e1{ zZ^PHZ-Y*%{---N%zV;r5!=Cz=CVlPQLcFkNd^yLLBmUVX{&;>f7=JL8KgXAIe7POp zxfu26s;O+ZoZmTQU5#hbe5ULViTwu3H*v)Np}}vgti$%A!hS<#Bz$^dzp-L_ zx>}N7-;m#sflRBz*rpERB z1>{qauUO>sBcF-m9ra@;*n7>GJGuh4Kd?@+_W>OC7M#%0@*UWtihK+_0p6tWRq&@? zuL}E4uU)yGc|T#WJiPu#dE5n`4M%(YI`QYA?K01Xp(l4#V`p0y{tfrCUHrbQLc%5R zpV^M8i1%G`FS#I3@%Ny7bNmY^uN?oI$aDPBluyKWtnWBD{Btbv zcsR<#XT+X{cPQ!kjM&fN#S1$&G!NxDv9M!ryTE%EcI zbzzQ2Tu&Vu0Q&;CSVG@g?E77dL&cSK*J(q&&s(3V%&+ zB%IUxJDk(&;&|uuj)HS~N5hfck4SHQe2ZtQE+5ptbu>IQ&Tsk;u2YKq+Mlp|gDv0V z@i&(*O-kEe%TIYOzZc*f-*>X-_#2US!kj)+fr-cP`yby7A5>-%)f1{DjUBd=|lTan_2s zA6uYa>%Kca8cuU;kd`o7c2`#pw8tDw9u$0y|a+l?gry_)=R399C6jo>@0 z-hm$!2&V7cLZq+$$sE69zMFH=l#sxa9lr~yT1pH`Odjm7fQP-1t{C z;=iBdj)h*%F^sWLy_Vs!dcxKv*?Mc%hFO*n)=ROA3;+Aat zo_UePQ-8x;0lHTf{olgQy?Re<_y9fyj_cQKzpdZV8R>Tx-n~|DDPI@=Lp~gKu5XcI zPx)`)kdK7V=A8AO+^{A5037|-z2F(S-tJ$ETc^N#z{?i>%i$}(##}>@KLn4SrRSTh zO@0!&>Ft)%n}B|#XZn*88^8ac-u9Y&bVHtb76#wGg>U1Ef2$4cXuZPzv4!`8J>PaL zygvFHP~O7}58{QX{ozMK4nK_VM;1Pen?v>IqRb87#hyI6#@3hxJ6gX+wszsGvHv!_ zb>SCbzae#B;Y$aT9`)^z!umH94*zCfxTCcv^(R=l%3%lF632!Rzg7lxOb0ybb5; z?J|^SzTR>R-|KqIEq42QYkK#>IXyYjyLyw3))dP74|Vdbd$_T?hVna+KZEQyHG;MG zFdX*mkIB&=ldqwCGrLwHvukyNwYL%F7xv^|Cf42=aOgXCxH5jl`TEZD^*0_*Dd&$o z7J0DmBt9GFGE@cm^2F-j1BbpmC9(RyNc!^c8vJU5-%PB%zW5gQjZYKU%bzCOmSlgu zo@HLE!6Or!-f^TK>B-}fXI`A+pPA|GHaq?`iuf`9dM6J;;3S%su?b)Ac&@ALE0;wL$#U zYi*Ei$&CsLTkt}%{n&n^BIZ(t^{x7bD;3`L@jCwG!fWykLG|s!8N6RT5P$Ri>OpYC zcP+rp@W@)d`sUl`_%^Yy_nWrY(SCcsYkwf(yLM-Kj@N2M|0){mHR1KJX>hHM_F}xn z`}IYMzi%yWdH?$|yk}wWf4yIf_S>}p`WOAT*SMeO7OXvfX!`TOrcbfA$FYjJuiA|G zDnZZhTlDOH)gIT`|AMgUzqWDkzgAiCU#l$luT`QO{Vz4W4;zYBz7Jamj{6$#vv!AV zI}P5)yumi^W4te#0LOii?0rV&YZ80kbO#*v)xRsrWlp7D@qe4x`%K%>C-}{vzT@OM zy%7ywyTRic?6^sezv(|=?;D>+eqfz^b>BLG^Caizhj6y{NaFvA<-JFvJZ-mf`8ekL zRs0_*?*~%(S|5Ir_&-zL?{aMaPwMw|=!gH-@4Mk#AHJXD`uAjmrzN(2cTpa>e%p@- z`^Mj(!5cQXS)X|fw^#h_{s~*&&mjM2^}AW#KTG93?>FnUF?*9IgM1p>VCT_Khc_n; zgU@_SVtbT8@R^TEY)=vhJ~Q$&wue^4x{(cQKDxwT75)vfIf~qOW_aDbGRZ$ka?>A% zET_L5oYR+c`aX}G)3Yeafa0J2KA-f>-{0V{KN|U)a5sO3BVos( z;<|q^?7YKXwYc>pjrXnWTSpAm4}FjN@+NZonYNh*-y!lk+sg|pACu(9-yP2JPin}| zNpkJ|2o8HQ)8X*GGA=-l^GpX1sZy`Uv1~6xz99OC(r@T2a>tDhgLf(HIFxIOqu($b z{fl6asloV6b@Ynww_S4ln;P*SZ^XAB)LB`p*Co8!i2qiK|JME;)jLGuct7^-j%uC4 z>*UGcyzxeq$3^@ZoHxFb?dgS`H$E3$t+4Z|e`0@rl?l$PI?lskslrTqcT~rJnZlop z>!{X!EL!+v_$mCGyYPeXhwy?)K1;tIx#`c_zbAdu>xLseGhwEwdKX0{+-G=h_oHaNPdNsUdVfFnMX6PSzdtKhM*Xk|hbD5&>Fsbg-=2c$ z-dEu~_)zv4>Z-!e;Wx<7r-l38)6p6SN0<9s@bUQjWs?6r$qz@qKmJ8|-vmE}{%l46 zHTVwXw%G>j#|Y|AE+6Y#_}lq?&OdmTqQ4Ei3~gRV;d9_uk@qkBV|W(s3nRUi?x23d zasJD`+c@~|=-j_4S`oG`r6+S4*Sk)zCwOzR;%EBy6Lc6_c^_>z;S7*DeFnvDWug9+G4lAePmhH@efoukR-fr&w_ne%T|K&8efoq#t527+&Q<8M zPJ8!+p53+DcDcQdXoD7Q@3wk=9hi3K>`~xkC@JL4`dSg@wz_8Ibxr1U4GwNA;CVId}TT3lphU;+&+dJeGKib35UIfH^4q|m*h8t?>So) zzM#gI?02Jl!ciW^-zLSk59VCKkP_dul(q-a z2Xn2YzCBs|aqZ)`;aF>EpKJoW3x5XtWGAzYbI|zRaKyg{w(Q^J&+u5`jf;K#nZSPb z=VUnha~YiN{T$Br@-eoBylfod0X! z$iMPGHRSInx%pj+au`yTM%@Rt{fzwj{fG15vy1#C@-~tEsfD%w0Q))p2jNKH__Gry z$Daqz@jV}MeETaA-|sVQ3ctgj!S@WbFIVRcMAKx zi4WmeTkG20d*E^W8GI(`752|9ti8FgF|`&~_HJQ6+w*+L_N@Qep6_T2d%g$Z7~)SW z_Vw?oWY6~?To1odO{n(pP^V9QujWdv=QI>8u2av zQ{gDz@BAC}hu=Qu&v4>k`a|q5fDME7Ya~3R#_BnLzh4;j%lfk~oR9y0a2$Wj<6JoB z?_xOer~Ho%`4{{aa=)Lv9eE#B(x0?aJ^e2uk$uJs#3-kvP^b8X*rl*g_mKgxH6LoUxw{xW|*vGI?? zzlbmYIHzst17tGvWs&r>YHm7Wb z^cRD}AN5_^82Z}(J?Ch)zc4o}VZSObE~eq1JdTqo*!X=Y?1(SF-{3Fi?UCEZeFon? zD*o9g|1%h4Wel8q+aP2uaobCMt&i0;zvpw(GvOT{q8usj?>wmOI z+CP!{knMjCXZyaFA=~c;B90CBOC$j%Ppm2g)yov;6cVcP-aL@Pqsr zoC8t!-iqomw-?wCdyWD3yMoE7nr$6Uw`E6kDT@U zP}teNobAh@@7k$%86aA_E{@h)*gtOep7+$9%eCVwWUo<12HT&v*yj4a9OWPN-L<&i zf@3YN?MXNMa2305pX@6}eNf;2Y3T2Qefe7@J=?b%;jsT$(f68Quzk7>`4cr(a}M*T z`sN(c_HfK0S--6xk-oe~gC9-o+FP%0hmeNhFYt!cg<}g>@!@RGG5^et`3GyyG5xS- z`Thxx@^$U)`sB@f8iVpp;VgIUNXY%3C@Ssufc;0lC%Pp1aerd`9a4PX1Ggi*LP=kH zyTaQS_WPt`;mrz9zh&Kb*t_sr%hc->*C{-#$TuwPvxv4Y^A`60_YyezFFuQS6`Y?% zygJF(#oqVevr_y!8}f%5@`sb$XBi)Z&oA-4zkVEkv9R|$)8M$@@mb7w;kdt3|GlK| z_fS8EyGs0(s4Jhq&+upPerQ{^Ln^B8w{6enEbRRdw^Y6Ehq~eDf9TH@aQLJClBBf@ zzZo3=SPBk()AQK&N)OKId9Re?znS7czdi3{ArD=Zb@E#HSLJ;B8|-+F8p z=p03?6?844&z44er+j_#9&+u;Vb8UBvys18o2UNG9E+?kXZ^oZUZHRNzi~W*H`)<@ zkslEGAwBhT{9%-D=bvk7B|YyK zeNS-Qe|bOZdy+;Lx%Y3Y;(NY-^F2YMQ~dSei0}R83Gkjp?wrqAu-8O`_lMe#_Qmuj zaehR4=Kp3m{FR?-@Vty4gk1l8HZuG7eK`B~Ae{aC1kV2Tp+02)^hf`e;V=Bs_j;nU zGbTJ^XV4IS=|b#9quyDVoiWufy!F?efmG9?!_N94TBq6>Tp*3~Y7QJ5-%|ho?b?;MiFFiC@^^ zmofgrC6pcNWwq1IFIB9r5Ou~cY`y;-G=`+=9SXNrCaL_y!#3!D`FVuY>dZT6c!S zzxU}U*zbz(eD9CGeb^&Pdgjl5eCW$RPJH6vy5E<_nSX;k=g)D4oIkHQIe%}$Ie&kK zbN*K4@a6pR%CC0*^xtuZ@Za*a4a(_{f+Kz3pZr63HvSCGiwq~dvumusV-HU)Z28)U z>(1NBP>X^1gR!(RUntYxteQ&zx63Gk6NW8|3%c559I)*6PvDE}7(yz#&)P>r}A% zu7M7H=S^I@5&d9!ro{U1TzmHa066@2-ev;)4n7;~hxrT*r(G44+m2_s{g#kBPvbKm z`h6+B{j$rs4n)7~ar!MU&@{bP7iZPa+Z5iv zu>CIc9{n==f%DRD$nu#u=R$6JkHF!t@!zLk5OVu<>(FL-jv16c28UdJX7(PopLYU{ zQ|{+o49EH6@i~CDD2|Ws>{u7OD;4{$W!oISsIY6{_uc;nkA-frk9SB-g&< z6xsgzaJD}R&h|Hev;8|7@;j4U`?eq1{s=hRXE{zU`|H5j{`C#{4N0#3g{bq{{$g;p zzc`%zx1W{mpV5$?ndGjmo0)TLe#*??+C10p4Xv?y$I5K5eGG&CaEN>Pvl+i{HK zACF)5=dOnQ?j+a#bmTwh*ZbaVe^}#qES-*r_2q(w+;tO?zV=;9m+j91XZt*c*vo(C zg(JT9k88+}Pjc;l3TOMD!P)-jjrh)MX8U}yrC0inV~5=1^(>r^*K=?_UcZIoczGYS zCgq#&1H7JX#h=0ZsD0SReSqhu*RD7}z0dgs&i6TT$i0u675}%Vj1AuBOlCjsON_rB z@*H1|`076bhra0_NBoe>zRxRIeb=6bzV`Q|erEe})_)ET{iZ#i(fW+*LEI<$O!KR7 zyL?E0Y1;3wXZ+J>pM$G+9MJyeXD;W5^D~z_z~|S+Q;j=Z2?(tm>A4C>pShFl)o;N2R0 zUV~k8mE#}&PuOwaFOVNtC*N}1)$=#TUCrM&;mDuwK-dXBiZ}-K=cayyzT?=_kUw0D ztNi%Pd-jK0<2E~vdnNJp(ct$1?drz&0bhXW^0aoxrr`_t7`A!b^H?~>MMo`Kj{}}U z9Wl0coQ7`!L3RE-%0b6l7H829K-&o5?_D61&9C2 z<&bNCG@R{k4TpX8Pi*Ml)X={<>1*%T4f!)kZhN^NzUB6ET{zkU<=<<_uTFBuVa|YK z9Hz;}KP1I(vhB}@$)5aCV%s0%NBiUVuI|DA`6zS4>|6|Qr|!f%8vd33F8Ir1zU}wV zHre<0I&PWY=bPF01FuW{&+iM)yeQX~>ySIvX=t+TuWQYt{ng)%;K*MyKbGfs+T$o+ z^$!}*qwhQ-w=}JBRciG-qW4t6&inlo+3+Iwnf$AfdyX2MXSDv_S7S9VxdOgNeBT+c zDdn+ak)H}5fWFsUgYO*p0p;m2GHB0djQz_o4ru^k0C;k^|S zW7Bg9<1ZMllS7VK87E449C2ty_2Z*?U*f-QVZ;`{R9{cg_P<_jA`i zYoBxOxuI@_=6AoY0bfQDh2Q-mPlyTaz=4PPxJ_A@{~VQ{^^XMW`ea?7@w)zluKx9^ zKHE1DEbU`^sEZ%_$NJL0j%Xj5_YhbP124vMuPnyxy%_UF#*2P?gT?O@#PfV8=R5v= zB3_RTOX{g3fKwNnKIUh@H z66X1b`;MG{c)Y$FtdIZqfaUmq1^kNPy>C(0fPOoJwIAEA{hk49zh}YX$9();r`GxR zP(ICwDl{Dk?NO~-)u zPniC9fW`lm-LcPr&&k@S9$J87FP8ZlfQ6jFvv4=;tRI2nfM&_3{GJXt(Xg?=-1UNfJnd$_VDjr3R-V>oO1@j&R%TY(+{u!R@D(-+~VZQz;LA-wba~9gC zU;iuw>(@VDf%WU3ufg*Ahu1^fz)xR)@qM#Faci=_3EaWyd|yX&UJvkn9l3rW^Sd~j z`5Ts+H+rrY^mqFeq?*fv*z`|6Rp1|L+Z~KDuG>qkay~_qzTUVCKW2tMdCHN%Q#>?>P|`qGTV!9vv?= z#kvgsXGQfO&* zUHlk76w2bTJ+E4tUFK3IUX0hpnTPFrRg|cEUzHV+snybCU8+S`dNHiyD?PTT#Zn%F zdZeji2a_aI*MAEBRxk*bGvEUe!Reb)L? z92d2I4dS)VW1g55#NzG3=LGzY6hM=li2tUyXRto8lz16ZFTj&5zq( z1{S>w^aa>2mn1slmw-Y`D>!EJ~cS_n%-WAKj ztbYPn{HTw2`XZ$>{(HrYZ;$z<{f-5TALDOQ%=njG{4Yvpd?(C5sn7V+!PFCd6IWEI(!C1uwZB!+aWmIFy#E*DL!qeo44=7Rckl}Muu*+5c{vwy@pi*GQ zXA9R!6XNGIKA)9ne2N2O13>%?RT;$rVo+Hz&8jHrm}U~jQ<{tM zgFGWiWku69W(_UMwpCh$=LoXt5-?tuJZJFC|CJ@Kn~71`#3`97TcY?$4-6X@njsm# zz)iWcpbU%S@&3YbxKEDd7ZWSqCtr?bx$n*UCf9)FzR5l};&_MS;~hynue+%0>n`4h zt-P+neH`kwvL~Sw@B1Hy{YUQm^SX%N?~>~lUKeK2Y<*qW7p$)fr-5%y+RxA9y#m(P zg|C9;x{!V=u|H_Pfne>&_no!h3t;W{B3S&`{{r+y`cMBwVC}yGto<9{e5Cyk1#AEK z^F=sEuy8ylqP`wa{vC1|Pv$>TjX%e)F|Gn+{GJ<&-)08yk!&CGt%~`Z1H1=3GtP$3 zrXErl|8CprgtzOJ{Vl^o6CQytqg{+;e#exBznO76o;$^a*XVd(X%d$AOY)HyD(3r6 zt)cCh#PfYZOfmDm6Q)F^AAhr?49sgr7XD@k?=$1&WL)?g9fQExD=56iMf*mBA4=NC zd>g?!-w)vSNqx5eXRx%N@4FSF?mk$@!uOF|g7y1uJAtPpI{U|a;nH8euQ$Qz6P3>P z6k>ks_S6FF_G|-|_OQQ4f~CLw4HCZRFIQ~TS1FypL2^B~UAFnD>X`fUPl%QMnV;7? z3x^8%ydL-eY3Qr$|D2C);jic8&S063oPV9cGXHpAmY=tk`?CG9aj(Sw*fANuxyW}v z`0%8?yieN~`k4JZ~w1@Y-Cxhj_H}8wL#QrxAePZE#_XS|N58C^0 z_`8K**}fc)Qe0okcrgD3V9C$>=0AYtzB$LAEbU#?H_Llx)5Y(rUWeCxQlIf};d)cz z{qcbNKaUTx|385JaUl3=%xM%Bj}II>eSF~ih_b)%_|O|H#|QTBOt2j9E{0CNIq47c^LU{1ZvyN5zkww`j~5M4 zS0680gZ1$Ox3g2@Z*+W{<2jD!JATCR(~g%qe%0|Cj^A_qk>f8MfA9Dg$A@j%vV~WO z{67ra^H^{PwS6PU^Buq8nDdF(2{|Rg&Qn>MPp(|#!j2YCoSe~e^U1Dm+NuhFY1sVB zbSiyNATQ^;&M60-0t1(q4GFbV7Bxz_Sd5)i=AB0^n%76yy`Xzu19q_NJDrj z7q88vGFAoMHY)qR>oYh8vhaLz6rSby#`DL)U^#yB`1mYXA0K%yLmwZPf~7u>fBaid za{S}@;9KZ&K6o4X$!{k4=|2)((*C2s+Mn-%i9gRrmxA^A=t;2TO=fz;q_}7`m4`JeBVf4zm5az@jMan zIv+nrrt=L0OMiKOc>=7@FTa4Lzts8te9?J+;osVk^9{ELzn?GhUjM)H`&SpFPDa01 zV@z52`gR1KhY?Wt`u0;iznJK}{+SJy>mR;;BkR|1zhiv#>$ly}KY9Je&%K@tme+%P z{dpExUeD3*h{o3M1Kh6@KcAo1qqS>?>rr0s)d9=(8n1t^1ncX~2rSo|@%3Mw(4XD$ zp~vrVJ=wZ0I)y@=zc(QLrQSyA+$Oe*5mgW?oaCNu`O7}kAC}u#gF5E5m@ST`&T zc)k3~mAIdcowaK+Up{+0dtMum9nSb~uN?xdPr@s4^KvPebBKk%=kW{pRPZoc+hrhR? z+cOdKMf~XhPsOZH*7f;0L#cl?;*Y?5Iv~maA>zsWYyk`PIhbEsCu{v{%r~u*wVuIz z(>ht}Q!xKTXTBAfZ<>p-zX|jAR61dP$@XIW@nEgLgM+u$>uhiJBXF?N`lVo9e-7TL z(fR_g=o1#={u6jlH9jZdX1nNY&j1`OHTP^CnDu`HOMM;>p1?TkCw#R&y=8AQGd zbC~7#9Sc$ifN45?9WKd2WcU1VH*DX3sPWH$^>`ixmiBV{&sXz-+xr`^Y;VuJAGH$a2e}``_IwByKd+Ms3^NZy3I{UL8y3AklKX9zc$Gm2J6#utck}-68 z`Jnf$9$bFwDxv0$sKhvn&K>!qoD zs|zCMn#I;{|Dvx#SYK>wW!l z)k7c8W7Qqde-_Vd|Ib*j+s}Pd+MiFy<#eS^Kh_t2=HCIjltKRXqK?{+iP1M_v3lo;=9Q`0_L5Eugo-e-?g5o%aFp@-i;`%y?%k4NaK8 z)zk~itrDi**Xf5Vou9Fu3vQgm&p_@MuzX*_Je$3NWzK09erJk0njIImkK0$buRd7X zM?YNt8NW1G`%xFaXRv%J{y&uXx5x5j_&+XT_Gc1U_jfW_`pfpzF0}301}yENe-p6w z=XY?&CH|k4rQ+Z6nV|CVI}1ABQDB`9A0IIN$L-+Cd>r2~U>RS2hW}sSK8gQC9E{e0 zUrYF7v~L6Wg@otqlS*v?AD1wH!-Mag%Wrrvp6}gBJjeS&u-<+P!7|<)pJ%~s51E5LeuR)WVR@g0%>Bk=U(W;B08Vw1Pogr9KZnATWhHnOxO43+^E(P%F<$bW1^S%`7C(;v z2(-6PHatbX!13jd$2p$u_&&!y&^GZ;V?NyrJ}Svae#G$-#oRvs0qgC<-{q6-6OS+Y zYQ`5VU(e1%6C;2&Fb^*VT@bws*Q@~#(JZ@*auK}K^;!kt&m#FxO z@V^4r9~1DOh2!~`dZGX1v#Q}emCo;sT#hl2`9S6z6`qcKO>n+HJew|_Z@Yr^c$9%< zJUE`^U_GAQzzLn(*ZSF*TbkE7uE6!J)>k_2QP=8=9Pfttr|ZvlTv}}PsgAce9*sGt z{l0QM6!S;xs~qo(`K0x^j!SUwTI*Lh{>*U&?rrP%WsW=Jn6C9Z9dCn+5$e0+|Fy|> z_fHwUf^cy7+rRuQYJL9FO2_zTP#Iadg1~|m(V?krI%X-m0v{kUD;oM04T@Yuv0D+< z_f?Ahidyko!zL}79!jRLzKf{kSDbAl_CvB2{8n zAU0DOPbl(L;uYx-gNVA;0}-~Rkg=gc$qe!;oueU5z(F!DX*@;( zt+`6-w4)-BRuB;+EUlqLLy9m=8)Op5=&-sP;yNX|PF)R{mf6BOg&GPJMAA08Wi+HU zlxV1{p-2Nh?3&FXTkHyc)B76{EaG{BOk?bMWR30 z7T2V>4&dilSVr~8{tdf#>ty-euG!fCWHEIYcwf}z->zeslg|D&OudBvz&W}P^dA%d zTd=cTjOB0RXnZFX{#SuNNc`^y-wOUX;WxqGf`3oqe*%}IZQCU}{r3fn{~zd2H}KI( z`y1jMKM>2q6KNCd~eQ0oMKd4lMnflg4icV8FM=N5gLh z^siBeWf$C3mqGw;Q*P=5+-6`l9#Uk2;@^#29p^c@%0 zzXt7*`g0cIGvOGYC$UXf_?|mo*UNj#7h%Kw1nz(~v9SKXu#KfY?>w#)mptboT#2Tvto~*`M#hxI)=*8RB_tot(wEdAkUoVwyVTRzjo`_?Cd z_4arOEbU?bd%-&YLY!jEc!G8QU2t8l^LGGCetrgPE?7Q;#r&(lI)B&3Hh%}O&R^EV z=06Xt^WO*7`R9WrKex{#7!TP#oSzTiUW}ff_kpE7oPR%pW&X{@`$o-hkLgrwGZt>o zE?}AOY=g0223I_AOcr*uN0{$rD*kB~ zzgWeyJ!j(hsM~WMShr^)Sp3=lyWp?$^L4S-`{03sKqb-v$JJo8~A_>IaqYo{~E08 z*TeoNI_nQ_Wb1#X^sCYTgRwuMNpWd{A1dw*J~(0e9{|?=PlC1oZP=fNCGnh}w}Z8Q zDdM$$a8s)<0&D$!r8ED;?QQ;hz~VoA74GToitqQ<$~NFq@He~Qx4skp<2C%28RpAJ z1zCMEb6jH*8o~yj^l&q>`wu7VaD_C!sz%eI|QBaBNQ|KVYE-jk41g)WBlJ8 zzmE2c{si<_T7~cUF9$CMFU)o~#rj95L;MHe3&41a%ePpV3|^Bk>pumS`i$>_jj7`s zfOY&}u*9=HQ5)NyGr^*>J*T&|?I{Fn|6dWW{o6yA`fSf?=sJE5bRGYiis$(D-`S4u z7_f{V+w-(y#-D`wskg_k?QHzs?JYm1<}>T>=jQvxV4aWeJqUAt&)qG|-`cD3duxUG z%wVnT2BCgY$E=QNSNR)1$>yr+2}ix$vZ8UaW292s^u#TxYD%UW9kLJUa5#2HTYL!B z=&^&7T|SQO89!F}kf~CIm`NQ}T}Tb|3Dx(gb5XCHp_|ijfHp7Lx!RD%2sr^$NtZk> z)r7RD-lh58)h24b_uVB>S`#`P^h6mL6lOE(U8`V+|Ej&;K${)lHAV9Dur4p zP!OdQWHh8T;K~V{Ed{u&2vDSO!o%=nnE7*PiG6=JMe}cu2@nq4-BZ>lF59Z%-ygoY|@!wf~8C;q$ z{itg{viMQ|9;b1wleIno_dv8x7M<7ZpMmvjhR?yRll;_sVdv5M!C zXR+1!-lpj6|3_fm|AV#-{pWa5*X`XCb5G~%0v12UpV=V9bA0Xu>;99q-_Gte8UL=7 z_{Fbju>b3P*MPPDOCziQ3fB5yyvEY?E7WT)`ag<`B&|ON*7X}TvwCB&)-S9_>*RqOp7-{5$)KjHMvnBQ98 z7V}x^Grl+GqwsX}ryu5@{I1Pq_=BL|VSeCcU|b#m|IjG=`3ikZKnz4bpGEdFu(oW9QKeefDhxBpnMuHOPD zEUk9{YyD=Y-|h60U2XkVU|oN*({FQn?J`@xDOlI%=c9D{ZdLjfOAF%9a(;q+jOC!` z@H;kmo|x>f^Pryr{yyPx(7Erwkud8o1MB+VxcbG2)%BZ#b^YOBT|WZr{IgvB1+MpTf4# z^;?2<{awMj{$*fYe~zoa#MNK!>bJo0QP<~Z_jG=Kc2DOo2TT6Xo-K$!tA|}8E~h+> z`zg@7D{i}u<#QeLcgJ*mtvZ&EbUf2>MLiqO>kIA2dxDzFi!F~=JnU0^_W@V2U6b~c z`B^H>Z#wRX>krYVqzY4G!3QPv$*((Zh2y{I9Iv)G-s|?A>v)mkaoCx@0bhhMW{KX$ z?@@zK#WrQ3AMf#sAKwEx6YJ$Y5dKaSS$;u-{Z8=&o`*#Ug`p5TV7J%hF8n%}#?IS;iwrFmO`6tZ!?}2rFa;1*;Y{2}J_lQ>Z zEl8bRH@rtq|50FxC%>nd9;p{WOn%C_nd~;5AEUaEW8Sq?;h~G zC;U$EZD=D){P!d<--P+QWi7$-yJcj4)>N4Nt&RC8{f&S34ENxrKHE=S`os6gYU6rX z`cJ(LSajB3hU-bG&;AtRVo>@+eoQgHTk{-PzH7twd+tbYgQ`^ao}TXMuW8Yag^MknJNB{F3?~eXxy^CVDkADkN`_;z9oWyg!zXO)}&i6pu z;d)uNH|t-Di#c8YW8Bl1`fN|rmX_x`-mLhCRt2ek7@PHSe87%470ds@KFUJ9KK2LE zf7z)ZRSWvl$^P0L`bOyACCuNYs0Ur%VL~X}l+oxhTK0$iI)b6IlLUUWE4C z2bT8G?*_2=vwk`DFI}I1*H-GY{rqm2wEqBn5PuT(r>~OsQeO-feII<7;v;Yr_a5(k zf%%yWY{Izk?+fA(UHSI~`Mv%>v480A-Jgj0FWU{N0X)nBN1kn0gQK=itS_OUd@+?}T*3>pOYRyC?WVFt15i z$o9jeDP`qnBNa!c?9t-(m3BI%=k}meJ}BB&nB?6 zXC>l`5Wig2@8s%FZEfo>084%5e-149>Gw8R{Pu+Y5%?qJzY#3$qrS!IjoJjA^Y2-( zo`3%Y>-o2DTRZ>u2h03p|C{V=+rI}`xBpw>E|nbJocaGcM0ERAlL6;xqrglF@J8y|E(5W=obVL zi|N8tl)ZDAtj4;|_>e)KbysuUnNm9&7q635wC-H1(61}Wzm9iEQ9(*U)Hq$}>(0ru z?#4XpqC)h;`*Gb1zQ5UYK5tH4&7`y-PGki(K*jLA4k8NTpZUe_Uq>7U00G5 z_jO^ub&YOvZElP>msfs!TK5Bo_qgbF(N1WKs~a`Ox<_4`5$AJ6joapI%cb~3R(|_d zuEX&xDFsWLB=bP6doj-y!1YmmFH zShX*6JGzdsYA|j|d1YPcz!Pw zdt~MJLis)2C16~x#KrSB=uZP&r<{;nt4usSm1>6N@+6+WPrVEHorL+fA^G{+Yinm$ zj7NTckF*@^V&UJ0Tn*kQi>U!v*rh1EpTzN*4{np_+#Y;wDC5KJ`yyCx-=$#LzT95# zfc5yj3zqTY_-p~o_^^LFqpiAs9l^SP-NDj7`u72AfBvSl_*0+c^vO!+_`MDmf9B`C zZk@jsSagnWXRzew_P-abxBuN>=@0uyUAW#^Sw1-#PkyiTJ?KXz%o*;&{pNwSUkP5@YrjTd@#FY6#{ALae;afe zZ|-k%!F{snmsn;UXO$I_WByEx7Rmdy}ibxz0w}~Ka2iq z|NAgr+W#|-XLfVO^Q$%PEolEXVDabp+>#FCOMYE3k3aXc#^2Y(KF`AKdpB5b-(_iA z|4+r7U%R57%&&U=YNaj&BP1@=mtabYPOgLbBg}j6`-AnpcV1uVd+#$Zf|JVGw<5C=Nw7#Z^<+j*Aw0^E*e*RkPwXnZvJ{9K(%?~=>m9Fg+!pgs$DiwXk>gq|ZTyjrXDa6WSq7H*!}+lh z?}h96u>q{-#}PO=cUSZ6bX3;-i{mwz-&$|m#`3w27dfug*2W*{c&6gGKVaz(=Vzx~ zLVdp1cPSYE;zE6q(%Ju#4z~Yw!MgtqumkG;9IJTRWwlbTf$zjV!@_&5WPPu7_p)#= zmGSR@bv#+e?~iL9x%bNUPXO!ozXaCp*{);YJK?`C7^kebu)qIMI=R8_A)b7!<9i){ zyAtJu<@rl{?u{#o*|y++bhu%Iezo|O5~rj-HYFA;`fWRPS*PMwSvy? z$C1}1_31~}@%lGcdA_WRLABc>wIL%cTR77e+tJ-UURar zJwBx)91-}LzLe5c3n z5U{k5`N=vzS@N^JcQy<09M2nYKGfqGfu;Zaz9rxL?1VYT!ul(~Iv-i*BTGJhU-E36 zFI%hnqrkd8S=T2^edgN(=Rb*W1i#C{+a-R#mf>#%fSW6SUhhdf$Ahf>$=bhf%Mj0e zjd6aH`s8mF(~qqE$l}NOT9yvX?LDkb*xvMe7P|P;kF5R3;@1cDm*ae?=f}m+Wq$DW z%n|UH`M~!c4+nF;oRG?XNE%PRq>~jH5#kltZ|n-F!|*>Y>EwA-@|;4e;*v?8EB}tf zQL-YPEXayTR%8+(?N^le6)9P9L{g=4#bL>cj6`IT6?OfJY!yrpiKz7GnN-QHD9jUa zkdBA|8NC9_ky(+(8nc3IRutxmNSg@GWU~TXqE|#%krPo@N5so|1uCS9^on?Q(JL5H zn88C_(%HX0l#`_(lhxx3D%?h}?I`ps;=gj4;aZk-{1`dY0_%a8jE%^|tKz!ik+u<- zw{`_v&uVc=;}J>h3VzWbgOzbfS$zSNwrV8AOy51x0R}}aa%#wA_@xXt8ACM?9p_b(T#0 zh=+8PUCLyiup(PSMWlU1)aHw1KhculX{a|Br0!+S1maSv4P zaWVgq&~^R=V4a`uLC86p_q1Ao<(?K_!ySe8=+|V0m^1R4jCwIx>)n*jduW5^8vVCvu8QRPE6TlMB`8XW+SY-RNeLwRx z3C4(p`3muxL$){Tmw|Qt7Owt|(4{`#1Go~eNu)pY+YPM!?gNV-+uNv7XfOGB$C<`K zXZt_GYX)gQ`IV-DIUk1LnqKCEXZDwGP)d8*zJ<*~`k+T@X<*UmKTr8_e|`ej z@UlO%KcnC${qY=cUtHtM_TYG3hHG{`ewtbTq*m5XGyO`^)~}?s_0!D$wRQbl(I)hd z`Y@-T(l+Sq?>jq({%*v0kf&fXv#`D6+lBTr{-yRIelCt*?}JZG;@SVsyV&+>=JBo! zrzbhy(eGZc9&fT9@2Z%74R^DClfl}Lto<~zzhvnz+cUOfsL%e9rGFgHcAe~e+6gT4 ziTm$iVA+3J{|vCy=Xg#7OMB?I)NP*~_6UB|n>u}{(m8)8fMx$+{2Z{J?+aBt^&;nY zA@(n6Kj+^~U_GCEVB6~Xtoi>9zn!}`&M(+y<1+76{MIe_w}kmyx4hr^Q^IU-ty(so zEb-L&8(Z3sto4tbPS*NSIG5=9WUas8bh6ev<5;NcleK=g)5)Tr)+XaXh-IjsME= z(Cw|h#_{1ef9rhDJ1)mPIIZ9BxE0RtTA%5-KF;r2AM1FNNj!SVq*ZNe)TO5zZ`CZ3<<#=e?>T4Vyj`O{)|GeXJoZq#6zvEVI ztTLEx&9#U--NnZinjut>5Li6xRb}~Z$j(6L~>a!h} zmRo(Q<1LOy<7S5*pRXJb-Ph`C93Q@))t`4?zq{4PI^N{?>;rB5 zI>!|~tiIB5kBrq9Io|CctIu{^+SBS&9dB_wx|far%JI;Ht-i)_@7`8_#PMGavHCTR zH#r`DsEvQa@&1QdeV*geK3RQ63V%}t|MQgOXp~1$t8kg%OI^Prd-K?>Ep!abO&H|{ zWpY=gb65SZS=lkkVKn^9g|G%(4=!${cp6gW0J`onsn}}|BY65OftDclg?fBztPH$NhWt_(z&btKQLO^ zPWSFmn8Hh=)P!UV8t+mV|Bk~g310$z1eTX1d{`^|77UgzO?V;n&#=5I;s1ia!t%Qb zcTN|k{)^=?39p8K6I>X7knrsGg(?1)(lH7D0RMFD?BCktD*Ey7g@_;XeGis=^y6<2 zXulM$#l>%5e0kzA@V^uP3&1ad`z3ro_`eu{I})ZJzptnLI)KIRC&afc!f(MO@eSJ) zrcMB#p76iHAAlDpd@uMA^k=Zr`CD(Iv;NUwsn7iX1nd0ofF=Jq7%zT5=S1aySDoNb zzg@uM$M)O@mV94gd$h$XnirD#B^+eYL^5eM=E9?PEU1OFoX@{$M?R z8L+gU{o!vh3bQ{?<6gGz&vLM|hwXhGtlRsw(%D}A-o75s^TE2koxsxG!;o(|xN|Zd zWo23Z40DWy?W3;S*S~>n-!QPWkNLj<>-_7%I{zH7l{@jUs=`w%V z-hMb5N_&q+d&$#Od&yFtWy1o3erL>phaWq)`+20$R z*!tIlb^ShIsn7n-0PFtF1dAX0+aLGhb$<)D5B4Z@{^@L^N(y{^G9IGf7#B3smH+&W~Wz*{I+5q z&(b@D;~DqYoxv9-@hgy@93{-{F%m5KIX_PMOK9&|*gj?8kCOP*ZiT6N;Qdtlo9r0s zv;EJ22Pg479=ryY_EY}`_f|#c@$ZFBVSi-)Q7uFMj>t#m@6WQZy<}-G{l42N_%R>9 zY%2LU9w&n5Wviz+-(CXi`MMOW=i4P=TyX%$${rzvehd#*xz$OBb-$htkhx3%pl+S#^e5?HrqB3QR4 z1D5u1{!a&gkc=m{#|*IKi}$~Fw!MYzLwoN>d&wuM_L8MOx91hR*!E5U>+$3FcXWGe zgLQkCB3|0d_B4R5$8QB#w&%NO51D`an1%fz>-HR2X4}KRC9K=?DpNM155kqe*;s~#LIY8ARpu3%BD;4__GsO#+&`y5$~l)|Ja{d&~<;> zLD%`mgZ1`^z&ii_V9C#XlfgRQ<$K$FzeCsg#zU8UJf1xPo|m+r$M>hf7beX8a}`+c zpR2*gBs%+Z#XiBG+oKcS%aQHzSBww2joSV{fu%mjXJNO{UT)vV!O}kFFWJ}TZv>Y5 z%=ZUa@-0U`GCyz0!ud*;c;>qr*YmPHnD18b;%s<|`CdN2=6eM!^^5VN%DW;K9|?*J zd8*@;j_V^<#~*Ew;>N}q5c%|d|7<*IS@l?kv9rL&JOnt{w9j|oEze8>6 zJLYfqiT*5p#CHLBJB$Gfx#c#NXF4vfWA!nPH#r_r*T%1P%->qo`BymZUTpP6j?3y> zeU{@=T)%7oDULTg9=)B7-{5!%uFtjK8pnNcy{`2oj>}7|&cBDJ<6GkTT=PuF#f_~# z#_=Y{BbwOwwT>&AT78A%?%P{^k>j#vR-fg#6xY+bKT{lUc09Vdjo;vSNDHg4aoiWz z!#dv*$K|;G)%rrm{JjRP&vaaj>sPIhalFa#2wdOl__dBJaDA%v6^^^7t-i={S!=7$ za$MTR>QfwVc09VRjo;vS$j(+@$n2fYg%97xchEaU*xz9*JHZ=EXSp|{?hss$D19G#`Tzv-{5!%uE(^##&KVq zoVC8hF~7g9^@WaGcCq?Q$Hlmw()GtU-sE@$u7`B|TE`W8TYZJ&?)zAMk>fI4-)R3? zj!SWUqxC6{H#;7U>lYor!SRs&tiHx^UtHhl`b!*_j$SR-fg#w3pSVINt1d^uacMgX1B+t-i)_-$Sgv#Buqd zR$u72A1L$)yFvA`1H6a$MTa>QfwVc09Vj zjo;vS$Wc~bN6b|53>3g$D16FIL5}WbzCvn>MI;~udwT4YLJ<;k*9G4HV`a;JoPqO+<$HhafKF0AT z$0LT>__dBJPPY0A$K6k{`Xa|=r&@iMZtKE?57$D@ba_zjMSoNo0sj{BZr^(BtW z&$RkN$1TsY`b@{gBdk8g@g~P3&bIMu9ao%V^%ai0pKJ9+j?2!o`Ygw#BdtEg@n*-P zN7?udj)$CY^#&JMp6Gb9K@n*-Pud?wQ91j_5^)-(BMpj?q zxcq9XFLc~;oYiMKE*@|7F^)Gm9x=hjuXS88(dsK4cfZE!iyW6-YxP-(9wE7Ci-T!L!MUKm6S$&q{(z~oa#qnmxqi5Ur4UUJ*vHBXveebsV z636BDSbd@6miJnHrsLwjS$&M-O^!#*wef2mSIo2e3dh~=v-%>(W%I2*%W>%ft50#f z+41OwHhzQSA@^H-jpM!#Sbd4(@&~QH&~eL$tUl9m@xxXh<9L(f5s%pTwT>$uwfYLj z-5<01BFANqTYZ+}(kHAw#qnmxqo1_#8ypXL%Ia$z_g!T5C63FVw)#THEf-sTrsLwj zTYZeF4u6Wk!D;#%UV)aFi%bv6PEXSqKTYZY-&5lPewecGq4|&1rYaI7| z(dtVam%n87g^pYP!|F2~7caB=7{{9&k9gU}uXSAUiq%&*?*6LP7db9lZuMD?OIKKZ zisMa=hp)8ps~zwAn$_nzZuq*@FLS)!asO2|ezD_rtF3;6<6jfT&m^P{#{d66m54rt zH85jfVGRN!2G-oM7Ne^vS5vP+>eOTg*2FPFTvP+c5(d^NH3FlW1lFygV+rg~YS2ao z)~!Kc-5NTUB%dp*Hg(+^2EwprsbN@?z#@dzC@|ZDh|$$_hE1$VY7BG|7**rAtprw` zI@^~Tq)yUBOkZW{Wco9(%G7BFphSGA$}t|BB(TcV&FO>^@u3RGq|em`X6O@_h>uk` z#zB0DxP7)Bm}X2|B0g?CFuR=@6Y-&nz)Go_z{*Zn>&S$0iQt{7^p~}Ho+GSVy7j=I zFmUUR8K_B#_#EmbYvm~|3)K&gL>5I{+NvYPq(o?9O#%xMSQE#h|HFXuJH*wuG5%9> zHAsz3Ub8kLWsL%1ShGO(p$3lGtBC3YU+&G zWQq7tRcg@~SY;dKdV_&AcC0dxMkoalAEg~!-dc(HqnyAj~3$R+pM?{9kP#=UI&cX%=C;t8198%--T4ibu3rfU?ssiHx#Kg~41tKOcQG}j z9OEcFM474sDaR$^u%O9e(tpx_HY*-8H4Tj0ShDrbR63?>=$NUl*OiWO zAbvSjt;oBWuAyTFwIlqm-Z2i$R3Dg*1MyHz8)5Z-N{tO)jbplIj>!y)7+sAcLohs; z#8n0+Q!Qe2m4W>2X_SZ$RR=PHfko8?W^+f3uEH@*oh9N!6@irF5~cA}MPTKA7%{wx zK*}tch>tZ0OjjKkjwn@kCU#*;l!y;DwX&g@l!(tJFkZv8wnRh|sC4aJRbZ@1z1%=; zBT;zH35-{$09nil6aml1yNbYAs;rk2XlyFOa@%Nast8n)^^P6#4!HC7f!0R(yFh2N z^}tFcUAdGjM10QE#>#yqiL;w9BWv?KM_eb4X~I@Y#Pt$rVqE{X8W;K)*U}=C2#b3sy0v@rE*3V^m9aTjZ1T#FA-PRzzkRAl!$9=V4ACP zO2jobFjbTjg%uH3xz9M5HKI9X)KEsEkM10;_V47l5B0ihI4AFE2dWMOLmP9i5Gq3%7#w|9E5ot_9s)&3%R+dLxLDanS)Zq^3=D0Qz&veb zV2vGxIriTEIaMTD)Ci0dU#p7X_;Kpo&KZ8gwez1zSl8fgQ4KGhZ*SSjRMZzV9- zS_f`@`yrDK%*}@YDG?WP66L9qKQO1JNnK?VbsO{KW4n?P@!4g{JI(V2=50fsz`TaK zjcf!21)ArL=DRefP#mzo4d2rRB? z;0`qk#D>ec!GZ@lS>QMX_Nqy02G%HbeDk&@jtnfSQ6N&=z=by#rn+J6N%+rl z+K>2MUOabF+!J6MUXb>NEZf?0CX#&-mKG?>Xr0w@Ib&)sna{{%7bq{<1nDp7mc- z%=p^4u+i}qU}-PoA9wttVs4Ly_3ZZO4c7IqSIqcDF1|x?h=2D7{0=4-f&w+4%loX)p6%2iEcDH?Z+HfF-`@=fV{EsHDBD{~B28 zlaFZ_nC*QVtlQfL*U92{IQ+;162I>n;BR7rJ0<*E!fjN(iO?k<{YN&k{?owXe>42a z16BQ%U|s)_#`F7f2`jvKTHI_vXy$E5y7 z_wN!F z@$@?flU?Qq^ZyQ(c;-*FwfXylC7$Eebmx$d?Ku@J?IEAjE->T2155j;_h}z=Zr?L^ z3EP+LdjKr?7~io&h^ODfVC`3L*Pzp{Lz(sa1+4wf-7Un&?E`DSKIn|}CvM;F*6#tZ z_Unj)iNwe418cu}djvghUuWz03t0P|i^|&XJFxca(}{9zPESAEoBclVI)N zaj#H6ZZBB-*V{Yj^l!h9_5TLC_MZ%0`!_2O_33{rSo?2OI*-pc-~wbo(q0~)mxA^2 znT#nK7q;iDeM5UVU+w~%{QJ55V3S|z^lNZH@MC-4+26Kj7zS`8)Lp`FTFs4m>dFFa56oYya=TdVY+|SpVf<(dqx$LDv64u=elW)B3*w zmipX&{d-ye1z^$HzN^8~KIZ%4;E<2!w^zW&sQ&EVJH&JU=HJv4Kjz!x5Swo@SakZ& zJJkB03)cQS9A^C=089PYzmM|=i%$RfeS<&Guh)Y0`L*`p)_*Km>eIjW5!QbwSakYd zd8GC41=jw>{jC3uV5v|4hW)MoSzyuWKM6bMAIW(0{C);_kQ)Cl!Lq$L{zI|zNqzdS z2kZIT1CvE``k#o#YX7!i?f-AE_CE)r)TjS_zhs)-@!veJoSHqwcce|(COFjWb1baSjYbYmi+Xa zbc)qK0gFz*x~By{_WwAr^q-JTQ4m$lVy43pp4%Y1(byZ)!bJSSt|20_Z zv%MoD=MNU0{-0fK{T~Et|0(0Ff3xwSKK*Y6>+#sAbow`#82sbwp9%K*rx)~2+3uwH zdYRlNVfJqoSZ|LbuCe)7gLVF0uMIl$A2P}2-wr$=@#pp6bg<4(*7@5`w)r0b%lNVX zdrYzUCxb<2{`pfweqMiF3&trgF6>|D>zqGW>c{@qJAbg~^q)7)`kxEd{@rh|{;z?h zKK=XOX#E#}MW_F(HwAxQZ`}vh*FzWFZ2i9mOMUu}yv6!22a8Vs&u+E;4}!J-qtmT_ z`HWDX{!fDS_HR5h==AS&Tkz-g%68yEYW!D#_5A8_d#F$UWnk^!>W-k(|A0HKe=V@~ z{~fITNBuR_r~h|g?cZls(CL5CUBRF8WuMvBZ#G!QlYZ^y1V7fFcXz1ILOM zpzHR1dr#2mH}c-#$NI~`QlI`m{w?^^@2R=guhqN|Prtcf=`ZWIpC9Vee~XHz-^I{% z`_5Zn{k{W>AM5v781#7j?hpPveztzV9^cBr+J81!`WKJqgTX%@&xe9vJf6@cp8h92 zZ2f;iy!QVLy2R6e_#?ree$RtNXTC2U4f%Ndy!bJD{JIU?DVfhaevY~m7lr)HHxn#6 z+w=6(p*=i)j#zAuZxg}V|68!sr~k;m2Y>o~|4i^>zU9y*p8k(KYyEqHwLgD%O5*9i z1T5o6ztZP|&V1dT5BYff{1$vnGJc%jwU=7|^T68wJFxiEZ`6yykNNt%5aQ{-*Gty_ zCB*CYFM+Q8yZ7OyL;s(^;!nQ| zRtG=k8@MXO(|@lwtp7`h*X>^hUHkWbGx*bQHdu7#d-bi5kL?-$c8KTo`*+YQlK!xM zmw$%(jDG~I+u!}&;K%slcS1b+)~~ZB)Mxx~u(Xf*dZ+hzFX(LlneT^ujQNCFAhc^Bx=n_wT%v!5&25Y_I-$AGUrR#z}Ur+Axk$wGh z6Q)&}Y_vGg!Y~ z9Q3*Me;O?9qyIi%SpS>BqSOE6FRg#?4c7l5ux|fOUxoVgp9R+K-=uW|rg?fWtK$L;&c`ppDO zzPNoq2fw&|n?n7#eb6O7ZXa~hzF&hLw-0REr}VgezXyL_f2;!^mC6?S@AilFzX2@y z>ECd3@TcF6e+ECc_bliVPydlytp6v7*X`dPpZb${`riW9?cb<$=4)D5PlWB(RFmw4vCcN?4kEwH}6BJ2EZ zz&ii*I>C?qZ&EkpkGDTq^07U))(h?7^~d1i0`vN9E?E0Fs2}Rn{|2y(Fa1jJM@q1X z%oo+84JUAHWd*xcy+!neVoekdN0N2RAA(*EhF=wf`2d z)TjT%#=)O{+u#pb>-MjMF7fpL0J^?@8VuI{bGHxi^l#TJ__O_E!Q#h!^GicMp1;R6 zFEG~!E5O>n6aEOB)TjT$U>P6!b^c56W4?O$z>37vzwwUNe>~!~|1#(jPygO6t^c)P zJwCI+I{xTZA)fgsg0)^d9dx$$P_XtJ3YK_Y4?NJiz+4af1eX5N|L8U$p2wR7VBMbv zZLNMHSnHj34m$n5alA|WpwoX0Sl3_g^sc*Dy>5q4pZ+g9{%zNw^Z3@TtiT*UPXz0H z%fK=|jDN$$pTC=pp9R+O%fNDcW_yNrwE8Hp*1PQ_rF0G8{Yz~;~xU+_zzrs?XDr7?Vk&l{>QH$oqqmaLFe)7cCbEv zy$ja)dhBiE`+{}+uV5YDZXX+eBv|6vzKu@b?DTiaLw&yf+6+EgogaF4v-utZOMe-^ z7_8&3+}Fm>1?%|N!4l8*UA~{yCxW#;a{r+7_&F0iNVRV*SdT~V18n?JU>#q(yN%xy zEbXKJabSsO`|2EM^~PYWH|Y^{9-@| zk5D@E-=*p^|6dQX{ttu2pZd>E-@m8T7lCDb=)c10jd}&0?b!n??PdJgV4ZJ;i{Ihk z5YN|NeZl(m%L1_8z72ZYe4W6OkM)Oxb^U3F*!mm6(jT_B=b^U#`CwgtIaufKbeOF_ z0Ic)h4%YSS^|AHO1519M&uaCx`WaxYKk4+B4-Y!G-?Aet@7pgh{a1r^`@8nH`b4nS zXCD=G`p+F;xy8|edHy>UEaxlcdj_oiS`D)CWndj&aEy)L9W4E)|Ak0hv&-(Y|bZOIiIlo^^djf83~s5(C>1v_Im=X{m9zyhU2W?Ghpra zGFba<1ZzLC__6Ors{ytdi^@j(Y=ZgX0LF#<;7+8;Av(s&SYp{;r{tO%68!YXk|5UKVvwefk zwE9r6)+e47bdFcc5!QbqSp2CkboxVQ2c7vIJje1Y=LTl|A?I2DWnk^U!RgC&3w0m_4saa@zI4gz8zS{x4FprUjr6@wx`L(R=*gm^<6FrI*$ia z!FvCD46OHGvh06s|9Y@)&wZn<-;S4BzeB;=kF5PxpuYCo0$s+R?c4t{>o*Ln{mA0S z{?EPK*5C6AS08NZgLVDQV9C$@|B@@i{>}bh2iEQV9<1X>jj{2Kz&gJ4DjRI$zVPZTziZ9ltkN$Cr<@@w31Z&+*-TywzubwSMS? zp!52A1z4_! z+t&%K^W6-V?aTP4Q*8X>F8+DwI=#SaMeb9OR*$cd%&LEa(zd?<~LZs!C+|*<4*?b_^Vv})i;KC`Yi?P_U&+!)%%0B{)f_ey?fKm z_ImRVupa;6w*)`N{|l_IPp5!&{6n|e_@2{k{6kL87bk2w4?zH^CUjwuLHM6Y$w_xqx@Gh%Y%nmyJ7tgW0?LC2cewqQ6 z^8@p(2kZX!yVu5l2iEZ;!8-oozuEZSb3;7av)w$a&j5=b_2KsgoyY%`V10ht2-e4M zvK+tJ{z>y~d%gwBc+qeC0_*n}So@K+Uqi6&-wg|`U+ep=-@#z*M;1T!ujK=_{#>x` z-&ZF~t>$M=84#{UPb&p!`7YW2Mz zvwH2vgU<8QU0^vsuzf#(b-s!xZ2W)0I{s3yj$iYnjqmkScpSAjdORRp_b3y0vwF0b< zpA(hN;7y~ zI^z$kYwKUEnA>j>SZ}|%N@xAI6f=Iki|!esI~#u=SmKYt_>+%J+RJ?F!BU@mc7wod@0Vab z-rX7ozv=KJ_e=cZ`$1rRzKFnWRK7dGl8^qAORWEVu(bCb_>=pq`s=~E{_;k){uf}W z-?*SwiY(^~_ODZ8Tfd}Y@4Or^mfcoSCs{XFq+xiQ@ zdnEcQ#CK?xO5r0map8O_0*fEV>ol;$lNT#)R9Gvu68w2mpZc!NLp=R11&iM?h_Bxw zmBL3z;&KQ04)9N^{<%AZ`tt&6jz_^y`pf>^ z50?J1KkIg~{+qxO&*LvyAAcLP3h~q@fkpo}{I3U}mh_+VR+vT?dwU`qkdu`V9q(PQMFqaFY4W{vLqj+V3f_#M7@sXX`f(EIR#e-ZS{|_1sVV~^iU z!TR`3mg6_ub4Gb+56ADXV4c4KE|6q=n13Qz=U=CE`hB}^@MC)xf%W+$v!87bS=z(= zH-L5iX8YUxlfXLvCrW4jjR%DMJm0(x?w`sQ`XAWc`ac5J{cCri^&blso&M8$SpN#J z_WuH`+kajr)aUrE2kZ9tI4J0BUnyAXGv7HqLq4AWjs)xT-!ibobN?>y75tcw-xt>T zY8@PO`j_;!{_jKA{!^iA{|1MI`tf`KYyWjhr~lW727jJ^UkB^+Z{NeL{}Ql_H~shQ zWBsRsMW_EAeXakgVC~=GaO?jNSnAWi-4WJ*ELe2zK=F_)eJwE4P zvP*sXuLtY#>Cr#v^zVnpYX4HO_Fo0o{(~WE|5w4*C7$QMH^8V87tY6h2Z#FfzaK2|)NA9#rS|W1Z1AUFL$LU< z{w%PrfBbQwKJ_=jTHo#XptJqmP6+;tKOU^(p94#KsPB2A)u)0*r{5hztl#Hg?brLH z5KljTpIGZ{h6X)u->~4v{!au;|9L&}1o*Ugbn!W394{K2Z0E;Fu(Xf)Hi9J|{ZBhJ z_;dV^I3>h0-yP6(zByo>Z#h8E$L_;Jedc=(Ecxi){PdtRf0r{te&)Lhtn)nx*7@q4 zY4e=}HvI!jzPNuQf`8nYEVzBZQyoqk;|4}QGDS_p;K%yY?hN&L{JRjk z#MAE+=#M7jLH(`22AzJrX9d6b_zsr(^nd!U;7`Aav#sA}V2P*SadUzn>#w>y)TjUB z&?TOJZSJvtjqeRQ{U(C-{931U`v3B`;Lqdd{d4W{Z5deizx_Pxe>+(G>DOR>@MC*_ zQ1SGC6S_Wro&whX0~c8TWnl5AU#o>dXTEOthkQJKz7E#MuZ>`R{37e)SN8{O{=2|3 zz8t?s4~G2AH{qd>kL@`dy2LYomxpcsVPKt~tn-0?UW45xVvt57zz{ zJR9OUKI_5aPrn{Zg3f%$J{R)w^=jki-RnuP_P-7++mHUWmj-|OUH(GwW4@u#C7%BK zy=eVcAYS`F1zqCl-{Ga;Prq?s(V6eIe}sHI{`XsEkI(0Uwf}0c)Te*%mxDk3{{Bkv zW4_tYC7%A5ylVZ6!P@_Ku*B2<{N=%)ek;MEGv8+`LO#ZiUm4FK!Jn@uKL?+t_Rj;~ zv)gYrSogoh`_}(Lu;}#P{{!pa;zR2{8La2WPhhFf@i^mO*8c^t==6VYt@Xe5-`4-% zVC~;yU8qn0#b7-?O+E@b{XYc%l#B<*XYt3@f7ef}|8%glkN$N&wf-lAMW_Fz{|Wv) z9^SIv`uzx&c>10GS@2{14?Yj|x&4EG?E;7`A! zzqWo)fF&RO+J6)LSpSZ1Lw&X{f-dp&`x3g|K8?Q*I{hYsb^F#So&LZ4H~1fe^Vjnm z?e$0fAFTg5V98Ja^`Y%ARZvP7C+W&w}!JmFJz@jtX zW50xa)8Rk%S9^VN54ck@|M>cl+$Ld;U+v#){?ozY&;Gp+*8S`EN65$abp1WVGk@F7 zHvd4d&QI3)?}4B0f4x70AM;-Umi)~3j?&rxjax!{-a-B+Qw8SrTkV1Z<9|BX^bail z^y^ovz-+&+g(05)orQrwo$&c2ZlA}& z+P`VtP@m&-4Osl?_glT-$9x~D`1ty%*!uScYyYYBt^a1Q_|vaq+n_Vw1>1#uJbxd7 zIW|Deuj|0t{~NIMpY0#sF!0NW} zz1Oay=`QR1Ip2cieEXeXo$nQ}*1J>r^Le1;dG7nAn13Kx;+cOvSn6}Vi_h~EvyDI2_)zgI=yUbd2Np9I$VcY<|4o1O35r-HTps>;sJ`m4aYe(@^4 z{Zp{Ex5qbAN&R$OUzy;Z>il^Wtm~aj@K1~S{>#DIe=At$KcM`nw?wHtdIv-i`alSjjsp@=cS;NoQ5v=pY!8#vV=Q{+}`MT6}`FMZ58GMCW|7Bo3 zpF*{K|59M>{}fpJZ%Od~P5B4wU)$F+2Q2-fo+V((AFO{J-+wSz{CR(!3fAu*w}7>t znst5u#$fILIavGunc!dLBIi#%gTcC=uYNr$@>74)Ccd6UVD0}TSo@c0>iaJMi$C{=6=1zTq&4&HmB8A5 zcY=MPvUC4=0NmI1gZlyh{kzno{d;9+{c_Fy{H0nrf7+{qb^VbE_U9AqwOab|ZNNJI z9%ZMVY_RBMJ^p)n?cbo4%SZovz~ayMSI>g=`_ICy{q-CJ*7KhY*6}Zab^P`=etg5W zetZ^K$FBkF_`>b{_%UEz{{gU$e-EtV8@2c2=Yb`j&kJ=g_U*I5+WvKdeSZgM=lOeI z%s(IZf+e2z{g?Rm^p4KX`oDnn_0{82-~KRI+gD%a?96{@CqMrRu&%$lvu`ig#o771 zFc>WRGxawf|AD_Al4X_a6)vf9ib>tnWW%F8BSbfVKZNu=cOf-TCu* zp%GZ`pBZ4if0AYYs`1$&Sb-wvvosX>Zjp^yZJ$;3r?>JcUaeuz_O1D3=KaYTQe@=q6e_C(fe+O9m z{|?svZTmQX&hG)RUe6<7?SCr4|LLoI|Knis=kr2=zHUFK{^!A3Pw8~uzcN@qFI4E~ z`?m(`{FA`qPyNTiTK|y#zW->j_U|#k_g@B<{M-+J1@~6_ZI6Mzo@c?@ewOI@>&<+PZ}9VFfOS5y&bKQeU%4@UzTRN1ZyZ?XBTGK^=XtQqm)zz? z$9#TU3f6k--Q?%*57zm~I{#F#FAr?{f_;b3fAkp2dw>v-QxQf0c-z4 zxBC90!B^P(1?TqwSnD~G;NN$w?>`%?{ZE2L5AUZFZ*%uA>YoeNdJcoN|G06!e`&Dx zFE`%zzYDDIkITSXPx0G*|8ZdLzZ$IlE8pS#`Tpy1u)N=){`Fu_&jjCpF`}dmR`#%Skep644nZEzW3H}FQ7k^$4TW9(C>ix^N_XKNw zb7ng`&zD*E`|E!IEct2wXpV31^nkOoe$Bal{@GxOr~TOk`+<4R&iud3_w)C9(6={S z;MmzJC$0_V2vN_x}m3_uo#7eLZWyI)95LzW;2n zzP?U^#h?4@kca*K>RzzkugJ1raekE^@%2su>wLu@_4Bm`>wILL@9~6u#UJzYJpt}z z?_a^^w_u&`ZLs9ydNzODpYIZ|)>mVxpRW&C=OgQUAA@!Onq|9u+@D_oU!m@=XFuWh zXAD^C(?9J=-~avu|E;iV|DjJgf6i|USnFxte9>pZ2Wp-(`*SXFq3wb^i~5b^e^^eEFh=g<9P3s~yG*FpKk|WYv)J%F8p1A_V1(oX@Bia7f;Sp%zQ6`b-rWD z9zE-<$VYFbMBcRZGQp2+Nr~WFf`S+0WB5wq`=;UV6TwXbYb4UI@L3UjyF&19^f|Pu zfZ=Pbo&M#ZU;N2Y#f(n}w^IIi95~}oJGL9oUNF_SUkujqqY~`n6YRex*bkrO;#u#m z0*lfr{+`S~6LOTGojNA7R)aew;(toI{wHC3-bX}{h~u&!6DjH~w<^4|*{XXClP zWT{{F9K!=t{yWS1`Ad}Z^FIUD{rLba`T8Iqd9cb?`dmNXT(H(#?>s+W53uB$k9_2T zD&NCkSuggxLU}*m2C&xm8Cddtf_&sbDqo!ne!f*;t*=K#myh+{1B;#gd=xDCOBFpU za&@IhWVy}H^XWIR=pmOq-!b#e1WP{J>s9vctH5Gsz3E`7*AMm5t3)C>w%()Q-Qd?$ z{Z}q<`GWdY9kc#Iu;iz`B~CWcOZ%}4ojs@z`MlR)F9mCTb!s?&?iXaeUt9_neT=^vEb;U|rTo8#p0jF3A~&k@p$}NjFY0*_ ztn+OLOFqu8UoBq`S?jq4Eb+YG905yy>X}j7`BTsRV6Ep{u=sO6L+beT{{~C{Xukyy zBchM``+=oCxy40}>AxK;{+!Q#u+G<@p0hK)Gg$KRd|OiAoo}4quVB$j|1r3ki9hS5 zHFWt{uO?X68>#G!kAo$i^*(Ln*L$|HU+;n@&Y$&O2J88K3D)&0BDvUEuL)S!o6*d# z_cd70@5<)RpY`^EB_HQksD)pzD_HETmjTxG*0=QQ-4C(4-f6J-v);q4T|U;^2-fpE zq3o=)Y}H!-|FG>!dqaimn?dz zuVQCk-)gYrr@pRTTz&R$I9TgjsqEC33zm55E8ETK!{^DOSGecNpg*unJoB#v%Y50dI6l0U{h7~8*MbMD{`?y({>;ap2O#;V=Kxsd zPd!EZI6buY0*jsT!@&~I`mbK)*S`;}>tEW}ufGi}@ytIm-Q{QfX<+FG?e8i(>*s+b zp7opIvAM0-g>-uR(CU(}3f+e2yZyV&-Zv)o# zOQIRN{z9m_2%5{*INx1|DYer&iF#NxOmpP`c}W* zO0dKS{$rg#^F0QZ{!!n%VDYED$ZgKf_-bI$%X%|#Gnea${rw6o{pJ0+@pyNC=JRz^ zFj^G6c)cwF>+}6ISn>z`zunaj^npbm>leAh)erQ6b^IQ%%#ZqBo#6CQ&zoSa=fIu5 zp3I4UzJI`yk9um~<@8YRXt3C+=U%Yrq27IWJH6D?dXm$_e$4|TBzRHZgJ7-iI9T^< z$UQDU>z@Ei{Xid_b-zY~WxWD@VA03;&T$t{edkYh`lzQLSnJsg)_Qu}>*w1C)_Mv7 zL=WqA1&f_}G6157{aQc8>E-!y$yC4Ii(v6*zFyN@KF)s(Sl3&l?5wvHEb**&{tUlf z!kS9%dMlNk^>V=y&w6EN`}Ljx>wcblzw>9kHDKu%=eG^4>lL5l z?5tN4tn1zRfM0LcT)*BwVDV?Yhv&I`thW)Y>zz<`)+;^V#dCfmA9VGC_cvhu{^D=2 zp6@LSTs-TiJ>=J~3D)&TDm&}P!J?n_cP{knKMdCO?_T8BFS^*pv;Io3?)O%(uAjEV z*;zjd*7f=G5#)Lc-aml*+v}U}A69}JSmwV+BUiJ`^F8*6ukS^$-+IBU*A~RwLY@eS7fQLZy{LnQ(uE@UtbTf);CAlsc$)0;;HZW z6HXuBPkad;5HT;lpCDt)30~~iUr+jaZh6Y(3(lvfeLXe7TF*#j56&mB*0Xb&ujgT~ z)>Ch}ujf9nKEI2uaQTAs3+$a=V67)@rLza;7g*~Vx60|^`df5EQjKYNXfXZ_mG`Sm-4b^RI2&idJ4 zUH^}@u0EgVcY+70`7e0huU~YXix2t__WBRj_0wK(_Mrb@UH`WAe*HFJUBB%HzdnB+ zgv1B^f6?U+`VZFiS1NnZf3U=}|Ft)|`h0%)4J^+OydJ7-^6T^W)k{39n7CY-@fTbSwy!*P-!};Ey z>(BQ!us+{vyy4=R|5dQ$XTQG&OMT`)|4o;l^_zjEKI2b-C7$#B^)0{Nfwz7C8C#q` z>n#UMJ?7h|?5r2r>f)(q`92t|=l?ob>mT%PaxpSI19ul%8lXFuA4r9S&HN!i(thrm*w`i^gR`q+=$ zk6b?%fZqh`{dG53?_cC-C+>$9|0giyrD-qwMV0R-FjNlOMkie4o|JeiYj6>Qi4=u-Ms; z46xLvzIXRHeeB2Vy{;epd~ptVpz6n)V6CU-K9`U6HiM-e^?U=?{iyu2t4BS}!J>!p zC%_WV`rUr@>+k=?uYVMF9Y1Hki)a1SV5!gi2b7)l3;pKe*^iM2oIduW-a*$7KA$uI z4^sUY0oMK44%T``9`f}}1B;%Z|6qN7Vu@n3_bKJ%X+N%78)W?-q$_!D3qzdt4AOg!to zkm~#M=YeSdF<`03d~1}Q@ms-Ck9uksbb5mOCs^*E{Cw#E_(pYo^evR)ou3=Ql8^QJ zp6%-y3)XtpD?9aU14}&he4gg?u>Quve*FuI`1KzEOFZk>KF6=$8LaEiPGZH4OH29n z3zzomPXtRm>z6I#*KY#W^~WhY>(2&DJnQc(>*})~&*B>pr5}9WZho#`e+gLPgZZE5 z*Y5+C`pmxotnZhr!8(3qc^A)m{VMqN9;oR1*RJIJdHr<;OFinDq3pr>gQZ@u{*|2` z&i6yGo^N^;zy2n$#4~^23;gy51C>zM`?J*@XG zSkFHXtmBv0cJZuVs;*yuVV#8fu&pgfePpfgPsD3|nN9ut|A4i=ip`up>c1K+cIq1k7JbzJRdc7G{mgFR`pNeT(UvJ^ z-Y@X|1bLj=Z)SkCz5`&%&-yc3x%yo1mh4B8`}7K zI<@ojeG8U+)N=wXdZ@QuduM0A`hsOX?ANA?onH1U-of>Y?unQ~DC8hxPh`b$`ZyMGxa^cXaWrKl@U@{&`?sf6`@se8o;Kp8aSA*8P~M?Ci&U zu+*o%qqeX4A#%@>0Nz2o4}Hf^Xc2o*E1F@dRT8gSodQaSjW$~+{Ls0 zSv~yv_jUK{Z--sSkL>B*s-W{Q6#g{Kr?gc=qokSo=SGrSHEHtm~Zs z>w2Yo`|*3ha{lmnJiAYd_dNb9Sn{!cx2s${_pfKc`ur%>*S8M=YkOz>0|wF0e5L#O zJg~oG=6?&U<7*A@?c>4P-fy6@Gk=XiK93sgnETH>a6fgu?F8$5EwA?dJA$?UKCt#L zdyVhk4lMrEvnRoRIKlqfwJx6b`#oU2AJrJ*-|xx#em?-L^}G(2ely?uV4bf}hM$kD z^Q{8we4l}JzC5tbcg}TwKC72{{p*6Yf7(pnzZqEi%lvnN#h-dQ&GPM6g0+3fznq=>=V-9ruO0&H_g`e$ zuc*K7Y+nz59)Rd!z9nFtZzoviBkO!G-S6ky4c7S%fpxy<96ujf@^StZAMoRAfOY&Z zu+~G?@e}5{cfc5@Hmi>+Wm_N_g|0h`VGd^X$AAc!W$L|K~^P$v(e*93du1}VD z&UeNF-~U0d_Wum5{Z~BX{JCGQ1MB_xj)lISU0|6H{eJ;#|FakS{!PK!|2DArQ}381 zzWolcw!ikUvvdC{@QB-Q*zcRbx?elMQjh-MCHQ~(sPA9!G2g#CSnp?*ANTFG!P?HB zFCg`JfBYGImwG-co9)+|02Y7hUy@*7`Gm7GU&|+5KKAQdu*8$ke%dkpv%$Ll2VmWw zhRd8k>t6}h_Uo5BJM;YtmVB%?cZIW)*ROO;|8A?CKkrA~!E(Q0z1zUL-WOn*5B)FC z@%{fw@K1Th`Lo_Eu;^p_Y_Qa$zFMoDKkZY&+TP_^XXpFtXTb7)aRL16ukr5}eZcyD zL6-Xk=Qk6q=f|HXAoF9s%;)@k^T9eFS?4PO*7^Fcb@@2|2f;Fb=I{BupMNY^=O;^k z_NUG|myhw!gZ2F}53J+KI)3U4E}nX#>zy9n@A`xF{f8{~ANFf5SkLbdu=I=XAD-FZ z{F#p|`50dgEb*)#dCAr1{BC;D-L6UuRB=css8|2 z=kNNaZ?E{4voqgIVA0R}|0b~9uc`kaSoi;`w_QB_w}Q3*II#9#w8iu@A&o$-gS1qKe!g$O1)p&m|*`c!T!v9E}qZ(Tfy?Y&U|&=_w$Vaiyr!q z1#AEL3I30L;QX2ITd>yGVw-Qj0j%xiKXi8X>pQTl51;>cf%Wr$@9loSH-JSi{cC^Z z`+uI`|2ypB&w6V=_Uo+!>w3{o{CZQt63=@7fVF>4g8%j%&Y$&$?sWBdzU=_(^QXn9 z&Y$-FV6ij4<>xM*=g-Q|oIknq7e24}(lO&>U%7bZe-1498DHjW=TCbxu-F-2=vx<0 z|4H9Ce{#9+d>;32$BZw$%f)lQZ3344mh~opr5^L`0!zQ?e^;LGUl1(*%%AtY%g^{L zz&gIw4=$eeJz#Ag`lD~}@{_X%`N492Ef6-n){{+~z-fXbWPnP_Q&-~esKMdCK(O>*{vW_qO ztBa?;Y_Rl?`{gHL}h++)7I&R@>Xe7RuB$Ng#_SoSln*Tu&Z^n*n| z{o9`K{ohyq%)k6^m!JA7gLQo59~V#i%V2FEdeXPgIOXizpB91j{R_*!K@jju%y^G#O%bVE3^-NQC#>Y@!;;$}=zn=g%#{YcH0sn|&i-02d-9m=t{Gorr z6z5MashIH%!4gk<_XPU@Wq$+qsohd#RO|Z__DZ$=H*_kg3tn=X%^X6Bs zfXjCh{ob41;?BVPM!`K<;^eeOSGz5i@Y zh~K5+=|8c$^S=@O%L3nE^YeV!4wmzUdK%X7^>hPkJ=?%q4_WKkqvDx=Oih=cdQO1F zpL$M%wVqzJoIm@q9jxn*tnKR4&Yu@1cItl%Eawk-VI9ZxuUFUkb3MC&Wj?geRCdNc z0hW9`|9-#7oqwyq$H1?se(tE}^fSIkeHYLCd%&WX^$X(WsOxtDi=FX9z`FjrhJO9V zjr{uO!db89Y_P<$e$6H>KkIh_>-y7`o%NT3B|exx9yaCr3+4~@=HJY(-=n#U59SY+ z`33Vwab3R)K$4jy`glD)8T0kjyTs+Ao~>Z1M?Jg2x<9o#Iy?1r0E-^(|HUr#_x~7J@Bd`n0)rRz z?*;4gX+K!&edaP>Z{<#|9`$YnYrQ+cS}%VdnAoYe30U;9{**4RKK1tmr(1n|e)$xv z^^-+E`+F3u^{(&g>uuA`)uY}WV9~?={sz{18(!}0)Y}ED_0I3^^s@dUu+-=C&u!p- zR{zzO$6Dt47wPHin*^5p)K|Wjt51DR!CK!$Wv9ORV2Nixf4aiyqn>BMqKA5mU+MHx z-(z5{?+{pDFSqx0`KgaT|4a9;7FhK0d3YQ6PMJUSO$LiT&VLkG@>6dcTrB$h>j0L1 z^7*e4c%bUvg*Z7Rp7UP_mi*LL50lmUx`0I=?K72~@lSvyo_Y@ScY0X=C9u?I|LWsm zPxNs<$G}=o7Mvwtu%3f_Jx#${&qQSp))Or8)U#)>)5H3|f~7v6XWs!sV(_A#udep> z^t#67qns&tS`5i3v zc)l0A-q&*lSnSj@0<86{8|w71{!3t~&*$?8!C0a*{aH24*Hbyu<)faBV5vtvJHdLr zDh_vc>S+SjdZvtUdRV_FSn5;X8(`7L{wy5n>!~ox<)fZ;V6Epvu+~#zw6jxBEwI)z z@dl@d^Qkk&#Z%85*hLTHr@}7rtY7g)m!I*?!MgrLWoP_+u*CEH{rx6apY@J`r5^LW zceBgK=hKzo!FIivuf{DdAN9Np*8TVlto2m9)!7-}1g!O}8SC`0-UDE%M}4hs^Yv8% zOMd1XGtT9sopI z46N(#Rd&Xo21`8Gr`JTkeim5QuW*;k$N2lf63_ZI@Am8W0qgn;l%4Ub!4l8wv06qL1~9 zOmlYXs|J>M>W@!%`dNP}Soia?8BQp#osq24}V z(MvrGz`CES!8(5Uzg#@~*=DxWNBu*=qM!PH18aSw?)UW_0PFnI=D7USw+t-$sDH1r zv!AEI5>Neo<~se<(;qB)*q_Ps{Q7@_C7$_b&-d%E0PFfcD?96_Jm}(Czt;l4{!Xy2 z|Mx?F{o5D1c-Akv$gf`utm}_bcGjN^7X7ThW3gZV3$U)A@^C_Zu*3)TA4#YW_UbEp zP#-MuLH$Sl`n@0X>rZ~%um2}l;)DJ#_3N(y>-s+{d(i)E7ay$u6Mp^v;8*PZf$#U4 zg7JtNym&s$deYZ(60G$se#+PL0$A%gq3qOC`e_$WJ;RncJ*;0JEcJPQ^5=7jKI(a9 zxv!_i3YU-l*#^cfE_m_!*bCNr>a28j>bV3g^P!$OtDGLbf9nrUxA}sf7Y%M;nV&zu z1+He9dVc_Gy@zvry!Zp5Lvew%X zto8PO&e!_|Sn5&ln60qt*J!Plf@4*t!{x(_X^s-+q!BU^^@5+Gt*?#i<9C@r| zuK$-W`1*RScloJr4_L2%!41B?E?}`!-w?3Yx8_Bsk9zI^iyrFz5-fVDFXts+U&=;b z-)yktr@oq-Tz#&0CvXcpKia1&JM}FEOFaAc`^!!r^&A6>9=^ZZ2_C5WRsL09&m6Gi z3-oMG&;$1LD0`p>Eb-KH;5DZwcz+3&`qWqdb*GQ(*ErYL^CDRCQBRLId_5z;TF)wF zr=B;!5>Gv)-*S3b|2(kthwopGyy@P*P*2~teLdU2l8<_ZZ}Ig^1#3O;C_DA+0!uvg zGJ+t5S^_&7rKI&Qgp0DQxu-0=z*{P@W`!1e(#(v=Ru>Kuj zsn6%9W!v2I6ZQN6o@CD_=IivK%SSz5gC|=%&*!6H(ZhOew!3GZMwF|h7OjnDjkTo2ZIwtyuc z>kazc*E1e0dRXseFm4&ai+Xl|b^PKlTs-xB_NCLqe#`{x`X|3ii2vHfvmY;jr9SnY zPwYZz&h>-)^)T3FzYfk9*tNb+|91I<^9AgkFJRFZoG-gv z{os57>;9C_bMe&I?|Y|@dcFi}Jw?D;&+R|>`HKGN^08mFz@mqGM=3k?Oa_Y{>dpJf z>7}0CVBN10dtATxJW&dqZr7jB6V1R4Ec1DSEc-M2c^_Eo-wl@f)HiXjum2&i=%>D~ z!TNmr9jxOw?sM_f|L4z6KlM)d#n<~3SnDNgy*Y^2db|JX*V_Zu>tArc)64mE0gIje z9s(A;t?#qneSKSC*ZBt>b@{1pJXrLx{>#cv zeLKJs&we&J=JZovOR(-|=3lO#+}}rlWq)V?mVQi4AudD{zkB@7xnD~i$2z`c#f-2eNDikkMVzjC7$|P z6m$BhXCqka`K73@XDsg7I$zNeE+6&O0*fBj8>Q^jGZ`%L)SHKI_>=Xep50*S7vpD^ za{2lBQjOB?`%7u>1eW=*{wH9m&w6dkxO(*e60H4?fW@DB-Ye(yFuqS&KfVoE;;Cl^ z{0H0hqyEL`I{nmB^E{WI`5p$#{Hdo&d6$p=J;9=f_6L-m@hiX*PrZ?fPA}^h1WW&z zuR|q2-{-K4e&$;VyX0fN&gVNj<1@jchxJx~WxW{xI#|a~sqEsZXKNK-&v>xpWBis2 z{P;mp7ti|R!QxMSFDpCacYvin^);#H^s#m6HE3m%) zI#qZ1S^sOW^pEuFWn*Rvcf`KYID9aoQf z`hm5chn1ar)`2CS{VIKtujf3l?pNn}e!secwZ2VY-LD$;UH)Lbz`9?bfwjJh4V<0& znt-*w?hSo?6&g8x?AJ1|)>FQ*uV)%q@=;HvCaxa))dH;bOjLI2nGcqD_UreizMf-X z-LD$WUBCFe@EKV5r)3M5k9xL&b$|APMGx!MY3b@w&m~~d!}tQNTs+VBwym8W);|cl zuD`C0AK#;`i)TMZfTce3uTpl_e*-M_sV~~z>0|vGVBL@27yJD<1=e~pJGgwTcLJ>Y zQ7-26u-+iBzWG8fN&ECcI)>{WL5<1|?6 zQ(s1Br;qhB!MYz0baDOQ`?tMd{r;_aS6|;Eu;l0b>UHz=bpeY$)}IO1{doeck>%lSoppMymo>sK7^>Qi46u;^p_Uto!+z7`{$ zKI+*B)_Q&!;p=&9l%KEFXqS(At^$i5)_Yjlsb?Kn^iXfU5*)7vGO$ zgZ2B76JXu1Yi@G+gZYAGzSLLdW~Yz!2Z8nZHWn=U7~kp^7f*e+-|F;HPph%Mp1QDW zJ-@@Q^Uc1^<)fYzVCfh2{0!E5QpWl5JHUEAQ*L+h)RzgC{;}UH!Mc9uJN)=eu&%!X ztn0rH*736^xOl$biQVbH-?h<@-nDzW+?H_Fn*&{M0{ovae?+So?Rn z*Y~dp*7|4P=ld@LOMdDfJH^-YIauefGu8KRI?eZg6s-MMfF(co`{vXA{eB8q>)Q>M zc={hw{#?&eGh9CQqufkCzByRp=^q2@`rEa$=6fD2`4~U@ zUw-^Kk|T||01x?PuBUb084)Mr^sBtKR1DO{yV{1{|jK9pRDtL2G;qXo#*F2 zd%nxh`IZKYKlkrt;C^y_TGspbtOxym><5cp#vcPqJo6V`;PUf%<$kcvSMwo1UuUr7 zV|;J0*0&2R`I(O_`Pk357y9$9y~yRGzNTP_Xa3G$$kU4J)No*&qciy!s%F9S#qfiKl6PBmVAug{FonK`f(RefBw8I@#p8e&w~5g^N0FNE%o(}1xtPUPXdcS^Q{L< zKE}VD?Z@v1OFaD#fyJNs?s>xHqy8VkdcW!Nq>HD2AF!@J4J`Q>fBRE@{0CrN|8ubT z^LZrmY5#fTJ+NN?ddplq{ab?Nd5ZHH0+xK7|G4FT`~tA9zZ5L~%vXPf%SZhWfc5;3 zfF+*(r<6bIw^`}(F~0CB7f<_5V5!IFiIg0dkIx&W!7c3i(?1ie{f{L07kI|^?+@1g zyTPKD`A;f;KL7j)9xV4O*t@TG{6MP=~f_vT%K92?K&-1+`wOdY7O1MuH_DTkBy*RvR`^&A9i z|Bmna{?CB5|BGPp=kw{T_uTU-=kp6#>+A8pi>H5ouzsGM0G51=-}-?czXz=A9|ns* z^W|=H`8eOoANu;If+aq9o(Ajs&x0i&Fl(VX)+9zN^3T^PTmzpRWd3@=;$Su*5Te+BYsg^N~d#`}qM_KR-15 z*5zY-8?e^b11$NOulRRc1(tm5SBYKz{B8m3_`AS5{wc7I z-<{{j7yRDEvp*%l;!iz~gC!sP(f9{n|3hG1KN~Fm%=a!>@-cq@kA8fopIkisuLO%f zpU>`Kl5F%$K_-E{JnnsIrPyK&`_4*C@ z*~PQ|Xs~{seHtwJ82|n+etd&pT|Dde0gFHP_bd0i{XLjJ*qc9C>u>U#i>H4vu=q3o zm;=tv{qg`<;#u#OgRUO+J`2|KEp^EGGvCEv(M$jKhkgGwV98Ja9boZiy^nu)^{BVV z5vP~>#(;JFI-tSjxO|M?2G;S#z!J~-Xa4Q{nQt#x z@=?!-e|$Zoz><&idlanKyWmL|&-^XGGC%7146NfDobuzBf~7v=-vUcKKi|InwEH}l z`)kQas<%Hi1?&BZEc+AtHvug3=X}2d>v|Waq@JnA{F}jg|Jw)F`N=x}DV3l4XQ#S+ ztXKRjSC9Se2G-}-V_@kg>lZBG*RKuM^~qA7>oFQE@vOHUtmjw1pwq+r?}GLGj(~N3 zvd-VCke`1kSm%EWEbGPjy>+&mANRj#TI!kokNX{2_D`<%886~ zfOY&q70>xxRoeNpf1iORANBMv-bGznGf}BKG*5t=U1QVKjSO7 zeAIIce5c({nD01P^sqn8D*E$V4A%480+#%YA5zJW-v-wGZGXNWe;rujsb^?qr-#oY znP7PyVSiSGWqzDb@hX14zF^76_yb@a-w-VE?9XEtIDh85AnNi_Pc~Tk!+cMIB_I3q z16a?mb5$45{7-|mo{Ovb@w34aPya(;@ekJPLYI%94?P3cpAVfS^E5*V6&4^*j%j^ObtaH1hKe1WP{ZISSVC&A>W- zTVp@|5Ln`==TH-;hu7Pbrhfb$u{vF59SB<=GWfY zgZW+T;)D5tz4>+U^==32dVhmOZ!o`0eE%1~+W!l%_y_ar=<4zLw#lWbXP$4Ve*#$a zQ}1_Ro$tcSTt3F11k3X=<4>u0uJ7tj&Y$@jbawfuXDwLf&wOcJTt3dP7g+9pj9&-V zdUk&HNskM-t(r5^LWG|10K*7+I@_VX-m2OmVDH^?P{l&&$HXX1MPm#ezv>D z@8{!So$n{GU`N^mWsS*ACc-!xC`T6s)SAnlp&!hM_ z_{{Sj^G#L$!tpOasS~AqgPlMlv{yM%f~Lr0Sj<}Y7p zkK&=D$p>S}T|zygp`*zM^OrBQNAb|n0O^1)bgmr##r z=xFl6{N)SnQ9N`s`Cu%$OQ=UQbTs*3{_=(PC>}bRd@z>WCDbDtI+}bifB8at6b~Iu zJ{U{x66z5R9Zf!%zkH!RiieISAB-h;3H6AEjwT<>U%t>D#Y0Dv55|(agnC3nN0Sfc zFJEYn;-RC-2V==yLOr6Pqsa&JmoKzO@zBxagR$f;p&rrD(d2{q%NN?Cc<5;I!B}#a zP>*QnX!61QJbecO+J{ve4#yxhmIy6j3svo^@xU!CLhdSzR(`ULr0Sj#*({)dPGA< zlMm)EUuciwp`*zMW651YJ))tb$p`b7FSJMT(9z_BvE(kH9?{UzKRa`C$I?h4v^OI+}bimfR)OBN{rId@z6c zLVFYs9ZfzMOYRct5e*$pKA69Jp*@O+jwTqD@N0Sf6lDmX@ zL_qgPlMlv{ zyM%f~Lr0Sj<}Y7pkK&=D$p>S}T|zygp`*zM^OrBQNAb|n0O^1)bgmr##r=xFl6{N)SnQ9N`s`Cu%$OQ=UQbTs*3{_=(PC>}bRd@z>WCDbDt zI+}bifB8at6b~IuJ{U{x66z5R9Zf!%zkH!RiieISAB-h;3H6AEjwT<>U%t>D#Y0Dv z55|(agnC3nN0SfcFJEYn;-RC-2V==yLOr6Pqsa&JmoKzO@zBxagR$f;p&rrD(d2{q z%NN?Cc<5;I!B}#aP>*QnX!61QJbecO+J{ve4#yxhmIy6j3svo^@xU!CLhdSzR(`U zLr0Sj#*({)dPGAf@A4OBqd_vQ|xazNHK1alvt2GBER@Re)4_+J5b1&BWK&A{6zo4mJ63M zUlhjgq~NP?>8LqgW)c*Rn~X(*(MY67q(tyl5j${>9WQE+#q6=TJsR%_em|&r*>aIm zc7mm=8D(Xxy{tW!v&VDgXeV;+zqVZe{D69qb6;!}SkANd@^UQ;XZJ6^+1tY+DAo!FY1-Hb;qYp>Nc z9(+}+TlJvzwe5KAD&~vYubF~%?06lUzm9E8on;I9Tn<}ZYp+|-d~uQGi+Y)rt!KHu z9J`su$?qyMU5iATSbGz@FwHE>@04q0xwSpEvB$Rd*v=l?+vCOd*ufqzk)u5!J6i5! zkDcwYi(P=Omb=b30p{X}M9js4qgk#9d%#yuHW{y8<`B8U9(&tkA30u*&f)6l!y~S( zK5rO<{BEzl>E?=(%d~I0X>8y0^x(qnn|?aDFywb-rQ=HEE8QF-);*GLPuTQsY4ZZR z4M?|+>DCcxO}zc0pUoq`ds2SKjr=a3fp)@!f~ZJj&<)RS_#9u$@0z*Vj$dPsL*!^K z=g9SzhuLGM9L?z#$!t;~So+MFW+3y)9)Smr3wWXqxBkQN;+LZ=kG8r;+Z)PFcKntC zsqq**Z%v5@BV#MB30i%d^&4mXZnwt?_IQsy#uv^GzM32}15@nzIn~;y+Vg3e<(X6K z7v+}^*c;s3>Si8u&1DvuXY0>8NM*=>2ZUH4yY-~P7i_m4fEvVN!R25GlZY^Slna?1AqR8`}6%3RhFyIn-g<{gQg zwgac}vMJ5M&cnbhy|E>$7dh9=aBlRHdkYjUT^+x#FL=qmUdOsy&bFBPMAbB$tEuzs z{Y`Oh^=_rlDpjCRYFYYrHUTx#TW>i1;OX0!%_9N~Ry!{@k5*gieTZD{_} zW##^nlhe_@jJ}+l%e$MG3HUlKRxRbS(%nkiemP!Ty<0W*$A8&b+UhtIcsuwSG7?`w zM$vI5z?=>d?z8{9mvuW6miUD|J-AQ&U;W>ic}Cgi#91bC?3BM6auz50{l8(OC@Y~* z*8kK%fB!VfGB+OcXTS7^>SkGc^YqVn?x&|)k6*;`j0cU+Hgg_1Ii*UKDOKu{%Pz~B z;lI+dN+rCqf^&0L+N>GbGonSF%%(@_Ql*-eDK)(F@ZqC}ztJZv^~rlDKk;P8NXJeE zt6x&1YD(6UDRt{isI$0tw<)Q)UktjT(-lxuw^eFNEZTH(G&N;%wVJ`jJ^8}3FPz+| zNU@a3IVo9HrF5_g|5$l!RASYQih4K*B34E#Z|_GU1gKO?YKV zeL4Prq@$6kKY30pD;*cVI!ph@&QMhoU*?z1?}zF@{^_8a@qf+bk#*S{X&G5od53s) z+<1BKjZP`){fE1A%=<5^W4xsIUsj~*6z@OWzf-*bvPz~-@&3yykXF_EFUwSSe`Y1f zD3FyPqiR-yj0iRsPe#?O1Q}^r2{KYKIZp<+9;bm{XZhWjQZmc$M%5Uk`%1DBWE9Bq zyOEZH$$3gJIbQ~(`!fFPx{MAMCF9+>RWF@ZJ~eVqk;tr%N?=!vM6wbdnEsD0&zJUJ zo_@{v^sMDMgVL8R&&f&WTPM8K<3n2ToRDS4-Ji-Mc+%kGLvLsHbDZ&T&mfcWM8pFkq%ddUzrD;|C*!xnO9b$MvYefb*T0#BV}dntlkN)tS9|f zwX9AFudG@At4LP4gjZJGd#*37Us=@?URhleURiVfSII2-P*09o^4>>|SyTL1fvmy_ zuPm*BU;oePz>{iqKC?bly+*0@thzaM`9%99|ESB;fhP0fb8lZh_x`Z#bmZ)6!6W2K z>(Se|ROO1|ba?tkywS#g&je{yj`Z|ZE@}N$@2@(!^q-e5O3zws-|5pIr@cH~1I(4= zT|ik~@$M@t@eNoN43?gJZz>*n|Nrxc*E;stdt-w3V1e+7ZSb+J`J+ab0)CoXC(D`( z{$q9;ua_M9KN;v?7CKCawa6hvshIw|95;Cm{HSwt%W2IckvKmN?tmlykHm1q|JnFI zHx^%5zI&}N23(KvIR1Yfhu1Oo!Ce6U9`KXidt3VXa9uXNB{e(_P4jY zv-!c+zu1qN*Is=8ZyU0YZC!iuKdTP!=z0B>9quZ-rpxyer?5U=Ydbu=gs)8(+7F6%Hqr>>?{+U&G z(T)yHgV)Xu1x_qNp0BK5UWW&R4(tZ!o$AfVboyOcX-?UC5Ni*D?4_pEbbCQnIwEE~J;m3!)Z^6b^r)|7Fp81?9D{|=7z*Mr9@z`xXri!$(EPt)`qaCkl+#+YCm@h^} zB2j*Iyslxm1#I0T_G7Mye4ZB=;fnOZm%rd^zV5Y*G*L3@1jp#2ONo&WfTol2} ze3}`F+-ChyCrU$h9x~w-Z+c&FOym(aH*V0RQG=#|5r0g&`(MGAQ9H2yOT!mg-Zb5C zRm-1zU|2qGJdwaX%Nu)n>;L;KKmPjX4A-#sw7rJwTfV#Xtl%sAv1???A;Y{U@O8yi zhRvswk;tsIe!iZ0hU*#k$k@k?zx+MnCs!MLWotjZ&X1pPw)y)3Y0$^#8*XL&mz6O7 z^7n$T)-o)AA6V>8Q?ID?PkYhNUwo|L3#@%}s_~cerR6z><@3fuEe%UQj{amg_{J2yfs@QyYls9@?S}ywY!r-eE%RfGB{4cb;t%J!YA3yhCTAIz^Yy~QzPwka3{Q4%GpNDTT{^wZ#!mUjIx>&B6aKFi&ZR*MW`O#|(%lX;% zTf-OG_|qj!KG{dA|7`4X|6Q7p@4{`yF8BM)K1QG1e>)}A+t=IppKt3G=;QPJQHJGy z70od$*Z0`*hUNa)K5jT_^G$!lF!s;j)$1LjNA}n3(Z(+M-zjG7a=r8$;Onn;!1&Ae zFVz0s*ya3d*3;N!KJQI5c3IE2Pa3v=of?^uV_2@okFWIOk2g0g=jW~jKANz94(@3D z<$4``yJ6{1$N8q7+^TPmggTdEbA3Z*gxWJ zO}?Jizd*wC$qTQVczKRna*^@B*!ur9+V9_?MaEz5&!rdp{Ng)?rJw&!;Br41yUh1M zg8qsTQ@^pT|9-;tIV{0{Z$aZP``y8#CVxX4U*%7q-)?67FSGXVvWz`yxpTt&iacTL z@_f)N;d-2xuzuwd?AsEq|HW^bd~&^B{jTY+T(4ifY}kH#Q>5V~MsGi>@5H}Myxia3 zs9@~!e6y&IvCICjJz+kx5;!-ZpR*G3r6%}qPq<&rYi{ayvie?XXSkQ;?>ZR1%JO1+ z|L$t}!B_qHe$>GD$E~cNc^nzh|p6-^wxe4dTg9-NG3Fm9c zg#Dst!ugbT!qk)JxpNZq?*7KuFS7dQB;>y_;eK@O7UM71PxXZTvBamwF8#PWK~L?3 z=kq%fo?njbGx4&&ZAf_DuaaWya{oS&aQ~mX%GhOp`gaYpUUI)nscx7bRPfaMw@!QL$4eljIy{L@Xk$hgbQ`I2V&vM&vnu{zZ=aIDn=bL~vx^)3@_bQyzp=~x`lI^B9<%x%+hy$aEY~Pt>~ep* zWQRZBd)_tva=z?I*bis_V(hZsX=4n_esnnDe!OtKvCH){Dq(&DBE~M~N8yD2%`9x} z(yv3Ae!Zay=WqFh{kiWTGruBs{v9@&c-fx{_A@NcbHf%Gf7$PA|84AYJ^q={pM?qc z^OeVa|J4cauQr}GcG-_wCtS}3e=v4guT>uzmiy7S3C~}3HyFG0_tq4%zLNjsy~ZB3 z^RE^)_STl~NVvYfOSs>(OR(=q&~rH9{a3S+Ccm7Y+Y_E&RR|lNY zA>1CDX6=_4dvutI|8#1<;6#gO`|;T|X9oG&9sKDNev$F5`Of3Kn2Arc=Y4AI88&~S zJ$I+ITYb??Q-AiGy_N)pj`{XH{6#Kb-3J}t$Yb818+nMx{IaVV`_kf%7Up>L8S~^L z_Q-|CzF>8+y94_sYp-MV|7`3XDjzvPd&U|&e`}9cH}+CXYfPs-H}x7GA{k=;#n^jX z|H5RBN5}j2xQ$=4ZD}jovrqc=JZpcxQRz0cM^b!ytcJ<|^5l9;Y0enu+q13x^ea0y z(4H%H+yA^v%=)F|Wd@I=v4Pjp?Tr4sx+Z_Efveukz zBlV0u{k2(Ui)>@16$)^-cbLIoAgt zIb`2u&kyPUeq$f`#r{!@&&W$yUu%Eqn@fW&Dm&4BjX4iKtU4grGGjY#W12`tGc%q$ zep*X2 z7#~Zp$F2RzcAt)+J#xa2&$IR;b9eNlIWBg&zce-Z%WZo<_{cZfu^-*eT))vjjD5~) zk!Ls_U1|H%()RbLvEMrIFQfnQ@pOx1v@-TsGh>gmEYX4E@#V&zXXCT2{qFluw4*(* z*+d>9c{V=V=07kb^I?u>6uF&;h{Q*loBVUvw?E49TpKUff4qgUU-tRnduY$THaLyX zTtC?@js5dYe+OGx^wli7Is0G6-u|yn!S$Ja=^$gb_s85;#vZxgbg<=S)EaB-(%(X+ z4ZkpLTFOxBBHgoH>7D?M?j8Ygeq{c>L8E4`=Mz)_!nO=lcS~zHY`Y_m3=- zKlS=Q*3l3>mSB$?d#kofYSW(EWFQY`^krN7o<|Q{!0~8v-yZ$d#4rE7=f$+g8~FC@ z$;SSA`wN5nOGNU^{j)@H+DA4OO?{Q|k!tq*koEn|#Mip=RA7!Z^YiB&F!o{J_F51) zto8TLc!tS8sM>*yz<$*9SN8WrdtPeyz)jAdM0>{Hc6~%&F;oAArxv`xz}zFgJvznM z``wb#hW3n~eS3B{v%YQ4Z}LlE&$*HZ*Z=Y+{?R$BHgP=mfUhq)((FG=D{NU#dtR!I zm*-nqe{!!f z_G)j;Y{v1tbNlmf#vZL|bPnvkD!A~X!*BNN@ieplWo?*SI52GUug{Fn&1JP^Q+5vR zxw-!Sn``aGF35V1_ULMR{#pHbUzqrFD^0yCuvfJAFT20yb~pM4-8(->9Is*b2W!up zZS=iXGPfh+<28MI{C;Df@>1J*w8!dLyR9Gl+VtneV_Spy#csCstv&LqiGO-eZWYGo z?)UA{w#I&bfhK)v&;G`qzxMpeyV%&@{pIT50?jzojc#Z9pL>;=U*kWXd5GiLE&S^{ z`kJvfd2{+xfxWr4Oa4@oe_Gc$(`k>jN{Bz#%A&o1a+UwJnE-BL?_4C40Q!^4^Q+$u)j1xw!u zo`13z+x72k^5&+Si$C}9h-MIKgij*yPZk5_~ zFRE9+LBmFkn>20LxyzOP1`WIMrkiiMb?j~9Ca~E5=GE}#TgEjUdGl@KGKb;)`Iw>C z4IP=;aKz0G&3B75oY10~3C_LJ^e^#!WbF7AfkUo6#=024__L-T-P(RRk`CGH%>69y zMROFt*c#(kd&|@2zP#P~yjntYM3%yHxDCxhqvyf;S&b@Sdf$C&lY9$@???Rma6 z9paxDd&UmmFFMfp^%~ov7X4x$8GF?FpUG$a-u$+B#US51Hs5;*`39MM$Kq$V5AtoX z`K)B4%>Vd;5G%1~b< z$JSlt`^9z{|8~DlZb!F_bvEB>bIg^x_I*+5(R03|U+fW^=W#z@JkR8txTx)A^owq? zd0tBJyVIP{h4*|Be2$R4&Dita^!>7Tn*HFrf*%FvbMBAEp8c`!7yZ-p<>|7s3j}rl zv3`GBzh1U4)^El;kF20yMvve&7K!#U$C&M3?w961miNq;_30Nc9V~Msa>}n8`^n_3 z6fYh4#bU-UqpdmS+PYEuzN$cpp}`F|_bKzfJR{p2bFVOYGVU^cnRfR0wXB;v!0hkQ zLFOoak-LrGlodY(&k-4et^I1>FWdSR>~YJkAm8=I9v^1?tiJe*Cg0wtt8S-X^j2$^ zqxH+!YjhT$yeYUpXN)m^88`a*vi~vbv1sj6vzRY7%G%{<=Nmm`{7RL0`zZY)l}$gQ z_9*kswthQL-Ej%s;?;~_wmphpG}Y)!t6u0G`epPsesOygzijLG%y~bV^+-2m;kbz{?wUxq!#?7oma(d7Ft?|+Az_qn-!j6E-I z&cCtmFP$6AdszifLv<9Dy|`{aUErI|1G zx$(=e$5>x8-{^hD@6%SR%g`@g%sltV`)BdXvwral2UVtD^q6^mNc79yXwK(JU%a&- z@H-mr7dvh0PWk%A74(b$6Ydw^Wb%za>)K%d%|0t!U+iV$w`b(}!F(fW;eOduOx^L9 zuX~+!BPGNAGU6uRmmj?Q1>K_Og!@HDnET|?!sCPY{jrpAzsO{hZ`+^;|IK{a1%1E& z#om3uM^&xsPlP`>wUu-m~|fJ(Hc`$@PnP zA8IJo%T}&gsGiq}CcYny-c`1-EpPBZoxu~TI$cdX&*Oi+dc#(y^Fdzo7j=_SS9jde zrM5b)KJpf-#xrp|{}gBY>!qnN$8+U)yw1_RgYg1$Ykg)L&Ug~9_ZF(IBebK~E}gUV zEo^m$DmZ?0Re8Lr^PeZ`l2)y6W~;Ld!FkO%l;<~|*UZyUxA&rEKf&q4kT+0u-Y`r@ zU9-L^4{YP<45-snRcFy*fBE@t9s3Sy7{%pMRcCq`b$6pn+TY(9UqhXVs@Ee!J=FD$ zxN1KUn0fv-CZS%9r_I3pYR2Zxu+2~J!}A(dbtcx`-Sl%0Tb;odbw;Y{^fNKuoKH4K z+v<#ds54PjXJOr-9cwq)>P-HqGb_2Bjk7S`zUyw0wmM5Y)M@QmuU==~LEZAYUp}(c zX&sQ)QMFuMeQcLbulf4vx`d4fEw7F6SDb1>eOa(?#DL3J~@T&n6U*D>Bj zeYr)pYkim z;&Hxe)4Aqv_VFzC%VW)ex9ysG{m>0Z-FHWB_}c2U)&uS6+d!>hBkMcEVot?N*xntM zd9iG{@)cgHSjqZkuUhpQHET7lU8k<@<$CoSIP>?v<@tMF^?PB%a9n@b2mPD>DbM~o z@q1!zv}6B^k0;qj!G{aa9#DKoz~6?pQFNPd9@FK)_@-CwpT8QGC)pQbqWTqxRlS+@ z&P7JGvKPLOyq=n=X&%Nkg~6nae(P=Z`Z@-CH(gz5s0~%U&Vc$JE?*zC6&f2NuWt%< zFGE#tVtvt1Pn@=vYo_MNTU=SkeyZM(iT&x9%$^>$dd-)0e$eQ}nDf`NQ1ATWsd3h7 zO~06R??G)5RO9QyG5?%P;lEnTHS z+3L;1QKyTAdaCM8tk3m{vcE2v&8X9MvY%3|?=XzNvi`xrw(<3|QD@?IGE;RvG_n5n zl9un=>J6R4Y-mQR4@9iyql>}#2h({Uy{> zRc|u+2x~ z^KVqo8+}s$9nM#mm)@yiE7z^!_}s4gIbuE>f7|*!ZnkUAF?uUi8(`eZ&FzxG#)o7(F2@1xE_%~aLvzsLBA zlh*uTuit@s{Vpzts(M{A=D+*1l+Lz#;}+I!g&I}$Ce}xl_OPFC^(Rqhp=PS;b!Rc3 zQ8#N>vyE^15%s1^&`6)ur(ix`4b87-tJlu4o*Grm?Wvu^_`x52|F*5%^Z@nd-`G#7 z_J5Aw>ey6Ux%GORb=0V0_56;&d_Jmp*M9!g6~}&TrY0rp^&9c}n>w+H{rbvM8ub?3 zo~D_pT3-{#PnlTvW7~90-(Wua<4{Lcy)G5=DPQ!uzpdWl&G~pyAE@e0tUq|`W{9oc zs7GGEkG6BHw{Ux|*1g@(R&RJ2d1E7JplW9&oAVueeNEJ9)KJTDd=0;b*QU%{ zGuKwH>&bjyXryX$tRKaCs_J#=nE!wm zx;CoPF@(7oR*v6bt(AaAB7rP@DP z-{|r%`&%B%BGelfLj!#>ekR5rSFtSi|7EDtzYld()tgvfw(*!7w)yB+q0U0hRMqRU zF#h=c886uCwRNaBQKO1EfAe`9k1b1|)!E9;8&GfF#C}S(z8wGZ?nL|kubanuYEmx8 zJanU=>B~1Pw($+wcwcR#x{-)=D^O<`gZbotpJ}$$n|ObeF=~)4)HKHGdPes;`c-TH zgZ+aW{q7)pnSts)NBpFI9O_HGTdbe zExx$K{`s#~l;Fwir!MEmYO(HembDdnxlHTb=P1KMzyh zMy%>Btbbg;&wN|G`4{GIupd?Rx|NvE(3NjjwvWFw*oJ1NhGmFVy(t&<{TA-JVyiO@ z>SIGQQQcs~s$MIK`ERV^{)(;6=-JzbX7+$4#;RU#!uISl@{M7(I@9;|%TUci4d)Q6 zdJF5TT&QI~|5#N1JnJq%+gSgdAKf;rxBUIM{xG(W`aQX}iQDfJZa4NbrDDCB4ytw1 zHV@NE)=>-9Ryp>Qzh~E(k=OJ0?fS0~TaJo;X;|JM_pt5u<$Z&^`8exOuznvjsd@TL zvTvq_QYdtfZl(;geBo?58sQ*0O0Ip{gMfxVw4Aj95I-wA3|N1ycj6Z=QMSAS2m zbuf2Ey|EXxFxCPQn?A#GEc`vOd+d&_wtmK4$Q!7hTBur{?gILUM>l9?>u2bTer9T< zCMDO;l81S&>U4abeR=)SPdAYBVr*9JoTqLSo`=p;ca^sF(>EDq!+IYU)Tpr`Vl_`Q zKZl4c@$jClUKfSs7^$8bsOqQvi1nLN=jeTVzj*Z1;-H0UY*+nE>{nt*u>CxyS9xln zM%B*kV#vhjp}USQDq~xomcZpu9o18{Jj+GQGd{Wed-i$GK|j+1sAsI3%XYPY{)B$& zeq3`RUWZIc(2xw(eY&RYsJD#9^U!3&&!5?rXO0^$A8|C)caABLL#JT$5JGGdF0*vR4ew_IFSDZ37QhhPBtN!}27^nEyTlN!xr3CVNXQ)w~l6lqN!v143mld}y zUS9Oej zT6t`L%MiToWtZ8s*0u=47`*P8sWug{HWr%RWZuZQv)Ui9KR)Ze2JI6b@5`Wpu|>6W zoWkyV&}Q>GcLJ|_8Cz64$0_W-2-8mV*DZtEE@-4CHBKS-O=!QcAMc~kF*Z}3p4)jf z&KIMS8rQdNXH!R9f13lLo*LP%V{GWcx|uGWcEFbSzELPx}Fyns6LyX5Oq~j-!2vaauK9X|auCc1J%m$1%Df z)^WR=nAcoc$8n55VLPu_T071*j-dhahC9$wkM)f8%xm=>$1!t0;}fpVw~b>AL0(!$tM8F@nm_+*^DSg!-kjo$Y83`So21?s5&2K!SZRpV&;FwTN`2X@-V(E{23 zGBkFACdQV|jM=WnF>{pspL#sGfN}V>KTmZkN<5M>qb$K2BHm zQ{!|&Y+$TsUe9)0pMpPe-*vKw$uxt$M#s{(=rp>J&ZY&&Ecn>#Ta4d=wxt2I8|_U) zXe1p%3yxXv@muFH{xmw9E~LxoD!Pt-N;lGiV-|eeWlDE@*pmj+K{SHK(j+>HrqhCB z7JU5SG>o51H_^}N=X5_kLQm5ZwBVQpA8#0k@wd@kbPqj9kI_8(BRxwCj#=<=lL|fT zp&Rv~t!R51NQ3A=+K(0-v*6<&?_vHw)0^}@{eu>{k2+^snU@+s#{%hH;(GA%e}!N=pa2H3+%bUK|w-=)jw zD!P%bqXow-_&9T&-X6YA$I`dxG&-9uq^syMT5!yQkLOQrXAhUq<#aXum~N)q>F0Dm zEjVVu$G~NrV(@yEjVVu$NsDBmqprpA3_x$XZ!FqXm?r*7t!JCSpN|`P7980 zd%SWB@(ZYnH!=Q#9;4@J$*t)33*$fNH1WNcC&c&2YA@i|Q#0s z3EOPMYxj%(TC|a~lU7_Sp*d?Mt^X2eX)RcLQA^a4v}7$sYvBBf^R*I{8n<>n;C#^e zkn>^ZBhFttA9X(F{Ec(P#v`;;?P`gN*6&rWpf%DeG%hf-{o&|K_?%)amGK0&D`j5B za{Mh_v44CV2vuCCi({s*~eSZi(?O zw}1hR=RU(hteZq-KRJF2J;uFHquU|QYYSDZ>Q;z)*-wtYurtO9rZ;H1h*jM(w(k|H zescV7Juv>7?$9X+ek)>C7smP-Le)=>?{^sEji*~^?;~jcnYRBLaSU}iig>Ds|MrI4 ze<~?w{J#``i0gi14V*{X*Y<2{Te6Yg%b;t3&%X`SLUj$%t~G)dYG}-Mj;o39d(hQJ z-du-ub)k`(sY%E7ms!X8XdKtj6Z1XsD8v4No`uUbHbK3a>YH*LYG{U7-<)++jcfA5 zxRHw=+26nDT~KFng*rEAq84g)XS)aMJfV6P=WoOBPnD+_|4Ms(hWs0})2E1g(Ye%2 zH&8Wxrx~d4HWLQVhEwLiHq+pq`Os-DtU?#j^7GK1M%DPGPorH~@*LuuXW*5yj;g$7 zLHmRspzb1Ucp0kk-8&$5>IlE3s{#;bcYz_+R7WjJ!>z_*u=HE-aRJ%@8^sty%`yWk2 zG-%kU@heUEH}gZRe>CsyT{ZzD~CP`Q}2p{jo3qepkAY`7fxdkNW}rO0r+|XY^O&HD=y29iLwr zn&NzLbWX_c_6eNB`)~_2=ONaeh2|4bQ|9tcyfA`<_ z+iOk#yZ^r19dY3A{yQ-^#lCu1=?g;;SEDYp106t<=>+;N{e2b~(Ei``7cpK{j;rQhc|%|O!}`>Z2GS5ZjJ{51(G_$X{hFSmcWBX# zSWZRSi2Bh^G?+%wY&wZ9q-y?`M-H(+{Pj5u%O7vtL7hWiJt{_J{1J@-kNK zAG91{pa16Pw00}hKd*1HUg`fT`YX$eSha6uKb4oUYWJSc=7|LbOkymuSGd z>`$E*u|GXP-4>&LGHtyC@qg9t*niwO?2ogb(-o|HUN^ITA00Iw%Tu0wM*D5H7h!!Z z>P>snaH>7y=UzL5Ju|L7{FL6NuXI3r7@bSMro}rV-_UUFk&nIgJWLz8%NYp7AsP!BBhV67_kAcoIEDoBW3MZNI~jjK88a*d9k!UCBRC zKY*@>#z2Wc_{7FZfUNcjGv((Pyll)-NCROX*G8O2g}04n0omzJT`ObQ^Ulg7)5Y zG5wi(6-9oWlcS@b(f$G3Z_sMR(61dW!*PP?v(|6k@s(chATG?}vru=E{Z%}P?H|&w=(Eo$I@ZZ{6}t>YzftsA>(`H?nA6|8$+ot!bg z(vPw7BI8NVQ07&vELsxdKWqJJ9>CuLu6|B09Yp=}8gLl(%3?YqRk6(1X8i=J@^bxVFT?#=%b(Ln ztb1O=-^cjM*^HH!7_VNAy63eO>w`rY_2hkJsj4(mODnEto>!|E6*DuDMzjrUh=5GI7U2#wJdzSUN+-K!gyPBtpm7T@B z<@!an!{43kY!44Vr_DQ{{&{_e^=s)KdX*mTit*a^cGRgO;*d@-pbJ#>Aw3btQ`KLs zXXOJ!?GNw&H?3bte^2Jy(Oxu+CehJ!Dt(u(rrYR#s^*=?_%g-%*>314qJE01pJM9A zi9f|1eo7ShasJ0o$&w{Y;iq)z(q+n&dC~q;ww&#!e0kg7Z&kGaRH{^|a^=cZFsb0N$jT$v-)~s2pR;`y_s;z$N)V2NSbh?*cuE(GHPktKMe;PJygrCN?b&Ogz z+PZH#aN7l($_LF%Pt2#Wtns#D8*1OyhSnS~6$Er>_{43Ot zIN;dt5Mw#sQZc?7M=A69haAUMbyAQ|M?qna-oj=_hn2JxEW|OY{!Sr)Bteg*9j+>P6epAUcS~QnekF`RW197Y){b zFTkO~_U{K2Y_R`(0tFiEae)fN|7c+Rq(Q~1;YrMff5d1g5ZfCH#1Moa(fLM z{_*{!XejW7rS^t`-(YHMaQI47YwY+Pr}_EfOHcFvm>Xta`_l7ZE!vE>qTT2q8cs*h zEIOKc&&PP<7*7)ID*wDrXMYp@nC_;>=mmP4KAuE05^3CZyh z;YnJYOL$@&YT{fXl9JTJ*l^s^Z!H*}5SJ8_Y|X^EBxGc(f~4@w@c3kF6z7tX^`u*R zxUI?FnjSv#$-}e^JWNV3hR_ou7#koW$B}c|u%dHQs1H{;8Y#qV+*gnhDWd1V**6&wNa>+<@Nl8wNv#)m$ z|BnAJA28bc{m=c6`MCY-#jVfR|F=Kg|CiQBuEoaf`24N;4)}$LzhQiV-V%A$?|<5S zE~hN#Rh#}#FXz8I-m~VZ_80a3!igJRT|bp&T#lBf6=+3TiK@R-tHRj+CE?b`)fiW& zHE2y*i@ro_(>k;+)zOz}JzAeOpbcpw+L*pVo6x4T8EsBos4I1&?$m>NQZMRFeW)+> zqyDr7ZAn|vS7~disNAi;{b5{pxV{H0*%J=#1>frp&-Z}=gJ892_)0(cb$`cpmH(f% z(}4e-<*0ef^-Ue}_sfqqAnz3U_jPJ~Wl)r3{Z7W}`BG-qoNRyiU%kHiXZyYWPcARG zIp(R3do};U{Qpb8!OyvV>U@Z+KuuHU#bVqL>inplPqn?&=b7q#miqjvH2amIFVg>< zSFs`fug|M|I<)z2liSbi=r`i)Kg^p}oZ0lVj0b(*zs2new+AdA+jiEsLtk1WxQaU`cr^H8beUiorw`eg`uLM`#+Ajte>eU1ySrt)JMP_!6Fcv`xp(pIa)*|d zX&~d|=0Cfv9-rRz`wu@JeEO~5GG*MScboZ%dp%a|Z(Q`_ePagflJVWrmc5;4uKc!l z~9_-{&FVj z)$`R>EWeY8dx*H7hzE)I8!>)_$ft<-m{^}GqcA_UeG@t%R@>`kk^fliuiuODme)gn z^}6jM`Y#jPd!txh@pl}zSNYkF@uF^y^D8FypEY9t=^^%)5h5-k_8(`l|GX;pA5Cn} z*Tnj)7W>Z%v3-6L`_E%>ek&*TpH<@dEg_a)R>W0A{E~?4i+Hmbzp2Q3i1=f%KDWjB zJW4#Dk3@cn*nd6~<1G>UPf4-=%n{prtytbeaegc!_MfR@|54W^|0>#VGPC~Azsh|6 zGmn363uK>|YwxJu=UjRL=PmUL-i( zqD4@zmN!-8r-^vBh>KQ2fAv0WnaD2}@dqMaCF0d0UMu3)N;c4D)yn24ui};pU z-mfB_Ufps0KgIk9i1`$I?6`kbD2o1Se`#<1z|Y?r#L(gNjizW1V%(E{ZT+CnRv*uJ zH0zepr8JiwW&L#4&!A(iexuX0k6AZ{?c>-UX3dqd{@2DDds&xf`~2>bH4eANHk(-0 z9&1`tI?NizTmL)5I8OMHbvd^B(`=6wp0dWa^-}A9lCfG(oi(=2H-+=<#=P7Eo$9CRRKH>aCtDX_-G}V|t7$izBUa~$9WNqQ$LX&k|478?;{9s6c)vML z#6OM4`0D-2$vTMDaUatb?~l~`y~E;lV_*fx`SlXluS-N+QCyEYuSS3M{-wHz{l)d* zDr}po=ht(rzvGQqJs(~r5v$k591;I1uK%uYMZJ2zdP`g{ z7VC_>dVdpp0&yko52-nb)$`N16k@gfGJ%f$_q>K!y?;8l53zbbzv(-~YJ9zT9az!| zd9}VPM7%N?dG-FYUK7M>f0-JIxD@BVx+(S_^?M%|@%}wF%CWvf8N_P+DvQ^F`MJoe z{l!;2{~bg;Uc@bjqraN}pB)ja?Y~vjM=eHPeZJFNJim_;9LJOIA6JRz|2y&g4-n7S z{xuj+tzVm9#3i{s4H1Y-FpND&Q$+0Z7V6dUu}m!Qq z=VRQDSRGGW#rnjqLtbsKY!R0njl5dl?kR}X_J3LABSij9k$)`SPkt)uLt0~ebvzFh zadmP0jc?;vzg*h_giOCXUa0;`m%6>Vp?!`Re#=Adb&F z;`o&B&*zEb^DA+D_7KO*R&jj#h~uHZI35;><1<=}H$fbqABp^X;&@yw;#b7+xk1e5 zx|mNXaeT&!<0Vk+&#lGrIaC~fF(OV8@hjr^oGzAkKpdZg#PJv=;)&w;tR;@mByoJM z66+Hvj>k|DKN9QPP8?5F#PJs*@);t3OB|oMqP~kb9(#$ntT>)Vi{o>l$gdK|=SdNN zC+fcx*K>SXdBVOz@;?-kujGv5Q@x%)8JG`Z>mskNA7uV@Pvq74OXgn{=LebZUP!)Q zA^E|DI={=j zzL5D$kL!^($M*_w=E?9^)r``PdXoaIBq}x zx{m8xR6IXP;(TKg?{BM#`tjoU-YEM2S3g(%Kzy#+!pm{~@^jbQ;{4k$0QKtqjQkw7 zv3NhLiT&@t`Z=xqTsB=?e>E~-KBf4?e_Ri-+8-~A*iF2j&a8xbwg1c(C z|NP$eG?iuE>C{0EI$vBpEGwBpBJ3)$9U>|QrPFvIb#2q z*}}2^qCmuIe_Jl%dyO3DU)bl^8>^yTJ>MO~`AvS#ef<^3@teMiSgl`G@%hA95qA;i zm;0i>{2Y6>sQ*=bu06gRman$QY!QDX`acx?*Ngm75&tggZ-~779KBjm%tyVxG!pUF zw~<%(15EfHvASQP-)_X}{cg@x#OnTxlPeIb>w~pp5v%v(Q;r~3pEr%jK&-AuhKcbL zD^0PVDb)Qa*&^RyBl@e)(-w&NJ{0p=B>ER0g8rp=KI$aK3lZ@gG2i0idgOQsjHj+| z+ltqR6XNxuc16^y{rf!;e=g343&ib%|D@>uo|yj~G5-%l{&g|_uVTE5;(WSM^#4r6e~A8T#rS`U@#>5B)5W@Ad#m%; zPSL-N$h(UEuZZ)vi-?h(^Mf{RjUIP(-FXrbVKF>~R;<&%PAaP=D55zBAz1Nzt0l!0uh@;e6cOYSI^IN5m$0TUY(EbiF`GYuO;H2 z#r1L-aXni}#8KkOGiKduvT8}a(E)*JQedgrvrkMHETyoElF z^%hY-Rn)&Cu2*~cI`)qe`4Ev`F5(YF{dKXtdm=6)K0h7k=eYdwB0pTb-c1$xX(GQ? zOProGMKgD`24n!h|4r}T;7+W|DPhRS_Ad!{E#jBZxr!f z5w{VqAKklSJheUgiFmMxqePr8;_D)o_cOe54fma?&wb?m4bwHuN4-Ch`7eqiuU^mO z{SblTJ|da-8ixMr^HF*K#5*M&$Cvqs;`&zl9d4N~BGymloeIf27m_bsNWN?# z`N|?M?;nxRpS+*s$BEc}>Uv4uUn2X<`%PqC-hU$V@_rPVm-na0yu4pU=H>k>GB59E zk$HK4i_FXWU1VO~|045$xgSOxU-JGK*3nV0wT$h^G2N9N`IJ~A)w|B-olKakAJ&jV#%-Y+Ec^8O*2 zm-iFNyu80i=H>lHGB58xl6iSQlFZBdlVo1ruO##G{w0~0_cO`7yuV52<^4`FFYkYn zd3isS%**?uWL~`vtNXx=31=p>4(KTVs$cq)CHPNUQ53_6p}qVLezbPiST9_BHg zPZ!XI^j*4$E~ZQ9d(=di(q;60x}2_{AJCO_75$K|rfcY0`Vn16bLq$Q6S|&mpd0BX zx|wdFTj@6XDgBIYr#t9Qx{I3WZu&X>f__Q&(7kjY-A})w2k1e1h#sa#=-2cpJx0Hw z$LR_BE&Yz>(UbHPJx$Nh@99~3j-IC$dV&5xf20@bC3=}&p+C`|=~a4-UZ=m%8}uf< zMQ_tP^e(+e@6%uD1NxBuMt`S&&_C%T`k3a^e_+Hzq8ahvNvJVqgV}7>Y(GZUS^p&g zd#tej!vgkLEhnD|^_PS4PYA=%TT|y1b$qDjS&hSgmQf31ha8$q^JqR*1BP+n9GXk> zXg<}r;4qp)b7>yUry3_1MssK`&7=8LZJ)4wtZ)v^rFm3sCygr{M%BMhnaenj=2Nv{ z!nlEQXfDm8`BdWu45K+Tm*&xYs&PYy(Hxpf^JqTR_=JSf9GXk>Xg<~Q!|WR-jONf> znn&}g#wR$8=FnW4NAs!19U+Y7&|I2F^Qp!iCXD9LT$)Gosm2{EjONf>nn&}g#vL$> z=FnW4NAszcj~z9P=FnW4NAs!19XgEW&|I2F^Qp!iKaA$kT$)Gosm22&jONf>nn&}g z#sevg=FnW4NAs!111^l_&|I2F^Qo4P12c@~&|I2F^Qp!IIE?1dT$)Gosm236jONf> znn&}g#uGvq&7rw8kLFX2Cyp?hLvv{!&8HeqFkv)@=F&WxPqloUh{9+N&82xXpQ`hE z7*AX|G?(U4b$-`)Vhf`=G?(Vle5&yT7)EnwF3qF)RO5*nn&}g#uI87&7rw8 zkLFYLx)qj>6LAjBrFm4nep&xLFZ=n*`cHM)ed(o_>{|axExYdS?si+YY-zV+$BuS` zf`aUZhKAaWh={P8kdRNW^GQfT|GMn&D&mX3I?k_eF~{W(jCNeU7L2$y$J6dR z_CK@}G4?)9n@|!c>`ED)N_eZh5ztl&)+8^FLjPcd> zZYcV14MaVT5>4AA^7q7i!o+-Zk&g5ILF|7kTpZ{BvbZ1Y_9@J-GPlo;3aD4xYn<3V zhs6Hlq(i-0-@{^kPl)Z&qd4l-{_iK|`>k01H)8)jCicJH4IG!>wm)LEfBbgFas4{f zajYNvwd3^ z<^1X{hz;KdFuQ;UyNVE%W=L<#dyAT(7!m3 zuaCw0G!XfwB6b&XbrIJQar_HdUQsUZcX2*{Up&84*Q34y>u-tmA1_|7T*Urzye`&X z9shx1yw^lrL7Xp>#Q9}_h$BA7{M7z7U*xBX^;sy+muJQEHAn3Kb;R*FLhK(c#p})W zR#@L!++KrsInJ-Ps5gk?rFT6&KR=@J;)vwJ|-z}^9!qP&CSQ$sqY4u~F* z(BCg9vQtRco*mlv>E3f-VDFgLe;G0%Ix;;rIWauVEyemR>T!{ADGAYTnVuyxJzd>h z-EG5nib);OtVcvf-?Xk-U500Q4GV~G5$orZ*|C>(w)@{aY*=r}ynW0YS)Prs0eSkJ(q7G4?2nZbcE zsR13rd-@Da?GW1TuUp~Cpd-T*6YMkfz{)524Qw_l+rMv%VJ*7FjOy&$ExmWQVa&^@S+XD45G5C4wVZx0`k|L9n(qdDsyI^>PbzewK&Pa<+PsPUN_*p^C zvb}@)cTVY%*3&N_H8{yFF}RCYWgqcVGS9PpRwaOMaQlAYsoBAiU7|aV=fd+9sWzoS5+BaJCPfn2{9OuUFsnq;7qZ(|n>*`gaTNp6S`Cf0TDb zkDjqX(Y@kZbcm1X7~voM*S$C`WtfMT^{IBS(ZJ4M_JG*t>6Rm#C2lii|HV>~-_^~rD_*(bTZ->`vMULCt-x^)dzTQxbs`mZIpCa1=@WxFLs zThET}*5}@S`Wl!T>zNeOu4ktKNzozw+I4ByD>^-PRCIXn?iqnuu^H`$XY}_S7}qB$ zIJ`G!S8%Mfk=Fgl-PIRk_2{3FKCo|QpMH_So(b{2d&Z`<@a`MhYgl@J-;N!Ek_PsV z3ykialIHK1^0cwiqq7T6%*U^nM?k-kLEX|by2Q8l?%OBI!zZq5c1CQxf9FVV58nZP z{()X2VtT~-s)MND#ImDPQ(MQyleb57a8&!C%pZI6sDO|W-2*c+Bh$OI@aWdJMQm(PVq!?o$Sl@B3J9VHZCnLIjMD&=P-}(=oV2Cex9D;k-ib`e(s)8QGUbx!>y;1 zC{IsobCiFiXH2ZnCt*y_#my5f%i-$))ch8pYzAZg{2NtNYu6Eq8xag?X!@?8N zqD%ee*}-FCbzQ19wte|_RZrg0v>DUl?N?IocZs$8@yqZMy)zg2YxU5s;;Z!$uV@6z zyuv&UqfMHieFFWgIpS8X@R%En_kiABaFGvu$q%mbhh1C3fY$I*JE-RMK}W=UJ2B7Y z9&74Yr|O^Oj%KKD?E-gjzJ1&gH}r%nyczq#wVbbS3&c%cg$MNTdIwmJ^P3)s_*wHP ztbIW@^bhF?qr1XNL2zDQ=0o7XKFs%Leh~9v%nyWBhC;tc*fa({2#43BVcX$waxyF# z54$J9k!f&277R#*(V1}aYcOOC3>pP%zX8L>!KOK|@mP3$0?e8V>rR30bKp;t;N)qr z=`0xiHguW^RsRPI5Uc*{=OZp``!8RNx|Yje;v(p@6xLh`m#=|mSHP6j@Ify8Z3En~ z4(?eGM{cFtVZavp8T`!*OYMPscELkmz!qP@ti#Z0KlD5VPaT6H-@y-#!rI@$d8g?) z*!L71au#m;0p?wX6E46xmtd)DucR!}p=TYKSr49S z44XEG8ymq#P2qbj;Fi{Kls|myRXEZecJ+aM++ZzlSXlo9?byE)T%m^z1K{eeuxU>? zu?utxf`#qhll!8sMJOEB2UZJ#+Xln#R#Jz>K1>p%Xk* z9L{ovZA-zjWte{vb}t8Smxt3Tvb{1qR0WQx2Fuo9drcVd61-F!j;RZGybKfS!*var zZwz-fft#DbQ!em^8(ilBy}aNFZYH<(YdRqQwlf^l6*le;L%H3bHIKsD zxAej|A${S7p0HmZnAIOv8vsWI!^)wsC=SlTlY}8oV?KmU|l>oyq(hcyc>yn6(rxSPWB4@bq%{=}LI%eYocX_{C~?`XhMYLwIQ|toaH2eFJRxF?3@5 zU^C(e+u);3bSrGO16DIb*X^+OE?EBy*laIs^EvFa2ZnqFhaZBe`{BfcaNgH&%{OrU z5xDml%=;GBKLzicfNf5~tncBJ^KjM~_`x~2Z^LVUz#kt&C&qs~LOkw1Joym5dk@}w01NAX_63}un>oSXG}yKn9O(=X zmWFdm!1JYGVf%NDa;VF$2z|=J*%e@373g0B-l+`xRfqFlf)DD#^|fFb#zFNFUuy*8 z>%roT-)_ph3;eJN^Nf3VAfE3H4$q)8LWm@azo6GvS_D@ccXQ#%wrrE}S|Kwp{?HErb)_g`*e2 zcNW9NOW@4+;8YV_w-oMJ1~LV!g ztJk4@SnkvFy+20#hEJZJzp)!4;EkOy zzziquhC4ooL0`hfdtmK-aKe7r;s88x5SBR%TOWZ(zJ|4r!Gv$%j^nWGw=nBFw&%e| zC*icy@YWfa^F8!B3)TCNQol#qAO1QN_q+CL1*g-5B6uAf^(ya&WjvrY;y>HM-`c@D z?O}KNN(aPy=*CWn?{|hiUErp!(7QVv)dPMW1Yhq3C-sK6`ogSGsOFj45%DNGfhGkw z)~Whu8O(XkPQ#j8@A!wg55c&*;qqyClHIKsD zFBmY+(n$Di7@WcTmoE%sJ`R2#&3r7pkidL0^TXkSBse*hX21y}XgXY-4Z~l9E3;tO zDA?`|`0|^u?Pyrn$oBE@!9-Yo9K10BzAzc)O@;Yy!6Q>(yZP|Kbm%(|9-juoXTc(K z;E0*9;%un;A6ST3_207qabeqk)MC^fF~RIbjNgM_E{A1T!9DLYUJ2h^1GCn_)YUNQ zBY5)@cwr;F_Axxa0fuj-pTWUfV82h{HG$JznD>B-n=|juyf=KopLs7>&JRv*1>3cSb6UcnHn3C& z_+}?qr9GS$zs%t*Y$;dq42>#7!U%T7#|;uc-j!SZYWF) zgDVX%IvlltT9)C`8Ul|WOO@skCaNApO!z5UD3T!wPE_fThHw}I?9j>1N z_sxViXTesp;qW?EQ3zV=?eM* zbXf^IuYv&|($z3=4a`{!$9x1wu7mI7!j&Jx#_M7K4Y1)RIC?Wo*#eWc!in49;!ol1 z&)~G}@S`1Y-%faB7d&Q$_jbdwU%-lA!m4{3jd#> z$oMz7g{t=-U5nyAhVNX4*_-+ogLCNG(#TJ6Lc5BG7e`#aB&=2%I+ua*j5{&DMAOS7 z|F8m_T?x8Zfkmppq#E#MO_==>Y+eVJco|k}1l7F0cm?sTrf}Aaa6(zfI#vHH)61d$ zA?G`$BI4?m;ZK}zMs>u$a=v3~Aud~+b#>vN4PXh*&zJMt(;V&3nnz*n=iJc0x))sG z3cvP%2Ylhf7I2ym+~p5fw}uz>FzHpevMp@W5pL}aojSm@PB63^d>8~Pb%mRHFy9A0 z4u*Am!#(|A_5iqbF!T?FV+O%C1~@qqI)%ZY2)H^0J{|^>lHuNHcs-8!1h^*_<_(9c z|B^Jss(*AU;=;E7r7dF*m z?B~@(Md6>1(Y~Sx;_eR-zwsw*_yG3(0~XeQXbFrHRT_E~hyJB#IoPohELRp*uLuj< zzZ+Cz|61_(DzHXP=wBB`)raNkz!vpjXk(b&47xRfK~35222Xmi-4%Z93CsAy`LDuD zzA&j3ysn4E0^pvu@Kgubv=zA(4}&XW;LKRKCl0QRhhv7r5ecwc zBJ@v!HIiZN6!?giNJV^uUP?o}Hy!TGfIgYdD`D;`xa~t&ehu_q3qwAFq3htvT)6LJn6w_Q+W1y`EkvE4BLb6D+5n6w8j+zXHIgE#iWt_NV|LFj)7%KfM2VYFYNGJop`@|(YY zdjI)H(eCrj)AOmv(eCu^)AMq9G7kC<{Wj;p{F89+Y1sIC_|92){2ZKPf%h)Jupi+E z7vZqWaNiY}@iV+}6<)dyC*6RZZ^4td;oZA%#eLZD0et5nto1wm@DJu6!PLjFrH1zn zD_(#BMc@N!*go0*x~Tr{*l7~t7x~7dqKE@)An(L{t1^g-G5&NZ;&O~@YKV(6o>XTF`q+XK4vi=vzSkFF&~{+{wNWDCFavl%%`T9&lxeF z&&7Q9iush?gYBjMPJE+yew&Kuf}35PwlTS$@z(R zz4%`Eq2l;zBjz_=#23YU6U2P|#eALLbDUq?XvghyUu^GCvAq|H`2~vkG!ff(zR3R~ z=9@0&+g{AKnwW3%W|*%!-ZgQ2`H1BY@kf0LKL71S{i#Ic)&6D{^F1Kqd@=vM;&}T; z9B((p_~*oU6@syRbw2!E)c+*vYl`|FVtt&F9M|WL=wDy-uO;gDi}fil@~6EVx95-| zh}G-I&60@K>rJZI9&dd zMZKTc9(~08*NXU8vHq`%_3tjuSB=E^>PxZyhs63vi}|k=^M6&$e}t&tDC*mb`q83( zyQmKo^^-*Xm!dvM)Xx$1heUnVxsLnqnx%-<>*HW?J{d2rM@os;Q&+M7y7*!|b$$;u zATGt@rKvbytPs!VG;zJ$NQ~Fa8RMz*+0Zb@@w3JJhl%a;z1SZ9$I)MX&)LL!h}HSy zgsA^YydHlc&R?I4`J`9DcO&t*8iIc z=&#~6g zuZZ{?5qA*d{r-aEe3vzLobMGe-)kc7BwlZOi{tBoSl;G_j^j5Lug5=%@vn&f0oBl7 zJwL_7`R=heo=SZybX;Db$iL=$(ne{u=LYWvR>^@BwHWU>5TMg2D-ZYTEd!F3(yS6UpeQ$>9@5$_b|1Ano< z>O}mTI6g{<_YdET{d=p3A60VPUi(Do{?|T@=UTYa*`iish@< zr+3BvIZhmJ>0 z^7U4{ew+~7?*|c=dhGc8v=ILe=M7Q+t(afSCRiVJ{a_KVe}9VlT5TNHf1SwR5ZiyR z$R~;8d3iUCr>>7%h~saI=-*R3UnX%rx+TW{Q9S=~BLA9rz6XoryNq~#Ld5mMUGeAA4^e@8#6~eSh~nPqmw;Z-WY{P;rrLNl_7%glMZIl}wpQ=J6s* zLh?nFq%;VLwxm+2P()!PNre!iaKDeW&b4cQ9?#wH_q(6h^Ur;quj|lNNFFOzz%7yPWO$1Z{!2!2$?dxqfEGC$50`5Ur6rZ%iR zzH{aM=2n@XBV~R~mU`#N{2D3aSyP_3wFTD|Twicpa3jG@1UD7jT<}4HTL^9`_)6(d zYmpx&xQ*a;f{zq@l;HM)I|wcj+);2R!JP%4D7dTO?t)Jde5&A{f_n?@Be<{Nvjq1O ze6HY9!2<*j5&_(8$r1dkUyLGYu3CkmbULg1l!DWIM30^FCiQr{|mkVAgc$MHag5MYXnc&TWw+P-Uc)Q^51@932li;0# ze-*q-@E?Nr2>wfO?C;9&kI8~l1*Z$n6r3$MS8%@ILcvu87YnW~xTfIRg6j&dFE}o^ zk>DnRn+k3&_#nY81h*92TJT|l+X!wa_(;J=32raAgWwXu9R+t1+*$C6g1ZXtF1Wv( zF9!%7B6yhKk%F%hJX-J#f^QLgyWqP7-z)fj!4C?4Nbm%~j|rY6_({Q&1y2z?P4EkX zUlcq?@I1k<3SJ<1q2NV=-xj<~@Cw1J1ivSEt>BLYeZ$ns z{m4~c@j9_rton+tlKv>x{1mG{#eKy8se)CmSmP<)EdI&`Yd$NbUfSPbVz2oq?jZWD z1gpOGe}D0{zlvMR`e`m$<15}@eN?V^fBEb9DBhpF##5~QQLOb+`~BezspoDP-~H8J z`>XgVnU9Je5&3@?PZWE_&xriLi*-L;E&JaKQZL2NOMJyWDAxT*vCap@8c(tMQ>^t+tn*#*2~t1B^JIJ!?{ECIzlvwb_$t=@Lb3K& zvG!N-I}%^d%PLo_=TXI7WWPLKaF6|9wO4$ujGtol-%a8T6nmY2{Y78#{`_y1`YQfT z<_mcHBR_eXK=hOeG{r>hxjlVyv=L202 zU8TSKi~p7AE8buKwch_-yubYZPvh%+Qhbm6J>wmMb-gMcBJ2Ai!Ruvy>-(jy2gMps zvA$m`o-gqg-!Azo)_9tqK2H>Dy%jIvyIND|O(>aQ|M`D5ACbxE-@?jNuZEAV?A z1dsMe_~*rAvA1DQT$>c@-6$4&i~Ge;b?(1GFTHUrR)mkX;1&&Iu?O*yhTXrQ^~s)h z3bJPCJcnI6e%}Y5fbJnsE_f;YOxo7)vuR%ezYLjt3jQ8}KOTArdKfwksuz#NYC%VE zKaxDoqiqGXgp#o#mD4t^N^3hYwg zcY)Uge_817!FC#S4EHf)haxjdLEZuVvDj^d>YEs<3sprHr_ILZV{AImo=>|0x&V5L zcvsPmqP^TO{TfDl5OzzGsRe$UV4vGC7R!P1pcpyWebb~^%;s1Rs2ci*fs<(8MP(IK zll#{2iqKsNw)P?|6z-oU_sQI!#r$T8OMK?E>1K zv|(<3g3e&*O6W;ye*<(G_XXs;p7s;;k4<7;68kskS7_h4d^~!Opfdroe!K`BmlTT) z#WsyNb?Hlg>UlW)LUgOb??h{OBK^-semweJpc9~a;2iY#C7TE4FPpj*VOxqk!F{!c zvDkL<9f0g2s40{Ml|re|#n7eDHP98%R%kmk0=fjc8X5_WhRUH_XdCn$^dH?hvHG!UET;C&~$LUW``tSkwYoYq|?MTuWp>V z3H7EA)9|q#opsO=;16j#Ap5K_;|Ohpl8My-pH;Da79R;{7J9ZOYC*4IcP%p{;GXDW8w#)|P%8@uW73K^>z@OqQuHpVyszdF3W;66~CxOL&>V7P+z zVjEl9C-LHGM9nJs0W+HH2TC{*7(u*OBG-0Q5BZ z)+ApSg}>>*=m?}r|M#y}53s zK2M_m`PdJKw*g*b?l0lKCi)+PhjQPa_H%0f67(tb7XI#oE<@HGJ*!0({Jc&35Hy1O zXOKU`{d>?lXgu^V^gj7L1C2>i`lc8DonFenpzRGB8!#f3<4ZjZUB;xg;oda%#{|u-l^eO(X#O7e`>molD znv2fW@T$YRhV}-i2KU#|<`8o{zM3~=twJxM`vpEykaZyLvCx-bd&alMW;5-1an>$= z%eilhjnOQ8Bw=$beY7)FGwe?1z8};VItz-!n@k<8Z3s=}{yAtG^gJ{jdI6dN&4e1D z^9J-d_l;=Z#_#ow**A&PllV3VF2V1`P*?7|L6p+*4S&u3JoJZJPGxtXnw zv^}9hC>OG`#re<>s0GvpdV<)KpagU_xGz)_Du$Awq0o8Ixlntk2~-!dy4zX!S=_$N zc=Z5>ap(u{ZQ?IuU>m_Vva`$#YG&sdqYUQ5fwZ0Aodk7*xERFkmm_x&xB=+ z%VY2!g&v1YUWo4>phegWWUP&jLbo?EqZZtkKuO%&ers(q{%mi%2)mZFy~(4H_Br%w zAbSa_K|Zfgqt)oV2d#nLhkiisNMf~xKI8s#Xde2%2PoRAndHa3z zSHWKmO(ve%nmq9Ao#IgF5a!zl@XyCC9w#RE_6#ZH{%Pa|@a;XIAc;9a4Lc)ih-^9S zRm6NT#=NGUv(UQ{YDgdLyk^hA#n>ASrdCGwp71HUKf(Krd!wb?8}-C@eR9czD1Yp9 z{Cu3um?Aq3Iua^|o`mcj%yP6GLM(fpH-MiDy-Gb#$KS8;ijrcnAF)};c-z|h1si*o zKMVCo=Wpt7{jeC{5_bgmb+G9J-fDT!o{U}%c=k@v6Woa09z|~p^6|72phuu@h+P$( zhq!+js)|h-`him7>ED%6;Kl4vi2 zpG-T8x;;pqXTXo)cP;cWar2R%jg5 zgnWmgWA9%_G$c=a*gMyQ$ew{FLl=VYrZu`VBIA7n^~JuF{IjvW9DE=0F;EA1Q)sV+ zK7#)cb-$i_%lB&Tjb}Mpe=MHauEmF)2drN94%d}j#?hXL{tL7P&;d#Gi<%oXMfX+g z4j_jE&}j<&jn2{Vo}--xor$cP`J{ek-z6)tBj}d783Uj@-;udL%%>fp`Rh+4TzHmHhr-D0o}IT|BL%(_&6e&xkbAW z`@ZmcL-X;w13Ch|qrlCPAIbd*-1jpAm!bbjL;ns~hn(}F!Nj_Ud%tDy55 zzU*D}0kE~Vq4PX>j6t>uY5>0;WMl9=^e^r&hn_NwZY}O#pv|Sd4EyV_JsY|Qd_VMW zs6!I9fb1RDjQfl5t#ALv&;5{%g}sB;hB_uO z4&Z0uUjtc9td8$MSK{kBc;ji`BIaCpc5dqm9t<4?o{4Qo)@q#Gjh-cz(G+MhWbYO; zusIMv?WtQaF&koc5PfTg>?Q2&odI!d2S4nrQUz@1E_>b`1aAY>6uYY6DbTst+WjK> z)`50G3g-t}qj&MS3R(@#1kZpnpiW8t-TkDf9YM}U)zC{2^LS#Mh^#Zz1^tfTW5~BE zaZAA;q1S{yKTK;h0A6!&Dy`AMbaKw(-sm^zS1324zi9u2nnqMi?9tqpL)Kbt9*bxj z_&ew(=nLpAYHBge_Bg0hM1l7u_$%mE=+21D_BQCQh_0dik^HWv4S9z+uQOIm)mU}n zXVB*t&`G6^(`i4WO@>mS50N*f9Zzf2jC(ti{)}xnm+s`g12wes>1j#K7y9`K_Y2VN z1zt$of?91zrvB)@34RH(?=daWn~&c&z^_3a$fb<-WbEESz7U!R9*jVD`=dgCc!$y+LM}_lZ5?ztar2qOW!&3&4DkbP5{No%})@vHD&g0{dP1sz6iwTNjvlNrAN zYT20e3{{2dfsIW6Md)qj+Oia$0ob-AwmpXj(4GNaf-Dbz)!`jWPIlJgf9{*m`|#^B z7IrQl1f8D5UWRZE_wKtC?K9E+YuG%9{uSV_Y2&nqL-ip$KiFP-0{0`Kr@4O|s?B{n z{MF{(-d!(eU%LT6=Ro&@?}NrbXC^VukbV0yc?n~71pEu3dT~#4@KG146SehdUtnPE z9qR`4>>F7t`uryRGH5uwH>t^wkmYST1=(WmS3>VVmgh=x{3O|*dxNZixU=wS^gXrv zj@t?7rIn=fYmpM;MSA$yM4I(h;9x2WHui0m8NP<$UxYcz@b z1oSxc1k@Q`6WYs&Vdo5saX5Gr*nBo7&NT3Js5^05;eRo*W8n`Xk5Y0lve;vxanSwH z1N*dNxPK4|?UU5d$i9gf*;p^5_7>aXEul@vr+rhgcOYBu_N=`b{@dj7I&?etZ_&O9 zt$^+ZFQmPO+)U5prfYnYFNM}YA3!!%HcnxTY+P)7Y;0^?ilCvyzJ>Nx;?9QVKugeh z16mK=fow7DJB-IiwAT@L5$#Io9%N;-W^a0CXFQWFgVsVHLLbv_JJ&x#YjhCzpA)A# zHCRla=hB{^#Jq(%QhWP0S`FTz)V&S`>*y-D~>K=!?LAi95$(*xX}i_S$!?)5WvJoj(IyA(VEol($X*^{_R{hc3qMcl<0T z?;Yq~2)4f4H#^hagYPNivX1*L^zmD0DtZ&)*&MZZkTkH(ReKiMUT^VjFSE61V>BDy z9Oy9m_!Mn(=r!mp=zHjTVi+Ax{-%2Yt@$yV73B3Ov92Jm{={wu?@XvBG1{Ov1hV@Q zct$JHUqlXJWbOA_Z;+4uUdztlcK+Utt{p@#L??XLwBOy@x%^#xr6Ws) z?EB`M=$1i$V$y@YTt!aZXrBSM!~P8JhtjUX?iB9-hJP(Oqo5t%O!X z?VhgY5TDRswrAeFl93ZGi0e3mc(Np)a5>p}Ejzs2sBVzJ|VnHbKuq z-$1WGPeGRBWXQgg+4rt*p{>vsD14iFo%;pQ8<6E~@9y72PeS&dz7YBWviDHygYAX( z?qKf=3CPaFcILG6p`8ouyf+Q9GubZ4&R%xrva^<*eV&G_uXaAL{!W4Hxv}qFXZz4! zknJ0`PIp7L25pV)fo$w;ylrgVmF%vR=t|2pW=c-gI`!+H&00Cdl+?7$ z%*^bZf-1$;YScW@cu7e~nYjgpMOCX-t68&F?Ey|NmYkZFo|%=Eos*lJmv^b>@iQ4d zS4Kw0)e$c_ImHyw%*nf>LNCcu$;jmz>v#m=@@XcgjQ4url$5k|oMCPC=1NLQO((y+ z{K6_#imhhEw2XM5jl#Hc@hkP*_wnBhs_Z z`6_2*&T~B9UyE!*Qs!)}bJkZkJ91V8TQ?+DvXqon5zoryyPTHBcIYmf&Cy_Hej52R zhs;##TJAQdM<%JMwh;32@(POnbb6H32GItC&{@gWEsEkSnb3I!g|&@mQ_2#IYS7T} ze3db@q;n22o+U>rcw@z7WgqGEm{VD~RGq7^O4XB%XQPpsotp=z5Z-xC&&Jn6+lVhn*h9OMz$WGC#lIS*K?+(PofM zx7@rrjz`M$i;y-PIc46~xvD~%B>AA}IQWNUqV2hqx>crmc^<3xD z{roH375Q^Bi0N#}r1HF@XI4LdQHfmR`Rd!4yX9ZS^L!O-M98|Xvvnz3ZmtjqME?Bz za}y!ERj_q#{SU|U^|aBoGGrbZ{Mo#KVRNWcg{@1)4O4f|vl$r;URrw33O(oF@y`r; z^v}&+x?E~Jo02x-WNa~p8!zvI>7@X^SQ^^IFfdnQ8;5>8Kb9yzsM4o`Lmo}GMPFRv~qG51b?n;{zu>imo{na49VroLItgR ztGz$V!L4%KiS}z7;d9u27YI}Pi{pc=XoJ8+3#HrRWOJL(7c?g~`gg(ev0g7#{cJFDMw}{rMuG zWSh=Y#!F7i%EM0)L90`WSDl{iI5x#y1#_1;J*zuw3sx@19~qC7-JaoALSFu6&tq?L z)5jja1;2Wpt9>*ag&FD2*3E4b8xH6aFD?XRjCS54K0Arge9EwzBqKC;x+O1<$G3UX+&J>mT&~YrLf7(?c#% zSbJ)m;d%DpvWdkbzDm_$j^_@T*}47!SA4Va+*WK0!j2n7RUZoe>@46;qgh!`c-!P; zzwntJnVD0JXOq`mej}Xbc*c!3F-kZq;_W+hju%;a`{dMlLC=iM9kE_Bo+&UKuE@;t zx4d2m?6O~Gyx`CGI`1RLi%!7wt6KFMwSMycC^-+Y{GzJG)v8s`%CO9AvANw2enFM` z#{DNM_OSTi2Z5>sLZCAX+ z=~+}a$K8fC%IQTFiJH;IV<*bs9KeCWV}ymLQjTe>}{x^C^8X zbExJ$o<|I_;oZaDHYNmH8#CKGsLmwg(K}aC&rf~Y+eWjQ%24U4PS5J@%xp4b&GtOA z;fm0V&`16If9eG)#=W;Q3Tq}*|vh&z}uJL-7O0?nU<$o60 zy52-T{)as4Wbzk#{Z*{tuN;q6ZzXZhkgTlj#$&s(_dqUA)p_}QjOPnQer{_k$jvey z$=i&Kt}2daCAGO`QzkRBj`4gkt*f>=(;FJEV&gC&?}&~Uu}u>XEdtNfqicUWTVI@> zGTWGK*qhvNrltKW_%r`5LV9|M({qKl{?3jc41Mn~pa7va&C7denoyqhtBxUFUdy|1)2x<=pOVUFmJ*!_9uc z>DhyU0bzyMVx8pmY&a^SOmRF4V+Dw==Yy?fXu)y#lD9?2)~W3{xp|8sTUWXaUJ`ka z`p|fGEU_KjozH63{>j_A$Do}_I8zp9W=DGVyfa3%nsp8^o}VpzJ;*DlQmt0qVc5WeGcxu(DQ>X5Y#&hPrZ#D&Q^E@{;RtTF3|91YY8*b{knL0MI^$yVFddPUu ziYvl#XPBRR)n*uA~``5F{C9^Hx_tF}ScGoHJWT=kffc?TQM&d%7`m~;3p zE(v;WBy4J?rgk!(o6KQ<$;jyD^i0XkUFwjY-qY#1-uppjg!_6uHxFFl>Brf7c~&RV z&dfUB*;e$`&5@x_kI=SG>78AdMm*ma|MN1>^JP!9PYYRD*H!p)Q_n^q^OnH#Gmwna z)9?BRf1c-tqoVfrR@QUFa(~2gLu5Yj_mJaxPBb~vAFHr+^VjX}lZ|IJwavwStt%*) z$3sez0Z8T~Ic*w*t?(Gxg+@B^A8LoPk>AdC@Fz z!<@3hc&Jnqg~40n_1xwe7Q?y;`Y() z=t$2iGL~G&8PA;CgUkRjMz+9;En$S?nPKQfdiuy<>xydgBO~K_&-0az5*%eb zOCIb(;Nxb;bN+1!x$92jS;l@6xbb};^5<%3`OuYzJ zoIk4ISw6lFAA8#fI)|yBR_I|JT@lZ9B&uNY=l`ImJToZ&f9fTDQNeRA-H$ITcp+*m z`RhtNmuAY=h({i*X@Bi79=iow1FPAdwRw4eRva`DzPpaCJ!fUAJT&u{8P9$Hv=4`Tj;vLu-ZxIq!t$xpK4@|6^8PC7#~Mld%kwM;zhv;4 zmha1C30fe_FVpcVDi0?mB`4@{Z=0HZaj#}P%*?l4)|-04);aS(8U$OLySD3cE@>X| ze02Mnlyu-;Ua(GSX}pSg;nGe$-1GMKgV;wpTVLkrXYx@&FLB3~ByvuZkL zy#0+bo?X<{4HLrKD{S3VbuR+1CSD5U0q3x_ z8@=?ILC;c*Jj{#qd_uNeq^7;*^sFPOxk1m!ShQEq2~4)c@hG29kQts=u+Dh)ZeLJT z%$8#>QuTh?YwOBGi1go$=el2EoReDMY7$LSA11?icKK3UZPW6cp4G*U#C96W&8y?| zaOhv5+?TV1ye*3El<4-)cFxv9*d(_rEu(|*Y|?a!czCoO(6-*()0{sNamFN)k)7Qy z;wBB+HiQ?DlGcS`*U4$yEu=B?~Etc|1~_eC>!P9TwQEo`2}KYE~U^H1ukpS zjb?74@fb+f25+1Gs^#@~5pWMj{yrkVsD<%tFXk*y;raehRHZ}YFHB0Cn#We~_6|VA ztC(pFR{9A+&(CM~vvc4%Q)4A3pIC|Keg02*I85p0{MkE>oAkB>GkQfatXSbXqjFqJ zCgp77*)OAPRk;r<#l@Ex&pj3*OSZc!ovllsit+BvaphLWa|^~+CQ~>!e_W*JHX%!d zbu`KQvt`7^3Pkrg!f^@rSM&>N1XWsxK4twk?&Y!PQ`1xwYvku!vZZAZOjc4nK zPdxU;w`Se?4K{f_>!zJ`*dy}te>R>?As*EJD_35AQjzy;1#y>cfDtdmw6-$OO|ay& zf6)5}UQ&kX;oR-lzN~4v&el&;+w2*Eyjo7r5^$Arg@{MIP(JFD(LC~JJ&CT=mK8kg zZSqt8w#Ks&He?Si>UB)S+h=N|9_M*ZnIGhtlG3Gu=U<;~HJxTWD=1gwFXK$l^Etz` zN)L9nR%Q!pTX{~-m#0(#^s3SoyKEIW@Os8KKpHS?b?%_o*PH|TZ{Z6 zu2+m_mlc3)Sn0Wo123wJO{L|5=d!lU)6!N)JR5JPN}B78=f=n~fx$WOGspAp?O|jG zwC^K5r)quS`mw^FW7rx@-{tj8!GhYA_GhGLk*vd3!?Y^a2`)dS+^}RB&sWNfT{=ac z=k`LTJSEM`Yv62cvAShtDdx8DdM+>fVS!saJ@aXE&<{Xc&kGEve`MgHXO}VC2cG-x z#snhDiN>?aSx?=x%E;*9c;3$0lGEv4FM3Yf9+910>iqe#yP*6S=y)!@;2`<@h({!U zAsM`vhXelFC9k0Bb;h$y?3W8%_R09)PS0FfZ(VuP$3;Bry{!$~HzpY`M0DyYDNlNy zbVI6)yKWA03rPkTYv%qMjrZzC1FR*99Z4~))^|XSL&_R){DcP{uxV3V6p~9~C>1~}J zkHDNNT>NsH-wF5hJbT8t*G7AX8|eL67Ey%Etcx5k8bqe9T~`@TuK)1(o9_SA<-b~k zq^td0OY(;y<`svtTRpF0`f*6gy!Rh!`X3(uuIxW``QO&SZKnP?nER-oSGGM?Tu=N% z{rW>xC&*%POJpRMu-w6GuF8}w|z-{hq=e!Ngb8E&O zS>5^9-hImaI^vA&et*HApcYkK=XiFI=bfAHv;382wQX(=xpx$Qe&z`MgZJm&7wxZj z_;pA1^kNRXevR78ue)*`&%N;TWt4xd!S~aq##JTA=L3moV6><-=^ z#&-7R0}9`;PIY?r(Z{_I@;X>hSnBlL3y87Z>+?{jmu!}NQ*eJ=TX3!8SrAtkd(}uC z6?iVXPhhm;RctSI&Pu&C((|uP*1L?1dyI#gd#|v-Tw{Zt`y+6BX~@lg(({}{_u|6S z_1VC~dvv8fAKAK8oOW{Z3qjAP<8qnhcs{UWFvKrc=vBN5rOdDJ7a1d3AUu=29&C|w zSvsk2R_M7dx=y|o@!SwQ#njZLj)&NaWEXu~8T5i8x~ul_XZ^G6*X+ad873vYw=d6q zjm*mV)Ohx{y8H^w{yd&fxmA8Jp8LlK6y3f~a_!#7)?(Q8KjgV|_U!A=eRE4oOR0ua zUi0WCQ^5V1YfirL+?yzs<7>Z7*4oAkor>BzUe76qAN%FG@0%GJO`JdXwjHgk^o)bO zKdS6!kd?o6MGPAfD_~~U(TR)PauAWLfq2G))?U$ApT5!&_29qWv31GJYP*e)zU6Do&^YR z_EhI;@3VGS_{IJvL5pE2BD zgXLB?J@=?^Uj*$pW;Ki_*ME_hQr~QCjIv0>{=o|$f{!vD^PSHp{JO&P`b0eY{^Bz( zEV{tOwVGOI{FJ`f@!ZOEQ``plYG-Smv&$--k$IETbH&Qav5ll!wHl8Y&$^4Hb(pT@ zKI8p`B0Gbrp63^WtsJiD5ieRDE~lA+=LW^{Oir2Yc>B0xHNLW!XGyy8eckh{TXwNx zvU8S2{`R$gC*oQ81AqBGJU=0llixL-Dfl#8A>OZ~XCC-(7kE87<;q0$a&kW3YioAy z`ZDlBP};Bl!Cxg_r2F+=J)aJ}-m;fR7Cz0b`|?baq;?oDta3k}Q-AS#Artql@b`Uf ztz%sK@@%KD(#C3dS@hEuN@}X{kaH2iHp`5R9IxkhVK)Wy@@ws58_HTY;zb>E?D~#J zdiLyK?(so8zeV5?hxx`1RZv)BJo`IocgnF}z}KwR&v^C=O?$lY@5`8}RWJ3nexf*s z{9UQz*Enjs%f08tfZP| z>-IVynf)N&^P|fZ47=r(aiDu?<6b`rO9X&*}6&Po{VW}ZM)PS205+ejFg^PHZW$zg~xFLXRtsfwvO z+}YX=nU>-HJt$wlZ>-SsQ_F_NtAh9YfYWoU2Zo=nk2*cKm~rZgkok1r*^pRg zxTZw@JfbkDzTo`1)QI9LmOj_1}=I>?fkdLC>lA;alo?6;-w= zxZK-%XU5=qH~3?|+iQgV!Tg4ZM;2}h+4Ewv^G7tRGXLp=qT=G>KOE0OgmjWq{`9s! zhU;8vYErF`hJ|!xNy~_MHtONZuF$i7!DaKPz7NkWMUtvh!Sk`LEA@@%%3=Pk%2`>> zjEB(vgBkX~vwwAZl()6A`N}h%$2*=MGX}^GNm<>!zbH9B?59VzQEy!z&j>uHY4as5 z{T$D8op!ot_TS43tmFX|JY!i#DJka%o*y17P3naa&yEc?NA0>S=v7#zq+aQH&VTrE zbW1bgf<7+j^c)`%KQl5-#{aorsw%6Q8sgeUKHCx&oiFGQ9n@b>1C{JG$S&72IDO`L zc13!|bzQ;h?qFNtE;;3|$kun)XP#8sC*|idE7}&d@uCo+e_3A7vm<71#M@W5U>{zH zQzh_x0i1f(3ZBo}3Q@g+x3`QnJumdj_MEhO#*6ZE4S^asJ%W&5anjNT?c>iq<2k2}*q3Lou)Lg& zay*_){Be)_Yf1k7)>!Y)o;8+=J$y1A^S1WLa_`*sVQ;$eTnX$iQ26gu@ICP@XN#c^ z>K?&syg%FR?YPV{Iltg@&tr`DKDRb|UesSJOg%00CVl%RP?A zzjU@whwkHM)#9Q$HUgFlNn3^-P#YP~#iUbqOy{+=wegr3b{foe|LC!Lt*(w|qic^( zXPkegw{@R3DVCk#iiSC!bBH-1_;zu<*RvA19`h};@LtcOQ+BwuCvtYq1mn46sIb%I z9oFeZrkQ40RP=J>&)#)0bBCI@oh>DGeXuV8`T1)r{4pmPUkmbiWNXg|e`3wZ*u0M( z^`akDs_u^T?1d)B{oP@;n#FakF8kIXFTb(z*d8+r>_6SXe_5nn{rVk^=dQi;xl0Al z1b%}$DdM>yvvtFDs^i%(+F$L{3qJh}FrK-xl&Qb<`6Aj-kb_OH^c1|lJ&adMT?TiTO$NI@^*rmZ>qcHtjkesmAbLh(g%5-XS-FM zmNwM!&~jP$AHxIBW$1s5sIYZD9rI%2VHs7ARhgM}O|Z4n_`+n~6!FZvuUJ~z?ZKag zwpGY=U*K8hT$aZr@sj0mT78cHPJc7EN z$X+G0bKVTL1dKMj%;jFsC2YfH%lLzc=Z4YtPChw(=4|c1r@&Wk`}W0O;O{n`+e>UV zx_?5HmsQ_)$o#ttm-)tX6FlNEv1=O7E}w~o&1mTKFm!tcQ=GqwKCHr@^Jw2_vySyV zw~e?xg1zn(XB%x-wlOhh1{%*sZl6&<-}9V+A8ts8MS6Z2xLT)Qx>wJ>t=M~Q_I1Yd zqhob)MZL}GS%fg+=^6hvp8u^-F53@N@;7yFuGUtjRWV&7WiJM(;e`%eSe_5Ix*hkyFfUi35bE9*Ctd|C?5 z6aB7ddHZZ1E>>6M?Zy5^$-iHTw-5ixis^$r4*$frsrb7?>|2YxRQlIeC;DFs-YE02>>lqg>^HYb|5ivo zpGyC}IHhuZH_H6_OU8SG%#W#p@0aztQSy8B6CW@9YWO~x-;>2Yb+*?J_4`ulw^jV_ zc*E<5KgUj9SQ%%Y?QyoBPO;pZJa+$l6kaunS4H&SmHdmv|BsSiQ<0yx(#Lau5<?5~ylaz(ya{NF43 zb)-La#J+*ZSBSqCrM{EI|0zR!f5Q5`_c)Kke$rU{_vzu~;XF|&_1Gcx{9EueiGP6f z=ODqY1b?sn6Mt<)f1bz>m;M|f_+Mh*LGT`lzd-ySFZw46UMu?9t$aPh^P-F7(@pRh z;;*0J^8~Mu@h_5iH3bhA`)g%>3=??+v2QB4zvRDqj_+?ckM!&3advc`s3-HO?M5#T z=bd%3-z=8>=0m|pKjQ7fezis9gC%}f(LeDSZy(+d*2?-gNb+5Ouh$Rf$s!{^i8oN@!+SAr zAKq8SNd9ePKDGFF<@(lI<#9LE+?PQ23k2;e1wqtH1d?30ZGH zNqsMq{Qi>pyS9gq7uLrfvCq2D%fs{c6`5b}Nq?7#e2d_Tl232x|EtoUa`C@JRn9i0c>lksokd|L&CdweR!(!}I(z$^QtkKSJ_pF7~rz|7$1mD`ot~NqvUPe({~G*DaFY2I=ol zBL7O{zlnU0;Oiy7Z^V9UD_^g$K9UMO4)ZNX@GjB+TX1^o%KmEBZSXJ!0~KK1(HdDrq5kHh<7;cAb=d8M)7sn2?OnBVP0 zK0)I5l=(JS@>wJGSS0esFZp=kd3ch#b&ULN+} z69peR#mmF|7%%miE%Dx!{&y_&_F+AC7yO9ize?uAixTg4nIC6Jz8}ka_*(KgP2%?v z+(7D+ko+26<@*!n*Ys084$p(z@Ao+D-$n0v9M<1Bk-sGNjU|3F!AnK|De*T&@?9h2 z^P%94f=dg1zG1wMmH5XCeoNvl7u-eky9xgC93L+`dj9?)`D_}M~Srx(8N&I&t-YUV@NPc%q|HcTu zMf`st{?-e=L-cQy=jW%Q|E1t>1aBAoqu__6KNBVYdnBLx1^+7kb_!)9qQ67r%fspaNEAb{u zzLN!y7W)^({w>LGnc(T-ubJfcn)sV5`in%qK;(Dz^z{$>!w{+WgCbun_EVqp_Tjwq z(-@D#^ZhZge@F6}Eb=uXf8aLnFPta8mHCtZK;?L&7JD4d8)F1-f8Wc)`_t_*KKBZK zQ1Ar7lLUVxAokS-pDpXZp2**m{F;dTV8Mq8o-X;! z7W|6fE@FR*;Kic9TyXITzMkQ{)kx~KM)d27ehbmRy}$RD9i0cRlX@L0`d^CwF=Bs< z*xw=e1o78Z@Ia}@7J1&?@v_f1eBb!0r^jJEZx?+1FfR|^mkzzg<8U52MsN?w=NIue zRPt*h_1!7;`Ah8o5c%!mub=qKZRqn2`|UWye_Q0er9Y*D$B6wyf`^O#qawddUJr3(5wT;K&`Oy4vkHh!atEYJ!&Y$BY zzlnl7OT4Ezq z;r-=!k*}0|yNdiY!F>h4C-y5OpI;^4p)y}D7raOMyHobl2V}kcCGv#GC&+qQATlITrPN|*e5sg;}M=WUyFXG$nymk3(oEA{e|<&R`GY6^slzq{~-F; zNxnA=zDw{%E2e`$+5yME_xlw?XtLiM)#1OT9i9`>zB) zBmO!`zNZR)PW;ai`@E{Y|KWXMzR2Gc{Db6EMeO@X{2C&!D|of|?l@CqBSrsO!L6mgqeb3Uxc8lRf4BUyip>rBmU-z{yCEW zGLf$me1Yf>7yP8ezf|NuiNAMyRUY4&Vn0vt>w*^xULp8>!5<4Q7yOOj?*;!Nc#q(e zc9q8~TX2!!!p2@dJYVVx9xe52mhAPz`RZ61-g$)}^_J6ZORAI0BEqJM_?KV0%ZTjV7Yf0E?iPVD=O{XoGN z2p%T*Y4QJu^ygyHpDOyDCExCXUl9GiB3~f#Hw6zB{YwP5mwGG_`zuBNdco()crBLk zy|UD=hwSKk&H17~T<~boA9j(q5AS;`#sB4Ezee)ER^;nMev`=W6#R+kua)>WOFcdp z{X0cIUi^=f{yr}9=LO#)^Ql>HU!U;&Z7q1V#Gftx+C1p(!~0CTNgjvy=WnGyuZsQ8 zA}Q_hP7mNMX zg6|gGq>J|--oH*Pt~{RgCBKtJ-cxXE(LX}+>nHl>32ra;Z6v>rBJVE#PZaqXQvdTr z{}j<5Ecx^n`3kB3YQblT{w3n?3c*7ppHi_OEcjy4zf$l9$>$rvH;Dd?lFwa&#|nO2 z@ZFN%QzCy*;*AmgQW>A$B;P6G?-B9W<#az^!+x9)`4qv^#ot89XNKtiE%`hp`t!u! zRFN-``TLUiUm*A`!OI0N7Ju)FJR{rJBfPJz7x`QD3!9pU|j^W{#lA1U>1FZz2#KlMcKFFe2MOS}UF*OC5RDC65e!Cj<&2TT8cll(?X{8pmBNAwSqe2x^{ zL2xI*T?H49_2U`N$5q#P9R5D&9O=)cGXGnP{b-T*k$6efy#H{1y-e!YMCR8uA|EaI z2&q>Ku}_zHIfCyHe*+}n+fVoThUeW7k>4lwM@v27F=8O zZx{JQiT||VD`dSi5r6lJzXt_R6MwS=zaqGejMqYuA1LuBNW4jc??1ircy$v0lSTh< z@qeV?V+3~>f8AufmPr10$@&>5c$(z@N`c4vGJp z;J*Yf5P!M<^5YTC162k0mU@;-z0Vh1TkIPOzF71}$$Y*>E8vSKSJ;of^QZ3TO{9m1ivW#YcBcR zFZ%OEzoqE65qy;3F;btg;(wv|e^}&;Mc!HbcNe@$^q&xac^CWf3FphJW&VF4_I<_w zxq_b-|ARz+i;UN&;{O}LGsWK};%~Z)_gujX1Yarki$%Ut@LIt?N`5a6@b$}%-fuRF z{v65w1?m6IlFyxj?-P8$^*&zMkH(37k@$aE;=d#ESat6&oag3Cf7&FxJiLFUiT+ofJR1!qgV*swf2#O9UGTx8pDzA#1+S3!{l(v5 z;%~L+*B5^uhe7{06}t#s7(dr^@^| zMdY7L{=G%sUGlv{;@>Oy6v_Vqk@psV+a&&Y(LY`MB}6_@sHC7mNN7@jpWFn__>t*k303%$EK8K6$^{J>QRCc)xjEqUQy;Oiy7EARC7;qPNdN`J2ve3kTfwbbKv>F;Qi2kRd-|h_G|8RbsB=I(h{uuFhi`3&GkxvtU+r-~bf`1qMg!p?={LK@5 ztn_D`)MJC3S2EiB{)gx3BJuZ`=-)5>og?|>i@&wvZ>-o?6a7y_f06hv7kOQ=KTG=m zljuJz@t2DKU84V&;M4dwi2swte{aDv#r|xOe=Yfxi2to3?=12kMBZKGJq2%+ z@!BMKkm%nh^%x-eKPB}`sp;z%&a*?s-^)^uOwqqk{4W&!Jkh^I^lOOxDv`e-=aq({ zf1l(#PVl3G?-l>AOFa(0#MdKyPfv*bSg~Is_U*)eh1BCwv42wV!P38HC4Os>PZj%_ zg69eDB=*zA|AZO7|Ka=RAvbs&zE{5?`X5REP7(hrBz`ZE=XUe{!+Eh-@EVEtq2Rir z-$d~H5`Vpn*G8FNn+4w|Qd5*7d z`2I6M^7%pJ7l?eg;7bKxDR__M-$wGePW0Q0yp!PWf_n?@CwQaGk1que68)58e0{=s z<7cVo4w(;s2%aqCnJxZ`1lJV2Me;jDYq~za5^kWD4{)F>DN0IN&sXQMZk?}ZR z^oI-nTkI!^{pF&clUq67wIXjc$jh^%?|bzn|2;AuH;Mf-H+cK7Kc)5cIGmsF6#aw5 z|NSCwE%J7PI|?2z_W2V3agnc(daV;&Rq8cc>|Yi9x!A9i`LRjlWnzDd^e5i8a{WHL z)8p_ywoUM9PkMRy{bGrXXQzj}Je<#V$@68Yn3x`EM8bVPgNM_)o6o z^9$#nv&7#j$*)x89Ts@|@V@-vJ06Gk;SBMgD|nswFB181iMLVoFB5q)nLndM{*~C@ zD)Ox&KUnd zM|gf@3hpWTouq$fh`gWReDPN-_yozX%B4P^a2~%@>QhhT-NnAP_#Y$t(_qQ3m)Kt` z@oo`3WTwwAoR?pc{h*7?&$#5%P2^`u{HCIRp2&v?9wzQ-IBL7R|CyM;KH199Gk3KB;YSF(| z^4TQvNAfG@zeD8P#Q%qT?s9J$$8gIK6WI>&0KodX@c^2%abY zyNmo>!Gi?Pk@%krK0e9E5BuTSg_Zl$v3}+J9u|3TkzbtQ^}~3L7y0{wk1MJiue0E8 zf`1kJ4IzvwEle^~IChL!#OA^B|;dAw0&{of_t zks_}nzt70Xs@$KyL_f80W&hcN6Mt5o->-=L&#K-&toIE0_e~o`zn%R1!ljbmEU{lB z@sH20+@I6r?{DYH-=AM6`s1ZO%jNF}zZcxCdgcDrl;78XCH}t=e3s~!3jRU#e-r$a z=zk&k9Gg?Q9w*eOobUV6-zP->83gK-(9nEyaj@n2p)Wp*AM%D9eIA-E%KZc zuOIfGW99iX?cmD(4ix>%MZf&{q*wxqPfv=KLJ6oGioXDc5>Po5p8(qjo^ zz{;zh}^#J%{sGc{K7AUz(M5lhg<&t$h8n-VLlkrj*YB*v-uppEaz zj3vk^c2Q<5z82l_wCgfreN`dwTtQB1@sdfUxQz$bTjq*hMK*{ z{r2=&{5$NqFX@Uu_~o=E4avo98>PoacZ1J;IePK#^dBk*$KS{29()?zkNqCTY6UeM zV|;wlmJLP!EoxJTv6+nzsBAYiwtl`%uIA$d?4eS_P&pJ|LSLW+6km&P>YkvDuR|A# ze@OpKwiF%i;~&9?O2K8r7|TP*V*vd1@Zpt1r6=P9UIJeHW2kcmbw`)`SQqY>p#vqL za=YI~owj5132~UGr8ZZ=<%YN5=R$ng9GQ>oiIiA;ApNyAkrEpXl|y9{p*u2TrRXG# zzRHZ1)5c$;wkP3x8TRks>uiWNzMK|{ub_qEE1@pb5E}gebL&KGY~Em>fXbox0x*<- z%Axq{+~a%n`NXyRXBdC{B)Bhsm-w{t$H}uFJSe`My8VP66#pR&f)6jg1;4DDICHLa z1M(MHQ?tN7r^m{n#P!&LOLtLo?8>+=YtDSVI3qUtK-z=SWAWLH{Z8i64*cGb8XFCc zf0Pj`IhWf0NG-u7bI`#@ITT+^?Vxg~bQtsSZDdfn%^z|ohvE;ApAq?$L-B9P6G}kk zP}%dun2!A!)XLWHaCD7+Kn|6>fP4owPy#B4;y;3+1XK>itrp*7do6af3A4F~7K)Fc zh2j^}8nNC>t5R3?n=-4{IP$gicos5S%e156#b3fVZ7FTZL-Y%Zjfc-1C^sM6j~>8S zncgh?(Z=V&hssRvVdPLbR5F44P4tg8_6WYvDTm^h5DzM8X0>N-Ujcp|pUl_zx8!jV zJlfKQxRc7&!m%T|G)0;`(pwfQK z?{kO+uN)lzjXppLYim*y+Bow)fldkQD*gj8FJWwI;fM7QpGzF}`2_#-`5#{KBS;2+LhVt&NhfcrAXX-m(f1~rmnquU~TgFbN| zf0Mqmuaxe_<}7lBKN?<1JN$7UI|AKvs2lC*BjMS7epamHU+|e@v7?9yjXs(j@KcU$ z0>9_)~6ihoM~yHYRO_-D+S zZrszBbjRQ4@IJxD+LOWM^z#(twDB*{X+oZ~@h|ZOl_QIPh0X!w3MIIYZ$bvezov!a zn`xo=H}tOuzG&m$VUv*+OVEz~p4_&PEAu@5A@X;a3!D`ayE0>CPf8t3j4WYtYl%PF_Fd~6 zZGyJ+QS@lz+mT;GJ%1sGU#Q2Q$e;wzfRdkBC(!7h=?lD)SLx5e%!!@w!STP)g%a2$ zXiL~5;#;}@n>bMXHRfFl^r>UnOmeb%-bjoX&kWj9+R|SbE5pB%Bl_jsmmGpk67vfj z{|)`o=z6oAF`yoQD(K$1{>+qlZw-TgZ+3 za>gk^TZT=!Vf-hM#RgETOngBJD1IwB7{M<$d>i+_;XexuDmSwEX!CSFbB8%t z##}AszRZX`Bmp?Gy{pafKI^gTJw z%ZQb!X7HiW>3AJx$_o%tBF2sDQyBOxAqM3ZF5Waf}hW`0f9c^y4qTk#hQe>8rv0 zP4eik<9{=KB>o(?lo8y+a=1=o2PH6C#xaLn#-+uC|n2YfHhrr?HxFxRn!+hhG{}J@!obhMS9{ zel78vf12Mt@w-o;f{*Ne6;LSfnSlk@9#5MmcZU8-g`#&ZQ{H4Ht1fMWx z+wl7+?T_!d;02Cr{yEyX!13pVpW~nX4E@qQ(!uX0^=H9cx$&QnPk){`A4ALUU4G9u z(ak!@!|&!kVfnojIKP`e3g36>1Ahv=3i|dAINYwle+O;%d%wKV#x?&l`Ucz**Z$9G z54gsEL3_b1aLxY`JZ_0=|5xB~jn9C`EpW~M8a!@^YyUUkagF~LJZ^z&{vqK19eDgR z+??Ny{~kPUft!C8nm^3%{}CGeHs5FXjXwenZh>q5QDC?wuKhm{2G@Xo7uWosz~Pp- z_WukH*Z5z+;TE{&0z7VsYyYp{agF~CJZ^z&{_o&%OI-W^0FP_@pWtz4{}(j)P5dRU z{eOeU?S2j#+ydA9W6P zYl54DTjH9(k>9u_uKAn5r1INw92R0Wtu6Ye#cnJ@F&&9!GDURRG>%ei%4nFbC zZv)3Q@9>SAGGkT=O2^xH)c#Yrcz* zYi6g;l|7ohn9?k|DkcjGSt$IXRii+&ro;JXQa0sRu%CBNH$85&&UuRxDm z;F^CGKDZ^W{nxJffoqKU#+~6BGk)XF#D5Szxyj1?axu}ml&Jzckvs4jPl3d#c%#*^h5kJ{N^7=C&NF(Z+{!Q2>u+u z{U-?j?S#kQ#c%vc!s9Q0f_Q(DxE_JO2L4Zj$8Y=@d|6TgvahPF)iR?Cgv*h=b1=e44dK>vBd;V+2)3|Z$A=3nABc{2Y9zv0b<7oC!HNIdvW;yxqXl5k7>_Eq8|U32_h z(zPIc3;gDF`2Sh>{}%FqpTmF7@Ai)%{|(~C-^FkIIpV?J#c#e15Bw$RY?IE# zkHd@fFOj7|zPEo29=HW@H2xLjLiRI$xB0!0-}ueH0S$4t|0Xn#k%8|eZkOM4U<;x7 z^YHsy{07$eSNZNh2W*LJ|0uutp5r&ZfQ;gV7T5gS#DQDl+J6WBf0wxM7tl2S0^x8= zT>CE)MsWCx&whZl6Vioi|55S+-t8Um{~o__yZ=5uZudW+4w3#Pe)9w9rMTt?(K+Y9 zaE-r&OoVGZAuMizYkrL1z?YJ5_|3nJ4B~*dZxW8*jlYkqq;Y{fXI~->xTWCV!~GR# z!7YI;@aMo99|!*T$S?dk{sMpZKcu|i*LVjxacBRSwEqF<3E%t&@cr$C`~CR*Uh;d1 zzxXPA!nJ`faE*TrIdEs<1cu-E6g>VRaB=)@e*!-Lh`4bJ-10-n^3|mE00(~ed+>41 z-+|oX{u*)Mx4#!zagE=Jthna?LmapzuKoWK?*Ahm`~`mVpMt|JaSguP{|p?i@y~(5 zZz18I!iVn#?u_3{TzeO{BpzJjuY<=eaLpe>4%{4kqYE6jz%_r4u(&0z-2jhk?m>%d zeg}E^uM_8&L62MDnqN*l@L7UygKPH)gF6#AuKg8!;~M?1Xzbz^xW)&7|2Q-QaQM4? zH~D==_$7YxgZ#!VaqX{!2DcF2`-G)@c5!q0P5w51f^YmLW!sc|_*vwWyrvA!aC6F` z@ioxk7QY+#Hvpr&7Jn5-omc>Gel0Zr2H_70!|x?-7rqPJ8L;**g61cI^Lv4;ZD`v= zaQJil#`i&wTi}|{fa8|9_7QR68pq&q3tV#qUYzj5Z;zqDHBO+xEpW~E!Q+;=_5?hx zF$IrX;F>e=xFxQA3Le*Z4j#9_HDB=ki-9BeF8%`7{3V3JEphW-N;q8O4e+=HuKCNr z0LLwH^S?_NT;ogNaSL4Y?}5iHadYBmd_6RO zpKo}ze-|)u@{Mfm??gUa zz72nuzPkC_35VaHUG3r;{}dnB{AcjTEphFC4h^t5e&grxzl{9AU*OJuEqQ@!|2py) z*Z5Z4hrr_&xU;V&&u~jz`)i=V?S471uK|4%hxwguy@imC)mwxH+)K zuLh56z;9Q0lAbnsxd7JuHPGXhxc0X|k7HnN?BW*UB+tm_Gr}zY5WjCTX5*TF<13ll z;@{`qUqw?EJs^SN_}jYw?Sm|D_wwZ+yu4Z4Y05 zmHTdb`0j6Z-)~&?@Gp1%;)BjVyXO20U+4T!{W9n8djAdYf5!XUp6;gqKKp>9UwD81 zbN`mgdGe-%|Dg99-v8Olp5FW0-fwumOHX&x`%5q9;T0FI?c>=Een|hfJNz5o-~E;D z`=HTf* zf9W?kx_02>zd!B$h4(Lef7ko-U+=js z{cZ2R^nUXz9scawoWJ~PPw&fl;mfn_>&Kb*mml!qzRLLxA8#|n|7D(!_jf&?rmyb} zU(QR9|BR2naovS$dw=2kk@g2YKi{4|{PphprT_kt_Zwcmx#z#|_3q5ayX*b7_s@Jj zEj|4Yc={9Xzw7-U^!2^r<^8m;-@E?%%=>NcFGIWX-wXe}^!ao4wv+$zJ3bxWUwHoq zzQe(n-v8`(y6;c_7Uy5^-*4P>-yipW!{fJoxD!uz)5rHY@6SE`7rp->PyenD{{`cy|5w zhrNHA#m=zJ^cNJhUrczH{$?;hVgC zzCL`>`=9afPkF!L>(x#Fy&J-LK0n~Yz2V{Q&~NyD>(jn|A9{b+m*eMrztr~dxo;0k z|NU9-w|#%M_!Umx=65-N>El21?dr_e=XvN4eLK7C>+j;K3wP%IcEf$oefYW8E1KSK zd;iS)yWT(a@?8GqF8s&6{~_<6dH)B!|5;D}Y43mD!++NMO`ooJz5gMfj-{tR@$et; z{ujOfhHpcz^M$-1nEf|0y5-f-m1g-;XqXxh;HoZ2Rw^7YG0E z{oK#}9E&9%`k`OrATp)We{Zza+tt4f?5eOO;9v9id;g)c$Zvnkhdo8TcQF2rz0=`Q zf7ovfN3+3X)IEB$cXHa=8VzT|?$Pj*gB*S`8TSU$>7$d`a6FpkxZ$WjczNs9tO(K{ z4`Ei2PCJ7FM69I{FAoN@z2|vIK=&SPJh*-1`qAL|;HWWsbu##l*5LhCCjMCEOUUnO zwOZd>M=?1a&4$N=HzTe)8y^pQtqYf)0J?dxb${ILH_oN%%*K3R7lY&XZpC*8?_eC)jF zo~+5IAax$#^&@&s_U9L>`hj+cqy$L*UzWhQnCt{>8ok$(P%K; z9MkWtf(mwr-yuuSOz+BP6FLB@2+S0Do&Z zJMNy)Vr_@)qN&i_gC=HCCX<&a#j?jZ&^gVjYeSsx&fWwJtY$$0vK^{;Mk9SL;x-S`bbh zE9Jf_5E1(rj|azt_m#|7l9oawr6u6$^X}wmFhU5jvYxZ%a#czN$0SN<@_!8nDS#DR z1Qj{?$|&5VjB7H~q~Valy=fCAfGamDkgFAD^VUDi9%}Saq6M|t+d2qgO+?Z;0Ps!`YV zAc3O;^Y&q>U+hI*7cRZnyLGyMv2}7fyGt{S2uC>;Jvr)at=_@7M`Mme zcSEEWjR%X74Z2BM`^nC{Sn_HRk?M3k$uPewhFb&x6o#Uf3- zGwUM#_~peG6T}!ONRarg5D_IPWfI+Ws?dSOlPP+F@QKW&cj+B=M-g!0(xH4`Y)$C$ zV3KODfTx2|-_#EeiGlY|O*^0!b%(R}FSh!0ri0TIXG9D}IYMICJ56mm#8{+Pgoshf zha1!)h!O620qPx%r)4@1?o%bCjhjK2cH^MZep8V~@X6S;d!&`9^864;lqBaO$q{ss zoGgUUFgbkI8y_E=4q-}z>CHxaMbaHGW1u=;66xNf2OA&Xe*9=N_2m7*-s!<6J(gDe zC~FQbWR$*rYqURZJ!d&3Wqt(HvL-3JBCGc%X?{yJ@bLW(Vpp-(v)zhDsVY;JAE47qSgTFSeJB)n5T>zP=BnxKr&6Bez`<&e{z%Sgy$I!=zdLzmEc5e+_PyvJ;$KUG+L zNK23h?Vg;_gtv4~5d|5}#@+aF!t7?&9i{pe0KHR&;^Ud^&*(*my%)CHQNni^Ti+dz zpQSn>)!&Q|?sIx~(mgig42q~|z!gn>lJrs;i=VLEI6N2)`bLMHT#wRcBv$hszKk?J zrfXL#ae2&*>lMs}OS0zoE`8Ye0J-U~2fgtmwM{DhaMn#@z=casC8sX7MkMmle(Gf} zToSsS?%vTrD*VOPK7)4@O>pl@F3#51pV<$INXUsT4-wJz47SzPNdPV5eu)WO(@7rV)WaT zqkfyB*Kej8G9wSYi-U=#kb$1S#ospE4*cPhbvBqB7R33|j+&6gP8DML?} z(S=feFqj>VZQ&j5PiLr_#aQT}+jf%bVNV#Nj9PQFKN|N3ACsYhh+~wZ`XsTOexJTa zzMs^*>4wLYk=*pvMDB+h~&swBh=a7#r|8WTNG z?`ZOHEK7J^KcDJE)il9_@swEm2dCW$oJ{O5#(Up~;$k5v=Uv;CkN1ZxoM&peNZsik zpB$xx$ZE*oFKT%sDf z70!#Tyx(J4Wzd~y#Q~Ki5j9&EEJuSE%qk|x`66c0g-d&iTZv#sSA%m5hojzPv=ZB+ z6POJil`+aJfGD3%rAkFPJT!g_SJ_Fr%d~7fiQv6c<}$O+;c!2dvjn}R@QtjvCsOZD zPo}aZ7dl5G?)GFqF6F6X`Jg*ZQ>Tz&Q$~Rf!S78>jt!o7d#5BURlV8xBwM|r8FkU< zWq1?#gWD0Xk18Dwml_fngjhW+*Xzqrsq$J9F= zI)JABfcaCzI{7@(R1lKoYu!^xv>DJt^Fyp8cO<`Bk_$$Qv_u5SOL#~?36D`+QA}P0 zPF5Frfk~0CL0FB3h+I`D1`}W)Yca79nlD z&)AhM+Gv&Q&1AVQgDde=^s}B_$q76d|5CzqI7A~3V`0QlwPk%r6mf>MBklI{(U@g~ zo-EQ_Y{{mBRUUlEFkI*Bn0wuRxiBUw`lEbkjnOmY=HVlTfq&Q^+72eWR)dOMQ#sfPi=x?R$k=&ra~pIFI6d8?=kCo?=m1Gmz+;BU zi8F{PLaTD(6wS!dzzSVR6x@P1feKoR$m_4JSw!}!bVM8IWxE?GkP30XJ27j$f|T{9 zE;b~x;MjRFII%-hicbwPXooS*#Fr%^vB9A537$8_$Xw-?b=fR@h??MHTvW#HmaLU2 z&3wSV(7Mo1M$?M)Ap%L;Iy^IH(e+mfD1By(n+e`zwkgZb$Bd4tjj;4m13l=;7%Ic= z#`Es*NG6Su(}hcMx|lC-qLoHgky>JtM#;ooSegMiOpGEafG4BVX->lCPg3fj$ReVrjO=-x5AHk zBjqT49P8xcnfo7uSZr32QlRl^s{1wuZH7q~t)NmrVW+N{GH4On4x?NL`84@}CX>~X z04RjWz)66U@zD`WZ|wDq$!@82gNZEJ#pv#Brk`%68NY{9ZECm2BU?kWMmU^i*n{4C zY)d@KwZwz5EV>svk_Ww=$?)J{Fln(Y5v8fwLfuNnWkIkSswZ^yve9ad@mdEMZ_qMB zFt&q_{cc$VNw+?@w^^a{n`jlfo%c%88NEGskOOIs4ByfVMiyS0O0fxTk%<9R z(29y9C3vxwcMh&c*%?fZX#!HvG0t9hdT(beWnvqZPjnXPg-g=lQC-+3yVzo8AA5$H z+@?&*%wA2E8IHA%8Cdt9K4ikP`Kp)oe2P)vyUc9{YzN468zUIA5id*Ew})xBK^Lnl zHA}M3;uBNL{w9i6K@u>7;?&QO2C5ryjD2L}Pl6fGlEVHO=CP=lG;W zFBHSd1pdAWtrP)UlaZlv=Q)`RR#cUPqwyYn(P835L!{+uApO4DGm%_cx9j4h+>bz+QwdCxp-M3rFwM2|FL*~t|&9qn>sO9Ns zBOXG|N`Cz}cE>GA22&BOX=bE}YA8ZEy~nZOUTODKPL7Gazz#aP=pQO+%h6S zMK!xe>GX__O7^6!dfOF%@Et`y*aT*x8Yck{dM-cVU`#-2^Ii+p3`aE;_G7z9W^O(v8BYOtifbKaxWIkL2o-s7lDSHnX7cU z5p~eJE3?^K2gSaC31aHJ%(JN&COjJ2A&ZRCfA*ery8B7npyO2-K|s#v@AVW%xp+|$ z(b-kkK9tCg%dWLbg}GX(TSS9EGF49w?{Y1XKTVrrh*jnaF#TU>0!5@>cqih@Tw3l z@{?vQ44Aa%btE99;HBxM0jqV=Js2plF%=|_un}=}A?DLTPq@f-OrABaBitE|UTMFP zwXh!PpG}y(3^44_3S7*e82(ENM5ICuCbG&9BCqLQ{FEYBrz8jK7@`x8Q4>U63oIF# z>S%QppipXS=%hZ}8=Jk>T5glU^I@7))FdMIk*|>qS%^4au)*kvzO16>)+9lCiN~iS zotNI*tP4>pX0mVcB;PbKYaQ0|t2Q_4BFtNOO%8eOX{B~ilQ30&?%M{ZqlzqN){Jar z^^;2OGJ`Tnjj%RFby{M{FVqwgqGvnS*FVZ(wg8%zb+Bo+Pcbwg;6^)e5U`WRdM)Dhdh zWf<=bI=wD)JDWpNAdd$#1`N{+GG+zB`i`nZ%W8mOEM&AOF>caxw0Ocx8jyg=sSdD z3TF&@Y8i7(D)K(*isIQhJ#HO$lj&C$tS1Km%t)o*Te$^$f~D2Hlwms7m9tn4a?36N zxeY3{T8r`-Sdn6pQDnc3y5!8mB>7VBHrXrAjDAud$68J6K1~fZ`V)i6cxv_ySyMe2 z-5$S41yxCa^rlg=3zwYXJ=S2%GgqD;EMrV&dM?l8Ds_Q0#TI+>9tYY`{Iq$D`Ap~zu4#fsN_J?th; z5p_+}msDXX_KcG@+!&ZN6xur);ag0?JKV9xPiTeG z)w%S^M6YHm$FA$x<-%4%w5BIVnbwq07h9D9Fk3}JV~LqTb!7oY!#+(mA=Cmrz|fKP zC3+k2Fg}W*=$?vYD*e7MYcAAs)cfM_t7EZdty}7mP5`nB5xTjcrOF7HwqB!tJz%|L zGCiU^Ei6d#pe&FwM`U?LmR(~6k{sPVii-Wi z@n}O2w?`V8Yp@;vaNO~-L`+OrU_%wjdcjDby<6?nB9iFwKpi$Lf2nvnqUxy)q_jvc zyjX>)g-XP68ewk_qp!R^S2McO4Mzh5F@gQW_;_z<%$1!DAH~O7W^Tggbp==bq7a#AGJYAfNQ<-kmSzxR80vxRN7CNy#2=DJ`=WS9LPT-BXfbh3JM1OGkrO9J z1#C~}`FO;pC^FSpw4JR07paPpX&6l5?4ja_q{T@-XBqD#)L;*p(oIGCSP|y~Eu?IT zn~AeeigFMF6IgUdwdpDMw_+&iv_)4^)+VIM=Zxo+2sD70hM*bNr!(8jk8x?O$OZJ# z1k9>T75u6^4PkW{N<&;0>xzt%#8kQy(-PeL$mWXVg=-~4SxQPB4yu43AtJeOr>C#< z^Nwpt4Fg8yV*B2aR^ikmjBUgc+1U%mI9+DwAQxdQ5_D*h+pve3vYD08 zM4`Nby)(Wqx9{kbDdN&B4fWR4#{{=}pI+ai40gtTb`m)SHJ;p!u!>AY0}WwB_0JEe zWg#`IRxr(#3MaP9V5!Slpp^H5O1lb`LR%BcmI_n)gMq6>RxwFgcbcCYVFT~kwx)$Z zSsbx!nbU3Aqdi$RfV^jooa&I8!D*%}Rb4A^E3-il`Q9Iz0e&UBYev?fTWcj?PoXN0 zA1~_4%%ajnOzJ8nrec~|vlGV$$t?^sNj0LKu@V|VZB39SZ71X|ysIU;Sx`iqDvC1S zUK5;#syllHhXb|Y^nJiO0>W22m=GFdmZAXH-T2kPSi9|UjZCFqOUasQ*Jn*)B})=M z>prTeyy@h@I&!8W6>c@KS~pe+++vH$uuk$C0tOCuT)^a&8`dtixM_z4GF^AW&RtJv zupg6v(;14aoaYE+X+g)WhM*r|l*l%oH%ZPnK+mVvC5wmS_ilvM{e@(3NgulCsS z+ZpBPR%C>sl8C8JW{^V_Q6e(|HbJX8&EVK=2P%{N0FMi|J)X{VQnfZ(nNmjr7w~}= zO)aqK^}T?$d)8LS=#(~zS_|~IqjvhP7x_aGO|~Y zbkdxugxnyKd(>|+B+Jgs=cMqAl7-=viyyL0MA6_ogX*OVu4|FG0NBonRMPQKc9ino zg|1=^Wu<4S>5M#Ey-CsE?`Qj>b3+vE#7U!*p(t=g45Uu!&i33~a3w%|*ZHNc!h*E5; zT2vI$19hoxFiCrSXgNr8doZP547oQX1`x1bBqBGm7z?XbL~zQN!SNj)@Y zW0SyozASYF`pGWebZqR?E%3?CU2|uJoGQpKR)`Q)O45W@;Ki*BdL)6WWOfFbVT`9z zYEky%y!=G=;-<3WEXPkr`S)?3BNmf!YFE=)Un)_Iz<*yZ0Vz*BMVjk-fJvO=nT7*T z@m9(7MhSR30#5UMbf1N0*PBg_-qq%nx*qLPBNr;1%O1?by*{2u*;tUxi3gEd2OX|I z5F7q9RXeyl86S7HBh`y8*PBgWje1xHOZbQ|!G|fhfg;UQ!??hhFeqrlo*D|LZ0BGJ z5pw%Qj4x58vN#xTOIX!$BB2F7DWQ6?+J;;i8YZlsJR(*E>6!hFEC`7DAZadY>2K8& zUt1}YVpauOCDpami`dAoZ6-#VpVRDq1qHd|yfJ$eCU-Psmr3*o`-4f=R3jwc9imMu zCi0U>%nFD`RVCa{Wu*ZpgW2gM!DPb>OW>JHPYhlMLo>s4<`KiiZINFuW{LsokVOkz zP0~s=S4OwYYL|+(B1#$axxg0T-Qq`-Mbo)SN7Z2t8KH8V%-$_Qf6o!t)b>P)=t)t< z5VJ$OaHwBJlJ*%YQg^6d1%>CC`cNgxIVVsNSP{9@2~^PP%DB=RV~4&=vw<9ptMg`z zhVw{<(~UhwW;2*hotkhj=1m`K-SV^ndNoQ!qUoBBFZDVyneQaU>OjZc$V&-KZ>ry;RC4+)*SF>&XtdqbWh;@>%}l>4 z^-s>%=OHVALu2Noj85ESIu9m{>>+)nWDK@Sxm;6_6cR^~-C{*lQabE^_Y>W*wN{r8 ztv*Gmq#<^Hj4|{9Q-~vsW1@`yN};X&Tc^`hqun`8LnIB;qV>C|u6_>JIqjSC@_xpa z1G#B|)8j_#2!JF!5Jo$>c(FoAqo!qWW$WcApjHiLARS{DB|Iak+y!HrHMri)7{DOQ zft{t2S9dt{o$7r6JhrBYZicqU?R-V$;XG_AnmFxpr(xUds8^C^4*j zh@vKf;H<0fYC6bZgWMB+&g1L~ub9UkiiwFy2%<({5r=lpYXcb5=!`gnC;oCJbBAd` zlr;-f!TNco6qiW_vs&Nbpu?u!1#H~h;pUz9vZGMP8b@kJ?mG?L?)%sf$f2ev;c+&1 z@@-^0q8aDo7;rb00gY|kOZ$-Sv&daJB#=nlv0fDONz9#^CB!XvJbc3}kfLm9sKg38 zr-y?VcZ5|MgZh*4Ng|O^CyT4)W*<*SLikAMWM}c>bi0# zMNOXP3%z#nvWD0f&}QwsEL!^PdZ<@V1&+*D?swRu1}&Ihqo`n=#raQuEjW5)N%JOM976p z6J4ix#Jzqj#%ppa$UCD`L@CTWT{ws8=N79Lg;`*J2>L|sx#8G=SD)*h;aeqf7HdBUvQJ{Y^MEAqqnwxrRaWVqGrr|^yTE_;75EW*pK6MF=ia+iaP5y6IdN=SQ`ZH7DOiP{k3 zvbcP4sDjZLlL}goPnlG~KP^pHL*c!e%G5Q9L|*%}mx)XmQRV7F2z-60r?hJK5Uju z`-SzixzQp@eXwr_LH*L$l9&mWA{5s4KCJtw1(kOpoW)=T+~@vH8ICH56=3Eg4ucUy z{_q3}U9sovdTy)SIY@q^hK4H_dre<-XnTH3T$FR5%NA1=Qlz2iEm$sN)QO>d4`~~y2if6N z#}!R^3}}WL?!KBt__3{$AF$K>n@l+9GQAzSwvuBoWCb2<{pD% zy-uHu;zE?W=B{Kgz86Vcyw(%N((qlm$mL>7Z=tKjR3B9lQCz6WSoGWb19Ks>W$Mt6 zMj6C{uJcV47wU5$hpSnrwKJEf}=G4w%Cj?b~2 zTTID4ab}OEEP8TvWO*Z}@b(D3Iy16QL7wKLxgv5=6qH@Uu8>TGZvXpuy2CF^$Nr3S zast*nP-4^>X#v&EmlRyq_8s|DmUl0~L6@17nUrVi4D%NJyw!ht213|b$C0nkgrS~wW((xn- z;J(EK;*lJpG$V?oPaU&`UW++qq1S7nX#+^xlWc0tD3EM$n{+8cfy|7BbOc7Wo@N{w z)niaNk{+kD0;xnwUse@E_gu0~7Q~R?$|uGrBe~HRR6~&R-9*Dr-MUoik$sd)>YOAq z-3*J0j~>cO-!v2stc$V?FVvI+rg+3-16oj;uu~A4KY2>-cr*!ELFdg zy_OSA{2z-78#%D}HOp>b>0_){g2>*2MhYSWnd#x>_YRF=PM_(MqrDs>r9!U^{b0;F ztKp!3hbMtKD3-b_Q7-gwN}A-fadsUA|Xg z=XfX4)_~ZlvJor^umKg7Q+ug3c0W7J*F`jpMa#GlMX|wkBgUvp7MEBTX|EwdZ`Jt9 zNH&~7f3Da2@QPEje~LXXFin6|9+(1)^aID4Sm3%ZA9s8kZiZuA;#Q# zVU1Khw2nE(h-TZ%6Uw7zRcPlGFV2~zhrspKR5KwLP7V%amzqr_C$=})f!>k&6R8ha zqZdGSrf9(XX*{PPCz&U*E^ilK)b@rkBlUL?Qmks^@HD{X@H84mIZ*00nUSMpMKLvu zGqLXPr2!=e*RXBh5E{{0SW}oGgAb}P~`IRO0?Ram{x6kG2g43xUu622A*PJRy))+GLJz0|Qfo1l% zDy-m&plZ6WGt8L4K6VAvbvun6@K9#~3f65gSlWyzYj4^jFEH9e26LqX7i|Yq&r#T< z+V0I77Z;3ll~zZG^@zkyLWm8(Y57vIAoK`84W|T8jOxz56hYHTuL7YrLb2IXfLXYy zxy|wQiIQ+@I9-c{x`rsNw;c2yi*1D5X2O6wD@Cq(2q2ZIzhXDN4WUU%Qr6>>fc5z6 z#?pHQMNFc@i%#Kku@W?)R)w+RsLD~42W?682z`e5T$G7Fd+Yj25i&z6F6CP9U@Tp{ zXcz}&I93)I%-Fz%0CkPNrC`j)E9agzoF2&XkX*A-kc|B;g-j(UF;mo#VMDHWB0fo)!Se}D27%`##C6lWF!G{43WEN%V1y&*Y+8+Z;hS9Z%Dx{81?uvuTmSMA2U>mpuL@(fAP;~= zIi0yQd&urFSf)o>DP;#-RuC|4Ilw|}Fxh7JW>XeAc==eWdCOh%5XF^~urZK)bmXbv z$(Cg2Y9cwf5}P5-mvC-HiC$SJ-f|9hb?{BCv8(agyRQka_Rp(>3wl#7`jfjWR+DuG zv&unQn-;05W3p|o ziw)lzT_|$_GOsMi97G617iZ~(=_*_b856=Lv>09F!u7cgQ(249I~c{`bmB>Oir$YRf{4v6BW~{RCSJxshm7`!g4B5fc-=urqnlZ z?Y9e#>u7euOvAHhh3>SFj5C_&r5GJ_o;| zr65#onh)risxF==0@0Ch@se;*SA-BAmi{&F$Hdk z;h+3qJBv-S_<0&Cnt{-O12w|A%H3lZl#PW=uk6H7y}f*b$#*fa4Ej-b>Z}C)*S zZ}!BFhIFBcg1=Dewr~A(d`H^d@e3v#jr7a13U{V?uzA zH%BeLZ^T$U!8;}3p}Sz+Z4$^BBUIo!yNgS zPxI)3e46cIC8msm)bcIGWWS}P?6(${1!#F$fEJkrXsKDi6)iXmab;&AuJ|nE%C#$( z-_C`(dgJPq>uLHa^1pTU`qi6xlCDsr-g-Mv*44}JynW@ZoZIy)?_9rjIcInC+Rd9c zE*Jc6y#4muSIb!Vyc|NFk?4FR@x&tsEsMs@svpbJLmU1kx0xsiBWYFF4Ku{ z9$@lYuyR|Q7%mx9GF7fYYEHT!7hBAIO}1XRlp!Cx`FSmkSH%J!`7{D3n}XzZ*sO?= zqn5*whObI&aVvuFVfodct_YtYS1=gPx_i2PEb|||3iI3d(@`ulPNYJJU6h+IOk7sB zBDgSGiRb3C#+BB;W8TW$U}n=b)FFGxQgP>!%+q7=6;;u;;#8e!jk$Ig02xW0$|ZzB zwKIqQGq7vuNiv2`p2RV-I;}GeTltya@&KGaloa`Ot*V$0%dz(;?W?o?qeR*sq{LP1 zTx06fe2>J}slavFXOt0wNC(xb&b%znLymyn~$BhH(i#iks_3Dr}$XXqWhgu<;&- zD$3nUUxkPJ@+)!ZBO_IM(}PrzloA_Vq6JoQG%hM;f-~7a?ai9Ms~LpX*ImCeevX<9 z2G_1Ozdr>Dl!vl*Uj?hVcNNTPhFglQqU@`^RV1vVO_1VSLp&ogPZB_5t9oY!0C*Y8n$a=B$5ixqJjX<~2nDh+SNw+5a z{!#a!^=u{kD1qMgSSx|g9Nh?gr(Q^Iis-)DFdH>~;L|1OE;oRj%lPK`ByXQja^rlG zx6UV7Ur96{uGMo<8yESr1})QskLjgqYlzf3r#90x3Nh7Ljisa8SxXQMdumxoRSdI^ zT7pz%T$j6^NaU6MgY{IbX3Gr%>xnpp!J5pV|9~rw#@xKMo|-XcEz^MC(FXYQ6faVboz^!1E(#4|!tB5?OHEcY^ zmRv%7%>L_nRoR`LkdvxA<8xwl!>*9l6Uyb!>*LJZ#qn#kwHcLVWh2)fD;b*B%f^xWr-LY7ECgM z;dUbyD?CMJvE*mwZ~8URH~H=}g;#pfQIRMp=uvk!Fr%~seIV9ovbCxTZ~(}1z+<$8 zN28-x5#g>Nh%D1|Ah%V>n7J@{lwyLRCK01vC0h-z zkYouf4>z)|6r}PpV2u0n(bja*9a2}YGcIx{Av;A z3tKTc$V=`m$2?uiQfWUSks8_pJlPbQ*GX{6YE2gBC~wwi6Ojn=SF8m zI1svTEP_m63)2j66HjEQV6Fr{Vz+j&waswvC2#lvF`pi)OojJH#|tu6i}y-`6=5&)%wEjVIAhl=!Klk z3#iz6Iv!F%;1bdLiU@|xa-iQSmJy}VU2NT@gBP2%2$wr3R)rA4i!E8Xj^r0E-S2+# z6>&!GFQg`e#}U9{9XpYrV3!bU!qtf3!X0x5O~#ZFj)z%d9Ct>~hZB})LLU0>A}Tp9 zt!KspnPiL_UDRZz=Cgt46=j1JS-lZf)DD*c8h{sj-MUkNy3d_)D7HwRAtIE@G8+56 z@xa2tm@njj9d73xt0iOs$EZ*i00LC4(8GsVYj2G>8#$bHQau%YKGMs_UAYw^gi+g^ z{42v_njqi4gTMeY1auY2m7r|87(@+_`OIicS|e3wFpvSwuZvb z5mJ=-<{`UOWUd+*nKTWHjXBwHg+WyDvgK8zbg3;UmT( z0M*f4;%?dY!hzors|}HssxDE;gx$hU2GVI7n3xDN1rJ&DUT3326`hIB>0)^??K+62 zy&jwlSf$_bqL?D(W*-sGK&muYl8C_L6S-sMfQ^eFfVAMda?4m&eZ&GtFt_ExB1t!u~Kj39cDj!atSNoMGYYTPPhs&vX*c2$)zwpNL6KPWx4 zZ5i6mtY0uV0I0^`)%pOv3SWTPh+Bbq|q;oJjO=y}&8bytQkiRis3Dp_0w((y{?K>p6Sy9o=rkYOOUuq;oC z7J$cc#?cVSwYJsM}kYjc+F*9IVrL^z(W%$qIG`IcQs;|NSNG6z zQIwL40a!%!x@`m*Ef}n{mWU$psdbu3iz|)}sSpiAv;#Xy$+2z>t^^MAg&5a`ORD}= z=MNri)WS$w)eIBLD~ELvSB2G7S4cxn)gtPH2s8}a7*te3(h?X$(p;)6GIvgM@~Xw? z+Hxb-%HoZ*el&hfuF}PIPWOmF8bGSJ4C`sEKR;3tkouwH{cFZd6LVwX&oj`2CtE+i za4c{#y1Fp0AsZPf%`8Uq8bMeMCk8XThC%-PjEn03`J~#soh>1Q6ispS@N|Tg8+F^A zrkcuC!T06v)=ln#a){yd_V8dhQ**39+Q;m#*HMMffsV%GXY{PfiD8_xR{B%yZ$|ws zE^*91eWzrAqCq;MzQi__O)*7J2b@jj@H|FCBIb_#@gXFEIc&gROvFQZ4uaMudl%toz5aloxx`_n4>kyO_L* znEoT9fB$sMOij_OBFnwmbY5d_s#4D(Xfq6&?)UT=?^`N4Z?H^R-SvSrs6&vMpeupe&zW? zr;~b}fD&KJ7VP7@o7b*gd&jXhSjn>9?6t7A>T9BE!oH9T2{nUVc2VN26Z<@8P?eZ{ zdx!*&<;oHlNG^mB68E*S&nltZH|0LL?KJ)#%Q<_Erzc0|_tUuUh6+V-Pk*Gv%?k!}Efq1iz0yno6@ibkP9wx*wuGcE~0Gd5o|=p4Yb*QZc}|Mo%G zb`je6Oz_*GohfnF@?7klM*=h<$}Z&H@o5$Tw|!>_GD+%d`VxP z)h}O%HR{xh#LruLjXozqH1Yz-lw4>;aBEJ(D73RoK3G${89ar*d(wJSM| zJrkCpS9~(!o|zJ{EB=Q0I*+rSFnks^l%0Dgt7s4Wa64}kK!bh2H2Y3 z?)YvumBomG(gl}Mp~HJ3gF7eVpb2QWye28g)FOFQ+(#eA;ftaYR)Kbex;uP1=%?c3 z?PmMQWW*2YVjPillqy_j^NEio&@(22;sp|4e`lYJy{-P#xt|KJpLPUt_%KB4*JF81 z%TrJIEjdw5rIR;t7M(Jr#!=JSXY9L9Z;xmEcd&idV8rTIRRpUjT)0Fd>TW&a0@C5Z z^$=ZvNhe>zpu6c{Hfot=?|g!C@0Rp(Fua86Wv7}{`DF`Emc~+kACb77PYzin5dN%% zJeqtWC^I=Of~gul8T`8HBCe3y;Wi-?am-LUITiEXqsNaP?KlFtEpa>(Av^SoL7R%} zH%gx}F2HS+stXGPrZ=xK4Y*G(FmDns%^oxw%g9DB8{ZkpYi)z4PAX43JoB2rV%L0o8uZm zI;XM|jexOASAZEUCW744kU7_C)KPT_;f%r-Ky^~&bFo0VV*E-U_?#1Pu5mJ#N*OSKtA zSWu_}ARll8H0ntapet^6s1xBq`0@79e0xknd0%?C5=~uxWpVMSxajuAw9(nz+RAwg#=TUMNg2WQ zv9V@33`>ggDuuT-<|s_7!^BZ;D@wmvzF=WB|Mr85fx5iP2tCNs!b?pz@@TX-se#Ld z8$M>DcfTSBS)|kW4TM{ua*#8w64@hFC$e(#xp*VD92gi{XyTbc4O_Q0DY2p-yJN@_ zt2-{O0?P9Sw|U;cfaD(0g6gFIzEB$?2K|{n^IHegF|tH-kG59GfIilJ#^$5gaZOFI z5$c(FLQCbnaOowFavmbJf5t|ky~8mp0^7sqV=Ln^=kmKFo{(S(a8yN@n8xxL@>K&s zL*xSRfm#L|aF&a%ghK|puaI}{%V(Sa2su`KI)y@$p_y9blcUbE$bn3n9UxDxg}L7@ zk?yxmpM!93h#ag@Ii{~T0wyn>=$Ct3&SNmj_U6)3t1es$wHaft&T=M^2p(W>Bvk9zb)2D5jS#B^mlAZgC@Z6` zR*149ml?Mz1a>PcV<{SZXbUB4C#)|#)9tUK-#YOH{)AS_0Qd_CiCyb2Fyw<%-X;45 zhP^$Sx|_GX{6C+xZgcH}wa8hS>6Cuf>h$hl8tg-AK0_Sauzo!{a;Tw*9d{^$I+|#~ zopWLajIO}t%T(;%fJdhL`2do!TuEFn!D{jq!erV^5%b;KoHmdnAgKmxG8rGhuysO~ zS5W(Xf2OV$Pd@uhjwVp6V^B=l?z{v=G#kOvwan^BH+gX+#ujVv?p$AmLek3PENj!c z0xv-)l(j#mRmLso7jiS^3cMuM-6*deMIO95#Q2;^q1Y2=#$pB#rC>XTxzmg~S4nCL z`a(`{joeEd@n11$IUCkgV;L28a<*n=ntkhT&bN zbT7;)c+F01ImUAP)19q{JC6%lU6#3E%J*tL!EEA>JJbnQ9(_2Ural%t&`CkJ*9qf+ya+nl~dHQ$IT^dhir- z@Ep^h+F0Futq2%;E;b^neWoA><9!{qRV^YPwMooayk=D9E-Ot;C90CZRYDupjWtne?_Vpd4u>l%orYUeS_xlY zTFSkqYTazf*}>J-N5j?1yRE1-A{l~unG8XF71BgKFJfm9*DH_n8sSR81voGJ?QK4$ z!fIevr{uPw`qt|y>T0Bke`l-&=Sz{u)+FC@J6Edux@p8dw`#iR9ND>2IkI}GsB8W_ zU0p%Rvr#9rM=Lt5h}Ar-7sH)yDe8tR1&3M_R?lD7i6w|Nl z1VP_ke`M;VL#+wR!iB6A)a&=MmhfBS<4aRcFd@>(WNH5PEgjBKZ~wUXM?GXJGi8+Zn7% zj%GB-HF5-!)d|WdUXxROk}RkCG|B3wG?Aj{19(mBDDqN4IP$y2Aql@c#m=mS);0Ky zLiyMC8I}%nIa#l&jV0jDi_6o!R*e1-^Lmz!=(YG2x$CNaO5hqEEKIorgmtn6yGMr92yh|;0U^9aM1UYPJryZfw6AF&h{%x8E~jd}>k%@0N8 zse)wdXIjE#>(Y=;$Y~#%V^YFVHpC>a-W!gtT@~A9v7DA5km;=oT!O%slJXFtgkCO2 zaIi?^b`}e&TA=JWmh9x=bl!2}%$|){H8Tqktw|`*%m!TcqOo<{jRd;15K5*7;dfMP zFkx976bC>2)tkzWqqJ3^fTWJF>clU}PdOMb4_@-=OsZ~mqb&$J5hcT?0b~Y%6Sd?LaKxg{*N~fKn8ZR)}7$XEHr*vY5A|!4q zr{oCXF0GJX+$G|Bxfxqww_QiN$NAv^9!|yR7Rs%u7+rMYiC#d@$45Lc6&fu2jQ7W* z1ECUn?LV%_FMaeCpZjiI0b}sum)vuxWR?UlgqleLQ=10-DP6NksB88XDa1mQ3SYkb zts>yw9ZzQ=afjwNM>B0VD{RD)&)X63Md?g;YJ9dpu-?b z*n;cu;um|cfaFb^ExCx&anHskKNGK+Gz;;COH!ngPIhoOAymR>$I{0;i*Gi#HHIwE zD?e-|KJwD0L?@kCkY6#_l+S`bwI?%G|Zm>Dp$I%y9c?0rtCs z3MCpHzGVl*jhbS~6=7=AR1k*RY6-&_Jmz*^t#A`>?xtZA^r8p%sJ$HB8cg1l+dn89 zxwRczO>f(|8qK=+^F{@IA0}=OXBAG26jubJ@R)qAK;Du&LRa8?AFu*D(Q9p1h27>p z)3p&FahKkfD48qRJBw6z^}||{RSZOeb*XbkyZ%tkiWnS?JN>+ZL~Lz#q=Br?V|_tv zZSZw+N(Aer6pFPnhOCfkv@W|e6-qPiW{wXd-Br&qiGr1! zgB`Qfs?kMx?kA4g#VJ-S^|>Czk;;cKV6%~IdEN@oQiX5Pa>pZDu#9tq(Uxp*^VTyL zG6V{`ltFJuvbi3Qldl2HZO54Ig|CUIh>{5rVuI}p;+Eu1Am_~6{*CK{mmK%YVArlz zVec}ogm4qN99os<2tr?o_d}$zU_KPGK7^Gx$8PMoGaO8wDCBG43`dnX}cIF!MKR$jiz@ZfOP5&QoLIvVU35T`I~aYcta zksnD-BsmX*aEFgVeB6O|dem3g6E0cxQk3LtP;$6pWw?Rd3Nz444n60=a5^};KRD*j zJ|1+E+V!TiW~}S=1`oL$VhSP%V#rNJa|aUhYINL9b=ps|?#gAewgPLv5muQp4e}rz35E?@jg07_WH;2!=AEG`K5-0`SR5 zzqx%qjV7nuYMUB}r-*D$U5NP2!k3};gMVrj%c_#RHli1b11;e(~B@N>vCt9NuNw*%ehBA~>bn_mMB*AG*9 zCg$7x)O)hxcSqmgxjW{)q7Yh>%3y!QC8TKh-MwLF@V;K2BgkNV zEy8i~7nN4x39r;u5Lpe0*%IEOtB^Ce=t^S+u{G5@gZo3<5BS9Bn{^?Cf2J;c#wguu zaP{C@tQE+}v2tk0eS48gM}{iO6_24t8gamO*E(HypY-3$)X zTdz9#;3JBdv~LNUdU*Nb!MGqvMpTrg1U97ZvzA7IS0mGX0wPTOW_mljxA~wueHKBn zxDI-H4?;vZz3AR1cL1lMT}g~6avP^y9}tyJnfogsri*Tut0uHPX>|+gsq8v))oP3n zIcejDx6^R8!blYfonVEUkk@Oy6(>kgpll(BI5pdD#27O0TlL_#>%rF}m;piST?DxF zWO{9SM>z!Il<}4i@;TgBXd)eNc>#desvshj3b;YN4jdo4U+_zM3xpYa7|7sT`5(isk~3nrsDHpR*uPi&%6mGOliHP*~Ezyd-s@rwWvI zUWdgDq^3ZD))b)VXZ6}ZO)8&^#0IrSO>l@Z2ZZy3+7-%z~IvWCeo8Ud%Zi zA9oj6keYo3IZ6L0by2bkYwNFk=hZwySndye1Xi{ZffcnxKzY*>NZ#st&$IT!XI3Bh zR&lJ10ag-1lZ)<|Re%*hnHB=VtVoULR)uO3t6&Go(+>|#{wnH9-e?`ud5c}~hD}1m zQUQ89pP2#Kxw>Tuw#;X?kK(8Nkyc7dw586B%THsu=L_-4hAa>eKo@moQdGt2m|F!) z2PmqlG-G|uK5#2W$_tldjv22Y4OAB{`K7xW4EfC5n+3Fs*$NuZE+#}}5zXQJLfKZ` z(w-Ac?yag!JN#TvpDj)*YJ_IvQ-WsWQv}N#Fy?&*&AT3h%I8)VQP%Msr~N`*T!nIM zL)kW2zzap!Vi~AvE|&Sy6{xSZhB zV(omUB*@QcK`!fwDdg+;lqD&L68CM}6wHmfsWWaA0U zimd+ak_tRqYl>{F$`yeX?aE?``H0UUg5(N*3ZngARZiC*6k2)=RZ-L}rqaiGA%beX zve^cLd@zfw1G=`624sDkE7hyWGgI~=G*k8rw5I0J_Uk)9LDctwV64_``LE0x!mP*@ zFtr&X@XB=4mxRaZSGDND*48`VtE(Q!m6;5#&<<>x>r0F ziL2DQLeU zYQS}y(+Qog?-)3Wo@r|dk+-!3uXLj&YE9~k@im34>9{lGiZoZ(a%?_=wcE}XwF+J} zAxL6mb4|;v(ut%nz0&YPwo+Y_DGWdoqP{Ife9@F5yxNiys;(g!tm*>cFb#|%+dt1UrZu`^6ww=F8K-WF4-S5;)C zl3S9Zo@c14DN=!6nG1EpL=iTx+!nbSQ?2@Ak zKG~31I&xiqErIM1-0{^bRrr$VdE8j;?@DLmpS*Spd-f zuIA9sxc~}3;V{4Z+~WYeR8X~0_pm_XTXPLzhEa0<$jZ*3JF-lGK5;Ko1v|PoPiOl# zTe8g|y_{nm7?3-9a?L=|vqn4}J}4+V_B+tj3l;J^MAF%NX#)fPXgq}DHvIIkQ5}pM zRP>c9BOgCEOLo1wu#(~se(H}@ndk&v@Np|xIjw`a__LCe#WM|WZ$}q8IwUNM$v0<5dz_NvQTGJ93k&nZP4;A-G#Q(47cTg6kuUR{g5Vz4Jt`f_9|iJ~C4(kejk zVuTlHX5;bwuDl{8IC}Ky01RsMp0C{s8lkBqhL9VA3zsBws0A*Zp*tQjRT~`uH^BaQ zJ5^8@)`O}&JV#nRJ%PO!kuy$_)M4Uaa7~b)(G@8;boU~Uw+%_17blTEUhvPmF%zni?|L3Kyu+9z z5(DOQ=4`FQGm~C0Nv=5+)m9C2VKnHKP*YOcqP1 znmm=j+2ob%2H(PpYpNSXC4uf0mq0hF*FsmMNlIM$ai0j0#ThWvGGVi(7Jf@~oLY=F zqyL|^_giiwSMr4YD1EaLk|KsWw!6JOGgq=?cdL&r=}2<-e7mvXpvaO`$0Uo*B4w*j z%yaGiKH2xnO#CmP3MhJFPFn;r6Nv;Wkw_#GVGT9f0Y_#i+@A?SIW#mZB>cCrCaEIY zqNCbEVp5ePM-^>{tqmG-<-}+7NgAH)8Ps9&78x(DDbWQxr-eHz3x0k;;tQt;zP9R{ z^V{Uea>|H`sA8eY0TO&&TYfVqs%sKFfkj<5hXgQPJWNh^+Xi823JAZ9BuLb>J8?e> zUB;d)Y2)BX7t+5SY$`I)PnVepi6lYSz5Z7{*BO}Voanse896Nel z0B~^BVZPh%4hRzrD8Xct5^2q_fGtBr;(ex(Z$p$qs2Dw-gicpYCy^!V0a<}yg(BUTO5NBpAf>TgFUS?If6L3^ z`WL-WE-O)|gumO)nuHnoc(dJHBPpQ9V0`a`@`A&jwwVwjdoTe zYYDdeFuN&XA*Xub(KD>NWH7;Q*0}p?Nc@KDUFHV@jm+N|fJ!o$F*TiOMR(%1k@PC& zHg&SVtoyp;*0UenQZ@y20e9ak@l6H|N8}907(lU2JV}~T@wsVCDkgs8r5*)p zgh0K9s6e|UHO*5s1m4&ZHd{;{I+uj_1S%$wrWk&@)+o{tEGa{pY#y@>(IByp*kEWs zgXj{a{%#;09KUD+uC8V^f4Q1f|8{RB9|h<#B1;k+;Sc!8j`6%Aa?T-5>~c+6Nd3}- zBide~9Quh3mA-1^_wuXPb^`V1b$yJn% zM;o7hH9ThIqr+6-T;KfScULkVj5?n788i^n#jGEItk7R8+UIn-;Sw1DStEgI5`Q^; zzQf%YI+aMmY^ohxGbv#}jpKDd3ha+}6E3i8t_mQK_Kx;dtff-8k!v3J_H zU#IId@qkTU!>@22Oc8hS3D4b;Jb?j>WcBOC6jR#Mxn+4R!lY4>W2D2c~?8S#?*u}QdMxQgFokZMg4U9 z{^vj_v?+{yD#)jeTc4?Anlj-S2a?~;!I4y|?RmVi#c|92AesK z^mYgS;7AbpHgBXeo%*XLRA?T^J97HU37XIUdHYARnMXfW;UK!Q%y-MR${pl#eMdKY z-2#FmGC}bUfkUv+v8FyvIMhIg1^C!xn-euyUVrW))`G76IQ>SByc9C(NOyGQqw!}$ z0GxoczNZ8YZtq&kX@z1+&f}K*M=E|D+lv9bjMOFi85K6-mFQrTjLam2d?n%~_8UYF zDE{cEuJhH|O6U9HlSahk$^oQMgF~gJs5v?$qd*DO0~FsWKspp{`CcQ50u|S4>~O+D z*C0+T5mM-1M+*OC9ckr$Nof`lr=n=9=`*z#28q&DhsqUtXsF$wpE z?I2Ql@D1s2cH$MXDfmivq+6xGM@?O2Enw;!B1{K;e4wHP=oXr9WMWI*kAu8fT~YpH zSM3~GV2`@fP@ONvudG+t9y&AJuZ4;f*O-|Ce!XB{a7qRB-T46SE+2#BSJFyp#Ay5F zncDEqu{R^=GaEX)bx>;OoB#dTa(66jDZR{NclEkS#hP}vz+N@`Bz$n+^!HB38cIB( zGa~BdS}7wqpf#**9ePa{VuN{3dd{IqNi}>=PvH2O@Ik+(V96rf;bwOSW!SBfa(7j7 zzAdQ~@0b~O{w77Jh@0?Kg;#~sem;ouzc{7zG(N%_dh6NwX}R_rz>IXJjiStoG|HH& z>E%noShns+FHh`|h%W{O9^+EC7G+YOD@DYot9segK$cIRFI^vFOxMu|?TJs%Otm!# z$3<6*A&3n)4v9^xx^mudb+>|xQ=ei2M>%d!77K;gvP%^&Om%dTZa+lv6^Q*JES&0X zinRpbFkKW0dzoyX$|$5>U}D-O5*`V zB_+1P5f({V)_5J!@5^+g2+M;fj@zQfTV~JO#CI%6cx*lZt)_MS- zVV90~-RZ%*Z%ASmVOPpiTtUY>SopkQ>zXCSPJd=zHQmP@e{X3Xtqe3w4>6HN24Hlm zQ&Xt$XO7N#1gqMY>MR=lyf{;5h+1-rXr2^6CY=Gk+*vV1F=Ki_?9x>| z@I^ESc=g(6*c5d+uQjK7N;Tjqy3MmaVpFATWXNpo)cv!e{7cHdRa*w}POvKKI5+S? zccExY(MN^qtrsOE5zbJvIdJ#fK=R7%Uc#&3?ZiW~{_=nW!sF-Za`8W2RZp)c^w(#x z=s!!)ZVIU7G5EZJJ@8qA(>E_tumn_X@?aI+uk=>KAYq2ud>#b0e%v{1{7v(mWVL$2 z-1t1N7I<7Z2_%l(9w^%$^fHoz$0*(7p`H6!g+=Bt=!j4)1Q8ja!CRJIBD`CUK=5P` zfzSu^d8?g65m?L8isC;a5ZD-PCe_AFBHzxrfok6 zBA6F&CiRn9&A@y=Oj}`Nigs+>z38FwgSq0ih)m-hw zSs~q2h*C8`bYJ+>YKa;2I7Ki)3_3jlJt~)XcozVl)BrVpe+~184y)021WW1pVZM{N zlb5l6I4!SXdDA_`{xcnR<VBNTHp60OxL*YOScD=)f}S-uPwiXu5Wh^G}-&98RqquqpyyB zgnNl%v?9do_9GpA#;auAO<+3nMzsfUBs+|ea$!@=(f9NRE_x@LBR^4ue-wYd!z%kF zR>`Ylw1V#vM##x}nj|P%2X8$LaQ>+%S!wPA9; z1U@Op*NHP=Bi_6r(K5~Z;@ox==3p~|!$+xA))d22t}yC9i@5sCEfE`UDR2Zo1n&uX zy=i7RE&V)A+MZExXw1R>YSNj*t-&8@tB0eQl-V8Shw^X~Bi%R6HXBLn%fYpxhAAr`VU!^G8*Nu3aKmtkoFcTMV* zQY@K`NPzlhx$0YnI&XH!(ld-o^Cv#ak-=0;C~vDjBQyag=#l9WL0m{=T3HwFIWVmZ zr$>h!9I2E&DsVoB{X9(y> z_1M^zybfpena9}R!LrQ4ayq9x4>6t`C}jG18UTSMkOR`^Trl%uc;jzCF-x!&9BNrX zWi_r$nkY#Yw`VP7$=gF4F-R?ivZNU@TZF=SWAJiWs#{9M@aAulIw3NRohbv6!>1Ny zx^6Gw*Fh4cfhlzdkSGDC87RLYkX;7MwqC{s>@>wmCWaa#WpR`AchbGS+aB{#nXlpy z&enFcQ5oW^cQeELm#mpg?(%_C3+1`rt!UlQCT4npQsDegY(DU}qku5KGkggy#XMhv zCJ*O^`ZMXer3m0W0WhV{MmP8GtvsF$&X8fFvD7|BZT*t7&lP3BU7t@vwZg6+-e;-B zJ#S1u_s%?rw)&GLFD4zr)*?El+l#=XASaJmm|_(#XcOotLprz|KyT@eDkfL8)H8et zLj>+SBl>(8N*pn?ejkR1=(~^#Boje|6OYeHdiU=`ts5fyb;6Lzn7ATB?$Ed%XskSz z)yHUjs)L_Nkt0^gcaDRe4Z;}V?Oh>rY2x(C{Zw{qyck=3-b}xKmUM7K6PCVr>}cs! zIjIdJ4Wx;ySft38#Wm40BSf3iW7jcWrHUUth_9#$H*NHZ5y>XakFge5*0-<>pu3mR zLk(IDVwk*2kY6TNiLKsj6F-+GdB;$w{Bw$)I|%m`Zji|_0LK=jC!h7jeFj6A+IW^G zGBhr6nh~&2@Jx5+ln`zx{y4p4qVd0m8V>2Chty*isjNQRZVojfHyR5NjIW(l%K}DQ z)Sz`)+Tb4OkZWFj;k#73U}7ciaA zWZ6z})Qqm-G!x$!&P?*h(P=AdO%-@q{0k5=>;s{kwK56lfICjjK7s9Xw|aoCLn?1- zu&mQA+U}gla@#4UNJ&BCeD2pgZX1lzJG;q2hiUR7bzOqMI8E_kGaXD)kbs)>M z(Y$=#ZKBTq4nKhVtkY)4hX9!#V}pYMNYr%NDEa2N11^Hh<*0Rl`GG)@7;_yK3O-`y zp!gfkI@;1BOCNpT))d;5Q?AghpU9x->QvmOuICGuas2oE5MiVaUtUS|5YAk%5m7Q~fL|P^bkU|5Z79hzh){%pw z4#Vbpf20isuD=fUcO$Ijh7VJE=*x+L2&5leEn{+_A;rRh4JpUO35mPf+4OLdd@$pwR|AEe$ ze)w;DCnee*`=UPbBi>63`oAZW$^QWd@>K8-|8l4lRk64K+jcUCvxf|yci(1+>8$3g z7StO?{V?RK!cy{L01D>>%?3|L891yM6g7sorw%7)s`Yp!F5E;bNU!NuU24Dc7A97s zrnIi2_jgV)T=1cEix; zkM$C_ZhPWElA9H}Ro0__GfW_To<=*Igu-#E&U`@!H32^!QFkO16LbST&OtB;9wBMd z;L!ke=7w9yOudf6bJeSK)sN|_m!|6Ahz@BtsYz-pJDsvskv@fkz?*JvB%sr>4yODt zdTbAlEU-_8%MBc_4MwGDY>jKcD0V&a-E8a`+d;G(g&Qi zOz+@RJZ}G79M3lht=~wRP`5%#;EH+N-BC7-c-YC-r2`(NdnHUZj?$mEr#}CcFAywjb zEALMt#Xt|ld3(!;l}PT@1BDEg&ktYg)m6Qg#Ed<#EWrhXy?y?b-$UsmeXdAnvB8GC zoi?VsIFEqUgka9e1&j^-BigJ5oj14j7CGk4b*f&%2S z2wT%_Q_F&UKiwf2X-s~Wv!E?yQuO0&n_q8!AE1jvX=Lqrjcd2PU1d^|Rt=x8XpZ^spPSq+(U=rjfWjlC2Y6e2N@X(50kQ( zWn(74=SVB)u6+XX0nV$t-2?XG*w=3n5TI8_+Myp~ZY*ossH$lT_1S51?mU7iz0!tZ_om$rD?2kzG_7pj;V7gwuIHO--($#9O0aP<@X z9UcPERV8zsyQ&Ic>kVBm{t;LbE^=i2d@_&lAd`WJ_75Uom{}T*YS9N$U;4 zU3Fz%wGN1!cr(ZVA`NW^F!}*pP|7w7YS^96FTKgGE0mMkVsKZ`^`{7xc6aAfVc_`0 z6jwv%bC6Q9gaG=7#U;@ZMZwpyRYM`36JC z0xRN|*tFBb5#5@|kSd%`!>T+r&{CZqW*@yXP?R^F1mqCtz$g-(dFyX>Z0~(*$?3fQ zd?UR#RsM2ei(NHnOT&dg*L18NUC}jibd7JoIHkS~V=LUrZA(*2yM-9GBrI&NF%bdl z8bS_G*X*&CF=NHncFhi37q>HPeW(X@O<+XoVl~e@lQ5_c))-wI*Z{g%W^iOCqT(r1 z+?nc{P;%MS0HJlO%Z-6+KNDRQXcYTJ(qiH*mh4OYCQ?IMq|Ig9k6+`fwu_35D$}P^Kkr)cF4!`RZIWFb%}QR zP{FmZ!o>-7e68h}jZ2v@$PtP>4PSCwBv@rN6t}Zmm9!+#rERgzhd$kKVxwXfMI^bx zz$E8bEq<|~*==Ukui`|`Zdc>;sm96ti4LywTh{|PgUfWAkER=?8#LFr{6mbFWB-F* zkHgJ@d`vovIh>4{1$=OoDO8~^Z{}p8*m1mpNJ=|KV&r3{%+?6Lq(cN>_8AbyNCBK) zoP2yYeo~y2qRMEEM3Zf4rr7NupWy#S@;L$%PSdyaEHciPvN;tsQl^;?j#M*;cnPTV z(=@1j;fhit-N?NldHFV*aYN_w>b6wGP6t>WYJ9~>zVw{7%S1@aQ{kM_OzIKCE{#07 zVpc;#Nx2?=9Ch24YZ51HyrU{`;8|YF@8nRiVw4ch$BM| z6p4V{!KB4*d{1Q3|-mAJh-H?PiQ~UJ(yJ{U4IG)jrfg;|SV9&26%5ARPcv8G>kca14q7hi- zP%t3D&*)iI{J24o6gzn-nhP(t%VtWQo^iAnw$S(32&=ZyvHQcxBRsb_QTl>+mNv8! z3%4|daPytEKpg1&3;Xvc7_ggX$~$p(aYMvvyn;P+z~8j+CSNq$ci$*Bf`8#n&Sedr zVIos=tvIXk6pwmro(k*s7n~G*ok|}S$UAzYj~<+4yj9!Yu!#-|IMtcrjX@4zsiy&1 zwXGzwz)?WW%AjFOwB5BQeBGB(DP!|S-aZ#zE_d5IioW1l9{sN9)TAVYK&U!`o~j<2 zGm4bBsJ4(Hlk-X(B6CF4FhJe%>?5N58$m7?&FZgegYX{2))H0RfkG@fjhBwOFsz$#18vLCIHQNy0*sksuoVVZ_byXe;!U;qPSCXdPPvk zv)29rBX5S`QLTJBOVymGDs=DYUrfBMI>K@Ktr*r5SR>3aVKBUMTIzs1gdCCMx%cPR zprS2o2%*Xl7VZoA9))xSdsZ#f1WjTx^`8`ef;z*9TI#3sI)l#3447AOm>a&4z;!s} zrU+B%cEGl{+WP7ok=E^5vqa8A-Ukx76$O<2$q%g4PrMvCKQGy%8$+5M8G1Eu^9=w) z09peNqtavMBapduOmO4`Y_PZ%v`?Rr^@w0OsJ8E*3;xCe)%N`w(O>duLsnRMZcfk7 zjR@iAy29+Mw%4SSZZ}8+LZU=5Tx&>P?HAKqI$E1o-)30skqDjOxh-WRWSSPvR&mur zM=EThM)n`xSmok;d1{Z#4X_n15p#J)LL{7Bo6aKwebvh1Lk}%%uu5It-y@K*pRw=yNqDDt^V2C(hQ5R~1 z6vYVfHgu*>O+D93iYKEL3}&Ol#UV!AKQyxJpI^PN7kFul$B+_B(OIr`>U#rWF$9<` z0peQq_S#G{3&~y+YgyFvez;lq-BG3$ezxTRCE>-bjM4LyW`ENRs&!`$=tL{XEMTp1 zGk^=|zQQ{eG$xqs6o4zUgG+R%*5tR~ zrfXPuuyq$a6l!D@DDmN!K-P0%AM0cL&}{&P2}-IaASB_- zXwcH;3+oc3(kYD4R^U_<(B_&Bm%21XD$XYqzh{}5AwdO+I$8M#nYr;=R$pG%XV|~c zJq;?vWtvYdLW;TM9Y@tzaVS8ZHhP`{iKdNPrDuDjN-w-s4Xe2w;3BkKBAh1E`E-rVI@!(S)ev#; z=JtL%t0Z8ZWP&YXCqhmNq0>!ppp-a=-%{Y6l}ix}Fu6b4jSf^~b*N$l*&Omar}u)@ z2_~T8+eYGQ=>A24M}0?z66e?MZrjL0I^{4U6)Q%> zgELA@^z$nxPDCH)5-9I0bz6vapFPqLyq_-Xh3r4iuZXY74Q}f)nA|C*GVHG(wvP%| zfGn@zm$q4Wr5EXN5czF7N4#8A2yeo-D332w*Gws@%=XL_I=$vk$Sec;7tdAZ#FX%_ zE86j?FHO~$^_}ZZ&(E$IlK${`lpS2ij+8q5)a!S2h1V$|u1U|pyp`pIesCLP|4(s+ zMg6pZr1EGjQJi)w7~L->#mYfcEIVnCwc~B$lncMjn*I%lDBxJBrQIT{z!bOm-E#2^XCXG~d>@(rR8`i{6-1f$TuGi(zNm>k&Ro#pedBG~+}y3D$J6Cb zQimYcek@_|MzVLBtFbXex7v5K1ag6H^cuIQHlkGAG1t|E#p9&CFLAaRL|dsnAlmM+ zAi}7bur3dC_>P!Y^anF)+uS{y^&htkt!*vLUJ(dx$2r~8MS4JdKxh8B&1z>Yg&q9? zv!eMbCWH&4#lvmIDwwu50BvtIp3^kl$~6is1*x_%-Ik()Q{BW&blTDGc3L46+cREU zSbKXVk}F3RQ-QgzmW_O!9$?q_7Vx<3ZR)ti!1Oki#NXT9JraY2O)*-einiViyMU9m zLTXd`G!~6mI&$^hPr*Sw^UKfm5MPqVj#Bu1TG2L6v0zH=oI5x&h2%h{oE;)CTWl`# zvq~a&i!*1H6G*k@(q(HxmHVW<8jre!o<)e!_Zy|^q> zE|bxEkG>>@(dRB4@TJX28Y!0rPi(en~}XkC$Ge5=HN(n zv9!L`tBS_r3|ShKe58(sgDSnk78_VDz~P=gE>k7!%R5;;>&qPzxebDY&aK)ye$z)t zbblC|Sl(7MHL@&M53MWjB5OvQt4)V8xs%R!5+4P-;M$Yax_X)GgvS z&A5=Etn41xp6|~T8iY<>2eXJ8$H;8ESzLH~BLzBzu6U0W51vQeBY=#@*FQYgSkKd6NQ zztm2c8f(_d4`PeWuG_13&e%vLI)i4;-h5%1VsE2{QW@c!V5i3PrHZ;}^oLW<%dIou zYB<JFw*3amx+HjVCFmX;k>!lLUW}ln*D~md}*ZRHj)NLc5zjhr^98&|s%!TXicMI+@f}?HXxbn_c_v;_~+7 z_mlGvs^J)dqlfUa;XMth_6TB*xpKfyBUDFloO$4Ex1r~YSD&ml($tJKReHvvKuN|_Y1v1rG**bB%YowYd2nQ?5(qZf38GSy z!sVHN+jzJHdpPl&7N#u=KR_|;2P4M0bgDd}H0d;BdXh(3^}Y*WNCz~E(zDg?5V`1=gWwe53R}6{g7bcEhCzHXS z<)$5l(rJdv-F9|Bp`}sT5_--#t@%ZEeK(4p_@Y2WMZ%T4Kd}KPOly)3dr}chZPOh+ zhZ&)5D0=O-fsS+t*valpKSO}$rJc=wxkU))8Q{1Hnve=dH5q|)rlhw|aLR+ds#8O! zPv`;#nK`B1t-m;o7$ogzAYn4dYsIbgFeJ}|#Ytlh!N^7F__LLD;#zdM9xc7$VUTczS)rD1h%+B?GbJPli5s9O_>=8vPRIXey(kaAk{irbQ|b)>D&c1o924 zaJ?IAFN-Cp@$P*`5uH>lofe&2;W1pdI&8OdWjscp3zQ&ZA~Pag@2;`|5kCw)s6^U- zxs@K{&(wuT-l82;21|OU)?^j386jeA8!)Hup{JXy+JC#(KFjpswT0OPk)=KbYfkH< zJ;L-XOR`%5hFdiM@BhB^tH7PPNa5F@RYss^GMr2L*lQf)=#$PQA%U|GAK0kW-(41{ zI@n6WQldf-9%%P)f*XZ%oUhVb=m`eNg^mX!Xa}rDKM8tp^kMqfGn!QiEpq|Y{$T)| z*c67-%nAnhT(x$7k=BAo%W{)=<$BS!w1FUctFYpRWujHU}^9kd{BAj^K(Q^QZ zMohLZFMo5;b`s_nb2W+6QaAjHZenyl-M)YM1~C$1M<+?rB;X7^In#h?W=NGUnIkOgLC-S%PN&L$aIrgh*qkPC#85m77G-+AF=7av65Bl%o4S+kzP(+ZO_=6HKYnt731D&UNijoh7k0Hjt}!itW#i9VP58` z3=^+6L!1T?5>WNCnlErhdu-?ozzMNG>N&2?^b_iVQIn*%TV^7qJEqADuMFlOb>g%PM(TzB=EPM)|K>7G6F^?Sr(%PrU&fth@DEykX&vx_=>D_ zN#QUEdvK&cIgy~h0q_@3O+Ca==SXEO@zv^KDS2&C)aW&(*5U9_+TEk+A{uubI$q6@ ziKYmTQY_4Nl$xvvO*c1S5?I0B$mBSj6l0n}MDXnNslp-&X2n^NTIM3nV&YJEtR!A5 z8Boe_Qr^qDz2FxxDIgACJX^TJIjr*{NmrEmrp0uin*kY&8$rvBQ)%>u*5J|DMTpdM z5jD23MVK^dk{;wAJKVa+!8LOO7WL((eyCRvR1Tt%(z?Mzv8j2qC4(2I=#+0gn%a}#s!G}jR*Cc^roW`)(SPvnnmigNAtW0k!YPYJ2*ZDIw|tV0@eKC#_jbE3CVE% zF-OG!JQEVHMQN2nZ4Gd)*>SMy_G5)CV%Xc{2+Pd0O|`~~mH8EWEcR~BEQ6*cl|nW- zJ1vUWjJ|!4foGapD-}f>m$Wow__OK5L%vkNw4$k7`1^+2WbL z*6q8?n<5M-mrS){8UafAqCw269;rLKC1W_-ZTNBDj3FEpn~XHw>p*tB3?{q@sPumk zo`{%U#TL1p-*d{h9^Gt5)@wYcRWnL>6tv9jAq053avCvQ;dMw(n}m)zi}4v{O(~IV zoQy=qmC(6^!Tn`$0$Ax9VU0#~CMG=vK-rr9c*Lfpj8AvyzD$z3 z%t&clf2t znz?)>Z}_7>(!4}EL{7sJva1pD=e^!jY@PVx&>UHg~*n2GqMv)%Rz3; zM&60`VcA89Yvb5|d}tnUtq|VlYKx?$YaD?l%GHeWYwy`Vq$V|0)s$Yxhl!Gv!YEB1 zp8J3Z7skpKtDy8f?qe=uWg$rh?4Vyw5da>bb6JSag&lNxOxqU#mqoh@p~nz(aTEux z1*Ap~Ipo49Jcvb6OnDTGor9a86)AM!t*p(AVw1jEf5B8(9XD$_4u>?bOMmzuud1h) zG|wn!0dDnTOOOWR==u*lH+$hu=5zRkc8lsm^@OymeIyYGA{qv#4%vXJvwd`FwD>a^ zqU!=?(1j%Bs3MO#xzgzxn1Mc|h|R%{F1N_Ac=z^MMN9RKNQ-bAuZ3RX5q^ZVUaWhT zBwfvBhDdE$6+0ovoany30TCK>&_d|F%^}aWOh!j)n0384Jkw0PMb8{QI9l4NS`cpA?je-%z3^J5bPL5+ z_K#v~VzVfOmh!RJcRM~cNq+)#F>QuJaeXd=_o4E%Ho z5SI=>dL}6C+M9Hx1?fEc=M2V|L}|hmvUrhkdx3MHx`E9}S5(;M zq^(C-DAP79rLdH32NqWNqEmQPRbM)V@PNz_vd}3%tFgmDruneFx9V)IQ$f5(3puMw zNaoXu8je;GA##&xPwGBdHEbFyQPr8$rEBcXmLx| zpj|pV3o)e_YCEjp2IHmP=xN6IUvG@O8ZneQ^hk=d2~-tqG*_!xGl$)FJZqouZP@#> zIzpufKwWSMAgC4kyy)K-i8{{gLvGDP{rL)8L6s*x0Yc`6pqgi7PrWRUK7}WG zNE(?|>ZM;!jzAW;M{mLDR4+cLX-(eNZ=Bf2gE~0!M#m>?EAQ)SF{eY^mXDTNvrQ*& zB;F)wkvu8H)xxIkN_Uj0;xWJ@ZB(UKWe41Knau0u3@+sM%k%MWdwK6AOUcY)< zKftqBPgid*KmOQHSYg29ykQ&A-?;3&%EAcP89*Wlf|&uzfh(>nyn`b> zZ_JAAjEQm1{})a7V&dWZw95xu2bx0`y3TOlKm-(iqO zph=d%@?J9D+h<<0$2L3qGgpn%7t8iSIs4~hRATDXt^fO>Gk|gip~=P$4NymQ4|wqG zkKnZo3n^b7R!C7fhn>Bf$?FdVjXqS{RA5eg9BO=3uu992gg4-j#a}uQCs>D{|Eg&H zg^RmH69kyraW=RpaZET}wLV|532v^K!;YgY!Te8#kPRJm^}fj<>nc7 z`?s+jFcP3q7*9lHaYvNP_aVc<0OQyJmKt3Oso=|oj$0^KuKvJ|Am9wk2<+~#j3Q!& z#mdv}?MMwEd)5-ktR8WiXf|wIj@Po_2A<=}DBp7Nckv3s;C2Q*q}BVmg}`3JyCi?= z)LsX{`&6K#aoDc6kmq+G7Oq-J6=%Xs&LF5u(Clb7JtS`i`7aq7XY>;Fh(rOli~@P*hfR%Z@1SV1H8xiJ<7b z7$na{;dv7f+0r7-z3Himat1N*5Jizu31v7ZTP{w$7OP7JE=od)4)#>E`rxSIabT=^$H=AG+#mq?~*n5v>+*@33n>| zR9bdv#OW&YJ*v;pq-dl#>Mr>HqI{!m>_U3k!}!a7Al}Rp&*uv1c<(y((HR(rdKJuY zu!5ku+p+EI-=vq8BuD_dj7a|bRPLQM=Vgd8KGW3cH z_$Rbl#yhy)>dz<6Wv4#HBU1OoTfpM!e&+FJoDHQBF@K_@ezZ%(uc0ShS)p-2HP3do z@95q2KuCcqkWV8ACbpd2iGyZBJ_w&9UBmCw$E!Xd?jgXU9`bHDte7`=sC>FoyLq1; zJa8@EGkgeW-Q%``f7)Y&C{091Z${5E@@_232S1=p_aOLoX3*laoz*o*;PVR@K9};! z--l`om6C#)HE<_(3@}w1Wfv2ALD#$dw#ewj?W$N|lnOuIjMW9<20jk1M|F3}K8Sm} z*RP?E71lJavISJ{H&qp{L0p(%98Rj{K0tFS*Esp*voT)K(r~eb&Lz{VlT=#Tz`d;y zoXE@WtJvW zRDT+(e>n&cu00-i;Na8CSFdA4E~@ZTXUu4We~S?~Yr=1X37|L%{w_x2-3=XkMaKPI zl*Vlg^fvr3n2p=bE(ZKQS~!iDhF%FK{GMKxk8peuEsQd8v5QiUZ7q3g#g}vZCXud@ z9VGA?${#`NPCeg_;2Dlkg61nCGm@k%C_aibSTu5hmj$O;I$e!@SF2_vuQesPpg?Ok z=s{6_C)OMGQT#`Ty`Vm-qVdeBiWAgt(f)RG8IByz*bSKTI&Bovi~@@eQQ%lcE5w6F z2Zci};$9&~aC~i|(>uSR*i>;ytSLUrm+yA^fIFhdd4j+s6>1ScBmyW{`p)`gJ%N4$ z(XDX`*luii4@CwGr`QQeF2y^@o4&|y>)=Q>9EcW;y3=eu91jtXn#PW*^1#H48Eydx zo-GYz8UWx0&9D6sT@x@M5p~kB*!2FNgH3!v1~dqQy3@~!h6=S^gct{04L0eA7OAhg z!+OqGNF-ZtgE?fdMy!wsXh055fMIWoPEcVl9LGuZi=IJ-M~K0OrOIGA@?b!m;QQ>; zK(W42=Tm;|!I7y?dAQUj1~J8*{S7V$$lix4JNp=?HnIWo)wI$m2_=nCHxr!W^B-}0 zP|jr^D8AwB!gaQ`U69D`x(gK9$ajG{u81y38}XVDR6^f&cE1)-DE;uSAAG@}!#^1J z&JX|k@Ba+y7uAaDfB5g5Q%&Waxm=Uu3Q5rFO`CJh%^cyhMdN+I4VDqj!EacAMQ6Ck zJUd4Uw#>e z=A+Sz!pk+zmdHGT?~`6Lo#h6u=(eLoM9ANT6kJl}bj(b_s}*ot6pS1WC-C)*oMskv z#5{9b9>F%7VcL|JO{w)p!MzU^EM=@^E$FNQJA;$7; zamO)k@kemZZuF6yJGdh_C$}K^@a1ASu~4K}61p~#Oo~iA8@rrVw)2WLb`cfb5sHi~ z?uH}75u?Y47$Zl|!5uexOkmXLL1K(NN@5P*BP51Xt&#FFnB$}c^s%x6D*K@dCl{m) zOazmT!h^w8h<9*gL^NVxuyEjfbmZ8$$aMdk&uog>52>8M)AzhY4)XoUjhi#LE416R z$XB#iS8f~Akz#8d2S3iZY${4fDhFb3pK;U{&wi9rwnEAX^KgQo8N-@X7A*lWdf8<3 z{S`r=zDy*wSYGtCT|$I_Ox%jEAi%(uaIKQPgG;9P^TG4(^%6HGg@{VElHa@fS8ZgrmCTXLH91Nr=Pjr9zf3goc4y((x3~aO|quz;`!cAo9I7VIVbX z6DDKpd_DJc6Y;yq_&ba^0)B+SG3!RBYb`6CabKb%p>4zKX1R>C+H+`)(BKg&_sEuB z@BTIKyj#C@&z9VTmljjHFCuc@JC5Epi!(f$zb8wZSuK}>_>;f zsGfAFjPDCY-R;*GOJSeBSSlm>0tGp;4+e7-?+&&xOhkJWtsaIj?N!LKuxbhy2C}-{pZ$5N{hAf{|=c?D`()>R4oC{vr|AfDn0Eoa|5+DM5i(n54a@4?HJzxrZbpaxSRaCRWis z1ZnjMoixL68_CGh--_%k}ozl&WJ@A*};vdQV0?+D%w(05_xJBU{n zq`kSp+#hpR<<9=roH&g9gki6q?bgsj*rd+cg;!=JyUf%rjs_n1sng5V!pm(o5P`I9 zNR5y`dt^664#ovJl1km$+(@GiCahlLeE@vUyHz&OlM@U9_?i#&AaDSz+h zj`lsrH&yds`jmNWt-!=Kz&C}H&EnHCO9n4e;n?k}VS5Sr82LeE>NFkn+%_C$=y(ui z#?X@k$vk&g;8+1${m^GTswDg#X8`+B|bg_OV2eczF~N_=Ll2Hw7&C*c>)lfX(qLyjhXJ z{*uwh5@;|H_0PLdTuY)XfMsge65LSN7aS9$CT#)Ub;Zxug4=T3ll8j7 zQ2{pU9PC!ms$lZCzAovdgNHj)`7#x}Vh6XNIcj-ClSS@ocwl+eh3j+^WMd z#e^4GO`SnUkG=%0 z^el=GPF@!DNyh%XXs)f0ZFky!DQ@Kx4CVqPy(%6~AaXw89EE(27>lxtII?Q>a&VWZqO zc=rpJ_#U>8{G713pNo##ZyOA6pa|C#IwuW0$de*iB&Z-u0X{F_{^eB zmAD|^?out&S5>G(6s9;ru!Aa`n;!b*vfgrXmvKZ?>!M7{#V#6@l*?#b(}D7d&KPV? z9!`Fx$0zd#@8HNqc5KSgG?^7rV08`#DUeGIl3k0>#DfMMBk(SliZ9_&N&W-3yvY_X}!l;Hr?u$7W0>x;4 z_LKbYSGmu`rrGK|Ci(cvgd2hB=n6Kd#*?58=vWfa+hb8>jK*SP6Eqf;CiPfcFs;+! zk0n9A9KP;q(<|i97ycB-wrno{jcJ*^S1`Os%rlIY6RI+T06Ve9_FCUfE>K|Zsw~s= zuy{cv!|oOe;Siq9V#~}T^D4sIrXv1z+X{UT<3>{wE71@tH1lkSgig7&X(_lDoVb6Z zB;!&U-I=jwtL;qjN=2wM%&7KoQkt{GAeQDCQfB!ef&nM?n8$1y*^={9e@p+X=_J=uBO>=hgne;Ng zpG-=bk=UA=zRIrpSH=egx+z4R1#yI61O-vmc&;O({mNVic=v6FcML1Ub9_6i*7OSY zV8FcYHs4Fb2p&$hl#9Zi z(8;BFhosuDai;oJzzMzrLxe&c_M<@7{3r@+myW{3*um*lj!FsMU<)h6@9+`J8^$Fc zVvK=;p^NvRa2AC`=B(}IgLsRC-J6`iIYFYO!|#%m7n8}p)1%wvJ3VKzP8A4n=G^E} z*abIwbmMfRM`7prXf&c~KGXgSu*$nhTaf}RC{qSz!aZ zNzE&AaTfHD7zM^?KFyZ2piRXo>&bF7QIZ*WI=2RG9$#J4e>0G@G$9v>z$ljtP}NIW z<+w=UE*`__!_98JZZ?P=F63NE7vFE*S&{Cs!oyCiOiVy1@26@Ev!|>vAneoF&jqbn z7GJ&@g_ad86i6Ta8}rd;#u(_vFhdDrv?K|6geVDZj4TOnj4%mrj5KrI^je&1rsPJg z1ZZUoErt#V97f zo2U|0KO&@Fi$Mr*>xg{I3C7o$HvZb%o)qf!)2@YAFc>yav&4Ur9ayEiN*m(rpf4Ax z^y8t1a^o3vJ5MU0>NYP2K!}!`1R%uA%mSd%?kNR-scm#{#As*Qza_-*`N2CvvRPnWU^`5B)THu{(Mr85{~)8(X099{fkX<%73 z6OGmt1i&{X+Wg?irGQ}d7S{(#3_+j3UUS{$L9RCC zz{3gtp0+JL|CYZOIyiDEh-^oE1YII~@=z$sgCi&cJP^PCP(cvzWtHeD{zmBX(IgWF+b)x23sDz z8-w`~*%ph&O*1S{QI2U6{+lwrtD7Xmyu7I0LE0m#MK^!9yN4PaC9F{{L_59daoKV0 z0uf<#*VVQ#PC)mW7%z2WI((0CXs(c7lveZ-XY_{pca7Om=$6FE0iJsw*;b*)^`6qL zj&7{fPm3qG-ME`Q_83t*MUyc~p-|P+r+>2jQ02Yfr$2xB_mdpaP)3gezSY6bZBvNn zwOP=f;Nem3>6#v!C^HsC#HF*VGf9L8v_8he9t`tdzJq|4@I~D#5GaOwoG^E*c6v|u zpbHw~L#0;*2rPS?Tb^mh5;T~4GN7cB+veov^!!}T9$SP~s3)XLw5Ldy@+u$f(6ql zN`@0mmIZ?wI-R*No+TkAGlKpePf3r-cnZaso$vH)>=wG^I0ZpB(fS2LoZzHzAw4+S zxd$cVj=DS&eAY!DYEfT25;E&#Yznn}&>x|+AC1u??Da{gjF*YvmyhmhY117G4KvwB zO#WSz+;p|V-2}W-QG7@mr#D7cQO5QaniC(thskU@>5=;mLi6bDBeV#i!kM;P{kdzl z#TyzVnc4kV@KM0q_Q!^jS$#lboi~Sj>il{rc5D*e~DggZ=Y9$YXIap~g!L z$m0bDNc^&lCk|1qiloaA@3 z{6em7(VldT;nyA?kHN+k!CB)*bh{2imqyS46FQ3pVuHtXBYHo1458QxIfjlCU^oWd zy-+&_|BhVDYAqUt@7(hmF`zMXbPOAQ*vc3RhLf_JtmnA*p9;-!86#n6)3Yb|6ldoCGFWAEiuILVAFNqve; zm$Mhx!gUC89SY(FM@ z>^mkr4p*c0EP^|Fry=Mgw-^(disSYc3VGzFLSc_rpe}(?s#6gdt?(57J{t!`Vzi>u zEaWB63H6a_z2uP?W2ZRSV@)PSVm~X@CoJ+LI^GNIOgo{az-fOJlTcsffroKejV0&V8&&#l?PZ9!sQHckSgG50J;0ql(17 z_NXE=&LCCDJeF6b7O9Io#w2y|%WYDH?YbI9_zFWRV`q`DF;Y8tOpIHeJQ5?)d-^=qWp<79@p+WSd-oKXVyjW%jWGW_ z#z*+_JbXGP89xI=QIsFGC>B^#k23!{1WNb8o)F3{K)3zDbrg!E)L z)&T4h8Djx@RK}Wst~^HCfQrOeU!w5@7VRJn)(C@bU(ewEc+2Lf=lmRM6zxdI?rhnHBb;k*_7QOeX$>vyjo1vQ=-24+D4G zm--%AmsGfIMrs!qSg?{J>Vgi*rHkx%PWrG3vX=J{&9+YY4Jap92^ZeU*l=y&qi@!>@N$dHensY+2!M$J@>TsTu5 zj)g)7$H-{MMqqko38`d#x63E|lxx3XHxa7mg@ITThxP!jY5`w4zrdK(V!{Z(gkC?e z^3o-RF;M_Hg8!uNiKeLyJZCfEJ2v-==>sO~9nP8AA$vHX%MtB%gUoDCxTb=9ziftd z;V55Rw^SJ)nt-eV2@2;eRlElWnh;dA!v#}c?Ur&KSG8q990qKmYTp9C`7xx(DLhTF zPsJ4bbaqYyw%bmrL&YiW60!7sGNwErWXgR~EnleVcFZexNO|QxseAY+aV4!w%dc>V z`4v93`EE0%HK0o_sB!28H7-Hio+NKHQza7Cx|L(_cOtvki^Z8L$o{a@9lapdY0xV`)&*P%bP(}!+fu5hahiC*rf zy9M4@2pRKgU7C1kR!eR!$PRh;?E|Lhk?AyYL8LmRC!22BMXV5IUB*c%{f>tb!wy+3 zhG{84i(OYL=cL2B*eDi?awFIgy(13*(We;2h6k8A5`6W=c9WwVIl~1Q)+Mnf-7nM;h1zZ#D%~o>ivf+1KQkJsD^*=*DCvUu=!h!nl6eok zA|xCpV~n?J`eN=ou=mq?(JkFYKRQlJa*32*;q>ISI$k=LVr398;*4&6tmYr;Rpoqr z4*%z?TI&k)*9E|8Mt8dvlK|5ZH^lIj)=CwqA&}Guu3`x6S0&Y5U0k;gNF-RZCt`{a5wEEr1lf z-zQHPzUkecG=M7PAj_T#^J=2iD;y?<5|6atTt|6t$}^l z&?Vesq@RX7G4#{T{FKF^I&(a&+BoK_ZnxEp>n4BG(3r@wtFGo>L8^WA(@!t|{rH}e z57XuchnC3edx$;!d^gjQvCQ-%&8C~p^VOzVPam*#E^Lt!oGEc+@_4hm+is?_Z7Eu% zo_^s?0Lk`_AFiA%>g{$xJN|mQnkc2W_wL0eIcIz3I9^9s!cu1p>bb< z(>y?54%KY_DEbSptv?=bpyHs2uJI3CFyGe7NO;k$q%Rat)^#h+VGF&El)I#ebOhuA zZ@#-=!p`)r1Hp%MOlwq;8Xb{a~w|k@oRhOoXeZb+`&SAc&soK6wRg6D9gi9BOR4*fAk1#H41h z#q?DP(jCl+>3shCAB*V*TSNw-GAtFHvU&aV#~&7CwfIZ_*tQeoz@1|arERI|Jdrs# zg1lh>(wiBEwl1u;G#Ed|D%??U>0tkB$gHN@NgEa{aW-H3nq>{kAjJ5`uIZFrS6%J_7b`xipE~Ft z8>a(!z;D{^H_$vN#pUTzX;EjeP!^M1Fy?UhN2Wkx{Le}MM!?V81Om1%YD>_vq1{gK zMUaBR^HrfhF_+$Nn&k~%jlpWysRk)Aw?e$2l%~-gpTvfM?`xexJgmV){7^Yx2-674 zl%#Jr*sZ7!tvi2V2PbM3x>@d=fvWTp=#>3(dS)fCs2-Qq=B8fm7G%#G?xpQ^hB);hkp614SkF9#ZTxT`dTe%r}EQ^R$jka%hGE?75>uPz2hT7 zOU>4(16$K6Rih4wqSMcu2t{iZCI@?kR1KzIOM(pNzxp;qZArzj0&Gth&Rx2wVCE`$ zDu6z~n&;XCchk0>VW@mcvqc4;s9~E?ad7|8K&w34@-I^yKEUvpdJCy3y>a<5r4}6> zIB{mNV$jwb6i?MIr{63HjsY(4q=n&>yMxJWOAHaOl-g=tFx7alq(4+Xc}9D5gw@iK zgK1r=oyNH!_^zqUv*xG(Nj%`v^augQ`%($a{hI0bx3FLXti~}Z2negi#f4A1ZfPg% zmoeB!Gs^Ft!u1Wxw4=oh{XY<}ig&An85z*@8^rQWAFrcYv7Ct$hnJ$z%VTP_i^mfe zM$?%G#1|$el=Q2h>%R8EWP&6tUu*XV5vjFen|x><0*TRyZME4FvrZ?JNZgMMc6g05 ztpI4_+J1xuFw2Q5aLspsU<{lRApG&W^LtalAGv8}(}lm5D_S4?9fK-;OB%qo`v9d1 zN8>G4JzJoCe*fg)K5pEfqECN! z#~S3IPJef4;JLXe?Wx3bY((cQWwg%OMi3ofmcT<^1N-Xy1<+zLA_66x!RiwB>m6ju z0d%vT!jo+H^|2!W4!Q&pB~W`SW2?GDSgL)tea2!C4uL=F`PMV}Y~A4`sN|`U-e+q! z?&I{Qm#=(pJ%s;2PW%m>HfZNsD}V<_^ZEgqjc9101CzDNf_Te5?iXooC}x_n5PY6& zQ^w>_almkCdY*`sq@)NSHsx76sJ=4X!;n(qMI5my0{a}1^1V6c;qXV?P!GL(wn z|Lc_<*lD|ZIl&e{^uz?Fks0%#>bib-L~H{2XnYU}uRWjRB&f#8&}JfM6azp?G5Juw z3dN9PBOkPOaAdf}d0TI7lH-G;kY_lL`C!FoCkChZhM_WVHpdUm0{$47NDs%~j+L)$wk+ z#S}FsaBi830a5h0hDOyMDRL3}cWD8t@V)~tL>eKG5k8GqKfUqw9L;kowBK^M)`AmT zwb&t+)>_o4qqRCToI3B@^O+45FxC3{PL=q&&LYaSmnqM8UG zP(xHC+RFHqeR0cbq{qN~8Rq+YtiHkT{{;6UZ?-w0Y9b+m9*o*Tdu7avS3({rmCyOZ`ncvZ}VnyUhYKjG+#p&?%DrMWAQU8T(|neMEr5)^?vq z1(DW3yKf9}D!9TU+F!{#sN1JP^MlEeXiN!HlGya=;tH{Srsm-2)Aff#ItAc_?3$h} ze!rPMP#}ZBXxBL1C+bYcOks`L8FdyUm+EA!TRE-q6HP;{Xm$IDy6evR~ zv6|3RE`F7-B-O93C2V35$P zekse`2^rPqyLGwq7dl#Jg3&icFJd-j``jMS);o>U2SQGms%=FDwu97i;HI0|<2eNe z_O)BLWODXFpab>17vdWhpSve3!9Hq@+&?nX{@;_y`9=f0AJ{Wn>Bo3bofdDa#HcJLR{D_UGvgF%@^`*62uAz z^6fi16~J04MLe+$4(>Ru8$^QBH7my8h1gU}*_F zDixr-A;gU;`F%=pwcMI2;r7t-6s}zYTvv$3SZ#l;zI{@Ulj>&3s9+GWFZfTaw(q`e zt5u6mSUH5HYPY}`YMWsG{)k4!!wVlKF~D{m{dEi%7>;?ScrcX9wABGkbzQ9&a3F17 zAoO*;!RK&{Fj2J=qdkaUx~jhZ3Nr;UvOFAJvxhVmwgW))(HZTaY~Ta zm2uiq%Y+}{Lxe|ThNq}lGS2UoUkdq%7@Ax5aCNG#nl;A&NVSpA!(a7Uh{aSfg_9p6 zGGW!;BfMq+PQ7o9SloGyLlU|M!|vH6;Rr%>L1HdEV2Bir+-_>j?*+Fcsa zK^AwCdP~P46?c5ILm=;2jRP23DT>;_;Rw|Ewni}c=>p0mEsL-{biP*48RjD$93db@ z29_K?b^9Lvm9vC=c@Cz%8N-p1eLg z6vm);BrbjU#E++s6}!;T?7%&m*A=>{ijV?cJ;mXhixK6??= zY%UEhfkSsTTPcY(|eep)MzH6 zqnlSM@cx4AMC_Xp7CVB7jw&vvLR=SgnZOayvaK_jH1HP`nV&1xK=t2~$#seaB$EL5 zNo(KS)y^3cc4FLAa`KSNvs&jqlakBiQ_s2$UN7IQN>;~tL-H&(Xh<-pzx-zKviS@K zMC=(*$|m4`DEIXSr$c#iWsYST9Wjt~`~OvKuF@5mo|ZMHB&x77J4KGjNr^$p2t^u@ zF>v=1Eln3im>mNII~LwSzz3H%W|6j)H!%-iEWLm1YJ}9}VVIRjP|Log6W(W?^QDp8 z=I$X^TA&Xne-fJrja!wn+9IUx2l#wr^aaafz?zFxrQTFc2=lxssA7dVL-vGC?8^DYif z`n`a9+P@Pg4|o_;{S8dpSsgdG3{48rfbZ@t+@bxnp2$atQxlv^q_#bVs3T_fE7$jN z`^z9O7c)?QXb?sd8}F`@i`NQP^#wYVO|A6$X&CYbp65W6t2lhhQD>mFEa}qW)o%4n z2Q5SN&BWEnA82OwW2wQ#oM^60y_E=yX0^4}2ri+F6Z6f&KDXB8a;mqN3y9fq@j5jOJjNKpDErS&xP{;_hOl z6}v&=;S~D^pZ1y#uzRI?aFnh8oi-p}bG+Y6-s=A$HY}tL!0IIo`&2I$L-3E=?fRJh z^RUBtZ||B#P_K?3amC?_01o!j#aK`44W*ltVG>k2dz++sl13(3Q|+-15gz87;jt2a zd!CRkdbfJ2H_eK}=K9)q&=BJRtdmt-Ya5n`FKOrC2%!k~^#iZK-=3kx5y+PuXzq_i zX0rpD@Y{&yc5O8hb8z?_dEmZiv#N1%>SR8*k&P-Wk>UkcbkUFGBC)6(#mEtfnF1%R zkT(7!0@xK{#}U*4*NjF_ z1LBH}{L=#v?V3yBE8Sl@tL}CWmI~sGNIYlL?UX_J`XF@_DVQY=n`PJqBa99ir?tZg z2e@J3LL8tkN>EI|KmI?x-CC#%fwYuDb1z^c6&= zCP5$*7Pzdg8m80MFU`rPlo*vAY|kHi3}nzm|6@2k(#mD?}I9ZkO7G?!i{8m34)vF##y8;S=%A5r#VhB z=m;)1gT)n^-WA1aVg^%or2s^ROSK!5BLiID+)7815KxZzmUf)|IRH{3>_Fs6K8cnP z{}s+^V4^MSwqic=T1jDrjo9&UFsw*vu}3(PKMLwYitBV;8PkBO?))r)YG?T5#QCb( zKn*Q%!&0?+5&%l^5H0O-mTP#&R5>`p2(c+1A3-Apc;_2~kk2x82V5GN{oD~EsK z=F|2Jandx_duZ2QB%egKVYUf}+d{^UCXo7?7x|F)o-HCd~@nV$mU`61s` z3PdYG!%@(T(Q_#P@5@R61z%SJs;lr4fJ)`?Ew%*6Oq(Hg2B@!;WpWD>#AFCCJ=PFp zh2X0~hJ#KOsdW*k{_Of;z$zrzfl+2ymj(X(oQ0ud?kFA|kS-$~A_*=$A|VVDF-Av< z4+D_k!qj)ZaMck5(3ORPFiK(wVz@rgL8<}oQzAPkvWmEiQ%V*tOhOzkNJ=6uOtMQ* zB(ABh9W~*6b-ol_8Sl<#ub$2J&QvvDQl|}`A!>BQ)JRFj14@X-gGtH81L_KgIWp#3 ziW>uv;KbCYxG(?-4mye~#YqP+!BGb;#aRb1!J(e=tPE4!c|ZxyJeba>6MSIGT#0^Q zKA}(<#R-K_JpBGzlj@rfmFS!gl#;m*l@K^B{GRogVypw0;H?9fVy^?3;LtJm`e#ML z{IrTgzQO=3#a`H~;qIaNk9Np7Vw33wAmM8tf>p^DvdFUeb=zc9*6>ij*iVt6N3m{> z!AEW?=Z&T1^r4$`}*Y-LByb?<-ra@pFy;a|+6+S@C2cOPn6%Kpy5$@oz$4e{u z2+{(gfQNC=g)AUtu;=rD6O1gv67U_oHJBKk_TAv8eT*B!S(n$?M8&0Yv&YlLrF=W|{7}9cThAEN34;siF4@u%M$TEgxHNU*i zqH0*KXm@d+B@dZI;u#xc2HneqG_0(v>dP=A2AnePNp6gr>dzfcQZs}O5wS4mbh#HV zMPMI0*b_MtF2|d0KjG*HPH1%>aJVI}Yvsrv8cDW;hrrlV>b;p5|JVsdSr>zHI5^S` z(7zHjF^B~1Pq_?-`_A5}VKChPg?B<-Y#Rn=s`*-#!LioleiUZFkcc_*l4M-w2S=uv zZ@5*yyiXw1eJW+-v6A@ zHq$(BVFTjb*WDd*1uT!_^H${&GLEQ01hVs7vTLNhu5clha;p8?wplKYpI({hgyT77 zz28ib+_%N?20n@V)*s`3bh@#^3ca0B&u>AVy&xwGa;iTo^_|a-Lr-OCI^pm+r`JUc zF*6tB6CI+kqYNi_g$fonK69idXrPfwG3jpl;e;D4X;9Fz8q;AVX5iofM7Yza-krA} zrikPph0C|_3oxaNr;oU{RnnlK1-4am1~}sE9~){j|2-IaKV9JEnrwkix67u)NOFXDyFucw?1qA= z>-BgvmGc!1;(k*QbBMo$(M;&vq4tAT`@wyclbNO8M_7iOGwBCAZ47c}>$1aE2W!tL^26A7H%Pz?!Kj$8dfhobUYtw@9-`+rc|ud5)-l=Id7Otz(-?cDuR4Kp=IwM@D>vx8$Sq z%Ha^#eOO{`dz_MI5eC%&5H;h&s7Ogp&*Il~n}B+&HurS0InWI8I}H4l?g9)p{3Rw9 zhc~8zL&hXe>t;PbVvg6i(?j62r9>?Tgx?^(Jx+<}mqu_oR)P}e(lONJg!41JZJI?A zk!NRrtvW7CjS5qs!?7fl{wc~Lj(@>0sPJ855NBTw@v>XJ>@?v5tjSpwaQO+(@vJFE zx0+LAsOPEiKygmGTyLMF^Zbl2Zl?yxy_k_@X-fSH8^^z@F3WR*i5#t zTd7Hsod1Ryk_N>!c)dgji|z|1?m%@C)o{`KC7PBDcvn9-{1~WYv+eY$!f8LBl6bwM z1bO`fXNdD-2_CY;0=>lLw~pI6G#;=L8@~cy7^1u1*VO_~`Gu8|?CifjexQr3J|6B+ zCyi72*X_AefCrf%U!$eZG~@lc-WMk zhdu#5gcYB&*8mh7F^UY2 z~d!NsfN)g+DvO{G7HIDo5J6XYGu>G$N| z$kmF6QC;OjbQC8>m(4k>_i_ABdYw;eZd_hc>Nie8Y2bLJR>G>*d+|+f8o(mqA@i!} z8*tK@<7yNiEy8X`ye`b_>^U7QYl#NPQTw!FDVMW9B!Kzu@ z2lBAN!?k??^G2-dUZ6qI9UM8rBZwUk`c!wfKx8?}5!294)nyFK!T46U`b5 z=Tpvt*W)$F1s?X(U)3P2CYr^8LpT%O`Doys>z&c$A>`+6=nJE;ubfY;i=?MX&+Ks8 z(E~OpC$Axem8Gt`jZwVNxG%Mg%lt{;bTmF~l7ay5uyB2QsW@My!6p3#{&TJJ~gqKG@wwwLvR4-imu zwP$^?1l}WAfNnicyQFbT+P$tQ+Pi_B|BlvB6$lX$r2$2O_rg$Bb&K!SRox8bO9+zM~m7nae39lcDV<{>qhf95F-25yU~m|2Trwuc0)8`d1qSIf^>gnBdbwm?KQp zs1in&T@Y(j@a2p>J?(T)b1iPu(y0u1L5H*yhYS|e1QM`GBiW`^4{Fia1w&BIu^PN# zYop7tLG9z1&yew;*ztDyFrniydOIBdjSPneI$PpOZ)Y}mAPzNsQ!EETE=i;z$)B^E zK2($YdWBPw3|{dB;pvnj0yBtWMdC9aUQM$w;LiO3mZEyV$ipyA`N#=8i?jwF7N4Q7 zxw*M~)z^d_ZSr9DK}IOQ&Vp~Z$Uk(BCI7h)D;HFB4=VfU^6_w$MGgV?3RN;k8@^`#vv;l{J0F9p;iEhpw*CxL~!udCp{mYBL@d(Q?)c-Apg8M z=Ab?_ceou{+8`!cz95~}sFzu7A+hpe{WwKV&@6DL2}vaKv0m}Pc8(x9SUIa1hAdEY z(Ds>Mz0-kh^P%}lw=pul1#SSJeipFP#zwY;S!h@k$irk z>Sc83N#WfftcstiE=J>)*Lj`ThvoaQQ_S&dPe4Kv6)xM|zJdzOsRdn1(;qd>QBJT!52qx8T_S=>A z!t{9;5~#{Ek>`;zt=4Vx>Tj=J{dSe-HICw`ma}?^M_zP``FIb0@JAG1uRjH^Xb%&r;8@t9@o z>Os^~prqXZw@k(z9tlQH}WypsNKi&_wcjOLHGx6Vzi}uyYx)leD(<63>MReyDvp!9;KlB zJd%gUzkYf9>h;T4c`Iv|0|#Gm(zn8P@sXZaaiBzzF|z=?v6f27ON z{fq~|{qhKadl?U5tvVUq32sV(uiD z?}Rd{Xk}B1`0@>ZSMX6}hTb`i`nc-*j0ir)u!9@*h!5Z-Ka~#N!4bss@=d;Rq&pZQ z7D={lf2|)LZ*~YQe890~j!;y4N{s1Qmg=EFEMs)QTcD-!>GnNdg6n>T9d6vonEJFj zNZfZlhfBL|@rrux%A4bC^X6d(Ezj`Ra*Uy?k;{>82YvWMc-$_L=8B?|exc;Go#P`j z7#5K4`(;6PO(T6djf1Li!a4cSH2jEx+i(Yn9vN9KSP(oG5bCg0CUk{GZa+F%1pF>` zS^{OcBqgttd%f%cyG$kZV+SkJ8Kr(+@HIMhN{xt3+;?T0mtH=?u?wE5^Z<0V4)X9S zam!JkcAwKnoT^+=@{m*|M~tN^uPFI_sX?=$eXHT%==_DF6~mTm}`2mAVq>C z$WZcXd9%~Krxeu5dy@>J=^nxfw;jtBT2UpB9peX3Hwu0Hd)Dc+;2Nm zmi0`)yZ$=N4T+%Mejc%JOVtj2T3R5;G4UUh>d%SShUUOch=uoOX4^+R=-eLTWO!T8 zY9yOGMpkjWK7s9s`^}%spQgbR5d+w|!O1Tay$4NM(6YfT#^f=X1W&LGa4I+>n;OwO z+*2ThbU68lLq~+T76`_mY6*?ORe?M<>(+pL?y-fN>hPazEG%9(oV~D!#p~Syx7f{% z_1|tTFGk>hlsr>~*e5gc>0CAI2_B+ZJj>65))hX|f$UF!bue4w*#fUuv&9Z?c8_D; z!=_PyA0WGFjCBDt=RDX}_q)XzMJ_65 zFwl`ss!QT7V%yE)^ukJV%>pTm*X!@-d?e!dTl z5e5(He84bc!#{2?CNrKK^#iErUn7& zJ#zQ6>5}uFLK}d^+As|9|5NuSaB^JLy>L}^_snQCT5QXXhw@|%wk!R zErBe_l5DdChMu09nYMa!SNBNckOTq&5(td=XkiKRdQ>QqJoP^)_5K6lbtVEdzd zZ=rOd0~_@$8l;t}ksm$sQ4B5a2XjU*nL#W+sa{fVY1kUD$$9L^Nt`%YZ)0m&hJI(- z-9@ghmHT&`lt1p~79IosEgh**_ppkE$H1}YooJ$I$U{4DM!Z294wH-8bF+TVUBV8l zD>G{k&aCd6>6}}}Q=`7X;j)8`#zCAVTXT=V`Su5^+H}-oh+lejFTBve$v9bD3?rYwIjLgRQdsS!6X>_jcdMPl?O1ar9UME{M0F*YWqM-E@QCdi zP&nuv*EZ;()aqKpfE2Zm%m|Xim>D{f%0MNO(CNr_N5xb-M2GP( zO`U7f|yA^LUp{l*6y3jgUG<>6jZ~*Tm^2gFm7CNT81KnoTgbWwuTuPTu!&Jh^-tpE>p_N z%u1rdqE()xRT`CJh0X04*^4#8Mxn3rRN)iV)jDSOam1NYV`S6w5UtQPhy*e)%)6^- z7eeuVOF%1&g)fL5k(QoSVvl`J98K$VTNf>Ehp%Z?3)nyEz`j%1@`bLe zQ;i*Qot_|Oz{e1o*JeouQ$E?8EQl&;gxkwYp4jwLGrBajQ1ez#E?ChKZtyiW6$Exzls1%?8a#Pj1-+!C+OR+SSKGtb9l+NlA*Tmv#~rU+tQ@ zeZXtC;%bc`F1Ks7HP)qsO3AnwOt5p~%%a@Tok%DuZdJRck1;fYECq9O=k6E-9Y)2C zT7))n|UjT62CZHgYtI>?e>QW|L^KeQFtYd0~G#5nIU<{m}#b&iDZ z?GbWQ_q=zXQ zUFp1I_Lv%)8OSC{N41JaCL~Ua9f69>DwAp`K`XLtGXfVhLIF zR(l|(2fy&0ZFi2ltFA#~V8A*Q9X6E2M!M`#77iQn&TPw!9JRd+W8Qr;H%NF z0*q3SJQ#SpVPsJcuxPXY0gqGFwTKw0VvXFLyQ4(>jE%GubFz?J@0vcixG4JJMfhG6 zbr4P+4Eqz{D5XuB!%bjN0Z|iIA=)r^w%a`;Yj^Fu`!?@X(Jp1Y>p=)n3)CKHMb&ht+(5q2aH>+&Ednyv7-ENfq zV}I!u&MvFA zE{6NCb9>bA40GER-rOiSk-&}-%wG5d;8Nid3xa6kl6 zs!=yLBZ%HgyWd#6r{Crt6roGWvIPbaf;=$eIEFf!?uSVg(|(LjQHw%AAkfHq&=^fM zQEmjKVw#DP@v}J=(Yg!FDvLmY~N@Fw?4N)qlq9_?(MXuU>2j5a^`1HcH6zy@V zu4Cp*kNd0LmcdATlwrZCtHOTOyMWy#*1D+< z7Mr5DBXc@30iz0bIA;oGD;5)|c}Kd6W?&)6rlL+TMr5=iK1`}u8IRGC0%8Z5q}Y%z zebQINhWxLLwD=va1S(8yo=a=67FR@vFoTKVA<@O+VHHE^#ybeZ&HZ#|gH2=yX2KrB z{;B@5gm99qZvH0|lfB@O8mGqSQS7ukCp%}`*dnUm(43ut$+-SR*^_ACiZzDX{pJY! zZLf!8&D^e32SPw{#st<$_Ll0gm09V^?RD2qi&-$74P&)E91p2KCq^JQ+pF$bx7iT{ zf{f3s48&|M&8a?^54lFteuT>-kB1P2)NKb2;*03=oL<%@;?C;fo~bUmVnUY}1Zs7f ztzL*G6{>?IjW^5$9h{xJm%5lhhM8I@!v3-A(vUEJ>p3Xihz_gIpGAaAnsKU;p zaeAnMEwk^{p01oG@EPpJtXXn7q$pMd_YzhFrw1Q?QuR)D z#NH!jcpbQbQ*y3|iHE^*j>QIATaZ$ZKcSFg;BjzeOu9P6R>kf~&5UcqyJ~ae1GDzx z$}mm0su(gFdJ^*_Ihd>~NHv0Cl9C*-@poW4&fPkqIg_)7oyVid6~|Ge^t|aH+G3#Z z0Ng|%xm-ezpRQZ$cfI*Zt=!z85^rb`(lAlh|-=&Crnzp_wp?aU?aT-^hkmxNaTO;`Gd5snMu7Wm60r|A3OJBm8P)EQ&*i}%}X;_R(&tB&d ziF(b#Ap$Vq=R6p0w4_HzRuW>-qKIJ}d9aU7Dz#XUr%xM1K8S#ET7yM)5$@yws{wn< zeasWa8b;3ZID}?EyD6J!s&k&%M?2P9YU^nM+2FZnT6GN8Xtts;pvWGEoDdRg%%rzV zg1Vg3Kn#=+ERQpqA`xI2J8q#3%*s8m&p>;C*MnwM5-Z@ig@;kZPWBLm6Gg}Yvrfce zzR-%pQ4LDOEvPOO}frw5NnWw%>L_0dA)QV&Hc-CrYZXc-}vNy8|bqM7QM z&BFOG@`2qrFuz(;F}`W3p%g=Nu6t*@{ocx&e#R*by*z+iT)u$brXGCP?e)8@(8~M1Rn~OeDp_F86yb!9MiFqBwp7cN=N57f43tUExCp<+MpfXW5bX*M4 zZ}=aPGoy5c!;#Qk!&<1ubELbP)rb#lQYL*A)%r1##Hfjd%9LC67D^Kg3#yqMKq5+eYd`FS-p39E!R6X67jo83@vDjfW@(zF@Jw ziuSc3Zvsb8y^_9>*MRw}6*r8{B4A2&D!kUA+|m-O2-w7HVXnl-(nJ$Zo?1oayuv=OHFjr35ZGl z46R5^STTxsf<@$zDT>s$DOPAirkID$+$XDjQ$!XIQ=EH)<;;5awq4ij87&h{;owvZ! zOF==KG&a!-mq`SYYYmHuZH^65R;z|Fi*O#KSxRUQsOfBl5DT;+mgT-;kLd}w$c!G?hfIHHib?v3CrZ@j#zY7F9kGi zm&t=YDF_E5Y z5)3gg+dx)1QR7O_5Y9N@AhH>>8Bfh>M+})7Y8YsS>9iO7jdl?nJ?Wc*zUnn$#B^o) z?zZNbpqf!6M;6R@^kXUhR3=^bl$@eTy`?CaajUR2b?QrH!WRm-ikn6g8Q%FfoOKX| zOD_zHb(O_h)wDtq+gxc56e%3k9o(x+7t8G~yRx64i6QoNktU}fyM%fX;zC>8EZ?P- za+NWgx!O&5ky>v>1V>Q!V0#$dVN2|$!qm*TL^y^>hOWqG(k!V?y>?E!>l4hBInh3Z z3K-hgGg&5rj*r1EP{c45q+?hM1+$C}V`nU5ONw9(C1T_p4QE5w zsIW98ew>?j3ffQ#CE)JXmGfJ%j+NS#ogs!8tEDQNmwqq??iIR54e!#m$ly zQ4*d>raAD6`C|r?@gSIh*6p{Tom8 z0d@OBC{+T!NDoZmn(?Wy3gx2i}K$3)+PNf%GGF!n&NCOtwJ4P6ejzS5C6H)GfI zP#iM7+rHR7>zm8~W9cY}_Zd}!D!1-t7hFyPE?{JODE(H-S)}RW00mt@ZSsJPhlbNB z2UB3p%00#*`i5Q|t|DAEXVUBGdtyJ+Q+3@Pm{ZF`>nB>$QM*Ow%QLSJRD z5?wYC{OP{fokpIhrze}l^<7G}p}&R6&fV?EiH-NRnvoO7#dHU5%E>JwV>=5&u>Qg{ zvV11J6ozzT$CwWhJ>t))5YdxOvRFsnr0t4c- zW<3I3mmAF-uX?>BC$;l0k@eHkYv?7rbGHW>8*Xf(kQmN1nKQI=w+NgIA`-6v2~Ql| z6P!RAIn+~kmH~uGqrow8%}#6v6+NAD4{;O*?Q@6-uR<@{Jc^yDj61BQ-5Uj);jJ}rrigpwL1AJ?Ri5gvgOWARm@T!>=qiL$NRU2$UU)< zo*BPO;ijOGPL*N8VeHi`KT^|xBp8O3^dV1af@*?g zkfXd}&Yf=VM1k|OCUo+fEm8kag5&332&hTZpD{+QrTs@uN$#5$?id5zaW& zXDex+wP+fF7-nXd!$n}Fv^`(qR0C|e=ObVPyLm==jaWbIIm4_HlQ)7-SMV_HRKg2u zm_2pW-_mqC*8ro?(oqFtSO`H*%c{(fN>&+B>>1>|&!UcY0%SaO%Izw$iJ}7VlJ~GHI`cg$3CTL-%6Hh|W%a>RZnFV9# z?xa-m+GI&MI_kHqED0;GjTXZ(H&@-Z+Tpk%WO@4mP(6P?fTZQ|V>sz1 zIaD-+%&A7t?lMt44T>lVCpawHs6XTm&h<)ZoWcrBQCdL~VCw`9bm`x;TOp4e2m5@m#;70oc$5JcHeCdpwjzn>3Ch(_jGO z^%Oqa1rkE^+p*5W!#v=Fy~9;6wx%Q{=P+69++nwa1%WuIDmJ$y10fLA81ra-5yvNM zNS#?l1kwWPU<;dn3~dvh!u%nzR7ponF$2mUE7vKaCdrR!h>_lI$ou_3=xCY25YF&KkSHg<(3zqv zH`)u+*!vH;G`n20qk z!DGkPLq_c&0@r70(U43ml{(&TEoW%oLu;>dZ|fYkbZk)#nZ+u?gItCs=1mHpmXX8| z7Tvu8yrxx%fhKFI*_#%&-q7)t0!KT41higVEkJd=CG3M6Ep$DMsd!rcaN8h z^?GY@9Ieh;6h*(3Wp~wZ1SrKkuut371fUwW9l&b1ngja`b25HzPuzd94uns}8b2jn zYW@v65Av*^9VSfVxtas}VxAz^)x_bovLlv&j;o2Mq2+4gDB7+jj;7~o;y9YFCXS@# zYJ3!912u9r0bi-6ijh3up2K|9bp#>x3^N=oHbwYPCC|=S*fwR0mD`P+<(?bZh$gq$psn%0rTwjz-Wl zQn^JYilNoq4iWUchR=7l9fuv1 ztmZ+ThlKiWJ=b~z$Xsu2(&K^jT3rnRr|mkl`#MI+=czneSTh?rLhn&%4dq9{vvWYW zj-Xi#tKBuN;X2|7nyw>`q~ki`7+S6)j-uf@d;}xc;p6BP!GNP2*Ac*JyN&=u*L4)( zJKK(L(QM}_xLn&+fZ0}yGI5Jhj>VQOrMK~rdTK7kn|OrGP))SCp__IFImjC;(m8%Q z3Y)9(C~&scg|CQ$Yj}z%xK5Fe!siuur4=Jf5DDm&T%VUzi;z`*$gvsKjO>nDk14+y zWb1N!`24^@2$*STid>e7)jI~clfiqal2aLFlsSU$njVyt^pe!c*;5&$>YdO^@_Gs} z&@9!WIL2Ue3vUcstJ02PwDrqIDcF@10ZCcwRR%2Au62B4o3ySd1X>)?@&E z?3Cm+J3j+?(wK~-A5hFtd?YusL?5D>O0wQL!L9vZaJiA;5H!~tDVn>cvvN@oG%0K# ztEESge0Iht4h`s~>M*8l10FL7dZJ9J0+uCq3^GgGVoNKv4^m!rE~)D0O9PVHRLdkjuA!K%GPOwzNtBh zL^KMhWWZ-BtJuc?O{`1N&aj683opQXDsk=&chJKzlxeyU`#VU8U}0X(TgCd~`@7tD ziG%t5tU0|hll;~M6qDoNhrxAhCPqG|%`lvTUU7-0p;=s_D0#&t!j`Eqi)7L=Fj9k@ z5t{Lt$~Weadt=(E_Lj_z8T}06Qi*5V$MnWjhrxA>Ek-`m*dp{z^He0FtrwrA{5%bL zH>RDT_5lY~fcFgI5haFE{QPE%U?M=!&es6rjBd`F3>ZkFK5J$Is>lc+)A(3f82> zp+wP)HpwIuQks@h<;ckKJ_4pX`5b}E&fN%Lw$=%#pOg0jT0?GvW%NEG8uB4CR1x9TLrSmy)WP#et%nRn#dL4LK?X_cJ{UdCQ@sMr*SvzvSG>W9EY+zqEGppiwXQoTYm|JB z%EMk;PEVWp69vv!eH1!d{X2ILQqSvS55nsV2Myxn_R0ql^7`b%V)XpRW}3?jQZVzk zLbGW!2O183E@ZV1?~P@xA>9o7ig^iRo^=Q#M`F7OWUn9O*3oIwo#3>5FRuAXvlC zg$yl%LJqHhIM(v&i|#>r7+jJD0h6AYB!JybdiAAxiYWl%&br%JOw=kqqQP6|ZZ~P) z1@cLpOp^f?WM8#+*6lXyt!l5GY?w$88=|Cs^A9RdQbUl2SF5%%;E=*S+`=SHp3~Ly z>EG+#!A57L3i58ZUP~l#3Wp-$s*5AyVGJ&VNuH3Y!C?rN&0YwX!CMGK#`r5mgMld# zrcrOD!71+|1<{f=)9&I7rZ6Xcu7>WSfZ5uMLT2bM3YH;kpgjqnA_ffwTYzcE5rfPY zBnFxxNeoU$6dyrHmdqRuYdv3Zw+FABLN)=Iy48hFZ^rK2JxDrRt%J}RnjHj9RWAC% zA#93B@$!}FX5*mQ;>2MyggM;yJv=MM6dnVZO!fk(Y|a8O9i~!MyK^_qMAU^Kn8Npo zdPACEhHL>$rfdOJwrl}dhHL?hj%)xOVsc_iUe^o;hqh718zwg3TG2KNDs4(mr!dlzoQ^P9dIt~UhA)86rf%bcEnh?kPe9MtHi~!uE^Fz1RTgSX$)l*pk#k z1~+$L#_PFUs30i;p2AOrRHofT;4-xtFqWM=7+LDoTYcZGGeix9P#7t4sLvWU6bH?a zCJvY_kjV4gETQ$}0`XXChLANxiGyZy7>CUeI}WImHwq&qZ)6^(5)zA*5>e6QPkbM? zS5t%LGR=&bc?fW#-AWHUMw8M4%nZWIM2|3VPUAwPCsV%62)m?(bM)L=4iy1%vgMvk zb2*Y!AHjMO!zQCyz6<+Vw^vhwuu5BAuiZ({))1=N?d5|Z(9P}JQv;ETTskE-!m>mX zm};~%AqK8esHQZ(k9kL$o!%PNn3+z8EABEOr1i{Y!U!sd-6akji_<1EI2IO^NsS{^ z839mf8dToNZf1B!0wS7vHqWX7!{`X2`I(GG)6~eDTEngS93D>(z)3Ev`No8%8%t<6 zr(3YVnpg+0=2v(+u$}B6VxVaimdI42w5YwAFtru8b}lD$DN_};rzHbT-3Qdjz50?4 zQM3}5712zA&ZC~yA;?Cv4%|YcUDL{D6edx3>kt*XR8^-qIU>tP)nxcHQ*55Qi4bWf z3`-va3VA>xHjxR0g;U8RlgeFo+StsXn-;8;2G#dmz$B(4CdTyCB3Ts|cgPY8)6(eWJ{n{L^FVb41oF6;nj!v%Jfn{pULm0Tv)9*8mT z${zm1-T}~lFts8{8HkGbV}$-X=OiFC!j_ksg3Dn`f$5D(ruL`LLMvoGk1GY2!<7Qd z;!43}=qh4ed5lFsb9jqDX0aCm%ivH|NjkcV!shT81z+N7E3NA-~3M@-^3MPZAa6B)MuMjeavk)+gw-73WJAW)BkF{XP zBr`YtfrUI`!T3Wau^`T$M=k)&(OLkPrL+JjLuWz!K992iFo&}ME{n4OD1$Rq-{vu< z;BxpKt%siK+AkLl1Qy5FmBN#&Fs6PbEQhx}Qp?(=x&f`o)pECu;bO1j{ zEi*o``R=Ees{D|M21qYGw4zwaihc&s>pbxTz}$TC1Kru#5=6sOMPx@&1;X=~i^Asc z7X{5?F$$MqJ3(|ikHr8mhrgY>Baj(J6hLJO5ddXK5KAz_nj*Ba3`zy^^Yo$Ma@7$6 zW@tkJWhq0!Wa=UW%1}iJl%=fL_xE}jlyM!9Pjkz@fnBC;WQ4M#cLcg ziCgSQU&)8URzDaygQrU#S9ltO%_;dj>4$kZ2I!n9Ck2M04y;IM$k#p<;IWigPz*}ZVV{sL}dX*10q>)B1J(l6Dn~SF0L{`DT~OVDh@MF$rs38Uxfb~ZZ1t@ z`qUln&dTmy5g)jk=DvigW}#nipiRs2 zH4yus#sI3oNcy(iZZGovfI|2>q4vP&r+^+F0iBM1N_3n!k{M$!?y$8$+T-wBc6#QSM0yW+$FRK6t<|f8UPB=yrlUR%rgHD;&voJOL>MS+t_F-myS>mjsU;{H+Z z>FSUGxpaie2Gr$ys6p=(WwPpdZRGq=^D^q(64S0>MnF&c#bibJ4SZ%ei+duGzyrtI zOtS-Wq=3y$4+3TkrA`MufFa_+mtBdSgPpr00IGkWMq1W`*Yl2G8pm36{{(F$KX0_sJJZ8t zCU^0UwIdfg4XhGQ*xI7jUg%b*u{#8ZGgjTBZiD;yFVz#y`IDg40PaX@m3_VlCvv^J zglo9V)!LeHA1M&QxYMrbqg4-Of_<(O*c0t6N+(;5HPqqt#VjCCEG0VDO4(jRa(y?f zve|F)==X#}-G^a@b0eyQBNw2pEK&hLHl4exz1m9R8Qwle{`YJuqI-A>uAs>!$0>@I zKy9z*)o{joYJLbXzbBHas7MCqfeL!uR^%v}3XOC_6>#G0b^>P#kqdCVjTR5)Polf; zVMQ*iFAK$QpdIRC9%1uf3(b`(+j-ud?Jm($m5_(0k!P9oBT9xW$66~`J&iJ-i4$ns z6RFRo>9N%oji`p(qa(}G&H%;PG>QW5wEJKmeE`9uHlT){6x|c;ek(OU1P6zjiw7I^ zs^?~dq3Gs-ExWBW2_hMDm)pWd9+>^bu9N5;q?EoaoIC63r8W;QTX_*|$fL(;1h9w# zD9nASb{Ao2NOi@qWO~_ZxGUA$9eFTKM${=yvCo8@t(}ssay2ang;4*yUPe9F?Nk?2 z(}ML3w1KAFNOwyH?^a){G05nD|Aem}jA?0X!Ufktwd zLp|sfXh7oRJR{(&S~tP~$e!%?I(3=c)Lq?nzjN%c9$x5Y{p5_WnW~xQ?qdU@-7-VE ztI=Ly^P}5D!}TH2me5osjPPXlOb=rfI>xA=-Sn~>F&!9ypsfdetR;XkaW~(>(D%_R zJpcq3dK9%vk4e!Huo`I_SUy2DD2kN*;7z_ZO$)1_ehPsQj<)5K_sh+xYHvj!i4jqK zXu**|kufZmnq?B}cuurWcCZ!I5;~A+n(-C7!%#%aEUIXbgx?t!{h=ygV4tyVW2A<#T-m%8YZ5l;1jeHXL zne&*Pl2V+K;Ey9PoCY6J7RFqB<~4vtzG+cyG!CuQ8;Z1d6y8`j)4`E0=xMi!mAd-; zpW<+@hMWSfk(xab^$Ex&U6OiDQ9%=+`V0VAhX-F#Y=~)ae6Qz#9OvZT|$Gbg2V09<|lsA4q5V3%*8m5C&zyG@^XX4k4w+LL=EB zCKKe-X09=8slf(^@m!ohrvbWxhAq4s)>4x;0#r-&3mRy|L8vDuKpGJe++)0hAy5tK z$3pwmcNRcG4~MPTYD4rF+MRk$9~}%5%gjiaC#ocwVHS@7=oXXY5e^-jNWs)D%L3ns zO#!S;UvHcvVtjD~?R3n&jA&fwN)F>O(iGt1f@qYasDYY`6U8=VH7FOxJX3!fqII-J z?jlwoCSK@f4)!5l=3L;&;Gj;?>329=(C?PoF$;`ErzDkU`a?VwaEf?cd#G1 zjCZpf8l3BQi;0=4d? zMf$%Xo}N*rp=w(jMp#d^&%52AESU^ZCt-4N!C}{{jUab+PDToGru3;98zBJcpBo*S zKhf4?eGqX}X;W>A!B!enS^_i}(dozq5L!)5hjcP)g#aMEnpt*Rch;pk)3}N2UO}7K zTpUM#TEsA3wn8GD^0*J-j#R|%Y#Xi(Q*AV)3~=x6_xk9SVKQC~Cwrr=(m+-bKPIjn z${9w=7IcN(%7&0Hjirv9wn!KR)CDKu9H=y;Rg7%1Eu@r|FNDGfRFse6F+jKYEO#xn zs)*#H+gfU4ZC6MY!h{YtO%81W*=k1Nh`URT^oDS>3rY&6W^u{D&K5GFtGfo}mAq?m zkb!Mb!KlKgOfXI5x^NNkh!XD|Ka_3}H94Rc9kAP#HDb4OcM3+-CnZ-RjEB+JiHz`(|pe zEiSF;bIcrT>>|1t1nrz#22!KGFpa65Vov3;)~NqK?6zATOe z(@pixE{1$DZ3D3!(?l_S39Ac^NKxbSE(V#UPW(nC7N=lREN9SVX=Xr)qU^-_`bjB7 zv@Q^0MN|hN)?3O#IDyCu{FdQxQ?obNWwB}yQZ-xG8RJBYxUk5rqt#!noeZ| zWH2%?15*K_jKuS<1u5vTR_u@DCHR%@8ni3!x`N#R$XPHSRqS-QG78}hbMERa>)AVSMlCjGlNO9>FOLJ!Y|1H0 zE%&@!e##b~)x;F4Y5uYB?@|82zuRywvemM-Z?mko;Wu&a$M^4o*57Wnte?jFp8*ZNf5Mo&^Z9N5 z^Ip(W7qmrh#N-MC(fYtttA{V48#fZv4uEO>g}<@gOA`TM(g|8D5( zE4cm<`gt*6{~6blAomKc_uyild>uUR!}kYp2|AFA{~iWC2XZ~lm+gbV{bT5B%9rWW zxIYdsJzr+x^50YN`{h0lw?PN*8~A!gYE{~pCv&$P9d;rs97`W~)Zudu8OxITpIySScqrDeSY*Q1b+I3LIJ_x<0u?XavL z#q~*C{J!xj33CW{zUR9&Jo7!DKkVP99%os%<08F2?xgu%-2V#K)~hY+7_JxN`VcPS zeapX3Un74L?;M_g5tpKK!?mzyT*MPR0_JP@O<4Z>e*pUkels2UM*byFm>ejaewL)EbBG6|94zAo|yvEBmB!i=lyus!}Tp( z(KH@GT9k!p(N-z*XYtJY*bSlnZo~6?a6O3Y%eXGN(Xzg?SL$Es`yRX_uhb>=Ons7% zm*73=eE@gGD|sis{66^aAACB*+3`dv!}D-gd9UEf_t&mXrtucQEBU{PXX;MrZETm6 z`QT2;@1NoKi||ZZ#5<1P)Z0h!Zjj$M;#+mMWxWg6*Ksio>X1Bb$8X-59`F1|U8=l& z(vw1ccJO@ZlP&ANZn7+uzLLk32kP}*p!WjMVjeKvhw;q&&rKu0@Qu$$k=`0EKJ(wN z%}9P|v$S2l`xShz`SSb&p05U-zXlC{k<6^5tNnLeW)Ao%rf!_o=Nw&@qWdBK8ok9xM(vh zTck%A>V))8?zgPVaJ~Bg${287jc3091nztB?t8eijv&ro;u~pFZ`2?4O+7QO*Q<=Nyhh6zbrUUP zN%=+(o%FuGs*|^fN3)w>VmQ{4eEgO?*m=y>5}Ga@ce09%6~`tPl)e8tzAb zi0eDJZvSnxb#Q$e*M{G*tW&t&i0hAVZT&FHKCU<7`V(B+e-}E$^=4e(I}H8ee)&f% z>wa8s!u2IwSN)!4E#Ue^T>l%_Q-2@re_X$V>$|v~@=^F|T=zg_|4$^?{K~D z6OaYhcOc8Pkn1R(-+}v|pto>S{_+vedRr9hyDU|iTkGa zqF(^L{}q1UfcqNm^ezAW5!}JUH*tLw*Q>$vzd)|v$Mp(ayYTxXxaiBT2k(c#H~r|> zKM1~Y{Q~Ho$3^>k9cUeXZD=R|`I=Ke?AP|;?6R|^7Amhz4Y~#^)Xzxz9DR1{ss7X2CniiNQumadcEr4h>g*oaY*cTw zEz%p*9rH1oA1sH2OUoDL^`Newhj+9I+6?VL>7KSk|4tjf3id@CV}2-`I|lorjr}q% z+FUfBXp1V3Xgjna=GE=*fRFrT!2gzIE&m$&$G>h_jo(DM!@I$9b2swr?%zN@1NO`B z2Q2Wv1lUJ#ZQ?upp1}L}{|bBt=)4oZcfSwqa{L~{@7r+g1>H~L-OE7hUHCnRH0SaA z7l8K$+>ZeE39y$x1Kh`O-}XVvngRWnK-Omf<{$9=`+)1=`6oVrat?m3#r@xL{SIjU zJM9YZ-V1)d1N=>ReiYZAA{`I!-iG^&K;tRk?I7&#-`@ql0$lnJmM!MhZz3(0HI`@g z?O0}6Khk%<=AiT~^xyQ=tUK9;V_9UK!8XAALG$n5X<0jQZ{T7Z_`My=>fqY;AbcHk zegNN9Uyy0Cjm&oJpRCEc>+jAgh+i!;rKHIW>9vAEM&m-^MlgRIT zEbHdemi4c=v!45_*UEb09@y+)-9|oHPqAM^pTfSI>Px)}@M$<-#5ekjM=i*3P|8bq zzCVNCs_sj|XFFfvQh$7A+l;t^hEI=rX1Sv8W z-)Db=eFftD8|WxF{yuOBwvX$5xcH5_VB3e^zJYiA&F4dhWjuj>V$voJzJD0+AGlN2 z;h(|t*N@45DbtS9k>1O3 z{Q<83!o~0E-+A!yL0sxL`!y`!U~56kzoeFgtDeD6T6 z@8V(}(9Q^R$uLCaQ73@3n9rZ+BSsq#DqPERClRk|$uku6X zW6^lRV16>M$wxF_S=Rp=eA15T_f#8?zke0K2~U1iA86tfY!4UTe;9Y=ci5*?eFxIu zclJX`=Mwl((vJ2!=JAejq(>O~Tf*=?f79=(Z}h|b#&?wA20W{_g7OWOGqRk%6tIjt zCAD{G2Oq_E^2UF}Rl22pFebvZ**2sNFfEpI<}2T`t;;qq>+r!kfNfyHGZsT07+ayO zlMZPl^?PU!v@^CxX(!}`X_GhQ1NMS0f76fiK4=@XTNP(YD&vDTKpN5fS9JsPmwA{L zJNOp(pbprMBj1$uai}Yq=d@$?4f&mIJ$@$~VIIbB>RH(aVF|~2mfs1>-`nmFZD|?L ze}Id4s!vRqOP(!ZSzjx=W4%q8{vLN_qftAH#x9=l9JEz%srKay@l0H%Lq1slsJIRJ zWQ>&U5%wV!AJiAywagFpGug*v9E|zJGR=C6?HI;%Sl^Pq>SOMBF4_h^5cU(;4*3|a zk3S!<&yzZ!?C0>TWcetb@40>0-Y73=Qx{P?qu%)bGNcpLgNNVL-!(|f!$p|wFOYY} zs3;ftq%J5MWuk19RpnU&@X>r)T7u7efbL!XR1n` zR&l2sr{6_wx|Be8Lvb_X%e*c31n=t$~)k?-wZGOTX_hH_I z`#<1%Wm~4ha(xG$8GmLPU&XWHfjT_hgTFu;iq`&)gd@xuPtthBgNVD~ng5s;|NT4O zeH2%;uUYR(fA&?}uk>-J@ytA84EyKtEU}aSM*SLjRqajcm3hi|H_InwqCCuR>Xg*z zi`j3cucpoL9mh#H2J&a%h4NhD%gS$*{U7oBZMgW4G^q=vrziC#P7im=NqMPcBD_-^p`A@EKaUV;0d-9}**Pqbr|_vDMXe+gXXZZnz-7G2Nqhel;%sBmAHpk=B>+{ZV|sW^FXSRQk^b9rgSMJd^gH z;I8~0ZHnL7Hf4RT`s^DX3i(#D(cZ~3;mPYAfFV8goihHIkM~jB`7fFW#2Nd+5a%^` z9!2+*hc-26XY4;x#%F>4XK*S0)SdP@_M+kUl#4L53G%Aoc|QtxWm{~Eus_1Mfs+5F zKE2Q3&ORvhyW@xC_Z8f~fQxjL|0dp3e;Dy{Tq-T<@BR2qxIEn`znSDmO!V?iq(@m) z8-M4IpzVz7Gtl8Zx65{y;+uEoDfPto`TGDzIj(uJtV8*p?LW%#Px$s+ynh2OMVskR zho8bb(u&T#puT8}v_aA=y+o#S1b5XBB94knsXig!@!u-}$1y_UKKDm44ujw1V;i0& zgp3`iXO)+vO&cZNTLJqeTztObr80d!KRfcQ@YS7q_%(blzf9s)aaVTq5j^u7X5zgN8i@g}_c3tR{AtoUM@^z$rp#3%gM@cm1#L?0X1?jJ{-2=rf$ zXX=jW5QhJl2Ge3X#9alfqVeDGOcgt-u5b4wphlP zZj>j+*hD=G`&aOfe>LWI;bM7w6Yflx>C?Uj%Prrl7+^I1$1<@Vc*nTNOK_coE>zi7KH=~2?t_3~9FDfZcs9!k%Ng-mzUTw^ zO#QR{K|jFX>R+@zQSTVb~@KC=z9^=jA*(xlH}+=G2++AhCG|E0ww9=X#z-l^Kk zZ0~ZsF=-5ou};QPSzgJY8C`5M0kUSI#(FuugLD$`>cEUU~G92-;qj$@fBZH{S@M~=4;hc+7ZtE&G^UZ@N5 zLmem{sU!A1*yo_lu`fct)_l68{UQJP-~9W&H%i_-+&_RzmFa)+pUF4VBAr`*3S-4S zJZTY@Jn-9(;2ZCs$2|(i_k`W?rVw@+&xGZB{yXy1me! z$p`bB@^XG2c~kju6TT}tq!Fd1XsSE)M|zKfhx^|Qp7G4|`JFU)Cq2@58@_)P*EU>A zH=EuXm+`u{U_27n@8MGNl7`aF{R8kxFvov3PV-&B`8KX3*mn%TCc!ZMZv&3`MY~bF zyyR{29rK9#+lSu@pYSSA+0USUzJTw1r|Jvpf%+o-B%Md|{@S-oxO2EO9n#}CqJrUX z`yF9EMq`J{|EzaxpM1ySy1xB#ESmaw7Q%*q{~ow%%$8%g{6;)}C!W&HqtF@0jX8eIXU?zTTpaQqop2bN#@Ej8bPdZLWf+r#(8>tj`i(67;-<=Mrk@f+q1eGA*T>{qGy%|||p zJjHd#AILnRPh>xe^WG^BWupv?YmiswcQnsl4!l3aMSRj>zLI7%=1H3=e=MvIn5Q!z zPadP8PMI#tCHr;6<#>v!r^yS)dj4ch^2YKX<>wBh^QeXP8tzGRxM)*Rd;0(LJg(>d zA=>VclX=vFKBGFP4w>iF7u#1l_GKCqq^{Xkq;0SqB-sJ;PqhPRE6jK1&u2e{Kaqb} zWz(Bk!6we`Vh?L}YgO!ugk?7~v(s~XruWWVIIwTV>(*wlud9pQ02(v3PM_EGa@#71 zI)CAo1EZpQ)>Erk(T26>ZWrrx7oV=nOt;_a)thc84_4bY>$MrKf%Xiz8lvN^c_fPU zf;i&Ro9EKwcFTZZpy294eFj$%)P=PkjuT#<@$aLMzyjH7V_xXDUK@o_4aYn6=37{L zi0$4A7>$w%`zpB?=Bv%c1N%lHgM8`W>^h&2r)xGr?kIMoSdyLMRHT+ir4m(5ab5%! zif5`DRTN-(205d!yk38yNWo))JqMl(B+0W2s|E0yD=v?P)OLJI#HQOUhBbd40=CZ= zQBR{?JJ+qY&ds-%mI@?J^m)&17EzP*sPmn+C^Q8UZ=PRR=ojI-w#-8U8wHYVdn4%D z&*!-U>2hUn0W?3w*#fBES`+637C^+wN3eon?owdBg&B8St0=Nw{XzleUG7p_1n&YipTw59g;3cZ zEr5va^Hz+S5GrR^uwia{xmzvb%UM|!;I+Ply<`gDHI{HhbfE(0W6mGghmuzyWwx#7 zTkWOlxk7yVl~#d-o7e`wsDo;XPEUbEm#SV5+Y=OV{7a2?wTOa?dBdhxf2c@?Ahmf4 zxwnXj3b{~eQ^?qDszAmx7pmQE-7SP#!`^P)YLP}nbGhc7cilowL{URFvEN(~X_t#s z%P2AE&lgAz+9~9f3N|O9)${FQdVv@06=^&-(JU*{{_LRlU#L(o*BbR^A%_d?6ttS6 zRRpcPVC@3b4s54Lv4kJMCNKr8mF(7VI#O%7hy!GORwU65&VMaj9iiWbi^Ibj8q)^dBDcA-wAk2ylm(W@`R2aiI)ZMd}} zQezW8x7jI#S#23b1XcUlzZb}%?)fH8!7kDkU%yBZ_OSC@A-pxuFu<)82Vhr%mEOBm))_$ruI}5^0#qBceUtjJz2L;NzX|8U^$MmfM~n zV4iM30TxW-nei=f2EP~aQ{D^&5ypV6C{4y51deGnCXtNPB~aSf+SXK_4hDaV;F#90 zf8MV8hQDRBy8fB>OEHs2hF$`)-*{}O|4V-7*Z;NK3M7azY935K%zmC zBUBCnO$OU$mP}mPAnLqnJ9>z~65EBNC`Jf@{z$7mGL@x8jJu<$XWk|r63cY_eu%&b zeqLzA!^Z4OI2UPTrFa+##>CVj#XvG5@z;xwx=Gg|&?+Np)P|@v_{Tt;wl}j_Hwh0& zgaQHsv1of&p_<8s-hm;4;q(%)Rj?1?WA-sas$tTDj^P!{0~(5%T0}uJE%M;BTRo59 zg~{9*AQddtz@*_9Q;Ff^IHbh^-(qPI(@g!S8;uc)@z%pgjk$TS2pBL3ljz~d3%5Jd zz(gnU#{e5`;uXwVH_?bdF&u3aI7?mkf{8yCNXFwE0;|^UtZ|IaR1*!%RX1kQtl1~{ z1Ip|kQ|6j&lg5`w2h#ZQdj0Of0HSu3UI}J8K!6znu;En(_)X?+M9@suTqv{$`|X~I z-&T00F+pFrMYmSRL|lU`R|&dx&uz>%+-ALN!mr2;meLu+qN>teG7NtDf)cH}X0psk zC1}3*MMVTKxwErkG`6iUaaJy-qZ;IjLabFWX@QLm6VIuTjS>9;D8uDN3d=OssPGKO zs1#Zgb4U#%5=t?Pb)5HPkQ*vVF)4HJ9HO-aRz4{r1xBZF6k&T2)0I zfz_(vOtg>y3=&KJ7R1efgP_y1)a(_BLIKTuWRFP3@n#~KPShg~#tu!|0dzxfnwW23 zv&6$l-`po)C8)!!{YaD}xBS6as z1H@<=Uzp+2L9$QU6#cBrtLn#WM0-Hk{8Y{Ru` zvoXE8_x9Dj(|e|8XQ~~)-C>A__8>;7i=-$RU~AqmMdHaomLVce4Q@C5HNb|bXtc6@ zCA+hRxa1e^eif_43$ZO~#zGnv<-Hiw(ybPfm(>)Et{5&xbo^?-P|IREpP#7Sh60Q? zxEFfxs^V_on-+0cHrppN-h+*qMPx0Cn7oZhM1(<$(qP}yH5zz}$pKk1OEDJ8^%rpd zZFA;mHug$OXLE%`@_6 zEXrj-tk!O{yX*{+-t6@3UWnztiILPZu%Jb{3=fG#nPAs+ab`e5KKPqP7+45qh|l1v zcV-%H6%$VzMsw>!Y(b+?x_z)dJ7+S+jinNcZB|;1Di&O{yUQ~dD8tNR3qukuuZhFo zvAAKzzZ)@e};v!m9h7;g@r5Yw>GyudT;0{cpP(*29 zC9KgLH6kHLuyzPb*5=XqHJKtW^kCG;A%nUai9kV%8RMH4@9RxbOTOl3M z=M>ZsQPFrRoGfvR>DPD6g;Mr$i!vTTFUGrHJrv@dm9ogNaGXA^K^$#wVQiUg-~-cp zg2f7hv%w3J@n>|2N@O$=F-s^)%B}UW5NvHdXeG`~OXDl-$}C}LvK86UxP29!j{VTN z=yquFq(LWB)geAM$*HZeOT~bN;A9q@^xEg#mi(JZCu%$wWLHjh%J$qew`Xo{&w)L+ z&hFc{Z|>Hc4(xXi?B6$g^TM9FCA6Tcou0pSOPZ<*lGf-?7Ni_5l3Zt&gOy2Xbn|k{ zkG-(*&)7z0j_K0!X^upzfjB7Ub@1;y$-#YM#p(DMds5D zBge{j5e^UpF`Chh$r|Y6$*H|*7N)|(?G9Z5pqJ4-o?e}$LqLoLg?aYCp1IlCIsCW( zz)cHtwS`-ks{0S@yLm6h>}qfpa&E_CLBHXyy4gXhQMhmR8$CGzyb^QZ#b1MxDX|O(NP{8gnzuS*JdPN{meFTTx3pMqa&tKE+!|MZ zEVP@Vvc(vT{G~}HsIDLI+AR^U+%rAr2MDoCu3FRI4JJRNWp6?~kWCV!nf+RCeyQ#@ zvdg+L<@MuLR{pX-Z(v73rcwhlk+Cg3_Z&x$R-8rf1vQiL+IaFyZ9jX8q}{_7goX9S zja-ekA&N5&`*QtF?nbs*slzTBL^*?$+O`@}EY!qGE?SCcyR-g``n1=_ttdvtF2?@8 zFYA~|Vt#{h6ERz-{;Y{Eb_ERf4O=&srHkOwnd}i-WAnnQ_O6`nux`9Yisd@eG;WM% z=N6om+NyHhn3U6R)~5i-4DZfVTkY0bv)%XBvmOkHce~Yf%6vs~J)NqeS+JLxYygVr zg4zaRqfEFZ!VYzG_rH3-oh;B`Z~3%RSD?$dzh}90a727X6 z>)JF?nI4SXtuM=rORO)&aHG3*%PR&_JMQBAW8v@CuYIC&3R6AR60eappc?3_O`HIO zxl8l1)rY<;W+2V4%DuxMvsC)MdUk-$xE(ww$73bIW2_*=b{;Fu%sd7vd901br~jBJ z#izagT6xS&unYR|7MV4t-FR{(;0ayfLHIVa9Kdjo4>gE{BM*MFj;Q&8VWs*&#M&Dcn6)6@)MXDk|R501adLf1}qrs>s2fD4+Fbk?$TZ{IW46{d= zL$NIy0&6N*hae8Oe|Bz0-V8K8=yCiCt<~VLa9b(mA^oKdk zB9(?OQh*wp(4kj^6$vP`>zQm596{`yt9i4ln7XLHJ4+PXXcdT$h!TS48cRKH=IO@J zMNwT38paMVNtmeP&@QSzAr=c<2C@WYe8s&mgUbNbPxHe5J-1?gas7h$V}Q?D=>2Yk zmjRZaYIAY_46ee6qi7k%GfT@eafe|}OVnuk#-%1;AWFs5Rz$vWSKi`ILy+Jf^K1~P zSg>lgsy}9OZgUFfngB+sE_cz%lxHErWaBIauyv)1tc+#YOj zxi-6Z4;K9nyfDayQIaX@WqS<-8yaS7qwT!`>_$P zkMllEW^+YS$9D1a)ny*lWHzHKLIQm#lWl97=)=tLlv8w|4D3mu$#CH!PU|!3cr(SO zyI8LVLpypcCy{1RoB~c)q$j2+V->92c!*2*O|=wK2%d_Qh|GM|QyPanu@eV2^lV^9 zjF}bePt>fo=CQfk{Cd#}=Fk=52!|PyGXs_IL|?>WYkTM9-w{v?Z2J``bon7H^Iz__ za5LZ_$q|cvF|gxJ%j2~5nc!(X$f_;U7V3+2tifon3$HPva#y-p?rXDWJvjEbM$E;Y zXxI#(tziNDk2Sox0;%ZXSIzSzPkM)*B~lnxkhmX|42n9r0(mkDXchXC0JCqH{AVIHC8P{JY*X zWm{vNsdD4)dTm}5Py^C|7K2b?ZKdBj=bE%!)2t`R9n`NE)>zA4Fo|&ntgXz=FZ5fB zM*G4?k;N*UB03Q*jsjaE2*KrcG)0o_x|nuvG)fpsYr6GifQiO%2V=1&4miNAVaFaL z*BxNuEJFleiYUqGJewdr=1h^)xOag!f)&cPYcWX!D@2%Ssfy*H^X(qyO$agar_eR4 z%Q(TWRjqTWaT^;@_UbM+RhXT=W%_0=gSI&K4-S7RqR zt~c(rn~j;(x!YIg(EP=2ZdhW~;wh~d0S7yh+tvh6R99Fwm+^i&{)a zXa}c!<>yltX`CS-su}Pq8^r5GF1r2hI*~kwX?W|9QGvwkW>W#h5te6OfR*|SK!l8X zU5H?$h3L47qH?KnQCvo=f=*gmR!6tRfCJ~^;#;s4$Vv}S563qRbsPDk$y!6?NC@t1)}j47SK0M&!GDx=&eqAU-n+wrWQq5p3G_TQ!a4*X~x2=q9vS^xr0Y?F`;x;u*OA%cs zIWf7&-<)K0G1ns(m3SfshALm(*Gb%9!Mv%o0blB&5JL(%ayDpTMrv*J3}C9GF;d(# z16c~|G;mQ5R6Es{i=CR?e(iw~T}nW!?zOq4)w$NW%qTWwOwKj;cwetcNc3bIN1yNu)H95R4pv#Fv*pNmKWys&d!Y{^f29# z^@wVFQH0v74JAINI?5Rugz3zh;l=C|+;w%_!vY)A+u)B&$549dl zuFAs@5r@FU0E}a)e)b-@F&mG7SXX))8}OO3C`xH|#bitp;aeQ@lBncCqdnLH*^Q!zP|LfS+0Fqh=q%-VzepGT;yJ=mx(U=mSd9_M_v z!Ph(okoq|CZ@4TbqGEvuXFp&7c3!AL6Ah{Av4+Dp7VDT5;$nGFfF$BOr*{kE%Vp`3IbGD>&yC@^;c8tvE&2KM~)eb7SUwR#8Efhd2AOq z-(GkCF4ZipU?rkb4 zCeDBExu#A-oUS>)Fg!k&ol}@RZ75U2Z7m!7K}42Jb=OFmT#+q|xi`X@oc%`IPy=$_ ze#2DNbj}GIw`Ge|pw7WjqQg<%oK)%^)9mSTTDFI#24?4YHFLobOz8XP|LT|BF1Dao zhv@2KMb3ybLXro#8K7`Ag|UxF-hVASzj(s7Fj~FXrQC-NE0Qq(+`NUr#0)^J}0aPdzhOB2gL#?H2dbo(d6?8d}8jcW`t0?1Dz;D z^n~az0PA&@a0Y6J+hH;2x(DaH8f?#-f<2$?Z?rieH$xe&jV%tUFOFVo_Y-PR?bH{s z%}TKNChFIXDU7bgcD1*6uDB+|4!wKl)`gD)`$psgyJ3xJRr0ji(QFHIYKqGNVhx0(~8LxMieF7@2|Wk>*V2TJMaWItF=%8{gXQrQX4Sb#eX4 zM$@SH*xycn|NDemMshK#Dt#)wHY((iRWdKhj8Z&8en!urx1+r7AGNC5w=i-2F~-V6-HL- zC`@1p8~P8&j*?wny~T;^E9}0rlQF}SJ6!a-#AE_-&Ly5>TQca@!nO87x60P>&6tva zUK|4wD{jNA7Kjl+CmA~;43E7eOD6qaj6k*PAKp|*20_ZmJ;V~ni24e)9*3zT$_|~c zAEoGD8wNQra5zvxEjxT%L7NN~e7u0Vv4RSRW-nv|hQjR9`nr=-|zZXz~cg zldqykZ@<>WF0XPPkBcElq1wbEn1q8tD39w#ITUs+?jB$DNS5_jkEcZ%5|4q{({-b zeU&Fvwp6aX?TX2(Dur*GV{xiU6Y-a5I>*sLzUCjerfbFKX{yL_$l^iA)v$KGu_yC>dZ6Lz}%i<6dh5Q&{BPnCYW z;sCnzm6GLb{;2(%TYulSKWg71{%%lzH(FzFxyV}D?rd@%=UgrRd!qBijR&?~>ueai zdb~XGw9VyBZ!T}%F!tx=txqU#C~cYARo+o9JCXlhFkav2ME-lh_?fY(iKFFbjNMe; zbLG>^w>nSRaBKN8=lYF%C(2u=rb;`UvZ8R+_zfG8w#42xc1_uFE*aZ_-;+GCF`BI-d7^-r^R1qlQpr)`f_QL zWpA>|o2>tXCnP^nv0h%TSa!w2-=8g${%?rC&ZIRlX??mpY1xw&{(iAiw!VSuI~Bsb zevE&eE!M;q>*vR|SoRjHyv1_Ht%-5#H^;^;d)z9ITb~_68ny*Zy>bKiwymGQ&1qSa zE$c1zmClvU<<2Dj+X(6GmQ`+9&X`pmv+Oa;x#Go@Pn5r3zSJuJYuS3?th2+p%elgy zn4H=$Hns)7uH01Ge5-gffj3)W+YRR`d-K>fXX`cFENcpRf4TjMG8H`Qe6{3U>}+?g zAIFzn<%!bA%E&qte|yj4XLefUSJ>8@>}}4r%}?04t+Z2RWQ(|WmapKOZDkKxu;)Ht zY`5_IL3^`v$eFaaTh?aVwXElr`BZkT&*FniyLcS!;*eE7q{!VwySSq4JCqsN#l!aN zo!8p-!}hmqaoZ~X-uhbmm{tC=J+`TGDGL10*kcX{^3)TBF5n!M7Rqo7(81$S#`lyc|5cQ{q@i&^f6CWe&UM!2>#Qr0T6tp`<>ore`PH&@qJ-Qj;XnGOF}Oj9h&PqV zsHYkWycR$J2Y;#l;y1DR--KgN5KI1Y-~s8|oC*1xaL7NvOzl}pCE_>y1IHD0SbUaggAJl0U?Tjf4n+geM#UQARHC zA0X%sksWr3JtjX=VZ=pN2?dY``JbRGM4%YrU72YzZIRJ3Wnv4Z!gJne?HPyEFiD|G z{I#6lbF3ForxXbvL4eOva|Dy1D$(ejwgTdT{R~4&2*E&LFOmZDoMI7&nzm^dW!MW< z40fF{y!Ua0B7fB^}1EZHpcgARn~ii=%bsV&n<+%%(5;;+XvPEWvuwGN5x-$ruD$K@(%VLWPf6x=uea{ zlD&xoa8S2D^bGs50Vp*l(x=ZN*F58`Zo z;rzV)!o9eraNRtAjaA-fb^`6Ef~`CWs8m&x=sLjg+4(DF2ad{ZF6r_`B?hUy_6`+B9+777)3+ z{ANMy$shwrXY&{BGheXnFWTG0-^(M;55_SK8v$-Qw@wFW6{Ge$)AeUHQ6w z*Ej6VU$>{fVVAycUn<_b$a(}V(2Fj+^zzE~$?~Q6Z+rRDCyqb8vT@wO)5c4$zUUB~ zM|sS-th{~v(%Uckgj4w>E4T5j6P58R(WgSY`!mkw&pQ{DH(g$FHh$PC{VptI;F%+umF*MT#;E&A{_HTTW zvN`mKVf@c5p8~f~(67SeZiKA>6?FH5o}#;Vez#TLE$F@hy_>S63#EUgH1ToN=3C2` zUbQ{(@E z;XdJ>EHL6!N@y-s zCML!Zhp@{VH}2XzwFxXB`;R?i!kW7JEjAkeQyVV!?-yBrGxfN#{pKnAim4AyUF6t5 zx6%HQsrO7xZV1FaLa}djrXe=sIkq!Zx_AtK$1k#+CVaO&>0AsKakG87^`%MsXPwDU zl}gj&udydy?Km$*zqIlRyZp?tA4SiqGIr6o0nHu(dge{5+(ge7Z6{PRr3sMO3g0?b zVQc;}5JO+_{u$f4Wye+HJI1cMcE>jB$%ux0+aCW{d+h&E*XWOqe-CIA=vjl06Euwq z$`oo5JnulU97CuEC8-R@3qnt`Zr|)|KzbE)Qv}M4Wj!8oBG|y@@+GA$=+Qgn7yh#i z8@_H?b{~bysh%&%|C8mLY}?@<3EDV^2YL8Z8Q&{KqmCZb{Suvg~-e0_73~_ z*kt8Kbo(E6K2j2qv5T#zKQL9^XisfCSh{25!SMsno}Acl`{d3ImC46#cmce~jWF*i z^wuXYu6+AY`QH!O-#Ik)tnvx_4TnmfyaOHB|2R1QYxahT>!(-_D$dq&`Ij!4c=sij zO>He-F=7Ax#e(%6@7i4X^2Lw)>x;LPZ*sO?bg^Y!Zhy37S+|wnU^{!9z2h4v?s87h z)-Ese{R1#=)F%AIq|NHEA`Z>4G+&jHwGA+r>q$iNxkQzV)DMCOI6@-X_ ziVC5J&^uBDLJOfJ6af)PKoBX?R73@-Qlv^p+VkG$PD0?z_xF3AKb}`|?!D*Cse7-z z)@OazTKi}OR(oD{TX7eTsuN@PCA#l_$S6+EhP zMekqAU#)#@R%!FR!ij!X#m^~EdU}U6?9?4enD+YxQ*SyfZRbm`Ia@>1Pc9mr%Nx1( zZtbH`+xE|W;zJ|r#0ab7FA(~2p*r0ggc#C$$~}U*uqj}_DLOA#&;mb2mQEH3*LXOo zdipc5f(FUQgUGObWSie!=gio`c}8zh(-jqPLZv2LP#9r*AA1xag+}^050=BKlZt4T zNI@^dvQz##wjHoadaI?mN_uG~kWxHQ z@b4~&3!q43=Stk8}*(aQY_x7(ltbo5?Te z2FsVHsXUq~?|P<{OK<%>2)tl}rIX)ZT_~J6yOe@*Z>gcYt1|)X?xtxu4pRSudOWeK z>cc2ZLK8k(uRJ3Q7uJXFW>9Ke{#`EHB&VXxbVuz5USZ2F4DenkEu=Bs`WFjBXU^%u z*=MBOP8O|ZsL`1}v3=ezcZZad`XsT{iIza>%szt?g*-{{$$cG*QG$x{M1vp0mxa1P zhEZg)tN#K@Os8-`t@J257~m?uk)3ae*!B>yLR7~&1f!BG86q?&t6nF$tkE$7$8`YAX98liCvx);wcei zpNq54-t6-pk$r8NeYQDs`gbbrI94eDb)@rnm6a=nzCw)5KI_JBH{k&>K80*bHB8_v zJ=yc*N?Z%$dgr-Oz{BUls`|I5Uh)!|zUW0Scrr}?>G@B1+H+;{gwX#Kz6|j)k{5)2 z(f;<;e|_g6iv)ws>QQaC_aj(i5v(R1AymGp_}Uv8>Yy$bXwp#CVLd$4bJs`rP^Qy5{C3l>k{ z|M>3-wPk!Sm%>B;RH(!7vaIh2+$@>0&e4zfm~jR5;~7{lI6p>57@$~FaTA?+n7~fg zyQq^?+x0$98mp?S47_OihWN?r0v0pa;PWi8!OCf@jCba|jUbt<}8L|_M(m>bCoi8DwE)5+2d|k>Q0X1 z>F17HH|Ac%=XIQ)(6>9dTbOnf!(@N1H_f7#i3~C9_zkql+l&Y?5-9$2c4(usXIrH8 zxd~!HUe3H8{E^fKy=)gZ*hk4+*aq%-iQMv2A(qIaMD}%)%)VYW+1EF-&rPz= zJwFv=oq0EiJvh5R@Ox>$!-2!)pc)!v*^^}fiykZtEtA>9Ppa*5PIgEvBU+o z(zOLuR4im5nsI>ndp)QtcP`u$)j`!6GzIw+~?|RX* zf!(}0Qf3kD+a6vnK!fq7-1B_(D_{L4P&Ws@9gObw=&*x^)Po#v|#J@pZX z1=4>tJJ(3;l-Mo5M7HPK+)hTdmYsBGAo0)uR&5d|GIitJk+wbV68^(NpT#JtU~m}? zQXFj`a+%6?OqIE#(BTDLYAO6e{7rzCAD88w$F7s4t70qYhY2}FR@6vf&!@tzm+uSk zT}X2c$c|)d_k3YIx5;o&RqrepiK+57glN1h(4MaN9{9jFMF7lH|6~C+9_Nh@G3U|Y z4C`RIM-YFz$ z*{FgJ)g9t_8&tn9$I`rk?9xRUO=XPN#@Gco#*Q;i&r+%T1DUT4{t&5{C+=fVg^T9z z*5k}O(7C|0f?R!vrb-%()pm955C+BpJEx zkUi}oL)js0vxj`cYLf@N{lwz&_-*qh+hgDqui>AYNKtM zbHA~p%!I-5Ml>WVO|IUCvo9NcJ}|eGh_avo$bg>-`hF-nK)DP_p?ojz~5(Hs&74qjrAP$L-$5$<^xMT zFKiAbgw-Go-5_&Y>(v9E?sJ^U7}!M74bpgu=;YT!6AZD84i!UldZ5CwESvFE>><6} zAfsSn-sDE}ZSvD|DnF5Blbpa04NH}JzfM)Fm8g-mrfFzv0*PqrPUmeG#8%VR1TjlB zZH<3OQo;!$bG=I0=N+|`rflW@+RCVG6$jf3>&2kJ&r8(IV1Ez4Qoe4%MMA?sIAX2LNV8-E^qHE0$%nd)-lZx_XUk zHQCvI@=M>Gi@VhzOY1b+i5`cY;#by)@b^}Y|I)6r&*#-R0sn}^1SMn%N`z5q)j5Qt zs2^73ieZAyx2E<3S1tF{ol-q4RYklgD@Q6t82x3bUXea3oj=YtMcjXB*pR7o92MoB zuGASyeJIsOY-Qx5(wBSs5xHKaAFI@HO8rNwH?ti=R66Hs5|_BB^rc?ATgg;iZpjkjzE8QC)F@r&4}OytnweU z@{uY3a3RWnWBdG5-0#a=P2=a}WO=lOx{k94y{&C@SaDq}(xkR#XI}GQJd|M@f1uyF zI4sAWFCO&7ZqY5iI5ZH4_(z1f4#>+fx?Bqde8q8^(I63Cu5HSG&a`#cLe8|A^9p%D zO_mdF%62|2DkJEYUSd-leo&Jmw{!O2&S{T80yci1V(shkpv88y&#Xl-ixXznIX`dd z7k%EI=G)1h>9_rU*=Jbxa5`JMMUw|nCyHs#$G9Ia%n3rCD1d}+y&K^j|qtJ!rcuJ7Evh*5XUWeqwQ5ZE+6%t8gZjbfcRG z?{2qi`MdQAQIk~M!x?_2cj0y~5R1;Y6v9&~``RM=Jn(!GIR}qJcwW@4g_gz6_7JBx z#Ok_Of<^E>V~>#7?n29Nv%Dpm!+f3n!%1=BXwv>+~${doiO4>wrl;ZB0zz$-sVRKUm1!Pkoe)Pd6v2oDqocn2o@ z_W2&=JT7L1@TLf1r|v}P{Y#}fPm-eq!UZkTx}gS@haU@Zzx3{r$wxxHDiE;eh4-uo z$5uwHf6VJLw6cjV$Y+I$xTbSGZXo#wAq1GGz_k!so`H@JhxQ)yorAYKAU?3gS!#K7 z9m{(7AVg!8!SLmu&2 zk)TmAjH&Ex8J43)aR82M&UV31^&p`Fr%Rt@(GzY0H}Q4n-R4wUFJ^hd5KQ)D^GNS0A+$;fJylm&9Ay7Blgq{zNzehLOzDlYe&83Tx}pI4C| zhfyq>!$kQs3mGP*e3)xuF?xI1rd!;++a|s#cWs-M(3+MStcXuC8Q(;9fMj12a-94M zH_$D+a(@;19dqo~4XO5_>zu`XkX-^09lKjI*WJN6S2V~G>!L6vG0isom|DhCgPuX? zZ+Pz>_TB?F$nHH1a!XM>IB1ggWl(CC=H#Q+sHyYeF zo$K>4JAS|2Vo|AY`>sP4JUOD1(JTB8taHj9NSIHCl!a$X6rUBa{HMrZviWR3!I=`@ zG6Z%%yANUXPlVsxGKP3wEY+hT`kPSCLE;Mc6&vFVpAqV5(d^g%U4(xX4UgH+gow8wa?*Q8e3mY}cx{Z_0M%gf;(8xYbtu9A- z)fpq@h?(V(-%+`n&z`WqBpXJ_EzIUpH*JyMhCylvOpmxd(+Fn^os*XYX25YK>EBz0 zutc7iek$x8-jX^;=w4mXUH%?=(U<<)Q}3yF)?3WnYu*kz{OYh$NX7Y>4jZO%dMdj_SD?zj6ma&3ilC%MMWhU>fgDz$mL++2rZC3J zk#a{7ii6xOFd27B3Fly2Ve1!c_Uh2Wva?LwES>F$26A$brfz416o9M>zrWECRA3km zfkVQe5JYWdtKVxX_q@y;fgyg(;PGqlp`_qi?Q^WvSE)5xtksQch#4Oz_RoJeca9|1 zJC>}1RvE65)8*(pkW;4JbT zg`L=Tr*KCFQ$SL~i9($uOl=+dG|VV-&H4`6UlM4tlSIQ#ddGODbVrOf$3z?aC71oZ zw%3NgM{q=kGo`F!?czN`CA)6u4yujdD~*|`hRpPElGsHq)9$m@0og+=)9OaeGmZ`W z#Ui;x>r1pdnZJA+dmt~-JoL!0S<$}XJa;Zud5e6r+my6gUq!Wuo3y%1C%@PFE?f}R zrGB9HSEIBR8_^nv3cbBbRnGltdWx`DywN6(-=@`Hbn>Xyf6=Ob_=t10{*zArY(LeM zn6-y>@`(LZlj4n02Mah`et6-m3%ImYjf%i@v_8;rR#T%HYI-t9 z&vxgjxoRF+MVlmB=*{_s{$|m7n`C?aHMQ07`VMAV?K~TP+O8ojMH3vE>#R2N9Nkr< zgG5pituRz25Ho+ZJCF??qg%Og7jx~%1tehGgYGcuBF27pPyh>+Q#PHMzuFzXc#s}C zB#Xt{c)S=Y5}@1XSdktlws8JzLlo7{5Tp$IQIW~TD!ovJ5uW`hmT}PSw+I^$-iI-^ zh1Eb}z755kFV_cT?vaP|IN^`awSn*?>dwC7=matR<4&Oh{eW;5Q~_FHoQnwE%Q&Zd zJy{9GSjeBPMoKXc-fxlLVSMWe1!$L&GI^U=k&~j!{w?0w1G&T|tUpuiCSQ}m%kp$l zC@MU{+K7G_E9*Gl;Wh&~K@N(AdM-w|>dq%&U&^-ZJBBLZfGU1_4`~tZ1wu@9oF5PK zB{m3u0_sM_(VZd<5^g%|dQSMyl1p;GaE}!(QF!TAkvO61#1+E79?>^YOW-xfv0Xs| z5xFN8UJoZw_ne3d2yYexU1N4}-WAobK$aLq5e0(@N#l`_iQ*;hIM%rrg$Lmt778Qk zBhVfInd{3f$qdP*~$rrvOBAH{=f)zkCg6GP`cZl-P;IY-(}KY zX~9K^083FoHnwtX93LMWPE1bhrxAe$da9gKon33NI%~NC% zE_tEQ%Z0p3=&OZ%N$7tI`LJ*w5%~Q2T|xiqGlb2#1+ishMWT}i2ytzmmgY6K0_CNe zkQ=YMi4jHky#vYIfM_M8$T)wdIk51Fn!ZpkjZv7RO;;~R2dC~pLzPmn*!lC>5s z#7_thaE>soWgkW@4_%k5z(&+EjCQl`!k`{iBQ`?0gLN&ou!rn#Y4NJb;wT)_wEmD? z>>;CJxyv@A%d*^17vZdJXBJVpWx!_&axf{rkj|IZQ~O`HM@=W93d*usmK~ZHeK>3D znFS}@+j*P=Jv=qsfRqRb2j3qUfrjhuW zow`wV)=s_O%r+;)Q(fi~Q$k}BJ@g?$beLp7kIEx)knOWMa)2a2+@GqNX~9i6>%f_P zPDt48SMCVX9Ru9DF*?k#Pp!@1T{vt$NtWa6-tBNUWjxwwCav}z=O(IIEaRBy`heP} zbq8&0A7iX0yTLw2M)r)z4iuzGwL0O|!nq#|>_dhox-MtjdF!0iluQtN!6}5}dqth~ zQ>$n`2%B*0Z9#cSwjfkwqdnucWA4f0hPnpj#Rg2D57HntqiZ)(6$i_}o@=&ZORKG- z;SsvHlk6_eKpA=5zh6&4dH4=&Y27dE4K(R?Mq}RIK$)M}4NPBu12oxjlo)y04JZSy zG-1w5y%gY^HC$DE*PdliPgHDawS`0BteugX@W;*_UPDHeW1*B`v1LGkL8>nHXtC=OloEyFMvO7_JlSm^D>&#v9a_fxvL!Iv7Hn{u0h%f z4B#Y0%P7tX=3YQs?6I)QwMNTEag1;dYLU65nEEcQK{CliSsxVPmWEG!ZPu%u+)^Jl z{Hyj4mexQ~Iine*zTyl#X5(Pdxs-yL1$Kml1jL+rbOT>y-I=MhgRMrpGSh2I#36O; z{BQA%%C6Yvt%z8ICHz3;OF8bd9E4tDsUc0m`XXY2I(MtBUWt?j868)sTvRaCKviI% zO%MjEn|r8J^@QOipm-c=P{)1zZG?wgUNq|?FV|+EetSKJ1d0V}C*6}Mh3+Dks?}U=bGvro4 zs|_(|laOu>gF*d5nByUdUco=rj{*qP`t8=Nd4HfgRUcuE3?JN)HRzTW;0+cy_0Ooy zD-)Y0JubCAN?%TSZ1+o!e#f|zUgbX3qDp!=O~rZbt<1T^a`=Ef-H;-pO8)G5=NGzsJK&w zEmR%3$Z~|6kDDRr^1oG0Yn6=@#+AIA>sGivM9H;F=1l=;l{1B~uqWT%cxH@q?Loo;k{#ngUMP#baK%! zfoD%~u+=H!fGvYoUzYXZ^zrV_uDg@jVQfS-Za|+Fg2Yflxx1rxuSsIFQ$NEQU6aH0 zD!O-_9A;Xk->IMA%vvX^2*7oc&i|t##cSY~u5%~JHfepMpYSi|SNtH1bg?s*5RMkU z|4M-E3Jql?b93_>k-$RMpuAXw&%!45G)$4@U}ISbc10uX42mdJHb@rx2zhdxs{~Bo zPHLJwM_G>^BzlCGLD1XW?CVPLpd9B6d}Xbut`YNi(#Ezz`?$7Bd(h^!Pgo{4KSp%5 znRdS|By{7ppRGyAn~EPN+luW?O9fSkZT!jSz>e(Tu)SlgP-}!~i`#!A_*0H^*`2Fo z5?&{r<-rV#x3u@VtiB=RxJjB6V>O2KWA&ErKjWF(MBN`n;Q4l`2fgG*Z;+Mt4;pTr1p*YBRF^3Ctgz*0;!Z(GwOt>pVtKUus*UR8&nVtre=o)7R zExPq|E3`;G-9IAs^X6{p-vm3_wmW>+3^T93B@#Z!v5?e7g-UKeJkjg?I)I7ynok)< z6&KZ}O{K7f32~I-5THL*fAP#G9#FTjEX-|k=K``7yZ)ZxD^ z7s-6nL@w!dN|CuUNgYDMwVE1K3p`X3x1qp`z?X_FZsh-!61;FZwj;PmR4x|sB2io+ zs+S4>O57Ksudy4M>E&644*HqM^kP}L9Uw7`l8?`b_QM3M51|JtALKhy{#|%u-IRx0`~us$@Udl74xiX86{9D6b#lC!n$ zR#WpyPUefbCV1C2{y;tzSd0Vt-9fLJe4P7@U?o?slw`SBs^SRH{}w#Io*9{f9iB;T zjP^MLgPAZ@mkR%AF>9@8og5x*Gc=Ei`$E~JFAL34Vc1E6?2(~=R2b_(7d_*fG{L15 zubb9YI$R#&w#fRpIHIW1*5V)m`kD&ACDWD*H59sQ*qUKmY{ek(8>l2^Ar+zFV)o{q zt64yKNQX0Uns&}jsu*FYS`b`GlLwrZbQ$a%LVC$M)f|#OO)AJpcOVzQ^vZ>@J}Fef z>^l`5>u%w_%(#6;o@XPCuH9bMBh*TzZ7uLx^wSz4){6hi?CZHO`>IvmpUj_noPmeL zYN1yNK69%?S5rfC?`mOIiA~oEit?ki!e1kTwZdB?`d5qoRbtUO;wEnR55jMhB`fc-m<014bEs#2NDPNIZ+rCGx^tV35DkPi8+%L4DBb>Wx4lC^|FY*8r&NAYlG%BL3C%(U}K{f zdFptnPmt(%&XE~kst4H zIdue~H8aK>i2_vN1J*0}NLV%W!{`;k_Q?E{JF^F@6?l`sFm%?Q5Q2vbT0J_Qherye z{)?~QH2#ay|C8_^B@mot7=-?IcK5NS&m69zKMVOM;nkjXQ?;Gy_s6NpW@_#HPbqeD z^`QBxStZpQgi1=XNLE}(&VFE#%nG3{5<#(2&Xbr_9Bq^5d|k#HlT}m5(Ia3Udf?nJ zI9z#0Dc4Op4QbO9MuddMwP*8(DSXb!s5ke5E}Wzbe-nwyt3)N2i$bo>6n?M)F?4M< z+rpVtj}dwhmr8ecvr@V{!f|gRuT-+1Wabe`i~gYkDOftG3i>})nBQVp)gc;w=pmkf z^zWSLvX%FY&P}O*k9WoTQomhEY zH0p-aRC9L|vW;u-ZQ|eqpoiy*W%8c#@ErAYtN|`jvf(BpGf-tAz&_Sqeht@(%$jiP zpDyfl2KH!sXid z$$;=Zh?GvYH`0xdGBC%vpR=_P&qO)dqefe_(76t^4xkQZZ3$>?&YZedXW$Cq{JT_z zQdUG?T-oGSq87g#Wxl8ND~Q{3+gp;HmN|4;WznJ~wiKkYTdyLXf7w5HHmEJK$ zN&)Pc{RC31P>~+_ku&`9*bmFDu@L_EDm6dLp8A^X)H}ko^xKV9Z8Kfl@OKT*S3ucQ z2BU{oN`P?0k~#x@YenZ8q1K8Pl5-Z>!h;{}w#A~S!Ou;y(8i)%9y4U-o$Z!m$^}?w!ixT<;0sn z1tBbs5kE3pxa3cx#D8)K7G;%i{#jRLi0|O$Y*9qb7(k2DUb|z$vPZJjUE$Uf7Y1M; z=b5@bG)?qb!u2@YIemEa)(c!BR%Bf46`6&&UK~R6?z@3jZutqkY+MZ)ym_-maNezJ2hAW*ZV9q7oMB!~^*>Yb1Q;-Q zigHlq0{B-QrA|xh%>;9L&YX#M$&twSUat5)Gtd-?mz0}|Ge``Q;@DjA+Pt?apV$7C zd2wIckL;s_ca_pScaeBsaXpS{SSx3VplQ||x{U;<=(*rqm4`YZKEwD7MP;Rs7rKX`Z%xjAh=?rxJ;GuKJ_9j6yYqb-jCd) zWA&*Bm!|2*xcYtw^l$BJQLTOoBtSLdVTh+KSrZ#}uMIbH5&LZu9omZhz!pn_Ljt&-NHEOmyexUnLeq^F5@n zuYIGo9_M=eN3}+Ve~pcR@~x-Yc8;Yfzx z77M%=?C*sO;_Q2xbC%l7V1Bc?4&Pp^~J7vK8&6vt%sb2t6cpy zA|2gq%Uk}MWs9nZ_>$l7umhVDEFiJB_ytgRXRA z2`_bxGLJ%_HvYwp?={4_>>rZ7``5M3QN)2A=j(cRwLL{RzwleU?^-1^Qr;@40y`YJ zT}CXBIA)cSSaPyGlCfnzGHH~!c@HYc#*tNFQ%cRe$^b4{b0bNBHfK0pe7bF>p;|Lp zt@VXw>e--~wi<4xnU-(;d^4S+X{L-bInUD|`&WYKC7bi8z015>GhGi_Ru5-rUfs)= z{HyS; z^(yGNOpIy`RYyZLd;6?!sD63m|E-}$e6FF!tZ%59nHuz~Kr56)&L__zP-nu%>a&R;=yyE*u4hgQf|F}4^l7by{No6msmqzO z3C?jj#G`D>y}GVtPBK=6a#_m+wq?%qZOc5KH9)6rnUf9m*0juJzHOPOYAv(L`j)vT z^C-8axc@%kwwvK*IY|&sT1K-h+CY4QOnef=CrRq^nds!^ml2)1NyOutDJ}9EvKEo2 zgrC~tpYo?fGFFJI#ZQxi&JmceJWaAnVE(?gpg4bqZI@uV*yTczTP`Lqi0AjS_!kPb zTokjR82z+(P!BUOKzFQPUzn|r%RXy+ZRH#l*wO@$4})_6AON3uT9}*~Rzy5jP4NBV zw?bLBr@{fy_n~R^9jTWa@q3>5sg~HNu-n zTEwkE@rD2mS;h0}Qs0NxO_)E5?H+;ks@cwT!K8lI ze5!H`bY^&Hc{+%n3rw#~qGCWmS;QxY@#@fjS*w3*nCl zD?7Kt&uM)fOq*WmtB-7v3lJivvhX6`tnkgTkvT3(j*Sp6V&hW1Ak9gUJ~2|KMDo{Y zd~3^R9dkEMFqZ}9Ea+DAvWeeh zdnZ6O(M@ZjJfr>n;SKQefAq~GelB$X;d2eJqxz>$SA<~~5rW&p3>yO4hY`@Vp^B+D z9wcla&3_{GktG3i|1rU^kbmME>cF7}lJp`QtgPAUM+r__YqYavRp6~Y&~f{ zZrW3EHEv{{zA8b6c9|O)4v7~?@n{#pO}_fI59EE$H_zf`_CMo~mhGYYB&|~?lh0b` zp-^5#*#z6xA;vSvDAAj!mjYDzijX`R*Z1?(ihu&P8IIK2(Zk5(xyhcmNhtDD^45!} z>Z63bTL=K8b3PLfaLNcIK3Qx_R7Sd!h<#zey(JdcJtU4%q^Lb4o^~H(%AgfuG17WK zW@@7OCGgxzt6SBDR(M+%q}Gb zl2kuWa=U&yiJnX3IF7y!MHRf1L~kVMpe}V+6fYZRZr5ZZVbFr;4>i}h=@c~gu62LpwJJA81fOZe$`HG zQX5!rlHfr~f&QMlnfgy@M!K`)rNYClM0|{TGjN>Ez`MWbX)y>n)q83AuYr zdm#g6C)EYF9Fot zGE#LXC5?XPQFVbCZb?8NugLXk*;q}(=SIZ5F=nW}6b!0)z8(m}rpm$cu=p>@oD$rP7`va5Syq*a!af284~DK1Ez zsD~h$lIh$6&Qy&-TatP5o9IT;MaEm!twCBeP!yJnF&T~tE)+y) zw!siZ+4^1_SzzxP7V2Yrdv?rL*K{TqPQh0G)_hGbsN-_b?o8!VOiwDxQ^?_uAkOp^CI9MDL_r<{A|MWu zoLF>EDq=zYlGl$>nT|2i;a}t6DQ*(2vUj+T*%1PY#vs|Domp9)jSJ7kF5TF;k$-vO zzY#M_Q;U2(4&R9NgRoN=&gaPc!kO+iBh9zWCcX!(nPA458%yRRasVjazAo{XCxpIq zUCd3KER-#j4_+_oH<@H2eyixeUG!Ha>V$;juaL|dhOa$`b0p@yqItjQGM?(LOM)AS zS=UoKYO`XK??MgiBX#xHiNAEi;|>guESY;va5FnMQ-h;^rhe}Kkev^twj=fDZ*Ykd zi{^xqIlg2+QM$<{>f30jvB{>z+1SroO4FHG_$ z`a^0k9PN*)u)Q4{yVVqbvRy9&ScA!n_!V~3L;RIms5F1Q$XP4A5V0l!>Uk<*r~yDV z=!6P&-xJBPsD5!*0TV)q=I?pJYueT`x5D2BcD@>`24n1=RfF~VFX+AbAQLSM#Eq?~ ze_g;E53o!d>~U5Ssl=F6=aEkeGa1ig7@{4?GbjDnn~(SlvA~^M&)>V|`E!Sy=5{jl z!aQgzH6Dd<5JOaR|6O9t*GT-bCf#ga%X=>~JrjQG$js3Bf0XbX_e=AkEPNzuu+7{j z&ErxWuiObTE<{Y0Gl7}dq(9l863*^kr_A3%_-)4X_wDR))>$W%0}p-*D@0g7bJk%% zan`N3rIJ#HgDlNO=&@8^uPKW3D?|3t-?WcD#4;VE^Cgc?LL`q~`rM=2rfKKVCp-Im z>7y^RkN!G&F?w&kkNH*JJE!*O2V{>Pd`xbjB2IOMEM2+o(LWUCxa`r7z}A-{B2@Ya zI*pv2qXmO3XQkZsVk$md|NJBoX3u{O(?Kba*_SE7R zGDOZwSo5DHKi?UfYfVXxC7fsG`t!oM)-vR+B4fU2W?x|VRAgx$NQuG?EnDVAa~Ci# zL&|rRRxup4FGmu1To2Bz-}8Ex2n^&GABSZb-?|Yd}S>PR&#E)z)gF{E9nM zcKPs(Ot2ie(=41*GtAWgEkT7f&fjc|j#$4wyCN|NJM49dWSCl+0 zt?_;}QqM)=*~t7M3U6l?9lRzixU63*Pmyb+SSz1l%=U7=aZJe1jE1t`s)2Qjg(btk zeZCXcrwW5ofU2YSd+7af^YU|ZNX01rb`3cU*};bZNj=2EipDn1YbG|zEj^j}8rKDbn3=Cpn6GQZXg$gd=rM=%`+Xi3$Y6=K`J9okn(|7F1ljJ@IeIn- zS;uoQ65OkeNM=TY-x!J6_56M09Dnw>|9_1HX~UV3Sg$1CU9TknyrGd`F0U_BlK-2L z7>SZ3CwK!RG4snGJEW2dn1!-;rgnIF3rI(=pO1OTINKv7ufO$ zzN@r^;i!GrnXw~rIjsG8t!96Ek*NRUWeV#r!2%1lqh zt5N4B>XJlXnuLD-s$|&s9ILGHnH2Vz&y0_q{eY1>Y<|vE(Q@2=%#R>!8U7FR^W)6? z{3!W{ik`Ea5);*C2IzI=6PbKnnK#u2257z5p9^m^Y=FpfZWMbD8z6S5lFNCo(XfjD z7X!48Q%o~XQI{KsjgMs%*BPG#xC%{j?LL#VLJt?mUSUt*66l56VVrH_7FqKZrj4SSg(gzZYwxKKWNdy z?}d6QHc!O1zbKEnOq&%txlDUkYS|GUqit}Axc>RVg2~ld9yH7Z9!fTr)~iWss4#Iy zk;2_5RrhIgHJ-m|#p}LLdk+9r?417??k7c9*E~I##76dGJdnT;r+0HxQ1P1sqAF#tG@iP63lr*@X|b(&V$(<_E*@%RDr==0 zwxCCz6@ zGpyxxKb>jTEyVY8!@qsL6V|7y3?g78!r46x&~bALvvUmGQT**%F}!nyIRzgOd?bj4 z)f8JfZ`N?a@1qU<@<*lmP{!T*@fuEeGQ$RZK4Z+&Mn7lFrBQI9#R;!lY+(2#wd+4d zzin~CLm5u^NEUCfIN?U2Zn8Mx7(I*=KC0n_k4?D5mHQ6kg!f$kzn|fRpZcGg!V;!Y zGIweH2XF#*bRACE*4z{Z@6>QYr$5hp756$&lQN{x_63}<%GKAp<{DRDPc;G2if@~x zp?|auTsN;fqTMaK4RaN^iiz`jWg3w%o1ut3K@l77e~xR8@W>4`&%0*2MG?d|Yaa3Y z1eY8qLlNJT=Lr3K1&ZLW-Fg^Be3YSx&pW~Y-%y0R0g6c0qljzQp@<47;sL=&G7KeZ zA%$Pn5-o45eVtbOI_hO6?;=G#3ESq+N@sTPyJ40$bHc1V+x(f|;qL_& zpY02s=8?RLD9p#Q@FVkmJGV>v-^@F!ns@DYJjF~b90c4uTGag9zgcIG^4!COS(^8b zthsx~ip<}Om_!{{7fg&tffTNQLJK zbG9&)9sbQ`9-B)=@e&bTD#Gup$$CnNr=3z@=`T#b9=Zwdj`25*HVfOyNKWP6q$L+j#WdUKXUJ?ceqYodxrM3lb~V*>Hwm0pHH{Xt zOT@>D*N%w9 zhT>D4m1N@6g_yJ=K9dliBKz&he(S_%JLcB-AM!&E7Pg2aA>ua((7VD+EFA<wAl!70(|Vd3csr`S_I1~XeKslQ6=Iw3m6 zOmyl@_z!6wlc4t|`Ls08!4AskIhp&udPgMhGPPF;(V^Pmc$uETB#W8w94(`zGFKCy z%cXavEchi;yh`S;wyyeL@Ip9_)U1#im32b&7h#x5#EQ`i!n`Q_7ew@;$hoDd>odGw z&0HBPN^|9OakJ2qn5KhVrDax>_F5-OCH0Rlh|-k*AxgO~5v6LoZrkw-qEzfkhDE6h zQEEk$CLv12Aw9U~2BKt(_8t<~ds#$?*9(k8M9vY1Bum6jOfgNyF$6m$0(7j8ejzr? zTEUP2Y8pwCv0=AHx6T-gQ`|06SX*a>Gsm*`Z35Yt&SF?Oh?(GfGayQE-R-UsA*bY% zlPwVKP+h*C`!+<#UKtUxCCFx;dL}VXl1>i|GTqDxFHwfM{x4DM0_(E~jD20b5u1h)yuJYB?gSX6-RaccsUi*X7R^j8&!`#7J7;Fwgzx+LkZg- zRrnAky+F`Lsq0(Jjmn&1C$pSbm_$5OVupvzkF#HtInrTG?8)5aUEQ!G^$d!jqP<`0 z=vTTo3sdOJbhIMFVk>ohjUD+7?8tgKcqNmAZRCqWJRtSK;=5uDGoDdSXA2)}8vas` zT7LT~wnXgoCH#mDdM7X>p8?c33wk$}>V|{fT|m@ULNa5y*V_abbvkoZTY}^ux_UKr zbXns5*Rs!#$;-DrPAJNDw#P)9IP3Hn27(kq2>e-UCfQIMn3JiD^KY_;?b|UX1Fg)# zY23D16KD3Y_jrtt6^3n{$93mAO4QFl>oJn9T|&xx>|I300I^yfejp5S-KVvAMkh~e z`ZpWlFG%ye*8kG#Ma}FJzZ1jI4?~kD9mFw3R597zF9V<=~$F8)eP-cn&|Ad)`=}W z#IMIUXK1%+TROIC@(fwhtc^|m58b)WNdPK+b`9-b6(zq^mJs`Oq^^v_6%qLa;W3{> zyJyu1u`4sQd$ky6+BjF`&fg7^{JW6@DfQZMK8c&9NUT1xqbZY zT54Q4*qd2l?yoCI0(KMR$x7W;&ZTa~ik{M5u<{CcFaLwti zcb04341-t6@<=YqlIZxn)b%fMy%jEK_uLHau2#hhEZWWTfpF7^Y6g_6Ce$=JA6dDOMZ6^-!25-Zn(#Tu37Gx3q6Z+ zdp?J6AItFV*_I_+OjfMEbUnU(s>YH%`hUc?-WOOh?+Ywh3QHEW^sZ;gYC)bpSh8V! z>y5Ga_KGjyTfOKwoA)2=CY;q+6z3K@t3sBpRwzPB$Oav@!4s$Ac<7kvay}W(wmOp; z2KQs)5vgarWy@vr9DJxC9eSe7JC86IGVia`DbtOWq&!{DIRoO9O4#%GBWLTlIIQF^>rX>1>S~+C9kWFH+1sO*_YLb3x*nE|T!|@6!WF8asGbSi zt&Jm<*@nSAW?65Pxt3&NY%jN#lg?w_iGG5;9ma0byjzvr-aSQZA7FdtOI&$MwrlNyTiTfnasnUG9@C+iXq5f8p2}?4tHlf^hOw_QMYY*|sYz`i0Fvz)^4c|7 zbYPjNRiqYFFK?Bn^I`&0&>T^8bP?PNEy~5yMVrv}JF@(UCC^gat?V>1Kjax%eJ?2* zE)PpGw&vz!A*tu(eGmdb{5pc@Rn_8BVrG+!5^9M}*Z@VI7N{d!!K`X5e*@yh+I5~o$}=J z6t?FnhF-E!x?ZQT8ijF%dfpe|C-kw->U2B;rN&KL zd220%7`0__8@=zPheb%QkB*PNp~ zn@J1tU$rKcI*|&tRA%Sd#BuUWal~0R;h?qRnVR!4EAvDyt*!jJ_O)BKt@awWxm=Q3G2Ck&6CLpUb-$6yEA-f=@Ve8>rR}_DTz5acm@2M~!#UA)+K@-g zQTdI-uVXW1{w+6t*LC0Gr>$!7USovtT8*gehi|$5`@o8@FC?q_pDwtaiRtVdf9q72GPne9rGj;(V&ByfJE9GBd3duckeqco7~ zrs})u`sz*H=G9VVU%F+r_+|$GF0Elf8hPTwe;+U?xJyG&Z$zzfspcwmZUuk+#?JawICGmLoRtFb@X6K4p+T<3*1p-01x?D@_@mUci2v&S2Lq|wY~ z6w1p41rS-v(PXk|la>BY;)4RRWLxu+#!Bahx5qSwvTCVpEfsN;99^KQ@* zM!z%WPOwpyZHuOkj}FWU0dI{U5zU+!=+pRZQ&nY(*F@n7V(^aVz3VZJmDGgrc3C=0k?n;`Kjj}=DVM=U-ppyrPMvheSW`O?UhM~qHz8r^l5aT?XaAE z&!^Lij%>psqew|&^ysl6uK|j(i5g}%Y!B-A&Acoyo_n8fr<=V}WM5}Xr*S);d-LH( z?c!0HBmVCpsFRlw1!QCd72f=Dt7~qfh?VC-4~AhLm8p*p)k(GD0d85p>{BT2zDzM` zcK^>)F^v8WcwIvsvlYDTn}7Ru%3(k_b+X~$ma;%j39NX%hZ#x5<*=?WG|c(KM1JjJ ztZH_<#GZHw_@~$cIR>j5GKZ7+roM!km+Ty@MofTJEoVlw-E<)h+__{z-F>o0n~{C~ zhQ^}P$Xmq_sixNUA4;!47si`fZ!64E z*eJ!_b{lNZH%TtVdbIMs<=|Omo+CD6eNyuTt|C*ohNGBZr)Hg2W!C8mThQ4m$1=L| zcJduNC)g~pDd|U!!z3@F4{_nTXtPSN9RX>wj3ctq_0WfcJkVxTVAW~dCMu(Uqj(ke zI%a}wUi6S+^2l8G#U%>;^IuuHO!2Cgf0Cjig-3{-Swiz8$s8|DhkYIh>oQ%r0y(*e zDSK>-+TYt`L)+?H&v0(Zv=OZ~mN4Ov=}zO>!ug2Tuo-6K!XT3rnlS%@>z4}zGis@4 z034LbB-v}Trpsi6+WS7$7DTSGhGWpG*t)pNjo;6!()ba^l$oEEq<)dp*;E>qqjfsq z(R3$k?*9);OE@8lqZs0eic1nYSetmr#Q?N~(;5^hI8EYitp~hwb@d*OahX66rNF#{ z6jC=w)G2voTgg-j8^V_CsXt)2JV61jeQNuADwv6)yX>j&C&y8GL6tmVH?lSGWXRoC z%aFUI_SN;IluyZ9%#%zM(RgCy{4?!_!D*j>wKyDEO~^NeO7Od2?(CQlb`nr?tkl;^ zh_*rh+un3D!u3HnygNd_Ak@D_!+$7cHHR^Sh`yY6EJ)p5Jfr zdD|S5a*(d!CsB~LksK>bJ5%tKD!!QpOH$8UbEKK!&m@u7DmoeG^Ts1-g}Cr&93kA` zpw}Oyyd3V>^_xe!_k1=*!*gId$9YdM7el*gc8SAmE*s4Oeq%&EwAhujifv-q9Fx$o3;b^A-Ho4y@6I zBv%qFJ0=U3bulGMBh%sBR%qej#}K;7P^T=}8D|Xnn6{F5fgYkpyxyDZN zWM`-GRnK{|P^v=kse2%I)Gx?#qRre7^ZFA8ZeXVYZ!h$x^<-Z@QP26s#;6*})-@iszK{#ibasnY(_(f_k73KSt)LJx(yqrnS!cs*-y>Z^KJ3LrDYBrGBBHp5nD?aD!V5#j-zd$b*w3h0rd%PNZnrI#MY0Y1E{WBRqW5yQ@9o>k9gYf_I!$ACSPHTFgo7 zp7y?y`aOmqxLs-zYDuVD_dKT;+&fBe9ftR%F$@1@_D}l!g1Vp}mrIvvgy$kav3QzL z3+W%bs&BET?b;BdZ~+3+z+f6cIKBo&v5*SBakfr?>M>P#P9PcQ3i2~Ls;bi8$o8gg z=339&B;0QUi~@(yP+k4JofjKeHU1#p@Ju>n1--#Sg6*Ps6a6 zYcqNo`9u4DGu`@fu`qRtOGR_8i3#wUx@=I8Au|*Dwj@e#6mu^Xa&D-vxX)=A!>D<^;EbsIGS1TDx*}h0fhG(-So_$~gy=g#ZaONPx(}HaL=Oz}ZM- z1PUaRC6b5&Bmn{g1_3h3fXF$>WH1H{*nkb@yt{fNeC|EZf6qm9nCkATT|2D3!neM~ zvdG@<1h+bH^Wsqlj!x1CyiiJ>RN4v``C~$I>ME z!BCav4>4tngfGbgAe>`bnwpu0)-lwHrGyij75x3;#_g6|Y0FX-o&zO^Spqu?a4e%O z0!KDU?vK*sHNB>qwy5A^)BhWZmsDQ1gZ5nWe-TfdjYXtO=v{;*j*RZB+u5k@SDJJ5 zkhFgn;6WebL7$A7a171dNXf{%1^qt08>=~gnSdplOfUaOj8m*;;%+!9!8O_aL7>*D zxhM(bz}!k1o3}0ZB`aogLQ(Sa$4U6xFzoBKsxlgz)f^1ap$~LCzRW;S3zg{Uw0J8G zek@O?jU^>?v#J~Hw)r%B@@2?2qT3EkY%^Yk|1TZ}%B0{4m zE|GWZs_->dsxWr1;;X}&+EvHT00ACVfN#jlx_OV96xcZDkvgEckY04v3vLW{f;kRH zh~3T9+pBfoV7@iXCS5|;Dvi;cn55*Z1*P0@neWWYuw}ttmA{xJjqbCv>T%}zBkOsZbI&@KGN} z!G;p+HK&oy4IY-a+UKdK$Jk@~} zk7Q*fJ6Wx%x^WcZ!Xb4ThAkj^jy)cNU8ZVgFCB73E2(LMP)gP=fE4Ms*oI-ILysf0 zn=-Wmh2*fe#8|@2C+7OeHyH>tkmJe`k z&7m-sW@q#|oK4GMi6iU1V5Y^PmP*~VhI=g?JF8<(DN~+ryv-%e3vBCraDO18boa*o z!pz<|y^hG|&gfZDU;EdllVv_NHBvtk>M$K($s7K^QrpKdTd|}TF@M|)SBHE zJc+why@|*9(KnvfBch9Z_d>=39-(}`LUaJ_Ift@NLEb!I)+7}R!*xofGAb3Lm?u z(|_>Lgps=F8@TbA-^}8$6tzRKpa!a4ohGLZcVM}Jn33+df;^nA=v%}>_vB!+MH=+w zG)Y@GF3Z5TAw5EE=c-uRC($elgpf^Ayh4ij(Q5R-_aN?3@~~C>hgIxX>028@r_`*& zwZd+zU$A#!&J+Q;)i8MJp~2K+-yn^bN=Pb-K{(ghV1+lKVFj8?wcab+>0ap%Y%Zmt zn_?J^$TwYgdsyete*C&A%`O{5N5BYqo@JlIm4bQ#Kk!_cs(;?b&yl7@Yr38bHvT@G zrn}73?eCxF!88~Tvy*3)ylLkCV)i;vXBkExlI>Fms;#Ed3gmr*@h%stmyNEsla@3M z?dDW-j0?Cul56d*t&Jb8uU_Hm94T5FFn);~k_xBs>GS6ZtX7K6|6+_e`XU+QkA}2# zdItt3MiRzNFvOf^PDqH@nCPTI9FRoon)6AowMlsOC;P!6sxp{$RG;}*r8!Dd!45AH zwt?Sj7C}hD%*&C>zhDqA!YUB1pa|w2mAY}pq|YC#8!@eKlaqvIoGWAO(G2_VbTca2 z1YkX=EKR^U7>vLTYyKqafL4JPxwW8Ow`kwP?G-{kiSWH7A>YSVv#G%1dUI8tLL|M- zyN-!y7(0?(4GSO zNL|-AW(`v}T#Gb|uQ0p#n{lWzpKfC_e;Kt<&jQK|vEC2VXWHY~Ha4k z@C~n6s1^Gb=%<-@(-pOa+M@klW1?; z#f+isWLZwrdeYU%u>c2Mz_4Z8@b~l2CD;#~0}m&5C5a|&e2P;VG(v(6PKRM0k)(t>wN%T-djTG}a42@}!TQlYT42CVDK;*;5>(FR*E!P@l?hPT%EL6OWf zbG3%a)bDbD@wh536#=WfT-m=@u#ZxKCGlB`RlII`MdE`_L5T$W2T%!Ni}R}Y8tg@P z%23Ybrso=g~$@tA)aqt>rnre^>Qua-}RY*GYc89G!OXy!3gc7_Y1TFck_; z*Q=F#kFxJq{oymDQeyTb)2rC;P+2p4oLvBqEo@jQ%@3(?k+j|`9fLrS1BK&DKfvU8 z!sLq|!ia-O^@@^XlP8HBIE_Rs=Gf<<{Nynp%n{~r2*#LKewjTcNQTZl z%{{$^=20>#8J-_&kE7~dBfNveMLc|tq(hl-HfbfTkQ<#Fm>G@Bqh2QBDd^-VTxJd7 zYb{zRzb^_n)9*4f;tQZ?5xzK-VQ_I93}7B)-G~rCnCYJlr8SyE%1%gHJLX4anc0|c zI2z++UQ5zU*Q)X*<_@b&xx_q2>MwTs@>2b;7tQpqU#-G&zf)dQw+OQh-JHfs3|Fu)e5bJ3 z$(-P*ukB=#b+1ikytTnrFWAsnjAWm|9C>QUQz%vNXE)|s{fAo+=H zAK&}yrvK|-r@yP8Vsqoi8>uT^T-IZk#iv4F$lBTVRA z`Dg6}vV6xNd!KSIQ~M6y&HjlyvN_j`Hx8j)LU>mY;`lwB+}OOIb4S_v9A20@xbZ%e zTZ4K@nB*^-P7A4Q-Y!t=z^YkM6rD?-b0;QC=$#Vxa%S;}Ffw5a3RSzXxBc|HC+r_Jx~sFPz>CstOJqmxdx;X5zla?QTEN zKmqBNh_Yccshny}ce1fR4{LbDTH*uhyQ4~xey~P6F>6C78Kcfp#!oREapF-U1Eo;c z+hw9~4|G|9ovfBaQfnULzztxb-6n|tnJSeeLDuT>_us6ZI1Q8jf_4o)pkj=|ZoGgk zA%_l+=LNIC)*QI7DtT-R#7woa55X{_284uAkBWvj;ih3btMA??vcGA1;bAh;8Z3iN zKB(f}JIb2L?f2{swOdcaM1Ruu#(Gr@?4SDI@8jgWOglH)p{8h^v4JaWueYxUWJ=cP zVXxbQrCnCrv2|)A4s|m@nd!t^M*S`dpcy@Ljd#^t<82-)ZkyFA)TPfDJ=Hb3#C5|O zU7`Hv5bak1%>NU!*8SYHzA!O8NUqLcLyfMx0`x|O3BqKm0wU0QF#Oc1q4#s$NvqWX zoU;W={_z9>tclK~*4|fZBqrCSJXN3BW0r}NKKl=eJE?h@*y&$=m!ier=2XWx@0iy6 z#2g4Lh1znI(^PnhvQD&|ldNK!MNMJ0i12DRx&@?}pXJu?6&kc`KoCD3cPdJu+E6vQHG zhB1@m@lFa!Op+%-uFy=ROv-&r+WFD5Oy(7go>n`V7VIE)ha-Ei&4m+$4k*{(){Mv8 znj%JW*WSc(&)+|I*`&5d2c(myQDQW_+Lg_g^DL1O%0ZGyDwk3^GQ2`hOvBiNF7|Qh zkWoeepP6Era3(@)i1LaXrlZ#l!>wn^Al<{HriXY6Lp+&BhDVJ@%%cPPt)32AHGHBw zX$r4{cpYOr=n(|D&vrIpafQH6oSQs%115#5IyC9zTekDQ4UDQ1eq_3znAv)zU_BN7 zo=$~F1cRVkH|(D@iwt>c$Ghefx^NINEfny0k-7-Kwk%Q)sr2PvcKUKU2m3Pzx6X=W zskAH;%wuzz6qZVEnRG3c?aq|S8M1TwEa`KjInJt{DcLjRSeoCmMw+gZX6n4oo0y&S z0F$de#W)#1|4SH-Ki|DbEm4X;I9K4jQK&DRAnD(m>dBlO8eL@6o!zYUrHPrVJd0p4EtMGRm(YDV4W)N&OwDm zNtNJuTvW|wlVkI4uBF(-8X8ubSIt&-Z=BU2wPI7X#cCGxmF*}Tt{s(Lhe{ur&XCG| z*{-0U)tAvy!PH+&LC#=$-<)a24x{RnYS4*;x=2{vlsrnys7{L-WvqH_1W}|j!bqF-mx|YCiqn3FMjq-KWO6C2H*gi#|8j@GyVKi z24l5$AL?5~8f1w}W`W5D0$QE=&tnLfI&o99Bd(qxJ1lup^4Z*!Vz!X_YcH0=>4;+h zBDENgMeRyQVzo2a{fpP}Is_>23)Op5PYKAl>CPYNI;4hC|BY%`;jV35?#c>x@^Xs7 z^c=xjWT{k}_3~RIelrVjMLhrDLvyIYGQTL@g|rK=){kc z^1!-4uK#{+?@KzQ_2ETG3|T6B8n?y$EqiH(qI9Z!ySPsyjOF~ey3(~4xpHyruhd9@ zMefLN9CMMID08vv9S5+0Tc{^Fx99z_x-WL`j~yv96@4%3bc7XPU=a|# zJf72zyF453AURd4FDexdL*m?}XT11%ui+W5P4;tRuZ;%J@b-2y>gm zjy#bqJ)4zhvhHKqVNM@dIreR6i$kjk`~xbys+GW2oA%PEdR{b`U~}RV>_QXF@!*vW zyG-1M@T)r>zQ>xCe3`Yr%F35nO^PZV-0I6Yc?OS8_(`sX_@VqI%dt0et;p3*Po7G$ z&nEIrl6^UmzXa61x4aL6?8|PDzP_9m1qhH)&I2DO6v-z0_YWH)%L zG>_~A_Z;yqH`Q!*5j+T+6i?@h`(5uzg4NuJ@AbHT*r^6Zp*PDdkq*vThp6eOq8^&8 zMX4@!cy}bJXnFYKDnZ#_2{~_OR_qcTZA<kne^+4@uY@{ub9yA@^6~V zbZ6Y5wg;v#`*?FFYe(6sti299OApVx&fSgY-RJI^T_}5J_mX{w?310;G*LU~&@eos zXNd7K+@n;}%b}vy<#1Jd#dLKywDVxtLSkV(^@g(EkHZ1Y>q6^`P(BYGp8uf_`!6TpHiFz4S^I*lTwiQnTf~9zQQ}@A zUN;zzUGqP7p`=|CyF|L;KNjr^O4hDB&9%=ewf!DAtqw1?5DJLdIkLsP=Pxd$TS|3c zljpA{4~c1cSuE$~oQrbdK%)5SNGtbqz1C(aDnL-BB7c^45Y$aR2<-7B9BO?>9gbk6 zaKc;S9_@6Pw^HHPAo|E6#qW%d38xjH;QknFLVkgUR`~u9KrIqCM`bo9&va<6mT`UA zNES4z0wAf{(qQSS>5>xR>TzugF^yTIpH}|4}I*nB%B}Rmm9w9o7&=Hs`nbeWsNQgii`lUKjGK zxB40IvWC%@tISjfsWIqUl*4=w{(ZP@-{=jwCHOz@K`-0dDr~=dPz9#`lt-S3ThE~S zrsj)%OV;t6K`ug?0*@ZL=|KUXEAjn67oC#H0S{Gq~V zJX>KKe4r>v=Eb5cErcry)2M||2+uCaIr;FsygXW#W8)_)@=iJPK^b)XGx}GbRH!xe zn*QX?3YO2;`q%|kj3Z82)0GWI>S|%f6w&95j=6NRNgp5I{$J9gWWpJ2={&a$0LcmLKl*EYA zOd%{YA1YxZf5T43`_|45p8E_(f@)dWPVh|i)qsElUly$Y_<+#p>8^KJLvQy@bEXd` zW4nOLGSGOxN=9NVw^X^;C#%%KyIbGqz14!sosl?aYTk3R>AEDmA@Rb@>Y{r!q^3a< zHvtT<-{RW@Rkb!ZTCEasfN2v*p+x{Acy>FnM~8D41@;8Wp~px3Q)xAB`-)u!JXIxN zUrj1*wRh$1ty`F#(EHau_4Z<8H^3K8&SdTDs{J3RROQ5m;Dm-?aYJxiL&7mro!KBu z8@Pit4KT~$TG7$5P9>LCam8NSAeZaU?r(r`G(i?afg6qXVTi&UnyNKyk#^}ks-JM~s9~)} z&n1?zrcoEw(b=m2(z@`6_A@~X>M{#h&nO>YN3*6)>rH1Y9vlb=5s=VR#>$`Q}SEM@j z46BU-Srr}B(&WnBvXc&Dp=g?%3d3jLbh)<}yEFoF?HV6Uz+Ew61~7jDRR=hS*-4Nu z9~2xS2U|Z#ZxzQDk(VhL2R=~`-s%d3ZPpGtw&q9|UJvBIIYXa%7N^$n`#eSYcIg_g zCVba;5aY@`Q^kulkvgsc`1S~dsUQOHnQ*fD9)F}B=dlR!1Qp+@7o$3cSQz0EWqy}g zx>0VegSkmKB}MrK{@@Zr*o<}SOWX;mKoc^&Hj>PrZX@n;siw7ze?YWpx%^~>j9yNf z!`tkVxNF#?WV5)`XMaPim(hB0OkOI^WunHJL**l}Kfx#JTrbWIqK+{Scbe@?u*Je( zBv)GQ^SjTo5Ha-N>ZcZ38-k%`G*;Xb? zsWrr?S0NpdD2T`bP%n8WiiuA*GRu($BQm~GtJ$f>ny?SbJAB7`M5lmgDo2gr$)I(b zAWT5YQXLrOOygGbLkq?(bE(fwiY=QMZdV)NX?>W-Xq9XvH^Y&lHI8wedZva7Jkyr|eNkFkeSMWSyeHXPe&N#Qcyr70p8{Il#LJpheJ} zcahu^DVj_n7yLAioqCp<)L}Ai>r$ASN^}@SV4$P<5lI9(s(;w{XhPn2Sd&*Pb9ZNd z%8w|S}}=z(*2F+nx9JU1Tv6t zCvo|U5Pl{glJz>Y=Ru=qHYtspTE*TL?p^{#eq8AcoPDnqKdqU0H_Q=E6KTECD=R1b-ou<3<` z{zzX!sj%fe4Q-Y|<*Gh~&b~u3gY$hVon1qc!Mh(FAM>ynN0sy5G88{DA(p!YKofb^ z21}1(d7MiK&T$vJWfeDbG`U3|ZJVUro89!7H9!WtO2}YN&312q2dTo9hNa zI&m{v!T$%!1PXrXTQz^9j5^vmX3)_M$J{E$8WY+CKZKH){7`3kCZhpfY!)n|=Ob6; z{}hpS;KeSvwb>GTba9|N3<$p!G~mv1@h;S5_ zqRL`7Gi3VV+tK|ChnR!+FjiPa(zHOAaeW5>Vv>;3aH3@*Ea{SG>_Mr;`48aNb=@{ZZ=R`G6=B>nSRDIVQ= z48avXx)zS)hpp;jOHQ)fRhE63r4fO0hKW-2`a#~K`vKm?3!pcu9J4|edUNBVTyLRA zfuOm1U*NhlPKEdF2PY7}x!uB%vvp4XEp2j}nuVuhfDR0!{i5wMJ9|UHRjnH$#&KR^JHsnp`8% zwbIsLHpcLQP>Ti@scW!w0pVyb0EeOctk-T^Q&sM-rv0ipRFyN)K=}0{Nbp| zLbj>;!QoSq>hVd?XPfZcnD+ZKO0C8{O~A@iLo_+!ip))F)Com4*B{hke zOUMhGC)N91sASzFqn%~k+z;|$uC-V$Y!dPT22`t+Vq>*|;tx%_em0OWkKP|+Y#^?N z0q*MX??$OJ?>`9hK1kV(D4MN&>Cj1)iTOz+a<~&};~AN*BkdcY)s~~n$4p9xDoO`w zMsu)h>4-smIeV)nA3=am%pd9gR86ucjz|ZPoX0D@D%s}&{?`CTi(rsk<5kvp`RhDu zlZB(l+Un?el^|;2QDwhj+jn_#1L?QPRcZ0ShOC@xxffW``O3aPwNjY_N9T23>gp*h zj*_5e$zs29lArxMm5?lTvTvQ>Q;vvC^hKtE7yop~By@EsAZ)L=;TF8mSt}Tc6GzP? zb4Y9bGgWbH>sIOU4k1+S2%2Q>tC>URsqa~>b_F_)Jd&(VZM~bKtgCS-f*+HP#f#CT zT|SvESQ%|*UO6H{k&6I)%_s*_Dh#StDp{Db2su}DEiBS5DkG>nNB1x=^M`7kqF5K6 z{;1@b{8n*kJmMFR_vIwtUFG{PAA|yX$DSGxOj$)_-r1C1PB#H9rgzoKW=&1gl3xRl znADgT`Bb0L@rwihpw02&JZc9dT<%+0-EnjUcT+Gem@dN#C-0LTDfEGFZ(#e?aJju1fi6PK0*lxiI)R>C6g=r9T9Hc0#0;32lDc*f8x4!RQ%KsB zMc(7}m$U3|SOXhn_|bAq5q**9-~N4z$BTP{`2C(zbq(@M?Fr1|KTLfUeUpBNsloln z0D5)$mHT=W3rhN_zGlC+-q*parF5mV)_=QL>aSpv@5~H8-K4HUafylc>D=p4*3PMV zI!tGUHhaH!gvy;lls4nE*St!>Y0rCZ0pheX)kudGAd$I)Yk66asH)8m`2-E6wBuMkr=#0HZ#;+U76E4SGV>*%fYSv1eZ|xh8DA z&(eE%T;IdT>D$}AUy@{r7^??f{uya8hAKpk^AOmH7us{Z)wt;VLeT2(rWry;gqSd3 zhz67C90f7!GPWz}H}&%&`c(bVEv^*%X60Ni_PLI;g&8#*=|U9&fbIKxNE+z5eD^6N z5N^3I6&2C*&^jh*#3iX5Rvb*F54WLGbDGL6UUPw9wITb6=k}q1U_45!&S|1BK!A|Kik?N_%wF+bT5ia zKLXo45pc!j`V&eVK!jQ01g}s$B*qDtUm59JCs+VOe9-6HFEpEkFv(DY@tz(X!7M4X5s~2ixde zT;8@vt4ZdKdSqE4pX+m5II)QRL{{+cDEct0oFtUe-P8WAKM<|&IejOKSeALRk37|O zl#Ri{d46tBD}0-b@eX5W7#Ax_h>oLX&Oi%j3xpw{nWo#*Ae{_Bu(3R<))D5P9SiW^ z!-#evz)T9`aNaejq4FExP>1sV$H?44NayWhKFw%oY25RQiPhaYPtWp0>gwbx^ik%Jiz%*Rpbv$U^s`Y}@wsH0-1MV*9Q*7-YYPp-#TB z%HIW*TiX9bMoA4G1V^MEV1kA@)P~$ZNMkEhm}3i-ue0GICb`G{$}~6aa{kmLTFJsd z>0Bu|J*U%;<{VHC+NYFiqE+)D(}Frh=UbtH;tQj2lsBFj9k)0Jw~uDM-zfW~>+v;o z$w}Pb$)<5qVN9%1aV!id3(&;-k(f!K(`ulc0Lui&Af7WIXBLhS7AX0eAi}X+IxJcX zk|(ws0xIA2x*Xn5H@%z0I#23=!uMT&6eL)v4!Lj6gW<67P*1J=o|>!pxdWwrF# zSts^-8M<1$D+Q$+?E1Ot&_0J%4)qQT4-F3MS|{1{EU_mG-MV1oa~^KMXb2dl(tASI z$R$#H9*u@*)_Z~Ve&Do|QF2yjT@X5d_w4_8VH?&^+4?l}UJunX$OGJ;4~EE!DRGuc z^scV%YkH-`&K1WLRP$I;>@n|HQTbp9#o<*BHOdX3XDk(8$+-~Zp;$hh(`;>UA-|II zC=XJAnBciwaA&UQ=U(!%cX>?0die5uHV?yiS}5+`rj{xhruqQ-4z2!rQg>U&sz*%O zO(SA7(}ic2kWY?XlL9V?8eScIUoun|@Fm)FuFCdFDp@ZHsqNl{CtSPfFOe-K0hUXo zvP!1Vw@YAPx57@!7TTF4G_SDJKyL@R zP9>kMQ2Lr3$R1;V9}e^eyMuUTAb*T4GF%EtGXxV$nrZ!6&Gy;N$yv?j%7PmDUq9I& z?2l@k_+LkUVE@-&!F;szfw%A3f2t;MfCnfwjC7>$$Ts&1mI5Y(_%fJF`q-<3ZBgr zp33B&#_7uBzBD#3BVd6uswo(3XUjX;roQ1lPw1f8jf&*x7cCQQf8NN!fDPt&!qF5WLmgd!cw7}D@7E}kGwx?ljtua_g%iN9XXW7NdKWwG;hLb}0p{g=6h z;Joo#^+4K2&$}o|-x>agoiEPW70!3QiU4VA4*l78@~2=B)V{>tO_)_AN;g5e!5^lN>?* zEJ+_aPOvkHkJE93n|O|NWO0iQDz?)-O}%rNgqVB=zgRkp-E^+fRdiUmUh-+@AyR|& zP}1C9jaBqfQP0fHF8lNHl2wTRQ*+;O&39cUs0q!|t3~yfY<>Pgm+`UW^!#&}f2Tz1 zWa{_?Cq?<=qx=ad8KwhYj|$F;f`5j9!QTf_t5co6z&lAoBNGIVucBm(o+O&AC1T++ zB{U}nF;4E2NrJZ|pU>yI@WQ zz@wzYuw}g-v`a{!<;iHJc!k`8RyCWJb=;_{kfS&Le?Gfui_fO{x%5_A*6Q2BpH82i z0Ne^I^bN~@+mg2||6NPovHbTfdC&4cu;j0n|Dh#+v;2=O`N;A=v2X&jIILKUOe*v+ zkuA!)l6T|zR%VVlSB>%qmf^T!J6vEd61$z`HRXpGrh&X?=RUwA3gqrpCwa*sv;G@t zUQaAF_R9le`s0n_ttDCQMhVkDcy2MCcbk>E-nDLb{~}L;OBL(BP;dNfG1xW;h&bZI-N7_G0A% z<+tRj^z8>GX#H(ofm_mu(Z1^SZQ19yaQDD$w%$F{nSc7eb$n6R@qjDqJiJnvY7jS5 zz5~;r1#yYH)wCMPz3-UL?8#{l6w>$2H%h}=NX~AQiEAmccB5dc+#(1KTwoeNn!SPH zS?l-RWZ8eTT!+GUH+t@RZ%CWno_PV9Fe`S=HnrJvpY)oa@Ji2`)@`t9k3ol_I3AfH zOas>e+lXZBG{Z+Aj;Oj*DEnT>PDJ4&_V{5>k$j+xv}>_)g|dt*me zIxqM-HkEawWY-c3xI^qa$(31?NsSpTj+>*@KhwcdM zI|F-FuJw|f_oqO;6x1EPPXtL`AW=OolT0`7A#n;`mu7aRM*{Pqpm9ScBx{h2E(+Po zUjz5U!2Vlc|1+?j39`>(D0y%L74i}M*61Ei(xj;mqXE{fo_)KQXw};)UMhKWn}PoO zRF;eZg!6>54kG1CCzq!7c~w1R$plRZ)ubVArmbtF*=7BX^d+`r=xPFLZ;Zjx zP><%FsEafV(2`My^K=kgm=tUuz!sU42t_NCj|W9$t!fOahB@fjzy`+x|FN+I`btpU zH)Y}tXoU{?9DlJ*f_^BaU8uLMvR#BlqDW2q}VLzo6XBCY@eTSS#aG zu{qwjI)Y4qVoGk|E0>hFz$;_C>I8j=@xAZ@*oC0U?6d6>XQr2!!Oqx$naZj!T7B`! z@1?Oig)}V*l7L{?_lIi9jjUo$R??ktrg1{tU|ARX_GNyulRca5^m^Z4>zkv(k!n=v z6&9pRO5X++yxusc5KZe4!BM_!3@5ALn>{ipN zu9L&{o%}Mr2C;)Tvm_wIxhgpV0+_u6H-U2X4LD{fZ-v%}FE30NA}UYi4-~2HB8?{g8Y)rLq{txiZ*HG#v#t0 zHiMgIg0j@v{${1a__Or57%O2rz!h{|-I4WhCp?N1rU15|!dtRQ#-=CCrY8jH@_7A>Wao#8d0#g7tUh1CdLv7%#reQ$ zS`A}A>xbI2P$jIafiz<|ZFqxj?WL}1|R<9DdTAZuIzglLe^Q6mIRIV;g2!uM% z<^AXLBp+&A2Y`=)!hCd>l}JtMN`qP&81_58_=c+Q=%AL4|7Z%z*(?pf?Pr)q$G8Z{ zMwEjLEr@SHxtH<1e?b1m99pBsdUBicu2c5yDt9ZJr`)W9OK~(r3|J$NerjHp`0y4d z{>Fiz7XrZW=ZHj9>n)OdPO~n6m4kS9wp^kxMwpgd*5YA|!*Qkyl4(HYEuxi%Odr;3 zKF&oZUK6cI>dkf7duA#K(pT4?b`-@U}LHrlRe?h!aLq-Pu zny^q`5aGz~G#_UsHR|iP5`?5hf8z8}>N*D$#)D4YtF@p@IKc=xpOjPgBDbxtEOjd@ zTz|RiuW-HBOneE0&&RC_h_mT6yKZ|UOL#_Y7cC_zF-Abz>lB~#eOQ|C*fOFUf#fw)x}8J z=6pn^>$a0bNQBs@`m7pELR*unq^YK@G;w=mql{|Je>Z+|rzw|ROH z$+z{F;n0_V(`@@csI1!@U?hj6BSnmcV|t9nZXKh5MnKG}1=nke+1P(x)#zyLJvF6> zQRI)O_`C5q+-2%ikIuak#!NZagP&7fMzUKGb!Ge6Rvk+-W`*TtEs@zaJLAnIPFnoT~@yV#kj38cHHK*pc4xwO)Gku1&M z3vq4eoAC)G#FTOWAuC7|Y+&BCad1~`eQxeJy`ophM@*6aM#q(~eg}Qgd(gRKGlAR^ z$M7Leo0l|gQzK7J_3?$8ls8o#6Z0FrUmZB<0MF>y#ke9EtZ~*lAHTjW0Xzk3%7(46 z89iHcw>c2?b##+2OuOWLv}v|lp6mH};ZWoLpxv?etNq@4BE9 zDB%q`QB#mS?xPhM3||3_svgfRJT@3aMj~b z0lBDKf{G|%n(UMerL`Z+%jzQmFtylBUj}^y4Q9t->3Dl#7Y;qeCK;F`tbHOkCR$7{ z+F>Kdr}n%N!EQdR_uwFYG|@OIGkB2l2_OV%;0h}xXE{~G{e*%1<5)3=mnW3{5AzBu<`vc8vwzxRV9CfrpgnsbC%KhRcPrM|N|qt=KxO zgLi#8V{&5MiHymx#lr6Mntmz|Wg4wEjoZTN0F)23DJSYfOoDvu8&Cm z&*DEK=AZewaevgT%1)GrnX|_3eT|#F%{2$xzp@tqiR!WEp>+|4_F4!e4A)w9U*-HI zEWb?+yYP+BdXv-!OfX)Y?bIl&ie_TCy~$F@L>h-axN9h-auUiZH&{Ocd?HFQbO2&j5_c0ibNR4g00( zuwN^P>V66g`DE)i2rN&NO8U^M;#vHPZ&FN05&>w&G>S4MJT6xH^$t8x&y3D9Cgc6k$Or@ z5)hsd?|JeBi=XIkM0bgLB#PbqrHT2Oz!_&!yz0gDlb6N%I7GjWNt82;4?#?5rC7gD zK+55^HpdW`WOs92XmOp;#jnQ-Ay)|@Fp8%*c++ zmWUX!ulx88HB=2-E=ETcOQ{LAnjHUF@yF zBVCs0(%3m&DkOe@A}x@5PQ$ju?%aqoMEGi zgz<1*kAsGcpZ3~otGX;=qY4Z6ql-vE~Mqy^Ygpx*}L=K@|!zPp#{ido-@37ZV= z4?Jq*_Q23t0MZ#$GnF}w4j@r=x}s~2XgxeR!aDq?M--s;w+-l6!i3d zg6Of#p9U;A)FGr4bts*vtOJpVm3lfsZAw4mUi_cN1!kLSbo7nDg>4ZlhVt1CVH4J* zo|^s#$PTly0dI@tRbkd-pC$8AJ8|mz^U0~LOI+rAAaHevJKdot0~*J@qxbn|>*8y8 zD#ViIxL5C$+m*2eAizX?`8a+^yCOP}C0U^Yk7z`=mCMi!#=HeR!XxGoN6A2x2OMxe zl7SGA^Ij_>7o&W{Q&%aHBL+&@U=&rvb((giRRA>jTU$xC_THiL zB7z7?cytozDkY~Xdl|1m6cut3=LT-QzqgQ8I_K(mr8-THQp5wMW5YO)eO`W$-r-&K zJItkb7%!JWG~|3`e1=r@F;glkL=Dh{KbllVaa4O}l7_q&X9jJ(%vWqVnre-7V4Wbv zaZRg3q&Tm1H%`4$-{V*w-Dq01V~bq{7gD(krC2R=km}W}!fDP-n0@iU)o@FK0jR1O zUE90+_5F@!ox-UKCxf%6>?IjiBXiY>+x89@^18n@&)UJ9UGB*q8dk%p@wZuzOHvgO z^V}8f4?0b7SoU`O5>`Wh+S$TP>&HXExZ!$zU233n6e=7995ta3rfm^|G=RdBd1#Va zo<)xi?GEngh(9TuF+Puehj$sZ`Q+y}yH$^#dqhE?gqya}F>_F|WPXh^kU*83psI_3 zR8rmu-Py00U0Zu^S=v%UB@jKd!JotjRqHI;I3LGhGg?Pzb6PI>v~al^sf)FN_;E&3 z(9tf|3OU$Xqhh|$M6rry<8iZ!o$g3xFQ?I(j|gH~6qlO06{h{Us{Kn(^V3XqI)Hd< zshLM*VybC{iJGN-AR}qxk~=99qIf?LaFiuOot#b9qnl$ti=4dOglf`EYZifeK9xIB=Uq}$GKyVeYsLIXFYCCPoE$3Hv>bg9fUrCVD}DmLvM1FB}+vYcuperp-6*c;?P7m7tlG% z@n97H1kHZC=+|)`mrgDH?r>B&9VA$QD}`S_Ev2WV0W8P}_7^*boklGZ=1$`M4hoAeZW%f3cgFX*%gB4?dc1X1b)Wf26rp`7_g*|FlkTc7}}>#F8%L>d=ZyDMda?4exCE_J?b6whe^ae4u&yYY zmlx55@P2t2;@Ia}|JzTRvV5RE!t4u(*KteqN_#*}BPTe=Vg)C6dR31)gI0XJnK=n} zVhsO_-}I~xOgV6Gvce6Pd`|X16~(MY{)}?|LgimZ9%k^UnR(2#S5tO~4LXa*4qwt~ z4lHlMA02CBU^h5njD23ZJ80S%WUbOmLDS1v4WTN1X=YBRvSZwVDsic0T>*?H#F<9P z6?QB6hm-r4Q}S}e=+4X7tmbe*Xog+Uj3krm%DG3X+-S$U1PDr#d$H-Q)Vs-LW%JT< z{W*_}_RQe_(QoG~b)W716IV*^A=`V{?s`aP=;T^1wj2k>E-*(%7O#5prGh8eG zvD6!wOLl>t3s_g)CAM4#-~|w`Ridi3#2=%NM^6>tVcSy9Y%UjnX8nfsMj1IheO}OP zH!thy^HQ1Y_TS<(1Pn@{+y}%S>y5LA+S7gt6-eF(PF#o4ebb<2I~#J7`H48A?Y}E) zthtAEf@$sulx~9cD|2t_3!9ospx?&1XYyno;*17A>5&hsQOVubkJURB(!&hnAl4Ps z=;nb~^^?&GNMr}FL>K~u5|M9oJE~z7f^wl`R?C&aIv1@mY}gLVn-XxqE8(ppqBFTE z-|cqQw6X$o*l?2ftYPNR1wb#0BPE5Mj=ex`vZ(cOt+?5r% zU^M3o_waV_fR?puZ+EZh{7w1KeX{!!9NK@}ezM1Sr#z+7)O}#)fZ}(ogW~TMzH1&* zKDhK9`yeC+ir-=AeEBJXQ5(^#3H0rK?KV!y)SN8Zi2NBBPWW!1eP{BVPHuQHpn4qS zSiM_&y3tNhyKDbHU?q0)zIYWw5}vig>3RDj)VkUoB;06P1rp~f1Xq8AY}*OhHjDSa zl6Jej9kA}18h00fsIBwt^-%lg09AFK>U&Gb;lOQZHCe$q zz6&c1&??@q^6g6?QBs;L35!$DT^BV={+?2!xU47pT~9tu|B9{5$6k5HHVx&KG@9I| z0H;!7ejzTDR2%io7ny5!=)i?052vL7pKbp~OoW}FtC&Ul(693CISKmt1Y+Z1^UzQz zR@Z9Oeu6q7Jm#W0bn#l`u^Zl!D*b@>TDc=wg`)wJ?h;L;h3;p%W$r&cx6>!Xz0^l_ zc3kXRD}5N^_0&DzcQ5fVIxh9yYyEp^HYbq(vGbQ_&a5R^hsp$x%*NR6dt zvlWjXVL{_3oJfa|=i;U5B0y8b#N3S_jTkV<*W0SwJKtr=8vk+RN!PhF<6K7c819cx zefN|=P7d59fvoo3Gkp^6l~eS|lY;g)8&g}HQ!EdH-v>GZLtu~xy@e0Uq#_?s9v3K& z>(56Z^FffEkmQZ|dw|KVu#V_^?uM->>h)TOIOAw?giyMiXIyc&iPWvYPr7BYjkb=7;RIkcPl6@KQVt|4j` z?>F_5xI_*}5wu$XngOIecolB3`EQ%>NHaHahHA?(A#K?M!Z1F@c_Rhqi2x@u=L{*6JwlD@t_N^bosr$bEaJII4rL|;&v)kCBq6RQRmk;yjn+@xotmIZCQv`X7{JbZo8KM2(? z(+jd8YjcAXCn|a9Zi5_3fbC0pf7Nwh2tYgqsn>WUGwJ} zmthc~`#`KqTzojXV#&DSzYZxd02dPz$2tEJSb)Ho-_hgF>)1_OL6e5oUl!J1^7WVP zXIL}+8EWSAo)jj6r>Zuuzi}^eKlr=lo@8VH;@yz*38Imms^bzs_$|54LQuYL+puv@ za!>~Upg(^W>K3`L_mhHC3`%{=pvBQuUK0Oh&54c2LWMC2^;Uo^SFO3#JokcVYGy<2 zU3OfgMob~A!Zrc?Svr3fsF7^O`|ubl^I@F)9-KUUrGrJ^fkhNj0gPvVAwI7#%4d1b zZI43gW1UV{SO%2AFbg$;CIluY%=3)TAWm$l$32GBgB`)JVMFuAdSZs8*kIqWFdNWP zdt*u?jr;%W6Gr8SNWze;$@y(PY^#D=Cynzaz;8?qiN(&hH`Vwr77C(FXM<#D@&351 zdC^-z@2^r{PtR}DSoIyso{KXKdb9ei#!95oBt6N8EubAs zgiQST)!k%)JJFuhFe98P_2CU>{A^~sak^W*&yo8b_ch0U-HF4@!-ZhJI=3jV5cUkW zIKgGbjClLRhp;qsPKsa4dUqF*!S=R6fX|#6+J^nB37n2(=JC27` zW$n%K?R7&?zMzX@XYuu>u@X&MSw-r3R|6t)7Lb?>R28hDf@&lMCgCFN_W;0H3#686 ziX-~IArIQIcc)vC&i7wf1ndej8TuaW806C`EJObiI9AATIaQ4KNWcOmvHW2DYcHJ}Z*2*l-`#4bg%^Gq4w%SZYDaMy;7atcZJ(g^i>f>T> zmTBB?h}Wr#zE~uiu92;eA0kt2cdXt9IZk;(J4(N;i!VFrr_&j4-pP;;H7~5x--)eWTseYu>$3a=c>lsjZ_6sNc+zGy7G+?xuXnt;I zuW$&B<=}Afp$iBz5?|0?Kkg(v>;Q%I^d5ddrAb-rf$H}gA2rI2~qxG&m z-uqOa-|hsRM<%J+#u|GnBgZ;ty7q%QruvX=KW59LSU2z%K5PdkgCOpmmdn%d|3a$; zG7o2l-NT!CdQvv44!gza#}oZd-MGV5c_T@ScPrVbHr4CZKVaUiwm0HoU>iw~ z(!Q;Tn4t%$DUSM0D((8fZR~yhvOZF{JbMou2U%n^BveZ?>avWvDpU9LSYHI@3x27$ zT-2EvwLIfolrf=YQKb$v?);ui-Q7b~`_gp3GK;U7?iO8W5Mel&-p*#tR;pw*F@7vI zL`+TXV&{m(1Cb0tS$rIka`@K>^u@Bcw6obj8sS)+Wh^j|7g%j9#=hSCOn*lk0H#f{ zmOf9R>~(=H5@)JS$|>i%N1tmG1)$|VeXe(-OcagEc9m=1SPa+*Fpv(P(JS_3^M}!( zD9RM*T8Wy0r)$fyRbD_SP{hw9am9tHL%mHk0gXf+V*QM9%d01eZw=e#lcIs76W4uG zKS#eUqBoHk2x22@WP=TIUs6{HAV-cEaL_=6$_j02%& z;-zZg)6}(3e{!s6#QoFJbD|xLFXH}Rx^@5SSuZMkplgVic`4GulytcY3vhko%XNyGnolDzreD(u7?C7vGl-4Zgru z^R(1!z3TTly^9c?#c+m5oANt;4we-+qsh01ZO{$aeds_V{u7v<1SYV30W|DIAn!Zo zK`@kw{8=~X5~uj6zT639Q)qm=+nE_*56ulW$JyQCe&#rDJ98?To~Ti|IkCMh-m*H4 zw-8k-2*;+R4bdqzuKgq(ANTCQemscBJoe;xJkH9i#JG(7PQA?$@Xy(Ah3*$9d8IPu z4$2X5D!NZo&^k`^ZMnCH(=BiZwIlKOk#&{39Z>r`bB{Vt3umQtiTabd3c>;Pij%&y zu2RE|cxT&lO0ZCnH<=31{^@JvUbn{B(;FhKpnGgt&BS-aa$Wrn@+gfLxjHM{$Cj z92+gldsNXT*ILi$JjIcMo0Yv zo}(FxaIjpy)MxuDpC?cTYt|n2-bl7x?Kx};=ZSZgK)1=~&ll|ZXuYo#+%^b%_cSld zk?^)OanFYI2t@9D|EgchYVN@+`d>-T>4 zxi@@Y|JUpPO3vQXg~Wm>&1ud|G&DH@uhdD3Ew zv2p6RESPB}ml9WTo>e4PQmrBZVr*?Fk9Tv#522@d&-MN);0gZ0!tz)#bA8FVF6TU( zrC#sDv3?135Rw=xum`c6@n!V;L>mjJa_T||eN6PGV{b~r=REI4WPpAy3DPvh|C=WE z&rpAYXD0kO3_lF>ABA9^Kg}jfbHoVFilQq+Mz(j=xk|1SqShmY)IV4WojF;Fll{VCEHZp>ngKNtNWXjaDn1*FalYJRxSe)E{tM)aSt+<(T=*5+yl z14^F-bF6bcXIB@)92>5xh8d>2k-S${B^VUHDfE$YN;u;=rF7dhYKxuvV6GxkJ;X}B zM?%?V3}5ZRV_i_2v2(G(T@VxN3&DnhUYQ?AkInU`$4Yu48GiQ)!u+00 zcvq&lAya5&V2{Xv&Vajy-pXBO8S}saBvDBapNSN2eI{=|n=iWRZXrwsaP&I7^JMmE z?*&gkfq2PLQ&W3ySHj=^v}hMvzo*pR zdK}fUH}}_>NX!>#7RX)IhcQ9yjJCk5)}H|`E}0mwT+#b8`0Z>7a2fs>J*q+umhP<= zhTIO6#9~v>_#rdP*Q{huEIMT^ZXj0Afr1SX9g2)#Ml4m#wYsFlc=fNS;;Z|bMMYg} zHdn-fB;w)-q{ScA0_?SSwRK+uP8xwX5ZZ9Xz0bYj=I=(-aT9@}#&bbP$ZAf=r&D`k zh0^ybQH-nhH{rsRbMCu9FI=V;U_&g^*87~Z5%(byoaq}IQb(w53&M0G3oLLsmg^V4X*QDw*w>HTDB8bi~&UotQjr7x-n$#ubwBpE$a*V^(#nq<1 zr>?8TtaA4iDt{qn^6rt%=S{&4dm; zh-lChe6T=0x`MQ=LbDusHXb`$Fg_#D(K62NnB^gU4C1(-z=*?OS`-& z?cxT1qgDKKoBLY@|3B}l-~>3k?pCTlY?nM$s7Tn(m9U*OLFYY6UEaiOer2;dhirT) z)>4-PU#2pr7QiL+H^REqgm0%2y7kwb)BHVY1HP=%`EM}7idbudcG|#q_NEQw$%Xhv zo_su-IBi1$Xm2@3C|HoKYt-5r^TB@CsA*O*n&+iT0TxtExW(Q*Jn;^@HArpF$y?OO z=Tt6j8qkPHm0Ih>-dyXzQwT+|qGNi@L4Fd!og8s)ZK6Tds6pi)i$QBjW5?T{VZGGaOpk*a9~Rpng0=Lz zR@z}xtGc8mZ3hNhdy5*;p;Z|-bW=hVJg-lDE;;oD8ERL1SbOZKnk{btl>?+g$ zAcOkXwJA9EPP9I6tHLAbx3+b7?I`9Qx}C`m=soecx`4n8e9ylj@gd&c7Vp}OC&Ko< z33@zw@HpL@)y1Ki7!=*UwQqtxy=Pu$X6q?NH|`ef+jWdykk`>+`T(O#2O?f!`~n(y zNgGXYS$lQ}^lDfO>R+w={TXyp%sj8i_G@j~a%O7&ppoH@PW0bY)dN&?g;r-Njf~-| zs=b7HaS%Ww40E&tDl}ucwu4fnb-dW_btO{K$Q06H>cd`vpNI4qKGY;Zp=#n&iMmpc z=Ag7i%bXx4j*Hn3Kvb$OC*!R5+mTeMBRgFYtN1=~ini9!N~*MHO_I#+Z`pCyMIF^A z+SOC--k;l@w`ol@IFiPQ^Wcz`C;zBDED}T}Ap%XQO@oqWJ>UzTo!BWsGsl!t?$ZR8*vEzO8kiJ;@nOI(yFj8vcxFl+0^TMTcMXaM~NC0Ib?>lPHxT zSok_Zdm^st4m>2j8RUbU5=RDcOdF==nA^xS6k?SDJ)G{$ey7eY7wQV-&bp>@Z(VnJ zy8;>QSBnU0j~BLEoQbAlCUn;2%0ZI{g|5>;=-=4&-PnA)@j5TkuY=ZB7wHRG(O=J{ z4atE3g?g?O{oCDo-`h!Q@4MjGyfJ@1<*=|&@rjf2D|Zb9;W}D zEJ+=iP^ovRp=vtI5%yFwLG8;snPIo9HhZ!R;vPu){*Hj%4>KMKC^bW4I~9!Lsg-p4 z0BVa&uyX+jsQi^}m6E2pgqjFA^ePPvroP;iQ!!1P9$nv2C&q%)u6hF8-29@my(`n% z4HbHm6rKu14;b}L@iFqr@ku~(wsd7nxrS_*TV!pZXrl;=;21Drm#Btg&@JKgsmo9u z4dX4$XOoD@z9#T)O9kE!a7A`459dna?nX}PWo9xds>FUId zwq~E%Nc6bn)1s4ipE1^d{atFVMlaVgewfzLVwF3|tW!AiDT9Ns!Z`F@s(AV9ROa5G zu-dOrGS~Ta*ZVmtt4M)tNYIAWz2P%lGUqz}IZpp@`6Jnbq4Hbo2gAxkxWD3!A;_;R z3BO%&U48c^&{dhcb#RX^->t)!b@Y2`Ns#JL_eUMRs-0(X0y%e!)PKXxJm8on^Qs>{ zBE)^bEpXasf1y8?7%wOKgae zf#htm!(YL1q@6?DkLa>uqDig6tD!2onTUpBmQeFtm?JoUDnQ`(sGy?R(Gp<~4w5nn zn^AU|CYi-4Q1_ZhAfXoC_Eh+tvvpCqr>?F%v{bY`EcK*9&8A`j3hu!r_*3fRhNymW zonP+bvsg9xjg2iWc#ojoY$N^HcH2uGe!K37+V7`qW}`#V>$oZL^PT7Ep1SU^C)2G5 z3tGb+Qiiw085$1RhoQA_v0!+AFNStYE0Y^Z4@8PQ*0Sxn#2`KnnzY&Il{R@UloTV1 znVaHpB_9*VZN&GC=G6BW(Q`0Tcc< z4BscyvHoL~`G?Y_ z3NU^OVf;y0#nDL8N#WpZbuT^W(=hoA{jly~FLRFmD52gHpnQc_g0v|o6Qa1$+6xoY-mMRNHxd@+IryIs9$ zQmDztKuvbCTH1LDqln`%zJ0Yj;D%kWWhj||AE*G_DXWfP|6$gBAjAOhUK*8{SP70~ zlOpNr`kKhO8g|ga&wb}!7* zAIO(XA)TED zIlp6-PwFuq+~GKLny7n}Q48$vs4g`Vk8`u6C0Fh7`gw+GJ3VU@Vy_7^i3qYdQmJ^5 zV5*ixuO$L%2a<;`AS;jhGB$$E&sXYf#y5&XF<^ALEgl&w0GJ#sgf4LelT>HNgPH~x zqD*7Hlqot49W@NC4?jaPvH%HCG)CsYfVd3`!&oU$1LQaeyAy6s+f$#x_dGSST3*%G z@@z4Tn=3840;*a^RJ`&Md$1XA$ohf`budvPWhz1)VmC*WGIVUav%bq|4lxv>2IuJF z4GIUBNDE5!D08*S>`qQcQ9XrG`1>@G4u(LsTTx5IHjMio4NX+>|?d#&DVimsmtt`l>ZCVz%iNm z#YU%_0viWHaO&@>bIlniIy9Ue9X|(3xg9#zpPBP53pB|}WzJKuR*tntnnQq5P2qFA z9t2fPP07lU^m3i&0wb~hK)f7>27(GdstLNe>nBtKFwkc1EV)J4+G!WbAv2V5^Sw-H zbS?s6*+K$@HqCY$=Bx7anL490-OU{RT~4uz7ZWa=wxHMQImKF~dl)S3W~fYOWi)#> zO7;;F-JOrZRknKC(l=J!tn4QgU4~^F>U#n2Cau1?*5=heDEl>~URCz%kT$}PFOl4D zS=Ny{Ckcyek$=W>RKe83%IUSy9bsm)Qz*yxo&z=6vpd0N&r5uJvx=V(WU23ORsk2w z`-Sgjn&}e`{iIp?1t}!bN9w-PM=n%R-iGxL##}0j`D{mdW0w-e9;R926k?Xxf%Gy; z6rFFnbwdm8S@eOW#`}Xx{;2HLCO*fIsQxJ_3Ccg$1j`J}l~Iy)hdA4`ztlLL5SuCo zPH7L3QljZWY_e5YuSx@5>Jg=eG*sqRzyF*VSw?8lY;r0(xm zPwVIx#=gyjzcBvoMz1%{oyPx_vF{{7ko+lNr>PaNRjFr;zs1-38!GixdwVVK@T~AI4 zpb*!T4TxVnb~?P<(YHBqTjn>wj#_jR7M4sPA*Fc{$#`inlOssK2h0fIPBb4$&P{56 zX)WqP50R}VvXP+2Ra{7N#}2(v66No!rH&1|P_1p}5#ul}o}d{COxK zLxOs$^@O=eK?c<#3ENShnAVSVPrz@1XF&~Zt;_F3WF;|&k%l;j@^gJm!{wDGWXk-T z@rE})ZR_6|;2H;nGh|Z#&^RBN{we)0ra>HcwzJ(h&zW$jQ*ibJo^V8XxTri8P%`0* zhVpIsEA8YgyM5q6f1i5YZ_xU1iV$^yK;&UdW`e-O5%iK7n!~4>r`#SdD=Nhv@u!f$ zvzLR!O_8}Bkiw)gQs7S}+58Y-gGB5ZKUqRhlL{G?CkL;c*4hNhHgyQyQCsEGKfb;Z zciZ6hpf#Kmj37HZi^G~!7e9PldCw@@9~#iNNsDJhL#|MIRtA|!qdctS;+KSx50fX$ z7S&b!{XG(30*qFb3EQl9qv9&1^=gUrArX@#AmfJocGZZgO{U=%-T+?v=q3w^g zeXsG)x7BZ)(sE)t-U?gLEoTF*frPsglzeLGJ6i_q{A*1>5z5S3lU!rMk5G=B;uWra zw{2rX<=;>N$@SWMiwsdB`Q`v&k6Ge`n^bnA!r@~U`KMH1sVW_x|6aIXv{mJ=HrY?@ z@H0DeqlwEqJfIuXVf=kGpT8@+8HcW9!?}AnM9FHol5@x;gwANL4VjFnq;sH87fu%R z7gxL`32{5OQ&qO|rR@?t7YqtakJW2gb*dZ<{H);cv zq_S}#toq8wdI_`StI5Ri0fOhR$_9Iy*s^`GNRWkc+KUHHy9=jnwc5b-uOLgU>Cp(YR=^)dr!{Yl{^ zTx~w3nAlsj_W*Z&rl@oHj`WMhYMb_%%6_WUXUhAOk_m#;ZPN?-*90k60G|->gal-f zdtjibT3830TlPolhw$t}DFQA6l$RTAjf${3zXk+F6h%JUC`T1lVSdRa%&&w)W_jbu zI&aghhMCgrrvDxm-wO5n#IyT<@i#F`dm-6C@9v2cxNe)j3gBz>2{V= z5h-?~Zh(BE1`W0klE#8G9%mR_(U$&LS#1~7Ms=U6y{ub-b3jr^?gBpoY6NkE_Fqt> zAUvb=iz;sOKUD5@rfwZ(c2bC52733U#AmvXEyek4KGspZI^n5y;q7RF0|jD&o3zz- z^k>ST2&8W&m%f=1U)i2)eP$2k4)EmIuG{{qF>m8oaNaQ4H)*x(TgH3ZxJ)zT0E#2% z6O;Y7><8|c?r%W7Z{~)^In-4Y*O_N2E^70!j;7rur8GxVQZSjysvea1C~PwbNwu9~ zz3q0|I7OXxsu62;kfdthls9a^)ua!Vza2&3E}VLJ3g>IF7QzU58_#AFL}$JeTpw$; zifJr<4ygdlZd9Q&r}48r3tWsfi&FWhaG1l{`79B*#hoXlLe_UEuo)rp#Oi zonEo7ecv~w_OrW`b*4RxVGXONt2RpF`fEmAVZ2KX_2@_pRX3RoKA}PC51Qb~QX7yO z;995CogNa$H2`j~BU>0Vw4it{!d=X6;jU&k;5&cP-W%*KEGlBwxX!i8?2VHH2kkRj zT`2YK{_Xlt>PBc>ND@6uCFxN+WpVCmJmb9oCv1B&I4??rx+S}Ao%XNN=4x$z#%Nb} zXm`DoS~Ry%7F_b@U$mJY!)Nh^7xn~JPG5q41}5@L zQt$38gi({-Wwt7JZ>PJy1%XBYMOFIBE;mqW(2H?8?Q30fiB*d#TAurvs(|v4Q0AaC$6?`HP{TopRD8F9L3UG z8{H9XkIXh?yjBWng;|lp``ji0rhrdGWNTs1oWk62jy>@1#>l(#`$Aboef=+Vi1kOO z`e#kxz}=?3!wQE$a`dLwSiyhN3O*>x32Jw{E{IKT=dNXk{}5p8G|48q%~4bwJUzbM z3G*Z-W_N_csLG34H;>p)nMz4n`YK`PlBqFFPo-7Br1!Uo z0MaEy$UquR*PsRrA=9uw2u)>)`q!PGnr)7H-D%xMO_hbmGa}DU-=5RgDL0wvV>mwU z?gAflYPsC9<8^YwnTX3ToIqZX)FKkHHhiJ0 z#21(pIZ&_aB6`kQn-M+g)W>(6vYhc60a3ZN9*5 zA{(d@&uxZJxhMhxH5jaCP@ui3hH!Eq(wD3wNp*w)l{=e|-c~cW6-H8IeV=s-ez=7* zFHjw%A77wMx^#c4G8ZWCr_6nifd2O=x)S6J1b2`OHaKrE&k$&T#4!&$W|Lz!%Iv+x z$^6y!4pSmw_`SE<(Ej38Oj)aS`WM z&Z{;#$wq9+g+E%WdahOTrG4VQwf#eLAM3B)G*UB*y599~b9#P3ZQmB3N;$T=7s^2j z^>x}^3?yc4Jl{|l5l=?My&+jhZ+f{QNge~V_DWw)tq*tcAw6oE);ua{kH?*g`s`XqFzx)cW6eEZ+N`WN%C{iv&c8NzF( z|K&TMfsU1=44AD4L6Q-sxxMw&)J|UT!=Goun=;g#0twSE9tbz^_Qs*N9ELpK1B)?L zD=TU0E&#ezY)z$kTs$EFfyL2Efl#nf9)U^n(I^rRZRBowu*;52#V5Y3(13;g=72?| z+Qa7OqH1DPTvN-R#mSBAXDqeW34NTLw{RPFBQBG3eHF9W|oESTNhsNUP+u7GeY!x3;|>7VmF zL;FET8?;+>7T0<(Xp3;+5J)5!wy#yewP;EkifyP5ey{=(Zg1exx-}|dH|imK+EXP= z&}=thOwda^`XB1U{-+siJzMNpR)jdiySC_Dk0&_75((Wy@E&sWKbM=osTfjAw7+NF zlfJp3q}erT6zOaYY4{+Q?C8H`)M~~X*3D~jcX#{2ed*mXVAiN95q+os7EY4(O!`XJ z_G0ztMRilrd${O4n%)7K_q0q-?qDN#kURqO3o}a_&YWWvsqwYWA(@6JaV_D1V%UyL zhi#ixJ;|C;vfBmWg`sK9L4dLQJB}0hCQW6$w(k8EwFHh{3?a*QY2zG|DegYB;2J(PF%qT#U^)*>9D+r&qW-1I~lewL2dk)5#tKGW0P39isR0#3co3>=5$!row z?yyWts87V9e->3S0N~L+a>ukfSa7(OY;O{dt;g~D zW!jKf-FzDP;M&b#>6^@LNJrZ2OdwNT)|k=FK}-2$QA(Psvhte^nm1}%z6aB#Bz9^4l#s@ZP|nsY6~t<|c-CTMb-9oz+0JPHY13kz@&63z(z zgHRnSP+kdiB$wD>s6G-9lfBJ}UU!^VM6&?(CGaQ5Pu_OISJ3mcBB1^UCuniJ{C%$a ze*Rv^|HuR%81&L&D%O}@8f^q0O0=|8 zX*ip0k~H``X4?>?E3_mq)ryE8XI-hQDAzX{u=p#CDgrN{5X_avzTCvywRv9TK@?Zw zVd`T|6!T(A;b@Mkn0xt#*v@7hPFD9C^LL%QSIXTy4)3nEH`-1~t#xRwo8g6V?=di` z#mq4DBiS@JLYE|)6jl6}&iqXI!<{i|ImbKa*y>p!=5$_G@oywxQa8}ROhyQrGc{TI z?5oW`sqUk1M z715CCO|bEtk!lP}6^~AFysO1lIa|RMJw}={?A$i+-Uip-}`UK}GJTrSs``mBT9X72)i2EpWoPBI`3N5gkTE{-;7e;-z zzX2lWaHwY)E$#yKnsQ%JVI?2sPj+^8oa&YtPuG5MgsohqroAzNuavkSnCbFsf(ZAZK z)LCQdPRt5p!6I{FdC{KMN0{IG8vJ{>`D#^AR@ml3ySxJ7nz1{D2=OFhB&_O~zxW-k zP*!_NukGfHhr+}-rh}GEXt{4&A3;19PP1p(ez=!2yY7JCz(KkY@Z*|&c{cY6UflkA zO)rDb4Vi7@M|BA224*j-OIf!%GXG4S#>p32T{kd$1yXUc3LVy-8b4~1in3YuLYYe( z$zzh~d( zjgTq{d(!Tc>^YiY5oNb+$Sd$P69h~ zvs82q;|{p+gG*F$nW#5O8d)2XUOllT$~FT{cM4Nz$opJO!wO=1i;?9BaNGNzsdpix zR5U9*QpMP%g1bFY&)jX6nVFeYoLQQc%(Q21Q2fzm-A?5Y+_J)R!4pMxc8on7oE3#k zQ8#+(5t`0arx!!7oSo_o($l1R+ZT=M{H7XPTamJD?`yL&MGU5rfo-ed_Bg%Se5Hch zjtYX;dS)$rKH+s<@dmH-b69Se)3)07EA-;ZF5y(92tF-lxTy?S03?(f^7by0FBLi& z5MN&ALei9W^vSDGEiCI4-Jy3^CjhqOO^)USUagA`G1Qhq(K{1m3#2YlCe*{COOVNv zQkNuOVd6-huoS@rLy;Bw+hVSiO>n?$5X5I2FShNVRv!wX)=oMmR^|p3QrT*QQt97! zqH>>!!T?wYQ>;FISu$9VX{s%0RL?0?U6VMQJf3hE79hL4Jv=SzgX%1y>_~{yg?OC&jG@= zs7-JObE@|XRk#(|W#7!?s;)c)+wk(k3^*&TR`>t0+^7|YnD-7QJ;?c3yT4ZEkOnLR zUT;7FjkSmP*B-*Mc7WY~K)H56_^Q%39g@585XVy7vCYRKCsv6w&ZP%Z^My=E6DeLD zxSRm>E!Pl9$}S;S{*Z(t)?w9R9x^s;h)ud1(6^-!CKD4nXuq0?RJs8j88lyj5g{YZb$x!G~nIeG>GpBZL% zeWN4$QMK^#-R(H{INmWqyVKS3p7NP_(9J(4=Q}?#I}B>N?(P9W{9-y6eJWQFzu_U7Jd)iS`l%kUrJUIu!!Vphl6{EKa~c zE!fMCf8~&8zp{-7@+cIxu6Y&Cl!{7Z*hJ|btXpvH53ybf$ZNhZK#tuS#JLiYb8<3l zb-#}l@lcSZ(6RqyV4e=p%;~(kjJnW<3%O*NbX!xgHW9Jrcr94V;y7QdzA1Cvai=HN z)9SCxqE$VIDI;{gj&epsxTdw>kf1RqOGdFiPUCFcpO>w*j4tLv{V)j*aGvcD1-8pDth5=_>a{dx?8_-@aQ#_oz>ax~U-&R^=^K z-2lW2lqyZ2|Bch6i-8BPNftmtx9JHoev`1@QfXQHt!Z?YD%pUpY1ShPqzvU_T;;?e z#uvue{v=#d0%RZ-tDPL#tI=PS*%lf3P+Ca@%^!bYQPf#vmdM-US(=_oW#2 z{xJCq(bqL{+Hnu-tKIR*E{NV=LhTI<(mDU3^B_g z44Pd;Me+|Kdsr{jhtQc?ByrO{77BDp;B@?B^$GgBg@L~g();O(UpwYRI_&|l-sLjn z7Df3WPn;`XPRTE8P5%sul9u%i{Zm2lej8m-*WIqS=rq2U9au)zY|2r+Z}${Naoxky zYqk^$DxnL7?S&4KBkWvj&P(&fY80pB&~V;;^-W4oSHtjcYFG+3sBMaLnMvDV|DJsw zOy(E`1rVHmLqU%aa6JMD<^#GX-XH$s4Az+n`f08Cwx_S;YkIE!W~!G?-4{sJF36Y& zTVwWp%6f?kvdA(rEhgC$qd3?RzJm6LyP2rJQ)3TXD=+iJ6$+;F*|#X`1_@sfH56iy z2p6#+ZT3Zu^}1IrR1qtkVOheu zypdrx`6q*6DAN*(h4m?k4}?iOp7bB6dHBM}fos;idZKwn z*;7^ecJRCWu?9(s2)SCb_fW@5t~#CHdYsgg;kG`5t57S^%+fhR#wn;q3^w?0|3+gE z)An{4t;gx`7CZV(cU-HK1p+op4yHT}Pshxm>+TkEMS(uwmZ z{V33D$tb#%mjA+}pk*IMor4aEN{* zU1qJ>q_$raRgwTAg;6AaX)}u2kdSBPa6amt5aLcQV5CXa*&Nw!utj%g#xzUYa_KT@_rpTn?a4 zzf!+q7&s)8tyZLzEn2PImd0PnaDZ)#Z?NK7He8~z){Ak1*6mc)uj4_RfyYi8277A+ z!&pL{KT_)bT$t<;RjS!R*lC5}h2SF2$~BNr{g2!D zI{Ie*6UTnd(XToI%U2w!ee5KgGH}mXeW&N;r1$Ru0zKoB*rt) zts1bN7twnf;fDgAD^wv=iH89&ocfI^o;CYBB#$)1DZ z>C`7$&t?)mO;^IS3m-xFiGZGLrzr6g?`C$D*r7H1ac%vHL&-<-r!Xy4!fCSf$0C7K zGMGf&!`XKxUq{A%f_4nRMMlrUxR9NAA! zQ`G5n!2#5mte99lW8(Krzx@7dPX*&YVQ z5o9Un-%2oh&dh?!zsjGoMoJKe>WqZ=*16d-C8FF?-fc&9!pQ_AB$u5J+xk3RSLxGr z^?kY`1lctSxhzHNoSdGGjt(IdzNh0zI7No?fGnUBn<39trh4ca(WiU@wU}gPt?Q-U|z+ATdRSk+LU4 zFvGp@^54XlXRQ^u&yHVL}Rwp%e8GcXO&uZTG~MO^5&$Ki0O809&)CTmR%%P)xZU z={#azjkW2^cH6h)`{S*%^A%=X`5vyeL;-}GiG$#Zuk5|`E87o!WqZq4w*T~%?T^2* z&2`4hbtYPu6%w3OX#-Ljr(U;9W9?5{%|6(=jqj$F((jP+IML*3V9E=*N#C0N1MBtz z+P_=DxUct2ESL;B+c*Gt_>Gc<-@<(nrJtfTd+&y7{Vvw#0v=aHUIE`G9qMQK>Kf{V z$MtcZcQ%ocQbH84xi=Obm63@B-=?lX@0$IbveuO#HWwyl;053;AcSFJ(A4aj0>#&E*A%U&t`pVp=3LKZfqFP{*Xhc-T<{0UzWQUS@P|_N{SvX4ETt)s zkLrz*_hw1GRr0PVkM^O3{98WrQGNtUTn^H?zi`pqUrYSqs`ql4?YZ2(>Swvk)wx{L z*L2d{O8&JdNtSgC@s-d$O~Fp=PSSr<-Z%XNpldoH2;6THUHMVK@k8tz2sa#^ zTEvh>G4k@D*-r;tmdT930T$;^PC<5AJ(85^YJJ?)!?CWZGzJ|!LT8~T+g%*&0kZRk zOdpo%J$?l0_{d$yWJc%5WyYp@cbdf0N~!Pp!&a!u#p*lO33T2^?aHsQ9vg6IORNl& zsYCBdE?n89NRklUM&{)ThvN>PfOFd&*=Wr_0ul7B+QF-KY^~X`b^DI32X<_2 z-m$f1$JWa`wiW|-t)1`e9a~I$Qs?PYD{tGsUi zaz@-q96W3Q!iIPhftnhU8?X>sii7hqP(TbU83?!l|x|g zYYJX#IOXQdU8;JPsFiy6JPf-_l*6vjdcdikt?ebi=787O%e2ROiOw&jq_c5|4PWZS ztDWROwsR4_$PBqK<^R+158opHZE>SnAxgx=4%%nk_bicGg z#X1*tju15L&JfuXXO3@D_BEoSdpZEm`JRFq)4fU+gK*p!+d0+w@vPzY-;}vhM{EzX z)ellas~?7CQ(wZ1&`8H}+|JmbtkY2x3=l}JD}_4}ixLVWO1-Rb!2>xzb}n(8e*!H@ zK^ylVO(v0Pd4heo`J;08q=i~*5RM+Rg71z`H1y!x7WF$rryjH zgNDZ@}>vB5fqhXt8p28q+ILP{*<%Xoz~#eZdL>voY<#-uaa$*ML{tgcS(^PRE0*0&^3XgiL|g{hS@ON zf4&5-gPd!KK2`5hL$Np*Pa@oYv}lMmA3EO80}3HBF!^VHZH0K6Q@4|-(5uql9*N<> zt`g~C{O)yi+&1M~^G~(T4ZG}a)p3CeFGQlG0+d8akul%m5d?_3SdA3#dD2qfE zPia~9z-Kpq=5&9Wo<4fouhn#K8jLv?K+lx*v$nU%^B?r|LnJ&wnnRWfCK#SN@An>w zZD>x}or$U*EDV2A4kd=CHMS|PH7}H6PxGC2G*id~;ybkWOLRqFSIeN2X?V79NdiXU zG{r%%8ko|8V6y3=w!_#`XW`32884?M-Z|QytluX~(Ql{`Z4nZBK&u((V+aBbK=;># z?~E`{@~l_e@>~xo!kqJaS1Gen9hELO(~izcy!@+#@^z!KUXG-8j@?Tn7zm2GI5MlK zhDK>i{CUFapX*WGIULUba{IpxVOs`-!MBkYG&zknGo?4!9+V8ryY?=gAB^+H2II10 z<8h#R9*&$XAYmZwL!*+ONBL1QYxlI6BE&Q;VH_UXe|~=z)coWEr037f0Q;r& z0Zv%u=A5vuf9Y0t^r%0jevkFWKG__F0>J*Ny;+&3j18oPGJTlZdm!&}3=^Yfl2b%> zqa=evyIO|p+auF0OQw0q@C9(nOHmU^d+RW526`)6GIxi{wp#P)rMF=tBVGV&!9M31 zU$X9qw@R0w>`hQ+K9)fft4Gt0Iuu?V*B&GJBX~#v+8pRE!1Vb$wCW!S?&m@G1KnxO ze^1TK&06ft%+I>Xv!044(5giWVLDAoA(OOY=f!#iCa`+a&%NMRL2Cy}O2acoXgd2S z^KDWW@zqxT$NV5nsST<1|81%afXx^Z-PHcU9^`k^CM?kPw^d zDDy3;B_d<4@_loP$Q_%Z4yqAtd%>-tgPdFE7DKo4mNIWEpSYPeb&x6RHiGMRPw8|vd-x?@lf%X02^~U4_;EfEkvCImfks- z{ix#FUJNCJ*5C9-;3-=^>o&?^hj&|NbB$T<)t<%x`L%fTJ}ih$9;~&n>c@wm~-w-{9y>^qLf{kX5*?a zQg;RX?f&xuYyQ#JO}QTUWI*Z4wIF&!Y;E50t7mt7iM8?rER{>tf|B*`Tvcpy(&HSz zE+;}!G?Z2>jU|c@3Vr=s#0YDF{L2{j_KD|<`*J>>y<79*)ke672R4AU6Ln?@s^`&q zsOU3nB6Ig$6kCtvM=}AI65#da2!#^dVm)qcO)~hc%-x&}SpEB)%<)eiQ4zu$In{NX z>L{C7dSbIFUZu0d@UZ3|OlKyAD?gJ?tRBwf9%pVOT-Jz#r8a4C#5EK2!UfWTPc&yme0z2oRIc)r8#(;mV>*?k;L&U_LJR|68yZ z7s)xRqqq4*-dvsUTwb(S1F+DNGOO#7+TUPdw97YZifX-phnL%h+rVB6-EDpRVo}{I z>n`uUVz?hhcE2kYd%U^7N};bw~kw?0-~@>RcQ%D60kaFq2KmExsxvKbm>}G zV&|#f$M|_)CswI`7pHpa3$bxWX|*j5UW?5uF)Hg;DF4-mj@XJD@|d0P)((7|-MqOE zYkzH*gZ@?9{y26m^$^oHq7&+;9y1Q!VMFO}Qf-OI<>Q_xp$4O!>yZI!w{^9uwy2f< zTAXgCwOY58kpb8G=6Wb9@-=l2L7Zq=*er@jxK=vd>*~+mHi_mG(&asR8&ZFZ8r*MZ zAG}O?%b7**SM~#H?_o{7;V`GSZJBbGtJ?CobbC&^95<}7Hy+m3JN_(Hxl=Xv?z@bt zc;SSlYP>z+)a6jmyg+hv?&DY*0WvLgciqsih(Kgjii`nyxn#qjhc~wlK^xwx!+v7xk zq-Goum>ZJHhxx{5P3}_M`AJj$P^u}P8#;Gro-AAu{P1=iJsjDqf>X~6^P|54kGm71 z7|U9z?PGK&D)mcBEdjD(pGh%5zmclQ`tS%RR+P@+-DW!s=aS?jhWWuv*$)Z7#ol2P zndwf@hRQ9UxGyP3>$gwc8jcBz0^E-CF<)0NHHzx-@8suse#?V#?t4KkQF- zJnR{Mq1f-0FDe)&c+|b@2BHaLh>~5X%n{<7Z?^9uiZB9gXm5m++~ZGb_h=;iBo*wr zsROL75@}*&znivWnH>#N|%}c-zCS4;nFv%v1Z)hvBh!0*fHZ;$2#Mp zu@T#2$DQ2N&=`^49yaB{M>~z4D2MDL`}QSbq|`nMbGNABw?fcRuakCvsDFWH&hy9! zY{RR2UzGFBwUJlU8^AP*o*k!pw)12}GT#G{b9oe95k)H_uyJc3o%-?!^Q(y3uNnA- zm?DR};h69_)o`_nu2LaV`6`u9d4?U9BMAjLYsA`YSSxPdYEp_azB|m#h85F1GbtvW z36UX^NAts@?~fS}wJTHC@mhuMmpDK0zpqD`MrUT+8eOVz*$+l_;LxglmIAIs0D5o9 z;~h?hx-o;@9N4VD9Ygsz$BBG2W`C@AGDMdVp{Fp;N5YilF|Y}5+jSY53JqXSG=S}j zwB#4mum_dE3?@Hs@X!w({e7_6y9SWaD9DzqyQ0^U&IrYs5zQm zJCz^@dv>PXV#;^oe4U8%^#wJe|2%o?vh+Mc+^#y9#f}IgPaq;Gq)&L|W6+&E-m{Vs z*vuzLKfRpeUTxiq0Sn`k?<5n#p+plyJ&5OIHis%9Xz!o)it5sIHs4tS zMJPdOuzo@_j&n_*%!xRg((E2gIIO>|J9hB&lR%)pK+N||B{eFGGN>cibh_~LHpuNQ z+b<%RkTI5qM75#c7;qLKz;#&PekeVz9uw0uKq03N1K zqCV&2TJ~4%`-xIWb+=A#Z?&?P;zK)-NA3`-XMe?t{AqIv7RN={?H6j0pUH)I_+J1s z2TM;6F?PwPaVQLg4-JJVDI#}kk&?$#$w4k-XDyce8&MZ&wgSIC$b!5qwS)5H+(=JM zQ_q_OwJDkI^>$l&&F5>^EZ44iF%0&m$L5+LCMs90=(><<4D`APt0f0zTvXX{{kPNW z|5oXtwd(_Re1W)xq|0+b`p}y@wsd%rI`~4>!~v&U?~}J#{}_QC{*h77p*viuM~Wxl z0N|_asTbO$G2{ZE!KWF&L-;ijvX9MZ`(W+VJ5Ax2V3(WIdl?NMT~_=KOdbwGP~3rw z?dL#Kyr3S_+*X+F=mQ0i>`-4x zQWRlp{LJ-+8_;-wR@kWr=t07Nu>}LbG&4P#=1ni(p&EawuG8a#3GL(E318=Ply$ux zg8zwfdqA-ZZsmm;_Wd)|12fz?_TFmc?&k67keGZr&HIPSZr|O#YgXfnJOs{HT(ERs z006zQ17L~2>k^PI33V1drY+GF3UO{xu#~cK^~buzd4W#BSmTDx$e0u2@8`}^?zzgH zlP~9o=QHhlMYYFmP`8TCmx8H|vG>*QNGN_9bcM4WjyPTPSB8>kvA}F##UTvsHU`%b zYK+>!flbcE*&LmuBSGHUx@Qc`FRXQr_{f8_#eH zOWkw?wWoAXvijPr|FSQACKgb4F~-*5HNQrp8BNzPef5o~ zy^JfBz_s#?g@XK@8#mE<)UPge)fsM9VTUgR+a0g<&%hYN%j!oL`OZ&$+{hRC#4j!d zoSnM@hPW^&h_|O^|38u{LKE~Fg=R8>WI3t7nc7ZebG{baNwUu*lP`9zB(0Ku+UOMo zSQt$d`9=-niq+Tr4Rwfz4&PV1tv2h5p!s=Uz36*?^PRuLDwiR{h14JJ;7vb_P(5l_ zU!KB$yY+aIKLZGfQk}#xXX6oU6*`sN`G~?zO&u0H`}u<(G=3{TCHZXk4qHTJhH^@{jGcN?)rQYp-S{5YDhV zB3tr)jbuYveO&452)lTXQk=nl0tA%zKm}*`#!7g#4>iZVkH?}Y*B0dXSf74YG79CV+u80Ky`n@hiVP2{s?Z71L+YU z*|84k0yu<0p^nD&UWyJ&=nznfRA4F~J-65hL9)1Lf#H@LNkWY4X%9@zUQEsXFg5!w zRo2?L>bff?Cl^m9@y)aKt|YxNK5F+u`EKF0nJ4p13%0`XBGD)E>jFXHzQe2sD9Htd zCasbsQp+G5od$h1L5iEq>8(~@+V$dbyW{U0Iy0PgOunno{{j!SUWz+Nk0G_&Raa3q zG=2cLNJ7=Oy7hkU4u9w`{qRmd&b9jF2s9*Nx3B(8%QJ3XkJVcg42`$P=!Y9Wx>#b`7*>)K}Z#SvYlvXJLyflm`to_diq5!cZo~5!kyE;CyW2?(`86M@WX+ zM?4fhU1m4tH&S4Qh{h(C=$KJNEvYZZ1Bd3+n%BV-Xv?TG74@O}n#X4*3>%-FFu_`t z5SsjH94*w3M`0E)jaK(ZYC*ClhSZ2VW{ws&Lo<1-T6lYb2~OZVi`79AbGpGjz02x5 z2&H(rw8j~-I8(DYPqyv=-<)*AN~RTPLtMkACAmB@Yw-1l!LbxM(=>p%k5&Yy3^c$= zZ|i*XBCVeJ^1H>1yM8Cr)40OBB+PfNqCJ->eFzM>ep~8t@%RGXO`Hstbr4$eDX66w z9p;qu@lP^mC}0J$V==|}#8s4$2N|_1lj6dWJjE7eU65^q(2r@`g`j_D`&0s zeX6R{`R4+JOE2UD*kWc_tS)q=B?4Le(CS;GXpCsQH=&fO-|-!)?U$-8brSwk9X2g9 z-Ani9#>W$?>DKgV;dGO3O-h#sV_k&k>b=%eS&4Q}Y{}%oN9W4zrXzcCY*yfab^a22 z@4z_~{wCY_EaZ&N^Vzl+vgI&Zt;JjSS~kYQ0MKny-{u61#g`#wpJck!C4{Wxe(j$GHQcCa5=U6@m@EL>; zV6y5J@G-$^^EvA^%oC#Lo08i|?6b{l3vuxw#xlev8&UP+e6`eAoL&bUpxRiO)X-Re zFn*`7$!+ZAUGDP(=&$;qOnx>ySnmNObBEmep1iuj`Y_}cnnEo#l~+DVT^;8}t z3st2}SpGDlKg;m`QGa>KlA_9LCjEDJ`Q2nel#Fb*`Ua0LPuSJ^6TgG;!ZT+j~?28tt}kXA5Kiv zBWWKSr;pY>1I!PCI`86a{1jO`7wvg|Kb_SfYZ&9-{;cXe{6N+Gjv-a=*Vney{IqUi+Lqr|q>@dDc@t&*wo_JwaDi+$zdY zVqCP{x}!pK`>~3`xli=%B8vh~Cox6fTO+CGA{|NDnuIWHe+-fKTHFLRY8efBS`+%r z#~+P%hQw16a)O$Ujrb~Tr{XWkiZ`|6hu8xmFd|+`h!+#?pOQppkYf?k&Vy4X5!#Rl zS~ZU(+*$HK9AY0+oTE{6n^NLD{d^OyI}>#e`mYieQc)`75cxEJnfShX(CfabKfr)5 zrOVVcHj}bR%yla57gm7VTMelaeh3lw+&@Y902Prihn4d21Wfn2t zwu-xy?+r+75omnH2S-2plup%^r=bF_6wz#RXA1My>+%&;FIzOi99c5L9$B+Z)ZB^- zIU}sqqWK~*Fz|k=_?ob>IV`RZ6Zd%t-9^5LJC?CF#1?Kd`g{t(4iYs2ZCpak4~4Of z?4`=eN#05VnoYPP5BS$wlM zGl!h%Z^GEWhVyke+LC}tqE86F;O~foi9`pD9>j!>Y&V!S4!rXKGg8KM&^vrsLo)xw z=2+~{UAzVemJ)(V(V%9X3+ex(3Rqw$FX5{}MM#kn$S7*cYs%cpOodh5T&11#!~biT z4D^8Uy(yoNw}mRibX=vj`@yh=poc6Nrk zx^ru%s&A3yo>I6yhU?RCwr_1s3S5}hHxdIDVz!yO>25j{>{KJe9_hwg(q2(yO*%=} zl-!XQ`g5LkZR*<-k5PHldpeE4^TbQkBlY&BwQeZh(yxD&c5e{&Ejk7B;{4cE`Rk;bTo5LA6bDC%fc=Gh zadKhaG<|8*t$CDtN>+=Y??*u?^j3=qK8UMy{(zVLi!Xm-*}n#b^fCvNG|T4~THVY1?Fa1!*# z=V^?xuM4A2i*}HjUg&H0fVuhTeya>nYGNaVF%H+=ifvmgp-b*jn`-pZk|Xt70jex%TE`+ zR||jTxLhw)#tZ&cOG2gA?Kn@@G4&Kq0Ku^aHMliUV`dWHF(F6Dd!&G~bXhgBUw{I`$ zA2^VylOFY|rSV`&Jdm;;)~64p?1xjR#Ta*DM}`)DoJnRq{Cr@;-8!d4#{pgP=dR52 z~@6DMxxU${0 zhE_J?L4o^=bsnR3zX5EyTuwyFr7slu7l;lz;BtWo2n8OdUI1ay4>I{5W!zdX0iUO| zuTbK)jJqUlR2M|5G!F%~ul5pAm+_A!u@_5xafnqJXdqwX0>l_CL?h`>i(C_OotO>c z#BJ+El`7E=n|!Wkpzea<=o&~JOc-3ADRQ4LGM+24o-absNML)4OMaAw-$y>irQAHE zsfcOip&ivVLc$xT`RJ*{T|^iZI^ECW&_rCTV5x=nG|;nOpl6E_wwLNUN#ETFZ=}N| zQ-OV@X-{K{G(=cKZh*h(B}TcZ%8V+e3PhPIM?c`+#d#TbRYp8iWKT$aQHbFVsg;Yk z=&-_`c%wA-He^`h(<1MSB0js5f~^_%-9q=LhlKlm{@zu^wWi7Mgg8>Gr~By^yxX=+ znJ4MK0iFhs9!@ijN7MLdT-M{zHuFcMMwZat!oaHXGzB>FwZgWgEN?qieEqh)lu5mo z!FzLp$z@+Ca=Ss>^f#6ZQk7T~5E_u*m&Sqb+9c%|ZJz+=4D?iCr)202LE$CYnd#E0 zYEe>03j!aP1siM$(CFX}EwoyqnpmbW0Y7T6;GJz9U{Jq59i{Aw-njtQ$U;%EZG*)JO zSLnGJjW04TMFydZtj>@+Jm~wSnRCh+lW>Y1NhZFQjIPt_S4Z_1rYXN>AyC(p`v!W0 zSw6-WOtr2J{}mz%NK1V*nW&9x4x*Dc2q4299EnBgK+lof=0hT|uQJWl1OjKN_e#wV zskG^VdunFdxm9Mp#uaf^^8@;&eZC6u6QoeL3LBVFcnV3ANCR3@twy6J2m+deF%g+` zJl#7{8wrQv19;fW{4UfU_KQS*pTTfbRrQ&A9tB=GPfE zn}1~d?d0POpnyPt>MXwXkc$hzTnwxSWg2${S~3F zD#Ua8m7P`IQ&plc@^}@F;XiQZJzj-!a%q{lwhWStyQ)0Ce@~^nztX`6ZIp3$pphj#GCw+HPBKuG!UB&tnmhIM~wG3ML1!YD>TwA3;rS?*?PUev(+7jc*67g7xddR^dvN)jJ+ z=xs6rCP-b`VfI=@Zmc{k&Z?#-E~%j&?Q(Vt^;L=dvc#q4b*X!Lg}JOktk>^vtVvjr z(}jJukbAqlPc(JKt}0ZhJ=J1Ii9b)DEpew=cU5@zSKz$e!Y{GFZz^@)?9$FOjZ3w^ z?2=UG;IB8)N~P?aYV=QkKORaDG-9@rmYGuRX4>l)Dj+IcX|tjlWeXIJ(i zcnC*=feb>#%sN$e7rK!b%AYHTf!>rWFb*N1SKd_S=GW#O$M_6i zsV$3>Ic9Rq<+w|~FpHy>BZ-aFbAn6_aJs6TG69j)EO#=+`Y`f>#HtnAK5H!(*z7Z^ z+we3E;0Uw*dh7(2em|1U_t+-&Ryi^nO6De}?>vuYhX*dKO}p09bdinViR|b~x`|hd z5uteAPqi19X(0*|`U4eZ>*DrRG5LoYcT=9Uk{8Bc&ysG1`A&_us+RJqkJS|Jt-;h= zSrxjl3Meh+UJWzdkF0)yWrNDZ$Rm$0s9`Wy*Sbbzj2fHwNR9bu4Zdan-RLtl<_k69 z`)aMHYrS1H_HN!0ckubh-L=TX^D^RP*M7|vue$c@Zgh1>WvcwIyL0r#& z(arkP6H(~G-v>OnK^_0cewby{ss3OIf)Z>C8rXO-K-6i8teU9|MyQZ8i8k)XM7|d4 zJ*8zV>N4bansLast2~ASqs&!#!P*$JD;`W0CKaxD_95<(WtnL$=d7Zw)~p%85w5rD zJkrsuW~NL_el@=$D4ZRNRwdyC^g1$Kn6CqdYf++i$aA$gnaPou$fB<9Ea+mT<+jTo ztXD7VbtbxkxdCMrV&2Dc|HS-tSs%EnE^T=)*A~2jGT`niGxnB=Ps*$>%EYH-{sQ$@ z)v+F*t4-{zbu4jaEj@X5o%p;gr31tJ$^c~*iHr5CYwMzhIH%lSQfHUDC5akxaB|D% zW`EB-4#;&CczLvZ(N4S`(?L7A3W$y8+}PBh(K5^S+yrH%IU`EmjQ@|bWQ-d0niFxA zxR&{fq*{)K7Y_8?u3gS!kUt@wedqj5h?+VrPs_J}+8y;g16k6L0Llloke6Fl9 zmevfAv42*X%QVu@^4-zj`{O^$5XZB_huZHi|8d5PlrBPCn!n`Afm6AGZdyJD{R%4; z7xO`vJ9Ql*n$}=={V=xlHX0X45Y7v1s3%GfN0R$omHFo?W+N6}m3N>@+fOdlZWDUT zJ`8m6P<_(Iz8MGMqvI6Auhpx*Y8c_La=e#CjA`HQ(V|B)%p!eU|M=%M@~aw)90L2T zy2Sf+#BwNZThAK1yZ+GPy19-V(5>}cvLGJzNrI-JRyKny3(A2yt^`qlC}MK^TZi3( z+@j8}Zp5>4SZSc=fDEi?AoyXB8R41*X1bhg7cyN66bW{C0g(nE|Eh^eQdKcZ1OQ$} z&%|RxrUOJ0)zTezNUl;{lwI~P?fV;HRG57t^ku?R`HPLk@$VEEoTUGlJO9PMy^`<0 zvO)MyC;N}*<^K7KC$yYykT6t=9C=sY2Gti5tU~;SI*T_6dCFSmeqH1OhpXd$jX{beYwD;HHW7|+iZz~4mz8YtH4bv}Ds7vO;@g+clfc*vH zEyB-%Kog%gFlR1oBvSodJxhB@BN0>cTH#y=@S(way3V;*s4exy*9dt7pj{&rL1l*wszt>4-Z+{5ScSzqEx{lbUM>~qq7pgC`QbFi40 zoLlg&i&|JEG-xH)1a zj&i1o{VnBRw~)*v71>Kk4G*}u#aq)NE^UdfZ6O8avkvQ>4hon4(QsabE=Qc+k3PPt zACxHPQ0~(^zaPG&=R2HdI;#1HIhvG=rK5u9Z@=bPqvrnAa4AD{{14Bem0nu}i$ph)J&XUET= z_GBNQYq2Vy8$Pqo)kykiT09A4OPLizC{e&U@deir?ydy@6@f|F_2Dal{)-Ba^_HM)pUewHD zS=uZwYqr)l8_WCIE12eyB^~PY4(WQZBu0bL&>=PBaUZd=TF4``X3@gLkD`&W;SvV` zJ!czO;N{Tjjigd{B!OOC0Ro4A`)_SQ0a>vCjmJ|6RYkZz1#V%^}k3HCE8R>@_BUR=M zw>50!H#;PlNt8tbSZ!u9KNS_J$>uckSaU&SW7fFHjTotm8l{14@gwsX$mOS+A7%}i zzBHSO7mg|1mo?9FWA8LNuVvvM`ZW7}fCWpM%8bg`AxIlO5zne0PI(zOYZW_6F}`)M z=-fhBjxl4FVYWe137=7r64U~cO}Ix}6Q%Ln0I15!ym3yk-3!Va+)tcBG^Td#3_leG z<`|Abj?l2tfu2o$J7j)thwM{J=LKG9tCaEg8^T8Fg9hu|X3LFUjBxe#HRUjgkqer| z$~J`fO>JypB+H6xS`i)BwL#{2r9NBN=Dpbv`g_CZoc5L`6GY$KR$<@?poV2Jq)~xN zg9L57rxk+X0UA?EoL^|@bZMG|7!B4(Fc6bO%O~O-Q;h_b zz^1>Tq4ODzaNlt}&t3D;{OW%zwg`Kx2>z#ql}FVO-EpyO>nu65uk-qJ!p2#;=~@ja znio3&$>N zmshkSpSQHpwcFYwQL$d1ZETOUlGXVt$inZ1bkW*&1|%k)(4Tm=Jq<;pctD?TZzo7_ z>>+jfT2>>BH6%+?PlX`}%HLvdwP>Xp-GdH6q&u$Q4jGMDsFh5am>;r<`rehs2#FQi z4<0NEYuZmQQx9FZR|bBk41v-XSlb_s!WApq?F-voNaTp1RRCUZ1Hf1Wb(k?qWB%-1 z`8ACSsMap&#?Jh%p@HrFb)JN-Xdzy0&wst$fXWMM#Gp@YG>TjdEW}0zZYV>wQ*`Xm zsLjiz|Fkvt)VKrme$Npo{QZ5!AI}KS1!#uxzKK3Ujr1dJUbdWfj^y7Uq9(+-Z;N}` z*!Q0RZMU~S^K4tIy0ulps6Z&vbW>`7KkwUqwv{k7SC)BBtNCuL`ExUZ3;L{9b49CI z-fEuPYS*(uuI{k5bs(-S6K<#u*3E_vv9{Lz&^8~Lr=FgtGjOT>XV_ob6ub_;1WM&*nKdAEZGEtOA<brVH3F3Qrs+h#>hua--zqi0m3 zAiUU&eU%#yL)<(syloz%XTR9Sl(?Y-hsRBnR~PF!^B&Ch{q{J3DCo21WUdpAfRl2k zg4Bm~6L~cd*E$=G38))w%A7#o2CZT0aH1-KeL8$mrK3%FK#4w*W(r$5Ih^F1086u@ zHYR)2r{?tvxLFMxyOl!pi^W)tm%3JHOkfd9Rp{mFC8OYNl9Ec_CbH|!~Uf0INq(D(01+YB-Act zU4A`fR%>vyhfJzkn-u(tUEX0`(Lq9wCEm+wKIG2A6A!^~ZuKKIvq5BZQ(wN_7^Ooe zlx{A~kuh|kS%NKm6wwW#tS_|N04!BwP+7qS=9Lo$?P5jK+`Ow365a9&*vxwn({mO0 z+s44{U8#R$#b;UdX{Y%`r=O`pCjzK!*HL|4A{YQoN)yuHLn7SA!-xT z$>Dfi1h#h(d&O76w7EfqZW3ZwJDSd;ZQv}vWM`DC+X=91H?igdkyO4_ML^M685k?P zmc&IB)j^?lybL)9%{G6F9D*HAN>)l&bx0d`(Wcq#BSNaJWsXy!8?`OT2)xo~S+D$_-%`du2Zmt(wQF_Bp>Qxb<7&ijvUmDMg4|FlX zU+WTEE5%ahe@tvQH?cQPx3*M@CpwwW&vtPyN%2nOAz&Ru$%D|y}RzL`RK&|%v_|u&CZQF_q^n0%) zR*um}Q1#Rt;;^g<2Y=v_0rWnxVI8NVRJB$(P*zPpIc~EcW6~`uxVm3ULj;k$;{34c(I5l$)cc+~~eWG3lT*`2O2^!9M1fQdpx- z({pc%n%p`fH~)ME*w1*ro}{e-ni9r4ufe>qL0r&at!_YUJMmqOYEPqO1=Fc_(06e` zb^PlPzb^}sdu~Y&^n>|H@kG<1vHL!^`0=Jh`1`SASI$w}Rm%lb)h-t!`*MoSV-AfV zuJ``vgsA+CqEfJ-Blv$XlIB_h$o^pU1&wZS45=K0d zI&?iP+(X%KySE5$tAHcO!_yz@S}hT`Q6FgPbrtm8A>!;6eT&k*I%{ss!dbYo$px-d zEX9qEcZ(AaiS>@Rt%HcsrvqXK22@ZBnTZ6XRy+FGu;_1`PQ)gOW*d%Tt%6BOI%0j+ z-k6PE)8E|KpJv}Nz`J`u=x-`SP48>7|2iAKRqh~jlzVs>F5m{e4>cI@z7|ZS4+q1t z*g#n25(T5oBF#;t*XkQ=@hx1r%;-j`BXbI$aV)r+?I;}8#8za8k(K2a7(KL%<6tUL z=0~CMu~g;;-t8v%Z@`tuqh_jNsTP7@J&d2lH?0HK*ssQd4aR&C==n^LhIOY-vMc3e zd|>xsX)@$Ugu?{zsmj1rq$F19M4$wIC3q7Kssb6gY$Ly42zU z06C@ejQ-RYeV<}fHL47nZph{z5LhKwu|~B z13gcpQ4A{9G*PHPIw5zNz>~`kG`%dC+kqhL@sryQK_?S|j|Qc#86>V7WdC7M(2v1f z)s2$3yc-1HN8LnW?l=tLdiNkoacW4N=1bHrViI<8`xCWYbc=je{!l3F%g6*xYTGJW zbwpysL6p=layvs_;M+kcJ(}+RsR20v)N6w(;fm2HIl?sfmr@|)#H;$UuMcv|&@|eO zQ+&U4RI42tCWXK?f5DRWf_V(ic1rl-Iu7(~P=QT@!L2~qs?i+qrV)9G>I@EGe}*yB zB|Av=P)mk-*|}a`jkN!f@sLi0SWL?NX|4u~1l}B6g9DRJWF&Gs<7@uv9V@TZ#3DNf z50D#kZ?iZj%;!rQc-t@V)nL8Zid$>*Z?7fU7?S~Z!d9|ddCGmFr(fXlA({^?hrU@X z=4yTDRILyBELEY?xDEL5o~G8jOYq)|g;;4xI)%^$css2oPA;N25A@qOHzFkPL49p# zITA5AM^BhWFlda9FaHN%j@rQ9p&d*y^!o&sk{SAIbHSeGVhuy>ASZ{+P7$&?O#b~3 zA}|D~jY($`Q3~{|5P=QDG%O~`_7!vvizFeM<$C`e2+S}V=@@2JzcQ{eGO%@6+MvcZ z+X}at+g9*BXqN%CD)dZXf5ULrv*A$0AK!HZU9Znz9T<3gSo)ixV(~EhvSH>G!&rrX z9AeEfzZz^{2jIGWXE3wz$st6RE*Q$RSTT%<27?R2U5Dz+ajP^Vbb>fMs&&j;=R@hl zBnpQM6UG1#7@?do53VyZ={2ddlm_;RzCMkmg9WWou^qge)7RaRdATWjbYSnW5*dBU z4L$3M?+*J{vBirw5Azjq@B#0ob-h6Mtf8#vhlj9`ZXQC@R}J;@U~4T9w-^4aB9qh5 zT@;z?3qvX6uloMB4_$K||C^5H z1HWWZw2){yRkty4LIwF4I6qX^JTQO5^1^Cg0J zG7nuB>8zQ=%Q3+%sj^2--ImkG7kT_=$DEV^-*_RGA*ACUL{V2WR z8hMvxHNVT-!-80z!9+fRT^#{uMe%{SY=JrhW?ufp4I^WFEc5+Ac41sL>Ph$cF!jYS z`S~#Ot6{`9w{%jrHgv1-3lQU5^ZkXlj3APTjLetbr=9=45w95vgYnfv;~R!To&_S= z2AfRUhZ0vKfxt3cH5gWbxShx}9~594*`u{N*C@+nwcY9t0ev+QmefCqNN@N&EaB)# zGR63~h7?|fY#-w5K_pYMjz%$oEc*>A@{-=sOJNmVG)I@L4$1!Uj#S^~TToOKFC6VP zg=RyCyDr*!byTd2K4$n&@vC96>bV?-g7&+_$1<>VR0HNm!gNUU3TqlN3Rnkiiv+NC z3cotvb+s=UkdS2>bz_79rlpA_M9nE4fIAr@D$82%$b6zEqVE&9LKx%adVy6Y2L=o9 z3-NvfnDDtnXWjfgN2u&sj6ixpbbncAnf)EH?k^YwM{|F8(kIVeRU@vs}KFNrG#kibB7bKdSR4#WJ0Hka>eVizYIx&z1Ct`X*g%>N>1KqO=gu#)N65HC&_epUawHl>qc046vSSa z>)-WULtK$Nzp}*E>=wEHc+l^UdPGyRjEV)u-9ncP(0b#8^hUW>B6I~b&F;+R^KYm$5gX&?jSGw>sy z14p=;2Xu>`GYbK`aNdp(qPD%F@a@650qaTb97eMcH8a6tq|(fayh4A5gnZX)sn)Eg zve~n^x{-96iK0HRbPT!-`LwPKcN-(cS>H2F+&>bk(;OT533`4Wt*N}RU5PP}2nMTi z&k=#WW3(gI=`e5;QTs-Q+Jw#a0zt44;I3KMM%ywJj6lyhBCuqvPJzg$^h9)w(Ibvb z>Mx99!)P(4X=QGz|1FJ+TRk?HLymg#jP#wq_-NLuz`Aj4;K=YnP`*=gE{2uHSX#eb23|sED2@W#hzqJt)&3juRj796B%#fGo2Z-V%!{R#xjwHOrBQrQ#^&sKQ_e zSb#c-zHjC3^M(3e0gkm!4zsI>@jJ8Iv&=S+2LgNPI2O~|@gyi{b@~iJysus>qm5)i zH=!1LX1;H+keQIbTP}XQnN02%8E!?l3Nl1V39H*C%v*(@O5$bL_Q7C_ zAQsq6#j}JHFG>_6OVR+~H}|=j7v>uL5&#;UZqCR*s=&rxpjymPs8b*k6{mMMt>_jP z_ZF?`wJ+^8*7TY(Gu{}ZuIx3h>a~q(s&k6-diCA(V)q+mR;3(KZ&#Fo3M!5`!Kl^W zC^Fg&@yK}Y^Vwc+nSeoul48fm$9hAL_hJN(H~N`{)=z_YWwbG;HP=#E|8j5mm0sti z-Y^=v`FbyA**ix%?;h!pJBADU=7F}%zhz*$+T*)sM;VBV{K|q{oh*KVUvXivct}W! zHlh(>W@6lvChoy4c=H5W`}BlrR2roDeZ92n(Ft~?QITv6H3Z4kH)w}ftEw2e7s90a zy^0-ZM#9VT?0=+;3RZZnqbqbSCfiS2@79^FxUI*yvq!w#p)~@6#_-Yd7&31xU5TI;wRu^Lw6B0ao8a)WQN`=n?gpd2dG=aeH_rOjZqs6Hf7G$dVYC#8MAqM;NgjdhUw|rIoh3a$lEwfdmCYdgRabX zanm%!_k!7Yk+&nj2O;ka=I+?Z~1f2=buV|zGbl-t_6Y5f+ryW7MS_W26(ovVZH^!N7j}uVP zqQ4UgfL4jSK@b6LkeX{A56Wy~7^&tN^CS(3YiDfuHg|bM8JQUeZCOA5>SYT9_fJZH zI#GNv(Ox;pyl|2xRc3CTIgwd;_9QnaTJe{hiwfW`*mSO0x(^+Qt{>vGt1|1O_J%*~ zbrMB5>=6BbY1P>&SB=Ac{i+jr4KlJAan_)$CDlcoHHr4Fm>kEzP7TcKw9&|^nsEyg z*dTlb+-d}^}YfjjO z_OW0b@-U~Ied>$&<55`n=E#D=L%R+%+pNHPyo{5qg$GURH<(xbF|D%<7(XZ>5`D|j1=J3Wzt@pi z1s6eI&~}0!#|pAH2QfaYeL0>(IKWJzUm6RtuMhHYa&DA_#`}@`P@Vg?5AO#p0GuZ7 zHW9p)ysR+psMBB-Q16LES0_I+O?yzj|9%9nDdUnapP8%AfK(?pwmR zRDXBPl)nFdAZf747io85Zf3uZuTHP^&18A8;OpdV zT82L_phBQZjXY9R=(qUz!Nu=6sMDy&S~^dNWWvD&(jXdyv%4C7(hp2)F5JRksZ}zz z92*RY%x7y(M*G#lXzrjz``4=b^M6OOi^l=#FbYT?7VPdAY-{iAkknzyNsRDDsl#hQ zj!lEH#~c$G&nJ7uB)&g6HjQ}x^vEn;nf+sC`N_*AuAtN9B0vlWnS);Fo3?|QuZ_8> z_p^?8HVWrde&E2gk}cE3-P7zpPBUMd7WtL=OO2p_?gxA+)W78A1vUDLx=myfV^oC8 z%wL%!NY!H>(*9Zvbma5vZ26ug?wZD^-#b0}KIV{4H$bFZZOf~td+Vk*IN}2R?iJHr zlmy?_LPTk5AzZyo9P!xn_-oV5QgeoR+jMj5v_s&53;A_jt>iR0U4`TbG1TZ4N9Gt7 zO?4qE3>6ZmUdky(fzJ6dHC84d^V%y znHlEuGZN3u2=1JL-b&BTU}g*V{ISXN#=5Ub_v@+8kslnhmQVL)C2pU#Uc{Z^8psN& zX&}8`A*(Ihxpj(j{}eF2VM#4dW2MNm^G(Wgd6a!9WDqh9W}|t8oTRN@tf79fx=KA} z7f*FAnL3m&l^GcbY$&S6mv>7%@O4Iw>y_d}x?U%0=hUAE2$$(#PCIMmA|<*c6o|;Y z8FC#J2c2Fy6+TeoDD|DNtM!*^!AjkSUZJBux~M3nQ}nijuF6smzd@B$N~seZPhKa} zPQg`XkyA*Apyuz^YJQNTWmpo5guV>4Q6tpI5!!uWE(MKP;DHK+-EF^lvlq}eq4ifMXt z2!{IK!OQG z8IKAJ9#<|EN2rzd0#={eWy?KSo?xxvh)@s>!}+vNqjI{gFxoMj6cW`)?vtu zArzmQ3S&ovfGq!}K?lMj5Ymh=+Vm`By5U){Q|@3t@6QeAxe>rev}zN;k>MRWLt>h* z3j7MCR&*8|R?%&D%?&&`7Z;CaBxLQ&2#h?so(z`E+|0JQnjqMec`(KZ<3fQJ$i}q_ z@*HvHOn2Q(@yVRnSIS;Tfg{A_Xf`=U zIX0OtXe$A``RPe9+4}{w2P*E{o6Xb79nolAO7({gw@^af=4$SyRoJGm428^5eXe z7!yeZCK9#;30tI1kA}`jS4rT`qf$B>C&rCkIy7)WwDzQA=5b!*P=Dj@=@5#l-H| z6S=42U9q-6&vV*&T2F^-w{+j0tFeH?a(nKN0#6aZJNTzvT0OZEF^qK;g9IvwgaNI zA<)xIzaEvlj|8_gGgAaHImUdV2EqxaYLJqb_di4;H@Sxxs|5&*CX-^`Ac0u zyO|NO7^aw2hWpOIBaZweWm_X0^=-h?>YEx+D4ZPViH^t{IX>{!(Y6ES<;!#O-UdRW zNpcD3vn>D_u+4xtIbfU|2t-M}CpvGmy@Y?V?HKK&tQ?VGXw^uUl>Va`-WJY-NQk1q zruh(%BHq;Uxry`V>PZGc#QBVGAGlJZ`BK~F8H6(^BBAFY!pkDTDw7UTY0SrH&gE4y zUFftwv)m4$GF?!aFALCI5wV5YA2IY}B}5cSc)~Q2$(C@ctJ#3p%rJxq#0Y|x4Y`X9 zrS;IQ(GJoOM@MUWpyxD^9%f>vnB4YCRPUv}q-S(5G2MbWn(@Ll;j- z|1)gfew1G4CD;mK9K8?leap<^2Vq$Zk=N*_(7nCq{sOCaI zRnu=r(I~^=aL`L63JG=%H2#bA>PNjy`6RzmxYIadhaq;df%{MU@iy|`n>--}*WshX zD2w<$y3&opxkj}5j{~=f!dpd^uarF{huT95hMqWN_Ry1t{B&shklMhig$+cw*zuHB zc4a6AkuplKneW;7K*i+?3)U@+T)ohEcA=_qYF%Yk7}qa!HZ8tXIcPJ@y3fg78X9Z&;g#P{;)8(ePIF2!NcT9@@F#q`Eg91Z;!K$*muXV1p}{k zaa9)s=*fToxbZT)U%$_gA@Kns9D47=FwMUo=i+6f4Dp)d{IU)?A@DqI5(1Y2 zJFG;<97rM0D$)p^f}J8*;GP(qP00Ji&`&k7RS-aeJL#y2j^=fLLWm~?lG1rnj0kKL zsRNey+=_i+k$n75lc=mwZ1`}fxdcrR_ZmBi3W8oTLhC=B(F{zqa{|lIq%2fYO@+Y> z(+tt0^_Gw@#_Fklqn_#@S6n{)nSx)Q^bY>Y$;l@G4J&+tkVui$1Rr(+Do-|GpX`=L zbYlJ3myZ9q1R;Wvr#(;?m>T18gFH?D=qtt%WuxDafvaTNb5NqAmh-FlyXa3CK(O@^ z?fg>7rG|5cQ3$OMMS!dj&xQVDh5s0q&Hg(r2%Q9a7DcLfB()^sP>hG=zkz83=6^l8 zGbL6?#qDG~9*qZSUG50srQw|R>iIXYU0tA#t_h2Bm!7N-P%}`Z8kp-lGqf4e>wyXdt?<#0KG*KX!wQm zbgep>Px3jD?}M+TlHpLK{ZMwnV{9jZz(_J$ry2mFmJ9Z%Uz_usfs_@QWT$nO!6E_( zarLr9&)cby;kX3sa*|epedpu2(FN-?#&y{I0Rd;qXQJR!5e9+vsQ_@ZELzEsp|K?t z#Am4A|A-Xqi-i9XG4@4xm3fkc=~4&MuzR6T0XYpExUZwnzz?EvoKw-!l8Tpg-<-ib zoWk;egiv4LSwgg7DlVh<>!Kj;@ShCJ(-jY(Hz!URbV2EEr_%eV)MDHC9A7n}&D?Lf zm9oMx22{HpzGF+{ici*qIt`5$9WiB`s@H}No`sP7QW30=3_nYA&Ace89uQPtAqNoU z`9V?ej4+-RLjT9Bc`dPig@I`m0IJPK4M`Elp)^x|7y?`=zEZ}1C9rJFW)|LcBDNl; z3H+Q@1|ATj(PXjd5!7ZH$-->1nj^}D2O$QwlXZ8w-XRmMDH>7f-&gz(!rLxfzd=R* zNlw2sKor6CJDXSn4`BsBnDXmE{Z`BO1K7#VmwlLNNd59&Jg~_(i1r5*m36g(oyp8 z1%XjIjGTl5i2#;1c`UmEIJ)4BP9>BcaYLTjb8xhu;r9Z8V@aQif$8F9K;H6xwzFgT zEEI}jfgXgV+MX#OC+e7!xK4`e93PldM?qu|#4J8#6j?yEn)OxOX>yDk3<)ne`rtLF zqQEsyg1#?Cf;}&5AjeZ&<0P&Dv648RDb)5G%19hj+#8w@?3EMhxQxkVf}`{hk8cnB zKIPet_;qMrkbKbxgh2%hq@VU|{D*mh2_YNP<}`Deh#py)6P^)qwva@^XLCuDnoYc1 zjFqHGU+eTDVn*UUW}w^ITK5_&oKFm~*Lb_)6Jt!^n61P)`jbL=u85rjQ&Wjq8s>P$ zC@CyeC5pqt;nmW2UdVYv-+6{}lkx5GI8^3tqeW za6j~xuydHxs*0UFGh9j;KQ&H`cgRINO;wo*lx;$tLF_o?m_UP}JFGYBh$WF!rRfMX zpS@Wcd)zQDHO-&JYnv^@M1bHg!$rd?mS;QW-)!)f@7fTNry5D+yF+>p6WfjmYM$WG zLMrA}ZD)9cKvB!Ks8FR*k!Pu&I7ceVvB$OIT<&DRA92n4W>C6T4cu8yHSZ$r9V3qk zL8z!!tx{?w`NQFS6;^Q-E0pRBtMGc8`g`ghO6^nLSvJ)eKg6sgbi|JtDtMQz?zYwG zhFU@t8y)*{{fPs3b|`=jGfePiTis%-{Yo8B+DqtMpx^)4LJX>XR>2Q`+x>s{+kdy} zhNO>_l0=}J|#pCdp<<@Qf-pP4HE6BQ~#GQ)hn=?#TZolT5toR`BDmk z=(luEr)!+Fxfj4WBxcHbz*Y}}s-QQ{%f0gzq|mwd;P|Bvjqn=7!X=Kh#8Gej#a3_H zYPqde;D!m_Xjq#K^BhCH$o1&+|8YG{9^qdvRBV3qFV~CZuE#rH9J*eNTRM0>qP<*? z1@Uj!Gn|x@R;|ti+#gA2nKUn;@o830!o|qjC(M7qq)H9ZFSH{e0?B~o-XqM1(IS%< z$#`q%lu$6QSFNI(g2K=UZX8jZD|x-6Hc?AZ-QcRtNJ~_b^^S9{<6P{h6^6PBhp^wI z%N=!vqt?4>199NsWsW-6QO({%u6o!lxzF+LcOqAs;j2xDniu<+oJm%d!=Bzc$DL`8 zTFHJ)05SBQGOG@?fobc)We6qCY7P~|N&F=S8-IHRb>%FSAXS>CnUvmq3PZuN7M z43Qxf!n0Bz1@=!?ualfkF_#eLZc;c=jDqRBnn(09XBDh()Ef`*p-W9gp_f;L{LqAX zaJ!UWIOa~<856!lSWA>S*jmFriED{(HW;)~irSH6u^M=0j4CjfzBYnu@7bJCoe1yt$2;aU!JtF}70~9QNUJSZal&%p+KPQ4Z zNTqeZXT@D2@GiCwCD~oE2i+fOY#Cn)^_7TxAlzuC64&>|f=$dc>?<`#K6QuPU#L@x z*O7QuF3FHLw+i!iVM0RKu9@lej+D9a;H$R@bi!9f=1!6KPZ3-!p&u(g1?d0v!ip3~ z?{QW7h|-l#&JnC>kb?@+bvRuEfnUlK0HNaF7)YU^M$GGJZdP{t&>EtsA=9ehffuRz}8oGD`$f?Y&)e^5kl z4?lx8=ROYn5i^Qc3yo;EJzRF#)5Qb&o$Wv&+y!n!L>5(w*RtN9va$sTH8VlYR&$~z zNjKP;Y{O^~fMM_uCI;0}j#n6?RlYTz#Q&&W0^gkD^s~zlH@ufNj+Sp=7t7mGOsjo1 z1ZeJ60t_6%3w*X=TXR~J;7r%(bvHaFX7_dA7zol#x>LoH(aBm}UTmT+Kcsc$ykY(6 zxRs_?$*NC=0DgR|aQkb*X*23?m6Ea4Db8$Pwu+DrE!D5F%uXfgc>+{ShP99uV`*ys z&ti%^gK*~?T7S`g+q9MDRq}JGAgA3nCLkC)LyR$Fl$yY=@jg(_vIycMejj}pY#6$g z`;7D<-Ft+h95U@zL~PXC>>j#8H5=nu#Nk90yc94s1tT#x2uD2b$ei2jpQz4(z&1@w zkjACx`zv>wavlA)(v+37E=dgu`r+hv6;YXEIsPIRmD3L|QmmCCjGF99RjV2}0NAv+ zMF`NL<*W=ryq+;o{KuH(Dq^+=tIaCY(ECNPtmKx{MwS0)(+#C`p}$3f@j;CdvLmv< zuLfr(PBDJP{y~@GJ8W@FDS+MrEvbbOMO_Zeced}C0o&Uz%MaesUH%>Y#`r`6ZLlsE zChw$;N%A|edvcd{Dzsg!y)TK@QhgUPu-Qt(Oap~BVu<|~JDM6Y?0Kd>a9Wx&Nw2zA zK7yGI8Bt`hXz@0cx>O2depaY@0yBlGh+Jwr@jcQ0UA{|^ou@A{LaoF-|Ie?5q+UdM ze%_ zVYr=uomo`a?L#^3+GkSB|A+K2p{Q1`>Dt&t9-9%F*5p=`CbV-pn1q2BDM3rq*#G^OfB zb388Xdqk~^Mn*GL%%Pb^B0{N5ixLo40uVaQBrYC8pS_9vHWi=(Pr%>^*p$`MxkLu_ z1jO(ZM@)Cfw7?!De~S7^%*0|Aoo*(k@8Jdxz=$!LFKiW0>k4^+(SwGXLqvO|eor5zEq~>lb6?)^iutkS)S_x`?wj0GHi&NC&Dst58q1oKNPqGH6eY%Q#9IOvRV&AAjuF~HNUhHK zw6;xo6hO^7ZOD3-^9)wA4jUZ7u~_g>Ol8TpMd=O^+bJq{h~Q2!+JB7g5YA3v><|Sz zh3h|-_@5aPSjEhu#W$(gwW>mjjVicac~P$jW0NYNL@U!VKzS;7fr1p|e&O69j1{ur zEG$U#Yf!d~8KoxHJ59Ae~i4rW~-?RY-a9|;g$TKPxiR0ub%x9Hs6}yA})6;SbrP^=jCR6#fZcSHG z9u}(UfC4&9z*W>nx|@03(XaHq9^tj0{mWWDXK05QqAK?d=T@s@t&(f}Z(O3}O0pRAr@w*Dm5eIO{teEDO!!FiI$>V} z!HjX9P#7reS@FBRzvk^qek=7gsqcJ4-!J@?z#H5Nqm&iSs21~Tp*9KZV`)D^e8sul z@@VU$N`5Teo2~42CGW|7&-+fPn*`R373={6-4cIJxTs|@vkKoe3I1^xm%sW-IVm?O z|0 zvzy&~)R_+0OL?6@cf^WB2O-fLQ~u|ZGR^CHOsz=a_+pZFMOTL8CzZ_r7`MENvqiP4 z+9Zk_?XF6r?%di{Fejy{#9?tV` zNjtHx_Whf)NLuBkl(Es*eO?jhJy(lGNg}%&nC@zsm?6{+4qaQ4}{TUQEl*_ zgo0&wvu$2uQ+x&0G1F+CrOZ9jd`qf5y4~zI(ei4YSVuJ@w}C3go9xKVc7>mQk^+`k zMf{|LYtZc9Bgu)M`e;NA)3a3`Dzjx4J0i#|62q~dO>FEd3D@!s6wX(5r$-i*ax3Fc z7eTba5<}kliI8C> zexnpj37Qk5MRv=6ssNt_kyRa$AcP&Llk|v!>j_r+X^5RFTCrQKCc9niX20;C9+tb< z`qqe_&InJZP9RXDB_iq1JIkMtN&T9)M6~;h>A(6~8>5Qa5)njy%lPdEVNLJ;Bygvh z#`%Vd5eb$U1MLCEP%|4{ujEb{{BihLa9vhX#s8#jRAp_@DeNG!O*p@oTFKi}k=s(% z?J4uNlpP_aYw8=pW^c1`u@NVn6G2riKooS zR?C=Z?lR=_*eeD9G}O1+I7e+GHiu?toMozIu+X~G_*66;bcZoBb>c-%uelv>U4XbS z(DO#QR8nAl9fZq-;e6eoK~)%2)ceX{J6^!nN`O`k20B5q3^Wr-3{~xjN@5#%;dc1% z{!3$dld*K9AgJps7OBE6QjdPZ80-}vA_ENQ8cpHey znPuhv5LkUfP~G>;@DME+yj+A=h?xfmL_f3O#`yBX^@rnxz)~B9KtpO%iQ-@f_fo(TU?juatBUJy7H^R3fO`I(WNF79ClDep0|@62aS_XPJGB3a0=^Br9?SBi&h z&^B+{RZ=`-F-R|<=6h_u$5F@pIu+iba0jShw>b*`j~=2k`M9~kW{6huarXrqr->}@ z#q`9MCL!<{%Y4#upRm-E#MV((@mYk1C4z@!z$^a1{81x}sK+20- zk(g({;~4Kk@G1wo1N_*xFN2Nyg2sbE*RI-&@wh*+|hS=WZyky=ckvBpUzUUsnImmRgUZevEJ3Zsbon(4h zPdQ48S1{P^FCFvTpjV?F(JYV@801?wN@oQQJ))&;ELG1F!9NEJR(c0t9B4jFT1vqV z2dI+bgSD*3%Z0jvb!prOm?w0Jb~uKlBwDas0&GVa$w?neOJRt#td0+9!}Y! z=Y=!Ijyg{ZjgqXTfWx==AJrau^6x^{p!Yjq^k^FlUg+=>gH%*2PNO8LI&%To4jNIARQkDc-+IC`_l3;MNx)Muh8D6meuQ7(TCPre z=|+q}?fW8C)P*l2j17n*j&B;)Tb}um$Gm+bBtHs;=VCqN#O4eBPIv;V@mT9{S!(-c zMKPXUPu++;bplg?KQoMFTw$JqjC7e{STBXUt#8a-me`Fdv&+(RbGc}4Iz&;lR9qy^ z5bjd(rV+S1+`tmSM~8I~Mv_O}5)e$Jcl>~oXqm&-`4e|$C49OOCw`xZJ}9E!gkVv< z4!?qU2e=QnX*jydk6dRKx+GkRmryt1NqC#`FN_#xx0t}G)|0~tWeERn<6q6VtX+l$ zR+E>IvDu(i^b~-GMW$ZE7BA6d2IuD6egb|j5^}wdp4lVh&oP{2muQps36MXc3~Kvg z4ZdhF>g9u$_D}$yYGM%ZFPNv|CXIUVrv~jvQZ`15*g;wmU3Ga8#8qqI0|I;ccXZrN z>$%_#OYF4PM|Mz{dW~pbDby;efDf!6@G;h<+C@r3CtbH26-4beeiA#e1Do$D`IFFz zErAu$29~MuovRjys2>I-BHY-<{rP{cN0<`L<&jYRqwqgQWSQe6om3LHAs~9#+Z~(^ zEwWU-gtxfG>6h1HA11*=;rS+vWLi#}Q)C{AtI&bZ4S^eaL$PN9n}rz(m7aQ8(MSY% zP9$C6Bv{!E5IlwDK<6p|IA%`??$9&~ts6Mf=K@v@cQbmi{1L@q<0txUG`wqdL^Q?l zH|chmmnn>;^m-$<(TEqs;FAwuBnwv&g=KLzgq;V394gB{RiQ5w04H5yFE>JOe79~d6J28D?Q=-MZP_@9t z6sVnF9e6R0|2?v0Ck;x<|mM7?*$gW%OzY1&V5Tn?Z1V-2Bk(GY5dF74O$ zg7&ENazr?SeaD#Ad@fPTJg}CEBhC=^QtS{WgP?FIwS;y+RTi?=06J?bN!<|@Gp+Mu zp?b$FbHXj?Z1+KpK$ObGXBf7EiDGO%cIpah`q;@3*tV!&>f#9kX<`rS!AG%y%X0eaU%JDIC~FxE2^vid-k3^<;QLwSEm%xwfe95l5WVVQ}Re7ODQ2TA1b_Z z0t1bmYf45ECxa0BES5s7wQ0nnTWuwn`4Hs&Nla!x)nkPi0OucsW(jfZdjpf03KJ9r zwm*u28!qMLDfmJ8ofVB!69&FJ}oH=pA7=wByM{T{T#zkWKHL8Y5SkEP z+*HgsmZPNkQb}15hx8>qMD^Q0vEL^y%ApRr1M`r|rfXgefU$`#;(OC?kbX>p0JFi^}AVx!|vn#VcXQ@f%rG&GBo=9UMwDC z$>k{&o0fHynWV=%4=TS?ytZ>#W{$M?b(>YQeY9T>Rps1he}00~I!ufH#8Lh9B`z_G zrKZstr{H{<2Kdb*Y)6(iP2Hm)9~bVC#y|yVBn!|M+$fgye)&X>dKPfjn<@fl^?whd zuS>8H?(gq+thI`Oxm`@;a6q#dE(Zuh2!f|X#dCAMqM^B>PLONu#ZX8}qxlheH>ji6tNqFQFcDyhtT$Wj7iVrp8>M}L{AFyCI?NUE zxVVJMIGX&Q!re!={)S?l7YVBqBdlC~2{isTX=4nmTC$2fnlM^DpmLpKOrP%85ZFyG_q48?ftP^bzTlp=+g7Kl7GsUUF^ri{v ziKT)&3|a0ZT>FLs$0^5x-9G60)3`GTPf6E8)XyWQHd$XV@X$42wr~R09Sp8N)79m= zd;#wxZ{xT%4TVibpn<5L`B^djP?{AGa3=}DB2oCFT~s&A74qy;_!EZ64A`SR1P6kc zHRX1Qn`@(I+YNJQquT~EjHo*p94b-!>QT?&*V&`0CwKCA*VxuunkW-Y(oJZfa>$-c z0=T7wdH@oF4{IW37KRxnU9^MnJYv!fsB&pR@VVldlrGV=VmbFT?7$Mk@ECm%f07iS3O)496A)S?$OCsBUWKN?PLAkpscCgxwEpYH%zg|Q2q+0S0@I$p+~(E`zK0OeFu#%K z1xWfn)hz2M1w&G@iaZ9+1g8f?`lft#;Eok_tV11)P}t>C!K5!^$lMmDJje3Q^6vhH_;y#00>(TiSX~XGAK3kJ*4h$-30>v0LzIAL{(YneEJ{4^) zx^T4cLzWl~0q?KeAz#?~Q#<(&+xfs2P5jRpPcX%cLF80pmYUFQ)S0tI#odFGh4m&L zZhE3UGu0ANv3^GU~yRn!B}GmJ;l7B0BepwF*RC~x)>CYg8D?yW_N zJ0dFXD2kizEp8|C$%NJkZ5`H~Xx2p2p7^Dh`JzIPSZ(yGNb!Fum=lw}&^RlM6#6sn z7#G^T(j>0pZMEpkb->|kFNG63f?Cs?)Y|Bsou*Bvo??$+x$4G`(ceZW?~rJOt5Dl!h6THu+RKk#^nh_cqgldLybthUm22!RRr`ELGA>8_Zv5`DV2m9=+xz zm;|J%Fd=*>{-t9HIx#M}TOM z151x0ag_D>*H{6KMUt*=Fl&SLMr|mv{)n#dGlR8+pLabw>+(+ttD72CG zbx`v0*It6#Q8~z#J5sGFhZS|Lc{P*#EQ0~BzuwBI_%+$-)T}emo}KT9k(C8sjW$H~ zN*TPkVc)Il1UO?f1E{M3mNwbVKzwMC06-B!v*8wXpnnjdU{MJT(qm2n>8J7-MLYGu zdKVn!_moj-b6`J=pp3>4`Km_OLC={j5XfarIEU(s*J{XBH07t1IbLs8NbJ`seYpLY za&OnEcXW2Tt`%YqE>@V#SmGq^t z-mr(VxC;yvy_uS}0AP77&o(ZR1yd<_eu8??3XW$BiW!(;0@JiBcZ%h+=OXE0o|&v? zY6Q6rO1BBuUwOE_|3N;9G0pre( z;g%`rfrJ>a@!f&P0?kboG!%Av6cMX!$Fo;E&Ibryc!2BCfqEFB4eHtle7p;U{xxoA zn=wI3D2v1N71};uxovh7QtuZwwZTB4j)AgN1`<3e3czc^ZGiVq#!wkcamK7(P8Ln84Ex;8#{xgRF;~luKQV zJnP_4k~>1xiWH{z35uyQ*ngz2LY}h**=K4u4+&&%MZQmrN6WfWo1x6xdOYuUP~rth zfLFKM;{j*(tjw>BR1bi zXR>Z(NIsvg+41P_MdLyzv&B(n7SGxr=E?+^5}7GF3|?o}a2hjrWY`>HFIBjuLOh3x z4LTpz{bN|_r`VQ?kqe7Dmqdhnm=m$MarVn}P2jlD9=O<3V?FeW1`8f0O z1ty&<(RAt538$IUceP$fI-g;b)Z0DtnMY^xQy+VbTDvkCF=rc?km)26hrE&O`&esJ z!ipRj*EFJB6#t+d;fj<-;ve8S`$NihrYJgojQ8xNh|v3b`}`TuKnlWvy|NIPA-LT^ zrv(aoBLP)G#<>2iDevY~;AY%`beDF8C!>>kOt+()!c@a6ajw#^Ii=M{2o@-he9N`rkzD$v+MH6&1IudR&|`& z7yHFJW!EN(h@S^IoHf>9HlD#U=@}2f%(A)|;p)*xZBY0@eWrpI!~p0|0F2SH0@Q%s zY*~!6APp8AOAmJua4%JRbl1-vZM~HtnoBC-GWne9p~qX|Wg(1>ga&CmKai5mX1VG* zq&1q8M3`;BURMtpy_k<_cZblBic#CcD8DV!NMk^vLK*DSI`J*{lCcF^u6LqbuMrBD zeuyB^75`gGbtI)q%(Z>0N=vEkkW$@FsS+-dp6Ko>>c?`GnPxDhBCXM! zETw`LJ1SK|#Jw~`GHOAocgseX-oLv#_j}gW*%p)tfMay&NsqDZ38LJTQ!G|g7)Cd6 zxxwwxx@doM0F=BWwixK`t^Lt85#so-?rW$XPNNW!}{{hk-Wm2L`tIp4qaZYuVv;^t99ZEY*m-4H?{STEIlQX z$EwfR$>+qFYY*lnB~cAv6K0Y(ui3?y?O}}j#Y{rpkIc{g)w)Ol@dHo|{aGElVoV&1 z4M}`Glj>OTQ^!f+24X^KTRe$-O`?zPV_lttVH(OM@6)XJ51dwn-(g~3fg|t9Jt;6L zjp98yT84F{L5cTXs&Vmdy_cG2ZHzBf?Y$JP+d*Px-=)4Utzib2BBjy%_^V6pFPG}1 zR2_>)aH(A=)gIQP(WP=jdM`Dy#*3WdrCA*-7uuT(k?&Bfh%;AwH<*SAnbg$J2W5PK+o8rQwi-|UP|spH-06CZ{n>B&Pngti zI6E5_3gr?y2>=cW`!`zuP>n;4NkRvdn8a~D-m=!Aj#l%rD0I6iOoJnw>l8MhZ&31A z^$j4F)vLNS`n)mzu{iosj6U~%MGxR%&h@OvQ-*_Le8?kWu=4zmvhZy`imZQ$7Zphqj z)@Rg)%=q;PYTMNxV9QL_g+a1}a{F^-z2RWD;Za7yiPZ#9oK^_1Jizjn_`T!2B!=(b zI>B=eW7J@OASSZ@!GPguq(5YeY$oVTxdqhz2qCe6|9&J(|5@W%QO9-=G!P}f9dolQ zYp8*yV*lEh7R&kreH!~Wt6`4&9tF`skD7FHgEj96^es>+-s3d=8jw~!RDE=DzKUjV zbS1h;5!fYwjYsgp1FU&J02j+}MElDsDkL7F=fwk3lTAvaIf!AiM|~1uc1E9Ew&snP zW=~H~!*-kiufI&WXQ*(Fvv+!#N{YGc%!v_)Y=F{iHL;*n)24;aE3P ze+4t)yb(M>ZjQV6R$-b^(^AuCSes1?rVDfmd5|qNZY^sL8rn$Z;eWuQ6s#b6Fy3@C z>?^kS5URCQ3n14ppJ9lN*C8K7WA9)zNRwC?!3q;Ooa5MT3uA|{X9_FGRta;c=utB$ zSNGc*t)vikoDgj#Yu;|DnlvjWqOf9c2#CcxEjQg;rpEo-?=idwa!%o>UZ$Mqm9sZ* z$BA-vVAtcJ^8c4(t=1>3b+oQOCcHgab44mRMx$?l?cj1`ck_(4f1z?)lv`1&cs(^H zRWJ`~ymodRTZegGZDPGxW722n@X_cR2jQ;xU%_!s2tv7PKd*B5!d<8ZJM$wfQkQ7w z7Z8KsXS|6YKL1u(~lge#W`pziV{^YtxV>Q8q66JbO>p7`?Gp%%oxQbtky3B59 zm9dyifJC#PmeeYBJLu z_7_|Kz}aL3QB?`2riYn{y4eE+htmZsqvj6X|Dl9)FOX`wCvHcH+#Tt}UC@7c_olrb zNBu!%UdF7hPID4xIjJVNob3|vdJ+QVh@ZG8dSXa#W~##x$w{vm+?>7<$vMx+$N)bt zZI$4Kz$GLGT_UkqTGj?>StAJaG4BiYZ)NVb?!u#|qqocz%3MPfQ(fcKR+c54Qxj_G z*UEXjgT_2_A=Yzsx086l2?%QxW(sgvl`K3}7)|C8YJh!$r763?T+A%^Hu4ju+J7%u zHzn&)PkI6$e@30$ZO!{(UsETvu05?HO?`CKh@;O;Slvv#K=i>4K(uU0ZD z$ynrfW#ubS)#-jTC{?Frr&pJ$k=%f(;f!d4I73x=iD^#!vGqQxOu)&ou;^mrL_j{M z!pwp81$JdC^e_tb4*?kqrb#vTrk9_S^m+g~gq{fR32JT%pe5)p>T~|S8Fo7*GeV8* z&0TvJOmAvzl-mh6|3~iK!Rq^8JAZ$t&iSV<^gx)A7)=D4|F(aO(d$tE8}`BVdqPHV zAUK8=^iRnY3UpQ~X&B_3FIlaIci7Hdc6vR)Gye$zp4}n9vy1HN)rOX0)Uar59UOFJ z-Z9x1Ff0PU2u(A3)Nj>Eubge~rDvPDy4x-zcME~R?Vf%m?Y*8(-=8i#p7u_IF(q$z z$Bnb1USJ}(tS#F7$le`dChW%%E28in;ObXSR>H1yN2()Tlj4*XGhE;9s}qFJ4ju&r zB%3MD!|wt%3{10jP=-Hoau||*C`dx+vobcF(ko6ThGI==QKe9Gj;eL4nR=%#4R+0s zv1_{8?hokfUmcVkSRFjF(;keCjIE}Y2!4fhxlr<|CrF3*t8|D&@0KTS!@R{zZ9W`M z!L;i1f3M!jZ+okPtq z_@xKMbH5lfE<_Kq7`fEPCLXv|3_^LYE~rU#CaWPre0sq$K~%r3=8v@I&8N_FrZr5T z2RB#1){mLNnN~af+tyPFG4Nni#ZiaV8B8Ac39`xA33ES*9+x)o!HBZ(0-ln*PQ0-nWWX8?}oTxI|mR*F`4Z%GN#pe z(WrF@Pqv$C0|5AKMBos!%K%(tSWXGq%W{V6`K;6CVDy>imeBN)?GEC@c zUkbs_hcVAi!GG}7$B;y`^-Zfg~`Yb zQoYMtXwahN?V)H3k`AU@c^_gZKohC)wxP2uF?5t9Tb8ZgT&jK!ou!lUGGHsx-cod! zQK|ZLir+)|jYrM$WD6n%F+hHnu+L8ba0o!++c5AAAHL>7Mc0melkLw>k^&U-`&=k=xl2I0Uw znrFCAt#Tp-$ThaueC9Rr6sr{kb|ZO=&S~LvdzwFeI`6PZ+QMl`MB>Es3B8Y6%X@Dp z-)Qosc;5r~mO*n0-y_)uTdUGU`1vTA_#!#fRE{HzE^-$W1K!O2b?z?-=Vkgd!3cf& z160WjdX3&cgK`gm5ob(vq}Hi~D}rz(5&i=IlE7gi#y9%ypt_AEH;{{e_FW@$oU^Nw zviHPX3kQscmJXEFV?mM#WWNa#TUg=t`=R$E1g+_8zfLEXq~W4N(pmzf(+~Xz1N-$v zOO1V7P~IMR_0AqUmFsBdwM4j9Rsb99`j0Rr?QIFtNL*sx>3zZ+{r#O%670V|qiuTyX)Om`n&r73)m zWE)IV82)oLEVSlTy4757s?#-$mz`!zElFEWc2%ua*~()X^=!s_C*y1bF^Nh2yiD@K zOaN((x-8?Z&ID5HNyk?IOpBvJHUn3jCGp6n($m>a@MjUfn&=_RIBm`?V3>-iclHTY( z*%*>J3_pWe=2rBzgzU9BBCJpM$f($Lw$0rR#x;K4HO5+*i|>X$k-Km|7%_I-Z>ZBQ zEmnM@5=bzOMSRs;wR{dSc_wn*;ESAv4vrdzip90T5Q%G(a`kq!whBRS~)4JPuI9VBn`I)$dI$`%r1Zua1D{`m4C@;1ko*iDS98SlqGv+-A( zwI+dIc?+avHz~LSmjYu|Z~J&QT%G{77^R(qhQ--OEiONRnhy)ZXCANmb5{lKAl3es{0eke=_aHkFGI%YdOJG1M7FwH(qTN{H>*vSe(zniZ)22*HbQ+$vX1^wbqQ9`jK@<3;ptBypKJ49XoV%DTXn7I1n&q?$ zBdIozn8ZVfkmyYwkuPQLB$wl7-!ysvjs9l&b(3g>ZsaP?uZ(VThB{%(I=R-hfH`1t z;~qhnTVvuYr4qSLn;bhRg>kx)nu?&s*$K4@7FM#L1Jb*%$#{O!Y_Z zg-yx`XDg&!(U!^v@O3c&*-4m<*t5~xViD7*hiu#gaMh4TBK^CdK91z5!_5)8R^+G# zX65&!!3>{G^B%%TJA1$?WzJPHX~sd z9&w!~T=g47faKOxo#1uju_Q9^d<#SwDa{OyG&EG!O$@cb0GR<8GlJ&srkpjqHogNS z+8yVrTI+K7)R+%nLA*%5kuuLP#Ie?U$_)}(R%M_tYDHmqph%ls2hXVvr&4+r4ThPY{AakLhid21dWd(6%RFP7@zyc72GB6v-G0yG35dILfI=m2hz~Q_1OGE z&{%z`EWK&Er2bZUlaX5=OYwY9r8CQc0A;12j!ykqhDj{SiC=P?Hd?FPt}ZC z$109ifLo=UdiOj;!r4&`6kys>?qJ;UY?fP;G_@;hQ5WJBFW*fx<=xO5QByUUVgn5^ zl^IHHZBgHja1VP%pG#we=V(EA&c4~UmWwGv)%xi@u|b&PoaEjKU3XY^fwu=?2C%*@ z9-Pjnbk4W;b4ux;cls!(l?Y2AT~RmU1)taZIJ508kf&OYK}6U`WQJK(JIXW0tRm}No`g{*a7H5E1d%8^ zHWFonAZ0hw*2JFyV`j&&e%9=Ltk0QB8x&kBE%b(Fp1bQh5i^E^-bVkyk0_ zN+tp8lLCxRzfPHZQY?%d=Z=)KIR$de^{aNhf;L51%_N)xm<^T)DG>h=t^AQ_xb~x) zK^Mr@%b7A!Pb6AEP6*}eX}=P09oihaqV1f;2oQXC&&9qq`x}7fiHFUQgrKq;wjYlI z_TY?qGBaPLZ)hl;t5UmqGX||v1J7lZ`#`bsucTR;!k7)A%MwD=sWY?QIoS&8H1#hG zJ@nq~$(=&06D5;oa=%{wQmKJE=gky=F+s@OzKi}2%HC-0=HOIB_WRUzF^nyZyNWe?%&zu~i?sFE z_;%X6C1-ESrSvg0*D;JjlT84~j=TL*>9du}AX@Wd44sFQuxd}5&&!%)EiXrbNyI|p zQ7z-*7Z!YXpT%|7>>pTb093;p|D)<6M;+MxioS(uIjHV$BBB_blfYDspyS@1+CL8_~Zr zEZ{g5Fu^~{m0L3A&WyS(Lo>NOLo>NI?>&H<3(e$~Ow>#^WTct!VrMKaTC%CAQni?Qs_94W4}WA`SOa$GmkD=G!Zjn!U|u-Y6i+|s254kWjF}Xm zi3S7OJKc3$ETbZ)(s0_l?YX+!XB#|suJur*LHoCb_MM@A$MrvS^#>?U#7n>hM1=Je zQZCnV%QoI$5@G@fqMDB91H0|K7yQx~+6UVhnX4O8E8O)dwITI+ZS=Kg^m%uAed=4* z65ZX}+V-M`7j#{UkCPVqi=H-o9Kd#o;-hO}ZqZ%~vx|0POYytk!s&~aDH3Oq(7G^K zq!&(G^t$96#QDE*7J7@;$_37or0sfP&7xpo{i3Hdzm6dHsdDTlZA~X|LQuv2M<;>q z#?+>0+)QNv2E`{7W*lX=>JC2l^Yr2+wcLP&wIi#s2H*c-E6No zg-^77gAVUh{;%BZki=C^_B@c+NtMk?$OdEDd^5&h>N*GbGo25VxmAbn+s*H>(w$^d zjc%hbSy4c@nN>~pER($x_?H7si1I-dm5?lVmCg;KFPh= zcFxxR{q|Sox)D9F;(GojR4&<^f17q5*M82=vws?N#{_!O$*tOdO=ru35Y1H5C4YnO zulK7Pwcjk4+soPUpa;ptwmJU2j?kfgV22+9{SZICW$u6EeMkG>@n6tiopBxJIlsPw z3ZL=fX5}v=aNklt_qGS!3THniH3upbM%!iDiO!zpT$J>mL?7q+N4mzm^`F`PrTiDd z-Yoqbc7GN4#KC@9@d>8qbW9fzjDF>G^q1&j2TC-IGMUbB6Wa{R4fr6ysGY9-)07*1 z>Lp(86fa~y=U=10ssM_GkUYizIFOrO4@qRpA;Uou- zANn^g52wytGe0CN7tjXX zqMXBdQzQIeIQ~Vp-=qCc94dj*uT)v&ws7L2_~264r>6d>SXYtb{=f&VzneeP53;D) z95oco#|)9rQ5nuz>f!tB{jCr@fsKz5O1)2JKb{>HgD5paP*`Oans7`AtwO z>V8bQ_--{gF#Y~cOZE3?ht`!~1=J}nFaBEP-=zH2e(nm^Hj!S48WJ7{`}_Vwwtusc zUU9E-yi@}m7Wb;$9tY^$J37~zw+Sl~Ln{7)G+|krZPo;OkuH19!9#{{S{km~$$AF( z&dim%c&0AQDn6(RU#jBCg?Ci>IpU0{)XggUt;`6y--ly|nu{*cM{r-j`M z`SRIzIJudiKJVyYPD@9>X8g-*65M#8c~YAT#@NLFw7QYVUlix#bt&Y)lfd0P4cn}D z0ND9U&@})Q%!PX)7W;|aqR&*?PxVU^nl7EGODi7 zW0)-`E=)1u4PAugd{LRHPA?p==pGjrfUzCsQ9t#FkQZd4p4E%={j+ax@!cnV;1KQp zHs9klZ|-&W>&@|d>>Np6dEkyLk8FWR=+M%F;$YKB#4F&Qusdos%+qzl>ypk8XE4zD z22!;eNZKHX=}AjuP)a07tMhbgeH|KNNhKaG-uOX>8bi*ptU_35vP6LVmjx_bDsVAC zcT!i0@}kbk=F3KSX~bW>>3S#8vev3CF7?jupcFpY~c`mp{0a9F|2N%p=6ifAmaEdwf!^1zW^~4K5I5&&LLhS6~=<%$BK zsMGSWvln!(D9B!eiC3e>L zSnd~0i@g_Mkc?mF9WT;;?fl`~et&CC2y7Z@m{%j{zhQE03ObJh=Cmbx1)jxZ$l(^j z^TEZ+@_V9b75ilobS*BU?$hQySH16^t=@BY;f!CYzo~GWIu-Wd^zCY^ZEXq1n#1i% zUftq{oBR~6GM$Vk^p%cMjsKKRKaX-mghhh!0>%XM)W(%eKwy(aWhgusL_emGKb zlbfB7f+>Dyr$$J(i#2fa?`XJSj)4?xw!Ai9pTzjCw(;Q1MUSc=+ z_{6)At7v=x|7zY7LZ8%oV9J*0sSEQADkB#yMph0N4qEh(h}x-zM4hn>44_MWjACc1EW=R#k5r3U+J~^8Jfvt6 zDQv2gOO})CKnlxie+N5essY-ErOM4@cBo<=iO4`~!p)R2b>#BNVhkD|`wv<+(a^`epvg=BDvzC>A9r>X#asA|by zQ2!%OGy{)7QmO`Zn-046V5L<%b$9Y_Qq~3>2Mk_38B>>-6`xgsI7Ci66n#8NjpibG zuJ5i;plbJI`<3j3Z0W^v(*dn*Z4yl3Rsx$4)zg&ERMtbO7T^68|M|QuX#SCemu{-P zr&}=fiOE^$r;@Ih9z4PuiOD=uDffHK9|FBiDtOE{FZ!*iY-`fXq!>QpuDLntnwKkc zB>X3Ms?a45pz*1B!U5YBDN71)fP)eoLX#3-xYooXO5CF^G|`|_xlMuYp7oh>x2xP| zs<>U{|EA0~5FpL&%i6jE^rAgA6?7A&?hu-avmaKH4nZ#?qSlVQ>#-GJgG9nQI_^HoL`sYCX!nlAa_6ty#